diff --git a/.github/ISSUE_TEMPLATE/lgtm-com---false-positive.md b/.github/ISSUE_TEMPLATE/lgtm-com---false-positive.md
deleted file mode 100644
index 94a84906f24..00000000000
--- a/.github/ISSUE_TEMPLATE/lgtm-com---false-positive.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-name: LGTM.com - false positive
-about: Tell us about an alert that shouldn't be reported
-title: LGTM.com - false positive
-labels: false-positive
-assignees: ''
-
----
-
-**Description of the false positive**
-
-<!-- Please explain briefly why you think it shouldn't be included. -->
-
-**URL to the alert on the project page on LGTM.com**
-
-<!--
-1. Open the project on LGTM.com.
-For example, https://lgtm.com/projects/g/pallets/click/.
-2. Switch to the `Alerts` tab. For example, https://lgtm.com/projects/g/pallets/click/alerts/.
-3. Scroll to the alert that you would like to report.
-4. Click on the right most icon `View this alert within the complete file`.
-5. A new browser tab opens. Copy and paste the page URL here.
-For example, https://lgtm.com/projects/g/pallets/click/snapshot/719fb7d8322b0767cdd1e5903ba3eb3233ba8dd5/files/click/_winconsole.py#xa08d213ab3289f87:1.
--->
diff --git a/.github/ISSUE_TEMPLATE/ql---general.md b/.github/ISSUE_TEMPLATE/ql---general.md
index 1d5b7d244f6..f68574485c1 100644
--- a/.github/ISSUE_TEMPLATE/ql---general.md
+++ b/.github/ISSUE_TEMPLATE/ql---general.md
@@ -10,5 +10,5 @@ assignees: ''
 **Description of the issue**
 
 <!-- Please explain briefly what is the problem.
-If it is about an LGTM project, please include its URL.-->
+If it is about a GitHub project, please include its URL. -->
 
diff --git a/.github/ISSUE_TEMPLATE/ql--false-positive.md b/.github/ISSUE_TEMPLATE/ql--false-positive.md
new file mode 100644
index 00000000000..b80590a1832
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/ql--false-positive.md
@@ -0,0 +1,36 @@
+---
+name: CodeQL false positive
+about: Report CodeQL alerts that you think should not have been detected (not applicable, not exploitable, etc.)
+title: False positive
+labels: false-positive
+assignees: ''
+
+---
+
+**Description of the false positive**
+
+<!-- Please explain briefly why you think it shouldn't be included. -->
+
+**Code samples or links to source code**
+
+<!--
+For open source code: file links with line numbers on GitHub, for example:
+https://github.com/github/codeql/blob/dc440aaee6695deb0d9676b87e06ea984e1b4ae5/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js#L10
+
+For closed source code: (redacted) code samples that illustrate the problem, for example:
+
+```
+function execSh(command, options) {
+    return cp.spawn(getShell(), ["-c", command], options) // <- command line injection
+};
+```
+-->
+
+**URL to the alert on GitHub code scanning (optional)**
+
+<!--
+1. Open the project on GitHub.com.
+2. Switch to the `Security` tab.
+3. Browse to the alert that you would like to report.
+4. Copy and paste the page URL here.
+-->
diff --git a/.github/actions/cache-query-compilation/action.yml b/.github/actions/cache-query-compilation/action.yml
new file mode 100644
index 00000000000..95f25cbfc68
--- /dev/null
+++ b/.github/actions/cache-query-compilation/action.yml
@@ -0,0 +1,55 @@
+name: Cache query compilation
+description: Caches CodeQL compilation caches - should be run both on PRs and pushes to main.
+
+inputs:
+  key:
+    description: 'The cache key to use - should be unique to the workflow'
+    required: true
+
+outputs:
+  cache-dir:
+    description: "The directory where the cache was stored"
+    value: ${{ steps.fill-compilation-dir.outputs.compdir }}
+
+runs:
+  using: composite
+  steps:
+    # calculate the merge-base with main, in a way that works both on PRs and pushes to main.
+    - name: Calculate merge-base
+      shell: bash
+      if: ${{ github.event_name == 'pull_request' }}
+      env:
+        BASE_BRANCH: ${{ github.base_ref }}
+      run: |
+        MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
+        echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
+    - name: Restore read-only cache (PR)
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      with:
+        path: '**/.cache'
+        read-only: true
+        key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
+        restore-keys: |
+          codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
+          codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-
+          codeql-compile-${{ inputs.key }}-main-
+    - name: Fill cache (push)
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      with:
+        path: '**/.cache'
+        key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main
+        restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation.
+          codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-
+          codeql-compile-${{ inputs.key }}-main-
+    - name: Fill compilation cache directory
+      id: fill-compilation-dir
+      shell: bash
+      run: |
+        # Move all the existing cache into another folder, so we only preserve the cache for the current queries.
+        node $GITHUB_WORKSPACE/.github/actions/cache-query-compilation/move-caches.js ${COMBINED_CACHE_DIR}
+
+        echo "compdir=${COMBINED_CACHE_DIR}" >> $GITHUB_OUTPUT
+      env:
+        COMBINED_CACHE_DIR: ${{ runner.temp }}/compilation-dir
diff --git a/.github/actions/cache-query-compilation/move-caches.js b/.github/actions/cache-query-compilation/move-caches.js
new file mode 100644
index 00000000000..67fc503cdc0
--- /dev/null
+++ b/.github/actions/cache-query-compilation/move-caches.js
@@ -0,0 +1,75 @@
+// # Move all the existing cache into another folder, so we only preserve the cache for the current queries.
+// mkdir -p ${COMBINED_CACHE_DIR}
+// rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
+// # copy the contents of the .cache folders into the combined cache folder.
+// cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
+// # clean up the .cache folders
+// rm -rf **/.cache/*
+
+const fs = require("fs");
+const path = require("path");
+
+// the first argv is the cache folder to create.
+const COMBINED_CACHE_DIR = process.argv[2];
+
+function* walkCaches(dir) {
+  const files = fs.readdirSync(dir, { withFileTypes: true });
+  for (const file of files) {
+    if (file.isDirectory()) {
+      const filePath = path.join(dir, file.name);
+      yield* walkCaches(filePath);
+      if (file.name === ".cache") {
+        yield filePath;
+      }
+    }
+  }
+}
+
+async function copyDir(src, dest) {
+  for await (const file of await fs.promises.readdir(src, { withFileTypes: true })) {
+    const srcPath = path.join(src, file.name);
+    const destPath = path.join(dest, file.name);
+    if (file.isDirectory()) {
+      if (!fs.existsSync(destPath)) {
+        fs.mkdirSync(destPath);
+      }
+      await copyDir(srcPath, destPath);
+    } else {
+      await fs.promises.copyFile(srcPath, destPath);
+    }
+  }
+}
+
+async function main() {
+  const cacheDirs = [...walkCaches(".")];
+
+  for (const dir of cacheDirs) {
+    console.log(`Found .cache dir at ${dir}`);
+  }
+
+  // mkdir -p ${COMBINED_CACHE_DIR}
+  fs.mkdirSync(COMBINED_CACHE_DIR, { recursive: true });
+
+  // rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
+  await Promise.all(
+    cacheDirs.map((cacheDir) =>
+      (async function () {
+        await fs.promises.rm(path.join(cacheDir, "lock"), { force: true });
+        await fs.promises.rm(path.join(cacheDir, "size"), { force: true });
+      })()
+    )
+  );
+
+  // # copy the contents of the .cache folders into the combined cache folder.
+  // cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
+  await Promise.all(
+    cacheDirs.map((cacheDir) => copyDir(cacheDir, COMBINED_CACHE_DIR))
+  );
+
+  // # clean up the .cache folders
+  // rm -rf **/.cache/*
+  await Promise.all(
+    cacheDirs.map((cacheDir) => fs.promises.rm(cacheDir, { recursive: true }))
+  );
+}
+main();
diff --git a/.github/actions/find-latest-bundle/action.yml b/.github/actions/find-latest-bundle/action.yml
new file mode 100644
index 00000000000..59e16a6d3cb
--- /dev/null
+++ b/.github/actions/find-latest-bundle/action.yml
@@ -0,0 +1,26 @@
+name: Find Latest CodeQL Bundle
+description: Finds the URL of the latest released version of the CodeQL bundle.
+outputs:
+  url:
+    description: The download URL of the latest CodeQL bundle release
+    value: ${{ steps.find-latest.outputs.url }}
+runs:
+  using: composite
+  steps:
+    - name: Find Latest Release
+      id: find-latest
+      shell: pwsh
+      run: |
+        $Latest = gh release list --repo github/codeql-action --exclude-drafts --limit 1000 |
+          ForEach-Object { $C = $_ -split "`t"; return @{ type = $C[1]; tag = $C[2]; } } |
+          Where-Object { $_.type -eq 'Latest' }
+
+        $Tag = $Latest.tag
+        if ($Tag -eq '') {
+          throw 'Failed to find latest bundle release.'
+        }
+
+        Write-Output "Latest bundle tag is '${Tag}'."
+        "url=https://github.com/github/codeql-action/releases/download/${Tag}/codeql-bundle-linux64.tar.gz" >> $env:GITHUB_OUTPUT
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/atm-check-query-suite.yml b/.github/workflows/atm-check-query-suite.yml
index 7317746fe62..ed93a6f8f2f 100644
--- a/.github/workflows/atm-check-query-suite.yml
+++ b/.github/workflows/atm-check-query-suite.yml
@@ -13,7 +13,7 @@ on:
 
 jobs:
   atm-check-query-suite:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
 
     steps:
       - uses: actions/checkout@v3
@@ -23,6 +23,12 @@ jobs:
         with:
           channel: release
 
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: atm-suite
+
       - name: Install ATM model
         run: |
           set -exu
@@ -50,10 +56,13 @@ jobs:
           echo "SARIF_PATH=${SARIF_PATH}" >> "${GITHUB_ENV}"
 
           codeql database analyze \
+            --threads=0 \
+            --ram 50000 \
             --format sarif-latest \
             --output "${SARIF_PATH}" \
             --sarif-group-rules-by-pack \
             -vv \
+            --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
             -- \
             "${DB_PATH}" \
             "${QUERY_PACK}/${QUERY_SUITE}"
diff --git a/.github/workflows/check-query-ids.yml b/.github/workflows/check-query-ids.yml
new file mode 100644
index 00000000000..9ce9ed5ba85
--- /dev/null
+++ b/.github/workflows/check-query-ids.yml
@@ -0,0 +1,21 @@
+name: Check query IDs
+
+on:
+  pull_request:
+    paths:
+      - "**/src/**/*.ql"
+      - misc/scripts/check-query-ids.py
+      - .github/workflows/check-query-ids.yml
+    branches:
+      - main
+      - "rc/*"
+  workflow_dispatch:
+
+jobs:
+  check:
+    name: Check query IDs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Check for duplicate query IDs
+        run: python3 misc/scripts/check-query-ids.py
diff --git a/.github/workflows/compile-queries.yml b/.github/workflows/compile-queries.yml
index 73d1e5ac2cc..96d8e4cc30b 100644
--- a/.github/workflows/compile-queries.yml
+++ b/.github/workflows/compile-queries.yml
@@ -14,46 +14,24 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      # calculate the merge-base with main, in a way that works both on PRs and pushes to main. 
-      - name: Calculate merge-base
-        if: ${{ github.event_name == 'pull_request' }}
-        env:
-          BASE_BRANCH: ${{ github.base_ref }}
-        run: |
-          MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
-          echo "merge-base=$MERGE_BASE" >> $GITHUB_ENV
-      - name: Read CodeQL query compilation - PR
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: actions/cache@v3
-        with:
-          path: '*/ql/src/.cache'
-          key: codeql-compile-pr-${{ github.sha }} # deliberately not using the `compile-compile-main` keys here.
-          restore-keys: |
-            codeql-compile-${{ github.base_ref }}-${{ env.merge-base }}
-            codeql-compile-${{ github.base_ref }}-
-            codeql-compile-main-
-      - name: Fill CodeQL query compilation cache - main
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: actions/cache@v3
-        with:
-          path: '*/ql/src/.cache'
-          key: codeql-compile-${{ github.ref_name }}-${{ github.sha }} # just fill on main
-          restore-keys: | # restore from another random commit, to speed up compilation.
-            codeql-compile-${{ github.ref_name }}- 
-            codeql-compile-main-
       - name: Setup CodeQL
         uses: ./.github/actions/fetch-codeql
         with:
           channel: 'release'
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: all-queries
       - name: check formatting
-        run: codeql query format */ql/{src,lib,test}/**/*.{qll,ql} --check-only
+        run: find */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 codeql query format --check-only
       - name: compile queries - check-only
         # run with --check-only if running in a PR (github.sha != main)
         if : ${{ github.event_name == 'pull_request' }}
         shell: bash
-        run: codeql query compile -j0 */ql/src --keep-going --warnings=error --check-only
+        run: codeql query compile -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
       - name: compile queries - full
         # do full compile if running on main - this populates the cache
         if : ${{ github.event_name != 'pull_request' }}
         shell: bash
-        run: codeql query compile -j0 */ql/src --keep-going --warnings=error
\ No newline at end of file
+        run: codeql query compile -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
diff --git a/.github/workflows/csharp-qltest.yml b/.github/workflows/csharp-qltest.yml
new file mode 100644
index 00000000000..b9bbf930add
--- /dev/null
+++ b/.github/workflows/csharp-qltest.yml
@@ -0,0 +1,86 @@
+name: "C#: Run QL Tests"
+
+on:
+  push:
+    paths:
+      - "csharp/**"
+      - "shared/**"
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+      - "rc/*"
+  pull_request:
+    paths:
+      - "csharp/**"
+      - "shared/**"
+      - .github/workflows/csharp-qltest.yml
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+      - "rc/*"
+
+defaults:
+  run:
+    working-directory: csharp
+
+jobs:
+  qlupgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/fetch-codeql
+      - name: Check DB upgrade scripts
+        run: |
+          echo >empty.trap
+          codeql dataset import -S ql/lib/upgrades/initial/semmlecode.csharp.dbscheme testdb empty.trap
+          codeql dataset upgrade testdb --additional-packs ql/lib
+          diff -q testdb/semmlecode.csharp.dbscheme ql/lib/semmlecode.csharp.dbscheme
+      - name: Check DB downgrade scripts
+        run: |
+          echo >empty.trap
+          rm -rf testdb; codeql dataset import -S ql/lib/semmlecode.csharp.dbscheme testdb empty.trap
+          codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
+           --dbscheme=ql/lib/semmlecode.csharp.dbscheme --target-dbscheme=downgrades/initial/semmlecode.csharp.dbscheme |
+           xargs codeql execute upgrades testdb
+          diff -q testdb/semmlecode.csharp.dbscheme downgrades/initial/semmlecode.csharp.dbscheme
+  qltest:
+    runs-on: ubuntu-latest-xl
+    strategy:
+      fail-fast: false
+      matrix:
+        slice: ["1/2", "2/2"]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/fetch-codeql
+      - uses: ./csharp/actions/create-extractor-pack
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: csharp-qltest-${{ matrix.slice }}
+      - name: Run QL tests
+        run: |
+          CODEQL_PATH=$(gh codeql version --format=json | jq -r .unpackedLocation)
+          # The legacy ASP extractor is not in this repo, so take the one from the nightly build
+          mv "$CODEQL_PATH/csharp/tools/extractor-asp.jar" "${{ github.workspace }}/csharp/extractor-pack/tools"
+          # Safe guard against using the bundled extractor
+          rm -rf "$CODEQL_PATH/csharp"
+          codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}/csharp/extractor-pack" --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: 6.0.202
+      - name: Extractor unit tests
+        run: |
+          dotnet test -p:RuntimeFrameworkVersion=6.0.4 "${{ github.workspace }}/csharp/extractor/Semmle.Util.Tests"
+          dotnet test -p:RuntimeFrameworkVersion=6.0.4 "${{ github.workspace }}/csharp/extractor/Semmle.Extraction.Tests"
+          dotnet test -p:RuntimeFrameworkVersion=6.0.4 "${{ github.workspace }}/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests"
+          dotnet test -p:RuntimeFrameworkVersion=6.0.4 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
diff --git a/.github/workflows/go-tests-other-os.yml b/.github/workflows/go-tests-other-os.yml
new file mode 100644
index 00000000000..edf6eb63d49
--- /dev/null
+++ b/.github/workflows/go-tests-other-os.yml
@@ -0,0 +1,80 @@
+name: "Go: Run Tests - Other OS"
+on:
+  pull_request:
+    paths:
+      - "go/**"
+      - "!go/ql/**" # don't run other-os if only ql/ files changed
+      - .github/workflows/go-tests-other-os.yml
+      - .github/actions/**
+      - codeql-workspace.yml
+jobs:
+  test-mac:
+    name: Test MacOS
+    runs-on: macos-latest
+    steps:
+      - name: Set up Go 1.19
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+        id: go
+
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
+
+  test-win:
+    name: Test Windows
+    runs-on: windows-latest-xl
+    steps:
+      - name: Set up Go 1.19
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+        id: go
+
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 3cc61eafa5c..eceabb0410a 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -1,15 +1,24 @@
 name: "Go: Run Tests"
 on:
+  push:
+    paths:
+      - "go/**"
+      - .github/workflows/go-tests.yml
+      - .github/actions/**
+      - codeql-workspace.yml
+    branches:
+      - main
+      - "rc/*"
   pull_request:
     paths:
       - "go/**"
       - .github/workflows/go-tests.yml
-      - .github/actions/fetch-codeql/action.yml
+      - .github/actions/**
       - codeql-workspace.yml
 jobs:
   test-linux:
     name: Test Linux (Ubuntu)
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
     steps:
       - name: Set up Go 1.19
         uses: actions/setup-go@v3
@@ -32,7 +41,7 @@ jobs:
           cd go
           make
 
-      - name: Check that all QL and Go code is autoformatted
+      - name: Check that all Go code is autoformatted
         run: |
           cd go
           make check-formatting
@@ -48,67 +57,13 @@ jobs:
           name: qhelp-markdown
           path: go/qhelp-out/**/*.md
 
-      - name: Test
-        run: |
-          cd go
-          make test
-
-  test-mac:
-    name: Test MacOS
-    runs-on: macos-latest
-    steps:
-      - name: Set up Go 1.19
-        uses: actions/setup-go@v3
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
         with:
-          go-version: 1.19
-        id: go
-
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Set up CodeQL CLI
-        uses: ./.github/actions/fetch-codeql
-
-      - name: Enable problem matchers in repository
-        shell: bash
-        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-      - name: Build
-        run: |
-          cd go
-          make
+          key: go-qltest
 
       - name: Test
         run: |
           cd go
-          make test
-
-  test-win:
-    name: Test Windows
-    runs-on: windows-2019
-    steps:
-      - name: Set up Go 1.19
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.19
-        id: go
-
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Set up CodeQL CLI
-        uses: ./.github/actions/fetch-codeql
-
-      - name: Enable problem matchers in repository
-        shell: bash
-        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-      - name: Build
-        run: |
-          cd go
-          make
-
-      - name: Test
-        run: |
-          cd go
-          make test
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
diff --git a/.github/workflows/js-ml-tests.yml b/.github/workflows/js-ml-tests.yml
index c932432530b..90cb5691126 100644
--- a/.github/workflows/js-ml-tests.yml
+++ b/.github/workflows/js-ml-tests.yml
@@ -23,22 +23,9 @@ defaults:
     working-directory: javascript/ql/experimental/adaptivethreatmodeling
 
 jobs:
-  qlformat:
-    name: Check QL formatting
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - name: Check QL formatting
-        run: |
-          find . "(" -name "*.ql" -or -name "*.qll" ")" -print0 | \
-            xargs -0 codeql query format --check-only
-
-  qlcompile:
-    name: Check QL compilation
-    runs-on: ubuntu-latest
+  qltest:
+    name: Test QL
+    runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v3
 
@@ -46,36 +33,33 @@ jobs:
 
       - name: Install pack dependencies
         run: |
-          for pack in modelbuilding src; do
+          for pack in modelbuilding src test; do
             codeql pack install --mode verify -- "${pack}"
           done
+      
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: js-ml-test
 
       - name: Check QL compilation
         run: |
           codeql query compile \
             --check-only \
-            --ram 5120 \
+            --ram 50000 \
             --additional-packs "${{ github.workspace }}" \
             --threads=0 \
+            --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
             -- \
             lib modelbuilding src
 
-  qltest:
-    name: Run QL tests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - name: Install pack dependencies
-        run: codeql pack install -- test
-
       - name: Run QL tests
         run: |
           codeql test run \
             --threads=0 \
-            --ram 5120 \
+            --ram 50000 \
             --additional-packs "${{ github.workspace }}" \
+            --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
             -- \
-            test
+            test
\ No newline at end of file
diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml
index 04e5f486866..586b1576bd6 100644
--- a/.github/workflows/mad_modelDiff.yml
+++ b/.github/workflows/mad_modelDiff.yml
@@ -61,8 +61,8 @@ jobs:
             DATABASE=$2
             cd codeql-$QL_VARIANT
             SHORTNAME=`basename $DATABASE`
-            python java/ql/src/utils/model-generator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $MODELS/${SHORTNAME}.qll
-            mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.qll
+            python java/ql/src/utils/model-generator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE ${SHORTNAME}.temp.model.yml
+            mv java/ql/lib/ext/generated/${SHORTNAME}.temp.model.yml $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.model.yml
             cd ..
           }
 
@@ -85,16 +85,16 @@ jobs:
           set -x
           MODELS=`pwd`/tmp-models
           ls -1 tmp-models/
-          for m in $MODELS/*_main.qll ; do
+          for m in $MODELS/*_main.model.yml ; do
             t="${m/main/"pr"}"
             basename=`basename $m`
-            name="diff_${basename/_main.qll/""}"
+            name="diff_${basename/_main.model.yml/""}"
             (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
           done
       - uses: actions/upload-artifact@v3
         with:
           name: models
-          path: tmp-models/*.qll
+          path: tmp-models/*.model.yml
           retention-days: 20
       - uses: actions/upload-artifact@v3
         with:
diff --git a/.github/workflows/mad_regenerate-models.yml b/.github/workflows/mad_regenerate-models.yml
index 0abc8936911..d92e3652d5c 100644
--- a/.github/workflows/mad_regenerate-models.yml
+++ b/.github/workflows/mad_regenerate-models.yml
@@ -53,7 +53,7 @@ jobs:
           java/ql/src/utils/model-generator/RegenerateModels.py "${SLUG}" dbs/${SHORTNAME}
       - name: Stage changes
         run: |
-          find java -name "*.qll" -print0 | xargs -0 git add
+          find java -name "*.model.yml" -print0 | xargs -0 git add
           git status
           git diff --cached > models.patch
       - uses: actions/upload-artifact@v3
diff --git a/.github/workflows/ql-for-ql-build.yml b/.github/workflows/ql-for-ql-build.yml
index 701dc4d612c..29b8bc16300 100644
--- a/.github/workflows/ql-for-ql-build.yml
+++ b/.github/workflows/ql-for-ql-build.yml
@@ -22,11 +22,15 @@ jobs:
     steps:
       ### Build the queries ###
       - uses: actions/checkout@v3
+      - name: Find latest bundle
+        id: find-latest-bundle
+        uses: ./.github/actions/find-latest-bundle
       - name: Find codeql
         id: find-codeql
         uses: github/codeql-action/init@77a8d2d10c0b403a8b4aadbd223dc489ecd22683
         with:
           languages: javascript # does not matter
+          tools: ${{ steps.find-latest-bundle.outputs.url }}
       - name: Get CodeQL version
         id: get-codeql-version
         run: |
@@ -138,6 +142,7 @@ jobs:
           languages: ql
           db-location: ${{ runner.temp }}/db
           config-file: ./ql-for-ql-config.yml
+          tools: ${{ steps.find-latest-bundle.outputs.url }}
       - name: Move pack cache
         run: |
           cp -r ${PACK}/.cache ql/ql/src/.cache
diff --git a/.github/workflows/ql-for-ql-tests.yml b/.github/workflows/ql-for-ql-tests.yml
index b820d00a3e4..ce7963e8f79 100644
--- a/.github/workflows/ql-for-ql-tests.yml
+++ b/.github/workflows/ql-for-ql-tests.yml
@@ -47,8 +47,3 @@ jobs:
           find ql/ql/src "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL compilation
-        run: |
-          "${CODEQL}" query compile --check-only --threads=4 --warnings=error --search-path "${{ github.workspace }}/ql/extractor-pack" "ql/ql/src" "ql/ql/examples"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
diff --git a/.github/workflows/ruby-build.yml b/.github/workflows/ruby-build.yml
index f7ec215a44a..f561af9c13b 100644
--- a/.github/workflows/ruby-build.yml
+++ b/.github/workflows/ruby-build.yml
@@ -48,7 +48,19 @@ jobs:
         run: |
           brew install gnu-tar
           echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
+      - name: Cache entire extractor
+        uses: actions/cache@v3
+        id: cache-extractor
+        with:
+          path: |
+            ruby/target/release/ruby-autobuilder
+            ruby/target/release/ruby-autobuilder.exe
+            ruby/target/release/ruby-extractor
+            ruby/target/release/ruby-extractor.exe
+            ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
+          key: ${{ runner.os }}-ruby-extractor-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}--${{ hashFiles('ruby/**/*.rs') }}
       - uses: actions/cache@v3
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
         with:
           path: |
             ~/.cargo/registry
@@ -56,15 +68,19 @@ jobs:
             ruby/target
           key: ${{ runner.os }}-ruby-rust-cargo-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}
       - name: Check formatting
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: cargo fmt --all -- --check
       - name: Build
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: cargo build --verbose
       - name: Run tests
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: cargo test --verbose
       - name: Release build
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: cargo build --release
       - name: Generate dbscheme
-        if: ${{ matrix.os == 'ubuntu-latest' }}
+        if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}}
         run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
       - uses: actions/upload-artifact@v3
         if: ${{ matrix.os == 'ubuntu-latest' }}
@@ -86,19 +102,24 @@ jobs:
             ruby/target/release/ruby-extractor.exe
           retention-days: 1
   compile-queries:
-    runs-on: ubuntu-latest
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
+    runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v3
       - name: Fetch CodeQL
         uses: ./.github/actions/fetch-codeql
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: ruby-build
       - name: Build Query Pack
         run: |
+          rm -rf target/packs
           codeql pack create ../shared/ssa --output target/packs
           codeql pack create ../misc/suite-helpers --output target/packs
+          codeql pack create ../shared/regex --output target/packs
           codeql pack create ql/lib --output target/packs
-          codeql pack create ql/src --output target/packs
+          codeql pack create -j0 ql/src --output target/packs --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
           PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
           codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
           (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
diff --git a/.github/workflows/ruby-qltest.yml b/.github/workflows/ruby-qltest.yml
index 97235b722ba..370375cea93 100644
--- a/.github/workflows/ruby-qltest.yml
+++ b/.github/workflows/ruby-qltest.yml
@@ -4,7 +4,7 @@ on:
   push:
     paths:
       - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
+      - .github/workflows/ruby-build.yml
       - .github/actions/fetch-codeql/action.yml
       - codeql-workspace.yml
     branches:
@@ -28,23 +28,6 @@ defaults:
     working-directory: ruby
 
 jobs:
-  qlformat:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check QL formatting
-        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
-  qlcompile:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check QL compilation
-        run: |
-          codeql query compile --check-only --threads=0 --ram 5000 --warnings=error "ql/src" "ql/examples"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
   qlupgrade:
     runs-on: ubuntu-latest
     steps:
@@ -65,17 +48,20 @@ jobs:
            xargs codeql execute upgrades testdb
           diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
   qltest:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
     strategy:
       fail-fast: false
-      matrix:
-        slice: ["1/2", "2/2"]
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/fetch-codeql
       - uses: ./ruby/actions/create-extractor-pack
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: ruby-qltest
       - name: Run QL tests
         run: |
-          codeql test run --threads=0 --ram 5000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
+          codeql test run --threads=0 --ram 50000 --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml
index 873b94d2118..de0f11f0521 100644
--- a/.github/workflows/swift.yml
+++ b/.github/workflows/swift.yml
@@ -7,95 +7,77 @@ on:
       - "misc/bazel/**"
       - "*.bazel*"
       - .github/workflows/swift.yml
-      - .github/actions/fetch-codeql/action.yml
+      - .github/actions/**
       - codeql-workspace.yml
       - .pre-commit-config.yaml
       - "!**/*.md"
       - "!**/*.qhelp"
     branches:
       - main
+      - rc/*
+  push:
+    paths:
+      - "swift/**"
+      - "misc/bazel/**"
+      - "*.bazel*"
+      - .github/workflows/swift.yml
+      - .github/actions/**
+      - codeql-workspace.yml
+      - "!**/*.md"
+      - "!**/*.qhelp"
+    branches:
+      - main
+      - rc/*
 
 jobs:
-  changes:
-    runs-on: ubuntu-latest
-    outputs:
-      codegen: ${{ steps.filter.outputs.codegen }}
-      ql: ${{ steps.filter.outputs.ql }}
-    steps:
-      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
-        id: filter
-        with:
-          filters: |
-            codegen:
-              - 'github/workflows/swift.yml'
-              - "misc/bazel/**"
-              - "*.bazel*"
-              - 'swift/actions/setup-env/**'
-              - '.pre-commit-config.yaml'
-              - 'swift/codegen/**'
-              - 'swift/schema.py'
-              - 'swift/**/*.dbscheme'
-              - 'swift/ql/lib/codeql/swift/elements.qll'
-              - 'swift/ql/lib/codeql/swift/elements/**'
-              - 'swift/ql/lib/codeql/swift/generated/**'
-              - 'swift/ql/test/extractor-tests/generated/**'
-            ql:
-              - 'github/workflows/swift.yml'
-              - 'swift/**/*.ql'
-              - 'swift/**/*.qll'
   # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
   # without waiting for the macOS build
   build-and-test-macos:
     runs-on: macos-12-xl
     steps:
       - uses: actions/checkout@v3
-      - uses: ./swift/actions/create-extractor-pack
-      - uses: ./swift/actions/run-quick-tests
-      - uses: ./swift/actions/print-unextracted
+      - uses: ./swift/actions/build-and-test
   build-and-test-linux:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v3
-      - uses: ./swift/actions/create-extractor-pack
-      - uses: ./swift/actions/run-quick-tests
-      - uses: ./swift/actions/print-unextracted
+      - uses: ./swift/actions/build-and-test
   qltests-linux:
     needs: build-and-test-linux
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/run-ql-tests
   qltests-macos:
+    if : ${{ github.event_name == 'pull_request' }}
     needs: build-and-test-macos
     runs-on: macos-12-xl
-    strategy:
-      fail-fast: false
-      matrix:
-        slice: ["1/2", "2/2"]
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/run-ql-tests
-        with:
-          flags: --slice ${{ matrix.slice }}
   integration-tests-linux:
     needs: build-and-test-linux
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/run-integration-tests
   integration-tests-macos:
+    if : ${{ github.event_name == 'pull_request' }}
     needs: build-and-test-macos
     runs-on: macos-12-xl
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/run-integration-tests
   codegen:
+    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
-    needs: changes
-    if: ${{ needs.changes.outputs.codegen == 'true' }}
     steps:
       - uses: actions/checkout@v3
-      - uses: ./swift/actions/setup-env
+      - uses: bazelbuild/setup-bazelisk@v2
+      - uses: actions/setup-python@v4
+        with:
+          python-version-file: 'swift/.python-version'
       - uses: pre-commit/action@v3.0.0
         name: Check that python code is properly formatted
         with:
@@ -111,13 +93,11 @@ jobs:
       - uses: actions/upload-artifact@v3
         with:
           name: swift-generated-cpp-files
-          path: swift/generated-cpp-files/**
-  qlformat:
+          path: generated-cpp-files/**
+  database-upgrade-scripts:
+    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
-    needs: changes
-    if: ${{ needs.changes.outputs.ql == 'true' }}
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/fetch-codeql
-      - name: Check QL formatting
-        run: find swift/ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
+      - uses: ./swift/actions/database-upgrade-scripts
diff --git a/.gitignore b/.gitignore
index 7b8532b00d2..c81e23fc7f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,8 +27,6 @@
 # It's useful (though not required) to be able to unpack codeql in the ql checkout itself
 /codeql/
 
-csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
-
 # Avoid committing cached package components
 .codeql
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 50a6adf80d9..5f35c2c183b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,7 +19,7 @@ repos:
     rev: v1.6.0
     hooks:
       - id: autopep8
-        files: ^swift/codegen/.*\.py
+        files: ^swift/.*\.py
 
   - repo: local
     hooks:
@@ -44,7 +44,7 @@ repos:
 
       - id: swift-codegen
         name: Run Swift checked in code generation
-        files: ^swift/(codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements))
+        files: ^swift/(schema.py$|codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements)|ql/\.generated.list)
         language: system
         entry: bazel run //swift/codegen -- --quiet
         pass_filenames: false
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 8b22c91bb77..1050c79b825 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,3 +1,5 @@
 {
-    "omnisharp.autoStart": false
+  "omnisharp.autoStart": false,
+  "cmake.sourceDirectory": "${workspaceFolder}/swift",
+  "cmake.buildDirectory": "${workspaceFolder}/bazel-cmake-build"
 }
diff --git a/CODEOWNERS b/CODEOWNERS
index a18b6a51305..42fb364418f 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -5,20 +5,13 @@
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
 /ruby/ @github/codeql-ruby
-/swift/ @github/codeql-c
+/swift/ @github/codeql-swift
 /java/kotlin-extractor/ @github/codeql-kotlin
 /java/kotlin-explorer/ @github/codeql-kotlin
 
 # ML-powered queries
 /javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
 
-# Notify members of codeql-go about PRs to the shared data-flow library files
-/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
-/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @github/codeql-java @github/codeql-go
-/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
-/java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
-/java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
-
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
 /docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
@@ -45,4 +38,4 @@ WORKSPACE.bazel @github/codeql-ci-reviewers
 /.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
-/.github/workflows/swift-* @github/codeql-c
+/.github/workflows/swift.yml @github/codeql-swift
diff --git a/codeql-workspace.yml b/codeql-workspace.yml
index f93ed4ac5c8..c2258bd1363 100644
--- a/codeql-workspace.yml
+++ b/codeql-workspace.yml
@@ -25,7 +25,8 @@ provide:
   - "misc/suite-helpers/qlpack.yml"
   - "ruby/extractor-pack/codeql-extractor.yml"
   - "swift/extractor-pack/codeql-extractor.yml"
-  - "ql/extractor-pack/codeql-extractor.ym"
+  - "swift/integration-tests/qlpack.yml"
+  - "ql/extractor-pack/codeql-extractor.yml"
 
 versionPolicies:
   default:
diff --git a/config/identical-files.json b/config/identical-files.json
index f5ad906f340..afef0a923d5 100644
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -1,5 +1,5 @@
 {
-  "DataFlow Java/C++/C#/Python": [
+  "DataFlow Java/C++/C#/Go/Python/Ruby/Swift": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll",
@@ -27,6 +27,8 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
@@ -38,17 +40,18 @@
     "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll"
   ],
-  "DataFlow Java/C++/C#/Python Common": [
+  "DataFlow Java/C++/C#/Go/Python/Ruby/Swift Common": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll"
   ],
-  "TaintTracking::Configuration Java/C++/C#/Python": [
+  "TaintTracking::Configuration Java/C++/C#/Go/Python/Ruby/Swift": [
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -62,6 +65,8 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
@@ -72,7 +77,7 @@
     "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
   ],
-  "DataFlow Java/C++/C#/Python Consistency checks": [
+  "DataFlow Java/C++/C#/Python/Ruby/Swift Consistency checks": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
@@ -82,9 +87,10 @@
     "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll"
   ],
-  "DataFlow Java/C#/Ruby/Python/Swift Flow Summaries": [
+  "DataFlow Java/C#/Go/Ruby/Python/Swift Flow Summaries": [
     "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll"
@@ -464,6 +470,10 @@
     "javascript/ql/src/Comments/CommentedOutCodeReferences.inc.qhelp",
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
+  "ThreadResourceAbuse qhelp": [
+    "java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
+    "java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
+  ],
   "IDE Contextual Queries": [
     "cpp/ql/lib/IDEContextual.qll",
     "csharp/ql/lib/IDEContextual.qll",
@@ -486,40 +496,6 @@
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
     "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
   ],
-  "ReDoS Util Python/JS/Ruby/Java": [
-    "javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll",
-    "python/ql/lib/semmle/python/security/regexp/NfaUtils.qll",
-    "ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll",
-    "java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll"
-  ],
-  "ReDoS Exponential Python/JS/Ruby/Java": [
-    "javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll",
-    "python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll",
-    "java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll"
-  ],
-  "ReDoS Polynomial Python/JS/Ruby/Java": [
-    "javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll",
-    "python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll",
-    "java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll"
-  ],
-  "RegexpMatching Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll",
-    "python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll",
-    "ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll"
-  ],
-  "BadTagFilterQuery Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
-    "python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
-  ],
-  "OverlyLargeRange Python/JS/Ruby/Java": [
-    "javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll",
-    "python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll",
-    "java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll"
-  ],
   "CFG": [
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
     "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll",
@@ -539,6 +515,7 @@
   ],
   "AccessPathSyntax": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
+    "go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll",
@@ -554,16 +531,16 @@
     "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
     "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
   ],
-  "Hostname Regexp queries": [
-    "javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "python/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll"
-  ],
   "ApiGraphModels": [
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
     "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",
     "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll"
   ],
+  "ApiGraphModelsExtensions": [
+    "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll",
+    "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
+    "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
+  ],
   "TaintedFormatStringQuery Ruby/JS": [
     "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
     "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
@@ -607,5 +584,9 @@
   "IncompleteMultiCharacterSanitization JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationQuery.qll",
     "ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll"
+  ],
+  "EncryptionKeySizes Python/Java": [
+    "python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
+    "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
   ]
 }
diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
index 76acba2eee4..def45890c9f 100644
--- a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
+++ b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
@@ -257,11 +257,11 @@ namespace Semmle.Autobuild.Cpp.Tests
             Actions.GetCurrentDirectory = cwd;
             Actions.IsWindows = isWindows;
 
-            var options = new AutobuildOptions(Actions, Language.Cpp);
+            var options = new CppAutobuildOptions(Actions);
             return new CppAutobuilder(Actions, options);
         }
 
-        void TestAutobuilderScript(Autobuilder autobuilder, int expectedOutput, int commandsRun)
+        void TestAutobuilderScript(CppAutobuilder autobuilder, int expectedOutput, int commandsRun)
         {
             Assert.Equal(expectedOutput, autobuilder.GetBuildScript().Run(Actions, StartCallback, EndCallback));
 
@@ -299,7 +299,7 @@ namespace Semmle.Autobuild.Cpp.Tests
         {
             Actions.RunProcess[@"cmd.exe /C nuget restore C:\Project\test.sln -DisableParallelProcessing"] = 1;
             Actions.RunProcess[@"cmd.exe /C C:\Project\.nuget\nuget.exe restore C:\Project\test.sln -DisableParallelProcessing"] = 0;
-            Actions.RunProcess[@"cmd.exe /C CALL ^""C:\Program Files ^(x86^)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat^"" && set Platform=&& type NUL && C:\odasa\tools\odasa index --auto msbuild C:\Project\test.sln /t:rebuild /p:Platform=""x86"" /p:Configuration=""Release"" /p:MvcBuildViews=true"] = 0;
+            Actions.RunProcess[@"cmd.exe /C CALL ^""C:\Program Files ^(x86^)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat^"" && set Platform=&& type NUL && msbuild C:\Project\test.sln /t:rebuild /p:Platform=""x86"" /p:Configuration=""Release"""] = 0;
             Actions.RunProcessOut[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = "";
             Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = 1;
             Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationVersion"] = 0;
diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj
index dc1d945521b..421ffdd96f4 100644
--- a/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj
+++ b/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj
@@ -11,11 +11,12 @@
   <ItemGroup>
     <PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="xunit" Version="2.4.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+    <PackageReference Include="xunit" Version="2.4.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs b/cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs
index 44c34656a2a..1503dedb376 100644
--- a/cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs
+++ b/cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs
@@ -2,9 +2,26 @@
 
 namespace Semmle.Autobuild.Cpp
 {
-    public class CppAutobuilder : Autobuilder
+    /// <summary>
+    /// Encapsulates C++ build options.
+    /// </summary>
+    public class CppAutobuildOptions : AutobuildOptionsShared
     {
-        public CppAutobuilder(IBuildActions actions, AutobuildOptions options) : base(actions, options) { }
+        public override Language Language => Language.Cpp;
+
+
+        /// <summary>
+        /// Reads options from environment variables.
+        /// Throws ArgumentOutOfRangeException for invalid arguments.
+        /// </summary>
+        public CppAutobuildOptions(IBuildActions actions) : base(actions)
+        {
+        }
+    }
+
+    public class CppAutobuilder : Autobuilder<CppAutobuildOptions>
+    {
+        public CppAutobuilder(IBuildActions actions, CppAutobuildOptions options) : base(actions, options) { }
 
         public override BuildScript GetBuildScript()
         {
diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs b/cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs
index 3f4627c53d5..a7556197bcd 100644
--- a/cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs
+++ b/cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs
@@ -11,14 +11,14 @@ namespace Semmle.Autobuild.Cpp
             try
             {
                 var actions = SystemBuildActions.Instance;
-                var options = new AutobuildOptions(actions, Language.Cpp);
+                var options = new CppAutobuildOptions(actions);
                 try
                 {
                     Console.WriteLine("CodeQL C++ autobuilder");
                     var builder = new CppAutobuilder(actions, options);
                     return builder.AttemptBuild();
                 }
-                catch(InvalidEnvironmentException ex)
+                catch (InvalidEnvironmentException ex)
                 {
                     Console.WriteLine("The environment is invalid: {0}", ex.Message);
                 }
diff --git a/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj b/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj
index e417622707a..393d4141ab9 100644
--- a/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj
+++ b/cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Build" Version="16.11.0" />
+    <PackageReference Include="Microsoft.Build" Version="17.3.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
index 0a7a31b8db9..6fa6f76aabd 100644
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+No user-facing changes.
+
 ## 0.4.3
 
 ### Minor Analysis Improvements
diff --git a/cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md b/cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md
new file mode 100644
index 00000000000..eb6bd755c2b
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-11-14-deprecate-ast-gvn.md
@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+
+
+* Deprecated `semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl`. Use `semmle.code.cpp.valuenumbering.GlobalValueNumbering`, which exposes the same API.
\ No newline at end of file
diff --git a/cpp/ql/lib/change-notes/2022-11-16-must-flow.md b/cpp/ql/lib/change-notes/2022-11-16-must-flow.md
new file mode 100644
index 00000000000..0f87b8d8bcd
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-11-16-must-flow.md
@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+The predicates in the `MustFlow::Configuration` class used by the `MustFlow` library (`semmle.code.cpp.ir.dataflow.MustFlow`) have changed to be defined directly in terms of the C++ IR instead of IR dataflow nodes.
diff --git a/cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md b/cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md
new file mode 100644
index 00000000000..bf2d5a07de6
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `getName` and `getShortName` predicates from the `Folder` class.
\ No newline at end of file
diff --git a/cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md b/cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md
new file mode 100644
index 00000000000..54d10d592d6
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-11-25-deprecate-default-taint-tracking.md
@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+
+* Deprecated `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
+* Deprecated `semmle.code.cpp.security.TaintTrackingImpl`. Use `semmle.code.cpp.ir.dataflow.TaintTracking`.
diff --git a/cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md b/cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md
new file mode 100644
index 00000000000..6d1a6499ee9
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-getaddrinfo-dataflow.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `getaddrinfo` function is now recognized as a flow source.
diff --git a/cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md b/cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md
new file mode 100644
index 00000000000..c91d549ec8a
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-getenv-variants.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `secure_getenv` and `_wgetenv` functions are now recognized as local flow sources.
diff --git a/cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md b/cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md
new file mode 100644
index 00000000000..f8382f84c0f
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-12-08-support-scanf-dataflow.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `scanf` and `fscanf` functions and their variants are now recognized as flow sources.
diff --git a/cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md b/cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md
new file mode 100644
index 00000000000..76fda20ec61
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-12-09-generalize-argv-source.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `ArgvSource` flow source has been generalized to handle cases where the argument vector of `main` is not named `argv`.
diff --git a/cpp/ql/lib/change-notes/released/0.4.4.md b/cpp/ql/lib/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..33e1c91255d
--- /dev/null
+++ b/cpp/ql/lib/change-notes/released/0.4.4.md
@@ -0,0 +1,3 @@
+## 0.4.4
+
+No user-facing changes.
diff --git a/cpp/ql/lib/change-notes/released/0.4.5.md b/cpp/ql/lib/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/cpp/ql/lib/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/cpp/ql/lib/change-notes/released/0.4.6.md b/cpp/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/cpp/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/cpp/ql/lib/definitions.qll b/cpp/ql/lib/definitions.qll
index cb229d66ef1..e4a2aca98f6 100644
--- a/cpp/ql/lib/definitions.qll
+++ b/cpp/ql/lib/definitions.qll
@@ -12,8 +12,8 @@ import IDEContextual
  *
  * In some cases it is preferable to modify locations (the
  * `hasLocationInfo()` predicate) so that they are short, and
- * non-overlapping with other locations that might be highlighted in
- * the LGTM interface.
+ * non-overlapping with other locations that might be reported as
+ * code scanning alerts on GitHub.
  *
  * We need to give locations that may not be in the database, so
  * we use `hasLocationInfo()` rather than `getLocation()`.
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
index 69e08a9a5d2..58569ef2425 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -551,6 +551,13 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  */
 predicate allowParameterReturnInSelf(ParameterNode p) { none() }
 
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
+
 private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration {
   override predicate argHasPostUpdateExclude(ArgumentNode n) {
     // The rules for whether an IR argument gets a post-update node are too
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll
index f7e5abd25b7..f72edf2f806 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll
@@ -292,12 +292,8 @@ module SemanticExprConfig {
     final Location getLocation() { result = super.getLocation() }
   }
 
-  private class ValueNumberBound extends Bound {
-    IRBound::ValueNumberBound bound;
-
-    ValueNumberBound() { bound = this }
-
-    override string toString() { result = bound.toString() }
+  private class ValueNumberBound extends Bound instanceof IRBound::ValueNumberBound {
+    override string toString() { result = IRBound::ValueNumberBound.super.toString() }
   }
 
   predicate zeroBound(Bound bound) { bound instanceof IRBound::ZeroBound }
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll
index 27c3083fecc..970a6c4e5a9 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SignAnalysisCommon.qll
@@ -33,23 +33,15 @@ abstract private class FlowSignDef extends SignDef {
 }
 
 /** An SSA definition whose sign is determined by the sign of that definitions source expression. */
-private class ExplicitSignDef extends FlowSignDef {
-  SemSsaExplicitUpdate update;
-
-  ExplicitSignDef() { update = this }
-
-  final override Sign getSign() { result = semExprSign(update.getSourceExpr()) }
+private class ExplicitSignDef extends FlowSignDef instanceof SemSsaExplicitUpdate {
+  final override Sign getSign() { result = semExprSign(super.getSourceExpr()) }
 }
 
 /** An SSA Phi definition, whose sign is the union of the signs of its inputs. */
-private class PhiSignDef extends FlowSignDef {
-  SemSsaPhiNode phi;
-
-  PhiSignDef() { phi = this }
-
+private class PhiSignDef extends FlowSignDef instanceof SemSsaPhiNode {
   final override Sign getSign() {
     exists(SemSsaVariable inp, SemSsaReadPositionPhiInputEdge edge |
-      edge.phiInput(phi, inp) and
+      edge.phiInput(this, inp) and
       result = semSsaSign(inp, edge)
     )
   }
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
index ef1fd2099a3..ee8913624dc 100644
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
diff --git a/cpp/ql/lib/semmle/code/cpp/File.qll b/cpp/ql/lib/semmle/code/cpp/File.qll
index e58467fac20..b2e4e0a41a5 100644
--- a/cpp/ql/lib/semmle/code/cpp/File.qll
+++ b/cpp/ql/lib/semmle/code/cpp/File.qll
@@ -189,18 +189,6 @@ class Folder extends Container, @folder {
    * Gets the URL of this folder.
    */
   deprecated override string getURL() { result = "file://" + this.getAbsolutePath() + ":0:0:0:0" }
-
-  /**
-   * DEPRECATED: use `getAbsolutePath` instead.
-   * Gets the name of this folder.
-   */
-  deprecated string getName() { folders(underlyingElement(this), result) }
-
-  /**
-   * DEPRECATED: use `getBaseName` instead.
-   * Gets the last part of the folder name.
-   */
-  deprecated string getShortName() { result = this.getBaseName() }
 }
 
 /**
diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
index d063e8fa19c..51d2e294b36 100644
--- a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
@@ -397,11 +397,8 @@ private int lengthInBase16(float f) {
 /**
  * A class to represent format strings that occur as arguments to invocations of formatting functions.
  */
-class FormatLiteral extends Literal {
-  FormatLiteral() {
-    exists(FormattingFunctionCall ffc | ffc.getFormat() = this) and
-    this instanceof StringLiteral
-  }
+class FormatLiteral extends Literal instanceof StringLiteral {
+  FormatLiteral() { exists(FormattingFunctionCall ffc | ffc.getFormat() = this) }
 
   /**
    * Gets the function call where this format string is used.
diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll
index 0d51c948170..376829c2eef 100644
--- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll
@@ -30,15 +30,12 @@ abstract class ScanfFunction extends Function {
 /**
  * The standard function `scanf` (and variations).
  */
-class Scanf extends ScanfFunction {
+class Scanf extends ScanfFunction instanceof TopLevelFunction {
   Scanf() {
-    this instanceof TopLevelFunction and
-    (
-      this.hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...)
-      this.hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...)
-      this.hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...)
-      this.hasGlobalName("_wscanf_l") // _wscanf_l(format, locale, args...)
-    )
+    this.hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...)
+    this.hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...)
+    this.hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...)
+    this.hasGlobalName("_wscanf_l")
   }
 
   override int getInputParameterIndex() { none() }
@@ -49,15 +46,12 @@ class Scanf extends ScanfFunction {
 /**
  * The standard function `fscanf` (and variations).
  */
-class Fscanf extends ScanfFunction {
+class Fscanf extends ScanfFunction instanceof TopLevelFunction {
   Fscanf() {
-    this instanceof TopLevelFunction and
-    (
-      this.hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...)
-      this.hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...)
-      this.hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)
-      this.hasGlobalName("_fwscanf_l") // _fwscanf_l(src_stream, format, locale, args...)
-    )
+    this.hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...)
+    this.hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...)
+    this.hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)
+    this.hasGlobalName("_fwscanf_l")
   }
 
   override int getInputParameterIndex() { result = 0 }
@@ -68,15 +62,12 @@ class Fscanf extends ScanfFunction {
 /**
  * The standard function `sscanf` (and variations).
  */
-class Sscanf extends ScanfFunction {
+class Sscanf extends ScanfFunction instanceof TopLevelFunction {
   Sscanf() {
-    this instanceof TopLevelFunction and
-    (
-      this.hasGlobalOrStdOrBslName("sscanf") or // sscanf(src_stream, format, args...)
-      this.hasGlobalOrStdOrBslName("swscanf") or // swscanf(src, format, args...)
-      this.hasGlobalName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)
-      this.hasGlobalName("_swscanf_l") // _swscanf_l(src, format, locale, args...)
-    )
+    this.hasGlobalOrStdOrBslName("sscanf") or // sscanf(src_stream, format, args...)
+    this.hasGlobalOrStdOrBslName("swscanf") or // swscanf(src, format, args...)
+    this.hasGlobalName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)
+    this.hasGlobalName("_swscanf_l")
   }
 
   override int getInputParameterIndex() { result = 0 }
@@ -87,17 +78,12 @@ class Sscanf extends ScanfFunction {
 /**
  * The standard(ish) function `snscanf` (and variations).
  */
-class Snscanf extends ScanfFunction {
+class Snscanf extends ScanfFunction instanceof TopLevelFunction {
   Snscanf() {
-    this instanceof TopLevelFunction and
-    (
-      this.hasGlobalName("_snscanf") or // _snscanf(src, max_amount, format, args...)
-      this.hasGlobalName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)
-      this.hasGlobalName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)
-      this.hasGlobalName("_snwscanf_l") // _snwscanf_l(src, max_amount, format, locale, args...)
-      // note that the max_amount is not a limit on the output length, it's an input length
-      // limit used with non null-terminated strings.
-    )
+    this.hasGlobalName("_snscanf") or // _snscanf(src, max_amount, format, args...)
+    this.hasGlobalName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)
+    this.hasGlobalName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)
+    this.hasGlobalName("_snwscanf_l")
   }
 
   override int getInputParameterIndex() { result = 0 }
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
index 9ad3e835c38..1749de42f2c 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
@@ -296,6 +296,13 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  */
 predicate allowParameterReturnInSelf(ParameterNode p) { none() }
 
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
+
 private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration {
   override predicate argHasPostUpdateExclude(ArgumentNode n) {
     // Is the null pointer (or something that's not really a pointer)
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
index be5403734ce..8b559dbe932 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -1,642 +1,21 @@
 /**
+ * DEPRECATED: Use `semmle.code.cpp.ir.dataflow.TaintTracking` as a replacement.
+ *
  * An IR taint tracking library that uses an IR DataFlow configuration to track
  * taint from user inputs as defined by `semmle.code.cpp.security.Security`.
  */
 
 import cpp
 import semmle.code.cpp.security.Security
-private import semmle.code.cpp.ir.dataflow.DataFlow
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
-private import semmle.code.cpp.ir.dataflow.DataFlow3
-private import semmle.code.cpp.ir.IR
-private import semmle.code.cpp.ir.dataflow.ResolveCall
-private import semmle.code.cpp.controlflow.IRGuards
-private import semmle.code.cpp.models.interfaces.Taint
-private import semmle.code.cpp.models.interfaces.DataFlow
-private import semmle.code.cpp.ir.dataflow.TaintTracking
-private import semmle.code.cpp.ir.dataflow.TaintTracking2
-private import semmle.code.cpp.ir.dataflow.TaintTracking3
-private import semmle.code.cpp.ir.dataflow.internal.ModelUtil
+private import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl as DefaultTaintTrackingImpl
 
-/**
- * A predictable instruction is one where an external user can predict
- * the value. For example, a literal in the source code is considered
- * predictable.
- */
-private predicate predictableInstruction(Instruction instr) {
-  instr instanceof ConstantInstruction
-  or
-  instr instanceof StringConstantInstruction
-  or
-  // This could be a conversion on a string literal
-  predictableInstruction(instr.(UnaryInstruction).getUnary())
-}
+deprecated predicate predictableOnlyFlow = DefaultTaintTrackingImpl::predictableOnlyFlow/1;
 
-/**
- * Functions that we should only allow taint to flow through (to the return
- * value) if all but the source argument are 'predictable'.  This is done to
- * emulate the old security library's implementation rather than due to any
- * strong belief that this is the right approach.
- *
- * Note that the list itself is not very principled; it consists of all the
- * functions listed in the old security library's [default] `isPureFunction`
- * that have more than one argument, but are not in the old taint tracking
- * library's `returnArgument` predicate.
- */
-predicate predictableOnlyFlow(string name) {
-  name =
-    [
-      "strcasestr", "strchnul", "strchr", "strchrnul", "strcmp", "strcspn", "strncmp", "strndup",
-      "strnlen", "strrchr", "strspn", "strstr", "strtod", "strtof", "strtol", "strtoll", "strtoq",
-      "strtoul"
-    ]
-}
+deprecated predicate tainted = DefaultTaintTrackingImpl::tainted/2;
 
-private DataFlow::Node getNodeForSource(Expr source) {
-  isUserInput(source, _) and
-  result = getNodeForExpr(source)
-}
+deprecated predicate taintedIncludingGlobalVars =
+  DefaultTaintTrackingImpl::taintedIncludingGlobalVars/3;
 
-private DataFlow::Node getNodeForExpr(Expr node) {
-  result = DataFlow::exprNode(node)
-  or
-  // Some of the sources in `isUserInput` are intended to match the value of
-  // an expression, while others (those modeled below) are intended to match
-  // the taint that propagates out of an argument, like the `char *` argument
-  // to `gets`. It's impossible here to tell which is which, but the "access
-  // to argv" source is definitely not intended to match an output argument,
-  // and it causes false positives if we let it.
-  //
-  // This case goes together with the similar (but not identical) rule in
-  // `nodeIsBarrierIn`.
-  result = DataFlow::definitionByReferenceNodeFromArgument(node) and
-  not argv(node.(VariableAccess).getTarget())
-}
+deprecated predicate globalVarFromId = DefaultTaintTrackingImpl::globalVarFromId/1;
 
-private class DefaultTaintTrackingCfg extends TaintTracking::Configuration {
-  DefaultTaintTrackingCfg() { this = "DefaultTaintTrackingCfg" }
-
-  override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
-
-  override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
-
-  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
-
-  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
-}
-
-private class ToGlobalVarTaintTrackingCfg extends TaintTracking::Configuration {
-  ToGlobalVarTaintTrackingCfg() { this = "GlobalVarTaintTrackingCfg" }
-
-  override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink.asVariable() instanceof GlobalOrNamespaceVariable
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable))
-    or
-    readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable))
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
-
-  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
-}
-
-private class FromGlobalVarTaintTrackingCfg extends TaintTracking2::Configuration {
-  FromGlobalVarTaintTrackingCfg() { this = "FromGlobalVarTaintTrackingCfg" }
-
-  override predicate isSource(DataFlow::Node source) {
-    // This set of sources should be reasonably small, which is good for
-    // performance since the set of sinks is very large.
-    exists(ToGlobalVarTaintTrackingCfg otherCfg | otherCfg.hasFlowTo(source))
-  }
-
-  override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    // Additional step for flow out of variables. There is no flow _into_
-    // variables in this configuration, so this step only serves to take flow
-    // out of a variable that's a source.
-    readsVariable(n2.asInstruction(), n1.asVariable())
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
-
-  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
-}
-
-private predicate readsVariable(LoadInstruction load, Variable var) {
-  load.getSourceAddress().(VariableAddressInstruction).getAstVariable() = var
-}
-
-private predicate writesVariable(StoreInstruction store, Variable var) {
-  store.getDestinationAddress().(VariableAddressInstruction).getAstVariable() = var
-}
-
-/**
- * A variable that has any kind of upper-bound check anywhere in the program.  This is
- * biased towards being inclusive because there are a lot of valid ways of doing an
- * upper bounds checks if we don't consider where it occurs, for example:
- * ```
- *   if (x < 10) { sink(x); }
- *
- *   if (10 > y) { sink(y); }
- *
- *   if (z > 10) { z = 10; }
- *   sink(z);
- * ```
- */
-// TODO: This coarse overapproximation, ported from the old taint tracking
-// library, could be replaced with an actual semantic check that a particular
-// variable _access_ is guarded by an upper-bound check. We probably don't want
-// to do this right away since it could expose a lot of FPs that were
-// previously suppressed by this predicate by coincidence.
-private predicate hasUpperBoundsCheck(Variable var) {
-  exists(RelationalOperation oper, VariableAccess access |
-    oper.getAnOperand() = access and
-    access.getTarget() = var and
-    // Comparing to 0 is not an upper bound check
-    not oper.getAnOperand().getValue() = "0"
-  )
-}
-
-private predicate nodeIsBarrierEqualityCandidate(
-  DataFlow::Node node, Operand access, Variable checkedVar
-) {
-  readsVariable(node.asInstruction(), checkedVar) and
-  any(IRGuardCondition guard).ensuresEq(access, _, _, node.asInstruction().getBlock(), true)
-}
-
-cached
-private module Cached {
-  cached
-  predicate nodeIsBarrier(DataFlow::Node node) {
-    exists(Variable checkedVar |
-      readsVariable(node.asInstruction(), checkedVar) and
-      hasUpperBoundsCheck(checkedVar)
-    )
-    or
-    exists(Variable checkedVar, Operand access |
-      /*
-       * This node is guarded by a condition that forces the accessed variable
-       * to equal something else.  For example:
-       * ```
-       * x = taintsource()
-       * if (x == 10) {
-       *   taintsink(x); // not considered tainted
-       * }
-       * ```
-       */
-
-      nodeIsBarrierEqualityCandidate(node, access, checkedVar) and
-      readsVariable(access.getDef(), checkedVar)
-    )
-  }
-
-  cached
-  predicate nodeIsBarrierIn(DataFlow::Node node) {
-    // don't use dataflow into taint sources, as this leads to duplicate results.
-    exists(Expr source | isUserInput(source, _) |
-      node = DataFlow::exprNode(source)
-      or
-      // This case goes together with the similar (but not identical) rule in
-      // `getNodeForSource`.
-      node = DataFlow::definitionByReferenceNodeFromArgument(source)
-    )
-    or
-    // don't use dataflow into binary instructions if both operands are unpredictable
-    exists(BinaryInstruction iTo |
-      iTo = node.asInstruction() and
-      not predictableInstruction(iTo.getLeft()) and
-      not predictableInstruction(iTo.getRight()) and
-      // propagate taint from either the pointer or the offset, regardless of predictability
-      not iTo instanceof PointerArithmeticInstruction
-    )
-    or
-    // don't use dataflow through calls to pure functions if two or more operands
-    // are unpredictable
-    exists(Instruction iFrom1, Instruction iFrom2, CallInstruction iTo |
-      iTo = node.asInstruction() and
-      isPureFunction(iTo.getStaticCallTarget().getName()) and
-      iFrom1 = iTo.getAnArgument() and
-      iFrom2 = iTo.getAnArgument() and
-      not predictableInstruction(iFrom1) and
-      not predictableInstruction(iFrom2) and
-      iFrom1 != iFrom2
-    )
-  }
-
-  cached
-  Element adjustedSink(DataFlow::Node sink) {
-    // TODO: is it more appropriate to use asConvertedExpr here and avoid
-    // `getConversion*`? Or will that cause us to miss some cases where there's
-    // flow to a conversion (like a `ReferenceDereferenceExpr`) and we want to
-    // pretend there was flow to the converted `Expr` for the sake of
-    // compatibility.
-    sink.asExpr().getConversion*() = result
-    or
-    // For compatibility, send flow from arguments to parameters, even for
-    // functions with no body.
-    exists(FunctionCall call, int i |
-      sink.asExpr() = call.getArgument(pragma[only_bind_into](i)) and
-      result = resolveCall(call).getParameter(pragma[only_bind_into](i))
-    )
-    or
-    // For compatibility, send flow into a `Variable` if there is flow to any
-    // Load or Store of that variable.
-    exists(CopyInstruction copy |
-      copy.getSourceValue() = sink.asInstruction() and
-      (
-        readsVariable(copy, result) or
-        writesVariable(copy, result)
-      ) and
-      not hasUpperBoundsCheck(result)
-    )
-    or
-    // For compatibility, send flow into a `NotExpr` even if it's part of a
-    // short-circuiting condition and thus might get skipped.
-    result.(NotExpr).getOperand() = sink.asExpr()
-    or
-    // Taint postfix and prefix crement operations when their operand is tainted.
-    result.(CrementOperation).getAnOperand() = sink.asExpr()
-    or
-    // Taint `e1 += e2`, `e &= e2` and friends when `e1` or `e2` is tainted.
-    result.(AssignOperation).getAnOperand() = sink.asExpr()
-    or
-    result =
-      sink.asOperand()
-          .(SideEffectOperand)
-          .getUse()
-          .(ReadSideEffectInstruction)
-          .getArgumentDef()
-          .getUnconvertedResultExpression()
-  }
-
-  /**
-   * Step to return value of a modeled function when an input taints the
-   * dereference of the return value.
-   */
-  cached
-  predicate additionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(CallInstruction call, Function func, FunctionInput modelIn, FunctionOutput modelOut |
-      n1.asOperand() = callInput(call, modelIn) and
-      (
-        func.(TaintFunction).hasTaintFlow(modelIn, modelOut)
-        or
-        func.(DataFlowFunction).hasDataFlow(modelIn, modelOut)
-      ) and
-      call.getStaticCallTarget() = func and
-      modelOut.isReturnValueDeref() and
-      call = n2.asInstruction()
-    )
-  }
-}
-
-private import Cached
-
-/**
- * Holds if `tainted` may contain taint from `source`.
- *
- * A tainted expression is either directly user input, or is
- * computed from user input in a way that users can probably
- * control the exact output of the computation.
- *
- * This doesn't include data flow through global variables.
- * If you need that you must call `taintedIncludingGlobalVars`.
- */
-cached
-predicate tainted(Expr source, Element tainted) {
-  exists(DefaultTaintTrackingCfg cfg, DataFlow::Node sink |
-    cfg.hasFlow(getNodeForSource(source), sink) and
-    tainted = adjustedSink(sink)
-  )
-}
-
-/**
- * Holds if `tainted` may contain taint from `source`, where the taint passed
- * through a global variable named `globalVar`.
- *
- * A tainted expression is either directly user input, or is
- * computed from user input in a way that users can probably
- * control the exact output of the computation.
- *
- * This version gives the same results as tainted but also includes
- * data flow through global variables.
- *
- * The parameter `globalVar` is the qualified name of the last global variable
- * used to move the value from source to tainted. If the taint did not pass
- * through a global variable, then `globalVar = ""`.
- */
-cached
-predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) {
-  tainted(source, tainted) and
-  globalVar = ""
-  or
-  exists(
-    ToGlobalVarTaintTrackingCfg toCfg, FromGlobalVarTaintTrackingCfg fromCfg,
-    DataFlow::VariableNode variableNode, GlobalOrNamespaceVariable global, DataFlow::Node sink
-  |
-    global = variableNode.getVariable() and
-    toCfg.hasFlow(getNodeForSource(source), variableNode) and
-    fromCfg.hasFlow(variableNode, sink) and
-    tainted = adjustedSink(sink) and
-    global = globalVarFromId(globalVar)
-  )
-}
-
-/**
- * Gets the global variable whose qualified name is `id`. Use this predicate
- * together with `taintedIncludingGlobalVars`. Example:
- *
- * ```
- * exists(string varName |
- *   taintedIncludingGlobalVars(source, tainted, varName) and
- *   var = globalVarFromId(varName)
- * )
- * ```
- */
-GlobalOrNamespaceVariable globalVarFromId(string id) { id = result.getQualifiedName() }
-
-/**
- * Provides definitions for augmenting source/sink pairs with data-flow paths
- * between them. From a `@kind path-problem` query, import this module in the
- * global scope, extend `TaintTrackingConfiguration`, and use `taintedWithPath`
- * in place of `tainted`.
- *
- * Importing this module will also import the query predicates that contain the
- * taint paths.
- */
-module TaintedWithPath {
-  private newtype TSingleton = MkSingleton()
-
-  /**
-   * A taint-tracking configuration that matches sources and sinks in the same
-   * way as the `tainted` predicate.
-   *
-   * Override `isSink` and `taintThroughGlobals` as needed, but do not provide
-   * a characteristic predicate.
-   */
-  class TaintTrackingConfiguration extends TSingleton {
-    /** Override this to specify which elements are sources in this configuration. */
-    predicate isSource(Expr source) { exists(getNodeForSource(source)) }
-
-    /** Override this to specify which elements are sinks in this configuration. */
-    abstract predicate isSink(Element e);
-
-    /** Override this to specify which expressions are barriers in this configuration. */
-    predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }
-
-    /**
-     * Override this predicate to `any()` to allow taint to flow through global
-     * variables.
-     */
-    predicate taintThroughGlobals() { none() }
-
-    /** Gets a textual representation of this element. */
-    string toString() { result = "TaintTrackingConfiguration" }
-  }
-
-  private class AdjustedConfiguration extends TaintTracking3::Configuration {
-    AdjustedConfiguration() { this = "AdjustedConfiguration" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(TaintTrackingConfiguration cfg, Expr e |
-        cfg.isSource(e) and source = getNodeForExpr(e)
-      )
-    }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(TaintTrackingConfiguration cfg | cfg.isSink(adjustedSink(sink)))
-    }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-      // Steps into and out of global variables
-      exists(TaintTrackingConfiguration cfg | cfg.taintThroughGlobals() |
-        writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable))
-        or
-        readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable))
-      )
-      or
-      additionalTaintStep(n1, n2)
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      exists(TaintTrackingConfiguration cfg, Expr e | cfg.isBarrier(e) and node = getNodeForExpr(e))
-    }
-
-    override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
-  }
-
-  /*
-   * A sink `Element` may map to multiple `DataFlowX::PathNode`s via (the
-   * inverse of) `adjustedSink`. For example, an `Expr` maps to all its
-   * conversions, and a `Variable` maps to all loads and stores from it. Because
-   * the path node is part of the tuple that constitutes the alert, this leads
-   * to duplicate alerts.
-   *
-   * To avoid showing duplicates, we edit the graph to replace the final node
-   * coming from the data-flow library with a node that matches exactly the
-   * `Element` sink that's requested.
-   *
-   * The same is done for sources.
-   */
-
-  private newtype TPathNode =
-    TWrapPathNode(DataFlow3::PathNode n) or
-    // There's a single newtype constructor for both sources and sinks since
-    // that makes it easiest to deal with the case where source = sink.
-    TEndpointPathNode(Element e) {
-      exists(AdjustedConfiguration cfg, DataFlow3::Node sourceNode, DataFlow3::Node sinkNode |
-        cfg.hasFlow(sourceNode, sinkNode)
-      |
-        sourceNode = getNodeForExpr(e) and
-        exists(TaintTrackingConfiguration ttCfg | ttCfg.isSource(e))
-        or
-        e = adjustedSink(sinkNode) and
-        exists(TaintTrackingConfiguration ttCfg | ttCfg.isSink(e))
-      )
-    }
-
-  /** An opaque type used for the nodes of a data-flow path. */
-  class PathNode extends TPathNode {
-    /** Gets a textual representation of this element. */
-    string toString() { none() }
-
-    /**
-     * Holds if this element is at the specified location.
-     * The location spans column `startcolumn` of line `startline` to
-     * column `endcolumn` of line `endline` in file `filepath`.
-     * For more information, see
-     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-     */
-    predicate hasLocationInfo(
-      string filepath, int startline, int startcolumn, int endline, int endcolumn
-    ) {
-      none()
-    }
-  }
-
-  /**
-   * INTERNAL: Do not use.
-   */
-  module Private {
-    /** Gets a predecessor `PathNode` of `pathNode`, if any. */
-    PathNode getAPredecessor(PathNode pathNode) { edges(result, pathNode) }
-
-    /** Gets the element that `pathNode` wraps, if any. */
-    Element getElementFromPathNode(PathNode pathNode) {
-      exists(DataFlow::Node node | node = pathNode.(WrapPathNode).inner().getNode() |
-        result = node.asInstruction().getAst()
-        or
-        result = node.asOperand().getDef().getAst()
-      )
-      or
-      result = pathNode.(EndpointPathNode).inner()
-    }
-  }
-
-  private class WrapPathNode extends PathNode, TWrapPathNode {
-    DataFlow3::PathNode inner() { this = TWrapPathNode(result) }
-
-    override string toString() { result = this.inner().toString() }
-
-    override predicate hasLocationInfo(
-      string filepath, int startline, int startcolumn, int endline, int endcolumn
-    ) {
-      this.inner().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    }
-  }
-
-  private class EndpointPathNode extends PathNode, TEndpointPathNode {
-    Expr inner() { this = TEndpointPathNode(result) }
-
-    override string toString() { result = this.inner().toString() }
-
-    override predicate hasLocationInfo(
-      string filepath, int startline, int startcolumn, int endline, int endcolumn
-    ) {
-      this.inner()
-          .getLocation()
-          .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    }
-  }
-
-  /** A PathNode whose `Element` is a source. It may also be a sink. */
-  private class InitialPathNode extends EndpointPathNode {
-    InitialPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSource(this.inner())) }
-  }
-
-  /** A PathNode whose `Element` is a sink. It may also be a source. */
-  private class FinalPathNode extends EndpointPathNode {
-    FinalPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSink(this.inner())) }
-  }
-
-  /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
-  query predicate edges(PathNode a, PathNode b) {
-    DataFlow3::PathGraph::edges(a.(WrapPathNode).inner(), b.(WrapPathNode).inner())
-    or
-    // To avoid showing trivial-looking steps, we _replace_ the last node instead
-    // of adding an edge out of it.
-    exists(WrapPathNode sinkNode |
-      DataFlow3::PathGraph::edges(a.(WrapPathNode).inner(), sinkNode.inner()) and
-      b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
-    )
-    or
-    // Same for the first node
-    exists(WrapPathNode sourceNode |
-      DataFlow3::PathGraph::edges(sourceNode.inner(), b.(WrapPathNode).inner()) and
-      sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner())
-    )
-    or
-    // Finally, handle the case where the path goes directly from a source to a
-    // sink, meaning that they both need to be translated.
-    exists(WrapPathNode sinkNode, WrapPathNode sourceNode |
-      DataFlow3::PathGraph::edges(sourceNode.inner(), sinkNode.inner()) and
-      sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner()) and
-      b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
-    )
-  }
-
-  /**
-   * Holds if there is flow from `arg` to `out` across a call that can by summarized by the flow
-   * from `par` to `ret` within it, in the graph of data flow path explanations.
-   */
-  query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
-    DataFlow3::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(),
-      ret.(WrapPathNode).inner(), out.(WrapPathNode).inner())
-    or
-    // To avoid showing trivial-looking steps, we _replace_ the last node instead
-    // of adding an edge out of it.
-    exists(WrapPathNode sinkNode |
-      DataFlow3::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(),
-        ret.(WrapPathNode).inner(), sinkNode.inner()) and
-      out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
-    )
-    or
-    // Same for the first node
-    exists(WrapPathNode sourceNode |
-      DataFlow3::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(),
-        ret.(WrapPathNode).inner(), out.(WrapPathNode).inner()) and
-      sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner())
-    )
-    or
-    // Finally, handle the case where the path goes directly from a source to a
-    // sink, meaning that they both need to be translated.
-    exists(WrapPathNode sinkNode, WrapPathNode sourceNode |
-      DataFlow3::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(),
-        ret.(WrapPathNode).inner(), sinkNode.inner()) and
-      sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner()) and
-      out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
-    )
-  }
-
-  /** Holds if `n` is a node in the graph of data flow path explanations. */
-  query predicate nodes(PathNode n, string key, string val) {
-    key = "semmle.label" and val = n.toString()
-  }
-
-  /**
-   * Holds if `tainted` may contain taint from `source`, where `sourceNode` and
-   * `sinkNode` are the corresponding `PathNode`s that can be used in a query
-   * to provide path explanations. Extend `TaintTrackingConfiguration` to use
-   * this predicate.
-   *
-   * A tainted expression is either directly user input, or is computed from
-   * user input in a way that users can probably control the exact output of
-   * the computation.
-   */
-  predicate taintedWithPath(Expr source, Element tainted, PathNode sourceNode, PathNode sinkNode) {
-    exists(AdjustedConfiguration cfg, DataFlow3::Node flowSource, DataFlow3::Node flowSink |
-      source = sourceNode.(InitialPathNode).inner() and
-      flowSource = getNodeForExpr(source) and
-      cfg.hasFlow(flowSource, flowSink) and
-      tainted = adjustedSink(flowSink) and
-      tainted = sinkNode.(FinalPathNode).inner()
-    )
-  }
-
-  private predicate isGlobalVariablePathNode(WrapPathNode n) {
-    n.inner().getNode().asVariable() instanceof GlobalOrNamespaceVariable
-  }
-
-  private predicate edgesWithoutGlobals(PathNode a, PathNode b) {
-    edges(a, b) and
-    not isGlobalVariablePathNode(a) and
-    not isGlobalVariablePathNode(b)
-  }
-
-  /**
-   * Holds if `tainted` can be reached from a taint source without passing
-   * through a global variable.
-   */
-  predicate taintedWithoutGlobals(Element tainted) {
-    exists(AdjustedConfiguration cfg, PathNode sourceNode, FinalPathNode sinkNode |
-      cfg.isSource(sourceNode.(WrapPathNode).inner().getNode()) and
-      edgesWithoutGlobals+(sourceNode, sinkNode) and
-      tainted = sinkNode.inner()
-    )
-  }
-}
+deprecated module TaintedWithPath = DefaultTaintTrackingImpl::TaintedWithPath;
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
index 08ee06acdda..904701144ca 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
@@ -5,7 +5,6 @@
  */
 
 private import cpp
-import semmle.code.cpp.ir.dataflow.DataFlow
 private import semmle.code.cpp.ir.IR
 
 /**
@@ -25,18 +24,18 @@ abstract class MustFlowConfiguration extends string {
   /**
    * Holds if `source` is a relevant data flow source.
    */
-  abstract predicate isSource(DataFlow::Node source);
+  abstract predicate isSource(Instruction source);
 
   /**
    * Holds if `sink` is a relevant data flow sink.
    */
-  abstract predicate isSink(DataFlow::Node sink);
+  abstract predicate isSink(Operand sink);
 
   /**
    * Holds if the additional flow step from `node1` to `node2` must be taken
    * into account in the analysis.
    */
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { none() }
+  predicate isAdditionalFlowStep(Operand node1, Instruction node2) { none() }
 
   /** Holds if this configuration allows flow from arguments to parameters. */
   predicate allowInterproceduralFlow() { any() }
@@ -48,17 +47,17 @@ abstract class MustFlowConfiguration extends string {
    * included in the module `PathGraph`.
    */
   final predicate hasFlowPath(MustFlowPathNode source, MustFlowPathSink sink) {
-    this.isSource(source.getNode()) and
+    this.isSource(source.getInstruction()) and
     source.getASuccessor+() = sink
   }
 }
 
 /** Holds if `node` flows from a source. */
 pragma[nomagic]
-private predicate flowsFromSource(DataFlow::Node node, MustFlowConfiguration config) {
+private predicate flowsFromSource(Instruction node, MustFlowConfiguration config) {
   config.isSource(node)
   or
-  exists(DataFlow::Node mid |
+  exists(Instruction mid |
     step(mid, node, config) and
     flowsFromSource(mid, pragma[only_bind_into](config))
   )
@@ -66,12 +65,12 @@ private predicate flowsFromSource(DataFlow::Node node, MustFlowConfiguration con
 
 /** Holds if `node` flows to a sink. */
 pragma[nomagic]
-private predicate flowsToSink(DataFlow::Node node, MustFlowConfiguration config) {
+private predicate flowsToSink(Instruction node, MustFlowConfiguration config) {
   flowsFromSource(node, pragma[only_bind_into](config)) and
   (
-    config.isSink(node)
+    config.isSink(node.getAUse())
     or
-    exists(DataFlow::Node mid |
+    exists(Instruction mid |
       step(node, mid, config) and
       flowsToSink(mid, pragma[only_bind_into](config))
     )
@@ -198,12 +197,13 @@ private module Cached {
   }
 
   cached
-  predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    instructionToOperandStep(nodeFrom.asInstruction(), nodeTo.asOperand())
+  predicate step(Instruction nodeFrom, Instruction nodeTo) {
+    exists(Operand mid |
+      instructionToOperandStep(nodeFrom, mid) and
+      operandToInstructionStep(mid, nodeTo)
+    )
     or
-    flowThroughCallable(nodeFrom.asInstruction(), nodeTo.asInstruction())
-    or
-    operandToInstructionStep(nodeFrom.asOperand(), nodeTo.asInstruction())
+    flowThroughCallable(nodeFrom, nodeTo)
   }
 }
 
@@ -213,12 +213,12 @@ private module Cached {
  * way around.
  */
 pragma[inline]
-private Declaration getEnclosingCallable(DataFlow::Node n) {
-  pragma[only_bind_into](result) = pragma[only_bind_out](n).getEnclosingCallable()
+private IRFunction getEnclosingCallable(Instruction n) {
+  pragma[only_bind_into](result) = pragma[only_bind_out](n).getEnclosingIRFunction()
 }
 
 /** Holds if `nodeFrom` flows to `nodeTo`. */
-private predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, MustFlowConfiguration config) {
+private predicate step(Instruction nodeFrom, Instruction nodeTo, MustFlowConfiguration config) {
   exists(config) and
   Cached::step(pragma[only_bind_into](nodeFrom), pragma[only_bind_into](nodeTo)) and
   (
@@ -227,37 +227,37 @@ private predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, MustFlowC
     getEnclosingCallable(nodeFrom) = getEnclosingCallable(nodeTo)
   )
   or
-  config.isAdditionalFlowStep(nodeFrom, nodeTo)
+  config.isAdditionalFlowStep(nodeFrom.getAUse(), nodeTo)
 }
 
 private newtype TLocalPathNode =
-  MkLocalPathNode(DataFlow::Node n, MustFlowConfiguration config) {
+  MkLocalPathNode(Instruction n, MustFlowConfiguration config) {
     flowsToSink(n, config) and
     (
       config.isSource(n)
       or
-      exists(MustFlowPathNode mid | step(mid.getNode(), n, config))
+      exists(MustFlowPathNode mid | step(mid.getInstruction(), n, config))
     )
   }
 
 /** A `Node` that is in a path from a source to a sink. */
 class MustFlowPathNode extends TLocalPathNode {
-  DataFlow::Node n;
+  Instruction n;
 
   MustFlowPathNode() { this = MkLocalPathNode(n, _) }
 
   /** Gets the underlying node. */
-  DataFlow::Node getNode() { result = n }
+  Instruction getInstruction() { result = n }
 
   /** Gets a textual representation of this node. */
-  string toString() { result = n.toString() }
+  string toString() { result = n.getAst().toString() }
 
   /** Gets the location of this element. */
   Location getLocation() { result = n.getLocation() }
 
   /** Gets a successor node, if any. */
   MustFlowPathNode getASuccessor() {
-    step(this.getNode(), result.getNode(), this.getConfiguration())
+    step(this.getInstruction(), result.getInstruction(), this.getConfiguration())
   }
 
   /** Gets the associated configuration. */
@@ -265,7 +265,7 @@ class MustFlowPathNode extends TLocalPathNode {
 }
 
 private class MustFlowPathSink extends MustFlowPathNode {
-  MustFlowPathSink() { this.getConfiguration().isSink(this.getNode()) }
+  MustFlowPathSink() { this.getConfiguration().isSink(this.getInstruction().getAUse()) }
 }
 
 /**
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
index 7f8524a4b44..e068f81f542 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -400,6 +400,13 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  */
 predicate allowParameterReturnInSelf(ParameterNode p) { none() }
 
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
+
 private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration {
   override predicate argHasPostUpdateExclude(ArgumentNode n) {
     // The rules for whether an IR argument gets a post-update node are too
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll
new file mode 100644
index 00000000000..d6a43ed2975
--- /dev/null
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll
@@ -0,0 +1,644 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * An IR taint tracking library that uses an IR DataFlow configuration to track
+ * taint from user inputs as defined by `semmle.code.cpp.security.Security`.
+ */
+
+import cpp
+import semmle.code.cpp.security.Security
+private import semmle.code.cpp.ir.dataflow.DataFlow
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
+private import semmle.code.cpp.ir.dataflow.DataFlow3
+private import semmle.code.cpp.ir.IR
+private import semmle.code.cpp.ir.dataflow.ResolveCall
+private import semmle.code.cpp.controlflow.IRGuards
+private import semmle.code.cpp.models.interfaces.Taint
+private import semmle.code.cpp.models.interfaces.DataFlow
+private import semmle.code.cpp.ir.dataflow.TaintTracking
+private import semmle.code.cpp.ir.dataflow.TaintTracking2
+private import semmle.code.cpp.ir.dataflow.TaintTracking3
+private import semmle.code.cpp.ir.dataflow.internal.ModelUtil
+
+/**
+ * A predictable instruction is one where an external user can predict
+ * the value. For example, a literal in the source code is considered
+ * predictable.
+ */
+private predicate predictableInstruction(Instruction instr) {
+  instr instanceof ConstantInstruction
+  or
+  instr instanceof StringConstantInstruction
+  or
+  // This could be a conversion on a string literal
+  predictableInstruction(instr.(UnaryInstruction).getUnary())
+}
+
+/**
+ * Functions that we should only allow taint to flow through (to the return
+ * value) if all but the source argument are 'predictable'.  This is done to
+ * emulate the old security library's implementation rather than due to any
+ * strong belief that this is the right approach.
+ *
+ * Note that the list itself is not very principled; it consists of all the
+ * functions listed in the old security library's [default] `isPureFunction`
+ * that have more than one argument, but are not in the old taint tracking
+ * library's `returnArgument` predicate.
+ */
+predicate predictableOnlyFlow(string name) {
+  name =
+    [
+      "strcasestr", "strchnul", "strchr", "strchrnul", "strcmp", "strcspn", "strncmp", "strndup",
+      "strnlen", "strrchr", "strspn", "strstr", "strtod", "strtof", "strtol", "strtoll", "strtoq",
+      "strtoul"
+    ]
+}
+
+private DataFlow::Node getNodeForSource(Expr source) {
+  isUserInput(source, _) and
+  result = getNodeForExpr(source)
+}
+
+private DataFlow::Node getNodeForExpr(Expr node) {
+  result = DataFlow::exprNode(node)
+  or
+  // Some of the sources in `isUserInput` are intended to match the value of
+  // an expression, while others (those modeled below) are intended to match
+  // the taint that propagates out of an argument, like the `char *` argument
+  // to `gets`. It's impossible here to tell which is which, but the "access
+  // to argv" source is definitely not intended to match an output argument,
+  // and it causes false positives if we let it.
+  //
+  // This case goes together with the similar (but not identical) rule in
+  // `nodeIsBarrierIn`.
+  result = DataFlow::definitionByReferenceNodeFromArgument(node) and
+  not argv(node.(VariableAccess).getTarget())
+}
+
+private class DefaultTaintTrackingCfg extends TaintTracking::Configuration {
+  DefaultTaintTrackingCfg() { this = "DefaultTaintTrackingCfg" }
+
+  override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
+
+  override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
+
+  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
+
+  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
+}
+
+private class ToGlobalVarTaintTrackingCfg extends TaintTracking::Configuration {
+  ToGlobalVarTaintTrackingCfg() { this = "GlobalVarTaintTrackingCfg" }
+
+  override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink.asVariable() instanceof GlobalOrNamespaceVariable
+  }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
+    writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable))
+    or
+    readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable))
+  }
+
+  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
+
+  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
+}
+
+private class FromGlobalVarTaintTrackingCfg extends TaintTracking2::Configuration {
+  FromGlobalVarTaintTrackingCfg() { this = "FromGlobalVarTaintTrackingCfg" }
+
+  override predicate isSource(DataFlow::Node source) {
+    // This set of sources should be reasonably small, which is good for
+    // performance since the set of sinks is very large.
+    exists(ToGlobalVarTaintTrackingCfg otherCfg | otherCfg.hasFlowTo(source))
+  }
+
+  override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
+    // Additional step for flow out of variables. There is no flow _into_
+    // variables in this configuration, so this step only serves to take flow
+    // out of a variable that's a source.
+    readsVariable(n2.asInstruction(), n1.asVariable())
+  }
+
+  override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
+
+  override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
+}
+
+private predicate readsVariable(LoadInstruction load, Variable var) {
+  load.getSourceAddress().(VariableAddressInstruction).getAstVariable() = var
+}
+
+private predicate writesVariable(StoreInstruction store, Variable var) {
+  store.getDestinationAddress().(VariableAddressInstruction).getAstVariable() = var
+}
+
+/**
+ * A variable that has any kind of upper-bound check anywhere in the program.  This is
+ * biased towards being inclusive because there are a lot of valid ways of doing an
+ * upper bounds checks if we don't consider where it occurs, for example:
+ * ```
+ *   if (x < 10) { sink(x); }
+ *
+ *   if (10 > y) { sink(y); }
+ *
+ *   if (z > 10) { z = 10; }
+ *   sink(z);
+ * ```
+ */
+// TODO: This coarse overapproximation, ported from the old taint tracking
+// library, could be replaced with an actual semantic check that a particular
+// variable _access_ is guarded by an upper-bound check. We probably don't want
+// to do this right away since it could expose a lot of FPs that were
+// previously suppressed by this predicate by coincidence.
+private predicate hasUpperBoundsCheck(Variable var) {
+  exists(RelationalOperation oper, VariableAccess access |
+    oper.getAnOperand() = access and
+    access.getTarget() = var and
+    // Comparing to 0 is not an upper bound check
+    not oper.getAnOperand().getValue() = "0"
+  )
+}
+
+private predicate nodeIsBarrierEqualityCandidate(
+  DataFlow::Node node, Operand access, Variable checkedVar
+) {
+  readsVariable(node.asInstruction(), checkedVar) and
+  any(IRGuardCondition guard).ensuresEq(access, _, _, node.asInstruction().getBlock(), true)
+}
+
+cached
+private module Cached {
+  cached
+  predicate nodeIsBarrier(DataFlow::Node node) {
+    exists(Variable checkedVar |
+      readsVariable(node.asInstruction(), checkedVar) and
+      hasUpperBoundsCheck(checkedVar)
+    )
+    or
+    exists(Variable checkedVar, Operand access |
+      /*
+       * This node is guarded by a condition that forces the accessed variable
+       * to equal something else.  For example:
+       * ```
+       * x = taintsource()
+       * if (x == 10) {
+       *   taintsink(x); // not considered tainted
+       * }
+       * ```
+       */
+
+      nodeIsBarrierEqualityCandidate(node, access, checkedVar) and
+      readsVariable(access.getDef(), checkedVar)
+    )
+  }
+
+  cached
+  predicate nodeIsBarrierIn(DataFlow::Node node) {
+    // don't use dataflow into taint sources, as this leads to duplicate results.
+    exists(Expr source | isUserInput(source, _) |
+      node = DataFlow::exprNode(source)
+      or
+      // This case goes together with the similar (but not identical) rule in
+      // `getNodeForSource`.
+      node = DataFlow::definitionByReferenceNodeFromArgument(source)
+    )
+    or
+    // don't use dataflow into binary instructions if both operands are unpredictable
+    exists(BinaryInstruction iTo |
+      iTo = node.asInstruction() and
+      not predictableInstruction(iTo.getLeft()) and
+      not predictableInstruction(iTo.getRight()) and
+      // propagate taint from either the pointer or the offset, regardless of predictability
+      not iTo instanceof PointerArithmeticInstruction
+    )
+    or
+    // don't use dataflow through calls to pure functions if two or more operands
+    // are unpredictable
+    exists(Instruction iFrom1, Instruction iFrom2, CallInstruction iTo |
+      iTo = node.asInstruction() and
+      isPureFunction(iTo.getStaticCallTarget().getName()) and
+      iFrom1 = iTo.getAnArgument() and
+      iFrom2 = iTo.getAnArgument() and
+      not predictableInstruction(iFrom1) and
+      not predictableInstruction(iFrom2) and
+      iFrom1 != iFrom2
+    )
+  }
+
+  cached
+  Element adjustedSink(DataFlow::Node sink) {
+    // TODO: is it more appropriate to use asConvertedExpr here and avoid
+    // `getConversion*`? Or will that cause us to miss some cases where there's
+    // flow to a conversion (like a `ReferenceDereferenceExpr`) and we want to
+    // pretend there was flow to the converted `Expr` for the sake of
+    // compatibility.
+    sink.asExpr().getConversion*() = result
+    or
+    // For compatibility, send flow from arguments to parameters, even for
+    // functions with no body.
+    exists(FunctionCall call, int i |
+      sink.asExpr() = call.getArgument(pragma[only_bind_into](i)) and
+      result = resolveCall(call).getParameter(pragma[only_bind_into](i))
+    )
+    or
+    // For compatibility, send flow into a `Variable` if there is flow to any
+    // Load or Store of that variable.
+    exists(CopyInstruction copy |
+      copy.getSourceValue() = sink.asInstruction() and
+      (
+        readsVariable(copy, result) or
+        writesVariable(copy, result)
+      ) and
+      not hasUpperBoundsCheck(result)
+    )
+    or
+    // For compatibility, send flow into a `NotExpr` even if it's part of a
+    // short-circuiting condition and thus might get skipped.
+    result.(NotExpr).getOperand() = sink.asExpr()
+    or
+    // Taint postfix and prefix crement operations when their operand is tainted.
+    result.(CrementOperation).getAnOperand() = sink.asExpr()
+    or
+    // Taint `e1 += e2`, `e &= e2` and friends when `e1` or `e2` is tainted.
+    result.(AssignOperation).getAnOperand() = sink.asExpr()
+    or
+    result =
+      sink.asOperand()
+          .(SideEffectOperand)
+          .getUse()
+          .(ReadSideEffectInstruction)
+          .getArgumentDef()
+          .getUnconvertedResultExpression()
+  }
+
+  /**
+   * Step to return value of a modeled function when an input taints the
+   * dereference of the return value.
+   */
+  cached
+  predicate additionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
+    exists(CallInstruction call, Function func, FunctionInput modelIn, FunctionOutput modelOut |
+      n1.asOperand() = callInput(call, modelIn) and
+      (
+        func.(TaintFunction).hasTaintFlow(modelIn, modelOut)
+        or
+        func.(DataFlowFunction).hasDataFlow(modelIn, modelOut)
+      ) and
+      call.getStaticCallTarget() = func and
+      modelOut.isReturnValueDeref() and
+      call = n2.asInstruction()
+    )
+  }
+}
+
+private import Cached
+
+/**
+ * Holds if `tainted` may contain taint from `source`.
+ *
+ * A tainted expression is either directly user input, or is
+ * computed from user input in a way that users can probably
+ * control the exact output of the computation.
+ *
+ * This doesn't include data flow through global variables.
+ * If you need that you must call `taintedIncludingGlobalVars`.
+ */
+cached
+predicate tainted(Expr source, Element tainted) {
+  exists(DefaultTaintTrackingCfg cfg, DataFlow::Node sink |
+    cfg.hasFlow(getNodeForSource(source), sink) and
+    tainted = adjustedSink(sink)
+  )
+}
+
+/**
+ * Holds if `tainted` may contain taint from `source`, where the taint passed
+ * through a global variable named `globalVar`.
+ *
+ * A tainted expression is either directly user input, or is
+ * computed from user input in a way that users can probably
+ * control the exact output of the computation.
+ *
+ * This version gives the same results as tainted but also includes
+ * data flow through global variables.
+ *
+ * The parameter `globalVar` is the qualified name of the last global variable
+ * used to move the value from source to tainted. If the taint did not pass
+ * through a global variable, then `globalVar = ""`.
+ */
+cached
+predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) {
+  tainted(source, tainted) and
+  globalVar = ""
+  or
+  exists(
+    ToGlobalVarTaintTrackingCfg toCfg, FromGlobalVarTaintTrackingCfg fromCfg,
+    DataFlow::VariableNode variableNode, GlobalOrNamespaceVariable global, DataFlow::Node sink
+  |
+    global = variableNode.getVariable() and
+    toCfg.hasFlow(getNodeForSource(source), variableNode) and
+    fromCfg.hasFlow(variableNode, sink) and
+    tainted = adjustedSink(sink) and
+    global = globalVarFromId(globalVar)
+  )
+}
+
+/**
+ * Gets the global variable whose qualified name is `id`. Use this predicate
+ * together with `taintedIncludingGlobalVars`. Example:
+ *
+ * ```
+ * exists(string varName |
+ *   taintedIncludingGlobalVars(source, tainted, varName) and
+ *   var = globalVarFromId(varName)
+ * )
+ * ```
+ */
+GlobalOrNamespaceVariable globalVarFromId(string id) { id = result.getQualifiedName() }
+
+/**
+ * Provides definitions for augmenting source/sink pairs with data-flow paths
+ * between them. From a `@kind path-problem` query, import this module in the
+ * global scope, extend `TaintTrackingConfiguration`, and use `taintedWithPath`
+ * in place of `tainted`.
+ *
+ * Importing this module will also import the query predicates that contain the
+ * taint paths.
+ */
+module TaintedWithPath {
+  private newtype TSingleton = MkSingleton()
+
+  /**
+   * A taint-tracking configuration that matches sources and sinks in the same
+   * way as the `tainted` predicate.
+   *
+   * Override `isSink` and `taintThroughGlobals` as needed, but do not provide
+   * a characteristic predicate.
+   */
+  class TaintTrackingConfiguration extends TSingleton {
+    /** Override this to specify which elements are sources in this configuration. */
+    predicate isSource(Expr source) { exists(getNodeForSource(source)) }
+
+    /** Override this to specify which elements are sinks in this configuration. */
+    abstract predicate isSink(Element e);
+
+    /** Override this to specify which expressions are barriers in this configuration. */
+    predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }
+
+    /**
+     * Override this predicate to `any()` to allow taint to flow through global
+     * variables.
+     */
+    predicate taintThroughGlobals() { none() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = "TaintTrackingConfiguration" }
+  }
+
+  private class AdjustedConfiguration extends TaintTracking3::Configuration {
+    AdjustedConfiguration() { this = "AdjustedConfiguration" }
+
+    override predicate isSource(DataFlow::Node source) {
+      exists(TaintTrackingConfiguration cfg, Expr e |
+        cfg.isSource(e) and source = getNodeForExpr(e)
+      )
+    }
+
+    override predicate isSink(DataFlow::Node sink) {
+      exists(TaintTrackingConfiguration cfg | cfg.isSink(adjustedSink(sink)))
+    }
+
+    override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
+      // Steps into and out of global variables
+      exists(TaintTrackingConfiguration cfg | cfg.taintThroughGlobals() |
+        writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable))
+        or
+        readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable))
+      )
+      or
+      additionalTaintStep(n1, n2)
+    }
+
+    override predicate isSanitizer(DataFlow::Node node) {
+      exists(TaintTrackingConfiguration cfg, Expr e | cfg.isBarrier(e) and node = getNodeForExpr(e))
+    }
+
+    override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
+  }
+
+  /*
+   * A sink `Element` may map to multiple `DataFlowX::PathNode`s via (the
+   * inverse of) `adjustedSink`. For example, an `Expr` maps to all its
+   * conversions, and a `Variable` maps to all loads and stores from it. Because
+   * the path node is part of the tuple that constitutes the alert, this leads
+   * to duplicate alerts.
+   *
+   * To avoid showing duplicates, we edit the graph to replace the final node
+   * coming from the data-flow library with a node that matches exactly the
+   * `Element` sink that's requested.
+   *
+   * The same is done for sources.
+   */
+
+  private newtype TPathNode =
+    TWrapPathNode(DataFlow3::PathNode n) or
+    // There's a single newtype constructor for both sources and sinks since
+    // that makes it easiest to deal with the case where source = sink.
+    TEndpointPathNode(Element e) {
+      exists(AdjustedConfiguration cfg, DataFlow3::Node sourceNode, DataFlow3::Node sinkNode |
+        cfg.hasFlow(sourceNode, sinkNode)
+      |
+        sourceNode = getNodeForExpr(e) and
+        exists(TaintTrackingConfiguration ttCfg | ttCfg.isSource(e))
+        or
+        e = adjustedSink(sinkNode) and
+        exists(TaintTrackingConfiguration ttCfg | ttCfg.isSink(e))
+      )
+    }
+
+  /** An opaque type used for the nodes of a data-flow path. */
+  class PathNode extends TPathNode {
+    /** Gets a textual representation of this element. */
+    string toString() { none() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      none()
+    }
+  }
+
+  /**
+   * INTERNAL: Do not use.
+   */
+  module Private {
+    /** Gets a predecessor `PathNode` of `pathNode`, if any. */
+    PathNode getAPredecessor(PathNode pathNode) { edges(result, pathNode) }
+
+    /** Gets the element that `pathNode` wraps, if any. */
+    Element getElementFromPathNode(PathNode pathNode) {
+      exists(DataFlow::Node node | node = pathNode.(WrapPathNode).inner().getNode() |
+        result = node.asInstruction().getAst()
+        or
+        result = node.asOperand().getDef().getAst()
+      )
+      or
+      result = pathNode.(EndpointPathNode).inner()
+    }
+  }
+
+  private class WrapPathNode extends PathNode, TWrapPathNode {
+    DataFlow3::PathNode inner() { this = TWrapPathNode(result) }
+
+    override string toString() { result = this.inner().toString() }
+
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.inner().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+
+  private class EndpointPathNode extends PathNode, TEndpointPathNode {
+    Expr inner() { this = TEndpointPathNode(result) }
+
+    override string toString() { result = this.inner().toString() }
+
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.inner()
+          .getLocation()
+          .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+
+  /** A PathNode whose `Element` is a source. It may also be a sink. */
+  private class InitialPathNode extends EndpointPathNode {
+    InitialPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSource(this.inner())) }
+  }
+
+  /** A PathNode whose `Element` is a sink. It may also be a source. */
+  private class FinalPathNode extends EndpointPathNode {
+    FinalPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSink(this.inner())) }
+  }
+
+  /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
+  query predicate edges(PathNode a, PathNode b) {
+    DataFlow3::PathGraph::edges(a.(WrapPathNode).inner(), b.(WrapPathNode).inner())
+    or
+    // To avoid showing trivial-looking steps, we _replace_ the last node instead
+    // of adding an edge out of it.
+    exists(WrapPathNode sinkNode |
+      DataFlow3::PathGraph::edges(a.(WrapPathNode).inner(), sinkNode.inner()) and
+      b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
+    )
+    or
+    // Same for the first node
+    exists(WrapPathNode sourceNode |
+      DataFlow3::PathGraph::edges(sourceNode.inner(), b.(WrapPathNode).inner()) and
+      sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner())
+    )
+    or
+    // Finally, handle the case where the path goes directly from a source to a
+    // sink, meaning that they both need to be translated.
+    exists(WrapPathNode sinkNode, WrapPathNode sourceNode |
+      DataFlow3::PathGraph::edges(sourceNode.inner(), sinkNode.inner()) and
+      sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner()) and
+      b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
+    )
+  }
+
+  /**
+   * Holds if there is flow from `arg` to `out` across a call that can by summarized by the flow
+   * from `par` to `ret` within it, in the graph of data flow path explanations.
+   */
+  query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+    DataFlow3::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(),
+      ret.(WrapPathNode).inner(), out.(WrapPathNode).inner())
+    or
+    // To avoid showing trivial-looking steps, we _replace_ the last node instead
+    // of adding an edge out of it.
+    exists(WrapPathNode sinkNode |
+      DataFlow3::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(),
+        ret.(WrapPathNode).inner(), sinkNode.inner()) and
+      out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
+    )
+    or
+    // Same for the first node
+    exists(WrapPathNode sourceNode |
+      DataFlow3::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(),
+        ret.(WrapPathNode).inner(), out.(WrapPathNode).inner()) and
+      sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner())
+    )
+    or
+    // Finally, handle the case where the path goes directly from a source to a
+    // sink, meaning that they both need to be translated.
+    exists(WrapPathNode sinkNode, WrapPathNode sourceNode |
+      DataFlow3::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(),
+        ret.(WrapPathNode).inner(), sinkNode.inner()) and
+      sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner()) and
+      out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode())
+    )
+  }
+
+  /** Holds if `n` is a node in the graph of data flow path explanations. */
+  query predicate nodes(PathNode n, string key, string val) {
+    key = "semmle.label" and val = n.toString()
+  }
+
+  /**
+   * Holds if `tainted` may contain taint from `source`, where `sourceNode` and
+   * `sinkNode` are the corresponding `PathNode`s that can be used in a query
+   * to provide path explanations. Extend `TaintTrackingConfiguration` to use
+   * this predicate.
+   *
+   * A tainted expression is either directly user input, or is computed from
+   * user input in a way that users can probably control the exact output of
+   * the computation.
+   */
+  predicate taintedWithPath(Expr source, Element tainted, PathNode sourceNode, PathNode sinkNode) {
+    exists(AdjustedConfiguration cfg, DataFlow3::Node flowSource, DataFlow3::Node flowSink |
+      source = sourceNode.(InitialPathNode).inner() and
+      flowSource = getNodeForExpr(source) and
+      cfg.hasFlow(flowSource, flowSink) and
+      tainted = adjustedSink(flowSink) and
+      tainted = sinkNode.(FinalPathNode).inner()
+    )
+  }
+
+  private predicate isGlobalVariablePathNode(WrapPathNode n) {
+    n.inner().getNode().asVariable() instanceof GlobalOrNamespaceVariable
+  }
+
+  private predicate edgesWithoutGlobals(PathNode a, PathNode b) {
+    edges(a, b) and
+    not isGlobalVariablePathNode(a) and
+    not isGlobalVariablePathNode(b)
+  }
+
+  /**
+   * Holds if `tainted` can be reached from a taint source without passing
+   * through a global variable.
+   */
+  predicate taintedWithoutGlobals(Element tainted) {
+    exists(AdjustedConfiguration cfg, PathNode sourceNode, FinalPathNode sinkNode |
+      cfg.isSource(sourceNode.(WrapPathNode).inner().getNode()) and
+      edgesWithoutGlobals+(sourceNode, sinkNode) and
+      tainted = sinkNode.inner()
+    )
+  }
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll
index 3eed4341cce..1318fd37b7f 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll
@@ -27,7 +27,7 @@ private import implementations.StdString
 private import implementations.Swap
 private import implementations.GetDelim
 private import implementations.SmartPointer
-private import implementations.Sscanf
+private import implementations.Scanf
 private import implementations.Send
 private import implementations.Recv
 private import implementations.Accept
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Fread.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Fread.qll
index df2d92fbc4f..39733167b81 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Fread.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Fread.qll
@@ -15,6 +15,6 @@ private class Fread extends AliasFunction, RemoteFlowSourceFunction {
 
   override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
     output.isParameterDeref(0) and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
   }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/GetDelim.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/GetDelim.qll
index 67950b6e135..6cf642bd4cb 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/GetDelim.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/GetDelim.qll
@@ -36,6 +36,6 @@ private class GetDelimFunction extends TaintFunction, AliasFunction, SideEffectF
 
   override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
     output.isParameterDeref(0) and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
   }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Getenv.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Getenv.qll
index 87e191241d2..256b1a86ed5 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Getenv.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Getenv.qll
@@ -1,15 +1,19 @@
 /**
- * Provides an implementation class modeling the POSIX function `getenv`.
+ * Provides an implementation class modeling the POSIX function `getenv` and
+ * various similar functions.
  */
 
 import cpp
 import semmle.code.cpp.models.interfaces.FlowSource
 
 /**
- * The POSIX function `getenv`.
+ * The POSIX function `getenv`, the GNU function `secure_getenv`, and the
+ * Windows function `_wgetenv`.
  */
 class Getenv extends LocalFlowSourceFunction {
-  Getenv() { this.hasGlobalOrStdOrBslName("getenv") }
+  Getenv() {
+    this.hasGlobalOrStdOrBslName("getenv") or this.hasGlobalName(["secure_getenv", "_wgetenv"])
+  }
 
   override predicate hasLocalFlowSource(FunctionOutput output, string description) {
     (
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
index 67b9307bbe1..b89eb2c1f14 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
@@ -49,10 +49,10 @@ private class FgetsFunction extends DataFlowFunction, TaintFunction, ArrayFuncti
 
   override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
     output.isParameterDeref(0) and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
     or
     output.isReturnValue() and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
   }
 
   override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
@@ -98,10 +98,10 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio
 
   override predicate hasLocalFlowSource(FunctionOutput output, string description) {
     output.isParameterDeref(0) and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
     or
     output.isReturnValue() and
-    description = "String read by " + this.getName()
+    description = "string read by " + this.getName()
   }
 
   override predicate hasArrayWithUnknownSize(int bufParam) { bufParam = 0 }
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
index 397dca69fed..c0c4537b746 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
@@ -1,9 +1,10 @@
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.Alias
 import semmle.code.cpp.models.interfaces.ArrayFunction
+import semmle.code.cpp.models.interfaces.FlowSource
 
 private class InetNtoa extends TaintFunction {
-  InetNtoa() { hasGlobalName("inet_ntoa") }
+  InetNtoa() { this.hasGlobalName("inet_ntoa") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameter(0) and
@@ -12,7 +13,7 @@ private class InetNtoa extends TaintFunction {
 }
 
 private class InetAton extends TaintFunction, ArrayFunction {
-  InetAton() { hasGlobalName("inet_aton") }
+  InetAton() { this.hasGlobalName("inet_aton") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameterDeref(0) and
@@ -32,7 +33,7 @@ private class InetAton extends TaintFunction, ArrayFunction {
 }
 
 private class InetAddr extends TaintFunction, ArrayFunction, AliasFunction {
-  InetAddr() { hasGlobalName("inet_addr") }
+  InetAddr() { this.hasGlobalName("inet_addr") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameterDeref(0) and
@@ -51,7 +52,7 @@ private class InetAddr extends TaintFunction, ArrayFunction, AliasFunction {
 }
 
 private class InetNetwork extends TaintFunction, ArrayFunction {
-  InetNetwork() { hasGlobalName("inet_network") }
+  InetNetwork() { this.hasGlobalName("inet_network") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameterDeref(0) and
@@ -64,7 +65,7 @@ private class InetNetwork extends TaintFunction, ArrayFunction {
 }
 
 private class InetMakeaddr extends TaintFunction {
-  InetMakeaddr() { hasGlobalName("inet_makeaddr") }
+  InetMakeaddr() { this.hasGlobalName("inet_makeaddr") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     (
@@ -76,7 +77,7 @@ private class InetMakeaddr extends TaintFunction {
 }
 
 private class InetLnaof extends TaintFunction {
-  InetLnaof() { hasGlobalName("inet_lnaof") }
+  InetLnaof() { this.hasGlobalName("inet_lnaof") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameter(0) and
@@ -85,7 +86,7 @@ private class InetLnaof extends TaintFunction {
 }
 
 private class InetNetof extends TaintFunction {
-  InetNetof() { hasGlobalName("inet_netof") }
+  InetNetof() { this.hasGlobalName("inet_netof") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameter(0) and
@@ -94,7 +95,7 @@ private class InetNetof extends TaintFunction {
 }
 
 private class InetPton extends TaintFunction, ArrayFunction {
-  InetPton() { hasGlobalName("inet_pton") }
+  InetPton() { this.hasGlobalName("inet_pton") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     (
@@ -114,7 +115,7 @@ private class InetPton extends TaintFunction, ArrayFunction {
 }
 
 private class Gethostbyname extends TaintFunction, ArrayFunction {
-  Gethostbyname() { hasGlobalName("gethostbyname") }
+  Gethostbyname() { this.hasGlobalName("gethostbyname") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameterDeref(0) and
@@ -127,7 +128,7 @@ private class Gethostbyname extends TaintFunction, ArrayFunction {
 }
 
 private class Gethostbyaddr extends TaintFunction, ArrayFunction {
-  Gethostbyaddr() { hasGlobalName("gethostbyaddr") }
+  Gethostbyaddr() { this.hasGlobalName("gethostbyaddr") }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     (
@@ -142,3 +143,21 @@ private class Gethostbyaddr extends TaintFunction, ArrayFunction {
 
   override predicate hasArrayWithNullTerminator(int bufParam) { bufParam = 0 }
 }
+
+private class Getaddrinfo extends TaintFunction, ArrayFunction, RemoteFlowSourceFunction {
+  Getaddrinfo() { this.hasGlobalName("getaddrinfo") }
+
+  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+    input.isParameterDeref([0 .. 2]) and
+    output.isParameterDeref(3)
+  }
+
+  override predicate hasArrayInput(int bufParam) { bufParam in [0, 1] }
+
+  override predicate hasArrayWithNullTerminator(int bufParam) { bufParam in [0, 1] }
+
+  override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
+    output.isParameterDeref(3) and
+    description = "address returned by " + this.getName()
+  }
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Iterator.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Iterator.qll
index 2fa9803d053..599b2c47e22 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Iterator.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Iterator.qll
@@ -31,7 +31,17 @@ private class IteratorTraits extends Class {
  * `std::iterator_traits` instantiation for it.
  */
 private class IteratorByTraits extends Iterator {
-  IteratorByTraits() { exists(IteratorTraits it | it.getIteratorType() = this) }
+  IteratorTraits trait;
+
+  IteratorByTraits() { trait.getIteratorType() = this }
+
+  override Type getValueType() {
+    exists(TypedefType t |
+      trait.getAMember() = t and
+      t.getName() = "value_type" and
+      result = t.getUnderlyingType()
+    )
+  }
 }
 
 /**
@@ -42,20 +52,27 @@ private class IteratorByTraits extends Iterator {
  */
 private class IteratorByPointer extends Iterator instanceof PointerType {
   IteratorByPointer() { not this instanceof IteratorByTraits }
+
+  override Type getValueType() { result = super.getBaseType() }
 }
 
 /**
  * A type which has the typedefs expected for an iterator.
  */
 private class IteratorByTypedefs extends Iterator, Class {
+  TypedefType valueType;
+
   IteratorByTypedefs() {
     this.getAMember().(TypedefType).hasName("difference_type") and
-    this.getAMember().(TypedefType).hasName("value_type") and
+    valueType = this.getAMember() and
+    valueType.hasName("value_type") and
     this.getAMember().(TypedefType).hasName("pointer") and
     this.getAMember().(TypedefType).hasName("reference") and
     this.getAMember().(TypedefType).hasName("iterator_category") and
     not this.hasQualifiedName(["std", "bsl"], "iterator_traits")
   }
+
+  override Type getValueType() { result = valueType.getUnderlyingType() }
 }
 
 /**
@@ -63,6 +80,8 @@ private class IteratorByTypedefs extends Iterator, Class {
  */
 private class StdIterator extends Iterator, Class {
   StdIterator() { this.hasQualifiedName(["std", "bsl"], "iterator") }
+
+  override Type getValueType() { result = this.getTemplateArgument(1).(Type).getUnderlyingType() }
 }
 
 /**
@@ -166,12 +185,15 @@ private class IteratorSubOperator extends Operator, TaintFunction {
 /**
  * A non-member `operator+=` or `operator-=` function for an iterator type.
  */
-private class IteratorAssignArithmeticOperator extends Operator, DataFlowFunction, TaintFunction {
+class IteratorAssignArithmeticOperator extends Operator {
   IteratorAssignArithmeticOperator() {
     this.hasName(["operator+=", "operator-="]) and
     exists(getIteratorArgumentInput(this, 0))
   }
+}
 
+private class IteratorAssignArithmeticOperatorModel extends IteratorAssignArithmeticOperator,
+  DataFlowFunction, TaintFunction {
   override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
     input.isParameter(0) and
     output.isReturnValue()
@@ -210,11 +232,14 @@ class IteratorPointerDereferenceMemberOperator extends MemberFunction, TaintFunc
 /**
  * An `operator++` or `operator--` member function for an iterator type.
  */
-private class IteratorCrementMemberOperator extends MemberFunction, DataFlowFunction, TaintFunction {
+class IteratorCrementMemberOperator extends MemberFunction {
   IteratorCrementMemberOperator() {
     this.getClassAndName(["operator++", "operator--"]) instanceof Iterator
   }
+}
 
+private class IteratorCrementMemberOperatorModel extends IteratorCrementMemberOperator,
+  DataFlowFunction, TaintFunction {
   override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
     input.isQualifierAddress() and
     output.isReturnValue()
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Recv.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Recv.qll
index 0551185ba14..6a4dd524b86 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Recv.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Recv.qll
@@ -83,7 +83,7 @@ private class Recv extends AliasFunction, ArrayFunction, SideEffectFunction,
       or
       this.hasGlobalName("recvfrom") and output.isParameterDeref([4, 5])
     ) and
-    description = "Buffer read by " + this.getName()
+    description = "buffer read by " + this.getName()
   }
 
   override predicate hasSocketInput(FunctionInput input) { input.isParameter(0) }
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Sscanf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll
similarity index 57%
rename from cpp/ql/lib/semmle/code/cpp/models/implementations/Sscanf.qll
rename to cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll
index 42166ae9baa..9a9e02611f8 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Sscanf.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll
@@ -1,6 +1,6 @@
 /**
- * Provides implementation classes modeling `sscanf`, `fscanf` and various similar
- * functions. See `semmle.code.cpp.models.Models` for usage information.
+ * Provides implementation classes modeling the `scanf` family of functions.
+ * See `semmle.code.cpp.models.Models` for usage information.
  */
 
 import semmle.code.cpp.Function
@@ -9,18 +9,15 @@ import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.Alias
 import semmle.code.cpp.models.interfaces.SideEffect
+import semmle.code.cpp.models.interfaces.FlowSource
 
 /**
- * The standard function `sscanf`, `fscanf` and its assorted variants
+ * The `scanf` family of functions.
  */
-private class SscanfModel extends ArrayFunction, TaintFunction, AliasFunction, SideEffectFunction {
-  SscanfModel() { this instanceof Sscanf or this instanceof Fscanf or this instanceof Snscanf }
-
+abstract private class ScanfFunctionModel extends ArrayFunction, TaintFunction, AliasFunction,
+  SideEffectFunction {
   override predicate hasArrayWithNullTerminator(int bufParam) {
     bufParam = this.(ScanfFunction).getFormatParameterIndex()
-    or
-    not this instanceof Fscanf and
-    bufParam = this.(ScanfFunction).getInputParameterIndex()
   }
 
   override predicate hasArrayInput(int bufParam) { this.hasArrayWithNullTerminator(bufParam) }
@@ -36,7 +33,7 @@ private class SscanfModel extends ArrayFunction, TaintFunction, AliasFunction, S
     )
   }
 
-  private int getArgsStartPosition() { result = this.getNumberOfParameters() }
+  int getArgsStartPosition() { result = this.getNumberOfParameters() }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     input.isParameterDeref(this.(ScanfFunction).getInputParameterIndex()) and
@@ -70,3 +67,36 @@ private class SscanfModel extends ArrayFunction, TaintFunction, AliasFunction, S
       ]
   }
 }
+
+/**
+ * The standard function `scanf` and its assorted variants
+ */
+private class ScanfModel extends ScanfFunctionModel, LocalFlowSourceFunction instanceof Scanf {
+  override predicate hasLocalFlowSource(FunctionOutput output, string description) {
+    output.isParameterDeref(any(int i | i >= this.getArgsStartPosition())) and
+    description = "value read by " + this.getName()
+  }
+}
+
+/**
+ * The standard function `fscanf` and its assorted variants
+ */
+private class FscanfModel extends ScanfFunctionModel, RemoteFlowSourceFunction instanceof Fscanf {
+  override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
+    output.isParameterDeref(any(int i | i >= this.getArgsStartPosition())) and
+    description = "value read by " + this.getName()
+  }
+}
+
+/**
+ * The standard function `sscanf` and its assorted variants
+ */
+private class SscanfModel extends ScanfFunctionModel {
+  SscanfModel() { this instanceof Sscanf or this instanceof Snscanf }
+
+  override predicate hasArrayWithNullTerminator(int bufParam) {
+    super.hasArrayWithNullTerminator(bufParam)
+    or
+    bufParam = this.(ScanfFunction).getInputParameterIndex()
+  }
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Send.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Send.qll
index d871bad68af..16047b21183 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Send.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Send.qll
@@ -58,7 +58,7 @@ private class Send extends AliasFunction, ArrayFunction, SideEffectFunction, Rem
   override ParameterIndex getParameterSizeIndex(ParameterIndex i) { i = 1 and result = 2 }
 
   override predicate hasRemoteFlowSink(FunctionInput input, string description) {
-    input.isParameterDeref(1) and description = "Buffer sent by " + this.getName()
+    input.isParameterDeref(1) and description = "buffer sent by " + this.getName()
   }
 
   override predicate hasSocketInput(FunctionInput input) { input.isParameter(0) }
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/StdContainer.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/StdContainer.qll
index 8c531891bcd..9d74f4ac051 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/StdContainer.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/StdContainer.qll
@@ -5,38 +5,53 @@
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.Iterator
 
+/**
+ * A sequence container template class (for example, `std::vector`) from the
+ * standard library.
+ */
+abstract class StdSequenceContainer extends Class {
+  Type getElementType() { result = this.getTemplateArgument(0) }
+}
+
 /**
  * The `std::array` template class.
  */
-private class Array extends Class {
+private class Array extends StdSequenceContainer {
   Array() { this.hasQualifiedName(["std", "bsl"], "array") }
 }
 
+/**
+ * The `std::string` template class.
+ */
+private class String extends StdSequenceContainer {
+  String() { this.hasQualifiedName(["std", "bsl"], "basic_string") }
+}
+
 /**
  * The `std::deque` template class.
  */
-private class Deque extends Class {
+private class Deque extends StdSequenceContainer {
   Deque() { this.hasQualifiedName(["std", "bsl"], "deque") }
 }
 
 /**
  * The `std::forward_list` template class.
  */
-private class ForwardList extends Class {
+private class ForwardList extends StdSequenceContainer {
   ForwardList() { this.hasQualifiedName(["std", "bsl"], "forward_list") }
 }
 
 /**
  * The `std::list` template class.
  */
-private class List extends Class {
+private class List extends StdSequenceContainer {
   List() { this.hasQualifiedName(["std", "bsl"], "list") }
 }
 
 /**
  * The `std::vector` template class.
  */
-private class Vector extends Class {
+private class Vector extends StdSequenceContainer {
   Vector() { this.hasQualifiedName(["std", "bsl"], "vector") }
 }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/StdString.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/StdString.qll
index 3d2eda59799..b1534a585a1 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/StdString.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/StdString.qll
@@ -16,21 +16,32 @@ private class StdBasicString extends ClassTemplateInstantiation {
 }
 
 /**
- * Additional model for `std::string` constructors that reference the character
- * type of the container, or an iterator.  For example construction from
- * iterators:
- * ```
- * std::string b(a.begin(), a.end());
- * ```
+ * The `std::basic_string::iterator` declaration.
+ *
+ * Intuitively, this class shouldn't be necessary as it's already captured
+ * by the `StdIterator` class. However, this class ensures that the typedef inside the
+ * body of the `std::string` class is also seen as an iterator.
+ *
+ * Eventually, we should be consistent about which of the following should be recognized as iterators:
+ * 1. The typedef type.
+ * 2. The template class of the resolved type.
+ * 3. Any instantiation of the resolved type.
  */
-private class StdStringConstructor extends Constructor, TaintFunction {
-  StdStringConstructor() { this.getDeclaringType() instanceof StdBasicString }
+private class StdBasicStringIterator extends Iterator, Type {
+  StdBasicStringIterator() {
+    this.getEnclosingElement() instanceof StdBasicString and this.hasName("iterator")
+  }
+}
 
+/**
+ * A `std::string` function for which taint should be propagated.
+ */
+abstract private class StdStringTaintFunction extends TaintFunction {
   /**
    * Gets the index of a parameter to this function that is a string (or
    * character).
    */
-  int getAStringParameterIndex() {
+  final int getAStringParameterIndex() {
     exists(Type paramType | paramType = this.getParameter(result).getUnspecifiedType() |
       // e.g. `std::basic_string::CharT *`
       paramType instanceof PointerType
@@ -41,15 +52,28 @@ private class StdStringConstructor extends Constructor, TaintFunction {
         this.getDeclaringType().getTemplateArgument(2).(Type).getUnspecifiedType()
       or
       // i.e. `std::basic_string::CharT`
-      this.getParameter(result).getUnspecifiedType() =
-        this.getDeclaringType().getTemplateArgument(0).(Type).getUnspecifiedType()
+      paramType = this.getDeclaringType().getTemplateArgument(0).(Type).getUnspecifiedType()
     )
   }
 
   /**
    * Gets the index of a parameter to this function that is an iterator.
    */
-  int getAnIteratorParameterIndex() { this.getParameter(result).getType() instanceof Iterator }
+  final int getAnIteratorParameterIndex() {
+    this.getParameter(result).getType() instanceof Iterator
+  }
+}
+
+/**
+ * Additional model for `std::string` constructors that reference the character
+ * type of the container, or an iterator.  For example construction from
+ * iterators:
+ * ```
+ * std::string b(a.begin(), a.end());
+ * ```
+ */
+private class StdStringConstructor extends Constructor, StdStringTaintFunction {
+  StdStringConstructor() { this.getDeclaringType() instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     // taint flow from any parameter of the value type to the returned object
@@ -68,7 +92,7 @@ private class StdStringConstructor extends Constructor, TaintFunction {
 /**
  * The `std::string` function `c_str`.
  */
-private class StdStringCStr extends TaintFunction {
+private class StdStringCStr extends StdStringTaintFunction {
   StdStringCStr() { this.getClassAndName("c_str") instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -81,7 +105,7 @@ private class StdStringCStr extends TaintFunction {
 /**
  * The `std::string` function `data`.
  */
-private class StdStringData extends TaintFunction {
+private class StdStringData extends StdStringTaintFunction {
   StdStringData() { this.getClassAndName("data") instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -99,7 +123,7 @@ private class StdStringData extends TaintFunction {
 /**
  * The `std::string` function `push_back`.
  */
-private class StdStringPush extends TaintFunction {
+private class StdStringPush extends StdStringTaintFunction {
   StdStringPush() { this.getClassAndName("push_back") instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -112,7 +136,7 @@ private class StdStringPush extends TaintFunction {
 /**
  * The `std::string` functions `front` and `back`.
  */
-private class StdStringFrontBack extends TaintFunction {
+private class StdStringFrontBack extends StdStringTaintFunction {
   StdStringFrontBack() { this.getClassAndName(["front", "back"]) instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -125,7 +149,7 @@ private class StdStringFrontBack extends TaintFunction {
 /**
  * The (non-member) `std::string` function `operator+`.
  */
-private class StdStringPlus extends TaintFunction {
+private class StdStringPlus extends StdStringTaintFunction {
   StdStringPlus() {
     this.hasQualifiedName(["std", "bsl"], "operator+") and
     this.getUnspecifiedType() instanceof StdBasicString
@@ -142,31 +166,15 @@ private class StdStringPlus extends TaintFunction {
 }
 
 /**
- * The `std::string` functions `operator+=`, `append`, `insert` and
- * `replace`. All of these functions combine the existing string
- * with a new string (or character) from one of the arguments.
+ * The `std::string` functions `operator+=`, `append` and `replace`.
+ * All of these functions combine the existing string with a new
+ * string (or character) from one of the arguments.
  */
-private class StdStringAppend extends TaintFunction {
+private class StdStringAppend extends StdStringTaintFunction {
   StdStringAppend() {
-    this.getClassAndName(["operator+=", "append", "insert", "replace"]) instanceof StdBasicString
+    this.getClassAndName(["operator+=", "append", "replace"]) instanceof StdBasicString
   }
 
-  /**
-   * Gets the index of a parameter to this function that is a string (or
-   * character).
-   */
-  int getAStringParameterIndex() {
-    this.getParameter(result).getType() instanceof PointerType or // e.g. `std::basic_string::CharT *`
-    this.getParameter(result).getType() instanceof ReferenceType or // e.g. `std::basic_string &`
-    this.getParameter(result).getUnspecifiedType() =
-      this.getDeclaringType().getTemplateArgument(0).(Type).getUnspecifiedType() // i.e. `std::basic_string::CharT`
-  }
-
-  /**
-   * Gets the index of a parameter to this function that is an iterator.
-   */
-  int getAnIteratorParameterIndex() { this.getParameter(result).getType() instanceof Iterator }
-
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     // flow from string and parameter to string (qualifier) and return value
     (
@@ -186,28 +194,44 @@ private class StdStringAppend extends TaintFunction {
   }
 }
 
+/**
+ * The `std::string` function `insert`.
+ */
+private class StdStringInsert extends StdStringTaintFunction {
+  StdStringInsert() { this.getClassAndName("insert") instanceof StdBasicString }
+
+  /**
+   * Holds if the return type is an iterator.
+   */
+  predicate hasIteratorReturnValue() { this.getType() instanceof Iterator }
+
+  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+    // flow from string and parameter to string (qualifier) and return value
+    (
+      input.isQualifierObject() or
+      input.isParameterDeref(this.getAStringParameterIndex()) or
+      input.isParameter(this.getAnIteratorParameterIndex())
+    ) and
+    (
+      output.isQualifierObject()
+      or
+      if this.hasIteratorReturnValue() then output.isReturnValue() else output.isReturnValueDeref()
+    )
+    or
+    // reverse flow from returned reference to the qualifier (for writes to
+    // the result)
+    not this.hasIteratorReturnValue() and
+    input.isReturnValueDeref() and
+    output.isQualifierObject()
+  }
+}
+
 /**
  * The standard function `std::string.assign`.
  */
-private class StdStringAssign extends TaintFunction {
+private class StdStringAssign extends StdStringTaintFunction {
   StdStringAssign() { this.getClassAndName("assign") instanceof StdBasicString }
 
-  /**
-   * Gets the index of a parameter to this function that is a string (or
-   * character).
-   */
-  int getAStringParameterIndex() {
-    this.getParameter(result).getType() instanceof PointerType or // e.g. `std::basic_string::CharT *`
-    this.getParameter(result).getType() instanceof ReferenceType or // e.g. `std::basic_string &`
-    this.getParameter(result).getUnspecifiedType() =
-      this.getDeclaringType().getTemplateArgument(0).(Type).getUnspecifiedType() // i.e. `std::basic_string::CharT`
-  }
-
-  /**
-   * Gets the index of a parameter to this function that is an iterator.
-   */
-  int getAnIteratorParameterIndex() { this.getParameter(result).getType() instanceof Iterator }
-
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     // flow from parameter to string itself (qualifier) and return value
     (
@@ -229,7 +253,7 @@ private class StdStringAssign extends TaintFunction {
 /**
  * The standard function `std::string.copy`.
  */
-private class StdStringCopy extends TaintFunction {
+private class StdStringCopy extends StdStringTaintFunction {
   StdStringCopy() { this.getClassAndName("copy") instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -242,7 +266,7 @@ private class StdStringCopy extends TaintFunction {
 /**
  * The standard function `std::string.substr`.
  */
-private class StdStringSubstr extends TaintFunction {
+private class StdStringSubstr extends StdStringTaintFunction {
   StdStringSubstr() { this.getClassAndName("substr") instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -255,7 +279,7 @@ private class StdStringSubstr extends TaintFunction {
 /**
  * The `std::string` functions `at` and `operator[]`.
  */
-private class StdStringAt extends TaintFunction {
+private class StdStringAt extends StdStringTaintFunction {
   StdStringAt() { this.getClassAndName(["at", "operator[]"]) instanceof StdBasicString }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll
index 00281f0f756..38a3ce235fb 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll
@@ -11,38 +11,6 @@
 import semmle.code.cpp.Function
 import semmle.code.cpp.models.Models
 
-/**
- * An allocation function such as `malloc`.
- */
-abstract class AllocationFunction extends Function {
-  /**
-   * Gets the index of the argument for the allocation size, if any. The actual
-   * allocation size is the value of this argument multiplied by the result of
-   * `getSizeMult()`, in bytes.
-   */
-  int getSizeArg() { none() }
-
-  /**
-   * Gets the index of an argument that multiplies the allocation size given by
-   * `getSizeArg`, if any.
-   */
-  int getSizeMult() { none() }
-
-  /**
-   * Gets the index of the input pointer argument to be reallocated, if this
-   * is a `realloc` function.
-   */
-  int getReallocPtrArg() { none() }
-
-  /**
-   * Whether or not this allocation requires a corresponding deallocation of
-   * some sort (most do, but `alloca` for example does not).  If it is unclear,
-   * we default to no (for example a placement `new` allocation may or may not
-   * require a corresponding `delete`).
-   */
-  predicate requiresDealloc() { any() }
-}
-
 /**
  * An allocation expression such as call to `malloc` or a `new` expression.
  */
@@ -86,6 +54,41 @@ abstract class AllocationExpr extends Expr {
   predicate requiresDealloc() { any() }
 }
 
+/**
+ * An allocation function such as `malloc`.
+ *
+ * Note: `AllocationExpr` includes calls to allocation functions, so prefer
+ * to use that class unless you specifically need to reason about functions.
+ */
+abstract class AllocationFunction extends Function {
+  /**
+   * Gets the index of the argument for the allocation size, if any. The actual
+   * allocation size is the value of this argument multiplied by the result of
+   * `getSizeMult()`, in bytes.
+   */
+  int getSizeArg() { none() }
+
+  /**
+   * Gets the index of an argument that multiplies the allocation size given by
+   * `getSizeArg`, if any.
+   */
+  int getSizeMult() { none() }
+
+  /**
+   * Gets the index of the input pointer argument to be reallocated, if this
+   * is a `realloc` function.
+   */
+  int getReallocPtrArg() { none() }
+
+  /**
+   * Whether or not this allocation requires a corresponding deallocation of
+   * some sort (most do, but `alloca` for example does not).  If it is unclear,
+   * we default to no (for example a placement `new` allocation may or may not
+   * require a corresponding `delete`).
+   */
+  predicate requiresDealloc() { any() }
+}
+
 /**
  * An `operator new` or `operator new[]` function that may be associated with
  * `new` or `new[]` expressions.  Note that `new` and `new[]` are not function
diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll
index 9c74102e99c..569caebe36f 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll
@@ -11,16 +11,6 @@
 import semmle.code.cpp.Function
 import semmle.code.cpp.models.Models
 
-/**
- * A deallocation function such as `free`.
- */
-abstract class DeallocationFunction extends Function {
-  /**
-   * Gets the index of the argument that is freed by this function.
-   */
-  int getFreedArg() { none() }
-}
-
 /**
  * An deallocation expression such as call to `free` or a `delete` expression.
  */
@@ -31,6 +21,19 @@ abstract class DeallocationExpr extends Expr {
   Expr getFreedExpr() { none() }
 }
 
+/**
+ * A deallocation function such as `free`.
+ *
+ * Note: `DeallocationExpr` includes calls to deallocation functions, so prefer
+ * to use that class unless you specifically need to reason about functions.
+ */
+abstract class DeallocationFunction extends Function {
+  /**
+   * Gets the index of the argument that is freed by this function.
+   */
+  int getFreedArg() { none() }
+}
+
 /**
  * An `operator delete` or `operator delete[]` function that may be associated
  * with `delete` or `delete[]` expressions.  Note that `delete` and `delete[]`
diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Iterator.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Iterator.qll
index 9a260a33255..d5d2b6ffe81 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Iterator.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Iterator.qll
@@ -29,5 +29,17 @@ abstract class GetIteratorFunction extends Function {
 
 /**
  * A type which can be used as an iterator.
+ *
+ * Note: Do _not_ `extend` when inheriting from this class in queries. Always use `instanceof`:
+ * ```
+ * class MyIterator instanceof Iterator { ... }
+ * ```
  */
-abstract class Iterator extends Type { }
+abstract class Iterator extends Type {
+  /**
+   * Gets the value type of this iterator, if any.
+   *
+   * For example, the value type of a `std::vector<int>::iterator` is `int`.
+   */
+  Type getValueType() { none() }
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
index d2c90a38075..8bc059da506 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
@@ -89,9 +89,9 @@ private class LocalParameterSource extends LocalFlowSource {
 
 private class ArgvSource extends LocalFlowSource {
   ArgvSource() {
-    exists(Parameter argv |
-      argv.hasName("argv") and
-      argv.getFunction().hasGlobalName("main") and
+    exists(Function main, Parameter argv |
+      main.hasGlobalName("main") and
+      main.getParameter(1) = argv and
       this.asExpr() = argv.getAnAccess()
     )
   }
diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll
index 5b8f221f73a..49ef4137aa1 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * Support for tracking tainted data through the program. This is an alias for
  * `semmle.code.cpp.ir.dataflow.DefaultTaintTracking` provided for backwards
  * compatibility.
diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll
index 532cf53e2d4..4d64edc2670 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll
@@ -121,7 +121,9 @@ private predicate moveToDependingOnSide(Expr src, Expr dest) {
  *   (this is done to avoid false positives). Because of this we need to track if the tainted element came from an argument
  *   or not, and for that we use destFromArg
  */
-private predicate betweenFunctionsValueMoveTo(Element src, Element dest, boolean destFromArg) {
+deprecated private predicate betweenFunctionsValueMoveTo(
+  Element src, Element dest, boolean destFromArg
+) {
   not unreachable(src) and
   not unreachable(dest) and
   (
@@ -162,13 +164,13 @@ private predicate betweenFunctionsValueMoveTo(Element src, Element dest, boolean
 // predicate folding for proper join-order
 // bad magic: pushes down predicate that ruins join-order
 pragma[nomagic]
-private predicate resolveCallWithParam(Call call, Function called, int i, Parameter p) {
+deprecated private predicate resolveCallWithParam(Call call, Function called, int i, Parameter p) {
   called = resolveCall(call) and
   p = called.getParameter(i)
 }
 
 /** A variable for which flow through is allowed. */
-library class FlowVariable extends Variable {
+deprecated library class FlowVariable extends Variable {
   FlowVariable() {
     (
       this instanceof LocalScopeVariable or
@@ -179,11 +181,11 @@ library class FlowVariable extends Variable {
 }
 
 /** A local scope variable for which flow through is allowed. */
-library class FlowLocalScopeVariable extends Variable {
+deprecated library class FlowLocalScopeVariable extends Variable {
   FlowLocalScopeVariable() { this instanceof LocalScopeVariable }
 }
 
-private predicate insideFunctionValueMoveTo(Element src, Element dest) {
+deprecated private predicate insideFunctionValueMoveTo(Element src, Element dest) {
   not unreachable(src) and
   not unreachable(dest) and
   (
@@ -324,7 +326,7 @@ private predicate unionAccess(Variable v, Field f, FieldAccess a) {
   a.getQualifier() = v.getAnAccess()
 }
 
-GlobalOrNamespaceVariable globalVarFromId(string id) {
+deprecated GlobalOrNamespaceVariable globalVarFromId(string id) {
   if result instanceof NamespaceVariable
   then id = result.getNamespace() + "::" + result.getName()
   else id = result.getName()
@@ -353,7 +355,7 @@ private predicate hasUpperBoundsCheck(Variable var) {
 }
 
 cached
-private predicate taintedWithArgsAndGlobalVars(
+deprecated private predicate taintedWithArgsAndGlobalVars(
   Element src, Element dest, boolean destFromArg, string globalVar
 ) {
   isUserInput(src, _) and
@@ -395,7 +397,7 @@ private predicate taintedWithArgsAndGlobalVars(
  * This doesn't include data flow through global variables.
  * If you need that you must call taintedIncludingGlobalVars.
  */
-predicate tainted(Expr source, Element tainted) {
+deprecated predicate tainted(Expr source, Element tainted) {
   taintedWithArgsAndGlobalVars(source, tainted, _, "")
 }
 
@@ -410,7 +412,7 @@ predicate tainted(Expr source, Element tainted) {
  * The parameter `globalVar` is the name of the last global variable used to move the
  * value from source to tainted.
  */
-predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) {
+deprecated predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) {
   taintedWithArgsAndGlobalVars(source, tainted, _, globalVar)
 }
 
@@ -541,14 +543,14 @@ private predicate returnArgument(Function f, int sourceArg) {
  * targets a virtual method, simple data flow analysis is performed
  * in order to identify target(s).
  */
-Function resolveCall(Call call) {
+deprecated Function resolveCall(Call call) {
   result = call.getTarget()
   or
   result = call.(DataSensitiveCallExpr).resolve()
 }
 
 /** A data sensitive call expression. */
-abstract library class DataSensitiveCallExpr extends Expr {
+abstract deprecated library class DataSensitiveCallExpr extends Expr {
   DataSensitiveCallExpr() { not unreachable(this) }
 
   abstract Expr getSrc();
@@ -579,7 +581,7 @@ abstract library class DataSensitiveCallExpr extends Expr {
 }
 
 /** Call through a function pointer. */
-library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall {
+deprecated library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall {
   override Expr getSrc() { result = getExpr() }
 
   override Function resolve() {
@@ -588,7 +590,8 @@ library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall {
 }
 
 /** Call to a virtual function. */
-library class DataSensitiveOverriddenFunctionCall extends DataSensitiveCallExpr, FunctionCall {
+deprecated library class DataSensitiveOverriddenFunctionCall extends DataSensitiveCallExpr,
+  FunctionCall {
   DataSensitiveOverriddenFunctionCall() {
     exists(getTarget().(VirtualFunction).getAnOverridingFunction())
   }
diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
index 7dd55dbfde3..10e3d3ba1c2 100644
--- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
@@ -1,4 +1,8 @@
 /**
+ * DEPRECATED: This library has been replaced with a newer version which
+ * provides better performance and precision. Use
+ * `semmle.code.cpp.valuenumbering.GlobalValueNumbering` instead.
+ *
  * Provides an implementation of Global Value Numbering.
  * See https://en.wikipedia.org/wiki/Global_value_numbering
  *
@@ -221,7 +225,7 @@ private newtype GvnBase =
  * expression with this `GVN` and using its `toString` and `getLocation`
  * methods.
  */
-class GVN extends GvnBase {
+deprecated class GVN extends GvnBase {
   GVN() { this instanceof GvnBase }
 
   /** Gets an expression that has this GVN. */
@@ -503,7 +507,7 @@ private predicate mk_Deref(GVN p, ControlFlowNode dominator, PointerDereferenceE
 
 /** Gets the global value number of expression `e`. */
 cached
-GVN globalValueNumber(Expr e) {
+deprecated GVN globalValueNumber(Expr e) {
   exists(int val, Type t |
     mk_IntConst(val, t, e) and
     result = GVN_IntConst(val, t)
diff --git a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
index c8bf3842773..b0ce7fcce6d 100644
--- a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql	
+++ b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql	
@@ -15,6 +15,7 @@
 
 import cpp
 
+pragma[nomagic]
 predicate beforeArrayAccess(Variable v, ArrayExpr access, Expr before) {
   exists(LogicalAndExpr andexpr |
     access.getArrayOffset() = v.getAnAccess() and
@@ -23,6 +24,7 @@ predicate beforeArrayAccess(Variable v, ArrayExpr access, Expr before) {
   )
 }
 
+pragma[nomagic]
 predicate afterArrayAccess(Variable v, ArrayExpr access, Expr after) {
   exists(LogicalAndExpr andexpr |
     access.getArrayOffset() = v.getAnAccess() and
diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
index f32f416b540..5cfd60bc84c 100644
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+No user-facing changes.
+
 ## 0.4.3
 
 ### Minor Analysis Improvements
diff --git a/cpp/ql/src/Critical/MissingCheckScanf.ql b/cpp/ql/src/Critical/MissingCheckScanf.ql
index cdb48099818..29f1c2b07ad 100644
--- a/cpp/ql/src/Critical/MissingCheckScanf.ql
+++ b/cpp/ql/src/Critical/MissingCheckScanf.ql
@@ -115,7 +115,8 @@ BasicBlock blockGuardedBy(int value, string op, ScanfFunctionCall call) {
 from ScanfOutput output, ScanfFunctionCall call, Access access
 where
   output.getCall() = call and
-  output.hasGuardedAccess(access, false)
+  output.hasGuardedAccess(access, false) and
+  not exists(DeallocationExpr dealloc | dealloc.getFreedExpr() = access)
 select access,
   "This variable is read, but may not have been written. " +
     "It should be guarded by a check that the $@ returns at least " +
diff --git a/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql b/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql
index e9c619167de..1e5fed2bfb7 100644
--- a/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql	
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql	
@@ -66,9 +66,7 @@ class ElseDirective extends Directive {
   override predicate mismatched() { depth() < 1 }
 }
 
-class EndifDirective extends Directive {
-  EndifDirective() { this instanceof PreprocessorEndif }
-
+class EndifDirective extends Directive instanceof PreprocessorEndif {
   override int depthChange() { result = -1 }
 
   override predicate mismatched() { depth() < 0 }
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
index 26c8ae4c258..af4bd8c61a3 100644
--- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
+++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
@@ -26,11 +26,11 @@ predicate intentionallyReturnsStackPointer(Function f) {
 class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
   ReturnStackAllocatedMemoryConfig() { this = "ReturnStackAllocatedMemoryConfig" }
 
-  override predicate isSource(DataFlow::Node source) {
+  override predicate isSource(Instruction source) {
     // Holds if `source` is a node that represents the use of a stack variable
     exists(VariableAddressInstruction var, Function func |
-      var = source.asInstruction() and
-      func = var.getEnclosingFunction() and
+      var = source and
+      func = source.getEnclosingFunction() and
       var.getAstVariable() instanceof StackVariable and
       // Pointer-to-member types aren't properly handled in the dbscheme.
       not var.getResultType() instanceof PointerToMemberType and
@@ -40,7 +40,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  override predicate isSink(Operand sink) {
     // Holds if `sink` is a node that represents the `StoreInstruction` that is subsequently used in
     // a `ReturnValueInstruction`.
     // We use the `StoreInstruction` instead of the instruction that defines the
@@ -48,7 +48,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
     exists(StoreInstruction store |
       store.getDestinationAddress().(VariableAddressInstruction).getIRVariable() instanceof
         IRReturnVariable and
-      sink.asOperand() = store.getSourceValueOperand()
+      sink = store.getSourceValueOperand()
     )
   }
 
@@ -77,10 +77,10 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
    * }
    * ```
    */
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node2.asInstruction().(FieldAddressInstruction).getObjectAddressOperand() = node1.asOperand()
+  override predicate isAdditionalFlowStep(Operand node1, Instruction node2) {
+    node2.(FieldAddressInstruction).getObjectAddressOperand() = node1
     or
-    node2.asInstruction().(PointerOffsetInstruction).getLeftOperand() = node1.asOperand()
+    node2.(PointerOffsetInstruction).getLeftOperand() = node1
   }
 }
 
@@ -89,6 +89,6 @@ from
   ReturnStackAllocatedMemoryConfig conf
 where
   conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
-  source.getNode().asInstruction() = var
-select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
-  var.getAst().toString()
+  source.getInstruction() = var
+select sink.getInstruction(), source, sink, "May return stack-allocated memory from $@.",
+  var.getAst(), var.getAst().toString()
diff --git a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
index db1816f7a72..bb62cfc1755 100644
--- a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql	
+++ b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql	
@@ -22,37 +22,40 @@ import PathGraph
 class UnsafeUseOfThisConfig extends MustFlowConfiguration {
   UnsafeUseOfThisConfig() { this = "UnsafeUseOfThisConfig" }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _, _) }
+  override predicate isSource(Instruction source) { isSource(source, _, _) }
 
-  override predicate isSink(DataFlow::Node sink) { isSink(sink, _) }
+  override predicate isSink(Operand sink) { isSink(sink, _) }
 }
 
-/** Holds if `instr` is a `this` pointer used by the call instruction `call`. */
-predicate isSink(DataFlow::Node sink, CallInstruction call) {
+/** Holds if `sink` is a `this` pointer used by the call instruction `call`. */
+predicate isSink(Operand sink, CallInstruction call) {
   exists(PureVirtualFunction func |
     call.getStaticCallTarget() = func and
-    call.getThisArgument() = sink.asInstruction() and
+    call.getThisArgumentOperand() = sink and
     // Weed out implicit calls to destructors of a base class
     not func instanceof Destructor
   )
 }
 
-/** Holds if `init` initializes the `this` pointer in class `c`. */
-predicate isSource(DataFlow::Node source, string msg, Class c) {
-  exists(InitializeParameterInstruction init | init = source.asInstruction() |
-    (
-      exists(Constructor func |
-        not func instanceof CopyConstructor and
-        not func instanceof MoveConstructor and
-        func = init.getEnclosingFunction() and
-        msg = "construction"
-      )
-      or
-      init.getEnclosingFunction() instanceof Destructor and msg = "destruction"
-    ) and
-    init.getIRVariable() instanceof IRThisVariable and
-    init.getEnclosingFunction().getDeclaringType() = c
-  )
+/**
+ * Holds if `source` initializes the `this` pointer in class `c`.
+ *
+ * The string `msg` describes whether the enclosing function is a
+ * constructor or destructor.
+ */
+predicate isSource(InitializeParameterInstruction source, string msg, Class c) {
+  (
+    exists(Constructor func |
+      not func instanceof CopyConstructor and
+      not func instanceof MoveConstructor and
+      func = source.getEnclosingFunction() and
+      msg = "construction"
+    )
+    or
+    source.getEnclosingFunction() instanceof Destructor and msg = "destruction"
+  ) and
+  source.getIRVariable() instanceof IRThisVariable and
+  source.getEnclosingFunction().getDeclaringType() = c
 }
 
 /**
@@ -68,8 +71,8 @@ predicate flows(
 ) {
   exists(UnsafeUseOfThisConfig conf |
     conf.hasFlowPath(source, sink) and
-    isSource(source.getNode(), msg, sourceClass) and
-    isSink(sink.getNode(), call)
+    isSource(source.getInstruction(), msg, sourceClass) and
+    isSink(sink.getInstruction().getAUse(), call)
   )
 }
 
diff --git a/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql b/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
index 47ed2b704d5..4dacffb6a55 100644
--- a/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql	
+++ b/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql	
@@ -12,8 +12,8 @@
  */
 
 /*
- * Note: this query is not assigned a precision yet because we don't want it on
- * LGTM until its performance is well understood.
+ * Note: this query is not assigned a precision yet because we don't want it
+ * to be included in query suites until its performance is well understood.
  */
 
 import cpp
diff --git a/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll b/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll
index 352cf86ddd5..967a9987a4f 100644
--- a/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll
+++ b/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll
@@ -52,7 +52,7 @@ class Library extends LibraryT {
     // The versions reported for C/C++ dependencies are just the versions that
     // happen to be installed on the system where the build takes place.
     // Reporting those versions is likely to cause misunderstandings, both for
-    // people reading them and for the vulnerability checker of lgtm.
+    // people reading them and for vulnerability checkers.
     result = "unknown"
   }
 
diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
index 928c9942177..f000e25df52 100644
--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -16,9 +16,10 @@
 
 import cpp
 import semmle.code.cpp.security.FunctionWithWrappers
-import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
-import TaintedWithPath
+import semmle.code.cpp.security.FlowSources
+import semmle.code.cpp.ir.IR
+import semmle.code.cpp.ir.dataflow.TaintTracking
+import DataFlow::PathGraph
 
 /**
  * A function for opening a file.
@@ -46,19 +47,71 @@ class FileFunction extends FunctionWithWrappers {
   override predicate interestingArg(int arg) { arg = 0 }
 }
 
-class TaintedPathConfiguration extends TaintTrackingConfiguration {
-  override predicate isSink(Element tainted) {
-    exists(FileFunction fileFunction | fileFunction.outermostWrapperFunctionCall(tainted, _))
+Expr asSinkExpr(DataFlow::Node node) {
+  result =
+    node.asOperand()
+        .(SideEffectOperand)
+        .getUse()
+        .(ReadSideEffectInstruction)
+        .getArgumentDef()
+        .getUnconvertedResultExpression()
+}
+
+/**
+ * Holds for a variable that has any kind of upper-bound check anywhere in the program.
+ * This is biased towards being inclusive and being a coarse overapproximation because
+ * there are a lot of valid ways of doing an upper bounds checks if we don't consider
+ * where it occurs, for example:
+ * ```cpp
+ *   if (x < 10) { sink(x); }
+ *
+ *   if (10 > y) { sink(y); }
+ *
+ *   if (z > 10) { z = 10; }
+ *   sink(z);
+ * ```
+ */
+predicate hasUpperBoundsCheck(Variable var) {
+  exists(RelationalOperation oper, VariableAccess access |
+    oper.getAnOperand() = access and
+    access.getTarget() = var and
+    // Comparing to 0 is not an upper bound check
+    not oper.getAnOperand().getValue() = "0"
+  )
+}
+
+class TaintedPathConfiguration extends TaintTracking::Configuration {
+  TaintedPathConfiguration() { this = "TaintedPathConfiguration" }
+
+  override predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(FileFunction fileFunction |
+      fileFunction.outermostWrapperFunctionCall(asSinkExpr(node), _)
+    )
+  }
+
+  override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
+
+  override predicate isSanitizer(DataFlow::Node node) {
+    node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType
+    or
+    exists(LoadInstruction load, Variable checkedVar |
+      load = node.asInstruction() and
+      checkedVar = load.getSourceAddress().(VariableAddressInstruction).getAstVariable() and
+      hasUpperBoundsCheck(checkedVar)
+    )
   }
 }
 
 from
-  FileFunction fileFunction, Expr taintedArg, Expr taintSource, PathNode sourceNode,
-  PathNode sinkNode, string taintCause, string callChain
+  FileFunction fileFunction, Expr taintedArg, FlowSource taintSource, TaintedPathConfiguration cfg,
+  DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode, string callChain
 where
+  taintedArg = asSinkExpr(sinkNode.getNode()) and
   fileFunction.outermostWrapperFunctionCall(taintedArg, callChain) and
-  taintedWithPath(taintSource, taintedArg, sourceNode, sinkNode) and
-  isUserInput(taintSource, taintCause)
+  cfg.hasFlowPath(sourceNode, sinkNode) and
+  taintSource = sourceNode.getNode()
 select taintedArg, sourceNode, sinkNode,
   "This argument to a file access function is derived from $@ and then passed to " + callChain + ".",
-  taintSource, "user input (" + taintCause + ")"
+  taintSource, "user input (" + taintSource.getSourceType() + ")"
diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
index bb38609927e..ffadb381a76 100644
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
@@ -13,7 +13,7 @@
 
 import cpp
 import semmle.code.cpp.commons.Environment
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 /** A call that prints its arguments to `stdout`. */
diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
index b46314d8454..f3ff16e8f7b 100644
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -15,7 +15,7 @@
 import cpp
 import semmle.code.cpp.security.Security
 import semmle.code.cpp.security.FunctionWithWrappers
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 class SqlLikeFunction extends FunctionWithWrappers {
diff --git a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
index 7cbb0d81d49..883a6b07423 100644
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@@ -14,7 +14,7 @@
 
 import cpp
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 predicate isProcessOperationExplanation(Expr arg, string processOperation) {
diff --git a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
index a2d74e7557a..8f8d98900f2 100644
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -16,7 +16,7 @@
 
 import semmle.code.cpp.security.BufferWrite
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 /*
diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
index 33a6ee1d5f5..2001b1a308c 100644
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -116,10 +116,6 @@ class ImproperArrayIndexValidationConfig extends TaintTracking::Configuration {
   }
 }
 
-/** Gets `str` where the first letter has been lowercased. */
-bindingset[str]
-string lowerFirst(string str) { result = str.prefix(1).toLowerCase() + str.suffix(1) }
-
 from
   ImproperArrayIndexValidationConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink,
   string sourceType
@@ -128,4 +124,4 @@ where
   isFlowSource(source.getNode(), sourceType)
 select sink.getNode(), source, sink,
   "An array indexing expression depends on $@ that might be outside the bounds of the array.",
-  source.getNode(), lowerFirst(sourceType)
+  source.getNode(), sourceType
diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
index 11cbfe16a0d..3a5cb7931b2 100644
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.security.Security
 import semmle.code.cpp.security.FunctionWithWrappers
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 class Configuration extends TaintTrackingConfiguration {
diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
index a4fd672f518..b37e34c296c 100644
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.security.FunctionWithWrappers
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 class Configuration extends TaintTrackingConfiguration {
diff --git a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
index 762fcf573d1..ff2e7e924df 100644
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@@ -12,7 +12,7 @@
 
 import cpp
 import semmle.code.cpp.commons.NullTermination
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 
 /** A user-controlled expression that may not be null terminated. */
 class TaintSource extends VariableAccess {
diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
index 350005194ac..07fbdc1ff44 100644
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@@ -15,7 +15,7 @@
 import cpp
 import semmle.code.cpp.security.Overflow
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 import Bounded
 
diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
index e54951b33e7..6034b4f5ffd 100644
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@@ -17,7 +17,7 @@
 import cpp
 import semmle.code.cpp.security.Overflow
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 
 predicate isMaxValue(Expr mie) {
   exists(MacroInvocation mi |
diff --git a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
index 7cbd53ebf8a..19fe7df4c44 100644
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@@ -15,7 +15,7 @@
 
 import cpp
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 
 /** Holds if `expr` might overflow. */
 predicate outOfBoundsExpr(Expr expr, string kind) {
diff --git a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
index 814c6aff21b..06c4ee5efe5 100644
--- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
+++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
@@ -12,7 +12,7 @@
  *       external/cwe/cwe-290
  */
 
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 predicate hardCodedAddressOrIP(StringLiteral txt) {
diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
index ec78e6b63fb..6858dffbfa8 100644
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
@@ -19,7 +19,25 @@ import semmle.code.cpp.ir.dataflow.TaintTracking
 import DataFlow::PathGraph
 
 /**
- * A taint flow configuration for flow from user input to a buffer write.
+ * A buffer write into a sensitive expression.
+ */
+class SensitiveBufferWrite extends Expr instanceof BufferWrite::BufferWrite {
+  SensitiveBufferWrite() { super.getDest() instanceof SensitiveExpr }
+
+  /**
+   * Gets a data source of this operation.
+   */
+  Expr getASource() { result = super.getASource() }
+
+  /**
+   * Gets the destination buffer of this operation.
+   */
+  Expr getDest() { result = super.getDest() }
+}
+
+/**
+ * A taint flow configuration for flow from user input to a buffer write
+ * into a sensitive expression.
  */
 class ToBufferConfiguration extends TaintTracking::Configuration {
   ToBufferConfiguration() { this = "ToBufferConfiguration" }
@@ -31,18 +49,17 @@ class ToBufferConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(BufferWrite::BufferWrite w | w.getASource() = sink.asExpr())
+    exists(SensitiveBufferWrite w | w.getASource() = sink.asExpr())
   }
 }
 
 from
-  ToBufferConfiguration config, BufferWrite::BufferWrite w, DataFlow::PathNode sourceNode,
-  DataFlow::PathNode sinkNode, FlowSource source, SensitiveExpr dest
+  ToBufferConfiguration config, SensitiveBufferWrite w, DataFlow::PathNode sourceNode,
+  DataFlow::PathNode sinkNode, FlowSource source
 where
   config.hasFlowPath(sourceNode, sinkNode) and
   sourceNode.getNode() = source and
-  w.getASource() = sinkNode.getNode().asExpr() and
-  dest = w.getDest()
+  w.getASource() = sinkNode.getNode().asExpr()
 select w, sourceNode, sinkNode,
-  "This write into buffer '" + dest.toString() + "' may contain unencrypted data from $@.", source,
-  "user input (" + source.getSourceType() + ")"
+  "This write into buffer '" + w.getDest().toString() + "' may contain unencrypted data from $@.",
+  source, "user input (" + source.getSourceType() + ")"
diff --git a/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql b/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
index 14cd2a2188a..c5d7f2cbb61 100644
--- a/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
+++ b/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
@@ -12,7 +12,7 @@
  *       external/cwe/cwe-807
  */
 
-import semmle.code.cpp.security.TaintTracking
+import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
 predicate sensitiveCondition(Expr condition, Expr raise) {
diff --git a/cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md b/cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md
new file mode 100644
index 00000000000..fc02f7cbf3a
--- /dev/null
+++ b/cpp/ql/src/change-notes/2022-12-15-no-scanf-buffer-allocation-warnings.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/missing-check-scanf` query no longer reports the free'ing of `scanf` output variables as potential reads.
\ No newline at end of file
diff --git a/cpp/ql/src/change-notes/released/0.4.4.md b/cpp/ql/src/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..33e1c91255d
--- /dev/null
+++ b/cpp/ql/src/change-notes/released/0.4.4.md
@@ -0,0 +1,3 @@
+## 0.4.4
+
+No user-facing changes.
diff --git a/cpp/ql/src/change-notes/released/0.4.5.md b/cpp/ql/src/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/cpp/ql/src/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/cpp/ql/src/change-notes/released/0.4.6.md b/cpp/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/cpp/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/cpp/ql/src/jsf/4.09 Style/Naming.qll b/cpp/ql/src/jsf/4.09 Style/Naming.qll
index 264a6bac219..5df3724a067 100644
--- a/cpp/ql/src/jsf/4.09 Style/Naming.qll	
+++ b/cpp/ql/src/jsf/4.09 Style/Naming.qll	
@@ -1,4 +1,4 @@
-/*
+/**
  * Common functions for implementing naming conventions
  *
  * Naming rules are the following:
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
index 3a44ef8b743..b8b2f8a31ca 100644
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: 
   - cpp
   - queries
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected
index e69de29bb2d..6f00f28e455 100644
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected
@@ -0,0 +1,2 @@
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:9,8-47)
+WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:20,49-74)
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp
index ce758af691b..e80991d4fb3 100644
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp
@@ -1,18 +1,6 @@
 #include "../shared.h"
 
-
-
-
-
-
-
-
-
-
 int main() {
-
-
-
   sink(_strdup(getenv("VAR"))); // $ ir MISSING: ast
   sink(strdup(getenv("VAR"))); // $ ast,ir
   sink(unmodeled_function(getenv("VAR"))); // clean by assumption
@@ -59,9 +47,6 @@ void test_outparams() {
     sink(p2); // $ ir MISSING: ast
 }
 
-
-
-
 struct XY {
   int x;
   int y;
@@ -230,24 +215,17 @@ void test_recv() {
 
 // --- send and related functions ---
 
-int send(int, const void*, int, int);
-
-void test_send(char* buffer, int length) {
-  send(0, buffer, length, 0); // $ remote
-}
-
 struct iovec {
   void  *iov_base;
   unsigned iov_len;
 };
 
 int readv(int, const struct iovec*, int);
-int writev(int, const struct iovec*, int);
 
 void sink(const iovec* iovs);
 void sink(iovec);
 
-int test_readv_and_writev(iovec* iovs) {
+void test_readv_and_writev(iovec* iovs) {
   readv(0, iovs, 16);
   sink(iovs); // $ast,ir
   sink(iovs[0]); // $ast,ir
@@ -256,6 +234,4 @@ int test_readv_and_writev(iovec* iovs) {
   char* p = (char*)iovs[1].iov_base;
   sink(p); // $ MISSING: ast,ir
   sink(*p); // $ MISSING: ast,ir
-
-  writev(0, iovs, 16); // $ remote
 }
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/remote-flow-sink.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/remote-flow-sink.ql
deleted file mode 100644
index 4fbbe8fa3bf..00000000000
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/remote-flow-sink.ql
+++ /dev/null
@@ -1,20 +0,0 @@
-/** This tests that we are able to detect remote flow sinks. */
-
-import cpp
-import TestUtilities.InlineExpectationsTest
-import semmle.code.cpp.security.FlowSources
-
-class RemoteFlowSinkTest extends InlineExpectationsTest {
-  RemoteFlowSinkTest() { this = "RemoteFlowSinkTest" }
-
-  override string getARelevantTag() { result = "remote" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "remote" and
-    value = "" and
-    exists(RemoteFlowSink node |
-      location = node.getLocation() and
-      element = node.toString()
-    )
-  }
-}
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected
index e69de29bb2d..5c235d0802d 100644
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected
@@ -0,0 +1,2 @@
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:10,8-47)
+WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:21,3-28)
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected
index e69de29bb2d..b1d79c1079e 100644
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected
@@ -0,0 +1,2 @@
+WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:8,3-47)
+WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:12,3-53)
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
index 11bb0c21789..8f7078984cb 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -91,3 +93,6 @@ postWithInFlow
 | test.cpp:499:4:499:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:505:35:505:35 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
index cb3f20d9e53..6a26a6f13ae 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
@@ -21,6 +21,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -635,3 +637,6 @@ postWithInFlow
 | true_upon_entry.cpp:101:18:101:18 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | true_upon_entry.cpp:102:5:102:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp
index 131f0f5d05d..f9df8c9497c 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dispatch.cpp
@@ -87,7 +87,7 @@ Top *identity(Top *top) {
 
 void callIdentityFunctions(Top *top, Bottom *bottom) {
   identity(bottom)->isSink(source()); // $ MISSING: ast,ir
-  identity(top)->isSink(source()); // now flow
+  identity(top)->isSink(source()); // no flow
 }
 
 using SinkFunctionType = void (*)(int);
diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
index f66ef23ba74..e0470aac85d 100644
--- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
@@ -12,6 +12,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -156,3 +158,6 @@ postWithInFlow
 | struct_init.c:24:11:24:12 | ab [inner post update] | PostUpdateNode should not be the target of local flow. |
 | struct_init.c:36:17:36:24 | nestedAB [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
index 4dee8fb627f..dd2d9f54f35 100644
--- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
@@ -15,6 +15,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -1324,3 +1326,6 @@ postWithInFlow
 | struct_init.c:46:16:46:24 | pointerAB [post update] | PostUpdateNode should not be the target of local flow. |
 | struct_init.c:46:16:46:24 | pointerAB [post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected
index cdea135e301..b1e0d3635a3 100644
--- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected
+++ b/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected
@@ -1,3 +1,4 @@
+WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted.ql:5,3-29)
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:8:24:8:25 | s1 |  |
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:23:14:23:19 | envStr |  |
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:28 | call to getenv |  |
diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected
index ac95d5659a3..5d732c45866 100644
--- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected
+++ b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected
@@ -1,3 +1,8 @@
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:5,35-54)
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:12,7-26)
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:16,3-22)
+WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted_diff.ql:11,3-34)
+WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted_diff.ql:17,7-38)
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only |
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:23:14:23:19 | envStr | AST only |
 | test.cpp:38:23:38:28 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only |
diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected
index 01d8f5092ed..4b439122fa3 100644
--- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected
+++ b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected
@@ -1,3 +1,5 @@
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_ir.ql:3,35-50)
+WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_ir.ql:9,3-18)
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:28 | call to getenv |
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:40 | (const char *)... |
 | test.cpp:23:23:23:28 | call to getenv | test.cpp:25:6:25:29 | ! ... |
diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/remote-flow-sink.expected b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected
similarity index 100%
rename from cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/remote-flow-sink.expected
rename to cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected
diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql
new file mode 100644
index 00000000000..cb687f1d3bf
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql
@@ -0,0 +1,32 @@
+/** This tests that we are able to detect local flow sources. */
+
+import cpp
+import TestUtilities.InlineExpectationsTest
+import semmle.code.cpp.security.FlowSources
+
+class LocalFlowSourceTest extends InlineExpectationsTest {
+  LocalFlowSourceTest() { this = "LocalFlowSourceTest" }
+
+  override string getARelevantTag() { result = "local_source" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "local_source" and
+    exists(LocalFlowSource node, int n |
+      n =
+        strictcount(LocalFlowSource otherNode |
+          node.getLocation().getStartLine() = otherNode.getLocation().getStartLine()
+        ) and
+      (
+        n = 1 and value = ""
+        or
+        // If there is more than one node on this line
+        // we specify the location explicitly.
+        n > 1 and
+        value =
+          node.getLocation().getStartLine().toString() + ":" + node.getLocation().getStartColumn()
+      ) and
+      location = node.getLocation() and
+      element = node.toString()
+    )
+  }
+}
diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected
similarity index 100%
rename from java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.expected
rename to cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected
diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql
new file mode 100644
index 00000000000..703b62b9ffc
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql
@@ -0,0 +1,59 @@
+/** This tests that we are able to detect remote flow sources and sinks. */
+
+import cpp
+import TestUtilities.InlineExpectationsTest
+import semmle.code.cpp.security.FlowSources
+
+class RemoteFlowSourceTest extends InlineExpectationsTest {
+  RemoteFlowSourceTest() { this = "RemoteFlowSourceTest" }
+
+  override string getARelevantTag() { result = "remote_source" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "remote_source" and
+    exists(RemoteFlowSource node, int n |
+      n =
+        strictcount(RemoteFlowSource otherNode |
+          node.getLocation().getStartLine() = otherNode.getLocation().getStartLine()
+        ) and
+      (
+        n = 1 and value = ""
+        or
+        // If there is more than one node on this line
+        // we specify the location explicitly.
+        n > 1 and
+        value =
+          node.getLocation().getStartLine().toString() + ":" + node.getLocation().getStartColumn()
+      ) and
+      location = node.getLocation() and
+      element = node.toString()
+    )
+  }
+}
+
+class RemoteFlowSinkTest extends InlineExpectationsTest {
+  RemoteFlowSinkTest() { this = "RemoteFlowSinkTest" }
+
+  override string getARelevantTag() { result = "remote_sink" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "remote_sink" and
+    exists(RemoteFlowSink node, int n |
+      n =
+        strictcount(RemoteFlowSink otherNode |
+          node.getLocation().getStartLine() = otherNode.getLocation().getStartLine()
+        ) and
+      (
+        n = 1 and value = ""
+        or
+        // If there is more than one node on this line
+        // we specify the location explicitly.
+        n > 1 and
+        value =
+          node.getLocation().getStartLine().toString() + ":" + node.getLocation().getStartColumn()
+      ) and
+      location = node.getLocation() and
+      element = node.toString()
+    )
+  }
+}
diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp
new file mode 100644
index 00000000000..fcc4ee0a315
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp
@@ -0,0 +1,52 @@
+char *getenv(const char *name);
+char *secure_getenv(const char *name);
+wchar_t *_wgetenv(const wchar_t *name);
+
+void test_getenv() {
+    void *var1 = getenv("VAR"); // $ local_source
+    void *var2 = secure_getenv("VAR"); // $ local_source
+    void *var3 = _wgetenv(L"VAR"); // $ local_source
+}
+
+int send(int, const void*, int, int);
+
+void test_send(char* buffer, int length) {
+  send(0, buffer, length, 0); // $ remote_sink
+}
+
+struct iovec {
+  void  *iov_base;
+  unsigned iov_len;
+};
+
+int readv(int, const struct iovec*, int);
+int writev(int, const struct iovec*, int);
+
+void test_readv_and_writev(iovec* iovs) {
+  readv(0, iovs, 16); // $ remote_source
+  writev(0, iovs, 16); // $ remote_sink
+}
+
+struct FILE;
+
+int fscanf(FILE *stream, const char *format, ...);
+int scanf(const char *format, ...);
+
+void test_scanf(FILE *stream, int *d, char *buf) {
+  scanf(""); // Not a local source, as there are no output arguments
+  fscanf(stream, ""); // Not a remote source, as there are no output arguments
+  scanf("%d", d); // $ local_source
+  fscanf(stream, "%d", d);  // $ remote_source
+  scanf("%d %s", d, buf); // $ local_source=40:18 local_source=40:21
+  fscanf(stream, "%d %s", d, buf);  // $ remote_source=41:27 remote_source=41:30
+}
+
+struct addrinfo;
+
+int getaddrinfo(const char *hostname, const char *servname,
+                const struct addrinfo *hints, struct addrinfo **res);
+
+void test_inet(char *hostname, char *servname, struct addrinfo *hints) {
+  addrinfo *res;
+  int ret = getaddrinfo(hostname, servname, hints, &res); // $ remote_source
+}
diff --git a/cpp/ql/test/library-tests/floats/float128/errors.expected b/cpp/ql/test/library-tests/floats/float128/errors.expected
index d7891f3e9b6..2f163e66cb0 100644
--- a/cpp/ql/test/library-tests/floats/float128/errors.expected
+++ b/cpp/ql/test/library-tests/floats/float128/errors.expected
@@ -1,4 +1,3 @@
 | file://:0:0:0:0 | There was an error during this compilation |
 | float128.cpp:1:39:1:39 | 128-bit floating-point types are not supported in this configuration |
-| float128.cpp:2:30:2:30 | an attribute specifies a mode incompatible with '<error-type>' |
-| float128.cpp:2:41:2:41 | invalid combination of type specifiers |
+| float128.cpp:2:30:2:30 | 128-bit floating-point types are not supported in this configuration |
diff --git a/cpp/ql/test/library-tests/floats/float128/usertypes.expected b/cpp/ql/test/library-tests/floats/float128/usertypes.expected
index 84a38d93967..42b6612aff9 100644
--- a/cpp/ql/test/library-tests/floats/float128/usertypes.expected
+++ b/cpp/ql/test/library-tests/floats/float128/usertypes.expected
@@ -1,4 +1,5 @@
 | float128.cpp:1:50:1:60 | _Complex128 | file://:0:0:0:0 | <error-type> |
+| float128.cpp:2:41:2:49 | _Float128 | file://:0:0:0:0 | <error-type> |
 | float128.cpp:13:29:13:54 | __is_floating_point_helper<T> | float128.cpp:10:8:10:17 | false_type |
 | float128.cpp:14:19:14:51 | __is_floating_point_helper<float> | float128.cpp:11:8:11:16 | true_type |
 | float128.cpp:15:19:15:52 | __is_floating_point_helper<double> | float128.cpp:11:8:11:16 | true_type |
diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
index 086fa0415b7..5e44737a253 100644
--- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
@@ -52,6 +52,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -125,3 +127,6 @@ postWithInFlow
 | static_init_templates.cpp:21:2:21:4 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | try_catch.cpp:7:8:7:8 | call to exception | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
index 70f8446ec5a..8b1094228a9 100644
--- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
@@ -1463,6 +1463,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -2711,3 +2713,8 @@ postWithInFlow
 | whilestmt.c:40:7:40:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | whilestmt.c:42:7:42:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+| ir.cpp:724:6:724:13 | TryCatch | 0 | ir.cpp:735:22:735:22 | *s | Parameters with overlapping positions. |
+| ir.cpp:724:6:724:13 | TryCatch | 0 | ir.cpp:738:24:738:24 | *e | Parameters with overlapping positions. |
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected
index d5d46ee0b72..69c21b5e0b1 100644
--- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected
+++ b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_gvn.expected
@@ -1,3 +1,4 @@
+WARNING: Type GVN has been deprecated and may be removed in future (ast_gvn.ql:4,6-9)
 | test.cpp:5:3:5:3 | x | 5:c3-c3 6:c3-c3 |
 | test.cpp:5:7:5:8 | p0 | 5:c7-c8 6:c7-c8 |
 | test.cpp:5:7:5:13 | ... + ... | 5:c7-c13 6:c7-c13 7:c7-c7 |
diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected
index e69de29bb2d..d94d58ad5ea 100644
--- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected
+++ b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ast_uniqueness.expected
@@ -0,0 +1,3 @@
+WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (ast_uniqueness.ql:7,13-30)
+WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (ast_uniqueness.ql:8,30-47)
+WARNING: Type GVN has been deprecated and may be removed in future (ast_uniqueness.ql:8,18-21)
diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected
index b838a13d5af..810c83f197f 100644
--- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected
+++ b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected
@@ -1,3 +1,4 @@
+WARNING: Predicate globalValueNumber has been deprecated and may be removed in future (diff_ir_expr.ql:8,29-51)
 | test.cpp:5:3:5:13 | ... = ... | test.cpp:5:3:5:13 | ... = ... | AST only |
 | test.cpp:6:3:6:13 | ... = ... | test.cpp:6:3:6:13 | ... = ... | AST only |
 | test.cpp:7:3:7:7 | ... = ... | test.cpp:7:3:7:7 | ... = ... | AST only |
diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
index ce11cb53c58..bbedf4ecc3f 100644
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
@@ -1,19 +1,21 @@
-| test.cpp:30:7:30:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:29:3:29:7 | call to scanf | call to scanf |
-| test.cpp:46:7:46:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:45:3:45:7 | call to scanf | call to scanf |
-| test.cpp:63:7:63:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:62:3:62:7 | call to scanf | call to scanf |
-| test.cpp:75:7:75:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:74:3:74:7 | call to scanf | call to scanf |
-| test.cpp:87:7:87:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:86:3:86:8 | call to fscanf | call to fscanf |
-| test.cpp:94:7:94:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:93:3:93:8 | call to sscanf | call to sscanf |
-| test.cpp:143:8:143:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:141:7:141:11 | call to scanf | call to scanf |
-| test.cpp:152:8:152:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:150:7:150:11 | call to scanf | call to scanf |
-| test.cpp:184:8:184:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:183:7:183:11 | call to scanf | call to scanf |
-| test.cpp:203:8:203:8 | j | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:200:7:200:11 | call to scanf | call to scanf |
-| test.cpp:227:9:227:9 | d | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:225:25:225:29 | call to scanf | call to scanf |
-| test.cpp:231:9:231:9 | d | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:229:14:229:18 | call to scanf | call to scanf |
-| test.cpp:243:7:243:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:242:3:242:7 | call to scanf | call to scanf |
-| test.cpp:251:7:251:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:250:3:250:7 | call to scanf | call to scanf |
-| test.cpp:259:7:259:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:258:3:258:7 | call to scanf | call to scanf |
-| test.cpp:271:7:271:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:270:3:270:7 | call to scanf | call to scanf |
-| test.cpp:281:8:281:12 | ptr_i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:280:3:280:7 | call to scanf | call to scanf |
-| test.cpp:289:7:289:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:288:3:288:7 | call to scanf | call to scanf |
-| test.cpp:383:25:383:25 | u | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:382:6:382:11 | call to sscanf | call to sscanf |
+| test.cpp:35:7:35:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:34:3:34:7 | call to scanf | call to scanf |
+| test.cpp:51:7:51:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:50:3:50:7 | call to scanf | call to scanf |
+| test.cpp:68:7:68:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:67:3:67:7 | call to scanf | call to scanf |
+| test.cpp:80:7:80:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:79:3:79:7 | call to scanf | call to scanf |
+| test.cpp:90:8:90:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:89:3:89:7 | call to scanf | call to scanf |
+| test.cpp:98:8:98:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:97:3:97:7 | call to scanf | call to scanf |
+| test.cpp:108:7:108:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:107:3:107:8 | call to fscanf | call to fscanf |
+| test.cpp:115:7:115:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:114:3:114:8 | call to sscanf | call to sscanf |
+| test.cpp:164:8:164:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:162:7:162:11 | call to scanf | call to scanf |
+| test.cpp:173:8:173:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:171:7:171:11 | call to scanf | call to scanf |
+| test.cpp:205:8:205:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:204:7:204:11 | call to scanf | call to scanf |
+| test.cpp:224:8:224:8 | j | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:221:7:221:11 | call to scanf | call to scanf |
+| test.cpp:248:9:248:9 | d | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:246:25:246:29 | call to scanf | call to scanf |
+| test.cpp:252:9:252:9 | d | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 2. | test.cpp:250:14:250:18 | call to scanf | call to scanf |
+| test.cpp:264:7:264:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:263:3:263:7 | call to scanf | call to scanf |
+| test.cpp:272:7:272:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:271:3:271:7 | call to scanf | call to scanf |
+| test.cpp:280:7:280:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:279:3:279:7 | call to scanf | call to scanf |
+| test.cpp:292:7:292:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:291:3:291:7 | call to scanf | call to scanf |
+| test.cpp:302:8:302:12 | ptr_i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:301:3:301:7 | call to scanf | call to scanf |
+| test.cpp:310:7:310:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:309:3:309:7 | call to scanf | call to scanf |
+| test.cpp:404:25:404:25 | u | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:403:6:403:11 | call to sscanf | call to sscanf |
diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
index e621936dc33..38af4d7efcd 100644
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
@@ -19,6 +19,11 @@ FILE *get_a_stream();
 const char *get_a_string();
 extern locale_t get_a_locale();
 
+typedef long size_t;
+
+void *malloc(size_t size);
+void free(void *ptr);
+
 int main()
 {
 	// --- simple cases ---
@@ -78,6 +83,22 @@ int main()
 		use(i); // GOOD
 	}
 
+	{
+		int *i = (int*)malloc(sizeof(int)); // Allocated variable
+
+		scanf("%d", i);
+		use(*i); // BAD
+		free(i); // GOOD
+	}
+
+	{
+		int *i = new int; // Allocated variable
+
+		scanf("%d", i);
+		use(*i); // BAD
+		delete i; // GOOD
+	}
+
 	// --- different scanf functions ---
 
 	{
diff --git a/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected b/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
index 067ba7ab4fc..7f1ee1356ab 100644
--- a/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
+++ b/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
@@ -1,103 +1,61 @@
 edges
-| test.cpp:7:3:7:3 | this | test.cpp:8:12:8:15 | Load |
-| test.cpp:8:12:8:15 | Load | test.cpp:8:12:8:15 | this |
+| test.cpp:7:3:7:3 | B | test.cpp:8:12:8:15 | this |
 | test.cpp:8:12:8:15 | this | test.cpp:34:16:34:16 | x |
-| test.cpp:11:8:11:8 | b | test.cpp:12:5:12:5 | Load |
-| test.cpp:12:5:12:5 | (reference dereference) | test.cpp:12:5:12:5 | Unary |
-| test.cpp:12:5:12:5 | Load | test.cpp:12:5:12:5 | b |
-| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (A)... |
-| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (reference dereference) |
-| test.cpp:12:5:12:5 | b | test.cpp:12:5:12:5 | Unary |
-| test.cpp:15:3:15:4 | this | test.cpp:16:5:16:5 | Load |
-| test.cpp:16:5:16:5 | Load | test.cpp:16:5:16:5 | this |
-| test.cpp:16:5:16:5 | Unary | file://:0:0:0:0 | (A *)... |
-| test.cpp:16:5:16:5 | this | test.cpp:16:5:16:5 | Unary |
-| test.cpp:21:3:21:3 | Unary | test.cpp:21:13:21:13 | ConvertToNonVirtualBase |
-| test.cpp:21:3:21:3 | this | test.cpp:21:3:21:3 | Unary |
-| test.cpp:21:3:21:3 | this | test.cpp:22:12:22:15 | Load |
-| test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | Load |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | test.cpp:7:3:7:3 | this |
+| test.cpp:11:8:11:8 | b | test.cpp:12:5:12:5 | b |
+| test.cpp:12:5:12:5 | (reference dereference) | test.cpp:12:5:12:5 | (A)... |
+| test.cpp:12:5:12:5 | b | test.cpp:12:5:12:5 | (reference dereference) |
+| test.cpp:15:3:15:4 | ~B | test.cpp:16:5:16:5 | this |
+| test.cpp:16:5:16:5 | this | file://:0:0:0:0 | (A *)... |
+| test.cpp:21:3:21:3 | C | test.cpp:21:13:21:13 | call to B |
+| test.cpp:21:3:21:3 | C | test.cpp:22:12:22:15 | this |
+| test.cpp:21:3:21:3 | C | test.cpp:25:7:25:10 | this |
+| test.cpp:21:13:21:13 | call to B | test.cpp:7:3:7:3 | B |
 | test.cpp:22:12:22:15 | (B *)... | test.cpp:34:16:34:16 | x |
-| test.cpp:22:12:22:15 | Load | test.cpp:22:12:22:15 | this |
-| test.cpp:22:12:22:15 | Unary | test.cpp:22:12:22:15 | (B *)... |
-| test.cpp:22:12:22:15 | this | test.cpp:22:12:22:15 | Unary |
-| test.cpp:25:7:25:10 | (B *)... | test.cpp:25:7:25:10 | Unary |
-| test.cpp:25:7:25:10 | Load | test.cpp:25:7:25:10 | this |
-| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (A *)... |
-| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (B *)... |
-| test.cpp:25:7:25:10 | this | test.cpp:25:7:25:10 | Unary |
-| test.cpp:31:3:31:3 | this | test.cpp:31:12:31:15 | Load |
-| test.cpp:31:11:31:15 | (B)... | test.cpp:31:11:31:15 | Unary |
+| test.cpp:22:12:22:15 | this | test.cpp:22:12:22:15 | (B *)... |
+| test.cpp:25:7:25:10 | (B *)... | test.cpp:25:7:25:10 | (A *)... |
+| test.cpp:25:7:25:10 | this | test.cpp:25:7:25:10 | (B *)... |
+| test.cpp:31:3:31:3 | D | test.cpp:31:12:31:15 | this |
+| test.cpp:31:11:31:15 | (B)... | test.cpp:31:11:31:15 | (reference to) |
 | test.cpp:31:11:31:15 | (reference to) | test.cpp:11:8:11:8 | b |
-| test.cpp:31:11:31:15 | * ... | test.cpp:31:11:31:15 | Unary |
-| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (B)... |
-| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (reference to) |
-| test.cpp:31:12:31:15 | Load | test.cpp:31:12:31:15 | this |
-| test.cpp:31:12:31:15 | Unary | test.cpp:31:11:31:15 | * ... |
-| test.cpp:31:12:31:15 | this | test.cpp:31:12:31:15 | Unary |
-| test.cpp:34:16:34:16 | x | test.cpp:35:3:35:3 | Load |
-| test.cpp:35:3:35:3 | Load | test.cpp:35:3:35:3 | x |
-| test.cpp:35:3:35:3 | Unary | test.cpp:35:3:35:3 | (A *)... |
-| test.cpp:35:3:35:3 | x | test.cpp:35:3:35:3 | Unary |
-| test.cpp:47:3:47:3 | this | test.cpp:48:10:48:13 | Load |
-| test.cpp:48:10:48:13 | (E *)... | test.cpp:48:10:48:13 | Unary |
-| test.cpp:48:10:48:13 | Load | test.cpp:48:10:48:13 | this |
-| test.cpp:48:10:48:13 | Unary | test.cpp:48:6:48:13 | (A *)... |
-| test.cpp:48:10:48:13 | Unary | test.cpp:48:10:48:13 | (E *)... |
-| test.cpp:48:10:48:13 | this | test.cpp:48:10:48:13 | Unary |
+| test.cpp:31:11:31:15 | * ... | test.cpp:31:11:31:15 | (B)... |
+| test.cpp:31:12:31:15 | this | test.cpp:31:11:31:15 | * ... |
+| test.cpp:34:16:34:16 | x | test.cpp:35:3:35:3 | x |
+| test.cpp:35:3:35:3 | x | test.cpp:35:3:35:3 | (A *)... |
+| test.cpp:47:3:47:3 | F | test.cpp:48:10:48:13 | this |
+| test.cpp:48:10:48:13 | (E *)... | test.cpp:48:6:48:13 | (A *)... |
+| test.cpp:48:10:48:13 | this | test.cpp:48:10:48:13 | (E *)... |
 nodes
 | file://:0:0:0:0 | (A *)... | semmle.label | (A *)... |
-| test.cpp:7:3:7:3 | this | semmle.label | this |
-| test.cpp:8:12:8:15 | Load | semmle.label | Load |
+| test.cpp:7:3:7:3 | B | semmle.label | B |
 | test.cpp:8:12:8:15 | this | semmle.label | this |
 | test.cpp:11:8:11:8 | b | semmle.label | b |
 | test.cpp:12:5:12:5 | (A)... | semmle.label | (A)... |
 | test.cpp:12:5:12:5 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:12:5:12:5 | Load | semmle.label | Load |
-| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
-| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
 | test.cpp:12:5:12:5 | b | semmle.label | b |
-| test.cpp:15:3:15:4 | this | semmle.label | this |
-| test.cpp:16:5:16:5 | Load | semmle.label | Load |
-| test.cpp:16:5:16:5 | Unary | semmle.label | Unary |
+| test.cpp:15:3:15:4 | ~B | semmle.label | ~B |
 | test.cpp:16:5:16:5 | this | semmle.label | this |
-| test.cpp:21:3:21:3 | Unary | semmle.label | Unary |
-| test.cpp:21:3:21:3 | this | semmle.label | this |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | semmle.label | ConvertToNonVirtualBase |
+| test.cpp:21:3:21:3 | C | semmle.label | C |
+| test.cpp:21:13:21:13 | call to B | semmle.label | call to B |
 | test.cpp:22:12:22:15 | (B *)... | semmle.label | (B *)... |
-| test.cpp:22:12:22:15 | Load | semmle.label | Load |
-| test.cpp:22:12:22:15 | Unary | semmle.label | Unary |
 | test.cpp:22:12:22:15 | this | semmle.label | this |
 | test.cpp:25:7:25:10 | (A *)... | semmle.label | (A *)... |
 | test.cpp:25:7:25:10 | (B *)... | semmle.label | (B *)... |
-| test.cpp:25:7:25:10 | Load | semmle.label | Load |
-| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
-| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
 | test.cpp:25:7:25:10 | this | semmle.label | this |
-| test.cpp:31:3:31:3 | this | semmle.label | this |
+| test.cpp:31:3:31:3 | D | semmle.label | D |
 | test.cpp:31:11:31:15 | (B)... | semmle.label | (B)... |
 | test.cpp:31:11:31:15 | (reference to) | semmle.label | (reference to) |
 | test.cpp:31:11:31:15 | * ... | semmle.label | * ... |
-| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
-| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
-| test.cpp:31:12:31:15 | Load | semmle.label | Load |
-| test.cpp:31:12:31:15 | Unary | semmle.label | Unary |
 | test.cpp:31:12:31:15 | this | semmle.label | this |
 | test.cpp:34:16:34:16 | x | semmle.label | x |
 | test.cpp:35:3:35:3 | (A *)... | semmle.label | (A *)... |
-| test.cpp:35:3:35:3 | Load | semmle.label | Load |
-| test.cpp:35:3:35:3 | Unary | semmle.label | Unary |
 | test.cpp:35:3:35:3 | x | semmle.label | x |
-| test.cpp:47:3:47:3 | this | semmle.label | this |
+| test.cpp:47:3:47:3 | F | semmle.label | F |
 | test.cpp:48:6:48:13 | (A *)... | semmle.label | (A *)... |
 | test.cpp:48:10:48:13 | (E *)... | semmle.label | (E *)... |
-| test.cpp:48:10:48:13 | Load | semmle.label | Load |
-| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
-| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
 | test.cpp:48:10:48:13 | this | semmle.label | this |
 #select
-| test.cpp:12:7:12:7 | call to f | test.cpp:31:3:31:3 | this | test.cpp:12:5:12:5 | (A)... | Call to pure virtual function during construction. |
-| test.cpp:16:5:16:5 | call to f | test.cpp:15:3:15:4 | this | file://:0:0:0:0 | (A *)... | Call to pure virtual function during destruction. |
-| test.cpp:25:13:25:13 | call to f | test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | (A *)... | Call to pure virtual function during construction. |
-| test.cpp:35:6:35:6 | call to f | test.cpp:7:3:7:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
-| test.cpp:35:6:35:6 | call to f | test.cpp:21:3:21:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
+| test.cpp:12:7:12:7 | call to f | test.cpp:31:3:31:3 | D | test.cpp:12:5:12:5 | (A)... | Call to pure virtual function during construction. |
+| test.cpp:16:5:16:5 | call to f | test.cpp:15:3:15:4 | ~B | file://:0:0:0:0 | (A *)... | Call to pure virtual function during destruction. |
+| test.cpp:25:13:25:13 | call to f | test.cpp:21:3:21:3 | C | test.cpp:25:7:25:10 | (A *)... | Call to pure virtual function during construction. |
+| test.cpp:35:6:35:6 | call to f | test.cpp:7:3:7:3 | B | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
+| test.cpp:35:6:35:6 | call to f | test.cpp:21:3:21:3 | C | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
index 8f9d91fc1ad..b7b598a13c5 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
@@ -1,231 +1,117 @@
 edges
-| test.cpp:17:9:17:11 | & ... | test.cpp:17:9:17:11 | StoreValue |
-| test.cpp:17:10:17:11 | Unary | test.cpp:17:9:17:11 | & ... |
-| test.cpp:17:10:17:11 | mc | test.cpp:17:10:17:11 | Unary |
-| test.cpp:23:17:23:19 | & ... | test.cpp:23:17:23:19 | StoreValue |
-| test.cpp:23:17:23:19 | Store | test.cpp:25:9:25:11 | Load |
-| test.cpp:23:17:23:19 | StoreValue | test.cpp:23:17:23:19 | Store |
-| test.cpp:23:18:23:19 | Unary | test.cpp:23:17:23:19 | & ... |
-| test.cpp:23:18:23:19 | mc | test.cpp:23:18:23:19 | Unary |
-| test.cpp:25:9:25:11 | Load | test.cpp:25:9:25:11 | ptr |
-| test.cpp:25:9:25:11 | ptr | test.cpp:25:9:25:11 | StoreValue |
-| test.cpp:39:17:39:18 | (reference to) | test.cpp:39:17:39:18 | StoreValue |
-| test.cpp:39:17:39:18 | Store | test.cpp:41:10:41:12 | Load |
-| test.cpp:39:17:39:18 | StoreValue | test.cpp:39:17:39:18 | Store |
-| test.cpp:39:17:39:18 | Unary | test.cpp:39:17:39:18 | (reference to) |
-| test.cpp:39:17:39:18 | mc | test.cpp:39:17:39:18 | Unary |
-| test.cpp:41:9:41:12 | & ... | test.cpp:41:9:41:12 | StoreValue |
-| test.cpp:41:10:41:12 | (reference dereference) | test.cpp:41:10:41:12 | Unary |
-| test.cpp:41:10:41:12 | Load | test.cpp:41:10:41:12 | ref |
-| test.cpp:41:10:41:12 | Unary | test.cpp:41:9:41:12 | & ... |
-| test.cpp:41:10:41:12 | Unary | test.cpp:41:10:41:12 | (reference dereference) |
-| test.cpp:41:10:41:12 | ref | test.cpp:41:10:41:12 | Unary |
-| test.cpp:47:9:47:10 | (reference to) | test.cpp:47:9:47:10 | StoreValue |
-| test.cpp:47:9:47:10 | Unary | test.cpp:47:9:47:10 | (reference to) |
-| test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | Unary |
-| test.cpp:54:9:54:15 | & ... | test.cpp:54:9:54:15 | StoreValue |
-| test.cpp:54:11:54:12 | Unary | test.cpp:54:14:54:14 | a |
-| test.cpp:54:11:54:12 | mc | test.cpp:54:11:54:12 | Unary |
-| test.cpp:54:14:54:14 | Unary | test.cpp:54:9:54:15 | & ... |
-| test.cpp:54:14:54:14 | a | test.cpp:54:14:54:14 | Unary |
-| test.cpp:89:3:89:11 | Store | test.cpp:92:9:92:11 | Load |
-| test.cpp:89:9:89:11 | & ... | test.cpp:89:9:89:11 | StoreValue |
-| test.cpp:89:9:89:11 | StoreValue | test.cpp:89:3:89:11 | Store |
-| test.cpp:89:10:89:11 | Unary | test.cpp:89:9:89:11 | & ... |
-| test.cpp:89:10:89:11 | mc | test.cpp:89:10:89:11 | Unary |
-| test.cpp:92:9:92:11 | Load | test.cpp:92:9:92:11 | ptr |
-| test.cpp:92:9:92:11 | ptr | test.cpp:92:9:92:11 | StoreValue |
-| test.cpp:112:9:112:11 | Unary | test.cpp:112:9:112:11 | array to pointer conversion |
-| test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | Unary |
-| test.cpp:112:9:112:11 | array to pointer conversion | test.cpp:112:9:112:11 | StoreValue |
-| test.cpp:119:9:119:18 | & ... | test.cpp:119:9:119:18 | StoreValue |
-| test.cpp:119:11:119:13 | Left | test.cpp:119:11:119:17 | access to array |
-| test.cpp:119:11:119:13 | Unary | test.cpp:119:11:119:13 | array to pointer conversion |
-| test.cpp:119:11:119:13 | arr | test.cpp:119:11:119:13 | Unary |
-| test.cpp:119:11:119:13 | array to pointer conversion | test.cpp:119:11:119:13 | Left |
-| test.cpp:119:11:119:17 | Unary | test.cpp:119:9:119:18 | & ... |
-| test.cpp:119:11:119:17 | access to array | test.cpp:119:11:119:17 | Unary |
-| test.cpp:134:2:134:14 | Store | test.cpp:135:2:135:4 | Load |
-| test.cpp:134:8:134:10 | Left | test.cpp:134:8:134:14 | ... + ... |
-| test.cpp:134:8:134:10 | Unary | test.cpp:134:8:134:10 | array to pointer conversion |
-| test.cpp:134:8:134:10 | arr | test.cpp:134:8:134:10 | Unary |
-| test.cpp:134:8:134:10 | array to pointer conversion | test.cpp:134:8:134:10 | Left |
-| test.cpp:134:8:134:14 | ... + ... | test.cpp:134:8:134:14 | StoreValue |
-| test.cpp:134:8:134:14 | StoreValue | test.cpp:134:2:134:14 | Store |
-| test.cpp:135:2:135:4 | Left | test.cpp:135:2:135:6 | PointerAdd |
-| test.cpp:135:2:135:4 | Load | test.cpp:135:2:135:4 | ptr |
-| test.cpp:135:2:135:4 | ptr | test.cpp:135:2:135:4 | Left |
-| test.cpp:135:2:135:6 | PointerAdd | test.cpp:135:2:135:6 | StoreValue |
-| test.cpp:135:2:135:6 | Store | test.cpp:137:9:137:11 | Load |
-| test.cpp:135:2:135:6 | StoreValue | test.cpp:135:2:135:6 | Store |
-| test.cpp:137:9:137:11 | Load | test.cpp:137:9:137:11 | ptr |
-| test.cpp:137:9:137:11 | ptr | test.cpp:137:9:137:11 | StoreValue |
-| test.cpp:170:26:170:41 | (void *)... | test.cpp:170:26:170:41 | StoreValue |
-| test.cpp:170:26:170:41 | Store | test.cpp:171:10:171:23 | Load |
-| test.cpp:170:26:170:41 | StoreValue | test.cpp:170:26:170:41 | Store |
-| test.cpp:170:34:170:41 | & ... | test.cpp:170:34:170:41 | Unary |
-| test.cpp:170:34:170:41 | Unary | test.cpp:170:26:170:41 | (void *)... |
-| test.cpp:170:35:170:41 | Unary | test.cpp:170:34:170:41 | & ... |
-| test.cpp:170:35:170:41 | myLocal | test.cpp:170:35:170:41 | Unary |
-| test.cpp:171:10:171:23 | Load | test.cpp:171:10:171:23 | pointerToLocal |
-| test.cpp:171:10:171:23 | pointerToLocal | test.cpp:171:10:171:23 | StoreValue |
-| test.cpp:176:25:176:34 | Store | test.cpp:177:10:177:23 | Load |
-| test.cpp:176:25:176:34 | StoreValue | test.cpp:176:25:176:34 | Store |
-| test.cpp:176:25:176:34 | Unary | test.cpp:176:25:176:34 | array to pointer conversion |
-| test.cpp:176:25:176:34 | array to pointer conversion | test.cpp:176:25:176:34 | StoreValue |
-| test.cpp:176:25:176:34 | localArray | test.cpp:176:25:176:34 | Unary |
-| test.cpp:177:10:177:23 | (void *)... | test.cpp:177:10:177:23 | StoreValue |
-| test.cpp:177:10:177:23 | Load | test.cpp:177:10:177:23 | pointerToLocal |
-| test.cpp:177:10:177:23 | Unary | test.cpp:177:10:177:23 | (void *)... |
-| test.cpp:177:10:177:23 | pointerToLocal | test.cpp:177:10:177:23 | Unary |
-| test.cpp:182:21:182:27 | (reference to) | test.cpp:182:21:182:27 | StoreValue |
-| test.cpp:182:21:182:27 | Store | test.cpp:183:10:183:19 | Load |
-| test.cpp:182:21:182:27 | StoreValue | test.cpp:182:21:182:27 | Store |
-| test.cpp:182:21:182:27 | Unary | test.cpp:182:21:182:27 | (reference to) |
-| test.cpp:182:21:182:27 | myLocal | test.cpp:182:21:182:27 | Unary |
-| test.cpp:183:10:183:19 | (reference dereference) | test.cpp:183:10:183:19 | Unary |
-| test.cpp:183:10:183:19 | (reference to) | test.cpp:183:10:183:19 | StoreValue |
-| test.cpp:183:10:183:19 | Load | test.cpp:183:10:183:19 | refToLocal |
-| test.cpp:183:10:183:19 | Unary | test.cpp:183:10:183:19 | (reference dereference) |
-| test.cpp:183:10:183:19 | Unary | test.cpp:183:10:183:19 | (reference to) |
-| test.cpp:183:10:183:19 | refToLocal | test.cpp:183:10:183:19 | Unary |
-| test.cpp:189:16:189:16 | (reference to) | test.cpp:189:16:189:16 | StoreValue |
-| test.cpp:189:16:189:16 | Store | test.cpp:190:10:190:13 | Load |
-| test.cpp:189:16:189:16 | StoreValue | test.cpp:189:16:189:16 | Store |
-| test.cpp:189:16:189:16 | Unary | test.cpp:189:16:189:16 | (reference to) |
-| test.cpp:189:16:189:16 | p | test.cpp:189:16:189:16 | Unary |
-| test.cpp:190:10:190:13 | (reference dereference) | test.cpp:190:10:190:13 | Unary |
-| test.cpp:190:10:190:13 | (reference to) | test.cpp:190:10:190:13 | StoreValue |
-| test.cpp:190:10:190:13 | Load | test.cpp:190:10:190:13 | pRef |
-| test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference dereference) |
-| test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference to) |
-| test.cpp:190:10:190:13 | pRef | test.cpp:190:10:190:13 | Unary |
+| test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | & ... |
+| test.cpp:23:17:23:19 | & ... | test.cpp:23:17:23:19 | & ... |
+| test.cpp:23:17:23:19 | & ... | test.cpp:25:9:25:11 | ptr |
+| test.cpp:23:18:23:19 | mc | test.cpp:23:17:23:19 | & ... |
+| test.cpp:39:17:39:18 | (reference to) | test.cpp:39:17:39:18 | (reference to) |
+| test.cpp:39:17:39:18 | (reference to) | test.cpp:41:10:41:12 | ref |
+| test.cpp:39:17:39:18 | mc | test.cpp:39:17:39:18 | (reference to) |
+| test.cpp:41:10:41:12 | (reference dereference) | test.cpp:41:9:41:12 | & ... |
+| test.cpp:41:10:41:12 | ref | test.cpp:41:10:41:12 | (reference dereference) |
+| test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | (reference to) |
+| test.cpp:54:11:54:12 | mc | test.cpp:54:14:54:14 | a |
+| test.cpp:54:14:54:14 | a | test.cpp:54:9:54:15 | & ... |
+| test.cpp:89:3:89:11 | ... = ... | test.cpp:92:9:92:11 | ptr |
+| test.cpp:89:9:89:11 | & ... | test.cpp:89:3:89:11 | ... = ... |
+| test.cpp:89:10:89:11 | mc | test.cpp:89:9:89:11 | & ... |
+| test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | array to pointer conversion |
+| test.cpp:119:11:119:13 | arr | test.cpp:119:11:119:13 | array to pointer conversion |
+| test.cpp:119:11:119:13 | array to pointer conversion | test.cpp:119:11:119:17 | access to array |
+| test.cpp:119:11:119:17 | access to array | test.cpp:119:9:119:18 | & ... |
+| test.cpp:134:2:134:14 | ... = ... | test.cpp:135:2:135:4 | ptr |
+| test.cpp:134:8:134:10 | arr | test.cpp:134:8:134:10 | array to pointer conversion |
+| test.cpp:134:8:134:10 | array to pointer conversion | test.cpp:134:8:134:14 | ... + ... |
+| test.cpp:134:8:134:14 | ... + ... | test.cpp:134:2:134:14 | ... = ... |
+| test.cpp:135:2:135:4 | ptr | test.cpp:135:2:135:6 | ... ++ |
+| test.cpp:135:2:135:6 | ... ++ | test.cpp:135:2:135:6 | ... ++ |
+| test.cpp:135:2:135:6 | ... ++ | test.cpp:137:9:137:11 | ptr |
+| test.cpp:170:26:170:41 | (void *)... | test.cpp:170:26:170:41 | (void *)... |
+| test.cpp:170:26:170:41 | (void *)... | test.cpp:171:10:171:23 | pointerToLocal |
+| test.cpp:170:34:170:41 | & ... | test.cpp:170:26:170:41 | (void *)... |
+| test.cpp:170:35:170:41 | myLocal | test.cpp:170:34:170:41 | & ... |
+| test.cpp:176:25:176:34 | array to pointer conversion | test.cpp:176:25:176:34 | array to pointer conversion |
+| test.cpp:176:25:176:34 | array to pointer conversion | test.cpp:177:10:177:23 | pointerToLocal |
+| test.cpp:176:25:176:34 | localArray | test.cpp:176:25:176:34 | array to pointer conversion |
+| test.cpp:177:10:177:23 | pointerToLocal | test.cpp:177:10:177:23 | (void *)... |
+| test.cpp:182:21:182:27 | (reference to) | test.cpp:182:21:182:27 | (reference to) |
+| test.cpp:182:21:182:27 | (reference to) | test.cpp:183:10:183:19 | refToLocal |
+| test.cpp:182:21:182:27 | myLocal | test.cpp:182:21:182:27 | (reference to) |
+| test.cpp:183:10:183:19 | (reference dereference) | test.cpp:183:10:183:19 | (reference to) |
+| test.cpp:183:10:183:19 | refToLocal | test.cpp:183:10:183:19 | (reference dereference) |
+| test.cpp:189:16:189:16 | (reference to) | test.cpp:189:16:189:16 | (reference to) |
+| test.cpp:189:16:189:16 | (reference to) | test.cpp:190:10:190:13 | pRef |
+| test.cpp:189:16:189:16 | p | test.cpp:189:16:189:16 | (reference to) |
+| test.cpp:190:10:190:13 | (reference dereference) | test.cpp:190:10:190:13 | (reference to) |
+| test.cpp:190:10:190:13 | pRef | test.cpp:190:10:190:13 | (reference dereference) |
 nodes
 | test.cpp:17:9:17:11 | & ... | semmle.label | & ... |
-| test.cpp:17:9:17:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:17:10:17:11 | Unary | semmle.label | Unary |
 | test.cpp:17:10:17:11 | mc | semmle.label | mc |
 | test.cpp:23:17:23:19 | & ... | semmle.label | & ... |
-| test.cpp:23:17:23:19 | Store | semmle.label | Store |
-| test.cpp:23:17:23:19 | StoreValue | semmle.label | StoreValue |
-| test.cpp:23:18:23:19 | Unary | semmle.label | Unary |
+| test.cpp:23:17:23:19 | & ... | semmle.label | & ... |
 | test.cpp:23:18:23:19 | mc | semmle.label | mc |
-| test.cpp:25:9:25:11 | Load | semmle.label | Load |
-| test.cpp:25:9:25:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:25:9:25:11 | ptr | semmle.label | ptr |
 | test.cpp:39:17:39:18 | (reference to) | semmle.label | (reference to) |
-| test.cpp:39:17:39:18 | Store | semmle.label | Store |
-| test.cpp:39:17:39:18 | StoreValue | semmle.label | StoreValue |
-| test.cpp:39:17:39:18 | Unary | semmle.label | Unary |
+| test.cpp:39:17:39:18 | (reference to) | semmle.label | (reference to) |
 | test.cpp:39:17:39:18 | mc | semmle.label | mc |
 | test.cpp:41:9:41:12 | & ... | semmle.label | & ... |
-| test.cpp:41:9:41:12 | StoreValue | semmle.label | StoreValue |
 | test.cpp:41:10:41:12 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:41:10:41:12 | Load | semmle.label | Load |
-| test.cpp:41:10:41:12 | Unary | semmle.label | Unary |
-| test.cpp:41:10:41:12 | Unary | semmle.label | Unary |
 | test.cpp:41:10:41:12 | ref | semmle.label | ref |
 | test.cpp:47:9:47:10 | (reference to) | semmle.label | (reference to) |
-| test.cpp:47:9:47:10 | StoreValue | semmle.label | StoreValue |
-| test.cpp:47:9:47:10 | Unary | semmle.label | Unary |
 | test.cpp:47:9:47:10 | mc | semmle.label | mc |
 | test.cpp:54:9:54:15 | & ... | semmle.label | & ... |
-| test.cpp:54:9:54:15 | StoreValue | semmle.label | StoreValue |
-| test.cpp:54:11:54:12 | Unary | semmle.label | Unary |
 | test.cpp:54:11:54:12 | mc | semmle.label | mc |
-| test.cpp:54:14:54:14 | Unary | semmle.label | Unary |
 | test.cpp:54:14:54:14 | a | semmle.label | a |
-| test.cpp:89:3:89:11 | Store | semmle.label | Store |
+| test.cpp:89:3:89:11 | ... = ... | semmle.label | ... = ... |
 | test.cpp:89:9:89:11 | & ... | semmle.label | & ... |
-| test.cpp:89:9:89:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:89:10:89:11 | Unary | semmle.label | Unary |
 | test.cpp:89:10:89:11 | mc | semmle.label | mc |
-| test.cpp:92:9:92:11 | Load | semmle.label | Load |
-| test.cpp:92:9:92:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:92:9:92:11 | ptr | semmle.label | ptr |
-| test.cpp:112:9:112:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:112:9:112:11 | Unary | semmle.label | Unary |
 | test.cpp:112:9:112:11 | arr | semmle.label | arr |
 | test.cpp:112:9:112:11 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:119:9:119:18 | & ... | semmle.label | & ... |
-| test.cpp:119:9:119:18 | StoreValue | semmle.label | StoreValue |
-| test.cpp:119:11:119:13 | Left | semmle.label | Left |
-| test.cpp:119:11:119:13 | Unary | semmle.label | Unary |
 | test.cpp:119:11:119:13 | arr | semmle.label | arr |
 | test.cpp:119:11:119:13 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:119:11:119:17 | Unary | semmle.label | Unary |
 | test.cpp:119:11:119:17 | access to array | semmle.label | access to array |
-| test.cpp:134:2:134:14 | Store | semmle.label | Store |
-| test.cpp:134:8:134:10 | Left | semmle.label | Left |
-| test.cpp:134:8:134:10 | Unary | semmle.label | Unary |
+| test.cpp:134:2:134:14 | ... = ... | semmle.label | ... = ... |
 | test.cpp:134:8:134:10 | arr | semmle.label | arr |
 | test.cpp:134:8:134:10 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:134:8:134:14 | ... + ... | semmle.label | ... + ... |
-| test.cpp:134:8:134:14 | StoreValue | semmle.label | StoreValue |
-| test.cpp:135:2:135:4 | Left | semmle.label | Left |
-| test.cpp:135:2:135:4 | Load | semmle.label | Load |
 | test.cpp:135:2:135:4 | ptr | semmle.label | ptr |
-| test.cpp:135:2:135:6 | PointerAdd | semmle.label | PointerAdd |
-| test.cpp:135:2:135:6 | Store | semmle.label | Store |
-| test.cpp:135:2:135:6 | StoreValue | semmle.label | StoreValue |
-| test.cpp:137:9:137:11 | Load | semmle.label | Load |
-| test.cpp:137:9:137:11 | StoreValue | semmle.label | StoreValue |
+| test.cpp:135:2:135:6 | ... ++ | semmle.label | ... ++ |
+| test.cpp:135:2:135:6 | ... ++ | semmle.label | ... ++ |
 | test.cpp:137:9:137:11 | ptr | semmle.label | ptr |
 | test.cpp:170:26:170:41 | (void *)... | semmle.label | (void *)... |
-| test.cpp:170:26:170:41 | Store | semmle.label | Store |
-| test.cpp:170:26:170:41 | StoreValue | semmle.label | StoreValue |
+| test.cpp:170:26:170:41 | (void *)... | semmle.label | (void *)... |
 | test.cpp:170:34:170:41 | & ... | semmle.label | & ... |
-| test.cpp:170:34:170:41 | Unary | semmle.label | Unary |
-| test.cpp:170:35:170:41 | Unary | semmle.label | Unary |
 | test.cpp:170:35:170:41 | myLocal | semmle.label | myLocal |
-| test.cpp:171:10:171:23 | Load | semmle.label | Load |
-| test.cpp:171:10:171:23 | StoreValue | semmle.label | StoreValue |
 | test.cpp:171:10:171:23 | pointerToLocal | semmle.label | pointerToLocal |
-| test.cpp:176:25:176:34 | Store | semmle.label | Store |
-| test.cpp:176:25:176:34 | StoreValue | semmle.label | StoreValue |
-| test.cpp:176:25:176:34 | Unary | semmle.label | Unary |
+| test.cpp:176:25:176:34 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:176:25:176:34 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:176:25:176:34 | localArray | semmle.label | localArray |
 | test.cpp:177:10:177:23 | (void *)... | semmle.label | (void *)... |
-| test.cpp:177:10:177:23 | Load | semmle.label | Load |
-| test.cpp:177:10:177:23 | StoreValue | semmle.label | StoreValue |
-| test.cpp:177:10:177:23 | Unary | semmle.label | Unary |
 | test.cpp:177:10:177:23 | pointerToLocal | semmle.label | pointerToLocal |
 | test.cpp:182:21:182:27 | (reference to) | semmle.label | (reference to) |
-| test.cpp:182:21:182:27 | Store | semmle.label | Store |
-| test.cpp:182:21:182:27 | StoreValue | semmle.label | StoreValue |
-| test.cpp:182:21:182:27 | Unary | semmle.label | Unary |
+| test.cpp:182:21:182:27 | (reference to) | semmle.label | (reference to) |
 | test.cpp:182:21:182:27 | myLocal | semmle.label | myLocal |
 | test.cpp:183:10:183:19 | (reference dereference) | semmle.label | (reference dereference) |
 | test.cpp:183:10:183:19 | (reference to) | semmle.label | (reference to) |
-| test.cpp:183:10:183:19 | Load | semmle.label | Load |
-| test.cpp:183:10:183:19 | StoreValue | semmle.label | StoreValue |
-| test.cpp:183:10:183:19 | Unary | semmle.label | Unary |
-| test.cpp:183:10:183:19 | Unary | semmle.label | Unary |
 | test.cpp:183:10:183:19 | refToLocal | semmle.label | refToLocal |
 | test.cpp:189:16:189:16 | (reference to) | semmle.label | (reference to) |
-| test.cpp:189:16:189:16 | Store | semmle.label | Store |
-| test.cpp:189:16:189:16 | StoreValue | semmle.label | StoreValue |
-| test.cpp:189:16:189:16 | Unary | semmle.label | Unary |
+| test.cpp:189:16:189:16 | (reference to) | semmle.label | (reference to) |
 | test.cpp:189:16:189:16 | p | semmle.label | p |
 | test.cpp:190:10:190:13 | (reference dereference) | semmle.label | (reference dereference) |
 | test.cpp:190:10:190:13 | (reference to) | semmle.label | (reference to) |
-| test.cpp:190:10:190:13 | Load | semmle.label | Load |
-| test.cpp:190:10:190:13 | StoreValue | semmle.label | StoreValue |
-| test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
-| test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
 | test.cpp:190:10:190:13 | pRef | semmle.label | pRef |
 #select
-| test.cpp:17:9:17:11 | StoreValue | test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
-| test.cpp:25:9:25:11 | StoreValue | test.cpp:23:18:23:19 | mc | test.cpp:25:9:25:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
-| test.cpp:41:9:41:12 | StoreValue | test.cpp:39:17:39:18 | mc | test.cpp:41:9:41:12 | StoreValue | May return stack-allocated memory from $@. | test.cpp:39:17:39:18 | mc | mc |
-| test.cpp:47:9:47:10 | StoreValue | test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | StoreValue | May return stack-allocated memory from $@. | test.cpp:47:9:47:10 | mc | mc |
-| test.cpp:54:9:54:15 | StoreValue | test.cpp:54:11:54:12 | mc | test.cpp:54:9:54:15 | StoreValue | May return stack-allocated memory from $@. | test.cpp:54:11:54:12 | mc | mc |
-| test.cpp:92:9:92:11 | StoreValue | test.cpp:89:10:89:11 | mc | test.cpp:92:9:92:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:89:10:89:11 | mc | mc |
-| test.cpp:112:9:112:11 | StoreValue | test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
-| test.cpp:119:9:119:18 | StoreValue | test.cpp:119:11:119:13 | arr | test.cpp:119:9:119:18 | StoreValue | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
-| test.cpp:137:9:137:11 | StoreValue | test.cpp:134:8:134:10 | arr | test.cpp:137:9:137:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:134:8:134:10 | arr | arr |
-| test.cpp:171:10:171:23 | StoreValue | test.cpp:170:35:170:41 | myLocal | test.cpp:171:10:171:23 | StoreValue | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |
-| test.cpp:177:10:177:23 | StoreValue | test.cpp:176:25:176:34 | localArray | test.cpp:177:10:177:23 | StoreValue | May return stack-allocated memory from $@. | test.cpp:176:25:176:34 | localArray | localArray |
-| test.cpp:183:10:183:19 | StoreValue | test.cpp:182:21:182:27 | myLocal | test.cpp:183:10:183:19 | StoreValue | May return stack-allocated memory from $@. | test.cpp:182:21:182:27 | myLocal | myLocal |
-| test.cpp:190:10:190:13 | StoreValue | test.cpp:189:16:189:16 | p | test.cpp:190:10:190:13 | StoreValue | May return stack-allocated memory from $@. | test.cpp:189:16:189:16 | p | p |
+| test.cpp:17:9:17:11 | CopyValue: & ... | test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | & ... | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
+| test.cpp:25:9:25:11 | Load: ptr | test.cpp:23:18:23:19 | mc | test.cpp:25:9:25:11 | ptr | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
+| test.cpp:41:9:41:12 | CopyValue: & ... | test.cpp:39:17:39:18 | mc | test.cpp:41:9:41:12 | & ... | May return stack-allocated memory from $@. | test.cpp:39:17:39:18 | mc | mc |
+| test.cpp:47:9:47:10 | CopyValue: (reference to) | test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | (reference to) | May return stack-allocated memory from $@. | test.cpp:47:9:47:10 | mc | mc |
+| test.cpp:54:9:54:15 | CopyValue: & ... | test.cpp:54:11:54:12 | mc | test.cpp:54:9:54:15 | & ... | May return stack-allocated memory from $@. | test.cpp:54:11:54:12 | mc | mc |
+| test.cpp:92:9:92:11 | Load: ptr | test.cpp:89:10:89:11 | mc | test.cpp:92:9:92:11 | ptr | May return stack-allocated memory from $@. | test.cpp:89:10:89:11 | mc | mc |
+| test.cpp:112:9:112:11 | Convert: array to pointer conversion | test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | array to pointer conversion | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
+| test.cpp:119:9:119:18 | CopyValue: & ... | test.cpp:119:11:119:13 | arr | test.cpp:119:9:119:18 | & ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
+| test.cpp:137:9:137:11 | Load: ptr | test.cpp:134:8:134:10 | arr | test.cpp:137:9:137:11 | ptr | May return stack-allocated memory from $@. | test.cpp:134:8:134:10 | arr | arr |
+| test.cpp:171:10:171:23 | Load: pointerToLocal | test.cpp:170:35:170:41 | myLocal | test.cpp:171:10:171:23 | pointerToLocal | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |
+| test.cpp:177:10:177:23 | Convert: (void *)... | test.cpp:176:25:176:34 | localArray | test.cpp:177:10:177:23 | (void *)... | May return stack-allocated memory from $@. | test.cpp:176:25:176:34 | localArray | localArray |
+| test.cpp:183:10:183:19 | CopyValue: (reference to) | test.cpp:182:21:182:27 | myLocal | test.cpp:183:10:183:19 | (reference to) | May return stack-allocated memory from $@. | test.cpp:182:21:182:27 | myLocal | myLocal |
+| test.cpp:190:10:190:13 | CopyValue: (reference to) | test.cpp:189:16:189:16 | p | test.cpp:190:10:190:13 | (reference to) | May return stack-allocated memory from $@. | test.cpp:189:16:189:16 | p | p |
diff --git a/cpp/ql/test/query-tests/Metrics/Dependencies/TestPackage.qll b/cpp/ql/test/query-tests/Metrics/Dependencies/TestPackage.qll
index 42ddb58a36f..8332bf3ea7c 100644
--- a/cpp/ql/test/query-tests/Metrics/Dependencies/TestPackage.qll
+++ b/cpp/ql/test/query-tests/Metrics/Dependencies/TestPackage.qll
@@ -3,10 +3,8 @@ import Metrics.Dependencies.ExternalDependencies
 /**
  * Count directories as libraries for testing purposes.
  */
-class TestPackage extends LibraryElement {
-  TestPackage() { this instanceof Folder }
-
-  override string getName() { result = this.(Folder).getBaseName() }
+class TestPackage extends LibraryElement instanceof Folder {
+  override string getName() { result = super.getBaseName() }
 
   override string getVersion() { result = "1.0" }
 
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
index 28d9a9c82e8..3c9571780d7 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
@@ -1,19 +1,8 @@
 edges
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection |
-subpaths
 nodes
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | semmle.label | ... + ... |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | semmle.label | fgets output argument |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | semmle.label | (const char *)... |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | semmle.label | data indirection |
+subpaths
 #select
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | user input (fgets) |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | user input (string read by fgets) |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
index 51cfc800db6..f4bf42b031f 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
@@ -1,19 +1,20 @@
 edges
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | (const char *)... |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | (const char *)... |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
-subpaths
+| test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection |
+| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection |
+| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection |
 nodes
 | test.c:9:23:9:26 | argv | semmle.label | argv |
-| test.c:9:23:9:26 | argv | semmle.label | argv |
-| test.c:17:11:17:18 | (const char *)... | semmle.label | (const char *)... |
-| test.c:17:11:17:18 | fileName | semmle.label | fileName |
-| test.c:17:11:17:18 | fileName | semmle.label | fileName |
 | test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
+| test.c:31:22:31:25 | argv | semmle.label | argv |
+| test.c:32:11:32:18 | fileName indirection | semmle.label | fileName indirection |
+| test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
+| test.c:38:11:38:18 | fileName indirection | semmle.label | fileName indirection |
+| test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument |
+| test.c:44:11:44:18 | fileName indirection | semmle.label | fileName indirection |
+subpaths
 #select
-| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (argv) |
+| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (a command-line argument) |
+| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv | user input (a command-line argument) |
+| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
+| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h
index fe518804cc8..5b6483480f7 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h
@@ -11,3 +11,7 @@ FILE *fopen(const char *filename, const char *mode);
 int sprintf(char *s, const char *format, ...);
 size_t strlen(const char *s);
 char *strncat(char *s1, const char *s2, size_t n);
+int scanf(const char *format, ...);
+void *malloc(size_t size);
+double strtod(const char *ptr, char **endptr);
+char *getenv(const char *name);
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c
index 6c2e2316b24..a11fd73edd7 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c
@@ -26,5 +26,38 @@ int main(int argc, char** argv) {
     strncat(fileName+len, fixed, FILENAME_MAX-len-1);
     fopen(fileName, "wb+");
   }
+
+  {
+    char *fileName = argv[1];
+    fopen(fileName, "wb+"); // BAD
+  }
+
+  {
+    char fileName[20];
+    scanf("%s", fileName);
+    fopen(fileName, "wb+"); // BAD
+  }
+
+  {
+    char *fileName = (char*)malloc(20 * sizeof(char));
+    scanf("%s", fileName);
+    fopen(fileName, "wb+"); // BAD
+  }
+
+  {
+    char *aNumber = getenv("A_NUMBER");
+    double number = strtod(aNumber, 0);
+    char fileName[20];
+    sprintf(fileName, "/foo/%f", number);
+    fopen(fileName, "wb+"); // GOOD
+  }
+
+  {
+    void read(const char *fileName);
+    read(argv[1]); // BAD [NOT DETECTED]
+  }
 }
 
+void read(char *fileName) {
+  fopen(fileName, "wb+");
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
index 5542eac5d3a..20be1550401 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -163,17 +163,17 @@ subpaths
 #select
 | test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
 | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
-| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
-| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
-| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
+| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
+| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
+| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
 | test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
 | test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | Call | Call |
 | test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | Call | Call |
-| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
+| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
+| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
+| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
+| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
+| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
index 2c3e9243cf1..170593664f2 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
@@ -7,42 +7,12 @@ edges
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array indirection |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array indirection |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 indirection |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array indirection |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array indirection |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 |
-| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:33:21:33:29 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 |
-| tests.c:33:21:33:29 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 |
-| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 indirection |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
@@ -65,16 +35,11 @@ nodes
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:34 | access to array indirection | semmle.label | access to array indirection |
 | tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
-| tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
-| tests.c:31:15:31:23 | buffer100 indirection | semmle.label | buffer100 indirection |
-| tests.c:31:15:31:23 | scanf output argument | semmle.label | scanf output argument |
-| tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
-| tests.c:33:21:33:29 | buffer100 indirection | semmle.label | buffer100 indirection |
 | tests.c:34:10:34:13 | argv | semmle.label | argv |
 | tests.c:34:10:34:13 | argv | semmle.label | argv |
 | tests.c:34:10:34:16 | (const char *)... | semmle.label | (const char *)... |
@@ -84,11 +49,6 @@ nodes
 #select
 | tests.c:28:3:28:9 | call to sprintf | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
 | tests.c:29:3:29:9 | call to sprintf | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
-| tests.c:31:15:31:23 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
-| tests.c:31:15:31:23 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
-| tests.c:33:21:33:29 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
-| tests.c:33:21:33:29 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
-| tests.c:33:21:33:29 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:33:21:33:29 | buffer100 | buffer100 |
 | tests.c:34:25:34:33 | buffer100 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array | This 'sscanf string argument' with input from $@ may overflow the destination. | tests.c:34:10:34:13 | argv | argv |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp
index b11a136ed24..b1245c6ae89 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp
@@ -332,4 +332,13 @@ void ptr_diff_case() {
 	char* admin_begin_pos = strstr(user, "ADMIN");
 	int offset = admin_begin_pos ? user - admin_begin_pos : 0; 
 	malloc(offset); // GOOD
-}
\ No newline at end of file
+}
+
+void equality_barrier() {
+	int size1 = atoi(getenv("USER"));
+	int size2 = atoi(getenv("USER"));
+
+	if (size1 == size2) {
+		int* a = (int*)malloc(size1 * sizeof(int)); // GOOD
+	}
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c
index 6999795b004..29ab7cc8f25 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c
@@ -95,5 +95,12 @@ int main(int argc, char** argv) {
     }
   }
 
+  // GOOD: check the user input first
+  int maxConnections3 = atoi(argv[1]);
+  int maxConnections4 = atoi(argv[1]);
+  if (maxConnections3 == maxConnections4) {
+    startServer(maxConnections3 * 1000);
+  }
+
   return 0;
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
index cece7f64714..23850de9418 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
@@ -6,5 +6,5 @@ nodes
 | test.cpp:58:25:58:29 | input | semmle.label | input |
 subpaths
 #select
-| test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (String read by gets) |
+| test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) |
 | test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv | user input (a command-line argument) |
diff --git a/csharp/.gitignore b/csharp/.gitignore
index 0701c11fe1d..a030c9444fe 100644
--- a/csharp/.gitignore
+++ b/csharp/.gitignore
@@ -11,4 +11,7 @@ csharp.log
 *.tlog
 .vs
 *.user
-.vscode/launch.json
\ No newline at end of file
+.vscode/launch.json
+
+extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
+extractor-pack
\ No newline at end of file
diff --git a/csharp/actions/create-extractor-pack/action.yml b/csharp/actions/create-extractor-pack/action.yml
new file mode 100644
index 00000000000..43b0ec9c6fe
--- /dev/null
+++ b/csharp/actions/create-extractor-pack/action.yml
@@ -0,0 +1,13 @@
+name: Build C# CodeQL pack
+description: Builds the C# CodeQL pack
+runs:
+  using: composite
+  steps:
+    - name: Setup dotnet
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: 6.0.202
+    - name: Build Extractor
+      shell: bash
+      run: scripts/create-extractor-pack.sh
+      working-directory: csharp
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
index 9afe24ed72f..df362c2a129 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
@@ -403,7 +403,7 @@ namespace Semmle.Autobuild.CSharp.Tests
             actions.GetCurrentDirectory = cwd;
             actions.IsWindows = isWindows;
 
-            var options = new AutobuildOptions(actions, Language.CSharp);
+            var options = new CSharpAutobuildOptions(actions);
             return new CSharpAutobuilder(actions, options);
         }
 
@@ -576,7 +576,7 @@ namespace Semmle.Autobuild.CSharp.Tests
             actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"] = false;
         }
 
-        private void TestAutobuilderScript(Autobuilder autobuilder, int expectedOutput, int commandsRun)
+        private void TestAutobuilderScript(CSharpAutobuilder autobuilder, int expectedOutput, int commandsRun)
         {
             Assert.Equal(expectedOutput, autobuilder.GetBuildScript().Run(actions, StartCallback, EndCallback));
 
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj
index a91868fbd80..1d5ac39a96f 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj
@@ -6,17 +6,17 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="System.IO.FileSystem" Version="4.3.0"/>
-		<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0"/>
-		<PackageReference Include="xunit" Version="2.4.1"/>
-		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
+		<PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
+		<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
+		<PackageReference Include="xunit" Version="2.4.2" />
+		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0"/>
+		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj"/>
-		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj"/>
+		<ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/CSharpAutobuilder.cs b/csharp/autobuilder/Semmle.Autobuild.CSharp/CSharpAutobuilder.cs
index ff6d2c804cc..71891fa4e8b 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/CSharpAutobuilder.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/CSharpAutobuilder.cs
@@ -4,9 +4,32 @@ using Semmle.Autobuild.Shared;
 
 namespace Semmle.Autobuild.CSharp
 {
-    public class CSharpAutobuilder : Autobuilder
+    /// <summary>
+    /// Encapsulates C# build options.
+    /// </summary>
+    public class CSharpAutobuildOptions : AutobuildOptionsShared
     {
-        public CSharpAutobuilder(IBuildActions actions, AutobuildOptions options) : base(actions, options) { }
+        private const string extractorOptionPrefix = "CODEQL_EXTRACTOR_CSHARP_OPTION_";
+
+        public bool Buildless { get; }
+
+        public override Language Language => Language.CSharp;
+
+
+        /// <summary>
+        /// Reads options from environment variables.
+        /// Throws ArgumentOutOfRangeException for invalid arguments.
+        /// </summary>
+        public CSharpAutobuildOptions(IBuildActions actions) : base(actions)
+        {
+            Buildless = actions.GetEnvironmentVariable(lgtmPrefix + "BUILDLESS").AsBool("buildless", false) ||
+                actions.GetEnvironmentVariable(extractorOptionPrefix + "BUILDLESS").AsBool("buildless", false);
+        }
+    }
+
+    public class CSharpAutobuilder : Autobuilder<CSharpAutobuildOptions>
+    {
+        public CSharpAutobuilder(IBuildActions actions, CSharpAutobuildOptions options) : base(actions, options) { }
 
         public override BuildScript GetBuildScript()
         {
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs b/csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs
index 163dbfa1464..394349e2a40 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs
@@ -13,9 +13,9 @@ namespace Semmle.Autobuild.CSharp
     /// A build rule where the build command is of the form "dotnet build".
     /// Currently unused because the tracer does not work with dotnet.
     /// </summary>
-    internal class DotNetRule : IBuildRule
+    internal class DotNetRule : IBuildRule<CSharpAutobuildOptions>
     {
-        public BuildScript Analyse(Autobuilder builder, bool auto)
+        public BuildScript Analyse(IAutobuilder<CSharpAutobuildOptions> builder, bool auto)
         {
             if (!builder.ProjectsOrSolutionsToBuild.Any())
                 return BuildScript.Failure;
@@ -24,7 +24,7 @@ namespace Semmle.Autobuild.CSharp
             {
                 var notDotNetProject = builder.ProjectsOrSolutionsToBuild
                     .SelectMany(p => Enumerators.Singleton(p).Concat(p.IncludedProjects))
-                    .OfType<Project>()
+                    .OfType<Project<CSharpAutobuildOptions>>()
                     .FirstOrDefault(p => !p.DotNetProject);
                 if (notDotNetProject is not null)
                 {
@@ -56,7 +56,7 @@ namespace Semmle.Autobuild.CSharp
                 });
         }
 
-        private static BuildScript WithDotNet(Autobuilder builder, Func<string?, IDictionary<string, string>?, BuildScript> f)
+        private static BuildScript WithDotNet(IAutobuilder<AutobuildOptionsShared> builder, Func<string?, IDictionary<string, string>?, BuildScript> f)
         {
             var installDir = builder.Actions.PathCombine(builder.Options.RootDirectory, ".dotnet");
             var installScript = DownloadDotNet(builder, installDir);
@@ -92,7 +92,7 @@ namespace Semmle.Autobuild.CSharp
         /// variables needed by the installed .NET Core (<code>null</code> when no variables
         /// are needed).
         /// </summary>
-        public static BuildScript WithDotNet(Autobuilder builder, Func<IDictionary<string, string>?, BuildScript> f)
+        public static BuildScript WithDotNet(IAutobuilder<AutobuildOptionsShared> builder, Func<IDictionary<string, string>?, BuildScript> f)
             => WithDotNet(builder, (_1, env) => f(env));
 
         /// <summary>
@@ -100,7 +100,7 @@ namespace Semmle.Autobuild.CSharp
         /// .NET Core SDK. The SDK(s) will be installed at <code>installDir</code>
         /// (provided that the script succeeds).
         /// </summary>
-        private static BuildScript DownloadDotNet(Autobuilder builder, string installDir)
+        private static BuildScript DownloadDotNet(IAutobuilder<AutobuildOptionsShared> builder, string installDir)
         {
             if (!string.IsNullOrEmpty(builder.Options.DotNetVersion))
                 // Specific version supplied in configuration: always use that
@@ -137,7 +137,7 @@ namespace Semmle.Autobuild.CSharp
         ///
         /// See https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-install-script.
         /// </summary>
-        private static BuildScript DownloadDotNetVersion(Autobuilder builder, string path, string version)
+        private static BuildScript DownloadDotNetVersion(IAutobuilder<AutobuildOptionsShared> builder, string path, string version)
         {
             return BuildScript.Bind(GetInstalledSdksScript(builder.Actions), (sdks, sdksRet) =>
                 {
@@ -233,7 +233,7 @@ namespace Semmle.Autobuild.CSharp
         /// <summary>
         /// Gets the `dotnet build` script.
         /// </summary>
-        private static BuildScript GetBuildScript(Autobuilder builder, string? dotNetPath, IDictionary<string, string>? environment, string projOrSln)
+        private static BuildScript GetBuildScript(IAutobuilder<CSharpAutobuildOptions> builder, string? dotNetPath, IDictionary<string, string>? environment, string projOrSln)
         {
             var build = new CommandBuilder(builder.Actions, null, environment);
             var script = build.RunCommand(DotNetCommand(builder.Actions, dotNetPath)).
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/Program.cs b/csharp/autobuilder/Semmle.Autobuild.CSharp/Program.cs
index 2233557af16..479625c76e3 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/Program.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/Program.cs
@@ -11,7 +11,7 @@ namespace Semmle.Autobuild.CSharp
             try
             {
                 var actions = SystemBuildActions.Instance;
-                var options = new AutobuildOptions(actions, Language.CSharp);
+                var options = new CSharpAutobuildOptions(actions);
                 try
                 {
                     Console.WriteLine("CodeQL C# autobuilder");
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj b/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj
index 4f712a651d4..981ea925b77 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj
@@ -11,15 +11,15 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<Folder Include="Properties\"/>
+		<Folder Include="Properties\" />
 	</ItemGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.Build" Version="16.11.0"/>
-		<PackageReference Include="Newtonsoft.Json" Version="13.0.1"/>
+		<PackageReference Include="Microsoft.Build" Version="17.3.2" />
+		<PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj"/>
-		<ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj"/>
-		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj"/>
+		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
+		<ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs b/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs
index fa6523e37ae..207ecd70f0a 100644
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs
@@ -6,9 +6,9 @@ namespace Semmle.Autobuild.CSharp
     /// <summary>
     /// Build using standalone extraction.
     /// </summary>
-    internal class StandaloneBuildRule : IBuildRule
+    internal class StandaloneBuildRule : IBuildRule<CSharpAutobuildOptions>
     {
-        public BuildScript Analyse(Autobuilder builder, bool auto)
+        public BuildScript Analyse(IAutobuilder<CSharpAutobuildOptions> builder, bool auto)
         {
             BuildScript GetCommand(string? solution)
             {
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/AutobuildOptions.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/AutobuildOptions.cs
index ed20bb929ff..d51612272d0 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/AutobuildOptions.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/AutobuildOptions.cs
@@ -6,12 +6,12 @@ using System.Text.RegularExpressions;
 namespace Semmle.Autobuild.Shared
 {
     /// <summary>
-    /// Encapsulates build options.
+    /// Encapsulates build options shared between C# and C++.
     /// </summary>
-    public class AutobuildOptions
+    public abstract class AutobuildOptionsShared
     {
-        private const string lgtmPrefix = "LGTM_INDEX_";
-        private const string extractorOptionPrefix = "CODEQL_EXTRACTOR_CSHARP_OPTION_";
+        protected const string lgtmPrefix = "LGTM_INDEX_";
+
 
         public int SearchDepth { get; } = 3;
         public string RootDirectory { get; }
@@ -25,16 +25,16 @@ namespace Semmle.Autobuild.Shared
         public string? BuildCommand { get; }
         public IEnumerable<string> Solution { get; }
         public bool IgnoreErrors { get; }
-        public bool Buildless { get; }
+
         public bool AllSolutions { get; }
         public bool NugetRestore { get; }
-        public Language Language { get; }
+        public abstract Language Language { get; }
 
         /// <summary>
         /// Reads options from environment variables.
         /// Throws ArgumentOutOfRangeException for invalid arguments.
         /// </summary>
-        public AutobuildOptions(IBuildActions actions, Language language)
+        public AutobuildOptionsShared(IBuildActions actions)
         {
             RootDirectory = actions.GetCurrentDirectory();
             VsToolsVersion = actions.GetEnvironmentVariable(lgtmPrefix + "VSTOOLS_VERSION");
@@ -48,12 +48,8 @@ namespace Semmle.Autobuild.Shared
             Solution = actions.GetEnvironmentVariable(lgtmPrefix + "SOLUTION").AsListWithExpandedEnvVars(actions, Array.Empty<string>());
 
             IgnoreErrors = actions.GetEnvironmentVariable(lgtmPrefix + "IGNORE_ERRORS").AsBool("ignore_errors", false);
-            Buildless = actions.GetEnvironmentVariable(lgtmPrefix + "BUILDLESS").AsBool("buildless", false) ||
-                actions.GetEnvironmentVariable(extractorOptionPrefix + "BUILDLESS").AsBool("buildless", false);
             AllSolutions = actions.GetEnvironmentVariable(lgtmPrefix + "ALL_SOLUTIONS").AsBool("all_solutions", false);
             NugetRestore = actions.GetEnvironmentVariable(lgtmPrefix + "NUGET_RESTORE").AsBool("nuget_restore", true);
-
-            Language = language;
         }
     }
 
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
index d90175d245a..1ef5ebd815d 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
@@ -9,21 +9,21 @@ namespace Semmle.Autobuild.Shared
     /// <summary>
     /// A build rule analyses the files in "builder" and outputs a build script.
     /// </summary>
-    public interface IBuildRule
+    public interface IBuildRule<TAutobuildOptions> where TAutobuildOptions : AutobuildOptionsShared
     {
         /// <summary>
         /// Analyse the files and produce a build script.
         /// </summary>
         /// <param name="builder">The files and options relating to the build.</param>
         /// <param name="auto">Whether this build rule is being automatically applied.</param>
-        BuildScript Analyse(Autobuilder builder, bool auto);
+        BuildScript Analyse(IAutobuilder<TAutobuildOptions> builder, bool auto);
     }
 
     /// <summary>
     /// A delegate used to wrap a build script in an environment where an appropriate
     /// version of .NET Core is automatically installed.
     /// </summary>
-    public delegate BuildScript WithDotNet(Autobuilder builder, Func<IDictionary<string, string>?, BuildScript> f);
+    public delegate BuildScript WithDotNet<TAutobuildOptions>(IAutobuilder<TAutobuildOptions> builder, Func<IDictionary<string, string>?, BuildScript> f) where TAutobuildOptions : AutobuildOptionsShared;
 
     /// <summary>
     /// Exception indicating that environment variables are missing or invalid.
@@ -33,6 +33,59 @@ namespace Semmle.Autobuild.Shared
         public InvalidEnvironmentException(string m) : base(m) { }
     }
 
+    public interface IAutobuilder<out TAutobuildOptions> where TAutobuildOptions : AutobuildOptionsShared
+    {
+        /// <summary>
+        /// Full file paths of files found in the project directory, as well as
+        /// their distance from the project root folder. The list is sorted
+        /// by distance in ascending order.
+        /// </summary>
+        IEnumerable<(string, int)> Paths { get; }
+
+        /// <summary>
+        /// Gets all paths matching a particular filename, as well as
+        /// their distance from the project root folder. The list is sorted
+        /// by distance in ascending order.
+        /// </summary>
+        /// <param name="name">The filename to find.</param>
+        /// <returns>Possibly empty sequence of paths with the given filename.</returns>
+        IEnumerable<(string, int)> GetFilename(string name) =>
+           Paths.Where(p => Actions.GetFileName(p.Item1) == name);
+
+        /// <summary>
+        /// List of project/solution files to build.
+        /// </summary>
+        IList<IProjectOrSolution> ProjectsOrSolutionsToBuild { get; }
+
+        /// <summary>
+        /// Gets the supplied build configuration.
+        /// </summary>
+        TAutobuildOptions Options { get; }
+
+        /// <summary>
+        /// The set of build actions used during the autobuilder.
+        /// Could be real system operations, or a stub for testing.
+        /// </summary>
+        IBuildActions Actions { get; }
+
+        /// <summary>
+        /// Log a given build event to the console.
+        /// </summary>
+        /// <param name="format">The format string.</param>
+        /// <param name="args">Inserts to the format string.</param>
+        void Log(Severity severity, string format, params object[] args);
+
+        /// <summary>
+        /// Value of CODEQL_EXTRACTOR_<LANG>_ROOT environment variable.
+        /// </summary>
+        string? CodeQLExtractorLangRoot { get; }
+
+        /// <summary>
+        /// Value of CODEQL_PLATFORM environment variable.
+        /// </summary>
+        string? CodeQlPlatform { get; }
+    }
+
     /// <summary>
     /// Main application logic, containing all data
     /// gathered from the project and filesystem.
@@ -40,7 +93,7 @@ namespace Semmle.Autobuild.Shared
     /// The overall design is intended to be extensible so that in theory,
     /// it should be possible to add new build rules without touching this code.
     /// </summary>
-    public abstract class Autobuilder
+    public abstract class Autobuilder<TAutobuildOptions> : IAutobuilder<TAutobuildOptions> where TAutobuildOptions : AutobuildOptionsShared
     {
         /// <summary>
         /// Full file paths of files found in the project directory, as well as
@@ -60,16 +113,6 @@ namespace Semmle.Autobuild.Shared
         public IEnumerable<(string, int)> GetExtensions(params string[] extensions) =>
             Paths.Where(p => extensions.Contains(Path.GetExtension(p.Item1)));
 
-        /// <summary>
-        /// Gets all paths matching a particular filename, as well as
-        /// their distance from the project root folder. The list is sorted
-        /// by distance in ascending order.
-        /// </summary>
-        /// <param name="name">The filename to find.</param>
-        /// <returns>Possibly empty sequence of paths with the given filename.</returns>
-        public IEnumerable<(string, int)> GetFilename(string name) =>
-            Paths.Where(p => Actions.GetFileName(p.Item1) == name);
-
         /// <summary>
         /// Holds if a given path, relative to the root of the source directory
         /// was found.
@@ -115,7 +158,7 @@ namespace Semmle.Autobuild.Shared
         /// <summary>
         /// Gets the supplied build configuration.
         /// </summary>
-        public AutobuildOptions Options { get; }
+        public TAutobuildOptions Options { get; }
 
         /// <summary>
         /// The set of build actions used during the autobuilder.
@@ -123,7 +166,7 @@ namespace Semmle.Autobuild.Shared
         /// </summary>
         public IBuildActions Actions { get; }
 
-        private IEnumerable<IProjectOrSolution>? FindFiles(string extension, Func<string, ProjectOrSolution> create)
+        private IEnumerable<IProjectOrSolution>? FindFiles(string extension, Func<string, ProjectOrSolution<TAutobuildOptions>> create)
         {
             var matchingFiles = GetExtensions(extension)
                 .Select(p => (ProjectOrSolution: create(p.Item1), DistanceFromRoot: p.Item2))
@@ -146,7 +189,7 @@ namespace Semmle.Autobuild.Shared
         /// solution file and tools.
         /// </summary>
         /// <param name="options">The command line options.</param>
-        protected Autobuilder(IBuildActions actions, AutobuildOptions options)
+        protected Autobuilder(IBuildActions actions, TAutobuildOptions options)
         {
             Actions = actions;
             Options = options;
@@ -167,7 +210,7 @@ namespace Semmle.Autobuild.Shared
                     foreach (var solution in options.Solution)
                     {
                         if (actions.FileExists(solution))
-                            ret.Add(new Solution(this, solution, true));
+                            ret.Add(new Solution<TAutobuildOptions>(this, solution, true));
                         else
                             Log(Severity.Error, $"The specified project or solution file {solution} was not found");
                     }
@@ -175,17 +218,17 @@ namespace Semmle.Autobuild.Shared
                 }
 
                 // First look for `.proj` files
-                ret = FindFiles(".proj", f => new Project(this, f))?.ToList();
+                ret = FindFiles(".proj", f => new Project<TAutobuildOptions>(this, f))?.ToList();
                 if (ret is not null)
                     return ret;
 
                 // Then look for `.sln` files
-                ret = FindFiles(".sln", f => new Solution(this, f, false))?.ToList();
+                ret = FindFiles(".sln", f => new Solution<TAutobuildOptions>(this, f, false))?.ToList();
                 if (ret is not null)
                     return ret;
 
                 // Finally look for language specific project files, e.g. `.csproj` files
-                ret = FindFiles(this.Options.Language.ProjectExtension, f => new Project(this, f))?.ToList();
+                ret = FindFiles(this.Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
                 return ret ?? new List<IProjectOrSolution>();
             });
 
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandAutoRule.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandAutoRule.cs
index b6cb0737630..0d44f0dad4d 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandAutoRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandAutoRule.cs
@@ -7,11 +7,11 @@ namespace Semmle.Autobuild.Shared
     /// <summary>
     /// Auto-detection of build scripts.
     /// </summary>
-    public class BuildCommandAutoRule : IBuildRule
+    public class BuildCommandAutoRule : IBuildRule<AutobuildOptionsShared>
     {
-        private readonly WithDotNet withDotNet;
+        private readonly WithDotNet<AutobuildOptionsShared> withDotNet;
 
-        public BuildCommandAutoRule(WithDotNet withDotNet)
+        public BuildCommandAutoRule(WithDotNet<AutobuildOptionsShared> withDotNet)
         {
             this.withDotNet = withDotNet;
         }
@@ -31,7 +31,7 @@ namespace Semmle.Autobuild.Shared
             "build"
         };
 
-        public BuildScript Analyse(Autobuilder builder, bool auto)
+        public BuildScript Analyse(IAutobuilder<AutobuildOptionsShared> builder, bool auto)
         {
             builder.Log(Severity.Info, "Attempting to locate build script");
 
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandRule.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandRule.cs
index 6db4cfa139d..54d406c9dac 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/BuildCommandRule.cs
@@ -3,16 +3,16 @@
     /// <summary>
     /// Execute the build_command rule.
     /// </summary>
-    public class BuildCommandRule : IBuildRule
+    public class BuildCommandRule : IBuildRule<AutobuildOptionsShared>
     {
-        private readonly WithDotNet withDotNet;
+        private readonly WithDotNet<AutobuildOptionsShared> withDotNet;
 
-        public BuildCommandRule(WithDotNet withDotNet)
+        public BuildCommandRule(WithDotNet<AutobuildOptionsShared> withDotNet)
         {
             this.withDotNet = withDotNet;
         }
 
-        public BuildScript Analyse(Autobuilder builder, bool auto)
+        public BuildScript Analyse(IAutobuilder<AutobuildOptionsShared> builder, bool auto)
         {
             if (builder.Options.BuildCommand is null)
                 return BuildScript.Failure;
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs
index 0afc1da098c..77f2f70f718 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs
@@ -6,14 +6,14 @@ namespace Semmle.Autobuild.Shared
     /// <summary>
     /// A build rule using msbuild.
     /// </summary>
-    public class MsBuildRule : IBuildRule
+    public class MsBuildRule : IBuildRule<AutobuildOptionsShared>
     {
         /// <summary>
         /// The name of the msbuild command.
         /// </summary>
         private const string msBuild = "msbuild";
 
-        public BuildScript Analyse(Autobuilder builder, bool auto)
+        public BuildScript Analyse(IAutobuilder<AutobuildOptionsShared> builder, bool auto)
         {
             if (!builder.ProjectsOrSolutionsToBuild.Any())
                 return BuildScript.Failure;
@@ -27,8 +27,8 @@ namespace Semmle.Autobuild.Shared
             {
                 var firstSolution = builder.ProjectsOrSolutionsToBuild.OfType<ISolution>().FirstOrDefault();
                 vsTools = firstSolution is not null
-                                ? BuildTools.FindCompatibleVcVars(builder.Actions, firstSolution)
-                                : BuildTools.VcVarsAllBatFiles(builder.Actions).OrderByDescending(b => b.ToolsVersion).FirstOrDefault();
+                                        ? BuildTools.FindCompatibleVcVars(builder.Actions, firstSolution)
+                                        : BuildTools.VcVarsAllBatFiles(builder.Actions).OrderByDescending(b => b.ToolsVersion).FirstOrDefault();
             }
 
             if (vsTools is null && builder.Actions.IsWindows())
@@ -123,7 +123,7 @@ namespace Semmle.Autobuild.Shared
         ///
         /// Returns <code>null</code> when no version is specified.
         /// </summary>
-        public static VcVarsBatFile? GetVcVarsBatFile(Autobuilder builder)
+        public static VcVarsBatFile? GetVcVarsBatFile<TAutobuildOptions>(IAutobuilder<TAutobuildOptions> builder) where TAutobuildOptions : AutobuildOptionsShared
         {
             VcVarsBatFile? vsTools = null;
 
@@ -154,7 +154,7 @@ namespace Semmle.Autobuild.Shared
         /// <summary>
         /// Returns a script for downloading `nuget.exe` from nuget.org.
         /// </summary>
-        private static BuildScript DownloadNugetExe(Autobuilder builder, string path) =>
+        private static BuildScript DownloadNugetExe<TAutobuildOptions>(IAutobuilder<TAutobuildOptions> builder, string path) where TAutobuildOptions : AutobuildOptionsShared =>
             BuildScript.Create(_ =>
             {
                 builder.Log(Severity.Info, "Attempting to download nuget.exe");
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
index bdc712d6623..71522859871 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
@@ -12,7 +12,7 @@ namespace Semmle.Autobuild.Shared
     /// C# project files come in 2 flavours, .Net core and msbuild, but they
     /// have the same file extension.
     /// </summary>
-    public class Project : ProjectOrSolution
+    public class Project<TAutobuildOptions> : ProjectOrSolution<TAutobuildOptions> where TAutobuildOptions : AutobuildOptionsShared
     {
         /// <summary>
         /// Holds if this project is for .Net core.
@@ -23,13 +23,13 @@ namespace Semmle.Autobuild.Shared
 
         public Version ToolsVersion { get; private set; }
 
-        private readonly Lazy<List<Project>> includedProjectsLazy;
+        private readonly Lazy<List<Project<TAutobuildOptions>>> includedProjectsLazy;
         public override IEnumerable<IProjectOrSolution> IncludedProjects => includedProjectsLazy.Value;
 
-        public Project(Autobuilder builder, string path) : base(builder, path)
+        public Project(Autobuilder<TAutobuildOptions> builder, string path) : base(builder, path)
         {
             ToolsVersion = new Version();
-            includedProjectsLazy = new Lazy<List<Project>>(() => new List<Project>());
+            includedProjectsLazy = new Lazy<List<Project<TAutobuildOptions>>>(() => new List<Project<TAutobuildOptions>>());
 
             if (!builder.Actions.FileExists(FullPath))
                 return;
@@ -70,9 +70,9 @@ namespace Semmle.Autobuild.Shared
                     }
                 }
 
-                includedProjectsLazy = new Lazy<List<Project>>(() =>
+                includedProjectsLazy = new Lazy<List<Project<TAutobuildOptions>>>(() =>
                 {
-                    var ret = new List<Project>();
+                    var ret = new List<Project<TAutobuildOptions>>();
                     // The documentation on `.proj` files is very limited, but it appears that both
                     // `<ProjectFile Include="X"/>` and `<ProjectFiles Include="X"/>` is valid
                     var mgr = new XmlNamespaceManager(projFile.NameTable);
@@ -89,7 +89,7 @@ namespace Semmle.Autobuild.Shared
                         }
 
                         var includePath = builder.Actions.PathCombine(include.Value.Split('\\', StringSplitOptions.RemoveEmptyEntries));
-                        ret.Add(new Project(builder, builder.Actions.PathCombine(DirectoryName, includePath)));
+                        ret.Add(new Project<TAutobuildOptions>(builder, builder.Actions.PathCombine(DirectoryName, includePath)));
                     }
                     return ret;
                 });
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/ProjectOrSolution.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/ProjectOrSolution.cs
index 5e4d6c05248..d0c9eeb9669 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/ProjectOrSolution.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/ProjectOrSolution.cs
@@ -20,13 +20,13 @@ namespace Semmle.Autobuild.Shared
         IEnumerable<IProjectOrSolution> IncludedProjects { get; }
     }
 
-    public abstract class ProjectOrSolution : IProjectOrSolution
+    public abstract class ProjectOrSolution<TAutobuildOptions> : IProjectOrSolution where TAutobuildOptions : AutobuildOptionsShared
     {
         public string FullPath { get; }
 
         public string DirectoryName { get; }
 
-        protected ProjectOrSolution(Autobuilder builder, string path)
+        protected ProjectOrSolution(Autobuilder<TAutobuildOptions> builder, string path)
         {
             FullPath = builder.Actions.GetFullPath(path);
             DirectoryName = builder.Actions.GetDirectoryName(path) ?? "";
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj b/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj
index d3e24dd6ad5..6aceac93f97 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj
@@ -8,12 +8,12 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<Folder Include="Properties\"/>
+		<Folder Include="Properties\" />
 	</ItemGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.Build" Version="16.11.0"/>
+		<PackageReference Include="Microsoft.Build" Version="17.3.2" />
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs b/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs
index 0ec54c1e02f..78929b3a93e 100644
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs
@@ -40,11 +40,11 @@ namespace Semmle.Autobuild.Shared
     /// <summary>
     /// A solution file on the filesystem, read using Microsoft.Build.
     /// </summary>
-    internal class Solution : ProjectOrSolution, ISolution
+    internal class Solution<TAutobuildOptions> : ProjectOrSolution<TAutobuildOptions>, ISolution where TAutobuildOptions : AutobuildOptionsShared
     {
         private readonly SolutionFile? solution;
 
-        private readonly IEnumerable<Project> includedProjects;
+        private readonly IEnumerable<Project<TAutobuildOptions>> includedProjects;
 
         public override IEnumerable<IProjectOrSolution> IncludedProjects => includedProjects;
 
@@ -57,7 +57,7 @@ namespace Semmle.Autobuild.Shared
         public string DefaultPlatformName =>
             solution is null ? "" : solution.GetDefaultPlatformName();
 
-        public Solution(Autobuilder builder, string path, bool allowProject) : base(builder, path)
+        public Solution(Autobuilder<TAutobuildOptions> builder, string path, bool allowProject) : base(builder, path)
         {
             try
             {
@@ -69,19 +69,19 @@ namespace Semmle.Autobuild.Shared
                 // that scenario as a solution with just that one project
                 if (allowProject)
                 {
-                    includedProjects = new[] { new Project(builder, path) };
+                    includedProjects = new[] { new Project<TAutobuildOptions>(builder, path) };
                     return;
                 }
 
                 builder.Log(Severity.Info, $"Unable to read solution file {path}.");
-                includedProjects = Array.Empty<Project>();
+                includedProjects = Array.Empty<Project<TAutobuildOptions>>();
                 return;
             }
 
             includedProjects = solution.ProjectsInOrder
                 .Where(p => p.ProjectType == SolutionProjectType.KnownToBeMSBuildFormat)
                 .Select(p => builder.Actions.PathCombine(DirectoryName, builder.Actions.PathCombine(p.RelativePath.Split('\\', StringSplitOptions.RemoveEmptyEntries))))
-                .Select(p => new Project(builder, p))
+                .Select(p => new Project<TAutobuildOptions>(builder, p))
                 .ToArray();
         }
 
diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv
index 6ab77f6aba6..d31ce58ff81 100644
--- a/csharp/documentation/library-coverage/coverage.csv
+++ b/csharp/documentation/library-coverage/coverage.csv
@@ -1,28 +1,28 @@
-package,sink,source,summary,sink:code,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:html,sink:remote,sink:sql,sink:xss,source:file,source:local,summary:taint,summary:value
-Dapper,55,,,,,,,,,,55,,,,,
-JsonToItemsTaskFactory,,,7,,,,,,,,,,,,7,
-Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,
-Microsoft.CSharp,,,24,,,,,,,,,,,,24,
-Microsoft.EntityFrameworkCore,6,,,,,,,,,,6,,,,,
-Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,15,
-Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,45,1
-Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,80,3
-Microsoft.Extensions.DependencyInjection,,,62,,,,,,,,,,,,62,
-Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,12,
-Microsoft.Extensions.FileProviders,,,16,,,,,,,,,,,,16,
-Microsoft.Extensions.FileSystemGlobbing,,,15,,,,,,,,,,,,13,2
-Microsoft.Extensions.Hosting,,,17,,,,,,,,,,,,16,1
-Microsoft.Extensions.Http,,,10,,,,,,,,,,,,10,
-Microsoft.Extensions.Logging,,,37,,,,,,,,,,,,37,
-Microsoft.Extensions.Options,,,8,,,,,,,,,,,,8,
-Microsoft.Extensions.Primitives,,,63,,,,,,,,,,,,63,
-Microsoft.Interop,,,27,,,,,,,,,,,,27,
-Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,1,
-Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,4,
-Microsoft.VisualBasic,,,10,,,,,,,,,,,,5,5
-Microsoft.Win32,,,8,,,,,,,,,,,,8,
-MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,
-Newtonsoft.Json,,,91,,,,,,,,,,,,73,18
-ServiceStack,194,,7,27,,,,,,75,92,,,,7,
-System,65,4,12131,,8,8,9,,4,,33,3,1,3,10139,1992
-Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,
+package,sink,source,summary,sink:code,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:html,sink:remote,sink:sql,sink:xss,source:file,source:local,source:remote,summary:taint,summary:value
+Dapper,55,,,,,,,,,,55,,,,,,
+JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,7,
+Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,,
+Microsoft.CSharp,,,24,,,,,,,,,,,,,24,
+Microsoft.EntityFrameworkCore,6,,,,,,,,,,6,,,,,,
+Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,15,
+Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,45,1
+Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,80,3
+Microsoft.Extensions.DependencyInjection,,,62,,,,,,,,,,,,,62,
+Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,,12,
+Microsoft.Extensions.FileProviders,,,16,,,,,,,,,,,,,16,
+Microsoft.Extensions.FileSystemGlobbing,,,15,,,,,,,,,,,,,13,2
+Microsoft.Extensions.Hosting,,,17,,,,,,,,,,,,,16,1
+Microsoft.Extensions.Http,,,10,,,,,,,,,,,,,10,
+Microsoft.Extensions.Logging,,,37,,,,,,,,,,,,,37,
+Microsoft.Extensions.Options,,,8,,,,,,,,,,,,,8,
+Microsoft.Extensions.Primitives,,,63,,,,,,,,,,,,,63,
+Microsoft.Interop,,,27,,,,,,,,,,,,,27,
+Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,,1,
+Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,,4,
+Microsoft.VisualBasic,,,10,,,,,,,,,,,,,5,5
+Microsoft.Win32,,,8,,,,,,,,,,,,,8,
+MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,,
+Newtonsoft.Json,,,91,,,,,,,,,,,,,73,18
+ServiceStack,194,,7,27,,,,,,75,92,,,,,7,
+System,65,8,12154,,8,8,9,,4,,33,3,1,3,4,10163,1991
+Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,
diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst
index 0f3dce2941a..6324b78ed41 100644
--- a/csharp/documentation/library-coverage/coverage.rst
+++ b/csharp/documentation/library-coverage/coverage.rst
@@ -8,7 +8,7 @@ C# framework & library support
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
-   System,"``System.*``, ``System``",4,12131,65,7
+   System,"``System.*``, ``System``",8,12154,65,7
    Others,"``Dapper``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,556,138,
-   Totals,,4,12694,397,7
+   Totals,,8,12717,397,7
 
diff --git a/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/expressions.ql b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/expressions.ql
new file mode 100644
index 00000000000..05b9e374f10
--- /dev/null
+++ b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/expressions.ql
@@ -0,0 +1,13 @@
+class Expression extends @expr {
+  string toString() { none() }
+}
+
+class TypeOrRef extends @type_or_ref {
+  string toString() { none() }
+}
+
+from Expression e, int k, int kind, TypeOrRef t
+where
+  expressions(e, k, t) and
+  if k = [131, 132] then kind = 106 else kind = k
+select e, kind, t
diff --git a/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/old.dbscheme b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/old.dbscheme
new file mode 100644
index 00000000000..83aca6b3e4f
--- /dev/null
+++ b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/old.dbscheme
@@ -0,0 +1,2067 @@
+/* This is a dummy line to alter the dbscheme, so we can make a database upgrade
+ * without actually changing any of the dbscheme predicates. It contains a date
+ * to allow for such updates in the future as well.
+ *
+ * 2021-07-14
+ *
+ * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a
+ * previously seen state (matching a previously seen SHA), which would make the upgrade
+ * mechanism not work properly.
+ */
+
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    unique int id : @compilation,
+    string cwd : string ref
+);
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | --compiler
+ * 1   | *path to compiler*
+ * 2   | f1.cs
+ * 3   | f2.cs
+ * 4   | f3.cs
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | f1.cs
+ * 1   | f2.cs
+ * 2   | f3.cs
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The references used by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | ref1.dll
+ * 1   | ref2.dll
+ * 2   | ref3.dll
+ */
+#keyset[id, num]
+compilation_referencing_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+extractor_messages(
+    unique int id: @extractor_message,
+    int severity: int ref,
+    string origin : string ref,
+    string text : string ref,
+    string entity : string ref,
+    int location: @location_default ref,
+    string stack_trace : string ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+compilation_assembly(
+  unique int id : @compilation ref,
+  int assembly: @assembly ref
+)
+
+// Populated by the CSV extractor
+externalData(
+   int id: @externalDataElement,
+   string path: string ref,
+   int column: int ref,
+   string value: string ref);
+
+sourceLocationPrefix(
+  string prefix: string ref);
+
+/*
+ * C# dbscheme
+ */
+
+/** ELEMENTS **/
+
+@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration
+         | @using_directive | @type_parameter_constraints | @externalDataElement
+         | @xmllocatable | @asp_element | @namespace | @preprocessor_directive;
+
+@declaration = @callable | @generic | @assignable | @namespace;
+
+@named_element = @namespace | @declaration;
+
+@declaration_with_accessors = @property | @indexer | @event;
+
+@assignable = @variable | @assignable_with_accessors | @event;
+
+@assignable_with_accessors = @property | @indexer;
+
+@attributable = @assembly | @field | @parameter | @operator | @method | @constructor
+              | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors
+              | @local_function | @lambda_expr;
+
+/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/
+
+@location = @location_default | @assembly;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+locations_mapped(
+  unique int id: @location_default ref,
+  int mapped_to: @location_default ref);
+
+@sourceline = @file | @callable | @xmllocatable;
+
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref);
+
+assemblies(
+  unique int id: @assembly,
+  int file: @file ref,
+  string fullname: string ref,
+  string name: string ref,
+  string version: string ref);
+
+files(
+  unique int id: @file,
+  string name: string ref);
+
+folders(
+  unique int id: @folder,
+  string name: string ref);
+
+@container = @folder | @file ;
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref);
+
+file_extraction_mode(
+  unique int file: @file ref,
+  int mode: int ref
+  /* 0 = normal, 1 = standalone extractor */
+  );
+
+/** NAMESPACES **/
+
+@type_container = @namespace | @type;
+
+namespaces(
+  unique int id: @namespace,
+  string name: string ref);
+
+namespace_declarations(
+  unique int id: @namespace_declaration,
+  int namespace_id: @namespace ref);
+
+namespace_declaration_location(
+  unique int id: @namespace_declaration ref,
+  int loc: @location ref);
+
+parent_namespace(
+  unique int child_id: @type_container ref,
+  int namespace_id: @namespace ref);
+
+@declaration_or_directive = @namespace_declaration | @type | @using_directive;
+
+parent_namespace_declaration(
+  int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes
+  int namespace_id: @namespace_declaration ref);
+
+@using_directive = @using_namespace_directive | @using_static_directive;
+
+using_global(
+  unique int id: @using_directive ref
+);
+
+using_namespace_directives(
+  unique int id: @using_namespace_directive,
+  int namespace_id: @namespace ref);
+
+using_static_directives(
+  unique int id: @using_static_directive,
+  int type_id: @type_or_ref ref);
+
+using_directive_location(
+  unique int id: @using_directive ref,
+  int loc: @location ref);
+
+@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning
+  | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if
+  | @directive_elif | @directive_else | @directive_endif;
+
+@conditional_directive = @directive_if | @directive_elif;
+@branch_directive = @directive_if | @directive_elif | @directive_else;
+
+directive_ifs(
+  unique int id: @directive_if,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref); /* 0: false, 1: true */
+
+directive_elifs(
+  unique int id: @directive_elif,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref,  /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+directive_elses(
+  unique int id: @directive_else,
+  int branchTaken: int ref,   /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+#keyset[id, start]
+directive_endifs(
+  unique int id: @directive_endif,
+  unique int start: @directive_if ref);
+
+directive_define_symbols(
+  unique int id: @define_symbol_expr ref,
+  string name: string ref);
+
+directive_regions(
+  unique int id: @directive_region,
+  string name: string ref);
+
+#keyset[id, start]
+directive_endregions(
+  unique int id: @directive_endregion,
+  unique int start: @directive_region ref);
+
+directive_lines(
+  unique int id: @directive_line,
+  int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */
+
+directive_line_value(
+  unique int id: @directive_line ref,
+  int line: int ref);
+
+directive_line_file(
+  unique int id: @directive_line ref,
+  int file: @file ref);
+
+directive_line_offset(
+  unique int id: @directive_line ref,
+  int offset: int ref);
+
+directive_line_span(
+  unique int id: @directive_line ref,
+  int startLine: int ref,
+  int startColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+directive_nullables(
+  unique int id: @directive_nullable,
+  int setting: int ref, /* 0: disable, 1: enable, 2: restore */
+  int target: int ref); /* 0: none, 1: annotations, 2: warnings */
+
+directive_warnings(
+  unique int id: @directive_warning,
+  string message: string ref);
+
+directive_errors(
+  unique int id: @directive_error,
+  string message: string ref);
+
+directive_undefines(
+  unique int id: @directive_undefine,
+  string name: string ref);
+
+directive_defines(
+  unique int id: @directive_define,
+  string name: string ref);
+
+pragma_checksums(
+  unique int id: @pragma_checksum,
+  int file: @file ref,
+  string guid: string ref,
+  string bytes: string ref);
+
+pragma_warnings(
+  unique int id: @pragma_warning,
+  int kind: int ref /* 0 = disable, 1 = restore */);
+
+#keyset[id, index]
+pragma_warning_error_codes(
+  int id: @pragma_warning ref,
+  string errorCode: string ref,
+  int index: int ref);
+
+preprocessor_directive_location(
+  unique int id: @preprocessor_directive ref,
+  int loc: @location ref);
+
+preprocessor_directive_compilation(
+  unique int id: @preprocessor_directive ref,
+  int compilation: @compilation ref);
+
+preprocessor_directive_active(
+  unique int id: @preprocessor_directive ref,
+  int active: int ref);  /* 0: false, 1: true */
+
+/** TYPES **/
+
+types(
+  unique int id: @type,
+  int kind: int ref,
+  string name: string ref);
+
+case @type.kind of
+   1 = @bool_type
+|  2 = @char_type
+|  3 = @decimal_type
+|  4 = @sbyte_type
+|  5 = @short_type
+|  6 = @int_type
+|  7 = @long_type
+|  8 = @byte_type
+|  9 = @ushort_type
+| 10 = @uint_type
+| 11 = @ulong_type
+| 12 = @float_type
+| 13 = @double_type
+| 14 = @enum_type
+| 15 = @struct_type
+| 17 = @class_type
+| 19 = @interface_type
+| 20 = @delegate_type
+| 21 = @null_type
+| 22 = @type_parameter
+| 23 = @pointer_type
+| 24 = @nullable_type
+| 25 = @array_type
+| 26 = @void_type
+| 27 = @int_ptr_type
+| 28 = @uint_ptr_type
+| 29 = @dynamic_type
+| 30 = @arglist_type
+| 31 = @unknown_type
+| 32 = @tuple_type
+| 33 = @function_pointer_type
+  ;
+
+@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type;
+@integral_type = @signed_integral_type | @unsigned_integral_type;
+@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type;
+@unsigned_integral_type = @byte_type  | @ushort_type | @uint_type | @ulong_type;
+@floating_point_type = @float_type | @double_type;
+@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type
+            | @uint_ptr_type | @tuple_type;
+@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type
+          | @dynamic_type;
+@value_or_ref_type = @value_type | @ref_type;
+
+typerefs(
+  unique int id: @typeref,
+  string name: string ref);
+
+typeref_type(
+  int id: @typeref ref,
+  unique int typeId: @type ref);
+
+@type_or_ref = @type | @typeref;
+
+array_element_type(
+  unique int array: @array_type ref,
+  int dimension: int ref,
+  int rank: int ref,
+  int element: @type_or_ref ref);
+
+nullable_underlying_type(
+  unique int nullable: @nullable_type ref,
+  int underlying: @type_or_ref ref);
+
+pointer_referent_type(
+  unique int pointer: @pointer_type ref,
+  int referent: @type_or_ref ref);
+
+enum_underlying_type(
+  unique int enum_id: @enum_type ref,
+  int underlying_type_id: @type_or_ref ref);
+
+delegate_return_type(
+  unique int delegate_id: @delegate_type ref,
+  int return_type_id: @type_or_ref ref);
+
+function_pointer_return_type(
+    unique int function_pointer_id: @function_pointer_type ref,
+    int return_type_id: @type_or_ref ref);
+
+extend(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+anonymous_types(
+  unique int id: @type ref);
+
+@interface_or_ref = @interface_type | @typeref;
+
+implement(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+type_location(
+  int id: @type ref,
+  int loc: @location ref);
+
+tuple_underlying_type(
+  unique int tuple: @tuple_type ref,
+  int struct: @type_or_ref ref);
+
+#keyset[tuple, index]
+tuple_element(
+  int tuple: @tuple_type ref,
+  int index: int ref,
+  unique int field: @field ref);
+
+attributes(
+  unique int id: @attribute,
+  int kind: int ref,
+  int type_id: @type_or_ref ref,
+  int target:  @attributable ref);
+
+case @attribute.kind of
+  0 = @attribute_default
+| 1 = @attribute_return
+| 2 = @attribute_assembly
+| 3 = @attribute_module
+;
+
+attribute_location(
+  int id: @attribute ref,
+  int loc: @location ref);
+
+@type_mention_parent = @element | @type_mention;
+
+type_mention(
+  unique int id: @type_mention,
+  int type_id: @type_or_ref ref,
+  int parent: @type_mention_parent ref);
+
+type_mention_location(
+  unique int id: @type_mention ref,
+  int loc: @location ref);
+
+@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type;
+
+/**
+ * A direct annotation on an entity, for example `string? x;`.
+ *
+ * Annotations:
+ * 2 = reftype is not annotated "!"
+ * 3 = reftype is annotated "?"
+ * 4 = readonly ref type / in parameter
+ * 5 = ref type parameter, return or local variable
+ * 6 = out parameter
+ *
+ * Note that the annotation depends on the element it annotates.
+ * @assignable: The annotation is on the type of the assignable, for example the variable type.
+ * @type_parameter: The annotation is on the reftype constraint
+ * @callable: The annotation is on the return type
+ * @array_type: The annotation is on the element type
+ */
+type_annotation(int id: @has_type_annotation ref, int annotation: int ref);
+
+nullability(unique int nullability: @nullability, int kind: int ref);
+
+case @nullability.kind of
+  0 = @oblivious
+| 1 = @not_annotated
+| 2 = @annotated
+;
+
+#keyset[parent, index]
+nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref)
+
+type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref);
+
+/**
+ * The nullable flow state of an expression, as determined by Roslyn.
+ *   0 = none (default, not populated)
+ *   1 = not null
+ *   2 = maybe null
+ */
+expr_flowstate(unique int id: @expr ref, int state: int ref);
+
+/** GENERICS **/
+
+@generic = @type | @method | @local_function;
+
+type_parameters(
+  unique int id: @type_parameter ref,
+  int index: int ref,
+  int generic_id: @generic ref,
+  int variance: int ref /* none = 0, out = 1, in = 2 */);
+
+#keyset[constructed_id, index]
+type_arguments(
+  int id: @type_or_ref ref,
+  int index: int ref,
+  int constructed_id: @generic_or_ref ref);
+
+@generic_or_ref = @generic | @typeref;
+
+constructed_generic(
+  unique int constructed: @generic ref,
+  int generic: @generic_or_ref ref);
+
+type_parameter_constraints(
+  unique int id: @type_parameter_constraints,
+  int param_id: @type_parameter ref);
+
+type_parameter_constraints_location(
+  int id: @type_parameter_constraints ref,
+  int loc: @location ref);
+
+general_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int kind: int ref /* class = 1, struct = 2, new = 3 */);
+
+specific_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref);
+
+specific_type_parameter_nullability(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref,
+  int nullability: @nullability ref);
+
+/** FUNCTION POINTERS */
+
+function_pointer_calling_conventions(
+  int id: @function_pointer_type ref,
+  int kind: int ref);
+
+#keyset[id, index]
+has_unmanaged_calling_conventions(
+  int id: @function_pointer_type ref,
+  int index: int ref,
+  int conv_id: @type_or_ref ref);
+
+/** MODIFIERS */
+
+@modifiable = @modifiable_direct | @event_accessor;
+
+@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr;
+
+modifiers(
+  unique int id: @modifier,
+  string name: string ref);
+
+has_modifiers(
+  int id: @modifiable_direct ref,
+  int mod_id: @modifier ref);
+
+compiler_generated(unique int id: @modifiable ref);
+
+/** MEMBERS **/
+
+@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type;
+
+@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr;
+
+@virtualizable = @method | @property | @indexer | @event;
+
+exprorstmt_name(
+  unique int parent_id: @named_exprorstmt ref,
+  string name: string ref);
+
+nested_types(
+  unique int id: @type ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @type ref);
+
+properties(
+  unique int id: @property,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @property ref);
+
+property_location(
+  int id: @property ref,
+  int loc: @location ref);
+
+indexers(
+  unique int id: @indexer,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @indexer ref);
+
+indexer_location(
+  int id: @indexer ref,
+  int loc: @location ref);
+
+accessors(
+  unique int id: @accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_member_id: @member ref,
+  int unbound_id: @accessor ref);
+
+case @accessor.kind of
+  1 = @getter
+| 2 = @setter
+  ;
+
+init_only_accessors(
+  unique int id: @accessor ref);
+
+accessor_location(
+  int id: @accessor ref,
+  int loc: @location ref);
+
+events(
+  unique int id: @event,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @event ref);
+
+event_location(
+  int id: @event ref,
+  int loc: @location ref);
+
+event_accessors(
+  unique int id: @event_accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_event_id: @event ref,
+  int unbound_id: @event_accessor ref);
+
+case @event_accessor.kind of
+  1 = @add_event_accessor
+| 2 = @remove_event_accessor
+  ;
+
+event_accessor_location(
+  int id: @event_accessor ref,
+  int loc: @location ref);
+
+operators(
+  unique int id: @operator,
+  string name: string ref,
+  string symbol: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @operator ref);
+
+operator_location(
+  int id: @operator ref,
+  int loc: @location ref);
+
+constant_value(
+  int id: @variable ref,
+  string value: string ref);
+
+/** CALLABLES **/
+
+@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function;
+
+@callable_accessor = @accessor | @event_accessor;
+
+methods(
+  unique int id: @method,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @method ref);
+
+method_location(
+  int id: @method ref,
+  int loc: @location ref);
+
+constructors(
+  unique int id: @constructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @constructor ref);
+
+constructor_location(
+  int id: @constructor ref,
+  int loc: @location ref);
+
+destructors(
+  unique int id: @destructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @destructor ref);
+
+destructor_location(
+  int id: @destructor ref,
+  int loc: @location ref);
+
+overrides(
+  int id: @callable ref,
+  int base_id: @callable ref);
+
+explicitly_implements(
+  int id: @member ref,
+  int interface_id: @interface_or_ref ref);
+
+local_functions(
+    unique int id: @local_function,
+    string name: string ref,
+    int return_type: @type ref,
+    int unbound_id: @local_function ref);
+
+local_function_stmts(
+    unique int fn: @local_function_stmt ref,
+    int stmt: @local_function ref);
+
+/** VARIABLES **/
+
+@variable = @local_scope_variable | @field;
+
+@local_scope_variable = @local_variable | @parameter;
+
+fields(
+  unique int id: @field,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @field ref);
+
+case @field.kind of
+  1 = @addressable_field
+| 2 = @constant
+  ;
+
+field_location(
+  int id: @field ref,
+  int loc: @location ref);
+
+localvars(
+  unique int id: @local_variable,
+  int kind: int ref,
+  string name: string ref,
+  int implicitly_typed: int ref /* 0 = no, 1 = yes */,
+  int type_id: @type_or_ref ref,
+  int parent_id: @local_var_decl_expr ref);
+
+case @local_variable.kind of
+  1 = @addressable_local_variable
+| 2 = @local_constant
+| 3 = @local_variable_ref
+  ;
+
+localvar_location(
+  unique int id: @local_variable ref,
+  int loc: @location ref);
+
+@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type;
+
+#keyset[name, parent_id]
+#keyset[index, parent_id]
+params(
+  unique int id: @parameter,
+  string name: string ref,
+  int type_id: @type_or_ref ref,
+  int index: int ref,
+  int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */
+  int parent_id: @parameterizable ref,
+  int unbound_id: @parameter ref);
+
+param_location(
+  int id: @parameter ref,
+  int loc: @location ref);
+
+/** STATEMENTS **/
+
+@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent;
+
+statements(
+  unique int id: @stmt,
+  int kind: int ref);
+
+#keyset[index, parent]
+stmt_parent(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_stmt_parent = @callable;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+stmt_parent_top_level(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @top_level_stmt_parent ref);
+
+case @stmt.kind of
+   1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @switch_stmt
+|  5 = @while_stmt
+|  6 = @do_stmt
+|  7 = @for_stmt
+|  8 = @foreach_stmt
+|  9 = @break_stmt
+| 10 = @continue_stmt
+| 11 = @goto_stmt
+| 12 = @goto_case_stmt
+| 13 = @goto_default_stmt
+| 14 = @throw_stmt
+| 15 = @return_stmt
+| 16 = @yield_stmt
+| 17 = @try_stmt
+| 18 = @checked_stmt
+| 19 = @unchecked_stmt
+| 20 = @lock_stmt
+| 21 = @using_block_stmt
+| 22 = @var_decl_stmt
+| 23 = @const_decl_stmt
+| 24 = @empty_stmt
+| 25 = @unsafe_stmt
+| 26 = @fixed_stmt
+| 27 = @label_stmt
+| 28 = @catch
+| 29 = @case_stmt
+| 30 = @local_function_stmt
+| 31 = @using_decl_stmt
+  ;
+
+@using_stmt = @using_block_stmt | @using_decl_stmt;
+
+@labeled_stmt = @label_stmt | @case;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt;
+
+@cond_stmt = @if_stmt | @switch_stmt;
+
+@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt;
+
+@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt
+           | @yield_stmt;
+
+@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt;
+
+
+stmt_location(
+  unique int id: @stmt ref,
+  int loc: @location ref);
+
+catch_type(
+  unique int catch_id: @catch ref,
+  int type_id: @type_or_ref ref,
+  int kind: int ref /* explicit = 1, implicit = 2 */);
+
+foreach_stmt_info(
+  unique int id: @foreach_stmt ref,
+  int kind: int ref /* non-async = 1, async = 2 */);
+
+@foreach_symbol =  @method | @property | @type_or_ref;
+
+#keyset[id, kind]
+foreach_stmt_desugar(
+  int id: @foreach_stmt ref,
+  int symbol: @foreach_symbol ref,
+  int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */);
+
+/** EXPRESSIONS **/
+
+expressions(
+  unique int id: @expr,
+  int kind: int ref,
+  int type_id: @type_or_ref ref);
+
+#keyset[index, parent]
+expr_parent(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif;
+
+@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+expr_parent_top_level(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @top_level_exprorstmt_parent ref);
+
+case @expr.kind of
+/* literal */
+   1 = @bool_literal_expr
+|  2 = @char_literal_expr
+|  3 = @decimal_literal_expr
+|  4 = @int_literal_expr
+|  5 = @long_literal_expr
+|  6 = @uint_literal_expr
+|  7 = @ulong_literal_expr
+|  8 = @float_literal_expr
+|  9 = @double_literal_expr
+| 10 = @string_literal_expr
+| 11 = @null_literal_expr
+/* primary & unary */
+| 12 = @this_access_expr
+| 13 = @base_access_expr
+| 14 = @local_variable_access_expr
+| 15 = @parameter_access_expr
+| 16 = @field_access_expr
+| 17 = @property_access_expr
+| 18 = @method_access_expr
+| 19 = @event_access_expr
+| 20 = @indexer_access_expr
+| 21 = @array_access_expr
+| 22 = @type_access_expr
+| 23 = @typeof_expr
+| 24 = @method_invocation_expr
+| 25 = @delegate_invocation_expr
+| 26 = @operator_invocation_expr
+| 27 = @cast_expr
+| 28 = @object_creation_expr
+| 29 = @explicit_delegate_creation_expr
+| 30 = @implicit_delegate_creation_expr
+| 31 = @array_creation_expr
+| 32 = @default_expr
+| 33 = @plus_expr
+| 34 = @minus_expr
+| 35 = @bit_not_expr
+| 36 = @log_not_expr
+| 37 = @post_incr_expr
+| 38 = @post_decr_expr
+| 39 = @pre_incr_expr
+| 40 = @pre_decr_expr
+/* multiplicative */
+| 41 = @mul_expr
+| 42 = @div_expr
+| 43 = @rem_expr
+/* additive */
+| 44 = @add_expr
+| 45 = @sub_expr
+/* shift */
+| 46 = @lshift_expr
+| 47 = @rshift_expr
+/* relational */
+| 48 = @lt_expr
+| 49 = @gt_expr
+| 50 = @le_expr
+| 51 = @ge_expr
+/* equality */
+| 52 = @eq_expr
+| 53 = @ne_expr
+/* logical */
+| 54 = @bit_and_expr
+| 55 = @bit_xor_expr
+| 56 = @bit_or_expr
+| 57 = @log_and_expr
+| 58 = @log_or_expr
+/* type testing */
+| 59 = @is_expr
+| 60 = @as_expr
+/* null coalescing */
+| 61 = @null_coalescing_expr
+/* conditional */
+| 62 = @conditional_expr
+/* assignment */
+| 63 = @simple_assign_expr
+| 64 = @assign_add_expr
+| 65 = @assign_sub_expr
+| 66 = @assign_mul_expr
+| 67 = @assign_div_expr
+| 68 = @assign_rem_expr
+| 69 = @assign_and_expr
+| 70 = @assign_xor_expr
+| 71 = @assign_or_expr
+| 72 = @assign_lshift_expr
+| 73 = @assign_rshift_expr
+/* more */
+| 74 = @object_init_expr
+| 75 = @collection_init_expr
+| 76 = @array_init_expr
+| 77 = @checked_expr
+| 78 = @unchecked_expr
+| 79 = @constructor_init_expr
+| 80 = @add_event_expr
+| 81 = @remove_event_expr
+| 82 = @par_expr
+| 83 = @local_var_decl_expr
+| 84 = @lambda_expr
+| 85 = @anonymous_method_expr
+| 86 = @namespace_expr
+/* dynamic */
+| 92 = @dynamic_element_access_expr
+| 93 = @dynamic_member_access_expr
+/* unsafe */
+| 100 = @pointer_indirection_expr
+| 101 = @address_of_expr
+| 102 = @sizeof_expr
+/* async */
+| 103 = @await_expr
+/* C# 6.0 */
+| 104 = @nameof_expr
+| 105 = @interpolated_string_expr
+| 106 = @unknown_expr
+/* C# 7.0 */
+| 107 = @throw_expr
+| 108 = @tuple_expr
+| 109 = @local_function_invocation_expr
+| 110 = @ref_expr
+| 111 = @discard_expr
+/* C# 8.0 */
+| 112 = @range_expr
+| 113 = @index_expr
+| 114 = @switch_expr
+| 115 = @recursive_pattern_expr
+| 116 = @property_pattern_expr
+| 117 = @positional_pattern_expr
+| 118 = @switch_case_expr
+| 119 = @assign_coalesce_expr
+| 120 = @suppress_nullable_warning_expr
+| 121 = @namespace_access_expr
+/* C# 9.0 */
+| 122 = @lt_pattern_expr
+| 123 = @gt_pattern_expr
+| 124 = @le_pattern_expr
+| 125 = @ge_pattern_expr
+| 126 = @not_pattern_expr
+| 127 = @and_pattern_expr
+| 128 = @or_pattern_expr
+| 129 = @function_pointer_invocation_expr
+| 130 = @with_expr
+/* C# 11.0 */
+| 131 = @list_pattern_expr
+| 132 = @slice_pattern_expr
+/* Preprocessor */
+| 999 = @define_symbol_expr
+;
+
+@switch = @switch_stmt | @switch_expr;
+@case = @case_stmt | @switch_case_expr;
+@pattern_match = @case | @is_expr;
+@unary_pattern_expr = @not_pattern_expr;
+@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr;
+@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr;
+
+@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr;
+@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr;
+@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr
+              | @string_literal_expr | @null_literal_expr;
+
+@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr;
+@assign_op_expr =  @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr;
+@assign_event_expr = @add_event_expr | @remove_event_expr;
+
+@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr
+                   | @assign_rem_expr
+@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr
+                   | @assign_lshift_expr | @assign_rshift_expr;
+
+@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr
+                    | @method_access_expr | @type_access_expr | @dynamic_member_access_expr;
+@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr;
+@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr;
+
+@local_variable_access = @local_variable_access_expr | @local_var_decl_expr;
+@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access;
+@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr;
+
+@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr
+                        | @event_access_expr | @dynamic_member_access_expr;
+
+@objectorcollection_init_expr = @object_init_expr | @collection_init_expr;
+
+@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr;
+
+@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr;
+@incr_op_expr =  @pre_incr_expr | @post_incr_expr;
+@decr_op_expr =  @pre_decr_expr | @post_decr_expr;
+@mut_op_expr = @incr_op_expr | @decr_op_expr;
+@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr;
+@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr;
+
+@ternary_log_op_expr = @conditional_expr;
+@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr;
+@un_log_op_expr = @log_not_expr;
+@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr;
+
+@bin_bit_op_expr =  @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr
+                 | @rshift_expr;
+@un_bit_op_expr = @bit_not_expr;
+@bit_expr = @un_bit_op_expr | @bin_bit_op_expr;
+
+@equality_op_expr =  @eq_expr | @ne_expr;
+@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr;
+@comp_expr = @equality_op_expr | @rel_op_expr;
+
+@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op;
+
+@ternary_op = @ternary_log_op_expr;
+@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr;
+@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr
+       | @pointer_indirection_expr | @address_of_expr;
+
+@anonymous_function_expr = @lambda_expr | @anonymous_method_expr;
+
+@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr
+      | @delegate_invocation_expr | @object_creation_expr | @call_access_expr
+      | @local_function_invocation_expr | @function_pointer_invocation_expr;
+
+@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr;
+
+@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr
+                    | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr;
+
+@throw_element = @throw_expr | @throw_stmt;
+
+@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr;
+
+implicitly_typed_array_creation(
+  unique int id: @array_creation_expr ref);
+
+explicitly_sized_array_creation(
+  unique int id: @array_creation_expr ref);
+
+stackalloc_array_creation(
+  unique int id: @array_creation_expr ref);
+
+implicitly_typed_object_creation(
+  unique int id: @implicitly_typeable_object_creation_expr ref);
+
+mutator_invocation_mode(
+  unique int id: @operator_invocation_expr ref,
+  int mode: int ref /* prefix = 1, postfix = 2*/);
+
+expr_compiler_generated(
+  unique int id: @expr ref);
+
+expr_value(
+  unique int id: @expr ref,
+  string value: string ref);
+
+expr_call(
+  unique int caller_id: @expr ref,
+  int target_id: @callable ref);
+
+expr_access(
+  unique int accesser_id: @access_expr ref,
+  int target_id: @accessible ref);
+
+@accessible = @method | @assignable | @local_function | @namespace;
+
+expr_location(
+  unique int id: @expr ref,
+  int loc: @location ref);
+
+dynamic_member_name(
+  unique int id: @late_bindable_expr ref,
+  string name: string ref);
+
+@qualifiable_expr = @member_access_expr
+                  | @method_invocation_expr
+                  | @element_access_expr;
+
+conditional_access(
+  unique int id: @qualifiable_expr ref);
+
+expr_argument(
+  unique int id: @expr ref,
+  int mode: int ref);
+  /* mode is the same as params: value = 0, ref = 1, out = 2 */
+
+expr_argument_name(
+  unique int id: @expr ref,
+  string name: string ref);
+
+lambda_expr_return_type(
+  unique int id: @lambda_expr ref,
+  int type_id: @type_or_ref ref);
+  
+/** CONTROL/DATA FLOW **/
+
+@control_flow_element = @stmt | @expr;
+
+/* XML Files */
+
+xmlEncoding  (
+  unique int id: @file ref,
+  string encoding: string ref);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/* Comments */
+
+commentline(
+  unique int id: @commentline,
+  int kind: int ref,
+  string text: string ref,
+  string rawtext: string ref);
+
+case @commentline.kind of
+  0 = @singlelinecomment
+| 1 = @xmldoccomment
+| 2 = @multilinecomment;
+
+commentline_location(
+  unique int id: @commentline ref,
+  int loc: @location ref);
+
+commentblock(
+  unique int id : @commentblock);
+
+commentblock_location(
+  unique int id: @commentblock ref,
+  int loc: @location ref);
+
+commentblock_binding(
+  int id: @commentblock ref,
+  int entity: @element ref,
+  int bindtype: int ref);    /* 0: Parent, 1: Best, 2: Before, 3: After */
+
+commentblock_child(
+  int id: @commentblock ref,
+  int commentline: @commentline ref,
+  int index: int ref);
+
+/* ASP.NET */
+
+case @asp_element.kind of
+  0=@asp_close_tag
+| 1=@asp_code
+| 2=@asp_comment
+| 3=@asp_data_binding
+| 4=@asp_directive
+| 5=@asp_open_tag
+| 6=@asp_quoted_string
+| 7=@asp_text
+| 8=@asp_xml_directive;
+
+@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string;
+
+asp_elements(
+  unique int id: @asp_element,
+  int kind: int ref,
+  int loc: @location ref);
+
+asp_comment_server(unique int comment: @asp_comment ref);
+asp_code_inline(unique int code: @asp_code ref);
+asp_directive_attribute(
+  int directive: @asp_directive ref,
+  int index: int ref,
+  string name: string ref,
+  int value: @asp_quoted_string ref);
+asp_directive_name(
+  unique int directive: @asp_directive ref,
+  string name: string ref);
+asp_element_body(
+  unique int element: @asp_element ref,
+  string body: string ref);
+asp_tag_attribute(
+  int tag: @asp_open_tag ref,
+  int index: int ref,
+  string name: string ref,
+  int attribute: @asp_attribute ref);
+asp_tag_name(
+  unique int tag: @asp_open_tag ref,
+  string name: string ref);
+asp_tag_isempty(int tag: @asp_open_tag ref);
+
+/* Common Intermediate Language - CIL */
+
+case @cil_instruction.opcode of
+  0 = @cil_nop
+| 1 = @cil_break
+| 2 = @cil_ldarg_0
+| 3 = @cil_ldarg_1
+| 4 = @cil_ldarg_2
+| 5 = @cil_ldarg_3
+| 6 = @cil_ldloc_0
+| 7 = @cil_ldloc_1
+| 8 = @cil_ldloc_2
+| 9 = @cil_ldloc_3
+| 10 = @cil_stloc_0
+| 11 = @cil_stloc_1
+| 12 = @cil_stloc_2
+| 13 = @cil_stloc_3
+| 14 = @cil_ldarg_s
+| 15 = @cil_ldarga_s
+| 16 = @cil_starg_s
+| 17 = @cil_ldloc_s
+| 18 = @cil_ldloca_s
+| 19 = @cil_stloc_s
+| 20 = @cil_ldnull
+| 21 = @cil_ldc_i4_m1
+| 22 = @cil_ldc_i4_0
+| 23 = @cil_ldc_i4_1
+| 24 = @cil_ldc_i4_2
+| 25 = @cil_ldc_i4_3
+| 26 = @cil_ldc_i4_4
+| 27 = @cil_ldc_i4_5
+| 28 = @cil_ldc_i4_6
+| 29 = @cil_ldc_i4_7
+| 30 = @cil_ldc_i4_8
+| 31 = @cil_ldc_i4_s
+| 32 = @cil_ldc_i4
+| 33 = @cil_ldc_i8
+| 34 = @cil_ldc_r4
+| 35 = @cil_ldc_r8
+| 37 = @cil_dup
+| 38 = @cil_pop
+| 39 = @cil_jmp
+| 40 = @cil_call
+| 41 = @cil_calli
+| 42 = @cil_ret
+| 43 = @cil_br_s
+| 44 = @cil_brfalse_s
+| 45 = @cil_brtrue_s
+| 46 = @cil_beq_s
+| 47 = @cil_bge_s
+| 48 = @cil_bgt_s
+| 49 = @cil_ble_s
+| 50 = @cil_blt_s
+| 51 = @cil_bne_un_s
+| 52 = @cil_bge_un_s
+| 53 = @cil_bgt_un_s
+| 54 = @cil_ble_un_s
+| 55 = @cil_blt_un_s
+| 56 = @cil_br
+| 57 = @cil_brfalse
+| 58 = @cil_brtrue
+| 59 = @cil_beq
+| 60 = @cil_bge
+| 61 = @cil_bgt
+| 62 = @cil_ble
+| 63 = @cil_blt
+| 64 = @cil_bne_un
+| 65 = @cil_bge_un
+| 66 = @cil_bgt_un
+| 67 = @cil_ble_un
+| 68 = @cil_blt_un
+| 69 = @cil_switch
+| 70 = @cil_ldind_i1
+| 71 = @cil_ldind_u1
+| 72 = @cil_ldind_i2
+| 73 = @cil_ldind_u2
+| 74 = @cil_ldind_i4
+| 75 = @cil_ldind_u4
+| 76 = @cil_ldind_i8
+| 77 = @cil_ldind_i
+| 78 = @cil_ldind_r4
+| 79 = @cil_ldind_r8
+| 80 = @cil_ldind_ref
+| 81 = @cil_stind_ref
+| 82 = @cil_stind_i1
+| 83 = @cil_stind_i2
+| 84 = @cil_stind_i4
+| 85 = @cil_stind_i8
+| 86 = @cil_stind_r4
+| 87 = @cil_stind_r8
+| 88 = @cil_add
+| 89 = @cil_sub
+| 90 = @cil_mul
+| 91 = @cil_div
+| 92 = @cil_div_un
+| 93 = @cil_rem
+| 94 = @cil_rem_un
+| 95 = @cil_and
+| 96 = @cil_or
+| 97 = @cil_xor
+| 98 = @cil_shl
+| 99 = @cil_shr
+| 100 = @cil_shr_un
+| 101 = @cil_neg
+| 102 = @cil_not
+| 103 = @cil_conv_i1
+| 104 = @cil_conv_i2
+| 105 = @cil_conv_i4
+| 106 = @cil_conv_i8
+| 107 = @cil_conv_r4
+| 108 = @cil_conv_r8
+| 109 = @cil_conv_u4
+| 110 = @cil_conv_u8
+| 111 = @cil_callvirt
+| 112 = @cil_cpobj
+| 113 = @cil_ldobj
+| 114 = @cil_ldstr
+| 115 = @cil_newobj
+| 116 = @cil_castclass
+| 117 = @cil_isinst
+| 118 = @cil_conv_r_un
+| 121 = @cil_unbox
+| 122 = @cil_throw
+| 123 = @cil_ldfld
+| 124 = @cil_ldflda
+| 125 = @cil_stfld
+| 126 = @cil_ldsfld
+| 127 = @cil_ldsflda
+| 128 = @cil_stsfld
+| 129 = @cil_stobj
+| 130 = @cil_conv_ovf_i1_un
+| 131 = @cil_conv_ovf_i2_un
+| 132 = @cil_conv_ovf_i4_un
+| 133 = @cil_conv_ovf_i8_un
+| 134 = @cil_conv_ovf_u1_un
+| 135 = @cil_conv_ovf_u2_un
+| 136 = @cil_conv_ovf_u4_un
+| 137 = @cil_conv_ovf_u8_un
+| 138 = @cil_conv_ovf_i_un
+| 139 = @cil_conv_ovf_u_un
+| 140 = @cil_box
+| 141 = @cil_newarr
+| 142 = @cil_ldlen
+| 143 = @cil_ldelema
+| 144 = @cil_ldelem_i1
+| 145 = @cil_ldelem_u1
+| 146 = @cil_ldelem_i2
+| 147 = @cil_ldelem_u2
+| 148 = @cil_ldelem_i4
+| 149 = @cil_ldelem_u4
+| 150 = @cil_ldelem_i8
+| 151 = @cil_ldelem_i
+| 152 = @cil_ldelem_r4
+| 153 = @cil_ldelem_r8
+| 154 = @cil_ldelem_ref
+| 155 = @cil_stelem_i
+| 156 = @cil_stelem_i1
+| 157 = @cil_stelem_i2
+| 158 = @cil_stelem_i4
+| 159 = @cil_stelem_i8
+| 160 = @cil_stelem_r4
+| 161 = @cil_stelem_r8
+| 162 = @cil_stelem_ref
+| 163 = @cil_ldelem
+| 164 = @cil_stelem
+| 165 = @cil_unbox_any
+| 179 = @cil_conv_ovf_i1
+| 180 = @cil_conv_ovf_u1
+| 181 = @cil_conv_ovf_i2
+| 182 = @cil_conv_ovf_u2
+| 183 = @cil_conv_ovf_i4
+| 184 = @cil_conv_ovf_u4
+| 185 = @cil_conv_ovf_i8
+| 186 = @cil_conv_ovf_u8
+| 194 = @cil_refanyval
+| 195 = @cil_ckinfinite
+| 198 = @cil_mkrefany
+| 208 = @cil_ldtoken
+| 209 = @cil_conv_u2
+| 210 = @cil_conv_u1
+| 211 = @cil_conv_i
+| 212 = @cil_conv_ovf_i
+| 213 = @cil_conv_ovf_u
+| 214 = @cil_add_ovf
+| 215 = @cil_add_ovf_un
+| 216 = @cil_mul_ovf
+| 217 = @cil_mul_ovf_un
+| 218 = @cil_sub_ovf
+| 219 = @cil_sub_ovf_un
+| 220 = @cil_endfinally
+| 221 = @cil_leave
+| 222 = @cil_leave_s
+| 223 = @cil_stind_i
+| 224 = @cil_conv_u
+| 65024 = @cil_arglist
+| 65025 = @cil_ceq
+| 65026 = @cil_cgt
+| 65027 = @cil_cgt_un
+| 65028 = @cil_clt
+| 65029 = @cil_clt_un
+| 65030 = @cil_ldftn
+| 65031 = @cil_ldvirtftn
+| 65033 = @cil_ldarg
+| 65034 = @cil_ldarga
+| 65035 = @cil_starg
+| 65036 = @cil_ldloc
+| 65037 = @cil_ldloca
+| 65038 = @cil_stloc
+| 65039 = @cil_localloc
+| 65041 = @cil_endfilter
+| 65042 = @cil_unaligned
+| 65043 = @cil_volatile
+| 65044 = @cil_tail
+| 65045 = @cil_initobj
+| 65046 = @cil_constrained
+| 65047 = @cil_cpblk
+| 65048 = @cil_initblk
+| 65050 = @cil_rethrow
+| 65052 = @cil_sizeof
+| 65053 = @cil_refanytype
+| 65054 = @cil_readonly
+;
+
+// CIL ignored instructions
+
+@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned;
+
+// CIL local/parameter/field access
+
+@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga;
+@cil_starg_any = @cil_starg | @cil_starg_s;
+
+@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca;
+@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc;
+
+@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda;
+@cil_stfld_any = @cil_stfld | @cil_stsfld;
+
+@cil_local_access = @cil_stloc_any | @cil_ldloc_any;
+@cil_arg_access = @cil_starg_any | @cil_ldarg_any;
+@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any;
+@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any;
+
+@cil_stack_access = @cil_local_access | @cil_arg_access;
+@cil_field_access = @cil_ldfld_any | @cil_stfld_any;
+
+@cil_access = @cil_read_access | @cil_write_access;
+
+// CIL constant/literal instructions
+
+@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8;
+
+@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 |
+  @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4;
+
+@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8;
+
+@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr;
+
+// Control flow
+
+@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump;
+@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s |
+    @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s |
+    @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt |
+    @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un;
+@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch;
+@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any;
+@cil_leave_any = @cil_leave | @cil_leave_s;
+@cil_jump = @cil_unconditional_jump | @cil_conditional_jump;
+
+// CIL call instructions
+
+@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj;
+
+// CIL expression instructions
+
+@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access |
+  @cil_newarr | @cil_ldtoken | @cil_sizeof |
+  @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup;
+
+@cil_unary_expr =
+  @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation|
+  @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any |
+  @cil_ldind | @cil_unbox;
+
+@cil_conversion_operation =
+  @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 |
+  @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 |
+  @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un |
+  @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un |
+  @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un |
+  @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un |
+  @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_i | @cil_conv_u | @cil_conv_r_un;
+
+@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 |
+  @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4;
+
+@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 |
+  @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref;
+
+@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation;
+
+@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl;
+
+@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un |
+  @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un |
+  @cil_sub_ovf | @cil_sub_ovf_un;
+
+@cil_unary_bitwise_operation = @cil_not;
+
+@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation;
+
+@cil_unary_arithmetic_operation = @cil_neg;
+
+@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un;
+
+// Elements that retrieve an address of something
+@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema;
+
+// CIL array instructions
+
+@cil_read_array =
+  @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i |
+  @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 |
+  @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4;
+
+@cil_write_array = @cil_stelem | @cil_stelem_ref |
+  @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 |
+  @cil_stelem_r4 | @cil_stelem_r8;
+
+@cil_throw_any = @cil_throw | @cil_rethrow;
+
+#keyset[impl, index]
+cil_instruction(
+  unique int id: @cil_instruction,
+  int opcode: int ref,
+  int index: int ref,
+  int impl: @cil_method_implementation ref);
+
+cil_jump(
+  unique int instruction: @cil_jump ref,
+  int target: @cil_instruction ref);
+
+cil_access(
+  unique int instruction: @cil_instruction ref,
+  int target: @cil_accessible ref);
+
+cil_value(
+  unique int instruction: @cil_literal ref,
+  string value: string ref);
+
+#keyset[instruction, index]
+cil_switch(
+  int instruction: @cil_switch ref,
+  int index: int ref,
+  int target: @cil_instruction ref);
+
+cil_instruction_location(
+  unique int id: @cil_instruction ref,
+  int loc: @location ref);
+
+cil_type_location(
+  int id: @cil_type ref,
+  int loc: @location ref);
+
+cil_method_location(
+  int id: @cil_method ref,
+  int loc: @location ref);
+
+@cil_namespace = @namespace;
+
+@cil_type_container = @cil_type | @cil_namespace | @cil_method;
+
+case @cil_type.kind of
+  0 = @cil_valueorreftype
+| 1 = @cil_typeparameter
+| 2 = @cil_array_type
+| 3 = @cil_pointer_type
+| 4 = @cil_function_pointer_type
+;
+
+cil_type(
+  unique int id: @cil_type,
+  string name: string ref,
+  int kind: int ref,
+  int parent: @cil_type_container ref,
+  int sourceDecl: @cil_type ref);
+
+cil_pointer_type(
+  unique int id: @cil_pointer_type ref,
+  int pointee: @cil_type ref);
+
+cil_array_type(
+  unique int id: @cil_array_type ref,
+  int element_type: @cil_type ref,
+  int rank: int ref);
+
+cil_function_pointer_return_type(
+  unique int id: @cil_function_pointer_type ref,
+  int return_type: @cil_type ref);
+
+cil_method(
+  unique int id: @cil_method,
+  string name: string ref,
+  int parent: @cil_type ref,
+  int return_type: @cil_type ref);
+
+cil_method_source_declaration(
+  unique int method: @cil_method ref,
+  int source: @cil_method ref);
+
+cil_method_implementation(
+  unique int id: @cil_method_implementation,
+  int method: @cil_method ref,
+  int location: @assembly ref);
+
+cil_implements(
+  int id: @cil_method ref,
+  int decl: @cil_method ref);
+
+#keyset[parent, name]
+cil_field(
+  unique int id: @cil_field,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int field_type: @cil_type ref);
+
+@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace;
+@cil_named_element = @cil_declaration | @cil_namespace;
+@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member;
+@cil_accessible = @cil_declaration;
+@cil_variable = @cil_field | @cil_stack_variable;
+@cil_stack_variable = @cil_local_variable | @cil_parameter;
+@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event;
+@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type;
+@cil_parameterizable = @cil_method | @cil_function_pointer_type;
+@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_method | @cil_function_pointer_type;
+
+#keyset[parameterizable, index]
+cil_parameter(
+  unique int id: @cil_parameter,
+  int parameterizable: @cil_parameterizable ref,
+  int index: int ref,
+  int param_type: @cil_type ref);
+
+cil_parameter_in(unique int id: @cil_parameter ref);
+cil_parameter_out(unique int id: @cil_parameter ref);
+
+cil_setter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+#keyset[id, modifier]
+cil_custom_modifiers(
+  int id: @cil_custom_modifier_receiver ref,
+  int modifier: @cil_type ref,
+  int kind: int ref); // modreq: 1, modopt: 0
+
+cil_type_annotation(
+  int id: @cil_has_type_annotation ref,
+  int annotation: int ref);
+
+cil_getter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+cil_adder(unique int event: @cil_event ref,
+  int method: @cil_method ref);
+
+cil_remover(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_property(
+  unique int id: @cil_property,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int property_type: @cil_type ref);
+
+#keyset[parent, name]
+cil_event(unique int id: @cil_event,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int event_type: @cil_type ref);
+
+#keyset[impl, index]
+cil_local_variable(
+  unique int id: @cil_local_variable,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int var_type: @cil_type ref);
+
+cil_function_pointer_calling_conventions(
+  int id: @cil_function_pointer_type ref,
+  int kind: int ref);
+
+// CIL handlers (exception handlers etc).
+
+case @cil_handler.kind of
+  0 = @cil_catch_handler
+| 1 = @cil_filter_handler
+| 2 = @cil_finally_handler
+| 4 = @cil_fault_handler
+;
+
+#keyset[impl, index]
+cil_handler(
+  unique int id: @cil_handler,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int kind: int ref,
+  int try_start: @cil_instruction ref,
+  int try_end: @cil_instruction ref,
+  int handler_start: @cil_instruction ref);
+
+cil_handler_filter(
+  unique int id: @cil_handler ref,
+  int filter_start: @cil_instruction ref);
+
+cil_handler_type(
+  unique int id: @cil_handler ref,
+  int catch_type: @cil_type ref);
+
+@cil_controlflow_node = @cil_entry_point | @cil_instruction;
+
+@cil_entry_point = @cil_method_implementation | @cil_handler;
+
+@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method;
+
+cil_method_stack_size(
+  unique int method: @cil_method_implementation ref,
+  int size: int ref);
+
+// CIL modifiers
+
+cil_public(int id: @cil_member ref);
+cil_private(int id: @cil_member ref);
+cil_protected(int id: @cil_member ref);
+cil_internal(int id: @cil_member ref);
+cil_static(int id: @cil_member ref);
+cil_sealed(int id: @cil_member ref);
+cil_virtual(int id: @cil_method ref);
+cil_abstract(int id: @cil_member ref);
+cil_class(int id: @cil_type ref);
+cil_interface(int id: @cil_type ref);
+cil_security(int id: @cil_member ref);
+cil_requiresecobject(int id: @cil_method ref);
+cil_specialname(int id: @cil_method ref);
+cil_newslot(int id: @cil_method ref);
+
+cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref);
+cil_base_interface(int id: @cil_type ref, int base: @cil_type ref);
+cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref);
+
+#keyset[unbound, index]
+cil_type_parameter(
+  int unbound: @cil_member ref,
+  int index: int ref,
+  int param: @cil_typeparameter ref);
+
+#keyset[bound, index]
+cil_type_argument(
+  int bound: @cil_member ref,
+  int index: int ref,
+  int t: @cil_type ref);
+
+// CIL type parameter constraints
+
+cil_typeparam_covariant(int tp: @cil_typeparameter ref);
+cil_typeparam_contravariant(int tp: @cil_typeparameter ref);
+cil_typeparam_class(int tp: @cil_typeparameter ref);
+cil_typeparam_struct(int tp: @cil_typeparameter ref);
+cil_typeparam_new(int tp: @cil_typeparameter ref);
+cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref);
+
+// CIL attributes
+
+cil_attribute(
+  unique int attributeid: @cil_attribute,
+  int element: @cil_declaration ref,
+  int constructor: @cil_method ref);
+
+#keyset[attribute_id, param]
+cil_attribute_named_argument(
+  int attribute_id: @cil_attribute ref,
+  string param: string ref,
+  string value: string ref);
+
+#keyset[attribute_id, index]
+cil_attribute_positional_argument(
+  int attribute_id: @cil_attribute ref,
+  int index: int ref,
+  string value: string ref);
+
+
+// Common .Net data model covering both C# and CIL
+
+// Common elements
+@dotnet_element = @element | @cil_element;
+@dotnet_named_element = @named_element | @cil_named_element;
+@dotnet_callable = @callable | @cil_method;
+@dotnet_variable = @variable | @cil_variable;
+@dotnet_field = @field | @cil_field;
+@dotnet_parameter = @parameter | @cil_parameter;
+@dotnet_declaration = @declaration | @cil_declaration;
+@dotnet_member = @member | @cil_member;
+@dotnet_event = @event | @cil_event;
+@dotnet_property = @property | @cil_property | @indexer;
+@dotnet_parameterizable = @parameterizable | @cil_parameterizable;
+
+// Common types
+@dotnet_type = @type | @cil_type;
+@dotnet_call = @call | @cil_call_any;
+@dotnet_throw = @throw_element | @cil_throw_any;
+@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type;
+@dotnet_typeparameter = @type_parameter | @cil_typeparameter;
+@dotnet_array_type = @array_type | @cil_array_type;
+@dotnet_pointer_type = @pointer_type | @cil_pointer_type;
+@dotnet_type_parameter = @type_parameter | @cil_typeparameter;
+@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable;
+
+// Attributes
+@dotnet_attribute = @attribute | @cil_attribute;
+
+// Expressions
+@dotnet_expr = @expr | @cil_expr;
+
+// Literals
+@dotnet_literal = @literal_expr | @cil_literal;
+@dotnet_string_literal = @string_literal_expr | @cil_ldstr;
+@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i;
+@dotnet_float_literal = @float_literal_expr | @cil_ldc_r;
+@dotnet_null_literal = @null_literal_expr | @cil_ldnull;
+
+@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property |
+    @callable | @value_or_ref_type | @void_type;
+
+#keyset[entity, location]
+metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref)
diff --git a/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/semmlecode.csharp.dbscheme b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/semmlecode.csharp.dbscheme
new file mode 100644
index 00000000000..4ac7d8bcac6
--- /dev/null
+++ b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/semmlecode.csharp.dbscheme
@@ -0,0 +1,2064 @@
+/* This is a dummy line to alter the dbscheme, so we can make a database upgrade
+ * without actually changing any of the dbscheme predicates. It contains a date
+ * to allow for such updates in the future as well.
+ *
+ * 2021-07-14
+ *
+ * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a
+ * previously seen state (matching a previously seen SHA), which would make the upgrade
+ * mechanism not work properly.
+ */
+
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    unique int id : @compilation,
+    string cwd : string ref
+);
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | --compiler
+ * 1   | *path to compiler*
+ * 2   | f1.cs
+ * 3   | f2.cs
+ * 4   | f3.cs
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | f1.cs
+ * 1   | f2.cs
+ * 2   | f3.cs
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The references used by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | ref1.dll
+ * 1   | ref2.dll
+ * 2   | ref3.dll
+ */
+#keyset[id, num]
+compilation_referencing_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+extractor_messages(
+    unique int id: @extractor_message,
+    int severity: int ref,
+    string origin : string ref,
+    string text : string ref,
+    string entity : string ref,
+    int location: @location_default ref,
+    string stack_trace : string ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+compilation_assembly(
+  unique int id : @compilation ref,
+  int assembly: @assembly ref
+)
+
+// Populated by the CSV extractor
+externalData(
+   int id: @externalDataElement,
+   string path: string ref,
+   int column: int ref,
+   string value: string ref);
+
+sourceLocationPrefix(
+  string prefix: string ref);
+
+/*
+ * C# dbscheme
+ */
+
+/** ELEMENTS **/
+
+@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration
+         | @using_directive | @type_parameter_constraints | @externalDataElement
+         | @xmllocatable | @asp_element | @namespace | @preprocessor_directive;
+
+@declaration = @callable | @generic | @assignable | @namespace;
+
+@named_element = @namespace | @declaration;
+
+@declaration_with_accessors = @property | @indexer | @event;
+
+@assignable = @variable | @assignable_with_accessors | @event;
+
+@assignable_with_accessors = @property | @indexer;
+
+@attributable = @assembly | @field | @parameter | @operator | @method | @constructor
+              | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors
+              | @local_function | @lambda_expr;
+
+/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/
+
+@location = @location_default | @assembly;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+locations_mapped(
+  unique int id: @location_default ref,
+  int mapped_to: @location_default ref);
+
+@sourceline = @file | @callable | @xmllocatable;
+
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref);
+
+assemblies(
+  unique int id: @assembly,
+  int file: @file ref,
+  string fullname: string ref,
+  string name: string ref,
+  string version: string ref);
+
+files(
+  unique int id: @file,
+  string name: string ref);
+
+folders(
+  unique int id: @folder,
+  string name: string ref);
+
+@container = @folder | @file ;
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref);
+
+file_extraction_mode(
+  unique int file: @file ref,
+  int mode: int ref
+  /* 0 = normal, 1 = standalone extractor */
+  );
+
+/** NAMESPACES **/
+
+@type_container = @namespace | @type;
+
+namespaces(
+  unique int id: @namespace,
+  string name: string ref);
+
+namespace_declarations(
+  unique int id: @namespace_declaration,
+  int namespace_id: @namespace ref);
+
+namespace_declaration_location(
+  unique int id: @namespace_declaration ref,
+  int loc: @location ref);
+
+parent_namespace(
+  unique int child_id: @type_container ref,
+  int namespace_id: @namespace ref);
+
+@declaration_or_directive = @namespace_declaration | @type | @using_directive;
+
+parent_namespace_declaration(
+  int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes
+  int namespace_id: @namespace_declaration ref);
+
+@using_directive = @using_namespace_directive | @using_static_directive;
+
+using_global(
+  unique int id: @using_directive ref
+);
+
+using_namespace_directives(
+  unique int id: @using_namespace_directive,
+  int namespace_id: @namespace ref);
+
+using_static_directives(
+  unique int id: @using_static_directive,
+  int type_id: @type_or_ref ref);
+
+using_directive_location(
+  unique int id: @using_directive ref,
+  int loc: @location ref);
+
+@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning
+  | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if
+  | @directive_elif | @directive_else | @directive_endif;
+
+@conditional_directive = @directive_if | @directive_elif;
+@branch_directive = @directive_if | @directive_elif | @directive_else;
+
+directive_ifs(
+  unique int id: @directive_if,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref); /* 0: false, 1: true */
+
+directive_elifs(
+  unique int id: @directive_elif,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref,  /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+directive_elses(
+  unique int id: @directive_else,
+  int branchTaken: int ref,   /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+#keyset[id, start]
+directive_endifs(
+  unique int id: @directive_endif,
+  unique int start: @directive_if ref);
+
+directive_define_symbols(
+  unique int id: @define_symbol_expr ref,
+  string name: string ref);
+
+directive_regions(
+  unique int id: @directive_region,
+  string name: string ref);
+
+#keyset[id, start]
+directive_endregions(
+  unique int id: @directive_endregion,
+  unique int start: @directive_region ref);
+
+directive_lines(
+  unique int id: @directive_line,
+  int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */
+
+directive_line_value(
+  unique int id: @directive_line ref,
+  int line: int ref);
+
+directive_line_file(
+  unique int id: @directive_line ref,
+  int file: @file ref);
+
+directive_line_offset(
+  unique int id: @directive_line ref,
+  int offset: int ref);
+
+directive_line_span(
+  unique int id: @directive_line ref,
+  int startLine: int ref,
+  int startColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+directive_nullables(
+  unique int id: @directive_nullable,
+  int setting: int ref, /* 0: disable, 1: enable, 2: restore */
+  int target: int ref); /* 0: none, 1: annotations, 2: warnings */
+
+directive_warnings(
+  unique int id: @directive_warning,
+  string message: string ref);
+
+directive_errors(
+  unique int id: @directive_error,
+  string message: string ref);
+
+directive_undefines(
+  unique int id: @directive_undefine,
+  string name: string ref);
+
+directive_defines(
+  unique int id: @directive_define,
+  string name: string ref);
+
+pragma_checksums(
+  unique int id: @pragma_checksum,
+  int file: @file ref,
+  string guid: string ref,
+  string bytes: string ref);
+
+pragma_warnings(
+  unique int id: @pragma_warning,
+  int kind: int ref /* 0 = disable, 1 = restore */);
+
+#keyset[id, index]
+pragma_warning_error_codes(
+  int id: @pragma_warning ref,
+  string errorCode: string ref,
+  int index: int ref);
+
+preprocessor_directive_location(
+  unique int id: @preprocessor_directive ref,
+  int loc: @location ref);
+
+preprocessor_directive_compilation(
+  unique int id: @preprocessor_directive ref,
+  int compilation: @compilation ref);
+
+preprocessor_directive_active(
+  unique int id: @preprocessor_directive ref,
+  int active: int ref);  /* 0: false, 1: true */
+
+/** TYPES **/
+
+types(
+  unique int id: @type,
+  int kind: int ref,
+  string name: string ref);
+
+case @type.kind of
+   1 = @bool_type
+|  2 = @char_type
+|  3 = @decimal_type
+|  4 = @sbyte_type
+|  5 = @short_type
+|  6 = @int_type
+|  7 = @long_type
+|  8 = @byte_type
+|  9 = @ushort_type
+| 10 = @uint_type
+| 11 = @ulong_type
+| 12 = @float_type
+| 13 = @double_type
+| 14 = @enum_type
+| 15 = @struct_type
+| 17 = @class_type
+| 19 = @interface_type
+| 20 = @delegate_type
+| 21 = @null_type
+| 22 = @type_parameter
+| 23 = @pointer_type
+| 24 = @nullable_type
+| 25 = @array_type
+| 26 = @void_type
+| 27 = @int_ptr_type
+| 28 = @uint_ptr_type
+| 29 = @dynamic_type
+| 30 = @arglist_type
+| 31 = @unknown_type
+| 32 = @tuple_type
+| 33 = @function_pointer_type
+  ;
+
+@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type;
+@integral_type = @signed_integral_type | @unsigned_integral_type;
+@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type;
+@unsigned_integral_type = @byte_type  | @ushort_type | @uint_type | @ulong_type;
+@floating_point_type = @float_type | @double_type;
+@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type
+            | @uint_ptr_type | @tuple_type;
+@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type
+          | @dynamic_type;
+@value_or_ref_type = @value_type | @ref_type;
+
+typerefs(
+  unique int id: @typeref,
+  string name: string ref);
+
+typeref_type(
+  int id: @typeref ref,
+  unique int typeId: @type ref);
+
+@type_or_ref = @type | @typeref;
+
+array_element_type(
+  unique int array: @array_type ref,
+  int dimension: int ref,
+  int rank: int ref,
+  int element: @type_or_ref ref);
+
+nullable_underlying_type(
+  unique int nullable: @nullable_type ref,
+  int underlying: @type_or_ref ref);
+
+pointer_referent_type(
+  unique int pointer: @pointer_type ref,
+  int referent: @type_or_ref ref);
+
+enum_underlying_type(
+  unique int enum_id: @enum_type ref,
+  int underlying_type_id: @type_or_ref ref);
+
+delegate_return_type(
+  unique int delegate_id: @delegate_type ref,
+  int return_type_id: @type_or_ref ref);
+
+function_pointer_return_type(
+    unique int function_pointer_id: @function_pointer_type ref,
+    int return_type_id: @type_or_ref ref);
+
+extend(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+anonymous_types(
+  unique int id: @type ref);
+
+@interface_or_ref = @interface_type | @typeref;
+
+implement(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+type_location(
+  int id: @type ref,
+  int loc: @location ref);
+
+tuple_underlying_type(
+  unique int tuple: @tuple_type ref,
+  int struct: @type_or_ref ref);
+
+#keyset[tuple, index]
+tuple_element(
+  int tuple: @tuple_type ref,
+  int index: int ref,
+  unique int field: @field ref);
+
+attributes(
+  unique int id: @attribute,
+  int kind: int ref,
+  int type_id: @type_or_ref ref,
+  int target:  @attributable ref);
+
+case @attribute.kind of
+  0 = @attribute_default
+| 1 = @attribute_return
+| 2 = @attribute_assembly
+| 3 = @attribute_module
+;
+
+attribute_location(
+  int id: @attribute ref,
+  int loc: @location ref);
+
+@type_mention_parent = @element | @type_mention;
+
+type_mention(
+  unique int id: @type_mention,
+  int type_id: @type_or_ref ref,
+  int parent: @type_mention_parent ref);
+
+type_mention_location(
+  unique int id: @type_mention ref,
+  int loc: @location ref);
+
+@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type;
+
+/**
+ * A direct annotation on an entity, for example `string? x;`.
+ *
+ * Annotations:
+ * 2 = reftype is not annotated "!"
+ * 3 = reftype is annotated "?"
+ * 4 = readonly ref type / in parameter
+ * 5 = ref type parameter, return or local variable
+ * 6 = out parameter
+ *
+ * Note that the annotation depends on the element it annotates.
+ * @assignable: The annotation is on the type of the assignable, for example the variable type.
+ * @type_parameter: The annotation is on the reftype constraint
+ * @callable: The annotation is on the return type
+ * @array_type: The annotation is on the element type
+ */
+type_annotation(int id: @has_type_annotation ref, int annotation: int ref);
+
+nullability(unique int nullability: @nullability, int kind: int ref);
+
+case @nullability.kind of
+  0 = @oblivious
+| 1 = @not_annotated
+| 2 = @annotated
+;
+
+#keyset[parent, index]
+nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref)
+
+type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref);
+
+/**
+ * The nullable flow state of an expression, as determined by Roslyn.
+ *   0 = none (default, not populated)
+ *   1 = not null
+ *   2 = maybe null
+ */
+expr_flowstate(unique int id: @expr ref, int state: int ref);
+
+/** GENERICS **/
+
+@generic = @type | @method | @local_function;
+
+type_parameters(
+  unique int id: @type_parameter ref,
+  int index: int ref,
+  int generic_id: @generic ref,
+  int variance: int ref /* none = 0, out = 1, in = 2 */);
+
+#keyset[constructed_id, index]
+type_arguments(
+  int id: @type_or_ref ref,
+  int index: int ref,
+  int constructed_id: @generic_or_ref ref);
+
+@generic_or_ref = @generic | @typeref;
+
+constructed_generic(
+  unique int constructed: @generic ref,
+  int generic: @generic_or_ref ref);
+
+type_parameter_constraints(
+  unique int id: @type_parameter_constraints,
+  int param_id: @type_parameter ref);
+
+type_parameter_constraints_location(
+  int id: @type_parameter_constraints ref,
+  int loc: @location ref);
+
+general_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int kind: int ref /* class = 1, struct = 2, new = 3 */);
+
+specific_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref);
+
+specific_type_parameter_nullability(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref,
+  int nullability: @nullability ref);
+
+/** FUNCTION POINTERS */
+
+function_pointer_calling_conventions(
+  int id: @function_pointer_type ref,
+  int kind: int ref);
+
+#keyset[id, index]
+has_unmanaged_calling_conventions(
+  int id: @function_pointer_type ref,
+  int index: int ref,
+  int conv_id: @type_or_ref ref);
+
+/** MODIFIERS */
+
+@modifiable = @modifiable_direct | @event_accessor;
+
+@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr;
+
+modifiers(
+  unique int id: @modifier,
+  string name: string ref);
+
+has_modifiers(
+  int id: @modifiable_direct ref,
+  int mod_id: @modifier ref);
+
+compiler_generated(unique int id: @modifiable ref);
+
+/** MEMBERS **/
+
+@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type;
+
+@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr;
+
+@virtualizable = @method | @property | @indexer | @event;
+
+exprorstmt_name(
+  unique int parent_id: @named_exprorstmt ref,
+  string name: string ref);
+
+nested_types(
+  unique int id: @type ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @type ref);
+
+properties(
+  unique int id: @property,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @property ref);
+
+property_location(
+  int id: @property ref,
+  int loc: @location ref);
+
+indexers(
+  unique int id: @indexer,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @indexer ref);
+
+indexer_location(
+  int id: @indexer ref,
+  int loc: @location ref);
+
+accessors(
+  unique int id: @accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_member_id: @member ref,
+  int unbound_id: @accessor ref);
+
+case @accessor.kind of
+  1 = @getter
+| 2 = @setter
+  ;
+
+init_only_accessors(
+  unique int id: @accessor ref);
+
+accessor_location(
+  int id: @accessor ref,
+  int loc: @location ref);
+
+events(
+  unique int id: @event,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @event ref);
+
+event_location(
+  int id: @event ref,
+  int loc: @location ref);
+
+event_accessors(
+  unique int id: @event_accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_event_id: @event ref,
+  int unbound_id: @event_accessor ref);
+
+case @event_accessor.kind of
+  1 = @add_event_accessor
+| 2 = @remove_event_accessor
+  ;
+
+event_accessor_location(
+  int id: @event_accessor ref,
+  int loc: @location ref);
+
+operators(
+  unique int id: @operator,
+  string name: string ref,
+  string symbol: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @operator ref);
+
+operator_location(
+  int id: @operator ref,
+  int loc: @location ref);
+
+constant_value(
+  int id: @variable ref,
+  string value: string ref);
+
+/** CALLABLES **/
+
+@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function;
+
+@callable_accessor = @accessor | @event_accessor;
+
+methods(
+  unique int id: @method,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @method ref);
+
+method_location(
+  int id: @method ref,
+  int loc: @location ref);
+
+constructors(
+  unique int id: @constructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @constructor ref);
+
+constructor_location(
+  int id: @constructor ref,
+  int loc: @location ref);
+
+destructors(
+  unique int id: @destructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @destructor ref);
+
+destructor_location(
+  int id: @destructor ref,
+  int loc: @location ref);
+
+overrides(
+  int id: @callable ref,
+  int base_id: @callable ref);
+
+explicitly_implements(
+  int id: @member ref,
+  int interface_id: @interface_or_ref ref);
+
+local_functions(
+    unique int id: @local_function,
+    string name: string ref,
+    int return_type: @type ref,
+    int unbound_id: @local_function ref);
+
+local_function_stmts(
+    unique int fn: @local_function_stmt ref,
+    int stmt: @local_function ref);
+
+/** VARIABLES **/
+
+@variable = @local_scope_variable | @field;
+
+@local_scope_variable = @local_variable | @parameter;
+
+fields(
+  unique int id: @field,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @field ref);
+
+case @field.kind of
+  1 = @addressable_field
+| 2 = @constant
+  ;
+
+field_location(
+  int id: @field ref,
+  int loc: @location ref);
+
+localvars(
+  unique int id: @local_variable,
+  int kind: int ref,
+  string name: string ref,
+  int implicitly_typed: int ref /* 0 = no, 1 = yes */,
+  int type_id: @type_or_ref ref,
+  int parent_id: @local_var_decl_expr ref);
+
+case @local_variable.kind of
+  1 = @addressable_local_variable
+| 2 = @local_constant
+| 3 = @local_variable_ref
+  ;
+
+localvar_location(
+  unique int id: @local_variable ref,
+  int loc: @location ref);
+
+@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type;
+
+#keyset[name, parent_id]
+#keyset[index, parent_id]
+params(
+  unique int id: @parameter,
+  string name: string ref,
+  int type_id: @type_or_ref ref,
+  int index: int ref,
+  int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */
+  int parent_id: @parameterizable ref,
+  int unbound_id: @parameter ref);
+
+param_location(
+  int id: @parameter ref,
+  int loc: @location ref);
+
+/** STATEMENTS **/
+
+@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent;
+
+statements(
+  unique int id: @stmt,
+  int kind: int ref);
+
+#keyset[index, parent]
+stmt_parent(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_stmt_parent = @callable;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+stmt_parent_top_level(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @top_level_stmt_parent ref);
+
+case @stmt.kind of
+   1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @switch_stmt
+|  5 = @while_stmt
+|  6 = @do_stmt
+|  7 = @for_stmt
+|  8 = @foreach_stmt
+|  9 = @break_stmt
+| 10 = @continue_stmt
+| 11 = @goto_stmt
+| 12 = @goto_case_stmt
+| 13 = @goto_default_stmt
+| 14 = @throw_stmt
+| 15 = @return_stmt
+| 16 = @yield_stmt
+| 17 = @try_stmt
+| 18 = @checked_stmt
+| 19 = @unchecked_stmt
+| 20 = @lock_stmt
+| 21 = @using_block_stmt
+| 22 = @var_decl_stmt
+| 23 = @const_decl_stmt
+| 24 = @empty_stmt
+| 25 = @unsafe_stmt
+| 26 = @fixed_stmt
+| 27 = @label_stmt
+| 28 = @catch
+| 29 = @case_stmt
+| 30 = @local_function_stmt
+| 31 = @using_decl_stmt
+  ;
+
+@using_stmt = @using_block_stmt | @using_decl_stmt;
+
+@labeled_stmt = @label_stmt | @case;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt;
+
+@cond_stmt = @if_stmt | @switch_stmt;
+
+@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt;
+
+@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt
+           | @yield_stmt;
+
+@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt;
+
+
+stmt_location(
+  unique int id: @stmt ref,
+  int loc: @location ref);
+
+catch_type(
+  unique int catch_id: @catch ref,
+  int type_id: @type_or_ref ref,
+  int kind: int ref /* explicit = 1, implicit = 2 */);
+
+foreach_stmt_info(
+  unique int id: @foreach_stmt ref,
+  int kind: int ref /* non-async = 1, async = 2 */);
+
+@foreach_symbol =  @method | @property | @type_or_ref;
+
+#keyset[id, kind]
+foreach_stmt_desugar(
+  int id: @foreach_stmt ref,
+  int symbol: @foreach_symbol ref,
+  int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */);
+
+/** EXPRESSIONS **/
+
+expressions(
+  unique int id: @expr,
+  int kind: int ref,
+  int type_id: @type_or_ref ref);
+
+#keyset[index, parent]
+expr_parent(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif;
+
+@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+expr_parent_top_level(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @top_level_exprorstmt_parent ref);
+
+case @expr.kind of
+/* literal */
+   1 = @bool_literal_expr
+|  2 = @char_literal_expr
+|  3 = @decimal_literal_expr
+|  4 = @int_literal_expr
+|  5 = @long_literal_expr
+|  6 = @uint_literal_expr
+|  7 = @ulong_literal_expr
+|  8 = @float_literal_expr
+|  9 = @double_literal_expr
+| 10 = @string_literal_expr
+| 11 = @null_literal_expr
+/* primary & unary */
+| 12 = @this_access_expr
+| 13 = @base_access_expr
+| 14 = @local_variable_access_expr
+| 15 = @parameter_access_expr
+| 16 = @field_access_expr
+| 17 = @property_access_expr
+| 18 = @method_access_expr
+| 19 = @event_access_expr
+| 20 = @indexer_access_expr
+| 21 = @array_access_expr
+| 22 = @type_access_expr
+| 23 = @typeof_expr
+| 24 = @method_invocation_expr
+| 25 = @delegate_invocation_expr
+| 26 = @operator_invocation_expr
+| 27 = @cast_expr
+| 28 = @object_creation_expr
+| 29 = @explicit_delegate_creation_expr
+| 30 = @implicit_delegate_creation_expr
+| 31 = @array_creation_expr
+| 32 = @default_expr
+| 33 = @plus_expr
+| 34 = @minus_expr
+| 35 = @bit_not_expr
+| 36 = @log_not_expr
+| 37 = @post_incr_expr
+| 38 = @post_decr_expr
+| 39 = @pre_incr_expr
+| 40 = @pre_decr_expr
+/* multiplicative */
+| 41 = @mul_expr
+| 42 = @div_expr
+| 43 = @rem_expr
+/* additive */
+| 44 = @add_expr
+| 45 = @sub_expr
+/* shift */
+| 46 = @lshift_expr
+| 47 = @rshift_expr
+/* relational */
+| 48 = @lt_expr
+| 49 = @gt_expr
+| 50 = @le_expr
+| 51 = @ge_expr
+/* equality */
+| 52 = @eq_expr
+| 53 = @ne_expr
+/* logical */
+| 54 = @bit_and_expr
+| 55 = @bit_xor_expr
+| 56 = @bit_or_expr
+| 57 = @log_and_expr
+| 58 = @log_or_expr
+/* type testing */
+| 59 = @is_expr
+| 60 = @as_expr
+/* null coalescing */
+| 61 = @null_coalescing_expr
+/* conditional */
+| 62 = @conditional_expr
+/* assignment */
+| 63 = @simple_assign_expr
+| 64 = @assign_add_expr
+| 65 = @assign_sub_expr
+| 66 = @assign_mul_expr
+| 67 = @assign_div_expr
+| 68 = @assign_rem_expr
+| 69 = @assign_and_expr
+| 70 = @assign_xor_expr
+| 71 = @assign_or_expr
+| 72 = @assign_lshift_expr
+| 73 = @assign_rshift_expr
+/* more */
+| 74 = @object_init_expr
+| 75 = @collection_init_expr
+| 76 = @array_init_expr
+| 77 = @checked_expr
+| 78 = @unchecked_expr
+| 79 = @constructor_init_expr
+| 80 = @add_event_expr
+| 81 = @remove_event_expr
+| 82 = @par_expr
+| 83 = @local_var_decl_expr
+| 84 = @lambda_expr
+| 85 = @anonymous_method_expr
+| 86 = @namespace_expr
+/* dynamic */
+| 92 = @dynamic_element_access_expr
+| 93 = @dynamic_member_access_expr
+/* unsafe */
+| 100 = @pointer_indirection_expr
+| 101 = @address_of_expr
+| 102 = @sizeof_expr
+/* async */
+| 103 = @await_expr
+/* C# 6.0 */
+| 104 = @nameof_expr
+| 105 = @interpolated_string_expr
+| 106 = @unknown_expr
+/* C# 7.0 */
+| 107 = @throw_expr
+| 108 = @tuple_expr
+| 109 = @local_function_invocation_expr
+| 110 = @ref_expr
+| 111 = @discard_expr
+/* C# 8.0 */
+| 112 = @range_expr
+| 113 = @index_expr
+| 114 = @switch_expr
+| 115 = @recursive_pattern_expr
+| 116 = @property_pattern_expr
+| 117 = @positional_pattern_expr
+| 118 = @switch_case_expr
+| 119 = @assign_coalesce_expr
+| 120 = @suppress_nullable_warning_expr
+| 121 = @namespace_access_expr
+/* C# 9.0 */
+| 122 = @lt_pattern_expr
+| 123 = @gt_pattern_expr
+| 124 = @le_pattern_expr
+| 125 = @ge_pattern_expr
+| 126 = @not_pattern_expr
+| 127 = @and_pattern_expr
+| 128 = @or_pattern_expr
+| 129 = @function_pointer_invocation_expr
+| 130 = @with_expr
+/* Preprocessor */
+| 999 = @define_symbol_expr
+;
+
+@switch = @switch_stmt | @switch_expr;
+@case = @case_stmt | @switch_case_expr;
+@pattern_match = @case | @is_expr;
+@unary_pattern_expr = @not_pattern_expr;
+@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr;
+@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr;
+
+@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr;
+@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr;
+@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr
+              | @string_literal_expr | @null_literal_expr;
+
+@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr;
+@assign_op_expr =  @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr;
+@assign_event_expr = @add_event_expr | @remove_event_expr;
+
+@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr
+                   | @assign_rem_expr
+@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr
+                   | @assign_lshift_expr | @assign_rshift_expr;
+
+@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr
+                    | @method_access_expr | @type_access_expr | @dynamic_member_access_expr;
+@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr;
+@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr;
+
+@local_variable_access = @local_variable_access_expr | @local_var_decl_expr;
+@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access;
+@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr;
+
+@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr
+                        | @event_access_expr | @dynamic_member_access_expr;
+
+@objectorcollection_init_expr = @object_init_expr | @collection_init_expr;
+
+@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr;
+
+@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr;
+@incr_op_expr =  @pre_incr_expr | @post_incr_expr;
+@decr_op_expr =  @pre_decr_expr | @post_decr_expr;
+@mut_op_expr = @incr_op_expr | @decr_op_expr;
+@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr;
+@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr;
+
+@ternary_log_op_expr = @conditional_expr;
+@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr;
+@un_log_op_expr = @log_not_expr;
+@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr;
+
+@bin_bit_op_expr =  @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr
+                 | @rshift_expr;
+@un_bit_op_expr = @bit_not_expr;
+@bit_expr = @un_bit_op_expr | @bin_bit_op_expr;
+
+@equality_op_expr =  @eq_expr | @ne_expr;
+@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr;
+@comp_expr = @equality_op_expr | @rel_op_expr;
+
+@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op;
+
+@ternary_op = @ternary_log_op_expr;
+@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr;
+@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr
+       | @pointer_indirection_expr | @address_of_expr;
+
+@anonymous_function_expr = @lambda_expr | @anonymous_method_expr;
+
+@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr
+      | @delegate_invocation_expr | @object_creation_expr | @call_access_expr
+      | @local_function_invocation_expr | @function_pointer_invocation_expr;
+
+@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr;
+
+@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr
+                    | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr;
+
+@throw_element = @throw_expr | @throw_stmt;
+
+@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr;
+
+implicitly_typed_array_creation(
+  unique int id: @array_creation_expr ref);
+
+explicitly_sized_array_creation(
+  unique int id: @array_creation_expr ref);
+
+stackalloc_array_creation(
+  unique int id: @array_creation_expr ref);
+
+implicitly_typed_object_creation(
+  unique int id: @implicitly_typeable_object_creation_expr ref);
+
+mutator_invocation_mode(
+  unique int id: @operator_invocation_expr ref,
+  int mode: int ref /* prefix = 1, postfix = 2*/);
+
+expr_compiler_generated(
+  unique int id: @expr ref);
+
+expr_value(
+  unique int id: @expr ref,
+  string value: string ref);
+
+expr_call(
+  unique int caller_id: @expr ref,
+  int target_id: @callable ref);
+
+expr_access(
+  unique int accesser_id: @access_expr ref,
+  int target_id: @accessible ref);
+
+@accessible = @method | @assignable | @local_function | @namespace;
+
+expr_location(
+  unique int id: @expr ref,
+  int loc: @location ref);
+
+dynamic_member_name(
+  unique int id: @late_bindable_expr ref,
+  string name: string ref);
+
+@qualifiable_expr = @member_access_expr
+                  | @method_invocation_expr
+                  | @element_access_expr;
+
+conditional_access(
+  unique int id: @qualifiable_expr ref);
+
+expr_argument(
+  unique int id: @expr ref,
+  int mode: int ref);
+  /* mode is the same as params: value = 0, ref = 1, out = 2 */
+
+expr_argument_name(
+  unique int id: @expr ref,
+  string name: string ref);
+
+lambda_expr_return_type(
+  unique int id: @lambda_expr ref,
+  int type_id: @type_or_ref ref);
+  
+/** CONTROL/DATA FLOW **/
+
+@control_flow_element = @stmt | @expr;
+
+/* XML Files */
+
+xmlEncoding  (
+  unique int id: @file ref,
+  string encoding: string ref);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/* Comments */
+
+commentline(
+  unique int id: @commentline,
+  int kind: int ref,
+  string text: string ref,
+  string rawtext: string ref);
+
+case @commentline.kind of
+  0 = @singlelinecomment
+| 1 = @xmldoccomment
+| 2 = @multilinecomment;
+
+commentline_location(
+  unique int id: @commentline ref,
+  int loc: @location ref);
+
+commentblock(
+  unique int id : @commentblock);
+
+commentblock_location(
+  unique int id: @commentblock ref,
+  int loc: @location ref);
+
+commentblock_binding(
+  int id: @commentblock ref,
+  int entity: @element ref,
+  int bindtype: int ref);    /* 0: Parent, 1: Best, 2: Before, 3: After */
+
+commentblock_child(
+  int id: @commentblock ref,
+  int commentline: @commentline ref,
+  int index: int ref);
+
+/* ASP.NET */
+
+case @asp_element.kind of
+  0=@asp_close_tag
+| 1=@asp_code
+| 2=@asp_comment
+| 3=@asp_data_binding
+| 4=@asp_directive
+| 5=@asp_open_tag
+| 6=@asp_quoted_string
+| 7=@asp_text
+| 8=@asp_xml_directive;
+
+@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string;
+
+asp_elements(
+  unique int id: @asp_element,
+  int kind: int ref,
+  int loc: @location ref);
+
+asp_comment_server(unique int comment: @asp_comment ref);
+asp_code_inline(unique int code: @asp_code ref);
+asp_directive_attribute(
+  int directive: @asp_directive ref,
+  int index: int ref,
+  string name: string ref,
+  int value: @asp_quoted_string ref);
+asp_directive_name(
+  unique int directive: @asp_directive ref,
+  string name: string ref);
+asp_element_body(
+  unique int element: @asp_element ref,
+  string body: string ref);
+asp_tag_attribute(
+  int tag: @asp_open_tag ref,
+  int index: int ref,
+  string name: string ref,
+  int attribute: @asp_attribute ref);
+asp_tag_name(
+  unique int tag: @asp_open_tag ref,
+  string name: string ref);
+asp_tag_isempty(int tag: @asp_open_tag ref);
+
+/* Common Intermediate Language - CIL */
+
+case @cil_instruction.opcode of
+  0 = @cil_nop
+| 1 = @cil_break
+| 2 = @cil_ldarg_0
+| 3 = @cil_ldarg_1
+| 4 = @cil_ldarg_2
+| 5 = @cil_ldarg_3
+| 6 = @cil_ldloc_0
+| 7 = @cil_ldloc_1
+| 8 = @cil_ldloc_2
+| 9 = @cil_ldloc_3
+| 10 = @cil_stloc_0
+| 11 = @cil_stloc_1
+| 12 = @cil_stloc_2
+| 13 = @cil_stloc_3
+| 14 = @cil_ldarg_s
+| 15 = @cil_ldarga_s
+| 16 = @cil_starg_s
+| 17 = @cil_ldloc_s
+| 18 = @cil_ldloca_s
+| 19 = @cil_stloc_s
+| 20 = @cil_ldnull
+| 21 = @cil_ldc_i4_m1
+| 22 = @cil_ldc_i4_0
+| 23 = @cil_ldc_i4_1
+| 24 = @cil_ldc_i4_2
+| 25 = @cil_ldc_i4_3
+| 26 = @cil_ldc_i4_4
+| 27 = @cil_ldc_i4_5
+| 28 = @cil_ldc_i4_6
+| 29 = @cil_ldc_i4_7
+| 30 = @cil_ldc_i4_8
+| 31 = @cil_ldc_i4_s
+| 32 = @cil_ldc_i4
+| 33 = @cil_ldc_i8
+| 34 = @cil_ldc_r4
+| 35 = @cil_ldc_r8
+| 37 = @cil_dup
+| 38 = @cil_pop
+| 39 = @cil_jmp
+| 40 = @cil_call
+| 41 = @cil_calli
+| 42 = @cil_ret
+| 43 = @cil_br_s
+| 44 = @cil_brfalse_s
+| 45 = @cil_brtrue_s
+| 46 = @cil_beq_s
+| 47 = @cil_bge_s
+| 48 = @cil_bgt_s
+| 49 = @cil_ble_s
+| 50 = @cil_blt_s
+| 51 = @cil_bne_un_s
+| 52 = @cil_bge_un_s
+| 53 = @cil_bgt_un_s
+| 54 = @cil_ble_un_s
+| 55 = @cil_blt_un_s
+| 56 = @cil_br
+| 57 = @cil_brfalse
+| 58 = @cil_brtrue
+| 59 = @cil_beq
+| 60 = @cil_bge
+| 61 = @cil_bgt
+| 62 = @cil_ble
+| 63 = @cil_blt
+| 64 = @cil_bne_un
+| 65 = @cil_bge_un
+| 66 = @cil_bgt_un
+| 67 = @cil_ble_un
+| 68 = @cil_blt_un
+| 69 = @cil_switch
+| 70 = @cil_ldind_i1
+| 71 = @cil_ldind_u1
+| 72 = @cil_ldind_i2
+| 73 = @cil_ldind_u2
+| 74 = @cil_ldind_i4
+| 75 = @cil_ldind_u4
+| 76 = @cil_ldind_i8
+| 77 = @cil_ldind_i
+| 78 = @cil_ldind_r4
+| 79 = @cil_ldind_r8
+| 80 = @cil_ldind_ref
+| 81 = @cil_stind_ref
+| 82 = @cil_stind_i1
+| 83 = @cil_stind_i2
+| 84 = @cil_stind_i4
+| 85 = @cil_stind_i8
+| 86 = @cil_stind_r4
+| 87 = @cil_stind_r8
+| 88 = @cil_add
+| 89 = @cil_sub
+| 90 = @cil_mul
+| 91 = @cil_div
+| 92 = @cil_div_un
+| 93 = @cil_rem
+| 94 = @cil_rem_un
+| 95 = @cil_and
+| 96 = @cil_or
+| 97 = @cil_xor
+| 98 = @cil_shl
+| 99 = @cil_shr
+| 100 = @cil_shr_un
+| 101 = @cil_neg
+| 102 = @cil_not
+| 103 = @cil_conv_i1
+| 104 = @cil_conv_i2
+| 105 = @cil_conv_i4
+| 106 = @cil_conv_i8
+| 107 = @cil_conv_r4
+| 108 = @cil_conv_r8
+| 109 = @cil_conv_u4
+| 110 = @cil_conv_u8
+| 111 = @cil_callvirt
+| 112 = @cil_cpobj
+| 113 = @cil_ldobj
+| 114 = @cil_ldstr
+| 115 = @cil_newobj
+| 116 = @cil_castclass
+| 117 = @cil_isinst
+| 118 = @cil_conv_r_un
+| 121 = @cil_unbox
+| 122 = @cil_throw
+| 123 = @cil_ldfld
+| 124 = @cil_ldflda
+| 125 = @cil_stfld
+| 126 = @cil_ldsfld
+| 127 = @cil_ldsflda
+| 128 = @cil_stsfld
+| 129 = @cil_stobj
+| 130 = @cil_conv_ovf_i1_un
+| 131 = @cil_conv_ovf_i2_un
+| 132 = @cil_conv_ovf_i4_un
+| 133 = @cil_conv_ovf_i8_un
+| 134 = @cil_conv_ovf_u1_un
+| 135 = @cil_conv_ovf_u2_un
+| 136 = @cil_conv_ovf_u4_un
+| 137 = @cil_conv_ovf_u8_un
+| 138 = @cil_conv_ovf_i_un
+| 139 = @cil_conv_ovf_u_un
+| 140 = @cil_box
+| 141 = @cil_newarr
+| 142 = @cil_ldlen
+| 143 = @cil_ldelema
+| 144 = @cil_ldelem_i1
+| 145 = @cil_ldelem_u1
+| 146 = @cil_ldelem_i2
+| 147 = @cil_ldelem_u2
+| 148 = @cil_ldelem_i4
+| 149 = @cil_ldelem_u4
+| 150 = @cil_ldelem_i8
+| 151 = @cil_ldelem_i
+| 152 = @cil_ldelem_r4
+| 153 = @cil_ldelem_r8
+| 154 = @cil_ldelem_ref
+| 155 = @cil_stelem_i
+| 156 = @cil_stelem_i1
+| 157 = @cil_stelem_i2
+| 158 = @cil_stelem_i4
+| 159 = @cil_stelem_i8
+| 160 = @cil_stelem_r4
+| 161 = @cil_stelem_r8
+| 162 = @cil_stelem_ref
+| 163 = @cil_ldelem
+| 164 = @cil_stelem
+| 165 = @cil_unbox_any
+| 179 = @cil_conv_ovf_i1
+| 180 = @cil_conv_ovf_u1
+| 181 = @cil_conv_ovf_i2
+| 182 = @cil_conv_ovf_u2
+| 183 = @cil_conv_ovf_i4
+| 184 = @cil_conv_ovf_u4
+| 185 = @cil_conv_ovf_i8
+| 186 = @cil_conv_ovf_u8
+| 194 = @cil_refanyval
+| 195 = @cil_ckinfinite
+| 198 = @cil_mkrefany
+| 208 = @cil_ldtoken
+| 209 = @cil_conv_u2
+| 210 = @cil_conv_u1
+| 211 = @cil_conv_i
+| 212 = @cil_conv_ovf_i
+| 213 = @cil_conv_ovf_u
+| 214 = @cil_add_ovf
+| 215 = @cil_add_ovf_un
+| 216 = @cil_mul_ovf
+| 217 = @cil_mul_ovf_un
+| 218 = @cil_sub_ovf
+| 219 = @cil_sub_ovf_un
+| 220 = @cil_endfinally
+| 221 = @cil_leave
+| 222 = @cil_leave_s
+| 223 = @cil_stind_i
+| 224 = @cil_conv_u
+| 65024 = @cil_arglist
+| 65025 = @cil_ceq
+| 65026 = @cil_cgt
+| 65027 = @cil_cgt_un
+| 65028 = @cil_clt
+| 65029 = @cil_clt_un
+| 65030 = @cil_ldftn
+| 65031 = @cil_ldvirtftn
+| 65033 = @cil_ldarg
+| 65034 = @cil_ldarga
+| 65035 = @cil_starg
+| 65036 = @cil_ldloc
+| 65037 = @cil_ldloca
+| 65038 = @cil_stloc
+| 65039 = @cil_localloc
+| 65041 = @cil_endfilter
+| 65042 = @cil_unaligned
+| 65043 = @cil_volatile
+| 65044 = @cil_tail
+| 65045 = @cil_initobj
+| 65046 = @cil_constrained
+| 65047 = @cil_cpblk
+| 65048 = @cil_initblk
+| 65050 = @cil_rethrow
+| 65052 = @cil_sizeof
+| 65053 = @cil_refanytype
+| 65054 = @cil_readonly
+;
+
+// CIL ignored instructions
+
+@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned;
+
+// CIL local/parameter/field access
+
+@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga;
+@cil_starg_any = @cil_starg | @cil_starg_s;
+
+@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca;
+@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc;
+
+@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda;
+@cil_stfld_any = @cil_stfld | @cil_stsfld;
+
+@cil_local_access = @cil_stloc_any | @cil_ldloc_any;
+@cil_arg_access = @cil_starg_any | @cil_ldarg_any;
+@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any;
+@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any;
+
+@cil_stack_access = @cil_local_access | @cil_arg_access;
+@cil_field_access = @cil_ldfld_any | @cil_stfld_any;
+
+@cil_access = @cil_read_access | @cil_write_access;
+
+// CIL constant/literal instructions
+
+@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8;
+
+@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 |
+  @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4;
+
+@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8;
+
+@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr;
+
+// Control flow
+
+@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump;
+@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s |
+    @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s |
+    @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt |
+    @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un;
+@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch;
+@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any;
+@cil_leave_any = @cil_leave | @cil_leave_s;
+@cil_jump = @cil_unconditional_jump | @cil_conditional_jump;
+
+// CIL call instructions
+
+@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj;
+
+// CIL expression instructions
+
+@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access |
+  @cil_newarr | @cil_ldtoken | @cil_sizeof |
+  @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup;
+
+@cil_unary_expr =
+  @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation|
+  @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any |
+  @cil_ldind | @cil_unbox;
+
+@cil_conversion_operation =
+  @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 |
+  @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 |
+  @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un |
+  @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un |
+  @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un |
+  @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un |
+  @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_i | @cil_conv_u | @cil_conv_r_un;
+
+@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 |
+  @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4;
+
+@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 |
+  @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref;
+
+@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation;
+
+@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl;
+
+@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un |
+  @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un |
+  @cil_sub_ovf | @cil_sub_ovf_un;
+
+@cil_unary_bitwise_operation = @cil_not;
+
+@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation;
+
+@cil_unary_arithmetic_operation = @cil_neg;
+
+@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un;
+
+// Elements that retrieve an address of something
+@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema;
+
+// CIL array instructions
+
+@cil_read_array =
+  @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i |
+  @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 |
+  @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4;
+
+@cil_write_array = @cil_stelem | @cil_stelem_ref |
+  @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 |
+  @cil_stelem_r4 | @cil_stelem_r8;
+
+@cil_throw_any = @cil_throw | @cil_rethrow;
+
+#keyset[impl, index]
+cil_instruction(
+  unique int id: @cil_instruction,
+  int opcode: int ref,
+  int index: int ref,
+  int impl: @cil_method_implementation ref);
+
+cil_jump(
+  unique int instruction: @cil_jump ref,
+  int target: @cil_instruction ref);
+
+cil_access(
+  unique int instruction: @cil_instruction ref,
+  int target: @cil_accessible ref);
+
+cil_value(
+  unique int instruction: @cil_literal ref,
+  string value: string ref);
+
+#keyset[instruction, index]
+cil_switch(
+  int instruction: @cil_switch ref,
+  int index: int ref,
+  int target: @cil_instruction ref);
+
+cil_instruction_location(
+  unique int id: @cil_instruction ref,
+  int loc: @location ref);
+
+cil_type_location(
+  int id: @cil_type ref,
+  int loc: @location ref);
+
+cil_method_location(
+  int id: @cil_method ref,
+  int loc: @location ref);
+
+@cil_namespace = @namespace;
+
+@cil_type_container = @cil_type | @cil_namespace | @cil_method;
+
+case @cil_type.kind of
+  0 = @cil_valueorreftype
+| 1 = @cil_typeparameter
+| 2 = @cil_array_type
+| 3 = @cil_pointer_type
+| 4 = @cil_function_pointer_type
+;
+
+cil_type(
+  unique int id: @cil_type,
+  string name: string ref,
+  int kind: int ref,
+  int parent: @cil_type_container ref,
+  int sourceDecl: @cil_type ref);
+
+cil_pointer_type(
+  unique int id: @cil_pointer_type ref,
+  int pointee: @cil_type ref);
+
+cil_array_type(
+  unique int id: @cil_array_type ref,
+  int element_type: @cil_type ref,
+  int rank: int ref);
+
+cil_function_pointer_return_type(
+  unique int id: @cil_function_pointer_type ref,
+  int return_type: @cil_type ref);
+
+cil_method(
+  unique int id: @cil_method,
+  string name: string ref,
+  int parent: @cil_type ref,
+  int return_type: @cil_type ref);
+
+cil_method_source_declaration(
+  unique int method: @cil_method ref,
+  int source: @cil_method ref);
+
+cil_method_implementation(
+  unique int id: @cil_method_implementation,
+  int method: @cil_method ref,
+  int location: @assembly ref);
+
+cil_implements(
+  int id: @cil_method ref,
+  int decl: @cil_method ref);
+
+#keyset[parent, name]
+cil_field(
+  unique int id: @cil_field,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int field_type: @cil_type ref);
+
+@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace;
+@cil_named_element = @cil_declaration | @cil_namespace;
+@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member;
+@cil_accessible = @cil_declaration;
+@cil_variable = @cil_field | @cil_stack_variable;
+@cil_stack_variable = @cil_local_variable | @cil_parameter;
+@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event;
+@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type;
+@cil_parameterizable = @cil_method | @cil_function_pointer_type;
+@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_method | @cil_function_pointer_type;
+
+#keyset[parameterizable, index]
+cil_parameter(
+  unique int id: @cil_parameter,
+  int parameterizable: @cil_parameterizable ref,
+  int index: int ref,
+  int param_type: @cil_type ref);
+
+cil_parameter_in(unique int id: @cil_parameter ref);
+cil_parameter_out(unique int id: @cil_parameter ref);
+
+cil_setter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+#keyset[id, modifier]
+cil_custom_modifiers(
+  int id: @cil_custom_modifier_receiver ref,
+  int modifier: @cil_type ref,
+  int kind: int ref); // modreq: 1, modopt: 0
+
+cil_type_annotation(
+  int id: @cil_has_type_annotation ref,
+  int annotation: int ref);
+
+cil_getter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+cil_adder(unique int event: @cil_event ref,
+  int method: @cil_method ref);
+
+cil_remover(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_property(
+  unique int id: @cil_property,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int property_type: @cil_type ref);
+
+#keyset[parent, name]
+cil_event(unique int id: @cil_event,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int event_type: @cil_type ref);
+
+#keyset[impl, index]
+cil_local_variable(
+  unique int id: @cil_local_variable,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int var_type: @cil_type ref);
+
+cil_function_pointer_calling_conventions(
+  int id: @cil_function_pointer_type ref,
+  int kind: int ref);
+
+// CIL handlers (exception handlers etc).
+
+case @cil_handler.kind of
+  0 = @cil_catch_handler
+| 1 = @cil_filter_handler
+| 2 = @cil_finally_handler
+| 4 = @cil_fault_handler
+;
+
+#keyset[impl, index]
+cil_handler(
+  unique int id: @cil_handler,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int kind: int ref,
+  int try_start: @cil_instruction ref,
+  int try_end: @cil_instruction ref,
+  int handler_start: @cil_instruction ref);
+
+cil_handler_filter(
+  unique int id: @cil_handler ref,
+  int filter_start: @cil_instruction ref);
+
+cil_handler_type(
+  unique int id: @cil_handler ref,
+  int catch_type: @cil_type ref);
+
+@cil_controlflow_node = @cil_entry_point | @cil_instruction;
+
+@cil_entry_point = @cil_method_implementation | @cil_handler;
+
+@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method;
+
+cil_method_stack_size(
+  unique int method: @cil_method_implementation ref,
+  int size: int ref);
+
+// CIL modifiers
+
+cil_public(int id: @cil_member ref);
+cil_private(int id: @cil_member ref);
+cil_protected(int id: @cil_member ref);
+cil_internal(int id: @cil_member ref);
+cil_static(int id: @cil_member ref);
+cil_sealed(int id: @cil_member ref);
+cil_virtual(int id: @cil_method ref);
+cil_abstract(int id: @cil_member ref);
+cil_class(int id: @cil_type ref);
+cil_interface(int id: @cil_type ref);
+cil_security(int id: @cil_member ref);
+cil_requiresecobject(int id: @cil_method ref);
+cil_specialname(int id: @cil_method ref);
+cil_newslot(int id: @cil_method ref);
+
+cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref);
+cil_base_interface(int id: @cil_type ref, int base: @cil_type ref);
+cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref);
+
+#keyset[unbound, index]
+cil_type_parameter(
+  int unbound: @cil_member ref,
+  int index: int ref,
+  int param: @cil_typeparameter ref);
+
+#keyset[bound, index]
+cil_type_argument(
+  int bound: @cil_member ref,
+  int index: int ref,
+  int t: @cil_type ref);
+
+// CIL type parameter constraints
+
+cil_typeparam_covariant(int tp: @cil_typeparameter ref);
+cil_typeparam_contravariant(int tp: @cil_typeparameter ref);
+cil_typeparam_class(int tp: @cil_typeparameter ref);
+cil_typeparam_struct(int tp: @cil_typeparameter ref);
+cil_typeparam_new(int tp: @cil_typeparameter ref);
+cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref);
+
+// CIL attributes
+
+cil_attribute(
+  unique int attributeid: @cil_attribute,
+  int element: @cil_declaration ref,
+  int constructor: @cil_method ref);
+
+#keyset[attribute_id, param]
+cil_attribute_named_argument(
+  int attribute_id: @cil_attribute ref,
+  string param: string ref,
+  string value: string ref);
+
+#keyset[attribute_id, index]
+cil_attribute_positional_argument(
+  int attribute_id: @cil_attribute ref,
+  int index: int ref,
+  string value: string ref);
+
+
+// Common .Net data model covering both C# and CIL
+
+// Common elements
+@dotnet_element = @element | @cil_element;
+@dotnet_named_element = @named_element | @cil_named_element;
+@dotnet_callable = @callable | @cil_method;
+@dotnet_variable = @variable | @cil_variable;
+@dotnet_field = @field | @cil_field;
+@dotnet_parameter = @parameter | @cil_parameter;
+@dotnet_declaration = @declaration | @cil_declaration;
+@dotnet_member = @member | @cil_member;
+@dotnet_event = @event | @cil_event;
+@dotnet_property = @property | @cil_property | @indexer;
+@dotnet_parameterizable = @parameterizable | @cil_parameterizable;
+
+// Common types
+@dotnet_type = @type | @cil_type;
+@dotnet_call = @call | @cil_call_any;
+@dotnet_throw = @throw_element | @cil_throw_any;
+@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type;
+@dotnet_typeparameter = @type_parameter | @cil_typeparameter;
+@dotnet_array_type = @array_type | @cil_array_type;
+@dotnet_pointer_type = @pointer_type | @cil_pointer_type;
+@dotnet_type_parameter = @type_parameter | @cil_typeparameter;
+@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable;
+
+// Attributes
+@dotnet_attribute = @attribute | @cil_attribute;
+
+// Expressions
+@dotnet_expr = @expr | @cil_expr;
+
+// Literals
+@dotnet_literal = @literal_expr | @cil_literal;
+@dotnet_string_literal = @string_literal_expr | @cil_ldstr;
+@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i;
+@dotnet_float_literal = @float_literal_expr | @cil_ldc_r;
+@dotnet_null_literal = @null_literal_expr | @cil_ldnull;
+
+@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property |
+    @callable | @value_or_ref_type | @void_type;
+
+#keyset[entity, location]
+metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref)
diff --git a/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/upgrade.properties b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/upgrade.properties
new file mode 100644
index 00000000000..f6ae8c489a2
--- /dev/null
+++ b/csharp/downgrades/83aca6b3e4fa38dd2b97b9b51dfc199a2ba9c7f2/upgrade.properties
@@ -0,0 +1,3 @@
+description: Remove list- and slice pattern expression kinds.
+compatibility: backwards
+expressions.rel: run expressions.qlo
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj b/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj
index 8dc6d8a9f76..2d9263eb24e 100644
--- a/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj
+++ b/csharp/extractor/Semmle.Extraction.CIL/Semmle.Extraction.CIL.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
@@ -24,7 +24,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.DiaSymReader" Version="1.3.0" />
+    <PackageReference Include="Microsoft.DiaSymReader" Version="1.4.0" />
     <PackageReference Include="Microsoft.DiaSymReader.Native" Version="1.7.0" />
     <PackageReference Include="Microsoft.DiaSymReader.PortablePdb" Version="1.6.0"><IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 <PrivateAssets>all</PrivateAssets>
diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj
index 5546278e93c..09a36029f13 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj
@@ -12,17 +12,17 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj"/>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 	<ItemGroup>
-		<Folder Include="Properties\"/>
+		<Folder Include="Properties\" />
 	</ItemGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.Build" Version="16.11.0"/>
-		<PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0"/>
-		<PackageReference Include="System.Net.Primitives" Version="4.3.1"/>
-		<PackageReference Include="System.Security.Principal" Version="4.3.0"/>
-		<PackageReference Include="System.Threading.ThreadPool" Version="4.3.0"/>
+		<PackageReference Include="Microsoft.Build" Version="17.3.2" />
+		<PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
+		<PackageReference Include="System.Net.Primitives" Version="4.3.1" />
+		<PackageReference Include="System.Security.Principal" Version="4.3.0" />
+		<PackageReference Include="System.Threading.ThreadPool" Version="4.3.0" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs
index a564d3e7f16..3c4cdcffc0e 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs
@@ -1,5 +1,5 @@
-using Semmle.Extraction.Entities;
 using System.IO;
+using Semmle.Util;
 
 namespace Semmle.Extraction.CSharp.Entities
 {
@@ -11,12 +11,8 @@ namespace Semmle.Extraction.CSharp.Entities
         public override void Populate(TextWriter trapFile)
         {
             trapFile.commentblock(this);
-            var child = 0;
             trapFile.commentblock_location(this, Context.CreateLocation(Symbol.Location));
-            foreach (var l in Symbol.CommentLines)
-            {
-                trapFile.commentblock_child(this, (CommentLine)l, child++);
-            }
+            Symbol.CommentLines.ForEach((l, child) => trapFile.commentblock_child(this, l, child));
         }
 
         public override bool NeedsPopulation => true;
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
index 75614d3ad1e..8dd6cd1ee22 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
@@ -39,45 +39,29 @@ namespace Semmle.Extraction.CSharp.Entities
             trapFile.compilation_assembly(this, assembly);
 
             // Arguments
-            var index = 0;
-            foreach (var arg in Compilation.Settings.Args)
-            {
-                trapFile.compilation_args(this, index++, arg);
-            }
+            Compilation.Settings.Args.ForEach((arg, index) => trapFile.compilation_args(this, index, arg));
 
             // Files
-            index = 0;
-            foreach (var file in Context.Compilation.SyntaxTrees.Select(tree => File.Create(Context, tree.FilePath)))
-            {
-                trapFile.compilation_compiling_files(this, index++, file);
-            }
+            Context.Compilation.SyntaxTrees.Select(tree => File.Create(Context, tree.FilePath)).ForEach((file, index) => trapFile.compilation_compiling_files(this, index, file));
 
             // References
-            index = 0;
-            foreach (var file in Context.Compilation.References
+            Context.Compilation.References
                 .OfType<PortableExecutableReference>()
                 .Where(r => r.FilePath is not null)
-                .Select(r => File.Create(Context, r.FilePath!)))
-            {
-                trapFile.compilation_referencing_files(this, index++, file);
-            }
+                .Select(r => File.Create(Context, r.FilePath!))
+                .ForEach((file, index) => trapFile.compilation_referencing_files(this, index, file));
 
             // Diagnostics
-            index = 0;
-            foreach (var diag in Context.Compilation.GetDiagnostics().Select(d => new Diagnostic(Context, d)))
-            {
-                trapFile.diagnostic_for(diag, this, 0, index++);
-            }
+            Context.Compilation
+                .GetDiagnostics()
+                .Select(d => new Diagnostic(Context, d))
+                .ForEach((diag, index) => trapFile.diagnostic_for(diag, this, 0, index));
         }
 
         public void PopulatePerformance(PerformanceMetrics p)
         {
             var trapFile = Context.TrapWriter.Writer;
-            var index = 0;
-            foreach (var metric in p.Metrics)
-            {
-                trapFile.compilation_time(this, -1, index++, metric);
-            }
+            p.Metrics.ForEach((metric, index) => trapFile.compilation_time(this, -1, index, metric));
             trapFile.compilation_finished(this, (float)p.Total.Cpu.TotalSeconds, (float)p.Total.Elapsed.TotalSeconds);
         }
 
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs
index c7860d2ad93..345fdd612b3 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs
@@ -2,6 +2,7 @@ using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Semmle.Extraction.Kinds;
+using Semmle.Util;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -108,11 +109,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
             if (length > 0)
             {
                 var arrayInit = ArrayInitializer.CreateGenerated(cx, arrayCreation, InitializerIndex, location);
-                var child = 0;
-                foreach (var item in items)
-                {
-                    Expression.CreateGenerated(cx, item, arrayInit, child++, location);
-                }
+                items.ForEach((item, child) => Expression.CreateGenerated(cx, item, arrayInit, child, location));
             }
 
             return arrayCreation;
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Initializer.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Initializer.cs
index 7124929a37c..266c820f68d 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Initializer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Initializer.cs
@@ -1,8 +1,8 @@
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
-using Semmle.Extraction.Entities;
 using Semmle.Extraction.Kinds;
+using Semmle.Util;
 using System.IO;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
@@ -146,11 +146,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
 
                     var init = (InitializerExpressionSyntax)i;
 
-                    var addChild = 0;
-                    foreach (var arg in init.Expressions)
-                    {
-                        Create(Context, arg, invocation, addChild++);
-                    }
+                    init.Expressions.ForEach((arg, child) => Create(Context, arg, invocation, child));
                 }
                 else
                 {
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/BinaryPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/BinaryPattern.cs
index 2d0292ae720..ec5177c8ce6 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/BinaryPattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/BinaryPattern.cs
@@ -1,7 +1,6 @@
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
-using Semmle.Extraction.Entities;
 using Semmle.Extraction.Kinds;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/ListPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/ListPattern.cs
new file mode 100644
index 00000000000..37e19b41aa7
--- /dev/null
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/ListPattern.cs
@@ -0,0 +1,15 @@
+using Microsoft.CodeAnalysis.CSharp.Syntax;
+using Semmle.Extraction.Kinds;
+using Semmle.Util;
+
+namespace Semmle.Extraction.CSharp.Entities.Expressions
+{
+    internal class ListPattern : Expression
+    {
+        internal ListPattern(Context cx, ListPatternSyntax syntax, IExpressionParentEntity parent, int child) :
+            base(new ExpressionInfo(cx, null, cx.CreateLocation(syntax.GetLocation()), ExprKind.LIST_PATTERN, parent, child, false, null))
+        {
+            syntax.Patterns.ForEach((p, i) => Pattern.Create(cx, p, this, i));
+        }
+    }
+}
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/Pattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/Pattern.cs
index d883995d062..500154b654d 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/Pattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/Pattern.cs
@@ -1,7 +1,6 @@
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Microsoft.CodeAnalysis.CSharp;
-using Semmle.Extraction.Entities;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
 {
@@ -74,6 +73,12 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
                 case DiscardPatternSyntax dp:
                     return new Discard(cx, dp, parent, child);
 
+                case ListPatternSyntax listPattern:
+                    return new ListPattern(cx, listPattern, parent, child);
+
+                case SlicePatternSyntax slicePattern:
+                    return new SlicePattern(cx, slicePattern, parent, child);
+
                 default:
                     throw new InternalError(syntax, "Pattern not handled");
             }
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PositionalPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PositionalPattern.cs
index f0ae03ae9dc..53e3dbbacd9 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PositionalPattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PositionalPattern.cs
@@ -1,6 +1,6 @@
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Semmle.Extraction.Kinds;
-using Semmle.Extraction.Entities;
+using Semmle.Util;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
 {
@@ -9,11 +9,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
         internal PositionalPattern(Context cx, PositionalPatternClauseSyntax posPc, IExpressionParentEntity parent, int child) :
             base(new ExpressionInfo(cx, null, cx.CreateLocation(posPc.GetLocation()), ExprKind.POSITIONAL_PATTERN, parent, child, false, null))
         {
-            child = 0;
-            foreach (var sub in posPc.Subpatterns)
-            {
-                Expressions.Pattern.Create(cx, sub.Pattern, this, child++);
-            }
+            posPc.Subpatterns.ForEach((p, i) => Pattern.Create(cx, p.Pattern, this, i));
         }
     }
 }
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PropertyPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PropertyPattern.cs
index 1aa515eca2a..30a020702e5 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PropertyPattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PropertyPattern.cs
@@ -1,8 +1,6 @@
-using System;
 using System.Collections.Generic;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Semmle.Extraction.Kinds;
-using Semmle.Extraction.Entities;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
 {
@@ -27,7 +25,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
 
         private class AccessStepPack
         {
-            public readonly List<AccessStep> Prefix = new List<AccessStep>();
+            public readonly List<AccessStep> Prefix = new();
             public AccessStep Last { get; private set; }
 
             public AccessStepPack Add(string identifier, Microsoft.CodeAnalysis.Location location)
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RecursivePattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RecursivePattern.cs
index d29292b3073..8fa3e8f5f23 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RecursivePattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RecursivePattern.cs
@@ -2,7 +2,6 @@ using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Microsoft.CodeAnalysis.CSharp;
 using Semmle.Extraction.Kinds;
-using Semmle.Extraction.Entities;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
 {
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RelationalPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RelationalPattern.cs
index 471ab5ca48f..e062692cf8f 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RelationalPattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RelationalPattern.cs
@@ -2,7 +2,6 @@ using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Microsoft.CodeAnalysis.CSharp;
 using Semmle.Extraction.Kinds;
-using Semmle.Extraction.Entities;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
 {
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/SlicePattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/SlicePattern.cs
new file mode 100644
index 00000000000..d52af4f54f4
--- /dev/null
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/SlicePattern.cs
@@ -0,0 +1,17 @@
+using Microsoft.CodeAnalysis.CSharp.Syntax;
+using Semmle.Extraction.Kinds;
+
+namespace Semmle.Extraction.CSharp.Entities.Expressions
+{
+    internal class SlicePattern : Expression
+    {
+        public SlicePattern(Context cx, SlicePatternSyntax syntax, IExpressionParentEntity parent, int child) :
+            base(new ExpressionInfo(cx, null, cx.CreateLocation(syntax.GetLocation()), ExprKind.SLICE_PATTERN, parent, child, false, null))
+        {
+            if (syntax.Pattern is not null)
+            {
+                Pattern.Create(cx, syntax.Pattern, this, 0);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/UnaryPattern.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/UnaryPattern.cs
index ce2cf773a92..1703211fb3d 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/UnaryPattern.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/UnaryPattern.cs
@@ -1,5 +1,4 @@
 using Microsoft.CodeAnalysis.CSharp.Syntax;
-using Semmle.Extraction.Entities;
 using Semmle.Extraction.Kinds;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaWarningDirective.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaWarningDirective.cs
index 0e4ca37a49f..81444206fd7 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaWarningDirective.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaWarningDirective.cs
@@ -1,6 +1,7 @@
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
+using Semmle.Util;
 using System.IO;
 
 namespace Semmle.Extraction.CSharp.Entities
@@ -15,12 +16,7 @@ namespace Semmle.Extraction.CSharp.Entities
         protected override void PopulatePreprocessor(TextWriter trapFile)
         {
             trapFile.pragma_warnings(this, Symbol.DisableOrRestoreKeyword.IsKind(SyntaxKind.DisableKeyword) ? 0 : 1);
-
-            var childIndex = 0;
-            foreach (var code in Symbol.ErrorCodes)
-            {
-                trapFile.pragma_warning_error_codes(this, code.ToString(), childIndex++);
-            }
+            Symbol.ErrorCodes.ForEach((code, child) => trapFile.pragma_warning_error_codes(this, code.ToString(), child));
         }
 
         public static PragmaWarningDirective Create(Context cx, PragmaWarningDirectiveTriviaSyntax p) =>
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs
index 11e54ddff35..536af5065ed 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs
@@ -2,6 +2,7 @@ using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using System.IO;
 using System.Linq;
+using System.Text.RegularExpressions;
 
 namespace Semmle.Extraction.CSharp.Entities
 {
@@ -162,6 +163,13 @@ namespace Semmle.Extraction.CSharp.Entities
                     operatorName = "false";
                     break;
                 default:
+                    var match = Regex.Match(methodName, "^op_Checked(.*)$");
+                    if (match.Success)
+                    {
+                        OperatorSymbol("op_" + match.Groups[1], out var uncheckedName);
+                        operatorName = "checked " + uncheckedName;
+                        break;
+                    }
                     operatorName = methodName;
                     success = false;
                     break;
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs
index de48df1dc71..a56ccf4c746 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs
@@ -125,6 +125,8 @@ namespace Semmle.Extraction.Kinds
         OR_PATTERN = 128,
         FUNCTION_POINTER_INVOCATION = 129,
         WITH = 130,
-        DEFINE_SYMBOL = 999
+        LIST_PATTERN = 131,
+        SLICE_PATTERN = 132,
+        DEFINE_SYMBOL = 999,
     }
 }
diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj b/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj
index 77e204997b3..6ef0e4aa1ce 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj
@@ -10,15 +10,15 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Extraction.CIL\Semmle.Extraction.CIL.csproj"/>
-		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj"/>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\Semmle.Extraction.CIL\Semmle.Extraction.CIL.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 	<ItemGroup>
-		<Folder Include="Properties\"/>
+		<Folder Include="Properties\" />
 	</ItemGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.0.1"/>
-		<PackageReference Include="Microsoft.Build" Version="16.11.0"/>
+		<PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.4.0" />
+		<PackageReference Include="Microsoft.Build" Version="17.3.2" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj b/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj
index c4fa93f9697..e75d4c779ae 100644
--- a/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj
+++ b/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj
@@ -6,19 +6,19 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="System.IO.FileSystem" Version="4.3.0"/>
-		<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0"/>
-		<PackageReference Include="xunit" Version="2.4.1"/>
-		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
+		<PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
+		<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
+		<PackageReference Include="xunit" Version="2.4.2" />
+		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0"/>
+		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj"/>
-		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj"/>
-		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj"/>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj b/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj
index f647003ebf0..b93f3a40043 100644
--- a/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj
+++ b/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj
@@ -12,13 +12,13 @@
 		<DefineConstants>TRACE;DEBUG;DEBUG_LABELS</DefineConstants>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.CodeAnalysis" Version="4.0.1"/>
+		<PackageReference Include="Microsoft.CodeAnalysis" Version="4.4.0" />
 		<PackageReference Include="GitInfo" Version="2.2.0">
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj b/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj
index 7447a7e82c1..9edca915bd0 100644
--- a/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj
+++ b/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj
@@ -6,14 +6,14 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="xunit" Version="2.4.1"/>
-		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
+		<PackageReference Include="xunit" Version="2.4.2" />
+		<PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0"/>
+		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
 	</ItemGroup>
 	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj"/>
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
 	</ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/csharp/extractor/Semmle.Util/IEnumerableExtensions.cs b/csharp/extractor/Semmle.Util/IEnumerableExtensions.cs
index 06be296d255..4e40288d88c 100644
--- a/csharp/extractor/Semmle.Util/IEnumerableExtensions.cs
+++ b/csharp/extractor/Semmle.Util/IEnumerableExtensions.cs
@@ -79,6 +79,19 @@ namespace Semmle.Util
                 a(item);
         }
 
+        /// <summary>
+        /// Applies the action <paramref name="a"/> to each item and its index in this collection.
+        /// </summary>
+        public static void ForEach<T>(this IEnumerable<T> items, Action<T, int> a)
+        {
+            var i = 0;
+            foreach (var item in items)
+            {
+                a(item, i);
+                i++;
+            }
+        }
+
         /// <summary>
         /// Forces enumeration of this collection and discards the result.
         /// </summary>
diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
index 98c13dfaa77..8d5d8f7df35 100644
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 1.3.6
+
+No user-facing changes.
+
+## 1.3.5
+
+No user-facing changes.
+
+## 1.3.4
+
+No user-facing changes.
+
 ## 1.3.3
 
 No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll
index 51559093b07..3d3468af78d 100644
--- a/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll
+++ b/csharp/ql/campaigns/Solorigate/lib/Solorigate.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * Provides reusable predicates related to Solorigate
  */
 
diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md
new file mode 100644
index 00000000000..5073aca7222
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md
@@ -0,0 +1,3 @@
+## 1.3.4
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.5.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.5.md
new file mode 100644
index 00000000000..7f3c47d2ca5
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.5.md
@@ -0,0 +1,3 @@
+## 1.3.5
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md
new file mode 100644
index 00000000000..ce7baecf210
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md
@@ -0,0 +1,3 @@
+## 1.3.6
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
index eb1f7dabc84..0a0b0986311 100644
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.3
+lastReleaseVersion: 1.3.6
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
index ccab1b3a8b8..3db26da98de 100644
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.3.4-dev
+version: 1.4.0-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
index 98c13dfaa77..8d5d8f7df35 100644
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 1.3.6
+
+No user-facing changes.
+
+## 1.3.5
+
+No user-facing changes.
+
+## 1.3.4
+
+No user-facing changes.
+
 ## 1.3.3
 
 No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md
new file mode 100644
index 00000000000..5073aca7222
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md
@@ -0,0 +1,3 @@
+## 1.3.4
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.5.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.5.md
new file mode 100644
index 00000000000..7f3c47d2ca5
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.5.md
@@ -0,0 +1,3 @@
+## 1.3.5
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md
new file mode 100644
index 00000000000..ce7baecf210
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md
@@ -0,0 +1,3 @@
+## 1.3.6
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
index eb1f7dabc84..0a0b0986311 100644
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.3
+lastReleaseVersion: 1.3.6
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
index 209538a2014..9d3c5a80b02 100644
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.3.4-dev
+version: 1.4.0-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/consistency-queries/SsaConsistency.ql b/csharp/ql/consistency-queries/SsaConsistency.ql
index 71f88bf2ab0..225aeb4e6de 100644
--- a/csharp/ql/consistency-queries/SsaConsistency.ql
+++ b/csharp/ql/consistency-queries/SsaConsistency.ql
@@ -1,8 +1,9 @@
 import csharp
-import semmle.code.csharp.dataflow.internal.SsaImpl::Consistency as Consistency
+import semmle.code.csharp.dataflow.internal.SsaImpl as Impl
+import Impl::Consistency
 import Ssa
 
-class MyRelevantDefinition extends Consistency::RelevantDefinition, Ssa::Definition {
+class MyRelevantDefinition extends RelevantDefinition, Ssa::Definition {
   override predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
@@ -10,13 +11,13 @@ class MyRelevantDefinition extends Consistency::RelevantDefinition, Ssa::Definit
   }
 }
 
-query predicate nonUniqueDef = Consistency::nonUniqueDef/4;
-
-query predicate readWithoutDef = Consistency::readWithoutDef/3;
-
-query predicate deadDef = Consistency::deadDef/2;
-
-query predicate notDominatedByDef = Consistency::notDominatedByDef/4;
+class MyRelevantDefinitionExt extends RelevantDefinitionExt, Impl::DefinitionExt {
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
 
 query predicate localDeclWithSsaDef(LocalVariableDeclExpr d) {
   // Local variables in C# must be initialized before every use, so uninitialized
diff --git a/csharp/ql/examples/snippets/catch_exception.ql b/csharp/ql/examples/snippets/catch_exception.ql
index eff10ed9ba1..b01ef55da14 100644
--- a/csharp/ql/examples/snippets/catch_exception.ql
+++ b/csharp/ql/examples/snippets/catch_exception.ql
@@ -10,5 +10,5 @@
 import csharp
 
 from CatchClause catch
-where catch.getCaughtExceptionType().hasQualifiedName("System.IO.IOException")
+where catch.getCaughtExceptionType().hasQualifiedName("System.IO", "IOException")
 select catch
diff --git a/csharp/ql/examples/snippets/constructor_call.ql b/csharp/ql/examples/snippets/constructor_call.ql
index 0329b13169e..62adb46fbb9 100644
--- a/csharp/ql/examples/snippets/constructor_call.ql
+++ b/csharp/ql/examples/snippets/constructor_call.ql
@@ -10,5 +10,5 @@
 import csharp
 
 from ObjectCreation new
-where new.getObjectType().hasQualifiedName("System.Exception")
+where new.getObjectType().hasQualifiedName("System", "Exception")
 select new
diff --git a/csharp/ql/examples/snippets/extend_class.ql b/csharp/ql/examples/snippets/extend_class.ql
index 40a2eeb20d3..00d062b8978 100644
--- a/csharp/ql/examples/snippets/extend_class.ql
+++ b/csharp/ql/examples/snippets/extend_class.ql
@@ -13,5 +13,5 @@
 import csharp
 
 from RefType type
-where type.getABaseType+().hasQualifiedName("System.Collections.IEnumerator")
+where type.getABaseType+().hasQualifiedName("System.Collections", "IEnumerator")
 select type
diff --git a/csharp/ql/examples/snippets/field_read.ql b/csharp/ql/examples/snippets/field_read.ql
index e36c92aadf9..ee7dbe17d75 100644
--- a/csharp/ql/examples/snippets/field_read.ql
+++ b/csharp/ql/examples/snippets/field_read.ql
@@ -11,6 +11,6 @@ import csharp
 from Field f, FieldRead read
 where
   f.hasName("VirtualAddress") and
-  f.getDeclaringType().hasQualifiedName("Mono.Cecil.PE.Section") and
+  f.getDeclaringType().hasQualifiedName("Mono.Cecil.PE", "Section") and
   f = read.getTarget()
 select read
diff --git a/csharp/ql/examples/snippets/method_call.ql b/csharp/ql/examples/snippets/method_call.ql
index 8ae3c8d3fb0..723efc8ecb6 100644
--- a/csharp/ql/examples/snippets/method_call.ql
+++ b/csharp/ql/examples/snippets/method_call.ql
@@ -12,5 +12,5 @@ from MethodCall call, Method method
 where
   call.getTarget() = method and
   method.hasName("MethodName") and
-  method.getDeclaringType().hasQualifiedName("Company.Class")
+  method.getDeclaringType().hasQualifiedName("Company", "Class")
 select call
diff --git a/csharp/ql/examples/snippets/null_argument.ql b/csharp/ql/examples/snippets/null_argument.ql
index ca1e1516c34..78a6d3c39eb 100644
--- a/csharp/ql/examples/snippets/null_argument.ql
+++ b/csharp/ql/examples/snippets/null_argument.ql
@@ -17,6 +17,6 @@ where
   add.hasName("Add") and
   add.getDeclaringType()
       .getUnboundDeclaration()
-      .hasQualifiedName("System.Collections.Generic.ICollection<>") and
+      .hasQualifiedName("System.Collections.Generic", "ICollection<>") and
   call.getAnArgument() instanceof NullLiteral
 select call
diff --git a/csharp/ql/examples/snippets/override_method.ql b/csharp/ql/examples/snippets/override_method.ql
index ea5c2126f6a..c93b43ace64 100644
--- a/csharp/ql/examples/snippets/override_method.ql
+++ b/csharp/ql/examples/snippets/override_method.ql
@@ -11,6 +11,6 @@ import csharp
 from Method override, Method base
 where
   base.hasName("ToString") and
-  base.getDeclaringType().hasQualifiedName("System.Object") and
+  base.getDeclaringType().hasQualifiedName("System", "Object") and
   base.getAnOverrider() = override
 select override
diff --git a/csharp/ql/examples/snippets/throw_exception.ql b/csharp/ql/examples/snippets/throw_exception.ql
index 94c1615fd21..b737863225b 100644
--- a/csharp/ql/examples/snippets/throw_exception.ql
+++ b/csharp/ql/examples/snippets/throw_exception.ql
@@ -9,5 +9,5 @@
 import csharp
 
 from ThrowStmt throw
-where throw.getThrownExceptionType().getBaseClass*().hasQualifiedName("System.IO.IOException")
+where throw.getThrownExceptionType().getBaseClass*().hasQualifiedName("System.IO", "IOException")
 select throw
diff --git a/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj b/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj
index 50852359bb8..a2fd6979adf 100644
--- a/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj
+++ b/csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.11.0" />
-    <PackageReference Include="NUnit" Version="3.13.2" />
-    <PackageReference Include="NUnit3TestAdapter" Version="4.0.0" />
-    <PackageReference Include="coverlet.collector" Version="3.1.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
+    <PackageReference Include="NUnit" Version="3.13.3" />
+    <PackageReference Include="NUnit3TestAdapter" Version="4.3.0" />
+    <PackageReference Include="coverlet.collector" Version="3.2.0" />
   </ItemGroup>
 
 </Project>
diff --git a/csharp/ql/integration-tests/posix-only/inherit-env-vars/Program.cs b/csharp/ql/integration-tests/posix-only/inherit-env-vars/Program.cs
new file mode 100644
index 00000000000..e9708d0b5d2
--- /dev/null
+++ b/csharp/ql/integration-tests/posix-only/inherit-env-vars/Program.cs
@@ -0,0 +1 @@
+Console.WriteLine(args[0]);
diff --git a/csharp/ql/integration-tests/posix-only/inherit-env-vars/build.sh b/csharp/ql/integration-tests/posix-only/inherit-env-vars/build.sh
new file mode 100644
index 00000000000..e0f0c8dccd3
--- /dev/null
+++ b/csharp/ql/integration-tests/posix-only/inherit-env-vars/build.sh
@@ -0,0 +1,2 @@
+cp $PROJECT_TO_BUILD temp.csproj
+dotnet build temp.csproj
diff --git a/csharp/ql/integration-tests/posix-only/inherit-env-vars/proj.csproj.no_auto b/csharp/ql/integration-tests/posix-only/inherit-env-vars/proj.csproj.no_auto
new file mode 100644
index 00000000000..74abf5c9766
--- /dev/null
+++ b/csharp/ql/integration-tests/posix-only/inherit-env-vars/proj.csproj.no_auto
@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net6.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+</Project>
diff --git a/csharp/ql/integration-tests/posix-only/inherit-env-vars/test.py b/csharp/ql/integration-tests/posix-only/inherit-env-vars/test.py
new file mode 100644
index 00000000000..1b49fb18519
--- /dev/null
+++ b/csharp/ql/integration-tests/posix-only/inherit-env-vars/test.py
@@ -0,0 +1,6 @@
+from create_database_utils import *
+import os
+
+os.environ["PROJECT_TO_BUILD"] = "proj.csproj.no_auto"
+
+run_codeql_database_create([], test_db="default-db", db=None, lang="csharp")
diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
index 2fff5e72443..0dbf4820b2a 100644
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead.
+
 ## 0.4.3
 
 No user-facing changes.
diff --git a/csharp/ql/lib/Linq/Helpers.qll b/csharp/ql/lib/Linq/Helpers.qll
index a3c5667c8bb..f2368b69242 100644
--- a/csharp/ql/lib/Linq/Helpers.qll
+++ b/csharp/ql/lib/Linq/Helpers.qll
@@ -19,11 +19,14 @@ private int numStmts(ForeachStmt fes) {
 }
 
 /** Holds if the type's qualified name is "System.Linq.Enumerable" */
-predicate isEnumerableType(ValueOrRefType t) { t.hasQualifiedName("System.Linq.Enumerable") }
+predicate isEnumerableType(ValueOrRefType t) { t.hasQualifiedName("System.Linq", "Enumerable") }
 
 /** Holds if the type's qualified name starts with "System.Collections.Generic.IEnumerable" */
 predicate isIEnumerableType(ValueOrRefType t) {
-  t.getQualifiedName().matches("System.Collections.Generic.IEnumerable%")
+  exists(string type |
+    t.hasQualifiedName("System.Collections.Generic", type) and
+    type.matches("IEnumerable%")
+  )
 }
 
 /**
diff --git a/csharp/ql/lib/change-notes/2022-08-24-tcp-udp-sources.md b/csharp/ql/lib/change-notes/2022-08-24-tcp-udp-sources.md
new file mode 100644
index 00000000000..f25753c7af4
--- /dev/null
+++ b/csharp/ql/lib/change-notes/2022-08-24-tcp-udp-sources.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added tcp/upd sockets as taint sources.
diff --git a/csharp/ql/lib/change-notes/2022-11-14-deprecatehasqualifiedname.md b/csharp/ql/lib/change-notes/2022-11-14-deprecatehasqualifiedname.md
new file mode 100644
index 00000000000..472fbaaa5a5
--- /dev/null
+++ b/csharp/ql/lib/change-notes/2022-11-14-deprecatehasqualifiedname.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `Element::hasQualifiedName/1` has been deprecated. Use `hasQualifiedName/2` or `hasQualifiedName/3` instead.
\ No newline at end of file
diff --git a/csharp/ql/lib/change-notes/2022-11-17-deleted-deps.md b/csharp/ql/lib/change-notes/2022-11-17-deleted-deps.md
new file mode 100644
index 00000000000..da5a8d8cd9b
--- /dev/null
+++ b/csharp/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `getNameWithoutBrackets` predicate from the `ValueOrRefType` class in `Type.qll`.
\ No newline at end of file
diff --git a/csharp/ql/lib/change-notes/2022-12-08-listpatterns.md b/csharp/ql/lib/change-notes/2022-12-08-listpatterns.md
new file mode 100644
index 00000000000..5f11d1bed81
--- /dev/null
+++ b/csharp/ql/lib/change-notes/2022-12-08-listpatterns.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 11: Added support for list- and slice patterns in the extractor.
\ No newline at end of file
diff --git a/csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md b/csharp/ql/lib/change-notes/released/0.4.4.md
similarity index 72%
rename from csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md
rename to csharp/ql/lib/change-notes/released/0.4.4.md
index 1c9bb14754d..b3d7e2c3be1 100644
--- a/csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md
+++ b/csharp/ql/lib/change-notes/released/0.4.4.md
@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead.
\ No newline at end of file
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead.
diff --git a/csharp/ql/lib/change-notes/released/0.4.5.md b/csharp/ql/lib/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/csharp/ql/lib/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/csharp/ql/lib/change-notes/released/0.4.6.md b/csharp/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/csharp/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll
index b7371fafb3e..adb8df80ea6 100644
--- a/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll
+++ b/csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * Predicates that help detect potential non-cryptographic hash functions
  *
  * By themselves, non-cryptographic functions are common and not dangerous
diff --git a/csharp/ql/lib/ext/Dapper.model.yml b/csharp/ql/lib/ext/Dapper.model.yml
index 949bc007574..e72f3b076a6 100644
--- a/csharp/ql/lib/ext/Dapper.model.yml
+++ b/csharp/ql/lib/ext/Dapper.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["Dapper", "SqlMapper", False, "Execute", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
       - ["Dapper", "SqlMapper", False, "ExecuteAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml b/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml
index 6a8b6031825..5b5e2657bfd 100644
--- a/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml
+++ b/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
       - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml
index 51ae12fe6fa..3928adf0624 100644
--- a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml
+++ b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1]", "sql", "manual"]
       - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/Microsoft.Extensions.Primitives.model.yml b/csharp/ql/lib/ext/Microsoft.Extensions.Primitives.model.yml
index a6d867fae01..07e50792787 100644
--- a/csharp/ql/lib/ext/Microsoft.Extensions.Primitives.model.yml
+++ b/csharp/ql/lib/ext/Microsoft.Extensions.Primitives.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["Microsoft.Extensions.Primitives", "StringValues", False, "Add", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["Microsoft.Extensions.Primitives", "StringValues", False, "Add", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/Microsoft.VisualBasic.model.yml b/csharp/ql/lib/ext/Microsoft.VisualBasic.model.yml
index 3546e3092b3..708f103fdfd 100644
--- a/csharp/ql/lib/ext/Microsoft.VisualBasic.model.yml
+++ b/csharp/ql/lib/ext/Microsoft.VisualBasic.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["Microsoft.VisualBasic", "Collection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["Microsoft.VisualBasic", "Collection", False, "GetEnumerator", "()", "", "Argument[this].Element", "ReturnValue.Property[System.Collections.IEnumerator.Current]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml b/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml
index 7f504e87ace..70d849e122a 100644
--- a/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml
+++ b/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRow", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
       - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/Newtonsoft.Json.Linq.model.yml b/csharp/ql/lib/ext/Newtonsoft.Json.Linq.model.yml
index adeafdce6a3..ae26fd24c43 100644
--- a/csharp/ql/lib/ext/Newtonsoft.Json.Linq.model.yml
+++ b/csharp/ql/lib/ext/Newtonsoft.Json.Linq.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["Newtonsoft.Json.Linq", "JArray", False, "get_Item", "(System.Object)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["Newtonsoft.Json.Linq", "JArray", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/Newtonsoft.Json.model.yml b/csharp/ql/lib/ext/Newtonsoft.Json.model.yml
index 8ac9b9c3383..ce7783b5205 100644
--- a/csharp/ql/lib/ext/Newtonsoft.Json.model.yml
+++ b/csharp/ql/lib/ext/Newtonsoft.Json.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<>", "(System.String,T)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<>", "(System.String,T,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml b/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml
index ee6d27168c4..ea7634bc244 100644
--- a/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml
+++ b/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
       - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/ServiceStack.Redis.model.yml b/csharp/ql/lib/ext/ServiceStack.Redis.model.yml
index a48f736d20a..46415828318 100644
--- a/csharp/ql/lib/ext/ServiceStack.Redis.model.yml
+++ b/csharp/ql/lib/ext/ServiceStack.Redis.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code", "manual"]
       - ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func<System.String,T>)", "", "Argument[0]", "code", "manual"]
diff --git a/csharp/ql/lib/ext/ServiceStack.model.yml b/csharp/ql/lib/ext/ServiceStack.model.yml
index 814e97f7792..988c7f3b8f9 100644
--- a/csharp/ql/lib/ext/ServiceStack.model.yml
+++ b/csharp/ql/lib/ext/ServiceStack.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1].Element", "remote", "manual"]
       - ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "remote", "manual"]
@@ -80,7 +80,7 @@ extensions:
       - ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "remote", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["ServiceStack", "HttpResult", False, "HttpResult", "(System.Byte[],System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["ServiceStack", "HttpResult", False, "HttpResult", "(System.IO.Stream,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.CodeDom.model.yml b/csharp/ql/lib/ext/System.CodeDom.model.yml
index a078b085a33..281812fc6bc 100644
--- a/csharp/ql/lib/ext/System.CodeDom.model.yml
+++ b/csharp/ql/lib/ext/System.CodeDom.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.CodeDom", "CodeNamespaceImportCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.Concurrent.model.yml b/csharp/ql/lib/ext/System.Collections.Concurrent.model.yml
index d009ec9d122..1de81de635c 100644
--- a/csharp/ql/lib/ext/System.Collections.Concurrent.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.Concurrent.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections.Concurrent", "BlockingCollection<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Collections.Concurrent", "BlockingCollection<>", False, "CopyTo", "(T[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.Generic.model.yml b/csharp/ql/lib/ext/System.Collections.Generic.model.yml
index 5f87d13015a..3029690b03f 100644
--- a/csharp/ql/lib/ext/System.Collections.Generic.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.Generic.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections.Generic", "Dictionary<,>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
       - ["System.Collections.Generic", "Dictionary<,>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.Immutable.model.yml b/csharp/ql/lib/ext/System.Collections.Immutable.model.yml
index 5bafea13557..b2bd1b6a774 100644
--- a/csharp/ql/lib/ext/System.Collections.Immutable.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.Immutable.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections.Immutable", "IImmutableDictionary<,>", True, "AddRange", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
       - ["System.Collections.Immutable", "IImmutableDictionary<,>", True, "Clear", "()", "", "Argument[this].WithoutElement", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.ObjectModel.model.yml b/csharp/ql/lib/ext/System.Collections.ObjectModel.model.yml
index 93b88af59bf..b504b034830 100644
--- a/csharp/ql/lib/ext/System.Collections.ObjectModel.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.ObjectModel.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections.ObjectModel", "KeyedCollection<,>", False, "get_Item", "(TKey)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["System.Collections.ObjectModel", "ReadOnlyCollection<>", False, "get_Item", "(System.Int32)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.Specialized.model.yml b/csharp/ql/lib/ext/System.Collections.Specialized.model.yml
index 00a09505fca..8456af24f14 100644
--- a/csharp/ql/lib/ext/System.Collections.Specialized.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.Specialized.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections.Specialized", "IOrderedDictionary", True, "get_Item", "(System.Int32)", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "ReturnValue", "value", "manual"]
       - ["System.Collections.Specialized", "IOrderedDictionary", True, "set_Item", "(System.Int32,System.Object)", "", "Argument[0]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Collections.model.yml b/csharp/ql/lib/ext/System.Collections.model.yml
index 8a364ee5357..9aa2c2489c9 100644
--- a/csharp/ql/lib/ext/System.Collections.model.yml
+++ b/csharp/ql/lib/ext/System.Collections.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Collections", "ArrayList", False, "AddRange", "(System.Collections.ICollection)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
       - ["System.Collections", "ArrayList", False, "Clone", "()", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.ComponentModel.Design.model.yml b/csharp/ql/lib/ext/System.ComponentModel.Design.model.yml
index 38a6cd47520..465a7595f60 100644
--- a/csharp/ql/lib/ext/System.ComponentModel.Design.model.yml
+++ b/csharp/ql/lib/ext/System.ComponentModel.Design.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.ComponentModel.Design", "DesignerCollection", False, "GetEnumerator", "()", "", "Argument[this].Element", "ReturnValue.Property[System.Collections.IEnumerator.Current]", "value", "manual"]
       - ["System.ComponentModel.Design", "DesignerOptionService+DesignerOptionCollection", False, "get_Item", "(System.Int32)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.ComponentModel.model.yml b/csharp/ql/lib/ext/System.ComponentModel.model.yml
index b20eaa0a871..cdb5ee29993 100644
--- a/csharp/ql/lib/ext/System.ComponentModel.model.yml
+++ b/csharp/ql/lib/ext/System.ComponentModel.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.ComponentModel", "AttributeCollection", False, "GetEnumerator", "()", "", "Argument[this].Element", "ReturnValue.Property[System.Collections.IEnumerator.Current]", "value", "manual"]
       - ["System.ComponentModel", "ComponentCollection", False, "CopyTo", "(System.ComponentModel.IComponent[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Configuration.Provider.model.yml b/csharp/ql/lib/ext/System.Configuration.Provider.model.yml
index 5c5e60f2f88..b532f8cd95a 100644
--- a/csharp/ql/lib/ext/System.Configuration.Provider.model.yml
+++ b/csharp/ql/lib/ext/System.Configuration.Provider.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Configuration.Provider", "ProviderCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Configuration.model.yml b/csharp/ql/lib/ext/System.Configuration.model.yml
index 457642ab238..cf367cdcaa8 100644
--- a/csharp/ql/lib/ext/System.Configuration.model.yml
+++ b/csharp/ql/lib/ext/System.Configuration.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Configuration", "CommaDelimitedStringCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Configuration", "ConfigurationLockCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.Common.model.yml b/csharp/ql/lib/ext/System.Data.Common.model.yml
index f85c4aa6712..bc3864d2813 100644
--- a/csharp/ql/lib/ext/System.Data.Common.model.yml
+++ b/csharp/ql/lib/ext/System.Data.Common.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Data.Common", "DataColumnMappingCollection", False, "AddRange", "(System.Array)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
       - ["System.Data.Common", "DataColumnMappingCollection", False, "AddRange", "(System.Data.Common.DataColumnMapping[])", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.Entity.model.yml b/csharp/ql/lib/ext/System.Data.Entity.model.yml
index 9df471d3489..36eccd9b38d 100644
--- a/csharp/ql/lib/ext/System.Data.Entity.model.yml
+++ b/csharp/ql/lib/ext/System.Data.Entity.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
       - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.EntityClient.model.yml b/csharp/ql/lib/ext/System.Data.EntityClient.model.yml
index 692c35d352a..16a24580647 100644
--- a/csharp/ql/lib/ext/System.Data.EntityClient.model.yml
+++ b/csharp/ql/lib/ext/System.Data.EntityClient.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
       - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection)", "", "Argument[0]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.Odbc.model.yml b/csharp/ql/lib/ext/System.Data.Odbc.model.yml
index 3bb650739a2..d1f6a24d5fc 100644
--- a/csharp/ql/lib/ext/System.Data.Odbc.model.yml
+++ b/csharp/ql/lib/ext/System.Data.Odbc.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
       - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.OleDb.model.yml b/csharp/ql/lib/ext/System.Data.OleDb.model.yml
index 5acb38217fc..ebe3cc8b157 100644
--- a/csharp/ql/lib/ext/System.Data.OleDb.model.yml
+++ b/csharp/ql/lib/ext/System.Data.OleDb.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
       - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection)", "", "Argument[0]", "sql", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.SQLite.model.yml b/csharp/ql/lib/ext/System.Data.SQLite.model.yml
index cba3abb6d81..d6d1d70e608 100644
--- a/csharp/ql/lib/ext/System.Data.SQLite.model.yml
+++ b/csharp/ql/lib/ext/System.Data.SQLite.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
       - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql", "manual"]
@@ -12,7 +12,7 @@ extensions:
       - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "sql", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.SqlClient.model.yml b/csharp/ql/lib/ext/System.Data.SqlClient.model.yml
index 54e0aec4a53..2040e0f9798 100644
--- a/csharp/ql/lib/ext/System.Data.SqlClient.model.yml
+++ b/csharp/ql/lib/ext/System.Data.SqlClient.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
       - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql", "manual"]
@@ -11,7 +11,7 @@ extensions:
       - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Data.model.yml b/csharp/ql/lib/ext/System.Data.model.yml
index 158811616f4..26f650c96a5 100644
--- a/csharp/ql/lib/ext/System.Data.model.yml
+++ b/csharp/ql/lib/ext/System.Data.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Data", "ConstraintCollection", False, "Add", "(System.Data.Constraint)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Data", "ConstraintCollection", False, "AddRange", "(System.Data.Constraint[])", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Diagnostics.model.yml b/csharp/ql/lib/ext/System.Diagnostics.model.yml
index 7d3a862cd91..7085f740265 100644
--- a/csharp/ql/lib/ext/System.Diagnostics.model.yml
+++ b/csharp/ql/lib/ext/System.Diagnostics.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Diagnostics", "ActivityTagsCollection", False, "ActivityTagsCollection", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<System.String,System.Object>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
       - ["System.Diagnostics", "ActivityTagsCollection", False, "ActivityTagsCollection", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<System.String,System.Object>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Dynamic.model.yml b/csharp/ql/lib/ext/System.Dynamic.model.yml
index a79b7538213..19e0c6552a9 100644
--- a/csharp/ql/lib/ext/System.Dynamic.model.yml
+++ b/csharp/ql/lib/ext/System.Dynamic.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Dynamic", "ExpandoObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
       - ["System.Dynamic", "ExpandoObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.IO.Compression.model.yml b/csharp/ql/lib/ext/System.IO.Compression.model.yml
index 57d93bab865..592b2748a0a 100644
--- a/csharp/ql/lib/ext/System.IO.Compression.model.yml
+++ b/csharp/ql/lib/ext/System.IO.Compression.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.IO.Compression", "DeflateStream", False, "DeflateStream", "(System.IO.Stream,System.IO.Compression.CompressionLevel)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.IO.Compression", "DeflateStream", False, "DeflateStream", "(System.IO.Stream,System.IO.Compression.CompressionLevel,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml
index 66513ce96c6..49b0818ef5f 100644
--- a/csharp/ql/lib/ext/System.IO.model.yml
+++ b/csharp/ql/lib/ext/System.IO.model.yml
@@ -1,12 +1,12 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSourceModel
+      extensible: sourceModel
     data:
       - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
@@ -57,7 +57,19 @@ extensions:
       - ["System.IO", "Stream", True, "Write", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
       - ["System.IO", "Stream", False, "WriteAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
       - ["System.IO", "Stream", True, "WriteAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
-      - ["System.IO", "StreamReader", False, "StreamReader", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream,System.Text.Encoding)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream,System.Text.Encoding,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.IO.FileStreamOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding,System.Boolean,System.IO.FileStreamOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding,System.Boolean,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.IO", "StringReader", False, "StringReader", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.IO", "TextReader", True, "Read", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Linq.model.yml b/csharp/ql/lib/ext/System.Linq.model.yml
index df5fc4d349f..8dd3c81327c 100644
--- a/csharp/ql/lib/ext/System.Linq.model.yml
+++ b/csharp/ql/lib/ext/System.Linq.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Linq", "Enumerable", False, "Aggregate<,,>", "(System.Collections.Generic.IEnumerable<TSource>,TAccumulate,System.Func<TAccumulate,TSource,TAccumulate>,System.Func<TAccumulate,TResult>)", "", "Argument[0].Element", "Argument[2].Parameter[1]", "value", "manual"]
       - ["System.Linq", "Enumerable", False, "Aggregate<,,>", "(System.Collections.Generic.IEnumerable<TSource>,TAccumulate,System.Func<TAccumulate,TSource,TAccumulate>,System.Func<TAccumulate,TResult>)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Net.Http.Headers.model.yml b/csharp/ql/lib/ext/System.Net.Http.Headers.model.yml
index 6a6a44fb18a..79b6b8cf40c 100644
--- a/csharp/ql/lib/ext/System.Net.Http.Headers.model.yml
+++ b/csharp/ql/lib/ext/System.Net.Http.Headers.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Net.Http.Headers", "HttpHeaders", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Net.Http.model.yml b/csharp/ql/lib/ext/System.Net.Http.model.yml
index d0ecdd4fb6c..0eafc30988a 100644
--- a/csharp/ql/lib/ext/System.Net.Http.model.yml
+++ b/csharp/ql/lib/ext/System.Net.Http.model.yml
@@ -1,12 +1,12 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Net.Http", "StringContent", False, "StringContent", "", "", "Argument[0]", "xss", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
       - ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Net.Mail.model.yml b/csharp/ql/lib/ext/System.Net.Mail.model.yml
index 92cf36da3b0..5694b634560 100644
--- a/csharp/ql/lib/ext/System.Net.Mail.model.yml
+++ b/csharp/ql/lib/ext/System.Net.Mail.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Net.Mail", "MailAddressCollection", False, "Add", "(System.String)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Net.Sockets.model.yml b/csharp/ql/lib/ext/System.Net.Sockets.model.yml
new file mode 100644
index 00000000000..950a818e2d8
--- /dev/null
+++ b/csharp/ql/lib/ext/System.Net.Sockets.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["System.Net.Sockets", "TcpClient", False, "GetStream", "", "", "ReturnValue", "remote", "manual"]
+      - ["System.Net.Sockets", "UpdClient", False, "EndReceive", "", "", "ReturnValue", "remote", "manual"]
+      - ["System.Net.Sockets", "UpdClient", False, "Receive", "", "", "ReturnValue", "remote", "manual"]
+      - ["System.Net.Sockets", "UpdClient", False, "ReceiveAsync", "", "", "ReturnValue", "remote", "manual"]
diff --git a/csharp/ql/lib/ext/System.Net.model.yml b/csharp/ql/lib/ext/System.Net.model.yml
index 436391dda39..8e225805c93 100644
--- a/csharp/ql/lib/ext/System.Net.model.yml
+++ b/csharp/ql/lib/ext/System.Net.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Net", "Cookie", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Net", "CookieCollection", False, "Add", "(System.Net.CookieCollection)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Runtime.CompilerServices.model.yml b/csharp/ql/lib/ext/System.Runtime.CompilerServices.model.yml
index 6ccf3138f02..bd28d9168fd 100644
--- a/csharp/ql/lib/ext/System.Runtime.CompilerServices.model.yml
+++ b/csharp/ql/lib/ext/System.Runtime.CompilerServices.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Runtime.CompilerServices", "ConditionalWeakTable<,>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Runtime.CompilerServices", "ConfiguredTaskAwaitable<>", False, "GetAwaiter", "()", "", "Argument[this].SyntheticField[m_configuredTaskAwaiter]", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Security.Cryptography.X509Certificates.model.yml b/csharp/ql/lib/ext/System.Security.Cryptography.X509Certificates.model.yml
index 04c27e61279..d15a5b94713 100644
--- a/csharp/ql/lib/ext/System.Security.Cryptography.X509Certificates.model.yml
+++ b/csharp/ql/lib/ext/System.Security.Cryptography.X509Certificates.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Security.Cryptography.X509Certificates", "X509Certificate2Collection", False, "Add", "(System.Security.Cryptography.X509Certificates.X509Certificate2)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Security.Cryptography.X509Certificates", "X509Certificate2Collection", False, "AddRange", "(System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Security.Cryptography.model.yml b/csharp/ql/lib/ext/System.Security.Cryptography.model.yml
index 99027d1559b..1a3392074cf 100644
--- a/csharp/ql/lib/ext/System.Security.Cryptography.model.yml
+++ b/csharp/ql/lib/ext/System.Security.Cryptography.model.yml
@@ -1,14 +1,14 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Security.Cryptography", "SymmetricAlgorithm", True, "CreateDecryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-decryptor", "manual"]
       - ["System.Security.Cryptography", "SymmetricAlgorithm", True, "CreateEncryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-encryptor", "manual"]
       - ["System.Security.Cryptography", "SymmetricAlgorithm", True, "set_Key", "(System.Byte[])", "", "Argument[0]", "encryption-keyprop", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Security.Cryptography", "AsnEncodedDataCollection", False, "Add", "(System.Security.Cryptography.AsnEncodedData)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Security.Cryptography", "AsnEncodedDataCollection", False, "CopyTo", "(System.Security.Cryptography.AsnEncodedData[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Security.Permissions.model.yml b/csharp/ql/lib/ext/System.Security.Permissions.model.yml
index 742901782b7..d5b9d6436db 100644
--- a/csharp/ql/lib/ext/System.Security.Permissions.model.yml
+++ b/csharp/ql/lib/ext/System.Security.Permissions.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Security.Permissions", "KeyContainerPermissionAccessEntryCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Security.Policy.model.yml b/csharp/ql/lib/ext/System.Security.Policy.model.yml
index 4d93d0269a3..751aab19877 100644
--- a/csharp/ql/lib/ext/System.Security.Policy.model.yml
+++ b/csharp/ql/lib/ext/System.Security.Policy.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Security.Policy", "ApplicationTrustCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Security.Policy", "Evidence", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Text.RegularExpressions.model.yml b/csharp/ql/lib/ext/System.Text.RegularExpressions.model.yml
index 131bed81625..e3890031f9e 100644
--- a/csharp/ql/lib/ext/System.Text.RegularExpressions.model.yml
+++ b/csharp/ql/lib/ext/System.Text.RegularExpressions.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Text.RegularExpressions", "CaptureCollection", False, "get_Item", "(System.Int32)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["System.Text.RegularExpressions", "GroupCollection", False, "get_Item", "(System.Int32)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Text.model.yml b/csharp/ql/lib/ext/System.Text.model.yml
index 3aab1e14484..f21a34132bd 100644
--- a/csharp/ql/lib/ext/System.Text.model.yml
+++ b/csharp/ql/lib/ext/System.Text.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Text", "Encoding", True, "GetBytes", "(System.Char*,System.Int32,System.Byte*,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["System.Text", "Encoding", True, "GetBytes", "(System.Char[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Threading.Tasks.model.yml b/csharp/ql/lib/ext/System.Threading.Tasks.model.yml
index 73fc8d1c149..efdd211ea21 100644
--- a/csharp/ql/lib/ext/System.Threading.Tasks.model.yml
+++ b/csharp/ql/lib/ext/System.Threading.Tasks.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Threading.Tasks", "Task", False, "ContinueWith", "(System.Action<System.Threading.Tasks.Task,System.Object>,System.Object)", "", "Argument[1]", "Argument[0].Parameter[1]", "value", "manual"]
       - ["System.Threading.Tasks", "Task", False, "ContinueWith", "(System.Action<System.Threading.Tasks.Task,System.Object>,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "Argument[0].Parameter[1]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Web.UI.WebControls.model.yml b/csharp/ql/lib/ext/System.Web.UI.WebControls.model.yml
index e73e563f31a..1c50d56d5cc 100644
--- a/csharp/ql/lib/ext/System.Web.UI.WebControls.model.yml
+++ b/csharp/ql/lib/ext/System.Web.UI.WebControls.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Web.UI.WebControls", "TextBox", False, "get_Text", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Web.model.yml b/csharp/ql/lib/ext/System.Web.model.yml
index 998070a6c64..5cf065ec6dd 100644
--- a/csharp/ql/lib/ext/System.Web.model.yml
+++ b/csharp/ql/lib/ext/System.Web.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html", "manual"]
       - ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html", "manual"]
@@ -9,7 +9,7 @@ extensions:
       - ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Web", "HttpCookie", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Web", "HttpCookie", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.Xml.Schema.model.yml b/csharp/ql/lib/ext/System.Xml.Schema.model.yml
index 6c2c62f8b35..6666d4bf24c 100644
--- a/csharp/ql/lib/ext/System.Xml.Schema.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.Schema.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Xml.Schema", "XmlSchemaCollection", False, "Add", "(System.Xml.Schema.XmlSchema)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Xml.Schema", "XmlSchemaCollection", False, "Add", "(System.Xml.Schema.XmlSchemaCollection)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Xml.Serialization.model.yml b/csharp/ql/lib/ext/System.Xml.Serialization.model.yml
index 7dfad76ea35..c506aa4c665 100644
--- a/csharp/ql/lib/ext/System.Xml.Serialization.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.Serialization.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Xml.Serialization", "XmlAnyElementAttributes", False, "Add", "(System.Xml.Serialization.XmlAnyElementAttribute)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["System.Xml.Serialization", "XmlAnyElementAttributes", False, "CopyTo", "(System.Xml.Serialization.XmlAnyElementAttribute[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
diff --git a/csharp/ql/lib/ext/System.Xml.model.yml b/csharp/ql/lib/ext/System.Xml.model.yml
index c2c6ab13517..55825304a14 100644
--- a/csharp/ql/lib/ext/System.Xml.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.model.yml
@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System.Xml", "XmlAttributeCollection", False, "CopyTo", "(System.Xml.XmlAttribute[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
       - ["System.Xml", "XmlDocument", False, "Load", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
diff --git a/csharp/ql/lib/ext/System.model.yml b/csharp/ql/lib/ext/System.model.yml
index 8693948d3de..b0f74507b87 100644
--- a/csharp/ql/lib/ext/System.model.yml
+++ b/csharp/ql/lib/ext/System.model.yml
@@ -1,14 +1,14 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSourceModel
+      extensible: sourceModel
     data:
       - ["System", "Console", False, "Read", "", "", "ReturnValue", "local", "manual"]
       - ["System", "Console", False, "ReadKey", "", "", "ReturnValue", "local", "manual"]
       - ["System", "Console", False, "ReadLine", "", "", "ReturnValue", "local", "manual"]
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["System", "Array", False, "AsReadOnly<>", "(T[])", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
       - ["System", "Array", False, "Clear", "(System.Array)", "", "Argument[0].WithoutElement", "Argument[0]", "value", "manual"]
diff --git a/csharp/ql/lib/ext/Windows.Security.Cryptography.Core.model.yml b/csharp/ql/lib/ext/Windows.Security.Cryptography.Core.model.yml
index de9953ea8ef..094826380b4 100644
--- a/csharp/ql/lib/ext/Windows.Security.Cryptography.Core.model.yml
+++ b/csharp/ql/lib/ext/Windows.Security.Cryptography.Core.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["Windows.Security.Cryptography.Core", "SymmetricKeyAlgorithmProvider", False, "CreateSymmetricKey", "(Windows.Storage.Streams.IBuffer)", "", "Argument[0]", "encryption-symmetrickey", "manual"]
diff --git a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml
index a396d121591..f2c4ea2cb29 100644
--- a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml
+++ b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml
@@ -1,12 +1,11 @@
- 
 # THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
-# Definitions of taint steps in the dotnet_runtime framework.
+# Definitions of models for the dotnet_runtime framework.
 
 extensions:
 
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSinkModel
+      extensible: sinkModel
     data:
       - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "generated"]
       - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "generated"]
@@ -40,7 +39,7 @@ extensions:
 
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extSummaryModel
+      extensible: summaryModel
     data:
       - ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+CaseInsensitiveDictionaryConverter", false, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
       - ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItemConverter", false, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
@@ -10196,7 +10195,7 @@ extensions:
 
   - addsTo:
       pack: codeql/csharp-all
-      extensible: extNegativeSummaryModel
+      extensible: neutralModel
     data:
       - ["AssemblyStripper", "AssemblyStripper", "StripAssembly", "(System.String,System.String)", "generated"]
       - ["Generators", "EventSourceGenerator", "Execute", "(Microsoft.CodeAnalysis.GeneratorExecutionContext)", "generated"]
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
index a43762f9433..75d3cd21610 100644
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
diff --git a/csharp/ql/lib/semmle/code/asp/AspNet.qll b/csharp/ql/lib/semmle/code/asp/AspNet.qll
index 0666c5eb782..2876043d4ef 100644
--- a/csharp/ql/lib/semmle/code/asp/AspNet.qll
+++ b/csharp/ql/lib/semmle/code/asp/AspNet.qll
@@ -5,6 +5,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.commons.QualifiedName
 
 /**
  * An ASP.NET program element. Either an attribute (`AspAttribute`), an open
@@ -40,7 +41,7 @@ class AspAttribute extends AspElement, @asp_attribute { }
  */
 class AspOpenTag extends AspElement, @asp_open_tag {
   /** Either `>` or `/>`, depending on whether it's an empty tag. */
-  private string closeAngle() { if isEmpty() then result = "/>" else result = ">" }
+  private string closeAngle() { if this.isEmpty() then result = "/>" else result = ">" }
 
   /** Gets the `i`th attribute of this open tag. */
   AspAttribute getAttribute(int i) { asp_tag_attribute(this, i, _, result) }
@@ -58,9 +59,9 @@ class AspOpenTag extends AspElement, @asp_open_tag {
   predicate isEmpty() { asp_tag_isempty(this) }
 
   override string toString() {
-    if hasAttribute()
-    then result = "<" + getName() + " ..." + closeAngle()
-    else result = "<" + getName() + closeAngle()
+    if this.hasAttribute()
+    then result = "<" + this.getName() + " ..." + this.closeAngle()
+    else result = "<" + this.getName() + this.closeAngle()
   }
 }
 
@@ -75,9 +76,9 @@ class AspOpenTag extends AspElement, @asp_open_tag {
  */
 class AspCloseTag extends AspElement, @asp_close_tag {
   /** Gets the name of this close tag. */
-  string getName() { result = getBody() }
+  string getName() { result = this.getBody() }
 
-  override string toString() { result = "</" + getName() + ">" }
+  override string toString() { result = "</" + this.getName() + ">" }
 }
 
 /**
@@ -146,44 +147,49 @@ class AspDirective extends AspElement, @asp_directive {
   string getName() { asp_directive_name(this, result) }
 
   /** Holds if this directive has an attribute. */
-  predicate hasAttribute() { exists(getAttribute(_)) }
+  predicate hasAttribute() { exists(this.getAttribute(_)) }
 
   override string toString() {
-    if hasAttribute()
-    then result = "<%@" + getName() + " ...%>"
-    else result = "<%@" + getName() + "%>"
+    if this.hasAttribute()
+    then result = "<%@" + this.getName() + " ...%>"
+    else result = "<%@" + this.getName() + "%>"
   }
 }
 
 /** A quoted string used as an attribute in a tag. */
 class AspQuotedString extends AspAttribute, @asp_quoted_string {
   override string toString() {
-    if exists(getBody().indexOf("\""))
-    then result = "'" + getBody() + "'"
-    else result = "\"" + getBody() + "\""
+    if exists(this.getBody().indexOf("\""))
+    then result = "'" + this.getBody() + "'"
+    else result = "\"" + this.getBody() + "\""
   }
 }
 
 /** Arbitrary text. It will be inserted into the document as is. */
 class AspText extends AspElement, @asp_text {
-  override string toString() { result = getBody() }
+  override string toString() { result = this.getBody() }
 }
 
 /** An XML directive, such as a `DOCTYPE` declaration. */
 class AspXmlDirective extends AspElement, @asp_xml_directive {
-  override string toString() { result = getBody() }
+  override string toString() { result = this.getBody() }
 }
 
 /**
  * A 'Page' ASP directive.
  */
 class PageDirective extends AspDirective {
-  PageDirective() { getName() = "Page" }
+  PageDirective() { this.getName() = "Page" }
 
   /**
    * Gets the 'CodeBehind' class from which this page inherits.
    */
-  ValueOrRefType getInheritedType() { result.getQualifiedName() = getInheritedTypeQualifiedName() }
+  ValueOrRefType getInheritedType() {
+    exists(string qualifier, string type |
+      result.hasQualifiedName(qualifier, type) and
+      splitQualifiedName(this.getInheritedTypeQualifiedName(), qualifier, type)
+    )
+  }
 
   private string getInheritedTypeQualifiedName() {
     // Relevant attributes:
@@ -192,11 +198,11 @@ class PageDirective extends AspDirective {
     //   provide a fallback namespace if `Inherits` does not have one
     // - `CodeBehindFile`/`CodeFile`: used by tooling, but not semantically
     //   relevant at runtime
-    exists(string inherits | inherits = getAttributeByName("Inherits").getBody() |
+    exists(string inherits | inherits = this.getAttributeByName("Inherits").getBody() |
       if inherits.indexOf(".") != -1
       then result = inherits
       else
-        exists(string className | className = getAttributeByName("ClassName").getBody() |
+        exists(string className | className = this.getAttributeByName("ClassName").getBody() |
           // take everything up to and including the last .
           className.prefix(className.indexOf(".", count(className.indexOf(".")) - 1, 0) + 1) +
             inherits = result
@@ -210,7 +216,7 @@ class PageDirective extends AspDirective {
  */
 class CodeBehindFile extends File {
   CodeBehindFile() {
-    getExtension() = "aspx" and
+    this.getExtension() = "aspx" and
     exists(PageDirective pageDir | pageDir.getLocation().getFile() = this)
   }
 
@@ -222,5 +228,5 @@ class CodeBehindFile extends File {
   /**
    * Gets the 'CodeBehind' class from which this page inherits.
    */
-  ValueOrRefType getInheritedType() { result = getPageDirective().getInheritedType() }
+  ValueOrRefType getInheritedType() { result = this.getPageDirective().getInheritedType() }
 }
diff --git a/csharp/ql/lib/semmle/code/cil/ConsistencyChecks.qll b/csharp/ql/lib/semmle/code/cil/ConsistencyChecks.qll
index a17e5327b09..16d556d4d1d 100644
--- a/csharp/ql/lib/semmle/code/cil/ConsistencyChecks.qll
+++ b/csharp/ql/lib/semmle/code/cil/ConsistencyChecks.qll
@@ -4,6 +4,7 @@
 
 private import CIL
 private import csharp as CS
+private import semmle.code.csharp.commons.QualifiedName
 
 private newtype ConsistencyCheck =
   MissingEntityCheck() or
@@ -484,9 +485,12 @@ class InvalidOverride extends MethodViolation {
   }
 
   override string getMessage() {
-    result =
-      "Overridden method from " + base.getDeclaringType().getQualifiedName() +
-        " is not in a base type"
+    exists(string qualifier, string type |
+      base.getDeclaringType().hasQualifiedName(qualifier, type)
+    |
+      result =
+        "Overridden method from " + getQualifiedName(qualifier, type) + " is not in a base type"
+    )
   }
 }
 
diff --git a/csharp/ql/lib/semmle/code/cil/Method.qll b/csharp/ql/lib/semmle/code/cil/Method.qll
index da1c46b5dfd..4ba193fb01f 100644
--- a/csharp/ql/lib/semmle/code/cil/Method.qll
+++ b/csharp/ql/lib/semmle/code/cil/Method.qll
@@ -146,7 +146,7 @@ class Method extends DotNet::Callable, Element, Member, TypeContainer, DataFlowN
 
   /** Holds if this method is a destructor/finalizer. */
   predicate isFinalizer() {
-    this.getOverriddenMethod*().getQualifiedName() = "System.Object.Finalize"
+    this.getOverriddenMethod*().hasQualifiedName("System", "Object", "Finalize")
   }
 
   /** Holds if this method is an operator. */
@@ -258,7 +258,7 @@ class Setter extends Accessor {
 
   /** Holds if this setter is an `init` accessor. */
   predicate isInitOnly() {
-    exists(Type t | t.getQualifiedName() = "System.Runtime.CompilerServices.IsExternalInit" |
+    exists(Type t | t.hasQualifiedName("System.Runtime.CompilerServices", "IsExternalInit") |
       this.hasRequiredCustomModifier(t)
     )
   }
diff --git a/csharp/ql/lib/semmle/code/cil/Type.qll b/csharp/ql/lib/semmle/code/cil/Type.qll
index 7aeaf9a6495..cfe04df8e2d 100644
--- a/csharp/ql/lib/semmle/code/cil/Type.qll
+++ b/csharp/ql/lib/semmle/code/cil/Type.qll
@@ -4,6 +4,7 @@
 
 import CIL
 private import dotnet
+private import semmle.code.csharp.commons.QualifiedName
 
 /**
  * Something that contains other types.
@@ -19,7 +20,7 @@ class TypeContainer extends DotNet::NamedElement, @cil_type_container {
 
 /** A namespace. */
 class Namespace extends DotNet::Namespace, TypeContainer, @namespace {
-  override string toString() { result = this.getQualifiedName() }
+  override string toString() { result = this.getFullName() }
 
   override Namespace getParent() { result = this.getParentNamespace() }
 
@@ -52,7 +53,9 @@ class Type extends DotNet::Type, Declaration, TypeContainer, @cil_type {
 
   override predicate hasQualifiedName(string qualifier, string name) {
     name = this.getName() and
-    qualifier = this.getParent().getQualifiedName()
+    exists(string pqualifier, string pname | this.getParent().hasQualifiedName(pqualifier, pname) |
+      qualifier = getQualifiedName(pqualifier, pname)
+    )
   }
 
   override Location getALocation() { cil_type_location(this.getUnboundDeclaration(), result) }
@@ -65,8 +68,7 @@ class Type extends DotNet::Type, Declaration, TypeContainer, @cil_type {
 
   /**
    * Holds if this type is a member of the `System` namespace and has the name
-   * `name`. This is the same as `getQualifiedName() = "System.<name>"`, but is
-   * faster to compute.
+   * `name`.
    */
   predicate isSystemType(string name) {
     exists(Namespace system | this.getParent() = system |
diff --git a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll
index 683ee6268aa..2f8fde205fd 100644
--- a/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll
+++ b/csharp/ql/lib/semmle/code/cil/internal/SsaImpl.qll
@@ -47,19 +47,19 @@ private module Cached {
   }
 
   cached
-  ReadAccess getAFirstRead(Definition def) {
+  ReadAccess getAFirstReadExt(DefinitionExt def) {
     exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
-      def.definesAt(_, bb1, i1) and
-      adjacentDefRead(def, bb1, i1, bb2, i2) and
+      def.definesAt(_, bb1, i1, _) and
+      adjacentDefReadExt(def, _, bb1, i1, bb2, i2) and
       result = bb2.getNode(i2)
     )
   }
 
   cached
-  predicate hasAdjacentReads(Definition def, ReadAccess first, ReadAccess second) {
+  predicate hasAdjacentReadsExt(DefinitionExt def, ReadAccess first, ReadAccess second) {
     exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
       first = bb1.getNode(i1) and
-      adjacentDefRead(def, bb1, i1, bb2, i2) and
+      adjacentDefReadExt(def, _, bb1, i1, bb2, i2) and
       second = bb2.getNode(i2)
     )
   }
@@ -68,9 +68,35 @@ private module Cached {
   Definition getAPhiInput(PhiNode phi) { phiHasInputFromBlock(phi, result, _) }
 
   cached
-  predicate lastRefBeforeRedef(Definition def, BasicBlock bb, int i, Definition next) {
-    lastRefRedef(def, bb, i, next)
+  predicate lastRefBeforeRedefExt(DefinitionExt def, BasicBlock bb, int i, DefinitionExt next) {
+    lastRefRedefExt(def, _, bb, i, next)
   }
 }
 
 import Cached
+
+private module Deprecated {
+  private import CIL
+
+  deprecated ReadAccess getAFirstRead(Definition def) {
+    exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
+      def.definesAt(_, bb1, i1) and
+      adjacentDefRead(def, bb1, i1, bb2, i2) and
+      result = bb2.getNode(i2)
+    )
+  }
+
+  deprecated predicate hasAdjacentReads(Definition def, ReadAccess first, ReadAccess second) {
+    exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
+      first = bb1.getNode(i1) and
+      adjacentDefRead(def, bb1, i1, bb2, i2) and
+      second = bb2.getNode(i2)
+    )
+  }
+
+  deprecated predicate lastRefBeforeRedef(Definition def, BasicBlock bb, int i, Definition next) {
+    lastRefRedef(def, bb, i, next)
+  }
+}
+
+import Deprecated
diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll
index 0477874eec1..bc8e1294adb 100644
--- a/csharp/ql/lib/semmle/code/csharp/Callable.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll
@@ -7,6 +7,7 @@ import Member
 import Stmt
 import Type
 import exprs.Call
+private import commons.QualifiedName
 private import dotnet
 private import semmle.code.csharp.ExprOrStmtParent
 private import semmle.code.csharp.metrics.Complexity
@@ -357,6 +358,9 @@ class Constructor extends DotNet::Constructor, Callable, Member, Attributable, @
     if this.isStatic() then result = this.getParameter(i) else result = this.getParameter(i - 1)
   }
 
+  /** Holds if this is a constructor without parameters. */
+  predicate isParameterless() { this.getNumberOfParameters() = 0 }
+
   override string getUndecoratedName() { result = ".ctor" }
 }
 
@@ -459,6 +463,11 @@ class Operator extends Callable, Member, Attributable, @operator {
     super.hasQualifiedName(qualifier, _) and
     name = this.getFunctionName()
   }
+
+  override predicate hasQualifiedName(string namespace, string type, string name) {
+    super.hasQualifiedName(namespace, type, _) and
+    name = this.getFunctionName()
+  }
 }
 
 /** A clone method on a record. */
@@ -996,7 +1005,10 @@ class LocalFunction extends Callable, Modifiable, Attributable, @local_function
   override Callable getEnclosingCallable() { result = this.getStatement().getEnclosingCallable() }
 
   override predicate hasQualifiedName(string qualifier, string name) {
-    qualifier = this.getEnclosingCallable().getQualifiedName() and
+    exists(string cqualifier, string type |
+      this.getEnclosingCallable().hasQualifiedName(cqualifier, type) and
+      qualifier = getQualifiedName(cqualifier, type)
+    ) and
     name = this.getName()
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/Generics.qll b/csharp/ql/lib/semmle/code/csharp/Generics.qll
index ef3aced9cb9..ee850f25ea3 100644
--- a/csharp/ql/lib/semmle/code/csharp/Generics.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Generics.qll
@@ -15,6 +15,7 @@
 
 import Location
 import Namespace
+private import commons.QualifiedName
 private import dotnet
 private import TypeRef
 
@@ -97,11 +98,18 @@ private string getTypeArgumentsNames(ConstructedGeneric cg) {
   result = strictconcat(Type t, int i | t = cg.getTypeArgument(i) | t.getName(), "," order by i)
 }
 
-/** Gets the concatenation of the `getQualifiedName()` of type arguments. */
+bindingset[t]
+private string getFullName(Type t) {
+  exists(string qualifier, string name |
+    t.hasQualifiedName(qualifier, name) and
+    result = getQualifiedName(qualifier, name)
+  )
+}
+
+/** Gets the concatenation of the `getFullName` of type arguments. */
 language[monotonicAggregates]
 private string getTypeArgumentsQualifiedNames(ConstructedGeneric cg) {
-  result =
-    strictconcat(Type t, int i | t = cg.getTypeArgument(i) | t.getQualifiedName(), "," order by i)
+  result = strictconcat(Type t, int i | t = cg.getTypeArgument(i) | getFullName(t), "," order by i)
 }
 
 /**
@@ -159,7 +167,7 @@ class UnboundGenericType extends ValueOrRefType, UnboundGeneric {
       )
       or
       not exists(this.getDeclaringType()) and
-      qualifier = this.getNamespace().getQualifiedName() and
+      qualifier = this.getNamespace().getFullName() and
       name0 = this.getUndecoratedName()
     )
   }
@@ -424,7 +432,7 @@ class ConstructedType extends ValueOrRefType, ConstructedGeneric {
       )
       or
       not exists(this.getDeclaringType()) and
-      qualifier = this.getNamespace().getQualifiedName() and
+      qualifier = this.getNamespace().getFullName() and
       name0 = this.getUndecoratedName()
     )
   }
@@ -594,8 +602,8 @@ class ConstructedMethod extends Method, ConstructedGeneric {
     result = this.getUndecoratedName() + "<" + getTypeArgumentsNames(this) + ">"
   }
 
-  override predicate hasQualifiedName(string qualifier, string name) {
-    qualifier = this.getDeclaringType().getQualifiedName() and
+  override predicate hasQualifiedName(string namespace, string type, string name) {
+    this.getDeclaringType().hasQualifiedName(namespace, type) and
     name = this.getUndecoratedName() + "<" + getTypeArgumentsQualifiedNames(this) + ">"
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/PrintAst.qll b/csharp/ql/lib/semmle/code/csharp/PrintAst.qll
index d179da2e194..8cb59f3b6c8 100644
--- a/csharp/ql/lib/semmle/code/csharp/PrintAst.qll
+++ b/csharp/ql/lib/semmle/code/csharp/PrintAst.qll
@@ -107,10 +107,10 @@ private ValueOrRefType getAnInterestingBaseType(ValueOrRefType type) {
 
 private predicate isInterestingBaseType(ValueOrRefType type, ValueOrRefType base) {
   not base instanceof ObjectType and
-  not base.getQualifiedName() = "System.ValueType" and
-  not base.getQualifiedName() = "System.Delegate" and
-  not base.getQualifiedName() = "System.MulticastDelegate" and
-  not base.getQualifiedName() = "System.Enum" and
+  not base.hasQualifiedName("System", "ValueType") and
+  not base.hasQualifiedName("System", "Delegate") and
+  not base.hasQualifiedName("System", "MulticastDelegate") and
+  not base.hasQualifiedName("System", "Enum") and
   exists(TypeMention tm | tm.getTarget() = type and tm.getType() = base)
 }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/Stmt.qll b/csharp/ql/lib/semmle/code/csharp/Stmt.qll
index 3ed9468a8d8..6bf826c675d 100644
--- a/csharp/ql/lib/semmle/code/csharp/Stmt.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Stmt.qll
@@ -75,7 +75,7 @@ class BlockStmt extends Stmt, @block_stmt {
 
   /** Holds if this block is the container of the global statements. */
   predicate isGlobalStatementContainer() {
-    this.getEnclosingCallable().hasQualifiedName("Program.<Main>$")
+    this.getEnclosingCallable().hasQualifiedName("Program", "<Main>$")
   }
 
   override Stmt stripSingletonBlocks() {
diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll
index f95ded84771..8bb92c8c86a 100644
--- a/csharp/ql/lib/semmle/code/csharp/Type.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Type.qll
@@ -56,13 +56,6 @@ private predicate isObjectClass(Class c) { c instanceof ObjectType }
  * Either a value type (`ValueType`) or a reference type (`RefType`).
  */
 class ValueOrRefType extends DotNet::ValueOrRefType, Type, Attributable, @value_or_ref_type {
-  /**
-   * DEPRECATED: use `getUndecoratedName()` instead.
-   *
-   * Gets the name of this type without `<...>` brackets, in case it is a generic type.
-   */
-  deprecated string getNameWithoutBrackets() { types(this, _, result) }
-
   /**
    * Holds if this type has the qualified name `qualifier`.`name`.
    *
@@ -76,7 +69,7 @@ class ValueOrRefType extends DotNet::ValueOrRefType, Type, Attributable, @value_
     )
     or
     not exists(this.getDeclaringType()) and
-    qualifier = this.getNamespace().getQualifiedName() and
+    qualifier = this.getNamespace().getFullName() and
     name = this.getUndecoratedName()
   }
 
@@ -824,13 +817,15 @@ class RecordClass extends RecordType, Class {
  */
 class AnonymousClass extends Class {
   AnonymousClass() { anonymous_types(this) }
+
+  override string getAPrimaryQlClass() { result = "AnonymousClass" }
 }
 
 /**
  * The `object` type, `System.Object`.
  */
 class ObjectType extends Class {
-  ObjectType() { this.hasQualifiedName("System.Object") }
+  ObjectType() { this.hasQualifiedName("System", "Object") }
 
   override string toStringWithTypes() { result = "object" }
 
@@ -841,7 +836,7 @@ class ObjectType extends Class {
  * The `string` type, `System.String`.
  */
 class StringType extends Class {
-  StringType() { this.hasQualifiedName("System.String") }
+  StringType() { this.hasQualifiedName("System", "String") }
 
   override string toStringWithTypes() { result = "string" }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/commons/Assertions.qll b/csharp/ql/lib/semmle/code/csharp/commons/Assertions.qll
index df8ae6ea6ed..f35b10ac934 100644
--- a/csharp/ql/lib/semmle/code/csharp/commons/Assertions.qll
+++ b/csharp/ql/lib/semmle/code/csharp/commons/Assertions.qll
@@ -368,40 +368,32 @@ private Stmt getAnAssertingStmt(Assertion a) {
 }
 
 /** A method that forwards to a Boolean assertion method. */
-class ForwarderBooleanAssertMethod extends BooleanAssertMethod {
-  private ForwarderAssertMethod forwarder;
+class ForwarderBooleanAssertMethod extends BooleanAssertMethod instanceof ForwarderAssertMethod {
   private BooleanAssertMethod underlying;
 
-  ForwarderBooleanAssertMethod() {
-    forwarder = this and
-    underlying = forwarder.getUnderlyingAssertMethod()
-  }
+  ForwarderBooleanAssertMethod() { underlying = super.getUnderlyingAssertMethod() }
 
   override int getAnAssertionIndex(boolean b) {
-    forwarder.getAForwarderAssertionIndex(result) = underlying.getAnAssertionIndex(b)
+    super.getAForwarderAssertionIndex(result) = underlying.getAnAssertionIndex(b)
   }
 
   override AssertionFailure getAssertionFailure(int i) {
-    result = underlying.getAssertionFailure(forwarder.getAForwarderAssertionIndex(i))
+    result = underlying.getAssertionFailure(super.getAForwarderAssertionIndex(i))
   }
 }
 
 /** A method that forwards to a nullness assertion method. */
-class ForwarderNullnessAssertMethod extends NullnessAssertMethod {
-  private ForwarderAssertMethod forwarder;
+class ForwarderNullnessAssertMethod extends NullnessAssertMethod instanceof ForwarderAssertMethod {
   private NullnessAssertMethod underlying;
 
-  ForwarderNullnessAssertMethod() {
-    forwarder = this and
-    underlying = forwarder.getUnderlyingAssertMethod()
-  }
+  ForwarderNullnessAssertMethod() { underlying = super.getUnderlyingAssertMethod() }
 
   override int getAnAssertionIndex(boolean b) {
-    forwarder.getAForwarderAssertionIndex(result) = underlying.getAnAssertionIndex(b)
+    super.getAForwarderAssertionIndex(result) = underlying.getAnAssertionIndex(b)
   }
 
   override AssertionFailure getAssertionFailure(int i) {
-    result = underlying.getAssertionFailure(forwarder.getAForwarderAssertionIndex(i))
+    result = underlying.getAssertionFailure(super.getAForwarderAssertionIndex(i))
   }
 }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll
index 7da80a79ffd..4a90c121e2e 100644
--- a/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll
+++ b/csharp/ql/lib/semmle/code/csharp/commons/GeneratedCode.qll
@@ -39,7 +39,7 @@ class GeneratedAttributeFile extends GeneratedCodeFile {
 class GeneratedNamespaceFile extends GeneratedCodeFile {
   GeneratedNamespaceFile() {
     exists(Namespace n | n.getATypeDeclaration().getFile() = this |
-      n.getQualifiedName() = "Microsoft.Xml.Serialization.GeneratedAssembly"
+      n.getFullName() = "Microsoft.Xml.Serialization.GeneratedAssembly"
     )
   }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/commons/QualifiedName.qll b/csharp/ql/lib/semmle/code/csharp/commons/QualifiedName.qll
new file mode 100644
index 00000000000..4955d8db8f2
--- /dev/null
+++ b/csharp/ql/lib/semmle/code/csharp/commons/QualifiedName.qll
@@ -0,0 +1,34 @@
+/**
+ * Provides predicates related to C# qualified names.
+ */
+
+/**
+ * Returns the concatenation of `qualifier` and `name`, separated by a dot.
+ */
+bindingset[qualifier, name]
+string getQualifiedName(string qualifier, string name) {
+  if qualifier = "" then result = name else result = qualifier + "." + name
+}
+
+/**
+ * Returns the concatenation of `namespace`, `type` and `name`, separated by a dot.
+ */
+bindingset[namespace, type, name]
+string getQualifiedName(string namespace, string type, string name) {
+  result = getQualifiedName(namespace, type) + "." + name
+}
+
+/**
+ * Holds if `qualifiedName` is the concatenation of `qualifier` and `name`, separated by a dot.
+ */
+bindingset[qualifiedName]
+predicate splitQualifiedName(string qualifiedName, string qualifier, string name) {
+  exists(string nameSplitter | nameSplitter = "(.*)\\.([^\\.]+)$" |
+    qualifier = qualifiedName.regexpCapture(nameSplitter, 1) and
+    name = qualifiedName.regexpCapture(nameSplitter, 2)
+    or
+    not qualifiedName.regexpMatch(nameSplitter) and
+    qualifier = "" and
+    name = qualifiedName
+  )
+}
diff --git a/csharp/ql/lib/semmle/code/csharp/commons/TargetFramework.qll b/csharp/ql/lib/semmle/code/csharp/commons/TargetFramework.qll
index 83de1b9d294..41ce7b36944 100644
--- a/csharp/ql/lib/semmle/code/csharp/commons/TargetFramework.qll
+++ b/csharp/ql/lib/semmle/code/csharp/commons/TargetFramework.qll
@@ -14,7 +14,7 @@ class TargetFrameworkAttribute extends Attribute {
   Assembly assembly;
 
   TargetFrameworkAttribute() {
-    this.getType().getQualifiedName() = "System.Runtime.Versioning.TargetFrameworkAttribute" and
+    this.getType().hasQualifiedName("System.Runtime.Versioning", "TargetFrameworkAttribute") and
     assembly = this.getTarget()
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/commons/Util.qll b/csharp/ql/lib/semmle/code/csharp/commons/Util.qll
index 342ab2afd4e..91903a9109b 100644
--- a/csharp/ql/lib/semmle/code/csharp/commons/Util.qll
+++ b/csharp/ql/lib/semmle/code/csharp/commons/Util.qll
@@ -8,7 +8,7 @@ class MainMethod extends Method {
     (
       this.hasName("Main")
       or
-      this.hasQualifiedName("Program.<Main>$")
+      this.hasQualifiedName("Program", "<Main>$")
     ) and
     this.isStatic() and
     (this.getReturnType() instanceof VoidType or this.getReturnType() instanceof IntType) and
diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
index bda14e0b4ae..cf72b9a6991 100644
--- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
+++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
@@ -103,7 +103,6 @@ abstract class Completion extends TCompletion {
    * otherwise it is a normal non-Boolean completion.
    */
   predicate isValidFor(ControlFlowElement cfe) {
-    cfe instanceof NonReturningCall and
     this = cfe.(NonReturningCall).getACompletion()
     or
     this = TThrowCompletion(cfe.(TriedControlFlowElement).getAThrownException())
@@ -199,6 +198,17 @@ private predicate isBooleanConstant(Expr e, boolean value) {
     value = false
     or
     isConstantComparison(e, value)
+    or
+    exists(Method m, Call c, Expr expr |
+      m = any(SystemStringClass s).getIsNullOrEmptyMethod() and
+      c.getTarget() = m and
+      e = c and
+      expr = c.getArgument(0) and
+      expr.hasValue() and
+      if expr.getValue().length() > 0 and not expr instanceof NullLiteral
+      then value = false
+      else value = true
+    )
   )
 }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
index 6bd0d5d033f..37fc97903e6 100644
--- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
+++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
@@ -768,7 +768,7 @@ module Expressions {
             nc.getOuterCompletion()
                 .(ThrowCompletion)
                 .getExceptionClass()
-                .hasQualifiedName("System.InvalidOperationException")
+                .hasQualifiedName("System", "InvalidOperationException")
           )
       )
     }
diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll
index dbd90ba0ae1..5039d09ff22 100644
--- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll
+++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll
@@ -907,9 +907,13 @@ module TestOutput {
 
   query predicate edges(RelevantNode pred, RelevantNode succ, string attr, string val) {
     attr = "semmle.label" and
-    exists(SuccessorType t | succ = getASuccessor(pred, t) |
-      if successorTypeIsSimple(t) then val = "" else val = t.toString()
-    )
+    val =
+      strictconcat(SuccessorType t, string s |
+        succ = getASuccessor(pred, t) and
+        if successorTypeIsSimple(t) then s = "" else s = t.toString()
+      |
+        s, ", " order by s
+      )
     or
     attr = "semmle.order" and
     val =
diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/NonReturning.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/NonReturning.qll
index fe9f1148a6d..1f00343e08a 100644
--- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/NonReturning.qll
+++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/NonReturning.qll
@@ -51,7 +51,7 @@ private class ThrowingCall extends NonReturningCall {
       this =
         any(MethodCall mc |
           mc.getTarget()
-              .hasQualifiedName("System.Runtime.ExceptionServices.ExceptionDispatchInfo", "Throw") and
+              .hasQualifiedName("System.Runtime.ExceptionServices", "ExceptionDispatchInfo", "Throw") and
           (
             mc.hasNoArguments() and
             c.getExceptionClass() instanceof SystemExceptionClass
@@ -85,8 +85,8 @@ private class DirectlyExitingCallable extends ExitingCallable {
   DirectlyExitingCallable() {
     this =
       any(Method m |
-        m.hasQualifiedName("System.Environment", "Exit") or
-        m.hasQualifiedName("System.Windows.Forms.Application", "Exit")
+        m.hasQualifiedName("System", "Environment", "Exit") or
+        m.hasQualifiedName("System.Windows.Forms", "Application", "Exit")
       )
   }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
index 874bd51a9f3..dda86ebcd91 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -11,9 +11,9 @@
  *   `namespace; type; subtypes; name; signature; ext; input; kind; provenance`
  * - Summaries:
  *   `namespace; type; subtypes; name; signature; ext; input; output; kind; provenance`
- * - Negative Summaries:
+ * - Neutrals:
  *   `namespace; type; name; signature; provenance`
- *   A negative summary is used to indicate that there is no flow via a callable.
+ *   A neutral is used to indicate that there is no flow via a callable.
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
@@ -82,6 +82,7 @@
  */
 
 import csharp
+private import ExternalFlowExtensions as Extensions
 private import internal.AccessPathSyntax
 private import internal.DataFlowDispatch
 private import internal.DataFlowPrivate
@@ -90,43 +91,6 @@ private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific
 
-/**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import semmle.code.csharp.frameworks.EntityFramework
-  private import semmle.code.csharp.frameworks.JsonNET
-  private import semmle.code.csharp.frameworks.ServiceStack
-  private import semmle.code.csharp.frameworks.Sql
-  private import semmle.code.csharp.frameworks.System
-  private import semmle.code.csharp.frameworks.system.CodeDom
-  private import semmle.code.csharp.frameworks.system.Collections
-  private import semmle.code.csharp.frameworks.system.collections.Generic
-  private import semmle.code.csharp.frameworks.system.collections.Specialized
-  private import semmle.code.csharp.frameworks.system.Data
-  private import semmle.code.csharp.frameworks.system.data.Common
-  private import semmle.code.csharp.frameworks.system.Diagnostics
-  private import semmle.code.csharp.frameworks.system.Linq
-  private import semmle.code.csharp.frameworks.system.Net
-  private import semmle.code.csharp.frameworks.system.net.Mail
-  private import semmle.code.csharp.frameworks.system.IO
-  private import semmle.code.csharp.frameworks.system.io.Compression
-  private import semmle.code.csharp.frameworks.system.runtime.CompilerServices
-  private import semmle.code.csharp.frameworks.system.Security
-  private import semmle.code.csharp.frameworks.system.security.Cryptography
-  private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
-  private import semmle.code.csharp.frameworks.system.Text
-  private import semmle.code.csharp.frameworks.system.text.RegularExpressions
-  private import semmle.code.csharp.frameworks.system.threading.Tasks
-  private import semmle.code.csharp.frameworks.system.Web
-  private import semmle.code.csharp.frameworks.system.web.ui.WebControls
-  private import semmle.code.csharp.frameworks.system.Xml
-  private import semmle.code.csharp.security.dataflow.flowsinks.Html
-  private import semmle.code.csharp.security.dataflow.flowsources.Local
-  private import semmle.code.csharp.security.dataflow.XSSSinks
-}
-
 /**
  * DEPRECATED: Define source models as data extensions instead.
  *
@@ -169,38 +133,12 @@ private class SummaryModelCsvInternal extends Unit {
   abstract predicate row(string row);
 }
 
-/**
- * DEPRECATED: Define negative summary models as data extensions instead.
- *
- * A unit class for adding additional negative summary model rows.
- *
- * Extend this class to add additional negative summary definitions.
- */
-deprecated class NegativeSummaryModelCsv = NegativeSummaryModelCsvInternal;
-
-private class NegativeSummaryModelCsvInternal extends Unit {
-  /** Holds if `row` specifies a negative summary definition. */
-  abstract predicate row(string row);
-}
-
 private predicate sourceModelInternal(string row) { any(SourceModelCsvInternal s).row(row) }
 
 private predicate summaryModelInternal(string row) { any(SummaryModelCsvInternal s).row(row) }
 
 private predicate sinkModelInternal(string row) { any(SinkModelCsvInternal s).row(row) }
 
-private predicate negativeSummaryModelInternal(string row) {
-  any(NegativeSummaryModelCsvInternal s).row(row)
-}
-
-/**
- * Holds if a source model exists for the given parameters.
- */
-extensible predicate extSourceModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance
-);
-
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
@@ -220,15 +158,9 @@ predicate sourceModel(
     row.splitAt(";", 8) = provenance
   )
   or
-  extSourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance)
+  Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance)
 }
 
-/** Holds if a sink model exists for the given parameters. */
-extensible predicate extSinkModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind, string provenance
-);
-
 /** Holds if a sink model exists for the given parameters. */
 predicate sinkModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
@@ -248,15 +180,9 @@ predicate sinkModel(
     row.splitAt(";", 8) = provenance
   )
   or
-  extSinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance)
+  Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance)
 }
 
-/** Holds if a summary model exists for the given parameters. */
-extensible predicate extSummaryModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance
-);
-
 /** Holds if a summary model exists for the given parameters. */
 predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
@@ -277,29 +203,12 @@ predicate summaryModel(
     row.splitAt(";", 9) = provenance
   )
   or
-  extSummaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance)
+  Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
+    provenance)
 }
 
-/** Holds if a summary model exists indicating there is no flow for the given parameters. */
-extensible predicate extNegativeSummaryModel(
-  string namespace, string type, string name, string signature, string provenance
-);
-
-/** Holds if a summary model exists indicating there is no flow for the given parameters. */
-predicate negativeSummaryModel(
-  string namespace, string type, string name, string signature, string provenance
-) {
-  exists(string row |
-    negativeSummaryModelInternal(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = name and
-    row.splitAt(";", 3) = signature and
-    row.splitAt(";", 4) = provenance
-  )
-  or
-  extNegativeSummaryModel(namespace, type, name, signature, provenance)
-}
+/** Holds if a model exists indicating there is no flow for the given parameters. */
+predicate neutralModel = Extensions::neutralModel/5;
 
 private predicate relevantNamespace(string namespace) {
   sourceModel(namespace, _, _, _, _, _, _, _, _) or
@@ -402,7 +311,7 @@ module ModelValidation {
     )
     or
     exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["local", "file"] and
+      not kind = ["local", "remote", "file"] and
       result = "Invalid kind \"" + kind + "\" in source model."
     )
   }
@@ -430,8 +339,6 @@ module ModelValidation {
       sinkModelInternal(row) and expect = 9 and pred = "sink"
       or
       summaryModelInternal(row) and expect = 10 and pred = "summary"
-      or
-      negativeSummaryModelInternal(row) and expect = 5 and pred = "negative summary"
     |
       exists(int cols |
         cols = 1 + max(int n | exists(row.splitAt(";", n))) and
@@ -455,9 +362,9 @@ module ModelValidation {
       summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance) and
       pred = "summary"
       or
-      negativeSummaryModel(namespace, type, name, signature, provenance) and
+      neutralModel(namespace, type, name, signature, provenance) and
       ext = "" and
-      pred = "negative summary"
+      pred = "neutral"
     |
       not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
       result = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
@@ -498,7 +405,7 @@ private predicate elementSpec(
   or
   summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
   or
-  negativeSummaryModel(namespace, type, name, signature, _) and ext = "" and subtypes = false
+  neutralModel(namespace, type, name, signature, _) and ext = "" and subtypes = false
 }
 
 private predicate elementSpec(
@@ -632,7 +539,7 @@ private Element interpretElement0(
   )
 }
 
-/** Gets the source/sink/summary/negativesummary element corresponding to the supplied parameters. */
+/** Gets the source/sink/summary/neutral element corresponding to the supplied parameters. */
 Element interpretElement(
   string namespace, string type, boolean subtypes, string name, string signature, string ext
 ) {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll
new file mode 100644
index 00000000000..aab3d67e620
--- /dev/null
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll
@@ -0,0 +1,34 @@
+/**
+ * This module provides extensible predicates for defining MaD models.
+ */
+
+/**
+ * Holds if a source model exists for the given parameters.
+ */
+extensible predicate sourceModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance
+);
+
+/**
+ * Holds if a sink model exists for the given parameters.
+ */
+extensible predicate sinkModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance
+);
+
+/**
+ * Holds if a summary model exists for the given parameters.
+ */
+extensible predicate summaryModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance
+);
+
+/**
+ * Holds if a model exists indicating there is no flow for the given parameters.
+ */
+extensible predicate neutralModel(
+  string namespace, string type, string name, string signature, string provenance
+);
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll
index f377d94e15c..8764da0a784 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll
@@ -138,25 +138,6 @@ module Ssa {
     }
   }
 
-  private string getSplitString(Definition def) {
-    exists(ControlFlow::BasicBlock bb, int i, ControlFlow::Node cfn |
-      def.definesAt(_, bb, i) and
-      result = cfn.(ControlFlow::Nodes::ElementNode).getSplitsString()
-    |
-      cfn = bb.getNode(i)
-      or
-      not exists(bb.getNode(i)) and
-      cfn = bb.getFirstNode()
-    )
-  }
-
-  private string getToStringPrefix(Definition def) {
-    result = "[" + getSplitString(def) + "] "
-    or
-    not exists(getSplitString(def)) and
-    result = ""
-  }
-
   /**
    * A static single assignment (SSA) definition. Either an explicit variable
    * definition (`ExplicitDefinition`), an implicit variable definition
@@ -521,8 +502,8 @@ module Ssa {
 
     override string toString() {
       if this.getADefinition() instanceof AssignableDefinitions::ImplicitParameterDefinition
-      then result = getToStringPrefix(this) + "SSA param(" + this.getSourceVariable() + ")"
-      else result = getToStringPrefix(this) + "SSA def(" + this.getSourceVariable() + ")"
+      then result = SsaImpl::getToStringPrefix(this) + "SSA param(" + this.getSourceVariable() + ")"
+      else result = SsaImpl::getToStringPrefix(this) + "SSA def(" + this.getSourceVariable() + ")"
     }
 
     override Location getLocation() { result = ad.getLocation() }
@@ -570,8 +551,12 @@ module Ssa {
 
     override string toString() {
       if this.getSourceVariable().getAssignable() instanceof LocalScopeVariable
-      then result = getToStringPrefix(this) + "SSA capture def(" + this.getSourceVariable() + ")"
-      else result = getToStringPrefix(this) + "SSA entry def(" + this.getSourceVariable() + ")"
+      then
+        result =
+          SsaImpl::getToStringPrefix(this) + "SSA capture def(" + this.getSourceVariable() + ")"
+      else
+        result =
+          SsaImpl::getToStringPrefix(this) + "SSA entry def(" + this.getSourceVariable() + ")"
     }
 
     override Location getLocation() { result = this.getCallable().getLocation() }
@@ -612,7 +597,7 @@ module Ssa {
     }
 
     override string toString() {
-      result = getToStringPrefix(this) + "SSA call def(" + this.getSourceVariable() + ")"
+      result = SsaImpl::getToStringPrefix(this) + "SSA call def(" + this.getSourceVariable() + ")"
     }
 
     override Location getLocation() { result = this.getCall().getLocation() }
@@ -640,7 +625,8 @@ module Ssa {
     final Definition getQualifierDefinition() { result = q }
 
     override string toString() {
-      result = getToStringPrefix(this) + "SSA qualifier def(" + this.getSourceVariable() + ")"
+      result =
+        SsaImpl::getToStringPrefix(this) + "SSA qualifier def(" + this.getSourceVariable() + ")"
     }
 
     override Location getLocation() { result = this.getQualifierDefinition().getLocation() }
@@ -682,7 +668,7 @@ module Ssa {
     }
 
     override string toString() {
-      result = getToStringPrefix(this) + "SSA phi(" + this.getSourceVariable() + ")"
+      result = SsaImpl::getToStringPrefix(this) + "SSA phi(" + this.getSourceVariable() + ")"
     }
 
     /*
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll
index 2bdb56b2aa6..787f2f614f7 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll
@@ -222,18 +222,14 @@ module ContentDataFlow {
     )
   }
 
-  private class ConfigurationAdapter extends DF::Configuration {
-    private Configuration c;
-
-    ConfigurationAdapter() { this = c }
-
+  private class ConfigurationAdapter extends DF::Configuration instanceof Configuration {
     final override predicate isSource(Node source, DF::FlowState state) {
-      c.isSource(source) and
+      Configuration.super.isSource(source) and
       state.(InitState).decode(true)
     }
 
     final override predicate isSink(Node sink, DF::FlowState state) {
-      c.isSink(sink) and
+      Configuration.super.isSink(sink) and
       (
         state instanceof InitState or
         state instanceof StoreState or
@@ -249,9 +245,9 @@ module ContentDataFlow {
       additionalStep(node1, state1, node2, state2, this)
     }
 
-    final override predicate isBarrier(Node node) { c.isBarrier(node) }
+    final override predicate isBarrier(Node node) { Configuration.super.isBarrier(node) }
 
-    final override FlowFeature getAFeature() { result = c.getAFeature() }
+    final override FlowFeature getAFeature() { result = Configuration.super.getAFeature() }
 
     // needed to record reads/stores inside summarized callables
     final override predicate includeHiddenNodes() { any() }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
index 594cbe20865..a6142ce11ee 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
@@ -6,7 +6,6 @@ private import DataFlowPublic
 private import DataFlowPrivate
 private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.FlowSummary as FlowSummary
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.dispatch.RuntimeCallable
 private import semmle.code.csharp.frameworks.system.Collections
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
index 4fc2cb4f398..e69f7cf6b90 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -18,6 +18,7 @@ private import semmle.code.csharp.frameworks.NHibernate
 private import semmle.code.csharp.frameworks.system.Collections
 private import semmle.code.csharp.frameworks.system.threading.Tasks
 private import semmle.code.cil.Ssa::Ssa as CilSsa
+private import semmle.code.cil.internal.SsaImpl as CilSsaImpl
 
 /** Gets the callable in which this node occurs. */
 DataFlowCallable nodeGetEnclosingCallable(NodeImpl n) { result = n.getEnclosingCallableImpl() }
@@ -174,7 +175,7 @@ predicate hasNodePath(ControlFlowReachabilityConfiguration conf, ExprNode n1, No
     cfn = n1.getControlFlowNode() and
     ssaDef.getADefinition() = def and
     ssaDef.getControlFlowNode() = cfnDef and
-    n2.(SsaDefinitionNode).getDefinition() = ssaDef
+    n2.(SsaDefinitionExtNode).getDefinitionExt() = ssaDef
   )
 }
 
@@ -306,17 +307,28 @@ module LocalFlow {
     }
   }
 
+  /** An SSA definition into which another SSA definition may flow. */
+  private class SsaInputDefinitionExtNode extends SsaDefinitionExtNode {
+    SsaInputDefinitionExtNode() {
+      def instanceof Ssa::PhiNode
+      or
+      def instanceof SsaImpl::PhiReadNode
+      or
+      def instanceof LocalFlow::UncertainExplicitSsaDefinition
+    }
+  }
+
   /**
    * Holds if `nodeFrom` is a last node referencing SSA definition `def`, which
    * can reach `next`.
    */
   private predicate localFlowSsaInputFromDef(
-    Node nodeFrom, Ssa::Definition def, Ssa::Definition next
+    Node nodeFrom, SsaImpl::DefinitionExt def, SsaInputDefinitionExtNode next
   ) {
     exists(ControlFlow::BasicBlock bb, int i |
-      SsaImpl::lastRefBeforeRedef(def, bb, i, next) and
-      def.definesAt(_, bb, i) and
-      def = getSsaDefinition(nodeFrom)
+      SsaImpl::lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and
+      def.definesAt(_, bb, i, _) and
+      def = getSsaDefinitionExt(nodeFrom)
     )
   }
 
@@ -324,18 +336,17 @@ module LocalFlow {
    * Holds if `read` is a last node reading SSA definition `def`, which
    * can reach `next`.
    */
-  predicate localFlowSsaInputFromExpr(
-    ControlFlow::Node read, Ssa::Definition def, Ssa::Definition next
+  predicate localFlowSsaInputFromRead(
+    Node read, SsaImpl::DefinitionExt def, SsaInputDefinitionExtNode next
   ) {
     exists(ControlFlow::BasicBlock bb, int i |
-      SsaImpl::lastRefBeforeRedef(def, bb, i, next) and
-      read = bb.getNode(i) and
-      read.getElement() instanceof AssignableRead
+      SsaImpl::lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and
+      read.asExprAtNode(bb.getNode(i)) instanceof AssignableRead
     )
   }
 
-  private Ssa::Definition getSsaDefinition(Node n) {
-    result = n.(SsaDefinitionNode).getDefinition()
+  private SsaImpl::DefinitionExt getSsaDefinitionExt(Node n) {
+    result = n.(SsaDefinitionExtNode).getDefinitionExt()
     or
     result = n.(ExplicitParameterNode).getSsaDefinition()
   }
@@ -344,9 +355,9 @@ module LocalFlow {
    * Holds if there is a local use-use flow step from `nodeFrom` to `nodeTo`
    * involving SSA definition `def`.
    */
-  predicate localSsaFlowStepUseUse(Ssa::Definition def, Node nodeFrom, Node nodeTo) {
+  predicate localSsaFlowStepUseUse(SsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo) {
     exists(ControlFlow::Node cfnFrom, ControlFlow::Node cfnTo |
-      SsaImpl::adjacentReadPairSameVar(def, cfnFrom, cfnTo) and
+      SsaImpl::adjacentReadPairSameVarExt(def, cfnFrom, cfnTo) and
       nodeTo = TExprNode(cfnTo) and
       nodeFrom = TExprNode(cfnFrom)
     )
@@ -356,31 +367,22 @@ module LocalFlow {
    * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving
    * SSA definition `def`.
    */
-  predicate localSsaFlowStep(Ssa::Definition def, Node nodeFrom, Node nodeTo) {
+  predicate localSsaFlowStep(SsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo) {
     // Flow from SSA definition/parameter to first read
-    exists(ControlFlow::Node cfn |
-      def = getSsaDefinition(nodeFrom) and
-      nodeTo.asExprAtNode(cfn) = def.getAFirstReadAtNode(cfn)
-    )
+    def = getSsaDefinitionExt(nodeFrom) and
+    SsaImpl::firstReadSameVarExt(def, nodeTo.(ExprNode).getControlFlowNode())
     or
     // Flow from read to next read
     localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
     or
-    // Flow into phi/uncertain SSA definition node from def
-    exists(Ssa::Definition next |
-      localFlowSsaInputFromDef(nodeFrom, def, next) and
-      next = nodeTo.(SsaDefinitionNode).getDefinition()
-    |
-      def = next.(Ssa::PhiNode).getAnInput()
-      or
-      def = next.(LocalFlow::UncertainExplicitSsaDefinition).getPriorDefinition()
-    )
+    // Flow into phi (read)/uncertain SSA definition node from def
+    localFlowSsaInputFromDef(nodeFrom, def, nodeTo)
   }
 
   /**
    * Holds if the source variable of SSA definition `def` is an instance field.
    */
-  predicate usesInstanceField(Ssa::Definition def) {
+  predicate usesInstanceField(SsaImpl::DefinitionExt def) {
     exists(Ssa::SourceVariables::FieldOrPropSourceVariable fp | fp = def.getSourceVariable() |
       not fp.getAssignable().(Modifiable).isStatic()
     )
@@ -389,25 +391,23 @@ module LocalFlow {
   predicate localFlowCapturedVarStep(Node nodeFrom, ImplicitCapturedArgumentNode nodeTo) {
     // Flow from SSA definition to implicit captured variable argument
     exists(Ssa::ExplicitDefinition def, ControlFlow::Nodes::ElementNode call |
-      def = getSsaDefinition(nodeFrom) and
+      def = getSsaDefinitionExt(nodeFrom) and
       def.isCapturedVariableDefinitionFlowIn(_, call, _) and
       nodeTo = TImplicitCapturedArgumentNode(call, def.getSourceVariable().getAssignable())
     )
   }
 
   private module CilFlow {
-    private import semmle.code.cil.internal.SsaImpl as CilSsaImpl
-
     /**
      * Holds if `nodeFrom` is a last node referencing SSA definition `def`, which
      * can reach `next`.
      */
     private predicate localFlowCilSsaInput(
-      Node nodeFrom, CilSsa::Definition def, CilSsa::Definition next
+      Node nodeFrom, CilSsaImpl::DefinitionExt def, CilSsaImpl::DefinitionExt next
     ) {
-      exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedef(def, bb, i, next) |
-        def.definesAt(_, bb, i) and
-        def = nodeFrom.(CilSsaDefinitionNode).getDefinition()
+      exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedefExt(def, bb, i, next) |
+        def.definesAt(_, bb, i, _) and
+        def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition()
         or
         nodeFrom = TCilExprNode(bb.getNode(i).(CIL::ReadAccess))
       )
@@ -417,30 +417,33 @@ module LocalFlow {
      * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving
      * CIL SSA definition `def`.
      */
-    private predicate localCilSsaFlowStep(CilSsa::Definition def, Node nodeFrom, Node nodeTo) {
+    private predicate localCilSsaFlowStep(CilSsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo) {
       // Flow into SSA definition
       exists(CIL::VariableUpdate vu |
-        vu = def.getVariableUpdate() and
+        vu = def.(CilSsa::Definition).getVariableUpdate() and
         vu.getSource() = asCilDataFlowNode(nodeFrom) and
-        def = nodeTo.(CilSsaDefinitionNode).getDefinition()
+        def = nodeTo.(CilSsaDefinitionExtNode).getDefinition()
       )
       or
       // Flow from SSA definition to first read
-      def = nodeFrom.(CilSsaDefinitionNode).getDefinition() and
-      nodeTo = TCilExprNode(CilSsaImpl::getAFirstRead(def))
+      def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition() and
+      nodeTo = TCilExprNode(CilSsaImpl::getAFirstReadExt(def))
       or
       // Flow from read to next read
       exists(CIL::ReadAccess readFrom, CIL::ReadAccess readTo |
-        CilSsaImpl::hasAdjacentReads(def, readFrom, readTo) and
+        CilSsaImpl::hasAdjacentReadsExt(def, readFrom, readTo) and
         nodeTo = TCilExprNode(readTo) and
         nodeFrom = TCilExprNode(readFrom)
       )
       or
-      // Flow into phi node
-      exists(CilSsa::PhiNode phi |
+      // Flow into phi (read) node
+      exists(CilSsaImpl::DefinitionExt phi |
         localFlowCilSsaInput(nodeFrom, def, phi) and
-        phi = nodeTo.(CilSsaDefinitionNode).getDefinition() and
-        def = CilSsaImpl::getAPhiInput(phi)
+        phi = nodeTo.(CilSsaDefinitionExtNode).getDefinition()
+      |
+        phi instanceof CilSsa::PhiNode
+        or
+        phi instanceof CilSsaImpl::PhiReadNode
       )
     }
 
@@ -466,7 +469,7 @@ module LocalFlow {
   }
 
   predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) {
-    exists(Ssa::Definition def |
+    exists(SsaImpl::DefinitionExt def |
       localSsaFlowStep(def, nodeFrom, nodeTo) and
       not usesInstanceField(def)
     )
@@ -528,26 +531,20 @@ module LocalFlow {
 predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
   LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)
   or
-  exists(Ssa::Definition def |
+  exists(SsaImpl::DefinitionExt def |
     LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and
     not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) and
     not LocalFlow::usesInstanceField(def)
   )
   or
-  // Flow into phi/uncertain SSA definition node from read
-  exists(Ssa::Definition def, ControlFlow::Node read, Ssa::Definition next |
-    LocalFlow::localFlowSsaInputFromExpr(read, def, next) and
-    next = nodeTo.(SsaDefinitionNode).getDefinition() and
-    def =
-      [
-        next.(Ssa::PhiNode).getAnInput(),
-        next.(LocalFlow::UncertainExplicitSsaDefinition).getPriorDefinition()
-      ]
+  // Flow into phi (read)/uncertain SSA definition node from read
+  exists(SsaImpl::DefinitionExt def, Node read |
+    LocalFlow::localFlowSsaInputFromRead(read, def, nodeTo)
   |
-    exists(nodeFrom.asExprAtNode(read)) and
+    nodeFrom = read and
     not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _)
     or
-    exists(nodeFrom.(PostUpdateNode).getPreUpdateNode().asExprAtNode(read))
+    nodeFrom.(PostUpdateNode).getPreUpdateNode() = read
   )
   or
   LocalFlow::localFlowCapturedVarStep(nodeFrom, nodeTo)
@@ -813,8 +810,8 @@ private module Cached {
       cfn.getElement() instanceof Expr
     } or
     TCilExprNode(CIL::Expr e) { e.getImplementation() instanceof CIL::BestImplementation } or
-    TCilSsaDefinitionNode(CilSsa::Definition def) or
-    TSsaDefinitionNode(Ssa::Definition def) {
+    TCilSsaDefinitionExtNode(CilSsaImpl::DefinitionExt def) or
+    TSsaDefinitionExtNode(SsaImpl::DefinitionExt def) {
       // Handled by `TExplicitParameterNode` below
       not def.(Ssa::ExplicitDefinition).getADefinition() instanceof
         AssignableDefinitions::ImplicitParameterDefinition
@@ -880,24 +877,18 @@ private module Cached {
     or
     LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo)
     or
-    exists(Ssa::Definition def |
+    exists(SsaImpl::DefinitionExt def |
       LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) and
       LocalFlow::usesInstanceField(def)
     )
     or
-    // Flow into phi/uncertain SSA definition node from read
-    exists(Ssa::Definition def, ControlFlow::Node read, Ssa::Definition next |
-      LocalFlow::localFlowSsaInputFromExpr(read, def, next) and
-      next = nodeTo.(SsaDefinitionNode).getDefinition() and
-      def =
-        [
-          next.(Ssa::PhiNode).getAnInput(),
-          next.(LocalFlow::UncertainExplicitSsaDefinition).getPriorDefinition()
-        ]
+    // Flow into phi (read)/uncertain SSA definition node from read
+    exists(SsaImpl::DefinitionExt def, Node read |
+      LocalFlow::localFlowSsaInputFromRead(read, def, nodeTo)
     |
-      exists(nodeFrom.asExprAtNode(read))
+      nodeFrom = read
       or
-      exists(nodeFrom.(PostUpdateNode).getPreUpdateNode().asExprAtNode(read))
+      nodeFrom.(PostUpdateNode).getPreUpdateNode() = read
     )
     or
     // Simple flow through library code is included in the exposed local
@@ -913,6 +904,13 @@ private module Cached {
     TElementContent() or
     TSyntheticFieldContent(SyntheticField f)
 
+  cached
+  newtype TContentApprox =
+    TFieldApproxContent(string firstChar) { firstChar = approximateFieldContent(_) } or
+    TPropertyApproxContent(string firstChar) { firstChar = approximatePropertyContent(_) } or
+    TElementApproxContent() or
+    TSyntheticFieldApproxContent()
+
   pragma[nomagic]
   private predicate commonSubTypeGeneral(DataFlowTypeOrUnifiable t1, RelevantDataFlowType t2) {
     not t1 instanceof Gvn::TypeParameterGvnType and
@@ -945,9 +943,11 @@ import Cached
 
 /** Holds if `n` should be hidden from path explanations. */
 predicate nodeIsHidden(Node n) {
-  exists(Ssa::Definition def | def = n.(SsaDefinitionNode).getDefinition() |
+  exists(SsaImpl::DefinitionExt def | def = n.(SsaDefinitionExtNode).getDefinitionExt() |
     def instanceof Ssa::PhiNode
     or
+    def instanceof SsaImpl::PhiReadNode
+    or
     def instanceof Ssa::ImplicitEntryDefinition
     or
     def instanceof Ssa::ImplicitCallDefinition
@@ -978,13 +978,13 @@ predicate nodeIsHidden(Node n) {
 }
 
 /** A CIL SSA definition, viewed as a node in a data flow graph. */
-class CilSsaDefinitionNode extends NodeImpl, TCilSsaDefinitionNode {
-  CilSsa::Definition def;
+class CilSsaDefinitionExtNode extends NodeImpl, TCilSsaDefinitionExtNode {
+  CilSsaImpl::DefinitionExt def;
 
-  CilSsaDefinitionNode() { this = TCilSsaDefinitionNode(def) }
+  CilSsaDefinitionExtNode() { this = TCilSsaDefinitionExtNode(def) }
 
   /** Gets the underlying SSA definition. */
-  CilSsa::Definition getDefinition() { result = def }
+  CilSsaImpl::DefinitionExt getDefinition() { result = def }
 
   override DataFlowCallable getEnclosingCallableImpl() {
     result.asCallable() = def.getBasicBlock().getFirstNode().getImplementation().getMethod()
@@ -1000,13 +1000,13 @@ class CilSsaDefinitionNode extends NodeImpl, TCilSsaDefinitionNode {
 }
 
 /** An SSA definition, viewed as a node in a data flow graph. */
-class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode {
-  Ssa::Definition def;
+class SsaDefinitionExtNode extends NodeImpl, TSsaDefinitionExtNode {
+  SsaImpl::DefinitionExt def;
 
-  SsaDefinitionNode() { this = TSsaDefinitionNode(def) }
+  SsaDefinitionExtNode() { this = TSsaDefinitionExtNode(def) }
 
   /** Gets the underlying SSA definition. */
-  Ssa::Definition getDefinition() { result = def }
+  SsaImpl::DefinitionExt getDefinitionExt() { result = def }
 
   override DataFlowCallable getEnclosingCallableImpl() {
     result.asCallable() = def.getEnclosingCallable()
@@ -1014,7 +1014,9 @@ class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode {
 
   override Type getTypeImpl() { result = def.getSourceVariable().getType() }
 
-  override ControlFlow::Node getControlFlowNodeImpl() { result = def.getControlFlowNode() }
+  override ControlFlow::Node getControlFlowNodeImpl() {
+    result = def.(Ssa::Definition).getControlFlowNode()
+  }
 
   override Location getLocationImpl() { result = def.getLocation() }
 
@@ -1108,13 +1110,11 @@ private module ParameterNodes {
    * }                      }
    * ```
    */
-  class ImplicitCapturedParameterNode extends ParameterNodeImpl, SsaDefinitionNode {
-    override SsaCapturedEntryDefinition def;
-
-    ImplicitCapturedParameterNode() { def = this.getDefinition() }
+  class ImplicitCapturedParameterNode extends ParameterNodeImpl, SsaDefinitionExtNode {
+    ImplicitCapturedParameterNode() { def instanceof SsaCapturedEntryDefinition }
 
     /** Gets the captured variable that this implicit parameter models. */
-    LocalScopeVariable getVariable() { result = def.getVariable() }
+    LocalScopeVariable getVariable() { result = def.(SsaCapturedEntryDefinition).getVariable() }
 
     override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
       pos.isImplicitCapturedParameterPosition(def.getSourceVariable().getAssignable()) and
@@ -1349,12 +1349,12 @@ private module ReturnNodes {
    * A data-flow node that represents an assignment to an `out` or a `ref`
    * parameter.
    */
-  class OutRefReturnNode extends ReturnNode, SsaDefinitionNode {
+  class OutRefReturnNode extends ReturnNode, SsaDefinitionExtNode {
     OutRefReturnKind kind;
 
     OutRefReturnNode() {
       exists(Parameter p |
-        this.getDefinition().isLiveOutRefParameterDefinition(p) and
+        this.getDefinitionExt().(Ssa::Definition).isLiveOutRefParameterDefinition(p) and
         kind.getPosition() = p.getPosition()
       |
         p.isOut() and kind instanceof OutReturnKind
@@ -1438,11 +1438,11 @@ private module ReturnNodes {
    * }                       }
    * ```
    */
-  class ImplicitCapturedReturnNode extends ReturnNode, SsaDefinitionNode {
+  class ImplicitCapturedReturnNode extends ReturnNode, SsaDefinitionExtNode {
     private Ssa::ExplicitDefinition edef;
 
     ImplicitCapturedReturnNode() {
-      edef = this.getDefinition() and
+      edef = this.getDefinitionExt() and
       edef.isCapturedVariableDefinitionFlowOut(_, _)
     }
 
@@ -1450,8 +1450,8 @@ private module ReturnNodes {
      * Holds if the value at this node may flow out to the implicit call definition
      * at `node`, using one or more calls.
      */
-    predicate flowsOutTo(SsaDefinitionNode node, boolean additionalCalls) {
-      edef.isCapturedVariableDefinitionFlowOut(node.getDefinition(), additionalCalls)
+    predicate flowsOutTo(SsaDefinitionExtNode node, boolean additionalCalls) {
+      edef.isCapturedVariableDefinitionFlowOut(node.getDefinitionExt(), additionalCalls)
     }
 
     override ImplicitCapturedReturnKind getKind() {
@@ -1558,13 +1558,13 @@ private module OutNodes {
    * A data-flow node that reads a value returned implicitly by a callable
    * using a captured variable.
    */
-  class CapturedOutNode extends OutNode, SsaDefinitionNode {
+  class CapturedOutNode extends OutNode, SsaDefinitionExtNode {
     private DataFlowCall call;
 
     CapturedOutNode() {
       exists(ImplicitCapturedReturnNode n, boolean additionalCalls, ControlFlow::Node cfn |
         n.flowsOutTo(this, additionalCalls) and
-        cfn = this.getDefinition().getControlFlowNode()
+        cfn = this.getDefinitionExt().(Ssa::Definition).getControlFlowNode()
       |
         additionalCalls = false and call = csharpCall(_, cfn)
         or
@@ -1576,7 +1576,7 @@ private module OutNodes {
     override DataFlowCall getCall(ReturnKind kind) {
       result = call and
       kind.(ImplicitCapturedReturnKind).getVariable() =
-        this.getDefinition().getSourceVariable().getAssignable()
+        this.getDefinitionExt().getSourceVariable().getAssignable()
     }
   }
 
@@ -1857,7 +1857,7 @@ predicate readStep(Node node1, Content c, Node node2) {
     exists(ForeachStmt fs, Ssa::ExplicitDefinition def |
       x.hasDefPath(fs.getIterableExpr(), node1.getControlFlowNode(), def.getADefinition(),
         def.getControlFlowNode()) and
-      node2.(SsaDefinitionNode).getDefinition() = def and
+      node2.(SsaDefinitionExtNode).getDefinitionExt() = def and
       c instanceof ElementContent
     )
     or
@@ -1880,7 +1880,7 @@ predicate readStep(Node node1, Content c, Node node2) {
       or
       // item = variable in node1 = (..., variable, ...)
       exists(AssignableDefinitions::TupleAssignmentDefinition tad, Ssa::ExplicitDefinition def |
-        node2.(SsaDefinitionNode).getDefinition() = def and
+        node2.(SsaDefinitionExtNode).getDefinitionExt() = def and
         def.getADefinition() = tad and
         tad.getLeaf() = item and
         hasNodePath(x, node1, node2)
@@ -1889,7 +1889,7 @@ predicate readStep(Node node1, Content c, Node node2) {
       // item = variable in node1 = (..., variable, ...) in a case/is var (..., ...)
       te = any(PatternExpr pe).getAChildExpr*() and
       exists(AssignableDefinitions::LocalVariableDefinition lvd, Ssa::ExplicitDefinition def |
-        node2.(SsaDefinitionNode).getDefinition() = def and
+        node2.(SsaDefinitionExtNode).getDefinitionExt() = def and
         def.getADefinition() = lvd and
         lvd.getDeclaration() = item and
         hasNodePath(x, node1, node2)
@@ -2223,7 +2223,7 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
 
 /** Extra data-flow steps needed for lambda flow analysis. */
 predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) {
-  exists(Ssa::Definition def |
+  exists(SsaImpl::DefinitionExt def |
     LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) and
     LocalFlow::usesInstanceField(def) and
     preservesValue = true
@@ -2253,6 +2253,46 @@ predicate allowParameterReturnInSelf(ParameterNode p) {
   FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
 }
 
+/** An approximated `Content`. */
+class ContentApprox extends TContentApprox {
+  /** Gets a textual representation of this approximated `Content`. */
+  string toString() {
+    exists(string firstChar |
+      this = TFieldApproxContent(firstChar) and result = "approximated field " + firstChar
+    )
+    or
+    exists(string firstChar |
+      this = TPropertyApproxContent(firstChar) and result = "approximated property " + firstChar
+    )
+    or
+    this = TElementApproxContent() and result = "element"
+    or
+    this = TSyntheticFieldApproxContent() and result = "approximated synthetic field"
+  }
+}
+
+/** Gets a string for approximating the name of a field. */
+private string approximateFieldContent(FieldContent fc) {
+  result = fc.getField().getName().prefix(1)
+}
+
+/** Gets a string for approximating the name of a property. */
+private string approximatePropertyContent(PropertyContent pc) {
+  result = pc.getProperty().getName().prefix(1)
+}
+
+/** Gets an approximated value for content `c`. */
+pragma[nomagic]
+ContentApprox getContentApprox(Content c) {
+  result = TFieldApproxContent(approximateFieldContent(c))
+  or
+  result = TPropertyApproxContent(approximatePropertyContent(c))
+  or
+  c instanceof ElementContent and result = TElementApproxContent()
+  or
+  c instanceof SyntheticFieldContent and result = TSyntheticFieldApproxContent()
+}
+
 /**
  * A module importing the modules that provide synthetic field declarations,
  * ensuring that they are visible to the taint tracking / data flow library.
@@ -2328,8 +2368,8 @@ module Csv {
     )
   }
 
-  /** Computes the first 4 columns for negative CSV rows of `c`. */
-  string asPartialNegativeModel(DotNet::Callable c) {
+  /** Computes the first 4 columns for neutral CSV rows of `c`. */
+  string asPartialNeutralModel(DotNet::Callable c) {
     exists(string namespace, string type, string name, string parameters |
       partialModel(c, namespace, type, name, parameters) and
       result =
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
index f6520147e19..b22712087f2 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
@@ -119,10 +119,10 @@ class ParameterNode extends Node instanceof ParameterNodeImpl {
 }
 
 /** A definition, viewed as a node in a data flow graph. */
-class AssignableDefinitionNode extends Node, TSsaDefinitionNode {
+class AssignableDefinitionNode extends Node, TSsaDefinitionExtNode {
   private Ssa::ExplicitDefinition edef;
 
-  AssignableDefinitionNode() { this = TSsaDefinitionNode(edef) }
+  AssignableDefinitionNode() { this = TSsaDefinitionExtNode(edef) }
 
   /** Gets the underlying definition. */
   AssignableDefinition getDefinition() { result = this.getDefinitionAtNode(_) }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
index 4d41254e5e9..b61142c33a7 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
@@ -241,19 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if the summary is auto generated.
+     * Holds if the summary is auto generated and not manually generated.
      */
     predicate isAutoGenerated() { none() }
-  }
-
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -520,7 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -1011,6 +1018,10 @@ module Private {
       }
 
       override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -1160,9 +1171,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1179,13 +1190,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1204,14 +1215,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
index 93cd70f63c2..44baca91929 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -121,12 +121,12 @@ predicate summaryElement(Callable c, string input, string output, string kind, b
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the neutral model is autogenerated.
  */
-predicate negativeSummaryElement(Callable c, boolean generated) {
+predicate neutralElement(Callable c, boolean generated) {
   exists(string namespace, string type, string name, string signature, string provenance |
-    negativeSummaryModel(namespace, type, name, signature, provenance) and
+    neutralModel(namespace, type, name, signature, provenance) and
     generated = isGenerated(provenance) and
     c = interpretElement(namespace, type, false, name, signature, "")
   )
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
index adfacd2970a..80d3dbd28ab 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
@@ -49,7 +49,23 @@ private module SsaInput implements SsaImplCommon::InputSig {
   }
 }
 
-import SsaImplCommon::Make<SsaInput>
+private import SsaImplCommon::Make<SsaInput> as Impl
+
+class Definition = Impl::Definition;
+
+class WriteDefinition = Impl::WriteDefinition;
+
+class UncertainWriteDefinition = Impl::UncertainWriteDefinition;
+
+class PhiNode = Impl::PhiNode;
+
+module Consistency = Impl::Consistency;
+
+module ExposedForTestingOnly {
+  predicate ssaDefReachesReadExt = Impl::ssaDefReachesReadExt/4;
+
+  predicate phiHasInputFromBlockExt = Impl::phiHasInputFromBlockExt/3;
+}
 
 /**
  * Holds if the `i`th node of basic block `bb` reads source variable `v`.
@@ -1072,23 +1088,43 @@ private predicate adjacentDefRead(
   Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2,
   SsaInput::SourceVariable v
 ) {
-  adjacentDefRead(def, bb1, i1, bb2, i2) and
+  Impl::adjacentDefRead(def, bb1, i1, bb2, i2) and
   v = def.getSourceVariable()
 }
 
 private predicate adjacentDefReachesRead(
-  Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+  Definition def, SsaInput::SourceVariable v, SsaInput::BasicBlock bb1, int i1,
+  SsaInput::BasicBlock bb2, int i2
 ) {
-  exists(SsaInput::SourceVariable v | adjacentDefRead(def, bb1, i1, bb2, i2, v) |
+  adjacentDefRead(def, bb1, i1, bb2, i2, v) and
+  (
     def.definesAt(v, bb1, i1)
     or
     SsaInput::variableRead(bb1, i1, v, true)
   )
   or
   exists(SsaInput::BasicBlock bb3, int i3 |
-    adjacentDefReachesRead(def, bb1, i1, bb3, i3) and
+    adjacentDefReachesRead(def, v, bb1, i1, bb3, i3) and
     SsaInput::variableRead(bb3, i3, _, false) and
-    adjacentDefRead(def, bb3, i3, bb2, i2)
+    Impl::adjacentDefRead(def, bb3, i3, bb2, i2)
+  )
+}
+
+private predicate adjacentDefReachesReadExt(
+  DefinitionExt def, SsaInput::SourceVariable v, SsaInput::BasicBlock bb1, int i1,
+  SsaInput::BasicBlock bb2, int i2
+) {
+  Impl::adjacentDefReadExt(def, v, bb1, i1, bb2, i2) and
+  (
+    def.definesAt(v, bb1, i1, _)
+    or
+    SsaInput::variableRead(bb1, i1, v, true)
+  )
+  or
+  exists(SsaInput::BasicBlock bb3, int i3 |
+    adjacentDefReachesReadExt(def, v, bb1, i1, bb3, i3) and
+    SsaInput::variableRead(bb3, i3, v, false) and
+    Impl::adjacentDefReadExt(def, v, bb3, i3, bb2, i2)
   )
 }
 
@@ -1097,25 +1133,49 @@ pragma[nomagic]
 private predicate adjacentDefSkipUncertainReads(
   Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
 ) {
-  adjacentDefReachesRead(def, bb1, i1, bb2, i2) and
-  SsaInput::variableRead(bb2, i2, _, true)
+  exists(SsaInput::SourceVariable v |
+    adjacentDefReachesRead(def, v, bb1, i1, bb2, i2) and
+    SsaInput::variableRead(bb2, i2, v, true)
+  )
+}
+
+/** Same as `adjacentDefReadExt`, but skips uncertain reads. */
+pragma[nomagic]
+private predicate adjacentDefSkipUncertainReadsExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+) {
+  exists(SsaInput::SourceVariable v |
+    adjacentDefReachesReadExt(def, v, bb1, i1, bb2, i2) and
+    SsaInput::variableRead(bb2, i2, v, true)
+  )
 }
 
 private predicate adjacentDefReachesUncertainRead(
   Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
 ) {
-  adjacentDefReachesRead(def, bb1, i1, bb2, i2) and
-  SsaInput::variableRead(bb2, i2, _, false)
+  exists(SsaInput::SourceVariable v |
+    adjacentDefReachesRead(def, v, bb1, i1, bb2, i2) and
+    SsaInput::variableRead(bb2, i2, v, false)
+  )
+}
+
+private predicate adjacentDefReachesUncertainReadExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+) {
+  exists(SsaInput::SourceVariable v |
+    adjacentDefReachesReadExt(def, v, bb1, i1, bb2, i2) and
+    SsaInput::variableRead(bb2, i2, v, false)
+  )
 }
 
 /** Same as `lastRefRedef`, but skips uncertain reads. */
 pragma[nomagic]
 private predicate lastRefSkipUncertainReads(Definition def, SsaInput::BasicBlock bb, int i) {
-  lastRef(def, bb, i) and
+  Impl::lastRef(def, bb, i) and
   not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
   or
   exists(SsaInput::BasicBlock bb0, int i0 |
-    lastRef(def, bb0, i0) and
+    Impl::lastRef(def, bb0, i0) and
     adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
   )
 }
@@ -1237,7 +1297,7 @@ private module Cached {
       v = def.getSourceVariable() and
       capturedReadIn(_, _, v, edef.getSourceVariable(), c, additionalCalls) and
       def = def0.getAnUltimateDefinition() and
-      ssaDefReachesRead(_, def0, bb, i) and
+      Impl::ssaDefReachesRead(_, def0, bb, i) and
       capturedReadIn(bb, i, v, _, _, _) and
       c = bb.getNode(i)
     )
@@ -1264,18 +1324,18 @@ private module Cached {
 
   cached
   predicate isLiveAtEndOfBlock(Definition def, ControlFlow::BasicBlock bb) {
-    ssaDefReachesEndOfBlock(bb, def, _)
+    Impl::ssaDefReachesEndOfBlock(bb, def, _)
   }
 
   cached
-  Definition phiHasInputFromBlock(PhiNode phi, ControlFlow::BasicBlock bb) {
-    phiHasInputFromBlock(phi, result, bb)
+  Definition phiHasInputFromBlock(Ssa::PhiNode phi, ControlFlow::BasicBlock bb) {
+    Impl::phiHasInputFromBlock(phi, result, bb)
   }
 
   cached
   AssignableRead getAReadAtNode(Definition def, ControlFlow::Node cfn) {
     exists(Ssa::SourceVariable v, ControlFlow::BasicBlock bb, int i |
-      ssaDefReachesRead(v, def, bb, i) and
+      Impl::ssaDefReachesRead(v, def, bb, i) and
       variableReadActual(bb, i, v) and
       cfn = bb.getNode(i) and
       result.getAControlFlowNode() = cfn
@@ -1295,6 +1355,19 @@ private module Cached {
     )
   }
 
+  /**
+   * Holds if the value defined at SSA definition `def` can reach a read at `cfn`,
+   * without passing through any other read.
+   */
+  cached
+  predicate firstReadSameVarExt(DefinitionExt def, ControlFlow::Node cfn) {
+    exists(ControlFlow::BasicBlock bb1, int i1, ControlFlow::BasicBlock bb2, int i2 |
+      def.definesAt(_, bb1, i1, _) and
+      adjacentDefSkipUncertainReadsExt(def, bb1, i1, bb2, i2) and
+      cfn = bb2.getNode(i2)
+    )
+  }
+
   /**
    * Holds if the read at `cfn2` is a read of the same SSA definition `def`
    * as the read at `cfn1`, and `cfn2` can be reached from `cfn1` without
@@ -1310,18 +1383,49 @@ private module Cached {
     )
   }
 
-  /** Same as `lastRefRedef`, but skips uncertain reads. */
+  /**
+   * Holds if the read at `cfn2` is a read of the same SSA definition `def`
+   * as the read at `cfn1`, and `cfn2` can be reached from `cfn1` without
+   * passing through another read.
+   */
+  cached
+  predicate adjacentReadPairSameVarExt(
+    DefinitionExt def, ControlFlow::Node cfn1, ControlFlow::Node cfn2
+  ) {
+    exists(ControlFlow::BasicBlock bb1, int i1, ControlFlow::BasicBlock bb2, int i2 |
+      cfn1 = bb1.getNode(i1) and
+      variableReadActual(bb1, i1, _) and
+      adjacentDefSkipUncertainReadsExt(def, bb1, i1, bb2, i2) and
+      cfn2 = bb2.getNode(i2)
+    )
+  }
+
   cached
   predicate lastRefBeforeRedef(Definition def, ControlFlow::BasicBlock bb, int i, Definition next) {
-    lastRefRedef(def, bb, i, next) and
+    Impl::lastRefRedef(def, bb, i, next) and
     not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
     or
     exists(SsaInput::BasicBlock bb0, int i0 |
-      lastRefRedef(def, bb0, i0, next) and
+      Impl::lastRefRedef(def, bb0, i0, next) and
       adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
     )
   }
 
+  cached
+  predicate lastRefBeforeRedefExt(
+    DefinitionExt def, ControlFlow::BasicBlock bb, int i, DefinitionExt next
+  ) {
+    exists(SsaInput::SourceVariable v |
+      Impl::lastRefRedefExt(def, v, bb, i, next) and
+      not SsaInput::variableRead(bb, i, v, false)
+    )
+    or
+    exists(SsaInput::BasicBlock bb0, int i0 |
+      Impl::lastRefRedefExt(def, _, bb0, i0, next) and
+      adjacentDefReachesUncertainReadExt(def, bb, i, bb0, i0)
+    )
+  }
+
   cached
   predicate lastReadSameVar(Definition def, ControlFlow::Node cfn) {
     exists(ControlFlow::BasicBlock bb, int i |
@@ -1333,7 +1437,7 @@ private module Cached {
 
   cached
   Definition uncertainWriteDefinitionInput(UncertainWriteDefinition def) {
-    uncertainWriteDefinitionInput(def, result)
+    Impl::uncertainWriteDefinitionInput(def, result)
   }
 
   cached
@@ -1343,10 +1447,64 @@ private module Cached {
       v = def.getSourceVariable() and
       p = v.getAssignable() and
       def = def0.getAnUltimateDefinition() and
-      ssaDefReachesRead(_, def0, bb, i) and
+      Impl::ssaDefReachesRead(_, def0, bb, i) and
       outRefExitRead(bb, i, v)
     )
   }
 }
 
 import Cached
+
+private string getSplitString(DefinitionExt def) {
+  exists(ControlFlow::BasicBlock bb, int i, ControlFlow::Node cfn |
+    def.definesAt(_, bb, i, _) and
+    result = cfn.(ControlFlow::Nodes::ElementNode).getSplitsString()
+  |
+    cfn = bb.getNode(i)
+    or
+    not exists(bb.getNode(i)) and
+    cfn = bb.getFirstNode()
+  )
+}
+
+string getToStringPrefix(DefinitionExt def) {
+  result = "[" + getSplitString(def) + "] "
+  or
+  not exists(getSplitString(def)) and
+  result = ""
+}
+
+/**
+ * An extended static single assignment (SSA) definition.
+ *
+ * This is either a normal SSA definition (`Definition`) or a
+ * phi-read node (`PhiReadNode`).
+ *
+ * Only intended for internal use.
+ */
+class DefinitionExt extends Impl::DefinitionExt {
+  override string toString() { result = this.(Ssa::Definition).toString() }
+
+  /** Gets the location of this definition. */
+  Location getLocation() { result = this.(Ssa::Definition).getLocation() }
+
+  /** Gets the enclosing callable of this definition. */
+  Callable getEnclosingCallable() { result = this.(Ssa::Definition).getEnclosingCallable() }
+}
+
+/**
+ * A phi-read node.
+ *
+ * Only intended for internal use.
+ */
+class PhiReadNode extends DefinitionExt, Impl::PhiReadNode {
+  override string toString() {
+    result = getToStringPrefix(this) + "SSA phi read(" + this.getSourceVariable() + ")"
+  }
+
+  override Location getLocation() { result = this.getBasicBlock().getLocation() }
+
+  override Callable getEnclosingCallable() {
+    result = this.getSourceVariable().getEnclosingCallable()
+  }
+}
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ConstantUtils.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ConstantUtils.qll
index c067e29d320..e3f5deb9898 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ConstantUtils.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ConstantUtils.qll
@@ -13,7 +13,7 @@ private class ExprNode = ControlFlow::Nodes::ExprNode;
  * Holds if `pa` is an access to the `Length` property of an array.
  */
 predicate systemArrayLengthAccess(PropertyAccess pa) {
-  propertyOverrides(pa.getTarget(), "System.Array", "Length")
+  propertyOverrides(pa.getTarget(), "System", "Array", "Length")
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll
index 067a9b94f45..ce7637ccd92 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll
@@ -150,9 +150,9 @@ private module Impl {
   /**
    * Holds if property `p` matches `property` in `baseClass` or any overrides.
    */
-  predicate propertyOverrides(Property p, string baseClass, string property) {
+  predicate propertyOverrides(Property p, string namespace, string baseClass, string property) {
     exists(Property p2 |
-      p2.getUnboundDeclaration().getDeclaringType().hasQualifiedName(baseClass) and
+      p2.getUnboundDeclaration().getDeclaringType().hasQualifiedName(namespace, baseClass) and
       p2.hasName(property)
     |
       p.overridesOrImplementsOrEquals(p2)
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
index 04d0816a683..9102bf29131 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -83,10 +83,10 @@ private module Impl {
    */
   predicate containerSizeAccess(ExprNode e) {
     exists(Property p | p = e.getExpr().(PropertyAccess).getTarget() |
-      propertyOverrides(p, "System.Collections.Generic.IEnumerable<>", "Count") or
-      propertyOverrides(p, "System.Collections.ICollection", "Count") or
-      propertyOverrides(p, "System.String", "Length") or
-      propertyOverrides(p, "System.Array", "Length")
+      propertyOverrides(p, "System.Collections.Generic", "IEnumerable<>", "Count") or
+      propertyOverrides(p, "System.Collections", "ICollection", "Count") or
+      propertyOverrides(p, "System", "String", "Length") or
+      propertyOverrides(p, "System", "Array", "Length")
     )
     or
     e.getExpr() instanceof CountCall
diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
index 03a24b37345..4251a7ae8b6 100644
--- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
+++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
@@ -321,6 +321,18 @@ private predicate hasChildPattern(ControlFlowElement pm, Expr child) {
     mid instanceof @tuple_expr and
     child = mid.getAChildExpr()
   )
+  or
+  exists(Expr mid |
+    hasChildPattern(pm, mid) and
+    mid instanceof @list_pattern_expr and
+    child = mid.getAChildExpr()
+  )
+  or
+  exists(Expr mid |
+    hasChildPattern(pm, mid) and
+    mid instanceof @slice_pattern_expr and
+    child = mid.getAChildExpr()
+  )
 }
 
 /**
@@ -506,6 +518,26 @@ class PositionalPatternExpr extends PatternExpr, @positional_pattern_expr {
   override string getAPrimaryQlClass() { result = "PositionalPatternExpr" }
 }
 
+/** A list pattern. For example `[1, 2, int y]` in `x is [1, 2, int y]`. */
+class ListPatternExpr extends PatternExpr, @list_pattern_expr {
+  override string toString() { result = "[ ... ]" }
+
+  /** Gets the `n`th pattern. */
+  PatternExpr getPattern(int n) { result = this.getChild(n) }
+
+  override string getAPrimaryQlClass() { result = "ListPatternExpr" }
+}
+
+/** A slice pattern. For example `..` in `x is [1, .., 2]. */
+class SlicePatternExpr extends PatternExpr, @slice_pattern_expr {
+  override string toString() { result = ".." }
+
+  /** Gets the subpattern, if any. */
+  PatternExpr getPattern() { result = this.getChild(0) }
+
+  override string getAPrimaryQlClass() { result = "SlicePatternExpr" }
+}
+
 /** A unary pattern. For example, `not 1`. */
 class UnaryPatternExpr extends PatternExpr, @unary_pattern_expr {
   /** Gets the underlying pattern. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Dapper.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Dapper.qll
index 3d25f4389fd..dcfb5f2260f 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/Dapper.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Dapper.qll
@@ -9,7 +9,7 @@ private import semmle.code.csharp.frameworks.system.Data
 module Dapper {
   /** The namespace `Dapper`. */
   class DapperNamespace extends Namespace {
-    DapperNamespace() { this.hasQualifiedName("Dapper") }
+    DapperNamespace() { this.getFullName() = "Dapper" }
   }
 
   /** A class in `Dapper`. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
index 4c4b4e7bd1d..1bd86b98ff2 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
@@ -9,7 +9,6 @@ private import semmle.code.csharp.frameworks.system.data.Entity
 private import semmle.code.csharp.frameworks.system.collections.Generic
 private import semmle.code.csharp.frameworks.Sql
 private import semmle.code.csharp.dataflow.FlowSummary
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 
 /**
@@ -21,7 +20,7 @@ module DataAnnotations {
   class NotMappedAttribute extends Attribute {
     NotMappedAttribute() {
       this.getType()
-          .hasQualifiedName("System.ComponentModel.DataAnnotations.Schema.NotMappedAttribute")
+          .hasQualifiedName("System.ComponentModel.DataAnnotations.Schema", "NotMappedAttribute")
     }
   }
 }
@@ -38,11 +37,7 @@ private predicate isNotMapped(Attributable a) {
 module EntityFramework {
   /** An EF6 or EFCore namespace. */
   class EFNamespace extends Namespace {
-    EFNamespace() {
-      this.getQualifiedName() = "Microsoft.EntityFrameworkCore"
-      or
-      this.getQualifiedName() = "System.Data.Entity"
-    }
+    EFNamespace() { this.getFullName() = ["Microsoft.EntityFrameworkCore", "System.Data.Entity"] }
   }
 
   /** A taint source where the data has come from a mapped property stored in the database. */
@@ -163,7 +158,7 @@ module EntityFramework {
 
   /** The struct `Microsoft.EntityFrameworkCore.RawSqlString`. */
   private class RawSqlStringStruct extends Struct {
-    RawSqlStringStruct() { this.getQualifiedName() = "Microsoft.EntityFrameworkCore.RawSqlString" }
+    RawSqlStringStruct() { this.hasQualifiedName("Microsoft.EntityFrameworkCore", "RawSqlString") }
 
     /** Gets a conversion operator from `string` to `RawSqlString`. */
     ConversionOperator getAConversionTo() {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll
index 373194ef366..7a7166baea1 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll
@@ -27,15 +27,15 @@ class FormatMethod extends Method {
         or
         (this.hasName("Write") or this.hasName("WriteLine")) and
         (
-          declType.hasQualifiedName("System.Console")
+          declType.hasQualifiedName("System", "Console")
           or
-          declType.hasQualifiedName("System.IO.TextWriter")
+          declType.hasQualifiedName("System.IO", "TextWriter")
           or
-          declType.hasQualifiedName("System.Diagnostics.Debug") and
+          declType.hasQualifiedName("System.Diagnostics", "Debug") and
           this.getParameter(1).getType() instanceof ArrayType
         )
         or
-        declType.hasQualifiedName("System.Diagnostics.Trace") and
+        declType.hasQualifiedName("System.Diagnostics", "Trace") and
         (
           this.hasName("TraceError") or
           this.hasName("TraceInformation") or
@@ -43,14 +43,14 @@ class FormatMethod extends Method {
         )
         or
         this.hasName("TraceInformation") and
-        declType.hasQualifiedName("System.Diagnostics.TraceSource")
+        declType.hasQualifiedName("System.Diagnostics", "TraceSource")
         or
         this.hasName("Print") and
-        declType.hasQualifiedName("System.Diagnostics.Debug")
+        declType.hasQualifiedName("System.Diagnostics", "Debug")
       )
       or
       this.hasName("Assert") and
-      declType.hasQualifiedName("System.Diagnostics.Debug") and
+      declType.hasQualifiedName("System.Diagnostics", "Debug") and
       this.getNumberOfParameters() = 4
     )
   }
@@ -65,7 +65,7 @@ class FormatMethod extends Method {
     else
       if
         this.hasName("Assert") and
-        this.getDeclaringType().hasQualifiedName("System.Diagnostics.Debug")
+        this.getDeclaringType().hasQualifiedName("System.Diagnostics", "Debug")
       then result = 2
       else result = 0
   }
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll
index 73a506bc555..69ae1ec292b 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll
@@ -3,13 +3,12 @@
  */
 
 import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** Definitions relating to the `Json.NET` package. */
 module JsonNET {
   /** The namespace `Newtonsoft.Json`. */
   class JsonNETNamespace extends Namespace {
-    JsonNETNamespace() { this.hasQualifiedName("Newtonsoft.Json") }
+    JsonNETNamespace() { this.getFullName() = "Newtonsoft.Json" }
   }
 
   /** A class in `Newtonsoft.Json`. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Moq.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Moq.qll
index e0705ac7d98..9ab9a026fd2 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/Moq.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Moq.qll
@@ -4,7 +4,7 @@ import csharp
 
 /** The `Moq.Language` Namespace. */
 class MoqLanguageNamespace extends Namespace {
-  MoqLanguageNamespace() { this.hasQualifiedName("Moq.Language") }
+  MoqLanguageNamespace() { this.getFullName() = "Moq.Language" }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
index c416d6f6849..a0b90cb9146 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
@@ -14,7 +14,7 @@ module NHibernate {
 
   /** The interface `NHibernamte.ISession`. */
   class ISessionInterface extends Interface {
-    ISessionInterface() { this.hasQualifiedName("NHibernate.ISession") }
+    ISessionInterface() { this.hasQualifiedName("NHibernate", "ISession") }
 
     /** Gets a parameter that uses a mapped object. */
     Parameter getAMappedObjectParameter() {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/ServiceStack.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/ServiceStack.qll
index ba3248fea95..27021573f38 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/ServiceStack.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/ServiceStack.qll
@@ -6,7 +6,6 @@
  */
 
 import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** A class representing a Service */
 private class ServiceClass extends Class {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
index 258b7b3f794..f50f601b45f 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
@@ -7,7 +7,6 @@ private import semmle.code.csharp.frameworks.EntityFramework
 private import semmle.code.csharp.frameworks.NHibernate
 private import semmle.code.csharp.frameworks.Dapper
 private import semmle.code.csharp.dataflow.DataFlow4
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** An expression containing a SQL command. */
 abstract class SqlExpr extends Expr {
@@ -35,13 +34,14 @@ class IDbCommandConstructionSqlExpr extends SqlExpr, ObjectCreation {
     exists(InstanceConstructor ic | ic = this.getTarget() |
       ic.getDeclaringType().getABaseType*() instanceof SystemDataIDbCommandInterface and
       ic.getParameter(0).getType() instanceof StringType and
-      not ic.getDeclaringType()
-          .hasQualifiedName([
-              // Known sealed classes:
-              "System.Data.SqlClient.SqlCommand", "System.Data.Odbc.OdbcCommand",
-              "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand",
-              "System.Data.SQLite.SQLiteCommand"
-            ])
+      not exists(Type t | t = ic.getDeclaringType() |
+        // Known sealed classes:
+        t.hasQualifiedName("System.Data.SqlClient", "SqlCommand") or
+        t.hasQualifiedName("System.Data.Odbc", "OdbcCommand") or
+        t.hasQualifiedName("System.Data.OleDb", "OleDbCommand") or
+        t.hasQualifiedName("System.Data.EntityClient", "EntityCommand") or
+        t.hasQualifiedName("System.Data.SQLite", "SQLiteCommand")
+      )
     )
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll
index bf291f90879..c3e7d51f0ae 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import system.Reflection
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System` namespace. */
 class SystemNamespace extends Namespace {
@@ -258,9 +257,7 @@ class SystemNullReferenceExceptionClass extends SystemClass {
 }
 
 /** The `System.Object` class. */
-class SystemObjectClass extends SystemClass {
-  SystemObjectClass() { this instanceof ObjectType }
-
+class SystemObjectClass extends SystemClass instanceof ObjectType {
   /** Gets the `Equals(object)` method. */
   Method getEqualsMethod() {
     result.getDeclaringType() = this and
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll
index d9624b60dcc..f4cfb19a354 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/AspNetCore.qll
@@ -217,7 +217,7 @@ class MicrosoftAspNetCoreMvcController extends Class {
           .getType()
           .getABaseType*()
           // ApiControllerAttribute is derived from ControllerAttribute
-          .hasQualifiedName("Microsoft.AspNetCore.Mvc.ControllerAttribute")
+          .hasQualifiedName("Microsoft.AspNetCore.Mvc", "ControllerAttribute")
     ) and
     not this.getABaseType*().getAnAttribute() instanceof
       MicrosoftAspNetCoreMvcNonControllerAttribute
@@ -288,7 +288,7 @@ class MicrosoftAspNetCoreHttpHttpResponse extends Class {
 /** An interface that is a wrapper around the collection of cookies in the response. */
 class MicrosoftAspNetCoreHttpResponseCookies extends Interface {
   MicrosoftAspNetCoreHttpResponseCookies() {
-    this.hasQualifiedName("Microsoft.AspNetCore.Http.IResponseCookies")
+    this.hasQualifiedName("Microsoft.AspNetCore.Http", "IResponseCookies")
   }
 
   /** Gets the `Append` method. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll
index 331e89b1bb8..9d9bf11f91c 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll
@@ -118,10 +118,10 @@ class MicrosoftOwinIOwinRequestClass extends Class {
     result.hasName("Scheme")
   }
 
-  /** Gets the `URI` property. */
+  /** Gets the `Uri` property. */
   Property getUriProperty() {
     result = this.getAProperty() and
-    result.hasName("URI")
+    result.hasName("Uri")
   }
 
   /** DEPRECATED: Alias for getUriProperty */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll
index b7edb8e18dc..400e9954866 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.CodeDome` namespace. */
 class SystemCodeDomNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll
index 227fe34e3ca..1a35b7a807d 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.dataflow.FlowSummary
 
 /** The `System.Collections` namespace. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll
index a95ae099295..f0e9fe29e96 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Data` namespace. */
 class SystemDataNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll
index 0b85d2ac24a..81a620c9e7c 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll
@@ -2,7 +2,6 @@
 
 import semmle.code.csharp.Type
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Diagnostics` namespace. */
 class SystemDiagnosticsNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
index 5ceb73d4b64..9756bf9c982 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.IO` namespace. */
 class SystemIONamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Linq.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Linq.qll
index 31b23334eaf..49076215471 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Linq.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Linq.qll
@@ -4,7 +4,6 @@
 
 private import csharp as CSharp
 private import semmle.code.csharp.frameworks.System as System
-private import semmle.code.csharp.dataflow.ExternalFlow as ExternalFlow
 
 /** Definitions relating to the `System.Linq` namespace. */
 module SystemLinq {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll
index 1fbc46dbc9c..7c0aee741db 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Net` namespace. */
 class SystemNetNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll
index f8501eb82e9..02325e19383 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll
@@ -1,7 +1,6 @@
 /** Provides classes related to the namespace `System.Security`. */
 
 import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.frameworks.System
 
 /** The `System.Security` namespace. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Text.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Text.qll
index c81b28e29fe..fb4c37489af 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Text.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Text.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.dataflow.FlowSummary
 
 /** The `System.Text` namespace. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll
index 6680e22b796..8552c028c89 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll
@@ -3,7 +3,6 @@
 import csharp
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.collections.Specialized
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Web` namespace. */
 class SystemWebNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll
index d6fd132ee6b..df6827660a0 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll
@@ -3,7 +3,6 @@
 import csharp
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.dataflow.DataFlow3
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Xml` namespace. */
 class SystemXmlNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll
index a7ab58da4f1..260fe6d0318 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.Collections
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Collections.Generic` namespace. */
 class SystemCollectionsGenericNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll
index 4ffb7b5aa0c..2ddac761c4b 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.Collections
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Collections.Specialized` namespace. */
 class SystemCollectionsSpecializedNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll
index 06a98d59f49..22c80fd4de6 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll
@@ -4,7 +4,6 @@
 
 private import csharp as CSharp
 private import semmle.code.csharp.frameworks.system.Data as Data
-private import semmle.code.csharp.dataflow.ExternalFlow as ExternalFlow
 
 /** Definitions relating to the `System.Data.Common` namespace. */
 module SystemDataCommon {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll
index d5c58f13128..b1b777b0f69 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.IO
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.IO.Compression` namespace. */
 class SystemIOCompressionNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Mail.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Mail.qll
index 104ea2424dd..631a09058a3 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Mail.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Mail.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.Net
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Net.Mail` namespace. */
 class SystemNetMailNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll
index e4426a81d14..9ae5ec90b24 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll
@@ -3,7 +3,6 @@
 import csharp
 private import semmle.code.csharp.frameworks.system.Runtime
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Runtime.CompilerServices` namespace. */
 class SystemRuntimeCompilerServicesNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll
index f922fb00669..40c07eef121 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/Cryptography.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.Security
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Security.Cryptography` namespace. */
 class SystemSecurityCryptographyNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/SymmetricAlgorithm.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/SymmetricAlgorithm.qll
index d0b9c2e5239..85d8f5c4200 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/SymmetricAlgorithm.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/SymmetricAlgorithm.qll
@@ -5,32 +5,33 @@
 import csharp
 
 /**
- * Holds if the object creation `oc` is the creation of the reference type with the specified `qualifiedName`, or a class derived from
- * the class with the specified `qualifiedName`.
+ * Holds if the object creation `oc` is the creation of the reference type with the specified `qualifier` and `type`, or a class derived from
+ * the class with the specified `qualifier` and `type`.
  */
-private predicate isCreatingObject(ObjectCreation oc, string qualifiedName) {
-  exists(RefType t | t = oc.getType() | t.getBaseClass*().hasQualifiedName(qualifiedName))
+private predicate isCreatingObject(ObjectCreation oc, string qualifier, string type) {
+  exists(RefType t | t = oc.getType() | t.getBaseClass*().hasQualifiedName(qualifier, type))
 }
 
 /**
- * Holds if the method call `mc` is returning the reference type with the specified `qualifiedName`.
+ * Holds if the method call `mc` is returning the reference type with the specified `qualifier` and `type`.
  * and the target of the method call is a library method.
  */
-private predicate isReturningObject(MethodCall mc, string qualifiedName) {
+private predicate isReturningObject(MethodCall mc, string qualifier, string type) {
   mc.getTarget().fromLibrary() and
-  exists(RefType t | t = mc.getType() | t.hasQualifiedName(qualifiedName))
+  exists(RefType t | t = mc.getType() | t.hasQualifiedName(qualifier, type))
 }
 
 /**
- * Holds if the method call `mc` is a call on the library method target with the specified `qualifiedName` and `methodName`, and an argument at
+ * Holds if the method call `mc` is a call on the library method target with the specified `namespace`, `type` and `methodName`, and an argument at
  * index `argumentIndex` has the specified value `argumentValue` (case-insensitive).
  */
 bindingset[argumentValue]
 private predicate isMethodCalledWithArg(
-  MethodCall mc, string qualifiedName, string methodName, int argumentIndex, string argumentValue
+  MethodCall mc, string namespace, string type, string methodName, int argumentIndex,
+  string argumentValue
 ) {
   mc.getTarget().fromLibrary() and
-  mc.getTarget().hasQualifiedName(qualifiedName, methodName) and
+  mc.getTarget().hasQualifiedName(namespace, type, methodName) and
   mc.getArgument(argumentIndex).getValue().toUpperCase() = argumentValue.toUpperCase()
 }
 
@@ -60,13 +61,14 @@ class SymmetricAlgorithm extends Class {
  * Note: not all of the class names are supported on all platforms.
  */
 predicate isCreatingDES(Expr e) {
-  isCreatingObject(e, "System.Security.Cryptography.DES") or
-  isReturningObject(e, "System.Security.Cryptography.DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0, "DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isCreatingObject(e, "System.Security.Cryptography", "DES") or
+  isReturningObject(e, "System.Security.Cryptography", "DES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0, "DES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0, "DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
+    "DES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.DES")
 }
 
@@ -75,21 +77,22 @@ predicate isCreatingDES(Expr e) {
  * Note: not all of the class names are supported on all platforms.
  */
 predicate isCreatingTripleDES(Expr e) {
-  isCreatingObject(e, "System.Security.Cryptography.TripleDES") or
-  isReturningObject(e, "System.Security.Cryptography.TripleDES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isCreatingObject(e, "System.Security.Cryptography", "TripleDES") or
+  isReturningObject(e, "System.Security.Cryptography", "TripleDES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "TripleDES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0, "3DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0, "3DES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "Triple DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.TripleDES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "TripleDES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0, "3DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
+    "3DES") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "Triple DES") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.TripleDES")
 }
 
@@ -98,13 +101,14 @@ predicate isCreatingTripleDES(Expr e) {
  * Note: not all of the class names are supported on all platforms.
  */
 predicate isCreatingRC2(Expr e) {
-  isCreatingObject(e, "System.Security.Cryptography.RC2") or
-  isReturningObject(e, "System.Security.Cryptography.RC2") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0, "RC2") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isCreatingObject(e, "System.Security.Cryptography", "RC2") or
+  isReturningObject(e, "System.Security.Cryptography", "RC2") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0, "RC2") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.RC2") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0, "RC2") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
+    "RC2") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.RC2")
 }
 
@@ -112,26 +116,26 @@ predicate isCreatingRC2(Expr e) {
  * Holds if the expression 'e' creates Rijndael symmetric algorithm.
  */
 predicate isCreatingRijndael(Expr e) {
-  isCreatingObject(e, "System.Security.Cryptography.Rijndael") or
-  isReturningObject(e, "System.Security.Cryptography.Rijndael") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isCreatingObject(e, "System.Security.Cryptography", "Rijndael") or
+  isReturningObject(e, "System.Security.Cryptography", "Rijndael") or
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "Rijndael") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "RijndaelManaged") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.Rijndael") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.RijndaelManaged") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.SymmetricAlgorithm", "Create", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "SymmetricAlgorithm", "Create", 0,
     "System.Security.Cryptography.SymmetricAlgorithm") or // this creates Rijndael
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "Rijndael") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.Rijndael") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "RijndaelManaged") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.RijndaelManaged") or
-  isMethodCalledWithArg(e, "System.Security.Cryptography.CryptoConfig", "CreateFromName", 0,
+  isMethodCalledWithArg(e, "System.Security.Cryptography", "CryptoConfig", "CreateFromName", 0,
     "System.Security.Cryptography.SymmetricAlgorithm") // this creates Rijndael
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/X509Certificates.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/X509Certificates.qll
index 0bd6461a6cd..54cc8d11864 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/X509Certificates.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/security/cryptography/X509Certificates.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.security.Cryptography
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Security.Cryptography.X509Certificates` namespace. */
 class SystemSecurityCryptographyX509CertificatesNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll
index 6319ef6e894..cba035d28d3 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll
@@ -4,7 +4,6 @@
 
 import default
 import semmle.code.csharp.frameworks.system.Text
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Text.RegularExpressions` namespace. */
 class SystemTextRegularExpressionsNamespace extends Namespace {
@@ -37,7 +36,7 @@ class SystemTextRegularExpressionsRegexClass extends SystemTextRegularExpression
  */
 class RegexGlobalTimeout extends MethodCall {
   RegexGlobalTimeout() {
-    this.getTarget().hasQualifiedName("System.AppDomain.SetData") and
+    this.getTarget().hasQualifiedName("System.AppDomain", "SetData") and
     this.getArgumentForName("name").getValue() = "REGEX_DEFAULT_MATCH_TIMEOUT"
   }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/threading/Tasks.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/threading/Tasks.qll
index 7c0f1d2a885..acfc4edddd7 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/threading/Tasks.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/threading/Tasks.qll
@@ -3,7 +3,6 @@
 import csharp
 private import semmle.code.csharp.frameworks.system.Threading
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Threading.Tasks` namespace. */
 class SystemThreadingTasksNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/web/ui/WebControls.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/web/ui/WebControls.qll
index 09d5e08d371..a059d5b3c7c 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/web/ui/WebControls.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/web/ui/WebControls.qll
@@ -2,7 +2,6 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.web.UI
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Web.UI.WebControls` namespace. */
 class SystemWebUIWebControlsNamespace extends Namespace {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/test/NUnit.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/test/NUnit.qll
index ee6c50b2c8e..a1563ec2d46 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/test/NUnit.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/test/NUnit.qll
@@ -2,6 +2,7 @@
 
 import csharp
 import semmle.code.csharp.frameworks.Test
+private import semmle.code.csharp.commons.QualifiedName
 
 /** A class that is an NUnit test fixture */
 class NUnitFixture extends TestClass {
@@ -38,7 +39,11 @@ class NUnitTestMethod extends TestMethod {
       expected.getTarget() = this
     |
       if expected.getArgument(0).getType() instanceof StringType
-      then result.hasQualifiedName(expected.getArgument(0).getValue())
+      then
+        exists(string qualifier, string type |
+          result.hasQualifiedName(qualifier, type) and
+          splitQualifiedName(expected.getArgument(0).getValue(), qualifier, type)
+        )
       else result = expected.getArgument(0).(TypeofExpr).getTypeAccess().getTarget()
     )
   }
@@ -56,11 +61,13 @@ class NUnitFile extends TestFile {
 
 /** An attribute of type `NUnit.Framework.ValueSourceAttribute`. */
 class ValueSourceAttribute extends Attribute {
-  ValueSourceAttribute() { this.getType().hasQualifiedName("NUnit.Framework.ValueSourceAttribute") }
+  ValueSourceAttribute() {
+    this.getType().hasQualifiedName("NUnit.Framework", "ValueSourceAttribute")
+  }
 
   /** Holds if the first argument is the target type. */
   private predicate typeSpecified() {
-    this.getArgument(0).getType().(Class).hasQualifiedName("System.Type") and
+    this.getArgument(0).getType().(Class).hasQualifiedName("System", "Type") and
     this.getArgument(1).getType() instanceof StringType
   }
 
@@ -88,12 +95,12 @@ class ValueSourceAttribute extends Attribute {
 /** An attribute of type `NUnit.Framework.TestCaseSourceAttribute`. */
 class TestCaseSourceAttribute extends Attribute {
   TestCaseSourceAttribute() {
-    this.getType().hasQualifiedName("NUnit.Framework.TestCaseSourceAttribute")
+    this.getType().hasQualifiedName("NUnit.Framework", "TestCaseSourceAttribute")
   }
 
   /** Holds if the first argument is the target type. */
   private predicate typeSpecified() {
-    this.getArgument(0).getType().(Class).hasQualifiedName("System.Type") and
+    this.getArgument(0).getType().(Class).hasQualifiedName("System", "Type") and
     this.getArgument(1).getType() instanceof StringType
   }
 
@@ -120,7 +127,7 @@ class TestCaseSourceAttribute extends Attribute {
 
 /** The `NUnit.Framework.Assert` class. */
 class NUnitAssertClass extends Class {
-  NUnitAssertClass() { this.hasQualifiedName("NUnit.Framework.Assert") }
+  NUnitAssertClass() { this.hasQualifiedName("NUnit.Framework", "Assert") }
 
   /** Gets a `Null(object, ...)` method. */
   Method getANullMethod() {
@@ -179,5 +186,5 @@ class NUnitAssertClass extends Class {
 
 /** The `NUnit.Framework.AssertionException` class. */
 class AssertionExceptionClass extends Class {
-  AssertionExceptionClass() { this.hasQualifiedName("NUnit.Framework.AssertionException") }
+  AssertionExceptionClass() { this.hasQualifiedName("NUnit.Framework", "AssertionException") }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/test/VisualStudio.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/test/VisualStudio.qll
index 16f05cd7834..787c8770827 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/test/VisualStudio.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/test/VisualStudio.qll
@@ -5,7 +5,7 @@ import semmle.code.csharp.frameworks.Test
 
 /** The `Microsoft.VisualStudio.TestTools.UnitTesting` namespace. */
 class VSTestNamespace extends Namespace {
-  VSTestNamespace() { this.hasQualifiedName("Microsoft.VisualStudio.TestTools.UnitTesting") }
+  VSTestNamespace() { this.getFullName() = "Microsoft.VisualStudio.TestTools.UnitTesting" }
 }
 
 /** A class that contains test methods. */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/test/XUnit.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/test/XUnit.qll
index 0d229ad53ce..4d694774b7c 100644
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/test/XUnit.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/test/XUnit.qll
@@ -5,7 +5,7 @@ import semmle.code.csharp.frameworks.Test
 
 /** The `Xunit` namespace. */
 class XUnitNamespace extends Namespace {
-  XUnitNamespace() { this.hasQualifiedName("Xunit") }
+  XUnitNamespace() { this.getFullName() = "Xunit" }
 }
 
 /** An xUnit test attribute. */
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
index 0f241d0c69b..0ea33ca7590 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
@@ -56,6 +56,4 @@ class ProtectSanitizer extends Sanitizer {
 /**
  * An external location sink.
  */
-class ExternalSink extends Sink {
-  ExternalSink() { this instanceof ExternalLocationSink }
-}
+class ExternalSink extends Sink instanceof ExternalLocationSink { }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
index 758fbf50b16..4061ab8651c 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
@@ -38,14 +38,10 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /** A source of local user input. */
-class LocalSource extends Source {
-  LocalSource() { this instanceof LocalFlowSource }
-}
+class LocalSource extends Source instanceof LocalFlowSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
index 506bf9599b7..82798a34743 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
@@ -36,9 +36,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A sink in `System.Diagnostic.Process` or its related classes.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
index ac856264b15..e41a868be48 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
@@ -43,9 +43,7 @@ class Configuration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /** The result of a reverse dns may be user-controlled. */
 class ReverseDnsSource extends Source {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
index 11a79878698..2bf409899ee 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
@@ -39,6 +39,4 @@ private class PrivateDataSource extends Source {
   PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr }
 }
 
-private class ExternalLocation extends Sink {
-  ExternalLocation() { this instanceof ExternalLocationSink }
-}
+private class ExternalLocation extends Sink instanceof ExternalLocationSink { }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
index 4c0b7b00765..1fde874cc93 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.commons.QualifiedName
 private import semmle.code.csharp.dataflow.flowsources.Remote
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.dataflow.FlowSummary
@@ -16,8 +17,7 @@ abstract class SafeExternalApiCallable extends Callable { }
 /** DEPRECATED: Alias for SafeExternalApiCallable */
 deprecated class SafeExternalAPICallable = SafeExternalApiCallable;
 
-private class SummarizedCallableSafe extends SafeExternalApiCallable {
-  SummarizedCallableSafe() { this instanceof SummarizedCallable }
+private class SummarizedCallableSafe extends SafeExternalApiCallable instanceof SummarizedCallable {
 }
 
 /** The default set of "safe" external APIs. */
@@ -70,8 +70,21 @@ class ExternalApiDataNode extends DataFlow::Node {
   /** Gets the index which is passed untrusted data (where -1 indicates the qualifier). */
   int getIndex() { result = i }
 
-  /** Gets the description of the callable being called. */
-  string getCallableDescription() { result = this.getCallable().getQualifiedName() }
+  /** Holds if the callable being use has name `name` and has qualifier `qualifier`. */
+  predicate hasQualifiedName(string qualifier, string name) {
+    this.getCallable().hasQualifiedName(qualifier, name)
+  }
+
+  /**
+   * DEPRECATED: Use hasQualifiedName/2 instead.
+   *
+   * Gets the description of the callable being called.
+   */
+  deprecated string getCallableDescription() {
+    exists(string qualifier, string name |
+      this.hasQualifiedName(qualifier, name) and result = getQualifiedName(qualifier, name)
+    )
+  }
 }
 
 /** DEPRECATED: Alias for ExternalApiDataNode */
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
index 6f985463763..fb94273ccd7 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -38,9 +38,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * An argument that sets the `Path` property of a `DirectoryEntry` object that is a sink for LDAP
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
index 9320975c4d5..8764ebfd1d0 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
@@ -38,9 +38,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-private class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+private class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 private class HtmlSanitizer extends Sanitizer {
   HtmlSanitizer() { this.asExpr() instanceof HtmlSanitizedExpr }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
index e39cf1f0c44..47de109168d 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
@@ -43,9 +43,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * The input argument to a call to `XmlReader.Create` where the input will not be validated against
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
index e799501af4e..c3450946eb2 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
@@ -38,9 +38,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * An expression that represents a regular expression with potential exponential behavior.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
index 7631375eba5..bfd0bcb5aea 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
@@ -37,9 +37,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A `pattern` argument to a construction of a `Regex`.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
index cfcdd93aaa3..fee371359fd 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
@@ -37,14 +37,10 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /** A source of local user input. */
-class LocalSource extends Source {
-  LocalSource() { this instanceof LocalFlowSource }
-}
+class LocalSource extends Source instanceof LocalFlowSource { }
 
 /** An argument to the `ConnectionString` property on a data connection class. */
 class SqlConnectionStringSink extends Sink {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
index f4184a391b9..d19b4739fde 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
@@ -38,14 +38,10 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /** A source of local user input. */
-class LocalSource extends Source {
-  LocalSource() { this instanceof LocalFlowSource }
-}
+class LocalSource extends Source instanceof LocalFlowSource { }
 
 /** An SQL expression passed to an API call that executes SQL. */
 class SqlInjectionExprSink extends Sink {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
index 0379173578e..7e9f266a310 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
@@ -39,9 +39,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A path argument to a `File` method call.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
index 6f75a712386..046424397e6 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
@@ -44,9 +44,7 @@ abstract private class ConstructorOrStaticMethodSink extends Sink { }
  */
 abstract class Sanitizer extends DataFlow::Node { }
 
-private class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+private class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * User input to object method call deserialization flow tracking.
@@ -162,7 +160,7 @@ class TaintToObjectTypeTrackingConfig extends TaintTracking2::Configuration {
   override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
     exists(MethodCall mc, Method m |
       m = mc.getTarget() and
-      m.getDeclaringType().hasQualifiedName("System.Type") and
+      m.getDeclaringType().hasQualifiedName("System", "Type") and
       m.hasName("GetType") and
       m.isStatic() and
       n1.asExpr() = mc.getArgument(0) and
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
index 796bc9f3b5d..499ff5c4a09 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -50,9 +50,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll
index 28317c0b201..ea5a16b6aaf 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll
@@ -14,9 +14,7 @@ private import semmle.code.csharp.security.Sanitizers
  */
 abstract class Source extends DataFlow::Node { }
 
-private class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+private class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A data flow sink for untrusted user input used in XML processing.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
index 7b062288f9c..f6f02fcd426 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
@@ -37,9 +37,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /** The `xpath` argument to an `XPathExpression.Compile(..)` call. */
 class XPathExpressionCompileSink extends Sink {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
index a216ce5e9d2..72a1d930354 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
@@ -149,9 +149,7 @@ class TaintTrackingConfiguration extends TaintTracking2::Configuration {
 }
 
 /** A source of remote user input. */
-private class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+private class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll
index 637c3c29f8b..0232d9462e2 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll
@@ -27,9 +27,7 @@ private class ExternalXssSink extends Sink {
   ExternalXssSink() { sinkNode(this, "xss") }
 }
 
-private class HtmlSinkSink extends Sink {
-  HtmlSinkSink() { this instanceof HtmlSink }
-
+private class HtmlSinkSink extends Sink instanceof HtmlSink {
   override string explanation() {
     this instanceof WebPageWriteLiteralSink and
     result = "System.Web.WebPages.WebPage.WriteLiteral() method"
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
index 99f001eb115..de5a5bbd837 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
@@ -46,7 +46,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 class ArchiveFullNameSource extends Source {
   ArchiveFullNameSource() {
     exists(PropertyAccess pa | this.asExpr() = pa |
-      pa.getTarget().getDeclaringType().hasQualifiedName("System.IO.Compression.ZipArchiveEntry") and
+      pa.getTarget().getDeclaringType().hasQualifiedName("System.IO.Compression", "ZipArchiveEntry") and
       pa.getTarget().getName() = "FullName"
     )
   }
@@ -56,7 +56,7 @@ class ArchiveFullNameSource extends Source {
 class ExtractToFileArgSink extends Sink {
   ExtractToFileArgSink() {
     exists(MethodCall mc |
-      mc.getTarget().hasQualifiedName("System.IO.Compression.ZipFileExtensions", "ExtractToFile") and
+      mc.getTarget().hasQualifiedName("System.IO.Compression", "ZipFileExtensions", "ExtractToFile") and
       this.asExpr() = mc.getArgumentForName("destinationFileName")
     )
   }
@@ -66,9 +66,9 @@ class ExtractToFileArgSink extends Sink {
 class FileOpenArgSink extends Sink {
   FileOpenArgSink() {
     exists(MethodCall mc |
-      mc.getTarget().hasQualifiedName("System.IO.File", "Open") or
-      mc.getTarget().hasQualifiedName("System.IO.File", "OpenWrite") or
-      mc.getTarget().hasQualifiedName("System.IO.File", "Create")
+      mc.getTarget().hasQualifiedName("System.IO", "File", "Open") or
+      mc.getTarget().hasQualifiedName("System.IO", "File", "OpenWrite") or
+      mc.getTarget().hasQualifiedName("System.IO", "File", "Create")
     |
       this.asExpr() = mc.getArgumentForName("path")
     )
@@ -79,7 +79,7 @@ class FileOpenArgSink extends Sink {
 class FileStreamArgSink extends Sink {
   FileStreamArgSink() {
     exists(ObjectCreation oc |
-      oc.getTarget().getDeclaringType().hasQualifiedName("System.IO.FileStream")
+      oc.getTarget().getDeclaringType().hasQualifiedName("System.IO", "FileStream")
     |
       this.asExpr() = oc.getArgumentForName("path")
     )
@@ -94,7 +94,7 @@ class FileStreamArgSink extends Sink {
 class FileInfoArgSink extends Sink {
   FileInfoArgSink() {
     exists(ObjectCreation oc |
-      oc.getTarget().getDeclaringType().hasQualifiedName("System.IO.FileInfo")
+      oc.getTarget().getDeclaringType().hasQualifiedName("System.IO", "FileInfo")
     |
       this.asExpr() = oc.getArgumentForName("fileName")
     )
@@ -108,7 +108,7 @@ class FileInfoArgSink extends Sink {
  */
 class GetFileNameSanitizer extends Sanitizer {
   GetFileNameSanitizer() {
-    exists(MethodCall mc | mc.getTarget().hasQualifiedName("System.IO.Path", "GetFileName") |
+    exists(MethodCall mc | mc.getTarget().hasQualifiedName("System.IO", "Path", "GetFileName") |
       this.asExpr() = mc
     )
   }
@@ -122,19 +122,19 @@ class GetFileNameSanitizer extends Sanitizer {
  */
 class SubstringSanitizer extends Sanitizer {
   SubstringSanitizer() {
-    exists(MethodCall mc | mc.getTarget().hasQualifiedName("System.String", "Substring") |
+    exists(MethodCall mc | mc.getTarget().hasQualifiedName("System", "String", "Substring") |
       this.asExpr() = mc
     )
   }
 }
 
 private predicate stringCheckGuard(Guard g, Expr e, AbstractValue v) {
-  g.(MethodCall).getTarget().hasQualifiedName("System.String", "StartsWith") and
+  g.(MethodCall).getTarget().hasQualifiedName("System", "String", "StartsWith") and
   g.(MethodCall).getQualifier() = e and
   // A StartsWith check against Path.Combine is not sufficient, because the ".." elements have
   // not yet been resolved.
   not exists(MethodCall combineCall |
-    combineCall.getTarget().hasQualifiedName("System.IO.Path", "Combine") and
+    combineCall.getTarget().hasQualifiedName("System.IO", "Path", "Combine") and
     DataFlow::localExprFlow(combineCall, e)
   ) and
   v.(AbstractValues::BooleanValue).getValue() = true
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
index 293d15b7461..6243074cf17 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
@@ -12,6 +12,7 @@ private import semmle.code.csharp.frameworks.system.web.ui.WebControls
 private import semmle.code.csharp.frameworks.WCF
 private import semmle.code.csharp.frameworks.microsoft.Owin
 private import semmle.code.csharp.frameworks.microsoft.AspNetCore
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** A data flow source of remote user input. */
 abstract class RemoteFlowSource extends DataFlow::Node {
@@ -19,6 +20,13 @@ abstract class RemoteFlowSource extends DataFlow::Node {
   abstract string getSourceType();
 }
 
+/**
+ * A module for importing frameworks that defines remote flow sources.
+ */
+private module RemoteFlowSources {
+  private import semmle.code.csharp.frameworks.ServiceStack
+}
+
 /** A data flow source of remote user input (ASP.NET). */
 abstract class AspNetRemoteFlowSource extends RemoteFlowSource { }
 
@@ -254,3 +262,9 @@ class AspNetCoreActionMethodParameter extends AspNetCoreRemoteFlowSource, DataFl
 
   override string getSourceType() { result = "ASP.NET Core MVC action method parameter" }
 }
+
+private class ExternalRemoteFlowSource extends RemoteFlowSource {
+  ExternalRemoteFlowSource() { sourceNode(this, "remote") }
+
+  override string getSourceType() { result = "external" }
+}
diff --git a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
index 53fe605b963..b83795b033a 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
@@ -47,7 +47,7 @@ abstract class InsecureXmlProcessing extends Call {
  */
 private predicate isSafeXmlResolver(Expr e) {
   e instanceof NullLiteral or
-  e.getType().(RefType).hasQualifiedName("System.Xml.XmlSecureResolver")
+  e.getType().(RefType).hasQualifiedName("System.Xml", "XmlSecureResolver")
 }
 
 /**
@@ -94,7 +94,7 @@ module XmlSettings {
    * Holds if the given object creation constructs `XmlReaderSettings` with an insecure resolver.
    */
   predicate insecureResolverSettings(ObjectCreation creation, Expr evidence, string reason) {
-    creation.getObjectType().getQualifiedName() = "System.Xml.XmlReaderSettings" and
+    creation.getObjectType().hasQualifiedName("System.Xml", "XmlReaderSettings") and
     (
       // one unsafe assignment to XmlResolver
       exists(Expr xmlResolverVal | xmlResolverVal = getAValueForProp(creation, "XmlResolver") |
@@ -114,7 +114,7 @@ module XmlSettings {
    * Holds if the given object creation constructs `XmlReaderSettings` with DTD processing enabled.
    */
   predicate dtdEnabledSettings(ObjectCreation creation, Expr evidence, string reason) {
-    creation.getObjectType().getQualifiedName() = "System.Xml.XmlReaderSettings" and
+    creation.getObjectType().hasQualifiedName("System.Xml", "XmlReaderSettings") and
     (
       exists(Expr dtdVal | dtdVal = getAValueForProp(creation, "DtdProcessing") |
         not isSafeDtdSetting(dtdVal) and evidence = dtdVal
@@ -145,14 +145,16 @@ module XmlReader {
   private import semmle.code.csharp.dataflow.DataFlow2
 
   private class InsecureXmlReaderCreate extends InsecureXmlProcessing, MethodCall {
-    InsecureXmlReaderCreate() { this.getTarget().hasQualifiedName("System.Xml.XmlReader.Create") }
+    InsecureXmlReaderCreate() {
+      this.getTarget().hasQualifiedName("System.Xml.XmlReader", "Create")
+    }
 
     /**
      * Gets the `XmlReaderSettings` argument to to this call, if any.
      */
     Expr getSettings() {
       result = this.getAnArgument() and
-      result.getType().(RefType).getABaseType*().hasQualifiedName("System.Xml.XmlReaderSettings")
+      result.getType().(RefType).getABaseType*().hasQualifiedName("System.Xml", "XmlReaderSettings")
     }
 
     override predicate isUnsafe(string reason) {
@@ -197,7 +199,7 @@ module XmlReader {
           .getType()
           .(RefType)
           .getABaseType*()
-          .hasQualifiedName("System.Xml.XmlReaderSettings")
+          .hasQualifiedName("System.Xml", "XmlReaderSettings")
     }
 
     override predicate isSink(DataFlow::Node sink) {
@@ -209,7 +211,7 @@ module XmlReader {
 /** Provides predicates related to `System.Xml.XmlTextReader`. */
 module XmlTextReader {
   private class InsecureXmlTextReader extends InsecureXmlProcessing, ObjectCreation {
-    InsecureXmlTextReader() { this.getObjectType().hasQualifiedName("System.Xml.XmlTextReader") }
+    InsecureXmlTextReader() { this.getObjectType().hasQualifiedName("System.Xml", "XmlTextReader") }
 
     override predicate isUnsafe(string reason) {
       not exists(Expr xmlResolverVal |
@@ -244,8 +246,8 @@ module XmlDocument {
    */
   class InsecureXmlDocument extends InsecureXmlProcessing, MethodCall {
     InsecureXmlDocument() {
-      this.getTarget().hasQualifiedName("System.Xml.XmlDocument.Load") or
-      this.getTarget().hasQualifiedName("System.Xml.XmlDocument.LoadXml")
+      this.getTarget().hasQualifiedName("System.Xml", "XmlDocument", "Load") or
+      this.getTarget().hasQualifiedName("System.Xml", "XmlDocument", "LoadXml")
     }
 
     override predicate isUnsafe(string reason) {
diff --git a/csharp/ql/lib/semmle/code/csharp/serialization/Deserializers.qll b/csharp/ql/lib/semmle/code/csharp/serialization/Deserializers.qll
index 8e026f03a0f..af3cdfc28bb 100644
--- a/csharp/ql/lib/semmle/code/csharp/serialization/Deserializers.qll
+++ b/csharp/ql/lib/semmle/code/csharp/serialization/Deserializers.qll
@@ -90,7 +90,7 @@ private class WrapperDeserializer extends UnsafeDeserializer {
 /** BinaryFormatter */
 private class BinaryFormatterClass extends Class {
   BinaryFormatterClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.Formatters.Binary.BinaryFormatter")
+    this.hasQualifiedName("System.Runtime.Serialization.Formatters.Binary", "BinaryFormatter")
   }
 }
 
@@ -121,7 +121,7 @@ class BinaryFormatterUnsafeDeserializeMethodResponseMethod extends Method, Unsaf
 /** SoapFormatter */
 private class SoapFormatterClass extends Class {
   SoapFormatterClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.Formatters.Soap.SoapFormatter")
+    this.hasQualifiedName("System.Runtime.Serialization.Formatters.Soap", "SoapFormatter")
   }
 }
 
@@ -135,7 +135,7 @@ class SoapFormatterDeserializeMethod extends Method, UnsafeDeserializer {
 
 /** ObjectStateFormatter */
 private class ObjectStateFormatterClass extends Class {
-  ObjectStateFormatterClass() { this.hasQualifiedName("System.Web.UI.ObjectStateFormatter") }
+  ObjectStateFormatterClass() { this.hasQualifiedName("System.Web.UI", "ObjectStateFormatter") }
 }
 
 /** `System.Web.UI.ObjectStateFormatter.Deserialize` method */
@@ -149,7 +149,7 @@ class ObjectStateFormatterDeserializeMethod extends Method, UnsafeDeserializer {
 /** NetDataContractSerializer */
 class NetDataContractSerializerClass extends Class {
   NetDataContractSerializerClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.NetDataContractSerializer")
+    this.hasQualifiedName("System.Runtime.Serialization", "NetDataContractSerializer")
   }
 }
 
@@ -172,7 +172,7 @@ class NetDataContractSerializerReadObjectMethod extends Method, UnsafeDeserializ
 /** DataContractJsonSerializer */
 class DataContractJsonSerializerClass extends Class {
   DataContractJsonSerializerClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.Json.DataContractJsonSerializer")
+    this.hasQualifiedName("System.Runtime.Serialization.Json", "DataContractJsonSerializer")
   }
 }
 
@@ -187,7 +187,7 @@ class DataContractJsonSerializerReadObjectMethod extends Method, UnsafeDeseriali
 /** JavaScriptSerializer */
 class JavaScriptSerializerClass extends Class {
   JavaScriptSerializerClass() {
-    this.hasQualifiedName("System.Web.Script.Serialization.JavaScriptSerializer")
+    this.hasQualifiedName("System.Web.Script.Serialization", "JavaScriptSerializer")
   }
 }
 
@@ -210,7 +210,7 @@ class JavaScriptSerializerClassDeserializeObjectMethod extends Method, UnsafeDes
 /** XmlObjectSerializer */
 class XmlObjectSerializerClass extends Class {
   XmlObjectSerializerClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.XmlObjectSerializer")
+    this.hasQualifiedName("System.Runtime.Serialization", "XmlObjectSerializer")
   }
 }
 
@@ -224,7 +224,7 @@ class XmlObjectSerializerReadObjectMethod extends Method, UnsafeDeserializer {
 
 /** XmlSerializer */
 class XmlSerializerClass extends Class {
-  XmlSerializerClass() { this.hasQualifiedName("System.Xml.Serialization.XmlSerializer") }
+  XmlSerializerClass() { this.hasQualifiedName("System.Xml.Serialization", "XmlSerializer") }
 }
 
 /** `System.Xml.Serialization.XmlSerializer.Deserialize` method */
@@ -238,7 +238,7 @@ class XmlSerializerDeserializeMethod extends Method, UnsafeDeserializer {
 /** DataContractSerializer */
 class DataContractSerializerClass extends Class {
   DataContractSerializerClass() {
-    this.hasQualifiedName("System.Runtime.Serialization.DataContractSerializer")
+    this.hasQualifiedName("System.Runtime.Serialization", "DataContractSerializer")
   }
 }
 
@@ -252,7 +252,7 @@ class DataContractSerializerReadObjectMethod extends Method, UnsafeDeserializer
 
 /** XmlMessageFormatter */
 class XmlMessageFormatterClass extends Class {
-  XmlMessageFormatterClass() { this.hasQualifiedName("System.Messaging.XmlMessageFormatter") }
+  XmlMessageFormatterClass() { this.hasQualifiedName("System.Messaging", "XmlMessageFormatter") }
 }
 
 /** `System.Messaging.XmlMessageFormatter.Read` method */
@@ -265,7 +265,7 @@ class XmlMessageFormatterReadMethod extends Method, UnsafeDeserializer {
 
 /** LosFormatter */
 private class LosFormatterClass extends Class {
-  LosFormatterClass() { this.hasQualifiedName("System.Web.UI.LosFormatter") }
+  LosFormatterClass() { this.hasQualifiedName("System.Web.UI", "LosFormatter") }
 }
 
 /** `System.Web.UI.LosFormatter.Deserialize` method */
@@ -278,7 +278,7 @@ class LosFormatterDeserializeMethod extends Method, UnsafeDeserializer {
 
 /** fastJSON */
 private class FastJsonClass extends Class {
-  FastJsonClass() { this.hasQualifiedName("fastJSON.JSON") }
+  FastJsonClass() { this.hasQualifiedName("fastJSON", "JSON") }
 }
 
 /** `fastJSON.JSON.ToObject` method */
@@ -292,7 +292,7 @@ class FastJsonClassToObjectMethod extends Method, UnsafeDeserializer {
 
 /** Activity */
 private class ActivityClass extends Class {
-  ActivityClass() { this.hasQualifiedName("System.Workflow.ComponentModel.Activity") }
+  ActivityClass() { this.hasQualifiedName("System.Workflow.ComponentModel", "Activity") }
 }
 
 /** `System.Workflow.ComponentModel.Activity.Load` method */
@@ -305,7 +305,7 @@ class ActivityLoadMethod extends Method, UnsafeDeserializer {
 
 /** ResourceReader */
 private class ResourceReaderClass extends Class {
-  ResourceReaderClass() { this.hasQualifiedName("System.Resources.ResourceReader") }
+  ResourceReaderClass() { this.hasQualifiedName("System.Resources", "ResourceReader") }
 }
 
 /** `System.Resources.ResourceReader` constructor */
@@ -318,7 +318,9 @@ class ResourceReaderConstructor extends Constructor, UnsafeDeserializer {
 
 /** BinaryMessageFormatter */
 private class BinaryMessageFormatterClass extends Class {
-  BinaryMessageFormatterClass() { this.hasQualifiedName("System.Messaging.BinaryMessageFormatter") }
+  BinaryMessageFormatterClass() {
+    this.hasQualifiedName("System.Messaging", "BinaryMessageFormatter")
+  }
 }
 
 /** `System.Messaging.BinaryMessageFormatter.Read` method */
@@ -331,7 +333,7 @@ class BinaryMessageFormatterReadMethod extends Method, UnsafeDeserializer {
 
 /** XamlReader */
 private class XamlReaderClass extends Class {
-  XamlReaderClass() { this.hasQualifiedName("System.Windows.Markup.XamlReader") }
+  XamlReaderClass() { this.hasQualifiedName("System.Windows.Markup", "XamlReader") }
 }
 
 /** `System.Windows.Markup.XamlReader.Parse` method */
@@ -362,7 +364,7 @@ class XamlReaderLoadAsyncMethod extends Method, UnsafeDeserializer {
 
 /** ProxyObject */
 private class ProxyObjectClass extends Class {
-  ProxyObjectClass() { this.hasQualifiedName("Microsoft.Web.Design.Remote.ProxyObject") }
+  ProxyObjectClass() { this.hasQualifiedName("Microsoft.Web.Design.Remote", "ProxyObject") }
 }
 
 /** `Microsoft.Web.Design.Remote.ProxyObject.DecodeValue` method */
@@ -383,7 +385,7 @@ class ProxyObjectDecodeSerializedObjectMethod extends Method, UnsafeDeserializer
 
 /** SweetJayson */
 private class JaysonConverterClass extends Class {
-  JaysonConverterClass() { this.hasQualifiedName("Sweet.Jayson.JaysonConverter") }
+  JaysonConverterClass() { this.hasQualifiedName("Sweet.Jayson", "JaysonConverter") }
 }
 
 /** `Sweet.Jayson.JaysonConverter.ToObject` method */
@@ -398,7 +400,7 @@ class JaysonConverterToObjectMethod extends Method, UnsafeDeserializer {
 /** ServiceStack.Text.JsonSerializer */
 private class ServiceStackTextJsonSerializerClass extends Class {
   ServiceStackTextJsonSerializerClass() {
-    this.hasQualifiedName("ServiceStack.Text.JsonSerializer")
+    this.hasQualifiedName("ServiceStack.Text", "JsonSerializer")
   }
 }
 
@@ -432,7 +434,7 @@ class ServiceStackTextJsonSerializerDeserializeFromStreamMethod extends Method,
 /** ServiceStack.Text.TypeSerializer */
 private class ServiceStackTextTypeSerializerClass extends Class {
   ServiceStackTextTypeSerializerClass() {
-    this.hasQualifiedName("ServiceStack.Text.TypeSerializer")
+    this.hasQualifiedName("ServiceStack.Text", "TypeSerializer")
   }
 }
 
@@ -465,7 +467,9 @@ class ServiceStackTextTypeSerializerDeserializeFromStreamMethod extends Method,
 
 /** ServiceStack.Text.CsvSerializer */
 private class ServiceStackTextCsvSerializerClass extends Class {
-  ServiceStackTextCsvSerializerClass() { this.hasQualifiedName("ServiceStack.Text.CsvSerializer") }
+  ServiceStackTextCsvSerializerClass() {
+    this.hasQualifiedName("ServiceStack.Text", "CsvSerializer")
+  }
 }
 
 /** `ServiceStack.Text.CsvSerializer.DeserializeFromString` method */
@@ -497,7 +501,9 @@ class ServiceStackTextCsvSerializerDeserializeFromStreamMethod extends Method, U
 
 /** ServiceStack.Text.XmlSerializer */
 private class ServiceStackTextXmlSerializerClass extends Class {
-  ServiceStackTextXmlSerializerClass() { this.hasQualifiedName("ServiceStack.Text.XmlSerializer") }
+  ServiceStackTextXmlSerializerClass() {
+    this.hasQualifiedName("ServiceStack.Text", "XmlSerializer")
+  }
 }
 
 /** `ServiceStack.Text.XmlSerializer.DeserializeFromString` method */
@@ -529,7 +535,7 @@ class ServiceStackTextXmlSerializerDeserializeFromStreamMethod extends Method, U
 
 /** MBrace.FsPickler.FsPicklerSerializer */
 private class FsPicklerSerializerClass extends Class {
-  FsPicklerSerializerClass() { this.hasQualifiedName("MBrace.FsPickler.FsPicklerSerializer") }
+  FsPicklerSerializerClass() { this.hasQualifiedName("MBrace.FsPickler", "FsPicklerSerializer") }
 }
 
 /** `MBrace.FsPickler.FsPicklerSerializer.Deserialize` method */
@@ -598,7 +604,7 @@ class FsPicklerSerializerClassUnPickleUntypedMethod extends Method, UnsafeDeseri
 
 /** MBrace.CsPickler.CsPicklerSerializer */
 private class CsPicklerSerializerClass extends Class {
-  CsPicklerSerializerClass() { this.hasQualifiedName("MBrace.CsPickler.CsPicklerSerializer") }
+  CsPicklerSerializerClass() { this.hasQualifiedName("MBrace.CsPickler", "CsPicklerSerializer") }
 }
 
 /** `MBrace.FsPickler.CsPicklerSerializer.Deserialize` method */
@@ -620,7 +626,7 @@ class CsPicklerSerializerClassUnPickleMethod extends Method, UnsafeDeserializer
 /** MBrace.CsPickler.CsPicklerTextSerializer */
 private class CsPicklerTextSerializerClass extends Class {
   CsPicklerTextSerializerClass() {
-    this.hasQualifiedName("MBrace.CsPickler.CsPicklerTextSerializer")
+    this.hasQualifiedName("MBrace.CsPickler", "CsPicklerTextSerializer")
   }
 }
 
@@ -634,7 +640,7 @@ class CsPicklerSerializerClassUnPickleOfStringMethod extends Method, UnsafeDeser
 
 /** Polenter.Serialization.SharpSerializer */
 private class SharpSerializerClass extends Class {
-  SharpSerializerClass() { this.hasQualifiedName("Polenter.Serialization.SharpSerializer") }
+  SharpSerializerClass() { this.hasQualifiedName("Polenter.Serialization", "SharpSerializer") }
 }
 
 /** `Polenter.Serialization.SharpSerializer.Deserialize` method */
@@ -647,7 +653,9 @@ class SharpSerializerClassDeserializeMethod extends Method, UnsafeDeserializer {
 
 /** YamlDotNet.Serialization.Deserializer */
 private class YamlDotNetDeserializerClass extends Class {
-  YamlDotNetDeserializerClass() { this.hasQualifiedName("YamlDotNet.Serialization.Deserializer") }
+  YamlDotNetDeserializerClass() {
+    this.hasQualifiedName("YamlDotNet.Serialization", "Deserializer")
+  }
 }
 
 /** `YamlDotNet.Serialization.Deserializer.Deserialize` method */
diff --git a/csharp/ql/lib/semmle/code/dotnet/Declaration.qll b/csharp/ql/lib/semmle/code/dotnet/Declaration.qll
index 046cb99944e..fea5a1aaeca 100644
--- a/csharp/ql/lib/semmle/code/dotnet/Declaration.qll
+++ b/csharp/ql/lib/semmle/code/dotnet/Declaration.qll
@@ -4,11 +4,15 @@
 
 import Element
 import Type
+private import semmle.code.csharp.commons.QualifiedName
 
 /** A declaration. */
 class Declaration extends NamedElement, @dotnet_declaration {
   override predicate hasQualifiedName(string qualifier, string name) {
-    qualifier = this.getDeclaringType().getQualifiedName() and
+    exists(string dqualifier, string dname |
+      this.getDeclaringType().hasQualifiedName(dqualifier, dname) and
+      qualifier = getQualifiedName(dqualifier, dname)
+    ) and
     name = this.getName()
   }
 
@@ -75,6 +79,16 @@ class Member extends Declaration, @dotnet_member {
 
   /** Holds if this member is `static`. */
   predicate isStatic() { none() }
+
+  /**
+   * Holds if this member has name `name` and is defined in type `type`
+   * with namespace `namespace`.
+   */
+  cached
+  predicate hasQualifiedName(string namespace, string type, string name) {
+    this.getDeclaringType().hasQualifiedName(namespace, type) and
+    name = this.getName()
+  }
 }
 
 /** A property. */
diff --git a/csharp/ql/lib/semmle/code/dotnet/Element.qll b/csharp/ql/lib/semmle/code/dotnet/Element.qll
index 713261dcf36..1000ce57666 100644
--- a/csharp/ql/lib/semmle/code/dotnet/Element.qll
+++ b/csharp/ql/lib/semmle/code/dotnet/Element.qll
@@ -97,10 +97,13 @@ class NamedElement extends Element, @dotnet_named_element {
   }
 
   /**
+   * DEPRECATED: Use `hasQualifiedName/2` instead.
    * Holds if this element has qualified name `qualifiedName`, for example
    * `System.Console.WriteLine`.
    */
-  final predicate hasQualifiedName(string qualifiedName) { qualifiedName = this.getQualifiedName() }
+  deprecated final predicate hasQualifiedName(string qualifiedName) {
+    qualifiedName = this.getQualifiedName()
+  }
 
   /** Holds if this element has the qualified name `qualifier`.`name`. */
   cached
diff --git a/csharp/ql/lib/semmle/code/dotnet/Namespace.qll b/csharp/ql/lib/semmle/code/dotnet/Namespace.qll
index 9a0e9edac00..31a625de062 100644
--- a/csharp/ql/lib/semmle/code/dotnet/Namespace.qll
+++ b/csharp/ql/lib/semmle/code/dotnet/Namespace.qll
@@ -3,6 +3,7 @@
  */
 
 private import Declaration
+private import semmle.code.csharp.commons.QualifiedName
 
 /** A namespace. */
 class Namespace extends Declaration, @namespace {
@@ -25,12 +26,15 @@ class Namespace extends Declaration, @namespace {
    * `qualifier`=`System.Collections` and `name`=`Generic`.
    */
   override predicate hasQualifiedName(string qualifier, string name) {
-    qualifier = this.getParentNamespace().getQualifiedName() and
+    exists(string pqualifier, string pname |
+      this.getParentNamespace().hasQualifiedName(pqualifier, pname) and
+      qualifier = getQualifiedName(pqualifier, pname)
+    ) and
     name = this.getName()
   }
 
   /** Gets a textual representation of this namespace. */
-  override string toString() { result = this.getQualifiedName() }
+  override string toString() { result = this.getFullName() }
 
   /** Holds if this is the global namespace. */
   final predicate isGlobalNamespace() { this.getName() = "" }
@@ -41,6 +45,16 @@ class Namespace extends Declaration, @namespace {
   final override string getUndecoratedName() { namespaces(this, result) }
 
   override string getAPrimaryQlClass() { result = "Namespace" }
+
+  /**
+   * Get the fully qualified name of this namespace.
+   */
+  string getFullName() {
+    exists(string namespace, string name |
+      this.hasQualifiedName(namespace, name) and
+      result = getQualifiedName(namespace, name)
+    )
+  }
 }
 
 /** The global namespace. */
diff --git a/csharp/ql/lib/semmle/code/dotnet/Type.qll b/csharp/ql/lib/semmle/code/dotnet/Type.qll
index 04b6cdaf6eb..ab55f284824 100644
--- a/csharp/ql/lib/semmle/code/dotnet/Type.qll
+++ b/csharp/ql/lib/semmle/code/dotnet/Type.qll
@@ -28,7 +28,7 @@ class ValueOrRefType extends Type, @dotnet_valueorreftype {
     or
     if this.getDeclaringNamespace().isGlobalNamespace()
     then result = ""
-    else result = this.getDeclaringNamespace().getQualifiedName() + "."
+    else result = this.getDeclaringNamespace().getFullName() + "."
   }
 
   pragma[noinline]
diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme b/csharp/ql/lib/semmlecode.csharp.dbscheme
index 4ac7d8bcac6..83aca6b3e4f 100644
--- a/csharp/ql/lib/semmlecode.csharp.dbscheme
+++ b/csharp/ql/lib/semmlecode.csharp.dbscheme
@@ -1134,6 +1134,9 @@ case @expr.kind of
 | 128 = @or_pattern_expr
 | 129 = @function_pointer_invocation_expr
 | 130 = @with_expr
+/* C# 11.0 */
+| 131 = @list_pattern_expr
+| 132 = @slice_pattern_expr
 /* Preprocessor */
 | 999 = @define_symbol_expr
 ;
diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
index 2d1c330c7d2..c2017892642 100644
--- a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
+++ b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
@@ -948,6 +948,14 @@
             <k>@with_expr</k>
             <v>101</v>
         </e>
+        <e>
+            <k>@list_pattern_expr</k>
+            <v>0</v>
+        </e>
+        <e>
+            <k>@slice_pattern_expr</k>
+            <v>0</v>
+        </e>
         <e>
             <k>@xmldtd</k>
             <v>40</v>
diff --git a/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/old.dbscheme b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/old.dbscheme
new file mode 100644
index 00000000000..4ac7d8bcac6
--- /dev/null
+++ b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/old.dbscheme
@@ -0,0 +1,2064 @@
+/* This is a dummy line to alter the dbscheme, so we can make a database upgrade
+ * without actually changing any of the dbscheme predicates. It contains a date
+ * to allow for such updates in the future as well.
+ *
+ * 2021-07-14
+ *
+ * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a
+ * previously seen state (matching a previously seen SHA), which would make the upgrade
+ * mechanism not work properly.
+ */
+
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    unique int id : @compilation,
+    string cwd : string ref
+);
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | --compiler
+ * 1   | *path to compiler*
+ * 2   | f1.cs
+ * 3   | f2.cs
+ * 4   | f3.cs
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | f1.cs
+ * 1   | f2.cs
+ * 2   | f3.cs
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The references used by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | ref1.dll
+ * 1   | ref2.dll
+ * 2   | ref3.dll
+ */
+#keyset[id, num]
+compilation_referencing_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+extractor_messages(
+    unique int id: @extractor_message,
+    int severity: int ref,
+    string origin : string ref,
+    string text : string ref,
+    string entity : string ref,
+    int location: @location_default ref,
+    string stack_trace : string ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+compilation_assembly(
+  unique int id : @compilation ref,
+  int assembly: @assembly ref
+)
+
+// Populated by the CSV extractor
+externalData(
+   int id: @externalDataElement,
+   string path: string ref,
+   int column: int ref,
+   string value: string ref);
+
+sourceLocationPrefix(
+  string prefix: string ref);
+
+/*
+ * C# dbscheme
+ */
+
+/** ELEMENTS **/
+
+@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration
+         | @using_directive | @type_parameter_constraints | @externalDataElement
+         | @xmllocatable | @asp_element | @namespace | @preprocessor_directive;
+
+@declaration = @callable | @generic | @assignable | @namespace;
+
+@named_element = @namespace | @declaration;
+
+@declaration_with_accessors = @property | @indexer | @event;
+
+@assignable = @variable | @assignable_with_accessors | @event;
+
+@assignable_with_accessors = @property | @indexer;
+
+@attributable = @assembly | @field | @parameter | @operator | @method | @constructor
+              | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors
+              | @local_function | @lambda_expr;
+
+/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/
+
+@location = @location_default | @assembly;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+locations_mapped(
+  unique int id: @location_default ref,
+  int mapped_to: @location_default ref);
+
+@sourceline = @file | @callable | @xmllocatable;
+
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref);
+
+assemblies(
+  unique int id: @assembly,
+  int file: @file ref,
+  string fullname: string ref,
+  string name: string ref,
+  string version: string ref);
+
+files(
+  unique int id: @file,
+  string name: string ref);
+
+folders(
+  unique int id: @folder,
+  string name: string ref);
+
+@container = @folder | @file ;
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref);
+
+file_extraction_mode(
+  unique int file: @file ref,
+  int mode: int ref
+  /* 0 = normal, 1 = standalone extractor */
+  );
+
+/** NAMESPACES **/
+
+@type_container = @namespace | @type;
+
+namespaces(
+  unique int id: @namespace,
+  string name: string ref);
+
+namespace_declarations(
+  unique int id: @namespace_declaration,
+  int namespace_id: @namespace ref);
+
+namespace_declaration_location(
+  unique int id: @namespace_declaration ref,
+  int loc: @location ref);
+
+parent_namespace(
+  unique int child_id: @type_container ref,
+  int namespace_id: @namespace ref);
+
+@declaration_or_directive = @namespace_declaration | @type | @using_directive;
+
+parent_namespace_declaration(
+  int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes
+  int namespace_id: @namespace_declaration ref);
+
+@using_directive = @using_namespace_directive | @using_static_directive;
+
+using_global(
+  unique int id: @using_directive ref
+);
+
+using_namespace_directives(
+  unique int id: @using_namespace_directive,
+  int namespace_id: @namespace ref);
+
+using_static_directives(
+  unique int id: @using_static_directive,
+  int type_id: @type_or_ref ref);
+
+using_directive_location(
+  unique int id: @using_directive ref,
+  int loc: @location ref);
+
+@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning
+  | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if
+  | @directive_elif | @directive_else | @directive_endif;
+
+@conditional_directive = @directive_if | @directive_elif;
+@branch_directive = @directive_if | @directive_elif | @directive_else;
+
+directive_ifs(
+  unique int id: @directive_if,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref); /* 0: false, 1: true */
+
+directive_elifs(
+  unique int id: @directive_elif,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref,  /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+directive_elses(
+  unique int id: @directive_else,
+  int branchTaken: int ref,   /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+#keyset[id, start]
+directive_endifs(
+  unique int id: @directive_endif,
+  unique int start: @directive_if ref);
+
+directive_define_symbols(
+  unique int id: @define_symbol_expr ref,
+  string name: string ref);
+
+directive_regions(
+  unique int id: @directive_region,
+  string name: string ref);
+
+#keyset[id, start]
+directive_endregions(
+  unique int id: @directive_endregion,
+  unique int start: @directive_region ref);
+
+directive_lines(
+  unique int id: @directive_line,
+  int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */
+
+directive_line_value(
+  unique int id: @directive_line ref,
+  int line: int ref);
+
+directive_line_file(
+  unique int id: @directive_line ref,
+  int file: @file ref);
+
+directive_line_offset(
+  unique int id: @directive_line ref,
+  int offset: int ref);
+
+directive_line_span(
+  unique int id: @directive_line ref,
+  int startLine: int ref,
+  int startColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+directive_nullables(
+  unique int id: @directive_nullable,
+  int setting: int ref, /* 0: disable, 1: enable, 2: restore */
+  int target: int ref); /* 0: none, 1: annotations, 2: warnings */
+
+directive_warnings(
+  unique int id: @directive_warning,
+  string message: string ref);
+
+directive_errors(
+  unique int id: @directive_error,
+  string message: string ref);
+
+directive_undefines(
+  unique int id: @directive_undefine,
+  string name: string ref);
+
+directive_defines(
+  unique int id: @directive_define,
+  string name: string ref);
+
+pragma_checksums(
+  unique int id: @pragma_checksum,
+  int file: @file ref,
+  string guid: string ref,
+  string bytes: string ref);
+
+pragma_warnings(
+  unique int id: @pragma_warning,
+  int kind: int ref /* 0 = disable, 1 = restore */);
+
+#keyset[id, index]
+pragma_warning_error_codes(
+  int id: @pragma_warning ref,
+  string errorCode: string ref,
+  int index: int ref);
+
+preprocessor_directive_location(
+  unique int id: @preprocessor_directive ref,
+  int loc: @location ref);
+
+preprocessor_directive_compilation(
+  unique int id: @preprocessor_directive ref,
+  int compilation: @compilation ref);
+
+preprocessor_directive_active(
+  unique int id: @preprocessor_directive ref,
+  int active: int ref);  /* 0: false, 1: true */
+
+/** TYPES **/
+
+types(
+  unique int id: @type,
+  int kind: int ref,
+  string name: string ref);
+
+case @type.kind of
+   1 = @bool_type
+|  2 = @char_type
+|  3 = @decimal_type
+|  4 = @sbyte_type
+|  5 = @short_type
+|  6 = @int_type
+|  7 = @long_type
+|  8 = @byte_type
+|  9 = @ushort_type
+| 10 = @uint_type
+| 11 = @ulong_type
+| 12 = @float_type
+| 13 = @double_type
+| 14 = @enum_type
+| 15 = @struct_type
+| 17 = @class_type
+| 19 = @interface_type
+| 20 = @delegate_type
+| 21 = @null_type
+| 22 = @type_parameter
+| 23 = @pointer_type
+| 24 = @nullable_type
+| 25 = @array_type
+| 26 = @void_type
+| 27 = @int_ptr_type
+| 28 = @uint_ptr_type
+| 29 = @dynamic_type
+| 30 = @arglist_type
+| 31 = @unknown_type
+| 32 = @tuple_type
+| 33 = @function_pointer_type
+  ;
+
+@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type;
+@integral_type = @signed_integral_type | @unsigned_integral_type;
+@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type;
+@unsigned_integral_type = @byte_type  | @ushort_type | @uint_type | @ulong_type;
+@floating_point_type = @float_type | @double_type;
+@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type
+            | @uint_ptr_type | @tuple_type;
+@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type
+          | @dynamic_type;
+@value_or_ref_type = @value_type | @ref_type;
+
+typerefs(
+  unique int id: @typeref,
+  string name: string ref);
+
+typeref_type(
+  int id: @typeref ref,
+  unique int typeId: @type ref);
+
+@type_or_ref = @type | @typeref;
+
+array_element_type(
+  unique int array: @array_type ref,
+  int dimension: int ref,
+  int rank: int ref,
+  int element: @type_or_ref ref);
+
+nullable_underlying_type(
+  unique int nullable: @nullable_type ref,
+  int underlying: @type_or_ref ref);
+
+pointer_referent_type(
+  unique int pointer: @pointer_type ref,
+  int referent: @type_or_ref ref);
+
+enum_underlying_type(
+  unique int enum_id: @enum_type ref,
+  int underlying_type_id: @type_or_ref ref);
+
+delegate_return_type(
+  unique int delegate_id: @delegate_type ref,
+  int return_type_id: @type_or_ref ref);
+
+function_pointer_return_type(
+    unique int function_pointer_id: @function_pointer_type ref,
+    int return_type_id: @type_or_ref ref);
+
+extend(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+anonymous_types(
+  unique int id: @type ref);
+
+@interface_or_ref = @interface_type | @typeref;
+
+implement(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+type_location(
+  int id: @type ref,
+  int loc: @location ref);
+
+tuple_underlying_type(
+  unique int tuple: @tuple_type ref,
+  int struct: @type_or_ref ref);
+
+#keyset[tuple, index]
+tuple_element(
+  int tuple: @tuple_type ref,
+  int index: int ref,
+  unique int field: @field ref);
+
+attributes(
+  unique int id: @attribute,
+  int kind: int ref,
+  int type_id: @type_or_ref ref,
+  int target:  @attributable ref);
+
+case @attribute.kind of
+  0 = @attribute_default
+| 1 = @attribute_return
+| 2 = @attribute_assembly
+| 3 = @attribute_module
+;
+
+attribute_location(
+  int id: @attribute ref,
+  int loc: @location ref);
+
+@type_mention_parent = @element | @type_mention;
+
+type_mention(
+  unique int id: @type_mention,
+  int type_id: @type_or_ref ref,
+  int parent: @type_mention_parent ref);
+
+type_mention_location(
+  unique int id: @type_mention ref,
+  int loc: @location ref);
+
+@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type;
+
+/**
+ * A direct annotation on an entity, for example `string? x;`.
+ *
+ * Annotations:
+ * 2 = reftype is not annotated "!"
+ * 3 = reftype is annotated "?"
+ * 4 = readonly ref type / in parameter
+ * 5 = ref type parameter, return or local variable
+ * 6 = out parameter
+ *
+ * Note that the annotation depends on the element it annotates.
+ * @assignable: The annotation is on the type of the assignable, for example the variable type.
+ * @type_parameter: The annotation is on the reftype constraint
+ * @callable: The annotation is on the return type
+ * @array_type: The annotation is on the element type
+ */
+type_annotation(int id: @has_type_annotation ref, int annotation: int ref);
+
+nullability(unique int nullability: @nullability, int kind: int ref);
+
+case @nullability.kind of
+  0 = @oblivious
+| 1 = @not_annotated
+| 2 = @annotated
+;
+
+#keyset[parent, index]
+nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref)
+
+type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref);
+
+/**
+ * The nullable flow state of an expression, as determined by Roslyn.
+ *   0 = none (default, not populated)
+ *   1 = not null
+ *   2 = maybe null
+ */
+expr_flowstate(unique int id: @expr ref, int state: int ref);
+
+/** GENERICS **/
+
+@generic = @type | @method | @local_function;
+
+type_parameters(
+  unique int id: @type_parameter ref,
+  int index: int ref,
+  int generic_id: @generic ref,
+  int variance: int ref /* none = 0, out = 1, in = 2 */);
+
+#keyset[constructed_id, index]
+type_arguments(
+  int id: @type_or_ref ref,
+  int index: int ref,
+  int constructed_id: @generic_or_ref ref);
+
+@generic_or_ref = @generic | @typeref;
+
+constructed_generic(
+  unique int constructed: @generic ref,
+  int generic: @generic_or_ref ref);
+
+type_parameter_constraints(
+  unique int id: @type_parameter_constraints,
+  int param_id: @type_parameter ref);
+
+type_parameter_constraints_location(
+  int id: @type_parameter_constraints ref,
+  int loc: @location ref);
+
+general_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int kind: int ref /* class = 1, struct = 2, new = 3 */);
+
+specific_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref);
+
+specific_type_parameter_nullability(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref,
+  int nullability: @nullability ref);
+
+/** FUNCTION POINTERS */
+
+function_pointer_calling_conventions(
+  int id: @function_pointer_type ref,
+  int kind: int ref);
+
+#keyset[id, index]
+has_unmanaged_calling_conventions(
+  int id: @function_pointer_type ref,
+  int index: int ref,
+  int conv_id: @type_or_ref ref);
+
+/** MODIFIERS */
+
+@modifiable = @modifiable_direct | @event_accessor;
+
+@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr;
+
+modifiers(
+  unique int id: @modifier,
+  string name: string ref);
+
+has_modifiers(
+  int id: @modifiable_direct ref,
+  int mod_id: @modifier ref);
+
+compiler_generated(unique int id: @modifiable ref);
+
+/** MEMBERS **/
+
+@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type;
+
+@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr;
+
+@virtualizable = @method | @property | @indexer | @event;
+
+exprorstmt_name(
+  unique int parent_id: @named_exprorstmt ref,
+  string name: string ref);
+
+nested_types(
+  unique int id: @type ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @type ref);
+
+properties(
+  unique int id: @property,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @property ref);
+
+property_location(
+  int id: @property ref,
+  int loc: @location ref);
+
+indexers(
+  unique int id: @indexer,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @indexer ref);
+
+indexer_location(
+  int id: @indexer ref,
+  int loc: @location ref);
+
+accessors(
+  unique int id: @accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_member_id: @member ref,
+  int unbound_id: @accessor ref);
+
+case @accessor.kind of
+  1 = @getter
+| 2 = @setter
+  ;
+
+init_only_accessors(
+  unique int id: @accessor ref);
+
+accessor_location(
+  int id: @accessor ref,
+  int loc: @location ref);
+
+events(
+  unique int id: @event,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @event ref);
+
+event_location(
+  int id: @event ref,
+  int loc: @location ref);
+
+event_accessors(
+  unique int id: @event_accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_event_id: @event ref,
+  int unbound_id: @event_accessor ref);
+
+case @event_accessor.kind of
+  1 = @add_event_accessor
+| 2 = @remove_event_accessor
+  ;
+
+event_accessor_location(
+  int id: @event_accessor ref,
+  int loc: @location ref);
+
+operators(
+  unique int id: @operator,
+  string name: string ref,
+  string symbol: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @operator ref);
+
+operator_location(
+  int id: @operator ref,
+  int loc: @location ref);
+
+constant_value(
+  int id: @variable ref,
+  string value: string ref);
+
+/** CALLABLES **/
+
+@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function;
+
+@callable_accessor = @accessor | @event_accessor;
+
+methods(
+  unique int id: @method,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @method ref);
+
+method_location(
+  int id: @method ref,
+  int loc: @location ref);
+
+constructors(
+  unique int id: @constructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @constructor ref);
+
+constructor_location(
+  int id: @constructor ref,
+  int loc: @location ref);
+
+destructors(
+  unique int id: @destructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @destructor ref);
+
+destructor_location(
+  int id: @destructor ref,
+  int loc: @location ref);
+
+overrides(
+  int id: @callable ref,
+  int base_id: @callable ref);
+
+explicitly_implements(
+  int id: @member ref,
+  int interface_id: @interface_or_ref ref);
+
+local_functions(
+    unique int id: @local_function,
+    string name: string ref,
+    int return_type: @type ref,
+    int unbound_id: @local_function ref);
+
+local_function_stmts(
+    unique int fn: @local_function_stmt ref,
+    int stmt: @local_function ref);
+
+/** VARIABLES **/
+
+@variable = @local_scope_variable | @field;
+
+@local_scope_variable = @local_variable | @parameter;
+
+fields(
+  unique int id: @field,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @field ref);
+
+case @field.kind of
+  1 = @addressable_field
+| 2 = @constant
+  ;
+
+field_location(
+  int id: @field ref,
+  int loc: @location ref);
+
+localvars(
+  unique int id: @local_variable,
+  int kind: int ref,
+  string name: string ref,
+  int implicitly_typed: int ref /* 0 = no, 1 = yes */,
+  int type_id: @type_or_ref ref,
+  int parent_id: @local_var_decl_expr ref);
+
+case @local_variable.kind of
+  1 = @addressable_local_variable
+| 2 = @local_constant
+| 3 = @local_variable_ref
+  ;
+
+localvar_location(
+  unique int id: @local_variable ref,
+  int loc: @location ref);
+
+@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type;
+
+#keyset[name, parent_id]
+#keyset[index, parent_id]
+params(
+  unique int id: @parameter,
+  string name: string ref,
+  int type_id: @type_or_ref ref,
+  int index: int ref,
+  int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */
+  int parent_id: @parameterizable ref,
+  int unbound_id: @parameter ref);
+
+param_location(
+  int id: @parameter ref,
+  int loc: @location ref);
+
+/** STATEMENTS **/
+
+@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent;
+
+statements(
+  unique int id: @stmt,
+  int kind: int ref);
+
+#keyset[index, parent]
+stmt_parent(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_stmt_parent = @callable;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+stmt_parent_top_level(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @top_level_stmt_parent ref);
+
+case @stmt.kind of
+   1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @switch_stmt
+|  5 = @while_stmt
+|  6 = @do_stmt
+|  7 = @for_stmt
+|  8 = @foreach_stmt
+|  9 = @break_stmt
+| 10 = @continue_stmt
+| 11 = @goto_stmt
+| 12 = @goto_case_stmt
+| 13 = @goto_default_stmt
+| 14 = @throw_stmt
+| 15 = @return_stmt
+| 16 = @yield_stmt
+| 17 = @try_stmt
+| 18 = @checked_stmt
+| 19 = @unchecked_stmt
+| 20 = @lock_stmt
+| 21 = @using_block_stmt
+| 22 = @var_decl_stmt
+| 23 = @const_decl_stmt
+| 24 = @empty_stmt
+| 25 = @unsafe_stmt
+| 26 = @fixed_stmt
+| 27 = @label_stmt
+| 28 = @catch
+| 29 = @case_stmt
+| 30 = @local_function_stmt
+| 31 = @using_decl_stmt
+  ;
+
+@using_stmt = @using_block_stmt | @using_decl_stmt;
+
+@labeled_stmt = @label_stmt | @case;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt;
+
+@cond_stmt = @if_stmt | @switch_stmt;
+
+@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt;
+
+@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt
+           | @yield_stmt;
+
+@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt;
+
+
+stmt_location(
+  unique int id: @stmt ref,
+  int loc: @location ref);
+
+catch_type(
+  unique int catch_id: @catch ref,
+  int type_id: @type_or_ref ref,
+  int kind: int ref /* explicit = 1, implicit = 2 */);
+
+foreach_stmt_info(
+  unique int id: @foreach_stmt ref,
+  int kind: int ref /* non-async = 1, async = 2 */);
+
+@foreach_symbol =  @method | @property | @type_or_ref;
+
+#keyset[id, kind]
+foreach_stmt_desugar(
+  int id: @foreach_stmt ref,
+  int symbol: @foreach_symbol ref,
+  int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */);
+
+/** EXPRESSIONS **/
+
+expressions(
+  unique int id: @expr,
+  int kind: int ref,
+  int type_id: @type_or_ref ref);
+
+#keyset[index, parent]
+expr_parent(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif;
+
+@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+expr_parent_top_level(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @top_level_exprorstmt_parent ref);
+
+case @expr.kind of
+/* literal */
+   1 = @bool_literal_expr
+|  2 = @char_literal_expr
+|  3 = @decimal_literal_expr
+|  4 = @int_literal_expr
+|  5 = @long_literal_expr
+|  6 = @uint_literal_expr
+|  7 = @ulong_literal_expr
+|  8 = @float_literal_expr
+|  9 = @double_literal_expr
+| 10 = @string_literal_expr
+| 11 = @null_literal_expr
+/* primary & unary */
+| 12 = @this_access_expr
+| 13 = @base_access_expr
+| 14 = @local_variable_access_expr
+| 15 = @parameter_access_expr
+| 16 = @field_access_expr
+| 17 = @property_access_expr
+| 18 = @method_access_expr
+| 19 = @event_access_expr
+| 20 = @indexer_access_expr
+| 21 = @array_access_expr
+| 22 = @type_access_expr
+| 23 = @typeof_expr
+| 24 = @method_invocation_expr
+| 25 = @delegate_invocation_expr
+| 26 = @operator_invocation_expr
+| 27 = @cast_expr
+| 28 = @object_creation_expr
+| 29 = @explicit_delegate_creation_expr
+| 30 = @implicit_delegate_creation_expr
+| 31 = @array_creation_expr
+| 32 = @default_expr
+| 33 = @plus_expr
+| 34 = @minus_expr
+| 35 = @bit_not_expr
+| 36 = @log_not_expr
+| 37 = @post_incr_expr
+| 38 = @post_decr_expr
+| 39 = @pre_incr_expr
+| 40 = @pre_decr_expr
+/* multiplicative */
+| 41 = @mul_expr
+| 42 = @div_expr
+| 43 = @rem_expr
+/* additive */
+| 44 = @add_expr
+| 45 = @sub_expr
+/* shift */
+| 46 = @lshift_expr
+| 47 = @rshift_expr
+/* relational */
+| 48 = @lt_expr
+| 49 = @gt_expr
+| 50 = @le_expr
+| 51 = @ge_expr
+/* equality */
+| 52 = @eq_expr
+| 53 = @ne_expr
+/* logical */
+| 54 = @bit_and_expr
+| 55 = @bit_xor_expr
+| 56 = @bit_or_expr
+| 57 = @log_and_expr
+| 58 = @log_or_expr
+/* type testing */
+| 59 = @is_expr
+| 60 = @as_expr
+/* null coalescing */
+| 61 = @null_coalescing_expr
+/* conditional */
+| 62 = @conditional_expr
+/* assignment */
+| 63 = @simple_assign_expr
+| 64 = @assign_add_expr
+| 65 = @assign_sub_expr
+| 66 = @assign_mul_expr
+| 67 = @assign_div_expr
+| 68 = @assign_rem_expr
+| 69 = @assign_and_expr
+| 70 = @assign_xor_expr
+| 71 = @assign_or_expr
+| 72 = @assign_lshift_expr
+| 73 = @assign_rshift_expr
+/* more */
+| 74 = @object_init_expr
+| 75 = @collection_init_expr
+| 76 = @array_init_expr
+| 77 = @checked_expr
+| 78 = @unchecked_expr
+| 79 = @constructor_init_expr
+| 80 = @add_event_expr
+| 81 = @remove_event_expr
+| 82 = @par_expr
+| 83 = @local_var_decl_expr
+| 84 = @lambda_expr
+| 85 = @anonymous_method_expr
+| 86 = @namespace_expr
+/* dynamic */
+| 92 = @dynamic_element_access_expr
+| 93 = @dynamic_member_access_expr
+/* unsafe */
+| 100 = @pointer_indirection_expr
+| 101 = @address_of_expr
+| 102 = @sizeof_expr
+/* async */
+| 103 = @await_expr
+/* C# 6.0 */
+| 104 = @nameof_expr
+| 105 = @interpolated_string_expr
+| 106 = @unknown_expr
+/* C# 7.0 */
+| 107 = @throw_expr
+| 108 = @tuple_expr
+| 109 = @local_function_invocation_expr
+| 110 = @ref_expr
+| 111 = @discard_expr
+/* C# 8.0 */
+| 112 = @range_expr
+| 113 = @index_expr
+| 114 = @switch_expr
+| 115 = @recursive_pattern_expr
+| 116 = @property_pattern_expr
+| 117 = @positional_pattern_expr
+| 118 = @switch_case_expr
+| 119 = @assign_coalesce_expr
+| 120 = @suppress_nullable_warning_expr
+| 121 = @namespace_access_expr
+/* C# 9.0 */
+| 122 = @lt_pattern_expr
+| 123 = @gt_pattern_expr
+| 124 = @le_pattern_expr
+| 125 = @ge_pattern_expr
+| 126 = @not_pattern_expr
+| 127 = @and_pattern_expr
+| 128 = @or_pattern_expr
+| 129 = @function_pointer_invocation_expr
+| 130 = @with_expr
+/* Preprocessor */
+| 999 = @define_symbol_expr
+;
+
+@switch = @switch_stmt | @switch_expr;
+@case = @case_stmt | @switch_case_expr;
+@pattern_match = @case | @is_expr;
+@unary_pattern_expr = @not_pattern_expr;
+@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr;
+@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr;
+
+@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr;
+@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr;
+@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr
+              | @string_literal_expr | @null_literal_expr;
+
+@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr;
+@assign_op_expr =  @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr;
+@assign_event_expr = @add_event_expr | @remove_event_expr;
+
+@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr
+                   | @assign_rem_expr
+@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr
+                   | @assign_lshift_expr | @assign_rshift_expr;
+
+@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr
+                    | @method_access_expr | @type_access_expr | @dynamic_member_access_expr;
+@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr;
+@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr;
+
+@local_variable_access = @local_variable_access_expr | @local_var_decl_expr;
+@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access;
+@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr;
+
+@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr
+                        | @event_access_expr | @dynamic_member_access_expr;
+
+@objectorcollection_init_expr = @object_init_expr | @collection_init_expr;
+
+@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr;
+
+@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr;
+@incr_op_expr =  @pre_incr_expr | @post_incr_expr;
+@decr_op_expr =  @pre_decr_expr | @post_decr_expr;
+@mut_op_expr = @incr_op_expr | @decr_op_expr;
+@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr;
+@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr;
+
+@ternary_log_op_expr = @conditional_expr;
+@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr;
+@un_log_op_expr = @log_not_expr;
+@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr;
+
+@bin_bit_op_expr =  @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr
+                 | @rshift_expr;
+@un_bit_op_expr = @bit_not_expr;
+@bit_expr = @un_bit_op_expr | @bin_bit_op_expr;
+
+@equality_op_expr =  @eq_expr | @ne_expr;
+@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr;
+@comp_expr = @equality_op_expr | @rel_op_expr;
+
+@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op;
+
+@ternary_op = @ternary_log_op_expr;
+@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr;
+@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr
+       | @pointer_indirection_expr | @address_of_expr;
+
+@anonymous_function_expr = @lambda_expr | @anonymous_method_expr;
+
+@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr
+      | @delegate_invocation_expr | @object_creation_expr | @call_access_expr
+      | @local_function_invocation_expr | @function_pointer_invocation_expr;
+
+@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr;
+
+@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr
+                    | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr;
+
+@throw_element = @throw_expr | @throw_stmt;
+
+@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr;
+
+implicitly_typed_array_creation(
+  unique int id: @array_creation_expr ref);
+
+explicitly_sized_array_creation(
+  unique int id: @array_creation_expr ref);
+
+stackalloc_array_creation(
+  unique int id: @array_creation_expr ref);
+
+implicitly_typed_object_creation(
+  unique int id: @implicitly_typeable_object_creation_expr ref);
+
+mutator_invocation_mode(
+  unique int id: @operator_invocation_expr ref,
+  int mode: int ref /* prefix = 1, postfix = 2*/);
+
+expr_compiler_generated(
+  unique int id: @expr ref);
+
+expr_value(
+  unique int id: @expr ref,
+  string value: string ref);
+
+expr_call(
+  unique int caller_id: @expr ref,
+  int target_id: @callable ref);
+
+expr_access(
+  unique int accesser_id: @access_expr ref,
+  int target_id: @accessible ref);
+
+@accessible = @method | @assignable | @local_function | @namespace;
+
+expr_location(
+  unique int id: @expr ref,
+  int loc: @location ref);
+
+dynamic_member_name(
+  unique int id: @late_bindable_expr ref,
+  string name: string ref);
+
+@qualifiable_expr = @member_access_expr
+                  | @method_invocation_expr
+                  | @element_access_expr;
+
+conditional_access(
+  unique int id: @qualifiable_expr ref);
+
+expr_argument(
+  unique int id: @expr ref,
+  int mode: int ref);
+  /* mode is the same as params: value = 0, ref = 1, out = 2 */
+
+expr_argument_name(
+  unique int id: @expr ref,
+  string name: string ref);
+
+lambda_expr_return_type(
+  unique int id: @lambda_expr ref,
+  int type_id: @type_or_ref ref);
+  
+/** CONTROL/DATA FLOW **/
+
+@control_flow_element = @stmt | @expr;
+
+/* XML Files */
+
+xmlEncoding  (
+  unique int id: @file ref,
+  string encoding: string ref);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/* Comments */
+
+commentline(
+  unique int id: @commentline,
+  int kind: int ref,
+  string text: string ref,
+  string rawtext: string ref);
+
+case @commentline.kind of
+  0 = @singlelinecomment
+| 1 = @xmldoccomment
+| 2 = @multilinecomment;
+
+commentline_location(
+  unique int id: @commentline ref,
+  int loc: @location ref);
+
+commentblock(
+  unique int id : @commentblock);
+
+commentblock_location(
+  unique int id: @commentblock ref,
+  int loc: @location ref);
+
+commentblock_binding(
+  int id: @commentblock ref,
+  int entity: @element ref,
+  int bindtype: int ref);    /* 0: Parent, 1: Best, 2: Before, 3: After */
+
+commentblock_child(
+  int id: @commentblock ref,
+  int commentline: @commentline ref,
+  int index: int ref);
+
+/* ASP.NET */
+
+case @asp_element.kind of
+  0=@asp_close_tag
+| 1=@asp_code
+| 2=@asp_comment
+| 3=@asp_data_binding
+| 4=@asp_directive
+| 5=@asp_open_tag
+| 6=@asp_quoted_string
+| 7=@asp_text
+| 8=@asp_xml_directive;
+
+@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string;
+
+asp_elements(
+  unique int id: @asp_element,
+  int kind: int ref,
+  int loc: @location ref);
+
+asp_comment_server(unique int comment: @asp_comment ref);
+asp_code_inline(unique int code: @asp_code ref);
+asp_directive_attribute(
+  int directive: @asp_directive ref,
+  int index: int ref,
+  string name: string ref,
+  int value: @asp_quoted_string ref);
+asp_directive_name(
+  unique int directive: @asp_directive ref,
+  string name: string ref);
+asp_element_body(
+  unique int element: @asp_element ref,
+  string body: string ref);
+asp_tag_attribute(
+  int tag: @asp_open_tag ref,
+  int index: int ref,
+  string name: string ref,
+  int attribute: @asp_attribute ref);
+asp_tag_name(
+  unique int tag: @asp_open_tag ref,
+  string name: string ref);
+asp_tag_isempty(int tag: @asp_open_tag ref);
+
+/* Common Intermediate Language - CIL */
+
+case @cil_instruction.opcode of
+  0 = @cil_nop
+| 1 = @cil_break
+| 2 = @cil_ldarg_0
+| 3 = @cil_ldarg_1
+| 4 = @cil_ldarg_2
+| 5 = @cil_ldarg_3
+| 6 = @cil_ldloc_0
+| 7 = @cil_ldloc_1
+| 8 = @cil_ldloc_2
+| 9 = @cil_ldloc_3
+| 10 = @cil_stloc_0
+| 11 = @cil_stloc_1
+| 12 = @cil_stloc_2
+| 13 = @cil_stloc_3
+| 14 = @cil_ldarg_s
+| 15 = @cil_ldarga_s
+| 16 = @cil_starg_s
+| 17 = @cil_ldloc_s
+| 18 = @cil_ldloca_s
+| 19 = @cil_stloc_s
+| 20 = @cil_ldnull
+| 21 = @cil_ldc_i4_m1
+| 22 = @cil_ldc_i4_0
+| 23 = @cil_ldc_i4_1
+| 24 = @cil_ldc_i4_2
+| 25 = @cil_ldc_i4_3
+| 26 = @cil_ldc_i4_4
+| 27 = @cil_ldc_i4_5
+| 28 = @cil_ldc_i4_6
+| 29 = @cil_ldc_i4_7
+| 30 = @cil_ldc_i4_8
+| 31 = @cil_ldc_i4_s
+| 32 = @cil_ldc_i4
+| 33 = @cil_ldc_i8
+| 34 = @cil_ldc_r4
+| 35 = @cil_ldc_r8
+| 37 = @cil_dup
+| 38 = @cil_pop
+| 39 = @cil_jmp
+| 40 = @cil_call
+| 41 = @cil_calli
+| 42 = @cil_ret
+| 43 = @cil_br_s
+| 44 = @cil_brfalse_s
+| 45 = @cil_brtrue_s
+| 46 = @cil_beq_s
+| 47 = @cil_bge_s
+| 48 = @cil_bgt_s
+| 49 = @cil_ble_s
+| 50 = @cil_blt_s
+| 51 = @cil_bne_un_s
+| 52 = @cil_bge_un_s
+| 53 = @cil_bgt_un_s
+| 54 = @cil_ble_un_s
+| 55 = @cil_blt_un_s
+| 56 = @cil_br
+| 57 = @cil_brfalse
+| 58 = @cil_brtrue
+| 59 = @cil_beq
+| 60 = @cil_bge
+| 61 = @cil_bgt
+| 62 = @cil_ble
+| 63 = @cil_blt
+| 64 = @cil_bne_un
+| 65 = @cil_bge_un
+| 66 = @cil_bgt_un
+| 67 = @cil_ble_un
+| 68 = @cil_blt_un
+| 69 = @cil_switch
+| 70 = @cil_ldind_i1
+| 71 = @cil_ldind_u1
+| 72 = @cil_ldind_i2
+| 73 = @cil_ldind_u2
+| 74 = @cil_ldind_i4
+| 75 = @cil_ldind_u4
+| 76 = @cil_ldind_i8
+| 77 = @cil_ldind_i
+| 78 = @cil_ldind_r4
+| 79 = @cil_ldind_r8
+| 80 = @cil_ldind_ref
+| 81 = @cil_stind_ref
+| 82 = @cil_stind_i1
+| 83 = @cil_stind_i2
+| 84 = @cil_stind_i4
+| 85 = @cil_stind_i8
+| 86 = @cil_stind_r4
+| 87 = @cil_stind_r8
+| 88 = @cil_add
+| 89 = @cil_sub
+| 90 = @cil_mul
+| 91 = @cil_div
+| 92 = @cil_div_un
+| 93 = @cil_rem
+| 94 = @cil_rem_un
+| 95 = @cil_and
+| 96 = @cil_or
+| 97 = @cil_xor
+| 98 = @cil_shl
+| 99 = @cil_shr
+| 100 = @cil_shr_un
+| 101 = @cil_neg
+| 102 = @cil_not
+| 103 = @cil_conv_i1
+| 104 = @cil_conv_i2
+| 105 = @cil_conv_i4
+| 106 = @cil_conv_i8
+| 107 = @cil_conv_r4
+| 108 = @cil_conv_r8
+| 109 = @cil_conv_u4
+| 110 = @cil_conv_u8
+| 111 = @cil_callvirt
+| 112 = @cil_cpobj
+| 113 = @cil_ldobj
+| 114 = @cil_ldstr
+| 115 = @cil_newobj
+| 116 = @cil_castclass
+| 117 = @cil_isinst
+| 118 = @cil_conv_r_un
+| 121 = @cil_unbox
+| 122 = @cil_throw
+| 123 = @cil_ldfld
+| 124 = @cil_ldflda
+| 125 = @cil_stfld
+| 126 = @cil_ldsfld
+| 127 = @cil_ldsflda
+| 128 = @cil_stsfld
+| 129 = @cil_stobj
+| 130 = @cil_conv_ovf_i1_un
+| 131 = @cil_conv_ovf_i2_un
+| 132 = @cil_conv_ovf_i4_un
+| 133 = @cil_conv_ovf_i8_un
+| 134 = @cil_conv_ovf_u1_un
+| 135 = @cil_conv_ovf_u2_un
+| 136 = @cil_conv_ovf_u4_un
+| 137 = @cil_conv_ovf_u8_un
+| 138 = @cil_conv_ovf_i_un
+| 139 = @cil_conv_ovf_u_un
+| 140 = @cil_box
+| 141 = @cil_newarr
+| 142 = @cil_ldlen
+| 143 = @cil_ldelema
+| 144 = @cil_ldelem_i1
+| 145 = @cil_ldelem_u1
+| 146 = @cil_ldelem_i2
+| 147 = @cil_ldelem_u2
+| 148 = @cil_ldelem_i4
+| 149 = @cil_ldelem_u4
+| 150 = @cil_ldelem_i8
+| 151 = @cil_ldelem_i
+| 152 = @cil_ldelem_r4
+| 153 = @cil_ldelem_r8
+| 154 = @cil_ldelem_ref
+| 155 = @cil_stelem_i
+| 156 = @cil_stelem_i1
+| 157 = @cil_stelem_i2
+| 158 = @cil_stelem_i4
+| 159 = @cil_stelem_i8
+| 160 = @cil_stelem_r4
+| 161 = @cil_stelem_r8
+| 162 = @cil_stelem_ref
+| 163 = @cil_ldelem
+| 164 = @cil_stelem
+| 165 = @cil_unbox_any
+| 179 = @cil_conv_ovf_i1
+| 180 = @cil_conv_ovf_u1
+| 181 = @cil_conv_ovf_i2
+| 182 = @cil_conv_ovf_u2
+| 183 = @cil_conv_ovf_i4
+| 184 = @cil_conv_ovf_u4
+| 185 = @cil_conv_ovf_i8
+| 186 = @cil_conv_ovf_u8
+| 194 = @cil_refanyval
+| 195 = @cil_ckinfinite
+| 198 = @cil_mkrefany
+| 208 = @cil_ldtoken
+| 209 = @cil_conv_u2
+| 210 = @cil_conv_u1
+| 211 = @cil_conv_i
+| 212 = @cil_conv_ovf_i
+| 213 = @cil_conv_ovf_u
+| 214 = @cil_add_ovf
+| 215 = @cil_add_ovf_un
+| 216 = @cil_mul_ovf
+| 217 = @cil_mul_ovf_un
+| 218 = @cil_sub_ovf
+| 219 = @cil_sub_ovf_un
+| 220 = @cil_endfinally
+| 221 = @cil_leave
+| 222 = @cil_leave_s
+| 223 = @cil_stind_i
+| 224 = @cil_conv_u
+| 65024 = @cil_arglist
+| 65025 = @cil_ceq
+| 65026 = @cil_cgt
+| 65027 = @cil_cgt_un
+| 65028 = @cil_clt
+| 65029 = @cil_clt_un
+| 65030 = @cil_ldftn
+| 65031 = @cil_ldvirtftn
+| 65033 = @cil_ldarg
+| 65034 = @cil_ldarga
+| 65035 = @cil_starg
+| 65036 = @cil_ldloc
+| 65037 = @cil_ldloca
+| 65038 = @cil_stloc
+| 65039 = @cil_localloc
+| 65041 = @cil_endfilter
+| 65042 = @cil_unaligned
+| 65043 = @cil_volatile
+| 65044 = @cil_tail
+| 65045 = @cil_initobj
+| 65046 = @cil_constrained
+| 65047 = @cil_cpblk
+| 65048 = @cil_initblk
+| 65050 = @cil_rethrow
+| 65052 = @cil_sizeof
+| 65053 = @cil_refanytype
+| 65054 = @cil_readonly
+;
+
+// CIL ignored instructions
+
+@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned;
+
+// CIL local/parameter/field access
+
+@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga;
+@cil_starg_any = @cil_starg | @cil_starg_s;
+
+@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca;
+@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc;
+
+@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda;
+@cil_stfld_any = @cil_stfld | @cil_stsfld;
+
+@cil_local_access = @cil_stloc_any | @cil_ldloc_any;
+@cil_arg_access = @cil_starg_any | @cil_ldarg_any;
+@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any;
+@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any;
+
+@cil_stack_access = @cil_local_access | @cil_arg_access;
+@cil_field_access = @cil_ldfld_any | @cil_stfld_any;
+
+@cil_access = @cil_read_access | @cil_write_access;
+
+// CIL constant/literal instructions
+
+@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8;
+
+@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 |
+  @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4;
+
+@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8;
+
+@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr;
+
+// Control flow
+
+@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump;
+@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s |
+    @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s |
+    @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt |
+    @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un;
+@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch;
+@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any;
+@cil_leave_any = @cil_leave | @cil_leave_s;
+@cil_jump = @cil_unconditional_jump | @cil_conditional_jump;
+
+// CIL call instructions
+
+@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj;
+
+// CIL expression instructions
+
+@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access |
+  @cil_newarr | @cil_ldtoken | @cil_sizeof |
+  @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup;
+
+@cil_unary_expr =
+  @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation|
+  @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any |
+  @cil_ldind | @cil_unbox;
+
+@cil_conversion_operation =
+  @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 |
+  @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 |
+  @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un |
+  @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un |
+  @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un |
+  @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un |
+  @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_i | @cil_conv_u | @cil_conv_r_un;
+
+@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 |
+  @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4;
+
+@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 |
+  @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref;
+
+@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation;
+
+@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl;
+
+@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un |
+  @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un |
+  @cil_sub_ovf | @cil_sub_ovf_un;
+
+@cil_unary_bitwise_operation = @cil_not;
+
+@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation;
+
+@cil_unary_arithmetic_operation = @cil_neg;
+
+@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un;
+
+// Elements that retrieve an address of something
+@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema;
+
+// CIL array instructions
+
+@cil_read_array =
+  @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i |
+  @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 |
+  @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4;
+
+@cil_write_array = @cil_stelem | @cil_stelem_ref |
+  @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 |
+  @cil_stelem_r4 | @cil_stelem_r8;
+
+@cil_throw_any = @cil_throw | @cil_rethrow;
+
+#keyset[impl, index]
+cil_instruction(
+  unique int id: @cil_instruction,
+  int opcode: int ref,
+  int index: int ref,
+  int impl: @cil_method_implementation ref);
+
+cil_jump(
+  unique int instruction: @cil_jump ref,
+  int target: @cil_instruction ref);
+
+cil_access(
+  unique int instruction: @cil_instruction ref,
+  int target: @cil_accessible ref);
+
+cil_value(
+  unique int instruction: @cil_literal ref,
+  string value: string ref);
+
+#keyset[instruction, index]
+cil_switch(
+  int instruction: @cil_switch ref,
+  int index: int ref,
+  int target: @cil_instruction ref);
+
+cil_instruction_location(
+  unique int id: @cil_instruction ref,
+  int loc: @location ref);
+
+cil_type_location(
+  int id: @cil_type ref,
+  int loc: @location ref);
+
+cil_method_location(
+  int id: @cil_method ref,
+  int loc: @location ref);
+
+@cil_namespace = @namespace;
+
+@cil_type_container = @cil_type | @cil_namespace | @cil_method;
+
+case @cil_type.kind of
+  0 = @cil_valueorreftype
+| 1 = @cil_typeparameter
+| 2 = @cil_array_type
+| 3 = @cil_pointer_type
+| 4 = @cil_function_pointer_type
+;
+
+cil_type(
+  unique int id: @cil_type,
+  string name: string ref,
+  int kind: int ref,
+  int parent: @cil_type_container ref,
+  int sourceDecl: @cil_type ref);
+
+cil_pointer_type(
+  unique int id: @cil_pointer_type ref,
+  int pointee: @cil_type ref);
+
+cil_array_type(
+  unique int id: @cil_array_type ref,
+  int element_type: @cil_type ref,
+  int rank: int ref);
+
+cil_function_pointer_return_type(
+  unique int id: @cil_function_pointer_type ref,
+  int return_type: @cil_type ref);
+
+cil_method(
+  unique int id: @cil_method,
+  string name: string ref,
+  int parent: @cil_type ref,
+  int return_type: @cil_type ref);
+
+cil_method_source_declaration(
+  unique int method: @cil_method ref,
+  int source: @cil_method ref);
+
+cil_method_implementation(
+  unique int id: @cil_method_implementation,
+  int method: @cil_method ref,
+  int location: @assembly ref);
+
+cil_implements(
+  int id: @cil_method ref,
+  int decl: @cil_method ref);
+
+#keyset[parent, name]
+cil_field(
+  unique int id: @cil_field,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int field_type: @cil_type ref);
+
+@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace;
+@cil_named_element = @cil_declaration | @cil_namespace;
+@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member;
+@cil_accessible = @cil_declaration;
+@cil_variable = @cil_field | @cil_stack_variable;
+@cil_stack_variable = @cil_local_variable | @cil_parameter;
+@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event;
+@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type;
+@cil_parameterizable = @cil_method | @cil_function_pointer_type;
+@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_method | @cil_function_pointer_type;
+
+#keyset[parameterizable, index]
+cil_parameter(
+  unique int id: @cil_parameter,
+  int parameterizable: @cil_parameterizable ref,
+  int index: int ref,
+  int param_type: @cil_type ref);
+
+cil_parameter_in(unique int id: @cil_parameter ref);
+cil_parameter_out(unique int id: @cil_parameter ref);
+
+cil_setter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+#keyset[id, modifier]
+cil_custom_modifiers(
+  int id: @cil_custom_modifier_receiver ref,
+  int modifier: @cil_type ref,
+  int kind: int ref); // modreq: 1, modopt: 0
+
+cil_type_annotation(
+  int id: @cil_has_type_annotation ref,
+  int annotation: int ref);
+
+cil_getter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+cil_adder(unique int event: @cil_event ref,
+  int method: @cil_method ref);
+
+cil_remover(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_property(
+  unique int id: @cil_property,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int property_type: @cil_type ref);
+
+#keyset[parent, name]
+cil_event(unique int id: @cil_event,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int event_type: @cil_type ref);
+
+#keyset[impl, index]
+cil_local_variable(
+  unique int id: @cil_local_variable,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int var_type: @cil_type ref);
+
+cil_function_pointer_calling_conventions(
+  int id: @cil_function_pointer_type ref,
+  int kind: int ref);
+
+// CIL handlers (exception handlers etc).
+
+case @cil_handler.kind of
+  0 = @cil_catch_handler
+| 1 = @cil_filter_handler
+| 2 = @cil_finally_handler
+| 4 = @cil_fault_handler
+;
+
+#keyset[impl, index]
+cil_handler(
+  unique int id: @cil_handler,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int kind: int ref,
+  int try_start: @cil_instruction ref,
+  int try_end: @cil_instruction ref,
+  int handler_start: @cil_instruction ref);
+
+cil_handler_filter(
+  unique int id: @cil_handler ref,
+  int filter_start: @cil_instruction ref);
+
+cil_handler_type(
+  unique int id: @cil_handler ref,
+  int catch_type: @cil_type ref);
+
+@cil_controlflow_node = @cil_entry_point | @cil_instruction;
+
+@cil_entry_point = @cil_method_implementation | @cil_handler;
+
+@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method;
+
+cil_method_stack_size(
+  unique int method: @cil_method_implementation ref,
+  int size: int ref);
+
+// CIL modifiers
+
+cil_public(int id: @cil_member ref);
+cil_private(int id: @cil_member ref);
+cil_protected(int id: @cil_member ref);
+cil_internal(int id: @cil_member ref);
+cil_static(int id: @cil_member ref);
+cil_sealed(int id: @cil_member ref);
+cil_virtual(int id: @cil_method ref);
+cil_abstract(int id: @cil_member ref);
+cil_class(int id: @cil_type ref);
+cil_interface(int id: @cil_type ref);
+cil_security(int id: @cil_member ref);
+cil_requiresecobject(int id: @cil_method ref);
+cil_specialname(int id: @cil_method ref);
+cil_newslot(int id: @cil_method ref);
+
+cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref);
+cil_base_interface(int id: @cil_type ref, int base: @cil_type ref);
+cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref);
+
+#keyset[unbound, index]
+cil_type_parameter(
+  int unbound: @cil_member ref,
+  int index: int ref,
+  int param: @cil_typeparameter ref);
+
+#keyset[bound, index]
+cil_type_argument(
+  int bound: @cil_member ref,
+  int index: int ref,
+  int t: @cil_type ref);
+
+// CIL type parameter constraints
+
+cil_typeparam_covariant(int tp: @cil_typeparameter ref);
+cil_typeparam_contravariant(int tp: @cil_typeparameter ref);
+cil_typeparam_class(int tp: @cil_typeparameter ref);
+cil_typeparam_struct(int tp: @cil_typeparameter ref);
+cil_typeparam_new(int tp: @cil_typeparameter ref);
+cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref);
+
+// CIL attributes
+
+cil_attribute(
+  unique int attributeid: @cil_attribute,
+  int element: @cil_declaration ref,
+  int constructor: @cil_method ref);
+
+#keyset[attribute_id, param]
+cil_attribute_named_argument(
+  int attribute_id: @cil_attribute ref,
+  string param: string ref,
+  string value: string ref);
+
+#keyset[attribute_id, index]
+cil_attribute_positional_argument(
+  int attribute_id: @cil_attribute ref,
+  int index: int ref,
+  string value: string ref);
+
+
+// Common .Net data model covering both C# and CIL
+
+// Common elements
+@dotnet_element = @element | @cil_element;
+@dotnet_named_element = @named_element | @cil_named_element;
+@dotnet_callable = @callable | @cil_method;
+@dotnet_variable = @variable | @cil_variable;
+@dotnet_field = @field | @cil_field;
+@dotnet_parameter = @parameter | @cil_parameter;
+@dotnet_declaration = @declaration | @cil_declaration;
+@dotnet_member = @member | @cil_member;
+@dotnet_event = @event | @cil_event;
+@dotnet_property = @property | @cil_property | @indexer;
+@dotnet_parameterizable = @parameterizable | @cil_parameterizable;
+
+// Common types
+@dotnet_type = @type | @cil_type;
+@dotnet_call = @call | @cil_call_any;
+@dotnet_throw = @throw_element | @cil_throw_any;
+@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type;
+@dotnet_typeparameter = @type_parameter | @cil_typeparameter;
+@dotnet_array_type = @array_type | @cil_array_type;
+@dotnet_pointer_type = @pointer_type | @cil_pointer_type;
+@dotnet_type_parameter = @type_parameter | @cil_typeparameter;
+@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable;
+
+// Attributes
+@dotnet_attribute = @attribute | @cil_attribute;
+
+// Expressions
+@dotnet_expr = @expr | @cil_expr;
+
+// Literals
+@dotnet_literal = @literal_expr | @cil_literal;
+@dotnet_string_literal = @string_literal_expr | @cil_ldstr;
+@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i;
+@dotnet_float_literal = @float_literal_expr | @cil_ldc_r;
+@dotnet_null_literal = @null_literal_expr | @cil_ldnull;
+
+@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property |
+    @callable | @value_or_ref_type | @void_type;
+
+#keyset[entity, location]
+metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref)
diff --git a/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/semmlecode.csharp.dbscheme b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/semmlecode.csharp.dbscheme
new file mode 100644
index 00000000000..83aca6b3e4f
--- /dev/null
+++ b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/semmlecode.csharp.dbscheme
@@ -0,0 +1,2067 @@
+/* This is a dummy line to alter the dbscheme, so we can make a database upgrade
+ * without actually changing any of the dbscheme predicates. It contains a date
+ * to allow for such updates in the future as well.
+ *
+ * 2021-07-14
+ *
+ * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a
+ * previously seen state (matching a previously seen SHA), which would make the upgrade
+ * mechanism not work properly.
+ */
+
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    unique int id : @compilation,
+    string cwd : string ref
+);
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | --compiler
+ * 1   | *path to compiler*
+ * 2   | f1.cs
+ * 3   | f2.cs
+ * 4   | f3.cs
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | f1.cs
+ * 1   | f2.cs
+ * 2   | f3.cs
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The references used by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | ref1.dll
+ * 1   | ref2.dll
+ * 2   | ref3.dll
+ */
+#keyset[id, num]
+compilation_referencing_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+extractor_messages(
+    unique int id: @extractor_message,
+    int severity: int ref,
+    string origin : string ref,
+    string text : string ref,
+    string entity : string ref,
+    int location: @location_default ref,
+    string stack_trace : string ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+compilation_assembly(
+  unique int id : @compilation ref,
+  int assembly: @assembly ref
+)
+
+// Populated by the CSV extractor
+externalData(
+   int id: @externalDataElement,
+   string path: string ref,
+   int column: int ref,
+   string value: string ref);
+
+sourceLocationPrefix(
+  string prefix: string ref);
+
+/*
+ * C# dbscheme
+ */
+
+/** ELEMENTS **/
+
+@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration
+         | @using_directive | @type_parameter_constraints | @externalDataElement
+         | @xmllocatable | @asp_element | @namespace | @preprocessor_directive;
+
+@declaration = @callable | @generic | @assignable | @namespace;
+
+@named_element = @namespace | @declaration;
+
+@declaration_with_accessors = @property | @indexer | @event;
+
+@assignable = @variable | @assignable_with_accessors | @event;
+
+@assignable_with_accessors = @property | @indexer;
+
+@attributable = @assembly | @field | @parameter | @operator | @method | @constructor
+              | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors
+              | @local_function | @lambda_expr;
+
+/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/
+
+@location = @location_default | @assembly;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+locations_mapped(
+  unique int id: @location_default ref,
+  int mapped_to: @location_default ref);
+
+@sourceline = @file | @callable | @xmllocatable;
+
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref);
+
+assemblies(
+  unique int id: @assembly,
+  int file: @file ref,
+  string fullname: string ref,
+  string name: string ref,
+  string version: string ref);
+
+files(
+  unique int id: @file,
+  string name: string ref);
+
+folders(
+  unique int id: @folder,
+  string name: string ref);
+
+@container = @folder | @file ;
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref);
+
+file_extraction_mode(
+  unique int file: @file ref,
+  int mode: int ref
+  /* 0 = normal, 1 = standalone extractor */
+  );
+
+/** NAMESPACES **/
+
+@type_container = @namespace | @type;
+
+namespaces(
+  unique int id: @namespace,
+  string name: string ref);
+
+namespace_declarations(
+  unique int id: @namespace_declaration,
+  int namespace_id: @namespace ref);
+
+namespace_declaration_location(
+  unique int id: @namespace_declaration ref,
+  int loc: @location ref);
+
+parent_namespace(
+  unique int child_id: @type_container ref,
+  int namespace_id: @namespace ref);
+
+@declaration_or_directive = @namespace_declaration | @type | @using_directive;
+
+parent_namespace_declaration(
+  int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes
+  int namespace_id: @namespace_declaration ref);
+
+@using_directive = @using_namespace_directive | @using_static_directive;
+
+using_global(
+  unique int id: @using_directive ref
+);
+
+using_namespace_directives(
+  unique int id: @using_namespace_directive,
+  int namespace_id: @namespace ref);
+
+using_static_directives(
+  unique int id: @using_static_directive,
+  int type_id: @type_or_ref ref);
+
+using_directive_location(
+  unique int id: @using_directive ref,
+  int loc: @location ref);
+
+@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning
+  | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if
+  | @directive_elif | @directive_else | @directive_endif;
+
+@conditional_directive = @directive_if | @directive_elif;
+@branch_directive = @directive_if | @directive_elif | @directive_else;
+
+directive_ifs(
+  unique int id: @directive_if,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref); /* 0: false, 1: true */
+
+directive_elifs(
+  unique int id: @directive_elif,
+  int branchTaken: int ref,     /* 0: false, 1: true */
+  int conditionValue: int ref,  /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+directive_elses(
+  unique int id: @directive_else,
+  int branchTaken: int ref,   /* 0: false, 1: true */
+  int parent: @directive_if ref,
+  int index: int ref);
+
+#keyset[id, start]
+directive_endifs(
+  unique int id: @directive_endif,
+  unique int start: @directive_if ref);
+
+directive_define_symbols(
+  unique int id: @define_symbol_expr ref,
+  string name: string ref);
+
+directive_regions(
+  unique int id: @directive_region,
+  string name: string ref);
+
+#keyset[id, start]
+directive_endregions(
+  unique int id: @directive_endregion,
+  unique int start: @directive_region ref);
+
+directive_lines(
+  unique int id: @directive_line,
+  int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */
+
+directive_line_value(
+  unique int id: @directive_line ref,
+  int line: int ref);
+
+directive_line_file(
+  unique int id: @directive_line ref,
+  int file: @file ref);
+
+directive_line_offset(
+  unique int id: @directive_line ref,
+  int offset: int ref);
+
+directive_line_span(
+  unique int id: @directive_line ref,
+  int startLine: int ref,
+  int startColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref);
+
+directive_nullables(
+  unique int id: @directive_nullable,
+  int setting: int ref, /* 0: disable, 1: enable, 2: restore */
+  int target: int ref); /* 0: none, 1: annotations, 2: warnings */
+
+directive_warnings(
+  unique int id: @directive_warning,
+  string message: string ref);
+
+directive_errors(
+  unique int id: @directive_error,
+  string message: string ref);
+
+directive_undefines(
+  unique int id: @directive_undefine,
+  string name: string ref);
+
+directive_defines(
+  unique int id: @directive_define,
+  string name: string ref);
+
+pragma_checksums(
+  unique int id: @pragma_checksum,
+  int file: @file ref,
+  string guid: string ref,
+  string bytes: string ref);
+
+pragma_warnings(
+  unique int id: @pragma_warning,
+  int kind: int ref /* 0 = disable, 1 = restore */);
+
+#keyset[id, index]
+pragma_warning_error_codes(
+  int id: @pragma_warning ref,
+  string errorCode: string ref,
+  int index: int ref);
+
+preprocessor_directive_location(
+  unique int id: @preprocessor_directive ref,
+  int loc: @location ref);
+
+preprocessor_directive_compilation(
+  unique int id: @preprocessor_directive ref,
+  int compilation: @compilation ref);
+
+preprocessor_directive_active(
+  unique int id: @preprocessor_directive ref,
+  int active: int ref);  /* 0: false, 1: true */
+
+/** TYPES **/
+
+types(
+  unique int id: @type,
+  int kind: int ref,
+  string name: string ref);
+
+case @type.kind of
+   1 = @bool_type
+|  2 = @char_type
+|  3 = @decimal_type
+|  4 = @sbyte_type
+|  5 = @short_type
+|  6 = @int_type
+|  7 = @long_type
+|  8 = @byte_type
+|  9 = @ushort_type
+| 10 = @uint_type
+| 11 = @ulong_type
+| 12 = @float_type
+| 13 = @double_type
+| 14 = @enum_type
+| 15 = @struct_type
+| 17 = @class_type
+| 19 = @interface_type
+| 20 = @delegate_type
+| 21 = @null_type
+| 22 = @type_parameter
+| 23 = @pointer_type
+| 24 = @nullable_type
+| 25 = @array_type
+| 26 = @void_type
+| 27 = @int_ptr_type
+| 28 = @uint_ptr_type
+| 29 = @dynamic_type
+| 30 = @arglist_type
+| 31 = @unknown_type
+| 32 = @tuple_type
+| 33 = @function_pointer_type
+  ;
+
+@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type;
+@integral_type = @signed_integral_type | @unsigned_integral_type;
+@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type;
+@unsigned_integral_type = @byte_type  | @ushort_type | @uint_type | @ulong_type;
+@floating_point_type = @float_type | @double_type;
+@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type
+            | @uint_ptr_type | @tuple_type;
+@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type
+          | @dynamic_type;
+@value_or_ref_type = @value_type | @ref_type;
+
+typerefs(
+  unique int id: @typeref,
+  string name: string ref);
+
+typeref_type(
+  int id: @typeref ref,
+  unique int typeId: @type ref);
+
+@type_or_ref = @type | @typeref;
+
+array_element_type(
+  unique int array: @array_type ref,
+  int dimension: int ref,
+  int rank: int ref,
+  int element: @type_or_ref ref);
+
+nullable_underlying_type(
+  unique int nullable: @nullable_type ref,
+  int underlying: @type_or_ref ref);
+
+pointer_referent_type(
+  unique int pointer: @pointer_type ref,
+  int referent: @type_or_ref ref);
+
+enum_underlying_type(
+  unique int enum_id: @enum_type ref,
+  int underlying_type_id: @type_or_ref ref);
+
+delegate_return_type(
+  unique int delegate_id: @delegate_type ref,
+  int return_type_id: @type_or_ref ref);
+
+function_pointer_return_type(
+    unique int function_pointer_id: @function_pointer_type ref,
+    int return_type_id: @type_or_ref ref);
+
+extend(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+anonymous_types(
+  unique int id: @type ref);
+
+@interface_or_ref = @interface_type | @typeref;
+
+implement(
+  int sub: @type ref,
+  int super: @type_or_ref ref);
+
+type_location(
+  int id: @type ref,
+  int loc: @location ref);
+
+tuple_underlying_type(
+  unique int tuple: @tuple_type ref,
+  int struct: @type_or_ref ref);
+
+#keyset[tuple, index]
+tuple_element(
+  int tuple: @tuple_type ref,
+  int index: int ref,
+  unique int field: @field ref);
+
+attributes(
+  unique int id: @attribute,
+  int kind: int ref,
+  int type_id: @type_or_ref ref,
+  int target:  @attributable ref);
+
+case @attribute.kind of
+  0 = @attribute_default
+| 1 = @attribute_return
+| 2 = @attribute_assembly
+| 3 = @attribute_module
+;
+
+attribute_location(
+  int id: @attribute ref,
+  int loc: @location ref);
+
+@type_mention_parent = @element | @type_mention;
+
+type_mention(
+  unique int id: @type_mention,
+  int type_id: @type_or_ref ref,
+  int parent: @type_mention_parent ref);
+
+type_mention_location(
+  unique int id: @type_mention ref,
+  int loc: @location ref);
+
+@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type;
+
+/**
+ * A direct annotation on an entity, for example `string? x;`.
+ *
+ * Annotations:
+ * 2 = reftype is not annotated "!"
+ * 3 = reftype is annotated "?"
+ * 4 = readonly ref type / in parameter
+ * 5 = ref type parameter, return or local variable
+ * 6 = out parameter
+ *
+ * Note that the annotation depends on the element it annotates.
+ * @assignable: The annotation is on the type of the assignable, for example the variable type.
+ * @type_parameter: The annotation is on the reftype constraint
+ * @callable: The annotation is on the return type
+ * @array_type: The annotation is on the element type
+ */
+type_annotation(int id: @has_type_annotation ref, int annotation: int ref);
+
+nullability(unique int nullability: @nullability, int kind: int ref);
+
+case @nullability.kind of
+  0 = @oblivious
+| 1 = @not_annotated
+| 2 = @annotated
+;
+
+#keyset[parent, index]
+nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref)
+
+type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref);
+
+/**
+ * The nullable flow state of an expression, as determined by Roslyn.
+ *   0 = none (default, not populated)
+ *   1 = not null
+ *   2 = maybe null
+ */
+expr_flowstate(unique int id: @expr ref, int state: int ref);
+
+/** GENERICS **/
+
+@generic = @type | @method | @local_function;
+
+type_parameters(
+  unique int id: @type_parameter ref,
+  int index: int ref,
+  int generic_id: @generic ref,
+  int variance: int ref /* none = 0, out = 1, in = 2 */);
+
+#keyset[constructed_id, index]
+type_arguments(
+  int id: @type_or_ref ref,
+  int index: int ref,
+  int constructed_id: @generic_or_ref ref);
+
+@generic_or_ref = @generic | @typeref;
+
+constructed_generic(
+  unique int constructed: @generic ref,
+  int generic: @generic_or_ref ref);
+
+type_parameter_constraints(
+  unique int id: @type_parameter_constraints,
+  int param_id: @type_parameter ref);
+
+type_parameter_constraints_location(
+  int id: @type_parameter_constraints ref,
+  int loc: @location ref);
+
+general_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int kind: int ref /* class = 1, struct = 2, new = 3 */);
+
+specific_type_parameter_constraints(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref);
+
+specific_type_parameter_nullability(
+  int id: @type_parameter_constraints ref,
+  int base_id: @type_or_ref ref,
+  int nullability: @nullability ref);
+
+/** FUNCTION POINTERS */
+
+function_pointer_calling_conventions(
+  int id: @function_pointer_type ref,
+  int kind: int ref);
+
+#keyset[id, index]
+has_unmanaged_calling_conventions(
+  int id: @function_pointer_type ref,
+  int index: int ref,
+  int conv_id: @type_or_ref ref);
+
+/** MODIFIERS */
+
+@modifiable = @modifiable_direct | @event_accessor;
+
+@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr;
+
+modifiers(
+  unique int id: @modifier,
+  string name: string ref);
+
+has_modifiers(
+  int id: @modifiable_direct ref,
+  int mod_id: @modifier ref);
+
+compiler_generated(unique int id: @modifiable ref);
+
+/** MEMBERS **/
+
+@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type;
+
+@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr;
+
+@virtualizable = @method | @property | @indexer | @event;
+
+exprorstmt_name(
+  unique int parent_id: @named_exprorstmt ref,
+  string name: string ref);
+
+nested_types(
+  unique int id: @type ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @type ref);
+
+properties(
+  unique int id: @property,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @property ref);
+
+property_location(
+  int id: @property ref,
+  int loc: @location ref);
+
+indexers(
+  unique int id: @indexer,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @indexer ref);
+
+indexer_location(
+  int id: @indexer ref,
+  int loc: @location ref);
+
+accessors(
+  unique int id: @accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_member_id: @member ref,
+  int unbound_id: @accessor ref);
+
+case @accessor.kind of
+  1 = @getter
+| 2 = @setter
+  ;
+
+init_only_accessors(
+  unique int id: @accessor ref);
+
+accessor_location(
+  int id: @accessor ref,
+  int loc: @location ref);
+
+events(
+  unique int id: @event,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @event ref);
+
+event_location(
+  int id: @event ref,
+  int loc: @location ref);
+
+event_accessors(
+  unique int id: @event_accessor,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_event_id: @event ref,
+  int unbound_id: @event_accessor ref);
+
+case @event_accessor.kind of
+  1 = @add_event_accessor
+| 2 = @remove_event_accessor
+  ;
+
+event_accessor_location(
+  int id: @event_accessor ref,
+  int loc: @location ref);
+
+operators(
+  unique int id: @operator,
+  string name: string ref,
+  string symbol: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @operator ref);
+
+operator_location(
+  int id: @operator ref,
+  int loc: @location ref);
+
+constant_value(
+  int id: @variable ref,
+  string value: string ref);
+
+/** CALLABLES **/
+
+@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function;
+
+@callable_accessor = @accessor | @event_accessor;
+
+methods(
+  unique int id: @method,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @method ref);
+
+method_location(
+  int id: @method ref,
+  int loc: @location ref);
+
+constructors(
+  unique int id: @constructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @constructor ref);
+
+constructor_location(
+  int id: @constructor ref,
+  int loc: @location ref);
+
+destructors(
+  unique int id: @destructor,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int unbound_id: @destructor ref);
+
+destructor_location(
+  int id: @destructor ref,
+  int loc: @location ref);
+
+overrides(
+  int id: @callable ref,
+  int base_id: @callable ref);
+
+explicitly_implements(
+  int id: @member ref,
+  int interface_id: @interface_or_ref ref);
+
+local_functions(
+    unique int id: @local_function,
+    string name: string ref,
+    int return_type: @type ref,
+    int unbound_id: @local_function ref);
+
+local_function_stmts(
+    unique int fn: @local_function_stmt ref,
+    int stmt: @local_function ref);
+
+/** VARIABLES **/
+
+@variable = @local_scope_variable | @field;
+
+@local_scope_variable = @local_variable | @parameter;
+
+fields(
+  unique int id: @field,
+  int kind: int ref,
+  string name: string ref,
+  int declaring_type_id: @type ref,
+  int type_id: @type_or_ref ref,
+  int unbound_id: @field ref);
+
+case @field.kind of
+  1 = @addressable_field
+| 2 = @constant
+  ;
+
+field_location(
+  int id: @field ref,
+  int loc: @location ref);
+
+localvars(
+  unique int id: @local_variable,
+  int kind: int ref,
+  string name: string ref,
+  int implicitly_typed: int ref /* 0 = no, 1 = yes */,
+  int type_id: @type_or_ref ref,
+  int parent_id: @local_var_decl_expr ref);
+
+case @local_variable.kind of
+  1 = @addressable_local_variable
+| 2 = @local_constant
+| 3 = @local_variable_ref
+  ;
+
+localvar_location(
+  unique int id: @local_variable ref,
+  int loc: @location ref);
+
+@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type;
+
+#keyset[name, parent_id]
+#keyset[index, parent_id]
+params(
+  unique int id: @parameter,
+  string name: string ref,
+  int type_id: @type_or_ref ref,
+  int index: int ref,
+  int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */
+  int parent_id: @parameterizable ref,
+  int unbound_id: @parameter ref);
+
+param_location(
+  int id: @parameter ref,
+  int loc: @location ref);
+
+/** STATEMENTS **/
+
+@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent;
+
+statements(
+  unique int id: @stmt,
+  int kind: int ref);
+
+#keyset[index, parent]
+stmt_parent(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_stmt_parent = @callable;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+stmt_parent_top_level(
+  unique int stmt: @stmt ref,
+  int index: int ref,
+  int parent: @top_level_stmt_parent ref);
+
+case @stmt.kind of
+   1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @switch_stmt
+|  5 = @while_stmt
+|  6 = @do_stmt
+|  7 = @for_stmt
+|  8 = @foreach_stmt
+|  9 = @break_stmt
+| 10 = @continue_stmt
+| 11 = @goto_stmt
+| 12 = @goto_case_stmt
+| 13 = @goto_default_stmt
+| 14 = @throw_stmt
+| 15 = @return_stmt
+| 16 = @yield_stmt
+| 17 = @try_stmt
+| 18 = @checked_stmt
+| 19 = @unchecked_stmt
+| 20 = @lock_stmt
+| 21 = @using_block_stmt
+| 22 = @var_decl_stmt
+| 23 = @const_decl_stmt
+| 24 = @empty_stmt
+| 25 = @unsafe_stmt
+| 26 = @fixed_stmt
+| 27 = @label_stmt
+| 28 = @catch
+| 29 = @case_stmt
+| 30 = @local_function_stmt
+| 31 = @using_decl_stmt
+  ;
+
+@using_stmt = @using_block_stmt | @using_decl_stmt;
+
+@labeled_stmt = @label_stmt | @case;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt;
+
+@cond_stmt = @if_stmt | @switch_stmt;
+
+@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt;
+
+@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt
+           | @yield_stmt;
+
+@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt;
+
+
+stmt_location(
+  unique int id: @stmt ref,
+  int loc: @location ref);
+
+catch_type(
+  unique int catch_id: @catch ref,
+  int type_id: @type_or_ref ref,
+  int kind: int ref /* explicit = 1, implicit = 2 */);
+
+foreach_stmt_info(
+  unique int id: @foreach_stmt ref,
+  int kind: int ref /* non-async = 1, async = 2 */);
+
+@foreach_symbol =  @method | @property | @type_or_ref;
+
+#keyset[id, kind]
+foreach_stmt_desugar(
+  int id: @foreach_stmt ref,
+  int symbol: @foreach_symbol ref,
+  int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */);
+
+/** EXPRESSIONS **/
+
+expressions(
+  unique int id: @expr,
+  int kind: int ref,
+  int type_id: @type_or_ref ref);
+
+#keyset[index, parent]
+expr_parent(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @control_flow_element ref);
+
+@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif;
+
+@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent;
+
+// [index, parent] is not a keyset because the same parent may be compiled multiple times
+expr_parent_top_level(
+  unique int expr: @expr ref,
+  int index: int ref,
+  int parent: @top_level_exprorstmt_parent ref);
+
+case @expr.kind of
+/* literal */
+   1 = @bool_literal_expr
+|  2 = @char_literal_expr
+|  3 = @decimal_literal_expr
+|  4 = @int_literal_expr
+|  5 = @long_literal_expr
+|  6 = @uint_literal_expr
+|  7 = @ulong_literal_expr
+|  8 = @float_literal_expr
+|  9 = @double_literal_expr
+| 10 = @string_literal_expr
+| 11 = @null_literal_expr
+/* primary & unary */
+| 12 = @this_access_expr
+| 13 = @base_access_expr
+| 14 = @local_variable_access_expr
+| 15 = @parameter_access_expr
+| 16 = @field_access_expr
+| 17 = @property_access_expr
+| 18 = @method_access_expr
+| 19 = @event_access_expr
+| 20 = @indexer_access_expr
+| 21 = @array_access_expr
+| 22 = @type_access_expr
+| 23 = @typeof_expr
+| 24 = @method_invocation_expr
+| 25 = @delegate_invocation_expr
+| 26 = @operator_invocation_expr
+| 27 = @cast_expr
+| 28 = @object_creation_expr
+| 29 = @explicit_delegate_creation_expr
+| 30 = @implicit_delegate_creation_expr
+| 31 = @array_creation_expr
+| 32 = @default_expr
+| 33 = @plus_expr
+| 34 = @minus_expr
+| 35 = @bit_not_expr
+| 36 = @log_not_expr
+| 37 = @post_incr_expr
+| 38 = @post_decr_expr
+| 39 = @pre_incr_expr
+| 40 = @pre_decr_expr
+/* multiplicative */
+| 41 = @mul_expr
+| 42 = @div_expr
+| 43 = @rem_expr
+/* additive */
+| 44 = @add_expr
+| 45 = @sub_expr
+/* shift */
+| 46 = @lshift_expr
+| 47 = @rshift_expr
+/* relational */
+| 48 = @lt_expr
+| 49 = @gt_expr
+| 50 = @le_expr
+| 51 = @ge_expr
+/* equality */
+| 52 = @eq_expr
+| 53 = @ne_expr
+/* logical */
+| 54 = @bit_and_expr
+| 55 = @bit_xor_expr
+| 56 = @bit_or_expr
+| 57 = @log_and_expr
+| 58 = @log_or_expr
+/* type testing */
+| 59 = @is_expr
+| 60 = @as_expr
+/* null coalescing */
+| 61 = @null_coalescing_expr
+/* conditional */
+| 62 = @conditional_expr
+/* assignment */
+| 63 = @simple_assign_expr
+| 64 = @assign_add_expr
+| 65 = @assign_sub_expr
+| 66 = @assign_mul_expr
+| 67 = @assign_div_expr
+| 68 = @assign_rem_expr
+| 69 = @assign_and_expr
+| 70 = @assign_xor_expr
+| 71 = @assign_or_expr
+| 72 = @assign_lshift_expr
+| 73 = @assign_rshift_expr
+/* more */
+| 74 = @object_init_expr
+| 75 = @collection_init_expr
+| 76 = @array_init_expr
+| 77 = @checked_expr
+| 78 = @unchecked_expr
+| 79 = @constructor_init_expr
+| 80 = @add_event_expr
+| 81 = @remove_event_expr
+| 82 = @par_expr
+| 83 = @local_var_decl_expr
+| 84 = @lambda_expr
+| 85 = @anonymous_method_expr
+| 86 = @namespace_expr
+/* dynamic */
+| 92 = @dynamic_element_access_expr
+| 93 = @dynamic_member_access_expr
+/* unsafe */
+| 100 = @pointer_indirection_expr
+| 101 = @address_of_expr
+| 102 = @sizeof_expr
+/* async */
+| 103 = @await_expr
+/* C# 6.0 */
+| 104 = @nameof_expr
+| 105 = @interpolated_string_expr
+| 106 = @unknown_expr
+/* C# 7.0 */
+| 107 = @throw_expr
+| 108 = @tuple_expr
+| 109 = @local_function_invocation_expr
+| 110 = @ref_expr
+| 111 = @discard_expr
+/* C# 8.0 */
+| 112 = @range_expr
+| 113 = @index_expr
+| 114 = @switch_expr
+| 115 = @recursive_pattern_expr
+| 116 = @property_pattern_expr
+| 117 = @positional_pattern_expr
+| 118 = @switch_case_expr
+| 119 = @assign_coalesce_expr
+| 120 = @suppress_nullable_warning_expr
+| 121 = @namespace_access_expr
+/* C# 9.0 */
+| 122 = @lt_pattern_expr
+| 123 = @gt_pattern_expr
+| 124 = @le_pattern_expr
+| 125 = @ge_pattern_expr
+| 126 = @not_pattern_expr
+| 127 = @and_pattern_expr
+| 128 = @or_pattern_expr
+| 129 = @function_pointer_invocation_expr
+| 130 = @with_expr
+/* C# 11.0 */
+| 131 = @list_pattern_expr
+| 132 = @slice_pattern_expr
+/* Preprocessor */
+| 999 = @define_symbol_expr
+;
+
+@switch = @switch_stmt | @switch_expr;
+@case = @case_stmt | @switch_case_expr;
+@pattern_match = @case | @is_expr;
+@unary_pattern_expr = @not_pattern_expr;
+@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr;
+@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr;
+
+@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr;
+@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr;
+@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr
+              | @string_literal_expr | @null_literal_expr;
+
+@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr;
+@assign_op_expr =  @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr;
+@assign_event_expr = @add_event_expr | @remove_event_expr;
+
+@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr
+                   | @assign_rem_expr
+@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr
+                   | @assign_lshift_expr | @assign_rshift_expr;
+
+@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr
+                    | @method_access_expr | @type_access_expr | @dynamic_member_access_expr;
+@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr;
+@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr;
+
+@local_variable_access = @local_variable_access_expr | @local_var_decl_expr;
+@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access;
+@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr;
+
+@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr
+                        | @event_access_expr | @dynamic_member_access_expr;
+
+@objectorcollection_init_expr = @object_init_expr | @collection_init_expr;
+
+@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr;
+
+@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr;
+@incr_op_expr =  @pre_incr_expr | @post_incr_expr;
+@decr_op_expr =  @pre_decr_expr | @post_decr_expr;
+@mut_op_expr = @incr_op_expr | @decr_op_expr;
+@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr;
+@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr;
+
+@ternary_log_op_expr = @conditional_expr;
+@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr;
+@un_log_op_expr = @log_not_expr;
+@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr;
+
+@bin_bit_op_expr =  @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr
+                 | @rshift_expr;
+@un_bit_op_expr = @bit_not_expr;
+@bit_expr = @un_bit_op_expr | @bin_bit_op_expr;
+
+@equality_op_expr =  @eq_expr | @ne_expr;
+@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr;
+@comp_expr = @equality_op_expr | @rel_op_expr;
+
+@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op;
+
+@ternary_op = @ternary_log_op_expr;
+@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr;
+@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr
+       | @pointer_indirection_expr | @address_of_expr;
+
+@anonymous_function_expr = @lambda_expr | @anonymous_method_expr;
+
+@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr
+      | @delegate_invocation_expr | @object_creation_expr | @call_access_expr
+      | @local_function_invocation_expr | @function_pointer_invocation_expr;
+
+@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr;
+
+@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr
+                    | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr;
+
+@throw_element = @throw_expr | @throw_stmt;
+
+@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr;
+
+implicitly_typed_array_creation(
+  unique int id: @array_creation_expr ref);
+
+explicitly_sized_array_creation(
+  unique int id: @array_creation_expr ref);
+
+stackalloc_array_creation(
+  unique int id: @array_creation_expr ref);
+
+implicitly_typed_object_creation(
+  unique int id: @implicitly_typeable_object_creation_expr ref);
+
+mutator_invocation_mode(
+  unique int id: @operator_invocation_expr ref,
+  int mode: int ref /* prefix = 1, postfix = 2*/);
+
+expr_compiler_generated(
+  unique int id: @expr ref);
+
+expr_value(
+  unique int id: @expr ref,
+  string value: string ref);
+
+expr_call(
+  unique int caller_id: @expr ref,
+  int target_id: @callable ref);
+
+expr_access(
+  unique int accesser_id: @access_expr ref,
+  int target_id: @accessible ref);
+
+@accessible = @method | @assignable | @local_function | @namespace;
+
+expr_location(
+  unique int id: @expr ref,
+  int loc: @location ref);
+
+dynamic_member_name(
+  unique int id: @late_bindable_expr ref,
+  string name: string ref);
+
+@qualifiable_expr = @member_access_expr
+                  | @method_invocation_expr
+                  | @element_access_expr;
+
+conditional_access(
+  unique int id: @qualifiable_expr ref);
+
+expr_argument(
+  unique int id: @expr ref,
+  int mode: int ref);
+  /* mode is the same as params: value = 0, ref = 1, out = 2 */
+
+expr_argument_name(
+  unique int id: @expr ref,
+  string name: string ref);
+
+lambda_expr_return_type(
+  unique int id: @lambda_expr ref,
+  int type_id: @type_or_ref ref);
+  
+/** CONTROL/DATA FLOW **/
+
+@control_flow_element = @stmt | @expr;
+
+/* XML Files */
+
+xmlEncoding  (
+  unique int id: @file ref,
+  string encoding: string ref);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/* Comments */
+
+commentline(
+  unique int id: @commentline,
+  int kind: int ref,
+  string text: string ref,
+  string rawtext: string ref);
+
+case @commentline.kind of
+  0 = @singlelinecomment
+| 1 = @xmldoccomment
+| 2 = @multilinecomment;
+
+commentline_location(
+  unique int id: @commentline ref,
+  int loc: @location ref);
+
+commentblock(
+  unique int id : @commentblock);
+
+commentblock_location(
+  unique int id: @commentblock ref,
+  int loc: @location ref);
+
+commentblock_binding(
+  int id: @commentblock ref,
+  int entity: @element ref,
+  int bindtype: int ref);    /* 0: Parent, 1: Best, 2: Before, 3: After */
+
+commentblock_child(
+  int id: @commentblock ref,
+  int commentline: @commentline ref,
+  int index: int ref);
+
+/* ASP.NET */
+
+case @asp_element.kind of
+  0=@asp_close_tag
+| 1=@asp_code
+| 2=@asp_comment
+| 3=@asp_data_binding
+| 4=@asp_directive
+| 5=@asp_open_tag
+| 6=@asp_quoted_string
+| 7=@asp_text
+| 8=@asp_xml_directive;
+
+@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string;
+
+asp_elements(
+  unique int id: @asp_element,
+  int kind: int ref,
+  int loc: @location ref);
+
+asp_comment_server(unique int comment: @asp_comment ref);
+asp_code_inline(unique int code: @asp_code ref);
+asp_directive_attribute(
+  int directive: @asp_directive ref,
+  int index: int ref,
+  string name: string ref,
+  int value: @asp_quoted_string ref);
+asp_directive_name(
+  unique int directive: @asp_directive ref,
+  string name: string ref);
+asp_element_body(
+  unique int element: @asp_element ref,
+  string body: string ref);
+asp_tag_attribute(
+  int tag: @asp_open_tag ref,
+  int index: int ref,
+  string name: string ref,
+  int attribute: @asp_attribute ref);
+asp_tag_name(
+  unique int tag: @asp_open_tag ref,
+  string name: string ref);
+asp_tag_isempty(int tag: @asp_open_tag ref);
+
+/* Common Intermediate Language - CIL */
+
+case @cil_instruction.opcode of
+  0 = @cil_nop
+| 1 = @cil_break
+| 2 = @cil_ldarg_0
+| 3 = @cil_ldarg_1
+| 4 = @cil_ldarg_2
+| 5 = @cil_ldarg_3
+| 6 = @cil_ldloc_0
+| 7 = @cil_ldloc_1
+| 8 = @cil_ldloc_2
+| 9 = @cil_ldloc_3
+| 10 = @cil_stloc_0
+| 11 = @cil_stloc_1
+| 12 = @cil_stloc_2
+| 13 = @cil_stloc_3
+| 14 = @cil_ldarg_s
+| 15 = @cil_ldarga_s
+| 16 = @cil_starg_s
+| 17 = @cil_ldloc_s
+| 18 = @cil_ldloca_s
+| 19 = @cil_stloc_s
+| 20 = @cil_ldnull
+| 21 = @cil_ldc_i4_m1
+| 22 = @cil_ldc_i4_0
+| 23 = @cil_ldc_i4_1
+| 24 = @cil_ldc_i4_2
+| 25 = @cil_ldc_i4_3
+| 26 = @cil_ldc_i4_4
+| 27 = @cil_ldc_i4_5
+| 28 = @cil_ldc_i4_6
+| 29 = @cil_ldc_i4_7
+| 30 = @cil_ldc_i4_8
+| 31 = @cil_ldc_i4_s
+| 32 = @cil_ldc_i4
+| 33 = @cil_ldc_i8
+| 34 = @cil_ldc_r4
+| 35 = @cil_ldc_r8
+| 37 = @cil_dup
+| 38 = @cil_pop
+| 39 = @cil_jmp
+| 40 = @cil_call
+| 41 = @cil_calli
+| 42 = @cil_ret
+| 43 = @cil_br_s
+| 44 = @cil_brfalse_s
+| 45 = @cil_brtrue_s
+| 46 = @cil_beq_s
+| 47 = @cil_bge_s
+| 48 = @cil_bgt_s
+| 49 = @cil_ble_s
+| 50 = @cil_blt_s
+| 51 = @cil_bne_un_s
+| 52 = @cil_bge_un_s
+| 53 = @cil_bgt_un_s
+| 54 = @cil_ble_un_s
+| 55 = @cil_blt_un_s
+| 56 = @cil_br
+| 57 = @cil_brfalse
+| 58 = @cil_brtrue
+| 59 = @cil_beq
+| 60 = @cil_bge
+| 61 = @cil_bgt
+| 62 = @cil_ble
+| 63 = @cil_blt
+| 64 = @cil_bne_un
+| 65 = @cil_bge_un
+| 66 = @cil_bgt_un
+| 67 = @cil_ble_un
+| 68 = @cil_blt_un
+| 69 = @cil_switch
+| 70 = @cil_ldind_i1
+| 71 = @cil_ldind_u1
+| 72 = @cil_ldind_i2
+| 73 = @cil_ldind_u2
+| 74 = @cil_ldind_i4
+| 75 = @cil_ldind_u4
+| 76 = @cil_ldind_i8
+| 77 = @cil_ldind_i
+| 78 = @cil_ldind_r4
+| 79 = @cil_ldind_r8
+| 80 = @cil_ldind_ref
+| 81 = @cil_stind_ref
+| 82 = @cil_stind_i1
+| 83 = @cil_stind_i2
+| 84 = @cil_stind_i4
+| 85 = @cil_stind_i8
+| 86 = @cil_stind_r4
+| 87 = @cil_stind_r8
+| 88 = @cil_add
+| 89 = @cil_sub
+| 90 = @cil_mul
+| 91 = @cil_div
+| 92 = @cil_div_un
+| 93 = @cil_rem
+| 94 = @cil_rem_un
+| 95 = @cil_and
+| 96 = @cil_or
+| 97 = @cil_xor
+| 98 = @cil_shl
+| 99 = @cil_shr
+| 100 = @cil_shr_un
+| 101 = @cil_neg
+| 102 = @cil_not
+| 103 = @cil_conv_i1
+| 104 = @cil_conv_i2
+| 105 = @cil_conv_i4
+| 106 = @cil_conv_i8
+| 107 = @cil_conv_r4
+| 108 = @cil_conv_r8
+| 109 = @cil_conv_u4
+| 110 = @cil_conv_u8
+| 111 = @cil_callvirt
+| 112 = @cil_cpobj
+| 113 = @cil_ldobj
+| 114 = @cil_ldstr
+| 115 = @cil_newobj
+| 116 = @cil_castclass
+| 117 = @cil_isinst
+| 118 = @cil_conv_r_un
+| 121 = @cil_unbox
+| 122 = @cil_throw
+| 123 = @cil_ldfld
+| 124 = @cil_ldflda
+| 125 = @cil_stfld
+| 126 = @cil_ldsfld
+| 127 = @cil_ldsflda
+| 128 = @cil_stsfld
+| 129 = @cil_stobj
+| 130 = @cil_conv_ovf_i1_un
+| 131 = @cil_conv_ovf_i2_un
+| 132 = @cil_conv_ovf_i4_un
+| 133 = @cil_conv_ovf_i8_un
+| 134 = @cil_conv_ovf_u1_un
+| 135 = @cil_conv_ovf_u2_un
+| 136 = @cil_conv_ovf_u4_un
+| 137 = @cil_conv_ovf_u8_un
+| 138 = @cil_conv_ovf_i_un
+| 139 = @cil_conv_ovf_u_un
+| 140 = @cil_box
+| 141 = @cil_newarr
+| 142 = @cil_ldlen
+| 143 = @cil_ldelema
+| 144 = @cil_ldelem_i1
+| 145 = @cil_ldelem_u1
+| 146 = @cil_ldelem_i2
+| 147 = @cil_ldelem_u2
+| 148 = @cil_ldelem_i4
+| 149 = @cil_ldelem_u4
+| 150 = @cil_ldelem_i8
+| 151 = @cil_ldelem_i
+| 152 = @cil_ldelem_r4
+| 153 = @cil_ldelem_r8
+| 154 = @cil_ldelem_ref
+| 155 = @cil_stelem_i
+| 156 = @cil_stelem_i1
+| 157 = @cil_stelem_i2
+| 158 = @cil_stelem_i4
+| 159 = @cil_stelem_i8
+| 160 = @cil_stelem_r4
+| 161 = @cil_stelem_r8
+| 162 = @cil_stelem_ref
+| 163 = @cil_ldelem
+| 164 = @cil_stelem
+| 165 = @cil_unbox_any
+| 179 = @cil_conv_ovf_i1
+| 180 = @cil_conv_ovf_u1
+| 181 = @cil_conv_ovf_i2
+| 182 = @cil_conv_ovf_u2
+| 183 = @cil_conv_ovf_i4
+| 184 = @cil_conv_ovf_u4
+| 185 = @cil_conv_ovf_i8
+| 186 = @cil_conv_ovf_u8
+| 194 = @cil_refanyval
+| 195 = @cil_ckinfinite
+| 198 = @cil_mkrefany
+| 208 = @cil_ldtoken
+| 209 = @cil_conv_u2
+| 210 = @cil_conv_u1
+| 211 = @cil_conv_i
+| 212 = @cil_conv_ovf_i
+| 213 = @cil_conv_ovf_u
+| 214 = @cil_add_ovf
+| 215 = @cil_add_ovf_un
+| 216 = @cil_mul_ovf
+| 217 = @cil_mul_ovf_un
+| 218 = @cil_sub_ovf
+| 219 = @cil_sub_ovf_un
+| 220 = @cil_endfinally
+| 221 = @cil_leave
+| 222 = @cil_leave_s
+| 223 = @cil_stind_i
+| 224 = @cil_conv_u
+| 65024 = @cil_arglist
+| 65025 = @cil_ceq
+| 65026 = @cil_cgt
+| 65027 = @cil_cgt_un
+| 65028 = @cil_clt
+| 65029 = @cil_clt_un
+| 65030 = @cil_ldftn
+| 65031 = @cil_ldvirtftn
+| 65033 = @cil_ldarg
+| 65034 = @cil_ldarga
+| 65035 = @cil_starg
+| 65036 = @cil_ldloc
+| 65037 = @cil_ldloca
+| 65038 = @cil_stloc
+| 65039 = @cil_localloc
+| 65041 = @cil_endfilter
+| 65042 = @cil_unaligned
+| 65043 = @cil_volatile
+| 65044 = @cil_tail
+| 65045 = @cil_initobj
+| 65046 = @cil_constrained
+| 65047 = @cil_cpblk
+| 65048 = @cil_initblk
+| 65050 = @cil_rethrow
+| 65052 = @cil_sizeof
+| 65053 = @cil_refanytype
+| 65054 = @cil_readonly
+;
+
+// CIL ignored instructions
+
+@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned;
+
+// CIL local/parameter/field access
+
+@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga;
+@cil_starg_any = @cil_starg | @cil_starg_s;
+
+@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca;
+@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc;
+
+@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda;
+@cil_stfld_any = @cil_stfld | @cil_stsfld;
+
+@cil_local_access = @cil_stloc_any | @cil_ldloc_any;
+@cil_arg_access = @cil_starg_any | @cil_ldarg_any;
+@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any;
+@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any;
+
+@cil_stack_access = @cil_local_access | @cil_arg_access;
+@cil_field_access = @cil_ldfld_any | @cil_stfld_any;
+
+@cil_access = @cil_read_access | @cil_write_access;
+
+// CIL constant/literal instructions
+
+@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8;
+
+@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 |
+  @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4;
+
+@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8;
+
+@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr;
+
+// Control flow
+
+@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump;
+@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s |
+    @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s |
+    @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt |
+    @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un;
+@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch;
+@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any;
+@cil_leave_any = @cil_leave | @cil_leave_s;
+@cil_jump = @cil_unconditional_jump | @cil_conditional_jump;
+
+// CIL call instructions
+
+@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj;
+
+// CIL expression instructions
+
+@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access |
+  @cil_newarr | @cil_ldtoken | @cil_sizeof |
+  @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup;
+
+@cil_unary_expr =
+  @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation|
+  @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any |
+  @cil_ldind | @cil_unbox;
+
+@cil_conversion_operation =
+  @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 |
+  @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 |
+  @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un |
+  @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un |
+  @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un |
+  @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un |
+  @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un |
+  @cil_conv_i | @cil_conv_u | @cil_conv_r_un;
+
+@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 |
+  @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4;
+
+@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 |
+  @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref;
+
+@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation;
+
+@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl;
+
+@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un |
+  @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un |
+  @cil_sub_ovf | @cil_sub_ovf_un;
+
+@cil_unary_bitwise_operation = @cil_not;
+
+@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation;
+
+@cil_unary_arithmetic_operation = @cil_neg;
+
+@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un;
+
+// Elements that retrieve an address of something
+@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema;
+
+// CIL array instructions
+
+@cil_read_array =
+  @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i |
+  @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 |
+  @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4;
+
+@cil_write_array = @cil_stelem | @cil_stelem_ref |
+  @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 |
+  @cil_stelem_r4 | @cil_stelem_r8;
+
+@cil_throw_any = @cil_throw | @cil_rethrow;
+
+#keyset[impl, index]
+cil_instruction(
+  unique int id: @cil_instruction,
+  int opcode: int ref,
+  int index: int ref,
+  int impl: @cil_method_implementation ref);
+
+cil_jump(
+  unique int instruction: @cil_jump ref,
+  int target: @cil_instruction ref);
+
+cil_access(
+  unique int instruction: @cil_instruction ref,
+  int target: @cil_accessible ref);
+
+cil_value(
+  unique int instruction: @cil_literal ref,
+  string value: string ref);
+
+#keyset[instruction, index]
+cil_switch(
+  int instruction: @cil_switch ref,
+  int index: int ref,
+  int target: @cil_instruction ref);
+
+cil_instruction_location(
+  unique int id: @cil_instruction ref,
+  int loc: @location ref);
+
+cil_type_location(
+  int id: @cil_type ref,
+  int loc: @location ref);
+
+cil_method_location(
+  int id: @cil_method ref,
+  int loc: @location ref);
+
+@cil_namespace = @namespace;
+
+@cil_type_container = @cil_type | @cil_namespace | @cil_method;
+
+case @cil_type.kind of
+  0 = @cil_valueorreftype
+| 1 = @cil_typeparameter
+| 2 = @cil_array_type
+| 3 = @cil_pointer_type
+| 4 = @cil_function_pointer_type
+;
+
+cil_type(
+  unique int id: @cil_type,
+  string name: string ref,
+  int kind: int ref,
+  int parent: @cil_type_container ref,
+  int sourceDecl: @cil_type ref);
+
+cil_pointer_type(
+  unique int id: @cil_pointer_type ref,
+  int pointee: @cil_type ref);
+
+cil_array_type(
+  unique int id: @cil_array_type ref,
+  int element_type: @cil_type ref,
+  int rank: int ref);
+
+cil_function_pointer_return_type(
+  unique int id: @cil_function_pointer_type ref,
+  int return_type: @cil_type ref);
+
+cil_method(
+  unique int id: @cil_method,
+  string name: string ref,
+  int parent: @cil_type ref,
+  int return_type: @cil_type ref);
+
+cil_method_source_declaration(
+  unique int method: @cil_method ref,
+  int source: @cil_method ref);
+
+cil_method_implementation(
+  unique int id: @cil_method_implementation,
+  int method: @cil_method ref,
+  int location: @assembly ref);
+
+cil_implements(
+  int id: @cil_method ref,
+  int decl: @cil_method ref);
+
+#keyset[parent, name]
+cil_field(
+  unique int id: @cil_field,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int field_type: @cil_type ref);
+
+@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace;
+@cil_named_element = @cil_declaration | @cil_namespace;
+@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member;
+@cil_accessible = @cil_declaration;
+@cil_variable = @cil_field | @cil_stack_variable;
+@cil_stack_variable = @cil_local_variable | @cil_parameter;
+@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event;
+@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type;
+@cil_parameterizable = @cil_method | @cil_function_pointer_type;
+@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_method | @cil_function_pointer_type;
+
+#keyset[parameterizable, index]
+cil_parameter(
+  unique int id: @cil_parameter,
+  int parameterizable: @cil_parameterizable ref,
+  int index: int ref,
+  int param_type: @cil_type ref);
+
+cil_parameter_in(unique int id: @cil_parameter ref);
+cil_parameter_out(unique int id: @cil_parameter ref);
+
+cil_setter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+#keyset[id, modifier]
+cil_custom_modifiers(
+  int id: @cil_custom_modifier_receiver ref,
+  int modifier: @cil_type ref,
+  int kind: int ref); // modreq: 1, modopt: 0
+
+cil_type_annotation(
+  int id: @cil_has_type_annotation ref,
+  int annotation: int ref);
+
+cil_getter(unique int prop: @cil_property ref,
+  int method: @cil_method ref);
+
+cil_adder(unique int event: @cil_event ref,
+  int method: @cil_method ref);
+
+cil_remover(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref);
+
+cil_property(
+  unique int id: @cil_property,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int property_type: @cil_type ref);
+
+#keyset[parent, name]
+cil_event(unique int id: @cil_event,
+  int parent: @cil_type ref,
+  string name: string ref,
+  int event_type: @cil_type ref);
+
+#keyset[impl, index]
+cil_local_variable(
+  unique int id: @cil_local_variable,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int var_type: @cil_type ref);
+
+cil_function_pointer_calling_conventions(
+  int id: @cil_function_pointer_type ref,
+  int kind: int ref);
+
+// CIL handlers (exception handlers etc).
+
+case @cil_handler.kind of
+  0 = @cil_catch_handler
+| 1 = @cil_filter_handler
+| 2 = @cil_finally_handler
+| 4 = @cil_fault_handler
+;
+
+#keyset[impl, index]
+cil_handler(
+  unique int id: @cil_handler,
+  int impl: @cil_method_implementation ref,
+  int index: int ref,
+  int kind: int ref,
+  int try_start: @cil_instruction ref,
+  int try_end: @cil_instruction ref,
+  int handler_start: @cil_instruction ref);
+
+cil_handler_filter(
+  unique int id: @cil_handler ref,
+  int filter_start: @cil_instruction ref);
+
+cil_handler_type(
+  unique int id: @cil_handler ref,
+  int catch_type: @cil_type ref);
+
+@cil_controlflow_node = @cil_entry_point | @cil_instruction;
+
+@cil_entry_point = @cil_method_implementation | @cil_handler;
+
+@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method;
+
+cil_method_stack_size(
+  unique int method: @cil_method_implementation ref,
+  int size: int ref);
+
+// CIL modifiers
+
+cil_public(int id: @cil_member ref);
+cil_private(int id: @cil_member ref);
+cil_protected(int id: @cil_member ref);
+cil_internal(int id: @cil_member ref);
+cil_static(int id: @cil_member ref);
+cil_sealed(int id: @cil_member ref);
+cil_virtual(int id: @cil_method ref);
+cil_abstract(int id: @cil_member ref);
+cil_class(int id: @cil_type ref);
+cil_interface(int id: @cil_type ref);
+cil_security(int id: @cil_member ref);
+cil_requiresecobject(int id: @cil_method ref);
+cil_specialname(int id: @cil_method ref);
+cil_newslot(int id: @cil_method ref);
+
+cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref);
+cil_base_interface(int id: @cil_type ref, int base: @cil_type ref);
+cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref);
+
+#keyset[unbound, index]
+cil_type_parameter(
+  int unbound: @cil_member ref,
+  int index: int ref,
+  int param: @cil_typeparameter ref);
+
+#keyset[bound, index]
+cil_type_argument(
+  int bound: @cil_member ref,
+  int index: int ref,
+  int t: @cil_type ref);
+
+// CIL type parameter constraints
+
+cil_typeparam_covariant(int tp: @cil_typeparameter ref);
+cil_typeparam_contravariant(int tp: @cil_typeparameter ref);
+cil_typeparam_class(int tp: @cil_typeparameter ref);
+cil_typeparam_struct(int tp: @cil_typeparameter ref);
+cil_typeparam_new(int tp: @cil_typeparameter ref);
+cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref);
+
+// CIL attributes
+
+cil_attribute(
+  unique int attributeid: @cil_attribute,
+  int element: @cil_declaration ref,
+  int constructor: @cil_method ref);
+
+#keyset[attribute_id, param]
+cil_attribute_named_argument(
+  int attribute_id: @cil_attribute ref,
+  string param: string ref,
+  string value: string ref);
+
+#keyset[attribute_id, index]
+cil_attribute_positional_argument(
+  int attribute_id: @cil_attribute ref,
+  int index: int ref,
+  string value: string ref);
+
+
+// Common .Net data model covering both C# and CIL
+
+// Common elements
+@dotnet_element = @element | @cil_element;
+@dotnet_named_element = @named_element | @cil_named_element;
+@dotnet_callable = @callable | @cil_method;
+@dotnet_variable = @variable | @cil_variable;
+@dotnet_field = @field | @cil_field;
+@dotnet_parameter = @parameter | @cil_parameter;
+@dotnet_declaration = @declaration | @cil_declaration;
+@dotnet_member = @member | @cil_member;
+@dotnet_event = @event | @cil_event;
+@dotnet_property = @property | @cil_property | @indexer;
+@dotnet_parameterizable = @parameterizable | @cil_parameterizable;
+
+// Common types
+@dotnet_type = @type | @cil_type;
+@dotnet_call = @call | @cil_call_any;
+@dotnet_throw = @throw_element | @cil_throw_any;
+@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type;
+@dotnet_typeparameter = @type_parameter | @cil_typeparameter;
+@dotnet_array_type = @array_type | @cil_array_type;
+@dotnet_pointer_type = @pointer_type | @cil_pointer_type;
+@dotnet_type_parameter = @type_parameter | @cil_typeparameter;
+@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable;
+
+// Attributes
+@dotnet_attribute = @attribute | @cil_attribute;
+
+// Expressions
+@dotnet_expr = @expr | @cil_expr;
+
+// Literals
+@dotnet_literal = @literal_expr | @cil_literal;
+@dotnet_string_literal = @string_literal_expr | @cil_ldstr;
+@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i;
+@dotnet_float_literal = @float_literal_expr | @cil_ldc_r;
+@dotnet_null_literal = @null_literal_expr | @cil_ldnull;
+
+@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property |
+    @callable | @value_or_ref_type | @void_type;
+
+#keyset[entity, location]
+metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref)
diff --git a/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/upgrade.properties b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/upgrade.properties
new file mode 100644
index 00000000000..676f413d36d
--- /dev/null
+++ b/csharp/ql/lib/upgrades/4ac7d8bcac6f664b1e83c858aa71f8dc761cc603/upgrade.properties
@@ -0,0 +1,2 @@
+description: Add list- and slice pattern expressions kinds.
+compatibility: backwards
diff --git a/csharp/ql/src/API Abuse/CallToGCCollect.ql b/csharp/ql/src/API Abuse/CallToGCCollect.ql
index 4ffef9caa0a..a10e7dd238f 100644
--- a/csharp/ql/src/API Abuse/CallToGCCollect.ql	
+++ b/csharp/ql/src/API Abuse/CallToGCCollect.ql	
@@ -16,5 +16,5 @@ where
   c.getTarget() = gcCollect and
   gcCollect.hasName("Collect") and
   gcCollect.hasNoParameters() and
-  gcCollect.getDeclaringType().hasQualifiedName("System.GC")
+  gcCollect.getDeclaringType().hasQualifiedName("System", "GC")
 select c, "Call to 'GC.Collect()'."
diff --git a/csharp/ql/src/API Abuse/NonOverridingMethod.ql b/csharp/ql/src/API Abuse/NonOverridingMethod.ql
index 002835db5a9..4d499a09b8c 100644
--- a/csharp/ql/src/API Abuse/NonOverridingMethod.ql	
+++ b/csharp/ql/src/API Abuse/NonOverridingMethod.ql	
@@ -11,6 +11,7 @@
  */
 
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
 private predicate potentialOverride(Method vm, Method m) {
   vm.getDeclaringType() = m.getDeclaringType().getBaseClass+()
@@ -36,9 +37,10 @@ predicate nonOverridingMethod(Method m, Method vm) {
   m.getName().toLowerCase() = vm.getName().toLowerCase()
 }
 
-from Method m, Method vm
+from Method m, Method vm, string namespace, string type, string name
 where
   m.fromSource() and
-  nonOverridingMethod(m, vm)
+  nonOverridingMethod(m, vm) and
+  vm.hasQualifiedName(namespace, type, name)
 select m, "Method '" + m.getName() + "' looks like it should override $@ but does not do so.",
-  vm.getUnboundDeclaration(), vm.getQualifiedName()
+  vm.getUnboundDeclaration(), getQualifiedName(namespace, type, name)
diff --git a/csharp/ql/src/AlertSuppression.ql b/csharp/ql/src/AlertSuppression.ql
index 3cb6d759b6e..cfa8dbae832 100644
--- a/csharp/ql/src/AlertSuppression.ql
+++ b/csharp/ql/src/AlertSuppression.ql
@@ -44,9 +44,7 @@ class SuppressionComment extends CommentLine {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @commentline {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @commentline instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -60,7 +58,7 @@ class SuppressionScope extends @commentline {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql b/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql
index c4fdee86eb8..d2cee805c04 100644
--- a/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql	
+++ b/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql	
@@ -19,6 +19,6 @@ where
   m.fromSource() and
   exists(UsingNamespaceDirective u |
     u.getFile() = m.getFile() and
-    u.getImportedNamespace().hasQualifiedName("System.Web")
+    u.getImportedNamespace().hasQualifiedName("System", "Web")
   )
 select m, "Remove debug code if your ASP.NET application is in production."
diff --git a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstants.qll b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstants.qll
index b65cdcd1961..73b82c14700 100644
--- a/csharp/ql/src/Bad Practices/Magic Constants/MagicConstants.qll	
+++ b/csharp/ql/src/Bad Practices/Magic Constants/MagicConstants.qll	
@@ -10,26 +10,26 @@ private predicate trivialPositiveIntValue(string s) {
   s =
     [
       "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16",
-      "17", "18", "19", "20", "16", "32", "64", "128", "256", "512", "1024", "2048", "4096",
-      "16384", "32768", "65536", "1048576", "2147483648", "4294967296", "15", "31", "63", "127",
-      "255", "511", "1023", "2047", "4095", "16383", "32767", "65535", "1048577", "2147483647",
-      "4294967295", "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010",
-      "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400",
-      "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000",
-      "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000",
-      "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0x08000000", "0x10000000",
-      "0x20000000", "0x40000000", "0x80000000", "0x00000001", "0x00000003", "0x00000007",
-      "0x0000000f", "0x0000001f", "0x0000003f", "0x0000007f", "0x000000ff", "0x000001ff",
-      "0x000003ff", "0x000007ff", "0x00000fff", "0x00001fff", "0x00003fff", "0x00007fff",
-      "0x0000ffff", "0x0001ffff", "0x0003ffff", "0x0007ffff", "0x000fffff", "0x001fffff",
-      "0x003fffff", "0x007fffff", "0x00ffffff", "0x01ffffff", "0x03ffffff", "0x07ffffff",
-      "0x0fffffff", "0x1fffffff", "0x3fffffff", "0x7fffffff", "0xffffffff", "0x0001", "0x0002",
-      "0x0004", "0x0008", "0x0010", "0x0020", "0x0040", "0x0080", "0x0100", "0x0200", "0x0400",
-      "0x0800", "0x1000", "0x2000", "0x4000", "0x8000", "0x0001", "0x0003", "0x0007", "0x000f",
-      "0x001f", "0x003f", "0x007f", "0x00ff", "0x01ff", "0x03ff", "0x07ff", "0x0fff", "0x1fff",
-      "0x3fff", "0x7fff", "0xffff", "0x01", "0x02", "0x04", "0x08", "0x10", "0x20", "0x40", "0x80",
-      "0x01", "0x03", "0x07", "0x0f", "0x1f", "0x3f", "0x7f", "0xff", "0x00", "10", "100", "1000",
-      "10000", "100000", "1000000", "10000000", "100000000", "1000000000"
+      "17", "18", "19", "20", "32", "64", "128", "256", "512", "1024", "2048", "4096", "16384",
+      "32768", "65536", "1048576", "2147483648", "4294967296", "31", "63", "127", "255", "511",
+      "1023", "2047", "4095", "16383", "32767", "65535", "1048577", "2147483647", "4294967295",
+      "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020",
+      "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800",
+      "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000",
+      "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000",
+      "0x01000000", "0x02000000", "0x04000000", "0x08000000", "0x10000000", "0x20000000",
+      "0x40000000", "0x80000000", "0x00000003", "0x00000007", "0x0000000f", "0x0000001f",
+      "0x0000003f", "0x0000007f", "0x000000ff", "0x000001ff", "0x000003ff", "0x000007ff",
+      "0x00000fff", "0x00001fff", "0x00003fff", "0x00007fff", "0x0000ffff", "0x0001ffff",
+      "0x0003ffff", "0x0007ffff", "0x000fffff", "0x001fffff", "0x003fffff", "0x007fffff",
+      "0x00ffffff", "0x01ffffff", "0x03ffffff", "0x07ffffff", "0x0fffffff", "0x1fffffff",
+      "0x3fffffff", "0x7fffffff", "0xffffffff", "0x0001", "0x0002", "0x0004", "0x0008", "0x0010",
+      "0x0020", "0x0040", "0x0080", "0x0100", "0x0200", "0x0400", "0x0800", "0x1000", "0x2000",
+      "0x4000", "0x8000", "0x0003", "0x0007", "0x000f", "0x001f", "0x003f", "0x007f", "0x00ff",
+      "0x01ff", "0x03ff", "0x07ff", "0x0fff", "0x1fff", "0x3fff", "0x7fff", "0xffff", "0x02",
+      "0x04", "0x08", "0x10", "0x20", "0x40", "0x80", "0x01", "0x03", "0x07", "0x0f", "0x1f",
+      "0x3f", "0x7f", "0xff", "0x00", "100", "1000", "10000", "100000", "1000000", "10000000",
+      "100000000", "1000000000"
     ]
 }
 
diff --git a/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql b/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
index 4cc4f58bdba..3e87b71253d 100644
--- a/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql	
+++ b/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql	
@@ -11,90 +11,95 @@
 
 import csharp
 
-string prefix(string typename) {
-  typename = "System.Web.UI.WebControls.Label" and result = "lbl"
+string prefix(string qualifier, string typename) {
+  qualifier = "System.Web.UI.WebControls" and
+  (
+    typename = "Label" and result = "lbl"
+    or
+    typename = "TextBox" and result = "txt"
+    or
+    typename = ["Button", "LinkButton"] and result = "btn"
+    or
+    typename = "ImageButton" and result = "ibtn"
+    or
+    typename = "Hyperlink" and result = "hpl"
+    or
+    typename = "DropDownList" and result = "cmb"
+    or
+    typename = "ListBox" and result = "lst"
+    or
+    typename = "Datagrid" and result = "dgr"
+    or
+    typename = "Datalist" and result = "dtl"
+    or
+    typename = "Repeater" and result = "rpt"
+    or
+    typename = "CheckBox" and result = "chk"
+    or
+    typename = "CheckBoxList" and result = "chklst"
+    or
+    typename = "RadioButtonList" and result = "radlst"
+    or
+    typename = "RadioButton" and result = "rad"
+    or
+    typename = "Image" and result = "img"
+    or
+    typename = "Panel" and result = "pnl"
+    or
+    typename = "PlaceHolder" and result = "plh"
+    or
+    typename = "Calendar" and result = "cal"
+    or
+    typename = "AdRotator" and result = "adr"
+    or
+    typename = "Table" and result = "tbl"
+    or
+    typename = "RequiredFieldValidator" and result = "rfv"
+    or
+    typename = "CompareValidator" and result = "cmv"
+    or
+    typename = "RegularExpressionValidator" and result = "rev"
+    or
+    typename = "CustomValidator" and result = "csv"
+    or
+    typename = "ValidationSummary" and result = "vsm"
+    or
+    typename = "XML" and result = "xml"
+    or
+    typename = "Literal" and result = "lit"
+    or
+    typename = "Form" and result = "frm"
+    or
+    typename = "Frame" and result = "fra"
+    or
+    typename = "CrystalReportViewer" and result = "crvr"
+  )
   or
-  typename = "System.Web.UI.WebControls.TextBox" and result = "txt"
-  or
-  typename = "System.Web.UI.WebControls.Button" and result = "btn"
-  or
-  typename = "System.Web.UI.WebControls.LinkButton" and result = "btn"
-  or
-  typename = "System.Web.UI.WebControls.ImageButton" and result = "ibtn"
-  or
-  typename = "System.Web.UI.WebControls.Hyperlink" and result = "hpl"
-  or
-  typename = "System.Web.UI.WebControls.DropDownList" and result = "cmb"
-  or
-  typename = "System.Web.UI.WebControls.ListBox" and result = "lst"
-  or
-  typename = "System.Web.UI.WebControls.Datagrid" and result = "dgr"
-  or
-  typename = "System.Web.UI.WebControls.Datalist" and result = "dtl"
-  or
-  typename = "System.Web.UI.WebControls.Repeater" and result = "rpt"
-  or
-  typename = "System.Web.UI.WebControls.CheckBox" and result = "chk"
-  or
-  typename = "System.Web.UI.WebControls.CheckBoxList" and result = "chklst"
-  or
-  typename = "System.Web.UI.WebControls.RadioButtonList" and result = "radlst"
-  or
-  typename = "System.Web.UI.WebControls.RadioButton" and result = "rad"
-  or
-  typename = "System.Web.UI.WebControls.Image" and result = "img"
-  or
-  typename = "System.Web.UI.WebControls.Panel" and result = "pnl"
-  or
-  typename = "System.Web.UI.WebControls.PlaceHolder" and result = "plh"
-  or
-  typename = "System.Web.UI.WebControls.Calendar" and result = "cal"
-  or
-  typename = "System.Web.UI.WebControls.AdRotator" and result = "adr"
-  or
-  typename = "System.Web.UI.WebControls.Table" and result = "tbl"
-  or
-  typename = "System.Web.UI.WebControls.RequiredFieldValidator" and result = "rfv"
-  or
-  typename = "System.Web.UI.WebControls.CompareValidator" and result = "cmv"
-  or
-  typename = "System.Web.UI.WebControls.RegularExpressionValidator" and result = "rev"
-  or
-  typename = "System.Web.UI.WebControls.CustomValidator" and result = "csv"
-  or
-  typename = "System.Web.UI.WebControls.ValidationSummary" and result = "vsm"
-  or
-  typename = "System.Web.UI.WebControls.XML" and result = "xml"
-  or
-  typename = "System.Web.UI.WebControls.Literal" and result = "lit"
-  or
-  typename = "System.Web.UI.WebControls.Form" and result = "frm"
-  or
-  typename = "System.Web.UI.WebControls.Frame" and result = "fra"
-  or
-  typename = "System.Web.UI.WebControls.CrystalReportViewer" and result = "crvr"
-  or
-  typename = "System.Web.UI.HtmlControls.TextArea" and result = "txa"
-  or
-  typename = "System.Web.UI.HtmlControls.FileField" and result = "fle"
-  or
-  typename = "System.Web.UI.HtmlControls.PasswordField" and result = "pwd"
-  or
-  typename = "System.Web.UI.HtmlControls.Hidden" and result = "hdn"
-  or
-  typename = "System.Web.UI.HtmlControls.Table" and result = "tbl"
-  or
-  typename = "System.Web.UI.HtmlControls.FlowLayoutPanel" and result = "flp"
-  or
-  typename = "System.Web.UI.HtmlControls.GridLayoutPanel" and result = "glp"
-  or
-  typename = "System.Web.UI.HtmlControls.HorizontalRule" and result = "hr"
+  qualifier = "System.Web.UI.HtmlControls" and
+  (
+    typename = "TextArea" and result = "txa"
+    or
+    typename = "FileField" and result = "fle"
+    or
+    typename = "PasswordField" and result = "pwd"
+    or
+    typename = "Hidden" and result = "hdn"
+    or
+    typename = "Table" and result = "tbl"
+    or
+    typename = "FlowLayoutPanel" and result = "flp"
+    or
+    typename = "GridLayoutPanel" and result = "glp"
+    or
+    typename = "HorizontalRule" and result = "hr"
+  )
 }
 
-from Field f, RefType t, string name, string prefix
+from Field f, RefType t, string name, string prefix, string qualifier, string type
 where
   f.getType() = t and
   f.getName() = name and
-  prefix = prefix(t.getQualifiedName()) and
+  t.hasQualifiedName(qualifier, type) and
+  prefix = prefix(qualifier, type) and
   not name.matches(prefix + "%")
 select f, "This field should have the prefix '" + prefix + "' to match its types."
diff --git a/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql b/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
index 2bf51653d99..53660128959 100644
--- a/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql	
+++ b/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql	
@@ -29,7 +29,7 @@ predicate usedInHumanWrittenCode(Field f) {
 
 from Field field, ValueOrRefType widget, string prefix
 where
-  widget.getABaseType*().hasQualifiedName("System.Windows.Forms.Control") and
+  widget.getABaseType*().hasQualifiedName("System.Windows.Forms", "Control") and
   field.getType() = widget and
   field.getName().regexpMatch(prefix + "[0-9]+") and
   controlName(prefix) and
diff --git a/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql b/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
index 05424066c41..fbf9ea069ea 100644
--- a/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql	
+++ b/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql	
@@ -14,30 +14,30 @@ import semmle.code.csharp.commons.Util
 predicate isConsoleOutRedefinedSomewhere() {
   exists(MethodCall mc |
     mc.getTarget().hasName("SetOut") and
-    mc.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+    mc.getTarget().getDeclaringType().hasQualifiedName("System", "Console")
   )
 }
 
 predicate isConsoleErrorRedefinedSomewhere() {
   exists(MethodCall mc |
     mc.getTarget().hasName("SetError") and
-    mc.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+    mc.getTarget().getDeclaringType().hasQualifiedName("System", "Console")
   )
 }
 
 predicate isCallToConsoleWrite(MethodCall mc) {
   mc.getTarget().getName().matches("Write%") and
-  mc.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+  mc.getTarget().getDeclaringType().hasQualifiedName("System", "Console")
 }
 
 predicate isAccessToConsoleOut(PropertyAccess pa) {
   pa.getTarget().hasName("Out") and
-  pa.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+  pa.getTarget().getDeclaringType().hasQualifiedName("System", "Console")
 }
 
 predicate isAccessToConsoleError(PropertyAccess pa) {
   pa.getTarget().hasName("Error") and
-  pa.getTarget().getDeclaringType().hasQualifiedName("System.Console")
+  pa.getTarget().getDeclaringType().hasQualifiedName("System", "Console")
 }
 
 from Expr e
diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
index 46be24580ef..8110355ef6a 100644
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+No user-facing changes.
+
 ## 0.4.3
 
 No user-facing changes.
diff --git a/csharp/ql/src/Concurrency/Concurrency.qll b/csharp/ql/src/Concurrency/Concurrency.qll
index b2d5e97f28e..da14cfdb8e5 100644
--- a/csharp/ql/src/Concurrency/Concurrency.qll
+++ b/csharp/ql/src/Concurrency/Concurrency.qll
@@ -5,7 +5,7 @@ import csharp
 private class WaitCall extends MethodCall {
   WaitCall() {
     this.getTarget().hasName("Wait") and
-    this.getTarget().getDeclaringType().hasQualifiedName("System.Threading.Monitor")
+    this.getTarget().getDeclaringType().hasQualifiedName("System.Threading", "Monitor")
   }
 
   Expr getExpr() { result = this.getArgument(0) }
@@ -30,12 +30,12 @@ class WaitStmt extends ExprStmt {
 
 private class SynchronizedMethodAttribute extends Attribute {
   SynchronizedMethodAttribute() {
-    this.getType().hasQualifiedName("System.Runtime.CompilerServices.MethodImplAttribute") and
+    this.getType().hasQualifiedName("System.Runtime.CompilerServices", "MethodImplAttribute") and
     exists(MemberConstantAccess a, MemberConstant mc |
       a = this.getArgument(0) and
       a.getTarget() = mc and
       mc.hasName("Synchronized") and
-      mc.getDeclaringType().hasQualifiedName("System.Runtime.CompilerServices.MethodImplOptions")
+      mc.getDeclaringType().hasQualifiedName("System.Runtime.CompilerServices", "MethodImplOptions")
     )
   }
 }
diff --git a/csharp/ql/src/Concurrency/ThreadCreation.qll b/csharp/ql/src/Concurrency/ThreadCreation.qll
index 43cb9da20e6..3ef6726ef2f 100644
--- a/csharp/ql/src/Concurrency/ThreadCreation.qll
+++ b/csharp/ql/src/Concurrency/ThreadCreation.qll
@@ -9,14 +9,18 @@ import Concurrency
  */
 class ThreadStartingCallable extends Callable {
   ThreadStartingCallable() {
-    this.(Constructor).getDeclaringType().getQualifiedName() = "System.Threading.Tasks.Task" or
-    this.(Method).getQualifiedName() = "System.Threading.Tasks.Task.Run" or
-    this.(Constructor).getDeclaringType().getQualifiedName() = "System.Threading.Thread" or
-    this.(Method).getQualifiedName() = "System.Threading.Thread.Start" or
-    this.(Constructor)
-        .getDeclaringType()
-        .getQualifiedName()
-        .matches("System.Threading.Tasks.Task<%>")
+    this.(Constructor).getDeclaringType().hasQualifiedName("System.Threading.Tasks", "Task")
+    or
+    this.(Method).hasQualifiedName("System.Threading.Tasks", "Task", "Run")
+    or
+    this.(Constructor).getDeclaringType().hasQualifiedName("System.Threading", "Thread")
+    or
+    this.(Method).hasQualifiedName("System.Threading", "Thread", "Start")
+    or
+    exists(string name |
+      this.(Constructor).getDeclaringType().hasQualifiedName("System.Threading.Tasks", name) and
+      name.matches("Task<%>")
+    )
   }
 }
 
diff --git a/csharp/ql/src/Dead Code/DeadCode.qll b/csharp/ql/src/Dead Code/DeadCode.qll
index dd0f6104e31..0718312867f 100644
--- a/csharp/ql/src/Dead Code/DeadCode.qll	
+++ b/csharp/ql/src/Dead Code/DeadCode.qll	
@@ -26,7 +26,7 @@ Expr getAnAccessByDynamicCall(Method m) {
   exists(MethodCall mc, Method target |
     target = mc.getTarget() and
     target.hasName("InvokeMember") and
-    target.getDeclaringType().hasQualifiedName("System.Type") and
+    target.getDeclaringType().hasQualifiedName("System", "Type") and
     mc.getArgument(0).(StringLiteral).getValue() = m.getName() and
     mc.getArgument(3).getType().(RefType).hasMethod(m) and
     result = mc
@@ -42,7 +42,7 @@ Expr getAMethodAccess(Method m) {
 
 predicate potentiallyAccessedByForEach(Method m) {
   m.hasName("GetEnumerator") and
-  m.getDeclaringType().getABaseType+().hasQualifiedName("System.Collections.IEnumerable")
+  m.getDeclaringType().getABaseType+().hasQualifiedName("System.Collections", "IEnumerable")
   or
   foreach_stmt_desugar(_, m, 1)
 }
diff --git a/csharp/ql/src/Dead Code/DeadRefTypes.ql b/csharp/ql/src/Dead Code/DeadRefTypes.ql
index f3949891271..d881e715f48 100644
--- a/csharp/ql/src/Dead Code/DeadRefTypes.ql	
+++ b/csharp/ql/src/Dead Code/DeadRefTypes.ql	
@@ -16,15 +16,13 @@ import semmle.code.csharp.frameworks.Test
 import semmle.code.csharp.metrics.Coupling
 
 predicate potentiallyUsedFromXaml(RefType t) {
-  exists(string name | name = t.getABaseType*().getQualifiedName() |
-    name = "System.Windows.Data.IValueConverter" or
-    name = "System.Windows.Data.IMultiValueConverter"
-  )
+  t.getABaseType*()
+      .hasQualifiedName("System.Windows.Data", ["IValueConverter", "IMultiValueConverter"])
 }
 
 class ExportAttribute extends Attribute {
   ExportAttribute() {
-    getType().hasQualifiedName("System.ComponentModel.Composition.ExportAttribute")
+    getType().hasQualifiedName("System.ComponentModel.Composition", "ExportAttribute")
   }
 }
 
diff --git a/csharp/ql/src/Documentation/XmldocMissingException.ql b/csharp/ql/src/Documentation/XmldocMissingException.ql
index a5c06c598c7..94cd5e96e33 100644
--- a/csharp/ql/src/Documentation/XmldocMissingException.ql
+++ b/csharp/ql/src/Documentation/XmldocMissingException.ql
@@ -10,6 +10,7 @@
  */
 
 import Documentation
+import semmle.code.csharp.commons.QualifiedName
 
 from SourceMethodOrConstructor m, ThrowElement throw, RefType throwType
 where
@@ -20,8 +21,15 @@ where
     comment = getADeclarationXmlComment(m) and
     exceptionName = comment.getCref(offset) and
     throwType.getABaseType*() = throwBaseType and
-    (throwBaseType.hasName(exceptionName) or throwBaseType.hasQualifiedName(exceptionName))
-    // and comment.hasBody(offset) // Too slow
+    (
+      throwBaseType.hasName(exceptionName)
+      or
+      exists(string qualifier, string type |
+        splitQualifiedName(exceptionName, qualifier, type) and
+        throwBaseType.hasQualifiedName(qualifier, type)
+      )
+      // and comment.hasBody(offset) // Too slow
+    )
   ) and
   not getADeclarationXmlComment(m) instanceof InheritDocXmlComment
 select m, "Exception $@ should be documented.", throw, throw.getExpr().getType().getName()
diff --git a/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql b/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
index 23f786be49a..f281601a554 100644
--- a/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql	
+++ b/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql	
@@ -13,9 +13,9 @@
 import csharp
 import semmle.code.csharp.commons.Assertions
 
-private predicate propertyOverrides(Property p, string baseClass, string property) {
+private predicate propertyOverrides(Property p, string qualifier, string baseClass, string property) {
   exists(Property p2 |
-    p2.getUnboundDeclaration().getDeclaringType().hasQualifiedName(baseClass) and
+    p2.getUnboundDeclaration().getDeclaringType().hasQualifiedName(qualifier, baseClass) and
     p2.hasName(property)
   |
     p.overridesOrImplementsOrEquals(p2)
@@ -24,16 +24,16 @@ private predicate propertyOverrides(Property p, string baseClass, string propert
 
 private predicate containerSizeAccess(PropertyAccess pa, string containerKind) {
   (
-    propertyOverrides(pa.getTarget(), "System.Collections.Generic.ICollection<>", "Count") or
-    propertyOverrides(pa.getTarget(), "System.Collections.Generic.IReadOnlyCollection<>", "Count") or
-    propertyOverrides(pa.getTarget(), "System.Collections.ICollection", "Count")
+    propertyOverrides(pa.getTarget(), "System.Collections.Generic", "ICollection<>", "Count") or
+    propertyOverrides(pa.getTarget(), "System.Collections.Generic", "IReadOnlyCollection<>", "Count") or
+    propertyOverrides(pa.getTarget(), "System.Collections", "ICollection", "Count")
   ) and
   containerKind = "a collection"
   or
   (
-    propertyOverrides(pa.getTarget(), "System.String", "Length") and containerKind = "a string"
+    propertyOverrides(pa.getTarget(), "System", "String", "Length") and containerKind = "a string"
     or
-    propertyOverrides(pa.getTarget(), "System.Array", "Length") and containerKind = "an array"
+    propertyOverrides(pa.getTarget(), "System", "Array", "Length") and containerKind = "an array"
   )
 }
 
diff --git a/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql b/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
index 838406ab82e..814ccd99e4e 100644
--- a/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql	
+++ b/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql	
@@ -20,14 +20,14 @@ class UnsafeYearCreationFromArithmeticConfiguration extends TaintTracking::Confi
   override predicate isSource(DataFlow::Node source) {
     exists(ArithmeticOperation ao, PropertyAccess pa | ao = source.asExpr() |
       pa = ao.getAChild*() and
-      pa.getProperty().hasQualifiedName("System.DateTime.Year")
+      pa.getProperty().hasQualifiedName("System.DateTime", "Year")
     )
   }
 
   override predicate isSink(DataFlow::Node sink) {
     exists(ObjectCreation oc |
       sink.asExpr() = oc.getArgumentForName("year") and
-      oc.getObjectType().getABaseType*().hasQualifiedName("System.DateTime")
+      oc.getObjectType().getABaseType*().hasQualifiedName("System", "DateTime")
     )
   }
 }
diff --git a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql
index 0f4c5f0d1a0..6699f863631 100644
--- a/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql	
+++ b/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql	
@@ -23,8 +23,8 @@ predicate isEraStart(int year, int month, int day) {
 
 predicate isExactEraStartDateCreation(ObjectCreation cr) {
   (
-    cr.getType().hasQualifiedName("System.DateTime") or
-    cr.getType().hasQualifiedName("System.DateTimeOffset")
+    cr.getType().hasQualifiedName("System", "DateTime") or
+    cr.getType().hasQualifiedName("System", "DateTimeOffset")
   ) and
   isEraStart(cr.getArgument(0).getValue().toInt(), cr.getArgument(1).getValue().toInt(),
     cr.getArgument(2).getValue().toInt())
@@ -32,8 +32,10 @@ predicate isExactEraStartDateCreation(ObjectCreation cr) {
 
 predicate isDateFromJapaneseCalendarToDateTime(MethodCall mc) {
   (
-    mc.getQualifier().getType().hasQualifiedName("System.Globalization.JapaneseCalendar") or
-    mc.getQualifier().getType().hasQualifiedName("System.Globalization.JapaneseLunisolarCalendar")
+    mc.getQualifier().getType().hasQualifiedName("System.Globalization", "JapaneseCalendar") or
+    mc.getQualifier()
+        .getType()
+        .hasQualifiedName("System.Globalization", "JapaneseLunisolarCalendar")
   ) and
   mc.getTarget().hasName("ToDateTime") and
   mc.getArgument(0).hasValue() and
@@ -47,16 +49,16 @@ predicate isDateFromJapaneseCalendarToDateTime(MethodCall mc) {
 
 predicate isDateFromJapaneseCalendarCreation(ObjectCreation cr) {
   (
-    cr.getType().hasQualifiedName("System.DateTime") or
-    cr.getType().hasQualifiedName("System.DateTimeOffset")
+    cr.getType().hasQualifiedName("System", "DateTime") or
+    cr.getType().hasQualifiedName("System", "DateTimeOffset")
   ) and
   (
     cr.getArgumentForName("calendar")
         .getType()
-        .hasQualifiedName("System.Globalization.JapaneseCalendar") or
+        .hasQualifiedName("System.Globalization", "JapaneseCalendar") or
     cr.getArgumentForName("calendar")
         .getType()
-        .hasQualifiedName("System.Globalization.JapaneseLunisolarCalendar")
+        .hasQualifiedName("System.Globalization", "JapaneseLunisolarCalendar")
   ) and
   cr.getArgumentForName("year").hasValue()
 }
diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
index 392c3e843d7..16ddedd6400 100644
--- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql	
+++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql	
@@ -19,7 +19,7 @@ import semmle.code.csharp.frameworks.system.collections.Generic
 class UnsafeField extends Field {
   UnsafeField() {
     this.isStatic() and
-    not this.getAnAttribute().getType().getQualifiedName() = "System.ThreadStaticAttribute" and
+    not this.getAnAttribute().getType().hasQualifiedName("System", "ThreadStaticAttribute") and
     this.getType() instanceof UsesICryptoTransform
   }
 }
diff --git a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql
index 01faeb6ba75..85a7d7ff53a 100644
--- a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql	
+++ b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql	
@@ -10,11 +10,16 @@
  */
 
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 import semmle.code.csharp.security.dataflow.ExternalAPIsQuery
 import DataFlow::PathGraph
 
-from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from
+  UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink,
+  string qualifier, string name
+where
+  config.hasFlowPath(source, sink) and
+  sink.getNode().(ExternalApiDataNode).hasQualifiedName(qualifier, name)
 select sink, source, sink,
-  "Call to " + sink.getNode().(ExternalApiDataNode).getCallableDescription() +
-    " with untrusted data from $@.", source, source.toString()
+  "Call to " + getQualifiedName(qualifier, name) + " with untrusted data from $@.", source,
+  source.toString()
diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
index 038dc267d14..c537a85c1f1 100644
--- a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql	
+++ b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql	
@@ -27,7 +27,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       mc.getTarget().hasName("WriteRaw") and
-      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Xml.XmlWriter")
+      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Xml", "XmlWriter")
     |
       mc.getArgument(0) = sink.asExpr()
     )
@@ -39,7 +39,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
       mc.getTarget()
           .getDeclaringType()
           .getABaseType*()
-          .hasQualifiedName("System.Security.SecurityElement")
+          .hasQualifiedName("System.Security", "SecurityElement")
     |
       mc = node.asExpr()
     )
diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
index 3ca894db15a..c0990112188 100644
--- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql	
+++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql	
@@ -3,7 +3,7 @@
  * @description Loading a .NET assembly based on a path constructed from user-controlled sources
  *              may allow a malicious user to load code which modifies the program in unintended
  *              ways.
- * @kind problem
+ * @kind path-problem
  * @id cs/assembly-path-injection
  * @problem.severity error
  * @security-severity 8.2
@@ -15,6 +15,7 @@
 import csharp
 import semmle.code.csharp.security.dataflow.flowsources.Remote
 import semmle.code.csharp.commons.Util
+import DataFlow::PathGraph
 
 /**
  * A taint-tracking configuration for untrusted user input used to load a DLL.
@@ -33,7 +34,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
       mc.getTarget()
           .getDeclaringType()
           .getABaseType*()
-          .hasQualifiedName("System.Reflection.Assembly") and
+          .hasQualifiedName("System.Reflection", "Assembly") and
       mc.getArgument(arg) = sink.asExpr()
     |
       name = "LoadFrom" and arg = 0 and mc.getNumberOfArguments() = [1 .. 2]
@@ -47,6 +48,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
   }
 }
 
-from TaintTrackingConfiguration c, DataFlow::Node source, DataFlow::Node sink
-where c.hasFlow(source, sink)
-select sink, "This assembly path depends on a $@.", source, "user-provided value"
+from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
+where c.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "This assembly path depends on a $@.", source,
+  "user-provided value"
diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
index 8f30847cde0..8e516f44d4a 100644
--- a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql	
+++ b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql	
@@ -1,7 +1,7 @@
 /**
  * @name Hard-coded encryption key
  * @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hard-coded value.
- * @kind problem
+ * @kind path-problem
  * @id cs/hardcoded-key
  * @problem.severity error
  * @security-severity 8.1
@@ -15,6 +15,7 @@
 
 import csharp
 import semmle.code.csharp.security.cryptography.EncryptionKeyDataFlowQuery
+import DataFlow::PathGraph
 
 /**
  * The creation of a literal byte array.
@@ -36,7 +37,13 @@ class StringLiteralSource extends KeySource {
   StringLiteralSource() { this.asExpr() instanceof StringLiteral }
 }
 
-from SymmetricKeyTaintTrackingConfiguration keyFlow, KeySource src, SymmetricEncryptionKeySink sink
-where keyFlow.hasFlow(src, sink)
-select sink, "This hard-coded $@ is used in symmetric algorithm in " + sink.getDescription(), src,
+from
+  SymmetricKeyTaintTrackingConfiguration keyFlow, DataFlow::PathNode source,
+  DataFlow::PathNode sink, KeySource srcNode, SymmetricEncryptionKeySink sinkNode
+where
+  keyFlow.hasFlowPath(source, sink) and
+  source.getNode() = srcNode and
+  sink.getNode() = sinkNode
+select sink.getNode(), source, sink,
+  "This hard-coded $@ is used in symmetric algorithm in " + sinkNode.getDescription(), srcNode,
   "symmetric key"
diff --git a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql
index 4f7e04f1175..fefd27727ec 100644
--- a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql	
+++ b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql	
@@ -21,7 +21,7 @@ class AddCertToRootStoreConfig extends DataFlow::Configuration {
     exists(ObjectCreation oc | oc = source.asExpr() |
       oc.getType()
           .(RefType)
-          .hasQualifiedName("System.Security.Cryptography.X509Certificates.X509Store") and
+          .hasQualifiedName("System.Security.Cryptography.X509Certificates", "X509Store") and
       oc.getArgument(0).(Access).getTarget().hasName("Root")
     )
   }
@@ -30,9 +30,10 @@ class AddCertToRootStoreConfig extends DataFlow::Configuration {
     exists(MethodCall mc |
       (
         mc.getTarget()
-            .hasQualifiedName("System.Security.Cryptography.X509Certificates.X509Store", "Add") or
+            .hasQualifiedName("System.Security.Cryptography.X509Certificates", "X509Store", "Add") or
         mc.getTarget()
-            .hasQualifiedName("System.Security.Cryptography.X509Certificates.X509Store", "AddRange")
+            .hasQualifiedName("System.Security.Cryptography.X509Certificates", "X509Store",
+              "AddRange")
       ) and
       sink.asExpr() = mc.getQualifier()
     )
diff --git a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
index ffdb7220f01..e158ac6b366 100644
--- a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql	
+++ b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql	
@@ -30,7 +30,7 @@ predicate loginMethod(Method m, ControlFlow::SuccessorType flowFrom) {
 /** The `System.Web.SessionState.HttpSessionState` class. */
 class SystemWebSessionStateHttpSessionStateClass extends Class {
   SystemWebSessionStateHttpSessionStateClass() {
-    this.hasQualifiedName("System.Web.SessionState.HttpSessionState")
+    this.hasQualifiedName("System.Web.SessionState", "HttpSessionState")
   }
 
   /** Gets the `Abandon` method. */
diff --git a/csharp/ql/src/Stubs/Stubs.qll b/csharp/ql/src/Stubs/Stubs.qll
index 1e562eb3aa7..e4787a9b5ce 100644
--- a/csharp/ql/src/Stubs/Stubs.qll
+++ b/csharp/ql/src/Stubs/Stubs.qll
@@ -12,6 +12,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.commons.QualifiedName
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.dotnet.DotNet as DotNet // added to handle VoidType as a ValueOrRefType
 
@@ -114,15 +115,18 @@ abstract private class GeneratedType extends Type, GeneratedElement {
   }
 
   private string stubAttributes() {
-    if this.(ValueOrRefType).getAnAttribute().getType().getQualifiedName() = "System.FlagsAttribute"
+    if this.(ValueOrRefType).getAnAttribute().getType().hasQualifiedName("System", "FlagsAttribute")
     then result = "[System.Flags]\n"
     else result = ""
   }
 
   private string stubComment() {
-    result =
-      "// Generated from `" + this.getQualifiedName() + "` in `" +
-        concat(this.getALocation().toString(), "; ") + "`\n"
+    exists(string qualifier, string name |
+      this.hasQualifiedName(qualifier, name) and
+      result =
+        "// Generated from `" + getQualifiedName(qualifier, name) + "` in `" +
+          concat(this.getALocation().toString(), "; ") + "`\n"
+    )
   }
 
   /** Gets the entire C# stub code for this type. */
@@ -154,7 +158,7 @@ abstract private class GeneratedType extends Type, GeneratedElement {
   private ValueOrRefType getAnInterestingBaseType() {
     result = this.(ValueOrRefType).getABaseType() and
     not result instanceof ObjectType and
-    not result.getQualifiedName() = "System.ValueType" and
+    not result.hasQualifiedName("System", "ValueType") and
     (not result instanceof Interface or result.(Interface).isEffectivelyPublic())
   }
 
@@ -461,7 +465,7 @@ private string stubQualifiedNamePrefix(ValueOrRefType t) {
   then result = ""
   else
     if t.getParent() instanceof Namespace
-    then result = t.getDeclaringNamespace().getQualifiedName() + "."
+    then result = t.getDeclaringNamespace().getFullName() + "."
     else result = stubClassName(t.getDeclaringType()) + "."
 }
 
diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll
index d4cc0ae43cc..d1464c4ef56 100644
--- a/csharp/ql/src/Telemetry/ExternalApi.qll
+++ b/csharp/ql/src/Telemetry/ExternalApi.qll
@@ -17,22 +17,34 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 class TestLibrary extends RefType {
   TestLibrary() {
     this.getNamespace()
-        .getQualifiedName()
+        .getFullName()
         .matches([
             "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%"
           ])
   }
 }
 
+/** Holds if the given callable is not worth supporting. */
+private predicate isUninteresting(DotNet::Callable c) {
+  c.getDeclaringType() instanceof TestLibrary or
+  c.(Constructor).isParameterless()
+}
+
 /**
  * An external API from either the C# Standard Library or a 3rd party library.
  */
 class ExternalApi extends DotNet::Callable {
-  ExternalApi() { this.isUnboundDeclaration() and this.fromLibrary() }
+  ExternalApi() {
+    this.isUnboundDeclaration() and
+    this.fromLibrary() and
+    this.(Modifiable).isEffectivelyPublic() and
+    not isUninteresting(this)
+  }
 
   /**
    * Gets the unbound type, name and parameter types of this API.
    */
+  bindingset[this]
   private string getSignature() {
     result =
       this.getDeclaringType().getUnboundDeclaration() + "." + this.getName() + "(" +
@@ -42,41 +54,33 @@ class ExternalApi extends DotNet::Callable {
   /**
    * Gets the namespace of this API.
    */
-  private string getNamespace() { this.getDeclaringType().hasQualifiedName(result, _) }
+  bindingset[this]
+  string getNamespace() { this.getDeclaringType().hasQualifiedName(result, _) }
 
   /**
-   * Gets the assembly file name containing this API.
+   * Gets the namespace and signature of this API.
    */
-  private string getAssembly() { result = this.getFile().getBaseName() }
-
-  /**
-   * Gets the assembly file name and namespace of this API.
-   */
-  string getInfoPrefix() { result = this.getAssembly() + "#" + this.getNamespace() }
-
-  /**
-   * Gets the assembly file name, namespace and signature of this API.
-   */
-  string getInfo() { result = this.getInfoPrefix() + "#" + this.getSignature() }
-
-  /** Gets a call to this API callable. */
-  DispatchCall getACall() {
-    this = result.getADynamicTarget().getUnboundDeclaration()
-    or
-    this = result.getAStaticTarget().getUnboundDeclaration()
-  }
+  bindingset[this]
+  string getApiName() { result = this.getNamespace() + "#" + this.getSignature() }
 
   /** Gets a node that is an input to a call to this API. */
   private ArgumentNode getAnInput() {
-    result.getCall().(DataFlowDispatch::NonDelegateDataFlowCall).getDispatchCall() = this.getACall()
+    result
+        .getCall()
+        .(DataFlowDispatch::NonDelegateDataFlowCall)
+        .getATarget(_)
+        .getUnboundDeclaration() = this
   }
 
   /** Gets a node that is an output from a call to this API. */
   private DataFlow::Node getAnOutput() {
-    exists(DataFlowDispatch::NonDelegateDataFlowCall call, DataFlowImplCommon::ReturnKindExt ret |
-      result = ret.getAnOutNode(call)
+    exists(
+      Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret
     |
-      this.getACall() = call.getDispatchCall()
+      dc.getDispatchCall().getCall() = c and
+      c.getTarget().getUnboundDeclaration() = this
+    |
+      result = ret.getAnOutNode(dc)
     )
   }
 
@@ -87,17 +91,6 @@ class ExternalApi extends DotNet::Callable {
     defaultAdditionalTaintStep(this.getAnInput(), _)
   }
 
-  /** Holds if this API is a constructor without parameters. */
-  private predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
-  }
-
-  /** Holds if this API is part of a common testing library or framework. */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
-
-  /** Holds if this API is not worth supporting. */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
   /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
@@ -125,30 +118,30 @@ signature predicate relevantApi(ExternalApi api);
  * for restricting the number or returned results based on a certain limit.
  */
 module Results<relevantApi/1 getRelevantUsages> {
-  private int getUsages(string apiInfo) {
+  private int getUsages(string apiName) {
     result =
-      strictcount(DispatchCall c, ExternalApi api |
-        c = api.getACall() and
-        apiInfo = api.getInfo() and
+      strictcount(Call c, ExternalApi api |
+        c.getTarget().getUnboundDeclaration() = api and
+        apiName = api.getApiName() and
         getRelevantUsages(api)
       )
   }
 
-  private int getOrder(string apiInfo) {
-    apiInfo =
-      rank[result](string info, int usages |
-        usages = getUsages(info)
+  private int getOrder(string apiName) {
+    apiName =
+      rank[result](string name, int usages |
+        usages = getUsages(name)
       |
-        info order by usages desc, info
+        name order by usages desc, name
       )
   }
 
   /**
-   * Holds if there exists an API with `apiInfo` that is being used `usages` times
+   * Holds if there exists an API with `apiName` that is being used `usages` times
    * and if it is in the top results (guarded by resultLimit).
    */
-  predicate restrict(string apiInfo, int usages) {
-    usages = getUsages(apiInfo) and
-    getOrder(apiInfo) <= resultLimit()
+  predicate restrict(string apiName, int usages) {
+    usages = getUsages(apiName) and
+    getOrder(apiName) <= resultLimit()
   }
 }
diff --git a/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql b/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
index dfc1a8e062c..f28fa1c76fb 100644
--- a/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
+++ b/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
@@ -1,6 +1,6 @@
 /**
  * @name External libraries
- * @description A list of external libraries used in the code
+ * @description A list of external libraries used in the code given by their namespace.
  * @kind metric
  * @tags summary telemetry
  * @id csharp/telemetry/external-libs
@@ -10,23 +10,22 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate getRelevantUsages(string info, int usages) {
+private predicate getRelevantUsages(string namespace, int usages) {
   usages =
-    strictcount(DispatchCall c, ExternalApi api |
-      c = api.getACall() and
-      api.getInfoPrefix() = info and
-      not api.isUninteresting()
+    strictcount(Call c, ExternalApi api |
+      c.getTarget().getUnboundDeclaration() = api and
+      api.getNamespace() = namespace
     )
 }
 
-private int getOrder(string info) {
-  info =
+private int getOrder(string namespace) {
+  namespace =
     rank[result](string i, int usages | getRelevantUsages(i, usages) | i order by usages desc, i)
 }
 
-from ExternalApi api, string info, int usages
+from ExternalApi api, string namespace, int usages
 where
-  info = api.getInfoPrefix() and
-  getRelevantUsages(info, usages) and
-  getOrder(info) <= resultLimit()
-select info, usages order by usages desc
+  namespace = api.getNamespace() and
+  getRelevantUsages(namespace, usages) and
+  getOrder(namespace) <= resultLimit()
+select namespace, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/SupportedExternalApis.ql b/csharp/ql/src/Telemetry/SupportedExternalApis.ql
new file mode 100644
index 00000000000..1aa08bbd3aa
--- /dev/null
+++ b/csharp/ql/src/Telemetry/SupportedExternalApis.ql
@@ -0,0 +1,21 @@
+/**
+ * @name Usage of supported APIs coming from external libraries
+ * @description A list of supported 3rd party APIs used in the codebase. Excludes APIs exposed by test libraries.
+ * @kind metric
+ * @tags summary telemetry
+ * @id csharp/telemetry/supported-external-api
+ */
+
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+private import ExternalApi
+
+private predicate relevant(ExternalApi api) {
+  api.isSupported() or
+  api instanceof FlowSummaryImpl::Public::NeutralCallable
+}
+
+from string info, int usages
+where Results<relevant/1>::restrict(info, usages)
+select info, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
index 4eb42c4628f..542834bc057 100644
--- a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
+++ b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSink()
-}
+private predicate relevant(ExternalApi api) { api.isSink() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)
diff --git a/csharp/ql/src/Telemetry/SupportedExternalSources.ql b/csharp/ql/src/Telemetry/SupportedExternalSources.ql
index 0d0b38a4754..d2293b2d3cf 100644
--- a/csharp/ql/src/Telemetry/SupportedExternalSources.ql
+++ b/csharp/ql/src/Telemetry/SupportedExternalSources.ql
@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSource()
-}
+private predicate relevant(ExternalApi api) { api.isSource() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)
diff --git a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
index 3eccf73b58b..a76467f0142 100644
--- a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
+++ b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.hasSummary()
-}
+private predicate relevant(ExternalApi api) { api.hasSummary() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)
diff --git a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
index 618f26e6636..01d9e280133 100644
--- a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+++ b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -12,9 +12,8 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma
 private import ExternalApi
 
 private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
   not api.isSupported() and
-  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
+  not api instanceof FlowSummaryImpl::Public::NeutralCallable
 }
 
 from string info, int usages
diff --git a/csharp/ql/src/change-notes/2022-12-01-supported-external-apis-query.md b/csharp/ql/src/change-notes/2022-12-01-supported-external-apis-query.md
new file mode 100644
index 00000000000..34bf2ef8409
--- /dev/null
+++ b/csharp/ql/src/change-notes/2022-12-01-supported-external-apis-query.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `csharp/telemetry/supported-external-api`, to detect supported 3rd party APIs used in a codebase.
diff --git a/csharp/ql/src/change-notes/2022-12-05-owin-uri-fix.md b/csharp/ql/src/change-notes/2022-12-05-owin-uri-fix.md
new file mode 100644
index 00000000000..e92df82a41c
--- /dev/null
+++ b/csharp/ql/src/change-notes/2022-12-05-owin-uri-fix.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixes a bug where the Owin.qll framework library will look for "URI" instead of "Uri" in the OwinRequest class.
diff --git a/csharp/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md b/csharp/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md
new file mode 100644
index 00000000000..39532da22c8
--- /dev/null
+++ b/csharp/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The extensible predicates for Models as Data have been renamed (the `ext` prefix has been removed). As an example `extSummaryModel` has been renamed to `summaryModel`.
\ No newline at end of file
diff --git a/csharp/ql/src/change-notes/released/0.4.4.md b/csharp/ql/src/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..33e1c91255d
--- /dev/null
+++ b/csharp/ql/src/change-notes/released/0.4.4.md
@@ -0,0 +1,3 @@
+## 0.4.4
+
+No user-facing changes.
diff --git a/csharp/ql/src/change-notes/released/0.4.5.md b/csharp/ql/src/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/csharp/ql/src/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/csharp/ql/src/change-notes/released/0.4.6.md b/csharp/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/csharp/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md b/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md
new file mode 100644
index 00000000000..9e2d667d2eb
--- /dev/null
+++ b/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `Constant Condition` query was extended to catch cases when `String.IsNullOrEmpty` returns a constant value. 
\ No newline at end of file
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll
index e9da88e0d27..5f04d766827 100644
--- a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll
+++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll
@@ -51,9 +51,7 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
 }
 
 /** A source of remote user input. */
-class RemoteSource extends Source {
-  RemoteSource() { this instanceof RemoteFlowSource }
-}
+class RemoteSource extends Source instanceof RemoteFlowSource { }
 
 /**
  * A path argument to a `WebClient` method call that has an address argument.
diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
index fd08734fb5f..868e1e29a13 100644
--- a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
+++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
@@ -58,9 +58,7 @@ module RequestForgery {
    * A remote data flow source taken as a source
    * for Server Side Request Forgery(SSRF) Vulnerabilities.
    */
-  private class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An url argument to a `HttpRequestMessage` constructor call
@@ -68,7 +66,7 @@ module RequestForgery {
    */
   private class SystemWebHttpRequestMessageSink extends Sink {
     SystemWebHttpRequestMessageSink() {
-      exists(Class c | c.hasQualifiedName("System.Net.Http.HttpRequestMessage") |
+      exists(Class c | c.hasQualifiedName("System.Net.Http", "HttpRequestMessage") |
         c.getAConstructor().getACall().getArgument(1) = this.asExpr()
       )
     }
@@ -81,7 +79,7 @@ module RequestForgery {
   private class SystemNetWebRequestCreateSink extends Sink {
     SystemNetWebRequestCreateSink() {
       exists(Method m |
-        m.getDeclaringType().hasQualifiedName("System.Net.WebRequest") and m.hasName("Create")
+        m.getDeclaringType().hasQualifiedName("System.Net", "WebRequest") and m.hasName("Create")
       |
         m.getACall().getArgument(0) = this.asExpr()
       )
@@ -95,7 +93,7 @@ module RequestForgery {
   private class SystemNetHttpClientSink extends Sink {
     SystemNetHttpClientSink() {
       exists(Method m |
-        m.getDeclaringType().hasQualifiedName("System.Net.Http.HttpClient") and
+        m.getDeclaringType().hasQualifiedName("System.Net.Http", "HttpClient") and
         m.hasName([
             "DeleteAsync", "GetAsync", "GetByteArrayAsync", "GetStreamAsync", "GetStringAsync",
             "PatchAsync", "PostAsync", "PutAsync"
@@ -112,10 +110,13 @@ module RequestForgery {
    */
   private class SystemNetClientBaseAddressSink extends Sink {
     SystemNetClientBaseAddressSink() {
-      exists(Property p |
+      exists(Property p, Type t |
         p.hasName("BaseAddress") and
-        p.getDeclaringType()
-            .hasQualifiedName(["System.Net.WebClient", "System.Net.Http.HttpClient"])
+        t = p.getDeclaringType() and
+        (
+          t.hasQualifiedName("System.Net", "WebClient") or
+          t.hasQualifiedName("System.Net.Http", "HttpClient")
+        )
       |
         p.getAnAssignedValue() = this.asExpr()
       )
@@ -128,7 +129,7 @@ module RequestForgery {
    * This guard considers all checks as valid.
    */
   private predicate baseUriGuard(Guard g, Expr e, AbstractValue v) {
-    g.(MethodCall).getTarget().hasQualifiedName("System.Uri", "IsBaseOf") and
+    g.(MethodCall).getTarget().hasQualifiedName("System", "Uri", "IsBaseOf") and
     // we consider any checks against the tainted value to sainitize the taint.
     // This implies any check such as shown below block the taint flow.
     // Uri url = new Uri("whitelist.com")
@@ -147,7 +148,7 @@ module RequestForgery {
    * This guard considers all checks as valid.
    */
   private predicate stringStartsWithGuard(Guard g, Expr e, AbstractValue v) {
-    g.(MethodCall).getTarget().hasQualifiedName("System.String", "StartsWith") and
+    g.(MethodCall).getTarget().hasQualifiedName("System", "String", "StartsWith") and
     // Any check such as the ones shown below
     // "https://myurl.com/".startsWith(`taint`)
     // `taint`.startsWith("https://myurl.com/")
@@ -168,7 +169,7 @@ module RequestForgery {
 
   private predicate pathCombineStep(DataFlow::Node prev, DataFlow::Node succ) {
     exists(MethodCall combineCall |
-      combineCall.getTarget().hasQualifiedName("System.IO.Path", "Combine") and
+      combineCall.getTarget().hasQualifiedName("System.IO", "Path", "Combine") and
       combineCall.getArgument(0) = prev.asExpr() and
       combineCall = succ.asExpr()
     )
@@ -176,7 +177,7 @@ module RequestForgery {
 
   private predicate uriCreationStep(DataFlow::Node prev, DataFlow::Node succ) {
     exists(ObjectCreation oc |
-      oc.getTarget().getDeclaringType().hasQualifiedName("System.Uri") and
+      oc.getTarget().getDeclaringType().hasQualifiedName("System", "Uri") and
       oc.getArgument(0) = prev.asExpr() and
       oc = succ.asExpr()
     )
@@ -217,7 +218,7 @@ module RequestForgery {
 
   private predicate formatConvertStep(DataFlow::Node prev, DataFlow::Node succ) {
     exists(Method m |
-      m.hasQualifiedName("System.Convert",
+      m.hasQualifiedName("System", "Convert",
         ["FromBase64String", "FromHexString", "FromBase64CharArray"]) and
       m.getParameter(0) = prev.asParameter() and
       succ.asExpr() = m.getACall()
diff --git a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
index eb1cb673ed2..be503fe31d1 100644
--- a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql	
+++ b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql	
@@ -18,7 +18,7 @@ import csharp
  */
 predicate isCreatingAzureClientSideEncryptionObject(ObjectCreation oc, Class c, Expr e) {
   exists(Parameter p | p.hasName("version") |
-    c.hasQualifiedName("Azure.Storage.ClientSideEncryptionOptions") and
+    c.hasQualifiedName("Azure.Storage", "ClientSideEncryptionOptions") and
     oc.getTarget() = c.getAConstructor() and
     e = oc.getArgumentForParameter(p)
   )
@@ -28,7 +28,7 @@ predicate isCreatingAzureClientSideEncryptionObject(ObjectCreation oc, Class c,
  * Holds if `oc` is an object creation of the outdated type `c` = `Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy`
  */
 predicate isCreatingOutdatedAzureClientSideEncryptionObject(ObjectCreation oc, Class c) {
-  c.hasQualifiedName("Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy") and
+  c.hasQualifiedName("Microsoft.Azure.Storage.Blob", "BlobEncryptionPolicy") and
   oc.getTarget() = c.getAConstructor()
 }
 
@@ -62,7 +62,7 @@ predicate isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(Expr version
  */
 predicate isExprAnAccessToSafeClientSideEncryptionVersionValue(Expr e) {
   exists(EnumConstant ec |
-    ec.hasQualifiedName("Azure.Storage.ClientSideEncryptionVersion.V2_0") and
+    ec.hasQualifiedName("Azure.Storage.ClientSideEncryptionVersion", "V2_0") and
     ec.getAnAccess() = e
   )
 }
diff --git a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql
index edcbf425497..a833ac79898 100644
--- a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql	
+++ b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql	
@@ -96,10 +96,10 @@ predicate hasAnotherHashCall(MethodCall mc) {
 predicate hasFurtherProcessing(MethodCall mc) {
   mc.getTarget().fromLibrary() and
   (
-    mc.getTarget().hasQualifiedName("System.Array", "Copy") or // Array.Copy(passwordHash, 0, password.Length), 0, key, 0, keyLen);
-    mc.getTarget().hasQualifiedName("System.String", "Concat") or // string.Concat(passwordHash, saltkey)
-    mc.getTarget().hasQualifiedName("System.Buffer", "BlockCopy") or // Buffer.BlockCopy(passwordHash, 0, allBytes, 0, 20)
-    mc.getTarget().hasQualifiedName("System.String", "Format") // String.Format("{0}:{1}:{2}", username, salt, password)
+    mc.getTarget().hasQualifiedName("System", "Array", "Copy") or // Array.Copy(passwordHash, 0, password.Length), 0, key, 0, keyLen);
+    mc.getTarget().hasQualifiedName("System", "String", "Concat") or // string.Concat(passwordHash, saltkey)
+    mc.getTarget().hasQualifiedName("System", "Buffer", "BlockCopy") or // Buffer.BlockCopy(passwordHash, 0, allBytes, 0, 20)
+    mc.getTarget().hasQualifiedName("System", "String", "Format") // String.Format("{0}:{1}:{2}", username, salt, password)
   )
 }
 
@@ -150,7 +150,7 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(MethodCall mc |
       mc.getTarget()
-          .hasQualifiedName("Windows.Security.Cryptography.CryptographicBuffer",
+          .hasQualifiedName("Windows.Security.Cryptography", "CryptographicBuffer",
             "ConvertStringToBinary") and
       mc.getArgument(0) = node1.asExpr() and
       mc = node2.asExpr()
diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
index bf9df3e5184..636400ceb33 100644
--- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll	
+++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll	
@@ -7,7 +7,7 @@ import DataFlow
 class TokenValidationParametersPropertySensitiveValidation extends Property {
   TokenValidationParametersPropertySensitiveValidation() {
     exists(Class c |
-      c.hasQualifiedName("Microsoft.IdentityModel.Tokens.TokenValidationParameters")
+      c.hasQualifiedName("Microsoft.IdentityModel.Tokens", "TokenValidationParameters")
     |
       c.getAProperty() = this and
       this.getName() in [
@@ -52,8 +52,10 @@ predicate isAssemblyOlderVersion(string assemblyName, string ver) {
  */
 class JsonWebTokenHandlerValidateTokenMethod extends Method {
   JsonWebTokenHandlerValidateTokenMethod() {
-    this.hasQualifiedName("Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateToken") or
-    this.hasQualifiedName("Microsoft.AzureAD.DeviceIdentification.Common.Tokens.JwtValidator.ValidateEncryptedToken")
+    this.hasQualifiedName("Microsoft.IdentityModel.JsonWebTokens", "JsonWebTokenHandler",
+      "ValidateToken") or
+    this.hasQualifiedName("Microsoft.AzureAD.DeviceIdentification.Common.Tokens", "JwtValidator",
+      "ValidateEncryptedToken")
   }
 }
 
@@ -99,7 +101,7 @@ private class FlowsToTokenValidationResultIsValidCall extends DataFlow::Configur
 class TokenValidationParametersProperty extends Property {
   TokenValidationParametersProperty() {
     exists(Class c |
-      c.hasQualifiedName("Microsoft.IdentityModel.Tokens.TokenValidationParameters")
+      c.hasQualifiedName("Microsoft.IdentityModel.Tokens", "TokenValidationParameters")
     |
       c.getAProperty() = this and
       this.getName() in [
@@ -158,7 +160,7 @@ class CallableAlwaysReturnsTrue extends Callable {
  */
 predicate callableOnlyThrowsArgumentNullException(Callable c) {
   forall(ThrowElement thre | c = thre.getEnclosingCallable() |
-    thre.getThrownExceptionType().hasQualifiedName("System.ArgumentNullException")
+    thre.getThrownExceptionType().hasQualifiedName("System", "ArgumentNullException")
   )
 }
 
diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
index 753dfb82999..2ee7c7edb1f 100644
--- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql	
+++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql	
@@ -14,9 +14,12 @@
 import csharp
 import DataFlow
 import JsonWebTokenHandlerLib
+import semmle.code.csharp.commons.QualifiedName
 
-from TokenValidationParametersProperty p, CallableAlwaysReturnsTrueHigherPrecision e
-where e = p.getAnAssignedValue()
+from
+  TokenValidationParametersProperty p, CallableAlwaysReturnsTrueHigherPrecision e, string qualifier,
+  string name
+where e = p.getAnAssignedValue() and p.hasQualifiedName(qualifier, name)
 select e,
   "JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns \"true\".",
-  p, p.getQualifiedName().toString()
+  p, getQualifiedName(qualifier, name)
diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql
index 9c2a5d3983f..84c846c3a91 100644
--- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql	
+++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql	
@@ -12,13 +12,15 @@
 
 import csharp
 import JsonWebTokenHandlerLib
+import semmle.code.csharp.commons.QualifiedName
 
 from
   FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation config,
   DataFlow::Node source, DataFlow::Node sink,
-  TokenValidationParametersPropertySensitiveValidation pw
+  TokenValidationParametersPropertySensitiveValidation pw, string qualifier, string name
 where
   config.hasFlow(source, sink) and
-  sink.asExpr() = pw.getAnAssignedValue()
+  sink.asExpr() = pw.getAnAssignedValue() and
+  pw.hasQualifiedName(qualifier, name)
 select sink, "The security sensitive property $@ is being disabled by the following value: $@.", pw,
-  pw.getQualifiedName().toString(), source, "false"
+  getQualifiedName(qualifier, name), source, "false"
diff --git a/csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll b/csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll
index a6230b0ff59..79aa9e30e5e 100644
--- a/csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll	
+++ b/csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll	
@@ -16,8 +16,8 @@ abstract class DataSetOrTableRelatedClass extends Class { }
  */
 class DataSetOrTable extends DataSetOrTableRelatedClass {
   DataSetOrTable() {
-    this.getABaseType*().getQualifiedName() = "System.Data.DataTable" or
-    this.getABaseType*().getQualifiedName() = "System.Data.DataSet"
+    this.getABaseType*().hasQualifiedName("System.Data", "DataTable") or
+    this.getABaseType*().hasQualifiedName("System.Data", "DataSet")
   }
 }
 
@@ -41,18 +41,18 @@ class ClassWithDataSetOrTableMember extends DataSetOrTableRelatedClass {
 class SerializableClass extends Class {
   SerializableClass() {
     (
-      this.getABaseType*().getQualifiedName() = "System.Xml.Serialization.XmlSerializer" or
-      this.getABaseType*().getQualifiedName() = "System.Runtime.Serialization.ISerializable" or
-      this.getABaseType*().getQualifiedName() = "System.Runtime.Serialization.XmlObjectSerializer" or
-      this.getABaseType*().getQualifiedName() =
-        "System.Runtime.Serialization.ISerializationSurrogateProvider" or
-      this.getABaseType*().getQualifiedName() =
-        "System.Runtime.Serialization.XmlSerializableServices" or
-      this.getABaseType*().getQualifiedName() = "System.Xml.Serialization.IXmlSerializable"
+      this.getABaseType*()
+          .hasQualifiedName("System.Xml.Serialization", ["XmlSerializer", "IXmlSerializable"]) or
+      this.getABaseType*()
+          .hasQualifiedName("System.Runtime.Serialization",
+            [
+              "ISerializable", "XmlObjectSerializer", "ISerializationSurrogateProvider",
+              "XmlSerializableServices"
+            ])
     )
     or
     exists(Attribute a | a = this.getAnAttribute() |
-      a.getType().getQualifiedName() = "System.SerializableAttribute"
+      a.getType().hasQualifiedName("System", "SerializableAttribute")
     )
   }
 }
@@ -77,13 +77,7 @@ class UnsafeXmlSerializerImplementation extends SerializableClass {
  */
 class UnsafeXmlReadMethod extends Method {
   UnsafeXmlReadMethod() {
-    this.getQualifiedName() = "System.Data.DataTable.ReadXml"
-    or
-    this.getQualifiedName() = "System.Data.DataTable.ReadXmlSchema"
-    or
-    this.getQualifiedName() = "System.Data.DataSet.ReadXml"
-    or
-    this.getQualifiedName() = "System.Data.DataSet.ReadXmlSchema"
+    this.hasQualifiedName("System.Data", ["DataTable", "DataSet"], ["ReadXml", "ReadXmlSchema"])
     or
     this.getName().matches("ReadXml%") and
     exists(Class c | c.getAMethod() = this |
diff --git a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
index f3a83b67926..5907e4be311 100644
--- a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql	
+++ b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql	
@@ -14,7 +14,9 @@ import DataSetSerialization
 predicate xmlSerializerConstructorArgument(Expr e) {
   exists(ObjectCreation oc, Constructor c | e = oc.getArgument(0) |
     c = oc.getTarget() and
-    c.getDeclaringType().getABaseType*().hasQualifiedName("System.Xml.Serialization.XmlSerializer")
+    c.getDeclaringType()
+        .getABaseType*()
+        .hasQualifiedName("System.Xml.Serialization", "XmlSerializer")
   )
 }
 
diff --git a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql
index 9de38f673ab..9ccbd675486 100644
--- a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql	
+++ b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql	
@@ -45,10 +45,8 @@ query predicate edges(DataFlow::PathNode a, DataFlow::PathNode b) {
  */
 class GetLastWriteTimeMethod extends Method {
   GetLastWriteTimeMethod() {
-    this.getQualifiedName() in [
-        "System.IO.File.GetLastWriteTime", "System.IO.File.GetFileCreationTime",
-        "System.IO.File.GetCreationTimeUtc", "System.IO.File.GetLastAccessTimeUtc"
-      ]
+    this.hasQualifiedName("System.IO.File",
+      ["GetLastWriteTime", "GetFileCreationTime", "GetCreationTimeUtc", "GetLastAccessTimeUtc"])
   }
 }
 
@@ -56,7 +54,7 @@ class GetLastWriteTimeMethod extends Method {
  * Abstracts `System.DateTime` structure
  */
 class DateTimeStruct extends Struct {
-  DateTimeStruct() { this.getQualifiedName() = "System.DateTime" }
+  DateTimeStruct() { this.hasQualifiedName("System", "DateTime") }
 
   /**
    * holds if the Callable is used for DateTime arithmetic operations
diff --git a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
index 5bb8a1dc6e9..6f5acf29f1d 100644
--- a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql	
+++ b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql	
@@ -44,7 +44,7 @@ predicate isGetHash(Expr arg) {
 }
 
 predicate isSuspiciousPropertyName(PropertyRead pr) {
-  pr.getTarget().getQualifiedName() = "System.Diagnostics.Process.ProcessName"
+  pr.getTarget().hasQualifiedName("System.Diagnostics", "Process", "ProcessName")
 }
 
 from DataFlow::PathNode src, DataFlow::PathNode sink, DataFlowFromMethodToHash conf
diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll
index e061a1371b2..bb1ab29e51c 100644
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll
@@ -128,7 +128,7 @@ private class TranslatedMonitorExit extends TranslatedCompilerGeneratedCall,
   override Callable getInstructionFunction(InstructionTag tag) {
     tag = CallTargetTag() and
     exists(Callable exit |
-      exit.getQualifiedName() = "System.Threading.Monitor.Exit" and
+      exit.hasQualifiedName("System.Threading.Monitor", "Exit") and
       result = exit
     )
   }
@@ -160,7 +160,7 @@ private class TranslatedMonitorEnter extends TranslatedCompilerGeneratedCall,
   override Callable getInstructionFunction(InstructionTag tag) {
     tag = CallTargetTag() and
     exists(Callable dispose |
-      dispose.getQualifiedName() = "System.Threading.Monitor.Enter" and
+      dispose.hasQualifiedName("System.Threading.Monitor", "Enter") and
       result = dispose
     )
   }
diff --git a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
index b7e2d1241a0..1c342affc5e 100644
--- a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
+++ b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
@@ -13,10 +13,9 @@ private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import Telemetry.ExternalApi
 
-from DispatchCall c, ExternalApi api
+from Call c, ExternalApi api
 where
-  c = api.getACall() and
-  not api.isUninteresting() and
+  c.getTarget().getUnboundDeclaration() = api and
   not api.isSupported() and
-  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
+  not api instanceof FlowSummaryImpl::Public::NeutralCallable
 select c, "Call to unsupported external API $@.", api, api.toString()
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
index 7f537bcae49..926a272097e 100644
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: 
   - csharp
   - queries
diff --git a/csharp/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql b/csharp/ql/src/utils/model-generator/CaptureNeutralModels.ql
similarity index 66%
rename from csharp/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql
rename to csharp/ql/src/utils/model-generator/CaptureNeutralModels.ql
index 9188b54ef40..9cf2b81ba7c 100644
--- a/csharp/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql
+++ b/csharp/ql/src/utils/model-generator/CaptureNeutralModels.ql
@@ -1,8 +1,8 @@
 /**
- * @name Capture negative summary models.
- * @description Finds negative summary models to be used by other queries.
+ * @name Capture neutral models.
+ * @description Finds neutral models to be used by other queries.
  * @kind diagnostic
- * @id cs/utils/model-generator/negative-summary-models
+ * @id cs/utils/model-generator/neutral-models
  * @tags model-generator
  */
 
diff --git a/csharp/ql/src/utils/model-generator/CaptureTypeBasedSummaryModels.ql b/csharp/ql/src/utils/model-generator/CaptureTypeBasedSummaryModels.ql
index 7cd23988321..f15a786f53f 100644
--- a/csharp/ql/src/utils/model-generator/CaptureTypeBasedSummaryModels.ql
+++ b/csharp/ql/src/utils/model-generator/CaptureTypeBasedSummaryModels.ql
@@ -6,7 +6,6 @@
  * @tags model-generator
  */
 
-import semmle.code.csharp.dataflow.ExternalFlow
 import utils.modelgenerator.internal.CaptureTypeBasedSummaryModels
 
 from TypeBasedFlowTargetApi api, string flow
diff --git a/csharp/ql/src/utils/model-generator/GenerateFlowModelExtensions.py b/csharp/ql/src/utils/model-generator/GenerateFlowModelExtensions.py
deleted file mode 100755
index 0e93d34c8cf..00000000000
--- a/csharp/ql/src/utils/model-generator/GenerateFlowModelExtensions.py
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/python3
-
-import sys
-import os.path
-import subprocess
-
-# Add Model as Data script directory to sys.path.
-gitroot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
-madpath = os.path.join(gitroot, "misc/scripts/models-as-data/")
-sys.path.append(madpath)
-
-import generate_flow_model_extensions as model
-
-language = "csharp"
-model.Generator.make(language).run()
\ No newline at end of file
diff --git a/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql b/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql
new file mode 100644
index 00000000000..5ca6ef9579c
--- /dev/null
+++ b/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql
@@ -0,0 +1,14 @@
+/**
+ * @name Extract MaD neutral model rows.
+ * @description This extracts the Models as data neutral model rows.
+ * @id csharp/utils/modelconverter/generate-data-extensions-neutral
+ */
+
+import csharp
+import semmle.code.csharp.dataflow.ExternalFlow
+
+from string package, string type, string name, string signature, string provenance
+where
+  neutralModel(package, type, name, signature, provenance) and
+  provenance != "generated"
+select package, type, name, signature, provenance order by package, type, name, signature
diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
index f40b028ba6d..893c62191b3 100644
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -58,9 +58,7 @@ private string asSummaryModel(TargetApiSpecific api, string input, string output
       + "generated"
 }
 
-string asNegativeSummaryModel(TargetApiSpecific api) {
-  result = asPartialNegativeModel(api) + "generated"
-}
+string asNeutralModel(TargetApiSpecific api) { result = asPartialNeutralModel(api) + "generated" }
 
 /**
  * Gets the value summary model for `api` with `input` and `output`.
diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
index 18366b1a5d6..1fc7636ca65 100644
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
@@ -35,10 +35,12 @@ private predicate isHigherOrder(CS::Callable api) {
  */
 private predicate isRelevantForModels(CS::Callable api) {
   [api.(CS::Modifiable), api.(CS::Accessor).getDeclaration()].isEffectivelyPublic() and
-  api.getDeclaringType().getNamespace().getQualifiedName() != "" and
+  api.getDeclaringType().getNamespace().getFullName() != "" and
   not api instanceof CS::ConversionOperator and
   not api instanceof Util::MainMethod and
-  not api instanceof CS::Destructor
+  not api instanceof CS::Destructor and
+  not api instanceof CS::AnonymousFunctionExpr and
+  not api.(CS::Constructor).isParameterless()
 }
 
 /**
@@ -68,7 +70,7 @@ class TargetApiSpecific extends DotNet::Callable {
 
 predicate asPartialModel = DataFlowPrivate::Csv::asPartialModel/1;
 
-predicate asPartialNegativeModel = DataFlowPrivate::Csv::asPartialNegativeModel/1;
+predicate asPartialNeutralModel = DataFlowPrivate::Csv::asPartialNeutralModel/1;
 
 /**
  * Holds if `t` is a type that is generally used for bulk data in collection types.
diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
index 2f16baec794..1ed6b9a4850 100644
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
@@ -85,10 +85,10 @@ string captureFlow(DataFlowTargetApi api) {
 }
 
 /**
- * Gets the negative summary for `api`, if any.
- * A negative summary is generated, if there does not exist any positive flow.
+ * Gets the neutral model for `api`, if any.
+ * A neutral model is generated, if there does not exist summary model.
  */
 string captureNoFlow(DataFlowTargetApi api) {
   not exists(captureFlow(api)) and
-  result = asNegativeSummaryModel(api)
+  result = asNeutralModel(api)
 }
diff --git a/csharp/ql/test/library-tests/assemblies/assemblies.ql b/csharp/ql/test/library-tests/assemblies/assemblies.ql
index 98db2a0f973..70d9c419d5a 100644
--- a/csharp/ql/test/library-tests/assemblies/assemblies.ql
+++ b/csharp/ql/test/library-tests/assemblies/assemblies.ql
@@ -20,7 +20,7 @@ from
   Class class1, MissingType class2, MissingType class3, MissingType class4, MissingType class5,
   MissingType del2, Field a, Method b, Method c, Method d, Method e, Method f, Method g
 where
-  class1.hasQualifiedName("Assembly1.Class1") and
+  class1.hasQualifiedName("Assembly1", "Class1") and
   class2.hasName("Class2") and
   class3.hasName("Class3") and
   class4.hasName("Class4") and
@@ -34,7 +34,6 @@ where
   f.hasName("f") and
   g.hasName("g") and
   a.getDeclaringType() = class1 and
-  a.getDeclaringType() = class1 and
   b.getDeclaringType() = class1 and
   c.getDeclaringType() = class1 and
   not exists(c.getParameter(0).getType().(KnownType)) and
diff --git a/csharp/ql/test/library-tests/assemblies/locations.ql b/csharp/ql/test/library-tests/assemblies/locations.ql
index df22a55ca3c..0e368fd4792 100644
--- a/csharp/ql/test/library-tests/assemblies/locations.ql
+++ b/csharp/ql/test/library-tests/assemblies/locations.ql
@@ -2,7 +2,7 @@ import csharp
 
 from Element e, Class c, Method m, Parameter p
 where
-  c.hasQualifiedName("Locations.Test") and
+  c.hasQualifiedName("Locations", "Test") and
   m.getDeclaringType() = c and
   m.getAParameter() = p and
   (e = c or e = m or e = p)
diff --git a/csharp/ql/test/library-tests/async/Async.ql b/csharp/ql/test/library-tests/async/Async.ql
index afb279e8100..9ddd4c24c83 100644
--- a/csharp/ql/test/library-tests/async/Async.ql
+++ b/csharp/ql/test/library-tests/async/Async.ql
@@ -1,5 +1,5 @@
 import csharp
 
 from Method m
-where m.getDeclaringType().getQualifiedName() = "Semmle.Asynchronous"
+where m.getDeclaringType().hasQualifiedName("Semmle", "Asynchronous")
 select m, m.getAModifier()
diff --git a/csharp/ql/test/library-tests/attributes/AttributeElements.ql b/csharp/ql/test/library-tests/attributes/AttributeElements.ql
index cbcfae12bda..198fd905b21 100644
--- a/csharp/ql/test/library-tests/attributes/AttributeElements.ql
+++ b/csharp/ql/test/library-tests/attributes/AttributeElements.ql
@@ -1,7 +1,9 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
-from Attributable element, Attribute attribute
+from Attributable element, Attribute attribute, string qualifier, string name
 where
   attribute = element.getAnAttribute() and
-  (attribute.fromSource() or element.(Assembly).getName() in ["attributes", "Assembly1"])
-select element, attribute, attribute.getType().getQualifiedName()
+  (attribute.fromSource() or element.(Assembly).getName() in ["attributes", "Assembly1"]) and
+  attribute.getType().hasQualifiedName(qualifier, name)
+select element, attribute, getQualifiedName(qualifier, name)
diff --git a/csharp/ql/test/library-tests/cil/consistency/Handles.ql b/csharp/ql/test/library-tests/cil/consistency/Handles.ql
index e67e4b29416..d3a71af4209 100644
--- a/csharp/ql/test/library-tests/cil/consistency/Handles.ql
+++ b/csharp/ql/test/library-tests/cil/consistency/Handles.ql
@@ -1,6 +1,7 @@
 import csharp
 import cil
 import dotnet
+import semmle.code.csharp.commons.QualifiedName
 
 class MetadataEntity extends DotNet::NamedElement, @metadata_entity {
   int getHandle() { metadata_handle(this, _, result) }
@@ -11,9 +12,10 @@ class MetadataEntity extends DotNet::NamedElement, @metadata_entity {
 }
 
 query predicate tooManyHandles(string s) {
-  exists(MetadataEntity e, Assembly a |
+  exists(MetadataEntity e, Assembly a, string qualifier, string name |
     strictcount(int handle | metadata_handle(e, a, handle)) > 1 and
-    s = e.getQualifiedName()
+    e.hasQualifiedName(qualifier, name) and
+    s = getQualifiedName(qualifier, name)
   )
 }
 
@@ -21,15 +23,19 @@ private class UniqueMetadataEntity extends MetadataEntity {
   UniqueMetadataEntity() {
     // Tuple types such as `(,)` and `ValueTuple`2` share the same handle
     not this instanceof TupleType and
-    not this.getQualifiedName().matches("System.ValueTuple%")
+    not exists(string name |
+      this.hasQualifiedName("System", name) and
+      name.matches("System.ValueTuple%")
+    )
   }
 }
 
 query predicate tooManyMatchingHandles(string s) {
-  exists(UniqueMetadataEntity e, Assembly a, int handle |
+  exists(UniqueMetadataEntity e, Assembly a, int handle, string qualifier, string name |
     metadata_handle(e, a, handle) and
     strictcount(UniqueMetadataEntity e2 | metadata_handle(e2, a, handle)) > 2 and
-    s = e.getQualifiedName()
+    e.hasQualifiedName(qualifier, name) and
+    s = getQualifiedName(qualifier, name)
   )
 }
 
@@ -54,7 +60,7 @@ query predicate csharpLocationViolation(Element e) {
 
 query predicate matchingObjectMethods(string s1, string s2) {
   exists(Callable m1, CIL::Method m2 |
-    m1.getDeclaringType().getQualifiedName() = "System.Object" and
+    m1.getDeclaringType().hasQualifiedName("System", "Object") and
     m1.matchesHandle(m2) and
     s1 = m1.toStringWithTypes() and
     s2 = m2.toStringWithTypes()
diff --git a/csharp/ql/test/library-tests/cil/dataflow/TrivialProperties.ql b/csharp/ql/test/library-tests/cil/dataflow/TrivialProperties.ql
index edca7e6cb4b..577ee105802 100644
--- a/csharp/ql/test/library-tests/cil/dataflow/TrivialProperties.ql
+++ b/csharp/ql/test/library-tests/cil/dataflow/TrivialProperties.ql
@@ -1,10 +1,15 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
-from TrivialProperty prop
+from TrivialProperty prop, string namespace, string type, string name
 where
-  prop.getDeclaringType().hasQualifiedName("System.Reflection.AssemblyName")
-  or
-  prop.getDeclaringType().hasQualifiedName("System.Collections.DictionaryEntry")
-  or
-  prop.getDeclaringType().hasQualifiedName("Dataflow.Properties")
-select prop.getQualifiedName()
+  prop.getDeclaringType().hasQualifiedName(namespace, type) and
+  (
+    namespace = "System.Reflection" and type = "AssemblyName"
+    or
+    namespace = "System.Collections" and type = "DictionaryEntry"
+    or
+    namespace = "Dataflow" and type = "Properties"
+  ) and
+  prop.hasQualifiedName(namespace, type, name)
+select getQualifiedName(namespace, type, name)
diff --git a/csharp/ql/test/library-tests/cil/enums/enums.ql b/csharp/ql/test/library-tests/cil/enums/enums.ql
index 280bee49921..096ac2f6d02 100644
--- a/csharp/ql/test/library-tests/cil/enums/enums.ql
+++ b/csharp/ql/test/library-tests/cil/enums/enums.ql
@@ -1,5 +1,8 @@
 import semmle.code.cil.Types
+import semmle.code.csharp.commons.QualifiedName
 
-from Enum e
-where e.getQualifiedName() != "Interop.Sys.LockType" // doesn't exist on osx
-select e.getQualifiedName(), e.getUnderlyingType().toStringWithTypes()
+from Enum e, string qualifier, string name
+where
+  e.hasQualifiedName(qualifier, name) and
+  not (qualifier = "Interop.Sys" and name = "LockType") // doesn't exist on osx
+select getQualifiedName(qualifier, name), e.getUnderlyingType().toStringWithTypes()
diff --git a/csharp/ql/test/library-tests/cil/functionPointers/functionPointers.ql b/csharp/ql/test/library-tests/cil/functionPointers/functionPointers.ql
index ddc6671d358..5e27e9695a3 100644
--- a/csharp/ql/test/library-tests/cil/functionPointers/functionPointers.ql
+++ b/csharp/ql/test/library-tests/cil/functionPointers/functionPointers.ql
@@ -1,5 +1,6 @@
 import cil
 import semmle.code.cil.Type
+import semmle.code.csharp.commons.QualifiedName
 
 bindingset[kind]
 private string getKind(int kind) { if kind = 1 then result = "modreq" else result = "modopt" }
@@ -26,9 +27,12 @@ query predicate params(string fnptr, int i, string param, string t) {
 }
 
 query predicate modifiers(string fnptr, string modifier, string sKind) {
-  exists(Type modType, int kind, FunctionPointerType fn | fnptr = fn.toString() |
+  exists(Type modType, int kind, FunctionPointerType fn, string qualifier, string name |
+    fnptr = fn.toString()
+  |
     cil_custom_modifiers(fn, modType, kind) and
-    modType.getQualifiedName() = modifier and
+    modType.hasQualifiedName(qualifier, name) and
+    modifier = getQualifiedName(qualifier, name) and
     sKind = getKind(kind)
   )
 }
diff --git a/csharp/ql/test/library-tests/cil/init-only-prop/customModifiers.ql b/csharp/ql/test/library-tests/cil/init-only-prop/customModifiers.ql
index 3366bef35ce..007a8f0f909 100644
--- a/csharp/ql/test/library-tests/cil/init-only-prop/customModifiers.ql
+++ b/csharp/ql/test/library-tests/cil/init-only-prop/customModifiers.ql
@@ -1,13 +1,15 @@
 import semmle.code.cil.Type
+import semmle.code.csharp.commons.QualifiedName
 
 bindingset[kind]
 private string getKind(int kind) { if kind = 1 then result = "modreq" else result = "modopt" }
 
 from string receiver, string modifier, int kind
 where
-  exists(Type modType, CustomModifierReceiver cmr |
+  exists(Type modType, CustomModifierReceiver cmr, string qualifier, string name |
     receiver = cmr.toString() and
     cil_custom_modifiers(cmr, modType, kind) and
-    modType.getQualifiedName() = modifier
+    modType.hasQualifiedName(qualifier, name) and
+    modifier = getQualifiedName(qualifier, name)
   )
 select receiver, modifier, getKind(kind)
diff --git a/csharp/ql/test/library-tests/cil/regressions/ConstructedMethods.ql b/csharp/ql/test/library-tests/cil/regressions/ConstructedMethods.ql
index 15195dc0dd5..3ea940e2ef0 100644
--- a/csharp/ql/test/library-tests/cil/regressions/ConstructedMethods.ql
+++ b/csharp/ql/test/library-tests/cil/regressions/ConstructedMethods.ql
@@ -3,5 +3,5 @@ import cil::CIL
 from UnboundGenericMethod f, ConstructedMethod fc
 where
   fc.getUnboundMethod() = f and
-  f.getQualifiedName() = "Methods.Class1.F"
+  f.hasQualifiedName("Methods", "Class1", "F")
 select f, fc, fc.getTypeArgument(0)
diff --git a/csharp/ql/test/library-tests/cil/typeAnnotations/typeAnnotations.ql b/csharp/ql/test/library-tests/cil/typeAnnotations/typeAnnotations.ql
index 78dab812d72..8139aa7abfc 100644
--- a/csharp/ql/test/library-tests/cil/typeAnnotations/typeAnnotations.ql
+++ b/csharp/ql/test/library-tests/cil/typeAnnotations/typeAnnotations.ql
@@ -1,26 +1,41 @@
 import cil
+import semmle.code.csharp.commons.QualifiedName
 import semmle.code.cil.Type
 
 private string elementType(Element e, string toString) {
-  toString = e.(Method).getQualifiedName() and result = "method"
-  or
-  toString = e.(Property).getQualifiedName() and result = "property"
+  exists(string namespace, string type, string name |
+    toString = getQualifiedName(namespace, type, name)
+  |
+    e.(Method).hasQualifiedName(namespace, type, name) and result = "method"
+    or
+    e.(Property).hasQualifiedName(namespace, type, name) and result = "property"
+  )
   or
   e =
     any(Parameter p |
-      toString = "Parameter " + p.getIndex() + " of " + p.getDeclaringElement().getQualifiedName()
+      exists(string qualifier, string name |
+        p.getDeclaringElement().hasQualifiedName(qualifier, name)
+      |
+        toString = "Parameter " + p.getIndex() + " of " + getQualifiedName(qualifier, name)
+      )
     ) and
   result = "parameter"
   or
   e =
     any(LocalVariable v |
-      toString =
-        "Local variable " + v.getIndex() + " of method " +
-          v.getImplementation().getMethod().getQualifiedName()
+      exists(string namespace, string type, string name |
+        v.getImplementation().getMethod().hasQualifiedName(namespace, type, name)
+      |
+        toString =
+          "Local variable " + v.getIndex() + " of method " + getQualifiedName(namespace, type, name)
+      )
     ) and
   result = "local"
   or
-  toString = e.(FunctionPointerType).getQualifiedName() and result = "fnptr"
+  exists(string qualifier, string name | e.(FunctionPointerType).hasQualifiedName(qualifier, name) |
+    toString = getQualifiedName(qualifier, name)
+  ) and
+  result = "fnptr"
   or
   not e instanceof Method and
   not e instanceof Property and
@@ -53,7 +68,9 @@ where
   (
     not e instanceof Parameter
     or
-    e.(Parameter).getDeclaringElement().(Method).getDeclaringType().getQualifiedName() !=
-      "System.Environment" // There are OS specific methods in this class
+    not exists(Type t |
+      t = e.(Parameter).getDeclaringElement().(Method).getDeclaringType() and
+      t.hasQualifiedName("System", "Environment")
+    ) // There are OS specific methods in this class
   )
 select toString, type, i
diff --git a/csharp/ql/test/library-tests/commons/Disposal/DisposedFields.ql b/csharp/ql/test/library-tests/commons/Disposal/DisposedFields.ql
index 6df087748d4..c2ef7845f3f 100644
--- a/csharp/ql/test/library-tests/commons/Disposal/DisposedFields.ql
+++ b/csharp/ql/test/library-tests/commons/Disposal/DisposedFields.ql
@@ -1,8 +1,10 @@
 import cil
 import semmle.code.csharp.commons.Disposal
+import semmle.code.csharp.commons.QualifiedName
 
-from CIL::Field field
+from CIL::Field field, string qualifier, string name
 where
   mayBeDisposed(field) and
-  field.getDeclaringType().getQualifiedName() = "DisposalTests.Class1"
-select field.getQualifiedName()
+  field.getDeclaringType().hasQualifiedName("DisposalTests", "Class1") and
+  field.hasQualifiedName(qualifier, name)
+select getQualifiedName(qualifier, name)
diff --git a/csharp/ql/test/library-tests/commons/Disposal/DisposedParameter.ql b/csharp/ql/test/library-tests/commons/Disposal/DisposedParameter.ql
index 97ca1ba7f2c..bc507851d8c 100644
--- a/csharp/ql/test/library-tests/commons/Disposal/DisposedParameter.ql
+++ b/csharp/ql/test/library-tests/commons/Disposal/DisposedParameter.ql
@@ -5,5 +5,5 @@ from DotNet::Callable c, DotNet::Parameter param, int p
 where
   mayBeDisposed(param) and
   param = c.getParameter(p) and
-  c.getDeclaringType().getQualifiedName() = "DisposalTests.Class1"
+  c.getDeclaringType().hasQualifiedName("DisposalTests", "Class1")
 select c.toStringWithTypes(), p
diff --git a/csharp/ql/test/library-tests/commons/Disposal/UndisposedParameter.ql b/csharp/ql/test/library-tests/commons/Disposal/UndisposedParameter.ql
index 9125fcd3d28..f4efb4e9921 100644
--- a/csharp/ql/test/library-tests/commons/Disposal/UndisposedParameter.ql
+++ b/csharp/ql/test/library-tests/commons/Disposal/UndisposedParameter.ql
@@ -6,5 +6,5 @@ from DotNet::Callable c, DotNet::Parameter param, int p
 where
   not mayBeDisposed(param) and
   param = c.getParameter(p) and
-  c.getDeclaringType().getQualifiedName() = "DisposalTests.Class1"
+  c.getDeclaringType().hasQualifiedName("DisposalTests", "Class1")
 select c.toStringWithTypes(), p
diff --git a/csharp/ql/test/library-tests/constructors/Destructors1.ql b/csharp/ql/test/library-tests/constructors/Destructors1.ql
index f8b1fa9b6ef..52fe367c61d 100644
--- a/csharp/ql/test/library-tests/constructors/Destructors1.ql
+++ b/csharp/ql/test/library-tests/constructors/Destructors1.ql
@@ -3,9 +3,11 @@
  */
 
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
-from Destructor c
+from Destructor c, string qualifier, string name
 where
-  c.getDeclaringType().getName() = "Class" and
-  c.getDeclaringType().getNamespace().getQualifiedName() = "Constructors"
+  c.getDeclaringType().hasQualifiedName(qualifier, name) and
+  qualifier = "Constructors" and
+  name = "Class"
 select c, c.getDeclaringType().getQualifiedName()
diff --git a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected
index acabdc1835a..d5c2e78587d 100644
--- a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected
+++ b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected
@@ -2775,7 +2775,7 @@ Assert.cs:
 #-----| true -> access to parameter b2
 
 #  140| [assertion failure] access to parameter b2
-#-----| false -> [assertion failure] access to parameter b3
+#-----| false, true -> [assertion failure] access to parameter b3
 
 #  140| access to parameter b2
 #-----| false -> [assertion success] access to parameter b3
@@ -4924,7 +4924,7 @@ ExitMethods.cs:
 #-----|  -> ...;
 
 #   22| call to method ErrorAlways
-#-----| exception(Exception) -> exit M3 (abnormal)
+#-----| exception(ArgumentException), exception(Exception) -> exit M3 (abnormal)
 
 #   22| ...;
 #-----|  -> true
diff --git a/csharp/ql/test/library-tests/csharp10/fileScopedNamespace.ql b/csharp/ql/test/library-tests/csharp10/fileScopedNamespace.ql
index 5b955bdafcd..c4ca6874987 100644
--- a/csharp/ql/test/library-tests/csharp10/fileScopedNamespace.ql
+++ b/csharp/ql/test/library-tests/csharp10/fileScopedNamespace.ql
@@ -1,7 +1,7 @@
 import csharp
 
 query predicate fileScopedNamespace(Namespace n, Member m) {
-  n.hasQualifiedName("MyFileScopedNamespace") and
+  n.hasQualifiedName("", "MyFileScopedNamespace") and
   exists(Class c |
     c.getNamespace() = n and
     c.hasMember(m) and
diff --git a/csharp/ql/test/library-tests/csharp11/ListPattern.cs b/csharp/ql/test/library-tests/csharp11/ListPattern.cs
new file mode 100644
index 00000000000..2bede367969
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/ListPattern.cs
@@ -0,0 +1,38 @@
+using System.Collections.Generic;
+
+class ListPattern
+{
+    public void M1(int[] x)
+    {
+        if (x is []) { }
+        if (x is [1]) { }
+        if (x is [_, 2]) { }
+        if (x is [var y, 3, 4]) { }
+        if (x is [5 or 6, _, 7]) { }
+        if (x is [var a, .., 2]) { }
+        if (x is [var b, .. { Length: 2 or 5 }, 2]) { }
+    }
+
+    public void M2(string[] x)
+    {
+        switch (x)
+        {
+            case []:
+                break;
+            case ["A"]:
+                break;
+            case [_, "B"]:
+                break;
+            case [var y, "C", "D"]:
+                break;
+            case ["E" or "F", _, "G"]:
+                break;
+            case [var a, .., "H"]:
+                break;
+            case [var b, .. var c, "I"]:
+                break;
+            default:
+                break;
+        }
+    }
+}
\ No newline at end of file
diff --git a/csharp/ql/test/library-tests/csharp11/NativeInt.cs b/csharp/ql/test/library-tests/csharp11/NativeInt.cs
new file mode 100644
index 00000000000..5bee8213bdf
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/NativeInt.cs
@@ -0,0 +1,11 @@
+public class NativeInt
+{
+    public void M1()
+    {
+        nint x1 = 0;
+        System.IntPtr x2 = (System.IntPtr)0;
+
+        nuint y1 = 0;
+        System.UIntPtr y2 = (System.UIntPtr)0;
+    }
+}
\ No newline at end of file
diff --git a/csharp/ql/test/library-tests/csharp11/PatternMatchSpan.cs b/csharp/ql/test/library-tests/csharp11/PatternMatchSpan.cs
new file mode 100644
index 00000000000..18a15f49f35
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/PatternMatchSpan.cs
@@ -0,0 +1,19 @@
+using System;
+
+class PatternMatchSpan
+{
+
+    public void M1(ReadOnlySpan<char> x1)
+    {
+        if (x1 is "ABC") { }
+    }
+
+    public void M2(Span<char> x2)
+    {
+        switch (x2)
+        {
+            case "DEF": { break; }
+            default: { break; }
+        }
+    }
+}
\ No newline at end of file
diff --git a/csharp/ql/test/library-tests/csharp11/listPattern.expected b/csharp/ql/test/library-tests/csharp11/listPattern.expected
new file mode 100644
index 00000000000..7fcaa6be75c
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/listPattern.expected
@@ -0,0 +1,20 @@
+listPattern
+| ListPattern.cs:7:18:7:19 | [ ... ] |  |
+| ListPattern.cs:8:18:8:20 | [ ... ] | 1 |
+| ListPattern.cs:9:18:9:23 | [ ... ] | _, 2 |
+| ListPattern.cs:10:18:10:30 | [ ... ] | Int32 y, 3, 4 |
+| ListPattern.cs:11:18:11:31 | [ ... ] | ... or ..., _, 7 |
+| ListPattern.cs:12:18:12:31 | [ ... ] | Int32 a, .., 2 |
+| ListPattern.cs:13:18:13:50 | [ ... ] | Int32 b, .., 2 |
+| ListPattern.cs:20:18:20:19 | [ ... ] |  |
+| ListPattern.cs:22:18:22:22 | [ ... ] | "A" |
+| ListPattern.cs:24:18:24:25 | [ ... ] | _, "B" |
+| ListPattern.cs:26:18:26:34 | [ ... ] | String y, "C", "D" |
+| ListPattern.cs:28:18:28:37 | [ ... ] | ... or ..., _, "G" |
+| ListPattern.cs:30:18:30:33 | [ ... ] | String a, .., "H" |
+| ListPattern.cs:32:18:32:39 | [ ... ] | String b, .., "I" |
+slicePattern
+| ListPattern.cs:12:26:12:27 | .. | ..: |
+| ListPattern.cs:13:26:13:46 | .. | ..:{ ... } |
+| ListPattern.cs:30:26:30:27 | .. | ..: |
+| ListPattern.cs:32:26:32:33 | .. | ..:String[] c |
diff --git a/csharp/ql/test/library-tests/csharp11/listPattern.ql b/csharp/ql/test/library-tests/csharp11/listPattern.ql
new file mode 100644
index 00000000000..005530f2c24
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/listPattern.ql
@@ -0,0 +1,19 @@
+import csharp
+
+private string childPatterns(ListPatternExpr e) {
+  result = concat(string child, int n | child = e.getPattern(n).toString() | child, ", " order by n)
+}
+
+query predicate listPattern(ListPatternExpr pattern, string children) {
+  pattern.getFile().getStem() = "ListPattern" and
+  children = childPatterns(pattern)
+}
+
+query predicate slicePattern(SlicePatternExpr pattern, string s) {
+  pattern.getFile().getStem() = "ListPattern" and
+  exists(string child |
+    if exists(pattern.getPattern()) then child = pattern.getPattern().toString() else child = ""
+  |
+    s = pattern.toString() + ":" + child
+  )
+}
diff --git a/csharp/ql/test/library-tests/csharp11/nativeInt.expected b/csharp/ql/test/library-tests/csharp11/nativeInt.expected
new file mode 100644
index 00000000000..d376204b945
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/nativeInt.expected
@@ -0,0 +1,4 @@
+| NativeInt.cs:5:14:5:15 | x1 | NativeInt.cs:6:23:6:24 | x2 | System.IntPtr |
+| NativeInt.cs:6:23:6:24 | x2 | NativeInt.cs:5:14:5:15 | x1 | System.IntPtr |
+| NativeInt.cs:8:15:8:16 | y1 | NativeInt.cs:9:24:9:25 | y2 | System.UIntPtr |
+| NativeInt.cs:9:24:9:25 | y2 | NativeInt.cs:8:15:8:16 | y1 | System.UIntPtr |
diff --git a/csharp/ql/test/library-tests/csharp11/nativeInt.ql b/csharp/ql/test/library-tests/csharp11/nativeInt.ql
new file mode 100644
index 00000000000..c865833a452
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/nativeInt.ql
@@ -0,0 +1,12 @@
+import csharp
+import semmle.code.csharp.commons.QualifiedName
+
+from LocalVariable v1, LocalVariable v2, Type t, string qualifier, string name
+where
+  v1.getFile().getStem() = "NativeInt" and
+  v2.getFile().getStem() = "NativeInt" and
+  t = v1.getType() and
+  t = v2.getType() and
+  t.hasQualifiedName(qualifier, name) and
+  v1 != v2
+select v1, v2, getQualifiedName(qualifier, name)
diff --git a/csharp/ql/test/library-tests/csharp11/patternMatchSpan.expected b/csharp/ql/test/library-tests/csharp11/patternMatchSpan.expected
new file mode 100644
index 00000000000..9b105349fca
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/patternMatchSpan.expected
@@ -0,0 +1,2 @@
+| ReadOnlySpan<Char> | PatternMatchSpan.cs:8:19:8:23 | "ABC" | String |
+| Span<Char> | PatternMatchSpan.cs:15:18:15:22 | "DEF" | String |
diff --git a/csharp/ql/test/library-tests/csharp11/patternMatchSpan.ql b/csharp/ql/test/library-tests/csharp11/patternMatchSpan.ql
new file mode 100644
index 00000000000..5f4d202c6f5
--- /dev/null
+++ b/csharp/ql/test/library-tests/csharp11/patternMatchSpan.ql
@@ -0,0 +1,5 @@
+import csharp
+
+from PatternMatch pm
+where pm.getFile().getStem() = "PatternMatchSpan"
+select pm.getExpr().getType().getName(), pm.getPattern(), pm.getPattern().getType().getName()
diff --git a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected
index d5302764f5c..af72c3e5e38 100644
--- a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected
+++ b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected
@@ -160,7 +160,7 @@
 | CSharp7.cs:232:20:232:23 | null | CSharp7.cs:232:16:232:23 | SSA def(o) |
 | CSharp7.cs:233:13:233:13 | access to local variable o | CSharp7.cs:233:18:233:23 | SSA def(i1) |
 | CSharp7.cs:233:13:233:13 | access to local variable o | CSharp7.cs:237:18:237:18 | access to local variable o |
-| CSharp7.cs:233:13:233:13 | access to local variable o | CSharp7.cs:248:17:248:17 | access to local variable o |
+| CSharp7.cs:233:13:233:13 | access to local variable o | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
 | CSharp7.cs:233:13:233:23 | [false] ... is ... | CSharp7.cs:233:13:233:33 | [false] ... && ... |
 | CSharp7.cs:233:13:233:23 | [true] ... is ... | CSharp7.cs:233:13:233:33 | [false] ... && ... |
 | CSharp7.cs:233:13:233:23 | [true] ... is ... | CSharp7.cs:233:13:233:33 | [true] ... && ... |
@@ -173,13 +173,14 @@
 | CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:31:235:41 | $"..." |
 | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:237:23:237:31 | SSA def(s1) |
 | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:241:18:241:18 | access to local variable o |
-| CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:248:17:248:17 | access to local variable o |
+| CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
 | CSharp7.cs:237:23:237:31 | SSA def(s1) | CSharp7.cs:239:41:239:42 | access to local variable s1 |
 | CSharp7.cs:239:33:239:39 | "string " | CSharp7.cs:239:31:239:44 | $"..." |
 | CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:31:239:44 | $"..." |
 | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:244:18:244:18 | access to local variable o |
-| CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:248:17:248:17 | access to local variable o |
-| CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:248:17:248:17 | access to local variable o |
+| CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
+| CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
+| CSharp7.cs:248:9:274:9 | SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
 | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:254:27:254:27 | access to local variable o |
 | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:257:18:257:23 | SSA def(i2) |
 | CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:260:18:260:23 | SSA def(i3) |
diff --git a/csharp/ql/test/library-tests/csharp9/PrintAst.expected b/csharp/ql/test/library-tests/csharp9/PrintAst.expected
index 3c708935143..aeaea302fa3 100644
--- a/csharp/ql/test/library-tests/csharp9/PrintAst.expected
+++ b/csharp/ql/test/library-tests/csharp9/PrintAst.expected
@@ -5,7 +5,8 @@ AnonymousObjectCreation.cs:
 #    7|       1: [TypeMention] AnonObj
 #    7|     1: [AssignExpr] ... = ...
 #    7|       0: [FieldAccess] access to field l
-#    7|       1: [ObjectCreation] object creation of type List<AnonObj>
+#    7|       1: [CastExpr] (...) ...
+#    7|         1: [ObjectCreation] object creation of type List<AnonObj>
 #    9|   6: [Property] Prop1
 #    9|     -1: [TypeMention] int
 #    9|     3: [Getter] get_Prop1
@@ -21,13 +22,15 @@ AnonymousObjectCreation.cs:
 #   13|       0: [ExprStmt] ...;
 #   13|         0: [MethodCall] call to method M1
 #   13|           -1: [ThisAccess] this access
-#   13|           0: [ObjectCreation] object creation of type AnonObj
-#   13|             -1: [ObjectInitializer] { ..., ... }
-#   13|               0: [MemberInitializer] ... = ...
-#   13|                 0: [PropertyCall] access to property Prop1
-#   13|                 1: [IntLiteral] 1
+#   13|           0: [CastExpr] (...) ...
+#   13|             1: [ObjectCreation] object creation of type AnonObj
+#   13|               -1: [ObjectInitializer] { ..., ... }
+#   13|                 0: [MemberInitializer] ... = ...
+#   13|                   0: [PropertyCall] access to property Prop1
+#   13|                   1: [IntLiteral] 1
 #   14|       1: [ReturnStmt] return ...;
-#   14|         0: [ObjectCreation] object creation of type AnonObj
+#   14|         0: [CastExpr] (...) ...
+#   14|           1: [ObjectCreation] object creation of type AnonObj
 #   17|   8: [DelegateType] D
 #-----|     2: (Parameters)
 #   17|       0: [Parameter] x
@@ -42,9 +45,10 @@ AnonymousObjectCreation.cs:
 #   21|     -1: [TypeMention] D
 #   21|     4: [BlockStmt] {...}
 #   21|       0: [ReturnStmt] return ...;
-#   21|         0: [ExplicitDelegateCreation] delegate creation of type D
-#   21|           0: [ImplicitDelegateCreation] delegate creation of type D
-#   21|             0: [MethodAccess] access to method M2
+#   21|         0: [CastExpr] (...) ...
+#   21|           1: [ExplicitDelegateCreation] delegate creation of type D
+#   21|             0: [ImplicitDelegateCreation] delegate creation of type D
+#   21|               0: [MethodAccess] access to method M2
 #   23|   11: [Method] MethodAdd
 #   23|     -1: [TypeMention] Void
 #   24|     4: [BlockStmt] {...}
@@ -53,7 +57,8 @@ AnonymousObjectCreation.cs:
 #   25|           -1: [TypeMention] List<int>
 #   25|             1: [TypeMention] int
 #   25|           0: [LocalVariableAccess] access to local variable list
-#   25|           1: [ObjectCreation] object creation of type List<Int32>
+#   25|           1: [CastExpr] (...) ...
+#   25|             1: [ObjectCreation] object creation of type List<Int32>
 BinaryPattern.cs:
 #    3| [Class] BinaryPattern
 #    5|   5: [Property] P1
diff --git a/csharp/ql/test/library-tests/csharp9/covariantReturn.ql b/csharp/ql/test/library-tests/csharp9/covariantReturn.ql
index f4958cbba31..a9f1107b050 100644
--- a/csharp/ql/test/library-tests/csharp9/covariantReturn.ql
+++ b/csharp/ql/test/library-tests/csharp9/covariantReturn.ql
@@ -1,8 +1,13 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
-from Method m, Method overrider
+from
+  Method m, Method overrider, string mnamespace, string mtype, string mname, string onamespace,
+  string otype, string oname
 where
   m.getAnOverrider() = overrider and
-  m.getFile().getStem() = "CovariantReturn"
-select m.getQualifiedName(), m.getReturnType().toString(), overrider.getQualifiedName(),
-  overrider.getReturnType().toString()
+  m.getFile().getStem() = "CovariantReturn" and
+  m.hasQualifiedName(mnamespace, mtype, mname) and
+  overrider.hasQualifiedName(onamespace, otype, oname)
+select getQualifiedName(mnamespace, mtype, mname), m.getReturnType().toString(),
+  getQualifiedName(onamespace, otype, oname), overrider.getReturnType().toString()
diff --git a/csharp/ql/test/library-tests/csharp9/foreach.ql b/csharp/ql/test/library-tests/csharp9/foreach.ql
index 38d431d762f..2556d08bb1e 100644
--- a/csharp/ql/test/library-tests/csharp9/foreach.ql
+++ b/csharp/ql/test/library-tests/csharp9/foreach.ql
@@ -1,4 +1,5 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
 private string getLocation(Member m) {
   if m.fromSource() then result = m.getALocation().(SourceLocation).toString() else result = "-"
@@ -8,8 +9,13 @@ private string getIsAsync(ForeachStmt f) {
   if f.isAsync() then result = "async" else result = "sync"
 }
 
-from ForeachStmt f
-select f, f.getElementType().toString(), getIsAsync(f),
-  f.getGetEnumerator().getDeclaringType().getQualifiedName(), getLocation(f.getGetEnumerator()),
-  f.getCurrent().getDeclaringType().getQualifiedName(), getLocation(f.getCurrent()),
-  f.getMoveNext().getDeclaringType().getQualifiedName(), getLocation(f.getMoveNext())
+from
+  ForeachStmt f, string qualifier1, string type1, string qualifier2, string type2,
+  string qualifier3, string type3
+where
+  f.getGetEnumerator().getDeclaringType().hasQualifiedName(qualifier1, type1) and
+  f.getCurrent().getDeclaringType().hasQualifiedName(qualifier2, type2) and
+  f.getMoveNext().getDeclaringType().hasQualifiedName(qualifier3, type3)
+select f, f.getElementType().toString(), getIsAsync(f), getQualifiedName(qualifier1, type1),
+  getLocation(f.getGetEnumerator()), getQualifiedName(qualifier2, type2),
+  getLocation(f.getCurrent()), getQualifiedName(qualifier3, type3), getLocation(f.getMoveNext())
diff --git a/csharp/ql/test/library-tests/csharp9/record.ql b/csharp/ql/test/library-tests/csharp9/record.ql
index 7fc45550365..fb7b33fa286 100644
--- a/csharp/ql/test/library-tests/csharp9/record.ql
+++ b/csharp/ql/test/library-tests/csharp9/record.ql
@@ -1,4 +1,5 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
 query predicate records(RecordClass t, string i, RecordCloneMethod clone) {
   t.getABaseInterface().toStringWithTypes() = i and
@@ -7,7 +8,9 @@ query predicate records(RecordClass t, string i, RecordCloneMethod clone) {
 }
 
 private string getMemberName(Member m) {
-  result = m.getDeclaringType().getQualifiedName() + "." + m.toStringWithTypes()
+  exists(string qualifier, string name | m.getDeclaringType().hasQualifiedName(qualifier, name) |
+    result = getQualifiedName(qualifier, name) + "." + m.toStringWithTypes()
+  )
 }
 
 query predicate members(RecordClass t, string ms, string l) {
diff --git a/csharp/ql/test/library-tests/csharp9/withExpr.ql b/csharp/ql/test/library-tests/csharp9/withExpr.ql
index 7f51f85384b..8ae5265b058 100644
--- a/csharp/ql/test/library-tests/csharp9/withExpr.ql
+++ b/csharp/ql/test/library-tests/csharp9/withExpr.ql
@@ -1,7 +1,10 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
 private string getSignature(Method m) {
-  result = m.getDeclaringType().getQualifiedName() + "." + m.toStringWithTypes()
+  exists(string qualifier, string name | m.getDeclaringType().hasQualifiedName(qualifier, name) |
+    result = getQualifiedName(qualifier, name) + "." + m.toStringWithTypes()
+  )
 }
 
 query predicate withExpr(WithExpr with, string type, Expr expr, ObjectInitializer init, string clone) {
diff --git a/csharp/ql/test/library-tests/dataflow/async/Async.ql b/csharp/ql/test/library-tests/dataflow/async/Async.ql
index 71799e22f8a..aef928038e1 100644
--- a/csharp/ql/test/library-tests/dataflow/async/Async.ql
+++ b/csharp/ql/test/library-tests/dataflow/async/Async.ql
@@ -14,7 +14,7 @@ class MySink extends DataFlow::ExprNode {
 class MySource extends DataFlow::ParameterNode {
   MySource() {
     exists(Parameter p | p = this.getParameter() |
-      p = any(Class c | c.hasQualifiedName("Test")).getAMethod().getAParameter()
+      p = any(Class c | c.hasQualifiedName("", "Test")).getAMethod().getAParameter()
     )
   }
 }
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml
new file mode 100644
index 00000000000..a1c2a2d4d66
--- /dev/null
+++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml
@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+    data:
+    # "namespace", "type", "overrides", "name", "signature", "ext", "inputspec", "outputspec", "kind", "provenance"
+      - ["My.Qltest", "D", false, "StepArgRes", "(System.Object)","", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["My.Qltest", "D", false, "StepArgArg", "(System.Object,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["My.Qltest", "D", false, "StepArgQual", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["My.Qltest", "D", false, "StepFieldGetter", "()", "", "Argument[this].Field[My.Qltest.D.Field]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepFieldSetter", "(System.Object)", "", "Argument[0]", "Argument[this].Field[My.Qltest.D.Field]", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepFieldSetter", "(System.Object)", "", "Argument[this]", "ReturnValue.Field[My.Qltest.D.Field2]", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepPropertyGetter", "()", "", "Argument[this].Property[My.Qltest.D.Property]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepPropertySetter", "(System.Object)", "", "Argument[0]", "Argument[this].Property[My.Qltest.D.Property]", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepElementGetter", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "D", false, "StepElementSetter", "(System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
+      - ["My.Qltest", "D", false, "Apply<,>", "(System.Func<S,T>,S)", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["My.Qltest", "D", false, "Apply<,>", "(System.Func<S,T>,S)", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "D", false, "Apply2<>", "(System.Action<S>,S,S)", "", "Argument[1].Field[My.Qltest.D.Field]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["My.Qltest", "D", false, "Apply2<>", "(System.Action<S>,S,S)", "", "Argument[2].Field[My.Qltest.D.Field2]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["My.Qltest", "D", false, "Map<,>", "(S[],System.Func<S,T>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["My.Qltest", "D", false, "Map<,>", "(S[],System.Func<S,T>)", "", "Argument[1].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["My.Qltest", "D", false, "Parse", "(System.String,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["My.Qltest", "D", false, "Reverse", "(System.Object[])", "", "Argument[0].WithElement", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "E", true, "get_MyProp", "()", "", "Argument[this].Field[My.Qltest.E.MyField]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "E", true, "set_MyProp", "(System.Object)", "", "Argument[0]", "Argument[this].Field[My.Qltest.E.MyField]", "value", "manual"]
+      - ["My.Qltest", "G", false, "GeneratedFlow", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
+      - ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
+      - ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "generated"]
+      - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
+      - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ext/test.model.yml b/csharp/ql/test/library-tests/dataflow/external-models/ext/test.model.yml
deleted file mode 100644
index 5de0644e793..00000000000
--- a/csharp/ql/test/library-tests/dataflow/external-models/ext/test.model.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-extensions:
-
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: extSourceModel
-    data:
-    # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance",
-      - ["My.Qltest", "A", false, "Src1", "()", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", false, "Src1", "(System.String)", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", false, "Src1", "", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", false, "Src2", "()", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", false, "Src3", "()", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", true, "Src2", "()", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", true, "Src3", "()", "", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "A", false, "SrcArg", "(System.Object)", "", "Argument[0]", "local", "manual"]
-      - ["My.Qltest", "A", false, "SrcArg", "(System.Object)", "", "Argument", "local", "manual"]
-      - ["My.Qltest", "A", true, "SrcParam", "(System.Object)", "", "Parameter[0]", "local", "manual"]
-      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "ReturnValue", "local", "manual"]
-      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "Parameter", "local", "manual"]
-      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "", "local", "manual"]
-      - ["My.Qltest", "A", false, "SrcTwoArg", "(System.String,System.String)", "", "ReturnValue", "local", "manual"]
-
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: extSinkModel
-    data:
-    # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance"
-      - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code", "manual"]
-      - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"]
-      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"]
-      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"]
-      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql", "manual"]
-
-  # Summaries relevant for the ExternalFlow testcase.
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: extSummaryModel
-    data:
-    # "namespace", "type", "overrides", "name", "signature", "ext", "inputspec", "outputspec", "kind", "provenance"
-      - ["My.Qltest", "D", false, "StepArgRes", "(System.Object)","", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["My.Qltest", "D", false, "StepArgArg", "(System.Object,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
-      - ["My.Qltest", "D", false, "StepArgQual", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
-      - ["My.Qltest", "D", false, "StepFieldGetter", "()", "", "Argument[this].Field[My.Qltest.D.Field]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepFieldSetter", "(System.Object)", "", "Argument[0]", "Argument[this].Field[My.Qltest.D.Field]", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepFieldSetter", "(System.Object)", "", "Argument[this]", "ReturnValue.Field[My.Qltest.D.Field2]", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepPropertyGetter", "()", "", "Argument[this].Property[My.Qltest.D.Property]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepPropertySetter", "(System.Object)", "", "Argument[0]", "Argument[this].Property[My.Qltest.D.Property]", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepElementGetter", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "D", false, "StepElementSetter", "(System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
-      - ["My.Qltest", "D", false, "Apply<,>", "(System.Func<S,T>,S)", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["My.Qltest", "D", false, "Apply<,>", "(System.Func<S,T>,S)", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "D", false, "Apply2<>", "(System.Action<S>,S,S)", "", "Argument[1].Field[My.Qltest.D.Field]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["My.Qltest", "D", false, "Apply2<>", "(System.Action<S>,S,S)", "", "Argument[2].Field[My.Qltest.D.Field2]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["My.Qltest", "D", false, "Map<,>", "(S[],System.Func<S,T>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
-      - ["My.Qltest", "D", false, "Map<,>", "(S[],System.Func<S,T>)", "", "Argument[1].ReturnValue", "ReturnValue.Element", "value", "manual"]
-      - ["My.Qltest", "D", false, "Parse", "(System.String,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
-      - ["My.Qltest", "D", false, "Reverse", "(System.Object[])", "", "Argument[0].WithElement", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "E", true, "get_MyProp", "()", "", "Argument[this].Field[My.Qltest.E.MyField]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "E", true, "set_MyProp", "(System.Object)", "", "Argument[0]", "Argument[this].Field[My.Qltest.E.MyField]", "value", "manual"]
-      - ["My.Qltest", "G", false, "GeneratedFlow", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
-      - ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
-      - ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "generated"]
-      - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "generated"]
-      - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
-
-  # Summaries relevant for the Steps testcase.
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: extSummaryModel
-      # "namespace", "type", "overrides", "name", "signature", "ext", "inputspec", "outputspec", "kind", "provenance"
-    data:
-      - ["My.Qltest", "C", false, "StepArgRes", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["My.Qltest", "C", false, "StepArgArg", "(System.Object,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
-      - ["My.Qltest", "C", false, "StepArgQual", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
-      - ["My.Qltest", "C", false, "StepQualRes", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
-      - ["My.Qltest", "C", false, "StepQualArg", "(System.Object)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
-      - ["My.Qltest", "C", false, "StepFieldGetter", "()", "", "Argument[this].Field[My.Qltest.C.Field]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "C", false, "StepFieldSetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Field[My.Qltest.C.Field]", "value", "manual"]
-      - ["My.Qltest", "C", false, "StepPropertyGetter", "()", "", "Argument[this].Property[My.Qltest.C.Property]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "C", false, "StepPropertySetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Property[My.Qltest.C.Property]", "value", "manual"]
-      - ["My.Qltest", "C", false, "StepElementGetter", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "C", false, "StepElementSetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
-      - ["My.Qltest", "C+Generic<,>", false, "StepGeneric", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "C+Generic<,>", false, "StepGeneric2<>", "(S)", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["My.Qltest", "C+Base<>", true, "StepOverride", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
new file mode 100644
index 00000000000..3198057f42c
--- /dev/null
+++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+    # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance"
+      - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code", "manual"]
+      - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"]
+      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"]
+      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"]
+      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql", "manual"]
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/srcs.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
new file mode 100644
index 00000000000..163d2636ab0
--- /dev/null
+++ b/csharp/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+    # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance",
+      - ["My.Qltest", "A", false, "Src1", "()", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", false, "Src1", "(System.String)", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", false, "Src1", "", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", false, "Src2", "()", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", false, "Src3", "()", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", true, "Src2", "()", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", true, "Src3", "()", "", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "A", false, "SrcArg", "(System.Object)", "", "Argument[0]", "local", "manual"]
+      - ["My.Qltest", "A", false, "SrcArg", "(System.Object)", "", "Argument", "local", "manual"]
+      - ["My.Qltest", "A", true, "SrcParam", "(System.Object)", "", "Parameter[0]", "local", "manual"]
+      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "ReturnValue", "local", "manual"]
+      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "Parameter", "local", "manual"]
+      - ["My.Qltest", "SourceAttribute", false, "", "", "Attribute", "", "local", "manual"]
+      - ["My.Qltest", "A", false, "SrcTwoArg", "(System.String,System.String)", "", "ReturnValue", "local", "manual"]
\ No newline at end of file
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/steps.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/steps.ext.yml
new file mode 100644
index 00000000000..7507f5a8883
--- /dev/null
+++ b/csharp/ql/test/library-tests/dataflow/external-models/steps.ext.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      # "namespace", "type", "overrides", "name", "signature", "ext", "inputspec", "outputspec", "kind", "provenance"
+    data:
+      - ["My.Qltest", "C", false, "StepArgRes", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["My.Qltest", "C", false, "StepArgArg", "(System.Object,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["My.Qltest", "C", false, "StepArgQual", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["My.Qltest", "C", false, "StepQualRes", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["My.Qltest", "C", false, "StepQualArg", "(System.Object)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["My.Qltest", "C", false, "StepFieldGetter", "()", "", "Argument[this].Field[My.Qltest.C.Field]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "C", false, "StepFieldSetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Field[My.Qltest.C.Field]", "value", "manual"]
+      - ["My.Qltest", "C", false, "StepPropertyGetter", "()", "", "Argument[this].Property[My.Qltest.C.Property]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "C", false, "StepPropertySetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Property[My.Qltest.C.Property]", "value", "manual"]
+      - ["My.Qltest", "C", false, "StepElementGetter", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "C", false, "StepElementSetter", "(System.Int32)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
+      - ["My.Qltest", "C+Generic<,>", false, "StepGeneric", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "C+Generic<,>", false, "StepGeneric2<>", "(S)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["My.Qltest", "C+Base<>", true, "StepOverride", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/steps.ql b/csharp/ql/test/library-tests/dataflow/external-models/steps.ql
index 2e216a672d7..f7635eae882 100644
--- a/csharp/ql/test/library-tests/dataflow/external-models/steps.ql
+++ b/csharp/ql/test/library-tests/dataflow/external-models/steps.ql
@@ -6,30 +6,24 @@ import semmle.code.csharp.dataflow.FlowSummary
 import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 
-private SummarizedCallable getRelevantSummarizedCallable() {
-  exists(SummarizedCallable sc |
-    sc.getDeclaringType*().getName() = "C" and
-    sc instanceof DataFlowDispatch::DataFlowSummarizedCallable and
-    result = sc
-  )
-}
-
 query predicate summaryThroughStep(
   DataFlow::Node node1, DataFlow::Node node2, boolean preservesValue
 ) {
   FlowSummaryImpl::Private::Steps::summaryThroughStepValue(node1, node2,
-    getRelevantSummarizedCallable()) and
+    any(DataFlowDispatch::DataFlowSummarizedCallable sc)) and
   preservesValue = true
   or
   FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2,
-    getRelevantSummarizedCallable()) and
+    any(DataFlowDispatch::DataFlowSummarizedCallable sc)) and
   preservesValue = false
 }
 
 query predicate summaryGetterStep(DataFlow::Node arg, DataFlow::Node out, Content c) {
-  FlowSummaryImpl::Private::Steps::summaryGetterStep(arg, c, out, getRelevantSummarizedCallable())
+  FlowSummaryImpl::Private::Steps::summaryGetterStep(arg, c, out,
+    any(DataFlowDispatch::DataFlowSummarizedCallable sc))
 }
 
 query predicate summarySetterStep(DataFlow::Node arg, DataFlow::Node out, Content c) {
-  FlowSummaryImpl::Private::Steps::summarySetterStep(arg, c, out, getRelevantSummarizedCallable())
+  FlowSummaryImpl::Private::Steps::summarySetterStep(arg, c, out,
+    any(DataFlowDispatch::DataFlowSummarizedCallable sc))
 }
diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.ql b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.ql
index 1fc9bb63fc2..43284a3d198 100644
--- a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.ql
+++ b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.ql
@@ -1,14 +1,10 @@
 import csharp
 import Common
 
-class TTConfig extends TaintTracking::Configuration {
-  Config c;
+class TTConfig extends TaintTracking::Configuration instanceof Config {
+  override predicate isSource(DataFlow::Node source) { Config.super.isSource(source) }
 
-  TTConfig() { this = c }
-
-  override predicate isSource(DataFlow::Node source) { c.isSource(source) }
-
-  override predicate isSink(DataFlow::Node sink) { c.isSink(sink) }
+  override predicate isSink(DataFlow::Node sink) { Config.super.isSink(sink) }
 }
 
 from TTConfig c, DataFlow::Node source, DataFlow::Node sink
diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.ql b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.ql
index e0eccb70461..3764c14789c 100644
--- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.ql
+++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.ql
@@ -6,14 +6,10 @@ import csharp
 import Common
 import DataFlow::PathGraph
 
-class TTConfig extends TaintTracking::Configuration {
-  Config c;
+class TTConfig extends TaintTracking::Configuration instanceof Config {
+  override predicate isSource(DataFlow::Node source) { Config.super.isSource(source) }
 
-  TTConfig() { this = c }
-
-  override predicate isSource(DataFlow::Node source) { c.isSource(source) }
-
-  override predicate isSink(DataFlow::Node sink) { c.isSink(sink) }
+  override predicate isSink(DataFlow::Node sink) { Config.super.isSink(sink) }
 }
 
 from TTConfig c, DataFlow::PathNode source, DataFlow::PathNode sink, string s
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
index fcdf91118e1..ad09add3853 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -11928,7 +11928,7 @@ summary
 | System;ValueTuple<>;false;ToString;();;Argument[this];ReturnValue;taint;generated |
 | System;ValueTuple<>;false;ValueTuple;(T1);;Argument[0];Argument[this].Field[System.ValueTuple<>.Item1];value;manual |
 | System;ValueTuple<>;false;get_Item;(System.Int32);;Argument[this].Field[System.ValueTuple<>.Item1];ReturnValue;value;manual |
-negativeSummary
+neutral
 | Microsoft.CSharp.RuntimeBinder;CSharpArgumentInfo;Create;(Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfoFlags,System.String);generated |
 | Microsoft.CSharp.RuntimeBinder;RuntimeBinderException;RuntimeBinderException;();generated |
 | Microsoft.CSharp.RuntimeBinder;RuntimeBinderException;RuntimeBinderException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);generated |
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql
index 717c4943f46..eaf4d9d947f 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql
@@ -6,11 +6,7 @@ private class IncludeAllSummarizedCallable extends IncludeSummarizedCallable {
   IncludeAllSummarizedCallable() { exists(this) }
 }
 
-private class IncludeNegativeSummarizedCallable extends RelevantNegativeSummarizedCallable {
-  IncludeNegativeSummarizedCallable() {
-    this instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
-  }
-
+private class IncludeNeutralCallable extends RelevantNeutralCallable instanceof FlowSummaryImpl::Public::NeutralCallable {
   /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */
-  final override string getCallableCsv() { result = Csv::asPartialNegativeModel(this) }
+  final override string getCallableCsv() { result = Csv::asPartialNeutralModel(this) }
 }
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
index 7ad542d4668..880a71ca5d0 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -10262,4 +10262,4 @@ summary
 | System;ValueTuple<>;false;ToString;();;Argument[this];ReturnValue;taint;generated |
 | System;ValueTuple<>;false;ValueTuple;(T1);;Argument[0];Argument[this].Field[System.ValueTuple<>.Item1];value;manual |
 | System;ValueTuple<>;false;get_Item;(System.Int32);;Argument[this].Field[System.ValueTuple<>.Item1];ReturnValue;value;manual |
-negativeSummary
+neutral
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
index 961faf60084..82cf263ec9c 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
@@ -2,9 +2,7 @@ import shared.FlowSummaries
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate::Csv
 private import semmle.code.csharp.dataflow.ExternalFlow
 
-class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable {
-  IncludeFilteredSummarizedCallable() { this instanceof SummarizedCallable }
-
+class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable instanceof SummarizedCallable {
   /**
    * Holds if flow is propagated between `input` and `output` and
    * if there is no summary for a callable in a `base` class or interface
@@ -13,7 +11,7 @@ class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable {
   override predicate relevantSummary(
     SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
   ) {
-    this.(SummarizedCallable).propagatesFlow(input, output, preservesValue) and
+    super.propagatesFlow(input, output, preservesValue) and
     not exists(IncludeSummarizedCallable rsc |
       isBaseCallableOrPrototype(rsc) and
       rsc.(SummarizedCallable).propagatesFlow(input, output, preservesValue) and
diff --git a/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index 92d2013bfbe..afb49ad2bce 100644
--- a/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -373,8 +373,8 @@
 | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 |
 | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) | LocalDataFlow.cs:282:15:282:20 | access to local variable sink70 |
 | LocalDataFlow.cs:281:22:281:34 | ... = ... | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) |
+| LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) |
 | LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 |
-| LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
 | LocalDataFlow.cs:281:30:281:34 | access to local variable sink0 | LocalDataFlow.cs:281:22:281:34 | ... = ... |
 | LocalDataFlow.cs:281:30:281:34 | access to local variable sink0 | LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) |
 | LocalDataFlow.cs:282:15:282:20 | [post] access to local variable sink70 | LocalDataFlow.cs:289:13:289:18 | access to local variable sink70 |
@@ -399,8 +399,9 @@
 | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... |
 | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:314:31:314:38 | access to local variable nonSink0 |
 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) |
+| LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
 | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... |
-| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
+| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) |
 | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | LocalDataFlow.cs:316:15:316:20 | access to local variable sink74 |
 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... |
 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) |
@@ -441,28 +442,22 @@
 | SSA.cs:13:15:13:22 | [post] access to local variable nonSink0 | SSA.cs:19:13:19:20 | access to local variable nonSink0 |
 | SSA.cs:13:15:13:22 | access to local variable nonSink0 | SSA.cs:19:13:19:20 | access to local variable nonSink0 |
 | SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
 | SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
 | SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
 | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
 | SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) |
 | SSA.cs:22:27:22:28 | "" | SSA.cs:22:16:22:28 | SSA def(ssaSink1) |
 | SSA.cs:23:13:23:22 | [post] access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted |
 | SSA.cs:23:13:23:22 | access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted |
 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) |
 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
+| SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
+| SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) |
 | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 |
 | SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) |
 | SSA.cs:28:27:28:28 | "" | SSA.cs:28:16:28:28 | SSA def(nonSink1) |
@@ -470,43 +465,48 @@
 | SSA.cs:29:13:29:22 | access to parameter nonTainted | SSA.cs:35:13:35:22 | access to parameter nonTainted |
 | SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) |
 | SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:31 | SSA def(nonSink1) |
-| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
+| SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
+| SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) |
 | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 |
 | SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:34:27:34:28 | "" | SSA.cs:34:16:34:28 | SSA def(ssaSink2) |
 | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted |
-| SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted |
-| SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:39:21:39:28 | access to local variable ssaSink2 |
 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:41:21:41:28 | access to local variable ssaSink2 |
 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) |
-| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
-| SSA.cs:38:17:38:26 | [post] access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
-| SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) |
+| SSA.cs:38:17:38:26 | [post] access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
+| SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
+| SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
+| SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 |
 | SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:46:27:46:28 | "" | SSA.cs:46:16:46:28 | SSA def(nonSink2) |
 | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted |
-| SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted |
-| SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:51:21:51:28 | access to local variable nonSink2 |
 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:53:21:53:28 | access to local variable nonSink2 |
 | SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:49:13:49:31 | SSA def(nonSink2) |
-| SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
-| SSA.cs:50:17:50:26 | [post] access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
-| SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) |
+| SSA.cs:50:17:50:26 | [post] access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
+| SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
+| SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted |
 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 |
 | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | SSA.cs:59:23:59:30 | access to local variable ssaSink3 |
 | SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:33 | SSA def(ssaSink3) |
@@ -555,9 +555,9 @@
 | SSA.cs:77:20:77:26 | access to parameter tainted | SSA.cs:80:35:80:41 | access to parameter tainted |
 | SSA.cs:78:21:78:28 | SSA def(nonSink0) | SSA.cs:79:15:79:22 | access to local variable nonSink0 |
 | SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:104:24:104:31 | access to local variable nonSink0 |
-| SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
 | SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:104:24:104:31 | access to local variable nonSink0 |
-| SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
 | SSA.cs:80:9:80:12 | [post] this access | SSA.cs:81:21:81:24 | this access |
 | SSA.cs:80:9:80:12 | this access | SSA.cs:81:21:81:24 | this access |
 | SSA.cs:80:9:80:14 | [post] access to field S | SSA.cs:81:21:81:26 | access to field S |
@@ -585,19 +585,21 @@
 | SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:88:27:88:28 | "" | SSA.cs:88:16:88:28 | SSA def(ssaSink4) |
 | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
-| SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
-| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 |
 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 |
 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) |
-| SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
-| SSA.cs:92:17:92:26 | [post] access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
-| SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
+| SSA.cs:92:17:92:26 | [post] access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
+| SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
+| SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 |
 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 |
 | SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
@@ -605,19 +607,21 @@
 | SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:28 | SSA def(nonSink3) |
 | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
-| SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
-| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:106:21:106:28 | access to local variable nonSink3 |
 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:108:21:108:28 | access to local variable nonSink3 |
 | SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:104:13:104:31 | SSA def(nonSink3) |
-| SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
-| SSA.cs:105:17:105:26 | [post] access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
-| SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
+| SSA.cs:105:17:105:26 | [post] access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
+| SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
+| SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted |
 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 |
 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 |
 | SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
@@ -627,15 +631,15 @@
 | SSA.cs:114:9:114:12 | this access | SSA.cs:117:13:117:16 | this access |
 | SSA.cs:114:9:114:12 | this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:117:13:117:18 | access to field S |
-| SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:114:9:114:14 | access to field S | SSA.cs:117:13:117:18 | access to field S |
-| SSA.cs:114:9:114:14 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:114:9:114:14 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:114:32:114:33 | "" | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) |
 | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
-| SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
-| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:119:21:119:24 | this access |
 | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:121:21:121:24 | this access |
 | SSA.cs:117:13:117:16 | this access | SSA.cs:119:21:119:24 | this access |
@@ -647,20 +651,22 @@
 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) | SSA.cs:119:21:119:40 | access to field SsaFieldSink1 |
 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) | SSA.cs:121:21:121:40 | access to field SsaFieldSink1 |
 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) |
-| SSA.cs:118:17:118:26 | [post] access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
-| SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:118:17:118:26 | [post] access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
+| SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:119:21:119:24 | [post] this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:119:21:119:24 | this access | SSA.cs:123:23:123:26 | this access |
-| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
-| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
+| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:121:21:121:24 | [post] this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:121:21:121:24 | this access | SSA.cs:123:23:123:26 | this access |
-| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
-| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
+| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
+| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S |
 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
 | SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access |
 | SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access |
@@ -677,9 +683,9 @@
 | SSA.cs:127:9:127:12 | this access | SSA.cs:130:13:130:16 | this access |
 | SSA.cs:127:9:127:12 | this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:130:13:130:18 | access to field S |
-| SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:127:9:127:14 | access to field S | SSA.cs:130:13:130:18 | access to field S |
-| SSA.cs:127:9:127:14 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:127:9:127:14 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:127:35:127:36 | "" | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) |
 | SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
@@ -697,16 +703,17 @@
 | SSA.cs:130:39:130:46 | access to local variable nonSink0 | SSA.cs:130:13:130:46 | SSA def(this.S.SsaFieldNonSink0) |
 | SSA.cs:132:21:132:24 | [post] this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:132:21:132:24 | this access | SSA.cs:136:23:136:26 | this access |
-| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
-| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
+| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:134:21:134:24 | [post] this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:134:21:134:24 | this access | SSA.cs:136:23:136:26 | this access |
-| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
-| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
+| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
+| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S |
 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
 | SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access |
 | SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access |
@@ -732,17 +739,16 @@
 | SSA.cs:170:16:170:28 | SSA def(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
 | SSA.cs:170:27:170:28 | "" | SSA.cs:170:16:170:28 | SSA def(ssaSink5) |
 | SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:20:174:20 | SSA phi(i) |
-| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
+| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
 | SSA.cs:173:24:173:30 | access to parameter tainted | SSA.cs:173:13:173:30 | SSA def(ssaSink5) |
+| SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
+| SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
 | SSA.cs:174:20:174:20 | SSA phi(i) | SSA.cs:174:20:174:20 | access to parameter i |
 | SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:174:20:174:20 | SSA phi(i) |
 | SSA.cs:176:21:176:28 | [post] access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 |
 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
-| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
+| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
+| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 |
 | Splitting.cs:3:18:3:18 | b | Splitting.cs:6:13:6:13 | access to parameter b |
 | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:5:17:5:23 | access to parameter tainted |
@@ -826,3 +832,1604 @@
 | Splitting.cs:57:17:57:17 | [b (line 46): true] access to local variable y | Splitting.cs:58:27:58:27 | [b (line 46): true] access to local variable y |
 | Splitting.cs:58:22:58:22 | [b (line 46): false] SSA def(s) | Splitting.cs:59:19:59:19 | [b (line 46): false] access to local variable s |
 | Splitting.cs:58:22:58:22 | [b (line 46): true] SSA def(s) | Splitting.cs:59:19:59:19 | [b (line 46): true] access to local variable s |
+| UseUseExplosion.cs:21:10:21:10 | SSA entry def(this.Prop) | UseUseExplosion.cs:24:13:24:16 | access to property Prop |
+| UseUseExplosion.cs:21:10:21:10 | this | UseUseExplosion.cs:24:13:24:16 | this access |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1712:24:1712 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1727:24:1727 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1742:24:1742 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1757:24:1757 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1772:24:1772 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1787:24:1787 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1802:24:1802 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1817:24:1817 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1832:24:1832 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1847:24:1847 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1862:24:1862 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1877:24:1877 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1892:24:1892 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1907:24:1907 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1922:24:1922 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1937:24:1937 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1952:24:1952 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1967:24:1967 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1982:24:1982 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1997:24:1997 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2012:24:2012 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2027:24:2027 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2042:24:2042 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2057:24:2057 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2072:24:2072 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2087:24:2087 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2102:24:2102 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2117:24:2117 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2132:24:2132 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2147:24:2147 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2162:24:2162 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2177:24:2177 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2192:24:2192 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2207:24:2207 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2222:24:2222 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2237:24:2237 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2252:24:2252 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2267:24:2267 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2282:24:2282 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2297:24:2297 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2312:24:2312 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2327:24:2327 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2342:24:2342 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2357:24:2357 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2372:24:2372 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2387:24:2387 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2402:24:2402 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2417:24:2417 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2432:24:2432 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2447:24:2447 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2462:24:2462 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2477:24:2477 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2492:24:2492 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2507:24:2507 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2522:24:2522 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2537:24:2537 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2552:24:2552 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2567:24:2567 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2582:24:2582 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2597:24:2597 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2612:24:2612 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2627:24:2627 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2642:24:2642 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2657:24:2657 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2672:24:2672 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2687:24:2687 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2702:24:2702 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2717:24:2717 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2732:24:2732 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2747:24:2747 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2762:24:2762 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2777:24:2777 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2792:24:2792 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2807:24:2807 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2822:24:2822 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2837:24:2837 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2852:24:2852 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2867:24:2867 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2882:24:2882 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2897:24:2897 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2912:24:2912 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2927:24:2927 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2942:24:2942 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2957:24:2957 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2972:24:2972 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2987:24:2987 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3002:24:3002 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3017:24:3017 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3032:24:3032 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3047:24:3047 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3062:24:3062 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3077:24:3077 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3092:24:3092 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3107:24:3107 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3122:24:3122 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3137:24:3137 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3152:24:3152 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3167:24:3167 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3182:24:3182 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3197:24:3197 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:23:17:23:17 | 0 | UseUseExplosion.cs:23:13:23:17 | SSA def(x) |
+| UseUseExplosion.cs:24:13:24:16 | [post] this access | UseUseExplosion.cs:24:31:24:34 | this access |
+| UseUseExplosion.cs:24:13:24:16 | [post] this access | UseUseExplosion.cs:24:3193:24:3198 | this access |
+| UseUseExplosion.cs:24:13:24:16 | access to property Prop | UseUseExplosion.cs:24:31:24:34 | access to property Prop |
+| UseUseExplosion.cs:24:13:24:16 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:13:24:16 | this access | UseUseExplosion.cs:24:31:24:34 | this access |
+| UseUseExplosion.cs:24:13:24:16 | this access | UseUseExplosion.cs:24:3193:24:3198 | this access |
+| UseUseExplosion.cs:24:31:24:34 | [post] this access | UseUseExplosion.cs:24:48:24:51 | this access |
+| UseUseExplosion.cs:24:31:24:34 | [post] this access | UseUseExplosion.cs:24:3178:24:3183 | this access |
+| UseUseExplosion.cs:24:31:24:34 | access to property Prop | UseUseExplosion.cs:24:48:24:51 | access to property Prop |
+| UseUseExplosion.cs:24:31:24:34 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:31:24:34 | this access | UseUseExplosion.cs:24:48:24:51 | this access |
+| UseUseExplosion.cs:24:31:24:34 | this access | UseUseExplosion.cs:24:3178:24:3183 | this access |
+| UseUseExplosion.cs:24:48:24:51 | [post] this access | UseUseExplosion.cs:24:65:24:68 | this access |
+| UseUseExplosion.cs:24:48:24:51 | [post] this access | UseUseExplosion.cs:24:3163:24:3168 | this access |
+| UseUseExplosion.cs:24:48:24:51 | access to property Prop | UseUseExplosion.cs:24:65:24:68 | access to property Prop |
+| UseUseExplosion.cs:24:48:24:51 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:48:24:51 | this access | UseUseExplosion.cs:24:65:24:68 | this access |
+| UseUseExplosion.cs:24:48:24:51 | this access | UseUseExplosion.cs:24:3163:24:3168 | this access |
+| UseUseExplosion.cs:24:65:24:68 | [post] this access | UseUseExplosion.cs:24:82:24:85 | this access |
+| UseUseExplosion.cs:24:65:24:68 | [post] this access | UseUseExplosion.cs:24:3148:24:3153 | this access |
+| UseUseExplosion.cs:24:65:24:68 | access to property Prop | UseUseExplosion.cs:24:82:24:85 | access to property Prop |
+| UseUseExplosion.cs:24:65:24:68 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:65:24:68 | this access | UseUseExplosion.cs:24:82:24:85 | this access |
+| UseUseExplosion.cs:24:65:24:68 | this access | UseUseExplosion.cs:24:3148:24:3153 | this access |
+| UseUseExplosion.cs:24:82:24:85 | [post] this access | UseUseExplosion.cs:24:99:24:102 | this access |
+| UseUseExplosion.cs:24:82:24:85 | [post] this access | UseUseExplosion.cs:24:3133:24:3138 | this access |
+| UseUseExplosion.cs:24:82:24:85 | access to property Prop | UseUseExplosion.cs:24:99:24:102 | access to property Prop |
+| UseUseExplosion.cs:24:82:24:85 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:82:24:85 | this access | UseUseExplosion.cs:24:99:24:102 | this access |
+| UseUseExplosion.cs:24:82:24:85 | this access | UseUseExplosion.cs:24:3133:24:3138 | this access |
+| UseUseExplosion.cs:24:99:24:102 | [post] this access | UseUseExplosion.cs:24:116:24:119 | this access |
+| UseUseExplosion.cs:24:99:24:102 | [post] this access | UseUseExplosion.cs:24:3118:24:3123 | this access |
+| UseUseExplosion.cs:24:99:24:102 | access to property Prop | UseUseExplosion.cs:24:116:24:119 | access to property Prop |
+| UseUseExplosion.cs:24:99:24:102 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:99:24:102 | this access | UseUseExplosion.cs:24:116:24:119 | this access |
+| UseUseExplosion.cs:24:99:24:102 | this access | UseUseExplosion.cs:24:3118:24:3123 | this access |
+| UseUseExplosion.cs:24:116:24:119 | [post] this access | UseUseExplosion.cs:24:133:24:136 | this access |
+| UseUseExplosion.cs:24:116:24:119 | [post] this access | UseUseExplosion.cs:24:3103:24:3108 | this access |
+| UseUseExplosion.cs:24:116:24:119 | access to property Prop | UseUseExplosion.cs:24:133:24:136 | access to property Prop |
+| UseUseExplosion.cs:24:116:24:119 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:116:24:119 | this access | UseUseExplosion.cs:24:133:24:136 | this access |
+| UseUseExplosion.cs:24:116:24:119 | this access | UseUseExplosion.cs:24:3103:24:3108 | this access |
+| UseUseExplosion.cs:24:133:24:136 | [post] this access | UseUseExplosion.cs:24:150:24:153 | this access |
+| UseUseExplosion.cs:24:133:24:136 | [post] this access | UseUseExplosion.cs:24:3088:24:3093 | this access |
+| UseUseExplosion.cs:24:133:24:136 | access to property Prop | UseUseExplosion.cs:24:150:24:153 | access to property Prop |
+| UseUseExplosion.cs:24:133:24:136 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:133:24:136 | this access | UseUseExplosion.cs:24:150:24:153 | this access |
+| UseUseExplosion.cs:24:133:24:136 | this access | UseUseExplosion.cs:24:3088:24:3093 | this access |
+| UseUseExplosion.cs:24:150:24:153 | [post] this access | UseUseExplosion.cs:24:167:24:170 | this access |
+| UseUseExplosion.cs:24:150:24:153 | [post] this access | UseUseExplosion.cs:24:3073:24:3078 | this access |
+| UseUseExplosion.cs:24:150:24:153 | access to property Prop | UseUseExplosion.cs:24:167:24:170 | access to property Prop |
+| UseUseExplosion.cs:24:150:24:153 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:150:24:153 | this access | UseUseExplosion.cs:24:167:24:170 | this access |
+| UseUseExplosion.cs:24:150:24:153 | this access | UseUseExplosion.cs:24:3073:24:3078 | this access |
+| UseUseExplosion.cs:24:167:24:170 | [post] this access | UseUseExplosion.cs:24:184:24:187 | this access |
+| UseUseExplosion.cs:24:167:24:170 | [post] this access | UseUseExplosion.cs:24:3058:24:3063 | this access |
+| UseUseExplosion.cs:24:167:24:170 | access to property Prop | UseUseExplosion.cs:24:184:24:187 | access to property Prop |
+| UseUseExplosion.cs:24:167:24:170 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:167:24:170 | this access | UseUseExplosion.cs:24:184:24:187 | this access |
+| UseUseExplosion.cs:24:167:24:170 | this access | UseUseExplosion.cs:24:3058:24:3063 | this access |
+| UseUseExplosion.cs:24:184:24:187 | [post] this access | UseUseExplosion.cs:24:201:24:204 | this access |
+| UseUseExplosion.cs:24:184:24:187 | [post] this access | UseUseExplosion.cs:24:3043:24:3048 | this access |
+| UseUseExplosion.cs:24:184:24:187 | access to property Prop | UseUseExplosion.cs:24:201:24:204 | access to property Prop |
+| UseUseExplosion.cs:24:184:24:187 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:184:24:187 | this access | UseUseExplosion.cs:24:201:24:204 | this access |
+| UseUseExplosion.cs:24:184:24:187 | this access | UseUseExplosion.cs:24:3043:24:3048 | this access |
+| UseUseExplosion.cs:24:201:24:204 | [post] this access | UseUseExplosion.cs:24:218:24:221 | this access |
+| UseUseExplosion.cs:24:201:24:204 | [post] this access | UseUseExplosion.cs:24:3028:24:3033 | this access |
+| UseUseExplosion.cs:24:201:24:204 | access to property Prop | UseUseExplosion.cs:24:218:24:221 | access to property Prop |
+| UseUseExplosion.cs:24:201:24:204 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:201:24:204 | this access | UseUseExplosion.cs:24:218:24:221 | this access |
+| UseUseExplosion.cs:24:201:24:204 | this access | UseUseExplosion.cs:24:3028:24:3033 | this access |
+| UseUseExplosion.cs:24:218:24:221 | [post] this access | UseUseExplosion.cs:24:235:24:238 | this access |
+| UseUseExplosion.cs:24:218:24:221 | [post] this access | UseUseExplosion.cs:24:3013:24:3018 | this access |
+| UseUseExplosion.cs:24:218:24:221 | access to property Prop | UseUseExplosion.cs:24:235:24:238 | access to property Prop |
+| UseUseExplosion.cs:24:218:24:221 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:218:24:221 | this access | UseUseExplosion.cs:24:235:24:238 | this access |
+| UseUseExplosion.cs:24:218:24:221 | this access | UseUseExplosion.cs:24:3013:24:3018 | this access |
+| UseUseExplosion.cs:24:235:24:238 | [post] this access | UseUseExplosion.cs:24:252:24:255 | this access |
+| UseUseExplosion.cs:24:235:24:238 | [post] this access | UseUseExplosion.cs:24:2998:24:3003 | this access |
+| UseUseExplosion.cs:24:235:24:238 | access to property Prop | UseUseExplosion.cs:24:252:24:255 | access to property Prop |
+| UseUseExplosion.cs:24:235:24:238 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:235:24:238 | this access | UseUseExplosion.cs:24:252:24:255 | this access |
+| UseUseExplosion.cs:24:235:24:238 | this access | UseUseExplosion.cs:24:2998:24:3003 | this access |
+| UseUseExplosion.cs:24:252:24:255 | [post] this access | UseUseExplosion.cs:24:269:24:272 | this access |
+| UseUseExplosion.cs:24:252:24:255 | [post] this access | UseUseExplosion.cs:24:2983:24:2988 | this access |
+| UseUseExplosion.cs:24:252:24:255 | access to property Prop | UseUseExplosion.cs:24:269:24:272 | access to property Prop |
+| UseUseExplosion.cs:24:252:24:255 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:252:24:255 | this access | UseUseExplosion.cs:24:269:24:272 | this access |
+| UseUseExplosion.cs:24:252:24:255 | this access | UseUseExplosion.cs:24:2983:24:2988 | this access |
+| UseUseExplosion.cs:24:269:24:272 | [post] this access | UseUseExplosion.cs:24:286:24:289 | this access |
+| UseUseExplosion.cs:24:269:24:272 | [post] this access | UseUseExplosion.cs:24:2968:24:2973 | this access |
+| UseUseExplosion.cs:24:269:24:272 | access to property Prop | UseUseExplosion.cs:24:286:24:289 | access to property Prop |
+| UseUseExplosion.cs:24:269:24:272 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:269:24:272 | this access | UseUseExplosion.cs:24:286:24:289 | this access |
+| UseUseExplosion.cs:24:269:24:272 | this access | UseUseExplosion.cs:24:2968:24:2973 | this access |
+| UseUseExplosion.cs:24:286:24:289 | [post] this access | UseUseExplosion.cs:24:303:24:306 | this access |
+| UseUseExplosion.cs:24:286:24:289 | [post] this access | UseUseExplosion.cs:24:2953:24:2958 | this access |
+| UseUseExplosion.cs:24:286:24:289 | access to property Prop | UseUseExplosion.cs:24:303:24:306 | access to property Prop |
+| UseUseExplosion.cs:24:286:24:289 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:286:24:289 | this access | UseUseExplosion.cs:24:303:24:306 | this access |
+| UseUseExplosion.cs:24:286:24:289 | this access | UseUseExplosion.cs:24:2953:24:2958 | this access |
+| UseUseExplosion.cs:24:303:24:306 | [post] this access | UseUseExplosion.cs:24:320:24:323 | this access |
+| UseUseExplosion.cs:24:303:24:306 | [post] this access | UseUseExplosion.cs:24:2938:24:2943 | this access |
+| UseUseExplosion.cs:24:303:24:306 | access to property Prop | UseUseExplosion.cs:24:320:24:323 | access to property Prop |
+| UseUseExplosion.cs:24:303:24:306 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:303:24:306 | this access | UseUseExplosion.cs:24:320:24:323 | this access |
+| UseUseExplosion.cs:24:303:24:306 | this access | UseUseExplosion.cs:24:2938:24:2943 | this access |
+| UseUseExplosion.cs:24:320:24:323 | [post] this access | UseUseExplosion.cs:24:337:24:340 | this access |
+| UseUseExplosion.cs:24:320:24:323 | [post] this access | UseUseExplosion.cs:24:2923:24:2928 | this access |
+| UseUseExplosion.cs:24:320:24:323 | access to property Prop | UseUseExplosion.cs:24:337:24:340 | access to property Prop |
+| UseUseExplosion.cs:24:320:24:323 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:320:24:323 | this access | UseUseExplosion.cs:24:337:24:340 | this access |
+| UseUseExplosion.cs:24:320:24:323 | this access | UseUseExplosion.cs:24:2923:24:2928 | this access |
+| UseUseExplosion.cs:24:337:24:340 | [post] this access | UseUseExplosion.cs:24:354:24:357 | this access |
+| UseUseExplosion.cs:24:337:24:340 | [post] this access | UseUseExplosion.cs:24:2908:24:2913 | this access |
+| UseUseExplosion.cs:24:337:24:340 | access to property Prop | UseUseExplosion.cs:24:354:24:357 | access to property Prop |
+| UseUseExplosion.cs:24:337:24:340 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:337:24:340 | this access | UseUseExplosion.cs:24:354:24:357 | this access |
+| UseUseExplosion.cs:24:337:24:340 | this access | UseUseExplosion.cs:24:2908:24:2913 | this access |
+| UseUseExplosion.cs:24:354:24:357 | [post] this access | UseUseExplosion.cs:24:371:24:374 | this access |
+| UseUseExplosion.cs:24:354:24:357 | [post] this access | UseUseExplosion.cs:24:2893:24:2898 | this access |
+| UseUseExplosion.cs:24:354:24:357 | access to property Prop | UseUseExplosion.cs:24:371:24:374 | access to property Prop |
+| UseUseExplosion.cs:24:354:24:357 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:354:24:357 | this access | UseUseExplosion.cs:24:371:24:374 | this access |
+| UseUseExplosion.cs:24:354:24:357 | this access | UseUseExplosion.cs:24:2893:24:2898 | this access |
+| UseUseExplosion.cs:24:371:24:374 | [post] this access | UseUseExplosion.cs:24:388:24:391 | this access |
+| UseUseExplosion.cs:24:371:24:374 | [post] this access | UseUseExplosion.cs:24:2878:24:2883 | this access |
+| UseUseExplosion.cs:24:371:24:374 | access to property Prop | UseUseExplosion.cs:24:388:24:391 | access to property Prop |
+| UseUseExplosion.cs:24:371:24:374 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:371:24:374 | this access | UseUseExplosion.cs:24:388:24:391 | this access |
+| UseUseExplosion.cs:24:371:24:374 | this access | UseUseExplosion.cs:24:2878:24:2883 | this access |
+| UseUseExplosion.cs:24:388:24:391 | [post] this access | UseUseExplosion.cs:24:405:24:408 | this access |
+| UseUseExplosion.cs:24:388:24:391 | [post] this access | UseUseExplosion.cs:24:2863:24:2868 | this access |
+| UseUseExplosion.cs:24:388:24:391 | access to property Prop | UseUseExplosion.cs:24:405:24:408 | access to property Prop |
+| UseUseExplosion.cs:24:388:24:391 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:388:24:391 | this access | UseUseExplosion.cs:24:405:24:408 | this access |
+| UseUseExplosion.cs:24:388:24:391 | this access | UseUseExplosion.cs:24:2863:24:2868 | this access |
+| UseUseExplosion.cs:24:405:24:408 | [post] this access | UseUseExplosion.cs:24:422:24:425 | this access |
+| UseUseExplosion.cs:24:405:24:408 | [post] this access | UseUseExplosion.cs:24:2848:24:2853 | this access |
+| UseUseExplosion.cs:24:405:24:408 | access to property Prop | UseUseExplosion.cs:24:422:24:425 | access to property Prop |
+| UseUseExplosion.cs:24:405:24:408 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:405:24:408 | this access | UseUseExplosion.cs:24:422:24:425 | this access |
+| UseUseExplosion.cs:24:405:24:408 | this access | UseUseExplosion.cs:24:2848:24:2853 | this access |
+| UseUseExplosion.cs:24:422:24:425 | [post] this access | UseUseExplosion.cs:24:439:24:442 | this access |
+| UseUseExplosion.cs:24:422:24:425 | [post] this access | UseUseExplosion.cs:24:2833:24:2838 | this access |
+| UseUseExplosion.cs:24:422:24:425 | access to property Prop | UseUseExplosion.cs:24:439:24:442 | access to property Prop |
+| UseUseExplosion.cs:24:422:24:425 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:422:24:425 | this access | UseUseExplosion.cs:24:439:24:442 | this access |
+| UseUseExplosion.cs:24:422:24:425 | this access | UseUseExplosion.cs:24:2833:24:2838 | this access |
+| UseUseExplosion.cs:24:439:24:442 | [post] this access | UseUseExplosion.cs:24:456:24:459 | this access |
+| UseUseExplosion.cs:24:439:24:442 | [post] this access | UseUseExplosion.cs:24:2818:24:2823 | this access |
+| UseUseExplosion.cs:24:439:24:442 | access to property Prop | UseUseExplosion.cs:24:456:24:459 | access to property Prop |
+| UseUseExplosion.cs:24:439:24:442 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:439:24:442 | this access | UseUseExplosion.cs:24:456:24:459 | this access |
+| UseUseExplosion.cs:24:439:24:442 | this access | UseUseExplosion.cs:24:2818:24:2823 | this access |
+| UseUseExplosion.cs:24:456:24:459 | [post] this access | UseUseExplosion.cs:24:473:24:476 | this access |
+| UseUseExplosion.cs:24:456:24:459 | [post] this access | UseUseExplosion.cs:24:2803:24:2808 | this access |
+| UseUseExplosion.cs:24:456:24:459 | access to property Prop | UseUseExplosion.cs:24:473:24:476 | access to property Prop |
+| UseUseExplosion.cs:24:456:24:459 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:456:24:459 | this access | UseUseExplosion.cs:24:473:24:476 | this access |
+| UseUseExplosion.cs:24:456:24:459 | this access | UseUseExplosion.cs:24:2803:24:2808 | this access |
+| UseUseExplosion.cs:24:473:24:476 | [post] this access | UseUseExplosion.cs:24:490:24:493 | this access |
+| UseUseExplosion.cs:24:473:24:476 | [post] this access | UseUseExplosion.cs:24:2788:24:2793 | this access |
+| UseUseExplosion.cs:24:473:24:476 | access to property Prop | UseUseExplosion.cs:24:490:24:493 | access to property Prop |
+| UseUseExplosion.cs:24:473:24:476 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:473:24:476 | this access | UseUseExplosion.cs:24:490:24:493 | this access |
+| UseUseExplosion.cs:24:473:24:476 | this access | UseUseExplosion.cs:24:2788:24:2793 | this access |
+| UseUseExplosion.cs:24:490:24:493 | [post] this access | UseUseExplosion.cs:24:507:24:510 | this access |
+| UseUseExplosion.cs:24:490:24:493 | [post] this access | UseUseExplosion.cs:24:2773:24:2778 | this access |
+| UseUseExplosion.cs:24:490:24:493 | access to property Prop | UseUseExplosion.cs:24:507:24:510 | access to property Prop |
+| UseUseExplosion.cs:24:490:24:493 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:490:24:493 | this access | UseUseExplosion.cs:24:507:24:510 | this access |
+| UseUseExplosion.cs:24:490:24:493 | this access | UseUseExplosion.cs:24:2773:24:2778 | this access |
+| UseUseExplosion.cs:24:507:24:510 | [post] this access | UseUseExplosion.cs:24:524:24:527 | this access |
+| UseUseExplosion.cs:24:507:24:510 | [post] this access | UseUseExplosion.cs:24:2758:24:2763 | this access |
+| UseUseExplosion.cs:24:507:24:510 | access to property Prop | UseUseExplosion.cs:24:524:24:527 | access to property Prop |
+| UseUseExplosion.cs:24:507:24:510 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:507:24:510 | this access | UseUseExplosion.cs:24:524:24:527 | this access |
+| UseUseExplosion.cs:24:507:24:510 | this access | UseUseExplosion.cs:24:2758:24:2763 | this access |
+| UseUseExplosion.cs:24:524:24:527 | [post] this access | UseUseExplosion.cs:24:541:24:544 | this access |
+| UseUseExplosion.cs:24:524:24:527 | [post] this access | UseUseExplosion.cs:24:2743:24:2748 | this access |
+| UseUseExplosion.cs:24:524:24:527 | access to property Prop | UseUseExplosion.cs:24:541:24:544 | access to property Prop |
+| UseUseExplosion.cs:24:524:24:527 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:524:24:527 | this access | UseUseExplosion.cs:24:541:24:544 | this access |
+| UseUseExplosion.cs:24:524:24:527 | this access | UseUseExplosion.cs:24:2743:24:2748 | this access |
+| UseUseExplosion.cs:24:541:24:544 | [post] this access | UseUseExplosion.cs:24:558:24:561 | this access |
+| UseUseExplosion.cs:24:541:24:544 | [post] this access | UseUseExplosion.cs:24:2728:24:2733 | this access |
+| UseUseExplosion.cs:24:541:24:544 | access to property Prop | UseUseExplosion.cs:24:558:24:561 | access to property Prop |
+| UseUseExplosion.cs:24:541:24:544 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:541:24:544 | this access | UseUseExplosion.cs:24:558:24:561 | this access |
+| UseUseExplosion.cs:24:541:24:544 | this access | UseUseExplosion.cs:24:2728:24:2733 | this access |
+| UseUseExplosion.cs:24:558:24:561 | [post] this access | UseUseExplosion.cs:24:575:24:578 | this access |
+| UseUseExplosion.cs:24:558:24:561 | [post] this access | UseUseExplosion.cs:24:2713:24:2718 | this access |
+| UseUseExplosion.cs:24:558:24:561 | access to property Prop | UseUseExplosion.cs:24:575:24:578 | access to property Prop |
+| UseUseExplosion.cs:24:558:24:561 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:558:24:561 | this access | UseUseExplosion.cs:24:575:24:578 | this access |
+| UseUseExplosion.cs:24:558:24:561 | this access | UseUseExplosion.cs:24:2713:24:2718 | this access |
+| UseUseExplosion.cs:24:575:24:578 | [post] this access | UseUseExplosion.cs:24:592:24:595 | this access |
+| UseUseExplosion.cs:24:575:24:578 | [post] this access | UseUseExplosion.cs:24:2698:24:2703 | this access |
+| UseUseExplosion.cs:24:575:24:578 | access to property Prop | UseUseExplosion.cs:24:592:24:595 | access to property Prop |
+| UseUseExplosion.cs:24:575:24:578 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:575:24:578 | this access | UseUseExplosion.cs:24:592:24:595 | this access |
+| UseUseExplosion.cs:24:575:24:578 | this access | UseUseExplosion.cs:24:2698:24:2703 | this access |
+| UseUseExplosion.cs:24:592:24:595 | [post] this access | UseUseExplosion.cs:24:609:24:612 | this access |
+| UseUseExplosion.cs:24:592:24:595 | [post] this access | UseUseExplosion.cs:24:2683:24:2688 | this access |
+| UseUseExplosion.cs:24:592:24:595 | access to property Prop | UseUseExplosion.cs:24:609:24:612 | access to property Prop |
+| UseUseExplosion.cs:24:592:24:595 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:592:24:595 | this access | UseUseExplosion.cs:24:609:24:612 | this access |
+| UseUseExplosion.cs:24:592:24:595 | this access | UseUseExplosion.cs:24:2683:24:2688 | this access |
+| UseUseExplosion.cs:24:609:24:612 | [post] this access | UseUseExplosion.cs:24:626:24:629 | this access |
+| UseUseExplosion.cs:24:609:24:612 | [post] this access | UseUseExplosion.cs:24:2668:24:2673 | this access |
+| UseUseExplosion.cs:24:609:24:612 | access to property Prop | UseUseExplosion.cs:24:626:24:629 | access to property Prop |
+| UseUseExplosion.cs:24:609:24:612 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:609:24:612 | this access | UseUseExplosion.cs:24:626:24:629 | this access |
+| UseUseExplosion.cs:24:609:24:612 | this access | UseUseExplosion.cs:24:2668:24:2673 | this access |
+| UseUseExplosion.cs:24:626:24:629 | [post] this access | UseUseExplosion.cs:24:643:24:646 | this access |
+| UseUseExplosion.cs:24:626:24:629 | [post] this access | UseUseExplosion.cs:24:2653:24:2658 | this access |
+| UseUseExplosion.cs:24:626:24:629 | access to property Prop | UseUseExplosion.cs:24:643:24:646 | access to property Prop |
+| UseUseExplosion.cs:24:626:24:629 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:626:24:629 | this access | UseUseExplosion.cs:24:643:24:646 | this access |
+| UseUseExplosion.cs:24:626:24:629 | this access | UseUseExplosion.cs:24:2653:24:2658 | this access |
+| UseUseExplosion.cs:24:643:24:646 | [post] this access | UseUseExplosion.cs:24:660:24:663 | this access |
+| UseUseExplosion.cs:24:643:24:646 | [post] this access | UseUseExplosion.cs:24:2638:24:2643 | this access |
+| UseUseExplosion.cs:24:643:24:646 | access to property Prop | UseUseExplosion.cs:24:660:24:663 | access to property Prop |
+| UseUseExplosion.cs:24:643:24:646 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:643:24:646 | this access | UseUseExplosion.cs:24:660:24:663 | this access |
+| UseUseExplosion.cs:24:643:24:646 | this access | UseUseExplosion.cs:24:2638:24:2643 | this access |
+| UseUseExplosion.cs:24:660:24:663 | [post] this access | UseUseExplosion.cs:24:677:24:680 | this access |
+| UseUseExplosion.cs:24:660:24:663 | [post] this access | UseUseExplosion.cs:24:2623:24:2628 | this access |
+| UseUseExplosion.cs:24:660:24:663 | access to property Prop | UseUseExplosion.cs:24:677:24:680 | access to property Prop |
+| UseUseExplosion.cs:24:660:24:663 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:660:24:663 | this access | UseUseExplosion.cs:24:677:24:680 | this access |
+| UseUseExplosion.cs:24:660:24:663 | this access | UseUseExplosion.cs:24:2623:24:2628 | this access |
+| UseUseExplosion.cs:24:677:24:680 | [post] this access | UseUseExplosion.cs:24:694:24:697 | this access |
+| UseUseExplosion.cs:24:677:24:680 | [post] this access | UseUseExplosion.cs:24:2608:24:2613 | this access |
+| UseUseExplosion.cs:24:677:24:680 | access to property Prop | UseUseExplosion.cs:24:694:24:697 | access to property Prop |
+| UseUseExplosion.cs:24:677:24:680 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:677:24:680 | this access | UseUseExplosion.cs:24:694:24:697 | this access |
+| UseUseExplosion.cs:24:677:24:680 | this access | UseUseExplosion.cs:24:2608:24:2613 | this access |
+| UseUseExplosion.cs:24:694:24:697 | [post] this access | UseUseExplosion.cs:24:711:24:714 | this access |
+| UseUseExplosion.cs:24:694:24:697 | [post] this access | UseUseExplosion.cs:24:2593:24:2598 | this access |
+| UseUseExplosion.cs:24:694:24:697 | access to property Prop | UseUseExplosion.cs:24:711:24:714 | access to property Prop |
+| UseUseExplosion.cs:24:694:24:697 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:694:24:697 | this access | UseUseExplosion.cs:24:711:24:714 | this access |
+| UseUseExplosion.cs:24:694:24:697 | this access | UseUseExplosion.cs:24:2593:24:2598 | this access |
+| UseUseExplosion.cs:24:711:24:714 | [post] this access | UseUseExplosion.cs:24:728:24:731 | this access |
+| UseUseExplosion.cs:24:711:24:714 | [post] this access | UseUseExplosion.cs:24:2578:24:2583 | this access |
+| UseUseExplosion.cs:24:711:24:714 | access to property Prop | UseUseExplosion.cs:24:728:24:731 | access to property Prop |
+| UseUseExplosion.cs:24:711:24:714 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:711:24:714 | this access | UseUseExplosion.cs:24:728:24:731 | this access |
+| UseUseExplosion.cs:24:711:24:714 | this access | UseUseExplosion.cs:24:2578:24:2583 | this access |
+| UseUseExplosion.cs:24:728:24:731 | [post] this access | UseUseExplosion.cs:24:745:24:748 | this access |
+| UseUseExplosion.cs:24:728:24:731 | [post] this access | UseUseExplosion.cs:24:2563:24:2568 | this access |
+| UseUseExplosion.cs:24:728:24:731 | access to property Prop | UseUseExplosion.cs:24:745:24:748 | access to property Prop |
+| UseUseExplosion.cs:24:728:24:731 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:728:24:731 | this access | UseUseExplosion.cs:24:745:24:748 | this access |
+| UseUseExplosion.cs:24:728:24:731 | this access | UseUseExplosion.cs:24:2563:24:2568 | this access |
+| UseUseExplosion.cs:24:745:24:748 | [post] this access | UseUseExplosion.cs:24:762:24:765 | this access |
+| UseUseExplosion.cs:24:745:24:748 | [post] this access | UseUseExplosion.cs:24:2548:24:2553 | this access |
+| UseUseExplosion.cs:24:745:24:748 | access to property Prop | UseUseExplosion.cs:24:762:24:765 | access to property Prop |
+| UseUseExplosion.cs:24:745:24:748 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:745:24:748 | this access | UseUseExplosion.cs:24:762:24:765 | this access |
+| UseUseExplosion.cs:24:745:24:748 | this access | UseUseExplosion.cs:24:2548:24:2553 | this access |
+| UseUseExplosion.cs:24:762:24:765 | [post] this access | UseUseExplosion.cs:24:779:24:782 | this access |
+| UseUseExplosion.cs:24:762:24:765 | [post] this access | UseUseExplosion.cs:24:2533:24:2538 | this access |
+| UseUseExplosion.cs:24:762:24:765 | access to property Prop | UseUseExplosion.cs:24:779:24:782 | access to property Prop |
+| UseUseExplosion.cs:24:762:24:765 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:762:24:765 | this access | UseUseExplosion.cs:24:779:24:782 | this access |
+| UseUseExplosion.cs:24:762:24:765 | this access | UseUseExplosion.cs:24:2533:24:2538 | this access |
+| UseUseExplosion.cs:24:779:24:782 | [post] this access | UseUseExplosion.cs:24:796:24:799 | this access |
+| UseUseExplosion.cs:24:779:24:782 | [post] this access | UseUseExplosion.cs:24:2518:24:2523 | this access |
+| UseUseExplosion.cs:24:779:24:782 | access to property Prop | UseUseExplosion.cs:24:796:24:799 | access to property Prop |
+| UseUseExplosion.cs:24:779:24:782 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:779:24:782 | this access | UseUseExplosion.cs:24:796:24:799 | this access |
+| UseUseExplosion.cs:24:779:24:782 | this access | UseUseExplosion.cs:24:2518:24:2523 | this access |
+| UseUseExplosion.cs:24:796:24:799 | [post] this access | UseUseExplosion.cs:24:813:24:816 | this access |
+| UseUseExplosion.cs:24:796:24:799 | [post] this access | UseUseExplosion.cs:24:2503:24:2508 | this access |
+| UseUseExplosion.cs:24:796:24:799 | access to property Prop | UseUseExplosion.cs:24:813:24:816 | access to property Prop |
+| UseUseExplosion.cs:24:796:24:799 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:796:24:799 | this access | UseUseExplosion.cs:24:813:24:816 | this access |
+| UseUseExplosion.cs:24:796:24:799 | this access | UseUseExplosion.cs:24:2503:24:2508 | this access |
+| UseUseExplosion.cs:24:813:24:816 | [post] this access | UseUseExplosion.cs:24:830:24:833 | this access |
+| UseUseExplosion.cs:24:813:24:816 | [post] this access | UseUseExplosion.cs:24:2488:24:2493 | this access |
+| UseUseExplosion.cs:24:813:24:816 | access to property Prop | UseUseExplosion.cs:24:830:24:833 | access to property Prop |
+| UseUseExplosion.cs:24:813:24:816 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:813:24:816 | this access | UseUseExplosion.cs:24:830:24:833 | this access |
+| UseUseExplosion.cs:24:813:24:816 | this access | UseUseExplosion.cs:24:2488:24:2493 | this access |
+| UseUseExplosion.cs:24:830:24:833 | [post] this access | UseUseExplosion.cs:24:847:24:850 | this access |
+| UseUseExplosion.cs:24:830:24:833 | [post] this access | UseUseExplosion.cs:24:2473:24:2478 | this access |
+| UseUseExplosion.cs:24:830:24:833 | access to property Prop | UseUseExplosion.cs:24:847:24:850 | access to property Prop |
+| UseUseExplosion.cs:24:830:24:833 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:830:24:833 | this access | UseUseExplosion.cs:24:847:24:850 | this access |
+| UseUseExplosion.cs:24:830:24:833 | this access | UseUseExplosion.cs:24:2473:24:2478 | this access |
+| UseUseExplosion.cs:24:847:24:850 | [post] this access | UseUseExplosion.cs:24:864:24:867 | this access |
+| UseUseExplosion.cs:24:847:24:850 | [post] this access | UseUseExplosion.cs:24:2458:24:2463 | this access |
+| UseUseExplosion.cs:24:847:24:850 | access to property Prop | UseUseExplosion.cs:24:864:24:867 | access to property Prop |
+| UseUseExplosion.cs:24:847:24:850 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:847:24:850 | this access | UseUseExplosion.cs:24:864:24:867 | this access |
+| UseUseExplosion.cs:24:847:24:850 | this access | UseUseExplosion.cs:24:2458:24:2463 | this access |
+| UseUseExplosion.cs:24:864:24:867 | [post] this access | UseUseExplosion.cs:24:881:24:884 | this access |
+| UseUseExplosion.cs:24:864:24:867 | [post] this access | UseUseExplosion.cs:24:2443:24:2448 | this access |
+| UseUseExplosion.cs:24:864:24:867 | access to property Prop | UseUseExplosion.cs:24:881:24:884 | access to property Prop |
+| UseUseExplosion.cs:24:864:24:867 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:864:24:867 | this access | UseUseExplosion.cs:24:881:24:884 | this access |
+| UseUseExplosion.cs:24:864:24:867 | this access | UseUseExplosion.cs:24:2443:24:2448 | this access |
+| UseUseExplosion.cs:24:881:24:884 | [post] this access | UseUseExplosion.cs:24:898:24:901 | this access |
+| UseUseExplosion.cs:24:881:24:884 | [post] this access | UseUseExplosion.cs:24:2428:24:2433 | this access |
+| UseUseExplosion.cs:24:881:24:884 | access to property Prop | UseUseExplosion.cs:24:898:24:901 | access to property Prop |
+| UseUseExplosion.cs:24:881:24:884 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:881:24:884 | this access | UseUseExplosion.cs:24:898:24:901 | this access |
+| UseUseExplosion.cs:24:881:24:884 | this access | UseUseExplosion.cs:24:2428:24:2433 | this access |
+| UseUseExplosion.cs:24:898:24:901 | [post] this access | UseUseExplosion.cs:24:915:24:918 | this access |
+| UseUseExplosion.cs:24:898:24:901 | [post] this access | UseUseExplosion.cs:24:2413:24:2418 | this access |
+| UseUseExplosion.cs:24:898:24:901 | access to property Prop | UseUseExplosion.cs:24:915:24:918 | access to property Prop |
+| UseUseExplosion.cs:24:898:24:901 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:898:24:901 | this access | UseUseExplosion.cs:24:915:24:918 | this access |
+| UseUseExplosion.cs:24:898:24:901 | this access | UseUseExplosion.cs:24:2413:24:2418 | this access |
+| UseUseExplosion.cs:24:915:24:918 | [post] this access | UseUseExplosion.cs:24:932:24:935 | this access |
+| UseUseExplosion.cs:24:915:24:918 | [post] this access | UseUseExplosion.cs:24:2398:24:2403 | this access |
+| UseUseExplosion.cs:24:915:24:918 | access to property Prop | UseUseExplosion.cs:24:932:24:935 | access to property Prop |
+| UseUseExplosion.cs:24:915:24:918 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:915:24:918 | this access | UseUseExplosion.cs:24:932:24:935 | this access |
+| UseUseExplosion.cs:24:915:24:918 | this access | UseUseExplosion.cs:24:2398:24:2403 | this access |
+| UseUseExplosion.cs:24:932:24:935 | [post] this access | UseUseExplosion.cs:24:949:24:952 | this access |
+| UseUseExplosion.cs:24:932:24:935 | [post] this access | UseUseExplosion.cs:24:2383:24:2388 | this access |
+| UseUseExplosion.cs:24:932:24:935 | access to property Prop | UseUseExplosion.cs:24:949:24:952 | access to property Prop |
+| UseUseExplosion.cs:24:932:24:935 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:932:24:935 | this access | UseUseExplosion.cs:24:949:24:952 | this access |
+| UseUseExplosion.cs:24:932:24:935 | this access | UseUseExplosion.cs:24:2383:24:2388 | this access |
+| UseUseExplosion.cs:24:949:24:952 | [post] this access | UseUseExplosion.cs:24:966:24:969 | this access |
+| UseUseExplosion.cs:24:949:24:952 | [post] this access | UseUseExplosion.cs:24:2368:24:2373 | this access |
+| UseUseExplosion.cs:24:949:24:952 | access to property Prop | UseUseExplosion.cs:24:966:24:969 | access to property Prop |
+| UseUseExplosion.cs:24:949:24:952 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:949:24:952 | this access | UseUseExplosion.cs:24:966:24:969 | this access |
+| UseUseExplosion.cs:24:949:24:952 | this access | UseUseExplosion.cs:24:2368:24:2373 | this access |
+| UseUseExplosion.cs:24:966:24:969 | [post] this access | UseUseExplosion.cs:24:983:24:986 | this access |
+| UseUseExplosion.cs:24:966:24:969 | [post] this access | UseUseExplosion.cs:24:2353:24:2358 | this access |
+| UseUseExplosion.cs:24:966:24:969 | access to property Prop | UseUseExplosion.cs:24:983:24:986 | access to property Prop |
+| UseUseExplosion.cs:24:966:24:969 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:966:24:969 | this access | UseUseExplosion.cs:24:983:24:986 | this access |
+| UseUseExplosion.cs:24:966:24:969 | this access | UseUseExplosion.cs:24:2353:24:2358 | this access |
+| UseUseExplosion.cs:24:983:24:986 | [post] this access | UseUseExplosion.cs:24:1000:24:1003 | this access |
+| UseUseExplosion.cs:24:983:24:986 | [post] this access | UseUseExplosion.cs:24:2338:24:2343 | this access |
+| UseUseExplosion.cs:24:983:24:986 | access to property Prop | UseUseExplosion.cs:24:1000:24:1003 | access to property Prop |
+| UseUseExplosion.cs:24:983:24:986 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:983:24:986 | this access | UseUseExplosion.cs:24:1000:24:1003 | this access |
+| UseUseExplosion.cs:24:983:24:986 | this access | UseUseExplosion.cs:24:2338:24:2343 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | [post] this access | UseUseExplosion.cs:24:1017:24:1020 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | [post] this access | UseUseExplosion.cs:24:2323:24:2328 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | access to property Prop | UseUseExplosion.cs:24:1017:24:1020 | access to property Prop |
+| UseUseExplosion.cs:24:1000:24:1003 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1000:24:1003 | this access | UseUseExplosion.cs:24:1017:24:1020 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | this access | UseUseExplosion.cs:24:2323:24:2328 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | [post] this access | UseUseExplosion.cs:24:1034:24:1037 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | [post] this access | UseUseExplosion.cs:24:2308:24:2313 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | access to property Prop | UseUseExplosion.cs:24:1034:24:1037 | access to property Prop |
+| UseUseExplosion.cs:24:1017:24:1020 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1017:24:1020 | this access | UseUseExplosion.cs:24:1034:24:1037 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | this access | UseUseExplosion.cs:24:2308:24:2313 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | [post] this access | UseUseExplosion.cs:24:1051:24:1054 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | [post] this access | UseUseExplosion.cs:24:2293:24:2298 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | access to property Prop | UseUseExplosion.cs:24:1051:24:1054 | access to property Prop |
+| UseUseExplosion.cs:24:1034:24:1037 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1034:24:1037 | this access | UseUseExplosion.cs:24:1051:24:1054 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | this access | UseUseExplosion.cs:24:2293:24:2298 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | [post] this access | UseUseExplosion.cs:24:1068:24:1071 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | [post] this access | UseUseExplosion.cs:24:2278:24:2283 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | access to property Prop | UseUseExplosion.cs:24:1068:24:1071 | access to property Prop |
+| UseUseExplosion.cs:24:1051:24:1054 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1051:24:1054 | this access | UseUseExplosion.cs:24:1068:24:1071 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | this access | UseUseExplosion.cs:24:2278:24:2283 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | [post] this access | UseUseExplosion.cs:24:1085:24:1088 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | [post] this access | UseUseExplosion.cs:24:2263:24:2268 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | access to property Prop | UseUseExplosion.cs:24:1085:24:1088 | access to property Prop |
+| UseUseExplosion.cs:24:1068:24:1071 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1068:24:1071 | this access | UseUseExplosion.cs:24:1085:24:1088 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | this access | UseUseExplosion.cs:24:2263:24:2268 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | [post] this access | UseUseExplosion.cs:24:1102:24:1105 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | [post] this access | UseUseExplosion.cs:24:2248:24:2253 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | access to property Prop | UseUseExplosion.cs:24:1102:24:1105 | access to property Prop |
+| UseUseExplosion.cs:24:1085:24:1088 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1085:24:1088 | this access | UseUseExplosion.cs:24:1102:24:1105 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | this access | UseUseExplosion.cs:24:2248:24:2253 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | [post] this access | UseUseExplosion.cs:24:1119:24:1122 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | [post] this access | UseUseExplosion.cs:24:2233:24:2238 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | access to property Prop | UseUseExplosion.cs:24:1119:24:1122 | access to property Prop |
+| UseUseExplosion.cs:24:1102:24:1105 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1102:24:1105 | this access | UseUseExplosion.cs:24:1119:24:1122 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | this access | UseUseExplosion.cs:24:2233:24:2238 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | [post] this access | UseUseExplosion.cs:24:1136:24:1139 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | [post] this access | UseUseExplosion.cs:24:2218:24:2223 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | access to property Prop | UseUseExplosion.cs:24:1136:24:1139 | access to property Prop |
+| UseUseExplosion.cs:24:1119:24:1122 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1119:24:1122 | this access | UseUseExplosion.cs:24:1136:24:1139 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | this access | UseUseExplosion.cs:24:2218:24:2223 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | [post] this access | UseUseExplosion.cs:24:1153:24:1156 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | [post] this access | UseUseExplosion.cs:24:2203:24:2208 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | access to property Prop | UseUseExplosion.cs:24:1153:24:1156 | access to property Prop |
+| UseUseExplosion.cs:24:1136:24:1139 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1136:24:1139 | this access | UseUseExplosion.cs:24:1153:24:1156 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | this access | UseUseExplosion.cs:24:2203:24:2208 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | [post] this access | UseUseExplosion.cs:24:1170:24:1173 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | [post] this access | UseUseExplosion.cs:24:2188:24:2193 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | access to property Prop | UseUseExplosion.cs:24:1170:24:1173 | access to property Prop |
+| UseUseExplosion.cs:24:1153:24:1156 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1153:24:1156 | this access | UseUseExplosion.cs:24:1170:24:1173 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | this access | UseUseExplosion.cs:24:2188:24:2193 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | [post] this access | UseUseExplosion.cs:24:1187:24:1190 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | [post] this access | UseUseExplosion.cs:24:2173:24:2178 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | access to property Prop | UseUseExplosion.cs:24:1187:24:1190 | access to property Prop |
+| UseUseExplosion.cs:24:1170:24:1173 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1170:24:1173 | this access | UseUseExplosion.cs:24:1187:24:1190 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | this access | UseUseExplosion.cs:24:2173:24:2178 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | [post] this access | UseUseExplosion.cs:24:1204:24:1207 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | [post] this access | UseUseExplosion.cs:24:2158:24:2163 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | access to property Prop | UseUseExplosion.cs:24:1204:24:1207 | access to property Prop |
+| UseUseExplosion.cs:24:1187:24:1190 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1187:24:1190 | this access | UseUseExplosion.cs:24:1204:24:1207 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | this access | UseUseExplosion.cs:24:2158:24:2163 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | [post] this access | UseUseExplosion.cs:24:1221:24:1224 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | [post] this access | UseUseExplosion.cs:24:2143:24:2148 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | access to property Prop | UseUseExplosion.cs:24:1221:24:1224 | access to property Prop |
+| UseUseExplosion.cs:24:1204:24:1207 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1204:24:1207 | this access | UseUseExplosion.cs:24:1221:24:1224 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | this access | UseUseExplosion.cs:24:2143:24:2148 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | [post] this access | UseUseExplosion.cs:24:1238:24:1241 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | [post] this access | UseUseExplosion.cs:24:2128:24:2133 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | access to property Prop | UseUseExplosion.cs:24:1238:24:1241 | access to property Prop |
+| UseUseExplosion.cs:24:1221:24:1224 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1221:24:1224 | this access | UseUseExplosion.cs:24:1238:24:1241 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | this access | UseUseExplosion.cs:24:2128:24:2133 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | [post] this access | UseUseExplosion.cs:24:1255:24:1258 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | [post] this access | UseUseExplosion.cs:24:2113:24:2118 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | access to property Prop | UseUseExplosion.cs:24:1255:24:1258 | access to property Prop |
+| UseUseExplosion.cs:24:1238:24:1241 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1238:24:1241 | this access | UseUseExplosion.cs:24:1255:24:1258 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | this access | UseUseExplosion.cs:24:2113:24:2118 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | [post] this access | UseUseExplosion.cs:24:1272:24:1275 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | [post] this access | UseUseExplosion.cs:24:2098:24:2103 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | access to property Prop | UseUseExplosion.cs:24:1272:24:1275 | access to property Prop |
+| UseUseExplosion.cs:24:1255:24:1258 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1255:24:1258 | this access | UseUseExplosion.cs:24:1272:24:1275 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | this access | UseUseExplosion.cs:24:2098:24:2103 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | [post] this access | UseUseExplosion.cs:24:1289:24:1292 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | [post] this access | UseUseExplosion.cs:24:2083:24:2088 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | access to property Prop | UseUseExplosion.cs:24:1289:24:1292 | access to property Prop |
+| UseUseExplosion.cs:24:1272:24:1275 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1272:24:1275 | this access | UseUseExplosion.cs:24:1289:24:1292 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | this access | UseUseExplosion.cs:24:2083:24:2088 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | [post] this access | UseUseExplosion.cs:24:1306:24:1309 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | [post] this access | UseUseExplosion.cs:24:2068:24:2073 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | access to property Prop | UseUseExplosion.cs:24:1306:24:1309 | access to property Prop |
+| UseUseExplosion.cs:24:1289:24:1292 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1289:24:1292 | this access | UseUseExplosion.cs:24:1306:24:1309 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | this access | UseUseExplosion.cs:24:2068:24:2073 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | [post] this access | UseUseExplosion.cs:24:1323:24:1326 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | [post] this access | UseUseExplosion.cs:24:2053:24:2058 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | access to property Prop | UseUseExplosion.cs:24:1323:24:1326 | access to property Prop |
+| UseUseExplosion.cs:24:1306:24:1309 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1306:24:1309 | this access | UseUseExplosion.cs:24:1323:24:1326 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | this access | UseUseExplosion.cs:24:2053:24:2058 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | [post] this access | UseUseExplosion.cs:24:1340:24:1343 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | [post] this access | UseUseExplosion.cs:24:2038:24:2043 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | access to property Prop | UseUseExplosion.cs:24:1340:24:1343 | access to property Prop |
+| UseUseExplosion.cs:24:1323:24:1326 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1323:24:1326 | this access | UseUseExplosion.cs:24:1340:24:1343 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | this access | UseUseExplosion.cs:24:2038:24:2043 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | [post] this access | UseUseExplosion.cs:24:1357:24:1360 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | [post] this access | UseUseExplosion.cs:24:2023:24:2028 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | access to property Prop | UseUseExplosion.cs:24:1357:24:1360 | access to property Prop |
+| UseUseExplosion.cs:24:1340:24:1343 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1340:24:1343 | this access | UseUseExplosion.cs:24:1357:24:1360 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | this access | UseUseExplosion.cs:24:2023:24:2028 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | [post] this access | UseUseExplosion.cs:24:1374:24:1377 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | [post] this access | UseUseExplosion.cs:24:2008:24:2013 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | access to property Prop | UseUseExplosion.cs:24:1374:24:1377 | access to property Prop |
+| UseUseExplosion.cs:24:1357:24:1360 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1357:24:1360 | this access | UseUseExplosion.cs:24:1374:24:1377 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | this access | UseUseExplosion.cs:24:2008:24:2013 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | [post] this access | UseUseExplosion.cs:24:1391:24:1394 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | [post] this access | UseUseExplosion.cs:24:1993:24:1998 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | access to property Prop | UseUseExplosion.cs:24:1391:24:1394 | access to property Prop |
+| UseUseExplosion.cs:24:1374:24:1377 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1374:24:1377 | this access | UseUseExplosion.cs:24:1391:24:1394 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | this access | UseUseExplosion.cs:24:1993:24:1998 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | [post] this access | UseUseExplosion.cs:24:1408:24:1411 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | [post] this access | UseUseExplosion.cs:24:1978:24:1983 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | access to property Prop | UseUseExplosion.cs:24:1408:24:1411 | access to property Prop |
+| UseUseExplosion.cs:24:1391:24:1394 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1391:24:1394 | this access | UseUseExplosion.cs:24:1408:24:1411 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | this access | UseUseExplosion.cs:24:1978:24:1983 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | [post] this access | UseUseExplosion.cs:24:1425:24:1428 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | [post] this access | UseUseExplosion.cs:24:1963:24:1968 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | access to property Prop | UseUseExplosion.cs:24:1425:24:1428 | access to property Prop |
+| UseUseExplosion.cs:24:1408:24:1411 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1408:24:1411 | this access | UseUseExplosion.cs:24:1425:24:1428 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | this access | UseUseExplosion.cs:24:1963:24:1968 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | [post] this access | UseUseExplosion.cs:24:1442:24:1445 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | [post] this access | UseUseExplosion.cs:24:1948:24:1953 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | access to property Prop | UseUseExplosion.cs:24:1442:24:1445 | access to property Prop |
+| UseUseExplosion.cs:24:1425:24:1428 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1425:24:1428 | this access | UseUseExplosion.cs:24:1442:24:1445 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | this access | UseUseExplosion.cs:24:1948:24:1953 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | [post] this access | UseUseExplosion.cs:24:1459:24:1462 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | [post] this access | UseUseExplosion.cs:24:1933:24:1938 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | access to property Prop | UseUseExplosion.cs:24:1459:24:1462 | access to property Prop |
+| UseUseExplosion.cs:24:1442:24:1445 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1442:24:1445 | this access | UseUseExplosion.cs:24:1459:24:1462 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | this access | UseUseExplosion.cs:24:1933:24:1938 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | [post] this access | UseUseExplosion.cs:24:1476:24:1479 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | [post] this access | UseUseExplosion.cs:24:1918:24:1923 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | access to property Prop | UseUseExplosion.cs:24:1476:24:1479 | access to property Prop |
+| UseUseExplosion.cs:24:1459:24:1462 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1459:24:1462 | this access | UseUseExplosion.cs:24:1476:24:1479 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | this access | UseUseExplosion.cs:24:1918:24:1923 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | [post] this access | UseUseExplosion.cs:24:1493:24:1496 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | [post] this access | UseUseExplosion.cs:24:1903:24:1908 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | access to property Prop | UseUseExplosion.cs:24:1493:24:1496 | access to property Prop |
+| UseUseExplosion.cs:24:1476:24:1479 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1476:24:1479 | this access | UseUseExplosion.cs:24:1493:24:1496 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | this access | UseUseExplosion.cs:24:1903:24:1908 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | [post] this access | UseUseExplosion.cs:24:1510:24:1513 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | [post] this access | UseUseExplosion.cs:24:1888:24:1893 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | access to property Prop | UseUseExplosion.cs:24:1510:24:1513 | access to property Prop |
+| UseUseExplosion.cs:24:1493:24:1496 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1493:24:1496 | this access | UseUseExplosion.cs:24:1510:24:1513 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | this access | UseUseExplosion.cs:24:1888:24:1893 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | [post] this access | UseUseExplosion.cs:24:1527:24:1530 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | [post] this access | UseUseExplosion.cs:24:1873:24:1878 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | access to property Prop | UseUseExplosion.cs:24:1527:24:1530 | access to property Prop |
+| UseUseExplosion.cs:24:1510:24:1513 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1510:24:1513 | this access | UseUseExplosion.cs:24:1527:24:1530 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | this access | UseUseExplosion.cs:24:1873:24:1878 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | [post] this access | UseUseExplosion.cs:24:1544:24:1547 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | [post] this access | UseUseExplosion.cs:24:1858:24:1863 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | access to property Prop | UseUseExplosion.cs:24:1544:24:1547 | access to property Prop |
+| UseUseExplosion.cs:24:1527:24:1530 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1527:24:1530 | this access | UseUseExplosion.cs:24:1544:24:1547 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | this access | UseUseExplosion.cs:24:1858:24:1863 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | [post] this access | UseUseExplosion.cs:24:1561:24:1564 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | [post] this access | UseUseExplosion.cs:24:1843:24:1848 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | access to property Prop | UseUseExplosion.cs:24:1561:24:1564 | access to property Prop |
+| UseUseExplosion.cs:24:1544:24:1547 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1544:24:1547 | this access | UseUseExplosion.cs:24:1561:24:1564 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | this access | UseUseExplosion.cs:24:1843:24:1848 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | [post] this access | UseUseExplosion.cs:24:1577:24:1580 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | [post] this access | UseUseExplosion.cs:24:1828:24:1833 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | access to property Prop | UseUseExplosion.cs:24:1577:24:1580 | access to property Prop |
+| UseUseExplosion.cs:24:1561:24:1564 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1561:24:1564 | this access | UseUseExplosion.cs:24:1577:24:1580 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | this access | UseUseExplosion.cs:24:1828:24:1833 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | [post] this access | UseUseExplosion.cs:24:1593:24:1596 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | [post] this access | UseUseExplosion.cs:24:1813:24:1818 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | access to property Prop | UseUseExplosion.cs:24:1593:24:1596 | access to property Prop |
+| UseUseExplosion.cs:24:1577:24:1580 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1577:24:1580 | this access | UseUseExplosion.cs:24:1593:24:1596 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | this access | UseUseExplosion.cs:24:1813:24:1818 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | [post] this access | UseUseExplosion.cs:24:1609:24:1612 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | [post] this access | UseUseExplosion.cs:24:1798:24:1803 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | access to property Prop | UseUseExplosion.cs:24:1609:24:1612 | access to property Prop |
+| UseUseExplosion.cs:24:1593:24:1596 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1593:24:1596 | this access | UseUseExplosion.cs:24:1609:24:1612 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | this access | UseUseExplosion.cs:24:1798:24:1803 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | [post] this access | UseUseExplosion.cs:24:1625:24:1628 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | [post] this access | UseUseExplosion.cs:24:1783:24:1788 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | access to property Prop | UseUseExplosion.cs:24:1625:24:1628 | access to property Prop |
+| UseUseExplosion.cs:24:1609:24:1612 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1609:24:1612 | this access | UseUseExplosion.cs:24:1625:24:1628 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | this access | UseUseExplosion.cs:24:1783:24:1788 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | [post] this access | UseUseExplosion.cs:24:1641:24:1644 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | [post] this access | UseUseExplosion.cs:24:1768:24:1773 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | access to property Prop | UseUseExplosion.cs:24:1641:24:1644 | access to property Prop |
+| UseUseExplosion.cs:24:1625:24:1628 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1625:24:1628 | this access | UseUseExplosion.cs:24:1641:24:1644 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | this access | UseUseExplosion.cs:24:1768:24:1773 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | [post] this access | UseUseExplosion.cs:24:1657:24:1660 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | [post] this access | UseUseExplosion.cs:24:1753:24:1758 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | access to property Prop | UseUseExplosion.cs:24:1657:24:1660 | access to property Prop |
+| UseUseExplosion.cs:24:1641:24:1644 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1641:24:1644 | this access | UseUseExplosion.cs:24:1657:24:1660 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | this access | UseUseExplosion.cs:24:1753:24:1758 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | [post] this access | UseUseExplosion.cs:24:1673:24:1676 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | [post] this access | UseUseExplosion.cs:24:1738:24:1743 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | access to property Prop | UseUseExplosion.cs:24:1673:24:1676 | access to property Prop |
+| UseUseExplosion.cs:24:1657:24:1660 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1657:24:1660 | this access | UseUseExplosion.cs:24:1673:24:1676 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | this access | UseUseExplosion.cs:24:1738:24:1743 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | [post] this access | UseUseExplosion.cs:24:1689:24:1692 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | [post] this access | UseUseExplosion.cs:24:1723:24:1728 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | access to property Prop | UseUseExplosion.cs:24:1689:24:1692 | access to property Prop |
+| UseUseExplosion.cs:24:1673:24:1676 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1673:24:1676 | this access | UseUseExplosion.cs:24:1689:24:1692 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | this access | UseUseExplosion.cs:24:1723:24:1728 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | [post] this access | UseUseExplosion.cs:24:1708:24:1713 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:24:1708:24:1713 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1708:24:1713 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1708:24:1713 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1723:24:1728 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1723:24:1728 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1738:24:1743 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1738:24:1743 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1753:24:1758 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1753:24:1758 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1768:24:1773 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1768:24:1773 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1783:24:1788 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1783:24:1788 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1798:24:1803 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1798:24:1803 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1813:24:1818 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1813:24:1818 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1828:24:1833 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1828:24:1833 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1843:24:1848 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1843:24:1848 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1858:24:1863 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1858:24:1863 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1873:24:1878 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1873:24:1878 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1888:24:1893 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1888:24:1893 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1903:24:1908 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1903:24:1908 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1918:24:1923 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1918:24:1923 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1933:24:1938 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1933:24:1938 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1948:24:1953 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1948:24:1953 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1963:24:1968 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1963:24:1968 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1978:24:1983 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1978:24:1983 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1993:24:1998 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1993:24:1998 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2008:24:2013 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2008:24:2013 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2023:24:2028 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2023:24:2028 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2038:24:2043 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2038:24:2043 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2053:24:2058 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2053:24:2058 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2068:24:2073 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2068:24:2073 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2083:24:2088 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2083:24:2088 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2098:24:2103 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2098:24:2103 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2113:24:2118 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2113:24:2118 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2128:24:2133 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2128:24:2133 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2143:24:2148 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2143:24:2148 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2158:24:2163 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2158:24:2163 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2173:24:2178 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2173:24:2178 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2188:24:2193 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2188:24:2193 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2203:24:2208 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2203:24:2208 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2218:24:2223 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2218:24:2223 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2233:24:2238 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2233:24:2238 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2248:24:2253 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2248:24:2253 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2263:24:2268 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2263:24:2268 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2278:24:2283 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2278:24:2283 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2293:24:2298 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2293:24:2298 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2308:24:2313 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2308:24:2313 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2323:24:2328 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2323:24:2328 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2338:24:2343 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2338:24:2343 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2353:24:2358 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2353:24:2358 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2368:24:2373 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2368:24:2373 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2383:24:2388 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2383:24:2388 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2398:24:2403 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2398:24:2403 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2413:24:2418 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2413:24:2418 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2428:24:2433 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2428:24:2433 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2443:24:2448 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2443:24:2448 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2458:24:2463 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2458:24:2463 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2473:24:2478 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2473:24:2478 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2488:24:2493 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2488:24:2493 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2503:24:2508 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2503:24:2508 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2518:24:2523 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2518:24:2523 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2533:24:2538 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2533:24:2538 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2548:24:2553 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2548:24:2553 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2563:24:2568 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2563:24:2568 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2578:24:2583 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2578:24:2583 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2593:24:2598 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2593:24:2598 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2608:24:2613 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2608:24:2613 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2623:24:2628 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2623:24:2628 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2638:24:2643 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2638:24:2643 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2653:24:2658 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2653:24:2658 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2668:24:2673 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2668:24:2673 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2683:24:2688 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2683:24:2688 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2698:24:2703 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2698:24:2703 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2713:24:2718 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2713:24:2718 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2728:24:2733 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2728:24:2733 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2743:24:2748 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2743:24:2748 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2758:24:2763 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2758:24:2763 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2773:24:2778 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2773:24:2778 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2788:24:2793 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2788:24:2793 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2803:24:2808 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2803:24:2808 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2818:24:2823 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2818:24:2823 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2833:24:2838 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2833:24:2838 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2848:24:2853 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2848:24:2853 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2863:24:2868 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2863:24:2868 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2878:24:2883 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2878:24:2883 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2893:24:2898 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2893:24:2898 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2908:24:2913 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2908:24:2913 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2923:24:2928 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2923:24:2928 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2938:24:2943 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2938:24:2943 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2953:24:2958 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2953:24:2958 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2968:24:2973 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2968:24:2973 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2983:24:2988 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2983:24:2988 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2998:24:3003 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2998:24:3003 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3013:24:3018 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3013:24:3018 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3028:24:3033 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3028:24:3033 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3043:24:3048 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3043:24:3048 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3058:24:3063 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3058:24:3063 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3073:24:3078 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3073:24:3078 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3088:24:3093 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3088:24:3093 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3103:24:3108 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3103:24:3108 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3118:24:3123 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3118:24:3123 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3133:24:3138 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3133:24:3138 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3148:24:3153 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3148:24:3153 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3163:24:3168 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3163:24:3168 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3178:24:3183 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3178:24:3183 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3193:24:3198 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3193:24:3198 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1712:25:1712 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1727:25:1727 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1742:25:1742 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1757:25:1757 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1772:25:1772 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1787:25:1787 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1802:25:1802 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1817:25:1817 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1832:25:1832 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1847:25:1847 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1862:25:1862 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1877:25:1877 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1892:25:1892 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1907:25:1907 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1922:25:1922 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1937:25:1937 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1952:25:1952 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1967:25:1967 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1982:25:1982 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1997:25:1997 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2012:25:2012 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2027:25:2027 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2042:25:2042 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2057:25:2057 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2072:25:2072 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2087:25:2087 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2102:25:2102 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2117:25:2117 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2132:25:2132 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2147:25:2147 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2162:25:2162 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2177:25:2177 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2192:25:2192 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2207:25:2207 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2222:25:2222 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2237:25:2237 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2252:25:2252 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2267:25:2267 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2282:25:2282 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2297:25:2297 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2312:25:2312 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2327:25:2327 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2342:25:2342 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2357:25:2357 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2372:25:2372 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2387:25:2387 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2402:25:2402 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2417:25:2417 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2432:25:2432 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2447:25:2447 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2462:25:2462 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2477:25:2477 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2492:25:2492 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2507:25:2507 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2522:25:2522 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2537:25:2537 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2552:25:2552 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2567:25:2567 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2582:25:2582 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2597:25:2597 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2612:25:2612 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2627:25:2627 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2642:25:2642 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2657:25:2657 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2672:25:2672 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2687:25:2687 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2702:25:2702 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2717:25:2717 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2732:25:2732 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2747:25:2747 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2762:25:2762 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2777:25:2777 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2792:25:2792 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2807:25:2807 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2822:25:2822 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2837:25:2837 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2852:25:2852 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2867:25:2867 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2882:25:2882 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2897:25:2897 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2912:25:2912 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2927:25:2927 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2942:25:2942 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2957:25:2957 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2972:25:2972 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2987:25:2987 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3002:25:3002 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3017:25:3017 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3032:25:3032 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3047:25:3047 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3062:25:3062 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3077:25:3077 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3092:25:3092 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3107:25:3107 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3122:25:3122 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3137:25:3137 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3152:25:3152 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3167:25:3167 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3182:25:3182 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3197:25:3197 | access to local variable x |
+| UseUseExplosion.cs:25:13:25:16 | [post] this access | UseUseExplosion.cs:25:31:25:34 | this access |
+| UseUseExplosion.cs:25:13:25:16 | [post] this access | UseUseExplosion.cs:25:3193:25:3198 | this access |
+| UseUseExplosion.cs:25:13:25:16 | access to property Prop | UseUseExplosion.cs:25:31:25:34 | access to property Prop |
+| UseUseExplosion.cs:25:13:25:16 | this access | UseUseExplosion.cs:25:31:25:34 | this access |
+| UseUseExplosion.cs:25:13:25:16 | this access | UseUseExplosion.cs:25:3193:25:3198 | this access |
+| UseUseExplosion.cs:25:31:25:34 | [post] this access | UseUseExplosion.cs:25:48:25:51 | this access |
+| UseUseExplosion.cs:25:31:25:34 | [post] this access | UseUseExplosion.cs:25:3178:25:3183 | this access |
+| UseUseExplosion.cs:25:31:25:34 | access to property Prop | UseUseExplosion.cs:25:48:25:51 | access to property Prop |
+| UseUseExplosion.cs:25:31:25:34 | this access | UseUseExplosion.cs:25:48:25:51 | this access |
+| UseUseExplosion.cs:25:31:25:34 | this access | UseUseExplosion.cs:25:3178:25:3183 | this access |
+| UseUseExplosion.cs:25:48:25:51 | [post] this access | UseUseExplosion.cs:25:65:25:68 | this access |
+| UseUseExplosion.cs:25:48:25:51 | [post] this access | UseUseExplosion.cs:25:3163:25:3168 | this access |
+| UseUseExplosion.cs:25:48:25:51 | access to property Prop | UseUseExplosion.cs:25:65:25:68 | access to property Prop |
+| UseUseExplosion.cs:25:48:25:51 | this access | UseUseExplosion.cs:25:65:25:68 | this access |
+| UseUseExplosion.cs:25:48:25:51 | this access | UseUseExplosion.cs:25:3163:25:3168 | this access |
+| UseUseExplosion.cs:25:65:25:68 | [post] this access | UseUseExplosion.cs:25:82:25:85 | this access |
+| UseUseExplosion.cs:25:65:25:68 | [post] this access | UseUseExplosion.cs:25:3148:25:3153 | this access |
+| UseUseExplosion.cs:25:65:25:68 | access to property Prop | UseUseExplosion.cs:25:82:25:85 | access to property Prop |
+| UseUseExplosion.cs:25:65:25:68 | this access | UseUseExplosion.cs:25:82:25:85 | this access |
+| UseUseExplosion.cs:25:65:25:68 | this access | UseUseExplosion.cs:25:3148:25:3153 | this access |
+| UseUseExplosion.cs:25:82:25:85 | [post] this access | UseUseExplosion.cs:25:99:25:102 | this access |
+| UseUseExplosion.cs:25:82:25:85 | [post] this access | UseUseExplosion.cs:25:3133:25:3138 | this access |
+| UseUseExplosion.cs:25:82:25:85 | access to property Prop | UseUseExplosion.cs:25:99:25:102 | access to property Prop |
+| UseUseExplosion.cs:25:82:25:85 | this access | UseUseExplosion.cs:25:99:25:102 | this access |
+| UseUseExplosion.cs:25:82:25:85 | this access | UseUseExplosion.cs:25:3133:25:3138 | this access |
+| UseUseExplosion.cs:25:99:25:102 | [post] this access | UseUseExplosion.cs:25:116:25:119 | this access |
+| UseUseExplosion.cs:25:99:25:102 | [post] this access | UseUseExplosion.cs:25:3118:25:3123 | this access |
+| UseUseExplosion.cs:25:99:25:102 | access to property Prop | UseUseExplosion.cs:25:116:25:119 | access to property Prop |
+| UseUseExplosion.cs:25:99:25:102 | this access | UseUseExplosion.cs:25:116:25:119 | this access |
+| UseUseExplosion.cs:25:99:25:102 | this access | UseUseExplosion.cs:25:3118:25:3123 | this access |
+| UseUseExplosion.cs:25:116:25:119 | [post] this access | UseUseExplosion.cs:25:133:25:136 | this access |
+| UseUseExplosion.cs:25:116:25:119 | [post] this access | UseUseExplosion.cs:25:3103:25:3108 | this access |
+| UseUseExplosion.cs:25:116:25:119 | access to property Prop | UseUseExplosion.cs:25:133:25:136 | access to property Prop |
+| UseUseExplosion.cs:25:116:25:119 | this access | UseUseExplosion.cs:25:133:25:136 | this access |
+| UseUseExplosion.cs:25:116:25:119 | this access | UseUseExplosion.cs:25:3103:25:3108 | this access |
+| UseUseExplosion.cs:25:133:25:136 | [post] this access | UseUseExplosion.cs:25:150:25:153 | this access |
+| UseUseExplosion.cs:25:133:25:136 | [post] this access | UseUseExplosion.cs:25:3088:25:3093 | this access |
+| UseUseExplosion.cs:25:133:25:136 | access to property Prop | UseUseExplosion.cs:25:150:25:153 | access to property Prop |
+| UseUseExplosion.cs:25:133:25:136 | this access | UseUseExplosion.cs:25:150:25:153 | this access |
+| UseUseExplosion.cs:25:133:25:136 | this access | UseUseExplosion.cs:25:3088:25:3093 | this access |
+| UseUseExplosion.cs:25:150:25:153 | [post] this access | UseUseExplosion.cs:25:167:25:170 | this access |
+| UseUseExplosion.cs:25:150:25:153 | [post] this access | UseUseExplosion.cs:25:3073:25:3078 | this access |
+| UseUseExplosion.cs:25:150:25:153 | access to property Prop | UseUseExplosion.cs:25:167:25:170 | access to property Prop |
+| UseUseExplosion.cs:25:150:25:153 | this access | UseUseExplosion.cs:25:167:25:170 | this access |
+| UseUseExplosion.cs:25:150:25:153 | this access | UseUseExplosion.cs:25:3073:25:3078 | this access |
+| UseUseExplosion.cs:25:167:25:170 | [post] this access | UseUseExplosion.cs:25:184:25:187 | this access |
+| UseUseExplosion.cs:25:167:25:170 | [post] this access | UseUseExplosion.cs:25:3058:25:3063 | this access |
+| UseUseExplosion.cs:25:167:25:170 | access to property Prop | UseUseExplosion.cs:25:184:25:187 | access to property Prop |
+| UseUseExplosion.cs:25:167:25:170 | this access | UseUseExplosion.cs:25:184:25:187 | this access |
+| UseUseExplosion.cs:25:167:25:170 | this access | UseUseExplosion.cs:25:3058:25:3063 | this access |
+| UseUseExplosion.cs:25:184:25:187 | [post] this access | UseUseExplosion.cs:25:201:25:204 | this access |
+| UseUseExplosion.cs:25:184:25:187 | [post] this access | UseUseExplosion.cs:25:3043:25:3048 | this access |
+| UseUseExplosion.cs:25:184:25:187 | access to property Prop | UseUseExplosion.cs:25:201:25:204 | access to property Prop |
+| UseUseExplosion.cs:25:184:25:187 | this access | UseUseExplosion.cs:25:201:25:204 | this access |
+| UseUseExplosion.cs:25:184:25:187 | this access | UseUseExplosion.cs:25:3043:25:3048 | this access |
+| UseUseExplosion.cs:25:201:25:204 | [post] this access | UseUseExplosion.cs:25:218:25:221 | this access |
+| UseUseExplosion.cs:25:201:25:204 | [post] this access | UseUseExplosion.cs:25:3028:25:3033 | this access |
+| UseUseExplosion.cs:25:201:25:204 | access to property Prop | UseUseExplosion.cs:25:218:25:221 | access to property Prop |
+| UseUseExplosion.cs:25:201:25:204 | this access | UseUseExplosion.cs:25:218:25:221 | this access |
+| UseUseExplosion.cs:25:201:25:204 | this access | UseUseExplosion.cs:25:3028:25:3033 | this access |
+| UseUseExplosion.cs:25:218:25:221 | [post] this access | UseUseExplosion.cs:25:235:25:238 | this access |
+| UseUseExplosion.cs:25:218:25:221 | [post] this access | UseUseExplosion.cs:25:3013:25:3018 | this access |
+| UseUseExplosion.cs:25:218:25:221 | access to property Prop | UseUseExplosion.cs:25:235:25:238 | access to property Prop |
+| UseUseExplosion.cs:25:218:25:221 | this access | UseUseExplosion.cs:25:235:25:238 | this access |
+| UseUseExplosion.cs:25:218:25:221 | this access | UseUseExplosion.cs:25:3013:25:3018 | this access |
+| UseUseExplosion.cs:25:235:25:238 | [post] this access | UseUseExplosion.cs:25:252:25:255 | this access |
+| UseUseExplosion.cs:25:235:25:238 | [post] this access | UseUseExplosion.cs:25:2998:25:3003 | this access |
+| UseUseExplosion.cs:25:235:25:238 | access to property Prop | UseUseExplosion.cs:25:252:25:255 | access to property Prop |
+| UseUseExplosion.cs:25:235:25:238 | this access | UseUseExplosion.cs:25:252:25:255 | this access |
+| UseUseExplosion.cs:25:235:25:238 | this access | UseUseExplosion.cs:25:2998:25:3003 | this access |
+| UseUseExplosion.cs:25:252:25:255 | [post] this access | UseUseExplosion.cs:25:269:25:272 | this access |
+| UseUseExplosion.cs:25:252:25:255 | [post] this access | UseUseExplosion.cs:25:2983:25:2988 | this access |
+| UseUseExplosion.cs:25:252:25:255 | access to property Prop | UseUseExplosion.cs:25:269:25:272 | access to property Prop |
+| UseUseExplosion.cs:25:252:25:255 | this access | UseUseExplosion.cs:25:269:25:272 | this access |
+| UseUseExplosion.cs:25:252:25:255 | this access | UseUseExplosion.cs:25:2983:25:2988 | this access |
+| UseUseExplosion.cs:25:269:25:272 | [post] this access | UseUseExplosion.cs:25:286:25:289 | this access |
+| UseUseExplosion.cs:25:269:25:272 | [post] this access | UseUseExplosion.cs:25:2968:25:2973 | this access |
+| UseUseExplosion.cs:25:269:25:272 | access to property Prop | UseUseExplosion.cs:25:286:25:289 | access to property Prop |
+| UseUseExplosion.cs:25:269:25:272 | this access | UseUseExplosion.cs:25:286:25:289 | this access |
+| UseUseExplosion.cs:25:269:25:272 | this access | UseUseExplosion.cs:25:2968:25:2973 | this access |
+| UseUseExplosion.cs:25:286:25:289 | [post] this access | UseUseExplosion.cs:25:303:25:306 | this access |
+| UseUseExplosion.cs:25:286:25:289 | [post] this access | UseUseExplosion.cs:25:2953:25:2958 | this access |
+| UseUseExplosion.cs:25:286:25:289 | access to property Prop | UseUseExplosion.cs:25:303:25:306 | access to property Prop |
+| UseUseExplosion.cs:25:286:25:289 | this access | UseUseExplosion.cs:25:303:25:306 | this access |
+| UseUseExplosion.cs:25:286:25:289 | this access | UseUseExplosion.cs:25:2953:25:2958 | this access |
+| UseUseExplosion.cs:25:303:25:306 | [post] this access | UseUseExplosion.cs:25:320:25:323 | this access |
+| UseUseExplosion.cs:25:303:25:306 | [post] this access | UseUseExplosion.cs:25:2938:25:2943 | this access |
+| UseUseExplosion.cs:25:303:25:306 | access to property Prop | UseUseExplosion.cs:25:320:25:323 | access to property Prop |
+| UseUseExplosion.cs:25:303:25:306 | this access | UseUseExplosion.cs:25:320:25:323 | this access |
+| UseUseExplosion.cs:25:303:25:306 | this access | UseUseExplosion.cs:25:2938:25:2943 | this access |
+| UseUseExplosion.cs:25:320:25:323 | [post] this access | UseUseExplosion.cs:25:337:25:340 | this access |
+| UseUseExplosion.cs:25:320:25:323 | [post] this access | UseUseExplosion.cs:25:2923:25:2928 | this access |
+| UseUseExplosion.cs:25:320:25:323 | access to property Prop | UseUseExplosion.cs:25:337:25:340 | access to property Prop |
+| UseUseExplosion.cs:25:320:25:323 | this access | UseUseExplosion.cs:25:337:25:340 | this access |
+| UseUseExplosion.cs:25:320:25:323 | this access | UseUseExplosion.cs:25:2923:25:2928 | this access |
+| UseUseExplosion.cs:25:337:25:340 | [post] this access | UseUseExplosion.cs:25:354:25:357 | this access |
+| UseUseExplosion.cs:25:337:25:340 | [post] this access | UseUseExplosion.cs:25:2908:25:2913 | this access |
+| UseUseExplosion.cs:25:337:25:340 | access to property Prop | UseUseExplosion.cs:25:354:25:357 | access to property Prop |
+| UseUseExplosion.cs:25:337:25:340 | this access | UseUseExplosion.cs:25:354:25:357 | this access |
+| UseUseExplosion.cs:25:337:25:340 | this access | UseUseExplosion.cs:25:2908:25:2913 | this access |
+| UseUseExplosion.cs:25:354:25:357 | [post] this access | UseUseExplosion.cs:25:371:25:374 | this access |
+| UseUseExplosion.cs:25:354:25:357 | [post] this access | UseUseExplosion.cs:25:2893:25:2898 | this access |
+| UseUseExplosion.cs:25:354:25:357 | access to property Prop | UseUseExplosion.cs:25:371:25:374 | access to property Prop |
+| UseUseExplosion.cs:25:354:25:357 | this access | UseUseExplosion.cs:25:371:25:374 | this access |
+| UseUseExplosion.cs:25:354:25:357 | this access | UseUseExplosion.cs:25:2893:25:2898 | this access |
+| UseUseExplosion.cs:25:371:25:374 | [post] this access | UseUseExplosion.cs:25:388:25:391 | this access |
+| UseUseExplosion.cs:25:371:25:374 | [post] this access | UseUseExplosion.cs:25:2878:25:2883 | this access |
+| UseUseExplosion.cs:25:371:25:374 | access to property Prop | UseUseExplosion.cs:25:388:25:391 | access to property Prop |
+| UseUseExplosion.cs:25:371:25:374 | this access | UseUseExplosion.cs:25:388:25:391 | this access |
+| UseUseExplosion.cs:25:371:25:374 | this access | UseUseExplosion.cs:25:2878:25:2883 | this access |
+| UseUseExplosion.cs:25:388:25:391 | [post] this access | UseUseExplosion.cs:25:405:25:408 | this access |
+| UseUseExplosion.cs:25:388:25:391 | [post] this access | UseUseExplosion.cs:25:2863:25:2868 | this access |
+| UseUseExplosion.cs:25:388:25:391 | access to property Prop | UseUseExplosion.cs:25:405:25:408 | access to property Prop |
+| UseUseExplosion.cs:25:388:25:391 | this access | UseUseExplosion.cs:25:405:25:408 | this access |
+| UseUseExplosion.cs:25:388:25:391 | this access | UseUseExplosion.cs:25:2863:25:2868 | this access |
+| UseUseExplosion.cs:25:405:25:408 | [post] this access | UseUseExplosion.cs:25:422:25:425 | this access |
+| UseUseExplosion.cs:25:405:25:408 | [post] this access | UseUseExplosion.cs:25:2848:25:2853 | this access |
+| UseUseExplosion.cs:25:405:25:408 | access to property Prop | UseUseExplosion.cs:25:422:25:425 | access to property Prop |
+| UseUseExplosion.cs:25:405:25:408 | this access | UseUseExplosion.cs:25:422:25:425 | this access |
+| UseUseExplosion.cs:25:405:25:408 | this access | UseUseExplosion.cs:25:2848:25:2853 | this access |
+| UseUseExplosion.cs:25:422:25:425 | [post] this access | UseUseExplosion.cs:25:439:25:442 | this access |
+| UseUseExplosion.cs:25:422:25:425 | [post] this access | UseUseExplosion.cs:25:2833:25:2838 | this access |
+| UseUseExplosion.cs:25:422:25:425 | access to property Prop | UseUseExplosion.cs:25:439:25:442 | access to property Prop |
+| UseUseExplosion.cs:25:422:25:425 | this access | UseUseExplosion.cs:25:439:25:442 | this access |
+| UseUseExplosion.cs:25:422:25:425 | this access | UseUseExplosion.cs:25:2833:25:2838 | this access |
+| UseUseExplosion.cs:25:439:25:442 | [post] this access | UseUseExplosion.cs:25:456:25:459 | this access |
+| UseUseExplosion.cs:25:439:25:442 | [post] this access | UseUseExplosion.cs:25:2818:25:2823 | this access |
+| UseUseExplosion.cs:25:439:25:442 | access to property Prop | UseUseExplosion.cs:25:456:25:459 | access to property Prop |
+| UseUseExplosion.cs:25:439:25:442 | this access | UseUseExplosion.cs:25:456:25:459 | this access |
+| UseUseExplosion.cs:25:439:25:442 | this access | UseUseExplosion.cs:25:2818:25:2823 | this access |
+| UseUseExplosion.cs:25:456:25:459 | [post] this access | UseUseExplosion.cs:25:473:25:476 | this access |
+| UseUseExplosion.cs:25:456:25:459 | [post] this access | UseUseExplosion.cs:25:2803:25:2808 | this access |
+| UseUseExplosion.cs:25:456:25:459 | access to property Prop | UseUseExplosion.cs:25:473:25:476 | access to property Prop |
+| UseUseExplosion.cs:25:456:25:459 | this access | UseUseExplosion.cs:25:473:25:476 | this access |
+| UseUseExplosion.cs:25:456:25:459 | this access | UseUseExplosion.cs:25:2803:25:2808 | this access |
+| UseUseExplosion.cs:25:473:25:476 | [post] this access | UseUseExplosion.cs:25:490:25:493 | this access |
+| UseUseExplosion.cs:25:473:25:476 | [post] this access | UseUseExplosion.cs:25:2788:25:2793 | this access |
+| UseUseExplosion.cs:25:473:25:476 | access to property Prop | UseUseExplosion.cs:25:490:25:493 | access to property Prop |
+| UseUseExplosion.cs:25:473:25:476 | this access | UseUseExplosion.cs:25:490:25:493 | this access |
+| UseUseExplosion.cs:25:473:25:476 | this access | UseUseExplosion.cs:25:2788:25:2793 | this access |
+| UseUseExplosion.cs:25:490:25:493 | [post] this access | UseUseExplosion.cs:25:507:25:510 | this access |
+| UseUseExplosion.cs:25:490:25:493 | [post] this access | UseUseExplosion.cs:25:2773:25:2778 | this access |
+| UseUseExplosion.cs:25:490:25:493 | access to property Prop | UseUseExplosion.cs:25:507:25:510 | access to property Prop |
+| UseUseExplosion.cs:25:490:25:493 | this access | UseUseExplosion.cs:25:507:25:510 | this access |
+| UseUseExplosion.cs:25:490:25:493 | this access | UseUseExplosion.cs:25:2773:25:2778 | this access |
+| UseUseExplosion.cs:25:507:25:510 | [post] this access | UseUseExplosion.cs:25:524:25:527 | this access |
+| UseUseExplosion.cs:25:507:25:510 | [post] this access | UseUseExplosion.cs:25:2758:25:2763 | this access |
+| UseUseExplosion.cs:25:507:25:510 | access to property Prop | UseUseExplosion.cs:25:524:25:527 | access to property Prop |
+| UseUseExplosion.cs:25:507:25:510 | this access | UseUseExplosion.cs:25:524:25:527 | this access |
+| UseUseExplosion.cs:25:507:25:510 | this access | UseUseExplosion.cs:25:2758:25:2763 | this access |
+| UseUseExplosion.cs:25:524:25:527 | [post] this access | UseUseExplosion.cs:25:541:25:544 | this access |
+| UseUseExplosion.cs:25:524:25:527 | [post] this access | UseUseExplosion.cs:25:2743:25:2748 | this access |
+| UseUseExplosion.cs:25:524:25:527 | access to property Prop | UseUseExplosion.cs:25:541:25:544 | access to property Prop |
+| UseUseExplosion.cs:25:524:25:527 | this access | UseUseExplosion.cs:25:541:25:544 | this access |
+| UseUseExplosion.cs:25:524:25:527 | this access | UseUseExplosion.cs:25:2743:25:2748 | this access |
+| UseUseExplosion.cs:25:541:25:544 | [post] this access | UseUseExplosion.cs:25:558:25:561 | this access |
+| UseUseExplosion.cs:25:541:25:544 | [post] this access | UseUseExplosion.cs:25:2728:25:2733 | this access |
+| UseUseExplosion.cs:25:541:25:544 | access to property Prop | UseUseExplosion.cs:25:558:25:561 | access to property Prop |
+| UseUseExplosion.cs:25:541:25:544 | this access | UseUseExplosion.cs:25:558:25:561 | this access |
+| UseUseExplosion.cs:25:541:25:544 | this access | UseUseExplosion.cs:25:2728:25:2733 | this access |
+| UseUseExplosion.cs:25:558:25:561 | [post] this access | UseUseExplosion.cs:25:575:25:578 | this access |
+| UseUseExplosion.cs:25:558:25:561 | [post] this access | UseUseExplosion.cs:25:2713:25:2718 | this access |
+| UseUseExplosion.cs:25:558:25:561 | access to property Prop | UseUseExplosion.cs:25:575:25:578 | access to property Prop |
+| UseUseExplosion.cs:25:558:25:561 | this access | UseUseExplosion.cs:25:575:25:578 | this access |
+| UseUseExplosion.cs:25:558:25:561 | this access | UseUseExplosion.cs:25:2713:25:2718 | this access |
+| UseUseExplosion.cs:25:575:25:578 | [post] this access | UseUseExplosion.cs:25:592:25:595 | this access |
+| UseUseExplosion.cs:25:575:25:578 | [post] this access | UseUseExplosion.cs:25:2698:25:2703 | this access |
+| UseUseExplosion.cs:25:575:25:578 | access to property Prop | UseUseExplosion.cs:25:592:25:595 | access to property Prop |
+| UseUseExplosion.cs:25:575:25:578 | this access | UseUseExplosion.cs:25:592:25:595 | this access |
+| UseUseExplosion.cs:25:575:25:578 | this access | UseUseExplosion.cs:25:2698:25:2703 | this access |
+| UseUseExplosion.cs:25:592:25:595 | [post] this access | UseUseExplosion.cs:25:609:25:612 | this access |
+| UseUseExplosion.cs:25:592:25:595 | [post] this access | UseUseExplosion.cs:25:2683:25:2688 | this access |
+| UseUseExplosion.cs:25:592:25:595 | access to property Prop | UseUseExplosion.cs:25:609:25:612 | access to property Prop |
+| UseUseExplosion.cs:25:592:25:595 | this access | UseUseExplosion.cs:25:609:25:612 | this access |
+| UseUseExplosion.cs:25:592:25:595 | this access | UseUseExplosion.cs:25:2683:25:2688 | this access |
+| UseUseExplosion.cs:25:609:25:612 | [post] this access | UseUseExplosion.cs:25:626:25:629 | this access |
+| UseUseExplosion.cs:25:609:25:612 | [post] this access | UseUseExplosion.cs:25:2668:25:2673 | this access |
+| UseUseExplosion.cs:25:609:25:612 | access to property Prop | UseUseExplosion.cs:25:626:25:629 | access to property Prop |
+| UseUseExplosion.cs:25:609:25:612 | this access | UseUseExplosion.cs:25:626:25:629 | this access |
+| UseUseExplosion.cs:25:609:25:612 | this access | UseUseExplosion.cs:25:2668:25:2673 | this access |
+| UseUseExplosion.cs:25:626:25:629 | [post] this access | UseUseExplosion.cs:25:643:25:646 | this access |
+| UseUseExplosion.cs:25:626:25:629 | [post] this access | UseUseExplosion.cs:25:2653:25:2658 | this access |
+| UseUseExplosion.cs:25:626:25:629 | access to property Prop | UseUseExplosion.cs:25:643:25:646 | access to property Prop |
+| UseUseExplosion.cs:25:626:25:629 | this access | UseUseExplosion.cs:25:643:25:646 | this access |
+| UseUseExplosion.cs:25:626:25:629 | this access | UseUseExplosion.cs:25:2653:25:2658 | this access |
+| UseUseExplosion.cs:25:643:25:646 | [post] this access | UseUseExplosion.cs:25:660:25:663 | this access |
+| UseUseExplosion.cs:25:643:25:646 | [post] this access | UseUseExplosion.cs:25:2638:25:2643 | this access |
+| UseUseExplosion.cs:25:643:25:646 | access to property Prop | UseUseExplosion.cs:25:660:25:663 | access to property Prop |
+| UseUseExplosion.cs:25:643:25:646 | this access | UseUseExplosion.cs:25:660:25:663 | this access |
+| UseUseExplosion.cs:25:643:25:646 | this access | UseUseExplosion.cs:25:2638:25:2643 | this access |
+| UseUseExplosion.cs:25:660:25:663 | [post] this access | UseUseExplosion.cs:25:677:25:680 | this access |
+| UseUseExplosion.cs:25:660:25:663 | [post] this access | UseUseExplosion.cs:25:2623:25:2628 | this access |
+| UseUseExplosion.cs:25:660:25:663 | access to property Prop | UseUseExplosion.cs:25:677:25:680 | access to property Prop |
+| UseUseExplosion.cs:25:660:25:663 | this access | UseUseExplosion.cs:25:677:25:680 | this access |
+| UseUseExplosion.cs:25:660:25:663 | this access | UseUseExplosion.cs:25:2623:25:2628 | this access |
+| UseUseExplosion.cs:25:677:25:680 | [post] this access | UseUseExplosion.cs:25:694:25:697 | this access |
+| UseUseExplosion.cs:25:677:25:680 | [post] this access | UseUseExplosion.cs:25:2608:25:2613 | this access |
+| UseUseExplosion.cs:25:677:25:680 | access to property Prop | UseUseExplosion.cs:25:694:25:697 | access to property Prop |
+| UseUseExplosion.cs:25:677:25:680 | this access | UseUseExplosion.cs:25:694:25:697 | this access |
+| UseUseExplosion.cs:25:677:25:680 | this access | UseUseExplosion.cs:25:2608:25:2613 | this access |
+| UseUseExplosion.cs:25:694:25:697 | [post] this access | UseUseExplosion.cs:25:711:25:714 | this access |
+| UseUseExplosion.cs:25:694:25:697 | [post] this access | UseUseExplosion.cs:25:2593:25:2598 | this access |
+| UseUseExplosion.cs:25:694:25:697 | access to property Prop | UseUseExplosion.cs:25:711:25:714 | access to property Prop |
+| UseUseExplosion.cs:25:694:25:697 | this access | UseUseExplosion.cs:25:711:25:714 | this access |
+| UseUseExplosion.cs:25:694:25:697 | this access | UseUseExplosion.cs:25:2593:25:2598 | this access |
+| UseUseExplosion.cs:25:711:25:714 | [post] this access | UseUseExplosion.cs:25:728:25:731 | this access |
+| UseUseExplosion.cs:25:711:25:714 | [post] this access | UseUseExplosion.cs:25:2578:25:2583 | this access |
+| UseUseExplosion.cs:25:711:25:714 | access to property Prop | UseUseExplosion.cs:25:728:25:731 | access to property Prop |
+| UseUseExplosion.cs:25:711:25:714 | this access | UseUseExplosion.cs:25:728:25:731 | this access |
+| UseUseExplosion.cs:25:711:25:714 | this access | UseUseExplosion.cs:25:2578:25:2583 | this access |
+| UseUseExplosion.cs:25:728:25:731 | [post] this access | UseUseExplosion.cs:25:745:25:748 | this access |
+| UseUseExplosion.cs:25:728:25:731 | [post] this access | UseUseExplosion.cs:25:2563:25:2568 | this access |
+| UseUseExplosion.cs:25:728:25:731 | access to property Prop | UseUseExplosion.cs:25:745:25:748 | access to property Prop |
+| UseUseExplosion.cs:25:728:25:731 | this access | UseUseExplosion.cs:25:745:25:748 | this access |
+| UseUseExplosion.cs:25:728:25:731 | this access | UseUseExplosion.cs:25:2563:25:2568 | this access |
+| UseUseExplosion.cs:25:745:25:748 | [post] this access | UseUseExplosion.cs:25:762:25:765 | this access |
+| UseUseExplosion.cs:25:745:25:748 | [post] this access | UseUseExplosion.cs:25:2548:25:2553 | this access |
+| UseUseExplosion.cs:25:745:25:748 | access to property Prop | UseUseExplosion.cs:25:762:25:765 | access to property Prop |
+| UseUseExplosion.cs:25:745:25:748 | this access | UseUseExplosion.cs:25:762:25:765 | this access |
+| UseUseExplosion.cs:25:745:25:748 | this access | UseUseExplosion.cs:25:2548:25:2553 | this access |
+| UseUseExplosion.cs:25:762:25:765 | [post] this access | UseUseExplosion.cs:25:779:25:782 | this access |
+| UseUseExplosion.cs:25:762:25:765 | [post] this access | UseUseExplosion.cs:25:2533:25:2538 | this access |
+| UseUseExplosion.cs:25:762:25:765 | access to property Prop | UseUseExplosion.cs:25:779:25:782 | access to property Prop |
+| UseUseExplosion.cs:25:762:25:765 | this access | UseUseExplosion.cs:25:779:25:782 | this access |
+| UseUseExplosion.cs:25:762:25:765 | this access | UseUseExplosion.cs:25:2533:25:2538 | this access |
+| UseUseExplosion.cs:25:779:25:782 | [post] this access | UseUseExplosion.cs:25:796:25:799 | this access |
+| UseUseExplosion.cs:25:779:25:782 | [post] this access | UseUseExplosion.cs:25:2518:25:2523 | this access |
+| UseUseExplosion.cs:25:779:25:782 | access to property Prop | UseUseExplosion.cs:25:796:25:799 | access to property Prop |
+| UseUseExplosion.cs:25:779:25:782 | this access | UseUseExplosion.cs:25:796:25:799 | this access |
+| UseUseExplosion.cs:25:779:25:782 | this access | UseUseExplosion.cs:25:2518:25:2523 | this access |
+| UseUseExplosion.cs:25:796:25:799 | [post] this access | UseUseExplosion.cs:25:813:25:816 | this access |
+| UseUseExplosion.cs:25:796:25:799 | [post] this access | UseUseExplosion.cs:25:2503:25:2508 | this access |
+| UseUseExplosion.cs:25:796:25:799 | access to property Prop | UseUseExplosion.cs:25:813:25:816 | access to property Prop |
+| UseUseExplosion.cs:25:796:25:799 | this access | UseUseExplosion.cs:25:813:25:816 | this access |
+| UseUseExplosion.cs:25:796:25:799 | this access | UseUseExplosion.cs:25:2503:25:2508 | this access |
+| UseUseExplosion.cs:25:813:25:816 | [post] this access | UseUseExplosion.cs:25:830:25:833 | this access |
+| UseUseExplosion.cs:25:813:25:816 | [post] this access | UseUseExplosion.cs:25:2488:25:2493 | this access |
+| UseUseExplosion.cs:25:813:25:816 | access to property Prop | UseUseExplosion.cs:25:830:25:833 | access to property Prop |
+| UseUseExplosion.cs:25:813:25:816 | this access | UseUseExplosion.cs:25:830:25:833 | this access |
+| UseUseExplosion.cs:25:813:25:816 | this access | UseUseExplosion.cs:25:2488:25:2493 | this access |
+| UseUseExplosion.cs:25:830:25:833 | [post] this access | UseUseExplosion.cs:25:847:25:850 | this access |
+| UseUseExplosion.cs:25:830:25:833 | [post] this access | UseUseExplosion.cs:25:2473:25:2478 | this access |
+| UseUseExplosion.cs:25:830:25:833 | access to property Prop | UseUseExplosion.cs:25:847:25:850 | access to property Prop |
+| UseUseExplosion.cs:25:830:25:833 | this access | UseUseExplosion.cs:25:847:25:850 | this access |
+| UseUseExplosion.cs:25:830:25:833 | this access | UseUseExplosion.cs:25:2473:25:2478 | this access |
+| UseUseExplosion.cs:25:847:25:850 | [post] this access | UseUseExplosion.cs:25:864:25:867 | this access |
+| UseUseExplosion.cs:25:847:25:850 | [post] this access | UseUseExplosion.cs:25:2458:25:2463 | this access |
+| UseUseExplosion.cs:25:847:25:850 | access to property Prop | UseUseExplosion.cs:25:864:25:867 | access to property Prop |
+| UseUseExplosion.cs:25:847:25:850 | this access | UseUseExplosion.cs:25:864:25:867 | this access |
+| UseUseExplosion.cs:25:847:25:850 | this access | UseUseExplosion.cs:25:2458:25:2463 | this access |
+| UseUseExplosion.cs:25:864:25:867 | [post] this access | UseUseExplosion.cs:25:881:25:884 | this access |
+| UseUseExplosion.cs:25:864:25:867 | [post] this access | UseUseExplosion.cs:25:2443:25:2448 | this access |
+| UseUseExplosion.cs:25:864:25:867 | access to property Prop | UseUseExplosion.cs:25:881:25:884 | access to property Prop |
+| UseUseExplosion.cs:25:864:25:867 | this access | UseUseExplosion.cs:25:881:25:884 | this access |
+| UseUseExplosion.cs:25:864:25:867 | this access | UseUseExplosion.cs:25:2443:25:2448 | this access |
+| UseUseExplosion.cs:25:881:25:884 | [post] this access | UseUseExplosion.cs:25:898:25:901 | this access |
+| UseUseExplosion.cs:25:881:25:884 | [post] this access | UseUseExplosion.cs:25:2428:25:2433 | this access |
+| UseUseExplosion.cs:25:881:25:884 | access to property Prop | UseUseExplosion.cs:25:898:25:901 | access to property Prop |
+| UseUseExplosion.cs:25:881:25:884 | this access | UseUseExplosion.cs:25:898:25:901 | this access |
+| UseUseExplosion.cs:25:881:25:884 | this access | UseUseExplosion.cs:25:2428:25:2433 | this access |
+| UseUseExplosion.cs:25:898:25:901 | [post] this access | UseUseExplosion.cs:25:915:25:918 | this access |
+| UseUseExplosion.cs:25:898:25:901 | [post] this access | UseUseExplosion.cs:25:2413:25:2418 | this access |
+| UseUseExplosion.cs:25:898:25:901 | access to property Prop | UseUseExplosion.cs:25:915:25:918 | access to property Prop |
+| UseUseExplosion.cs:25:898:25:901 | this access | UseUseExplosion.cs:25:915:25:918 | this access |
+| UseUseExplosion.cs:25:898:25:901 | this access | UseUseExplosion.cs:25:2413:25:2418 | this access |
+| UseUseExplosion.cs:25:915:25:918 | [post] this access | UseUseExplosion.cs:25:932:25:935 | this access |
+| UseUseExplosion.cs:25:915:25:918 | [post] this access | UseUseExplosion.cs:25:2398:25:2403 | this access |
+| UseUseExplosion.cs:25:915:25:918 | access to property Prop | UseUseExplosion.cs:25:932:25:935 | access to property Prop |
+| UseUseExplosion.cs:25:915:25:918 | this access | UseUseExplosion.cs:25:932:25:935 | this access |
+| UseUseExplosion.cs:25:915:25:918 | this access | UseUseExplosion.cs:25:2398:25:2403 | this access |
+| UseUseExplosion.cs:25:932:25:935 | [post] this access | UseUseExplosion.cs:25:949:25:952 | this access |
+| UseUseExplosion.cs:25:932:25:935 | [post] this access | UseUseExplosion.cs:25:2383:25:2388 | this access |
+| UseUseExplosion.cs:25:932:25:935 | access to property Prop | UseUseExplosion.cs:25:949:25:952 | access to property Prop |
+| UseUseExplosion.cs:25:932:25:935 | this access | UseUseExplosion.cs:25:949:25:952 | this access |
+| UseUseExplosion.cs:25:932:25:935 | this access | UseUseExplosion.cs:25:2383:25:2388 | this access |
+| UseUseExplosion.cs:25:949:25:952 | [post] this access | UseUseExplosion.cs:25:966:25:969 | this access |
+| UseUseExplosion.cs:25:949:25:952 | [post] this access | UseUseExplosion.cs:25:2368:25:2373 | this access |
+| UseUseExplosion.cs:25:949:25:952 | access to property Prop | UseUseExplosion.cs:25:966:25:969 | access to property Prop |
+| UseUseExplosion.cs:25:949:25:952 | this access | UseUseExplosion.cs:25:966:25:969 | this access |
+| UseUseExplosion.cs:25:949:25:952 | this access | UseUseExplosion.cs:25:2368:25:2373 | this access |
+| UseUseExplosion.cs:25:966:25:969 | [post] this access | UseUseExplosion.cs:25:983:25:986 | this access |
+| UseUseExplosion.cs:25:966:25:969 | [post] this access | UseUseExplosion.cs:25:2353:25:2358 | this access |
+| UseUseExplosion.cs:25:966:25:969 | access to property Prop | UseUseExplosion.cs:25:983:25:986 | access to property Prop |
+| UseUseExplosion.cs:25:966:25:969 | this access | UseUseExplosion.cs:25:983:25:986 | this access |
+| UseUseExplosion.cs:25:966:25:969 | this access | UseUseExplosion.cs:25:2353:25:2358 | this access |
+| UseUseExplosion.cs:25:983:25:986 | [post] this access | UseUseExplosion.cs:25:1000:25:1003 | this access |
+| UseUseExplosion.cs:25:983:25:986 | [post] this access | UseUseExplosion.cs:25:2338:25:2343 | this access |
+| UseUseExplosion.cs:25:983:25:986 | access to property Prop | UseUseExplosion.cs:25:1000:25:1003 | access to property Prop |
+| UseUseExplosion.cs:25:983:25:986 | this access | UseUseExplosion.cs:25:1000:25:1003 | this access |
+| UseUseExplosion.cs:25:983:25:986 | this access | UseUseExplosion.cs:25:2338:25:2343 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | [post] this access | UseUseExplosion.cs:25:1017:25:1020 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | [post] this access | UseUseExplosion.cs:25:2323:25:2328 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | access to property Prop | UseUseExplosion.cs:25:1017:25:1020 | access to property Prop |
+| UseUseExplosion.cs:25:1000:25:1003 | this access | UseUseExplosion.cs:25:1017:25:1020 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | this access | UseUseExplosion.cs:25:2323:25:2328 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | [post] this access | UseUseExplosion.cs:25:1034:25:1037 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | [post] this access | UseUseExplosion.cs:25:2308:25:2313 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | access to property Prop | UseUseExplosion.cs:25:1034:25:1037 | access to property Prop |
+| UseUseExplosion.cs:25:1017:25:1020 | this access | UseUseExplosion.cs:25:1034:25:1037 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | this access | UseUseExplosion.cs:25:2308:25:2313 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | [post] this access | UseUseExplosion.cs:25:1051:25:1054 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | [post] this access | UseUseExplosion.cs:25:2293:25:2298 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | access to property Prop | UseUseExplosion.cs:25:1051:25:1054 | access to property Prop |
+| UseUseExplosion.cs:25:1034:25:1037 | this access | UseUseExplosion.cs:25:1051:25:1054 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | this access | UseUseExplosion.cs:25:2293:25:2298 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | [post] this access | UseUseExplosion.cs:25:1068:25:1071 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | [post] this access | UseUseExplosion.cs:25:2278:25:2283 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | access to property Prop | UseUseExplosion.cs:25:1068:25:1071 | access to property Prop |
+| UseUseExplosion.cs:25:1051:25:1054 | this access | UseUseExplosion.cs:25:1068:25:1071 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | this access | UseUseExplosion.cs:25:2278:25:2283 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | [post] this access | UseUseExplosion.cs:25:1085:25:1088 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | [post] this access | UseUseExplosion.cs:25:2263:25:2268 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | access to property Prop | UseUseExplosion.cs:25:1085:25:1088 | access to property Prop |
+| UseUseExplosion.cs:25:1068:25:1071 | this access | UseUseExplosion.cs:25:1085:25:1088 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | this access | UseUseExplosion.cs:25:2263:25:2268 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | [post] this access | UseUseExplosion.cs:25:1102:25:1105 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | [post] this access | UseUseExplosion.cs:25:2248:25:2253 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | access to property Prop | UseUseExplosion.cs:25:1102:25:1105 | access to property Prop |
+| UseUseExplosion.cs:25:1085:25:1088 | this access | UseUseExplosion.cs:25:1102:25:1105 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | this access | UseUseExplosion.cs:25:2248:25:2253 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | [post] this access | UseUseExplosion.cs:25:1119:25:1122 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | [post] this access | UseUseExplosion.cs:25:2233:25:2238 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | access to property Prop | UseUseExplosion.cs:25:1119:25:1122 | access to property Prop |
+| UseUseExplosion.cs:25:1102:25:1105 | this access | UseUseExplosion.cs:25:1119:25:1122 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | this access | UseUseExplosion.cs:25:2233:25:2238 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | [post] this access | UseUseExplosion.cs:25:1136:25:1139 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | [post] this access | UseUseExplosion.cs:25:2218:25:2223 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | access to property Prop | UseUseExplosion.cs:25:1136:25:1139 | access to property Prop |
+| UseUseExplosion.cs:25:1119:25:1122 | this access | UseUseExplosion.cs:25:1136:25:1139 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | this access | UseUseExplosion.cs:25:2218:25:2223 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | [post] this access | UseUseExplosion.cs:25:1153:25:1156 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | [post] this access | UseUseExplosion.cs:25:2203:25:2208 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | access to property Prop | UseUseExplosion.cs:25:1153:25:1156 | access to property Prop |
+| UseUseExplosion.cs:25:1136:25:1139 | this access | UseUseExplosion.cs:25:1153:25:1156 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | this access | UseUseExplosion.cs:25:2203:25:2208 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | [post] this access | UseUseExplosion.cs:25:1170:25:1173 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | [post] this access | UseUseExplosion.cs:25:2188:25:2193 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | access to property Prop | UseUseExplosion.cs:25:1170:25:1173 | access to property Prop |
+| UseUseExplosion.cs:25:1153:25:1156 | this access | UseUseExplosion.cs:25:1170:25:1173 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | this access | UseUseExplosion.cs:25:2188:25:2193 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | [post] this access | UseUseExplosion.cs:25:1187:25:1190 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | [post] this access | UseUseExplosion.cs:25:2173:25:2178 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | access to property Prop | UseUseExplosion.cs:25:1187:25:1190 | access to property Prop |
+| UseUseExplosion.cs:25:1170:25:1173 | this access | UseUseExplosion.cs:25:1187:25:1190 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | this access | UseUseExplosion.cs:25:2173:25:2178 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | [post] this access | UseUseExplosion.cs:25:1204:25:1207 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | [post] this access | UseUseExplosion.cs:25:2158:25:2163 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | access to property Prop | UseUseExplosion.cs:25:1204:25:1207 | access to property Prop |
+| UseUseExplosion.cs:25:1187:25:1190 | this access | UseUseExplosion.cs:25:1204:25:1207 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | this access | UseUseExplosion.cs:25:2158:25:2163 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | [post] this access | UseUseExplosion.cs:25:1221:25:1224 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | [post] this access | UseUseExplosion.cs:25:2143:25:2148 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | access to property Prop | UseUseExplosion.cs:25:1221:25:1224 | access to property Prop |
+| UseUseExplosion.cs:25:1204:25:1207 | this access | UseUseExplosion.cs:25:1221:25:1224 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | this access | UseUseExplosion.cs:25:2143:25:2148 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | [post] this access | UseUseExplosion.cs:25:1238:25:1241 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | [post] this access | UseUseExplosion.cs:25:2128:25:2133 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | access to property Prop | UseUseExplosion.cs:25:1238:25:1241 | access to property Prop |
+| UseUseExplosion.cs:25:1221:25:1224 | this access | UseUseExplosion.cs:25:1238:25:1241 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | this access | UseUseExplosion.cs:25:2128:25:2133 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | [post] this access | UseUseExplosion.cs:25:1255:25:1258 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | [post] this access | UseUseExplosion.cs:25:2113:25:2118 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | access to property Prop | UseUseExplosion.cs:25:1255:25:1258 | access to property Prop |
+| UseUseExplosion.cs:25:1238:25:1241 | this access | UseUseExplosion.cs:25:1255:25:1258 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | this access | UseUseExplosion.cs:25:2113:25:2118 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | [post] this access | UseUseExplosion.cs:25:1272:25:1275 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | [post] this access | UseUseExplosion.cs:25:2098:25:2103 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | access to property Prop | UseUseExplosion.cs:25:1272:25:1275 | access to property Prop |
+| UseUseExplosion.cs:25:1255:25:1258 | this access | UseUseExplosion.cs:25:1272:25:1275 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | this access | UseUseExplosion.cs:25:2098:25:2103 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | [post] this access | UseUseExplosion.cs:25:1289:25:1292 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | [post] this access | UseUseExplosion.cs:25:2083:25:2088 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | access to property Prop | UseUseExplosion.cs:25:1289:25:1292 | access to property Prop |
+| UseUseExplosion.cs:25:1272:25:1275 | this access | UseUseExplosion.cs:25:1289:25:1292 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | this access | UseUseExplosion.cs:25:2083:25:2088 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | [post] this access | UseUseExplosion.cs:25:1306:25:1309 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | [post] this access | UseUseExplosion.cs:25:2068:25:2073 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | access to property Prop | UseUseExplosion.cs:25:1306:25:1309 | access to property Prop |
+| UseUseExplosion.cs:25:1289:25:1292 | this access | UseUseExplosion.cs:25:1306:25:1309 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | this access | UseUseExplosion.cs:25:2068:25:2073 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | [post] this access | UseUseExplosion.cs:25:1323:25:1326 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | [post] this access | UseUseExplosion.cs:25:2053:25:2058 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | access to property Prop | UseUseExplosion.cs:25:1323:25:1326 | access to property Prop |
+| UseUseExplosion.cs:25:1306:25:1309 | this access | UseUseExplosion.cs:25:1323:25:1326 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | this access | UseUseExplosion.cs:25:2053:25:2058 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | [post] this access | UseUseExplosion.cs:25:1340:25:1343 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | [post] this access | UseUseExplosion.cs:25:2038:25:2043 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | access to property Prop | UseUseExplosion.cs:25:1340:25:1343 | access to property Prop |
+| UseUseExplosion.cs:25:1323:25:1326 | this access | UseUseExplosion.cs:25:1340:25:1343 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | this access | UseUseExplosion.cs:25:2038:25:2043 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | [post] this access | UseUseExplosion.cs:25:1357:25:1360 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | [post] this access | UseUseExplosion.cs:25:2023:25:2028 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | access to property Prop | UseUseExplosion.cs:25:1357:25:1360 | access to property Prop |
+| UseUseExplosion.cs:25:1340:25:1343 | this access | UseUseExplosion.cs:25:1357:25:1360 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | this access | UseUseExplosion.cs:25:2023:25:2028 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | [post] this access | UseUseExplosion.cs:25:1374:25:1377 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | [post] this access | UseUseExplosion.cs:25:2008:25:2013 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | access to property Prop | UseUseExplosion.cs:25:1374:25:1377 | access to property Prop |
+| UseUseExplosion.cs:25:1357:25:1360 | this access | UseUseExplosion.cs:25:1374:25:1377 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | this access | UseUseExplosion.cs:25:2008:25:2013 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | [post] this access | UseUseExplosion.cs:25:1391:25:1394 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | [post] this access | UseUseExplosion.cs:25:1993:25:1998 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | access to property Prop | UseUseExplosion.cs:25:1391:25:1394 | access to property Prop |
+| UseUseExplosion.cs:25:1374:25:1377 | this access | UseUseExplosion.cs:25:1391:25:1394 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | this access | UseUseExplosion.cs:25:1993:25:1998 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | [post] this access | UseUseExplosion.cs:25:1408:25:1411 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | [post] this access | UseUseExplosion.cs:25:1978:25:1983 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | access to property Prop | UseUseExplosion.cs:25:1408:25:1411 | access to property Prop |
+| UseUseExplosion.cs:25:1391:25:1394 | this access | UseUseExplosion.cs:25:1408:25:1411 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | this access | UseUseExplosion.cs:25:1978:25:1983 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | [post] this access | UseUseExplosion.cs:25:1425:25:1428 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | [post] this access | UseUseExplosion.cs:25:1963:25:1968 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | access to property Prop | UseUseExplosion.cs:25:1425:25:1428 | access to property Prop |
+| UseUseExplosion.cs:25:1408:25:1411 | this access | UseUseExplosion.cs:25:1425:25:1428 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | this access | UseUseExplosion.cs:25:1963:25:1968 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | [post] this access | UseUseExplosion.cs:25:1442:25:1445 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | [post] this access | UseUseExplosion.cs:25:1948:25:1953 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | access to property Prop | UseUseExplosion.cs:25:1442:25:1445 | access to property Prop |
+| UseUseExplosion.cs:25:1425:25:1428 | this access | UseUseExplosion.cs:25:1442:25:1445 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | this access | UseUseExplosion.cs:25:1948:25:1953 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | [post] this access | UseUseExplosion.cs:25:1459:25:1462 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | [post] this access | UseUseExplosion.cs:25:1933:25:1938 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | access to property Prop | UseUseExplosion.cs:25:1459:25:1462 | access to property Prop |
+| UseUseExplosion.cs:25:1442:25:1445 | this access | UseUseExplosion.cs:25:1459:25:1462 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | this access | UseUseExplosion.cs:25:1933:25:1938 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | [post] this access | UseUseExplosion.cs:25:1476:25:1479 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | [post] this access | UseUseExplosion.cs:25:1918:25:1923 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | access to property Prop | UseUseExplosion.cs:25:1476:25:1479 | access to property Prop |
+| UseUseExplosion.cs:25:1459:25:1462 | this access | UseUseExplosion.cs:25:1476:25:1479 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | this access | UseUseExplosion.cs:25:1918:25:1923 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | [post] this access | UseUseExplosion.cs:25:1493:25:1496 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | [post] this access | UseUseExplosion.cs:25:1903:25:1908 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | access to property Prop | UseUseExplosion.cs:25:1493:25:1496 | access to property Prop |
+| UseUseExplosion.cs:25:1476:25:1479 | this access | UseUseExplosion.cs:25:1493:25:1496 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | this access | UseUseExplosion.cs:25:1903:25:1908 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | [post] this access | UseUseExplosion.cs:25:1510:25:1513 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | [post] this access | UseUseExplosion.cs:25:1888:25:1893 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | access to property Prop | UseUseExplosion.cs:25:1510:25:1513 | access to property Prop |
+| UseUseExplosion.cs:25:1493:25:1496 | this access | UseUseExplosion.cs:25:1510:25:1513 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | this access | UseUseExplosion.cs:25:1888:25:1893 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | [post] this access | UseUseExplosion.cs:25:1527:25:1530 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | [post] this access | UseUseExplosion.cs:25:1873:25:1878 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | access to property Prop | UseUseExplosion.cs:25:1527:25:1530 | access to property Prop |
+| UseUseExplosion.cs:25:1510:25:1513 | this access | UseUseExplosion.cs:25:1527:25:1530 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | this access | UseUseExplosion.cs:25:1873:25:1878 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | [post] this access | UseUseExplosion.cs:25:1544:25:1547 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | [post] this access | UseUseExplosion.cs:25:1858:25:1863 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | access to property Prop | UseUseExplosion.cs:25:1544:25:1547 | access to property Prop |
+| UseUseExplosion.cs:25:1527:25:1530 | this access | UseUseExplosion.cs:25:1544:25:1547 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | this access | UseUseExplosion.cs:25:1858:25:1863 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | [post] this access | UseUseExplosion.cs:25:1561:25:1564 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | [post] this access | UseUseExplosion.cs:25:1843:25:1848 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | access to property Prop | UseUseExplosion.cs:25:1561:25:1564 | access to property Prop |
+| UseUseExplosion.cs:25:1544:25:1547 | this access | UseUseExplosion.cs:25:1561:25:1564 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | this access | UseUseExplosion.cs:25:1843:25:1848 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | [post] this access | UseUseExplosion.cs:25:1577:25:1580 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | [post] this access | UseUseExplosion.cs:25:1828:25:1833 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | access to property Prop | UseUseExplosion.cs:25:1577:25:1580 | access to property Prop |
+| UseUseExplosion.cs:25:1561:25:1564 | this access | UseUseExplosion.cs:25:1577:25:1580 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | this access | UseUseExplosion.cs:25:1828:25:1833 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | [post] this access | UseUseExplosion.cs:25:1593:25:1596 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | [post] this access | UseUseExplosion.cs:25:1813:25:1818 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | access to property Prop | UseUseExplosion.cs:25:1593:25:1596 | access to property Prop |
+| UseUseExplosion.cs:25:1577:25:1580 | this access | UseUseExplosion.cs:25:1593:25:1596 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | this access | UseUseExplosion.cs:25:1813:25:1818 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | [post] this access | UseUseExplosion.cs:25:1609:25:1612 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | [post] this access | UseUseExplosion.cs:25:1798:25:1803 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | access to property Prop | UseUseExplosion.cs:25:1609:25:1612 | access to property Prop |
+| UseUseExplosion.cs:25:1593:25:1596 | this access | UseUseExplosion.cs:25:1609:25:1612 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | this access | UseUseExplosion.cs:25:1798:25:1803 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | [post] this access | UseUseExplosion.cs:25:1625:25:1628 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | [post] this access | UseUseExplosion.cs:25:1783:25:1788 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | access to property Prop | UseUseExplosion.cs:25:1625:25:1628 | access to property Prop |
+| UseUseExplosion.cs:25:1609:25:1612 | this access | UseUseExplosion.cs:25:1625:25:1628 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | this access | UseUseExplosion.cs:25:1783:25:1788 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | [post] this access | UseUseExplosion.cs:25:1641:25:1644 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | [post] this access | UseUseExplosion.cs:25:1768:25:1773 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | access to property Prop | UseUseExplosion.cs:25:1641:25:1644 | access to property Prop |
+| UseUseExplosion.cs:25:1625:25:1628 | this access | UseUseExplosion.cs:25:1641:25:1644 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | this access | UseUseExplosion.cs:25:1768:25:1773 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | [post] this access | UseUseExplosion.cs:25:1657:25:1660 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | [post] this access | UseUseExplosion.cs:25:1753:25:1758 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | access to property Prop | UseUseExplosion.cs:25:1657:25:1660 | access to property Prop |
+| UseUseExplosion.cs:25:1641:25:1644 | this access | UseUseExplosion.cs:25:1657:25:1660 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | this access | UseUseExplosion.cs:25:1753:25:1758 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | [post] this access | UseUseExplosion.cs:25:1673:25:1676 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | [post] this access | UseUseExplosion.cs:25:1738:25:1743 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | access to property Prop | UseUseExplosion.cs:25:1673:25:1676 | access to property Prop |
+| UseUseExplosion.cs:25:1657:25:1660 | this access | UseUseExplosion.cs:25:1673:25:1676 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | this access | UseUseExplosion.cs:25:1738:25:1743 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | [post] this access | UseUseExplosion.cs:25:1689:25:1692 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | [post] this access | UseUseExplosion.cs:25:1723:25:1728 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | access to property Prop | UseUseExplosion.cs:25:1689:25:1692 | access to property Prop |
+| UseUseExplosion.cs:25:1673:25:1676 | this access | UseUseExplosion.cs:25:1689:25:1692 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | this access | UseUseExplosion.cs:25:1723:25:1728 | this access |
+| UseUseExplosion.cs:25:1689:25:1692 | [post] this access | UseUseExplosion.cs:25:1708:25:1713 | this access |
+| UseUseExplosion.cs:25:1689:25:1692 | this access | UseUseExplosion.cs:25:1708:25:1713 | this access |
diff --git a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected
index a2767b538f5..dc8cdffaa36 100644
--- a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected
+++ b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected
@@ -482,8 +482,8 @@
 | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 |
 | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) | LocalDataFlow.cs:282:15:282:20 | access to local variable sink70 |
 | LocalDataFlow.cs:281:22:281:34 | ... = ... | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) |
+| LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) |
 | LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 |
-| LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
 | LocalDataFlow.cs:281:30:281:34 | access to local variable sink0 | LocalDataFlow.cs:281:22:281:34 | ... = ... |
 | LocalDataFlow.cs:281:30:281:34 | access to local variable sink0 | LocalDataFlow.cs:281:22:281:34 | SSA def(sink0) |
 | LocalDataFlow.cs:282:15:282:20 | [post] access to local variable sink70 | LocalDataFlow.cs:289:13:289:18 | access to local variable sink70 |
@@ -508,8 +508,9 @@
 | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... |
 | LocalDataFlow.cs:313:22:313:29 | access to local variable nonSink0 | LocalDataFlow.cs:314:31:314:38 | access to local variable nonSink0 |
 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... | LocalDataFlow.cs:313:13:313:38 | SSA def(sink73) |
+| LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
 | LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | ... ?? ... |
-| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 |
+| LocalDataFlow.cs:313:34:313:38 | access to local variable sink0 | LocalDataFlow.cs:313:22:313:38 | SSA phi read(sink0) |
 | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) | LocalDataFlow.cs:316:15:316:20 | access to local variable sink74 |
 | LocalDataFlow.cs:314:22:314:26 | access to local variable sink0 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... |
 | LocalDataFlow.cs:314:22:314:38 | ... ?? ... | LocalDataFlow.cs:314:13:314:38 | SSA def(sink74) |
@@ -551,19 +552,13 @@
 | SSA.cs:13:15:13:22 | [post] access to local variable nonSink0 | SSA.cs:19:13:19:20 | access to local variable nonSink0 |
 | SSA.cs:13:15:13:22 | access to local variable nonSink0 | SSA.cs:19:13:19:20 | access to local variable nonSink0 |
 | SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:16:13:16:20 | [post] access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
 | SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:16:13:16:20 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
 | SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:19:13:19:20 | [post] access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
 | SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:30:24:30:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:19:13:19:20 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
 | SSA.cs:22:16:22:28 | SSA def(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) |
 | SSA.cs:22:27:22:28 | "" | SSA.cs:22:16:22:28 | SSA def(ssaSink1) |
 | SSA.cs:23:13:23:22 | [post] access to parameter nonTainted | SSA.cs:29:13:29:22 | access to parameter nonTainted |
@@ -571,9 +566,9 @@
 | SSA.cs:23:13:23:29 | access to property Length | SSA.cs:23:13:23:33 | ... > ... |
 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) |
 | SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:24:13:24:31 | SSA def(ssaSink1) |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
+| SSA.cs:24:24:24:31 | access to local variable ssaSink0 | SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) |
+| SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:37:24:37:31 | access to local variable ssaSink0 |
+| SSA.cs:25:9:25:24 | SSA phi read(ssaSink0) | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) |
 | SSA.cs:25:9:25:24 | SSA phi(ssaSink1) | SSA.cs:25:15:25:22 | access to local variable ssaSink1 |
 | SSA.cs:28:16:28:28 | SSA def(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) |
 | SSA.cs:28:27:28:28 | "" | SSA.cs:28:16:28:28 | SSA def(nonSink1) |
@@ -582,47 +577,52 @@
 | SSA.cs:29:13:29:29 | access to property Length | SSA.cs:29:13:29:33 | ... > ... |
 | SSA.cs:30:13:30:31 | SSA def(nonSink1) | SSA.cs:31:9:31:24 | SSA phi(nonSink1) |
 | SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:30:13:30:31 | SSA def(nonSink1) |
-| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
-| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:30:24:30:31 | access to local variable nonSink0 | SSA.cs:31:9:31:24 | SSA phi read(nonSink0) |
+| SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:49:24:49:31 | access to local variable nonSink0 |
+| SSA.cs:31:9:31:24 | SSA phi read(nonSink0) | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) |
 | SSA.cs:31:9:31:24 | SSA phi(nonSink1) | SSA.cs:31:15:31:22 | access to local variable nonSink1 |
 | SSA.cs:34:16:34:28 | SSA def(ssaSink2) | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:34:27:34:28 | "" | SSA.cs:34:16:34:28 | SSA def(ssaSink2) |
 | SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted |
-| SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:35:13:35:22 | [post] access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:38:17:38:26 | access to parameter nonTainted |
-| SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:35:13:35:22 | access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:35:13:35:29 | access to property Length | SSA.cs:35:13:35:33 | ... > ... |
 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:39:21:39:28 | access to local variable ssaSink2 |
 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) | SSA.cs:41:21:41:28 | access to local variable ssaSink2 |
 | SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:37:13:37:31 | SSA def(ssaSink2) |
-| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
-| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
-| SSA.cs:38:17:38:26 | [post] access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
-| SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:37:24:37:31 | access to local variable ssaSink0 | SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) |
+| SSA.cs:38:17:38:26 | [post] access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
+| SSA.cs:38:17:38:26 | access to parameter nonTainted | SSA.cs:43:9:43:24 | SSA phi read(nonTainted) |
 | SSA.cs:38:17:38:33 | access to property Length | SSA.cs:38:17:38:37 | ... > ... |
 | SSA.cs:39:21:39:28 | [post] access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:39:21:39:28 | access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:41:21:41:28 | [post] access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
 | SSA.cs:41:21:41:28 | access to local variable ssaSink2 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) |
+| SSA.cs:43:9:43:24 | SSA phi read(nonTainted) | SSA.cs:47:13:47:22 | access to parameter nonTainted |
+| SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:91:24:91:31 | access to local variable ssaSink0 |
+| SSA.cs:43:9:43:24 | SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
 | SSA.cs:43:9:43:24 | SSA phi(ssaSink2) | SSA.cs:43:15:43:22 | access to local variable ssaSink2 |
 | SSA.cs:46:16:46:28 | SSA def(nonSink2) | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:46:27:46:28 | "" | SSA.cs:46:16:46:28 | SSA def(nonSink2) |
 | SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted |
-| SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:47:13:47:22 | [post] access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:50:17:50:26 | access to parameter nonTainted |
-| SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:47:13:47:22 | access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:47:13:47:29 | access to property Length | SSA.cs:47:13:47:33 | ... > ... |
 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:51:21:51:28 | access to local variable nonSink2 |
 | SSA.cs:49:13:49:31 | SSA def(nonSink2) | SSA.cs:53:21:53:28 | access to local variable nonSink2 |
 | SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:49:13:49:31 | SSA def(nonSink2) |
-| SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
-| SSA.cs:50:17:50:26 | [post] access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
-| SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:89:13:89:22 | access to parameter nonTainted |
+| SSA.cs:49:24:49:31 | access to local variable nonSink0 | SSA.cs:55:9:55:24 | SSA phi read(nonSink0) |
+| SSA.cs:50:17:50:26 | [post] access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
+| SSA.cs:50:17:50:26 | access to parameter nonTainted | SSA.cs:55:9:55:24 | SSA phi read(nonTainted) |
 | SSA.cs:50:17:50:33 | access to property Length | SSA.cs:50:17:50:37 | ... > ... |
 | SSA.cs:51:21:51:28 | [post] access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:51:21:51:28 | access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:53:21:53:28 | [post] access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
 | SSA.cs:53:21:53:28 | access to local variable nonSink2 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) |
+| SSA.cs:55:9:55:24 | SSA phi read(nonSink0) | SSA.cs:63:23:63:30 | access to local variable nonSink0 |
+| SSA.cs:55:9:55:24 | SSA phi read(nonTainted) | SSA.cs:89:13:89:22 | access to parameter nonTainted |
 | SSA.cs:55:9:55:24 | SSA phi(nonSink2) | SSA.cs:55:15:55:22 | access to local variable nonSink2 |
 | SSA.cs:58:16:58:33 | SSA def(ssaSink3) | SSA.cs:59:23:59:30 | access to local variable ssaSink3 |
 | SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:33 | SSA def(ssaSink3) |
@@ -671,9 +671,9 @@
 | SSA.cs:77:20:77:26 | access to parameter tainted | SSA.cs:80:35:80:41 | access to parameter tainted |
 | SSA.cs:78:21:78:28 | SSA def(nonSink0) | SSA.cs:79:15:79:22 | access to local variable nonSink0 |
 | SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:104:24:104:31 | access to local variable nonSink0 |
-| SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:79:15:79:22 | [post] access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
 | SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:104:24:104:31 | access to local variable nonSink0 |
-| SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:79:15:79:22 | access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
 | SSA.cs:80:9:80:12 | [post] this access | SSA.cs:81:21:81:24 | this access |
 | SSA.cs:80:9:80:12 | this access | SSA.cs:81:21:81:24 | this access |
 | SSA.cs:80:9:80:14 | [post] access to field S | SSA.cs:81:21:81:26 | access to field S |
@@ -701,21 +701,23 @@
 | SSA.cs:88:16:88:28 | SSA def(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:88:27:88:28 | "" | SSA.cs:88:16:88:28 | SSA def(ssaSink4) |
 | SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
-| SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
-| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:89:13:89:29 | access to property Length | SSA.cs:89:13:89:33 | ... > ... |
 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 |
 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 |
 | SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) |
-| SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
-| SSA.cs:92:17:92:26 | [post] access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
-| SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:91:24:91:31 | access to local variable ssaSink0 | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
+| SSA.cs:92:17:92:26 | [post] access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
+| SSA.cs:92:17:92:26 | access to parameter nonTainted | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
 | SSA.cs:92:17:92:33 | access to property Length | SSA.cs:92:17:92:37 | ... > ... |
 | SSA.cs:93:21:93:28 | [post] access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:93:21:93:28 | access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:95:21:95:28 | [post] access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
 | SSA.cs:95:21:95:28 | access to local variable ssaSink4 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
+| SSA.cs:97:9:97:32 | SSA phi read(nonTainted) | SSA.cs:102:13:102:22 | access to parameter nonTainted |
+| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
 | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 |
 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 |
 | SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
@@ -723,21 +725,23 @@
 | SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:28 | SSA def(nonSink3) |
 | SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
-| SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
-| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:102:13:102:29 | access to property Length | SSA.cs:102:13:102:33 | ... > ... |
 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:106:21:106:28 | access to local variable nonSink3 |
 | SSA.cs:104:13:104:31 | SSA def(nonSink3) | SSA.cs:108:21:108:28 | access to local variable nonSink3 |
 | SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:104:13:104:31 | SSA def(nonSink3) |
-| SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
-| SSA.cs:105:17:105:26 | [post] access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
-| SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:115:13:115:22 | access to parameter nonTainted |
+| SSA.cs:104:24:104:31 | access to local variable nonSink0 | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
+| SSA.cs:105:17:105:26 | [post] access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
+| SSA.cs:105:17:105:26 | access to parameter nonTainted | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
 | SSA.cs:105:17:105:33 | access to property Length | SSA.cs:105:17:105:37 | ... > ... |
 | SSA.cs:106:21:106:28 | [post] access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:106:21:106:28 | access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:108:21:108:28 | [post] access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
 | SSA.cs:108:21:108:28 | access to local variable nonSink3 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
+| SSA.cs:110:9:110:32 | SSA phi read(nonSink0) | SSA.cs:130:39:130:46 | access to local variable nonSink0 |
+| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted |
 | SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 |
 | SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 |
 | SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
@@ -747,15 +751,15 @@
 | SSA.cs:114:9:114:12 | this access | SSA.cs:117:13:117:16 | this access |
 | SSA.cs:114:9:114:12 | this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:117:13:117:18 | access to field S |
-| SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:114:9:114:14 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:114:9:114:14 | access to field S | SSA.cs:117:13:117:18 | access to field S |
-| SSA.cs:114:9:114:14 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:114:9:114:14 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:114:32:114:33 | "" | SSA.cs:114:9:114:33 | SSA def(this.S.SsaFieldSink1) |
 | SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
-| SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
-| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:115:13:115:29 | access to property Length | SSA.cs:115:13:115:33 | ... > ... |
 | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:119:21:119:24 | this access |
 | SSA.cs:117:13:117:16 | [post] this access | SSA.cs:121:21:121:24 | this access |
@@ -768,21 +772,23 @@
 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) | SSA.cs:119:21:119:40 | access to field SsaFieldSink1 |
 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) | SSA.cs:121:21:121:40 | access to field SsaFieldSink1 |
 | SSA.cs:117:36:117:43 | access to local variable ssaSink0 | SSA.cs:117:13:117:43 | SSA def(this.S.SsaFieldSink1) |
-| SSA.cs:118:17:118:26 | [post] access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
-| SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:118:17:118:26 | [post] access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
+| SSA.cs:118:17:118:26 | access to parameter nonTainted | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
 | SSA.cs:118:17:118:33 | access to property Length | SSA.cs:118:17:118:37 | ... > ... |
 | SSA.cs:119:21:119:24 | [post] this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:119:21:119:24 | this access | SSA.cs:123:23:123:26 | this access |
-| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
-| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:119:21:119:26 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
+| SSA.cs:119:21:119:26 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:119:21:119:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:119:21:119:40 | access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:121:21:121:24 | [post] this access | SSA.cs:123:23:123:26 | this access |
 | SSA.cs:121:21:121:24 | this access | SSA.cs:123:23:123:26 | this access |
-| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:23:123:28 | access to field S |
-| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:23:123:28 | access to field S |
+| SSA.cs:121:21:121:26 | [post] access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
+| SSA.cs:121:21:121:26 | access to field S | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
 | SSA.cs:121:21:121:40 | [post] access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
 | SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
+| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted |
+| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S |
 | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
 | SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access |
 | SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access |
@@ -799,9 +805,9 @@
 | SSA.cs:127:9:127:12 | this access | SSA.cs:130:13:130:16 | this access |
 | SSA.cs:127:9:127:12 | this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:130:13:130:18 | access to field S |
-| SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:127:9:127:14 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:127:9:127:14 | access to field S | SSA.cs:130:13:130:18 | access to field S |
-| SSA.cs:127:9:127:14 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:127:9:127:14 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:127:35:127:36 | "" | SSA.cs:127:9:127:36 | SSA def(this.S.SsaFieldNonSink0) |
 | SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
@@ -821,16 +827,17 @@
 | SSA.cs:131:17:131:33 | access to property Length | SSA.cs:131:17:131:37 | ... > ... |
 | SSA.cs:132:21:132:24 | [post] this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:132:21:132:24 | this access | SSA.cs:136:23:136:26 | this access |
-| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
-| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:132:21:132:26 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
+| SSA.cs:132:21:132:26 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:132:21:132:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:132:21:132:43 | access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:134:21:134:24 | [post] this access | SSA.cs:136:23:136:26 | this access |
 | SSA.cs:134:21:134:24 | this access | SSA.cs:136:23:136:26 | this access |
-| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:23:136:28 | access to field S |
-| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:23:136:28 | access to field S |
+| SSA.cs:134:21:134:26 | [post] access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
+| SSA.cs:134:21:134:26 | access to field S | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
 | SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
 | SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
+| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S |
 | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
 | SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access |
 | SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access |
@@ -859,18 +866,17 @@
 | SSA.cs:170:27:170:28 | "" | SSA.cs:170:16:170:28 | SSA def(ssaSink5) |
 | SSA.cs:171:13:171:15 | ...-- | SSA.cs:171:13:171:19 | ... > ... |
 | SSA.cs:171:13:171:15 | SSA def(i) | SSA.cs:174:20:174:20 | SSA phi(i) |
-| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
+| SSA.cs:173:13:173:30 | SSA def(ssaSink5) | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
 | SSA.cs:173:24:173:30 | access to parameter tainted | SSA.cs:173:13:173:30 | SSA def(ssaSink5) |
+| SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
+| SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
 | SSA.cs:174:20:174:20 | SSA phi(i) | SSA.cs:174:20:174:20 | access to parameter i |
 | SSA.cs:174:20:174:22 | ...-- | SSA.cs:174:20:174:26 | ... > ... |
 | SSA.cs:174:20:174:22 | SSA def(i) | SSA.cs:174:20:174:20 | SSA phi(i) |
 | SSA.cs:176:21:176:28 | [post] access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 |
 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 | SSA.cs:177:21:177:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
-| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:176:21:176:28 | access to local variable ssaSink5 |
-| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) |
+| SSA.cs:177:21:177:28 | [post] access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
+| SSA.cs:177:21:177:28 | access to local variable ssaSink5 | SSA.cs:174:20:174:20 | SSA phi read(ssaSink5) |
 | SSA.cs:180:9:180:24 | SSA phi(ssaSink5) | SSA.cs:180:15:180:22 | access to local variable ssaSink5 |
 | Splitting.cs:3:18:3:18 | b | Splitting.cs:6:13:6:13 | access to parameter b |
 | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:5:17:5:23 | access to parameter tainted |
@@ -975,3 +981,1804 @@
 | Splitting.cs:58:22:58:22 | [b (line 46): true] SSA def(s) | Splitting.cs:59:19:59:19 | [b (line 46): true] access to local variable s |
 | Splitting.cs:58:27:58:27 | [b (line 46): false] access to local variable y | Splitting.cs:58:22:58:22 | [b (line 46): false] SSA def(s) |
 | Splitting.cs:58:27:58:27 | [b (line 46): true] access to local variable y | Splitting.cs:58:22:58:22 | [b (line 46): true] SSA def(s) |
+| UseUseExplosion.cs:21:10:21:10 | SSA entry def(this.Prop) | UseUseExplosion.cs:24:13:24:16 | access to property Prop |
+| UseUseExplosion.cs:21:10:21:10 | this | UseUseExplosion.cs:24:13:24:16 | this access |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1712:24:1712 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1727:24:1727 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1742:24:1742 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1757:24:1757 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1772:24:1772 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1787:24:1787 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1802:24:1802 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1817:24:1817 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1832:24:1832 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1847:24:1847 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1862:24:1862 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1877:24:1877 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1892:24:1892 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1907:24:1907 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1922:24:1922 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1937:24:1937 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1952:24:1952 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1967:24:1967 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1982:24:1982 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:1997:24:1997 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2012:24:2012 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2027:24:2027 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2042:24:2042 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2057:24:2057 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2072:24:2072 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2087:24:2087 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2102:24:2102 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2117:24:2117 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2132:24:2132 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2147:24:2147 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2162:24:2162 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2177:24:2177 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2192:24:2192 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2207:24:2207 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2222:24:2222 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2237:24:2237 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2252:24:2252 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2267:24:2267 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2282:24:2282 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2297:24:2297 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2312:24:2312 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2327:24:2327 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2342:24:2342 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2357:24:2357 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2372:24:2372 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2387:24:2387 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2402:24:2402 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2417:24:2417 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2432:24:2432 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2447:24:2447 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2462:24:2462 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2477:24:2477 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2492:24:2492 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2507:24:2507 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2522:24:2522 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2537:24:2537 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2552:24:2552 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2567:24:2567 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2582:24:2582 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2597:24:2597 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2612:24:2612 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2627:24:2627 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2642:24:2642 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2657:24:2657 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2672:24:2672 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2687:24:2687 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2702:24:2702 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2717:24:2717 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2732:24:2732 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2747:24:2747 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2762:24:2762 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2777:24:2777 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2792:24:2792 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2807:24:2807 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2822:24:2822 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2837:24:2837 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2852:24:2852 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2867:24:2867 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2882:24:2882 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2897:24:2897 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2912:24:2912 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2927:24:2927 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2942:24:2942 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2957:24:2957 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2972:24:2972 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:2987:24:2987 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3002:24:3002 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3017:24:3017 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3032:24:3032 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3047:24:3047 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3062:24:3062 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3077:24:3077 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3092:24:3092 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3107:24:3107 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3122:24:3122 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3137:24:3137 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3152:24:3152 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3167:24:3167 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3182:24:3182 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:24:3197:24:3197 | access to local variable x |
+| UseUseExplosion.cs:23:13:23:17 | SSA def(x) | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:23:17:23:17 | 0 | UseUseExplosion.cs:23:13:23:17 | SSA def(x) |
+| UseUseExplosion.cs:24:13:24:16 | [post] this access | UseUseExplosion.cs:24:31:24:34 | this access |
+| UseUseExplosion.cs:24:13:24:16 | [post] this access | UseUseExplosion.cs:24:3193:24:3198 | this access |
+| UseUseExplosion.cs:24:13:24:16 | access to property Prop | UseUseExplosion.cs:24:13:24:22 | ... > ... |
+| UseUseExplosion.cs:24:13:24:16 | access to property Prop | UseUseExplosion.cs:24:31:24:34 | access to property Prop |
+| UseUseExplosion.cs:24:13:24:16 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:13:24:16 | this access | UseUseExplosion.cs:24:31:24:34 | this access |
+| UseUseExplosion.cs:24:13:24:16 | this access | UseUseExplosion.cs:24:3193:24:3198 | this access |
+| UseUseExplosion.cs:24:31:24:34 | [post] this access | UseUseExplosion.cs:24:48:24:51 | this access |
+| UseUseExplosion.cs:24:31:24:34 | [post] this access | UseUseExplosion.cs:24:3178:24:3183 | this access |
+| UseUseExplosion.cs:24:31:24:34 | access to property Prop | UseUseExplosion.cs:24:31:24:39 | ... > ... |
+| UseUseExplosion.cs:24:31:24:34 | access to property Prop | UseUseExplosion.cs:24:48:24:51 | access to property Prop |
+| UseUseExplosion.cs:24:31:24:34 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:31:24:34 | this access | UseUseExplosion.cs:24:48:24:51 | this access |
+| UseUseExplosion.cs:24:31:24:34 | this access | UseUseExplosion.cs:24:3178:24:3183 | this access |
+| UseUseExplosion.cs:24:48:24:51 | [post] this access | UseUseExplosion.cs:24:65:24:68 | this access |
+| UseUseExplosion.cs:24:48:24:51 | [post] this access | UseUseExplosion.cs:24:3163:24:3168 | this access |
+| UseUseExplosion.cs:24:48:24:51 | access to property Prop | UseUseExplosion.cs:24:48:24:56 | ... > ... |
+| UseUseExplosion.cs:24:48:24:51 | access to property Prop | UseUseExplosion.cs:24:65:24:68 | access to property Prop |
+| UseUseExplosion.cs:24:48:24:51 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:48:24:51 | this access | UseUseExplosion.cs:24:65:24:68 | this access |
+| UseUseExplosion.cs:24:48:24:51 | this access | UseUseExplosion.cs:24:3163:24:3168 | this access |
+| UseUseExplosion.cs:24:65:24:68 | [post] this access | UseUseExplosion.cs:24:82:24:85 | this access |
+| UseUseExplosion.cs:24:65:24:68 | [post] this access | UseUseExplosion.cs:24:3148:24:3153 | this access |
+| UseUseExplosion.cs:24:65:24:68 | access to property Prop | UseUseExplosion.cs:24:65:24:73 | ... > ... |
+| UseUseExplosion.cs:24:65:24:68 | access to property Prop | UseUseExplosion.cs:24:82:24:85 | access to property Prop |
+| UseUseExplosion.cs:24:65:24:68 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:65:24:68 | this access | UseUseExplosion.cs:24:82:24:85 | this access |
+| UseUseExplosion.cs:24:65:24:68 | this access | UseUseExplosion.cs:24:3148:24:3153 | this access |
+| UseUseExplosion.cs:24:82:24:85 | [post] this access | UseUseExplosion.cs:24:99:24:102 | this access |
+| UseUseExplosion.cs:24:82:24:85 | [post] this access | UseUseExplosion.cs:24:3133:24:3138 | this access |
+| UseUseExplosion.cs:24:82:24:85 | access to property Prop | UseUseExplosion.cs:24:82:24:90 | ... > ... |
+| UseUseExplosion.cs:24:82:24:85 | access to property Prop | UseUseExplosion.cs:24:99:24:102 | access to property Prop |
+| UseUseExplosion.cs:24:82:24:85 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:82:24:85 | this access | UseUseExplosion.cs:24:99:24:102 | this access |
+| UseUseExplosion.cs:24:82:24:85 | this access | UseUseExplosion.cs:24:3133:24:3138 | this access |
+| UseUseExplosion.cs:24:99:24:102 | [post] this access | UseUseExplosion.cs:24:116:24:119 | this access |
+| UseUseExplosion.cs:24:99:24:102 | [post] this access | UseUseExplosion.cs:24:3118:24:3123 | this access |
+| UseUseExplosion.cs:24:99:24:102 | access to property Prop | UseUseExplosion.cs:24:99:24:107 | ... > ... |
+| UseUseExplosion.cs:24:99:24:102 | access to property Prop | UseUseExplosion.cs:24:116:24:119 | access to property Prop |
+| UseUseExplosion.cs:24:99:24:102 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:99:24:102 | this access | UseUseExplosion.cs:24:116:24:119 | this access |
+| UseUseExplosion.cs:24:99:24:102 | this access | UseUseExplosion.cs:24:3118:24:3123 | this access |
+| UseUseExplosion.cs:24:116:24:119 | [post] this access | UseUseExplosion.cs:24:133:24:136 | this access |
+| UseUseExplosion.cs:24:116:24:119 | [post] this access | UseUseExplosion.cs:24:3103:24:3108 | this access |
+| UseUseExplosion.cs:24:116:24:119 | access to property Prop | UseUseExplosion.cs:24:116:24:124 | ... > ... |
+| UseUseExplosion.cs:24:116:24:119 | access to property Prop | UseUseExplosion.cs:24:133:24:136 | access to property Prop |
+| UseUseExplosion.cs:24:116:24:119 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:116:24:119 | this access | UseUseExplosion.cs:24:133:24:136 | this access |
+| UseUseExplosion.cs:24:116:24:119 | this access | UseUseExplosion.cs:24:3103:24:3108 | this access |
+| UseUseExplosion.cs:24:133:24:136 | [post] this access | UseUseExplosion.cs:24:150:24:153 | this access |
+| UseUseExplosion.cs:24:133:24:136 | [post] this access | UseUseExplosion.cs:24:3088:24:3093 | this access |
+| UseUseExplosion.cs:24:133:24:136 | access to property Prop | UseUseExplosion.cs:24:133:24:141 | ... > ... |
+| UseUseExplosion.cs:24:133:24:136 | access to property Prop | UseUseExplosion.cs:24:150:24:153 | access to property Prop |
+| UseUseExplosion.cs:24:133:24:136 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:133:24:136 | this access | UseUseExplosion.cs:24:150:24:153 | this access |
+| UseUseExplosion.cs:24:133:24:136 | this access | UseUseExplosion.cs:24:3088:24:3093 | this access |
+| UseUseExplosion.cs:24:150:24:153 | [post] this access | UseUseExplosion.cs:24:167:24:170 | this access |
+| UseUseExplosion.cs:24:150:24:153 | [post] this access | UseUseExplosion.cs:24:3073:24:3078 | this access |
+| UseUseExplosion.cs:24:150:24:153 | access to property Prop | UseUseExplosion.cs:24:150:24:158 | ... > ... |
+| UseUseExplosion.cs:24:150:24:153 | access to property Prop | UseUseExplosion.cs:24:167:24:170 | access to property Prop |
+| UseUseExplosion.cs:24:150:24:153 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:150:24:153 | this access | UseUseExplosion.cs:24:167:24:170 | this access |
+| UseUseExplosion.cs:24:150:24:153 | this access | UseUseExplosion.cs:24:3073:24:3078 | this access |
+| UseUseExplosion.cs:24:167:24:170 | [post] this access | UseUseExplosion.cs:24:184:24:187 | this access |
+| UseUseExplosion.cs:24:167:24:170 | [post] this access | UseUseExplosion.cs:24:3058:24:3063 | this access |
+| UseUseExplosion.cs:24:167:24:170 | access to property Prop | UseUseExplosion.cs:24:167:24:175 | ... > ... |
+| UseUseExplosion.cs:24:167:24:170 | access to property Prop | UseUseExplosion.cs:24:184:24:187 | access to property Prop |
+| UseUseExplosion.cs:24:167:24:170 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:167:24:170 | this access | UseUseExplosion.cs:24:184:24:187 | this access |
+| UseUseExplosion.cs:24:167:24:170 | this access | UseUseExplosion.cs:24:3058:24:3063 | this access |
+| UseUseExplosion.cs:24:184:24:187 | [post] this access | UseUseExplosion.cs:24:201:24:204 | this access |
+| UseUseExplosion.cs:24:184:24:187 | [post] this access | UseUseExplosion.cs:24:3043:24:3048 | this access |
+| UseUseExplosion.cs:24:184:24:187 | access to property Prop | UseUseExplosion.cs:24:184:24:192 | ... > ... |
+| UseUseExplosion.cs:24:184:24:187 | access to property Prop | UseUseExplosion.cs:24:201:24:204 | access to property Prop |
+| UseUseExplosion.cs:24:184:24:187 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:184:24:187 | this access | UseUseExplosion.cs:24:201:24:204 | this access |
+| UseUseExplosion.cs:24:184:24:187 | this access | UseUseExplosion.cs:24:3043:24:3048 | this access |
+| UseUseExplosion.cs:24:201:24:204 | [post] this access | UseUseExplosion.cs:24:218:24:221 | this access |
+| UseUseExplosion.cs:24:201:24:204 | [post] this access | UseUseExplosion.cs:24:3028:24:3033 | this access |
+| UseUseExplosion.cs:24:201:24:204 | access to property Prop | UseUseExplosion.cs:24:201:24:209 | ... > ... |
+| UseUseExplosion.cs:24:201:24:204 | access to property Prop | UseUseExplosion.cs:24:218:24:221 | access to property Prop |
+| UseUseExplosion.cs:24:201:24:204 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:201:24:204 | this access | UseUseExplosion.cs:24:218:24:221 | this access |
+| UseUseExplosion.cs:24:201:24:204 | this access | UseUseExplosion.cs:24:3028:24:3033 | this access |
+| UseUseExplosion.cs:24:218:24:221 | [post] this access | UseUseExplosion.cs:24:235:24:238 | this access |
+| UseUseExplosion.cs:24:218:24:221 | [post] this access | UseUseExplosion.cs:24:3013:24:3018 | this access |
+| UseUseExplosion.cs:24:218:24:221 | access to property Prop | UseUseExplosion.cs:24:218:24:226 | ... > ... |
+| UseUseExplosion.cs:24:218:24:221 | access to property Prop | UseUseExplosion.cs:24:235:24:238 | access to property Prop |
+| UseUseExplosion.cs:24:218:24:221 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:218:24:221 | this access | UseUseExplosion.cs:24:235:24:238 | this access |
+| UseUseExplosion.cs:24:218:24:221 | this access | UseUseExplosion.cs:24:3013:24:3018 | this access |
+| UseUseExplosion.cs:24:235:24:238 | [post] this access | UseUseExplosion.cs:24:252:24:255 | this access |
+| UseUseExplosion.cs:24:235:24:238 | [post] this access | UseUseExplosion.cs:24:2998:24:3003 | this access |
+| UseUseExplosion.cs:24:235:24:238 | access to property Prop | UseUseExplosion.cs:24:235:24:243 | ... > ... |
+| UseUseExplosion.cs:24:235:24:238 | access to property Prop | UseUseExplosion.cs:24:252:24:255 | access to property Prop |
+| UseUseExplosion.cs:24:235:24:238 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:235:24:238 | this access | UseUseExplosion.cs:24:252:24:255 | this access |
+| UseUseExplosion.cs:24:235:24:238 | this access | UseUseExplosion.cs:24:2998:24:3003 | this access |
+| UseUseExplosion.cs:24:252:24:255 | [post] this access | UseUseExplosion.cs:24:269:24:272 | this access |
+| UseUseExplosion.cs:24:252:24:255 | [post] this access | UseUseExplosion.cs:24:2983:24:2988 | this access |
+| UseUseExplosion.cs:24:252:24:255 | access to property Prop | UseUseExplosion.cs:24:252:24:260 | ... > ... |
+| UseUseExplosion.cs:24:252:24:255 | access to property Prop | UseUseExplosion.cs:24:269:24:272 | access to property Prop |
+| UseUseExplosion.cs:24:252:24:255 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:252:24:255 | this access | UseUseExplosion.cs:24:269:24:272 | this access |
+| UseUseExplosion.cs:24:252:24:255 | this access | UseUseExplosion.cs:24:2983:24:2988 | this access |
+| UseUseExplosion.cs:24:269:24:272 | [post] this access | UseUseExplosion.cs:24:286:24:289 | this access |
+| UseUseExplosion.cs:24:269:24:272 | [post] this access | UseUseExplosion.cs:24:2968:24:2973 | this access |
+| UseUseExplosion.cs:24:269:24:272 | access to property Prop | UseUseExplosion.cs:24:269:24:277 | ... > ... |
+| UseUseExplosion.cs:24:269:24:272 | access to property Prop | UseUseExplosion.cs:24:286:24:289 | access to property Prop |
+| UseUseExplosion.cs:24:269:24:272 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:269:24:272 | this access | UseUseExplosion.cs:24:286:24:289 | this access |
+| UseUseExplosion.cs:24:269:24:272 | this access | UseUseExplosion.cs:24:2968:24:2973 | this access |
+| UseUseExplosion.cs:24:286:24:289 | [post] this access | UseUseExplosion.cs:24:303:24:306 | this access |
+| UseUseExplosion.cs:24:286:24:289 | [post] this access | UseUseExplosion.cs:24:2953:24:2958 | this access |
+| UseUseExplosion.cs:24:286:24:289 | access to property Prop | UseUseExplosion.cs:24:286:24:294 | ... > ... |
+| UseUseExplosion.cs:24:286:24:289 | access to property Prop | UseUseExplosion.cs:24:303:24:306 | access to property Prop |
+| UseUseExplosion.cs:24:286:24:289 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:286:24:289 | this access | UseUseExplosion.cs:24:303:24:306 | this access |
+| UseUseExplosion.cs:24:286:24:289 | this access | UseUseExplosion.cs:24:2953:24:2958 | this access |
+| UseUseExplosion.cs:24:303:24:306 | [post] this access | UseUseExplosion.cs:24:320:24:323 | this access |
+| UseUseExplosion.cs:24:303:24:306 | [post] this access | UseUseExplosion.cs:24:2938:24:2943 | this access |
+| UseUseExplosion.cs:24:303:24:306 | access to property Prop | UseUseExplosion.cs:24:303:24:311 | ... > ... |
+| UseUseExplosion.cs:24:303:24:306 | access to property Prop | UseUseExplosion.cs:24:320:24:323 | access to property Prop |
+| UseUseExplosion.cs:24:303:24:306 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:303:24:306 | this access | UseUseExplosion.cs:24:320:24:323 | this access |
+| UseUseExplosion.cs:24:303:24:306 | this access | UseUseExplosion.cs:24:2938:24:2943 | this access |
+| UseUseExplosion.cs:24:320:24:323 | [post] this access | UseUseExplosion.cs:24:337:24:340 | this access |
+| UseUseExplosion.cs:24:320:24:323 | [post] this access | UseUseExplosion.cs:24:2923:24:2928 | this access |
+| UseUseExplosion.cs:24:320:24:323 | access to property Prop | UseUseExplosion.cs:24:320:24:328 | ... > ... |
+| UseUseExplosion.cs:24:320:24:323 | access to property Prop | UseUseExplosion.cs:24:337:24:340 | access to property Prop |
+| UseUseExplosion.cs:24:320:24:323 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:320:24:323 | this access | UseUseExplosion.cs:24:337:24:340 | this access |
+| UseUseExplosion.cs:24:320:24:323 | this access | UseUseExplosion.cs:24:2923:24:2928 | this access |
+| UseUseExplosion.cs:24:337:24:340 | [post] this access | UseUseExplosion.cs:24:354:24:357 | this access |
+| UseUseExplosion.cs:24:337:24:340 | [post] this access | UseUseExplosion.cs:24:2908:24:2913 | this access |
+| UseUseExplosion.cs:24:337:24:340 | access to property Prop | UseUseExplosion.cs:24:337:24:345 | ... > ... |
+| UseUseExplosion.cs:24:337:24:340 | access to property Prop | UseUseExplosion.cs:24:354:24:357 | access to property Prop |
+| UseUseExplosion.cs:24:337:24:340 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:337:24:340 | this access | UseUseExplosion.cs:24:354:24:357 | this access |
+| UseUseExplosion.cs:24:337:24:340 | this access | UseUseExplosion.cs:24:2908:24:2913 | this access |
+| UseUseExplosion.cs:24:354:24:357 | [post] this access | UseUseExplosion.cs:24:371:24:374 | this access |
+| UseUseExplosion.cs:24:354:24:357 | [post] this access | UseUseExplosion.cs:24:2893:24:2898 | this access |
+| UseUseExplosion.cs:24:354:24:357 | access to property Prop | UseUseExplosion.cs:24:354:24:362 | ... > ... |
+| UseUseExplosion.cs:24:354:24:357 | access to property Prop | UseUseExplosion.cs:24:371:24:374 | access to property Prop |
+| UseUseExplosion.cs:24:354:24:357 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:354:24:357 | this access | UseUseExplosion.cs:24:371:24:374 | this access |
+| UseUseExplosion.cs:24:354:24:357 | this access | UseUseExplosion.cs:24:2893:24:2898 | this access |
+| UseUseExplosion.cs:24:371:24:374 | [post] this access | UseUseExplosion.cs:24:388:24:391 | this access |
+| UseUseExplosion.cs:24:371:24:374 | [post] this access | UseUseExplosion.cs:24:2878:24:2883 | this access |
+| UseUseExplosion.cs:24:371:24:374 | access to property Prop | UseUseExplosion.cs:24:371:24:379 | ... > ... |
+| UseUseExplosion.cs:24:371:24:374 | access to property Prop | UseUseExplosion.cs:24:388:24:391 | access to property Prop |
+| UseUseExplosion.cs:24:371:24:374 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:371:24:374 | this access | UseUseExplosion.cs:24:388:24:391 | this access |
+| UseUseExplosion.cs:24:371:24:374 | this access | UseUseExplosion.cs:24:2878:24:2883 | this access |
+| UseUseExplosion.cs:24:388:24:391 | [post] this access | UseUseExplosion.cs:24:405:24:408 | this access |
+| UseUseExplosion.cs:24:388:24:391 | [post] this access | UseUseExplosion.cs:24:2863:24:2868 | this access |
+| UseUseExplosion.cs:24:388:24:391 | access to property Prop | UseUseExplosion.cs:24:388:24:396 | ... > ... |
+| UseUseExplosion.cs:24:388:24:391 | access to property Prop | UseUseExplosion.cs:24:405:24:408 | access to property Prop |
+| UseUseExplosion.cs:24:388:24:391 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:388:24:391 | this access | UseUseExplosion.cs:24:405:24:408 | this access |
+| UseUseExplosion.cs:24:388:24:391 | this access | UseUseExplosion.cs:24:2863:24:2868 | this access |
+| UseUseExplosion.cs:24:405:24:408 | [post] this access | UseUseExplosion.cs:24:422:24:425 | this access |
+| UseUseExplosion.cs:24:405:24:408 | [post] this access | UseUseExplosion.cs:24:2848:24:2853 | this access |
+| UseUseExplosion.cs:24:405:24:408 | access to property Prop | UseUseExplosion.cs:24:405:24:413 | ... > ... |
+| UseUseExplosion.cs:24:405:24:408 | access to property Prop | UseUseExplosion.cs:24:422:24:425 | access to property Prop |
+| UseUseExplosion.cs:24:405:24:408 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:405:24:408 | this access | UseUseExplosion.cs:24:422:24:425 | this access |
+| UseUseExplosion.cs:24:405:24:408 | this access | UseUseExplosion.cs:24:2848:24:2853 | this access |
+| UseUseExplosion.cs:24:422:24:425 | [post] this access | UseUseExplosion.cs:24:439:24:442 | this access |
+| UseUseExplosion.cs:24:422:24:425 | [post] this access | UseUseExplosion.cs:24:2833:24:2838 | this access |
+| UseUseExplosion.cs:24:422:24:425 | access to property Prop | UseUseExplosion.cs:24:422:24:430 | ... > ... |
+| UseUseExplosion.cs:24:422:24:425 | access to property Prop | UseUseExplosion.cs:24:439:24:442 | access to property Prop |
+| UseUseExplosion.cs:24:422:24:425 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:422:24:425 | this access | UseUseExplosion.cs:24:439:24:442 | this access |
+| UseUseExplosion.cs:24:422:24:425 | this access | UseUseExplosion.cs:24:2833:24:2838 | this access |
+| UseUseExplosion.cs:24:439:24:442 | [post] this access | UseUseExplosion.cs:24:456:24:459 | this access |
+| UseUseExplosion.cs:24:439:24:442 | [post] this access | UseUseExplosion.cs:24:2818:24:2823 | this access |
+| UseUseExplosion.cs:24:439:24:442 | access to property Prop | UseUseExplosion.cs:24:439:24:447 | ... > ... |
+| UseUseExplosion.cs:24:439:24:442 | access to property Prop | UseUseExplosion.cs:24:456:24:459 | access to property Prop |
+| UseUseExplosion.cs:24:439:24:442 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:439:24:442 | this access | UseUseExplosion.cs:24:456:24:459 | this access |
+| UseUseExplosion.cs:24:439:24:442 | this access | UseUseExplosion.cs:24:2818:24:2823 | this access |
+| UseUseExplosion.cs:24:456:24:459 | [post] this access | UseUseExplosion.cs:24:473:24:476 | this access |
+| UseUseExplosion.cs:24:456:24:459 | [post] this access | UseUseExplosion.cs:24:2803:24:2808 | this access |
+| UseUseExplosion.cs:24:456:24:459 | access to property Prop | UseUseExplosion.cs:24:456:24:464 | ... > ... |
+| UseUseExplosion.cs:24:456:24:459 | access to property Prop | UseUseExplosion.cs:24:473:24:476 | access to property Prop |
+| UseUseExplosion.cs:24:456:24:459 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:456:24:459 | this access | UseUseExplosion.cs:24:473:24:476 | this access |
+| UseUseExplosion.cs:24:456:24:459 | this access | UseUseExplosion.cs:24:2803:24:2808 | this access |
+| UseUseExplosion.cs:24:473:24:476 | [post] this access | UseUseExplosion.cs:24:490:24:493 | this access |
+| UseUseExplosion.cs:24:473:24:476 | [post] this access | UseUseExplosion.cs:24:2788:24:2793 | this access |
+| UseUseExplosion.cs:24:473:24:476 | access to property Prop | UseUseExplosion.cs:24:473:24:481 | ... > ... |
+| UseUseExplosion.cs:24:473:24:476 | access to property Prop | UseUseExplosion.cs:24:490:24:493 | access to property Prop |
+| UseUseExplosion.cs:24:473:24:476 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:473:24:476 | this access | UseUseExplosion.cs:24:490:24:493 | this access |
+| UseUseExplosion.cs:24:473:24:476 | this access | UseUseExplosion.cs:24:2788:24:2793 | this access |
+| UseUseExplosion.cs:24:490:24:493 | [post] this access | UseUseExplosion.cs:24:507:24:510 | this access |
+| UseUseExplosion.cs:24:490:24:493 | [post] this access | UseUseExplosion.cs:24:2773:24:2778 | this access |
+| UseUseExplosion.cs:24:490:24:493 | access to property Prop | UseUseExplosion.cs:24:490:24:498 | ... > ... |
+| UseUseExplosion.cs:24:490:24:493 | access to property Prop | UseUseExplosion.cs:24:507:24:510 | access to property Prop |
+| UseUseExplosion.cs:24:490:24:493 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:490:24:493 | this access | UseUseExplosion.cs:24:507:24:510 | this access |
+| UseUseExplosion.cs:24:490:24:493 | this access | UseUseExplosion.cs:24:2773:24:2778 | this access |
+| UseUseExplosion.cs:24:507:24:510 | [post] this access | UseUseExplosion.cs:24:524:24:527 | this access |
+| UseUseExplosion.cs:24:507:24:510 | [post] this access | UseUseExplosion.cs:24:2758:24:2763 | this access |
+| UseUseExplosion.cs:24:507:24:510 | access to property Prop | UseUseExplosion.cs:24:507:24:515 | ... > ... |
+| UseUseExplosion.cs:24:507:24:510 | access to property Prop | UseUseExplosion.cs:24:524:24:527 | access to property Prop |
+| UseUseExplosion.cs:24:507:24:510 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:507:24:510 | this access | UseUseExplosion.cs:24:524:24:527 | this access |
+| UseUseExplosion.cs:24:507:24:510 | this access | UseUseExplosion.cs:24:2758:24:2763 | this access |
+| UseUseExplosion.cs:24:524:24:527 | [post] this access | UseUseExplosion.cs:24:541:24:544 | this access |
+| UseUseExplosion.cs:24:524:24:527 | [post] this access | UseUseExplosion.cs:24:2743:24:2748 | this access |
+| UseUseExplosion.cs:24:524:24:527 | access to property Prop | UseUseExplosion.cs:24:524:24:532 | ... > ... |
+| UseUseExplosion.cs:24:524:24:527 | access to property Prop | UseUseExplosion.cs:24:541:24:544 | access to property Prop |
+| UseUseExplosion.cs:24:524:24:527 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:524:24:527 | this access | UseUseExplosion.cs:24:541:24:544 | this access |
+| UseUseExplosion.cs:24:524:24:527 | this access | UseUseExplosion.cs:24:2743:24:2748 | this access |
+| UseUseExplosion.cs:24:541:24:544 | [post] this access | UseUseExplosion.cs:24:558:24:561 | this access |
+| UseUseExplosion.cs:24:541:24:544 | [post] this access | UseUseExplosion.cs:24:2728:24:2733 | this access |
+| UseUseExplosion.cs:24:541:24:544 | access to property Prop | UseUseExplosion.cs:24:541:24:549 | ... > ... |
+| UseUseExplosion.cs:24:541:24:544 | access to property Prop | UseUseExplosion.cs:24:558:24:561 | access to property Prop |
+| UseUseExplosion.cs:24:541:24:544 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:541:24:544 | this access | UseUseExplosion.cs:24:558:24:561 | this access |
+| UseUseExplosion.cs:24:541:24:544 | this access | UseUseExplosion.cs:24:2728:24:2733 | this access |
+| UseUseExplosion.cs:24:558:24:561 | [post] this access | UseUseExplosion.cs:24:575:24:578 | this access |
+| UseUseExplosion.cs:24:558:24:561 | [post] this access | UseUseExplosion.cs:24:2713:24:2718 | this access |
+| UseUseExplosion.cs:24:558:24:561 | access to property Prop | UseUseExplosion.cs:24:558:24:566 | ... > ... |
+| UseUseExplosion.cs:24:558:24:561 | access to property Prop | UseUseExplosion.cs:24:575:24:578 | access to property Prop |
+| UseUseExplosion.cs:24:558:24:561 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:558:24:561 | this access | UseUseExplosion.cs:24:575:24:578 | this access |
+| UseUseExplosion.cs:24:558:24:561 | this access | UseUseExplosion.cs:24:2713:24:2718 | this access |
+| UseUseExplosion.cs:24:575:24:578 | [post] this access | UseUseExplosion.cs:24:592:24:595 | this access |
+| UseUseExplosion.cs:24:575:24:578 | [post] this access | UseUseExplosion.cs:24:2698:24:2703 | this access |
+| UseUseExplosion.cs:24:575:24:578 | access to property Prop | UseUseExplosion.cs:24:575:24:583 | ... > ... |
+| UseUseExplosion.cs:24:575:24:578 | access to property Prop | UseUseExplosion.cs:24:592:24:595 | access to property Prop |
+| UseUseExplosion.cs:24:575:24:578 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:575:24:578 | this access | UseUseExplosion.cs:24:592:24:595 | this access |
+| UseUseExplosion.cs:24:575:24:578 | this access | UseUseExplosion.cs:24:2698:24:2703 | this access |
+| UseUseExplosion.cs:24:592:24:595 | [post] this access | UseUseExplosion.cs:24:609:24:612 | this access |
+| UseUseExplosion.cs:24:592:24:595 | [post] this access | UseUseExplosion.cs:24:2683:24:2688 | this access |
+| UseUseExplosion.cs:24:592:24:595 | access to property Prop | UseUseExplosion.cs:24:592:24:600 | ... > ... |
+| UseUseExplosion.cs:24:592:24:595 | access to property Prop | UseUseExplosion.cs:24:609:24:612 | access to property Prop |
+| UseUseExplosion.cs:24:592:24:595 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:592:24:595 | this access | UseUseExplosion.cs:24:609:24:612 | this access |
+| UseUseExplosion.cs:24:592:24:595 | this access | UseUseExplosion.cs:24:2683:24:2688 | this access |
+| UseUseExplosion.cs:24:609:24:612 | [post] this access | UseUseExplosion.cs:24:626:24:629 | this access |
+| UseUseExplosion.cs:24:609:24:612 | [post] this access | UseUseExplosion.cs:24:2668:24:2673 | this access |
+| UseUseExplosion.cs:24:609:24:612 | access to property Prop | UseUseExplosion.cs:24:609:24:617 | ... > ... |
+| UseUseExplosion.cs:24:609:24:612 | access to property Prop | UseUseExplosion.cs:24:626:24:629 | access to property Prop |
+| UseUseExplosion.cs:24:609:24:612 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:609:24:612 | this access | UseUseExplosion.cs:24:626:24:629 | this access |
+| UseUseExplosion.cs:24:609:24:612 | this access | UseUseExplosion.cs:24:2668:24:2673 | this access |
+| UseUseExplosion.cs:24:626:24:629 | [post] this access | UseUseExplosion.cs:24:643:24:646 | this access |
+| UseUseExplosion.cs:24:626:24:629 | [post] this access | UseUseExplosion.cs:24:2653:24:2658 | this access |
+| UseUseExplosion.cs:24:626:24:629 | access to property Prop | UseUseExplosion.cs:24:626:24:634 | ... > ... |
+| UseUseExplosion.cs:24:626:24:629 | access to property Prop | UseUseExplosion.cs:24:643:24:646 | access to property Prop |
+| UseUseExplosion.cs:24:626:24:629 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:626:24:629 | this access | UseUseExplosion.cs:24:643:24:646 | this access |
+| UseUseExplosion.cs:24:626:24:629 | this access | UseUseExplosion.cs:24:2653:24:2658 | this access |
+| UseUseExplosion.cs:24:643:24:646 | [post] this access | UseUseExplosion.cs:24:660:24:663 | this access |
+| UseUseExplosion.cs:24:643:24:646 | [post] this access | UseUseExplosion.cs:24:2638:24:2643 | this access |
+| UseUseExplosion.cs:24:643:24:646 | access to property Prop | UseUseExplosion.cs:24:643:24:651 | ... > ... |
+| UseUseExplosion.cs:24:643:24:646 | access to property Prop | UseUseExplosion.cs:24:660:24:663 | access to property Prop |
+| UseUseExplosion.cs:24:643:24:646 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:643:24:646 | this access | UseUseExplosion.cs:24:660:24:663 | this access |
+| UseUseExplosion.cs:24:643:24:646 | this access | UseUseExplosion.cs:24:2638:24:2643 | this access |
+| UseUseExplosion.cs:24:660:24:663 | [post] this access | UseUseExplosion.cs:24:677:24:680 | this access |
+| UseUseExplosion.cs:24:660:24:663 | [post] this access | UseUseExplosion.cs:24:2623:24:2628 | this access |
+| UseUseExplosion.cs:24:660:24:663 | access to property Prop | UseUseExplosion.cs:24:660:24:668 | ... > ... |
+| UseUseExplosion.cs:24:660:24:663 | access to property Prop | UseUseExplosion.cs:24:677:24:680 | access to property Prop |
+| UseUseExplosion.cs:24:660:24:663 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:660:24:663 | this access | UseUseExplosion.cs:24:677:24:680 | this access |
+| UseUseExplosion.cs:24:660:24:663 | this access | UseUseExplosion.cs:24:2623:24:2628 | this access |
+| UseUseExplosion.cs:24:677:24:680 | [post] this access | UseUseExplosion.cs:24:694:24:697 | this access |
+| UseUseExplosion.cs:24:677:24:680 | [post] this access | UseUseExplosion.cs:24:2608:24:2613 | this access |
+| UseUseExplosion.cs:24:677:24:680 | access to property Prop | UseUseExplosion.cs:24:677:24:685 | ... > ... |
+| UseUseExplosion.cs:24:677:24:680 | access to property Prop | UseUseExplosion.cs:24:694:24:697 | access to property Prop |
+| UseUseExplosion.cs:24:677:24:680 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:677:24:680 | this access | UseUseExplosion.cs:24:694:24:697 | this access |
+| UseUseExplosion.cs:24:677:24:680 | this access | UseUseExplosion.cs:24:2608:24:2613 | this access |
+| UseUseExplosion.cs:24:694:24:697 | [post] this access | UseUseExplosion.cs:24:711:24:714 | this access |
+| UseUseExplosion.cs:24:694:24:697 | [post] this access | UseUseExplosion.cs:24:2593:24:2598 | this access |
+| UseUseExplosion.cs:24:694:24:697 | access to property Prop | UseUseExplosion.cs:24:694:24:702 | ... > ... |
+| UseUseExplosion.cs:24:694:24:697 | access to property Prop | UseUseExplosion.cs:24:711:24:714 | access to property Prop |
+| UseUseExplosion.cs:24:694:24:697 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:694:24:697 | this access | UseUseExplosion.cs:24:711:24:714 | this access |
+| UseUseExplosion.cs:24:694:24:697 | this access | UseUseExplosion.cs:24:2593:24:2598 | this access |
+| UseUseExplosion.cs:24:711:24:714 | [post] this access | UseUseExplosion.cs:24:728:24:731 | this access |
+| UseUseExplosion.cs:24:711:24:714 | [post] this access | UseUseExplosion.cs:24:2578:24:2583 | this access |
+| UseUseExplosion.cs:24:711:24:714 | access to property Prop | UseUseExplosion.cs:24:711:24:719 | ... > ... |
+| UseUseExplosion.cs:24:711:24:714 | access to property Prop | UseUseExplosion.cs:24:728:24:731 | access to property Prop |
+| UseUseExplosion.cs:24:711:24:714 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:711:24:714 | this access | UseUseExplosion.cs:24:728:24:731 | this access |
+| UseUseExplosion.cs:24:711:24:714 | this access | UseUseExplosion.cs:24:2578:24:2583 | this access |
+| UseUseExplosion.cs:24:728:24:731 | [post] this access | UseUseExplosion.cs:24:745:24:748 | this access |
+| UseUseExplosion.cs:24:728:24:731 | [post] this access | UseUseExplosion.cs:24:2563:24:2568 | this access |
+| UseUseExplosion.cs:24:728:24:731 | access to property Prop | UseUseExplosion.cs:24:728:24:736 | ... > ... |
+| UseUseExplosion.cs:24:728:24:731 | access to property Prop | UseUseExplosion.cs:24:745:24:748 | access to property Prop |
+| UseUseExplosion.cs:24:728:24:731 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:728:24:731 | this access | UseUseExplosion.cs:24:745:24:748 | this access |
+| UseUseExplosion.cs:24:728:24:731 | this access | UseUseExplosion.cs:24:2563:24:2568 | this access |
+| UseUseExplosion.cs:24:745:24:748 | [post] this access | UseUseExplosion.cs:24:762:24:765 | this access |
+| UseUseExplosion.cs:24:745:24:748 | [post] this access | UseUseExplosion.cs:24:2548:24:2553 | this access |
+| UseUseExplosion.cs:24:745:24:748 | access to property Prop | UseUseExplosion.cs:24:745:24:753 | ... > ... |
+| UseUseExplosion.cs:24:745:24:748 | access to property Prop | UseUseExplosion.cs:24:762:24:765 | access to property Prop |
+| UseUseExplosion.cs:24:745:24:748 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:745:24:748 | this access | UseUseExplosion.cs:24:762:24:765 | this access |
+| UseUseExplosion.cs:24:745:24:748 | this access | UseUseExplosion.cs:24:2548:24:2553 | this access |
+| UseUseExplosion.cs:24:762:24:765 | [post] this access | UseUseExplosion.cs:24:779:24:782 | this access |
+| UseUseExplosion.cs:24:762:24:765 | [post] this access | UseUseExplosion.cs:24:2533:24:2538 | this access |
+| UseUseExplosion.cs:24:762:24:765 | access to property Prop | UseUseExplosion.cs:24:762:24:770 | ... > ... |
+| UseUseExplosion.cs:24:762:24:765 | access to property Prop | UseUseExplosion.cs:24:779:24:782 | access to property Prop |
+| UseUseExplosion.cs:24:762:24:765 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:762:24:765 | this access | UseUseExplosion.cs:24:779:24:782 | this access |
+| UseUseExplosion.cs:24:762:24:765 | this access | UseUseExplosion.cs:24:2533:24:2538 | this access |
+| UseUseExplosion.cs:24:779:24:782 | [post] this access | UseUseExplosion.cs:24:796:24:799 | this access |
+| UseUseExplosion.cs:24:779:24:782 | [post] this access | UseUseExplosion.cs:24:2518:24:2523 | this access |
+| UseUseExplosion.cs:24:779:24:782 | access to property Prop | UseUseExplosion.cs:24:779:24:787 | ... > ... |
+| UseUseExplosion.cs:24:779:24:782 | access to property Prop | UseUseExplosion.cs:24:796:24:799 | access to property Prop |
+| UseUseExplosion.cs:24:779:24:782 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:779:24:782 | this access | UseUseExplosion.cs:24:796:24:799 | this access |
+| UseUseExplosion.cs:24:779:24:782 | this access | UseUseExplosion.cs:24:2518:24:2523 | this access |
+| UseUseExplosion.cs:24:796:24:799 | [post] this access | UseUseExplosion.cs:24:813:24:816 | this access |
+| UseUseExplosion.cs:24:796:24:799 | [post] this access | UseUseExplosion.cs:24:2503:24:2508 | this access |
+| UseUseExplosion.cs:24:796:24:799 | access to property Prop | UseUseExplosion.cs:24:796:24:804 | ... > ... |
+| UseUseExplosion.cs:24:796:24:799 | access to property Prop | UseUseExplosion.cs:24:813:24:816 | access to property Prop |
+| UseUseExplosion.cs:24:796:24:799 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:796:24:799 | this access | UseUseExplosion.cs:24:813:24:816 | this access |
+| UseUseExplosion.cs:24:796:24:799 | this access | UseUseExplosion.cs:24:2503:24:2508 | this access |
+| UseUseExplosion.cs:24:813:24:816 | [post] this access | UseUseExplosion.cs:24:830:24:833 | this access |
+| UseUseExplosion.cs:24:813:24:816 | [post] this access | UseUseExplosion.cs:24:2488:24:2493 | this access |
+| UseUseExplosion.cs:24:813:24:816 | access to property Prop | UseUseExplosion.cs:24:813:24:821 | ... > ... |
+| UseUseExplosion.cs:24:813:24:816 | access to property Prop | UseUseExplosion.cs:24:830:24:833 | access to property Prop |
+| UseUseExplosion.cs:24:813:24:816 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:813:24:816 | this access | UseUseExplosion.cs:24:830:24:833 | this access |
+| UseUseExplosion.cs:24:813:24:816 | this access | UseUseExplosion.cs:24:2488:24:2493 | this access |
+| UseUseExplosion.cs:24:830:24:833 | [post] this access | UseUseExplosion.cs:24:847:24:850 | this access |
+| UseUseExplosion.cs:24:830:24:833 | [post] this access | UseUseExplosion.cs:24:2473:24:2478 | this access |
+| UseUseExplosion.cs:24:830:24:833 | access to property Prop | UseUseExplosion.cs:24:830:24:838 | ... > ... |
+| UseUseExplosion.cs:24:830:24:833 | access to property Prop | UseUseExplosion.cs:24:847:24:850 | access to property Prop |
+| UseUseExplosion.cs:24:830:24:833 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:830:24:833 | this access | UseUseExplosion.cs:24:847:24:850 | this access |
+| UseUseExplosion.cs:24:830:24:833 | this access | UseUseExplosion.cs:24:2473:24:2478 | this access |
+| UseUseExplosion.cs:24:847:24:850 | [post] this access | UseUseExplosion.cs:24:864:24:867 | this access |
+| UseUseExplosion.cs:24:847:24:850 | [post] this access | UseUseExplosion.cs:24:2458:24:2463 | this access |
+| UseUseExplosion.cs:24:847:24:850 | access to property Prop | UseUseExplosion.cs:24:847:24:855 | ... > ... |
+| UseUseExplosion.cs:24:847:24:850 | access to property Prop | UseUseExplosion.cs:24:864:24:867 | access to property Prop |
+| UseUseExplosion.cs:24:847:24:850 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:847:24:850 | this access | UseUseExplosion.cs:24:864:24:867 | this access |
+| UseUseExplosion.cs:24:847:24:850 | this access | UseUseExplosion.cs:24:2458:24:2463 | this access |
+| UseUseExplosion.cs:24:864:24:867 | [post] this access | UseUseExplosion.cs:24:881:24:884 | this access |
+| UseUseExplosion.cs:24:864:24:867 | [post] this access | UseUseExplosion.cs:24:2443:24:2448 | this access |
+| UseUseExplosion.cs:24:864:24:867 | access to property Prop | UseUseExplosion.cs:24:864:24:872 | ... > ... |
+| UseUseExplosion.cs:24:864:24:867 | access to property Prop | UseUseExplosion.cs:24:881:24:884 | access to property Prop |
+| UseUseExplosion.cs:24:864:24:867 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:864:24:867 | this access | UseUseExplosion.cs:24:881:24:884 | this access |
+| UseUseExplosion.cs:24:864:24:867 | this access | UseUseExplosion.cs:24:2443:24:2448 | this access |
+| UseUseExplosion.cs:24:881:24:884 | [post] this access | UseUseExplosion.cs:24:898:24:901 | this access |
+| UseUseExplosion.cs:24:881:24:884 | [post] this access | UseUseExplosion.cs:24:2428:24:2433 | this access |
+| UseUseExplosion.cs:24:881:24:884 | access to property Prop | UseUseExplosion.cs:24:881:24:889 | ... > ... |
+| UseUseExplosion.cs:24:881:24:884 | access to property Prop | UseUseExplosion.cs:24:898:24:901 | access to property Prop |
+| UseUseExplosion.cs:24:881:24:884 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:881:24:884 | this access | UseUseExplosion.cs:24:898:24:901 | this access |
+| UseUseExplosion.cs:24:881:24:884 | this access | UseUseExplosion.cs:24:2428:24:2433 | this access |
+| UseUseExplosion.cs:24:898:24:901 | [post] this access | UseUseExplosion.cs:24:915:24:918 | this access |
+| UseUseExplosion.cs:24:898:24:901 | [post] this access | UseUseExplosion.cs:24:2413:24:2418 | this access |
+| UseUseExplosion.cs:24:898:24:901 | access to property Prop | UseUseExplosion.cs:24:898:24:906 | ... > ... |
+| UseUseExplosion.cs:24:898:24:901 | access to property Prop | UseUseExplosion.cs:24:915:24:918 | access to property Prop |
+| UseUseExplosion.cs:24:898:24:901 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:898:24:901 | this access | UseUseExplosion.cs:24:915:24:918 | this access |
+| UseUseExplosion.cs:24:898:24:901 | this access | UseUseExplosion.cs:24:2413:24:2418 | this access |
+| UseUseExplosion.cs:24:915:24:918 | [post] this access | UseUseExplosion.cs:24:932:24:935 | this access |
+| UseUseExplosion.cs:24:915:24:918 | [post] this access | UseUseExplosion.cs:24:2398:24:2403 | this access |
+| UseUseExplosion.cs:24:915:24:918 | access to property Prop | UseUseExplosion.cs:24:915:24:923 | ... > ... |
+| UseUseExplosion.cs:24:915:24:918 | access to property Prop | UseUseExplosion.cs:24:932:24:935 | access to property Prop |
+| UseUseExplosion.cs:24:915:24:918 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:915:24:918 | this access | UseUseExplosion.cs:24:932:24:935 | this access |
+| UseUseExplosion.cs:24:915:24:918 | this access | UseUseExplosion.cs:24:2398:24:2403 | this access |
+| UseUseExplosion.cs:24:932:24:935 | [post] this access | UseUseExplosion.cs:24:949:24:952 | this access |
+| UseUseExplosion.cs:24:932:24:935 | [post] this access | UseUseExplosion.cs:24:2383:24:2388 | this access |
+| UseUseExplosion.cs:24:932:24:935 | access to property Prop | UseUseExplosion.cs:24:932:24:940 | ... > ... |
+| UseUseExplosion.cs:24:932:24:935 | access to property Prop | UseUseExplosion.cs:24:949:24:952 | access to property Prop |
+| UseUseExplosion.cs:24:932:24:935 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:932:24:935 | this access | UseUseExplosion.cs:24:949:24:952 | this access |
+| UseUseExplosion.cs:24:932:24:935 | this access | UseUseExplosion.cs:24:2383:24:2388 | this access |
+| UseUseExplosion.cs:24:949:24:952 | [post] this access | UseUseExplosion.cs:24:966:24:969 | this access |
+| UseUseExplosion.cs:24:949:24:952 | [post] this access | UseUseExplosion.cs:24:2368:24:2373 | this access |
+| UseUseExplosion.cs:24:949:24:952 | access to property Prop | UseUseExplosion.cs:24:949:24:957 | ... > ... |
+| UseUseExplosion.cs:24:949:24:952 | access to property Prop | UseUseExplosion.cs:24:966:24:969 | access to property Prop |
+| UseUseExplosion.cs:24:949:24:952 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:949:24:952 | this access | UseUseExplosion.cs:24:966:24:969 | this access |
+| UseUseExplosion.cs:24:949:24:952 | this access | UseUseExplosion.cs:24:2368:24:2373 | this access |
+| UseUseExplosion.cs:24:966:24:969 | [post] this access | UseUseExplosion.cs:24:983:24:986 | this access |
+| UseUseExplosion.cs:24:966:24:969 | [post] this access | UseUseExplosion.cs:24:2353:24:2358 | this access |
+| UseUseExplosion.cs:24:966:24:969 | access to property Prop | UseUseExplosion.cs:24:966:24:974 | ... > ... |
+| UseUseExplosion.cs:24:966:24:969 | access to property Prop | UseUseExplosion.cs:24:983:24:986 | access to property Prop |
+| UseUseExplosion.cs:24:966:24:969 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:966:24:969 | this access | UseUseExplosion.cs:24:983:24:986 | this access |
+| UseUseExplosion.cs:24:966:24:969 | this access | UseUseExplosion.cs:24:2353:24:2358 | this access |
+| UseUseExplosion.cs:24:983:24:986 | [post] this access | UseUseExplosion.cs:24:1000:24:1003 | this access |
+| UseUseExplosion.cs:24:983:24:986 | [post] this access | UseUseExplosion.cs:24:2338:24:2343 | this access |
+| UseUseExplosion.cs:24:983:24:986 | access to property Prop | UseUseExplosion.cs:24:983:24:991 | ... > ... |
+| UseUseExplosion.cs:24:983:24:986 | access to property Prop | UseUseExplosion.cs:24:1000:24:1003 | access to property Prop |
+| UseUseExplosion.cs:24:983:24:986 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:983:24:986 | this access | UseUseExplosion.cs:24:1000:24:1003 | this access |
+| UseUseExplosion.cs:24:983:24:986 | this access | UseUseExplosion.cs:24:2338:24:2343 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | [post] this access | UseUseExplosion.cs:24:1017:24:1020 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | [post] this access | UseUseExplosion.cs:24:2323:24:2328 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | access to property Prop | UseUseExplosion.cs:24:1000:24:1008 | ... > ... |
+| UseUseExplosion.cs:24:1000:24:1003 | access to property Prop | UseUseExplosion.cs:24:1017:24:1020 | access to property Prop |
+| UseUseExplosion.cs:24:1000:24:1003 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1000:24:1003 | this access | UseUseExplosion.cs:24:1017:24:1020 | this access |
+| UseUseExplosion.cs:24:1000:24:1003 | this access | UseUseExplosion.cs:24:2323:24:2328 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | [post] this access | UseUseExplosion.cs:24:1034:24:1037 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | [post] this access | UseUseExplosion.cs:24:2308:24:2313 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | access to property Prop | UseUseExplosion.cs:24:1017:24:1025 | ... > ... |
+| UseUseExplosion.cs:24:1017:24:1020 | access to property Prop | UseUseExplosion.cs:24:1034:24:1037 | access to property Prop |
+| UseUseExplosion.cs:24:1017:24:1020 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1017:24:1020 | this access | UseUseExplosion.cs:24:1034:24:1037 | this access |
+| UseUseExplosion.cs:24:1017:24:1020 | this access | UseUseExplosion.cs:24:2308:24:2313 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | [post] this access | UseUseExplosion.cs:24:1051:24:1054 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | [post] this access | UseUseExplosion.cs:24:2293:24:2298 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | access to property Prop | UseUseExplosion.cs:24:1034:24:1042 | ... > ... |
+| UseUseExplosion.cs:24:1034:24:1037 | access to property Prop | UseUseExplosion.cs:24:1051:24:1054 | access to property Prop |
+| UseUseExplosion.cs:24:1034:24:1037 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1034:24:1037 | this access | UseUseExplosion.cs:24:1051:24:1054 | this access |
+| UseUseExplosion.cs:24:1034:24:1037 | this access | UseUseExplosion.cs:24:2293:24:2298 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | [post] this access | UseUseExplosion.cs:24:1068:24:1071 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | [post] this access | UseUseExplosion.cs:24:2278:24:2283 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | access to property Prop | UseUseExplosion.cs:24:1051:24:1059 | ... > ... |
+| UseUseExplosion.cs:24:1051:24:1054 | access to property Prop | UseUseExplosion.cs:24:1068:24:1071 | access to property Prop |
+| UseUseExplosion.cs:24:1051:24:1054 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1051:24:1054 | this access | UseUseExplosion.cs:24:1068:24:1071 | this access |
+| UseUseExplosion.cs:24:1051:24:1054 | this access | UseUseExplosion.cs:24:2278:24:2283 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | [post] this access | UseUseExplosion.cs:24:1085:24:1088 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | [post] this access | UseUseExplosion.cs:24:2263:24:2268 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | access to property Prop | UseUseExplosion.cs:24:1068:24:1076 | ... > ... |
+| UseUseExplosion.cs:24:1068:24:1071 | access to property Prop | UseUseExplosion.cs:24:1085:24:1088 | access to property Prop |
+| UseUseExplosion.cs:24:1068:24:1071 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1068:24:1071 | this access | UseUseExplosion.cs:24:1085:24:1088 | this access |
+| UseUseExplosion.cs:24:1068:24:1071 | this access | UseUseExplosion.cs:24:2263:24:2268 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | [post] this access | UseUseExplosion.cs:24:1102:24:1105 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | [post] this access | UseUseExplosion.cs:24:2248:24:2253 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | access to property Prop | UseUseExplosion.cs:24:1085:24:1093 | ... > ... |
+| UseUseExplosion.cs:24:1085:24:1088 | access to property Prop | UseUseExplosion.cs:24:1102:24:1105 | access to property Prop |
+| UseUseExplosion.cs:24:1085:24:1088 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1085:24:1088 | this access | UseUseExplosion.cs:24:1102:24:1105 | this access |
+| UseUseExplosion.cs:24:1085:24:1088 | this access | UseUseExplosion.cs:24:2248:24:2253 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | [post] this access | UseUseExplosion.cs:24:1119:24:1122 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | [post] this access | UseUseExplosion.cs:24:2233:24:2238 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | access to property Prop | UseUseExplosion.cs:24:1102:24:1110 | ... > ... |
+| UseUseExplosion.cs:24:1102:24:1105 | access to property Prop | UseUseExplosion.cs:24:1119:24:1122 | access to property Prop |
+| UseUseExplosion.cs:24:1102:24:1105 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1102:24:1105 | this access | UseUseExplosion.cs:24:1119:24:1122 | this access |
+| UseUseExplosion.cs:24:1102:24:1105 | this access | UseUseExplosion.cs:24:2233:24:2238 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | [post] this access | UseUseExplosion.cs:24:1136:24:1139 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | [post] this access | UseUseExplosion.cs:24:2218:24:2223 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | access to property Prop | UseUseExplosion.cs:24:1119:24:1127 | ... > ... |
+| UseUseExplosion.cs:24:1119:24:1122 | access to property Prop | UseUseExplosion.cs:24:1136:24:1139 | access to property Prop |
+| UseUseExplosion.cs:24:1119:24:1122 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1119:24:1122 | this access | UseUseExplosion.cs:24:1136:24:1139 | this access |
+| UseUseExplosion.cs:24:1119:24:1122 | this access | UseUseExplosion.cs:24:2218:24:2223 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | [post] this access | UseUseExplosion.cs:24:1153:24:1156 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | [post] this access | UseUseExplosion.cs:24:2203:24:2208 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | access to property Prop | UseUseExplosion.cs:24:1136:24:1144 | ... > ... |
+| UseUseExplosion.cs:24:1136:24:1139 | access to property Prop | UseUseExplosion.cs:24:1153:24:1156 | access to property Prop |
+| UseUseExplosion.cs:24:1136:24:1139 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1136:24:1139 | this access | UseUseExplosion.cs:24:1153:24:1156 | this access |
+| UseUseExplosion.cs:24:1136:24:1139 | this access | UseUseExplosion.cs:24:2203:24:2208 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | [post] this access | UseUseExplosion.cs:24:1170:24:1173 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | [post] this access | UseUseExplosion.cs:24:2188:24:2193 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | access to property Prop | UseUseExplosion.cs:24:1153:24:1161 | ... > ... |
+| UseUseExplosion.cs:24:1153:24:1156 | access to property Prop | UseUseExplosion.cs:24:1170:24:1173 | access to property Prop |
+| UseUseExplosion.cs:24:1153:24:1156 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1153:24:1156 | this access | UseUseExplosion.cs:24:1170:24:1173 | this access |
+| UseUseExplosion.cs:24:1153:24:1156 | this access | UseUseExplosion.cs:24:2188:24:2193 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | [post] this access | UseUseExplosion.cs:24:1187:24:1190 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | [post] this access | UseUseExplosion.cs:24:2173:24:2178 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | access to property Prop | UseUseExplosion.cs:24:1170:24:1178 | ... > ... |
+| UseUseExplosion.cs:24:1170:24:1173 | access to property Prop | UseUseExplosion.cs:24:1187:24:1190 | access to property Prop |
+| UseUseExplosion.cs:24:1170:24:1173 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1170:24:1173 | this access | UseUseExplosion.cs:24:1187:24:1190 | this access |
+| UseUseExplosion.cs:24:1170:24:1173 | this access | UseUseExplosion.cs:24:2173:24:2178 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | [post] this access | UseUseExplosion.cs:24:1204:24:1207 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | [post] this access | UseUseExplosion.cs:24:2158:24:2163 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | access to property Prop | UseUseExplosion.cs:24:1187:24:1195 | ... > ... |
+| UseUseExplosion.cs:24:1187:24:1190 | access to property Prop | UseUseExplosion.cs:24:1204:24:1207 | access to property Prop |
+| UseUseExplosion.cs:24:1187:24:1190 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1187:24:1190 | this access | UseUseExplosion.cs:24:1204:24:1207 | this access |
+| UseUseExplosion.cs:24:1187:24:1190 | this access | UseUseExplosion.cs:24:2158:24:2163 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | [post] this access | UseUseExplosion.cs:24:1221:24:1224 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | [post] this access | UseUseExplosion.cs:24:2143:24:2148 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | access to property Prop | UseUseExplosion.cs:24:1204:24:1212 | ... > ... |
+| UseUseExplosion.cs:24:1204:24:1207 | access to property Prop | UseUseExplosion.cs:24:1221:24:1224 | access to property Prop |
+| UseUseExplosion.cs:24:1204:24:1207 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1204:24:1207 | this access | UseUseExplosion.cs:24:1221:24:1224 | this access |
+| UseUseExplosion.cs:24:1204:24:1207 | this access | UseUseExplosion.cs:24:2143:24:2148 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | [post] this access | UseUseExplosion.cs:24:1238:24:1241 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | [post] this access | UseUseExplosion.cs:24:2128:24:2133 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | access to property Prop | UseUseExplosion.cs:24:1221:24:1229 | ... > ... |
+| UseUseExplosion.cs:24:1221:24:1224 | access to property Prop | UseUseExplosion.cs:24:1238:24:1241 | access to property Prop |
+| UseUseExplosion.cs:24:1221:24:1224 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1221:24:1224 | this access | UseUseExplosion.cs:24:1238:24:1241 | this access |
+| UseUseExplosion.cs:24:1221:24:1224 | this access | UseUseExplosion.cs:24:2128:24:2133 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | [post] this access | UseUseExplosion.cs:24:1255:24:1258 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | [post] this access | UseUseExplosion.cs:24:2113:24:2118 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | access to property Prop | UseUseExplosion.cs:24:1238:24:1246 | ... > ... |
+| UseUseExplosion.cs:24:1238:24:1241 | access to property Prop | UseUseExplosion.cs:24:1255:24:1258 | access to property Prop |
+| UseUseExplosion.cs:24:1238:24:1241 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1238:24:1241 | this access | UseUseExplosion.cs:24:1255:24:1258 | this access |
+| UseUseExplosion.cs:24:1238:24:1241 | this access | UseUseExplosion.cs:24:2113:24:2118 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | [post] this access | UseUseExplosion.cs:24:1272:24:1275 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | [post] this access | UseUseExplosion.cs:24:2098:24:2103 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | access to property Prop | UseUseExplosion.cs:24:1255:24:1263 | ... > ... |
+| UseUseExplosion.cs:24:1255:24:1258 | access to property Prop | UseUseExplosion.cs:24:1272:24:1275 | access to property Prop |
+| UseUseExplosion.cs:24:1255:24:1258 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1255:24:1258 | this access | UseUseExplosion.cs:24:1272:24:1275 | this access |
+| UseUseExplosion.cs:24:1255:24:1258 | this access | UseUseExplosion.cs:24:2098:24:2103 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | [post] this access | UseUseExplosion.cs:24:1289:24:1292 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | [post] this access | UseUseExplosion.cs:24:2083:24:2088 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | access to property Prop | UseUseExplosion.cs:24:1272:24:1280 | ... > ... |
+| UseUseExplosion.cs:24:1272:24:1275 | access to property Prop | UseUseExplosion.cs:24:1289:24:1292 | access to property Prop |
+| UseUseExplosion.cs:24:1272:24:1275 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1272:24:1275 | this access | UseUseExplosion.cs:24:1289:24:1292 | this access |
+| UseUseExplosion.cs:24:1272:24:1275 | this access | UseUseExplosion.cs:24:2083:24:2088 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | [post] this access | UseUseExplosion.cs:24:1306:24:1309 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | [post] this access | UseUseExplosion.cs:24:2068:24:2073 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | access to property Prop | UseUseExplosion.cs:24:1289:24:1297 | ... > ... |
+| UseUseExplosion.cs:24:1289:24:1292 | access to property Prop | UseUseExplosion.cs:24:1306:24:1309 | access to property Prop |
+| UseUseExplosion.cs:24:1289:24:1292 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1289:24:1292 | this access | UseUseExplosion.cs:24:1306:24:1309 | this access |
+| UseUseExplosion.cs:24:1289:24:1292 | this access | UseUseExplosion.cs:24:2068:24:2073 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | [post] this access | UseUseExplosion.cs:24:1323:24:1326 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | [post] this access | UseUseExplosion.cs:24:2053:24:2058 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | access to property Prop | UseUseExplosion.cs:24:1306:24:1314 | ... > ... |
+| UseUseExplosion.cs:24:1306:24:1309 | access to property Prop | UseUseExplosion.cs:24:1323:24:1326 | access to property Prop |
+| UseUseExplosion.cs:24:1306:24:1309 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1306:24:1309 | this access | UseUseExplosion.cs:24:1323:24:1326 | this access |
+| UseUseExplosion.cs:24:1306:24:1309 | this access | UseUseExplosion.cs:24:2053:24:2058 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | [post] this access | UseUseExplosion.cs:24:1340:24:1343 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | [post] this access | UseUseExplosion.cs:24:2038:24:2043 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | access to property Prop | UseUseExplosion.cs:24:1323:24:1331 | ... > ... |
+| UseUseExplosion.cs:24:1323:24:1326 | access to property Prop | UseUseExplosion.cs:24:1340:24:1343 | access to property Prop |
+| UseUseExplosion.cs:24:1323:24:1326 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1323:24:1326 | this access | UseUseExplosion.cs:24:1340:24:1343 | this access |
+| UseUseExplosion.cs:24:1323:24:1326 | this access | UseUseExplosion.cs:24:2038:24:2043 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | [post] this access | UseUseExplosion.cs:24:1357:24:1360 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | [post] this access | UseUseExplosion.cs:24:2023:24:2028 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | access to property Prop | UseUseExplosion.cs:24:1340:24:1348 | ... > ... |
+| UseUseExplosion.cs:24:1340:24:1343 | access to property Prop | UseUseExplosion.cs:24:1357:24:1360 | access to property Prop |
+| UseUseExplosion.cs:24:1340:24:1343 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1340:24:1343 | this access | UseUseExplosion.cs:24:1357:24:1360 | this access |
+| UseUseExplosion.cs:24:1340:24:1343 | this access | UseUseExplosion.cs:24:2023:24:2028 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | [post] this access | UseUseExplosion.cs:24:1374:24:1377 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | [post] this access | UseUseExplosion.cs:24:2008:24:2013 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | access to property Prop | UseUseExplosion.cs:24:1357:24:1365 | ... > ... |
+| UseUseExplosion.cs:24:1357:24:1360 | access to property Prop | UseUseExplosion.cs:24:1374:24:1377 | access to property Prop |
+| UseUseExplosion.cs:24:1357:24:1360 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1357:24:1360 | this access | UseUseExplosion.cs:24:1374:24:1377 | this access |
+| UseUseExplosion.cs:24:1357:24:1360 | this access | UseUseExplosion.cs:24:2008:24:2013 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | [post] this access | UseUseExplosion.cs:24:1391:24:1394 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | [post] this access | UseUseExplosion.cs:24:1993:24:1998 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | access to property Prop | UseUseExplosion.cs:24:1374:24:1382 | ... > ... |
+| UseUseExplosion.cs:24:1374:24:1377 | access to property Prop | UseUseExplosion.cs:24:1391:24:1394 | access to property Prop |
+| UseUseExplosion.cs:24:1374:24:1377 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1374:24:1377 | this access | UseUseExplosion.cs:24:1391:24:1394 | this access |
+| UseUseExplosion.cs:24:1374:24:1377 | this access | UseUseExplosion.cs:24:1993:24:1998 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | [post] this access | UseUseExplosion.cs:24:1408:24:1411 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | [post] this access | UseUseExplosion.cs:24:1978:24:1983 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | access to property Prop | UseUseExplosion.cs:24:1391:24:1399 | ... > ... |
+| UseUseExplosion.cs:24:1391:24:1394 | access to property Prop | UseUseExplosion.cs:24:1408:24:1411 | access to property Prop |
+| UseUseExplosion.cs:24:1391:24:1394 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1391:24:1394 | this access | UseUseExplosion.cs:24:1408:24:1411 | this access |
+| UseUseExplosion.cs:24:1391:24:1394 | this access | UseUseExplosion.cs:24:1978:24:1983 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | [post] this access | UseUseExplosion.cs:24:1425:24:1428 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | [post] this access | UseUseExplosion.cs:24:1963:24:1968 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | access to property Prop | UseUseExplosion.cs:24:1408:24:1416 | ... > ... |
+| UseUseExplosion.cs:24:1408:24:1411 | access to property Prop | UseUseExplosion.cs:24:1425:24:1428 | access to property Prop |
+| UseUseExplosion.cs:24:1408:24:1411 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1408:24:1411 | this access | UseUseExplosion.cs:24:1425:24:1428 | this access |
+| UseUseExplosion.cs:24:1408:24:1411 | this access | UseUseExplosion.cs:24:1963:24:1968 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | [post] this access | UseUseExplosion.cs:24:1442:24:1445 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | [post] this access | UseUseExplosion.cs:24:1948:24:1953 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | access to property Prop | UseUseExplosion.cs:24:1425:24:1433 | ... > ... |
+| UseUseExplosion.cs:24:1425:24:1428 | access to property Prop | UseUseExplosion.cs:24:1442:24:1445 | access to property Prop |
+| UseUseExplosion.cs:24:1425:24:1428 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1425:24:1428 | this access | UseUseExplosion.cs:24:1442:24:1445 | this access |
+| UseUseExplosion.cs:24:1425:24:1428 | this access | UseUseExplosion.cs:24:1948:24:1953 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | [post] this access | UseUseExplosion.cs:24:1459:24:1462 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | [post] this access | UseUseExplosion.cs:24:1933:24:1938 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | access to property Prop | UseUseExplosion.cs:24:1442:24:1450 | ... > ... |
+| UseUseExplosion.cs:24:1442:24:1445 | access to property Prop | UseUseExplosion.cs:24:1459:24:1462 | access to property Prop |
+| UseUseExplosion.cs:24:1442:24:1445 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1442:24:1445 | this access | UseUseExplosion.cs:24:1459:24:1462 | this access |
+| UseUseExplosion.cs:24:1442:24:1445 | this access | UseUseExplosion.cs:24:1933:24:1938 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | [post] this access | UseUseExplosion.cs:24:1476:24:1479 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | [post] this access | UseUseExplosion.cs:24:1918:24:1923 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | access to property Prop | UseUseExplosion.cs:24:1459:24:1467 | ... > ... |
+| UseUseExplosion.cs:24:1459:24:1462 | access to property Prop | UseUseExplosion.cs:24:1476:24:1479 | access to property Prop |
+| UseUseExplosion.cs:24:1459:24:1462 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1459:24:1462 | this access | UseUseExplosion.cs:24:1476:24:1479 | this access |
+| UseUseExplosion.cs:24:1459:24:1462 | this access | UseUseExplosion.cs:24:1918:24:1923 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | [post] this access | UseUseExplosion.cs:24:1493:24:1496 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | [post] this access | UseUseExplosion.cs:24:1903:24:1908 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | access to property Prop | UseUseExplosion.cs:24:1476:24:1484 | ... > ... |
+| UseUseExplosion.cs:24:1476:24:1479 | access to property Prop | UseUseExplosion.cs:24:1493:24:1496 | access to property Prop |
+| UseUseExplosion.cs:24:1476:24:1479 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1476:24:1479 | this access | UseUseExplosion.cs:24:1493:24:1496 | this access |
+| UseUseExplosion.cs:24:1476:24:1479 | this access | UseUseExplosion.cs:24:1903:24:1908 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | [post] this access | UseUseExplosion.cs:24:1510:24:1513 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | [post] this access | UseUseExplosion.cs:24:1888:24:1893 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | access to property Prop | UseUseExplosion.cs:24:1493:24:1501 | ... > ... |
+| UseUseExplosion.cs:24:1493:24:1496 | access to property Prop | UseUseExplosion.cs:24:1510:24:1513 | access to property Prop |
+| UseUseExplosion.cs:24:1493:24:1496 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1493:24:1496 | this access | UseUseExplosion.cs:24:1510:24:1513 | this access |
+| UseUseExplosion.cs:24:1493:24:1496 | this access | UseUseExplosion.cs:24:1888:24:1893 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | [post] this access | UseUseExplosion.cs:24:1527:24:1530 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | [post] this access | UseUseExplosion.cs:24:1873:24:1878 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | access to property Prop | UseUseExplosion.cs:24:1510:24:1518 | ... > ... |
+| UseUseExplosion.cs:24:1510:24:1513 | access to property Prop | UseUseExplosion.cs:24:1527:24:1530 | access to property Prop |
+| UseUseExplosion.cs:24:1510:24:1513 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1510:24:1513 | this access | UseUseExplosion.cs:24:1527:24:1530 | this access |
+| UseUseExplosion.cs:24:1510:24:1513 | this access | UseUseExplosion.cs:24:1873:24:1878 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | [post] this access | UseUseExplosion.cs:24:1544:24:1547 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | [post] this access | UseUseExplosion.cs:24:1858:24:1863 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | access to property Prop | UseUseExplosion.cs:24:1527:24:1535 | ... > ... |
+| UseUseExplosion.cs:24:1527:24:1530 | access to property Prop | UseUseExplosion.cs:24:1544:24:1547 | access to property Prop |
+| UseUseExplosion.cs:24:1527:24:1530 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1527:24:1530 | this access | UseUseExplosion.cs:24:1544:24:1547 | this access |
+| UseUseExplosion.cs:24:1527:24:1530 | this access | UseUseExplosion.cs:24:1858:24:1863 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | [post] this access | UseUseExplosion.cs:24:1561:24:1564 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | [post] this access | UseUseExplosion.cs:24:1843:24:1848 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | access to property Prop | UseUseExplosion.cs:24:1544:24:1552 | ... > ... |
+| UseUseExplosion.cs:24:1544:24:1547 | access to property Prop | UseUseExplosion.cs:24:1561:24:1564 | access to property Prop |
+| UseUseExplosion.cs:24:1544:24:1547 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1544:24:1547 | this access | UseUseExplosion.cs:24:1561:24:1564 | this access |
+| UseUseExplosion.cs:24:1544:24:1547 | this access | UseUseExplosion.cs:24:1843:24:1848 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | [post] this access | UseUseExplosion.cs:24:1577:24:1580 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | [post] this access | UseUseExplosion.cs:24:1828:24:1833 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | access to property Prop | UseUseExplosion.cs:24:1561:24:1568 | ... > ... |
+| UseUseExplosion.cs:24:1561:24:1564 | access to property Prop | UseUseExplosion.cs:24:1577:24:1580 | access to property Prop |
+| UseUseExplosion.cs:24:1561:24:1564 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1561:24:1564 | this access | UseUseExplosion.cs:24:1577:24:1580 | this access |
+| UseUseExplosion.cs:24:1561:24:1564 | this access | UseUseExplosion.cs:24:1828:24:1833 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | [post] this access | UseUseExplosion.cs:24:1593:24:1596 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | [post] this access | UseUseExplosion.cs:24:1813:24:1818 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | access to property Prop | UseUseExplosion.cs:24:1577:24:1584 | ... > ... |
+| UseUseExplosion.cs:24:1577:24:1580 | access to property Prop | UseUseExplosion.cs:24:1593:24:1596 | access to property Prop |
+| UseUseExplosion.cs:24:1577:24:1580 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1577:24:1580 | this access | UseUseExplosion.cs:24:1593:24:1596 | this access |
+| UseUseExplosion.cs:24:1577:24:1580 | this access | UseUseExplosion.cs:24:1813:24:1818 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | [post] this access | UseUseExplosion.cs:24:1609:24:1612 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | [post] this access | UseUseExplosion.cs:24:1798:24:1803 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | access to property Prop | UseUseExplosion.cs:24:1593:24:1600 | ... > ... |
+| UseUseExplosion.cs:24:1593:24:1596 | access to property Prop | UseUseExplosion.cs:24:1609:24:1612 | access to property Prop |
+| UseUseExplosion.cs:24:1593:24:1596 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1593:24:1596 | this access | UseUseExplosion.cs:24:1609:24:1612 | this access |
+| UseUseExplosion.cs:24:1593:24:1596 | this access | UseUseExplosion.cs:24:1798:24:1803 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | [post] this access | UseUseExplosion.cs:24:1625:24:1628 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | [post] this access | UseUseExplosion.cs:24:1783:24:1788 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | access to property Prop | UseUseExplosion.cs:24:1609:24:1616 | ... > ... |
+| UseUseExplosion.cs:24:1609:24:1612 | access to property Prop | UseUseExplosion.cs:24:1625:24:1628 | access to property Prop |
+| UseUseExplosion.cs:24:1609:24:1612 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1609:24:1612 | this access | UseUseExplosion.cs:24:1625:24:1628 | this access |
+| UseUseExplosion.cs:24:1609:24:1612 | this access | UseUseExplosion.cs:24:1783:24:1788 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | [post] this access | UseUseExplosion.cs:24:1641:24:1644 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | [post] this access | UseUseExplosion.cs:24:1768:24:1773 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | access to property Prop | UseUseExplosion.cs:24:1625:24:1632 | ... > ... |
+| UseUseExplosion.cs:24:1625:24:1628 | access to property Prop | UseUseExplosion.cs:24:1641:24:1644 | access to property Prop |
+| UseUseExplosion.cs:24:1625:24:1628 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1625:24:1628 | this access | UseUseExplosion.cs:24:1641:24:1644 | this access |
+| UseUseExplosion.cs:24:1625:24:1628 | this access | UseUseExplosion.cs:24:1768:24:1773 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | [post] this access | UseUseExplosion.cs:24:1657:24:1660 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | [post] this access | UseUseExplosion.cs:24:1753:24:1758 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | access to property Prop | UseUseExplosion.cs:24:1641:24:1648 | ... > ... |
+| UseUseExplosion.cs:24:1641:24:1644 | access to property Prop | UseUseExplosion.cs:24:1657:24:1660 | access to property Prop |
+| UseUseExplosion.cs:24:1641:24:1644 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1641:24:1644 | this access | UseUseExplosion.cs:24:1657:24:1660 | this access |
+| UseUseExplosion.cs:24:1641:24:1644 | this access | UseUseExplosion.cs:24:1753:24:1758 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | [post] this access | UseUseExplosion.cs:24:1673:24:1676 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | [post] this access | UseUseExplosion.cs:24:1738:24:1743 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | access to property Prop | UseUseExplosion.cs:24:1657:24:1664 | ... > ... |
+| UseUseExplosion.cs:24:1657:24:1660 | access to property Prop | UseUseExplosion.cs:24:1673:24:1676 | access to property Prop |
+| UseUseExplosion.cs:24:1657:24:1660 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1657:24:1660 | this access | UseUseExplosion.cs:24:1673:24:1676 | this access |
+| UseUseExplosion.cs:24:1657:24:1660 | this access | UseUseExplosion.cs:24:1738:24:1743 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | [post] this access | UseUseExplosion.cs:24:1689:24:1692 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | [post] this access | UseUseExplosion.cs:24:1723:24:1728 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | access to property Prop | UseUseExplosion.cs:24:1673:24:1680 | ... > ... |
+| UseUseExplosion.cs:24:1673:24:1676 | access to property Prop | UseUseExplosion.cs:24:1689:24:1692 | access to property Prop |
+| UseUseExplosion.cs:24:1673:24:1676 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1673:24:1676 | this access | UseUseExplosion.cs:24:1689:24:1692 | this access |
+| UseUseExplosion.cs:24:1673:24:1676 | this access | UseUseExplosion.cs:24:1723:24:1728 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | [post] this access | UseUseExplosion.cs:24:1708:24:1713 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | access to property Prop | UseUseExplosion.cs:24:1689:24:1696 | ... > ... |
+| UseUseExplosion.cs:24:1689:24:1692 | access to property Prop | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) |
+| UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:24:1708:24:1713 | this access |
+| UseUseExplosion.cs:24:1689:24:1692 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1708:24:1713 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1708:24:1713 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1712:24:1712 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1723:24:1728 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1723:24:1728 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1727:24:1727 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1738:24:1743 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1738:24:1743 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1742:24:1742 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1753:24:1758 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1753:24:1758 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1757:24:1757 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1768:24:1773 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1768:24:1773 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1772:24:1772 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1783:24:1788 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1783:24:1788 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1787:24:1787 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1798:24:1803 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1798:24:1803 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1802:24:1802 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1813:24:1818 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1813:24:1818 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1817:24:1817 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1828:24:1833 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1828:24:1833 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1832:24:1832 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1843:24:1848 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1843:24:1848 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1847:24:1847 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1858:24:1863 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1858:24:1863 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1862:24:1862 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1873:24:1878 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1873:24:1878 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1877:24:1877 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1888:24:1893 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1888:24:1893 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1892:24:1892 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1903:24:1908 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1903:24:1908 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1907:24:1907 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1918:24:1923 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1918:24:1923 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1922:24:1922 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1933:24:1938 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1933:24:1938 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1937:24:1937 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1948:24:1953 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1948:24:1953 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1952:24:1952 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1963:24:1968 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1963:24:1968 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1967:24:1967 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1978:24:1983 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1978:24:1983 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1982:24:1982 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:1993:24:1998 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1993:24:1998 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:1997:24:1997 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2008:24:2013 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2008:24:2013 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2012:24:2012 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2023:24:2028 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2023:24:2028 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2027:24:2027 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2038:24:2043 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2038:24:2043 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2042:24:2042 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2053:24:2058 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2053:24:2058 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2057:24:2057 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2068:24:2073 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2068:24:2073 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2072:24:2072 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2083:24:2088 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2083:24:2088 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2087:24:2087 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2098:24:2103 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2098:24:2103 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2102:24:2102 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2113:24:2118 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2113:24:2118 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2117:24:2117 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2128:24:2133 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2128:24:2133 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2132:24:2132 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2143:24:2148 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2143:24:2148 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2147:24:2147 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2158:24:2163 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2158:24:2163 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2162:24:2162 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2173:24:2178 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2173:24:2178 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2177:24:2177 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2188:24:2193 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2188:24:2193 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2192:24:2192 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2203:24:2208 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2203:24:2208 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2207:24:2207 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2218:24:2223 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2218:24:2223 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2222:24:2222 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2233:24:2238 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2233:24:2238 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2237:24:2237 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2248:24:2253 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2248:24:2253 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2252:24:2252 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2263:24:2268 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2263:24:2268 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2267:24:2267 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2278:24:2283 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2278:24:2283 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2282:24:2282 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2293:24:2298 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2293:24:2298 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2297:24:2297 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2308:24:2313 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2308:24:2313 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2312:24:2312 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2323:24:2328 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2323:24:2328 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2327:24:2327 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2338:24:2343 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2338:24:2343 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2342:24:2342 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2353:24:2358 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2353:24:2358 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2357:24:2357 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2368:24:2373 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2368:24:2373 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2372:24:2372 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2383:24:2388 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2383:24:2388 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2387:24:2387 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2398:24:2403 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2398:24:2403 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2402:24:2402 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2413:24:2418 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2413:24:2418 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2417:24:2417 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2428:24:2433 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2428:24:2433 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2432:24:2432 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2443:24:2448 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2443:24:2448 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2447:24:2447 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2458:24:2463 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2458:24:2463 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2462:24:2462 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2473:24:2478 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2473:24:2478 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2477:24:2477 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2488:24:2493 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2488:24:2493 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2492:24:2492 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2503:24:2508 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2503:24:2508 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2507:24:2507 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2518:24:2523 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2518:24:2523 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2522:24:2522 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2533:24:2538 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2533:24:2538 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2537:24:2537 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2548:24:2553 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2548:24:2553 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2552:24:2552 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2563:24:2568 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2563:24:2568 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2567:24:2567 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2578:24:2583 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2578:24:2583 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2582:24:2582 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2593:24:2598 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2593:24:2598 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2597:24:2597 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2608:24:2613 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2608:24:2613 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2612:24:2612 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2623:24:2628 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2623:24:2628 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2627:24:2627 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2638:24:2643 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2638:24:2643 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2642:24:2642 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2653:24:2658 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2653:24:2658 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2657:24:2657 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2668:24:2673 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2668:24:2673 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2672:24:2672 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2683:24:2688 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2683:24:2688 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2687:24:2687 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2698:24:2703 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2698:24:2703 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2702:24:2702 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2713:24:2718 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2713:24:2718 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2717:24:2717 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2728:24:2733 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2728:24:2733 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2732:24:2732 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2743:24:2748 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2743:24:2748 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2747:24:2747 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2758:24:2763 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2758:24:2763 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2762:24:2762 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2773:24:2778 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2773:24:2778 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2777:24:2777 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2788:24:2793 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2788:24:2793 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2792:24:2792 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2803:24:2808 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2803:24:2808 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2807:24:2807 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2818:24:2823 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2818:24:2823 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2822:24:2822 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2833:24:2838 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2833:24:2838 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2837:24:2837 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2848:24:2853 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2848:24:2853 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2852:24:2852 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2863:24:2868 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2863:24:2868 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2867:24:2867 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2878:24:2883 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2878:24:2883 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2882:24:2882 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2893:24:2898 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2893:24:2898 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2897:24:2897 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2908:24:2913 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2908:24:2913 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2912:24:2912 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2923:24:2928 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2923:24:2928 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2927:24:2927 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2938:24:2943 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2938:24:2943 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2942:24:2942 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2953:24:2958 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2953:24:2958 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2957:24:2957 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2968:24:2973 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2968:24:2973 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2972:24:2972 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2983:24:2988 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2983:24:2988 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2987:24:2987 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:2998:24:3003 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:2998:24:3003 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3002:24:3002 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3013:24:3018 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3013:24:3018 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3017:24:3017 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3028:24:3033 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3028:24:3033 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3032:24:3032 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3043:24:3048 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3043:24:3048 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3047:24:3047 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3058:24:3063 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3058:24:3063 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3062:24:3062 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3073:24:3078 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3073:24:3078 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3077:24:3077 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3088:24:3093 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3088:24:3093 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3092:24:3092 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3103:24:3108 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3103:24:3108 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3107:24:3107 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3118:24:3123 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3118:24:3123 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3122:24:3122 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3133:24:3138 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3133:24:3138 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3137:24:3137 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3148:24:3153 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3148:24:3153 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3152:24:3152 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3163:24:3168 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3163:24:3168 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3167:24:3167 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3178:24:3183 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3178:24:3183 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3182:24:3182 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:24:3193:24:3198 | [post] this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3193:24:3198 | this access | UseUseExplosion.cs:25:13:25:16 | this access |
+| UseUseExplosion.cs:24:3197:24:3197 | access to local variable x | UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(this.Prop) | UseUseExplosion.cs:25:13:25:16 | access to property Prop |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1712:25:1712 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1727:25:1727 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1742:25:1742 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1757:25:1757 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1772:25:1772 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1787:25:1787 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1802:25:1802 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1817:25:1817 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1832:25:1832 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1847:25:1847 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1862:25:1862 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1877:25:1877 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1892:25:1892 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1907:25:1907 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1922:25:1922 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1937:25:1937 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1952:25:1952 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1967:25:1967 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1982:25:1982 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:1997:25:1997 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2012:25:2012 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2027:25:2027 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2042:25:2042 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2057:25:2057 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2072:25:2072 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2087:25:2087 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2102:25:2102 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2117:25:2117 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2132:25:2132 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2147:25:2147 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2162:25:2162 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2177:25:2177 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2192:25:2192 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2207:25:2207 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2222:25:2222 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2237:25:2237 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2252:25:2252 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2267:25:2267 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2282:25:2282 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2297:25:2297 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2312:25:2312 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2327:25:2327 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2342:25:2342 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2357:25:2357 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2372:25:2372 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2387:25:2387 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2402:25:2402 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2417:25:2417 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2432:25:2432 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2447:25:2447 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2462:25:2462 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2477:25:2477 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2492:25:2492 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2507:25:2507 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2522:25:2522 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2537:25:2537 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2552:25:2552 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2567:25:2567 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2582:25:2582 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2597:25:2597 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2612:25:2612 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2627:25:2627 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2642:25:2642 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2657:25:2657 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2672:25:2672 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2687:25:2687 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2702:25:2702 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2717:25:2717 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2732:25:2732 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2747:25:2747 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2762:25:2762 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2777:25:2777 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2792:25:2792 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2807:25:2807 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2822:25:2822 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2837:25:2837 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2852:25:2852 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2867:25:2867 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2882:25:2882 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2897:25:2897 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2912:25:2912 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2927:25:2927 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2942:25:2942 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2957:25:2957 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2972:25:2972 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:2987:25:2987 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3002:25:3002 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3017:25:3017 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3032:25:3032 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3047:25:3047 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3062:25:3062 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3077:25:3077 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3092:25:3092 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3107:25:3107 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3122:25:3122 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3137:25:3137 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3152:25:3152 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3167:25:3167 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3182:25:3182 | access to local variable x |
+| UseUseExplosion.cs:25:9:25:3199 | SSA phi read(x) | UseUseExplosion.cs:25:3197:25:3197 | access to local variable x |
+| UseUseExplosion.cs:25:13:25:16 | [post] this access | UseUseExplosion.cs:25:31:25:34 | this access |
+| UseUseExplosion.cs:25:13:25:16 | [post] this access | UseUseExplosion.cs:25:3193:25:3198 | this access |
+| UseUseExplosion.cs:25:13:25:16 | access to property Prop | UseUseExplosion.cs:25:13:25:22 | ... > ... |
+| UseUseExplosion.cs:25:13:25:16 | access to property Prop | UseUseExplosion.cs:25:31:25:34 | access to property Prop |
+| UseUseExplosion.cs:25:13:25:16 | this access | UseUseExplosion.cs:25:31:25:34 | this access |
+| UseUseExplosion.cs:25:13:25:16 | this access | UseUseExplosion.cs:25:3193:25:3198 | this access |
+| UseUseExplosion.cs:25:31:25:34 | [post] this access | UseUseExplosion.cs:25:48:25:51 | this access |
+| UseUseExplosion.cs:25:31:25:34 | [post] this access | UseUseExplosion.cs:25:3178:25:3183 | this access |
+| UseUseExplosion.cs:25:31:25:34 | access to property Prop | UseUseExplosion.cs:25:31:25:39 | ... > ... |
+| UseUseExplosion.cs:25:31:25:34 | access to property Prop | UseUseExplosion.cs:25:48:25:51 | access to property Prop |
+| UseUseExplosion.cs:25:31:25:34 | this access | UseUseExplosion.cs:25:48:25:51 | this access |
+| UseUseExplosion.cs:25:31:25:34 | this access | UseUseExplosion.cs:25:3178:25:3183 | this access |
+| UseUseExplosion.cs:25:48:25:51 | [post] this access | UseUseExplosion.cs:25:65:25:68 | this access |
+| UseUseExplosion.cs:25:48:25:51 | [post] this access | UseUseExplosion.cs:25:3163:25:3168 | this access |
+| UseUseExplosion.cs:25:48:25:51 | access to property Prop | UseUseExplosion.cs:25:48:25:56 | ... > ... |
+| UseUseExplosion.cs:25:48:25:51 | access to property Prop | UseUseExplosion.cs:25:65:25:68 | access to property Prop |
+| UseUseExplosion.cs:25:48:25:51 | this access | UseUseExplosion.cs:25:65:25:68 | this access |
+| UseUseExplosion.cs:25:48:25:51 | this access | UseUseExplosion.cs:25:3163:25:3168 | this access |
+| UseUseExplosion.cs:25:65:25:68 | [post] this access | UseUseExplosion.cs:25:82:25:85 | this access |
+| UseUseExplosion.cs:25:65:25:68 | [post] this access | UseUseExplosion.cs:25:3148:25:3153 | this access |
+| UseUseExplosion.cs:25:65:25:68 | access to property Prop | UseUseExplosion.cs:25:65:25:73 | ... > ... |
+| UseUseExplosion.cs:25:65:25:68 | access to property Prop | UseUseExplosion.cs:25:82:25:85 | access to property Prop |
+| UseUseExplosion.cs:25:65:25:68 | this access | UseUseExplosion.cs:25:82:25:85 | this access |
+| UseUseExplosion.cs:25:65:25:68 | this access | UseUseExplosion.cs:25:3148:25:3153 | this access |
+| UseUseExplosion.cs:25:82:25:85 | [post] this access | UseUseExplosion.cs:25:99:25:102 | this access |
+| UseUseExplosion.cs:25:82:25:85 | [post] this access | UseUseExplosion.cs:25:3133:25:3138 | this access |
+| UseUseExplosion.cs:25:82:25:85 | access to property Prop | UseUseExplosion.cs:25:82:25:90 | ... > ... |
+| UseUseExplosion.cs:25:82:25:85 | access to property Prop | UseUseExplosion.cs:25:99:25:102 | access to property Prop |
+| UseUseExplosion.cs:25:82:25:85 | this access | UseUseExplosion.cs:25:99:25:102 | this access |
+| UseUseExplosion.cs:25:82:25:85 | this access | UseUseExplosion.cs:25:3133:25:3138 | this access |
+| UseUseExplosion.cs:25:99:25:102 | [post] this access | UseUseExplosion.cs:25:116:25:119 | this access |
+| UseUseExplosion.cs:25:99:25:102 | [post] this access | UseUseExplosion.cs:25:3118:25:3123 | this access |
+| UseUseExplosion.cs:25:99:25:102 | access to property Prop | UseUseExplosion.cs:25:99:25:107 | ... > ... |
+| UseUseExplosion.cs:25:99:25:102 | access to property Prop | UseUseExplosion.cs:25:116:25:119 | access to property Prop |
+| UseUseExplosion.cs:25:99:25:102 | this access | UseUseExplosion.cs:25:116:25:119 | this access |
+| UseUseExplosion.cs:25:99:25:102 | this access | UseUseExplosion.cs:25:3118:25:3123 | this access |
+| UseUseExplosion.cs:25:116:25:119 | [post] this access | UseUseExplosion.cs:25:133:25:136 | this access |
+| UseUseExplosion.cs:25:116:25:119 | [post] this access | UseUseExplosion.cs:25:3103:25:3108 | this access |
+| UseUseExplosion.cs:25:116:25:119 | access to property Prop | UseUseExplosion.cs:25:116:25:124 | ... > ... |
+| UseUseExplosion.cs:25:116:25:119 | access to property Prop | UseUseExplosion.cs:25:133:25:136 | access to property Prop |
+| UseUseExplosion.cs:25:116:25:119 | this access | UseUseExplosion.cs:25:133:25:136 | this access |
+| UseUseExplosion.cs:25:116:25:119 | this access | UseUseExplosion.cs:25:3103:25:3108 | this access |
+| UseUseExplosion.cs:25:133:25:136 | [post] this access | UseUseExplosion.cs:25:150:25:153 | this access |
+| UseUseExplosion.cs:25:133:25:136 | [post] this access | UseUseExplosion.cs:25:3088:25:3093 | this access |
+| UseUseExplosion.cs:25:133:25:136 | access to property Prop | UseUseExplosion.cs:25:133:25:141 | ... > ... |
+| UseUseExplosion.cs:25:133:25:136 | access to property Prop | UseUseExplosion.cs:25:150:25:153 | access to property Prop |
+| UseUseExplosion.cs:25:133:25:136 | this access | UseUseExplosion.cs:25:150:25:153 | this access |
+| UseUseExplosion.cs:25:133:25:136 | this access | UseUseExplosion.cs:25:3088:25:3093 | this access |
+| UseUseExplosion.cs:25:150:25:153 | [post] this access | UseUseExplosion.cs:25:167:25:170 | this access |
+| UseUseExplosion.cs:25:150:25:153 | [post] this access | UseUseExplosion.cs:25:3073:25:3078 | this access |
+| UseUseExplosion.cs:25:150:25:153 | access to property Prop | UseUseExplosion.cs:25:150:25:158 | ... > ... |
+| UseUseExplosion.cs:25:150:25:153 | access to property Prop | UseUseExplosion.cs:25:167:25:170 | access to property Prop |
+| UseUseExplosion.cs:25:150:25:153 | this access | UseUseExplosion.cs:25:167:25:170 | this access |
+| UseUseExplosion.cs:25:150:25:153 | this access | UseUseExplosion.cs:25:3073:25:3078 | this access |
+| UseUseExplosion.cs:25:167:25:170 | [post] this access | UseUseExplosion.cs:25:184:25:187 | this access |
+| UseUseExplosion.cs:25:167:25:170 | [post] this access | UseUseExplosion.cs:25:3058:25:3063 | this access |
+| UseUseExplosion.cs:25:167:25:170 | access to property Prop | UseUseExplosion.cs:25:167:25:175 | ... > ... |
+| UseUseExplosion.cs:25:167:25:170 | access to property Prop | UseUseExplosion.cs:25:184:25:187 | access to property Prop |
+| UseUseExplosion.cs:25:167:25:170 | this access | UseUseExplosion.cs:25:184:25:187 | this access |
+| UseUseExplosion.cs:25:167:25:170 | this access | UseUseExplosion.cs:25:3058:25:3063 | this access |
+| UseUseExplosion.cs:25:184:25:187 | [post] this access | UseUseExplosion.cs:25:201:25:204 | this access |
+| UseUseExplosion.cs:25:184:25:187 | [post] this access | UseUseExplosion.cs:25:3043:25:3048 | this access |
+| UseUseExplosion.cs:25:184:25:187 | access to property Prop | UseUseExplosion.cs:25:184:25:192 | ... > ... |
+| UseUseExplosion.cs:25:184:25:187 | access to property Prop | UseUseExplosion.cs:25:201:25:204 | access to property Prop |
+| UseUseExplosion.cs:25:184:25:187 | this access | UseUseExplosion.cs:25:201:25:204 | this access |
+| UseUseExplosion.cs:25:184:25:187 | this access | UseUseExplosion.cs:25:3043:25:3048 | this access |
+| UseUseExplosion.cs:25:201:25:204 | [post] this access | UseUseExplosion.cs:25:218:25:221 | this access |
+| UseUseExplosion.cs:25:201:25:204 | [post] this access | UseUseExplosion.cs:25:3028:25:3033 | this access |
+| UseUseExplosion.cs:25:201:25:204 | access to property Prop | UseUseExplosion.cs:25:201:25:209 | ... > ... |
+| UseUseExplosion.cs:25:201:25:204 | access to property Prop | UseUseExplosion.cs:25:218:25:221 | access to property Prop |
+| UseUseExplosion.cs:25:201:25:204 | this access | UseUseExplosion.cs:25:218:25:221 | this access |
+| UseUseExplosion.cs:25:201:25:204 | this access | UseUseExplosion.cs:25:3028:25:3033 | this access |
+| UseUseExplosion.cs:25:218:25:221 | [post] this access | UseUseExplosion.cs:25:235:25:238 | this access |
+| UseUseExplosion.cs:25:218:25:221 | [post] this access | UseUseExplosion.cs:25:3013:25:3018 | this access |
+| UseUseExplosion.cs:25:218:25:221 | access to property Prop | UseUseExplosion.cs:25:218:25:226 | ... > ... |
+| UseUseExplosion.cs:25:218:25:221 | access to property Prop | UseUseExplosion.cs:25:235:25:238 | access to property Prop |
+| UseUseExplosion.cs:25:218:25:221 | this access | UseUseExplosion.cs:25:235:25:238 | this access |
+| UseUseExplosion.cs:25:218:25:221 | this access | UseUseExplosion.cs:25:3013:25:3018 | this access |
+| UseUseExplosion.cs:25:235:25:238 | [post] this access | UseUseExplosion.cs:25:252:25:255 | this access |
+| UseUseExplosion.cs:25:235:25:238 | [post] this access | UseUseExplosion.cs:25:2998:25:3003 | this access |
+| UseUseExplosion.cs:25:235:25:238 | access to property Prop | UseUseExplosion.cs:25:235:25:243 | ... > ... |
+| UseUseExplosion.cs:25:235:25:238 | access to property Prop | UseUseExplosion.cs:25:252:25:255 | access to property Prop |
+| UseUseExplosion.cs:25:235:25:238 | this access | UseUseExplosion.cs:25:252:25:255 | this access |
+| UseUseExplosion.cs:25:235:25:238 | this access | UseUseExplosion.cs:25:2998:25:3003 | this access |
+| UseUseExplosion.cs:25:252:25:255 | [post] this access | UseUseExplosion.cs:25:269:25:272 | this access |
+| UseUseExplosion.cs:25:252:25:255 | [post] this access | UseUseExplosion.cs:25:2983:25:2988 | this access |
+| UseUseExplosion.cs:25:252:25:255 | access to property Prop | UseUseExplosion.cs:25:252:25:260 | ... > ... |
+| UseUseExplosion.cs:25:252:25:255 | access to property Prop | UseUseExplosion.cs:25:269:25:272 | access to property Prop |
+| UseUseExplosion.cs:25:252:25:255 | this access | UseUseExplosion.cs:25:269:25:272 | this access |
+| UseUseExplosion.cs:25:252:25:255 | this access | UseUseExplosion.cs:25:2983:25:2988 | this access |
+| UseUseExplosion.cs:25:269:25:272 | [post] this access | UseUseExplosion.cs:25:286:25:289 | this access |
+| UseUseExplosion.cs:25:269:25:272 | [post] this access | UseUseExplosion.cs:25:2968:25:2973 | this access |
+| UseUseExplosion.cs:25:269:25:272 | access to property Prop | UseUseExplosion.cs:25:269:25:277 | ... > ... |
+| UseUseExplosion.cs:25:269:25:272 | access to property Prop | UseUseExplosion.cs:25:286:25:289 | access to property Prop |
+| UseUseExplosion.cs:25:269:25:272 | this access | UseUseExplosion.cs:25:286:25:289 | this access |
+| UseUseExplosion.cs:25:269:25:272 | this access | UseUseExplosion.cs:25:2968:25:2973 | this access |
+| UseUseExplosion.cs:25:286:25:289 | [post] this access | UseUseExplosion.cs:25:303:25:306 | this access |
+| UseUseExplosion.cs:25:286:25:289 | [post] this access | UseUseExplosion.cs:25:2953:25:2958 | this access |
+| UseUseExplosion.cs:25:286:25:289 | access to property Prop | UseUseExplosion.cs:25:286:25:294 | ... > ... |
+| UseUseExplosion.cs:25:286:25:289 | access to property Prop | UseUseExplosion.cs:25:303:25:306 | access to property Prop |
+| UseUseExplosion.cs:25:286:25:289 | this access | UseUseExplosion.cs:25:303:25:306 | this access |
+| UseUseExplosion.cs:25:286:25:289 | this access | UseUseExplosion.cs:25:2953:25:2958 | this access |
+| UseUseExplosion.cs:25:303:25:306 | [post] this access | UseUseExplosion.cs:25:320:25:323 | this access |
+| UseUseExplosion.cs:25:303:25:306 | [post] this access | UseUseExplosion.cs:25:2938:25:2943 | this access |
+| UseUseExplosion.cs:25:303:25:306 | access to property Prop | UseUseExplosion.cs:25:303:25:311 | ... > ... |
+| UseUseExplosion.cs:25:303:25:306 | access to property Prop | UseUseExplosion.cs:25:320:25:323 | access to property Prop |
+| UseUseExplosion.cs:25:303:25:306 | this access | UseUseExplosion.cs:25:320:25:323 | this access |
+| UseUseExplosion.cs:25:303:25:306 | this access | UseUseExplosion.cs:25:2938:25:2943 | this access |
+| UseUseExplosion.cs:25:320:25:323 | [post] this access | UseUseExplosion.cs:25:337:25:340 | this access |
+| UseUseExplosion.cs:25:320:25:323 | [post] this access | UseUseExplosion.cs:25:2923:25:2928 | this access |
+| UseUseExplosion.cs:25:320:25:323 | access to property Prop | UseUseExplosion.cs:25:320:25:328 | ... > ... |
+| UseUseExplosion.cs:25:320:25:323 | access to property Prop | UseUseExplosion.cs:25:337:25:340 | access to property Prop |
+| UseUseExplosion.cs:25:320:25:323 | this access | UseUseExplosion.cs:25:337:25:340 | this access |
+| UseUseExplosion.cs:25:320:25:323 | this access | UseUseExplosion.cs:25:2923:25:2928 | this access |
+| UseUseExplosion.cs:25:337:25:340 | [post] this access | UseUseExplosion.cs:25:354:25:357 | this access |
+| UseUseExplosion.cs:25:337:25:340 | [post] this access | UseUseExplosion.cs:25:2908:25:2913 | this access |
+| UseUseExplosion.cs:25:337:25:340 | access to property Prop | UseUseExplosion.cs:25:337:25:345 | ... > ... |
+| UseUseExplosion.cs:25:337:25:340 | access to property Prop | UseUseExplosion.cs:25:354:25:357 | access to property Prop |
+| UseUseExplosion.cs:25:337:25:340 | this access | UseUseExplosion.cs:25:354:25:357 | this access |
+| UseUseExplosion.cs:25:337:25:340 | this access | UseUseExplosion.cs:25:2908:25:2913 | this access |
+| UseUseExplosion.cs:25:354:25:357 | [post] this access | UseUseExplosion.cs:25:371:25:374 | this access |
+| UseUseExplosion.cs:25:354:25:357 | [post] this access | UseUseExplosion.cs:25:2893:25:2898 | this access |
+| UseUseExplosion.cs:25:354:25:357 | access to property Prop | UseUseExplosion.cs:25:354:25:362 | ... > ... |
+| UseUseExplosion.cs:25:354:25:357 | access to property Prop | UseUseExplosion.cs:25:371:25:374 | access to property Prop |
+| UseUseExplosion.cs:25:354:25:357 | this access | UseUseExplosion.cs:25:371:25:374 | this access |
+| UseUseExplosion.cs:25:354:25:357 | this access | UseUseExplosion.cs:25:2893:25:2898 | this access |
+| UseUseExplosion.cs:25:371:25:374 | [post] this access | UseUseExplosion.cs:25:388:25:391 | this access |
+| UseUseExplosion.cs:25:371:25:374 | [post] this access | UseUseExplosion.cs:25:2878:25:2883 | this access |
+| UseUseExplosion.cs:25:371:25:374 | access to property Prop | UseUseExplosion.cs:25:371:25:379 | ... > ... |
+| UseUseExplosion.cs:25:371:25:374 | access to property Prop | UseUseExplosion.cs:25:388:25:391 | access to property Prop |
+| UseUseExplosion.cs:25:371:25:374 | this access | UseUseExplosion.cs:25:388:25:391 | this access |
+| UseUseExplosion.cs:25:371:25:374 | this access | UseUseExplosion.cs:25:2878:25:2883 | this access |
+| UseUseExplosion.cs:25:388:25:391 | [post] this access | UseUseExplosion.cs:25:405:25:408 | this access |
+| UseUseExplosion.cs:25:388:25:391 | [post] this access | UseUseExplosion.cs:25:2863:25:2868 | this access |
+| UseUseExplosion.cs:25:388:25:391 | access to property Prop | UseUseExplosion.cs:25:388:25:396 | ... > ... |
+| UseUseExplosion.cs:25:388:25:391 | access to property Prop | UseUseExplosion.cs:25:405:25:408 | access to property Prop |
+| UseUseExplosion.cs:25:388:25:391 | this access | UseUseExplosion.cs:25:405:25:408 | this access |
+| UseUseExplosion.cs:25:388:25:391 | this access | UseUseExplosion.cs:25:2863:25:2868 | this access |
+| UseUseExplosion.cs:25:405:25:408 | [post] this access | UseUseExplosion.cs:25:422:25:425 | this access |
+| UseUseExplosion.cs:25:405:25:408 | [post] this access | UseUseExplosion.cs:25:2848:25:2853 | this access |
+| UseUseExplosion.cs:25:405:25:408 | access to property Prop | UseUseExplosion.cs:25:405:25:413 | ... > ... |
+| UseUseExplosion.cs:25:405:25:408 | access to property Prop | UseUseExplosion.cs:25:422:25:425 | access to property Prop |
+| UseUseExplosion.cs:25:405:25:408 | this access | UseUseExplosion.cs:25:422:25:425 | this access |
+| UseUseExplosion.cs:25:405:25:408 | this access | UseUseExplosion.cs:25:2848:25:2853 | this access |
+| UseUseExplosion.cs:25:422:25:425 | [post] this access | UseUseExplosion.cs:25:439:25:442 | this access |
+| UseUseExplosion.cs:25:422:25:425 | [post] this access | UseUseExplosion.cs:25:2833:25:2838 | this access |
+| UseUseExplosion.cs:25:422:25:425 | access to property Prop | UseUseExplosion.cs:25:422:25:430 | ... > ... |
+| UseUseExplosion.cs:25:422:25:425 | access to property Prop | UseUseExplosion.cs:25:439:25:442 | access to property Prop |
+| UseUseExplosion.cs:25:422:25:425 | this access | UseUseExplosion.cs:25:439:25:442 | this access |
+| UseUseExplosion.cs:25:422:25:425 | this access | UseUseExplosion.cs:25:2833:25:2838 | this access |
+| UseUseExplosion.cs:25:439:25:442 | [post] this access | UseUseExplosion.cs:25:456:25:459 | this access |
+| UseUseExplosion.cs:25:439:25:442 | [post] this access | UseUseExplosion.cs:25:2818:25:2823 | this access |
+| UseUseExplosion.cs:25:439:25:442 | access to property Prop | UseUseExplosion.cs:25:439:25:447 | ... > ... |
+| UseUseExplosion.cs:25:439:25:442 | access to property Prop | UseUseExplosion.cs:25:456:25:459 | access to property Prop |
+| UseUseExplosion.cs:25:439:25:442 | this access | UseUseExplosion.cs:25:456:25:459 | this access |
+| UseUseExplosion.cs:25:439:25:442 | this access | UseUseExplosion.cs:25:2818:25:2823 | this access |
+| UseUseExplosion.cs:25:456:25:459 | [post] this access | UseUseExplosion.cs:25:473:25:476 | this access |
+| UseUseExplosion.cs:25:456:25:459 | [post] this access | UseUseExplosion.cs:25:2803:25:2808 | this access |
+| UseUseExplosion.cs:25:456:25:459 | access to property Prop | UseUseExplosion.cs:25:456:25:464 | ... > ... |
+| UseUseExplosion.cs:25:456:25:459 | access to property Prop | UseUseExplosion.cs:25:473:25:476 | access to property Prop |
+| UseUseExplosion.cs:25:456:25:459 | this access | UseUseExplosion.cs:25:473:25:476 | this access |
+| UseUseExplosion.cs:25:456:25:459 | this access | UseUseExplosion.cs:25:2803:25:2808 | this access |
+| UseUseExplosion.cs:25:473:25:476 | [post] this access | UseUseExplosion.cs:25:490:25:493 | this access |
+| UseUseExplosion.cs:25:473:25:476 | [post] this access | UseUseExplosion.cs:25:2788:25:2793 | this access |
+| UseUseExplosion.cs:25:473:25:476 | access to property Prop | UseUseExplosion.cs:25:473:25:481 | ... > ... |
+| UseUseExplosion.cs:25:473:25:476 | access to property Prop | UseUseExplosion.cs:25:490:25:493 | access to property Prop |
+| UseUseExplosion.cs:25:473:25:476 | this access | UseUseExplosion.cs:25:490:25:493 | this access |
+| UseUseExplosion.cs:25:473:25:476 | this access | UseUseExplosion.cs:25:2788:25:2793 | this access |
+| UseUseExplosion.cs:25:490:25:493 | [post] this access | UseUseExplosion.cs:25:507:25:510 | this access |
+| UseUseExplosion.cs:25:490:25:493 | [post] this access | UseUseExplosion.cs:25:2773:25:2778 | this access |
+| UseUseExplosion.cs:25:490:25:493 | access to property Prop | UseUseExplosion.cs:25:490:25:498 | ... > ... |
+| UseUseExplosion.cs:25:490:25:493 | access to property Prop | UseUseExplosion.cs:25:507:25:510 | access to property Prop |
+| UseUseExplosion.cs:25:490:25:493 | this access | UseUseExplosion.cs:25:507:25:510 | this access |
+| UseUseExplosion.cs:25:490:25:493 | this access | UseUseExplosion.cs:25:2773:25:2778 | this access |
+| UseUseExplosion.cs:25:507:25:510 | [post] this access | UseUseExplosion.cs:25:524:25:527 | this access |
+| UseUseExplosion.cs:25:507:25:510 | [post] this access | UseUseExplosion.cs:25:2758:25:2763 | this access |
+| UseUseExplosion.cs:25:507:25:510 | access to property Prop | UseUseExplosion.cs:25:507:25:515 | ... > ... |
+| UseUseExplosion.cs:25:507:25:510 | access to property Prop | UseUseExplosion.cs:25:524:25:527 | access to property Prop |
+| UseUseExplosion.cs:25:507:25:510 | this access | UseUseExplosion.cs:25:524:25:527 | this access |
+| UseUseExplosion.cs:25:507:25:510 | this access | UseUseExplosion.cs:25:2758:25:2763 | this access |
+| UseUseExplosion.cs:25:524:25:527 | [post] this access | UseUseExplosion.cs:25:541:25:544 | this access |
+| UseUseExplosion.cs:25:524:25:527 | [post] this access | UseUseExplosion.cs:25:2743:25:2748 | this access |
+| UseUseExplosion.cs:25:524:25:527 | access to property Prop | UseUseExplosion.cs:25:524:25:532 | ... > ... |
+| UseUseExplosion.cs:25:524:25:527 | access to property Prop | UseUseExplosion.cs:25:541:25:544 | access to property Prop |
+| UseUseExplosion.cs:25:524:25:527 | this access | UseUseExplosion.cs:25:541:25:544 | this access |
+| UseUseExplosion.cs:25:524:25:527 | this access | UseUseExplosion.cs:25:2743:25:2748 | this access |
+| UseUseExplosion.cs:25:541:25:544 | [post] this access | UseUseExplosion.cs:25:558:25:561 | this access |
+| UseUseExplosion.cs:25:541:25:544 | [post] this access | UseUseExplosion.cs:25:2728:25:2733 | this access |
+| UseUseExplosion.cs:25:541:25:544 | access to property Prop | UseUseExplosion.cs:25:541:25:549 | ... > ... |
+| UseUseExplosion.cs:25:541:25:544 | access to property Prop | UseUseExplosion.cs:25:558:25:561 | access to property Prop |
+| UseUseExplosion.cs:25:541:25:544 | this access | UseUseExplosion.cs:25:558:25:561 | this access |
+| UseUseExplosion.cs:25:541:25:544 | this access | UseUseExplosion.cs:25:2728:25:2733 | this access |
+| UseUseExplosion.cs:25:558:25:561 | [post] this access | UseUseExplosion.cs:25:575:25:578 | this access |
+| UseUseExplosion.cs:25:558:25:561 | [post] this access | UseUseExplosion.cs:25:2713:25:2718 | this access |
+| UseUseExplosion.cs:25:558:25:561 | access to property Prop | UseUseExplosion.cs:25:558:25:566 | ... > ... |
+| UseUseExplosion.cs:25:558:25:561 | access to property Prop | UseUseExplosion.cs:25:575:25:578 | access to property Prop |
+| UseUseExplosion.cs:25:558:25:561 | this access | UseUseExplosion.cs:25:575:25:578 | this access |
+| UseUseExplosion.cs:25:558:25:561 | this access | UseUseExplosion.cs:25:2713:25:2718 | this access |
+| UseUseExplosion.cs:25:575:25:578 | [post] this access | UseUseExplosion.cs:25:592:25:595 | this access |
+| UseUseExplosion.cs:25:575:25:578 | [post] this access | UseUseExplosion.cs:25:2698:25:2703 | this access |
+| UseUseExplosion.cs:25:575:25:578 | access to property Prop | UseUseExplosion.cs:25:575:25:583 | ... > ... |
+| UseUseExplosion.cs:25:575:25:578 | access to property Prop | UseUseExplosion.cs:25:592:25:595 | access to property Prop |
+| UseUseExplosion.cs:25:575:25:578 | this access | UseUseExplosion.cs:25:592:25:595 | this access |
+| UseUseExplosion.cs:25:575:25:578 | this access | UseUseExplosion.cs:25:2698:25:2703 | this access |
+| UseUseExplosion.cs:25:592:25:595 | [post] this access | UseUseExplosion.cs:25:609:25:612 | this access |
+| UseUseExplosion.cs:25:592:25:595 | [post] this access | UseUseExplosion.cs:25:2683:25:2688 | this access |
+| UseUseExplosion.cs:25:592:25:595 | access to property Prop | UseUseExplosion.cs:25:592:25:600 | ... > ... |
+| UseUseExplosion.cs:25:592:25:595 | access to property Prop | UseUseExplosion.cs:25:609:25:612 | access to property Prop |
+| UseUseExplosion.cs:25:592:25:595 | this access | UseUseExplosion.cs:25:609:25:612 | this access |
+| UseUseExplosion.cs:25:592:25:595 | this access | UseUseExplosion.cs:25:2683:25:2688 | this access |
+| UseUseExplosion.cs:25:609:25:612 | [post] this access | UseUseExplosion.cs:25:626:25:629 | this access |
+| UseUseExplosion.cs:25:609:25:612 | [post] this access | UseUseExplosion.cs:25:2668:25:2673 | this access |
+| UseUseExplosion.cs:25:609:25:612 | access to property Prop | UseUseExplosion.cs:25:609:25:617 | ... > ... |
+| UseUseExplosion.cs:25:609:25:612 | access to property Prop | UseUseExplosion.cs:25:626:25:629 | access to property Prop |
+| UseUseExplosion.cs:25:609:25:612 | this access | UseUseExplosion.cs:25:626:25:629 | this access |
+| UseUseExplosion.cs:25:609:25:612 | this access | UseUseExplosion.cs:25:2668:25:2673 | this access |
+| UseUseExplosion.cs:25:626:25:629 | [post] this access | UseUseExplosion.cs:25:643:25:646 | this access |
+| UseUseExplosion.cs:25:626:25:629 | [post] this access | UseUseExplosion.cs:25:2653:25:2658 | this access |
+| UseUseExplosion.cs:25:626:25:629 | access to property Prop | UseUseExplosion.cs:25:626:25:634 | ... > ... |
+| UseUseExplosion.cs:25:626:25:629 | access to property Prop | UseUseExplosion.cs:25:643:25:646 | access to property Prop |
+| UseUseExplosion.cs:25:626:25:629 | this access | UseUseExplosion.cs:25:643:25:646 | this access |
+| UseUseExplosion.cs:25:626:25:629 | this access | UseUseExplosion.cs:25:2653:25:2658 | this access |
+| UseUseExplosion.cs:25:643:25:646 | [post] this access | UseUseExplosion.cs:25:660:25:663 | this access |
+| UseUseExplosion.cs:25:643:25:646 | [post] this access | UseUseExplosion.cs:25:2638:25:2643 | this access |
+| UseUseExplosion.cs:25:643:25:646 | access to property Prop | UseUseExplosion.cs:25:643:25:651 | ... > ... |
+| UseUseExplosion.cs:25:643:25:646 | access to property Prop | UseUseExplosion.cs:25:660:25:663 | access to property Prop |
+| UseUseExplosion.cs:25:643:25:646 | this access | UseUseExplosion.cs:25:660:25:663 | this access |
+| UseUseExplosion.cs:25:643:25:646 | this access | UseUseExplosion.cs:25:2638:25:2643 | this access |
+| UseUseExplosion.cs:25:660:25:663 | [post] this access | UseUseExplosion.cs:25:677:25:680 | this access |
+| UseUseExplosion.cs:25:660:25:663 | [post] this access | UseUseExplosion.cs:25:2623:25:2628 | this access |
+| UseUseExplosion.cs:25:660:25:663 | access to property Prop | UseUseExplosion.cs:25:660:25:668 | ... > ... |
+| UseUseExplosion.cs:25:660:25:663 | access to property Prop | UseUseExplosion.cs:25:677:25:680 | access to property Prop |
+| UseUseExplosion.cs:25:660:25:663 | this access | UseUseExplosion.cs:25:677:25:680 | this access |
+| UseUseExplosion.cs:25:660:25:663 | this access | UseUseExplosion.cs:25:2623:25:2628 | this access |
+| UseUseExplosion.cs:25:677:25:680 | [post] this access | UseUseExplosion.cs:25:694:25:697 | this access |
+| UseUseExplosion.cs:25:677:25:680 | [post] this access | UseUseExplosion.cs:25:2608:25:2613 | this access |
+| UseUseExplosion.cs:25:677:25:680 | access to property Prop | UseUseExplosion.cs:25:677:25:685 | ... > ... |
+| UseUseExplosion.cs:25:677:25:680 | access to property Prop | UseUseExplosion.cs:25:694:25:697 | access to property Prop |
+| UseUseExplosion.cs:25:677:25:680 | this access | UseUseExplosion.cs:25:694:25:697 | this access |
+| UseUseExplosion.cs:25:677:25:680 | this access | UseUseExplosion.cs:25:2608:25:2613 | this access |
+| UseUseExplosion.cs:25:694:25:697 | [post] this access | UseUseExplosion.cs:25:711:25:714 | this access |
+| UseUseExplosion.cs:25:694:25:697 | [post] this access | UseUseExplosion.cs:25:2593:25:2598 | this access |
+| UseUseExplosion.cs:25:694:25:697 | access to property Prop | UseUseExplosion.cs:25:694:25:702 | ... > ... |
+| UseUseExplosion.cs:25:694:25:697 | access to property Prop | UseUseExplosion.cs:25:711:25:714 | access to property Prop |
+| UseUseExplosion.cs:25:694:25:697 | this access | UseUseExplosion.cs:25:711:25:714 | this access |
+| UseUseExplosion.cs:25:694:25:697 | this access | UseUseExplosion.cs:25:2593:25:2598 | this access |
+| UseUseExplosion.cs:25:711:25:714 | [post] this access | UseUseExplosion.cs:25:728:25:731 | this access |
+| UseUseExplosion.cs:25:711:25:714 | [post] this access | UseUseExplosion.cs:25:2578:25:2583 | this access |
+| UseUseExplosion.cs:25:711:25:714 | access to property Prop | UseUseExplosion.cs:25:711:25:719 | ... > ... |
+| UseUseExplosion.cs:25:711:25:714 | access to property Prop | UseUseExplosion.cs:25:728:25:731 | access to property Prop |
+| UseUseExplosion.cs:25:711:25:714 | this access | UseUseExplosion.cs:25:728:25:731 | this access |
+| UseUseExplosion.cs:25:711:25:714 | this access | UseUseExplosion.cs:25:2578:25:2583 | this access |
+| UseUseExplosion.cs:25:728:25:731 | [post] this access | UseUseExplosion.cs:25:745:25:748 | this access |
+| UseUseExplosion.cs:25:728:25:731 | [post] this access | UseUseExplosion.cs:25:2563:25:2568 | this access |
+| UseUseExplosion.cs:25:728:25:731 | access to property Prop | UseUseExplosion.cs:25:728:25:736 | ... > ... |
+| UseUseExplosion.cs:25:728:25:731 | access to property Prop | UseUseExplosion.cs:25:745:25:748 | access to property Prop |
+| UseUseExplosion.cs:25:728:25:731 | this access | UseUseExplosion.cs:25:745:25:748 | this access |
+| UseUseExplosion.cs:25:728:25:731 | this access | UseUseExplosion.cs:25:2563:25:2568 | this access |
+| UseUseExplosion.cs:25:745:25:748 | [post] this access | UseUseExplosion.cs:25:762:25:765 | this access |
+| UseUseExplosion.cs:25:745:25:748 | [post] this access | UseUseExplosion.cs:25:2548:25:2553 | this access |
+| UseUseExplosion.cs:25:745:25:748 | access to property Prop | UseUseExplosion.cs:25:745:25:753 | ... > ... |
+| UseUseExplosion.cs:25:745:25:748 | access to property Prop | UseUseExplosion.cs:25:762:25:765 | access to property Prop |
+| UseUseExplosion.cs:25:745:25:748 | this access | UseUseExplosion.cs:25:762:25:765 | this access |
+| UseUseExplosion.cs:25:745:25:748 | this access | UseUseExplosion.cs:25:2548:25:2553 | this access |
+| UseUseExplosion.cs:25:762:25:765 | [post] this access | UseUseExplosion.cs:25:779:25:782 | this access |
+| UseUseExplosion.cs:25:762:25:765 | [post] this access | UseUseExplosion.cs:25:2533:25:2538 | this access |
+| UseUseExplosion.cs:25:762:25:765 | access to property Prop | UseUseExplosion.cs:25:762:25:770 | ... > ... |
+| UseUseExplosion.cs:25:762:25:765 | access to property Prop | UseUseExplosion.cs:25:779:25:782 | access to property Prop |
+| UseUseExplosion.cs:25:762:25:765 | this access | UseUseExplosion.cs:25:779:25:782 | this access |
+| UseUseExplosion.cs:25:762:25:765 | this access | UseUseExplosion.cs:25:2533:25:2538 | this access |
+| UseUseExplosion.cs:25:779:25:782 | [post] this access | UseUseExplosion.cs:25:796:25:799 | this access |
+| UseUseExplosion.cs:25:779:25:782 | [post] this access | UseUseExplosion.cs:25:2518:25:2523 | this access |
+| UseUseExplosion.cs:25:779:25:782 | access to property Prop | UseUseExplosion.cs:25:779:25:787 | ... > ... |
+| UseUseExplosion.cs:25:779:25:782 | access to property Prop | UseUseExplosion.cs:25:796:25:799 | access to property Prop |
+| UseUseExplosion.cs:25:779:25:782 | this access | UseUseExplosion.cs:25:796:25:799 | this access |
+| UseUseExplosion.cs:25:779:25:782 | this access | UseUseExplosion.cs:25:2518:25:2523 | this access |
+| UseUseExplosion.cs:25:796:25:799 | [post] this access | UseUseExplosion.cs:25:813:25:816 | this access |
+| UseUseExplosion.cs:25:796:25:799 | [post] this access | UseUseExplosion.cs:25:2503:25:2508 | this access |
+| UseUseExplosion.cs:25:796:25:799 | access to property Prop | UseUseExplosion.cs:25:796:25:804 | ... > ... |
+| UseUseExplosion.cs:25:796:25:799 | access to property Prop | UseUseExplosion.cs:25:813:25:816 | access to property Prop |
+| UseUseExplosion.cs:25:796:25:799 | this access | UseUseExplosion.cs:25:813:25:816 | this access |
+| UseUseExplosion.cs:25:796:25:799 | this access | UseUseExplosion.cs:25:2503:25:2508 | this access |
+| UseUseExplosion.cs:25:813:25:816 | [post] this access | UseUseExplosion.cs:25:830:25:833 | this access |
+| UseUseExplosion.cs:25:813:25:816 | [post] this access | UseUseExplosion.cs:25:2488:25:2493 | this access |
+| UseUseExplosion.cs:25:813:25:816 | access to property Prop | UseUseExplosion.cs:25:813:25:821 | ... > ... |
+| UseUseExplosion.cs:25:813:25:816 | access to property Prop | UseUseExplosion.cs:25:830:25:833 | access to property Prop |
+| UseUseExplosion.cs:25:813:25:816 | this access | UseUseExplosion.cs:25:830:25:833 | this access |
+| UseUseExplosion.cs:25:813:25:816 | this access | UseUseExplosion.cs:25:2488:25:2493 | this access |
+| UseUseExplosion.cs:25:830:25:833 | [post] this access | UseUseExplosion.cs:25:847:25:850 | this access |
+| UseUseExplosion.cs:25:830:25:833 | [post] this access | UseUseExplosion.cs:25:2473:25:2478 | this access |
+| UseUseExplosion.cs:25:830:25:833 | access to property Prop | UseUseExplosion.cs:25:830:25:838 | ... > ... |
+| UseUseExplosion.cs:25:830:25:833 | access to property Prop | UseUseExplosion.cs:25:847:25:850 | access to property Prop |
+| UseUseExplosion.cs:25:830:25:833 | this access | UseUseExplosion.cs:25:847:25:850 | this access |
+| UseUseExplosion.cs:25:830:25:833 | this access | UseUseExplosion.cs:25:2473:25:2478 | this access |
+| UseUseExplosion.cs:25:847:25:850 | [post] this access | UseUseExplosion.cs:25:864:25:867 | this access |
+| UseUseExplosion.cs:25:847:25:850 | [post] this access | UseUseExplosion.cs:25:2458:25:2463 | this access |
+| UseUseExplosion.cs:25:847:25:850 | access to property Prop | UseUseExplosion.cs:25:847:25:855 | ... > ... |
+| UseUseExplosion.cs:25:847:25:850 | access to property Prop | UseUseExplosion.cs:25:864:25:867 | access to property Prop |
+| UseUseExplosion.cs:25:847:25:850 | this access | UseUseExplosion.cs:25:864:25:867 | this access |
+| UseUseExplosion.cs:25:847:25:850 | this access | UseUseExplosion.cs:25:2458:25:2463 | this access |
+| UseUseExplosion.cs:25:864:25:867 | [post] this access | UseUseExplosion.cs:25:881:25:884 | this access |
+| UseUseExplosion.cs:25:864:25:867 | [post] this access | UseUseExplosion.cs:25:2443:25:2448 | this access |
+| UseUseExplosion.cs:25:864:25:867 | access to property Prop | UseUseExplosion.cs:25:864:25:872 | ... > ... |
+| UseUseExplosion.cs:25:864:25:867 | access to property Prop | UseUseExplosion.cs:25:881:25:884 | access to property Prop |
+| UseUseExplosion.cs:25:864:25:867 | this access | UseUseExplosion.cs:25:881:25:884 | this access |
+| UseUseExplosion.cs:25:864:25:867 | this access | UseUseExplosion.cs:25:2443:25:2448 | this access |
+| UseUseExplosion.cs:25:881:25:884 | [post] this access | UseUseExplosion.cs:25:898:25:901 | this access |
+| UseUseExplosion.cs:25:881:25:884 | [post] this access | UseUseExplosion.cs:25:2428:25:2433 | this access |
+| UseUseExplosion.cs:25:881:25:884 | access to property Prop | UseUseExplosion.cs:25:881:25:889 | ... > ... |
+| UseUseExplosion.cs:25:881:25:884 | access to property Prop | UseUseExplosion.cs:25:898:25:901 | access to property Prop |
+| UseUseExplosion.cs:25:881:25:884 | this access | UseUseExplosion.cs:25:898:25:901 | this access |
+| UseUseExplosion.cs:25:881:25:884 | this access | UseUseExplosion.cs:25:2428:25:2433 | this access |
+| UseUseExplosion.cs:25:898:25:901 | [post] this access | UseUseExplosion.cs:25:915:25:918 | this access |
+| UseUseExplosion.cs:25:898:25:901 | [post] this access | UseUseExplosion.cs:25:2413:25:2418 | this access |
+| UseUseExplosion.cs:25:898:25:901 | access to property Prop | UseUseExplosion.cs:25:898:25:906 | ... > ... |
+| UseUseExplosion.cs:25:898:25:901 | access to property Prop | UseUseExplosion.cs:25:915:25:918 | access to property Prop |
+| UseUseExplosion.cs:25:898:25:901 | this access | UseUseExplosion.cs:25:915:25:918 | this access |
+| UseUseExplosion.cs:25:898:25:901 | this access | UseUseExplosion.cs:25:2413:25:2418 | this access |
+| UseUseExplosion.cs:25:915:25:918 | [post] this access | UseUseExplosion.cs:25:932:25:935 | this access |
+| UseUseExplosion.cs:25:915:25:918 | [post] this access | UseUseExplosion.cs:25:2398:25:2403 | this access |
+| UseUseExplosion.cs:25:915:25:918 | access to property Prop | UseUseExplosion.cs:25:915:25:923 | ... > ... |
+| UseUseExplosion.cs:25:915:25:918 | access to property Prop | UseUseExplosion.cs:25:932:25:935 | access to property Prop |
+| UseUseExplosion.cs:25:915:25:918 | this access | UseUseExplosion.cs:25:932:25:935 | this access |
+| UseUseExplosion.cs:25:915:25:918 | this access | UseUseExplosion.cs:25:2398:25:2403 | this access |
+| UseUseExplosion.cs:25:932:25:935 | [post] this access | UseUseExplosion.cs:25:949:25:952 | this access |
+| UseUseExplosion.cs:25:932:25:935 | [post] this access | UseUseExplosion.cs:25:2383:25:2388 | this access |
+| UseUseExplosion.cs:25:932:25:935 | access to property Prop | UseUseExplosion.cs:25:932:25:940 | ... > ... |
+| UseUseExplosion.cs:25:932:25:935 | access to property Prop | UseUseExplosion.cs:25:949:25:952 | access to property Prop |
+| UseUseExplosion.cs:25:932:25:935 | this access | UseUseExplosion.cs:25:949:25:952 | this access |
+| UseUseExplosion.cs:25:932:25:935 | this access | UseUseExplosion.cs:25:2383:25:2388 | this access |
+| UseUseExplosion.cs:25:949:25:952 | [post] this access | UseUseExplosion.cs:25:966:25:969 | this access |
+| UseUseExplosion.cs:25:949:25:952 | [post] this access | UseUseExplosion.cs:25:2368:25:2373 | this access |
+| UseUseExplosion.cs:25:949:25:952 | access to property Prop | UseUseExplosion.cs:25:949:25:957 | ... > ... |
+| UseUseExplosion.cs:25:949:25:952 | access to property Prop | UseUseExplosion.cs:25:966:25:969 | access to property Prop |
+| UseUseExplosion.cs:25:949:25:952 | this access | UseUseExplosion.cs:25:966:25:969 | this access |
+| UseUseExplosion.cs:25:949:25:952 | this access | UseUseExplosion.cs:25:2368:25:2373 | this access |
+| UseUseExplosion.cs:25:966:25:969 | [post] this access | UseUseExplosion.cs:25:983:25:986 | this access |
+| UseUseExplosion.cs:25:966:25:969 | [post] this access | UseUseExplosion.cs:25:2353:25:2358 | this access |
+| UseUseExplosion.cs:25:966:25:969 | access to property Prop | UseUseExplosion.cs:25:966:25:974 | ... > ... |
+| UseUseExplosion.cs:25:966:25:969 | access to property Prop | UseUseExplosion.cs:25:983:25:986 | access to property Prop |
+| UseUseExplosion.cs:25:966:25:969 | this access | UseUseExplosion.cs:25:983:25:986 | this access |
+| UseUseExplosion.cs:25:966:25:969 | this access | UseUseExplosion.cs:25:2353:25:2358 | this access |
+| UseUseExplosion.cs:25:983:25:986 | [post] this access | UseUseExplosion.cs:25:1000:25:1003 | this access |
+| UseUseExplosion.cs:25:983:25:986 | [post] this access | UseUseExplosion.cs:25:2338:25:2343 | this access |
+| UseUseExplosion.cs:25:983:25:986 | access to property Prop | UseUseExplosion.cs:25:983:25:991 | ... > ... |
+| UseUseExplosion.cs:25:983:25:986 | access to property Prop | UseUseExplosion.cs:25:1000:25:1003 | access to property Prop |
+| UseUseExplosion.cs:25:983:25:986 | this access | UseUseExplosion.cs:25:1000:25:1003 | this access |
+| UseUseExplosion.cs:25:983:25:986 | this access | UseUseExplosion.cs:25:2338:25:2343 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | [post] this access | UseUseExplosion.cs:25:1017:25:1020 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | [post] this access | UseUseExplosion.cs:25:2323:25:2328 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | access to property Prop | UseUseExplosion.cs:25:1000:25:1008 | ... > ... |
+| UseUseExplosion.cs:25:1000:25:1003 | access to property Prop | UseUseExplosion.cs:25:1017:25:1020 | access to property Prop |
+| UseUseExplosion.cs:25:1000:25:1003 | this access | UseUseExplosion.cs:25:1017:25:1020 | this access |
+| UseUseExplosion.cs:25:1000:25:1003 | this access | UseUseExplosion.cs:25:2323:25:2328 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | [post] this access | UseUseExplosion.cs:25:1034:25:1037 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | [post] this access | UseUseExplosion.cs:25:2308:25:2313 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | access to property Prop | UseUseExplosion.cs:25:1017:25:1025 | ... > ... |
+| UseUseExplosion.cs:25:1017:25:1020 | access to property Prop | UseUseExplosion.cs:25:1034:25:1037 | access to property Prop |
+| UseUseExplosion.cs:25:1017:25:1020 | this access | UseUseExplosion.cs:25:1034:25:1037 | this access |
+| UseUseExplosion.cs:25:1017:25:1020 | this access | UseUseExplosion.cs:25:2308:25:2313 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | [post] this access | UseUseExplosion.cs:25:1051:25:1054 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | [post] this access | UseUseExplosion.cs:25:2293:25:2298 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | access to property Prop | UseUseExplosion.cs:25:1034:25:1042 | ... > ... |
+| UseUseExplosion.cs:25:1034:25:1037 | access to property Prop | UseUseExplosion.cs:25:1051:25:1054 | access to property Prop |
+| UseUseExplosion.cs:25:1034:25:1037 | this access | UseUseExplosion.cs:25:1051:25:1054 | this access |
+| UseUseExplosion.cs:25:1034:25:1037 | this access | UseUseExplosion.cs:25:2293:25:2298 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | [post] this access | UseUseExplosion.cs:25:1068:25:1071 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | [post] this access | UseUseExplosion.cs:25:2278:25:2283 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | access to property Prop | UseUseExplosion.cs:25:1051:25:1059 | ... > ... |
+| UseUseExplosion.cs:25:1051:25:1054 | access to property Prop | UseUseExplosion.cs:25:1068:25:1071 | access to property Prop |
+| UseUseExplosion.cs:25:1051:25:1054 | this access | UseUseExplosion.cs:25:1068:25:1071 | this access |
+| UseUseExplosion.cs:25:1051:25:1054 | this access | UseUseExplosion.cs:25:2278:25:2283 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | [post] this access | UseUseExplosion.cs:25:1085:25:1088 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | [post] this access | UseUseExplosion.cs:25:2263:25:2268 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | access to property Prop | UseUseExplosion.cs:25:1068:25:1076 | ... > ... |
+| UseUseExplosion.cs:25:1068:25:1071 | access to property Prop | UseUseExplosion.cs:25:1085:25:1088 | access to property Prop |
+| UseUseExplosion.cs:25:1068:25:1071 | this access | UseUseExplosion.cs:25:1085:25:1088 | this access |
+| UseUseExplosion.cs:25:1068:25:1071 | this access | UseUseExplosion.cs:25:2263:25:2268 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | [post] this access | UseUseExplosion.cs:25:1102:25:1105 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | [post] this access | UseUseExplosion.cs:25:2248:25:2253 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | access to property Prop | UseUseExplosion.cs:25:1085:25:1093 | ... > ... |
+| UseUseExplosion.cs:25:1085:25:1088 | access to property Prop | UseUseExplosion.cs:25:1102:25:1105 | access to property Prop |
+| UseUseExplosion.cs:25:1085:25:1088 | this access | UseUseExplosion.cs:25:1102:25:1105 | this access |
+| UseUseExplosion.cs:25:1085:25:1088 | this access | UseUseExplosion.cs:25:2248:25:2253 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | [post] this access | UseUseExplosion.cs:25:1119:25:1122 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | [post] this access | UseUseExplosion.cs:25:2233:25:2238 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | access to property Prop | UseUseExplosion.cs:25:1102:25:1110 | ... > ... |
+| UseUseExplosion.cs:25:1102:25:1105 | access to property Prop | UseUseExplosion.cs:25:1119:25:1122 | access to property Prop |
+| UseUseExplosion.cs:25:1102:25:1105 | this access | UseUseExplosion.cs:25:1119:25:1122 | this access |
+| UseUseExplosion.cs:25:1102:25:1105 | this access | UseUseExplosion.cs:25:2233:25:2238 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | [post] this access | UseUseExplosion.cs:25:1136:25:1139 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | [post] this access | UseUseExplosion.cs:25:2218:25:2223 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | access to property Prop | UseUseExplosion.cs:25:1119:25:1127 | ... > ... |
+| UseUseExplosion.cs:25:1119:25:1122 | access to property Prop | UseUseExplosion.cs:25:1136:25:1139 | access to property Prop |
+| UseUseExplosion.cs:25:1119:25:1122 | this access | UseUseExplosion.cs:25:1136:25:1139 | this access |
+| UseUseExplosion.cs:25:1119:25:1122 | this access | UseUseExplosion.cs:25:2218:25:2223 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | [post] this access | UseUseExplosion.cs:25:1153:25:1156 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | [post] this access | UseUseExplosion.cs:25:2203:25:2208 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | access to property Prop | UseUseExplosion.cs:25:1136:25:1144 | ... > ... |
+| UseUseExplosion.cs:25:1136:25:1139 | access to property Prop | UseUseExplosion.cs:25:1153:25:1156 | access to property Prop |
+| UseUseExplosion.cs:25:1136:25:1139 | this access | UseUseExplosion.cs:25:1153:25:1156 | this access |
+| UseUseExplosion.cs:25:1136:25:1139 | this access | UseUseExplosion.cs:25:2203:25:2208 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | [post] this access | UseUseExplosion.cs:25:1170:25:1173 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | [post] this access | UseUseExplosion.cs:25:2188:25:2193 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | access to property Prop | UseUseExplosion.cs:25:1153:25:1161 | ... > ... |
+| UseUseExplosion.cs:25:1153:25:1156 | access to property Prop | UseUseExplosion.cs:25:1170:25:1173 | access to property Prop |
+| UseUseExplosion.cs:25:1153:25:1156 | this access | UseUseExplosion.cs:25:1170:25:1173 | this access |
+| UseUseExplosion.cs:25:1153:25:1156 | this access | UseUseExplosion.cs:25:2188:25:2193 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | [post] this access | UseUseExplosion.cs:25:1187:25:1190 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | [post] this access | UseUseExplosion.cs:25:2173:25:2178 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | access to property Prop | UseUseExplosion.cs:25:1170:25:1178 | ... > ... |
+| UseUseExplosion.cs:25:1170:25:1173 | access to property Prop | UseUseExplosion.cs:25:1187:25:1190 | access to property Prop |
+| UseUseExplosion.cs:25:1170:25:1173 | this access | UseUseExplosion.cs:25:1187:25:1190 | this access |
+| UseUseExplosion.cs:25:1170:25:1173 | this access | UseUseExplosion.cs:25:2173:25:2178 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | [post] this access | UseUseExplosion.cs:25:1204:25:1207 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | [post] this access | UseUseExplosion.cs:25:2158:25:2163 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | access to property Prop | UseUseExplosion.cs:25:1187:25:1195 | ... > ... |
+| UseUseExplosion.cs:25:1187:25:1190 | access to property Prop | UseUseExplosion.cs:25:1204:25:1207 | access to property Prop |
+| UseUseExplosion.cs:25:1187:25:1190 | this access | UseUseExplosion.cs:25:1204:25:1207 | this access |
+| UseUseExplosion.cs:25:1187:25:1190 | this access | UseUseExplosion.cs:25:2158:25:2163 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | [post] this access | UseUseExplosion.cs:25:1221:25:1224 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | [post] this access | UseUseExplosion.cs:25:2143:25:2148 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | access to property Prop | UseUseExplosion.cs:25:1204:25:1212 | ... > ... |
+| UseUseExplosion.cs:25:1204:25:1207 | access to property Prop | UseUseExplosion.cs:25:1221:25:1224 | access to property Prop |
+| UseUseExplosion.cs:25:1204:25:1207 | this access | UseUseExplosion.cs:25:1221:25:1224 | this access |
+| UseUseExplosion.cs:25:1204:25:1207 | this access | UseUseExplosion.cs:25:2143:25:2148 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | [post] this access | UseUseExplosion.cs:25:1238:25:1241 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | [post] this access | UseUseExplosion.cs:25:2128:25:2133 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | access to property Prop | UseUseExplosion.cs:25:1221:25:1229 | ... > ... |
+| UseUseExplosion.cs:25:1221:25:1224 | access to property Prop | UseUseExplosion.cs:25:1238:25:1241 | access to property Prop |
+| UseUseExplosion.cs:25:1221:25:1224 | this access | UseUseExplosion.cs:25:1238:25:1241 | this access |
+| UseUseExplosion.cs:25:1221:25:1224 | this access | UseUseExplosion.cs:25:2128:25:2133 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | [post] this access | UseUseExplosion.cs:25:1255:25:1258 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | [post] this access | UseUseExplosion.cs:25:2113:25:2118 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | access to property Prop | UseUseExplosion.cs:25:1238:25:1246 | ... > ... |
+| UseUseExplosion.cs:25:1238:25:1241 | access to property Prop | UseUseExplosion.cs:25:1255:25:1258 | access to property Prop |
+| UseUseExplosion.cs:25:1238:25:1241 | this access | UseUseExplosion.cs:25:1255:25:1258 | this access |
+| UseUseExplosion.cs:25:1238:25:1241 | this access | UseUseExplosion.cs:25:2113:25:2118 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | [post] this access | UseUseExplosion.cs:25:1272:25:1275 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | [post] this access | UseUseExplosion.cs:25:2098:25:2103 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | access to property Prop | UseUseExplosion.cs:25:1255:25:1263 | ... > ... |
+| UseUseExplosion.cs:25:1255:25:1258 | access to property Prop | UseUseExplosion.cs:25:1272:25:1275 | access to property Prop |
+| UseUseExplosion.cs:25:1255:25:1258 | this access | UseUseExplosion.cs:25:1272:25:1275 | this access |
+| UseUseExplosion.cs:25:1255:25:1258 | this access | UseUseExplosion.cs:25:2098:25:2103 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | [post] this access | UseUseExplosion.cs:25:1289:25:1292 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | [post] this access | UseUseExplosion.cs:25:2083:25:2088 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | access to property Prop | UseUseExplosion.cs:25:1272:25:1280 | ... > ... |
+| UseUseExplosion.cs:25:1272:25:1275 | access to property Prop | UseUseExplosion.cs:25:1289:25:1292 | access to property Prop |
+| UseUseExplosion.cs:25:1272:25:1275 | this access | UseUseExplosion.cs:25:1289:25:1292 | this access |
+| UseUseExplosion.cs:25:1272:25:1275 | this access | UseUseExplosion.cs:25:2083:25:2088 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | [post] this access | UseUseExplosion.cs:25:1306:25:1309 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | [post] this access | UseUseExplosion.cs:25:2068:25:2073 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | access to property Prop | UseUseExplosion.cs:25:1289:25:1297 | ... > ... |
+| UseUseExplosion.cs:25:1289:25:1292 | access to property Prop | UseUseExplosion.cs:25:1306:25:1309 | access to property Prop |
+| UseUseExplosion.cs:25:1289:25:1292 | this access | UseUseExplosion.cs:25:1306:25:1309 | this access |
+| UseUseExplosion.cs:25:1289:25:1292 | this access | UseUseExplosion.cs:25:2068:25:2073 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | [post] this access | UseUseExplosion.cs:25:1323:25:1326 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | [post] this access | UseUseExplosion.cs:25:2053:25:2058 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | access to property Prop | UseUseExplosion.cs:25:1306:25:1314 | ... > ... |
+| UseUseExplosion.cs:25:1306:25:1309 | access to property Prop | UseUseExplosion.cs:25:1323:25:1326 | access to property Prop |
+| UseUseExplosion.cs:25:1306:25:1309 | this access | UseUseExplosion.cs:25:1323:25:1326 | this access |
+| UseUseExplosion.cs:25:1306:25:1309 | this access | UseUseExplosion.cs:25:2053:25:2058 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | [post] this access | UseUseExplosion.cs:25:1340:25:1343 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | [post] this access | UseUseExplosion.cs:25:2038:25:2043 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | access to property Prop | UseUseExplosion.cs:25:1323:25:1331 | ... > ... |
+| UseUseExplosion.cs:25:1323:25:1326 | access to property Prop | UseUseExplosion.cs:25:1340:25:1343 | access to property Prop |
+| UseUseExplosion.cs:25:1323:25:1326 | this access | UseUseExplosion.cs:25:1340:25:1343 | this access |
+| UseUseExplosion.cs:25:1323:25:1326 | this access | UseUseExplosion.cs:25:2038:25:2043 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | [post] this access | UseUseExplosion.cs:25:1357:25:1360 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | [post] this access | UseUseExplosion.cs:25:2023:25:2028 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | access to property Prop | UseUseExplosion.cs:25:1340:25:1348 | ... > ... |
+| UseUseExplosion.cs:25:1340:25:1343 | access to property Prop | UseUseExplosion.cs:25:1357:25:1360 | access to property Prop |
+| UseUseExplosion.cs:25:1340:25:1343 | this access | UseUseExplosion.cs:25:1357:25:1360 | this access |
+| UseUseExplosion.cs:25:1340:25:1343 | this access | UseUseExplosion.cs:25:2023:25:2028 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | [post] this access | UseUseExplosion.cs:25:1374:25:1377 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | [post] this access | UseUseExplosion.cs:25:2008:25:2013 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | access to property Prop | UseUseExplosion.cs:25:1357:25:1365 | ... > ... |
+| UseUseExplosion.cs:25:1357:25:1360 | access to property Prop | UseUseExplosion.cs:25:1374:25:1377 | access to property Prop |
+| UseUseExplosion.cs:25:1357:25:1360 | this access | UseUseExplosion.cs:25:1374:25:1377 | this access |
+| UseUseExplosion.cs:25:1357:25:1360 | this access | UseUseExplosion.cs:25:2008:25:2013 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | [post] this access | UseUseExplosion.cs:25:1391:25:1394 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | [post] this access | UseUseExplosion.cs:25:1993:25:1998 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | access to property Prop | UseUseExplosion.cs:25:1374:25:1382 | ... > ... |
+| UseUseExplosion.cs:25:1374:25:1377 | access to property Prop | UseUseExplosion.cs:25:1391:25:1394 | access to property Prop |
+| UseUseExplosion.cs:25:1374:25:1377 | this access | UseUseExplosion.cs:25:1391:25:1394 | this access |
+| UseUseExplosion.cs:25:1374:25:1377 | this access | UseUseExplosion.cs:25:1993:25:1998 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | [post] this access | UseUseExplosion.cs:25:1408:25:1411 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | [post] this access | UseUseExplosion.cs:25:1978:25:1983 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | access to property Prop | UseUseExplosion.cs:25:1391:25:1399 | ... > ... |
+| UseUseExplosion.cs:25:1391:25:1394 | access to property Prop | UseUseExplosion.cs:25:1408:25:1411 | access to property Prop |
+| UseUseExplosion.cs:25:1391:25:1394 | this access | UseUseExplosion.cs:25:1408:25:1411 | this access |
+| UseUseExplosion.cs:25:1391:25:1394 | this access | UseUseExplosion.cs:25:1978:25:1983 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | [post] this access | UseUseExplosion.cs:25:1425:25:1428 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | [post] this access | UseUseExplosion.cs:25:1963:25:1968 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | access to property Prop | UseUseExplosion.cs:25:1408:25:1416 | ... > ... |
+| UseUseExplosion.cs:25:1408:25:1411 | access to property Prop | UseUseExplosion.cs:25:1425:25:1428 | access to property Prop |
+| UseUseExplosion.cs:25:1408:25:1411 | this access | UseUseExplosion.cs:25:1425:25:1428 | this access |
+| UseUseExplosion.cs:25:1408:25:1411 | this access | UseUseExplosion.cs:25:1963:25:1968 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | [post] this access | UseUseExplosion.cs:25:1442:25:1445 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | [post] this access | UseUseExplosion.cs:25:1948:25:1953 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | access to property Prop | UseUseExplosion.cs:25:1425:25:1433 | ... > ... |
+| UseUseExplosion.cs:25:1425:25:1428 | access to property Prop | UseUseExplosion.cs:25:1442:25:1445 | access to property Prop |
+| UseUseExplosion.cs:25:1425:25:1428 | this access | UseUseExplosion.cs:25:1442:25:1445 | this access |
+| UseUseExplosion.cs:25:1425:25:1428 | this access | UseUseExplosion.cs:25:1948:25:1953 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | [post] this access | UseUseExplosion.cs:25:1459:25:1462 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | [post] this access | UseUseExplosion.cs:25:1933:25:1938 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | access to property Prop | UseUseExplosion.cs:25:1442:25:1450 | ... > ... |
+| UseUseExplosion.cs:25:1442:25:1445 | access to property Prop | UseUseExplosion.cs:25:1459:25:1462 | access to property Prop |
+| UseUseExplosion.cs:25:1442:25:1445 | this access | UseUseExplosion.cs:25:1459:25:1462 | this access |
+| UseUseExplosion.cs:25:1442:25:1445 | this access | UseUseExplosion.cs:25:1933:25:1938 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | [post] this access | UseUseExplosion.cs:25:1476:25:1479 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | [post] this access | UseUseExplosion.cs:25:1918:25:1923 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | access to property Prop | UseUseExplosion.cs:25:1459:25:1467 | ... > ... |
+| UseUseExplosion.cs:25:1459:25:1462 | access to property Prop | UseUseExplosion.cs:25:1476:25:1479 | access to property Prop |
+| UseUseExplosion.cs:25:1459:25:1462 | this access | UseUseExplosion.cs:25:1476:25:1479 | this access |
+| UseUseExplosion.cs:25:1459:25:1462 | this access | UseUseExplosion.cs:25:1918:25:1923 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | [post] this access | UseUseExplosion.cs:25:1493:25:1496 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | [post] this access | UseUseExplosion.cs:25:1903:25:1908 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | access to property Prop | UseUseExplosion.cs:25:1476:25:1484 | ... > ... |
+| UseUseExplosion.cs:25:1476:25:1479 | access to property Prop | UseUseExplosion.cs:25:1493:25:1496 | access to property Prop |
+| UseUseExplosion.cs:25:1476:25:1479 | this access | UseUseExplosion.cs:25:1493:25:1496 | this access |
+| UseUseExplosion.cs:25:1476:25:1479 | this access | UseUseExplosion.cs:25:1903:25:1908 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | [post] this access | UseUseExplosion.cs:25:1510:25:1513 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | [post] this access | UseUseExplosion.cs:25:1888:25:1893 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | access to property Prop | UseUseExplosion.cs:25:1493:25:1501 | ... > ... |
+| UseUseExplosion.cs:25:1493:25:1496 | access to property Prop | UseUseExplosion.cs:25:1510:25:1513 | access to property Prop |
+| UseUseExplosion.cs:25:1493:25:1496 | this access | UseUseExplosion.cs:25:1510:25:1513 | this access |
+| UseUseExplosion.cs:25:1493:25:1496 | this access | UseUseExplosion.cs:25:1888:25:1893 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | [post] this access | UseUseExplosion.cs:25:1527:25:1530 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | [post] this access | UseUseExplosion.cs:25:1873:25:1878 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | access to property Prop | UseUseExplosion.cs:25:1510:25:1518 | ... > ... |
+| UseUseExplosion.cs:25:1510:25:1513 | access to property Prop | UseUseExplosion.cs:25:1527:25:1530 | access to property Prop |
+| UseUseExplosion.cs:25:1510:25:1513 | this access | UseUseExplosion.cs:25:1527:25:1530 | this access |
+| UseUseExplosion.cs:25:1510:25:1513 | this access | UseUseExplosion.cs:25:1873:25:1878 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | [post] this access | UseUseExplosion.cs:25:1544:25:1547 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | [post] this access | UseUseExplosion.cs:25:1858:25:1863 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | access to property Prop | UseUseExplosion.cs:25:1527:25:1535 | ... > ... |
+| UseUseExplosion.cs:25:1527:25:1530 | access to property Prop | UseUseExplosion.cs:25:1544:25:1547 | access to property Prop |
+| UseUseExplosion.cs:25:1527:25:1530 | this access | UseUseExplosion.cs:25:1544:25:1547 | this access |
+| UseUseExplosion.cs:25:1527:25:1530 | this access | UseUseExplosion.cs:25:1858:25:1863 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | [post] this access | UseUseExplosion.cs:25:1561:25:1564 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | [post] this access | UseUseExplosion.cs:25:1843:25:1848 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | access to property Prop | UseUseExplosion.cs:25:1544:25:1552 | ... > ... |
+| UseUseExplosion.cs:25:1544:25:1547 | access to property Prop | UseUseExplosion.cs:25:1561:25:1564 | access to property Prop |
+| UseUseExplosion.cs:25:1544:25:1547 | this access | UseUseExplosion.cs:25:1561:25:1564 | this access |
+| UseUseExplosion.cs:25:1544:25:1547 | this access | UseUseExplosion.cs:25:1843:25:1848 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | [post] this access | UseUseExplosion.cs:25:1577:25:1580 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | [post] this access | UseUseExplosion.cs:25:1828:25:1833 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | access to property Prop | UseUseExplosion.cs:25:1561:25:1568 | ... > ... |
+| UseUseExplosion.cs:25:1561:25:1564 | access to property Prop | UseUseExplosion.cs:25:1577:25:1580 | access to property Prop |
+| UseUseExplosion.cs:25:1561:25:1564 | this access | UseUseExplosion.cs:25:1577:25:1580 | this access |
+| UseUseExplosion.cs:25:1561:25:1564 | this access | UseUseExplosion.cs:25:1828:25:1833 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | [post] this access | UseUseExplosion.cs:25:1593:25:1596 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | [post] this access | UseUseExplosion.cs:25:1813:25:1818 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | access to property Prop | UseUseExplosion.cs:25:1577:25:1584 | ... > ... |
+| UseUseExplosion.cs:25:1577:25:1580 | access to property Prop | UseUseExplosion.cs:25:1593:25:1596 | access to property Prop |
+| UseUseExplosion.cs:25:1577:25:1580 | this access | UseUseExplosion.cs:25:1593:25:1596 | this access |
+| UseUseExplosion.cs:25:1577:25:1580 | this access | UseUseExplosion.cs:25:1813:25:1818 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | [post] this access | UseUseExplosion.cs:25:1609:25:1612 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | [post] this access | UseUseExplosion.cs:25:1798:25:1803 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | access to property Prop | UseUseExplosion.cs:25:1593:25:1600 | ... > ... |
+| UseUseExplosion.cs:25:1593:25:1596 | access to property Prop | UseUseExplosion.cs:25:1609:25:1612 | access to property Prop |
+| UseUseExplosion.cs:25:1593:25:1596 | this access | UseUseExplosion.cs:25:1609:25:1612 | this access |
+| UseUseExplosion.cs:25:1593:25:1596 | this access | UseUseExplosion.cs:25:1798:25:1803 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | [post] this access | UseUseExplosion.cs:25:1625:25:1628 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | [post] this access | UseUseExplosion.cs:25:1783:25:1788 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | access to property Prop | UseUseExplosion.cs:25:1609:25:1616 | ... > ... |
+| UseUseExplosion.cs:25:1609:25:1612 | access to property Prop | UseUseExplosion.cs:25:1625:25:1628 | access to property Prop |
+| UseUseExplosion.cs:25:1609:25:1612 | this access | UseUseExplosion.cs:25:1625:25:1628 | this access |
+| UseUseExplosion.cs:25:1609:25:1612 | this access | UseUseExplosion.cs:25:1783:25:1788 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | [post] this access | UseUseExplosion.cs:25:1641:25:1644 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | [post] this access | UseUseExplosion.cs:25:1768:25:1773 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | access to property Prop | UseUseExplosion.cs:25:1625:25:1632 | ... > ... |
+| UseUseExplosion.cs:25:1625:25:1628 | access to property Prop | UseUseExplosion.cs:25:1641:25:1644 | access to property Prop |
+| UseUseExplosion.cs:25:1625:25:1628 | this access | UseUseExplosion.cs:25:1641:25:1644 | this access |
+| UseUseExplosion.cs:25:1625:25:1628 | this access | UseUseExplosion.cs:25:1768:25:1773 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | [post] this access | UseUseExplosion.cs:25:1657:25:1660 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | [post] this access | UseUseExplosion.cs:25:1753:25:1758 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | access to property Prop | UseUseExplosion.cs:25:1641:25:1648 | ... > ... |
+| UseUseExplosion.cs:25:1641:25:1644 | access to property Prop | UseUseExplosion.cs:25:1657:25:1660 | access to property Prop |
+| UseUseExplosion.cs:25:1641:25:1644 | this access | UseUseExplosion.cs:25:1657:25:1660 | this access |
+| UseUseExplosion.cs:25:1641:25:1644 | this access | UseUseExplosion.cs:25:1753:25:1758 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | [post] this access | UseUseExplosion.cs:25:1673:25:1676 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | [post] this access | UseUseExplosion.cs:25:1738:25:1743 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | access to property Prop | UseUseExplosion.cs:25:1657:25:1664 | ... > ... |
+| UseUseExplosion.cs:25:1657:25:1660 | access to property Prop | UseUseExplosion.cs:25:1673:25:1676 | access to property Prop |
+| UseUseExplosion.cs:25:1657:25:1660 | this access | UseUseExplosion.cs:25:1673:25:1676 | this access |
+| UseUseExplosion.cs:25:1657:25:1660 | this access | UseUseExplosion.cs:25:1738:25:1743 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | [post] this access | UseUseExplosion.cs:25:1689:25:1692 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | [post] this access | UseUseExplosion.cs:25:1723:25:1728 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | access to property Prop | UseUseExplosion.cs:25:1673:25:1680 | ... > ... |
+| UseUseExplosion.cs:25:1673:25:1676 | access to property Prop | UseUseExplosion.cs:25:1689:25:1692 | access to property Prop |
+| UseUseExplosion.cs:25:1673:25:1676 | this access | UseUseExplosion.cs:25:1689:25:1692 | this access |
+| UseUseExplosion.cs:25:1673:25:1676 | this access | UseUseExplosion.cs:25:1723:25:1728 | this access |
+| UseUseExplosion.cs:25:1689:25:1692 | [post] this access | UseUseExplosion.cs:25:1708:25:1713 | this access |
+| UseUseExplosion.cs:25:1689:25:1692 | access to property Prop | UseUseExplosion.cs:25:1689:25:1696 | ... > ... |
+| UseUseExplosion.cs:25:1689:25:1692 | this access | UseUseExplosion.cs:25:1708:25:1713 | this access |
diff --git a/csharp/ql/test/library-tests/dataflow/local/UseUseExplosion.cs b/csharp/ql/test/library-tests/dataflow/local/UseUseExplosion.cs
new file mode 100644
index 00000000000..b062aeba8f5
--- /dev/null
+++ b/csharp/ql/test/library-tests/dataflow/local/UseUseExplosion.cs
@@ -0,0 +1,29 @@
+class C
+{
+    int Prop { get; set; }
+
+    // Should generate 100 + 100 local use-use flow steps for `x`, and not 100 * 100
+    //
+    // Generated by quick-evaling `gen/0` below:
+    //
+    // ```ql
+    // string gen(int depth) {
+    //   depth in [0 .. 100] and
+    //   (
+    //     if depth = 0
+    //     then result = ""
+    //     else result = "if (Prop > " + depth + ") { " + gen(depth - 1) + " } else Use(x);"
+    //   )
+    // }
+    //
+    // string gen() { result = "var x = 0;\n" + gen(100) + "\n" + gen(100) }
+    // ```
+    void M()
+    {
+        var x = 0;
+        if (Prop > 100) { if (Prop > 99) { if (Prop > 98) { if (Prop > 97) { if (Prop > 96) { if (Prop > 95) { if (Prop > 94) { if (Prop > 93) { if (Prop > 92) { if (Prop > 91) { if (Prop > 90) { if (Prop > 89) { if (Prop > 88) { if (Prop > 87) { if (Prop > 86) { if (Prop > 85) { if (Prop > 84) { if (Prop > 83) { if (Prop > 82) { if (Prop > 81) { if (Prop > 80) { if (Prop > 79) { if (Prop > 78) { if (Prop > 77) { if (Prop > 76) { if (Prop > 75) { if (Prop > 74) { if (Prop > 73) { if (Prop > 72) { if (Prop > 71) { if (Prop > 70) { if (Prop > 69) { if (Prop > 68) { if (Prop > 67) { if (Prop > 66) { if (Prop > 65) { if (Prop > 64) { if (Prop > 63) { if (Prop > 62) { if (Prop > 61) { if (Prop > 60) { if (Prop > 59) { if (Prop > 58) { if (Prop > 57) { if (Prop > 56) { if (Prop > 55) { if (Prop > 54) { if (Prop > 53) { if (Prop > 52) { if (Prop > 51) { if (Prop > 50) { if (Prop > 49) { if (Prop > 48) { if (Prop > 47) { if (Prop > 46) { if (Prop > 45) { if (Prop > 44) { if (Prop > 43) { if (Prop > 42) { if (Prop > 41) { if (Prop > 40) { if (Prop > 39) { if (Prop > 38) { if (Prop > 37) { if (Prop > 36) { if (Prop > 35) { if (Prop > 34) { if (Prop > 33) { if (Prop > 32) { if (Prop > 31) { if (Prop > 30) { if (Prop > 29) { if (Prop > 28) { if (Prop > 27) { if (Prop > 26) { if (Prop > 25) { if (Prop > 24) { if (Prop > 23) { if (Prop > 22) { if (Prop > 21) { if (Prop > 20) { if (Prop > 19) { if (Prop > 18) { if (Prop > 17) { if (Prop > 16) { if (Prop > 15) { if (Prop > 14) { if (Prop > 13) { if (Prop > 12) { if (Prop > 11) { if (Prop > 10) { if (Prop > 9) { if (Prop > 8) { if (Prop > 7) { if (Prop > 6) { if (Prop > 5) { if (Prop > 4) { if (Prop > 3) { if (Prop > 2) { if (Prop > 1) { } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x);
+        if (Prop > 100) { if (Prop > 99) { if (Prop > 98) { if (Prop > 97) { if (Prop > 96) { if (Prop > 95) { if (Prop > 94) { if (Prop > 93) { if (Prop > 92) { if (Prop > 91) { if (Prop > 90) { if (Prop > 89) { if (Prop > 88) { if (Prop > 87) { if (Prop > 86) { if (Prop > 85) { if (Prop > 84) { if (Prop > 83) { if (Prop > 82) { if (Prop > 81) { if (Prop > 80) { if (Prop > 79) { if (Prop > 78) { if (Prop > 77) { if (Prop > 76) { if (Prop > 75) { if (Prop > 74) { if (Prop > 73) { if (Prop > 72) { if (Prop > 71) { if (Prop > 70) { if (Prop > 69) { if (Prop > 68) { if (Prop > 67) { if (Prop > 66) { if (Prop > 65) { if (Prop > 64) { if (Prop > 63) { if (Prop > 62) { if (Prop > 61) { if (Prop > 60) { if (Prop > 59) { if (Prop > 58) { if (Prop > 57) { if (Prop > 56) { if (Prop > 55) { if (Prop > 54) { if (Prop > 53) { if (Prop > 52) { if (Prop > 51) { if (Prop > 50) { if (Prop > 49) { if (Prop > 48) { if (Prop > 47) { if (Prop > 46) { if (Prop > 45) { if (Prop > 44) { if (Prop > 43) { if (Prop > 42) { if (Prop > 41) { if (Prop > 40) { if (Prop > 39) { if (Prop > 38) { if (Prop > 37) { if (Prop > 36) { if (Prop > 35) { if (Prop > 34) { if (Prop > 33) { if (Prop > 32) { if (Prop > 31) { if (Prop > 30) { if (Prop > 29) { if (Prop > 28) { if (Prop > 27) { if (Prop > 26) { if (Prop > 25) { if (Prop > 24) { if (Prop > 23) { if (Prop > 22) { if (Prop > 21) { if (Prop > 20) { if (Prop > 19) { if (Prop > 18) { if (Prop > 17) { if (Prop > 16) { if (Prop > 15) { if (Prop > 14) { if (Prop > 13) { if (Prop > 12) { if (Prop > 11) { if (Prop > 10) { if (Prop > 9) { if (Prop > 8) { if (Prop > 7) { if (Prop > 6) { if (Prop > 5) { if (Prop > 4) { if (Prop > 3) { if (Prop > 2) { if (Prop > 1) { } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x); } else Use(x);
+    }
+
+    void Use(int i) { }
+}
diff --git a/csharp/ql/test/library-tests/dataflow/ssa-large/Large.cs b/csharp/ql/test/library-tests/dataflow/ssa-large/Large.cs
index f6cce7f149a..798f106e9f6 100644
--- a/csharp/ql/test/library-tests/dataflow/ssa-large/Large.cs
+++ b/csharp/ql/test/library-tests/dataflow/ssa-large/Large.cs
@@ -2886,7 +2886,7 @@ public class Large
     //   (
     //     if depth = 0
     //     then result = ""
-    //     else else result = "if (Prop > " + depth + ") { " + gen(depth - 1, var) + " } else Use(" + var + ");"
+    //     else result = "if (Prop > " + depth + ") { " + gen(depth - 1, var) + " } else Use(" + var + ");"
     //   )
     // }
     // 
diff --git a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected
index 19c394b58fd..970e6fce524 100644
--- a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected
+++ b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.expected
@@ -1,4 +1,30 @@
-| DefUse.cs:63:9:63:14 | this.Field2 | DefUse.cs:80:30:80:31 | access to local variable x1 |
-| Fields.cs:65:24:65:32 | this.LoopField | Fields.cs:63:16:63:28 | this access |
-| Properties.cs:65:24:65:31 | this.LoopProp | Properties.cs:63:16:63:16 | access to parameter i |
-| Test.cs:78:13:78:13 | x | Test.cs:90:9:97:9 | if (...) ... |
+phiReadNode
+| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:63:9:63:14 | this.Field2 |
+| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:65:24:65:32 | this.LoopField |
+| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:7:16:7:16 | o |
+| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:65:24:65:31 | this.LoopProp |
+| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:8:13:8:13 | x |
+| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x |
+| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x |
+phiReadNodeRead
+| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:63:9:63:14 | this.Field2 | DefUse.cs:80:37:80:42 | access to field Field2 |
+| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:65:24:65:32 | this.LoopField | Fields.cs:65:24:65:32 | access to field LoopField |
+| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:7:16:7:16 | o | Patterns.cs:20:17:20:17 | access to local variable o |
+| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:65:24:65:31 | this.LoopProp | Properties.cs:65:24:65:31 | access to property LoopProp |
+| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:8:13:8:13 | x | Test.cs:25:16:25:16 | access to local variable x |
+| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:92:17:92:17 | access to local variable x |
+| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:96:17:96:17 | access to local variable x |
+| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:99:13:99:13 | access to local variable x |
+| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:78:13:78:13 | x | Test.cs:104:17:104:17 | access to local variable x |
+phiReadInput
+| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:63:9:63:18 | SSA def(this.Field2) |
+| DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) | DefUse.cs:80:30:80:31 | SSA phi read(this.Field2) |
+| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:61:17:61:17 | SSA entry def(this.LoopField) |
+| Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) | Fields.cs:63:16:63:28 | SSA phi read(this.LoopField) |
+| Patterns.cs:20:9:38:9 | SSA phi read(o) | Patterns.cs:7:16:7:23 | SSA def(o) |
+| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:61:17:61:17 | SSA entry def(this.LoopProp) |
+| Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) | Properties.cs:63:16:63:16 | SSA phi read(this.LoopProp) |
+| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:24:9:24:15 | SSA phi(x) |
+| Test.cs:25:16:25:16 | SSA phi read(x) | Test.cs:25:16:25:16 | SSA phi read(x) |
+| Test.cs:90:9:97:9 | SSA phi read(x) | Test.cs:78:13:78:17 | SSA def(x) |
+| Test.cs:99:9:99:15 | SSA phi read(x) | Test.cs:90:9:97:9 | SSA phi read(x) |
diff --git a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql
index f9603dc1da2..8fee62217bf 100644
--- a/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql
+++ b/csharp/ql/test/library-tests/dataflow/ssa/SSAPhiRead.ql
@@ -1,6 +1,17 @@
 import csharp
 import semmle.code.csharp.dataflow.internal.SsaImpl
+import ExposedForTestingOnly
 
-from Ssa::SourceVariable v, ControlFlow::BasicBlock bb
-where phiReadExposedForTesting(bb, v)
-select v, bb
+query predicate phiReadNode(PhiReadNode phi, Ssa::SourceVariable v) { phi.getSourceVariable() = v }
+
+query predicate phiReadNodeRead(PhiReadNode phi, Ssa::SourceVariable v, ControlFlow::Node read) {
+  phi.getSourceVariable() = v and
+  exists(ControlFlow::BasicBlock bb, int i |
+    ssaDefReachesReadExt(v, phi, bb, i) and
+    read = bb.getNode(i)
+  )
+}
+
+query predicate phiReadInput(PhiReadNode phi, DefinitionExt inp) {
+  phiHasInputFromBlockExt(phi, inp, _)
+}
diff --git a/csharp/ql/test/library-tests/dataflow/ssa/Test.cs b/csharp/ql/test/library-tests/dataflow/ssa/Test.cs
index 5d321d0117d..23fee7d4706 100644
--- a/csharp/ql/test/library-tests/dataflow/ssa/Test.cs
+++ b/csharp/ql/test/library-tests/dataflow/ssa/Test.cs
@@ -95,7 +95,7 @@ class Test
         {
             use(x);
         }
-        // no phi_use for `x`, because actual use exists in the block
+        // phi_use for `x`, even though there is an actual use in the block
         use(x);
 
 
diff --git a/csharp/ql/test/library-tests/delegates/Delegates2.ql b/csharp/ql/test/library-tests/delegates/Delegates2.ql
index 951c7ab9724..1ce83492659 100644
--- a/csharp/ql/test/library-tests/delegates/Delegates2.ql
+++ b/csharp/ql/test/library-tests/delegates/Delegates2.ql
@@ -6,7 +6,7 @@ import csharp
 
 from DelegateType d
 where
-  d.hasQualifiedName("Delegates.FooDelegate") and
+  d.hasQualifiedName("Delegates", "FooDelegate") and
   d.getReturnType() instanceof DoubleType and
   d.getParameter(0).hasName("param") and
   d.getParameter(0).isRef() and
diff --git a/csharp/ql/test/library-tests/delegates/Delegates3.ql b/csharp/ql/test/library-tests/delegates/Delegates3.ql
index 88c019b3067..08fc413249c 100644
--- a/csharp/ql/test/library-tests/delegates/Delegates3.ql
+++ b/csharp/ql/test/library-tests/delegates/Delegates3.ql
@@ -6,7 +6,7 @@ import csharp
 
 from DelegateType d
 where
-  d.hasQualifiedName("System.Threading.ContextCallback") and
+  d.hasQualifiedName("System.Threading", "ContextCallback") and
   d.getNumberOfParameters() = 1 and
   d.getParameter(0).hasName("state") and
   d.getParameter(0).isValue() and
diff --git a/csharp/ql/test/library-tests/enums/Enums1.ql b/csharp/ql/test/library-tests/enums/Enums1.ql
index f9978014487..ede536a2695 100644
--- a/csharp/ql/test/library-tests/enums/Enums1.ql
+++ b/csharp/ql/test/library-tests/enums/Enums1.ql
@@ -7,5 +7,5 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "Red" and
-  c.getDeclaringType().hasQualifiedName("Enums.Color")
+  c.getDeclaringType().hasQualifiedName("Enums", "Color")
 select c, c.getType()
diff --git a/csharp/ql/test/library-tests/enums/Enums10.ql b/csharp/ql/test/library-tests/enums/Enums10.ql
index 21bb8019785..ced6b3709f9 100644
--- a/csharp/ql/test/library-tests/enums/Enums10.ql
+++ b/csharp/ql/test/library-tests/enums/Enums10.ql
@@ -8,7 +8,7 @@ from EnumConstant c, EnumConstant d
 where
   c.getName() = "Blue" and
   d.hasName("AnotherBlue") and
-  c.getDeclaringType().hasQualifiedName("Enums.SparseColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "SparseColor") and
   c.getType() = c.getDeclaringType() and
   c.getType() = d.getType() and
   c.getValue() = "11" and
diff --git a/csharp/ql/test/library-tests/enums/Enums2.ql b/csharp/ql/test/library-tests/enums/Enums2.ql
index eda8843c3c8..97c68efd774 100644
--- a/csharp/ql/test/library-tests/enums/Enums2.ql
+++ b/csharp/ql/test/library-tests/enums/Enums2.ql
@@ -7,7 +7,7 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "Green" and
-  c.getDeclaringType().hasQualifiedName("Enums.Color") and
+  c.getDeclaringType().hasQualifiedName("Enums", "Color") and
   c.getType() = c.getDeclaringType() and
   c.getUnderlyingType() instanceof IntType
 select c
diff --git a/csharp/ql/test/library-tests/enums/Enums3.ql b/csharp/ql/test/library-tests/enums/Enums3.ql
index 4cbb3e65e4d..57d46ac987a 100644
--- a/csharp/ql/test/library-tests/enums/Enums3.ql
+++ b/csharp/ql/test/library-tests/enums/Enums3.ql
@@ -3,11 +3,13 @@
  */
 
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
-from EnumConstant c
+from EnumConstant c, string namespace, string name
 where
   c.getName() = "Green" and
-  c.getDeclaringType().hasQualifiedName("Enums.LongColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "LongColor") and
   c.getType() = c.getDeclaringType() and
-  c.getValue() = "1"
-select c, c.getDeclaringType().getBaseClass().getQualifiedName()
+  c.getValue() = "1" and
+  c.getDeclaringType().getBaseClass().hasQualifiedName(namespace, name)
+select c, getQualifiedName(namespace, name)
diff --git a/csharp/ql/test/library-tests/enums/Enums4.ql b/csharp/ql/test/library-tests/enums/Enums4.ql
index 087c6b1f576..5a16ffb7c4c 100644
--- a/csharp/ql/test/library-tests/enums/Enums4.ql
+++ b/csharp/ql/test/library-tests/enums/Enums4.ql
@@ -4,5 +4,5 @@
 
 import csharp
 
-where forall(Enum e | e.getBaseClass().hasQualifiedName("System.Enum"))
+where forall(Enum e | e.getBaseClass().hasQualifiedName("System", "Enum"))
 select 1
diff --git a/csharp/ql/test/library-tests/enums/Enums6.ql b/csharp/ql/test/library-tests/enums/Enums6.ql
index 93e03a3e787..3e9332e2890 100644
--- a/csharp/ql/test/library-tests/enums/Enums6.ql
+++ b/csharp/ql/test/library-tests/enums/Enums6.ql
@@ -7,7 +7,7 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "FourBlue" and
-  c.getDeclaringType().hasQualifiedName("Enums.ValueColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "ValueColor") and
   c.getType() = c.getDeclaringType() and
   c.getValue() = "4" and
   c.getUnderlyingType() instanceof UIntType
diff --git a/csharp/ql/test/library-tests/enums/Enums7.ql b/csharp/ql/test/library-tests/enums/Enums7.ql
index 93e03a3e787..3e9332e2890 100644
--- a/csharp/ql/test/library-tests/enums/Enums7.ql
+++ b/csharp/ql/test/library-tests/enums/Enums7.ql
@@ -7,7 +7,7 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "FourBlue" and
-  c.getDeclaringType().hasQualifiedName("Enums.ValueColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "ValueColor") and
   c.getType() = c.getDeclaringType() and
   c.getValue() = "4" and
   c.getUnderlyingType() instanceof UIntType
diff --git a/csharp/ql/test/library-tests/enums/Enums8.ql b/csharp/ql/test/library-tests/enums/Enums8.ql
index 26ac31db457..03086265795 100644
--- a/csharp/ql/test/library-tests/enums/Enums8.ql
+++ b/csharp/ql/test/library-tests/enums/Enums8.ql
@@ -7,7 +7,7 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "Red" and
-  c.getDeclaringType().hasQualifiedName("Enums.SparseColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "SparseColor") and
   c.getType() = c.getDeclaringType() and
   c.getValue() = "0" and
   c.getUnderlyingType() instanceof IntType and
diff --git a/csharp/ql/test/library-tests/enums/Enums9.ql b/csharp/ql/test/library-tests/enums/Enums9.ql
index 895764920f7..b1ad791b758 100644
--- a/csharp/ql/test/library-tests/enums/Enums9.ql
+++ b/csharp/ql/test/library-tests/enums/Enums9.ql
@@ -7,7 +7,7 @@ import csharp
 from EnumConstant c
 where
   c.getName() = "Green" and
-  c.getDeclaringType().hasQualifiedName("Enums.SparseColor") and
+  c.getDeclaringType().hasQualifiedName("Enums", "SparseColor") and
   c.getType() = c.getDeclaringType() and
   c.getValue() = "10" and
   c.getUnderlyingType() instanceof IntType and
diff --git a/csharp/ql/test/library-tests/events/Events1.ql b/csharp/ql/test/library-tests/events/Events1.ql
index 5be331349b1..39cd0365a19 100644
--- a/csharp/ql/test/library-tests/events/Events1.ql
+++ b/csharp/ql/test/library-tests/events/Events1.ql
@@ -7,6 +7,6 @@ import csharp
 from Event e
 where
   e.getName() = "Click" and
-  e.getDeclaringType().hasQualifiedName("Events.Button") and
+  e.getDeclaringType().hasQualifiedName("Events", "Button") and
   e.isPublic()
 select e, e.getType()
diff --git a/csharp/ql/test/library-tests/events/Events2.ql b/csharp/ql/test/library-tests/events/Events2.ql
index 3ff06e1a4d4..ef5a08d1f8f 100644
--- a/csharp/ql/test/library-tests/events/Events2.ql
+++ b/csharp/ql/test/library-tests/events/Events2.ql
@@ -7,6 +7,6 @@ import csharp
 from Event e
 where
   e.getName() = "Click" and
-  e.getDeclaringType().hasQualifiedName("Events.Button") and
+  e.getDeclaringType().hasQualifiedName("Events", "Button") and
   e.isFieldLike()
 select e, e.getType()
diff --git a/csharp/ql/test/library-tests/events/Events3.ql b/csharp/ql/test/library-tests/events/Events3.ql
index b90a358b43a..97a03e97ecb 100644
--- a/csharp/ql/test/library-tests/events/Events3.ql
+++ b/csharp/ql/test/library-tests/events/Events3.ql
@@ -7,6 +7,6 @@ import csharp
 from Event e
 where
   e.getName() = "Click" and
-  e.getDeclaringType().hasQualifiedName("Events.Button") and
+  e.getDeclaringType().hasQualifiedName("Events", "Button") and
   e.getType().hasName("EventHandler")
 select e, e.getType()
diff --git a/csharp/ql/test/library-tests/events/Events4.ql b/csharp/ql/test/library-tests/events/Events4.ql
index 7250c0b2c1c..3213e28b03b 100644
--- a/csharp/ql/test/library-tests/events/Events4.ql
+++ b/csharp/ql/test/library-tests/events/Events4.ql
@@ -7,7 +7,7 @@ import csharp
 from Event e
 where
   e.getName() = "MouseUp" and
-  e.getDeclaringType().hasQualifiedName("Events.Control") and
+  e.getDeclaringType().hasQualifiedName("Events", "Control") and
   e.getType().hasName("EventHandler") and
   e.isPublic()
 select e, e.getType()
diff --git a/csharp/ql/test/library-tests/events/Events5.ql b/csharp/ql/test/library-tests/events/Events5.ql
index 259ac14966d..3aed44b4f6d 100644
--- a/csharp/ql/test/library-tests/events/Events5.ql
+++ b/csharp/ql/test/library-tests/events/Events5.ql
@@ -6,7 +6,7 @@ import csharp
 
 where
   count(Event e |
-    e.getDeclaringType().hasQualifiedName("Events.Control") and
+    e.getDeclaringType().hasQualifiedName("Events", "Control") and
     e.getType().hasName("EventHandler") and
     e.isPublic()
   ) = 2
diff --git a/csharp/ql/test/library-tests/events/Events7.ql b/csharp/ql/test/library-tests/events/Events7.ql
index 407d69be06d..0d6c31630b8 100644
--- a/csharp/ql/test/library-tests/events/Events7.ql
+++ b/csharp/ql/test/library-tests/events/Events7.ql
@@ -7,6 +7,6 @@ import csharp
 from Event e
 where
   e.getName() = "MouseUp" and
-  e.getDeclaringType().hasQualifiedName("Events.Control") and
+  e.getDeclaringType().hasQualifiedName("Events", "Control") and
   not e.isFieldLike()
 select e, e.getType()
diff --git a/csharp/ql/test/library-tests/expressions/As1.ql b/csharp/ql/test/library-tests/expressions/As1.ql
index 6c436883d13..451a6c3c099 100644
--- a/csharp/ql/test/library-tests/expressions/As1.ql
+++ b/csharp/ql/test/library-tests/expressions/As1.ql
@@ -9,6 +9,6 @@ where
   m.hasName("MainIsAsCast") and
   e.getEnclosingCallable() = m and
   e.getExpr().(ParameterAccess).getTarget().getName() = "o" and
-  e.getTargetType().(Class).hasQualifiedName("Expressions.Class") and
+  e.getTargetType().(Class).hasQualifiedName("Expressions", "Class") and
   e.getEnclosingStmt().getParent().getParent() instanceof IfStmt
 select m, e
diff --git a/csharp/ql/test/library-tests/expressions/Cast1.ql b/csharp/ql/test/library-tests/expressions/Cast1.ql
index d7f812326ef..5233c6066c3 100644
--- a/csharp/ql/test/library-tests/expressions/Cast1.ql
+++ b/csharp/ql/test/library-tests/expressions/Cast1.ql
@@ -9,6 +9,6 @@ where
   m.hasName("MainIsAsCast") and
   e.getEnclosingCallable() = m and
   e.getExpr().(ParameterAccess).getTarget().getName() = "p" and
-  e.getTargetType().(Class).hasQualifiedName("Expressions.Class") and
+  e.getTargetType().(Class).hasQualifiedName("Expressions", "Class") and
   e.getEnclosingStmt().getParent().getParent() instanceof IfStmt
 select m, e
diff --git a/csharp/ql/test/library-tests/expressions/DelegateCall3.ql b/csharp/ql/test/library-tests/expressions/DelegateCall3.ql
index b68b35dde45..af7cf0bba16 100644
--- a/csharp/ql/test/library-tests/expressions/DelegateCall3.ql
+++ b/csharp/ql/test/library-tests/expressions/DelegateCall3.ql
@@ -10,5 +10,5 @@ where
   e.getEnclosingCallable() = m and
   e.getExpr() = a and
   a.getTarget().hasName("cd7") and
-  a.getTarget().getType().(DelegateType).hasQualifiedName("Expressions.D")
+  a.getTarget().getType().(DelegateType).hasQualifiedName("Expressions", "D")
 select m, e, a
diff --git a/csharp/ql/test/library-tests/expressions/Is1.ql b/csharp/ql/test/library-tests/expressions/Is1.ql
index 705b7a98ad4..baa85f62da2 100644
--- a/csharp/ql/test/library-tests/expressions/Is1.ql
+++ b/csharp/ql/test/library-tests/expressions/Is1.ql
@@ -10,5 +10,5 @@ where
   e.getEnclosingCallable() = m and
   e.getExpr().(ParameterAccess).getTarget().getName() = "o" and
   tpe = e.getPattern() and
-  tpe.getCheckedType().(Class).hasQualifiedName("Expressions.Class")
+  tpe.getCheckedType().(Class).hasQualifiedName("Expressions", "Class")
 select m, e
diff --git a/csharp/ql/test/library-tests/fields/Constants1.ql b/csharp/ql/test/library-tests/fields/Constants1.ql
index 587a38b5731..9759e49893e 100644
--- a/csharp/ql/test/library-tests/fields/Constants1.ql
+++ b/csharp/ql/test/library-tests/fields/Constants1.ql
@@ -7,7 +7,7 @@ import csharp
 from MemberConstant c
 where
   c.getName() = "X" and
-  c.getDeclaringType().hasQualifiedName("Constants.A") and
+  c.getDeclaringType().hasQualifiedName("Constants", "A") and
   c.getType() instanceof IntType and
   c.getInitializer() instanceof BinaryOperation and
   c.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Constants2.ql b/csharp/ql/test/library-tests/fields/Constants2.ql
index 908c1f7c5c9..ec28d999150 100644
--- a/csharp/ql/test/library-tests/fields/Constants2.ql
+++ b/csharp/ql/test/library-tests/fields/Constants2.ql
@@ -7,7 +7,7 @@ import csharp
 from MemberConstant c
 where
   c.getName() = "Y" and
-  c.getDeclaringType().hasQualifiedName("Constants.A") and
+  c.getDeclaringType().hasQualifiedName("Constants", "A") and
   c.getType() instanceof IntType and
   c.getInitializer() instanceof IntLiteral and
   c.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Constants3.ql b/csharp/ql/test/library-tests/fields/Constants3.ql
index e2bb2d9e34a..38af03d0676 100644
--- a/csharp/ql/test/library-tests/fields/Constants3.ql
+++ b/csharp/ql/test/library-tests/fields/Constants3.ql
@@ -7,7 +7,7 @@ import csharp
 from MemberConstant c
 where
   c.getName() = "Z" and
-  c.getDeclaringType().hasQualifiedName("Constants.B") and
+  c.getDeclaringType().hasQualifiedName("Constants", "B") and
   c.getType() instanceof IntType and
   c.getInitializer() instanceof BinaryOperation and
   c.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields1.ql b/csharp/ql/test/library-tests/fields/Fields1.ql
index 7e7c5dfbc95..dd85903934c 100644
--- a/csharp/ql/test/library-tests/fields/Fields1.ql
+++ b/csharp/ql/test/library-tests/fields/Fields1.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "X" and
-  f.getDeclaringType().hasQualifiedName("Fields.A") and
+  f.getDeclaringType().hasQualifiedName("Fields", "A") and
   f.getType() instanceof IntType and
   f.getInitializer().(IntLiteral).getValue() = "1" and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields10.ql b/csharp/ql/test/library-tests/fields/Fields10.ql
index fa17e74d69b..5b5bbf7d808 100644
--- a/csharp/ql/test/library-tests/fields/Fields10.ql
+++ b/csharp/ql/test/library-tests/fields/Fields10.ql
@@ -8,6 +8,6 @@ from Field f, SimpleType t
 where
   f.getName() = "MaxValue" and
   f.getDeclaringType() = t and
-  t.hasQualifiedName("System.Decimal") and
+  t.hasQualifiedName("System", "Decimal") and
   f.isPublic()
 select f.toString(), f.getDeclaringType().toString()
diff --git a/csharp/ql/test/library-tests/fields/Fields2.ql b/csharp/ql/test/library-tests/fields/Fields2.ql
index 9a970e1eed9..ef4e737a635 100644
--- a/csharp/ql/test/library-tests/fields/Fields2.ql
+++ b/csharp/ql/test/library-tests/fields/Fields2.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "Y" and
-  f.getDeclaringType().hasQualifiedName("Fields.A") and
+  f.getDeclaringType().hasQualifiedName("Fields", "A") and
   f.getType() instanceof IntType and
   not exists(f.getInitializer()) and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields3.ql b/csharp/ql/test/library-tests/fields/Fields3.ql
index a6a4fade742..2bfdc558d08 100644
--- a/csharp/ql/test/library-tests/fields/Fields3.ql
+++ b/csharp/ql/test/library-tests/fields/Fields3.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "Z" and
-  f.getDeclaringType().hasQualifiedName("Fields.A") and
+  f.getDeclaringType().hasQualifiedName("Fields", "A") and
   f.getType() instanceof IntType and
   f.getInitializer().(IntLiteral).getValue() = "100" and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields4.ql b/csharp/ql/test/library-tests/fields/Fields4.ql
index f6c01e4e322..96c88c178cf 100644
--- a/csharp/ql/test/library-tests/fields/Fields4.ql
+++ b/csharp/ql/test/library-tests/fields/Fields4.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "X" and
-  f.getDeclaringType().hasQualifiedName("Fields.B") and
+  f.getDeclaringType().hasQualifiedName("Fields", "B") and
   f.getType() instanceof IntType and
   f.getInitializer().(IntLiteral).getValue() = "1" and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields5.ql b/csharp/ql/test/library-tests/fields/Fields5.ql
index eeaf4996e0c..2ff6d63581c 100644
--- a/csharp/ql/test/library-tests/fields/Fields5.ql
+++ b/csharp/ql/test/library-tests/fields/Fields5.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "Y" and
-  f.getDeclaringType().hasQualifiedName("Fields.B") and
+  f.getDeclaringType().hasQualifiedName("Fields", "B") and
   f.getType() instanceof IntType and
   not exists(f.getInitializer()) and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields6.ql b/csharp/ql/test/library-tests/fields/Fields6.ql
index 8706c829205..8967586b86b 100644
--- a/csharp/ql/test/library-tests/fields/Fields6.ql
+++ b/csharp/ql/test/library-tests/fields/Fields6.ql
@@ -7,7 +7,7 @@ import csharp
 from Field f
 where
   f.getName() = "finished" and
-  f.getDeclaringType().hasQualifiedName("Fields.Application") and
+  f.getDeclaringType().hasQualifiedName("Fields", "Application") and
   f.getType() instanceof BoolType and
   not exists(f.getInitializer()) and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/fields/Fields7.ql b/csharp/ql/test/library-tests/fields/Fields7.ql
index 5097de7923f..3c031831ab6 100644
--- a/csharp/ql/test/library-tests/fields/Fields7.ql
+++ b/csharp/ql/test/library-tests/fields/Fields7.ql
@@ -8,7 +8,7 @@ from Field f, UnboundGenericClass c
 where
   f.getName() = "count" and
   f.getDeclaringType() = c and
-  c.hasQualifiedName("Fields.C<>") and
+  c.hasQualifiedName("Fields", "C<>") and
   f.getType() instanceof IntType and
   f.isStatic()
 select f, f.getDeclaringType()
diff --git a/csharp/ql/test/library-tests/fields/Fields8.ql b/csharp/ql/test/library-tests/fields/Fields8.ql
index 5097de7923f..3c031831ab6 100644
--- a/csharp/ql/test/library-tests/fields/Fields8.ql
+++ b/csharp/ql/test/library-tests/fields/Fields8.ql
@@ -8,7 +8,7 @@ from Field f, UnboundGenericClass c
 where
   f.getName() = "count" and
   f.getDeclaringType() = c and
-  c.hasQualifiedName("Fields.C<>") and
+  c.hasQualifiedName("Fields", "C<>") and
   f.getType() instanceof IntType and
   f.isStatic()
 select f, f.getDeclaringType()
diff --git a/csharp/ql/test/library-tests/fields/Fields9.ql b/csharp/ql/test/library-tests/fields/Fields9.ql
index 24a601da86a..9bb87878ee3 100644
--- a/csharp/ql/test/library-tests/fields/Fields9.ql
+++ b/csharp/ql/test/library-tests/fields/Fields9.ql
@@ -8,7 +8,7 @@ from Field f, Class c
 where
   f.getName() = "Black" and
   f.getDeclaringType() = c and
-  c.hasQualifiedName("Fields.Color") and
+  c.hasQualifiedName("Fields", "Color") and
   f.getType() = c and
   f.isStatic() and
   f.isPublic() and
diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected
index ae10cc17e9d..2d5a35839fb 100644
--- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected
@@ -131,7 +131,7 @@ summary
 | System.Data.Entity;DbSet<>;false;AttachRange;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;Argument[this].Element;value;manual |
 | System.Data.Entity;DbSet<>;false;Update;(T);;Argument[0];Argument[this].Element;value;manual |
 | System.Data.Entity;DbSet<>;false;UpdateRange;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;Argument[this].Element;value;manual |
-negativeSummary
+neutral
 sourceNode
 sinkNode
 | EntityFrameworkCore.cs:72:36:72:40 | "sql" | sql |
diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql
index 41cc8379b3d..00873833083 100644
--- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql
+++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql
@@ -2,8 +2,7 @@ import semmle.code.csharp.frameworks.EntityFramework::EntityFramework
 import shared.FlowSummaries
 import semmle.code.csharp.dataflow.ExternalFlow as ExternalFlow
 
-private class IncludeEFSummarizedCallable extends IncludeSummarizedCallable {
-  IncludeEFSummarizedCallable() { this instanceof EFSummarizedCallable }
+private class IncludeEFSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable {
 }
 
 query predicate sourceNode(DataFlow::Node node, string kind) {
diff --git a/csharp/ql/test/library-tests/generics/Generics.ql b/csharp/ql/test/library-tests/generics/Generics.ql
index 4b43baa6fca..b0c1623b68a 100644
--- a/csharp/ql/test/library-tests/generics/Generics.ql
+++ b/csharp/ql/test/library-tests/generics/Generics.ql
@@ -1,4 +1,5 @@
 import csharp
+import semmle.code.csharp.commons.QualifiedName
 
 query predicate test1(UnboundGenericDelegateType d) {
   d.hasName("GenericDelegate<>") and
@@ -259,18 +260,24 @@ query predicate test32(ConstructedGeneric cg, string s1, string s2) {
 
 query predicate test33(ConstructedMethod cm, string s1, string s2) {
   cm.fromSource() and
-  cm.getQualifiedName() = s1 and
+  exists(string namespace, string type, string name |
+    cm.hasQualifiedName(namespace, type, name) and s1 = getQualifiedName(namespace, type, name)
+  ) and
   cm.getQualifiedNameWithTypes() = s2
 }
 
 query predicate test34(UnboundGeneric ug, string s1, string s2) {
   ug.fromSource() and
-  ug.getQualifiedName() = s1 and
+  exists(string qualifier, string name |
+    ug.hasQualifiedName(qualifier, name) and s1 = getQualifiedName(qualifier, name)
+  ) and
   ug.getQualifiedNameWithTypes() = s2
 }
 
 query predicate test35(UnboundGenericMethod gm, string s1, string s2) {
   gm.fromSource() and
-  gm.getQualifiedName() = s1 and
+  exists(string namespace, string type, string name |
+    gm.hasQualifiedName(namespace, type, name) and s1 = getQualifiedName(namespace, type, name)
+  ) and
   gm.getQualifiedNameWithTypes() = s2
 }
diff --git a/csharp/ql/test/library-tests/indexers/Indexers10.ql b/csharp/ql/test/library-tests/indexers/Indexers10.ql
index a8329523315..2d1c7aee3a7 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers10.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers10.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.Grid") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "Grid") and
   i.getType() instanceof IntType and
   i.isPublic() and
   i.isReadWrite()
diff --git a/csharp/ql/test/library-tests/indexers/Indexers2.ql b/csharp/ql/test/library-tests/indexers/Indexers2.ql
index 6065ae9abb8..ef470e73bad 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers2.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers2.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.BitArray") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "BitArray") and
   i.getType() instanceof BoolType and
   i.getDimension() = 1
 select i
diff --git a/csharp/ql/test/library-tests/indexers/Indexers3.ql b/csharp/ql/test/library-tests/indexers/Indexers3.ql
index 9b38e6f6751..f6f116ab70d 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers3.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers3.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.BitArray") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "BitArray") and
   i.getType() instanceof BoolType and
   i.getParameter(0).getName() = "index" and
   i.getParameter(0).getType() instanceof IntType
diff --git a/csharp/ql/test/library-tests/indexers/Indexers4.ql b/csharp/ql/test/library-tests/indexers/Indexers4.ql
index 5eeb3808a53..08d693e9489 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers4.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers4.ql
@@ -6,6 +6,6 @@ import csharp
 
 from Class c
 where
-  c.hasQualifiedName("Indexers.BitArray") and
+  c.hasQualifiedName("Indexers", "BitArray") and
   count(Indexer i | i.getDeclaringType() = c) = 1
 select c
diff --git a/csharp/ql/test/library-tests/indexers/Indexers5.ql b/csharp/ql/test/library-tests/indexers/Indexers5.ql
index f264e130711..3e21cdd53cc 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers5.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers5.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.BitArray") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "BitArray") and
   i.getType() instanceof BoolType and
   i.isPublic() and
   i.isReadWrite()
diff --git a/csharp/ql/test/library-tests/indexers/Indexers6.ql b/csharp/ql/test/library-tests/indexers/Indexers6.ql
index 148a896e515..9b33dd67126 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers6.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers6.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.BitArray") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "BitArray") and
   i.getType() instanceof BoolType and
   i.getGetter().hasBody() and
   i.getSetter().hasBody()
diff --git a/csharp/ql/test/library-tests/indexers/Indexers7.ql b/csharp/ql/test/library-tests/indexers/Indexers7.ql
index 74dc80fa624..3c93f94ef9a 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers7.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers7.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.Grid") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "Grid") and
   i.getType() instanceof IntType and
   i.getDimension() = 2
 select i
diff --git a/csharp/ql/test/library-tests/indexers/Indexers8.ql b/csharp/ql/test/library-tests/indexers/Indexers8.ql
index abaf258fafe..f3fdfa9b0fe 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers8.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers8.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.Grid") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "Grid") and
   i.getType() instanceof IntType and
   i.getParameter(0).getName() = "c" and
   i.getParameter(0).getType() instanceof CharType
diff --git a/csharp/ql/test/library-tests/indexers/Indexers9.ql b/csharp/ql/test/library-tests/indexers/Indexers9.ql
index a50719af912..5999bd14791 100644
--- a/csharp/ql/test/library-tests/indexers/Indexers9.ql
+++ b/csharp/ql/test/library-tests/indexers/Indexers9.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Indexer i
 where
-  i.getDeclaringType().hasQualifiedName("Indexers.Grid") and
+  i.getDeclaringType().hasQualifiedName("Indexers", "Grid") and
   i.getType() instanceof IntType and
   i.getParameter(1).getName() = "col" and
   i.getParameter(1).getType() instanceof IntType
diff --git a/csharp/ql/test/library-tests/methods/Parameters1.ql b/csharp/ql/test/library-tests/methods/Parameters1.ql
index d4b1939bfe7..c28a724198c 100644
--- a/csharp/ql/test/library-tests/methods/Parameters1.ql
+++ b/csharp/ql/test/library-tests/methods/Parameters1.ql
@@ -7,7 +7,7 @@ import csharp
 from Method m
 where
   m.hasName("Swap") and
-  m.getDeclaringType().hasQualifiedName("Methods.TestRef") and
+  m.getDeclaringType().hasQualifiedName("Methods", "TestRef") and
   m.getParameter(0).isRef() and
   m.getParameter(0).hasName("x") and
   m.getParameter(0).getType() instanceof IntType and
diff --git a/csharp/ql/test/library-tests/methods/Parameters2.ql b/csharp/ql/test/library-tests/methods/Parameters2.ql
index eb992f2c7f0..15b1471f1c5 100644
--- a/csharp/ql/test/library-tests/methods/Parameters2.ql
+++ b/csharp/ql/test/library-tests/methods/Parameters2.ql
@@ -7,7 +7,7 @@ import csharp
 from Method m
 where
   m.hasName("Divide") and
-  m.getDeclaringType().hasQualifiedName("Methods.TestOut") and
+  m.getDeclaringType().hasQualifiedName("Methods", "TestOut") and
   m.getParameter(0).isValue() and
   m.getParameter(0).hasName("x") and
   m.getParameter(0).getType() instanceof IntType and
diff --git a/csharp/ql/test/library-tests/methods/Parameters3.ql b/csharp/ql/test/library-tests/methods/Parameters3.ql
index 0c69218be58..8f286d7ee7e 100644
--- a/csharp/ql/test/library-tests/methods/Parameters3.ql
+++ b/csharp/ql/test/library-tests/methods/Parameters3.ql
@@ -7,7 +7,7 @@ import csharp
 from Method m
 where
   m.hasName("Write") and
-  m.getDeclaringType().hasQualifiedName("Methods.Console") and
+  m.getDeclaringType().hasQualifiedName("Methods", "Console") and
   m.getParameter(0).isValue() and
   m.getParameter(0).hasName("fmt") and
   m.getParameter(0).getType() instanceof StringType and
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces1.ql b/csharp/ql/test/library-tests/namespaces/Namespaces1.ql
index 0a1e1e965b7..92fe438894b 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces1.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces1.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n
 where
-  n.hasQualifiedName("N1.N2") and
+  n.hasQualifiedName("N1", "N2") and
   n.getAClass().hasName("A") and
   n.getAClass().hasName("B")
 select n
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces10.ql b/csharp/ql/test/library-tests/namespaces/Namespaces10.ql
index c45a49cbd39..135067040a4 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces10.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces10.ql
@@ -6,11 +6,11 @@ import csharp
 
 from Namespace n, UnboundGenericClass ga, Class a
 where
-  n.hasQualifiedName("R1") and
+  n.hasQualifiedName("", "R1") and
   ga.hasQualifiedName("R1", "A<>") and
   ga.getATypeParameter().hasName("T") and
   ga.getNamespace() = n and
-  a.hasQualifiedName("R1.A") and
+  a.hasQualifiedName("R1", "A") and
   n.getAClass() = a and
   n.getAClass() = ga
 select n, ga, a
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces11.ql b/csharp/ql/test/library-tests/namespaces/Namespaces11.ql
index 3aea83ac0cf..8f8453ad18e 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces11.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces11.ql
@@ -6,7 +6,7 @@ import csharp
 
 from UsingNamespaceDirective u
 where
-  u.getParentNamespaceDeclaration().getNamespace().hasQualifiedName("S3") and
-  u.getImportedNamespace().hasQualifiedName("S1.S2") and
+  u.getParentNamespaceDeclaration().getNamespace().hasQualifiedName("", "S3") and
+  u.getImportedNamespace().hasQualifiedName("S1", "S2") and
   u.getFile().getBaseName() = "namespaces.cs"
 select u
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces12.ql b/csharp/ql/test/library-tests/namespaces/Namespaces12.ql
index 73d66435b9d..5cc9dd3e643 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces12.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces12.ql
@@ -7,6 +7,6 @@ import csharp
 from UsingNamespaceDirective u
 where
   u.getFile().getBaseName() = "namespaces.cs" and
-  u.getImportedNamespace().hasQualifiedName("System.Collections.Generic") and
+  u.getImportedNamespace().hasQualifiedName("System.Collections", "Generic") and
   not exists(u.getParentNamespaceDeclaration())
 select u
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces2.ql b/csharp/ql/test/library-tests/namespaces/Namespaces2.ql
index f176ad89d3d..0cebeb2eb7b 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces2.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces2.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n
 where
-  n.hasQualifiedName("M1.M2") and
+  n.hasQualifiedName("M1", "M2") and
   n.getAClass().hasName("A") and
   n.getAClass().hasName("B")
 select n
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces3.ql b/csharp/ql/test/library-tests/namespaces/Namespaces3.ql
index 60acfc8bce5..0ecf971f3fe 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces3.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces3.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n
 where
-  n.hasQualifiedName("P1.P2") and
+  n.hasQualifiedName("P1", "P2") and
   n.getAClass().hasName("A") and
   n.getAClass().hasName("B") and
   n.getAStruct().hasName("S") and
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces4.ql b/csharp/ql/test/library-tests/namespaces/Namespaces4.ql
index 81313001412..738a4c1966f 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces4.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces4.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n, Class a, Class b
 where
-  n.hasQualifiedName("M1.M2") and
+  n.hasQualifiedName("M1", "M2") and
   a = n.getAClass() and
   a.hasName("A") and
   a.isPublic() and
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces5.ql b/csharp/ql/test/library-tests/namespaces/Namespaces5.ql
index 95c51ca1e37..aae2d671b2b 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces5.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces5.ql
@@ -6,6 +6,6 @@ import csharp
 
 from Namespace n
 where
-  n.hasQualifiedName("Empty") and
+  n.hasQualifiedName("", "Empty") and
   not exists(n.getATypeDeclaration())
 select n
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces6.ql b/csharp/ql/test/library-tests/namespaces/Namespaces6.ql
index d89e2a998fa..27539b59f7e 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces6.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces6.ql
@@ -6,9 +6,9 @@ import csharp
 
 from Namespace n, Namespace p
 where
-  n.hasQualifiedName("Q1.Q2") and
+  n.hasQualifiedName("Q1", "Q2") and
   n.hasName("Q2") and
   p = n.getParentNamespace() and
   p.hasName("Q1") and
-  p.hasQualifiedName("Q1")
+  p.hasQualifiedName("", "Q1")
 select p, n
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces7.ql b/csharp/ql/test/library-tests/namespaces/Namespaces7.ql
index 4593ddef8c4..6822aacf1ef 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces7.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces7.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n, Class b, Class a
 where
-  n.hasQualifiedName("Q3") and
+  n.hasQualifiedName("", "Q3") and
   a.hasQualifiedName("Q1.Q2", "A") and
   b.hasName("B") and
   b.getNamespace() = n and
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces8.ql b/csharp/ql/test/library-tests/namespaces/Namespaces8.ql
index 870f0c397b1..312fb960c91 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces8.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces8.ql
@@ -6,7 +6,7 @@ import csharp
 
 from Namespace n, Class c, Class a
 where
-  n.hasQualifiedName("Q3") and
+  n.hasQualifiedName("", "Q3") and
   a.hasQualifiedName("Q1.Q2", "A") and
   c.hasName("C") and
   c.getNamespace() = n and
diff --git a/csharp/ql/test/library-tests/namespaces/Namespaces9.ql b/csharp/ql/test/library-tests/namespaces/Namespaces9.ql
index 253e74ddfd6..ec380123d61 100644
--- a/csharp/ql/test/library-tests/namespaces/Namespaces9.ql
+++ b/csharp/ql/test/library-tests/namespaces/Namespaces9.ql
@@ -10,5 +10,5 @@ where
   a.getATypeParameter().hasName("T") and
   a.getANestedType() = b and
   b.getName() = "B" and
-  b.hasQualifiedName("R1.A<>+B")
+  b.hasQualifiedName("R1", "A<>+B")
 select a, b
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes1.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes1.ql
index 411ff0b664f..57b667876a5 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes1.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes1.ql
@@ -6,8 +6,8 @@ import csharp
 
 from Class c, Struct s
 where
-  c.hasQualifiedName("NestedTypes.Base") and
-  s.hasQualifiedName("NestedTypes.Base+S") and
+  c.hasQualifiedName("NestedTypes", "Base") and
+  s.hasQualifiedName("NestedTypes", "Base+S") and
   s = c.getANestedType() and
   s.(NestedType).isProtected() and
   c.isPublic()
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes2.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes2.ql
index 0432b5e4303..b3be4723dff 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes2.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes2.ql
@@ -6,8 +6,8 @@ import csharp
 
 from Class c, Interface i
 where
-  c.hasQualifiedName("NestedTypes.Base") and
-  i.hasQualifiedName("NestedTypes.Base+I") and
+  c.hasQualifiedName("NestedTypes", "Base") and
+  i.hasQualifiedName("NestedTypes", "Base+I") and
   i.(NestedType).isPrivate() and
   i = c.getANestedType()
 select c, i
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes3.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes3.ql
index d636c18b6d3..c3b216e23a2 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes3.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes3.ql
@@ -6,8 +6,8 @@ import csharp
 
 from Class c, DelegateType d
 where
-  c.hasQualifiedName("NestedTypes.Base") and
-  d.hasQualifiedName("NestedTypes.Base+MyDelegate") and
+  c.hasQualifiedName("NestedTypes", "Base") and
+  d.hasQualifiedName("NestedTypes", "Base+MyDelegate") and
   d.(NestedType).isPrivate() and
   d = c.getANestedType()
 select c, d
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes4.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes4.ql
index e52c9149db1..bfdb3a441e4 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes4.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes4.ql
@@ -6,9 +6,9 @@ import csharp
 
 from Class base, Class derived, Class nested
 where
-  base.hasQualifiedName("NestedTypes.Base") and
-  derived.hasQualifiedName("NestedTypes.Derived") and
-  nested.hasQualifiedName("NestedTypes.Derived+Nested") and
+  base.hasQualifiedName("NestedTypes", "Base") and
+  derived.hasQualifiedName("NestedTypes", "Derived") and
+  nested.hasQualifiedName("NestedTypes", "Derived+Nested") and
   nested.getNamespace().hasName("NestedTypes") and
   derived.getBaseClass() = base and
   derived.isInternal() and
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes5.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes5.ql
index d7a71757724..7585b923594 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes5.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes5.ql
@@ -6,9 +6,9 @@ import csharp
 
 from Class base, Class derived, Class nested
 where
-  base.hasQualifiedName("NestedTypes.Base") and
-  derived.hasQualifiedName("NestedTypes.Derived") and
-  nested.hasQualifiedName("NestedTypes.Derived+Nested") and
+  base.hasQualifiedName("NestedTypes", "Base") and
+  derived.hasQualifiedName("NestedTypes", "Derived") and
+  nested.hasQualifiedName("NestedTypes", "Derived+Nested") and
   nested.getNamespace().hasName("NestedTypes") and
   nested.getDeclaringType() = derived
 select base, derived, nested
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes6.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes6.ql
index 40c3337d643..ca2c3aadb89 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes6.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes6.ql
@@ -6,7 +6,7 @@ import csharp
 
 from UnboundGenericClass o, UnboundGenericClass i
 where
-  o.hasQualifiedName("NestedTypes.Outer<>") and
-  i.hasQualifiedName("NestedTypes.Outer<>+Inner<>") and
+  o.hasQualifiedName("NestedTypes", "Outer<>") and
+  i.hasQualifiedName("NestedTypes", "Outer<>+Inner<>") and
   i = o.getANestedType()
 select o, i
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes7.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes7.ql
index b8a58417789..750e2c72b01 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes7.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes7.ql
@@ -6,8 +6,8 @@ import csharp
 
 from UnboundGenericClass o, UnboundGenericClass i
 where
-  o.hasQualifiedName("NestedTypes.Outer2<>") and
-  i.hasQualifiedName("NestedTypes.Outer2<>+Inner2<>") and
+  o.hasQualifiedName("NestedTypes", "Outer2<>") and
+  i.hasQualifiedName("NestedTypes", "Outer2<>+Inner2<>") and
   i = o.getANestedType() and
   i.getTypeParameter(0).getName() = o.getTypeParameter(0).getName()
 select o, i
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes8.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes8.ql
index b854068b1e9..cc7fe1475a1 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes8.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes8.ql
@@ -6,8 +6,8 @@ import csharp
 
 from ConstructedClass o, ConstructedClass i
 where
-  o.hasQualifiedName("NestedTypes.Outer<System.Int32>") and
-  i.hasQualifiedName("NestedTypes.Outer<System.Int32>+Inner<System.String>") and
+  o.hasQualifiedName("NestedTypes", "Outer<System.Int32>") and
+  i.hasQualifiedName("NestedTypes", "Outer<System.Int32>+Inner<System.String>") and
   i = o.getANestedType() and
   o.getTypeArgument(0) instanceof IntType and
   i.getTypeArgument(0) instanceof StringType
diff --git a/csharp/ql/test/library-tests/nestedtypes/NestedTypes9.ql b/csharp/ql/test/library-tests/nestedtypes/NestedTypes9.ql
index 2b926ce8ec6..75874018b87 100644
--- a/csharp/ql/test/library-tests/nestedtypes/NestedTypes9.ql
+++ b/csharp/ql/test/library-tests/nestedtypes/NestedTypes9.ql
@@ -6,8 +6,8 @@ import csharp
 
 from UnboundGenericClass o, ConstructedClass i
 where
-  o.hasQualifiedName("NestedTypes.Outer<>") and
-  i.hasQualifiedName("NestedTypes.Outer<>+Inner<System.String>") and
+  o.hasQualifiedName("NestedTypes", "Outer<>") and
+  i.hasQualifiedName("NestedTypes", "Outer<>+Inner<System.String>") and
   i.getUnboundGeneric() = o.getANestedType() and
   i.getTypeArgument(0) instanceof StringType
 select o, i
diff --git a/csharp/ql/test/library-tests/properties/Properties10.ql b/csharp/ql/test/library-tests/properties/Properties10.ql
index 7f2fae74da5..b2f0ca08da2 100644
--- a/csharp/ql/test/library-tests/properties/Properties10.ql
+++ b/csharp/ql/test/library-tests/properties/Properties10.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Y") and
-  p.getDeclaringType().hasQualifiedName("Properties.A") and
+  p.getDeclaringType().hasQualifiedName("Properties", "A") and
   p.isReadWrite() and
   not p.isAutoImplemented() and
   p.isVirtual() and
diff --git a/csharp/ql/test/library-tests/properties/Properties11.ql b/csharp/ql/test/library-tests/properties/Properties11.ql
index ca1696d6152..10c25532a36 100644
--- a/csharp/ql/test/library-tests/properties/Properties11.ql
+++ b/csharp/ql/test/library-tests/properties/Properties11.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Y") and
-  p.getDeclaringType().hasQualifiedName("Properties.B") and
+  p.getDeclaringType().hasQualifiedName("Properties", "B") and
   p.isReadWrite() and // overrides a property that is readwrite
   not p.isAutoImplemented() and
   p.isOverride() and
diff --git a/csharp/ql/test/library-tests/properties/Properties12.ql b/csharp/ql/test/library-tests/properties/Properties12.ql
index a8334485efc..a23d9d1d87c 100644
--- a/csharp/ql/test/library-tests/properties/Properties12.ql
+++ b/csharp/ql/test/library-tests/properties/Properties12.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("X") and
-  p.getDeclaringType().hasQualifiedName("Properties.B") and
+  p.getDeclaringType().hasQualifiedName("Properties", "B") and
   p.isReadOnly() and
   not p.isAutoImplemented() and
   p.isOverride() and
diff --git a/csharp/ql/test/library-tests/properties/Properties13.ql b/csharp/ql/test/library-tests/properties/Properties13.ql
index f0bf658d1f9..97f6139ecb0 100644
--- a/csharp/ql/test/library-tests/properties/Properties13.ql
+++ b/csharp/ql/test/library-tests/properties/Properties13.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Z") and
-  p.getDeclaringType().hasQualifiedName("Properties.B") and
+  p.getDeclaringType().hasQualifiedName("Properties", "B") and
   p.isReadWrite() and
   not p.isAutoImplemented() and
   p.isOverride() and
diff --git a/csharp/ql/test/library-tests/properties/Properties14.ql b/csharp/ql/test/library-tests/properties/Properties14.ql
index c6c3568e1b8..226dc003f18 100644
--- a/csharp/ql/test/library-tests/properties/Properties14.ql
+++ b/csharp/ql/test/library-tests/properties/Properties14.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Count") and
-  p.getDeclaringType().hasQualifiedName("System.Collections.Generic.List<>") and
+  p.getDeclaringType().hasQualifiedName("System.Collections.Generic", "List<>") and
   not p.isAutoImplemented() and
   not p.isStatic() and
   p.isPublic() and
diff --git a/csharp/ql/test/library-tests/properties/Properties15.ql b/csharp/ql/test/library-tests/properties/Properties15.ql
index af729d49275..2f71f77aec7 100644
--- a/csharp/ql/test/library-tests/properties/Properties15.ql
+++ b/csharp/ql/test/library-tests/properties/Properties15.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Init") and
-  p.getDeclaringType().hasQualifiedName("Properties.Test") and
+  p.getDeclaringType().hasQualifiedName("Properties", "Test") and
   p.isWriteOnly() and
   not p.isAutoImplemented() and
   p.isStatic() and
diff --git a/csharp/ql/test/library-tests/properties/Properties16.ql b/csharp/ql/test/library-tests/properties/Properties16.ql
index 4ef2776d39f..5cf64128372 100644
--- a/csharp/ql/test/library-tests/properties/Properties16.ql
+++ b/csharp/ql/test/library-tests/properties/Properties16.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Init") and
-  p.getDeclaringType().hasQualifiedName("Properties.Test") and
+  p.getDeclaringType().hasQualifiedName("Properties", "Test") and
   p.getSetter().getNumberOfParameters() = 1 and
   p.getSetter().getParameter(0) instanceof ImplicitAccessorParameter
 select p, p.getSetter().getParameter(0)
diff --git a/csharp/ql/test/library-tests/properties/Properties4.ql b/csharp/ql/test/library-tests/properties/Properties4.ql
index 89a0b03f5b4..ad8055a45f4 100644
--- a/csharp/ql/test/library-tests/properties/Properties4.ql
+++ b/csharp/ql/test/library-tests/properties/Properties4.ql
@@ -10,6 +10,6 @@ where
   p.isReadOnly() and
   p.isPublic() and
   p.getGetter().hasBody() and
-  p.getDeclaringType().hasQualifiedName("Properties.Counter") and
+  p.getDeclaringType().hasQualifiedName("Properties", "Counter") and
   not exists(p.getSetter())
 select p, p.getGetter()
diff --git a/csharp/ql/test/library-tests/properties/Properties5.ql b/csharp/ql/test/library-tests/properties/Properties5.ql
index 7c86e26a5c4..0e5291ae236 100644
--- a/csharp/ql/test/library-tests/properties/Properties5.ql
+++ b/csharp/ql/test/library-tests/properties/Properties5.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("X") and
-  p.getDeclaringType().hasQualifiedName("Properties.Point") and
+  p.getDeclaringType().hasQualifiedName("Properties", "Point") and
   p.isReadWrite() and
   p.isPublic() and
   exists(p.getGetter()) and
diff --git a/csharp/ql/test/library-tests/properties/Properties6.ql b/csharp/ql/test/library-tests/properties/Properties6.ql
index 3e81cdc04e2..5ede824b59e 100644
--- a/csharp/ql/test/library-tests/properties/Properties6.ql
+++ b/csharp/ql/test/library-tests/properties/Properties6.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Y") and
-  p.getDeclaringType().hasQualifiedName("Properties.Point") and
+  p.getDeclaringType().hasQualifiedName("Properties", "Point") and
   p.isReadWrite() and
   p.isPublic() and
   p.isAutoImplemented()
diff --git a/csharp/ql/test/library-tests/properties/Properties7.ql b/csharp/ql/test/library-tests/properties/Properties7.ql
index 8ad1f8a37e3..f31c29d1ec8 100644
--- a/csharp/ql/test/library-tests/properties/Properties7.ql
+++ b/csharp/ql/test/library-tests/properties/Properties7.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("X") and
-  p.getDeclaringType().hasQualifiedName("Properties.ReadOnlyPoint") and
+  p.getDeclaringType().hasQualifiedName("Properties", "ReadOnlyPoint") and
   p.isReadWrite() and
   p.isPublic() and
   p.isAutoImplemented() and
diff --git a/csharp/ql/test/library-tests/properties/Properties8.ql b/csharp/ql/test/library-tests/properties/Properties8.ql
index eeb6bd41dc2..4033ea92484 100644
--- a/csharp/ql/test/library-tests/properties/Properties8.ql
+++ b/csharp/ql/test/library-tests/properties/Properties8.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("X") and
-  p.getDeclaringType().hasQualifiedName("Properties.A") and
+  p.getDeclaringType().hasQualifiedName("Properties", "A") and
   p.isReadOnly() and
   p.isVirtual()
 select p
diff --git a/csharp/ql/test/library-tests/properties/Properties9.ql b/csharp/ql/test/library-tests/properties/Properties9.ql
index 5b22b9d5394..e55ffafa131 100644
--- a/csharp/ql/test/library-tests/properties/Properties9.ql
+++ b/csharp/ql/test/library-tests/properties/Properties9.ql
@@ -7,7 +7,7 @@ import csharp
 from Property p
 where
   p.hasName("Z") and
-  p.getDeclaringType().hasQualifiedName("Properties.A") and
+  p.getDeclaringType().hasQualifiedName("Properties", "A") and
   p.isReadWrite() and
   not p.isAutoImplemented() and
   p.isAbstract() and
diff --git a/csharp/ql/test/library-tests/types/Types17.ql b/csharp/ql/test/library-tests/types/Types17.ql
index 80c0b783a53..c73a26c7b26 100644
--- a/csharp/ql/test/library-tests/types/Types17.ql
+++ b/csharp/ql/test/library-tests/types/Types17.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from Enum e
-where e.getQualifiedName() = "Types.Enum"
+where e.hasQualifiedName("Types", "Enum")
 select e
diff --git a/csharp/ql/test/library-tests/types/Types18.ql b/csharp/ql/test/library-tests/types/Types18.ql
index 3d15ac88d27..34b11bb0bfb 100644
--- a/csharp/ql/test/library-tests/types/Types18.ql
+++ b/csharp/ql/test/library-tests/types/Types18.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from Struct s
-where s.getQualifiedName() = "Types.Struct"
+where s.hasQualifiedName("Types", "Struct")
 select s
diff --git a/csharp/ql/test/library-tests/types/Types19.ql b/csharp/ql/test/library-tests/types/Types19.ql
index e0352d8b547..27f7f02f0c1 100644
--- a/csharp/ql/test/library-tests/types/Types19.ql
+++ b/csharp/ql/test/library-tests/types/Types19.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from Class c
-where c.getQualifiedName() = "Types.Class"
+where c.hasQualifiedName("Types", "Class")
 select c
diff --git a/csharp/ql/test/library-tests/types/Types20.ql b/csharp/ql/test/library-tests/types/Types20.ql
index a7bc8e81474..ae9c38c8d08 100644
--- a/csharp/ql/test/library-tests/types/Types20.ql
+++ b/csharp/ql/test/library-tests/types/Types20.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from Interface i
-where i.getQualifiedName() = "Types.Interface"
+where i.hasQualifiedName("Types", "Interface")
 select i
diff --git a/csharp/ql/test/library-tests/types/Types21.ql b/csharp/ql/test/library-tests/types/Types21.ql
index b111f959d20..2e5f54991f6 100644
--- a/csharp/ql/test/library-tests/types/Types21.ql
+++ b/csharp/ql/test/library-tests/types/Types21.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from UnboundGenericClass c
-where c.getQualifiedName() = "Types.GenericClass<>"
+where c.hasQualifiedName("Types", "GenericClass<>")
 select c
diff --git a/csharp/ql/test/library-tests/types/Types22.ql b/csharp/ql/test/library-tests/types/Types22.ql
index b539167d66a..059831abf21 100644
--- a/csharp/ql/test/library-tests/types/Types22.ql
+++ b/csharp/ql/test/library-tests/types/Types22.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from UnboundGenericInterface c
-where c.getQualifiedName() = "Types.GenericInterface<>"
+where c.hasQualifiedName("Types", "GenericInterface<>")
 select c
diff --git a/csharp/ql/test/library-tests/types/Types23.ql b/csharp/ql/test/library-tests/types/Types23.ql
index 05a214086ab..229f86eb584 100644
--- a/csharp/ql/test/library-tests/types/Types23.ql
+++ b/csharp/ql/test/library-tests/types/Types23.ql
@@ -6,5 +6,5 @@
 import csharp
 
 from UnboundGenericStruct c
-where c.getQualifiedName() = "Types.GenericStruct<>"
+where c.hasQualifiedName("Types", "GenericStruct<>")
 select c
diff --git a/csharp/ql/test/library-tests/types/Types30.ql b/csharp/ql/test/library-tests/types/Types30.ql
index 1d00aa27e10..b79a8d47344 100644
--- a/csharp/ql/test/library-tests/types/Types30.ql
+++ b/csharp/ql/test/library-tests/types/Types30.ql
@@ -7,7 +7,7 @@ import csharp
 
 from UnboundGenericClass c, TypeParameter p1, TypeParameter p2
 where
-  c.getQualifiedName() = "Types.Map<,>" and
+  c.hasQualifiedName("Types", "Map<,>") and
   c.getTypeParameter(0) = p1 and
   c.getTypeParameter(1) = p2 and
   p1.getName() = "U" and
diff --git a/csharp/ql/test/library-tests/types/Types31.ql b/csharp/ql/test/library-tests/types/Types31.ql
index 204123bb779..07b68b63d2a 100644
--- a/csharp/ql/test/library-tests/types/Types31.ql
+++ b/csharp/ql/test/library-tests/types/Types31.ql
@@ -11,6 +11,6 @@ where
   m.getReturnType() = t and
   t.getTypeArgument(0) = arg1 and
   t.getTypeArgument(1) = arg2 and
-  arg1.getQualifiedName() = "System.String" and
-  arg2.getQualifiedName() = "Types.Class"
+  arg1.hasQualifiedName("System", "String") and
+  arg2.hasQualifiedName("Types", "Class")
 select t, arg1.toString(), arg2
diff --git a/csharp/ql/test/library-tests/types/Types34.ql b/csharp/ql/test/library-tests/types/Types34.ql
index 12e2dc0920b..36aa7eba142 100644
--- a/csharp/ql/test/library-tests/types/Types34.ql
+++ b/csharp/ql/test/library-tests/types/Types34.ql
@@ -7,5 +7,5 @@ where
   t1.getDimension() = 2 and
   t1.getElementType() = t2 and
   t2.getDimension() = 1 and
-  t2.getElementType().(Class).getQualifiedName() = "Types.Class"
+  t2.getElementType().(Class).hasQualifiedName("Types", "Class")
 select t1, t2
diff --git a/csharp/ql/test/library-tests/types/Types35.ql b/csharp/ql/test/library-tests/types/Types35.ql
index 3f55fcd8197..40a6808f7a5 100644
--- a/csharp/ql/test/library-tests/types/Types35.ql
+++ b/csharp/ql/test/library-tests/types/Types35.ql
@@ -10,5 +10,5 @@ where
   m.getName() = "NullableType" and
   m.getReturnType() = t1 and
   t1.getUnderlyingType() = t2 and
-  t2.getQualifiedName() = "Types.Struct"
+  t2.hasQualifiedName("Types", "Struct")
 select t1
diff --git a/csharp/ql/test/library-tests/types/Types36.ql b/csharp/ql/test/library-tests/types/Types36.ql
index cf9c897996b..a201312b805 100644
--- a/csharp/ql/test/library-tests/types/Types36.ql
+++ b/csharp/ql/test/library-tests/types/Types36.ql
@@ -1,5 +1,5 @@
 import csharp
 
 from Interface i
-where i.hasQualifiedName("System.Collections.IEnumerable")
-select i.getQualifiedName()
+where i.hasQualifiedName("System.Collections", "IEnumerable")
+select "System.Collections.IEnumerable"
diff --git a/csharp/ql/test/qlpack.yml b/csharp/ql/test/qlpack.yml
index 3e526fe5800..b0ce8ef1920 100644
--- a/csharp/ql/test/qlpack.yml
+++ b/csharp/ql/test/qlpack.yml
@@ -4,6 +4,4 @@ dependencies:
   codeql/csharp-all: ${workspace}
   codeql/csharp-queries: ${workspace}
 extractor: csharp
-dataExtensions:
-  - library-tests/dataflow/external-models/ext/*.model.yml
 tests: .
diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected
index 17a51125c4c..397d77531b2 100644
--- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected	
+++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected	
@@ -19,6 +19,10 @@
 | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. |
 | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. |
 | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. |
+| ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. |
+| ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. |
+| ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. |
+| ConstantIsNullOrEmpty.cs:54:21:54:45 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. |
 | ConstantNullCoalescingLeftHandOperand.cs:11:24:11:34 | access to constant NULL_OBJECT | Expression is never 'null'. |
 | ConstantNullCoalescingLeftHandOperand.cs:12:24:12:27 | null | Expression is always 'null'. |
 | ConstantWhileCondition.cs:12:20:12:32 | ... == ... | Condition always evaluates to 'true'. |
diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs
new file mode 100644
index 00000000000..5cad2e818ab
--- /dev/null
+++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs	
@@ -0,0 +1,60 @@
+using System.Threading.Tasks;
+
+namespace ConstantIsNullOrEmpty
+{
+    internal class Program
+    {
+        static void Main(string[] args)
+        {
+            {
+                if (string.IsNullOrEmpty(nameof(args))) // bad: always false
+                {
+                }
+
+                string? x = null;
+                if (string.IsNullOrEmpty(x)) // would be nice... bad: always true
+                {
+                }
+
+                string y = "";
+                if (string.IsNullOrEmpty(y)) // would be nice... bad: always true
+                {
+                }
+
+                if (args[1] != null)
+                    y = "b";
+                if (string.IsNullOrEmpty(y)) // good: non-constant
+                {
+                }
+
+                string z = " ";
+                if (string.IsNullOrEmpty(z)) // would be nice... bad: always false
+                {
+                }
+
+                string a = "a";
+                if (string.IsNullOrEmpty(a)) // would be nice... bad: always false
+                {
+                }
+
+                if (args[1] != null)
+                    a = "";
+                if (string.IsNullOrEmpty(a)) // good: non-constant
+                {
+                }
+
+                if (string.IsNullOrEmpty(null)) // bad: always true
+                {
+                }
+
+                if (string.IsNullOrEmpty("")) // bad: always true
+                {
+                }
+
+                if (string.IsNullOrEmpty(" ")) // bad: always false
+                {
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected
index 2f3c3bbb4a6..396d766c3e6 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected	
@@ -1 +1,11 @@
-| Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString | user-provided value |
+edges
+| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String |
+| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName |
+| Test.cs:7:26:7:63 | access to indexer : String | Test.cs:10:36:10:46 | access to local variable libraryName |
+nodes
+| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
+| Test.cs:7:26:7:63 | access to indexer : String | semmle.label | access to indexer : String |
+| Test.cs:10:36:10:46 | access to local variable libraryName | semmle.label | access to local variable libraryName |
+subpaths
+#select
+| Test.cs:10:36:10:46 | access to local variable libraryName | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | user-provided value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected
index 7c3a2a7339c..10cb82ff67e 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected	
@@ -1,7 +1,40 @@
-| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
-| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |
+edges
+| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d |
+| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password |
+| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key |
+| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key |
+nodes
+| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | semmle.label | array creation of type Byte[] : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | semmle.label | "Hello, world: here is a very bad way to create a key" : String |
+| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | semmle.label | access to local variable d |
+| HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | semmle.label | access to local variable d : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | semmle.label | access to local variable c : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | semmle.label | access to local variable byteArrayFromString : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | semmle.label | access to local variable c : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | semmle.label | password : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | semmle.label | access to parameter password |
+| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | semmle.label | key : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | semmle.label | access to parameter key |
+| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | semmle.label | key : Byte[] |
+| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | semmle.label | access to parameter key |
+subpaths
+#select
+| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
+| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |
diff --git a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.expected b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.expected
index e64b827f137..7b5c4c57661 100644
--- a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.expected
+++ b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.expected
@@ -1,2 +1,2 @@
-| System.Private.CoreLib.dll#System | 5 |
-| System.Private.CoreLib.dll#System.Collections.Generic | 2 |
+| System | 5 |
+| System.Collections.Generic | 2 |
diff --git a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.expected b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.expected
index e9be925c286..b386e4acb38 100644
--- a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.expected
+++ b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.expected
@@ -1 +1 @@
-| System.Private.CoreLib.dll#System.Collections.Generic#List<>.Add(T) | 2 |
+| System.Collections.Generic#List<>.Add(T) | 2 |
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.cs b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.cs
new file mode 100644
index 00000000000..6231ff6f61c
--- /dev/null
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.cs
@@ -0,0 +1,48 @@
+using System;
+using System.Collections.Generic;
+using System.Web;
+
+public class SupportedExternalApis
+{
+    public void M1()
+    {
+        var l = new List<object>(); // Uninteresting parameterless constructor
+        var o = new object(); // Uninteresting parameterless constructor
+        l.Add(o); // Has flow summary
+        l.Add(o); // Has flow summary
+    }
+
+    public void M2()
+    {
+        var d0 = new DateTime(); // Uninteresting parameterless constructor
+        var next0 = d0.AddYears(30); // Has no flow summary, supported as negative summary
+
+        var d1 = new DateTime(2000, 1, 1); // Interesting constructor, supported as negative summary
+        var next1 = next0.AddDays(3); // Has no flow summary, supported as negative summary
+        var next2 = next1.AddYears(5); // Has no flow summary, supported as negative summary
+    }
+
+    public void M3()
+    {
+        var guid1 = Guid.Parse("{12345678-1234-1234-1234-123456789012}"); // Has no flow summary, supported as negative summary
+    }
+
+     public void M4()
+    {
+        var o = new object(); // Uninteresting parameterless constructor
+        var response = new HttpResponse(); // Uninteresting parameterless constructor
+        response.AddHeader("header", "value"); // Unsupported
+        response.AppendHeader("header", "value"); // Unsupported
+        response.Write(o); // Known sink
+        response.WriteFile("filename"); // Known sink
+        response.Write(o); // Known sink
+    }
+
+     public void M5()
+    {
+        var l1 = Console.ReadLine(); // Known source
+        var l2 = Console.ReadLine(); // Known source
+        Console.SetError(Console.Out); // Has no flow summary, supported as negative summary
+        var x = Console.Read(); // Known source
+    }
+}
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected
new file mode 100644
index 00000000000..f8b6feafb92
--- /dev/null
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected
@@ -0,0 +1,11 @@
+| System#Console.ReadLine() | 2 |
+| System#DateTime.AddYears(System.Int32) | 2 |
+| System.Collections.Generic#List<>.Add(T) | 2 |
+| System.Web#HttpResponse.Write(System.Object) | 2 |
+| System#Console.Read() | 1 |
+| System#Console.SetError(System.IO.TextWriter) | 1 |
+| System#Console.get_Out() | 1 |
+| System#DateTime.AddDays(System.Double) | 1 |
+| System#DateTime.DateTime(System.Int32,System.Int32,System.Int32) | 1 |
+| System#Guid.Parse(System.String) | 1 |
+| System.Web#HttpResponse.WriteFile(System.String) | 1 |
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref
new file mode 100644
index 00000000000..2e12499cf62
--- /dev/null
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref
@@ -0,0 +1 @@
+Telemetry/SupportedExternalApis.ql
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/options b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/options
new file mode 100644
index 00000000000..9bbedebd7a2
--- /dev/null
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/options
@@ -0,0 +1,2 @@
+semmle-extractor-options: /r:System.Collections.Specialized.dll
+semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected
index b85e33ddae7..b3acebc02e0 100644
--- a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected
@@ -1,2 +1,2 @@
-| System.Web.cs#System.Web#HttpResponse.Write(System.Object) | 2 |
-| System.Web.cs#System.Web#HttpResponse.WriteFile(System.String) | 1 |
+| System.Web#HttpResponse.Write(System.Object) | 2 |
+| System.Web#HttpResponse.WriteFile(System.String) | 1 |
diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.expected b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.expected
index 0f125b04b94..93c23f159a6 100644
--- a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.expected
+++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.expected
@@ -1,2 +1,2 @@
-| System.Console.dll#System#Console.ReadLine() | 2 |
-| System.Console.dll#System#Console.Read() | 1 |
+| System#Console.ReadLine() | 2 |
+| System#Console.Read() | 1 |
diff --git a/csharp/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref b/csharp/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref
deleted file mode 100644
index c24d124c0b2..00000000000
--- a/csharp/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref
+++ /dev/null
@@ -1 +0,0 @@
-utils/model-generator/CaptureNegativeSummaryModels.ql
\ No newline at end of file
diff --git a/csharp/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.expected b/csharp/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.expected
similarity index 100%
rename from csharp/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.expected
rename to csharp/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.expected
diff --git a/csharp/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref b/csharp/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref
new file mode 100644
index 00000000000..cb6ef7faa65
--- /dev/null
+++ b/csharp/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref
@@ -0,0 +1 @@
+utils/model-generator/CaptureNeutralModels.ql
\ No newline at end of file
diff --git a/csharp/ql/test/utils/model-generator/dataflow/NoSummaries.cs b/csharp/ql/test/utils/model-generator/dataflow/NoSummaries.cs
index 112857f504e..b2c21b57917 100644
--- a/csharp/ql/test/utils/model-generator/dataflow/NoSummaries.cs
+++ b/csharp/ql/test/utils/model-generator/dataflow/NoSummaries.cs
@@ -131,4 +131,15 @@ public class CollectionFlow
     {
         return a;
     }
-}
\ No newline at end of file
+}
+
+// A neutral model should not be created for a parameterless constructor.
+public class ParameterlessConstructor
+{
+    public bool IsInitialized;
+
+    public ParameterlessConstructor()
+    {
+        IsInitialized = true;
+    }
+}
diff --git a/csharp/scripts/create-extractor-pack.sh b/csharp/scripts/create-extractor-pack.sh
new file mode 100755
index 00000000000..dbbe8219a02
--- /dev/null
+++ b/csharp/scripts/create-extractor-pack.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -eux
+
+if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+  platform="linux64"
+  dotnet_platform="linux-x64"
+elif [[ "$OSTYPE" == "darwin"* ]]; then
+  platform="osx64"
+  dotnet_platform="osx-x64"
+else
+  echo "Unknown OS"
+  exit 1
+fi
+
+rm -rf extractor-pack
+mkdir -p extractor-pack
+mkdir -p extractor-pack/tools/${platform}
+
+function dotnet_publish {
+  dotnet publish --self-contained --configuration Release --runtime ${dotnet_platform} -p:RuntimeFrameworkVersion=6.0.4 $1 --output extractor-pack/tools/${platform}
+}
+
+dotnet_publish extractor/Semmle.Extraction.CSharp.Standalone
+dotnet_publish extractor/Semmle.Extraction.CSharp.Driver
+dotnet_publish autobuilder/Semmle.Autobuild.CSharp
+
+cp -r codeql-extractor.yml tools/* downgrades tools ql/lib/semmlecode.csharp.dbscheme ql/lib/semmlecode.csharp.dbscheme.stats extractor-pack/
diff --git a/docs/codeql/README.rst b/docs/codeql/README.rst
index d27fe2189d2..a07d15c27e1 100644
--- a/docs/codeql/README.rst
+++ b/docs/codeql/README.rst
@@ -42,9 +42,10 @@ For more information, see
 Building and previewing the CodeQL documentation
 ************************************************
 
-To build and preview the documentation and training presentations locally, you need to 
-install Sphinx 1.7.9. More recent versions of Sphinx do not work with hieroglyph, 
-the Sphinx extension that we use to generate HTML slides, as explained below. 
+To build and preview the documentation and training presentations locally, you need to
+install Sphinx 1.7.9 using Python 2 (for example: `pip install sphinx==1.7.9`).
+More recent versions of Sphinx do not work with hieroglyph,
+the Sphinx extension that we use to generate HTML slides, as explained below.
 For installation options, see https://github.com/sphinx-doc/sphinx.
 
 
diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
index 72fb979c563..bc9924b740a 100644
--- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
+++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
@@ -312,7 +312,7 @@ For more information, see "`Using CodeQL query packs in the CodeQL action <https
 Including query help for custom CodeQL queries in SARIF files
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you use the CodeQL CLI to to run code scanning analyses on third party CI/CD systems,
+If you use the CodeQL CLI to run code scanning analyses on third party CI/CD systems,
 you can include the query help for your custom queries in SARIF files generated during an analysis.
 After uploading the SARIF file to GitHub, the query help is shown in the code scanning UI for any
 alerts generated by the custom queries.
diff --git a/docs/codeql/codeql-cli/creating-codeql-databases.rst b/docs/codeql/codeql-cli/creating-codeql-databases.rst
index b305c6e1cb6..326f260fc70 100644
--- a/docs/codeql/codeql-cli/creating-codeql-databases.rst
+++ b/docs/codeql/codeql-cli/creating-codeql-databases.rst
@@ -168,7 +168,9 @@ generate a database, therefore the build method must be available to the CLI.
 Detecting the build system
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The CodeQL CLI includes autobuilders for C/C++, C#, Go, and Java code. CodeQL
+.. include:: ../reusables/kotlin-beta-note.rst
+
+The CodeQL CLI includes autobuilders for C/C++, C#, Go, Java and Kotlin code. CodeQL
 autobuilders allow you to build projects for compiled languages without
 specifying any build commands. When an autobuilder is invoked, CodeQL examines
 the source for evidence of a build system and attempts to run the optimal set of
diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
index a13832239dc..65cf1ef78ef 100644
--- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
@@ -30,7 +30,7 @@ You can then use the CodeQL CLI to publish your pack to share with others. For m
 Viewing CodeQL packs and their dependencies in Visual Studio Code
 -----------------------------------------------------------------
 To download a CodeQL pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette.
-You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java, enter ``codeql/java-queries``.
+You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java or Kotlin, enter ``codeql/java-queries``.
 
 Whether you have downloaded a CodeQL pack or created your own, you can open the ``qlpack.yml`` file in the root of a CodeQL pack directory in Visual Studio Code and view the dependencies section to see what libraries the pack depends on.
 
diff --git a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst
index 83bce3652b9..7d41785ea89 100644
--- a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst
+++ b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst
@@ -7,6 +7,10 @@ CodeQL has a large selection of classes for representing the abstract syntax tre
 
 .. include:: ../reusables/abstract-syntax-tree.rst
 
+.. include:: ../reusables/kotlin-beta-note.rst
+
+.. include:: ../reusables/kotlin-java-differences.rst
+
 Statement classes
 -----------------
 
diff --git a/docs/codeql/codeql-language-guides/analyzing-control-flow-in-python.rst b/docs/codeql/codeql-language-guides/analyzing-control-flow-in-python.rst
index 15f6a96596d..c37b721cc87 100644
--- a/docs/codeql/codeql-language-guides/analyzing-control-flow-in-python.rst
+++ b/docs/codeql/codeql-language-guides/analyzing-control-flow-in-python.rst
@@ -47,7 +47,7 @@ Example finding unreachable AST nodes
    where not exists(node.getAFlowNode())
    select node
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/669220024/>`__. The demo projects on LGTM.com all have some code that has no control flow node, and is therefore unreachable. However, since the ``Module`` class is also a subclass of the ``AstNode`` class, the query also finds any modules implemented in C or with no source code. Therefore, it is better to find all unreachable statements.
+Many codebases have some code that has no control flow node, and is therefore unreachable. However, since the ``Module`` class is also a subclass of the ``AstNode`` class, the query also finds any modules implemented in C or with no source code. Therefore, it is better to find all unreachable statements.
 
 Example finding unreachable statements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -60,7 +60,7 @@ Example finding unreachable statements
    where not exists(s.getAFlowNode())
    select s
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/670720181/>`__. This query gives fewer results, but most of the projects have some unreachable nodes. These are also highlighted by the standard "Unreachable code" query. For more information, see `Unreachable code <https://lgtm.com/rules/3980095>`__ on LGTM.com.
+This query should give fewer results. You can also find unreachable code using the standard "Unreachable code" query. For more information, see `Unreachable code <https://codeql.github.com/codeql-query-help/python/py-unreachable-statement/>`__.
 
 The ``BasicBlock`` class
 ------------------------
@@ -114,7 +114,7 @@ Example finding mutually exclusive blocks within the same function
    )
    select b1, b2
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/671000028/>`__. This typically gives a very large number of results, because it is a common occurrence in normal control flow. It is, however, an example of the sort of control-flow analysis that is possible. Control-flow analyses such as this are an important aid to data flow analysis. For more information, see ":doc:`Analyzing data flow in Python <analyzing-data-flow-in-python>`."
+This typically gives a very large number of results, because it is a common occurrence in normal control flow. It is, however, an example of the sort of control-flow analysis that is possible. Control-flow analyses such as this are an important aid to data flow analysis. For more information, see ":doc:`Analyzing data flow in Python <analyzing-data-flow-in-python>`."
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
index 75309842ad5..2eccdf5e103 100644
--- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
+++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
@@ -5,6 +5,10 @@ Analyzing data flow in Java
 
 You can use CodeQL to track the flow of data through a Java program to its use. 
 
+.. include:: ../reusables/kotlin-beta-note.rst
+
+.. include:: ../reusables/kotlin-java-differences.rst
+
 About this article
 ------------------
 
diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
index f5128e5eafd..2ad5fc925f0 100644
--- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
+++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
@@ -97,11 +97,9 @@ Python has builtin functionality for reading and writing files, such as the func
       call = API::moduleImport("os").getMember("open").getACall()
     select call.getArg(0)
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8635258505893505141/>`__. Two of the demo projects make use of this low-level API.
-
 Notice the use of the ``API`` module for referring to library functions. For more information, see ":doc:`Using API graphs in Python <using-api-graphs-in-python>`."
 
-Unfortunately this will only give the expression in the argument, not the values which could be passed to it. So we use local data flow to find all expressions that flow into the argument:
+Unfortunately this query will only give the expression in the argument, not the values which could be passed to it. So we use local data flow to find all expressions that flow into the argument:
 
 .. code-block:: ql
 
@@ -115,9 +113,7 @@ Unfortunately this will only give the expression in the argument, not the values
       DataFlow::localFlow(expr, call.getArg(0))
     select call, expr
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8213643003890447109/>`__. Many expressions flow to the same call.
-
-We see that we get several data-flow nodes for an expression as it flows towards a call (notice repeated locations in the ``call`` column). We are mostly interested in the "first" of these, what might be called the local source for the file name. To restrict attention to such local sources, and to simultaneously make the analysis more performant, we have the QL class ``LocalSourceNode``. We could demand that ``expr`` is such a node:
+Typically, you will see several data-flow nodes for an expression as it flows towards a call (notice repeated locations in the ``call`` column). We are mostly interested in the "first" of these, what might be called the local source for the file name. To restrict attention to such local sources, and to simultaneously make the analysis more performant, we have the QL class ``LocalSourceNode``. We could demand that ``expr`` is such a node:
 
 .. code-block:: ql
 
@@ -160,9 +156,9 @@ As an alternative, we can ask more directly that ``expr`` is a local source of t
       expr = call.getArg(0).getALocalSource()
     select call, expr
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6602079735954016687/>`__. All these three queries give identical results. We now mostly have one expression per call.
+These three queries all give identical results. We now mostly have one expression per call.
 
-We still have some cases of more than one expression flowing to a call, but then they flow through different code paths (possibly due to control-flow splitting, as in the second case).
+We still have some cases of more than one expression flowing to a call, but then they flow through different code paths (possibly due to control-flow splitting).
 
 We might want to make the source more specific, for example a parameter to a function or method. This query finds instances where a parameter is used as the name when opening a file:
 
@@ -178,7 +174,7 @@ We might want to make the source more specific, for example a parameter to a fun
       DataFlow::localFlow(p, call.getArg(0))
     select call, p
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/3998032643497238063/>`__. Very few results now; these could feasibly be inspected manually.
+For most codebases, this will return only a few results and these could be inspected manually.
 
 Using the exact name supplied via the parameter may be too strict. If we want to know if the parameter influences the file name, we can use taint tracking instead of data flow. This query finds calls to ``os.open`` where the filename is derived from a parameter:
 
@@ -194,7 +190,7 @@ Using the exact name supplied via the parameter may be too strict. If we want to
       TaintTracking::localTaint(p, call.getArg(0))
     select call, p
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/2129957933670836953/>`__. Now we get more results and in more projects.
+Typically, this finds more results.
 
 Global data flow
 ----------------
@@ -369,8 +365,6 @@ This data flow configuration tracks data flow from environment variables to open
     select fileOpen, "This call to 'os.open' uses data from $@.",
       environment, "call to 'os.getenv'"
 
-➤ `Running this in the query console on LGTM.com <https://lgtm.com/query/6582374907796191895/>`__ unsurprisingly yields no results in the demo projects.
-
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/annotations-in-java.rst b/docs/codeql/codeql-language-guides/annotations-in-java.rst
index 3439fb6ff0e..38f30e238f0 100644
--- a/docs/codeql/codeql-language-guides/annotations-in-java.rst
+++ b/docs/codeql/codeql-language-guides/annotations-in-java.rst
@@ -51,7 +51,7 @@ We could then write this query to find all ``@SuppressWarnings`` annotations att
        anntp.hasQualifiedName("java.lang", "SuppressWarnings")
    select ann, ann.getValue("value")
 
-➤ `See the full query in the query console on LGTM.com <https://lgtm.com/query/1775658606775222283/>`__. Several of the LGTM.com demo projects use the ``@SuppressWarnings`` annotation. Looking at the ``value``\ s of the annotation element returned by the query, we can see that the *apache/activemq* project uses the ``"rawtypes"`` value described above.
+If the codebase you are analyzing uses the ``@SuppressWarnings`` annotation, you can check the ``value``\ s of the annotation element returned by the query. They should use the ``"rawtypes"`` value described above.
 
 As another example, this query finds all annotation types that only have a single annotation element, which has name ``value``:
 
@@ -66,8 +66,6 @@ As another example, this query finds all annotation types that only have a singl
    )
    select anntp
 
-➤ `See the full query in the query console on LGTM.com <https://lgtm.com/query/2145264152490258283/>`__.
-
 Example: Finding missing ``@Override`` annotations
 --------------------------------------------------
 
@@ -124,7 +122,7 @@ This makes it very easy to write our query for finding methods that override ano
        not overriding.getAnAnnotation() instanceof OverrideAnnotation
    select overriding, "Method overrides another method, but does not have an @Override annotation."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7419756266089837339/>`__. In practice, this query may yield many results from compiled library code, which aren't very interesting. It's therefore a good idea to add another conjunct ``overriding.fromSource()`` to restrict the result to only report methods for which source code is available.
+In practice, this query may yield many results from compiled library code, which aren't very interesting. It's therefore a good idea to add another conjunct ``overriding.fromSource()`` to restrict the result to only report methods for which source code is available.
 
 Example: Finding calls to deprecated methods
 --------------------------------------------
@@ -237,7 +235,7 @@ Now we can extend our query to filter out calls in methods carrying a ``Suppress
        and not call.getCaller().getAnAnnotation() instanceof SuppressDeprecationWarningAnnotation
    select call, "This call invokes a deprecated method."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8706367340403790260/>`__. It's fairly common for projects to contain calls to methods that appear to be deprecated.
+It's fairly common for projects to contain calls to methods that appear to be deprecated.
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-cpp-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-cpp-code.rst
index 91cbab4cd07..47a762b4d3e 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-cpp-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-cpp-code.rst
@@ -3,7 +3,9 @@
 Basic query for C and C++ code
 ==============================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -14,62 +16,33 @@ The query we're going to run performs a basic search of the code for ``if`` stat
 
    if (error) { }
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **C/C++** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import cpp``.
 
    .. code-block:: ql
 
-      import cpp
-
       from IfStmt ifstmt, BlockStmt block
       where ifstmt.getThen() = block and
         block.getNumStmt() = 0
       select ifstmt, "This 'if' statement is redundant."
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-cpp-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``ifstmt`` column to open the file and highlight the matching ``if`` statement.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-cpp-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/4242591143131494898/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``ifstmt`` column to view the ``if`` statement in the code viewer.
-
-   The matching ``if`` statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -120,7 +93,7 @@ In this case, identifying the ``if`` statement with the empty ``then`` branch as
 
 To exclude ``if`` statements that have an ``else`` branch:
 
-#. Extend the ``where`` clause to include the following extra condition:
+#. Edit your query and extend the ``where`` clause to include the following extra condition:
 
    .. code-block:: ql
 
@@ -134,14 +107,24 @@ To exclude ``if`` statements that have an ``else`` branch:
         block.getNumStmt() = 0 and
         not ifstmt.hasElse()
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results because ``if`` statements with an ``else`` branch are no longer reported.
 
-➤ `See this in the query console <https://lgtm.com/query/1899933116489579248/>`__
-
 Further reading
 ---------------
 
 .. include:: ../reusables/cpp-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: C/C++
+
+.. |language-code| replace:: ``cpp``
+
+.. |example-url| replace:: https://github.com/protocolbuffers/protobuf
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-cpp.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs.
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-csharp-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-csharp-code.rst
index f61edbac0f9..18c76ed4f52 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-csharp-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-csharp-code.rst
@@ -3,7 +3,9 @@
 Basic query for C# code
 =======================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -14,62 +16,33 @@ The query we're going to run performs a basic search of the code for ``if`` stat
 
    if (error) { }
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **C#** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import csharp``.
 
    .. code-block:: ql
 
-      import csharp
-
       from IfStmt ifstmt, BlockStmt block
       where ifstmt.getThen() = block and
         block.isEmpty()
       select ifstmt, "This 'if' statement is redundant."  
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+ .. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-csharp-query-results-1.png
+    :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``ifstmt`` column to open the file and highlight the matching ``if`` statement.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-csharp-query-results-2.png
+    :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/1214010107827821393/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``ifstmt`` column to view the ``if`` statement in the code viewer.
-
-   The matching ``if`` statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -139,14 +112,23 @@ To exclude ``if`` statements that have an ``else`` branch:
         block.isEmpty() and
         not exists(ifstmt.getElse())
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results because ``if`` statements with an ``else`` branch are no longer included.
 
-➤ `See this in the query console <https://lgtm.com/query/6233102733683510530/>`__
-
 Further reading
 ---------------
 
 .. include:: ../reusables/csharp-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+.. |language-text| replace:: C#
+
+.. |language-code| replace:: ``csharp``
+
+.. |example-url| replace:: https://github.com/PowerShell/PowerShell
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-csharp.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs.
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-go-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-go-code.rst
index 15ae9caee7d..0e23dc16922 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-go-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-go-code.rst
@@ -3,7 +3,9 @@
 Basic query for Go code
 =======================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -22,29 +24,17 @@ This is problematic because the receiver argument is passed by value, not by ref
 
 For further information on using methods on values or pointers in Go, see the `Go FAQ <https://golang.org/doc/faq#methods_on_values_or_pointers>`__.
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **Go** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import go``.
 
    .. code-block:: ql
 
-      import go
-
       from Method m, Variable recv, Write w, Field f
       where
         recv = m.getReceiver() and
@@ -52,34 +42,17 @@ Running the query
         not recv.getType() instanceof PointerType
       select w, "This update to " + f + " has no effect, because " + recv + " is not a pointer."
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-go-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``w`` column to open the file and highlight the matching location.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-go-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to ``w``, which is the location in the source code where the receiver ``recv`` is modified. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/6221190009056970603/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``w`` column to view it in the code viewer.
-
-   The matching ``w`` is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -140,14 +113,24 @@ To exclude these values:
         not recv.getType() instanceof PointerType and
         not exists(ReturnStmt ret | ret.getExpr() = recv.getARead().asExpr())
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results because value methods that return their receiver variable are no longer reported.
 
-➤ `See this in the query console <https://lgtm.com/query/9110448975027954322/>`__
-
 Further reading
 ---------------
 
 .. include:: ../reusables/go-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: Go
+
+.. |language-code| replace:: ``go``
+
+.. |example-url| replace:: https://github.com/go-gorm/gorm
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-go.png
+
+.. |result-col-1| replace:: The first column corresponds to ``w``, which is the location in the source code where the receiver ``recv`` is modified.
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-java-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-java-code.rst
index bc721ce9371..a7d783804b9 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-java-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-java-code.rst
@@ -1,100 +1,90 @@
 .. _basic-query-for-java-code:
 
-Basic query for Java code
-=========================
+Basic query for Java and Kotlin code
+====================================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
 
-The query we're going to run performs a basic search of the code for ``if`` statements that are redundant, in the sense that they have an empty then branch. For example, code such as:
+The query we're going to run searches for inefficient tests for empty strings. For example, Java code such as:
 
 .. code-block:: java
 
-   if (error) { }
+    public class TestJava {
+        void myJavaFun(String s) {
+            boolean b = s.equals("");
+        }
+    }
 
-Running the query
------------------
+or Kotlin code such as:
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+.. code-block:: kotlin
 
-#. Click the project in the search results.
+    void myKotlinFun(s: String) {
+        var b = s.equals("")
+    }
 
-#. Click **Query this project**.
+In either case, replacing ``s.equals("")`` with ``s.isEmpty()``
+would be more efficient.
 
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-   .. pull-quote::
+Running a quick query
+---------------------
 
-      Note
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **Java** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import java``.
 
    .. code-block:: ql
 
-      import java
+        from MethodAccess ma
+        where
+            ma.getMethod().hasName("equals") and
+            ma.getArgument(0).(StringLiteral).getValue() = ""
+        select ma, "This comparison to empty string is inefficient, use isEmpty() instead."
 
-      from IfStmt ifstmt, Block block
-      where ifstmt.getThen() = block and
-        block.getNumStmt() = 0
-      select ifstmt, "This 'if' statement is redundant." 
+   Note that CodeQL treats Java and Kotlin as part of the same language, so even though this query starts with ``import java``, it will work for both Java and Kotlin code.
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+ .. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``ma`` column to view the ``.equals`` expression in the code viewer.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/3235645104630320782/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``ifstmt`` column to view the ``if`` statement in the code viewer.
-
-   The matching ``if`` statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
 After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query.
 
-+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
-| Query part                                                    | Purpose                                                                                                           | Details                                                                                                                |
-+===============================================================+===================================================================================================================+========================================================================================================================+
-| ``import java``                                               | Imports the standard CodeQL libraries for Java.                                                                   | Every query begins with one or more ``import`` statements.                                                             |
-+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
-| ``from IfStmt ifstmt, Block block``                           | Defines the variables for the query.                                                                              | We use:                                                                                                                |
-|                                                               | Declarations are of the form:                                                                                     |                                                                                                                        |
-|                                                               | ``<type> <variable name>``                                                                                        | - an ``IfStmt`` variable for ``if`` statements                                                                         |
-|                                                               |                                                                                                                   | - a ``Block`` variable for the then block                                                                              |
-+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
-| ``where ifstmt.getThen() = block and block.getNumStmt() = 0`` | Defines a condition on the variables.                                                                             | ``ifstmt.getThen() = block`` relates the two variables. The block must be the ``then`` branch of the ``if`` statement. |
-|                                                               |                                                                                                                   |                                                                                                                        |
-|                                                               |                                                                                                                   | ``block.getNumStmt() = 0`` states that the block must be empty (that is, it contains no statements).                   |
-+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
-| ``select ifstmt, "This 'if' statement is redundant."``        | Defines what to report for each match.                                                                            | Reports the resulting ``if`` statement with a string that explains the problem.                                        |
-|                                                               |                                                                                                                   |                                                                                                                        |
-|                                                               | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: |                                                                                                                        |
-|                                                               | ``select <program element>, "<alert message>"``                                                                   |                                                                                                                        |
-+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
++--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
+| Query part                                                                                       | Purpose                                                                                                           | Details                                                                                           |
++==================================================================================================+===================================================================================================================+===================================================================================================+
+| ``import java``                                                                                  | Imports the standard CodeQL libraries for Java and Kotlin.                                                        | Every query begins with one or more ``import`` statements.                                        |
++--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
+| ``from MethodAccess ma``                                                                         | Defines the variables for the query.                                                                              | We use:                                                                                           |
+|                                                                                                  | Declarations are of the form:                                                                                     |                                                                                                   |
+|                                                                                                  | ``<type> <variable name>``                                                                                        | - a ``MethodAccess`` variable for call expressions                                                |
++--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
+| ``where ma.getMethod().hasName("equals") and ma.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables.                                                                             | ``ma.getMethod().hasName("equals")`` restricts ``ma`` to only calls to methods call ``equals``.   |
+|                                                                                                  |                                                                                                                   |                                                                                                   |
+|                                                                                                  |                                                                                                                   | ``ma.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``.   |
++--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
+| ``select ma, "This comparison to empty string is inefficient, use isEmpty() instead."``          | Defines what to report for each match.                                                                            | Reports the resulting ``.equals`` expression with a string that explains the problem.             |
+|                                                                                                  |                                                                                                                   |                                                                                                   |
+|                                                                                                  | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: |                                                                                                   |
+|                                                                                                  | ``select <program element>, "<alert message>"``                                                                   |                                                                                                   |
++--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
 
 Extend the query
 ----------------
@@ -104,44 +94,51 @@ Query writing is an inherently iterative process. You write a simple query and t
 Remove false positive results
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example:
+Browsing the results of our basic query shows that it could be improved. For example, you may find results for code like:
 
 .. code-block:: java
 
-   if (...) {
-     ...
-   } else if ("-verbose".equals(option)) {
-     // nothing to do - handled earlier
-   } else {
-     error("unrecognized option");
-   }
+    public class TestJava {
+        void myJavaFun(Object o) {
+            boolean b = o.equals("");
+        }
+    }
 
-In this case, identifying the ``if`` statement with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to ignore empty ``then`` branches if the ``if`` statement has an ``else`` branch.
-
-To exclude ``if`` statements that have an ``else`` branch:
+In this case, it is not possible to simply use ``o.isEmpty()`` instead, as ``o`` has type ``Object`` rather than ``String``. One solution to this is to modify the query to only return results where the expression being tested has type ``String``:
 
 #. Extend the where clause to include the following extra condition:
 
    .. code-block:: ql
 
-      and not exists(ifstmt.getElse())
+    ma.getQualifier().getType() instanceof TypeString
 
    The ``where`` clause is now:
 
    .. code-block:: ql
 
-      where ifstmt.getThen() = block and
-        block.getNumStmt() = 0 and
-        not exists(ifstmt.getElse())
+      where
+        ma.getQualifier().getType() instanceof TypeString and
+        ma.getMethod().hasName("equals") and
+        ma.getArgument(0).(StringLiteral).getValue() = ""
 
-#. Click **Run**.
+#. Re-run the query.
 
-   There are now fewer results because ``if`` statements with an ``else`` branch are no longer included.
-
-➤ `See this in the query console <https://lgtm.com/query/6382189874776576029/>`__
+   There are now fewer results because ``.equals`` expressions with different types are no longer included.
 
 Further reading
 ---------------
 
 .. include:: ../reusables/java-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: Java
+
+.. |language-code| replace:: ``java``
+
+.. |example-url| replace:: https://github.com/apache/activemq
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-java.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``ma`` and is linked to the location in the source code of the project where ``ma`` occurs.
\ No newline at end of file
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-javascript-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-javascript-code.rst
index 123336d699e..90cb3f77cfd 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-javascript-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-javascript-code.rst
@@ -3,7 +3,9 @@
 Basic query for JavaScript code
 ===============================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -12,62 +14,33 @@ In JavaScript, any expression can be turned into an expression statement. While
 
 The query you will run finds instances of this problem. The query searches for expressions ``e`` that are pure—that is, their evaluation does not lead to any side effects—but appear as an expression statement.
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **JavaScript** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import javascript``.
 
    .. code-block:: ql
 
-      import javascript
-
       from Expr e
       where e.isPure() and
         e.getParent() instanceof ExprStmt
       select e, "This expression has no effect."
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-js-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click one of the links in the ``e`` column to open the file and highlight the matching expression.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-js-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``e`` and is linked to the location in the source code of the project where ``e`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/5137013631828816943/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click one of the links in the ``e`` column to view the expression in the code viewer.
-
-   The matching statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -119,11 +92,14 @@ To remove directives from the results:
         e.getParent() instanceof ExprStmt and 
         not e.getParent() instanceof Directive
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results as ``use strict`` directives are no longer reported.
 
-The improved query finds several results on the example project including `this result <https://lgtm.com/projects/g/ajaxorg/ace/rev/ad50673d7137c09d1a5a6f0ef83633a149f9e3d1/files/lib/ace/keyboard/vim.js#L320>`__:
+The improved query finds several results on the example project including the result below:
+
+.. image:: ../images/codeql-for-visual-studio-code/basic-js-query-results-1.png
+   :align: center
 
 .. code-block:: javascript
 
@@ -136,3 +112,15 @@ Further reading
 
 .. include:: ../reusables/javascript-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: JavaScript/TypeScript
+
+.. |language-code| replace:: ``javascript``
+
+.. |example-url| replace:: https://github.com/ajaxorg/ace
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-js.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``e`` and is linked to the location in the source code of the project where ``e`` occurs.
\ No newline at end of file
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-python-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-python-code.rst
index f8424b00d4e..a6df8b453d9 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-python-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-python-code.rst
@@ -3,7 +3,9 @@
 Basic query for Python code
 ===========================
 
-Learn to write and run a simple CodeQL query using LGTM.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -14,62 +16,33 @@ The query we're going to run performs a basic search of the code for ``if`` stat
 
    if error: pass
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **Python** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete ``select ""`` and paste the following query beneath the import statement ``import python``.
 
    .. code-block:: ql
 
-      import python
-
       from If ifstmt, Stmt pass
       where pass = ifstmt.getStmt(0) and
         pass instanceof Pass
       select ifstmt, "This 'if' statement is redundant."
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-python-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``ifstmt`` column to open the file and highlight the matching ``if`` statement.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-python-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/3592297537117272922/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``ifstmt`` column to view the ``if`` statement in the code viewer.
-
-   The matching ``if`` statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -133,14 +106,24 @@ To exclude ``if`` statements that have an ``else`` branch:
         pass instanceof Pass and
         not exists(ifstmt.getOrelse())
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results because ``if`` statements with an ``else`` branch are no longer included.
 
-➤ `See this in the query console <https://lgtm.com/query/3424727946018612474/>`__
-
 Further reading
 ---------------
 
 .. include:: ../reusables/python-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: Python
+
+.. |language-code| replace:: ``python``
+
+.. |example-url| replace:: https://github.com/saltstack/salt
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-python.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs.
\ No newline at end of file
diff --git a/docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst
index 4acc85e6a85..a74fe802ef2 100644
--- a/docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst
+++ b/docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst
@@ -3,7 +3,9 @@
 Basic query for Ruby code
 =========================
 
-Learn to write and run a simple CodeQL query.
+Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
+
+.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
 
 About the query
 ---------------
@@ -15,24 +17,14 @@ The query we're going to run performs a basic search of the code for ``if`` expr
    if error
      # Handle the error
 
-Running the query
------------------
+.. include:: ../reusables/vs-code-basic-instructions/find-database.rst
 
-#. In the main search box on LGTM.com, search for the project you want to query. For tips, see `Searching <https://lgtm.com/help/lgtm/searching>`__.
+Running a quick query
+---------------------
 
-#. Click the project in the search results.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst
 
-#. Click **Query this project**.
-
-   This opens the query console. (For information about using this, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.)
-
-   .. pull-quote::
-
-      Note
-
-      Alternatively, you can go straight to the query console by clicking **Query console** (at the top of any page), selecting **Ruby** from the **Language** drop-down list, then choosing one or more projects to query from those displayed in the **Project** drop-down list.
-
-#. Copy the following query into the text box in the query console:
+#. In the quick query tab, delete the content and paste in the following query.
 
    .. code-block:: ql
 
@@ -40,37 +32,20 @@ Running the query
 
       from IfExpr ifexpr
       where
-        not exists(ifexpr.getThen())
+      not exists(ifexpr.getThen())
       select ifexpr, "This 'if' expression is redundant."
 
-   LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
+.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst
 
-#. Click **Run**.
+.. image:: ../images/codeql-for-visual-studio-code/basic-ruby-query-results-1.png
+   :align: center
 
-   The name of the project you are querying, and the ID of the most recently analyzed commit to the project, are listed below the query box. To the right of this is an icon that indicates the progress of the query operation:
+If any matching code is found, click a link in the ``ifexpr`` column to open the file and highlight the matching ``if`` statement.
 
-   .. image:: ../images/query-progress.png
-       :align: center
+.. image:: ../images/codeql-for-visual-studio-code/basic-ruby-query-results-2.png
+   :align: center
 
-   .. pull-quote::
-
-      Note
-
-      Your query is always run against the most recently analyzed commit to the selected project.
-
-   The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifexpr`` and is linked to the location in the source code of the project where ``ifexpr`` occurs. The second column is the alert message.
-
-   ➤ `Example query results <https://lgtm.com/query/4416853782037269427/>`__
-
-   .. pull-quote::
-
-      Note
-
-      An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
-
-#. If any matching code is found, click a link in the ``ifexpr`` column to view the ``if`` statement in the code viewer.
-
-   The matching ``if`` expression is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
+.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst
 
 About the query structure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -131,14 +106,24 @@ To exclude ``if`` statements that have an ``else`` branch:
          not exists(ifexpr.getThen()) and
          not exists(ifexpr.getElse())
 
-#. Click **Run**.
+#. Re-run the query.
 
    There are now fewer results because ``if`` expressions with an ``else`` branch are no longer included.
 
-➤ `See this in the query console <https://lgtm.com/query/4694253275631320752/>`__
-
 Further reading
 ---------------
 
 .. include:: ../reusables/ruby-further-reading.rst
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
+
+.. |language-text| replace:: Ruby
+
+.. |language-code| replace:: ``ruby``
+
+.. |example-url| replace:: https://github.com/discourse/discourse
+
+.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-ruby.png
+
+.. |result-col-1|  replace:: The first column corresponds to the expression ``ifexpr`` and is linked to the location in the source code of the project where ``ifexpr`` occurs.
diff --git a/docs/codeql/codeql-language-guides/codeql-for-cpp.rst b/docs/codeql/codeql-language-guides/codeql-for-cpp.rst
index 8acd450ecd7..4e5e53d8cb2 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-cpp.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-cpp.rst
@@ -21,7 +21,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    hash-consing-and-value-numbering
 
 
--  :doc:`Basic query for C and C++ code <basic-query-for-cpp-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for C and C++ code <basic-query-for-cpp-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for C and C++ <codeql-library-for-cpp>`: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-csharp.rst b/docs/codeql/codeql-language-guides/codeql-for-csharp.rst
index e327cb177ee..9b692094841 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-csharp.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-csharp.rst
@@ -12,7 +12,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    codeql-library-for-csharp
    analyzing-data-flow-in-csharp
 
--  :doc:`Basic query for C# code <basic-query-for-csharp-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for C# code <basic-query-for-csharp-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for C# <codeql-library-for-csharp>`: When you're analyzing a C# program, you can make use of the large collection of classes in the CodeQL library for C#.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-go.rst b/docs/codeql/codeql-language-guides/codeql-for-go.rst
index be81a19f1a8..0eaefbb5922 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-go.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-go.rst
@@ -13,7 +13,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    abstract-syntax-tree-classes-for-working-with-go-programs
    modeling-data-flow-in-go-libraries
 
--  :doc:`Basic query for Go code <basic-query-for-go-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for Go code <basic-query-for-go-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for Go <codeql-library-for-go>`: When you're analyzing a Go program, you can make use of the large collection of classes in the CodeQL library for Go.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst
index 53489bc5207..aa10f481592 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-java.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst
@@ -1,9 +1,16 @@
 .. _codeql-for-java:
 
-CodeQL for Java
-===============
+CodeQL for Java and Kotlin
+==========================
 
-Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java codebases.
+Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java and Kotlin codebases.
+
+.. include:: ../reusables/kotlin-beta-note.rst
+
+
+.. pull-quote:: Enabling Kotlin support
+
+   CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java`` as a language.
 
 .. toctree::
    :hidden:
@@ -19,7 +26,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    working-with-source-locations
    abstract-syntax-tree-classes-for-working-with-java-programs
 
--  :doc:`Basic query for Java code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for Java code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for Java <codeql-library-for-java>`: When analyzing Java code, you can use the large collection of classes in the CodeQL library for Java.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst
index ce6651acb79..11a4c5e456c 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst
@@ -18,7 +18,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs
    data-flow-cheat-sheet-for-javascript
 
--  :doc:`Basic query for JavaScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for JavaScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for JavaScript <codeql-library-for-javascript>`: When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-python.rst b/docs/codeql/codeql-language-guides/codeql-for-python.rst
index 15b0c4a84f8..3b639e9cdf2 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-python.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-python.rst
@@ -16,7 +16,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    expressions-and-statements-in-python
    analyzing-control-flow-in-python
 
--  :doc:`Basic query for Python code <basic-query-for-python-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for Python code <basic-query-for-python-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for Python <codeql-library-for-python>`: When you need to analyze a Python program, you can make use of the large collection of classes in the CodeQL library for Python.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-for-ruby.rst b/docs/codeql/codeql-language-guides/codeql-for-ruby.rst
index 82d13cf410e..f36df2496bf 100644
--- a/docs/codeql/codeql-language-guides/codeql-for-ruby.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-ruby.rst
@@ -14,7 +14,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
    analyzing-data-flow-in-ruby
    using-api-graphs-in-ruby
 
--  :doc:`Basic query for Ruby code <basic-query-for-ruby-code>`: Learn to write and run a simple CodeQL query using LGTM.
+-  :doc:`Basic query for Ruby code <basic-query-for-ruby-code>`: Learn to write and run a simple CodeQL query.
 
 -  :doc:`CodeQL library for Ruby <codeql-library-for-ruby>`: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for Ruby.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-java.rst b/docs/codeql/codeql-language-guides/codeql-library-for-java.rst
index c4072ad55b2..319afdf29c0 100644
--- a/docs/codeql/codeql-language-guides/codeql-library-for-java.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-java.rst
@@ -70,7 +70,7 @@ For example, the following query finds all variables of type ``int`` in the prog
        pt.hasName("int")
    select v
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/860076406167044435/>`__. You're likely to get many results when you run this query because most projects contain many variables of type ``int``.
+You're likely to get many results when you run this query because most projects contain many variables of type ``int``.
 
 Reference types are also categorized according to their declaration scope:
 
@@ -87,7 +87,7 @@ For instance, this query finds all top-level types whose name is not the same as
    where tl.getName() != tl.getCompilationUnit().getName()
    select tl
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/4340983612585284460/>`__. This pattern is seen in many projects. When we ran it on the LGTM.com demo projects, most of the projects had at least one instance of this problem in the source code. There were many more instances in the files referenced by the source code.
+You will typically see this pattern in the source code of a repository, with many more instances in the files referenced by the source code.
 
 Several more specialized classes are available as well:
 
@@ -109,7 +109,7 @@ As an example, we can write a query that finds all nested classes that directly
    where nc.getASupertype() instanceof TypeObject
    select nc
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8482509736206423238/>`__. You're likely to get many results when you run this query because many projects include nested classes that extend ``Object`` directly.
+You're likely to get many results when you run this query because many projects include nested classes that extend ``Object`` directly.
 
 Generics
 ~~~~~~~~
@@ -143,8 +143,6 @@ For instance, we could use the following query to find all parameterized instanc
        pt.getSourceDeclaration() = map
    select pt
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7863873821043873550/>`__. None of the LGTM.com demo projects contain parameterized instances of ``java.util.Map`` in their source code, but they all have results in reference files.
-
 In general, generic types may restrict which types a type parameter can be bound to. For instance, a type of maps from strings to numbers could be declared as follows:
 
 .. code-block:: java
@@ -166,8 +164,6 @@ As an example, the following query finds all type variables with type bound ``Nu
        tb.getType().hasQualifiedName("java.lang", "Number")
    select tv
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6740696080876162817/>`__. When we ran it on the LGTM.com demo projects, the *neo4j/neo4j*, *hibernate/hibernate-orm* and *apache/hadoop* projects all contained examples of this pattern.
-
 For dealing with legacy code that is unaware of generics, every generic type has a "raw" version without any type parameters. In the CodeQL libraries, raw types are represented using class ``RawType``, which has the expected subclasses ``RawClass`` and ``RawInterface``. Again, there is a predicate ``getSourceDeclaration`` for obtaining the corresponding generic type. As an example, we can find variables of (raw) type ``Map``:
 
 .. code-block:: ql
@@ -179,8 +175,6 @@ For dealing with legacy code that is unaware of generics, every generic type has
        rt.getSourceDeclaration().hasQualifiedName("java.util", "Map")
    select v
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/4032913402499547882/>`__. Many projects have variables of raw type ``Map``.
-
 For example, in the following code snippet this query would find ``m1``, but not ``m2``:
 
 .. code-block:: java
@@ -230,7 +224,7 @@ For example, the following query finds all expressions whose parents are ``retur
    where e.getParent() instanceof ReturnStmt
    select e
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1947757851560375919/>`__. Many projects have examples of ``return`` statements with child expressions.
+Many projects have examples of ``return`` statements with child expressions.
 
 Therefore, if the program contains a return statement ``return x + y;``, this query will return ``x + y``.
 
@@ -244,7 +238,7 @@ As another example, the following query finds statements whose parent is an ``if
    where s.getParent() instanceof IfStmt
    select s
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1989464153689219612/>`__. Many projects have examples of ``if`` statements with child statements.
+Many projects have examples of ``if`` statements with child statements.
 
 This query will find both ``then`` branches and ``else`` branches of all ``if`` statements in the program.
 
@@ -258,8 +252,6 @@ Finally, here is a query that finds method bodies:
    where s.getParent() instanceof Method
    select s
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1016821702972128245/>`__. Most projects have many method bodies.
-
 As these examples show, the parent node of an expression is not always an expression: it may also be a statement, for example, an ``IfStmt``. Similarly, the parent node of a statement is not always a statement: it may also be a method or a constructor. To capture this, the QL Java library provides two abstract class ``ExprParent`` and ``StmtParent``, the former representing any node that may be the parent node of an expression, and the latter any node that may be the parent node of a statement.
 
 For more information on working with AST classes, see the :doc:`article on overflow-prone comparisons in Java <overflow-prone-comparisons-in-java>`.
@@ -278,7 +270,7 @@ For annotations, class ``Annotatable`` is a superclass of all program elements t
    from Constructor c
    select c.getAnAnnotation()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/3206112561297137365/>`__. The LGTM.com demo projects all use annotations, you can see examples where they are used to suppress warnings and mark code as deprecated.
+You may see examples where annotations are used to suppress warnings or to mark code as deprecated.
 
 These annotations are represented by class ``Annotation``. An annotation is simply an expression whose type is an ``AnnotationType``. For example, you can amend this query so that it only reports deprecated constructors:
 
@@ -292,7 +284,7 @@ These annotations are represented by class ``Annotation``. An annotation is simp
        anntp.hasQualifiedName("java.lang", "Deprecated")
    select ann
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/5393027107459215059/>`__. Only constructors with the ``@Deprecated`` annotation are reported this time.
+Only constructors with the ``@Deprecated`` annotation are reported this time.
 
 For more information on working with annotations, see the :doc:`article on annotations <annotations-in-java>`.
 
@@ -307,7 +299,7 @@ For Javadoc, class ``Element`` has a member predicate ``getDoc`` that returns a
        jdoc = f.getDoc().getJavadoc()
    select jdoc
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6022769142134600659/>`__. You can see this pattern in many projects.
+You can see this pattern in many projects.
 
 Class ``Javadoc`` represents an entire Javadoc comment as a tree of ``JavadocElement`` nodes, which can be traversed using member predicates ``getAChild`` and ``getParent``. For instance, you could edit the query so that it finds all ``@author`` tags in Javadoc comments on private fields:
 
@@ -321,8 +313,6 @@ Class ``Javadoc`` represents an entire Javadoc comment as a tree of ``JavadocEle
        at.getParent+() = jdoc
    select at
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/2510220694395289111/>`__. None of the LGTM.com demo projects uses the ``@author`` tag on private fields.
-
 .. pull-quote::
 
    Note
@@ -349,7 +339,7 @@ For example, the following query finds methods with a `cyclomatic complexity <ht
        mc.getCyclomaticComplexity() > 40
    select m
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6566950741051181919/>`__. Most large projects include some methods with a very high cyclomatic complexity. These methods are likely to be difficult to understand and test.
+Most large projects include some methods with a very high cyclomatic complexity. These methods are likely to be difficult to understand and test.
 
 Call graph
 ----------
@@ -369,8 +359,6 @@ We can use predicate ``Call.getCallee`` to find out which method or constructor
        m.hasName("println")
    select c
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/5861255162551917595/>`__. The LGTM.com demo projects all include many calls to methods of this name.
-
 Conversely, ``Callable.getAReference`` returns a ``Call`` that refers to it. So we can find methods and constructors that are never called using this query:
 
 .. code-block:: ql
@@ -381,7 +369,7 @@ Conversely, ``Callable.getAReference`` returns a ``Call`` that refers to it. So
    where not exists(c.getAReference())
    select c
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7261739919657747703/>`__. The LGTM.com demo projects all appear to have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see ":doc:`Navigating the call graph <navigating-the-call-graph>`."
+Codebases often have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see ":doc:`Navigating the call graph <navigating-the-call-graph>`."
 
 For more information about callables and calls, see the :doc:`article on the call graph <navigating-the-call-graph>`.
 
diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst
index e9070cc493b..8c9c6d8cffa 100644
--- a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst
@@ -43,7 +43,7 @@ Textual level
 
 At its most basic level, a JavaScript code base can simply be viewed as a collection of files organized into folders, where each file is composed of zero or more lines of text.
 
-Note that the textual content of a program is not included in the CodeQL database unless you specifically request it during extraction. In particular, databases on LGTM (also known as "snapshots") do not normally include textual information.
+Note that the textual content of a program is not included in the CodeQL database unless you specifically request it during extraction.
 
 Files and folders
 ^^^^^^^^^^^^^^^^^
@@ -77,7 +77,7 @@ For example, the following query computes, for each folder, the number of JavaSc
    from Folder d
    select d.getRelativePath(), count(File f | f = d.getAFile() and f.getExtension() = "js")
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1506075865985/>`__. When you run the query on most projects, the results include folders that contain files with a ``js`` extension and folders that don't.
+When you run the query on most projects, the results include folders that contain files with a ``js`` extension and folders that don't.
 
 Locations
 ^^^^^^^^^
@@ -138,7 +138,7 @@ As an example of a query operating entirely on the lexical level, consider the f
    where comma.getNextToken() instanceof CommaToken
    select comma, "Omitted array elements are bad style."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/659662177/>`__. If the query returns no results, this pattern isn't used in the projects that you analyzed.
+If the query returns no results, this pattern isn't used in the projects that you analyzed.
 
 You can use predicate ``Locatable.getFirstToken()`` and ``Locatable.getLastToken()`` to access the first and last token (if any) belonging to an element with a source location.
 
@@ -179,8 +179,6 @@ As an example of a query using only lexical information, consider the following
    from HtmlLineComment c
    select c, "Do not use HTML comments."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/686330023/>`__. When we ran this query on the *mozilla/pdf.js* project in LGTM.com, we found three HTML comments.
-
 Syntactic level
 ~~~~~~~~~~~~~~~
 
@@ -230,7 +228,7 @@ The `TopLevel <https://codeql.github.com/codeql-standard-libraries/javascript/se
 
    Note
 
-   By default, LGTM filters out alerts in minified top-levels, since they are often hard to interpret. When writing your own queries in the LGTM query console, this filtering is *not* done automatically, so you may want to explicitly add a condition of the form ``and not e.getTopLevel().isMinified()`` or similar to your query to exclude results in minified code.
+   By default, GitHub code scanning filters out alerts in minified top-levels, since they are often hard to interpret. When you write your own queries in Visual Studio Code, this filtering is *not* done automatically, so you may want to explicitly add a condition of the form ``and not e.getTopLevel().isMinified()`` or similar to your query to exclude results in minified code.
 
 Statements and expressions
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -351,8 +349,6 @@ As an example of how to use expression AST nodes, here is a query that finds exp
    where add = shift.getAnOperand()
    select add, "This expression should be bracketed to clarify precedence rules."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/690010024/>`__. When we ran this query on the *meteor/meteor* project in LGTM.com, we found many results where precedence could be clarified using brackets.
-
 Functions
 ^^^^^^^^^
 
@@ -373,8 +369,6 @@ As an example, here is a query that finds all expression closures:
    where fe.getBody() instanceof Expr
    select fe, "Use arrow expressions instead of expression closures."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/668510056/>`__. None of the LGTM.com demo projects uses expression closures, but you may find this query gets results on other projects.
-
 As another example, this query finds functions that have two parameters that bind the same variable:
 
 .. code-block:: ql
@@ -388,8 +382,6 @@ As another example, this query finds functions that have two parameters that bin
        p.getAVariable() = q.getAVariable()
    select fun, "This function has two parameters that bind the same variable."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/673860037/>`__. None of the LGTM.com demo projects has functions where two parameters bind the same variable.
-
 Classes
 ^^^^^^^
 
@@ -444,7 +436,7 @@ Here is an example of a query to find declaration statements that declare the sa
        not ds.getTopLevel().isMinified()
    select ds, "Variable " + v.getName() + " is declared both $@ and $@.", d1, "here", d2, "here"
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/668700496/>`__. This is not a common problem, so you may not find any results in your own projects. The *angular/angular.js* project on LGTM.com has one instance of this problem at the time of writing.
+This is not a common problem, so you may not find any results in your own projects.
 
    Notice the use of ``not ... isMinified()`` here and in the next few queries. This excludes any results found in minified code. If you delete ``and not ds.getTopLevel().isMinified()`` and re-run the query, two results in minified code in the *meteor/meteor* project are reported.
 
@@ -471,8 +463,6 @@ As an example of a query involving properties, consider the following query that
        not oe.getTopLevel().isMinified()
    select oe, "Property " + p1.getName() + " is defined both $@ and $@.", p1, "here", p2, "here"
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/660700064/>`__. Many projects have a few instances of object expressions with two identically named properties.
-
 Modules
 ^^^^^^^
 
@@ -537,7 +527,7 @@ As an example, consider the following query which finds distinct function declar
        not g.getTopLevel().isMinified()
    select f, g
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/667290067/>`__. Some projects declare conflicting functions of the same name and rely on platform-specific behavior to disambiguate the two declarations.
+Some projects declare conflicting functions of the same name and rely on platform-specific behavior to disambiguate the two declarations.
 
 Control flow
 ~~~~~~~~~~~~
@@ -574,7 +564,7 @@ As an example of an analysis using basic blocks, ``BasicBlock.isLiveAtEntry(v, u
        not f.getStartBB().isLiveAtEntry(gv, _)
    select f, "This function uses " + gv + " like a local variable."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/686320048/>`__. Many projects have some variables which look as if they were intended to be local.
+Many projects have some variables which look as if they were intended to be local.
 
 Data flow
 ~~~~~~~~~
@@ -599,8 +589,6 @@ As an example, the following query finds definitions of local variables that are
        not exists (VarUse use | def = use.getADef())
    select def, "Dead store of local variable."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/2086440429/>`__. Many projects have some examples of useless assignments to local variables.
-
 SSA
 ^^^
 
@@ -642,8 +630,6 @@ For example, here is a query that finds all invocations of a method called ``sen
          send.getMethodName() = "send"
    select send
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1506058347056/>`__. The query finds HTTP response sends in the `AMP HTML <https://lgtm.com/projects/g/ampproject/amphtml>`__ project.
-
 Note that the data flow modeling in this library is intraprocedural, that is, flow across function calls and returns is *not* modeled. Likewise, flow through object properties and global variables is not modeled.
 
 Type inference
@@ -707,8 +693,6 @@ As an example of a call-graph-based query, here is a query to find invocations f
          not exists(invk.getACallee())
    select invk, "Unable to find a callee for this invocation."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/3260345690335671362/>`__
-
 Inter-procedural data flow
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -843,7 +827,7 @@ As an example of the use of these classes, here is a query that counts for every
    from NodeModule m
    select m, count(m.getAnImportedModule())
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/659662207/>`__. When you analyze a project, for each module you can see how many other modules it imports.
+When you analyze a project, for each module you can see how many other modules it imports.
 
 NPM
 ^^^
@@ -872,8 +856,6 @@ As an example of the use of these classes, here is a query that identifies unuse
    not exists (Require req | req.getTopLevel() = pkg.getAModule() | name = req.getImportedPath().getValue())
    select deps, "Unused dependency '" + name + "'."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/666680077/>`__. It is not uncommon for projects to have some unused dependencies.
-
 React
 ^^^^^
 
@@ -899,8 +881,6 @@ For example, here is a query to find SQL queries that use string concatenation (
    where ss instanceof AddExpr
    select ss, "Use templating instead of string concatenation."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1506076336224/>`__, showing two (benign) results on `strong-arc <https://lgtm.com/projects/g/strongloop/strong-arc/>`__.
-
 Miscellaneous
 ~~~~~~~~~~~~~
 
@@ -965,8 +945,6 @@ As an example, here is a query that finds ``@param`` tags that do not specify th
    not exists(t.getName())
    select t, "@param tag is missing name."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/673060054/>`__. Of the LGTM.com demo projects analyzed, only *Semantic-Org/Semantic-UI* has an example where the ``@param`` tag omits the name.
-
 For full details on these and other classes representing JSDoc comments and type expressions, see `the API documentation <https://codeql.github.com/codeql-standard-libraries/javascript/semmle/javascript/JSDoc.qll/module.JSDoc.html>`__.
 
 JSX
diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-python.rst b/docs/codeql/codeql-language-guides/codeql-library-for-python.rst
index 204a6d22c3b..c1b392cc358 100644
--- a/docs/codeql/codeql-language-guides/codeql-library-for-python.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-python.rst
@@ -53,7 +53,7 @@ All scopes are basically a list of statements, although ``Scope`` classes have a
    where f.getScope() instanceof Function
    select f
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/665620040/>`__. Many projects have nested functions.
+Many codebases use nested functions.
 
 Statement
 ^^^^^^^^^
@@ -95,7 +95,7 @@ As an example, to find expressions of the form ``a+2`` where the left is a simpl
    where bin.getLeft() instanceof Name and bin.getRight() instanceof Num
    select bin
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/669950026/>`__. Many projects include examples of this pattern.
+Many codebases include examples of this pattern.
 
 Variable
 ^^^^^^^^
@@ -126,7 +126,7 @@ For our first example, we can find all ``finally`` blocks by using the ``Try`` c
    from Try t
    select t.getFinalbody()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/659662193/>`__. Many projects include examples of this pattern.
+Many codebases include examples of this pattern.
 
 2. Finding ``except`` blocks that do nothing
 ''''''''''''''''''''''''''''''''''''''''''''
@@ -157,7 +157,7 @@ Both forms are equivalent. Using the positive expression, the whole query looks
    where forall(Stmt s | s = ex.getAStmt() | s instanceof Pass)
    select ex
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/690010036/>`__. Many projects include pass-only ``except`` blocks.
+Many codebases include pass-only ``except`` blocks.
 
 Summary
 ^^^^^^^
@@ -278,8 +278,6 @@ Using this predicate we can select the longest ``BasicBlock`` by selecting the `
    where bb_length(b) = max(bb_length(_))
    select b
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/666730036/>`__. When we ran it on the LGTM.com demo projects, the *openstack/nova* and *ytdl-org/youtube-dl* projects both contained source code results for this query.
-
 .. pull-quote::
 
    Note
diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-typescript.rst b/docs/codeql/codeql-language-guides/codeql-library-for-typescript.rst
index e729011a3e9..b1709bb05c5 100644
--- a/docs/codeql/codeql-language-guides/codeql-library-for-typescript.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-typescript.rst
@@ -123,8 +123,6 @@ Select expressions that cast a value to a type parameter:
    where assertion.getTypeAnnotation() = param.getLocalTypeName().getAnAccess()
    select assertion, "Cast to type parameter."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505979606441/>`__.
-
 Classes and interfaces
 ~~~~~~~~~~~~~~~~~~~~~~
 
@@ -179,7 +177,7 @@ Ambient nodes are mostly ignored by control flow and data flow analysis. The out
 Static type information
 -----------------------
 
-Static type information and global name binding is available for projects with "full" TypeScript extraction enabled. This option is enabled by default for projects on LGTM.com and when you create databases with the :ref:`CodeQL CLI <codeql-cli>`.
+Static type information and global name binding is available for projects with "full" TypeScript extraction enabled. This option is enabled by default when you create databases with the :ref:`CodeQL CLI <codeql-cli>`.
 
 Basic usage
 ~~~~~~~~~~~
@@ -403,8 +401,6 @@ It is best to use `TypeName <https://codeql.github.com/codeql-standard-libraries
      and not access.hasTypeArguments()
    select access, "Type arguments are omitted"
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505985316500/>`__.
-
 Find imported names that are used as both a type and a value:
 
 .. code-block:: ql
@@ -416,8 +412,6 @@ Find imported names that are used as both a type and a value:
      and exists (VarAccess access | access.getVariable().getADeclaration() = spec.getLocal())
    select spec, "Used as both variable and type"
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505975787348/>`__.
-
 Namespace names
 ~~~~~~~~~~~~~~~
 
diff --git a/docs/codeql/codeql-language-guides/conversions-and-classes-in-cpp.rst b/docs/codeql/codeql-language-guides/conversions-and-classes-in-cpp.rst
index 9bd057412f6..0ceacc3acd9 100644
--- a/docs/codeql/codeql-language-guides/conversions-and-classes-in-cpp.rst
+++ b/docs/codeql/codeql-language-guides/conversions-and-classes-in-cpp.rst
@@ -165,8 +165,6 @@ Our starting point for the query is pairs of a base class and a derived class, c
    where derived.getABaseClass+() = base
    select base, derived, "The second class is derived from the first."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505902347211/>`__
-
 Note that the transitive closure symbol ``+`` indicates that ``Class.getABaseClass()`` may be followed one or more times, rather than only accepting a direct base class.
 
 A lot of the results are uninteresting template parameters. You can remove those results by updating the ``where`` clause as follows:
@@ -177,8 +175,6 @@ A lot of the results are uninteresting template parameters. You can remove those
      and not exists(base.getATemplateArgument())
      and not exists(derived.getATemplateArgument())
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505907047251/>`__
-
 Finding derived classes with destructors
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -196,8 +192,6 @@ Now we can extend the query to find derived classes with destructors, using the
      and d2 = derived.getDestructor()
    select base, derived, "The second class is derived from the first, and both have a destructor."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505901767389/>`__
-
 Notice that getting the destructor implicitly asserts that one exists. As a result, this version of the query returns fewer results than before.
 
 Finding base classes where the destructor is not virtual
@@ -216,11 +210,9 @@ Our last change is to use ``Function.isVirtual()`` to find cases where the base
      and not d1.isVirtual()
    select d1, "This destructor should probably be virtual."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505908156827/>`__
-
 That completes the query.
 
-There is a similar built-in `query <https://lgtm.com/rules/2158670642/>`__ on LGTM.com that finds classes in a C/C++ project with virtual functions but no virtual destructor. You can take a look at the code for this query by clicking **Open in query console** at the top of that page.
+There is a similar standard query `Non-virtual destructor in base class <https://codeql.github.com/codeql-query-help/cpp/cpp-virtual-destructor/>`__ that finds classes in a C/C++ project with virtual functions but no virtual destructor.
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/expressions-and-statements-in-python.rst b/docs/codeql/codeql-language-guides/expressions-and-statements-in-python.rst
index 48cca630660..32a16560bc3 100644
--- a/docs/codeql/codeql-language-guides/expressions-and-statements-in-python.rst
+++ b/docs/codeql/codeql-language-guides/expressions-and-statements-in-python.rst
@@ -54,8 +54,6 @@ The ``global`` statement in Python declares a variable with a global (module-lev
    where g.getScope() instanceof Module
    select g
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/686330052/>`__. None of the demo projects on LGTM.com has a global statement that matches this pattern.
-
 The line: ``g.getScope() instanceof Module`` ensures that the ``Scope`` of ``Global g`` is a ``Module``, rather than a class or function.
 
 Example finding 'if' statements with redundant branches
@@ -81,7 +79,7 @@ To find statements like this that could be simplified we can write a query.
      and forall(Stmt p | p = l.getAnItem() | p instanceof Pass)
    select i
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/672230053/>`__. Many projects have some ``if`` statements that match this pattern.
+Many codebases have some ``if`` statements that match this pattern.
 
 The line: ``(l = i.getBody() or l = i.getOrelse())`` restricts the ``StmtList l`` to branches of the ``if`` statement.
 
@@ -150,8 +148,6 @@ We can check for these using a query.
      and cmp.getOp(0) instanceof Is and cmp.getComparator(0) = literal
    select cmp
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/688180010/>`__. Two of the demo projects on LGTM.com use this pattern: *saltstack/salt* and *openstack/nova*.
-
 The clause ``cmp.getOp(0) instanceof Is and cmp.getComparator(0) = literal`` checks that the first comparison operator is "is" and that the first comparator is a literal.
 
 .. pull-quote::
@@ -180,7 +176,7 @@ If there are duplicate keys in a Python dictionary, then the second key will ove
      and k1 != k2 and same_key(k1, k2)
    select k1, "Duplicate key in dict literal"
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/663330305/>`__. When we ran this query on LGTM.com, the source code of the *saltstack/salt* project contained an example of duplicate dictionary keys. The results were also highlighted as alerts by the standard "Duplicate key in dict literal" query. Two of the other demo projects on LGTM.com refer to duplicate dictionary keys in library files. For more information, see `Duplicate key in dict literal <https://lgtm.com/rules/3980087>`__ on LGTM.com.
+When we ran this query on some test codebases, we found examples of duplicate dictionary keys. The results were also highlighted as alerts by the standard "Duplicate key in dict literal" query. For more information, see `Duplicate key in dict literal <https://codeql.github.com/codeql-query-help/python/py-duplicate-key-dict-literal/>`__.
 
 The supporting predicate ``same_key`` checks that the keys have the same identifier. Separating this part of the logic into a supporting predicate, instead of directly including it in the query, makes it easier to understand the query as a whole. The casts defined in the predicate restrict the expression to the type specified and allow predicates to be called on the type that is cast-to. For example:
 
@@ -222,8 +218,6 @@ This basic query can be improved by checking that the one line of code is a Java
        and attr.getObject() = self and self.getId() = "self"
    select f, "This function is a Java-style getter."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/669220054/>`__. Of the demo projects on LGTM.com, only the *openstack/nova* project has examples of functions that appear to be Java-style getters.
-
 .. code-block:: ql
 
    ret = f.getStmt(0) and ret.getValue() = attr
diff --git a/docs/codeql/codeql-language-guides/expressions-types-and-statements-in-cpp.rst b/docs/codeql/codeql-language-guides/expressions-types-and-statements-in-cpp.rst
index d7adc22c2cd..c9515aca4c8 100644
--- a/docs/codeql/codeql-language-guides/expressions-types-and-statements-in-cpp.rst
+++ b/docs/codeql/codeql-language-guides/expressions-types-and-statements-in-cpp.rst
@@ -23,8 +23,6 @@ In the following example we find instances of ``AssignExpr`` which assign the co
    where e.getRValue().getValue().toInt() = 0
    select e, "Assigning the value 0 to something."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505908086530/>`__
-
 The ``where`` clause in this example gets the expression on the right side of the assignment, ``getRValue()``, and compares it with zero. Notice that there are no checks to make sure that the right side of the assignment is an integer or that it has a value (that is, it is compile-time constant, rather than a variable). For expressions where either of these assumptions is wrong, the associated predicate simply does not return anything and the ``where`` clause will not produce a result. You could think of it as if there is an implicit ``exists(e.getRValue().getValue().toInt())`` at the beginning of this line.
 
 It is also worth noting that the query above would find this C code:
@@ -33,7 +31,7 @@ It is also worth noting that the query above would find this C code:
 
    yPtr = NULL;
 
-This is because the database contains a representation of the code base after the preprocessor transforms have run. This means that any macro invocations, such as the ``NULL`` define used here, are expanded during the creation of the database. If you want to write queries about macros then there are some special library classes that have been designed specifically for this purpose (for example, the ``Macro``, ``MacroInvocation`` classes and predicates like ``Element.isInMacroExpansion()``). In this case, it is good that macros are expanded, but we do not want to find assignments to pointers. For more information, see `Database generation <https://lgtm.com/help/lgtm/generate-database>`__ on LGTM.com.
+This is because the database contains a representation of the code base after the preprocessor transforms have run. This means that any macro invocations, such as the ``NULL`` define used here, are expanded during the creation of the database. If you want to write queries about macros then there are some special library classes that have been designed specifically for this purpose (for example, the ``Macro``, ``MacroInvocation`` classes and predicates like ``Element.isInMacroExpansion()``). In this case, it is good that macros are expanded, but we do not want to find assignments to pointers. For more information, see `Database creation <https://codeql.github.com/docs/codeql-overview/about-codeql/#database-creation>`__.
 
 Finding assignments of 0 to an integer
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -49,8 +47,6 @@ We can make the query more specific by defining a condition for the left side of
      and e.getLValue().getType().getUnspecifiedType() instanceof IntegralType
    select e, "Assigning the value 0 to an integer."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505906986578/>`__
-
 This checks that the left side of the assignment has a type that is some kind of integer. Note the call to ``Type.getUnspecifiedType()``. This resolves ``typedef`` types to their underlying types so that the query finds assignments like this one:
 
 .. code-block:: cpp
@@ -109,8 +105,6 @@ Unfortunately this would not quite work, because the loop initialization is actu
      and e.getLValue().getType().getUnspecifiedType() instanceof IntegralType
    select e, "Assigning the value 0 to an integer, inside a for loop initialization."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505909016965/>`__
-
 Finding assignments of 0 within the loop body
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -127,8 +121,6 @@ We can find assignments inside the loop body using similar code with the predica
      and e.getLValue().getType().getUnderlyingType() instanceof IntegralType
    select e, "Assigning the value 0 to an integer, inside a for loop body."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505901437190/>`__
-
 Note that we replaced ``e.getEnclosingStmt()`` with ``e.getEnclosingStmt().getParentStmt*()``, to find an assignment expression that is deeply nested inside the loop body. The transitive closure modifier ``*`` here indicates that ``Stmt.getParentStmt()`` may be followed zero or more times, rather than just once, giving us the statement, its parent statement, its parent's parent statement etc.
 
 Further reading
diff --git a/docs/codeql/codeql-language-guides/functions-in-cpp.rst b/docs/codeql/codeql-language-guides/functions-in-cpp.rst
index 84d72e5376a..34c99885c6a 100644
--- a/docs/codeql/codeql-language-guides/functions-in-cpp.rst
+++ b/docs/codeql/codeql-language-guides/functions-in-cpp.rst
@@ -40,8 +40,6 @@ It might be more interesting to find functions that are not called, using the st
    where not exists(FunctionCall fc | fc.getTarget() = f)
    select f, "This function is never called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505891246456/>`__
-
 The new query finds functions that are not the target of any ``FunctionCall``—in other words, functions that are never called. You may be surprised by how many results the query finds. However, if you examine the results, you can see that many of the functions it finds are used indirectly. To create a query that finds only unused functions, we need to refine the query and exclude other ways of using a function.
 
 Excluding functions that are referenced with a function pointer
@@ -58,13 +56,11 @@ You can modify the query to remove functions where a function pointer is used to
      and not exists(FunctionAccess fa | fa.getTarget() = f)
    select f, "This function is never called, or referenced with a function pointer."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505890446605/>`__
-
 This query returns fewer results. However, if you examine the results then you can probably still find potential refinements.
 
-For example, there is a more complicated LGTM `query <https://lgtm.com/rules/2152580467/>`__ that finds unused static functions. To see the code for this query, click **Open in query console** at the top of the page.
+For example, there is a more complicated standard query, `Unused static function <https://codeql.github.com/codeql-query-help/cpp/cpp-unused-static-function/>`__, that finds unused static functions.
 
-   You can explore the definition of an element in the standard libraries and see what predicates are available. Use the keyboard **F3** button to open the definition of any element. Alternatively, hover over the element and click **Jump to definition** in the tooltip displayed. The library file is opened in a new tab with the definition highlighted.
+   You can explore the definition of an element in the standard libraries and see what predicates are available. Right-click the element to display the context menu, and click **Go to Definition**. The library file is opened in a new tab with the definition of the element highlighted.
 
 Finding a specific function
 ---------------------------
@@ -80,8 +76,6 @@ This query uses ``Function`` and ``FunctionCall`` to find calls to the function
      and not fc.getArgument(1) instanceof StringLiteral
    select fc, "sprintf called with variable format string."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505889506751/>`__
-
 This uses:
 
 -  ``Declaration.getQualifiedName()`` to identify calls to the specific function ``sprintf``.
@@ -89,7 +83,7 @@ This uses:
 
 Note that we could have used ``Declaration.getName()``, but ``Declaration.getQualifiedName()`` is a better choice because it includes the namespace. For example: ``getName()`` would return ``vector`` where ``getQualifiedName`` would return ``std::vector``.
 
-The LGTM version of this query is considerably more complicated, but if you look carefully you will find that its structure is the same. See `Non-constant format string <https://lgtm.com/rules/2152810612/>`__ and click **Open in query console** at the top of the page.
+The published version of this query is considerably more complicated, but if you look carefully you will find that its structure is the same. See `Non-constant format string <https://codeql.github.com/codeql-query-help/cpp/cpp-non-constant-format/>`__.
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/functions-in-python.rst b/docs/codeql/codeql-language-guides/functions-in-python.rst
index ab401f6c5e5..fbb4ff0d6e5 100644
--- a/docs/codeql/codeql-language-guides/functions-in-python.rst
+++ b/docs/codeql/codeql-language-guides/functions-in-python.rst
@@ -28,7 +28,7 @@ Using the member predicate ``Function.getName()``, we can list all of the getter
    where f.getName().matches("get%")
    select f, "This is a function called get..."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/669220031/>`__. This query typically finds a large number of results. Usually, many of these results are for functions (rather than methods) which we are not interested in.
+This query typically finds a large number of results. Usually, many of these results are for functions (rather than methods) which we are not interested in.
 
 Finding all methods called "get..."
 -----------------------------------
@@ -43,7 +43,7 @@ You can modify the query above to return more interesting results. As we are onl
    where f.getName().matches("get%") and f.isMethod()
    select f, "This is a method called get..."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/690010035/>`__. This finds methods whose name starts with ``"get"``, but many of those are not the sort of simple getters we are interested in.
+This finds methods whose name starts with ``"get"``, but many of those are not the sort of simple getters we are interested in.
 
 Finding one line methods called "get..."
 ----------------------------------------
@@ -59,7 +59,7 @@ We can modify the query further to include only methods whose body consists of a
     and count(f.getAStmt()) = 1
    select f, "This function is (probably) a getter."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/667290044/>`__. This query returns fewer results, but if you examine the results you can see that there are still refinements to be made. This is refined further in ":doc:`Expressions and statements in Python <expressions-and-statements-in-python>`."
+This query returns fewer results, but if you examine the results you can see that there are still refinements to be made. This is refined further in ":doc:`Expressions and statements in Python <expressions-and-statements-in-python>`."
 
 Finding a call to a specific function
 -------------------------------------
@@ -74,8 +74,6 @@ This query uses ``Call`` and ``Name`` to find calls to the function ``eval`` - w
    where call.getFunc() = name and name.getId() = "eval"
    select call, "call to 'eval'."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6718356557331218618/>`__. Some of the demo projects on LGTM.com use this function.
-
 The ``Call`` class represents calls in Python. The ``Call.getFunc()`` predicate gets the expression being called. ``Name.getId()`` gets the identifier (as a string) of the ``Name`` expression.
 Due to the dynamic nature of Python, this query will select any call of the form ``eval(...)`` regardless of whether it is a call to the built-in function ``eval`` or not.
 In a later tutorial we will see how to use the type-inference library to find calls to the built-in function ``eval`` regardless of name of the variable called.
diff --git a/docs/codeql/codeql-language-guides/javadoc.rst b/docs/codeql/codeql-language-guides/javadoc.rst
index 7e16cc6ce36..c1bce79a0a2 100644
--- a/docs/codeql/codeql-language-guides/javadoc.rst
+++ b/docs/codeql/codeql-language-guides/javadoc.rst
@@ -149,8 +149,6 @@ Now we can write a query for finding all callables ``c`` and ``@throws`` tags ``
        not mayThrow(c, exn)
    select tt, "Spurious @throws tag."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1258570917227966396/>`__. This finds several results in the LGTM.com demo projects.
-
 Improvements
 ~~~~~~~~~~~~
 
@@ -216,7 +214,7 @@ The first case can be covered by changing ``getDocumentedException`` to use the
        (result.hasName(tt.getExceptionName()) and visibleIn(tt.getFile(), result))
    }
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8016848987103345329/>`__. This finds many fewer, more interesting results in the LGTM.com demo projects.
+This query should find many fewer, more interesting results.
 
 Currently, ``visibleIn`` only considers single-type imports, but you could extend it with support for other kinds of imports.
 
diff --git a/docs/codeql/codeql-language-guides/navigating-the-call-graph.rst b/docs/codeql/codeql-language-guides/navigating-the-call-graph.rst
index 8b73b49153b..6db902ea4b8 100644
--- a/docs/codeql/codeql-language-guides/navigating-the-call-graph.rst
+++ b/docs/codeql/codeql-language-guides/navigating-the-call-graph.rst
@@ -80,7 +80,7 @@ We can use the ``Callable`` class to write a query that finds methods that are n
    where not exists(Callable caller | caller.polyCalls(callee))
    select callee
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8376915232270534450/>`__. This simple query typically returns a large number of results.
+This simple query typically returns a large number of results.
 
 .. pull-quote::
 
@@ -99,7 +99,7 @@ Running this query on a typical Java project results in lots of hits in the Java
        callee.getCompilationUnit().fromSource()
    select callee, "Not called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8711624074465690976/>`__. This change reduces the number of results returned for most projects.
+This change reduces the number of results returned for most codebases.
 
 We might also notice several unused methods with the somewhat strange name ``<clinit>``: these are class initializers; while they are not explicitly called anywhere in the code, they are called implicitly whenever the surrounding class is loaded. Hence it makes sense to exclude them from our query. While we are at it, we can also exclude finalizers, which are similarly invoked implicitly:
 
@@ -113,7 +113,7 @@ We might also notice several unused methods with the somewhat strange name ``<cl
        not callee.hasName("<clinit>") and not callee.hasName("finalize")
    select callee, "Not called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/925473733866047471/>`__. This also reduces the number of results returned by most projects.
+This also reduces the number of results returned by most codebases.
 
 We may also want to exclude public methods from our query, since they may be external API entry points:
 
@@ -128,7 +128,7 @@ We may also want to exclude public methods from our query, since they may be ext
        not callee.isPublic()
    select callee, "Not called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/6284320987237954610/>`__. This should have a more noticeable effect on the number of results returned.
+This should have a more noticeable effect on the number of results returned.
 
 A further special case is non-public default constructors: in the singleton pattern, for example, a class is provided with private empty default constructor to prevent it from being instantiated. Since the very purpose of such constructors is their not being called, they should not be flagged up:
 
@@ -144,7 +144,7 @@ A further special case is non-public default constructors: in the singleton patt
        not callee.(Constructor).getNumberOfParameters() = 0
    select callee, "Not called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/2625028545869146918/>`__. This change has a large effect on the results for some projects but little effect on the results for others. Use of this pattern varies widely between different projects.
+This change has a large effect on the results for some projects but little effect on the results for others. Use of this pattern varies widely between different projects.
 
 Finally, on many Java projects there are methods that are invoked indirectly by reflection. So, while there are no calls invoking these methods, they are, in fact, used. It is in general very hard to identify such methods. A very common special case, however, is JUnit test methods, which are reflectively invoked by a test runner. The CodeQL library for Java has support for recognizing test classes of JUnit and other testing frameworks, which we can employ to filter out methods defined in such classes:
 
@@ -161,7 +161,7 @@ Finally, on many Java projects there are methods that are invoked indirectly by
        not callee.getDeclaringType() instanceof TestClass
    select callee, "Not called."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/2055862421970264112/>`__. This should give a further reduction in the number of results returned.
+This should give a further reduction in the number of results returned.
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/overflow-prone-comparisons-in-java.rst b/docs/codeql/codeql-language-guides/overflow-prone-comparisons-in-java.rst
index b0762a5c139..53c36c7f786 100644
--- a/docs/codeql/codeql-language-guides/overflow-prone-comparisons-in-java.rst
+++ b/docs/codeql/codeql-language-guides/overflow-prone-comparisons-in-java.rst
@@ -44,7 +44,7 @@ We'll start by writing a query that finds less-than expressions (CodeQL class ``
        expr.getRightOperand().getType().hasName("long")
    select expr
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/490866529746563234/>`__. This query usually finds results on most projects.
+This query usually finds results on most codebases.
 
 Notice that we use the predicate ``getType`` (available on all subclasses of ``Expr``) to determine the type of the operands. Types, in turn, define the ``hasName`` predicate, which allows us to identify the primitive types ``int`` and ``long``. As it stands, this query finds *all* less-than expressions comparing ``int`` and ``long``, but in fact we are only interested in comparisons that are part of a loop condition. Also, we want to filter out comparisons where either operand is constant, since these are less likely to be real bugs. The revised query looks like this:
 
@@ -59,7 +59,7 @@ Notice that we use the predicate ``getType`` (available on all subclasses of ``E
        not expr.getAnOperand().isCompileTimeConstant()
    select expr
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/4315986481180063825/>`__. Notice that fewer results are found.
+Notice that fewer results are found.
 
 The class ``LoopStmt`` is a common superclass of all loops, including, in particular, ``for`` loops as in our example above. While different kinds of loops have different syntax, they all have a loop condition, which can be accessed through predicate ``getCondition``. We use the reflexive transitive closure operator ``*`` applied to the ``getAChildExpr`` predicate to express the requirement that ``expr`` should be nested inside the loop condition. In particular, it can be the loop condition itself.
 
@@ -113,16 +113,44 @@ Now we rewrite our query to make use of these new classes:
 
 .. code-block:: ql
 
-   import Java
+    import java
 
-   // Insert the class definitions from above
+    // Return the width (in bits) of a given integral type 
+    int width(PrimitiveType pt) {
+    (pt.hasName("byte") and result=8) or
+    (pt.hasName("short") and result=16) or
+    (pt.hasName("char") and result=16) or
+    (pt.hasName("int") and result=32) or
+    (pt.hasName("long") and result=64)
+    }
 
-   from OverflowProneComparison expr
-   where exists(LoopStmt l | l.getCondition().getAChildExpr*() = expr) and
-   not expr.getAnOperand().isCompileTimeConstant()
-   select expr
+    // Find any comparison where the width of the type on the smaller end of 
+    // the comparison is less than the width of the type on the greater end
+    abstract class OverflowProneComparison extends ComparisonExpr {
+    Expr getLesserOperand() { none() }
+    Expr getGreaterOperand() { none() }
+    }
 
-➤ `See the full query in the query console on LGTM.com <https://lgtm.com/query/506868054626167462/>`__.
+    // Return `<=` and `<` comparisons
+    class LTOverflowProneComparison extends OverflowProneComparison {
+    LTOverflowProneComparison() {
+        (this instanceof LEExpr or this instanceof LTExpr) and
+        width(this.getLeftOperand().getType()) < width(this.getRightOperand().getType())
+    }
+    }
+
+    // Return `>=` and `>` comparisons
+    class GTOverflowProneComparison extends OverflowProneComparison {
+    GTOverflowProneComparison() {
+        (this instanceof GEExpr or this instanceof GTExpr) and
+        width(this.getRightOperand().getType()) < width(this.getLeftOperand().getType())
+    }
+    }
+
+    from OverflowProneComparison expr
+    where exists(LoopStmt l | l.getCondition().getAChildExpr*() = expr) and
+        not expr.getAnOperand().isCompileTimeConstant()
+    select expr
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/refining-a-query-to-account-for-edge-cases.rst b/docs/codeql/codeql-language-guides/refining-a-query-to-account-for-edge-cases.rst
index d2a6cee326a..049dc95ad9b 100644
--- a/docs/codeql/codeql-language-guides/refining-a-query-to-account-for-edge-cases.rst
+++ b/docs/codeql/codeql-language-guides/refining-a-query-to-account-for-edge-cases.rst
@@ -146,8 +146,6 @@ Finally we can simplify the query by using the transitive closure operator. In t
        and exists(c.getBlock())
    select c, "Constructor does not initialize fields $@.", f, f.getName()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1505896968215/>`__
-
 Further reading
 ---------------
 
diff --git a/docs/codeql/codeql-language-guides/types-in-java.rst b/docs/codeql/codeql-language-guides/types-in-java.rst
index 04cc716b961..3bb1c59fed7 100644
--- a/docs/codeql/codeql-language-guides/types-in-java.rst
+++ b/docs/codeql/codeql-language-guides/types-in-java.rst
@@ -34,7 +34,7 @@ To determine ancestor types (including immediate super types, and also *their* s
    where B.hasName("B")
    select B.getASupertype+()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1506430738755934285/>`__. If this query were run on the example snippet above, the query would return ``A``, ``I``, and ``java.lang.Object``.
+If we ran this query on the example snippet above, the query would return ``A``, ``I``, and ``java.lang.Object``.
 
 .. pull-quote::
 
@@ -80,7 +80,7 @@ This recipe is not too difficult to translate into a query:
        target.getElementType().(RefType).getASupertype+() = source.getElementType()
    select ce, "Potentially problematic array downcast."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8378564667548381869/>`__. Many projects return results for this query.
+Many projects return results for this query.
 
 Note that by casting ``target.getElementType()`` to a ``RefType``, we eliminate all cases where the element type is a primitive type, that is, ``target`` is an array of primitive type: the problem we are looking for cannot arise in that case. Unlike in Java, a cast in QL never fails: if an expression cannot be cast to the desired type, it is simply excluded from the query results, which is exactly what we want.
 
@@ -143,7 +143,7 @@ Using these new classes we can extend our query to exclude calls to ``toArray``
        not ce.getExpr().(CollectionToArrayCall).getActualReturnType() = target
    select ce, "Potentially problematic array downcast."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/3150404889854131463/>`__. Notice that fewer results are found by this improved query.
+Notice that fewer results are found by this improved query.
 
 Example: Finding mismatched contains checks
 -------------------------------------------
@@ -269,8 +269,6 @@ Now we are ready to write a first version of our query:
        not haveCommonDescendant(collEltType, argType)
    select juccc, "Element type " + collEltType + " is incompatible with argument type " + argType
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7947831380785106258/>`__.
-
 Improvements
 ~~~~~~~~~~~~
 
@@ -284,19 +282,50 @@ Adding these three improvements, our final query becomes:
 
 .. code-block:: ql
 
-   import java
+    import java
 
-   // Insert the class definitions from above
+    class JavaUtilCollection extends GenericInterface {
+        JavaUtilCollection() {
+            this.hasQualifiedName("java.util", "Collection")
+        }
+    }
 
-   from JavaUtilCollectionContainsCall juccc, Type collEltType, Type argType
-   where collEltType = juccc.getCollectionElementType() and argType = juccc.getArgumentType() and
-       not haveCommonDescendant(collEltType, argType) and
-       not collEltType instanceof TypeVariable and not argType instanceof TypeVariable and
-       not collEltType = argType.(PrimitiveType).getBoxedType() and
-       not argType.hasName("<nulltype>")
-   select juccc, "Element type " + collEltType + " is incompatible with argument type " + argType
+    class JavaUtilCollectionContains extends Method {
+        JavaUtilCollectionContains() {
+            this.getDeclaringType() instanceof JavaUtilCollection and
+            this.hasStringSignature("contains(Object)")
+        }
+    }
 
-➤ `See the full query in the query console on LGTM.com <https://lgtm.com/query/8846334903769538099/>`__.
+    class JavaUtilCollectionContainsCall extends MethodAccess {
+        JavaUtilCollectionContainsCall() {
+            exists(JavaUtilCollectionContains jucc |
+                this.getMethod().getSourceDeclaration().overrides*(jucc)
+            )
+        }
+    Type getArgumentType() {
+        result = this.getArgument(0).getType()
+        }
+        Type getCollectionElementType() {
+        exists(RefType D, ParameterizedInterface S |
+            D = this.getMethod().getDeclaringType() and
+            D.hasSupertype*(S) and S.getSourceDeclaration() instanceof JavaUtilCollection and
+            result = S.getTypeArgument(0)
+        )
+        }
+    }
+
+    predicate haveCommonDescendant(RefType tp1, RefType tp2) {
+        exists(RefType commondesc | commondesc.hasSupertype*(tp1) and commondesc.hasSupertype*(tp2))
+    }
+
+    from JavaUtilCollectionContainsCall juccc, Type collEltType, Type argType
+    where collEltType = juccc.getCollectionElementType() and argType = juccc.getArgumentType() and
+        not haveCommonDescendant(collEltType, argType) and
+        not collEltType instanceof TypeVariable and not argType instanceof TypeVariable and
+        not collEltType = argType.(PrimitiveType).getBoxedType() and
+        not argType.hasName("<nulltype>")
+    select juccc, "Element type " + collEltType + " is incompatible with argument type " + argType
 
 Further reading
 ---------------
diff --git a/docs/codeql/codeql-language-guides/using-api-graphs-in-python.rst b/docs/codeql/codeql-language-guides/using-api-graphs-in-python.rst
index 24be065c912..adfcdaa8d60 100644
--- a/docs/codeql/codeql-language-guides/using-api-graphs-in-python.rst
+++ b/docs/codeql/codeql-language-guides/using-api-graphs-in-python.rst
@@ -29,8 +29,6 @@ following snippet demonstrates.
 
     select API::moduleImport("re")
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/1876172022264324639/>`__.
-
 This query selects the API graph node corresponding to the ``re`` module. This node represents the fact that the ``re`` module has been imported rather than a specific location in the program where the import happens. Therefore, there will be at most one result per project, and it will not have a useful location, so you'll have to click `Show 1 non-source result` in order to see it.
 
 To find where the ``re`` module is referenced in the program, you can use the ``getAUse`` method. The following query selects all references to the ``re`` module in the current database.
@@ -42,8 +40,6 @@ To find where the ``re`` module is referenced in the program, you can use the ``
 
     select API::moduleImport("re").getAUse()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8072356519514905526/>`__.
-
 Note that the ``getAUse`` method accounts for local flow, so that ``my_re_compile``
 in the following snippet is
 correctly recognized as a reference to the ``re.compile`` function.
@@ -77,8 +73,6 @@ the above ``re.compile`` example, you can now find references to ``re.compile``.
 
     select API::moduleImport("re").getMember("compile").getAUse()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7970570434725297676/>`__.
-
 In addition to ``getMember``, you can use the ``getUnknownMember`` method to find references to API
 components where the name is not known statically. You can use the ``getAMember`` method to
 access all members, both known and unknown.
@@ -97,15 +91,11 @@ where the return value of ``re.compile`` is used:
 
     select API::moduleImport("re").getMember("compile").getReturn().getAUse()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/4346050399960356921/>`__.
-
 Note that this includes all uses of the result of ``re.compile``, including those reachable via
 local flow. To get just the *calls* to ``re.compile``, you can use ``getAnImmediateUse`` instead of
 ``getAUse``. As this is a common occurrence, you can use ``getACall`` instead of
 ``getReturn`` followed by ``getAnImmediateUse``.
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8143347716552092926/>`__.
-
 Note that the API graph does not distinguish between class instantiations and function calls. As far
 as it's concerned, both are simply places where an API graph node is called.
 
@@ -134,8 +124,6 @@ all subclasses of ``View``, you must explicitly include the subclasses of ``Meth
 
     select viewClass().getAUse()
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/288293322319747121/>`__.
-
 Note the use of the set literal ``["View", "MethodView"]`` to match both classes simultaneously.
 
 Built-in functions and classes
diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst
index c2f93525341..597ce491463 100644
--- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst
+++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst
@@ -338,10 +338,9 @@ step by step in the UI:
   where cfg.hasFlowPath(source, sink)
   select sink, source, sink, "Property access on JSON value originating $@.", source, "here"
 
-`Here <https://lgtm.com/query/5347702611074820306>`_ is a run of this query on the `plexus-interop
-<https://lgtm.com/projects/g/finos-plexus/plexus-interop/>`_ project on LGTM.com. Many of the 19
-results are false positives since we currently do not model many ways in which a value can be
-checked for nullness. In particular, after a property reference ``x.p`` we implicitly know that
+We ran this query on the https://github.com/finos/plexus-interop repository. Many of the
+results were false positives since the query does not currently model many ways in which we can check
+a value for nullness. In particular, after a property reference ``x.p`` we implicitly know that
 ``x`` cannot be null anymore, since otherwise the reference would have thrown an exception.
 Modeling this would allow us to get rid of most of the false positives, but is beyond the scope of
 this tutorial.
@@ -391,10 +390,10 @@ Some of our standard security queries use flow labels. You can look at their imp
 to get a feeling for how to use flow labels in practice.
 
 In particular, both of the examples mentioned in the section on limitations of basic data flow above
-are from standard security queries that use flow labels. The `Prototype pollution
-<https://lgtm.com/rules/1508857356317>`_ query uses two flow labels to distinguish completely
+are from standard security queries that use flow labels. The `Prototype-polluting merge call
+<https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution/>`_ query uses two flow labels to distinguish completely
 tainted objects from partially tainted objects. The `Uncontrolled data used in path expression
-<https://lgtm.com/rules/1971530250>`_ query uses four flow labels to track whether a user-controlled
+<https://codeql.github.com/codeql-query-help/javascript/js-path-injection/>`_ query uses four flow labels to track whether a user-controlled
 string may be an absolute path and whether it may contain ``..`` components.
 
 Further reading
diff --git a/docs/codeql/codeql-language-guides/using-type-tracking-for-api-modeling.rst b/docs/codeql/codeql-language-guides/using-type-tracking-for-api-modeling.rst
index e1690397e63..6d14e9413af 100644
--- a/docs/codeql/codeql-language-guides/using-type-tracking-for-api-modeling.rst
+++ b/docs/codeql/codeql-language-guides/using-type-tracking-for-api-modeling.rst
@@ -228,15 +228,23 @@ Here's see an example of what this can handle now:
 
 Tracking in the whole model
 ---------------------------
-We applied this pattern to ``firebaseDatabase()`` in the previous section, and it
-can just as easily apply to the other predicates.
-For reference, here's our simple Firebase model with type tracking on every predicate:
+We applied this pattern to ``firebaseDatabase()`` in the previous section, and we can
+apply the model just as easily to other  predicates.
+This example query uses the model to find `set` calls.
+It's been modified slightly to handle a bit more of the API, which is beyond the scope of this tutorial.
 
 .. code-block:: ql
 
+  import javascript
+  import DataFlow
+
   SourceNode firebase(TypeTracker t) {
     t.start() and
-    result = globalVarRef("firebase")
+    (
+      result = globalVarRef("firebase")
+      or
+      result = moduleImport("firebase/app")
+    )
     or
     exists(TypeTracker t2 |
       result = firebase(t2).track(t2, t)
@@ -277,8 +285,7 @@ For reference, here's our simple Firebase model with type tracking on every pred
     result = firebaseRef().getAMethodCall("set")
   }
 
-`Here <https://lgtm.com/query/1053770500827789481>`__ is a run of an example query using the model to find `set` calls on one of the Firebase sample projects.
-It's been modified slightly to handle a bit more of the API, which is beyond the scope of this tutorial.
+  select firebaseSetterCall()
 
 Tracking associated data
 ------------------------
@@ -392,7 +399,98 @@ Based on that we can track the ``snapshot`` value and find the ``val()`` call it
 
 With this addition, ``firebaseDatabaseRead("forecast")`` finds the call to ``snapshot.val()`` that contains the value of the forecast.
 
-`Here <https://lgtm.com/query/8761360814276109092>`__ is a run of an example query using the model to find `val` calls.
+.. code-block:: ql
+
+  import javascript
+  import DataFlow
+
+  SourceNode firebase(TypeTracker t) {
+    t.start() and
+    (
+      result = globalVarRef("firebase")
+      or
+      result = moduleImport("firebase/app")
+    )
+    or
+    exists(TypeTracker t2 |
+      result = firebase(t2).track(t2, t)
+    )
+  }
+
+  SourceNode firebase() {
+    result = firebase(TypeTracker::end())
+  }
+
+  SourceNode firebaseDatabase(TypeTracker t) {
+    t.start() and
+    result = firebase().getAMethodCall("database")
+    or
+    exists(TypeTracker t2 |
+      result = firebaseDatabase(t2).track(t2, t)
+    )
+  }
+
+  SourceNode firebaseDatabase() {
+    result = firebaseDatabase(TypeTracker::end())
+  }
+
+  SourceNode firebaseRef(Node name, TypeTracker t) {
+    t.start() and
+    exists(CallNode call |
+      call = firebaseDatabase().getAMethodCall("ref") and
+      name = call.getArgument(0) and
+      result = call
+    )
+    or
+    exists(TypeTracker t2 |
+      result = firebaseRef(name, t2).track(t2, t)
+    )
+  }
+
+  SourceNode firebaseRef(Node name) {
+    result = firebaseRef(name, TypeTracker::end())
+  }
+
+  MethodCallNode firebaseSetterCall(Node name) {
+    result = firebaseRef(name).getAMethodCall("set")
+  }
+
+  SourceNode firebaseSnapshotCallback(Node refName, TypeBackTracker t) {
+    t.start() and
+    (
+      result = firebaseRef(refName).getAMethodCall("once").getArgument(1).getALocalSource()
+      or
+      result = firebaseRef(refName).getAMethodCall("once").getAMethodCall("then").getArgument(0).getALocalSource()
+    )
+    or
+    exists(TypeBackTracker t2 |
+      result = firebaseSnapshotCallback(refName, t2).backtrack(t2, t)
+    )
+  }
+
+  FunctionNode firebaseSnapshotCallback(Node refName) {
+    result = firebaseSnapshotCallback(refName, TypeBackTracker::end())
+  }
+
+  SourceNode firebaseSnapshot(Node refName, TypeTracker t) {
+    t.start() and
+    result = firebaseSnapshotCallback(refName).getParameter(0)
+    or
+    exists(TypeTracker t2 |
+      result = firebaseSnapshot(refName, t2).track(t2, t)
+    )
+  }
+
+  SourceNode firebaseSnapshot(Node refName) {
+    result = firebaseSnapshot(refName, TypeTracker::end())
+  }
+
+  MethodCallNode firebaseDatabaseRead(Node refName) {
+    result = firebaseSnapshot(refName).getAMethodCall("val")
+  }
+
+  from Node name
+  select name, firebaseDatabaseRead(name)
 
 Summary
 -------
diff --git a/docs/codeql/codeql-language-guides/working-with-source-locations.rst b/docs/codeql/codeql-language-guides/working-with-source-locations.rst
index 9b55b95df52..90cc5f17849 100644
--- a/docs/codeql/codeql-language-guides/working-with-source-locations.rst
+++ b/docs/codeql/codeql-language-guides/working-with-source-locations.rst
@@ -112,7 +112,7 @@ Here's a first version of our query:
        wsinner > wsouter
    select outer, "Whitespace around nested operators contradicts precedence."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/8141155897270480914/>`__. This query is likely to find results on most projects.
+This query is likely to find results on most codebases.
 
 The first conjunct of the ``where`` clause restricts ``inner`` to be an operand of ``outer``, the second conjunct binds ``wsinner`` and ``wsouter``, while the last conjunct selects the suspicious cases.
 
@@ -143,7 +143,7 @@ Note that our predicate ``operatorWS`` computes the **total** amount of white sp
        wsinner > wsouter
    select outer, "Whitespace around nested operators contradicts precedence."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/3151720037708691205/>`__. Any results will be refined by our changes to the query.
+Any results will be refined by our changes to the query.
 
 Another source of false positives are associative operators: in an expression of the form ``x + y+z``, the first plus is syntactically nested inside the second, since + in Java associates to the left; hence the expression is flagged as suspicious. But since + is associative to begin with, it does not matter which way around the operators are nested, so this is a false positive. To exclude these cases, let us define a new class identifying binary expressions with an associative operator:
 
@@ -175,8 +175,6 @@ Now we can extend our query to discard results where the outer and the inner exp
        wsinner > wsouter
    select outer, "Whitespace around nested operators contradicts precedence."
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/5714614966569401039/>`__.
-
 Notice that we again use ``getOp``, this time to determine whether two binary expressions have the same operator. Running our improved query now finds the Java standard library bug described in the Overview. It also flags up the following suspicious code in `Hadoop HBase <https://hbase.apache.org/>`__:
 
 .. code-block:: java
diff --git a/docs/codeql/codeql-overview/supported-languages-and-frameworks.rst b/docs/codeql/codeql-overview/supported-languages-and-frameworks.rst
index be66125846a..7cb78873ceb 100644
--- a/docs/codeql/codeql-overview/supported-languages-and-frameworks.rst
+++ b/docs/codeql/codeql-overview/supported-languages-and-frameworks.rst
@@ -16,7 +16,7 @@ CodeQL library packs (`source <https://github.com/github/codeql/tree/codeql-cli/
 and CodeQL bundle (`releases <https://github.com/github/codeql-action/releases>`__)
 support the following languages and compilers.
 
-.. include:: ../support/reusables/versions-compilers.rst
+.. include:: ../reusables/supported-versions-compilers.rst
 
 Frameworks and libraries
 ########################
@@ -31,4 +31,4 @@ The current versions of the CodeQL library and query packs (`source <https://git
     For example, by extending the data flow libraries to include data sources
     and sinks for additional libraries or frameworks.
     
-.. include:: ../support/reusables/frameworks.rst
\ No newline at end of file
+.. include:: ../reusables/supported-frameworks.rst
\ No newline at end of file
diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst
index 5569462e5ae..3d482fecedf 100644
--- a/docs/codeql/codeql-overview/system-requirements.rst
+++ b/docs/codeql/codeql-overview/system-requirements.rst
@@ -10,7 +10,9 @@ System requirements for running the latest version of CodeQL.
 Supported platforms
 #######################
 
-.. include:: ../support/reusables/platforms.rst
+.. include:: ../reusables/supported-platforms.rst
+
+.. include:: ../reusables/kotlin-beta-note.rst
 
 Additional software requirements
 ################################
diff --git a/docs/codeql/conf.py b/docs/codeql/conf.py
index 662a3f44b66..da8b9114025 100644
--- a/docs/codeql/conf.py
+++ b/docs/codeql/conf.py
@@ -55,7 +55,7 @@ def setup(sphinx):
     sphinx.add_lexer("ql", QLLexer())
 
 # The version of CodeQL for the current release you're documenting, acts as replacement for
-# |version| and |release|. Not currently used except in LGTM Enterprise support info.
+# |version| and |release|. Not currently used.
 
 # The short X.Y version.
 # version = u'3.0'
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/add-codeql-db-github.png b/docs/codeql/images/codeql-for-visual-studio-code/add-codeql-db-github.png
new file mode 100644
index 00000000000..6b61e32849e
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/add-codeql-db-github.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-1.png
new file mode 100644
index 00000000000..3751e6ff0a1
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-2.png
new file mode 100644
index 00000000000..cdbe5941701
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-cpp-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-1.png
new file mode 100644
index 00000000000..51e30bafac3
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-2.png
new file mode 100644
index 00000000000..e03df573fe6
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-csharp-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-1.png
new file mode 100644
index 00000000000..65a527b7d44
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-2.png
new file mode 100644
index 00000000000..619408cf0f0
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-go-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-1.png
new file mode 100644
index 00000000000..e32ce790d77
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-2.png
new file mode 100644
index 00000000000..48057a6035a
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-java-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-1.png
new file mode 100644
index 00000000000..1f989279759
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-2.png
new file mode 100644
index 00000000000..59d38f8a2eb
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-3.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-3.png
new file mode 100644
index 00000000000..97f2df4dac8
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-js-query-results-3.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-1.png
new file mode 100644
index 00000000000..84e5dee757c
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-2.png
new file mode 100644
index 00000000000..d92f8e3000f
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-python-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-1.png
new file mode 100644
index 00000000000..13d5e137baf
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-1.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-2.png
new file mode 100644
index 00000000000..f4f3393dc58
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-ruby-query-results-2.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/codeql-extension-icon.png b/docs/codeql/images/codeql-for-visual-studio-code/codeql-extension-icon.png
new file mode 100644
index 00000000000..c8ffd6e1dce
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/codeql-extension-icon.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/database-selected.png b/docs/codeql/images/codeql-for-visual-studio-code/database-selected.png
new file mode 100644
index 00000000000..bae8ecaed94
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/database-selected.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-cpp.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-cpp.png
new file mode 100644
index 00000000000..679fa4c2e1a
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-cpp.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-csharp.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-csharp.png
new file mode 100644
index 00000000000..07a5ec530a2
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-csharp.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-go.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-go.png
new file mode 100644
index 00000000000..8ea90090ba9
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-go.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-java.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-java.png
new file mode 100644
index 00000000000..68ea2ba4914
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-java.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-js.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-js.png
new file mode 100644
index 00000000000..4e066bfbf46
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-js.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-python.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-python.png
new file mode 100644
index 00000000000..195d401d6a7
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-python.png differ
diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-ruby.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-ruby.png
new file mode 100644
index 00000000000..25819aec141
Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-ruby.png differ
diff --git a/docs/codeql/images/ql-select-statement-basic.png b/docs/codeql/images/ql-select-statement-basic.png
index 228542ddd6a..84e3705c0cb 100644
Binary files a/docs/codeql/images/ql-select-statement-basic.png and b/docs/codeql/images/ql-select-statement-basic.png differ
diff --git a/docs/codeql/images/ql-select-statement-class-name.png b/docs/codeql/images/ql-select-statement-class-name.png
new file mode 100644
index 00000000000..705db268ef5
Binary files /dev/null and b/docs/codeql/images/ql-select-statement-class-name.png differ
diff --git a/docs/codeql/images/ql-select-statement-filename.png b/docs/codeql/images/ql-select-statement-filename.png
deleted file mode 100644
index 4e94bc0643f..00000000000
Binary files a/docs/codeql/images/ql-select-statement-filename.png and /dev/null differ
diff --git a/docs/codeql/images/ql-select-statement-link.png b/docs/codeql/images/ql-select-statement-link.png
new file mode 100644
index 00000000000..f87f6cb8ff0
Binary files /dev/null and b/docs/codeql/images/ql-select-statement-link.png differ
diff --git a/docs/codeql/images/ql-select-statement-similarity.png b/docs/codeql/images/ql-select-statement-similarity.png
deleted file mode 100644
index 181fe75088e..00000000000
Binary files a/docs/codeql/images/ql-select-statement-similarity.png and /dev/null differ
diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst
index e801f0a95aa..b78ef5bdd34 100644
--- a/docs/codeql/ql-language-reference/annotations.rst
+++ b/docs/codeql/ql-language-reference/annotations.rst
@@ -433,7 +433,6 @@ The ``bindingset`` annotation takes a comma-separated list of variables.
   (for characteristic predicates and member predicates) and ``result`` (for predicates that return a result). 
   For more information, see ":ref:`predicate-binding`."
 - When you annotate a class, each variable must be ``this`` or a field in the class. 
-  Binding sets for classes are supported from release 2.3.0 of the CodeQL CLI, and release 1.26 of LGTM Enterprise.
 
 .. Links to use in substitutions
 
diff --git a/docs/codeql/ql-language-reference/expressions.rst b/docs/codeql/ql-language-reference/expressions.rst
index 2091c7628a3..29771fde93d 100644
--- a/docs/codeql/ql-language-reference/expressions.rst
+++ b/docs/codeql/ql-language-reference/expressions.rst
@@ -117,8 +117,6 @@ The values of the contained expressions need to be of :ref:`compatible types <ty
 Furthermore, at least one of the set elements has to be of a type that is a supertype of the types of all
 the other contained expressions.
 
-Set literals are supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
-
 .. index:: super
 .. _super:
 
@@ -341,8 +339,6 @@ The following aggregates are available in QL:
       where x in [-5 .. 5] and x != 0
       select unique(int y | y = x or y = x.abs() | y)
 
-  The ``unique`` aggregate is supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
-
 Evaluation of aggregates
 ========================
 
@@ -606,6 +602,7 @@ the distance of a node in a graph from the leaves as follows:
 
 .. code-block:: ql
 
+   language[monotonicAggregates]
    int depth(Node n) {
      if not exists(n.getAChild())
      then result = 0
diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst
index 765a5fda4ab..bf44b85e2cc 100644
--- a/docs/codeql/ql-language-reference/ql-language-specification.rst
+++ b/docs/codeql/ql-language-reference/ql-language-specification.rst
@@ -1356,9 +1356,7 @@ Set literals can be of any type, but the types within a set literal have to be c
 
 The values of a set literal expression are all the values of all the contained element expressions.
 
-Set literals are supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
-
-Since release 2.7.1 of the CodeQL CLI, and release 1.30 of LGTM Enterprise, a trailing comma is allowed in a set literal.
+Since release 2.7.1 of the CodeQL CLI, a trailing comma is allowed in a set literal.
 
 Disambiguation of expressions
 -----------------------------
diff --git a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-1.ql b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-1.ql
index 41cd8c9017b..870849d024b 100644
--- a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-1.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-1.ql
@@ -5,4 +5,4 @@ where
   a.getAnOperand() = v.getAnAccess() and
   cmp.getAnOperand() = a and
   cmp.getAnOperand() = v.getAnAccess()
-select cmp, "Overflow check."
\ No newline at end of file
+select cmp, "Overflow check."
diff --git a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-2.ql b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-2.ql
index 12f3ad2f306..3e7be6fe635 100644
--- a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-2.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-2.ql
@@ -6,4 +6,4 @@ where
   cmp.getAnOperand() = a and
   cmp.getAnOperand() = v.getAnAccess() and
   forall(Expr op | op = a.getAnOperand() | isSmall(op))
-select cmp, "Bad overflow check."
\ No newline at end of file
+select cmp, "Bad overflow check."
diff --git a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-3.ql b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-3.ql
index 693a54ed6ac..84495382386 100644
--- a/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-3.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-3.ql
@@ -9,4 +9,4 @@ where
   cmp.getAnOperand() = v.getAnAccess() and
   forall(Expr op | op = a.getAnOperand() | isSmall(op)) and
   not isSmall(a.getExplicitlyConverted())
-select cmp, "Bad overflow check"
\ No newline at end of file
+select cmp, "Bad overflow check"
diff --git a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-1.ql b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-1.ql
index b56d1386e13..533863f87e7 100644
--- a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-1.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-1.ql
@@ -1,8 +1,9 @@
 import cpp
-  
+
 from FunctionCall alloc, FunctionCall free, LocalScopeVariable v
-where allocationCall(alloc)
-  and alloc = v.getAnAssignedValue()
-  and freeCall(free, v.getAnAccess())
-  and alloc.getASuccessor+() = free
+where
+  allocationCall(alloc) and
+  alloc = v.getAnAssignedValue() and
+  freeCall(free, v.getAnAccess()) and
+  alloc.getASuccessor+() = free
 select alloc, free
diff --git a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-2.ql b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-2.ql
index 264b5543219..c4acb9287ec 100644
--- a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-2.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-2.ql
@@ -1,8 +1,9 @@
 import cpp
-  
+
 from FunctionCall free, LocalScopeVariable v, VariableAccess u
-where freeCall(free, v.getAnAccess())
-  and u = v.getAnAccess()
-  and u.isRValue()
-  and free.getASuccessor+() = u
-select free, u
\ No newline at end of file
+where
+  freeCall(free, v.getAnAccess()) and
+  u = v.getAnAccess() and
+  u.isRValue() and
+  free.getASuccessor+() = u
+select free, u
diff --git a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-3.ql b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-3.ql
index e8a897d49f8..04ff31ad42a 100644
--- a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-3.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-3.ql
@@ -7,4 +7,4 @@ where
     use = lv.getAnAccess() and
     use = def.getASuccessor+()
   )
-select lv, def
\ No newline at end of file
+select lv, def
diff --git a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-4.ql b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-4.ql
index 72799902481..03503804ee9 100644
--- a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-4.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-4.ql
@@ -7,4 +7,4 @@ predicate isReachable(BasicBlock bb) {
 
 from BasicBlock bb
 where not isReachable(bb)
-select bb
\ No newline at end of file
+select bb
diff --git a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-5.ql b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-5.ql
index da642b22fba..6b8d368daa2 100644
--- a/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-5.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-5.ql
@@ -1,10 +1,10 @@
 import cpp
 
-from ExprCall c, PointerDereferenceExpr deref, VariableAccess va,
-     Access fnacc
-where c.getLocation().getFile().getBaseName() = "cjpeg.c" and
-      c.getLocation().getStartLine() = 640 and
-      deref = c.getExpr() and
-      va = deref.getOperand() and
-      fnacc = va.getTarget().getAnAssignedValue()
-select c, fnacc.getTarget()
\ No newline at end of file
+from ExprCall c, PointerDereferenceExpr deref, VariableAccess va, Access fnacc
+where
+  c.getLocation().getFile().getBaseName() = "cjpeg.c" and
+  c.getLocation().getStartLine() = 640 and
+  deref = c.getExpr() and
+  va = deref.getOperand() and
+  fnacc = va.getTarget().getAnAssignedValue()
+select c, fnacc.getTarget()
diff --git a/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-1.ql b/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-1.ql
index 07dfe382ac8..9af37a5b7da 100644
--- a/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-1.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-1.ql
@@ -2,7 +2,8 @@ import cpp
 import semmle.code.cpp.commons.Printf
 
 from Call c, FormattingFunction ff, Expr format
-where c.getTarget() = ff and
-      format = c.getArgument(ff.getFormatParameterIndex()) and
-      not format instanceof StringLiteral
-select format, "Non-constant format string."
\ No newline at end of file
+where
+  c.getTarget() = ff and
+  format = c.getArgument(ff.getFormatParameterIndex()) and
+  not format instanceof StringLiteral
+select format, "Non-constant format string."
diff --git a/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-2.ql b/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-2.ql
index fadc74f5e6f..41ad66a8e05 100644
--- a/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-2.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-2.ql
@@ -5,8 +5,9 @@ import semmle.code.cpp.commons.Printf
 class SourceNode extends DataFlow::Node { /* ... */ }
 
 from FormattingFunction f, Call c, SourceNode src, DataFlow::Node arg
-where c.getTarget() = f and
-      arg.asExpr() = c.getArgument(f.getFormatParameterIndex()) and
-      DataFlow::localFlow(src, arg) and
-      not src.asExpr() instanceof StringLiteral
+where
+  c.getTarget() = f and
+  arg.asExpr() = c.getArgument(f.getFormatParameterIndex()) and
+  DataFlow::localFlow(src, arg) and
+  not src.asExpr() instanceof StringLiteral
 select arg, "Non-constant format string."
diff --git a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-class.ql b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-class.ql
index c68cfbb63e1..d5a47b259ff 100644
--- a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-class.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-class.ql
@@ -1,11 +1,9 @@
 import cpp
 
 class EmptyBlock extends Block {
-  EmptyBlock() {
-    this.isEmpty()
-  }
+  EmptyBlock() { this.isEmpty() }
 }
 
 from IfStmt ifStmt
 where ifstmt.getThen() instanceof EmptyBlock
-select ifstmt
\ No newline at end of file
+select ifstmt
diff --git a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-model.ql b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-model.ql
index c9491ffb458..47ea0c1a735 100644
--- a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-model.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-model.ql
@@ -8,4 +8,4 @@ from IfStmt ifstmt
 where
   ifstmt.getThen() instanceof EmptyBlock and
   not exists(ifstmt.getElse())
-select ifstmt, "This if-statement is redundant."
\ No newline at end of file
+select ifstmt, "This if-statement is redundant."
diff --git a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-predicate.ql b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-predicate.ql
index 46a8feb7981..a4ba381e02d 100644
--- a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-predicate.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-predicate.ql
@@ -1,9 +1,7 @@
 import cpp
 
-predicate isEmpty(Block block) {
-  block.isEmpty()
-}
+predicate isEmpty(Block block) { block.isEmpty() }
 
 from IfStmt ifstmt
 where isEmpty(ifstmt.getThen())
-select ifstmt, "This if-statement is redundant."
\ No newline at end of file
+select ifstmt, "This if-statement is redundant."
diff --git a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp.ql b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp.ql
index 9779512ac9c..ee0dc38663c 100644
--- a/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/empty-if-cpp.ql
@@ -1,7 +1,7 @@
-import cpp  
-   
+import cpp
+
 from IfStmt ifstmt, Block block
 where
   block = ifstmt.getThen() and
   block.isEmpty()
-select ifstmt, "This if-statement is redundant."
\ No newline at end of file
+select ifstmt, "This if-statement is redundant."
diff --git a/docs/codeql/ql-training/query-examples/cpp/global-data-flow-cpp-1.ql b/docs/codeql/ql-training/query-examples/cpp/global-data-flow-cpp-1.ql
index a151dcec83e..9020da5ea2c 100644
--- a/docs/codeql/ql-training/query-examples/cpp/global-data-flow-cpp-1.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/global-data-flow-cpp-1.ql
@@ -3,11 +3,12 @@ import semmle.code.cpp.dataflow.TaintTracking
 
 class TaintedFormatConfig extends TaintTracking::Configuration {
   TaintedFormatConfig() { this = "TaintedFormatConfig" }
+
   override predicate isSource(DataFlow::Node source) { /* TBD */ }
+
   override predicate isSink(DataFlow::Node sink) { /* TBD */ }
 }
 
 from TaintedFormatConfig cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
-select sink, "This format string may be derived from a $@.",
-              source, "user-controlled value"
+select sink, "This format string may be derived from a $@.", source, "user-controlled value"
diff --git a/docs/codeql/ql-training/query-examples/cpp/snprintf-1.ql b/docs/codeql/ql-training/query-examples/cpp/snprintf-1.ql
index 89daeb86fcd..aa9ca7fc4af 100644
--- a/docs/codeql/ql-training/query-examples/cpp/snprintf-1.ql
+++ b/docs/codeql/ql-training/query-examples/cpp/snprintf-1.ql
@@ -8,4 +8,4 @@ where
   TaintTracking::localTaint(source, sink) and
   source.asExpr() = call and
   sink.asExpr() = call.getArgument(1)
-select call
\ No newline at end of file
+select call
diff --git a/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql b/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql
index efc8793b794..ca14242c10a 100644
--- a/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql
+++ b/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql
@@ -8,4 +8,4 @@ from MethodAccess ma
 where
   ma.getMethod().getName().matches("sparql%Query") and
   ma.getArgument(0) instanceof StringConcat
-select ma, "SPARQL query vulnerable to injection."
\ No newline at end of file
+select ma, "SPARQL query vulnerable to injection."
diff --git a/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql b/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql
index 14020c1dc22..87f41f59fe2 100644
--- a/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql
+++ b/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql
@@ -5,4 +5,4 @@ from MethodAccess ma, StringConcat stringConcat
 where
   ma.getMethod().getName().matches("sparql%Query") and
   localFlow(exprNode(stringConcat), exprNode(ma.getArgument(0)))
-select ma, "SPARQL query vulnerable to injection."
\ No newline at end of file
+select ma, "SPARQL query vulnerable to injection."
diff --git a/docs/codeql/ql-training/query-examples/java/empty-if-java-class.ql b/docs/codeql/ql-training/query-examples/java/empty-if-java-class.ql
index e5069678158..da7e118436b 100644
--- a/docs/codeql/ql-training/query-examples/java/empty-if-java-class.ql
+++ b/docs/codeql/ql-training/query-examples/java/empty-if-java-class.ql
@@ -1,12 +1,9 @@
 import java
 
 class EmptyBlock extends Block {
-  EmptyBlock() {
-    this.getNumStmt() = 0
-  }
+  EmptyBlock() { this.getNumStmt() = 0 }
 }
 
 from IfStmt ifstmt
-where ifstmt.getThen() instanceof
-      EmptyBlock
+where ifstmt.getThen() instanceof EmptyBlock
 select ifstmt
diff --git a/docs/codeql/ql-training/query-examples/java/empty-if-java-model.ql b/docs/codeql/ql-training/query-examples/java/empty-if-java-model.ql
index e5928274b1c..390980dc2ca 100644
--- a/docs/codeql/ql-training/query-examples/java/empty-if-java-model.ql
+++ b/docs/codeql/ql-training/query-examples/java/empty-if-java-model.ql
@@ -8,4 +8,4 @@ from IfStmt ifstmt
 where
   ifstmt.getThen() instanceof EmptyBlock and
   not exists(ifstmt.getElse())
-select ifstmt, "This if-statement is redundant."
\ No newline at end of file
+select ifstmt, "This if-statement is redundant."
diff --git a/docs/codeql/ql-training/query-examples/java/empty-if-java-predicate.ql b/docs/codeql/ql-training/query-examples/java/empty-if-java-predicate.ql
index c993d7f3cab..99a9bccfafc 100644
--- a/docs/codeql/ql-training/query-examples/java/empty-if-java-predicate.ql
+++ b/docs/codeql/ql-training/query-examples/java/empty-if-java-predicate.ql
@@ -1,9 +1,7 @@
 import java
 
-predicate isEmpty(Block block) {
-  block.getNumStmt() = 0
-}
+predicate isEmpty(Block block) { block.getNumStmt() = 0 }
 
 from IfStmt ifstmt
 where isEmpty(ifstmt.getThen())
-select ifstmt
\ No newline at end of file
+select ifstmt
diff --git a/docs/codeql/ql-training/query-examples/java/empty-if-java.ql b/docs/codeql/ql-training/query-examples/java/empty-if-java.ql
index 9cd9ca69279..714ad4f4202 100644
--- a/docs/codeql/ql-training/query-examples/java/empty-if-java.ql
+++ b/docs/codeql/ql-training/query-examples/java/empty-if-java.ql
@@ -4,4 +4,4 @@ from IfStmt ifstmt, Block block
 where
   block = ifstmt.getThen() and
   block.getNumStmt() = 0
-select ifstmt, "This if-statement is redundant."
\ No newline at end of file
+select ifstmt, "This if-statement is redundant."
diff --git a/docs/codeql/ql-training/query-examples/java/global-data-flow-java-1.ql b/docs/codeql/ql-training/query-examples/java/global-data-flow-java-1.ql
index f30e4c20d68..7604b20eb95 100644
--- a/docs/codeql/ql-training/query-examples/java/global-data-flow-java-1.ql
+++ b/docs/codeql/ql-training/query-examples/java/global-data-flow-java-1.ql
@@ -3,12 +3,12 @@ import semmle.code.java.dataflow.TaintTracking
 
 class TaintedOGNLConfig extends TaintTracking::Configuration {
   TaintedOGNLConfig() { this = "TaintedOGNLConfig" }
+
   override predicate isSource(DataFlow::Node source) { /* TBD */ }
+
   override predicate isSink(DataFlow::Node sink) { /* TBD */ }
 }
 
 from TaintedOGNLConfig cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
-select source,
-       "This untrusted input is evaluated as an OGNL expression $@.",
-       sink, "here"
\ No newline at end of file
+select source, "This untrusted input is evaluated as an OGNL expression $@.", sink, "here"
diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql
index af007406057..e9ad5a7113e 100644
--- a/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql
+++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql
@@ -4,4 +4,4 @@ from Method m, MethodAccess ma
 where
   m.getName().matches("sparql%Query") and
   ma.getMethod() = m
-select ma, m
\ No newline at end of file
+select ma, m
diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql
index 84f8fde6363..bb2e76d168a 100644
--- a/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql
+++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql
@@ -5,4 +5,4 @@ where
   m.getName().matches("sparql%Query") and
   ma.getMethod() = m and
   isStringConcat(ma.getArgument(0))
-select ma, m
\ No newline at end of file
+select ma, m
diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql
index 923c65294f1..9c7186ce4bf 100644
--- a/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql
+++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql
@@ -1,12 +1,10 @@
 import java
 
-predicate isStringConcat(AddExpr ae) {
-  ae.getType() instanceof TypeString
-}
+predicate isStringConcat(AddExpr ae) { ae.getType() instanceof TypeString }
 
 from Method m, MethodAccess ma
 where
   m.getName().matches("sparql%Query") and
   ma.getMethod() = m and
   isStringConcat(ma.getArgument(0))
-select ma, "SPARQL query vulnerable to injection."
\ No newline at end of file
+select ma, "SPARQL query vulnerable to injection."
diff --git a/docs/codeql/ql-training/template.rst b/docs/codeql/ql-training/template.rst
index 0fc0a740a66..503ac757fdb 100644
--- a/docs/codeql/ql-training/template.rst
+++ b/docs/codeql/ql-training/template.rst
@@ -41,7 +41,7 @@ For this example you should download:
 
 .. note::
 
-   Some notes about the project, perhaps a link to the project page on LGTM.
+   Some notes about the project.
 
 .. Agenda slide. Explaining what is to be covered in the presentation
 
diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst
index c0b36646df8..680f41b1056 100644
--- a/docs/codeql/query-help/codeql-cwe-coverage.rst
+++ b/docs/codeql/query-help/codeql-cwe-coverage.rst
@@ -3,6 +3,8 @@ CodeQL CWE coverage
 
 You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.
 
+.. include:: ../reusables/kotlin-beta-note.rst
+
 About CWEs
 ##########
 
diff --git a/docs/codeql/query-help/index.rst b/docs/codeql/query-help/index.rst
index b45b3a5bf87..6dad02ce2b1 100644
--- a/docs/codeql/query-help/index.rst
+++ b/docs/codeql/query-help/index.rst
@@ -6,11 +6,13 @@ View the query help for the queries included in the ``code-scanning``, ``securit
 - :doc:`CodeQL query help for C and C++ <cpp>`
 - :doc:`CodeQL query help for C# <csharp>`
 - :doc:`CodeQL query help for Go <go>`
-- :doc:`CodeQL query help for Java <java>`
+- :doc:`CodeQL query help for Java and Kotlin <java>`
 - :doc:`CodeQL query help for JavaScript <javascript>`
 - :doc:`CodeQL query help for Python <python>`
 - :doc:`CodeQL query help for Ruby <ruby>`
 
+.. include:: ../reusables/kotlin-beta-note.rst
+
 .. pull-quote:: Information
 
    Each query help article includes: 
diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst
index a3a4952811d..606c57d0208 100644
--- a/docs/codeql/reusables/extractors.rst
+++ b/docs/codeql/reusables/extractors.rst
@@ -10,7 +10,7 @@
      - ``csharp``
    * - Go
      - ``go``
-   * - Java 
+   * - Java/Kotlin
      - ``java``
    * - JavaScript/TypeScript
      - ``javascript``
diff --git a/docs/codeql/reusables/kotlin-beta-note.rst b/docs/codeql/reusables/kotlin-beta-note.rst
new file mode 100644
index 00000000000..d05d137a13e
--- /dev/null
+++ b/docs/codeql/reusables/kotlin-beta-note.rst
@@ -0,0 +1,4 @@
+  .. pull-quote:: Note
+
+     CodeQL analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin code, 
+     and the accompanying documentation, will not be as comprehensive as for other languages.
\ No newline at end of file
diff --git a/docs/codeql/reusables/kotlin-java-differences.rst b/docs/codeql/reusables/kotlin-java-differences.rst
new file mode 100644
index 00000000000..40e18b60484
--- /dev/null
+++ b/docs/codeql/reusables/kotlin-java-differences.rst
@@ -0,0 +1,20 @@
+Writing CodeQL queries for Kotlin versus Java analysis
+------------------------------------------------------
+
+Generally you use the same classes to write queries for Kotlin and for Java. You use the same libraries such as DataFlow, TaintTracking, or SSA, and the same classes such as ``MethodAccess`` or ``Class`` for both languages. When you want to access Kotlin-specific elements (such as a ``WhenExpr``) you’ll need to use Kotlin-specific CodeQL classes.
+
+There are however some important cases where writing queries for Kotlin can produce surprising results compared to writing queries for Java, as CodeQL works with the JVM bytecode representation of the Kotlin source code. 
+
+Be careful when you model code elements that don’t exist in Java, such as ``NotNullExpr (expr!!)``, because they could interact in unexpected ways with common predicates. For example, ``MethodAccess.getQualifier()`` returns a ``NotNullExpr`` instead of a ``VarAccess`` in the following Kotlin code:
+
+.. code-block:: kotlin
+   
+   someVar!!.someMethodCall()
+
+In that specific case, you can use the predicate ``Expr.getUnderlyingExpr()``. This goes directly to the underlying ``VarAccess`` to produce a more similar behavior to that in Java.
+
+Nullable elements (``?``) can also produce unexpected behavior. To avoid a ``NullPointerException``, Kotlin may inline calls like ``expr.toString()`` to ``String.valueOf(expr)`` when ``expr`` is nullable. Make sure that you write CodeQL around the extracted code, which may not exactly match the code as written in the codebase.
+
+Another example is that if-else expressions in Kotlin are translated into ``WhenExprs`` in CodeQL, instead of the more typical ``IfStmt`` seen in Java.
+
+In general, you can debug these issues with the AST (you can use the ``CodeQL: View AST`` command from Visual Studio Code’s CodeQL extension, or run the ``PrintAst.ql`` query) and see exactly what CodeQL is extracting from your code.
\ No newline at end of file
diff --git a/docs/codeql/reusables/setup-to-run-tutorials.rst b/docs/codeql/reusables/setup-to-run-tutorials.rst
new file mode 100644
index 00000000000..de761968d8a
--- /dev/null
+++ b/docs/codeql/reusables/setup-to-run-tutorials.rst
@@ -0,0 +1 @@
+For information about installing the CodeQL extension for Visual Studio code, see ":ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`."
diff --git a/docs/codeql/support/reusables/frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst
similarity index 99%
rename from docs/codeql/support/reusables/frameworks.rst
rename to docs/codeql/reusables/supported-frameworks.rst
index b83b26f486a..191b40b4896 100644
--- a/docs/codeql/support/reusables/frameworks.rst
+++ b/docs/codeql/reusables/supported-frameworks.rst
@@ -93,9 +93,11 @@ and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/gi
    `yaml <https://gopkg.in/yaml.v3>`_, Serialization
    `zap <https://go.uber.org/zap>`_, Logging library
 
-Java built-in support
+Java and Kotlin built-in support
 ==================================
 
+.. include:: ../reusables/kotlin-beta-note.rst
+
 Provided by the current versions of the
 CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__)
 and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib>`__).
diff --git a/docs/codeql/support/reusables/platforms.rst b/docs/codeql/reusables/supported-platforms.rst
similarity index 100%
rename from docs/codeql/support/reusables/platforms.rst
rename to docs/codeql/reusables/supported-platforms.rst
diff --git a/docs/codeql/support/reusables/versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst
similarity index 94%
rename from docs/codeql/support/reusables/versions-compilers.rst
rename to docs/codeql/reusables/supported-versions-compilers.rst
index d84757c81d7..85a650ed17a 100644
--- a/docs/codeql/support/reusables/versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -24,7 +24,7 @@
    JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_"
    Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10",Not applicable,``.py``
    Ruby [9]_,"up to 3.1",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
-   TypeScript [10]_,"2.6-4.8",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
+   TypeScript [10]_,"2.6-4.9",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
 
 .. container:: footnote-group
 
@@ -37,4 +37,4 @@
     .. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
     .. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
     .. [9] Requires glibc 2.17.
-    .. [10] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM.
+    .. [10] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.
diff --git a/docs/codeql/reusables/vs-code-basic-instructions/find-database.rst b/docs/codeql/reusables/vs-code-basic-instructions/find-database.rst
new file mode 100644
index 00000000000..a0129d96677
--- /dev/null
+++ b/docs/codeql/reusables/vs-code-basic-instructions/find-database.rst
@@ -0,0 +1,23 @@
+Finding a CodeQL database to experiment with
+--------------------------------------------
+
+Before you start writing queries for |language-text| code, you need a CodeQL database to run them against. The simplest way to do this is to download a database for a repository that uses |language-text| directly from GitHub.com.
+
+#. In Visual Studio Code, click the **QL** icon |codeql-ext-icon| in the left sidebar to display the CodeQL extension. 
+
+#. Click **From GitHub** or the GitHub logo |github-db| at the top of the CodeQL extension to open an entry field.
+
+#. Copy the URL for the repository into the field and press the keyboard **Enter** key. For example, |example-url|.
+
+#. Optionally, if the repository has more than one CodeQL database available, select |language-code| to download the database created from the |language-text| code. 
+
+Information about the download progress for the database is shown in the bottom right corner of Visual Studio Code. When the download is complete, the database is shown with a check mark in the **Databases** section of the CodeQL extension (see screenshot below).
+
+.. |codeql-ext-icon| image:: ../images/codeql-for-visual-studio-code/codeql-extension-icon.png
+  :width: 20
+  :alt: Icon for the CodeQL extension.
+
+.. |github-db| image:: ../images/codeql-for-visual-studio-code/add-codeql-db-github.png
+  :width: 20
+  :alt: Icon for the CodeQL extension option to download a CodeQL database from GitHub.
+
diff --git a/docs/codeql/reusables/vs-code-basic-instructions/note-store-quick-query.rst b/docs/codeql/reusables/vs-code-basic-instructions/note-store-quick-query.rst
new file mode 100644
index 00000000000..3638b37d35e
--- /dev/null
+++ b/docs/codeql/reusables/vs-code-basic-instructions/note-store-quick-query.rst
@@ -0,0 +1,5 @@
+.. pull-quote::
+
+   Note
+
+   If you want to move your experimental query somewhere more permanent, you need to move the whole ``Quick Queries`` directory. The directory is a CodeQL pack with a ``qlpack.yml`` file that defines the content as queries for |language-text| CodeQL databases. For more information about CodeQL packs, see ":ref:`Working with CodeQL packs in Visual Studio Code <working-with-codeql-packs-in-visual-studio-code>`."
\ No newline at end of file
diff --git a/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-1.rst b/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-1.rst
new file mode 100644
index 00000000000..765eb115cd1
--- /dev/null
+++ b/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-1.rst
@@ -0,0 +1,7 @@
+The CodeQL extension for Visual Studio Code adds several **CodeQL:** commands to the command palette including **Quick Query**, which you can use to run a query without any set up.
+
+#. From the command palette in Visual Studio Code, select **CodeQL: Quick Query**.
+
+#. After a moment, a new tab *quick-query.ql* is opened, ready for you to write a query for your currently selected CodeQL database (here a |language-code| database). If you are prompted to reload your workspace as a multi-folder workspace to allow Quick queries, accept or create a new workspace using the starter workflow.
+
+   |image-quick-query|
\ No newline at end of file
diff --git a/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-2.rst b/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-2.rst
new file mode 100644
index 00000000000..5937edead68
--- /dev/null
+++ b/docs/codeql/reusables/vs-code-basic-instructions/run-quick-query-2.rst
@@ -0,0 +1,7 @@
+4. Save the query in its default location (a temporary "Quick Queries" directory under the workspace for ``GitHub.vscode-codeql/quick-queries``).
+
+#. Right-click in the query tab and select **CodeQL: Run Query**. (Alternatively, run the command from the Command Palette.)
+
+   The query will take a few moments to return results. When the query completes, the results are displayed in a CodeQL Query Results view, next to the main editor view.
+
+   The query results are listed in two columns, corresponding to the expressions in the ``select`` clause of the query. |result-col-1| The second column is the alert message.
\ No newline at end of file
diff --git a/docs/codeql/reusables/vs-code-basic-instructions/setup-to-run-queries.rst b/docs/codeql/reusables/vs-code-basic-instructions/setup-to-run-queries.rst
new file mode 100644
index 00000000000..4e6ecf8daf2
--- /dev/null
+++ b/docs/codeql/reusables/vs-code-basic-instructions/setup-to-run-queries.rst
@@ -0,0 +1 @@
+For information about installing the CodeQL extension for Visual Studio code, see ":ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`."
\ No newline at end of file
diff --git a/docs/codeql/support/conf.py b/docs/codeql/support/conf.py
deleted file mode 100644
index c8acb659695..00000000000
--- a/docs/codeql/support/conf.py
+++ /dev/null
@@ -1,101 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# CodeQL analysis support for LGTM Enterprise docs build configuration file.
-#
-# This file is execfile()d with the current directory set to its
-# containing dir.
-#
-# Note that not all possible configuration values are present in this
-# autogenerated file.
-#
-# All configuration values have a default; values that are commented out
-# serve to show the default.
-
-# For details of all possible config values, 
-# see https://www.sphinx-doc.org/en/master/usage/configuration.html
-
-##############################################################################
-#
-# Modified 22032021. 
-
-# The configuration values below are specific to the supported languages and frameworks project
-# To amend html_theme_options, update version/release number, or add more sphinx extensions,
-# refer to code/documentation/ql-documentation/global-sphinx-files/global-conf.py
-
-##############################################################################
-
-# -- Project-specific configuration -----------------------------------
-
-# Set QL as the default language for highlighting code. Set to none to disable 
-# syntax highlighting. If omitted or left blank, it defaults to Python 3. 
-highlight_language = 'none'
-
-# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
-
-# The master toctree document.
-master_doc = 'index'
-
-# Project-specific information.
-project = u'Supported languages and frameworks for LGTM Enterprise'
-
-# The version info for this project, if different from version and release in main conf.py file.
-# The short X.Y version.
-
-# LGTM Enterprise release
-release = u'1.30'
-
-# CodeQL CLI version used by LGTM Enterprise release
-version = u'2.7.6'
-
-# -- Project-specifc options for HTML output ----------------------------------------------
-
-# The name for this set of Sphinx documents.  If None, it defaults to
-# "<project> v<release> documentation".
-html_title = 'Supported languages and frameworks'
-
-# Output file base name for HTML help builder.
-htmlhelp_basename = 'Supported languages and frameworks'
-
-# Add any paths that contain templates here, relative to this directory.
-templates_path = ['../_templates']
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['../_static']
-
-html_theme_options = {'font_size': '16px',
-                      'body_text': '#333', 
-                      'link': '#2F1695',
-                      'link_hover': '#2F1695',
-                      'show_powered_by': False,
-                      'nosidebar':True,
-                      'head_font_family': '-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"',
-                      }
-
-html_favicon = '../images/site/favicon.ico'
-
-# -- Currently unused, but potentially useful, configs--------------------------------------
-
-# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
-
-# A shorter title for the navigation bar.  Default is the same as html_title.
-#html_short_title = None
-
-# The name of an image file (relative to this directory) to place at the top
-# of the sidebar.
-#html_logo = None
-
-# Custom sidebar templates, maps document names to template names.
-#html_sidebars = {}
-
-# Add any extra paths that contain custom files (such as robots.txt or
-# .htaccess) here, relative to this directory. These files are copied
-# directly to the root of the documentation.
-#html_extra_path = []
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-exclude_patterns = ['read-me-project.rst', 'reusables/*']
diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst
deleted file mode 100644
index d12b1a96c8f..00000000000
--- a/docs/codeql/support/framework-support.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-Frameworks and libraries
-########################
-
-LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below.
-
-.. pull-quote::
-
-    Note
-
-    For details of framework and library support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks <https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/>`__ in the CodeQL CLI documentation.
-
-.. pull-quote::
-
-    Tip
-    
-    If you're interested in other libraries or frameworks, you can extend the analysis to cover them. 
-    For example, by extending the data flow libraries to include data sources and sinks for additional libraries or frameworks.
-
-.. include:: reusables/frameworks.rst
diff --git a/docs/codeql/support/index.rst b/docs/codeql/support/index.rst
deleted file mode 100644
index 89812242fce..00000000000
--- a/docs/codeql/support/index.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-Supported languages and frameworks
-##################################
-
-These pages describe the languages and frameworks supported in the latest enterprise release of CodeQL and LGTM. (CodeQL was previously known as QL.) 
-Users of `LGTM.com <https://lgtm.com/>`_ may find that additional features are supported because it's updated more frequently.
-
-For details see:
-
-.. toctree::
-
-  language-support.rst
-  framework-support.rst
-
-For details of the CodeQL libraries, see `CodeQL standard libraries <https://codeql.github.com/codeql-standard-libraries/>`_.
-
-.. toctree::
-   :hidden:
-
-   ql-training
\ No newline at end of file
diff --git a/docs/codeql/support/language-support.rst b/docs/codeql/support/language-support.rst
deleted file mode 100644
index 49b90693a7c..00000000000
--- a/docs/codeql/support/language-support.rst
+++ /dev/null
@@ -1,16 +0,0 @@
-Languages and compilers
-#######################
-
-LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers.
-
-.. pull-quote::
-
-    Note
-
-    For details of language and compiler support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks <https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/>`__ in the CodeQL CLI documentation.
-
-Note that where there are several versions or dialects of a language, the supported variants are listed.
-If your code requires a particular version of a compiler, check that this version is included below. 
-If you have any questions about language and compiler support, you can find help on the `GitHub Security Lab discussions board <https://github.com/github/securitylab/discussions>`__.
-
-.. include:: reusables/versions-compilers.rst
diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst
deleted file mode 100644
index 6eb8019e5c9..00000000000
--- a/docs/codeql/support/ql-training.rst
+++ /dev/null
@@ -1,63 +0,0 @@
-CodeQL training and variant analysis examples
-=============================================
-
-CodeQL and variant analysis
----------------------------
-
-Variant analysis is the process of using a known vulnerability as a seed to find similar problems in your code. Security engineers typically perform variant analysis to identify possible vulnerabilities and to ensure that these threats are properly fixed across multiple code bases.
-
-CodeQL is the code analysis engine that underpins LGTM, the community driven security analysis platform. Together, CodeQL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you don’t have your own team of dedicated security engineers. You can read more about using CodeQL and LGTM in variant analysis on the `Security Lab research page <https://securitylab.github.com/research>`__.
-
-CodeQL is easy to learn, and exploring code using CodeQL is the most efficient way to perform variant analysis. 
-
-Learning CodeQL for variant analysis
-------------------------------------
-
-Start learning how to use CodeQL in variant analysis for a specific language by looking at the topics below. Each topic links to a short presentation on CodeQL, its libraries, or an example variant discovered using CodeQL.
-
-.. |arrow-l| unicode:: U+2190
-
-.. |arrow-r| unicode:: U+2192
-
-.. |info| unicode:: U+24D8
-
-When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate between slides.
-Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode.
-
-The presentations contain a number of query examples.
-We recommend that you download `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/>`__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. 
-
-
-.. pull-quote:: 
-
-   Information
-
-   The presentations listed below are used in CodeQL and variant analysis training sessions run by GitHub engineers. 
-   Therefore, be aware that the slides are designed to be presented by an instructor. 
-   If you are using the slides without an instructor, please use the additional notes to help guide you through the examples. 
-
-CodeQL and variant analysis for C/C++
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-- `Introduction to variant analysis: CodeQL for C/C++ </QL/ql-training/cpp/intro-ql-cpp.html>`__–an introduction to variant analysis and CodeQL for C/C++ programmers.
-- `Example: Bad overflow guard </QL/ql-training/cpp/bad-overflow-guard.html>`__–an example of iterative query development to find bad overflow guards in a C++ project.
-- `Program representation: CodeQL for C/C++ </QL/ql-training/cpp/program-representation-cpp.html>`__–information on how CodeQL analysis represents C/C++ programs. 
-- `Introduction to local data flow </QL/ql-training/cpp/data-flow-cpp.html>`__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE.
-- `Exercise: snprintf overflow </QL/ql-training/cpp/snprintf.html>`__–an example demonstrating how to develop a data flow query.
-- `Introduction to global data flow </QL/ql-training/cpp/global-data-flow-cpp.html>`__–an introduction to analyzing global data flow in C/C++ using CodeQL.
-- `Analyzing control flow: CodeQL for C/C++  </QL/ql-training/cpp/control-flow-cpp.html>`__–an introduction to analyzing control flow in C/C++ using CodeQL.
-
-CodeQL and variant analysis for Java
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-- `Introduction to variant analysis: CodeQL for Java </QL/ql-training/java/intro-ql-java.html>`__–an introduction to variant analysis and CodeQL for Java programmers.
-- `Example: Query injection </QL/ql-training/java/query-injection-java.html>`__–an example of iterative query development to find unsanitized SPARQL injections in a Java project.
-- `Program representation: CodeQL for Java </QL/ql-training/java/program-representation-java.html>`__–information on how CodeQL analysis represents Java programs. 
-- `Introduction to local data flow </QL/ql-training/java/data-flow-java.html>`__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE.
-- `Exercise: Apache Struts </QL/ql-training/java/apache-struts-java.html>`__–an example demonstrating how to develop a data flow query.
-- `Introduction to global data flow </QL/ql-training/java/global-data-flow-java.html>`__–an introduction to analyzing global data flow in Java using CodeQL.
-
-Further reading
-~~~~~~~~~~~~~~~
-
-- `GitHub Security Lab <https://securitylab.github.com/research>`__
diff --git a/docs/codeql/support/read-me-project.rst b/docs/codeql/support/read-me-project.rst
deleted file mode 100644
index 81182043793..00000000000
--- a/docs/codeql/support/read-me-project.rst
+++ /dev/null
@@ -1,15 +0,0 @@
-Publishing this project for a new version
-#########################################
-
-To update this project for a new version:
-
-1. Check with the language teams that all information in the ``ql/change-notes/support/`` directory is ready.
-
-2. Open the ``global-conf.py`` file in the ``global-sphinx-files`` directory and change the following variables 
-to the correct value(s) if necessary:
-
-    * ``version =``
-    * ``release = ``
-    * If it's the first release of the year, ``copyright =``
-
-3. Commit your changes. The output of the ``doc/sphinx`` PR check should be correct for the new version and ready to publish.
\ No newline at end of file
diff --git a/docs/codeql/writing-codeql-queries/catch-the-fire-starter.rst b/docs/codeql/writing-codeql-queries/catch-the-fire-starter.rst
index 60840e8bc9f..4cd9bb2ede8 100644
--- a/docs/codeql/writing-codeql-queries/catch-the-fire-starter.rst
+++ b/docs/codeql/writing-codeql-queries/catch-the-fire-starter.rst
@@ -105,7 +105,7 @@ Now try applying ``isAllowedIn(string region)`` to a person ``p``. If ``p`` is n
 
 You know that the fire starters live in the south *and* that they must have been able to travel to the north. Write a query to find the possible suspects. You could also extend the ``select`` clause to list the age of the suspects. That way you can clearly see that all the children have been excluded from the list.
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/2551838470440192723/>`__
+➤ `Check your answer <#exercise-1>`__
 
 You can now continue to gather more clues and find out which of your suspects started the fire...
 
@@ -142,7 +142,7 @@ The predicate ``isBald`` is defined to take a ``Person``, so it can also take a
 
 You can now write a query to select the bald southerners who are allowed into the north.
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/2572701606358725253/>`__
+➤ `Check your answer <#exercise-2>`__
 
 You have found the two fire starters! They are arrested and the villagers are once again impressed with your work.
 
@@ -150,3 +150,65 @@ Further reading
 ---------------
 
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+--------------
+
+Answers
+-------
+
+In these answers, we use ``/*`` and ``*/`` to label the different parts of the query. Any text surrounded by ``/*`` and ``*/`` is not evaluated as part of the QL code, but is treated as a *comment*.
+
+Exercise 1
+~~~~~~~~~~
+
+.. code-block:: ql
+
+   import tutorial
+
+   predicate isSouthern(Person p) { p.getLocation() = "south" }
+
+   class Southerner extends Person {
+   /* the characteristic predicate */
+   Southerner() { isSouthern(this) }
+   }
+
+   class Child extends Person {
+   /* the characteristic predicate */
+   Child() { this.getAge() < 10 }
+
+   /* a member predicate */
+   override predicate isAllowedIn(string region) { region = this.getLocation() }
+   }
+
+   from Southerner s
+   where s.isAllowedIn("north")
+   select s, s.getAge()
+
+Exercise 2
+~~~~~~~~~~
+
+.. code-block:: ql
+
+   import tutorial
+
+   predicate isSouthern(Person p) { p.getLocation() = "south" }
+
+   class Southerner extends Person {
+   /* the characteristic predicate */
+   Southerner() { isSouthern(this) }
+   }
+
+   class Child extends Person {
+   /* the characteristic predicate */
+   Child() { this.getAge() < 10 }
+
+   /* a member predicate */
+   override predicate isAllowedIn(string region) { region = this.getLocation() }
+   }
+
+   predicate isBald(Person p) { not exists(string c | p.getHairColor() = c) }
+
+   from Southerner s
+   where s.isAllowedIn("north") and isBald(s)
+   select s
+
diff --git a/docs/codeql/writing-codeql-queries/cross-the-river.rst b/docs/codeql/writing-codeql-queries/cross-the-river.rst
index c94806f90e9..dbee51b35dc 100644
--- a/docs/codeql/writing-codeql-queries/cross-the-river.rst
+++ b/docs/codeql/writing-codeql-queries/cross-the-river.rst
@@ -260,21 +260,34 @@ Alternative solutions
 
 Here are some more example queries that solve the river crossing puzzle:
 
-  #. This query uses a modified ``path`` variable to describe the resulting path in
-     more detail.
+.. container:: toggle
 
-     ➤ `See solution in the query console on LGTM.com <https://lgtm.com/query/659603593702729237/>`__
+   .. container:: name
 
-  #. This query models the man and the cargo items in a different way, using an 
-     :ref:`abstract <abstract>`
-     class and predicate. It also displays the resulting path in a more visual way.
+      *Show/hide example query - modified path*
 
-     ➤ `See solution in the query console on LGTM.com <https://lgtm.com/query/1025323464423811143/>`__
+   .. literalinclude:: river-answer-1-path.ql
+      :language: ql
 
-  #. This query introduces :ref:`algebraic datatypes <algebraic-datatypes>`
-     to model the situation, instead of defining everything as a subclass of ``string``.
 
-     ➤ `See solution in the query console on LGTM.com <https://lgtm.com/query/7260748307619718263/>`__
+.. container:: toggle
+
+   .. container:: name
+
+      *Show/hide example query - abstract class*
+
+   .. literalinclude:: river-answer-2-abstract-class.ql
+      :language: ql
+
+
+.. container:: toggle
+
+   .. container:: name
+
+      *Show/hide example query - datatypes*
+
+   .. literalinclude:: river-answer-3-datatypes.ql
+      :language: ql
 
 Further reading
 ---------------
diff --git a/docs/codeql/writing-codeql-queries/crown-the-rightful-heir.rst b/docs/codeql/writing-codeql-queries/crown-the-rightful-heir.rst
index a9a8ace0775..b0512fde26b 100644
--- a/docs/codeql/writing-codeql-queries/crown-the-rightful-heir.rst
+++ b/docs/codeql/writing-codeql-queries/crown-the-rightful-heir.rst
@@ -129,7 +129,7 @@ Here is one way to define ``relativeOf()``:
 
 Don't forget to use the predicate ``isDeceased()`` to find relatives that are still alive.
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/6710025057257064639/>`__
+➤ `Check your answer <#exercise-1>`__
 
 Select the true heir
 --------------------
@@ -142,7 +142,7 @@ To decide who should inherit the king's fortune, the villagers carefully read th
 
 As your final challenge, define a predicate ``hasCriminalRecord`` so that ``hasCriminalRecord(p)`` holds if ``p`` is any of the criminals you unmasked earlier (in the ":doc:`Find the thief <find-the-thief>`" and ":doc:`Catch the fire starter <catch-the-fire-starter>`" tutorials).
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/1820692755164273290/>`__
+➤ `Check your answer <#exercise-2>`__
 
 Experimental explorations
 -------------------------
@@ -164,3 +164,47 @@ Further reading
 ---------------
 
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+--------------
+
+Answers
+-------
+
+In these answers, we use ``/*`` and ``*/`` to label the different parts of the query. Any text surrounded by ``/*`` and ``*/`` is not evaluated as part of the QL code, but is treated as a *comment*.
+
+Exercise 1
+~~~~~~~~~~
+
+.. code-block:: ql
+
+   import tutorial
+
+   Person relativeOf(Person p) { parentOf*(result) = parentOf*(p) }
+
+   from Person p
+   where
+   not p.isDeceased() and
+   p = relativeOf("King Basil")
+   select p
+
+Exercise 2
+~~~~~~~~~~
+
+.. code-block:: ql
+
+   import tutorial
+
+   Person relativeOf(Person p) { parentOf*(result) = parentOf*(p) }
+
+   predicate hasCriminalRecord(Person p) {
+   p = "Hester" or
+   p = "Hugh" or
+   p = "Charlie"
+   }
+
+   from Person p
+   where
+   not p.isDeceased() and
+   p = relativeOf("King Basil") and
+   not hasCriminalRecord(p)
+   select p
diff --git a/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst b/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst
index 9b17b257ac9..1cf0a31289b 100644
--- a/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst
+++ b/docs/codeql/writing-codeql-queries/defining-the-results-of-a-query.rst
@@ -9,8 +9,8 @@ About query results
 -------------------
 
 The information contained in the results of a query is controlled by the ``select`` statement. Part of the process of developing a useful query is to make the results clear and easy for other users to understand.
-When you write your own queries in the query console or in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` there are no constraints on what can be selected.
-However, if you want to use a query to create alerts in LGTM or generate valid analysis results using the :ref:`CodeQL CLI <codeql-cli>`, you'll need to make the ``select`` statement report results in the required format. 
+When you write your own queries in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` there are no constraints on what can be selected.
+However, if you want to use a query to create alerts for code scanning or generate valid analysis results using the :ref:`CodeQL CLI <codeql-cli>`, you'll need to make the ``select`` statement report results in the required format. 
 You must also ensure that the query has the appropriate metadata properties defined. 
 This topic explains how to write your select statement to generate helpful analysis results. 
 
@@ -23,7 +23,7 @@ In their most basic form, the ``select`` statement must select two 'columns':
 -  **Element**—a code element that's identified by the query. This defines the location of the alert.
 -  **String**—a message to display for this code element, describing why the alert was generated.
 
-If you look at some of the LGTM queries, you'll see that they can select extra element/string pairs, which are combined with ``$@`` placeholder markers in the message to form links. For example, `Dereferenced variable may be null <https://lgtm.com/query/rule:1954750296/lang:java/>`__ (Java), or `Duplicate switch case <https://lgtm.com/query/rule:7890077/lang:javascript/>`__ (JavaScript). 
+If you look at some of the existing queries, you'll see that they can select extra element/string pairs, which are combined with ``$@`` placeholder markers in the message to form links. For example, `Dereferenced variable may be null <https://github.com/github/codeql/blob/95e65347cafe502bbd0d9f48d1175fd3d66e0459/java/ql/src/Likely%20Bugs/Nullness/NullMaybe.ql>`__ (Java), or `Duplicate switch case <https://github.com/github/codeql/blob/95e65347cafe502bbd0d9f48d1175fd3d66e0459/javascript/ql/src/Expressions/DuplicateSwitchCase.ql>`__ (JavaScript). 
 
 .. pull-quote::
 
@@ -34,78 +34,70 @@ If you look at some of the LGTM queries, you'll see that they can select extra e
 Developing a select statement
 -----------------------------
 
-Here's a simple query that uses the standard CodeQL ``CodeDuplication.qll`` library to identify similar files.
+Here's a simple query to find Java classes that extend other classes.
 
 Basic select statement
 ~~~~~~~~~~~~~~~~~~~~~~
 
 .. code-block:: ql
 
-   import java
-   import external.CodeDuplication
-
-   from File f, File other, int percent
-   where similarFiles(f, other, percent)
-   select f, "This file is similar to another file."
+    /**
+     * @kind problem
+     */
+    
+    import java
+    
+    from Class c, Class superclass
+    where superclass = c.getASupertype()
+    select c, "This class extends another class."
 
 This basic select statement has two columns:
 
-#. Element to display the alert on: ``f`` corresponds to ``File``.
-#. String message to display: ``"This file is similar to another file."``
+#. An element with a location to display the alert on: ``c`` corresponds to ``Class``.
+#. String message to display: ``"This class extends another class."``
 
 .. image:: ../images/ql-select-statement-basic.png
    :alt: Results of basic select statement
    :class: border
 
-Including the name of the similar file
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Including the name of the superclass
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The alert message defined by the basic select statement is constant and doesn't give users much information. Since the query identifies the similar file (``other``), it's easy to extend the ``select`` statement to report the name of the similar file. For example:
+The alert message defined by the basic select statement is constant and doesn't give users much information. Since the query identifies the superclass, it's easy to include its name in the string message. For example:
 
 .. code-block:: ql
 
-   select f, "This file is similar to " + other.getBaseName()
+   select c, "This class extends the class " + superclass.getName()
 
-#. Element: ``f`` as before.
-#. String message: ``"This file is similar to "``—the string text is combined with the file name for the ``other``, similar file, returned by ``getBaseName()``.
+#. Element: ``c`` as before.
+#. String message: ``"This class extends the class "``—the string text is combined with the class name for the ``superclass``, returned by ``getName()``.
 
-.. image:: ../images/ql-select-statement-filename.png
+.. image:: ../images/ql-select-statement-class-name.png
    :alt: Results of extended select statement
    :class: border
 
-While this is more informative than the original select statement, the user still needs to find the other file manually.
+While this is more informative than the original select statement, the user still needs to find the superclass manually.
 
-Adding a link to the similar file
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Adding a link to the superclass
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-You can use placeholders in the text of alert messages to insert additional information, such as links to the similar file. Placeholders are defined using ``$@``, and filled using the information in the next two columns of the select statement. For example, this select statement returns four columns:
+You can use placeholders in the text of alert messages to insert additional information, such as links to the superclass. Placeholders are defined using ``$@``, and filled using the information in the next two columns of the select statement. For example, this select statement returns four columns:
 
 .. code-block:: ql
 
-   select f, "This file is similar to $@.", other, other.getBaseName()
+   select c, "This class extends the class $@.", superclass, superclass.getName()
 
-#. Element: ``f`` as before.
-#. String message: ``"This file is similar to $@."``—the string text now includes a placeholder, which will display the combined content of the next two columns.
-#. Element for placeholder: ``other`` corresponds to the similar file.
-#. String text for placeholder: the short file name returned by ``other.getBaseName()``.
+#. Element: ``c`` as before.
+#. String message: ``"This class extends the class $@."``—the string text now includes a placeholder, which will display the combined content of the next two columns.
+#. Element for placeholder: the ``superclass``.
+#. String text for placeholder: the class name returned by ``superclass.getBaseName()``.
 
-When the alert message is displayed, the ``$@`` placeholder is replaced by a link created from the contents of the third and fourth columns defined by the ``select`` statement.
+When the alert message is displayed, the ``$@`` placeholder is replaced by a link created from the contents of the third and fourth columns defined by the ``select`` statement. In this example, the link target will be the location of the superclass's definition, and the link text will be its name. Note that some superclasses, such as ``Object``, will not be in the database, since they are built in to the Java language. Clicking those links will have no effect.
 
 If you use the ``$@`` placeholder marker multiple times in the description text, then the ``N``\ th use is replaced by a link formed from columns ``2N+2`` and ``2N+3``. If there are more pairs of additional columns than there are placeholder markers, then the trailing columns are ignored. Conversely, if there are fewer pairs of additional columns than there are placeholder markers, then the trailing markers are treated as normal text rather than placeholder markers.
 
-Adding details of the extent of similarity
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-You could go further and change the ``select`` statement to report on the similarity of content in the two files, since this information is already available in the query. For example:
-
-.. code-block:: ql
-
-   select f, percent + "% of the lines in " + f.getBaseName() + " are similar to lines in $@.", other, other.getBaseName()
-
-The new elements added here don't need to be clickable, so we added them directly to the description string.
-
-.. image:: ../images/ql-select-statement-similarity.png
-   :alt: Results showing the extent of similarity
+.. image:: ../images/ql-select-statement-link.png
+   :alt: Results including links
    :class: border
 
 Further reading
diff --git a/docs/codeql/writing-codeql-queries/find-the-thief.rst b/docs/codeql/writing-codeql-queries/find-the-thief.rst
index ff9ee49f5dc..fd992741dbe 100644
--- a/docs/codeql/writing-codeql-queries/find-the-thief.rst
+++ b/docs/codeql/writing-codeql-queries/find-the-thief.rst
@@ -50,9 +50,7 @@ You start asking some creative questions and making notes of the answers so you
 
 There is too much information to search through by hand, so you decide to use your newly acquired QL skills to help you with your investigation...
 
-#. Open the `query console on LGTM.com <https://lgtm.com/query>`__ to get started.
-#. Select a language and a demo project. For this tutorial, any language and project will do.
-#. Delete the default code ``import <language> select "hello world"``.
+.. include:: ../reusables/setup-to-run-tutorials.rst
 
 QL libraries
 ------------
@@ -209,13 +207,7 @@ Hints
 
 Once you have finished, you will have a list of possible suspects. One of those people must be the thief!
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/1505743955992/>`__
-
-.. pull-quote::
-
-   Note
-
-   In the answer, we used ``/*`` and ``*/`` to label the different parts of the query. Any text surrounded by ``/*`` and ``*/`` is not evaluated as part of the QL code, but is just a *comment*.
+➤ `Check your answer <#exercise-1>`__
 
 You are getting closer to solving the mystery! Unfortunately, you still have quite a long list of suspects... To find out which of your suspects is the thief, you must gather more information and refine your query in the next step.
 
@@ -291,9 +283,59 @@ You can now translate the remaining questions into QL:
 
 Have you found the thief?
 
-➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/1505744186085/>`__
+➤ `Check your answer <#exercise-2>`__
 
 Further reading
 ---------------
 
 .. include:: ../reusables/codeql-ref-tools-further-reading.rst
+
+
+--------------
+
+Answers
+-------
+
+In these answers, we use ``/*`` and ``*/`` to label the different parts of the query. Any text surrounded by ``/*`` and ``*/`` is not evaluated as part of the QL code, but is treated as a *comment*.
+
+Exercise 1
+^^^^^^^^^^
+
+.. code-block:: ql
+
+   import tutorial
+
+   from Person t
+   where
+   /* 1 */ t.getHeight() > 150 and
+   /* 2 */ not t.getHairColor() = "blond" and
+   /* 3 */ exists (string c | t.getHairColor() = c) and
+   /* 4 */ not t.getAge() < 30 and
+   /* 5 */ t.getLocation() = "east" and
+   /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
+   /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
+   /* 8 */ exists(Person p | p.getAge() > t.getAge())
+   select t
+
+Exercise 2
+^^^^^^^^^^
+
+.. code-block:: ql
+
+   import tutorial
+
+   from Person t
+   where
+   /* 1 */ t.getHeight() > 150 and
+   /* 2 */ not t.getHairColor() = "blond" and
+   /* 3 */ exists (string c | t.getHairColor() = c) and
+   /* 4 */ not t.getAge() < 30 and
+   /* 5 */ t.getLocation() = "east" and
+   /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
+   /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
+   /* 8 */ exists(Person p | p.getAge() > t.getAge()) and
+   /* 9 */ not t = max(Person p | | p order by p.getHeight()) and
+   /* 10 */ t.getHeight() < avg(float i | exists(Person p | p.getHeight() = i) | i) and
+   /* 11 */ t = max(Person p | p.getLocation() = "east" | p order by p.getAge())
+   select "The thief is " + t + "!"
+   
\ No newline at end of file
diff --git a/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst b/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
index 040f873d410..54cfd20bba7 100644
--- a/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
+++ b/docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
@@ -9,7 +9,7 @@ About query metadata
 --------------------
 
 Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a QLDoc comment. 
-This metadata tells LGTM and the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` how to handle the query and display its results correctly. 
+This metadata tells the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly. 
 It also gives other users information about what the query results mean. For more information on query metadata, see the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__ in our `open source repository <https://github.com/github/codeql>`__ on GitHub.
 
 .. pull-quote::
@@ -28,7 +28,7 @@ The following properties are supported by all query files:
 +=======================+===========================+=======================================================================================================================================================================================================================================================================================================================================================================+
 | ``@description``      | ``<text>``                | A sentence or short paragraph to describe the purpose of the query and *why* the result is useful or important. The description is written in plain text, and uses single quotes (``'``) to enclose code elements.                                                                                                                                                    |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| ``@id``               | ``<text>``                | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard LGTM queries have the following format: ``<language>/<brief-description>``.                  |
+| ``@id``               | ``<text>``                | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard CodeQL queries have the following format: ``<language>/<brief-description>``.                |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | ``@kind``             | | ``problem``             | Identifies the query is an alert (``@kind problem``) or a path (``@kind path-problem``). For more information on these query types, see ":doc:`About CodeQL queries <about-codeql-queries>`."                                                                                                                                                                         |
 |                       | | ``path-problem``        |                                                                                                                                                                                                                                                                                                                                                                       |
@@ -40,12 +40,12 @@ The following properties are supported by all query files:
 |                       | | ``readability``         |                                                                                                                                                                                                                                                                                                                                                                       |
 |                       | | ``security``            |                                                                                                                                                                                                                                                                                                                                                                       |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| ``@precision``        | | ``low``                 | Indicates the percentage of query results that are true positives (as opposed to false positive results). This, along with the ``@problem.severity`` property, determines whether the results are displayed by default on LGTM.                                                                                                                                       |
+| ``@precision``        | | ``low``                 | Indicates the percentage of query results that are true positives (as opposed to false positive results). This, along with the ``@problem.severity`` property, determines how the results are displayed on GitHub.                                                                                                                                                    |
 |                       | | ``medium``              |                                                                                                                                                                                                                                                                                                                                                                       |
 |                       | | ``high``                |                                                                                                                                                                                                                                                                                                                                                                       |
 |                       | | ``very-high``           |                                                                                                                                                                                                                                                                                                                                                                       |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| ``@problem.severity`` | | ``error``               | Defines the level of severity of any alerts generated by a non-security query. This, along with the ``@precision`` property, determines whether the results are displayed by default on LGTM.                                                                                                                                                                         |
+| ``@problem.severity`` | | ``error``               | Defines the level of severity of any alerts generated by a non-security query. This, along with the ``@precision`` property, determines how the results are displayed on GitHub.                                                                                                                                                                                      |
 |                       | | ``warning``             |                                                                                                                                                                                                                                                                                                                                                                       |
 |                       | | ``recommendation``      |                                                                                                                                                                                                                                                                                                                                                                       |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
diff --git a/docs/codeql/writing-codeql-queries/providing-locations-in-codeql-queries.rst b/docs/codeql/writing-codeql-queries/providing-locations-in-codeql-queries.rst
index 239d3fc7628..f8f5682c8b9 100644
--- a/docs/codeql/writing-codeql-queries/providing-locations-in-codeql-queries.rst
+++ b/docs/codeql/writing-codeql-queries/providing-locations-in-codeql-queries.rst
@@ -11,7 +11,7 @@ CodeQL includes mechanisms for extracting the location of elements in a codebase
 About locations
 ---------------
 
-When displaying information to the user, LGTM needs to be able to extract location information from the results of a query. In order to do this, all QL classes which can provide location information should do this by using one of the following mechanisms:
+When displaying information to the user, applications need to be able to extract location information from the results of a query. In order to do this, all QL classes which can provide location information should do this by using one of the following mechanisms:
 
 -  `Providing URLs <#providing-urls>`__
 -  `Providing location information <#providing-location-information>`__
@@ -49,7 +49,7 @@ A custom URL can be provided by defining a QL predicate returning ``string`` wit
 File URLs
 ^^^^^^^^^
 
-LGTM supports the display of URLs which define a line and column in a source file.
+The CodeQL extension for Visual Studio Code and the code scanning views in GitHub support the display of URLs which define a line and column in a source file.
 
 The schema is ``file://``, which is followed by the absolute path to a file, followed by four numbers separated by colons. The numbers denote start line, start column, end line and end column. Both line and column numbers are **1-based**, for example:
 
@@ -57,12 +57,12 @@ The schema is ``file://``, which is followed by the absolute path to a file, fol
 -  ``file:///opt/src/my/file.java:1:1:2:1`` denotes the location that starts at the beginning of the file and extends to the first character of the second line (the range is inclusive).
 -  ``file:///opt/src/my/file.java:1:0:1:0`` is taken, by convention, to denote the entire first line of the file.
 
-By convention, the location of an entire file may also be denoted by a ``file://`` URL without trailing numbers. Optionally, the location within a file can be denoted using three numbers to define the start line number, character offset and character length of the location respectively. Results of these types are not displayed in LGTM.
+By convention, the location of an entire file may also be denoted by a ``file://`` URL without trailing numbers. Optionally, the location within a file can be denoted using three numbers to define the start line number, character offset and character length of the location respectively. Results of these types are not displayed as code scanning alerts.
 
 Other types of URL
 ^^^^^^^^^^^^^^^^^^
 
-The following, less-common types of URL are valid but are not supported by LGTM and will be omitted from any results:
+The following, less-common types of URL are valid but are not interpreted as code scanning alerts and will be omitted from any results:
 
 -  **HTTP URLs** are supported in some client applications. For an example, see the code snippet above.
 -  **Folder URLs** can be useful, for example to provide folder-level metrics. They may use a file URL, for example ``file:///opt/src:0:0:0:0``, but they may also start with a scheme of ``folder://``, and no trailing numbers, for example ``folder:///opt/src``.
diff --git a/docs/codeql/writing-codeql-queries/river-answer-1-path.ql b/docs/codeql/writing-codeql-queries/river-answer-1-path.ql
new file mode 100644
index 00000000000..49b1b95856f
--- /dev/null
+++ b/docs/codeql/writing-codeql-queries/river-answer-1-path.ql
@@ -0,0 +1,110 @@
+/**
+ * A solution to the river crossing puzzle using a modified `path` variable
+ * to describe the resulting path in detail.
+ */
+
+/** A possible cargo item. */
+class Cargo extends string {
+  Cargo() { this = ["Nothing", "Goat", "Cabbage", "Wolf"] }
+}
+
+/** A shore, named either `Left` or `Right`. */
+class Shore extends string {
+  Shore() {
+    this = "Left" or
+    this = "Right"
+  }
+
+  /** Returns the other shore. */
+  Shore other() {
+    this = "Left" and result = "Right"
+    or
+    this = "Right" and result = "Left"
+  }
+}
+
+/** Renders the state as a string. */
+string renderState(Shore manShore, Shore goatShore, Shore cabbageShore, Shore wolfShore) {
+  result = manShore + "," + goatShore + "," + cabbageShore + "," + wolfShore
+}
+
+/** A record of where everything is. */
+class State extends string {
+  Shore manShore;
+  Shore goatShore;
+  Shore cabbageShore;
+  Shore wolfShore;
+
+  State() { this = renderState(manShore, goatShore, cabbageShore, wolfShore) }
+
+  /** Returns the state that is reached after ferrying a particular cargo item. */
+  State ferry(Cargo cargo) {
+    cargo = "Nothing" and
+    result = renderState(manShore.other(), goatShore, cabbageShore, wolfShore)
+    or
+    cargo = "Goat" and
+    result = renderState(manShore.other(), goatShore.other(), cabbageShore, wolfShore)
+    or
+    cargo = "Cabbage" and
+    result = renderState(manShore.other(), goatShore, cabbageShore.other(), wolfShore)
+    or
+    cargo = "Wolf" and
+    result = renderState(manShore.other(), goatShore, cabbageShore, wolfShore.other())
+  }
+
+  /**
+   * Holds if the state is safe. This occurs when neither the goat nor the cabbage
+   * can get eaten.
+   */
+  predicate isSafe() {
+    // The goat can't eat the cabbage.
+    (goatShore != cabbageShore or goatShore = manShore) and
+    // The wolf can't eat the goat.
+    (wolfShore != goatShore or wolfShore = manShore)
+  }
+
+  /** Returns the state that is reached after safely ferrying a cargo item. */
+  State safeFerry(Cargo cargo) { result = this.ferry(cargo) and result.isSafe() }
+
+  string towards() {
+    manShore = "Left" and result = "to the left"
+    or
+    manShore = "Right" and result = "to the right"
+  }
+
+  /**
+   * Returns all states that are reachable via safe ferrying.
+   * `path` keeps track of how it is achieved.
+   * `visitedStates` keeps track of previously visited states and is used to avoid loops.
+   */
+  State reachesVia(string path, string visitedStates) {
+    // Reachable in 1 step by ferrying a specific cargo
+    exists(Cargo cargo |
+      result = this.safeFerry(cargo) and
+      visitedStates = result and
+      path = "First " + cargo + " is ferried " + result.towards()
+    )
+    or
+    // Reachable by first following pathSoFar and then ferrying cargo
+    exists(string pathSoFar, string visitedStatesSoFar, Cargo cargo |
+      result = this.reachesVia(pathSoFar, visitedStatesSoFar).safeFerry(cargo) and
+      not exists(visitedStatesSoFar.indexOf(result)) and // resulting state is not visited yet
+      visitedStates = visitedStatesSoFar + "_" + result and
+      path = pathSoFar + ",\nthen " + cargo + " is ferried " + result.towards()
+    )
+  }
+}
+
+/** The initial state, where everything is on the left shore. */
+class InitialState extends State {
+  InitialState() { this = renderState("Left", "Left", "Left", "Left") }
+}
+
+/** The goal state, where everything is on the right shore. */
+class GoalState extends State {
+  GoalState() { this = renderState("Right", "Right", "Right", "Right") }
+}
+
+from string path
+where any(InitialState i).reachesVia(path, _) = any(GoalState g)
+select path + "."
diff --git a/docs/codeql/writing-codeql-queries/river-answer-2-abstract-class.ql b/docs/codeql/writing-codeql-queries/river-answer-2-abstract-class.ql
new file mode 100644
index 00000000000..55614f7e856
--- /dev/null
+++ b/docs/codeql/writing-codeql-queries/river-answer-2-abstract-class.ql
@@ -0,0 +1,202 @@
+/**
+ * A solution to the river crossing puzzle using abstract
+ * classes/predicates to model the situation and unicode
+ * symbols to display the answer.
+ */
+
+/** One of two shores. */
+class Shore extends string {
+  Shore() { this = "left" or this = "right" }
+}
+
+/** Models the behavior of the man. */
+class Man extends string {
+  Shore s;
+
+  Man() { this = "man " + s }
+
+  /** Holds if the man is on a particular shore. */
+  predicate isOn(Shore shore) { s = shore }
+
+  /** Returns the other shore, after the man crosses the river. */
+  Man cross() { result != this }
+
+  /** Returns a cargo and its position after being ferried. */
+  Cargo ferry(Cargo c) {
+    result = c.cross() and
+    c.isOn(s)
+  }
+}
+
+/** One of three possible cargo items, with their position. */
+abstract class Cargo extends string {
+  Shore s;
+
+  bindingset[this]
+  Cargo() { any() }
+
+  /** Holds if the cargo is on a particular shore. */
+  predicate isOn(Shore shore) { s = shore }
+
+  /** Returns the other shore, after the cargo crosses the river. */
+  abstract Cargo cross();
+}
+
+/** Models the position of the goat. */
+class Goat extends Cargo {
+  Goat() { this = "goat " + s }
+
+  override Goat cross() { result != this }
+}
+
+/** Models the position of the wolf. */
+class Wolf extends Cargo {
+  Wolf() { this = "wolf " + s }
+
+  override Wolf cross() { result != this }
+}
+
+/** Models the position of the cabbage. */
+class Cabbage extends Cargo {
+  Cabbage() { this = "cabbage " + s }
+
+  override Cabbage cross() { result != this }
+}
+
+/** Returns a unicode representation of everything on the left shore. */
+string onLeft(Man man, Goat goat, Cabbage cabbage, Wolf wolf) {
+  exists(string manOnLeft, string goatOnLeft, string cabbageOnLeft, string wolfOnLeft |
+    (
+      man.isOn("left") and manOnLeft = "🕴"
+      or
+      man.isOn("right") and manOnLeft = "____"
+    ) and
+    (
+      goat.isOn("left") and goatOnLeft = "🐐"
+      or
+      goat.isOn("right") and goatOnLeft = "___"
+    ) and
+    (
+      cabbage.isOn("left") and cabbageOnLeft = "🥬"
+      or
+      cabbage.isOn("right") and cabbageOnLeft = "___"
+    ) and
+    (
+      wolf.isOn("left") and wolfOnLeft = "🐺"
+      or
+      wolf.isOn("right") and wolfOnLeft = "___"
+    ) and
+    result = manOnLeft + "__" + goatOnLeft + "__" + cabbageOnLeft + "__" + wolfOnLeft
+  )
+}
+
+/** Returns a unicode representation of everything on the right shore. */
+string onRight(Man man, Goat goat, Cabbage cabbage, Wolf wolf) {
+  exists(string manOnLeft, string goatOnLeft, string cabbageOnLeft, string wolfOnLeft |
+    (
+      man.isOn("right") and manOnLeft = "🕴"
+      or
+      man.isOn("left") and manOnLeft = "_"
+    ) and
+    (
+      goat.isOn("right") and goatOnLeft = "🐐"
+      or
+      goat.isOn("left") and goatOnLeft = "__"
+    ) and
+    (
+      cabbage.isOn("right") and cabbageOnLeft = "🥬"
+      or
+      cabbage.isOn("left") and cabbageOnLeft = "__"
+    ) and
+    (
+      wolf.isOn("right") and wolfOnLeft = "🐺"
+      or
+      wolf.isOn("left") and wolfOnLeft = "__"
+    ) and
+    result = manOnLeft + "__" + goatOnLeft + "__" + cabbageOnLeft + "__" + wolfOnLeft
+  )
+}
+
+/** Renders the state as a string, using unicode symbols. */
+string render(Man man, Goat goat, Cabbage cabbage, Wolf wolf) {
+  result =
+    onLeft(man, goat, cabbage, wolf) + "___🌊🌊🌊🌊🌊🌊🌊🌊🌊🌊___" +
+      onRight(man, goat, cabbage, wolf)
+}
+
+/** A record of where everything is. */
+class State extends string {
+  Man man;
+  Goat goat;
+  Cabbage cabbage;
+  Wolf wolf;
+
+  State() { this = render(man, goat, cabbage, wolf) }
+
+  /**
+   * Returns the possible states that you can transition to
+   * by ferrying one or zero cargo items.
+   */
+  State transition() {
+    result = render(man.cross(), man.ferry(goat), cabbage, wolf) or
+    result = render(man.cross(), goat, man.ferry(cabbage), wolf) or
+    result = render(man.cross(), goat, cabbage, man.ferry(wolf)) or
+    result = render(man.cross(), goat, cabbage, wolf)
+  }
+
+  /**
+   * Returns all states that are reachable via a transition
+   * and have not yet been visited.
+   * `path` keeps track of how it is achieved.
+   */
+  State reachesVia(string path) {
+    exists(string pathSoFar |
+      result = this.reachesVia(pathSoFar).transition() and
+      not exists(pathSoFar.indexOf(result.toString())) and
+      path = pathSoFar + "\n↓\n" + result
+    )
+  }
+}
+
+/** The initial state, where everything is on the left shore. */
+class InitialState extends State {
+  InitialState() {
+    exists(Shore left | left = "left" |
+      man.isOn(left) and goat.isOn(left) and cabbage.isOn(left) and wolf.isOn(left)
+    )
+  }
+
+  override State reachesVia(string path) {
+    path = this + "\n↓\n" + result and result = this.transition()
+    or
+    result = super.reachesVia(path)
+  }
+}
+
+/** The goal state, where everything is on the right shore. */
+class GoalState extends State {
+  GoalState() {
+    exists(Shore right | right = "right" |
+      man.isOn(right) and goat.isOn(right) and cabbage.isOn(right) and wolf.isOn(right)
+    )
+  }
+
+  override State transition() { none() }
+}
+
+/** An unsafe state, where something gets eaten. */
+class IllegalState extends State {
+  IllegalState() {
+    exists(Shore s |
+      goat.isOn(s) and cabbage.isOn(s) and not man.isOn(s)
+      or
+      wolf.isOn(s) and goat.isOn(s) and not man.isOn(s)
+    )
+  }
+
+  override State transition() { none() }
+}
+
+from string path
+where any(InitialState i).reachesVia(path) = any(GoalState g)
+select path
diff --git a/docs/codeql/writing-codeql-queries/river-answer-3-datatypes.ql b/docs/codeql/writing-codeql-queries/river-answer-3-datatypes.ql
new file mode 100644
index 00000000000..bb74a0321b9
--- /dev/null
+++ b/docs/codeql/writing-codeql-queries/river-answer-3-datatypes.ql
@@ -0,0 +1,169 @@
+/**
+ * "Typesafe" solution to the river crossing puzzle.
+ */
+
+/** Either the left shore or the right shore. */
+newtype TShore =
+  Left() or
+  Right()
+
+class Shore extends TShore {
+  Shore other() { result != this }
+
+  string toString() {
+    this = Left() and result = "left"
+    or
+    this = Right() and result = "right"
+  }
+}
+
+newtype TMan = TManOn(Shore s)
+
+/** Models the behavior of the man. */
+class Man extends TMan {
+  Shore s;
+
+  Man() { this = TManOn(s) }
+
+  /** Holds if the man is on a particular shore. */
+  predicate isOn(Shore shore) { s = shore }
+
+  /** Returns the other shore, after the man crosses the river. */
+  Man cross() { result.isOn(s.other()) }
+
+  /** Returns a cargo and its position after being ferried. */
+  Cargo ferry(Cargo c) {
+    result = c.cross() and
+    c.isOn(s)
+  }
+
+  string toString() { result = "man " + s }
+}
+
+newtype TCargo =
+  TGoat(Shore s) or
+  TCabbage(Shore s) or
+  TWolf(Shore s)
+
+/** One of three possible cargo items, with their position. */
+abstract class Cargo extends TCargo {
+  Shore s;
+
+  /** Holds if the cargo is on a particular shore. */
+  predicate isOn(Shore shore) { s = shore }
+
+  /** Returns the other shore, after the cargo crosses the river. */
+  abstract Cargo cross();
+
+  abstract string toString();
+}
+
+/** Models the position of the goat. */
+class Goat extends Cargo, TGoat {
+  Goat() { this = TGoat(s) }
+
+  override Cargo cross() { result = TGoat(s.other()) }
+
+  override string toString() { result = "goat " + s }
+}
+
+/** Models the position of the wolf. */
+class Wolf extends Cargo, TWolf {
+  Wolf() { this = TWolf(s) }
+
+  override Cargo cross() { result = TWolf(s.other()) }
+
+  override string toString() { result = "wolf " + s }
+}
+
+/** Models the position of the cabbage. */
+class Cabbage extends Cargo, TCabbage {
+  Cabbage() { this = TCabbage(s) }
+
+  override Cargo cross() { result = TCabbage(s.other()) }
+
+  override string toString() { result = "cabbage " + s }
+}
+
+newtype TState = Currently(Man man, Goat goat, Cabbage cabbage, Wolf wolf)
+
+/** A record of where everything is. */
+class State extends TState {
+  Man man;
+  Goat goat;
+  Cabbage cabbage;
+  Wolf wolf;
+
+  State() { this = Currently(man, goat, cabbage, wolf) }
+
+  /**
+   * Returns the possible states that you can transition to
+   * by ferrying one or zero cargo items.
+   */
+  State transition() {
+    result = Currently(man.cross(), man.ferry(goat), cabbage, wolf) or
+    result = Currently(man.cross(), goat, man.ferry(cabbage), wolf) or
+    result = Currently(man.cross(), goat, cabbage, man.ferry(wolf)) or
+    result = Currently(man.cross(), goat, cabbage, wolf)
+  }
+
+  /**
+   * Returns all states that are reachable via a transition
+   * and have not yet been visited.
+   * `path` keeps track of how it is achieved.
+   */
+  State reachesVia(string path) {
+    exists(string pathSoFar |
+      result = this.reachesVia(pathSoFar).transition() and
+      not exists(pathSoFar.indexOf(result.toString())) and
+      path = pathSoFar + "\n" + result
+    )
+  }
+
+  string toString() { result = man + "/" + goat + "/" + cabbage + "/" + wolf }
+}
+
+/** The initial state, where everything is on the left shore. */
+class InitialState extends State {
+  InitialState() {
+    man.isOn(Left()) and goat.isOn(Left()) and cabbage.isOn(Left()) and wolf.isOn(Left())
+  }
+
+  override State reachesVia(string path) {
+    path = this + "\n" + result and result = this.transition()
+    or
+    result = super.reachesVia(path)
+  }
+
+  override string toString() { result = "Initial: " + super.toString() }
+}
+
+/** The goal state, where everything is on the right shore. */
+class GoalState extends State {
+  GoalState() {
+    man.isOn(Right()) and goat.isOn(Right()) and cabbage.isOn(Right()) and wolf.isOn(Right())
+  }
+
+  override State transition() { none() }
+
+  override string toString() { result = "Goal: " + super.toString() }
+}
+
+/** An unsafe state, where something gets eaten. */
+class IllegalState extends State {
+  IllegalState() {
+    exists(Shore s |
+      goat.isOn(s) and cabbage.isOn(s) and not man.isOn(s)
+      or
+      wolf.isOn(s) and goat.isOn(s) and not man.isOn(s)
+    )
+  }
+
+  override State transition() { none() }
+
+  override string toString() { result = "ILLEGAL: " + super.toString() }
+}
+
+from string path
+where any(InitialState i).reachesVia(path) = any(GoalState g)
+select path
diff --git a/docs/codeql/writing-codeql-queries/river-crossing-1.ql b/docs/codeql/writing-codeql-queries/river-crossing-1.ql
index 80d828c7389..b9774404a5a 100644
--- a/docs/codeql/writing-codeql-queries/river-crossing-1.ql
+++ b/docs/codeql/writing-codeql-queries/river-crossing-1.ql
@@ -99,4 +99,3 @@ class GoalState extends State {
 from string path
 where any(InitialState i).reachesVia(path, _) = any(GoalState g)
 select path
-
diff --git a/docs/prepare-db-upgrade.md b/docs/prepare-db-upgrade.md
index 906c47d9c6d..42c329dd947 100644
--- a/docs/prepare-db-upgrade.md
+++ b/docs/prepare-db-upgrade.md
@@ -69,10 +69,10 @@ Although we have some automated testing of the scripts (e.g. to test that you ca
 To test the upgrade script, run:
 
 ```
-codeql test run --search-path=<old-extractor-pack> --search-path=ql <test-dir>
+codeql test run --search-path=<old-extractor-pack> --search-path=<codeql-root> <test-dir>
 ```
 
-Where `<old-extractor-pack>` is an extractor pack containing the old extractor and dbscheme that pre-date your changes, and `<test-dir>` is the directory containing the qltests for your language. This will run the tests using an old extractor, and the test databases will all be upgraded in place using your new upgrade script.
+Where `<old-extractor-pack>` is an extractor pack containing the old extractor and dbscheme that pre-date your changes, `<test-dir>` is the directory containing the qltests for your language, and `<codeql-root>` is the root directory directory of the `github/codeql` clone that contains `<test-dir>`. This will run the tests using an old extractor, and the test databases will all be upgraded in place using your new upgrade script.
 
 To test the downgrade script, create an extractor pack that includes your new dbscheme and extractor changes. Then checkout the `main` branch of `codeql` (i.e. a branch that does not include your changes), and run:
 
diff --git a/docs/ql-style-guide.md b/docs/ql-style-guide.md
index 0b0efef27cc..29a427fdfae 100644
--- a/docs/ql-style-guide.md
+++ b/docs/ql-style-guide.md
@@ -176,7 +176,7 @@ private predicate foo(Expr e, Expr p) {
 1. Acronyms *should* use normal PascalCase/camelCase. However, two-letter acronyms should have both letters capitalized.
 1. Newtype predicate names *should* begin with `T`.
 1. Predicates that have a result *should* be named `get...`
-1. Predicates that can return multiple results *should* be named `getA...` or `getAn...`
+1. Predicates that can have multiple results *should* be named `getA...` or `getAn...`
 1. Predicates that don't have a result or parameters *should* be named `is...` or `has...`
 1. *Avoid* underscores in names.
 1. *Avoid* short or single-letter names for classes, predicates and fields.
@@ -304,6 +304,7 @@ For more information about documenting the code that you contribute to this repo
   exists(Type arg | arg = this.getAChild() | arg instanceof TypeParameter)
 ```
 
+
 ```ql
   exists(Type qualifierType |
     this.hasNonExactQualifierType(qualifierType)
diff --git a/go/Makefile b/go/Makefile
index 419b1991775..4faf28c41ea 100644
--- a/go/Makefile
+++ b/go/Makefile
@@ -34,7 +34,6 @@ autoformat:
 	find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -w
 
 check-formatting:
-	find ql -iregex '.*\.qll?' -print0 | xargs -0 codeql query format --check-only
 	test -z "$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l)"
 
 install-deps:
@@ -84,6 +83,7 @@ extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \
 	cp codeql-extractor.yml LICENSE ql/lib/go.dbscheme ql/lib/go.dbscheme.stats $(EXTRACTOR_PACK_OUT)
 	mkdir $(EXTRACTOR_PACK_OUT)/tools
 	cp -r tools/tokenizer.jar $(CODEQL_TOOLS) $(EXTRACTOR_PACK_OUT)/tools
+	cp -r downgrades $(EXTRACTOR_PACK_OUT)
 
 extractor: extractor-common tools-codeql
 	cp -r tools/$(CODEQL_PLATFORM) $(EXTRACTOR_PACK_OUT)/tools
@@ -117,9 +117,9 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor
 	codeql dataset measure -o $@ build/stats/database/db-go
 
 test: all build/testdb/check-upgrade-path
-	codeql test run ql/test --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency
+	codeql test run -j0 ql/test --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache)
   #	use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
-	env GOOS=linux GOARCH=386 codeql$(EXE) test run ql/test/query-tests/Security/CWE-681 --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency
+	env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache)
 	cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]"
 	bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1)
 
@@ -133,10 +133,3 @@ build/testdb/go.dbscheme: ql/lib/upgrades/initial/go.dbscheme
 	rm -rf build/testdb
 	echo >build/empty.trap
 	codeql dataset import -S ql/lib/upgrades/initial/go.dbscheme build/testdb build/empty.trap
-
-.PHONY: sync-dataflow-libraries
-sync-dataflow-libraries:
-	for f in DataFlowImpl.qll DataFlowImpl2.qll DataFlowImplCommon.qll DataFlowImplConsistency.qll tainttracking1/TaintTrackingImpl.qll tainttracking2/TaintTrackingImpl.qll FlowSummaryImpl.qll AccessPathSyntax.qll;\
-	do\
-		curl -s -o ./ql/lib/semmle/go/dataflow/internal/$$f https://raw.githubusercontent.com/github/codeql/$(DATAFLOW_BRANCH)/java/ql/lib/semmle/code/java/dataflow/internal/$$f;\
-	done
diff --git a/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/go.dbscheme b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/go.dbscheme
new file mode 100644
index 00000000000..90fa7836e0a
--- /dev/null
+++ b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/go.dbscheme
@@ -0,0 +1,547 @@
+/** Auto-generated dbscheme; do not edit. */
+
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+compilations(unique int id: @compilation, string cwd: string ref);
+
+#keyset[id, num]
+compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
+
+#keyset[id, num, kind]
+compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
+
+diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
+
+compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
+
+#keyset[id, num]
+compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
+
+diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
+            string full_error_message: string ref, int location: @location ref);
+
+locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
+                  int endLine: int ref, int endColumn: int ref);
+
+numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
+
+files(unique int id: @file, string name: string ref);
+
+folders(unique int id: @folder, string name: string ref);
+
+containerparent(int parent: @container ref, unique int child: @container ref);
+
+has_location(unique int locatable: @locatable ref, int location: @location ref);
+
+#keyset[parent, idx]
+comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
+
+comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
+
+doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
+
+#keyset[parent, idx]
+exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
+
+literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
+
+constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
+
+fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
+
+typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
+
+scopes(unique int id: @scope, int kind: int ref);
+
+scopenesting(unique int inner: @scope ref, int outer: @scope ref);
+
+scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
+
+objects(unique int id: @object, int kind: int ref, string name: string ref);
+
+objectscopes(unique int object: @object ref, int scope: @scope ref);
+
+objecttypes(unique int object: @object ref, int tp: @type ref);
+
+methodreceivers(unique int method: @object ref, int receiver: @object ref);
+
+fieldstructs(unique int field: @object ref, int struct: @structtype ref);
+
+methodhosts(int method: @object ref, int host: @namedtype ref);
+
+defs(int ident: @ident ref, int object: @object ref);
+
+uses(int ident: @ident ref, int object: @object ref);
+
+types(unique int id: @type, int kind: int ref);
+
+type_of(unique int expr: @expr ref, int tp: @type ref);
+
+typename(unique int tp: @type ref, string name: string ref);
+
+key_type(unique int map: @maptype ref, int tp: @type ref);
+
+element_type(unique int container: @containertype ref, int tp: @type ref);
+
+base_type(unique int ptr: @pointertype ref, int tp: @type ref);
+
+underlying_type(unique int named: @namedtype ref, int tp: @type ref);
+
+#keyset[parent, index]
+component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
+
+array_length(unique int tp: @arraytype ref, string len: string ref);
+
+type_objects(unique int tp: @type ref, int object: @object ref);
+
+packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
+
+#keyset[parent, idx]
+modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
+
+#keyset[package, idx]
+errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
+       string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
+
+has_ellipsis(int id: @callorconversionexpr ref);
+
+variadic(int id: @signaturetype ref);
+
+#keyset[parent, idx]
+typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
+          int parent: @typeparamparentobject ref, int idx: int ref);
+
+@container = @file | @folder;
+
+@locatable = @xmllocatable | @node | @localscope;
+
+@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
+      | @scopenode | @comment_group | @comment;
+
+@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
+
+@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
+
+@modexprparent = @file | @modexpr;
+
+@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
+
+@stmtparent = @funcdef | @stmt | @decl;
+
+@declparent = @file | @declstmt;
+
+@typeparamdeclparent = @funcdecl | @typespec;
+
+@funcdef = @funclit | @funcdecl;
+
+@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
+
+@location = @location_default;
+
+@sourceline = @locatable;
+
+case @comment.kind of
+  0 = @slashslashcomment
+| 1 = @slashstarcomment;
+
+case @expr.kind of
+  0 = @badexpr
+| 1 = @ident
+| 2 = @ellipsis
+| 3 = @intlit
+| 4 = @floatlit
+| 5 = @imaglit
+| 6 = @charlit
+| 7 = @stringlit
+| 8 = @funclit
+| 9 = @compositelit
+| 10 = @parenexpr
+| 11 = @selectorexpr
+| 12 = @indexexpr
+| 13 = @genericfunctioninstantiationexpr
+| 14 = @generictypeinstantiationexpr
+| 15 = @sliceexpr
+| 16 = @typeassertexpr
+| 17 = @callorconversionexpr
+| 18 = @starexpr
+| 19 = @keyvalueexpr
+| 20 = @arraytypeexpr
+| 21 = @structtypeexpr
+| 22 = @functypeexpr
+| 23 = @interfacetypeexpr
+| 24 = @maptypeexpr
+| 25 = @typesetliteralexpr
+| 26 = @plusexpr
+| 27 = @minusexpr
+| 28 = @notexpr
+| 29 = @complementexpr
+| 30 = @derefexpr
+| 31 = @addressexpr
+| 32 = @arrowexpr
+| 33 = @lorexpr
+| 34 = @landexpr
+| 35 = @eqlexpr
+| 36 = @neqexpr
+| 37 = @lssexpr
+| 38 = @leqexpr
+| 39 = @gtrexpr
+| 40 = @geqexpr
+| 41 = @addexpr
+| 42 = @subexpr
+| 43 = @orexpr
+| 44 = @xorexpr
+| 45 = @mulexpr
+| 46 = @quoexpr
+| 47 = @remexpr
+| 48 = @shlexpr
+| 49 = @shrexpr
+| 50 = @andexpr
+| 51 = @andnotexpr
+| 52 = @sendchantypeexpr
+| 53 = @recvchantypeexpr
+| 54 = @sendrcvchantypeexpr
+| 55 = @errorexpr;
+
+@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
+
+@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
+
+@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
+
+@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
+
+@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
+
+@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
+
+@logicalunaryexpr = @notexpr;
+
+@bitwiseunaryexpr = @complementexpr;
+
+@arithmeticunaryexpr = @plusexpr | @minusexpr;
+
+@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
+
+@logicalbinaryexpr = @lorexpr | @landexpr;
+
+@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
+
+@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
+
+@shiftexpr = @shlexpr | @shrexpr;
+
+@comparison = @equalitytest | @relationalcomparison;
+
+@equalitytest = @eqlexpr | @neqexpr;
+
+@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
+
+@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
+
+case @stmt.kind of
+  0 = @badstmt
+| 1 = @declstmt
+| 2 = @emptystmt
+| 3 = @labeledstmt
+| 4 = @exprstmt
+| 5 = @sendstmt
+| 6 = @incstmt
+| 7 = @decstmt
+| 8 = @gostmt
+| 9 = @deferstmt
+| 10 = @returnstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @gotostmt
+| 14 = @fallthroughstmt
+| 15 = @blockstmt
+| 16 = @ifstmt
+| 17 = @caseclause
+| 18 = @exprswitchstmt
+| 19 = @typeswitchstmt
+| 20 = @commclause
+| 21 = @selectstmt
+| 22 = @forstmt
+| 23 = @rangestmt
+| 24 = @assignstmt
+| 25 = @definestmt
+| 26 = @addassignstmt
+| 27 = @subassignstmt
+| 28 = @mulassignstmt
+| 29 = @quoassignstmt
+| 30 = @remassignstmt
+| 31 = @andassignstmt
+| 32 = @orassignstmt
+| 33 = @xorassignstmt
+| 34 = @shlassignstmt
+| 35 = @shrassignstmt
+| 36 = @andnotassignstmt;
+
+@incdecstmt = @incstmt | @decstmt;
+
+@assignment = @simpleassignstmt | @compoundassignstmt;
+
+@simpleassignstmt = @assignstmt | @definestmt;
+
+@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
+                    | @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
+
+@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
+
+@switchstmt = @exprswitchstmt | @typeswitchstmt;
+
+@loopstmt = @forstmt | @rangestmt;
+
+case @decl.kind of
+  0 = @baddecl
+| 1 = @importdecl
+| 2 = @constdecl
+| 3 = @typedecl
+| 4 = @vardecl
+| 5 = @funcdecl;
+
+@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
+
+case @spec.kind of
+  0 = @importspec
+| 1 = @valuespec
+| 2 = @typedefspec
+| 3 = @aliasspec;
+
+@typespec = @typedefspec | @aliasspec;
+
+case @object.kind of
+  0 = @pkgobject
+| 1 = @decltypeobject
+| 2 = @builtintypeobject
+| 3 = @declconstobject
+| 4 = @builtinconstobject
+| 5 = @declvarobject
+| 6 = @declfunctionobject
+| 7 = @builtinfunctionobject
+| 8 = @labelobject;
+
+@typeparamparentobject = @decltypeobject | @declfunctionobject;
+
+@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
+
+@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
+
+@typeobject = @decltypeobject | @builtintypeobject;
+
+@valueobject = @constobject | @varobject | @functionobject;
+
+@constobject = @declconstobject | @builtinconstobject;
+
+@varobject = @declvarobject;
+
+@functionobject = @declfunctionobject | @builtinfunctionobject;
+
+case @scope.kind of
+  0 = @universescope
+| 1 = @packagescope
+| 2 = @localscope;
+
+case @type.kind of
+  0 = @invalidtype
+| 1 = @boolexprtype
+| 2 = @inttype
+| 3 = @int8type
+| 4 = @int16type
+| 5 = @int32type
+| 6 = @int64type
+| 7 = @uinttype
+| 8 = @uint8type
+| 9 = @uint16type
+| 10 = @uint32type
+| 11 = @uint64type
+| 12 = @uintptrtype
+| 13 = @float32type
+| 14 = @float64type
+| 15 = @complex64type
+| 16 = @complex128type
+| 17 = @stringexprtype
+| 18 = @unsafepointertype
+| 19 = @boolliteraltype
+| 20 = @intliteraltype
+| 21 = @runeliteraltype
+| 22 = @floatliteraltype
+| 23 = @complexliteraltype
+| 24 = @stringliteraltype
+| 25 = @nilliteraltype
+| 26 = @typeparamtype
+| 27 = @arraytype
+| 28 = @slicetype
+| 29 = @structtype
+| 30 = @pointertype
+| 31 = @interfacetype
+| 32 = @tupletype
+| 33 = @signaturetype
+| 34 = @maptype
+| 35 = @sendchantype
+| 36 = @recvchantype
+| 37 = @sendrcvchantype
+| 38 = @namedtype
+| 39 = @typesetliteraltype;
+
+@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
+
+@booltype = @boolexprtype | @boolliteraltype;
+
+@numerictype = @integertype | @floattype | @complextype;
+
+@integertype = @signedintegertype | @unsignedintegertype;
+
+@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
+
+@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
+
+@floattype = @float32type | @float64type | @floatliteraltype;
+
+@complextype = @complex64type | @complex128type | @complexliteraltype;
+
+@stringtype = @stringexprtype | @stringliteraltype;
+
+@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
+             | @stringliteraltype | @nilliteraltype;
+
+@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
+               | @signaturetype | @namedtype | @typesetliteraltype;
+
+@containertype = @arraytype | @slicetype | @maptype | @chantype;
+
+@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
+
+case @modexpr.kind of
+  0 = @modcommentblock
+| 1 = @modline
+| 2 = @modlineblock
+| 3 = @modlparen
+| 4 = @modrparen;
+
+case @error.kind of
+  0 = @unknownerror
+| 1 = @listerror
+| 2 = @parseerror
+| 3 = @typeerror;
+
diff --git a/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/old.dbscheme b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/old.dbscheme
new file mode 100644
index 00000000000..a58b81b1b4c
--- /dev/null
+++ b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/old.dbscheme
@@ -0,0 +1,546 @@
+/** Auto-generated dbscheme; do not edit. */
+
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+compilations(unique int id: @compilation, string cwd: string ref);
+
+#keyset[id, num]
+compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
+
+#keyset[id, num, kind]
+compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
+
+diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
+
+compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
+
+#keyset[id, num]
+compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
+
+diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
+            string full_error_message: string ref, int location: @location ref);
+
+locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
+                  int endLine: int ref, int endColumn: int ref);
+
+numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
+
+files(unique int id: @file, string name: string ref);
+
+folders(unique int id: @folder, string name: string ref);
+
+containerparent(int parent: @container ref, unique int child: @container ref);
+
+has_location(unique int locatable: @locatable ref, int location: @location ref);
+
+#keyset[parent, idx]
+comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
+
+comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
+
+doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
+
+#keyset[parent, idx]
+exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
+
+literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
+
+constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
+
+fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
+
+typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
+
+scopes(unique int id: @scope, int kind: int ref);
+
+scopenesting(unique int inner: @scope ref, int outer: @scope ref);
+
+scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
+
+objects(unique int id: @object, int kind: int ref, string name: string ref);
+
+objectscopes(unique int object: @object ref, int scope: @scope ref);
+
+objecttypes(unique int object: @object ref, int tp: @type ref);
+
+methodreceivers(unique int method: @object ref, int receiver: @object ref);
+
+fieldstructs(unique int field: @object ref, int struct: @structtype ref);
+
+methodhosts(int method: @object ref, int host: @namedtype ref);
+
+defs(int ident: @ident ref, int object: @object ref);
+
+uses(int ident: @ident ref, int object: @object ref);
+
+types(unique int id: @type, int kind: int ref);
+
+type_of(unique int expr: @expr ref, int tp: @type ref);
+
+typename(unique int tp: @type ref, string name: string ref);
+
+key_type(unique int map: @maptype ref, int tp: @type ref);
+
+element_type(unique int container: @containertype ref, int tp: @type ref);
+
+base_type(unique int ptr: @pointertype ref, int tp: @type ref);
+
+underlying_type(unique int named: @namedtype ref, int tp: @type ref);
+
+#keyset[parent, index]
+component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
+
+array_length(unique int tp: @arraytype ref, string len: string ref);
+
+type_objects(unique int tp: @type ref, int object: @object ref);
+
+packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
+
+#keyset[parent, idx]
+modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
+
+#keyset[package, idx]
+errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
+       string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
+
+has_ellipsis(int id: @callorconversionexpr ref);
+
+variadic(int id: @signaturetype ref);
+
+#keyset[parent, idx]
+typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
+          int parent: @typeparamparentobject ref, int idx: int ref);
+
+@container = @file | @folder;
+
+@locatable = @xmllocatable | @node | @localscope;
+
+@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
+      | @scopenode | @comment_group | @comment;
+
+@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
+
+@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
+
+@modexprparent = @file | @modexpr;
+
+@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
+
+@stmtparent = @funcdef | @stmt | @decl;
+
+@declparent = @file | @declstmt;
+
+@typeparamdeclparent = @funcdecl | @typespec;
+
+@funcdef = @funclit | @funcdecl;
+
+@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
+
+@location = @location_default;
+
+@sourceline = @locatable;
+
+case @comment.kind of
+  0 = @slashslashcomment
+| 1 = @slashstarcomment;
+
+case @expr.kind of
+  0 = @badexpr
+| 1 = @ident
+| 2 = @ellipsis
+| 3 = @intlit
+| 4 = @floatlit
+| 5 = @imaglit
+| 6 = @charlit
+| 7 = @stringlit
+| 8 = @funclit
+| 9 = @compositelit
+| 10 = @parenexpr
+| 11 = @selectorexpr
+| 12 = @indexexpr
+| 13 = @genericfunctioninstantiationexpr
+| 14 = @generictypeinstantiationexpr
+| 15 = @sliceexpr
+| 16 = @typeassertexpr
+| 17 = @callorconversionexpr
+| 18 = @starexpr
+| 19 = @keyvalueexpr
+| 20 = @arraytypeexpr
+| 21 = @structtypeexpr
+| 22 = @functypeexpr
+| 23 = @interfacetypeexpr
+| 24 = @maptypeexpr
+| 25 = @typesetliteralexpr
+| 26 = @plusexpr
+| 27 = @minusexpr
+| 28 = @notexpr
+| 29 = @complementexpr
+| 30 = @derefexpr
+| 31 = @addressexpr
+| 32 = @arrowexpr
+| 33 = @lorexpr
+| 34 = @landexpr
+| 35 = @eqlexpr
+| 36 = @neqexpr
+| 37 = @lssexpr
+| 38 = @leqexpr
+| 39 = @gtrexpr
+| 40 = @geqexpr
+| 41 = @addexpr
+| 42 = @subexpr
+| 43 = @orexpr
+| 44 = @xorexpr
+| 45 = @mulexpr
+| 46 = @quoexpr
+| 47 = @remexpr
+| 48 = @shlexpr
+| 49 = @shrexpr
+| 50 = @andexpr
+| 51 = @andnotexpr
+| 52 = @sendchantypeexpr
+| 53 = @recvchantypeexpr
+| 54 = @sendrcvchantypeexpr;
+
+@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
+
+@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
+
+@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
+
+@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
+
+@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
+
+@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
+
+@logicalunaryexpr = @notexpr;
+
+@bitwiseunaryexpr = @complementexpr;
+
+@arithmeticunaryexpr = @plusexpr | @minusexpr;
+
+@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
+
+@logicalbinaryexpr = @lorexpr | @landexpr;
+
+@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
+
+@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
+
+@shiftexpr = @shlexpr | @shrexpr;
+
+@comparison = @equalitytest | @relationalcomparison;
+
+@equalitytest = @eqlexpr | @neqexpr;
+
+@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
+
+@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
+
+case @stmt.kind of
+  0 = @badstmt
+| 1 = @declstmt
+| 2 = @emptystmt
+| 3 = @labeledstmt
+| 4 = @exprstmt
+| 5 = @sendstmt
+| 6 = @incstmt
+| 7 = @decstmt
+| 8 = @gostmt
+| 9 = @deferstmt
+| 10 = @returnstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @gotostmt
+| 14 = @fallthroughstmt
+| 15 = @blockstmt
+| 16 = @ifstmt
+| 17 = @caseclause
+| 18 = @exprswitchstmt
+| 19 = @typeswitchstmt
+| 20 = @commclause
+| 21 = @selectstmt
+| 22 = @forstmt
+| 23 = @rangestmt
+| 24 = @assignstmt
+| 25 = @definestmt
+| 26 = @addassignstmt
+| 27 = @subassignstmt
+| 28 = @mulassignstmt
+| 29 = @quoassignstmt
+| 30 = @remassignstmt
+| 31 = @andassignstmt
+| 32 = @orassignstmt
+| 33 = @xorassignstmt
+| 34 = @shlassignstmt
+| 35 = @shrassignstmt
+| 36 = @andnotassignstmt;
+
+@incdecstmt = @incstmt | @decstmt;
+
+@assignment = @simpleassignstmt | @compoundassignstmt;
+
+@simpleassignstmt = @assignstmt | @definestmt;
+
+@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
+                    | @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
+
+@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
+
+@switchstmt = @exprswitchstmt | @typeswitchstmt;
+
+@loopstmt = @forstmt | @rangestmt;
+
+case @decl.kind of
+  0 = @baddecl
+| 1 = @importdecl
+| 2 = @constdecl
+| 3 = @typedecl
+| 4 = @vardecl
+| 5 = @funcdecl;
+
+@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
+
+case @spec.kind of
+  0 = @importspec
+| 1 = @valuespec
+| 2 = @typedefspec
+| 3 = @aliasspec;
+
+@typespec = @typedefspec | @aliasspec;
+
+case @object.kind of
+  0 = @pkgobject
+| 1 = @decltypeobject
+| 2 = @builtintypeobject
+| 3 = @declconstobject
+| 4 = @builtinconstobject
+| 5 = @declvarobject
+| 6 = @declfunctionobject
+| 7 = @builtinfunctionobject
+| 8 = @labelobject;
+
+@typeparamparentobject = @decltypeobject | @declfunctionobject;
+
+@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
+
+@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
+
+@typeobject = @decltypeobject | @builtintypeobject;
+
+@valueobject = @constobject | @varobject | @functionobject;
+
+@constobject = @declconstobject | @builtinconstobject;
+
+@varobject = @declvarobject;
+
+@functionobject = @declfunctionobject | @builtinfunctionobject;
+
+case @scope.kind of
+  0 = @universescope
+| 1 = @packagescope
+| 2 = @localscope;
+
+case @type.kind of
+  0 = @invalidtype
+| 1 = @boolexprtype
+| 2 = @inttype
+| 3 = @int8type
+| 4 = @int16type
+| 5 = @int32type
+| 6 = @int64type
+| 7 = @uinttype
+| 8 = @uint8type
+| 9 = @uint16type
+| 10 = @uint32type
+| 11 = @uint64type
+| 12 = @uintptrtype
+| 13 = @float32type
+| 14 = @float64type
+| 15 = @complex64type
+| 16 = @complex128type
+| 17 = @stringexprtype
+| 18 = @unsafepointertype
+| 19 = @boolliteraltype
+| 20 = @intliteraltype
+| 21 = @runeliteraltype
+| 22 = @floatliteraltype
+| 23 = @complexliteraltype
+| 24 = @stringliteraltype
+| 25 = @nilliteraltype
+| 26 = @typeparamtype
+| 27 = @arraytype
+| 28 = @slicetype
+| 29 = @structtype
+| 30 = @pointertype
+| 31 = @interfacetype
+| 32 = @tupletype
+| 33 = @signaturetype
+| 34 = @maptype
+| 35 = @sendchantype
+| 36 = @recvchantype
+| 37 = @sendrcvchantype
+| 38 = @namedtype
+| 39 = @typesetliteraltype;
+
+@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
+
+@booltype = @boolexprtype | @boolliteraltype;
+
+@numerictype = @integertype | @floattype | @complextype;
+
+@integertype = @signedintegertype | @unsignedintegertype;
+
+@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
+
+@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
+
+@floattype = @float32type | @float64type | @floatliteraltype;
+
+@complextype = @complex64type | @complex128type | @complexliteraltype;
+
+@stringtype = @stringexprtype | @stringliteraltype;
+
+@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
+             | @stringliteraltype | @nilliteraltype;
+
+@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
+               | @signaturetype | @namedtype | @typesetliteraltype;
+
+@containertype = @arraytype | @slicetype | @maptype | @chantype;
+
+@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
+
+case @modexpr.kind of
+  0 = @modcommentblock
+| 1 = @modline
+| 2 = @modlineblock
+| 3 = @modlparen
+| 4 = @modrparen;
+
+case @error.kind of
+  0 = @unknownerror
+| 1 = @listerror
+| 2 = @parseerror
+| 3 = @typeerror;
+
diff --git a/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/upgrade.properties b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/upgrade.properties
new file mode 100644
index 00000000000..4982fc6893a
--- /dev/null
+++ b/go/downgrades/a58b81b1b4c4cccc8ca11731c1db86622f33af57/upgrade.properties
@@ -0,0 +1,2 @@
+description: Delete @errorexpr - @badexpr should be used instead
+compatibility: full
diff --git a/go/extractor/dbscheme/tables.go b/go/extractor/dbscheme/tables.go
index 63332aa3b59..e987cb402ae 100644
--- a/go/extractor/dbscheme/tables.go
+++ b/go/extractor/dbscheme/tables.go
@@ -521,9 +521,6 @@ var ChanTypeExprs = map[ast.ChanDir]*BranchType{
 	ast.SEND | ast.RECV: ExprKind.NewBranch("@sendrcvchantypeexpr", ChanTypeExpr),
 }
 
-// ErrorExpr is an AST node type that is not used anywhere
-var ErrorExpr = ExprKind.NewBranch("@errorexpr")
-
 // StmtKind is a case type for distinguishing different kinds of statement AST nodes
 var StmtKind = NewCaseType(StmtType, "kind")
 
diff --git a/go/extractor/extractor.go b/go/extractor/extractor.go
index 1be2bfef224..4b087d82947 100644
--- a/go/extractor/extractor.go
+++ b/go/extractor/extractor.go
@@ -103,29 +103,29 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 	extractUniverseScope()
 	log.Println("Done extracting universe scope.")
 
-	// a map of package path to package root directory (currently the module root or the source directory)
-	pkgRoots := make(map[string]string)
-	// a map of package path to source code directory
-	pkgDirs := make(map[string]string)
+	// a map of package path to source directory and module root directory
+	pkgInfos := make(map[string]util.PkgInfo)
 	// root directories of packages that we want to extract
 	wantedRoots := make(map[string]bool)
 
+	if os.Getenv("CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO") != "" {
+		log.Printf("Running go list to resolve package and module directories.")
+		// get all packages information
+		pkgInfos, err = util.GetPkgsInfo(patterns, true, modFlags...)
+		if err != nil {
+			log.Fatalf("Error getting dependency package or module directories: %v.", err)
+		}
+		log.Printf("Done running go list deps: resolved %d packages.", len(pkgInfos))
+	}
+
 	// Do a post-order traversal and extract the package scope of each package
 	packages.Visit(pkgs, func(pkg *packages.Package) bool {
 		return true
 	}, func(pkg *packages.Package) {
 		log.Printf("Processing package %s.", pkg.PkgPath)
 
-		if _, ok := pkgRoots[pkg.PkgPath]; !ok {
-			mdir := util.GetModDir(pkg.PkgPath, modFlags...)
-			pdir := util.GetPkgDir(pkg.PkgPath, modFlags...)
-			// GetModDir returns the empty string if the module directory cannot be determined, e.g. if the package
-			// is not using modules. If this is the case, fall back to the package directory
-			if mdir == "" {
-				mdir = pdir
-			}
-			pkgRoots[pkg.PkgPath] = mdir
-			pkgDirs[pkg.PkgPath] = pdir
+		if _, ok := pkgInfos[pkg.PkgPath]; !ok {
+			pkgInfos[pkg.PkgPath] = util.GetPkgInfo(pkg.PkgPath, modFlags...)
 		}
 
 		log.Printf("Extracting types for package %s.", pkg.PkgPath)
@@ -152,11 +152,14 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 	})
 
 	for _, pkg := range pkgs {
-		if pkgRoots[pkg.PkgPath] == "" {
+		pkgInfo, ok := pkgInfos[pkg.PkgPath]
+		if !ok || pkgInfo.PkgDir == "" {
 			log.Fatalf("Unable to get a source directory for input package %s.", pkg.PkgPath)
 		}
-		wantedRoots[pkgRoots[pkg.PkgPath]] = true
-		wantedRoots[pkgDirs[pkg.PkgPath]] = true
+		wantedRoots[pkgInfo.PkgDir] = true
+		if pkgInfo.ModDir != "" {
+			wantedRoots[pkgInfo.ModDir] = true
+		}
 	}
 
 	log.Println("Done processing dependencies.")
@@ -174,7 +177,8 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 		return true
 	}, func(pkg *packages.Package) {
 		for root, _ := range wantedRoots {
-			relDir, err := filepath.Rel(root, pkgDirs[pkg.PkgPath])
+			pkgInfo := pkgInfos[pkg.PkgPath]
+			relDir, err := filepath.Rel(root, pkgInfo.PkgDir)
 			if err != nil || noExtractRe.MatchString(relDir) {
 				// if the path can't be made relative or matches the noExtract regexp skip it
 				continue
@@ -182,8 +186,12 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 
 			extraction.extractPackage(pkg)
 
-			if pkgRoots[pkg.PkgPath] != "" {
-				modPath := filepath.Join(pkgRoots[pkg.PkgPath], "go.mod")
+			modDir := pkgInfo.ModDir
+			if modDir == "" {
+				modDir = pkgInfo.PkgDir
+			}
+			if modDir != "" {
+				modPath := filepath.Join(modDir, "go.mod")
 				if util.FileExists(modPath) {
 					log.Printf("Extracting %s", modPath)
 					start := time.Now()
diff --git a/go/extractor/trap/labels.go b/go/extractor/trap/labels.go
index 1e9bd298447..f1572fb874e 100644
--- a/go/extractor/trap/labels.go
+++ b/go/extractor/trap/labels.go
@@ -57,7 +57,7 @@ func (l *Labeler) GlobalID(key string) Label {
 	label, exists := l.keyLabels[key]
 	if !exists {
 		id := l.nextID()
-		fmt.Fprintf(l.tw.zip, "%s=@\"%s\"\n", id, escapeString(key))
+		fmt.Fprintf(l.tw.wzip, "%s=@\"%s\"\n", id, escapeString(key))
 		label = Label{id}
 		l.keyLabels[key] = label
 	}
@@ -90,7 +90,7 @@ func (l *Labeler) LocalID(nd interface{}) Label {
 // FreshID creates a fresh label and returns it
 func (l *Labeler) FreshID() Label {
 	id := l.nextID()
-	fmt.Fprintf(l.tw.zip, "%s=*\n", id)
+	fmt.Fprintf(l.tw.wzip, "%s=*\n", id)
 	return Label{id}
 }
 
diff --git a/go/extractor/trap/trapwriter.go b/go/extractor/trap/trapwriter.go
index 4c0911e24d7..0833d845830 100644
--- a/go/extractor/trap/trapwriter.go
+++ b/go/extractor/trap/trapwriter.go
@@ -19,7 +19,8 @@ import (
 // A Writer provides methods for writing data to a TRAP file
 type Writer struct {
 	zip             *gzip.Writer
-	w               *bufio.Writer
+	wzip            *bufio.Writer
+	wfile           *bufio.Writer
 	file            *os.File
 	Labeler         *Labeler
 	path            string
@@ -54,11 +55,13 @@ func NewWriter(path string, pkg *packages.Package) (*Writer, error) {
 	if err != nil {
 		return nil, err
 	}
-	bufioWriter := bufio.NewWriter(tmpFile)
-	zipWriter := gzip.NewWriter(bufioWriter)
+	bufioFileWriter := bufio.NewWriter(tmpFile)
+	zipWriter := gzip.NewWriter(bufioFileWriter)
+	bufioZipWriter := bufio.NewWriter(zipWriter)
 	tw := &Writer{
 		zipWriter,
-		bufioWriter,
+		bufioZipWriter,
+		bufioFileWriter,
 		tmpFile,
 		nil,
 		path,
@@ -88,13 +91,19 @@ func trapFolder() (string, error) {
 
 // Close the underlying file writer
 func (tw *Writer) Close() error {
-	err := tw.zip.Close()
+	err := tw.wzip.Flush()
+	if err != nil {
+		// throw away file close error
+		tw.file.Close()
+		return err
+	}
+	err = tw.zip.Close()
 	if err != nil {
 		// return zip-close error, but ignore file-close error
 		tw.file.Close()
 		return err
 	}
-	err = tw.w.Flush()
+	err = tw.wfile.Flush()
 	if err != nil {
 		// throw away close error because write errors are likely to be more important
 		tw.file.Close()
@@ -145,24 +154,24 @@ func capStringLength(s string) string {
 
 // Emit writes out a tuple of values for the given `table`
 func (tw *Writer) Emit(table string, values []interface{}) error {
-	fmt.Fprintf(tw.zip, "%s(", table)
+	fmt.Fprintf(tw.wzip, "%s(", table)
 	for i, value := range values {
 		if i > 0 {
-			fmt.Fprint(tw.zip, ", ")
+			fmt.Fprint(tw.wzip, ", ")
 		}
 		switch value := value.(type) {
 		case Label:
-			fmt.Fprint(tw.zip, value.id)
+			fmt.Fprint(tw.wzip, value.id)
 		case string:
-			fmt.Fprintf(tw.zip, "\"%s\"", escapeString(capStringLength(value)))
+			fmt.Fprintf(tw.wzip, "\"%s\"", escapeString(capStringLength(value)))
 		case int:
-			fmt.Fprintf(tw.zip, "%d", value)
+			fmt.Fprintf(tw.wzip, "%d", value)
 		case float64:
-			fmt.Fprintf(tw.zip, "%e", value)
+			fmt.Fprintf(tw.wzip, "%e", value)
 		default:
 			return errors.New("Cannot emit value")
 		}
 	}
-	fmt.Fprintf(tw.zip, ")\n")
+	fmt.Fprintf(tw.wzip, ")\n")
 	return nil
 }
diff --git a/go/extractor/util/util.go b/go/extractor/util/util.go
index 5725c03d5b6..c4bdf3d1c61 100644
--- a/go/extractor/util/util.go
+++ b/go/extractor/util/util.go
@@ -1,7 +1,9 @@
 package util
 
 import (
+	"encoding/json"
 	"errors"
+	"io"
 	"log"
 	"os"
 	"os/exec"
@@ -31,13 +33,13 @@ func Getenv(key string, aliases ...string) string {
 
 // runGoList is a helper function for running go list with format `format` and flags `flags` on
 // package `pkgpath`.
-func runGoList(format string, pkgpath string, flags ...string) (string, error) {
-	return runGoListWithEnv(format, pkgpath, nil, flags...)
+func runGoList(format string, patterns []string, flags ...string) (string, error) {
+	return runGoListWithEnv(format, patterns, nil, flags...)
 }
 
-func runGoListWithEnv(format string, pkgpath string, additionalEnv []string, flags ...string) (string, error) {
+func runGoListWithEnv(format string, patterns []string, additionalEnv []string, flags ...string) (string, error) {
 	args := append([]string{"list", "-e", "-f", format}, flags...)
-	args = append(args, pkgpath)
+	args = append(args, patterns...)
 	cmd := exec.Command("go", args...)
 	cmd.Env = append(os.Environ(), additionalEnv...)
 	out, err := cmd.Output()
@@ -54,18 +56,89 @@ func runGoListWithEnv(format string, pkgpath string, additionalEnv []string, fla
 	return strings.TrimSpace(string(out)), nil
 }
 
+// PkgInfo holds package directory and module directory (if any) for a package
+type PkgInfo struct {
+	PkgDir string // the directory directly containing source code of this package
+	ModDir string // the module directory containing this package, empty if not a module
+}
+
+// GetPkgsInfo gets the absolute module and package root directories for the packages matched by the
+// patterns `patterns`. It passes to `go list` the flags specified by `flags`.  If `includingDeps`
+// is true, all dependencies will also be included.
+func GetPkgsInfo(patterns []string, includingDeps bool, flags ...string) (map[string]PkgInfo, error) {
+	// enable module mode so that we can find a module root if it exists, even if go module support is
+	// disabled by a build
+	if includingDeps {
+		// the flag `-deps` causes all dependencies to be retrieved
+		flags = append(flags, "-deps")
+	}
+
+	// using -json overrides -f format
+	output, err := runGoList("", patterns, append(flags, "-json")...)
+	if err != nil {
+		return nil, err
+	}
+
+	// the output of `go list -json` is a stream of json object
+	type goListPkgInfo struct {
+		ImportPath string
+		Dir        string
+		Module     *struct {
+			Dir string
+		}
+	}
+	pkgInfoMapping := make(map[string]PkgInfo)
+	streamDecoder := json.NewDecoder(strings.NewReader(output))
+	for {
+		var pkgInfo goListPkgInfo
+		decErr := streamDecoder.Decode(&pkgInfo)
+		if decErr == io.EOF {
+			break
+		}
+		if decErr != nil {
+			log.Printf("Error decoding output of go list -json: %s", err.Error())
+			return nil, decErr
+		}
+		pkgAbsDir, err := filepath.Abs(pkgInfo.Dir)
+		if err != nil {
+			log.Printf("Unable to make package dir %s absolute: %s", pkgInfo.Dir, err.Error())
+		}
+		var modAbsDir string
+		if pkgInfo.Module != nil {
+			modAbsDir, err = filepath.Abs(pkgInfo.Module.Dir)
+			if err != nil {
+				log.Printf("Unable to make module dir %s absolute: %s", pkgInfo.Module.Dir, err.Error())
+			}
+		}
+		pkgInfoMapping[pkgInfo.ImportPath] = PkgInfo{
+			PkgDir: pkgAbsDir,
+			ModDir: modAbsDir,
+		}
+	}
+	return pkgInfoMapping, nil
+}
+
+// GetPkgInfo fills the package info structure for the specified package path.
+// It passes the `go list` the flags specified by `flags`.
+func GetPkgInfo(pkgpath string, flags ...string) PkgInfo {
+	return PkgInfo{
+		PkgDir: GetPkgDir(pkgpath, flags...),
+		ModDir: GetModDir(pkgpath, flags...),
+	}
+}
+
 // GetModDir gets the absolute directory of the module containing the package with path
 // `pkgpath`. It passes the `go list` the flags specified by `flags`.
 func GetModDir(pkgpath string, flags ...string) string {
 	// enable module mode so that we can find a module root if it exists, even if go module support is
 	// disabled by a build
-	mod, err := runGoListWithEnv("{{.Module}}", pkgpath, []string{"GO111MODULE=on"}, flags...)
+	mod, err := runGoListWithEnv("{{.Module}}", []string{pkgpath}, []string{"GO111MODULE=on"}, flags...)
 	if err != nil || mod == "<nil>" {
 		// if the command errors or modules aren't being used, return the empty string
 		return ""
 	}
 
-	modDir, err := runGoListWithEnv("{{.Module.Dir}}", pkgpath, []string{"GO111MODULE=on"}, flags...)
+	modDir, err := runGoListWithEnv("{{.Module.Dir}}", []string{pkgpath}, []string{"GO111MODULE=on"}, flags...)
 	if err != nil {
 		return ""
 	}
@@ -81,7 +154,7 @@ func GetModDir(pkgpath string, flags ...string) string {
 // GetPkgDir gets the absolute directory containing the package with path `pkgpath`. It passes the
 // `go list` command the flags specified by `flags`.
 func GetPkgDir(pkgpath string, flags ...string) string {
-	pkgDir, err := runGoList("{{.Dir}}", pkgpath, flags...)
+	pkgDir, err := runGoList("{{.Dir}}", []string{pkgpath}, flags...)
 	if err != nil {
 		return ""
 	}
@@ -97,7 +170,7 @@ func GetPkgDir(pkgpath string, flags ...string) string {
 // DepErrors checks there are any errors resolving dependencies for `pkgpath`. It passes the `go
 // list` command the flags specified by `flags`.
 func DepErrors(pkgpath string, flags ...string) bool {
-	out, err := runGoList("{{if .DepsErrors}}{{else}}error{{end}}", pkgpath, flags...)
+	out, err := runGoList("{{if .DepsErrors}}{{else}}error{{end}}", []string{pkgpath}, flags...)
 	if err != nil {
 		// if go list failed, assume dependencies are broken
 		return false
diff --git a/go/ql/examples/snippets/incompleteswitchoverenum.ql b/go/ql/examples/snippets/incompleteswitchoverenum.ql
index b201e55089e..1ded8d0a1ab 100644
--- a/go/ql/examples/snippets/incompleteswitchoverenum.ql
+++ b/go/ql/examples/snippets/incompleteswitchoverenum.ql
@@ -2,6 +2,7 @@
  * @name Incomplete switch over enum
  * @description A switch statement of enum type should explicitly reference each
  *   of the members of that enum.
+ * @severity warning
  * @kind problem
  * @id go/examples/incomplete-switch
  */
diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
index 681412ed46f..ba72eb8950a 100644
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.3.6
+
+No user-facing changes.
+
+## 0.3.5
+
+No user-facing changes.
+
+## 0.3.4
+
+No user-facing changes.
+
 ## 0.3.3
 
 No user-facing changes.
diff --git a/go/ql/lib/change-notes/2022-11-17-allow-implicit-read-signature.md b/go/ql/lib/change-notes/2022-11-17-allow-implicit-read-signature.md
new file mode 100644
index 00000000000..a796e953583
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-11-17-allow-implicit-read-signature.md
@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
diff --git a/go/ql/lib/change-notes/2022-11-17-barrierguard-deprecation.md b/go/ql/lib/change-notes/2022-11-17-barrierguard-deprecation.md
new file mode 100644
index 00000000000..2bd95798f89
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-11-17-barrierguard-deprecation.md
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
diff --git a/go/ql/lib/change-notes/2022-11-17-rsync-argument-injection.md b/go/ql/lib/change-notes/2022-11-17-rsync-argument-injection.md
new file mode 100644
index 00000000000..fb39aebe09c
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-11-17-rsync-argument-injection.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * `rsync` has been added to the list of commands which may evaluate its parameters as a shell command.
diff --git a/go/ql/lib/change-notes/2022-12-03-gorqlite-goframe.md b/go/ql/lib/change-notes/2022-12-03-gorqlite-goframe.md
new file mode 100644
index 00000000000..d86db129dab
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-12-03-gorqlite-goframe.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Queries that care about SQL, such as `go/sql-injection`, now recognise SQL-consuming functions belonging to the `gorqlite` and `GoFrame` packages.
diff --git a/go/ql/lib/change-notes/2022-12-16-implicit-read-flowstates.md b/go/ql/lib/change-notes/2022-12-16-implicit-read-flowstates.md
new file mode 100644
index 00000000000..49b42f82eb1
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-12-16-implicit-read-flowstates.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.
diff --git a/go/ql/lib/change-notes/2022-12-6-may-have-side-effects-return-stmt.md b/go/ql/lib/change-notes/2022-12-6-may-have-side-effects-return-stmt.md
new file mode 100644
index 00000000000..2b885555e5b
--- /dev/null
+++ b/go/ql/lib/change-notes/2022-12-6-may-have-side-effects-return-stmt.md
@@ -0,0 +1,8 @@
+---
+category: minorAnalysis
+---
+The definition of `mayHaveSideEffects` for `ReturnStmt` was incorrect when more
+than one expression was being returned. Such return statements were
+effectively considered to never have side effects. This has now been fixed.
+In rare circumstances `globalValueNumber` may have incorrectly treated two
+values as the same when they were in fact distinct.
diff --git a/go/ql/lib/change-notes/released/0.3.4.md b/go/ql/lib/change-notes/released/0.3.4.md
new file mode 100644
index 00000000000..5fae94b07c9
--- /dev/null
+++ b/go/ql/lib/change-notes/released/0.3.4.md
@@ -0,0 +1,3 @@
+## 0.3.4
+
+No user-facing changes.
diff --git a/go/ql/lib/change-notes/released/0.3.5.md b/go/ql/lib/change-notes/released/0.3.5.md
new file mode 100644
index 00000000000..7a86712e637
--- /dev/null
+++ b/go/ql/lib/change-notes/released/0.3.5.md
@@ -0,0 +1,3 @@
+## 0.3.5
+
+No user-facing changes.
diff --git a/go/ql/lib/change-notes/released/0.3.6.md b/go/ql/lib/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/go/ql/lib/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
index 9da182d3394..7bbaa8987dd 100644
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.6
diff --git a/go/ql/lib/go.dbscheme b/go/ql/lib/go.dbscheme
index 90fa7836e0a..a58b81b1b4c 100644
--- a/go/ql/lib/go.dbscheme
+++ b/go/ql/lib/go.dbscheme
@@ -319,8 +319,7 @@ case @expr.kind of
 | 51 = @andnotexpr
 | 52 = @sendchantypeexpr
 | 53 = @recvchantypeexpr
-| 54 = @sendrcvchantypeexpr
-| 55 = @errorexpr;
+| 54 = @sendrcvchantypeexpr;
 
 @basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
 
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
index 9daccdd80b6..a3b398f3a0b 100644
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.3.4-dev
+version: 0.4.0-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
diff --git a/go/ql/lib/semmle/go/Scopes.qll b/go/ql/lib/semmle/go/Scopes.qll
index b14d558fabb..385b52028d9 100644
--- a/go/ql/lib/semmle/go/Scopes.qll
+++ b/go/ql/lib/semmle/go/Scopes.qll
@@ -95,7 +95,12 @@ class Entity extends @object {
   /** Gets the package in which this entity is declared, if any. */
   Package getPackage() { result.getScope() = this.getScope() }
 
-  /** Holds if this entity is declared in a package with path `pkg` and has the given `name`. */
+  /**
+   * Holds if this entity is declared in a package with path `pkg` and has the given `name`.
+   *
+   * Note that for methods `pkg` is the package path followed by `.` followed
+   * by the name of the receiver type, for example `io.Writer`.
+   */
   predicate hasQualifiedName(string pkg, string name) {
     pkg = this.getPackage().getPath() and
     name = this.getName()
diff --git a/go/ql/lib/semmle/go/Stmt.qll b/go/ql/lib/semmle/go/Stmt.qll
index 9873bf1db17..2a77450855d 100644
--- a/go/ql/lib/semmle/go/Stmt.qll
+++ b/go/ql/lib/semmle/go/Stmt.qll
@@ -569,7 +569,7 @@ class ReturnStmt extends @returnstmt, Stmt {
   /** Gets the unique returned expression, if there is only one. */
   Expr getExpr() { getNumChild() = 1 and result = getExpr(0) }
 
-  override predicate mayHaveSideEffects() { getExpr().mayHaveSideEffects() }
+  override predicate mayHaveSideEffects() { getAnExpr().mayHaveSideEffects() }
 
   override string toString() { result = "return statement" }
 
diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
index 51e03de3ab7..f4f355d87a1 100644
--- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
+++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
@@ -106,24 +106,20 @@ module ControlFlow {
    * A control-flow node that initializes or updates the value of a constant, a variable,
    * a field, or an (array, slice, or map) element.
    */
-  class WriteNode extends Node {
-    IR::WriteInstruction self;
-
-    WriteNode() { this = self }
-
+  class WriteNode extends Node instanceof IR::WriteInstruction {
     /** Gets the left-hand side of this write. */
-    IR::WriteTarget getLhs() { result = self.getLhs() }
+    IR::WriteTarget getLhs() { result = super.getLhs() }
 
     /** Gets the right-hand side of this write. */
-    DataFlow::Node getRhs() { self.getRhs() = result.asInstruction() }
+    DataFlow::Node getRhs() { super.getRhs() = result.asInstruction() }
 
     /** Holds if this node sets variable or constant `v` to `rhs`. */
-    predicate writes(ValueEntity v, DataFlow::Node rhs) { self.writes(v, rhs.asInstruction()) }
+    predicate writes(ValueEntity v, DataFlow::Node rhs) { super.writes(v, rhs.asInstruction()) }
 
     /** Holds if this node defines SSA variable `v` to be `rhs`. */
     predicate definesSsaVariable(SsaVariable v, DataFlow::Node rhs) {
-      self.getLhs().asSsaVariable() = v and
-      self.getRhs() = rhs.asInstruction()
+      super.getLhs().asSsaVariable() = v and
+      super.getRhs() = rhs.asInstruction()
     }
 
     /**
@@ -136,13 +132,13 @@ module ControlFlow {
      * node corresponding to `newWidth`.
      */
     predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) {
-      exists(IR::FieldTarget trg | trg = self.getLhs() |
+      exists(IR::FieldTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base.asInstruction() or
           trg.getBase() = MkImplicitDeref(base.asExpr())
         ) and
         trg.getField() = f and
-        self.getRhs() = rhs.asInstruction()
+        super.getRhs() = rhs.asInstruction()
       )
     }
 
@@ -156,13 +152,13 @@ module ControlFlow {
      * is the data-flow node corresponding to `base`.
      */
     predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
-      exists(IR::ElementTarget trg | trg = self.getLhs() |
+      exists(IR::ElementTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base.asInstruction() or
           trg.getBase() = MkImplicitDeref(base.asExpr())
         ) and
         trg.getIndex() = index.asInstruction() and
-        self.getRhs() = rhs.asInstruction()
+        super.getRhs() = rhs.asInstruction()
       )
     }
 
diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
index 3f414c8e6af..556c5d3b726 100644
--- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
+++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -124,10 +124,17 @@ predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
 /** Holds if `row` is a summary model. */
 predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
 
+bindingset[input]
+private predicate getKind(string input, string kind, boolean generated) {
+  input.splitAt(":", 0) = "generated" and kind = input.splitAt(":", 1) and generated = true
+  or
+  not input.matches("%:%") and kind = input and generated = false
+}
+
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind
+  string output, string kind, boolean generated
 ) {
   exists(string row |
     sourceModel(row) and
@@ -139,14 +146,14 @@ predicate sourceModel(
     row.splitAt(";", 4) = signature and
     row.splitAt(";", 5) = ext and
     row.splitAt(";", 6) = output and
-    row.splitAt(";", 7) = kind
+    exists(string k | row.splitAt(";", 7) = k and getKind(k, kind, generated))
   )
 }
 
 /** Holds if a sink model exists for the given parameters. */
 predicate sinkModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind
+  string input, string kind, boolean generated
 ) {
   exists(string row |
     sinkModel(row) and
@@ -158,22 +165,22 @@ predicate sinkModel(
     row.splitAt(";", 4) = signature and
     row.splitAt(";", 5) = ext and
     row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = kind
+    exists(string k | row.splitAt(";", 7) = k and getKind(k, kind, generated))
   )
 }
 
 /** Holds if a summary model exists for the given parameters. */
 predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind
+  string input, string output, string kind, boolean generated
 ) {
-  summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, _)
+  summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, generated, _)
 }
 
 /** Holds if a summary model `row` exists for the given parameters. */
 predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string row
+  string input, string output, string kind, boolean generated, string row
 ) {
   summaryModel(row) and
   row.splitAt(";", 0) = namespace and
@@ -185,14 +192,14 @@ predicate summaryModel(
   row.splitAt(";", 5) = ext and
   row.splitAt(";", 6) = input and
   row.splitAt(";", 7) = output and
-  row.splitAt(";", 8) = kind
+  exists(string k | row.splitAt(";", 8) = k and getKind(k, kind, generated))
 }
 
 /** Holds if `package` have CSV framework coverage. */
 private predicate packageHasCsvCoverage(string package) {
-  sourceModel(package, _, _, _, _, _, _, _) or
-  sinkModel(package, _, _, _, _, _, _, _) or
-  summaryModel(package, _, _, _, _, _, _, _, _)
+  sourceModel(package, _, _, _, _, _, _, _, _) or
+  sinkModel(package, _, _, _, _, _, _, _, _) or
+  summaryModel(package, _, _, _, _, _, _, _, _, _)
 }
 
 /**
@@ -234,25 +241,25 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int
     part = "source" and
     n =
       strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
-        string ext, string output |
+        string ext, string output, boolean generated |
         canonicalPackageHasASubpackage(package, subpkg) and
-        sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind)
+        sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind, generated)
       )
     or
     part = "sink" and
     n =
       strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
-        string ext, string input |
+        string ext, string input, boolean generated |
         canonicalPackageHasASubpackage(package, subpkg) and
-        sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind)
+        sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind, generated)
       )
     or
     part = "summary" and
     n =
       strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string output |
+        string ext, string input, string output, boolean generated |
         canonicalPackageHasASubpackage(package, subpkg) and
-        summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind)
+        summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind, generated)
       )
   )
 }
@@ -261,9 +268,9 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int
 module CsvValidation {
   private string getInvalidModelInput() {
     exists(string pred, AccessPath input, string part |
-      sinkModel(_, _, _, _, _, _, input, _) and pred = "sink"
+      sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink"
       or
-      summaryModel(_, _, _, _, _, _, input, _, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary"
     |
       (
         invalidSpecComponent(input, part) and
@@ -279,9 +286,9 @@ module CsvValidation {
 
   private string getInvalidModelOutput() {
     exists(string pred, string output, string part |
-      sourceModel(_, _, _, _, _, _, output, _) and pred = "source"
+      sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source"
       or
-      summaryModel(_, _, _, _, _, _, _, output, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary"
     |
       invalidSpecComponent(output, part) and
       not part = "" and
@@ -291,8 +298,9 @@ module CsvValidation {
   }
 
   private string getInvalidModelKind() {
-    exists(string row, string kind | summaryModel(row) |
-      kind = row.splitAt(";", 8) and
+    exists(string row, string k, string kind | summaryModel(row) |
+      k = row.splitAt(";", 8) and
+      getKind(k, kind, _) and
       not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
@@ -334,11 +342,11 @@ module CsvValidation {
 
   private string getInvalidModelSignature() {
     exists(string pred, string namespace, string type, string name, string signature, string ext |
-      sourceModel(namespace, type, _, name, signature, ext, _, _) and pred = "source"
+      sourceModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "source"
       or
-      sinkModel(namespace, type, _, name, signature, ext, _, _) and pred = "sink"
+      sinkModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "sink"
       or
-      summaryModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "summary"
+      summaryModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "summary"
     |
       not namespace.regexpMatch("[a-zA-Z0-9_\\./]*") and
       result = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
@@ -371,9 +379,9 @@ pragma[nomagic]
 private predicate elementSpec(
   string namespace, string type, boolean subtypes, string name, string signature, string ext
 ) {
-  sourceModel(namespace, type, subtypes, name, signature, ext, _, _) or
-  sinkModel(namespace, type, subtypes, name, signature, ext, _, _) or
-  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _)
+  sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
 }
 
 private string paramsStringPart(Function f, int i) {
@@ -421,7 +429,9 @@ SourceOrSinkElement interpretElement(
 predicate hasExternalSpecification(Function f) {
   f = any(SummarizedCallable sc).asFunction()
   or
-  exists(SourceOrSinkElement e | f = e.asEntity() | sourceElement(e, _, _) or sinkElement(e, _, _))
+  exists(SourceOrSinkElement e | f = e.asEntity() |
+    sourceElement(e, _, _, _) or sinkElement(e, _, _, _)
+  )
 }
 
 private predicate parseField(AccessPathToken c, DataFlow::FieldContent f) {
diff --git a/go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll b/go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll
index ecb6f542955..0c3dc8427b2 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll
@@ -1,11 +1,20 @@
 /**
- * Module for parsing access paths from CSV models, both the identifying access path used
+ * Module for parsing access paths from MaD models, both the identifying access path used
  * by dynamic languages, and the input/output specifications for summary steps.
  *
  * This file is used by the shared data flow library and by the JavaScript libraries
  * (which does not use the shared data flow libraries).
  */
 
+/**
+ * Convenience-predicate for extracting two capture groups at once.
+ */
+bindingset[input, regexp]
+private predicate regexpCaptureTwo(string input, string regexp, string capture1, string capture2) {
+  capture1 = input.regexpCapture(regexp, 1) and
+  capture2 = input.regexpCapture(regexp, 2)
+}
+
 /** Companion module to the `AccessPath` class. */
 module AccessPath {
   /** A string that should be parsed as an access path. */
@@ -13,6 +22,93 @@ module AccessPath {
     bindingset[this]
     Range() { any() }
   }
+
+  /**
+   * Parses an integer constant `n` or interval `n1..n2` (inclusive) and gets the value
+   * of the constant or any value contained in the interval.
+   */
+  bindingset[arg]
+  int parseInt(string arg) {
+    result = arg.toInt()
+    or
+    // Match "n1..n2"
+    exists(string lo, string hi |
+      regexpCaptureTwo(arg, "(-?\\d+)\\.\\.(-?\\d+)", lo, hi) and
+      result = [lo.toInt() .. hi.toInt()]
+    )
+  }
+
+  /**
+   * Parses a lower-bounded interval `n..` and gets the lower bound.
+   */
+  bindingset[arg]
+  int parseLowerBound(string arg) { result = arg.regexpCapture("(-?\\d+)\\.\\.", 1).toInt() }
+
+  /**
+   * Parses an integer constant or interval (bounded or unbounded) that explicitly
+   * references the arity, such as `N-1` or `N-3..N-1`.
+   *
+   * Note that expressions of form `N-x` will never resolve to a negative index,
+   * even if `N` is zero (it will have no result in that case).
+   */
+  bindingset[arg, arity]
+  private int parseIntWithExplicitArity(string arg, int arity) {
+    result >= 0 and // do not allow N-1 to resolve to a negative index
+    exists(string lo |
+      // N-x
+      lo = arg.regexpCapture("N-(\\d+)", 1) and
+      result = arity - lo.toInt()
+      or
+      // N-x..
+      lo = arg.regexpCapture("N-(\\d+)\\.\\.", 1) and
+      result = [arity - lo.toInt(), arity - 1]
+    )
+    or
+    exists(string lo, string hi |
+      // x..N-y
+      regexpCaptureTwo(arg, "(-?\\d+)\\.\\.N-(\\d+)", lo, hi) and
+      result = [lo.toInt() .. arity - hi.toInt()]
+      or
+      // N-x..N-y
+      regexpCaptureTwo(arg, "N-(\\d+)\\.\\.N-(\\d+)", lo, hi) and
+      result = [arity - lo.toInt() .. arity - hi.toInt()] and
+      result >= 0
+      or
+      // N-x..y
+      regexpCaptureTwo(arg, "N-(\\d+)\\.\\.(\\d+)", lo, hi) and
+      result = [arity - lo.toInt() .. hi.toInt()] and
+      result >= 0
+    )
+  }
+
+  /**
+   * Parses an integer constant or interval (bounded or unbounded) and gets any
+   * of the integers contained within (of which there may be infinitely many).
+   *
+   * Has no result for arguments involving an explicit arity, such as `N-1`.
+   */
+  bindingset[arg, result]
+  int parseIntUnbounded(string arg) {
+    result = parseInt(arg)
+    or
+    result >= parseLowerBound(arg)
+  }
+
+  /**
+   * Parses an integer constant or interval (bounded or unbounded) that
+   * may reference the arity of a call, such as `N-1` or `N-3..N-1`.
+   *
+   * Note that expressions of form `N-x` will never resolve to a negative index,
+   * even if `N` is zero (it will have no result in that case).
+   */
+  bindingset[arg, arity]
+  int parseIntWithArity(string arg, int arity) {
+    result = parseInt(arg)
+    or
+    result in [parseLowerBound(arg) .. arity - 1]
+    or
+    result = parseIntWithExplicitArity(arg, arity)
+  }
 }
 
 /** Gets the `n`th token on the access path as a string. */
@@ -53,7 +149,7 @@ class AccessPath extends string instanceof AccessPath::Range {
  * An access part token such as `Argument[1]` or `ReturnValue`, appearing in one or more access paths.
  */
 class AccessPathToken extends string {
-  AccessPathToken() { this = getRawToken(any(AccessPath path), _) }
+  AccessPathToken() { this = getRawToken(_, _) }
 
   private string getPart(int part) {
     result = this.regexpCapture("([^\\[]+)(?:\\[([^\\]]*)\\])?", part)
@@ -71,9 +167,16 @@ class AccessPathToken extends string {
   /** Gets the `n`th argument to this token, such as `x` or `y` from `Member[x,y]`. */
   string getArgument(int n) { result = this.getArgumentList().splitAt(",", n).trim() }
 
+  /** Gets the `n`th argument to this `name` token, such as `x` or `y` from `Member[x,y]`. */
+  pragma[nomagic]
+  string getArgument(string name, int n) { name = this.getName() and result = this.getArgument(n) }
+
   /** Gets an argument to this token, such as `x` or `y` from `Member[x,y]`. */
   string getAnArgument() { result = this.getArgument(_) }
 
+  /** Gets an argument to this `name` token, such as `x` or `y` from `Member[x,y]`. */
+  string getAnArgument(string name) { result = this.getArgument(name, _) }
+
   /** Gets the number of arguments to this token, such as 2 for `Member[x,y]` or zero for `ReturnValue`. */
   int getNumArgument() { result = count(int n | exists(this.getArgument(n))) }
 }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
index 019d2831e5d..8f10eee1aab 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
@@ -108,3 +108,21 @@ predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable f) { non
  * restricted to those `call`s for which a context might make a difference.
  */
 DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() }
+
+private int parameterPosition() {
+  result = [-1 .. any(DataFlowCallable c).getType().getNumParameter()]
+}
+
+/** A parameter position represented by an integer. */
+class ParameterPosition extends int {
+  ParameterPosition() { this = parameterPosition() }
+}
+
+/** An argument position represented by an integer. */
+class ArgumentPosition extends int {
+  ArgumentPosition() { this = parameterPosition() }
+}
+
+/** Holds if arguments at position `apos` match parameters at position `ppos`. */
+pragma[inline]
+predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll
index bf150f191ed..1228d00b6ba 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll
@@ -54,12 +54,23 @@ abstract class Configuration extends string {
   /**
    * Holds if `source` is a relevant data flow source.
    */
-  abstract predicate isSource(Node source);
+  predicate isSource(Node source) { none() }
+
+  /**
+   * Holds if `source` is a relevant data flow source with the given initial
+   * `state`.
+   */
+  predicate isSource(Node source, FlowState state) { none() }
 
   /**
    * Holds if `sink` is a relevant data flow sink.
    */
-  abstract predicate isSink(Node sink);
+  predicate isSink(Node sink) { none() }
+
+  /**
+   * Holds if `sink` is a relevant data flow sink accepting `state`.
+   */
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -67,6 +78,12 @@ abstract class Configuration extends string {
    */
   predicate isBarrier(Node node) { none() }
 
+  /**
+   * Holds if data flow through `node` is prohibited when the flow state is
+   * `state`.
+   */
+  predicate isBarrier(Node node, FlowState state) { none() }
+
   /** Holds if data flow into `node` is prohibited. */
   predicate isBarrierIn(Node node) { none() }
 
@@ -81,16 +98,31 @@ abstract class Configuration extends string {
   deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
 
   /**
-   * Holds if the additional flow step from `node1` to `node2` must be taken
-   * into account in the analysis.
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited when
+   * the flow state is `state`
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+
+  /**
+   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
    */
   predicate isAdditionalFlowStep(Node node1, Node node2) { none() }
 
+  /**
+   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
+   * This step is only applicable in `state1` and updates the flow state to `state2`.
+   */
+  predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) {
+    none()
+  }
+
   /**
    * Holds if an arbitrary number of implicit read steps of content `c` may be
    * taken at `node`.
    */
-  predicate allowImplicitRead(Node node, Content c) { none() }
+  predicate allowImplicitRead(Node node, ContentSet c) { none() }
 
   /**
    * Gets the virtual dispatch branching limit when calculating field flow.
@@ -115,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -126,12 +164,14 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
    */
-  predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
+  predicate hasFlowTo(Node sink) {
+    sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode()
+  }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -144,6 +184,14 @@ abstract class Configuration extends string {
    */
   int explorationLimit() { none() }
 
+  /**
+   * Holds if hidden nodes should be included in the data flow graph.
+   *
+   * This feature should only be used for debugging or when the data flow graph
+   * is not visualized (for example in a `path-problem` query).
+   */
+  predicate includeHiddenNodes() { none() }
+
   /**
    * Holds if there is a partial data flow path from `source` to `node`. The
    * approximate distance between `node` and the closest source is `dist` and
@@ -201,10 +249,16 @@ abstract private class ConfigurationRecursionPrevention extends Configuration {
   override predicate hasFlow(Node source, Node sink) {
     strictcount(Node n | this.isSource(n)) < 0
     or
+    strictcount(Node n | this.isSource(n, _)) < 0
+    or
     strictcount(Node n | this.isSink(n)) < 0
     or
+    strictcount(Node n | this.isSink(n, _)) < 0
+    or
     strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, n2)) < 0
     or
+    strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, _, n2, _)) < 0
+    or
     super.hasFlow(source, sink)
   }
 }
@@ -260,13 +314,11 @@ private class ArgNodeEx extends NodeEx {
 private class ParamNodeEx extends NodeEx {
   ParamNodeEx() { this.asNode() instanceof ParamNode }
 
-  predicate isParameterOf(DataFlowCallable c, int i) {
-    this.asNode().(ParamNode).isParameterOf(c, i)
+  predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
+    this.asNode().(ParamNode).isParameterOf(c, pos)
   }
 
-  int getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
+  ParameterPosition getPosition() { this.isParameterOf(_, result) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -280,22 +332,26 @@ private class RetNodeEx extends NodeEx {
 private predicate inBarrier(NodeEx node, Configuration config) {
   exists(Node n |
     node.asNode() = n and
-    config.isBarrierIn(n) and
-    config.isSource(n)
+    config.isBarrierIn(n)
+  |
+    config.isSource(n) or config.isSource(n, _)
   )
 }
 
 private predicate outBarrier(NodeEx node, Configuration config) {
   exists(Node n |
     node.asNode() = n and
-    config.isBarrierOut(n) and
-    config.isSink(n)
+    config.isBarrierOut(n)
+  |
+    config.isSink(n) or config.isSink(n, _)
   )
 }
 
 /** A bridge class to access the deprecated `isBarrierGuard`. */
 private class BarrierGuardGuardedNodeBridge extends Unit {
   abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
 }
 
 private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
@@ -305,6 +361,13 @@ private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
       n = g.getAGuardedNode()
     )
   }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
 }
 
 pragma[nomagic]
@@ -313,23 +376,47 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
     config.isBarrier(n)
     or
     config.isBarrierIn(n) and
-    not config.isSource(n)
+    not config.isSource(n) and
+    not config.isSource(n, _)
     or
     config.isBarrierOut(n) and
-    not config.isSink(n)
+    not config.isSink(n) and
+    not config.isSink(n, _)
     or
     any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
   )
 }
 
 pragma[nomagic]
-private predicate sourceNode(NodeEx node, Configuration config) {
-  config.isSource(node.asNode()) and
-  not fullBarrier(node, config)
+private predicate stateBarrier(NodeEx node, FlowState state, Configuration config) {
+  exists(Node n | node.asNode() = n |
+    config.isBarrier(n, state)
+    or
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+  )
 }
 
 pragma[nomagic]
-private predicate sinkNode(NodeEx node, Configuration config) { config.isSink(node.asNode()) }
+private predicate sourceNode(NodeEx node, FlowState state, Configuration config) {
+  (
+    config.isSource(node.asNode()) and state instanceof FlowStateEmpty
+    or
+    config.isSource(node.asNode(), state)
+  ) and
+  not fullBarrier(node, config) and
+  not stateBarrier(node, state, config)
+}
+
+pragma[nomagic]
+private predicate sinkNode(NodeEx node, FlowState state, Configuration config) {
+  (
+    config.isSink(node.asNode()) and state instanceof FlowStateEmpty
+    or
+    config.isSink(node.asNode(), state)
+  ) and
+  not fullBarrier(node, config) and
+  not stateBarrier(node, state, config)
+}
 
 /** Provides the relevant barriers for a step from `node1` to `node2`. */
 pragma[inline]
@@ -366,8 +453,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    pragma[only_bind_into](config)
-        .isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -380,6 +466,20 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   )
 }
 
+private predicate additionalLocalStateStep(
+  NodeEx node1, FlowState s1, NodeEx node2, FlowState s2, Configuration config
+) {
+  exists(Node n1, Node n2 |
+    node1.asNode() = n1 and
+    node2.asNode() = n2 and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
+    stepFilter(node1, node2, config) and
+    not stateBarrier(node1, s1, config) and
+    not stateBarrier(node2, s2, config)
+  )
+}
+
 /**
  * Holds if data can flow from `node1` to `node2` in a way that discards call contexts.
  */
@@ -400,21 +500,32 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    pragma[only_bind_into](config)
-        .isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
 }
 
-private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration config) {
+private predicate additionalJumpStateStep(
+  NodeEx node1, FlowState s1, NodeEx node2, FlowState s2, Configuration config
+) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    read(pragma[only_bind_into](n1), c, pragma[only_bind_into](n2)) and
-    stepFilter(node1, node2, config)
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
+    stepFilter(node1, node2, config) and
+    not stateBarrier(node1, s1, config) and
+    not stateBarrier(node2, s2, config) and
+    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
+}
+
+pragma[nomagic]
+private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  stepFilter(node1, node2, config)
   or
   exists(Node n |
     node2.isImplicitReadNode(n, true) and
@@ -423,16 +534,47 @@ private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration conf
   )
 }
 
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration config) {
+  exists(ContentSet cs |
+    readSet(node1, cs, node2, config) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate clearsContentEx(NodeEx n, Content c) {
+  exists(ContentSet cs |
+    clearsContentCached(n.asNode(), cs) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate expectsContentEx(NodeEx n, Content c) {
+  exists(ContentSet cs |
+    expectsContentCached(n.asNode(), cs) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+pragma[nomagic]
+private predicate notExpectsContent(NodeEx n) { not expectsContentCached(n.asNode(), _) }
+
+pragma[nomagic]
+private predicate hasReadStep(Content c, Configuration config) { read(_, c, _, config) }
+
+pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  exists(Node n1, Node n2 |
-    node1.asNode() = n1 and
-    node2.asNode() = n2 and
-    store(pragma[only_bind_into](n1), tc, pragma[only_bind_into](n2), contentType) and
-    read(_, tc.getContent(), _, config) and
-    stepFilter(node1, node2, config)
-  )
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
+  hasReadStep(tc.getContent(), config) and
+  stepFilter(node1, node2, config)
 }
 
 pragma[nomagic]
@@ -464,14 +606,29 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
-private module Stage1 {
-  class ApApprox = Unit;
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
 
-  class Ap = Unit;
+private module Stage1 implements StageSig {
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
-  class ApOption = Unit;
-
-  class Cc = boolean;
+  private class Cc = boolean;
 
   /* Begin: Stage 1 logic. */
   /**
@@ -480,30 +637,20 @@ private module Stage1 {
    * The Boolean `cc` records whether the node is reached through an
    * argument in a call.
    */
-  predicate fwdFlow(NodeEx node, Cc cc, Configuration config) {
-    sourceNode(node, config) and
+  private predicate fwdFlow(NodeEx node, Cc cc, Configuration config) {
+    sourceNode(node, _, config) and
     if hasSourceCallCtx(config) then cc = true else cc = false
     or
-    exists(NodeEx mid |
-      fwdFlow(mid, cc, config) and
-      localFlowStep(mid, node, config)
+    exists(NodeEx mid | fwdFlow(mid, cc, config) |
+      localFlowStep(mid, node, config) or
+      additionalLocalFlowStep(mid, node, config) or
+      additionalLocalStateStep(mid, _, node, _, config)
     )
     or
-    exists(NodeEx mid |
-      fwdFlow(mid, cc, config) and
-      additionalLocalFlowStep(mid, node, config)
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, config) and
-      jumpStep(mid, node, config) and
-      cc = false
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, config) and
-      additionalJumpStep(mid, node, config) and
-      cc = false
+    exists(NodeEx mid | fwdFlow(mid, _, config) and cc = false |
+      jumpStep(mid, node, config) or
+      additionalJumpStep(mid, node, config) or
+      additionalJumpStateStep(mid, _, node, _, config)
     )
     or
     // store
@@ -514,9 +661,9 @@ private module Stage1 {
     )
     or
     // read
-    exists(Content c |
-      fwdFlowRead(c, node, cc, config) and
-      fwdFlowConsCand(c, config)
+    exists(ContentSet c |
+      fwdFlowReadSet(c, node, cc, config) and
+      fwdFlowConsCandSet(c, _, config)
     )
     or
     // flow into a callable
@@ -540,10 +687,10 @@ private module Stage1 {
   private predicate fwdFlow(NodeEx node, Configuration config) { fwdFlow(node, _, config) }
 
   pragma[nomagic]
-  private predicate fwdFlowRead(Content c, NodeEx node, Cc cc, Configuration config) {
+  private predicate fwdFlowReadSet(ContentSet c, NodeEx node, Cc cc, Configuration config) {
     exists(NodeEx mid |
       fwdFlow(mid, cc, config) and
-      read(mid, c, node, config)
+      readSet(mid, c, node, config)
     )
   }
 
@@ -561,6 +708,16 @@ private module Stage1 {
     )
   }
 
+  /**
+   * Holds if `cs` may be interpreted in a read as the target of some store
+   * into `c`, in the flow covered by `fwdFlow`.
+   */
+  pragma[nomagic]
+  private predicate fwdFlowConsCandSet(ContentSet cs, Content c, Configuration config) {
+    fwdFlowConsCand(c, config) and
+    c = cs.getAReadContent()
+  }
+
   pragma[nomagic]
   private predicate fwdFlowReturnPosition(ReturnPosition pos, Cc cc, Configuration config) {
     exists(RetNodeEx ret |
@@ -594,6 +751,24 @@ private module Stage1 {
     )
   }
 
+  private predicate stateStepFwd(FlowState state1, FlowState state2, Configuration config) {
+    exists(NodeEx node1 |
+      additionalLocalStateStep(node1, state1, _, state2, config) or
+      additionalJumpStateStep(node1, state1, _, state2, config)
+    |
+      fwdFlow(node1, config)
+    )
+  }
+
+  private predicate fwdFlowState(FlowState state, Configuration config) {
+    sourceNode(_, state, config)
+    or
+    exists(FlowState state0 |
+      fwdFlowState(state0, config) and
+      stateStepFwd(state0, state, config)
+    )
+  }
+
   /**
    * Holds if `node` is part of a path from a source to a sink in the
    * configuration `config`.
@@ -602,37 +777,30 @@ private module Stage1 {
    * the enclosing callable in order to reach a sink.
    */
   pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, Configuration config) {
+  private predicate revFlow(NodeEx node, boolean toReturn, Configuration config) {
     revFlow0(node, toReturn, config) and
     fwdFlow(node, config)
   }
 
   pragma[nomagic]
   private predicate revFlow0(NodeEx node, boolean toReturn, Configuration config) {
-    fwdFlow(node, config) and
-    sinkNode(node, config) and
-    if hasSinkCallCtx(config) then toReturn = true else toReturn = false
-    or
-    exists(NodeEx mid |
-      localFlowStep(node, mid, config) and
-      revFlow(mid, toReturn, config)
+    exists(FlowState state |
+      fwdFlow(node, pragma[only_bind_into](config)) and
+      sinkNode(node, state, config) and
+      fwdFlowState(state, pragma[only_bind_into](config)) and
+      if hasSinkCallCtx(config) then toReturn = true else toReturn = false
     )
     or
-    exists(NodeEx mid |
-      additionalLocalFlowStep(node, mid, config) and
-      revFlow(mid, toReturn, config)
+    exists(NodeEx mid | revFlow(mid, toReturn, config) |
+      localFlowStep(node, mid, config) or
+      additionalLocalFlowStep(node, mid, config) or
+      additionalLocalStateStep(node, _, mid, _, config)
     )
     or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, config) and
-      toReturn = false
-    )
-    or
-    exists(NodeEx mid |
-      additionalJumpStep(node, mid, config) and
-      revFlow(mid, _, config) and
-      toReturn = false
+    exists(NodeEx mid | revFlow(mid, _, config) and toReturn = false |
+      jumpStep(node, mid, config) or
+      additionalJumpStep(node, mid, config) or
+      additionalJumpStateStep(node, _, mid, _, config)
     )
     or
     // store
@@ -642,9 +810,9 @@ private module Stage1 {
     )
     or
     // read
-    exists(NodeEx mid, Content c |
-      read(node, c, mid, config) and
-      fwdFlowConsCand(c, pragma[only_bind_into](config)) and
+    exists(NodeEx mid, ContentSet c |
+      readSet(node, c, mid, config) and
+      fwdFlowConsCandSet(c, _, pragma[only_bind_into](config)) and
       revFlow(mid, toReturn, pragma[only_bind_into](config))
     )
     or
@@ -670,10 +838,10 @@ private module Stage1 {
    */
   pragma[nomagic]
   private predicate revFlowConsCand(Content c, Configuration config) {
-    exists(NodeEx mid, NodeEx node |
+    exists(NodeEx mid, NodeEx node, ContentSet cs |
       fwdFlow(node, pragma[only_bind_into](config)) and
-      read(node, c, mid, config) and
-      fwdFlowConsCand(c, pragma[only_bind_into](config)) and
+      readSet(node, cs, mid, config) and
+      fwdFlowConsCandSet(cs, c, pragma[only_bind_into](config)) and
       revFlow(pragma[only_bind_into](mid), _, pragma[only_bind_into](config))
     )
   }
@@ -692,13 +860,14 @@ private module Stage1 {
    * Holds if `c` is the target of both a read and a store in the flow covered
    * by `revFlow`.
    */
-  private predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  pragma[nomagic]
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
     revFlowConsCand(c, conf) and
     revFlowStore(c, _, _, conf)
   }
 
   pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
     DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
   ) {
     fwdFlowReturnPosition(pos, _, config) and
@@ -714,7 +883,7 @@ private module Stage1 {
   }
 
   pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
     DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
   ) {
     viableParamArgEx(call, p, arg) and
@@ -749,6 +918,31 @@ private module Stage1 {
     )
   }
 
+  private predicate stateStepRev(FlowState state1, FlowState state2, Configuration config) {
+    exists(NodeEx node1, NodeEx node2 |
+      additionalLocalStateStep(node1, state1, node2, state2, config) or
+      additionalJumpStateStep(node1, state1, node2, state2, config)
+    |
+      revFlow(node1, _, pragma[only_bind_into](config)) and
+      revFlow(node2, _, pragma[only_bind_into](config)) and
+      fwdFlowState(state1, pragma[only_bind_into](config)) and
+      fwdFlowState(state2, pragma[only_bind_into](config))
+    )
+  }
+
+  additional predicate revFlowState(FlowState state, Configuration config) {
+    exists(NodeEx node |
+      sinkNode(node, state, config) and
+      revFlow(node, _, pragma[only_bind_into](config)) and
+      fwdFlowState(state, pragma[only_bind_into](config))
+    )
+    or
+    exists(FlowState state0 |
+      revFlowState(state0, config) and
+      stateStepRev(state, state0, config)
+    )
+  }
+
   pragma[nomagic]
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -766,15 +960,24 @@ private module Stage1 {
   pragma[nomagic]
   predicate readStepCand(NodeEx n1, Content c, NodeEx n2, Configuration config) {
     revFlowIsReadAndStored(c, pragma[only_bind_into](config)) and
-    revFlow(n2, pragma[only_bind_into](config)) and
-    read(n1, c, n2, pragma[only_bind_into](config))
+    read(n1, c, n2, pragma[only_bind_into](config)) and
+    revFlow(n2, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow(node, toReturn, config) and exists(returnAp) and exists(ap)
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
+  bindingset[node, state, config]
+  predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    revFlow(node, _, pragma[only_bind_into](config)) and
+    exists(state) and
+    exists(ap)
   }
 
   private predicate throughFlowNodeCand(NodeEx node, Configuration config) {
@@ -801,21 +1004,26 @@ private module Stage1 {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -825,17 +1033,21 @@ private module Stage1 {
     )
   }
 
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
+  additional predicate stats(
+    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
+  ) {
     fwd = true and
     nodes = count(NodeEx node | fwdFlow(node, config)) and
     fields = count(Content f0 | fwdFlowConsCand(f0, config)) and
     conscand = -1 and
+    states = count(FlowState state | fwdFlowState(state, config)) and
     tuples = count(NodeEx n, boolean b | fwdFlow(n, b, config))
     or
     fwd = false and
     nodes = count(NodeEx node | revFlow(node, _, config)) and
     fields = count(Content f0 | revFlowConsCand(f0, config)) and
     conscand = -1 and
+    states = count(FlowState state | revFlowState(state, config)) and
     tuples = count(NodeEx n, boolean b | revFlow(n, b, config))
   }
   /* End: Stage 1 logic. */
@@ -868,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -903,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -915,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -931,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -952,575 +1171,979 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
   )
 }
 
-private module Stage2 {
-  module PrevStage = Stage1;
+private signature module StageSig {
+  class Ap;
 
+  predicate revFlow(NodeEx node, Configuration config);
+
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
+  bindingset[node, state, config]
+  predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
+
+  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
+
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
+
+  predicate storeStepCand(
+    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
+    Configuration config
+  );
+
+  predicate readStepCand(NodeEx n1, Content c, NodeEx n2, Configuration config);
+}
+
+private module MkStage<StageSig PrevStage> {
   class ApApprox = PrevStage::Ap;
 
-  class Ap = boolean;
+  signature module StageParam {
+    class Ap;
 
-  class ApNil extends Ap {
-    ApNil() { this = false }
+    class ApNil extends Ap;
+
+    bindingset[result, ap]
+    ApApprox getApprox(Ap ap);
+
+    ApNil getApNil(NodeEx node);
+
+    bindingset[tc, tail]
+    Ap apCons(TypedContent tc, Ap tail);
+
+    Content getHeadContent(Ap ap);
+
+    class ApOption;
+
+    ApOption apNone();
+
+    ApOption apSome(Ap ap);
+
+    class Cc;
+
+    class CcCall extends Cc;
+
+    // TODO: member predicate on CcCall
+    predicate matchesCall(CcCall cc, DataFlowCall call);
+
+    class CcNoCall extends Cc;
+
+    Cc ccNone();
+
+    CcCall ccSomeCall();
+
+    class LocalCc;
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc);
+
+    bindingset[call, c, innercc]
+    CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc);
+
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc);
+
+    bindingset[node1, state1, config]
+    bindingset[node2, state2, config]
+    predicate localStep(
+      NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+      ApNil ap, Configuration config, LocalCc lcc
+    );
+
+    predicate flowOutOfCall(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
+    );
+
+    predicate flowIntoCall(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+    );
+
+    bindingset[node, state, ap, config]
+    predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config);
+
+    bindingset[ap, contentType]
+    predicate typecheckStore(Ap ap, DataFlowType contentType);
   }
 
-  bindingset[result, ap]
-  private ApApprox getApprox(Ap ap) { any() }
+  module Stage<StageParam Param> implements StageSig {
+    import Param
 
-  private ApNil getApNil(NodeEx node) { PrevStage::revFlow(node, _) and exists(result) }
+    /* Begin: Stage logic. */
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
 
-  bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result = true and exists(tc) and exists(tail) }
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
 
-  pragma[inline]
-  private Content getHeadContent(Ap ap) { exists(result) and ap = true }
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
 
-  class ApOption = BooleanOption;
+    pragma[nomagic]
+    private predicate flowThroughOutOfCall(
+      DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
+      ApApprox argApa, ApApprox apa, Configuration config
+    ) {
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
+    }
 
-  ApOption apNone() { result = TBooleanNone() }
+    /**
+     * Holds if `node` is reachable with access path `ap` from a source in the
+     * configuration `config`.
+     *
+     * The call context `cc` records whether the node is reached through an
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
+     */
+    pragma[nomagic]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
+    ) {
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
+      filter(node, state, ap, config)
+    }
 
-  ApOption apSome(Ap ap) { result = TBooleanSome(ap) }
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
 
+    pragma[nomagic]
+    private predicate fwdFlow0(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
+    ) {
+      sourceNode(node, state, config) and
+      (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
+      argAp = apNone() and
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
+      or
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
+        localCc = getLocalCc(mid, cc)
+      |
+        localStep(mid, state0, node, state, true, _, config, localCc) and
+        ap = ap0 and
+        apa = apa0
+        or
+        localStep(mid, state0, node, state, false, ap, config, localCc) and
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
+      )
+      or
+      exists(NodeEx mid |
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
+        jumpStep(mid, node, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone()
+      )
+      or
+      exists(NodeEx mid, ApNil nil |
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
+        additionalJumpStep(mid, node, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone() and
+        ap = getApNil(node) and
+        apa = getApprox(ap)
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
+        additionalJumpStateStep(mid, state0, node, state, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone() and
+        ap = getApNil(node) and
+        apa = getApprox(ap)
+      )
+      or
+      // store
+      exists(TypedContent tc, Ap ap0 |
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
+      )
+      or
+      // read
+      exists(Ap ap0, Content c |
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
+      )
+      or
+      // flow into a callable
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
+      )
+      or
+      // flow out of a callable
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+      or
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowStore(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
+        typecheckStore(ap1, contentType)
+      )
+    }
+
+    /**
+     * Holds if forward flow with access path `tail` reaches a store of `c`
+     * resulting in access path `cons`.
+     */
+    pragma[nomagic]
+    private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
+      exists(TypedContent tc |
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
+        tc.getContent() = c and
+        cons = apCons(tc, tail)
+      )
+    }
+
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
+      Configuration config
+    ) {
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, c, node2, config) and
+      getHeadContent(ap) = c
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowIn(
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
+    ) {
+      exists(ArgNodeEx arg, boolean allowsFieldFlow |
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
+    ) {
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
+      )
+    }
+
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
+    }
+
+    /**
+     * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
+     * and data might flow through the target callable and back out at `call`.
+     */
+    pragma[nomagic]
+    private predicate fwdFlowIsEntered(
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
+      )
+    }
+
+    pragma[nomagic]
+    private predicate storeStepFwd(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
+    ) {
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
+      ap2 = apCons(tc, ap1) and
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
+    }
+
+    private predicate readStepFwd(
+      NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
+    ) {
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
+      fwdFlowConsCand(ap1, c, ap2, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowThroughIntoCall(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
+    ) {
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
+    }
+
+    /**
+     * Holds if `node` with access path `ap` is part of a path from a source to a
+     * sink in the configuration `config`.
+     *
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
+     */
+    pragma[nomagic]
+    additional predicate revFlow(
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
+    ) {
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
+    }
+
+    pragma[nomagic]
+    private predicate revFlow0(
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, _, _, _, ap, config) and
+      sinkNode(node, state, config) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
+      returnAp = apNone() and
+      ap instanceof ApNil
+      or
+      exists(NodeEx mid, FlowState state0 |
+        localStep(node, state, mid, state0, true, _, config, _) and
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
+        localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
+        ap instanceof ApNil
+      )
+      or
+      exists(NodeEx mid |
+        jumpStep(node, mid, config) and
+        revFlow(mid, state, _, _, ap, config) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone()
+      )
+      or
+      exists(NodeEx mid, ApNil nil |
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
+        additionalJumpStep(node, mid, config) and
+        revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone() and
+        ap instanceof ApNil
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
+        additionalJumpStateStep(node, state, mid, state0, config) and
+        revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
+          pragma[only_bind_into](config)) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone() and
+        ap instanceof ApNil
+      )
+      or
+      // store
+      exists(Ap ap0, Content c |
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
+        revFlowConsCand(ap0, c, ap, config)
+      )
+      or
+      // read
+      exists(NodeEx mid, Ap ap0 |
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
+        readStepFwd(node, ap, _, mid, ap0, config)
+      )
+      or
+      // flow into a callable
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
+      or
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
+      )
+      or
+      // flow out of a callable
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowStore(
+      Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
+    ) {
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
+      storeStepFwd(node, ap, tc, mid, ap0, config) and
+      tc.getContent() = c
+    }
+
+    /**
+     * Holds if reverse flow with access path `tail` reaches a read of `c`
+     * resulting in access path `cons`.
+     */
+    pragma[nomagic]
+    private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
+      exists(NodeEx mid, Ap tail0 |
+        revFlow(mid, _, _, _, tail, config) and
+        tail = pragma[only_bind_into](tail0) and
+        readStepFwd(_, cons, c, mid, tail0, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowOut(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
+    ) {
+      exists(NodeEx out, boolean allowsFieldFlow |
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
+    ) {
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
+    ) {
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
+    }
+
+    /**
+     * Holds if an output from `call` is reached in the flow covered by `revFlow`
+     * and data might flow through the target callable resulting in reverse flow
+     * reaching an argument of `call`.
+     */
+    pragma[nomagic]
+    private predicate revFlowIsReturned(
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
+    ) {
+      exists(RetNodeEx ret, FlowState state, CcCall ccc |
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
+        matchesCall(ccc, call)
+      )
+    }
+
+    pragma[nomagic]
+    predicate storeStepCand(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
+      Configuration config
+    ) {
+      exists(Ap ap2, Content c |
+        PrevStage::storeStepCand(node1, _, tc, node2, contentType, config) and
+        revFlowStore(ap2, c, ap1, node1, _, tc, node2, _, _, config) and
+        revFlowConsCand(ap2, c, ap1, config)
+      )
+    }
+
+    predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
+      exists(Ap ap1, Ap ap2 |
+        revFlow(node2, _, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
+        readStepFwd(node1, ap1, c, node2, ap2, config) and
+        revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _, _,
+          pragma[only_bind_into](config))
+      )
+    }
+
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+      revFlow(node, state, _, _, _, config)
+    }
+
+    predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
+      revFlow(node, state, _, _, ap, config)
+    }
+
+    pragma[nomagic]
+    predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }
+
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+      revFlow(node, state, ap, config)
+    }
+
+    private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
+      storeStepFwd(_, ap, tc, _, _, config)
+    }
+
+    private predicate revConsCand(TypedContent tc, Ap ap, Configuration config) {
+      storeStepCand(_, ap, tc, _, _, config)
+    }
+
+    private predicate validAp(Ap ap, Configuration config) {
+      revFlow(_, _, _, _, ap, config) and ap instanceof ApNil
+      or
+      exists(TypedContent head, Ap tail |
+        consCand(head, tail, config) and
+        ap = apCons(head, tail)
+      )
+    }
+
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+      revConsCand(tc, ap, config) and
+      validAp(ap, config)
+    }
+
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
+    ) {
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
+    }
+
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
+      )
+    }
+
+    additional predicate stats(
+      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
+    ) {
+      fwd = true and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
+      fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
+      conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
+      tuples =
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
+        )
+      or
+      fwd = false and
+      nodes = count(NodeEx node | revFlow(node, _, _, _, _, config)) and
+      fields = count(TypedContent f0 | consCand(f0, _, config)) and
+      conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
+      states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
+      tuples =
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
+        )
+    }
+    /* End: Stage logic. */
+  }
+}
+
+private module BooleanCallContext {
+  class Cc extends boolean {
+    Cc() { this in [true, false] }
+  }
+
+  class CcCall extends Cc {
+    CcCall() { this = true }
+  }
+
+  /** Holds if the call context may be `call`. */
+  predicate matchesCall(CcCall cc, DataFlowCall call) { any() }
+
+  class CcNoCall extends Cc {
+    CcNoCall() { this = false }
+  }
+
+  Cc ccNone() { result = false }
+
+  CcCall ccSomeCall() { result = true }
+
+  class LocalCc = Unit;
+
+  bindingset[node, cc]
+  LocalCc getLocalCc(NodeEx node, Cc cc) { any() }
+
+  bindingset[call, c, outercc]
+  CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) { any() }
+
+  bindingset[call, c, innercc]
+  CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) { any() }
+}
+
+private module Level1CallContext {
   class Cc = CallContext;
 
   class CcCall = CallContextCall;
 
+  pragma[inline]
+  predicate matchesCall(CcCall cc, DataFlowCall call) { cc.matchesCall(call) }
+
   class CcNoCall = CallContextNoCall;
 
   Cc ccNone() { result instanceof CallContextAny }
 
   CcCall ccSomeCall() { result instanceof CallContextSomeCall }
 
-  private class LocalCc = Unit;
+  module NoLocalCallContext {
+    class LocalCc = Unit;
 
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
-    checkCallContextCall(outercc, call, c) and
-    if recordDataFlowCallSiteDispatch(call, c)
-    then result = TSpecificCall(call)
-    else result = TSomeCall()
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc) { any() }
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
+      checkCallContextCall(outercc, call, c) and
+      if recordDataFlowCallSiteDispatch(call, c)
+      then result = TSpecificCall(call)
+      else result = TSomeCall()
+    }
+  }
+
+  module LocalCallContext {
+    class LocalCc = LocalCallContext;
+
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc) {
+      result =
+        getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
+          node.getEnclosingCallable())
+    }
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
+      checkCallContextCall(outercc, call, c) and
+      if recordDataFlowCallSite(call, c) then result = TSpecificCall(call) else result = TSomeCall()
+    }
   }
 
   bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
+  CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
     checkCallContextReturn(innercc, c, call) and
     if reducedViableImplInReturn(c, call) then result = TReturn(c, call) else result = ccNone()
   }
+}
 
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) { any() }
+private module Stage2Param implements MkStage<Stage1>::StageParam {
+  private module PrevStage = Stage1;
 
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
+  class Ap extends boolean {
+    Ap() { this in [true, false] }
+  }
+
+  class ApNil extends Ap {
+    ApNil() { this = false }
+  }
+
+  bindingset[result, ap]
+  PrevStage::Ap getApprox(Ap ap) { any() }
+
+  ApNil getApNil(NodeEx node) { Stage1::revFlow(node, _) and exists(result) }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result = true and exists(tc) and exists(tail) }
+
+  pragma[inline]
+  Content getHeadContent(Ap ap) { exists(result) and ap = true }
+
+  class ApOption = BooleanOption;
+
+  ApOption apNone() { result = TBooleanNone() }
+
+  ApOption apSome(Ap ap) { result = TBooleanSome(ap) }
+
+  import Level1CallContext
+  import NoLocalCallContext
+
+  bindingset[node1, state1, config]
+  bindingset[node2, state2, config]
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
   ) {
     (
       preservesValue = true and
-      localFlowStepNodeCand1(node1, node2, config)
+      localFlowStepNodeCand1(node1, node2, config) and
+      state1 = state2
       or
       preservesValue = false and
-      additionalLocalFlowStepNodeCand1(node1, node2, config)
+      additionalLocalFlowStepNodeCand1(node1, node2, config) and
+      state1 = state2
+      or
+      preservesValue = false and
+      additionalLocalStateStep(node1, state1, node2, state2, config)
     ) and
     exists(ap) and
     exists(lcc)
   }
 
-  private predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
-  private predicate flowIntoCall = flowIntoCallNodeCand1/5;
+  predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) { any() }
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::revFlowIsReadAndStored(c, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c)
+    )
+  }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    PrevStage::revFlowState(state, pragma[only_bind_into](config)) and
+    exists(ap) and
+    not stateBarrier(node, state, config) and
+    (
+      notExpectsContent(node)
+      or
+      ap = true and
+      expectsContentCand(node, config)
+    )
+  }
 
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
+  predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
+}
 
-  /* Begin: Stage 2 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 2 logic. */
+private module Stage2 implements StageSig {
+  import MkStage<Stage1>::Stage<Stage2Param>
 }
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
-  Stage2::revFlow(node1, pragma[only_bind_into](config))
+  Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
 
 pragma[nomagic]
@@ -1530,7 +2153,7 @@ private predicate flowIntoCallNodeCand2(
 ) {
   flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
-  Stage2::revFlow(node1, pragma[only_bind_into](config))
+  Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
 
 private module LocalFlowBigStep {
@@ -1541,7 +2164,8 @@ private module LocalFlowBigStep {
   private class FlowCheckNode extends NodeEx {
     FlowCheckNode() {
       castNode(this.asNode()) or
-      clearsContentCached(this.asNode(), _)
+      clearsContentCached(this.asNode(), _) or
+      expectsContentCached(this.asNode(), _)
     }
   }
 
@@ -1549,17 +2173,31 @@ private module LocalFlowBigStep {
    * Holds if `node` can be the first node in a maximal subsequence of local
    * flow steps in a dataflow path.
    */
-  predicate localFlowEntry(NodeEx node, Configuration config) {
-    Stage2::revFlow(node, config) and
+  private predicate localFlowEntry(NodeEx node, FlowState state, Configuration config) {
+    Stage2::revFlow(node, state, config) and
     (
-      sourceNode(node, config) or
-      jumpStep(_, node, config) or
-      additionalJumpStep(_, node, config) or
-      node instanceof ParamNodeEx or
-      node.asNode() instanceof OutNodeExt or
-      store(_, _, node, _, config) or
-      read(_, _, node, config) or
+      sourceNode(node, state, config)
+      or
+      jumpStep(_, node, config)
+      or
+      additionalJumpStep(_, node, config)
+      or
+      additionalJumpStateStep(_, _, node, state, config)
+      or
+      node instanceof ParamNodeEx
+      or
+      node.asNode() instanceof OutNodeExt
+      or
+      Stage2::storeStepCand(_, _, _, node, _, config)
+      or
+      Stage2::readStepCand(_, _, node, config)
+      or
       node instanceof FlowCheckNode
+      or
+      exists(FlowState s |
+        additionalLocalStateStep(_, s, node, state, config) and
+        s != state
+      )
     )
   }
 
@@ -1567,28 +2205,42 @@ private module LocalFlowBigStep {
    * Holds if `node` can be the last node in a maximal subsequence of local
    * flow steps in a dataflow path.
    */
-  private predicate localFlowExit(NodeEx node, Configuration config) {
-    exists(NodeEx next | Stage2::revFlow(next, config) |
+  private predicate localFlowExit(NodeEx node, FlowState state, Configuration config) {
+    exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
-      store(node, _, next, _, config) or
-      read(node, _, next, config)
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
+      Stage2::storeStepCand(node, _, _, next, _, config) or
+      Stage2::readStepCand(node, _, next, config)
     )
     or
+    exists(NodeEx next, FlowState s | Stage2::revFlow(next, s, config) |
+      additionalJumpStateStep(node, state, next, s, config)
+      or
+      additionalLocalStateStep(node, state, next, s, config) and
+      s != state
+    )
+    or
+    Stage2::revFlow(node, state, config) and
     node instanceof FlowCheckNode
     or
-    sinkNode(node, config)
+    sinkNode(node, state, config)
   }
 
   pragma[noinline]
   private predicate additionalLocalFlowStepNodeCand2(
-    NodeEx node1, NodeEx node2, Configuration config
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, Configuration config
   ) {
     additionalLocalFlowStepNodeCand1(node1, node2, config) and
-    Stage2::revFlow(node1, _, _, false, pragma[only_bind_into](config)) and
-    Stage2::revFlow(node2, _, _, false, pragma[only_bind_into](config))
+    state1 = state2 and
+    Stage2::revFlow(node1, pragma[only_bind_into](state1), false, pragma[only_bind_into](config)) and
+    Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false,
+      pragma[only_bind_into](config))
+    or
+    additionalLocalStateStep(node1, state1, node2, state2, config) and
+    Stage2::revFlow(node1, state1, false, pragma[only_bind_into](config)) and
+    Stage2::revFlowAlias(node2, state2, false, pragma[only_bind_into](config))
   }
 
   /**
@@ -1600,40 +2252,40 @@ private module LocalFlowBigStep {
    */
   pragma[nomagic]
   private predicate localFlowStepPlus(
-    NodeEx node1, NodeEx node2, boolean preservesValue, DataFlowType t, Configuration config,
-    LocalCallContext cc
+    NodeEx node1, FlowState state, NodeEx node2, boolean preservesValue, DataFlowType t,
+    Configuration config, LocalCallContext cc
   ) {
     not isUnreachableInCallCached(node2.asNode(), cc.(LocalCallContextSpecificCall).getCall()) and
     (
-      localFlowEntry(node1, pragma[only_bind_into](config)) and
+      localFlowEntry(node1, pragma[only_bind_into](state), pragma[only_bind_into](config)) and
       (
         localFlowStepNodeCand1(node1, node2, config) and
         preservesValue = true and
-        t = node1.getDataFlowType() // irrelevant dummy value
+        t = node1.getDataFlowType() and // irrelevant dummy value
+        Stage2::revFlow(node2, pragma[only_bind_into](state), pragma[only_bind_into](config))
         or
-        additionalLocalFlowStepNodeCand2(node1, node2, config) and
+        additionalLocalFlowStepNodeCand2(node1, state, node2, state, config) and
         preservesValue = false and
         t = node2.getDataFlowType()
       ) and
       node1 != node2 and
       cc.relevantFor(node1.getEnclosingCallable()) and
-      not isUnreachableInCallCached(node1.asNode(), cc.(LocalCallContextSpecificCall).getCall()) and
-      Stage2::revFlow(node2, pragma[only_bind_into](config))
+      not isUnreachableInCallCached(node1.asNode(), cc.(LocalCallContextSpecificCall).getCall())
       or
       exists(NodeEx mid |
-        localFlowStepPlus(node1, mid, preservesValue, t, pragma[only_bind_into](config), cc) and
+        localFlowStepPlus(node1, pragma[only_bind_into](state), mid, preservesValue, t,
+          pragma[only_bind_into](config), cc) and
         localFlowStepNodeCand1(mid, node2, config) and
         not mid instanceof FlowCheckNode and
-        Stage2::revFlow(node2, pragma[only_bind_into](config))
+        Stage2::revFlow(node2, pragma[only_bind_into](state), pragma[only_bind_into](config))
       )
       or
       exists(NodeEx mid |
-        localFlowStepPlus(node1, mid, _, _, pragma[only_bind_into](config), cc) and
-        additionalLocalFlowStepNodeCand2(mid, node2, config) and
+        localFlowStepPlus(node1, state, mid, _, _, pragma[only_bind_into](config), cc) and
+        additionalLocalFlowStepNodeCand2(mid, state, node2, state, config) and
         not mid instanceof FlowCheckNode and
         preservesValue = false and
-        t = node2.getDataFlowType() and
-        Stage2::revFlow(node2, pragma[only_bind_into](config))
+        t = node2.getDataFlowType()
       )
     )
   }
@@ -1644,36 +2296,121 @@ private module LocalFlowBigStep {
    */
   pragma[nomagic]
   predicate localFlowBigStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, AccessPathFrontNil apf,
-    Configuration config, LocalCallContext callContext
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, node2, preservesValue, apf.getType(), config, callContext) and
-    localFlowExit(node2, config)
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
+    localFlowExit(node2, state1, config) and
+    state1 = state2
+    or
+    additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
+    state1 != state2 and
+    preservesValue = false and
+    t = node2.getDataFlowType() and
+    callContext.relevantFor(node1.getEnclosingCallable()) and
+    not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
+      isUnreachableInCallCached(node1.asNode(), call) or
+      isUnreachableInCallCached(node2.asNode(), call)
+    )
   }
 }
 
 private import LocalFlowBigStep
 
-private module Stage3 {
-  module PrevStage = Stage2;
+private module Stage3Param implements MkStage<Stage2>::StageParam {
+  private module PrevStage = Stage2;
 
-  class ApApprox = PrevStage::Ap;
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
 
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  private ApApprox getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
-  private ApNil getApNil(NodeEx node) {
+  ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
   }
 
   bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result.getHead() = tc and exists(tail) }
+  Ap apCons(TypedContent tc, Ap tail) { result.getHead() = tc and exists(tail) }
 
   pragma[noinline]
-  private Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
+  Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
 
   class ApOption = AccessPathFrontOption;
 
@@ -1681,542 +2418,114 @@ private module Stage3 {
 
   ApOption apSome(Ap ap) { result = TAccessPathFrontSome(ap) }
 
-  class Cc = boolean;
-
-  class CcCall extends Cc {
-    CcCall() { this = true }
-
-    /** Holds if this call context may be `call`. */
-    predicate matchesCall(DataFlowCall call) { any() }
-  }
-
-  class CcNoCall extends Cc {
-    CcNoCall() { this = false }
-  }
-
-  Cc ccNone() { result = false }
-
-  CcCall ccSomeCall() { result = true }
-
-  private class LocalCc = Unit;
-
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) { any() }
-
-  bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) { any() }
-
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) { any() }
-
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
-  ) {
-    localFlowBigStep(node1, node2, preservesValue, ap, config, _) and exists(lcc)
-  }
-
-  private predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
-
-  private predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  import BooleanCallContext
 
   pragma[nomagic]
-  private predicate clear(NodeEx node, Ap ap) { ap.isClearedAt(node.asNode()) }
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
+  }
+
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
+    PrevStage::revFlow(node, config) and
+    clearsContentCached(node.asNode(), c)
+  }
+
+  pragma[nomagic]
+  private predicate clearContent(NodeEx node, Content c, Configuration config) {
+    exists(ContentSet cs |
+      PrevStage::readStepCand(_, pragma[only_bind_into](c), _, pragma[only_bind_into](config)) and
+      c = cs.getAReadContent() and
+      clearSet(node, cs, pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  private predicate clear(NodeEx node, Ap ap, Configuration config) {
+    clearContent(node, ap.getHead().getContent(), config)
+  }
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getHead().getContent()
+    )
+  }
 
   pragma[nomagic]
   private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) {
-    not clear(node, ap) and
-    if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    not clear(node, ap, config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
   }
 
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) {
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
     // We need to typecheck stores here, since reverse flow through a getter
     // might have a different type here compared to inside the getter.
     compatibleTypes(ap.getType(), contentType)
   }
+}
 
-  /* Begin: Stage 3 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 3 logic. */
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
  * Holds if `argApf` is recorded as the summary context for flow reaching `node`
  * and remains relevant for the following pruning stage.
  */
-private predicate flowCandSummaryCtx(NodeEx node, AccessPathFront argApf, Configuration config) {
+private predicate flowCandSummaryCtx(
+  NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
+) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, true, _, apf, config) and
-    Stage3::fwdFlow(node, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2226,12 +2535,12 @@ private predicate flowCandSummaryCtx(NodeEx node, AccessPathFront argApf, Config
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
-      strictcount(NodeEx n |
-        Stage3::revFlow(n, _, _, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+      strictcount(NodeEx n, FlowState state |
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
-        flowCandSummaryCtx(n, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
     accessPathApproxCostLimits(apLimit, tupleLimit) and
     apLimit < tails and
@@ -2243,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2377,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2388,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2413,26 +2722,25 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4 {
-  module PrevStage = Stage3;
-
-  class ApApprox = PrevStage::Ap;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
-  private ApApprox getApprox(Ap ap) { result = ap.getFront() }
+  pragma[nomagic]
+  PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
-  private ApNil getApNil(NodeEx node) {
+  ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TNil(node.getDataFlowType())
   }
 
   bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result = push(tc, tail) }
+  Ap apCons(TypedContent tc, Ap tail) { result = push(tc, tail) }
 
   pragma[noinline]
-  private Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
+  Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
 
   class ApOption = AccessPathApproxOption;
 
@@ -2440,559 +2748,88 @@ private module Stage4 {
 
   ApOption apSome(Ap ap) { result = TAccessPathApproxSome(ap) }
 
-  class Cc = CallContext;
+  import Level1CallContext
+  import LocalCallContext
 
-  class CcCall = CallContextCall;
-
-  class CcNoCall = CallContextNoCall;
-
-  Cc ccNone() { result instanceof CallContextAny }
-
-  CcCall ccSomeCall() { result instanceof CallContextSomeCall }
-
-  private class LocalCc = LocalCallContext;
-
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
-    checkCallContextCall(outercc, call, c) and
-    if recordDataFlowCallSite(call, c) then result = TSpecificCall(call) else result = TSomeCall()
-  }
-
-  bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
-    checkCallContextReturn(innercc, c, call) and
-    if reducedViableImplInReturn(c, call) then result = TReturn(c, call) else result = ccNone()
-  }
-
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) {
-    localFlowEntry(node, config) and
-    result =
-      getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
-        node.getEnclosingCallable())
-  }
-
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, node2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
-  private predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
-    flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
-    PrevStage::revFlow(node2, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::revFlow(node1, _, _, _, pragma[only_bind_into](config))
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
   }
 
   pragma[nomagic]
-  private predicate flowIntoCall(
+  predicate flowIntoCall(
     DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
     Configuration config
   ) {
-    flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
-    PrevStage::revFlow(node2, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::revFlow(node1, _, _, _, pragma[only_bind_into](config))
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
   }
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) { any() }
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) { any() }
 
   // Type checking is not necessary here as it has already been done in stage 3.
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
-
-  /* Begin: Stage 4 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 4 logic. */
+  predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
+
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
   exists(Configuration c | result = pragma[only_bind_into](c) and conf = pragma[only_bind_into](c))
 }
 
-private predicate nodeMayUseSummary(NodeEx n, AccessPathApprox apa, Configuration config) {
-  exists(DataFlowCallable c, AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, apa, _) and
-    Stage4::revFlow(n, true, _, apa0, config) and
-    Stage4::fwdFlow(n, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+pragma[nomagic]
+private predicate nodeMayUseSummary0(
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
+) {
+  exists(AccessPathApprox apa0 |
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
+  )
+}
+
+pragma[nomagic]
+private predicate nodeMayUseSummary(
+  NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
+) {
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
 private newtype TSummaryCtx =
   TSummaryCtxNone() or
-  TSummaryCtxSome(ParamNodeEx p, AccessPath ap) {
-    Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), _)
+  TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
+    exists(Configuration config |
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
+    )
   }
 
 /**
@@ -3013,11 +2850,12 @@ private class SummaryCtxNone extends SummaryCtx, TSummaryCtxNone {
 /** A summary context from which a flow summary can be generated. */
 private class SummaryCtxSome extends SummaryCtx, TSummaryCtxSome {
   private ParamNodeEx p;
+  private FlowState s;
   private AccessPath ap;
 
-  SummaryCtxSome() { this = TSummaryCtxSome(p, ap) }
+  SummaryCtxSome() { this = TSummaryCtxSome(p, s, ap) }
 
-  int getParameterPos() { p.isParameterOf(_, result) }
+  ParameterPosition getParameterPos() { p.isParameterOf(_, result) }
 
   ParamNodeEx getParamNode() { result = p }
 
@@ -3039,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -3047,8 +2885,8 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
-    strictcount(NodeEx n |
-      Stage4::revFlow(n, _, _, apa, config) or nodeMayUseSummary(n, apa, config)
+    strictcount(NodeEx n, FlowState state |
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -3069,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -3092,6 +2930,7 @@ private predicate evalUnfold(AccessPathApprox apa, boolean unfold, Configuration
 /**
  * Gets the number of `AccessPath`s that correspond to `apa`.
  */
+pragma[assume_small_delta]
 private int countAps(AccessPathApprox apa, Configuration config) {
   evalUnfold(apa, false, config) and
   result = 1 and
@@ -3110,6 +2949,7 @@ private int countAps(AccessPathApprox apa, Configuration config) {
  * that it is expanded to a precise head-tail representation.
  */
 language[monotonicAggregates]
+pragma[assume_small_delta]
 private int countPotentialAps(AccessPathApprox apa, Configuration config) {
   apa instanceof AccessPathApproxNil and result = 1
   or
@@ -3144,10 +2984,13 @@ private newtype TAccessPath =
   }
 
 private newtype TPathNode =
-  TPathNodeMid(NodeEx node, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config) {
+  pragma[assume_small_delta]
+  TPathNodeMid(
+    NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
+  ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, config) and
-    sourceNode(node, config) and
+    Stage5::revFlow(node, state, config) and
+    sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
       then cc instanceof CallContextSomeCall
@@ -3158,15 +3001,28 @@ private newtype TPathNode =
     or
     // ... or a step from an existing PathNode to another node.
     exists(PathNodeMid mid |
-      pathStep(mid, node, cc, sc, ap) and
+      pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, _, _, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
-  TPathNodeSink(NodeEx node, Configuration config) {
+  TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
     exists(PathNodeMid sink |
       sink.isAtSink() and
       node = sink.getNodeEx() and
+      state = sink.getState() and
+      config = sink.getConfiguration()
+    )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
       config = sink.getConfiguration()
     )
   }
@@ -3177,7 +3033,7 @@ private newtype TPathNode =
  * of dereference operations needed to get from the value in the node to the
  * tracked object. The final type indicates the type of the tracked object.
  */
-abstract private class AccessPath extends TAccessPath {
+private class AccessPath extends TAccessPath {
   /** Gets the head of this access path, if any. */
   abstract TypedContent getHead();
 
@@ -3238,6 +3094,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
 
+  pragma[assume_small_delta]
   override AccessPathApproxCons getApprox() {
     result = TConsNil(head, tail.(AccessPathNil).getType())
     or
@@ -3246,6 +3103,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
     result = TCons1(head, this.length())
   }
 
+  pragma[assume_small_delta]
   override int length() { result = 1 + tail.length() }
 
   private string toStringImpl(boolean needsSuffix) {
@@ -3287,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -3318,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -3334,66 +3192,61 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   }
 }
 
-/**
- * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
- * Only those `PathNode`s that are reachable from a source are generated.
- */
-class PathNode extends TPathNode {
-  /** Gets a textual representation of this element. */
-  string toString() { none() }
-
-  /**
-   * Gets a textual representation of this element, including a textual
-   * representation of the call context.
-   */
-  string toStringWithContext() { none() }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    none()
-  }
-
-  /** Gets the underlying `Node`. */
-  final Node getNode() { this.(PathNodeImpl).getNodeEx().projectToNode() = result }
+abstract private class PathNodeImpl extends TPathNode {
+  /** Gets the `FlowState` of this node. */
+  abstract FlowState getState();
 
   /** Gets the associated configuration. */
-  Configuration getConfiguration() { none() }
-
-  private PathNode getASuccessorIfHidden() {
-    this.(PathNodeImpl).isHidden() and
-    result = this.(PathNodeImpl).getASuccessorImpl()
-  }
-
-  /** Gets a successor of this node, if any. */
-  final PathNode getASuccessor() {
-    result = this.(PathNodeImpl).getASuccessorImpl().getASuccessorIfHidden*() and
-    not this.(PathNodeImpl).isHidden() and
-    not result.(PathNodeImpl).isHidden()
-  }
+  abstract Configuration getConfiguration();
 
   /** Holds if this node is a source. */
-  predicate isSource() { none() }
-}
+  abstract predicate isSource();
 
-abstract private class PathNodeImpl extends PathNode {
-  abstract PathNode getASuccessorImpl();
+  abstract PathNodeImpl getASuccessorImpl();
+
+  private PathNodeImpl getASuccessorIfHidden() {
+    this.isHidden() and
+    result = this.getASuccessorImpl()
+  }
+
+  pragma[nomagic]
+  private PathNodeImpl getANonHiddenSuccessor0() {
+    result = this.getASuccessorIfHidden*() and
+    not result.isHidden()
+  }
+
+  final PathNodeImpl getANonHiddenSuccessor() {
+    result = this.getASuccessorImpl().getANonHiddenSuccessor0() and
+    not this.isHidden()
+  }
 
   abstract NodeEx getNodeEx();
 
   predicate isHidden() {
-    hiddenNode(this.getNodeEx().asNode()) and
-    not this.isSource() and
-    not this instanceof PathNodeSink
+    not this.getConfiguration().includeHiddenNodes() and
+    (
+      hiddenNode(this.getNodeEx().asNode()) and
+      not this.isSource() and
+      not this instanceof PathNodeSink
+      or
+      this.getNodeEx() instanceof TNodeImplicitRead
+    )
+  }
+
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
     or
-    this.getNodeEx() instanceof TNodeImplicitRead
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
   }
 
   private string ppAp() {
@@ -3410,13 +3263,23 @@ abstract private class PathNodeImpl extends PathNode {
     result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
   }
 
-  override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+  /** Gets a textual representation of this element. */
+  string toString() { result = this.getNodeEx().toString() + this.ppAp() }
 
-  override string toStringWithContext() {
-    result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
-  }
+  /**
+   * Gets a textual representation of this element, including a textual
+   * representation of the call context.
+   */
+  string toStringWithContext() { result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx() }
 
-  override predicate hasLocationInfo(
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
     this.getNodeEx().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
@@ -3424,31 +3287,93 @@ abstract private class PathNodeImpl extends PathNode {
 }
 
 /** Holds if `n` can reach a sink. */
-private predicate directReach(PathNode n) {
-  n instanceof PathNodeSink or directReach(n.getASuccessor())
+private predicate directReach(PathNodeImpl n) {
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
-/** Holds if `n` can reach a sink or is used in a subpath. */
-private predicate reach(PathNode n) { directReach(n) or Subpaths::retReach(n) }
+/** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
+private predicate reach(PathNodeImpl n) { directReach(n) or Subpaths::retReach(n) }
 
 /** Holds if `n1.getASuccessor() = n2` and `n2` can reach a sink. */
-private predicate pathSucc(PathNode n1, PathNode n2) { n1.getASuccessor() = n2 and directReach(n2) }
+private predicate pathSucc(PathNodeImpl n1, PathNodeImpl n2) {
+  n1.getANonHiddenSuccessor() = n2 and directReach(n2)
+}
 
-private predicate pathSuccPlus(PathNode n1, PathNode n2) = fastTC(pathSucc/2)(n1, n2)
+private predicate pathSuccPlus(PathNodeImpl n1, PathNodeImpl n2) = fastTC(pathSucc/2)(n1, n2)
+
+/**
+ * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
+ * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
+ */
+class PathNode instanceof PathNodeImpl {
+  PathNode() { reach(this) }
+
+  /** Gets a textual representation of this element. */
+  final string toString() { result = super.toString() }
+
+  /**
+   * Gets a textual representation of this element, including a textual
+   * representation of the call context.
+   */
+  final string toStringWithContext() { result = super.toStringWithContext() }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  final predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+
+  /** Gets the underlying `Node`. */
+  final Node getNode() { super.getNodeEx().projectToNode() = result }
+
+  /** Gets the `FlowState` of this node. */
+  final FlowState getState() { result = super.getState() }
+
+  /** Gets the associated configuration. */
+  final Configuration getConfiguration() { result = super.getConfiguration() }
+
+  /** Gets a successor of this node, if any. */
+  final PathNode getASuccessor() { result = super.getANonHiddenSuccessor() }
+
+  /** Holds if this node is a source. */
+  final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
+}
 
 /**
  * Provides the query predicates needed to include a graph in a path-problem query.
  */
 module PathGraph {
   /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
-  query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b and reach(b) }
+  query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b }
 
   /** Holds if `n` is a node in the graph of data flow path explanations. */
   query predicate nodes(PathNode n, string key, string val) {
-    reach(n) and key = "semmle.label" and val = n.toString()
+    key = "semmle.label" and val = n.toString()
   }
 
-  query predicate subpaths = Subpaths::subpaths/4;
+  /**
+   * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+   * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+   * `ret -> out` is summarized as the edge `arg -> out`.
+   */
+  query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+    Subpaths::subpaths(arg, par, ret, out)
+  }
 }
 
 /**
@@ -3457,15 +3382,18 @@ module PathGraph {
  */
 private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   NodeEx node;
+  FlowState state;
   CallContext cc;
   SummaryCtx sc;
   AccessPath ap;
   Configuration config;
 
-  PathNodeMid() { this = TPathNodeMid(node, cc, sc, ap, config) }
+  PathNodeMid() { this = TPathNodeMid(node, state, cc, sc, ap, config) }
 
   override NodeEx getNodeEx() { result = node }
 
+  override FlowState getState() { result = state }
+
   CallContext getCallContext() { result = cc }
 
   SummaryCtx getSummaryCtx() { result = sc }
@@ -3475,8 +3403,8 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   override Configuration getConfiguration() { result = config }
 
   private PathNodeMid getSuccMid() {
-    pathStep(this, result.getNodeEx(), result.getCallContext(), result.getSummaryCtx(),
-      result.getAp()) and
+    pathStep(this, result.getNodeEx(), result.getState(), result.getCallContext(),
+      result.getSummaryCtx(), result.getAp()) and
     result.getConfiguration() = unbindConf(this.getConfiguration())
   }
 
@@ -3489,18 +3417,18 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   }
 
   override predicate isSource() {
-    sourceNode(node, config) and
+    sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
       then cc instanceof CallContextSomeCall
       else cc instanceof CallContextAny
     ) and
     sc instanceof SummaryCtxNone and
-    ap instanceof AccessPathNil
+    ap = TAccessPathNil(node.getDataFlowType())
   }
 
   predicate isAtSink() {
-    sinkNode(node, config) and
+    sinkNode(node, state, config) and
     ap instanceof AccessPathNil and
     if hasSinkCallCtx(config)
     then
@@ -3522,6 +3450,7 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   PathNodeSink projectToSink() {
     this.isAtSink() and
     result.getNodeEx() = node and
+    result.getState() = state and
     result.getConfiguration() = unbindConf(config)
   }
 }
@@ -3533,91 +3462,176 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
  */
 private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
   NodeEx node;
+  FlowState state;
   Configuration config;
 
-  PathNodeSink() { this = TPathNodeSink(node, config) }
+  PathNodeSink() { this = TPathNodeSink(node, state, config) }
 
   override NodeEx getNodeEx() { result = node }
 
+  override FlowState getState() { result = state }
+
   override Configuration getConfiguration() { result = config }
 
-  override PathNode getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
-  override predicate isSource() { sourceNode(node, config) }
+  override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private predicate pathNode(
+  PathNodeMid mid, NodeEx midnode, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap,
+  Configuration conf, LocalCallContext localCC
+) {
+  midnode = mid.getNodeEx() and
+  state = mid.getState() and
+  conf = mid.getConfiguration() and
+  cc = mid.getCallContext() and
+  sc = mid.getSummaryCtx() and
+  localCC =
+    getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
+      midnode.getEnclosingCallable()) and
+  ap = mid.getAp()
 }
 
 /**
  * Holds if data may flow from `mid` to `node`. The last step in or out of
  * a callable is recorded by `cc`.
  */
+pragma[assume_small_delta]
+pragma[nomagic]
 private predicate pathStep(
-  PathNodeMid mid, NodeEx node, CallContext cc, SummaryCtx sc, AccessPath ap
+  PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap
 ) {
-  exists(AccessPath ap0, NodeEx midnode, Configuration conf, LocalCallContext localCC |
-    midnode = mid.getNodeEx() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC =
-      getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
-        midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC |
+    pathNode(mid, midnode, state0, cc, sc, ap, conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, true, _, conf, localCC)
+  )
+  or
+  exists(
+    AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
-    localFlowBigStep(midnode, node, true, _, conf, localCC) and
-    ap = ap0
-    or
-    localFlowBigStep(midnode, node, false, ap.getFront(), conf, localCC) and
+    pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
   jumpStep(mid.getNodeEx(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc instanceof CallContextAny and
   sc instanceof SummaryCtxNone and
   ap = mid.getAp()
   or
   additionalJumpStep(mid.getNodeEx(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc instanceof CallContextAny and
   sc instanceof SummaryCtxNone and
   mid.getAp() instanceof AccessPathNil and
   ap = TAccessPathNil(node.getDataFlowType())
   or
-  exists(TypedContent tc | pathStoreStep(mid, node, ap.pop(tc), tc, cc)) and
+  additionalJumpStateStep(mid.getNodeEx(), mid.getState(), node, state, mid.getConfiguration()) and
+  cc instanceof CallContextAny and
+  sc instanceof SummaryCtxNone and
+  mid.getAp() instanceof AccessPathNil and
+  ap = TAccessPathNil(node.getDataFlowType())
+  or
+  exists(TypedContent tc | pathStoreStep(mid, node, state, ap.pop(tc), tc, cc)) and
   sc = mid.getSummaryCtx()
   or
-  exists(TypedContent tc | pathReadStep(mid, node, ap.push(tc), tc, cc)) and
+  exists(TypedContent tc | pathReadStep(mid, node, state, ap.push(tc), tc, cc)) and
   sc = mid.getSummaryCtx()
   or
-  pathIntoCallable(mid, node, _, cc, sc, _, _) and ap = mid.getAp()
+  pathIntoCallable(mid, node, state, _, cc, sc, _, _) and ap = mid.getAp()
   or
-  pathOutOfCallable(mid, node, cc) and ap = mid.getAp() and sc instanceof SummaryCtxNone
+  pathOutOfCallable(mid, node, state, cc) and ap = mid.getAp() and sc instanceof SummaryCtxNone
   or
-  pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
+  pathThroughCallable(mid, node, state, cc, ap) and sc = mid.getSummaryCtx()
 }
 
 pragma[nomagic]
 private predicate pathReadStep(
-  PathNodeMid mid, NodeEx node, AccessPath ap0, TypedContent tc, CallContext cc
+  PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc = mid.getCallContext()
 }
 
 pragma[nomagic]
 private predicate pathStoreStep(
-  PathNodeMid mid, NodeEx node, AccessPath ap0, TypedContent tc, CallContext cc
+  PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  state = mid.getState() and
   cc = mid.getCallContext()
 }
 
 private predicate pathOutOfCallable0(
-  PathNodeMid mid, ReturnPosition pos, CallContext innercc, AccessPathApprox apa,
+  PathNodeMid mid, ReturnPosition pos, FlowState state, CallContext innercc, AccessPathApprox apa,
   Configuration config
 ) {
   pos = mid.getNodeEx().(RetNodeEx).getReturnPosition() and
+  state = mid.getState() and
   innercc = mid.getCallContext() and
   innercc instanceof CallContextNoCall and
   apa = mid.getAp().getApprox() and
@@ -3626,11 +3640,11 @@ private predicate pathOutOfCallable0(
 
 pragma[nomagic]
 private predicate pathOutOfCallable1(
-  PathNodeMid mid, DataFlowCall call, ReturnKindExt kind, CallContext cc, AccessPathApprox apa,
-  Configuration config
+  PathNodeMid mid, DataFlowCall call, ReturnKindExt kind, FlowState state, CallContext cc,
+  AccessPathApprox apa, Configuration config
 ) {
   exists(ReturnPosition pos, DataFlowCallable c, CallContext innercc |
-    pathOutOfCallable0(mid, pos, innercc, apa, config) and
+    pathOutOfCallable0(mid, pos, state, innercc, apa, config) and
     c = pos.getCallable() and
     kind = pos.getKind() and
     resolveReturn(innercc, c, call)
@@ -3644,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3652,9 +3666,9 @@ private NodeEx getAnOutNodeFlow(
  * is a return from a callable and is recorded by `cc`, if needed.
  */
 pragma[noinline]
-private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, CallContext cc) {
+private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, FlowState state, CallContext cc) {
   exists(ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config |
-    pathOutOfCallable1(mid, call, kind, cc, apa, config) and
+    pathOutOfCallable1(mid, call, kind, state, cc, apa, config) and
     out = getAnOutNodeFlow(kind, call, apa, config)
   )
 }
@@ -3664,39 +3678,37 @@ private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, CallContext cc)
  */
 pragma[noinline]
 private predicate pathIntoArg(
-  PathNodeMid mid, int i, CallContext cc, DataFlowCall call, AccessPath ap, AccessPathApprox apa,
-  Configuration config
+  PathNodeMid mid, ParameterPosition ppos, FlowState state, CallContext cc, DataFlowCall call,
+  AccessPath ap, AccessPathApprox apa, Configuration config
 ) {
-  exists(ArgNode arg |
-    arg = mid.getNodeEx().asNode() and
-    cc = mid.getCallContext() and
-    arg.argumentOf(call, i) and
-    ap = mid.getAp() and
+  exists(ArgNodeEx arg, ArgumentPosition apos |
+    pathNode(mid, arg, state, cc, _, ap, config, _) and
+    arg.asNode().(ArgNode).argumentOf(call, apos) and
     apa = ap.getApprox() and
-    config = mid.getConfiguration()
+    parameterMatch(ppos, apos)
   )
 }
 
 pragma[nomagic]
 private predicate parameterCand(
-  DataFlowCallable callable, int i, AccessPathApprox apa, Configuration config
+  DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, _, apa, config) and
-    p.isParameterOf(callable, i)
+    Stage5::revFlow(p, _, apa, config) and
+    p.isParameterOf(callable, pos)
   )
 }
 
 pragma[nomagic]
 private predicate pathIntoCallable0(
-  PathNodeMid mid, DataFlowCallable callable, int i, CallContext outercc, DataFlowCall call,
-  AccessPath ap, Configuration config
+  PathNodeMid mid, DataFlowCallable callable, ParameterPosition pos, FlowState state,
+  CallContext outercc, DataFlowCall call, AccessPath ap, Configuration config
 ) {
   exists(AccessPathApprox apa |
-    pathIntoArg(mid, pragma[only_bind_into](i), outercc, call, ap, pragma[only_bind_into](apa),
-      pragma[only_bind_into](config)) and
+    pathIntoArg(mid, pragma[only_bind_into](pos), state, outercc, call, ap,
+      pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
     callable = resolveCall(call, outercc) and
-    parameterCand(callable, pragma[only_bind_into](i), pragma[only_bind_into](apa),
+    parameterCand(callable, pragma[only_bind_into](pos), pragma[only_bind_into](apa),
       pragma[only_bind_into](config))
   )
 }
@@ -3708,16 +3720,16 @@ private predicate pathIntoCallable0(
  */
 pragma[nomagic]
 private predicate pathIntoCallable(
-  PathNodeMid mid, ParamNodeEx p, CallContext outercc, CallContextCall innercc, SummaryCtx sc,
-  DataFlowCall call, Configuration config
+  PathNodeMid mid, ParamNodeEx p, FlowState state, CallContext outercc, CallContextCall innercc,
+  SummaryCtx sc, DataFlowCall call, Configuration config
 ) {
-  exists(int i, DataFlowCallable callable, AccessPath ap |
-    pathIntoCallable0(mid, callable, i, outercc, call, ap, config) and
-    p.isParameterOf(callable, i) and
+  exists(ParameterPosition pos, DataFlowCallable callable, AccessPath ap |
+    pathIntoCallable0(mid, callable, pos, state, outercc, call, ap, config) and
+    p.isParameterOf(callable, pos) and
     (
-      sc = TSummaryCtxSome(p, ap)
+      sc = TSummaryCtxSome(p, state, ap)
       or
-      not exists(TSummaryCtxSome(p, ap)) and
+      not exists(TSummaryCtxSome(p, state, ap)) and
       sc = TSummaryCtxNone() and
       // When the call contexts of source and sink needs to match then there's
       // never any reason to enter a callable except to find a summary. See also
@@ -3734,35 +3746,25 @@ private predicate pathIntoCallable(
 /** Holds if data may flow from a parameter given by `sc` to a return of kind `kind`. */
 pragma[nomagic]
 private predicate paramFlowsThrough(
-  ReturnKindExt kind, CallContextCall cc, SummaryCtxSome sc, AccessPath ap, AccessPathApprox apa,
-  Configuration config
+  ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
+  AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, int pos |
-    mid.getNodeEx() = ret and
+  exists(PathNodeMid mid, RetNodeEx ret |
+    pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    config = mid.getConfiguration() and
-    ap = mid.getAp() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
 pragma[nomagic]
 private predicate pathThroughCallable0(
-  DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, CallContext cc, AccessPath ap,
-  AccessPathApprox apa, Configuration config
+  DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, FlowState state, CallContext cc,
+  AccessPath ap, AccessPathApprox apa, Configuration config
 ) {
   exists(CallContext innercc, SummaryCtx sc |
-    pathIntoCallable(mid, _, cc, innercc, sc, call, config) and
-    paramFlowsThrough(kind, innercc, sc, ap, apa, config)
+    pathIntoCallable(mid, _, _, cc, innercc, sc, call, config) and
+    paramFlowsThrough(kind, state, innercc, sc, ap, apa, config)
   )
 }
 
@@ -3771,9 +3773,11 @@ private predicate pathThroughCallable0(
  * The context `cc` is restored to its value prior to entering the callable.
  */
 pragma[noinline]
-private predicate pathThroughCallable(PathNodeMid mid, NodeEx out, CallContext cc, AccessPath ap) {
+private predicate pathThroughCallable(
+  PathNodeMid mid, NodeEx out, FlowState state, CallContext cc, AccessPath ap
+) {
   exists(DataFlowCall call, ReturnKindExt kind, AccessPathApprox apa, Configuration config |
-    pathThroughCallable0(call, mid, kind, cc, ap, apa, config) and
+    pathThroughCallable0(call, mid, kind, state, cc, ap, apa, config) and
     out = getAnOutNodeFlow(kind, call, apa, config)
   )
 }
@@ -3786,47 +3790,44 @@ private module Subpaths {
   pragma[nomagic]
   private predicate subpaths01(
     PathNodeImpl arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
-    NodeEx out, AccessPath apout
+    NodeEx out, FlowState sout, AccessPath apout
   ) {
     exists(Configuration config |
-      pathThroughCallable(arg, out, _, pragma[only_bind_into](apout)) and
-      pathIntoCallable(arg, par, _, innercc, sc, _, config) and
-      paramFlowsThrough(kind, innercc, sc, pragma[only_bind_into](apout), _, unbindConf(config)) and
+      pathThroughCallable(arg, out, pragma[only_bind_into](sout), _, pragma[only_bind_into](apout)) and
+      pathIntoCallable(arg, par, _, _, innercc, sc, _, config) and
+      paramFlowsThrough(kind, pragma[only_bind_into](sout), innercc, sc,
+        pragma[only_bind_into](apout), _, unbindConf(config)) and
       not arg.isHidden()
     )
   }
 
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple and `ret` is determined by
-   * `kind`, `sc`, `apout`, and `innercc`.
+   * `kind`, `sc`, `sout`, `apout`, and `innercc`.
    */
   pragma[nomagic]
   private predicate subpaths02(
-    PathNode arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
-    NodeEx out, AccessPath apout
+    PathNodeImpl arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
+    NodeEx out, FlowState sout, AccessPath apout
   ) {
-    subpaths01(arg, par, sc, innercc, kind, out, apout) and
+    subpaths01(arg, par, sc, innercc, kind, out, sout, apout) and
     out.asNode() = kind.getAnOutNode(_)
   }
 
   pragma[nomagic]
-  private Configuration getPathNodeConf(PathNode n) { result = n.getConfiguration() }
+  private Configuration getPathNodeConf(PathNodeImpl n) { result = n.getConfiguration() }
 
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple.
    */
   pragma[nomagic]
   private predicate subpaths03(
-    PathNode arg, ParamNodeEx par, PathNodeMid ret, NodeEx out, AccessPath apout
+    PathNodeImpl arg, ParamNodeEx par, PathNodeMid ret, NodeEx out, FlowState sout, AccessPath apout
   ) {
     exists(SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind, RetNodeEx retnode |
-      subpaths02(arg, par, sc, innercc, kind, out, apout) and
-      ret.getNodeEx() = retnode and
-      kind = retnode.getKind() and
-      innercc = ret.getCallContext() and
-      sc = ret.getSummaryCtx() and
-      ret.getConfiguration() = unbindConf(getPathNodeConf(arg)) and
-      apout = ret.getAp()
+      subpaths02(arg, par, sc, innercc, kind, out, sout, apout) and
+      pathNode(ret, retnode, sout, innercc, sc, apout, unbindConf(getPathNodeConf(arg)), _) and
+      kind = retnode.getKind()
     )
   }
 
@@ -3834,38 +3835,44 @@ private module Subpaths {
     n.getASuccessorImpl() = result and
     result.isHidden() and
     exists(NodeEx n1, NodeEx n2 | n1 = n.getNodeEx() and n2 = result.getNodeEx() |
-      localFlowBigStep(n1, n2, _, _, _, _) or
+      localFlowBigStep(n1, _, n2, _, _, _, _, _) or
       store(n1, _, n2, _, _) or
-      read(n1, _, n2, _)
+      readSet(n1, _, n2, _)
     )
   }
 
+  pragma[nomagic]
+  private predicate hasSuccessor(PathNodeImpl pred, PathNodeMid succ, NodeEx succNode) {
+    succ = pred.getANonHiddenSuccessor() and
+    succNode = succ.getNodeEx()
+  }
+
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
    * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
    * `ret -> out` is summarized as the edge `arg -> out`.
    */
-  predicate subpaths(PathNode arg, PathNodeImpl par, PathNodeImpl ret, PathNodeMid out) {
-    exists(ParamNodeEx p, NodeEx o, AccessPath apout |
-      pragma[only_bind_into](arg).getASuccessor() = par and
-      pragma[only_bind_into](arg).getASuccessor() = out and
-      subpaths03(arg, p, localStepToHidden*(ret), o, apout) and
+  predicate subpaths(PathNodeImpl arg, PathNodeImpl par, PathNodeImpl ret, PathNodeImpl out) {
+    exists(ParamNodeEx p, NodeEx o, FlowState sout, AccessPath apout, PathNodeMid out0 |
+      pragma[only_bind_into](arg).getANonHiddenSuccessor() = pragma[only_bind_into](out0) and
+      subpaths03(pragma[only_bind_into](arg), p, localStepToHidden*(ret), o, sout, apout) and
+      hasSuccessor(pragma[only_bind_into](arg), par, p) and
       not ret.isHidden() and
-      par.getNodeEx() = p and
-      out.getNodeEx() = o and
-      out.getAp() = apout
+      pathNode(out0, o, sout, _, _, apout, _, _)
+    |
+      out = out0 or out = out0.projectToSink()
     )
   }
 
   /**
-   * Holds if `n` can reach a return node in a summarized subpath.
+   * Holds if `n` can reach a return node in a summarized subpath that can reach a sink.
    */
-  predicate retReach(PathNode n) {
-    subpaths(_, _, n, _)
+  predicate retReach(PathNodeImpl n) {
+    exists(PathNodeImpl out | subpaths(_, _, n, out) | directReach(out) or retReach(out))
     or
-    exists(PathNode mid |
+    exists(PathNodeImpl mid |
       retReach(mid) and
-      n.getASuccessor() = mid and
+      n.getANonHiddenSuccessor() = mid and
       not subpaths(_, mid, _, _)
     )
   }
@@ -3877,12 +3884,22 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
-  PathNode flowsource, PathNodeSink flowsink, Node source, Node sink, Configuration configuration
+  PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
+  Configuration configuration
 ) {
   flowsource.isSource() and
   flowsource.getConfiguration() = configuration and
-  flowsource.(PathNodeImpl).getNodeEx().asNode() = source and
+  flowsource.getNodeEx().asNode() = source and
   (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
   flowsink.getNodeEx().asNode() = sink
 }
@@ -3897,18 +3914,22 @@ predicate flowsTo(Node source, Node sink, Configuration configuration) {
   flowsTo(_, _, source, sink, configuration)
 }
 
-private predicate finalStats(boolean fwd, int nodes, int fields, int conscand, int tuples) {
+private predicate finalStats(
+  boolean fwd, int nodes, int fields, int conscand, int states, int tuples
+) {
   fwd = true and
   nodes = count(NodeEx n0 | exists(PathNodeImpl pn | pn.getNodeEx() = n0)) and
   fields = count(TypedContent f0 | exists(PathNodeMid pn | pn.getAp().getHead() = f0)) and
   conscand = count(AccessPath ap | exists(PathNodeMid pn | pn.getAp() = ap)) and
-  tuples = count(PathNode pn)
+  states = count(FlowState state | exists(PathNodeMid pn | pn.getState() = state)) and
+  tuples = count(PathNodeImpl pn)
   or
   fwd = false and
   nodes = count(NodeEx n0 | exists(PathNodeImpl pn | pn.getNodeEx() = n0 and reach(pn))) and
   fields = count(TypedContent f0 | exists(PathNodeMid pn | pn.getAp().getHead() = f0 and reach(pn))) and
   conscand = count(AccessPath ap | exists(PathNodeMid pn | pn.getAp() = ap and reach(pn))) and
-  tuples = count(PathNode pn | reach(pn))
+  states = count(FlowState state | exists(PathNodeMid pn | pn.getState() = state and reach(pn))) and
+  tuples = count(PathNode pn)
 }
 
 /**
@@ -3917,27 +3938,52 @@ private predicate finalStats(boolean fwd, int nodes, int fields, int conscand, i
  * Calculates per-stage metrics for data flow.
  */
 predicate stageStats(
-  int n, string stage, int nodes, int fields, int conscand, int tuples, Configuration config
+  int n, string stage, int nodes, int fields, int conscand, int states, int tuples,
+  Configuration config
 ) {
-  stage = "1 Fwd" and n = 10 and Stage1::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "1 Fwd" and
+  n = 10 and
+  Stage1::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "1 Rev" and n = 15 and Stage1::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "1 Rev" and
+  n = 15 and
+  Stage1::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "2 Fwd" and n = 20 and Stage2::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "2 Fwd" and
+  n = 20 and
+  Stage2::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "2 Rev" and n = 25 and Stage2::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "2 Rev" and
+  n = 25 and
+  Stage2::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "3 Fwd" and n = 30 and Stage3::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "3 Fwd" and
+  n = 30 and
+  Stage3::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "3 Rev" and n = 35 and Stage3::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "3 Rev" and
+  n = 35 and
+  Stage3::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "4 Fwd" and n = 40 and Stage4::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "4 Fwd" and
+  n = 40 and
+  Stage4::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "4 Rev" and n = 45 and Stage4::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "4 Rev" and
+  n = 45 and
+  Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
@@ -3947,6 +3993,8 @@ private module FlowExploration {
       or
       additionalJumpStep(node1, node2, config)
       or
+      additionalJumpStateStep(node1, _, node2, _, config)
+      or
       // flow into callable
       viableParamArgEx(_, node2, node1)
       or
@@ -3960,7 +4008,7 @@ private module FlowExploration {
   }
 
   private predicate interestingCallableSrc(DataFlowCallable c, Configuration config) {
-    exists(Node n | config.isSource(n) and c = getNodeEnclosingCallable(n))
+    exists(Node n | config.isSource(n) or config.isSource(n, _) | c = getNodeEnclosingCallable(n))
     or
     exists(DataFlowCallable mid |
       interestingCallableSrc(mid, config) and callableStep(mid, c, config)
@@ -3968,7 +4016,7 @@ private module FlowExploration {
   }
 
   private predicate interestingCallableSink(DataFlowCallable c, Configuration config) {
-    exists(Node n | config.isSink(n) and c = getNodeEnclosingCallable(n))
+    exists(Node n | config.isSink(n) or config.isSink(n, _) | c = getNodeEnclosingCallable(n))
     or
     exists(DataFlowCallable mid |
       interestingCallableSink(mid, config) and callableStep(c, mid, config)
@@ -3996,13 +4044,13 @@ private module FlowExploration {
     or
     exists(Node n, Configuration config |
       ce1 = TCallableSrc() and
-      config.isSource(n) and
+      (config.isSource(n) or config.isSource(n, _)) and
       ce2 = TCallable(getNodeEnclosingCallable(n), config)
     )
     or
     exists(Node n, Configuration config |
       ce2 = TCallableSink() and
-      config.isSink(n) and
+      (config.isSink(n) or config.isSink(n, _)) and
       ce1 = TCallable(getNodeEnclosingCallable(n), config)
     )
   }
@@ -4104,13 +4152,26 @@ private module FlowExploration {
     }
   }
 
+  private predicate relevantState(FlowState state) {
+    sourceNode(_, state, _) or
+    sinkNode(_, state, _) or
+    additionalLocalStateStep(_, state, _, _, _) or
+    additionalLocalStateStep(_, _, _, state, _) or
+    additionalJumpStateStep(_, state, _, _, _) or
+    additionalJumpStateStep(_, _, _, state, _)
+  }
+
   private newtype TSummaryCtx1 =
     TSummaryCtx1None() or
     TSummaryCtx1Param(ParamNodeEx p)
 
   private newtype TSummaryCtx2 =
     TSummaryCtx2None() or
-    TSummaryCtx2Some(PartialAccessPath ap)
+    TSummaryCtx2Some(FlowState s) { relevantState(s) }
+
+  private newtype TSummaryCtx3 =
+    TSummaryCtx3None() or
+    TSummaryCtx3Some(PartialAccessPath ap)
 
   private newtype TRevSummaryCtx1 =
     TRevSummaryCtx1None() or
@@ -4118,52 +4179,66 @@ private module FlowExploration {
 
   private newtype TRevSummaryCtx2 =
     TRevSummaryCtx2None() or
-    TRevSummaryCtx2Some(RevPartialAccessPath ap)
+    TRevSummaryCtx2Some(FlowState s) { relevantState(s) }
+
+  private newtype TRevSummaryCtx3 =
+    TRevSummaryCtx3None() or
+    TRevSummaryCtx3Some(RevPartialAccessPath ap)
 
   private newtype TPartialPathNode =
     TPartialPathNodeFwd(
-      NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, PartialAccessPath ap,
-      Configuration config
+      NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+      TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
     ) {
-      sourceNode(node, config) and
+      sourceNode(node, state, config) and
       cc instanceof CallContextAny and
       sc1 = TSummaryCtx1None() and
       sc2 = TSummaryCtx2None() and
+      sc3 = TSummaryCtx3None() and
       ap = TPartialNil(node.getDataFlowType()) and
-      not fullBarrier(node, config) and
       exists(config.explorationLimit())
       or
-      partialPathNodeMk0(node, cc, sc1, sc2, ap, config) and
+      partialPathNodeMk0(node, state, cc, sc1, sc2, sc3, ap, config) and
       distSrc(node.getEnclosingCallable(), config) <= config.explorationLimit()
     } or
     TPartialPathNodeRev(
-      NodeEx node, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2, RevPartialAccessPath ap,
-      Configuration config
+      NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2, TRevSummaryCtx3 sc3,
+      RevPartialAccessPath ap, Configuration config
     ) {
-      sinkNode(node, config) and
+      sinkNode(node, state, config) and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = TRevPartialNil() and
-      not fullBarrier(node, config) and
       exists(config.explorationLimit())
       or
       exists(PartialPathNodeRev mid |
-        revPartialPathStep(mid, node, sc1, sc2, ap, config) and
-        not clearsContentCached(node.asNode(), ap.getHead()) and
+        revPartialPathStep(mid, node, state, sc1, sc2, sc3, ap, config) and
+        not clearsContentEx(node, ap.getHead()) and
+        (
+          notExpectsContent(node) or
+          expectsContentEx(node, ap.getHead())
+        ) and
         not fullBarrier(node, config) and
+        not stateBarrier(node, state, config) and
         distSink(node.getEnclosingCallable(), config) <= config.explorationLimit()
       )
     }
 
   pragma[nomagic]
   private predicate partialPathNodeMk0(
-    NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, PartialAccessPath ap,
-    Configuration config
+    NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+    TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     exists(PartialPathNodeFwd mid |
-      partialPathStep(mid, node, cc, sc1, sc2, ap, config) and
+      partialPathStep(mid, node, state, cc, sc1, sc2, sc3, ap, config) and
       not fullBarrier(node, config) and
-      not clearsContentCached(node.asNode(), ap.getHead().getContent()) and
+      not stateBarrier(node, state, config) and
+      not clearsContentEx(node, ap.getHead().getContent()) and
+      (
+        notExpectsContent(node) or
+        expectsContentEx(node, ap.getHead().getContent())
+      ) and
       if node.asNode() instanceof CastingNode
       then compatibleTypes(node.getDataFlowType(), ap.getType())
       else any()
@@ -4201,6 +4276,8 @@ private module FlowExploration {
     /** Gets the underlying `Node`. */
     final Node getNode() { this.getNodeEx().projectToNode() = result }
 
+    FlowState getState() { none() }
+
     private NodeEx getNodeEx() {
       result = this.(PartialPathNodeFwd).getNodeEx() or
       result = this.(PartialPathNodeRev).getNodeEx()
@@ -4258,135 +4335,182 @@ private module FlowExploration {
 
   private class PartialPathNodeFwd extends PartialPathNode, TPartialPathNodeFwd {
     NodeEx node;
+    FlowState state;
     CallContext cc;
     TSummaryCtx1 sc1;
     TSummaryCtx2 sc2;
+    TSummaryCtx3 sc3;
     PartialAccessPath ap;
     Configuration config;
 
-    PartialPathNodeFwd() { this = TPartialPathNodeFwd(node, cc, sc1, sc2, ap, config) }
+    PartialPathNodeFwd() { this = TPartialPathNodeFwd(node, state, cc, sc1, sc2, sc3, ap, config) }
 
     NodeEx getNodeEx() { result = node }
 
+    override FlowState getState() { result = state }
+
     CallContext getCallContext() { result = cc }
 
     TSummaryCtx1 getSummaryCtx1() { result = sc1 }
 
     TSummaryCtx2 getSummaryCtx2() { result = sc2 }
 
+    TSummaryCtx3 getSummaryCtx3() { result = sc3 }
+
     PartialAccessPath getAp() { result = ap }
 
     override Configuration getConfiguration() { result = config }
 
     override PartialPathNodeFwd getASuccessor() {
-      partialPathStep(this, result.getNodeEx(), result.getCallContext(), result.getSummaryCtx1(),
-        result.getSummaryCtx2(), result.getAp(), result.getConfiguration())
+      partialPathStep(this, result.getNodeEx(), result.getState(), result.getCallContext(),
+        result.getSummaryCtx1(), result.getSummaryCtx2(), result.getSummaryCtx3(), result.getAp(),
+        result.getConfiguration())
     }
 
     predicate isSource() {
-      sourceNode(node, config) and
+      sourceNode(node, state, config) and
       cc instanceof CallContextAny and
       sc1 = TSummaryCtx1None() and
       sc2 = TSummaryCtx2None() and
+      sc3 = TSummaryCtx3None() and
       ap instanceof TPartialNil
     }
   }
 
   private class PartialPathNodeRev extends PartialPathNode, TPartialPathNodeRev {
     NodeEx node;
+    FlowState state;
     TRevSummaryCtx1 sc1;
     TRevSummaryCtx2 sc2;
+    TRevSummaryCtx3 sc3;
     RevPartialAccessPath ap;
     Configuration config;
 
-    PartialPathNodeRev() { this = TPartialPathNodeRev(node, sc1, sc2, ap, config) }
+    PartialPathNodeRev() { this = TPartialPathNodeRev(node, state, sc1, sc2, sc3, ap, config) }
 
     NodeEx getNodeEx() { result = node }
 
+    override FlowState getState() { result = state }
+
     TRevSummaryCtx1 getSummaryCtx1() { result = sc1 }
 
     TRevSummaryCtx2 getSummaryCtx2() { result = sc2 }
 
+    TRevSummaryCtx3 getSummaryCtx3() { result = sc3 }
+
     RevPartialAccessPath getAp() { result = ap }
 
     override Configuration getConfiguration() { result = config }
 
     override PartialPathNodeRev getASuccessor() {
-      revPartialPathStep(result, this.getNodeEx(), this.getSummaryCtx1(), this.getSummaryCtx2(),
-        this.getAp(), this.getConfiguration())
+      revPartialPathStep(result, this.getNodeEx(), this.getState(), this.getSummaryCtx1(),
+        this.getSummaryCtx2(), this.getSummaryCtx3(), this.getAp(), this.getConfiguration())
     }
 
     predicate isSink() {
-      sinkNode(node, config) and
+      sinkNode(node, state, config) and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = TRevPartialNil()
     }
   }
 
   private predicate partialPathStep(
-    PartialPathNodeFwd mid, NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
-    PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
+    TSummaryCtx2 sc2, TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     not isUnreachableInCallCached(node.asNode(), cc.(CallContextSpecificCall).getCall()) and
     (
       localFlowStep(mid.getNodeEx(), node, config) and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       ap = mid.getAp() and
       config = mid.getConfiguration()
       or
       additionalLocalFlowStep(mid.getNodeEx(), node, config) and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
+      mid.getAp() instanceof PartialAccessPathNil and
+      ap = TPartialNil(node.getDataFlowType()) and
+      config = mid.getConfiguration()
+      or
+      additionalLocalStateStep(mid.getNodeEx(), mid.getState(), node, state, config) and
+      cc = mid.getCallContext() and
+      sc1 = mid.getSummaryCtx1() and
+      sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       mid.getAp() instanceof PartialAccessPathNil and
       ap = TPartialNil(node.getDataFlowType()) and
       config = mid.getConfiguration()
     )
     or
     jumpStep(mid.getNodeEx(), node, config) and
+    state = mid.getState() and
     cc instanceof CallContextAny and
     sc1 = TSummaryCtx1None() and
     sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalJumpStep(mid.getNodeEx(), node, config) and
+    state = mid.getState() and
     cc instanceof CallContextAny and
     sc1 = TSummaryCtx1None() and
     sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
+    mid.getAp() instanceof PartialAccessPathNil and
+    ap = TPartialNil(node.getDataFlowType()) and
+    config = mid.getConfiguration()
+    or
+    additionalJumpStateStep(mid.getNodeEx(), mid.getState(), node, state, config) and
+    cc instanceof CallContextAny and
+    sc1 = TSummaryCtx1None() and
+    sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
     mid.getAp() instanceof PartialAccessPathNil and
     ap = TPartialNil(node.getDataFlowType()) and
     config = mid.getConfiguration()
     or
     partialPathStoreStep(mid, _, _, node, ap) and
+    state = mid.getState() and
     cc = mid.getCallContext() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     config = mid.getConfiguration()
     or
     exists(PartialAccessPath ap0, TypedContent tc |
       partialPathReadStep(mid, ap0, tc, node, cc, config) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       apConsFwd(ap, tc, ap0, config)
     )
     or
-    partialPathIntoCallable(mid, node, _, cc, sc1, sc2, _, ap, config)
+    partialPathIntoCallable(mid, node, state, _, cc, sc1, sc2, sc3, _, ap, config)
     or
-    partialPathOutOfCallable(mid, node, cc, ap, config) and
+    partialPathOutOfCallable(mid, node, state, cc, ap, config) and
     sc1 = TSummaryCtx1None() and
-    sc2 = TSummaryCtx2None()
+    sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None()
     or
-    partialPathThroughCallable(mid, node, cc, ap, config) and
+    partialPathThroughCallable(mid, node, state, cc, ap, config) and
     sc1 = mid.getSummaryCtx1() and
-    sc2 = mid.getSummaryCtx2()
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3()
   }
 
   bindingset[result, i]
-  private int unbindInt(int i) { i <= result and i >= result }
+  private int unbindInt(int i) { pragma[only_bind_out](i) = pragma[only_bind_out](result) }
 
   pragma[inline]
   private predicate partialPathStoreStep(
@@ -4429,10 +4553,11 @@ private module FlowExploration {
   }
 
   private predicate partialPathOutOfCallable0(
-    PartialPathNodeFwd mid, ReturnPosition pos, CallContext innercc, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ReturnPosition pos, FlowState state, CallContext innercc,
+    PartialAccessPath ap, Configuration config
   ) {
     pos = mid.getNodeEx().(RetNodeEx).getReturnPosition() and
+    state = mid.getState() and
     innercc = mid.getCallContext() and
     innercc instanceof CallContextNoCall and
     ap = mid.getAp() and
@@ -4441,11 +4566,11 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate partialPathOutOfCallable1(
-    PartialPathNodeFwd mid, DataFlowCall call, ReturnKindExt kind, CallContext cc,
+    PartialPathNodeFwd mid, DataFlowCall call, ReturnKindExt kind, FlowState state, CallContext cc,
     PartialAccessPath ap, Configuration config
   ) {
     exists(ReturnPosition pos, DataFlowCallable c, CallContext innercc |
-      partialPathOutOfCallable0(mid, pos, innercc, ap, config) and
+      partialPathOutOfCallable0(mid, pos, state, innercc, ap, config) and
       c = pos.getCallable() and
       kind = pos.getKind() and
       resolveReturn(innercc, c, call)
@@ -4455,10 +4580,11 @@ private module FlowExploration {
   }
 
   private predicate partialPathOutOfCallable(
-    PartialPathNodeFwd mid, NodeEx out, CallContext cc, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx out, FlowState state, CallContext cc, PartialAccessPath ap,
+    Configuration config
   ) {
     exists(ReturnKindExt kind, DataFlowCall call |
-      partialPathOutOfCallable1(mid, call, kind, cc, ap, config)
+      partialPathOutOfCallable1(mid, call, kind, state, cc, ap, config)
     |
       out.asNode() = kind.getAnOutNode(call)
     )
@@ -4466,37 +4592,40 @@ private module FlowExploration {
 
   pragma[noinline]
   private predicate partialPathIntoArg(
-    PartialPathNodeFwd mid, int i, CallContext cc, DataFlowCall call, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ParameterPosition ppos, FlowState state, CallContext cc,
+    DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    exists(ArgNode arg |
+    exists(ArgNode arg, ArgumentPosition apos |
       arg = mid.getNodeEx().asNode() and
+      state = mid.getState() and
       cc = mid.getCallContext() and
-      arg.argumentOf(call, i) and
+      arg.argumentOf(call, apos) and
       ap = mid.getAp() and
-      config = mid.getConfiguration()
+      config = mid.getConfiguration() and
+      parameterMatch(ppos, apos)
     )
   }
 
   pragma[nomagic]
   private predicate partialPathIntoCallable0(
-    PartialPathNodeFwd mid, DataFlowCallable callable, int i, CallContext outercc,
-    DataFlowCall call, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, DataFlowCallable callable, ParameterPosition pos, FlowState state,
+    CallContext outercc, DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    partialPathIntoArg(mid, i, outercc, call, ap, config) and
+    partialPathIntoArg(mid, pos, state, outercc, call, ap, config) and
     callable = resolveCall(call, outercc)
   }
 
   private predicate partialPathIntoCallable(
-    PartialPathNodeFwd mid, ParamNodeEx p, CallContext outercc, CallContextCall innercc,
-    TSummaryCtx1 sc1, TSummaryCtx2 sc2, DataFlowCall call, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ParamNodeEx p, FlowState state, CallContext outercc,
+    CallContextCall innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, TSummaryCtx3 sc3,
+    DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    exists(int i, DataFlowCallable callable |
-      partialPathIntoCallable0(mid, callable, i, outercc, call, ap, config) and
-      p.isParameterOf(callable, i) and
+    exists(ParameterPosition pos, DataFlowCallable callable |
+      partialPathIntoCallable0(mid, callable, pos, state, outercc, call, ap, config) and
+      p.isParameterOf(callable, pos) and
       sc1 = TSummaryCtx1Param(p) and
-      sc2 = TSummaryCtx2Some(ap)
+      sc2 = TSummaryCtx2Some(state) and
+      sc3 = TSummaryCtx3Some(ap)
     |
       if recordDataFlowCallSite(call, callable)
       then innercc = TSpecificCall(call)
@@ -4506,15 +4635,17 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate paramFlowsThroughInPartialPath(
-    ReturnKindExt kind, CallContextCall cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
-    PartialAccessPath ap, Configuration config
+    ReturnKindExt kind, FlowState state, CallContextCall cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+    TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     exists(PartialPathNodeFwd mid, RetNodeEx ret |
       mid.getNodeEx() = ret and
       kind = ret.getKind() and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       config = mid.getConfiguration() and
       ap = mid.getAp()
     )
@@ -4522,85 +4653,119 @@ private module FlowExploration {
 
   pragma[noinline]
   private predicate partialPathThroughCallable0(
-    DataFlowCall call, PartialPathNodeFwd mid, ReturnKindExt kind, CallContext cc,
+    DataFlowCall call, PartialPathNodeFwd mid, ReturnKindExt kind, FlowState state, CallContext cc,
     PartialAccessPath ap, Configuration config
   ) {
-    exists(CallContext innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2 |
-      partialPathIntoCallable(mid, _, cc, innercc, sc1, sc2, call, _, config) and
-      paramFlowsThroughInPartialPath(kind, innercc, sc1, sc2, ap, config)
+    exists(CallContext innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, TSummaryCtx3 sc3 |
+      partialPathIntoCallable(mid, _, _, cc, innercc, sc1, sc2, sc3, call, _, config) and
+      paramFlowsThroughInPartialPath(kind, state, innercc, sc1, sc2, sc3, ap, config)
     )
   }
 
   private predicate partialPathThroughCallable(
-    PartialPathNodeFwd mid, NodeEx out, CallContext cc, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx out, FlowState state, CallContext cc, PartialAccessPath ap,
+    Configuration config
   ) {
     exists(DataFlowCall call, ReturnKindExt kind |
-      partialPathThroughCallable0(call, mid, kind, cc, ap, config) and
+      partialPathThroughCallable0(call, mid, kind, state, cc, ap, config) and
       out.asNode() = kind.getAnOutNode(call)
     )
   }
 
+  pragma[nomagic]
   private predicate revPartialPathStep(
-    PartialPathNodeRev mid, NodeEx node, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2,
-    RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2,
+    TRevSummaryCtx3 sc3, RevPartialAccessPath ap, Configuration config
   ) {
     localFlowStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalLocalFlowStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
+    mid.getAp() instanceof RevPartialAccessPathNil and
+    ap = TRevPartialNil() and
+    config = mid.getConfiguration()
+    or
+    additionalLocalStateStep(node, state, mid.getNodeEx(), mid.getState(), config) and
+    sc1 = mid.getSummaryCtx1() and
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     mid.getAp() instanceof RevPartialAccessPathNil and
     ap = TRevPartialNil() and
     config = mid.getConfiguration()
     or
     jumpStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = TRevSummaryCtx1None() and
     sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalJumpStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = TRevSummaryCtx1None() and
     sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
+    mid.getAp() instanceof RevPartialAccessPathNil and
+    ap = TRevPartialNil() and
+    config = mid.getConfiguration()
+    or
+    additionalJumpStateStep(node, state, mid.getNodeEx(), mid.getState(), config) and
+    sc1 = TRevSummaryCtx1None() and
+    sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
     mid.getAp() instanceof RevPartialAccessPathNil and
     ap = TRevPartialNil() and
     config = mid.getConfiguration()
     or
     revPartialPathReadStep(mid, _, _, node, ap) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     config = mid.getConfiguration()
     or
     exists(RevPartialAccessPath ap0, Content c |
       revPartialPathStoreStep(mid, ap0, c, node, config) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       apConsRev(ap, c, ap0, config)
     )
     or
     exists(ParamNodeEx p |
       mid.getNodeEx() = p and
       viableParamArgEx(_, p, node) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = mid.getAp() and
       config = mid.getConfiguration()
     )
     or
     exists(ReturnPosition pos |
-      revPartialPathIntoReturn(mid, pos, sc1, sc2, _, ap, config) and
+      revPartialPathIntoReturn(mid, pos, state, sc1, sc2, sc3, _, ap, config) and
       pos = getReturnPosition(node.asNode())
     )
     or
-    revPartialPathThroughCallable(mid, node, ap, config) and
+    revPartialPathThroughCallable(mid, node, state, ap, config) and
     sc1 = mid.getSummaryCtx1() and
-    sc2 = mid.getSummaryCtx2()
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3()
   }
 
   pragma[inline]
@@ -4643,14 +4808,17 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate revPartialPathIntoReturn(
-    PartialPathNodeRev mid, ReturnPosition pos, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2,
-    DataFlowCall call, RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, ReturnPosition pos, FlowState state, TRevSummaryCtx1Some sc1,
+    TRevSummaryCtx2Some sc2, TRevSummaryCtx3Some sc3, DataFlowCall call, RevPartialAccessPath ap,
+    Configuration config
   ) {
     exists(NodeEx out |
       mid.getNodeEx() = out and
+      mid.getState() = state and
       viableReturnPosOutEx(call, pos, out) and
       sc1 = TRevSummaryCtx1Some(pos) and
-      sc2 = TRevSummaryCtx2Some(ap) and
+      sc2 = TRevSummaryCtx2Some(state) and
+      sc3 = TRevSummaryCtx3Some(ap) and
       ap = mid.getAp() and
       config = mid.getConfiguration()
     )
@@ -4658,36 +4826,40 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate revPartialPathFlowsThrough(
-    int pos, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2, RevPartialAccessPath ap,
-    Configuration config
+    ArgumentPosition apos, FlowState state, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2,
+    TRevSummaryCtx3Some sc3, RevPartialAccessPath ap, Configuration config
   ) {
-    exists(PartialPathNodeRev mid, ParamNodeEx p |
+    exists(PartialPathNodeRev mid, ParamNodeEx p, ParameterPosition ppos |
       mid.getNodeEx() = p and
-      p.getPosition() = pos and
+      mid.getState() = state and
+      p.getPosition() = ppos and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       ap = mid.getAp() and
-      config = mid.getConfiguration()
+      config = mid.getConfiguration() and
+      parameterMatch(ppos, apos)
     )
   }
 
   pragma[nomagic]
   private predicate revPartialPathThroughCallable0(
-    DataFlowCall call, PartialPathNodeRev mid, int pos, RevPartialAccessPath ap,
-    Configuration config
+    DataFlowCall call, PartialPathNodeRev mid, ArgumentPosition pos, FlowState state,
+    RevPartialAccessPath ap, Configuration config
   ) {
-    exists(TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2 |
-      revPartialPathIntoReturn(mid, _, sc1, sc2, call, _, config) and
-      revPartialPathFlowsThrough(pos, sc1, sc2, ap, config)
+    exists(TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2, TRevSummaryCtx3Some sc3 |
+      revPartialPathIntoReturn(mid, _, _, sc1, sc2, sc3, call, _, config) and
+      revPartialPathFlowsThrough(pos, state, sc1, sc2, sc3, ap, config)
     )
   }
 
   pragma[nomagic]
   private predicate revPartialPathThroughCallable(
-    PartialPathNodeRev mid, ArgNodeEx node, RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, ArgNodeEx node, FlowState state, RevPartialAccessPath ap,
+    Configuration config
   ) {
-    exists(DataFlowCall call, int pos |
-      revPartialPathThroughCallable0(call, mid, pos, ap, config) and
+    exists(DataFlowCall call, ArgumentPosition pos |
+      revPartialPathThroughCallable0(call, mid, pos, state, ap, config) and
       node.asNode().(ArgNode).argumentOf(call, pos)
     )
   }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll
index 65408c9915a..1228d00b6ba 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll
@@ -54,12 +54,23 @@ abstract class Configuration extends string {
   /**
    * Holds if `source` is a relevant data flow source.
    */
-  abstract predicate isSource(Node source);
+  predicate isSource(Node source) { none() }
+
+  /**
+   * Holds if `source` is a relevant data flow source with the given initial
+   * `state`.
+   */
+  predicate isSource(Node source, FlowState state) { none() }
 
   /**
    * Holds if `sink` is a relevant data flow sink.
    */
-  abstract predicate isSink(Node sink);
+  predicate isSink(Node sink) { none() }
+
+  /**
+   * Holds if `sink` is a relevant data flow sink accepting `state`.
+   */
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -67,6 +78,12 @@ abstract class Configuration extends string {
    */
   predicate isBarrier(Node node) { none() }
 
+  /**
+   * Holds if data flow through `node` is prohibited when the flow state is
+   * `state`.
+   */
+  predicate isBarrier(Node node, FlowState state) { none() }
+
   /** Holds if data flow into `node` is prohibited. */
   predicate isBarrierIn(Node node) { none() }
 
@@ -81,16 +98,31 @@ abstract class Configuration extends string {
   deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
 
   /**
-   * Holds if the additional flow step from `node1` to `node2` must be taken
-   * into account in the analysis.
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited when
+   * the flow state is `state`
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+
+  /**
+   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
    */
   predicate isAdditionalFlowStep(Node node1, Node node2) { none() }
 
+  /**
+   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
+   * This step is only applicable in `state1` and updates the flow state to `state2`.
+   */
+  predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) {
+    none()
+  }
+
   /**
    * Holds if an arbitrary number of implicit read steps of content `c` may be
    * taken at `node`.
    */
-  predicate allowImplicitRead(Node node, Content c) { none() }
+  predicate allowImplicitRead(Node node, ContentSet c) { none() }
 
   /**
    * Gets the virtual dispatch branching limit when calculating field flow.
@@ -115,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -126,12 +164,14 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
    */
-  predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
+  predicate hasFlowTo(Node sink) {
+    sink = any(PathNodeSink n | this = n.getConfiguration()).getNodeEx().asNode()
+  }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -144,6 +184,14 @@ abstract class Configuration extends string {
    */
   int explorationLimit() { none() }
 
+  /**
+   * Holds if hidden nodes should be included in the data flow graph.
+   *
+   * This feature should only be used for debugging or when the data flow graph
+   * is not visualized (for example in a `path-problem` query).
+   */
+  predicate includeHiddenNodes() { none() }
+
   /**
    * Holds if there is a partial data flow path from `source` to `node`. The
    * approximate distance between `node` and the closest source is `dist` and
@@ -201,10 +249,16 @@ abstract private class ConfigurationRecursionPrevention extends Configuration {
   override predicate hasFlow(Node source, Node sink) {
     strictcount(Node n | this.isSource(n)) < 0
     or
+    strictcount(Node n | this.isSource(n, _)) < 0
+    or
     strictcount(Node n | this.isSink(n)) < 0
     or
+    strictcount(Node n | this.isSink(n, _)) < 0
+    or
     strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, n2)) < 0
     or
+    strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, _, n2, _)) < 0
+    or
     super.hasFlow(source, sink)
   }
 }
@@ -260,13 +314,11 @@ private class ArgNodeEx extends NodeEx {
 private class ParamNodeEx extends NodeEx {
   ParamNodeEx() { this.asNode() instanceof ParamNode }
 
-  predicate isParameterOf(DataFlowCallable c, int i) {
-    this.asNode().(ParamNode).isParameterOf(c, i)
+  predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
+    this.asNode().(ParamNode).isParameterOf(c, pos)
   }
 
-  int getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
+  ParameterPosition getPosition() { this.isParameterOf(_, result) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -280,22 +332,26 @@ private class RetNodeEx extends NodeEx {
 private predicate inBarrier(NodeEx node, Configuration config) {
   exists(Node n |
     node.asNode() = n and
-    config.isBarrierIn(n) and
-    config.isSource(n)
+    config.isBarrierIn(n)
+  |
+    config.isSource(n) or config.isSource(n, _)
   )
 }
 
 private predicate outBarrier(NodeEx node, Configuration config) {
   exists(Node n |
     node.asNode() = n and
-    config.isBarrierOut(n) and
-    config.isSink(n)
+    config.isBarrierOut(n)
+  |
+    config.isSink(n) or config.isSink(n, _)
   )
 }
 
 /** A bridge class to access the deprecated `isBarrierGuard`. */
 private class BarrierGuardGuardedNodeBridge extends Unit {
   abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
 }
 
 private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
@@ -305,6 +361,13 @@ private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
       n = g.getAGuardedNode()
     )
   }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
 }
 
 pragma[nomagic]
@@ -313,23 +376,47 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
     config.isBarrier(n)
     or
     config.isBarrierIn(n) and
-    not config.isSource(n)
+    not config.isSource(n) and
+    not config.isSource(n, _)
     or
     config.isBarrierOut(n) and
-    not config.isSink(n)
+    not config.isSink(n) and
+    not config.isSink(n, _)
     or
     any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
   )
 }
 
 pragma[nomagic]
-private predicate sourceNode(NodeEx node, Configuration config) {
-  config.isSource(node.asNode()) and
-  not fullBarrier(node, config)
+private predicate stateBarrier(NodeEx node, FlowState state, Configuration config) {
+  exists(Node n | node.asNode() = n |
+    config.isBarrier(n, state)
+    or
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+  )
 }
 
 pragma[nomagic]
-private predicate sinkNode(NodeEx node, Configuration config) { config.isSink(node.asNode()) }
+private predicate sourceNode(NodeEx node, FlowState state, Configuration config) {
+  (
+    config.isSource(node.asNode()) and state instanceof FlowStateEmpty
+    or
+    config.isSource(node.asNode(), state)
+  ) and
+  not fullBarrier(node, config) and
+  not stateBarrier(node, state, config)
+}
+
+pragma[nomagic]
+private predicate sinkNode(NodeEx node, FlowState state, Configuration config) {
+  (
+    config.isSink(node.asNode()) and state instanceof FlowStateEmpty
+    or
+    config.isSink(node.asNode(), state)
+  ) and
+  not fullBarrier(node, config) and
+  not stateBarrier(node, state, config)
+}
 
 /** Provides the relevant barriers for a step from `node1` to `node2`. */
 pragma[inline]
@@ -347,7 +434,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -366,7 +453,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -379,6 +466,20 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   )
 }
 
+private predicate additionalLocalStateStep(
+  NodeEx node1, FlowState s1, NodeEx node2, FlowState s2, Configuration config
+) {
+  exists(Node n1, Node n2 |
+    node1.asNode() = n1 and
+    node2.asNode() = n2 and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
+    stepFilter(node1, node2, config) and
+    not stateBarrier(node1, s1, config) and
+    not stateBarrier(node2, s2, config)
+  )
+}
+
 /**
  * Holds if data can flow from `node1` to `node2` in a way that discards call contexts.
  */
@@ -386,7 +487,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -399,15 +500,31 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
 }
 
-private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-  read(node1.asNode(), c, node2.asNode()) and
+private predicate additionalJumpStateStep(
+  NodeEx node1, FlowState s1, NodeEx node2, FlowState s2, Configuration config
+) {
+  exists(Node n1, Node n2 |
+    node1.asNode() = n1 and
+    node2.asNode() = n2 and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
+    stepFilter(node1, node2, config) and
+    not stateBarrier(node1, s1, config) and
+    not stateBarrier(node2, s2, config) and
+    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
+  )
+}
+
+pragma[nomagic]
+private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -417,11 +534,46 @@ private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration conf
   )
 }
 
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate read(NodeEx node1, Content c, NodeEx node2, Configuration config) {
+  exists(ContentSet cs |
+    readSet(node1, cs, node2, config) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate clearsContentEx(NodeEx n, Content c) {
+  exists(ContentSet cs |
+    clearsContentCached(n.asNode(), cs) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+// inline to reduce fan-out via `getAReadContent`
+bindingset[c]
+private predicate expectsContentEx(NodeEx n, Content c) {
+  exists(ContentSet cs |
+    expectsContentCached(n.asNode(), cs) and
+    pragma[only_bind_out](c) = pragma[only_bind_into](cs).getAReadContent()
+  )
+}
+
+pragma[nomagic]
+private predicate notExpectsContent(NodeEx n) { not expectsContentCached(n.asNode(), _) }
+
+pragma[nomagic]
+private predicate hasReadStep(Content c, Configuration config) { read(_, c, _, config) }
+
+pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
-  read(_, tc.getContent(), _, config) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
+  hasReadStep(tc.getContent(), config) and
   stepFilter(node1, node2, config)
 }
 
@@ -454,14 +606,29 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
-private module Stage1 {
-  class ApApprox = Unit;
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
 
-  class Ap = Unit;
+private module Stage1 implements StageSig {
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
-  class ApOption = Unit;
-
-  class Cc = boolean;
+  private class Cc = boolean;
 
   /* Begin: Stage 1 logic. */
   /**
@@ -470,30 +637,20 @@ private module Stage1 {
    * The Boolean `cc` records whether the node is reached through an
    * argument in a call.
    */
-  predicate fwdFlow(NodeEx node, Cc cc, Configuration config) {
-    sourceNode(node, config) and
+  private predicate fwdFlow(NodeEx node, Cc cc, Configuration config) {
+    sourceNode(node, _, config) and
     if hasSourceCallCtx(config) then cc = true else cc = false
     or
-    exists(NodeEx mid |
-      fwdFlow(mid, cc, config) and
-      localFlowStep(mid, node, config)
+    exists(NodeEx mid | fwdFlow(mid, cc, config) |
+      localFlowStep(mid, node, config) or
+      additionalLocalFlowStep(mid, node, config) or
+      additionalLocalStateStep(mid, _, node, _, config)
     )
     or
-    exists(NodeEx mid |
-      fwdFlow(mid, cc, config) and
-      additionalLocalFlowStep(mid, node, config)
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, config) and
-      jumpStep(mid, node, config) and
-      cc = false
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, config) and
-      additionalJumpStep(mid, node, config) and
-      cc = false
+    exists(NodeEx mid | fwdFlow(mid, _, config) and cc = false |
+      jumpStep(mid, node, config) or
+      additionalJumpStep(mid, node, config) or
+      additionalJumpStateStep(mid, _, node, _, config)
     )
     or
     // store
@@ -504,9 +661,9 @@ private module Stage1 {
     )
     or
     // read
-    exists(Content c |
-      fwdFlowRead(c, node, cc, config) and
-      fwdFlowConsCand(c, config)
+    exists(ContentSet c |
+      fwdFlowReadSet(c, node, cc, config) and
+      fwdFlowConsCandSet(c, _, config)
     )
     or
     // flow into a callable
@@ -530,10 +687,10 @@ private module Stage1 {
   private predicate fwdFlow(NodeEx node, Configuration config) { fwdFlow(node, _, config) }
 
   pragma[nomagic]
-  private predicate fwdFlowRead(Content c, NodeEx node, Cc cc, Configuration config) {
+  private predicate fwdFlowReadSet(ContentSet c, NodeEx node, Cc cc, Configuration config) {
     exists(NodeEx mid |
       fwdFlow(mid, cc, config) and
-      read(mid, c, node, config)
+      readSet(mid, c, node, config)
     )
   }
 
@@ -551,6 +708,16 @@ private module Stage1 {
     )
   }
 
+  /**
+   * Holds if `cs` may be interpreted in a read as the target of some store
+   * into `c`, in the flow covered by `fwdFlow`.
+   */
+  pragma[nomagic]
+  private predicate fwdFlowConsCandSet(ContentSet cs, Content c, Configuration config) {
+    fwdFlowConsCand(c, config) and
+    c = cs.getAReadContent()
+  }
+
   pragma[nomagic]
   private predicate fwdFlowReturnPosition(ReturnPosition pos, Cc cc, Configuration config) {
     exists(RetNodeEx ret |
@@ -584,6 +751,24 @@ private module Stage1 {
     )
   }
 
+  private predicate stateStepFwd(FlowState state1, FlowState state2, Configuration config) {
+    exists(NodeEx node1 |
+      additionalLocalStateStep(node1, state1, _, state2, config) or
+      additionalJumpStateStep(node1, state1, _, state2, config)
+    |
+      fwdFlow(node1, config)
+    )
+  }
+
+  private predicate fwdFlowState(FlowState state, Configuration config) {
+    sourceNode(_, state, config)
+    or
+    exists(FlowState state0 |
+      fwdFlowState(state0, config) and
+      stateStepFwd(state0, state, config)
+    )
+  }
+
   /**
    * Holds if `node` is part of a path from a source to a sink in the
    * configuration `config`.
@@ -592,37 +777,30 @@ private module Stage1 {
    * the enclosing callable in order to reach a sink.
    */
   pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, Configuration config) {
+  private predicate revFlow(NodeEx node, boolean toReturn, Configuration config) {
     revFlow0(node, toReturn, config) and
     fwdFlow(node, config)
   }
 
   pragma[nomagic]
   private predicate revFlow0(NodeEx node, boolean toReturn, Configuration config) {
-    fwdFlow(node, config) and
-    sinkNode(node, config) and
-    if hasSinkCallCtx(config) then toReturn = true else toReturn = false
-    or
-    exists(NodeEx mid |
-      localFlowStep(node, mid, config) and
-      revFlow(mid, toReturn, config)
+    exists(FlowState state |
+      fwdFlow(node, pragma[only_bind_into](config)) and
+      sinkNode(node, state, config) and
+      fwdFlowState(state, pragma[only_bind_into](config)) and
+      if hasSinkCallCtx(config) then toReturn = true else toReturn = false
     )
     or
-    exists(NodeEx mid |
-      additionalLocalFlowStep(node, mid, config) and
-      revFlow(mid, toReturn, config)
+    exists(NodeEx mid | revFlow(mid, toReturn, config) |
+      localFlowStep(node, mid, config) or
+      additionalLocalFlowStep(node, mid, config) or
+      additionalLocalStateStep(node, _, mid, _, config)
     )
     or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, config) and
-      toReturn = false
-    )
-    or
-    exists(NodeEx mid |
-      additionalJumpStep(node, mid, config) and
-      revFlow(mid, _, config) and
-      toReturn = false
+    exists(NodeEx mid | revFlow(mid, _, config) and toReturn = false |
+      jumpStep(node, mid, config) or
+      additionalJumpStep(node, mid, config) or
+      additionalJumpStateStep(node, _, mid, _, config)
     )
     or
     // store
@@ -632,9 +810,9 @@ private module Stage1 {
     )
     or
     // read
-    exists(NodeEx mid, Content c |
-      read(node, c, mid, config) and
-      fwdFlowConsCand(c, pragma[only_bind_into](config)) and
+    exists(NodeEx mid, ContentSet c |
+      readSet(node, c, mid, config) and
+      fwdFlowConsCandSet(c, _, pragma[only_bind_into](config)) and
       revFlow(mid, toReturn, pragma[only_bind_into](config))
     )
     or
@@ -660,10 +838,10 @@ private module Stage1 {
    */
   pragma[nomagic]
   private predicate revFlowConsCand(Content c, Configuration config) {
-    exists(NodeEx mid, NodeEx node |
+    exists(NodeEx mid, NodeEx node, ContentSet cs |
       fwdFlow(node, pragma[only_bind_into](config)) and
-      read(node, c, mid, config) and
-      fwdFlowConsCand(c, pragma[only_bind_into](config)) and
+      readSet(node, cs, mid, config) and
+      fwdFlowConsCandSet(cs, c, pragma[only_bind_into](config)) and
       revFlow(pragma[only_bind_into](mid), _, pragma[only_bind_into](config))
     )
   }
@@ -682,13 +860,14 @@ private module Stage1 {
    * Holds if `c` is the target of both a read and a store in the flow covered
    * by `revFlow`.
    */
-  private predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  pragma[nomagic]
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
     revFlowConsCand(c, conf) and
     revFlowStore(c, _, _, conf)
   }
 
   pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
     DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
   ) {
     fwdFlowReturnPosition(pos, _, config) and
@@ -704,7 +883,7 @@ private module Stage1 {
   }
 
   pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
     DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
   ) {
     viableParamArgEx(call, p, arg) and
@@ -739,6 +918,31 @@ private module Stage1 {
     )
   }
 
+  private predicate stateStepRev(FlowState state1, FlowState state2, Configuration config) {
+    exists(NodeEx node1, NodeEx node2 |
+      additionalLocalStateStep(node1, state1, node2, state2, config) or
+      additionalJumpStateStep(node1, state1, node2, state2, config)
+    |
+      revFlow(node1, _, pragma[only_bind_into](config)) and
+      revFlow(node2, _, pragma[only_bind_into](config)) and
+      fwdFlowState(state1, pragma[only_bind_into](config)) and
+      fwdFlowState(state2, pragma[only_bind_into](config))
+    )
+  }
+
+  additional predicate revFlowState(FlowState state, Configuration config) {
+    exists(NodeEx node |
+      sinkNode(node, state, config) and
+      revFlow(node, _, pragma[only_bind_into](config)) and
+      fwdFlowState(state, pragma[only_bind_into](config))
+    )
+    or
+    exists(FlowState state0 |
+      revFlowState(state0, config) and
+      stateStepRev(state, state0, config)
+    )
+  }
+
   pragma[nomagic]
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -756,15 +960,24 @@ private module Stage1 {
   pragma[nomagic]
   predicate readStepCand(NodeEx n1, Content c, NodeEx n2, Configuration config) {
     revFlowIsReadAndStored(c, pragma[only_bind_into](config)) and
-    revFlow(n2, pragma[only_bind_into](config)) and
-    read(n1, c, n2, pragma[only_bind_into](config))
+    read(n1, c, n2, pragma[only_bind_into](config)) and
+    revFlow(n2, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow(node, toReturn, config) and exists(returnAp) and exists(ap)
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
+  bindingset[node, state, config]
+  predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    revFlow(node, _, pragma[only_bind_into](config)) and
+    exists(state) and
+    exists(ap)
   }
 
   private predicate throughFlowNodeCand(NodeEx node, Configuration config) {
@@ -791,21 +1004,26 @@ private module Stage1 {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -815,17 +1033,21 @@ private module Stage1 {
     )
   }
 
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
+  additional predicate stats(
+    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
+  ) {
     fwd = true and
     nodes = count(NodeEx node | fwdFlow(node, config)) and
     fields = count(Content f0 | fwdFlowConsCand(f0, config)) and
     conscand = -1 and
+    states = count(FlowState state | fwdFlowState(state, config)) and
     tuples = count(NodeEx n, boolean b | fwdFlow(n, b, config))
     or
     fwd = false and
     nodes = count(NodeEx node | revFlow(node, _, config)) and
     fields = count(Content f0 | revFlowConsCand(f0, config)) and
     conscand = -1 and
+    states = count(FlowState state | revFlowState(state, config)) and
     tuples = count(NodeEx n, boolean b | revFlow(n, b, config))
   }
   /* End: Stage 1 logic. */
@@ -858,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -893,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -905,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -921,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -942,575 +1171,979 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
   )
 }
 
-private module Stage2 {
-  module PrevStage = Stage1;
+private signature module StageSig {
+  class Ap;
 
+  predicate revFlow(NodeEx node, Configuration config);
+
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
+  bindingset[node, state, config]
+  predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
+
+  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
+
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
+
+  predicate storeStepCand(
+    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
+    Configuration config
+  );
+
+  predicate readStepCand(NodeEx n1, Content c, NodeEx n2, Configuration config);
+}
+
+private module MkStage<StageSig PrevStage> {
   class ApApprox = PrevStage::Ap;
 
-  class Ap = boolean;
+  signature module StageParam {
+    class Ap;
 
-  class ApNil extends Ap {
-    ApNil() { this = false }
+    class ApNil extends Ap;
+
+    bindingset[result, ap]
+    ApApprox getApprox(Ap ap);
+
+    ApNil getApNil(NodeEx node);
+
+    bindingset[tc, tail]
+    Ap apCons(TypedContent tc, Ap tail);
+
+    Content getHeadContent(Ap ap);
+
+    class ApOption;
+
+    ApOption apNone();
+
+    ApOption apSome(Ap ap);
+
+    class Cc;
+
+    class CcCall extends Cc;
+
+    // TODO: member predicate on CcCall
+    predicate matchesCall(CcCall cc, DataFlowCall call);
+
+    class CcNoCall extends Cc;
+
+    Cc ccNone();
+
+    CcCall ccSomeCall();
+
+    class LocalCc;
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc);
+
+    bindingset[call, c, innercc]
+    CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc);
+
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc);
+
+    bindingset[node1, state1, config]
+    bindingset[node2, state2, config]
+    predicate localStep(
+      NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+      ApNil ap, Configuration config, LocalCc lcc
+    );
+
+    predicate flowOutOfCall(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
+    );
+
+    predicate flowIntoCall(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+    );
+
+    bindingset[node, state, ap, config]
+    predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config);
+
+    bindingset[ap, contentType]
+    predicate typecheckStore(Ap ap, DataFlowType contentType);
   }
 
-  bindingset[result, ap]
-  private ApApprox getApprox(Ap ap) { any() }
+  module Stage<StageParam Param> implements StageSig {
+    import Param
 
-  private ApNil getApNil(NodeEx node) { PrevStage::revFlow(node, _) and exists(result) }
+    /* Begin: Stage logic. */
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
 
-  bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result = true and exists(tc) and exists(tail) }
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
 
-  pragma[inline]
-  private Content getHeadContent(Ap ap) { exists(result) and ap = true }
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
 
-  class ApOption = BooleanOption;
+    pragma[nomagic]
+    private predicate flowThroughOutOfCall(
+      DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
+      ApApprox argApa, ApApprox apa, Configuration config
+    ) {
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
+    }
 
-  ApOption apNone() { result = TBooleanNone() }
+    /**
+     * Holds if `node` is reachable with access path `ap` from a source in the
+     * configuration `config`.
+     *
+     * The call context `cc` records whether the node is reached through an
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
+     */
+    pragma[nomagic]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
+    ) {
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
+      filter(node, state, ap, config)
+    }
 
-  ApOption apSome(Ap ap) { result = TBooleanSome(ap) }
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
 
+    pragma[nomagic]
+    private predicate fwdFlow0(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
+    ) {
+      sourceNode(node, state, config) and
+      (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
+      argAp = apNone() and
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
+      or
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
+        localCc = getLocalCc(mid, cc)
+      |
+        localStep(mid, state0, node, state, true, _, config, localCc) and
+        ap = ap0 and
+        apa = apa0
+        or
+        localStep(mid, state0, node, state, false, ap, config, localCc) and
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
+      )
+      or
+      exists(NodeEx mid |
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
+        jumpStep(mid, node, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone()
+      )
+      or
+      exists(NodeEx mid, ApNil nil |
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
+        additionalJumpStep(mid, node, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone() and
+        ap = getApNil(node) and
+        apa = getApprox(ap)
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
+        additionalJumpStateStep(mid, state0, node, state, config) and
+        cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
+        argAp = apNone() and
+        ap = getApNil(node) and
+        apa = getApprox(ap)
+      )
+      or
+      // store
+      exists(TypedContent tc, Ap ap0 |
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
+      )
+      or
+      // read
+      exists(Ap ap0, Content c |
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
+      )
+      or
+      // flow into a callable
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
+      )
+      or
+      // flow out of a callable
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+      or
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowStore(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
+        typecheckStore(ap1, contentType)
+      )
+    }
+
+    /**
+     * Holds if forward flow with access path `tail` reaches a store of `c`
+     * resulting in access path `cons`.
+     */
+    pragma[nomagic]
+    private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
+      exists(TypedContent tc |
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
+        tc.getContent() = c and
+        cons = apCons(tc, tail)
+      )
+    }
+
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
+      Configuration config
+    ) {
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, c, node2, config) and
+      getHeadContent(ap) = c
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowIn(
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
+    ) {
+      exists(ArgNodeEx arg, boolean allowsFieldFlow |
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
+    ) {
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
+      )
+    }
+
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
+    }
+
+    /**
+     * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
+     * and data might flow through the target callable and back out at `call`.
+     */
+    pragma[nomagic]
+    private predicate fwdFlowIsEntered(
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
+      )
+    }
+
+    pragma[nomagic]
+    private predicate storeStepFwd(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
+    ) {
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
+      ap2 = apCons(tc, ap1) and
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
+    }
+
+    private predicate readStepFwd(
+      NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
+    ) {
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
+      fwdFlowConsCand(ap1, c, ap2, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowThroughIntoCall(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
+    ) {
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
+    }
+
+    /**
+     * Holds if `node` with access path `ap` is part of a path from a source to a
+     * sink in the configuration `config`.
+     *
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
+     */
+    pragma[nomagic]
+    additional predicate revFlow(
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
+    ) {
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
+    }
+
+    pragma[nomagic]
+    private predicate revFlow0(
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, _, _, _, ap, config) and
+      sinkNode(node, state, config) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
+      returnAp = apNone() and
+      ap instanceof ApNil
+      or
+      exists(NodeEx mid, FlowState state0 |
+        localStep(node, state, mid, state0, true, _, config, _) and
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
+        localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
+        ap instanceof ApNil
+      )
+      or
+      exists(NodeEx mid |
+        jumpStep(node, mid, config) and
+        revFlow(mid, state, _, _, ap, config) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone()
+      )
+      or
+      exists(NodeEx mid, ApNil nil |
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
+        additionalJumpStep(node, mid, config) and
+        revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone() and
+        ap instanceof ApNil
+      )
+      or
+      exists(NodeEx mid, FlowState state0, ApNil nil |
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
+        additionalJumpStateStep(node, state, mid, state0, config) and
+        revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
+          pragma[only_bind_into](config)) and
+        returnCtx = TReturnCtxNone() and
+        returnAp = apNone() and
+        ap instanceof ApNil
+      )
+      or
+      // store
+      exists(Ap ap0, Content c |
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
+        revFlowConsCand(ap0, c, ap, config)
+      )
+      or
+      // read
+      exists(NodeEx mid, Ap ap0 |
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
+        readStepFwd(node, ap, _, mid, ap0, config)
+      )
+      or
+      // flow into a callable
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
+      or
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
+      )
+      or
+      // flow out of a callable
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowStore(
+      Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
+    ) {
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
+      storeStepFwd(node, ap, tc, mid, ap0, config) and
+      tc.getContent() = c
+    }
+
+    /**
+     * Holds if reverse flow with access path `tail` reaches a read of `c`
+     * resulting in access path `cons`.
+     */
+    pragma[nomagic]
+    private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
+      exists(NodeEx mid, Ap tail0 |
+        revFlow(mid, _, _, _, tail, config) and
+        tail = pragma[only_bind_into](tail0) and
+        readStepFwd(_, cons, c, mid, tail0, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowOut(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
+    ) {
+      exists(NodeEx out, boolean allowsFieldFlow |
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
+    ) {
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
+    ) {
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
+    }
+
+    /**
+     * Holds if an output from `call` is reached in the flow covered by `revFlow`
+     * and data might flow through the target callable resulting in reverse flow
+     * reaching an argument of `call`.
+     */
+    pragma[nomagic]
+    private predicate revFlowIsReturned(
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
+    ) {
+      exists(RetNodeEx ret, FlowState state, CcCall ccc |
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
+        matchesCall(ccc, call)
+      )
+    }
+
+    pragma[nomagic]
+    predicate storeStepCand(
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
+      Configuration config
+    ) {
+      exists(Ap ap2, Content c |
+        PrevStage::storeStepCand(node1, _, tc, node2, contentType, config) and
+        revFlowStore(ap2, c, ap1, node1, _, tc, node2, _, _, config) and
+        revFlowConsCand(ap2, c, ap1, config)
+      )
+    }
+
+    predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
+      exists(Ap ap1, Ap ap2 |
+        revFlow(node2, _, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
+        readStepFwd(node1, ap1, c, node2, ap2, config) and
+        revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _, _,
+          pragma[only_bind_into](config))
+      )
+    }
+
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+      revFlow(node, state, _, _, _, config)
+    }
+
+    predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
+      revFlow(node, state, _, _, ap, config)
+    }
+
+    pragma[nomagic]
+    predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }
+
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+      revFlow(node, state, ap, config)
+    }
+
+    private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
+      storeStepFwd(_, ap, tc, _, _, config)
+    }
+
+    private predicate revConsCand(TypedContent tc, Ap ap, Configuration config) {
+      storeStepCand(_, ap, tc, _, _, config)
+    }
+
+    private predicate validAp(Ap ap, Configuration config) {
+      revFlow(_, _, _, _, ap, config) and ap instanceof ApNil
+      or
+      exists(TypedContent head, Ap tail |
+        consCand(head, tail, config) and
+        ap = apCons(head, tail)
+      )
+    }
+
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+      revConsCand(tc, ap, config) and
+      validAp(ap, config)
+    }
+
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
+    ) {
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
+    }
+
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
+      )
+    }
+
+    additional predicate stats(
+      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
+    ) {
+      fwd = true and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
+      fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
+      conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
+      tuples =
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
+        )
+      or
+      fwd = false and
+      nodes = count(NodeEx node | revFlow(node, _, _, _, _, config)) and
+      fields = count(TypedContent f0 | consCand(f0, _, config)) and
+      conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
+      states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
+      tuples =
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
+        )
+    }
+    /* End: Stage logic. */
+  }
+}
+
+private module BooleanCallContext {
+  class Cc extends boolean {
+    Cc() { this in [true, false] }
+  }
+
+  class CcCall extends Cc {
+    CcCall() { this = true }
+  }
+
+  /** Holds if the call context may be `call`. */
+  predicate matchesCall(CcCall cc, DataFlowCall call) { any() }
+
+  class CcNoCall extends Cc {
+    CcNoCall() { this = false }
+  }
+
+  Cc ccNone() { result = false }
+
+  CcCall ccSomeCall() { result = true }
+
+  class LocalCc = Unit;
+
+  bindingset[node, cc]
+  LocalCc getLocalCc(NodeEx node, Cc cc) { any() }
+
+  bindingset[call, c, outercc]
+  CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) { any() }
+
+  bindingset[call, c, innercc]
+  CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) { any() }
+}
+
+private module Level1CallContext {
   class Cc = CallContext;
 
   class CcCall = CallContextCall;
 
+  pragma[inline]
+  predicate matchesCall(CcCall cc, DataFlowCall call) { cc.matchesCall(call) }
+
   class CcNoCall = CallContextNoCall;
 
   Cc ccNone() { result instanceof CallContextAny }
 
   CcCall ccSomeCall() { result instanceof CallContextSomeCall }
 
-  private class LocalCc = Unit;
+  module NoLocalCallContext {
+    class LocalCc = Unit;
 
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
-    checkCallContextCall(outercc, call, c) and
-    if recordDataFlowCallSiteDispatch(call, c)
-    then result = TSpecificCall(call)
-    else result = TSomeCall()
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc) { any() }
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
+      checkCallContextCall(outercc, call, c) and
+      if recordDataFlowCallSiteDispatch(call, c)
+      then result = TSpecificCall(call)
+      else result = TSomeCall()
+    }
+  }
+
+  module LocalCallContext {
+    class LocalCc = LocalCallContext;
+
+    bindingset[node, cc]
+    LocalCc getLocalCc(NodeEx node, Cc cc) {
+      result =
+        getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
+          node.getEnclosingCallable())
+    }
+
+    bindingset[call, c, outercc]
+    CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
+      checkCallContextCall(outercc, call, c) and
+      if recordDataFlowCallSite(call, c) then result = TSpecificCall(call) else result = TSomeCall()
+    }
   }
 
   bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
+  CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
     checkCallContextReturn(innercc, c, call) and
     if reducedViableImplInReturn(c, call) then result = TReturn(c, call) else result = ccNone()
   }
+}
 
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) { any() }
+private module Stage2Param implements MkStage<Stage1>::StageParam {
+  private module PrevStage = Stage1;
 
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
+  class Ap extends boolean {
+    Ap() { this in [true, false] }
+  }
+
+  class ApNil extends Ap {
+    ApNil() { this = false }
+  }
+
+  bindingset[result, ap]
+  PrevStage::Ap getApprox(Ap ap) { any() }
+
+  ApNil getApNil(NodeEx node) { Stage1::revFlow(node, _) and exists(result) }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result = true and exists(tc) and exists(tail) }
+
+  pragma[inline]
+  Content getHeadContent(Ap ap) { exists(result) and ap = true }
+
+  class ApOption = BooleanOption;
+
+  ApOption apNone() { result = TBooleanNone() }
+
+  ApOption apSome(Ap ap) { result = TBooleanSome(ap) }
+
+  import Level1CallContext
+  import NoLocalCallContext
+
+  bindingset[node1, state1, config]
+  bindingset[node2, state2, config]
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
   ) {
     (
       preservesValue = true and
-      localFlowStepNodeCand1(node1, node2, config)
+      localFlowStepNodeCand1(node1, node2, config) and
+      state1 = state2
       or
       preservesValue = false and
-      additionalLocalFlowStepNodeCand1(node1, node2, config)
+      additionalLocalFlowStepNodeCand1(node1, node2, config) and
+      state1 = state2
+      or
+      preservesValue = false and
+      additionalLocalStateStep(node1, state1, node2, state2, config)
     ) and
     exists(ap) and
     exists(lcc)
   }
 
-  private predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
-  private predicate flowIntoCall = flowIntoCallNodeCand1/5;
+  predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) { any() }
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::revFlowIsReadAndStored(c, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c)
+    )
+  }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    PrevStage::revFlowState(state, pragma[only_bind_into](config)) and
+    exists(ap) and
+    not stateBarrier(node, state, config) and
+    (
+      notExpectsContent(node)
+      or
+      ap = true and
+      expectsContentCand(node, config)
+    )
+  }
 
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
+  predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
+}
 
-  /* Begin: Stage 2 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 2 logic. */
+private module Stage2 implements StageSig {
+  import MkStage<Stage1>::Stage<Stage2Param>
 }
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
-  Stage2::revFlow(node1, pragma[only_bind_into](config))
+  Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
 
 pragma[nomagic]
@@ -1520,7 +2153,7 @@ private predicate flowIntoCallNodeCand2(
 ) {
   flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
-  Stage2::revFlow(node1, pragma[only_bind_into](config))
+  Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
 
 private module LocalFlowBigStep {
@@ -1531,7 +2164,8 @@ private module LocalFlowBigStep {
   private class FlowCheckNode extends NodeEx {
     FlowCheckNode() {
       castNode(this.asNode()) or
-      clearsContentCached(this.asNode(), _)
+      clearsContentCached(this.asNode(), _) or
+      expectsContentCached(this.asNode(), _)
     }
   }
 
@@ -1539,17 +2173,31 @@ private module LocalFlowBigStep {
    * Holds if `node` can be the first node in a maximal subsequence of local
    * flow steps in a dataflow path.
    */
-  predicate localFlowEntry(NodeEx node, Configuration config) {
-    Stage2::revFlow(node, config) and
+  private predicate localFlowEntry(NodeEx node, FlowState state, Configuration config) {
+    Stage2::revFlow(node, state, config) and
     (
-      sourceNode(node, config) or
-      jumpStep(_, node, config) or
-      additionalJumpStep(_, node, config) or
-      node instanceof ParamNodeEx or
-      node.asNode() instanceof OutNodeExt or
-      store(_, _, node, _, config) or
-      read(_, _, node, config) or
+      sourceNode(node, state, config)
+      or
+      jumpStep(_, node, config)
+      or
+      additionalJumpStep(_, node, config)
+      or
+      additionalJumpStateStep(_, _, node, state, config)
+      or
+      node instanceof ParamNodeEx
+      or
+      node.asNode() instanceof OutNodeExt
+      or
+      Stage2::storeStepCand(_, _, _, node, _, config)
+      or
+      Stage2::readStepCand(_, _, node, config)
+      or
       node instanceof FlowCheckNode
+      or
+      exists(FlowState s |
+        additionalLocalStateStep(_, s, node, state, config) and
+        s != state
+      )
     )
   }
 
@@ -1557,28 +2205,42 @@ private module LocalFlowBigStep {
    * Holds if `node` can be the last node in a maximal subsequence of local
    * flow steps in a dataflow path.
    */
-  private predicate localFlowExit(NodeEx node, Configuration config) {
-    exists(NodeEx next | Stage2::revFlow(next, config) |
+  private predicate localFlowExit(NodeEx node, FlowState state, Configuration config) {
+    exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
-      store(node, _, next, _, config) or
-      read(node, _, next, config)
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
+      Stage2::storeStepCand(node, _, _, next, _, config) or
+      Stage2::readStepCand(node, _, next, config)
     )
     or
+    exists(NodeEx next, FlowState s | Stage2::revFlow(next, s, config) |
+      additionalJumpStateStep(node, state, next, s, config)
+      or
+      additionalLocalStateStep(node, state, next, s, config) and
+      s != state
+    )
+    or
+    Stage2::revFlow(node, state, config) and
     node instanceof FlowCheckNode
     or
-    sinkNode(node, config)
+    sinkNode(node, state, config)
   }
 
   pragma[noinline]
   private predicate additionalLocalFlowStepNodeCand2(
-    NodeEx node1, NodeEx node2, Configuration config
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, Configuration config
   ) {
     additionalLocalFlowStepNodeCand1(node1, node2, config) and
-    Stage2::revFlow(node1, _, _, false, pragma[only_bind_into](config)) and
-    Stage2::revFlow(node2, _, _, false, pragma[only_bind_into](config))
+    state1 = state2 and
+    Stage2::revFlow(node1, pragma[only_bind_into](state1), false, pragma[only_bind_into](config)) and
+    Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false,
+      pragma[only_bind_into](config))
+    or
+    additionalLocalStateStep(node1, state1, node2, state2, config) and
+    Stage2::revFlow(node1, state1, false, pragma[only_bind_into](config)) and
+    Stage2::revFlowAlias(node2, state2, false, pragma[only_bind_into](config))
   }
 
   /**
@@ -1590,40 +2252,40 @@ private module LocalFlowBigStep {
    */
   pragma[nomagic]
   private predicate localFlowStepPlus(
-    NodeEx node1, NodeEx node2, boolean preservesValue, DataFlowType t, Configuration config,
-    LocalCallContext cc
+    NodeEx node1, FlowState state, NodeEx node2, boolean preservesValue, DataFlowType t,
+    Configuration config, LocalCallContext cc
   ) {
     not isUnreachableInCallCached(node2.asNode(), cc.(LocalCallContextSpecificCall).getCall()) and
     (
-      localFlowEntry(node1, pragma[only_bind_into](config)) and
+      localFlowEntry(node1, pragma[only_bind_into](state), pragma[only_bind_into](config)) and
       (
         localFlowStepNodeCand1(node1, node2, config) and
         preservesValue = true and
-        t = node1.getDataFlowType() // irrelevant dummy value
+        t = node1.getDataFlowType() and // irrelevant dummy value
+        Stage2::revFlow(node2, pragma[only_bind_into](state), pragma[only_bind_into](config))
         or
-        additionalLocalFlowStepNodeCand2(node1, node2, config) and
+        additionalLocalFlowStepNodeCand2(node1, state, node2, state, config) and
         preservesValue = false and
         t = node2.getDataFlowType()
       ) and
       node1 != node2 and
       cc.relevantFor(node1.getEnclosingCallable()) and
-      not isUnreachableInCallCached(node1.asNode(), cc.(LocalCallContextSpecificCall).getCall()) and
-      Stage2::revFlow(node2, pragma[only_bind_into](config))
+      not isUnreachableInCallCached(node1.asNode(), cc.(LocalCallContextSpecificCall).getCall())
       or
       exists(NodeEx mid |
-        localFlowStepPlus(node1, mid, preservesValue, t, pragma[only_bind_into](config), cc) and
+        localFlowStepPlus(node1, pragma[only_bind_into](state), mid, preservesValue, t,
+          pragma[only_bind_into](config), cc) and
         localFlowStepNodeCand1(mid, node2, config) and
         not mid instanceof FlowCheckNode and
-        Stage2::revFlow(node2, pragma[only_bind_into](config))
+        Stage2::revFlow(node2, pragma[only_bind_into](state), pragma[only_bind_into](config))
       )
       or
       exists(NodeEx mid |
-        localFlowStepPlus(node1, mid, _, _, pragma[only_bind_into](config), cc) and
-        additionalLocalFlowStepNodeCand2(mid, node2, config) and
+        localFlowStepPlus(node1, state, mid, _, _, pragma[only_bind_into](config), cc) and
+        additionalLocalFlowStepNodeCand2(mid, state, node2, state, config) and
         not mid instanceof FlowCheckNode and
         preservesValue = false and
-        t = node2.getDataFlowType() and
-        Stage2::revFlow(node2, pragma[only_bind_into](config))
+        t = node2.getDataFlowType()
       )
     )
   }
@@ -1634,36 +2296,121 @@ private module LocalFlowBigStep {
    */
   pragma[nomagic]
   predicate localFlowBigStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, AccessPathFrontNil apf,
-    Configuration config, LocalCallContext callContext
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, node2, preservesValue, apf.getType(), config, callContext) and
-    localFlowExit(node2, config)
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
+    localFlowExit(node2, state1, config) and
+    state1 = state2
+    or
+    additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
+    state1 != state2 and
+    preservesValue = false and
+    t = node2.getDataFlowType() and
+    callContext.relevantFor(node1.getEnclosingCallable()) and
+    not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
+      isUnreachableInCallCached(node1.asNode(), call) or
+      isUnreachableInCallCached(node2.asNode(), call)
+    )
   }
 }
 
 private import LocalFlowBigStep
 
-private module Stage3 {
-  module PrevStage = Stage2;
+private module Stage3Param implements MkStage<Stage2>::StageParam {
+  private module PrevStage = Stage2;
 
-  class ApApprox = PrevStage::Ap;
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
 
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  private ApApprox getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
-  private ApNil getApNil(NodeEx node) {
+  ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
   }
 
   bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result.getHead() = tc and exists(tail) }
+  Ap apCons(TypedContent tc, Ap tail) { result.getHead() = tc and exists(tail) }
 
   pragma[noinline]
-  private Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
+  Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
 
   class ApOption = AccessPathFrontOption;
 
@@ -1671,542 +2418,114 @@ private module Stage3 {
 
   ApOption apSome(Ap ap) { result = TAccessPathFrontSome(ap) }
 
-  class Cc = boolean;
-
-  class CcCall extends Cc {
-    CcCall() { this = true }
-
-    /** Holds if this call context may be `call`. */
-    predicate matchesCall(DataFlowCall call) { any() }
-  }
-
-  class CcNoCall extends Cc {
-    CcNoCall() { this = false }
-  }
-
-  Cc ccNone() { result = false }
-
-  CcCall ccSomeCall() { result = true }
-
-  private class LocalCc = Unit;
-
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) { any() }
-
-  bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) { any() }
-
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) { any() }
-
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
-  ) {
-    localFlowBigStep(node1, node2, preservesValue, ap, config, _) and exists(lcc)
-  }
-
-  private predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
-
-  private predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  import BooleanCallContext
 
   pragma[nomagic]
-  private predicate clear(NodeEx node, Ap ap) { ap.isClearedAt(node.asNode()) }
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
+  }
+
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
+    PrevStage::revFlow(node, config) and
+    clearsContentCached(node.asNode(), c)
+  }
+
+  pragma[nomagic]
+  private predicate clearContent(NodeEx node, Content c, Configuration config) {
+    exists(ContentSet cs |
+      PrevStage::readStepCand(_, pragma[only_bind_into](c), _, pragma[only_bind_into](config)) and
+      c = cs.getAReadContent() and
+      clearSet(node, cs, pragma[only_bind_into](config))
+    )
+  }
+
+  pragma[nomagic]
+  private predicate clear(NodeEx node, Ap ap, Configuration config) {
+    clearContent(node, ap.getHead().getContent(), config)
+  }
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getHead().getContent()
+    )
+  }
 
   pragma[nomagic]
   private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) {
-    not clear(node, ap) and
-    if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    not clear(node, ap, config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
   }
 
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) {
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
     // We need to typecheck stores here, since reverse flow through a getter
     // might have a different type here compared to inside the getter.
     compatibleTypes(ap.getType(), contentType)
   }
+}
 
-  /* Begin: Stage 3 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 3 logic. */
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
  * Holds if `argApf` is recorded as the summary context for flow reaching `node`
  * and remains relevant for the following pruning stage.
  */
-private predicate flowCandSummaryCtx(NodeEx node, AccessPathFront argApf, Configuration config) {
+private predicate flowCandSummaryCtx(
+  NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
+) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, true, _, apf, config) and
-    Stage3::fwdFlow(node, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2216,12 +2535,12 @@ private predicate flowCandSummaryCtx(NodeEx node, AccessPathFront argApf, Config
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
-      strictcount(NodeEx n |
-        Stage3::revFlow(n, _, _, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+      strictcount(NodeEx n, FlowState state |
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
-        flowCandSummaryCtx(n, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
     accessPathApproxCostLimits(apLimit, tupleLimit) and
     apLimit < tails and
@@ -2233,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2367,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2378,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2403,26 +2722,25 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4 {
-  module PrevStage = Stage3;
-
-  class ApApprox = PrevStage::Ap;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
-  private ApApprox getApprox(Ap ap) { result = ap.getFront() }
+  pragma[nomagic]
+  PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
-  private ApNil getApNil(NodeEx node) {
+  ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TNil(node.getDataFlowType())
   }
 
   bindingset[tc, tail]
-  private Ap apCons(TypedContent tc, Ap tail) { result = push(tc, tail) }
+  Ap apCons(TypedContent tc, Ap tail) { result = push(tc, tail) }
 
   pragma[noinline]
-  private Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
+  Content getHeadContent(Ap ap) { result = ap.getHead().getContent() }
 
   class ApOption = AccessPathApproxOption;
 
@@ -2430,559 +2748,88 @@ private module Stage4 {
 
   ApOption apSome(Ap ap) { result = TAccessPathApproxSome(ap) }
 
-  class Cc = CallContext;
+  import Level1CallContext
+  import LocalCallContext
 
-  class CcCall = CallContextCall;
-
-  class CcNoCall = CallContextNoCall;
-
-  Cc ccNone() { result instanceof CallContextAny }
-
-  CcCall ccSomeCall() { result instanceof CallContextSomeCall }
-
-  private class LocalCc = LocalCallContext;
-
-  bindingset[call, c, outercc]
-  private CcCall getCallContextCall(DataFlowCall call, DataFlowCallable c, Cc outercc) {
-    checkCallContextCall(outercc, call, c) and
-    if recordDataFlowCallSite(call, c) then result = TSpecificCall(call) else result = TSomeCall()
-  }
-
-  bindingset[call, c, innercc]
-  private CcNoCall getCallContextReturn(DataFlowCallable c, DataFlowCall call, Cc innercc) {
-    checkCallContextReturn(innercc, c, call) and
-    if reducedViableImplInReturn(c, call) then result = TReturn(c, call) else result = ccNone()
-  }
-
-  bindingset[node, cc, config]
-  private LocalCc getLocalCc(NodeEx node, Cc cc, Configuration config) {
-    localFlowEntry(node, config) and
-    result =
-      getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
-        node.getEnclosingCallable())
-  }
-
-  private predicate localStep(
-    NodeEx node1, NodeEx node2, boolean preservesValue, ApNil ap, Configuration config, LocalCc lcc
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, node2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
-  private predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
-    flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
-    PrevStage::revFlow(node2, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::revFlow(node1, _, _, _, pragma[only_bind_into](config))
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
   }
 
   pragma[nomagic]
-  private predicate flowIntoCall(
+  predicate flowIntoCall(
     DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
     Configuration config
   ) {
-    flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
-    PrevStage::revFlow(node2, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::revFlow(node1, _, _, _, pragma[only_bind_into](config))
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
   }
 
-  bindingset[node, ap]
-  private predicate filter(NodeEx node, Ap ap) { any() }
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) { any() }
 
   // Type checking is not necessary here as it has already been done in stage 3.
   bindingset[ap, contentType]
-  private predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
-
-  /* Begin: Stage 4 logic. */
-  private predicate flowCand(NodeEx node, ApApprox apa, Configuration config) {
-    PrevStage::revFlow(node, _, _, apa, config)
-  }
-
-  bindingset[result, apa]
-  private ApApprox unbindApa(ApApprox apa) {
-    exists(ApApprox apa0 |
-      apa = pragma[only_bind_into](apa0) and result = pragma[only_bind_into](apa0)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughOutOfCall(
-    DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-    Configuration config
-  ) {
-    flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-    PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-      pragma[only_bind_into](config)) and
-    ccc.matchesCall(call)
-  }
-
-  /**
-   * Holds if `node` is reachable with access path `ap` from a source in the
-   * configuration `config`.
-   *
-   * The call context `cc` records whether the node is reached through an
-   * argument in a call, and if so, `argAp` records the access path of that
-   * argument.
-   */
-  pragma[nomagic]
-  predicate fwdFlow(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    fwdFlow0(node, cc, argAp, ap, config) and
-    flowCand(node, unbindApa(getApprox(ap)), config) and
-    filter(node, ap)
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlow0(NodeEx node, Cc cc, ApOption argAp, Ap ap, Configuration config) {
-    flowCand(node, _, config) and
-    sourceNode(node, config) and
-    (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
-    argAp = apNone() and
-    ap = getApNil(node)
-    or
-    exists(NodeEx mid, Ap ap0, LocalCc localCc |
-      fwdFlow(mid, cc, argAp, ap0, config) and
-      localCc = getLocalCc(mid, cc, config)
-    |
-      localStep(mid, node, true, _, config, localCc) and
-      ap = ap0
-      or
-      localStep(mid, node, false, ap, config, localCc) and
-      ap0 instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      fwdFlow(mid, _, _, ap, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      jumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(mid, _, _, nil, pragma[only_bind_into](config)) and
-      flowCand(node, _, pragma[only_bind_into](config)) and
-      additionalJumpStep(mid, node, config) and
-      cc = ccNone() and
-      argAp = apNone() and
-      ap = getApNil(node)
-    )
-    or
-    // store
-    exists(TypedContent tc, Ap ap0 |
-      fwdFlowStore(_, ap0, tc, node, cc, argAp, config) and
-      ap = apCons(tc, ap0)
-    )
-    or
-    // read
-    exists(Ap ap0, Content c |
-      fwdFlowRead(ap0, c, _, node, cc, argAp, config) and
-      fwdFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // flow into a callable
-    exists(ApApprox apa |
-      fwdFlowIn(_, node, _, cc, _, ap, config) and
-      apa = getApprox(ap) and
-      if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-      then argAp = apSome(ap)
-      else argAp = apNone()
-    )
-    or
-    // flow out of a callable
-    fwdFlowOutNotFromArg(node, cc, argAp, ap, config)
-    or
-    exists(DataFlowCall call, Ap argAp0 |
-      fwdFlowOutFromArg(call, node, argAp0, ap, config) and
-      fwdFlowIsEntered(call, cc, argAp, argAp0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowStore(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    exists(DataFlowType contentType |
-      fwdFlow(node1, cc, argAp, ap1, config) and
-      PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
-      typecheckStore(ap1, contentType)
-    )
-  }
-
-  /**
-   * Holds if forward flow with access path `tail` reaches a store of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(TypedContent tc |
-      fwdFlowStore(_, tail, tc, _, _, _, config) and
-      tc.getContent() = c and
-      cons = apCons(tc, tail)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowRead(
-    Ap ap, Content c, NodeEx node1, NodeEx node2, Cc cc, ApOption argAp, Configuration config
-  ) {
-    fwdFlow(node1, cc, argAp, ap, config) and
-    PrevStage::readStepCand(node1, c, node2, config) and
-    getHeadContent(ap) = c
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowIn(
-    DataFlowCall call, ParamNodeEx p, Cc outercc, Cc innercc, ApOption argAp, Ap ap,
-    Configuration config
-  ) {
-    exists(ArgNodeEx arg, boolean allowsFieldFlow |
-      fwdFlow(arg, outercc, argAp, ap, config) and
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutNotFromArg(
-    NodeEx out, Cc ccOut, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(
-      DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-      DataFlowCallable inner
-    |
-      fwdFlow(ret, innercc, argAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      inner = ret.getEnclosingCallable() and
-      ccOut = getCallContextReturn(inner, call, innercc) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate fwdFlowOutFromArg(
-    DataFlowCall call, NodeEx out, Ap argAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-      fwdFlow(ret, ccc, apSome(argAp), ap, config) and
-      flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
-   * and data might flow through the target callable and back out at `call`.
-   */
-  pragma[nomagic]
-  private predicate fwdFlowIsEntered(
-    DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p |
-      fwdFlowIn(call, p, cc, _, argAp, ap, config) and
-      PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate storeStepFwd(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
-  ) {
-    fwdFlowStore(node1, ap1, tc, node2, _, _, config) and
-    ap2 = apCons(tc, ap1) and
-    fwdFlowRead(ap2, tc.getContent(), _, _, _, _, config)
-  }
-
-  private predicate readStepFwd(
-    NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
-  ) {
-    fwdFlowRead(ap1, c, n1, n2, _, _, config) and
-    fwdFlowConsCand(ap1, c, ap2, config)
-  }
-
-  pragma[nomagic]
-  private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-    exists(Ap argAp0, NodeEx out, Cc cc, ApOption argAp, Ap ap |
-      fwdFlow(out, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-        pragma[only_bind_into](config)) and
-      fwdFlowOutFromArg(call, out, argAp0, ap, config) and
-      fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-        pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-        pragma[only_bind_into](config))
-    )
-  }
-
-  pragma[nomagic]
-  private predicate flowThroughIntoCall(
-    DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
-  ) {
-    flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-    fwdFlow(arg, _, _, _, pragma[only_bind_into](config)) and
-    PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-    callMayFlowThroughFwd(call, pragma[only_bind_into](config))
-  }
-
-  pragma[nomagic]
-  private predicate returnNodeMayFlowThrough(RetNodeEx ret, Ap ap, Configuration config) {
-    fwdFlow(ret, any(CcCall ccc), apSome(_), ap, config)
-  }
-
-  /**
-   * Holds if `node` with access path `ap` is part of a path from a source to a
-   * sink in the configuration `config`.
-   *
-   * The Boolean `toReturn` records whether the node must be returned from the
-   * enclosing callable in order to reach a sink, and if so, `returnAp` records
-   * the access path of the returned value.
-   */
-  pragma[nomagic]
-  predicate revFlow(NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
-    revFlow0(node, toReturn, returnAp, ap, config) and
-    fwdFlow(node, _, _, ap, config)
-  }
-
-  pragma[nomagic]
-  private predicate revFlow0(
-    NodeEx node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    fwdFlow(node, _, _, ap, config) and
-    sinkNode(node, config) and
-    (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
-    returnAp = apNone() and
-    ap instanceof ApNil
-    or
-    exists(NodeEx mid |
-      localStep(node, mid, true, _, config, _) and
-      revFlow(mid, toReturn, returnAp, ap, config)
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      localStep(node, mid, false, _, config, _) and
-      revFlow(mid, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
-      ap instanceof ApNil
-    )
-    or
-    exists(NodeEx mid |
-      jumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
-      toReturn = false and
-      returnAp = apNone()
-    )
-    or
-    exists(NodeEx mid, ApNil nil |
-      fwdFlow(node, _, _, ap, pragma[only_bind_into](config)) and
-      additionalJumpStep(node, mid, config) and
-      revFlow(pragma[only_bind_into](mid), _, _, nil, pragma[only_bind_into](config)) and
-      toReturn = false and
-      returnAp = apNone() and
-      ap instanceof ApNil
-    )
-    or
-    // store
-    exists(Ap ap0, Content c |
-      revFlowStore(ap0, c, ap, node, _, _, toReturn, returnAp, config) and
-      revFlowConsCand(ap0, c, ap, config)
-    )
-    or
-    // read
-    exists(NodeEx mid, Ap ap0 |
-      revFlow(mid, toReturn, returnAp, ap0, config) and
-      readStepFwd(node, ap, _, mid, ap0, config)
-    )
-    or
-    // flow into a callable
-    revFlowInNotToReturn(node, returnAp, ap, config) and
-    toReturn = false
-    or
-    exists(DataFlowCall call, Ap returnAp0 |
-      revFlowInToReturn(call, node, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-    or
-    // flow out of a callable
-    revFlowOut(_, node, _, _, ap, config) and
-    toReturn = true and
-    if returnNodeMayFlowThrough(node, ap, config)
-    then returnAp = apSome(ap)
-    else returnAp = apNone()
-  }
-
-  pragma[nomagic]
-  private predicate revFlowStore(
-    Ap ap0, Content c, Ap ap, NodeEx node, TypedContent tc, NodeEx mid, boolean toReturn,
-    ApOption returnAp, Configuration config
-  ) {
-    revFlow(mid, toReturn, returnAp, ap0, config) and
-    storeStepFwd(node, ap, tc, mid, ap0, config) and
-    tc.getContent() = c
-  }
-
-  /**
-   * Holds if reverse flow with access path `tail` reaches a read of `c`
-   * resulting in access path `cons`.
-   */
-  pragma[nomagic]
-  private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
-    exists(NodeEx mid, Ap tail0 |
-      revFlow(mid, _, _, tail, config) and
-      tail = pragma[only_bind_into](tail0) and
-      readStepFwd(_, cons, c, mid, tail0, config)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowOut(
-    DataFlowCall call, RetNodeEx ret, boolean toReturn, ApOption returnAp, Ap ap,
-    Configuration config
-  ) {
-    exists(NodeEx out, boolean allowsFieldFlow |
-      revFlow(out, toReturn, returnAp, ap, config) and
-      flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInNotToReturn(
-    ArgNodeEx arg, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, false, returnAp, ap, config) and
-      flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate revFlowInToReturn(
-    DataFlowCall call, ArgNodeEx arg, Ap returnAp, Ap ap, Configuration config
-  ) {
-    exists(ParamNodeEx p, boolean allowsFieldFlow |
-      revFlow(p, true, apSome(returnAp), ap, config) and
-      flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-      if allowsFieldFlow = false then ap instanceof ApNil else any()
-    )
-  }
-
-  /**
-   * Holds if an output from `call` is reached in the flow covered by `revFlow`
-   * and data might flow through the target callable resulting in reverse flow
-   * reaching an argument of `call`.
-   */
-  pragma[nomagic]
-  private predicate revFlowIsReturned(
-    DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
-  ) {
-    exists(RetNodeEx ret, CcCall ccc |
-      revFlowOut(call, ret, toReturn, returnAp, ap, config) and
-      fwdFlow(ret, ccc, apSome(_), ap, config) and
-      ccc.matchesCall(call)
-    )
-  }
-
-  pragma[nomagic]
-  predicate storeStepCand(
-    NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
-    Configuration config
-  ) {
-    exists(Ap ap2, Content c |
-      store(node1, tc, node2, contentType, config) and
-      revFlowStore(ap2, c, ap1, node1, tc, node2, _, _, config) and
-      revFlowConsCand(ap2, c, ap1, config)
-    )
-  }
-
-  predicate readStepCand(NodeEx node1, Content c, NodeEx node2, Configuration config) {
-    exists(Ap ap1, Ap ap2 |
-      revFlow(node2, _, _, pragma[only_bind_into](ap2), pragma[only_bind_into](config)) and
-      readStepFwd(node1, ap1, c, node2, ap2, config) and
-      revFlowStore(ap1, c, pragma[only_bind_into](ap2), _, _, _, _, _,
-        pragma[only_bind_into](config))
-    )
-  }
-
-  predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, config) }
-
-  private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepFwd(_, ap, tc, _, _, config)
-  }
-
-  predicate consCand(TypedContent tc, Ap ap, Configuration config) {
-    storeStepCand(_, ap, tc, _, _, config)
-  }
-
-  pragma[noinline]
-  private predicate parameterFlow(
-    ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
-  ) {
-    revFlow(p, true, apSome(ap0), ap, config) and
-    c = p.getEnclosingCallable()
-  }
-
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(RetNodeEx ret, Ap ap0, ReturnKindExt kind, int pos |
-      parameterFlow(p, ap, ap0, c, config) and
-      c = ret.getEnclosingCallable() and
-      revFlow(pragma[only_bind_into](ret), true, apSome(_), pragma[only_bind_into](ap0),
-        pragma[only_bind_into](config)) and
-      fwdFlow(ret, any(CcCall ccc), apSome(ap), ap0, config) and
-      kind = ret.getKind() and
-      p.getPosition() = pos and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = pos
-        or
-        p.allowParameterReturnInSelf()
-      )
-    )
-  }
-
-  pragma[nomagic]
-  predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-    exists(Ap returnAp0, ArgNodeEx arg, boolean toReturn, ApOption returnAp, Ap ap |
-      revFlow(arg, toReturn, returnAp, ap, config) and
-      revFlowInToReturn(call, arg, returnAp0, ap, config) and
-      revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
-    )
-  }
-
-  predicate stats(boolean fwd, int nodes, int fields, int conscand, int tuples, Configuration config) {
-    fwd = true and
-    nodes = count(NodeEx node | fwdFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-    tuples = count(NodeEx n, Cc cc, ApOption argAp, Ap ap | fwdFlow(n, cc, argAp, ap, config))
-    or
-    fwd = false and
-    nodes = count(NodeEx node | revFlow(node, _, _, _, config)) and
-    fields = count(TypedContent f0 | consCand(f0, _, config)) and
-    conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
-    tuples = count(NodeEx n, boolean b, ApOption retAp, Ap ap | revFlow(n, b, retAp, ap, config))
-  }
-  /* End: Stage 4 logic. */
+  predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
+
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
   exists(Configuration c | result = pragma[only_bind_into](c) and conf = pragma[only_bind_into](c))
 }
 
-private predicate nodeMayUseSummary(NodeEx n, AccessPathApprox apa, Configuration config) {
-  exists(DataFlowCallable c, AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, apa, _) and
-    Stage4::revFlow(n, true, _, apa0, config) and
-    Stage4::fwdFlow(n, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+pragma[nomagic]
+private predicate nodeMayUseSummary0(
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
+) {
+  exists(AccessPathApprox apa0 |
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
+  )
+}
+
+pragma[nomagic]
+private predicate nodeMayUseSummary(
+  NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
+) {
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
 private newtype TSummaryCtx =
   TSummaryCtxNone() or
-  TSummaryCtxSome(ParamNodeEx p, AccessPath ap) {
-    Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), _)
+  TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
+    exists(Configuration config |
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
+    )
   }
 
 /**
@@ -3003,11 +2850,12 @@ private class SummaryCtxNone extends SummaryCtx, TSummaryCtxNone {
 /** A summary context from which a flow summary can be generated. */
 private class SummaryCtxSome extends SummaryCtx, TSummaryCtxSome {
   private ParamNodeEx p;
+  private FlowState s;
   private AccessPath ap;
 
-  SummaryCtxSome() { this = TSummaryCtxSome(p, ap) }
+  SummaryCtxSome() { this = TSummaryCtxSome(p, s, ap) }
 
-  int getParameterPos() { p.isParameterOf(_, result) }
+  ParameterPosition getParameterPos() { p.isParameterOf(_, result) }
 
   ParamNodeEx getParamNode() { result = p }
 
@@ -3029,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -3037,8 +2885,8 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
-    strictcount(NodeEx n |
-      Stage4::revFlow(n, _, _, apa, config) or nodeMayUseSummary(n, apa, config)
+    strictcount(NodeEx n, FlowState state |
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -3059,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -3082,6 +2930,7 @@ private predicate evalUnfold(AccessPathApprox apa, boolean unfold, Configuration
 /**
  * Gets the number of `AccessPath`s that correspond to `apa`.
  */
+pragma[assume_small_delta]
 private int countAps(AccessPathApprox apa, Configuration config) {
   evalUnfold(apa, false, config) and
   result = 1 and
@@ -3100,6 +2949,7 @@ private int countAps(AccessPathApprox apa, Configuration config) {
  * that it is expanded to a precise head-tail representation.
  */
 language[monotonicAggregates]
+pragma[assume_small_delta]
 private int countPotentialAps(AccessPathApprox apa, Configuration config) {
   apa instanceof AccessPathApproxNil and result = 1
   or
@@ -3134,10 +2984,13 @@ private newtype TAccessPath =
   }
 
 private newtype TPathNode =
-  TPathNodeMid(NodeEx node, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config) {
+  pragma[assume_small_delta]
+  TPathNodeMid(
+    NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
+  ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, config) and
-    sourceNode(node, config) and
+    Stage5::revFlow(node, state, config) and
+    sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
       then cc instanceof CallContextSomeCall
@@ -3148,15 +3001,28 @@ private newtype TPathNode =
     or
     // ... or a step from an existing PathNode to another node.
     exists(PathNodeMid mid |
-      pathStep(mid, node, cc, sc, ap) and
+      pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, _, _, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
-  TPathNodeSink(NodeEx node, Configuration config) {
+  TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
     exists(PathNodeMid sink |
       sink.isAtSink() and
       node = sink.getNodeEx() and
+      state = sink.getState() and
+      config = sink.getConfiguration()
+    )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
       config = sink.getConfiguration()
     )
   }
@@ -3167,7 +3033,7 @@ private newtype TPathNode =
  * of dereference operations needed to get from the value in the node to the
  * tracked object. The final type indicates the type of the tracked object.
  */
-abstract private class AccessPath extends TAccessPath {
+private class AccessPath extends TAccessPath {
   /** Gets the head of this access path, if any. */
   abstract TypedContent getHead();
 
@@ -3228,6 +3094,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
 
+  pragma[assume_small_delta]
   override AccessPathApproxCons getApprox() {
     result = TConsNil(head, tail.(AccessPathNil).getType())
     or
@@ -3236,6 +3103,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
     result = TCons1(head, this.length())
   }
 
+  pragma[assume_small_delta]
   override int length() { result = 1 + tail.length() }
 
   private string toStringImpl(boolean needsSuffix) {
@@ -3277,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -3308,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -3324,66 +3192,61 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   }
 }
 
-/**
- * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
- * Only those `PathNode`s that are reachable from a source are generated.
- */
-class PathNode extends TPathNode {
-  /** Gets a textual representation of this element. */
-  string toString() { none() }
-
-  /**
-   * Gets a textual representation of this element, including a textual
-   * representation of the call context.
-   */
-  string toStringWithContext() { none() }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    none()
-  }
-
-  /** Gets the underlying `Node`. */
-  final Node getNode() { this.(PathNodeImpl).getNodeEx().projectToNode() = result }
+abstract private class PathNodeImpl extends TPathNode {
+  /** Gets the `FlowState` of this node. */
+  abstract FlowState getState();
 
   /** Gets the associated configuration. */
-  Configuration getConfiguration() { none() }
-
-  private PathNode getASuccessorIfHidden() {
-    this.(PathNodeImpl).isHidden() and
-    result = this.(PathNodeImpl).getASuccessorImpl()
-  }
-
-  /** Gets a successor of this node, if any. */
-  final PathNode getASuccessor() {
-    result = this.(PathNodeImpl).getASuccessorImpl().getASuccessorIfHidden*() and
-    not this.(PathNodeImpl).isHidden() and
-    not result.(PathNodeImpl).isHidden()
-  }
+  abstract Configuration getConfiguration();
 
   /** Holds if this node is a source. */
-  predicate isSource() { none() }
-}
+  abstract predicate isSource();
 
-abstract private class PathNodeImpl extends PathNode {
-  abstract PathNode getASuccessorImpl();
+  abstract PathNodeImpl getASuccessorImpl();
+
+  private PathNodeImpl getASuccessorIfHidden() {
+    this.isHidden() and
+    result = this.getASuccessorImpl()
+  }
+
+  pragma[nomagic]
+  private PathNodeImpl getANonHiddenSuccessor0() {
+    result = this.getASuccessorIfHidden*() and
+    not result.isHidden()
+  }
+
+  final PathNodeImpl getANonHiddenSuccessor() {
+    result = this.getASuccessorImpl().getANonHiddenSuccessor0() and
+    not this.isHidden()
+  }
 
   abstract NodeEx getNodeEx();
 
   predicate isHidden() {
-    hiddenNode(this.getNodeEx().asNode()) and
-    not this.isSource() and
-    not this instanceof PathNodeSink
+    not this.getConfiguration().includeHiddenNodes() and
+    (
+      hiddenNode(this.getNodeEx().asNode()) and
+      not this.isSource() and
+      not this instanceof PathNodeSink
+      or
+      this.getNodeEx() instanceof TNodeImplicitRead
+    )
+  }
+
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
     or
-    this.getNodeEx() instanceof TNodeImplicitRead
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
   }
 
   private string ppAp() {
@@ -3400,13 +3263,23 @@ abstract private class PathNodeImpl extends PathNode {
     result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
   }
 
-  override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+  /** Gets a textual representation of this element. */
+  string toString() { result = this.getNodeEx().toString() + this.ppAp() }
 
-  override string toStringWithContext() {
-    result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
-  }
+  /**
+   * Gets a textual representation of this element, including a textual
+   * representation of the call context.
+   */
+  string toStringWithContext() { result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx() }
 
-  override predicate hasLocationInfo(
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
     this.getNodeEx().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
@@ -3414,31 +3287,93 @@ abstract private class PathNodeImpl extends PathNode {
 }
 
 /** Holds if `n` can reach a sink. */
-private predicate directReach(PathNode n) {
-  n instanceof PathNodeSink or directReach(n.getASuccessor())
+private predicate directReach(PathNodeImpl n) {
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
-/** Holds if `n` can reach a sink or is used in a subpath. */
-private predicate reach(PathNode n) { directReach(n) or Subpaths::retReach(n) }
+/** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
+private predicate reach(PathNodeImpl n) { directReach(n) or Subpaths::retReach(n) }
 
 /** Holds if `n1.getASuccessor() = n2` and `n2` can reach a sink. */
-private predicate pathSucc(PathNode n1, PathNode n2) { n1.getASuccessor() = n2 and directReach(n2) }
+private predicate pathSucc(PathNodeImpl n1, PathNodeImpl n2) {
+  n1.getANonHiddenSuccessor() = n2 and directReach(n2)
+}
 
-private predicate pathSuccPlus(PathNode n1, PathNode n2) = fastTC(pathSucc/2)(n1, n2)
+private predicate pathSuccPlus(PathNodeImpl n1, PathNodeImpl n2) = fastTC(pathSucc/2)(n1, n2)
+
+/**
+ * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
+ * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
+ */
+class PathNode instanceof PathNodeImpl {
+  PathNode() { reach(this) }
+
+  /** Gets a textual representation of this element. */
+  final string toString() { result = super.toString() }
+
+  /**
+   * Gets a textual representation of this element, including a textual
+   * representation of the call context.
+   */
+  final string toStringWithContext() { result = super.toStringWithContext() }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  final predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+
+  /** Gets the underlying `Node`. */
+  final Node getNode() { super.getNodeEx().projectToNode() = result }
+
+  /** Gets the `FlowState` of this node. */
+  final FlowState getState() { result = super.getState() }
+
+  /** Gets the associated configuration. */
+  final Configuration getConfiguration() { result = super.getConfiguration() }
+
+  /** Gets a successor of this node, if any. */
+  final PathNode getASuccessor() { result = super.getANonHiddenSuccessor() }
+
+  /** Holds if this node is a source. */
+  final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
+}
 
 /**
  * Provides the query predicates needed to include a graph in a path-problem query.
  */
 module PathGraph {
   /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
-  query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b and reach(b) }
+  query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b }
 
   /** Holds if `n` is a node in the graph of data flow path explanations. */
   query predicate nodes(PathNode n, string key, string val) {
-    reach(n) and key = "semmle.label" and val = n.toString()
+    key = "semmle.label" and val = n.toString()
   }
 
-  query predicate subpaths = Subpaths::subpaths/4;
+  /**
+   * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+   * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+   * `ret -> out` is summarized as the edge `arg -> out`.
+   */
+  query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+    Subpaths::subpaths(arg, par, ret, out)
+  }
 }
 
 /**
@@ -3447,15 +3382,18 @@ module PathGraph {
  */
 private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   NodeEx node;
+  FlowState state;
   CallContext cc;
   SummaryCtx sc;
   AccessPath ap;
   Configuration config;
 
-  PathNodeMid() { this = TPathNodeMid(node, cc, sc, ap, config) }
+  PathNodeMid() { this = TPathNodeMid(node, state, cc, sc, ap, config) }
 
   override NodeEx getNodeEx() { result = node }
 
+  override FlowState getState() { result = state }
+
   CallContext getCallContext() { result = cc }
 
   SummaryCtx getSummaryCtx() { result = sc }
@@ -3465,8 +3403,8 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   override Configuration getConfiguration() { result = config }
 
   private PathNodeMid getSuccMid() {
-    pathStep(this, result.getNodeEx(), result.getCallContext(), result.getSummaryCtx(),
-      result.getAp()) and
+    pathStep(this, result.getNodeEx(), result.getState(), result.getCallContext(),
+      result.getSummaryCtx(), result.getAp()) and
     result.getConfiguration() = unbindConf(this.getConfiguration())
   }
 
@@ -3479,18 +3417,18 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   }
 
   override predicate isSource() {
-    sourceNode(node, config) and
+    sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
       then cc instanceof CallContextSomeCall
       else cc instanceof CallContextAny
     ) and
     sc instanceof SummaryCtxNone and
-    ap instanceof AccessPathNil
+    ap = TAccessPathNil(node.getDataFlowType())
   }
 
   predicate isAtSink() {
-    sinkNode(node, config) and
+    sinkNode(node, state, config) and
     ap instanceof AccessPathNil and
     if hasSinkCallCtx(config)
     then
@@ -3512,6 +3450,7 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
   PathNodeSink projectToSink() {
     this.isAtSink() and
     result.getNodeEx() = node and
+    result.getState() = state and
     result.getConfiguration() = unbindConf(config)
   }
 }
@@ -3523,91 +3462,176 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
  */
 private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
   NodeEx node;
+  FlowState state;
   Configuration config;
 
-  PathNodeSink() { this = TPathNodeSink(node, config) }
+  PathNodeSink() { this = TPathNodeSink(node, state, config) }
 
   override NodeEx getNodeEx() { result = node }
 
+  override FlowState getState() { result = state }
+
   override Configuration getConfiguration() { result = config }
 
-  override PathNode getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
-  override predicate isSource() { sourceNode(node, config) }
+  override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private predicate pathNode(
+  PathNodeMid mid, NodeEx midnode, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap,
+  Configuration conf, LocalCallContext localCC
+) {
+  midnode = mid.getNodeEx() and
+  state = mid.getState() and
+  conf = mid.getConfiguration() and
+  cc = mid.getCallContext() and
+  sc = mid.getSummaryCtx() and
+  localCC =
+    getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
+      midnode.getEnclosingCallable()) and
+  ap = mid.getAp()
 }
 
 /**
  * Holds if data may flow from `mid` to `node`. The last step in or out of
  * a callable is recorded by `cc`.
  */
+pragma[assume_small_delta]
+pragma[nomagic]
 private predicate pathStep(
-  PathNodeMid mid, NodeEx node, CallContext cc, SummaryCtx sc, AccessPath ap
+  PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap
 ) {
-  exists(AccessPath ap0, NodeEx midnode, Configuration conf, LocalCallContext localCC |
-    midnode = mid.getNodeEx() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC =
-      getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)),
-        midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC |
+    pathNode(mid, midnode, state0, cc, sc, ap, conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, true, _, conf, localCC)
+  )
+  or
+  exists(
+    AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
-    localFlowBigStep(midnode, node, true, _, conf, localCC) and
-    ap = ap0
-    or
-    localFlowBigStep(midnode, node, false, ap.getFront(), conf, localCC) and
+    pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
   jumpStep(mid.getNodeEx(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc instanceof CallContextAny and
   sc instanceof SummaryCtxNone and
   ap = mid.getAp()
   or
   additionalJumpStep(mid.getNodeEx(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc instanceof CallContextAny and
   sc instanceof SummaryCtxNone and
   mid.getAp() instanceof AccessPathNil and
   ap = TAccessPathNil(node.getDataFlowType())
   or
-  exists(TypedContent tc | pathStoreStep(mid, node, ap.pop(tc), tc, cc)) and
+  additionalJumpStateStep(mid.getNodeEx(), mid.getState(), node, state, mid.getConfiguration()) and
+  cc instanceof CallContextAny and
+  sc instanceof SummaryCtxNone and
+  mid.getAp() instanceof AccessPathNil and
+  ap = TAccessPathNil(node.getDataFlowType())
+  or
+  exists(TypedContent tc | pathStoreStep(mid, node, state, ap.pop(tc), tc, cc)) and
   sc = mid.getSummaryCtx()
   or
-  exists(TypedContent tc | pathReadStep(mid, node, ap.push(tc), tc, cc)) and
+  exists(TypedContent tc | pathReadStep(mid, node, state, ap.push(tc), tc, cc)) and
   sc = mid.getSummaryCtx()
   or
-  pathIntoCallable(mid, node, _, cc, sc, _, _) and ap = mid.getAp()
+  pathIntoCallable(mid, node, state, _, cc, sc, _, _) and ap = mid.getAp()
   or
-  pathOutOfCallable(mid, node, cc) and ap = mid.getAp() and sc instanceof SummaryCtxNone
+  pathOutOfCallable(mid, node, state, cc) and ap = mid.getAp() and sc instanceof SummaryCtxNone
   or
-  pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
+  pathThroughCallable(mid, node, state, cc, ap) and sc = mid.getSummaryCtx()
 }
 
 pragma[nomagic]
 private predicate pathReadStep(
-  PathNodeMid mid, NodeEx node, AccessPath ap0, TypedContent tc, CallContext cc
+  PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  state = mid.getState() and
   cc = mid.getCallContext()
 }
 
 pragma[nomagic]
 private predicate pathStoreStep(
-  PathNodeMid mid, NodeEx node, AccessPath ap0, TypedContent tc, CallContext cc
+  PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  state = mid.getState() and
   cc = mid.getCallContext()
 }
 
 private predicate pathOutOfCallable0(
-  PathNodeMid mid, ReturnPosition pos, CallContext innercc, AccessPathApprox apa,
+  PathNodeMid mid, ReturnPosition pos, FlowState state, CallContext innercc, AccessPathApprox apa,
   Configuration config
 ) {
   pos = mid.getNodeEx().(RetNodeEx).getReturnPosition() and
+  state = mid.getState() and
   innercc = mid.getCallContext() and
   innercc instanceof CallContextNoCall and
   apa = mid.getAp().getApprox() and
@@ -3616,11 +3640,11 @@ private predicate pathOutOfCallable0(
 
 pragma[nomagic]
 private predicate pathOutOfCallable1(
-  PathNodeMid mid, DataFlowCall call, ReturnKindExt kind, CallContext cc, AccessPathApprox apa,
-  Configuration config
+  PathNodeMid mid, DataFlowCall call, ReturnKindExt kind, FlowState state, CallContext cc,
+  AccessPathApprox apa, Configuration config
 ) {
   exists(ReturnPosition pos, DataFlowCallable c, CallContext innercc |
-    pathOutOfCallable0(mid, pos, innercc, apa, config) and
+    pathOutOfCallable0(mid, pos, state, innercc, apa, config) and
     c = pos.getCallable() and
     kind = pos.getKind() and
     resolveReturn(innercc, c, call)
@@ -3634,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3642,9 +3666,9 @@ private NodeEx getAnOutNodeFlow(
  * is a return from a callable and is recorded by `cc`, if needed.
  */
 pragma[noinline]
-private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, CallContext cc) {
+private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, FlowState state, CallContext cc) {
   exists(ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config |
-    pathOutOfCallable1(mid, call, kind, cc, apa, config) and
+    pathOutOfCallable1(mid, call, kind, state, cc, apa, config) and
     out = getAnOutNodeFlow(kind, call, apa, config)
   )
 }
@@ -3654,39 +3678,37 @@ private predicate pathOutOfCallable(PathNodeMid mid, NodeEx out, CallContext cc)
  */
 pragma[noinline]
 private predicate pathIntoArg(
-  PathNodeMid mid, int i, CallContext cc, DataFlowCall call, AccessPath ap, AccessPathApprox apa,
-  Configuration config
+  PathNodeMid mid, ParameterPosition ppos, FlowState state, CallContext cc, DataFlowCall call,
+  AccessPath ap, AccessPathApprox apa, Configuration config
 ) {
-  exists(ArgNode arg |
-    arg = mid.getNodeEx().asNode() and
-    cc = mid.getCallContext() and
-    arg.argumentOf(call, i) and
-    ap = mid.getAp() and
+  exists(ArgNodeEx arg, ArgumentPosition apos |
+    pathNode(mid, arg, state, cc, _, ap, config, _) and
+    arg.asNode().(ArgNode).argumentOf(call, apos) and
     apa = ap.getApprox() and
-    config = mid.getConfiguration()
+    parameterMatch(ppos, apos)
   )
 }
 
 pragma[nomagic]
 private predicate parameterCand(
-  DataFlowCallable callable, int i, AccessPathApprox apa, Configuration config
+  DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, _, apa, config) and
-    p.isParameterOf(callable, i)
+    Stage5::revFlow(p, _, apa, config) and
+    p.isParameterOf(callable, pos)
   )
 }
 
 pragma[nomagic]
 private predicate pathIntoCallable0(
-  PathNodeMid mid, DataFlowCallable callable, int i, CallContext outercc, DataFlowCall call,
-  AccessPath ap, Configuration config
+  PathNodeMid mid, DataFlowCallable callable, ParameterPosition pos, FlowState state,
+  CallContext outercc, DataFlowCall call, AccessPath ap, Configuration config
 ) {
   exists(AccessPathApprox apa |
-    pathIntoArg(mid, pragma[only_bind_into](i), outercc, call, ap, pragma[only_bind_into](apa),
-      pragma[only_bind_into](config)) and
+    pathIntoArg(mid, pragma[only_bind_into](pos), state, outercc, call, ap,
+      pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
     callable = resolveCall(call, outercc) and
-    parameterCand(callable, pragma[only_bind_into](i), pragma[only_bind_into](apa),
+    parameterCand(callable, pragma[only_bind_into](pos), pragma[only_bind_into](apa),
       pragma[only_bind_into](config))
   )
 }
@@ -3698,16 +3720,16 @@ private predicate pathIntoCallable0(
  */
 pragma[nomagic]
 private predicate pathIntoCallable(
-  PathNodeMid mid, ParamNodeEx p, CallContext outercc, CallContextCall innercc, SummaryCtx sc,
-  DataFlowCall call, Configuration config
+  PathNodeMid mid, ParamNodeEx p, FlowState state, CallContext outercc, CallContextCall innercc,
+  SummaryCtx sc, DataFlowCall call, Configuration config
 ) {
-  exists(int i, DataFlowCallable callable, AccessPath ap |
-    pathIntoCallable0(mid, callable, i, outercc, call, ap, config) and
-    p.isParameterOf(callable, i) and
+  exists(ParameterPosition pos, DataFlowCallable callable, AccessPath ap |
+    pathIntoCallable0(mid, callable, pos, state, outercc, call, ap, config) and
+    p.isParameterOf(callable, pos) and
     (
-      sc = TSummaryCtxSome(p, ap)
+      sc = TSummaryCtxSome(p, state, ap)
       or
-      not exists(TSummaryCtxSome(p, ap)) and
+      not exists(TSummaryCtxSome(p, state, ap)) and
       sc = TSummaryCtxNone() and
       // When the call contexts of source and sink needs to match then there's
       // never any reason to enter a callable except to find a summary. See also
@@ -3724,35 +3746,25 @@ private predicate pathIntoCallable(
 /** Holds if data may flow from a parameter given by `sc` to a return of kind `kind`. */
 pragma[nomagic]
 private predicate paramFlowsThrough(
-  ReturnKindExt kind, CallContextCall cc, SummaryCtxSome sc, AccessPath ap, AccessPathApprox apa,
-  Configuration config
+  ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
+  AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, int pos |
-    mid.getNodeEx() = ret and
+  exists(PathNodeMid mid, RetNodeEx ret |
+    pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    config = mid.getConfiguration() and
-    ap = mid.getAp() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
 pragma[nomagic]
 private predicate pathThroughCallable0(
-  DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, CallContext cc, AccessPath ap,
-  AccessPathApprox apa, Configuration config
+  DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, FlowState state, CallContext cc,
+  AccessPath ap, AccessPathApprox apa, Configuration config
 ) {
   exists(CallContext innercc, SummaryCtx sc |
-    pathIntoCallable(mid, _, cc, innercc, sc, call, config) and
-    paramFlowsThrough(kind, innercc, sc, ap, apa, config)
+    pathIntoCallable(mid, _, _, cc, innercc, sc, call, config) and
+    paramFlowsThrough(kind, state, innercc, sc, ap, apa, config)
   )
 }
 
@@ -3761,9 +3773,11 @@ private predicate pathThroughCallable0(
  * The context `cc` is restored to its value prior to entering the callable.
  */
 pragma[noinline]
-private predicate pathThroughCallable(PathNodeMid mid, NodeEx out, CallContext cc, AccessPath ap) {
+private predicate pathThroughCallable(
+  PathNodeMid mid, NodeEx out, FlowState state, CallContext cc, AccessPath ap
+) {
   exists(DataFlowCall call, ReturnKindExt kind, AccessPathApprox apa, Configuration config |
-    pathThroughCallable0(call, mid, kind, cc, ap, apa, config) and
+    pathThroughCallable0(call, mid, kind, state, cc, ap, apa, config) and
     out = getAnOutNodeFlow(kind, call, apa, config)
   )
 }
@@ -3776,47 +3790,44 @@ private module Subpaths {
   pragma[nomagic]
   private predicate subpaths01(
     PathNodeImpl arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
-    NodeEx out, AccessPath apout
+    NodeEx out, FlowState sout, AccessPath apout
   ) {
     exists(Configuration config |
-      pathThroughCallable(arg, out, _, pragma[only_bind_into](apout)) and
-      pathIntoCallable(arg, par, _, innercc, sc, _, config) and
-      paramFlowsThrough(kind, innercc, sc, pragma[only_bind_into](apout), _, unbindConf(config)) and
+      pathThroughCallable(arg, out, pragma[only_bind_into](sout), _, pragma[only_bind_into](apout)) and
+      pathIntoCallable(arg, par, _, _, innercc, sc, _, config) and
+      paramFlowsThrough(kind, pragma[only_bind_into](sout), innercc, sc,
+        pragma[only_bind_into](apout), _, unbindConf(config)) and
       not arg.isHidden()
     )
   }
 
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple and `ret` is determined by
-   * `kind`, `sc`, `apout`, and `innercc`.
+   * `kind`, `sc`, `sout`, `apout`, and `innercc`.
    */
   pragma[nomagic]
   private predicate subpaths02(
-    PathNode arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
-    NodeEx out, AccessPath apout
+    PathNodeImpl arg, ParamNodeEx par, SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind,
+    NodeEx out, FlowState sout, AccessPath apout
   ) {
-    subpaths01(arg, par, sc, innercc, kind, out, apout) and
+    subpaths01(arg, par, sc, innercc, kind, out, sout, apout) and
     out.asNode() = kind.getAnOutNode(_)
   }
 
   pragma[nomagic]
-  private Configuration getPathNodeConf(PathNode n) { result = n.getConfiguration() }
+  private Configuration getPathNodeConf(PathNodeImpl n) { result = n.getConfiguration() }
 
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple.
    */
   pragma[nomagic]
   private predicate subpaths03(
-    PathNode arg, ParamNodeEx par, PathNodeMid ret, NodeEx out, AccessPath apout
+    PathNodeImpl arg, ParamNodeEx par, PathNodeMid ret, NodeEx out, FlowState sout, AccessPath apout
   ) {
     exists(SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind, RetNodeEx retnode |
-      subpaths02(arg, par, sc, innercc, kind, out, apout) and
-      ret.getNodeEx() = retnode and
-      kind = retnode.getKind() and
-      innercc = ret.getCallContext() and
-      sc = ret.getSummaryCtx() and
-      ret.getConfiguration() = unbindConf(getPathNodeConf(arg)) and
-      apout = ret.getAp()
+      subpaths02(arg, par, sc, innercc, kind, out, sout, apout) and
+      pathNode(ret, retnode, sout, innercc, sc, apout, unbindConf(getPathNodeConf(arg)), _) and
+      kind = retnode.getKind()
     )
   }
 
@@ -3824,38 +3835,44 @@ private module Subpaths {
     n.getASuccessorImpl() = result and
     result.isHidden() and
     exists(NodeEx n1, NodeEx n2 | n1 = n.getNodeEx() and n2 = result.getNodeEx() |
-      localFlowBigStep(n1, n2, _, _, _, _) or
+      localFlowBigStep(n1, _, n2, _, _, _, _, _) or
       store(n1, _, n2, _, _) or
-      read(n1, _, n2, _)
+      readSet(n1, _, n2, _)
     )
   }
 
+  pragma[nomagic]
+  private predicate hasSuccessor(PathNodeImpl pred, PathNodeMid succ, NodeEx succNode) {
+    succ = pred.getANonHiddenSuccessor() and
+    succNode = succ.getNodeEx()
+  }
+
   /**
    * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
    * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
    * `ret -> out` is summarized as the edge `arg -> out`.
    */
-  predicate subpaths(PathNode arg, PathNodeImpl par, PathNodeImpl ret, PathNodeMid out) {
-    exists(ParamNodeEx p, NodeEx o, AccessPath apout |
-      pragma[only_bind_into](arg).getASuccessor() = par and
-      pragma[only_bind_into](arg).getASuccessor() = out and
-      subpaths03(arg, p, localStepToHidden*(ret), o, apout) and
+  predicate subpaths(PathNodeImpl arg, PathNodeImpl par, PathNodeImpl ret, PathNodeImpl out) {
+    exists(ParamNodeEx p, NodeEx o, FlowState sout, AccessPath apout, PathNodeMid out0 |
+      pragma[only_bind_into](arg).getANonHiddenSuccessor() = pragma[only_bind_into](out0) and
+      subpaths03(pragma[only_bind_into](arg), p, localStepToHidden*(ret), o, sout, apout) and
+      hasSuccessor(pragma[only_bind_into](arg), par, p) and
       not ret.isHidden() and
-      par.getNodeEx() = p and
-      out.getNodeEx() = o and
-      out.getAp() = apout
+      pathNode(out0, o, sout, _, _, apout, _, _)
+    |
+      out = out0 or out = out0.projectToSink()
     )
   }
 
   /**
-   * Holds if `n` can reach a return node in a summarized subpath.
+   * Holds if `n` can reach a return node in a summarized subpath that can reach a sink.
    */
-  predicate retReach(PathNode n) {
-    subpaths(_, _, n, _)
+  predicate retReach(PathNodeImpl n) {
+    exists(PathNodeImpl out | subpaths(_, _, n, out) | directReach(out) or retReach(out))
     or
-    exists(PathNode mid |
+    exists(PathNodeImpl mid |
       retReach(mid) and
-      n.getASuccessor() = mid and
+      n.getANonHiddenSuccessor() = mid and
       not subpaths(_, mid, _, _)
     )
   }
@@ -3867,12 +3884,22 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
-  PathNode flowsource, PathNodeSink flowsink, Node source, Node sink, Configuration configuration
+  PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
+  Configuration configuration
 ) {
   flowsource.isSource() and
   flowsource.getConfiguration() = configuration and
-  flowsource.(PathNodeImpl).getNodeEx().asNode() = source and
+  flowsource.getNodeEx().asNode() = source and
   (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
   flowsink.getNodeEx().asNode() = sink
 }
@@ -3887,18 +3914,22 @@ predicate flowsTo(Node source, Node sink, Configuration configuration) {
   flowsTo(_, _, source, sink, configuration)
 }
 
-private predicate finalStats(boolean fwd, int nodes, int fields, int conscand, int tuples) {
+private predicate finalStats(
+  boolean fwd, int nodes, int fields, int conscand, int states, int tuples
+) {
   fwd = true and
   nodes = count(NodeEx n0 | exists(PathNodeImpl pn | pn.getNodeEx() = n0)) and
   fields = count(TypedContent f0 | exists(PathNodeMid pn | pn.getAp().getHead() = f0)) and
   conscand = count(AccessPath ap | exists(PathNodeMid pn | pn.getAp() = ap)) and
-  tuples = count(PathNode pn)
+  states = count(FlowState state | exists(PathNodeMid pn | pn.getState() = state)) and
+  tuples = count(PathNodeImpl pn)
   or
   fwd = false and
   nodes = count(NodeEx n0 | exists(PathNodeImpl pn | pn.getNodeEx() = n0 and reach(pn))) and
   fields = count(TypedContent f0 | exists(PathNodeMid pn | pn.getAp().getHead() = f0 and reach(pn))) and
   conscand = count(AccessPath ap | exists(PathNodeMid pn | pn.getAp() = ap and reach(pn))) and
-  tuples = count(PathNode pn | reach(pn))
+  states = count(FlowState state | exists(PathNodeMid pn | pn.getState() = state and reach(pn))) and
+  tuples = count(PathNode pn)
 }
 
 /**
@@ -3907,27 +3938,52 @@ private predicate finalStats(boolean fwd, int nodes, int fields, int conscand, i
  * Calculates per-stage metrics for data flow.
  */
 predicate stageStats(
-  int n, string stage, int nodes, int fields, int conscand, int tuples, Configuration config
+  int n, string stage, int nodes, int fields, int conscand, int states, int tuples,
+  Configuration config
 ) {
-  stage = "1 Fwd" and n = 10 and Stage1::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "1 Fwd" and
+  n = 10 and
+  Stage1::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "1 Rev" and n = 15 and Stage1::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "1 Rev" and
+  n = 15 and
+  Stage1::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "2 Fwd" and n = 20 and Stage2::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "2 Fwd" and
+  n = 20 and
+  Stage2::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "2 Rev" and n = 25 and Stage2::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "2 Rev" and
+  n = 25 and
+  Stage2::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "3 Fwd" and n = 30 and Stage3::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "3 Fwd" and
+  n = 30 and
+  Stage3::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "3 Rev" and n = 35 and Stage3::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "3 Rev" and
+  n = 35 and
+  Stage3::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "4 Fwd" and n = 40 and Stage4::stats(true, nodes, fields, conscand, tuples, config)
+  stage = "4 Fwd" and
+  n = 40 and
+  Stage4::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "4 Rev" and n = 45 and Stage4::stats(false, nodes, fields, conscand, tuples, config)
+  stage = "4 Rev" and
+  n = 45 and
+  Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
@@ -3937,6 +3993,8 @@ private module FlowExploration {
       or
       additionalJumpStep(node1, node2, config)
       or
+      additionalJumpStateStep(node1, _, node2, _, config)
+      or
       // flow into callable
       viableParamArgEx(_, node2, node1)
       or
@@ -3950,7 +4008,7 @@ private module FlowExploration {
   }
 
   private predicate interestingCallableSrc(DataFlowCallable c, Configuration config) {
-    exists(Node n | config.isSource(n) and c = getNodeEnclosingCallable(n))
+    exists(Node n | config.isSource(n) or config.isSource(n, _) | c = getNodeEnclosingCallable(n))
     or
     exists(DataFlowCallable mid |
       interestingCallableSrc(mid, config) and callableStep(mid, c, config)
@@ -3958,7 +4016,7 @@ private module FlowExploration {
   }
 
   private predicate interestingCallableSink(DataFlowCallable c, Configuration config) {
-    exists(Node n | config.isSink(n) and c = getNodeEnclosingCallable(n))
+    exists(Node n | config.isSink(n) or config.isSink(n, _) | c = getNodeEnclosingCallable(n))
     or
     exists(DataFlowCallable mid |
       interestingCallableSink(mid, config) and callableStep(c, mid, config)
@@ -3986,13 +4044,13 @@ private module FlowExploration {
     or
     exists(Node n, Configuration config |
       ce1 = TCallableSrc() and
-      config.isSource(n) and
+      (config.isSource(n) or config.isSource(n, _)) and
       ce2 = TCallable(getNodeEnclosingCallable(n), config)
     )
     or
     exists(Node n, Configuration config |
       ce2 = TCallableSink() and
-      config.isSink(n) and
+      (config.isSink(n) or config.isSink(n, _)) and
       ce1 = TCallable(getNodeEnclosingCallable(n), config)
     )
   }
@@ -4094,13 +4152,26 @@ private module FlowExploration {
     }
   }
 
+  private predicate relevantState(FlowState state) {
+    sourceNode(_, state, _) or
+    sinkNode(_, state, _) or
+    additionalLocalStateStep(_, state, _, _, _) or
+    additionalLocalStateStep(_, _, _, state, _) or
+    additionalJumpStateStep(_, state, _, _, _) or
+    additionalJumpStateStep(_, _, _, state, _)
+  }
+
   private newtype TSummaryCtx1 =
     TSummaryCtx1None() or
     TSummaryCtx1Param(ParamNodeEx p)
 
   private newtype TSummaryCtx2 =
     TSummaryCtx2None() or
-    TSummaryCtx2Some(PartialAccessPath ap)
+    TSummaryCtx2Some(FlowState s) { relevantState(s) }
+
+  private newtype TSummaryCtx3 =
+    TSummaryCtx3None() or
+    TSummaryCtx3Some(PartialAccessPath ap)
 
   private newtype TRevSummaryCtx1 =
     TRevSummaryCtx1None() or
@@ -4108,52 +4179,66 @@ private module FlowExploration {
 
   private newtype TRevSummaryCtx2 =
     TRevSummaryCtx2None() or
-    TRevSummaryCtx2Some(RevPartialAccessPath ap)
+    TRevSummaryCtx2Some(FlowState s) { relevantState(s) }
+
+  private newtype TRevSummaryCtx3 =
+    TRevSummaryCtx3None() or
+    TRevSummaryCtx3Some(RevPartialAccessPath ap)
 
   private newtype TPartialPathNode =
     TPartialPathNodeFwd(
-      NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, PartialAccessPath ap,
-      Configuration config
+      NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+      TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
     ) {
-      sourceNode(node, config) and
+      sourceNode(node, state, config) and
       cc instanceof CallContextAny and
       sc1 = TSummaryCtx1None() and
       sc2 = TSummaryCtx2None() and
+      sc3 = TSummaryCtx3None() and
       ap = TPartialNil(node.getDataFlowType()) and
-      not fullBarrier(node, config) and
       exists(config.explorationLimit())
       or
-      partialPathNodeMk0(node, cc, sc1, sc2, ap, config) and
+      partialPathNodeMk0(node, state, cc, sc1, sc2, sc3, ap, config) and
       distSrc(node.getEnclosingCallable(), config) <= config.explorationLimit()
     } or
     TPartialPathNodeRev(
-      NodeEx node, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2, RevPartialAccessPath ap,
-      Configuration config
+      NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2, TRevSummaryCtx3 sc3,
+      RevPartialAccessPath ap, Configuration config
     ) {
-      sinkNode(node, config) and
+      sinkNode(node, state, config) and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = TRevPartialNil() and
-      not fullBarrier(node, config) and
       exists(config.explorationLimit())
       or
       exists(PartialPathNodeRev mid |
-        revPartialPathStep(mid, node, sc1, sc2, ap, config) and
-        not clearsContentCached(node.asNode(), ap.getHead()) and
+        revPartialPathStep(mid, node, state, sc1, sc2, sc3, ap, config) and
+        not clearsContentEx(node, ap.getHead()) and
+        (
+          notExpectsContent(node) or
+          expectsContentEx(node, ap.getHead())
+        ) and
         not fullBarrier(node, config) and
+        not stateBarrier(node, state, config) and
         distSink(node.getEnclosingCallable(), config) <= config.explorationLimit()
       )
     }
 
   pragma[nomagic]
   private predicate partialPathNodeMk0(
-    NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, PartialAccessPath ap,
-    Configuration config
+    NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+    TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     exists(PartialPathNodeFwd mid |
-      partialPathStep(mid, node, cc, sc1, sc2, ap, config) and
+      partialPathStep(mid, node, state, cc, sc1, sc2, sc3, ap, config) and
       not fullBarrier(node, config) and
-      not clearsContentCached(node.asNode(), ap.getHead().getContent()) and
+      not stateBarrier(node, state, config) and
+      not clearsContentEx(node, ap.getHead().getContent()) and
+      (
+        notExpectsContent(node) or
+        expectsContentEx(node, ap.getHead().getContent())
+      ) and
       if node.asNode() instanceof CastingNode
       then compatibleTypes(node.getDataFlowType(), ap.getType())
       else any()
@@ -4191,6 +4276,8 @@ private module FlowExploration {
     /** Gets the underlying `Node`. */
     final Node getNode() { this.getNodeEx().projectToNode() = result }
 
+    FlowState getState() { none() }
+
     private NodeEx getNodeEx() {
       result = this.(PartialPathNodeFwd).getNodeEx() or
       result = this.(PartialPathNodeRev).getNodeEx()
@@ -4248,135 +4335,182 @@ private module FlowExploration {
 
   private class PartialPathNodeFwd extends PartialPathNode, TPartialPathNodeFwd {
     NodeEx node;
+    FlowState state;
     CallContext cc;
     TSummaryCtx1 sc1;
     TSummaryCtx2 sc2;
+    TSummaryCtx3 sc3;
     PartialAccessPath ap;
     Configuration config;
 
-    PartialPathNodeFwd() { this = TPartialPathNodeFwd(node, cc, sc1, sc2, ap, config) }
+    PartialPathNodeFwd() { this = TPartialPathNodeFwd(node, state, cc, sc1, sc2, sc3, ap, config) }
 
     NodeEx getNodeEx() { result = node }
 
+    override FlowState getState() { result = state }
+
     CallContext getCallContext() { result = cc }
 
     TSummaryCtx1 getSummaryCtx1() { result = sc1 }
 
     TSummaryCtx2 getSummaryCtx2() { result = sc2 }
 
+    TSummaryCtx3 getSummaryCtx3() { result = sc3 }
+
     PartialAccessPath getAp() { result = ap }
 
     override Configuration getConfiguration() { result = config }
 
     override PartialPathNodeFwd getASuccessor() {
-      partialPathStep(this, result.getNodeEx(), result.getCallContext(), result.getSummaryCtx1(),
-        result.getSummaryCtx2(), result.getAp(), result.getConfiguration())
+      partialPathStep(this, result.getNodeEx(), result.getState(), result.getCallContext(),
+        result.getSummaryCtx1(), result.getSummaryCtx2(), result.getSummaryCtx3(), result.getAp(),
+        result.getConfiguration())
     }
 
     predicate isSource() {
-      sourceNode(node, config) and
+      sourceNode(node, state, config) and
       cc instanceof CallContextAny and
       sc1 = TSummaryCtx1None() and
       sc2 = TSummaryCtx2None() and
+      sc3 = TSummaryCtx3None() and
       ap instanceof TPartialNil
     }
   }
 
   private class PartialPathNodeRev extends PartialPathNode, TPartialPathNodeRev {
     NodeEx node;
+    FlowState state;
     TRevSummaryCtx1 sc1;
     TRevSummaryCtx2 sc2;
+    TRevSummaryCtx3 sc3;
     RevPartialAccessPath ap;
     Configuration config;
 
-    PartialPathNodeRev() { this = TPartialPathNodeRev(node, sc1, sc2, ap, config) }
+    PartialPathNodeRev() { this = TPartialPathNodeRev(node, state, sc1, sc2, sc3, ap, config) }
 
     NodeEx getNodeEx() { result = node }
 
+    override FlowState getState() { result = state }
+
     TRevSummaryCtx1 getSummaryCtx1() { result = sc1 }
 
     TRevSummaryCtx2 getSummaryCtx2() { result = sc2 }
 
+    TRevSummaryCtx3 getSummaryCtx3() { result = sc3 }
+
     RevPartialAccessPath getAp() { result = ap }
 
     override Configuration getConfiguration() { result = config }
 
     override PartialPathNodeRev getASuccessor() {
-      revPartialPathStep(result, this.getNodeEx(), this.getSummaryCtx1(), this.getSummaryCtx2(),
-        this.getAp(), this.getConfiguration())
+      revPartialPathStep(result, this.getNodeEx(), this.getState(), this.getSummaryCtx1(),
+        this.getSummaryCtx2(), this.getSummaryCtx3(), this.getAp(), this.getConfiguration())
     }
 
     predicate isSink() {
-      sinkNode(node, config) and
+      sinkNode(node, state, config) and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = TRevPartialNil()
     }
   }
 
   private predicate partialPathStep(
-    PartialPathNodeFwd mid, NodeEx node, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
-    PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
+    TSummaryCtx2 sc2, TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     not isUnreachableInCallCached(node.asNode(), cc.(CallContextSpecificCall).getCall()) and
     (
       localFlowStep(mid.getNodeEx(), node, config) and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       ap = mid.getAp() and
       config = mid.getConfiguration()
       or
       additionalLocalFlowStep(mid.getNodeEx(), node, config) and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
+      mid.getAp() instanceof PartialAccessPathNil and
+      ap = TPartialNil(node.getDataFlowType()) and
+      config = mid.getConfiguration()
+      or
+      additionalLocalStateStep(mid.getNodeEx(), mid.getState(), node, state, config) and
+      cc = mid.getCallContext() and
+      sc1 = mid.getSummaryCtx1() and
+      sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       mid.getAp() instanceof PartialAccessPathNil and
       ap = TPartialNil(node.getDataFlowType()) and
       config = mid.getConfiguration()
     )
     or
     jumpStep(mid.getNodeEx(), node, config) and
+    state = mid.getState() and
     cc instanceof CallContextAny and
     sc1 = TSummaryCtx1None() and
     sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalJumpStep(mid.getNodeEx(), node, config) and
+    state = mid.getState() and
     cc instanceof CallContextAny and
     sc1 = TSummaryCtx1None() and
     sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
+    mid.getAp() instanceof PartialAccessPathNil and
+    ap = TPartialNil(node.getDataFlowType()) and
+    config = mid.getConfiguration()
+    or
+    additionalJumpStateStep(mid.getNodeEx(), mid.getState(), node, state, config) and
+    cc instanceof CallContextAny and
+    sc1 = TSummaryCtx1None() and
+    sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None() and
     mid.getAp() instanceof PartialAccessPathNil and
     ap = TPartialNil(node.getDataFlowType()) and
     config = mid.getConfiguration()
     or
     partialPathStoreStep(mid, _, _, node, ap) and
+    state = mid.getState() and
     cc = mid.getCallContext() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     config = mid.getConfiguration()
     or
     exists(PartialAccessPath ap0, TypedContent tc |
       partialPathReadStep(mid, ap0, tc, node, cc, config) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       apConsFwd(ap, tc, ap0, config)
     )
     or
-    partialPathIntoCallable(mid, node, _, cc, sc1, sc2, _, ap, config)
+    partialPathIntoCallable(mid, node, state, _, cc, sc1, sc2, sc3, _, ap, config)
     or
-    partialPathOutOfCallable(mid, node, cc, ap, config) and
+    partialPathOutOfCallable(mid, node, state, cc, ap, config) and
     sc1 = TSummaryCtx1None() and
-    sc2 = TSummaryCtx2None()
+    sc2 = TSummaryCtx2None() and
+    sc3 = TSummaryCtx3None()
     or
-    partialPathThroughCallable(mid, node, cc, ap, config) and
+    partialPathThroughCallable(mid, node, state, cc, ap, config) and
     sc1 = mid.getSummaryCtx1() and
-    sc2 = mid.getSummaryCtx2()
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3()
   }
 
   bindingset[result, i]
-  private int unbindInt(int i) { i <= result and i >= result }
+  private int unbindInt(int i) { pragma[only_bind_out](i) = pragma[only_bind_out](result) }
 
   pragma[inline]
   private predicate partialPathStoreStep(
@@ -4419,10 +4553,11 @@ private module FlowExploration {
   }
 
   private predicate partialPathOutOfCallable0(
-    PartialPathNodeFwd mid, ReturnPosition pos, CallContext innercc, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ReturnPosition pos, FlowState state, CallContext innercc,
+    PartialAccessPath ap, Configuration config
   ) {
     pos = mid.getNodeEx().(RetNodeEx).getReturnPosition() and
+    state = mid.getState() and
     innercc = mid.getCallContext() and
     innercc instanceof CallContextNoCall and
     ap = mid.getAp() and
@@ -4431,11 +4566,11 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate partialPathOutOfCallable1(
-    PartialPathNodeFwd mid, DataFlowCall call, ReturnKindExt kind, CallContext cc,
+    PartialPathNodeFwd mid, DataFlowCall call, ReturnKindExt kind, FlowState state, CallContext cc,
     PartialAccessPath ap, Configuration config
   ) {
     exists(ReturnPosition pos, DataFlowCallable c, CallContext innercc |
-      partialPathOutOfCallable0(mid, pos, innercc, ap, config) and
+      partialPathOutOfCallable0(mid, pos, state, innercc, ap, config) and
       c = pos.getCallable() and
       kind = pos.getKind() and
       resolveReturn(innercc, c, call)
@@ -4445,10 +4580,11 @@ private module FlowExploration {
   }
 
   private predicate partialPathOutOfCallable(
-    PartialPathNodeFwd mid, NodeEx out, CallContext cc, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx out, FlowState state, CallContext cc, PartialAccessPath ap,
+    Configuration config
   ) {
     exists(ReturnKindExt kind, DataFlowCall call |
-      partialPathOutOfCallable1(mid, call, kind, cc, ap, config)
+      partialPathOutOfCallable1(mid, call, kind, state, cc, ap, config)
     |
       out.asNode() = kind.getAnOutNode(call)
     )
@@ -4456,37 +4592,40 @@ private module FlowExploration {
 
   pragma[noinline]
   private predicate partialPathIntoArg(
-    PartialPathNodeFwd mid, int i, CallContext cc, DataFlowCall call, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ParameterPosition ppos, FlowState state, CallContext cc,
+    DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    exists(ArgNode arg |
+    exists(ArgNode arg, ArgumentPosition apos |
       arg = mid.getNodeEx().asNode() and
+      state = mid.getState() and
       cc = mid.getCallContext() and
-      arg.argumentOf(call, i) and
+      arg.argumentOf(call, apos) and
       ap = mid.getAp() and
-      config = mid.getConfiguration()
+      config = mid.getConfiguration() and
+      parameterMatch(ppos, apos)
     )
   }
 
   pragma[nomagic]
   private predicate partialPathIntoCallable0(
-    PartialPathNodeFwd mid, DataFlowCallable callable, int i, CallContext outercc,
-    DataFlowCall call, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, DataFlowCallable callable, ParameterPosition pos, FlowState state,
+    CallContext outercc, DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    partialPathIntoArg(mid, i, outercc, call, ap, config) and
+    partialPathIntoArg(mid, pos, state, outercc, call, ap, config) and
     callable = resolveCall(call, outercc)
   }
 
   private predicate partialPathIntoCallable(
-    PartialPathNodeFwd mid, ParamNodeEx p, CallContext outercc, CallContextCall innercc,
-    TSummaryCtx1 sc1, TSummaryCtx2 sc2, DataFlowCall call, PartialAccessPath ap,
-    Configuration config
+    PartialPathNodeFwd mid, ParamNodeEx p, FlowState state, CallContext outercc,
+    CallContextCall innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, TSummaryCtx3 sc3,
+    DataFlowCall call, PartialAccessPath ap, Configuration config
   ) {
-    exists(int i, DataFlowCallable callable |
-      partialPathIntoCallable0(mid, callable, i, outercc, call, ap, config) and
-      p.isParameterOf(callable, i) and
+    exists(ParameterPosition pos, DataFlowCallable callable |
+      partialPathIntoCallable0(mid, callable, pos, state, outercc, call, ap, config) and
+      p.isParameterOf(callable, pos) and
       sc1 = TSummaryCtx1Param(p) and
-      sc2 = TSummaryCtx2Some(ap)
+      sc2 = TSummaryCtx2Some(state) and
+      sc3 = TSummaryCtx3Some(ap)
     |
       if recordDataFlowCallSite(call, callable)
       then innercc = TSpecificCall(call)
@@ -4496,15 +4635,17 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate paramFlowsThroughInPartialPath(
-    ReturnKindExt kind, CallContextCall cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
-    PartialAccessPath ap, Configuration config
+    ReturnKindExt kind, FlowState state, CallContextCall cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
+    TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config
   ) {
     exists(PartialPathNodeFwd mid, RetNodeEx ret |
       mid.getNodeEx() = ret and
       kind = ret.getKind() and
+      state = mid.getState() and
       cc = mid.getCallContext() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       config = mid.getConfiguration() and
       ap = mid.getAp()
     )
@@ -4512,85 +4653,119 @@ private module FlowExploration {
 
   pragma[noinline]
   private predicate partialPathThroughCallable0(
-    DataFlowCall call, PartialPathNodeFwd mid, ReturnKindExt kind, CallContext cc,
+    DataFlowCall call, PartialPathNodeFwd mid, ReturnKindExt kind, FlowState state, CallContext cc,
     PartialAccessPath ap, Configuration config
   ) {
-    exists(CallContext innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2 |
-      partialPathIntoCallable(mid, _, cc, innercc, sc1, sc2, call, _, config) and
-      paramFlowsThroughInPartialPath(kind, innercc, sc1, sc2, ap, config)
+    exists(CallContext innercc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, TSummaryCtx3 sc3 |
+      partialPathIntoCallable(mid, _, _, cc, innercc, sc1, sc2, sc3, call, _, config) and
+      paramFlowsThroughInPartialPath(kind, state, innercc, sc1, sc2, sc3, ap, config)
     )
   }
 
   private predicate partialPathThroughCallable(
-    PartialPathNodeFwd mid, NodeEx out, CallContext cc, PartialAccessPath ap, Configuration config
+    PartialPathNodeFwd mid, NodeEx out, FlowState state, CallContext cc, PartialAccessPath ap,
+    Configuration config
   ) {
     exists(DataFlowCall call, ReturnKindExt kind |
-      partialPathThroughCallable0(call, mid, kind, cc, ap, config) and
+      partialPathThroughCallable0(call, mid, kind, state, cc, ap, config) and
       out.asNode() = kind.getAnOutNode(call)
     )
   }
 
+  pragma[nomagic]
   private predicate revPartialPathStep(
-    PartialPathNodeRev mid, NodeEx node, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2,
-    RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2,
+    TRevSummaryCtx3 sc3, RevPartialAccessPath ap, Configuration config
   ) {
     localFlowStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalLocalFlowStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
+    mid.getAp() instanceof RevPartialAccessPathNil and
+    ap = TRevPartialNil() and
+    config = mid.getConfiguration()
+    or
+    additionalLocalStateStep(node, state, mid.getNodeEx(), mid.getState(), config) and
+    sc1 = mid.getSummaryCtx1() and
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     mid.getAp() instanceof RevPartialAccessPathNil and
     ap = TRevPartialNil() and
     config = mid.getConfiguration()
     or
     jumpStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = TRevSummaryCtx1None() and
     sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
     ap = mid.getAp() and
     config = mid.getConfiguration()
     or
     additionalJumpStep(node, mid.getNodeEx(), config) and
+    state = mid.getState() and
     sc1 = TRevSummaryCtx1None() and
     sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
+    mid.getAp() instanceof RevPartialAccessPathNil and
+    ap = TRevPartialNil() and
+    config = mid.getConfiguration()
+    or
+    additionalJumpStateStep(node, state, mid.getNodeEx(), mid.getState(), config) and
+    sc1 = TRevSummaryCtx1None() and
+    sc2 = TRevSummaryCtx2None() and
+    sc3 = TRevSummaryCtx3None() and
     mid.getAp() instanceof RevPartialAccessPathNil and
     ap = TRevPartialNil() and
     config = mid.getConfiguration()
     or
     revPartialPathReadStep(mid, _, _, node, ap) and
+    state = mid.getState() and
     sc1 = mid.getSummaryCtx1() and
     sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3() and
     config = mid.getConfiguration()
     or
     exists(RevPartialAccessPath ap0, Content c |
       revPartialPathStoreStep(mid, ap0, c, node, config) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       apConsRev(ap, c, ap0, config)
     )
     or
     exists(ParamNodeEx p |
       mid.getNodeEx() = p and
       viableParamArgEx(_, p, node) and
+      state = mid.getState() and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       sc1 = TRevSummaryCtx1None() and
       sc2 = TRevSummaryCtx2None() and
+      sc3 = TRevSummaryCtx3None() and
       ap = mid.getAp() and
       config = mid.getConfiguration()
     )
     or
     exists(ReturnPosition pos |
-      revPartialPathIntoReturn(mid, pos, sc1, sc2, _, ap, config) and
+      revPartialPathIntoReturn(mid, pos, state, sc1, sc2, sc3, _, ap, config) and
       pos = getReturnPosition(node.asNode())
     )
     or
-    revPartialPathThroughCallable(mid, node, ap, config) and
+    revPartialPathThroughCallable(mid, node, state, ap, config) and
     sc1 = mid.getSummaryCtx1() and
-    sc2 = mid.getSummaryCtx2()
+    sc2 = mid.getSummaryCtx2() and
+    sc3 = mid.getSummaryCtx3()
   }
 
   pragma[inline]
@@ -4633,14 +4808,17 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate revPartialPathIntoReturn(
-    PartialPathNodeRev mid, ReturnPosition pos, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2,
-    DataFlowCall call, RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, ReturnPosition pos, FlowState state, TRevSummaryCtx1Some sc1,
+    TRevSummaryCtx2Some sc2, TRevSummaryCtx3Some sc3, DataFlowCall call, RevPartialAccessPath ap,
+    Configuration config
   ) {
     exists(NodeEx out |
       mid.getNodeEx() = out and
+      mid.getState() = state and
       viableReturnPosOutEx(call, pos, out) and
       sc1 = TRevSummaryCtx1Some(pos) and
-      sc2 = TRevSummaryCtx2Some(ap) and
+      sc2 = TRevSummaryCtx2Some(state) and
+      sc3 = TRevSummaryCtx3Some(ap) and
       ap = mid.getAp() and
       config = mid.getConfiguration()
     )
@@ -4648,36 +4826,40 @@ private module FlowExploration {
 
   pragma[nomagic]
   private predicate revPartialPathFlowsThrough(
-    int pos, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2, RevPartialAccessPath ap,
-    Configuration config
+    ArgumentPosition apos, FlowState state, TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2,
+    TRevSummaryCtx3Some sc3, RevPartialAccessPath ap, Configuration config
   ) {
-    exists(PartialPathNodeRev mid, ParamNodeEx p |
+    exists(PartialPathNodeRev mid, ParamNodeEx p, ParameterPosition ppos |
       mid.getNodeEx() = p and
-      p.getPosition() = pos and
+      mid.getState() = state and
+      p.getPosition() = ppos and
       sc1 = mid.getSummaryCtx1() and
       sc2 = mid.getSummaryCtx2() and
+      sc3 = mid.getSummaryCtx3() and
       ap = mid.getAp() and
-      config = mid.getConfiguration()
+      config = mid.getConfiguration() and
+      parameterMatch(ppos, apos)
     )
   }
 
   pragma[nomagic]
   private predicate revPartialPathThroughCallable0(
-    DataFlowCall call, PartialPathNodeRev mid, int pos, RevPartialAccessPath ap,
-    Configuration config
+    DataFlowCall call, PartialPathNodeRev mid, ArgumentPosition pos, FlowState state,
+    RevPartialAccessPath ap, Configuration config
   ) {
-    exists(TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2 |
-      revPartialPathIntoReturn(mid, _, sc1, sc2, call, _, config) and
-      revPartialPathFlowsThrough(pos, sc1, sc2, ap, config)
+    exists(TRevSummaryCtx1Some sc1, TRevSummaryCtx2Some sc2, TRevSummaryCtx3Some sc3 |
+      revPartialPathIntoReturn(mid, _, _, sc1, sc2, sc3, call, _, config) and
+      revPartialPathFlowsThrough(pos, state, sc1, sc2, sc3, ap, config)
     )
   }
 
   pragma[nomagic]
   private predicate revPartialPathThroughCallable(
-    PartialPathNodeRev mid, ArgNodeEx node, RevPartialAccessPath ap, Configuration config
+    PartialPathNodeRev mid, ArgNodeEx node, FlowState state, RevPartialAccessPath ap,
+    Configuration config
   ) {
-    exists(DataFlowCall call, int pos |
-      revPartialPathThroughCallable0(call, mid, pos, ap, config) and
+    exists(DataFlowCall call, ArgumentPosition pos |
+      revPartialPathThroughCallable0(call, mid, pos, state, ap, config) and
       node.asNode().(ArgNode).argumentOf(call, pos)
     )
   }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll
index c139593b1b8..9aa6a529a5b 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll
@@ -3,6 +3,17 @@ private import DataFlowImplSpecific::Public
 import Cached
 
 module DataFlowImplCommonPublic {
+  /** A state value to track during data flow. */
+  class FlowState = string;
+
+  /**
+   * The default state, which is used when the state is unspecified for a source
+   * or a sink.
+   */
+  class FlowStateEmpty extends FlowState {
+    FlowStateEmpty() { this = "" }
+  }
+
   private newtype TFlowFeature =
     TFeatureHasSourceCallContext() or
     TFeatureHasSinkCallContext() or
@@ -62,6 +73,18 @@ predicate accessPathCostLimits(int apLimit, int tupleLimit) {
   tupleLimit = 1000
 }
 
+/**
+ * Holds if `arg` is an argument of `call` with an argument position that matches
+ * parameter position `ppos`.
+ */
+pragma[noinline]
+predicate argumentPositionMatch(DataFlowCall call, ArgNode arg, ParameterPosition ppos) {
+  exists(ArgumentPosition apos |
+    arg.argumentOf(call, apos) and
+    parameterMatch(ppos, apos)
+  )
+}
+
 /**
  * Provides a simple data-flow analysis for resolving lambda calls. The analysis
  * currently excludes read-steps, store-steps, and flow-through.
@@ -71,25 +94,27 @@ predicate accessPathCostLimits(int apLimit, int tupleLimit) {
  * calls. For this reason, we cannot reuse the code from `DataFlowImpl.qll` directly.
  */
 private module LambdaFlow {
-  private predicate viableParamNonLambda(DataFlowCall call, int i, ParamNode p) {
-    p.isParameterOf(viableCallable(call), i)
+  pragma[noinline]
+  private predicate viableParamNonLambda(DataFlowCall call, ParameterPosition ppos, ParamNode p) {
+    p.isParameterOf(viableCallable(call), ppos)
   }
 
-  private predicate viableParamLambda(DataFlowCall call, int i, ParamNode p) {
-    p.isParameterOf(viableCallableLambda(call, _), i)
+  pragma[noinline]
+  private predicate viableParamLambda(DataFlowCall call, ParameterPosition ppos, ParamNode p) {
+    p.isParameterOf(viableCallableLambda(call, _), ppos)
   }
 
   private predicate viableParamArgNonLambda(DataFlowCall call, ParamNode p, ArgNode arg) {
-    exists(int i |
-      viableParamNonLambda(call, i, p) and
-      arg.argumentOf(call, i)
+    exists(ParameterPosition ppos |
+      viableParamNonLambda(call, ppos, p) and
+      argumentPositionMatch(call, arg, ppos)
     )
   }
 
   private predicate viableParamArgLambda(DataFlowCall call, ParamNode p, ArgNode arg) {
-    exists(int i |
-      viableParamLambda(call, i, p) and
-      arg.argumentOf(call, i)
+    exists(ParameterPosition ppos |
+      viableParamLambda(call, ppos, p) and
+      argumentPositionMatch(call, arg, ppos)
     )
   }
 
@@ -191,10 +216,9 @@ private module LambdaFlow {
     or
     // jump step
     exists(Node mid, DataFlowType t0 |
-      revLambdaFlow(lambdaCall, kind, mid, t0, _, _, _) and
+      revLambdaFlow(lambdaCall, kind, mid, t0, _, _, lastCall) and
       toReturn = false and
-      toJump = true and
-      lastCall = TDataFlowCallNone()
+      toJump = true
     |
       jumpStepCached(node, mid) and
       t = t0
@@ -301,7 +325,10 @@ private module Cached {
   predicate jumpStepCached(Node node1, Node node2) { jumpStep(node1, node2) }
 
   cached
-  predicate clearsContentCached(Node n, Content c) { clearsContent(n, c) }
+  predicate clearsContentCached(Node n, ContentSet c) { clearsContent(n, c) }
+
+  cached
+  predicate expectsContentCached(Node n, ContentSet c) { expectsContent(n, c) }
 
   cached
   predicate isUnreachableInCallCached(Node n, DataFlowCall call) { isUnreachableInCall(n, call) }
@@ -322,7 +349,7 @@ private module Cached {
     or
     exists(ArgNode arg |
       result.(PostUpdateNode).getPreUpdateNode() = arg and
-      arg.argumentOf(call, k.(ParamUpdateReturnKind).getPosition())
+      arg.argumentOf(call, k.(ParamUpdateReturnKind).getAMatchingArgumentPosition())
     )
   }
 
@@ -330,7 +357,7 @@ private module Cached {
   predicate returnNodeExt(Node n, ReturnKindExt k) {
     k = TValueReturn(n.(ReturnNode).getKind())
     or
-    exists(ParamNode p, int pos |
+    exists(ParamNode p, ParameterPosition pos |
       parameterValueFlowsToPreUpdate(p, n) and
       p.isParameterOf(_, pos) and
       k = TParamUpdate(pos)
@@ -348,15 +375,17 @@ private module Cached {
     // For reads, `x.f`, we want to check that the tracked type after the read (which
     // is obtained by popping the head of the access path stack) is compatible with
     // the type of `x.f`.
-    read(_, _, n)
+    readSet(_, _, n)
   }
 
   cached
-  predicate parameterNode(Node p, DataFlowCallable c, int pos) { isParameterNode(p, c, pos) }
+  predicate parameterNode(Node p, DataFlowCallable c, ParameterPosition pos) {
+    isParameterNode(p, c, pos)
+  }
 
   cached
-  predicate argumentNode(Node n, DataFlowCall call, int pos) {
-    n.(ArgumentNode).argumentOf(call, pos)
+  predicate argumentNode(Node n, DataFlowCall call, ArgumentPosition pos) {
+    isArgumentNode(n, call, pos)
   }
 
   /**
@@ -374,12 +403,12 @@ private module Cached {
   }
 
   /**
-   * Holds if `p` is the `i`th parameter of a viable dispatch target of `call`.
-   * The instance parameter is considered to have index `-1`.
+   * Holds if `p` is the parameter of a viable dispatch target of `call`,
+   * and `p` has position `ppos`.
    */
   pragma[nomagic]
-  private predicate viableParam(DataFlowCall call, int i, ParamNode p) {
-    p.isParameterOf(viableCallableExt(call), i)
+  private predicate viableParam(DataFlowCall call, ParameterPosition ppos, ParamNode p) {
+    p.isParameterOf(viableCallableExt(call), ppos)
   }
 
   /**
@@ -388,9 +417,9 @@ private module Cached {
    */
   cached
   predicate viableParamArg(DataFlowCall call, ParamNode p, ArgNode arg) {
-    exists(int i |
-      viableParam(call, i, p) and
-      arg.argumentOf(call, i) and
+    exists(ParameterPosition ppos |
+      viableParam(call, ppos, p) and
+      argumentPositionMatch(call, arg, ppos) and
       compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p))
     )
   }
@@ -442,7 +471,7 @@ private module Cached {
         // read
         exists(Node mid |
           parameterValueFlowCand(p, mid, false) and
-          read(mid, _, node) and
+          readSet(mid, _, node) and
           read = true
         )
         or
@@ -630,8 +659,10 @@ private module Cached {
        * Holds if `arg` flows to `out` through a call using only
        * value-preserving steps and a single read step, not taking call
        * contexts into account, thus representing a getter-step.
+       *
+       * This predicate is exposed for testing only.
        */
-      predicate getterStep(ArgNode arg, Content c, Node out) {
+      predicate getterStep(ArgNode arg, ContentSet c, Node out) {
         argumentValueFlowsThrough(arg, TReadStepTypesSome(_, c, _), out)
       }
 
@@ -678,7 +709,8 @@ private module Cached {
      */
     pragma[nomagic]
     private DataFlowCallable viableImplInCallContextExt(DataFlowCall call, DataFlowCall ctx) {
-      result = viableImplInCallContext(call, ctx)
+      result = viableImplInCallContext(call, ctx) and
+      result = viableCallable(call)
       or
       result = viableCallableLambda(call, TDataFlowCallSome(ctx))
       or
@@ -754,8 +786,12 @@ private module Cached {
     parameterValueFlow(p, n.getPreUpdateNode(), TReadStepTypesNone())
   }
 
-  private predicate store(
-    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
+  cached
+  predicate readSet(Node node1, ContentSet c, Node node2) { readStep(node1, c, node2) }
+
+  cached
+  predicate storeSet(
+    Node node1, ContentSet c, Node node2, DataFlowType contentType, DataFlowType containerType
   ) {
     storeStep(node1, c, node2) and
     contentType = getNodeDataFlowType(node1) and
@@ -767,14 +803,19 @@ private module Cached {
     |
       argumentValueFlowsThrough(n2, TReadStepTypesSome(containerType, c, contentType), n1)
       or
-      read(n2, c, n1) and
+      readSet(n2, c, n1) and
       contentType = getNodeDataFlowType(n1) and
       containerType = getNodeDataFlowType(n2)
     )
   }
 
-  cached
-  predicate read(Node node1, Content c, Node node2) { readStep(node1, c, node2) }
+  private predicate store(
+    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
+  ) {
+    exists(ContentSet cs |
+      c = cs.getAStoreContent() and storeSet(node1, cs, node2, contentType, containerType)
+    )
+  }
 
   /**
    * Holds if data can flow from `node1` to `node2` via a direct assignment to
@@ -862,7 +903,7 @@ private module Cached {
   cached
   newtype TReturnKindExt =
     TValueReturn(ReturnKind kind) or
-    TParamUpdate(int pos) { exists(ParamNode p | p.isParameterOf(_, pos)) }
+    TParamUpdate(ParameterPosition pos) { exists(ParamNode p | p.isParameterOf(_, pos)) }
 
   cached
   newtype TBooleanOption =
@@ -874,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -905,16 +985,16 @@ class CastingNode extends Node {
 }
 
 private predicate readStepWithTypes(
-  Node n1, DataFlowType container, Content c, Node n2, DataFlowType content
+  Node n1, DataFlowType container, ContentSet c, Node n2, DataFlowType content
 ) {
-  read(n1, c, n2) and
+  readSet(n1, c, n2) and
   container = getNodeDataFlowType(n1) and
   content = getNodeDataFlowType(n2)
 }
 
 private newtype TReadStepTypesOption =
   TReadStepTypesNone() or
-  TReadStepTypesSome(DataFlowType container, Content c, DataFlowType content) {
+  TReadStepTypesSome(DataFlowType container, ContentSet c, DataFlowType content) {
     readStepWithTypes(_, container, c, _, content)
   }
 
@@ -923,7 +1003,7 @@ private class ReadStepTypesOption extends TReadStepTypesOption {
 
   DataFlowType getContainerType() { this = TReadStepTypesSome(result, _, _) }
 
-  Content getContent() { this = TReadStepTypesSome(_, result, _) }
+  ContentSet getContent() { this = TReadStepTypesSome(_, result, _) }
 
   DataFlowType getContentType() { this = TReadStepTypesSome(_, _, result) }
 
@@ -1054,9 +1134,9 @@ class ParamNode extends Node {
 
   /**
    * Holds if this node is the parameter of callable `c` at the specified
-   * (zero-based) position.
+   * position.
    */
-  predicate isParameterOf(DataFlowCallable c, int i) { parameterNode(this, c, i) }
+  predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) { parameterNode(this, c, pos) }
 }
 
 /** A data-flow node that represents a call argument. */
@@ -1064,7 +1144,9 @@ class ArgNode extends Node {
   ArgNode() { argumentNode(this, _, _) }
 
   /** Holds if this argument occurs at the given position in the given call. */
-  final predicate argumentOf(DataFlowCall call, int pos) { argumentNode(this, call, pos) }
+  final predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
+    argumentNode(this, call, pos)
+  }
 }
 
 /**
@@ -1110,11 +1192,14 @@ class ValueReturnKind extends ReturnKindExt, TValueReturn {
 }
 
 class ParamUpdateReturnKind extends ReturnKindExt, TParamUpdate {
-  private int pos;
+  private ParameterPosition pos;
 
   ParamUpdateReturnKind() { this = TParamUpdate(pos) }
 
-  int getPosition() { result = pos }
+  ParameterPosition getPosition() { result = pos }
+
+  pragma[nomagic]
+  ArgumentPosition getAMatchingArgumentPosition() { parameterMatch(pos, result) }
 
   override string toString() { result = "param update " + pos }
 }
@@ -1258,7 +1343,114 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
-/** Content tagged with the type of a containing object. */
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
+/** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
   private DataFlowType t;
@@ -1290,11 +1482,9 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
-
-  predicate isClearedAt(Node n) { clearsContentCached(n, this.getHead().getContent()) }
 }
 
 class AccessPathFrontNil extends AccessPathFront, TFrontNil {
@@ -1306,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1318,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
index ea3f757b440..715330f87d9 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
@@ -12,7 +12,7 @@ private newtype TNode =
   MkGlobalFunctionNode(Function f) or
   MkSummarizedParameterNode(DataFlowCallable c, int i) {
     not exists(c.getFuncDef()) and
-    c instanceof SummarizedCallable and
+    c.asCallable() instanceof SummarizedCallable and
     (
       i in [0 .. c.getType().getNumParameter() - 1]
       or
@@ -25,6 +25,8 @@ private newtype TNode =
 
 /** Nodes intended for only use inside the data-flow libraries. */
 module Private {
+  private import DataFlowDispatch
+
   /** Gets the callable in which this node occurs. */
   DataFlowCallable nodeGetEnclosingCallable(Node n) {
     result.asCallable() = n.getEnclosingCallable()
@@ -33,10 +35,15 @@ module Private {
   }
 
   /** Holds if `p` is a `ParameterNode` of `c` with position `pos`. */
-  predicate isParameterNode(ParameterNode p, DataFlowCallable c, int pos) {
+  predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) {
     p.isParameterOf(c.asCallable(), pos)
   }
 
+  /** Holds if `arg` is an `ArgumentNode` of `c` with position `pos`. */
+  predicate isArgumentNode(ArgumentNode arg, DataFlowCall c, ArgumentPosition pos) {
+    arg.argumentOf(c, pos)
+  }
+
   /** A data flow node that represents returning a value from a function. */
   class ReturnNode extends Node {
     ReturnKind kind;
@@ -115,7 +122,7 @@ module Public {
       exists(DataFlowCallable dfc | result = dfc.asCallable() |
         this = MkSummarizedParameterNode(dfc, _)
         or
-        this = MkSummaryInternalNode(dfc, _)
+        this = MkSummaryInternalNode(dfc.asCallable(), _)
       )
     }
 
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
index d83014b0b93..b65fb3d7d5d 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
@@ -126,6 +126,8 @@ predicate jumpStep(Node n1, Node n2) {
     n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = sendRead and
     n2 = recvRead
   )
+  or
+  FlowSummaryImpl::Private::Steps::summaryJumpStep(n1, n2)
 }
 
 /**
@@ -188,22 +190,26 @@ predicate clearsContent(Node n, Content c) {
   // FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c)
 }
 
-/** Gets the type of `n` used for type pruning. */
-DataFlowType getNodeType(Node n) {
-  result = n.getType()
-  or
-  result = FlowSummaryImpl::Private::summaryNodeType(n)
+/**
+ * Holds if the value that is being tracked is expected to be stored inside content `c`
+ * at node `n`.
+ */
+predicate expectsContent(Node n, ContentSet c) {
+  FlowSummaryImpl::Private::Steps::summaryExpectsContent(n, c)
 }
 
+/** Gets the type of `n` used for type pruning. */
+DataFlowType getNodeType(Node n) { result = TTodoDataFlowType() and exists(n) }
+
 /** Gets a string representation of a type returned by `getNodeType()`. */
-string ppReprType(Type t) { result = t.toString() }
+string ppReprType(DataFlowType t) { none() }
 
 /**
  * Holds if `t1` and `t2` are compatible, that is, whether data can flow from
  * a node of type `t1` to a node of type `t2`.
  */
 pragma[inline]
-predicate compatibleTypes(Type t1, Type t2) {
+predicate compatibleTypes(DataFlowType t1, DataFlowType t2) {
   any() // stub implementation
 }
 
@@ -217,7 +223,14 @@ class CastNode extends ExprNode {
 
 class DataFlowExpr = Expr;
 
-class DataFlowType = Type;
+private newtype TDataFlowType =
+  TTodoDataFlowType() or
+  TTodoDataFlowType2() // Add a dummy value to prevent bad functionality-induced joins arising from a type of size 1.
+
+class DataFlowType extends TDataFlowType {
+  /** Gets a textual representation of this element. */
+  string toString() { result = "" }
+}
 
 class DataFlowLocation = Location;
 
@@ -370,3 +383,10 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
 predicate allowParameterReturnInSelf(ParameterNode p) {
   FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
 }
+
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
index d0a92a322c0..a604f1b875b 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
@@ -108,7 +108,7 @@ predicate localFlowStep(Node nodeFrom, Node nodeTo) {
   or
   // Simple flow through library code is included in the exposed local
   // step relation, even though flow is technically inter-procedural
-  FlowSummaryImpl::Private::Steps::summaryThroughStep(nodeFrom, nodeTo, true)
+  FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _)
 }
 
 /**
@@ -131,6 +131,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
  * Holds if data flows from `source` to `sink` in zero or more local
  * (intra-procedural) steps.
  */
+pragma[inline]
 predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) }
 
 private newtype TContent =
@@ -148,7 +149,7 @@ private newtype TContent =
  */
 class Content extends TContent {
   /** Gets the type of the contained data for the purpose of type pruning. */
-  DataFlowType getType() { result instanceof EmptyInterfaceType }
+  DataFlowType getType() { any() }
 
   /** Gets a textual representation of this element. */
   abstract string toString();
@@ -160,8 +161,10 @@ class Content extends TContent {
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
   }
 }
 
@@ -174,7 +177,7 @@ class FieldContent extends Content, TFieldContent {
   /** Gets the field associated with this `FieldContent`. */
   Field getField() { result = f }
 
-  override DataFlowType getType() { result = f.getType() }
+  override DataFlowType getType() { any() }
 
   override string toString() { result = f.toString() }
 
@@ -202,7 +205,7 @@ class PointerContent extends Content, TPointerContent {
   /** Gets the pointer type that containers with this content must have. */
   PointerType getPointerType() { result = t }
 
-  override DataFlowType getType() { result = t.getBaseType() }
+  override DataFlowType getType() { any() }
 
   override string toString() { result = "pointer" }
 }
@@ -225,11 +228,41 @@ class SyntheticFieldContent extends Content, TSyntheticFieldContent {
   /** Gets the field associated with this `SyntheticFieldContent`. */
   SyntheticField getField() { result = s }
 
-  override DataFlowType getType() { result = s.getType() }
+  override DataFlowType getType() { any() }
 
   override string toString() { result = s.toString() }
 }
 
+/**
+ * An entity that represents a set of `Content`s.
+ *
+ * The set may be interpreted differently depending on whether it is
+ * stored into (`getAStoreContent`) or read from (`getAReadContent`).
+ */
+class ContentSet instanceof Content {
+  /** Gets a content that may be stored into when storing into this set. */
+  Content getAStoreContent() { result = this }
+
+  /** Gets a content that may be read from when reading from this set. */
+  Content getAReadContent() { result = this }
+
+  /** Gets a textual representation of this content set. */
+  string toString() { result = super.toString() }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
 /**
  * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
  *
diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
index e59c96a5c17..b61142c33a7 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
@@ -24,7 +24,11 @@ module Public {
   class SummaryComponent extends TSummaryComponent {
     /** Gets a textual representation of this summary component. */
     string toString() {
-      exists(Content c | this = TContentSummaryComponent(c) and result = c.toString())
+      exists(ContentSet c | this = TContentSummaryComponent(c) and result = c.toString())
+      or
+      exists(ContentSet c | this = TWithoutContentSummaryComponent(c) and result = "without " + c)
+      or
+      exists(ContentSet c | this = TWithContentSummaryComponent(c) and result = "with " + c)
       or
       exists(ArgumentPosition pos |
         this = TParameterSummaryComponent(pos) and result = "parameter " + pos
@@ -41,7 +45,13 @@ module Public {
   /** Provides predicates for constructing summary components. */
   module SummaryComponent {
     /** Gets a summary component for content `c`. */
-    SummaryComponent content(Content c) { result = TContentSummaryComponent(c) }
+    SummaryComponent content(ContentSet c) { result = TContentSummaryComponent(c) }
+
+    /** Gets a summary component where data is not allowed to be stored in `c`. */
+    SummaryComponent withoutContent(ContentSet c) { result = TWithoutContentSummaryComponent(c) }
+
+    /** Gets a summary component where data must be stored in `c`. */
+    SummaryComponent withContent(ContentSet c) { result = TWithContentSummaryComponent(c) }
 
     /** Gets a summary component for a parameter at position `pos`. */
     SummaryComponent parameter(ArgumentPosition pos) { result = TParameterSummaryComponent(pos) }
@@ -51,6 +61,20 @@ module Public {
 
     /** Gets a summary component for a return of kind `rk`. */
     SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) }
+
+    /** Gets a summary component for synthetic global `sg`. */
+    SummaryComponent syntheticGlobal(SyntheticGlobal sg) {
+      result = TSyntheticGlobalSummaryComponent(sg)
+    }
+
+    /**
+     * A synthetic global. This represents some form of global state, which
+     * summaries can read and write individually.
+     */
+    abstract class SyntheticGlobal extends string {
+      bindingset[this]
+      SyntheticGlobal() { any() }
+    }
   }
 
   /**
@@ -185,7 +209,10 @@ module Public {
   }
 
   /** A callable with a flow summary. */
-  abstract class SummarizedCallable extends DataFlowCallable {
+  abstract class SummarizedCallable extends SummarizedCallableBase {
+    bindingset[this]
+    SummarizedCallable() { any() }
+
     /**
      * Holds if data may flow from `input` to `output` through this callable.
      *
@@ -214,11 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if values stored inside `content` are cleared on objects passed as
-     * arguments at position `pos` to this callable.
+     * Holds if the summary is auto generated and not manually generated.
      */
-    pragma[nomagic]
-    predicate clearsContent(ParameterPosition pos, Content content) { none() }
+    predicate isAutoGenerated() { none() }
+
+    /**
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
+     */
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -231,10 +272,13 @@ module Private {
   import AccessPathSyntax
 
   newtype TSummaryComponent =
-    TContentSummaryComponent(Content c) or
+    TContentSummaryComponent(ContentSet c) or
     TParameterSummaryComponent(ArgumentPosition pos) or
     TArgumentSummaryComponent(ParameterPosition pos) or
-    TReturnSummaryComponent(ReturnKind rk)
+    TReturnSummaryComponent(ReturnKind rk) or
+    TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or
+    TWithoutContentSummaryComponent(ContentSet c) or
+    TWithContentSummaryComponent(ContentSet c)
 
   private TParameterSummaryComponent thisParam() {
     result = TParameterSummaryComponent(instanceParameterPosition())
@@ -378,10 +422,7 @@ module Private {
 
   private newtype TSummaryNodeState =
     TSummaryNodeInputState(SummaryComponentStack s) { inputState(_, s) } or
-    TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) } or
-    TSummaryNodeClearsContentState(ParameterPosition pos, boolean post) {
-      any(SummarizedCallable sc).clearsContent(pos, _) and post in [false, true]
-    }
+    TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) }
 
   /**
    * A state used to break up (complex) flow summaries into atomic flow steps.
@@ -428,12 +469,6 @@ module Private {
         this = TSummaryNodeOutputState(s) and
         result = "to write: " + s
       )
-      or
-      exists(ParameterPosition pos, boolean post, string postStr |
-        this = TSummaryNodeClearsContentState(pos, post) and
-        (if post = true then postStr = " (post)" else postStr = "") and
-        result = "clear: " + pos + postStr
-      )
     }
   }
 
@@ -457,11 +492,6 @@ module Private {
     not parameterReadState(c, state, _)
     or
     state.isOutputState(c, _)
-    or
-    exists(ParameterPosition pos |
-      c.clearsContent(pos, _) and
-      state = TSummaryNodeClearsContentState(pos, _)
-    )
   }
 
   pragma[noinline]
@@ -471,7 +501,7 @@ module Private {
       or
       exists(ParameterPosition pos |
         parameterReadState(c, state, pos) and
-        result.(ParamNode).isParameterOf(c, pos)
+        result.(ParamNode).isParameterOf(inject(c), pos)
       )
     )
   }
@@ -496,9 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
-    or
-    c.clearsContent(pos, _)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -506,7 +535,7 @@ module Private {
   ) {
     any(SummaryNodeState state).isInputState(c, s) and
     s.head() = TReturnSummaryComponent(rk) and
-    receiver = summaryNodeInputState(c, s.drop(1))
+    receiver = summaryNodeInputState(c, s.tail())
   }
 
   private predicate callbackInput(
@@ -514,7 +543,7 @@ module Private {
   ) {
     any(SummaryNodeState state).isOutputState(c, s) and
     s.head() = TParameterSummaryComponent(pos) and
-    receiver = summaryNodeInputState(c, s.drop(1))
+    receiver = summaryNodeInputState(c, s.tail())
   }
 
   /** Holds if a call targeting `receiver` should be synthesized inside `c`. */
@@ -540,21 +569,32 @@ module Private {
     exists(SummarizedCallable c, SummaryComponentStack s, SummaryComponent head | head = s.head() |
       n = summaryNodeInputState(c, s) and
       (
-        exists(Content cont |
-          head = TContentSummaryComponent(cont) and result = getContentType(cont)
+        exists(ContentSet cont | result = getContentType(cont) |
+          head = TContentSummaryComponent(cont) or
+          head = TWithContentSummaryComponent(cont)
+        )
+        or
+        exists(ContentSet cont |
+          head = TWithoutContentSummaryComponent(cont) and
+          result = getNodeType(summaryNodeInputState(c, s.tail()))
         )
         or
         exists(ReturnKind rk |
           head = TReturnSummaryComponent(rk) and
           result =
             getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
-                  s.drop(1))), rk)
+                  s.tail())), rk)
+        )
+        or
+        exists(SummaryComponent::SyntheticGlobal sg |
+          head = TSyntheticGlobalSummaryComponent(sg) and
+          result = getSyntheticGlobalType(sg)
         )
       )
       or
       n = summaryNodeOutputState(c, s) and
       (
-        exists(Content cont |
+        exists(ContentSet cont |
           head = TContentSummaryComponent(cont) and result = getContentType(cont)
         )
         or
@@ -567,16 +607,15 @@ module Private {
         exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) |
           result =
             getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
-                  s.drop(1))), pos)
+                  s.tail())), pos)
+        )
+        or
+        exists(SummaryComponent::SyntheticGlobal sg |
+          head = TSyntheticGlobalSummaryComponent(sg) and
+          result = getSyntheticGlobalType(sg)
         )
       )
     )
-    or
-    exists(SummarizedCallable c, ParameterPosition pos, ParamNode p |
-      n = summaryNode(c, TSummaryNodeClearsContentState(pos, false)) and
-      p.isParameterOf(c, pos) and
-      result = getNodeType(p)
-    )
   }
 
   /** Holds if summary node `out` contains output of kind `rk` from call `c`. */
@@ -601,10 +640,7 @@ module Private {
   predicate summaryPostUpdateNode(Node post, Node pre) {
     exists(SummarizedCallable c, ParameterPosition pos |
       isParameterPostUpdate(post, c, pos) and
-      pre.(ParamNode).isParameterOf(c, pos)
-      or
-      pre = summaryNode(c, TSummaryNodeClearsContentState(pos, false)) and
-      post = summaryNode(c, TSummaryNodeClearsContentState(pos, true))
+      pre.(ParamNode).isParameterOf(inject(c), pos)
     )
     or
     exists(SummarizedCallable callable, SummaryComponentStack s |
@@ -627,9 +663,7 @@ module Private {
    * node, and back out to `p`.
    */
   predicate summaryAllowParameterReturnInSelf(ParamNode p) {
-    exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(c, ppos) |
-      c.clearsContent(ppos, _)
-      or
+    exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(inject(c), ppos) |
       exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents |
         summary(c, inputContents, outputContents, _) and
         inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and
@@ -658,9 +692,10 @@ module Private {
         preservesValue = false and not summary(c, inputContents, outputContents, true)
       )
       or
-      exists(SummarizedCallable c, ParameterPosition pos |
-        pred.(ParamNode).isParameterOf(c, pos) and
-        succ = summaryNode(c, TSummaryNodeClearsContentState(pos, _)) and
+      exists(SummarizedCallable c, SummaryComponentStack s |
+        pred = summaryNodeInputState(c, s.tail()) and
+        succ = summaryNodeInputState(c, s) and
+        s.head() = [SummaryComponent::withContent(_), SummaryComponent::withoutContent(_)] and
         preservesValue = true
       )
     }
@@ -669,9 +704,9 @@ module Private {
      * Holds if there is a read step of content `c` from `pred` to `succ`, which
      * is synthesized from a flow summary.
      */
-    predicate summaryReadStep(Node pred, Content c, Node succ) {
+    predicate summaryReadStep(Node pred, ContentSet c, Node succ) {
       exists(SummarizedCallable sc, SummaryComponentStack s |
-        pred = summaryNodeInputState(sc, s.drop(1)) and
+        pred = summaryNodeInputState(sc, s.tail()) and
         succ = summaryNodeInputState(sc, s) and
         SummaryComponent::content(c) = s.head()
       )
@@ -681,14 +716,26 @@ module Private {
      * Holds if there is a store step of content `c` from `pred` to `succ`, which
      * is synthesized from a flow summary.
      */
-    predicate summaryStoreStep(Node pred, Content c, Node succ) {
+    predicate summaryStoreStep(Node pred, ContentSet c, Node succ) {
       exists(SummarizedCallable sc, SummaryComponentStack s |
         pred = summaryNodeOutputState(sc, s) and
-        succ = summaryNodeOutputState(sc, s.drop(1)) and
+        succ = summaryNodeOutputState(sc, s.tail()) and
         SummaryComponent::content(c) = s.head()
       )
     }
 
+    /**
+     * Holds if there is a jump step from `pred` to `succ`, which is synthesized
+     * from a flow summary.
+     */
+    predicate summaryJumpStep(Node pred, Node succ) {
+      exists(SummaryComponentStack s |
+        s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and
+        pred = summaryNodeOutputState(_, s) and
+        succ = summaryNodeInputState(_, s)
+      )
+    }
+
     /**
      * Holds if values stored inside content `c` are cleared at `n`. `n` is a
      * synthesized summary node, so in order for values to be cleared at calls
@@ -708,10 +755,23 @@ module Private {
      * `a` on line 2 to the post-update node for `a` on that line (via an intermediate
      * node where field `b` is cleared).
      */
-    predicate summaryClearsContent(Node n, Content c) {
-      exists(SummarizedCallable sc, ParameterPosition pos |
-        n = summaryNode(sc, TSummaryNodeClearsContentState(pos, true)) and
-        sc.clearsContent(pos, c)
+    predicate summaryClearsContent(Node n, ContentSet c) {
+      exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
+        n = summaryNode(sc, state) and
+        state.isInputState(sc, stack) and
+        stack.head() = SummaryComponent::withoutContent(c)
+      )
+    }
+
+    /**
+     * Holds if the value that is being tracked is expected to be stored inside
+     * content `c` at `n`.
+     */
+    predicate summaryExpectsContent(Node n, ContentSet c) {
+      exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
+        n = summaryNode(sc, state) and
+        state.isInputState(sc, stack) and
+        stack.head() = SummaryComponent::withContent(c)
       )
     }
 
@@ -719,55 +779,96 @@ module Private {
     private predicate viableParam(
       DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, ParamNode p
     ) {
-      p.isParameterOf(sc, ppos) and
-      sc = viableCallable(call)
-    }
-
-    /**
-     * Holds if values stored inside content `c` are cleared inside a
-     * callable to which `arg` is an argument.
-     *
-     * In such cases, it is important to prevent use-use flow out of
-     * `arg` (see comment for `summaryClearsContent`).
-     */
-    predicate summaryClearsContentArg(ArgNode arg, Content c) {
-      exists(DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos |
-        argumentPositionMatch(call, arg, ppos) and
-        viableParam(call, sc, ppos, _) and
-        sc.clearsContent(ppos, c)
+      exists(DataFlowCallable c |
+        c = inject(sc) and
+        p.isParameterOf(c, ppos) and
+        c = viableCallable(call)
       )
     }
 
     pragma[nomagic]
-    private ParamNode summaryArgParam0(DataFlowCall call, ArgNode arg) {
-      exists(ParameterPosition ppos, SummarizedCallable sc |
+    private ParamNode summaryArgParam0(DataFlowCall call, ArgNode arg, SummarizedCallable sc) {
+      exists(ParameterPosition ppos |
         argumentPositionMatch(call, arg, ppos) and
         viableParam(call, sc, ppos, result)
       )
     }
 
-    pragma[nomagic]
-    private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) {
-      exists(DataFlowCall call |
-        result = summaryArgParam0(call, arg) and
-        out = rk.getAnOutNode(call)
+    /**
+     * Holds if `p` can reach `n` in a summarized callable, using only value-preserving
+     * local steps. `clearsOrExpects` records whether any node on the path from `p` to
+     * `n` either clears or expects contents.
+     */
+    private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExpects) {
+      viableParam(_, _, _, p) and
+      n = p and
+      clearsOrExpects = false
+      or
+      exists(Node mid, boolean clearsOrExpectsMid |
+        paramReachesLocal(p, mid, clearsOrExpectsMid) and
+        summaryLocalStep(mid, n, true) and
+        if
+          summaryClearsContent(n, _) or
+          summaryExpectsContent(n, _)
+        then clearsOrExpects = true
+        else clearsOrExpects = clearsOrExpectsMid
       )
     }
 
     /**
-     * Holds if `arg` flows to `out` using a simple flow summary, that is, a flow
-     * summary without reads and stores.
+     * Holds if use-use flow starting from `arg` should be prohibited.
+     *
+     * This is the case when `arg` is the argument of a call that targets a
+     * flow summary where the corresponding parameter either clears contents
+     * or expects contents.
+     */
+    pragma[nomagic]
+    predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
+      exists(ParamNode p, ParameterPosition ppos, Node ret |
+        paramReachesLocal(p, ret, true) and
+        p = summaryArgParam0(_, arg, sc) and
+        p.isParameterOf(_, pragma[only_bind_into](ppos)) and
+        isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
+      )
+    }
+
+    bindingset[ret]
+    private ParamNode summaryArgParam(
+      ArgNode arg, ReturnNodeExt ret, OutNodeExt out, SummarizedCallable sc
+    ) {
+      exists(DataFlowCall call, ReturnKindExt rk |
+        result = summaryArgParam0(call, arg, sc) and
+        ret.getKind() = pragma[only_bind_into](rk) and
+        out = pragma[only_bind_into](rk).getAnOutNode(call)
+      )
+    }
+
+    /**
+     * Holds if `arg` flows to `out` using a simple value-preserving flow
+     * summary, that is, a flow summary without reads and stores.
      *
      * NOTE: This step should not be used in global data-flow/taint-tracking, but may
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
-    predicate summaryThroughStep(ArgNode arg, Node out, boolean preservesValue) {
-      exists(ReturnKindExt rk, ReturnNodeExt ret |
-        summaryLocalStep(summaryArgParam(arg, rk, out), ret, preservesValue) and
-        ret.getKind() = rk
+    predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) {
+      exists(ReturnKind rk, ReturnNode ret, DataFlowCall call |
+        summaryLocalStep(summaryArgParam0(call, arg, sc), ret, true) and
+        ret.getKind() = pragma[only_bind_into](rk) and
+        out = getAnOutNode(call, pragma[only_bind_into](rk))
       )
     }
 
+    /**
+     * Holds if `arg` flows to `out` using a simple flow summary involving taint
+     * step, that is, a flow summary without reads and stores.
+     *
+     * NOTE: This step should not be used in global data-flow/taint-tracking, but may
+     * be useful to include in the exposed local data-flow/taint-tracking relations.
+     */
+    predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) {
+      exists(ReturnNodeExt ret | summaryLocalStep(summaryArgParam(arg, ret, out, sc), ret, false))
+    }
+
     /**
      * Holds if there is a read(+taint) of `c` from `arg` to `out` using a
      * flow summary.
@@ -775,11 +876,10 @@ module Private {
      * NOTE: This step should not be used in global data-flow/taint-tracking, but may
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
-    predicate summaryGetterStep(ArgNode arg, Content c, Node out) {
-      exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret |
-        summaryReadStep(summaryArgParam(arg, rk, out), c, mid) and
-        summaryLocalStep(mid, ret, _) and
-        ret.getKind() = rk
+    predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
+      exists(Node mid, ReturnNodeExt ret |
+        summaryReadStep(summaryArgParam(arg, ret, out, sc), c, mid) and
+        summaryLocalStep(mid, ret, _)
       )
     }
 
@@ -790,44 +890,53 @@ module Private {
      * NOTE: This step should not be used in global data-flow/taint-tracking, but may
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
-    predicate summarySetterStep(ArgNode arg, Content c, Node out) {
-      exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret |
-        summaryLocalStep(summaryArgParam(arg, rk, out), mid, _) and
-        summaryStoreStep(mid, c, ret) and
-        ret.getKind() = rk
+    predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
+      exists(Node mid, ReturnNodeExt ret |
+        summaryLocalStep(summaryArgParam(arg, ret, out, sc), mid, _) and
+        summaryStoreStep(mid, c, ret)
       )
     }
   }
 
   /**
-   * Provides a means of translating externally (e.g., CSV) defined flow
+   * Provides a means of translating externally (e.g., MaD) defined flow
    * summaries into a `SummarizedCallable`s.
    */
   module External {
     /** Holds if `spec` is a relevant external specification. */
     private predicate relevantSpec(string spec) {
-      summaryElement(_, spec, _, _) or
-      summaryElement(_, _, spec, _) or
-      sourceElement(_, spec, _) or
-      sinkElement(_, spec, _)
+      summaryElement(_, spec, _, _, _) or
+      summaryElement(_, _, spec, _, _) or
+      sourceElement(_, spec, _, _) or
+      sinkElement(_, spec, _, _)
     }
 
     private class AccessPathRange extends AccessPath::Range {
       AccessPathRange() { relevantSpec(this) }
     }
 
-    /** Holds if specification component `c` parses as parameter `n`. */
+    /** Holds if specification component `token` parses as parameter `pos`. */
     predicate parseParam(AccessPathToken token, ArgumentPosition pos) {
       token.getName() = "Parameter" and
       pos = parseParamBody(token.getAnArgument())
     }
 
-    /** Holds if specification component `c` parses as argument `n`. */
+    /** Holds if specification component `token` parses as argument `pos`. */
     predicate parseArg(AccessPathToken token, ParameterPosition pos) {
       token.getName() = "Argument" and
       pos = parseArgBody(token.getAnArgument())
     }
 
+    /** Holds if specification component `token` parses as synthetic global `sg`. */
+    predicate parseSynthGlobal(AccessPathToken token, string sg) {
+      token.getName() = "SyntheticGlobal" and
+      sg = token.getAnArgument()
+    }
+
+    private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal {
+      SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) }
+    }
+
     private SummaryComponent interpretComponent(AccessPathToken token) {
       exists(ParameterPosition pos |
         parseArg(token, pos) and result = SummaryComponent::argument(pos)
@@ -839,6 +948,10 @@ module Private {
       or
       token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind())
       or
+      exists(string sg |
+        parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg)
+      )
+      or
       result = interpretComponentSpecific(token)
     }
 
@@ -875,13 +988,26 @@ module Private {
     }
 
     private class SummarizedCallableExternal extends SummarizedCallable {
-      SummarizedCallableExternal() { summaryElement(this, _, _, _) }
+      SummarizedCallableExternal() { summaryElement(this, _, _, _, _) }
+
+      private predicate relevantSummaryElementGenerated(
+        AccessPath inSpec, AccessPath outSpec, string kind
+      ) {
+        summaryElement(this, inSpec, outSpec, kind, true) and
+        not summaryElement(this, _, _, _, false)
+      }
+
+      private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) {
+        summaryElement(this, inSpec, outSpec, kind, false)
+        or
+        this.relevantSummaryElementGenerated(inSpec, outSpec, kind)
+      }
 
       override predicate propagatesFlow(
         SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
       ) {
         exists(AccessPath inSpec, AccessPath outSpec, string kind |
-          summaryElement(this, inSpec, outSpec, kind) and
+          this.relevantSummaryElement(inSpec, outSpec, kind) and
           interpretSpec(inSpec, input) and
           interpretSpec(outSpec, output)
         |
@@ -890,6 +1016,12 @@ module Private {
           kind = "taint" and preservesValue = false
         )
       }
+
+      override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -910,7 +1042,7 @@ module Private {
 
     private predicate sourceElementRef(InterpretNode ref, AccessPath output, string kind) {
       exists(SourceOrSinkElement e |
-        sourceElement(e, output, kind) and
+        sourceElement(e, output, kind, _) and
         if outputNeedsReference(output.getToken(0))
         then e = ref.getCallTarget()
         else e = ref.asElement()
@@ -919,7 +1051,7 @@ module Private {
 
     private predicate sinkElementRef(InterpretNode ref, AccessPath input, string kind) {
       exists(SourceOrSinkElement e |
-        sinkElement(e, input, kind) and
+        sinkElement(e, input, kind, _) and
         if inputNeedsReference(input.getToken(0))
         then e = ref.getCallTarget()
         else e = ref.asElement()
@@ -1000,7 +1132,7 @@ module Private {
     }
 
     /**
-     * Holds if `node` is specified as a source with the given kind in a CSV flow
+     * Holds if `node` is specified as a source with the given kind in a MaD flow
      * model.
      */
     predicate isSourceNode(InterpretNode node, string kind) {
@@ -1011,7 +1143,7 @@ module Private {
     }
 
     /**
-     * Holds if `node` is specified as a sink with the given kind in a CSV flow
+     * Holds if `node` is specified as a sink with the given kind in a MaD flow
      * model.
      */
     predicate isSinkNode(InterpretNode node, string kind) {
@@ -1024,8 +1156,8 @@ module Private {
 
   /** Provides a query predicate for outputting a set of relevant flow summaries. */
   module TestOutput {
-    /** A flow summary to include in the `summary/3` query predicate. */
-    abstract class RelevantSummarizedCallable extends SummarizedCallable {
+    /** A flow summary to include in the `summary/1` query predicate. */
+    abstract class RelevantSummarizedCallable instanceof SummarizedCallable {
       /** Gets the string representation of this callable used by `summary/1`. */
       abstract string getCallableCsv();
 
@@ -1033,8 +1165,18 @@ module Private {
       predicate relevantSummary(
         SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
       ) {
-        this.propagatesFlow(input, output, preservesValue)
+        super.propagatesFlow(input, output, preservesValue)
       }
+
+      string toString() { result = super.toString() }
+    }
+
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
+      abstract string getCallableCsv();
+
+      string toString() { result = super.toString() }
     }
 
     /** Render the kind in the format used in flow summaries. */
@@ -1044,9 +1186,17 @@ module Private {
       preservesValue = false and result = "taint"
     }
 
+    private string renderProvenance(SummarizedCallable c) {
+      if c.isAutoGenerated() then result = "generated" else result = "manual"
+    }
+
+    private string renderProvenanceNeutral(NeutralCallable c) {
+      if c.isAutoGenerated() then result = "generated" else result = "manual"
+    }
+
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1056,8 +1206,23 @@ module Private {
       |
         c.relevantSummary(input, output, preservesValue) and
         csv =
-          c.getCallableCsv() + ";;" + getComponentStackCsv(input) + ";" +
-            getComponentStackCsv(output) + ";" + renderKind(preservesValue)
+          c.getCallableCsv() // Callable information
+            + getComponentStackCsv(input) + ";" // input
+            + getComponentStackCsv(output) + ";" // output
+            + renderKind(preservesValue) + ";" // kind
+            + renderProvenance(c) // provenance
+      )
+    }
+
+    /**
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
+     * The syntax is: "namespace;type;name;signature;provenance"",
+     */
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
+        csv =
+          c.getCallableCsv() // Callable information
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
@@ -1071,19 +1236,21 @@ module Private {
    */
   module RenderSummarizedCallable {
     /** A summarized callable to include in the graph. */
-    abstract class RelevantSummarizedCallable extends SummarizedCallable { }
+    abstract class RelevantSummarizedCallable instanceof SummarizedCallable {
+      string toString() { result = super.toString() }
+    }
 
     private newtype TNodeOrCall =
       MkNode(Node n) {
         exists(RelevantSummarizedCallable c |
           n = summaryNode(c, _)
           or
-          n.(ParamNode).isParameterOf(c, _)
+          n.(ParamNode).isParameterOf(inject(c), _)
         )
       } or
       MkCall(DataFlowCall call) {
         call = summaryDataFlowCall(_) and
-        call.getEnclosingCallable() instanceof RelevantSummarizedCallable
+        call.getEnclosingCallable() = inject(any(RelevantSummarizedCallable c))
       }
 
     private class NodeOrCall extends TNodeOrCall {
@@ -1123,7 +1290,7 @@ module Private {
         if preservesValue = true then value = "value" else value = "taint"
       )
       or
-      exists(Content c |
+      exists(ContentSet c |
         Private::Steps::summaryReadStep(a.asNode(), c, b.asNode()) and
         value = "read (" + c + ")"
         or
@@ -1133,6 +1300,10 @@ module Private {
         Private::Steps::summaryClearsContent(a.asNode(), c) and
         b = a and
         value = "clear (" + c + ")"
+        or
+        Private::Steps::summaryExpectsContent(a.asNode(), c) and
+        b = a and
+        value = "expect (" + c + ")"
       )
       or
       summaryPostUpdateNode(b.asNode(), a.asNode()) and
diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll
index 4d8e19461df..fd82938968a 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -3,6 +3,7 @@
  */
 
 private import go
+private import DataFlowDispatch
 private import DataFlowPrivate
 private import DataFlowUtil
 private import FlowSummaryImpl::Private
@@ -14,39 +15,12 @@ private module FlowSummaries {
   private import semmle.go.dataflow.FlowSummary as F
 }
 
-/** Holds if `i` is a valid parameter position. */
-predicate parameterPosition(int i) {
-  i = [-1 .. any(DataFlowCallable c).getType().getNumParameter()]
-}
+class SummarizedCallableBase = Callable;
+
+DataFlowCallable inject(SummarizedCallable c) { result.asCallable() = c }
 
 /** Gets the parameter position of the instance parameter. */
-int instanceParameterPosition() { result = -1 }
-
-/** A parameter position represented by an integer. */
-class ParameterPosition extends int {
-  ParameterPosition() { parameterPosition(this) }
-}
-
-/** An argument position represented by an integer. */
-class ArgumentPosition extends int {
-  ArgumentPosition() { parameterPosition(this) }
-}
-
-/** Holds if arguments at position `apos` match parameters at position `ppos`. */
-pragma[inline]
-predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
-
-/**
- * Holds if `arg` is an argument of `call` with an argument position that matches
- * parameter position `ppos`.
- */
-pragma[noinline]
-predicate argumentPositionMatch(DataFlowCall call, ArgNode arg, ParameterPosition ppos) {
-  exists(ArgumentPosition apos |
-    arg.argumentOf(call, apos) and
-    parameterMatch(ppos, apos)
-  )
-}
+ArgumentPosition instanceParameterPosition() { result = -1 }
 
 /** Gets the textual representation of a parameter position in the format used for flow summaries. */
 string getParameterPositionCsv(ParameterPosition pos) { result = pos.toString() }
@@ -66,35 +40,47 @@ DataFlowCall summaryDataFlowCall(Node receiver) {
 DataFlowType getContentType(Content c) { result = c.getType() }
 
 /** Gets the return type of kind `rk` for callable `c`. */
-DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) {
-  result = c.getType().getResultType(rk.getIndex())
-}
+DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() }
 
 /**
  * Gets the type of the `i`th parameter in a synthesized call that targets a
  * callback of type `t`.
  */
-DataFlowType getCallbackParameterType(DataFlowType t, int i) { none() }
+bindingset[t, pos]
+DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { any() }
 
 /**
  * Gets the return type of kind `rk` in a synthesized call that targets a
  * callback of type `t`.
  */
-DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { none() }
+DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() }
+
+/** Gets the type of synthetic global `sg`. */
+DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() }
 
 /**
  * Holds if an external flow summary exists for `c` with input specification
- * `input`, output specification `output`, and kind `kind`.
+ * `input`, output specification `output`, kind `kind`, and a flag `generated`
+ * stating whether the summary is autogenerated.
  */
-predicate summaryElement(DataFlowCallable c, string input, string output, string kind) {
+predicate summaryElement(
+  SummarizedCallableBase c, string input, string output, string kind, boolean generated
+) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind) and
+    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, generated) and
     c.asFunction() = interpretElement(namespace, type, subtypes, name, signature, ext).asEntity()
   )
 }
 
+/**
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the model is autogenerated.
+ * Note. Neutral models have not been implemented for Go.
+ */
+predicate neutralElement(SummarizedCallable c, boolean generated) { none() }
+
 /** Gets the summary component for specification component `c`, if any. */
 bindingset[c]
 SummaryComponent interpretComponentSpecific(string c) {
@@ -166,26 +152,28 @@ class SourceOrSinkElement extends TSourceOrSinkElement {
 
 /**
  * Holds if an external source specification exists for `e` with output specification
- * `output` and kind `kind`.
+ * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
+ * autogenerated.
  */
-predicate sourceElement(SourceOrSinkElement e, string output, string kind) {
+predicate sourceElement(SourceOrSinkElement e, string output, string kind, boolean generated) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    sourceModel(namespace, type, subtypes, name, signature, ext, output, kind) and
+    sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, generated) and
     e = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }
 
 /**
  * Holds if an external sink specification exists for `e` with input specification
- * `input` and kind `kind`.
+ * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
+ * autogenerated.
  */
-predicate sinkElement(SourceOrSinkElement e, string input, string kind) {
+predicate sinkElement(SourceOrSinkElement e, string input, string kind, boolean generated) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    sinkModel(namespace, type, subtypes, name, signature, ext, input, kind) and
+    sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, generated) and
     e = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }
@@ -271,7 +259,10 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) {
   )
 }
 
-/** Holds if specification component `c` parses as return value `n`. */
+/**
+ * Holds if specification component `c` parses as return value `n` or a range
+ * containing `n`.
+ */
 predicate parseReturn(AccessPathToken c, int n) {
   (
     c = "ReturnValue" and n = 0
@@ -292,8 +283,10 @@ private int parseConstantOrRange(string arg) {
   )
 }
 
+/** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */
 bindingset[arg]
 ArgumentPosition parseParamBody(string arg) { result = parseConstantOrRange(arg) }
 
+/** Gets the parameter position obtained by parsing `X` in `Argument[X]`. */
 bindingset[arg]
 ParameterPosition parseArgBody(string arg) { result = parseConstantOrRange(arg) }
diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
index 2a93253c480..77dadd8e3a8 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -9,12 +9,14 @@ private import FlowSummaryImpl as FlowSummaryImpl
  * Holds if taint can flow from `src` to `sink` in zero or more
  * local (intra-procedural) steps.
  */
+pragma[inline]
 predicate localTaint(DataFlow::Node src, DataFlow::Node sink) { localTaintStep*(src, sink) }
 
 /**
  * Holds if taint can flow from `src` to `sink` in zero or more
  * local (intra-procedural) steps.
  */
+pragma[inline]
 predicate localExprTaint(Expr src, Expr sink) {
   localTaint(DataFlow::exprNode(src), DataFlow::exprNode(sink))
 }
@@ -27,7 +29,7 @@ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) {
   localAdditionalTaintStep(src, sink) or
   // Simple flow through library code is included in the exposed local
   // step relation, even though flow is technically inter-procedural
-  FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
+  FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(src, sink, _)
 }
 
 private Type getElementType(Type containerType) {
diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
index 4e613ba727e..bf937b6de31 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -61,15 +61,32 @@ abstract class Configuration extends DataFlow::Configuration {
    * The smaller this predicate is, the faster `hasFlow()` will converge.
    */
   // overridden to provide taint-tracking specific qldoc
-  abstract override predicate isSource(DataFlow::Node source);
+  override predicate isSource(DataFlow::Node source) { none() }
 
   /**
-   * Holds if `sink` is a relevant taint sink.
+   * Holds if `source` is a relevant taint source with the given initial
+   * `state`.
    *
    * The smaller this predicate is, the faster `hasFlow()` will converge.
    */
   // overridden to provide taint-tracking specific qldoc
-  abstract override predicate isSink(DataFlow::Node sink);
+  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { none() }
+
+  /**
+   * Holds if `sink` is a relevant taint sink
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate isSink(DataFlow::Node sink) { none() }
+
+  /**
+   * Holds if `sink` is a relevant taint sink accepting `state`.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { none() }
 
   /** Holds if the node `node` is a taint sanitizer. */
   predicate isSanitizer(DataFlow::Node node) { none() }
@@ -79,6 +96,16 @@ abstract class Configuration extends DataFlow::Configuration {
     defaultTaintSanitizer(node)
   }
 
+  /**
+   * Holds if the node `node` is a taint sanitizer when the flow state is
+   * `state`.
+   */
+  predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    this.isSanitizer(node, state)
+  }
+
   /** Holds if taint propagation into `node` is prohibited. */
   predicate isSanitizerIn(DataFlow::Node node) { none() }
 
@@ -101,8 +128,23 @@ abstract class Configuration extends DataFlow::Configuration {
   }
 
   /**
-   * Holds if the additional taint propagation step from `node1` to `node2`
-   * must be taken into account in the analysis.
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited
+   * when the flow state is `state`.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }
+
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
+    this.isSanitizerGuard(guard, state)
+  }
+
+  /**
+   * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps.
    */
   predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }
 
@@ -111,8 +153,31 @@ abstract class Configuration extends DataFlow::Configuration {
     defaultAdditionalTaintStep(node1, node2)
   }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+  /**
+   * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps.
+   * This step is only applicable in `state1` and updates the flow state to `state2`.
+   */
+  predicate isAdditionalTaintStep(
+    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
+    DataFlow::FlowState state2
+  ) {
+    none()
+  }
+
+  final override predicate isAdditionalFlowStep(
+    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
+    DataFlow::FlowState state2
+  ) {
+    this.isAdditionalTaintStep(node1, state1, node2, state2)
+  }
+
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+    (
+      this.isSink(node) or
+      this.isSink(node, _) or
+      this.isAdditionalTaintStep(node, _) or
+      this.isAdditionalTaintStep(node, _, _, _)
+    ) and
     defaultImplicitTaintRead(node, c)
   }
 
diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
index 4e613ba727e..bf937b6de31 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -61,15 +61,32 @@ abstract class Configuration extends DataFlow::Configuration {
    * The smaller this predicate is, the faster `hasFlow()` will converge.
    */
   // overridden to provide taint-tracking specific qldoc
-  abstract override predicate isSource(DataFlow::Node source);
+  override predicate isSource(DataFlow::Node source) { none() }
 
   /**
-   * Holds if `sink` is a relevant taint sink.
+   * Holds if `source` is a relevant taint source with the given initial
+   * `state`.
    *
    * The smaller this predicate is, the faster `hasFlow()` will converge.
    */
   // overridden to provide taint-tracking specific qldoc
-  abstract override predicate isSink(DataFlow::Node sink);
+  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { none() }
+
+  /**
+   * Holds if `sink` is a relevant taint sink
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate isSink(DataFlow::Node sink) { none() }
+
+  /**
+   * Holds if `sink` is a relevant taint sink accepting `state`.
+   *
+   * The smaller this predicate is, the faster `hasFlow()` will converge.
+   */
+  // overridden to provide taint-tracking specific qldoc
+  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { none() }
 
   /** Holds if the node `node` is a taint sanitizer. */
   predicate isSanitizer(DataFlow::Node node) { none() }
@@ -79,6 +96,16 @@ abstract class Configuration extends DataFlow::Configuration {
     defaultTaintSanitizer(node)
   }
 
+  /**
+   * Holds if the node `node` is a taint sanitizer when the flow state is
+   * `state`.
+   */
+  predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { none() }
+
+  final override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    this.isSanitizer(node, state)
+  }
+
   /** Holds if taint propagation into `node` is prohibited. */
   predicate isSanitizerIn(DataFlow::Node node) { none() }
 
@@ -101,8 +128,23 @@ abstract class Configuration extends DataFlow::Configuration {
   }
 
   /**
-   * Holds if the additional taint propagation step from `node1` to `node2`
-   * must be taken into account in the analysis.
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited
+   * when the flow state is `state`.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }
+
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
+    this.isSanitizerGuard(guard, state)
+  }
+
+  /**
+   * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps.
    */
   predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }
 
@@ -111,8 +153,31 @@ abstract class Configuration extends DataFlow::Configuration {
     defaultAdditionalTaintStep(node1, node2)
   }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+  /**
+   * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps.
+   * This step is only applicable in `state1` and updates the flow state to `state2`.
+   */
+  predicate isAdditionalTaintStep(
+    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
+    DataFlow::FlowState state2
+  ) {
+    none()
+  }
+
+  final override predicate isAdditionalFlowStep(
+    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
+    DataFlow::FlowState state2
+  ) {
+    this.isAdditionalTaintStep(node1, state1, node2, state2)
+  }
+
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+    (
+      this.isSink(node) or
+      this.isSink(node, _) or
+      this.isAdditionalTaintStep(node, _) or
+      this.isAdditionalTaintStep(node, _, _, _)
+    ) and
     defaultImplicitTaintRead(node, c)
   }
 
diff --git a/go/ql/lib/semmle/go/frameworks/SQL.qll b/go/ql/lib/semmle/go/frameworks/SQL.qll
index 322d17a420a..b8b85d634c8 100644
--- a/go/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/go/ql/lib/semmle/go/frameworks/SQL.qll
@@ -103,6 +103,14 @@ module SQL {
     /** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
     private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }
 
+    /** A string that might identify package `github.com/rqlite/gorqlite` or `github.com/raindog308/gorqlite` or a specific version of it. */
+    private string gorqlite() {
+      result = package(["github.com/rqlite/gorqlite", "github.com/raindog308/gorqlite"], "")
+    }
+
+    /** A string that might identify package `github.com/gogf/gf/database/gdb` or a specific version of it. */
+    private string gogf() { result = package("github.com/gogf/gf", "database/gdb") }
+
     /**
      * A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
      * taking syntactic structure into account.
@@ -152,6 +160,65 @@ module SQL {
       }
     }
 
+    /**
+     * A string argument to an API of `github.com/rqlite/gorqlite`, or a specific version of it, that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class GorqliteQueryString extends Range {
+      GorqliteQueryString() {
+        // func (conn *Connection) Query(sqlStatements []string) (results []QueryResult, err error)
+        // func (conn *Connection) QueryOne(sqlStatement string) (qr QueryResult, err error)
+        // func (conn *Connection) Queue(sqlStatements []string) (seq int64, err error)
+        // func (conn *Connection) QueueOne(sqlStatement string) (seq int64, err error)
+        // func (conn *Connection) Write(sqlStatements []string) (results []WriteResult, err error)
+        // func (conn *Connection) WriteOne(sqlStatement string) (wr WriteResult, err error)
+        exists(Method m, string name | m.hasQualifiedName(gorqlite(), "Connection", name) |
+          name = ["Query", "QueryOne", "Queue", "QueueOne", "Write", "WriteOne"] and
+          this = m.getACall().getArgument(0)
+        )
+      }
+    }
+
+    /**
+     * A string argument to an API of `github.com/gogf/gf/database/gdb`, or a specific version of it, that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class GogfQueryString extends Range {
+      GogfQueryString() {
+        exists(Method m, string name | m.implements(gogf(), ["DB", "Core", "TX"], name) |
+          // func (c *Core) Exec(sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) GetAll(sql string, args ...interface{}) (Result, error)
+          // func (c *Core) GetArray(sql string, args ...interface{}) ([]Value, error)
+          // func (c *Core) GetCount(sql string, args ...interface{}) (int, error)
+          // func (c *Core) GetOne(sql string, args ...interface{}) (Record, error)
+          // func (c *Core) GetValue(sql string, args ...interface{}) (Value, error)
+          // func (c *Core) Prepare(sql string, execOnMaster ...bool) (*Stmt, error)
+          // func (c *Core) Query(sql string, args ...interface{}) (rows *sql.Rows, err error)
+          // func (c *Core) Raw(rawSql string, args ...interface{}) *Model
+          name =
+            [
+              "Query", "Exec", "Prepare", "GetAll", "GetOne", "GetValue", "GetArray", "GetCount",
+              "Raw"
+            ] and
+          this = m.getACall().getArgument(0)
+          or
+          // func (c *Core) GetScan(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStruct(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStructs(pointer interface{}, sql string, args ...interface{}) error
+          name = ["GetScan", "GetStruct", "GetStructs"] and
+          this = m.getACall().getArgument(1)
+          or
+          // func (c *Core) DoCommit(ctx context.Context, link Link, sql string, args []interface{}) (newSql string, newArgs []interface{}, err error)
+          // func (c *Core) DoExec(ctx context.Context, link Link, sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) DoGetAll(ctx context.Context, link Link, sql string, args ...interface{}) (result Result, err error)
+          // func (c *Core) DoPrepare(ctx context.Context, link Link, sql string) (*Stmt, error)
+          // func (c *Core) DoQuery(ctx context.Context, link Link, sql string, args ...interface{}) (rows *sql.Rows, err error)
+          name = ["DoGetAll", "DoQuery", "DoExec", "DoCommit", "DoPrepare"] and
+          this = m.getACall().getArgument(2)
+        )
+      }
+    }
+
     /** A taint model for various methods on the struct `Formatter` of `go-pg/pg/orm`. */
     private class PgOrmFormatterFunction extends TaintTracking::FunctionModel, Method {
       FunctionInput i;
diff --git a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
index c2d9929fa54..1e4b7637581 100644
--- a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
+++ b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
@@ -20,7 +20,9 @@ private class ShellOrSudoExecution extends SystemCommandExecution::Range, DataFl
 
   override DataFlow::Node getCommandName() { result = this.getAnArgument() }
 
-  override predicate doubleDashIsSanitizing() { shellCommand.getStringValue().matches("%git") }
+  override predicate doubleDashIsSanitizing() {
+    shellCommand.getStringValue().matches("%" + ["git", "rsync"])
+  }
 }
 
 private class SystemCommandExecutors extends SystemCommandExecution::Range, DataFlow::CallNode {
@@ -126,7 +128,7 @@ private string getASudoCommand() {
       "fakeroot", "fakeroot-sysv", "su", "fakeroot-tcp", "fstab-decode", "jrunscript", "nohup",
       "parallel", "find", "pkexec", "sg", "sem", "runcon", "sudoedit", "runuser", "stdbuf",
       "system", "timeout", "xargs", "time", "awk", "gawk", "mawk", "nawk", "doas", "git", "access",
-      "vsys", "userv", "sus", "super"
+      "vsys", "userv", "sus", "super", "rsync"
     ]
 }
 
diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
index 0cd2ff2bc79..294e1048b29 100644
--- a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
+++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
@@ -48,11 +48,11 @@ module AllocationSizeOverflow {
      * Holds if `nd` is at a position where overflow might occur, and its result is used to compute
      * allocation size `allocsz`.
      */
-    predicate isSink(DataFlow::Node nd, DataFlow::Node allocsz) {
+    predicate isSinkWithAllocationSize(DataFlow::Node nd, DataFlow::Node allocsz) {
       nd.(Sink).getAllocationSize() = allocsz
     }
 
-    override predicate isSink(DataFlow::Node nd) { isSink(nd, _) }
+    override predicate isSink(DataFlow::Node nd) { isSinkWithAllocationSize(nd, _) }
 
     override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
       additionalStep(pred, succ)
diff --git a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
index 1550d68dc03..a8f8269a968 100644
--- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
@@ -37,9 +37,7 @@ module CommandInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for command injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** A command name, considered as a taint sink for command injection. */
   class CommandNameAsSink extends Sink {
diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
index fbe73ae1128..060832cfffc 100644
--- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
+++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -109,7 +109,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
    * not also in a right-shift expression. We allow this case because it is
    * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on.
    */
-  predicate isSink(DataFlow::TypeCastNode sink, int bitSize) {
+  predicate isSinkWithBitSize(DataFlow::TypeCastNode sink, int bitSize) {
     sink.asExpr() instanceof ConversionExpr and
     exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
       bitSize = integerType.getSize()
@@ -125,7 +125,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, sinkBitSize) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkWithBitSize(sink, sinkBitSize) }
 
   override predicate isSanitizer(DataFlow::Node node) {
     // To catch flows that only happen on 32-bit architectures we
@@ -140,7 +140,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
 
   override predicate isSanitizerOut(DataFlow::Node node) {
     exists(int bitSize | isIncorrectIntegerConversion(sourceBitSize, bitSize) |
-      this.isSink(node, bitSize)
+      this.isSinkWithBitSize(node, bitSize)
     )
   }
 }
diff --git a/go/ql/lib/semmle/go/security/InsecureRandomness.qll b/go/ql/lib/semmle/go/security/InsecureRandomness.qll
index 6de3071b598..38916389c9b 100644
--- a/go/ql/lib/semmle/go/security/InsecureRandomness.qll
+++ b/go/ql/lib/semmle/go/security/InsecureRandomness.qll
@@ -25,10 +25,10 @@ module InsecureRandomness {
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+    override predicate isSink(DataFlow::Node sink) { this.isSinkWithKind(sink, _) }
 
     /** Holds if `sink` is a sink for this configuration with kind `kind`. */
-    predicate isSink(Sink sink, string kind) { kind = sink.getKind() }
+    predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
 
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
   }
diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
index 35b4625fe18..73d5f4f9a82 100644
--- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
@@ -33,9 +33,7 @@ module LogInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for log injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An argument to a logging mechanism. */
   class LoggerSink extends Sink {
diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
index 80b9bb4a126..c6fdefd4a2b 100644
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -117,9 +117,7 @@ module OpenUrlRedirect {
 }
 
 /** A sink for an open redirect, considered as a sink for safe URL flow. */
-private class SafeUrlSink extends SafeUrlFlow::Sink {
-  SafeUrlSink() { this instanceof OpenUrlRedirect::Sink }
-}
+private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { }
 
 /**
  * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe
@@ -128,7 +126,7 @@ private class SafeUrlSink extends SafeUrlFlow::Sink {
 private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge {
   UnsafeFieldReadSanitizer() {
     exists(DataFlow::FieldReadNode frn, string name |
-      name = ["User", "RawQuery", "Fragment", "User"] and
+      name = ["User", "RawQuery", "Fragment"] and
       frn.getField().hasQualifiedName("net/url", "URL")
     |
       this = frn.getBase()
diff --git a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
index 82233a1e79b..bdc2bd0cf1b 100644
--- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
@@ -27,9 +27,7 @@ module ReflectedXss {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A shared XSS sanitizer as a sanitizer for reflected XSS. */
-  private class SharedXssSanitizer extends Sanitizer {
-    SharedXssSanitizer() { this instanceof SharedXss::Sanitizer }
-  }
+  private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { }
 
   /** A shared XSS sanitizer guard as a sanitizer guard for reflected XSS. */
   deprecated private class SharedXssSanitizerGuard extends SanitizerGuard {
@@ -46,7 +44,5 @@ module ReflectedXss {
   class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
 
   /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
-  private class AnySink extends Sink {
-    AnySink() { this instanceof SharedXss::Sink }
-  }
+  private class AnySink extends Sink instanceof SharedXss::Sink { }
 }
diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
index b11157daa06..26aff199a5c 100644
--- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
@@ -102,9 +102,7 @@ module RequestForgery {
 }
 
 /** A sink for request forgery, considered as a sink for safe URL flow. */
-private class SafeUrlSink extends SafeUrlFlow::Sink {
-  SafeUrlSink() { this instanceof RequestForgery::Sink }
-}
+private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { }
 
 /**
  * A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe
diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
index 11e794a9f1e..9687eea91a9 100644
--- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -33,17 +33,11 @@ module SqlInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for SQL injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An SQL string, considered as a taint sink for SQL injection. */
-  class SqlQueryAsSink extends Sink {
-    SqlQueryAsSink() { this instanceof SQL::QueryString }
-  }
+  class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }
 
   /** A NoSql query, considered as a taint sink for SQL injection. */
-  class NoSqlQueryAsSink extends Sink {
-    NoSqlQueryAsSink() { this instanceof NoSql::Query }
-  }
+  class NoSqlQueryAsSink extends Sink instanceof NoSql::Query { }
 }
diff --git a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll
index e48f17181ca..7d468df2607 100644
--- a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll
@@ -24,9 +24,7 @@ module StoredXss {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A shared XSS sanitizer as a sanitizer for stored XSS. */
-  private class SharedXssSanitizer extends Sanitizer {
-    SharedXssSanitizer() { this instanceof SharedXss::Sanitizer }
-  }
+  private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { }
 
   /** A shared XSS sanitizer guard as a sanitizer guard for stored XSS. */
   deprecated private class SharedXssSanitizerGuard extends SanitizerGuard {
@@ -59,7 +57,5 @@ module StoredXss {
   }
 
   /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
-  private class AnySink extends Sink {
-    AnySink() { this instanceof SharedXss::Sink }
-  }
+  private class AnySink extends Sink instanceof SharedXss::Sink { }
 }
diff --git a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
index 61499340de3..0b4c41276d7 100644
--- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
@@ -61,9 +61,7 @@ module TaintedPath {
   }
 
   /** A source of untrusted data, considered as a taint source for path traversal. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** A path expression, considered as a taint sink for path traversal. */
   class PathAsSink extends Sink {
diff --git a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
index d16c6cc1312..3e9484506e0 100644
--- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
@@ -32,12 +32,8 @@ module XPathInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, used in an XPath expression. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An XPath expression string, considered as a taint sink for XPath injection. */
-  class XPathExpressionStringAsSink extends Sink {
-    XPathExpressionStringAsSink() { this instanceof XPath::XPathExpressionString }
-  }
+  class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }
 }
diff --git a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll
index da2c25aae28..4bc407f871d 100644
--- a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll
@@ -73,9 +73,8 @@ module ZipSlip {
   }
 
   /** A path-traversal sink, considered as a taint sink for zip slip. */
-  class TaintedPathSinkAsSink extends Sink {
+  class TaintedPathSinkAsSink extends Sink instanceof TaintedPath::Sink {
     TaintedPathSinkAsSink() {
-      this instanceof TaintedPath::Sink and
       // Exclude `os.Symlink`, which is treated specifically in query `go/unsafe-unzip-symlink`.
       not exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName("os", "Symlink") |
         this = c.getAnArgument()
@@ -84,9 +83,7 @@ module ZipSlip {
   }
 
   /** A path-traversal sanitizer, considered as a sanitizer for zip slip. */
-  class TaintedPathSanitizerAsSanitizer extends Sanitizer {
-    TaintedPathSanitizerAsSanitizer() { this instanceof TaintedPath::Sanitizer }
-  }
+  class TaintedPathSanitizerAsSanitizer extends Sanitizer instanceof TaintedPath::Sanitizer { }
 
   pragma[noinline]
   private predicate taintedPathGuardChecks(
diff --git a/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/exprs.ql b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/exprs.ql
new file mode 100644
index 00000000000..6d0065def6e
--- /dev/null
+++ b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/exprs.ql
@@ -0,0 +1,28 @@
+class Expr_ extends @expr {
+  string toString() { result = "Expr" }
+}
+
+class ExprParent_ extends @exprparent {
+  string toString() { result = "ExprParent" }
+}
+
+/**
+ * The last index, 55 (errorexpr), has been deleted. Index 0 (badexpr) should
+ * be used instead.
+ */
+bindingset[old_index]
+int new_index(int old_index) {
+  if old_index = 55
+  then result = 0 // badexpr
+  else result = old_index
+}
+
+// The schema for exprs is:
+//
+// exprs(unique int id: @expr,
+//     int kind: int ref,
+//     int parent: @exprparent ref,
+//     int idx: int ref);
+from Expr_ expr, int new_kind, ExprParent_ parent, int idx, int old_kind
+where exprs(expr, old_kind, parent, idx) and new_kind = new_index(old_kind)
+select expr, new_kind, parent, idx
diff --git a/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/go.dbscheme b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/go.dbscheme
new file mode 100644
index 00000000000..a58b81b1b4c
--- /dev/null
+++ b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/go.dbscheme
@@ -0,0 +1,546 @@
+/** Auto-generated dbscheme; do not edit. */
+
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+compilations(unique int id: @compilation, string cwd: string ref);
+
+#keyset[id, num]
+compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
+
+#keyset[id, num, kind]
+compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
+
+diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
+
+compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
+
+#keyset[id, num]
+compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
+
+diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
+            string full_error_message: string ref, int location: @location ref);
+
+locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
+                  int endLine: int ref, int endColumn: int ref);
+
+numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
+
+files(unique int id: @file, string name: string ref);
+
+folders(unique int id: @folder, string name: string ref);
+
+containerparent(int parent: @container ref, unique int child: @container ref);
+
+has_location(unique int locatable: @locatable ref, int location: @location ref);
+
+#keyset[parent, idx]
+comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
+
+comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
+
+doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
+
+#keyset[parent, idx]
+exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
+
+literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
+
+constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
+
+fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
+
+typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
+
+scopes(unique int id: @scope, int kind: int ref);
+
+scopenesting(unique int inner: @scope ref, int outer: @scope ref);
+
+scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
+
+objects(unique int id: @object, int kind: int ref, string name: string ref);
+
+objectscopes(unique int object: @object ref, int scope: @scope ref);
+
+objecttypes(unique int object: @object ref, int tp: @type ref);
+
+methodreceivers(unique int method: @object ref, int receiver: @object ref);
+
+fieldstructs(unique int field: @object ref, int struct: @structtype ref);
+
+methodhosts(int method: @object ref, int host: @namedtype ref);
+
+defs(int ident: @ident ref, int object: @object ref);
+
+uses(int ident: @ident ref, int object: @object ref);
+
+types(unique int id: @type, int kind: int ref);
+
+type_of(unique int expr: @expr ref, int tp: @type ref);
+
+typename(unique int tp: @type ref, string name: string ref);
+
+key_type(unique int map: @maptype ref, int tp: @type ref);
+
+element_type(unique int container: @containertype ref, int tp: @type ref);
+
+base_type(unique int ptr: @pointertype ref, int tp: @type ref);
+
+underlying_type(unique int named: @namedtype ref, int tp: @type ref);
+
+#keyset[parent, index]
+component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
+
+array_length(unique int tp: @arraytype ref, string len: string ref);
+
+type_objects(unique int tp: @type ref, int object: @object ref);
+
+packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
+
+#keyset[parent, idx]
+modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
+
+#keyset[package, idx]
+errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
+       string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
+
+has_ellipsis(int id: @callorconversionexpr ref);
+
+variadic(int id: @signaturetype ref);
+
+#keyset[parent, idx]
+typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
+          int parent: @typeparamparentobject ref, int idx: int ref);
+
+@container = @file | @folder;
+
+@locatable = @xmllocatable | @node | @localscope;
+
+@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
+      | @scopenode | @comment_group | @comment;
+
+@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
+
+@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
+
+@modexprparent = @file | @modexpr;
+
+@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
+
+@stmtparent = @funcdef | @stmt | @decl;
+
+@declparent = @file | @declstmt;
+
+@typeparamdeclparent = @funcdecl | @typespec;
+
+@funcdef = @funclit | @funcdecl;
+
+@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
+
+@location = @location_default;
+
+@sourceline = @locatable;
+
+case @comment.kind of
+  0 = @slashslashcomment
+| 1 = @slashstarcomment;
+
+case @expr.kind of
+  0 = @badexpr
+| 1 = @ident
+| 2 = @ellipsis
+| 3 = @intlit
+| 4 = @floatlit
+| 5 = @imaglit
+| 6 = @charlit
+| 7 = @stringlit
+| 8 = @funclit
+| 9 = @compositelit
+| 10 = @parenexpr
+| 11 = @selectorexpr
+| 12 = @indexexpr
+| 13 = @genericfunctioninstantiationexpr
+| 14 = @generictypeinstantiationexpr
+| 15 = @sliceexpr
+| 16 = @typeassertexpr
+| 17 = @callorconversionexpr
+| 18 = @starexpr
+| 19 = @keyvalueexpr
+| 20 = @arraytypeexpr
+| 21 = @structtypeexpr
+| 22 = @functypeexpr
+| 23 = @interfacetypeexpr
+| 24 = @maptypeexpr
+| 25 = @typesetliteralexpr
+| 26 = @plusexpr
+| 27 = @minusexpr
+| 28 = @notexpr
+| 29 = @complementexpr
+| 30 = @derefexpr
+| 31 = @addressexpr
+| 32 = @arrowexpr
+| 33 = @lorexpr
+| 34 = @landexpr
+| 35 = @eqlexpr
+| 36 = @neqexpr
+| 37 = @lssexpr
+| 38 = @leqexpr
+| 39 = @gtrexpr
+| 40 = @geqexpr
+| 41 = @addexpr
+| 42 = @subexpr
+| 43 = @orexpr
+| 44 = @xorexpr
+| 45 = @mulexpr
+| 46 = @quoexpr
+| 47 = @remexpr
+| 48 = @shlexpr
+| 49 = @shrexpr
+| 50 = @andexpr
+| 51 = @andnotexpr
+| 52 = @sendchantypeexpr
+| 53 = @recvchantypeexpr
+| 54 = @sendrcvchantypeexpr;
+
+@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
+
+@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
+
+@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
+
+@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
+
+@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
+
+@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
+
+@logicalunaryexpr = @notexpr;
+
+@bitwiseunaryexpr = @complementexpr;
+
+@arithmeticunaryexpr = @plusexpr | @minusexpr;
+
+@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
+
+@logicalbinaryexpr = @lorexpr | @landexpr;
+
+@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
+
+@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
+
+@shiftexpr = @shlexpr | @shrexpr;
+
+@comparison = @equalitytest | @relationalcomparison;
+
+@equalitytest = @eqlexpr | @neqexpr;
+
+@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
+
+@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
+
+case @stmt.kind of
+  0 = @badstmt
+| 1 = @declstmt
+| 2 = @emptystmt
+| 3 = @labeledstmt
+| 4 = @exprstmt
+| 5 = @sendstmt
+| 6 = @incstmt
+| 7 = @decstmt
+| 8 = @gostmt
+| 9 = @deferstmt
+| 10 = @returnstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @gotostmt
+| 14 = @fallthroughstmt
+| 15 = @blockstmt
+| 16 = @ifstmt
+| 17 = @caseclause
+| 18 = @exprswitchstmt
+| 19 = @typeswitchstmt
+| 20 = @commclause
+| 21 = @selectstmt
+| 22 = @forstmt
+| 23 = @rangestmt
+| 24 = @assignstmt
+| 25 = @definestmt
+| 26 = @addassignstmt
+| 27 = @subassignstmt
+| 28 = @mulassignstmt
+| 29 = @quoassignstmt
+| 30 = @remassignstmt
+| 31 = @andassignstmt
+| 32 = @orassignstmt
+| 33 = @xorassignstmt
+| 34 = @shlassignstmt
+| 35 = @shrassignstmt
+| 36 = @andnotassignstmt;
+
+@incdecstmt = @incstmt | @decstmt;
+
+@assignment = @simpleassignstmt | @compoundassignstmt;
+
+@simpleassignstmt = @assignstmt | @definestmt;
+
+@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
+                    | @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
+
+@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
+
+@switchstmt = @exprswitchstmt | @typeswitchstmt;
+
+@loopstmt = @forstmt | @rangestmt;
+
+case @decl.kind of
+  0 = @baddecl
+| 1 = @importdecl
+| 2 = @constdecl
+| 3 = @typedecl
+| 4 = @vardecl
+| 5 = @funcdecl;
+
+@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
+
+case @spec.kind of
+  0 = @importspec
+| 1 = @valuespec
+| 2 = @typedefspec
+| 3 = @aliasspec;
+
+@typespec = @typedefspec | @aliasspec;
+
+case @object.kind of
+  0 = @pkgobject
+| 1 = @decltypeobject
+| 2 = @builtintypeobject
+| 3 = @declconstobject
+| 4 = @builtinconstobject
+| 5 = @declvarobject
+| 6 = @declfunctionobject
+| 7 = @builtinfunctionobject
+| 8 = @labelobject;
+
+@typeparamparentobject = @decltypeobject | @declfunctionobject;
+
+@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
+
+@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
+
+@typeobject = @decltypeobject | @builtintypeobject;
+
+@valueobject = @constobject | @varobject | @functionobject;
+
+@constobject = @declconstobject | @builtinconstobject;
+
+@varobject = @declvarobject;
+
+@functionobject = @declfunctionobject | @builtinfunctionobject;
+
+case @scope.kind of
+  0 = @universescope
+| 1 = @packagescope
+| 2 = @localscope;
+
+case @type.kind of
+  0 = @invalidtype
+| 1 = @boolexprtype
+| 2 = @inttype
+| 3 = @int8type
+| 4 = @int16type
+| 5 = @int32type
+| 6 = @int64type
+| 7 = @uinttype
+| 8 = @uint8type
+| 9 = @uint16type
+| 10 = @uint32type
+| 11 = @uint64type
+| 12 = @uintptrtype
+| 13 = @float32type
+| 14 = @float64type
+| 15 = @complex64type
+| 16 = @complex128type
+| 17 = @stringexprtype
+| 18 = @unsafepointertype
+| 19 = @boolliteraltype
+| 20 = @intliteraltype
+| 21 = @runeliteraltype
+| 22 = @floatliteraltype
+| 23 = @complexliteraltype
+| 24 = @stringliteraltype
+| 25 = @nilliteraltype
+| 26 = @typeparamtype
+| 27 = @arraytype
+| 28 = @slicetype
+| 29 = @structtype
+| 30 = @pointertype
+| 31 = @interfacetype
+| 32 = @tupletype
+| 33 = @signaturetype
+| 34 = @maptype
+| 35 = @sendchantype
+| 36 = @recvchantype
+| 37 = @sendrcvchantype
+| 38 = @namedtype
+| 39 = @typesetliteraltype;
+
+@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
+
+@booltype = @boolexprtype | @boolliteraltype;
+
+@numerictype = @integertype | @floattype | @complextype;
+
+@integertype = @signedintegertype | @unsignedintegertype;
+
+@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
+
+@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
+
+@floattype = @float32type | @float64type | @floatliteraltype;
+
+@complextype = @complex64type | @complex128type | @complexliteraltype;
+
+@stringtype = @stringexprtype | @stringliteraltype;
+
+@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
+             | @stringliteraltype | @nilliteraltype;
+
+@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
+               | @signaturetype | @namedtype | @typesetliteraltype;
+
+@containertype = @arraytype | @slicetype | @maptype | @chantype;
+
+@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
+
+case @modexpr.kind of
+  0 = @modcommentblock
+| 1 = @modline
+| 2 = @modlineblock
+| 3 = @modlparen
+| 4 = @modrparen;
+
+case @error.kind of
+  0 = @unknownerror
+| 1 = @listerror
+| 2 = @parseerror
+| 3 = @typeerror;
+
diff --git a/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/old.dbscheme b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/old.dbscheme
new file mode 100644
index 00000000000..90fa7836e0a
--- /dev/null
+++ b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/old.dbscheme
@@ -0,0 +1,547 @@
+/** Auto-generated dbscheme; do not edit. */
+
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+compilations(unique int id: @compilation, string cwd: string ref);
+
+#keyset[id, num]
+compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
+
+#keyset[id, num, kind]
+compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
+
+diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
+
+compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
+
+#keyset[id, num]
+compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
+
+diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
+            string full_error_message: string ref, int location: @location ref);
+
+locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
+                  int endLine: int ref, int endColumn: int ref);
+
+numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
+
+files(unique int id: @file, string name: string ref);
+
+folders(unique int id: @folder, string name: string ref);
+
+containerparent(int parent: @container ref, unique int child: @container ref);
+
+has_location(unique int locatable: @locatable ref, int location: @location ref);
+
+#keyset[parent, idx]
+comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
+
+comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
+
+doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
+
+#keyset[parent, idx]
+exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
+
+literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
+
+constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
+
+fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
+
+typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
+
+scopes(unique int id: @scope, int kind: int ref);
+
+scopenesting(unique int inner: @scope ref, int outer: @scope ref);
+
+scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
+
+objects(unique int id: @object, int kind: int ref, string name: string ref);
+
+objectscopes(unique int object: @object ref, int scope: @scope ref);
+
+objecttypes(unique int object: @object ref, int tp: @type ref);
+
+methodreceivers(unique int method: @object ref, int receiver: @object ref);
+
+fieldstructs(unique int field: @object ref, int struct: @structtype ref);
+
+methodhosts(int method: @object ref, int host: @namedtype ref);
+
+defs(int ident: @ident ref, int object: @object ref);
+
+uses(int ident: @ident ref, int object: @object ref);
+
+types(unique int id: @type, int kind: int ref);
+
+type_of(unique int expr: @expr ref, int tp: @type ref);
+
+typename(unique int tp: @type ref, string name: string ref);
+
+key_type(unique int map: @maptype ref, int tp: @type ref);
+
+element_type(unique int container: @containertype ref, int tp: @type ref);
+
+base_type(unique int ptr: @pointertype ref, int tp: @type ref);
+
+underlying_type(unique int named: @namedtype ref, int tp: @type ref);
+
+#keyset[parent, index]
+component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
+
+array_length(unique int tp: @arraytype ref, string len: string ref);
+
+type_objects(unique int tp: @type ref, int object: @object ref);
+
+packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
+
+#keyset[parent, idx]
+modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
+
+#keyset[parent, idx]
+modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
+
+#keyset[package, idx]
+errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
+       string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
+
+has_ellipsis(int id: @callorconversionexpr ref);
+
+variadic(int id: @signaturetype ref);
+
+#keyset[parent, idx]
+typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
+          int parent: @typeparamparentobject ref, int idx: int ref);
+
+@container = @file | @folder;
+
+@locatable = @xmllocatable | @node | @localscope;
+
+@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
+      | @scopenode | @comment_group | @comment;
+
+@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
+
+@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
+
+@modexprparent = @file | @modexpr;
+
+@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
+
+@stmtparent = @funcdef | @stmt | @decl;
+
+@declparent = @file | @declstmt;
+
+@typeparamdeclparent = @funcdecl | @typespec;
+
+@funcdef = @funclit | @funcdecl;
+
+@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
+
+@location = @location_default;
+
+@sourceline = @locatable;
+
+case @comment.kind of
+  0 = @slashslashcomment
+| 1 = @slashstarcomment;
+
+case @expr.kind of
+  0 = @badexpr
+| 1 = @ident
+| 2 = @ellipsis
+| 3 = @intlit
+| 4 = @floatlit
+| 5 = @imaglit
+| 6 = @charlit
+| 7 = @stringlit
+| 8 = @funclit
+| 9 = @compositelit
+| 10 = @parenexpr
+| 11 = @selectorexpr
+| 12 = @indexexpr
+| 13 = @genericfunctioninstantiationexpr
+| 14 = @generictypeinstantiationexpr
+| 15 = @sliceexpr
+| 16 = @typeassertexpr
+| 17 = @callorconversionexpr
+| 18 = @starexpr
+| 19 = @keyvalueexpr
+| 20 = @arraytypeexpr
+| 21 = @structtypeexpr
+| 22 = @functypeexpr
+| 23 = @interfacetypeexpr
+| 24 = @maptypeexpr
+| 25 = @typesetliteralexpr
+| 26 = @plusexpr
+| 27 = @minusexpr
+| 28 = @notexpr
+| 29 = @complementexpr
+| 30 = @derefexpr
+| 31 = @addressexpr
+| 32 = @arrowexpr
+| 33 = @lorexpr
+| 34 = @landexpr
+| 35 = @eqlexpr
+| 36 = @neqexpr
+| 37 = @lssexpr
+| 38 = @leqexpr
+| 39 = @gtrexpr
+| 40 = @geqexpr
+| 41 = @addexpr
+| 42 = @subexpr
+| 43 = @orexpr
+| 44 = @xorexpr
+| 45 = @mulexpr
+| 46 = @quoexpr
+| 47 = @remexpr
+| 48 = @shlexpr
+| 49 = @shrexpr
+| 50 = @andexpr
+| 51 = @andnotexpr
+| 52 = @sendchantypeexpr
+| 53 = @recvchantypeexpr
+| 54 = @sendrcvchantypeexpr
+| 55 = @errorexpr;
+
+@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
+
+@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
+
+@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
+
+@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
+
+@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
+
+@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
+
+@logicalunaryexpr = @notexpr;
+
+@bitwiseunaryexpr = @complementexpr;
+
+@arithmeticunaryexpr = @plusexpr | @minusexpr;
+
+@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
+
+@logicalbinaryexpr = @lorexpr | @landexpr;
+
+@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
+
+@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
+
+@shiftexpr = @shlexpr | @shrexpr;
+
+@comparison = @equalitytest | @relationalcomparison;
+
+@equalitytest = @eqlexpr | @neqexpr;
+
+@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
+
+@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
+
+case @stmt.kind of
+  0 = @badstmt
+| 1 = @declstmt
+| 2 = @emptystmt
+| 3 = @labeledstmt
+| 4 = @exprstmt
+| 5 = @sendstmt
+| 6 = @incstmt
+| 7 = @decstmt
+| 8 = @gostmt
+| 9 = @deferstmt
+| 10 = @returnstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @gotostmt
+| 14 = @fallthroughstmt
+| 15 = @blockstmt
+| 16 = @ifstmt
+| 17 = @caseclause
+| 18 = @exprswitchstmt
+| 19 = @typeswitchstmt
+| 20 = @commclause
+| 21 = @selectstmt
+| 22 = @forstmt
+| 23 = @rangestmt
+| 24 = @assignstmt
+| 25 = @definestmt
+| 26 = @addassignstmt
+| 27 = @subassignstmt
+| 28 = @mulassignstmt
+| 29 = @quoassignstmt
+| 30 = @remassignstmt
+| 31 = @andassignstmt
+| 32 = @orassignstmt
+| 33 = @xorassignstmt
+| 34 = @shlassignstmt
+| 35 = @shrassignstmt
+| 36 = @andnotassignstmt;
+
+@incdecstmt = @incstmt | @decstmt;
+
+@assignment = @simpleassignstmt | @compoundassignstmt;
+
+@simpleassignstmt = @assignstmt | @definestmt;
+
+@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
+                    | @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
+
+@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
+
+@switchstmt = @exprswitchstmt | @typeswitchstmt;
+
+@loopstmt = @forstmt | @rangestmt;
+
+case @decl.kind of
+  0 = @baddecl
+| 1 = @importdecl
+| 2 = @constdecl
+| 3 = @typedecl
+| 4 = @vardecl
+| 5 = @funcdecl;
+
+@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
+
+case @spec.kind of
+  0 = @importspec
+| 1 = @valuespec
+| 2 = @typedefspec
+| 3 = @aliasspec;
+
+@typespec = @typedefspec | @aliasspec;
+
+case @object.kind of
+  0 = @pkgobject
+| 1 = @decltypeobject
+| 2 = @builtintypeobject
+| 3 = @declconstobject
+| 4 = @builtinconstobject
+| 5 = @declvarobject
+| 6 = @declfunctionobject
+| 7 = @builtinfunctionobject
+| 8 = @labelobject;
+
+@typeparamparentobject = @decltypeobject | @declfunctionobject;
+
+@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
+
+@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
+
+@typeobject = @decltypeobject | @builtintypeobject;
+
+@valueobject = @constobject | @varobject | @functionobject;
+
+@constobject = @declconstobject | @builtinconstobject;
+
+@varobject = @declvarobject;
+
+@functionobject = @declfunctionobject | @builtinfunctionobject;
+
+case @scope.kind of
+  0 = @universescope
+| 1 = @packagescope
+| 2 = @localscope;
+
+case @type.kind of
+  0 = @invalidtype
+| 1 = @boolexprtype
+| 2 = @inttype
+| 3 = @int8type
+| 4 = @int16type
+| 5 = @int32type
+| 6 = @int64type
+| 7 = @uinttype
+| 8 = @uint8type
+| 9 = @uint16type
+| 10 = @uint32type
+| 11 = @uint64type
+| 12 = @uintptrtype
+| 13 = @float32type
+| 14 = @float64type
+| 15 = @complex64type
+| 16 = @complex128type
+| 17 = @stringexprtype
+| 18 = @unsafepointertype
+| 19 = @boolliteraltype
+| 20 = @intliteraltype
+| 21 = @runeliteraltype
+| 22 = @floatliteraltype
+| 23 = @complexliteraltype
+| 24 = @stringliteraltype
+| 25 = @nilliteraltype
+| 26 = @typeparamtype
+| 27 = @arraytype
+| 28 = @slicetype
+| 29 = @structtype
+| 30 = @pointertype
+| 31 = @interfacetype
+| 32 = @tupletype
+| 33 = @signaturetype
+| 34 = @maptype
+| 35 = @sendchantype
+| 36 = @recvchantype
+| 37 = @sendrcvchantype
+| 38 = @namedtype
+| 39 = @typesetliteraltype;
+
+@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
+
+@booltype = @boolexprtype | @boolliteraltype;
+
+@numerictype = @integertype | @floattype | @complextype;
+
+@integertype = @signedintegertype | @unsignedintegertype;
+
+@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
+
+@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
+
+@floattype = @float32type | @float64type | @floatliteraltype;
+
+@complextype = @complex64type | @complex128type | @complexliteraltype;
+
+@stringtype = @stringexprtype | @stringliteraltype;
+
+@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
+             | @stringliteraltype | @nilliteraltype;
+
+@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
+               | @signaturetype | @namedtype | @typesetliteraltype;
+
+@containertype = @arraytype | @slicetype | @maptype | @chantype;
+
+@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
+
+case @modexpr.kind of
+  0 = @modcommentblock
+| 1 = @modline
+| 2 = @modlineblock
+| 3 = @modlparen
+| 4 = @modrparen;
+
+case @error.kind of
+  0 = @unknownerror
+| 1 = @listerror
+| 2 = @parseerror
+| 3 = @typeerror;
+
diff --git a/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/upgrade.properties b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/upgrade.properties
new file mode 100644
index 00000000000..c7242dd66e3
--- /dev/null
+++ b/go/ql/lib/upgrades/90fa7836e0a239f69bbebffcf342e92c240d54bc/upgrade.properties
@@ -0,0 +1,3 @@
+description: Delete @errorexpr - @badexpr should be used instead
+compatibility: full
+exprs.rel: run exprs.qlo
diff --git a/go/ql/src/AlertSuppression.ql b/go/ql/src/AlertSuppression.ql
index f0a3b5df730..d264052bd23 100644
--- a/go/ql/src/AlertSuppression.ql
+++ b/go/ql/src/AlertSuppression.ql
@@ -49,9 +49,7 @@ class SuppressionComment extends Locatable {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @locatable {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @locatable instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -65,7 +63,7 @@ class SuppressionScope extends @locatable {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
index 65aa3c40d99..aed077e28d9 100644
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.3.6
+
+No user-facing changes.
+
+## 0.3.5
+
+No user-facing changes.
+
+## 0.3.4
+
+No user-facing changes.
+
 ## 0.3.3
 
 ### Minor Analysis Improvements
diff --git a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
index fdd83673b74..29e94f67823 100644
--- a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
+++ b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
@@ -83,7 +83,7 @@ predicate regexpGuardsError(RegexpPattern regexp) {
 class Config extends DataFlow::Configuration {
   Config() { this = "IncompleteHostNameRegexp::Config" }
 
-  predicate isSource(DataFlow::Node source, string hostPart) {
+  predicate isSourceString(DataFlow::Node source, string hostPart) {
     exists(Expr e |
       e = source.asExpr() and
       isIncompleteHostNameRegexpPattern(e.getStringValue(), hostPart)
@@ -95,7 +95,7 @@ class Config extends DataFlow::Configuration {
     )
   }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { isSourceString(source, _) }
 
   override predicate isSink(DataFlow::Node sink) {
     sink instanceof RegexpPattern and
@@ -107,7 +107,7 @@ class Config extends DataFlow::Configuration {
 }
 
 from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string hostPart
-where c.hasFlowPath(source, sink) and c.isSource(source.getNode(), hostPart)
+where c.hasFlowPath(source, sink) and c.isSourceString(source.getNode(), hostPart)
 select source, source, sink,
   "This regular expression has an unescaped dot before '" + hostPart + "', " +
     "so it might match more hosts than expected when $@.", sink, "the regular expression is used"
diff --git a/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql b/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
index 8538e435819..f19bee4b179 100644
--- a/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
+++ b/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
@@ -63,7 +63,7 @@ predicate isInterestingUnanchoredRegexpString(string re, string msg) {
 class Config extends DataFlow::Configuration {
   Config() { this = "MissingRegexpAnchor::Config" }
 
-  predicate isSource(DataFlow::Node source, string msg) {
+  predicate isSourceString(DataFlow::Node source, string msg) {
     exists(Expr e | e = source.asExpr() |
       isInterestingUnanchoredRegexpString(e.getStringValue(), msg)
       or
@@ -71,11 +71,11 @@ class Config extends DataFlow::Configuration {
     )
   }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { isSourceString(source, _) }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof RegexpPattern }
 }
 
 from Config c, DataFlow::PathNode source, string msg
-where c.hasFlowPath(source, _) and c.isSource(source.getNode(), msg)
+where c.hasFlowPath(source, _) and c.isSourceString(source.getNode(), msg)
 select source.getNode(), msg
diff --git a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
index 5c1b4528302..667ab999a34 100644
--- a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
+++ b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
@@ -32,7 +32,7 @@ predicate containsEscapedCharacter(DataFlow::Node source, string character) {
 class Config extends DataFlow::Configuration {
   Config() { this = "SuspiciousRegexpEscape" }
 
-  predicate isSource(DataFlow::Node source, string report) {
+  predicate isSourceString(DataFlow::Node source, string report) {
     containsEscapedCharacter(source, "a") and
     report =
       "the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text?"
@@ -41,12 +41,12 @@ class Config extends DataFlow::Configuration {
     report = "a literal backspace \\b; did you mean \\\\b, a word boundary?"
   }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { isSourceString(source, _) }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof RegexpPattern }
 }
 
 from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string report
-where c.hasFlowPath(source, sink) and c.isSource(source.getNode(), report)
+where c.hasFlowPath(source, sink) and c.isSourceString(source.getNode(), report)
 select source, source, sink, "This string literal that is $@ contains " + report, sink,
   "used as a regular expression"
diff --git a/go/ql/src/Security/CWE-022/ZipSlipGood.go b/go/ql/src/Security/CWE-022/ZipSlipGood.go
index 40af79fb999..ac7e37d10de 100644
--- a/go/ql/src/Security/CWE-022/ZipSlipGood.go
+++ b/go/ql/src/Security/CWE-022/ZipSlipGood.go
@@ -12,7 +12,7 @@ func unzipGood(f string) {
 	for _, f := range r.File {
 		p, _ := filepath.Abs(f.Name)
 		// GOOD: Check that path does not contain ".." before using it
-		if !strings.Contains(p, "..") {
+		if !strings.Contains(f.Name, "..") {
 			ioutil.WriteFile(p, []byte("present"), 0666)
 		}
 	}
diff --git a/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql b/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
index c52e9c33305..4962a6626fc 100644
--- a/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
+++ b/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
@@ -20,7 +20,7 @@ from
   DataFlow::Node allocsz
 where
   cfg.hasFlowPath(source, sink) and
-  cfg.isSink(sink.getNode(), allocsz)
+  cfg.isSinkWithAllocationSize(sink.getNode(), allocsz)
 select sink, source, sink,
   "This operation, which is used in an $@, involves a $@ and might overflow.", allocsz,
   "allocation", source, "potentially large value"
diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
index 452e3b94108..486283ddcb4 100644
--- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
+++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
@@ -66,14 +66,14 @@ class HostKeyCallbackAssignmentConfig extends DataFlow::Configuration {
   /**
    * Holds if `sink` is a value written by `write` to a field `ClientConfig.HostKeyCallback`.
    */
-  predicate isSink(DataFlow::Node sink, Write write) {
+  predicate writeIsSink(DataFlow::Node sink, Write write) {
     exists(Field f |
       f.hasQualifiedName(CryptoSsh::packagePath(), "ClientConfig", "HostKeyCallback") and
       write.writesField(_, f, sink)
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.writeIsSink(sink, _) }
 }
 
 /**
@@ -92,8 +92,8 @@ predicate hostCheckReachesSink(DataFlow::PathNode sink) {
         SsaWithFields sinkAccessPath, SsaWithFields otherSinkAccessPath
       |
         config.hasFlowPath(source, otherSink) and
-        config.isSink(sink.getNode(), sinkWrite) and
-        config.isSink(otherSink.getNode(), otherSinkWrite) and
+        config.writeIsSink(sink.getNode(), sinkWrite) and
+        config.writeIsSink(otherSink.getNode(), otherSinkWrite) and
         sinkWrite.writesField(sinkAccessPath.getAUse(), _, sink.getNode()) and
         otherSinkWrite.writesField(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and
         otherSinkAccessPath = sinkAccessPath.similar()
diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql
index f8277226144..9163f767382 100644
--- a/go/ql/src/Security/CWE-327/InsecureTLS.ql
+++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql
@@ -60,7 +60,7 @@ class TlsVersionFlowConfig extends TaintTracking::Configuration {
   /**
    * Holds if `source` is a TLS version source yielding value `val`.
    */
-  predicate isSource(DataFlow::Node source, int val) {
+  predicate intIsSource(DataFlow::Node source, int val) {
     val = source.getIntValue() and
     val = getATlsVersion() and
     not DataFlow::isReturnedWithError(source)
@@ -74,7 +74,7 @@ class TlsVersionFlowConfig extends TaintTracking::Configuration {
     fieldWrite.writesField(base, fld, sink)
   }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { intIsSource(source, _) }
 
   override predicate isSink(DataFlow::Node sink) { isSink(sink, _, _, _) }
 }
@@ -87,7 +87,7 @@ predicate secureTlsVersionFlow(
 ) {
   exists(int version |
     config.hasFlowPath(source, sink) and
-    config.isSource(source.getNode(), version) and
+    config.intIsSource(source.getNode(), version) and
     not isInsecureTlsVersion(version, _, fld.getName())
   )
 }
@@ -130,7 +130,7 @@ predicate isInsecureTlsVersionFlow(
 ) {
   exists(TlsVersionFlowConfig cfg, int version, Field fld |
     cfg.hasFlowPath(source, sink) and
-    cfg.isSource(source.getNode(), version) and
+    cfg.intIsSource(source.getNode(), version) and
     cfg.isSink(sink.getNode(), fld, base, _) and
     isInsecureTlsVersion(version, _, fld.getName()) and
     // Exclude cases where a secure TLS version can also flow to the same
diff --git a/go/ql/src/Security/CWE-338/InsecureRandomness.ql b/go/ql/src/Security/CWE-338/InsecureRandomness.ql
index e87bbbae37b..aa26e171e50 100644
--- a/go/ql/src/Security/CWE-338/InsecureRandomness.ql
+++ b/go/ql/src/Security/CWE-338/InsecureRandomness.ql
@@ -17,7 +17,7 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string kind
 where
   cfg.hasFlowPath(source, sink) and
-  cfg.isSink(sink.getNode(), kind) and
+  cfg.isSinkWithKind(sink.getNode(), kind) and
   (
     kind != "A password-related function"
     or
diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
index a35fc03b030..92ac3a9b54f 100644
--- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -31,7 +31,7 @@ class AuthCodeUrl extends Method {
 class ConstantStateFlowConf extends DataFlow::Configuration {
   ConstantStateFlowConf() { this = "ConstantStateFlowConf" }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
+  predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
     exists(AuthCodeUrl m | call = m.getACall() | sink = call.getArgument(0))
   }
 
@@ -46,7 +46,7 @@ class ConstantStateFlowConf extends DataFlow::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkCall(sink, _) }
 }
 
 /**
@@ -109,11 +109,11 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
     any(Fmt::AppenderOrSprinter s).taintStep(pred, succ)
   }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
+  predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
     exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkCall(sink, _) }
 }
 
 /**
@@ -126,7 +126,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
 predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) {
   exists(PrivateUrlFlowsToAuthCodeUrlCall flowConfig, DataFlow::Node receiver |
     flowConfig.hasFlowTo(receiver) and
-    flowConfig.isSink(receiver, call)
+    flowConfig.isSinkCall(receiver, call)
   )
 }
 
@@ -134,7 +134,7 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) {
 class FlowToPrint extends DataFlow::Configuration {
   FlowToPrint() { this = "FlowToPrint" }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
+  predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
     exists(LoggerCall logCall | call = logCall | sink = logCall.getAMessageComponent())
   }
 
@@ -142,7 +142,7 @@ class FlowToPrint extends DataFlow::Configuration {
     source = any(AuthCodeUrl m).getACall().getResult()
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkCall(sink, _) }
 }
 
 /** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
@@ -198,7 +198,7 @@ from
   DataFlow::CallNode sinkCall
 where
   cfg.hasFlowPath(source, sink) and
-  cfg.isSink(sink.getNode(), sinkCall) and
+  cfg.isSinkCall(sink.getNode(), sinkCall) and
   // Exclude cases that seem to be oauth flows done from within a terminal:
   not seemsLikeDoneWithinATerminal(sinkCall) and
   not privateUrlFlowsToAuthCodeUrlCall(sinkCall)
diff --git a/go/ql/src/Security/CWE-601/BadRedirectCheck.qhelp b/go/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
index b6036f4399b..a592abfff38 100644
--- a/go/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
+++ b/go/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
@@ -7,7 +7,7 @@ Redirect URLs should be checked to ensure that user input cannot cause a site to
 to arbitrary domains. This is often done with a check that the redirect URL begins with a slash,
 which most of the time is an absolute redirect on the same host. However, browsers interpret URLs
 beginning with <code>//</code> or <code>/\</code> as absolute URLs. For example, a redirect to
-<code>//lgtm.com</code> will redirect to <code>https://lgtm.com</code>. Thus, redirect checks must
+<code>//example.com</code> will redirect to <code>https://example.com</code>. Thus, redirect checks must
 also check the second character of redirect URLs.
 </p>
 </overview>
diff --git a/go/ql/src/Security/CWE-601/BadRedirectCheck.ql b/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
index a35d78519bb..9beb2fe160b 100644
--- a/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
+++ b/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
@@ -94,13 +94,13 @@ predicate urlPath(DataFlow::Node nd) {
 class Configuration extends TaintTracking::Configuration {
   Configuration() { this = "BadRedirectCheck" }
 
-  override predicate isSource(DataFlow::Node source) { this.isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { this.isCheckedSource(source, _) }
 
   /**
    * Holds if `source` is the first node that flows into a use of a variable that is checked by a
    * bad redirect check `check`..
    */
-  predicate isSource(DataFlow::Node source, DataFlow::Node check) {
+  predicate isCheckedSource(DataFlow::Node source, DataFlow::Node check) {
     exists(SsaWithFields v |
       DataFlow::localFlow(source, v.getAUse()) and
       not exists(source.getAPredecessor()) and
@@ -170,7 +170,7 @@ predicate isBadRedirectCheckWrapper(DataFlow::Node check, FuncDef f, FunctionInp
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node check
 where
-  cfg.isSource(source.getNode(), check) and
+  cfg.isCheckedSource(source.getNode(), check) and
   cfg.hasFlowPath(source, sink)
 select check, source, sink,
   "This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position.",
diff --git a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
index 77e3ad97a3b..1e0d4ee7d4c 100644
--- a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
+++ b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
@@ -17,14 +17,10 @@ module EmailInjection {
   abstract class Sink extends DataFlow::Node { }
 
   /** A source of untrusted data, considered as a taint source for email injection. */
-  class UntrustedFlowSourceAsSource extends Source {
-    UntrustedFlowSourceAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowSourceAsSource extends Source instanceof UntrustedFlowSource { }
 
   /**
    * A data-flow node that becomes part of an email considered as a taint sink for email injection.
    */
-  class MailDataAsSink extends Sink {
-    MailDataAsSink() { this instanceof EmailData }
-  }
+  class MailDataAsSink extends Sink instanceof EmailData { }
 }
diff --git a/go/ql/src/change-notes/released/0.3.4.md b/go/ql/src/change-notes/released/0.3.4.md
new file mode 100644
index 00000000000..5fae94b07c9
--- /dev/null
+++ b/go/ql/src/change-notes/released/0.3.4.md
@@ -0,0 +1,3 @@
+## 0.3.4
+
+No user-facing changes.
diff --git a/go/ql/src/change-notes/released/0.3.5.md b/go/ql/src/change-notes/released/0.3.5.md
new file mode 100644
index 00000000000..7a86712e637
--- /dev/null
+++ b/go/ql/src/change-notes/released/0.3.5.md
@@ -0,0 +1,3 @@
+## 0.3.5
+
+No user-facing changes.
diff --git a/go/ql/src/change-notes/released/0.3.6.md b/go/ql/src/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/go/ql/src/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
index 9da182d3394..7bbaa8987dd 100644
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.6
diff --git a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
index 372b1c21642..9dd62083df4 100644
--- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -61,7 +61,7 @@ class FlowsUntrustedToAllowOriginHeader extends TaintTracking::Configuration {
 
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
-  predicate isSink(DataFlow::Node sink, AllowOriginHeaderWrite hw) { sink = hw.getValue() }
+  predicate isSinkHW(DataFlow::Node sink, AllowOriginHeaderWrite hw) { sink = hw.getValue() }
 
   override predicate isSanitizer(DataFlow::Node node) {
     exists(ControlFlow::ConditionGuardNode cgn |
@@ -71,7 +71,7 @@ class FlowsUntrustedToAllowOriginHeader extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkHW(sink, _) }
 }
 
 /**
@@ -95,7 +95,7 @@ predicate allowCredentialsIsSetToTrue(AllowOriginHeaderWrite allowOriginHW) {
 predicate flowsFromUntrustedToAllowOrigin(AllowOriginHeaderWrite allowOriginHW, string message) {
   exists(FlowsUntrustedToAllowOriginHeader cfg, DataFlow::Node sink |
     cfg.hasFlowTo(sink) and
-    cfg.isSink(sink, allowOriginHW)
+    cfg.isSinkHW(sink, allowOriginHW)
   |
     message =
       headerAllowOrigin() + " header is set to a user-defined value, and " +
@@ -130,9 +130,9 @@ class FlowsFromUntrusted extends TaintTracking::Configuration {
 
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { this.isSinkCgn(sink, _) }
 
-  predicate isSink(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn) {
+  predicate isSinkCgn(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn) {
     exists(IfStmt ifs |
       exists(Expr operand |
         operand = ifs.getCond().getAChildExpr*() and
@@ -171,7 +171,7 @@ class FlowsFromUntrusted extends TaintTracking::Configuration {
  */
 predicate flowsToGuardedByCheckOnUntrusted(AllowOriginHeaderWrite allowOriginHW) {
   exists(FlowsFromUntrusted cfg, DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn |
-    cfg.hasFlowTo(sink) and cfg.isSink(sink, cgn)
+    cfg.hasFlowTo(sink) and cfg.isSinkCgn(sink, cgn)
   |
     cgn.dominates(allowOriginHW.getBasicBlock())
   )
diff --git a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
index cafc719dd7a..3dfc90dc40a 100644
--- a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
+++ b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
@@ -41,16 +41,18 @@ class ConversionToUnsafePointer extends DataFlow::TypeCastNode {
 class UnsafeTypeCastingConf extends TaintTracking::Configuration {
   UnsafeTypeCastingConf() { this = "UnsafeTypeCastingConf" }
 
-  predicate isSource(DataFlow::Node source, ConversionToUnsafePointer conv) { source = conv }
+  predicate conversionIsSource(DataFlow::Node source, ConversionToUnsafePointer conv) {
+    source = conv
+  }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::TypeCastNode ca) {
+  predicate typeCastNodeIsSink(DataFlow::Node sink, DataFlow::TypeCastNode ca) {
     ca.getOperand().getType() instanceof UnsafePointerType and
     sink = ca
   }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { conversionIsSource(source, _) }
 
-  override predicate isSink(DataFlow::Node sink) { isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { typeCastNodeIsSink(sink, _) }
 }
 
 /*
@@ -66,8 +68,8 @@ predicate castShortArrayToLongerArray(
     ArrayType arrTo, ArrayType arrFrom, int arrFromSize
   |
     cfg.hasFlowPath(source, sink) and
-    cfg.isSource(source.getNode(), castLittle) and
-    cfg.isSink(sink.getNode(), castBig) and
+    cfg.conversionIsSource(source.getNode(), castLittle) and
+    cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
     arrTo = getFinalType(castBig.getResultType()) and
     (
       // Array (whole) to array:
@@ -111,8 +113,8 @@ predicate castTypeToArray(DataFlow::PathNode source, DataFlow::PathNode sink, st
     ArrayType arrTo, Type typeFrom
   |
     cfg.hasFlowPath(source, sink) and
-    cfg.isSource(source.getNode(), castLittle) and
-    cfg.isSink(sink.getNode(), castBig) and
+    cfg.conversionIsSource(source.getNode(), castLittle) and
+    cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
     arrTo = getFinalType(castBig.getResultType()) and
     not typeFrom.getUnderlyingType() instanceof ArrayType and
     not typeFrom instanceof PointerType and
@@ -141,8 +143,8 @@ predicate castDifferentBitSizeNumbers(
     NumericType numTo, NumericType numFrom
   |
     cfg.hasFlowPath(source, sink) and
-    cfg.isSource(source.getNode(), castLittle) and
-    cfg.isSink(sink.getNode(), castBig) and
+    cfg.conversionIsSource(source.getNode(), castLittle) and
+    cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
     numTo = getFinalType(castBig.getResultType()) and
     numFrom = getFinalType(castLittle.getOperand().getType()) and
     // TODO: also consider cast from uint to int?
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
index e44f8ef80d9..88d4e107152 100644
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.3.4-dev
+version: 0.4.0-dev
 groups:
   - go
   - queries
diff --git a/go/ql/test/experimental/CWE-090/LDAPInjection.expected b/go/ql/test/experimental/CWE-090/LDAPInjection.expected
index 6395227df6e..8e1165fab60 100644
--- a/go/ql/test/experimental/CWE-090/LDAPInjection.expected
+++ b/go/ql/test/experimental/CWE-090/LDAPInjection.expected
@@ -1,53 +1,53 @@
 edges
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:59:3:59:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:61:3:61:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:62:3:62:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:62:24:62:32 | untrusted : string |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:66:3:66:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:68:3:68:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:69:3:69:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:69:24:69:32 | untrusted : string |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:73:3:73:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:75:3:75:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:76:3:76:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:76:24:76:32 | untrusted : string |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:80:22:80:30 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:81:25:81:33 | untrusted |
-| LDAPInjection.go:62:3:62:33 | slice literal [array] : string | LDAPInjection.go:62:3:62:33 | slice literal |
-| LDAPInjection.go:62:24:62:32 | untrusted : string | LDAPInjection.go:62:3:62:33 | slice literal [array] : string |
-| LDAPInjection.go:69:3:69:33 | slice literal [array] : string | LDAPInjection.go:69:3:69:33 | slice literal |
-| LDAPInjection.go:69:24:69:32 | untrusted : string | LDAPInjection.go:69:3:69:33 | slice literal [array] : string |
-| LDAPInjection.go:76:3:76:33 | slice literal [array] : string | LDAPInjection.go:76:3:76:33 | slice literal |
-| LDAPInjection.go:76:24:76:32 | untrusted : string | LDAPInjection.go:76:3:76:33 | slice literal [array] : string |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted |
+| LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal |
+| LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] |
+| LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal |
+| LDAPInjection.go:69:24:69:32 | untrusted | LDAPInjection.go:69:3:69:33 | slice literal [array] |
+| LDAPInjection.go:76:3:76:33 | slice literal [array] | LDAPInjection.go:76:3:76:33 | slice literal |
+| LDAPInjection.go:76:24:76:32 | untrusted | LDAPInjection.go:76:3:76:33 | slice literal [array] |
 nodes
-| LDAPInjection.go:57:15:57:29 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | semmle.label | call to UserAgent |
 | LDAPInjection.go:59:3:59:11 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:61:3:61:51 | ...+... | semmle.label | ...+... |
 | LDAPInjection.go:62:3:62:33 | slice literal | semmle.label | slice literal |
-| LDAPInjection.go:62:3:62:33 | slice literal [array] : string | semmle.label | slice literal [array] : string |
-| LDAPInjection.go:62:24:62:32 | untrusted : string | semmle.label | untrusted : string |
+| LDAPInjection.go:62:3:62:33 | slice literal [array] | semmle.label | slice literal [array] |
+| LDAPInjection.go:62:24:62:32 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:66:3:66:11 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:68:3:68:51 | ...+... | semmle.label | ...+... |
 | LDAPInjection.go:69:3:69:33 | slice literal | semmle.label | slice literal |
-| LDAPInjection.go:69:3:69:33 | slice literal [array] : string | semmle.label | slice literal [array] : string |
-| LDAPInjection.go:69:24:69:32 | untrusted : string | semmle.label | untrusted : string |
+| LDAPInjection.go:69:3:69:33 | slice literal [array] | semmle.label | slice literal [array] |
+| LDAPInjection.go:69:24:69:32 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:73:3:73:11 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:75:3:75:51 | ...+... | semmle.label | ...+... |
 | LDAPInjection.go:76:3:76:33 | slice literal | semmle.label | slice literal |
-| LDAPInjection.go:76:3:76:33 | slice literal [array] : string | semmle.label | slice literal [array] : string |
-| LDAPInjection.go:76:24:76:32 | untrusted : string | semmle.label | untrusted : string |
+| LDAPInjection.go:76:3:76:33 | slice literal [array] | semmle.label | slice literal [array] |
+| LDAPInjection.go:76:24:76:32 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:80:22:80:30 | untrusted | semmle.label | untrusted |
 | LDAPInjection.go:81:25:81:33 | untrusted | semmle.label | untrusted |
 subpaths
 #select
-| LDAPInjection.go:59:3:59:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:59:3:59:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:61:3:61:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:61:3:61:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:62:3:62:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:62:3:62:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:66:3:66:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:66:3:66:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:68:3:68:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:68:3:68:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:69:3:69:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:69:3:69:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:73:3:73:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:73:3:73:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:75:3:75:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:75:3:75:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:76:3:76:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:76:3:76:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:80:22:80:30 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:80:22:80:30 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
-| LDAPInjection.go:81:25:81:33 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent : string | LDAPInjection.go:81:25:81:33 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:59:3:59:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:61:3:61:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:62:3:62:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:66:3:66:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:68:3:68:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:69:3:69:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:73:3:73:11 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:75:3:75:51 | ...+... | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:76:3:76:33 | slice literal | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:80:22:80:30 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
+| LDAPInjection.go:81:25:81:33 | untrusted | LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | LDAP query parameter depends on a $@. | LDAPInjection.go:57:15:57:29 | call to UserAgent | user-provided value |
diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
index 27cc282c58c..1a22c7d1fc3 100644
--- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
+++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
@@ -1,598 +1,598 @@
 edges
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:126:16:126:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:134:16:134:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:146:16:146:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:158:16:158:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:170:16:170:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:183:16:183:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:195:16:195:20 | store : pointer type |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store : pointer type | CookieWithoutHttpOnly.go:129:2:129:8 | session |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false : bool | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false : bool | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false : bool | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store : pointer type | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:142:2:142:8 | session |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:153:2:153:8 | session |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store : pointer type | CookieWithoutHttpOnly.go:153:2:153:8 | session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:153:2:153:8 | session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:153:2:153:8 | session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:153:2:153:8 | session |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true : bool | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true : bool | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true : bool | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store : pointer type | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | CookieWithoutHttpOnly.go:166:2:166:8 | session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly : bool | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly : bool | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly : bool | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store : pointer type | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | CookieWithoutHttpOnly.go:178:2:178:8 | session |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store : pointer type | CookieWithoutHttpOnly.go:191:19:191:25 | session |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store : pointer type | CookieWithoutHttpOnly.go:202:19:202:25 | session |
+| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:15:21:15:21 | c |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:21:15:21 | c |
+| CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c |
+| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c |
+| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c |
+| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c |
+| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c |
+| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c |
+| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c |
+| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c |
+| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:100:21:100:21 | c |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:21:100:21 | c |
+| CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c |
+| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c |
+| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:126:16:126:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:134:16:134:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:146:16:146:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store |
+| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:129:2:129:8 | session |
+| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:142:2:142:8 | session |
+| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session |
+| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:153:2:153:8 | session |
+| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session |
+| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session |
+| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:153:2:153:8 | session |
+| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:166:2:166:8 | session |
+| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference |
+| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:178:2:178:8 | session |
+| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:191:19:191:25 | session |
+| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:202:19:202:25 | session |
 nodes
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | semmle.label | "session" : string |
+| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | semmle.label | false : bool |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | semmle.label | true : bool |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | semmle.label | true : bool |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | semmle.label | false : bool |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | semmle.label | definition of val : bool |
-| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | semmle.label | false : bool |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | semmle.label | val : bool |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val | semmle.label | definition of val |
+| CookieWithoutHttpOnly.go:55:9:55:13 | false | semmle.label | false |
+| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | semmle.label | definition of val : bool |
-| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | semmle.label | true : bool |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | semmle.label | val : bool |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val | semmle.label | definition of val |
+| CookieWithoutHttpOnly.go:65:9:65:12 | true | semmle.label | true |
+| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | semmle.label | definition of val : bool |
-| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | semmle.label | true : bool |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | semmle.label | val : bool |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val | semmle.label | definition of val |
+| CookieWithoutHttpOnly.go:75:9:75:12 | true | semmle.label | true |
+| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | semmle.label | definition of val : bool |
-| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | semmle.label | false : bool |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | semmle.label | val : bool |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val | semmle.label | definition of val |
+| CookieWithoutHttpOnly.go:85:9:85:13 | false | semmle.label | false |
+| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | semmle.label | false : bool |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | semmle.label | "session" : string |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | semmle.label | false : bool |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" |
+| CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | semmle.label | "login_name" : string |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | semmle.label | session : string |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | semmle.label | false : bool |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | semmle.label | "login_name" |
+| CookieWithoutHttpOnly.go:116:10:116:16 | session | semmle.label | session |
+| CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | semmle.label | &... : pointer type |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | semmle.label | c : Cookie |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | semmle.label | call to NewCookieStore : pointer type |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store : pointer type | semmle.label | store : pointer type |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
+| CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
+| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | semmle.label | call to NewCookieStore |
+| CookieWithoutHttpOnly.go:126:16:126:20 | store | semmle.label | store |
 | CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly : bool | semmle.label | definition of httpOnly : bool |
-| CookieWithoutHttpOnly.go:133:14:133:18 | false : bool | semmle.label | false : bool |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store : pointer type | semmle.label | store : pointer type |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | semmle.label | struct literal : Options |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | semmle.label | httpOnly : bool |
+| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly |
+| CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | semmle.label | httpOnly |
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store : pointer type | semmle.label | store : pointer type |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | semmle.label | struct literal : Options |
+| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store |
+| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal |
 | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | semmle.label | definition of httpOnly : bool |
-| CookieWithoutHttpOnly.go:157:14:157:17 | true : bool | semmle.label | true : bool |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store : pointer type | semmle.label | store : pointer type |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | semmle.label | struct literal : Options |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | semmle.label | httpOnly : bool |
+| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly |
+| CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | semmle.label | httpOnly |
 | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly : bool | semmle.label | argument corresponding to httpOnly : bool |
-| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly : bool | semmle.label | definition of httpOnly : bool |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | semmle.label | definition of session [pointer] : Session |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store : pointer type | semmle.label | store : pointer type |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session | semmle.label | implicit dereference : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session | semmle.label | session [pointer] : Session |
-| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | semmle.label | struct literal : Options |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | semmle.label | httpOnly : bool |
+| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly |
+| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
+| CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal |
+| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | semmle.label | httpOnly |
 | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store : pointer type | semmle.label | store : pointer type |
+| CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store |
 | CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store : pointer type | semmle.label | store : pointer type |
+| CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store |
 | CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false |
 subpaths
 #select
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:20:51:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:20:110:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:20:120:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:129:2:129:8 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:129:2:129:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:142:2:142:8 | session | CookieWithoutHttpOnly.go:133:14:133:18 | false : bool | CookieWithoutHttpOnly.go:142:2:142:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:153:2:153:8 | session | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:153:2:153:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:191:19:191:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:191:19:191:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
-| CookieWithoutHttpOnly.go:202:19:202:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:202:19:202:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:15:20:15:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:24:20:24:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:51:20:51:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:61:20:61:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:91:20:91:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:110:20:110:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:120:20:120:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:129:2:129:8 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:129:2:129:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:142:2:142:8 | session | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:142:2:142:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:153:2:153:8 | session | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:153:2:153:8 | session | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:191:19:191:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:19:191:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
+| CookieWithoutHttpOnly.go:202:19:202:25 | session | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:19:202:25 | session | Cookie attribute 'HttpOnly' is not set to true. |
 | CookieWithoutHttpOnly.go:214:66:214:70 | false | CookieWithoutHttpOnly.go:214:66:214:70 | false | CookieWithoutHttpOnly.go:214:66:214:70 | false | Cookie attribute 'HttpOnly' is not set to true. |
diff --git a/go/ql/test/experimental/CWE-321/HardcodedKeys.expected b/go/ql/test/experimental/CWE-321/HardcodedKeys.expected
index 23b79ccb2a9..fe0fb2d238d 100644
--- a/go/ql/test/experimental/CWE-321/HardcodedKeys.expected
+++ b/go/ql/test/experimental/CWE-321/HardcodedKeys.expected
@@ -1,74 +1,74 @@
 edges
-| HardcodedKeysBad.go:11:18:11:38 | type conversion : string | HardcodedKeysBad.go:19:28:19:39 | mySigningKey |
-| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | HardcodedKeysBad.go:11:18:11:38 | type conversion : string |
-| main.go:25:18:25:31 | type conversion : string | main.go:34:28:34:39 | mySigningKey |
-| main.go:25:25:25:30 | "key1" : string | main.go:25:18:25:31 | type conversion : string |
-| main.go:42:23:42:28 | "key2" : string | main.go:42:16:42:29 | type conversion |
-| main.go:60:9:60:22 | type conversion : string | main.go:61:44:61:46 | key |
-| main.go:60:16:60:21 | `key3` : string | main.go:60:9:60:22 | type conversion : string |
-| main.go:65:9:65:22 | type conversion : string | main.go:66:66:66:68 | key |
-| main.go:65:16:65:21 | "key4" : string | main.go:65:9:65:22 | type conversion : string |
-| main.go:69:10:69:23 | type conversion : string | main.go:74:15:74:18 | key2 |
-| main.go:69:17:69:22 | "key5" : string | main.go:69:10:69:23 | type conversion : string |
-| main.go:80:9:80:22 | type conversion : string | main.go:84:41:84:43 | key |
-| main.go:80:16:80:21 | "key6" : string | main.go:80:9:80:22 | type conversion : string |
-| main.go:89:10:89:23 | type conversion : string | main.go:91:66:91:69 | key2 |
-| main.go:89:17:89:22 | "key7" : string | main.go:89:10:89:23 | type conversion : string |
-| main.go:97:9:97:22 | type conversion : string | main.go:102:30:102:32 | key |
-| main.go:97:16:97:21 | "key8" : string | main.go:97:9:97:22 | type conversion : string |
-| main.go:106:15:106:28 | type conversion : string | main.go:107:16:107:24 | sharedKey |
-| main.go:106:22:106:27 | "key9" : string | main.go:106:15:106:28 | type conversion : string |
-| main.go:110:23:110:37 | type conversion : string | main.go:113:16:113:30 | sharedKeyglobal |
-| main.go:110:30:110:36 | "key10" : string | main.go:110:23:110:37 | type conversion : string |
-| sanitizer.go:17:9:17:21 | type conversion : string | sanitizer.go:18:44:18:46 | key |
-| sanitizer.go:17:16:17:20 | `key` : string | sanitizer.go:17:9:17:21 | type conversion : string |
+| HardcodedKeysBad.go:11:18:11:38 | type conversion | HardcodedKeysBad.go:19:28:19:39 | mySigningKey |
+| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:11:18:11:38 | type conversion |
+| main.go:25:18:25:31 | type conversion | main.go:34:28:34:39 | mySigningKey |
+| main.go:25:25:25:30 | "key1" | main.go:25:18:25:31 | type conversion |
+| main.go:42:23:42:28 | "key2" | main.go:42:16:42:29 | type conversion |
+| main.go:60:9:60:22 | type conversion | main.go:61:44:61:46 | key |
+| main.go:60:16:60:21 | `key3` | main.go:60:9:60:22 | type conversion |
+| main.go:65:9:65:22 | type conversion | main.go:66:66:66:68 | key |
+| main.go:65:16:65:21 | "key4" | main.go:65:9:65:22 | type conversion |
+| main.go:69:10:69:23 | type conversion | main.go:74:15:74:18 | key2 |
+| main.go:69:17:69:22 | "key5" | main.go:69:10:69:23 | type conversion |
+| main.go:80:9:80:22 | type conversion | main.go:84:41:84:43 | key |
+| main.go:80:16:80:21 | "key6" | main.go:80:9:80:22 | type conversion |
+| main.go:89:10:89:23 | type conversion | main.go:91:66:91:69 | key2 |
+| main.go:89:17:89:22 | "key7" | main.go:89:10:89:23 | type conversion |
+| main.go:97:9:97:22 | type conversion | main.go:102:30:102:32 | key |
+| main.go:97:16:97:21 | "key8" | main.go:97:9:97:22 | type conversion |
+| main.go:106:15:106:28 | type conversion | main.go:107:16:107:24 | sharedKey |
+| main.go:106:22:106:27 | "key9" | main.go:106:15:106:28 | type conversion |
+| main.go:110:23:110:37 | type conversion | main.go:113:16:113:30 | sharedKeyglobal |
+| main.go:110:30:110:36 | "key10" | main.go:110:23:110:37 | type conversion |
+| sanitizer.go:17:9:17:21 | type conversion | sanitizer.go:18:44:18:46 | key |
+| sanitizer.go:17:16:17:20 | `key` | sanitizer.go:17:9:17:21 | type conversion |
 nodes
-| HardcodedKeysBad.go:11:18:11:38 | type conversion : string | semmle.label | type conversion : string |
-| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | semmle.label | "AllYourBase" : string |
+| HardcodedKeysBad.go:11:18:11:38 | type conversion | semmle.label | type conversion |
+| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | semmle.label | "AllYourBase" |
 | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | semmle.label | mySigningKey |
-| main.go:25:18:25:31 | type conversion : string | semmle.label | type conversion : string |
-| main.go:25:25:25:30 | "key1" : string | semmle.label | "key1" : string |
+| main.go:25:18:25:31 | type conversion | semmle.label | type conversion |
+| main.go:25:25:25:30 | "key1" | semmle.label | "key1" |
 | main.go:34:28:34:39 | mySigningKey | semmle.label | mySigningKey |
 | main.go:42:16:42:29 | type conversion | semmle.label | type conversion |
-| main.go:42:23:42:28 | "key2" : string | semmle.label | "key2" : string |
-| main.go:60:9:60:22 | type conversion : string | semmle.label | type conversion : string |
-| main.go:60:16:60:21 | `key3` : string | semmle.label | `key3` : string |
+| main.go:42:23:42:28 | "key2" | semmle.label | "key2" |
+| main.go:60:9:60:22 | type conversion | semmle.label | type conversion |
+| main.go:60:16:60:21 | `key3` | semmle.label | `key3` |
 | main.go:61:44:61:46 | key | semmle.label | key |
-| main.go:65:9:65:22 | type conversion : string | semmle.label | type conversion : string |
-| main.go:65:16:65:21 | "key4" : string | semmle.label | "key4" : string |
+| main.go:65:9:65:22 | type conversion | semmle.label | type conversion |
+| main.go:65:16:65:21 | "key4" | semmle.label | "key4" |
 | main.go:66:66:66:68 | key | semmle.label | key |
-| main.go:69:10:69:23 | type conversion : string | semmle.label | type conversion : string |
-| main.go:69:17:69:22 | "key5" : string | semmle.label | "key5" : string |
+| main.go:69:10:69:23 | type conversion | semmle.label | type conversion |
+| main.go:69:17:69:22 | "key5" | semmle.label | "key5" |
 | main.go:74:15:74:18 | key2 | semmle.label | key2 |
-| main.go:80:9:80:22 | type conversion : string | semmle.label | type conversion : string |
-| main.go:80:16:80:21 | "key6" : string | semmle.label | "key6" : string |
+| main.go:80:9:80:22 | type conversion | semmle.label | type conversion |
+| main.go:80:16:80:21 | "key6" | semmle.label | "key6" |
 | main.go:84:41:84:43 | key | semmle.label | key |
-| main.go:89:10:89:23 | type conversion : string | semmle.label | type conversion : string |
-| main.go:89:17:89:22 | "key7" : string | semmle.label | "key7" : string |
+| main.go:89:10:89:23 | type conversion | semmle.label | type conversion |
+| main.go:89:17:89:22 | "key7" | semmle.label | "key7" |
 | main.go:91:66:91:69 | key2 | semmle.label | key2 |
-| main.go:97:9:97:22 | type conversion : string | semmle.label | type conversion : string |
-| main.go:97:16:97:21 | "key8" : string | semmle.label | "key8" : string |
+| main.go:97:9:97:22 | type conversion | semmle.label | type conversion |
+| main.go:97:16:97:21 | "key8" | semmle.label | "key8" |
 | main.go:102:30:102:32 | key | semmle.label | key |
-| main.go:106:15:106:28 | type conversion : string | semmle.label | type conversion : string |
-| main.go:106:22:106:27 | "key9" : string | semmle.label | "key9" : string |
+| main.go:106:15:106:28 | type conversion | semmle.label | type conversion |
+| main.go:106:22:106:27 | "key9" | semmle.label | "key9" |
 | main.go:107:16:107:24 | sharedKey | semmle.label | sharedKey |
-| main.go:110:23:110:37 | type conversion : string | semmle.label | type conversion : string |
-| main.go:110:30:110:36 | "key10" : string | semmle.label | "key10" : string |
+| main.go:110:23:110:37 | type conversion | semmle.label | type conversion |
+| main.go:110:30:110:36 | "key10" | semmle.label | "key10" |
 | main.go:113:16:113:30 | sharedKeyglobal | semmle.label | sharedKeyglobal |
-| sanitizer.go:17:9:17:21 | type conversion : string | semmle.label | type conversion : string |
-| sanitizer.go:17:16:17:20 | `key` : string | semmle.label | `key` : string |
+| sanitizer.go:17:9:17:21 | type conversion | semmle.label | type conversion |
+| sanitizer.go:17:16:17:20 | `key` | semmle.label | `key` |
 | sanitizer.go:18:44:18:46 | key | semmle.label | key |
 subpaths
 #select
-| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | $@ is used to sign a JWT token. | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | Hardcoded String |
-| main.go:34:28:34:39 | mySigningKey | main.go:25:25:25:30 | "key1" : string | main.go:34:28:34:39 | mySigningKey | $@ is used to sign a JWT token. | main.go:25:25:25:30 | "key1" | Hardcoded String |
-| main.go:42:16:42:29 | type conversion | main.go:42:23:42:28 | "key2" : string | main.go:42:16:42:29 | type conversion | $@ is used to sign a JWT token. | main.go:42:23:42:28 | "key2" | Hardcoded String |
-| main.go:61:44:61:46 | key | main.go:60:16:60:21 | `key3` : string | main.go:61:44:61:46 | key | $@ is used to sign a JWT token. | main.go:60:16:60:21 | `key3` | Hardcoded String |
-| main.go:66:66:66:68 | key | main.go:65:16:65:21 | "key4" : string | main.go:66:66:66:68 | key | $@ is used to sign a JWT token. | main.go:65:16:65:21 | "key4" | Hardcoded String |
-| main.go:74:15:74:18 | key2 | main.go:69:17:69:22 | "key5" : string | main.go:74:15:74:18 | key2 | $@ is used to sign a JWT token. | main.go:69:17:69:22 | "key5" | Hardcoded String |
-| main.go:84:41:84:43 | key | main.go:80:16:80:21 | "key6" : string | main.go:84:41:84:43 | key | $@ is used to sign a JWT token. | main.go:80:16:80:21 | "key6" | Hardcoded String |
-| main.go:91:66:91:69 | key2 | main.go:89:17:89:22 | "key7" : string | main.go:91:66:91:69 | key2 | $@ is used to sign a JWT token. | main.go:89:17:89:22 | "key7" | Hardcoded String |
-| main.go:102:30:102:32 | key | main.go:97:16:97:21 | "key8" : string | main.go:102:30:102:32 | key | $@ is used to sign a JWT token. | main.go:97:16:97:21 | "key8" | Hardcoded String |
-| main.go:107:16:107:24 | sharedKey | main.go:106:22:106:27 | "key9" : string | main.go:107:16:107:24 | sharedKey | $@ is used to sign a JWT token. | main.go:106:22:106:27 | "key9" | Hardcoded String |
-| main.go:113:16:113:30 | sharedKeyglobal | main.go:110:30:110:36 | "key10" : string | main.go:113:16:113:30 | sharedKeyglobal | $@ is used to sign a JWT token. | main.go:110:30:110:36 | "key10" | Hardcoded String |
-| sanitizer.go:18:44:18:46 | key | sanitizer.go:17:16:17:20 | `key` : string | sanitizer.go:18:44:18:46 | key | $@ is used to sign a JWT token. | sanitizer.go:17:16:17:20 | `key` | Hardcoded String |
+| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | $@ is used to sign a JWT token. | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | Hardcoded String |
+| main.go:34:28:34:39 | mySigningKey | main.go:25:25:25:30 | "key1" | main.go:34:28:34:39 | mySigningKey | $@ is used to sign a JWT token. | main.go:25:25:25:30 | "key1" | Hardcoded String |
+| main.go:42:16:42:29 | type conversion | main.go:42:23:42:28 | "key2" | main.go:42:16:42:29 | type conversion | $@ is used to sign a JWT token. | main.go:42:23:42:28 | "key2" | Hardcoded String |
+| main.go:61:44:61:46 | key | main.go:60:16:60:21 | `key3` | main.go:61:44:61:46 | key | $@ is used to sign a JWT token. | main.go:60:16:60:21 | `key3` | Hardcoded String |
+| main.go:66:66:66:68 | key | main.go:65:16:65:21 | "key4" | main.go:66:66:66:68 | key | $@ is used to sign a JWT token. | main.go:65:16:65:21 | "key4" | Hardcoded String |
+| main.go:74:15:74:18 | key2 | main.go:69:17:69:22 | "key5" | main.go:74:15:74:18 | key2 | $@ is used to sign a JWT token. | main.go:69:17:69:22 | "key5" | Hardcoded String |
+| main.go:84:41:84:43 | key | main.go:80:16:80:21 | "key6" | main.go:84:41:84:43 | key | $@ is used to sign a JWT token. | main.go:80:16:80:21 | "key6" | Hardcoded String |
+| main.go:91:66:91:69 | key2 | main.go:89:17:89:22 | "key7" | main.go:91:66:91:69 | key2 | $@ is used to sign a JWT token. | main.go:89:17:89:22 | "key7" | Hardcoded String |
+| main.go:102:30:102:32 | key | main.go:97:16:97:21 | "key8" | main.go:102:30:102:32 | key | $@ is used to sign a JWT token. | main.go:97:16:97:21 | "key8" | Hardcoded String |
+| main.go:107:16:107:24 | sharedKey | main.go:106:22:106:27 | "key9" | main.go:107:16:107:24 | sharedKey | $@ is used to sign a JWT token. | main.go:106:22:106:27 | "key9" | Hardcoded String |
+| main.go:113:16:113:30 | sharedKeyglobal | main.go:110:30:110:36 | "key10" | main.go:113:16:113:30 | sharedKeyglobal | $@ is used to sign a JWT token. | main.go:110:30:110:36 | "key10" | Hardcoded String |
+| sanitizer.go:18:44:18:46 | key | sanitizer.go:17:16:17:20 | `key` | sanitizer.go:18:44:18:46 | key | $@ is used to sign a JWT token. | sanitizer.go:17:16:17:20 | `key` | Hardcoded String |
diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected
index e80e3295c22..081dac5ec37 100644
--- a/go/ql/test/experimental/CWE-369/DivideByZero.expected
+++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected
@@ -1,32 +1,32 @@
 edges
-| DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value |
-| DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:18:11:18:24 | type conversion : uint8 |
-| DivideByZero.go:18:11:18:24 | type conversion : uint8 | DivideByZero.go:19:16:19:20 | value |
-| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value |
-| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value |
-| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value |
-| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:55:11:55:24 | type conversion : uint8 |
-| DivideByZero.go:55:11:55:24 | type conversion : uint8 | DivideByZero.go:57:17:57:21 | value |
+| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:12:16:12:20 | value |
+| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:18:11:18:24 | type conversion |
+| DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value |
+| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:26:16:26:20 | value |
+| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:33:16:33:20 | value |
+| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:40:16:40:20 | value |
+| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:55:11:55:24 | type conversion |
+| DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value |
 nodes
-| DivideByZero.go:10:12:10:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:10:12:10:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:12:16:12:20 | value | semmle.label | value |
-| DivideByZero.go:17:12:17:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| DivideByZero.go:18:11:18:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
+| DivideByZero.go:17:12:17:16 | selection of URL | semmle.label | selection of URL |
+| DivideByZero.go:18:11:18:24 | type conversion | semmle.label | type conversion |
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
-| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:24:12:24:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:26:16:26:20 | value | semmle.label | value |
-| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:31:12:31:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:33:16:33:20 | value | semmle.label | value |
-| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:38:12:38:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:40:16:40:20 | value | semmle.label | value |
-| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| DivideByZero.go:55:11:55:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
+| DivideByZero.go:54:12:54:16 | selection of URL | semmle.label | selection of URL |
+| DivideByZero.go:55:11:55:24 | type conversion | semmle.label | type conversion |
 | DivideByZero.go:57:17:57:21 | value | semmle.label | value |
 subpaths
 #select
-| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | This variable might be zero leading to a division-by-zero panic. |
-| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | This variable might be zero leading to a division-by-zero panic. |
-| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value | This variable might be zero leading to a division-by-zero panic. |
-| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value | This variable might be zero leading to a division-by-zero panic. |
-| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value | This variable might be zero leading to a division-by-zero panic. |
-| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:57:17:57:21 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:12:16:12:20 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:19:16:19:20 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:26:16:26:20 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:33:16:33:20 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:40:16:40:20 | value | This variable might be zero leading to a division-by-zero panic. |
+| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:57:17:57:21 | value | This variable might be zero leading to a division-by-zero panic. |
diff --git a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
index ff2053dd942..77cd46d64e6 100644
--- a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
+++ b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
@@ -1,117 +1,117 @@
 edges
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : string | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
-| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : string | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
-| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : string | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
-| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : string | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
-| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : string | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
-| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : string | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
-| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : string | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
-| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : string | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
-| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : string | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
-| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:74:17:74:31 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:75:38:75:44 | escaped |
-| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:81:16:81:33 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:83:38:83:40 | src |
-| HTMLTemplateEscapingPassthrough.go:88:10:88:24 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a |
+| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a |
+| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a |
+| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c |
+| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d |
+| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e |
+| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b |
+| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f |
+| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g |
+| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:74:17:74:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:75:38:75:44 | escaped |
+| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:81:16:81:33 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:83:38:83:40 | src |
+| HTMLTemplateEscapingPassthrough.go:88:10:88:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted |
 nodes
 | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | semmle.label | a |
@@ -121,16 +121,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | semmle.label | a |
@@ -140,16 +140,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | semmle.label | a |
@@ -159,16 +159,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | semmle.label | a |
 | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : HTMLAttr | semmle.label | type conversion : HTMLAttr |
-| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | semmle.label | c |
 | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | semmle.label | c |
 | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | semmle.label | c |
@@ -178,16 +178,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | semmle.label | c |
 | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | semmle.label | c |
 | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : JS | semmle.label | type conversion : JS |
-| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | semmle.label | d |
 | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | semmle.label | d |
 | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | semmle.label | d |
@@ -197,16 +197,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | semmle.label | d |
 | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | semmle.label | d |
 | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : JSStr | semmle.label | type conversion : JSStr |
-| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | semmle.label | e |
 | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | semmle.label | e |
 | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | semmle.label | e |
@@ -216,16 +216,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | semmle.label | e |
 | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | semmle.label | e |
 | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : CSS | semmle.label | type conversion : CSS |
-| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | semmle.label | b |
 | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | semmle.label | b |
 | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | semmle.label | b |
@@ -235,16 +235,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | semmle.label | b |
 | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | semmle.label | b |
 | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : Srcset | semmle.label | type conversion : Srcset |
-| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | semmle.label | f |
 | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | semmle.label | f |
 | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | semmle.label | f |
@@ -254,16 +254,16 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | semmle.label | f |
 | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | semmle.label | f |
 | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : URL | semmle.label | type conversion : URL |
-| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion : string | semmle.label | type conversion : string |
-| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
@@ -272,21 +272,21 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
 | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | semmle.label | g |
-| HTMLTemplateEscapingPassthrough.go:74:17:74:31 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:74:17:74:31 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:75:38:75:44 | escaped | semmle.label | escaped |
-| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:80:10:80:24 | call to UserAgent | semmle.label | call to UserAgent |
 | HTMLTemplateEscapingPassthrough.go:81:16:81:33 | type conversion | semmle.label | type conversion |
 | HTMLTemplateEscapingPassthrough.go:83:38:83:40 | src | semmle.label | src |
-| HTMLTemplateEscapingPassthrough.go:88:10:88:24 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| HTMLTemplateEscapingPassthrough.go:88:10:88:24 | call to UserAgent | semmle.label | call to UserAgent |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
+| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
 | HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion | semmle.label | type conversion |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
-| HTMLTemplateEscapingPassthrough.go:90:16:90:77 | type conversion : HTML | semmle.label | type conversion : HTML |
 | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
 | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
 | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
@@ -296,12 +296,12 @@ nodes
 | HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
 subpaths
 #select
-| HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | Data from an $@ will not be auto-escaped because it was $@ to template.HTMLAttr | HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | Data from an $@ will not be auto-escaped because it was $@ to template.JS | HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | Data from an $@ will not be auto-escaped because it was $@ to template.JSStr | HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | Data from an $@ will not be auto-escaped because it was $@ to template.CSS | HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | Data from an $@ will not be auto-escaped because it was $@ to template.Srcset | HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | converted |
-| HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | Data from an $@ will not be auto-escaped because it was $@ to template.URL | HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:40:40:40 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:39:19:39:33 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:39:9:39:34 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:41:46:41 | c | Data from an $@ will not be auto-escaped because it was $@ to template.HTMLAttr | HTMLTemplateEscapingPassthrough.go:45:29:45:43 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:45:11:45:44 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:44:50:44 | d | Data from an $@ will not be auto-escaped because it was $@ to template.JS | HTMLTemplateEscapingPassthrough.go:49:23:49:37 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:49:11:49:38 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:44:54:44 | e | Data from an $@ will not be auto-escaped because it was $@ to template.JSStr | HTMLTemplateEscapingPassthrough.go:53:26:53:40 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:53:11:53:41 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:38:58:38 | b | Data from an $@ will not be auto-escaped because it was $@ to template.CSS | HTMLTemplateEscapingPassthrough.go:57:24:57:38 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:57:11:57:39 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:44:62:44 | f | Data from an $@ will not be auto-escaped because it was $@ to template.Srcset | HTMLTemplateEscapingPassthrough.go:61:27:61:41 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:61:11:61:42 | type conversion | converted |
+| HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:38:66:38 | g | Data from an $@ will not be auto-escaped because it was $@ to template.URL | HTMLTemplateEscapingPassthrough.go:65:24:65:38 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:65:11:65:39 | type conversion | converted |
diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected
index 5fdd1775d3d..6617c2ee474 100644
--- a/go/ql/test/experimental/CWE-918/SSRF.expected
+++ b/go/ql/test/experimental/CWE-918/SSRF.expected
@@ -1,74 +1,68 @@
 edges
-| builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... |
-| builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput |
-| builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput |
-| builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput |
-| builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput |
-| new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf |
-| new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf |
-| new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf |
-| new-tests.go:39:18:39:30 | call to Param : string | new-tests.go:47:11:47:46 | ...+... |
-| new-tests.go:49:18:49:30 | call to Query : string | new-tests.go:50:11:50:46 | ...+... |
-| new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:68:11:68:57 | call to Sprintf |
-| new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:69:11:69:57 | call to Sprintf |
-| new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:74:12:74:58 | call to Sprintf |
-| new-tests.go:78:18:78:24 | selection of URL : pointer type | new-tests.go:79:11:79:46 | ...+... |
-| new-tests.go:81:37:81:43 | implicit dereference : URL | new-tests.go:81:37:81:43 | implicit dereference : URL |
-| new-tests.go:81:37:81:43 | implicit dereference : URL | new-tests.go:81:37:81:43 | selection of URL : pointer type |
-| new-tests.go:81:37:81:43 | implicit dereference : URL | new-tests.go:82:11:82:46 | ...+... |
-| new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:81:37:81:43 | implicit dereference : URL |
-| new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:81:37:81:43 | selection of URL : pointer type |
-| new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:82:11:82:46 | ...+... |
-| new-tests.go:86:10:86:20 | call to Vars : map type | new-tests.go:88:11:88:46 | ...+... |
-| new-tests.go:95:18:95:45 | call to URLParam : string | new-tests.go:96:11:96:46 | ...+... |
+| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... |
+| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput |
+| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput |
+| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput |
+| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf |
+| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... |
+| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:69:11:69:57 | call to Sprintf |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:74:12:74:58 | call to Sprintf |
+| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:79:11:79:46 | ...+... |
+| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:82:11:82:46 | ...+... |
+| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... |
+| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... |
 nodes
-| builtin.go:19:12:19:34 | call to FormValue : string | semmle.label | call to FormValue : string |
+| builtin.go:19:12:19:34 | call to FormValue | semmle.label | call to FormValue |
 | builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... |
-| builtin.go:83:21:83:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:83:21:83:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:88:27:88:40 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:97:21:97:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:97:21:97:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:101:36:101:49 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:111:21:111:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:111:21:111:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:129:21:129:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput |
-| new-tests.go:26:26:26:30 | &... : pointer type | semmle.label | &... : pointer type |
+| new-tests.go:26:26:26:30 | &... | semmle.label | &... |
 | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:32:11:32:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:35:12:35:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:39:18:39:30 | call to Param : string | semmle.label | call to Param : string |
+| new-tests.go:39:18:39:30 | call to Param | semmle.label | call to Param |
 | new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:49:18:49:30 | call to Query : string | semmle.label | call to Query : string |
+| new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
 | new-tests.go:50:11:50:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:62:31:62:38 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
 | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:69:11:69:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:74:12:74:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:78:18:78:24 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| new-tests.go:78:18:78:24 | selection of URL | semmle.label | selection of URL |
 | new-tests.go:79:11:79:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:81:37:81:43 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| new-tests.go:81:37:81:43 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| new-tests.go:81:37:81:43 | selection of URL | semmle.label | selection of URL |
 | new-tests.go:82:11:82:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:86:10:86:20 | call to Vars : map type | semmle.label | call to Vars : map type |
+| new-tests.go:86:10:86:20 | call to Vars | semmle.label | call to Vars |
 | new-tests.go:88:11:88:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:95:18:95:45 | call to URLParam : string | semmle.label | call to URLParam : string |
+| new-tests.go:95:18:95:45 | call to URLParam | semmle.label | call to URLParam |
 | new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
 subpaths
 #select
-| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. |
-| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. |
-| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. |
-| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. |
-| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. |
-| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param : string | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. |
-| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query : string | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. |
-| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:69:2:69:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:69:11:69:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:74:3:74:59 | call to Get | new-tests.go:62:31:62:38 | selection of Body : ReadCloser | new-tests.go:74:12:74:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:79:2:79:47 | call to Get | new-tests.go:78:18:78:24 | selection of URL : pointer type | new-tests.go:79:11:79:46 | ...+... | The URL of this request depends on a user-provided value. |
-| new-tests.go:82:2:82:47 | call to Get | new-tests.go:81:37:81:43 | selection of URL : pointer type | new-tests.go:82:11:82:46 | ...+... | The URL of this request depends on a user-provided value. |
-| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars : map type | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. |
-| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam : string | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. |
+| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. |
+| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. |
+| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. |
+| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. |
+| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. |
+| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. |
+| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. |
+| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:69:2:69:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:69:11:69:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:74:3:74:59 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:74:12:74:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:79:2:79:47 | call to Get | new-tests.go:78:18:78:24 | selection of URL | new-tests.go:79:11:79:46 | ...+... | The URL of this request depends on a user-provided value. |
+| new-tests.go:82:2:82:47 | call to Get | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:82:11:82:46 | ...+... | The URL of this request depends on a user-provided value. |
+| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. |
+| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. |
diff --git a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
index 277a4b6df90..612c6ef1e51 100644
--- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
+++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
@@ -1,62 +1,62 @@
 edges
-| WrongUsageOfUnsafe.go:17:24:17:48 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:17:13:17:49 | type conversion |
-| WrongUsageOfUnsafe.go:34:24:34:51 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:34:13:34:52 | type conversion |
-| WrongUsageOfUnsafe.go:55:24:55:51 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:55:13:55:52 | type conversion |
-| WrongUsageOfUnsafe.go:77:27:77:54 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion |
-| WrongUsageOfUnsafe.go:93:20:93:44 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:93:13:93:45 | type conversion |
-| WrongUsageOfUnsafe.go:111:31:111:58 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion |
-| WrongUsageOfUnsafe.go:129:31:129:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion |
-| WrongUsageOfUnsafe.go:149:31:149:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion |
-| WrongUsageOfUnsafe.go:166:33:166:57 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion |
-| WrongUsageOfUnsafe.go:189:31:189:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion |
-| WrongUsageOfUnsafe.go:211:31:211:60 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req : unsafe.Pointer |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req : unsafe.Pointer | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion |
-| WrongUsageOfUnsafe.go:256:28:256:52 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion |
-| WrongUsageOfUnsafe.go:274:25:274:49 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion |
-| WrongUsageOfUnsafe.go:292:23:292:47 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion |
+| WrongUsageOfUnsafe.go:17:24:17:48 | type conversion | WrongUsageOfUnsafe.go:17:13:17:49 | type conversion |
+| WrongUsageOfUnsafe.go:34:24:34:51 | type conversion | WrongUsageOfUnsafe.go:34:13:34:52 | type conversion |
+| WrongUsageOfUnsafe.go:55:24:55:51 | type conversion | WrongUsageOfUnsafe.go:55:13:55:52 | type conversion |
+| WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion |
+| WrongUsageOfUnsafe.go:93:20:93:44 | type conversion | WrongUsageOfUnsafe.go:93:13:93:45 | type conversion |
+| WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion |
+| WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion |
+| WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion |
+| WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion |
+| WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion |
+| WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req |
+| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion |
+| WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion |
+| WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion |
+| WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion |
 nodes
 | WrongUsageOfUnsafe.go:17:13:17:49 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:17:24:17:48 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:17:24:17:48 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:34:13:34:52 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:34:24:34:51 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:34:24:34:51 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:55:13:55:52 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:55:24:55:51 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:55:24:55:51 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:77:27:77:54 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:93:13:93:45 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:93:20:93:44 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:93:20:93:44 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:111:31:111:58 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:129:31:129:55 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:149:31:149:55 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:166:33:166:57 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:189:31:189:55 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:211:31:211:60 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req : unsafe.Pointer | semmle.label | definition of req : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
+| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | semmle.label | definition of req |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:256:28:256:52 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:274:25:274:49 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:292:23:292:47 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
+| WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | semmle.label | type conversion |
 subpaths
 #select
-| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
-| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
-| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
-| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
-| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
-| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
-| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |
+| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
+| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
+| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
+| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
+| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
+| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
+| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |
diff --git a/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.expected b/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.expected
index 24eac7cebc1..bf1bd76aa33 100644
--- a/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.expected
+++ b/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.expected
@@ -1,59 +1,59 @@
-| generic.go:33:2:33:5 | GetT | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | GenericInterface | GetT |
-| generic.go:48:2:48:6 | clone | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | clone |
-| generic.go:49:2:49:7 | dummy1 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy1 |
-| generic.go:50:2:50:7 | dummy2 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy2 |
-| generic.go:51:2:51:7 | dummy3 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy3 |
-| generic.go:52:2:52:7 | dummy4 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy4 |
-| generic.go:53:2:53:7 | dummy5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy5 |
-| generic.go:54:2:54:7 | dummy6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy6 |
-| generic.go:55:2:55:7 | dummy7 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy7 |
-| generic.go:56:2:56:8 | dummy11 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy11 |
-| generic.go:57:2:57:8 | dummy12 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy12 |
-| generic.go:58:2:58:8 | dummy13 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy13 |
-| generic.go:59:2:59:8 | dummy14 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy14 |
-| generic.go:60:2:60:8 | dummy15 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy15 |
-| generic.go:61:2:61:8 | dummy17 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy17 |
-| generic.go:62:2:62:8 | dummy18 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy18 |
-| generic.go:63:2:63:8 | dummy19 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy19 |
-| generic.go:64:2:64:8 | dummy20 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | MyInterface | dummy20 |
-| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i6 | String |
-| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i8 | String |
-| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i9 | String |
-| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i14 | String |
-| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i15 | String |
-| interface.go:37:2:37:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i7 | String |
-| interface.go:43:2:43:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i8 | StringA |
-| interface.go:43:2:43:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i14 | StringA |
-| interface.go:49:2:49:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i9 | StringB |
-| interface.go:49:2:49:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i15 | StringB |
-| interface.go:92:2:92:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i17 | StringA |
-| interface.go:97:2:97:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i18 | StringA |
-| interface.go:102:2:102:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i19 | StringB |
-| interface.go:107:2:107:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types | i20 | StringB |
-| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | base | f |
-| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder | f |
-| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder2 | f |
-| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | ptrembedder | f |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | base | g |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder | g |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder2 | g |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder3 | g |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder4 | g |
-| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | ptrembedder | g |
-| pkg1/embedding.go:30:18:30:18 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | embedder3 | f |
-| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | A | m |
-| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AC | m |
-| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AEmbedded | m |
-| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AExtended | m |
-| pkg1/interfaces.go:8:2:8:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | B | m |
-| pkg1/interfaces.go:9:2:9:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | B | n |
-| pkg1/interfaces.go:13:2:13:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AC | n |
-| pkg1/interfaces.go:13:2:13:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | C | n |
-| pkg1/interfaces.go:14:2:14:2 | o | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AC | o |
-| pkg1/interfaces.go:14:2:14:2 | o | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | C | o |
-| pkg1/interfaces.go:28:2:28:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | AExtended | n |
-| pkg1/interfaces.go:32:2:32:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | A2 | m |
-| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | Foo | half |
-| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | T | half |
-| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | T3 | half |
-| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 | T4 | half |
+| generic.go:33:2:33:5 | GetT | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.GenericInterface | GetT |
+| generic.go:48:2:48:6 | clone | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | clone |
+| generic.go:49:2:49:7 | dummy1 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy1 |
+| generic.go:50:2:50:7 | dummy2 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy2 |
+| generic.go:51:2:51:7 | dummy3 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy3 |
+| generic.go:52:2:52:7 | dummy4 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy4 |
+| generic.go:53:2:53:7 | dummy5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy5 |
+| generic.go:54:2:54:7 | dummy6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy6 |
+| generic.go:55:2:55:7 | dummy7 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy7 |
+| generic.go:56:2:56:8 | dummy11 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy11 |
+| generic.go:57:2:57:8 | dummy12 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy12 |
+| generic.go:58:2:58:8 | dummy13 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy13 |
+| generic.go:59:2:59:8 | dummy14 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy14 |
+| generic.go:60:2:60:8 | dummy15 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy15 |
+| generic.go:61:2:61:8 | dummy17 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy17 |
+| generic.go:62:2:62:8 | dummy18 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy18 |
+| generic.go:63:2:63:8 | dummy19 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy19 |
+| generic.go:64:2:64:8 | dummy20 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.MyInterface | dummy20 |
+| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i6 | String |
+| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i8 | String |
+| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i9 | String |
+| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i14 | String |
+| interface.go:30:2:30:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i15 | String |
+| interface.go:37:2:37:7 | String | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i7 | String |
+| interface.go:43:2:43:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i8 | StringA |
+| interface.go:43:2:43:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i14 | StringA |
+| interface.go:49:2:49:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i9 | StringB |
+| interface.go:49:2:49:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i15 | StringB |
+| interface.go:92:2:92:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i17 | StringA |
+| interface.go:97:2:97:8 | StringA | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i18 | StringA |
+| interface.go:102:2:102:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i19 | StringB |
+| interface.go:107:2:107:8 | StringB | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i20 | StringB |
+| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.base | f |
+| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder | f |
+| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder2 | f |
+| pkg1/embedding.go:10:13:10:13 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.ptrembedder | f |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.base | g |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder | g |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder2 | g |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder3 | g |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder4 | g |
+| pkg1/embedding.go:14:14:14:14 | g | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.ptrembedder | g |
+| pkg1/embedding.go:30:18:30:18 | f | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder3 | f |
+| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.A | m |
+| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AC | m |
+| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AEmbedded | m |
+| pkg1/interfaces.go:4:2:4:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AExtended | m |
+| pkg1/interfaces.go:8:2:8:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.B | m |
+| pkg1/interfaces.go:9:2:9:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.B | n |
+| pkg1/interfaces.go:13:2:13:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AC | n |
+| pkg1/interfaces.go:13:2:13:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.C | n |
+| pkg1/interfaces.go:14:2:14:2 | o | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AC | o |
+| pkg1/interfaces.go:14:2:14:2 | o | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.C | o |
+| pkg1/interfaces.go:28:2:28:2 | n | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.AExtended | n |
+| pkg1/interfaces.go:32:2:32:2 | m | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.A2 | m |
+| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.Foo | half |
+| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.T | half |
+| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.T3 | half |
+| pkg1/tst.go:33:16:33:19 | half | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.T4 | half |
diff --git a/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.ql b/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.ql
index b8df1364fc1..e6700d82e47 100644
--- a/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.ql
+++ b/go/ql/test/library-tests/semmle/go/Types/Method_hasQualifiedName2.ql
@@ -1,5 +1,5 @@
 import go
 
-from Method meth, string pkg, string tp, string m
-where meth.hasQualifiedName(pkg, tp, m)
-select meth.getDeclaration(), pkg, tp, m
+from Method meth, string tp, string m
+where meth.hasQualifiedName(tp, m)
+select meth.getDeclaration(), tp, m
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected
index f8721f61972..523d27be250 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected
@@ -1,22 +1,22 @@
 edges
-| test.go:9:9:9:11 | selection of c [collection] : string | test.go:9:7:9:11 | <-... |
-| test.go:13:16:13:16 | definition of s [pointer, c, collection] : string | test.go:16:2:16:2 | s [pointer, c, collection] : string |
-| test.go:15:10:15:17 | call to source : string | test.go:16:9:16:12 | data : string |
-| test.go:16:2:16:2 | implicit dereference [c, collection] : string | test.go:13:16:13:16 | definition of s [pointer, c, collection] : string |
-| test.go:16:2:16:2 | implicit dereference [c, collection] : string | test.go:16:2:16:4 | selection of c [collection] : string |
-| test.go:16:2:16:2 | s [pointer, c, collection] : string | test.go:16:2:16:2 | implicit dereference [c, collection] : string |
-| test.go:16:2:16:4 | selection of c [collection] : string | test.go:9:9:9:11 | selection of c [collection] : string |
-| test.go:16:2:16:4 | selection of c [collection] : string | test.go:16:2:16:2 | implicit dereference [c, collection] : string |
-| test.go:16:9:16:12 | data : string | test.go:16:2:16:4 | selection of c [collection] : string |
+| test.go:9:9:9:11 | selection of c [collection] | test.go:9:7:9:11 | <-... |
+| test.go:13:16:13:16 | definition of s [pointer, c, collection] | test.go:16:2:16:2 | s [pointer, c, collection] |
+| test.go:15:10:15:17 | call to source | test.go:16:9:16:12 | data |
+| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:13:16:13:16 | definition of s [pointer, c, collection] |
+| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:16:2:16:4 | selection of c [collection] |
+| test.go:16:2:16:2 | s [pointer, c, collection] | test.go:16:2:16:2 | implicit dereference [c, collection] |
+| test.go:16:2:16:4 | selection of c [collection] | test.go:9:9:9:11 | selection of c [collection] |
+| test.go:16:2:16:4 | selection of c [collection] | test.go:16:2:16:2 | implicit dereference [c, collection] |
+| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [collection] |
 nodes
 | test.go:9:7:9:11 | <-... | semmle.label | <-... |
-| test.go:9:9:9:11 | selection of c [collection] : string | semmle.label | selection of c [collection] : string |
-| test.go:13:16:13:16 | definition of s [pointer, c, collection] : string | semmle.label | definition of s [pointer, c, collection] : string |
-| test.go:15:10:15:17 | call to source : string | semmle.label | call to source : string |
-| test.go:16:2:16:2 | implicit dereference [c, collection] : string | semmle.label | implicit dereference [c, collection] : string |
-| test.go:16:2:16:2 | s [pointer, c, collection] : string | semmle.label | s [pointer, c, collection] : string |
-| test.go:16:2:16:4 | selection of c [collection] : string | semmle.label | selection of c [collection] : string |
-| test.go:16:9:16:12 | data : string | semmle.label | data : string |
+| test.go:9:9:9:11 | selection of c [collection] | semmle.label | selection of c [collection] |
+| test.go:13:16:13:16 | definition of s [pointer, c, collection] | semmle.label | definition of s [pointer, c, collection] |
+| test.go:15:10:15:17 | call to source | semmle.label | call to source |
+| test.go:16:2:16:2 | implicit dereference [c, collection] | semmle.label | implicit dereference [c, collection] |
+| test.go:16:2:16:2 | s [pointer, c, collection] | semmle.label | s [pointer, c, collection] |
+| test.go:16:2:16:4 | selection of c [collection] | semmle.label | selection of c [collection] |
+| test.go:16:9:16:12 | data | semmle.label | data |
 subpaths
 #select
-| test.go:15:10:15:17 | call to source : string | test.go:15:10:15:17 | call to source : string | test.go:9:7:9:11 | <-... | path |
+| test.go:15:10:15:17 | call to source | test.go:15:10:15:17 | call to source | test.go:9:7:9:11 | <-... | path |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql
index 543aecd5d97..c6603c5df93 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql
@@ -22,5 +22,5 @@ class SummaryModelTest extends SummaryModelCsv {
 }
 
 from DataFlow::Node node1, DataFlow::Node node2
-where FlowSummaryImpl::Private::Steps::summaryThroughStep(node1, node2, false)
+where FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, _)
 select node1, node2
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
index cb39cfdd247..37feb5ef6f5 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
@@ -1,317 +1,192 @@
 edges
-| test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:13:29:30 | type conversion |
-| test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:20:29:26 | selection of a : slice type |
-| test.go:27:6:27:10 | definition of bound : bindMe | test.go:30:13:30:27 | type conversion |
-| test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:13:31:29 | type conversion |
-| test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:20:31:26 | selection of c : subBindMe |
-| test.go:29:20:29:26 | selection of a : slice type | test.go:29:13:29:30 | type conversion |
-| test.go:31:20:31:26 | selection of c : subBindMe | test.go:31:13:31:29 | type conversion |
-| test.go:36:20:36:42 | call to Cookie : string | test.go:36:13:36:43 | type conversion |
-| test.go:41:20:41:31 | call to Data : map type | test.go:41:13:41:52 | type conversion |
-| test.go:46:20:46:43 | call to GetData : basic interface type | test.go:46:13:46:53 | type conversion |
-| test.go:51:20:51:42 | call to Header : string | test.go:51:13:51:43 | type conversion |
-| test.go:56:20:56:41 | call to Param : string | test.go:56:13:56:42 | type conversion |
-| test.go:61:20:61:33 | call to Params : map type | test.go:61:13:61:45 | type conversion |
-| test.go:66:20:66:41 | call to Query : string | test.go:66:13:66:42 | type conversion |
-| test.go:71:20:71:32 | call to Refer : string | test.go:71:13:71:33 | type conversion |
-| test.go:76:20:76:34 | call to Referer : string | test.go:76:13:76:35 | type conversion |
-| test.go:81:20:81:30 | call to URI : string | test.go:81:13:81:31 | type conversion |
-| test.go:86:20:86:30 | call to URL : string | test.go:86:13:86:31 | type conversion |
-| test.go:91:20:91:36 | call to UserAgent : string | test.go:91:13:91:37 | type conversion |
-| test.go:96:14:96:25 | call to Data : map type | test.go:96:14:96:45 | type assertion |
-| test.go:108:14:108:25 | call to Data : map type | test.go:108:14:108:45 | type assertion |
-| test.go:120:14:120:25 | call to Data : map type | test.go:120:14:120:45 | type assertion |
-| test.go:137:23:137:42 | call to Data : map type | test.go:137:23:137:62 | type assertion |
-| test.go:193:15:193:26 | call to Data : map type | test.go:194:14:194:55 | type conversion |
-| test.go:193:15:193:26 | call to Data : map type | test.go:195:14:195:58 | type conversion |
-| test.go:193:15:193:26 | call to Data : map type | test.go:197:14:197:28 | type assertion |
-| test.go:193:15:193:26 | call to Data : map type | test.go:198:14:198:55 | type conversion |
-| test.go:193:15:193:26 | call to Data : map type | test.go:199:14:199:59 | type conversion |
-| test.go:202:18:202:33 | selection of Form : Values | test.go:203:14:203:28 | type conversion |
-| test.go:217:2:217:34 | ... := ...[0] : File | test.go:220:14:220:20 | content |
-| test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:14:218:32 | type conversion |
-| test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:21:218:22 | implicit dereference : FileHeader |
-| test.go:218:21:218:22 | implicit dereference : FileHeader | test.go:218:14:218:32 | type conversion |
-| test.go:218:21:218:22 | implicit dereference : FileHeader | test.go:218:21:218:22 | implicit dereference : FileHeader |
-| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:14:223:38 | type conversion |
-| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:21:223:28 | implicit dereference : FileHeader |
-| test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:21:223:28 | index expression : pointer type |
-| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:14:223:38 | type conversion |
-| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:21:223:28 | implicit dereference : FileHeader |
-| test.go:223:21:223:28 | implicit dereference : FileHeader | test.go:223:21:223:28 | index expression : pointer type |
-| test.go:223:21:223:28 | index expression : pointer type | test.go:223:14:223:38 | type conversion |
-| test.go:223:21:223:28 | index expression : pointer type | test.go:223:21:223:28 | implicit dereference : FileHeader |
-| test.go:223:21:223:28 | index expression : pointer type | test.go:223:21:223:28 | index expression : pointer type |
-| test.go:225:7:225:28 | call to GetString : string | test.go:226:14:226:22 | type conversion |
-| test.go:228:8:228:35 | call to GetStrings : slice type | test.go:229:14:229:26 | type conversion |
-| test.go:231:9:231:17 | call to Input : Values | test.go:232:14:232:27 | type conversion |
-| test.go:234:6:234:8 | definition of str : myStruct | test.go:236:14:236:30 | type conversion |
-| test.go:240:15:240:36 | call to GetString : string | test.go:243:21:243:29 | untrusted |
-| test.go:253:23:253:44 | call to GetCookie : string | test.go:253:16:253:45 | type conversion |
-| test.go:264:62:264:83 | call to GetCookie : string | test.go:264:55:264:84 | type conversion |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:21:277:61 | call to GetDisplayString |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:44:277:51 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:44:277:51 | index expression : pointer type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:53 | call to SliceChunk : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:56 | index expression : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:92 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:60 | call to SliceDiff : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:87 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:96 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:44 | call to SliceFilter : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:71 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:80 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:65 | call to SliceIntersect : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:92 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:65 | call to SliceIntersect : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:92 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:101 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:61 | call to SliceMerge : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:88 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:61 | call to SliceMerge : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:88 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:97 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:66 | call to SlicePad : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:93 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:66 | call to SlicePad : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:93 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:102 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:73 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:82 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:97 | call to SliceReduce : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:124 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:133 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:52 | call to SliceShuffle : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:79 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:88 | selection of Filename |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:51 | call to SliceUnique : slice type |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:78 | implicit dereference : FileHeader |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:87 | selection of Filename |
-| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:21:277:61 | call to GetDisplayString |
-| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:44:277:51 | implicit dereference : FileHeader |
-| test.go:277:44:277:51 | implicit dereference : FileHeader | test.go:277:44:277:51 | index expression : pointer type |
-| test.go:277:44:277:51 | index expression : pointer type | test.go:277:21:277:61 | call to GetDisplayString |
-| test.go:277:44:277:51 | index expression : pointer type | test.go:277:44:277:51 | implicit dereference : FileHeader |
-| test.go:277:44:277:51 | index expression : pointer type | test.go:277:44:277:51 | index expression : pointer type |
-| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:56 | index expression : slice type |
-| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader |
-| test.go:278:21:278:53 | call to SliceChunk : slice type | test.go:278:21:278:92 | selection of Filename |
-| test.go:278:21:278:56 | index expression : slice type | test.go:278:21:278:83 | implicit dereference : FileHeader |
-| test.go:278:21:278:56 | index expression : slice type | test.go:278:21:278:92 | selection of Filename |
-| test.go:278:21:278:83 | implicit dereference : FileHeader | test.go:278:21:278:92 | selection of Filename |
-| test.go:279:21:279:60 | call to SliceDiff : slice type | test.go:279:21:279:87 | implicit dereference : FileHeader |
-| test.go:279:21:279:60 | call to SliceDiff : slice type | test.go:279:21:279:96 | selection of Filename |
-| test.go:279:21:279:87 | implicit dereference : FileHeader | test.go:279:21:279:96 | selection of Filename |
-| test.go:284:3:286:44 | call to SliceFilter : slice type | test.go:284:3:286:71 | implicit dereference : FileHeader |
-| test.go:284:3:286:44 | call to SliceFilter : slice type | test.go:284:3:286:80 | selection of Filename |
-| test.go:284:3:286:71 | implicit dereference : FileHeader | test.go:284:3:286:80 | selection of Filename |
-| test.go:287:21:287:65 | call to SliceIntersect : slice type | test.go:287:21:287:92 | implicit dereference : FileHeader |
-| test.go:287:21:287:65 | call to SliceIntersect : slice type | test.go:287:21:287:101 | selection of Filename |
-| test.go:287:21:287:92 | implicit dereference : FileHeader | test.go:287:21:287:101 | selection of Filename |
-| test.go:288:21:288:65 | call to SliceIntersect : slice type | test.go:288:21:288:92 | implicit dereference : FileHeader |
-| test.go:288:21:288:65 | call to SliceIntersect : slice type | test.go:288:21:288:101 | selection of Filename |
-| test.go:288:21:288:92 | implicit dereference : FileHeader | test.go:288:21:288:101 | selection of Filename |
-| test.go:289:21:289:61 | call to SliceMerge : slice type | test.go:289:21:289:88 | implicit dereference : FileHeader |
-| test.go:289:21:289:61 | call to SliceMerge : slice type | test.go:289:21:289:97 | selection of Filename |
-| test.go:289:21:289:88 | implicit dereference : FileHeader | test.go:289:21:289:97 | selection of Filename |
-| test.go:290:21:290:61 | call to SliceMerge : slice type | test.go:290:21:290:88 | implicit dereference : FileHeader |
-| test.go:290:21:290:61 | call to SliceMerge : slice type | test.go:290:21:290:97 | selection of Filename |
-| test.go:290:21:290:88 | implicit dereference : FileHeader | test.go:290:21:290:97 | selection of Filename |
-| test.go:291:21:291:66 | call to SlicePad : slice type | test.go:291:21:291:93 | implicit dereference : FileHeader |
-| test.go:291:21:291:66 | call to SlicePad : slice type | test.go:291:21:291:102 | selection of Filename |
-| test.go:291:21:291:93 | implicit dereference : FileHeader | test.go:291:21:291:102 | selection of Filename |
-| test.go:292:21:292:66 | call to SlicePad : slice type | test.go:292:21:292:93 | implicit dereference : FileHeader |
-| test.go:292:21:292:66 | call to SlicePad : slice type | test.go:292:21:292:102 | selection of Filename |
-| test.go:292:21:292:93 | implicit dereference : FileHeader | test.go:292:21:292:102 | selection of Filename |
-| test.go:293:21:293:73 | implicit dereference : FileHeader | test.go:293:21:293:82 | selection of Filename |
-| test.go:295:21:295:97 | call to SliceReduce : slice type | test.go:295:21:295:124 | implicit dereference : FileHeader |
-| test.go:295:21:295:97 | call to SliceReduce : slice type | test.go:295:21:295:133 | selection of Filename |
-| test.go:295:21:295:124 | implicit dereference : FileHeader | test.go:295:21:295:133 | selection of Filename |
-| test.go:296:21:296:52 | call to SliceShuffle : slice type | test.go:296:21:296:79 | implicit dereference : FileHeader |
-| test.go:296:21:296:52 | call to SliceShuffle : slice type | test.go:296:21:296:88 | selection of Filename |
-| test.go:296:21:296:79 | implicit dereference : FileHeader | test.go:296:21:296:88 | selection of Filename |
-| test.go:297:21:297:51 | call to SliceUnique : slice type | test.go:297:21:297:78 | implicit dereference : FileHeader |
-| test.go:297:21:297:51 | call to SliceUnique : slice type | test.go:297:21:297:87 | selection of Filename |
-| test.go:297:21:297:78 | implicit dereference : FileHeader | test.go:297:21:297:87 | selection of Filename |
-| test.go:303:15:303:36 | call to GetString : string | test.go:305:21:305:48 | type assertion |
-| test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:32 | call to Items : map type |
-| test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:52 | type assertion |
-| test.go:306:21:306:32 | call to Items : map type | test.go:306:21:306:52 | type assertion |
+| test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion |
+| test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion |
+| test.go:27:6:27:10 | definition of bound | test.go:31:13:31:29 | type conversion |
+| test.go:36:20:36:42 | call to Cookie | test.go:36:13:36:43 | type conversion |
+| test.go:41:20:41:31 | call to Data | test.go:41:13:41:52 | type conversion |
+| test.go:46:20:46:43 | call to GetData | test.go:46:13:46:53 | type conversion |
+| test.go:51:20:51:42 | call to Header | test.go:51:13:51:43 | type conversion |
+| test.go:56:20:56:41 | call to Param | test.go:56:13:56:42 | type conversion |
+| test.go:61:20:61:33 | call to Params | test.go:61:13:61:45 | type conversion |
+| test.go:66:20:66:41 | call to Query | test.go:66:13:66:42 | type conversion |
+| test.go:71:20:71:32 | call to Refer | test.go:71:13:71:33 | type conversion |
+| test.go:76:20:76:34 | call to Referer | test.go:76:13:76:35 | type conversion |
+| test.go:81:20:81:30 | call to URI | test.go:81:13:81:31 | type conversion |
+| test.go:86:20:86:30 | call to URL | test.go:86:13:86:31 | type conversion |
+| test.go:91:20:91:36 | call to UserAgent | test.go:91:13:91:37 | type conversion |
+| test.go:96:14:96:25 | call to Data | test.go:96:14:96:45 | type assertion |
+| test.go:108:14:108:25 | call to Data | test.go:108:14:108:45 | type assertion |
+| test.go:120:14:120:25 | call to Data | test.go:120:14:120:45 | type assertion |
+| test.go:137:23:137:42 | call to Data | test.go:137:23:137:62 | type assertion |
+| test.go:193:15:193:26 | call to Data | test.go:194:14:194:55 | type conversion |
+| test.go:193:15:193:26 | call to Data | test.go:195:14:195:58 | type conversion |
+| test.go:193:15:193:26 | call to Data | test.go:197:14:197:28 | type assertion |
+| test.go:193:15:193:26 | call to Data | test.go:198:14:198:55 | type conversion |
+| test.go:193:15:193:26 | call to Data | test.go:199:14:199:59 | type conversion |
+| test.go:202:18:202:33 | selection of Form | test.go:203:14:203:28 | type conversion |
+| test.go:217:2:217:34 | ... := ...[0] | test.go:220:14:220:20 | content |
+| test.go:217:2:217:34 | ... := ...[1] | test.go:218:14:218:32 | type conversion |
+| test.go:222:2:222:40 | ... := ...[0] | test.go:223:14:223:38 | type conversion |
+| test.go:225:7:225:28 | call to GetString | test.go:226:14:226:22 | type conversion |
+| test.go:228:8:228:35 | call to GetStrings | test.go:229:14:229:26 | type conversion |
+| test.go:231:9:231:17 | call to Input | test.go:232:14:232:27 | type conversion |
+| test.go:234:6:234:8 | definition of str | test.go:236:14:236:30 | type conversion |
+| test.go:240:15:240:36 | call to GetString | test.go:243:21:243:29 | untrusted |
+| test.go:253:23:253:44 | call to GetCookie | test.go:253:16:253:45 | type conversion |
+| test.go:264:62:264:83 | call to GetCookie | test.go:264:55:264:84 | type conversion |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:277:21:277:61 | call to GetDisplayString |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:278:21:278:92 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:279:21:279:96 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:284:3:286:80 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:287:21:287:101 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:288:21:288:101 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:289:21:289:97 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:290:21:290:97 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:291:21:291:102 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:292:21:292:102 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:293:21:293:82 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:295:21:295:133 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:296:21:296:88 | selection of Filename |
+| test.go:269:2:269:40 | ... := ...[0] | test.go:297:21:297:87 | selection of Filename |
+| test.go:303:15:303:36 | call to GetString | test.go:305:21:305:48 | type assertion |
+| test.go:303:15:303:36 | call to GetString | test.go:306:21:306:52 | type assertion |
 nodes
-| test.go:27:6:27:10 | definition of bound : bindMe | semmle.label | definition of bound : bindMe |
+| test.go:27:6:27:10 | definition of bound | semmle.label | definition of bound |
 | test.go:29:13:29:30 | type conversion | semmle.label | type conversion |
-| test.go:29:20:29:26 | selection of a : slice type | semmle.label | selection of a : slice type |
 | test.go:30:13:30:27 | type conversion | semmle.label | type conversion |
 | test.go:31:13:31:29 | type conversion | semmle.label | type conversion |
-| test.go:31:20:31:26 | selection of c : subBindMe | semmle.label | selection of c : subBindMe |
 | test.go:36:13:36:43 | type conversion | semmle.label | type conversion |
-| test.go:36:20:36:42 | call to Cookie : string | semmle.label | call to Cookie : string |
+| test.go:36:20:36:42 | call to Cookie | semmle.label | call to Cookie |
 | test.go:41:13:41:52 | type conversion | semmle.label | type conversion |
-| test.go:41:20:41:31 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:41:20:41:31 | call to Data | semmle.label | call to Data |
 | test.go:46:13:46:53 | type conversion | semmle.label | type conversion |
-| test.go:46:20:46:43 | call to GetData : basic interface type | semmle.label | call to GetData : basic interface type |
+| test.go:46:20:46:43 | call to GetData | semmle.label | call to GetData |
 | test.go:51:13:51:43 | type conversion | semmle.label | type conversion |
-| test.go:51:20:51:42 | call to Header : string | semmle.label | call to Header : string |
+| test.go:51:20:51:42 | call to Header | semmle.label | call to Header |
 | test.go:56:13:56:42 | type conversion | semmle.label | type conversion |
-| test.go:56:20:56:41 | call to Param : string | semmle.label | call to Param : string |
+| test.go:56:20:56:41 | call to Param | semmle.label | call to Param |
 | test.go:61:13:61:45 | type conversion | semmle.label | type conversion |
-| test.go:61:20:61:33 | call to Params : map type | semmle.label | call to Params : map type |
+| test.go:61:20:61:33 | call to Params | semmle.label | call to Params |
 | test.go:66:13:66:42 | type conversion | semmle.label | type conversion |
-| test.go:66:20:66:41 | call to Query : string | semmle.label | call to Query : string |
+| test.go:66:20:66:41 | call to Query | semmle.label | call to Query |
 | test.go:71:13:71:33 | type conversion | semmle.label | type conversion |
-| test.go:71:20:71:32 | call to Refer : string | semmle.label | call to Refer : string |
+| test.go:71:20:71:32 | call to Refer | semmle.label | call to Refer |
 | test.go:76:13:76:35 | type conversion | semmle.label | type conversion |
-| test.go:76:20:76:34 | call to Referer : string | semmle.label | call to Referer : string |
+| test.go:76:20:76:34 | call to Referer | semmle.label | call to Referer |
 | test.go:81:13:81:31 | type conversion | semmle.label | type conversion |
-| test.go:81:20:81:30 | call to URI : string | semmle.label | call to URI : string |
+| test.go:81:20:81:30 | call to URI | semmle.label | call to URI |
 | test.go:86:13:86:31 | type conversion | semmle.label | type conversion |
-| test.go:86:20:86:30 | call to URL : string | semmle.label | call to URL : string |
+| test.go:86:20:86:30 | call to URL | semmle.label | call to URL |
 | test.go:91:13:91:37 | type conversion | semmle.label | type conversion |
-| test.go:91:20:91:36 | call to UserAgent : string | semmle.label | call to UserAgent : string |
-| test.go:96:14:96:25 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:91:20:91:36 | call to UserAgent | semmle.label | call to UserAgent |
+| test.go:96:14:96:25 | call to Data | semmle.label | call to Data |
 | test.go:96:14:96:45 | type assertion | semmle.label | type assertion |
-| test.go:108:14:108:25 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:108:14:108:25 | call to Data | semmle.label | call to Data |
 | test.go:108:14:108:45 | type assertion | semmle.label | type assertion |
-| test.go:120:14:120:25 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:120:14:120:25 | call to Data | semmle.label | call to Data |
 | test.go:120:14:120:45 | type assertion | semmle.label | type assertion |
-| test.go:137:23:137:42 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:137:23:137:42 | call to Data | semmle.label | call to Data |
 | test.go:137:23:137:62 | type assertion | semmle.label | type assertion |
-| test.go:193:15:193:26 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:193:15:193:26 | call to Data | semmle.label | call to Data |
 | test.go:194:14:194:55 | type conversion | semmle.label | type conversion |
 | test.go:195:14:195:58 | type conversion | semmle.label | type conversion |
 | test.go:197:14:197:28 | type assertion | semmle.label | type assertion |
 | test.go:198:14:198:55 | type conversion | semmle.label | type conversion |
 | test.go:199:14:199:59 | type conversion | semmle.label | type conversion |
-| test.go:202:18:202:33 | selection of Form : Values | semmle.label | selection of Form : Values |
+| test.go:202:18:202:33 | selection of Form | semmle.label | selection of Form |
 | test.go:203:14:203:28 | type conversion | semmle.label | type conversion |
-| test.go:217:2:217:34 | ... := ...[0] : File | semmle.label | ... := ...[0] : File |
-| test.go:217:2:217:34 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type |
+| test.go:217:2:217:34 | ... := ...[0] | semmle.label | ... := ...[0] |
+| test.go:217:2:217:34 | ... := ...[1] | semmle.label | ... := ...[1] |
 | test.go:218:14:218:32 | type conversion | semmle.label | type conversion |
-| test.go:218:21:218:22 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:220:14:220:20 | content | semmle.label | content |
-| test.go:222:2:222:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| test.go:222:2:222:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:223:14:223:38 | type conversion | semmle.label | type conversion |
-| test.go:223:21:223:28 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
-| test.go:223:21:223:28 | index expression : pointer type | semmle.label | index expression : pointer type |
-| test.go:225:7:225:28 | call to GetString : string | semmle.label | call to GetString : string |
+| test.go:225:7:225:28 | call to GetString | semmle.label | call to GetString |
 | test.go:226:14:226:22 | type conversion | semmle.label | type conversion |
-| test.go:228:8:228:35 | call to GetStrings : slice type | semmle.label | call to GetStrings : slice type |
+| test.go:228:8:228:35 | call to GetStrings | semmle.label | call to GetStrings |
 | test.go:229:14:229:26 | type conversion | semmle.label | type conversion |
-| test.go:231:9:231:17 | call to Input : Values | semmle.label | call to Input : Values |
+| test.go:231:9:231:17 | call to Input | semmle.label | call to Input |
 | test.go:232:14:232:27 | type conversion | semmle.label | type conversion |
-| test.go:234:6:234:8 | definition of str : myStruct | semmle.label | definition of str : myStruct |
+| test.go:234:6:234:8 | definition of str | semmle.label | definition of str |
 | test.go:236:14:236:30 | type conversion | semmle.label | type conversion |
-| test.go:240:15:240:36 | call to GetString : string | semmle.label | call to GetString : string |
+| test.go:240:15:240:36 | call to GetString | semmle.label | call to GetString |
 | test.go:243:21:243:29 | untrusted | semmle.label | untrusted |
 | test.go:253:16:253:45 | type conversion | semmle.label | type conversion |
-| test.go:253:23:253:44 | call to GetCookie : string | semmle.label | call to GetCookie : string |
+| test.go:253:23:253:44 | call to GetCookie | semmle.label | call to GetCookie |
 | test.go:258:16:258:37 | call to GetCookie | semmle.label | call to GetCookie |
 | test.go:259:15:259:41 | call to GetCookie | semmle.label | call to GetCookie |
 | test.go:264:55:264:84 | type conversion | semmle.label | type conversion |
-| test.go:264:62:264:83 | call to GetCookie : string | semmle.label | call to GetCookie : string |
-| test.go:269:2:269:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| test.go:264:62:264:83 | call to GetCookie | semmle.label | call to GetCookie |
+| test.go:269:2:269:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:277:21:277:61 | call to GetDisplayString | semmle.label | call to GetDisplayString |
-| test.go:277:44:277:51 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
-| test.go:277:44:277:51 | index expression : pointer type | semmle.label | index expression : pointer type |
-| test.go:278:21:278:53 | call to SliceChunk : slice type | semmle.label | call to SliceChunk : slice type |
-| test.go:278:21:278:56 | index expression : slice type | semmle.label | index expression : slice type |
-| test.go:278:21:278:83 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:278:21:278:92 | selection of Filename | semmle.label | selection of Filename |
-| test.go:279:21:279:60 | call to SliceDiff : slice type | semmle.label | call to SliceDiff : slice type |
-| test.go:279:21:279:87 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:279:21:279:96 | selection of Filename | semmle.label | selection of Filename |
-| test.go:284:3:286:44 | call to SliceFilter : slice type | semmle.label | call to SliceFilter : slice type |
-| test.go:284:3:286:71 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:284:3:286:80 | selection of Filename | semmle.label | selection of Filename |
-| test.go:287:21:287:65 | call to SliceIntersect : slice type | semmle.label | call to SliceIntersect : slice type |
-| test.go:287:21:287:92 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:287:21:287:101 | selection of Filename | semmle.label | selection of Filename |
-| test.go:288:21:288:65 | call to SliceIntersect : slice type | semmle.label | call to SliceIntersect : slice type |
-| test.go:288:21:288:92 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:288:21:288:101 | selection of Filename | semmle.label | selection of Filename |
-| test.go:289:21:289:61 | call to SliceMerge : slice type | semmle.label | call to SliceMerge : slice type |
-| test.go:289:21:289:88 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:289:21:289:97 | selection of Filename | semmle.label | selection of Filename |
-| test.go:290:21:290:61 | call to SliceMerge : slice type | semmle.label | call to SliceMerge : slice type |
-| test.go:290:21:290:88 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:290:21:290:97 | selection of Filename | semmle.label | selection of Filename |
-| test.go:291:21:291:66 | call to SlicePad : slice type | semmle.label | call to SlicePad : slice type |
-| test.go:291:21:291:93 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:291:21:291:102 | selection of Filename | semmle.label | selection of Filename |
-| test.go:292:21:292:66 | call to SlicePad : slice type | semmle.label | call to SlicePad : slice type |
-| test.go:292:21:292:93 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:292:21:292:102 | selection of Filename | semmle.label | selection of Filename |
-| test.go:293:21:293:73 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:293:21:293:82 | selection of Filename | semmle.label | selection of Filename |
-| test.go:295:21:295:97 | call to SliceReduce : slice type | semmle.label | call to SliceReduce : slice type |
-| test.go:295:21:295:124 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:295:21:295:133 | selection of Filename | semmle.label | selection of Filename |
-| test.go:296:21:296:52 | call to SliceShuffle : slice type | semmle.label | call to SliceShuffle : slice type |
-| test.go:296:21:296:79 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:296:21:296:88 | selection of Filename | semmle.label | selection of Filename |
-| test.go:297:21:297:51 | call to SliceUnique : slice type | semmle.label | call to SliceUnique : slice type |
-| test.go:297:21:297:78 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
 | test.go:297:21:297:87 | selection of Filename | semmle.label | selection of Filename |
-| test.go:303:15:303:36 | call to GetString : string | semmle.label | call to GetString : string |
+| test.go:303:15:303:36 | call to GetString | semmle.label | call to GetString |
 | test.go:305:21:305:48 | type assertion | semmle.label | type assertion |
-| test.go:306:21:306:32 | call to Items : map type | semmle.label | call to Items : map type |
 | test.go:306:21:306:52 | type assertion | semmle.label | type assertion |
 subpaths
 #select
-| test.go:29:13:29:30 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:29:13:29:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:30:13:30:27 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:30:13:30:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:31:13:31:29 | type conversion | test.go:27:6:27:10 | definition of bound : bindMe | test.go:31:13:31:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:36:13:36:43 | type conversion | test.go:36:20:36:42 | call to Cookie : string | test.go:36:13:36:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:36:20:36:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:41:13:41:52 | type conversion | test.go:41:20:41:31 | call to Data : map type | test.go:41:13:41:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:41:20:41:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:46:13:46:53 | type conversion | test.go:46:20:46:43 | call to GetData : basic interface type | test.go:46:13:46:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:46:20:46:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:51:13:51:43 | type conversion | test.go:51:20:51:42 | call to Header : string | test.go:51:13:51:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:51:20:51:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:56:13:56:42 | type conversion | test.go:56:20:56:41 | call to Param : string | test.go:56:13:56:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:56:20:56:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:61:13:61:45 | type conversion | test.go:61:20:61:33 | call to Params : map type | test.go:61:13:61:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:61:20:61:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:66:13:66:42 | type conversion | test.go:66:20:66:41 | call to Query : string | test.go:66:13:66:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:66:20:66:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:71:13:71:33 | type conversion | test.go:71:20:71:32 | call to Refer : string | test.go:71:13:71:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:71:20:71:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:76:13:76:35 | type conversion | test.go:76:20:76:34 | call to Referer : string | test.go:76:13:76:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:76:20:76:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:81:13:81:31 | type conversion | test.go:81:20:81:30 | call to URI : string | test.go:81:13:81:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:81:20:81:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:86:13:86:31 | type conversion | test.go:86:20:86:30 | call to URL : string | test.go:86:13:86:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:86:20:86:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:91:13:91:37 | type conversion | test.go:91:20:91:36 | call to UserAgent : string | test.go:91:13:91:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:91:20:91:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:96:14:96:45 | type assertion | test.go:96:14:96:25 | call to Data : map type | test.go:96:14:96:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:96:14:96:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:108:14:108:45 | type assertion | test.go:108:14:108:25 | call to Data : map type | test.go:108:14:108:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:108:14:108:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:120:14:120:45 | type assertion | test.go:120:14:120:25 | call to Data : map type | test.go:120:14:120:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:120:14:120:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:137:23:137:62 | type assertion | test.go:137:23:137:42 | call to Data : map type | test.go:137:23:137:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:137:23:137:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:194:14:194:55 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:194:14:194:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:195:14:195:58 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:195:14:195:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:197:14:197:28 | type assertion | test.go:193:15:193:26 | call to Data : map type | test.go:197:14:197:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:198:14:198:55 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:198:14:198:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:199:14:199:59 | type conversion | test.go:193:15:193:26 | call to Data : map type | test.go:199:14:199:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:203:14:203:28 | type conversion | test.go:202:18:202:33 | selection of Form : Values | test.go:203:14:203:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:202:18:202:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:218:14:218:32 | type conversion | test.go:217:2:217:34 | ... := ...[1] : pointer type | test.go:218:14:218:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:220:14:220:20 | content | test.go:217:2:217:34 | ... := ...[0] : File | test.go:220:14:220:20 | content | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:223:14:223:38 | type conversion | test.go:222:2:222:40 | ... := ...[0] : slice type | test.go:223:14:223:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:222:2:222:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:226:14:226:22 | type conversion | test.go:225:7:225:28 | call to GetString : string | test.go:226:14:226:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:225:7:225:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:229:14:229:26 | type conversion | test.go:228:8:228:35 | call to GetStrings : slice type | test.go:229:14:229:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:8:228:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:232:14:232:27 | type conversion | test.go:231:9:231:17 | call to Input : Values | test.go:232:14:232:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:9:231:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:236:14:236:30 | type conversion | test.go:234:6:234:8 | definition of str : myStruct | test.go:236:14:236:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:6:234:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:243:21:243:29 | untrusted | test.go:240:15:240:36 | call to GetString : string | test.go:243:21:243:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:240:15:240:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:253:16:253:45 | type conversion | test.go:253:23:253:44 | call to GetCookie : string | test.go:253:16:253:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:253:23:253:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:29:13:29:30 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:30:13:30:27 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:31:13:31:29 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:31:13:31:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:36:13:36:43 | type conversion | test.go:36:20:36:42 | call to Cookie | test.go:36:13:36:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:36:20:36:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:41:13:41:52 | type conversion | test.go:41:20:41:31 | call to Data | test.go:41:13:41:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:41:20:41:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:46:13:46:53 | type conversion | test.go:46:20:46:43 | call to GetData | test.go:46:13:46:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:46:20:46:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:51:13:51:43 | type conversion | test.go:51:20:51:42 | call to Header | test.go:51:13:51:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:51:20:51:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:56:13:56:42 | type conversion | test.go:56:20:56:41 | call to Param | test.go:56:13:56:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:56:20:56:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:61:13:61:45 | type conversion | test.go:61:20:61:33 | call to Params | test.go:61:13:61:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:61:20:61:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:66:13:66:42 | type conversion | test.go:66:20:66:41 | call to Query | test.go:66:13:66:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:66:20:66:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:71:13:71:33 | type conversion | test.go:71:20:71:32 | call to Refer | test.go:71:13:71:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:71:20:71:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:76:13:76:35 | type conversion | test.go:76:20:76:34 | call to Referer | test.go:76:13:76:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:76:20:76:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:81:13:81:31 | type conversion | test.go:81:20:81:30 | call to URI | test.go:81:13:81:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:81:20:81:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:86:13:86:31 | type conversion | test.go:86:20:86:30 | call to URL | test.go:86:13:86:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:86:20:86:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:91:13:91:37 | type conversion | test.go:91:20:91:36 | call to UserAgent | test.go:91:13:91:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:91:20:91:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:96:14:96:45 | type assertion | test.go:96:14:96:25 | call to Data | test.go:96:14:96:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:96:14:96:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:108:14:108:45 | type assertion | test.go:108:14:108:25 | call to Data | test.go:108:14:108:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:108:14:108:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:120:14:120:45 | type assertion | test.go:120:14:120:25 | call to Data | test.go:120:14:120:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:120:14:120:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:137:23:137:62 | type assertion | test.go:137:23:137:42 | call to Data | test.go:137:23:137:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:137:23:137:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:194:14:194:55 | type conversion | test.go:193:15:193:26 | call to Data | test.go:194:14:194:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:195:14:195:58 | type conversion | test.go:193:15:193:26 | call to Data | test.go:195:14:195:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:197:14:197:28 | type assertion | test.go:193:15:193:26 | call to Data | test.go:197:14:197:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:198:14:198:55 | type conversion | test.go:193:15:193:26 | call to Data | test.go:198:14:198:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:199:14:199:59 | type conversion | test.go:193:15:193:26 | call to Data | test.go:199:14:199:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:203:14:203:28 | type conversion | test.go:202:18:202:33 | selection of Form | test.go:203:14:203:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:202:18:202:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:218:14:218:32 | type conversion | test.go:217:2:217:34 | ... := ...[1] | test.go:218:14:218:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:220:14:220:20 | content | test.go:217:2:217:34 | ... := ...[0] | test.go:220:14:220:20 | content | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:223:14:223:38 | type conversion | test.go:222:2:222:40 | ... := ...[0] | test.go:223:14:223:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:222:2:222:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:226:14:226:22 | type conversion | test.go:225:7:225:28 | call to GetString | test.go:226:14:226:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:225:7:225:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:229:14:229:26 | type conversion | test.go:228:8:228:35 | call to GetStrings | test.go:229:14:229:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:8:228:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:232:14:232:27 | type conversion | test.go:231:9:231:17 | call to Input | test.go:232:14:232:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:9:231:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:236:14:236:30 | type conversion | test.go:234:6:234:8 | definition of str | test.go:236:14:236:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:6:234:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:243:21:243:29 | untrusted | test.go:240:15:240:36 | call to GetString | test.go:243:21:243:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:240:15:240:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:253:16:253:45 | type conversion | test.go:253:23:253:44 | call to GetCookie | test.go:253:16:253:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:253:23:253:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:258:16:258:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:259:15:259:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:264:55:264:84 | type conversion | test.go:264:62:264:83 | call to GetCookie : string | test.go:264:55:264:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:264:62:264:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:277:21:277:61 | call to GetDisplayString | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:277:21:277:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:278:21:278:92 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:278:21:278:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:279:21:279:96 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:279:21:279:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:284:3:286:80 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:284:3:286:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:287:21:287:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:287:21:287:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:288:21:288:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:288:21:288:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:289:21:289:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:289:21:289:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:290:21:290:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:290:21:290:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:291:21:291:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:291:21:291:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:292:21:292:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:292:21:292:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:293:21:293:82 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:293:21:293:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:295:21:295:133 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:295:21:295:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:296:21:296:88 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:296:21:296:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:297:21:297:87 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] : slice type | test.go:297:21:297:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:305:21:305:48 | type assertion | test.go:303:15:303:36 | call to GetString : string | test.go:305:21:305:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:306:21:306:52 | type assertion | test.go:303:15:303:36 | call to GetString : string | test.go:306:21:306:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:264:55:264:84 | type conversion | test.go:264:62:264:83 | call to GetCookie | test.go:264:55:264:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:264:62:264:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:277:21:277:61 | call to GetDisplayString | test.go:269:2:269:40 | ... := ...[0] | test.go:277:21:277:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:278:21:278:92 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:278:21:278:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:279:21:279:96 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:279:21:279:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:284:3:286:80 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:284:3:286:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:287:21:287:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:287:21:287:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:288:21:288:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:288:21:288:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:289:21:289:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:289:21:289:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:290:21:290:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:290:21:290:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:291:21:291:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:291:21:291:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:292:21:292:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:292:21:292:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:293:21:293:82 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:293:21:293:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:295:21:295:133 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:295:21:295:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:296:21:296:88 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:296:21:296:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:297:21:297:87 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:297:21:297:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:305:21:305:48 | type assertion | test.go:303:15:303:36 | call to GetString | test.go:305:21:305:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:306:21:306:52 | type assertion | test.go:303:15:303:36 | call to GetString | test.go:306:21:306:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
index 116d5d44a6d..a84489df5bc 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
@@ -1,18 +1,18 @@
 edges
-| test.go:209:15:209:26 | call to Data : map type | test.go:210:18:210:26 | untrusted |
-| test.go:209:15:209:26 | call to Data : map type | test.go:211:10:211:18 | untrusted |
-| test.go:209:15:209:26 | call to Data : map type | test.go:212:35:212:43 | untrusted |
-| test.go:318:17:318:37 | selection of RequestBody : slice type | test.go:320:35:320:43 | untrusted |
+| test.go:209:15:209:26 | call to Data | test.go:210:18:210:26 | untrusted |
+| test.go:209:15:209:26 | call to Data | test.go:211:10:211:18 | untrusted |
+| test.go:209:15:209:26 | call to Data | test.go:212:35:212:43 | untrusted |
+| test.go:318:17:318:37 | selection of RequestBody | test.go:320:35:320:43 | untrusted |
 nodes
-| test.go:209:15:209:26 | call to Data : map type | semmle.label | call to Data : map type |
+| test.go:209:15:209:26 | call to Data | semmle.label | call to Data |
 | test.go:210:18:210:26 | untrusted | semmle.label | untrusted |
 | test.go:211:10:211:18 | untrusted | semmle.label | untrusted |
 | test.go:212:35:212:43 | untrusted | semmle.label | untrusted |
-| test.go:318:17:318:37 | selection of RequestBody : slice type | semmle.label | selection of RequestBody : slice type |
+| test.go:318:17:318:37 | selection of RequestBody | semmle.label | selection of RequestBody |
 | test.go:320:35:320:43 | untrusted | semmle.label | untrusted |
 subpaths
 #select
-| test.go:210:18:210:26 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:210:18:210:26 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
-| test.go:211:10:211:18 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:211:10:211:18 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
-| test.go:212:35:212:43 | untrusted | test.go:209:15:209:26 | call to Data : map type | test.go:212:35:212:43 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
-| test.go:320:35:320:43 | untrusted | test.go:318:17:318:37 | selection of RequestBody : slice type | test.go:320:35:320:43 | untrusted | This path depends on a $@. | test.go:318:17:318:37 | selection of RequestBody | user-provided value |
+| test.go:210:18:210:26 | untrusted | test.go:209:15:209:26 | call to Data | test.go:210:18:210:26 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
+| test.go:211:10:211:18 | untrusted | test.go:209:15:209:26 | call to Data | test.go:211:10:211:18 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
+| test.go:212:35:212:43 | untrusted | test.go:209:15:209:26 | call to Data | test.go:212:35:212:43 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value |
+| test.go:320:35:320:43 | untrusted | test.go:318:17:318:37 | selection of RequestBody | test.go:320:35:320:43 | untrusted | This path depends on a $@. | test.go:318:17:318:37 | selection of RequestBody | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
index 873eed34f41..f9668a6f723 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
@@ -1,38 +1,38 @@
 edges
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:12:11:12:19 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:13:23:13:31 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:14:14:14:22 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:15:26:15:34 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:16:12:16:20 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:17:24:17:32 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:18:15:18:23 | untrusted |
-| test.go:10:15:10:41 | call to UserAgent : string | test.go:19:27:19:35 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:26:12:26:20 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:27:10:27:18 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:28:15:28:23 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:29:14:29:22 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:30:15:30:23 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:31:8:31:16 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:32:11:32:19 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:33:9:33:17 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:34:8:34:16 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:35:8:35:16 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:36:13:36:21 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:37:13:37:21 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:38:12:38:20 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:39:12:39:20 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:40:9:40:17 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:41:12:41:20 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:42:16:42:24 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:42:27:42:35 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:43:12:43:20 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:44:14:44:22 | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | test.go:44:25:44:33 | untrusted |
-| test.go:48:15:48:41 | call to UserAgent : string | test.go:49:12:49:20 | untrusted |
-| test.go:54:15:54:41 | call to UserAgent : string | test.go:56:31:56:39 | untrusted |
-| test.go:60:15:60:41 | call to UserAgent : string | test.go:62:19:62:27 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted |
+| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted |
+| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted |
+| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted |
+| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted |
+| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted |
 nodes
-| test.go:10:15:10:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:12:11:12:19 | untrusted | semmle.label | untrusted |
 | test.go:13:23:13:31 | untrusted | semmle.label | untrusted |
 | test.go:14:14:14:22 | untrusted | semmle.label | untrusted |
@@ -41,7 +41,7 @@ nodes
 | test.go:17:24:17:32 | untrusted | semmle.label | untrusted |
 | test.go:18:15:18:23 | untrusted | semmle.label | untrusted |
 | test.go:19:27:19:35 | untrusted | semmle.label | untrusted |
-| test.go:24:15:24:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| test.go:24:15:24:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:26:12:26:20 | untrusted | semmle.label | untrusted |
 | test.go:27:10:27:18 | untrusted | semmle.label | untrusted |
 | test.go:28:15:28:23 | untrusted | semmle.label | untrusted |
@@ -63,43 +63,43 @@ nodes
 | test.go:43:12:43:20 | untrusted | semmle.label | untrusted |
 | test.go:44:14:44:22 | untrusted | semmle.label | untrusted |
 | test.go:44:25:44:33 | untrusted | semmle.label | untrusted |
-| test.go:48:15:48:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| test.go:48:15:48:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:49:12:49:20 | untrusted | semmle.label | untrusted |
-| test.go:54:15:54:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| test.go:54:15:54:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:56:31:56:39 | untrusted | semmle.label | untrusted |
-| test.go:60:15:60:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
+| test.go:60:15:60:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:62:19:62:27 | untrusted | semmle.label | untrusted |
 subpaths
 #select
-| test.go:12:11:12:19 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:12:11:12:19 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:13:23:13:31 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:13:23:13:31 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:14:14:14:22 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:14:14:14:22 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:15:26:15:34 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:15:26:15:34 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:16:12:16:20 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:16:12:16:20 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:17:24:17:32 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:17:24:17:32 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:18:15:18:23 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:18:15:18:23 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:19:27:19:35 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:19:27:19:35 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
-| test.go:26:12:26:20 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:26:12:26:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:27:10:27:18 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:27:10:27:18 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:28:15:28:23 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:28:15:28:23 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:29:14:29:22 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:29:14:29:22 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:30:15:30:23 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:30:15:30:23 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:31:8:31:16 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:31:8:31:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:32:11:32:19 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:32:11:32:19 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:33:9:33:17 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:33:9:33:17 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:34:8:34:16 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:34:8:34:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:35:8:35:16 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:35:8:35:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:36:13:36:21 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:36:13:36:21 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:37:13:37:21 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:37:13:37:21 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:38:12:38:20 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:38:12:38:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:39:12:39:20 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:39:12:39:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:40:9:40:17 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:40:9:40:17 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:41:12:41:20 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:41:12:41:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:42:16:42:24 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:42:16:42:24 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:42:27:42:35 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:42:27:42:35 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:43:12:43:20 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:43:12:43:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:44:14:44:22 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:44:14:44:22 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:44:25:44:33 | untrusted | test.go:24:15:24:41 | call to UserAgent : string | test.go:44:25:44:33 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
-| test.go:49:12:49:20 | untrusted | test.go:48:15:48:41 | call to UserAgent : string | test.go:49:12:49:20 | untrusted | This query depends on a $@. | test.go:48:15:48:41 | call to UserAgent | user-provided value |
-| test.go:56:31:56:39 | untrusted | test.go:54:15:54:41 | call to UserAgent : string | test.go:56:31:56:39 | untrusted | This query depends on a $@. | test.go:54:15:54:41 | call to UserAgent | user-provided value |
-| test.go:62:19:62:27 | untrusted | test.go:60:15:60:41 | call to UserAgent : string | test.go:62:19:62:27 | untrusted | This query depends on a $@. | test.go:60:15:60:41 | call to UserAgent | user-provided value |
+| test.go:12:11:12:19 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:13:23:13:31 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:14:14:14:22 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:15:26:15:34 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:16:12:16:20 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:17:24:17:32 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:18:15:18:23 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:19:27:19:35 | untrusted | test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | This query depends on a $@. | test.go:10:15:10:41 | call to UserAgent | user-provided value |
+| test.go:26:12:26:20 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:27:10:27:18 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:28:15:28:23 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:29:14:29:22 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:30:15:30:23 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:31:8:31:16 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:32:11:32:19 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:33:9:33:17 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:34:8:34:16 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:35:8:35:16 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:36:13:36:21 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:37:13:37:21 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:38:12:38:20 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:39:12:39:20 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:40:9:40:17 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:41:12:41:20 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:42:16:42:24 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:42:27:42:35 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:43:12:43:20 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:44:14:44:22 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:44:25:44:33 | untrusted | test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | This query depends on a $@. | test.go:24:15:24:41 | call to UserAgent | user-provided value |
+| test.go:49:12:49:20 | untrusted | test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | This query depends on a $@. | test.go:48:15:48:41 | call to UserAgent | user-provided value |
+| test.go:56:31:56:39 | untrusted | test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | This query depends on a $@. | test.go:54:15:54:41 | call to UserAgent | user-provided value |
+| test.go:62:19:62:27 | untrusted | test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | This query depends on a $@. | test.go:60:15:60:41 | call to UserAgent | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
index e0d6b678335..09a41c42fb2 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
@@ -1,128 +1,111 @@
 edges
-| test.go:77:13:77:16 | &... : pointer type | test.go:78:13:78:29 | type conversion |
-| test.go:77:13:77:16 | &... : pointer type | test.go:79:13:79:43 | type conversion |
-| test.go:77:13:77:16 | &... : pointer type | test.go:79:20:79:33 | selection of substructs : slice type |
-| test.go:77:13:77:16 | &... : pointer type | test.go:79:20:79:36 | index expression : SubStruct |
-| test.go:79:20:79:33 | selection of substructs : slice type | test.go:79:13:79:43 | type conversion |
-| test.go:79:20:79:33 | selection of substructs : slice type | test.go:79:20:79:36 | index expression : SubStruct |
-| test.go:79:20:79:36 | index expression : SubStruct | test.go:79:13:79:43 | type conversion |
-| test.go:82:22:82:26 | &... : pointer type | test.go:83:13:83:30 | type conversion |
-| test.go:86:21:86:25 | &... : pointer type | test.go:87:13:87:30 | type conversion |
-| test.go:92:20:92:36 | call to Value : string | test.go:92:13:92:37 | type conversion |
-| test.go:93:20:93:39 | call to RawValue : basic interface type | test.go:93:13:93:49 | type conversion |
-| test.go:94:20:94:37 | call to String : string | test.go:94:13:94:38 | type conversion |
-| test.go:95:20:95:36 | call to Value : string | test.go:95:13:95:37 | type conversion |
-| test.go:96:20:96:39 | call to RawValue : basic interface type | test.go:96:13:96:49 | type conversion |
-| test.go:97:20:97:37 | call to String : string | test.go:97:13:97:38 | type conversion |
-| test.go:98:20:98:37 | call to Value : string | test.go:98:13:98:38 | type conversion |
-| test.go:99:20:99:40 | call to RawValue : basic interface type | test.go:99:13:99:50 | type conversion |
-| test.go:100:20:100:38 | call to String : string | test.go:100:13:100:39 | type conversion |
-| test.go:106:9:106:13 | &... : pointer type | test.go:107:13:107:33 | type conversion |
-| test.go:106:9:106:13 | &... : pointer type | test.go:107:20:107:26 | implicit dereference : MyStruct |
-| test.go:106:9:106:13 | &... : pointer type | test.go:107:20:107:26 | index expression : pointer type |
-| test.go:107:20:107:26 | implicit dereference : MyStruct | test.go:107:13:107:33 | type conversion |
-| test.go:107:20:107:26 | implicit dereference : MyStruct | test.go:107:20:107:26 | implicit dereference : MyStruct |
-| test.go:107:20:107:26 | implicit dereference : MyStruct | test.go:107:20:107:26 | index expression : pointer type |
-| test.go:107:20:107:26 | index expression : pointer type | test.go:107:13:107:33 | type conversion |
-| test.go:107:20:107:26 | index expression : pointer type | test.go:107:20:107:26 | implicit dereference : MyStruct |
-| test.go:107:20:107:26 | index expression : pointer type | test.go:107:20:107:26 | index expression : pointer type |
-| test.go:110:9:110:12 | &... : pointer type | test.go:111:13:111:29 | type conversion |
-| test.go:114:12:114:19 | &... : pointer type | test.go:115:13:115:48 | type conversion |
-| test.go:118:16:118:24 | &... : pointer type | test.go:119:13:119:43 | type conversion |
-| test.go:122:16:122:23 | &... : pointer type | test.go:123:13:123:39 | type conversion |
-| test.go:126:15:126:24 | &... : pointer type | test.go:127:13:127:47 | type conversion |
-| test.go:130:18:130:30 | &... : pointer type | test.go:131:13:131:38 | type conversion |
-| test.go:137:12:137:19 | &... : pointer type | test.go:138:13:138:48 | type conversion |
-| test.go:141:16:141:24 | &... : pointer type | test.go:142:13:142:43 | type conversion |
-| test.go:145:16:145:23 | &... : pointer type | test.go:146:13:146:39 | type conversion |
-| test.go:149:15:149:24 | &... : pointer type | test.go:150:13:150:47 | type conversion |
-| test.go:153:18:153:30 | &... : pointer type | test.go:154:13:154:38 | type conversion |
-| test.go:157:14:157:22 | &... : pointer type | test.go:158:13:158:28 | type conversion |
-| test.go:161:15:161:24 | &... : pointer type | test.go:162:13:162:32 | type conversion |
+| test.go:77:13:77:16 | &... | test.go:78:13:78:29 | type conversion |
+| test.go:77:13:77:16 | &... | test.go:79:13:79:43 | type conversion |
+| test.go:82:22:82:26 | &... | test.go:83:13:83:30 | type conversion |
+| test.go:86:21:86:25 | &... | test.go:87:13:87:30 | type conversion |
+| test.go:92:20:92:36 | call to Value | test.go:92:13:92:37 | type conversion |
+| test.go:93:20:93:39 | call to RawValue | test.go:93:13:93:49 | type conversion |
+| test.go:94:20:94:37 | call to String | test.go:94:13:94:38 | type conversion |
+| test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion |
+| test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion |
+| test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion |
+| test.go:98:20:98:37 | call to Value | test.go:98:13:98:38 | type conversion |
+| test.go:99:20:99:40 | call to RawValue | test.go:99:13:99:50 | type conversion |
+| test.go:100:20:100:38 | call to String | test.go:100:13:100:39 | type conversion |
+| test.go:106:9:106:13 | &... | test.go:107:13:107:33 | type conversion |
+| test.go:110:9:110:12 | &... | test.go:111:13:111:29 | type conversion |
+| test.go:114:12:114:19 | &... | test.go:115:13:115:48 | type conversion |
+| test.go:118:16:118:24 | &... | test.go:119:13:119:43 | type conversion |
+| test.go:122:16:122:23 | &... | test.go:123:13:123:39 | type conversion |
+| test.go:126:15:126:24 | &... | test.go:127:13:127:47 | type conversion |
+| test.go:130:18:130:30 | &... | test.go:131:13:131:38 | type conversion |
+| test.go:137:12:137:19 | &... | test.go:138:13:138:48 | type conversion |
+| test.go:141:16:141:24 | &... | test.go:142:13:142:43 | type conversion |
+| test.go:145:16:145:23 | &... | test.go:146:13:146:39 | type conversion |
+| test.go:149:15:149:24 | &... | test.go:150:13:150:47 | type conversion |
+| test.go:153:18:153:30 | &... | test.go:154:13:154:38 | type conversion |
+| test.go:157:14:157:22 | &... | test.go:158:13:158:28 | type conversion |
+| test.go:161:15:161:24 | &... | test.go:162:13:162:32 | type conversion |
 nodes
-| test.go:77:13:77:16 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:77:13:77:16 | &... | semmle.label | &... |
 | test.go:78:13:78:29 | type conversion | semmle.label | type conversion |
 | test.go:79:13:79:43 | type conversion | semmle.label | type conversion |
-| test.go:79:20:79:33 | selection of substructs : slice type | semmle.label | selection of substructs : slice type |
-| test.go:79:20:79:36 | index expression : SubStruct | semmle.label | index expression : SubStruct |
-| test.go:82:22:82:26 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:82:22:82:26 | &... | semmle.label | &... |
 | test.go:83:13:83:30 | type conversion | semmle.label | type conversion |
-| test.go:86:21:86:25 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:86:21:86:25 | &... | semmle.label | &... |
 | test.go:87:13:87:30 | type conversion | semmle.label | type conversion |
 | test.go:92:13:92:37 | type conversion | semmle.label | type conversion |
-| test.go:92:20:92:36 | call to Value : string | semmle.label | call to Value : string |
+| test.go:92:20:92:36 | call to Value | semmle.label | call to Value |
 | test.go:93:13:93:49 | type conversion | semmle.label | type conversion |
-| test.go:93:20:93:39 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type |
+| test.go:93:20:93:39 | call to RawValue | semmle.label | call to RawValue |
 | test.go:94:13:94:38 | type conversion | semmle.label | type conversion |
-| test.go:94:20:94:37 | call to String : string | semmle.label | call to String : string |
+| test.go:94:20:94:37 | call to String | semmle.label | call to String |
 | test.go:95:13:95:37 | type conversion | semmle.label | type conversion |
-| test.go:95:20:95:36 | call to Value : string | semmle.label | call to Value : string |
+| test.go:95:20:95:36 | call to Value | semmle.label | call to Value |
 | test.go:96:13:96:49 | type conversion | semmle.label | type conversion |
-| test.go:96:20:96:39 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type |
+| test.go:96:20:96:39 | call to RawValue | semmle.label | call to RawValue |
 | test.go:97:13:97:38 | type conversion | semmle.label | type conversion |
-| test.go:97:20:97:37 | call to String : string | semmle.label | call to String : string |
+| test.go:97:20:97:37 | call to String | semmle.label | call to String |
 | test.go:98:13:98:38 | type conversion | semmle.label | type conversion |
-| test.go:98:20:98:37 | call to Value : string | semmle.label | call to Value : string |
+| test.go:98:20:98:37 | call to Value | semmle.label | call to Value |
 | test.go:99:13:99:50 | type conversion | semmle.label | type conversion |
-| test.go:99:20:99:40 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type |
+| test.go:99:20:99:40 | call to RawValue | semmle.label | call to RawValue |
 | test.go:100:13:100:39 | type conversion | semmle.label | type conversion |
-| test.go:100:20:100:38 | call to String : string | semmle.label | call to String : string |
-| test.go:106:9:106:13 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:100:20:100:38 | call to String | semmle.label | call to String |
+| test.go:106:9:106:13 | &... | semmle.label | &... |
 | test.go:107:13:107:33 | type conversion | semmle.label | type conversion |
-| test.go:107:20:107:26 | implicit dereference : MyStruct | semmle.label | implicit dereference : MyStruct |
-| test.go:107:20:107:26 | index expression : pointer type | semmle.label | index expression : pointer type |
-| test.go:110:9:110:12 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:110:9:110:12 | &... | semmle.label | &... |
 | test.go:111:13:111:29 | type conversion | semmle.label | type conversion |
-| test.go:114:12:114:19 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:114:12:114:19 | &... | semmle.label | &... |
 | test.go:115:13:115:48 | type conversion | semmle.label | type conversion |
-| test.go:118:16:118:24 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:118:16:118:24 | &... | semmle.label | &... |
 | test.go:119:13:119:43 | type conversion | semmle.label | type conversion |
-| test.go:122:16:122:23 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:122:16:122:23 | &... | semmle.label | &... |
 | test.go:123:13:123:39 | type conversion | semmle.label | type conversion |
-| test.go:126:15:126:24 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:126:15:126:24 | &... | semmle.label | &... |
 | test.go:127:13:127:47 | type conversion | semmle.label | type conversion |
-| test.go:130:18:130:30 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:130:18:130:30 | &... | semmle.label | &... |
 | test.go:131:13:131:38 | type conversion | semmle.label | type conversion |
-| test.go:137:12:137:19 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:137:12:137:19 | &... | semmle.label | &... |
 | test.go:138:13:138:48 | type conversion | semmle.label | type conversion |
-| test.go:141:16:141:24 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:141:16:141:24 | &... | semmle.label | &... |
 | test.go:142:13:142:43 | type conversion | semmle.label | type conversion |
-| test.go:145:16:145:23 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:145:16:145:23 | &... | semmle.label | &... |
 | test.go:146:13:146:39 | type conversion | semmle.label | type conversion |
-| test.go:149:15:149:24 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:149:15:149:24 | &... | semmle.label | &... |
 | test.go:150:13:150:47 | type conversion | semmle.label | type conversion |
-| test.go:153:18:153:30 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:153:18:153:30 | &... | semmle.label | &... |
 | test.go:154:13:154:38 | type conversion | semmle.label | type conversion |
-| test.go:157:14:157:22 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:157:14:157:22 | &... | semmle.label | &... |
 | test.go:158:13:158:28 | type conversion | semmle.label | type conversion |
-| test.go:161:15:161:24 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:161:15:161:24 | &... | semmle.label | &... |
 | test.go:162:13:162:32 | type conversion | semmle.label | type conversion |
 subpaths
 #select
-| test.go:78:13:78:29 | type conversion | test.go:77:13:77:16 | &... : pointer type | test.go:78:13:78:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |
-| test.go:79:13:79:43 | type conversion | test.go:77:13:77:16 | &... : pointer type | test.go:79:13:79:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |
-| test.go:83:13:83:30 | type conversion | test.go:82:22:82:26 | &... : pointer type | test.go:83:13:83:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:82:22:82:26 | &... | stored value |
-| test.go:87:13:87:30 | type conversion | test.go:86:21:86:25 | &... : pointer type | test.go:87:13:87:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:86:21:86:25 | &... | stored value |
-| test.go:92:13:92:37 | type conversion | test.go:92:20:92:36 | call to Value : string | test.go:92:13:92:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:92:20:92:36 | call to Value | stored value |
-| test.go:93:13:93:49 | type conversion | test.go:93:20:93:39 | call to RawValue : basic interface type | test.go:93:13:93:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:93:20:93:39 | call to RawValue | stored value |
-| test.go:94:13:94:38 | type conversion | test.go:94:20:94:37 | call to String : string | test.go:94:13:94:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:94:20:94:37 | call to String | stored value |
-| test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value : string | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value |
-| test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue : basic interface type | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value |
-| test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String : string | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value |
-| test.go:98:13:98:38 | type conversion | test.go:98:20:98:37 | call to Value : string | test.go:98:13:98:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:98:20:98:37 | call to Value | stored value |
-| test.go:99:13:99:50 | type conversion | test.go:99:20:99:40 | call to RawValue : basic interface type | test.go:99:13:99:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:99:20:99:40 | call to RawValue | stored value |
-| test.go:100:13:100:39 | type conversion | test.go:100:20:100:38 | call to String : string | test.go:100:13:100:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:100:20:100:38 | call to String | stored value |
-| test.go:107:13:107:33 | type conversion | test.go:106:9:106:13 | &... : pointer type | test.go:107:13:107:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:106:9:106:13 | &... | stored value |
-| test.go:111:13:111:29 | type conversion | test.go:110:9:110:12 | &... : pointer type | test.go:111:13:111:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:110:9:110:12 | &... | stored value |
-| test.go:115:13:115:48 | type conversion | test.go:114:12:114:19 | &... : pointer type | test.go:115:13:115:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:114:12:114:19 | &... | stored value |
-| test.go:119:13:119:43 | type conversion | test.go:118:16:118:24 | &... : pointer type | test.go:119:13:119:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:118:16:118:24 | &... | stored value |
-| test.go:123:13:123:39 | type conversion | test.go:122:16:122:23 | &... : pointer type | test.go:123:13:123:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:122:16:122:23 | &... | stored value |
-| test.go:127:13:127:47 | type conversion | test.go:126:15:126:24 | &... : pointer type | test.go:127:13:127:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:126:15:126:24 | &... | stored value |
-| test.go:131:13:131:38 | type conversion | test.go:130:18:130:30 | &... : pointer type | test.go:131:13:131:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:130:18:130:30 | &... | stored value |
-| test.go:138:13:138:48 | type conversion | test.go:137:12:137:19 | &... : pointer type | test.go:138:13:138:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:137:12:137:19 | &... | stored value |
-| test.go:142:13:142:43 | type conversion | test.go:141:16:141:24 | &... : pointer type | test.go:142:13:142:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:141:16:141:24 | &... | stored value |
-| test.go:146:13:146:39 | type conversion | test.go:145:16:145:23 | &... : pointer type | test.go:146:13:146:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:145:16:145:23 | &... | stored value |
-| test.go:150:13:150:47 | type conversion | test.go:149:15:149:24 | &... : pointer type | test.go:150:13:150:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:149:15:149:24 | &... | stored value |
-| test.go:154:13:154:38 | type conversion | test.go:153:18:153:30 | &... : pointer type | test.go:154:13:154:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:153:18:153:30 | &... | stored value |
-| test.go:158:13:158:28 | type conversion | test.go:157:14:157:22 | &... : pointer type | test.go:158:13:158:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:157:14:157:22 | &... | stored value |
-| test.go:162:13:162:32 | type conversion | test.go:161:15:161:24 | &... : pointer type | test.go:162:13:162:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:161:15:161:24 | &... | stored value |
+| test.go:78:13:78:29 | type conversion | test.go:77:13:77:16 | &... | test.go:78:13:78:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |
+| test.go:79:13:79:43 | type conversion | test.go:77:13:77:16 | &... | test.go:79:13:79:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |
+| test.go:83:13:83:30 | type conversion | test.go:82:22:82:26 | &... | test.go:83:13:83:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:82:22:82:26 | &... | stored value |
+| test.go:87:13:87:30 | type conversion | test.go:86:21:86:25 | &... | test.go:87:13:87:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:86:21:86:25 | &... | stored value |
+| test.go:92:13:92:37 | type conversion | test.go:92:20:92:36 | call to Value | test.go:92:13:92:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:92:20:92:36 | call to Value | stored value |
+| test.go:93:13:93:49 | type conversion | test.go:93:20:93:39 | call to RawValue | test.go:93:13:93:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:93:20:93:39 | call to RawValue | stored value |
+| test.go:94:13:94:38 | type conversion | test.go:94:20:94:37 | call to String | test.go:94:13:94:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:94:20:94:37 | call to String | stored value |
+| test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value |
+| test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value |
+| test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value |
+| test.go:98:13:98:38 | type conversion | test.go:98:20:98:37 | call to Value | test.go:98:13:98:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:98:20:98:37 | call to Value | stored value |
+| test.go:99:13:99:50 | type conversion | test.go:99:20:99:40 | call to RawValue | test.go:99:13:99:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:99:20:99:40 | call to RawValue | stored value |
+| test.go:100:13:100:39 | type conversion | test.go:100:20:100:38 | call to String | test.go:100:13:100:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:100:20:100:38 | call to String | stored value |
+| test.go:107:13:107:33 | type conversion | test.go:106:9:106:13 | &... | test.go:107:13:107:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:106:9:106:13 | &... | stored value |
+| test.go:111:13:111:29 | type conversion | test.go:110:9:110:12 | &... | test.go:111:13:111:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:110:9:110:12 | &... | stored value |
+| test.go:115:13:115:48 | type conversion | test.go:114:12:114:19 | &... | test.go:115:13:115:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:114:12:114:19 | &... | stored value |
+| test.go:119:13:119:43 | type conversion | test.go:118:16:118:24 | &... | test.go:119:13:119:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:118:16:118:24 | &... | stored value |
+| test.go:123:13:123:39 | type conversion | test.go:122:16:122:23 | &... | test.go:123:13:123:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:122:16:122:23 | &... | stored value |
+| test.go:127:13:127:47 | type conversion | test.go:126:15:126:24 | &... | test.go:127:13:127:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:126:15:126:24 | &... | stored value |
+| test.go:131:13:131:38 | type conversion | test.go:130:18:130:30 | &... | test.go:131:13:131:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:130:18:130:30 | &... | stored value |
+| test.go:138:13:138:48 | type conversion | test.go:137:12:137:19 | &... | test.go:138:13:138:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:137:12:137:19 | &... | stored value |
+| test.go:142:13:142:43 | type conversion | test.go:141:16:141:24 | &... | test.go:142:13:142:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:141:16:141:24 | &... | stored value |
+| test.go:146:13:146:39 | type conversion | test.go:145:16:145:23 | &... | test.go:146:13:146:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:145:16:145:23 | &... | stored value |
+| test.go:150:13:150:47 | type conversion | test.go:149:15:149:24 | &... | test.go:150:13:150:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:149:15:149:24 | &... | stored value |
+| test.go:154:13:154:38 | type conversion | test.go:153:18:153:30 | &... | test.go:154:13:154:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:153:18:153:30 | &... | stored value |
+| test.go:158:13:158:28 | type conversion | test.go:157:14:157:22 | &... | test.go:158:13:158:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:157:14:157:22 | &... | stored value |
+| test.go:162:13:162:32 | type conversion | test.go:161:15:161:24 | &... | test.go:162:13:162:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:161:15:161:24 | &... | stored value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
index d934df79582..cc6d95f8717 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
@@ -1,30 +1,24 @@
 edges
-| test.go:13:12:13:16 | implicit dereference : URL | test.go:13:12:13:16 | implicit dereference : URL |
-| test.go:13:12:13:16 | implicit dereference : URL | test.go:13:12:13:16 | selection of URL : pointer type |
-| test.go:13:12:13:16 | implicit dereference : URL | test.go:13:12:13:21 | selection of Path : string |
-| test.go:13:12:13:16 | selection of URL : pointer type | test.go:13:12:13:16 | implicit dereference : URL |
-| test.go:13:12:13:16 | selection of URL : pointer type | test.go:13:12:13:16 | selection of URL : pointer type |
-| test.go:13:12:13:16 | selection of URL : pointer type | test.go:13:12:13:21 | selection of Path : string |
-| test.go:13:12:13:21 | selection of Path : string | test.go:21:18:21:23 | hidden : string |
-| test.go:21:18:21:23 | hidden : string | test.go:21:11:21:24 | type conversion |
-| test.go:22:18:22:45 | call to URLParam : string | test.go:22:11:22:46 | type conversion |
-| test.go:23:18:23:60 | call to URLParamFromCtx : string | test.go:23:11:23:61 | type conversion |
-| test.go:24:18:24:71 | call to URLParam : string | test.go:24:11:24:72 | type conversion |
+| test.go:13:12:13:16 | selection of URL | test.go:13:12:13:21 | selection of Path |
+| test.go:13:12:13:21 | selection of Path | test.go:21:18:21:23 | hidden |
+| test.go:21:18:21:23 | hidden | test.go:21:11:21:24 | type conversion |
+| test.go:22:18:22:45 | call to URLParam | test.go:22:11:22:46 | type conversion |
+| test.go:23:18:23:60 | call to URLParamFromCtx | test.go:23:11:23:61 | type conversion |
+| test.go:24:18:24:71 | call to URLParam | test.go:24:11:24:72 | type conversion |
 nodes
-| test.go:13:12:13:16 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| test.go:13:12:13:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| test.go:13:12:13:21 | selection of Path : string | semmle.label | selection of Path : string |
+| test.go:13:12:13:16 | selection of URL | semmle.label | selection of URL |
+| test.go:13:12:13:21 | selection of Path | semmle.label | selection of Path |
 | test.go:21:11:21:24 | type conversion | semmle.label | type conversion |
-| test.go:21:18:21:23 | hidden : string | semmle.label | hidden : string |
+| test.go:21:18:21:23 | hidden | semmle.label | hidden |
 | test.go:22:11:22:46 | type conversion | semmle.label | type conversion |
-| test.go:22:18:22:45 | call to URLParam : string | semmle.label | call to URLParam : string |
+| test.go:22:18:22:45 | call to URLParam | semmle.label | call to URLParam |
 | test.go:23:11:23:61 | type conversion | semmle.label | type conversion |
-| test.go:23:18:23:60 | call to URLParamFromCtx : string | semmle.label | call to URLParamFromCtx : string |
+| test.go:23:18:23:60 | call to URLParamFromCtx | semmle.label | call to URLParamFromCtx |
 | test.go:24:11:24:72 | type conversion | semmle.label | type conversion |
-| test.go:24:18:24:71 | call to URLParam : string | semmle.label | call to URLParam : string |
+| test.go:24:18:24:71 | call to URLParam | semmle.label | call to URLParam |
 subpaths
 #select
-| test.go:21:11:21:24 | type conversion | test.go:13:12:13:16 | selection of URL : pointer type | test.go:21:11:21:24 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:13:12:13:16 | selection of URL | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:22:11:22:46 | type conversion | test.go:22:18:22:45 | call to URLParam : string | test.go:22:11:22:46 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:22:18:22:45 | call to URLParam | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:23:11:23:61 | type conversion | test.go:23:18:23:60 | call to URLParamFromCtx : string | test.go:23:11:23:61 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:23:18:23:60 | call to URLParamFromCtx | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:24:11:24:72 | type conversion | test.go:24:18:24:71 | call to URLParam : string | test.go:24:11:24:72 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:24:18:24:71 | call to URLParam | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:21:11:21:24 | type conversion | test.go:13:12:13:16 | selection of URL | test.go:21:11:21:24 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:13:12:13:16 | selection of URL | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:22:11:22:46 | type conversion | test.go:22:18:22:45 | call to URLParam | test.go:22:11:22:46 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:22:18:22:45 | call to URLParam | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:23:11:23:61 | type conversion | test.go:23:18:23:60 | call to URLParamFromCtx | test.go:23:11:23:61 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:23:18:23:60 | call to URLParamFromCtx | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:24:11:24:72 | type conversion | test.go:24:18:24:71 | call to URLParam | test.go:24:11:24:72 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:24:18:24:71 | call to URLParam | user-provided value | test.go:0:0:0:0 | test.go |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
index e29c066c9b5..10ad0046423 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
@@ -1,20 +1,18 @@
 edges
-| test.go:170:11:170:32 | call to Param : string | test.go:171:20:171:24 | param |
-| test.go:176:11:176:32 | call to Param : string | test.go:180:20:180:28 | ...+... |
-| test.go:188:10:188:26 | selection of URL : pointer type | test.go:188:10:188:26 | selection of URL : pointer type |
-| test.go:188:10:188:26 | selection of URL : pointer type | test.go:188:10:188:26 | selection of URL : pointer type |
-| test.go:188:10:188:26 | selection of URL : pointer type | test.go:191:21:191:32 | call to String |
-| test.go:188:10:188:26 | selection of URL : pointer type | test.go:191:21:191:32 | call to String |
+| test.go:170:11:170:32 | call to Param | test.go:171:20:171:24 | param |
+| test.go:176:11:176:32 | call to Param | test.go:180:20:180:28 | ...+... |
+| test.go:188:10:188:26 | selection of URL | test.go:191:21:191:32 | call to String |
+| test.go:188:10:188:26 | selection of URL | test.go:191:21:191:32 | call to String |
 nodes
-| test.go:170:11:170:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:170:11:170:32 | call to Param | semmle.label | call to Param |
 | test.go:171:20:171:24 | param | semmle.label | param |
-| test.go:176:11:176:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:176:11:176:32 | call to Param | semmle.label | call to Param |
 | test.go:180:20:180:28 | ...+... | semmle.label | ...+... |
-| test.go:188:10:188:26 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| test.go:188:10:188:26 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| test.go:188:10:188:26 | selection of URL | semmle.label | selection of URL |
+| test.go:188:10:188:26 | selection of URL | semmle.label | selection of URL |
 | test.go:191:21:191:32 | call to String | semmle.label | call to String |
 | test.go:191:21:191:32 | call to String | semmle.label | call to String |
 subpaths
 #select
-| test.go:171:20:171:24 | param | test.go:170:11:170:32 | call to Param : string | test.go:171:20:171:24 | param | Untrusted URL redirection depends on a $@. | test.go:170:11:170:32 | call to Param | user-provided value |
-| test.go:180:20:180:28 | ...+... | test.go:176:11:176:32 | call to Param : string | test.go:180:20:180:28 | ...+... | Untrusted URL redirection depends on a $@. | test.go:176:11:176:32 | call to Param | user-provided value |
+| test.go:171:20:171:24 | param | test.go:170:11:170:32 | call to Param | test.go:171:20:171:24 | param | Untrusted URL redirection depends on a $@. | test.go:170:11:170:32 | call to Param | user-provided value |
+| test.go:180:20:180:28 | ...+... | test.go:176:11:176:32 | call to Param | test.go:180:20:180:28 | ...+... | Untrusted URL redirection depends on a $@. | test.go:176:11:176:32 | call to Param | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
index f6d15897938..641ceddb08f 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
@@ -1,120 +1,80 @@
 edges
-| test.go:13:11:13:32 | call to Param : string | test.go:14:16:14:20 | param |
-| test.go:19:11:19:27 | call to ParamValues : slice type | test.go:20:16:20:20 | param |
-| test.go:25:11:25:37 | call to QueryParam : string | test.go:26:16:26:20 | param |
-| test.go:31:11:31:27 | call to QueryParams : Values | test.go:32:16:32:20 | param |
-| test.go:37:10:37:26 | call to QueryString : string | test.go:38:16:38:19 | qstr |
-| test.go:43:9:43:34 | call to FormValue : string | test.go:44:16:44:18 | val |
-| test.go:49:2:49:30 | ... := ...[0] : Values | test.go:50:16:50:37 | index expression |
-| test.go:55:2:55:46 | ... := ...[0] : pointer type | test.go:59:20:59:25 | buffer |
-| test.go:64:2:64:31 | ... := ...[0] : pointer type | test.go:65:16:65:19 | implicit dereference : Form |
-| test.go:64:2:64:31 | ... := ...[0] : pointer type | test.go:65:16:65:25 | selection of Value : map type |
-| test.go:64:2:64:31 | ... := ...[0] : pointer type | test.go:65:16:65:38 | index expression : slice type |
-| test.go:64:2:64:31 | ... := ...[0] : pointer type | test.go:65:16:65:41 | index expression |
-| test.go:65:16:65:19 | implicit dereference : Form | test.go:65:16:65:19 | implicit dereference : Form |
-| test.go:65:16:65:19 | implicit dereference : Form | test.go:65:16:65:25 | selection of Value : map type |
-| test.go:65:16:65:19 | implicit dereference : Form | test.go:65:16:65:38 | index expression : slice type |
-| test.go:65:16:65:19 | implicit dereference : Form | test.go:65:16:65:41 | index expression |
-| test.go:65:16:65:25 | selection of Value : map type | test.go:65:16:65:38 | index expression : slice type |
-| test.go:65:16:65:25 | selection of Value : map type | test.go:65:16:65:41 | index expression |
-| test.go:65:16:65:38 | index expression : slice type | test.go:65:16:65:41 | index expression |
-| test.go:70:2:70:31 | ... := ...[0] : pointer type | test.go:71:16:71:19 | implicit dereference : Form |
-| test.go:70:2:70:31 | ... := ...[0] : pointer type | test.go:71:16:71:24 | selection of File : map type |
-| test.go:70:2:70:31 | ... := ...[0] : pointer type | test.go:71:16:71:40 | index expression : slice type |
-| test.go:70:2:70:31 | ... := ...[0] : pointer type | test.go:75:20:75:25 | buffer |
-| test.go:71:16:71:19 | implicit dereference : Form | test.go:71:16:71:19 | implicit dereference : Form |
-| test.go:71:16:71:19 | implicit dereference : Form | test.go:71:16:71:24 | selection of File : map type |
-| test.go:71:16:71:19 | implicit dereference : Form | test.go:71:16:71:40 | index expression : slice type |
-| test.go:71:16:71:19 | implicit dereference : Form | test.go:75:20:75:25 | buffer |
-| test.go:71:16:71:24 | selection of File : map type | test.go:71:16:71:40 | index expression : slice type |
-| test.go:71:16:71:24 | selection of File : map type | test.go:75:20:75:25 | buffer |
-| test.go:71:16:71:40 | index expression : slice type | test.go:75:20:75:25 | buffer |
-| test.go:80:2:80:32 | ... := ...[0] : pointer type | test.go:81:16:81:18 | implicit dereference : Cookie |
-| test.go:80:2:80:32 | ... := ...[0] : pointer type | test.go:81:16:81:24 | selection of Value |
-| test.go:81:16:81:18 | implicit dereference : Cookie | test.go:81:16:81:18 | implicit dereference : Cookie |
-| test.go:81:16:81:18 | implicit dereference : Cookie | test.go:81:16:81:24 | selection of Value |
-| test.go:86:13:86:25 | call to Cookies : slice type | test.go:87:16:87:25 | implicit dereference : Cookie |
-| test.go:86:13:86:25 | call to Cookies : slice type | test.go:87:16:87:25 | index expression : pointer type |
-| test.go:86:13:86:25 | call to Cookies : slice type | test.go:87:16:87:31 | selection of Value |
-| test.go:87:16:87:25 | implicit dereference : Cookie | test.go:87:16:87:25 | implicit dereference : Cookie |
-| test.go:87:16:87:25 | implicit dereference : Cookie | test.go:87:16:87:25 | index expression : pointer type |
-| test.go:87:16:87:25 | implicit dereference : Cookie | test.go:87:16:87:31 | selection of Value |
-| test.go:87:16:87:25 | index expression : pointer type | test.go:87:16:87:25 | implicit dereference : Cookie |
-| test.go:87:16:87:25 | index expression : pointer type | test.go:87:16:87:25 | index expression : pointer type |
-| test.go:87:16:87:25 | index expression : pointer type | test.go:87:16:87:31 | selection of Value |
-| test.go:97:11:97:15 | &... : pointer type | test.go:98:16:98:21 | selection of s |
-| test.go:111:21:111:42 | call to Param : string | test.go:112:16:112:42 | type assertion |
-| test.go:122:11:122:32 | call to Param : string | test.go:123:16:123:20 | param |
-| test.go:128:11:128:32 | call to Param : string | test.go:129:20:129:32 | type conversion |
-| test.go:134:11:134:32 | call to Param : string | test.go:135:29:135:41 | type conversion |
-| test.go:146:11:146:32 | call to Param : string | test.go:148:31:148:36 | reader |
-| test.go:162:11:162:32 | call to Param : string | test.go:163:23:163:35 | type conversion |
+| test.go:13:11:13:32 | call to Param | test.go:14:16:14:20 | param |
+| test.go:19:11:19:27 | call to ParamValues | test.go:20:16:20:20 | param |
+| test.go:25:11:25:37 | call to QueryParam | test.go:26:16:26:20 | param |
+| test.go:31:11:31:27 | call to QueryParams | test.go:32:16:32:20 | param |
+| test.go:37:10:37:26 | call to QueryString | test.go:38:16:38:19 | qstr |
+| test.go:43:9:43:34 | call to FormValue | test.go:44:16:44:18 | val |
+| test.go:49:2:49:30 | ... := ...[0] | test.go:50:16:50:37 | index expression |
+| test.go:55:2:55:46 | ... := ...[0] | test.go:59:20:59:25 | buffer |
+| test.go:64:2:64:31 | ... := ...[0] | test.go:65:16:65:41 | index expression |
+| test.go:70:2:70:31 | ... := ...[0] | test.go:75:20:75:25 | buffer |
+| test.go:80:2:80:32 | ... := ...[0] | test.go:81:16:81:24 | selection of Value |
+| test.go:86:13:86:25 | call to Cookies | test.go:87:16:87:31 | selection of Value |
+| test.go:97:11:97:15 | &... | test.go:98:16:98:21 | selection of s |
+| test.go:111:21:111:42 | call to Param | test.go:112:16:112:42 | type assertion |
+| test.go:122:11:122:32 | call to Param | test.go:123:16:123:20 | param |
+| test.go:128:11:128:32 | call to Param | test.go:129:20:129:32 | type conversion |
+| test.go:134:11:134:32 | call to Param | test.go:135:29:135:41 | type conversion |
+| test.go:146:11:146:32 | call to Param | test.go:148:31:148:36 | reader |
+| test.go:162:11:162:32 | call to Param | test.go:163:23:163:35 | type conversion |
 nodes
-| test.go:13:11:13:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:13:11:13:32 | call to Param | semmle.label | call to Param |
 | test.go:14:16:14:20 | param | semmle.label | param |
-| test.go:19:11:19:27 | call to ParamValues : slice type | semmle.label | call to ParamValues : slice type |
+| test.go:19:11:19:27 | call to ParamValues | semmle.label | call to ParamValues |
 | test.go:20:16:20:20 | param | semmle.label | param |
-| test.go:25:11:25:37 | call to QueryParam : string | semmle.label | call to QueryParam : string |
+| test.go:25:11:25:37 | call to QueryParam | semmle.label | call to QueryParam |
 | test.go:26:16:26:20 | param | semmle.label | param |
-| test.go:31:11:31:27 | call to QueryParams : Values | semmle.label | call to QueryParams : Values |
+| test.go:31:11:31:27 | call to QueryParams | semmle.label | call to QueryParams |
 | test.go:32:16:32:20 | param | semmle.label | param |
-| test.go:37:10:37:26 | call to QueryString : string | semmle.label | call to QueryString : string |
+| test.go:37:10:37:26 | call to QueryString | semmle.label | call to QueryString |
 | test.go:38:16:38:19 | qstr | semmle.label | qstr |
-| test.go:43:9:43:34 | call to FormValue : string | semmle.label | call to FormValue : string |
+| test.go:43:9:43:34 | call to FormValue | semmle.label | call to FormValue |
 | test.go:44:16:44:18 | val | semmle.label | val |
-| test.go:49:2:49:30 | ... := ...[0] : Values | semmle.label | ... := ...[0] : Values |
+| test.go:49:2:49:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:50:16:50:37 | index expression | semmle.label | index expression |
-| test.go:55:2:55:46 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| test.go:55:2:55:46 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:59:20:59:25 | buffer | semmle.label | buffer |
-| test.go:64:2:64:31 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
-| test.go:65:16:65:19 | implicit dereference : Form | semmle.label | implicit dereference : Form |
-| test.go:65:16:65:25 | selection of Value : map type | semmle.label | selection of Value : map type |
-| test.go:65:16:65:38 | index expression : slice type | semmle.label | index expression : slice type |
+| test.go:64:2:64:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:65:16:65:41 | index expression | semmle.label | index expression |
-| test.go:70:2:70:31 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
-| test.go:71:16:71:19 | implicit dereference : Form | semmle.label | implicit dereference : Form |
-| test.go:71:16:71:24 | selection of File : map type | semmle.label | selection of File : map type |
-| test.go:71:16:71:40 | index expression : slice type | semmle.label | index expression : slice type |
+| test.go:70:2:70:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:75:20:75:25 | buffer | semmle.label | buffer |
-| test.go:80:2:80:32 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
-| test.go:81:16:81:18 | implicit dereference : Cookie | semmle.label | implicit dereference : Cookie |
+| test.go:80:2:80:32 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:81:16:81:24 | selection of Value | semmle.label | selection of Value |
-| test.go:86:13:86:25 | call to Cookies : slice type | semmle.label | call to Cookies : slice type |
-| test.go:87:16:87:25 | implicit dereference : Cookie | semmle.label | implicit dereference : Cookie |
-| test.go:87:16:87:25 | index expression : pointer type | semmle.label | index expression : pointer type |
+| test.go:86:13:86:25 | call to Cookies | semmle.label | call to Cookies |
 | test.go:87:16:87:31 | selection of Value | semmle.label | selection of Value |
-| test.go:97:11:97:15 | &... : pointer type | semmle.label | &... : pointer type |
+| test.go:97:11:97:15 | &... | semmle.label | &... |
 | test.go:98:16:98:21 | selection of s | semmle.label | selection of s |
-| test.go:111:21:111:42 | call to Param : string | semmle.label | call to Param : string |
+| test.go:111:21:111:42 | call to Param | semmle.label | call to Param |
 | test.go:112:16:112:42 | type assertion | semmle.label | type assertion |
-| test.go:122:11:122:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:122:11:122:32 | call to Param | semmle.label | call to Param |
 | test.go:123:16:123:20 | param | semmle.label | param |
-| test.go:128:11:128:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:128:11:128:32 | call to Param | semmle.label | call to Param |
 | test.go:129:20:129:32 | type conversion | semmle.label | type conversion |
-| test.go:134:11:134:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:134:11:134:32 | call to Param | semmle.label | call to Param |
 | test.go:135:29:135:41 | type conversion | semmle.label | type conversion |
-| test.go:146:11:146:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:146:11:146:32 | call to Param | semmle.label | call to Param |
 | test.go:148:31:148:36 | reader | semmle.label | reader |
-| test.go:162:11:162:32 | call to Param : string | semmle.label | call to Param : string |
+| test.go:162:11:162:32 | call to Param | semmle.label | call to Param |
 | test.go:163:23:163:35 | type conversion | semmle.label | type conversion |
 subpaths
 #select
-| test.go:14:16:14:20 | param | test.go:13:11:13:32 | call to Param : string | test.go:14:16:14:20 | param | Cross-site scripting vulnerability due to $@. | test.go:13:11:13:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:20:16:20:20 | param | test.go:19:11:19:27 | call to ParamValues : slice type | test.go:20:16:20:20 | param | Cross-site scripting vulnerability due to $@. | test.go:19:11:19:27 | call to ParamValues | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:26:16:26:20 | param | test.go:25:11:25:37 | call to QueryParam : string | test.go:26:16:26:20 | param | Cross-site scripting vulnerability due to $@. | test.go:25:11:25:37 | call to QueryParam | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:32:16:32:20 | param | test.go:31:11:31:27 | call to QueryParams : Values | test.go:32:16:32:20 | param | Cross-site scripting vulnerability due to $@. | test.go:31:11:31:27 | call to QueryParams | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:38:16:38:19 | qstr | test.go:37:10:37:26 | call to QueryString : string | test.go:38:16:38:19 | qstr | Cross-site scripting vulnerability due to $@. | test.go:37:10:37:26 | call to QueryString | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:44:16:44:18 | val | test.go:43:9:43:34 | call to FormValue : string | test.go:44:16:44:18 | val | Cross-site scripting vulnerability due to $@. | test.go:43:9:43:34 | call to FormValue | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:50:16:50:37 | index expression | test.go:49:2:49:30 | ... := ...[0] : Values | test.go:50:16:50:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:49:2:49:30 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:59:20:59:25 | buffer | test.go:55:2:55:46 | ... := ...[0] : pointer type | test.go:59:20:59:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:55:2:55:46 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:65:16:65:41 | index expression | test.go:64:2:64:31 | ... := ...[0] : pointer type | test.go:65:16:65:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:64:2:64:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:75:20:75:25 | buffer | test.go:70:2:70:31 | ... := ...[0] : pointer type | test.go:75:20:75:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:70:2:70:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:81:16:81:24 | selection of Value | test.go:80:2:80:32 | ... := ...[0] : pointer type | test.go:81:16:81:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:80:2:80:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:87:16:87:31 | selection of Value | test.go:86:13:86:25 | call to Cookies : slice type | test.go:87:16:87:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:86:13:86:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:98:16:98:21 | selection of s | test.go:97:11:97:15 | &... : pointer type | test.go:98:16:98:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:97:11:97:15 | &... | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:112:16:112:42 | type assertion | test.go:111:21:111:42 | call to Param : string | test.go:112:16:112:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:111:21:111:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:123:16:123:20 | param | test.go:122:11:122:32 | call to Param : string | test.go:123:16:123:20 | param | Cross-site scripting vulnerability due to $@. | test.go:122:11:122:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:129:20:129:32 | type conversion | test.go:128:11:128:32 | call to Param : string | test.go:129:20:129:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:128:11:128:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:135:29:135:41 | type conversion | test.go:134:11:134:32 | call to Param : string | test.go:135:29:135:41 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:134:11:134:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:148:31:148:36 | reader | test.go:146:11:146:32 | call to Param : string | test.go:148:31:148:36 | reader | Cross-site scripting vulnerability due to $@. | test.go:146:11:146:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:163:23:163:35 | type conversion | test.go:162:11:162:32 | call to Param : string | test.go:163:23:163:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:162:11:162:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:14:16:14:20 | param | test.go:13:11:13:32 | call to Param | test.go:14:16:14:20 | param | Cross-site scripting vulnerability due to $@. | test.go:13:11:13:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:20:16:20:20 | param | test.go:19:11:19:27 | call to ParamValues | test.go:20:16:20:20 | param | Cross-site scripting vulnerability due to $@. | test.go:19:11:19:27 | call to ParamValues | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:26:16:26:20 | param | test.go:25:11:25:37 | call to QueryParam | test.go:26:16:26:20 | param | Cross-site scripting vulnerability due to $@. | test.go:25:11:25:37 | call to QueryParam | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:32:16:32:20 | param | test.go:31:11:31:27 | call to QueryParams | test.go:32:16:32:20 | param | Cross-site scripting vulnerability due to $@. | test.go:31:11:31:27 | call to QueryParams | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:38:16:38:19 | qstr | test.go:37:10:37:26 | call to QueryString | test.go:38:16:38:19 | qstr | Cross-site scripting vulnerability due to $@. | test.go:37:10:37:26 | call to QueryString | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:44:16:44:18 | val | test.go:43:9:43:34 | call to FormValue | test.go:44:16:44:18 | val | Cross-site scripting vulnerability due to $@. | test.go:43:9:43:34 | call to FormValue | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:50:16:50:37 | index expression | test.go:49:2:49:30 | ... := ...[0] | test.go:50:16:50:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:49:2:49:30 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:59:20:59:25 | buffer | test.go:55:2:55:46 | ... := ...[0] | test.go:59:20:59:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:55:2:55:46 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:65:16:65:41 | index expression | test.go:64:2:64:31 | ... := ...[0] | test.go:65:16:65:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:64:2:64:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:75:20:75:25 | buffer | test.go:70:2:70:31 | ... := ...[0] | test.go:75:20:75:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:70:2:70:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:81:16:81:24 | selection of Value | test.go:80:2:80:32 | ... := ...[0] | test.go:81:16:81:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:80:2:80:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:87:16:87:31 | selection of Value | test.go:86:13:86:25 | call to Cookies | test.go:87:16:87:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:86:13:86:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:98:16:98:21 | selection of s | test.go:97:11:97:15 | &... | test.go:98:16:98:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:97:11:97:15 | &... | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:112:16:112:42 | type assertion | test.go:111:21:111:42 | call to Param | test.go:112:16:112:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:111:21:111:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:123:16:123:20 | param | test.go:122:11:122:32 | call to Param | test.go:123:16:123:20 | param | Cross-site scripting vulnerability due to $@. | test.go:122:11:122:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:129:20:129:32 | type conversion | test.go:128:11:128:32 | call to Param | test.go:129:20:129:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:128:11:128:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:135:29:135:41 | type conversion | test.go:134:11:134:32 | call to Param | test.go:135:29:135:41 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:134:11:134:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:148:31:148:36 | reader | test.go:146:11:146:32 | call to Param | test.go:148:31:148:36 | reader | Cross-site scripting vulnerability due to $@. | test.go:146:11:146:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:163:23:163:35 | type conversion | test.go:162:11:162:32 | call to Param | test.go:163:23:163:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:162:11:162:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
index af6b671225b..54d739e8a90 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
@@ -1,4 +1,4 @@
-| jsoniter.go:28:15:28:24 | selection of field | jsoniter.go:23:20:23:38 | call to getUntrustedBytes : slice type | jsoniter.go:28:15:28:24 | selection of field | This command depends on $@. | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | a user-provided value |
-| jsoniter.go:32:15:32:25 | selection of field | jsoniter.go:23:20:23:38 | call to getUntrustedBytes : slice type | jsoniter.go:32:15:32:25 | selection of field | This command depends on $@. | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | a user-provided value |
-| jsoniter.go:36:15:36:25 | selection of field | jsoniter.go:24:21:24:40 | call to getUntrustedString : string | jsoniter.go:36:15:36:25 | selection of field | This command depends on $@. | jsoniter.go:24:21:24:40 | call to getUntrustedString | a user-provided value |
-| jsoniter.go:40:15:40:25 | selection of field | jsoniter.go:24:21:24:40 | call to getUntrustedString : string | jsoniter.go:40:15:40:25 | selection of field | This command depends on $@. | jsoniter.go:24:21:24:40 | call to getUntrustedString | a user-provided value |
+| jsoniter.go:28:15:28:24 | selection of field | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:28:15:28:24 | selection of field | This command depends on $@. | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | a user-provided value |
+| jsoniter.go:32:15:32:25 | selection of field | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:32:15:32:25 | selection of field | This command depends on $@. | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | a user-provided value |
+| jsoniter.go:36:15:36:25 | selection of field | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:36:15:36:25 | selection of field | This command depends on $@. | jsoniter.go:24:21:24:40 | call to getUntrustedString | a user-provided value |
+| jsoniter.go:40:15:40:25 | selection of field | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:40:15:40:25 | selection of field | This command depends on $@. | jsoniter.go:24:21:24:40 | call to getUntrustedString | a user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
index 4c252dadb93..e60cc051e17 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
@@ -1,14 +1,14 @@
-| gorestful.go:15:15:15:47 | index expression | gorestful.go:15:15:15:44 | call to QueryParameters : slice type | gorestful.go:15:15:15:47 | index expression | This command depends on $@. | gorestful.go:15:15:15:44 | call to QueryParameters | a user-provided value |
+| gorestful.go:15:15:15:47 | index expression | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | This command depends on $@. | gorestful.go:15:15:15:44 | call to QueryParameters | a user-provided value |
 | gorestful.go:16:15:16:43 | call to QueryParameter | gorestful.go:16:15:16:43 | call to QueryParameter | gorestful.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful.go:16:15:16:43 | call to QueryParameter | a user-provided value |
-| gorestful.go:18:15:18:17 | val | gorestful.go:17:12:17:39 | call to BodyParameter : tuple type | gorestful.go:18:15:18:17 | val | This command depends on $@. | gorestful.go:17:12:17:39 | call to BodyParameter | a user-provided value |
+| gorestful.go:18:15:18:17 | val | gorestful.go:17:12:17:39 | call to BodyParameter | gorestful.go:18:15:18:17 | val | This command depends on $@. | gorestful.go:17:12:17:39 | call to BodyParameter | a user-provided value |
 | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value |
-| gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters : map type | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value |
-| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... : pointer type | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value |
-| gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters : slice type | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value |
+| gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value |
+| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value |
+| gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value |
 | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value |
-| gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:12:17:39 | call to BodyParameter : tuple type | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:12:17:39 | call to BodyParameter | a user-provided value |
+| gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:12:17:39 | call to BodyParameter | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:12:17:39 | call to BodyParameter | a user-provided value |
 | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value |
-| gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters : map type | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value |
-| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... : pointer type | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value |
+| gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value |
+| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected b/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
index b8d9451ba37..4c70d92720b 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
@@ -1,33 +1,33 @@
-| testDeprecatedApi.go:22:22:22:41 | call to getUntrustedString : string | testDeprecatedApi.go:26:12:26:21 | serialized |
-| testDeprecatedApi.go:31:22:31:41 | call to getUntrustedString : string | testDeprecatedApi.go:37:12:37:21 | serialized |
-| testDeprecatedApi.go:41:25:41:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:45:13:45:29 | selection of Description |
-| testDeprecatedApi.go:49:25:49:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
-| testDeprecatedApi.go:58:23:58:42 | call to getUntrustedString : string | testDeprecatedApi.go:65:12:65:21 | serialized |
-| testDeprecatedApi.go:70:14:70:33 | call to getUntrustedString : string | testDeprecatedApi.go:77:12:77:21 | serialized |
-| testDeprecatedApi.go:85:24:85:43 | call to getUntrustedString : string | testDeprecatedApi.go:89:12:89:21 | serialized |
-| testDeprecatedApi.go:93:25:93:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:97:13:97:31 | selection of Msg |
-| testDeprecatedApi.go:104:22:104:41 | call to getUntrustedString : string | testDeprecatedApi.go:105:13:105:20 | selection of Id |
-| testDeprecatedApi.go:112:22:112:41 | call to getUntrustedString : string | testDeprecatedApi.go:117:12:117:21 | serialized |
-| testDeprecatedApi.go:133:29:133:48 | call to getUntrustedString : string | testDeprecatedApi.go:137:12:137:21 | serialized |
-| testDeprecatedApi.go:143:20:143:39 | call to getUntrustedString : string | testDeprecatedApi.go:148:12:148:21 | serialized |
-| testDeprecatedApi.go:152:25:152:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:157:13:157:36 | index expression |
-| testDeprecatedApi.go:161:25:161:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:168:13:168:25 | index expression |
-| testDeprecatedApi.go:176:24:176:43 | call to getUntrustedString : string | testDeprecatedApi.go:180:12:180:21 | serialized |
-| testModernApi.go:11:22:11:41 | call to getUntrustedString : string | testModernApi.go:15:12:15:21 | serialized |
-| testModernApi.go:20:22:20:41 | call to getUntrustedString : string | testModernApi.go:26:12:26:21 | serialized |
-| testModernApi.go:30:25:30:43 | call to getUntrustedBytes : slice type | testModernApi.go:34:13:34:29 | selection of Description |
-| testModernApi.go:38:25:38:43 | call to getUntrustedBytes : slice type | testModernApi.go:42:13:42:34 | call to GetDescription |
-| testModernApi.go:47:23:47:42 | call to getUntrustedString : string | testModernApi.go:54:12:54:21 | serialized |
-| testModernApi.go:59:22:59:41 | call to getUntrustedString : string | testModernApi.go:64:12:64:21 | serialized |
-| testModernApi.go:71:22:71:41 | call to getUntrustedString : string | testModernApi.go:77:12:77:21 | serialized |
-| testModernApi.go:98:14:98:33 | call to getUntrustedString : string | testModernApi.go:105:12:105:21 | serialized |
-| testModernApi.go:113:24:113:43 | call to getUntrustedString : string | testModernApi.go:117:12:117:21 | serialized |
-| testModernApi.go:121:25:121:43 | call to getUntrustedBytes : slice type | testModernApi.go:125:13:125:31 | selection of Msg |
-| testModernApi.go:131:25:131:43 | call to getUntrustedBytes : slice type | testModernApi.go:135:13:135:29 | selection of Description |
-| testModernApi.go:142:22:142:41 | call to getUntrustedString : string | testModernApi.go:143:13:143:20 | selection of Id |
-| testModernApi.go:150:22:150:41 | call to getUntrustedString : string | testModernApi.go:155:12:155:21 | serialized |
-| testModernApi.go:190:29:190:48 | call to getUntrustedString : string | testModernApi.go:194:12:194:21 | serialized |
-| testModernApi.go:200:20:200:39 | call to getUntrustedString : string | testModernApi.go:205:12:205:21 | serialized |
-| testModernApi.go:209:25:209:43 | call to getUntrustedBytes : slice type | testModernApi.go:214:13:214:36 | index expression |
-| testModernApi.go:218:25:218:43 | call to getUntrustedBytes : slice type | testModernApi.go:225:13:225:25 | index expression |
-| testModernApi.go:233:24:233:43 | call to getUntrustedString : string | testModernApi.go:237:12:237:21 | serialized |
+| testDeprecatedApi.go:22:22:22:41 | call to getUntrustedString | testDeprecatedApi.go:26:12:26:21 | serialized |
+| testDeprecatedApi.go:31:22:31:41 | call to getUntrustedString | testDeprecatedApi.go:37:12:37:21 | serialized |
+| testDeprecatedApi.go:41:25:41:43 | call to getUntrustedBytes | testDeprecatedApi.go:45:13:45:29 | selection of Description |
+| testDeprecatedApi.go:49:25:49:43 | call to getUntrustedBytes | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
+| testDeprecatedApi.go:58:23:58:42 | call to getUntrustedString | testDeprecatedApi.go:65:12:65:21 | serialized |
+| testDeprecatedApi.go:70:14:70:33 | call to getUntrustedString | testDeprecatedApi.go:77:12:77:21 | serialized |
+| testDeprecatedApi.go:85:24:85:43 | call to getUntrustedString | testDeprecatedApi.go:89:12:89:21 | serialized |
+| testDeprecatedApi.go:93:25:93:43 | call to getUntrustedBytes | testDeprecatedApi.go:97:13:97:31 | selection of Msg |
+| testDeprecatedApi.go:104:22:104:41 | call to getUntrustedString | testDeprecatedApi.go:105:13:105:20 | selection of Id |
+| testDeprecatedApi.go:112:22:112:41 | call to getUntrustedString | testDeprecatedApi.go:117:12:117:21 | serialized |
+| testDeprecatedApi.go:133:29:133:48 | call to getUntrustedString | testDeprecatedApi.go:137:12:137:21 | serialized |
+| testDeprecatedApi.go:143:20:143:39 | call to getUntrustedString | testDeprecatedApi.go:148:12:148:21 | serialized |
+| testDeprecatedApi.go:152:25:152:43 | call to getUntrustedBytes | testDeprecatedApi.go:157:13:157:36 | index expression |
+| testDeprecatedApi.go:161:25:161:43 | call to getUntrustedBytes | testDeprecatedApi.go:168:13:168:25 | index expression |
+| testDeprecatedApi.go:176:24:176:43 | call to getUntrustedString | testDeprecatedApi.go:180:12:180:21 | serialized |
+| testModernApi.go:11:22:11:41 | call to getUntrustedString | testModernApi.go:15:12:15:21 | serialized |
+| testModernApi.go:20:22:20:41 | call to getUntrustedString | testModernApi.go:26:12:26:21 | serialized |
+| testModernApi.go:30:25:30:43 | call to getUntrustedBytes | testModernApi.go:34:13:34:29 | selection of Description |
+| testModernApi.go:38:25:38:43 | call to getUntrustedBytes | testModernApi.go:42:13:42:34 | call to GetDescription |
+| testModernApi.go:47:23:47:42 | call to getUntrustedString | testModernApi.go:54:12:54:21 | serialized |
+| testModernApi.go:59:22:59:41 | call to getUntrustedString | testModernApi.go:64:12:64:21 | serialized |
+| testModernApi.go:71:22:71:41 | call to getUntrustedString | testModernApi.go:77:12:77:21 | serialized |
+| testModernApi.go:98:14:98:33 | call to getUntrustedString | testModernApi.go:105:12:105:21 | serialized |
+| testModernApi.go:113:24:113:43 | call to getUntrustedString | testModernApi.go:117:12:117:21 | serialized |
+| testModernApi.go:121:25:121:43 | call to getUntrustedBytes | testModernApi.go:125:13:125:31 | selection of Msg |
+| testModernApi.go:131:25:131:43 | call to getUntrustedBytes | testModernApi.go:135:13:135:29 | selection of Description |
+| testModernApi.go:142:22:142:41 | call to getUntrustedString | testModernApi.go:143:13:143:20 | selection of Id |
+| testModernApi.go:150:22:150:41 | call to getUntrustedString | testModernApi.go:155:12:155:21 | serialized |
+| testModernApi.go:190:29:190:48 | call to getUntrustedString | testModernApi.go:194:12:194:21 | serialized |
+| testModernApi.go:200:20:200:39 | call to getUntrustedString | testModernApi.go:205:12:205:21 | serialized |
+| testModernApi.go:209:25:209:43 | call to getUntrustedBytes | testModernApi.go:214:13:214:36 | index expression |
+| testModernApi.go:218:25:218:43 | call to getUntrustedBytes | testModernApi.go:225:13:225:25 | index expression |
+| testModernApi.go:233:24:233:43 | call to getUntrustedString | testModernApi.go:237:12:237:21 | serialized |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
index a1e94fbd058..77436c0d149 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
@@ -1,14 +1,8 @@
 edges
-| EndToEnd.go:94:20:94:27 | implicit dereference : Params | EndToEnd.go:94:20:94:27 | implicit dereference : Params |
-| EndToEnd.go:94:20:94:27 | implicit dereference : Params | EndToEnd.go:94:20:94:27 | selection of Params : pointer type |
-| EndToEnd.go:94:20:94:27 | implicit dereference : Params | EndToEnd.go:94:20:94:49 | call to Get |
-| EndToEnd.go:94:20:94:27 | selection of Params : pointer type | EndToEnd.go:94:20:94:27 | implicit dereference : Params |
-| EndToEnd.go:94:20:94:27 | selection of Params : pointer type | EndToEnd.go:94:20:94:27 | selection of Params : pointer type |
-| EndToEnd.go:94:20:94:27 | selection of Params : pointer type | EndToEnd.go:94:20:94:49 | call to Get |
+| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get |
 nodes
-| EndToEnd.go:94:20:94:27 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| EndToEnd.go:94:20:94:27 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
 subpaths
 #select
-| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params : pointer type | EndToEnd.go:94:20:94:49 | call to Get | Untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
+| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | Untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
index 7f1596dbbf8..7a11d9bd08e 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
@@ -1,54 +1,24 @@
 edges
-| EndToEnd.go:36:18:36:25 | implicit dereference : Params | EndToEnd.go:36:18:36:25 | implicit dereference : Params |
-| EndToEnd.go:36:18:36:25 | implicit dereference : Params | EndToEnd.go:36:18:36:25 | selection of Params : pointer type |
-| EndToEnd.go:36:18:36:25 | implicit dereference : Params | EndToEnd.go:37:24:37:26 | buf |
-| EndToEnd.go:36:18:36:25 | selection of Params : pointer type | EndToEnd.go:36:18:36:25 | implicit dereference : Params |
-| EndToEnd.go:36:18:36:25 | selection of Params : pointer type | EndToEnd.go:36:18:36:25 | selection of Params : pointer type |
-| EndToEnd.go:36:18:36:25 | selection of Params : pointer type | EndToEnd.go:37:24:37:26 | buf |
-| EndToEnd.go:69:22:69:29 | implicit dereference : Params | EndToEnd.go:69:22:69:29 | implicit dereference : Params |
-| EndToEnd.go:69:22:69:29 | implicit dereference : Params | EndToEnd.go:69:22:69:29 | selection of Params : pointer type |
-| EndToEnd.go:69:22:69:29 | implicit dereference : Params | EndToEnd.go:69:22:69:51 | call to Get |
-| EndToEnd.go:69:22:69:29 | selection of Params : pointer type | EndToEnd.go:69:22:69:29 | implicit dereference : Params |
-| EndToEnd.go:69:22:69:29 | selection of Params : pointer type | EndToEnd.go:69:22:69:29 | selection of Params : pointer type |
-| EndToEnd.go:69:22:69:29 | selection of Params : pointer type | EndToEnd.go:69:22:69:51 | call to Get |
-| Revel.go:70:22:70:29 | implicit dereference : Params | Revel.go:70:22:70:29 | implicit dereference : Params |
-| Revel.go:70:22:70:29 | implicit dereference : Params | Revel.go:70:22:70:29 | selection of Params : pointer type |
-| Revel.go:70:22:70:29 | implicit dereference : Params | Revel.go:70:22:70:35 | selection of Query |
-| Revel.go:70:22:70:29 | selection of Params : pointer type | Revel.go:70:22:70:29 | implicit dereference : Params |
-| Revel.go:70:22:70:29 | selection of Params : pointer type | Revel.go:70:22:70:29 | selection of Params : pointer type |
-| Revel.go:70:22:70:29 | selection of Params : pointer type | Revel.go:70:22:70:35 | selection of Query |
-| examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL | examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL |
-| examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL | examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type |
-| examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL | examples/booking/app/init.go:36:44:36:53 | selection of Path |
-| examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type | examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL |
-| examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type | examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type |
-| examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type | examples/booking/app/init.go:36:44:36:53 | selection of Path |
-| examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL | examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL |
-| examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL | examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type |
-| examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL | examples/booking/app/init.go:40:49:40:58 | selection of Path |
-| examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL |
-| examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type |
-| examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | examples/booking/app/init.go:40:49:40:58 | selection of Path |
+| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:37:24:37:26 | buf |
+| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:51 | call to Get |
+| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query |
+| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path |
+| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path |
 nodes
-| EndToEnd.go:36:18:36:25 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| EndToEnd.go:36:18:36:25 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:37:24:37:26 | buf | semmle.label | buf |
-| EndToEnd.go:69:22:69:29 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| EndToEnd.go:69:22:69:29 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| EndToEnd.go:69:22:69:29 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:69:22:69:51 | call to Get | semmle.label | call to Get |
-| Revel.go:70:22:70:29 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| Revel.go:70:22:70:29 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| Revel.go:70:22:70:29 | selection of Params | semmle.label | selection of Params |
 | Revel.go:70:22:70:35 | selection of Query | semmle.label | selection of Query |
-| examples/booking/app/init.go:36:44:36:48 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| examples/booking/app/init.go:36:44:36:48 | selection of URL | semmle.label | selection of URL |
 | examples/booking/app/init.go:36:44:36:53 | selection of Path | semmle.label | selection of Path |
-| examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| examples/booking/app/init.go:40:49:40:53 | selection of URL | semmle.label | selection of URL |
 | examples/booking/app/init.go:40:49:40:58 | selection of Path | semmle.label | selection of Path |
 subpaths
 #select
-| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params : pointer type | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
-| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params : pointer type | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
-| Revel.go:70:22:70:35 | selection of Query | Revel.go:70:22:70:29 | selection of Params : pointer type | Revel.go:70:22:70:35 | selection of Query | Cross-site scripting vulnerability due to $@. The value is $@. | Revel.go:70:22:70:29 | selection of Params | user-provided value | views/myAppController/rawRead.html:1:1:2:9 | {{raw .Foo}}\n{{.Bar}}\n | instantiated as a raw template |
-| examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL : pointer type | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
-| examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
+| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
+| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
+| Revel.go:70:22:70:35 | selection of Query | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | Cross-site scripting vulnerability due to $@. The value is $@. | Revel.go:70:22:70:29 | selection of Params | user-provided value | views/myAppController/rawRead.html:1:1:2:9 | {{raw .Foo}}\n{{.Bar}}\n | instantiated as a raw template |
+| examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
+| examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
index fc24c4a73ca..5cce1e37d95 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
@@ -1,24 +1,12 @@
 edges
-| EndToEnd.go:58:18:58:25 | implicit dereference : Params | EndToEnd.go:58:18:58:25 | implicit dereference : Params |
-| EndToEnd.go:58:18:58:25 | implicit dereference : Params | EndToEnd.go:58:18:58:25 | selection of Params : pointer type |
-| EndToEnd.go:58:18:58:25 | implicit dereference : Params | EndToEnd.go:58:18:58:47 | call to Get |
-| EndToEnd.go:58:18:58:25 | selection of Params : pointer type | EndToEnd.go:58:18:58:25 | implicit dereference : Params |
-| EndToEnd.go:58:18:58:25 | selection of Params : pointer type | EndToEnd.go:58:18:58:25 | selection of Params : pointer type |
-| EndToEnd.go:58:18:58:25 | selection of Params : pointer type | EndToEnd.go:58:18:58:47 | call to Get |
-| EndToEnd.go:64:26:64:33 | implicit dereference : Params | EndToEnd.go:64:26:64:33 | implicit dereference : Params |
-| EndToEnd.go:64:26:64:33 | implicit dereference : Params | EndToEnd.go:64:26:64:33 | selection of Params : pointer type |
-| EndToEnd.go:64:26:64:33 | implicit dereference : Params | EndToEnd.go:64:26:64:55 | call to Get |
-| EndToEnd.go:64:26:64:33 | selection of Params : pointer type | EndToEnd.go:64:26:64:33 | implicit dereference : Params |
-| EndToEnd.go:64:26:64:33 | selection of Params : pointer type | EndToEnd.go:64:26:64:33 | selection of Params : pointer type |
-| EndToEnd.go:64:26:64:33 | selection of Params : pointer type | EndToEnd.go:64:26:64:55 | call to Get |
+| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:47 | call to Get |
+| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:55 | call to Get |
 nodes
-| EndToEnd.go:58:18:58:25 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| EndToEnd.go:58:18:58:25 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:58:18:58:47 | call to Get | semmle.label | call to Get |
-| EndToEnd.go:64:26:64:33 | implicit dereference : Params | semmle.label | implicit dereference : Params |
-| EndToEnd.go:64:26:64:33 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
+| EndToEnd.go:64:26:64:33 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:64:26:64:55 | call to Get | semmle.label | call to Get |
 subpaths
 #select
-| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params : pointer type | EndToEnd.go:58:18:58:47 | call to Get | This path depends on a $@. | EndToEnd.go:58:18:58:25 | selection of Params | user-provided value |
-| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params : pointer type | EndToEnd.go:64:26:64:55 | call to Get | This path depends on a $@. | EndToEnd.go:64:26:64:33 | selection of Params | user-provided value |
+| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:47 | call to Get | This path depends on a $@. | EndToEnd.go:58:18:58:25 | selection of Params | user-provided value |
+| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:55 | call to Get | This path depends on a $@. | EndToEnd.go:64:26:64:33 | selection of Params | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/go.mod
new file mode 100644
index 00000000000..1ac3796ab52
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/go.mod
@@ -0,0 +1,26 @@
+module main
+
+go 1.19
+
+require github.com/gogf/gf v1.16.9
+
+require (
+	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/clbanning/mxj v1.8.5-0.20200714211355-ff02cfb8ea28 // indirect
+	github.com/fatih/color v1.12.0 // indirect
+	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/gomodule/redigo v1.8.5 // indirect
+	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/grokify/html-strip-tags-go v0.0.1 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	go.opentelemetry.io/otel v1.0.0 // indirect
+	go.opentelemetry.io/otel/trace v1.0.0 // indirect
+	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
+	golang.org/x/sys v0.0.0-20210423082822-04245dca01da // indirect
+	golang.org/x/text v0.3.6 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.expected b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.expected
new file mode 100644
index 00000000000..f4e3e4f15b0
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.expected
@@ -0,0 +1,47 @@
+| gogf.go:12:9:12:11 | sql |
+| gogf.go:13:11:13:13 | sql |
+| gogf.go:14:13:14:15 | sql |
+| gogf.go:15:13:15:15 | sql |
+| gogf.go:16:11:16:13 | sql |
+| gogf.go:17:13:17:15 | sql |
+| gogf.go:18:12:18:14 | sql |
+| gogf.go:19:10:19:12 | sql |
+| gogf.go:20:8:20:10 | sql |
+| gogf.go:21:17:21:19 | sql |
+| gogf.go:22:19:22:21 | sql |
+| gogf.go:23:20:23:22 | sql |
+| gogf.go:24:23:24:25 | sql |
+| gogf.go:25:21:25:23 | sql |
+| gogf.go:26:23:26:25 | sql |
+| gogf.go:27:22:27:24 | sql |
+| gogf.go:28:24:28:26 | sql |
+| gogf.go:32:9:32:11 | sql |
+| gogf.go:33:11:33:13 | sql |
+| gogf.go:34:13:34:15 | sql |
+| gogf.go:35:13:35:15 | sql |
+| gogf.go:36:11:36:13 | sql |
+| gogf.go:37:13:37:15 | sql |
+| gogf.go:38:12:38:14 | sql |
+| gogf.go:39:10:39:12 | sql |
+| gogf.go:40:8:40:10 | sql |
+| gogf.go:41:17:41:19 | sql |
+| gogf.go:42:23:42:25 | sql |
+| gogf.go:43:21:43:23 | sql |
+| gogf.go:44:23:44:25 | sql |
+| gogf.go:45:22:45:24 | sql |
+| gogf.go:46:24:46:26 | sql |
+| gogf.go:51:9:51:11 | sql |
+| gogf.go:52:11:52:13 | sql |
+| gogf.go:53:13:53:15 | sql |
+| gogf.go:54:13:54:15 | sql |
+| gogf.go:55:11:55:13 | sql |
+| gogf.go:56:13:56:15 | sql |
+| gogf.go:57:12:57:14 | sql |
+| gogf.go:58:10:58:12 | sql |
+| gogf.go:59:8:59:10 | sql |
+| gogf.go:60:17:60:19 | sql |
+| gogf.go:61:23:61:25 | sql |
+| gogf.go:62:21:62:23 | sql |
+| gogf.go:63:23:63:25 | sql |
+| gogf.go:64:22:64:24 | sql |
+| gogf.go:65:24:65:26 | sql |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.go
new file mode 100644
index 00000000000..d0eceaf862c
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.go
@@ -0,0 +1,70 @@
+package main
+
+//go:generate depstubber -vendor github.com/gogf/gf/frame/g "" DB
+//go:generate depstubber -vendor github.com/gogf/gf/database/gdb DB,Core,TX ""
+
+import (
+	"github.com/gogf/gf/database/gdb"
+	"github.com/gogf/gf/frame/g"
+)
+
+func gogfCoreTest(sql string, c *gdb.Core) {
+	c.Exec(sql, nil)               // $ querystring=sql
+	c.GetAll(sql, nil)             // $ querystring=sql
+	c.GetArray(sql, nil)           // $ querystring=sql
+	c.GetCount(sql, nil)           // $ querystring=sql
+	c.GetOne(sql, nil)             // $ querystring=sql
+	c.GetValue(sql, nil)           // $ querystring=sql
+	c.Prepare(sql, true)           // $ querystring=sql
+	c.Query(sql, nil)              // $ querystring=sql
+	c.Raw(sql, nil)                // $ querystring=sql
+	c.GetScan(nil, sql, nil)       // $ querystring=sql
+	c.GetStruct(nil, sql, nil)     // $ querystring=sql
+	c.GetStructs(nil, sql, nil)    // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
+}
+
+func gogfDbtest(sql string, c gdb.DB) {
+	c.Exec(sql, nil)               // $ querystring=sql
+	c.GetAll(sql, nil)             // $ querystring=sql
+	c.GetArray(sql, nil)           // $ querystring=sql
+	c.GetCount(sql, nil)           // $ querystring=sql
+	c.GetOne(sql, nil)             // $ querystring=sql
+	c.GetValue(sql, nil)           // $ querystring=sql
+	c.Prepare(sql, true)           // $ querystring=sql
+	c.Query(sql, nil)              // $ querystring=sql
+	c.Raw(sql, nil)                // $ querystring=sql
+	c.GetScan(nil, sql, nil)       // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
+}
+
+func gogfGTest(sql string) {
+	c := g.DB("ad")
+	c.Exec(sql, nil)               // $ querystring=sql
+	c.GetAll(sql, nil)             // $ querystring=sql
+	c.GetArray(sql, nil)           // $ querystring=sql
+	c.GetCount(sql, nil)           // $ querystring=sql
+	c.GetOne(sql, nil)             // $ querystring=sql
+	c.GetValue(sql, nil)           // $ querystring=sql
+	c.Prepare(sql, true)           // $ querystring=sql
+	c.Query(sql, nil)              // $ querystring=sql
+	c.Raw(sql, nil)                // $ querystring=sql
+	c.GetScan(nil, sql, nil)       // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
+}
+
+func main() {
+	return
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.ql b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.ql
new file mode 100644
index 00000000000..7b56fd97441
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.ql
@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/database/gdb/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/database/gdb/stub.go
new file mode 100644
index 00000000000..4eef94f8893
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/database/gdb/stub.go
@@ -0,0 +1,1175 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/gogf/gf/database/gdb, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/gogf/gf/database/gdb (exports: DB,Core,TX; functions: )
+
+// Package gdb is a stub of github.com/gogf/gf/database/gdb, generated by depstubber.
+package gdb
+
+import (
+	context "context"
+	sql "database/sql"
+	time "time"
+)
+
+type ChunkHandler func(Result, error) bool
+
+type ConfigNode struct {
+	Host                 string
+	Port                 string
+	User                 string
+	Pass                 string
+	Name                 string
+	Type                 string
+	Link                 string
+	Role                 string
+	Debug                bool
+	Prefix               string
+	DryRun               bool
+	Weight               int
+	Charset              string
+	Timezone             string
+	MaxIdleConnCount     int
+	MaxOpenConnCount     int
+	MaxConnLifeTime      time.Duration
+	QueryTimeout         time.Duration
+	ExecTimeout          time.Duration
+	TranTimeout          time.Duration
+	PrepareTimeout       time.Duration
+	CreatedAt            string
+	UpdatedAt            string
+	DeletedAt            string
+	TimeMaintainDisabled bool
+	CtxStrict            bool
+}
+
+func (_ *ConfigNode) String() string {
+	return ""
+}
+
+type Core struct{}
+
+func (_ *Core) Begin() (*TX, error) {
+	return nil, nil
+}
+
+func (_ *Core) Close(_ context.Context) error {
+	return nil
+}
+
+func (_ *Core) Ctx(_ context.Context) DB {
+	return nil
+}
+
+func (_ *Core) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error) {
+	return "", nil, nil
+}
+
+func (_ *Core) DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *Core) DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) Exec(_ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) GetAll(_ string, _ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) GetArray(_ string, _ ...interface{}) ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Core) GetCache() interface{} {
+	return nil
+}
+
+func (_ *Core) GetChars() (string, string) {
+	return "", ""
+}
+
+func (_ *Core) GetConfig() *ConfigNode {
+	return nil
+}
+
+func (_ *Core) GetCore() *Core {
+	return nil
+}
+
+func (_ *Core) GetCount(_ string, _ ...interface{}) (int, error) {
+	return 0, nil
+}
+
+func (_ *Core) GetCtx() context.Context {
+	return nil
+}
+
+func (_ *Core) GetCtxTimeout(_ int, _ context.Context) (context.Context, context.CancelFunc) {
+	return nil, nil
+}
+
+func (_ *Core) GetDebug() bool {
+	return false
+}
+
+func (_ *Core) GetDryRun() bool {
+	return false
+}
+
+func (_ *Core) GetGroup() string {
+	return ""
+}
+
+func (_ *Core) GetLogger() interface{} {
+	return nil
+}
+
+func (_ *Core) GetOne(_ string, _ ...interface{}) (Record, error) {
+	return nil, nil
+}
+
+func (_ *Core) GetPrefix() string {
+	return ""
+}
+
+func (_ *Core) GetScan(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Core) GetSchema() string {
+	return ""
+}
+
+func (_ *Core) GetStruct(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Core) GetStructs(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Core) GetValue(_ string, _ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Core) HasTable(_ string) (bool, error) {
+	return false, nil
+}
+
+func (_ *Core) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Core) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) MarshalJSON() ([]byte, error) {
+	return nil, nil
+}
+
+func (_ *Core) Master(_ ...string) (*sql.DB, error) {
+	return nil, nil
+}
+
+func (_ *Core) MasterLink(_ ...string) (Link, error) {
+	return nil, nil
+}
+
+func (_ *Core) Model(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Core) PingMaster() error {
+	return nil
+}
+
+func (_ *Core) PingSlave() error {
+	return nil
+}
+
+func (_ *Core) Prepare(_ string, _ ...bool) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *Core) Query(_ string, _ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *Core) QuotePrefixTableName(_ string) string {
+	return ""
+}
+
+func (_ *Core) QuoteString(_ string) string {
+	return ""
+}
+
+func (_ *Core) QuoteWord(_ string) string {
+	return ""
+}
+
+func (_ *Core) Raw(_ string, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Core) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) Schema(_ string) *Schema {
+	return nil
+}
+
+func (_ *Core) SetDebug(_ bool) {}
+
+func (_ *Core) SetDryRun(_ bool) {}
+
+func (_ *Core) SetLogger(_ interface{}) {}
+
+func (_ *Core) SetMaxConnLifeTime(_ time.Duration) {}
+
+func (_ *Core) SetMaxIdleConnCount(_ int) {}
+
+func (_ *Core) SetMaxOpenConnCount(_ int) {}
+
+func (_ *Core) SetSchema(_ string) {}
+
+func (_ *Core) Slave(_ ...string) (*sql.DB, error) {
+	return nil, nil
+}
+
+func (_ *Core) SlaveLink(_ ...string) (Link, error) {
+	return nil, nil
+}
+
+func (_ *Core) Table(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Core) TableFields(_ string, _ ...string) (map[string]*TableField, error) {
+	return nil, nil
+}
+
+func (_ *Core) Tables(_ ...string) ([]string, error) {
+	return nil, nil
+}
+
+func (_ *Core) Transaction(_ context.Context, _ func(context.Context, *TX) error) error {
+	return nil
+}
+
+func (_ *Core) Union(_ ...*Model) *Model {
+	return nil
+}
+
+func (_ *Core) UnionAll(_ ...*Model) *Model {
+	return nil
+}
+
+func (_ *Core) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Core) With(_ ...interface{}) *Model {
+	return nil
+}
+
+type DB interface {
+	Begin() (*TX, error)
+	Close(_ context.Context) error
+	Ctx(_ context.Context) DB
+	Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error)
+	DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error)
+	DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error)
+	DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error)
+	DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error)
+	DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error)
+	DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error)
+	DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error)
+	DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error)
+	Exec(_ string, _ ...interface{}) (sql.Result, error)
+	FilteredLink() string
+	GetAll(_ string, _ ...interface{}) (Result, error)
+	GetArray(_ string, _ ...interface{}) ([]interface{}, error)
+	GetCache() interface{}
+	GetChars() (string, string)
+	GetConfig() *ConfigNode
+	GetCore() *Core
+	GetCount(_ string, _ ...interface{}) (int, error)
+	GetCtx() context.Context
+	GetDebug() bool
+	GetDryRun() bool
+	GetGroup() string
+	GetLogger() interface{}
+	GetOne(_ string, _ ...interface{}) (Record, error)
+	GetPrefix() string
+	GetScan(_ interface{}, _ string, _ ...interface{}) error
+	GetSchema() string
+	GetValue(_ string, _ ...interface{}) (interface{}, error)
+	Insert(_ string, _ interface{}, _ ...int) (sql.Result, error)
+	InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error)
+	InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error)
+	Master(_ ...string) (*sql.DB, error)
+	Model(_ ...interface{}) *Model
+	Open(_ *ConfigNode) (*sql.DB, error)
+	PingMaster() error
+	PingSlave() error
+	Prepare(_ string, _ ...bool) (*Stmt, error)
+	Query(_ string, _ ...interface{}) (*sql.Rows, error)
+	Raw(_ string, _ ...interface{}) *Model
+	Replace(_ string, _ interface{}, _ ...int) (sql.Result, error)
+	Save(_ string, _ interface{}, _ ...int) (sql.Result, error)
+	Schema(_ string) *Schema
+	SetDebug(_ bool)
+	SetDryRun(_ bool)
+	SetLogger(_ interface{})
+	SetMaxConnLifeTime(_ time.Duration)
+	SetMaxIdleConnCount(_ int)
+	SetMaxOpenConnCount(_ int)
+	SetSchema(_ string)
+	Slave(_ ...string) (*sql.DB, error)
+	Table(_ ...interface{}) *Model
+	TableFields(_ context.Context, _ string, _ ...string) (map[string]*TableField, error)
+	Tables(_ context.Context, _ ...string) ([]string, error)
+	Transaction(_ context.Context, _ func(context.Context, *TX) error) error
+	Union(_ ...*Model) *Model
+	UnionAll(_ ...*Model) *Model
+	Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error)
+	With(_ ...interface{}) *Model
+}
+
+type DoInsertOption struct {
+	OnDuplicateStr string
+	OnDuplicateMap map[string]interface{}
+	InsertOption   int
+	BatchCount     int
+}
+
+type Link interface {
+	Exec(_ string, _ ...interface{}) (sql.Result, error)
+	ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error)
+	IsTransaction() bool
+	Prepare(_ string) (*sql.Stmt, error)
+	PrepareContext(_ context.Context, _ string) (*sql.Stmt, error)
+	Query(_ string, _ ...interface{}) (*sql.Rows, error)
+	QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
+}
+
+type Model struct{}
+
+func (_ *Model) All(_ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) And(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Args(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Array(_ ...interface{}) ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Model) As(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) Avg(_ string) (float64, error) {
+	return 0, nil
+}
+
+func (_ *Model) Batch(_ int) *Model {
+	return nil
+}
+
+func (_ *Model) Cache(_ time.Duration, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) Chunk(_ int, _ ChunkHandler) {}
+
+func (_ *Model) Clone() *Model {
+	return nil
+}
+
+func (_ *Model) Count(_ ...interface{}) (int, error) {
+	return 0, nil
+}
+
+func (_ *Model) CountColumn(_ string) (int, error) {
+	return 0, nil
+}
+
+func (_ *Model) Ctx(_ context.Context) *Model {
+	return nil
+}
+
+func (_ *Model) DB(_ DB) *Model {
+	return nil
+}
+
+func (_ *Model) Data(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Decrement(_ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) Delete(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) Distinct() *Model {
+	return nil
+}
+
+func (_ *Model) FieldAvg(_ string, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) FieldCount(_ string, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) FieldMax(_ string, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) FieldMin(_ string, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) FieldSum(_ string, _ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) Fields(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) FieldsEx(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) FieldsExStr(_ string, _ ...string) string {
+	return ""
+}
+
+func (_ *Model) FieldsStr(_ ...string) string {
+	return ""
+}
+
+func (_ *Model) Filter() *Model {
+	return nil
+}
+
+func (_ *Model) FindAll(_ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) FindArray(_ ...interface{}) ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Model) FindCount(_ ...interface{}) (int, error) {
+	return 0, nil
+}
+
+func (_ *Model) FindOne(_ ...interface{}) (Record, error) {
+	return nil, nil
+}
+
+func (_ *Model) FindScan(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Model) FindValue(_ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Model) ForPage(_ int, _ int) *Model {
+	return nil
+}
+
+func (_ *Model) GetCtx() context.Context {
+	return nil
+}
+
+func (_ *Model) GetFieldsExStr(_ string, _ ...string) string {
+	return ""
+}
+
+func (_ *Model) GetFieldsStr(_ ...string) string {
+	return ""
+}
+
+func (_ *Model) Group(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) GroupBy(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) Handler(_ ...ModelHandler) *Model {
+	return nil
+}
+
+func (_ *Model) HasField(_ string) (bool, error) {
+	return false, nil
+}
+
+func (_ *Model) Having(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Increment(_ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) InnerJoin(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) Insert(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) InsertAndGetId(_ ...interface{}) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Model) InsertIgnore(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) LeftJoin(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) Limit(_ ...int) *Model {
+	return nil
+}
+
+func (_ *Model) LockShared() *Model {
+	return nil
+}
+
+func (_ *Model) LockUpdate() *Model {
+	return nil
+}
+
+func (_ *Model) Master() *Model {
+	return nil
+}
+
+func (_ *Model) Max(_ string) (float64, error) {
+	return 0, nil
+}
+
+func (_ *Model) Min(_ string) (float64, error) {
+	return 0, nil
+}
+
+func (_ *Model) Offset(_ int) *Model {
+	return nil
+}
+
+func (_ *Model) OmitEmpty() *Model {
+	return nil
+}
+
+func (_ *Model) OmitEmptyData() *Model {
+	return nil
+}
+
+func (_ *Model) OmitEmptyWhere() *Model {
+	return nil
+}
+
+func (_ *Model) OmitNil() *Model {
+	return nil
+}
+
+func (_ *Model) OmitNilData() *Model {
+	return nil
+}
+
+func (_ *Model) OmitNilWhere() *Model {
+	return nil
+}
+
+func (_ *Model) OnDuplicate(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) OnDuplicateEx(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) One(_ ...interface{}) (Record, error) {
+	return nil, nil
+}
+
+func (_ *Model) Option(_ int) *Model {
+	return nil
+}
+
+func (_ *Model) Or(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Order(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) OrderAsc(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) OrderBy(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) OrderDesc(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) OrderRandom() *Model {
+	return nil
+}
+
+func (_ *Model) Page(_ int, _ int) *Model {
+	return nil
+}
+
+func (_ *Model) Raw(_ string, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Replace(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) RightJoin(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) Safe(_ ...bool) *Model {
+	return nil
+}
+
+func (_ *Model) Save(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) Scan(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Model) ScanList(_ interface{}, _ string, _ ...string) error {
+	return nil
+}
+
+func (_ *Model) Schema(_ string) *Model {
+	return nil
+}
+
+func (_ *Model) Select(_ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) Slave() *Model {
+	return nil
+}
+
+func (_ *Model) Struct(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Model) Structs(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Model) Sum(_ string) (float64, error) {
+	return 0, nil
+}
+
+func (_ *Model) TX(_ *TX) *Model {
+	return nil
+}
+
+func (_ *Model) TableFields(_ string, _ ...string) (map[string]*TableField, error) {
+	return nil, nil
+}
+
+func (_ *Model) Transaction(_ context.Context, _ func(context.Context, *TX) error) error {
+	return nil
+}
+
+func (_ *Model) Union(_ ...*Model) *Model {
+	return nil
+}
+
+func (_ *Model) UnionAll(_ ...*Model) *Model {
+	return nil
+}
+
+func (_ *Model) Unscoped() *Model {
+	return nil
+}
+
+func (_ *Model) Update(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Model) Value(_ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Model) Where(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereBetween(_ string, _ interface{}, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereGT(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereGTE(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereIn(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereLT(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereLTE(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereLike(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNot(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNotBetween(_ string, _ interface{}, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNotIn(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNotLike(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNotNull(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) WhereNull(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOr(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrBetween(_ string, _ interface{}, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrGT(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrGTE(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrIn(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrLT(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrLTE(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrLike(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrNotBetween(_ string, _ interface{}, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrNotIn(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrNotLike(_ string, _ interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrNotNull(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrNull(_ ...string) *Model {
+	return nil
+}
+
+func (_ *Model) WhereOrf(_ string, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WherePri(_ interface{}, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) Wheref(_ string, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) With(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *Model) WithAll() *Model {
+	return nil
+}
+
+type ModelHandler func(*Model) *Model
+
+type Record map[string]interface{}
+
+func (_ Record) GMap() interface{} {
+	return nil
+}
+
+func (_ Record) Interface() interface{} {
+	return nil
+}
+
+func (_ Record) IsEmpty() bool {
+	return false
+}
+
+func (_ Record) Json() string {
+	return ""
+}
+
+func (_ Record) Map() map[string]interface{} {
+	return nil
+}
+
+func (_ Record) Struct(_ interface{}) error {
+	return nil
+}
+
+func (_ Record) Xml(_ ...string) string {
+	return ""
+}
+
+type Result []Record
+
+func (_ Result) Array(_ ...string) []interface{} {
+	return nil
+}
+
+func (_ Result) Chunk(_ int) []Result {
+	return nil
+}
+
+func (_ Result) Interface() interface{} {
+	return nil
+}
+
+func (_ Result) IsEmpty() bool {
+	return false
+}
+
+func (_ Result) Json() string {
+	return ""
+}
+
+func (_ Result) Len() int {
+	return 0
+}
+
+func (_ Result) List() []map[string]interface{} {
+	return nil
+}
+
+func (_ Result) MapKeyInt(_ string) map[int]map[string]interface{} {
+	return nil
+}
+
+func (_ Result) MapKeyStr(_ string) map[string]map[string]interface{} {
+	return nil
+}
+
+func (_ Result) MapKeyUint(_ string) map[uint]map[string]interface{} {
+	return nil
+}
+
+func (_ Result) MapKeyValue(_ string) map[string]interface{} {
+	return nil
+}
+
+func (_ Result) RecordKeyInt(_ string) map[int]Record {
+	return nil
+}
+
+func (_ Result) RecordKeyStr(_ string) map[string]Record {
+	return nil
+}
+
+func (_ Result) RecordKeyUint(_ string) map[uint]Record {
+	return nil
+}
+
+func (_ Result) ScanList(_ interface{}, _ string, _ ...string) error {
+	return nil
+}
+
+func (_ Result) Size() int {
+	return 0
+}
+
+func (_ Result) Structs(_ interface{}) error {
+	return nil
+}
+
+func (_ Result) Xml(_ ...string) string {
+	return ""
+}
+
+type Schema struct{}
+
+func (_ *Schema) Model(_ string) *Model {
+	return nil
+}
+
+func (_ *Schema) Table(_ string) *Model {
+	return nil
+}
+
+type Stmt struct {
+	Stmt *sql.Stmt
+}
+
+func (_ *Stmt) Close() error {
+	return nil
+}
+
+func (_ *Stmt) Exec(_ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) ExecContext(_ context.Context, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) Query(_ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) QueryContext(_ context.Context, _ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) QueryRow(_ ...interface{}) *sql.Row {
+	return nil
+}
+
+func (_ *Stmt) QueryRowContext(_ context.Context, _ ...interface{}) *sql.Row {
+	return nil
+}
+
+type TX struct{}
+
+func (_ *TX) Begin() error {
+	return nil
+}
+
+func (_ *TX) Commit() error {
+	return nil
+}
+
+func (_ *TX) Ctx(_ context.Context) *TX {
+	return nil
+}
+
+func (_ *TX) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) Exec(_ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) GetAll(_ string, _ ...interface{}) (Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) GetCount(_ string, _ ...interface{}) (int, error) {
+	return 0, nil
+}
+
+func (_ *TX) GetOne(_ string, _ ...interface{}) (Record, error) {
+	return nil, nil
+}
+
+func (_ *TX) GetScan(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *TX) GetStruct(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *TX) GetStructs(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *TX) GetValue(_ string, _ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ *TX) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) {
+	return 0, nil
+}
+
+func (_ *TX) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) IsClosed() bool {
+	return false
+}
+
+func (_ *TX) Model(_ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *TX) Prepare(_ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *TX) Query(_ string, _ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *TX) Raw(_ string, _ ...interface{}) *Model {
+	return nil
+}
+
+func (_ *TX) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) Rollback() error {
+	return nil
+}
+
+func (_ *TX) RollbackTo(_ string) error {
+	return nil
+}
+
+func (_ *TX) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) SavePoint(_ string) error {
+	return nil
+}
+
+func (_ *TX) Schema(_ string) *Schema {
+	return nil
+}
+
+func (_ *TX) Transaction(_ context.Context, _ func(context.Context, *TX) error) error {
+	return nil
+}
+
+func (_ *TX) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *TX) With(_ interface{}) *Model {
+	return nil
+}
+
+type TableField struct {
+	Index   int
+	Name    string
+	Type    string
+	Null    bool
+	Key     string
+	Default interface{}
+	Extra   string
+	Comment string
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/frame/g/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/frame/g/stub.go
new file mode 100644
index 00000000000..6bb8a96631f
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/github.com/gogf/gf/frame/g/stub.go
@@ -0,0 +1,14 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/gogf/gf/frame/g, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/gogf/gf/frame/g (exports: ; functions: DB)
+
+// Package g is a stub of github.com/gogf/gf/frame/g, generated by depstubber.
+package g
+
+import "github.com/gogf/gf/database/gdb"
+
+func DB(_ ...string) gdb.DB {
+	return nil
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt
new file mode 100644
index 00000000000..72560d0da5e
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt
@@ -0,0 +1,57 @@
+# github.com/gogf/gf v1.16.9
+## explicit
+github.com/gogf/gf
+# github.com/BurntSushi/toml v0.3.1
+## explicit
+github.com/BurntSushi/toml
+# github.com/clbanning/mxj v1.8.5-0.20200714211355-ff02cfb8ea28
+## explicit
+github.com/clbanning/mxj
+# github.com/fatih/color v1.12.0
+## explicit
+github.com/fatih/color
+# github.com/fsnotify/fsnotify v1.4.9
+## explicit
+github.com/fsnotify/fsnotify
+# github.com/go-sql-driver/mysql v1.6.0
+## explicit
+github.com/go-sql-driver/mysql
+# github.com/gomodule/redigo v1.8.5
+## explicit
+github.com/gomodule/redigo
+# github.com/gorilla/websocket v1.4.2
+## explicit
+github.com/gorilla/websocket
+# github.com/grokify/html-strip-tags-go v0.0.1
+## explicit
+github.com/grokify/html-strip-tags-go
+# github.com/mattn/go-colorable v0.1.8
+## explicit
+github.com/mattn/go-colorable
+# github.com/mattn/go-isatty v0.0.12
+## explicit
+github.com/mattn/go-isatty
+# github.com/mattn/go-runewidth v0.0.9
+## explicit
+github.com/mattn/go-runewidth
+# github.com/olekukonko/tablewriter v0.0.5
+## explicit
+github.com/olekukonko/tablewriter
+# go.opentelemetry.io/otel v1.0.0
+## explicit
+go.opentelemetry.io/otel
+# go.opentelemetry.io/otel/trace v1.0.0
+## explicit
+go.opentelemetry.io/otel/trace
+# golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
+## explicit
+golang.org/x/net
+# golang.org/x/sys v0.0.0-20210423082822-04245dca01da
+## explicit
+golang.org/x/sys
+# golang.org/x/text v0.3.6
+## explicit
+golang.org/x/text
+# gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+## explicit
+gopkg.in/yaml.v3
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/go.mod
new file mode 100644
index 00000000000..1f243775658
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/go.mod
@@ -0,0 +1,5 @@
+module main
+
+go 1.18
+
+require github.com/rqlite/gorqlite v0.0.0-20220528150909-c4e99ae96be6
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.expected b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.expected
new file mode 100644
index 00000000000..cbd8166ea5e
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.expected
@@ -0,0 +1,6 @@
+| gorqlite.go:11:13:11:16 | sqls |
+| gorqlite.go:12:13:12:16 | sqls |
+| gorqlite.go:13:13:13:16 | sqls |
+| gorqlite.go:14:16:14:18 | sql |
+| gorqlite.go:15:16:15:18 | sql |
+| gorqlite.go:16:16:16:18 | sql |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.go
new file mode 100644
index 00000000000..9b60c6684e6
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.go
@@ -0,0 +1,20 @@
+package main
+
+//go:generate depstubber -vendor github.com/rqlite/gorqlite Connection Open
+
+import (
+	"github.com/rqlite/gorqlite"
+)
+
+func gorqlitetest(sql string, sqls []string) {
+	conn, _ := gorqlite.Open("dbUrl")
+	conn.Query(sqls)   // $ querystring=sqls
+	conn.Queue(sqls)   // $ querystring=sqls
+	conn.Write(sqls)   // $ querystring=sqls
+	conn.QueryOne(sql) // $ querystring=sql
+	conn.QueueOne(sql) // $ querystring=sql
+	conn.WriteOne(sql) // $ querystring=sql
+}
+func main() {
+	return
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.ql b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.ql
new file mode 100644
index 00000000000..7b56fd97441
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/gorqlite.ql
@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/github.com/rqlite/gorqlite/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/github.com/rqlite/gorqlite/stub.go
new file mode 100644
index 00000000000..f6f4ca18ec1
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/github.com/rqlite/gorqlite/stub.go
@@ -0,0 +1,102 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/rqlite/gorqlite, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/rqlite/gorqlite (exports: Connection; functions: Open)
+
+// Package gorqlite is a stub of github.com/rqlite/gorqlite, generated by depstubber.
+package gorqlite
+
+type Connection struct {
+	ID string
+}
+
+func (_ *Connection) Close() {}
+
+func (_ *Connection) ConsistencyLevel() (string, error) {
+	return "", nil
+}
+
+func (_ *Connection) Leader() (string, error) {
+	return "", nil
+}
+
+func (_ *Connection) Peers() ([]string, error) {
+	return nil, nil
+}
+
+func (_ *Connection) Query(_ []string) ([]QueryResult, error) {
+	return nil, nil
+}
+
+func (_ *Connection) QueryOne(_ string) (QueryResult, error) {
+	return QueryResult{}, nil
+}
+
+func (_ *Connection) Queue(_ []string) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Connection) QueueOne(_ string) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Connection) SetConsistencyLevel(_ string) error {
+	return nil
+}
+
+func (_ *Connection) SetExecutionWithTransaction(_ bool) error {
+	return nil
+}
+
+func (_ *Connection) Write(_ []string) ([]WriteResult, error) {
+	return nil, nil
+}
+
+func (_ *Connection) WriteOne(_ string) (WriteResult, error) {
+	return WriteResult{}, nil
+}
+
+func Open(_ string) (Connection, error) {
+	return Connection{}, nil
+}
+
+type QueryResult struct {
+	Err    error
+	Timing float64
+}
+
+func (_ *QueryResult) Columns() []string {
+	return nil
+}
+
+func (_ *QueryResult) Map() (map[string]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *QueryResult) Next() bool {
+	return false
+}
+
+func (_ *QueryResult) NumRows() int64 {
+	return 0
+}
+
+func (_ *QueryResult) RowNumber() int64 {
+	return 0
+}
+
+func (_ *QueryResult) Scan(_ ...interface{}) error {
+	return nil
+}
+
+func (_ *QueryResult) Types() []string {
+	return nil
+}
+
+type WriteResult struct {
+	Err          error
+	Timing       float64
+	RowsAffected int64
+	LastInsertID int64
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/modules.txt
new file mode 100644
index 00000000000..f5e5b9989ed
--- /dev/null
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/vendor/modules.txt
@@ -0,0 +1,3 @@
+# github.com/rqlite/gorqlite v0.0.0-20220528150909-c4e99ae96be6
+## explicit
+github.com/rqlite/gorqlite
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.expected b/go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.expected
index f24231f8566..404524ec3d6 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.expected
@@ -1,17 +1,17 @@
-| test.go:26:16:26:35 | call to getUntrustedString : string | test.go:33:14:33:23 | sUntrusted |
-| test.go:26:16:26:35 | call to getUntrustedString : string | test.go:35:14:35:23 | sUntrusted |
-| test.go:26:16:26:35 | call to getUntrustedString : string | test.go:41:18:41:27 | sUntrusted |
-| test.go:26:16:26:35 | call to getUntrustedString : string | test.go:51:13:51:16 | str3 |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:30:12:30:21 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:31:13:31:22 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:32:15:32:24 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:34:17:34:26 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:36:17:36:26 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:38:16:38:25 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:39:17:39:26 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:40:19:40:28 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:42:21:42:30 | pUntrusted |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:45:13:45:16 | str1 |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:48:13:48:16 | str2 |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:54:13:54:16 | str4 |
-| test.go:28:16:28:35 | call to getUntrustedStruct : Person | test.go:57:13:57:16 | str5 |
+| test.go:26:16:26:35 | call to getUntrustedString | test.go:33:14:33:23 | sUntrusted |
+| test.go:26:16:26:35 | call to getUntrustedString | test.go:35:14:35:23 | sUntrusted |
+| test.go:26:16:26:35 | call to getUntrustedString | test.go:41:18:41:27 | sUntrusted |
+| test.go:26:16:26:35 | call to getUntrustedString | test.go:51:13:51:16 | str3 |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:30:12:30:21 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:31:13:31:22 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:32:15:32:24 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:34:17:34:26 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:36:17:36:26 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:38:16:38:25 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:39:17:39:26 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:40:19:40:28 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:42:21:42:30 | pUntrusted |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:45:13:45:16 | str1 |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:48:13:48:16 | str2 |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:54:13:54:16 | str4 |
+| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:57:13:57:16 | str5 |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql
index bc41ecbd76e..8a3456691a9 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql
@@ -13,13 +13,13 @@ class Link extends TaintTracking::FunctionModel {
   }
 }
 
-predicate isSource(DataFlow::Node source, DataFlow::CallNode call) {
+predicate callResultisSource(DataFlow::Node source, DataFlow::CallNode call) {
   exists(Function fn | fn.hasQualifiedName(_, "newSource") |
     call = fn.getACall() and source = call.getResult()
   )
 }
 
-predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
+predicate callArgumentisSink(DataFlow::Node sink, DataFlow::CallNode call) {
   exists(Function fn | fn.hasQualifiedName(_, "sink") |
     call = fn.getACall() and sink = call.getArgument(1)
   )
@@ -28,9 +28,9 @@ predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
 class FlowConf extends TaintTracking::Configuration {
   FlowConf() { this = "FlowConf" }
 
-  override predicate isSource(DataFlow::Node source) { isSource(source, _) }
+  override predicate isSource(DataFlow::Node source) { callResultisSource(source, _) }
 
-  override predicate isSink(DataFlow::Node sink) { isSink(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { callArgumentisSink(sink, _) }
 }
 
 /**
@@ -43,8 +43,8 @@ predicate flowsToSink(DataFlow::CallNode sourceCall) {
   |
     cfg.hasFlowPath(source, sink) and
     (
-      isSource(source.getNode(), sourceCall) and
-      isSink(sink.getNode(), sinkCall) and
+      callResultisSource(source.getNode(), sourceCall) and
+      callArgumentisSink(sink.getNode(), sinkCall) and
       sourceCall.getArgument(0).getIntValue() = sinkCall.getArgument(0).getIntValue()
     )
   )
@@ -52,5 +52,5 @@ predicate flowsToSink(DataFlow::CallNode sourceCall) {
 
 /* Show only flow sources that DON'T flow to their dedicated sink. */
 from DataFlow::CallNode sourceCall
-where isSource(_, sourceCall) and not flowsToSink(sourceCall)
+where callResultisSource(_, sourceCall) and not flowsToSink(sourceCall)
 select sourceCall, "No flow to its sink"
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
index 8a4bf0b48ed..aa0daf2d591 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
@@ -1,79 +1,43 @@
 edges
-| test.go:10:2:10:42 | ... := ...[0] : pointer type | test.go:14:15:14:55 | type conversion |
-| test.go:10:2:10:42 | ... := ...[0] : pointer type | test.go:14:42:14:47 | implicit dereference : Cookie |
-| test.go:14:42:14:47 | implicit dereference : Cookie | test.go:14:15:14:55 | type conversion |
-| test.go:14:42:14:47 | implicit dereference : Cookie | test.go:14:42:14:47 | implicit dereference : Cookie |
-| test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:17:15:17:31 | type conversion |
-| test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:17:22:17:25 | implicit dereference : Node |
-| test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:28:22:28:25 | node |
-| test.go:17:22:17:25 | implicit dereference : Node | test.go:17:15:17:31 | type conversion |
-| test.go:17:22:17:25 | implicit dereference : Node | test.go:17:22:17:25 | implicit dereference : Node |
-| test.go:17:22:17:25 | implicit dereference : Node | test.go:28:22:28:25 | node |
-| test.go:19:36:19:47 | selection of Body : ReadCloser | test.go:20:15:20:32 | type conversion |
-| test.go:19:36:19:47 | selection of Body : ReadCloser | test.go:20:22:20:26 | implicit dereference : Node |
-| test.go:20:22:20:26 | implicit dereference : Node | test.go:20:15:20:32 | type conversion |
-| test.go:20:22:20:26 | implicit dereference : Node | test.go:20:22:20:26 | implicit dereference : Node |
-| test.go:22:33:22:44 | selection of Body : ReadCloser | test.go:23:15:23:35 | type conversion |
-| test.go:22:33:22:44 | selection of Body : ReadCloser | test.go:23:22:23:29 | implicit dereference : Node |
-| test.go:22:33:22:44 | selection of Body : ReadCloser | test.go:23:22:23:29 | index expression : pointer type |
-| test.go:23:22:23:29 | implicit dereference : Node | test.go:23:15:23:35 | type conversion |
-| test.go:23:22:23:29 | implicit dereference : Node | test.go:23:22:23:29 | implicit dereference : Node |
-| test.go:23:22:23:29 | implicit dereference : Node | test.go:23:22:23:29 | index expression : pointer type |
-| test.go:23:22:23:29 | index expression : pointer type | test.go:23:15:23:35 | type conversion |
-| test.go:23:22:23:29 | index expression : pointer type | test.go:23:22:23:29 | implicit dereference : Node |
-| test.go:23:22:23:29 | index expression : pointer type | test.go:23:22:23:29 | index expression : pointer type |
-| test.go:25:45:25:56 | selection of Body : ReadCloser | test.go:26:15:26:36 | type conversion |
-| test.go:25:45:25:56 | selection of Body : ReadCloser | test.go:26:22:26:30 | implicit dereference : Node |
-| test.go:25:45:25:56 | selection of Body : ReadCloser | test.go:26:22:26:30 | index expression : pointer type |
-| test.go:26:22:26:30 | implicit dereference : Node | test.go:26:15:26:36 | type conversion |
-| test.go:26:22:26:30 | implicit dereference : Node | test.go:26:22:26:30 | implicit dereference : Node |
-| test.go:26:22:26:30 | implicit dereference : Node | test.go:26:22:26:30 | index expression : pointer type |
-| test.go:26:22:26:30 | index expression : pointer type | test.go:26:15:26:36 | type conversion |
-| test.go:26:22:26:30 | index expression : pointer type | test.go:26:22:26:30 | implicit dereference : Node |
-| test.go:26:22:26:30 | index expression : pointer type | test.go:26:22:26:30 | index expression : pointer type |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:31:15:31:34 | call to Buffered |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:32:15:32:29 | call to Raw |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:34:15:34:19 | value |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:35:15:35:30 | call to Text |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:36:15:36:44 | type conversion |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:36:22:36:38 | call to Token : Token |
-| test.go:36:22:36:38 | call to Token : Token | test.go:36:15:36:44 | type conversion |
+| test.go:10:2:10:42 | ... := ...[0] | test.go:14:15:14:55 | type conversion |
+| test.go:16:24:16:35 | selection of Body | test.go:17:15:17:31 | type conversion |
+| test.go:16:24:16:35 | selection of Body | test.go:28:22:28:25 | node |
+| test.go:19:36:19:47 | selection of Body | test.go:20:15:20:32 | type conversion |
+| test.go:22:33:22:44 | selection of Body | test.go:23:15:23:35 | type conversion |
+| test.go:25:45:25:56 | selection of Body | test.go:26:15:26:36 | type conversion |
+| test.go:30:33:30:44 | selection of Body | test.go:31:15:31:34 | call to Buffered |
+| test.go:30:33:30:44 | selection of Body | test.go:32:15:32:29 | call to Raw |
+| test.go:30:33:30:44 | selection of Body | test.go:34:15:34:19 | value |
+| test.go:30:33:30:44 | selection of Body | test.go:35:15:35:30 | call to Text |
+| test.go:30:33:30:44 | selection of Body | test.go:36:15:36:44 | type conversion |
 nodes
-| test.go:10:2:10:42 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| test.go:10:2:10:42 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:14:15:14:55 | type conversion | semmle.label | type conversion |
-| test.go:14:42:14:47 | implicit dereference : Cookie | semmle.label | implicit dereference : Cookie |
-| test.go:16:24:16:35 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| test.go:16:24:16:35 | selection of Body | semmle.label | selection of Body |
 | test.go:17:15:17:31 | type conversion | semmle.label | type conversion |
-| test.go:17:22:17:25 | implicit dereference : Node | semmle.label | implicit dereference : Node |
-| test.go:19:36:19:47 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| test.go:19:36:19:47 | selection of Body | semmle.label | selection of Body |
 | test.go:20:15:20:32 | type conversion | semmle.label | type conversion |
-| test.go:20:22:20:26 | implicit dereference : Node | semmle.label | implicit dereference : Node |
-| test.go:22:33:22:44 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| test.go:22:33:22:44 | selection of Body | semmle.label | selection of Body |
 | test.go:23:15:23:35 | type conversion | semmle.label | type conversion |
-| test.go:23:22:23:29 | implicit dereference : Node | semmle.label | implicit dereference : Node |
-| test.go:23:22:23:29 | index expression : pointer type | semmle.label | index expression : pointer type |
-| test.go:25:45:25:56 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| test.go:25:45:25:56 | selection of Body | semmle.label | selection of Body |
 | test.go:26:15:26:36 | type conversion | semmle.label | type conversion |
-| test.go:26:22:26:30 | implicit dereference : Node | semmle.label | implicit dereference : Node |
-| test.go:26:22:26:30 | index expression : pointer type | semmle.label | index expression : pointer type |
 | test.go:28:22:28:25 | node | semmle.label | node |
-| test.go:30:33:30:44 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| test.go:30:33:30:44 | selection of Body | semmle.label | selection of Body |
 | test.go:31:15:31:34 | call to Buffered | semmle.label | call to Buffered |
 | test.go:32:15:32:29 | call to Raw | semmle.label | call to Raw |
 | test.go:34:15:34:19 | value | semmle.label | value |
 | test.go:35:15:35:30 | call to Text | semmle.label | call to Text |
 | test.go:36:15:36:44 | type conversion | semmle.label | type conversion |
-| test.go:36:22:36:38 | call to Token : Token | semmle.label | call to Token : Token |
 subpaths
 #select
-| test.go:14:15:14:55 | type conversion | test.go:10:2:10:42 | ... := ...[0] : pointer type | test.go:14:15:14:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:10:2:10:42 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:17:15:17:31 | type conversion | test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:17:15:17:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:20:15:20:32 | type conversion | test.go:19:36:19:47 | selection of Body : ReadCloser | test.go:20:15:20:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:19:36:19:47 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:23:15:23:35 | type conversion | test.go:22:33:22:44 | selection of Body : ReadCloser | test.go:23:15:23:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:22:33:22:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:26:15:26:36 | type conversion | test.go:25:45:25:56 | selection of Body : ReadCloser | test.go:26:15:26:36 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:25:45:25:56 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:28:22:28:25 | node | test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:28:22:28:25 | node | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:31:15:31:34 | call to Buffered | test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:31:15:31:34 | call to Buffered | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:32:15:32:29 | call to Raw | test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:32:15:32:29 | call to Raw | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:34:15:34:19 | value | test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:34:15:34:19 | value | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:35:15:35:30 | call to Text | test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:35:15:35:30 | call to Text | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:36:15:36:44 | type conversion | test.go:30:33:30:44 | selection of Body : ReadCloser | test.go:36:15:36:44 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:14:15:14:55 | type conversion | test.go:10:2:10:42 | ... := ...[0] | test.go:14:15:14:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:10:2:10:42 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:17:15:17:31 | type conversion | test.go:16:24:16:35 | selection of Body | test.go:17:15:17:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:20:15:20:32 | type conversion | test.go:19:36:19:47 | selection of Body | test.go:20:15:20:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:19:36:19:47 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:23:15:23:35 | type conversion | test.go:22:33:22:44 | selection of Body | test.go:23:15:23:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:22:33:22:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:26:15:26:36 | type conversion | test.go:25:45:25:56 | selection of Body | test.go:26:15:26:36 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:25:45:25:56 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:28:22:28:25 | node | test.go:16:24:16:35 | selection of Body | test.go:28:22:28:25 | node | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:31:15:31:34 | call to Buffered | test.go:30:33:30:44 | selection of Body | test.go:31:15:31:34 | call to Buffered | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:32:15:32:29 | call to Raw | test.go:30:33:30:44 | selection of Body | test.go:32:15:32:29 | call to Raw | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:34:15:34:19 | value | test.go:30:33:30:44 | selection of Body | test.go:34:15:34:19 | value | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:35:15:35:30 | call to Text | test.go:30:33:30:44 | selection of Body | test.go:35:15:35:30 | call to Text | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:36:15:36:44 | type conversion | test.go:30:33:30:44 | selection of Body | test.go:36:15:36:44 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:30:33:30:44 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go |  |
diff --git a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected
index f73dd03f976..029366069d2 100644
--- a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected
+++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected
@@ -1,12 +1,12 @@
 edges
-| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re |
+| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" | IncompleteHostnameRegexp.go:12:38:12:39 | re |
 nodes
-| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | semmle.label | "^((www\|beta).)?example.com/" : string |
+| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" | semmle.label | "^((www\|beta).)?example.com/" |
 | IncompleteHostnameRegexp.go:12:38:12:39 | re | semmle.label | re |
 | main.go:39:60:39:79 | "^test2.github.com$" | semmle.label | "^test2.github.com$" |
 | main.go:44:15:44:39 | `https://www.example.com` | semmle.label | `https://www.example.com` |
 subpaths
 #select
-| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | the regular expression is used |
+| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | the regular expression is used |
 | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when $@. | main.go:39:60:39:79 | "^test2.github.com$" | the regular expression is used |
 | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when $@. | main.go:44:15:44:39 | `https://www.example.com` | the regular expression is used |
diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
index acbcbcdeb31..3e26f767b5e 100644
--- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
@@ -1,19 +1,15 @@
 edges
-| TaintedPath.go:13:18:13:22 | selection of URL : pointer type | TaintedPath.go:16:29:16:40 | tainted_path |
-| TaintedPath.go:13:18:13:22 | selection of URL : pointer type | TaintedPath.go:20:28:20:69 | call to Join |
-| tst.go:14:2:14:39 | ... := ...[1] : pointer type | tst.go:17:41:17:47 | implicit dereference : FileHeader |
-| tst.go:14:2:14:39 | ... := ...[1] : pointer type | tst.go:17:41:17:56 | selection of Filename |
-| tst.go:17:41:17:47 | implicit dereference : FileHeader | tst.go:17:41:17:47 | implicit dereference : FileHeader |
-| tst.go:17:41:17:47 | implicit dereference : FileHeader | tst.go:17:41:17:56 | selection of Filename |
+| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path |
+| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join |
+| tst.go:14:2:14:39 | ... := ...[1] | tst.go:17:41:17:56 | selection of Filename |
 nodes
-| TaintedPath.go:13:18:13:22 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| TaintedPath.go:13:18:13:22 | selection of URL | semmle.label | selection of URL |
 | TaintedPath.go:16:29:16:40 | tainted_path | semmle.label | tainted_path |
 | TaintedPath.go:20:28:20:69 | call to Join | semmle.label | call to Join |
-| tst.go:14:2:14:39 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type |
-| tst.go:17:41:17:47 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
+| tst.go:14:2:14:39 | ... := ...[1] | semmle.label | ... := ...[1] |
 | tst.go:17:41:17:56 | selection of Filename | semmle.label | selection of Filename |
 subpaths
 #select
-| TaintedPath.go:16:29:16:40 | tainted_path | TaintedPath.go:13:18:13:22 | selection of URL : pointer type | TaintedPath.go:16:29:16:40 | tainted_path | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
-| TaintedPath.go:20:28:20:69 | call to Join | TaintedPath.go:13:18:13:22 | selection of URL : pointer type | TaintedPath.go:20:28:20:69 | call to Join | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
-| tst.go:17:41:17:56 | selection of Filename | tst.go:14:2:14:39 | ... := ...[1] : pointer type | tst.go:17:41:17:56 | selection of Filename | This path depends on a $@. | tst.go:14:2:14:39 | ... := ...[1] | user-provided value |
+| TaintedPath.go:16:29:16:40 | tainted_path | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
+| TaintedPath.go:20:28:20:69 | call to Join | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
+| tst.go:17:41:17:56 | selection of Filename | tst.go:14:2:14:39 | ... := ...[1] | tst.go:17:41:17:56 | selection of Filename | This path depends on a $@. | tst.go:14:2:14:39 | ... := ...[1] | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
index f44b118d7d5..da8dc7ed50e 100644
--- a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
@@ -1,22 +1,22 @@
 edges
-| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName : string | UnsafeUnzipSymlink.go:112:13:112:20 | linkName |
-| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName : string | UnsafeUnzipSymlink.go:112:23:112:30 | fileName |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname : string | UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName : string |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name : string | UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName : string |
+| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | UnsafeUnzipSymlink.go:112:13:112:20 | linkName |
+| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | UnsafeUnzipSymlink.go:112:23:112:30 | fileName |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName |
 nodes
 | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | semmle.label | selection of Name |
 | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | semmle.label | selection of Name |
-| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName : string | semmle.label | definition of linkName : string |
-| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName : string | semmle.label | definition of fileName : string |
+| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | semmle.label | definition of linkName |
+| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | semmle.label | definition of fileName |
 | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | semmle.label | linkName |
 | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname : string | semmle.label | selection of Linkname : string |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name : string | semmle.label | selection of Name : string |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | semmle.label | selection of Linkname |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | semmle.label | selection of Name |
 subpaths
 #select
 | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | symlink creation |
 | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | symlink creation |
 | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | symlink creation |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname : string | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name : string | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation |
diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
index 35714558cc5..1506632f5c5 100644
--- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
@@ -1,59 +1,27 @@
 edges
-| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate : string | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname : string |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name : string |
-| UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname : string |
-| UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name : string |
-| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname : string | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate : string |
-| UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname : string |
-| UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name : string |
-| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name : string | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate : string |
-| ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | ZipSlip.go:12:24:12:24 | implicit dereference : File |
-| ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | ZipSlip.go:12:24:12:24 | implicit read of field FileHeader : FileHeader |
-| ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | ZipSlip.go:14:20:14:20 | p |
-| ZipSlip.go:12:24:12:24 | implicit dereference : File | ZipSlip.go:12:24:12:24 | implicit dereference : File |
-| ZipSlip.go:12:24:12:24 | implicit dereference : File | ZipSlip.go:12:24:12:24 | implicit read of field FileHeader : FileHeader |
-| ZipSlip.go:12:24:12:24 | implicit dereference : File | ZipSlip.go:14:20:14:20 | p |
-| ZipSlip.go:12:24:12:24 | implicit read of field FileHeader : FileHeader | ZipSlip.go:14:20:14:20 | p |
-| tarslip.go:15:2:15:30 | ... := ...[0] : pointer type | tarslip.go:16:14:16:34 | call to Dir |
-| tarslip.go:15:2:15:30 | ... := ...[0] : pointer type | tarslip.go:16:23:16:28 | implicit dereference : Header |
-| tarslip.go:16:23:16:28 | implicit dereference : Header | tarslip.go:16:14:16:34 | call to Dir |
-| tarslip.go:16:23:16:28 | implicit dereference : Header | tarslip.go:16:23:16:28 | implicit dereference : Header |
-| tst.go:23:2:43:2 | range statement[1] : pointer type | tst.go:24:11:24:11 | implicit dereference : File |
-| tst.go:23:2:43:2 | range statement[1] : pointer type | tst.go:24:11:24:11 | implicit read of field FileHeader : FileHeader |
-| tst.go:23:2:43:2 | range statement[1] : pointer type | tst.go:29:20:29:23 | path |
-| tst.go:24:11:24:11 | implicit dereference : File | tst.go:24:11:24:11 | implicit dereference : File |
-| tst.go:24:11:24:11 | implicit dereference : File | tst.go:24:11:24:11 | implicit read of field FileHeader : FileHeader |
-| tst.go:24:11:24:11 | implicit dereference : File | tst.go:29:20:29:23 | path |
-| tst.go:24:11:24:11 | implicit read of field FileHeader : FileHeader | tst.go:29:20:29:23 | path |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name |
+| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
+| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir |
+| tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path |
 nodes
-| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate : string | semmle.label | definition of candidate : string |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate |
 | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | semmle.label | call to Join |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
-| UnsafeUnzipSymlinkGood.go:76:24:76:29 | implicit dereference : Header | semmle.label | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname : string | semmle.label | selection of Linkname : string |
-| UnsafeUnzipSymlinkGood.go:76:70:76:75 | implicit dereference : Header | semmle.label | implicit dereference : Header |
-| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name : string | semmle.label | selection of Name : string |
-| ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | semmle.label | range statement[1] : pointer type |
-| ZipSlip.go:12:24:12:24 | implicit dereference : File | semmle.label | implicit dereference : File |
-| ZipSlip.go:12:24:12:24 | implicit read of field FileHeader : FileHeader | semmle.label | implicit read of field FileHeader : FileHeader |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | semmle.label | ... := ...[0] |
+| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | semmle.label | selection of Linkname |
+| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | semmle.label | selection of Name |
+| ZipSlip.go:11:2:15:2 | range statement[1] | semmle.label | range statement[1] |
 | ZipSlip.go:14:20:14:20 | p | semmle.label | p |
-| tarslip.go:15:2:15:30 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| tarslip.go:15:2:15:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tarslip.go:16:14:16:34 | call to Dir | semmle.label | call to Dir |
-| tarslip.go:16:23:16:28 | implicit dereference : Header | semmle.label | implicit dereference : Header |
-| tst.go:23:2:43:2 | range statement[1] : pointer type | semmle.label | range statement[1] : pointer type |
-| tst.go:24:11:24:11 | implicit dereference : File | semmle.label | implicit dereference : File |
-| tst.go:24:11:24:11 | implicit read of field FileHeader : FileHeader | semmle.label | implicit read of field FileHeader : FileHeader |
+| tst.go:23:2:43:2 | range statement[1] | semmle.label | range statement[1] |
 | tst.go:29:20:29:23 | path | semmle.label | path |
 subpaths
 #select
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
-| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
-| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:15:2:15:30 | ... := ...[0] : pointer type | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation |
-| tst.go:23:2:43:2 | range statement[1] | tst.go:23:2:43:2 | range statement[1] : pointer type | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation |
+| tst.go:23:2:43:2 | range statement[1] | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation |
diff --git a/go/ql/test/query-tests/Security/CWE-078/ArgumentInjection.go b/go/ql/test/query-tests/Security/CWE-078/ArgumentInjection.go
new file mode 100644
index 00000000000..d38d4662542
--- /dev/null
+++ b/go/ql/test/query-tests/Security/CWE-078/ArgumentInjection.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"net/http"
+	"os/exec"
+)
+
+func handler2(req *http.Request) {
+	path := req.URL.Query()["path"][0]
+	cmd := exec.Command("rsync", path, "/tmp")
+	cmd.Run()
+}
diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
index 02c56107106..b55f04d6eed 100644
--- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -1,49 +1,52 @@
 edges
-| CommandInjection.go:9:13:9:19 | selection of URL : pointer type | CommandInjection.go:10:22:10:28 | cmdName |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:12:31:12:37 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:13:31:13:37 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:14:30:14:36 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:15:35:15:41 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:16:36:16:42 | tainted |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:40:23:40:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:54:23:54:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:70:23:70:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:80:23:80:29 | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:96:24:96:34 | slice expression |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:101:24:101:34 | slice expression |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:105:30:105:36 | tainted : string |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:112:24:112:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:118:24:118:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:124:24:124:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:130:24:130:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:137:24:137:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:144:24:144:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:148:30:148:36 | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:152:24:152:30 | tainted |
-| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] : string | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
-| SanitizingDoubleDash.go:105:30:105:36 | tainted : string | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] : string |
+| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:10:31:10:34 | path |
+| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:10:22:10:28 | cmdName |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:12:31:12:37 | tainted |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:13:31:13:37 | tainted |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:14:30:14:36 | tainted |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:15:35:15:41 | tainted |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:16:36:16:42 | tainted |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:40:23:40:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:54:23:54:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:70:23:70:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:80:23:80:29 | tainted |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:96:24:96:34 | slice expression |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:101:24:101:34 | slice expression |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:105:30:105:36 | tainted |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:112:24:112:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:118:24:118:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:124:24:124:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:130:24:130:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:137:24:137:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:144:24:144:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:148:30:148:36 | tainted |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:152:24:152:30 | tainted |
+| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
+| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] |
 nodes
-| CommandInjection.go:9:13:9:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| ArgumentInjection.go:9:10:9:16 | selection of URL | semmle.label | selection of URL |
+| ArgumentInjection.go:10:31:10:34 | path | semmle.label | path |
+| CommandInjection.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
 | CommandInjection.go:10:22:10:28 | cmdName | semmle.label | cmdName |
-| GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| GitSubcommands.go:10:13:10:19 | selection of URL | semmle.label | selection of URL |
 | GitSubcommands.go:12:31:12:37 | tainted | semmle.label | tainted |
 | GitSubcommands.go:13:31:13:37 | tainted | semmle.label | tainted |
 | GitSubcommands.go:14:30:14:36 | tainted | semmle.label | tainted |
 | GitSubcommands.go:15:35:15:41 | tainted | semmle.label | tainted |
 | GitSubcommands.go:16:36:16:42 | tainted | semmle.label | tainted |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:14:23:14:33 | slice expression | semmle.label | slice expression |
 | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:96:24:96:34 | slice expression | semmle.label | slice expression |
 | SanitizingDoubleDash.go:101:24:101:34 | slice expression | semmle.label | slice expression |
-| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] : string | semmle.label | slice literal [array] : string |
-| SanitizingDoubleDash.go:105:30:105:36 | tainted : string | semmle.label | tainted : string |
+| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:105:30:105:36 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | semmle.label | arrayLit |
@@ -55,25 +58,26 @@ nodes
 | SanitizingDoubleDash.go:152:24:152:30 | tainted | semmle.label | tainted |
 subpaths
 #select
-| CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL : pointer type | CommandInjection.go:10:22:10:28 | cmdName | This command depends on a $@. | CommandInjection.go:9:13:9:19 | selection of URL | user-provided value |
-| GitSubcommands.go:12:31:12:37 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:12:31:12:37 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
-| GitSubcommands.go:13:31:13:37 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:13:31:13:37 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
-| GitSubcommands.go:14:30:14:36 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:14:30:14:36 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
-| GitSubcommands.go:15:35:15:41 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:15:35:15:41 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
-| GitSubcommands.go:16:36:16:42 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:16:36:16:42 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:14:23:14:33 | slice expression | SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:14:23:14:33 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:40:23:40:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:54:23:54:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:70:23:70:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:80:23:80:29 | tainted | SanitizingDoubleDash.go:9:13:9:19 | selection of URL : pointer type | SanitizingDoubleDash.go:80:23:80:29 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:96:24:96:34 | slice expression | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:96:24:96:34 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:101:24:101:34 | slice expression | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:101:24:101:34 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:106:24:106:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:112:24:112:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:118:24:118:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:124:24:124:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:130:24:130:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:137:24:137:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:144:24:144:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:148:30:148:36 | tainted | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:148:30:148:36 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
-| SanitizingDoubleDash.go:152:24:152:30 | tainted | SanitizingDoubleDash.go:92:13:92:19 | selection of URL : pointer type | SanitizingDoubleDash.go:152:24:152:30 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| ArgumentInjection.go:10:31:10:34 | path | ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:10:31:10:34 | path | This command depends on a $@. | ArgumentInjection.go:9:10:9:16 | selection of URL | user-provided value |
+| CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:10:22:10:28 | cmdName | This command depends on a $@. | CommandInjection.go:9:13:9:19 | selection of URL | user-provided value |
+| GitSubcommands.go:12:31:12:37 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:12:31:12:37 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
+| GitSubcommands.go:13:31:13:37 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:13:31:13:37 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
+| GitSubcommands.go:14:30:14:36 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:14:30:14:36 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
+| GitSubcommands.go:15:35:15:41 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:15:35:15:41 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
+| GitSubcommands.go:16:36:16:42 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:16:36:16:42 | tainted | This command depends on a $@. | GitSubcommands.go:10:13:10:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:14:23:14:33 | slice expression | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:14:23:14:33 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:40:23:40:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:54:23:54:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:70:23:70:30 | arrayLit | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:80:23:80:29 | tainted | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:80:23:80:29 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:96:24:96:34 | slice expression | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:96:24:96:34 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:101:24:101:34 | slice expression | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:101:24:101:34 | slice expression | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:106:24:106:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:112:24:112:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:118:24:118:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:124:24:124:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:130:24:130:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:137:24:137:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:144:24:144:31 | arrayLit | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:148:30:148:36 | tainted | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:148:30:148:36 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
+| SanitizingDoubleDash.go:152:24:152:30 | tainted | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:152:24:152:30 | tainted | This command depends on a $@. | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
index a01ffb68838..ea667480966 100644
--- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
+++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
@@ -1,8 +1,8 @@
 edges
-| StoredCommand.go:11:2:11:27 | ... := ...[0] : pointer type | StoredCommand.go:14:22:14:28 | cmdName |
+| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName |
 nodes
-| StoredCommand.go:11:2:11:27 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
 subpaths
 #select
-| StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] : pointer type | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |
+| StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |
diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
index a71e27e63ac..428f3e9edd3 100644
--- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -1,91 +1,87 @@
 edges
-| ReflectedXss.go:11:15:11:20 | selection of Form : Values | ReflectedXss.go:14:44:14:51 | username |
-| contenttype.go:11:11:11:16 | selection of Form : Values | contenttype.go:17:11:17:22 | type conversion |
-| contenttype.go:49:11:49:16 | selection of Form : Values | contenttype.go:53:34:53:37 | data |
-| contenttype.go:63:10:63:28 | call to FormValue : string | contenttype.go:64:52:64:55 | data |
-| contenttype.go:73:10:73:28 | call to FormValue : string | contenttype.go:79:11:79:14 | data |
-| contenttype.go:88:10:88:28 | call to FormValue : string | contenttype.go:91:4:91:7 | data |
-| contenttype.go:113:10:113:28 | call to FormValue : string | contenttype.go:114:50:114:53 | data |
-| reflectedxsstest.go:27:2:27:38 | ... := ...[0] : pointer type | reflectedxsstest.go:28:10:28:57 | type conversion |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[0] : File | reflectedxsstest.go:33:10:33:57 | type conversion |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[1] : pointer type | reflectedxsstest.go:34:10:34:62 | type conversion |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[1] : pointer type | reflectedxsstest.go:34:46:34:51 | implicit dereference : FileHeader |
-| reflectedxsstest.go:34:46:34:51 | implicit dereference : FileHeader | reflectedxsstest.go:34:10:34:62 | type conversion |
-| reflectedxsstest.go:34:46:34:51 | implicit dereference : FileHeader | reflectedxsstest.go:34:46:34:51 | implicit dereference : FileHeader |
-| reflectedxsstest.go:38:2:38:35 | ... := ...[0] : pointer type | reflectedxsstest.go:44:10:44:55 | type conversion |
-| reflectedxsstest.go:38:2:38:35 | ... := ...[0] : pointer type | reflectedxsstest.go:45:10:45:18 | byteSlice |
-| reflectedxsstest.go:51:14:51:18 | selection of URL : pointer type | reflectedxsstest.go:54:11:54:21 | type conversion |
-| tst.go:14:15:14:20 | selection of Form : Values | tst.go:18:12:18:39 | type conversion |
-| tst.go:48:14:48:19 | selection of Form : Values | tst.go:53:12:53:26 | type conversion |
-| websocketXss.go:30:7:30:10 | definition of xnet : slice type | websocketXss.go:32:24:32:27 | xnet |
-| websocketXss.go:34:3:34:7 | definition of xnet2 : slice type | websocketXss.go:36:24:36:28 | xnet2 |
-| websocketXss.go:40:3:40:40 | ... := ...[1] : slice type | websocketXss.go:41:24:41:29 | nhooyr |
-| websocketXss.go:46:7:46:16 | definition of gorillaMsg : slice type | websocketXss.go:48:24:48:33 | gorillaMsg |
-| websocketXss.go:50:3:50:10 | definition of gorilla2 : slice type | websocketXss.go:52:24:52:31 | gorilla2 |
-| websocketXss.go:54:3:54:38 | ... := ...[1] : slice type | websocketXss.go:55:24:55:31 | gorilla3 |
+| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:14:44:14:51 | username |
+| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:17:11:17:22 | type conversion |
+| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:53:34:53:37 | data |
+| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data |
+| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data |
+| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data |
+| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data |
+| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:10:28:57 | type conversion |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:33:10:33:57 | type conversion |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:10:34:62 | type conversion |
+| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:44:10:44:55 | type conversion |
+| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:45:10:45:18 | byteSlice |
+| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion |
+| tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion |
+| tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion |
+| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet |
+| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 |
+| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr |
+| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg |
+| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 |
+| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 |
 nodes
-| ReflectedXss.go:11:15:11:20 | selection of Form : Values | semmle.label | selection of Form : Values |
+| ReflectedXss.go:11:15:11:20 | selection of Form | semmle.label | selection of Form |
 | ReflectedXss.go:14:44:14:51 | username | semmle.label | username |
-| contenttype.go:11:11:11:16 | selection of Form : Values | semmle.label | selection of Form : Values |
+| contenttype.go:11:11:11:16 | selection of Form | semmle.label | selection of Form |
 | contenttype.go:17:11:17:22 | type conversion | semmle.label | type conversion |
-| contenttype.go:49:11:49:16 | selection of Form : Values | semmle.label | selection of Form : Values |
+| contenttype.go:49:11:49:16 | selection of Form | semmle.label | selection of Form |
 | contenttype.go:53:34:53:37 | data | semmle.label | data |
-| contenttype.go:63:10:63:28 | call to FormValue : string | semmle.label | call to FormValue : string |
+| contenttype.go:63:10:63:28 | call to FormValue | semmle.label | call to FormValue |
 | contenttype.go:64:52:64:55 | data | semmle.label | data |
-| contenttype.go:73:10:73:28 | call to FormValue : string | semmle.label | call to FormValue : string |
+| contenttype.go:73:10:73:28 | call to FormValue | semmle.label | call to FormValue |
 | contenttype.go:79:11:79:14 | data | semmle.label | data |
-| contenttype.go:88:10:88:28 | call to FormValue : string | semmle.label | call to FormValue : string |
+| contenttype.go:88:10:88:28 | call to FormValue | semmle.label | call to FormValue |
 | contenttype.go:91:4:91:7 | data | semmle.label | data |
-| contenttype.go:113:10:113:28 | call to FormValue : string | semmle.label | call to FormValue : string |
+| contenttype.go:113:10:113:28 | call to FormValue | semmle.label | call to FormValue |
 | contenttype.go:114:50:114:53 | data | semmle.label | data |
-| reflectedxsstest.go:27:2:27:38 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:28:10:28:57 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[0] : File | semmle.label | ... := ...[0] : File |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] |
 | reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion |
 | reflectedxsstest.go:34:10:34:62 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:34:46:34:51 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
-| reflectedxsstest.go:38:2:38:35 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion |
 | reflectedxsstest.go:45:10:45:18 | byteSlice | semmle.label | byteSlice |
-| reflectedxsstest.go:51:14:51:18 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| reflectedxsstest.go:51:14:51:18 | selection of URL | semmle.label | selection of URL |
 | reflectedxsstest.go:54:11:54:21 | type conversion | semmle.label | type conversion |
-| tst.go:14:15:14:20 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:14:15:14:20 | selection of Form | semmle.label | selection of Form |
 | tst.go:18:12:18:39 | type conversion | semmle.label | type conversion |
-| tst.go:48:14:48:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
-| websocketXss.go:30:7:30:10 | definition of xnet : slice type | semmle.label | definition of xnet : slice type |
+| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
 | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
-| websocketXss.go:34:3:34:7 | definition of xnet2 : slice type | semmle.label | definition of xnet2 : slice type |
+| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 |
 | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
-| websocketXss.go:40:3:40:40 | ... := ...[1] : slice type | semmle.label | ... := ...[1] : slice type |
+| websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] |
 | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
-| websocketXss.go:46:7:46:16 | definition of gorillaMsg : slice type | semmle.label | definition of gorillaMsg : slice type |
+| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg |
 | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
-| websocketXss.go:50:3:50:10 | definition of gorilla2 : slice type | semmle.label | definition of gorilla2 : slice type |
+| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 |
 | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
-| websocketXss.go:54:3:54:38 | ... := ...[1] : slice type | semmle.label | ... := ...[1] : slice type |
+| websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
 | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
 subpaths
 #select
-| ReflectedXss.go:14:44:14:51 | username | ReflectedXss.go:11:15:11:20 | selection of Form : Values | ReflectedXss.go:14:44:14:51 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value | ReflectedXss.go:0:0:0:0 | ReflectedXss.go |  |
-| contenttype.go:17:11:17:22 | type conversion | contenttype.go:11:11:11:16 | selection of Form : Values | contenttype.go:17:11:17:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:11:11:11:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| contenttype.go:53:34:53:37 | data | contenttype.go:49:11:49:16 | selection of Form : Values | contenttype.go:53:34:53:37 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:49:11:49:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| contenttype.go:64:52:64:55 | data | contenttype.go:63:10:63:28 | call to FormValue : string | contenttype.go:64:52:64:55 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:63:10:63:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| contenttype.go:79:11:79:14 | data | contenttype.go:73:10:73:28 | call to FormValue : string | contenttype.go:79:11:79:14 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:73:10:73:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| contenttype.go:91:4:91:7 | data | contenttype.go:88:10:88:28 | call to FormValue : string | contenttype.go:91:4:91:7 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:88:10:88:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| contenttype.go:114:50:114:53 | data | contenttype.go:113:10:113:28 | call to FormValue : string | contenttype.go:114:50:114:53 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:113:10:113:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
-| reflectedxsstest.go:28:10:28:57 | type conversion | reflectedxsstest.go:27:2:27:38 | ... := ...[0] : pointer type | reflectedxsstest.go:28:10:28:57 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:27:2:27:38 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| reflectedxsstest.go:33:10:33:57 | type conversion | reflectedxsstest.go:31:2:31:44 | ... := ...[0] : File | reflectedxsstest.go:33:10:33:57 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| reflectedxsstest.go:34:10:34:62 | type conversion | reflectedxsstest.go:31:2:31:44 | ... := ...[1] : pointer type | reflectedxsstest.go:34:10:34:62 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| reflectedxsstest.go:44:10:44:55 | type conversion | reflectedxsstest.go:38:2:38:35 | ... := ...[0] : pointer type | reflectedxsstest.go:44:10:44:55 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| reflectedxsstest.go:45:10:45:18 | byteSlice | reflectedxsstest.go:38:2:38:35 | ... := ...[0] : pointer type | reflectedxsstest.go:45:10:45:18 | byteSlice | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL : pointer type | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
-| tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form : Values | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
-| tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form : Values | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
-| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet : slice type | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 : slice type | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] : slice type | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg : slice type | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 : slice type | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] : slice type | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| ReflectedXss.go:14:44:14:51 | username | ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:14:44:14:51 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value | ReflectedXss.go:0:0:0:0 | ReflectedXss.go |  |
+| contenttype.go:17:11:17:22 | type conversion | contenttype.go:11:11:11:16 | selection of Form | contenttype.go:17:11:17:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:11:11:11:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| contenttype.go:53:34:53:37 | data | contenttype.go:49:11:49:16 | selection of Form | contenttype.go:53:34:53:37 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:49:11:49:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| contenttype.go:64:52:64:55 | data | contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:63:10:63:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| contenttype.go:79:11:79:14 | data | contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:73:10:73:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| contenttype.go:91:4:91:7 | data | contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:88:10:88:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| contenttype.go:114:50:114:53 | data | contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | Cross-site scripting vulnerability due to $@. | contenttype.go:113:10:113:28 | call to FormValue | user-provided value | contenttype.go:0:0:0:0 | contenttype.go |  |
+| reflectedxsstest.go:28:10:28:57 | type conversion | reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:10:28:57 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:27:2:27:38 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| reflectedxsstest.go:33:10:33:57 | type conversion | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:33:10:33:57 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| reflectedxsstest.go:34:10:34:62 | type conversion | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:10:34:62 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| reflectedxsstest.go:44:10:44:55 | type conversion | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:44:10:44:55 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| reflectedxsstest.go:45:10:45:18 | byteSlice | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:45:10:45:18 | byteSlice | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
+| tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
+| tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
+| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected
index b93e7c74201..1e513a5d4a9 100644
--- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected
+++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected
@@ -1,16 +1,16 @@
 edges
-| StoredXss.go:13:21:13:31 | call to Name : string | StoredXss.go:13:21:13:36 | ...+... |
-| stored.go:18:3:18:28 | ... := ...[0] : pointer type | stored.go:30:22:30:25 | name |
-| stored.go:59:30:59:33 | definition of path : string | stored.go:61:22:61:25 | path |
+| StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... |
+| stored.go:18:3:18:28 | ... := ...[0] | stored.go:30:22:30:25 | name |
+| stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path |
 nodes
-| StoredXss.go:13:21:13:31 | call to Name : string | semmle.label | call to Name : string |
+| StoredXss.go:13:21:13:31 | call to Name | semmle.label | call to Name |
 | StoredXss.go:13:21:13:36 | ...+... | semmle.label | ...+... |
-| stored.go:18:3:18:28 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
+| stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] |
 | stored.go:30:22:30:25 | name | semmle.label | name |
-| stored.go:59:30:59:33 | definition of path : string | semmle.label | definition of path : string |
+| stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |
 | stored.go:61:22:61:25 | path | semmle.label | path |
 subpaths
 #select
-| StoredXss.go:13:21:13:36 | ...+... | StoredXss.go:13:21:13:31 | call to Name : string | StoredXss.go:13:21:13:36 | ...+... | Stored cross-site scripting vulnerability due to $@. | StoredXss.go:13:21:13:31 | call to Name | stored value |
-| stored.go:30:22:30:25 | name | stored.go:18:3:18:28 | ... := ...[0] : pointer type | stored.go:30:22:30:25 | name | Stored cross-site scripting vulnerability due to $@. | stored.go:18:3:18:28 | ... := ...[0] | stored value |
-| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path : string | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value |
+| StoredXss.go:13:21:13:36 | ...+... | StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | Stored cross-site scripting vulnerability due to $@. | StoredXss.go:13:21:13:31 | call to Name | stored value |
+| stored.go:30:22:30:25 | name | stored.go:18:3:18:28 | ... := ...[0] | stored.go:30:22:30:25 | name | Stored cross-site scripting vulnerability due to $@. | stored.go:18:3:18:28 | ... := ...[0] | stored value |
+| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value |
diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 521824433a2..7f9f8a8f19f 100644
--- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -1,112 +1,112 @@
 edges
-| SqlInjection.go:11:3:11:9 | selection of URL : pointer type | SqlInjection.go:12:11:12:11 | q |
-| issue48.go:17:25:17:32 | selection of Body : ReadCloser | issue48.go:22:11:22:12 | q3 |
-| issue48.go:27:26:27:33 | selection of Body : ReadCloser | issue48.go:32:11:32:12 | q4 |
-| issue48.go:37:17:37:50 | type conversion : string | issue48.go:41:11:41:12 | q5 |
-| issue48.go:37:24:37:30 | selection of URL : pointer type | issue48.go:37:17:37:50 | type conversion : string |
-| main.go:10:11:10:16 | selection of Form : Values | main.go:10:11:10:28 | index expression |
-| main.go:14:63:14:67 | selection of URL : pointer type | main.go:14:11:14:84 | call to Sprintf |
-| main.go:15:63:15:70 | selection of Header : Header | main.go:15:11:15:85 | call to Sprintf |
-| main.go:27:17:30:2 | &... [pointer, Category] : slice type | main.go:33:3:33:13 | RequestData [pointer, Category] : slice type |
-| main.go:27:18:30:2 | struct literal [Category] : slice type | main.go:27:17:30:2 | &... [pointer, Category] : slice type |
-| main.go:29:13:29:19 | selection of URL : pointer type | main.go:29:13:29:39 | index expression : slice type |
-| main.go:29:13:29:39 | index expression : slice type | main.go:27:18:30:2 | struct literal [Category] : slice type |
-| main.go:33:3:33:13 | RequestData [pointer, Category] : slice type | main.go:33:3:33:13 | implicit dereference [Category] : slice type |
-| main.go:33:3:33:13 | implicit dereference [Category] : slice type | main.go:33:3:33:22 | selection of Category : slice type |
-| main.go:33:3:33:22 | selection of Category : slice type | main.go:34:11:34:11 | q |
-| main.go:38:2:38:12 | definition of RequestData [pointer, Category] : slice type | main.go:39:2:39:12 | RequestData [pointer, Category] : slice type |
-| main.go:38:2:38:12 | definition of RequestData [pointer, Category] : slice type | main.go:42:3:42:13 | RequestData [pointer, Category] : slice type |
-| main.go:39:2:39:12 | RequestData [pointer, Category] : slice type | main.go:39:2:39:12 | implicit dereference [Category] : slice type |
-| main.go:39:2:39:12 | implicit dereference [Category] : slice type | main.go:38:2:38:12 | definition of RequestData [pointer, Category] : slice type |
-| main.go:39:25:39:31 | selection of URL : pointer type | main.go:39:25:39:51 | index expression : slice type |
-| main.go:39:25:39:51 | index expression : slice type | main.go:39:2:39:12 | implicit dereference [Category] : slice type |
-| main.go:42:3:42:13 | RequestData [pointer, Category] : slice type | main.go:42:3:42:13 | implicit dereference [Category] : slice type |
-| main.go:42:3:42:13 | implicit dereference [Category] : slice type | main.go:42:3:42:22 | selection of Category : slice type |
-| main.go:42:3:42:22 | selection of Category : slice type | main.go:43:11:43:11 | q |
-| main.go:47:2:47:12 | definition of RequestData [pointer, Category] : slice type | main.go:48:4:48:14 | RequestData [pointer, Category] : slice type |
-| main.go:47:2:47:12 | definition of RequestData [pointer, Category] : slice type | main.go:51:3:51:13 | RequestData [pointer, Category] : slice type |
-| main.go:48:3:48:14 | star expression [Category] : slice type | main.go:47:2:47:12 | definition of RequestData [pointer, Category] : slice type |
-| main.go:48:4:48:14 | RequestData [pointer, Category] : slice type | main.go:48:3:48:14 | star expression [Category] : slice type |
-| main.go:48:28:48:34 | selection of URL : pointer type | main.go:48:28:48:54 | index expression : slice type |
-| main.go:48:28:48:54 | index expression : slice type | main.go:48:3:48:14 | star expression [Category] : slice type |
-| main.go:51:3:51:13 | RequestData [pointer, Category] : slice type | main.go:51:3:51:13 | implicit dereference [Category] : slice type |
-| main.go:51:3:51:13 | implicit dereference [Category] : slice type | main.go:51:3:51:22 | selection of Category : slice type |
-| main.go:51:3:51:22 | selection of Category : slice type | main.go:52:11:52:11 | q |
-| main.go:56:2:56:12 | definition of RequestData [pointer, Category] : slice type | main.go:57:4:57:14 | RequestData [pointer, Category] : slice type |
-| main.go:56:2:56:12 | definition of RequestData [pointer, Category] : slice type | main.go:60:5:60:15 | RequestData [pointer, Category] : slice type |
-| main.go:57:3:57:14 | star expression [Category] : slice type | main.go:56:2:56:12 | definition of RequestData [pointer, Category] : slice type |
-| main.go:57:4:57:14 | RequestData [pointer, Category] : slice type | main.go:57:3:57:14 | star expression [Category] : slice type |
-| main.go:57:28:57:34 | selection of URL : pointer type | main.go:57:28:57:54 | index expression : slice type |
-| main.go:57:28:57:54 | index expression : slice type | main.go:57:3:57:14 | star expression [Category] : slice type |
-| main.go:60:3:60:25 | selection of Category : slice type | main.go:61:11:61:11 | q |
-| main.go:60:4:60:15 | star expression [Category] : slice type | main.go:60:3:60:25 | selection of Category : slice type |
-| main.go:60:5:60:15 | RequestData [pointer, Category] : slice type | main.go:60:4:60:15 | star expression [Category] : slice type |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:57:22:57:29 | pipeline |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:61:27:61:32 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:63:23:63:28 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:64:22:64:27 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:66:32:66:37 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:69:17:69:22 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:70:20:70:25 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:71:29:71:34 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:72:30:72:35 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:73:29:73:34 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:78:23:78:28 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:79:23:79:28 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:80:22:80:27 | filter |
-| mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:81:18:81:25 | pipeline |
+| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:12:11:12:11 | q |
+| issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 |
+| issue48.go:27:26:27:33 | selection of Body | issue48.go:32:11:32:12 | q4 |
+| issue48.go:37:17:37:50 | type conversion | issue48.go:41:11:41:12 | q5 |
+| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:17:37:50 | type conversion |
+| main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression |
+| main.go:14:63:14:67 | selection of URL | main.go:14:11:14:84 | call to Sprintf |
+| main.go:15:63:15:70 | selection of Header | main.go:15:11:15:85 | call to Sprintf |
+| main.go:27:17:30:2 | &... [pointer, Category] | main.go:33:3:33:13 | RequestData [pointer, Category] |
+| main.go:27:18:30:2 | struct literal [Category] | main.go:27:17:30:2 | &... [pointer, Category] |
+| main.go:29:13:29:19 | selection of URL | main.go:29:13:29:39 | index expression |
+| main.go:29:13:29:39 | index expression | main.go:27:18:30:2 | struct literal [Category] |
+| main.go:33:3:33:13 | RequestData [pointer, Category] | main.go:33:3:33:13 | implicit dereference [Category] |
+| main.go:33:3:33:13 | implicit dereference [Category] | main.go:33:3:33:22 | selection of Category |
+| main.go:33:3:33:22 | selection of Category | main.go:34:11:34:11 | q |
+| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:39:2:39:12 | RequestData [pointer, Category] |
+| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:42:3:42:13 | RequestData [pointer, Category] |
+| main.go:39:2:39:12 | RequestData [pointer, Category] | main.go:39:2:39:12 | implicit dereference [Category] |
+| main.go:39:2:39:12 | implicit dereference [Category] | main.go:38:2:38:12 | definition of RequestData [pointer, Category] |
+| main.go:39:25:39:31 | selection of URL | main.go:39:25:39:51 | index expression |
+| main.go:39:25:39:51 | index expression | main.go:39:2:39:12 | implicit dereference [Category] |
+| main.go:42:3:42:13 | RequestData [pointer, Category] | main.go:42:3:42:13 | implicit dereference [Category] |
+| main.go:42:3:42:13 | implicit dereference [Category] | main.go:42:3:42:22 | selection of Category |
+| main.go:42:3:42:22 | selection of Category | main.go:43:11:43:11 | q |
+| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:48:4:48:14 | RequestData [pointer, Category] |
+| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:51:3:51:13 | RequestData [pointer, Category] |
+| main.go:48:3:48:14 | star expression [Category] | main.go:47:2:47:12 | definition of RequestData [pointer, Category] |
+| main.go:48:4:48:14 | RequestData [pointer, Category] | main.go:48:3:48:14 | star expression [Category] |
+| main.go:48:28:48:34 | selection of URL | main.go:48:28:48:54 | index expression |
+| main.go:48:28:48:54 | index expression | main.go:48:3:48:14 | star expression [Category] |
+| main.go:51:3:51:13 | RequestData [pointer, Category] | main.go:51:3:51:13 | implicit dereference [Category] |
+| main.go:51:3:51:13 | implicit dereference [Category] | main.go:51:3:51:22 | selection of Category |
+| main.go:51:3:51:22 | selection of Category | main.go:52:11:52:11 | q |
+| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:57:4:57:14 | RequestData [pointer, Category] |
+| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:60:5:60:15 | RequestData [pointer, Category] |
+| main.go:57:3:57:14 | star expression [Category] | main.go:56:2:56:12 | definition of RequestData [pointer, Category] |
+| main.go:57:4:57:14 | RequestData [pointer, Category] | main.go:57:3:57:14 | star expression [Category] |
+| main.go:57:28:57:34 | selection of URL | main.go:57:28:57:54 | index expression |
+| main.go:57:28:57:54 | index expression | main.go:57:3:57:14 | star expression [Category] |
+| main.go:60:3:60:25 | selection of Category | main.go:61:11:61:11 | q |
+| main.go:60:4:60:15 | star expression [Category] | main.go:60:3:60:25 | selection of Category |
+| main.go:60:5:60:15 | RequestData [pointer, Category] | main.go:60:4:60:15 | star expression [Category] |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:61:27:61:32 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:63:23:63:28 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:64:22:64:27 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:66:32:66:37 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:69:17:69:22 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:70:20:70:25 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:71:29:71:34 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:72:30:72:35 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:73:29:73:34 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:78:23:78:28 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:79:23:79:28 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:80:22:80:27 | filter |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline |
 nodes
-| SqlInjection.go:11:3:11:9 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| SqlInjection.go:11:3:11:9 | selection of URL | semmle.label | selection of URL |
 | SqlInjection.go:12:11:12:11 | q | semmle.label | q |
-| issue48.go:17:25:17:32 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body |
 | issue48.go:22:11:22:12 | q3 | semmle.label | q3 |
-| issue48.go:27:26:27:33 | selection of Body : ReadCloser | semmle.label | selection of Body : ReadCloser |
+| issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body |
 | issue48.go:32:11:32:12 | q4 | semmle.label | q4 |
-| issue48.go:37:17:37:50 | type conversion : string | semmle.label | type conversion : string |
-| issue48.go:37:24:37:30 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| issue48.go:37:17:37:50 | type conversion | semmle.label | type conversion |
+| issue48.go:37:24:37:30 | selection of URL | semmle.label | selection of URL |
 | issue48.go:41:11:41:12 | q5 | semmle.label | q5 |
-| main.go:10:11:10:16 | selection of Form : Values | semmle.label | selection of Form : Values |
+| main.go:10:11:10:16 | selection of Form | semmle.label | selection of Form |
 | main.go:10:11:10:28 | index expression | semmle.label | index expression |
 | main.go:14:11:14:84 | call to Sprintf | semmle.label | call to Sprintf |
-| main.go:14:63:14:67 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| main.go:14:63:14:67 | selection of URL | semmle.label | selection of URL |
 | main.go:15:11:15:85 | call to Sprintf | semmle.label | call to Sprintf |
-| main.go:15:63:15:70 | selection of Header : Header | semmle.label | selection of Header : Header |
-| main.go:27:17:30:2 | &... [pointer, Category] : slice type | semmle.label | &... [pointer, Category] : slice type |
-| main.go:27:18:30:2 | struct literal [Category] : slice type | semmle.label | struct literal [Category] : slice type |
-| main.go:29:13:29:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| main.go:29:13:29:39 | index expression : slice type | semmle.label | index expression : slice type |
-| main.go:33:3:33:13 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:33:3:33:13 | implicit dereference [Category] : slice type | semmle.label | implicit dereference [Category] : slice type |
-| main.go:33:3:33:22 | selection of Category : slice type | semmle.label | selection of Category : slice type |
+| main.go:15:63:15:70 | selection of Header | semmle.label | selection of Header |
+| main.go:27:17:30:2 | &... [pointer, Category] | semmle.label | &... [pointer, Category] |
+| main.go:27:18:30:2 | struct literal [Category] | semmle.label | struct literal [Category] |
+| main.go:29:13:29:19 | selection of URL | semmle.label | selection of URL |
+| main.go:29:13:29:39 | index expression | semmle.label | index expression |
+| main.go:33:3:33:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:33:3:33:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
+| main.go:33:3:33:22 | selection of Category | semmle.label | selection of Category |
 | main.go:34:11:34:11 | q | semmle.label | q |
-| main.go:38:2:38:12 | definition of RequestData [pointer, Category] : slice type | semmle.label | definition of RequestData [pointer, Category] : slice type |
-| main.go:39:2:39:12 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:39:2:39:12 | implicit dereference [Category] : slice type | semmle.label | implicit dereference [Category] : slice type |
-| main.go:39:25:39:31 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| main.go:39:25:39:51 | index expression : slice type | semmle.label | index expression : slice type |
-| main.go:42:3:42:13 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:42:3:42:13 | implicit dereference [Category] : slice type | semmle.label | implicit dereference [Category] : slice type |
-| main.go:42:3:42:22 | selection of Category : slice type | semmle.label | selection of Category : slice type |
+| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
+| main.go:39:2:39:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:39:2:39:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
+| main.go:39:25:39:31 | selection of URL | semmle.label | selection of URL |
+| main.go:39:25:39:51 | index expression | semmle.label | index expression |
+| main.go:42:3:42:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:42:3:42:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
+| main.go:42:3:42:22 | selection of Category | semmle.label | selection of Category |
 | main.go:43:11:43:11 | q | semmle.label | q |
-| main.go:47:2:47:12 | definition of RequestData [pointer, Category] : slice type | semmle.label | definition of RequestData [pointer, Category] : slice type |
-| main.go:48:3:48:14 | star expression [Category] : slice type | semmle.label | star expression [Category] : slice type |
-| main.go:48:4:48:14 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:48:28:48:34 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| main.go:48:28:48:54 | index expression : slice type | semmle.label | index expression : slice type |
-| main.go:51:3:51:13 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:51:3:51:13 | implicit dereference [Category] : slice type | semmle.label | implicit dereference [Category] : slice type |
-| main.go:51:3:51:22 | selection of Category : slice type | semmle.label | selection of Category : slice type |
+| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
+| main.go:48:3:48:14 | star expression [Category] | semmle.label | star expression [Category] |
+| main.go:48:4:48:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:48:28:48:34 | selection of URL | semmle.label | selection of URL |
+| main.go:48:28:48:54 | index expression | semmle.label | index expression |
+| main.go:51:3:51:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:51:3:51:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
+| main.go:51:3:51:22 | selection of Category | semmle.label | selection of Category |
 | main.go:52:11:52:11 | q | semmle.label | q |
-| main.go:56:2:56:12 | definition of RequestData [pointer, Category] : slice type | semmle.label | definition of RequestData [pointer, Category] : slice type |
-| main.go:57:3:57:14 | star expression [Category] : slice type | semmle.label | star expression [Category] : slice type |
-| main.go:57:4:57:14 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
-| main.go:57:28:57:34 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| main.go:57:28:57:54 | index expression : slice type | semmle.label | index expression : slice type |
-| main.go:60:3:60:25 | selection of Category : slice type | semmle.label | selection of Category : slice type |
-| main.go:60:4:60:15 | star expression [Category] : slice type | semmle.label | star expression [Category] : slice type |
-| main.go:60:5:60:15 | RequestData [pointer, Category] : slice type | semmle.label | RequestData [pointer, Category] : slice type |
+| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] |
+| main.go:57:3:57:14 | star expression [Category] | semmle.label | star expression [Category] |
+| main.go:57:4:57:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:57:28:57:34 | selection of URL | semmle.label | selection of URL |
+| main.go:57:28:57:54 | index expression | semmle.label | index expression |
+| main.go:60:3:60:25 | selection of Category | semmle.label | selection of Category |
+| main.go:60:4:60:15 | star expression [Category] | semmle.label | star expression [Category] |
+| main.go:60:5:60:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
 | main.go:61:11:61:11 | q | semmle.label | q |
-| mongoDB.go:40:20:40:30 | call to Referer : string | semmle.label | call to Referer : string |
+| mongoDB.go:40:20:40:30 | call to Referer | semmle.label | call to Referer |
 | mongoDB.go:57:22:57:29 | pipeline | semmle.label | pipeline |
 | mongoDB.go:61:27:61:32 | filter | semmle.label | filter |
 | mongoDB.go:63:23:63:28 | filter | semmle.label | filter |
@@ -123,28 +123,28 @@ nodes
 | mongoDB.go:81:18:81:25 | pipeline | semmle.label | pipeline |
 subpaths
 #select
-| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL : pointer type | SqlInjection.go:12:11:12:11 | q | This query depends on a $@. | SqlInjection.go:11:3:11:9 | selection of URL | user-provided value |
-| issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body : ReadCloser | issue48.go:22:11:22:12 | q3 | This query depends on a $@. | issue48.go:17:25:17:32 | selection of Body | user-provided value |
-| issue48.go:32:11:32:12 | q4 | issue48.go:27:26:27:33 | selection of Body : ReadCloser | issue48.go:32:11:32:12 | q4 | This query depends on a $@. | issue48.go:27:26:27:33 | selection of Body | user-provided value |
-| issue48.go:41:11:41:12 | q5 | issue48.go:37:24:37:30 | selection of URL : pointer type | issue48.go:41:11:41:12 | q5 | This query depends on a $@. | issue48.go:37:24:37:30 | selection of URL | user-provided value |
-| main.go:10:11:10:28 | index expression | main.go:10:11:10:16 | selection of Form : Values | main.go:10:11:10:28 | index expression | This query depends on a $@. | main.go:10:11:10:16 | selection of Form | user-provided value |
-| main.go:14:11:14:84 | call to Sprintf | main.go:14:63:14:67 | selection of URL : pointer type | main.go:14:11:14:84 | call to Sprintf | This query depends on a $@. | main.go:14:63:14:67 | selection of URL | user-provided value |
-| main.go:15:11:15:85 | call to Sprintf | main.go:15:63:15:70 | selection of Header : Header | main.go:15:11:15:85 | call to Sprintf | This query depends on a $@. | main.go:15:63:15:70 | selection of Header | user-provided value |
-| main.go:34:11:34:11 | q | main.go:29:13:29:19 | selection of URL : pointer type | main.go:34:11:34:11 | q | This query depends on a $@. | main.go:29:13:29:19 | selection of URL | user-provided value |
-| main.go:43:11:43:11 | q | main.go:39:25:39:31 | selection of URL : pointer type | main.go:43:11:43:11 | q | This query depends on a $@. | main.go:39:25:39:31 | selection of URL | user-provided value |
-| main.go:52:11:52:11 | q | main.go:48:28:48:34 | selection of URL : pointer type | main.go:52:11:52:11 | q | This query depends on a $@. | main.go:48:28:48:34 | selection of URL | user-provided value |
-| main.go:61:11:61:11 | q | main.go:57:28:57:34 | selection of URL : pointer type | main.go:61:11:61:11 | q | This query depends on a $@. | main.go:57:28:57:34 | selection of URL | user-provided value |
-| mongoDB.go:57:22:57:29 | pipeline | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:57:22:57:29 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:61:27:61:32 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:61:27:61:32 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:63:23:63:28 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:63:23:63:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:64:22:64:27 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:64:22:64:27 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:66:32:66:37 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:66:32:66:37 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:69:17:69:22 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:69:17:69:22 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:70:20:70:25 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:70:20:70:25 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:71:29:71:34 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:71:29:71:34 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:72:30:72:35 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:72:30:72:35 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:73:29:73:34 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:73:29:73:34 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:78:23:78:28 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:78:23:78:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:79:23:79:28 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:79:23:79:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:80:22:80:27 | filter | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:80:22:80:27 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
-| mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer : string | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:12:11:12:11 | q | This query depends on a $@. | SqlInjection.go:11:3:11:9 | selection of URL | user-provided value |
+| issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 | This query depends on a $@. | issue48.go:17:25:17:32 | selection of Body | user-provided value |
+| issue48.go:32:11:32:12 | q4 | issue48.go:27:26:27:33 | selection of Body | issue48.go:32:11:32:12 | q4 | This query depends on a $@. | issue48.go:27:26:27:33 | selection of Body | user-provided value |
+| issue48.go:41:11:41:12 | q5 | issue48.go:37:24:37:30 | selection of URL | issue48.go:41:11:41:12 | q5 | This query depends on a $@. | issue48.go:37:24:37:30 | selection of URL | user-provided value |
+| main.go:10:11:10:28 | index expression | main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression | This query depends on a $@. | main.go:10:11:10:16 | selection of Form | user-provided value |
+| main.go:14:11:14:84 | call to Sprintf | main.go:14:63:14:67 | selection of URL | main.go:14:11:14:84 | call to Sprintf | This query depends on a $@. | main.go:14:63:14:67 | selection of URL | user-provided value |
+| main.go:15:11:15:85 | call to Sprintf | main.go:15:63:15:70 | selection of Header | main.go:15:11:15:85 | call to Sprintf | This query depends on a $@. | main.go:15:63:15:70 | selection of Header | user-provided value |
+| main.go:34:11:34:11 | q | main.go:29:13:29:19 | selection of URL | main.go:34:11:34:11 | q | This query depends on a $@. | main.go:29:13:29:19 | selection of URL | user-provided value |
+| main.go:43:11:43:11 | q | main.go:39:25:39:31 | selection of URL | main.go:43:11:43:11 | q | This query depends on a $@. | main.go:39:25:39:31 | selection of URL | user-provided value |
+| main.go:52:11:52:11 | q | main.go:48:28:48:34 | selection of URL | main.go:52:11:52:11 | q | This query depends on a $@. | main.go:48:28:48:34 | selection of URL | user-provided value |
+| main.go:61:11:61:11 | q | main.go:57:28:57:34 | selection of URL | main.go:61:11:61:11 | q | This query depends on a $@. | main.go:57:28:57:34 | selection of URL | user-provided value |
+| mongoDB.go:57:22:57:29 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:61:27:61:32 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:61:27:61:32 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:63:23:63:28 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:63:23:63:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:64:22:64:27 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:64:22:64:27 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:66:32:66:37 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:66:32:66:37 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:69:17:69:22 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:69:17:69:22 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:70:20:70:25 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:70:20:70:25 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:71:29:71:34 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:71:29:71:34 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:72:30:72:35 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:72:30:72:35 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:73:29:73:34 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:73:29:73:34 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:78:23:78:28 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:78:23:78:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:79:23:79:28 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:79:23:79:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:80:22:80:27 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:80:22:80:27 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
+| mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
index cf3f362ead9..52c76ed52ce 100644
--- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
@@ -1,20 +1,20 @@
 edges
-| StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | StringBreak.go:14:47:14:57 | versionJSON |
-| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] : slice type | StringBreakMismatched.go:13:29:13:47 | type conversion : slice type |
-| StringBreakMismatched.go:13:29:13:47 | type conversion : slice type | StringBreakMismatched.go:17:26:17:32 | escaped |
-| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] : slice type | StringBreakMismatched.go:25:29:25:47 | type conversion : slice type |
-| StringBreakMismatched.go:25:29:25:47 | type conversion : slice type | StringBreakMismatched.go:29:27:29:33 | escaped |
+| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON |
+| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion |
+| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:17:26:17:32 | escaped |
+| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion |
+| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:29:27:29:33 | escaped |
 nodes
-| StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
-| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
-| StringBreakMismatched.go:13:29:13:47 | type conversion : slice type | semmle.label | type conversion : slice type |
+| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | semmle.label | ... := ...[0] |
+| StringBreakMismatched.go:13:29:13:47 | type conversion | semmle.label | type conversion |
 | StringBreakMismatched.go:17:26:17:32 | escaped | semmle.label | escaped |
-| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
-| StringBreakMismatched.go:25:29:25:47 | type conversion : slice type | semmle.label | type conversion : slice type |
+| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | semmle.label | ... := ...[0] |
+| StringBreakMismatched.go:25:29:25:47 | type conversion | semmle.label | type conversion |
 | StringBreakMismatched.go:29:27:29:33 | escaped | semmle.label | escaped |
 subpaths
 #select
-| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |
-| StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] : slice type | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value |
-| StringBreakMismatched.go:29:27:29:33 | escaped | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] : slice type | StringBreakMismatched.go:29:27:29:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | JSON value |
+| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |
+| StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value |
+| StringBreakMismatched.go:29:27:29:33 | escaped | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:29:27:29:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | JSON value |
diff --git a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
index 474cc5aa42c..4dd0a7d7cf4 100644
--- a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
+++ b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
@@ -1,42 +1,42 @@
 edges
-| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | AllocationSizeOverflow.go:10:10:10:22 | call to len |
-| tst2.go:9:2:9:37 | ... := ...[0] : slice type | tst2.go:10:22:10:30 | call to len |
-| tst2.go:14:2:14:29 | ... := ...[0] : slice type | tst2.go:15:22:15:30 | call to len |
-| tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:7:22:7:34 | call to len |
-| tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:24:16:24:28 | call to len |
-| tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:32:16:32:28 | call to len |
-| tst.go:14:2:14:30 | ... = ...[0] : slice type | tst.go:15:22:15:34 | call to len |
-| tst.go:20:2:20:31 | ... = ...[0] : slice type | tst.go:21:22:21:34 | call to len |
-| tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:26:27:38 | call to len |
-| tst.go:34:2:34:30 | ... = ...[0] : slice type | tst.go:35:22:35:34 | call to len |
+| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:10:10:22 | call to len |
+| tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:22:10:30 | call to len |
+| tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:22:15:30 | call to len |
+| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:22:7:34 | call to len |
+| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:16:24:28 | call to len |
+| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:16:32:28 | call to len |
+| tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:22:15:34 | call to len |
+| tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:22:21:34 | call to len |
+| tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:26:27:38 | call to len |
+| tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:22:35:34 | call to len |
 nodes
-| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |
-| tst2.go:9:2:9:37 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| tst2.go:9:2:9:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst2.go:10:22:10:30 | call to len | semmle.label | call to len |
-| tst2.go:14:2:14:29 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| tst2.go:14:2:14:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst2.go:15:22:15:30 | call to len | semmle.label | call to len |
-| tst3.go:6:2:6:31 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
+| tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst3.go:7:22:7:34 | call to len | semmle.label | call to len |
 | tst3.go:24:16:24:28 | call to len | semmle.label | call to len |
 | tst3.go:32:16:32:28 | call to len | semmle.label | call to len |
-| tst.go:14:2:14:30 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
+| tst.go:14:2:14:30 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:15:22:15:34 | call to len | semmle.label | call to len |
-| tst.go:20:2:20:31 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
+| tst.go:20:2:20:31 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:21:22:21:34 | call to len | semmle.label | call to len |
-| tst.go:26:2:26:31 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
+| tst.go:26:2:26:31 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:27:26:27:38 | call to len | semmle.label | call to len |
-| tst.go:34:2:34:30 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
+| tst.go:34:2:34:30 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:35:22:35:34 | call to len | semmle.label | call to len |
 subpaths
 #select
-| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | potentially large value |
-| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] : slice type | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] : slice type | potentially large value |
-| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] : slice type | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] : slice type | potentially large value |
-| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | ... := ...[0] : slice type | potentially large value |
-| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] : slice type | potentially large value |
-| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] : slice type | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] : slice type | potentially large value |
-| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] : slice type | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] : slice type | potentially large value |
-| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] : slice type | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] : slice type | potentially large value |
-| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] : slice type | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] : slice type | potentially large value |
-| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] : slice type | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] : slice type | potentially large value |
+| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | potentially large value |
+| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] | potentially large value |
+| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] | potentially large value |
+| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] | potentially large value |
+| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] | potentially large value |
+| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] | potentially large value |
+| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] | potentially large value |
diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
index ff8c7a9f72f..99042f7a497 100644
--- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
+++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
@@ -1,8 +1,8 @@
 edges
-| test.go:14:2:14:4 | definition of buf : slice type | test.go:17:10:17:12 | buf |
+| test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf |
 nodes
-| test.go:14:2:14:4 | definition of buf : slice type | semmle.label | definition of buf : slice type |
+| test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf |
 | test.go:17:10:17:12 | buf | semmle.label | buf |
 subpaths
 #select
-| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf : slice type | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information |
+| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information |
diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
index 8d66b76c863..5daa517378e 100644
--- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -1,135 +1,135 @@
 edges
-| klog.go:20:30:20:37 | selection of Header : Header | klog.go:22:15:22:20 | header |
-| klog.go:28:13:28:20 | selection of Header : Header | klog.go:28:13:28:41 | call to Get |
-| main.go:21:19:21:26 | password : string | main.go:22:29:22:34 | fields |
-| overrides.go:9:9:9:16 | password : string | overrides.go:13:14:13:23 | call to String |
-| passwords.go:8:12:8:12 | definition of x : string | passwords.go:9:14:9:14 | x |
-| passwords.go:30:8:30:15 | password : string | passwords.go:8:12:8:12 | definition of x : string |
-| passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... |
-| passwords.go:37:13:37:13 | x : string | passwords.go:39:14:39:17 | obj1 |
-| passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 |
-| passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 |
-| passwords.go:86:16:86:36 | call to make : map type | passwords.go:88:14:88:26 | utilityObject |
-| passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret |
-| passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... |
-| passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... |
-| passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... |
-| passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... |
-| passwords.go:118:12:123:2 | struct literal [x] : string | passwords.go:126:14:126:19 | config [x] : string |
-| passwords.go:118:12:123:2 | struct literal [y] : string | passwords.go:127:14:127:19 | config [y] : string |
-| passwords.go:119:13:119:13 | x : string | passwords.go:125:14:125:19 | config |
-| passwords.go:121:13:121:20 | password : string | passwords.go:118:12:123:2 | struct literal [x] : string |
-| passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config |
-| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:118:12:123:2 | struct literal [y] : string |
-| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config |
-| passwords.go:126:14:126:19 | config [x] : string | passwords.go:126:14:126:21 | selection of x |
-| passwords.go:127:14:127:19 | config [y] : string | passwords.go:127:14:127:21 | selection of y |
-| protobuf.go:11:2:11:6 | definition of query [pointer, Description] : string | protobuf.go:12:2:12:6 | query [pointer, Description] : string |
-| protobuf.go:11:2:11:6 | definition of query [pointer, Description] : string | protobuf.go:14:14:14:18 | query [pointer, Description] : string |
-| protobuf.go:12:2:12:6 | implicit dereference [Description] : string | protobuf.go:11:2:11:6 | definition of query [pointer, Description] : string |
-| protobuf.go:12:2:12:6 | query [pointer, Description] : string | protobuf.go:12:2:12:6 | implicit dereference [Description] : string |
-| protobuf.go:12:22:12:29 | password : string | protobuf.go:12:2:12:6 | implicit dereference [Description] : string |
-| protobuf.go:14:14:14:18 | query [pointer, Description] : string | protobuf.go:14:14:14:35 | call to GetDescription |
-| protobuf.go:14:14:14:18 | query [pointer, Description] : string | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] : string |
-| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] : string | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] : string |
-| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] : string | protos/query/query.pb.go:119:10:119:22 | selection of Description : string |
-| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] : string | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] : string |
-| util.go:16:9:16:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword |
+| klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header |
+| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get |
+| main.go:21:19:21:26 | password | main.go:22:29:22:34 | fields |
+| overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String |
+| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x |
+| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x |
+| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... |
+| passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 |
+| passwords.go:42:6:42:13 | password | passwords.go:44:14:44:17 | obj2 |
+| passwords.go:48:11:48:18 | password | passwords.go:47:14:47:17 | obj3 |
+| passwords.go:86:16:86:36 | call to make | passwords.go:88:14:88:26 | utilityObject |
+| passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret |
+| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... |
+| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... |
+| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... |
+| passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... |
+| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] |
+| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] |
+| passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config |
+| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] |
+| passwords.go:121:13:121:20 | password | passwords.go:125:14:125:19 | config |
+| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] |
+| passwords.go:122:13:122:25 | call to getPassword | passwords.go:125:14:125:19 | config |
+| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x |
+| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y |
+| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] |
+| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] |
+| protobuf.go:12:2:12:6 | implicit dereference [Description] | protobuf.go:11:2:11:6 | definition of query [pointer, Description] |
+| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:12:2:12:6 | implicit dereference [Description] |
+| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [Description] |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] |
+| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] |
+| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description |
+| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] |
+| util.go:16:9:16:18 | selection of password | passwords.go:28:14:28:28 | call to getPassword |
 nodes
-| klog.go:20:30:20:37 | selection of Header : Header | semmle.label | selection of Header : Header |
+| klog.go:20:30:20:37 | selection of Header | semmle.label | selection of Header |
 | klog.go:22:15:22:20 | header | semmle.label | header |
-| klog.go:28:13:28:20 | selection of Header : Header | semmle.label | selection of Header : Header |
+| klog.go:28:13:28:20 | selection of Header | semmle.label | selection of Header |
 | klog.go:28:13:28:41 | call to Get | semmle.label | call to Get |
 | main.go:15:14:15:21 | password | semmle.label | password |
 | main.go:17:12:17:19 | password | semmle.label | password |
 | main.go:18:17:18:24 | password | semmle.label | password |
-| main.go:21:19:21:26 | password : string | semmle.label | password : string |
+| main.go:21:19:21:26 | password | semmle.label | password |
 | main.go:22:29:22:34 | fields | semmle.label | fields |
 | main.go:25:35:25:42 | password | semmle.label | password |
-| overrides.go:9:9:9:16 | password : string | semmle.label | password : string |
+| overrides.go:9:9:9:16 | password | semmle.label | password |
 | overrides.go:13:14:13:23 | call to String | semmle.label | call to String |
-| passwords.go:8:12:8:12 | definition of x : string | semmle.label | definition of x : string |
+| passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x |
 | passwords.go:9:14:9:14 | x | semmle.label | x |
 | passwords.go:25:14:25:21 | password | semmle.label | password |
 | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password |
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
-| passwords.go:30:8:30:15 | password : string | semmle.label | password : string |
+| passwords.go:30:8:30:15 | password | semmle.label | password |
 | passwords.go:32:12:32:19 | password | semmle.label | password |
 | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
-| passwords.go:34:28:34:35 | password : string | semmle.label | password : string |
-| passwords.go:37:13:37:13 | x : string | semmle.label | x : string |
+| passwords.go:34:28:34:35 | password | semmle.label | password |
+| passwords.go:37:13:37:13 | x | semmle.label | x |
 | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
-| passwords.go:42:6:42:13 | password : string | semmle.label | password : string |
+| passwords.go:42:6:42:13 | password | semmle.label | password |
 | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
 | passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
-| passwords.go:48:11:48:18 | password : string | semmle.label | password : string |
+| passwords.go:48:11:48:18 | password | semmle.label | password |
 | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:86:16:86:36 | call to make : map type | semmle.label | call to make : map type |
+| passwords.go:86:16:86:36 | call to make | semmle.label | call to make |
 | passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
-| passwords.go:90:12:90:19 | password : string | semmle.label | password : string |
+| passwords.go:90:12:90:19 | password | semmle.label | password |
 | passwords.go:91:23:91:28 | secret | semmle.label | secret |
 | passwords.go:101:15:101:40 | ...+... | semmle.label | ...+... |
-| passwords.go:101:33:101:40 | password : string | semmle.label | password : string |
+| passwords.go:101:33:101:40 | password | semmle.label | password |
 | passwords.go:107:16:107:41 | ...+... | semmle.label | ...+... |
-| passwords.go:107:34:107:41 | password : string | semmle.label | password : string |
+| passwords.go:107:34:107:41 | password | semmle.label | password |
 | passwords.go:112:15:112:40 | ...+... | semmle.label | ...+... |
-| passwords.go:112:33:112:40 | password : string | semmle.label | password : string |
+| passwords.go:112:33:112:40 | password | semmle.label | password |
 | passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
-| passwords.go:116:28:116:36 | password1 : stringable | semmle.label | password1 : stringable |
-| passwords.go:118:12:123:2 | struct literal [x] : string | semmle.label | struct literal [x] : string |
-| passwords.go:118:12:123:2 | struct literal [y] : string | semmle.label | struct literal [y] : string |
-| passwords.go:119:13:119:13 | x : string | semmle.label | x : string |
-| passwords.go:121:13:121:20 | password : string | semmle.label | password : string |
-| passwords.go:122:13:122:25 | call to getPassword : string | semmle.label | call to getPassword : string |
+| passwords.go:116:28:116:36 | password1 | semmle.label | password1 |
+| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] |
+| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] |
+| passwords.go:119:13:119:13 | x | semmle.label | x |
+| passwords.go:121:13:121:20 | password | semmle.label | password |
+| passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:125:14:125:19 | config | semmle.label | config |
-| passwords.go:126:14:126:19 | config [x] : string | semmle.label | config [x] : string |
+| passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] |
 | passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x |
-| passwords.go:127:14:127:19 | config [y] : string | semmle.label | config [y] : string |
+| passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] |
 | passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y |
-| protobuf.go:11:2:11:6 | definition of query [pointer, Description] : string | semmle.label | definition of query [pointer, Description] : string |
-| protobuf.go:12:2:12:6 | implicit dereference [Description] : string | semmle.label | implicit dereference [Description] : string |
-| protobuf.go:12:2:12:6 | query [pointer, Description] : string | semmle.label | query [pointer, Description] : string |
-| protobuf.go:12:22:12:29 | password : string | semmle.label | password : string |
-| protobuf.go:14:14:14:18 | query [pointer, Description] : string | semmle.label | query [pointer, Description] : string |
+| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | semmle.label | definition of query [pointer, Description] |
+| protobuf.go:12:2:12:6 | implicit dereference [Description] | semmle.label | implicit dereference [Description] |
+| protobuf.go:12:2:12:6 | query [pointer, Description] | semmle.label | query [pointer, Description] |
+| protobuf.go:12:22:12:29 | password | semmle.label | password |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] |
 | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription |
-| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] : string | semmle.label | definition of x [pointer, Description] : string |
-| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] : string | semmle.label | implicit dereference [Description] : string |
-| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] : string | semmle.label | x [pointer, Description] : string |
-| protos/query/query.pb.go:119:10:119:22 | selection of Description : string | semmle.label | selection of Description : string |
-| util.go:16:9:16:18 | selection of password : string | semmle.label | selection of password : string |
+| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | semmle.label | definition of x [pointer, Description] |
+| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | semmle.label | implicit dereference [Description] |
+| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | semmle.label | x [pointer, Description] |
+| protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description |
+| util.go:16:9:16:18 | selection of password | semmle.label | selection of password |
 subpaths
-| protobuf.go:14:14:14:18 | query [pointer, Description] : string | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] : string | protos/query/query.pb.go:119:10:119:22 | selection of Description : string | protobuf.go:14:14:14:35 | call to GetDescription : string |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |
 #select
-| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header : Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers |
-| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header : Header | klog.go:28:13:28:41 | call to Get | $@ flows to a logging call. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers |
+| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers |
+| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | $@ flows to a logging call. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers |
 | main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | $@ flows to a logging call. | main.go:15:14:15:21 | password | Sensitive data returned by an access to password |
 | main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | $@ flows to a logging call. | main.go:17:12:17:19 | password | Sensitive data returned by an access to password |
 | main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | $@ flows to a logging call. | main.go:18:17:18:24 | password | Sensitive data returned by an access to password |
-| main.go:22:29:22:34 | fields | main.go:21:19:21:26 | password : string | main.go:22:29:22:34 | fields | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password |
+| main.go:22:29:22:34 | fields | main.go:21:19:21:26 | password | main.go:22:29:22:34 | fields | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password |
 | main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | $@ flows to a logging call. | main.go:25:35:25:42 | password | Sensitive data returned by an access to password |
-| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password : string | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password |
-| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password : string | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password |
+| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password |
+| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password |
 | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password |
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:28:14:28:28 | call to getPassword | util.go:16:9:16:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | util.go:16:9:16:18 | selection of password | Sensitive data returned by an access to password |
+| passwords.go:28:14:28:28 | call to getPassword | util.go:16:9:16:18 | selection of password | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | util.go:16:9:16:18 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password |
-| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password |
-| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x : string | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
-| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password |
-| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password |
+| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password |
+| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
+| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password |
+| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password |
 | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password |
-| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make : map type | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password |
-| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password |
-| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password |
-| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password |
-| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 |
-| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password |
-| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
-| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password : string | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
-| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password : string | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password |
+| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet |
+| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password |
+| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password |
+| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password |
+| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password |
+| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 |
+| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password |
+| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
+| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password |
diff --git a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
index e7fbbc39fb2..2376ab7a7cf 100644
--- a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
+++ b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
@@ -1,50 +1,48 @@
 edges
-| InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal : signature type | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion |
-| InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion : signature type | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback |
-| InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : HostKeyCallback | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : signature type | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback : signature type | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] : HostKeyCallback | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback |
-| InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion : signature type | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback : signature type |
-| InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback : signature type | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : signature type |
-| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion : signature type | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback : signature type |
-| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion : signature type | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback : signature type |
-| InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback : signature type | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : signature type |
-| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey : HostKeyCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : HostKeyCallback |
-| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback : signature type | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback : signature type |
+| InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion |
+| InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback |
+| InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion |
+| InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback |
+| InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback |
+| InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion |
+| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback |
+| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback |
+| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback |
+| InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion |
+| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback |
+| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback |
+| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback |
 nodes
 | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | semmle.label | type conversion |
-| InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal : signature type | semmle.label | function literal : signature type |
+| InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion : signature type | semmle.label | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal : signature type | semmle.label | function literal : signature type |
+| InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | semmle.label | type conversion |
+| InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal : signature type | semmle.label | function literal : signature type |
+| InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | semmle.label | type conversion |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : HostKeyCallback | semmle.label | definition of callback : HostKeyCallback |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback : signature type | semmle.label | definition of callback : signature type |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | semmle.label | definition of callback |
 | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback : signature type | semmle.label | definition of callback : signature type |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | semmle.label | definition of callback |
 | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
 | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] : HostKeyCallback | semmle.label | ... := ...[0] : HostKeyCallback |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion : signature type | semmle.label | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal : signature type | semmle.label | function literal : signature type |
-| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback : signature type | semmle.label | insecureCallback : signature type |
-| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion : signature type | semmle.label | type conversion : signature type |
-| InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal : signature type | semmle.label | function literal : signature type |
-| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback : signature type | semmle.label | potentiallySecureCallback : signature type |
-| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey : HostKeyCallback | semmle.label | call to InsecureIgnoreHostKey : HostKeyCallback |
-| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback : signature type | semmle.label | potentiallySecureCallback : signature type |
+| InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | semmle.label | type conversion |
+| InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | semmle.label | function literal |
+| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | semmle.label | insecureCallback |
+| InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | semmle.label | type conversion |
+| InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | semmle.label | function literal |
+| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | semmle.label | potentiallySecureCallback |
+| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
+| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | semmle.label | potentiallySecureCallback |
 subpaths
 #select
-| InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal : signature type | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | this source |
+| InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | this source |
 | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | this source |
-| InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | this source |
-| InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal : signature type | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | this source |
+| InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | this source |
+| InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | this source |
diff --git a/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected b/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected
index fb9488b7165..fb1058af01c 100644
--- a/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected
+++ b/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected
@@ -1,28 +1,28 @@
 edges
-| InsufficientKeySize.go:13:10:13:13 | 1024 : int | InsufficientKeySize.go:14:31:14:34 | size |
-| InsufficientKeySize.go:18:7:18:10 | 1024 : int | InsufficientKeySize.go:25:11:25:14 | definition of size : int |
-| InsufficientKeySize.go:25:11:25:14 | definition of size : int | InsufficientKeySize.go:26:31:26:34 | size |
-| InsufficientKeySize.go:30:13:30:16 | 1024 : int | InsufficientKeySize.go:32:32:32:38 | keyBits |
-| InsufficientKeySize.go:44:13:44:16 | 1024 : int | InsufficientKeySize.go:47:32:47:38 | keyBits |
-| InsufficientKeySize.go:61:21:61:24 | 1024 : int | InsufficientKeySize.go:67:31:67:37 | keyBits |
+| InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size |
+| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | definition of size |
+| InsufficientKeySize.go:25:11:25:14 | definition of size | InsufficientKeySize.go:26:31:26:34 | size |
+| InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits |
+| InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits |
+| InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits |
 nodes
 | InsufficientKeySize.go:9:31:9:34 | 1024 | semmle.label | 1024 |
-| InsufficientKeySize.go:13:10:13:13 | 1024 : int | semmle.label | 1024 : int |
+| InsufficientKeySize.go:13:10:13:13 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:14:31:14:34 | size | semmle.label | size |
-| InsufficientKeySize.go:18:7:18:10 | 1024 : int | semmle.label | 1024 : int |
-| InsufficientKeySize.go:25:11:25:14 | definition of size : int | semmle.label | definition of size : int |
+| InsufficientKeySize.go:18:7:18:10 | 1024 | semmle.label | 1024 |
+| InsufficientKeySize.go:25:11:25:14 | definition of size | semmle.label | definition of size |
 | InsufficientKeySize.go:26:31:26:34 | size | semmle.label | size |
-| InsufficientKeySize.go:30:13:30:16 | 1024 : int | semmle.label | 1024 : int |
+| InsufficientKeySize.go:30:13:30:16 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:32:32:32:38 | keyBits | semmle.label | keyBits |
-| InsufficientKeySize.go:44:13:44:16 | 1024 : int | semmle.label | 1024 : int |
+| InsufficientKeySize.go:44:13:44:16 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:47:32:47:38 | keyBits | semmle.label | keyBits |
-| InsufficientKeySize.go:61:21:61:24 | 1024 : int | semmle.label | 1024 : int |
+| InsufficientKeySize.go:61:21:61:24 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:67:31:67:37 | keyBits | semmle.label | keyBits |
 subpaths
 #select
 | InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:14:31:14:34 | size | InsufficientKeySize.go:13:10:13:13 | 1024 : int | InsufficientKeySize.go:14:31:14:34 | size | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:26:31:26:34 | size | InsufficientKeySize.go:18:7:18:10 | 1024 : int | InsufficientKeySize.go:26:31:26:34 | size | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:32:32:32:38 | keyBits | InsufficientKeySize.go:30:13:30:16 | 1024 : int | InsufficientKeySize.go:32:32:32:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:47:32:47:38 | keyBits | InsufficientKeySize.go:44:13:44:16 | 1024 : int | InsufficientKeySize.go:47:32:47:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:67:31:67:37 | keyBits | InsufficientKeySize.go:61:21:61:24 | 1024 : int | InsufficientKeySize.go:67:31:67:37 | keyBits | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:14:31:14:34 | size | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:26:31:26:34 | size | InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:26:31:26:34 | size | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:32:32:32:38 | keyBits | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:47:32:47:38 | keyBits | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:67:31:67:37 | keyBits | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | The size of this RSA key should be at least 2048 bits. |
diff --git a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected
index 6ae0010ec99..ba37534511a 100644
--- a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected
+++ b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected
@@ -1,49 +1,35 @@
 edges
-| UnsafeTLS.go:131:14:131:29 | selection of VersionTLS13 : uint16 | UnsafeTLS.go:136:16:136:22 | version |
-| UnsafeTLS.go:133:14:133:29 | selection of VersionSSL30 : uint16 | UnsafeTLS.go:136:16:136:22 | version |
-| UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal |
-| UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:272:18:274:4 | slice literal |
-| UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:280:18:282:4 | slice literal |
-| UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:288:18:290:4 | slice literal |
-| UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:296:18:298:4 | slice literal |
-| UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:304:18:306:4 | slice literal |
-| UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:312:18:314:4 | slice literal |
-| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:329:25:329:94 | call to append |
-| UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:336:26:336:58 | call to append |
-| UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:336:54:336:54 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:336:54:336:54 | implicit dereference : CipherSuite | UnsafeTLS.go:336:26:336:58 | call to append |
-| UnsafeTLS.go:336:54:336:54 | implicit dereference : CipherSuite | UnsafeTLS.go:336:54:336:54 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:344:40:344:40 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:346:25:346:36 | cipherSuites |
-| UnsafeTLS.go:344:40:344:40 | implicit dereference : CipherSuite | UnsafeTLS.go:344:40:344:40 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:344:40:344:40 | implicit dereference : CipherSuite | UnsafeTLS.go:346:25:346:36 | cipherSuites |
-| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:353:40:353:48 | index expression : pointer type |
-| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:355:25:355:36 | cipherSuites |
-| UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite | UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite | UnsafeTLS.go:353:40:353:48 | index expression : pointer type |
-| UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite | UnsafeTLS.go:355:25:355:36 | cipherSuites |
-| UnsafeTLS.go:353:40:353:48 | index expression : pointer type | UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite |
-| UnsafeTLS.go:353:40:353:48 | index expression : pointer type | UnsafeTLS.go:353:40:353:48 | index expression : pointer type |
-| UnsafeTLS.go:353:40:353:48 | index expression : pointer type | UnsafeTLS.go:355:25:355:36 | cipherSuites |
-| UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:362:18:364:4 | slice literal |
-| UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:370:18:372:4 | slice literal |
-| UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:378:18:380:4 | slice literal |
-| UnsafeTLS.go:387:5:387:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:386:18:388:4 | slice literal |
-| UnsafeTLS.go:395:5:395:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:394:18:396:4 | slice literal |
-| UnsafeTLS.go:403:4:403:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:402:33:404:3 | slice literal |
-| UnsafeTLS.go:410:4:410:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:409:31:411:3 | slice literal |
-| UnsafeTLS.go:419:6:419:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:418:19:420:5 | slice literal |
-| UnsafeTLS.go:426:6:426:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:425:19:427:5 | slice literal |
-| UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:432:19:434:5 | slice literal |
-| UnsafeTLS.go:443:6:443:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:442:19:444:5 | slice literal |
-| UnsafeTLS.go:450:6:450:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:449:19:451:5 | slice literal |
-| UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:456:19:458:5 | slice literal |
+| UnsafeTLS.go:131:14:131:29 | selection of VersionTLS13 | UnsafeTLS.go:136:16:136:22 | version |
+| UnsafeTLS.go:133:14:133:29 | selection of VersionSSL30 | UnsafeTLS.go:136:16:136:22 | version |
+| UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal |
+| UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:272:18:274:4 | slice literal |
+| UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:280:18:282:4 | slice literal |
+| UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | UnsafeTLS.go:288:18:290:4 | slice literal |
+| UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:296:18:298:4 | slice literal |
+| UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:304:18:306:4 | slice literal |
+| UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:312:18:314:4 | slice literal |
+| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | call to append |
+| UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | UnsafeTLS.go:336:26:336:58 | call to append |
+| UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | UnsafeTLS.go:346:25:346:36 | cipherSuites |
+| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | UnsafeTLS.go:355:25:355:36 | cipherSuites |
+| UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:362:18:364:4 | slice literal |
+| UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:370:18:372:4 | slice literal |
+| UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:378:18:380:4 | slice literal |
+| UnsafeTLS.go:387:5:387:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:386:18:388:4 | slice literal |
+| UnsafeTLS.go:395:5:395:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:394:18:396:4 | slice literal |
+| UnsafeTLS.go:403:4:403:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:402:33:404:3 | slice literal |
+| UnsafeTLS.go:410:4:410:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:409:31:411:3 | slice literal |
+| UnsafeTLS.go:419:6:419:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:418:19:420:5 | slice literal |
+| UnsafeTLS.go:426:6:426:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:425:19:427:5 | slice literal |
+| UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:432:19:434:5 | slice literal |
+| UnsafeTLS.go:443:6:443:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:442:19:444:5 | slice literal |
+| UnsafeTLS.go:450:6:450:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:449:19:451:5 | slice literal |
+| UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:456:19:458:5 | slice literal |
 nodes
 | UnsafeTLS.go:21:23:21:23 | 0 | semmle.label | 0 |
 | UnsafeTLS.go:25:23:25:23 | 0 | semmle.label | 0 |
@@ -64,8 +50,8 @@ nodes
 | UnsafeTLS.go:111:16:111:16 | 0 | semmle.label | 0 |
 | UnsafeTLS.go:117:16:117:16 | 0 | semmle.label | 0 |
 | UnsafeTLS.go:123:16:123:16 | 0 | semmle.label | 0 |
-| UnsafeTLS.go:131:14:131:29 | selection of VersionTLS13 : uint16 | semmle.label | selection of VersionTLS13 : uint16 |
-| UnsafeTLS.go:133:14:133:29 | selection of VersionSSL30 : uint16 | semmle.label | selection of VersionSSL30 : uint16 |
+| UnsafeTLS.go:131:14:131:29 | selection of VersionTLS13 | semmle.label | selection of VersionTLS13 |
+| UnsafeTLS.go:133:14:133:29 | selection of VersionSSL30 | semmle.label | selection of VersionSSL30 |
 | UnsafeTLS.go:136:16:136:22 | version | semmle.label | version |
 | UnsafeTLS.go:144:24:144:39 | selection of VersionTLS13 | semmle.label | selection of VersionTLS13 |
 | UnsafeTLS.go:146:24:146:39 | selection of VersionSSL30 | semmle.label | selection of VersionSSL30 |
@@ -86,62 +72,58 @@ nodes
 | UnsafeTLS.go:243:16:243:16 | 0 | semmle.label | 0 |
 | UnsafeTLS.go:250:16:250:16 | 0 | semmle.label | 0 |
 | UnsafeTLS.go:259:18:266:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 |
-| UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 |
-| UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 |
-| UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 |
-| UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
-| UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_RSA_WITH_RC4_128_SHA |
+| UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 |
+| UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
+| UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA |
+| UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
+| UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:272:18:274:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 |
+| UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_RSA_WITH_RC4_128_SHA |
 | UnsafeTLS.go:280:18:282:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:288:18:290:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 |
+| UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
 | UnsafeTLS.go:296:18:298:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | semmle.label | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 |
+| UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | semmle.label | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA |
 | UnsafeTLS.go:304:18:306:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:312:18:314:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:329:25:329:94 | call to append | semmle.label | call to append |
-| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 |
-| UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites : slice type | semmle.label | call to InsecureCipherSuites : slice type |
+| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
+| UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites |
 | UnsafeTLS.go:336:26:336:58 | call to append | semmle.label | call to append |
-| UnsafeTLS.go:336:54:336:54 | implicit dereference : CipherSuite | semmle.label | implicit dereference : CipherSuite |
-| UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites : slice type | semmle.label | call to InsecureCipherSuites : slice type |
-| UnsafeTLS.go:344:40:344:40 | implicit dereference : CipherSuite | semmle.label | implicit dereference : CipherSuite |
+| UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites |
 | UnsafeTLS.go:346:25:346:36 | cipherSuites | semmle.label | cipherSuites |
-| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites : slice type | semmle.label | call to InsecureCipherSuites : slice type |
-| UnsafeTLS.go:353:40:353:48 | implicit dereference : CipherSuite | semmle.label | implicit dereference : CipherSuite |
-| UnsafeTLS.go:353:40:353:48 | index expression : pointer type | semmle.label | index expression : pointer type |
+| UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites |
 | UnsafeTLS.go:355:25:355:36 | cipherSuites | semmle.label | cipherSuites |
 | UnsafeTLS.go:362:18:364:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:370:18:372:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:378:18:380:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:386:18:388:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:387:5:387:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:387:5:387:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:394:18:396:4 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:395:5:395:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:395:5:395:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:402:33:404:3 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:403:4:403:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:403:4:403:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:409:31:411:3 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:410:4:410:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:410:4:410:46 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:418:19:420:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:419:6:419:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:419:6:419:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:425:19:427:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:426:6:426:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:426:6:426:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:432:19:434:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:442:19:444:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:443:6:443:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:443:6:443:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:449:19:451:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:450:6:450:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:450:6:450:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 | UnsafeTLS.go:456:19:458:5 | slice literal | semmle.label | slice literal |
-| UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
+| UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
 subpaths
 #select
 | UnsafeTLS.go:21:23:21:23 | 0 | UnsafeTLS.go:21:23:21:23 | 0 | UnsafeTLS.go:21:23:21:23 | 0 | Using lowest TLS version for MinVersion. |
@@ -159,22 +141,22 @@ subpaths
 | UnsafeTLS.go:111:16:111:16 | 0 | UnsafeTLS.go:111:16:111:16 | 0 | UnsafeTLS.go:111:16:111:16 | 0 | Using lowest TLS version for MinVersion. |
 | UnsafeTLS.go:201:17:201:17 | 0 | UnsafeTLS.go:201:17:201:17 | 0 | UnsafeTLS.go:201:17:201:17 | 0 | Using lowest TLS version for MinVersion. |
 | UnsafeTLS.go:219:17:219:17 | 0 | UnsafeTLS.go:219:17:219:17 | 0 | UnsafeTLS.go:219:17:219:17 | 0 | Using lowest TLS version for MinVersion. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:272:18:274:4 | slice literal | UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:272:18:274:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:280:18:282:4 | slice literal | UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:280:18:282:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:288:18:290:4 | slice literal | UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:288:18:290:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:296:18:298:4 | slice literal | UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA : uint16 | UnsafeTLS.go:296:18:298:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA. |
-| UnsafeTLS.go:304:18:306:4 | slice literal | UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:304:18:306:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:312:18:314:4 | slice literal | UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:312:18:314:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:329:25:329:94 | call to append | UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:329:25:329:94 | call to append | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:336:26:336:58 | call to append | UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:336:26:336:58 | call to append | Use of an insecure cipher suite. |
-| UnsafeTLS.go:346:25:346:36 | cipherSuites | UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:346:25:346:36 | cipherSuites | Use of an insecure cipher suite. |
-| UnsafeTLS.go:355:25:355:36 | cipherSuites | UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites : slice type | UnsafeTLS.go:355:25:355:36 | cipherSuites | Use of an insecure cipher suite. |
-| UnsafeTLS.go:362:18:364:4 | slice literal | UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:362:18:364:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:432:19:434:5 | slice literal | UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:432:19:434:5 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
-| UnsafeTLS.go:456:19:458:5 | slice literal | UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | UnsafeTLS.go:456:19:458:5 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:260:5:260:32 | selection of TLS_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:261:5:261:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:262:5:262:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:263:5:263:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:264:5:264:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:259:18:266:4 | slice literal | UnsafeTLS.go:265:5:265:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:259:18:266:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:272:18:274:4 | slice literal | UnsafeTLS.go:273:5:273:32 | selection of TLS_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:272:18:274:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:280:18:282:4 | slice literal | UnsafeTLS.go:281:5:281:39 | selection of TLS_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:280:18:282:4 | slice literal | Use of an insecure cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:288:18:290:4 | slice literal | UnsafeTLS.go:289:5:289:40 | selection of TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | UnsafeTLS.go:288:18:290:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:296:18:298:4 | slice literal | UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:296:18:298:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA. |
+| UnsafeTLS.go:304:18:306:4 | slice literal | UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:304:18:306:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:312:18:314:4 | slice literal | UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:312:18:314:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:329:25:329:94 | call to append | UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | call to append | Use of an insecure cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:336:26:336:58 | call to append | UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | UnsafeTLS.go:336:26:336:58 | call to append | Use of an insecure cipher suite. |
+| UnsafeTLS.go:346:25:346:36 | cipherSuites | UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | UnsafeTLS.go:346:25:346:36 | cipherSuites | Use of an insecure cipher suite. |
+| UnsafeTLS.go:355:25:355:36 | cipherSuites | UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | UnsafeTLS.go:355:25:355:36 | cipherSuites | Use of an insecure cipher suite. |
+| UnsafeTLS.go:362:18:364:4 | slice literal | UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:362:18:364:4 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:432:19:434:5 | slice literal | UnsafeTLS.go:433:6:433:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:432:19:434:5 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
+| UnsafeTLS.go:456:19:458:5 | slice literal | UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:456:19:458:5 | slice literal | Use of an insecure cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. |
diff --git a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected
index 50d09ac532d..a107cd75df0 100644
--- a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected
+++ b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected
@@ -1,17 +1,17 @@
 edges
-| Crypto.go:16:9:16:16 | password : slice type | Crypto.go:19:25:19:27 | buf |
-| Crypto.go:16:9:16:16 | password : slice type | Crypto.go:22:10:22:12 | buf |
-| Crypto.go:16:9:16:16 | password : slice type | Crypto.go:25:16:25:18 | buf |
-| Crypto.go:16:9:16:16 | password : slice type | Crypto.go:28:11:28:13 | buf |
+| Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf |
+| Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf |
+| Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf |
+| Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf |
 nodes
-| Crypto.go:16:9:16:16 | password : slice type | semmle.label | password : slice type |
+| Crypto.go:16:9:16:16 | password | semmle.label | password |
 | Crypto.go:19:25:19:27 | buf | semmle.label | buf |
 | Crypto.go:22:10:22:12 | buf | semmle.label | buf |
 | Crypto.go:25:16:25:18 | buf | semmle.label | buf |
 | Crypto.go:28:11:28:13 | buf | semmle.label | buf |
 subpaths
 #select
-| Crypto.go:19:25:19:27 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:19:25:19:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
-| Crypto.go:22:10:22:12 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:22:10:22:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
-| Crypto.go:25:16:25:18 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:25:16:25:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
-| Crypto.go:28:11:28:13 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:28:11:28:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
+| Crypto.go:19:25:19:27 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
+| Crypto.go:22:10:22:12 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
+| Crypto.go:25:16:25:18 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
+| Crypto.go:28:11:28:13 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
index 2ba310c6ee1..9e767daf186 100644
--- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
+++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
@@ -1,16 +1,16 @@
 edges
-| sample.go:15:24:15:63 | type conversion : string | sample.go:16:9:16:15 | slice expression : slice type |
-| sample.go:15:49:15:61 | call to Uint32 : uint32 | sample.go:15:24:15:63 | type conversion : string |
-| sample.go:16:9:16:15 | slice expression : slice type | sample.go:26:25:26:30 | call to Guid |
-| sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:25:37:29 | nonce |
-| sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:32:37:36 | nonce |
+| sample.go:15:24:15:63 | type conversion | sample.go:16:9:16:15 | slice expression |
+| sample.go:15:49:15:61 | call to Uint32 | sample.go:15:24:15:63 | type conversion |
+| sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid |
+| sample.go:34:12:34:40 | call to New | sample.go:37:25:37:29 | nonce |
+| sample.go:34:12:34:40 | call to New | sample.go:37:32:37:36 | nonce |
 nodes
 | InsecureRandomness.go:12:18:12:40 | call to Intn | semmle.label | call to Intn |
-| sample.go:15:24:15:63 | type conversion : string | semmle.label | type conversion : string |
-| sample.go:15:49:15:61 | call to Uint32 : uint32 | semmle.label | call to Uint32 : uint32 |
-| sample.go:16:9:16:15 | slice expression : slice type | semmle.label | slice expression : slice type |
+| sample.go:15:24:15:63 | type conversion | semmle.label | type conversion |
+| sample.go:15:49:15:61 | call to Uint32 | semmle.label | call to Uint32 |
+| sample.go:16:9:16:15 | slice expression | semmle.label | slice expression |
 | sample.go:26:25:26:30 | call to Guid | semmle.label | call to Guid |
-| sample.go:34:12:34:40 | call to New : pointer type | semmle.label | call to New : pointer type |
+| sample.go:34:12:34:40 | call to New | semmle.label | call to New |
 | sample.go:37:25:37:29 | nonce | semmle.label | nonce |
 | sample.go:37:32:37:36 | nonce | semmle.label | nonce |
 | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn |
@@ -21,7 +21,7 @@ nodes
 subpaths
 #select
 | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | InsecureRandomness.go:12:18:12:40 | call to Intn | random number |
-| sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 : uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number |
-| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:25:37:29 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number |
-| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New : pointer type | sample.go:37:32:37:36 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number |
+| sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number |
+| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:25:37:29 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number |
+| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:32:37:36 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number |
 | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | sample.go:43:17:43:39 | call to Intn | random number |
diff --git a/go/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected b/go/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
index 06cc9c6618e..c21e28717c7 100644
--- a/go/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
+++ b/go/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
@@ -1,61 +1,61 @@
 edges
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:50:26:50:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:147:26:147:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:169:26:169:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:191:26:191:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:210:26:210:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:232:26:232:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:249:26:249:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:266:26:266:41 | stateStringConst |
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:282:26:282:41 | stateStringConst |
-| ConstantOauth2State.go:22:22:22:28 | "state" : string | ConstantOauth2State.go:65:26:65:39 | stateStringVar |
-| ConstantOauth2State.go:80:11:80:25 | call to newFixedState : string | ConstantOauth2State.go:81:26:81:30 | state |
-| ConstantOauth2State.go:86:9:86:15 | "state" : string | ConstantOauth2State.go:80:11:80:25 | call to newFixedState : string |
-| ConstantOauth2State.go:147:9:147:42 | call to AuthCodeURL : string | ConstantOauth2State.go:148:54:148:56 | url |
-| ConstantOauth2State.go:169:9:169:42 | call to AuthCodeURL : string | ConstantOauth2State.go:170:54:170:56 | url |
-| ConstantOauth2State.go:191:9:191:42 | call to AuthCodeURL : string | ConstantOauth2State.go:192:54:192:56 | url |
-| ConstantOauth2State.go:210:9:210:42 | call to AuthCodeURL : string | ConstantOauth2State.go:211:54:211:56 | url |
-| ConstantOauth2State.go:232:9:232:42 | call to AuthCodeURL : string | ConstantOauth2State.go:233:28:233:30 | url |
-| ConstantOauth2State.go:239:17:239:39 | "http://localhost:8080" : string | ConstantOauth2State.go:249:9:249:12 | conf |
-| ConstantOauth2State.go:256:38:256:60 | "http://localhost:8080" : string | ConstantOauth2State.go:266:9:266:12 | conf |
-| ConstantOauth2State.go:272:17:272:21 | "oob" : string | ConstantOauth2State.go:282:9:282:12 | conf |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:50:26:50:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:147:26:147:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:169:26:169:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:191:26:191:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:210:26:210:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:232:26:232:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:249:26:249:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:266:26:266:41 | stateStringConst |
+| ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:282:26:282:41 | stateStringConst |
+| ConstantOauth2State.go:22:22:22:28 | "state" | ConstantOauth2State.go:65:26:65:39 | stateStringVar |
+| ConstantOauth2State.go:80:11:80:25 | call to newFixedState | ConstantOauth2State.go:81:26:81:30 | state |
+| ConstantOauth2State.go:86:9:86:15 | "state" | ConstantOauth2State.go:80:11:80:25 | call to newFixedState |
+| ConstantOauth2State.go:147:9:147:42 | call to AuthCodeURL | ConstantOauth2State.go:148:54:148:56 | url |
+| ConstantOauth2State.go:169:9:169:42 | call to AuthCodeURL | ConstantOauth2State.go:170:54:170:56 | url |
+| ConstantOauth2State.go:191:9:191:42 | call to AuthCodeURL | ConstantOauth2State.go:192:54:192:56 | url |
+| ConstantOauth2State.go:210:9:210:42 | call to AuthCodeURL | ConstantOauth2State.go:211:54:211:56 | url |
+| ConstantOauth2State.go:232:9:232:42 | call to AuthCodeURL | ConstantOauth2State.go:233:28:233:30 | url |
+| ConstantOauth2State.go:239:17:239:39 | "http://localhost:8080" | ConstantOauth2State.go:249:9:249:12 | conf |
+| ConstantOauth2State.go:256:38:256:60 | "http://localhost:8080" | ConstantOauth2State.go:266:9:266:12 | conf |
+| ConstantOauth2State.go:272:17:272:21 | "oob" | ConstantOauth2State.go:282:9:282:12 | conf |
 nodes
-| ConstantOauth2State.go:20:26:20:32 | "state" : string literal | semmle.label | "state" : string literal |
-| ConstantOauth2State.go:22:22:22:28 | "state" : string | semmle.label | "state" : string |
+| ConstantOauth2State.go:20:26:20:32 | "state" | semmle.label | "state" |
+| ConstantOauth2State.go:22:22:22:28 | "state" | semmle.label | "state" |
 | ConstantOauth2State.go:35:26:35:32 | "state" | semmle.label | "state" |
 | ConstantOauth2State.go:50:26:50:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:65:26:65:39 | stateStringVar | semmle.label | stateStringVar |
-| ConstantOauth2State.go:80:11:80:25 | call to newFixedState : string | semmle.label | call to newFixedState : string |
+| ConstantOauth2State.go:80:11:80:25 | call to newFixedState | semmle.label | call to newFixedState |
 | ConstantOauth2State.go:81:26:81:30 | state | semmle.label | state |
-| ConstantOauth2State.go:86:9:86:15 | "state" : string | semmle.label | "state" : string |
-| ConstantOauth2State.go:147:9:147:42 | call to AuthCodeURL : string | semmle.label | call to AuthCodeURL : string |
+| ConstantOauth2State.go:86:9:86:15 | "state" | semmle.label | "state" |
+| ConstantOauth2State.go:147:9:147:42 | call to AuthCodeURL | semmle.label | call to AuthCodeURL |
 | ConstantOauth2State.go:147:26:147:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:148:54:148:56 | url | semmle.label | url |
-| ConstantOauth2State.go:169:9:169:42 | call to AuthCodeURL : string | semmle.label | call to AuthCodeURL : string |
+| ConstantOauth2State.go:169:9:169:42 | call to AuthCodeURL | semmle.label | call to AuthCodeURL |
 | ConstantOauth2State.go:169:26:169:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:170:54:170:56 | url | semmle.label | url |
-| ConstantOauth2State.go:191:9:191:42 | call to AuthCodeURL : string | semmle.label | call to AuthCodeURL : string |
+| ConstantOauth2State.go:191:9:191:42 | call to AuthCodeURL | semmle.label | call to AuthCodeURL |
 | ConstantOauth2State.go:191:26:191:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:192:54:192:56 | url | semmle.label | url |
-| ConstantOauth2State.go:210:9:210:42 | call to AuthCodeURL : string | semmle.label | call to AuthCodeURL : string |
+| ConstantOauth2State.go:210:9:210:42 | call to AuthCodeURL | semmle.label | call to AuthCodeURL |
 | ConstantOauth2State.go:210:26:210:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:211:54:211:56 | url | semmle.label | url |
-| ConstantOauth2State.go:232:9:232:42 | call to AuthCodeURL : string | semmle.label | call to AuthCodeURL : string |
+| ConstantOauth2State.go:232:9:232:42 | call to AuthCodeURL | semmle.label | call to AuthCodeURL |
 | ConstantOauth2State.go:232:26:232:41 | stateStringConst | semmle.label | stateStringConst |
 | ConstantOauth2State.go:233:28:233:30 | url | semmle.label | url |
-| ConstantOauth2State.go:239:17:239:39 | "http://localhost:8080" : string | semmle.label | "http://localhost:8080" : string |
+| ConstantOauth2State.go:239:17:239:39 | "http://localhost:8080" | semmle.label | "http://localhost:8080" |
 | ConstantOauth2State.go:249:9:249:12 | conf | semmle.label | conf |
 | ConstantOauth2State.go:249:26:249:41 | stateStringConst | semmle.label | stateStringConst |
-| ConstantOauth2State.go:256:38:256:60 | "http://localhost:8080" : string | semmle.label | "http://localhost:8080" : string |
+| ConstantOauth2State.go:256:38:256:60 | "http://localhost:8080" | semmle.label | "http://localhost:8080" |
 | ConstantOauth2State.go:266:9:266:12 | conf | semmle.label | conf |
 | ConstantOauth2State.go:266:26:266:41 | stateStringConst | semmle.label | stateStringConst |
-| ConstantOauth2State.go:272:17:272:21 | "oob" : string | semmle.label | "oob" : string |
+| ConstantOauth2State.go:272:17:272:21 | "oob" | semmle.label | "oob" |
 | ConstantOauth2State.go:282:9:282:12 | conf | semmle.label | conf |
 | ConstantOauth2State.go:282:26:282:41 | stateStringConst | semmle.label | stateStringConst |
 subpaths
 #select
 | ConstantOauth2State.go:35:26:35:32 | "state" | ConstantOauth2State.go:35:26:35:32 | "state" | ConstantOauth2State.go:35:26:35:32 | "state" | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:35:26:35:32 | "state" | state string |
-| ConstantOauth2State.go:50:26:50:41 | stateStringConst | ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:50:26:50:41 | stateStringConst | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:20:26:20:32 | "state" | state string |
-| ConstantOauth2State.go:65:26:65:39 | stateStringVar | ConstantOauth2State.go:22:22:22:28 | "state" : string | ConstantOauth2State.go:65:26:65:39 | stateStringVar | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:22:22:22:28 | "state" | state string |
-| ConstantOauth2State.go:81:26:81:30 | state | ConstantOauth2State.go:86:9:86:15 | "state" : string | ConstantOauth2State.go:81:26:81:30 | state | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:86:9:86:15 | "state" | state string |
-| ConstantOauth2State.go:232:26:232:41 | stateStringConst | ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:232:26:232:41 | stateStringConst | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:20:26:20:32 | "state" | state string |
+| ConstantOauth2State.go:50:26:50:41 | stateStringConst | ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:50:26:50:41 | stateStringConst | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:20:26:20:32 | "state" | state string |
+| ConstantOauth2State.go:65:26:65:39 | stateStringVar | ConstantOauth2State.go:22:22:22:28 | "state" | ConstantOauth2State.go:65:26:65:39 | stateStringVar | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:22:22:22:28 | "state" | state string |
+| ConstantOauth2State.go:81:26:81:30 | state | ConstantOauth2State.go:86:9:86:15 | "state" | ConstantOauth2State.go:81:26:81:30 | state | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:86:9:86:15 | "state" | state string |
+| ConstantOauth2State.go:232:26:232:41 | stateStringConst | ConstantOauth2State.go:20:26:20:32 | "state" | ConstantOauth2State.go:232:26:232:41 | stateStringConst | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:20:26:20:32 | "state" | state string |
diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
index e140ce0ce96..df3c6383bc4 100644
--- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
@@ -1,56 +1,56 @@
 edges
-| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string |
-| BadRedirectCheck.go:3:18:3:22 | definition of redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string |
-| BadRedirectCheck.go:5:10:5:14 | redir : string | main.go:11:25:11:45 | call to sanitizeUrl |
-| cves.go:14:23:14:25 | argument corresponding to url : string | cves.go:16:26:16:28 | url |
-| cves.go:33:14:33:34 | call to Get : string | cves.go:37:25:37:32 | redirect |
-| cves.go:41:14:41:34 | call to Get : string | cves.go:45:25:45:32 | redirect |
-| main.go:10:18:10:25 | argument corresponding to redirect : string | main.go:11:37:11:44 | redirect : string |
-| main.go:11:37:11:44 | redirect : string | BadRedirectCheck.go:3:18:3:22 | definition of redir : string |
-| main.go:11:37:11:44 | redirect : string | main.go:11:25:11:45 | call to sanitizeUrl |
-| main.go:32:24:32:26 | argument corresponding to url : string | main.go:34:26:34:28 | url |
-| main.go:68:17:68:24 | argument corresponding to redirect : string | main.go:73:9:73:28 | call to Clean : string |
-| main.go:68:17:68:24 | definition of redirect : string | main.go:73:9:73:28 | call to Clean : string |
-| main.go:73:9:73:28 | call to Clean : string | main.go:77:25:77:39 | call to getTarget1 |
-| main.go:76:19:76:21 | argument corresponding to url : string | main.go:77:36:77:38 | url : string |
-| main.go:77:36:77:38 | url : string | main.go:68:17:68:24 | definition of redirect : string |
-| main.go:77:36:77:38 | url : string | main.go:77:25:77:39 | call to getTarget1 |
-| main.go:87:9:87:14 | selection of Path : string | main.go:91:25:91:39 | call to getTarget2 |
+| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | BadRedirectCheck.go:5:10:5:14 | redir |
+| BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir |
+| BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
+| cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url |
+| cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect |
+| cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect |
+| main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir |
+| main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl |
+| main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url |
+| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:9:73:28 | call to Clean |
+| main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean |
+| main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
+| main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect |
+| main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 |
+| main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 |
 nodes
-| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | semmle.label | argument corresponding to redir : string |
-| BadRedirectCheck.go:3:18:3:22 | definition of redir : string | semmle.label | definition of redir : string |
-| BadRedirectCheck.go:5:10:5:14 | redir : string | semmle.label | redir : string |
-| BadRedirectCheck.go:5:10:5:14 | redir : string | semmle.label | redir : string |
-| cves.go:14:23:14:25 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
+| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | semmle.label | argument corresponding to redir |
+| BadRedirectCheck.go:3:18:3:22 | definition of redir | semmle.label | definition of redir |
+| BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
+| BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
+| cves.go:14:23:14:25 | argument corresponding to url | semmle.label | argument corresponding to url |
 | cves.go:16:26:16:28 | url | semmle.label | url |
-| cves.go:33:14:33:34 | call to Get : string | semmle.label | call to Get : string |
+| cves.go:33:14:33:34 | call to Get | semmle.label | call to Get |
 | cves.go:37:25:37:32 | redirect | semmle.label | redirect |
-| cves.go:41:14:41:34 | call to Get : string | semmle.label | call to Get : string |
+| cves.go:41:14:41:34 | call to Get | semmle.label | call to Get |
 | cves.go:45:25:45:32 | redirect | semmle.label | redirect |
-| main.go:10:18:10:25 | argument corresponding to redirect : string | semmle.label | argument corresponding to redirect : string |
+| main.go:10:18:10:25 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
 | main.go:11:25:11:45 | call to sanitizeUrl | semmle.label | call to sanitizeUrl |
-| main.go:11:37:11:44 | redirect : string | semmle.label | redirect : string |
-| main.go:32:24:32:26 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
+| main.go:11:37:11:44 | redirect | semmle.label | redirect |
+| main.go:32:24:32:26 | argument corresponding to url | semmle.label | argument corresponding to url |
 | main.go:34:26:34:28 | url | semmle.label | url |
-| main.go:68:17:68:24 | argument corresponding to redirect : string | semmle.label | argument corresponding to redirect : string |
-| main.go:68:17:68:24 | definition of redirect : string | semmle.label | definition of redirect : string |
-| main.go:73:9:73:28 | call to Clean : string | semmle.label | call to Clean : string |
-| main.go:73:9:73:28 | call to Clean : string | semmle.label | call to Clean : string |
-| main.go:76:19:76:21 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
+| main.go:68:17:68:24 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
+| main.go:68:17:68:24 | definition of redirect | semmle.label | definition of redirect |
+| main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
+| main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
+| main.go:76:19:76:21 | argument corresponding to url | semmle.label | argument corresponding to url |
 | main.go:77:25:77:39 | call to getTarget1 | semmle.label | call to getTarget1 |
-| main.go:77:36:77:38 | url : string | semmle.label | url : string |
-| main.go:87:9:87:14 | selection of Path : string | semmle.label | selection of Path : string |
+| main.go:77:36:77:38 | url | semmle.label | url |
+| main.go:87:9:87:14 | selection of Path | semmle.label | selection of Path |
 | main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
 subpaths
-| main.go:11:37:11:44 | redirect : string | BadRedirectCheck.go:3:18:3:22 | definition of redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string | main.go:11:25:11:45 | call to sanitizeUrl : string |
-| main.go:77:36:77:38 | url : string | main.go:68:17:68:24 | definition of redirect : string | main.go:73:9:73:28 | call to Clean : string | main.go:77:25:77:39 | call to getTarget1 : string |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
 #select
-| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:18:10:25 | argument corresponding to redirect : string | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:18:10:25 | argument corresponding to redirect | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| cves.go:11:26:11:38 | ...==... | cves.go:14:23:14:25 | argument corresponding to url : string | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:23:14:25 | argument corresponding to url | this value | cves.go:16:26:16:28 | url | redirect |
-| cves.go:34:6:34:37 | call to HasPrefix | cves.go:33:14:33:34 | call to Get : string | cves.go:37:25:37:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:33:14:33:34 | call to Get | this value | cves.go:37:25:37:32 | redirect | redirect |
-| cves.go:42:6:42:37 | call to HasPrefix | cves.go:41:14:41:34 | call to Get : string | cves.go:45:25:45:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:41:14:41:34 | call to Get | this value | cves.go:45:25:45:32 | redirect | redirect |
-| main.go:25:7:25:38 | call to HasPrefix | main.go:32:24:32:26 | argument corresponding to url : string | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:24:32:26 | argument corresponding to url | this value | main.go:34:26:34:28 | url | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:68:17:68:24 | argument corresponding to redirect : string | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:17:68:24 | argument corresponding to redirect | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url : string | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
-| main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path : string | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:18:10:25 | argument corresponding to redirect | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| cves.go:11:26:11:38 | ...==... | cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:23:14:25 | argument corresponding to url | this value | cves.go:16:26:16:28 | url | redirect |
+| cves.go:34:6:34:37 | call to HasPrefix | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:33:14:33:34 | call to Get | this value | cves.go:37:25:37:32 | redirect | redirect |
+| cves.go:42:6:42:37 | call to HasPrefix | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:41:14:41:34 | call to Get | this value | cves.go:45:25:45:32 | redirect | redirect |
+| main.go:25:7:25:38 | call to HasPrefix | main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:24:32:26 | argument corresponding to url | this value | main.go:34:26:34:28 | url | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:68:17:68:24 | argument corresponding to redirect | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:17:68:24 | argument corresponding to redirect | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect |
diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
index c27f575acc3..f7e2677efef 100644
--- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
@@ -1,132 +1,125 @@
 edges
-| OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | OpenUrlRedirect.go:10:23:10:42 | call to Get |
-| stdlib.go:13:13:13:18 | selection of Form : Values | stdlib.go:15:30:15:35 | target |
-| stdlib.go:22:13:22:18 | selection of Form : Values | stdlib.go:24:30:24:35 | target |
-| stdlib.go:31:13:31:18 | selection of Form : Values | stdlib.go:35:30:35:39 | ...+... |
-| stdlib.go:44:13:44:18 | selection of Form : Values | stdlib.go:46:23:46:28 | target |
-| stdlib.go:64:13:64:18 | selection of Form : Values | stdlib.go:67:23:67:40 | ...+... |
-| stdlib.go:89:13:89:18 | selection of Form : Values | stdlib.go:92:23:92:28 | target |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | stdlib.go:112:4:112:8 | selection of URL [pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | stdlib.go:112:4:112:8 | selection of URL [pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type | stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type | stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | selection of URL [pointer] : URL |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | stdlib.go:112:4:112:8 | selection of URL [pointer] : URL |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | stdlib.go:112:4:112:8 | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | stdlib.go:112:4:112:8 | implicit dereference : URL |
-| stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type | stdlib.go:113:24:113:28 | selection of URL : pointer type |
-| stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type | stdlib.go:113:24:113:28 | selection of URL : pointer type |
-| stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type | stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type |
-| stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type | stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type |
-| stdlib.go:113:24:113:28 | selection of URL : pointer type | stdlib.go:113:24:113:37 | call to String |
-| stdlib.go:113:24:113:28 | selection of URL : pointer type | stdlib.go:113:24:113:37 | call to String |
-| stdlib.go:146:13:146:18 | selection of Form : Values | stdlib.go:152:23:152:28 | target |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | stdlib.go:159:11:159:15 | selection of URL : pointer type |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | stdlib.go:159:11:159:15 | selection of URL : pointer type |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | stdlib.go:162:24:162:35 | call to String |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | stdlib.go:162:24:162:35 | call to String |
-| stdlib.go:173:35:173:39 | selection of URL : pointer type | stdlib.go:173:24:173:52 | ...+... |
-| stdlib.go:173:35:173:39 | selection of URL : pointer type | stdlib.go:173:24:173:52 | ...+... |
-| stdlib.go:182:13:182:33 | call to FormValue : string | stdlib.go:184:23:184:28 | target |
-| stdlib.go:190:36:190:56 | call to FormValue : string | stdlib.go:192:23:192:28 | implicit dereference : URL |
-| stdlib.go:190:36:190:56 | call to FormValue : string | stdlib.go:192:23:192:33 | selection of Path |
-| stdlib.go:190:36:190:56 | call to FormValue : string | stdlib.go:194:23:194:42 | call to EscapedPath |
-| stdlib.go:192:23:192:28 | implicit dereference : URL | stdlib.go:192:23:192:28 | implicit dereference : URL |
-| stdlib.go:192:23:192:28 | implicit dereference : URL | stdlib.go:192:23:192:33 | selection of Path |
-| stdlib.go:192:23:192:28 | implicit dereference : URL | stdlib.go:194:23:194:42 | call to EscapedPath |
+| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get |
+| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target |
+| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target |
+| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... |
+| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target |
+| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... |
+| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:112:4:112:8 | selection of URL [pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:112:4:112:8 | selection of URL [pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:107:54:107:54 | definition of r [pointer, URL] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:107:54:107:54 | definition of r [pointer, URL] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] |
+| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | selection of URL |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference |
+| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL |
+| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL |
+| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] |
+| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] |
+| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String |
+| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String |
+| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target |
+| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:35 | call to String |
+| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:35 | call to String |
+| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:24:173:52 | ...+... |
+| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:24:173:52 | ...+... |
+| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target |
+| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path |
+| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath |
 nodes
-| OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | semmle.label | selection of Form : Values |
+| OpenUrlRedirect.go:10:23:10:28 | selection of Form | semmle.label | selection of Form |
 | OpenUrlRedirect.go:10:23:10:42 | call to Get | semmle.label | call to Get |
-| stdlib.go:13:13:13:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:13:13:13:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:15:30:15:35 | target | semmle.label | target |
-| stdlib.go:22:13:22:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:22:13:22:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:24:30:24:35 | target | semmle.label | target |
-| stdlib.go:31:13:31:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:31:13:31:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:35:30:35:39 | ...+... | semmle.label | ...+... |
-| stdlib.go:44:13:44:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:44:13:44:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:46:23:46:28 | target | semmle.label | target |
-| stdlib.go:64:13:64:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:64:13:64:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:67:23:67:40 | ...+... | semmle.label | ...+... |
-| stdlib.go:89:13:89:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:89:13:89:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:92:23:92:28 | target | semmle.label | target |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL | semmle.label | definition of r [pointer, URL, pointer] : URL |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] : URL | semmle.label | definition of r [pointer, URL, pointer] : URL |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | semmle.label | definition of r [pointer, URL] : pointer type |
-| stdlib.go:107:54:107:54 | definition of r [pointer, URL] : pointer type | semmle.label | definition of r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | semmle.label | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] : URL | semmle.label | implicit dereference [URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | semmle.label | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:4 | implicit dereference [URL] : pointer type | semmle.label | implicit dereference [URL] : pointer type |
-| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL | semmle.label | r [pointer, URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] : URL | semmle.label | r [pointer, URL, pointer] : URL |
-| stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type | semmle.label | r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:4 | r [pointer, URL] : pointer type | semmle.label | r [pointer, URL] : pointer type |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | semmle.label | selection of URL [pointer] : URL |
-| stdlib.go:112:4:112:8 | selection of URL [pointer] : URL | semmle.label | selection of URL [pointer] : URL |
-| stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type | semmle.label | implicit dereference [URL] : pointer type |
-| stdlib.go:113:24:113:24 | implicit dereference [URL] : pointer type | semmle.label | implicit dereference [URL] : pointer type |
-| stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type | semmle.label | r [pointer, URL] : pointer type |
-| stdlib.go:113:24:113:24 | r [pointer, URL] : pointer type | semmle.label | r [pointer, URL] : pointer type |
-| stdlib.go:113:24:113:28 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:113:24:113:28 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] |
+| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
+| stdlib.go:112:4:112:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
+| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
+| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
+| stdlib.go:112:4:112:4 | r [pointer, URL] | semmle.label | r [pointer, URL] |
+| stdlib.go:112:4:112:4 | r [pointer, URL] | semmle.label | r [pointer, URL] |
+| stdlib.go:112:4:112:8 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:112:4:112:8 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:112:4:112:8 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:112:4:112:8 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] |
+| stdlib.go:112:4:112:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] |
+| stdlib.go:113:24:113:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
+| stdlib.go:113:24:113:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
+| stdlib.go:113:24:113:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
+| stdlib.go:113:24:113:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
+| stdlib.go:113:24:113:28 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:113:24:113:28 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:113:24:113:37 | call to String | semmle.label | call to String |
 | stdlib.go:113:24:113:37 | call to String | semmle.label | call to String |
-| stdlib.go:146:13:146:18 | selection of Form : Values | semmle.label | selection of Form : Values |
+| stdlib.go:146:13:146:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:152:23:152:28 | target | semmle.label | target |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:159:11:159:15 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:162:24:162:35 | call to String | semmle.label | call to String |
 | stdlib.go:162:24:162:35 | call to String | semmle.label | call to String |
 | stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... |
 | stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... |
-| stdlib.go:173:35:173:39 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:173:35:173:39 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
-| stdlib.go:182:13:182:33 | call to FormValue : string | semmle.label | call to FormValue : string |
+| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:182:13:182:33 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:184:23:184:28 | target | semmle.label | target |
-| stdlib.go:190:36:190:56 | call to FormValue : string | semmle.label | call to FormValue : string |
-| stdlib.go:192:23:192:28 | implicit dereference : URL | semmle.label | implicit dereference : URL |
+| stdlib.go:190:36:190:56 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath |
 subpaths
 #select
-| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | OpenUrlRedirect.go:10:23:10:42 | call to Get | Untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
-| stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form : Values | stdlib.go:15:30:15:35 | target | Untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value |
-| stdlib.go:24:30:24:35 | target | stdlib.go:22:13:22:18 | selection of Form : Values | stdlib.go:24:30:24:35 | target | Untrusted URL redirection depends on a $@. | stdlib.go:22:13:22:18 | selection of Form | user-provided value |
-| stdlib.go:35:30:35:39 | ...+... | stdlib.go:31:13:31:18 | selection of Form : Values | stdlib.go:35:30:35:39 | ...+... | Untrusted URL redirection depends on a $@. | stdlib.go:31:13:31:18 | selection of Form | user-provided value |
-| stdlib.go:46:23:46:28 | target | stdlib.go:44:13:44:18 | selection of Form : Values | stdlib.go:46:23:46:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:44:13:44:18 | selection of Form | user-provided value |
-| stdlib.go:67:23:67:40 | ...+... | stdlib.go:64:13:64:18 | selection of Form : Values | stdlib.go:67:23:67:40 | ...+... | Untrusted URL redirection depends on a $@. | stdlib.go:64:13:64:18 | selection of Form | user-provided value |
-| stdlib.go:92:23:92:28 | target | stdlib.go:89:13:89:18 | selection of Form : Values | stdlib.go:92:23:92:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:89:13:89:18 | selection of Form | user-provided value |
-| stdlib.go:152:23:152:28 | target | stdlib.go:146:13:146:18 | selection of Form : Values | stdlib.go:152:23:152:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:146:13:146:18 | selection of Form | user-provided value |
-| stdlib.go:184:23:184:28 | target | stdlib.go:182:13:182:33 | call to FormValue : string | stdlib.go:184:23:184:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:182:13:182:33 | call to FormValue | user-provided value |
-| stdlib.go:192:23:192:33 | selection of Path | stdlib.go:190:36:190:56 | call to FormValue : string | stdlib.go:192:23:192:33 | selection of Path | Untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
-| stdlib.go:194:23:194:42 | call to EscapedPath | stdlib.go:190:36:190:56 | call to FormValue : string | stdlib.go:194:23:194:42 | call to EscapedPath | Untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
+| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | Untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
+| stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target | Untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value |
+| stdlib.go:24:30:24:35 | target | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target | Untrusted URL redirection depends on a $@. | stdlib.go:22:13:22:18 | selection of Form | user-provided value |
+| stdlib.go:35:30:35:39 | ...+... | stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... | Untrusted URL redirection depends on a $@. | stdlib.go:31:13:31:18 | selection of Form | user-provided value |
+| stdlib.go:46:23:46:28 | target | stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:44:13:44:18 | selection of Form | user-provided value |
+| stdlib.go:67:23:67:40 | ...+... | stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... | Untrusted URL redirection depends on a $@. | stdlib.go:64:13:64:18 | selection of Form | user-provided value |
+| stdlib.go:92:23:92:28 | target | stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:89:13:89:18 | selection of Form | user-provided value |
+| stdlib.go:152:23:152:28 | target | stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:146:13:146:18 | selection of Form | user-provided value |
+| stdlib.go:184:23:184:28 | target | stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | Untrusted URL redirection depends on a $@. | stdlib.go:182:13:182:33 | call to FormValue | user-provided value |
+| stdlib.go:192:23:192:33 | selection of Path | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path | Untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
+| stdlib.go:194:23:194:42 | call to EscapedPath | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath | Untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
index 2061b253cdc..797d06f208e 100644
--- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
@@ -1,44 +1,44 @@
 edges
-| EmailBad.go:9:10:9:17 | selection of Header : Header | EmailBad.go:12:56:12:67 | type conversion |
-| main.go:29:21:29:31 | call to Referer : string | main.go:31:57:31:78 | type conversion |
-| main.go:37:21:37:31 | call to Referer : string | main.go:40:3:40:7 | definition of write |
-| main.go:46:21:46:31 | call to Referer : string | main.go:52:46:52:59 | untrustedInput |
-| main.go:46:21:46:31 | call to Referer : string | main.go:53:52:53:65 | untrustedInput |
-| main.go:58:21:58:31 | call to Referer : string | main.go:63:16:63:22 | content |
-| main.go:68:21:68:31 | call to Referer : string | main.go:76:50:76:56 | content |
-| main.go:68:21:68:31 | call to Referer : string | main.go:76:59:76:65 | content |
-| main.go:68:21:68:31 | call to Referer : string | main.go:77:16:77:22 | content |
-| main.go:82:21:82:31 | call to Referer : string | main.go:89:37:89:50 | untrustedInput |
-| main.go:82:21:82:31 | call to Referer : string | main.go:93:16:93:23 | content2 |
+| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion |
+| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion |
+| main.go:37:21:37:31 | call to Referer | main.go:40:3:40:7 | definition of write |
+| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput |
+| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput |
+| main.go:58:21:58:31 | call to Referer | main.go:63:16:63:22 | content |
+| main.go:68:21:68:31 | call to Referer | main.go:76:50:76:56 | content |
+| main.go:68:21:68:31 | call to Referer | main.go:76:59:76:65 | content |
+| main.go:68:21:68:31 | call to Referer | main.go:77:16:77:22 | content |
+| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput |
+| main.go:82:21:82:31 | call to Referer | main.go:93:16:93:23 | content2 |
 nodes
-| EmailBad.go:9:10:9:17 | selection of Header : Header | semmle.label | selection of Header : Header |
+| EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header |
 | EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion |
-| main.go:29:21:29:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:29:21:29:31 | call to Referer | semmle.label | call to Referer |
 | main.go:31:57:31:78 | type conversion | semmle.label | type conversion |
-| main.go:37:21:37:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:37:21:37:31 | call to Referer | semmle.label | call to Referer |
 | main.go:40:3:40:7 | definition of write | semmle.label | definition of write |
-| main.go:46:21:46:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:46:21:46:31 | call to Referer | semmle.label | call to Referer |
 | main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput |
 | main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput |
-| main.go:58:21:58:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer |
 | main.go:63:16:63:22 | content | semmle.label | content |
-| main.go:68:21:68:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer |
 | main.go:76:50:76:56 | content | semmle.label | content |
 | main.go:76:59:76:65 | content | semmle.label | content |
 | main.go:77:16:77:22 | content | semmle.label | content |
-| main.go:82:21:82:31 | call to Referer : string | semmle.label | call to Referer : string |
+| main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer |
 | main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput |
 | main.go:93:16:93:23 | content2 | semmle.label | content2 |
 subpaths
 #select
-| EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header : Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input |
-| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer : string | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input |
-| main.go:40:3:40:7 | definition of write | main.go:37:21:37:31 | call to Referer : string | main.go:40:3:40:7 | definition of write | Email content may contain $@. | main.go:37:21:37:31 | call to Referer | untrusted input |
-| main.go:52:46:52:59 | untrustedInput | main.go:46:21:46:31 | call to Referer : string | main.go:52:46:52:59 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input |
-| main.go:53:52:53:65 | untrustedInput | main.go:46:21:46:31 | call to Referer : string | main.go:53:52:53:65 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input |
-| main.go:63:16:63:22 | content | main.go:58:21:58:31 | call to Referer : string | main.go:63:16:63:22 | content | Email content may contain $@. | main.go:58:21:58:31 | call to Referer | untrusted input |
-| main.go:76:50:76:56 | content | main.go:68:21:68:31 | call to Referer : string | main.go:76:50:76:56 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
-| main.go:76:59:76:65 | content | main.go:68:21:68:31 | call to Referer : string | main.go:76:59:76:65 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
-| main.go:77:16:77:22 | content | main.go:68:21:68:31 | call to Referer : string | main.go:77:16:77:22 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
-| main.go:89:37:89:50 | untrustedInput | main.go:82:21:82:31 | call to Referer : string | main.go:89:37:89:50 | untrustedInput | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input |
-| main.go:93:16:93:23 | content2 | main.go:82:21:82:31 | call to Referer : string | main.go:93:16:93:23 | content2 | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input |
+| EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input |
+| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input |
+| main.go:40:3:40:7 | definition of write | main.go:37:21:37:31 | call to Referer | main.go:40:3:40:7 | definition of write | Email content may contain $@. | main.go:37:21:37:31 | call to Referer | untrusted input |
+| main.go:52:46:52:59 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input |
+| main.go:53:52:53:65 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input |
+| main.go:63:16:63:22 | content | main.go:58:21:58:31 | call to Referer | main.go:63:16:63:22 | content | Email content may contain $@. | main.go:58:21:58:31 | call to Referer | untrusted input |
+| main.go:76:50:76:56 | content | main.go:68:21:68:31 | call to Referer | main.go:76:50:76:56 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
+| main.go:76:59:76:65 | content | main.go:68:21:68:31 | call to Referer | main.go:76:59:76:65 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
+| main.go:77:16:77:22 | content | main.go:68:21:68:31 | call to Referer | main.go:77:16:77:22 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input |
+| main.go:89:37:89:50 | untrustedInput | main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input |
+| main.go:93:16:93:23 | content2 | main.go:82:21:82:31 | call to Referer | main.go:93:16:93:23 | content2 | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input |
diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
index 081b1a2cdba..a391fe96b64 100644
--- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
@@ -1,57 +1,57 @@
 edges
-| XPathInjection.go:13:14:13:19 | selection of Form : Values | XPathInjection.go:16:29:16:91 | ...+... |
-| tst.go:32:14:32:19 | selection of Form : Values | tst.go:35:23:35:85 | ...+... |
-| tst.go:32:14:32:19 | selection of Form : Values | tst.go:38:24:38:86 | ...+... |
-| tst.go:32:14:32:19 | selection of Form : Values | tst.go:41:24:41:82 | ...+... |
-| tst.go:46:14:46:19 | selection of Form : Values | tst.go:49:26:49:84 | ...+... |
-| tst.go:46:14:46:19 | selection of Form : Values | tst.go:52:29:52:87 | ...+... |
-| tst.go:46:14:46:19 | selection of Form : Values | tst.go:55:33:55:91 | ...+... |
-| tst.go:46:14:46:19 | selection of Form : Values | tst.go:58:30:58:88 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:66:25:66:83 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:69:28:69:86 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:72:25:72:83 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:75:34:75:92 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:78:32:78:90 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:81:29:81:87 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:84:23:84:85 | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | tst.go:87:22:87:84 | ...+... |
-| tst.go:92:14:92:19 | selection of Form : Values | tst.go:95:26:95:84 | ...+... |
-| tst.go:92:14:92:19 | selection of Form : Values | tst.go:98:29:98:87 | ...+... |
-| tst.go:92:14:92:19 | selection of Form : Values | tst.go:101:33:101:91 | ...+... |
-| tst.go:92:14:92:19 | selection of Form : Values | tst.go:104:30:104:88 | ...+... |
-| tst.go:109:14:109:19 | selection of Form : Values | tst.go:112:25:112:87 | ...+... |
-| tst.go:109:14:109:19 | selection of Form : Values | tst.go:115:26:115:88 | ...+... |
-| tst.go:120:14:120:19 | selection of Form : Values | tst.go:124:23:124:126 | ...+... |
-| tst.go:120:14:120:19 | selection of Form : Values | tst.go:127:24:127:127 | ...+... |
-| tst.go:120:14:120:19 | selection of Form : Values | tst.go:130:27:130:122 | ...+... |
-| tst.go:121:14:121:19 | selection of Form : Values | tst.go:124:23:124:126 | ...+... |
-| tst.go:121:14:121:19 | selection of Form : Values | tst.go:127:24:127:127 | ...+... |
-| tst.go:121:14:121:19 | selection of Form : Values | tst.go:130:27:130:122 | ...+... |
-| tst.go:138:14:138:19 | selection of Form : Values | tst.go:141:27:141:89 | ...+... |
-| tst.go:138:14:138:19 | selection of Form : Values | tst.go:144:28:144:90 | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | tst.go:153:33:153:136 | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | tst.go:156:18:156:121 | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | tst.go:162:31:162:126 | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | tst.go:171:21:171:116 | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | tst.go:180:27:180:122 | ...+... |
-| tst.go:150:14:150:19 | selection of Form : Values | tst.go:153:33:153:136 | ...+... |
-| tst.go:150:14:150:19 | selection of Form : Values | tst.go:156:18:156:121 | ...+... |
-| tst.go:150:14:150:19 | selection of Form : Values | tst.go:162:31:162:126 | ...+... |
-| tst.go:150:14:150:19 | selection of Form : Values | tst.go:171:21:171:116 | ...+... |
-| tst.go:150:14:150:19 | selection of Form : Values | tst.go:180:27:180:122 | ...+... |
+| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:16:29:16:91 | ...+... |
+| tst.go:32:14:32:19 | selection of Form | tst.go:35:23:35:85 | ...+... |
+| tst.go:32:14:32:19 | selection of Form | tst.go:38:24:38:86 | ...+... |
+| tst.go:32:14:32:19 | selection of Form | tst.go:41:24:41:82 | ...+... |
+| tst.go:46:14:46:19 | selection of Form | tst.go:49:26:49:84 | ...+... |
+| tst.go:46:14:46:19 | selection of Form | tst.go:52:29:52:87 | ...+... |
+| tst.go:46:14:46:19 | selection of Form | tst.go:55:33:55:91 | ...+... |
+| tst.go:46:14:46:19 | selection of Form | tst.go:58:30:58:88 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:66:25:66:83 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:69:28:69:86 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:72:25:72:83 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:75:34:75:92 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:78:32:78:90 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:81:29:81:87 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:84:23:84:85 | ...+... |
+| tst.go:63:14:63:19 | selection of Form | tst.go:87:22:87:84 | ...+... |
+| tst.go:92:14:92:19 | selection of Form | tst.go:95:26:95:84 | ...+... |
+| tst.go:92:14:92:19 | selection of Form | tst.go:98:29:98:87 | ...+... |
+| tst.go:92:14:92:19 | selection of Form | tst.go:101:33:101:91 | ...+... |
+| tst.go:92:14:92:19 | selection of Form | tst.go:104:30:104:88 | ...+... |
+| tst.go:109:14:109:19 | selection of Form | tst.go:112:25:112:87 | ...+... |
+| tst.go:109:14:109:19 | selection of Form | tst.go:115:26:115:88 | ...+... |
+| tst.go:120:14:120:19 | selection of Form | tst.go:124:23:124:126 | ...+... |
+| tst.go:120:14:120:19 | selection of Form | tst.go:127:24:127:127 | ...+... |
+| tst.go:120:14:120:19 | selection of Form | tst.go:130:27:130:122 | ...+... |
+| tst.go:121:14:121:19 | selection of Form | tst.go:124:23:124:126 | ...+... |
+| tst.go:121:14:121:19 | selection of Form | tst.go:127:24:127:127 | ...+... |
+| tst.go:121:14:121:19 | selection of Form | tst.go:130:27:130:122 | ...+... |
+| tst.go:138:14:138:19 | selection of Form | tst.go:141:27:141:89 | ...+... |
+| tst.go:138:14:138:19 | selection of Form | tst.go:144:28:144:90 | ...+... |
+| tst.go:149:14:149:19 | selection of Form | tst.go:153:33:153:136 | ...+... |
+| tst.go:149:14:149:19 | selection of Form | tst.go:156:18:156:121 | ...+... |
+| tst.go:149:14:149:19 | selection of Form | tst.go:162:31:162:126 | ...+... |
+| tst.go:149:14:149:19 | selection of Form | tst.go:171:21:171:116 | ...+... |
+| tst.go:149:14:149:19 | selection of Form | tst.go:180:27:180:122 | ...+... |
+| tst.go:150:14:150:19 | selection of Form | tst.go:153:33:153:136 | ...+... |
+| tst.go:150:14:150:19 | selection of Form | tst.go:156:18:156:121 | ...+... |
+| tst.go:150:14:150:19 | selection of Form | tst.go:162:31:162:126 | ...+... |
+| tst.go:150:14:150:19 | selection of Form | tst.go:171:21:171:116 | ...+... |
+| tst.go:150:14:150:19 | selection of Form | tst.go:180:27:180:122 | ...+... |
 nodes
-| XPathInjection.go:13:14:13:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form |
 | XPathInjection.go:16:29:16:91 | ...+... | semmle.label | ...+... |
-| tst.go:32:14:32:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:32:14:32:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:35:23:35:85 | ...+... | semmle.label | ...+... |
 | tst.go:38:24:38:86 | ...+... | semmle.label | ...+... |
 | tst.go:41:24:41:82 | ...+... | semmle.label | ...+... |
-| tst.go:46:14:46:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:46:14:46:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:49:26:49:84 | ...+... | semmle.label | ...+... |
 | tst.go:52:29:52:87 | ...+... | semmle.label | ...+... |
 | tst.go:55:33:55:91 | ...+... | semmle.label | ...+... |
 | tst.go:58:30:58:88 | ...+... | semmle.label | ...+... |
-| tst.go:63:14:63:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:63:14:63:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:66:25:66:83 | ...+... | semmle.label | ...+... |
 | tst.go:69:28:69:86 | ...+... | semmle.label | ...+... |
 | tst.go:72:25:72:83 | ...+... | semmle.label | ...+... |
@@ -60,24 +60,24 @@ nodes
 | tst.go:81:29:81:87 | ...+... | semmle.label | ...+... |
 | tst.go:84:23:84:85 | ...+... | semmle.label | ...+... |
 | tst.go:87:22:87:84 | ...+... | semmle.label | ...+... |
-| tst.go:92:14:92:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:92:14:92:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:95:26:95:84 | ...+... | semmle.label | ...+... |
 | tst.go:98:29:98:87 | ...+... | semmle.label | ...+... |
 | tst.go:101:33:101:91 | ...+... | semmle.label | ...+... |
 | tst.go:104:30:104:88 | ...+... | semmle.label | ...+... |
-| tst.go:109:14:109:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:109:14:109:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:112:25:112:87 | ...+... | semmle.label | ...+... |
 | tst.go:115:26:115:88 | ...+... | semmle.label | ...+... |
-| tst.go:120:14:120:19 | selection of Form : Values | semmle.label | selection of Form : Values |
-| tst.go:121:14:121:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:120:14:120:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:121:14:121:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:124:23:124:126 | ...+... | semmle.label | ...+... |
 | tst.go:127:24:127:127 | ...+... | semmle.label | ...+... |
 | tst.go:130:27:130:122 | ...+... | semmle.label | ...+... |
-| tst.go:138:14:138:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:138:14:138:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:141:27:141:89 | ...+... | semmle.label | ...+... |
 | tst.go:144:28:144:90 | ...+... | semmle.label | ...+... |
-| tst.go:149:14:149:19 | selection of Form : Values | semmle.label | selection of Form : Values |
-| tst.go:150:14:150:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| tst.go:149:14:149:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:150:14:150:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:153:33:153:136 | ...+... | semmle.label | ...+... |
 | tst.go:156:18:156:121 | ...+... | semmle.label | ...+... |
 | tst.go:162:31:162:126 | ...+... | semmle.label | ...+... |
@@ -85,43 +85,43 @@ nodes
 | tst.go:180:27:180:122 | ...+... | semmle.label | ...+... |
 subpaths
 #select
-| XPathInjection.go:16:29:16:91 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form : Values | XPathInjection.go:16:29:16:91 | ...+... | XPath expression depends on a $@. | XPathInjection.go:13:14:13:19 | selection of Form | user-provided value |
-| tst.go:35:23:35:85 | ...+... | tst.go:32:14:32:19 | selection of Form : Values | tst.go:35:23:35:85 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
-| tst.go:38:24:38:86 | ...+... | tst.go:32:14:32:19 | selection of Form : Values | tst.go:38:24:38:86 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
-| tst.go:41:24:41:82 | ...+... | tst.go:32:14:32:19 | selection of Form : Values | tst.go:41:24:41:82 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
-| tst.go:49:26:49:84 | ...+... | tst.go:46:14:46:19 | selection of Form : Values | tst.go:49:26:49:84 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
-| tst.go:52:29:52:87 | ...+... | tst.go:46:14:46:19 | selection of Form : Values | tst.go:52:29:52:87 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
-| tst.go:55:33:55:91 | ...+... | tst.go:46:14:46:19 | selection of Form : Values | tst.go:55:33:55:91 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
-| tst.go:58:30:58:88 | ...+... | tst.go:46:14:46:19 | selection of Form : Values | tst.go:58:30:58:88 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
-| tst.go:66:25:66:83 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:66:25:66:83 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:69:28:69:86 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:69:28:69:86 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:72:25:72:83 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:72:25:72:83 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:75:34:75:92 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:75:34:75:92 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:78:32:78:90 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:78:32:78:90 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:81:29:81:87 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:81:29:81:87 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:84:23:84:85 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:84:23:84:85 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:87:22:87:84 | ...+... | tst.go:63:14:63:19 | selection of Form : Values | tst.go:87:22:87:84 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
-| tst.go:95:26:95:84 | ...+... | tst.go:92:14:92:19 | selection of Form : Values | tst.go:95:26:95:84 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
-| tst.go:98:29:98:87 | ...+... | tst.go:92:14:92:19 | selection of Form : Values | tst.go:98:29:98:87 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
-| tst.go:101:33:101:91 | ...+... | tst.go:92:14:92:19 | selection of Form : Values | tst.go:101:33:101:91 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
-| tst.go:104:30:104:88 | ...+... | tst.go:92:14:92:19 | selection of Form : Values | tst.go:104:30:104:88 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
-| tst.go:112:25:112:87 | ...+... | tst.go:109:14:109:19 | selection of Form : Values | tst.go:112:25:112:87 | ...+... | XPath expression depends on a $@. | tst.go:109:14:109:19 | selection of Form | user-provided value |
-| tst.go:115:26:115:88 | ...+... | tst.go:109:14:109:19 | selection of Form : Values | tst.go:115:26:115:88 | ...+... | XPath expression depends on a $@. | tst.go:109:14:109:19 | selection of Form | user-provided value |
-| tst.go:124:23:124:126 | ...+... | tst.go:120:14:120:19 | selection of Form : Values | tst.go:124:23:124:126 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
-| tst.go:124:23:124:126 | ...+... | tst.go:121:14:121:19 | selection of Form : Values | tst.go:124:23:124:126 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
-| tst.go:127:24:127:127 | ...+... | tst.go:120:14:120:19 | selection of Form : Values | tst.go:127:24:127:127 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
-| tst.go:127:24:127:127 | ...+... | tst.go:121:14:121:19 | selection of Form : Values | tst.go:127:24:127:127 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
-| tst.go:130:27:130:122 | ...+... | tst.go:120:14:120:19 | selection of Form : Values | tst.go:130:27:130:122 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
-| tst.go:130:27:130:122 | ...+... | tst.go:121:14:121:19 | selection of Form : Values | tst.go:130:27:130:122 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
-| tst.go:141:27:141:89 | ...+... | tst.go:138:14:138:19 | selection of Form : Values | tst.go:141:27:141:89 | ...+... | XPath expression depends on a $@. | tst.go:138:14:138:19 | selection of Form | user-provided value |
-| tst.go:144:28:144:90 | ...+... | tst.go:138:14:138:19 | selection of Form : Values | tst.go:144:28:144:90 | ...+... | XPath expression depends on a $@. | tst.go:138:14:138:19 | selection of Form | user-provided value |
-| tst.go:153:33:153:136 | ...+... | tst.go:149:14:149:19 | selection of Form : Values | tst.go:153:33:153:136 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
-| tst.go:153:33:153:136 | ...+... | tst.go:150:14:150:19 | selection of Form : Values | tst.go:153:33:153:136 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
-| tst.go:156:18:156:121 | ...+... | tst.go:149:14:149:19 | selection of Form : Values | tst.go:156:18:156:121 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
-| tst.go:156:18:156:121 | ...+... | tst.go:150:14:150:19 | selection of Form : Values | tst.go:156:18:156:121 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
-| tst.go:162:31:162:126 | ...+... | tst.go:149:14:149:19 | selection of Form : Values | tst.go:162:31:162:126 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
-| tst.go:162:31:162:126 | ...+... | tst.go:150:14:150:19 | selection of Form : Values | tst.go:162:31:162:126 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
-| tst.go:171:21:171:116 | ...+... | tst.go:149:14:149:19 | selection of Form : Values | tst.go:171:21:171:116 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
-| tst.go:171:21:171:116 | ...+... | tst.go:150:14:150:19 | selection of Form : Values | tst.go:171:21:171:116 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
-| tst.go:180:27:180:122 | ...+... | tst.go:149:14:149:19 | selection of Form : Values | tst.go:180:27:180:122 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
-| tst.go:180:27:180:122 | ...+... | tst.go:150:14:150:19 | selection of Form : Values | tst.go:180:27:180:122 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
+| XPathInjection.go:16:29:16:91 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:16:29:16:91 | ...+... | XPath expression depends on a $@. | XPathInjection.go:13:14:13:19 | selection of Form | user-provided value |
+| tst.go:35:23:35:85 | ...+... | tst.go:32:14:32:19 | selection of Form | tst.go:35:23:35:85 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
+| tst.go:38:24:38:86 | ...+... | tst.go:32:14:32:19 | selection of Form | tst.go:38:24:38:86 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
+| tst.go:41:24:41:82 | ...+... | tst.go:32:14:32:19 | selection of Form | tst.go:41:24:41:82 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |
+| tst.go:49:26:49:84 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:49:26:49:84 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:52:29:52:87 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:52:29:52:87 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:55:33:55:91 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:55:33:55:91 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:58:30:58:88 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:58:30:58:88 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:66:25:66:83 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:66:25:66:83 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:69:28:69:86 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:69:28:69:86 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:72:25:72:83 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:72:25:72:83 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:75:34:75:92 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:75:34:75:92 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:78:32:78:90 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:78:32:78:90 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:81:29:81:87 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:81:29:81:87 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:84:23:84:85 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:84:23:84:85 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:87:22:87:84 | ...+... | tst.go:63:14:63:19 | selection of Form | tst.go:87:22:87:84 | ...+... | XPath expression depends on a $@. | tst.go:63:14:63:19 | selection of Form | user-provided value |
+| tst.go:95:26:95:84 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:95:26:95:84 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:98:29:98:87 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:98:29:98:87 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:101:33:101:91 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:101:33:101:91 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:104:30:104:88 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:104:30:104:88 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:112:25:112:87 | ...+... | tst.go:109:14:109:19 | selection of Form | tst.go:112:25:112:87 | ...+... | XPath expression depends on a $@. | tst.go:109:14:109:19 | selection of Form | user-provided value |
+| tst.go:115:26:115:88 | ...+... | tst.go:109:14:109:19 | selection of Form | tst.go:115:26:115:88 | ...+... | XPath expression depends on a $@. | tst.go:109:14:109:19 | selection of Form | user-provided value |
+| tst.go:124:23:124:126 | ...+... | tst.go:120:14:120:19 | selection of Form | tst.go:124:23:124:126 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
+| tst.go:124:23:124:126 | ...+... | tst.go:121:14:121:19 | selection of Form | tst.go:124:23:124:126 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
+| tst.go:127:24:127:127 | ...+... | tst.go:120:14:120:19 | selection of Form | tst.go:127:24:127:127 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
+| tst.go:127:24:127:127 | ...+... | tst.go:121:14:121:19 | selection of Form | tst.go:127:24:127:127 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
+| tst.go:130:27:130:122 | ...+... | tst.go:120:14:120:19 | selection of Form | tst.go:130:27:130:122 | ...+... | XPath expression depends on a $@. | tst.go:120:14:120:19 | selection of Form | user-provided value |
+| tst.go:130:27:130:122 | ...+... | tst.go:121:14:121:19 | selection of Form | tst.go:130:27:130:122 | ...+... | XPath expression depends on a $@. | tst.go:121:14:121:19 | selection of Form | user-provided value |
+| tst.go:141:27:141:89 | ...+... | tst.go:138:14:138:19 | selection of Form | tst.go:141:27:141:89 | ...+... | XPath expression depends on a $@. | tst.go:138:14:138:19 | selection of Form | user-provided value |
+| tst.go:144:28:144:90 | ...+... | tst.go:138:14:138:19 | selection of Form | tst.go:144:28:144:90 | ...+... | XPath expression depends on a $@. | tst.go:138:14:138:19 | selection of Form | user-provided value |
+| tst.go:153:33:153:136 | ...+... | tst.go:149:14:149:19 | selection of Form | tst.go:153:33:153:136 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
+| tst.go:153:33:153:136 | ...+... | tst.go:150:14:150:19 | selection of Form | tst.go:153:33:153:136 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
+| tst.go:156:18:156:121 | ...+... | tst.go:149:14:149:19 | selection of Form | tst.go:156:18:156:121 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
+| tst.go:156:18:156:121 | ...+... | tst.go:150:14:150:19 | selection of Form | tst.go:156:18:156:121 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
+| tst.go:162:31:162:126 | ...+... | tst.go:149:14:149:19 | selection of Form | tst.go:162:31:162:126 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
+| tst.go:162:31:162:126 | ...+... | tst.go:150:14:150:19 | selection of Form | tst.go:162:31:162:126 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
+| tst.go:171:21:171:116 | ...+... | tst.go:149:14:149:19 | selection of Form | tst.go:171:21:171:116 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
+| tst.go:171:21:171:116 | ...+... | tst.go:150:14:150:19 | selection of Form | tst.go:171:21:171:116 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
+| tst.go:180:27:180:122 | ...+... | tst.go:149:14:149:19 | selection of Form | tst.go:180:27:180:122 | ...+... | XPath expression depends on a $@. | tst.go:149:14:149:19 | selection of Form | user-provided value |
+| tst.go:180:27:180:122 | ...+... | tst.go:150:14:150:19 | selection of Form | tst.go:180:27:180:122 | ...+... | XPath expression depends on a $@. | tst.go:150:14:150:19 | selection of Form | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
index 7751054abbd..d6bb8bbf7af 100644
--- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
+++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
@@ -1,75 +1,75 @@
 edges
-| RequestForgery.go:8:12:8:34 | call to FormValue : string | RequestForgery.go:11:24:11:65 | ...+... |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:14:11:14:17 | tainted |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:18:12:18:18 | tainted |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:21:34:21:40 | tainted |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:24:66:24:72 | tainted |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:27:11:27:29 | ...+... |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:29:11:29:40 | ...+... |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:36:2:36:2 | implicit dereference : URL |
-| tst.go:10:13:10:35 | call to FormValue : string | tst.go:37:11:37:20 | call to String |
-| tst.go:35:2:35:2 | definition of u [pointer] : URL | tst.go:36:2:36:2 | u [pointer] : URL |
-| tst.go:36:2:36:2 | implicit dereference : URL | tst.go:35:2:35:2 | definition of u [pointer] : URL |
-| tst.go:36:2:36:2 | implicit dereference : URL | tst.go:36:2:36:2 | implicit dereference : URL |
-| tst.go:36:2:36:2 | implicit dereference : URL | tst.go:37:11:37:20 | call to String |
-| tst.go:36:2:36:2 | u [pointer] : URL | tst.go:36:2:36:2 | implicit dereference : URL |
-| websocket.go:60:21:60:31 | call to Referer : string | websocket.go:65:27:65:40 | untrustedInput |
-| websocket.go:74:21:74:31 | call to Referer : string | websocket.go:78:36:78:49 | untrustedInput |
-| websocket.go:88:21:88:31 | call to Referer : string | websocket.go:91:31:91:44 | untrustedInput |
-| websocket.go:107:21:107:31 | call to Referer : string | websocket.go:110:15:110:28 | untrustedInput |
-| websocket.go:126:21:126:31 | call to Referer : string | websocket.go:129:38:129:51 | untrustedInput |
-| websocket.go:154:21:154:31 | call to Referer : string | websocket.go:155:31:155:44 | untrustedInput |
-| websocket.go:160:21:160:31 | call to Referer : string | websocket.go:162:31:162:44 | untrustedInput |
-| websocket.go:195:21:195:31 | call to Referer : string | websocket.go:197:18:197:31 | untrustedInput |
-| websocket.go:202:21:202:31 | call to Referer : string | websocket.go:204:11:204:24 | untrustedInput |
+| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:36:2:36:2 | implicit dereference |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:37:11:37:20 | call to String |
+| tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] |
+| tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] |
+| tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | implicit dereference |
+| tst.go:36:2:36:2 | implicit dereference | tst.go:37:11:37:20 | call to String |
+| tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference |
+| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput |
+| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput |
+| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput |
+| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput |
+| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput |
+| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput |
+| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput |
+| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput |
+| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput |
 nodes
-| RequestForgery.go:8:12:8:34 | call to FormValue : string | semmle.label | call to FormValue : string |
+| RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue |
 | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |
-| tst.go:10:13:10:35 | call to FormValue : string | semmle.label | call to FormValue : string |
+| tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue |
 | tst.go:14:11:14:17 | tainted | semmle.label | tainted |
 | tst.go:18:12:18:18 | tainted | semmle.label | tainted |
 | tst.go:21:34:21:40 | tainted | semmle.label | tainted |
 | tst.go:24:66:24:72 | tainted | semmle.label | tainted |
 | tst.go:27:11:27:29 | ...+... | semmle.label | ...+... |
 | tst.go:29:11:29:40 | ...+... | semmle.label | ...+... |
-| tst.go:35:2:35:2 | definition of u [pointer] : URL | semmle.label | definition of u [pointer] : URL |
-| tst.go:36:2:36:2 | implicit dereference : URL | semmle.label | implicit dereference : URL |
-| tst.go:36:2:36:2 | u [pointer] : URL | semmle.label | u [pointer] : URL |
+| tst.go:35:2:35:2 | definition of u [pointer] | semmle.label | definition of u [pointer] |
+| tst.go:36:2:36:2 | implicit dereference | semmle.label | implicit dereference |
+| tst.go:36:2:36:2 | u [pointer] | semmle.label | u [pointer] |
 | tst.go:37:11:37:20 | call to String | semmle.label | call to String |
-| websocket.go:60:21:60:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:74:21:74:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:78:36:78:49 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:88:21:88:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:88:21:88:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:91:31:91:44 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:107:21:107:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:107:21:107:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:110:15:110:28 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:126:21:126:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:126:21:126:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:129:38:129:51 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:154:21:154:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:154:21:154:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:155:31:155:44 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:160:21:160:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:160:21:160:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:162:31:162:44 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:195:21:195:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:195:21:195:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:197:18:197:31 | untrustedInput | semmle.label | untrustedInput |
-| websocket.go:202:21:202:31 | call to Referer : string | semmle.label | call to Referer : string |
+| websocket.go:202:21:202:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:204:11:204:24 | untrustedInput | semmle.label | untrustedInput |
 subpaths
 #select
-| RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue : string | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue : string | user-provided value |
-| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue : string | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:18:2:18:38 | call to Post | tst.go:10:13:10:35 | call to FormValue : string | tst.go:18:12:18:18 | tainted | The $@ of this request depends on a $@. | tst.go:18:12:18:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:22:2:22:14 | call to Do | tst.go:10:13:10:35 | call to FormValue : string | tst.go:21:34:21:40 | tainted | The $@ of this request depends on a $@. | tst.go:21:34:21:40 | tainted | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:25:2:25:14 | call to Do | tst.go:10:13:10:35 | call to FormValue : string | tst.go:24:66:24:72 | tainted | The $@ of this request depends on a $@. | tst.go:24:66:24:72 | tainted | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:27:2:27:30 | call to Get | tst.go:10:13:10:35 | call to FormValue : string | tst.go:27:11:27:29 | ...+... | The $@ of this request depends on a $@. | tst.go:27:11:27:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:29:2:29:41 | call to Get | tst.go:10:13:10:35 | call to FormValue : string | tst.go:29:11:29:40 | ...+... | The $@ of this request depends on a $@. | tst.go:29:11:29:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| tst.go:37:2:37:21 | call to Get | tst.go:10:13:10:35 | call to FormValue : string | tst.go:37:11:37:20 | call to String | The $@ of this request depends on a $@. | tst.go:37:11:37:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue : string | user-provided value |
-| websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer : string | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer : string | user-provided value |
-| websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer : string | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer : string | user-provided value |
-| websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer : string | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer : string | user-provided value |
-| websocket.go:110:3:110:39 | call to Dial | websocket.go:107:21:107:31 | call to Referer : string | websocket.go:110:15:110:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:110:15:110:28 | untrustedInput | WebSocket URL | websocket.go:107:21:107:31 | call to Referer : string | user-provided value |
-| websocket.go:129:3:129:62 | call to DialContext | websocket.go:126:21:126:31 | call to Referer : string | websocket.go:129:38:129:51 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:129:38:129:51 | untrustedInput | WebSocket URL | websocket.go:126:21:126:31 | call to Referer : string | user-provided value |
-| websocket.go:155:3:155:45 | call to Dial | websocket.go:154:21:154:31 | call to Referer : string | websocket.go:155:31:155:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:155:31:155:44 | untrustedInput | WebSocket URL | websocket.go:154:21:154:31 | call to Referer : string | user-provided value |
-| websocket.go:162:3:162:45 | call to Dial | websocket.go:160:21:160:31 | call to Referer : string | websocket.go:162:31:162:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:162:31:162:44 | untrustedInput | WebSocket URL | websocket.go:160:21:160:31 | call to Referer : string | user-provided value |
-| websocket.go:197:3:197:32 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer : string | websocket.go:197:18:197:31 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:18:197:31 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer : string | user-provided value |
-| websocket.go:204:3:204:25 | call to New | websocket.go:202:21:202:31 | call to Referer : string | websocket.go:204:11:204:24 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:11:204:24 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer : string | user-provided value |
+| RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value |
+| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:18:2:18:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | The $@ of this request depends on a $@. | tst.go:18:12:18:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:22:2:22:14 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | The $@ of this request depends on a $@. | tst.go:21:34:21:40 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:25:2:25:14 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | The $@ of this request depends on a $@. | tst.go:24:66:24:72 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:27:2:27:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | The $@ of this request depends on a $@. | tst.go:27:11:27:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:29:2:29:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | The $@ of this request depends on a $@. | tst.go:29:11:29:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| tst.go:37:2:37:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:37:11:37:20 | call to String | The $@ of this request depends on a $@. | tst.go:37:11:37:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
+| websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value |
+| websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value |
+| websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value |
+| websocket.go:110:3:110:39 | call to Dial | websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:110:15:110:28 | untrustedInput | WebSocket URL | websocket.go:107:21:107:31 | call to Referer | user-provided value |
+| websocket.go:129:3:129:62 | call to DialContext | websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:129:38:129:51 | untrustedInput | WebSocket URL | websocket.go:126:21:126:31 | call to Referer | user-provided value |
+| websocket.go:155:3:155:45 | call to Dial | websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:155:31:155:44 | untrustedInput | WebSocket URL | websocket.go:154:21:154:31 | call to Referer | user-provided value |
+| websocket.go:162:3:162:45 | call to Dial | websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:162:31:162:44 | untrustedInput | WebSocket URL | websocket.go:160:21:160:31 | call to Referer | user-provided value |
+| websocket.go:197:3:197:32 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:18:197:31 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value |
+| websocket.go:204:3:204:25 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:11:204:24 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv
index 189dbab6b94..496d7f2f9e3 100644
--- a/java/documentation/library-coverage/coverage.csv
+++ b/java/documentation/library-coverage/coverage.csv
@@ -1,130 +1,132 @@
-package,sink,source,summary,sink:bean-validation,sink:create-file,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:ssti,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-external-storage-dir,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
-android.app,24,,103,,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,18,85
-android.content,24,31,154,,,,,,16,,,,,,,,,,,,,,,,,8,,,,,,,,4,,27,,63,91
-android.database,59,,39,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,39,
-android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
-android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,41,81
-android.util,6,16,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,16,,
-android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,2,,
-android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
-androidx.core.app,6,,95,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,12,83
-androidx.slice,2,5,88,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,5,,27,61
-cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-com.google.common.base,4,,85,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,62,23
-com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
-com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
-com.google.common.flogger,29,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,
-com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,72,1
-com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,
-com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
-com.unboundid.ldap.sdk,17,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.zaxxer.hikari,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
-freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
-groovy.lang,26,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-groovy.util,5,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
-jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
-jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
-java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40,
-java.lang,13,,66,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,,54,12
-java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,3,7,
-java.nio,15,,14,,13,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,14,
-java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
-java.util,44,,461,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425
-javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
-javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
-javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-javax.management.remote,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,
-javax.naming,7,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,,,
-javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
-javax.script,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,
-javax.servlet,4,21,2,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
-javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
-javax.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
-javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-javax.ws.rs.core,3,,149,,,,1,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
-javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,6,
-javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
-jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
-kotlin,12,,1835,,10,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,1828,7
-net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,
-ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
-okhttp3,2,,47,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,22,25
-org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.io,106,,556,,91,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,542,14
-org.apache.commons.jexl2,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.jexl3,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.lang3,,,424,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,293,131
-org.apache.commons.logging,6,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
-org.apache.directory.ldap.client.api,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,39,
-org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
-org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
-org.apache.http,27,3,70,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,,2,,,,3,62,8
-org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,57,
-org.apache.log4j,11,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.logging.log4j,359,,8,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,4,4
-org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.shiro.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,
-org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,
-org.codehaus.groovy.control,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,
-org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
-org.jboss.logging,324,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jdbi.v3.core,6,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
-org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
-org.mvel2,16,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,
-org.scijava.log,13,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,
-org.slf4j,55,,6,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,2,4
-org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
-org.springframework.boot.jdbc,1,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
-org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-org.springframework.http,14,,70,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,,60,10
-org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,
-org.springframework.jdbc.datasource,4,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,
-org.springframework.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.ldap,47,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
-org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
-org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
-org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
-org.springframework.web.client,13,3,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,3,,
-org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
-org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
-org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,2,
-org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
-play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
-ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
-ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-retrofit2,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
+package,sink,source,summary,sink:bean-validation,sink:create-file,sink:fragment-injection,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:ssti,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-external-storage-dir,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
+android.app,35,,103,,,11,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,18,85
+android.content,24,31,154,,,,,,,16,,,,,,,,,,,,,,,,,,8,,,,,,,,4,,27,,63,91
+android.database,59,,39,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,39,
+android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
+android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,41,81
+android.support.v4.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+android.util,6,16,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,2,,
+android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
+androidx.core.app,6,,95,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,12,83
+androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+androidx.slice,2,5,88,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,5,,27,61
+cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+com.google.common.base,4,,85,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,62,23
+com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
+com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
+com.google.common.flogger,29,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,72,1
+com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
+com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
+com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,
+com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
+com.unboundid.ldap.sdk,17,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.zaxxer.hikari,2,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
+freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
+groovy.lang,26,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+groovy.util,5,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,
+jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40,
+java.lang,13,,66,,,,,,,,,,,,8,,,,,,4,,,1,,,,,,,,,,,,,,,,54,12
+java.net,10,3,7,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,3,7,
+java.nio,15,,16,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,16,
+java.sql,11,,,,,,,,,,4,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
+java.util,44,,461,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425
+javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
+javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+javax.management.remote,2,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.naming,7,,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
+javax.script,1,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.servlet,4,21,2,,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
+javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
+javax.ws.rs.client,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,
+javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+javax.ws.rs.core,3,,149,,,,,1,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,6,
+javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
+jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
+kotlin,12,,1835,,10,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,1828,7
+net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,
+ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,
+okhttp3,2,,47,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,22,25
+org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.io,106,,560,,91,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,546,14
+org.apache.commons.jexl2,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.jexl3,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,293,131
+org.apache.commons.logging,6,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
+org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,39,
+org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
+org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
+org.apache.http,27,3,70,,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,,,2,,,,3,62,8
+org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,57,
+org.apache.log4j,11,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.logging.log4j,359,,8,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,4,4
+org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.shiro.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,
+org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,
+org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,
+org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
+org.jboss.logging,324,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jdbi.v3.core,6,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
+org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
+org.mvel2,16,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,
+org.scijava.log,13,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.slf4j,55,,6,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,2,4
+org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
+org.springframework.boot.jdbc,1,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
+org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+org.springframework.http,14,,70,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,,,60,10
+org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,
+org.springframework.jdbc.datasource,4,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,
+org.springframework.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.ldap,47,,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
+org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
+org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
+org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
+org.springframework.web.client,13,3,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
+org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
+org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,2,
+org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
+play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
+ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
+ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+retrofit2,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,
diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst
index 46da8bda328..c5258aa5d3e 100644
--- a/java/documentation/library-coverage/coverage.rst
+++ b/java/documentation/library-coverage/coverage.rst
@@ -7,21 +7,21 @@ Java framework & library support
    :widths: auto
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑036` :sub:`Path traversal`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission`
-   Android,``android.*``,52,479,116,,,3,67,,,
-   Android extensions,``androidx.*``,5,183,8,,,,,,,
+   Android,``android.*``,52,479,138,,,3,67,,,
+   Android extensions,``androidx.*``,5,183,19,,,,,,,
    `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,,
-   `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,556,106,91,,,,,,15
-   `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,424,,,,,,,,
+   `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,560,106,91,,,,,,15
+   `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,424,6,,,,,,,
    `Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,,
    `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25
    `Apache Log4j 2 <https://logging.apache.org/log4j/2.0/>`_,``org.apache.logging.log4j``,,8,359,,,,,,,
    `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
    JBoss Logging,``org.jboss.logging``,,,324,,,,,,,
    `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
-   Java Standard Library,``java.*``,3,589,130,28,,,7,,,10
+   Java Standard Library,``java.*``,3,591,130,28,,,7,,,10
    Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
    Kotlin Standard Library,``kotlin*``,,1835,12,10,,,,,,2
    `Spring <https://spring.io/>`_,``org.springframework.*``,29,477,101,,,,19,14,,29
    Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",60,300,269,,,,14,18,,3
-   Totals,,217,8432,1524,129,6,10,107,33,1,86
+   Totals,,217,8438,1563,129,6,10,107,33,1,86
 
diff --git a/java/downgrades/44d61b266bebf261cb027872646262e645efa059/old.dbscheme b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/old.dbscheme
new file mode 100644
index 00000000000..44d61b266be
--- /dev/null
+++ b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/old.dbscheme
@@ -0,0 +1,1246 @@
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   javac A.java B.java C.java
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    /**
+     * An invocation of the compiler. Note that more than one file may
+     * be compiled per invocation. For example, this command compiles
+     * three source files:
+     *
+     *   javac A.java B.java C.java
+     */
+    unique int id : @compilation,
+    int kind: int ref,
+    string cwd : string ref,
+    string name : string ref
+);
+
+case @compilation.kind of
+   1  = @javacompilation
+|  2  = @kotlincompilation
+;
+
+compilation_started(
+    int id : @compilation ref
+)
+
+compilation_info(
+    int id : @compilation ref,
+    string info_key: string ref,
+    string info_value: string ref
+)
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | *path to extractor*
+ * 1   | `--javac-args`
+ * 2   | A.java
+ * 3   | B.java
+ * 4   | C.java
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | A.java
+ * 1   | B.java
+ * 2   | C.java
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * For each file recorded in `compilation_compiling_files`,
+ * there will be a corresponding row in
+ * `compilation_compiling_files_completed` once extraction
+ * of that file is complete. The `result` will indicate the
+ * extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+#keyset[id, num]
+compilation_compiling_files_completed(
+    int id : @compilation ref,
+    int num : int ref,
+    int result : int ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+/**
+ * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed
+ * time (respectively) that the original compilation (not the extraction)
+ * took for compiler invocation `id`.
+ */
+compilation_compiler_times(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ * The `result` will indicate the extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref,
+    int result : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    string generated_by: string ref, // TODO: Sync this with the other languages?
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+/*
+ * External artifacts
+ */
+
+externalData(
+  int id : @externalDataElement,
+  string path : string ref,
+  int column: int ref,
+  string value : string ref
+);
+
+snapshotDate(
+  unique date snapshotDate : date ref
+);
+
+sourceLocationPrefix(
+  string prefix : string ref
+);
+
+/*
+ * Duplicate code
+ */
+
+duplicateCode(
+  unique int id : @duplication,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+similarCode(
+  unique int id : @similarity,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+@duplication_or_similarity = @duplication | @similarity
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref
+);
+
+/*
+ * SMAP
+ */
+
+smap_header(
+  int outputFileId: @file ref,
+  string outputFilename: string ref,
+  string defaultStratum: string ref
+);
+
+smap_files(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  string inputFileName: string ref,
+  int inputFileId: @file ref
+);
+
+smap_lines(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  int inputStartLine: int ref,
+  int inputLineCount: int ref,
+  int outputStartLine: int ref,
+  int outputLineIncrement: int ref
+);
+
+/*
+ * Locations and files
+ */
+
+@location = @location_default ;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref
+);
+
+hasLocation(
+  int locatableid: @locatable ref,
+  int id: @location ref
+);
+
+@sourceline = @locatable ;
+
+#keyset[element_id]
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref
+);
+
+files(
+  unique int id: @file,
+  string name: string ref
+);
+
+folders(
+  unique int id: @folder,
+  string name: string ref
+);
+
+@container = @folder | @file
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref
+);
+
+/*
+ * Java
+ */
+
+cupackage(
+  unique int id: @file ref,
+  int packageid: @package ref
+);
+
+#keyset[fileid,keyName]
+jarManifestMain(
+  int fileid: @file ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+#keyset[fileid,entryName,keyName]
+jarManifestEntries(
+  int fileid: @file ref,
+  string entryName: string ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+packages(
+  unique int id: @package,
+  string nodeName: string ref
+);
+
+primitives(
+  unique int id: @primitive,
+  string nodeName: string ref
+);
+
+modifiers(
+  unique int id: @modifier,
+  string nodeName: string ref
+);
+
+/**
+ * An errortype is used when the extractor is unable to extract a type
+ * correctly for some reason.
+ */
+error_type(
+  unique int id: @errortype
+);
+
+classes(
+  unique int id: @class,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @class ref
+);
+
+file_class(
+  int id: @class ref
+);
+
+class_object(
+  unique int id: @class ref,
+  unique int instance: @field ref
+);
+
+type_companion_object(
+  unique int id: @classorinterface ref,
+  unique int instance: @field ref,
+  unique int companion_object: @class ref
+);
+
+kt_nullable_types(
+  unique int id: @kt_nullable_type,
+  int classid: @reftype ref
+)
+
+kt_notnull_types(
+  unique int id: @kt_notnull_type,
+  int classid: @reftype ref
+)
+
+kt_type_alias(
+  unique int id: @kt_type_alias,
+  string name: string ref,
+  int kttypeid: @kt_type ref
+)
+
+@kt_type = @kt_nullable_type | @kt_notnull_type
+
+isRecord(
+  unique int id: @class ref
+);
+
+interfaces(
+  unique int id: @interface,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @interface ref
+);
+
+fielddecls(
+  unique int id: @fielddecl,
+  int parentid: @reftype ref
+);
+
+#keyset[fieldId] #keyset[fieldDeclId,pos]
+fieldDeclaredIn(
+  int fieldId: @field ref,
+  int fieldDeclId: @fielddecl ref,
+  int pos: int ref
+);
+
+fields(
+  unique int id: @field,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @field ref
+);
+
+fieldsKotlinType(
+  unique int id: @field ref,
+  int kttypeid: @kt_type ref
+);
+
+constrs(
+  unique int id: @constructor,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @constructor ref
+);
+
+constrsKotlinType(
+  unique int id: @constructor ref,
+  int kttypeid: @kt_type ref
+);
+
+methods(
+  unique int id: @method,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @method ref
+);
+
+methodsKotlinType(
+  unique int id: @method ref,
+  int kttypeid: @kt_type ref
+);
+
+#keyset[parentid,pos]
+params(
+  unique int id: @param,
+  int typeid: @type ref,
+  int pos: int ref,
+  int parentid: @callable ref,
+  int sourceid: @param ref
+);
+
+paramsKotlinType(
+  unique int id: @param ref,
+  int kttypeid: @kt_type ref
+);
+
+paramName(
+  unique int id: @param ref,
+  string nodeName: string ref
+);
+
+isVarargsParam(
+  int param: @param ref
+);
+
+exceptions(
+  unique int id: @exception,
+  int typeid: @type ref,
+  int parentid: @callable ref
+);
+
+isAnnotType(
+  int interfaceid: @interface ref
+);
+
+isAnnotElem(
+  int methodid: @method ref
+);
+
+annotValue(
+  int parentid: @annotation ref,
+  int id2: @method ref,
+  unique int value: @expr ref
+);
+
+isEnumType(
+  int classid: @class ref
+);
+
+isEnumConst(
+  int fieldid: @field ref
+);
+
+#keyset[parentid,pos]
+typeVars(
+  unique int id: @typevariable,
+  string nodeName: string ref,
+  int pos: int ref,
+  int kind: int ref, // deprecated
+  int parentid: @classorinterfaceorcallable ref
+);
+
+wildcards(
+  unique int id: @wildcard,
+  string nodeName: string ref,
+  int kind: int ref
+);
+
+#keyset[parentid,pos]
+typeBounds(
+  unique int id: @typebound,
+  int typeid: @reftype ref,
+  int pos: int ref,
+  int parentid: @boundedtype ref
+);
+
+#keyset[parentid,pos]
+typeArgs(
+  int argumentid: @reftype ref,
+  int pos: int ref,
+  int parentid: @classorinterfaceorcallable ref
+);
+
+isParameterized(
+  int memberid: @member ref
+);
+
+isRaw(
+  int memberid: @member ref
+);
+
+erasure(
+  unique int memberid: @member ref,
+  int erasureid: @member ref
+);
+
+#keyset[classid] #keyset[parent]
+isAnonymClass(
+  int classid: @class ref,
+  int parent: @classinstancexpr ref
+);
+
+#keyset[typeid] #keyset[parent]
+isLocalClassOrInterface(
+  int typeid: @classorinterface ref,
+  int parent: @localtypedeclstmt ref
+);
+
+isDefConstr(
+  int constructorid: @constructor ref
+);
+
+#keyset[exprId]
+lambdaKind(
+  int exprId: @lambdaexpr ref,
+  int bodyKind: int ref
+);
+
+arrays(
+  unique int id: @array,
+  string nodeName: string ref,
+  int elementtypeid: @type ref,
+  int dimension: int ref,
+  int componenttypeid: @type ref
+);
+
+enclInReftype(
+  unique int child: @reftype ref,
+  int parent: @reftype ref
+);
+
+extendsReftype(
+  int id1: @reftype ref,
+  int id2: @classorinterface ref
+);
+
+implInterface(
+  int id1: @classorarray ref,
+  int id2: @interface ref
+);
+
+permits(
+  int id1: @classorinterface ref,
+  int id2: @classorinterface ref
+);
+
+hasModifier(
+  int id1: @modifiable ref,
+  int id2: @modifier ref
+);
+
+imports(
+  unique int id: @import,
+  int holder: @classorinterfaceorpackage ref,
+  string name: string ref,
+  int kind: int ref
+);
+
+#keyset[parent,idx]
+stmts(
+  unique int id: @stmt,
+  int kind: int ref,
+  int parent: @stmtparent ref,
+  int idx: int ref,
+  int bodydecl: @callable ref
+);
+
+@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr;
+
+case @stmt.kind of
+  0 = @block
+| 1 = @ifstmt
+| 2 = @forstmt
+| 3 = @enhancedforstmt
+| 4 = @whilestmt
+| 5 = @dostmt
+| 6 = @trystmt
+| 7 = @switchstmt
+| 8 = @synchronizedstmt
+| 9 = @returnstmt
+| 10 = @throwstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @emptystmt
+| 14 = @exprstmt
+| 15 = @labeledstmt
+| 16 = @assertstmt
+| 17 = @localvariabledeclstmt
+| 18 = @localtypedeclstmt
+| 19 = @constructorinvocationstmt
+| 20 = @superconstructorinvocationstmt
+| 21 = @case
+| 22 = @catchclause
+| 23 = @yieldstmt
+| 24 = @errorstmt
+| 25 = @whenbranch
+;
+
+#keyset[parent,idx]
+exprs(
+  unique int id: @expr,
+  int kind: int ref,
+  int typeid: @type ref,
+  int parent: @exprparent ref,
+  int idx: int ref
+);
+
+exprsKotlinType(
+  unique int id: @expr ref,
+  int kttypeid: @kt_type ref
+);
+
+callableEnclosingExpr(
+  unique int id: @expr ref,
+  int callable_id: @callable ref
+);
+
+statementEnclosingExpr(
+  unique int id: @expr ref,
+  int statement_id: @stmt ref
+);
+
+isParenthesized(
+  unique int id: @expr ref,
+  int parentheses: int ref
+);
+
+case @expr.kind of
+   1  = @arrayaccess
+|  2  = @arraycreationexpr
+|  3  = @arrayinit
+|  4  = @assignexpr
+|  5  = @assignaddexpr
+|  6  = @assignsubexpr
+|  7  = @assignmulexpr
+|  8  = @assigndivexpr
+|  9  = @assignremexpr
+| 10  = @assignandexpr
+| 11  = @assignorexpr
+| 12  = @assignxorexpr
+| 13  = @assignlshiftexpr
+| 14  = @assignrshiftexpr
+| 15  = @assignurshiftexpr
+| 16  = @booleanliteral
+| 17  = @integerliteral
+| 18  = @longliteral
+| 19  = @floatingpointliteral
+| 20  = @doubleliteral
+| 21  = @characterliteral
+| 22  = @stringliteral
+| 23  = @nullliteral
+| 24  = @mulexpr
+| 25  = @divexpr
+| 26  = @remexpr
+| 27  = @addexpr
+| 28  = @subexpr
+| 29  = @lshiftexpr
+| 30  = @rshiftexpr
+| 31  = @urshiftexpr
+| 32  = @andbitexpr
+| 33  = @orbitexpr
+| 34  = @xorbitexpr
+| 35  = @andlogicalexpr
+| 36  = @orlogicalexpr
+| 37  = @ltexpr
+| 38  = @gtexpr
+| 39  = @leexpr
+| 40  = @geexpr
+| 41  = @eqexpr
+| 42  = @neexpr
+| 43  = @postincexpr
+| 44  = @postdecexpr
+| 45  = @preincexpr
+| 46  = @predecexpr
+| 47  = @minusexpr
+| 48  = @plusexpr
+| 49  = @bitnotexpr
+| 50  = @lognotexpr
+| 51  = @castexpr
+| 52  = @newexpr
+| 53  = @conditionalexpr
+| 54  = @parexpr         // deprecated
+| 55  = @instanceofexpr
+| 56  = @localvariabledeclexpr
+| 57  = @typeliteral
+| 58  = @thisaccess
+| 59  = @superaccess
+| 60  = @varaccess
+| 61  = @methodaccess
+| 62  = @unannotatedtypeaccess
+| 63  = @arraytypeaccess
+| 64  = @packageaccess
+| 65  = @wildcardtypeaccess
+| 66  = @declannotation
+| 67  = @uniontypeaccess
+| 68  = @lambdaexpr
+| 69  = @memberref
+| 70  = @annotatedtypeaccess
+| 71  = @typeannotation
+| 72  = @intersectiontypeaccess
+| 73  = @switchexpr
+| 74  = @errorexpr
+| 75  = @whenexpr
+| 76  = @getclassexpr
+| 77  = @safecastexpr
+| 78  = @implicitcastexpr
+| 79  = @implicitnotnullexpr
+| 80  = @implicitcoerciontounitexpr
+| 81  = @notinstanceofexpr
+| 82  = @stmtexpr
+| 83  = @stringtemplateexpr
+| 84  = @notnullexpr
+| 85  = @unsafecoerceexpr
+| 86  = @valueeqexpr
+| 87  = @valueneexpr
+| 88  = @propertyref
+;
+
+/** Holds if this `when` expression was written as an `if` expression. */
+when_if(unique int id: @whenexpr ref);
+
+/** Holds if this `when` branch was written as an `else` branch. */
+when_branch_else(unique int id: @whenbranch ref);
+
+@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref
+
+@annotation = @declannotation | @typeannotation
+@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess
+
+@assignment = @assignexpr
+             | @assignop;
+
+@unaryassignment = @postincexpr
+                 | @postdecexpr
+                 | @preincexpr
+                 | @predecexpr;
+
+@assignop = @assignaddexpr
+             | @assignsubexpr
+             | @assignmulexpr
+             | @assigndivexpr
+             | @assignremexpr
+             | @assignandexpr
+             | @assignorexpr
+             | @assignxorexpr
+             | @assignlshiftexpr
+             | @assignrshiftexpr
+             | @assignurshiftexpr;
+
+@literal = @booleanliteral
+             | @integerliteral
+             | @longliteral
+             | @floatingpointliteral
+             | @doubleliteral
+             | @characterliteral
+             | @stringliteral
+             | @nullliteral;
+
+@binaryexpr = @mulexpr
+             | @divexpr
+             | @remexpr
+             | @addexpr
+             | @subexpr
+             | @lshiftexpr
+             | @rshiftexpr
+             | @urshiftexpr
+             | @andbitexpr
+             | @orbitexpr
+             | @xorbitexpr
+             | @andlogicalexpr
+             | @orlogicalexpr
+             | @ltexpr
+             | @gtexpr
+             | @leexpr
+             | @geexpr
+             | @eqexpr
+             | @neexpr
+             | @valueeqexpr
+             | @valueneexpr;
+
+@unaryexpr =   @postincexpr
+             | @postdecexpr
+             | @preincexpr
+             | @predecexpr
+             | @minusexpr
+             | @plusexpr
+             | @bitnotexpr
+             | @lognotexpr
+             | @notnullexpr;
+
+@caller =  @classinstancexpr
+         | @methodaccess
+         | @constructorinvocationstmt
+         | @superconstructorinvocationstmt;
+
+callableBinding(
+  unique int callerid: @caller ref,
+  int callee: @callable ref
+);
+
+memberRefBinding(
+  unique int id: @expr ref,
+  int callable: @callable ref
+);
+
+propertyRefGetBinding(
+  unique int id: @expr ref,
+  int getter: @callable ref
+);
+
+propertyRefFieldBinding(
+  unique int id: @expr ref,
+  int field: @field ref
+);
+
+propertyRefSetBinding(
+  unique int id: @expr ref,
+  int setter: @callable ref
+);
+
+@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable;
+
+variableBinding(
+  unique int expr: @varaccess ref,
+  int variable: @variable ref
+);
+
+@variable = @localscopevariable | @field;
+
+@localscopevariable = @localvar | @param;
+
+localvars(
+  unique int id: @localvar,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @localvariabledeclexpr ref
+);
+
+localvarsKotlinType(
+  unique int id: @localvar ref,
+  int kttypeid: @kt_type ref
+);
+
+@namedexprorstmt = @breakstmt
+                 | @continuestmt
+                 | @labeledstmt
+                 | @literal;
+
+namestrings(
+  string name: string ref,
+  string value: string ref,
+  unique int parent: @namedexprorstmt ref
+);
+
+/*
+ * Modules
+ */
+
+#keyset[name]
+modules(
+  unique int id: @module,
+  string name: string ref
+);
+
+isOpen(
+  int id: @module ref
+);
+
+#keyset[fileId]
+cumodule(
+  int fileId: @file ref,
+  int moduleId: @module ref
+);
+
+@directive = @requires
+           | @exports
+           | @opens
+           | @uses
+           | @provides
+
+#keyset[directive]
+directives(
+  int id: @module ref,
+  int directive: @directive ref
+);
+
+requires(
+  unique int id: @requires,
+  int target: @module ref
+);
+
+isTransitive(
+  int id: @requires ref
+);
+
+isStatic(
+  int id: @requires ref
+);
+
+exports(
+  unique int id: @exports,
+  int target: @package ref
+);
+
+exportsTo(
+  int id: @exports ref,
+  int target: @module ref
+);
+
+opens(
+  unique int id: @opens,
+  int target: @package ref
+);
+
+opensTo(
+  int id: @opens ref,
+  int target: @module ref
+);
+
+uses(
+  unique int id: @uses,
+  string serviceInterface: string ref
+);
+
+provides(
+  unique int id: @provides,
+  string serviceInterface: string ref
+);
+
+providesWith(
+  int id: @provides ref,
+  string serviceImpl: string ref
+);
+
+/*
+ * Javadoc
+ */
+
+javadoc(
+  unique int id: @javadoc
+);
+
+isNormalComment(
+  int commentid : @javadoc ref
+);
+
+isEolComment(
+  int commentid : @javadoc ref
+);
+
+hasJavadoc(
+  int documentableid: @member ref,
+  int javadocid: @javadoc ref
+);
+
+#keyset[parentid,idx]
+javadocTag(
+  unique int id: @javadocTag,
+  string name: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+#keyset[parentid,idx]
+javadocText(
+  unique int id: @javadocText,
+  string text: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+@javadocParent = @javadoc | @javadocTag;
+@javadocElement = @javadocTag | @javadocText;
+
+@classorinterface = @interface | @class;
+@classorinterfaceorpackage = @classorinterface | @package;
+@classorinterfaceorcallable = @classorinterface | @callable;
+@boundedtype = @typevariable | @wildcard;
+@reftype = @classorinterface | @array | @boundedtype | @errortype;
+@classorarray = @class | @array;
+@type = @primitive | @reftype;
+@callable = @method | @constructor;
+
+/** A program element that has a name. */
+@element = @package | @modifier | @annotation | @errortype |
+           @locatableElement;
+
+@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field |
+                    @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias |
+                    @kt_property;
+
+@modifiable = @member_modifiable| @param | @localvar | @typevariable;
+
+@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property;
+
+@member = @method | @constructor | @field | @reftype ;
+
+/** A program element that has a location. */
+@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment |
+             @locatableElement;
+
+@top = @element | @locatable | @folder;
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+ktComments(
+  unique int id: @ktcomment,
+  int kind: int ref,
+  string text : string ref
+)
+
+ktCommentSections(
+  unique int id: @ktcommentsection,
+  int comment: @ktcomment ref,
+  string content : string ref
+)
+
+ktCommentSectionNames(
+  unique int id: @ktcommentsection ref,
+  string name : string ref
+)
+
+ktCommentSectionSubjectNames(
+  unique int id: @ktcommentsection ref,
+  string subjectname : string ref
+)
+
+#keyset[id, owner]
+ktCommentOwners(
+  int id: @ktcomment ref,
+  int owner: @top ref
+)
+
+ktExtensionFunctions(
+  unique int id: @method ref,
+  int typeid: @type ref,
+  int kttypeid: @kt_type ref
+)
+
+ktProperties(
+  unique int id: @kt_property,
+  string nodeName: string ref
+)
+
+ktPropertyGetters(
+  unique int id: @kt_property ref,
+  int getter: @method ref
+)
+
+ktPropertySetters(
+  unique int id: @kt_property ref,
+  int setter: @method ref
+)
+
+ktPropertyBackingFields(
+  unique int id: @kt_property ref,
+  int backingField: @field ref
+)
+
+ktSyntheticBody(
+  unique int id: @callable ref,
+  int kind: int ref
+  // 1: ENUM_VALUES
+  // 2: ENUM_VALUEOF
+)
+
+ktLocalFunction(
+  unique int id: @method ref
+)
+
+ktInitializerAssignment(
+  unique int id: @assignexpr ref
+)
+
+ktPropertyDelegates(
+  unique int id: @kt_property ref,
+  unique int variableId: @variable ref
+)
+
+/**
+ * If `id` is a compiler generated element, then the kind indicates the
+ * reason that the compiler generated it.
+ * See `Element.compilerGeneratedReason()` for an explanation of what
+ * each `kind` means.
+ */
+compiler_generated(
+  unique int id: @element ref,
+  int kind: int ref
+)
+
+ktFunctionOriginalNames(
+  unique int id: @method ref,
+  string name: string ref
+)
+
+ktDataClasses(
+  unique int id: @class ref
+)
diff --git a/java/downgrades/44d61b266bebf261cb027872646262e645efa059/semmlecode.dbscheme b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/semmlecode.dbscheme
new file mode 100644
index 00000000000..709f1d1fd04
--- /dev/null
+++ b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/semmlecode.dbscheme
@@ -0,0 +1,1240 @@
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   javac A.java B.java C.java
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    /**
+     * An invocation of the compiler. Note that more than one file may
+     * be compiled per invocation. For example, this command compiles
+     * three source files:
+     *
+     *   javac A.java B.java C.java
+     */
+    unique int id : @compilation,
+    int kind: int ref,
+    string cwd : string ref,
+    string name : string ref
+);
+
+case @compilation.kind of
+   1  = @javacompilation
+|  2  = @kotlincompilation
+;
+
+compilation_started(
+    int id : @compilation ref
+)
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | *path to extractor*
+ * 1   | `--javac-args`
+ * 2   | A.java
+ * 3   | B.java
+ * 4   | C.java
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | A.java
+ * 1   | B.java
+ * 2   | C.java
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * For each file recorded in `compilation_compiling_files`,
+ * there will be a corresponding row in
+ * `compilation_compiling_files_completed` once extraction
+ * of that file is complete. The `result` will indicate the
+ * extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+#keyset[id, num]
+compilation_compiling_files_completed(
+    int id : @compilation ref,
+    int num : int ref,
+    int result : int ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+/**
+ * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed
+ * time (respectively) that the original compilation (not the extraction)
+ * took for compiler invocation `id`.
+ */
+compilation_compiler_times(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ * The `result` will indicate the extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref,
+    int result : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    string generated_by: string ref, // TODO: Sync this with the other languages?
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+/*
+ * External artifacts
+ */
+
+externalData(
+  int id : @externalDataElement,
+  string path : string ref,
+  int column: int ref,
+  string value : string ref
+);
+
+snapshotDate(
+  unique date snapshotDate : date ref
+);
+
+sourceLocationPrefix(
+  string prefix : string ref
+);
+
+/*
+ * Duplicate code
+ */
+
+duplicateCode(
+  unique int id : @duplication,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+similarCode(
+  unique int id : @similarity,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+@duplication_or_similarity = @duplication | @similarity
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref
+);
+
+/*
+ * SMAP
+ */
+
+smap_header(
+  int outputFileId: @file ref,
+  string outputFilename: string ref,
+  string defaultStratum: string ref
+);
+
+smap_files(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  string inputFileName: string ref,
+  int inputFileId: @file ref
+);
+
+smap_lines(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  int inputStartLine: int ref,
+  int inputLineCount: int ref,
+  int outputStartLine: int ref,
+  int outputLineIncrement: int ref
+);
+
+/*
+ * Locations and files
+ */
+
+@location = @location_default ;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref
+);
+
+hasLocation(
+  int locatableid: @locatable ref,
+  int id: @location ref
+);
+
+@sourceline = @locatable ;
+
+#keyset[element_id]
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref
+);
+
+files(
+  unique int id: @file,
+  string name: string ref
+);
+
+folders(
+  unique int id: @folder,
+  string name: string ref
+);
+
+@container = @folder | @file
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref
+);
+
+/*
+ * Java
+ */
+
+cupackage(
+  unique int id: @file ref,
+  int packageid: @package ref
+);
+
+#keyset[fileid,keyName]
+jarManifestMain(
+  int fileid: @file ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+#keyset[fileid,entryName,keyName]
+jarManifestEntries(
+  int fileid: @file ref,
+  string entryName: string ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+packages(
+  unique int id: @package,
+  string nodeName: string ref
+);
+
+primitives(
+  unique int id: @primitive,
+  string nodeName: string ref
+);
+
+modifiers(
+  unique int id: @modifier,
+  string nodeName: string ref
+);
+
+/**
+ * An errortype is used when the extractor is unable to extract a type
+ * correctly for some reason.
+ */
+error_type(
+  unique int id: @errortype
+);
+
+classes(
+  unique int id: @class,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @class ref
+);
+
+file_class(
+  int id: @class ref
+);
+
+class_object(
+  unique int id: @class ref,
+  unique int instance: @field ref
+);
+
+type_companion_object(
+  unique int id: @classorinterface ref,
+  unique int instance: @field ref,
+  unique int companion_object: @class ref
+);
+
+kt_nullable_types(
+  unique int id: @kt_nullable_type,
+  int classid: @reftype ref
+)
+
+kt_notnull_types(
+  unique int id: @kt_notnull_type,
+  int classid: @reftype ref
+)
+
+kt_type_alias(
+  unique int id: @kt_type_alias,
+  string name: string ref,
+  int kttypeid: @kt_type ref
+)
+
+@kt_type = @kt_nullable_type | @kt_notnull_type
+
+isRecord(
+  unique int id: @class ref
+);
+
+interfaces(
+  unique int id: @interface,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @interface ref
+);
+
+fielddecls(
+  unique int id: @fielddecl,
+  int parentid: @reftype ref
+);
+
+#keyset[fieldId] #keyset[fieldDeclId,pos]
+fieldDeclaredIn(
+  int fieldId: @field ref,
+  int fieldDeclId: @fielddecl ref,
+  int pos: int ref
+);
+
+fields(
+  unique int id: @field,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @field ref
+);
+
+fieldsKotlinType(
+  unique int id: @field ref,
+  int kttypeid: @kt_type ref
+);
+
+constrs(
+  unique int id: @constructor,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @constructor ref
+);
+
+constrsKotlinType(
+  unique int id: @constructor ref,
+  int kttypeid: @kt_type ref
+);
+
+methods(
+  unique int id: @method,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @method ref
+);
+
+methodsKotlinType(
+  unique int id: @method ref,
+  int kttypeid: @kt_type ref
+);
+
+#keyset[parentid,pos]
+params(
+  unique int id: @param,
+  int typeid: @type ref,
+  int pos: int ref,
+  int parentid: @callable ref,
+  int sourceid: @param ref
+);
+
+paramsKotlinType(
+  unique int id: @param ref,
+  int kttypeid: @kt_type ref
+);
+
+paramName(
+  unique int id: @param ref,
+  string nodeName: string ref
+);
+
+isVarargsParam(
+  int param: @param ref
+);
+
+exceptions(
+  unique int id: @exception,
+  int typeid: @type ref,
+  int parentid: @callable ref
+);
+
+isAnnotType(
+  int interfaceid: @interface ref
+);
+
+isAnnotElem(
+  int methodid: @method ref
+);
+
+annotValue(
+  int parentid: @annotation ref,
+  int id2: @method ref,
+  unique int value: @expr ref
+);
+
+isEnumType(
+  int classid: @class ref
+);
+
+isEnumConst(
+  int fieldid: @field ref
+);
+
+#keyset[parentid,pos]
+typeVars(
+  unique int id: @typevariable,
+  string nodeName: string ref,
+  int pos: int ref,
+  int kind: int ref, // deprecated
+  int parentid: @classorinterfaceorcallable ref
+);
+
+wildcards(
+  unique int id: @wildcard,
+  string nodeName: string ref,
+  int kind: int ref
+);
+
+#keyset[parentid,pos]
+typeBounds(
+  unique int id: @typebound,
+  int typeid: @reftype ref,
+  int pos: int ref,
+  int parentid: @boundedtype ref
+);
+
+#keyset[parentid,pos]
+typeArgs(
+  int argumentid: @reftype ref,
+  int pos: int ref,
+  int parentid: @classorinterfaceorcallable ref
+);
+
+isParameterized(
+  int memberid: @member ref
+);
+
+isRaw(
+  int memberid: @member ref
+);
+
+erasure(
+  unique int memberid: @member ref,
+  int erasureid: @member ref
+);
+
+#keyset[classid] #keyset[parent]
+isAnonymClass(
+  int classid: @class ref,
+  int parent: @classinstancexpr ref
+);
+
+#keyset[typeid] #keyset[parent]
+isLocalClassOrInterface(
+  int typeid: @classorinterface ref,
+  int parent: @localtypedeclstmt ref
+);
+
+isDefConstr(
+  int constructorid: @constructor ref
+);
+
+#keyset[exprId]
+lambdaKind(
+  int exprId: @lambdaexpr ref,
+  int bodyKind: int ref
+);
+
+arrays(
+  unique int id: @array,
+  string nodeName: string ref,
+  int elementtypeid: @type ref,
+  int dimension: int ref,
+  int componenttypeid: @type ref
+);
+
+enclInReftype(
+  unique int child: @reftype ref,
+  int parent: @reftype ref
+);
+
+extendsReftype(
+  int id1: @reftype ref,
+  int id2: @classorinterface ref
+);
+
+implInterface(
+  int id1: @classorarray ref,
+  int id2: @interface ref
+);
+
+permits(
+  int id1: @classorinterface ref,
+  int id2: @classorinterface ref
+);
+
+hasModifier(
+  int id1: @modifiable ref,
+  int id2: @modifier ref
+);
+
+imports(
+  unique int id: @import,
+  int holder: @classorinterfaceorpackage ref,
+  string name: string ref,
+  int kind: int ref
+);
+
+#keyset[parent,idx]
+stmts(
+  unique int id: @stmt,
+  int kind: int ref,
+  int parent: @stmtparent ref,
+  int idx: int ref,
+  int bodydecl: @callable ref
+);
+
+@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr;
+
+case @stmt.kind of
+  0 = @block
+| 1 = @ifstmt
+| 2 = @forstmt
+| 3 = @enhancedforstmt
+| 4 = @whilestmt
+| 5 = @dostmt
+| 6 = @trystmt
+| 7 = @switchstmt
+| 8 = @synchronizedstmt
+| 9 = @returnstmt
+| 10 = @throwstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @emptystmt
+| 14 = @exprstmt
+| 15 = @labeledstmt
+| 16 = @assertstmt
+| 17 = @localvariabledeclstmt
+| 18 = @localtypedeclstmt
+| 19 = @constructorinvocationstmt
+| 20 = @superconstructorinvocationstmt
+| 21 = @case
+| 22 = @catchclause
+| 23 = @yieldstmt
+| 24 = @errorstmt
+| 25 = @whenbranch
+;
+
+#keyset[parent,idx]
+exprs(
+  unique int id: @expr,
+  int kind: int ref,
+  int typeid: @type ref,
+  int parent: @exprparent ref,
+  int idx: int ref
+);
+
+exprsKotlinType(
+  unique int id: @expr ref,
+  int kttypeid: @kt_type ref
+);
+
+callableEnclosingExpr(
+  unique int id: @expr ref,
+  int callable_id: @callable ref
+);
+
+statementEnclosingExpr(
+  unique int id: @expr ref,
+  int statement_id: @stmt ref
+);
+
+isParenthesized(
+  unique int id: @expr ref,
+  int parentheses: int ref
+);
+
+case @expr.kind of
+   1  = @arrayaccess
+|  2  = @arraycreationexpr
+|  3  = @arrayinit
+|  4  = @assignexpr
+|  5  = @assignaddexpr
+|  6  = @assignsubexpr
+|  7  = @assignmulexpr
+|  8  = @assigndivexpr
+|  9  = @assignremexpr
+| 10  = @assignandexpr
+| 11  = @assignorexpr
+| 12  = @assignxorexpr
+| 13  = @assignlshiftexpr
+| 14  = @assignrshiftexpr
+| 15  = @assignurshiftexpr
+| 16  = @booleanliteral
+| 17  = @integerliteral
+| 18  = @longliteral
+| 19  = @floatingpointliteral
+| 20  = @doubleliteral
+| 21  = @characterliteral
+| 22  = @stringliteral
+| 23  = @nullliteral
+| 24  = @mulexpr
+| 25  = @divexpr
+| 26  = @remexpr
+| 27  = @addexpr
+| 28  = @subexpr
+| 29  = @lshiftexpr
+| 30  = @rshiftexpr
+| 31  = @urshiftexpr
+| 32  = @andbitexpr
+| 33  = @orbitexpr
+| 34  = @xorbitexpr
+| 35  = @andlogicalexpr
+| 36  = @orlogicalexpr
+| 37  = @ltexpr
+| 38  = @gtexpr
+| 39  = @leexpr
+| 40  = @geexpr
+| 41  = @eqexpr
+| 42  = @neexpr
+| 43  = @postincexpr
+| 44  = @postdecexpr
+| 45  = @preincexpr
+| 46  = @predecexpr
+| 47  = @minusexpr
+| 48  = @plusexpr
+| 49  = @bitnotexpr
+| 50  = @lognotexpr
+| 51  = @castexpr
+| 52  = @newexpr
+| 53  = @conditionalexpr
+| 54  = @parexpr         // deprecated
+| 55  = @instanceofexpr
+| 56  = @localvariabledeclexpr
+| 57  = @typeliteral
+| 58  = @thisaccess
+| 59  = @superaccess
+| 60  = @varaccess
+| 61  = @methodaccess
+| 62  = @unannotatedtypeaccess
+| 63  = @arraytypeaccess
+| 64  = @packageaccess
+| 65  = @wildcardtypeaccess
+| 66  = @declannotation
+| 67  = @uniontypeaccess
+| 68  = @lambdaexpr
+| 69  = @memberref
+| 70  = @annotatedtypeaccess
+| 71  = @typeannotation
+| 72  = @intersectiontypeaccess
+| 73  = @switchexpr
+| 74  = @errorexpr
+| 75  = @whenexpr
+| 76  = @getclassexpr
+| 77  = @safecastexpr
+| 78  = @implicitcastexpr
+| 79  = @implicitnotnullexpr
+| 80  = @implicitcoerciontounitexpr
+| 81  = @notinstanceofexpr
+| 82  = @stmtexpr
+| 83  = @stringtemplateexpr
+| 84  = @notnullexpr
+| 85  = @unsafecoerceexpr
+| 86  = @valueeqexpr
+| 87  = @valueneexpr
+| 88  = @propertyref
+;
+
+/** Holds if this `when` expression was written as an `if` expression. */
+when_if(unique int id: @whenexpr ref);
+
+/** Holds if this `when` branch was written as an `else` branch. */
+when_branch_else(unique int id: @whenbranch ref);
+
+@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref
+
+@annotation = @declannotation | @typeannotation
+@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess
+
+@assignment = @assignexpr
+             | @assignop;
+
+@unaryassignment = @postincexpr
+                 | @postdecexpr
+                 | @preincexpr
+                 | @predecexpr;
+
+@assignop = @assignaddexpr
+             | @assignsubexpr
+             | @assignmulexpr
+             | @assigndivexpr
+             | @assignremexpr
+             | @assignandexpr
+             | @assignorexpr
+             | @assignxorexpr
+             | @assignlshiftexpr
+             | @assignrshiftexpr
+             | @assignurshiftexpr;
+
+@literal = @booleanliteral
+             | @integerliteral
+             | @longliteral
+             | @floatingpointliteral
+             | @doubleliteral
+             | @characterliteral
+             | @stringliteral
+             | @nullliteral;
+
+@binaryexpr = @mulexpr
+             | @divexpr
+             | @remexpr
+             | @addexpr
+             | @subexpr
+             | @lshiftexpr
+             | @rshiftexpr
+             | @urshiftexpr
+             | @andbitexpr
+             | @orbitexpr
+             | @xorbitexpr
+             | @andlogicalexpr
+             | @orlogicalexpr
+             | @ltexpr
+             | @gtexpr
+             | @leexpr
+             | @geexpr
+             | @eqexpr
+             | @neexpr
+             | @valueeqexpr
+             | @valueneexpr;
+
+@unaryexpr =   @postincexpr
+             | @postdecexpr
+             | @preincexpr
+             | @predecexpr
+             | @minusexpr
+             | @plusexpr
+             | @bitnotexpr
+             | @lognotexpr
+             | @notnullexpr;
+
+@caller =  @classinstancexpr
+         | @methodaccess
+         | @constructorinvocationstmt
+         | @superconstructorinvocationstmt;
+
+callableBinding(
+  unique int callerid: @caller ref,
+  int callee: @callable ref
+);
+
+memberRefBinding(
+  unique int id: @expr ref,
+  int callable: @callable ref
+);
+
+propertyRefGetBinding(
+  unique int id: @expr ref,
+  int getter: @callable ref
+);
+
+propertyRefFieldBinding(
+  unique int id: @expr ref,
+  int field: @field ref
+);
+
+propertyRefSetBinding(
+  unique int id: @expr ref,
+  int setter: @callable ref
+);
+
+@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable;
+
+variableBinding(
+  unique int expr: @varaccess ref,
+  int variable: @variable ref
+);
+
+@variable = @localscopevariable | @field;
+
+@localscopevariable = @localvar | @param;
+
+localvars(
+  unique int id: @localvar,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @localvariabledeclexpr ref
+);
+
+localvarsKotlinType(
+  unique int id: @localvar ref,
+  int kttypeid: @kt_type ref
+);
+
+@namedexprorstmt = @breakstmt
+                 | @continuestmt
+                 | @labeledstmt
+                 | @literal;
+
+namestrings(
+  string name: string ref,
+  string value: string ref,
+  unique int parent: @namedexprorstmt ref
+);
+
+/*
+ * Modules
+ */
+
+#keyset[name]
+modules(
+  unique int id: @module,
+  string name: string ref
+);
+
+isOpen(
+  int id: @module ref
+);
+
+#keyset[fileId]
+cumodule(
+  int fileId: @file ref,
+  int moduleId: @module ref
+);
+
+@directive = @requires
+           | @exports
+           | @opens
+           | @uses
+           | @provides
+
+#keyset[directive]
+directives(
+  int id: @module ref,
+  int directive: @directive ref
+);
+
+requires(
+  unique int id: @requires,
+  int target: @module ref
+);
+
+isTransitive(
+  int id: @requires ref
+);
+
+isStatic(
+  int id: @requires ref
+);
+
+exports(
+  unique int id: @exports,
+  int target: @package ref
+);
+
+exportsTo(
+  int id: @exports ref,
+  int target: @module ref
+);
+
+opens(
+  unique int id: @opens,
+  int target: @package ref
+);
+
+opensTo(
+  int id: @opens ref,
+  int target: @module ref
+);
+
+uses(
+  unique int id: @uses,
+  string serviceInterface: string ref
+);
+
+provides(
+  unique int id: @provides,
+  string serviceInterface: string ref
+);
+
+providesWith(
+  int id: @provides ref,
+  string serviceImpl: string ref
+);
+
+/*
+ * Javadoc
+ */
+
+javadoc(
+  unique int id: @javadoc
+);
+
+isNormalComment(
+  int commentid : @javadoc ref
+);
+
+isEolComment(
+  int commentid : @javadoc ref
+);
+
+hasJavadoc(
+  int documentableid: @member ref,
+  int javadocid: @javadoc ref
+);
+
+#keyset[parentid,idx]
+javadocTag(
+  unique int id: @javadocTag,
+  string name: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+#keyset[parentid,idx]
+javadocText(
+  unique int id: @javadocText,
+  string text: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+@javadocParent = @javadoc | @javadocTag;
+@javadocElement = @javadocTag | @javadocText;
+
+@classorinterface = @interface | @class;
+@classorinterfaceorpackage = @classorinterface | @package;
+@classorinterfaceorcallable = @classorinterface | @callable;
+@boundedtype = @typevariable | @wildcard;
+@reftype = @classorinterface | @array | @boundedtype | @errortype;
+@classorarray = @class | @array;
+@type = @primitive | @reftype;
+@callable = @method | @constructor;
+
+/** A program element that has a name. */
+@element = @package | @modifier | @annotation | @errortype |
+           @locatableElement;
+
+@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field |
+                    @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias |
+                    @kt_property;
+
+@modifiable = @member_modifiable| @param | @localvar | @typevariable;
+
+@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property;
+
+@member = @method | @constructor | @field | @reftype ;
+
+/** A program element that has a location. */
+@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment |
+             @locatableElement;
+
+@top = @element | @locatable | @folder;
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+ktComments(
+  unique int id: @ktcomment,
+  int kind: int ref,
+  string text : string ref
+)
+
+ktCommentSections(
+  unique int id: @ktcommentsection,
+  int comment: @ktcomment ref,
+  string content : string ref
+)
+
+ktCommentSectionNames(
+  unique int id: @ktcommentsection ref,
+  string name : string ref
+)
+
+ktCommentSectionSubjectNames(
+  unique int id: @ktcommentsection ref,
+  string subjectname : string ref
+)
+
+#keyset[id, owner]
+ktCommentOwners(
+  int id: @ktcomment ref,
+  int owner: @top ref
+)
+
+ktExtensionFunctions(
+  unique int id: @method ref,
+  int typeid: @type ref,
+  int kttypeid: @kt_type ref
+)
+
+ktProperties(
+  unique int id: @kt_property,
+  string nodeName: string ref
+)
+
+ktPropertyGetters(
+  unique int id: @kt_property ref,
+  int getter: @method ref
+)
+
+ktPropertySetters(
+  unique int id: @kt_property ref,
+  int setter: @method ref
+)
+
+ktPropertyBackingFields(
+  unique int id: @kt_property ref,
+  int backingField: @field ref
+)
+
+ktSyntheticBody(
+  unique int id: @callable ref,
+  int kind: int ref
+  // 1: ENUM_VALUES
+  // 2: ENUM_VALUEOF
+)
+
+ktLocalFunction(
+  unique int id: @method ref
+)
+
+ktInitializerAssignment(
+  unique int id: @assignexpr ref
+)
+
+ktPropertyDelegates(
+  unique int id: @kt_property ref,
+  unique int variableId: @variable ref
+)
+
+/**
+ * If `id` is a compiler generated element, then the kind indicates the
+ * reason that the compiler generated it.
+ * See `Element.compilerGeneratedReason()` for an explanation of what
+ * each `kind` means.
+ */
+compiler_generated(
+  unique int id: @element ref,
+  int kind: int ref
+)
+
+ktFunctionOriginalNames(
+  unique int id: @method ref,
+  string name: string ref
+)
+
+ktDataClasses(
+  unique int id: @class ref
+)
diff --git a/java/downgrades/44d61b266bebf261cb027872646262e645efa059/upgrade.properties b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/upgrade.properties
new file mode 100644
index 00000000000..8d5b41b6e56
--- /dev/null
+++ b/java/downgrades/44d61b266bebf261cb027872646262e645efa059/upgrade.properties
@@ -0,0 +1,3 @@
+description: Remove compilation_info
+compatibility: full
+compilation_info.rel: delete
diff --git a/java/kotlin-extractor/build.py b/java/kotlin-extractor/build.py
index 9525522869b..f31484bdec3 100755
--- a/java/kotlin-extractor/build.py
+++ b/java/kotlin-extractor/build.py
@@ -103,7 +103,7 @@ def compile_to_dir(srcs, classpath, java_classpath, output):
                  '-classpath', os.path.pathsep.join([output, classpath, java_classpath])] + [s for s in srcs if s.endswith(".java")])
 
 
-def compile_to_jar(build_dir, srcs, classpath, java_classpath, output):
+def compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, output):
     class_dir = build_dir + '/classes'
 
     if os.path.exists(class_dir):
@@ -114,7 +114,8 @@ def compile_to_jar(build_dir, srcs, classpath, java_classpath, output):
 
     run_process(['jar', 'cf', output,
                  '-C', class_dir, '.',
-                 '-C', 'src/main/resources', 'META-INF'])
+                 '-C', tmp_src_dir + '/main/resources', 'META-INF',
+                 '-C', tmp_src_dir + '/main/resources', 'com/github/codeql/extractor.name'])
     shutil.rmtree(class_dir)
 
 
@@ -146,18 +147,17 @@ def get_gradle_lib_folder():
     return gradle_home + '/lib'
 
 
-def find_jar(path, pattern):
-    result = glob.glob(path + '/' + pattern + '*.jar')
-    if len(result) == 0:
-        raise Exception('Cannot find jar file %s under path %s' %
-                        (pattern, path))
-    return result
+def find_jar(path, base):
+    fn = path + '/' + base + '.jar'
+    if not os.path.isfile(fn):
+        raise Exception('Cannot find jar file at %s' % fn)
+    return fn
 
 
-def patterns_to_classpath(path, patterns):
+def bases_to_classpath(path, bases):
     result = []
-    for pattern in patterns:
-        result += find_jar(path, pattern)
+    for base in bases:
+        result.append(find_jar(path, base))
     return os.path.pathsep.join(result)
 
 
@@ -173,8 +173,8 @@ def transform_to_embeddable(srcs):
 
 
 def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, build_dir, current_version):
-    classpath = patterns_to_classpath(dependency_folder, jars)
-    java_classpath = patterns_to_classpath(dependency_folder, java_jars)
+    classpath = bases_to_classpath(dependency_folder, jars)
+    java_classpath = bases_to_classpath(dependency_folder, java_jars)
 
     tmp_src_dir = build_dir + '/temp_src'
 
@@ -185,6 +185,11 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output,
     include_version_folder = tmp_src_dir + '/main/kotlin/utils/versions/to_include'
     os.makedirs(include_version_folder)
 
+    resource_dir = tmp_src_dir + '/main/resources/com/github/codeql'
+    os.makedirs(resource_dir)
+    with open(resource_dir + '/extractor.name', 'w') as f:
+        f.write(output)
+
     parsed_current_version = kotlin_plugin_versions.version_string_to_tuple(
         current_version)
 
@@ -211,7 +216,7 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output,
 
     transform_to_embeddable(srcs)
 
-    compile_to_jar(build_dir, srcs, classpath, java_classpath, output)
+    compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, output)
 
     shutil.rmtree(tmp_src_dir)
 
diff --git a/java/kotlin-extractor/gradle.properties b/java/kotlin-extractor/gradle.properties
index 16f621c2d74..f9cd575cdd3 100644
--- a/java/kotlin-extractor/gradle.properties
+++ b/java/kotlin-extractor/gradle.properties
@@ -1,5 +1,5 @@
 kotlin.code.style=official
-kotlinVersion=1.7.0
+kotlinVersion=1.7.21
 
 GROUP=com.github.codeql
 VERSION_NAME=0.0.1
diff --git a/java/kotlin-extractor/kotlin_plugin_versions.py b/java/kotlin-extractor/kotlin_plugin_versions.py
index 04107005f8d..99691b89fd2 100755
--- a/java/kotlin-extractor/kotlin_plugin_versions.py
+++ b/java/kotlin-extractor/kotlin_plugin_versions.py
@@ -22,10 +22,10 @@ def version_string_to_tuple(version):
     return tuple([int(m.group(i)) for i in range(1, 4)] + [m.group(4)])
 
 # Version number used by CI. It needs to be one of the versions in many_versions.
-ci_version = '1.7.0'
+ci_version = '1.7.20'
 
 # Version numbers in the list need to be in semantically increasing order
-many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20-Beta' ]
+many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20' ]
 
 many_versions_tuples = [version_string_to_tuple(v) for v in many_versions]
 
diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java
index f238b93e41f..9859fd705b8 100644
--- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java
+++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java
@@ -19,9 +19,10 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 
 import com.github.codeql.Logger;
-import static com.github.codeql.ClassNamesKt.getIrDeclBinaryName;
+import static com.github.codeql.ClassNamesKt.getIrElementBinaryName;
 import static com.github.codeql.ClassNamesKt.getIrClassVirtualFile;
 
+import org.jetbrains.kotlin.ir.IrElement;
 import org.jetbrains.kotlin.ir.declarations.IrClass;
 
 import com.intellij.openapi.vfs.VirtualFile;
@@ -212,20 +213,19 @@ public class OdasaOutput {
 				PathTransformer.std().fileAsDatabaseString(file) + ".trap.gz");
 	}
 
-	private File getTrapFileForDecl(IrDeclaration sym, String signature) {
+	private File getTrapFileForDecl(IrElement sym, String signature) {
 		if (currentSpecFileEntry == null)
 			return null;
 		return trapFileForDecl(sym, signature);
 	}
 
-	private File trapFileForDecl(IrDeclaration sym, String signature) {
+	private File trapFileForDecl(IrElement sym, String signature) {
 		return FileUtil.fileRelativeTo(currentSpecFileEntry.getTrapFolder(),
 				trapFilePathForDecl(sym, signature));
 	}
 
-	private String trapFilePathForDecl(IrDeclaration sym, String signature) {
-		String binaryName = getIrDeclBinaryName(sym);
-		String binaryNameWithSignature = binaryName + signature;
+	private String trapFilePathForDecl(IrElement sym, String signature) {
+		String binaryName = getIrElementBinaryName(sym);
 		// TODO: Reinstate this?
 		//if (getTrackClassOrigins())
 		//  classId += "-" + StringDigestor.digest(sym.getSourceFileId());
@@ -241,7 +241,7 @@ public class OdasaOutput {
 	 * Deletion of existing trap files.
 	 */
 
-	private void deleteTrapFileAndDependencies(IrDeclaration sym, String signature) {
+	private void deleteTrapFileAndDependencies(IrElement sym, String signature) {
 		File trap = trapFileForDecl(sym, signature);
 		if (trap.exists()) {
 			trap.delete();
@@ -269,7 +269,7 @@ public class OdasaOutput {
 	 * 		Any unique suffix needed to distinguish `sym` from other declarations with the same name.
 	 * 		For functions for example, this means its parameter signature.
 	 */
-	private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion, IrDeclaration sym, String signature) {
+	private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion, IrElement sym, String signature) {
 		if (use_trap_locking) {
 			TrapClassVersion currVersion = TrapClassVersion.fromSymbol(sym, log);
 			String shortName = sym instanceof IrDeclarationWithName ? ((IrDeclarationWithName)sym).getName().asString() : "(name unknown)";
@@ -326,7 +326,7 @@ public class OdasaOutput {
 		return trapWriter(trap, sym, signature);
 	}
 
-	private TrapFileManager trapWriter(File trapFile, IrDeclaration sym, String signature) {
+	private TrapFileManager trapWriter(File trapFile, IrElement sym, String signature) {
 		if (!trapFile.getName().endsWith(".trap.gz"))
 			throw new CatastrophicError("OdasaOutput only supports writing to compressed trap files");
 		String relative = FileUtil.relativePath(trapFile, currentSpecFileEntry.getTrapFolder());
@@ -335,7 +335,7 @@ public class OdasaOutput {
 		return concurrentWriter(trapFile, relative, log, sym, signature);
 	}
 
-	private TrapFileManager concurrentWriter(File trapFile, String relative, Logger log, IrDeclaration sym, String signature) {
+	private TrapFileManager concurrentWriter(File trapFile, String relative, Logger log, IrElement sym, String signature) {
 		if (trapFile.exists())
 			return null;
 		return new TrapFileManager(trapFile, relative, true, log, sym, signature);
@@ -345,11 +345,11 @@ public class OdasaOutput {
 
 		private TrapDependencies trapDependenciesForClass;
 		private File trapFile;
-		private IrDeclaration sym;
+		private IrElement sym;
 		private String signature;
 		private boolean hasError = false;
 
-		private TrapFileManager(File trapFile, String relative, boolean concurrentCreation, Logger log, IrDeclaration sym, String signature) {
+		private TrapFileManager(File trapFile, String relative, boolean concurrentCreation, Logger log, IrElement sym, String signature) {
 			trapDependenciesForClass = new TrapDependencies(relative);
 			this.trapFile = trapFile;
 			this.sym = sym;
@@ -360,7 +360,7 @@ public class OdasaOutput {
 			return trapFile;
 		}
 
-		public void addDependency(IrDeclaration dep, String signature) {
+		public void addDependency(IrElement dep, String signature) {
 			trapDependenciesForClass.addDependency(trapFilePathForDecl(dep, signature));
 		}
 
@@ -422,7 +422,7 @@ public class OdasaOutput {
 	 * previously set by a call to {@link OdasaOutput#setCurrentSourceFile(File)}.
 	 */
 	public TrapLocker getTrapLockerForCurrentSourceFile() {
-		return new TrapLocker((IrClass)null, null);
+		return new TrapLocker((IrClass)null, null, true);
 	}
 
 	/**
@@ -460,19 +460,19 @@ public class OdasaOutput {
 	 *
 	 * @return  a {@link TrapLocker} for the trap file corresponding to the given class symbol.
 	 */
-	public TrapLocker getTrapLockerForDecl(IrDeclaration sym, String signature) {
-		return new TrapLocker(sym, signature);
+	public TrapLocker getTrapLockerForDecl(IrElement sym, String signature, boolean fromSource) {
+		return new TrapLocker(sym, signature, fromSource);
 	}
 
 	public class TrapLocker implements AutoCloseable {
-		private final IrDeclaration sym;
+		private final IrElement sym;
 		private final File trapFile;
 		// trapFileBase is used when doing lockless TRAP file writing.
 		// It is trapFile without the #metadata.trap.gz suffix.
 		private File trapFileBase = null;
 		private TrapClassVersion trapFileVersion = null;
 		private final String signature;
-		private TrapLocker(IrDeclaration decl, String signature) {
+		private TrapLocker(IrElement decl, String signature, boolean fromSource) {
 			this.sym = decl;
 			this.signature = signature;
 			if (sym==null) {
@@ -485,7 +485,10 @@ public class OdasaOutput {
 				} else {
 					// We encode the metadata into the filename, so that the
 					// TRAP filenames for different metadatas don't overlap.
-					trapFileVersion = TrapClassVersion.fromSymbol(sym, log);
+					if (fromSource)
+						trapFileVersion = new TrapClassVersion(0, 0, 0, "kotlin");
+					else
+						trapFileVersion = TrapClassVersion.fromSymbol(sym, log);
 					String baseName = normalTrapFile.getName().replace(".trap.gz", "");
 					// If a class has lots of inner classes, then we get lots of files
 					// in a single directory. This makes our directory listings later slow.
@@ -717,11 +720,18 @@ public class OdasaOutput {
             return vf.getTimeStamp();
         }
 
-		private static TrapClassVersion fromSymbol(IrDeclaration sym, Logger log) {
-			VirtualFile vf = sym instanceof IrClass ? getIrClassVirtualFile((IrClass)sym) :
-					sym.getParent() instanceof IrClass ? getIrClassVirtualFile((IrClass)sym.getParent()) :
-					null;
-			if(vf == null)
+		private static VirtualFile getVirtualFileIfClass(IrElement e) {
+			if (e instanceof IrClass)
+				return getIrClassVirtualFile((IrClass)e);
+			else
+				return null;
+		}
+
+		private static TrapClassVersion fromSymbol(IrElement sym, Logger log) {
+			VirtualFile vf = getVirtualFileIfClass(sym);
+			if (vf == null && sym instanceof IrDeclaration)
+				vf = getVirtualFileIfClass(((IrDeclaration)sym).getParent());
+			if (vf == null)
 				return new TrapClassVersion(-1, 0, 0, null);
 
 			final int[] versionStore = new int[1];
diff --git a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt
index 12ea05a33c3..c45e0a454b7 100644
--- a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt
@@ -1,16 +1,14 @@
 package com.github.codeql
 
-import com.github.codeql.utils.isExternalDeclaration
 import com.github.codeql.utils.isExternalFileClassMember
 import com.semmle.extractor.java.OdasaOutput
 import com.semmle.util.data.StringDigestor
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
+import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.*
-import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
 import org.jetbrains.kotlin.ir.util.isFileClass
 import org.jetbrains.kotlin.ir.util.packageFqName
-import org.jetbrains.kotlin.ir.util.parentClassOrNull
-import org.jetbrains.kotlin.name.FqName
+import java.io.BufferedWriter
 import java.io.File
 import java.util.ArrayList
 import java.util.HashSet
@@ -25,87 +23,103 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri
     val propertySignature = ";property"
     val fieldSignature = ";field"
 
+    val output = OdasaOutput(false, logger).also {
+        it.setCurrentSourceFile(File(sourceFilePath))
+    }
+
     fun extractLater(d: IrDeclarationWithName, signature: String): Boolean {
         if (d !is IrClass && !isExternalFileClassMember(d)) {
             logger.errorElement("External declaration is neither a class, nor a top-level declaration", d)
             return false
         }
-        val declBinaryName = declBinaryNames.getOrPut(d) { getIrDeclBinaryName(d) }
+        val declBinaryName = declBinaryNames.getOrPut(d) { getIrElementBinaryName(d) }
         val ret = externalDeclsDone.add(Pair(declBinaryName, signature))
         if (ret) externalDeclWorkList.add(Pair(d, signature))
         return ret
     }
     fun extractLater(c: IrClass) = extractLater(c, "")
 
+    fun writeStubTrapFile(e: IrElement, signature: String = "") {
+        extractElement(e, signature, true) { trapFileBW, _, _ ->
+            trapFileBW.write("// Trap file stubbed because this declaration was extracted from source in $sourceFilePath\n")
+            trapFileBW.write("// Part of invocation $invocationTrapFile\n")
+        }
+    }
+
+    private fun extractElement(element: IrElement, possiblyLongSignature: String, fromSource: Boolean, extractorFn: (BufferedWriter, String, OdasaOutput.TrapFileManager) -> Unit) {
+        // In order to avoid excessively long signatures which can lead to trap file names longer than the filesystem
+        // limit, we truncate and add a hash to preserve uniqueness if necessary.
+        val signature = if (possiblyLongSignature.length > 100) {
+            possiblyLongSignature.substring(0, 92) + "#" + StringDigestor.digest(possiblyLongSignature).substring(0, 8)
+        } else { possiblyLongSignature }
+        output.getTrapLockerForDecl(element, signature, fromSource).useAC { locker ->
+            locker.trapFileManager.useAC { manager ->
+                val shortName = when(element) {
+                    is IrDeclarationWithName -> element.name.asString()
+                    is IrFile -> element.name
+                    else -> "(unknown name)"
+                }
+                if (manager == null) {
+                    logger.info("Skipping extracting external decl $shortName")
+                } else {
+                    val trapFile = manager.file
+                    val trapTmpFile = File.createTempFile("${trapFile.nameWithoutExtension}.", ".${trapFile.extension}.tmp", trapFile.parentFile)
+                    try {
+                        GZIPOutputStream(trapTmpFile.outputStream()).bufferedWriter().use {
+                            extractorFn(it, signature, manager)
+                        }
+
+                        if (!trapTmpFile.renameTo(trapFile)) {
+                            logger.error("Failed to rename $trapTmpFile to $trapFile")
+                        }
+                    } catch (e: Exception) {
+                        manager.setHasError()
+                        logger.error("Failed to extract '$shortName'. Partial TRAP file location is $trapTmpFile", e)
+                    }
+                }
+            }
+        }
+    }
+
     fun extractExternalClasses() {
-        val output = OdasaOutput(false, logger)
-        output.setCurrentSourceFile(File(sourceFilePath))
         do {
             val nextBatch = ArrayList(externalDeclWorkList)
             externalDeclWorkList.clear()
             nextBatch.forEach { workPair ->
                 val (irDecl, possiblyLongSignature) = workPair
-                // In order to avoid excessively long signatures which can lead to trap file names longer than the filesystem
-                // limit, we truncate and add a hash to preserve uniqueness if necessary.
-                val signature = if (possiblyLongSignature.length > 100) {
-                    possiblyLongSignature.substring(0, 92) + "#" + StringDigestor.digest(possiblyLongSignature).substring(0, 8)
-                } else { possiblyLongSignature }
-                output.getTrapLockerForDecl(irDecl, signature).useAC { locker ->
-                    locker.trapFileManager.useAC { manager ->
-                        val shortName = when(irDecl) {
-                            is IrDeclarationWithName -> irDecl.name.asString()
-                            else -> "(unknown name)"
+                extractElement(irDecl, possiblyLongSignature, false) { trapFileBW, signature, manager ->
+                    val containingClass = getContainingClassOrSelf(irDecl)
+                    if (containingClass == null) {
+                        logger.errorElement("Unable to get containing class", irDecl)
+                    } else {
+                        val binaryPath = getIrClassBinaryPath(containingClass)
+
+                        // We want our comments to be the first thing in the file,
+                        // so start off with a mere TrapWriter
+                        val tw = TrapWriter(logger.loggerBase, TrapLabelManager(), trapFileBW, diagnosticTrapWriter)
+                        tw.writeComment("Generated by the CodeQL Kotlin extractor for external dependencies")
+                        tw.writeComment("Part of invocation $invocationTrapFile")
+                        if (signature != possiblyLongSignature) {
+                            tw.writeComment("Function signature abbreviated; full signature is: $possiblyLongSignature")
                         }
-                        if(manager == null) {
-                            logger.info("Skipping extracting external decl $shortName")
+                        // Now elevate to a SourceFileTrapWriter, and populate the
+                        // file information if needed:
+                        val ftw = tw.makeFileTrapWriter(binaryPath, true)
+
+                        val fileExtractor = KotlinFileExtractor(logger, ftw, null, binaryPath, manager, this, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState)
+
+                        if (irDecl is IrClass) {
+                            // Populate a location and compilation-unit package for the file. This is similar to
+                            // the beginning of `KotlinFileExtractor.extractFileContents` but without an `IrFile`
+                            // to start from.
+                            val pkg = irDecl.packageFqName?.asString() ?: ""
+                            val pkgId = fileExtractor.extractPackage(pkg)
+                            ftw.writeHasLocation(ftw.fileId, ftw.getWholeFileLocation())
+                            ftw.writeCupackage(ftw.fileId, pkgId)
+
+                            fileExtractor.extractClassSource(irDecl, extractDeclarations = !irDecl.isFileClass, extractStaticInitializer = false, extractPrivateMembers = false, extractFunctionBodies = false)
                         } else {
-                            val trapFile = manager.file
-                            val trapTmpFile = File.createTempFile("${trapFile.nameWithoutExtension}.", ".${trapFile.extension}.tmp", trapFile.parentFile)
-
-                            val containingClass = getContainingClassOrSelf(irDecl)
-                            if (containingClass == null) {
-                                logger.errorElement("Unable to get containing class", irDecl)
-                                return
-                            }
-                            val binaryPath = getIrClassBinaryPath(containingClass)
-                            try {
-                                GZIPOutputStream(trapTmpFile.outputStream()).bufferedWriter().use { trapFileBW ->
-                                    // We want our comments to be the first thing in the file,
-                                    // so start off with a mere TrapWriter
-                                    val tw = TrapWriter(logger.loggerBase, TrapLabelManager(), trapFileBW, diagnosticTrapWriter)
-                                    tw.writeComment("Generated by the CodeQL Kotlin extractor for external dependencies")
-                                    tw.writeComment("Part of invocation $invocationTrapFile")
-                                    if (signature != possiblyLongSignature) {
-                                        tw.writeComment("Function signature abbreviated; full signature is: $possiblyLongSignature")
-                                    }
-                                    // Now elevate to a SourceFileTrapWriter, and populate the
-                                    // file information if needed:
-                                    val ftw = tw.makeFileTrapWriter(binaryPath, true)
-
-                                    val fileExtractor = KotlinFileExtractor(logger, ftw, null, binaryPath, manager, this, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState)
-
-                                    if (irDecl is IrClass) {
-                                        // Populate a location and compilation-unit package for the file. This is similar to
-                                        // the beginning of `KotlinFileExtractor.extractFileContents` but without an `IrFile`
-                                        // to start from.
-                                        val pkg = irDecl.packageFqName?.asString() ?: ""
-                                        val pkgId = fileExtractor.extractPackage(pkg)
-                                        ftw.writeHasLocation(ftw.fileId, ftw.getWholeFileLocation())
-                                        ftw.writeCupackage(ftw.fileId, pkgId)
-
-                                        fileExtractor.extractClassSource(irDecl, extractDeclarations = !irDecl.isFileClass, extractStaticInitializer = false, extractPrivateMembers = false, extractFunctionBodies = false)
-                                    } else {
-                                        fileExtractor.extractDeclaration(irDecl, extractPrivateMembers = false, extractFunctionBodies = false)
-                                    }
-                                }
-
-                                if (!trapTmpFile.renameTo(trapFile)) {
-                                    logger.error("Failed to rename $trapTmpFile to $trapFile")
-                                }
-                            } catch (e: Exception) {
-                                manager.setHasError()
-                                logger.error("Failed to extract '$shortName'. Partial TRAP file location is $trapTmpFile", e)
-                            }
+                            fileExtractor.extractDeclaration(irDecl, extractPrivateMembers = false, extractFunctionBodies = false, extractAnnotations = true)
                         }
                     }
                 }
diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt
index c11d8569ae4..9bfcabd20fb 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt
@@ -131,6 +131,9 @@ class KotlinExtractorExtension(
             // The interceptor has already defined #compilation = *
             val compilation: Label<DbCompilation> = StringLabel("compilation")
             tw.writeCompilation_started(compilation)
+            tw.writeCompilation_info(compilation, "Kotlin Compiler Version", KotlinCompilerVersion.getVersion() ?: "<unknown>")
+            val extractor_name = this::class.java.getResource("extractor.name")?.readText() ?: "<unknown>"
+            tw.writeCompilation_info(compilation, "Kotlin Extractor Name", extractor_name)
             if (compilationStartTime != null) {
                 tw.writeCompilation_compiler_times(compilation, -1.0, (System.currentTimeMillis()-compilationStartTime)/1000.0)
             }
@@ -204,6 +207,7 @@ class KotlinExtractorGlobalState {
     val syntheticToRealClassMap = HashMap<IrClass, IrClass?>()
     val syntheticToRealFunctionMap = HashMap<IrFunction, IrFunction?>()
     val syntheticToRealFieldMap = HashMap<IrField, IrField?>()
+    val syntheticRepeatableAnnotationContainers = HashMap<IrClass, IrClass>()
 }
 
 /*
diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
index 511b97fd4d0..faa83139bbb 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
@@ -2,9 +2,7 @@ package com.github.codeql
 
 import com.github.codeql.comments.CommentExtractor
 import com.github.codeql.utils.*
-import com.github.codeql.utils.versions.allOverriddenIncludingSelf
-import com.github.codeql.utils.versions.functionN
-import com.github.codeql.utils.versions.isUnderscoreParameter
+import com.github.codeql.utils.versions.*
 import com.semmle.extractor.java.OdasaOutput
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
 import org.jetbrains.kotlin.backend.common.lower.parents
@@ -16,17 +14,46 @@ import org.jetbrains.kotlin.descriptors.java.JavaVisibilities
 import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.IrStatement
 import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
+import org.jetbrains.kotlin.ir.UNDEFINED_OFFSET
 import org.jetbrains.kotlin.ir.backend.js.utils.realOverrideTarget
+import org.jetbrains.kotlin.ir.builders.declarations.*
 import org.jetbrains.kotlin.ir.declarations.*
 import org.jetbrains.kotlin.ir.declarations.lazy.IrLazyFunction
 import org.jetbrains.kotlin.ir.expressions.*
-import org.jetbrains.kotlin.ir.expressions.impl.IrConstImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrGetValueImpl
+import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.*
 import org.jetbrains.kotlin.ir.types.*
-import org.jetbrains.kotlin.ir.util.*
+import org.jetbrains.kotlin.ir.types.impl.makeTypeProjection
+import org.jetbrains.kotlin.ir.util.companionObject
+import org.jetbrains.kotlin.ir.util.constructors
+import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
+import org.jetbrains.kotlin.ir.util.hasAnnotation
+import org.jetbrains.kotlin.ir.util.hasInterfaceParent
+import org.jetbrains.kotlin.ir.util.isAnnotationClass
+import org.jetbrains.kotlin.ir.util.isAnonymousObject
+import org.jetbrains.kotlin.ir.util.isFakeOverride
+import org.jetbrains.kotlin.ir.util.isFunctionOrKFunction
+import org.jetbrains.kotlin.ir.util.isInterface
+import org.jetbrains.kotlin.ir.util.isLocal
+import org.jetbrains.kotlin.ir.util.isNonCompanionObject
+import org.jetbrains.kotlin.ir.util.isObject
+import org.jetbrains.kotlin.ir.util.isSuspend
+import org.jetbrains.kotlin.ir.util.isSuspendFunctionOrKFunction
+import org.jetbrains.kotlin.ir.util.isVararg
+import org.jetbrains.kotlin.ir.util.kotlinFqName
+import org.jetbrains.kotlin.ir.util.packageFqName
+import org.jetbrains.kotlin.ir.util.parentAsClass
+import org.jetbrains.kotlin.ir.util.parentClassOrNull
+import org.jetbrains.kotlin.ir.util.primaryConstructor
+import org.jetbrains.kotlin.ir.util.render
+import org.jetbrains.kotlin.ir.util.target
+import org.jetbrains.kotlin.load.java.JvmAnnotationNames
+import org.jetbrains.kotlin.load.java.NOT_NULL_ANNOTATIONS
+import org.jetbrains.kotlin.load.java.NULLABLE_ANNOTATIONS
 import org.jetbrains.kotlin.load.java.sources.JavaSourceElement
+import org.jetbrains.kotlin.load.java.structure.JavaAnnotation
 import org.jetbrains.kotlin.load.java.structure.JavaClass
+import org.jetbrains.kotlin.load.java.structure.JavaConstructor
 import org.jetbrains.kotlin.load.java.structure.JavaMethod
 import org.jetbrains.kotlin.load.java.structure.JavaTypeParameter
 import org.jetbrains.kotlin.load.java.structure.JavaTypeParameterListOwner
@@ -34,6 +61,7 @@ import org.jetbrains.kotlin.load.java.structure.impl.classFiles.BinaryJavaClass
 import org.jetbrains.kotlin.name.FqName
 import org.jetbrains.kotlin.types.Variance
 import org.jetbrains.kotlin.util.OperatorNameConventions
+import org.jetbrains.kotlin.utils.addToStdlib.firstIsInstanceOrNull
 import java.io.Closeable
 import java.util.*
 import kotlin.collections.ArrayList
@@ -51,6 +79,8 @@ open class KotlinFileExtractor(
     globalExtensionState: KotlinExtractorGlobalState,
 ): KotlinUsesExtractor(logger, tw, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, globalExtensionState) {
 
+    val metaAnnotationSupport = MetaAnnotationSupport(logger, pluginContext, this)
+
     private inline fun <T> with(kind: String, element: IrElement, f: () -> T): T {
         val name = when (element) {
             is IrFile -> element.name
@@ -90,7 +120,12 @@ open class KotlinFileExtractor(
                 }
             }
 
-            file.declarations.forEach { extractDeclaration(it, extractPrivateMembers = true, extractFunctionBodies = true) }
+            file.declarations.forEach {
+                extractDeclaration(it, extractPrivateMembers = true, extractFunctionBodies = true, extractAnnotations = true)
+                if (it is IrProperty || it is IrField || it is IrFunction) {
+                    externalClassExtractor.writeStubTrapFile(it, getTrapFileSignature(it))
+                }
+            }
             extractStaticInitializer(file, { extractFileClass(file) })
             CommentExtractor(this, file, tw.fileId).extract()
 
@@ -99,6 +134,8 @@ open class KotlinFileExtractor(
             }
 
             linesOfCode?.linesOfCodeInFile(id)
+
+            externalClassExtractor.writeStubTrapFile(file)
         }
     }
 
@@ -141,7 +178,7 @@ open class KotlinFileExtractor(
     private fun shouldExtractDecl(declaration: IrDeclaration, extractPrivateMembers: Boolean) =
         extractPrivateMembers || !isPrivate(declaration)
 
-    fun extractDeclaration(declaration: IrDeclaration, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) {
+    fun extractDeclaration(declaration: IrDeclaration, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean, extractAnnotations: Boolean) {
         with("declaration", declaration) {
             if (!shouldExtractDecl(declaration, extractPrivateMembers))
                 return
@@ -156,7 +193,7 @@ open class KotlinFileExtractor(
                 is IrFunction -> {
                     val parentId = useDeclarationParent(declaration.parent, false)?.cast<DbReftype>()
                     if (parentId != null) {
-                        extractFunction(declaration, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, null, listOf())
+                        extractFunction(declaration, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, extractAnnotations = extractAnnotations, null, listOf())
                     }
                     Unit
                 }
@@ -166,7 +203,7 @@ open class KotlinFileExtractor(
                 is IrProperty -> {
                     val parentId = useDeclarationParent(declaration.parent, false)?.cast<DbReftype>()
                     if (parentId != null) {
-                        extractProperty(declaration, parentId, extractBackingField = true, extractFunctionBodies = extractFunctionBodies, extractPrivateMembers = extractPrivateMembers, null, listOf())
+                        extractProperty(declaration, parentId, extractBackingField = true, extractFunctionBodies = extractFunctionBodies, extractPrivateMembers = extractPrivateMembers, extractAnnotations = extractAnnotations, null, listOf())
                     }
                     Unit
                 }
@@ -180,7 +217,8 @@ open class KotlinFileExtractor(
                 is IrField -> {
                     val parentId = useDeclarationParent(getFieldParent(declaration), false)?.cast<DbReftype>()
                     if (parentId != null) {
-                        extractField(declaration, parentId)
+                        // For consistency with the Java extractor, enum entries get type accesses only if we're extracting from .kt source (i.e., when `extractFunctionBodies` is set)
+                        extractField(declaration, parentId, extractAnnotationEnumTypeAccesses = extractFunctionBodies)
                     }
                     Unit
                 }
@@ -231,6 +269,8 @@ open class KotlinFileExtractor(
                 addModifiers(id, "out")
             }
 
+            // extractAnnotations(tp, id)
+            // TODO: introduce annotations once they can be disambiguated from bounds, which are also child expressions.
             return id
         }
     }
@@ -398,8 +438,8 @@ open class KotlinFileExtractor(
                 }
             }
         when (d) {
-            is IrFunction -> extractFunction(d, parentId, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses)
-            is IrProperty -> extractProperty(d, parentId, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses)
+            is IrFunction -> extractFunction(d, parentId, extractBody = false, extractMethodAndParameterTypeAccesses = false, extractAnnotations = false, typeParamSubstitution, argsIncludingOuterClasses)
+            is IrProperty -> extractProperty(d, parentId, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, extractAnnotations = false, typeParamSubstitution, argsIncludingOuterClasses)
             else -> {}
         }
     }
@@ -450,7 +490,137 @@ open class KotlinFileExtractor(
         extractDeclInitializers(c.declarations, false) { Pair(blockId, obinitId) }
     }
 
-    val jvmStaticFqName = FqName("kotlin.jvm.JvmStatic")
+    private val javaLangDeprecated by lazy { referenceExternalClass("java.lang.Deprecated") }
+
+    private val javaLangDeprecatedConstructor by lazy { javaLangDeprecated?.constructors?.singleOrNull() }
+
+    private fun replaceKotlinDeprecatedAnnotation(annotations: List<IrConstructorCall>): List<IrConstructorCall> {
+        val shouldReplace =
+            annotations.any { (it.type as? IrSimpleType)?.classFqName?.asString() == "kotlin.Deprecated" } &&
+                    annotations.none { it.type.classOrNull == javaLangDeprecated?.symbol }
+        val jldConstructor = javaLangDeprecatedConstructor
+        if (!shouldReplace || jldConstructor == null)
+            return annotations
+        return annotations.filter { (it.type as? IrSimpleType)?.classFqName?.asString() != "kotlin.Deprecated" } +
+                // Note we lose any arguments to @java.lang.Deprecated that were written in source.
+                IrConstructorCallImpl.fromSymbolOwner(
+                    UNDEFINED_OFFSET, UNDEFINED_OFFSET, jldConstructor.returnType, jldConstructor.symbol, 0
+                )
+    }
+
+    private fun extractAnnotations(c: IrAnnotationContainer, annotations: List<IrConstructorCall>, parent: Label<out DbExprparent>, extractEnumTypeAccesses: Boolean) {
+        val origin = (c as? IrDeclaration)?.origin ?: run { logger.warn("Unexpected annotation container: $c"); return }
+        val replacedAnnotations =
+            if (origin == IrDeclarationOrigin.IR_EXTERNAL_JAVA_DECLARATION_STUB)
+                replaceKotlinDeprecatedAnnotation(annotations)
+            else
+                annotations
+        val groupedAnnotations = metaAnnotationSupport.groupRepeatableAnnotations(replacedAnnotations)
+        for ((idx, constructorCall: IrConstructorCall) in groupedAnnotations.sortedBy { v -> v.type.classFqName?.asString() }.withIndex()) {
+            extractAnnotation(constructorCall, parent, idx, extractEnumTypeAccesses)
+        }
+    }
+
+    private fun extractAnnotations(c: IrAnnotationContainer, parent: Label<out DbExprparent>, extractEnumTypeAccesses: Boolean) {
+        extractAnnotations(c, c.annotations, parent, extractEnumTypeAccesses)
+    }
+
+    private fun extractAnnotation(
+        constructorCall: IrConstructorCall,
+        parent: Label<out DbExprparent>,
+        idx: Int,
+        extractEnumTypeAccesses: Boolean,
+        contextLabel: String? = null
+    ): Label<out DbExpr> {
+        // Erase the type here because the JVM lowering erases the annotation type, and so the Java extractor will see it in erased form.
+        val t = useType(erase(constructorCall.type))
+        val annotationContextLabel = contextLabel ?: "{${t.javaResult.id}}"
+        val id = tw.getLabelFor<DbDeclannotation>("@\"annotation;{$parent};$annotationContextLabel\"")
+        tw.writeExprs_declannotation(id, t.javaResult.id, parent, idx)
+        tw.writeExprsKotlinType(id, t.kotlinResult.id)
+
+        val locId = tw.getLocation(constructorCall)
+        tw.writeHasLocation(id, locId)
+
+        for (i in 0 until constructorCall.valueArgumentsCount) {
+            val param = constructorCall.symbol.owner.valueParameters[i]
+            val prop = constructorCall.symbol.owner.parentAsClass.declarations
+                .filterIsInstance<IrProperty>()
+                .first { it.name == param.name }
+            val v = constructorCall.getValueArgument(i) ?: param.defaultValue?.expression
+            val getter = prop.getter
+            if (getter == null) {
+                logger.warnElement("Expected annotation property to define a getter", prop)
+            } else {
+                val getterId = useFunction<DbMethod>(getter)
+                val exprId = extractAnnotationValueExpression(v, id, i, "{${getterId}}", getter.returnType, extractEnumTypeAccesses)
+                if (exprId != null) {
+                    tw.writeAnnotValue(id, getterId, exprId)
+                }
+            }
+        }
+        return id
+    }
+
+    private fun extractAnnotationValueExpression(
+        v: IrExpression?,
+        parent: Label<out DbExprparent>,
+        idx: Int,
+        contextLabel: String,
+        contextType: IrType?,
+        extractEnumTypeAccesses: Boolean): Label<out DbExpr>? {
+
+        fun exprId() = tw.getLabelFor<DbExpr>("@\"annotationExpr;{$parent};$idx\"")
+
+        return when (v) {
+            is IrConst<*> -> {
+                extractConstant(v, parent, idx, null, null, overrideId = exprId())
+            }
+            is IrGetEnumValue -> {
+                extractEnumValue(v, parent, idx, null, null, extractTypeAccess = extractEnumTypeAccesses, overrideId = exprId())
+            }
+            is IrClassReference -> {
+                val classRefId = exprId()
+                val typeAccessId = tw.getLabelFor<DbUnannotatedtypeaccess>("@\"annotationExpr;{$classRefId};0\"")
+                extractClassReference(v, parent, idx, null, null, overrideId = classRefId, typeAccessOverrideId = typeAccessId, useJavaLangClassType = true)
+            }
+            is IrConstructorCall -> {
+                extractAnnotation(v, parent, idx, extractEnumTypeAccesses, contextLabel)
+            }
+            is IrVararg -> {
+                tw.getLabelFor<DbArrayinit>("@\"annotationarray;{${parent}};$contextLabel\"").also { arrayId ->
+                    // Use the context type (i.e., the type the annotation expects, not the actual type of the array)
+                    // because the Java extractor fills in array types using the same technique. These should only
+                    // differ for generic annotations.
+                    if (contextType == null) {
+                        logger.warnElement("Expected an annotation array to have an enclosing context", v)
+                    } else {
+                        val type = useType(kClassToJavaClass(contextType))
+                        tw.writeExprs_arrayinit(arrayId, type.javaResult.id, parent, idx)
+                        tw.writeExprsKotlinType(arrayId, type.kotlinResult.id)
+                        tw.writeHasLocation(arrayId, tw.getLocation(v))
+
+                        v.elements.forEachIndexed { index, irVarargElement -> run {
+                            val argExpr = when (irVarargElement) {
+                                is IrExpression -> irVarargElement
+                                is IrSpreadElement -> irVarargElement.expression
+                                else -> {
+                                    logger.errorElement("Unrecognised IrVarargElement: " + irVarargElement.javaClass, irVarargElement)
+                                    null
+                                }
+                            }
+                            extractAnnotationValueExpression(argExpr, arrayId, index, "child;$index", null, extractEnumTypeAccesses)
+                        } }
+                    }
+                }
+            }
+            // is IrErrorExpression
+            // null
+            // Note: emitting an ErrorExpr here would induce an inconsistency if this annotation is later seen from source or by the Java extractor,
+            // in both of which cases the real value will get extracted.
+            else -> null
+        }
+    }
 
     fun extractClassSource(c: IrClass, extractDeclarations: Boolean, extractStaticInitializer: Boolean, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean): Label<out DbClassorinterface> {
         with("class source", c) {
@@ -463,6 +633,10 @@ open class KotlinFileExtractor(
                 if (c.isInterfaceLike) {
                     val interfaceId = id.cast<DbInterface>()
                     tw.writeInterfaces(interfaceId, cls, pkgId, interfaceId)
+
+                    if (c.kind == ClassKind.ANNOTATION_CLASS) {
+                        tw.writeIsAnnotType(interfaceId)
+                    }
                 } else {
                     val classId = id.cast<DbClass>()
                     tw.writeClasses(classId, cls, pkgId, classId)
@@ -488,10 +662,25 @@ open class KotlinFileExtractor(
 
                 c.typeParameters.mapIndexed { idx, param -> extractTypeParameter(param, idx, javaClass?.typeParameters?.getOrNull(idx)) }
                 if (extractDeclarations) {
-                    c.declarations.forEach { extractDeclaration(it, extractPrivateMembers = extractPrivateMembers, extractFunctionBodies = extractFunctionBodies) }
-                    if (extractStaticInitializer)
-                        extractStaticInitializer(c, { id })
-                    extractJvmStaticProxyMethods(c, id, extractPrivateMembers, extractFunctionBodies)
+                    if (c.kind == ClassKind.ANNOTATION_CLASS) {
+                        c.declarations
+                            .filterIsInstance<IrProperty>()
+                            .forEach {
+                                val getter = it.getter
+                                if (getter == null) {
+                                    logger.warnElement("Expected an annotation property to have a getter", it)
+                                } else {
+                                    extractFunction(getter, id, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, extractAnnotations = true, null, listOf())?.also { functionLabel ->
+                                        tw.writeIsAnnotElem(functionLabel.cast())
+                                    }
+                                }
+                            }
+                    } else {
+                        c.declarations.forEach { extractDeclaration(it, extractPrivateMembers = extractPrivateMembers, extractFunctionBodies = extractFunctionBodies, extractAnnotations = true) }
+                        if (extractStaticInitializer)
+                            extractStaticInitializer(c, { id })
+                        extractJvmStaticProxyMethods(c, id, extractPrivateMembers, extractFunctionBodies)
+                    }
                 }
                 if (c.isNonCompanionObject) {
                     // For `object MyObject { ... }`, the .class has an
@@ -507,6 +696,9 @@ open class KotlinFileExtractor(
                     addModifiers(instance.id, "public", "static", "final")
                     tw.writeClass_object(id.cast<DbClass>(), instance.id)
                 }
+                if (c.isObject) {
+                    addModifiers(id, "static")
+                }
                 if (extractFunctionBodies && needsObinitFunction(c)) {
                     extractObinitFunction(c, id)
                 }
@@ -516,11 +708,24 @@ open class KotlinFileExtractor(
 
                 linesOfCode?.linesOfCodeInDeclaration(c, id)
 
+                val additionalAnnotations =
+                    if (c.kind == ClassKind.ANNOTATION_CLASS && c.origin != IrDeclarationOrigin.IR_EXTERNAL_JAVA_DECLARATION_STUB)
+                        metaAnnotationSupport.generateJavaMetaAnnotations(c, extractFunctionBodies)
+                    else
+                        listOf()
+
+                extractAnnotations(c, c.annotations + additionalAnnotations, id, extractFunctionBodies)
+
+                if (extractFunctionBodies && !c.isAnonymousObject && !c.isLocal)
+                    externalClassExtractor.writeStubTrapFile(c)
+
                 return id
             }
         }
     }
 
+    val jvmStaticFqName = FqName("kotlin.jvm.JvmStatic")
+
     private fun extractJvmStaticProxyMethods(c: IrClass, classId: Label<out DbClassorinterface>, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) {
 
         // Add synthetic forwarders for any JvmStatic methods or properties:
@@ -534,7 +739,7 @@ open class KotlinFileExtractor(
             val proxyFunctionId = tw.getLabelFor<DbMethod>(getFunctionLabel(f, classId, listOf()))
             // We extract the function prototype with its ID overridden to belong to `c` not the companion object,
             // but suppress outputting the body, which we will replace with a delegating call below.
-            forceExtractFunction(f, classId, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf(), extractOrigin = false, OverriddenFunctionAttributes(id = proxyFunctionId))
+            forceExtractFunction(f, classId, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, extractAnnotations = false, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf(), extractOrigin = false, OverriddenFunctionAttributes(id = proxyFunctionId))
             addModifiers(proxyFunctionId, "static")
             tw.writeCompiler_generated(proxyFunctionId, CompilerGeneratedKinds.JVMSTATIC_PROXY_METHOD.kind)
             if (extractFunctionBodies) {
@@ -701,6 +906,13 @@ open class KotlinFileExtractor(
                 extractTypeAccessRecursive(substitutedType, location, id, -1)
             }
             val syntheticParameterNames = isUnderscoreParameter(vp) || ((vp.parent as? IrFunction)?.let { hasSynthesizedParameterNames(it) } ?: true)
+            val javaParameter = when(val callable = (vp.parent as? IrFunction)?.let { getJavaCallable(it) }) {
+                is JavaConstructor -> callable.valueParameters.getOrNull(idx)
+                is JavaMethod -> callable.valueParameters.getOrNull(idx)
+                else -> null
+            }
+            val extraAnnotations = listOfNotNull(getNullabilityAnnotation(vp.type, vp.origin, vp.annotations, javaParameter?.annotations))
+            extractAnnotations(vp, vp.annotations + extraAnnotations, id, extractTypeAccess)
             return extractValueParameter(id, substitutedType, vp.name.asString(), location, parent, idx, useValueParameter(vp, parentSourceDeclaration), syntheticParameterNames, vp.isVararg, vp.isNoinline, vp.isCrossinline)
         }
     }
@@ -878,7 +1090,7 @@ open class KotlinFileExtractor(
                 f.realOverrideTarget.let { it != f && (it as? IrSimpleFunction)?.modality != Modality.ABSTRACT && isKotlinDefinedInterface(it.parentClassOrNull) }
 
     private fun makeInterfaceForwarder(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) =
-        forceExtractFunction(f, parentId, extractBody = false, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = OverriddenFunctionAttributes(visibility = DescriptorVisibilities.PUBLIC)).also { functionId ->
+        forceExtractFunction(f, parentId, extractBody = false, extractMethodAndParameterTypeAccesses, extractAnnotations = false, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = OverriddenFunctionAttributes(visibility = DescriptorVisibilities.PUBLIC, modality = Modality.OPEN)).also { functionId ->
             tw.writeCompiler_generated(functionId, CompilerGeneratedKinds.INTERFACE_FORWARDER.kind)
             if (extractBody) {
                 val realFunctionLocId = tw.getLocation(f)
@@ -919,7 +1131,7 @@ open class KotlinFileExtractor(
             }
         }
 
-    private fun extractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) =
+    private fun extractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, extractAnnotations: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) =
         if (isFake(f)) {
             if (needsInterfaceForwarder(f))
                 makeInterfaceForwarder(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses)
@@ -928,7 +1140,7 @@ open class KotlinFileExtractor(
         } else {
             // Work around an apparent bug causing redeclarations of `fun toString(): String` specifically in interfaces loaded from Java classes show up like fake overrides.
             val overriddenVisibility = if (f.isFakeOverride && isJavaBinaryObjectMethodRedeclaration(f)) OverriddenFunctionAttributes(visibility = DescriptorVisibilities.PUBLIC) else null
-            forceExtractFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = overriddenVisibility).also {
+            forceExtractFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, extractAnnotations, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = overriddenVisibility).also {
                 // The defaults-forwarder function is a static utility, not a member, so we only need to extract this for the unspecialised instance of this class.
                 if (classTypeArgsIncludingOuterClasses.isNullOrEmpty())
                     extractDefaultsFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses)
@@ -944,7 +1156,7 @@ open class KotlinFileExtractor(
         val locId = getLocation(f, null)
         val extReceiver = f.extensionReceiverParameter
         val dispatchReceiver = if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter
-        val parameterTypes = listOfNotNull(extReceiver?.let { erase(it.type) }) + getDefaultsMethodArgTypes(f)
+        val parameterTypes = getDefaultsMethodArgTypes(f)
         val allParamTypeResults = parameterTypes.mapIndexed { i, paramType ->
             val paramId = tw.getLabelFor<DbParam>(getValueParameterLabel(id, i))
             extractValueParameter(paramId, paramType, "p$i", locId, id, i, paramId, isVararg = false, syntheticParameterNames = true, isCrossinline = false, isNoinline = false).also {
@@ -962,6 +1174,11 @@ open class KotlinFileExtractor(
             val methodId = id.cast<DbMethod>()
             extractMethod(methodId, locId, shortName, erase(f.returnType), paramsSignature, parentId, methodId, origin = null, extractTypeAccess = extractMethodAndParameterTypeAccesses)
             addModifiers(id, "static")
+            if (extReceiver != null) {
+                val idx = if (dispatchReceiver != null) 1 else 0
+                val extendedType = allParamTypeResults[idx]
+                tw.writeKtExtensionFunctions(methodId, extendedType.javaResult.id, extendedType.kotlinResult.id)
+            }
         }
         tw.writeHasLocation(id, locId)
         if (f.visibility != DescriptorVisibilities.PRIVATE && f.visibility != DescriptorVisibilities.PRIVATE_TO_THIS) {
@@ -1027,8 +1244,8 @@ open class KotlinFileExtractor(
                                 val realFnIdxOffset = if (f.extensionReceiverParameter != null) 1 else 0
                                 val paramMappings = f.valueParameters.mapIndexed { idx, param -> Triple(param.type, idx + paramIdxOffset, idx + realFnIdxOffset) } +
                                     listOfNotNull(
-                                        dispatchReceiver?.let { Triple(it.type, realFnIdxOffset, -1) },
-                                        extReceiver?.let { Triple(it.type, 0, 0) }
+                                        dispatchReceiver?.let { Triple(it.type, 0, -1) },
+                                        extReceiver?.let { Triple(it.type, if (dispatchReceiver != null) 1 else 0, 0) }
                                     )
                                 paramMappings.forEach { (type, fromIdx, toIdx) ->
                                     extractVariableAccess(tw.getLabelFor<DbParam>(getValueParameterLabel(id, fromIdx)), type, locId, thisCallId, toIdx, id, returnId)
@@ -1049,8 +1266,6 @@ open class KotlinFileExtractor(
     private val jvmOverloadsFqName = FqName("kotlin.jvm.JvmOverloads")
 
     private fun extractGeneratedOverloads(f: IrFunction, parentId: Label<out DbReftype>, maybeSourceParentId: Label<out DbReftype>?, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) {
-        if (!f.hasAnnotation(jvmOverloadsFqName))
-            return
 
         fun extractGeneratedOverload(paramList: List<IrValueParameter?>) {
             val overloadParameters = paramList.filterNotNull()
@@ -1066,7 +1281,7 @@ open class KotlinFileExtractor(
                         parentId
             val sourceDeclId = tw.getLabelFor<DbCallable>(getFunctionLabel(f, sourceParentId, listOf(), overloadParameters))
             val overriddenAttributes = OverriddenFunctionAttributes(id = overloadId, sourceDeclarationId = sourceDeclId, valueParameters = overloadParameters)
-            forceExtractFunction(f, parentId, extractBody = false, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = overriddenAttributes)
+            forceExtractFunction(f, parentId, extractBody = false, extractMethodAndParameterTypeAccesses, extractAnnotations = false, typeSubstitution, classTypeArgsIncludingOuterClasses, overriddenAttributes = overriddenAttributes)
             tw.writeCompiler_generated(overloadId, CompilerGeneratedKinds.JVMOVERLOADS_METHOD.kind)
             val realFunctionLocId = tw.getLocation(f)
             if (extractBody) {
@@ -1096,6 +1311,22 @@ open class KotlinFileExtractor(
             }
         }
 
+        if (!f.hasAnnotation(jvmOverloadsFqName)) {
+            if (f is IrConstructor &&
+                f.valueParameters.isNotEmpty() &&
+                f.valueParameters.all { it.defaultValue != null } &&
+                f.parentClassOrNull?.let {
+                    // Don't create a default constructor for an annotation class, or a class that explicitly declares a no-arg constructor.
+                    !it.isAnnotationClass &&
+                    it.declarations.none { d -> d is IrConstructor && d.valueParameters.isEmpty() }
+                } == true) {
+                // Per https://kotlinlang.org/docs/classes.html#creating-instances-of-classes, a single default overload gets created specifically
+                // when we have all default parameters, regardless of `@JvmOverloads`.
+                extractGeneratedOverload(f.valueParameters.map { _ -> null })
+            }
+            return
+        }
+
         val paramList: MutableList<IrValueParameter?> = f.valueParameters.toMutableList()
         for (n in (f.valueParameters.size - 1) downTo 0) {
             if (f.valueParameters[n].defaultValue != null) {
@@ -1136,7 +1367,38 @@ open class KotlinFileExtractor(
                 logger.warn("Needed a signature for a type that doesn't have one")
         }
 
-    private fun forceExtractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?, extractOrigin: Boolean = true, overriddenAttributes: OverriddenFunctionAttributes? = null): Label<out DbCallable>  {
+    private fun getNullabilityAnnotationName(t: IrType, declOrigin: IrDeclarationOrigin, existingAnnotations: List<IrConstructorCall>, javaAnnotations: Collection<JavaAnnotation>?): FqName? {
+        if (t !is IrSimpleType)
+            return null
+
+        fun hasExistingAnnotation(name: FqName) =
+            existingAnnotations.any { existing -> existing.type.classFqName == name }
+
+        return if (declOrigin == IrDeclarationOrigin.IR_EXTERNAL_JAVA_DECLARATION_STUB) {
+            // Java declaration: restore a NotNull or Nullable annotation if the original Java member had one but the Kotlin compiler removed it.
+            javaAnnotations?.mapNotNull { it.classId?.asSingleFqName() }
+            ?.singleOrNull { NOT_NULL_ANNOTATIONS.contains(it) || NULLABLE_ANNOTATIONS.contains(it) }
+            ?.takeUnless { hasExistingAnnotation(it) }
+        } else {
+            // Kotlin declaration: add a NotNull annotation to a non-nullable non-primitive type, unless one is already present.
+            // Usually Kotlin declarations can't have a manual `@NotNull`, but this happens at least when delegating members are
+            // synthesised and inherit the annotation from the delegate (which given it has @NotNull, is likely written in Java)
+            JvmAnnotationNames.JETBRAINS_NOT_NULL_ANNOTATION.takeUnless { t.isNullable() || primitiveTypeMapping.getPrimitiveInfo(t) != null || hasExistingAnnotation(it) }
+        }
+    }
+
+    private fun getNullabilityAnnotation(t: IrType, declOrigin: IrDeclarationOrigin, existingAnnotations: List<IrConstructorCall>, javaAnnotations: Collection<JavaAnnotation>?) =
+        getNullabilityAnnotationName(t, declOrigin, existingAnnotations, javaAnnotations)?.let {
+            pluginContext.referenceClass(it)?.let { annotationClass ->
+                annotationClass.owner.declarations.firstIsInstanceOrNull<IrConstructor>()?.let { annotationConstructor ->
+                    IrConstructorCallImpl.fromSymbolOwner(
+                        UNDEFINED_OFFSET, UNDEFINED_OFFSET, annotationConstructor.returnType, annotationConstructor.symbol, 0
+                    )
+                }
+            }
+        }
+
+    private fun forceExtractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, extractAnnotations: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?, extractOrigin: Boolean = true, overriddenAttributes: OverriddenFunctionAttributes? = null): Label<out DbCallable>  {
         with("function", f) {
             DeclarationStackAdjuster(f, overriddenAttributes).use {
 
@@ -1157,6 +1419,7 @@ open class KotlinFileExtractor(
                             id
 
                 val extReceiver = f.extensionReceiverParameter
+                // The following parameter order is correct, because member $default methods (where the order would be [dispatchParam], [extensionParam], normalParams) are not extracted here
                 val fParameters = listOfNotNull(extReceiver) + (overriddenAttributes?.valueParameters ?: f.valueParameters)
                 val paramTypes = fParameters.mapIndexed { i, vp ->
                     extractValueParameter(vp, id, i, typeSubstitution, sourceDeclaration, classTypeArgsIncludingOuterClasses, extractTypeAccess = extractMethodAndParameterTypeAccesses, overriddenAttributes?.sourceLoc)
@@ -1216,9 +1479,25 @@ open class KotlinFileExtractor(
                 if (f.isSuspend) {
                     addModifiers(id, "suspend")
                 }
+                if (f.symbol !is IrConstructorSymbol) {
+                    when(overriddenAttributes?.modality ?: (f as? IrSimpleFunction)?.modality) {
+                        Modality.ABSTRACT -> addModifiers(id, "abstract")
+                        Modality.FINAL -> addModifiers(id, "final")
+                        else -> Unit
+                    }
+                }
 
                 linesOfCode?.linesOfCodeInDeclaration(f, id)
 
+                if (extractAnnotations) {
+                    val extraAnnotations =
+                        if (f.symbol is IrConstructorSymbol)
+                            listOf()
+                        else
+                            listOfNotNull(getNullabilityAnnotation(f.returnType, f.origin, f.annotations, getJavaCallable(f)?.annotations))
+                    extractAnnotations(f, f.annotations + extraAnnotations, id, extractMethodAndParameterTypeAccesses)
+                }
+
                 return id
             }
         }
@@ -1230,18 +1509,20 @@ open class KotlinFileExtractor(
                 && f.symbol !is IrConstructorSymbol     // not a constructor
     }
 
-    private fun extractField(f: IrField, parentId: Label<out DbReftype>): Label<out DbField> {
+    private fun extractField(f: IrField, parentId: Label<out DbReftype>, extractAnnotationEnumTypeAccesses: Boolean): Label<out DbField> {
         with("field", f) {
            DeclarationStackAdjuster(f).use {
                val fNameSuffix = getExtensionReceiverType(f)?.let { it.classFqName?.asString()?.replace(".", "$$") } ?: ""
                val extractType = if (isAnnotationClassField(f)) kClassToJavaClass(f.type) else f.type
-               return extractField(useField(f), "${f.name.asString()}$fNameSuffix", extractType, parentId, tw.getLocation(f), f.visibility, f, isExternalDeclaration(f), f.isFinal)
+               val id = useField(f)
+               extractAnnotations(f, id, extractAnnotationEnumTypeAccesses)
+               return extractField(id, "${f.name.asString()}$fNameSuffix", extractType, parentId, tw.getLocation(f), f.visibility, f, isExternalDeclaration(f), f.isFinal, isDirectlyExposedCompanionObjectField(f))
            }
         }
     }
 
 
-    private fun extractField(id: Label<out DbField>, name: String, type: IrType, parentId: Label<out DbReftype>, locId: Label<DbLocation>, visibility: DescriptorVisibility, errorElement: IrElement, isExternalDeclaration: Boolean, isFinal: Boolean): Label<out DbField> {
+    private fun extractField(id: Label<out DbField>, name: String, type: IrType, parentId: Label<out DbReftype>, locId: Label<DbLocation>, visibility: DescriptorVisibility, errorElement: IrElement, isExternalDeclaration: Boolean, isFinal: Boolean, isStatic: Boolean): Label<out DbField> {
         val t = useType(type)
         tw.writeFields(id, name, t.javaResult.id, parentId, id)
         tw.writeFieldsKotlinType(id, t.kotlinResult.id)
@@ -1251,6 +1532,9 @@ open class KotlinFileExtractor(
         if (isFinal) {
             addModifiers(id, "final")
         }
+        if (isStatic) {
+            addModifiers(id, "static")
+        }
 
         if (!isExternalDeclaration) {
             val fieldDeclarationId = tw.getFreshIdLabel<DbFielddecl>()
@@ -1264,7 +1548,7 @@ open class KotlinFileExtractor(
         return id
     }
 
-    private fun extractProperty(p: IrProperty, parentId: Label<out DbReftype>, extractBackingField: Boolean, extractFunctionBodies: Boolean, extractPrivateMembers: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) {
+    private fun extractProperty(p: IrProperty, parentId: Label<out DbReftype>, extractBackingField: Boolean, extractFunctionBodies: Boolean, extractPrivateMembers: Boolean, extractAnnotations: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) {
         with("property", p) {
             fun needsInterfaceForwarderQ(f: IrFunction?) = f?.let { needsInterfaceForwarder(f) } ?: false
 
@@ -1286,7 +1570,7 @@ open class KotlinFileExtractor(
                         logger.warnElement("IrProperty without a getter", p)
                     }
                 } else if (shouldExtractDecl(getter, extractPrivateMembers)) {
-                    val getterId = extractFunction(getter, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution, classTypeArgsIncludingOuterClasses)?.cast<DbMethod>()
+                    val getterId = extractFunction(getter, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, extractAnnotations = extractAnnotations, typeSubstitution, classTypeArgsIncludingOuterClasses)?.cast<DbMethod>()
                     if (getterId != null) {
                         tw.writeKtPropertyGetters(id, getterId)
                         if (getter.origin == IrDeclarationOrigin.DELEGATED_PROPERTY_ACCESSOR) {
@@ -1303,7 +1587,7 @@ open class KotlinFileExtractor(
                     if (!p.isVar) {
                         logger.warnElement("!isVar property with a setter", p)
                     }
-                    val setterId = extractFunction(setter, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution, classTypeArgsIncludingOuterClasses)?.cast<DbMethod>()
+                    val setterId = extractFunction(setter, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, extractAnnotations = extractAnnotations, typeSubstitution, classTypeArgsIncludingOuterClasses)?.cast<DbMethod>()
                     if (setterId != null) {
                         tw.writeKtPropertySetters(id, setterId)
                         if (setter.origin == IrDeclarationOrigin.DELEGATED_PROPERTY_ACCESSOR) {
@@ -1315,7 +1599,7 @@ open class KotlinFileExtractor(
                 if (bf != null && extractBackingField) {
                     val fieldParentId = useDeclarationParent(getFieldParent(bf), false)
                     if (fieldParentId != null) {
-                        val fieldId = extractField(bf, fieldParentId.cast())
+                        val fieldId = extractField(bf, fieldParentId.cast(), extractFunctionBodies)
                         tw.writeKtPropertyBackingFields(id, fieldId)
                         if (p.isDelegated) {
                             tw.writeKtPropertyDelegates(id, fieldId)
@@ -1325,6 +1609,8 @@ open class KotlinFileExtractor(
 
                 extractVisibility(p, id, p.visibility)
 
+                // TODO: extract annotations
+
                 if (p.isLateinit) {
                     addModifiers(id, "lateinit")
                 }
@@ -1366,8 +1652,10 @@ open class KotlinFileExtractor(
                 }
 
                 ee.correspondingClass?.let {
-                    extractDeclaration(it, extractPrivateMembers, extractFunctionBodies)
+                    extractDeclaration(it, extractPrivateMembers, extractFunctionBodies, extractAnnotations = true)
                 }
+
+                extractAnnotations(ee, id, extractFunctionBodies)
             }
         }
     }
@@ -1384,6 +1672,8 @@ open class KotlinFileExtractor(
             val type = useType(ta.expandedType)
             tw.writeKt_type_alias(id, ta.name.asString(), type.kotlinResult.id)
             tw.writeHasLocation(id, locId)
+
+            // TODO: extract annotations
         }
     }
 
@@ -1507,14 +1797,15 @@ open class KotlinFileExtractor(
                 }
                 is IrFunction -> {
                     if (s.isLocalFunction()) {
-                        val classId = extractGeneratedClass(s, listOf(pluginContext.irBuiltIns.anyType))
+                        val compilerGeneratedKindOverride = if (s.origin == IrDeclarationOrigin.ADAPTER_FOR_CALLABLE_REFERENCE) {
+                            CompilerGeneratedKinds.DECLARING_CLASSES_OF_ADAPTER_FUNCTIONS
+                        } else {
+                            null
+                        }
+                        val classId = extractGeneratedClass(s, listOf(pluginContext.irBuiltIns.anyType), compilerGeneratedKindOverride = compilerGeneratedKindOverride)
                         extractLocalTypeDeclStmt(classId, s, callable, parent, idx)
                         val ids = getLocallyVisibleFunctionLabels(s)
                         tw.writeKtLocalFunction(ids.function)
-
-                        if (s.origin == IrDeclarationOrigin.ADAPTER_FOR_CALLABLE_REFERENCE) {
-                            tw.writeCompiler_generated(classId, CompilerGeneratedKinds.DECLARING_CLASSES_OF_ADAPTER_FUNCTIONS.kind)
-                        }
                     } else {
                         logger.errorElement("Expected to find local function", s)
                     }
@@ -1736,11 +2027,7 @@ open class KotlinFileExtractor(
             tw.writeCallableBinding(id, methodLabel)
     }
 
-    private val defaultConstructorMarkerClass by lazy {
-        val result = pluginContext.referenceClass(FqName("kotlin.jvm.internal.DefaultConstructorMarker"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    private val defaultConstructorMarkerClass by lazy { referenceExternalClass("kotlin.jvm.internal.DefaultConstructorMarker") }
 
     private val defaultConstructorMarkerType by lazy {
         defaultConstructorMarkerClass?.typeWith()
@@ -1755,11 +2042,12 @@ open class KotlinFileExtractor(
         ) ?: pluginContext.irBuiltIns.anyType
 
     private fun getDefaultsMethodArgTypes(f: IrFunction) =
-        // The $default method has type ([extensionReceiver], [dispatchReceiver], paramTypes..., int, Object)
+        // The $default method has type ([dispatchReceiver], [extensionReceiver], paramTypes..., int, Object)
         // All parameter types are erased. The trailing int is a mask indicating which parameter values are real
         // and which should be replaced by defaults. The final Object parameter is apparently always null.
         (
             listOfNotNull(if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter?.type) +
+            listOfNotNull(f.extensionReceiverParameter?.type) +
             f.valueParameters.map { it.type } +
             listOf(pluginContext.irBuiltIns.intType, getDefaultsMethodLastArgType(f))
         ).map { erase(it) }
@@ -1778,17 +2066,16 @@ open class KotlinFileExtractor(
 
     private fun getDefaultsMethodLabel(f: IrFunction): Label<out DbCallable> {
         val defaultsMethodName = if (f is IrConstructor) "<init>" else getDefaultsMethodName(f)
-        val normalArgTypes = getDefaultsMethodArgTypes(f)
-        val extensionParamType = f.extensionReceiverParameter?.let { erase(it.type) }
+        val argTypes = getDefaultsMethodArgTypes(f)
 
         val defaultMethodLabelStr = getFunctionLabel(
             f.parent,
             maybeParentId = null,
             defaultsMethodName,
-            normalArgTypes,
+            argTypes,
             erase(f.returnType),
-            extensionParamType,
-            listOf(),
+            extensionParamType = null, // if there's any, that's included already in argTypes
+            functionTypeParameters = listOf(),
             classTypeArgsIncludingOuterClasses = null,
             overridesCollectionsMethod = false,
             javaSignature = null,
@@ -1848,13 +2135,14 @@ open class KotlinFileExtractor(
         extensionReceiver: IrExpression?
     ) {
         var nextIdx = 0
-        if (extensionReceiver != null) {
-            extractExpressionExpr(extensionReceiver, enclosingCallable, id, nextIdx++, enclosingStmt)
-        }
         if (dispatchReceiver != null && !callTarget.shouldExtractAsStatic) {
             extractExpressionExpr(dispatchReceiver, enclosingCallable, id, nextIdx++, enclosingStmt)
         }
 
+        if (extensionReceiver != null) {
+            extractExpressionExpr(extensionReceiver, enclosingCallable, id, nextIdx++, enclosingStmt)
+        }
+
         val valueArgsWithDummies = valueArguments.zip(callTarget.valueParameters).map {
                 (expr, param) -> expr ?: IrConstImpl.defaultValueForType(0, 0, param.type)
         }
@@ -2057,7 +2345,7 @@ open class KotlinFileExtractor(
         extractValueArguments(argParent, idxOffset)
     }
 
-    private fun extractStaticTypeAccessQualifierUnchecked(parent: IrDeclarationParent, parentExpr: Label<out DbExprparent>, locId: Label<DbLocation>, enclosingCallable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) {
+    private fun extractStaticTypeAccessQualifierUnchecked(parent: IrDeclarationParent, parentExpr: Label<out DbExprparent>, locId: Label<DbLocation>, enclosingCallable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?) {
         if (parent is IrClass) {
             extractTypeAccessRecursive(parent.toRawType(), locId, parentExpr, -1, enclosingCallable, enclosingStmt)
         } else if (parent is IrFile) {
@@ -2067,7 +2355,7 @@ open class KotlinFileExtractor(
         }
     }
 
-    private fun extractStaticTypeAccessQualifier(target: IrDeclaration, parentExpr: Label<out DbExprparent>, locId: Label<DbLocation>, enclosingCallable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) {
+    private fun extractStaticTypeAccessQualifier(target: IrDeclaration, parentExpr: Label<out DbExprparent>, locId: Label<DbLocation>, enclosingCallable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?) {
         if (target.shouldExtractAsStatic) {
             extractStaticTypeAccessQualifierUnchecked(target.parent, parentExpr, locId, enclosingCallable, enclosingStmt)
         }
@@ -2102,11 +2390,7 @@ open class KotlinFileExtractor(
 
     private fun findFunction(cls: IrClass, name: String): IrFunction? = cls.declarations.findSubType<IrFunction> { it.name.asString() == name }
 
-    val jvmIntrinsicsClass by lazy {
-        val result = pluginContext.referenceClass(FqName("kotlin.jvm.internal.Intrinsics"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val jvmIntrinsicsClass by lazy { referenceExternalClass("kotlin.jvm.internal.Intrinsics") }
 
     private fun findJdkIntrinsicOrWarn(name: String, warnAgainstElement: IrElement): IrFunction? {
         val result = jvmIntrinsicsClass?.let { findFunction(it, name) }
@@ -2152,11 +2436,7 @@ open class KotlinFileExtractor(
         return prop
     }
 
-    val javaLangString by lazy {
-        val result = pluginContext.referenceClass(FqName("java.lang.String"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val javaLangString by lazy { referenceExternalClass("java.lang.String") }
 
     val stringValueOfObjectMethod by lazy {
         val result = javaLangString?.declarations?.findSubType<IrFunction> {
@@ -2180,11 +2460,7 @@ open class KotlinFileExtractor(
         result
     }
 
-    val kotlinNoWhenBranchMatchedExn by lazy {
-        val result = pluginContext.referenceClass(FqName("kotlin.NoWhenBranchMatchedException"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val kotlinNoWhenBranchMatchedExn by lazy {referenceExternalClass("kotlin.NoWhenBranchMatchedException") }
 
     val kotlinNoWhenBranchMatchedConstructor by lazy {
         val result = kotlinNoWhenBranchMatchedExn?.declarations?.findSubType<IrConstructor> {
@@ -2196,11 +2472,7 @@ open class KotlinFileExtractor(
         result
     }
 
-    val javaUtilArrays by lazy {
-        val result = pluginContext.referenceClass(FqName("java.util.Arrays"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val javaUtilArrays by lazy { referenceExternalClass("java.util.Arrays") }
 
     private fun isFunction(target: IrFunction, pkgName: String, classNameLogged: String, classNamePredicate: (String) -> Boolean, vararg fNames: String, isNullable: Boolean? = false) =
         fNames.any { isFunction(target, pkgName, classNameLogged, classNamePredicate, it, isNullable) }
@@ -3348,10 +3620,10 @@ open class KotlinFileExtractor(
         extractExpression(e, callable, ExprParent(parent, idx, enclosingStmt))
     }
 
-    private fun extractExprContext(id: Label<out DbExpr>, locId: Label<DbLocation>, callable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) {
+    private fun extractExprContext(id: Label<out DbExpr>, locId: Label<DbLocation>, callable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?) {
         tw.writeHasLocation(id, locId)
-        tw.writeCallableEnclosingExpr(id, callable)
-        tw.writeStatementEnclosingExpr(id, enclosingStmt)
+        callable?.let { tw.writeCallableEnclosingExpr(id, it) }
+        enclosingStmt?.let { tw.writeStatementEnclosingExpr(id, it) }
     }
 
     private fun extractEqualsExpression(locId: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) =
@@ -3370,8 +3642,8 @@ open class KotlinFileExtractor(
             extractExprContext(it, locId, callable, enclosingStmt)
         }
 
-    private fun extractConstantInteger(v: Number, locId: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) =
-        tw.getFreshIdLabel<DbIntegerliteral>().also {
+    private fun extractConstantInteger(v: Number, locId: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?, overrideId: Label<out DbExpr>? = null) =
+        exprIdOrFresh<DbIntegerliteral>(overrideId).also {
             val type = useType(pluginContext.irBuiltIns.intType)
             tw.writeExprs_integerliteral(it, type.javaResult.id, parent, idx)
             tw.writeExprsKotlinType(it, type.kotlinResult.id)
@@ -3379,8 +3651,8 @@ open class KotlinFileExtractor(
             extractExprContext(it, locId, callable, enclosingStmt)
         }
 
-    private fun extractNull(t: IrType, locId: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) =
-        tw.getFreshIdLabel<DbNullliteral>().also {
+    private fun extractNull(t: IrType, locId: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?, overrideId: Label<out DbExpr>? = null) =
+        exprIdOrFresh<DbNullliteral>(overrideId).also {
             val type = useType(t)
             tw.writeExprs_nullliteral(it, type.javaResult.id, parent, idx)
             tw.writeExprsKotlinType(it, type.kotlinResult.id)
@@ -3545,72 +3817,7 @@ open class KotlinFileExtractor(
                 }
                 is IrConst<*> -> {
                     val exprParent = parent.expr(e, callable)
-                    val v = e.value
-                    when {
-                        v is Number && (v is Int || v is Short || v is Byte) -> {
-                            extractConstantInteger(v, tw.getLocation(e), exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
-                        }
-                        v is Long -> {
-                            val id = tw.getFreshIdLabel<DbLongliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_longliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v is Float -> {
-                            val id = tw.getFreshIdLabel<DbFloatingpointliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_floatingpointliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v is Double -> {
-                            val id = tw.getFreshIdLabel<DbDoubleliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_doubleliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v is Boolean -> {
-                            val id = tw.getFreshIdLabel<DbBooleanliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_booleanliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v is Char -> {
-                            val id = tw.getFreshIdLabel<DbCharacterliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_characterliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v is String -> {
-                            val id = tw.getFreshIdLabel<DbStringliteral>()
-                            val type = useType(e.type)
-                            val locId = tw.getLocation(e)
-                            tw.writeExprs_stringliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                            tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                            extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-                            tw.writeNamestrings(v.toString(), v.toString(), id)
-                        }
-                        v == null -> {
-                            extractNull(e.type, tw.getLocation(e), exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
-                        }
-                        else -> {
-                            logger.errorElement("Unrecognised IrConst: " + v.javaClass, e)
-                        }
-                    }
+                    extractConstant(e, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
                 }
                 is IrGetValue -> {
                     val exprParent = parent.expr(e, callable)
@@ -3639,19 +3846,7 @@ open class KotlinFileExtractor(
                 }
                 is IrGetEnumValue -> {
                     val exprParent = parent.expr(e, callable)
-                    val id = tw.getFreshIdLabel<DbVaraccess>()
-                    val type = useType(e.type)
-                    val locId = tw.getLocation(e)
-                    tw.writeExprs_varaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                    extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-
-                    val owner = getBoundSymbolOwner(e.symbol, e) ?: return
-
-                    val vId = useEnumEntry(owner)
-                    tw.writeVariableBinding(id, vId)
-
-                    extractStaticTypeAccessQualifier(owner, id, locId, callable, exprParent.enclosingStmt)
+                    extractEnumValue(e, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
                 }
                 is IrSetValue,
                 is IrSetField -> {
@@ -3895,14 +4090,7 @@ open class KotlinFileExtractor(
                 }
                 is IrClassReference -> {
                     val exprParent = parent.expr(e, callable)
-                    val id = tw.getFreshIdLabel<DbTypeliteral>()
-                    val locId = tw.getLocation(e)
-                    val type = useType(e.type)
-                    tw.writeExprs_typeliteral(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                    extractExprContext(id, locId, callable, exprParent.enclosingStmt)
-
-                    extractTypeAccessRecursive(e.classType, locId, id, 0, callable, exprParent.enclosingStmt)
+                    extractClassReference(e, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
                 }
                 is IrPropertyReference -> {
                     extractPropertyReference("property reference", e, e.getter, e.setter, e.field, parent, callable)
@@ -3991,8 +4179,7 @@ open class KotlinFileExtractor(
                     // Use of 'this' in a function where the dispatch receiver is passed like an ordinary parameter,
                     // such as a `$default` static function that substitutes in default arguments as needed.
                     val paramDeclarerId = overriddenAttributes.id ?: useDeclarationParent(thisParamParent, false)
-                    val extensionParamOffset = if (thisParamParent.extensionReceiverParameter != null) 1 else 0
-                    val replacementParamId = tw.getLabelFor<DbParam>(getValueParameterLabel(paramDeclarerId, replaceWithParamIdx + extensionParamOffset))
+                    val replacementParamId = tw.getLabelFor<DbParam>(getValueParameterLabel(paramDeclarerId, replaceWithParamIdx))
                     extractVariableAccess(replacementParamId, e.type, locId, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
                     return
                 }
@@ -4101,6 +4288,158 @@ open class KotlinFileExtractor(
         extractExpressionExpr(loop.condition, callable, id, 0, id)
     }
 
+    private fun <T : DbExpr> exprIdOrFresh(id: Label<out DbExpr>?) = id?.cast<T>() ?: tw.getFreshIdLabel()
+
+    private fun extractClassReference(
+        e: IrClassReference,
+        parent: Label<out DbExprparent>,
+        idx: Int,
+        enclosingCallable: Label<out DbCallable>?,
+        enclosingStmt: Label<out DbStmt>?,
+        overrideId: Label<out DbExpr>? = null,
+        typeAccessOverrideId: Label<out DbExpr>? = null,
+        useJavaLangClassType: Boolean = false
+    ) =
+        exprIdOrFresh<DbTypeliteral>(overrideId).also { id ->
+            val locId = tw.getLocation(e)
+            val jlcType = if (useJavaLangClassType) this.javaLangClass?.let { it.typeWith() } else null
+            val type = useType(jlcType ?: e.type)
+            tw.writeExprs_typeliteral(id, type.javaResult.id, parent, idx)
+            tw.writeExprsKotlinType(id, type.kotlinResult.id)
+            extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+
+            extractTypeAccessRecursive(e.classType, locId, id, 0, enclosingCallable, enclosingStmt, overrideId = typeAccessOverrideId)
+        }
+
+    private fun extractEnumValue(
+        e: IrGetEnumValue,
+        parent: Label<out DbExprparent>,
+        idx: Int,
+        enclosingCallable: Label<out DbCallable>?,
+        enclosingStmt: Label<out DbStmt>?,
+        extractTypeAccess: Boolean = true,
+        overrideId: Label<out DbExpr>? = null
+    ) =
+        exprIdOrFresh<DbVaraccess>(overrideId).also { id ->
+            val type = useType(e.type)
+            val locId = tw.getLocation(e)
+            tw.writeExprs_varaccess(id, type.javaResult.id, parent, idx)
+            tw.writeExprsKotlinType(id, type.kotlinResult.id)
+            extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+
+            getBoundSymbolOwner(e.symbol, e)?.let { owner ->
+
+                val vId = useEnumEntry(owner)
+                tw.writeVariableBinding(id, vId)
+
+                if (extractTypeAccess)
+                    extractStaticTypeAccessQualifier(owner, id, locId, enclosingCallable, enclosingStmt)
+
+            }
+        }
+
+    private fun escapeCharForQuotedLiteral(c: Char) =
+        when(c) {
+            '\r' -> "\\r"
+            '\n' -> "\\n"
+            '\t' -> "\\t"
+            '\\' -> "\\\\"
+            '"' -> "\\\""
+            else -> c.toString()
+        }
+
+    // Render a string literal as it might occur in Kotlin source. Note this is a reasonable guess; the real source
+    // could use other escape sequences to describe the same String. Importantly, this is the same guess the Java
+    // extractor makes regarding string literals occurring within annotations, which we need to coincide with to ensure
+    // database consistency.
+    private fun toQuotedLiteral(s: String) =
+        s.toCharArray().joinToString(separator = "", prefix = "\"", postfix = "\"") { c -> escapeCharForQuotedLiteral(c) }
+
+    private fun extractConstant(
+        e: IrConst<*>,
+        parent: Label<out DbExprparent>,
+        idx: Int,
+        enclosingCallable: Label<out DbCallable>?,
+        enclosingStmt: Label<out DbStmt>?,
+        overrideId: Label<out DbExpr>? = null
+    ): Label<out DbExpr>? {
+
+        val v = e.value
+        return when {
+            v is Number && (v is Int || v is Short || v is Byte) -> {
+                extractConstantInteger(v, tw.getLocation(e), parent, idx, enclosingCallable, enclosingStmt, overrideId = overrideId)
+            }
+            v is Long -> {
+                exprIdOrFresh<DbLongliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_longliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(v.toString(), v.toString(), id)
+                }
+            }
+            v is Float -> {
+                exprIdOrFresh<DbFloatingpointliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_floatingpointliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(v.toString(), v.toString(), id)
+                }
+            }
+            v is Double -> {
+                exprIdOrFresh<DbDoubleliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_doubleliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(v.toString(), v.toString(), id)
+                }
+            }
+            v is Boolean -> {
+                exprIdOrFresh<DbBooleanliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_booleanliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(v.toString(), v.toString(), id)
+                }
+            }
+            v is Char -> {
+                exprIdOrFresh<DbCharacterliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_characterliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(v.toString(), v.toString(), id)
+                }
+            }
+            v is String -> {
+                exprIdOrFresh<DbStringliteral>(overrideId).also { id ->
+                    val type = useType(e.type)
+                    val locId = tw.getLocation(e)
+                    tw.writeExprs_stringliteral(id, type.javaResult.id, parent, idx)
+                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
+                    extractExprContext(id, locId, enclosingCallable, enclosingStmt)
+                    tw.writeNamestrings(toQuotedLiteral(v.toString()), v.toString(), id)
+                }
+            }
+            v == null -> {
+                extractNull(e.type, tw.getLocation(e), parent, idx, enclosingCallable, enclosingStmt, overrideId = overrideId)
+            }
+            else -> {
+                null.also {
+                    logger.errorElement("Unrecognised IrConst: " + v.javaClass, e)
+                }
+            }
+        }
+    }
+
     private fun IrValueParameter.isExtensionReceiver(): Boolean {
         val parentFun = parent as? IrFunction ?: return false
         return parentFun.extensionReceiverParameter == this
@@ -4164,12 +4503,12 @@ open class KotlinFileExtractor(
             val firstAssignmentStmtIdx = 1
 
             if (dispatchReceiverInfo != null) {
-                extractField(dispatchReceiverInfo.field, "<dispatchReceiver>", dispatchReceiverInfo.type, classId, locId, DescriptorVisibilities.PRIVATE, callableReferenceExpr, isExternalDeclaration = false, isFinal = true)
+                extractField(dispatchReceiverInfo.field, "<dispatchReceiver>", dispatchReceiverInfo.type, classId, locId, DescriptorVisibilities.PRIVATE, callableReferenceExpr, isExternalDeclaration = false, isFinal = true, isStatic = false)
                 extractParameterToFieldAssignmentInConstructor("<dispatchReceiver>", dispatchReceiverInfo.type, dispatchReceiverInfo.field, 0 + dispatchReceiverInfo.indexOffset, firstAssignmentStmtIdx + dispatchReceiverInfo.indexOffset)
             }
 
             if (extensionReceiverInfo != null) {
-                extractField(extensionReceiverInfo.field, "<extensionReceiver>", extensionReceiverInfo.type, classId, locId, DescriptorVisibilities.PRIVATE, callableReferenceExpr, isExternalDeclaration = false, isFinal = true)
+                extractField(extensionReceiverInfo.field, "<extensionReceiver>", extensionReceiverInfo.type, classId, locId, DescriptorVisibilities.PRIVATE, callableReferenceExpr, isExternalDeclaration = false, isFinal = true, isStatic = false)
                 extractParameterToFieldAssignmentInConstructor( "<extensionReceiver>", extensionReceiverInfo.type, extensionReceiverInfo.field, 0 + extensionReceiverInfo.indexOffset, firstAssignmentStmtIdx + extensionReceiverInfo.indexOffset)
             }
         }
@@ -4393,6 +4732,8 @@ open class KotlinFileExtractor(
         }
     }
 
+    private val propertyRefType by lazy { referenceExternalClass("kotlin.jvm.internal.PropertyReference")?.typeWith() }
+
     private fun extractPropertyReference(
         exprKind: String,
         propertyReferenceExpr: IrCallableReference<out IrSymbol>,
@@ -4456,8 +4797,7 @@ open class KotlinFileExtractor(
 
             val declarationParent = peekDeclStackAsDeclarationParent(propertyReferenceExpr) ?: return
             // The base class could be `Any`. `PropertyReference` is used to keep symmetry with function references.
-            val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.PropertyReference"))?.owner?.typeWith()
-                ?: pluginContext.irBuiltIns.anyType
+            val baseClass = propertyRefType ?: pluginContext.irBuiltIns.anyType
 
             val classId = extractGeneratedClass(ids, listOf(baseClass, kPropertyType), locId, propertyReferenceExpr, declarationParent)
 
@@ -4551,6 +4891,8 @@ open class KotlinFileExtractor(
         }
     }
 
+    private val functionRefType by lazy { referenceExternalClass("kotlin.jvm.internal.FunctionReference")?.typeWith() }
+
     private fun extractFunctionReference(
         functionReferenceExpr: IrFunctionReference,
         parent: StmtExprParent,
@@ -4665,10 +5007,9 @@ open class KotlinFileExtractor(
             } else {
                 val declarationParent = peekDeclStackAsDeclarationParent(functionReferenceExpr) ?: return
                 // `FunctionReference` base class is required, because that's implementing `KFunction`.
-                val baseClass = pluginContext.referenceClass(FqName("kotlin.jvm.internal.FunctionReference"))?.owner?.typeWith()
-                    ?: pluginContext.irBuiltIns.anyType
+                val baseClass = functionRefType ?: pluginContext.irBuiltIns.anyType
 
-                val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent, { it.valueParameters.size == 1 }) {
+                val classId = extractGeneratedClass(ids, listOf(baseClass, fnInterfaceType), locId, functionReferenceExpr, declarationParent, null, { it.valueParameters.size == 1 }) {
                     // The argument to FunctionReference's constructor is the function arity.
                     extractConstantInteger(type.arguments.size - 1, locId, it, 0, ids.constructor, it)
                 }
@@ -4712,34 +5053,14 @@ open class KotlinFileExtractor(
         }
     }
 
-    private fun getFunctionalInterfaceType(functionNTypeArguments: List<IrType>): IrSimpleType? {
-        if (functionNTypeArguments.size > BuiltInFunctionArity.BIG_ARITY) {
-            val funName = "kotlin.jvm.functions.FunctionN"
-            val theFun = pluginContext.referenceClass(FqName(funName))
-            if (theFun == null) {
-                logger.warn("Cannot find $funName for getFunctionalInterfaceType")
-                return null
-            } else {
-                return theFun.typeWith(functionNTypeArguments.last())
-            }
-        } else {
-            return functionN(pluginContext)(functionNTypeArguments.size - 1).typeWith(functionNTypeArguments)
-        }
-    }
+    private fun getFunctionalInterfaceType(functionNTypeArguments: List<IrType>) =
+        getFunctionalInterfaceTypeWithTypeArgs(functionNTypeArguments.map { makeTypeProjection(it, Variance.INVARIANT) })
 
-    private fun getFunctionalInterfaceTypeWithTypeArgs(functionNTypeArguments: List<IrTypeArgument>): IrSimpleType? =
-        if (functionNTypeArguments.size > BuiltInFunctionArity.BIG_ARITY) {
-            val funName = "kotlin.jvm.functions.FunctionN"
-            val theFun = pluginContext.referenceClass(FqName(funName))
-            if (theFun == null) {
-                logger.warn("Cannot find $funName for getFunctionalInterfaceTypeWithTypeArgs")
-                null
-            } else {
-                theFun.typeWithArguments(listOf(functionNTypeArguments.last()))
-            }
-        } else {
+    private fun getFunctionalInterfaceTypeWithTypeArgs(functionNTypeArguments: List<IrTypeArgument>) =
+        if (functionNTypeArguments.size > BuiltInFunctionArity.BIG_ARITY)
+            referenceExternalClass("kotlin.jvm.functions.FunctionN")?.symbol?.typeWithArguments(listOf(functionNTypeArguments.last()))
+        else
             functionN(pluginContext)(functionNTypeArguments.size - 1).symbol.typeWithArguments(functionNTypeArguments)
-        }
 
     private data class FunctionLabels(
         val methodId: Label<DbMethod>,
@@ -4945,11 +5266,11 @@ open class KotlinFileExtractor(
     /**
      * Extracts a single type access expression with no enclosing callable and statement.
      */
-    private fun extractTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
+    private fun extractTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int, overrideId: Label<out DbExpr>? = null): Label<out DbExpr> {
         // TODO: elementForLocation allows us to give some sort of
         //   location, but a proper location for the type access will
         //   require upstream changes
-        val id = tw.getFreshIdLabel<DbUnannotatedtypeaccess>()
+        val id = exprIdOrFresh<DbUnannotatedtypeaccess>(overrideId)
         tw.writeExprs_unannotatedtypeaccess(id, type.javaResult.id, parent, idx)
         tw.writeExprsKotlinType(id, type.kotlinResult.id)
         tw.writeHasLocation(id, location)
@@ -4959,10 +5280,14 @@ open class KotlinFileExtractor(
     /**
      * Extracts a single type access expression with enclosing callable and statement.
      */
-    private fun extractTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, enclosingCallable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>): Label<out DbExpr> {
-        val id = extractTypeAccess(type, location, parent, idx)
-        tw.writeCallableEnclosingExpr(id, enclosingCallable)
-        tw.writeStatementEnclosingExpr(id, enclosingStmt)
+    private fun extractTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, enclosingCallable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?, overrideId: Label<out DbExpr>? = null): Label<out DbExpr> {
+        val id = extractTypeAccess(type, location, parent, idx, overrideId = overrideId)
+        if (enclosingCallable != null) {
+            tw.writeCallableEnclosingExpr(id, enclosingCallable)
+        }
+        if (enclosingStmt != null) {
+            tw.writeStatementEnclosingExpr(id, enclosingStmt)
+        }
         return id
     }
 
@@ -5004,11 +5329,14 @@ open class KotlinFileExtractor(
     /**
      * Extracts a type access expression and its child type access expressions in case of a generic type. Nested generics are also handled.
      */
-    private fun extractTypeAccessRecursive(t: IrType, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, enclosingCallable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> {
+    private fun extractTypeAccessRecursive(t: IrType, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, enclosingCallable: Label<out DbCallable>?, enclosingStmt: Label<out DbStmt>?, typeContext: TypeContext = TypeContext.OTHER, overrideId: Label<out DbExpr>? = null): Label<out DbExpr> {
         // TODO: `useType` substitutes types to their java equivalent, and sometimes that also means changing the number of type arguments. The below logic doesn't take this into account.
         // For example `KFunction2<Int,Double,String>` becomes `KFunction<String>` with three child type access expressions: `Int`, `Double`, `String`.
-        val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx, enclosingCallable, enclosingStmt)
+        val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx, enclosingCallable, enclosingStmt, overrideId = overrideId)
         if (t is IrSimpleType) {
+            if (t.arguments.isNotEmpty() && overrideId != null) {
+                logger.error("Unexpected parameterized type with an overridden expression ID; children will be assigned fresh IDs")
+            }
             extractTypeArguments(t.arguments.filterIsInstance<IrType>(), location, typeAccessId, enclosingCallable, enclosingStmt)
         }
         return typeAccessId
@@ -5022,8 +5350,8 @@ open class KotlinFileExtractor(
         typeArgs: List<IrType>,
         location: Label<DbLocation>,
         parentExpr: Label<out DbExprparent>,
-        enclosingCallable: Label<out DbCallable>,
-        enclosingStmt: Label<out DbStmt>,
+        enclosingCallable: Label<out DbCallable>?,
+        enclosingStmt: Label<out DbStmt>?,
         startIndex: Int = 0,
         reverse: Boolean = false
     ) {
@@ -5237,7 +5565,7 @@ open class KotlinFileExtractor(
 
                     // add field
                     val fieldId = tw.getFreshIdLabel<DbField>()
-                    extractField(fieldId, "<fn>", functionType, classId, locId, DescriptorVisibilities.PRIVATE, e, isExternalDeclaration = false, isFinal = true)
+                    extractField(fieldId, "<fn>", functionType, classId, locId, DescriptorVisibilities.PRIVATE, e, isExternalDeclaration = false, isFinal = true, isStatic = false)
 
                     // adjust constructor
                     helper.extractParameterToFieldAssignmentInConstructor("<fn>", functionType, fieldId, 0, 1)
@@ -5256,7 +5584,7 @@ open class KotlinFileExtractor(
                     // we would need to compose generic type substitutions -- for example, if we're implementing
                     // T UnaryOperator<T>.apply(T t) here, we would need to compose substitutions so we can implement
                     // the real underlying R Function<T, R>.apply(T t).
-                    forceExtractFunction(samMember, classId, extractBody = false, extractMethodAndParameterTypeAccesses = true, typeSub, classTypeArgs, overriddenAttributes = OverriddenFunctionAttributes(id = ids.function, sourceLoc = tw.getLocation(e)))
+                    forceExtractFunction(samMember, classId, extractBody = false, extractMethodAndParameterTypeAccesses = true, extractAnnotations = false, typeSub, classTypeArgs, overriddenAttributes = OverriddenFunctionAttributes(id = ids.function, sourceLoc = tw.getLocation(e), modality = Modality.FINAL))
 
                     addModifiers(ids.function, "override")
                     if (st.isSuspendFunctionOrKFunction()) {
@@ -5372,13 +5700,15 @@ open class KotlinFileExtractor(
         locId: Label<DbLocation>,
         elementToReportOn: IrElement,
         declarationParent: IrDeclarationParent,
+        compilerGeneratedKindOverride: CompilerGeneratedKinds? = null,
         superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() },
-        extractSuperconstructorArgs: (Label<DbSuperconstructorinvocationstmt>) -> Unit = {}
+        extractSuperconstructorArgs: (Label<DbSuperconstructorinvocationstmt>) -> Unit = {},
     ): Label<out DbClass> {
         // Write class
         val id = ids.type.javaResult.id.cast<DbClass>()
         val pkgId = extractPackage("")
         tw.writeClasses(id, "", pkgId, id)
+        tw.writeCompiler_generated(id, (compilerGeneratedKindOverride ?: CompilerGeneratedKinds.CALLABLE_CLASS).kind)
         tw.writeHasLocation(id, locId)
 
         // Extract constructor
@@ -5425,14 +5755,18 @@ open class KotlinFileExtractor(
     /**
      * Extracts the class around a local function or a lambda. The superclass must have a no-arg constructor.
      */
-    private fun extractGeneratedClass(localFunction: IrFunction, superTypes: List<IrType>) : Label<out DbClass> {
+    private fun extractGeneratedClass(
+        localFunction: IrFunction,
+        superTypes: List<IrType>,
+        compilerGeneratedKindOverride: CompilerGeneratedKinds? = null
+    ) : Label<out DbClass> {
         with("generated class", localFunction) {
             val ids = getLocallyVisibleFunctionLabels(localFunction)
 
-            val id = extractGeneratedClass(ids, superTypes, tw.getLocation(localFunction), localFunction, localFunction.parent)
+            val id = extractGeneratedClass(ids, superTypes, tw.getLocation(localFunction), localFunction, localFunction.parent, compilerGeneratedKindOverride = compilerGeneratedKindOverride)
 
             // Extract local function as a member
-            extractFunction(localFunction, id, extractBody = true, extractMethodAndParameterTypeAccesses = true, null, listOf())
+            extractFunction(localFunction, id, extractBody = true, extractMethodAndParameterTypeAccesses = true, extractAnnotations = false, null, listOf())
 
             return id
         }
@@ -5475,6 +5809,7 @@ open class KotlinFileExtractor(
         val typeParameters: List<IrTypeParameter>? = null,
         val isStatic: Boolean? = null,
         val visibility: DescriptorVisibility? = null,
+        val modality: Modality? = null,
     )
 
     private fun peekDeclStackAsDeclarationParent(elementToReportOn: IrElement): IrDeclarationParent? {
@@ -5503,5 +5838,6 @@ open class KotlinFileExtractor(
         DEFAULT_ARGUMENTS_METHOD(10),
         INTERFACE_FORWARDER(11),
         ENUM_CONSTRUCTOR_ARGUMENT(12),
+        CALLABLE_CLASS(13),
     }
 }
diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
index b9e66ac18d6..cc335d3f8cb 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
@@ -40,11 +40,15 @@ open class KotlinUsesExtractor(
     val pluginContext: IrPluginContext,
     val globalExtensionState: KotlinExtractorGlobalState
 ) {
-    val javaLangObject by lazy {
-        val result = pluginContext.referenceClass(FqName("java.lang.Object"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    fun referenceExternalClass(name: String) =
+        pluginContext.referenceClass(FqName(name))?.owner.also {
+            if (it == null)
+                logger.warn("Unable to resolve external class $name")
+            else
+                extractExternalClassLater(it)
+        }
+
+    val javaLangObject by lazy { referenceExternalClass("java.lang.Object") }
 
     val javaLangObjectType by lazy {
         javaLangObject?.typeWith()
@@ -67,15 +71,12 @@ open class KotlinUsesExtractor(
         TypeResult(fakeKotlinType(), "", "")
     )
 
-    @OptIn(kotlin.ExperimentalStdlibApi::class) // Annotation required by kotlin versions < 1.5
     fun extractFileClass(f: IrFile): Label<out DbClass> {
-        val fileName = f.fileEntry.name
         val pkg = f.fqName.asString()
-        val defaultName = fileName.replaceFirst(Regex(""".*[/\\]"""), "").replaceFirst(Regex("""\.kt$"""), "").replaceFirstChar({ it.uppercase() }) + "Kt"
-        var jvmName = getJvmName(f) ?: defaultName
+        val jvmName = getFileClassName(f)
         val qualClassName = if (pkg.isEmpty()) jvmName else "$pkg.$jvmName"
         val label = "@\"class;$qualClassName\""
-        val id: Label<DbClass> = tw.getLabelFor(label, {
+        val id: Label<DbClass> = tw.getLabelFor(label) {
             val fileId = tw.mkFileId(f.path, false)
             val locId = tw.getWholeFileLocation(fileId)
             val pkgId = extractPackage(pkg)
@@ -84,7 +85,7 @@ open class KotlinUsesExtractor(
             tw.writeHasLocation(it, locId)
 
             addModifiers(it, "public", "final")
-        })
+        }
         return id
     }
 
@@ -258,10 +259,26 @@ open class KotlinUsesExtractor(
     private fun propertySignature(p: IrProperty) =
         ((p.getter ?: p.setter)?.extensionReceiverParameter?.let { useType(erase(it.type)).javaResult.signature } ?: "")
 
+    fun getTrapFileSignature(d: IrDeclaration) =
+        when(d) {
+            is IrFunction ->
+                // Note we erase the parameter types before calling useType even though the signature should be the same
+                // in order to prevent an infinite loop through useTypeParameter -> useDeclarationParent -> useFunction
+                // -> extractFunctionLaterIfExternalFileMember, which would result for `fun <T> f(t: T) { ... }` for example.
+                (listOfNotNull(d.extensionReceiverParameter) + d.valueParameters)
+                    .map { useType(erase(it.type)).javaResult.signature }
+                    .joinToString(separator = ",", prefix = "(", postfix = ")")
+            is IrProperty -> propertySignature(d) + externalClassExtractor.propertySignature
+            is IrField -> (d.correspondingPropertySymbol?.let { propertySignature(it.owner) } ?: "") + externalClassExtractor.fieldSignature
+            else -> "unknown signature".also {
+                logger.warn("Trap file signature requested for unexpected element $d")
+            }
+        }
+
     private fun extractPropertyLaterIfExternalFileMember(p: IrProperty) {
         if (isExternalFileClassMember(p)) {
             extractExternalClassLater(p.parentAsClass)
-            val signature = propertySignature(p) + externalClassExtractor.propertySignature
+            val signature = getTrapFileSignature(p)
             dependencyCollector?.addDependency(p, signature)
             externalClassExtractor.extractLater(p, signature)
         }
@@ -270,7 +287,7 @@ open class KotlinUsesExtractor(
     private fun extractFieldLaterIfExternalFileMember(f: IrField) {
         if (isExternalFileClassMember(f)) {
             extractExternalClassLater(f.parentAsClass)
-            val signature = (f.correspondingPropertySymbol?.let { propertySignature(it.owner) } ?: "") + externalClassExtractor.fieldSignature
+            val signature = getTrapFileSignature(f)
             dependencyCollector?.addDependency(f, signature)
             externalClassExtractor.extractLater(f, signature)
         }
@@ -285,18 +302,7 @@ open class KotlinUsesExtractor(
                 // getters and setters are extracted alongside it
                 return
             }
-            // Note we erase the parameter types before calling useType even though the signature should be the same
-            // in order to prevent an infinite loop through useTypeParameter -> useDeclarationParent -> useFunction
-            // -> extractFunctionLaterIfExternalFileMember, which would result for `fun <T> f(t: T) { ... }` for example.
-            val ext = f.extensionReceiverParameter
-            val parameters = if (ext != null) {
-                listOf(ext) + f.valueParameters
-            } else {
-                f.valueParameters
-            }
-
-            val paramSigs = parameters.map { useType(erase(it.type)).javaResult.signature }
-            val signature = paramSigs.joinToString(separator = ",", prefix = "(", postfix = ")")
+            val signature = getTrapFileSignature(f)
             dependencyCollector?.addDependency(f, signature)
             externalClassExtractor.extractLater(f, signature)
         }
@@ -821,7 +827,7 @@ open class KotlinUsesExtractor(
                 OperatorNameConventions.INVOKE.asString())
 
         fun getSuffixIfInternal() =
-            if (f.visibility == DescriptorVisibilities.INTERNAL && f !is IrConstructor) {
+            if (f.visibility == DescriptorVisibilities.INTERNAL && f !is IrConstructor && !(f.parent is IrFile || isExternalFileClassMember(f))) {
                 "\$" + getJvmModuleName(f)
             } else {
                 ""
@@ -883,11 +889,7 @@ open class KotlinUsesExtractor(
             else -> null
         }
 
-    val javaUtilCollection by lazy {
-        val result = pluginContext.referenceClass(FqName("java.util.Collection"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val javaUtilCollection by lazy { referenceExternalClass("java.util.Collection") }
 
     val wildcardCollectionType by lazy {
         javaUtilCollection?.let {
@@ -1150,11 +1152,7 @@ open class KotlinUsesExtractor(
         return "@\"$prefix;{$parentId}.$name($paramTypeIds){$returnTypeId}${typeArgSuffix}\""
     }
 
-    val javaLangClass by lazy {
-        val result = pluginContext.referenceClass(FqName("java.lang.Class"))?.owner
-        result?.let { extractExternalClassLater(it) }
-        result
-    }
+    val javaLangClass by lazy { referenceExternalClass("java.lang.Class") }
 
     fun kClassToJavaClass(t: IrType): IrType {
         when(t) {
@@ -1647,7 +1645,7 @@ open class KotlinUsesExtractor(
     fun useValueParameter(vp: IrValueParameter, parent: Label<out DbCallable>?): Label<out DbParam> =
         tw.getLabelFor(getValueParameterLabel(vp, parent))
 
-    private fun isDirectlyExposedCompanionObjectField(f: IrField) =
+    private fun isDirectlyExposableCompanionObjectField(f: IrField) =
         f.hasAnnotation(FqName("kotlin.jvm.JvmField")) ||
         f.correspondingPropertySymbol?.owner?.let {
             it.isConst || it.isLateinit
@@ -1655,12 +1653,14 @@ open class KotlinUsesExtractor(
 
     fun getFieldParent(f: IrField) =
         f.parentClassOrNull?.let {
-            if (it.isCompanion && isDirectlyExposedCompanionObjectField(f))
+            if (it.isCompanion && isDirectlyExposableCompanionObjectField(f))
                 it.parent
             else
                 null
         } ?: f.parent
 
+    fun isDirectlyExposedCompanionObjectField(f: IrField) = getFieldParent(f) != f.parent
+
     // Gets a field's corresponding property's extension receiver type, if any
     fun getExtensionReceiverType(f: IrField) =
         f.correspondingPropertySymbol?.owner?.let {
diff --git a/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt
index 45e23498e9d..27b62c86109 100644
--- a/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt
+++ b/java/kotlin-extractor/src/main/kotlin/LinesOfCode.kt
@@ -16,7 +16,7 @@ class LinesOfCode(
     val tw: FileTrapWriter,
     val file: IrFile
 ) {
-    val psi2Ir = getPsi2Ir(logger).also {
+    val psi2Ir = getPsi2Ir().also {
         if (it == null) {
             logger.warn("Lines of code will not be populated as Kotlin version is too old (${KotlinCompilerVersion.getVersion()})")
         }
diff --git a/java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt b/java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt
new file mode 100644
index 00000000000..5fdf073813d
--- /dev/null
+++ b/java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt
@@ -0,0 +1,396 @@
+package com.github.codeql
+
+import com.github.codeql.utils.versions.copyParameterToFunction
+import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
+import com.github.codeql.utils.versions.getAnnotationType
+import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
+import org.jetbrains.kotlin.builtins.StandardNames
+import org.jetbrains.kotlin.config.JvmTarget
+import org.jetbrains.kotlin.descriptors.ClassKind
+import org.jetbrains.kotlin.descriptors.annotations.KotlinRetention
+import org.jetbrains.kotlin.descriptors.annotations.KotlinTarget
+import org.jetbrains.kotlin.ir.UNDEFINED_OFFSET
+import org.jetbrains.kotlin.ir.builders.declarations.addConstructor
+import org.jetbrains.kotlin.ir.builders.declarations.addGetter
+import org.jetbrains.kotlin.ir.builders.declarations.addProperty
+import org.jetbrains.kotlin.ir.builders.declarations.addValueParameter
+import org.jetbrains.kotlin.ir.builders.declarations.buildClass
+import org.jetbrains.kotlin.ir.builders.declarations.buildField
+import org.jetbrains.kotlin.ir.declarations.IrClass
+import org.jetbrains.kotlin.ir.declarations.IrConstructor
+import org.jetbrains.kotlin.ir.declarations.IrDeclarationOrigin
+import org.jetbrains.kotlin.ir.declarations.IrEnumEntry
+import org.jetbrains.kotlin.ir.declarations.IrProperty
+import org.jetbrains.kotlin.ir.expressions.IrClassReference
+import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
+import org.jetbrains.kotlin.ir.expressions.IrGetEnumValue
+import org.jetbrains.kotlin.ir.expressions.IrVararg
+import org.jetbrains.kotlin.ir.expressions.impl.IrClassReferenceImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrConstructorCallImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrGetEnumValueImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrGetFieldImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrGetValueImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrReturnImpl
+import org.jetbrains.kotlin.ir.expressions.impl.IrVarargImpl
+import org.jetbrains.kotlin.ir.symbols.IrClassSymbol
+import org.jetbrains.kotlin.ir.types.typeWith
+import org.jetbrains.kotlin.ir.util.constructedClass
+import org.jetbrains.kotlin.ir.util.constructors
+import org.jetbrains.kotlin.ir.util.deepCopyWithSymbols
+import org.jetbrains.kotlin.ir.util.defaultType
+import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
+import org.jetbrains.kotlin.ir.util.getAnnotation
+import org.jetbrains.kotlin.ir.util.hasAnnotation
+import org.jetbrains.kotlin.ir.util.hasEqualFqName
+import org.jetbrains.kotlin.ir.util.parentAsClass
+import org.jetbrains.kotlin.ir.util.primaryConstructor
+import org.jetbrains.kotlin.load.java.JvmAnnotationNames
+import org.jetbrains.kotlin.name.FqName
+import org.jetbrains.kotlin.name.Name
+import org.jetbrains.kotlin.utils.addToStdlib.firstIsInstanceOrNull
+import java.lang.annotation.ElementType
+import java.util.HashSet
+
+class MetaAnnotationSupport(private val logger: FileLogger, private val pluginContext: IrPluginContext, private val extractor: KotlinFileExtractor) {
+
+    // Taken from AdditionalIrUtils.kt (not available in Kotlin < 1.6)
+    private val IrConstructorCall.annotationClass
+        get() = this.symbol.owner.constructedClass
+
+    // Taken from AdditionalIrUtils.kt (not available in Kotlin < 1.6)
+    private fun IrConstructorCall.isAnnotationWithEqualFqName(fqName: FqName): Boolean =
+        annotationClass.hasEqualFqName(fqName)
+
+    // Adapted from RepeatedAnnotationLowering.kt
+    fun groupRepeatableAnnotations(annotations: List<IrConstructorCall>): List<IrConstructorCall> {
+        if (annotations.size < 2) return annotations
+
+        val annotationsByClass = annotations.groupByTo(mutableMapOf()) { it.annotationClass }
+        if (annotationsByClass.values.none { it.size > 1 }) return annotations
+
+        val result = mutableListOf<IrConstructorCall>()
+        for (annotation in annotations) {
+            val annotationClass = annotation.annotationClass
+            val grouped = annotationsByClass.remove(annotationClass) ?: continue
+            if (grouped.size < 2) {
+                result.add(grouped.single())
+                continue
+            }
+
+            val containerClass = getOrCreateContainerClass(annotationClass)
+            if (containerClass != null)
+                wrapAnnotationEntriesInContainer(annotationClass, containerClass, grouped)?.let {
+                    result.add(it)
+                }
+            else
+                logger.warnElement("Failed to find an annotation container class", annotationClass)
+        }
+        return result
+    }
+
+    // Adapted from RepeatedAnnotationLowering.kt
+    private fun getOrCreateContainerClass(annotationClass: IrClass): IrClass? {
+        val metaAnnotations = annotationClass.annotations
+        val jvmRepeatable = metaAnnotations.find { it.symbol.owner.parentAsClass.fqNameWhenAvailable == JvmAnnotationNames.REPEATABLE_ANNOTATION }
+        return if (jvmRepeatable != null) {
+            ((jvmRepeatable.getValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)?.owner
+        } else {
+            getOrCreateSyntheticRepeatableAnnotationContainer(annotationClass)
+        }
+    }
+
+    // Adapted from RepeatedAnnotationLowering.kt
+    private fun wrapAnnotationEntriesInContainer(
+        annotationClass: IrClass,
+        containerClass: IrClass,
+        entries: List<IrConstructorCall>
+    ): IrConstructorCall? {
+        val annotationType = annotationClass.typeWith()
+        val containerConstructor = containerClass.primaryConstructor
+        if (containerConstructor == null) {
+            logger.warnElement("Expected container class to have a primary constructor", containerClass)
+            return null
+        } else {
+            return IrConstructorCallImpl.fromSymbolOwner(containerClass.defaultType, containerConstructor.symbol).apply {
+                putValueArgument(
+                    0,
+                    IrVarargImpl(
+                        UNDEFINED_OFFSET, UNDEFINED_OFFSET,
+                        pluginContext.irBuiltIns.arrayClass.typeWith(annotationType),
+                        annotationType,
+                        entries
+                    )
+                )
+            }
+        }
+    }
+
+    // Taken from AdditionalClassAnnotationLowering.kt
+    private fun getApplicableTargetSet(c: IrClass): Set<KotlinTarget>? {
+        val targetEntry = c.getAnnotation(StandardNames.FqNames.target) ?: return null
+        return loadAnnotationTargets(targetEntry)
+    }
+
+    // Taken from AdditionalClassAnnotationLowering.kt
+    private fun loadAnnotationTargets(targetEntry: IrConstructorCall): Set<KotlinTarget>? {
+        val valueArgument = targetEntry.getValueArgument(0) as? IrVararg ?: return null
+        return valueArgument.elements.filterIsInstance<IrGetEnumValue>().mapNotNull {
+            KotlinTarget.valueOrNull(it.symbol.owner.name.asString())
+        }.toSet()
+    }
+
+    private val javaAnnotationTargetElementType by lazy { extractor.referenceExternalClass("java.lang.annotation.ElementType") }
+
+    private val javaAnnotationTarget by lazy { extractor.referenceExternalClass("java.lang.annotation.Target") }
+
+    private fun findEnumEntry(c: IrClass, name: String) =
+        c.declarations.filterIsInstance<IrEnumEntry>().find { it.name.asString() == name }
+
+    // Adapted from JvmSymbols.kt
+    private val jvm6TargetMap by lazy {
+        javaAnnotationTargetElementType?.let {
+            val etMethod = findEnumEntry(it, "METHOD")
+            mapOf(
+                KotlinTarget.CLASS to findEnumEntry(it, "TYPE"),
+                KotlinTarget.ANNOTATION_CLASS to findEnumEntry(it, "ANNOTATION_TYPE"),
+                KotlinTarget.CONSTRUCTOR to findEnumEntry(it, "CONSTRUCTOR"),
+                KotlinTarget.LOCAL_VARIABLE to findEnumEntry(it, "LOCAL_VARIABLE"),
+                KotlinTarget.FUNCTION to etMethod,
+                KotlinTarget.PROPERTY_GETTER to etMethod,
+                KotlinTarget.PROPERTY_SETTER to etMethod,
+                KotlinTarget.FIELD to findEnumEntry(it, "FIELD"),
+                KotlinTarget.VALUE_PARAMETER to findEnumEntry(it, "PARAMETER")
+            )
+        }
+    }
+
+    // Adapted from JvmSymbols.kt
+    private val jvm8TargetMap by lazy {
+        javaAnnotationTargetElementType?.let {
+            jvm6TargetMap?.let { j6Map ->
+                j6Map + mapOf(
+                    KotlinTarget.TYPE_PARAMETER to findEnumEntry(it, "TYPE_PARAMETER"),
+                    KotlinTarget.TYPE to findEnumEntry(it, "TYPE_USE")
+                )
+            }
+        }
+    }
+
+    private fun getAnnotationTargetMap() =
+        if (pluginContext.platform?.any { it.targetPlatformVersion == JvmTarget.JVM_1_6 } == true)
+            jvm6TargetMap
+        else
+            jvm8TargetMap
+
+    // Adapted from AdditionalClassAnnotationLowering.kt
+    private fun generateTargetAnnotation(c: IrClass): IrConstructorCall? {
+        if (c.hasAnnotation(JvmAnnotationNames.TARGET_ANNOTATION))
+            return null
+        val elementType = javaAnnotationTargetElementType ?: return null
+        val targetType = javaAnnotationTarget ?: return null
+        val targetConstructor = targetType.declarations.firstIsInstanceOrNull<IrConstructor>() ?: return null
+        val targets = getApplicableTargetSet(c) ?: return null
+        val annotationTargetMap = getAnnotationTargetMap() ?: return null
+
+        val javaTargets = targets.mapNotNullTo(HashSet()) { annotationTargetMap[it] }.sortedBy {
+            ElementType.valueOf(it.symbol.owner.name.asString())
+        }
+        val vararg = IrVarargImpl(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET,
+            type = pluginContext.irBuiltIns.arrayClass.typeWith(elementType.defaultType),
+            varargElementType = elementType.defaultType
+        )
+        for (target in javaTargets) {
+            vararg.elements.add(
+                IrGetEnumValueImpl(
+                    UNDEFINED_OFFSET, UNDEFINED_OFFSET, elementType.defaultType, target.symbol
+                )
+            )
+        }
+
+        return IrConstructorCallImpl.fromSymbolOwner(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET, targetConstructor.returnType, targetConstructor.symbol, 0
+        ).apply {
+            putValueArgument(0, vararg)
+        }
+    }
+
+    private val javaAnnotationRetention by lazy { extractor.referenceExternalClass("java.lang.annotation.Retention") }
+    private val javaAnnotationRetentionPolicy by lazy { extractor.referenceExternalClass("java.lang.annotation.RetentionPolicy") }
+    private val javaAnnotationRetentionPolicyRuntime by lazy { javaAnnotationRetentionPolicy?.let { findEnumEntry(it, "RUNTIME") } }
+
+    private val annotationRetentionMap by lazy {
+        javaAnnotationRetentionPolicy?.let {
+            mapOf(
+                KotlinRetention.SOURCE to findEnumEntry(it, "SOURCE"),
+                KotlinRetention.BINARY to findEnumEntry(it, "CLASS"),
+                KotlinRetention.RUNTIME to javaAnnotationRetentionPolicyRuntime
+            )
+        }
+    }
+
+    // Taken from AnnotationCodegen.kt (not available in Kotlin < 1.6.20)
+    private fun IrClass.getAnnotationRetention(): KotlinRetention? {
+        val retentionArgument =
+            getAnnotation(StandardNames.FqNames.retention)?.getValueArgument(0)
+                    as? IrGetEnumValue ?: return null
+        val retentionArgumentValue = retentionArgument.symbol.owner
+        return KotlinRetention.valueOf(retentionArgumentValue.name.asString())
+    }
+
+    // Taken from AdditionalClassAnnotationLowering.kt
+    private fun generateRetentionAnnotation(irClass: IrClass): IrConstructorCall? {
+        if (irClass.hasAnnotation(JvmAnnotationNames.RETENTION_ANNOTATION))
+            return null
+        val retentionMap = annotationRetentionMap ?: return null
+        val kotlinRetentionPolicy = irClass.getAnnotationRetention()
+        val javaRetentionPolicy = kotlinRetentionPolicy?.let { retentionMap[it] } ?: javaAnnotationRetentionPolicyRuntime ?: return null
+        val retentionPolicyType = javaAnnotationRetentionPolicy ?: return null
+        val retentionType = javaAnnotationRetention ?: return null
+        val targetConstructor = retentionType.declarations.firstIsInstanceOrNull<IrConstructor>() ?: return null
+
+        return IrConstructorCallImpl.fromSymbolOwner(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET, targetConstructor.returnType, targetConstructor.symbol, 0
+        ).apply {
+            putValueArgument(
+                0,
+                IrGetEnumValueImpl(
+                    UNDEFINED_OFFSET, UNDEFINED_OFFSET, retentionPolicyType.defaultType, javaRetentionPolicy.symbol
+                )
+            )
+        }
+    }
+
+    private val javaAnnotationRepeatable by lazy { extractor.referenceExternalClass("java.lang.annotation.Repeatable") }
+    private val kotlinAnnotationRepeatableContainer by lazy { extractor.referenceExternalClass("kotlin.jvm.internal.RepeatableContainer") }
+
+    // Taken from declarationBuilders.kt (not available in Kotlin < 1.6):
+    private fun addDefaultGetter(p: IrProperty, parentClass: IrClass) {
+        val field = p.backingField ?:
+        run { logger.warnElement("Expected property to have a backing field", p); return }
+        p.addGetter {
+            origin = IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR
+            returnType = field.type
+        }.apply {
+            val thisReceiever = parentClass.thisReceiver ?:
+            run { logger.warnElement("Expected property's parent class to have a receiver parameter", parentClass); return }
+            val newParam = copyParameterToFunction(thisReceiever, this)
+            dispatchReceiverParameter = newParam
+            body = factory.createBlockBody(
+                UNDEFINED_OFFSET, UNDEFINED_OFFSET, listOf(
+                    IrReturnImpl(
+                        UNDEFINED_OFFSET, UNDEFINED_OFFSET,
+                        pluginContext.irBuiltIns.nothingType,
+                        symbol,
+                        IrGetFieldImpl(
+                            UNDEFINED_OFFSET, UNDEFINED_OFFSET,
+                            field.symbol,
+                            field.type,
+                            IrGetValueImpl(
+                                UNDEFINED_OFFSET, UNDEFINED_OFFSET,
+                                newParam.type,
+                                newParam.symbol
+                            )
+                        )
+                    )
+                )
+            )
+        }
+    }
+
+    // Taken from JvmCachedDeclarations.kt
+    private fun getOrCreateSyntheticRepeatableAnnotationContainer(annotationClass: IrClass) =
+        extractor.globalExtensionState.syntheticRepeatableAnnotationContainers.getOrPut(annotationClass) {
+            val containerClass = pluginContext.irFactory.buildClass {
+                kind = ClassKind.ANNOTATION_CLASS
+                name = Name.identifier("Container")
+            }.apply {
+                createImplicitParameterDeclarationWithWrappedDescriptor()
+                parent = annotationClass
+                superTypes = listOf(getAnnotationType(pluginContext))
+            }
+
+            val propertyName = Name.identifier("value")
+            val propertyType = pluginContext.irBuiltIns.arrayClass.typeWith(annotationClass.typeWith())
+
+            containerClass.addConstructor {
+                isPrimary = true
+            }.apply {
+                addValueParameter(propertyName.identifier, propertyType)
+            }
+
+            containerClass.addProperty {
+                name = propertyName
+            }.apply property@{
+                backingField = pluginContext.irFactory.buildField {
+                    name = propertyName
+                    type = propertyType
+                }.apply {
+                    parent = containerClass
+                    correspondingPropertySymbol = this@property.symbol
+                }
+                addDefaultGetter(this, containerClass)
+            }
+
+            val repeatableContainerAnnotation = kotlinAnnotationRepeatableContainer?.constructors?.single()
+
+            containerClass.annotations = annotationClass.annotations
+                .filter {
+                    it.isAnnotationWithEqualFqName(StandardNames.FqNames.retention) ||
+                            it.isAnnotationWithEqualFqName(StandardNames.FqNames.target)
+                }
+                .map { it.deepCopyWithSymbols(containerClass) } +
+                    listOfNotNull(
+                        repeatableContainerAnnotation?.let {
+                            IrConstructorCallImpl.fromSymbolOwner(
+                                UNDEFINED_OFFSET, UNDEFINED_OFFSET, it.returnType, it.symbol, 0
+                            )
+                        }
+                    )
+
+            containerClass
+        }
+
+    // Adapted from AdditionalClassAnnotationLowering.kt
+    private fun generateRepeatableAnnotation(irClass: IrClass, extractAnnotationTypeAccesses: Boolean): IrConstructorCall? {
+        if (!irClass.hasAnnotation(StandardNames.FqNames.repeatable) ||
+            irClass.hasAnnotation(JvmAnnotationNames.REPEATABLE_ANNOTATION)
+        ) return null
+
+        val repeatableConstructor = javaAnnotationRepeatable?.declarations?.firstIsInstanceOrNull<IrConstructor>() ?: return null
+
+        val containerClass = getOrCreateSyntheticRepeatableAnnotationContainer(irClass)
+        // Whenever a repeatable annotation with a Kotlin-synthesised container is extracted, extract the synthetic container to the same trap file.
+        extractor.extractClassSource(containerClass, extractDeclarations = true, extractStaticInitializer = true, extractPrivateMembers = true, extractFunctionBodies = extractAnnotationTypeAccesses)
+
+        val containerReference = IrClassReferenceImpl(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET, pluginContext.irBuiltIns.kClassClass.typeWith(containerClass.defaultType),
+            containerClass.symbol, containerClass.defaultType
+        )
+        return IrConstructorCallImpl.fromSymbolOwner(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET, repeatableConstructor.returnType, repeatableConstructor.symbol, 0
+        ).apply {
+            putValueArgument(0, containerReference)
+        }
+    }
+
+    private val javaAnnotationDocumented by lazy { extractor.referenceExternalClass("java.lang.annotation.Documented") }
+
+    // Taken from AdditionalClassAnnotationLowering.kt
+    private fun generateDocumentedAnnotation(irClass: IrClass): IrConstructorCall? {
+        if (!irClass.hasAnnotation(StandardNames.FqNames.mustBeDocumented) ||
+            irClass.hasAnnotation(JvmAnnotationNames.DOCUMENTED_ANNOTATION)
+        ) return null
+
+        val documentedConstructor = javaAnnotationDocumented?.declarations?.firstIsInstanceOrNull<IrConstructor>() ?: return null
+
+        return IrConstructorCallImpl.fromSymbolOwner(
+            UNDEFINED_OFFSET, UNDEFINED_OFFSET, documentedConstructor.returnType, documentedConstructor.symbol, 0
+        )
+    }
+
+    fun generateJavaMetaAnnotations(c: IrClass, extractAnnotationTypeAccesses: Boolean) =
+        // This is essentially AdditionalClassAnnotationLowering adapted to run outside the backend.
+        listOfNotNull(generateTargetAnnotation(c), generateRetentionAnnotation(c), generateRepeatableAnnotation(c, extractAnnotationTypeAccesses), generateDocumentedAnnotation(c))
+}
+
diff --git a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt
index 310eb3e18b0..ad4aaf60936 100644
--- a/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt
@@ -25,7 +25,7 @@ class CommentExtractor(private val fileExtractor: KotlinFileExtractor, private v
     private val logger = fileExtractor.logger
 
     fun extract() {
-        val psi2Ir = getPsi2Ir(logger)
+        val psi2Ir = getPsi2Ir()
         if (psi2Ir == null) {
             logger.warn("Comments will not be extracted as Kotlin version is too old (${KotlinCompilerVersion.getVersion()})")
             return
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt b/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt
index 15ca35a1438..ab4010242a7 100644
--- a/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt
+++ b/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt
@@ -9,6 +9,7 @@ import org.jetbrains.kotlin.load.kotlin.KotlinJvmBinarySourceElement
 
 import com.intellij.openapi.vfs.VirtualFile
 import org.jetbrains.kotlin.builtins.jvm.JavaToKotlinClassMap
+import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.*
 import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
 import org.jetbrains.kotlin.ir.util.parentClassOrNull
@@ -21,20 +22,46 @@ import org.jetbrains.kotlin.load.kotlin.JvmPackagePartSource
 // for `that`.
 private fun getName(d: IrDeclarationWithName) = (d as? IrAnnotationContainer)?.let { getJvmName(it) } ?: d.name.asString()
 
-fun getIrDeclBinaryName(that: IrDeclaration): String {
-  val shortName = when(that) {
-      is IrDeclarationWithName -> getName(that)
-      else -> "(unknown-name)"
-  }
-  val internalName = StringBuilder(shortName);
-  generateSequence(that.parent) { (it as? IrDeclaration)?.parent }
-      .forEach {
-          when (it) {
-              is IrClass -> internalName.insert(0, getName(it) + "$")
-              is IrPackageFragment -> it.fqName.asString().takeIf { fqName -> fqName.isNotEmpty() }?.let { fqName -> internalName.insert(0, "$fqName.") }
-          }
-      }
-  return internalName.toString()
+@OptIn(ExperimentalStdlibApi::class) // Annotation required by kotlin versions < 1.5
+fun getFileClassName(f: IrFile) =
+    getJvmName(f) ?:
+        ((f.fileEntry.name.replaceFirst(Regex(""".*[/\\]"""), "")
+        .replaceFirst(Regex("""\.kt$"""), "")
+        .replaceFirstChar { it.uppercase() }) + "Kt")
+
+fun getIrElementBinaryName(that: IrElement): String {
+    if (that is IrFile) {
+        val shortName = getFileClassName(that)
+        val pkg = that.fqName.asString()
+        return if (pkg.isEmpty()) shortName else "$pkg.$shortName"
+    }
+
+    if (that !is IrDeclaration) {
+        return  "(unknown-name)"
+    }
+
+    val shortName = when(that) {
+        is IrDeclarationWithName -> getName(that)
+        else -> "(unknown-name)"
+    }
+
+    val internalName = StringBuilder(shortName)
+    if (that !is IrClass) {
+        val parent = that.parent
+        if (parent is IrFile) {
+            // Note we'll fall through and do the IrPackageFragment case as well, since IrFile <: IrPackageFragment
+            internalName.insert(0, getFileClassName(parent) + "$")
+        }
+    }
+
+    generateSequence(that.parent) { (it as? IrDeclaration)?.parent }
+        .forEach {
+            when (it) {
+                is IrClass -> internalName.insert(0, getName(it) + "$")
+                is IrPackageFragment -> it.fqName.asString().takeIf { fqName -> fqName.isNotEmpty() }?.let { fqName -> internalName.insert(0, "$fqName.") }
+            }
+        }
+    return internalName.toString()
 }
 
 fun getIrClassVirtualFile(irClass: IrClass): VirtualFile? {
@@ -81,7 +108,7 @@ private fun getRawIrClassBinaryPath(irClass: IrClass) =
 fun getIrClassBinaryPath(irClass: IrClass): String {
   return getRawIrClassBinaryPath(irClass)
   // Otherwise, make up a fake location:
-    ?: "/!unknown-binary-location/${getIrDeclBinaryName(irClass).replace(".", "/")}.class"
+    ?: "/!unknown-binary-location/${getIrElementBinaryName(irClass).replace(".", "/")}.class"
 }
 
 fun getContainingClassOrSelf(decl: IrDeclaration): IrClass? {
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/Logger.kt b/java/kotlin-extractor/src/main/kotlin/utils/Logger.kt
index 43c6ee4cc10..3b66e527429 100644
--- a/java/kotlin-extractor/src/main/kotlin/utils/Logger.kt
+++ b/java/kotlin-extractor/src/main/kotlin/utils/Logger.kt
@@ -10,7 +10,7 @@ import java.util.Stack
 import org.jetbrains.kotlin.ir.IrElement
 
 class LogCounter() {
-    public val diagnosticCounts = mutableMapOf<String, Int>()
+    public val diagnosticInfo = mutableMapOf<String, Pair<Severity, Int>>()
     public val diagnosticLimit: Int
     init {
         diagnosticLimit = System.getenv("CODEQL_EXTRACTOR_KOTLIN_DIAGNOSTIC_LIMIT")?.toIntOrNull() ?: 100
@@ -114,12 +114,23 @@ open class LoggerBase(val logCounter: LogCounter) {
             if(diagnosticLoc == null) {
                 "    Missing caller information.\n"
             } else {
-                val count = logCounter.diagnosticCounts.getOrDefault(diagnosticLoc, 0) + 1
-                logCounter.diagnosticCounts[diagnosticLoc] = count
+                val oldInfo = logCounter.diagnosticInfo.getOrDefault(diagnosticLoc, Pair(severity, 0))
+                if(severity != oldInfo.first) {
+                    // We don't want to get in a loop, so just emit this
+                    // directly without going through the diagnostic
+                    // counting machinery
+                    if (verbosity >= 1) {
+                        val message = "Severity mismatch ($severity vs ${oldInfo.first}) at $diagnosticLoc"
+                        emitDiagnostic(tw, Severity.Error, "Inconsistency", message, message)
+                    }
+                }
+                val newCount = oldInfo.second + 1
+                val newInfo = Pair(severity, newCount)
+                logCounter.diagnosticInfo[diagnosticLoc] = newInfo
                 when {
                     logCounter.diagnosticLimit <= 0 -> ""
-                    count == logCounter.diagnosticLimit -> "    Limit reached for diagnostics from $diagnosticLoc.\n"
-                    count > logCounter.diagnosticLimit -> return
+                    newCount == logCounter.diagnosticLimit -> "    Limit reached for diagnostics from $diagnosticLoc.\n"
+                    newCount > logCounter.diagnosticLimit -> return
                     else -> ""
                 }
             }
@@ -138,6 +149,10 @@ open class LoggerBase(val logCounter: LogCounter) {
         fullMsgBuilder.append(suffix)
 
         val fullMsg = fullMsgBuilder.toString()
+        emitDiagnostic(tw, severity, diagnosticLocStr, msg, fullMsg, locationString, mkLocationId)
+    }
+
+    private fun emitDiagnostic(tw: TrapWriter, severity: Severity, diagnosticLocStr: String, msg: String, fullMsg: String, locationString: String? = null, mkLocationId: () -> Label<DbLocation> = { tw.unknownLocation }) {
         val locStr = if (locationString == null) "" else "At " + locationString + ": "
         val kind = if (severity <= Severity.WarnHigh) "WARN" else "ERROR"
         val logMessage = LogMessage(kind, "Diagnostic($diagnosticLocStr): $locStr$fullMsg")
@@ -185,14 +200,17 @@ open class LoggerBase(val logCounter: LogCounter) {
     }
 
     fun printLimitedDiagnosticCounts(tw: TrapWriter) {
-        for((caller, count) in logCounter.diagnosticCounts) {
+        for((caller, info) in logCounter.diagnosticInfo) {
+            val severity = info.first
+            val count = info.second
             if(count >= logCounter.diagnosticLimit) {
                 // We don't know if this location relates to an error
                 // or a warning, so we just declare hitting the limit
                 // to be an error regardless.
-                val logMessage = LogMessage("ERROR", "Total of $count diagnostics from $caller.")
-                tw.writeComment(logMessage.toText())
-                logStream.write(logMessage.toJsonLine())
+                val message = "Total of $count diagnostics (reached limit of ${logCounter.diagnosticLimit}) from $caller."
+                if (verbosity >= 1) {
+                    emitDiagnostic(tw, severity, "Limit", message, message)
+                }
             }
         }
     }
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt
index 2990acfc98f..80120107478 100644
--- a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt
@@ -1,5 +1,3 @@
 package com.github.codeql.utils.versions
 
-import com.github.codeql.FileLogger
-
-fun getPsi2Ir(@Suppress("UNUSED_PARAMETER") logger: FileLogger): Psi2IrFacade? = null
+fun getPsi2Ir(): Psi2IrFacade? = null
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/annotationType.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/annotationType.kt
new file mode 100644
index 00000000000..08fd0315f7c
--- /dev/null
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/annotationType.kt
@@ -0,0 +1,8 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
+import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
+
+@OptIn(ObsoleteDescriptorBasedAPI::class)
+fun getAnnotationType(context: IrPluginContext) =
+    context.typeTranslator.translateType(context.builtIns.annotationType)
\ No newline at end of file
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/copyTo.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/copyTo.kt
new file mode 100644
index 00000000000..4147daa340f
--- /dev/null
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/copyTo.kt
@@ -0,0 +1,7 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.declarations.IrFunction
+import org.jetbrains.kotlin.ir.declarations.IrValueParameter
+import org.jetbrains.kotlin.backend.common.ir.copyTo
+
+fun copyParameterToFunction(p: IrValueParameter, f: IrFunction) = p.copyTo(f)
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_20/Psi2Ir.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_20/Psi2Ir.kt
index 024710bc4b8..73987106c55 100644
--- a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_20/Psi2Ir.kt
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_20/Psi2Ir.kt
@@ -1,6 +1,5 @@
 package com.github.codeql.utils.versions
 
-import com.github.codeql.FileLogger
 import com.intellij.psi.PsiElement
 import org.jetbrains.kotlin.backend.common.psi.PsiSourceManager
 import org.jetbrains.kotlin.backend.jvm.ir.getKtFile
@@ -8,9 +7,9 @@ import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.IrFile
 import org.jetbrains.kotlin.psi.KtFile
 
-fun getPsi2Ir(logger: FileLogger): Psi2IrFacade? = Psi2Ir(logger)
+fun getPsi2Ir(): Psi2IrFacade? = Psi2Ir()
 
-private class Psi2Ir(private val logger: FileLogger): Psi2IrFacade {
+private class Psi2Ir(): Psi2IrFacade {
     override fun getKtFile(irFile: IrFile): KtFile? {
         return irFile.getKtFile()
     }
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/annotationType.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/annotationType.kt
new file mode 100644
index 00000000000..3ce3cad89ec
--- /dev/null
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/annotationType.kt
@@ -0,0 +1,6 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
+
+fun getAnnotationType(context: IrPluginContext) =
+    context.irBuiltIns.annotationType
\ No newline at end of file
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20-Beta/allOverriddenIncludingSelf.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/allOverriddenIncludingSelf.kt
similarity index 100%
rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20-Beta/allOverriddenIncludingSelf.kt
rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/allOverriddenIncludingSelf.kt
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt
new file mode 100644
index 00000000000..701bd21036e
--- /dev/null
+++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt
@@ -0,0 +1,7 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.declarations.IrFunction
+import org.jetbrains.kotlin.ir.declarations.IrValueParameter
+import org.jetbrains.kotlin.ir.util.copyTo
+
+fun copyParameterToFunction(p: IrValueParameter, f: IrFunction) = p.copyTo(f)
\ No newline at end of file
diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20-Beta/createImplicitParameterDeclarationWithWrappedDescriptor.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/createImplicitParameterDeclarationWithWrappedDescriptor.kt
similarity index 100%
rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20-Beta/createImplicitParameterDeclarationWithWrappedDescriptor.kt
rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/createImplicitParameterDeclarationWithWrappedDescriptor.kt
diff --git a/java/ql/consistency-queries/children.ql b/java/ql/consistency-queries/children.ql
index 9401c8785e4..b22fd56d044 100644
--- a/java/ql/consistency-queries/children.ql
+++ b/java/ql/consistency-queries/children.ql
@@ -41,7 +41,12 @@ predicate gapInChildren(Element e, int i) {
   // -1 can be skipped (type arguments from -2 down, no qualifier at -1,
   // then arguments from 0).
   // Can we also skip arguments, e.g. due to defaults for parameters?
-  not (e instanceof MethodAccess and e.getFile().isKotlinSourceFile())
+  not (e instanceof MethodAccess and e.getFile().isKotlinSourceFile()) and
+  // Kotlin-extracted annotations can have missing children where a default
+  // value should be, because kotlinc doesn't load annotation defaults and we
+  // want to leave a space for another extractor to fill in the default if it
+  // is able.
+  not e instanceof Annotation
 }
 
 predicate lateFirstChild(Element e, int i) {
@@ -59,7 +64,12 @@ predicate lateFirstChild(Element e, int i) {
   not (e instanceof LocalVariableDeclStmt and i = 1 and not exists(nthChildOf(e, 2))) and
   // For statements may or may not declare a new variable (child 0), or
   // have a condition (child 1).
-  not (e instanceof ForStmt and i = [1, 2])
+  not (e instanceof ForStmt and i = [1, 2]) and
+  // Kotlin-extracted annotations can have missing children where a default
+  // value should be, because kotlinc doesn't load annotation defaults and we
+  // want to leave a space for another extractor to fill in the default if it
+  // is able.
+  not e instanceof Annotation
 }
 
 from Element e, int i, string problem
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected
new file mode 100644
index 00000000000..751777f3748
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected
@@ -0,0 +1,301 @@
+User.java:
+#    0| [CompilationUnit] User
+#    1|   1: [Class] User
+#    3|     2: [Method] user
+#    3|       3: [TypeAccess] void
+#-----|       4: (Parameters)
+#    3|         0: [Parameter] a1
+#    3|           0: [TypeAccess] Ann1
+#    3|         1: [Parameter] a2
+#    3|           0: [TypeAccess] Ann2
+#    3|       5: [BlockStmt] { ... }
+#    4|         0: [ExprStmt] <Expr>;
+#    4|           0: [MethodAccess] x(...)
+#    4|             -1: [VarAccess] a1
+#    4|         1: [ExprStmt] <Expr>;
+#    4|           0: [MethodAccess] z(...)
+#    4|             -1: [VarAccess] a2
+#    4|         2: [ExprStmt] <Expr>;
+#    4|           0: [ClassInstanceExpr] new Annotated(...)
+#    4|             -3: [TypeAccess] Annotated
+#    4|         3: [ExprStmt] <Expr>;
+#    4|           0: [ClassInstanceExpr] new HasJavaDeprecatedAnnotationUsedByJava(...)
+#    4|             -3: [TypeAccess] HasJavaDeprecatedAnnotationUsedByJava
+#    4|         4: [ExprStmt] <Expr>;
+#    4|           0: [ClassInstanceExpr] new HasKotlinDeprecatedAnnotationUsedByJava(...)
+#    4|             -3: [TypeAccess] HasKotlinDeprecatedAnnotationUsedByJava
+ktUser.kt:
+#    0| [CompilationUnit] ktUser
+#    1|   1: [Class] KtUser
+#    1|     1: [Constructor] KtUser
+#    1|       5: [BlockStmt] { ... }
+#    1|         0: [SuperConstructorInvocationStmt] super(...)
+#    1|         1: [BlockStmt] { ... }
+#    3|     2: [Method] user
+#    3|       3: [TypeAccess] Unit
+#    3|       5: [BlockStmt] { ... }
+#    4|         0: [LocalVariableDeclStmt] var ...;
+#    4|           1: [LocalVariableDeclExpr] a
+#    4|             0: [ClassInstanceExpr] new AnnotatedUsedByKotlin(...)
+#    4|               -3: [TypeAccess] AnnotatedUsedByKotlin
+#    5|         1: [LocalVariableDeclStmt] var ...;
+#    5|           1: [LocalVariableDeclExpr] b
+#    5|             0: [ClassInstanceExpr] new HasJavaDeprecatedAnnotationUsedByKotlin(...)
+#    5|               -3: [TypeAccess] HasJavaDeprecatedAnnotationUsedByKotlin
+#    6|         2: [LocalVariableDeclStmt] var ...;
+#    6|           1: [LocalVariableDeclExpr] c
+#    6|             0: [ClassInstanceExpr] new HasKotlinDeprecatedAnnotationUsedByKotlin(...)
+#    6|               -3: [TypeAccess] HasKotlinDeprecatedAnnotationUsedByKotlin
+#    8|         3: [ExprStmt] <Expr>;
+#    8|           0: [ImplicitCoercionToUnitExpr] <implicit coercion to unit>
+#    8|             0: [TypeAccess] Unit
+#    8|             1: [MethodAccess] isJavaLetter(...)
+#    8|               -1: [TypeAccess] Character
+#    8|               0: [CharacterLiteral] a
+test.kt:
+#    0| [CompilationUnit] test
+#    4|   1: [Interface] Ann1
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    4|     1: [Method] x
+#    4|       3: [TypeAccess] int
+#    4|     2: [Method] y
+#    4|       3: [TypeAccess] Ann2
+#    4|     3: [Method] z
+#    4|       3: [TypeAccess] DayOfWeek
+#    6|   2: [Interface] Ann2
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    6|     1: [Method] z
+#    6|       3: [TypeAccess] String
+#    6|     2: [Method] w
+#    6|       3: [TypeAccess] Class<?>
+#    6|         0: [WildcardTypeAccess] ? ...
+#    6|     3: [Method] v
+#    6|       3: [TypeAccess] int[]
+#    6|     4: [Method] u
+#    6|       3: [TypeAccess] Ann3[]
+#    6|         0: [TypeAccess] Ann3
+#    6|     5: [Method] t
+#    6|       3: [TypeAccess] Class<?>[]
+#    6|         0: [TypeAccess] Class<?>
+#    6|           0: [WildcardTypeAccess] ? ...
+#    8|   3: [Interface] Ann3
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    8|     1: [Method] a
+#    8|       3: [TypeAccess] int
+#   10|   4: [GenericType,Interface,ParameterizedType] GenericAnnotation
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#-----|     -2: (Generic Parameters)
+#   10|       0: [TypeVariable] T
+#   10|     1: [Method] x
+#   10|       3: [TypeAccess] Class<T>
+#   10|         0: [TypeAccess] T
+#   10|     2: [Method] y
+#   10|       3: [TypeAccess] Class<T>[]
+#   10|         0: [TypeAccess] Class<T>
+#   10|           0: [TypeAccess] T
+#   12|   6: [Interface] VarargAnnotation
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Repeatable
+#    0|         1: [TypeLiteral] Container.class
+#    0|           0: [TypeAccess] Container
+#    0|       2: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#   12|       3: [Annotation] Repeatable
+#    0|     1: [Interface] Container
+#-----|       -3: (Annotations)
+#    0|         1: [Annotation] RepeatableContainer
+#    0|         2: [Annotation] Retention
+#    0|           1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|             -1: [TypeAccess] RetentionPolicy
+#    0|       1: [Method] value
+#    0|         3: [TypeAccess] VarargAnnotation[]
+#    0|           0: [TypeAccess] VarargAnnotation
+#   13|     2: [Method] x
+#   13|       3: [TypeAccess] int[]
+#   15|   7: [Interface] AnnWithDefaults
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#   15|     1: [Method] x
+#   15|       3: [TypeAccess] int
+#   15|     2: [Method] y
+#   15|       3: [TypeAccess] String
+#   15|     3: [Method] z
+#   15|       3: [TypeAccess] DayOfWeek
+#   15|     4: [Method] w
+#   15|       3: [TypeAccess] Ann3[]
+#   15|         0: [TypeAccess] Ann3
+#   17|   8: [Class] Annotated
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Container
+#    0|         1: [ArrayInit] {...}
+#   19|           1: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#   20|           2: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#   21|           3: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#   22|           4: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#    0|               3: [IntegerLiteral] 3
+#   23|           5: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#    0|               3: [IntegerLiteral] 3
+#   17|       2: [Annotation] Ann1
+#    0|         1: [IntegerLiteral] 1
+#    0|         2: [Annotation] Ann2
+#    0|           1: [StringLiteral] "Hello"
+#    0|           2: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#    0|           3: [ArrayInit] {...}
+#    0|             1: [IntegerLiteral] 1
+#    0|             2: [IntegerLiteral] 2
+#    0|             3: [IntegerLiteral] 3
+#    0|           4: [ArrayInit] {...}
+#    0|             1: [Annotation] Ann3
+#    0|               1: [IntegerLiteral] 1
+#    0|             2: [Annotation] Ann3
+#    0|               1: [IntegerLiteral] 2
+#    0|           5: [ArrayInit] {...}
+#    0|             1: [TypeLiteral] String.class
+#    0|               0: [TypeAccess] String
+#    0|             2: [TypeLiteral] int.class
+#    0|               0: [TypeAccess] int
+#    0|         3: [VarAccess] DayOfWeek.MONDAY
+#    0|           -1: [TypeAccess] DayOfWeek
+#   18|       3: [Annotation] GenericAnnotation
+#    0|         1: [TypeLiteral] String.class
+#    0|           0: [TypeAccess] String
+#    0|         2: [ArrayInit] {...}
+#    0|           1: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#    0|           2: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#   24|       4: [Annotation] AnnWithDefaults
+#    0|         1: [IntegerLiteral] 1
+#    0|         2: [StringLiteral] "hello"
+#    0|         3: [VarAccess] DayOfWeek.TUESDAY
+#    0|           -1: [TypeAccess] DayOfWeek
+#    0|         4: [ArrayInit] {...}
+#    0|           1: [Annotation] Ann3
+#    0|             1: [IntegerLiteral] 1
+#   25|     1: [Constructor] Annotated
+#   17|       5: [BlockStmt] { ... }
+#   17|         0: [SuperConstructorInvocationStmt] super(...)
+#   25|         1: [BlockStmt] { ... }
+#   27|   9: [Class] AnnotatedUsedByKotlin
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Container
+#    0|         1: [ArrayInit] {...}
+#   29|           1: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#   30|           2: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#   31|           3: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#   32|           4: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#    0|               3: [IntegerLiteral] 3
+#   33|           5: [Annotation] VarargAnnotation
+#    0|             1: [ArrayInit] {...}
+#    0|               1: [IntegerLiteral] 1
+#    0|               2: [IntegerLiteral] 2
+#    0|               3: [IntegerLiteral] 3
+#   27|       2: [Annotation] Ann1
+#    0|         1: [IntegerLiteral] 1
+#    0|         2: [Annotation] Ann2
+#    0|           1: [StringLiteral] "Hello"
+#    0|           2: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#    0|           3: [ArrayInit] {...}
+#    0|             1: [IntegerLiteral] 1
+#    0|             2: [IntegerLiteral] 2
+#    0|             3: [IntegerLiteral] 3
+#    0|           4: [ArrayInit] {...}
+#    0|             1: [Annotation] Ann3
+#    0|               1: [IntegerLiteral] 1
+#    0|             2: [Annotation] Ann3
+#    0|               1: [IntegerLiteral] 2
+#    0|           5: [ArrayInit] {...}
+#    0|             1: [TypeLiteral] String.class
+#    0|               0: [TypeAccess] String
+#    0|             2: [TypeLiteral] int.class
+#    0|               0: [TypeAccess] int
+#    0|         3: [VarAccess] DayOfWeek.MONDAY
+#    0|           -1: [TypeAccess] DayOfWeek
+#   28|       3: [Annotation] GenericAnnotation
+#    0|         1: [TypeLiteral] String.class
+#    0|           0: [TypeAccess] String
+#    0|         2: [ArrayInit] {...}
+#    0|           1: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#    0|           2: [TypeLiteral] String.class
+#    0|             0: [TypeAccess] String
+#   34|       4: [Annotation] AnnWithDefaults
+#    0|         1: [IntegerLiteral] 1
+#    0|         2: [StringLiteral] "hello"
+#    0|         3: [VarAccess] DayOfWeek.TUESDAY
+#    0|           -1: [TypeAccess] DayOfWeek
+#    0|         4: [ArrayInit] {...}
+#    0|           1: [Annotation] Ann3
+#    0|             1: [IntegerLiteral] 1
+#   35|     1: [Constructor] AnnotatedUsedByKotlin
+#   27|       5: [BlockStmt] { ... }
+#   27|         0: [SuperConstructorInvocationStmt] super(...)
+#   35|         1: [BlockStmt] { ... }
+#   37|   10: [Class] HasJavaDeprecatedAnnotationUsedByJava
+#-----|     -3: (Annotations)
+#   37|       1: [Annotation] Deprecated
+#   38|     1: [Constructor] HasJavaDeprecatedAnnotationUsedByJava
+#   37|       5: [BlockStmt] { ... }
+#   37|         0: [SuperConstructorInvocationStmt] super(...)
+#   38|         1: [BlockStmt] { ... }
+#   40|   11: [Class] HasKotlinDeprecatedAnnotationUsedByJava
+#-----|     -3: (Annotations)
+#   40|       1: [Annotation] Deprecated
+#    0|         1: [StringLiteral] "Kotlin deprecation message 1"
+#   41|     1: [Constructor] HasKotlinDeprecatedAnnotationUsedByJava
+#   40|       5: [BlockStmt] { ... }
+#   40|         0: [SuperConstructorInvocationStmt] super(...)
+#   41|         1: [BlockStmt] { ... }
+#   43|   12: [Class] HasJavaDeprecatedAnnotationUsedByKotlin
+#-----|     -3: (Annotations)
+#   43|       1: [Annotation] Deprecated
+#   44|     1: [Constructor] HasJavaDeprecatedAnnotationUsedByKotlin
+#   43|       5: [BlockStmt] { ... }
+#   43|         0: [SuperConstructorInvocationStmt] super(...)
+#   44|         1: [BlockStmt] { ... }
+#   46|   13: [Class] HasKotlinDeprecatedAnnotationUsedByKotlin
+#-----|     -3: (Annotations)
+#   46|       1: [Annotation] Deprecated
+#    0|         1: [StringLiteral] "Kotlin deprecation message 2"
+#   47|     1: [Constructor] HasKotlinDeprecatedAnnotationUsedByKotlin
+#   46|       5: [BlockStmt] { ... }
+#   46|         0: [SuperConstructorInvocationStmt] super(...)
+#   47|         1: [BlockStmt] { ... }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.qlref b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.qlref
new file mode 100644
index 00000000000..c7fd5faf239
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.qlref
@@ -0,0 +1 @@
+semmle/code/java/PrintAst.ql
\ No newline at end of file
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/User.java b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/User.java
new file mode 100644
index 00000000000..004e770ba96
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/User.java
@@ -0,0 +1,7 @@
+public class User {
+
+  public static void user(Ann1 a1, Ann2 a2) {
+    a1.x(); a2.z(); new Annotated(); new HasJavaDeprecatedAnnotationUsedByJava(); new HasKotlinDeprecatedAnnotationUsedByJava();
+  }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.expected b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.expected
new file mode 100644
index 00000000000..76685549259
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.expected
@@ -0,0 +1,5 @@
+| HasJavaDeprecatedAnnotationUsedByJava | java.lang.Deprecated |
+| HasJavaDeprecatedAnnotationUsedByKotlin | java.lang.Deprecated |
+| HasKotlinDeprecatedAnnotationUsedByJava | kotlin.Deprecated |
+| HasKotlinDeprecatedAnnotationUsedByKotlin | kotlin.Deprecated |
+| isJavaLetter | java.lang.Deprecated |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.ql b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.ql
new file mode 100644
index 00000000000..d8face48b56
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/deprecatedAnnotationTypes.ql
@@ -0,0 +1,11 @@
+import java
+
+from Annotatable a, Annotation ann
+where
+  (
+    a.(Method).hasQualifiedName("java.lang", "Character", "isJavaLetter") or
+    a.(ClassOrInterface).fromSource()
+  ) and
+  ann = a.getAnAnnotation() and
+  ann.getType().getName() = "Deprecated"
+select a.toString(), a.getAnAnnotation().getType().getQualifiedName()
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/ktUser.kt b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/ktUser.kt
new file mode 100644
index 00000000000..cb593ce11f1
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/ktUser.kt
@@ -0,0 +1,11 @@
+public class KtUser {
+
+  fun user() {
+    val a = AnnotatedUsedByKotlin()
+    val b = HasJavaDeprecatedAnnotationUsedByKotlin()
+    val c = HasKotlinDeprecatedAnnotationUsedByKotlin()
+    // Use a Java-defined function carrying a java.lang.Deprecated annotation:
+    java.lang.Character.isJavaLetter('a')
+  }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/qlpack.yml
new file mode 100644
index 00000000000..74fbac535d7
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/qlpack.yml
@@ -0,0 +1,7 @@
+name: integrationtest-annotation-id-consistency
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
+dataExtensions:
+  ext/*.model.yml
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.ext.yml b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.ext.yml
new file mode 100644
index 00000000000..4d7a2e9a149
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.ext.yml
@@ -0,0 +1,5 @@
+extensions:
+  - addsTo:
+      pack: integrationtest-annotation-id-consistency
+      extensible: neutralModel
+    data: []
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.kt b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.kt
new file mode 100644
index 00000000000..44746342ae6
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.kt
@@ -0,0 +1,47 @@
+import kotlin.reflect.KClass
+import java.time.DayOfWeek
+
+annotation class Ann1(val x: Int, val y: Ann2, val z: DayOfWeek) { }
+
+annotation class Ann2(val z: String, val w: KClass<*>, val v: IntArray, val u: Array<Ann3>, val t: Array<KClass<*>>) { }
+
+annotation class Ann3(val a: Int) { }
+
+annotation class GenericAnnotation<T : Any>(val x: KClass<T>, val y: Array<KClass<T>>) { }
+
+@Repeatable
+annotation class VarargAnnotation(vararg val x: Int) { }
+
+annotation class AnnWithDefaults(val x: Int = 1, val y: String = "hello", val z: DayOfWeek = DayOfWeek.TUESDAY, val w: Array<Ann3> = [Ann3(1)]) { }
+
+@Ann1(1, Ann2("Hello", String::class, intArrayOf(1, 2, 3), arrayOf(Ann3(1), Ann3(2)), arrayOf(String::class, Int::class)), DayOfWeek.MONDAY)
+@GenericAnnotation<String>(String::class, arrayOf(String::class, String::class))
+@VarargAnnotation
+@VarargAnnotation(1)
+@VarargAnnotation(1, 2)
+@VarargAnnotation(*[1, 2, 3])
+@VarargAnnotation(*intArrayOf(1, 2, 3))
+@AnnWithDefaults
+class Annotated { }
+
+@Ann1(1, Ann2("Hello", String::class, intArrayOf(1, 2, 3), arrayOf(Ann3(1), Ann3(2)), arrayOf(String::class, Int::class)), DayOfWeek.MONDAY)
+@GenericAnnotation<String>(String::class, arrayOf(String::class, String::class))
+@VarargAnnotation
+@VarargAnnotation(1)
+@VarargAnnotation(1, 2)
+@VarargAnnotation(*[1, 2, 3])
+@VarargAnnotation(*intArrayOf(1, 2, 3))
+@AnnWithDefaults
+class AnnotatedUsedByKotlin { }
+
+@java.lang.Deprecated
+class HasJavaDeprecatedAnnotationUsedByJava
+
+@kotlin.Deprecated("Kotlin deprecation message 1")
+class HasKotlinDeprecatedAnnotationUsedByJava
+
+@java.lang.Deprecated
+class HasJavaDeprecatedAnnotationUsedByKotlin
+
+@kotlin.Deprecated("Kotlin deprecation message 2")
+class HasKotlinDeprecatedAnnotationUsedByKotlin
diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.py b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.py
new file mode 100644
index 00000000000..49584531332
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/test.py
@@ -0,0 +1,5 @@
+from create_database_utils import *
+
+os.mkdir('out')
+os.mkdir('out2')
+run_codeql_database_create(["kotlinc test.kt -d out", "javac User.java -cp out -d out2", "kotlinc ktUser.kt -cp out -d out2"], lang="java")
diff --git a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/qlpack.yml
new file mode 100644
index 00000000000..f1e981e8791
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/qlpack.yml
@@ -0,0 +1,7 @@
+name: integrationtest-default-parameter-mad-flow
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
+dataExtensions:
+  ext/*.model.yml
diff --git a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml
new file mode 100644
index 00000000000..3553b9fe577
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo:
+      pack: integrationtest-default-parameter-mad-flow
+      extensible: summaryModel
+    data:
+      - ["", "ConstructorWithDefaults", True, "ConstructorWithDefaults", "(int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["", "LibKt", True, "topLevelWithDefaults", "(int,int)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["", "LibKt", True, "extensionWithDefaults", "(String,int,int)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["", "LibClass", True, "memberWithDefaults", "(int,int)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["", "LibClass", True, "extensionMemberWithDefaults", "(String,int,int)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["", "LibClass", True, "multiParameterTest", "(int,int,int,int)", "", "Argument[0..1]", "ReturnValue", "value", "manual"]
+      - ["", "LibClass", True, "multiParameterExtensionTest", "(int,int,int,int)", "", "Argument[0, 1]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: integrationtest-default-parameter-mad-flow
+      extensible: sourceModel
+    data:
+      - ["", "LibKt", True, "topLevelArgSource", "(SomeToken,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
+      - ["", "LibKt", True, "extensionArgSource", "(String,SomeToken,int)", "", "Argument[1]", "kotlinMadFlowTest", "manual"]
+      - ["", "SourceClass", True, "memberArgSource", "(SomeToken,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
+  - addsTo:
+      pack: integrationtest-default-parameter-mad-flow
+      extensible: sinkModel
+    data:
+      - ["", "SinkClass", True, "SinkClass", "(int,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
+      - ["", "LibKt", True, "topLevelSink", "(int,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
+      - ["", "LibKt", True, "extensionSink", "(String,int,int)", "", "Argument[1]", "kotlinMadFlowTest", "manual"]
+      - ["", "SinkClass", True, "memberSink", "(int,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
+      - ["", "SinkClass", True, "extensionMemberSink", "(String,int,int)", "", "Argument[1]", "kotlinMadFlowTest", "manual"]
diff --git a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
index b9b4423d94a..702b137fad7 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
+++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
@@ -3,45 +3,6 @@ import semmle.code.java.dataflow.TaintTracking
 import TestUtilities.InlineExpectationsTest
 private import semmle.code.java.dataflow.ExternalFlow
 
-private class Models extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";ConstructorWithDefaults;true;ConstructorWithDefaults;(int,int);;Argument[0];Argument[-1];taint;manual",
-        ";LibKt;true;topLevelWithDefaults;(int,int);;Argument[0];ReturnValue;value;manual",
-        ";LibKt;true;extensionWithDefaults;(String,int,int);;Argument[1];ReturnValue;value;manual",
-        ";LibClass;true;memberWithDefaults;(int,int);;Argument[0];ReturnValue;value;manual",
-        ";LibClass;true;extensionMemberWithDefaults;(String,int,int);;Argument[1];ReturnValue;value;manual",
-        ";LibClass;true;multiParameterTest;(int,int,int,int);;Argument[0..1];ReturnValue;value;manual",
-        ";LibClass;true;multiParameterExtensionTest;(int,int,int,int);;Argument[0, 1];ReturnValue;value;manual",
-      ]
-  }
-}
-
-private class SourceModels extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";LibKt;true;topLevelArgSource;(SomeToken,int);;Argument[0];kotlinMadFlowTest;manual",
-        ";LibKt;true;extensionArgSource;(String,SomeToken,int);;Argument[1];kotlinMadFlowTest;manual",
-        ";SourceClass;true;memberArgSource;(SomeToken,int);;Argument[0];kotlinMadFlowTest;manual"
-      ]
-  }
-}
-
-private class SinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";SinkClass;true;SinkClass;(int,int);;Argument[0];kotlinMadFlowTest;manual",
-        ";LibKt;true;topLevelSink;(int,int);;Argument[0];kotlinMadFlowTest;manual",
-        ";LibKt;true;extensionSink;(String,int,int);;Argument[1];kotlinMadFlowTest;manual",
-        ";SinkClass;true;memberSink;(int,int);;Argument[0];kotlinMadFlowTest;manual",
-        ";SinkClass;true;extensionMemberSink;(String,int,int);;Argument[1];kotlinMadFlowTest;manual"
-      ]
-  }
-}
-
 class Config extends TaintTracking::Configuration {
   Config() { this = "Config" }
 
diff --git a/java/ql/integration-tests/all-platforms/kotlin/enhanced-nullability/test.expected b/java/ql/integration-tests/all-platforms/kotlin/enhanced-nullability/test.expected
index 04702df7916..e78d827c621 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/enhanced-nullability/test.expected
+++ b/java/ql/integration-tests/all-platforms/kotlin/enhanced-nullability/test.expected
@@ -2,7 +2,7 @@ exprs
 | Test.java:5:19:5:25 | Integer | Integer |
 | Test.java:5:38:5:44 | Integer | Integer |
 | Test.java:5:58:5:58 | p | Integer |
-| user.kt:2:3:2:16 | x | int |
+| user.kt:2:7:2:7 | x | int |
 | user.kt:2:11:2:11 | t | Test |
 | user.kt:2:11:2:16 | f(...) | Integer |
 | user.kt:2:13:2:16 | <implicit not null> | int |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected
index ae23298c033..a81cadccd10 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected
+++ b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected
@@ -1,7 +1,17 @@
 app/src/main/kotlin/testProject/App.kt:
 #    0| [CompilationUnit] App
 #    7|   1: [Class] Project
+#-----|     -3: (Annotations)
+#    7|       1: [Annotation] Serializable
 #    0|     1: [Constructor] Project
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] Deprecated
+#    0|           1: [StringLiteral] "This synthesized declaration should not be used directly"
+#    0|           2: [Annotation] ReplaceWith
+#    0|             1: [StringLiteral] ""
+#    0|             2: [ArrayInit] {...}
+#    0|           3: [VarAccess] DeprecationLevel.HIDDEN
+#    0|             -1: [TypeAccess] DeprecationLevel
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] seen1
 #    0|           0: [TypeAccess] int
@@ -41,6 +51,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|                 0: [TypeAccess] Project
 #    7|             1: [VarAccess] language
 #    0|     2: [Method] component1
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #    0|       3: [TypeAccess] String
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
@@ -53,9 +65,13 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|           0: [VarAccess] this.language
 #    0|             -1: [ThisAccess] this
 #    0|     4: [Method] copy
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #    0|       3: [TypeAccess] Project
 #-----|       4: (Parameters)
 #    8|         0: [Parameter] name
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    8|           0: [TypeAccess] String
 #    8|         1: [Parameter] language
 #    8|           0: [TypeAccess] int
@@ -176,27 +192,37 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|         2: [ReturnStmt] return ...
 #    0|           0: [VarAccess] result
 #    0|     8: [Method] toString
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #    0|       3: [TypeAccess] String
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [StringTemplateExpr] "..."
-#    0|             0: [StringLiteral] Project(
-#    0|             1: [StringLiteral] name=
+#    0|             0: [StringLiteral] "Project("
+#    0|             1: [StringLiteral] "name="
 #    0|             2: [VarAccess] this.name
 #    0|               -1: [ThisAccess] this
-#    0|             3: [StringLiteral] , 
-#    0|             4: [StringLiteral] language=
+#    0|             3: [StringLiteral] ", "
+#    0|             4: [StringLiteral] "language="
 #    0|             5: [VarAccess] this.language
 #    0|               -1: [ThisAccess] this
-#    0|             6: [StringLiteral] )
+#    0|             6: [StringLiteral] ")"
 #    0|     9: [Method] write$Self
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] JvmStatic
 #    0|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] self
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] Project
 #    0|         1: [Parameter] output
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] CompositeEncoder
 #    0|         2: [Parameter] serialDesc
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] SerialDescriptor
 #    7|       5: [BlockStmt] { ... }
 #    7|         0: [ExprStmt] <Expr>;
@@ -214,9 +240,19 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|             2: [MethodAccess] getLanguage(...)
 #    7|               -1: [VarAccess] self
 #    7|     10: [Class] $serializer
+#-----|       -3: (Annotations)
+#    0|         1: [Annotation] Deprecated
+#    0|           1: [StringLiteral] "This synthesized declaration should not be used directly"
+#    0|           2: [Annotation] ReplaceWith
+#    0|             1: [StringLiteral] ""
+#    0|             2: [ArrayInit] {...}
+#    0|           3: [VarAccess] DeprecationLevel.HIDDEN
+#    0|             -1: [TypeAccess] DeprecationLevel
 #    0|       1: [FieldDeclaration] SerialDescriptor descriptor;
 #    0|         -1: [TypeAccess] SerialDescriptor
 #    0|       2: [Method] childSerializers
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<?>[]
 #    0|           0: [TypeAccess] KSerializer<?>
 #    0|             0: [WildcardTypeAccess] ? ...
@@ -227,9 +263,13 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               -1: [TypeAccess] KSerializer<?>
 #    7|               0: [IntegerLiteral] 2
 #    0|       3: [Method] deserialize
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] Project
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] decoder
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] Decoder
 #    7|         5: [BlockStmt] { ... }
 #    7|           0: [LocalVariableDeclStmt] var ...;
@@ -365,6 +405,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               2: [VarAccess] tmp5_local1
 #    7|               3: [NullLiteral] null
 #    0|       4: [Method] getDescriptor
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] SerialDescriptor
 #    0|         5: [BlockStmt] { ... }
 #    0|           0: [ReturnStmt] return ...
@@ -374,8 +416,12 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] encoder
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] Encoder
 #    0|           1: [Parameter] value
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] Project
 #    7|         5: [BlockStmt] { ... }
 #    7|           0: [LocalVariableDeclStmt] var ...;
@@ -405,19 +451,19 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               1: [LocalVariableDeclExpr] tmp0_serialDesc
 #    7|                 0: [ClassInstanceExpr] new PluginGeneratedSerialDescriptor(...)
 #    7|                   -3: [TypeAccess] PluginGeneratedSerialDescriptor
-#    7|                   0: [StringLiteral] testProject.Project
+#    7|                   0: [StringLiteral] "testProject.Project"
 #    7|                   1: [ThisAccess] $serializer.this
 #    7|                     0: [TypeAccess] $serializer
 #    7|                   2: [IntegerLiteral] 2
 #    7|             1: [ExprStmt] <Expr>;
 #    7|               0: [MethodAccess] addElement(...)
 #    7|                 -1: [VarAccess] tmp0_serialDesc
-#    7|                 0: [StringLiteral] name
+#    7|                 0: [StringLiteral] "name"
 #    7|                 1: [BooleanLiteral] false
 #    7|             2: [ExprStmt] <Expr>;
 #    7|               0: [MethodAccess] addElement(...)
 #    7|                 -1: [VarAccess] tmp0_serialDesc
-#    7|                 0: [StringLiteral] language
+#    7|                 0: [StringLiteral] "language"
 #    7|                 1: [BooleanLiteral] false
 #    7|             3: [ExprStmt] <Expr>;
 #    7|               0: [AssignExpr] ...=...
@@ -436,6 +482,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|                 0: [TypeAccess] GeneratedSerializer
 #    7|     11: [Class] Companion
 #    0|       1: [Method] serializer
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<Project>
 #    0|           0: [TypeAccess] Project
 #    7|         5: [BlockStmt] { ... }
@@ -448,6 +496,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    8|     12: [Constructor] Project
 #-----|       4: (Parameters)
 #    8|         0: [Parameter] name
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    8|           0: [TypeAccess] String
 #    8|         1: [Parameter] language
 #    8|           0: [TypeAccess] int
@@ -464,6 +514,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    8|       -1: [TypeAccess] String
 #    8|       0: [VarAccess] name
 #    8|     14: [Method] getName
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #    8|       3: [TypeAccess] String
 #    8|       5: [BlockStmt] { ... }
 #    8|         0: [ReturnStmt] return ...
@@ -480,9 +532,21 @@ app/src/main/kotlin/testProject/App.kt:
 #    8|       0: [VarAccess] language
 #   10|   2: [Interface] Base
 #   11|     1: [Method] getId
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #   11|       3: [TypeAccess] String
 #   14|   3: [Class] X
+#-----|     -3: (Annotations)
+#   14|       1: [Annotation] Serializable
 #    0|     1: [Constructor] X
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] Deprecated
+#    0|           1: [StringLiteral] "This synthesized declaration should not be used directly"
+#    0|           2: [Annotation] ReplaceWith
+#    0|             1: [StringLiteral] ""
+#    0|             2: [ArrayInit] {...}
+#    0|           3: [VarAccess] DeprecationLevel.HIDDEN
+#    0|             -1: [TypeAccess] DeprecationLevel
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] seen1
 #    0|           0: [TypeAccess] int
@@ -520,7 +584,7 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                   0: [VarAccess] X.this.id
 #   14|                     -1: [ThisAccess] X.this
 #   14|                       0: [TypeAccess] X
-#   16|                   1: [StringLiteral] X
+#   16|                   1: [StringLiteral] "X"
 #   14|             1: [WhenBranch] ... -> ...
 #   14|               0: [BooleanLiteral] true
 #   14|               1: [ExprStmt] <Expr>;
@@ -530,13 +594,21 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                       0: [TypeAccess] X
 #   14|                   1: [VarAccess] id
 #    0|     2: [Method] write$Self
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] JvmStatic
 #    0|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] self
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] X
 #    0|         1: [Parameter] output
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] CompositeEncoder
 #    0|         2: [Parameter] serialDesc
+#-----|           -1: (Annotations)
+#    0|             1: [Annotation] NotNull
 #    0|           0: [TypeAccess] SerialDescriptor
 #   14|       5: [BlockStmt] { ... }
 #   14|         0: [ExprStmt] <Expr>;
@@ -556,7 +628,7 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                     0: [ValueNEExpr] ... (value not-equals) ...
 #   14|                       0: [MethodAccess] getId(...)
 #   14|                         -1: [VarAccess] self
-#   16|                       1: [StringLiteral] X
+#   16|                       1: [StringLiteral] "X"
 #   14|               1: [ExprStmt] <Expr>;
 #   14|                 0: [MethodAccess] encodeStringElement(...)
 #   14|                   -1: [VarAccess] output
@@ -565,9 +637,19 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                   2: [MethodAccess] getId(...)
 #   14|                     -1: [VarAccess] self
 #   14|     3: [Class] $serializer
+#-----|       -3: (Annotations)
+#    0|         1: [Annotation] Deprecated
+#    0|           1: [StringLiteral] "This synthesized declaration should not be used directly"
+#    0|           2: [Annotation] ReplaceWith
+#    0|             1: [StringLiteral] ""
+#    0|             2: [ArrayInit] {...}
+#    0|           3: [VarAccess] DeprecationLevel.HIDDEN
+#    0|             -1: [TypeAccess] DeprecationLevel
 #    0|       1: [FieldDeclaration] SerialDescriptor descriptor;
 #    0|         -1: [TypeAccess] SerialDescriptor
 #    0|       2: [Method] childSerializers
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<?>[]
 #    0|           0: [TypeAccess] KSerializer<?>
 #    0|             0: [WildcardTypeAccess] ? ...
@@ -578,9 +660,13 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|               -1: [TypeAccess] KSerializer<?>
 #   14|               0: [IntegerLiteral] 1
 #    0|       3: [Method] deserialize
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] X
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] decoder
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] Decoder
 #   14|         5: [BlockStmt] { ... }
 #   14|           0: [LocalVariableDeclStmt] var ...;
@@ -680,6 +766,8 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|               1: [VarAccess] tmp4_local0
 #   14|               2: [NullLiteral] null
 #    0|       4: [Method] getDescriptor
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] SerialDescriptor
 #    0|         5: [BlockStmt] { ... }
 #    0|           0: [ReturnStmt] return ...
@@ -689,8 +777,12 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] encoder
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] Encoder
 #    0|           1: [Parameter] value
+#-----|             -1: (Annotations)
+#    0|               1: [Annotation] NotNull
 #    0|             0: [TypeAccess] X
 #   14|         5: [BlockStmt] { ... }
 #   14|           0: [LocalVariableDeclStmt] var ...;
@@ -720,14 +812,14 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|               1: [LocalVariableDeclExpr] tmp0_serialDesc
 #   14|                 0: [ClassInstanceExpr] new PluginGeneratedSerialDescriptor(...)
 #   14|                   -3: [TypeAccess] PluginGeneratedSerialDescriptor
-#   14|                   0: [StringLiteral] testProject.X
+#   14|                   0: [StringLiteral] "testProject.X"
 #   14|                   1: [ThisAccess] $serializer.this
 #   14|                     0: [TypeAccess] $serializer
 #   14|                   2: [IntegerLiteral] 1
 #   14|             1: [ExprStmt] <Expr>;
 #   14|               0: [MethodAccess] addElement(...)
 #   14|                 -1: [VarAccess] tmp0_serialDesc
-#   14|                 0: [StringLiteral] id
+#   14|                 0: [StringLiteral] "id"
 #   14|                 1: [BooleanLiteral] true
 #   14|             2: [ExprStmt] <Expr>;
 #   14|               0: [AssignExpr] ...=...
@@ -746,6 +838,8 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                 0: [TypeAccess] GeneratedSerializer
 #   14|     4: [Class] Companion
 #    0|       1: [Method] serializer
+#-----|         1: (Annotations)
+#    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<X>
 #    0|           0: [TypeAccess] X
 #   14|         5: [BlockStmt] { ... }
@@ -764,8 +858,10 @@ app/src/main/kotlin/testProject/App.kt:
 #   16|               0: [VarAccess] id
 #   16|     6: [FieldDeclaration] String id;
 #   16|       -1: [TypeAccess] String
-#   16|       0: [StringLiteral] X
+#   16|       0: [StringLiteral] "X"
 #   16|     7: [Method] getId
+#-----|       1: (Annotations)
+#    0|         1: [Annotation] NotNull
 #   16|       3: [TypeAccess] String
 #   16|       5: [BlockStmt] { ... }
 #   16|         0: [ReturnStmt] return ...
diff --git a/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/qlpack.yml
new file mode 100644
index 00000000000..8b18f2ea94a
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/qlpack.yml
@@ -0,0 +1,5 @@
+name: integrationtest-gradle-kotlinx-serialization
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
diff --git a/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/User.java b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/User.java
new file mode 100644
index 00000000000..c3356f588d5
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/User.java
@@ -0,0 +1,6 @@
+@AllDefaultsAnnotation
+public class User {
+
+  public static void test() { new AllDefaultsConstructor(); new AllDefaultsExplicitNoargConstructor(); }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.kt b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.kt
index 0996b3f158a..33e6d1d1221 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.kt
+++ b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.kt
@@ -3,3 +3,13 @@ public class Test {
   @JvmOverloads fun f(x: Int = 0, y: Int) { }
 
 }
+
+public class AllDefaultsConstructor(val x: Int = 1, val y: Int = 2) { }
+
+public annotation class AllDefaultsAnnotation(val x: Int = 1, val y: Int = 2) { }
+
+public class AllDefaultsExplicitNoargConstructor(val x: Int = 1, val y: Int = 2) {
+
+  constructor() : this(3, 4) { }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.py b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.py
index b763a28daa9..1416b7ecd67 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.py
+++ b/java/ql/integration-tests/all-platforms/kotlin/jvmoverloads-external-class/test.py
@@ -1,4 +1,4 @@
 from create_database_utils import *
 
 os.mkdir('bin')
-run_codeql_database_create(["kotlinc test.kt -d bin", "kotlinc user.kt -cp bin"], lang="java")
+run_codeql_database_create(["kotlinc test.kt -d bin", "kotlinc user.kt -cp bin", "javac User.java -cp bin"], lang="java")
diff --git a/java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/qlpack.yml
new file mode 100644
index 00000000000..814d1059ed5
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/qlpack.yml
@@ -0,0 +1,5 @@
+name: integrationtest-kotlin-interface-inherited-default
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
diff --git a/java/ql/integration-tests/all-platforms/kotlin/kotlin_compiler_java_source/jlocs.expected b/java/ql/integration-tests/all-platforms/kotlin/kotlin_compiler_java_source/jlocs.expected
index 5be9218762e..1e32d73cc27 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/kotlin_compiler_java_source/jlocs.expected
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin_compiler_java_source/jlocs.expected
@@ -1,3 +1,4 @@
 | J.java:1:14:1:14 | J |
 | build/J.class:0:0:0:0 | J<String> |
+| file:///!unknown-binary-location/J.class:0:0:0:0 | J<> |
 | file:///!unknown-binary-location/J.class:0:0:0:0 | J<Integer> |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/qlpack.yml
new file mode 100644
index 00000000000..ecc3ee3e4ff
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/qlpack.yml
@@ -0,0 +1,5 @@
+name: integrationtest-kotlin-java-static-fields
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
diff --git a/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.expected b/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.expected
index 3581a178422..9f16308bdfc 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.expected
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.expected
@@ -1,26 +1,26 @@
 edges
 | hasFields.kt:5:5:5:34 | constField : String | ReadsFields.java:5:10:5:29 | HasFields.constField |
-| hasFields.kt:5:28:5:34 | taint : String | hasFields.kt:5:5:5:34 | constField : String |
+| hasFields.kt:5:28:5:34 | "taint" : String | hasFields.kt:5:5:5:34 | constField : String |
 | hasFields.kt:7:5:7:38 | lateinitField : String | ReadsFields.java:6:10:6:32 | HasFields.lateinitField |
 | hasFields.kt:7:14:7:38 | <set-?> : String | hasFields.kt:7:5:7:38 | lateinitField : String |
 | hasFields.kt:7:14:7:38 | <set-?> : String | hasFields.kt:7:14:7:38 | <set-?> : String |
 | hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField |
-| hasFields.kt:9:44:9:50 | taint : String | hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String |
-| hasFields.kt:14:22:14:26 | taint : String | hasFields.kt:7:14:7:38 | <set-?> : String |
+| hasFields.kt:9:44:9:50 | "taint" : String | hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String |
+| hasFields.kt:14:22:14:26 | "taint" : String | hasFields.kt:7:14:7:38 | <set-?> : String |
 nodes
 | ReadsFields.java:5:10:5:29 | HasFields.constField | semmle.label | HasFields.constField |
 | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | semmle.label | HasFields.lateinitField |
 | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | semmle.label | HasFields.jvmFieldAnnotatedField |
 | hasFields.kt:5:5:5:34 | constField : String | semmle.label | constField : String |
-| hasFields.kt:5:28:5:34 | taint : String | semmle.label | taint : String |
+| hasFields.kt:5:28:5:34 | "taint" : String | semmle.label | "taint" : String |
 | hasFields.kt:7:5:7:38 | lateinitField : String | semmle.label | lateinitField : String |
 | hasFields.kt:7:14:7:38 | <set-?> : String | semmle.label | <set-?> : String |
 | hasFields.kt:7:14:7:38 | <set-?> : String | semmle.label | <set-?> : String |
 | hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String | semmle.label | jvmFieldAnnotatedField : String |
-| hasFields.kt:9:44:9:50 | taint : String | semmle.label | taint : String |
-| hasFields.kt:14:22:14:26 | taint : String | semmle.label | taint : String |
+| hasFields.kt:9:44:9:50 | "taint" : String | semmle.label | "taint" : String |
+| hasFields.kt:14:22:14:26 | "taint" : String | semmle.label | "taint" : String |
 subpaths
 #select
-| hasFields.kt:5:28:5:34 | taint : String | hasFields.kt:5:28:5:34 | taint : String | ReadsFields.java:5:10:5:29 | HasFields.constField | flow path |
-| hasFields.kt:9:44:9:50 | taint : String | hasFields.kt:9:44:9:50 | taint : String | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | flow path |
-| hasFields.kt:14:22:14:26 | taint : String | hasFields.kt:14:22:14:26 | taint : String | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | flow path |
+| hasFields.kt:5:28:5:34 | "taint" : String | hasFields.kt:5:28:5:34 | "taint" : String | ReadsFields.java:5:10:5:29 | HasFields.constField | flow path |
+| hasFields.kt:9:44:9:50 | "taint" : String | hasFields.kt:9:44:9:50 | "taint" : String | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | flow path |
+| hasFields.kt:14:22:14:26 | "taint" : String | hasFields.kt:14:22:14:26 | "taint" : String | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | flow path |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.expected b/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.expected
index 27db355f838..0441e5afe70 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.expected
+++ b/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.expected
@@ -76,7 +76,7 @@ callArgs
 | KotlinUser.kt:10:34:10:65 | new InnerGeneric<String>(...) | KotlinUser.kt:10:14:10:32 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:10:34:10:65 | new InnerGeneric<String>(...) | KotlinUser.kt:10:34:10:65 | InnerGeneric<String> | -3 |
 | KotlinUser.kt:10:34:10:65 | new InnerGeneric<String>(...) | KotlinUser.kt:10:47:10:49 | a | 0 |
-| KotlinUser.kt:10:34:10:65 | new InnerGeneric<String>(...) | KotlinUser.kt:10:53:10:63 | hello world | 1 |
+| KotlinUser.kt:10:34:10:65 | new InnerGeneric<String>(...) | KotlinUser.kt:10:53:10:63 | "hello world" | 1 |
 | KotlinUser.kt:11:13:11:31 | new OuterGeneric<Integer>(...) | KotlinUser.kt:11:13:11:31 | OuterGeneric<Integer> | -3 |
 | KotlinUser.kt:11:33:11:49 | new InnerNotGeneric<>(...) | KotlinUser.kt:11:13:11:31 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:11:33:11:49 | new InnerNotGeneric<>(...) | KotlinUser.kt:11:33:11:49 | InnerNotGeneric<> | -3 |
@@ -88,10 +88,10 @@ callArgs
 | KotlinUser.kt:13:31:13:52 | new InnerGeneric<String>(...) | KotlinUser.kt:13:31:13:52 | InnerGeneric<String> | -3 |
 | KotlinUser.kt:14:26:14:63 | new InnerStaticGeneric<String>(...) | KotlinUser.kt:14:26:14:63 | InnerStaticGeneric<String> | -3 |
 | KotlinUser.kt:14:26:14:63 | new InnerStaticGeneric<String>(...) | KotlinUser.kt:14:45:14:47 | a | 0 |
-| KotlinUser.kt:14:26:14:63 | new InnerStaticGeneric<String>(...) | KotlinUser.kt:14:51:14:61 | hello world | 1 |
+| KotlinUser.kt:14:26:14:63 | new InnerStaticGeneric<String>(...) | KotlinUser.kt:14:51:14:61 | "hello world" | 1 |
 | KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | KotlinUser.kt:15:13:15:39 | OuterManyParams<Integer,String> | -3 |
 | KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | KotlinUser.kt:15:29:15:29 | 1 | 0 |
-| KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | KotlinUser.kt:15:33:15:37 | hello | 1 |
+| KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | KotlinUser.kt:15:33:15:37 | "hello" | 1 |
 | KotlinUser.kt:15:41:15:67 | new MiddleManyParams<Float,Double>(...) | KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | -2 |
 | KotlinUser.kt:15:41:15:67 | new MiddleManyParams<Float,Double>(...) | KotlinUser.kt:15:41:15:67 | MiddleManyParams<Float,Double> | -3 |
 | KotlinUser.kt:15:41:15:67 | new MiddleManyParams<Float,Double>(...) | KotlinUser.kt:15:58:15:61 | 1.0 | 0 |
@@ -103,23 +103,23 @@ callArgs
 | KotlinUser.kt:15:89:15:99 | shortValue(...) | KotlinUser.kt:15:89:15:89 | 1 | -1 |
 | KotlinUser.kt:17:19:17:44 | returnsecond(...) | KotlinUser.kt:17:19:17:19 | a | -1 |
 | KotlinUser.kt:17:19:17:44 | returnsecond(...) | KotlinUser.kt:17:34:17:34 | 0 | 0 |
-| KotlinUser.kt:17:19:17:44 | returnsecond(...) | KotlinUser.kt:17:38:17:42 | hello | 1 |
+| KotlinUser.kt:17:19:17:44 | returnsecond(...) | KotlinUser.kt:17:38:17:42 | "hello" | 1 |
 | KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:20:18:20 | a | -1 |
 | KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:20:18:50 | Character | -2 |
 | KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:35:18:35 | 0 | 0 |
-| KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:39:18:43 | hello | 1 |
+| KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:39:18:43 | "hello" | 1 |
 | KotlinUser.kt:18:20:18:50 | returnsecond(...) | KotlinUser.kt:18:47:18:49 | a | 2 |
 | KotlinUser.kt:19:19:19:31 | identity(...) | KotlinUser.kt:19:19:19:19 | b | -1 |
 | KotlinUser.kt:19:19:19:31 | identity(...) | KotlinUser.kt:19:30:19:30 | 5 | 0 |
 | KotlinUser.kt:20:20:20:39 | identity(...) | KotlinUser.kt:20:20:20:21 | b2 | -1 |
-| KotlinUser.kt:20:20:20:39 | identity(...) | KotlinUser.kt:20:33:20:37 | hello | 0 |
+| KotlinUser.kt:20:20:20:39 | identity(...) | KotlinUser.kt:20:33:20:37 | "hello" | 0 |
 | KotlinUser.kt:21:19:21:37 | identity(...) | KotlinUser.kt:21:19:21:19 | c | -1 |
-| KotlinUser.kt:21:19:21:37 | identity(...) | KotlinUser.kt:21:31:21:35 | world | 0 |
+| KotlinUser.kt:21:19:21:37 | identity(...) | KotlinUser.kt:21:31:21:35 | "world" | 0 |
 | KotlinUser.kt:22:19:22:39 | identity(...) | KotlinUser.kt:22:19:22:19 | d | -1 |
-| KotlinUser.kt:22:19:22:39 | identity(...) | KotlinUser.kt:22:31:22:37 | goodbye | 0 |
+| KotlinUser.kt:22:19:22:39 | identity(...) | KotlinUser.kt:22:31:22:37 | "goodbye" | 0 |
 | KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:19:23:19 | e | -1 |
 | KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:33:23:33 | 1 | 0 |
-| KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:37:23:41 | hello | 1 |
+| KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:37:23:41 | "hello" | 1 |
 | KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:45:23:48 | 1.0 | 2 |
 | KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:51:23:53 | 1.0 | 3 |
 | KotlinUser.kt:23:19:23:71 | returnSixth(...) | KotlinUser.kt:23:56:23:57 | 1 | 4 |
@@ -319,28 +319,28 @@ javaKotlinConstructorAgreement
 | JavaUser.java:25:62:25:82 | new OuterNotGeneric(...) | KotlinUser.kt:26:28:26:44 | new OuterNotGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
 | JavaUser.java:27:39:27:71 | new TypeParamVisibility<String>(...) | KotlinUser.kt:28:15:28:43 | new TypeParamVisibility<String>(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
 javaKotlinLocalTypeAgreement
-| JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:9:5:9:63 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:10:5:10:65 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:8:5:8:124 | InnerGeneric<String> a2 | KotlinUser.kt:9:5:9:63 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:8:5:8:124 | InnerGeneric<String> a2 | KotlinUser.kt:10:5:10:65 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:9:5:9:139 | InnerGeneric<String> a3 | KotlinUser.kt:9:5:9:63 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:9:5:9:139 | InnerGeneric<String> a3 | KotlinUser.kt:10:5:10:65 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:10:5:10:98 | InnerNotGeneric<> b | KotlinUser.kt:11:5:11:49 | InnerNotGeneric<> b | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
-| JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:12:5:12:53 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
-| JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:25:5:25:69 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
-| JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:13:5:13:52 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:26:5:26:62 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:13:5:13:112 | InnerStaticGeneric<String> d | KotlinUser.kt:14:5:14:63 | InnerStaticGeneric<String> d | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric<String> |
-| JavaUser.java:14:5:14:249 | InnerManyParams<Long,Short> e | KotlinUser.kt:15:5:15:100 | InnerManyParams<Long,Short> e | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> |
-| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:12:5:12:53 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
-| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:25:5:25:69 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
-| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:13:5:13:52 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:26:5:26:62 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
-| JavaUser.java:27:5:27:72 | TypeParamVisibility<String> tpv | KotlinUser.kt:28:5:28:43 | TypeParamVisibility<String> tpv | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
-| JavaUser.java:28:5:28:111 | VisibleBecauseInner<String> visibleBecauseInner | KotlinUser.kt:29:5:29:58 | VisibleBecauseInner<String> visibleBecauseInner | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> |
-| JavaUser.java:29:5:29:172 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | KotlinUser.kt:30:5:30:74 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> |
-| JavaUser.java:30:5:30:115 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | KotlinUser.kt:31:5:31:66 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<String> |
-| JavaUser.java:31:5:31:180 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | KotlinUser.kt:32:5:32:82 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<String> |
+| JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:9:9:9:9 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:10:9:10:10 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:8:5:8:124 | InnerGeneric<String> a2 | KotlinUser.kt:9:9:9:9 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:8:5:8:124 | InnerGeneric<String> a2 | KotlinUser.kt:10:9:10:10 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:9:5:9:139 | InnerGeneric<String> a3 | KotlinUser.kt:9:9:9:9 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:9:5:9:139 | InnerGeneric<String> a3 | KotlinUser.kt:10:9:10:10 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:10:5:10:98 | InnerNotGeneric<> b | KotlinUser.kt:11:9:11:9 | InnerNotGeneric<> b | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:12:9:12:10 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:25:9:25:23 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:13:9:13:9 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:26:9:26:24 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:13:5:13:112 | InnerStaticGeneric<String> d | KotlinUser.kt:14:9:14:9 | InnerStaticGeneric<String> d | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric<String> |
+| JavaUser.java:14:5:14:249 | InnerManyParams<Long,Short> e | KotlinUser.kt:15:9:15:9 | InnerManyParams<Long,Short> e | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> |
+| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:12:9:12:10 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:25:9:25:23 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:13:9:13:9 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:26:9:26:24 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:27:5:27:72 | TypeParamVisibility<String> tpv | KotlinUser.kt:28:9:28:11 | TypeParamVisibility<String> tpv | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
+| JavaUser.java:28:5:28:111 | VisibleBecauseInner<String> visibleBecauseInner | KotlinUser.kt:29:9:29:27 | VisibleBecauseInner<String> visibleBecauseInner | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> |
+| JavaUser.java:29:5:29:172 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | KotlinUser.kt:30:9:30:35 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> |
+| JavaUser.java:30:5:30:115 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | KotlinUser.kt:31:9:31:31 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<String> |
+| JavaUser.java:31:5:31:180 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | KotlinUser.kt:32:9:32:39 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<String> |
 #select
 | JavaUser.java:7:52:7:110 | new InnerGeneric<String>(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | JavaUser.java:7:99:7:104 | String |
 | JavaUser.java:7:53:7:79 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | JavaUser.java:7:70:7:76 | Integer |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedInterface.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedInterface.java
new file mode 100644
index 00000000000..db327383a95
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedInterface.java
@@ -0,0 +1,10 @@
+import org.jetbrains.annotations.*;
+import zpkg.A;
+
+public interface AnnotatedInterface {
+
+  public @A @NotNull String notNullAnnotated(@A @NotNull String param);
+
+  public @A @Nullable String nullableAnnotated(@A @Nullable String param);
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedMethods.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedMethods.java
new file mode 100644
index 00000000000..16671f5468f
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/AnnotatedMethods.java
@@ -0,0 +1,10 @@
+import org.jetbrains.annotations.*;
+import zpkg.A;
+
+public class AnnotatedMethods implements AnnotatedInterface {
+
+  public @A @NotNull String notNullAnnotated(@A @NotNull String param) { return param; }
+
+  public @A @Nullable String nullableAnnotated(@A @Nullable String param) { return param; }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/JavaUser.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/JavaUser.java
new file mode 100644
index 00000000000..6031901c3a3
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/JavaUser.java
@@ -0,0 +1,8 @@
+public class JavaUser {
+
+  public static void test(KotlinAnnotatedMethods km, KotlinDelegate kd) {
+    km.f(null);
+    kd.notNullAnnotated("Hello world");
+  }
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/ktUser.kt b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/ktUser.kt
new file mode 100644
index 00000000000..06c1d580503
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/ktUser.kt
@@ -0,0 +1,9 @@
+import zpkg.A
+
+class KotlinAnnotatedMethods {
+
+  @A fun f(@A m: AnnotatedMethods): String = m.notNullAnnotated("hello") + m.nullableAnnotated("world")!!
+
+}
+
+class KotlinDelegate(c: AnnotatedMethods) : AnnotatedInterface by c { }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/NotNull.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/NotNull.java
new file mode 100644
index 00000000000..60fc85ea9b8
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/NotNull.java
@@ -0,0 +1,6 @@
+package org.jetbrains.annotations;
+
+public @interface NotNull {
+  String value() default "";
+  Class<? extends Exception> exception() default Exception.class;
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/Nullable.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/Nullable.java
new file mode 100644
index 00000000000..6cf82f2db31
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/org/jetbrains/annotations/Nullable.java
@@ -0,0 +1,5 @@
+package org.jetbrains.annotations;
+
+public @interface Nullable {
+  String value() default "";
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.expected b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.expected
new file mode 100644
index 00000000000..89eb06d26c3
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.expected
@@ -0,0 +1,28 @@
+| AnnotatedInterface.java:6:29:6:44 | notNullAnnotated | parameter | AnnotatedInterface.java:6:46:6:47 | A |
+| AnnotatedInterface.java:6:29:6:44 | notNullAnnotated | parameter | AnnotatedInterface.java:6:49:6:56 | NotNull |
+| AnnotatedInterface.java:6:29:6:44 | notNullAnnotated | return value | AnnotatedInterface.java:6:10:6:11 | A |
+| AnnotatedInterface.java:6:29:6:44 | notNullAnnotated | return value | AnnotatedInterface.java:6:13:6:20 | NotNull |
+| AnnotatedInterface.java:8:30:8:46 | nullableAnnotated | parameter | AnnotatedInterface.java:8:48:8:49 | A |
+| AnnotatedInterface.java:8:30:8:46 | nullableAnnotated | parameter | AnnotatedInterface.java:8:51:8:59 | Nullable |
+| AnnotatedInterface.java:8:30:8:46 | nullableAnnotated | return value | AnnotatedInterface.java:8:10:8:11 | A |
+| AnnotatedInterface.java:8:30:8:46 | nullableAnnotated | return value | AnnotatedInterface.java:8:13:8:21 | Nullable |
+| AnnotatedMethods.java:6:29:6:44 | notNullAnnotated | parameter | AnnotatedMethods.java:6:46:6:47 | A |
+| AnnotatedMethods.java:6:29:6:44 | notNullAnnotated | parameter | AnnotatedMethods.java:6:49:6:56 | NotNull |
+| AnnotatedMethods.java:6:29:6:44 | notNullAnnotated | return value | AnnotatedMethods.java:6:10:6:11 | A |
+| AnnotatedMethods.java:6:29:6:44 | notNullAnnotated | return value | AnnotatedMethods.java:6:13:6:20 | NotNull |
+| AnnotatedMethods.java:8:30:8:46 | nullableAnnotated | parameter | AnnotatedMethods.java:8:48:8:49 | A |
+| AnnotatedMethods.java:8:30:8:46 | nullableAnnotated | parameter | AnnotatedMethods.java:8:51:8:59 | Nullable |
+| AnnotatedMethods.java:8:30:8:46 | nullableAnnotated | return value | AnnotatedMethods.java:8:10:8:11 | A |
+| AnnotatedMethods.java:8:30:8:46 | nullableAnnotated | return value | AnnotatedMethods.java:8:13:8:21 | Nullable |
+| ktUser.kt:0:0:0:0 | notNullAnnotated | parameter | ktUser.kt:0:0:0:0 | A |
+| ktUser.kt:0:0:0:0 | notNullAnnotated | parameter | ktUser.kt:0:0:0:0 | NotNull |
+| ktUser.kt:0:0:0:0 | notNullAnnotated | return value | ktUser.kt:0:0:0:0 | A |
+| ktUser.kt:0:0:0:0 | notNullAnnotated | return value | ktUser.kt:0:0:0:0 | NotNull |
+| ktUser.kt:0:0:0:0 | nullableAnnotated | parameter | ktUser.kt:0:0:0:0 | A |
+| ktUser.kt:0:0:0:0 | nullableAnnotated | parameter | ktUser.kt:0:0:0:0 | Nullable |
+| ktUser.kt:0:0:0:0 | nullableAnnotated | return value | ktUser.kt:0:0:0:0 | A |
+| ktUser.kt:0:0:0:0 | nullableAnnotated | return value | ktUser.kt:0:0:0:0 | Nullable |
+| ktUser.kt:5:6:5:105 | f | parameter | ktUser.kt:0:0:0:0 | NotNull |
+| ktUser.kt:5:6:5:105 | f | parameter | ktUser.kt:5:12:5:13 | A |
+| ktUser.kt:5:6:5:105 | f | return value | ktUser.kt:0:0:0:0 | NotNull |
+| ktUser.kt:5:6:5:105 | f | return value | ktUser.kt:5:3:5:4 | A |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.py b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.py
new file mode 100644
index 00000000000..6a27fa40a40
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.py
@@ -0,0 +1,7 @@
+from create_database_utils import *
+import os
+
+os.mkdir('out')
+os.mkdir('out2')
+os.mkdir('out3')
+run_codeql_database_create(["javac AnnotatedInterface.java AnnotatedMethods.java zpkg/A.java org/jetbrains/annotations/NotNull.java org/jetbrains/annotations/Nullable.java -d out", "kotlinc ktUser.kt -cp out -d out2", "javac JavaUser.java -cp out" + os.pathsep + "out2 -d out3"], lang="java")
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.ql b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.ql
new file mode 100644
index 00000000000..def0233a5a0
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/test.ql
@@ -0,0 +1,11 @@
+import java
+
+from Method m, string origin, Annotation a
+where
+  m.fromSource() and
+  (
+    origin = "return value" and a = m.getAnAnnotation()
+    or
+    origin = "parameter" and a = m.getAParameter().getAnAnnotation()
+  )
+select m, origin, a
diff --git a/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/zpkg/A.java b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/zpkg/A.java
new file mode 100644
index 00000000000..93a36f72500
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/nullability-annotations/zpkg/A.java
@@ -0,0 +1,3 @@
+package zpkg;
+
+public @interface A { }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/qlpack.yml b/java/ql/integration-tests/all-platforms/kotlin/qlpack.yml
index 2d76cd00707..9ead02fc564 100644
--- a/java/ql/integration-tests/all-platforms/kotlin/qlpack.yml
+++ b/java/ql/integration-tests/all-platforms/kotlin/qlpack.yml
@@ -1,4 +1,4 @@
-libraryPathDependencies:
-  - codeql-java
-  - codeql/java-tests
-  - codeql/java-queries
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-tests: '*'
+  codeql/java-queries: '*'
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedContainer.java b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedContainer.java
new file mode 100644
index 00000000000..13d1135669e
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedContainer.java
@@ -0,0 +1,5 @@
+public @interface JavaDefinedContainer {
+
+  public JavaDefinedRepeatable[] value();
+
+}
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedRepeatable.java b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedRepeatable.java
new file mode 100644
index 00000000000..5eaaf1e2ab2
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaDefinedRepeatable.java
@@ -0,0 +1,3 @@
+@java.lang.annotation.Repeatable(JavaDefinedContainer.class)
+public @interface JavaDefinedRepeatable { }
+
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaUser.java b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaUser.java
new file mode 100644
index 00000000000..610c373cb0f
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/JavaUser.java
@@ -0,0 +1,9 @@
+@LocalRepeatable
+@LocalRepeatable
+@LibRepeatable
+@LibRepeatable
+@ExplicitContainerRepeatable
+@ExplicitContainerRepeatable
+@JavaDefinedRepeatable
+@JavaDefinedRepeatable
+public class JavaUser { }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/lib.kt b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/lib.kt
new file mode 100644
index 00000000000..3133d3d9e70
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/lib.kt
@@ -0,0 +1,7 @@
+@Repeatable
+public annotation class LibRepeatable { }
+
+annotation class KtDefinedContainer(val value: Array<ExplicitContainerRepeatable>) { }
+
+@java.lang.annotation.Repeatable(KtDefinedContainer::class)
+annotation class ExplicitContainerRepeatable() { }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.expected b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.expected
new file mode 100644
index 00000000000..6ae3379e99f
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.expected
@@ -0,0 +1,16 @@
+| JavaUser.java:9:14:9:21 | JavaUser | out2/JavaUser.class:0:0:0:0 | Container | value | out2/JavaUser.class:0:0:0:0 | {...} |
+| JavaUser.java:9:14:9:21 | JavaUser | out2/JavaUser.class:0:0:0:0 | Container | value | out2/JavaUser.class:0:0:0:0 | {...} |
+| JavaUser.java:9:14:9:21 | JavaUser | out2/JavaUser.class:0:0:0:0 | JavaDefinedContainer | value | out2/JavaUser.class:0:0:0:0 | {...} |
+| JavaUser.java:9:14:9:21 | JavaUser | out2/JavaUser.class:0:0:0:0 | KtDefinedContainer | value | out2/JavaUser.class:0:0:0:0 | {...} |
+| out/ExplicitContainerRepeatable.class:0:0:0:0 | ExplicitContainerRepeatable | out/ExplicitContainerRepeatable.class:0:0:0:0 | Repeatable | value | out/ExplicitContainerRepeatable.class:0:0:0:0 | KtDefinedContainer.class |
+| out/ExplicitContainerRepeatable.class:0:0:0:0 | ExplicitContainerRepeatable | out/ExplicitContainerRepeatable.class:0:0:0:0 | Retention | value | out/ExplicitContainerRepeatable.class:0:0:0:0 | RUNTIME |
+| out/JavaDefinedRepeatable.class:0:0:0:0 | JavaDefinedRepeatable | out/JavaDefinedRepeatable.class:0:0:0:0 | Repeatable | value | out/JavaDefinedRepeatable.class:0:0:0:0 | JavaDefinedContainer.class |
+| out/KtDefinedContainer.class:0:0:0:0 | KtDefinedContainer | out/KtDefinedContainer.class:0:0:0:0 | Retention | value | out/KtDefinedContainer.class:0:0:0:0 | RUNTIME |
+| out/LibRepeatable.class:0:0:0:0 | LibRepeatable | out/LibRepeatable.class:0:0:0:0 | Repeatable | value | out/LibRepeatable.class:0:0:0:0 | Container.class |
+| out/LibRepeatable.class:0:0:0:0 | LibRepeatable | out/LibRepeatable.class:0:0:0:0 | Retention | value | out/LibRepeatable.class:0:0:0:0 | RUNTIME |
+| test.kt:1:1:2:43 | LocalRepeatable | test.kt:0:0:0:0 | Repeatable | value | test.kt:0:0:0:0 | Container.class |
+| test.kt:1:1:2:43 | LocalRepeatable | test.kt:0:0:0:0 | Retention | value | test.kt:0:0:0:0 | RetentionPolicy.RUNTIME |
+| test.kt:4:1:12:21 | User | test.kt:0:0:0:0 | Container | value | test.kt:0:0:0:0 | {...} |
+| test.kt:4:1:12:21 | User | test.kt:0:0:0:0 | Container | value | test.kt:0:0:0:0 | {...} |
+| test.kt:4:1:12:21 | User | test.kt:0:0:0:0 | JavaDefinedContainer | value | test.kt:0:0:0:0 | {...} |
+| test.kt:4:1:12:21 | User | test.kt:0:0:0:0 | KtDefinedContainer | value | test.kt:0:0:0:0 | {...} |
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.kt b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.kt
new file mode 100644
index 00000000000..16a54a3e630
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.kt
@@ -0,0 +1,12 @@
+@Repeatable
+public annotation class LocalRepeatable { }
+
+@LocalRepeatable
+@LocalRepeatable
+@LibRepeatable
+@LibRepeatable
+@ExplicitContainerRepeatable
+@ExplicitContainerRepeatable
+@JavaDefinedRepeatable
+@JavaDefinedRepeatable
+public class User { }
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.py b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.py
new file mode 100644
index 00000000000..e0b7c69cb05
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.py
@@ -0,0 +1,7 @@
+from create_database_utils import *
+
+os.mkdir('out')
+os.mkdir('out2')
+runSuccessfully([get_cmd("kotlinc"), "lib.kt", "-d", "out"])
+runSuccessfully([get_cmd("javac"), "JavaDefinedContainer.java", "JavaDefinedRepeatable.java", "-d", "out"])
+run_codeql_database_create(["kotlinc test.kt -cp out -d out", "javac JavaUser.java -cp out -d out2"], lang="java")
diff --git a/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.ql b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.ql
new file mode 100644
index 00000000000..701f6aed1ab
--- /dev/null
+++ b/java/ql/integration-tests/all-platforms/kotlin/repeatable-annotations/test.ql
@@ -0,0 +1,11 @@
+import java
+
+from ClassOrInterface annotated, Annotation a, string valName, Expr val
+where
+  a.getValue(valName) = val and
+  annotated = a.getAnnotatedElement() and
+  annotated.getName() in [
+      "JavaDefinedRepeatable", "JavaDefinedContainer", "KtDefinedContainer", "LibRepeatable",
+      "ExplicitContainerRepeatable", "LocalRepeatable", "User", "JavaUser"
+    ]
+select a.getAnnotatedElement(), a, valName, val
diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected
index 51186ef7b15..6921b7541ad 100644
--- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected
+++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected
@@ -50,7 +50,7 @@ d.kt:
 #    1|   1: [Class] D
 #    0|     2: [FieldDeclaration] String bar;
 #    0|       -1: [TypeAccess] String
-#    0|       0: [StringLiteral] Foobar
+#    0|       0: [StringLiteral] "Foobar"
 #    1|     3: [Constructor] D
 #    1|       5: [BlockStmt] { ... }
 #    1|         0: [SuperConstructorInvocationStmt] super(...)
diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/plugin/Plugin.kt b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/plugin/Plugin.kt
index c88410ca9db..d80801974e2 100644
--- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/plugin/Plugin.kt
+++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/plugin/Plugin.kt
@@ -4,7 +4,7 @@ import com.intellij.mock.MockProject
 import org.jetbrains.kotlin.backend.common.IrElementTransformerVoidWithContext
 import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
-import org.jetbrains.kotlin.backend.common.ir.createImplicitParameterDeclarationWithWrappedDescriptor
+import org.jetbrains.kotlin.backend.common.ir.addDispatchReceiver
 import org.jetbrains.kotlin.backend.common.lower.DeclarationIrBuilder
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.config.CompilerConfiguration
@@ -30,6 +30,7 @@ import org.jetbrains.kotlin.ir.symbols.IrSimpleFunctionSymbol
 import org.jetbrains.kotlin.ir.types.IrType
 import org.jetbrains.kotlin.ir.types.defaultType
 import org.jetbrains.kotlin.ir.types.typeWith
+import org.jetbrains.kotlin.ir.util.createImplicitParameterDeclarationWithWrappedDescriptor
 import org.jetbrains.kotlin.ir.util.defaultType
 import org.jetbrains.kotlin.name.FqName
 import org.jetbrains.kotlin.name.Name
diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/qlpack.yml b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/qlpack.yml
new file mode 100644
index 00000000000..e2f6b6de7ba
--- /dev/null
+++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/qlpack.yml
@@ -0,0 +1,3 @@
+name: integrationtest-custom-plugin
+dependencies:
+  codeql/java-all: '*'
diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/staticinit.expected b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/staticinit.expected
index 606bbd3f338..092e8241a3d 100644
--- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/staticinit.expected
+++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/staticinit.expected
@@ -1 +1 @@
-| d.kt:0:0:0:0 | bar | d.kt:0:0:0:0 | Foobar |
+| d.kt:0:0:0:0 | bar | d.kt:0:0:0:0 | "Foobar" |
diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md
index 696c3097fac..21b8949ce62 100644
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,23 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### New Features
+
+* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment.
+* The new `string Compilation.getInfo(string)` predicate provides access to some information about compilations.
+
+### Minor Analysis Improvements
+
+* The ReDoS libraries in `semmle.code.java.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
+* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`.
+
 ## 0.4.3
 
 No user-facing changes.
diff --git a/java/ql/lib/change-notes/2022-10-17-android-activity-alias.md b/java/ql/lib/change-notes/2022-10-17-android-activity-alias.md
new file mode 100644
index 00000000000..c33a1feaaae
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-10-17-android-activity-alias.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added support for Android Manifest `<activity-aliases>` elements in data flow sources. 
diff --git a/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md b/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md
deleted file mode 100644
index 4716fb2ac41..00000000000
--- a/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`.
\ No newline at end of file
diff --git a/java/ql/lib/change-notes/2022-11-10-kotlin-default.md b/java/ql/lib/change-notes/2022-11-10-kotlin-default.md
deleted file mode 100644
index d411c58173c..00000000000
--- a/java/ql/lib/change-notes/2022-11-10-kotlin-default.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-category: feature
----
-* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment.
diff --git a/java/ql/lib/change-notes/2022-11-17-deleted-deps.md b/java/ql/lib/change-notes/2022-11-17-deleted-deps.md
new file mode 100644
index 00000000000..014b4ff23eb
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `LocalClassDeclStmtNode` and `LocalClassDeclStmt` classes from `PrintAst.qll` and `Statement.qll` respectively.
+* Deleted the deprecated `getLocalClass` predicate from `LocalTypeDeclStmt`, and the deprecated `getLocalClassDeclStmt` predicate from `LocalClassOrInterface`.
\ No newline at end of file
diff --git a/java/ql/lib/change-notes/2022-11-21-paths-get-fix.md b/java/ql/lib/change-notes/2022-11-21-paths-get-fix.md
new file mode 100644
index 00000000000..a586cecf04b
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-11-21-paths-get-fix.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added a taint model for the method `java.nio.file.Path.getParent`.
+* Fixed a problem in the taint model for the method `java.nio.file.Paths.get`.
diff --git a/java/ql/lib/change-notes/2022-11-23-mad-data-extensions.md b/java/ql/lib/change-notes/2022-11-23-mad-data-extensions.md
new file mode 100644
index 00000000000..6e897ed60c2
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-11-23-mad-data-extensions.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Models as Data models for Java are defined as data extensions instead of being inlined in the code. New models should be added in the `lib/ext` folder.
\ No newline at end of file
diff --git a/java/ql/lib/change-notes/2022-12-05-insecure-cookie-global-flow.md b/java/ql/lib/change-notes/2022-12-05-insecure-cookie-global-flow.md
new file mode 100644
index 00000000000..3eb33b8624e
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-12-05-insecure-cookie-global-flow.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/insecure-cookie` now uses global dataflow to track secure cookies being set to the HTTP response object.
diff --git a/java/ql/lib/change-notes/2022-12-05-kotlin-path-sanitizer.md b/java/ql/lib/change-notes/2022-12-05-kotlin-path-sanitizer.md
new file mode 100644
index 00000000000..ac6d59046a0
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-12-05-kotlin-path-sanitizer.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The library `PathSanitizer.qll` has been improved to detect more path validation patterns in Kotlin.
diff --git a/java/ql/lib/change-notes/2022-12-09-default-extension-methods.md b/java/ql/lib/change-notes/2022-12-09-default-extension-methods.md
new file mode 100644
index 00000000000..df9d23503da
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-12-09-default-extension-methods.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The extraction of Kotlin extension methods has been improved when default parameter values are present. The dispatch and extension receiver parameters are extracted in the correct order. The `ExtensionMethod::getExtensionReceiverParameterIndex` predicate has been introduced to facilitate getting the correct extension parameter index.
diff --git a/java/ql/lib/change-notes/released/0.4.4.md b/java/ql/lib/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..ca76975d283
--- /dev/null
+++ b/java/ql/lib/change-notes/released/0.4.4.md
@@ -0,0 +1,11 @@
+## 0.4.4
+
+### New Features
+
+* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment.
+* The new `string Compilation.getInfo(string)` predicate provides access to some information about compilations.
+
+### Minor Analysis Improvements
+
+* The ReDoS libraries in `semmle.code.java.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
+* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`.
diff --git a/java/ql/lib/change-notes/released/0.4.5.md b/java/ql/lib/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/java/ql/lib/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/java/ql/lib/change-notes/released/0.4.6.md b/java/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/java/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/java/ql/lib/config/semmlecode.dbscheme b/java/ql/lib/config/semmlecode.dbscheme
index 709f1d1fd04..44d61b266be 100644
--- a/java/ql/lib/config/semmlecode.dbscheme
+++ b/java/ql/lib/config/semmlecode.dbscheme
@@ -31,6 +31,12 @@ compilation_started(
     int id : @compilation ref
 )
 
+compilation_info(
+    int id : @compilation ref,
+    string info_key: string ref,
+    string info_value: string ref
+)
+
 /**
  * The arguments that were passed to the extractor for a compiler
  * invocation. If `id` is for the compiler invocation
diff --git a/java/ql/lib/config/semmlecode.dbscheme.stats b/java/ql/lib/config/semmlecode.dbscheme.stats
index 21f4ae2aa28..7ebc6e0b93e 100644
--- a/java/ql/lib/config/semmlecode.dbscheme.stats
+++ b/java/ql/lib/config/semmlecode.dbscheme.stats
@@ -6,11 +6,11 @@
         </e>
         <e>
             <k>@kotlincompilation</k>
-            <v>6806</v>
+            <v>7683</v>
         </e>
         <e>
             <k>@diagnostic</k>
-            <v>631661</v>
+            <v>61632</v>
         </e>
         <e>
             <k>@externalDataElement</k>
@@ -26,27 +26,27 @@
         </e>
         <e>
             <k>@file</k>
-            <v>7997871</v>
+            <v>9158642</v>
         </e>
         <e>
             <k>@folder</k>
-            <v>1275575</v>
+            <v>1415670</v>
         </e>
         <e>
             <k>@location_default</k>
-            <v>430051334</v>
+            <v>602747369</v>
         </e>
         <e>
             <k>@package</k>
-            <v>611241</v>
-        </e>
-        <e>
-            <k>@modifier</k>
-            <v>13613</v>
+            <v>580098</v>
         </e>
         <e>
             <k>@primitive</k>
-            <v>12252</v>
+            <v>17287</v>
+        </e>
+        <e>
+            <k>@modifier</k>
+            <v>26891</v>
         </e>
         <e>
             <k>@errortype</k>
@@ -54,87 +54,87 @@
         </e>
         <e>
             <k>@class</k>
-            <v>12548830</v>
+            <v>12618104</v>
         </e>
         <e>
             <k>@kt_nullable_type</k>
-            <v>1361</v>
+            <v>1920</v>
         </e>
         <e>
             <k>@kt_notnull_type</k>
-            <v>191419</v>
+            <v>172391</v>
         </e>
         <e>
             <k>@kt_type_alias</k>
-            <v>2060</v>
+            <v>1821</v>
         </e>
         <e>
             <k>@interface</k>
-            <v>21501109</v>
+            <v>23200100</v>
         </e>
         <e>
             <k>@fielddecl</k>
-            <v>398872</v>
+            <v>199475</v>
         </e>
         <e>
             <k>@field</k>
-            <v>27509955</v>
+            <v>19350704</v>
         </e>
         <e>
             <k>@constructor</k>
-            <v>6869320</v>
+            <v>8006128</v>
         </e>
         <e>
             <k>@method</k>
-            <v>93308954</v>
+            <v>109719302</v>
         </e>
         <e>
             <k>@param</k>
-            <v>101015498</v>
+            <v>120852585</v>
         </e>
         <e>
             <k>@exception</k>
-            <v>1228169</v>
+            <v>1232644</v>
         </e>
         <e>
             <k>@typevariable</k>
-            <v>5105024</v>
+            <v>6288883</v>
         </e>
         <e>
             <k>@wildcard</k>
-            <v>3629331</v>
+            <v>3338447</v>
         </e>
         <e>
             <k>@typebound</k>
-            <v>4383514</v>
+            <v>4229725</v>
         </e>
         <e>
             <k>@array</k>
-            <v>1116298</v>
+            <v>1375332</v>
         </e>
         <e>
             <k>@import</k>
-            <v>368532</v>
+            <v>368550</v>
         </e>
         <e>
             <k>@block</k>
-            <v>845392</v>
+            <v>756817</v>
         </e>
         <e>
             <k>@ifstmt</k>
-            <v>188296</v>
+            <v>188285</v>
         </e>
         <e>
             <k>@forstmt</k>
-            <v>52508</v>
+            <v>52504</v>
         </e>
         <e>
             <k>@enhancedforstmt</k>
-            <v>18506</v>
+            <v>18520</v>
         </e>
         <e>
             <k>@whilestmt</k>
-            <v>21684</v>
+            <v>13266</v>
         </e>
         <e>
             <k>@dostmt</k>
@@ -142,7 +142,7 @@
         </e>
         <e>
             <k>@trystmt</k>
-            <v>58627</v>
+            <v>58624</v>
         </e>
         <e>
             <k>@switchstmt</k>
@@ -150,19 +150,19 @@
         </e>
         <e>
             <k>@synchronizedstmt</k>
-            <v>18703</v>
+            <v>18206</v>
         </e>
         <e>
             <k>@returnstmt</k>
-            <v>674863</v>
+            <v>532846</v>
         </e>
         <e>
             <k>@throwstmt</k>
-            <v>35919</v>
+            <v>35917</v>
         </e>
         <e>
             <k>@breakstmt</k>
-            <v>35331</v>
+            <v>35329</v>
         </e>
         <e>
             <k>@continuestmt</k>
@@ -170,23 +170,23 @@
         </e>
         <e>
             <k>@emptystmt</k>
-            <v>1562</v>
+            <v>1561</v>
         </e>
         <e>
             <k>@exprstmt</k>
-            <v>942161</v>
+            <v>942102</v>
         </e>
         <e>
             <k>@assertstmt</k>
-            <v>10816</v>
+            <v>10815</v>
         </e>
         <e>
             <k>@localvariabledeclstmt</k>
-            <v>318709</v>
+            <v>318689</v>
         </e>
         <e>
             <k>@localtypedeclstmt</k>
-            <v>4057</v>
+            <v>3841</v>
         </e>
         <e>
             <k>@constructorinvocationstmt</k>
@@ -194,19 +194,19 @@
         </e>
         <e>
             <k>@superconstructorinvocationstmt</k>
-            <v>223641</v>
+            <v>201354</v>
         </e>
         <e>
             <k>@case</k>
-            <v>107943</v>
+            <v>107945</v>
         </e>
         <e>
             <k>@catchclause</k>
-            <v>55205</v>
+            <v>55201</v>
         </e>
         <e>
             <k>@labeledstmt</k>
-            <v>2560</v>
+            <v>2342</v>
         </e>
         <e>
             <k>@yieldstmt</k>
@@ -218,27 +218,27 @@
         </e>
         <e>
             <k>@whenbranch</k>
-            <v>234276</v>
+            <v>225101</v>
         </e>
         <e>
             <k>@arrayaccess</k>
-            <v>409706</v>
+            <v>409681</v>
         </e>
         <e>
             <k>@arraycreationexpr</k>
-            <v>69251</v>
+            <v>69247</v>
         </e>
         <e>
             <k>@arrayinit</k>
-            <v>405408</v>
+            <v>405405</v>
         </e>
         <e>
             <k>@assignexpr</k>
-            <v>465437</v>
+            <v>465407</v>
         </e>
         <e>
             <k>@assignaddexpr</k>
-            <v>17017</v>
+            <v>17016</v>
         </e>
         <e>
             <k>@assignsubexpr</k>
@@ -258,63 +258,63 @@
         </e>
         <e>
             <k>@assignorexpr</k>
-            <v>14529</v>
+            <v>14528</v>
         </e>
         <e>
             <k>@booleanliteral</k>
-            <v>589884</v>
+            <v>589912</v>
         </e>
         <e>
             <k>@integerliteral</k>
-            <v>1151527</v>
+            <v>1151458</v>
         </e>
         <e>
             <k>@longliteral</k>
-            <v>185903</v>
+            <v>185904</v>
         </e>
         <e>
             <k>@floatingpointliteral</k>
-            <v>2825166</v>
+            <v>2824996</v>
         </e>
         <e>
             <k>@doubleliteral</k>
-            <v>486650</v>
+            <v>486619</v>
         </e>
         <e>
             <k>@characterliteral</k>
-            <v>40018</v>
+            <v>40016</v>
         </e>
         <e>
             <k>@stringliteral</k>
-            <v>1262892</v>
+            <v>1262818</v>
         </e>
         <e>
             <k>@nullliteral</k>
-            <v>355828</v>
+            <v>434113</v>
         </e>
         <e>
             <k>@mulexpr</k>
-            <v>204593</v>
+            <v>204580</v>
         </e>
         <e>
             <k>@divexpr</k>
-            <v>36267</v>
+            <v>36264</v>
         </e>
         <e>
             <k>@remexpr</k>
-            <v>3896</v>
+            <v>3904</v>
         </e>
         <e>
             <k>@addexpr</k>
-            <v>176997</v>
+            <v>176986</v>
         </e>
         <e>
             <k>@subexpr</k>
-            <v>84390</v>
+            <v>84385</v>
         </e>
         <e>
             <k>@lshiftexpr</k>
-            <v>8737</v>
+            <v>8736</v>
         </e>
         <e>
             <k>@rshiftexpr</k>
@@ -326,11 +326,11 @@
         </e>
         <e>
             <k>@andbitexpr</k>
-            <v>29091</v>
+            <v>110212</v>
         </e>
         <e>
             <k>@orbitexpr</k>
-            <v>8626</v>
+            <v>12590</v>
         </e>
         <e>
             <k>@xorbitexpr</k>
@@ -338,47 +338,47 @@
         </e>
         <e>
             <k>@andlogicalexpr</k>
-            <v>41339</v>
+            <v>36742</v>
         </e>
         <e>
             <k>@orlogicalexpr</k>
-            <v>31152</v>
+            <v>31150</v>
         </e>
         <e>
             <k>@ltexpr</k>
-            <v>66254</v>
+            <v>66249</v>
         </e>
         <e>
             <k>@gtexpr</k>
-            <v>17204</v>
+            <v>17203</v>
         </e>
         <e>
             <k>@leexpr</k>
-            <v>10530</v>
+            <v>10529</v>
         </e>
         <e>
             <k>@geexpr</k>
-            <v>13412</v>
+            <v>13411</v>
         </e>
         <e>
             <k>@eqexpr</k>
-            <v>104281</v>
+            <v>128429</v>
         </e>
         <e>
             <k>@neexpr</k>
-            <v>60978</v>
+            <v>60975</v>
         </e>
         <e>
             <k>@postincexpr</k>
-            <v>29634</v>
+            <v>29632</v>
         </e>
         <e>
             <k>@postdecexpr</k>
-            <v>11684</v>
+            <v>11683</v>
         </e>
         <e>
             <k>@preincexpr</k>
-            <v>23716</v>
+            <v>23714</v>
         </e>
         <e>
             <k>@predecexpr</k>
@@ -386,75 +386,75 @@
         </e>
         <e>
             <k>@minusexpr</k>
-            <v>744431</v>
+            <v>744386</v>
         </e>
         <e>
             <k>@plusexpr</k>
-            <v>53010</v>
+            <v>53007</v>
         </e>
         <e>
             <k>@bitnotexpr</k>
-            <v>8187</v>
+            <v>8186</v>
         </e>
         <e>
             <k>@lognotexpr</k>
-            <v>40113</v>
+            <v>40111</v>
         </e>
         <e>
             <k>@castexpr</k>
-            <v>93193</v>
+            <v>93187</v>
         </e>
         <e>
             <k>@newexpr</k>
-            <v>252099</v>
+            <v>252083</v>
         </e>
         <e>
             <k>@conditionalexpr</k>
-            <v>16048</v>
+            <v>16047</v>
         </e>
         <e>
             <k>@instanceofexpr</k>
-            <v>31040</v>
+            <v>29542</v>
         </e>
         <e>
             <k>@localvariabledeclexpr</k>
-            <v>385297</v>
+            <v>385272</v>
         </e>
         <e>
             <k>@typeliteral</k>
-            <v>148289</v>
+            <v>144350</v>
         </e>
         <e>
             <k>@thisaccess</k>
-            <v>949960</v>
+            <v>756915</v>
         </e>
         <e>
             <k>@superaccess</k>
-            <v>22195</v>
+            <v>99884</v>
         </e>
         <e>
             <k>@varaccess</k>
-            <v>2434432</v>
+            <v>2434277</v>
         </e>
         <e>
             <k>@methodaccess</k>
-            <v>1578817</v>
+            <v>1512385</v>
         </e>
         <e>
             <k>@unannotatedtypeaccess</k>
-            <v>2861937</v>
+            <v>2608638</v>
         </e>
         <e>
             <k>@arraytypeaccess</k>
-            <v>120735</v>
+            <v>120727</v>
         </e>
         <e>
             <k>@wildcardtypeaccess</k>
-            <v>63960</v>
+            <v>64091</v>
         </e>
         <e>
             <k>@declannotation</k>
-            <v>6745248</v>
+            <v>6740832</v>
         </e>
         <e>
             <k>@assignremexpr</k>
@@ -462,7 +462,7 @@
         </e>
         <e>
             <k>@assignxorexpr</k>
-            <v>1101</v>
+            <v>1102</v>
         </e>
         <e>
             <k>@assignlshiftexpr</k>
@@ -490,19 +490,19 @@
         </e>
         <e>
             <k>@lambdaexpr</k>
-            <v>183936</v>
+            <v>167982</v>
         </e>
         <e>
             <k>@memberref</k>
-            <v>23858</v>
+            <v>23859</v>
         </e>
         <e>
             <k>@annotatedtypeaccess</k>
-            <v>1280</v>
+            <v>1281</v>
         </e>
         <e>
             <k>@typeannotation</k>
-            <v>1280</v>
+            <v>1281</v>
         </e>
         <e>
             <k>@intersectiontypeaccess</k>
@@ -518,43 +518,43 @@
         </e>
         <e>
             <k>@whenexpr</k>
-            <v>172064</v>
+            <v>152111</v>
         </e>
         <e>
             <k>@getclassexpr</k>
-            <v>1361</v>
+            <v>1920</v>
         </e>
         <e>
             <k>@safecastexpr</k>
-            <v>6932</v>
+            <v>6402</v>
         </e>
         <e>
             <k>@implicitcastexpr</k>
-            <v>32918</v>
+            <v>30316</v>
         </e>
         <e>
             <k>@implicitnotnullexpr</k>
-            <v>241262</v>
+            <v>216630</v>
         </e>
         <e>
             <k>@implicitcoerciontounitexpr</k>
-            <v>91329</v>
+            <v>81396</v>
         </e>
         <e>
             <k>@notinstanceofexpr</k>
-            <v>19576</v>
+            <v>17306</v>
         </e>
         <e>
             <k>@stmtexpr</k>
-            <v>57687</v>
+            <v>55704</v>
         </e>
         <e>
             <k>@stringtemplateexpr</k>
-            <v>55814</v>
+            <v>59546</v>
         </e>
         <e>
             <k>@notnullexpr</k>
-            <v>20290</v>
+            <v>18820</v>
         </e>
         <e>
             <k>@unsafecoerceexpr</k>
@@ -562,23 +562,23 @@
         </e>
         <e>
             <k>@valueeqexpr</k>
-            <v>102712</v>
+            <v>93060</v>
         </e>
         <e>
             <k>@valueneexpr</k>
-            <v>108184</v>
+            <v>95639</v>
         </e>
         <e>
             <k>@propertyref</k>
-            <v>9642</v>
+            <v>8878</v>
         </e>
         <e>
             <k>@localvar</k>
-            <v>385297</v>
+            <v>385272</v>
         </e>
         <e>
             <k>@module</k>
-            <v>7964</v>
+            <v>7965</v>
         </e>
         <e>
             <k>@requires</k>
@@ -586,7 +586,7 @@
         </e>
         <e>
             <k>@exports</k>
-            <v>35011</v>
+            <v>35013</v>
         </e>
         <e>
             <k>@opens</k>
@@ -594,7 +594,7 @@
         </e>
         <e>
             <k>@uses</k>
-            <v>10785</v>
+            <v>10786</v>
         </e>
         <e>
             <k>@provides</k>
@@ -602,15 +602,15 @@
         </e>
         <e>
             <k>@javadoc</k>
-            <v>985153</v>
+            <v>985091</v>
         </e>
         <e>
             <k>@javadocTag</k>
-            <v>335830</v>
+            <v>335808</v>
         </e>
         <e>
             <k>@javadocText</k>
-            <v>2503007</v>
+            <v>2502848</v>
         </e>
         <e>
             <k>@xmldtd</k>
@@ -618,23 +618,23 @@
         </e>
         <e>
             <k>@xmlelement</k>
-            <v>106507143</v>
+            <v>150282022</v>
         </e>
         <e>
             <k>@xmlattribute</k>
-            <v>129551904</v>
+            <v>182798274</v>
         </e>
         <e>
             <k>@xmlnamespace</k>
-            <v>8168</v>
+            <v>11525</v>
         </e>
         <e>
             <k>@xmlcomment</k>
-            <v>107198704</v>
+            <v>151257816</v>
         </e>
         <e>
             <k>@xmlcharacters</k>
-            <v>101302741</v>
+            <v>142938589</v>
         </e>
         <e>
             <k>@config</k>
@@ -650,15 +650,15 @@
         </e>
         <e>
             <k>@ktcomment</k>
-            <v>133411</v>
+            <v>188243</v>
         </e>
         <e>
             <k>@ktcommentsection</k>
-            <v>59896</v>
+            <v>52611</v>
         </e>
         <e>
             <k>@kt_property</k>
-            <v>30236718</v>
+            <v>21895839</v>
         </e>
     </typesizes>
     <stats>
@@ -880,30 +880,146 @@
         </relation>
         <relation>
             <name>compilation_started</name>
-            <cardinality>6806</cardinality>
+            <cardinality>7683</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>6806</v>
+                    <v>7683</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
-            <name>compilation_args</name>
-            <cardinality>157915</cardinality>
+            <name>compilation_info</name>
+            <cardinality>15366</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>6806</v>
+                    <v>7683</v>
+                </e>
+                <e>
+                    <k>info_key</k>
+                    <v>3841</v>
+                </e>
+                <e>
+                    <k>info_value</k>
+                    <v>3841</v>
+                </e>
+            </columnsizes>
+            <dependencies>
+                <dep>
+                    <src>id</src>
+                    <trg>info_key</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>7683</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>id</src>
+                    <trg>info_value</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>7683</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>info_key</src>
+                    <trg>id</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>3841</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>info_key</src>
+                    <trg>info_value</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>3841</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>info_value</src>
+                    <trg>id</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>3841</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>info_value</src>
+                    <trg>info_key</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>3841</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+            </dependencies>
+        </relation>
+        <relation>
+            <name>compilation_args</name>
+            <cardinality>169035</cardinality>
+            <columnsizes>
+                <e>
+                    <k>id</k>
+                    <v>7683</v>
                 </e>
                 <e>
                     <k>num</k>
-                    <v>38117</v>
+                    <v>48021</v>
                 </e>
                 <e>
                     <k>arg</k>
-                    <v>89848</v>
+                    <v>90280</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -917,22 +1033,17 @@
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>24</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>26</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>28</a>
-                                    <b>29</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -948,22 +1059,17 @@
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>24</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>26</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>27</a>
-                                    <b>28</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -979,22 +1085,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4084</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2722</v>
+                                    <v>5762</v>
                                 </b>
                                 <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>4084</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>27226</v>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>38417</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1010,27 +1111,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8168</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5445</v>
+                                    <v>17287</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>10890</v>
+                                    <v>11525</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>6806</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1046,22 +1142,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>69428</v>
+                                    <v>61467</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>6806</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>10890</v>
+                                    <v>24971</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1077,17 +1168,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>72151</v>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>14974</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>2722</v>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1097,19 +1188,19 @@
         </relation>
         <relation>
             <name>compilation_compiling_files</name>
-            <cardinality>61119</cardinality>
+            <cardinality>59495</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2337</v>
+                    <v>2275</v>
                 </e>
                 <e>
                     <k>num</k>
-                    <v>18035</v>
+                    <v>17556</v>
                 </e>
                 <e>
                     <k>file</k>
-                    <v>51099</v>
+                    <v>49742</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -1123,22 +1214,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333</v>
+                                    <v>325</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>35</a>
                                     <b>36</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1154,22 +1245,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333</v>
+                                    <v>325</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>35</a>
                                     <b>36</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1185,17 +1276,17 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6345</v>
+                                    <v>6177</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>11021</v>
+                                    <v>10728</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1211,17 +1302,17 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6345</v>
+                                    <v>6177</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>10019</v>
+                                    <v>9753</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>8</b>
-                                    <v>1669</v>
+                                    <v>1625</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1237,12 +1328,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>41080</v>
+                                    <v>39989</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>10019</v>
+                                    <v>9753</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1258,7 +1349,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>51099</v>
+                                    <v>49742</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1268,19 +1359,19 @@
         </relation>
         <relation>
             <name>compilation_compiling_files_completed</name>
-            <cardinality>61119</cardinality>
+            <cardinality>59495</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2337</v>
+                    <v>2275</v>
                 </e>
                 <e>
                     <k>num</k>
-                    <v>18035</v>
+                    <v>17556</v>
                 </e>
                 <e>
                     <k>result</k>
-                    <v>667</v>
+                    <v>325</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -1294,22 +1385,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333</v>
+                                    <v>325</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>35</a>
                                     <b>36</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1325,12 +1416,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1669</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>667</v>
+                                    <v>2275</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1346,17 +1432,17 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6345</v>
+                                    <v>6177</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>11021</v>
+                                    <v>10728</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>667</v>
+                                    <v>650</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1372,12 +1458,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>17701</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>333</v>
+                                    <v>17556</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1390,15 +1471,10 @@
                         <hist>
                             <budget>12</budget>
                             <bs>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>333</v>
-                                </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>333</v>
+                                    <v>325</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1411,15 +1487,10 @@
                         <hist>
                             <budget>12</budget>
                             <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>333</v>
-                                </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>333</v>
+                                    <v>325</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1429,7 +1500,7 @@
         </relation>
         <relation>
             <name>compilation_time</name>
-            <cardinality>196462</cardinality>
+            <cardinality>196471</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
@@ -1437,7 +1508,7 @@
                 </e>
                 <e>
                     <k>num</k>
-                    <v>5143</v>
+                    <v>5144</v>
                 </e>
                 <e>
                     <k>kind</k>
@@ -1445,7 +1516,7 @@
                 </e>
                 <e>
                     <k>seconds</k>
-                    <v>89768</v>
+                    <v>89772</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -1658,7 +1729,7 @@
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>5143</v>
+                                    <v>5144</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1793,7 +1864,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>89602</v>
+                                    <v>89606</v>
                                 </b>
                                 <b>
                                     <a>52</a>
@@ -1814,7 +1885,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>89602</v>
+                                    <v>89606</v>
                                 </b>
                                 <b>
                                     <a>31</a>
@@ -1835,7 +1906,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>89602</v>
+                                    <v>89606</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -1850,23 +1921,23 @@
         </relation>
         <relation>
             <name>diagnostic_for</name>
-            <cardinality>631661</cardinality>
+            <cardinality>61632</cardinality>
             <columnsizes>
                 <e>
                     <k>diagnostic</k>
-                    <v>631661</v>
+                    <v>61632</v>
                 </e>
                 <e>
                     <k>compilation</k>
-                    <v>6806</v>
+                    <v>574</v>
                 </e>
                 <e>
                     <k>file_number</k>
-                    <v>8168</v>
+                    <v>14797</v>
                 </e>
                 <e>
                     <k>file_number_diagnostic_number</k>
-                    <v>59898</v>
+                    <v>2154</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -1880,7 +1951,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1896,7 +1967,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1912,7 +1983,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1926,24 +1997,24 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>73</a>
-                                    <b>74</b>
-                                    <v>1361</v>
+                                    <a>14</a>
+                                    <b>15</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>84</a>
-                                    <b>85</b>
-                                    <v>1361</v>
+                                    <a>28</a>
+                                    <b>29</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>100</a>
-                                    <b>101</b>
-                                    <v>2722</v>
+                                    <a>123</a>
+                                    <b>124</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>107</a>
-                                    <b>108</b>
-                                    <v>1361</v>
+                                    <a>264</a>
+                                    <b>265</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1957,24 +2028,24 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>2722</v>
+                                    <a>7</a>
+                                    <b>8</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>1361</v>
+                                    <a>14</a>
+                                    <b>15</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>1361</v>
+                                    <a>45</a>
+                                    <b>46</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>6</a>
-                                    <b>7</b>
-                                    <v>1361</v>
+                                    <a>103</a>
+                                    <b>104</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -1988,29 +2059,19 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>29</a>
-                                    <b>30</b>
-                                    <v>1361</v>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>287</v>
                                 </b>
                                 <b>
-                                    <a>34</a>
-                                    <b>35</b>
-                                    <v>1361</v>
+                                    <a>14</a>
+                                    <b>15</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>40</a>
-                                    <b>41</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>42</a>
-                                    <b>43</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>44</a>
-                                    <b>45</b>
-                                    <v>1361</v>
+                                    <a>15</a>
+                                    <b>16</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2019,47 +2080,6 @@
                 <dep>
                     <src>file_number</src>
                     <trg>diagnostic</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>6</a>
-                                    <b>7</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>35</a>
-                                    <b>36</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>49</a>
-                                    <b>50</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>101</a>
-                                    <b>102</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>129</a>
-                                    <b>130</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>144</a>
-                                    <b>145</b>
-                                    <v>1361</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>file_number</src>
-                    <trg>compilation</trg>
                     <val>
                         <hist>
                             <budget>12</budget>
@@ -2067,22 +2087,73 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>6464</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1361</v>
+                                    <v>718</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>3160</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>4084</v>
+                                    <v>1292</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>8</b>
+                                    <v>1149</v>
+                                </b>
+                                <b>
+                                    <a>8</a>
+                                    <b>11</b>
+                                    <v>1292</v>
+                                </b>
+                                <b>
+                                    <a>12</a>
+                                    <b>21</b>
+                                    <v>574</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>file_number</src>
+                    <trg>compilation</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>8332</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>4453</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>1005</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>1005</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2096,34 +2167,34 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>6</a>
-                                    <b>7</b>
-                                    <v>1361</v>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>10056</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>2011</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>1005</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>8</b>
+                                    <v>1149</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
                                     <b>16</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>34</a>
-                                    <b>35</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>40</a>
-                                    <b>41</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>42</a>
-                                    <b>43</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>44</a>
-                                    <b>45</b>
-                                    <v>1361</v>
+                                    <v>430</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2138,58 +2209,53 @@
                             <bs>
                                 <b>
                                     <a>1</a>
-                                    <b>3</b>
-                                    <v>5445</v>
+                                    <b>2</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>6806</v>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>574</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>430</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>6806</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>8</a>
-                                    <b>9</b>
-                                    <v>4084</v>
-                                </b>
-                                <b>
-                                    <a>9</a>
-                                    <b>10</b>
-                                    <v>9529</v>
-                                </b>
-                                <b>
-                                    <a>10</a>
-                                    <b>14</b>
-                                    <v>5445</v>
-                                </b>
-                                <b>
-                                    <a>15</a>
-                                    <b>16</b>
-                                    <v>2722</v>
-                                </b>
-                                <b>
-                                    <a>16</a>
-                                    <b>17</b>
-                                    <v>8168</v>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>18</a>
-                                    <b>20</b>
-                                    <v>4084</v>
+                                    <b>19</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>20</a>
-                                    <b>22</b>
-                                    <v>5445</v>
+                                    <a>33</a>
+                                    <b>34</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>168</a>
+                                    <b>169</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>169</a>
+                                    <b>170</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2204,23 +2270,18 @@
                             <bs>
                                 <b>
                                     <a>1</a>
-                                    <b>3</b>
-                                    <v>5445</v>
+                                    <b>2</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>8168</v>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>1723</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>6806</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>39478</v>
+                                    <v>287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2235,28 +2296,53 @@
                             <bs>
                                 <b>
                                     <a>1</a>
+                                    <b>2</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
                                     <b>3</b>
-                                    <v>5445</v>
+                                    <v>574</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>8168</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>25865</v>
+                                    <v>430</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>12252</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>6</a>
-                                    <b>7</b>
-                                    <v>8168</v>
+                                    <a>7</a>
+                                    <b>8</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>18</a>
+                                    <b>19</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>32</a>
+                                    <b>33</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>102</a>
+                                    <b>103</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>103</a>
+                                    <b>104</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2266,19 +2352,19 @@
         </relation>
         <relation>
             <name>compilation_compiler_times</name>
-            <cardinality>6806</cardinality>
+            <cardinality>7683</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>6806</v>
+                    <v>7683</v>
                 </e>
                 <e>
                     <k>cpu_seconds</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
                 <e>
                     <k>elapsed_seconds</k>
-                    <v>6806</v>
+                    <v>7683</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -2292,7 +2378,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2308,7 +2394,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2322,9 +2408,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>1361</v>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2338,9 +2424,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>1361</v>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2356,7 +2442,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2372,7 +2458,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2598,35 +2684,35 @@
         </relation>
         <relation>
             <name>diagnostics</name>
-            <cardinality>631661</cardinality>
+            <cardinality>61632</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>631661</v>
+                    <v>61632</v>
                 </e>
                 <e>
                     <k>generated_by</k>
-                    <v>1361</v>
+                    <v>143</v>
                 </e>
                 <e>
                     <k>severity</k>
-                    <v>1361</v>
+                    <v>143</v>
                 </e>
                 <e>
                     <k>error_tag</k>
-                    <v>1361</v>
+                    <v>143</v>
                 </e>
                 <e>
                     <k>error_message</k>
-                    <v>96655</v>
+                    <v>1580</v>
                 </e>
                 <e>
                     <k>full_error_message</k>
-                    <v>520031</v>
+                    <v>40944</v>
                 </e>
                 <e>
                     <k>location</k>
-                    <v>1361</v>
+                    <v>143</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -2640,7 +2726,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2656,7 +2742,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2672,7 +2758,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2688,7 +2774,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2704,7 +2790,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2720,7 +2806,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>631661</v>
+                                    <v>61632</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2734,9 +2820,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>464</a>
-                                    <b>465</b>
-                                    <v>1361</v>
+                                    <a>429</a>
+                                    <b>430</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2752,7 +2838,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2768,7 +2854,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2782,9 +2868,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>71</a>
-                                    <b>72</b>
-                                    <v>1361</v>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2798,9 +2884,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>382</a>
-                                    <b>383</b>
-                                    <v>1361</v>
+                                    <a>285</a>
+                                    <b>286</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2816,7 +2902,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2830,9 +2916,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>464</a>
-                                    <b>465</b>
-                                    <v>1361</v>
+                                    <a>429</a>
+                                    <b>430</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2848,7 +2934,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2864,7 +2950,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2878,9 +2964,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>71</a>
-                                    <b>72</b>
-                                    <v>1361</v>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2894,9 +2980,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>382</a>
-                                    <b>383</b>
-                                    <v>1361</v>
+                                    <a>285</a>
+                                    <b>286</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2912,7 +2998,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2926,9 +3012,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>464</a>
-                                    <b>465</b>
-                                    <v>1361</v>
+                                    <a>429</a>
+                                    <b>430</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2944,7 +3030,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2960,7 +3046,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2974,9 +3060,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>71</a>
-                                    <b>72</b>
-                                    <v>1361</v>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -2990,9 +3076,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>382</a>
-                                    <b>383</b>
-                                    <v>1361</v>
+                                    <a>285</a>
+                                    <b>286</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3008,7 +3094,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3024,62 +3110,47 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>19058</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5445</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>12252</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>5445</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>5445</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>8168</v>
-                                </b>
-                                <b>
-                                    <a>7</a>
-                                    <b>8</b>
-                                    <v>2722</v>
-                                </b>
-                                <b>
-                                    <a>8</a>
-                                    <b>9</b>
-                                    <v>9529</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>10</b>
-                                    <v>6806</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>11</b>
-                                    <v>8168</v>
+                                    <a>12</a>
+                                    <b>13</b>
+                                    <v>287</v>
                                 </b>
                                 <b>
-                                    <a>14</a>
-                                    <b>17</b>
-                                    <v>6806</v>
+                                    <a>24</a>
+                                    <b>25</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
-                                    <a>17</a>
-                                    <b>21</b>
-                                    <v>6806</v>
+                                    <a>28</a>
+                                    <b>29</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>166</a>
+                                    <b>167</b>
+                                    <v>287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3095,7 +3166,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96655</v>
+                                    <v>1580</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3111,7 +3182,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96655</v>
+                                    <v>1580</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3127,7 +3198,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96655</v>
+                                    <v>1580</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3143,57 +3214,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>21781</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5445</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>12252</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>5445</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>4084</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>8168</v>
-                                </b>
-                                <b>
-                                    <a>7</a>
-                                    <b>8</b>
-                                    <v>12252</v>
-                                </b>
-                                <b>
-                                    <a>8</a>
-                                    <b>9</b>
-                                    <v>6806</v>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>9</a>
-                                    <b>11</b>
-                                    <v>8168</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
-                                    <b>12</b>
-                                    <v>6806</v>
+                                    <b>10</b>
+                                    <v>143</v>
                                 </b>
                                 <b>
                                     <a>12</a>
-                                    <b>14</b>
-                                    <v>5445</v>
+                                    <b>13</b>
+                                    <v>287</v>
+                                </b>
+                                <b>
+                                    <a>22</a>
+                                    <b>23</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>24</a>
+                                    <b>25</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>28</a>
+                                    <b>29</b>
+                                    <v>143</v>
+                                </b>
+                                <b>
+                                    <a>166</a>
+                                    <b>167</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3209,7 +3275,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96655</v>
+                                    <v>1580</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3225,17 +3291,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>441074</v>
+                                    <v>38358</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>51730</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>5</b>
-                                    <v>27226</v>
+                                    <b>25</b>
+                                    <v>2585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3251,7 +3312,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>520031</v>
+                                    <v>40944</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3267,7 +3328,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>520031</v>
+                                    <v>40944</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3283,7 +3344,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>520031</v>
+                                    <v>40944</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3299,7 +3360,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>520031</v>
+                                    <v>40944</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3315,7 +3376,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>520031</v>
+                                    <v>40944</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3329,9 +3390,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>464</a>
-                                    <b>465</b>
-                                    <v>1361</v>
+                                    <a>429</a>
+                                    <b>430</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3347,7 +3408,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3363,7 +3424,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3379,7 +3440,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3393,9 +3454,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>71</a>
-                                    <b>72</b>
-                                    <v>1361</v>
+                                    <a>11</a>
+                                    <b>12</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3409,9 +3470,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>382</a>
-                                    <b>383</b>
-                                    <v>1361</v>
+                                    <a>285</a>
+                                    <b>286</b>
+                                    <v>143</v>
                                 </b>
                             </bs>
                         </hist>
@@ -3576,11 +3637,11 @@
         </relation>
         <relation>
             <name>sourceLocationPrefix</name>
-            <cardinality>1361</cardinality>
+            <cardinality>1920</cardinality>
             <columnsizes>
                 <e>
                     <k>prefix</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies/>
@@ -4867,31 +4928,31 @@
         </relation>
         <relation>
             <name>locations_default</name>
-            <cardinality>430051334</cardinality>
+            <cardinality>602747369</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>430051334</v>
+                    <v>602747369</v>
                 </e>
                 <e>
                     <k>file</k>
-                    <v>7997871</v>
+                    <v>9158642</v>
                 </e>
                 <e>
                     <k>beginLine</k>
-                    <v>2794830</v>
+                    <v>3943517</v>
                 </e>
                 <e>
                     <k>beginColumn</k>
-                    <v>175612</v>
+                    <v>247790</v>
                 </e>
                 <e>
                     <k>endLine</k>
-                    <v>2796191</v>
+                    <v>3945438</v>
                 </e>
                 <e>
                     <k>endColumn</k>
-                    <v>619409</v>
+                    <v>873989</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -4905,7 +4966,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>430051334</v>
+                                    <v>602747369</v>
                                 </b>
                             </bs>
                         </hist>
@@ -4921,7 +4982,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>430051334</v>
+                                    <v>602747369</v>
                                 </b>
                             </bs>
                         </hist>
@@ -4937,7 +4998,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>430051334</v>
+                                    <v>602747369</v>
                                 </b>
                             </bs>
                         </hist>
@@ -4953,7 +5014,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>430051334</v>
+                                    <v>602747369</v>
                                 </b>
                             </bs>
                         </hist>
@@ -4969,7 +5030,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>430051334</v>
+                                    <v>602747369</v>
                                 </b>
                             </bs>
                         </hist>
@@ -4985,17 +5046,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7159286</v>
+                                    <v>7986919</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>20</b>
-                                    <v>603073</v>
+                                    <b>11</b>
+                                    <v>714558</v>
                                 </b>
                                 <b>
-                                    <a>20</a>
+                                    <a>11</a>
                                     <b>3605</b>
-                                    <v>235511</v>
+                                    <v>457163</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5011,17 +5072,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7159286</v>
+                                    <v>7986919</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>15</b>
-                                    <v>600350</v>
+                                    <b>9</b>
+                                    <v>712637</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>9</a>
                                     <b>1830</b>
-                                    <v>238234</v>
+                                    <v>459084</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5037,17 +5098,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7159286</v>
+                                    <v>7986919</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>7</b>
-                                    <v>627577</v>
+                                    <b>5</b>
+                                    <v>776025</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
+                                    <a>5</a>
                                     <b>105</b>
-                                    <v>211007</v>
+                                    <v>395696</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5063,17 +5124,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7159286</v>
+                                    <v>7986919</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>18</b>
-                                    <v>600350</v>
+                                    <b>10</b>
+                                    <v>693429</v>
                                 </b>
                                 <b>
-                                    <a>18</a>
+                                    <a>10</a>
                                     <b>1834</b>
-                                    <v>238234</v>
+                                    <v>478293</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5089,17 +5150,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7159286</v>
+                                    <v>7986919</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>15</b>
-                                    <v>603073</v>
+                                    <b>9</b>
+                                    <v>695349</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>9</a>
                                     <b>205</b>
-                                    <v>235511</v>
+                                    <v>476372</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5115,67 +5176,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>14</b>
-                                    <v>221898</v>
+                                    <v>313099</v>
                                 </b>
                                 <b>
                                     <a>14</a>
                                     <b>125</b>
-                                    <v>215091</v>
+                                    <v>301574</v>
                                 </b>
                                 <b>
                                     <a>125</a>
                                     <b>142</b>
-                                    <v>215091</v>
+                                    <v>307336</v>
                                 </b>
                                 <b>
                                     <a>142</a>
                                     <b>152</b>
-                                    <v>223259</v>
+                                    <v>316941</v>
                                 </b>
                                 <b>
                                     <a>152</a>
                                     <b>159</b>
-                                    <v>249125</v>
+                                    <v>359200</v>
                                 </b>
                                 <b>
                                     <a>159</a>
-                                    <b>165</b>
-                                    <v>257293</v>
+                                    <b>164</b>
+                                    <v>272761</v>
                                 </b>
                                 <b>
-                                    <a>165</a>
-                                    <b>170</b>
-                                    <v>225982</v>
+                                    <a>164</a>
+                                    <b>169</b>
+                                    <v>343833</v>
                                 </b>
                                 <b>
-                                    <a>170</a>
-                                    <b>174</b>
-                                    <v>216453</v>
+                                    <a>169</a>
+                                    <b>173</b>
+                                    <v>299653</v>
                                 </b>
                                 <b>
-                                    <a>174</a>
-                                    <b>179</b>
-                                    <v>228705</v>
+                                    <a>173</a>
+                                    <b>178</b>
+                                    <v>332308</v>
                                 </b>
                                 <b>
-                                    <a>179</a>
-                                    <b>185</b>
-                                    <v>213730</v>
+                                    <a>178</a>
+                                    <b>184</b>
+                                    <v>347674</v>
                                 </b>
                                 <b>
-                                    <a>185</a>
-                                    <b>194</b>
-                                    <v>221898</v>
+                                    <a>184</a>
+                                    <b>193</b>
+                                    <v>316941</v>
                                 </b>
                                 <b>
-                                    <a>194</a>
-                                    <b>215</b>
-                                    <v>215091</v>
+                                    <a>193</a>
+                                    <b>211</b>
+                                    <v>297732</v>
                                 </b>
                                 <b>
-                                    <a>215</a>
-                                    <b>5876</b>
-                                    <v>91209</v>
+                                    <a>211</a>
+                                    <b>4769</b>
+                                    <v>134459</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5191,67 +5252,72 @@
                                 <b>
                                     <a>1</a>
                                     <b>7</b>
-                                    <v>228705</v>
+                                    <v>322703</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>65</b>
-                                    <v>212369</v>
+                                    <v>299653</v>
                                 </b>
                                 <b>
                                     <a>65</a>
                                     <b>73</b>
-                                    <v>216453</v>
+                                    <v>307336</v>
                                 </b>
                                 <b>
                                     <a>73</a>
                                     <b>78</b>
-                                    <v>206923</v>
+                                    <v>295811</v>
                                 </b>
                                 <b>
                                     <a>78</a>
                                     <b>81</b>
-                                    <v>190587</v>
+                                    <v>265078</v>
                                 </b>
                                 <b>
                                     <a>81</a>
                                     <b>84</b>
-                                    <v>249125</v>
+                                    <v>357279</v>
                                 </b>
                                 <b>
                                     <a>84</a>
                                     <b>86</b>
-                                    <v>215091</v>
+                                    <v>299653</v>
                                 </b>
                                 <b>
                                     <a>86</a>
-                                    <b>88</b>
-                                    <v>257293</v>
+                                    <b>87</b>
+                                    <v>188243</v>
                                 </b>
                                 <b>
-                                    <a>88</a>
-                                    <b>90</b>
-                                    <v>221898</v>
+                                    <a>87</a>
+                                    <b>89</b>
+                                    <v>357279</v>
                                 </b>
                                 <b>
-                                    <a>90</a>
-                                    <b>93</b>
-                                    <v>247763</v>
+                                    <a>89</a>
+                                    <b>91</b>
+                                    <v>259315</v>
                                 </b>
                                 <b>
-                                    <a>93</a>
-                                    <b>97</b>
-                                    <v>217814</v>
+                                    <a>91</a>
+                                    <b>94</b>
+                                    <v>324624</v>
                                 </b>
                                 <b>
-                                    <a>97</a>
-                                    <b>106</b>
-                                    <v>213730</v>
+                                    <a>94</a>
+                                    <b>99</b>
+                                    <v>328466</v>
                                 </b>
                                 <b>
-                                    <a>106</a>
-                                    <b>5876</b>
-                                    <v>117075</v>
+                                    <a>99</a>
+                                    <b>141</b>
+                                    <v>295811</v>
+                                </b>
+                                <b>
+                                    <a>141</a>
+                                    <b>4769</b>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5267,62 +5333,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>5</b>
-                                    <v>221898</v>
+                                    <v>313099</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>17</b>
-                                    <v>196032</v>
+                                    <v>280444</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>19</b>
-                                    <v>167444</v>
+                                    <v>251632</v>
                                 </b>
                                 <b>
                                     <a>19</a>
                                     <b>20</b>
-                                    <v>213730</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>268183</v>
+                                    <v>403379</v>
                                 </b>
                                 <b>
                                     <a>21</a>
                                     <b>22</b>
-                                    <v>283158</v>
+                                    <v>420667</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>23</b>
-                                    <v>329444</v>
+                                    <v>476372</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>24</b>
-                                    <v>303578</v>
+                                    <v>457163</v>
                                 </b>
                                 <b>
                                     <a>24</a>
                                     <b>25</b>
-                                    <v>235511</v>
+                                    <v>339991</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>26</b>
-                                    <v>170167</v>
+                                    <v>213215</v>
                                 </b>
                                 <b>
                                     <a>26</a>
-                                    <b>28</b>
-                                    <v>212369</v>
+                                    <b>29</b>
+                                    <v>361120</v>
                                 </b>
                                 <b>
-                                    <a>28</a>
-                                    <b>45</b>
-                                    <v>193310</v>
+                                    <a>29</a>
+                                    <b>40</b>
+                                    <v>117172</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5338,32 +5404,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>902568</v>
+                                    <v>1273527</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>894400</v>
+                                    <v>1265844</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>481914</v>
+                                    <v>674220</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>211007</v>
+                                    <v>299653</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>11</b>
-                                    <v>220537</v>
+                                    <v>307336</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>97</b>
-                                    <v>84403</v>
+                                    <v>122934</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5379,72 +5445,72 @@
                                 <b>
                                     <a>1</a>
                                     <b>13</b>
-                                    <v>219175</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>13</a>
                                     <b>60</b>
-                                    <v>209646</v>
+                                    <v>307336</v>
                                 </b>
                                 <b>
                                     <a>60</a>
                                     <b>64</b>
-                                    <v>223259</v>
+                                    <v>311178</v>
                                 </b>
                                 <b>
                                     <a>64</a>
                                     <b>66</b>
-                                    <v>209646</v>
+                                    <v>311178</v>
                                 </b>
                                 <b>
                                     <a>66</a>
                                     <b>68</b>
-                                    <v>258654</v>
+                                    <v>353437</v>
                                 </b>
                                 <b>
                                     <a>68</a>
                                     <b>69</b>
-                                    <v>130688</v>
+                                    <v>194006</v>
                                 </b>
                                 <b>
                                     <a>69</a>
                                     <b>70</b>
-                                    <v>155192</v>
+                                    <v>217056</v>
                                 </b>
                                 <b>
                                     <a>70</a>
-                                    <b>71</b>
-                                    <v>134772</v>
+                                    <b>72</b>
+                                    <v>359200</v>
                                 </b>
                                 <b>
-                                    <a>71</a>
-                                    <b>73</b>
-                                    <v>235511</v>
+                                    <a>72</a>
+                                    <b>74</b>
+                                    <v>322703</v>
                                 </b>
                                 <b>
-                                    <a>73</a>
-                                    <b>75</b>
-                                    <v>212369</v>
+                                    <a>74</a>
+                                    <b>76</b>
+                                    <v>245869</v>
                                 </b>
                                 <b>
-                                    <a>75</a>
-                                    <b>78</b>
-                                    <v>234150</v>
+                                    <a>76</a>
+                                    <b>79</b>
+                                    <v>330387</v>
                                 </b>
                                 <b>
-                                    <a>78</a>
-                                    <b>82</b>
-                                    <v>251847</v>
+                                    <a>79</a>
+                                    <b>83</b>
+                                    <v>295811</v>
                                 </b>
                                 <b>
-                                    <a>82</a>
-                                    <b>89</b>
-                                    <v>213730</v>
+                                    <a>83</a>
+                                    <b>91</b>
+                                    <v>316941</v>
                                 </b>
                                 <b>
-                                    <a>89</a>
-                                    <b>104</b>
-                                    <v>106184</v>
+                                    <a>91</a>
+                                    <b>103</b>
+                                    <v>69150</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5460,67 +5526,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>11</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>15</a>
-                                    <b>34</b>
-                                    <v>14974</v>
+                                    <b>24</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>36</a>
-                                    <b>58</b>
-                                    <v>13613</v>
+                                    <a>28</a>
+                                    <b>57</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>63</a>
-                                    <b>88</b>
-                                    <v>13613</v>
+                                    <a>57</a>
+                                    <b>79</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>89</a>
-                                    <b>132</b>
-                                    <v>13613</v>
+                                    <a>87</a>
+                                    <b>119</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>141</a>
-                                    <b>196</b>
-                                    <v>14974</v>
+                                    <a>130</a>
+                                    <b>177</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>210</a>
-                                    <b>285</b>
-                                    <v>13613</v>
+                                    <a>195</a>
+                                    <b>269</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>316</a>
-                                    <b>468</b>
-                                    <v>13613</v>
+                                    <a>270</a>
+                                    <b>436</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>496</a>
-                                    <b>853</b>
-                                    <v>13613</v>
+                                    <a>443</a>
+                                    <b>835</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>899</a>
-                                    <b>1420</b>
-                                    <v>13613</v>
+                                    <a>844</a>
+                                    <b>1367</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>1472</a>
-                                    <b>2256</b>
-                                    <v>13613</v>
+                                    <a>1419</a>
+                                    <b>2155</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>2300</a>
-                                    <b>2526</b>
-                                    <v>13613</v>
+                                    <a>2252</a>
+                                    <b>2517</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>2589</a>
-                                    <b>226687</b>
-                                    <v>8168</v>
+                                    <a>2521</a>
+                                    <b>226452</b>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5536,72 +5602,72 @@
                                 <b>
                                     <a>1</a>
                                     <b>9</b>
-                                    <v>9529</v>
+                                    <v>17287</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>11</b>
-                                    <v>13613</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>12</a>
-                                    <b>16</b>
-                                    <v>8168</v>
+                                    <a>11</a>
+                                    <b>15</b>
+                                    <v>15366</v>
                                 </b>
                                 <b>
-                                    <a>16</a>
+                                    <a>15</a>
                                     <b>19</b>
-                                    <v>13613</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>31</b>
-                                    <v>13613</v>
+                                    <a>23</a>
+                                    <b>68</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>35</a>
-                                    <b>73</b>
-                                    <v>13613</v>
+                                    <a>69</a>
+                                    <b>78</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>73</a>
-                                    <b>83</b>
-                                    <v>13613</v>
+                                    <a>79</a>
+                                    <b>100</b>
+                                    <v>13445</v>
                                 </b>
                                 <b>
-                                    <a>85</a>
+                                    <a>100</a>
                                     <b>104</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>104</a>
-                                    <b>110</b>
-                                    <v>10890</v>
+                                    <b>109</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>110</a>
-                                    <b>114</b>
-                                    <v>14974</v>
+                                    <a>109</a>
+                                    <b>112</b>
+                                    <v>13445</v>
+                                </b>
+                                <b>
+                                    <a>112</a>
+                                    <b>115</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>115</a>
-                                    <b>119</b>
-                                    <v>13613</v>
+                                    <b>117</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>119</a>
-                                    <b>121</b>
-                                    <v>12252</v>
+                                    <a>117</a>
+                                    <b>123</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>121</a>
-                                    <b>126</b>
-                                    <v>13613</v>
-                                </b>
-                                <b>
-                                    <a>126</a>
-                                    <b>5876</b>
-                                    <v>9529</v>
+                                    <a>145</a>
+                                    <b>4769</b>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5617,67 +5683,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>10</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>10</a>
-                                    <b>29</b>
-                                    <v>13613</v>
+                                    <b>22</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>29</a>
-                                    <b>43</b>
-                                    <v>13613</v>
+                                    <a>23</a>
+                                    <b>39</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>45</a>
+                                    <a>41</a>
                                     <b>58</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>58</a>
-                                    <b>85</b>
-                                    <v>13613</v>
+                                    <b>84</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>86</a>
+                                    <a>84</a>
                                     <b>106</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>108</a>
-                                    <b>167</b>
-                                    <v>13613</v>
+                                    <b>166</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>171</a>
-                                    <b>227</b>
-                                    <v>13613</v>
+                                    <a>167</a>
+                                    <b>225</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>231</a>
-                                    <b>379</b>
-                                    <v>13613</v>
+                                    <a>230</a>
+                                    <b>376</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>383</a>
-                                    <b>650</b>
-                                    <v>13613</v>
+                                    <a>381</a>
+                                    <b>647</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>651</a>
-                                    <b>891</b>
-                                    <v>13613</v>
+                                    <a>657</a>
+                                    <b>941</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>940</a>
-                                    <b>1086</b>
-                                    <v>13613</v>
+                                    <a>941</a>
+                                    <b>1090</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>1093</a>
+                                    <a>1102</a>
                                     <b>2051</b>
-                                    <v>10890</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5693,67 +5759,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>10</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>10</a>
-                                    <b>30</b>
-                                    <v>13613</v>
+                                    <b>22</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>30</a>
-                                    <b>43</b>
-                                    <v>13613</v>
+                                    <a>23</a>
+                                    <b>39</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>46</a>
+                                    <a>41</a>
                                     <b>59</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>60</a>
-                                    <b>87</b>
-                                    <v>13613</v>
+                                    <a>59</a>
+                                    <b>86</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>87</a>
+                                    <a>86</a>
                                     <b>109</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>115</a>
-                                    <b>173</b>
-                                    <v>13613</v>
+                                    <a>114</a>
+                                    <b>168</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>174</a>
-                                    <b>226</b>
-                                    <v>13613</v>
+                                    <a>170</a>
+                                    <b>224</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>230</a>
-                                    <b>380</b>
-                                    <v>13613</v>
+                                    <a>229</a>
+                                    <b>379</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>383</a>
-                                    <b>650</b>
-                                    <v>13613</v>
+                                    <a>382</a>
+                                    <b>647</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>653</a>
-                                    <b>892</b>
-                                    <v>13613</v>
+                                    <a>658</a>
+                                    <b>941</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>940</a>
-                                    <b>1084</b>
-                                    <v>13613</v>
+                                    <a>941</a>
+                                    <b>1089</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>1092</a>
+                                    <a>1102</a>
                                     <b>2051</b>
-                                    <v>10890</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5769,72 +5835,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>8</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>8</a>
-                                    <b>17</b>
-                                    <v>13613</v>
+                                    <b>16</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>18</a>
-                                    <b>25</b>
-                                    <v>10890</v>
+                                    <a>16</a>
+                                    <b>23</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>25</a>
-                                    <b>30</b>
-                                    <v>13613</v>
+                                    <a>24</a>
+                                    <b>31</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>30</a>
-                                    <b>36</b>
-                                    <v>13613</v>
+                                    <a>32</a>
+                                    <b>37</b>
+                                    <v>21129</v>
                                 </b>
                                 <b>
-                                    <a>36</a>
-                                    <b>44</b>
-                                    <v>13613</v>
+                                    <a>37</a>
+                                    <b>50</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>45</a>
-                                    <b>56</b>
-                                    <v>12252</v>
+                                    <a>50</a>
+                                    <b>60</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>57</a>
-                                    <b>64</b>
-                                    <v>13613</v>
+                                    <a>60</a>
+                                    <b>68</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>64</a>
-                                    <b>73</b>
-                                    <v>13613</v>
+                                    <a>68</a>
+                                    <b>80</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>73</a>
-                                    <b>86</b>
-                                    <v>13613</v>
+                                    <a>81</a>
+                                    <b>101</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>86</a>
-                                    <b>106</b>
-                                    <v>13613</v>
+                                    <a>101</a>
+                                    <b>121</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>107</a>
-                                    <b>129</b>
-                                    <v>13613</v>
+                                    <a>126</a>
+                                    <b>158</b>
+                                    <v>19208</v>
                                 </b>
                                 <b>
-                                    <a>129</a>
-                                    <b>197</b>
-                                    <v>13613</v>
-                                </b>
-                                <b>
-                                    <a>392</a>
+                                    <a>159</a>
                                     <b>393</b>
-                                    <v>1361</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5850,67 +5911,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>14</b>
-                                    <v>220537</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>14</a>
                                     <b>124</b>
-                                    <v>215091</v>
+                                    <v>305416</v>
                                 </b>
                                 <b>
                                     <a>124</a>
                                     <b>143</b>
-                                    <v>217814</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>143</a>
                                     <b>152</b>
-                                    <v>235511</v>
+                                    <v>334228</v>
                                 </b>
                                 <b>
                                     <a>152</a>
                                     <b>159</b>
-                                    <v>223259</v>
+                                    <v>322703</v>
                                 </b>
                                 <b>
                                     <a>159</a>
-                                    <b>165</b>
-                                    <v>257293</v>
+                                    <b>164</b>
+                                    <v>299653</v>
                                 </b>
                                 <b>
-                                    <a>165</a>
-                                    <b>170</b>
-                                    <v>239595</v>
+                                    <a>164</a>
+                                    <b>169</b>
+                                    <v>341912</v>
                                 </b>
                                 <b>
-                                    <a>170</a>
-                                    <b>174</b>
-                                    <v>221898</v>
+                                    <a>169</a>
+                                    <b>173</b>
+                                    <v>309257</v>
                                 </b>
                                 <b>
-                                    <a>174</a>
-                                    <b>179</b>
-                                    <v>221898</v>
+                                    <a>173</a>
+                                    <b>178</b>
+                                    <v>338070</v>
                                 </b>
                                 <b>
-                                    <a>179</a>
-                                    <b>185</b>
-                                    <v>211007</v>
+                                    <a>178</a>
+                                    <b>184</b>
+                                    <v>305416</v>
                                 </b>
                                 <b>
-                                    <a>185</a>
-                                    <b>194</b>
-                                    <v>216453</v>
+                                    <a>184</a>
+                                    <b>193</b>
+                                    <v>315020</v>
                                 </b>
                                 <b>
-                                    <a>194</a>
-                                    <b>217</b>
-                                    <v>212369</v>
+                                    <a>193</a>
+                                    <b>212</b>
+                                    <v>301574</v>
                                 </b>
                                 <b>
-                                    <a>217</a>
-                                    <b>5876</b>
-                                    <v>103461</v>
+                                    <a>212</a>
+                                    <b>4769</b>
+                                    <v>153668</v>
                                 </b>
                             </bs>
                         </hist>
@@ -5926,67 +5987,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>7</b>
-                                    <v>231427</v>
+                                    <v>324624</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>66</b>
-                                    <v>224621</v>
+                                    <v>318862</v>
                                 </b>
                                 <b>
                                     <a>66</a>
                                     <b>74</b>
-                                    <v>227343</v>
+                                    <v>320782</v>
                                 </b>
                                 <b>
                                     <a>74</a>
                                     <b>80</b>
-                                    <v>250486</v>
+                                    <v>355358</v>
                                 </b>
                                 <b>
                                     <a>80</a>
                                     <b>83</b>
-                                    <v>240957</v>
+                                    <v>339991</v>
                                 </b>
                                 <b>
                                     <a>83</a>
                                     <b>85</b>
-                                    <v>185142</v>
+                                    <v>268919</v>
                                 </b>
                                 <b>
                                     <a>85</a>
                                     <b>87</b>
-                                    <v>246402</v>
+                                    <v>343833</v>
                                 </b>
                                 <b>
                                     <a>87</a>
                                     <b>89</b>
-                                    <v>246402</v>
+                                    <v>355358</v>
                                 </b>
                                 <b>
                                     <a>89</a>
                                     <b>91</b>
-                                    <v>187864</v>
+                                    <v>266999</v>
                                 </b>
                                 <b>
                                     <a>91</a>
                                     <b>94</b>
-                                    <v>247763</v>
+                                    <v>345754</v>
                                 </b>
                                 <b>
                                     <a>94</a>
                                     <b>99</b>
-                                    <v>225982</v>
+                                    <v>324624</v>
                                 </b>
                                 <b>
                                     <a>99</a>
-                                    <b>127</b>
-                                    <v>212369</v>
+                                    <b>130</b>
+                                    <v>301574</v>
                                 </b>
                                 <b>
-                                    <a>127</a>
-                                    <b>5876</b>
-                                    <v>69428</v>
+                                    <a>131</a>
+                                    <b>4769</b>
+                                    <v>78755</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6002,32 +6063,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>709258</v>
+                                    <v>1000766</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>986971</v>
+                                    <v>1392620</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>642552</v>
+                                    <v>908564</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>236873</v>
+                                    <v>336149</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>18</b>
-                                    <v>212369</v>
+                                    <b>19</b>
+                                    <v>299653</v>
                                 </b>
                                 <b>
-                                    <a>18</a>
+                                    <a>19</a>
                                     <b>22</b>
-                                    <v>8168</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6043,62 +6104,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>5</b>
-                                    <v>219175</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>17</b>
-                                    <v>198755</v>
+                                    <v>284286</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>19</b>
-                                    <v>163360</v>
+                                    <v>232423</v>
                                 </b>
                                 <b>
                                     <a>19</a>
                                     <b>20</b>
-                                    <v>191948</v>
+                                    <v>280444</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>280436</v>
+                                    <v>420667</v>
                                 </b>
                                 <b>
                                     <a>21</a>
                                     <b>22</b>
-                                    <v>272267</v>
+                                    <v>407221</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>23</b>
-                                    <v>329444</v>
+                                    <v>482134</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>24</b>
-                                    <v>306301</v>
+                                    <v>437955</v>
                                 </b>
                                 <b>
                                     <a>24</a>
                                     <b>25</b>
-                                    <v>224621</v>
+                                    <v>334228</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>26</b>
-                                    <v>183780</v>
+                                    <v>259315</v>
                                 </b>
                                 <b>
                                     <a>26</a>
-                                    <b>28</b>
-                                    <v>223259</v>
+                                    <b>29</b>
+                                    <v>363041</v>
                                 </b>
                                 <b>
-                                    <a>28</a>
-                                    <b>44</b>
-                                    <v>202839</v>
+                                    <a>29</a>
+                                    <b>39</b>
+                                    <v>134459</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6114,72 +6175,72 @@
                                 <b>
                                     <a>1</a>
                                     <b>13</b>
-                                    <v>221898</v>
+                                    <v>313099</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>61</b>
-                                    <v>250486</v>
+                                    <b>60</b>
+                                    <v>305416</v>
                                 </b>
                                 <b>
-                                    <a>61</a>
+                                    <a>60</a>
                                     <b>64</b>
-                                    <v>172890</v>
+                                    <v>305416</v>
                                 </b>
                                 <b>
                                     <a>64</a>
                                     <b>66</b>
-                                    <v>217814</v>
+                                    <v>303495</v>
                                 </b>
                                 <b>
                                     <a>66</a>
                                     <b>68</b>
-                                    <v>250486</v>
+                                    <v>357279</v>
                                 </b>
                                 <b>
                                     <a>68</a>
                                     <b>69</b>
-                                    <v>137495</v>
+                                    <v>197848</v>
                                 </b>
                                 <b>
                                     <a>69</a>
                                     <b>70</b>
-                                    <v>137495</v>
+                                    <v>201689</v>
                                 </b>
                                 <b>
                                     <a>70</a>
                                     <b>71</b>
-                                    <v>157915</v>
+                                    <v>218977</v>
                                 </b>
                                 <b>
                                     <a>71</a>
                                     <b>73</b>
-                                    <v>231427</v>
+                                    <v>326545</v>
                                 </b>
                                 <b>
                                     <a>73</a>
                                     <b>75</b>
-                                    <v>191948</v>
+                                    <v>263157</v>
                                 </b>
                                 <b>
                                     <a>75</a>
                                     <b>77</b>
-                                    <v>183780</v>
+                                    <v>257394</v>
                                 </b>
                                 <b>
                                     <a>77</a>
                                     <b>80</b>
-                                    <v>211007</v>
+                                    <v>299653</v>
                                 </b>
                                 <b>
                                     <a>80</a>
                                     <b>85</b>
-                                    <v>227343</v>
+                                    <v>318862</v>
                                 </b>
                                 <b>
                                     <a>85</a>
                                     <b>119</b>
-                                    <v>204200</v>
+                                    <v>276603</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6195,57 +6256,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>145663</v>
+                                    <v>205531</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>63982</v>
+                                    <v>90280</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>13</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>13</a>
                                     <b>53</b>
-                                    <v>47646</v>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>53</a>
-                                    <b>146</b>
-                                    <v>47646</v>
+                                    <b>138</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>146</a>
-                                    <b>351</b>
-                                    <v>47646</v>
+                                    <a>142</a>
+                                    <b>346</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>357</a>
-                                    <b>997</b>
-                                    <v>47646</v>
+                                    <b>967</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>1053</a>
-                                    <b>2396</b>
-                                    <v>47646</v>
+                                    <a>1050</a>
+                                    <b>2386</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>2407</a>
-                                    <b>4957</b>
-                                    <v>47646</v>
+                                    <a>2392</a>
+                                    <b>4902</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>5022</a>
-                                    <b>5934</b>
-                                    <v>23142</v>
+                                    <a>4949</a>
+                                    <b>5933</b>
+                                    <v>32654</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6261,57 +6322,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>151108</v>
+                                    <v>213215</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>53092</v>
+                                    <v>74913</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>13</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>13</a>
                                     <b>42</b>
-                                    <v>47646</v>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>42</a>
                                     <b>77</b>
-                                    <v>47646</v>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>77</a>
-                                    <b>103</b>
-                                    <v>51730</v>
+                                    <b>102</b>
+                                    <v>69150</v>
                                 </b>
                                 <b>
-                                    <a>103</a>
-                                    <b>116</b>
-                                    <v>47646</v>
+                                    <a>102</a>
+                                    <b>114</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>116</a>
-                                    <b>144</b>
-                                    <v>49008</v>
+                                    <a>114</a>
+                                    <b>139</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>144</a>
-                                    <b>181</b>
-                                    <v>47646</v>
+                                    <a>139</a>
+                                    <b>169</b>
+                                    <v>69150</v>
                                 </b>
                                 <b>
-                                    <a>181</a>
-                                    <b>5876</b>
-                                    <v>12252</v>
+                                    <a>173</a>
+                                    <b>4769</b>
+                                    <v>21129</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6327,57 +6388,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>153831</v>
+                                    <v>217056</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>62621</v>
+                                    <v>88359</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>13</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>52</b>
-                                    <v>49008</v>
+                                    <b>50</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>52</a>
-                                    <b>115</b>
-                                    <v>47646</v>
+                                    <a>50</a>
+                                    <b>113</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>123</a>
-                                    <b>271</b>
-                                    <v>47646</v>
+                                    <a>114</a>
+                                    <b>266</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>272</a>
-                                    <b>658</b>
-                                    <v>47646</v>
+                                    <a>269</a>
+                                    <b>636</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>669</a>
-                                    <b>1200</b>
-                                    <v>47646</v>
+                                    <a>648</a>
+                                    <b>1197</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>1219</a>
+                                    <a>1198</a>
                                     <b>1635</b>
-                                    <v>47646</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>1639</a>
                                     <b>1722</b>
-                                    <v>17697</v>
+                                    <v>24971</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6393,47 +6454,47 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>194671</v>
+                                    <v>274682</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>74873</v>
+                                    <v>105647</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>54453</v>
+                                    <v>76834</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>14</b>
-                                    <v>54453</v>
+                                    <v>76834</v>
                                 </b>
                                 <b>
                                     <a>14</a>
-                                    <b>26</b>
-                                    <v>47646</v>
+                                    <b>25</b>
+                                    <v>74913</v>
                                 </b>
                                 <b>
-                                    <a>26</a>
+                                    <a>25</a>
                                     <b>36</b>
-                                    <v>49008</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>36</a>
                                     <b>47</b>
-                                    <v>49008</v>
+                                    <v>67229</v>
                                 </b>
                                 <b>
                                     <a>47</a>
-                                    <b>55</b>
-                                    <v>47646</v>
+                                    <b>54</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>55</a>
-                                    <b>68</b>
-                                    <v>47646</v>
+                                    <a>54</a>
+                                    <b>65</b>
+                                    <v>59546</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6449,57 +6510,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>153831</v>
+                                    <v>217056</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>13</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>53</b>
-                                    <v>50369</v>
+                                    <b>51</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>53</a>
-                                    <b>115</b>
-                                    <v>47646</v>
+                                    <a>51</a>
+                                    <b>112</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>123</a>
-                                    <b>271</b>
-                                    <v>47646</v>
+                                    <a>112</a>
+                                    <b>262</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>280</a>
-                                    <b>656</b>
-                                    <v>47646</v>
+                                    <a>262</a>
+                                    <b>630</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>669</a>
-                                    <b>1200</b>
-                                    <v>47646</v>
+                                    <a>637</a>
+                                    <b>1186</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>1217</a>
-                                    <b>1638</b>
-                                    <v>47646</v>
+                                    <a>1197</a>
+                                    <b>1625</b>
+                                    <v>67229</v>
                                 </b>
                                 <b>
-                                    <a>1640</a>
+                                    <a>1632</a>
                                     <b>1722</b>
-                                    <v>17697</v>
+                                    <v>28812</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6509,15 +6570,15 @@
         </relation>
         <relation>
             <name>hasLocation</name>
-            <cardinality>316413492</cardinality>
+            <cardinality>340930835</cardinality>
             <columnsizes>
                 <e>
                     <k>locatableid</k>
-                    <v>316270551</v>
+                    <v>340658074</v>
                 </e>
                 <e>
                     <k>id</k>
-                    <v>11518296</v>
+                    <v>12195515</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -6531,12 +6592,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>316127611</v>
+                                    <v>340385312</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>142940</v>
+                                    <v>272761</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6552,62 +6613,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2084211</v>
+                                    <v>2091812</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>996500</v>
+                                    <v>1333074</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>716064</v>
+                                    <v>772184</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>984248</v>
+                                    <v>1085283</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>7</b>
-                                    <v>771879</v>
+                                    <b>8</b>
+                                    <v>1062233</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>9</b>
-                                    <v>1014198</v>
+                                    <a>8</a>
+                                    <b>11</b>
+                                    <v>1100650</v>
                                 </b>
                                 <b>
-                                    <a>9</a>
-                                    <b>12</b>
-                                    <v>848114</v>
+                                    <a>11</a>
+                                    <b>15</b>
+                                    <v>1048787</v>
                                 </b>
                                 <b>
-                                    <a>12</a>
-                                    <b>16</b>
-                                    <v>928433</v>
+                                    <a>15</a>
+                                    <b>21</b>
+                                    <v>964269</v>
                                 </b>
                                 <b>
-                                    <a>16</a>
-                                    <b>23</b>
-                                    <v>868534</v>
+                                    <a>21</a>
+                                    <b>32</b>
+                                    <v>916248</v>
                                 </b>
                                 <b>
-                                    <a>23</a>
-                                    <b>39</b>
-                                    <v>894400</v>
+                                    <a>32</a>
+                                    <b>64</b>
+                                    <v>920090</v>
                                 </b>
                                 <b>
-                                    <a>39</a>
-                                    <b>89</b>
-                                    <v>873980</v>
-                                </b>
-                                <b>
-                                    <a>89</a>
-                                    <b>9992</b>
-                                    <v>537729</v>
+                                    <a>64</a>
+                                    <b>9549</b>
+                                    <v>900881</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6617,23 +6673,23 @@
         </relation>
         <relation>
             <name>numlines</name>
-            <cardinality>214506316</cardinality>
+            <cardinality>303305105</cardinality>
             <columnsizes>
                 <e>
                     <k>element_id</k>
-                    <v>214506316</v>
+                    <v>303305105</v>
                 </e>
                 <e>
                     <k>num_lines</k>
-                    <v>431544</v>
+                    <v>618515</v>
                 </e>
                 <e>
                     <k>num_code</k>
-                    <v>432906</v>
+                    <v>612753</v>
                 </e>
                 <e>
                     <k>num_comment</k>
-                    <v>1342281</v>
+                    <v>1893964</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -6647,7 +6703,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>214506316</v>
+                                    <v>303305105</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6663,7 +6719,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>214506316</v>
+                                    <v>303305105</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6679,7 +6735,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>214506316</v>
+                                    <v>303305105</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6695,37 +6751,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>231427</v>
+                                    <v>320782</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>53092</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>44924</v>
+                                    <v>61467</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>34033</v>
+                                    <v>49942</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>14</b>
-                                    <v>32672</v>
+                                    <v>48021</v>
                                 </b>
                                 <b>
                                     <a>15</a>
-                                    <b>839</b>
-                                    <v>32672</v>
+                                    <b>194</b>
+                                    <v>48021</v>
                                 </b>
                                 <b>
-                                    <a>3519</a>
-                                    <b>149603</b>
-                                    <v>2722</v>
+                                    <a>320</a>
+                                    <b>149659</b>
+                                    <v>11525</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6741,12 +6797,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>422015</v>
+                                    <v>509026</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>9529</v>
+                                    <v>69150</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>6</b>
+                                    <v>40337</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6762,27 +6823,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>273629</v>
+                                    <v>380329</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>34033</v>
+                                    <v>53783</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>987</b>
-                                    <v>17697</v>
+                                    <v>34575</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6798,37 +6859,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>231427</v>
+                                    <v>316941</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>53092</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>44924</v>
+                                    <v>61467</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>34033</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>14</b>
-                                    <v>32672</v>
+                                    <b>15</b>
+                                    <v>46100</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
-                                    <b>468</b>
-                                    <v>32672</v>
+                                    <a>16</a>
+                                    <b>214</b>
+                                    <v>46100</v>
                                 </b>
                                 <b>
-                                    <a>495</a>
+                                    <a>325</a>
                                     <b>78746</b>
-                                    <v>4084</v>
+                                    <v>11525</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6844,12 +6905,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>431544</v>
+                                    <v>516710</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>51863</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
                                     <b>8</b>
-                                    <v>1361</v>
+                                    <v>44179</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6865,27 +6931,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>273629</v>
+                                    <v>370725</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>69428</v>
+                                    <v>101805</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>36756</v>
+                                    <v>53783</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>34033</v>
+                                    <v>46100</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>987</b>
-                                    <v>19058</v>
+                                    <v>40337</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6901,77 +6967,77 @@
                                 <b>
                                     <a>1</a>
                                     <b>7</b>
-                                    <v>108907</v>
+                                    <v>153668</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>49</b>
-                                    <v>100739</v>
+                                    <v>142143</v>
                                 </b>
                                 <b>
                                     <a>49</a>
                                     <b>71</b>
-                                    <v>104823</v>
+                                    <v>147905</v>
                                 </b>
                                 <b>
                                     <a>71</a>
                                     <b>78</b>
-                                    <v>107545</v>
+                                    <v>151747</v>
                                 </b>
                                 <b>
                                     <a>78</a>
                                     <b>83</b>
-                                    <v>103461</v>
+                                    <v>145985</v>
                                 </b>
                                 <b>
                                     <a>83</a>
                                     <b>87</b>
-                                    <v>115713</v>
+                                    <v>163272</v>
                                 </b>
                                 <b>
                                     <a>87</a>
                                     <b>89</b>
-                                    <v>99377</v>
+                                    <v>140222</v>
                                 </b>
                                 <b>
                                     <a>89</a>
                                     <b>91</b>
-                                    <v>95293</v>
+                                    <v>134459</v>
                                 </b>
                                 <b>
                                     <a>91</a>
                                     <b>92</b>
-                                    <v>57176</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>92</a>
                                     <b>93</b>
-                                    <v>68066</v>
+                                    <v>96042</v>
                                 </b>
                                 <b>
                                     <a>93</a>
                                     <b>94</b>
-                                    <v>74873</v>
+                                    <v>105647</v>
                                 </b>
                                 <b>
                                     <a>94</a>
                                     <b>95</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>97</b>
-                                    <v>108907</v>
+                                    <v>151747</v>
                                 </b>
                                 <b>
                                     <a>97</a>
                                     <b>119</b>
-                                    <v>100739</v>
+                                    <v>144064</v>
                                 </b>
                                 <b>
-                                    <a>119</a>
-                                    <b>75115</b>
-                                    <v>27226</v>
+                                    <a>120</a>
+                                    <b>75134</b>
+                                    <v>38417</v>
                                 </b>
                             </bs>
                         </hist>
@@ -6987,22 +7053,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1101323</v>
+                                    <v>1550130</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>114352</v>
+                                    <v>165193</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>6</b>
-                                    <v>102100</v>
+                                    <b>7</b>
+                                    <v>145985</v>
                                 </b>
                                 <b>
-                                    <a>6</a>
+                                    <a>7</a>
                                     <b>120</b>
-                                    <v>24504</v>
+                                    <v>32654</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7018,22 +7084,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1101323</v>
+                                    <v>1550130</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>114352</v>
+                                    <v>165193</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>6</b>
-                                    <v>100739</v>
+                                    <b>7</b>
+                                    <v>145985</v>
                                 </b>
                                 <b>
-                                    <a>6</a>
-                                    <b>121</b>
-                                    <v>25865</v>
+                                    <a>7</a>
+                                    <b>122</b>
+                                    <v>32654</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7043,15 +7109,15 @@
         </relation>
         <relation>
             <name>files</name>
-            <cardinality>7997871</cardinality>
+            <cardinality>9158642</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7997871</v>
+                    <v>9158642</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>7997871</v>
+                    <v>9158642</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -7065,7 +7131,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7997871</v>
+                                    <v>9158642</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7081,7 +7147,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7997871</v>
+                                    <v>9158642</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7091,15 +7157,15 @@
         </relation>
         <relation>
             <name>folders</name>
-            <cardinality>1275575</cardinality>
+            <cardinality>1415670</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>1275575</v>
+                    <v>1415670</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>1275575</v>
+                    <v>1415670</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -7113,7 +7179,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1275575</v>
+                                    <v>1415670</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7129,7 +7195,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1275575</v>
+                                    <v>1415670</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7139,15 +7205,15 @@
         </relation>
         <relation>
             <name>containerparent</name>
-            <cardinality>9270724</cardinality>
+            <cardinality>10570471</cardinality>
             <columnsizes>
                 <e>
                     <k>parent</k>
-                    <v>1316415</v>
+                    <v>1463692</v>
                 </e>
                 <e>
                     <k>child</k>
-                    <v>9270724</v>
+                    <v>10570471</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -7161,37 +7227,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>710619</v>
+                                    <v>843255</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>140218</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>4</b>
-                                    <v>78957</v>
+                                    <b>5</b>
+                                    <v>128697</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
-                                    <b>7</b>
-                                    <v>112991</v>
+                                    <a>5</a>
+                                    <b>11</b>
+                                    <v>124855</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>14</b>
-                                    <v>111629</v>
+                                    <a>11</a>
+                                    <b>21</b>
+                                    <v>113330</v>
                                 </b>
                                 <b>
-                                    <a>14</a>
-                                    <b>29</b>
-                                    <v>102100</v>
-                                </b>
-                                <b>
-                                    <a>29</a>
+                                    <a>21</a>
                                     <b>194</b>
-                                    <v>59898</v>
+                                    <v>103726</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7207,7 +7268,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9270724</v>
+                                    <v>10570471</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7217,15 +7278,15 @@
         </relation>
         <relation>
             <name>cupackage</name>
-            <cardinality>7140227</cardinality>
+            <cardinality>7979236</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7140227</v>
+                    <v>7979236</v>
                 </e>
                 <e>
                     <k>packageid</k>
-                    <v>609880</v>
+                    <v>576256</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -7239,7 +7300,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7140227</v>
+                                    <v>7979236</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7255,52 +7316,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>148386</v>
+                                    <v>121013</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>80319</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>55814</v>
+                                    <v>42258</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>5</b>
-                                    <v>42201</v>
+                                    <b>6</b>
+                                    <v>49942</v>
                                 </b>
                                 <b>
-                                    <a>5</a>
-                                    <b>7</b>
-                                    <v>46285</v>
+                                    <a>6</a>
+                                    <b>9</b>
+                                    <v>49942</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>10</b>
-                                    <v>50369</v>
+                                    <a>9</a>
+                                    <b>12</b>
+                                    <v>51863</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>15</b>
-                                    <v>50369</v>
+                                    <a>12</a>
+                                    <b>17</b>
+                                    <v>48021</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
-                                    <b>21</b>
-                                    <v>49008</v>
+                                    <a>17</a>
+                                    <b>23</b>
+                                    <v>46100</v>
                                 </b>
                                 <b>
-                                    <a>21</a>
-                                    <b>36</b>
-                                    <v>47646</v>
+                                    <a>24</a>
+                                    <b>43</b>
+                                    <v>44179</v>
                                 </b>
                                 <b>
-                                    <a>39</a>
+                                    <a>43</a>
                                     <b>187</b>
-                                    <v>39478</v>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7310,19 +7371,19 @@
         </relation>
         <relation>
             <name>jarManifestMain</name>
-            <cardinality>172733</cardinality>
+            <cardinality>172742</cardinality>
             <columnsizes>
                 <e>
                     <k>fileid</k>
-                    <v>13274</v>
+                    <v>13275</v>
                 </e>
                 <e>
                     <k>keyName</k>
-                    <v>12610</v>
+                    <v>12611</v>
                 </e>
                 <e>
                     <k>value</k>
-                    <v>89768</v>
+                    <v>89772</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -7407,7 +7468,7 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>2488</v>
+                                    <v>2489</v>
                                 </b>
                                 <b>
                                     <a>6</a>
@@ -7473,7 +7534,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5143</v>
+                                    <v>5144</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -7580,7 +7641,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>75996</v>
+                                    <v>75999</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -7611,7 +7672,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>75664</v>
+                                    <v>75668</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -7621,7 +7682,7 @@
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>5309</v>
+                                    <v>5310</v>
                                 </b>
                             </bs>
                         </hist>
@@ -7844,7 +7905,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>30112</v>
+                                    <v>30113</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -7886,7 +7947,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>30124</v>
+                                    <v>30125</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -8005,7 +8066,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>30161</v>
+                                    <v>30162</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -8026,7 +8087,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>30161</v>
+                                    <v>30162</v>
                                 </b>
                                 <b>
                                     <a>11</a>
@@ -8062,15 +8123,15 @@
         </relation>
         <relation>
             <name>packages</name>
-            <cardinality>611241</cardinality>
+            <cardinality>580098</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>611241</v>
+                    <v>580098</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>611241</v>
+                    <v>580098</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8084,7 +8145,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>611241</v>
+                                    <v>580098</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8100,7 +8161,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>611241</v>
+                                    <v>580098</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8110,15 +8171,15 @@
         </relation>
         <relation>
             <name>primitives</name>
-            <cardinality>12252</cardinality>
+            <cardinality>17287</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>12252</v>
+                    <v>17287</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>12252</v>
+                    <v>17287</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8132,7 +8193,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12252</v>
+                                    <v>17287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8148,7 +8209,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12252</v>
+                                    <v>17287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8158,15 +8219,15 @@
         </relation>
         <relation>
             <name>modifiers</name>
-            <cardinality>13613</cardinality>
+            <cardinality>26891</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>13613</v>
+                    <v>26891</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>13613</v>
+                    <v>26891</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8180,7 +8241,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>13613</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8196,7 +8257,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>13613</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8217,23 +8278,23 @@
         </relation>
         <relation>
             <name>classes</name>
-            <cardinality>12548830</cardinality>
+            <cardinality>12618104</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>12548830</v>
+                    <v>12618104</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>6855707</v>
+                    <v>6732600</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>442435</v>
+                    <v>455242</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>4506034</v>
+                    <v>5253541</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8247,7 +8308,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12548830</v>
+                                    <v>12618104</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8263,7 +8324,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12548830</v>
+                                    <v>12618104</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8279,7 +8340,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12548830</v>
+                                    <v>12618104</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8295,17 +8356,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5728517</v>
+                                    <v>5601216</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>741930</v>
+                                    <v>726083</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>236</b>
-                                    <v>385259</v>
+                                    <b>204</b>
+                                    <v>405300</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8321,17 +8382,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6243104</v>
+                                    <v>5950812</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>544535</v>
+                                    <v>731846</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>52</b>
-                                    <v>68066</v>
+                                    <v>49942</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8347,17 +8408,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6219961</v>
+                                    <v>5921999</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>533645</v>
+                                    <v>714558</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>160</b>
-                                    <v>102100</v>
+                                    <v>96042</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8373,57 +8434,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>107545</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>54453</v>
+                                    <v>46100</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>32672</v>
+                                    <v>30733</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>29949</v>
+                                    <v>26891</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>7</b>
-                                    <v>34033</v>
+                                    <b>6</b>
+                                    <v>24971</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>11</b>
-                                    <v>40840</v>
+                                    <a>6</a>
+                                    <b>8</b>
+                                    <v>40337</v>
                                 </b>
                                 <b>
-                                    <a>11</a>
-                                    <b>17</b>
-                                    <v>34033</v>
+                                    <a>8</a>
+                                    <b>12</b>
+                                    <v>32654</v>
                                 </b>
                                 <b>
-                                    <a>17</a>
+                                    <a>12</a>
+                                    <b>18</b>
+                                    <v>38417</v>
+                                </b>
+                                <b>
+                                    <a>18</a>
                                     <b>23</b>
-                                    <v>34033</v>
+                                    <v>34575</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>40</b>
-                                    <v>36756</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>40</a>
-                                    <b>707</b>
-                                    <v>34033</v>
+                                    <b>76</b>
+                                    <v>34575</v>
                                 </b>
                                 <b>
-                                    <a>1013</a>
-                                    <b>1414</b>
-                                    <v>4084</v>
+                                    <a>83</a>
+                                    <b>891</b>
+                                    <v>15366</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8439,52 +8505,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>107545</v>
+                                    <v>96042</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>54453</v>
+                                    <v>46100</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>35394</v>
+                                    <v>34575</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>34033</v>
+                                    <v>28812</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>7</b>
-                                    <v>38117</v>
+                                    <b>6</b>
+                                    <v>36496</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>11</b>
-                                    <v>40840</v>
+                                    <a>6</a>
+                                    <b>9</b>
+                                    <v>40337</v>
                                 </b>
                                 <b>
-                                    <a>11</a>
-                                    <b>17</b>
-                                    <v>36756</v>
+                                    <a>9</a>
+                                    <b>13</b>
+                                    <v>40337</v>
                                 </b>
                                 <b>
-                                    <a>17</a>
-                                    <b>23</b>
-                                    <v>34033</v>
+                                    <a>13</a>
+                                    <b>18</b>
+                                    <v>26891</v>
                                 </b>
                                 <b>
-                                    <a>23</a>
-                                    <b>40</b>
-                                    <v>35394</v>
+                                    <a>18</a>
+                                    <b>25</b>
+                                    <v>38417</v>
                                 </b>
                                 <b>
-                                    <a>40</a>
-                                    <b>830</b>
-                                    <v>25865</v>
+                                    <a>26</a>
+                                    <b>41</b>
+                                    <v>36496</v>
+                                </b>
+                                <b>
+                                    <a>41</a>
+                                    <b>479</b>
+                                    <v>30733</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8500,52 +8571,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>118436</v>
+                                    <v>99884</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>63982</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>36756</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>34033</v>
+                                    <v>32654</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>7</b>
-                                    <v>35394</v>
+                                    <b>6</b>
+                                    <v>32654</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>11</b>
-                                    <v>40840</v>
+                                    <a>6</a>
+                                    <b>8</b>
+                                    <v>34575</v>
                                 </b>
                                 <b>
-                                    <a>11</a>
-                                    <b>17</b>
-                                    <v>34033</v>
+                                    <a>8</a>
+                                    <b>12</b>
+                                    <v>38417</v>
                                 </b>
                                 <b>
-                                    <a>17</a>
-                                    <b>26</b>
-                                    <v>34033</v>
+                                    <a>12</a>
+                                    <b>18</b>
+                                    <v>32654</v>
                                 </b>
                                 <b>
-                                    <a>26</a>
-                                    <b>56</b>
-                                    <v>34033</v>
+                                    <a>18</a>
+                                    <b>25</b>
+                                    <v>34575</v>
                                 </b>
                                 <b>
-                                    <a>64</a>
+                                    <a>25</a>
+                                    <b>47</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>51</a>
                                     <b>138</b>
-                                    <v>10890</v>
+                                    <v>21129</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8561,17 +8637,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4040456</v>
+                                    <v>4694572</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>11</b>
-                                    <v>341696</v>
+                                    <v>407221</v>
                                 </b>
                                 <b>
                                     <a>11</a>
-                                    <b>1358</b>
-                                    <v>123881</v>
+                                    <b>426</b>
+                                    <v>151747</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8587,17 +8663,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4040456</v>
+                                    <v>4694572</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>359393</v>
+                                    <v>426430</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>783</b>
-                                    <v>106184</v>
+                                    <b>224</b>
+                                    <v>132539</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8613,7 +8689,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4506034</v>
+                                    <v>5253541</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8623,26 +8699,26 @@
         </relation>
         <relation>
             <name>file_class</name>
-            <cardinality>14974</cardinality>
+            <cardinality>17287</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>14974</v>
+                    <v>17287</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>class_object</name>
-            <cardinality>122520</cardinality>
+            <cardinality>163272</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>122520</v>
+                    <v>163272</v>
                 </e>
                 <e>
                     <k>instance</k>
-                    <v>122520</v>
+                    <v>163272</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8656,7 +8732,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>122520</v>
+                                    <v>163272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8672,7 +8748,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>122520</v>
+                                    <v>163272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8682,19 +8758,19 @@
         </relation>
         <relation>
             <name>type_companion_object</name>
-            <cardinality>217814</cardinality>
+            <cardinality>307336</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>217814</v>
+                    <v>307336</v>
                 </e>
                 <e>
                     <k>instance</k>
-                    <v>217814</v>
+                    <v>307336</v>
                 </e>
                 <e>
                     <k>companion_object</k>
-                    <v>217814</v>
+                    <v>307336</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8708,7 +8784,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8724,7 +8800,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8740,7 +8816,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8756,7 +8832,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8772,7 +8848,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8788,7 +8864,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>217814</v>
+                                    <v>307336</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8798,15 +8874,15 @@
         </relation>
         <relation>
             <name>kt_nullable_types</name>
-            <cardinality>1361</cardinality>
+            <cardinality>1920</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
                 <e>
                     <k>classid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8820,7 +8896,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8836,7 +8912,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8846,15 +8922,15 @@
         </relation>
         <relation>
             <name>kt_notnull_types</name>
-            <cardinality>191419</cardinality>
+            <cardinality>172391</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>191419</v>
+                    <v>172391</v>
                 </e>
                 <e>
                     <k>classid</k>
-                    <v>191419</v>
+                    <v>172391</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8868,7 +8944,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>191419</v>
+                                    <v>172391</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8884,7 +8960,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>191419</v>
+                                    <v>172391</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8894,19 +8970,19 @@
         </relation>
         <relation>
             <name>kt_type_alias</name>
-            <cardinality>2060</cardinality>
+            <cardinality>1821</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2060</v>
+                    <v>1821</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>2060</v>
+                    <v>1821</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1030</v>
+                    <v>910</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -8920,7 +8996,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8936,7 +9012,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8952,7 +9028,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8968,7 +9044,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -8984,7 +9060,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1030</v>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9000,7 +9076,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1030</v>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9021,23 +9097,23 @@
         </relation>
         <relation>
             <name>interfaces</name>
-            <cardinality>21501109</cardinality>
+            <cardinality>23200100</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>21501109</v>
+                    <v>23200100</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>5448969</v>
+                    <v>8705320</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>350</v>
+                    <v>430271</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>2074</v>
+                    <v>2787162</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -9051,7 +9127,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>21501109</v>
+                                    <v>23200100</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9067,7 +9143,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>21501109</v>
+                                    <v>23200100</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9083,7 +9159,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>21501109</v>
+                                    <v>23200100</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9099,27 +9175,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3495545</v>
+                                    <v>6834406</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>811460</v>
+                                    <v>1079521</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>5</b>
-                                    <v>410487</v>
+                                    <b>25</b>
+                                    <v>655011</v>
                                 </b>
                                 <b>
-                                    <a>5</a>
-                                    <b>12</b>
-                                    <v>426139</v>
-                                </b>
-                                <b>
-                                    <a>12</a>
-                                    <b>9655</b>
-                                    <v>305336</v>
+                                    <a>25</a>
+                                    <b>345</b>
+                                    <v>136380</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9135,231 +9206,221 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5448745</v>
+                                    <v>7996524</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>224</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>nodeName</src>
-                    <trg>sourceid</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>5448653</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>6</b>
-                                    <v>316</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>parentid</src>
-                    <trg>id</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>57</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>34</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
                                     <b>4</b>
-                                    <v>28</v>
+                                    <v>695349</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>6</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>6</a>
-                                    <b>9</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>10</a>
-                                    <b>16</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>16</a>
-                                    <b>20</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>21</a>
-                                    <b>212</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>288</a>
-                                    <b>1113</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>1315</a>
-                                    <b>27761</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>36093</a>
-                                    <b>2073873</b>
-                                    <v>28</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>parentid</src>
-                    <trg>nodeName</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>57</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>34</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>5</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>6</a>
-                                    <b>11</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
-                                    <b>14</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>15</a>
-                                    <b>20</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>21</a>
-                                    <b>107</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>153</a>
-                                    <b>381</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>3060</a>
-                                    <b>15096</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>36080</a>
-                                    <b>500307</b>
-                                    <v>22</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>parentid</src>
-                    <trg>sourceid</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>97</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>40</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>34</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>6</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>6</a>
                                     <b>7</b>
-                                    <v>11</v>
+                                    <v>13445</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>nodeName</src>
+                    <trg>sourceid</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>7967711</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
+                                    <a>2</a>
+                                    <b>4</b>
+                                    <v>718400</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>7</b>
+                                    <v>19208</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>parentid</src>
+                    <trg>id</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>113330</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>55704</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>48021</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>26891</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
                                     <b>8</b>
-                                    <v>40</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>8</a>
+                                    <b>13</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>13</a>
+                                    <b>18</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>18</a>
+                                    <b>41</b>
+                                    <v>32654</v>
+                                </b>
+                                <b>
+                                    <a>42</a>
+                                    <b>182</b>
+                                    <v>32654</v>
+                                </b>
+                                <b>
+                                    <a>187</a>
+                                    <b>4152</b>
+                                    <v>15366</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>parentid</src>
+                    <trg>nodeName</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>113330</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>55704</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>48021</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>38417</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>7</b>
+                                    <v>24971</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
                                     <b>10</b>
-                                    <v>22</v>
+                                    <v>32654</v>
                                 </b>
                                 <b>
                                     <a>10</a>
-                                    <b>11</b>
-                                    <v>28</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
                                     <b>15</b>
-                                    <v>28</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>40</b>
-                                    <v>17</v>
+                                    <a>15</a>
+                                    <b>28</b>
+                                    <v>32654</v>
+                                </b>
+                                <b>
+                                    <a>30</a>
+                                    <b>94</b>
+                                    <v>32654</v>
+                                </b>
+                                <b>
+                                    <a>100</a>
+                                    <b>1213</b>
+                                    <v>15366</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>parentid</src>
+                    <trg>sourceid</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>140222</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>65309</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>44179</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>7</b>
+                                    <v>28812</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>9</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>9</a>
+                                    <b>14</b>
+                                    <v>34575</v>
+                                </b>
+                                <b>
+                                    <a>14</a>
+                                    <b>26</b>
+                                    <v>32654</v>
+                                </b>
+                                <b>
+                                    <a>26</a>
+                                    <b>160</b>
+                                    <v>15366</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9375,32 +9436,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1292</v>
+                                    <v>2391465</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>7</b>
-                                    <v>166</v>
+                                    <b>11</b>
+                                    <v>213215</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>53</b>
-                                    <v>160</v>
-                                </b>
-                                <b>
-                                    <a>55</a>
-                                    <b>289</b>
-                                    <v>166</v>
-                                </b>
-                                <b>
-                                    <a>353</a>
-                                    <b>3260</b>
-                                    <v>160</v>
-                                </b>
-                                <b>
-                                    <a>3665</a>
-                                    <b>450913</b>
-                                    <v>126</v>
+                                    <a>11</a>
+                                    <b>1565</b>
+                                    <v>182481</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9416,32 +9462,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1292</v>
+                                    <v>2391465</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>172</v>
+                                    <v>217056</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>31</b>
-                                    <v>160</v>
-                                </b>
-                                <b>
-                                    <a>31</a>
-                                    <b>110</b>
-                                    <v>160</v>
-                                </b>
-                                <b>
-                                    <a>115</a>
-                                    <b>1202</b>
-                                    <v>160</v>
-                                </b>
-                                <b>
-                                    <a>1336</a>
-                                    <b>101026</b>
-                                    <v>126</v>
+                                    <b>492</b>
+                                    <v>178639</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9457,7 +9488,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2074</v>
+                                    <v>2787162</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9467,15 +9498,15 @@
         </relation>
         <relation>
             <name>fielddecls</name>
-            <cardinality>398872</cardinality>
+            <cardinality>199475</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>398872</v>
+                    <v>199475</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>59898</v>
+                    <v>25503</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -9489,7 +9520,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>398872</v>
+                                    <v>199475</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9505,32 +9536,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>29949</v>
+                                    <v>4554</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>13613</v>
+                                    <v>5465</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>5445</v>
+                                    <v>1821</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>5</b>
-                                    <v>2722</v>
+                                    <b>6</b>
+                                    <v>1821</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>16</b>
-                                    <v>5445</v>
+                                    <b>7</b>
+                                    <v>2732</v>
                                 </b>
                                 <b>
-                                    <a>40</a>
-                                    <b>159</b>
-                                    <v>2722</v>
+                                    <a>7</a>
+                                    <b>9</b>
+                                    <v>1821</v>
+                                </b>
+                                <b>
+                                    <a>9</a>
+                                    <b>10</b>
+                                    <v>910</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>11</b>
+                                    <v>1821</v>
+                                </b>
+                                <b>
+                                    <a>13</a>
+                                    <b>18</b>
+                                    <v>1821</v>
+                                </b>
+                                <b>
+                                    <a>19</a>
+                                    <b>20</b>
+                                    <v>1821</v>
+                                </b>
+                                <b>
+                                    <a>57</a>
+                                    <b>58</b>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9540,19 +9596,19 @@
         </relation>
         <relation>
             <name>fieldDeclaredIn</name>
-            <cardinality>398872</cardinality>
+            <cardinality>199475</cardinality>
             <columnsizes>
                 <e>
                     <k>fieldId</k>
-                    <v>398872</v>
+                    <v>199475</v>
                 </e>
                 <e>
                     <k>fieldDeclId</k>
-                    <v>398872</v>
+                    <v>199475</v>
                 </e>
                 <e>
                     <k>pos</k>
-                    <v>1361</v>
+                    <v>910</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -9566,7 +9622,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>398872</v>
+                                    <v>199475</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9582,7 +9638,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>398872</v>
+                                    <v>199475</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9598,7 +9654,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>398872</v>
+                                    <v>199475</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9614,7 +9670,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>398872</v>
+                                    <v>199475</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9628,9 +9684,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>293</a>
-                                    <b>294</b>
-                                    <v>1361</v>
+                                    <a>219</a>
+                                    <b>220</b>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9644,9 +9700,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>293</a>
-                                    <b>294</b>
-                                    <v>1361</v>
+                                    <a>219</a>
+                                    <b>220</b>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9656,27 +9712,27 @@
         </relation>
         <relation>
             <name>fields</name>
-            <cardinality>27509955</cardinality>
+            <cardinality>19350704</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>27509955</v>
+                    <v>19350704</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>10900247</v>
+                    <v>13628474</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>2728125</v>
+                    <v>3038794</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>3851230</v>
+                    <v>4089502</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>27509955</v>
+                    <v>19350704</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -9690,7 +9746,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9706,7 +9762,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9722,7 +9778,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9738,7 +9794,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9754,22 +9810,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8061854</v>
+                                    <v>12016876</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1433490</v>
+                                    <v>1123700</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>11</b>
-                                    <v>760988</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
-                                    <b>828</b>
-                                    <v>643913</v>
+                                    <b>722</b>
+                                    <v>487897</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9785,17 +9836,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9875159</v>
+                                    <v>12416414</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>4</b>
-                                    <v>850837</v>
+                                    <b>5</b>
+                                    <v>1085283</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
+                                    <a>5</a>
                                     <b>160</b>
-                                    <v>174251</v>
+                                    <v>126776</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9811,22 +9862,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8061854</v>
+                                    <v>12016876</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1433490</v>
+                                    <v>1123700</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>11</b>
-                                    <v>760988</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
-                                    <b>828</b>
-                                    <v>643913</v>
+                                    <b>722</b>
+                                    <v>487897</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9842,22 +9888,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8061854</v>
+                                    <v>12016876</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1433490</v>
+                                    <v>1123700</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>11</b>
-                                    <v>760988</v>
-                                </b>
-                                <b>
-                                    <a>11</a>
-                                    <b>828</b>
-                                    <v>643913</v>
+                                    <b>722</b>
+                                    <v>487897</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9873,32 +9914,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1732985</v>
+                                    <v>2059157</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>338973</v>
+                                    <v>320782</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>175612</v>
+                                    <v>213215</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>7</b>
-                                    <v>208284</v>
+                                    <b>8</b>
+                                    <v>245869</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>24</b>
-                                    <v>205562</v>
-                                </b>
-                                <b>
-                                    <a>24</a>
-                                    <b>7479</b>
-                                    <v>66705</v>
+                                    <a>8</a>
+                                    <b>2588</b>
+                                    <v>199769</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9914,27 +9950,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1894985</v>
+                                    <v>2120625</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>302217</v>
+                                    <v>299653</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>183780</v>
+                                    <v>199769</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>9</b>
-                                    <v>212369</v>
+                                    <v>255473</v>
                                 </b>
                                 <b>
                                     <a>9</a>
-                                    <b>2335</b>
-                                    <v>134772</v>
+                                    <b>2016</b>
+                                    <v>163272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9950,17 +9986,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2326529</v>
+                                    <v>2706486</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>4</b>
-                                    <v>228705</v>
+                                    <v>251632</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>1392</b>
-                                    <v>172890</v>
+                                    <b>1014</b>
+                                    <v>80675</v>
                                 </b>
                             </bs>
                         </hist>
@@ -9976,32 +10012,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1732985</v>
+                                    <v>2059157</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>338973</v>
+                                    <v>320782</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>175612</v>
+                                    <v>213215</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>7</b>
-                                    <v>208284</v>
+                                    <b>8</b>
+                                    <v>245869</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>24</b>
-                                    <v>205562</v>
-                                </b>
-                                <b>
-                                    <a>24</a>
-                                    <b>7479</b>
-                                    <v>66705</v>
+                                    <a>8</a>
+                                    <b>2588</b>
+                                    <v>199769</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10017,37 +10048,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1937186</v>
+                                    <v>2427962</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>484636</v>
+                                    <v>478293</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>303578</v>
+                                    <v>303495</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>341696</v>
+                                    <v>338070</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>10</b>
-                                    <v>300856</v>
+                                    <b>13</b>
+                                    <v>330387</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>27</b>
-                                    <v>291326</v>
-                                </b>
-                                <b>
-                                    <a>27</a>
+                                    <a>13</a>
                                     <b>1610</b>
-                                    <v>191948</v>
+                                    <v>211294</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10063,37 +10089,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1937186</v>
+                                    <v>2427962</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>484636</v>
+                                    <v>478293</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>303578</v>
+                                    <v>303495</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>341696</v>
+                                    <v>338070</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>10</b>
-                                    <v>300856</v>
+                                    <b>13</b>
+                                    <v>330387</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>27</b>
-                                    <v>291326</v>
-                                </b>
-                                <b>
-                                    <a>27</a>
+                                    <a>13</a>
                                     <b>1610</b>
-                                    <v>191948</v>
+                                    <v>211294</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10109,27 +10130,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2499419</v>
+                                    <v>3031110</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>623493</v>
+                                    <v>595465</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>4</b>
-                                    <v>243679</v>
+                                    <b>5</b>
+                                    <v>347674</v>
                                 </b>
                                 <b>
-                                    <a>4</a>
-                                    <b>7</b>
-                                    <v>338973</v>
-                                </b>
-                                <b>
-                                    <a>7</a>
+                                    <a>5</a>
                                     <b>76</b>
-                                    <v>145663</v>
+                                    <v>115251</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10145,37 +10161,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1937186</v>
+                                    <v>2427962</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>484636</v>
+                                    <v>478293</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>303578</v>
+                                    <v>303495</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>341696</v>
+                                    <v>338070</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>10</b>
-                                    <v>300856</v>
+                                    <b>13</b>
+                                    <v>330387</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>27</b>
-                                    <v>291326</v>
-                                </b>
-                                <b>
-                                    <a>27</a>
+                                    <a>13</a>
                                     <b>1610</b>
-                                    <v>191948</v>
+                                    <v>211294</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10191,7 +10202,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10207,7 +10218,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10223,7 +10234,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10239,7 +10250,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10249,15 +10260,15 @@
         </relation>
         <relation>
             <name>fieldsKotlinType</name>
-            <cardinality>27509955</cardinality>
+            <cardinality>19350704</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>27509955</v>
+                    <v>19350704</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -10271,7 +10282,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>27509955</v>
+                                    <v>19350704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10285,9 +10296,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>20208</a>
-                                    <b>20209</b>
-                                    <v>1361</v>
+                                    <a>10074</a>
+                                    <b>10075</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10297,31 +10308,31 @@
         </relation>
         <relation>
             <name>constrs</name>
-            <cardinality>6869320</cardinality>
+            <cardinality>8006128</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>6869320</v>
+                    <v>8006128</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>3746407</v>
+                    <v>4333451</v>
                 </e>
                 <e>
                     <k>signature</k>
-                    <v>5871458</v>
+                    <v>6803672</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>2722</v>
+                    <v>3841</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>4835479</v>
+                    <v>5639633</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>5054654</v>
+                    <v>5720309</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -10335,7 +10346,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10351,7 +10362,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10367,7 +10378,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10383,7 +10394,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10399,7 +10410,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10415,22 +10426,58 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2361924</v>
+                                    <v>2623889</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>835862</v>
+                                    <v>1085283</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>259315</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>11</b>
+                                    <v>326545</v>
+                                </b>
+                                <b>
+                                    <a>11</a>
+                                    <b>36</b>
+                                    <v>38417</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>nodeName</src>
+                    <trg>signature</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>2977327</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>868226</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>345780</v>
+                                    <v>341912</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>42</b>
-                                    <v>202839</v>
+                                    <b>19</b>
+                                    <v>145985</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10438,7 +10485,7 @@
                 </dep>
                 <dep>
                     <src>nodeName</src>
-                    <trg>signature</trg>
+                    <trg>typeid</trg>
                     <val>
                         <hist>
                             <budget>12</budget>
@@ -10446,95 +10493,64 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2628747</v>
+                                    <v>4333451</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>nodeName</src>
+                    <trg>parentid</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>3764878</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>683392</v>
+                                    <v>401458</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>36</b>
+                                    <v>167114</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>nodeName</src>
+                    <trg>sourceid</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>2737220</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>1083362</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>302217</v>
+                                    <v>353437</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>19</b>
-                                    <v>132049</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>nodeName</src>
-                    <trg>typeid</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>3746407</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>nodeName</src>
-                    <trg>parentid</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>3287635</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>314469</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>42</b>
-                                    <v>144302</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>nodeName</src>
-                    <trg>sourceid</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>2453134</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>827694</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>5</b>
-                                    <v>318553</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>38</b>
-                                    <v>147024</v>
+                                    <b>32</b>
+                                    <v>159431</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10550,12 +10566,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5461695</v>
+                                    <v>6302329</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>42</b>
-                                    <v>409763</v>
+                                    <b>36</b>
+                                    <v>501343</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10571,7 +10587,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5871458</v>
+                                    <v>6803672</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10587,7 +10603,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5871458</v>
+                                    <v>6803672</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10603,12 +10619,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5461695</v>
+                                    <v>6302329</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>42</b>
-                                    <v>409763</v>
+                                    <b>36</b>
+                                    <v>501343</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10624,12 +10640,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5591022</v>
+                                    <v>6461760</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>32</b>
-                                    <v>280436</v>
+                                    <b>23</b>
+                                    <v>341912</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10643,14 +10659,14 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>31</a>
-                                    <b>32</b>
-                                    <v>1361</v>
+                                    <a>22</a>
+                                    <b>23</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>5015</a>
-                                    <b>5016</b>
-                                    <v>1361</v>
+                                    <a>4146</a>
+                                    <b>4147</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10666,12 +10682,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>2751</a>
-                                    <b>2752</b>
-                                    <v>1361</v>
+                                    <a>2255</a>
+                                    <b>2256</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10687,12 +10703,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>4312</a>
-                                    <b>4313</b>
-                                    <v>1361</v>
+                                    <a>3541</a>
+                                    <b>3542</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10706,14 +10722,14 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>31</a>
-                                    <b>32</b>
-                                    <v>1361</v>
+                                    <a>22</a>
+                                    <b>23</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>3521</a>
-                                    <b>3522</b>
-                                    <v>1361</v>
+                                    <a>2914</a>
+                                    <b>2915</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10727,14 +10743,14 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>31</a>
-                                    <b>32</b>
-                                    <v>1361</v>
+                                    <a>22</a>
+                                    <b>23</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>3682</a>
-                                    <b>3683</b>
-                                    <v>1361</v>
+                                    <a>2956</a>
+                                    <b>2957</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10750,22 +10766,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3676978</v>
+                                    <v>4256617</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>737846</v>
+                                    <v>895118</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>366200</v>
+                                    <v>434113</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>19</b>
-                                    <v>54453</v>
+                                    <v>53783</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10781,7 +10797,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4835479</v>
+                                    <v>5639633</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10797,22 +10813,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3676978</v>
+                                    <v>4256617</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>737846</v>
+                                    <v>895118</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>366200</v>
+                                    <v>434113</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>19</b>
-                                    <v>54453</v>
+                                    <v>53783</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10828,7 +10844,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4835479</v>
+                                    <v>5639633</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10844,22 +10860,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3676978</v>
+                                    <v>4256617</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>737846</v>
+                                    <v>895118</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>366200</v>
+                                    <v>434113</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>19</b>
-                                    <v>54453</v>
+                                    <v>53783</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10875,12 +10891,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4742907</v>
+                                    <v>5357267</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>259</b>
-                                    <v>311746</v>
+                                    <b>209</b>
+                                    <v>363041</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10896,12 +10912,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4742907</v>
+                                    <v>5357267</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>212</b>
-                                    <v>311746</v>
+                                    <b>172</b>
+                                    <v>363041</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10917,12 +10933,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4742907</v>
+                                    <v>5357267</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>212</b>
-                                    <v>311746</v>
+                                    <b>172</b>
+                                    <v>363041</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10938,7 +10954,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5054654</v>
+                                    <v>5720309</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10954,12 +10970,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4742907</v>
+                                    <v>5357267</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>259</b>
-                                    <v>311746</v>
+                                    <b>209</b>
+                                    <v>363041</v>
                                 </b>
                             </bs>
                         </hist>
@@ -10969,15 +10985,15 @@
         </relation>
         <relation>
             <name>constrsKotlinType</name>
-            <cardinality>6869320</cardinality>
+            <cardinality>8006128</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>6869320</v>
+                    <v>8006128</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -10991,7 +11007,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6869320</v>
+                                    <v>8006128</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11005,9 +11021,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>5046</a>
-                                    <b>5047</b>
-                                    <v>1361</v>
+                                    <a>4168</a>
+                                    <b>4169</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11017,31 +11033,31 @@
         </relation>
         <relation>
             <name>methods</name>
-            <cardinality>93308954</cardinality>
+            <cardinality>109719302</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>93308954</v>
+                    <v>109719302</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>20326164</v>
+                    <v>22908130</v>
                 </e>
                 <e>
                     <k>signature</k>
-                    <v>29772501</v>
+                    <v>33369112</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>11583640</v>
+                    <v>13338425</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>11270532</v>
+                    <v>12810189</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>58543057</v>
+                    <v>67091663</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -11055,7 +11071,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11071,7 +11087,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11087,7 +11103,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11103,7 +11119,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11119,7 +11135,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11135,32 +11151,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>11834127</v>
+                                    <v>13324979</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>3821280</v>
+                                    <v>4070294</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1315054</v>
+                                    <v>1573181</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>1792884</v>
+                                    <v>2026503</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>271</b>
-                                    <v>1524700</v>
+                                    <b>56</b>
+                                    <v>1719166</v>
                                 </b>
                                 <b>
-                                    <a>276</a>
-                                    <b>2134</b>
-                                    <v>38117</v>
+                                    <a>57</a>
+                                    <b>1769</b>
+                                    <v>194006</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11176,17 +11192,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>16853387</v>
+                                    <v>19150935</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2115522</v>
+                                    <v>2228193</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>361</b>
-                                    <v>1357255</v>
+                                    <b>298</b>
+                                    <v>1529001</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11202,22 +11218,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>17082092</v>
+                                    <v>19179748</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1678532</v>
+                                    <v>1872834</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>52</b>
-                                    <v>1524700</v>
+                                    <b>25</b>
+                                    <v>1726849</v>
                                 </b>
                                 <b>
-                                    <a>52</a>
-                                    <b>845</b>
-                                    <v>40840</v>
+                                    <a>25</a>
+                                    <b>741</b>
+                                    <v>128697</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11233,27 +11249,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12555637</v>
+                                    <v>14028012</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>3596659</v>
+                                    <v>3889733</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1245625</v>
+                                    <v>1502109</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>1577792</v>
+                                    <v>1817129</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>1278</b>
-                                    <v>1350449</v>
+                                    <b>1099</b>
+                                    <v>1671144</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11269,27 +11285,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>12213940</v>
+                                    <v>13743725</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>3951969</v>
+                                    <v>4283509</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1297356</v>
+                                    <v>1544368</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>1656750</v>
+                                    <v>1857467</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>928</b>
-                                    <v>1206147</v>
+                                    <b>800</b>
+                                    <v>1479059</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11305,22 +11321,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>20356114</v>
+                                    <v>22735253</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>4957999</v>
+                                    <v>5434102</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>2363285</v>
+                                    <v>2635414</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>1275</b>
-                                    <v>2095101</v>
+                                    <b>157</b>
+                                    <v>2502875</v>
+                                </b>
+                                <b>
+                                    <a>157</a>
+                                    <b>1096</b>
+                                    <v>61467</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11336,7 +11357,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>29772501</v>
+                                    <v>33369112</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11352,17 +11373,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>26733991</v>
+                                    <v>29957672</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>5</b>
-                                    <v>2383706</v>
+                                    <v>2650781</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>843</b>
-                                    <v>654804</v>
+                                    <b>739</b>
+                                    <v>760659</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11378,22 +11399,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>20360198</v>
+                                    <v>22741015</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>4956638</v>
+                                    <v>5432181</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>2361924</v>
+                                    <v>2631572</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>1275</b>
-                                    <v>2093740</v>
+                                    <b>157</b>
+                                    <v>2502875</v>
+                                </b>
+                                <b>
+                                    <a>157</a>
+                                    <b>1096</b>
+                                    <v>61467</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11409,22 +11435,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>20978246</v>
+                                    <v>23365294</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5076436</v>
+                                    <v>5656921</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>2533453</v>
+                                    <v>2900492</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>923</b>
-                                    <v>1184365</v>
+                                    <b>795</b>
+                                    <v>1446404</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11440,32 +11466,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5684955</v>
+                                    <v>6603903</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2449050</v>
+                                    <v>2729536</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1089071</v>
+                                    <v>1208218</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>925711</v>
+                                    <v>1119859</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>14</b>
-                                    <v>875341</v>
+                                    <b>15</b>
+                                    <v>1019974</v>
                                 </b>
                                 <b>
-                                    <a>14</a>
-                                    <b>11667</b>
-                                    <v>559510</v>
+                                    <a>15</a>
+                                    <b>10335</b>
+                                    <v>656932</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11481,22 +11507,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7613973</v>
+                                    <v>8714924</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2218983</v>
+                                    <v>2620047</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>1060483</v>
+                                    <v>1167880</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>3940</b>
-                                    <v>690199</v>
+                                    <b>2888</b>
+                                    <v>835572</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11512,27 +11538,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7370293</v>
+                                    <v>8565097</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2274798</v>
+                                    <v>2602760</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>5</b>
-                                    <v>875341</v>
+                                    <b>6</b>
+                                    <v>1210139</v>
                                 </b>
                                 <b>
-                                    <a>5</a>
-                                    <b>17</b>
-                                    <v>882148</v>
-                                </b>
-                                <b>
-                                    <a>17</a>
-                                    <b>5689</b>
-                                    <v>181058</v>
+                                    <a>6</a>
+                                    <b>4142</b>
+                                    <v>960428</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11548,27 +11569,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6786279</v>
+                                    <v>7714158</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2466747</v>
+                                    <v>2869759</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1003307</v>
+                                    <v>1108333</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>9</b>
-                                    <v>916181</v>
+                                    <b>8</b>
+                                    <v>1069916</v>
                                 </b>
                                 <b>
-                                    <a>9</a>
-                                    <b>3420</b>
-                                    <v>411124</v>
+                                    <a>8</a>
+                                    <b>2865</b>
+                                    <v>576256</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11584,32 +11605,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6180482</v>
+                                    <v>7166714</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2262546</v>
+                                    <v>2524004</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>985610</v>
+                                    <v>1096808</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>910736</v>
+                                    <v>1094888</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>16</b>
-                                    <v>890316</v>
+                                    <v>1016132</v>
                                 </b>
                                 <b>
                                     <a>16</a>
-                                    <b>8855</b>
-                                    <v>353948</v>
+                                    <b>6435</b>
+                                    <v>439876</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11625,52 +11646,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3190980</v>
+                                    <v>3630418</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1287827</v>
+                                    <v>1456008</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1029172</v>
+                                    <v>1164038</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>744652</v>
+                                    <v>735687</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>924349</v>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>952937</v>
+                                    <v>1106413</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>13</b>
-                                    <v>997862</v>
+                                    <v>1146751</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>19</b>
-                                    <v>908013</v>
+                                    <b>21</b>
+                                    <v>1181326</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>38</b>
-                                    <v>909375</v>
+                                    <a>21</a>
+                                    <b>40</b>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
-                                    <a>38</a>
+                                    <a>40</a>
                                     <b>319</b>
-                                    <v>325360</v>
+                                    <v>345754</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11686,52 +11707,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3244072</v>
+                                    <v>3678439</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1308247</v>
+                                    <v>1457929</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1109491</v>
+                                    <v>1231268</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>785493</v>
+                                    <v>791392</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>887593</v>
+                                    <v>960428</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>1015559</v>
+                                    <v>1183247</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>13</b>
-                                    <v>942047</v>
+                                    <v>1102571</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>17</b>
-                                    <v>875341</v>
+                                    <b>18</b>
+                                    <v>849018</v>
                                 </b>
                                 <b>
-                                    <a>17</a>
-                                    <b>35</b>
-                                    <v>848114</v>
+                                    <a>18</a>
+                                    <b>26</b>
+                                    <v>968111</v>
                                 </b>
                                 <b>
-                                    <a>35</a>
+                                    <a>26</a>
                                     <b>290</b>
-                                    <v>254570</v>
+                                    <v>587781</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11747,52 +11768,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3190980</v>
+                                    <v>3630418</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1287827</v>
+                                    <v>1456008</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1029172</v>
+                                    <v>1164038</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>744652</v>
+                                    <v>735687</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>924349</v>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>952937</v>
+                                    <v>1106413</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>13</b>
-                                    <v>997862</v>
+                                    <v>1146751</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>19</b>
-                                    <v>908013</v>
+                                    <b>21</b>
+                                    <v>1181326</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>38</b>
-                                    <v>909375</v>
+                                    <a>21</a>
+                                    <b>40</b>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
-                                    <a>38</a>
+                                    <a>40</a>
                                     <b>319</b>
-                                    <v>325360</v>
+                                    <v>345754</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11808,47 +11829,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3887986</v>
+                                    <v>4348818</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1615910</v>
+                                    <v>1757583</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1327306</v>
+                                    <v>1436800</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>786854</v>
+                                    <v>922010</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>637107</v>
+                                    <v>743371</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>498250</v>
+                                    <v>564731</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>9</b>
-                                    <v>1033256</v>
+                                    <b>8</b>
+                                    <v>879752</v>
                                 </b>
                                 <b>
-                                    <a>9</a>
-                                    <b>13</b>
-                                    <v>882148</v>
+                                    <a>8</a>
+                                    <b>11</b>
+                                    <v>1160197</v>
                                 </b>
                                 <b>
-                                    <a>13</a>
+                                    <a>11</a>
+                                    <b>31</b>
+                                    <v>964269</v>
+                                </b>
+                                <b>
+                                    <a>33</a>
                                     <b>78</b>
-                                    <v>601712</v>
+                                    <v>32654</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11864,52 +11890,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3190980</v>
+                                    <v>3630418</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1287827</v>
+                                    <v>1456008</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>1029172</v>
+                                    <v>1164038</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>744652</v>
+                                    <v>735687</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>924349</v>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>952937</v>
+                                    <v>1106413</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>13</b>
-                                    <v>997862</v>
+                                    <v>1146751</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>19</b>
-                                    <v>908013</v>
+                                    <b>21</b>
+                                    <v>1181326</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>38</b>
-                                    <v>909375</v>
+                                    <a>21</a>
+                                    <b>40</b>
+                                    <v>1021895</v>
                                 </b>
                                 <b>
-                                    <a>38</a>
+                                    <a>40</a>
                                     <b>319</b>
-                                    <v>325360</v>
+                                    <v>345754</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11925,12 +11951,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>54190854</v>
+                                    <v>61836200</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>349</b>
-                                    <v>4352203</v>
+                                    <b>50</b>
+                                    <v>5032643</v>
+                                </b>
+                                <b>
+                                    <a>52</a>
+                                    <b>286</b>
+                                    <v>222819</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11946,7 +11977,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58543057</v>
+                                    <v>67091663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11962,12 +11993,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58259899</v>
+                                    <v>66767038</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>347</b>
-                                    <v>283158</v>
+                                    <b>284</b>
+                                    <v>324624</v>
                                 </b>
                             </bs>
                         </hist>
@@ -11983,12 +12014,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>56848189</v>
+                                    <v>65030584</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>259</b>
-                                    <v>1694868</v>
+                                    <b>209</b>
+                                    <v>2061078</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12004,12 +12035,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>54190854</v>
+                                    <v>61836200</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>349</b>
-                                    <v>4352203</v>
+                                    <b>50</b>
+                                    <v>5032643</v>
+                                </b>
+                                <b>
+                                    <a>52</a>
+                                    <b>286</b>
+                                    <v>222819</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12019,15 +12055,15 @@
         </relation>
         <relation>
             <name>methodsKotlinType</name>
-            <cardinality>93308954</cardinality>
+            <cardinality>109719302</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>93308954</v>
+                    <v>109719302</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -12041,7 +12077,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>93308954</v>
+                                    <v>109719302</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12055,9 +12091,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>68542</a>
-                                    <b>68543</b>
-                                    <v>1361</v>
+                                    <a>57120</a>
+                                    <b>57121</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12067,27 +12103,27 @@
         </relation>
         <relation>
             <name>params</name>
-            <cardinality>101015498</cardinality>
+            <cardinality>120852585</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>101015498</v>
+                    <v>120852585</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>11171154</v>
+                    <v>12833239</v>
                 </e>
                 <e>
                     <k>pos</k>
-                    <v>29949</v>
+                    <v>42258</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>56251922</v>
+                    <v>65007534</v>
                 </e>
                 <e>
                     <k>sourceid</k>
-                    <v>61310661</v>
+                    <v>73639861</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -12101,7 +12137,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101015498</v>
+                                    <v>120852585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12117,7 +12153,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101015498</v>
+                                    <v>120852585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12133,7 +12169,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101015498</v>
+                                    <v>120852585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12149,7 +12185,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101015498</v>
+                                    <v>120852585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12165,32 +12201,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5943609</v>
+                                    <v>6763334</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1712565</v>
+                                    <v>1945827</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>869896</v>
+                                    <v>948902</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>970635</v>
+                                    <v>1148671</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>12</b>
-                                    <v>867173</v>
+                                    <v>1018053</v>
                                 </b>
                                 <b>
                                     <a>12</a>
-                                    <b>7469</b>
-                                    <v>807274</v>
+                                    <b>326</b>
+                                    <v>966190</v>
+                                </b>
+                                <b>
+                                    <a>343</a>
+                                    <b>6738</b>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12206,17 +12247,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9232606</v>
+                                    <v>10436011</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1157138</v>
+                                    <v>1342678</v>
                                 </b>
                                 <b>
                                     <a>3</a>
+                                    <b>8</b>
+                                    <v>964269</v>
+                                </b>
+                                <b>
+                                    <a>8</a>
                                     <b>17</b>
-                                    <v>781409</v>
+                                    <v>90280</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12232,32 +12278,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6134197</v>
+                                    <v>7005362</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1677170</v>
+                                    <v>1895885</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>888954</v>
+                                    <v>975794</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>917543</v>
+                                    <v>1087204</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>13</b>
-                                    <v>867173</v>
+                                    <v>1008449</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>5265</b>
-                                    <v>686115</v>
+                                    <b>4326</b>
+                                    <v>860543</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12273,32 +12319,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6337036</v>
+                                    <v>7216656</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1569624</v>
+                                    <v>1788317</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>901206</v>
+                                    <v>996924</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>947492</v>
+                                    <v>1117938</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>13</b>
-                                    <v>856282</v>
+                                    <v>1002686</v>
                                 </b>
                                 <b>
                                     <a>13</a>
-                                    <b>6292</b>
-                                    <v>559510</v>
+                                    <b>5757</b>
+                                    <v>710716</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12314,57 +12360,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>53</a>
-                                    <b>56</b>
-                                    <v>2722</v>
+                                    <a>50</a>
+                                    <b>53</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>110</a>
-                                    <b>112</b>
-                                    <v>2722</v>
+                                    <a>104</a>
+                                    <b>106</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>165</a>
-                                    <b>172</b>
-                                    <v>2722</v>
+                                    <a>157</a>
+                                    <b>165</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>224</a>
-                                    <b>242</b>
-                                    <v>2722</v>
+                                    <a>214</a>
+                                    <b>231</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>305</a>
-                                    <b>330</b>
-                                    <v>2722</v>
+                                    <a>291</a>
+                                    <b>315</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>524</a>
-                                    <b>666</b>
-                                    <v>2722</v>
+                                    <a>485</a>
+                                    <b>606</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>880</a>
-                                    <b>1142</b>
-                                    <v>2722</v>
+                                    <a>804</a>
+                                    <b>1067</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>1517</a>
-                                    <b>2090</b>
-                                    <v>2722</v>
+                                    <a>1445</a>
+                                    <b>2015</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>3299</a>
-                                    <b>5949</b>
-                                    <v>2722</v>
+                                    <a>3084</a>
+                                    <b>5199</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>15053</a>
-                                    <b>41322</b>
-                                    <v>2722</v>
+                                    <a>12689</a>
+                                    <b>33844</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12380,57 +12426,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>5</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>12</b>
-                                    <v>2722</v>
+                                    <a>11</a>
+                                    <b>14</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>13</a>
-                                    <b>19</b>
-                                    <v>2722</v>
+                                    <a>15</a>
+                                    <b>20</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>26</a>
-                                    <b>38</b>
-                                    <v>2722</v>
+                                    <a>27</a>
+                                    <b>37</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>57</a>
-                                    <b>76</b>
-                                    <v>2722</v>
+                                    <b>75</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>99</a>
-                                    <b>159</b>
-                                    <v>2722</v>
+                                    <a>97</a>
+                                    <b>153</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>212</a>
-                                    <b>306</b>
-                                    <v>2722</v>
+                                    <a>201</a>
+                                    <b>289</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>452</a>
-                                    <b>889</b>
-                                    <v>2722</v>
+                                    <a>403</a>
+                                    <b>777</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>2370</a>
-                                    <b>6264</b>
-                                    <v>2722</v>
+                                    <a>1979</a>
+                                    <b>5089</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12446,57 +12492,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>53</a>
-                                    <b>56</b>
-                                    <v>2722</v>
+                                    <a>50</a>
+                                    <b>53</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>110</a>
-                                    <b>112</b>
-                                    <v>2722</v>
+                                    <a>104</a>
+                                    <b>106</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>165</a>
-                                    <b>172</b>
-                                    <v>2722</v>
+                                    <a>157</a>
+                                    <b>165</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>224</a>
-                                    <b>242</b>
-                                    <v>2722</v>
+                                    <a>214</a>
+                                    <b>231</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>305</a>
-                                    <b>330</b>
-                                    <v>2722</v>
+                                    <a>291</a>
+                                    <b>315</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>524</a>
-                                    <b>666</b>
-                                    <v>2722</v>
+                                    <a>485</a>
+                                    <b>606</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>880</a>
-                                    <b>1142</b>
-                                    <v>2722</v>
+                                    <a>804</a>
+                                    <b>1067</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>1517</a>
-                                    <b>2090</b>
-                                    <v>2722</v>
+                                    <a>1445</a>
+                                    <b>2015</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>3299</a>
-                                    <b>5949</b>
-                                    <v>2722</v>
+                                    <a>3084</a>
+                                    <b>5199</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>15053</a>
-                                    <b>41322</b>
-                                    <v>2722</v>
+                                    <a>12689</a>
+                                    <b>33844</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12512,57 +12558,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>5</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
-                                    <b>13</b>
-                                    <v>2722</v>
+                                    <a>11</a>
+                                    <b>15</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>14</a>
-                                    <b>28</b>
-                                    <v>2722</v>
+                                    <a>16</a>
+                                    <b>29</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>38</a>
+                                    <a>39</a>
                                     <b>63</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>98</a>
-                                    <b>138</b>
-                                    <v>2722</v>
+                                    <a>101</a>
+                                    <b>144</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>193</a>
-                                    <b>344</b>
-                                    <v>2722</v>
+                                    <a>210</a>
+                                    <b>386</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>556</a>
-                                    <b>966</b>
-                                    <v>2722</v>
+                                    <a>628</a>
+                                    <b>1069</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>1954</a>
-                                    <b>4172</b>
-                                    <v>2722</v>
+                                    <a>1955</a>
+                                    <b>3748</b>
+                                    <v>3841</v>
                                 </b>
                                 <b>
-                                    <a>10056</a>
-                                    <b>26381</b>
-                                    <v>2722</v>
+                                    <a>8555</a>
+                                    <b>21355</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12578,27 +12624,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>35759674</v>
+                                    <v>40633790</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>12394999</v>
+                                    <v>14389133</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>3606189</v>
+                                    <v>4060689</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>15</b>
-                                    <v>4258270</v>
+                                    <b>10</b>
+                                    <v>4992305</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>10</a>
                                     <b>23</b>
-                                    <v>232789</v>
+                                    <v>931615</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12614,17 +12660,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>39751122</v>
+                                    <v>45326442</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>12655015</v>
+                                    <v>14805959</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>23</b>
-                                    <v>3845785</v>
+                                    <v>4875132</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12640,27 +12686,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>35759674</v>
+                                    <v>40633790</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>12394999</v>
+                                    <v>14389133</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>3606189</v>
+                                    <v>4060689</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>15</b>
-                                    <v>4258270</v>
+                                    <b>10</b>
+                                    <v>4992305</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>10</a>
                                     <b>23</b>
-                                    <v>232789</v>
+                                    <v>931615</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12676,27 +12722,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>35759674</v>
+                                    <v>40633790</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>12394999</v>
+                                    <v>14389133</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>3606189</v>
+                                    <v>4060689</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>15</b>
-                                    <v>4258270</v>
+                                    <b>10</b>
+                                    <v>4992305</v>
                                 </b>
                                 <b>
-                                    <a>15</a>
+                                    <a>10</a>
                                     <b>23</b>
-                                    <v>232789</v>
+                                    <v>931615</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12712,12 +12758,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>56891752</v>
+                                    <v>68584168</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>349</b>
-                                    <v>4418909</v>
+                                    <b>286</b>
+                                    <v>5055693</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12733,12 +12779,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>59772347</v>
+                                    <v>71932220</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>349</b>
-                                    <v>1538314</v>
+                                    <b>286</b>
+                                    <v>1707641</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12754,7 +12800,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>61310661</v>
+                                    <v>73639861</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12770,12 +12816,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>56891752</v>
+                                    <v>68584168</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>349</b>
-                                    <v>4418909</v>
+                                    <b>286</b>
+                                    <v>5055693</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12785,15 +12831,15 @@
         </relation>
         <relation>
             <name>paramsKotlinType</name>
-            <cardinality>101015498</cardinality>
+            <cardinality>120852585</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>101015498</v>
+                    <v>120852585</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -12807,7 +12853,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101015498</v>
+                                    <v>120852585</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12821,9 +12867,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>74203</a>
-                                    <b>74204</b>
-                                    <v>1361</v>
+                                    <a>62916</a>
+                                    <b>62917</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12833,15 +12879,15 @@
         </relation>
         <relation>
             <name>paramName</name>
-            <cardinality>10331207</cardinality>
+            <cardinality>15639610</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>10331207</v>
+                    <v>15639610</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>1662195</v>
+                    <v>2335761</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -12855,7 +12901,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>10331207</v>
+                                    <v>15639610</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12871,37 +12917,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>717426</v>
+                                    <v>998845</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>328082</v>
+                                    <v>451401</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>174251</v>
+                                    <v>249711</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>129327</v>
+                                    <v>170956</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>9</b>
-                                    <v>137495</v>
+                                    <b>8</b>
+                                    <v>182481</v>
                                 </b>
                                 <b>
-                                    <a>9</a>
-                                    <b>25</b>
-                                    <v>130688</v>
+                                    <a>8</a>
+                                    <b>18</b>
+                                    <v>176718</v>
                                 </b>
                                 <b>
-                                    <a>25</a>
-                                    <b>517</b>
-                                    <v>44924</v>
+                                    <a>18</a>
+                                    <b>769</b>
+                                    <v>105647</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12911,30 +12957,30 @@
         </relation>
         <relation>
             <name>isVarargsParam</name>
-            <cardinality>1003307</cardinality>
+            <cardinality>945061</cardinality>
             <columnsizes>
                 <e>
                     <k>param</k>
-                    <v>1003307</v>
+                    <v>945061</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>exceptions</name>
-            <cardinality>1228169</cardinality>
+            <cardinality>1232644</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>1228169</v>
+                    <v>1232644</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>36993</v>
+                    <v>36990</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>982877</v>
+                    <v>987367</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -12948,7 +12994,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1228169</v>
+                                    <v>1232644</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12964,7 +13010,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1228169</v>
+                                    <v>1232644</v>
                                 </b>
                             </bs>
                         </hist>
@@ -12980,7 +13026,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>11951</v>
+                                    <v>11950</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -13010,17 +13056,17 @@
                                 <b>
                                     <a>20</a>
                                     <b>35</b>
-                                    <v>3414</v>
-                                </b>
-                                <b>
-                                    <a>49</a>
-                                    <b>107</b>
                                     <v>2845</v>
                                 </b>
                                 <b>
-                                    <a>187</a>
+                                    <a>41</a>
+                                    <b>93</b>
+                                    <v>2845</v>
+                                </b>
+                                <b>
+                                    <a>106</a>
                                     <b>813</b>
-                                    <v>1707</v>
+                                    <v>2276</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13036,7 +13082,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>11951</v>
+                                    <v>11950</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -13066,17 +13112,17 @@
                                 <b>
                                     <a>20</a>
                                     <b>35</b>
-                                    <v>3414</v>
-                                </b>
-                                <b>
-                                    <a>49</a>
-                                    <b>107</b>
                                     <v>2845</v>
                                 </b>
                                 <b>
-                                    <a>187</a>
+                                    <a>41</a>
+                                    <b>93</b>
+                                    <v>2845</v>
+                                </b>
+                                <b>
+                                    <a>106</a>
                                     <b>813</b>
-                                    <v>1707</v>
+                                    <v>2276</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13092,12 +13138,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>750674</v>
+                                    <v>755179</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>224234</v>
+                                    <v>224220</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -13118,12 +13164,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>750674</v>
+                                    <v>755179</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>224234</v>
+                                    <v>224220</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -13138,41 +13184,41 @@
         </relation>
         <relation>
             <name>isAnnotType</name>
-            <cardinality>30058</cardinality>
+            <cardinality>29260</cardinality>
             <columnsizes>
                 <e>
                     <k>interfaceid</k>
-                    <v>30058</v>
+                    <v>29260</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>isAnnotElem</name>
-            <cardinality>61062</cardinality>
+            <cardinality>61065</cardinality>
             <columnsizes>
                 <e>
                     <k>methodid</k>
-                    <v>61062</v>
+                    <v>61065</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>annotValue</name>
-            <cardinality>1574849</cardinality>
+            <cardinality>1574925</cardinality>
             <columnsizes>
                 <e>
                     <k>parentid</k>
-                    <v>568147</v>
+                    <v>568174</v>
                 </e>
                 <e>
                     <k>id2</k>
-                    <v>52102</v>
+                    <v>52104</v>
                 </e>
                 <e>
                     <k>value</k>
-                    <v>1574849</v>
+                    <v>1574925</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -13186,32 +13232,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>153486</v>
+                                    <v>153493</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>252712</v>
+                                    <v>252724</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>48949</v>
+                                    <v>48951</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>26548</v>
+                                    <v>26550</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>35177</v>
+                                    <v>35179</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>9</b>
-                                    <v>46626</v>
+                                    <v>46628</v>
                                 </b>
                                 <b>
                                     <a>9</a>
@@ -13232,37 +13278,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>138054</v>
+                                    <v>138061</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>268144</v>
+                                    <v>268157</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>47290</v>
+                                    <v>47292</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>26051</v>
+                                    <v>26052</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>39657</v>
+                                    <v>39659</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>10</b>
-                                    <v>44137</v>
+                                    <v>44139</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>13</b>
-                                    <v>4811</v>
+                                    <v>4812</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13278,22 +13324,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>17090</v>
+                                    <v>17091</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5143</v>
+                                    <v>5144</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>2654</v>
+                                    <v>2655</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>4811</v>
+                                    <v>4812</v>
                                 </b>
                                 <b>
                                     <a>6</a>
@@ -13339,7 +13385,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>15265</v>
+                                    <v>15266</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -13364,7 +13410,7 @@
                                 <b>
                                     <a>8</a>
                                     <b>10</b>
-                                    <v>4811</v>
+                                    <v>4812</v>
                                 </b>
                                 <b>
                                     <a>10</a>
@@ -13400,7 +13446,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1574849</v>
+                                    <v>1574925</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13416,7 +13462,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1574849</v>
+                                    <v>1574925</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13426,49 +13472,49 @@
         </relation>
         <relation>
             <name>isEnumType</name>
-            <cardinality>349864</cardinality>
+            <cardinality>397617</cardinality>
             <columnsizes>
                 <e>
                     <k>classid</k>
-                    <v>349864</v>
+                    <v>397617</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>isEnumConst</name>
-            <cardinality>321905</cardinality>
+            <cardinality>3081053</cardinality>
             <columnsizes>
                 <e>
                     <k>fieldid</k>
-                    <v>321905</v>
+                    <v>3081053</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>typeVars</name>
-            <cardinality>5105024</cardinality>
+            <cardinality>6288883</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>5105024</v>
+                    <v>6288883</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>70789</v>
+                    <v>86438</v>
                 </e>
                 <e>
                     <k>pos</k>
-                    <v>5445</v>
+                    <v>7683</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>3715096</v>
+                    <v>4444861</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -13482,7 +13528,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5105024</v>
+                                    <v>6288883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13498,7 +13544,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5105024</v>
+                                    <v>6288883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13514,7 +13560,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5105024</v>
+                                    <v>6288883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13530,7 +13576,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5105024</v>
+                                    <v>6288883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13546,47 +13592,47 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>20420</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>10890</v>
+                                    <v>11525</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>28</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
-                                    <a>37</a>
-                                    <b>71</b>
-                                    <v>5445</v>
+                                    <a>36</a>
+                                    <b>69</b>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>71</a>
-                                    <b>253</b>
-                                    <v>5445</v>
+                                    <b>412</b>
+                                    <v>7683</v>
                                 </b>
                                 <b>
-                                    <a>459</a>
-                                    <b>951</b>
-                                    <v>5445</v>
+                                    <a>603</a>
+                                    <b>710</b>
+                                    <v>5762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13602,22 +13648,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>44924</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>16336</v>
+                                    <v>23050</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>8168</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13633,7 +13679,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>70789</v>
+                                    <v>86438</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13649,47 +13695,47 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>20420</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>10890</v>
+                                    <v>11525</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>28</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                                 <b>
-                                    <a>37</a>
-                                    <b>71</b>
-                                    <v>5445</v>
+                                    <a>36</a>
+                                    <b>69</b>
+                                    <v>7683</v>
                                 </b>
                                 <b>
                                     <a>71</a>
-                                    <b>253</b>
-                                    <v>5445</v>
+                                    <b>412</b>
+                                    <v>7683</v>
                                 </b>
                                 <b>
-                                    <a>459</a>
-                                    <b>951</b>
-                                    <v>5445</v>
+                                    <a>603</a>
+                                    <b>710</b>
+                                    <v>5762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13705,22 +13751,22 @@
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>94</a>
-                                    <b>95</b>
-                                    <v>1361</v>
+                                    <a>89</a>
+                                    <b>90</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>921</a>
-                                    <b>922</b>
-                                    <v>1361</v>
+                                    <a>865</a>
+                                    <b>866</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>2729</a>
-                                    <b>2730</b>
-                                    <v>1361</v>
+                                    <a>2314</a>
+                                    <b>2315</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13736,22 +13782,22 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>13</a>
                                     <b>14</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>23</a>
-                                    <b>24</b>
-                                    <v>1361</v>
+                                    <a>21</a>
+                                    <b>22</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>41</a>
-                                    <b>42</b>
-                                    <v>1361</v>
+                                    <a>34</a>
+                                    <b>35</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13767,7 +13813,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13783,22 +13829,22 @@
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>94</a>
-                                    <b>95</b>
-                                    <v>1361</v>
+                                    <a>89</a>
+                                    <b>90</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>921</a>
-                                    <b>922</b>
-                                    <v>1361</v>
+                                    <a>865</a>
+                                    <b>866</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>2729</a>
-                                    <b>2730</b>
-                                    <v>1361</v>
+                                    <a>2314</a>
+                                    <b>2315</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13812,9 +13858,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>3750</a>
-                                    <b>3751</b>
-                                    <v>1361</v>
+                                    <a>3274</a>
+                                    <b>3275</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13828,9 +13874,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>52</a>
-                                    <b>53</b>
-                                    <v>1361</v>
+                                    <a>45</a>
+                                    <b>46</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13846,7 +13892,7 @@
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13860,9 +13906,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>2729</a>
-                                    <b>2730</b>
-                                    <v>1361</v>
+                                    <a>2314</a>
+                                    <b>2315</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13878,17 +13924,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2461302</v>
+                                    <v>2783320</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1125828</v>
+                                    <v>1490584</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>127965</v>
+                                    <v>170956</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13904,17 +13950,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2461302</v>
+                                    <v>2783320</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1125828</v>
+                                    <v>1490584</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>127965</v>
+                                    <v>170956</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13930,17 +13976,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2461302</v>
+                                    <v>2783320</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1125828</v>
+                                    <v>1490584</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>127965</v>
+                                    <v>170956</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13956,7 +14002,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3715096</v>
+                                    <v>4444861</v>
                                 </b>
                             </bs>
                         </hist>
@@ -13966,19 +14012,19 @@
         </relation>
         <relation>
             <name>wildcards</name>
-            <cardinality>3629331</cardinality>
+            <cardinality>3338447</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>3629331</v>
+                    <v>3338447</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>980164</v>
+                    <v>533998</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>2722</v>
+                    <v>3841</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -13992,7 +14038,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3629331</v>
+                                    <v>3338447</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14008,7 +14054,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3629331</v>
+                                    <v>3338447</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14024,17 +14070,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>789577</v>
+                                    <v>397617</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>119797</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>214</b>
-                                    <v>70789</v>
+                                    <b>7</b>
+                                    <v>44179</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>170</b>
+                                    <v>36496</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14050,7 +14101,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>980164</v>
+                                    <v>533998</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14064,14 +14115,14 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>1027</a>
-                                    <b>1028</b>
-                                    <v>1361</v>
+                                    <a>791</a>
+                                    <b>792</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>1639</a>
-                                    <b>1640</b>
-                                    <v>1361</v>
+                                    <a>947</a>
+                                    <b>948</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14085,14 +14136,14 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>222</a>
-                                    <b>223</b>
-                                    <v>1361</v>
+                                    <a>91</a>
+                                    <b>92</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>498</a>
-                                    <b>499</b>
-                                    <v>1361</v>
+                                    <a>187</a>
+                                    <b>188</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14102,23 +14153,23 @@
         </relation>
         <relation>
             <name>typeBounds</name>
-            <cardinality>4383514</cardinality>
+            <cardinality>4229725</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>4383514</v>
+                    <v>4229725</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>3184173</v>
+                    <v>2852471</v>
                 </e>
                 <e>
                     <k>pos</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>4383514</v>
+                    <v>4229725</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14132,7 +14183,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14148,7 +14199,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14164,7 +14215,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14180,17 +14231,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2506226</v>
+                                    <v>2091812</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>601712</v>
+                                    <v>695349</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>52</b>
-                                    <v>76235</v>
+                                    <v>65309</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14206,7 +14257,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3184173</v>
+                                    <v>2852471</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14222,17 +14273,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2506226</v>
+                                    <v>2091812</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>601712</v>
+                                    <v>695349</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>52</b>
-                                    <v>76235</v>
+                                    <v>65309</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14246,9 +14297,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>3220</a>
-                                    <b>3221</b>
-                                    <v>1361</v>
+                                    <a>2202</a>
+                                    <b>2203</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14262,9 +14313,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>2339</a>
-                                    <b>2340</b>
-                                    <v>1361</v>
+                                    <a>1485</a>
+                                    <b>1486</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14278,9 +14329,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>3220</a>
-                                    <b>3221</b>
-                                    <v>1361</v>
+                                    <a>2202</a>
+                                    <b>2203</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14296,7 +14347,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14312,7 +14363,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14328,7 +14379,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4383514</v>
+                                    <v>4229725</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14338,11 +14389,11 @@
         </relation>
         <relation>
             <name>typeArgs</name>
-            <cardinality>53913162</cardinality>
+            <cardinality>53854237</cardinality>
             <columnsizes>
                 <e>
                     <k>argumentid</k>
-                    <v>1429292</v>
+                    <v>1430551</v>
                 </e>
                 <e>
                     <k>pos</k>
@@ -14350,7 +14401,7 @@
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>22268245</v>
+                    <v>22244248</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14364,17 +14415,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>866127</v>
+                                    <v>865848</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>469332</v>
+                                    <v>470615</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>11</b>
-                                    <v>93832</v>
+                                    <v>94087</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14390,57 +14441,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>62430</v>
+                                    <v>64071</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>435425</v>
+                                    <v>433698</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>100353</v>
+                                    <v>100595</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>35320</v>
+                                    <v>35547</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>201035</v>
+                                    <v>201249</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>11</b>
-                                    <v>37958</v>
+                                    <v>39437</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>12</b>
-                                    <v>218221</v>
+                                    <v>218178</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>15</b>
-                                    <v>111144</v>
+                                    <v>111421</v>
                                 </b>
                                 <b>
                                     <a>15</a>
                                     <b>29</b>
-                                    <v>108553</v>
+                                    <v>108138</v>
                                 </b>
                                 <b>
                                     <a>29</a>
-                                    <b>324</b>
-                                    <v>107243</v>
+                                    <b>341</b>
+                                    <v>107450</v>
                                 </b>
                                 <b>
-                                    <a>324</a>
-                                    <b>762773</b>
-                                    <v>11606</v>
+                                    <a>341</a>
+                                    <b>757580</b>
+                                    <v>10762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14459,48 +14510,48 @@
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>598</a>
-                                    <b>599</b>
+                                    <a>597</a>
+                                    <b>598</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>889</a>
-                                    <b>890</b>
+                                    <a>887</a>
+                                    <b>888</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>1132</a>
-                                    <b>1133</b>
+                                    <a>1129</a>
+                                    <b>1130</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>1762</a>
-                                    <b>1763</b>
+                                    <a>1758</a>
+                                    <b>1759</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>3890</a>
-                                    <b>3891</b>
+                                    <a>3885</a>
+                                    <b>3886</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>4033</a>
-                                    <b>4034</b>
+                                    <a>4027</a>
+                                    <b>4028</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>51900</a>
-                                    <b>51901</b>
+                                    <a>51686</a>
+                                    <b>51687</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>143023</a>
-                                    <b>143024</b>
+                                    <a>142042</a>
+                                    <b>142043</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>161995</a>
-                                    <b>161996</b>
+                                    <a>161580</a>
+                                    <b>161581</b>
                                     <v>5</v>
                                 </b>
                             </bs>
@@ -14525,43 +14576,43 @@
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>3896</a>
-                                    <b>3897</b>
+                                    <a>3895</a>
+                                    <b>3896</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>8697</a>
-                                    <b>8698</b>
+                                    <a>8694</a>
+                                    <b>8695</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>19018</a>
-                                    <b>19019</b>
+                                    <a>19012</a>
+                                    <b>19013</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>85642</a>
-                                    <b>85643</b>
+                                    <a>85622</a>
+                                    <b>85623</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>103285</a>
-                                    <b>103286</b>
+                                    <a>103257</a>
+                                    <b>103258</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>1458897</a>
-                                    <b>1458898</b>
+                                    <a>1447294</a>
+                                    <b>1447295</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>3827033</a>
-                                    <b>3827034</b>
+                                    <a>3800219</a>
+                                    <b>3800220</b>
                                     <v>5</v>
                                 </b>
                                 <b>
-                                    <a>3875440</a>
-                                    <b>3875441</b>
+                                    <a>3848466</a>
+                                    <b>3848467</b>
                                     <v>5</v>
                                 </b>
                             </bs>
@@ -14578,22 +14629,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>295332</v>
+                                    <v>296162</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>13673753</v>
+                                    <v>13666793</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>7771091</v>
+                                    <v>7750153</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>11</b>
-                                    <v>528068</v>
+                                    <v>531138</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14609,22 +14660,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>278146</v>
+                                    <v>278869</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>13607289</v>
+                                    <v>13599976</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>7789335</v>
+                                    <v>7768574</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>11</b>
-                                    <v>593474</v>
+                                    <v>596828</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14634,37 +14685,37 @@
         </relation>
         <relation>
             <name>isParameterized</name>
-            <cardinality>25111274</cardinality>
+            <cardinality>27045654</cardinality>
             <columnsizes>
                 <e>
                     <k>memberid</k>
-                    <v>25111274</v>
+                    <v>27045654</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>isRaw</name>
-            <cardinality>641191</cardinality>
+            <cardinality>731846</cardinality>
             <columnsizes>
                 <e>
                     <k>memberid</k>
-                    <v>641191</v>
+                    <v>731846</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>erasure</name>
-            <cardinality>25752465</cardinality>
+            <cardinality>27777500</cardinality>
             <columnsizes>
                 <e>
                     <k>memberid</k>
-                    <v>25752465</v>
+                    <v>27777500</v>
                 </e>
                 <e>
                     <k>erasureid</k>
-                    <v>865812</v>
+                    <v>954665</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14678,7 +14729,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>25752465</v>
+                                    <v>27777500</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14694,57 +14745,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>144302</v>
+                                    <v>142143</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>133411</v>
+                                    <v>138301</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>88487</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>54453</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>50369</v>
+                                    <v>65309</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>63982</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>8</a>
-                                    <b>11</b>
-                                    <v>78957</v>
+                                    <b>10</b>
+                                    <v>61467</v>
                                 </b>
                                 <b>
-                                    <a>11</a>
-                                    <b>19</b>
-                                    <v>70789</v>
+                                    <a>10</a>
+                                    <b>15</b>
+                                    <v>72992</v>
                                 </b>
                                 <b>
-                                    <a>19</a>
-                                    <b>33</b>
-                                    <v>70789</v>
+                                    <a>15</a>
+                                    <b>22</b>
+                                    <v>76834</v>
                                 </b>
                                 <b>
-                                    <a>33</a>
-                                    <b>93</b>
-                                    <v>65344</v>
+                                    <a>22</a>
+                                    <b>44</b>
+                                    <v>74913</v>
                                 </b>
                                 <b>
-                                    <a>97</a>
-                                    <b>1848</b>
-                                    <v>44924</v>
+                                    <a>46</a>
+                                    <b>124</b>
+                                    <v>72992</v>
+                                </b>
+                                <b>
+                                    <a>169</a>
+                                    <b>1564</b>
+                                    <v>36496</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14754,15 +14810,15 @@
         </relation>
         <relation>
             <name>isAnonymClass</name>
-            <cardinality>192667</cardinality>
+            <cardinality>174213</cardinality>
             <columnsizes>
                 <e>
                     <k>classid</k>
-                    <v>192667</v>
+                    <v>174213</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>192667</v>
+                    <v>174213</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14776,7 +14832,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>192667</v>
+                                    <v>174213</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14792,7 +14848,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>192667</v>
+                                    <v>174213</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14802,15 +14858,15 @@
         </relation>
         <relation>
             <name>isLocalClassOrInterface</name>
-            <cardinality>4057</cardinality>
+            <cardinality>3841</cardinality>
             <columnsizes>
                 <e>
                     <k>typeid</k>
-                    <v>4057</v>
+                    <v>3841</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>4057</v>
+                    <v>3841</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14824,7 +14880,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4057</v>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14840,7 +14896,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4057</v>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14850,26 +14906,26 @@
         </relation>
         <relation>
             <name>isDefConstr</name>
-            <cardinality>139100</cardinality>
+            <cardinality>139383</cardinality>
             <columnsizes>
                 <e>
                     <k>constructorid</k>
-                    <v>139100</v>
+                    <v>139383</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>lambdaKind</name>
-            <cardinality>183936</cardinality>
+            <cardinality>167982</cardinality>
             <columnsizes>
                 <e>
                     <k>exprId</k>
-                    <v>183936</v>
+                    <v>167982</v>
                 </e>
                 <e>
                     <k>bodyKind</k>
-                    <v>15</v>
+                    <v>13</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14883,7 +14939,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>183936</v>
+                                    <v>167982</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14897,9 +14953,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>11651</a>
-                                    <b>11652</b>
-                                    <v>15</v>
+                                    <a>12267</a>
+                                    <b>12268</b>
+                                    <v>13</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14909,27 +14965,27 @@
         </relation>
         <relation>
             <name>arrays</name>
-            <cardinality>1116298</cardinality>
+            <cardinality>1375332</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>1116298</v>
+                    <v>1375332</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>687476</v>
+                    <v>831730</v>
                 </e>
                 <e>
                     <k>elementtypeid</k>
-                    <v>1109491</v>
+                    <v>1365728</v>
                 </e>
                 <e>
                     <k>dimension</k>
-                    <v>2722</v>
+                    <v>3841</v>
                 </e>
                 <e>
                     <k>componenttypeid</k>
-                    <v>1116298</v>
+                    <v>1375332</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -14943,7 +14999,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14959,7 +15015,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14975,7 +15031,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -14991,7 +15047,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15007,17 +15063,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>562233</v>
+                                    <v>664616</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>99377</v>
+                                    <v>140222</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>95</b>
-                                    <v>25865</v>
+                                    <b>87</b>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15033,17 +15089,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>562233</v>
+                                    <v>664616</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>99377</v>
+                                    <v>140222</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>95</b>
-                                    <v>25865</v>
+                                    <b>87</b>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15059,7 +15115,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>687476</v>
+                                    <v>831730</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15075,17 +15131,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>562233</v>
+                                    <v>664616</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>99377</v>
+                                    <v>140222</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>95</b>
-                                    <v>25865</v>
+                                    <b>87</b>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15101,12 +15157,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1102685</v>
+                                    <v>1356124</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15122,12 +15178,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1102685</v>
+                                    <v>1356124</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15143,12 +15199,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1102685</v>
+                                    <v>1356124</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15164,12 +15220,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1102685</v>
+                                    <v>1356124</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15185,12 +15241,12 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>815</a>
-                                    <b>816</b>
-                                    <v>1361</v>
+                                    <a>711</a>
+                                    <b>712</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15206,12 +15262,12 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>500</a>
-                                    <b>501</b>
-                                    <v>1361</v>
+                                    <a>428</a>
+                                    <b>429</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15227,12 +15283,12 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>815</a>
-                                    <b>816</b>
-                                    <v>1361</v>
+                                    <a>711</a>
+                                    <b>712</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15248,12 +15304,12 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>815</a>
-                                    <b>816</b>
-                                    <v>1361</v>
+                                    <a>711</a>
+                                    <b>712</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15269,7 +15325,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15285,7 +15341,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15301,7 +15357,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15317,7 +15373,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1116298</v>
+                                    <v>1375332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15327,15 +15383,15 @@
         </relation>
         <relation>
             <name>enclInReftype</name>
-            <cardinality>3410156</cardinality>
+            <cardinality>4051085</cardinality>
             <columnsizes>
                 <e>
                     <k>child</k>
-                    <v>3410156</v>
+                    <v>4051085</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>929795</v>
+                    <v>1125621</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -15349,7 +15405,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3410156</v>
+                                    <v>4051085</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15365,32 +15421,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>551342</v>
+                                    <v>666537</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>148386</v>
+                                    <v>176718</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>70789</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>4</a>
-                                    <b>7</b>
-                                    <v>81680</v>
+                                    <b>6</b>
+                                    <v>82596</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>51</b>
-                                    <v>70789</v>
+                                    <a>6</a>
+                                    <b>17</b>
+                                    <v>84517</v>
                                 </b>
                                 <b>
-                                    <a>54</a>
-                                    <b>279</b>
-                                    <v>6806</v>
+                                    <a>17</a>
+                                    <b>265</b>
+                                    <v>28812</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15400,15 +15456,15 @@
         </relation>
         <relation>
             <name>extendsReftype</name>
-            <cardinality>47868792</cardinality>
+            <cardinality>34389087</cardinality>
             <columnsizes>
                 <e>
                     <k>id1</k>
-                    <v>34023966</v>
+                    <v>33104034</v>
                 </e>
                 <e>
                     <k>id2</k>
-                    <v>14017716</v>
+                    <v>13251986</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -15422,22 +15478,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>26145892</v>
+                                    <v>32118635</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>3141972</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>3633415</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
                                     <b>10</b>
-                                    <v>1102685</v>
+                                    <v>985399</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15453,17 +15499,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>11930782</v>
+                                    <v>12030322</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>1425322</v>
+                                    <b>5</b>
+                                    <v>1023816</v>
                                 </b>
                                 <b>
-                                    <a>3</a>
-                                    <b>12285</b>
-                                    <v>661611</v>
+                                    <a>5</a>
+                                    <b>8715</b>
+                                    <v>197848</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15473,15 +15519,15 @@
         </relation>
         <relation>
             <name>implInterface</name>
-            <cardinality>3048147</cardinality>
+            <cardinality>14423708</cardinality>
             <columnsizes>
                 <e>
                     <k>id1</k>
-                    <v>756277</v>
+                    <v>8255839</v>
                 </e>
                 <e>
                     <k>id2</k>
-                    <v>2271707</v>
+                    <v>4487119</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -15495,37 +15541,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>209615</v>
+                                    <v>4223962</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>50204</v>
+                                    <v>2829421</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>67386</v>
+                                    <v>276603</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>61962</v>
+                                    <v>920090</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>6</b>
-                                    <v>19294</v>
-                                </b>
-                                <b>
-                                    <a>6</a>
                                     <b>7</b>
-                                    <v>305429</v>
-                                </b>
-                                <b>
-                                    <a>7</a>
-                                    <b>10</b>
-                                    <v>42384</v>
+                                    <v>5762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15541,12 +15577,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2196440</v>
+                                    <v>4003064</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>63781</b>
-                                    <v>75267</v>
+                                    <b>4</b>
+                                    <v>366883</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>2275</b>
+                                    <v>117172</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15556,15 +15597,15 @@
         </relation>
         <relation>
             <name>permits</name>
-            <cardinality>177</cardinality>
+            <cardinality>129</cardinality>
             <columnsizes>
                 <e>
                     <k>id1</k>
-                    <v>43</v>
+                    <v>31</v>
                 </e>
                 <e>
                     <k>id2</k>
-                    <v>177</v>
+                    <v>129</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -15578,17 +15619,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1</v>
+                                    <v>2</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>13</v>
+                                    <v>8</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>9</v>
+                                    <v>6</v>
                                 </b>
                                 <b>
                                     <a>4</a>
@@ -15598,25 +15639,20 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>5</v>
+                                    <v>2</v>
                                 </b>
                                 <b>
                                     <a>6</a>
-                                    <b>7</b>
-                                    <v>4</v>
-                                </b>
-                                <b>
-                                    <a>7</a>
                                     <b>8</b>
                                     <v>2</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>9</b>
-                                    <v>1</v>
+                                    <v>2</v>
                                 </b>
                                 <b>
-                                    <a>10</a>
+                                    <a>9</a>
                                     <b>11</b>
                                     <v>2</v>
                                 </b>
@@ -15634,7 +15670,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>177</v>
+                                    <v>129</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15644,15 +15680,15 @@
         </relation>
         <relation>
             <name>hasModifier</name>
-            <cardinality>249133355</cardinality>
+            <cardinality>270713939</cardinality>
             <columnsizes>
                 <e>
                     <k>id1</k>
-                    <v>166385675</v>
+                    <v>180180147</v>
                 </e>
                 <e>
                     <k>id2</k>
-                    <v>13613</v>
+                    <v>26891</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -15666,17 +15702,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>84119910</v>
+                                    <v>90230296</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>81783851</v>
+                                    <v>89365911</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>481914</v>
+                                    <v>583940</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15690,54 +15726,74 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>31</a>
-                                    <b>32</b>
-                                    <v>1361</v>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>14</a>
+                                    <b>15</b>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>20</a>
+                                    <b>21</b>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>21</a>
+                                    <b>22</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>34</a>
                                     <b>35</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>50</a>
+                                    <b>51</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>109</a>
                                     <b>110</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>267</a>
-                                    <b>268</b>
-                                    <v>1361</v>
+                                    <a>219</a>
+                                    <b>220</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>500</a>
-                                    <b>501</b>
-                                    <v>1361</v>
+                                    <a>3864</a>
+                                    <b>3865</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>8143</a>
-                                    <b>8144</b>
-                                    <v>1361</v>
+                                    <a>7193</a>
+                                    <b>7194</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>18034</a>
-                                    <b>18035</b>
-                                    <v>1361</v>
+                                    <a>9195</a>
+                                    <b>9196</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>18282</a>
-                                    <b>18283</b>
-                                    <v>1361</v>
+                                    <a>14706</a>
+                                    <b>14707</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>20694</a>
-                                    <b>20695</b>
-                                    <v>1361</v>
+                                    <a>18810</a>
+                                    <b>18811</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>116912</a>
-                                    <b>116913</b>
-                                    <v>1361</v>
+                                    <a>86695</a>
+                                    <b>86696</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15747,15 +15803,15 @@
         </relation>
         <relation>
             <name>imports</name>
-            <cardinality>368532</cardinality>
+            <cardinality>368550</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>368532</v>
+                    <v>368550</v>
                 </e>
                 <e>
                     <k>holder</k>
-                    <v>58075</v>
+                    <v>58078</v>
                 </e>
                 <e>
                     <k>name</k>
@@ -15777,7 +15833,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>368532</v>
+                                    <v>368550</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15793,7 +15849,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>368532</v>
+                                    <v>368550</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15809,7 +15865,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>368532</v>
+                                    <v>368550</v>
                                 </b>
                             </bs>
                         </hist>
@@ -15825,7 +15881,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>28374</v>
+                                    <v>28375</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -15871,7 +15927,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>54591</v>
+                                    <v>54593</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -15892,7 +15948,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>55089</v>
+                                    <v>55091</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -15954,7 +16010,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7300</v>
+                                    <v>7301</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -16078,27 +16134,27 @@
         </relation>
         <relation>
             <name>stmts</name>
-            <cardinality>2530730</cardinality>
+            <cardinality>2441387</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2530730</v>
+                    <v>2441387</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>13613</v>
+                    <v>9674</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>1783355</v>
+                    <v>1353860</v>
                 </e>
                 <e>
                     <k>idx</k>
-                    <v>216453</v>
+                    <v>15934</v>
                 </e>
                 <e>
                     <k>bodydecl</k>
-                    <v>703812</v>
+                    <v>367630</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -16112,7 +16168,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2530730</v>
+                                    <v>2441387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16128,7 +16184,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2530730</v>
+                                    <v>2441387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16144,7 +16200,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2530730</v>
+                                    <v>2441387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16160,7 +16216,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2530730</v>
+                                    <v>2441387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16169,57 +16225,6 @@
                 <dep>
                     <src>kind</src>
                     <trg>id</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>4084</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>72</a>
-                                    <b>73</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>96</a>
-                                    <b>97</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>162</a>
-                                    <b>163</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>373</a>
-                                    <b>374</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>525</a>
-                                    <b>526</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>621</a>
-                                    <b>622</b>
-                                    <v>1361</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>kind</src>
-                    <trg>parent</trg>
                     <val>
                         <hist>
                             <budget>12</budget>
@@ -16227,88 +16232,224 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>2722</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>53</a>
-                                    <b>54</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>72</a>
-                                    <b>73</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>98</a>
-                                    <b>99</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>233</a>
-                                    <b>234</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>373</a>
-                                    <b>374</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>621</a>
-                                    <b>622</b>
-                                    <v>1361</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>kind</src>
-                    <trg>idx</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>5445</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>1361</v>
-                                </b>
-                                <b>
-                                    <a>5</a>
-                                    <b>6</b>
-                                    <v>1361</v>
+                                    <v>1707</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>1361</v>
+                                    <v>569</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>2722</v>
+                                    <v>569</v>
                                 </b>
                                 <b>
-                                    <a>158</a>
-                                    <b>159</b>
-                                    <v>1361</v>
+                                    <a>17</a>
+                                    <b>18</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>20</a>
+                                    <b>21</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>23</a>
+                                    <b>24</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>33</a>
+                                    <b>34</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>83</a>
+                                    <b>84</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>91</a>
+                                    <b>92</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>97</a>
+                                    <b>98</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>265</a>
+                                    <b>266</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>312</a>
+                                    <b>313</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>560</a>
+                                    <b>561</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>1243</a>
+                                    <b>1244</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>1530</a>
+                                    <b>1531</b>
+                                    <v>569</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>kind</src>
+                    <trg>parent</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>2276</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>8</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>12</a>
+                                    <b>13</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>17</a>
+                                    <b>18</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>21</a>
+                                    <b>22</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>33</a>
+                                    <b>34</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>71</a>
+                                    <b>72</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>81</a>
+                                    <b>82</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>91</a>
+                                    <b>92</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>246</a>
+                                    <b>247</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>265</a>
+                                    <b>266</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>271</a>
+                                    <b>272</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>716</a>
+                                    <b>717</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>1192</a>
+                                    <b>1193</b>
+                                    <v>569</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>kind</src>
+                    <trg>idx</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>2276</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>7</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>8</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>8</a>
+                                    <b>9</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>11</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>13</a>
+                                    <b>14</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>17</a>
+                                    <b>18</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>21</a>
+                                    <b>22</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>26</a>
+                                    <b>27</b>
+                                    <v>569</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16324,42 +16465,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>2276</v>
                                 </b>
                                 <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>4084</v>
+                                    <a>7</a>
+                                    <b>8</b>
+                                    <v>1138</v>
                                 </b>
                                 <b>
-                                    <a>25</a>
-                                    <b>26</b>
-                                    <v>1361</v>
+                                    <a>17</a>
+                                    <b>18</b>
+                                    <v>569</v>
                                 </b>
                                 <b>
-                                    <a>71</a>
-                                    <b>72</b>
-                                    <v>1361</v>
+                                    <a>20</a>
+                                    <b>21</b>
+                                    <v>569</v>
                                 </b>
                                 <b>
-                                    <a>72</a>
-                                    <b>73</b>
-                                    <v>1361</v>
+                                    <a>21</a>
+                                    <b>22</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>53</a>
+                                    <b>54</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>54</a>
+                                    <b>55</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>91</a>
+                                    <b>92</b>
+                                    <v>569</v>
                                 </b>
                                 <b>
                                     <a>119</a>
                                     <b>120</b>
-                                    <v>1361</v>
+                                    <v>569</v>
                                 </b>
                                 <b>
-                                    <a>371</a>
-                                    <b>372</b>
-                                    <v>1361</v>
+                                    <a>179</a>
+                                    <b>180</b>
+                                    <v>569</v>
                                 </b>
                                 <b>
-                                    <a>517</a>
-                                    <b>518</b>
-                                    <v>1361</v>
+                                    <a>211</a>
+                                    <b>212</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>431</a>
+                                    <b>432</b>
+                                    <v>569</v>
+                                </b>
+                                <b>
+                                    <a>646</a>
+                                    <b>647</b>
+                                    <v>569</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16375,17 +16541,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1501557</v>
+                                    <v>989074</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>198755</v>
+                                    <v>191782</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>159</b>
-                                    <v>83041</v>
+                                    <b>6</b>
+                                    <v>107557</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>27</b>
+                                    <v>65445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16401,17 +16572,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1587322</v>
+                                    <v>1081267</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>189226</v>
+                                    <v>194058</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>4</b>
-                                    <v>6806</v>
+                                    <b>6</b>
+                                    <v>78534</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16427,17 +16598,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1501557</v>
+                                    <v>989074</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>198755</v>
+                                    <v>191782</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>159</b>
-                                    <v>83041</v>
+                                    <b>6</b>
+                                    <v>107557</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>27</b>
+                                    <v>65445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16453,7 +16629,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1783355</v>
+                                    <v>1353860</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16466,25 +16642,70 @@
                         <hist>
                             <budget>12</budget>
                             <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>160638</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>34033</v>
-                                </b>
                                 <b>
                                     <a>3</a>
-                                    <b>24</b>
-                                    <v>16336</v>
+                                    <b>5</b>
+                                    <v>1138</v>
                                 </b>
                                 <b>
-                                    <a>34</a>
-                                    <b>1213</b>
-                                    <v>5445</v>
+                                    <a>5</a>
+                                    <b>6</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>7</b>
+                                    <v>2276</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>15</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>15</a>
+                                    <b>16</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>17</a>
+                                    <b>20</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>24</a>
+                                    <b>32</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>40</a>
+                                    <b>43</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>55</a>
+                                    <b>72</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>83</a>
+                                    <b>94</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>115</a>
+                                    <b>160</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>204</a>
+                                    <b>386</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>939</a>
+                                    <b>1919</b>
+                                    <v>1138</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16500,157 +16721,332 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>204200</v>
-                                </b>
-                                <b>
-                                    <a>2</a>
-                                    <b>9</b>
-                                    <v>12252</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>idx</src>
-                    <trg>parent</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>160638</v>
+                                    <v>2276</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>34033</v>
+                                    <v>3983</v>
                                 </b>
                                 <b>
                                     <a>3</a>
-                                    <b>24</b>
-                                    <v>16336</v>
+                                    <b>5</b>
+                                    <v>1138</v>
                                 </b>
                                 <b>
-                                    <a>34</a>
-                                    <b>1213</b>
-                                    <v>5445</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>idx</src>
-                    <trg>bodydecl</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>1</a>
-                                    <b>2</b>
-                                    <v>160638</v>
+                                    <a>5</a>
+                                    <b>6</b>
+                                    <v>2276</v>
                                 </b>
                                 <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>34033</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>19</b>
-                                    <v>16336</v>
-                                </b>
-                                <b>
-                                    <a>29</a>
-                                    <b>518</b>
-                                    <v>5445</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>bodydecl</src>
-                    <trg>id</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>544535</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>58537</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
+                                    <a>6</a>
                                     <b>7</b>
-                                    <v>53092</v>
+                                    <v>2276</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>162</b>
-                                    <v>47646</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>bodydecl</src>
-                    <trg>kind</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>575846</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>4</b>
-                                    <v>81680</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>7</b>
-                                    <v>46285</v>
-                                </b>
-                            </bs>
-                        </hist>
-                    </val>
-                </dep>
-                <dep>
-                    <src>bodydecl</src>
-                    <trg>parent</trg>
-                    <val>
-                        <hist>
-                            <budget>12</budget>
-                            <bs>
-                                <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>630300</v>
-                                </b>
-                                <b>
-                                    <a>3</a>
-                                    <b>8</b>
-                                    <v>57176</v>
+                                    <b>9</b>
+                                    <v>1138</v>
                                 </b>
                                 <b>
                                     <a>9</a>
-                                    <b>47</b>
-                                    <v>16336</v>
+                                    <b>10</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>12</a>
+                                    <b>14</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>16</a>
+                                    <b>17</b>
+                                    <v>569</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>idx</src>
+                    <trg>parent</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>3</a>
+                                    <b>5</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>6</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>7</b>
+                                    <v>2276</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>15</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>15</a>
+                                    <b>16</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>17</a>
+                                    <b>20</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>24</a>
+                                    <b>32</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>40</a>
+                                    <b>43</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>55</a>
+                                    <b>72</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>83</a>
+                                    <b>94</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>115</a>
+                                    <b>160</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>204</a>
+                                    <b>386</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>939</a>
+                                    <b>1919</b>
+                                    <v>1138</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>idx</src>
+                    <trg>bodydecl</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>3</a>
+                                    <b>5</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>6</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>6</a>
+                                    <b>7</b>
+                                    <v>2276</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>15</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>15</a>
+                                    <b>16</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>17</a>
+                                    <b>20</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>24</a>
+                                    <b>32</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>40</a>
+                                    <b>43</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>54</a>
+                                    <b>56</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>68</a>
+                                    <b>87</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>104</a>
+                                    <b>138</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>167</a>
+                                    <b>226</b>
+                                    <v>1138</v>
+                                </b>
+                                <b>
+                                    <a>337</a>
+                                    <b>647</b>
+                                    <v>1138</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>bodydecl</src>
+                    <trg>id</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>17641</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>157637</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>38128</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>33576</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>7</b>
+                                    <v>24470</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>10</b>
+                                    <v>29023</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>16</b>
+                                    <v>30730</v>
+                                </b>
+                                <b>
+                                    <a>16</a>
+                                    <b>34</b>
+                                    <v>27885</v>
+                                </b>
+                                <b>
+                                    <a>34</a>
+                                    <b>131</b>
+                                    <v>8536</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>bodydecl</src>
+                    <trg>kind</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>17641</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>193489</v>
+                                </b>
+                                <b>
+                                    <a>3</a>
+                                    <b>4</b>
+                                    <v>77965</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>29592</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>7</b>
+                                    <v>33007</v>
+                                </b>
+                                <b>
+                                    <a>7</a>
+                                    <b>11</b>
+                                    <v>15934</v>
+                                </b>
+                            </bs>
+                        </hist>
+                    </val>
+                </dep>
+                <dep>
+                    <src>bodydecl</src>
+                    <trg>parent</trg>
+                    <val>
+                        <hist>
+                            <budget>12</budget>
+                            <bs>
+                                <b>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>17641</v>
+                                </b>
+                                <b>
+                                    <a>2</a>
+                                    <b>3</b>
+                                    <v>261780</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>33576</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
+                                    <b>10</b>
+                                    <v>31299</v>
+                                </b>
+                                <b>
+                                    <a>10</a>
+                                    <b>88</b>
+                                    <v>23332</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16666,22 +17062,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>544535</v>
+                                    <v>175279</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>92571</v>
+                                    <v>63737</v>
                                 </b>
                                 <b>
                                     <a>3</a>
+                                    <b>4</b>
+                                    <v>27885</v>
+                                </b>
+                                <b>
+                                    <a>4</a>
+                                    <b>5</b>
+                                    <v>18210</v>
+                                </b>
+                                <b>
+                                    <a>5</a>
                                     <b>7</b>
-                                    <v>54453</v>
+                                    <v>30161</v>
                                 </b>
                                 <b>
                                     <a>7</a>
-                                    <b>159</b>
-                                    <v>12252</v>
+                                    <b>11</b>
+                                    <v>29592</v>
+                                </b>
+                                <b>
+                                    <a>11</a>
+                                    <b>28</b>
+                                    <v>22763</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16691,11 +17102,11 @@
         </relation>
         <relation>
             <name>exprs</name>
-            <cardinality>7411134</cardinality>
+            <cardinality>7410663</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7411134</v>
+                    <v>7410663</v>
                 </e>
                 <e>
                     <k>kind</k>
@@ -16703,11 +17114,11 @@
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>115983</v>
+                    <v>115976</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>5075960</v>
+                    <v>5075638</v>
                 </e>
                 <e>
                     <k>idx</k>
@@ -16725,7 +17136,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7411134</v>
+                                    <v>7410663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16741,7 +17152,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7411134</v>
+                                    <v>7410663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16757,7 +17168,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7411134</v>
+                                    <v>7410663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -16773,7 +17184,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7411134</v>
+                                    <v>7410663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17028,7 +17439,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>48884</v>
+                                    <v>48881</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -17038,7 +17449,7 @@
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>10698</v>
+                                    <v>10697</v>
                                 </b>
                                 <b>
                                     <a>6</a>
@@ -17048,12 +17459,12 @@
                                 <b>
                                     <a>10</a>
                                     <b>17</b>
-                                    <v>9272</v>
+                                    <v>9271</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>32</b>
-                                    <v>8723</v>
+                                    <v>8722</v>
                                 </b>
                                 <b>
                                     <a>32</a>
@@ -17079,32 +17490,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>57854</v>
+                                    <v>57851</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>18544</v>
+                                    <v>18543</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>8915</v>
+                                    <v>8914</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>14456</v>
+                                    <v>14455</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>9738</v>
+                                    <v>9737</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>32</b>
-                                    <v>6474</v>
+                                    <v>6473</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17120,12 +17531,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>49048</v>
+                                    <v>49045</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>13414</v>
+                                    <v>13413</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -17135,7 +17546,7 @@
                                 <b>
                                     <a>5</a>
                                     <b>8</b>
-                                    <v>8531</v>
+                                    <v>8530</v>
                                 </b>
                                 <b>
                                     <a>8</a>
@@ -17155,7 +17566,7 @@
                                 <b>
                                     <a>57</a>
                                     <b>851</b>
-                                    <v>8723</v>
+                                    <v>8722</v>
                                 </b>
                                 <b>
                                     <a>890</a>
@@ -17176,22 +17587,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58677</v>
+                                    <v>58673</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>18379</v>
+                                    <v>18378</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>14731</v>
+                                    <v>14730</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>19120</v>
+                                    <v>19119</v>
                                 </b>
                                 <b>
                                     <a>5</a>
@@ -17212,17 +17623,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3222415</v>
+                                    <v>3222211</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1522711</v>
+                                    <v>1522614</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>48</b>
-                                    <v>330833</v>
+                                    <v>330812</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17238,17 +17649,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3525515</v>
+                                    <v>3525291</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1385549</v>
+                                    <v>1385461</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>8</b>
-                                    <v>164895</v>
+                                    <v>164884</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17264,17 +17675,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4085819</v>
+                                    <v>4085559</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>832130</v>
+                                    <v>832078</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>10</b>
-                                    <v>158009</v>
+                                    <v>157999</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17290,17 +17701,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>3222415</v>
+                                    <v>3222211</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1522711</v>
+                                    <v>1522614</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>48</b>
-                                    <v>330833</v>
+                                    <v>330812</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17554,15 +17965,15 @@
         </relation>
         <relation>
             <name>exprsKotlinType</name>
-            <cardinality>7411134</cardinality>
+            <cardinality>7410663</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7411134</v>
+                    <v>7410663</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>12363</v>
+                    <v>10930</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -17576,7 +17987,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7411134</v>
+                                    <v>7410663</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17592,17 +18003,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9272</v>
+                                    <v>8197</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                                 <b>
-                                    <a>7180</a>
-                                    <b>7181</b>
-                                    <v>1030</v>
+                                    <a>8123</a>
+                                    <b>8124</b>
+                                    <v>910</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17612,15 +18023,15 @@
         </relation>
         <relation>
             <name>callableEnclosingExpr</name>
-            <cardinality>7299509</cardinality>
+            <cardinality>7299071</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7299509</v>
+                    <v>7299071</v>
                 </e>
                 <e>
                     <k>callable_id</k>
-                    <v>19878</v>
+                    <v>19877</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -17634,7 +18045,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7299509</v>
+                                    <v>7299071</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17705,7 +18116,7 @@
                                 <b>
                                     <a>73</a>
                                     <b>177</b>
-                                    <v>1496</v>
+                                    <v>1495</v>
                                 </b>
                                 <b>
                                     <a>179</a>
@@ -17725,15 +18136,15 @@
         </relation>
         <relation>
             <name>statementEnclosingExpr</name>
-            <cardinality>7259150</cardinality>
+            <cardinality>7258714</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7259150</v>
+                    <v>7258714</v>
                 </e>
                 <e>
                     <k>statement_id</k>
-                    <v>525810</v>
+                    <v>525778</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -17747,7 +18158,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7259150</v>
+                                    <v>7258714</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17763,57 +18174,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>3</b>
-                                    <v>29127</v>
+                                    <v>29126</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>47080</v>
+                                    <v>47077</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>48477</v>
+                                    <v>48474</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>36044</v>
+                                    <v>36042</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>9</b>
-                                    <v>38147</v>
+                                    <v>38145</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>10</b>
-                                    <v>50450</v>
+                                    <v>50447</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>11</b>
-                                    <v>29214</v>
+                                    <v>29212</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>12</b>
-                                    <v>127057</v>
+                                    <v>127049</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>35</b>
-                                    <v>35324</v>
+                                    <v>35322</v>
                                 </b>
                                 <b>
                                     <a>35</a>
                                     <b>40</b>
-                                    <v>44626</v>
+                                    <v>44623</v>
                                 </b>
                                 <b>
                                     <a>40</a>
                                     <b>81</b>
-                                    <v>40224</v>
+                                    <v>40222</v>
                                 </b>
                                 <b>
                                     <a>82</a>
@@ -17828,11 +18239,11 @@
         </relation>
         <relation>
             <name>isParenthesized</name>
-            <cardinality>94658</cardinality>
+            <cardinality>94652</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>94658</v>
+                    <v>94652</v>
                 </e>
                 <e>
                     <k>parentheses</k>
@@ -17850,7 +18261,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>94658</v>
+                                    <v>94652</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17881,37 +18292,37 @@
         </relation>
         <relation>
             <name>when_if</name>
-            <cardinality>83383</cardinality>
+            <cardinality>74334</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>83383</v>
+                    <v>74334</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>when_branch_else</name>
-            <cardinality>79912</cardinality>
+            <cardinality>76075</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>79912</v>
+                    <v>76075</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>callableBinding</name>
-            <cardinality>1832402</cardinality>
+            <cardinality>1832520</cardinality>
             <columnsizes>
                 <e>
                     <k>callerid</k>
-                    <v>1832402</v>
+                    <v>1832520</v>
                 </e>
                 <e>
                     <k>callee</k>
-                    <v>263395</v>
+                    <v>264311</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -17925,7 +18336,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1832402</v>
+                                    <v>1832520</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17941,32 +18352,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>162234</v>
+                                    <v>162993</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>33023</v>
+                                    <v>33137</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>16214</v>
+                                    <v>16271</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>22259</v>
+                                    <v>22271</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>20</b>
-                                    <v>19911</v>
+                                    <v>19902</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>46115</b>
-                                    <v>9751</v>
+                                    <v>9734</v>
                                 </b>
                             </bs>
                         </hist>
@@ -17976,15 +18387,15 @@
         </relation>
         <relation>
             <name>memberRefBinding</name>
-            <cardinality>23206</cardinality>
+            <cardinality>23208</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>23206</v>
+                    <v>23208</v>
                 </e>
                 <e>
                     <k>callable</k>
-                    <v>11196</v>
+                    <v>11197</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -17998,7 +18409,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>23206</v>
+                                    <v>23208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18014,12 +18425,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7861</v>
+                                    <v>7862</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>2074</v>
+                                    <v>2075</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -18039,15 +18450,15 @@
         </relation>
         <relation>
             <name>propertyRefGetBinding</name>
-            <cardinality>9639</cardinality>
+            <cardinality>8876</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>9639</v>
+                    <v>8876</v>
                 </e>
                 <e>
                     <k>getter</k>
-                    <v>5826</v>
+                    <v>5366</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18061,7 +18472,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9639</v>
+                                    <v>8876</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18077,17 +18488,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2117</v>
+                                    <v>1951</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>3615</v>
+                                    <v>3328</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>6</b>
-                                    <v>94</v>
+                                    <v>86</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18145,15 +18556,15 @@
         </relation>
         <relation>
             <name>propertyRefSetBinding</name>
-            <cardinality>2671</cardinality>
+            <cardinality>2600</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2671</v>
+                    <v>2600</v>
                 </e>
                 <e>
                     <k>setter</k>
-                    <v>1335</v>
+                    <v>1300</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18167,7 +18578,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2671</v>
+                                    <v>2600</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18183,7 +18594,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1335</v>
+                                    <v>1300</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18193,15 +18604,15 @@
         </relation>
         <relation>
             <name>variableBinding</name>
-            <cardinality>2434432</cardinality>
+            <cardinality>2434277</cardinality>
             <columnsizes>
                 <e>
                     <k>expr</k>
-                    <v>2434432</v>
+                    <v>2434277</v>
                 </e>
                 <e>
                     <k>variable</k>
-                    <v>572564</v>
+                    <v>572528</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18215,7 +18626,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2434432</v>
+                                    <v>2434277</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18231,37 +18642,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>205804</v>
+                                    <v>205791</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>120953</v>
+                                    <v>120945</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>85027</v>
+                                    <v>85022</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>45970</v>
+                                    <v>45967</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>40061</v>
+                                    <v>40059</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>14</b>
-                                    <v>43075</v>
+                                    <v>43072</v>
                                 </b>
                                 <b>
                                     <a>14</a>
                                     <b>464</b>
-                                    <v>31671</v>
+                                    <v>31669</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18271,23 +18682,23 @@
         </relation>
         <relation>
             <name>localvars</name>
-            <cardinality>385297</cardinality>
+            <cardinality>385272</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>385297</v>
+                    <v>385272</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>140004</v>
+                    <v>139995</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>49513</v>
+                    <v>49510</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>385297</v>
+                    <v>385272</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18301,7 +18712,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18317,7 +18728,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18333,7 +18744,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18349,22 +18760,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>83661</v>
+                                    <v>83655</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>26179</v>
+                                    <v>26178</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>10244</v>
+                                    <v>10243</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>9</b>
-                                    <v>11951</v>
+                                    <v>11950</v>
                                 </b>
                                 <b>
                                     <a>9</a>
@@ -18385,7 +18796,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>124638</v>
+                                    <v>124630</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18411,22 +18822,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>83661</v>
+                                    <v>83655</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>26179</v>
+                                    <v>26178</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>10244</v>
+                                    <v>10243</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>9</b>
-                                    <v>11951</v>
+                                    <v>11950</v>
                                 </b>
                                 <b>
                                     <a>9</a>
@@ -18447,7 +18858,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>16504</v>
+                                    <v>16503</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18462,7 +18873,7 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>5122</v>
+                                    <v>5121</v>
                                 </b>
                                 <b>
                                     <a>6</a>
@@ -18503,7 +18914,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>23334</v>
+                                    <v>23332</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18513,7 +18924,7 @@
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>6260</v>
+                                    <v>6259</v>
                                 </b>
                                 <b>
                                     <a>4</a>
@@ -18544,7 +18955,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>16504</v>
+                                    <v>16503</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18559,7 +18970,7 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>5122</v>
+                                    <v>5121</v>
                                 </b>
                                 <b>
                                     <a>6</a>
@@ -18600,7 +19011,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18616,7 +19027,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18632,7 +19043,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>385297</v>
+                                    <v>385272</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18642,15 +19053,15 @@
         </relation>
         <relation>
             <name>localvarsKotlinType</name>
-            <cardinality>227691</cardinality>
+            <cardinality>240107</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>227691</v>
+                    <v>240107</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>154</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18664,7 +19075,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>227691</v>
+                                    <v>240107</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18678,9 +19089,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>1470</a>
-                                    <b>1471</b>
-                                    <v>154</v>
+                                    <a>125</a>
+                                    <b>126</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18690,19 +19101,19 @@
         </relation>
         <relation>
             <name>namestrings</name>
-            <cardinality>4022677</cardinality>
+            <cardinality>4022436</cardinality>
             <columnsizes>
                 <e>
                     <k>name</k>
-                    <v>23386</v>
+                    <v>23384</v>
                 </e>
                 <e>
                     <k>value</k>
-                    <v>22167</v>
+                    <v>22166</v>
                 </e>
                 <e>
                     <k>parent</k>
-                    <v>4022677</v>
+                    <v>4022436</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18716,7 +19127,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>23386</v>
+                                    <v>23384</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18732,7 +19143,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9605</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18783,7 +19194,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>21560</v>
+                                    <v>21559</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18804,7 +19215,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9119</v>
+                                    <v>9118</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -18855,7 +19266,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4022677</v>
+                                    <v>4022436</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18871,7 +19282,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4022677</v>
+                                    <v>4022436</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18881,15 +19292,15 @@
         </relation>
         <relation>
             <name>modules</name>
-            <cardinality>7964</cardinality>
+            <cardinality>7965</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>7964</v>
+                    <v>7965</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>7964</v>
+                    <v>7965</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -18903,7 +19314,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7964</v>
+                                    <v>7965</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18919,7 +19330,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7964</v>
+                                    <v>7965</v>
                                 </b>
                             </bs>
                         </hist>
@@ -18940,11 +19351,11 @@
         </relation>
         <relation>
             <name>cumodule</name>
-            <cardinality>247568</cardinality>
+            <cardinality>247580</cardinality>
             <columnsizes>
                 <e>
                     <k>fileId</k>
-                    <v>247568</v>
+                    <v>247580</v>
                 </e>
                 <e>
                     <k>moduleId</k>
@@ -18962,7 +19373,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>247568</v>
+                                    <v>247580</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19013,7 +19424,7 @@
         </relation>
         <relation>
             <name>directives</name>
-            <cardinality>50277</cardinality>
+            <cardinality>50279</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
@@ -19021,7 +19432,7 @@
                 </e>
                 <e>
                     <k>directive</k>
-                    <v>50277</v>
+                    <v>50279</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19081,7 +19492,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>50277</v>
+                                    <v>50279</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19171,15 +19582,15 @@
         </relation>
         <relation>
             <name>exports</name>
-            <cardinality>35011</cardinality>
+            <cardinality>35013</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>35011</v>
+                    <v>35013</v>
                 </e>
                 <e>
                     <k>target</k>
-                    <v>35011</v>
+                    <v>35013</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19193,7 +19604,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>35011</v>
+                                    <v>35013</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19209,7 +19620,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>35011</v>
+                                    <v>35013</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19219,15 +19630,15 @@
         </relation>
         <relation>
             <name>exportsTo</name>
-            <cardinality>28706</cardinality>
+            <cardinality>28707</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>12278</v>
+                    <v>12279</v>
                 </e>
                 <e>
                     <k>target</k>
-                    <v>7466</v>
+                    <v>7467</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19241,7 +19652,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7300</v>
+                                    <v>7301</v>
                                 </b>
                                 <b>
                                     <a>2</a>
@@ -19423,15 +19834,15 @@
         </relation>
         <relation>
             <name>uses</name>
-            <cardinality>10785</cardinality>
+            <cardinality>10786</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>10785</v>
+                    <v>10786</v>
                 </e>
                 <e>
                     <k>serviceInterface</k>
-                    <v>10785</v>
+                    <v>10786</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19445,7 +19856,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>10785</v>
+                                    <v>10786</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19461,7 +19872,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>10785</v>
+                                    <v>10786</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19519,7 +19930,7 @@
         </relation>
         <relation>
             <name>providesWith</name>
-            <cardinality>5309</cardinality>
+            <cardinality>5310</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
@@ -19527,7 +19938,7 @@
                 </e>
                 <e>
                     <k>serviceImpl</k>
-                    <v>5309</v>
+                    <v>5310</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19572,7 +19983,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5309</v>
+                                    <v>5310</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19582,48 +19993,48 @@
         </relation>
         <relation>
             <name>javadoc</name>
-            <cardinality>985153</cardinality>
+            <cardinality>985091</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>985153</v>
+                    <v>985091</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>isNormalComment</name>
-            <cardinality>649939</cardinality>
+            <cardinality>649898</cardinality>
             <columnsizes>
                 <e>
                     <k>commentid</k>
-                    <v>649939</v>
+                    <v>649898</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>isEolComment</name>
-            <cardinality>610101</cardinality>
+            <cardinality>610062</cardinality>
             <columnsizes>
                 <e>
                     <k>commentid</k>
-                    <v>610101</v>
+                    <v>610062</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>hasJavadoc</name>
-            <cardinality>435379</cardinality>
+            <cardinality>435352</cardinality>
             <columnsizes>
                 <e>
                     <k>documentableid</k>
-                    <v>368223</v>
+                    <v>368199</v>
                 </e>
                 <e>
                     <k>javadocid</k>
-                    <v>435379</v>
+                    <v>435352</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -19637,12 +20048,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>320416</v>
+                                    <v>320396</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>44960</v>
+                                    <v>44957</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -19663,7 +20074,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>435379</v>
+                                    <v>435352</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19673,19 +20084,19 @@
         </relation>
         <relation>
             <name>javadocTag</name>
-            <cardinality>335830</cardinality>
+            <cardinality>335808</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>335830</v>
+                    <v>335808</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>578</v>
+                    <v>577</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>114117</v>
+                    <v>114110</v>
                 </e>
                 <e>
                     <k>idx</k>
@@ -19703,7 +20114,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>335830</v>
+                                    <v>335808</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19719,7 +20130,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>335830</v>
+                                    <v>335808</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19735,7 +20146,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>335830</v>
+                                    <v>335808</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19884,37 +20295,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>33194</v>
+                                    <v>33192</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>24937</v>
+                                    <v>24935</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>18661</v>
+                                    <v>18660</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>13129</v>
+                                    <v>13128</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>9991</v>
+                                    <v>9990</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>7679</v>
+                                    <v>7678</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>11</b>
-                                    <v>6523</v>
+                                    <v>6522</v>
                                 </b>
                             </bs>
                         </hist>
@@ -19930,22 +20341,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>39966</v>
+                                    <v>39963</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>38644</v>
+                                    <v>38642</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>21139</v>
+                                    <v>21137</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>12221</v>
+                                    <v>12220</v>
                                 </b>
                                 <b>
                                     <a>5</a>
@@ -19966,37 +20377,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>33194</v>
+                                    <v>33192</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>24937</v>
+                                    <v>24935</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>18661</v>
+                                    <v>18660</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>13129</v>
+                                    <v>13128</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>9991</v>
+                                    <v>9990</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>7679</v>
+                                    <v>7678</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>11</b>
-                                    <v>6523</v>
+                                    <v>6522</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20184,23 +20595,23 @@
         </relation>
         <relation>
             <name>javadocText</name>
-            <cardinality>2503007</cardinality>
+            <cardinality>2502848</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2503007</v>
+                    <v>2502848</v>
                 </e>
                 <e>
                     <k>text</k>
-                    <v>1370450</v>
+                    <v>1370363</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>1169550</v>
+                    <v>1169475</v>
                 </e>
                 <e>
                     <k>idx</k>
-                    <v>42115</v>
+                    <v>42112</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -20214,7 +20625,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2503007</v>
+                                    <v>2502848</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20230,7 +20641,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2503007</v>
+                                    <v>2502848</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20246,7 +20657,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2503007</v>
+                                    <v>2502848</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20262,17 +20673,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1139386</v>
+                                    <v>1139314</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>149679</v>
+                                    <v>149670</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>147</b>
-                                    <v>81384</v>
+                                    <v>81379</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20288,17 +20699,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1140524</v>
+                                    <v>1140452</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>149110</v>
+                                    <v>149101</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>88</b>
-                                    <v>80815</v>
+                                    <v>80810</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20314,12 +20725,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1346547</v>
+                                    <v>1346462</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>32</b>
-                                    <v>23903</v>
+                                    <v>23901</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20335,22 +20746,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>870190</v>
+                                    <v>870135</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>159354</v>
+                                    <v>159344</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>12</b>
-                                    <v>83092</v>
+                                    <v>83086</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>75</b>
-                                    <v>56912</v>
+                                    <v>56908</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20366,22 +20777,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>870190</v>
+                                    <v>870135</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>159354</v>
+                                    <v>159344</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>12</b>
-                                    <v>84230</v>
+                                    <v>84225</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>67</b>
-                                    <v>55774</v>
+                                    <v>55770</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20397,22 +20808,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>870190</v>
+                                    <v>870135</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>159354</v>
+                                    <v>159344</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>12</b>
-                                    <v>83092</v>
+                                    <v>83086</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>75</b>
-                                    <v>56912</v>
+                                    <v>56908</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20428,7 +20839,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>21057</v>
+                                    <v>21056</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -20484,7 +20895,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>20488</v>
+                                    <v>20487</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -20535,7 +20946,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>21057</v>
+                                    <v>21056</v>
                                 </b>
                                 <b>
                                     <a>3</a>
@@ -20580,15 +20991,15 @@
         </relation>
         <relation>
             <name>xmlEncoding</name>
-            <cardinality>800467</cardinality>
+            <cardinality>1129463</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>800467</v>
+                    <v>1129463</v>
                 </e>
                 <e>
                     <k>encoding</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -20602,7 +21013,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>800467</v>
+                                    <v>1129463</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20618,7 +21029,7 @@
                                 <b>
                                     <a>588</a>
                                     <b>589</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -20976,27 +21387,27 @@
         </relation>
         <relation>
             <name>xmlElements</name>
-            <cardinality>106507143</cardinality>
+            <cardinality>150282022</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>106507143</v>
+                    <v>150282022</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>337612</v>
+                    <v>476372</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>2747183</v>
+                    <v>3876287</v>
                 </e>
                 <e>
                     <k>idx</k>
-                    <v>1207508</v>
+                    <v>1703799</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>800467</v>
+                    <v>1129463</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -21010,7 +21421,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106507143</v>
+                                    <v>150282022</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21026,7 +21437,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106507143</v>
+                                    <v>150282022</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21042,7 +21453,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106507143</v>
+                                    <v>150282022</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21058,7 +21469,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106507143</v>
+                                    <v>150282022</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21074,57 +21485,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>16336</v>
+                                    <v>23050</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>24504</v>
+                                    <v>34575</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>9</b>
-                                    <v>12252</v>
+                                    <v>17287</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>10</b>
-                                    <v>23142</v>
+                                    <v>32654</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>18</b>
-                                    <v>28588</v>
+                                    <v>40337</v>
                                 </b>
                                 <b>
                                     <a>18</a>
                                     <b>48</b>
-                                    <v>25865</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>52</a>
                                     <b>250</b>
-                                    <v>25865</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>342</a>
                                     <b>73380</b>
-                                    <v>4084</v>
+                                    <v>5762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21140,52 +21551,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>123881</v>
+                                    <v>174797</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>46285</v>
+                                    <v>65309</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>17697</v>
+                                    <v>24971</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>28588</v>
+                                    <v>40337</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>10</b>
-                                    <v>28588</v>
+                                    <v>40337</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>21</b>
-                                    <v>27226</v>
+                                    <v>38417</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>128</b>
-                                    <v>25865</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>130</a>
                                     <b>229</b>
-                                    <v>5445</v>
+                                    <v>7683</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21201,37 +21612,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>186503</v>
+                                    <v>263157</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>24504</v>
+                                    <v>34575</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>20420</v>
+                                    <v>28812</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>9</b>
-                                    <v>20420</v>
+                                    <v>28812</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>38</b>
-                                    <v>25865</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>45</a>
                                     <b>888</b>
-                                    <v>10890</v>
+                                    <v>15366</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21247,42 +21658,42 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>183780</v>
+                                    <v>259315</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>17697</v>
+                                    <v>24971</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>16</b>
-                                    <v>25865</v>
+                                    <v>36496</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>114</b>
-                                    <v>27226</v>
+                                    <v>38417</v>
                                 </b>
                                 <b>
                                     <a>118</a>
                                     <b>131</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21298,32 +21709,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1671725</v>
+                                    <v>2358811</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>428822</v>
+                                    <v>605069</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>178335</v>
+                                    <v>251632</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>8</b>
-                                    <v>213730</v>
+                                    <v>301574</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>777</b>
-                                    <v>224621</v>
+                                    <v>316941</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>888</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21339,17 +21750,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2267992</v>
+                                    <v>3200146</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>291326</v>
+                                    <v>411063</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>17</b>
-                                    <v>187864</v>
+                                    <v>265078</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21365,32 +21776,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1671725</v>
+                                    <v>2358811</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>428822</v>
+                                    <v>605069</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>178335</v>
+                                    <v>251632</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>8</b>
-                                    <v>213730</v>
+                                    <v>301574</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>777</b>
-                                    <v>224621</v>
+                                    <v>316941</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>888</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21406,7 +21817,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2747183</v>
+                                    <v>3876287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21422,67 +21833,67 @@
                                 <b>
                                     <a>2</a>
                                     <b>8</b>
-                                    <v>102100</v>
+                                    <v>144064</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>76</b>
-                                    <v>96655</v>
+                                    <v>136380</v>
                                 </b>
                                 <b>
                                     <a>76</a>
                                     <b>82</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>82</a>
                                     <b>89</b>
-                                    <v>87125</v>
+                                    <v>122934</v>
                                 </b>
                                 <b>
                                     <a>89</a>
                                     <b>92</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                                 <b>
                                     <a>92</a>
                                     <b>95</b>
-                                    <v>95293</v>
+                                    <v>134459</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>97</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>97</a>
                                     <b>98</b>
-                                    <v>149747</v>
+                                    <v>211294</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>99</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>99</a>
                                     <b>104</b>
-                                    <v>110268</v>
+                                    <v>155589</v>
                                 </b>
                                 <b>
                                     <a>104</a>
                                     <b>106</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>106</a>
                                     <b>159</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>162</a>
                                     <b>2019</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21498,22 +21909,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>978803</v>
+                                    <v>1381095</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>5</b>
-                                    <v>89848</v>
+                                    <v>126776</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>9</b>
-                                    <v>103461</v>
+                                    <v>145985</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>150</b>
-                                    <v>35394</v>
+                                    <v>49942</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21529,67 +21940,67 @@
                                 <b>
                                     <a>2</a>
                                     <b>8</b>
-                                    <v>102100</v>
+                                    <v>144064</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>76</b>
-                                    <v>96655</v>
+                                    <v>136380</v>
                                 </b>
                                 <b>
                                     <a>76</a>
                                     <b>82</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>82</a>
                                     <b>89</b>
-                                    <v>87125</v>
+                                    <v>122934</v>
                                 </b>
                                 <b>
                                     <a>89</a>
                                     <b>92</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                                 <b>
                                     <a>92</a>
                                     <b>95</b>
-                                    <v>95293</v>
+                                    <v>134459</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>97</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>97</a>
                                     <b>98</b>
-                                    <v>149747</v>
+                                    <v>211294</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>99</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>99</a>
                                     <b>104</b>
-                                    <v>110268</v>
+                                    <v>155589</v>
                                 </b>
                                 <b>
                                     <a>104</a>
                                     <b>106</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>106</a>
                                     <b>159</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>162</a>
                                     <b>2019</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21605,67 +22016,67 @@
                                 <b>
                                     <a>2</a>
                                     <b>8</b>
-                                    <v>102100</v>
+                                    <v>144064</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>76</b>
-                                    <v>96655</v>
+                                    <v>136380</v>
                                 </b>
                                 <b>
                                     <a>76</a>
                                     <b>82</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>82</a>
                                     <b>89</b>
-                                    <v>87125</v>
+                                    <v>122934</v>
                                 </b>
                                 <b>
                                     <a>89</a>
                                     <b>92</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                                 <b>
                                     <a>92</a>
                                     <b>95</b>
-                                    <v>95293</v>
+                                    <v>134459</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>97</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>97</a>
                                     <b>98</b>
-                                    <v>149747</v>
+                                    <v>211294</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>99</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>99</a>
                                     <b>104</b>
-                                    <v>110268</v>
+                                    <v>155589</v>
                                 </b>
                                 <b>
                                     <a>104</a>
                                     <b>106</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>106</a>
                                     <b>139</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>141</a>
                                     <b>589</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21681,57 +22092,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>134772</v>
+                                    <v>190164</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>176974</v>
+                                    <v>249711</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>74873</v>
+                                    <v>105647</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>31</b>
-                                    <v>62621</v>
+                                    <v>88359</v>
                                 </b>
                                 <b>
                                     <a>35</a>
                                     <b>694</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>738</a>
                                     <b>776</b>
-                                    <v>20420</v>
+                                    <v>28812</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>779</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>788</a>
                                     <b>889</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21747,37 +22158,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>398872</v>
+                                    <v>562810</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>138856</v>
+                                    <v>195927</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>9</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>69</b>
-                                    <v>12252</v>
+                                    <v>17287</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21793,27 +22204,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>567678</v>
+                                    <v>800997</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>57176</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>165</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21829,42 +22240,42 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>202839</v>
+                                    <v>286207</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>219175</v>
+                                    <v>309257</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>88487</v>
+                                    <v>124855</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>7</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>17</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>18</a>
                                     <b>763</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>764</a>
                                     <b>777</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>888</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21874,31 +22285,31 @@
         </relation>
         <relation>
             <name>xmlAttrs</name>
-            <cardinality>129551904</cardinality>
+            <cardinality>182798274</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>129551904</v>
+                    <v>182798274</v>
                 </e>
                 <e>
                     <k>elementid</k>
-                    <v>105600491</v>
+                    <v>149002731</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>511863</v>
+                    <v>722241</v>
                 </e>
                 <e>
                     <k>value</k>
-                    <v>8184375</v>
+                    <v>11548187</v>
                 </e>
                 <e>
                     <k>idx</k>
-                    <v>31310</v>
+                    <v>44179</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>799106</v>
+                    <v>1127542</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -21912,7 +22323,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>129551904</v>
+                                    <v>182798274</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21928,7 +22339,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>129551904</v>
+                                    <v>182798274</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21944,7 +22355,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>129551904</v>
+                                    <v>182798274</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21960,7 +22371,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>129551904</v>
+                                    <v>182798274</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21976,7 +22387,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>129551904</v>
+                                    <v>182798274</v>
                                 </b>
                             </bs>
                         </hist>
@@ -21992,17 +22403,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96634707</v>
+                                    <v>136351973</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>7940695</v>
+                                    <v>11204353</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>24</b>
-                                    <v>1025088</v>
+                                    <v>1446404</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22018,17 +22429,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96634707</v>
+                                    <v>136351973</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>7954308</v>
+                                    <v>11223562</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>23</b>
-                                    <v>1011475</v>
+                                    <v>1427196</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22044,17 +22455,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96687799</v>
+                                    <v>136426886</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>7993787</v>
+                                    <v>11279267</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>21</b>
-                                    <v>918904</v>
+                                    <v>1296577</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22070,17 +22481,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96634707</v>
+                                    <v>136351973</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>7940695</v>
+                                    <v>11204353</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>24</b>
-                                    <v>1025088</v>
+                                    <v>1446404</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22096,7 +22507,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>105600491</v>
+                                    <v>149002731</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22112,62 +22523,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>55814</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>31310</v>
+                                    <v>44179</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>17697</v>
+                                    <v>24971</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>11</b>
-                                    <v>42201</v>
+                                    <v>59546</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>22</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>38</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>38</a>
                                     <b>79</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>81</a>
                                     <b>168</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>168</a>
                                     <b>74700</b>
-                                    <v>31310</v>
+                                    <v>44179</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22183,62 +22594,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>106184</v>
+                                    <v>149826</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>55814</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>31310</v>
+                                    <v>44179</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>17697</v>
+                                    <v>24971</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>11</b>
-                                    <v>46285</v>
+                                    <v>65309</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>25</b>
-                                    <v>43562</v>
+                                    <v>61467</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>39</b>
-                                    <v>42201</v>
+                                    <v>59546</v>
                                 </b>
                                 <b>
                                     <a>43</a>
                                     <b>91</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>91</a>
                                     <b>227</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>227</a>
                                     <b>74700</b>
-                                    <v>21781</v>
+                                    <v>30733</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22254,42 +22665,42 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>215091</v>
+                                    <v>303495</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>80319</v>
+                                    <v>113330</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>34033</v>
+                                    <v>48021</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>9</b>
-                                    <v>42201</v>
+                                    <v>59546</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>21</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>64</b>
-                                    <v>42201</v>
+                                    <v>59546</v>
                                 </b>
                                 <b>
                                     <a>68</a>
                                     <b>2100</b>
-                                    <v>21781</v>
+                                    <v>30733</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22305,37 +22716,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>201478</v>
+                                    <v>284286</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>95293</v>
+                                    <v>134459</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>54453</v>
+                                    <v>76834</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>7</b>
-                                    <v>32672</v>
+                                    <v>46100</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>21</b>
-                                    <v>38117</v>
+                                    <v>53783</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22351,52 +22762,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>178335</v>
+                                    <v>251632</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>53092</v>
+                                    <v>74913</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>27226</v>
+                                    <v>38417</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>24504</v>
+                                    <v>34575</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>38117</v>
+                                    <v>53783</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>9</b>
-                                    <v>42201</v>
+                                    <v>59546</v>
                                 </b>
                                 <b>
                                     <a>9</a>
                                     <b>17</b>
-                                    <v>44924</v>
+                                    <v>63388</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>34</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>36</a>
                                     <b>91</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>91</a>
                                     <b>223</b>
-                                    <v>24504</v>
+                                    <v>34575</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22412,37 +22823,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4470639</v>
+                                    <v>6308091</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1210231</v>
+                                    <v>1707641</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>627577</v>
+                                    <v>885514</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>31</b>
-                                    <v>616686</v>
+                                    <v>870147</v>
                                 </b>
                                 <b>
                                     <a>31</a>
                                     <b>91</b>
-                                    <v>643913</v>
+                                    <v>908564</v>
                                 </b>
                                 <b>
                                     <a>91</a>
                                     <b>1111</b>
-                                    <v>613964</v>
+                                    <v>866306</v>
                                 </b>
                                 <b>
                                     <a>3397</a>
                                     <b>3398</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22458,32 +22869,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4560488</v>
+                                    <v>6434868</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1153054</v>
+                                    <v>1626965</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>635745</v>
+                                    <v>897039</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>33</b>
-                                    <v>645275</v>
+                                    <v>910485</v>
                                 </b>
                                 <b>
                                     <a>33</a>
                                     <b>93</b>
-                                    <v>631661</v>
+                                    <v>891277</v>
                                 </b>
                                 <b>
                                     <a>93</a>
                                     <b>3398</b>
-                                    <v>558149</v>
+                                    <v>787551</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22499,17 +22910,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7427470</v>
+                                    <v>10480191</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>4</b>
-                                    <v>658888</v>
+                                    <v>929694</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>53</b>
-                                    <v>98016</v>
+                                    <v>138301</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22525,17 +22936,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6778110</v>
+                                    <v>9563942</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>989694</v>
+                                    <v>1396462</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>20</b>
-                                    <v>416569</v>
+                                    <v>587781</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22551,32 +22962,32 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5268385</v>
+                                    <v>7433713</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>887593</v>
+                                    <v>1252398</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>10</b>
-                                    <v>635745</v>
+                                    <v>897039</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>83</b>
-                                    <v>622132</v>
+                                    <v>877831</v>
                                 </b>
                                 <b>
                                     <a>83</a>
                                     <b>99</b>
-                                    <v>624854</v>
+                                    <v>881672</v>
                                 </b>
                                 <b>
                                     <a>99</a>
                                     <b>182</b>
-                                    <v>145663</v>
+                                    <v>205531</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22592,62 +23003,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>6</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>14</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>26</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>39</a>
                                     <b>56</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>83</a>
                                     <b>110</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>153</a>
                                     <b>232</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>316</a>
                                     <b>400</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>468</a>
                                     <b>545</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>626</a>
                                     <b>754</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>951</a>
                                     <b>1491</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>4718</a>
                                     <b>6587</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>77571</a>
                                     <b>77572</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22663,62 +23074,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>6</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>14</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>17</a>
                                     <b>26</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>39</a>
                                     <b>56</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>83</a>
                                     <b>110</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>153</a>
                                     <b>232</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>316</a>
                                     <b>400</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>468</a>
                                     <b>545</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>626</a>
                                     <b>754</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>951</a>
                                     <b>1491</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>4718</a>
                                     <b>6587</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>77571</a>
                                     <b>77572</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22734,62 +23145,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>4</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>17</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>18</a>
                                     <b>23</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>26</a>
                                     <b>38</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>39</a>
                                     <b>49</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>57</a>
                                     <b>67</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>72</a>
                                     <b>79</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>101</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>105</a>
                                     <b>106</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>106</a>
                                     <b>132</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>140</a>
                                     <b>141</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22805,62 +23216,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>5</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>10</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>11</a>
                                     <b>18</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>32</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>46</a>
                                     <b>63</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>85</a>
                                     <b>119</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>142</a>
                                     <b>185</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>212</a>
                                     <b>228</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>253</a>
                                     <b>275</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>307</a>
                                     <b>423</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>580</a>
                                     <b>1324</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>3579</a>
                                     <b>3580</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22876,62 +23287,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>6</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>19</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>23</a>
                                     <b>36</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>45</a>
                                     <b>59</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>73</a>
                                     <b>97</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>115</a>
                                     <b>131</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>140</a>
                                     <b>148</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>168</a>
                                     <b>181</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>248</a>
                                     <b>363</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>473</a>
                                     <b>530</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>587</a>
                                     <b>588</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -22947,72 +23358,72 @@
                                 <b>
                                     <a>1</a>
                                     <b>3</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>36756</v>
+                                    <v>51863</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>51730</v>
+                                    <v>72992</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>10</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>15</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>15</a>
                                     <b>27</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>27</a>
                                     <b>41</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>41</a>
                                     <b>65</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>65</a>
                                     <b>157</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>162</a>
                                     <b>817</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>818</a>
                                     <b>832</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>832</a>
                                     <b>1187</b>
-                                    <v>27226</v>
+                                    <v>38417</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23028,52 +23439,52 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>91209</v>
+                                    <v>128697</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>187864</v>
+                                    <v>265078</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>112991</v>
+                                    <v>159431</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>77596</v>
+                                    <v>109488</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>8</b>
-                                    <v>72151</v>
+                                    <v>101805</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>14</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>14</a>
                                     <b>295</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>330</a>
                                     <b>775</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>776</a>
                                     <b>778</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>787</a>
                                     <b>888</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23089,62 +23500,62 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>121159</v>
+                                    <v>170956</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>114352</v>
+                                    <v>161351</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>50369</v>
+                                    <v>71071</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>12</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>18</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>18</a>
                                     <b>24</b>
-                                    <v>68066</v>
+                                    <v>96042</v>
                                 </b>
                                 <b>
                                     <a>24</a>
                                     <b>37</b>
-                                    <v>62621</v>
+                                    <v>88359</v>
                                 </b>
                                 <b>
                                     <a>37</a>
                                     <b>55</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23160,67 +23571,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>3</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>73512</v>
+                                    <v>103726</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>88487</v>
+                                    <v>124855</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>8</b>
-                                    <v>62621</v>
+                                    <v>88359</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>12</b>
-                                    <v>70789</v>
+                                    <v>99884</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>19</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>19</a>
                                     <b>27</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>27</a>
                                     <b>41</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>42</a>
                                     <b>170</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>205</a>
                                     <b>780</b>
-                                    <v>57176</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>781</a>
                                     <b>783</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>791</a>
                                     <b>893</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23236,47 +23647,47 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>76235</v>
+                                    <v>107567</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>151108</v>
+                                    <v>213215</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>5</b>
-                                    <v>155192</v>
+                                    <v>218977</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>10</b>
-                                    <v>68066</v>
+                                    <v>96042</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>12</b>
-                                    <v>46285</v>
+                                    <v>65309</v>
                                 </b>
                                 <b>
                                     <a>12</a>
                                     <b>15</b>
-                                    <v>69428</v>
+                                    <v>97963</v>
                                 </b>
                                 <b>
                                     <a>15</a>
                                     <b>24</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23286,23 +23697,23 @@
         </relation>
         <relation>
             <name>xmlNs</name>
-            <cardinality>1283743</cardinality>
+            <cardinality>1811367</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>8168</v>
+                    <v>11525</v>
                 </e>
                 <e>
                     <k>prefixName</k>
-                    <v>9529</v>
+                    <v>13445</v>
                 </e>
                 <e>
                     <k>URI</k>
-                    <v>8168</v>
+                    <v>11525</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>747375</v>
+                    <v>1054550</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -23316,12 +23727,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23337,7 +23748,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8168</v>
+                                    <v>11525</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23353,32 +23764,32 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>88</a>
                                     <b>89</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>167</a>
                                     <b>168</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>213</a>
                                     <b>214</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>453</a>
                                     <b>454</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23394,7 +23805,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9529</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23410,7 +23821,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>9529</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23426,37 +23837,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>88</a>
                                     <b>89</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>166</a>
                                     <b>167</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>213</a>
                                     <b>214</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>453</a>
                                     <b>454</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23472,7 +23883,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>8168</v>
+                                    <v>11525</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23488,12 +23899,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>6806</v>
+                                    <v>9604</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23509,32 +23920,32 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>88</a>
                                     <b>89</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>167</a>
                                     <b>168</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>213</a>
                                     <b>214</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>453</a>
                                     <b>454</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23550,17 +23961,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333528</v>
+                                    <v>470609</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>291326</v>
+                                    <v>411063</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>122520</v>
+                                    <v>172877</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23576,17 +23987,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333528</v>
+                                    <v>470609</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>291326</v>
+                                    <v>411063</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>122520</v>
+                                    <v>172877</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23602,17 +24013,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>333528</v>
+                                    <v>470609</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>291326</v>
+                                    <v>411063</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>122520</v>
+                                    <v>172877</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23622,19 +24033,19 @@
         </relation>
         <relation>
             <name>xmlHasNs</name>
-            <cardinality>25896767</cardinality>
+            <cardinality>36540446</cardinality>
             <columnsizes>
                 <e>
                     <k>elementId</k>
-                    <v>25896767</v>
+                    <v>36540446</v>
                 </e>
                 <e>
                     <k>nsId</k>
-                    <v>8168</v>
+                    <v>11525</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>743291</v>
+                    <v>1048787</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -23648,7 +24059,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>25896767</v>
+                                    <v>36540446</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23664,7 +24075,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>25896767</v>
+                                    <v>36540446</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23680,32 +24091,32 @@
                                 <b>
                                     <a>13</a>
                                     <b>14</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>84</a>
                                     <b>85</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>2426</a>
                                     <b>2427</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>2733</a>
                                     <b>2734</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>3704</a>
                                     <b>3705</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>10063</a>
                                     <b>10064</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23721,32 +24132,32 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>20</a>
                                     <b>21</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>86</a>
                                     <b>87</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>164</a>
                                     <b>165</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>209</a>
                                     <b>210</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>453</a>
                                     <b>454</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23762,77 +24173,77 @@
                                 <b>
                                     <a>1</a>
                                     <b>3</b>
-                                    <v>44924</v>
+                                    <v>63388</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>5</b>
-                                    <v>62621</v>
+                                    <v>88359</v>
                                 </b>
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>34033</v>
+                                    <v>48021</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>7</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>8</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>10</b>
-                                    <v>61260</v>
+                                    <v>86438</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>15</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>15</a>
                                     <b>25</b>
-                                    <v>55814</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>25</a>
                                     <b>36</b>
-                                    <v>57176</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>36</a>
                                     <b>49</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>49</a>
                                     <b>54</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>58537</v>
+                                    <v>82596</v>
                                 </b>
                                 <b>
                                     <a>55</a>
                                     <b>81</b>
-                                    <v>57176</v>
+                                    <v>80675</v>
                                 </b>
                                 <b>
                                     <a>81</a>
                                     <b>298</b>
-                                    <v>55814</v>
+                                    <v>78755</v>
                                 </b>
                                 <b>
                                     <a>298</a>
                                     <b>833</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23848,17 +24259,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>334889</v>
+                                    <v>472530</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>288604</v>
+                                    <v>407221</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>119797</v>
+                                    <v>169035</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23868,23 +24279,23 @@
         </relation>
         <relation>
             <name>xmlComments</name>
-            <cardinality>107198704</cardinality>
+            <cardinality>151257816</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>107198704</v>
+                    <v>151257816</v>
                 </e>
                 <e>
                     <k>text</k>
-                    <v>1692145</v>
+                    <v>2387624</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>839946</v>
+                    <v>1185168</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>785493</v>
+                    <v>1108333</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -23898,7 +24309,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>107198704</v>
+                                    <v>151257816</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23914,7 +24325,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>107198704</v>
+                                    <v>151257816</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23930,7 +24341,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>107198704</v>
+                                    <v>151257816</v>
                                 </b>
                             </bs>
                         </hist>
@@ -23946,67 +24357,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>232789</v>
+                                    <v>328466</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>7</b>
-                                    <v>138856</v>
+                                    <v>195927</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>32</b>
-                                    <v>140218</v>
+                                    <v>197848</v>
                                 </b>
                                 <b>
                                     <a>32</a>
                                     <b>61</b>
-                                    <v>127965</v>
+                                    <v>180560</v>
                                 </b>
                                 <b>
                                     <a>61</a>
                                     <b>76</b>
-                                    <v>127965</v>
+                                    <v>180560</v>
                                 </b>
                                 <b>
                                     <a>76</a>
                                     <b>84</b>
-                                    <v>136133</v>
+                                    <v>192085</v>
                                 </b>
                                 <b>
                                     <a>84</a>
                                     <b>90</b>
-                                    <v>125243</v>
+                                    <v>176718</v>
                                 </b>
                                 <b>
                                     <a>90</a>
                                     <b>94</b>
-                                    <v>111629</v>
+                                    <v>157510</v>
                                 </b>
                                 <b>
                                     <a>94</a>
                                     <b>95</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>96</b>
-                                    <v>100739</v>
+                                    <v>142143</v>
                                 </b>
                                 <b>
                                     <a>96</a>
                                     <b>98</b>
-                                    <v>140218</v>
+                                    <v>197848</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>100</b>
-                                    <v>126604</v>
+                                    <v>178639</v>
                                 </b>
                                 <b>
                                     <a>100</a>
                                     <b>460</b>
-                                    <v>123881</v>
+                                    <v>174797</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24022,67 +24433,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>235511</v>
+                                    <v>332308</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>134772</v>
+                                    <v>190164</v>
                                 </b>
                                 <b>
                                     <a>6</a>
                                     <b>32</b>
-                                    <v>142940</v>
+                                    <v>201689</v>
                                 </b>
                                 <b>
                                     <a>32</a>
                                     <b>61</b>
-                                    <v>129327</v>
+                                    <v>182481</v>
                                 </b>
                                 <b>
                                     <a>61</a>
                                     <b>75</b>
-                                    <v>132049</v>
+                                    <v>186323</v>
                                 </b>
                                 <b>
                                     <a>75</a>
                                     <b>84</b>
-                                    <v>148386</v>
+                                    <v>209373</v>
                                 </b>
                                 <b>
                                     <a>84</a>
                                     <b>90</b>
-                                    <v>122520</v>
+                                    <v>172877</v>
                                 </b>
                                 <b>
                                     <a>90</a>
                                     <b>94</b>
-                                    <v>119797</v>
+                                    <v>169035</v>
                                 </b>
                                 <b>
                                     <a>94</a>
                                     <b>95</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>96</b>
-                                    <v>103461</v>
+                                    <v>145985</v>
                                 </b>
                                 <b>
                                     <a>96</a>
                                     <b>98</b>
-                                    <v>142940</v>
+                                    <v>201689</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>100</b>
-                                    <v>134772</v>
+                                    <v>190164</v>
                                 </b>
                                 <b>
                                     <a>100</a>
                                     <b>460</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24098,67 +24509,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>246402</v>
+                                    <v>347674</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>7</b>
-                                    <v>133411</v>
+                                    <v>188243</v>
                                 </b>
                                 <b>
                                     <a>7</a>
                                     <b>32</b>
-                                    <v>133411</v>
+                                    <v>188243</v>
                                 </b>
                                 <b>
                                     <a>32</a>
                                     <b>61</b>
-                                    <v>129327</v>
+                                    <v>182481</v>
                                 </b>
                                 <b>
                                     <a>61</a>
                                     <b>75</b>
-                                    <v>132049</v>
+                                    <v>186323</v>
                                 </b>
                                 <b>
                                     <a>75</a>
                                     <b>84</b>
-                                    <v>148386</v>
+                                    <v>209373</v>
                                 </b>
                                 <b>
                                     <a>84</a>
                                     <b>90</b>
-                                    <v>122520</v>
+                                    <v>172877</v>
                                 </b>
                                 <b>
                                     <a>90</a>
                                     <b>94</b>
-                                    <v>119797</v>
+                                    <v>169035</v>
                                 </b>
                                 <b>
                                     <a>94</a>
                                     <b>95</b>
-                                    <v>66705</v>
+                                    <v>94121</v>
                                 </b>
                                 <b>
                                     <a>95</a>
                                     <b>96</b>
-                                    <v>103461</v>
+                                    <v>145985</v>
                                 </b>
                                 <b>
                                     <a>96</a>
                                     <b>98</b>
-                                    <v>142940</v>
+                                    <v>201689</v>
                                 </b>
                                 <b>
                                     <a>98</a>
                                     <b>100</b>
-                                    <v>134772</v>
+                                    <v>190164</v>
                                 </b>
                                 <b>
                                     <a>100</a>
                                     <b>460</b>
-                                    <v>78957</v>
+                                    <v>111409</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24174,22 +24585,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>668417</v>
+                                    <v>943140</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>724</b>
-                                    <v>63982</v>
+                                    <v>90280</v>
                                 </b>
                                 <b>
                                     <a>726</a>
                                     <b>830</b>
-                                    <v>77596</v>
+                                    <v>109488</v>
                                 </b>
                                 <b>
                                     <a>831</a>
                                     <b>941</b>
-                                    <v>29949</v>
+                                    <v>42258</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24205,27 +24616,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>668417</v>
+                                    <v>943140</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>697</b>
-                                    <v>63982</v>
+                                    <v>90280</v>
                                 </b>
                                 <b>
                                     <a>697</a>
                                     <b>795</b>
-                                    <v>34033</v>
+                                    <v>48021</v>
                                 </b>
                                 <b>
                                     <a>795</a>
                                     <b>827</b>
-                                    <v>63982</v>
+                                    <v>90280</v>
                                 </b>
                                 <b>
                                     <a>838</a>
                                     <b>899</b>
-                                    <v>9529</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24241,7 +24652,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>839946</v>
+                                    <v>1185168</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24257,27 +24668,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>600350</v>
+                                    <v>847097</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>549</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>579</a>
                                     <b>829</b>
-                                    <v>40840</v>
+                                    <v>57625</v>
                                 </b>
                                 <b>
                                     <a>829</a>
                                     <b>832</b>
-                                    <v>65344</v>
+                                    <v>92201</v>
                                 </b>
                                 <b>
                                     <a>834</a>
                                     <b>941</b>
-                                    <v>19058</v>
+                                    <v>26891</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24293,27 +24704,27 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>600350</v>
+                                    <v>847097</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>536</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>560</a>
                                     <b>795</b>
-                                    <v>51730</v>
+                                    <v>72992</v>
                                 </b>
                                 <b>
                                     <a>795</a>
                                     <b>812</b>
-                                    <v>59898</v>
+                                    <v>84517</v>
                                 </b>
                                 <b>
                                     <a>819</a>
                                     <b>899</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24329,12 +24740,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>746014</v>
+                                    <v>1052629</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>6</b>
-                                    <v>39478</v>
+                                    <v>55704</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24344,31 +24755,31 @@
         </relation>
         <relation>
             <name>xmlChars</name>
-            <cardinality>101302741</cardinality>
+            <cardinality>142938589</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>101302741</v>
+                    <v>142938589</v>
                 </e>
                 <e>
                     <k>text</k>
-                    <v>77797848</v>
+                    <v>109773086</v>
                 </e>
                 <e>
                     <k>parentid</k>
-                    <v>101302741</v>
+                    <v>142938589</v>
                 </e>
                 <e>
                     <k>idx</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
                 <e>
                     <k>isCDATA</k>
-                    <v>2722</v>
+                    <v>3841</v>
                 </e>
                 <e>
                     <k>fileid</k>
-                    <v>176974</v>
+                    <v>249711</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -24382,7 +24793,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24398,7 +24809,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24414,7 +24825,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24430,7 +24841,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24446,7 +24857,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24462,17 +24873,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>66568156</v>
+                                    <v>93927944</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6991841</v>
+                                    <v>9865517</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>128</b>
-                                    <v>4237850</v>
+                                    <v>5979625</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24488,17 +24899,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>66568156</v>
+                                    <v>93927944</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>6991841</v>
+                                    <v>9865517</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>128</b>
-                                    <v>4237850</v>
+                                    <v>5979625</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24514,7 +24925,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>77797848</v>
+                                    <v>109773086</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24530,7 +24941,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>77797848</v>
+                                    <v>109773086</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24546,12 +24957,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>74436700</v>
+                                    <v>105030493</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>76</b>
-                                    <v>3361148</v>
+                                    <v>4742593</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24567,7 +24978,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24583,7 +24994,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24599,7 +25010,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24615,7 +25026,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24631,7 +25042,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>101302741</v>
+                                    <v>142938589</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24647,7 +25058,7 @@
                                 <b>
                                     <a>74414</a>
                                     <b>74415</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24663,7 +25074,7 @@
                                 <b>
                                     <a>57148</a>
                                     <b>57149</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24679,7 +25090,7 @@
                                 <b>
                                     <a>74414</a>
                                     <b>74415</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24695,7 +25106,7 @@
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24711,7 +25122,7 @@
                                 <b>
                                     <a>130</a>
                                     <b>131</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24727,12 +25138,12 @@
                                 <b>
                                     <a>518</a>
                                     <b>519</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>73896</a>
                                     <b>73897</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24748,12 +25159,12 @@
                                 <b>
                                     <a>492</a>
                                     <b>493</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>56656</a>
                                     <b>56657</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24769,12 +25180,12 @@
                                 <b>
                                     <a>518</a>
                                     <b>519</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>73896</a>
                                     <b>73897</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24790,7 +25201,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2722</v>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24806,12 +25217,12 @@
                                 <b>
                                     <a>98</a>
                                     <b>99</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>130</a>
                                     <b>131</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24827,57 +25238,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>23</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>24</a>
                                     <b>243</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>294</a>
                                     <b>566</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>610</a>
                                     <b>686</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>691</a>
                                     <b>764</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>765</a>
                                     <b>775</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>775</a>
                                     <b>776</b>
-                                    <v>4084</v>
+                                    <v>5762</v>
                                 </b>
                                 <b>
                                     <a>776</a>
                                     <b>777</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>803</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>807</a>
                                     <b>888</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24893,67 +25304,67 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>21</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>188</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>208</a>
                                     <b>492</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>525</a>
                                     <b>589</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>590</a>
                                     <b>638</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>639</a>
                                     <b>651</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>652</a>
                                     <b>656</b>
-                                    <v>12252</v>
+                                    <v>17287</v>
                                 </b>
                                 <b>
                                     <a>656</a>
                                     <b>659</b>
-                                    <v>16336</v>
+                                    <v>23050</v>
                                 </b>
                                 <b>
                                     <a>659</a>
                                     <b>663</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>663</a>
                                     <b>667</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>667</a>
                                     <b>701</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>702</a>
                                     <b>744</b>
-                                    <v>9529</v>
+                                    <v>13445</v>
                                 </b>
                             </bs>
                         </hist>
@@ -24969,57 +25380,57 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>14974</v>
+                                    <v>21129</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>23</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>24</a>
                                     <b>243</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>294</a>
                                     <b>566</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>610</a>
                                     <b>686</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>691</a>
                                     <b>764</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>765</a>
                                     <b>775</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>775</a>
                                     <b>776</b>
-                                    <v>4084</v>
+                                    <v>5762</v>
                                 </b>
                                 <b>
                                     <a>776</a>
                                     <b>777</b>
-                                    <v>49008</v>
+                                    <v>69150</v>
                                 </b>
                                 <b>
                                     <a>777</a>
                                     <b>803</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                                 <b>
                                     <a>807</a>
                                     <b>888</b>
-                                    <v>13613</v>
+                                    <v>19208</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25035,7 +25446,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>176974</v>
+                                    <v>249711</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25051,12 +25462,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>43562</v>
+                                    <v>61467</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>133411</v>
+                                    <v>188243</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25066,15 +25477,15 @@
         </relation>
         <relation>
             <name>xmllocations</name>
-            <cardinality>446644705</cardinality>
+            <cardinality>630217533</cardinality>
             <columnsizes>
                 <e>
                     <k>xmlElement</k>
-                    <v>445369130</v>
+                    <v>628417691</v>
                 </e>
                 <e>
                     <k>location</k>
-                    <v>418533038</v>
+                    <v>590551854</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25088,12 +25499,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>445360961</v>
+                                    <v>628406166</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>454</b>
-                                    <v>8168</v>
+                                    <v>11525</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25109,12 +25520,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>409045860</v>
+                                    <v>577165407</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>25</b>
-                                    <v>9487177</v>
+                                    <v>13386446</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25355,19 +25766,19 @@
         </relation>
         <relation>
             <name>ktComments</name>
-            <cardinality>133411</cardinality>
+            <cardinality>188243</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>133411</v>
+                    <v>188243</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>4084</v>
+                    <v>5762</v>
                 </e>
                 <e>
                     <k>text</k>
-                    <v>96655</v>
+                    <v>136380</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25381,7 +25792,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>133411</v>
+                                    <v>188243</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25397,7 +25808,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>133411</v>
+                                    <v>188243</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25413,17 +25824,17 @@
                                 <b>
                                     <a>16</a>
                                     <b>17</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>22</a>
                                     <b>23</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>60</a>
                                     <b>61</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25439,17 +25850,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>16</a>
                                     <b>17</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>54</a>
                                     <b>55</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25465,12 +25876,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>92571</v>
+                                    <v>130618</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>23</b>
-                                    <v>4084</v>
+                                    <v>5762</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25486,7 +25897,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>96655</v>
+                                    <v>136380</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25496,19 +25907,19 @@
         </relation>
         <relation>
             <name>ktCommentSections</name>
-            <cardinality>59896</cardinality>
+            <cardinality>52611</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>59896</v>
+                    <v>52611</v>
                 </e>
                 <e>
                     <k>comment</k>
-                    <v>54765</v>
+                    <v>48161</v>
                 </e>
                 <e>
                     <k>content</k>
-                    <v>50913</v>
+                    <v>44765</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25522,7 +25933,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>59896</v>
+                                    <v>52611</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25538,7 +25949,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>59896</v>
+                                    <v>52611</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25554,12 +25965,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>52697</v>
+                                    <v>46367</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>18</b>
-                                    <v>2068</v>
+                                    <v>1793</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25575,12 +25986,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>52697</v>
+                                    <v>46367</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>18</b>
-                                    <v>2068</v>
+                                    <v>1793</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25596,17 +26007,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>45040</v>
+                                    <v>39616</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>4909</v>
+                                    <v>4313</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>63</b>
-                                    <v>963</v>
+                                    <v>835</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25622,17 +26033,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>45151</v>
+                                    <v>39712</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>4815</v>
+                                    <v>4231</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>56</b>
-                                    <v>947</v>
+                                    <v>821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25642,15 +26053,15 @@
         </relation>
         <relation>
             <name>ktCommentSectionNames</name>
-            <cardinality>5130</cardinality>
+            <cardinality>4450</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>5130</v>
+                    <v>4450</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>15</v>
+                    <v>13</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25664,7 +26075,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5130</v>
+                                    <v>4450</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25680,7 +26091,7 @@
                                 <b>
                                     <a>325</a>
                                     <b>326</b>
-                                    <v>15</v>
+                                    <v>13</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25690,15 +26101,15 @@
         </relation>
         <relation>
             <name>ktCommentSectionSubjectNames</name>
-            <cardinality>5130</cardinality>
+            <cardinality>4450</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>5130</v>
+                    <v>4450</v>
                 </e>
                 <e>
                     <k>subjectname</k>
-                    <v>3362</v>
+                    <v>2916</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25712,7 +26123,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5130</v>
+                                    <v>4450</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25728,22 +26139,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>2557</v>
+                                    <v>2218</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>505</v>
+                                    <v>438</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>9</b>
-                                    <v>252</v>
+                                    <v>219</v>
                                 </b>
                                 <b>
                                     <a>10</a>
                                     <b>16</b>
-                                    <v>47</v>
+                                    <v>41</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25753,15 +26164,15 @@
         </relation>
         <relation>
             <name>ktCommentOwners</name>
-            <cardinality>85377</cardinality>
+            <cardinality>75329</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>54008</v>
+                    <v>47914</v>
                 </e>
                 <e>
                     <k>owner</k>
-                    <v>83356</v>
+                    <v>73508</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25775,22 +26186,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>34510</v>
+                                    <v>30838</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>12361</v>
+                                    <v>10872</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>4641</v>
+                                    <v>4025</v>
                                 </b>
                                 <b>
                                     <a>4</a>
                                     <b>6</b>
-                                    <v>2494</v>
+                                    <v>2177</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25806,12 +26217,12 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>81335</v>
+                                    <v>71701</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>2020</v>
+                                    <b>4</b>
+                                    <v>1807</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25821,19 +26232,19 @@
         </relation>
         <relation>
             <name>ktExtensionFunctions</name>
-            <cardinality>702451</cardinality>
+            <cardinality>1206297</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>702451</v>
+                    <v>1206297</v>
                 </e>
                 <e>
                     <k>typeid</k>
-                    <v>84403</v>
+                    <v>97963</v>
                 </e>
                 <e>
                     <k>kttypeid</k>
-                    <v>1361</v>
+                    <v>1920</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25847,7 +26258,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>702451</v>
+                                    <v>1206297</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25863,7 +26274,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>702451</v>
+                                    <v>1206297</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25879,37 +26290,37 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>53092</v>
+                                    <v>55704</v>
                                 </b>
                                 <b>
                                     <a>2</a>
                                     <b>3</b>
-                                    <v>5445</v>
+                                    <v>5762</v>
                                 </b>
                                 <b>
                                     <a>3</a>
                                     <b>4</b>
-                                    <v>2722</v>
-                                </b>
-                                <b>
-                                    <a>4</a>
-                                    <b>5</b>
-                                    <v>6806</v>
+                                    <v>3841</v>
                                 </b>
                                 <b>
                                     <a>5</a>
-                                    <b>12</b>
-                                    <v>6806</v>
+                                    <b>6</b>
+                                    <v>13445</v>
                                 </b>
                                 <b>
-                                    <a>12</a>
-                                    <b>69</b>
-                                    <v>6806</v>
+                                    <a>7</a>
+                                    <b>16</b>
+                                    <v>7683</v>
                                 </b>
                                 <b>
-                                    <a>84</a>
-                                    <b>174</b>
-                                    <v>2722</v>
+                                    <a>20</a>
+                                    <b>87</b>
+                                    <v>7683</v>
+                                </b>
+                                <b>
+                                    <a>109</a>
+                                    <b>227</b>
+                                    <v>3841</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25925,7 +26336,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>84403</v>
+                                    <v>97963</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25939,9 +26350,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>516</a>
-                                    <b>517</b>
-                                    <v>1361</v>
+                                    <a>628</a>
+                                    <b>629</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25955,9 +26366,9 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>62</a>
-                                    <b>63</b>
-                                    <v>1361</v>
+                                    <a>51</a>
+                                    <b>52</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -25967,15 +26378,15 @@
         </relation>
         <relation>
             <name>ktProperties</name>
-            <cardinality>30236718</cardinality>
+            <cardinality>21895839</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>30236718</v>
+                    <v>21895839</v>
                 </e>
                 <e>
                     <k>nodeName</k>
-                    <v>10667458</v>
+                    <v>13542035</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -25989,7 +26400,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>30236718</v>
+                                    <v>21895839</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26005,22 +26416,17 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>7868544</v>
+                                    <v>11824790</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>3</b>
-                                    <v>1212953</v>
+                                    <b>4</b>
+                                    <v>1142909</v>
                                 </b>
                                 <b>
-                                    <a>3</a>
-                                    <b>8</b>
-                                    <v>807274</v>
-                                </b>
-                                <b>
-                                    <a>8</a>
-                                    <b>554</b>
-                                    <v>778686</v>
+                                    <a>4</a>
+                                    <b>352</b>
+                                    <v>574335</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26030,15 +26436,15 @@
         </relation>
         <relation>
             <name>ktPropertyGetters</name>
-            <cardinality>4557765</cardinality>
+            <cardinality>5985387</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>4557765</v>
+                    <v>5985387</v>
                 </e>
                 <e>
                     <k>getter</k>
-                    <v>4557765</v>
+                    <v>5985387</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26052,7 +26458,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4557765</v>
+                                    <v>5985387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26068,7 +26474,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>4557765</v>
+                                    <v>5985387</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26078,15 +26484,15 @@
         </relation>
         <relation>
             <name>ktPropertySetters</name>
-            <cardinality>264099</cardinality>
+            <cardinality>366883</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>264099</v>
+                    <v>366883</v>
                 </e>
                 <e>
                     <k>setter</k>
-                    <v>264099</v>
+                    <v>366883</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26100,7 +26506,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>264099</v>
+                                    <v>366883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26116,7 +26522,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>264099</v>
+                                    <v>366883</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26126,15 +26532,15 @@
         </relation>
         <relation>
             <name>ktPropertyBackingFields</name>
-            <cardinality>23552540</cardinality>
+            <cardinality>14423708</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>23552540</v>
+                    <v>14423708</v>
                 </e>
                 <e>
                     <k>backingField</k>
-                    <v>23552540</v>
+                    <v>14423708</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26148,7 +26554,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>23552540</v>
+                                    <v>14423708</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26164,7 +26570,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>23552540</v>
+                                    <v>14423708</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26174,15 +26580,15 @@
         </relation>
         <relation>
             <name>ktSyntheticBody</name>
-            <cardinality>10303</cardinality>
+            <cardinality>9108</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>10303</v>
+                    <v>9108</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>2060</v>
+                    <v>1821</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26196,7 +26602,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>10303</v>
+                                    <v>9108</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26212,7 +26618,7 @@
                                 <b>
                                     <a>5</a>
                                     <b>6</b>
-                                    <v>2060</v>
+                                    <v>1821</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26222,37 +26628,37 @@
         </relation>
         <relation>
             <name>ktLocalFunction</name>
-            <cardinality>2722</cardinality>
+            <cardinality>3841</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>2722</v>
+                    <v>3841</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>ktInitializerAssignment</name>
-            <cardinality>392065</cardinality>
+            <cardinality>199475</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>392065</v>
+                    <v>199475</v>
                 </e>
             </columnsizes>
             <dependencies/>
         </relation>
         <relation>
             <name>ktPropertyDelegates</name>
-            <cardinality>5650</cardinality>
+            <cardinality>5201</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>5650</v>
+                    <v>5201</v>
                 </e>
                 <e>
                     <k>variableId</k>
-                    <v>5650</v>
+                    <v>5201</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26266,7 +26672,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5650</v>
+                                    <v>5201</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26282,7 +26688,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>5650</v>
+                                    <v>5201</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26292,15 +26698,15 @@
         </relation>
         <relation>
             <name>compiler_generated</name>
-            <cardinality>533645</cardinality>
+            <cardinality>1467534</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>533645</v>
+                    <v>1467534</v>
                 </e>
                 <e>
                     <k>kind</k>
-                    <v>5445</v>
+                    <v>13445</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26314,7 +26720,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>533645</v>
+                                    <v>1467534</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26328,24 +26734,39 @@
                             <budget>12</budget>
                             <bs>
                                 <b>
-                                    <a>2</a>
-                                    <b>3</b>
-                                    <v>1361</v>
+                                    <a>1</a>
+                                    <b>2</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>8</a>
                                     <b>9</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>38</a>
+                                    <b>39</b>
+                                    <v>1920</v>
                                 </b>
                                 <b>
                                     <a>81</a>
                                     <b>82</b>
-                                    <v>1361</v>
+                                    <v>1920</v>
                                 </b>
                                 <b>
-                                    <a>301</a>
-                                    <b>302</b>
-                                    <v>1361</v>
+                                    <a>85</a>
+                                    <b>86</b>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>236</a>
+                                    <b>237</b>
+                                    <v>1920</v>
+                                </b>
+                                <b>
+                                    <a>315</a>
+                                    <b>316</b>
+                                    <v>1920</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26355,15 +26776,15 @@
         </relation>
         <relation>
             <name>ktFunctionOriginalNames</name>
-            <cardinality>1215676</cardinality>
+            <cardinality>1586627</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>1215676</v>
+                    <v>1586627</v>
                 </e>
                 <e>
                     <k>name</k>
-                    <v>138856</v>
+                    <v>186323</v>
                 </e>
             </columnsizes>
             <dependencies>
@@ -26377,7 +26798,7 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>1215676</v>
+                                    <v>1586627</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26393,22 +26814,22 @@
                                 <b>
                                     <a>1</a>
                                     <b>2</b>
-                                    <v>111629</v>
+                                    <v>147905</v>
                                 </b>
                                 <b>
                                     <a>2</a>
-                                    <b>7</b>
-                                    <v>10890</v>
+                                    <b>4</b>
+                                    <v>13445</v>
                                 </b>
                                 <b>
-                                    <a>7</a>
-                                    <b>31</b>
-                                    <v>10890</v>
+                                    <a>6</a>
+                                    <b>16</b>
+                                    <v>15366</v>
                                 </b>
                                 <b>
-                                    <a>92</a>
-                                    <b>380</b>
-                                    <v>5445</v>
+                                    <a>22</a>
+                                    <b>339</b>
+                                    <v>9604</v>
                                 </b>
                             </bs>
                         </hist>
@@ -26418,11 +26839,11 @@
         </relation>
         <relation>
             <name>ktDataClasses</name>
-            <cardinality>80319</cardinality>
+            <cardinality>113330</cardinality>
             <columnsizes>
                 <e>
                     <k>id</k>
-                    <v>80319</v>
+                    <v>113330</v>
                 </e>
             </columnsizes>
             <dependencies/>
diff --git a/java/ql/lib/ext/android.app.model.yml b/java/ql/lib/ext/android.app.model.yml
new file mode 100644
index 00000000000..82ed724a418
--- /dev/null
+++ b/java/ql/lib/ext/android.app.model.yml
@@ -0,0 +1,147 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.app", "Activity", True, "bindService", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "bindServiceAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "setResult", "(int,Intent)", "", "Argument[1]", "pending-intent-sent", "manual"]
+      - ["android.app", "Activity", True, "startActivityAsCaller", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int)", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int,Bundle)", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "startActivityForResult", "(String,Intent,int,Bundle)", "", "Argument[1]", "intent-start", "manual"]
+      - ["android.app", "Activity", True, "startActivityForResultAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.app", "AlarmManager", True, "set", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setAlarmClock", "", "", "Argument[1]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setAndAllowWhileIdle", "", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setExact", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setExactAndAllowWhileIdle", "", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setInexactRepeating", "", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setRepeating", "", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["android.app", "AlarmManager", True, "setWindow", "(int,long,long,PendingIntent)", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(Class,Bundle,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(Fragment,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "add", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "attach", "(Fragment)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "replace", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "FragmentTransaction", True, "replace", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.app", "NotificationManager", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "NotificationManager", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intent-sent", "manual"]
+      - ["android.app", "NotificationManager", True, "notifyAsPackage", "(String,String,int,Notification)", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["android.app", "NotificationManager", True, "notifyAsUser", "(String,int,Notification,UserHandle)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String,Bundle)", "", "Argument[2]", "pending-intent-sent", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.app", "Notification$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Action", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "Builder", "(Action)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "Builder", "(Icon,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "addExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "addExtras", "", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "addExtras", "", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "addRemoteInput", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "build", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue.SyntheticField[android.content.Intent.extras]", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "extend", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "setAllowGeneratedReplies", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "setAuthenticationRequired", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "setContextual", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Action$Builder", True, "setSemanticAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "BigPictureStyle", "(Builder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "bigLargeIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "bigPicture", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigPictureStyle", True, "showBigPictureWhenCollapsed", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigTextStyle", True, "BigTextStyle", "(Builder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$BigTextStyle", True, "bigText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigTextStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$BigTextStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "addAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "addAction", "(Action)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "addExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "addExtras", "", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "addExtras", "", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "addPerson", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "build", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue.Field[android.app.Notification.extras]", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "extend", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "recoverBuilder", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "setActions", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setActions", "", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "setAutoCancel", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setBadgeIconType", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setBubbleMetadata", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setCategory", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setChannelId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setChronometerCountDown", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setColor", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setColorized", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContentInfo", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContentIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContentIntent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContentText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setCustomBigContentView", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setCustomHeadsUpContentView", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setDefaults", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setDeleteIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setDeleteIntent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "setExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setExtras", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras]", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setFlag", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setForegroundServiceBehavior", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setFullScreenIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setGroup", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setGroupAlertBehavior", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setGroupSummary", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setLargeIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setLights", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setLocalOnly", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setLocusId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setNumber", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setOngoing", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setOnlyAlertOnce", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setPriority", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setProgress", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setPublicVersion", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setPublicVersion", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$Builder", True, "setRemoteInputHistory", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setSettingsText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setShortcutId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setShowWhen", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setSmallIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setSortKey", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setSound", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setStyle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setSubText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setTicker", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setTimeoutAfter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setUsesChronometer", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setVibrate", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setVisibility", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Builder", True, "setWhen", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$InboxStyle", True, "InboxStyle", "(Builder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$InboxStyle", True, "addLine", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$InboxStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$InboxStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$MediaStyle", True, "MediaStyle", "(Builder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.app", "Notification$MediaStyle", True, "setMediaSession", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$MediaStyle", True, "setShowActionsInCompactView", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.app", "Notification$Style", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/android.content.model.yml b/java/ql/lib/ext/android.content.model.yml
new file mode 100644
index 00000000000..292360c550c
--- /dev/null
+++ b/java/ql/lib/ext/android.content.model.yml
@@ -0,0 +1,225 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      # ContentInterface models are here for backwards compatibility (it was removed in API 28)
+      - ["android.content", "ContentInterface", True, "call", "(String,String,String,Bundle)", "", "Parameter[0..3]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "delete", "(Uri,Bundle)", "", "Parameter[0..1]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "getType", "(Uri)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "insert", "(Uri,ContentValues,Bundle)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "openAssetFile", "(Uri,String,CancellationSignal)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "openFile", "(Uri,String,CancellationSignal)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "openTypedAssetFile", "(Uri,String,Bundle,CancellationSignal)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "query", "(Uri,String[],Bundle,CancellationSignal)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentInterface", True, "update", "(Uri,ContentValues,Bundle)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "call", "(String,String,Bundle)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "call", "(String,String,String,Bundle)", "", "Parameter[0..3]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "delete", "(Uri,Bundle)", "", "Parameter[0..1]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "delete", "(Uri,String,String[])", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "getType", "(Uri)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "insert", "(Uri,ContentValues)", "", "Parameter[0..1]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "insert", "(Uri,ContentValues,Bundle)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openAssetFile", "(Uri,String)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openAssetFile", "(Uri,String,CancellationSignal)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openFile", "(Uri,String)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openFile", "(Uri,String,CancellationSignal)", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openTypedAssetFile", "(Uri,String,Bundle)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "openTypedAssetFile", "(Uri,String,Bundle,CancellationSignal)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],Bundle,CancellationSignal)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Parameter[0..4]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Parameter[0..4]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "update", "(Uri,ContentValues,Bundle)", "", "Parameter[0..2]", "contentprovider", "manual"]
+      - ["android.content", "ContentProvider", True, "update", "(Uri,ContentValues,String,String[])", "", "Parameter[0..3]", "contentprovider", "manual"]
+      - ["android.content", "Context", True, "getExternalCacheDir", "()", "", "ReturnValue", "android-external-storage-dir", "manual"]
+      - ["android.content", "Context", True, "getExternalCacheDirs", "()", "", "ReturnValue", "android-external-storage-dir", "manual"]
+      - ["android.content", "Context", True, "getExternalFilesDir", "(String)", "", "ReturnValue", "android-external-storage-dir", "manual"]
+      - ["android.content", "Context", True, "getExternalFilesDirs", "(String)", "", "ReturnValue", "android-external-storage-dir", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.content", "ContentProvider", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "ContentProvider", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "ContentResolver", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql", "manual"]
+      - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "ContentResolver", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"]
+      - ["android.content", "Context", True, "sendBroadcast", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendBroadcastWithMultiplePermissions", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendStickyBroadcast", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendStickyBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendStickyOrderedBroadcast", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "sendStickyOrderedBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivities", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivity", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivityAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivityFromChild", "", "", "Argument[1]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivityFromFragment", "", "", "Argument[1]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startActivityIfNeeded", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startForegroundService", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startService", "", "", "Argument[0]", "intent-start", "manual"]
+      - ["android.content", "Context", True, "startServiceAsUser", "", "", "Argument[0]", "intent-start", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.content", "ComponentName", False, "ComponentName", "(Context,Class)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "ComponentName", "(Context,String)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "ComponentName", "(Parcel)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "ComponentName", "(String,String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "createRelative", "(Context,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "createRelative", "(String,String)", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "flattenToShortString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "flattenToString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "getClassName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "getPackageName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "getShortClassName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ComponentName", False, "unflattenFromString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      # ContentProviderClient is tainted at its creation, not by its arguments
+      - ["android.content", "ContentProviderClient", True, "applyBatch", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "call", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "canonicalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "getLocalContentProvider", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "getStreamTypes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "insert", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "query", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderClient", True, "uncanonicalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "apply", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "apply", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "getUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "newAssertQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "newCall", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "newDelete", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "newInsert", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "newUpdate", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "resolveExtrasBackReferences", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "resolveSelectionArgsBackReferences", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation", False, "resolveValueBackReferences", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withExceptionAllowed", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withExpectedCount", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withExtraBackReference", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withSelection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withSelectionBackReference", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withValueBackReference", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withValues", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderOperation$Builder", False, "withYieldAllowed", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "ContentProviderResult", False, "ContentProviderResult", "(Bundle)", "", "Argument[0]", "Argument[-1].Field[android.content.ContentProviderResult.extras]", "value", "manual"]
+      - ["android.content", "ContentProviderResult", False, "ContentProviderResult", "(Parcel)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "ContentProviderResult", False, "ContentProviderResult", "(Throwable)", "", "Argument[0]", "Argument[-1].Field[android.content.ContentProviderResult.exception]", "value", "manual"]
+      - ["android.content", "ContentProviderResult", False, "ContentProviderResult", "(Uri)", "", "Argument[0]", "Argument[-1].Field[android.content.ContentProviderResult.uri]", "value", "manual"]
+      - ["android.content", "ContentResolver", True, "acquireContentProviderClient", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "acquireUnstableContentProviderClient", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "applyBatch", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "call", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "canonicalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "getStreamTypes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "getType", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "insert", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "query", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "uncanonicalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentResolver", True, "wrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "ContentValues", False, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.content", "ContentValues", False, "put", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.content", "ContentValues", False, "putAll", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.content", "ContentValues", False, "putAll", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      # Currently only the Extras part of the intent and the data field are fully modeled
+      - ["android.content", "Intent", True, "Intent", "(Context,Class)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "Intent", "(Intent)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", False, "Intent", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", False, "Intent", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", False, "Intent", "(String,Uri)", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", False, "Intent", "(String,Uri,Context,Class)", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", True, "Intent", "(String,Uri,Context,Class)", "", "Argument[3]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "addCategory", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "addFlags", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", False, "createChooser", "", "", "Argument[0..2]", "ReturnValue.SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getBundleExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getByteArrayExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getCharArrayExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getCharSequenceArrayExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getCharSequenceArrayListExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getCharSequenceExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getData", "", "", "Argument[-1].SyntheticField[android.content.Intent.data]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getDataString", "", "", "Argument[-1].SyntheticField[android.content.Intent.data]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "Intent", True, "getExtras", "()", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", False, "getIntent", "", "", "Argument[0]", "ReturnValue.SyntheticField[android.content.Intent.data]", "taint", "manual"]
+      - ["android.content", "Intent", True, "getIntent", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "Intent", False, "getIntentOld", "", "", "Argument[0]", "ReturnValue.SyntheticField[android.content.Intent.data]", "taint", "manual"]
+      - ["android.content", "Intent", True, "getIntentOld", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "Intent", True, "getParcelableArrayExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getParcelableArrayListExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getParcelableExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getSerializableExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getStringArrayExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getStringArrayListExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "getStringExtra", "(String)", "", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", False, "parseUri", "", "", "Argument[0]", "ReturnValue.SyntheticField[android.content.Intent.data]", "taint", "manual"]
+      - ["android.content", "Intent", True, "parseUri", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.content", "Intent", True, "putCharSequenceArrayListExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putCharSequenceArrayListExtra", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putCharSequenceArrayListExtra", "", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtra", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtra", "", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Bundle)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Bundle)", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Bundle)", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Intent)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putExtras", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putIntegerArrayListExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putIntegerArrayListExtra", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putParcelableArrayListExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putParcelableArrayListExtra", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putParcelableArrayListExtra", "", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putStringArrayListExtra", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "putStringArrayListExtra", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "putStringArrayListExtra", "", "", "Argument[1]", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Bundle)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Bundle)", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Bundle)", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Intent)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["android.content", "Intent", True, "replaceExtras", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setClass", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setClass", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "setClassName", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setClassName", "(Context,String)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "setClassName", "(String,String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "setComponent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setComponent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "setData", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setData", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndNormalize", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndNormalize", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndType", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndType", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndTypeAndNormalize", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setDataAndTypeAndNormalize", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.data]", "value", "manual"]
+      - ["android.content", "Intent", True, "setFlags", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setIdentifier", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setPackage", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setPackage", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.content", "Intent", True, "setType", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "Intent", True, "setTypeAndNormalize", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "clear", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putBoolean", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putFloat", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putInt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putLong", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "putStringSet", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.content", "SharedPreferences$Editor", True, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/android.database.model.yml b/java/ql/lib/ext/android.database.model.yml
new file mode 100644
index 00000000000..a7c6e6b1d9b
--- /dev/null
+++ b/java/ql/lib/ext/android.database.model.yml
@@ -0,0 +1,27 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.database", "DatabaseUtils", False, "blobFileDescriptorForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "createDbFromSqlStatements", "(Context,String,int,String)", "", "Argument[3]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "longForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String)", "", "Argument[1..2]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String,String[])", "", "Argument[1..2]", "sql", "manual"]
+      - ["android.database", "DatabaseUtils", False, "stringForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.database", "Cursor", True, "copyStringToBuffer", "", "", "Argument[-1]", "Argument[1]", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getBlob", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getColumnName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getColumnNames", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getExtras", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getNotificationUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getNotificationUris", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "Cursor", True, "respond", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database", "DatabaseUtils", False, "appendSelectionArgs", "(String[],String[])", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["android.database", "DatabaseUtils", False, "concatenateWhere", "(String,String)", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/android.database.sqlite.model.yml b/java/ql/lib/ext/android.database.sqlite.model.yml
new file mode 100644
index 00000000000..4b775715409
--- /dev/null
+++ b/java/ql/lib/ext/android.database.sqlite.model.yml
@@ -0,0 +1,89 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.database.sqlite", "SQLiteDatabase", False, "compileStatement", "(String)", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "delete", "(String,String,String[])", "", "Argument[0..1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "execPerConnectionSQL", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String)", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[0..2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[5..8]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[5..8]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[4]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[6..9]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[6..9]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[])", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[],CancellationSignal)", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String,CancellationSignal)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[0]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "insert", "(SQLiteDatabase,ContentValues)", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4..7]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[-1]", "sql", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "appendColumns", "(StringBuilder,String[])", "", "Argument[1].ArrayElement", "Argument[0]", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "appendWhere", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "appendWhereStandalone", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String,String,String,String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String,String,String,String)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String,String,String,String)", "", "Argument[1..5]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String[],String,String,String,String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String[],String,String,String,String)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String[],String,String,String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQuery", "(String[],String,String[],String,String,String,String)", "", "Argument[3..6]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQueryString", "(boolean,String,String[],String,String,String,String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQueryString", "(boolean,String,String[],String,String,String,String,String)", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildQueryString", "(boolean,String,String[],String,String,String,String,String)", "", "Argument[3..7]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionQuery", "(String[],String,String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionQuery", "(String[],String,String)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionQuery", "(String[],String,String)", "", "Argument[1..2]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String,String)", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String,String)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String,String)", "", "Argument[2].Element", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String,String)", "", "Argument[4..7]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String[],String,String)", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String[],String,String)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String[],String,String)", "", "Argument[2].Element", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String[],String,String)", "", "Argument[4..5]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "buildUnionSubQuery", "(String,String[],Set,int,String,String,String[],String,String)", "", "Argument[7..8]", "ReturnValue", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "setProjectionMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "setProjectionMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["android.database.sqlite", "SQLiteQueryBuilder", True, "setTables", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/android.net.model.yml b/java/ql/lib/ext/android.net.model.yml
new file mode 100644
index 00000000000..2cda1efbc75
--- /dev/null
+++ b/java/ql/lib/ext/android.net.model.yml
@@ -0,0 +1,65 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.net", "Uri", True, "buildUpon", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "fromFile", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "fromParts", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getAuthority", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedAuthority", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedFragment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedQuery", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedSchemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getEncodedUserInfo", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getFragment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getHost", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getLastPathSegment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getPathSegments", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getQuery", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getQueryParameter", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getQueryParameterNames", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getQueryParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getScheme", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getSchemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "getUserInfo", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "normalizeScheme", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "parse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "withAppendedPath", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri", False, "writeToParcel", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendEncodedPath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendEncodedPath", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendPath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendPath", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendQueryParameter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "appendQueryParameter", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "authority", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "authority", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "clearQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedAuthority", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedAuthority", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedFragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedFragment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedOpaquePart", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedOpaquePart", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedPath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedPath", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "encodedQuery", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "fragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "fragment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "opaquePart", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "opaquePart", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "path", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "path", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "query", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "query", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "scheme", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["android.net", "Uri$Builder", False, "scheme", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["android.net", "Uri$Builder", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/android.os.model.yml b/java/ql/lib/ext/android.os.model.yml
new file mode 100644
index 00000000000..847ac6ce27b
--- /dev/null
+++ b/java/ql/lib/ext/android.os.model.yml
@@ -0,0 +1,134 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["android.os", "Environment", False, "getExternalStorageDirectory", "()", "", "ReturnValue", "android-external-storage-dir", "manual"]
+      - ["android.os", "Environment", False, "getExternalStoragePublicDirectory", "(String)", "", "ReturnValue", "android-external-storage-dir", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.os", "BaseBundle", True, "get", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "getString", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "getString", "(String,String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "getString", "(String,String)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "getStringArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putAll", "(PersistableBundle)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putAll", "(PersistableBundle)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putBoolean", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putBooleanArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putDouble", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putDoubleArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putInt", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putIntArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putLong", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putLongArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putString", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putString", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putStringArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "BaseBundle", True, "putStringArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", False, "Bundle", "(Bundle)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", False, "Bundle", "(Bundle)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", False, "Bundle", "(PersistableBundle)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", False, "Bundle", "(PersistableBundle)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "clone", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "clone", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      #  Model for Bundle.deepCopy is not fully precise, as some map values aren't copied by value
+      - ["android.os", "Bundle", True, "deepCopy", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "deepCopy", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getBinder", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getBundle", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getByteArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharSequence", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharSequence", "(String,CharSequence)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharSequence", "(String,CharSequence)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharSequenceArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getCharSequenceArrayList", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getParcelable", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getParcelableArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getParcelableArrayList", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getSerializable", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getSparseParcelableArray", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "getStringArrayList", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putAll", "(Bundle)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putAll", "(Bundle)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putBinder", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putBinder", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putBundle", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putBundle", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putByte", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putByteArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putByteArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putChar", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequence", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequence", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequenceArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequenceArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequenceArrayList", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putCharSequenceArrayList", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putFloat", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putFloatArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putIntegerArrayList", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelable", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelable", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelableArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelableArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelableArrayList", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putParcelableArrayList", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSerializable", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSerializable", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putShort", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putShortArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSize", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSizeF", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSparseParcelableArray", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putSparseParcelableArray", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "putStringArrayList", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["android.os", "Bundle", True, "putStringArrayList", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["android.os", "Bundle", True, "readFromParcel", "", "", "Argument[0]", "Argument[-1].MapKey", "taint", "manual"]
+      - ["android.os", "Bundle", True, "readFromParcel", "", "", "Argument[0]", "Argument[-1].MapValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readArrayList", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readBinderArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readBinderList", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readBooleanArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readBundle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readByte", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readByteArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readCharArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readDoubleArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readFileDescriptor", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readFloatArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readHashMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readIntArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readList", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readLongArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readMap", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readParcelable", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readParcelableArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readParcelableList", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readParcelableList", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["android.os", "Parcel", False, "readPersistableBundle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readSerializable", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readSize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readSizeF", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readSparseArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readSparseBooleanArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readStringArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readStringList", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readStrongBinder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readTypedArray", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readTypedList", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readTypedObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["android.os", "Parcel", False, "readValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/android.support.v4.app.model.yml b/java/ql/lib/ext/android.support.v4.app.model.yml
new file mode 100644
index 00000000000..c99ebd9865e
--- /dev/null
+++ b/java/ql/lib/ext/android.support.v4.app.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(Class,Bundle,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(Fragment,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "add", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "attach", "(Fragment)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "replace", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["android.support.v4.app", "FragmentTransaction", True, "replace", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
diff --git a/java/ql/lib/ext/android.util.model.yml b/java/ql/lib/ext/android.util.model.yml
new file mode 100644
index 00000000000..b57ff4819a7
--- /dev/null
+++ b/java/ql/lib/ext/android.util.model.yml
@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["android.util", "AttributeSet", False, "getAttributeBooleanValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeCount", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeFloatValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeIntValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeListValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeName", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeNameResource", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeNamespace", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeResourceValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeUnsignedIntValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getAttributeValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getClassAttribute", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getIdAttribute", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getIdAttributeResourceValue", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getPositionDescription", "", "", "ReturnValue", "remote", "manual"]
+      - ["android.util", "AttributeSet", False, "getStyleAttribute", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.util", "Log", True, "d", "", "", "Argument[1]", "logging", "manual"]
+      - ["android.util", "Log", True, "e", "", "", "Argument[1]", "logging", "manual"]
+      - ["android.util", "Log", True, "i", "", "", "Argument[1]", "logging", "manual"]
+      - ["android.util", "Log", True, "v", "", "", "Argument[1]", "logging", "manual"]
+      - ["android.util", "Log", True, "w", "", "", "Argument[1]", "logging", "manual"]
+      - ["android.util", "Log", True, "wtf", "", "", "Argument[1]", "logging", "manual"]
diff --git a/java/ql/lib/ext/android.webkit.model.yml b/java/ql/lib/ext/android.webkit.model.yml
new file mode 100644
index 00000000000..05058493fe1
--- /dev/null
+++ b/java/ql/lib/ext/android.webkit.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["android.webkit", "WebView", False, "getOriginalUrl", "()", "", "ReturnValue", "remote", "manual"]
+      - ["android.webkit", "WebView", False, "getUrl", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      # Models representing methods susceptible to XSS attacks.
+      - ["android.webkit", "WebView", False, "evaluateJavascript", "", "", "Argument[0]", "xss", "manual"]
+      - ["android.webkit", "WebView", False, "loadData", "", "", "Argument[0]", "xss", "manual"]
+      - ["android.webkit", "WebView", False, "loadDataWithBaseURL", "", "", "Argument[1]", "xss", "manual"]
diff --git a/java/ql/lib/ext/android.widget.model.yml b/java/ql/lib/ext/android.widget.model.yml
new file mode 100644
index 00000000000..1b6c94993e0
--- /dev/null
+++ b/java/ql/lib/ext/android.widget.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["android.widget", "EditText", True, "getText", "", "", "ReturnValue", "android-widget", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.widget", "EditText", True, "getText", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/androidx.core.app.model.yml b/java/ql/lib/ext/androidx.core.app.model.yml
new file mode 100644
index 00000000000..dbf8c0fb082
--- /dev/null
+++ b/java/ql/lib/ext/androidx.core.app.model.yml
@@ -0,0 +1,110 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["androidx.core.app", "AlarmManagerCompat", True, "setAlarmClock", "", "", "Argument[2..3]", "pending-intent-sent", "manual"]
+      - ["androidx.core.app", "AlarmManagerCompat", True, "setAndAllowWhileIdle", "", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["androidx.core.app", "AlarmManagerCompat", True, "setExact", "", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["androidx.core.app", "AlarmManagerCompat", True, "setExactAndAllowWhileIdle", "", "", "Argument[3]", "pending-intent-sent", "manual"]
+      - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intent-sent", "manual"]
+      - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intent-sent", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(Action)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addExtras", "", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addExtras", "", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addRemoteInput", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "build", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue.SyntheticField[android.content.Intent.extras]", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "extend", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "setAllowGeneratedReplies", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "setAuthenticationRequired", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "setContextual", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Action$Builder", True, "setSemanticAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "bigLargeIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "bigPicture", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "showBigPictureWhenCollapsed", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "bigText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(Action)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addExtras", "", "", "Argument[0].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addExtras", "", "", "Argument[0].MapValue", "Argument[-1].SyntheticField[android.content.Intent.extras].MapValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "addPerson", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "build", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue.Field[android.app.Notification.extras]", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "extend", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "getExtras", "", "", "Argument[-1].SyntheticField[android.content.Intent.extras]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setActions", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setAutoCancel", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setBadgeIconType", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setBubbleMetadata", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setCategory", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setChannelId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setChronometerCountDown", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setColor", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setColorized", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContentInfo", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContentIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContentIntent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContentText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomBigContentView", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomHeadsUpContentView", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setDefaults", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setDeleteIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setDeleteIntent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setExtras", "", "", "Argument[0]", "Argument[-1].SyntheticField[android.content.Intent.extras]", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setFlag", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setForegroundServiceBehavior", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setFullScreenIntent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setGroup", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setGroupAlertBehavior", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setGroupSummary", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setLargeIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setLights", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setLocalOnly", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setLocusId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setNumber", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setOngoing", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setOnlyAlertOnce", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setPriority", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setProgress", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setPublicVersion", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setPublicVersion", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setRemoteInputHistory", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setSettingsText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setShortcutId", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setShowWhen", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setSmallIcon", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setSortKey", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setSound", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setStyle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setSubText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setTicker", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setTimeoutAfter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setUsesChronometer", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setVibrate", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setVisibility", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$Builder", True, "setWhen", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$InboxStyle", True, "addLine", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$InboxStyle", True, "setBigContentTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.core.app", "NotificationCompat$InboxStyle", True, "setSummaryText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/androidx.fragment.app.model.yml b/java/ql/lib/ext/androidx.fragment.app.model.yml
new file mode 100644
index 00000000000..94c55a75c71
--- /dev/null
+++ b/java/ql/lib/ext/androidx.fragment.app.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(Class,Bundle,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(Fragment,String)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "add", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "attach", "(Fragment)", "", "Argument[0]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "replace", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"]
+      - ["androidx.fragment.app", "FragmentTransaction", True, "replace", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"]
diff --git a/java/ql/lib/ext/androidx.slice.builders.model.yml b/java/ql/lib/ext/androidx.slice.builders.model.yml
new file mode 100644
index 00000000000..8b84e7ec341
--- /dev/null
+++ b/java/ql/lib/ext/androidx.slice.builders.model.yml
@@ -0,0 +1,93 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["androidx.slice.builders", "ListBuilder", True, "addAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addGridRow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addGridRow", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addInputRange", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addInputRange", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRange", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRange", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRating", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRating", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addRow", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addSelection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "addSelection", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "build", "", "", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "ReturnValue", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setAccentColor", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setHeader", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setHeader", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setHostExtras", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setIsError", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setKeywords", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setLayoutDirection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setSeeMoreAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setSeeMoreAction", "(PendingIntent)", "", "Argument[0]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setSeeMoreRow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder", True, "setSeeMoreRow", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setLayoutDirection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setPrimaryAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setPrimaryAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setSubtitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setSummary", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$HeaderBuilder", True, "setTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "addEndItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "addEndItem", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setInputAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setInputAction", "(PendingIntent)", "", "Argument[0]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setLayoutDirection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setMax", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setMin", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setPrimaryAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setPrimaryAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setSubtitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setThumb", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setTitleItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$InputRangeBuilder", True, "setValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setMax", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setMode", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setPrimaryAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setPrimaryAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setSubtitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setTitleItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RangeBuilder", True, "setValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setInputAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setInputAction", "(PendingIntent)", "", "Argument[0]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setMax", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setMin", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setPrimaryAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setPrimaryAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setSubtitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setTitleItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RatingBuilder", True, "setValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "addEndItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "addEndItem", "(SliceAction)", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "addEndItem", "(SliceAction,boolean)", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setEndOfSection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setLayoutDirection", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setPrimaryAction", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setPrimaryAction", "", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setSubtitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setTitle", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setTitleItem", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setTitleItem", "(SliceAction)", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "ListBuilder$RowBuilder", True, "setTitleItem", "(SliceAction,boolean)", "", "Argument[0].SyntheticField[androidx.slice.Slice.action]", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "create", "(PendingIntent,IconCompat,int,CharSequence)", "", "Argument[0]", "ReturnValue.SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "createDeeplink", "(PendingIntent,IconCompat,int,CharSequence)", "", "Argument[0]", "ReturnValue.SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "createToggle", "(PendingIntent,CharSequence,boolean)", "", "Argument[0]", "ReturnValue.SyntheticField[androidx.slice.Slice.action]", "taint", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "getAction", "", "", "Argument[-1].SyntheticField[androidx.slice.Slice.action]", "ReturnValue", "taint", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "setChecked", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "setContentDescription", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["androidx.slice.builders", "SliceAction", True, "setPriority", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/androidx.slice.model.yml b/java/ql/lib/ext/androidx.slice.model.yml
new file mode 100644
index 00000000000..97481e886e5
--- /dev/null
+++ b/java/ql/lib/ext/androidx.slice.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["androidx.slice", "SliceProvider", True, "onBindSlice", "", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["androidx.slice", "SliceProvider", True, "onCreatePermissionRequest", "", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["androidx.slice", "SliceProvider", True, "onMapIntentToUri", "", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["androidx.slice", "SliceProvider", True, "onSlicePinned", "", "", "Parameter[0]", "contentprovider", "manual"]
+      - ["androidx.slice", "SliceProvider", True, "onSliceUnpinned", "", "", "Parameter[0]", "contentprovider", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["androidx.slice", "SliceProvider", True, "onBindSlice", "", "", "ReturnValue", "pending-intent-sent", "manual"]
+      - ["androidx.slice", "SliceProvider", True, "onCreatePermissionRequest", "", "", "ReturnValue", "pending-intent-sent", "manual"]
diff --git a/java/ql/lib/ext/cn.hutool.core.codec.model.yml b/java/ql/lib/ext/cn.hutool.core.codec.model.yml
new file mode 100644
index 00000000000..8d583c144fb
--- /dev/null
+++ b/java/ql/lib/ext/cn.hutool.core.codec.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["cn.hutool.core.codec", "Base64", True, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.esotericsoftware.kryo.io.model.yml b/java/ql/lib/ext/com.esotericsoftware.kryo.io.model.yml
new file mode 100644
index 00000000000..b98da490aba
--- /dev/null
+++ b/java/ql/lib/ext/com.esotericsoftware.kryo.io.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.esotericsoftware.kryo.io", "Input", False, "Input", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.esotericsoftware.kryo5.io.model.yml b/java/ql/lib/ext/com.esotericsoftware.kryo5.io.model.yml
new file mode 100644
index 00000000000..78512602b9f
--- /dev/null
+++ b/java/ql/lib/ext/com.esotericsoftware.kryo5.io.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.esotericsoftware.kryo5.io", "Input", False, "Input", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.fasterxml.jackson.core.model.yml b/java/ql/lib/ext/com.fasterxml.jackson.core.model.yml
new file mode 100644
index 00000000000..640b96f769f
--- /dev/null
+++ b/java/ql/lib/ext/com.fasterxml.jackson.core.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.fasterxml.jackson.core", "JsonFactory", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml b/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml
new file mode 100644
index 00000000000..3768007ebe7
--- /dev/null
+++ b/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "convertValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue.Element", "ReturnValue", "taint", "manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectReader", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.google.common.base.model.yml b/java/ql/lib/ext/com.google.common.base.model.yml
new file mode 100644
index 00000000000..9d7e8491e81
--- /dev/null
+++ b/java/ql/lib/ext/com.google.common.base.model.yml
@@ -0,0 +1,98 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.google.common.base", "Splitter", False, "onPattern", "(String)", "", "Argument[0]", "regex-use[]", "manual"]
+      - ["com.google.common.base", "Splitter", False, "split", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+      - ["com.google.common.base", "Splitter", False, "splitToList", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+      - ["com.google.common.base", "Splitter$MapSplitter", False, "split", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.google.common.base", "Ascii", False, "toLowerCase", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Ascii", False, "toLowerCase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Ascii", False, "toUpperCase", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Ascii", False, "toUpperCase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Ascii", False, "truncate", "(CharSequence,int,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Ascii", False, "truncate", "(CharSequence,int,String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "CaseFormat", True, "to", "(CaseFormat,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Converter", True, "apply", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Converter", True, "convert", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Converter", True, "convertAll", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(Appendable,Iterable)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(Appendable,Iterator)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(Appendable,Object,Object,Object[])", "", "Argument[1..2]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(Appendable,Object,Object,Object[])", "", "Argument[3].ArrayElement", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(Appendable,Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(StringBuilder,Iterable)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(StringBuilder,Iterator)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(StringBuilder,Object,Object,Object[])", "", "Argument[1..2]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(StringBuilder,Object,Object,Object[])", "", "Argument[3].ArrayElement", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "appendTo", "(StringBuilder,Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "join", "", "", "Argument[-1..2]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "on", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "skipNulls", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "useForNull", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "useForNull", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "withKeyValueSeparator", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "withKeyValueSeparator", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner", False, "withKeyValueSeparator", "(char)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "appendTo", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "appendTo", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Iterable)", "", "Argument[0].Element.MapKey", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Iterable)", "", "Argument[0].Element.MapValue", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Iterator)", "", "Argument[0].Element.MapKey", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Iterator)", "", "Argument[0].Element.MapValue", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Map)", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "join", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "useForNull", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Joiner$MapJoiner", False, "useForNull", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects", False, "firstNonNull", "(Object,Object)", "", "Argument[0..1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "MoreObjects", False, "toStringHelper", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "add", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "add", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "add", "(String,Object)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "add", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "addValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "addValue", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "addValue", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "omitNullValues", "()", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "MoreObjects$ToStringHelper", False, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Optional", True, "asSet", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "fromJavaUtil", "(Optional)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "fromNullable", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "get", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "or", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "or", "(Object)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "or", "(Optional)", "", "Argument[-1..0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "or", "(Supplier)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "or", "(Supplier)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Optional", True, "orNull", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "presentInstances", "(Iterable)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "toJavaUtil", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Optional", True, "toJavaUtil", "(Optional)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.base", "Preconditions", False, "checkNotNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Splitter", False, "split", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Splitter", False, "splitToList", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Splitter", False, "splitToStream", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Splitter$MapSplitter", False, "split", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Strings", False, "emptyToNull", "(String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Strings", False, "lenientFormat", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Strings", False, "lenientFormat", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Strings", False, "nullToEmpty", "(String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.base", "Strings", False, "padEnd", "(String,int,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Strings", False, "padStart", "(String,int,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Strings", False, "repeat", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Supplier", True, "get", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Suppliers", False, "memoize", "(Supplier)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Suppliers", False, "memoizeWithExpiration", "(Supplier,long,TimeUnit)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Suppliers", False, "ofInstance", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Suppliers", False, "synchronizedSupplier", "(Supplier)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.base", "Verify", False, "verifyNotNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/com.google.common.cache.model.yml b/java/ql/lib/ext/com.google.common.cache.model.yml
new file mode 100644
index 00000000000..f5c88464208
--- /dev/null
+++ b/java/ql/lib/ext/com.google.common.cache.model.yml
@@ -0,0 +1,24 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.google.common.cache", "Cache", True, "asMap", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "asMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      # Lambda flow from Argument[1] not implemented
+      - ["com.google.common.cache", "Cache", True, "get", "(Object,Callable)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      # The true flow to MapKey of ReturnValue for getAllPresent is the intersection of the these inputs, but intersections cannot be modeled fully accurately.
+      - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "getIfPresent", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.cache", "Cache", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "apply", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "getAll", "(Iterable)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "getAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "getAll", "(Iterable)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.cache", "LoadingCache", True, "getUnchecked", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/com.google.common.collect.model.yml b/java/ql/lib/ext/com.google.common.collect.model.yml
new file mode 100644
index 00000000000..b6c067fe5e0
--- /dev/null
+++ b/java/ql/lib/ext/com.google.common.collect.model.yml
@@ -0,0 +1,560 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Methods depending on lambda flow are not currently modeled
+      # Methods depending on stronger aliasing properties than we support are also not modeled.
+      - ["com.google.common.collect", "ArrayListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ArrayListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ArrayTable", True, "create", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ArrayTable", True, "create", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ArrayTable", True, "create", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ArrayTable", True, "create", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ArrayTable", True, "create", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "BiMap", True, "forcePut", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "BiMap", True, "forcePut", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "BiMap", True, "inverse", "()", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "BiMap", True, "inverse", "()", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ClassToInstanceMap", True, "getInstance", "(Class)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ClassToInstanceMap", True, "putInstance", "(Class,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ClassToInstanceMap", True, "putInstance", "(Class,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Collections2", False, "filter", "(Collection,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Collections2", False, "orderedPermutations", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Collections2", False, "orderedPermutations", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Collections2", False, "permutations", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "ConcurrentHashMultiset", True, "create", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "HashBasedTable", True, "create", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "HashBasedTable", True, "create", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "HashBasedTable", True, "create", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "HashBiMap", True, "create", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "HashBiMap", True, "create", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "HashMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "HashMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "HashMultiset", True, "create", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableBiMap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableClassToInstanceMap", True, "copyOf", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableClassToInstanceMap", True, "copyOf", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableClassToInstanceMap", True, "of", "(Class,Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableClassToInstanceMap", True, "of", "(Class,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection", True, "asList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "add", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "addAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "addAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "addAll", "(Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableCollection$Builder", True, "build", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "copyOf", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "copyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "copyOf", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "copyOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "of", "", "", "Argument[0..11]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "of", "", "", "Argument[12].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "reverse", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "sortedCopyOf", "(Comparator,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableList", True, "sortedCopyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableListMultimap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "copyOf", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "copyOf", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "build", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "build", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "orderEntriesByValue", "(Comparator)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "put", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "put", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "put", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "putAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "putAll", "(Iterable)", "", "Argument[0].Element.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "putAll", "(Iterable)", "", "Argument[0].Element.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMap$Builder", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "copyOf", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "copyOf", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "inverse", "()", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "inverse", "()", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "build", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "build", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "orderKeysBy", "(Comparator)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "orderValuesBy", "(Comparator)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "put", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "put", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "put", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Iterable)", "", "Argument[0].Element.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Iterable)", "", "Argument[0].Element.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Multimap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Multimap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Object,Iterable)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Object,Iterable)", "", "Argument[1].Element", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Object,Object[])", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultimap$Builder", True, "putAll", "(Object,Object[])", "", "Argument[1].ArrayElement", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset", True, "copyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset", True, "copyOf", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset", True, "copyOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset", True, "of", "", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset", True, "of", "", "", "Argument[6].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset$Builder", True, "addCopies", "(Object,int)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset$Builder", True, "addCopies", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableMultiset$Builder", True, "setCount", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "copyOf", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "copyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "copyOf", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "copyOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "of", "", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSet", True, "of", "", "", "Argument[6].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSetMultimap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Iterable)", "", "Argument[0].Element.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Iterable,Comparator)", "", "Argument[0].Element.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Iterable,Comparator)", "", "Argument[0].Element.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Map,Comparator)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOf", "(Map,Comparator)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOfSorted", "(SortedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "copyOfSorted", "(SortedMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMap", True, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOf", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOf", "(Comparator,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOf", "(Comparator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOf", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "copyOfSorted", "(SortedMultiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "of", "", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedMultiset", True, "of", "", "", "Argument[6].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Comparator,Collection)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Comparator,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Comparator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOf", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "copyOfSorted", "(SortedSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "of", "", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableSortedSet", True, "of", "", "", "Argument[6].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "copyOf", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "copyOf", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "copyOf", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "of", "(Object,Object,Object)", "", "Argument[0]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "of", "(Object,Object,Object)", "", "Argument[1]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable", True, "of", "(Object,Object,Object)", "", "Argument[2]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "build", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "build", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "build", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "orderColumnsBy", "(Comparator)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "orderRowsBy", "(Comparator)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Cell)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Cell)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Cell)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Cell)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Object,Object,Object)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Object,Object,Object)", "", "Argument[1]", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "put", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "putAll", "(Table)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "putAll", "(Table)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "putAll", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "ImmutableTable$Builder", True, "putAll", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "addAll", "(Collection,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "concat", "(Iterable)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "concat", "(Iterable,Iterable)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "concat", "(Iterable,Iterable,Iterable)", "", "Argument[0..2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "concat", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[0..3].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "concat", "(Iterable[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "consumingIterable", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "cycle", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "cycle", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "filter", "(Iterable,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "filter", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "find", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "find", "(Iterable,Predicate,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "find", "(Iterable,Predicate,Object)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "get", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "get", "(Iterable,int,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "get", "(Iterable,int,Object)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getLast", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getLast", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getLast", "(Iterable,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getOnlyElement", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getOnlyElement", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "getOnlyElement", "(Iterable,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "limit", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "mergeSorted", "(Iterable,Comparator)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "paddedPartition", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "partition", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "skip", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "toArray", "(Iterable,Class)", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "tryFind", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "unmodifiableIterable", "(ImmutableCollection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterables", False, "unmodifiableIterable", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "addAll", "(Collection,Iterator)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "asEnumeration", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "concat", "(Iterator)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "concat", "(Iterator,Iterator)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "concat", "(Iterator,Iterator,Iterator)", "", "Argument[0..2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "concat", "(Iterator,Iterator,Iterator,Iterator)", "", "Argument[0..3].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "concat", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "consumingIterator", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "cycle", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "cycle", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "filter", "(Iterator,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "filter", "(Iterator,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "find", "(Iterator,Predicate)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "find", "(Iterator,Predicate,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "find", "(Iterator,Predicate,Object)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "forArray", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "forEnumeration", "(Enumeration)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "get", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "get", "(Iterator,int,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "get", "(Iterator,int,Object)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getLast", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getLast", "(Iterator,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getLast", "(Iterator,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getNext", "(Iterator,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getNext", "(Iterator,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getOnlyElement", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getOnlyElement", "(Iterator,Object)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "getOnlyElement", "(Iterator,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "limit", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "mergeSorted", "(Iterable,Comparator)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "paddedPartition", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "partition", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "peekingIterator", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "peekingIterator", "(PeekingIterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "singletonIterator", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "toArray", "(Iterator,Class)", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "tryFind", "(Iterator,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "unmodifiableIterator", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Iterators", False, "unmodifiableIterator", "(UnmodifiableIterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "LinkedHashMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "LinkedHashMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "LinkedHashMultiset", True, "create", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "LinkedListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "LinkedListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "asList", "(Object,Object,Object[])", "", "Argument[0..1]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "asList", "(Object,Object,Object[])", "", "Argument[2].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "asList", "(Object,Object[])", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "asList", "(Object,Object[])", "", "Argument[1].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "cartesianProduct", "(List)", "", "Argument[0].Element.Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "cartesianProduct", "(List[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "charactersOf", "(CharSequence)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["com.google.common.collect", "Lists", False, "charactersOf", "(String)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["com.google.common.collect", "Lists", False, "newArrayList", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "newArrayList", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "newArrayList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "newCopyOnWriteArrayList", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "newLinkedList", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "partition", "(List,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Lists", False, "reverse", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesDiffering", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesDiffering", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.left]", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesDiffering", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesDiffering", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.right]", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesInCommon", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesInCommon", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesInCommon", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesInCommon", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesOnlyOnLeft", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesOnlyOnLeft", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesOnlyOnRight", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference", True, "entriesOnlyOnRight", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference$ValueDifference", True, "leftValue", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "MapDifference$ValueDifference", True, "rightValue", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "asMap", "(NavigableSet,Function)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "asMap", "(Set,Function)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "asMap", "(SortedSet,Function)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map)", "", "Argument[0].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map)", "", "Argument[0].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map)", "", "Argument[1].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map)", "", "Argument[1].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map,Equivalence)", "", "Argument[0].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map,Equivalence)", "", "Argument[0].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map,Equivalence)", "", "Argument[1].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(Map,Map,Equivalence)", "", "Argument[1].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(SortedMap,Map)", "", "Argument[0].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(SortedMap,Map)", "", "Argument[0].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(SortedMap,Map)", "", "Argument[1].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "difference", "(SortedMap,Map)", "", "Argument[1].MapValue", "ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "filterEntries", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "filterKeys", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "filterValues", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "fromProperties", "(Properties)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "fromProperties", "(Properties)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "immutableEntry", "(Object,Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "immutableEntry", "(Object,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "immutableEnumMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newEnumMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newHashMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newHashMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newLinkedHashMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newLinkedHashMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newTreeMap", "(SortedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "newTreeMap", "(SortedMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "subMap", "(NavigableMap,Range)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "subMap", "(NavigableMap,Range)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "synchronizedBiMap", "(BiMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "synchronizedBiMap", "(BiMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "synchronizedNavigableMap", "(NavigableMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "synchronizedNavigableMap", "(NavigableMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "toMap", "(Iterable,Function)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "toMap", "(Iterator,Function)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "transformValues", "(Map,Function)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "transformValues", "(NavigableMap,Function)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "transformValues", "(SortedMap,Function)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "uniqueIndex", "(Iterable,Function)", "", "Argument[0].Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "uniqueIndex", "(Iterator,Function)", "", "Argument[0].Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "unmodifiableBiMap", "(BiMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "unmodifiableBiMap", "(BiMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "unmodifiableNavigableMap", "(NavigableMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Maps", False, "unmodifiableNavigableMap", "(NavigableMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "asMap", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "asMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "entries", "()", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "entries", "()", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "keys", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "putAll", "(Multimap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "putAll", "(Multimap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "putAll", "(Object,Iterable)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "putAll", "(Object,Iterable)", "", "Argument[1].Element", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "removeAll", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "replaceValues", "(Object,Iterable)", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "replaceValues", "(Object,Iterable)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "replaceValues", "(Object,Iterable)", "", "Argument[1].Element", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimap", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(ListMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(ListMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(SetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(SetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(SortedSetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "asMap", "(SortedSetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterEntries", "(Multimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterEntries", "(Multimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterEntries", "(SetMultimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterEntries", "(SetMultimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterKeys", "(Multimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterKeys", "(Multimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterKeys", "(SetMultimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterKeys", "(SetMultimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterValues", "(Multimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterValues", "(Multimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterValues", "(SetMultimap,Predicate)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "filterValues", "(SetMultimap,Predicate)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "forMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "forMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "index", "(Iterable,Function)", "", "Argument[0].Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "index", "(Iterator,Function)", "", "Argument[0].Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "invertFrom", "(Multimap,Multimap)", "", "Argument[0].MapKey", "Argument[1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "invertFrom", "(Multimap,Multimap)", "", "Argument[0].MapValue", "Argument[1].MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "invertFrom", "(Multimap,Multimap)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newListMultimap", "(Map,Supplier)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newListMultimap", "(Map,Supplier)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newMultimap", "(Map,Supplier)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newMultimap", "(Map,Supplier)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newSetMultimap", "(Map,Supplier)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newSetMultimap", "(Map,Supplier)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newSortedSetMultimap", "(Map,Supplier)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "newSortedSetMultimap", "(Map,Supplier)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedListMultimap", "(ListMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedListMultimap", "(ListMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedMultimap", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedMultimap", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedSetMultimap", "(SetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedSetMultimap", "(SetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedSortedSetMultimap", "(SortedSetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "synchronizedSortedSetMultimap", "(SortedSetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "transformValues", "(ListMultimap,Function)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "transformValues", "(Multimap,Function)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableListMultimap", "(ImmutableListMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableListMultimap", "(ImmutableListMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableListMultimap", "(ListMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableListMultimap", "(ListMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableMultimap", "(ImmutableMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableMultimap", "(ImmutableMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableMultimap", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableMultimap", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSetMultimap", "(ImmutableSetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSetMultimap", "(ImmutableSetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSetMultimap", "(SetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSetMultimap", "(SetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSortedSetMultimap", "(SortedSetMultimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Multimaps", False, "unmodifiableSortedSetMultimap", "(SortedSetMultimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Multiset", True, "add", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "Multiset", True, "elementSet", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multiset", True, "entrySet", "()", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multiset", True, "setCount", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "Multiset", True, "setCount", "(Object,int,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["com.google.common.collect", "Multiset$Entry", True, "getElement", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "copyHighestCountFirst", "(Multiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "difference", "(Multiset,Multiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "filter", "(Multiset,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "immutableEntry", "(Object,int)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "intersection", "(Multiset,Multiset)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "sum", "(Multiset,Multiset)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "union", "(Multiset,Multiset)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "unmodifiableMultiset", "(ImmutableMultiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "unmodifiableMultiset", "(Multiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Multisets", False, "unmodifiableSortedMultiset", "(SortedMultiset)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "MutableClassToInstanceMap", True, "create", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "MutableClassToInstanceMap", True, "create", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "ObjectArrays", False, "concat", "(Object,Object[])", "", "Argument[0]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "ObjectArrays", False, "concat", "(Object,Object[])", "", "Argument[1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "ObjectArrays", False, "concat", "(Object[],Object)", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "ObjectArrays", False, "concat", "(Object[],Object)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "ObjectArrays", False, "concat", "(Object[],Object[],Class)", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "drain", "(BlockingQueue,Collection,int,Duration)", "", "Argument[0].Element", "Argument[1].Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "drain", "(BlockingQueue,Collection,int,long,TimeUnit)", "", "Argument[0].Element", "Argument[1].Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newArrayDeque", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newConcurrentLinkedQueue", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newLinkedBlockingDeque", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newLinkedBlockingQueue", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newPriorityBlockingQueue", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "newPriorityQueue", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "synchronizedDeque", "(Deque)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Queues", False, "synchronizedQueue", "(Queue)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "cartesianProduct", "(List)", "", "Argument[0].Element.Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "cartesianProduct", "(Set[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "combinations", "(Set,int)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "difference", "(Set,Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "filter", "(NavigableSet,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "filter", "(Set,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "filter", "(SortedSet,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "intersection", "(Set,Set)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newConcurrentHashSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newCopyOnWriteArraySet", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newHashSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newHashSet", "(Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newHashSet", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newLinkedHashSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newSetFromMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "newTreeSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "powerSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "subSet", "(NavigableSet,Range)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "symmetricDifference", "(Set,Set)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "synchronizedNavigableSet", "(NavigableSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "union", "(Set,Set)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets", False, "unmodifiableNavigableSet", "(NavigableSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets$SetView", True, "copyInto", "(Set)", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["com.google.common.collect", "Sets$SetView", True, "immutableCopy", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "cellSet", "()", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "cellSet", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.Element.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "cellSet", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.Element.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "column", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "column", "(Object)", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "columnKeySet", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "columnMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "columnMap", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "columnMap", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.MapValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "get", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "put", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "put", "(Object,Object,Object)", "", "Argument[1]", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "put", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "putAll", "(Table)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "putAll", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "putAll", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "remove", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "row", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "row", "(Object)", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "rowKeySet", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "rowMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "rowMap", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.MapValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "rowMap", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "Table", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["com.google.common.collect", "Table$Cell", True, "getColumnKey", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Table$Cell", True, "getRowKey", "()", "", "Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Table$Cell", True, "getValue", "()", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "immutableCell", "(Object,Object,Object)", "", "Argument[0]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "immutableCell", "(Object,Object,Object)", "", "Argument[1]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "immutableCell", "(Object,Object,Object)", "", "Argument[2]", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "newCustomTable", "(Map,Supplier)", "", "Argument[0].MapKey", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "newCustomTable", "(Map,Supplier)", "", "Argument[0].MapValue.MapKey", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "newCustomTable", "(Map,Supplier)", "", "Argument[0].MapValue.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "synchronizedTable", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "synchronizedTable", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "synchronizedTable", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "transformValues", "(Table,Function)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "transformValues", "(Table,Function)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "transpose", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "transpose", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "transpose", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableRowSortedTable", "(RowSortedTable)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableRowSortedTable", "(RowSortedTable)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableRowSortedTable", "(RowSortedTable)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableTable", "(Table)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableTable", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "Tables", False, "unmodifiableTable", "(Table)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "TreeBasedTable", True, "create", "(TreeBasedTable)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "TreeBasedTable", True, "create", "(TreeBasedTable)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.columnKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey]", "value", "manual"]
+      - ["com.google.common.collect", "TreeBasedTable", True, "create", "(TreeBasedTable)", "", "Argument[0].SyntheticField[com.google.common.collect.Table.rowKey]", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"]
+      - ["com.google.common.collect", "TreeMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["com.google.common.collect", "TreeMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["com.google.common.collect", "TreeMultiset", True, "create", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/com.google.common.flogger.model.yml b/java/ql/lib/ext/com.google.common.flogger.model.yml
new file mode 100644
index 00000000000..b9a800b6210
--- /dev/null
+++ b/java/ql/lib/ext/com.google.common.flogger.model.yml
@@ -0,0 +1,34 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "", "", "Argument[0]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object[])", "", "Argument[1..11]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,boolean)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,byte)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,char)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,double)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,float)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,int)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,long)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,short)", "", "Argument[1]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,boolean,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,byte,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,char,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,double,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,float,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,int,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,long,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,short,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["com.google.common.flogger", "LoggingApi", True, "logVarargs", "", "", "Argument[0..1]", "logging", "manual"]
diff --git a/java/ql/lib/ext/com.google.common.io.model.yml b/java/ql/lib/ext/com.google.common.io.model.yml
new file mode 100644
index 00000000000..d08a5604338
--- /dev/null
+++ b/java/ql/lib/ext/com.google.common.io.model.yml
@@ -0,0 +1,88 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.google.common.io", "Resources", False, "asByteSource", "(URL)", "", "Argument[0]", "url-open-stream", "manual"]
+      - ["com.google.common.io", "Resources", False, "asCharSource", "(URL,Charset)", "", "Argument[0]", "url-open-stream", "manual"]
+      - ["com.google.common.io", "Resources", False, "copy", "(URL,OutputStream)", "", "Argument[0]", "url-open-stream", "manual"]
+      - ["com.google.common.io", "Resources", False, "readLines", "", "", "Argument[0]", "url-open-stream", "manual"]
+      - ["com.google.common.io", "Resources", False, "toByteArray", "(URL)", "", "Argument[0]", "url-open-stream", "manual"]
+      - ["com.google.common.io", "Resources", False, "toString", "(URL,Charset)", "", "Argument[0]", "url-open-stream", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.google.common.io", "BaseEncoding", True, "decode", "(CharSequence)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "decode", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "decodingSource", "(CharSource)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "decodingSource", "(CharSource)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "decodingStream", "(Reader)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "decodingStream", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "encode", "(byte[])", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "encode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "encode", "(byte[],int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "encode", "(byte[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "lowerCase", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "omitPadding", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "upperCase", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "withPadChar", "(char)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "BaseEncoding", True, "withSeparator", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "toByteArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "write", "(byte[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "write", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "write", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeByte", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeBytes", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeChar", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeChars", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeDouble", "(double)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeFloat", "(float)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeInt", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeLong", "(long)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeShort", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteArrayDataOutput", True, "writeUTF", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "asCharSource", "(Charset)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "concat", "(ByteSource[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "concat", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "concat", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "copyTo", "(OutputStream)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "openBufferedStream", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "openStream", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "read", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "slice", "(long,long)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteSource", True, "wrap", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "copy", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "copy", "(ReadableByteChannel,WritableByteChannel)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "limit", "(InputStream,long)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "newDataInput", "(ByteArrayInputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "newDataInput", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "newDataInput", "(byte[],int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "newDataOutput", "(ByteArrayOutputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "read", "(InputStream,byte[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "readFully", "(InputStream,byte[])", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "readFully", "(InputStream,byte[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "ByteStreams", False, "toByteArray", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "asByteSource", "(Charset)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "concat", "(CharSource[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "concat", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "concat", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "copyTo", "(Appendable)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "lines", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "openBufferedStream", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "openStream", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "read", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "readFirstLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "readLines", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharSource", True, "wrap", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharStreams", False, "copy", "(Readable,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.common.io", "CharStreams", False, "readLines", "(Readable)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "CharStreams", False, "toString", "(Readable)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "Closer", True, "register", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["com.google.common.io", "Files", False, "getFileExtension", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "Files", False, "getNameWithoutExtension", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "Files", False, "simplifyPath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "LineReader", False, "LineReader", "(Readable)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["com.google.common.io", "LineReader", True, "readLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "MoreFiles", False, "getFileExtension", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.common.io", "MoreFiles", False, "getNameWithoutExtension", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.hubspot.jinjava.model.yml b/java/ql/lib/ext/com.hubspot.jinjava.model.yml
new file mode 100644
index 00000000000..2172da483f8
--- /dev/null
+++ b/java/ql/lib/ext/com.hubspot.jinjava.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.hubspot.jinjava", "Jinjava", True, "render", "", "", "Argument[0]", "ssti", "manual"]
+      - ["com.hubspot.jinjava", "Jinjava", True, "renderForResult", "", "", "Argument[0]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml b/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml
new file mode 100644
index 00000000000..74b227da1dd
--- /dev/null
+++ b/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getLiteralTemplate", "", "", "Argument[0]", "ssti", "manual"]
+      - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getTemplate", "", "", "Argument[0]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/com.opensymphony.xwork2.ognl.model.yml b/java/ql/lib/ext/com.opensymphony.xwork2.ognl.model.yml
new file mode 100644
index 00000000000..58b50652f1b
--- /dev/null
+++ b/java/ql/lib/ext/com.opensymphony.xwork2.ognl.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.opensymphony.xwork2.ognl", "OgnlUtil", False, "callMethod", "", "", "Argument[0]", "ognl-injection", "manual"]
+      - ["com.opensymphony.xwork2.ognl", "OgnlUtil", False, "getValue", "", "", "Argument[0]", "ognl-injection", "manual"]
+      - ["com.opensymphony.xwork2.ognl", "OgnlUtil", False, "setValue", "", "", "Argument[0]", "ognl-injection", "manual"]
diff --git a/java/ql/lib/ext/com.rabbitmq.client.impl.model.yml b/java/ql/lib/ext/com.rabbitmq.client.impl.model.yml
new file mode 100644
index 00000000000..9f0e9906e79
--- /dev/null
+++ b/java/ql/lib/ext/com.rabbitmq.client.impl.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["com.rabbitmq.client.impl", "Frame", True, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client.impl", "Frame", True, "getPayload", "()", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client.impl", "FrameHandler", True, "readFrame", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.rabbitmq.client.impl", "Frame", False, "fromBodyFragment", "(int,byte[],int,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.rabbitmq.client.impl", "Frame", False, "readFrom", "(DataInputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.rabbitmq.client.impl", "Frame", True, "writeTo", "(DataOutputStream)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.rabbitmq.client.model.yml b/java/ql/lib/ext/com.rabbitmq.client.model.yml
new file mode 100644
index 00000000000..ec313e8ef74
--- /dev/null
+++ b/java/ql/lib/ext/com.rabbitmq.client.model.yml
@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["com.rabbitmq.client", "Command", True, "getContentBody", "()", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "Command", True, "getContentHeader", "()", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "Consumer", True, "handleDelivery", "(String,Envelope,BasicProperties,byte[])", "", "Parameter[3]", "remote", "manual"]
+      - ["com.rabbitmq.client", "QueueingConsumer", True, "nextDelivery", "", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcClient", True, "doCall", "", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcClient", True, "mapCall", "", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcClient", True, "primitiveCall", "", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcClient", True, "responseCall", "", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcClient", True, "stringCall", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCall", "(BasicProperties,byte[],BasicProperties)", "", "Parameter[1]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCall", "(Delivery,BasicProperties)", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCall", "(byte[],BasicProperties)", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCast", "(BasicProperties,byte[])", "", "Parameter[1]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCast", "(Delivery)", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "handleCast", "(byte[])", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "postprocessReplyProperties", "(Delivery,Builder)", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "RpcServer", True, "preprocessReplyProperties", "(Delivery,Builder)", "", "Parameter[0]", "remote", "manual"]
+      - ["com.rabbitmq.client", "StringRpcServer", True, "handleStringCall", "", "", "Parameter[0]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.rabbitmq.client", "GetResponse", True, "GetResponse", "", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["com.rabbitmq.client", "GetResponse", True, "getBody", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.rabbitmq.client", "QueueingConsumer$Delivery", True, "getBody", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["com.rabbitmq.client", "RpcClient$Response", True, "getBody", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml b/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml
new file mode 100644
index 00000000000..57753bc31d0
--- /dev/null
+++ b/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "asyncSearch", "", "", "Argument[0]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..7]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..7]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,Filter,String[])", "", "Argument[0..3]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,String,String[])", "", "Argument[0..3]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..6]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..6]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[])", "", "Argument[0..5]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,String,String[])", "", "Argument[0..5]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"]
+      - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"]
diff --git a/java/ql/lib/ext/com.zaxxer.hikari.model.yml b/java/ql/lib/ext/com.zaxxer.hikari.model.yml
new file mode 100644
index 00000000000..5fcab32cc7e
--- /dev/null
+++ b/java/ql/lib/ext/com.zaxxer.hikari.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.zaxxer.hikari", "HikariConfig", False, "HikariConfig", "(Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["com.zaxxer.hikari", "HikariConfig", False, "setJdbcUrl", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
diff --git a/java/ql/lib/ext/dummy.model.yml b/java/ql/lib/ext/dummy.model.yml
new file mode 100644
index 00000000000..0269fe72311
--- /dev/null
+++ b/java/ql/lib/ext/dummy.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  # Make sure that the extensible model predicates are at least defined as empty.
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data: []
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data: []
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data: []
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data: []
\ No newline at end of file
diff --git a/java/ql/lib/ext/experimental/android.webkit.model.yml b/java/ql/lib/ext/experimental/android.webkit.model.yml
new file mode 100644
index 00000000000..ce70ae7e87b
--- /dev/null
+++ b/java/ql/lib/ext/experimental/android.webkit.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["android.webkit", "WebResourceRequest", False, "getUrl", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "android-web-resource-response"]
diff --git a/java/ql/lib/ext/experimental/com.auth0.jwt.interfaces.model.yml b/java/ql/lib/ext/experimental/com.auth0.jwt.interfaces.model.yml
new file mode 100644
index 00000000000..6032a9c8a18
--- /dev/null
+++ b/java/ql/lib/ext/experimental/com.auth0.jwt.interfaces.model.yml
@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["com.auth0.jwt.interfaces", "Verification", True, "acceptExpiresAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "acceptIssuedAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "acceptLeeway", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "acceptNotBefore", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "ignoreIssuedAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withAnyOfAudience", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withArrayClaim", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withAudience", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withClaim", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withClaimPresence", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withIssuer", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withJWTId", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
+      - ["com.auth0.jwt.interfaces", "Verification", True, "withSubject", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "hardcoded-jwt-key"]
diff --git a/java/ql/lib/ext/experimental/com.jfinal.core.model.yml b/java/ql/lib/ext/experimental/com.jfinal.core.model.yml
new file mode 100644
index 00000000000..b6c7cc438f5
--- /dev/null
+++ b/java/ql/lib/ext/experimental/com.jfinal.core.model.yml
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSourceModel
+    data:
+      - ["com.jfinal.core", "Controller", True, "get", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getBoolean", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getCookie", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getCookieObject", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getCookieObjects", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getCookieToInt", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getCookieToLong", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getDate", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getFile", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getFiles", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getHeader", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getInt", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getKv", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getLong", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getPara", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaMap", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaToBoolean", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaToDate", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaToInt", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaToLong", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaValues", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaValuesToInt", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
+      - ["com.jfinal.core", "Controller", True, "getParaValuesToLong", "", "", "ReturnValue", "remote", "manual", "file-path-injection"]
diff --git a/java/ql/lib/ext/experimental/dummy.model.yml b/java/ql/lib/ext/experimental/dummy.model.yml
new file mode 100644
index 00000000000..b43cb611b66
--- /dev/null
+++ b/java/ql/lib/ext/experimental/dummy.model.yml
@@ -0,0 +1,15 @@
+# Define the extensible prediactes related to experimental queries
+# to at least be empty.
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSourceModel
+    data: []
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSinkModel
+    data: []
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data: []
diff --git a/java/ql/lib/ext/experimental/io.undertow.server.handlers.resource.model.yml b/java/ql/lib/ext/experimental/io.undertow.server.handlers.resource.model.yml
new file mode 100644
index 00000000000..12267dcd845
--- /dev/null
+++ b/java/ql/lib/ext/experimental/io.undertow.server.handlers.resource.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["io.undertow.server.handlers.resource", "Resource", True, "getFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["io.undertow.server.handlers.resource", "Resource", True, "getFilePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["io.undertow.server.handlers.resource", "Resource", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
diff --git a/java/ql/lib/ext/experimental/jakarta.servlet.http.model.yml b/java/ql/lib/ext/experimental/jakarta.servlet.http.model.yml
new file mode 100644
index 00000000000..9500beba15b
--- /dev/null
+++ b/java/ql/lib/ext/experimental/jakarta.servlet.http.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSourceModel
+    data:
+      - ["jakarta.servlet.http", "HttpServletRequest", True, "getServletPath", "", "", "ReturnValue", "remote", "manual", "unsafe-url-forward"]
diff --git a/java/ql/lib/ext/experimental/java.io.model.yml b/java/ql/lib/ext/experimental/java.io.model.yml
new file mode 100644
index 00000000000..8d6d98ff47d
--- /dev/null
+++ b/java/ql/lib/ext/experimental/java.io.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual", "android-web-resource-response"]
diff --git a/java/ql/lib/ext/experimental/java.lang.model.yml b/java/ql/lib/ext/experimental/java.lang.model.yml
new file mode 100644
index 00000000000..696a0d9aba3
--- /dev/null
+++ b/java/ql/lib/ext/experimental/java.lang.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSinkModel
+    data:
+      - ["java.lang", "Thread", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["java.lang", "Math", False, "max", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
+      - ["java.lang", "Math", False, "min", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
diff --git a/java/ql/lib/ext/experimental/java.nio.file.model.yml b/java/ql/lib/ext/experimental/java.nio.file.model.yml
new file mode 100644
index 00000000000..d1d0d8d3d6e
--- /dev/null
+++ b/java/ql/lib/ext/experimental/java.nio.file.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
diff --git a/java/ql/lib/ext/experimental/java.util.concurrent.model.yml b/java/ql/lib/ext/experimental/java.util.concurrent.model.yml
new file mode 100644
index 00000000000..82ff0a00570
--- /dev/null
+++ b/java/ql/lib/ext/experimental/java.util.concurrent.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSinkModel
+    data:
+      - ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
+      - ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "unsafe-url-forward"]
diff --git a/java/ql/lib/ext/experimental/javax.servlet.http.model.yml b/java/ql/lib/ext/experimental/javax.servlet.http.model.yml
new file mode 100644
index 00000000000..db140149a99
--- /dev/null
+++ b/java/ql/lib/ext/experimental/javax.servlet.http.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSourceModel
+    data:
+      - ["javax.servlet.http", "HttpServletRequest", True, "getServletPath", "", "", "ReturnValue", "remote", "manual", "unsafe-url-forward"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSourceModel
+    data:
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathInfo", "()", "", "ReturnValue", "uri-path", "manual", "permissive-dot-regex-query"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathTranslated", "()", "", "ReturnValue", "uri-path", "manual", "permissive-dot-regex-query"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "uri-path", "manual", "permissive-dot-regex-query"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "uri-path", "manual", "permissive-dot-regex-query"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getServletPath", "()", "", "ReturnValue", "uri-path", "manual", "permissive-dot-regex-query"]
+
diff --git a/java/ql/lib/ext/experimental/org.apache.logging.log4j.message.model.yml b/java/ql/lib/ext/experimental/org.apache.logging.log4j.message.model.yml
new file mode 100644
index 00000000000..71839d3abbe
--- /dev/null
+++ b/java/ql/lib/ext/experimental/org.apache.logging.log4j.message.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[-1]", "taint", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[-1]", "taint", "manual", "log4j-injection"]
diff --git a/java/ql/lib/ext/experimental/org.apache.logging.log4j.model.yml b/java/ql/lib/ext/experimental/org.apache.logging.log4j.model.yml
new file mode 100644
index 00000000000..5b196c272fb
--- /dev/null
+++ b/java/ql/lib/ext/experimental/org.apache.logging.log4j.model.yml
@@ -0,0 +1,362 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSinkModel
+    data:
+      - ["org.apache.logging.log4j", "CloseableThreadContext", False, "put", "", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "CloseableThreadContext", False, "putAll", "", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "CloseableThreadContext$Instance", False, "put", "", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "CloseableThreadContext$Instance", False, "putAll", "", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Supplier[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "entry", "(Object[])", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence,Throwable)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Message)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier,Throwable)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object,Throwable)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object)", "", "Argument[2..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object)", "", "Argument[2..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object)", "", "Argument[2..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object)", "", "Argument[2..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object)", "", "Argument[2..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[2..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..12]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Supplier)", "", "Argument[2..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Throwable)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier,Throwable)", "", "Argument[2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "logMessage", "(Level,Marker,String,StackTraceElement,Message,Throwable)", "", "Argument[4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Message)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Supplier)", "", "Argument[1..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object)", "", "Argument[0..3]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Supplier)", "", "Argument[0..1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier,Throwable)", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "ThreadContext", False, "put", "", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "ThreadContext", False, "putAll", "", "", "Argument[0]", "log4j", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j", "ThreadContext", False, "putIfNull", "", "", "Argument[1]", "log4j", "manual", "log4j-injection"]
diff --git a/java/ql/lib/ext/experimental/org.springframework.core.io.model.yml b/java/ql/lib/ext/experimental/org.springframework.core.io.model.yml
new file mode 100644
index 00000000000..1d4d808cdcd
--- /dev/null
+++ b/java/ql/lib/ext/experimental/org.springframework.core.io.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSinkModel
+    data:
+      - ["org.springframework.core.io", "ClassPathResource", True, "getFilename", "", "", "Argument[-1]", "get-resource", "manual", "unsafe-url-forward"]
+      - ["org.springframework.core.io", "ClassPathResource", True, "getPath", "", "", "Argument[-1]", "get-resource", "manual", "unsafe-url-forward"]
+      - ["org.springframework.core.io", "ClassPathResource", True, "getURL", "", "", "Argument[-1]", "get-resource", "manual", "unsafe-url-forward"]
+      - ["org.springframework.core.io", "ClassPathResource", True, "resolveURL", "", "", "Argument[-1]", "get-resource", "manual", "unsafe-url-forward"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: experimentalSummaryModel
+    data:
+      - ["org.springframework.core.io", "ClassPathResource", False, "ClassPathResource", "", "", "Argument[0]", "Argument[-1]", "taint", "manual", "unsafe-url-forward"]
+      - ["org.springframework.core.io", "Resource", True, "createRelative", "", "", "Argument[0]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
+      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "", "", "Argument[0]", "ReturnValue", "taint", "manual", "unsafe-url-forward"]
diff --git a/java/ql/lib/ext/flexjson.model.yml b/java/ql/lib/ext/flexjson.model.yml
new file mode 100644
index 00000000000..59249214262
--- /dev/null
+++ b/java/ql/lib/ext/flexjson.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["flexjson", "JSONDeserializer", True, "use", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/freemarker.cache.model.yml b/java/ql/lib/ext/freemarker.cache.model.yml
new file mode 100644
index 00000000000..b65e6386ad6
--- /dev/null
+++ b/java/ql/lib/ext/freemarker.cache.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["freemarker.cache", "StringTemplateLoader", True, "putTemplate", "", "", "Argument[1]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/freemarker.template.model.yml b/java/ql/lib/ext/freemarker.template.model.yml
new file mode 100644
index 00000000000..96087a2b9ba
--- /dev/null
+++ b/java/ql/lib/ext/freemarker.template.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["freemarker.template", "Template", True, "Template", "(String,Reader)", "", "Argument[1]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration)", "", "Argument[1]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration,String)", "", "Argument[1]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,String,Configuration)", "", "Argument[1]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration)", "", "Argument[2]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,ParserConfiguration,String)", "", "Argument[2]", "ssti", "manual"]
+      - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,String)", "", "Argument[2]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/generated/kotlinstdlib.model.yml b/java/ql/lib/ext/generated/kotlinstdlib.model.yml
new file mode 100644
index 00000000000..be3ee65d162
--- /dev/null
+++ b/java/ql/lib/ext/generated/kotlinstdlib.model.yml
@@ -0,0 +1,6473 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Definitions of models in the Kotlin StdLib @30ce58cea74 framework.
+
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["kotlin.io", "FilesKt", false, "appendBytes", "(File,byte[])", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "appendText", "(File,String,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "bufferedWriter", "(File,Charset,int)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "copyRecursively", "(File,File,boolean,Function2)", "", "Argument[1]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "copyTo", "(File,File,boolean,int)", "", "Argument[1]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "outputStream", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "printWriter", "(File,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "writeBytes", "(File,byte[])", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "writeText", "(File,String,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "FilesKt", false, "writer", "(File,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "open-url", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "open-url", "generated"]
+
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["kotlin.collections", "AbstractCollection", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "ArrayDeque", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "addFirst", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "addLast", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "first", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "firstOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "last", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "lastOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "removeFirst", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "removeFirstOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "removeLast", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArrayDeque", false, "removeLastOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "asList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(Object[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(Object[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(boolean[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(boolean[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(byte[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(byte[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(char[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(char[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(double[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(double[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(float[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(float[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(int[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(int[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(long[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(long[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(short[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateByTo", "(short[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(Object[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(boolean[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(byte[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(char[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(double[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(float[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(int[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(long[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateTo", "(short[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(Object[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(boolean[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(byte[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(char[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(double[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(float[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(int[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(long[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "associateWithTo", "(short[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(Object[],Object[],int,int,int)", "", "Argument[0].ArrayElement", "Argument[1].ArrayElement", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(Object[],Object[],int,int,int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(Object[],Object[],int,int,int)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(byte[],byte[],int,int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(byte[],byte[],int,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(byte[],byte[],int,int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(char[],char[],int,int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(char[],char[],int,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyInto", "(char[],char[],int,int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(Object[],int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(byte[],int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOf", "(char[],int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOfRangeInline", "(Object[],int,int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOfRangeInline", "(byte[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "copyOfRangeInline", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "drop", "(Object[],int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "dropLast", "(Object[],int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "dropLastWhile", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fill", "(Object[],Object,int,int)", "", "Argument[1]", "Argument[0].ArrayElement", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(Object[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(boolean[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(byte[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(char[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(double[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(float[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(int[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(long[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIndexedTo", "(short[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIsInstanceTo", "(Object[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterIsInstanceTo", "(Object[],Collection,Class)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotNullTo", "(Object[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(boolean[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(byte[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(char[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(double[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(float[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(int[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(long[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterNotTo", "(short[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(boolean[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(byte[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(char[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(double[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(float[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(int[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(long[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "filterTo", "(short[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "findLast", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "first", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "firstOrNull", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(Object[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(boolean[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(byte[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(char[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(double[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(float[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(int[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(long[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedIterableTo", "(short[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapIndexedSequenceTo", "(Object[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapSequenceTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(boolean[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(byte[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(char[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(double[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(float[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(int[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(long[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "flatMapTo", "(short[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(Object[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(boolean[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(byte[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(char[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(double[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(float[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(int[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(long[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "fold", "(short[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(Object[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(boolean[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(byte[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(char[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(double[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(float[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(int[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(long[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldIndexed", "(short[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(Object[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(boolean[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(byte[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(char[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(double[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(float[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(int[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(long[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRight", "(short[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(Object[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(boolean[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(byte[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(char[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(double[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(float[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(int[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(long[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "foldRightIndexed", "(short[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(Object[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(Object[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(boolean[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(boolean[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(byte[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(byte[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(char[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(char[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(double[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(double[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(float[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(float[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(int[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(int[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(long[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(long[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(short[],Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "groupByTo", "(short[],Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "ifEmpty", "(Object[],Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinTo", "(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "joinToString", "(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "last", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "last", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "lastOrNull", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "lastOrNull", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedNotNullTo", "(Object[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(Object[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(boolean[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(byte[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(char[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(double[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(float[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(int[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(long[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapIndexedTo", "(short[],Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapNotNullTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(Object[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(boolean[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(byte[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(char[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(double[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(float[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(int[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(long[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "mapTo", "(short[],Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "max", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxBy", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxByOrNull", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxByOrThrow", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxOfWith", "(Object[],Comparator,Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxOfWithOrNull", "(Object[],Comparator,Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxOrNull", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxOrThrow", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxWith", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxWithOrNull", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "maxWithOrThrow", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "min", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minBy", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minByOrNull", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minByOrThrow", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minOfWith", "(Object[],Comparator,Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minOfWithOrNull", "(Object[],Comparator,Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minOrNull", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minOrThrow", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minWith", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minWithOrNull", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "minWithOrThrow", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEach", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEach", "(byte[],Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEach", "(char[],Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEachIndexed", "(Object[],Function2)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEachIndexed", "(byte[],Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "onEachIndexed", "(char[],Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "orEmpty", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(Object[],Collection)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(Object[],Object)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(Object[],Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(Object[],Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(byte[],Collection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(byte[],byte)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(byte[],byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(byte[],byte[])", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(char[],Collection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(char[],char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(char[],char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plus", "(char[],char[])", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "plusElement", "(Object[],Object)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reduce", "(Object[],Function2)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reduceIndexed", "(Object[],Function3)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reduceIndexedOrNull", "(Object[],Function3)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reduceOrNull", "(Object[],Function2)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "requireNoNulls", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reversed", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reversedArray", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reversedArray", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "reversedArray", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(Object[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(boolean[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(byte[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(char[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(double[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(float[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(int[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(long[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFold", "(short[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(Object[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(boolean[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(byte[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(char[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(double[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(float[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(int[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(long[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "runningFoldIndexed", "(short[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(Object[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(boolean[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(byte[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(char[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(double[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(float[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(int[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(long[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scan", "(short[],Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(Object[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(boolean[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(byte[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(char[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(double[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(float[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(int[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(long[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "scanIndexed", "(short[],Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "single", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "singleOrNull", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "slice", "(Object[],IntRange)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sliceArray", "(Object[],Collection)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sliceArray", "(Object[],IntRange)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sliceArray", "(byte[],IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sliceArray", "(char[],IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sorted", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArray", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArray", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArray", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArrayDescending", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArrayDescending", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArrayDescending", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedArrayWith", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedBy", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedByDescending", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedDescending", "(Comparable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "sortedWith", "(Object[],Comparator)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "take", "(Object[],int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "takeLast", "(Object[],int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "takeLastWhile", "(Object[],Function1)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(Object[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(boolean[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(byte[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(char[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(double[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(float[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(int[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(long[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toCollection", "(short[],Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toMutableList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toSet", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toString", "(byte[],Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "toTypedArray", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "union", "(Object[],Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "union", "(byte[],Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "union", "(char[],Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Iterable)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Iterable,Function2)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Iterable,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Object[],Function2)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "ArraysKt", false, "zip", "(Object[],Object[],Function2)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "addAll", "(Collection,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "addAll", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "addAll", "(Collection,Sequence)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "arrayListOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "asIterable", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "asReversed", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "asReversedMutable", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associate", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateBy", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateBy", "(Iterable,Function1,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateByTo", "(Iterable,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateTo", "(Iterable,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateWith", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateWithTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateWithTo", "(Iterable,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "associateWithTo", "(Iterable,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "component1", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "component2", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "component3", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "component4", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "component5", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "distinct", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "distinctBy", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "drop", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "dropLast", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "dropLastWhile", "(List,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "dropWhile", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAt", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAt", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAtOrElse", "(Iterable,int,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAtOrElse", "(List,int,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAtOrNull", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "elementAtOrNull", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "fill", "(List,Object)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filter", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIndexedTo", "(Iterable,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstance", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstance", "(Iterable,Class)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection,Class)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection,Class)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterIsInstanceTo", "(Iterable,Collection,Class)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNot", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotNullTo", "(Iterable,Collection)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotNullTo", "(Iterable,Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotNullTo", "(Iterable,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterNotTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "filterTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "find", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "findLast", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "findLast", "(List,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "first", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "first", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "first", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "firstNotNullOf", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "firstNotNullOfOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "firstOrNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "firstOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "firstOrNull", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "flatMapIndexedIterableTo", "(Iterable,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "flatMapIndexedSequenceTo", "(Iterable,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "flatMapSequenceTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "flatMapTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "flatten", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "fold", "(Iterable,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "foldIndexed", "(Iterable,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "foldRight", "(List,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "foldRightIndexed", "(List,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "getOrElse", "(List,int,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "getOrNull", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "groupByTo", "(Iterable,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "groupByTo", "(Iterable,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "ifEmpty", "(Collection,Function0)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "intersect", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "iterator", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0].Element", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinTo", "(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinToString", "(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinToString", "(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinToString", "(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinToString", "(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "joinToString", "(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "last", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "last", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "last", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "last", "(List,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "lastOrNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "lastOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "lastOrNull", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "lastOrNull", "(List,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "listOf", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "listOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "listOfNotNull", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "map", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapIndexedNotNullTo", "(Iterable,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapIndexedTo", "(Iterable,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapNotNullTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapTo", "(Iterable,Collection,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mapTo", "(Iterable,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "max", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxBy", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxByOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxByOrThrow", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxOfWith", "(Iterable,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxOfWithOrNull", "(Iterable,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxOrNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxOrThrow", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxWith", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxWithOrNull", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "maxWithOrThrow", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "min", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minBy", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minByOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minByOrThrow", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minOfWith", "(Iterable,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minOfWithOrNull", "(Iterable,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minOrNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minOrThrow", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minWith", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minWithOrNull", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minWithOrThrow", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minus", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minus", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minus", "(Iterable,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minus", "(Iterable,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "minusElement", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "mutableListOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "onEach", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "onEachIndexed", "(Iterable,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "orEmpty", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "orEmpty", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "partition", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Collection,Sequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plus", "(Iterable,Sequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusAssign", "(Collection,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusAssign", "(Collection,Object)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusAssign", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusAssign", "(Collection,Sequence)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusElement", "(Collection,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusElement", "(Collection,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusElement", "(Iterable,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "plusElement", "(Iterable,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "random", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "random", "(Collection,Random)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "randomOrNull", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "randomOrNull", "(Collection,Random)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduce", "(Iterable,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceIndexed", "(Iterable,Function3)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceIndexedOrNull", "(Iterable,Function3)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceOrNull", "(Iterable,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceRight", "(List,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceRightIndexed", "(List,Function3)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceRightIndexedOrNull", "(List,Function3)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reduceRightOrNull", "(List,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "remove", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "removeFirst", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "removeFirstOrNull", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "removeLast", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "removeLastOrNull", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "requireNoNulls", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "requireNoNulls", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "reversed", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "runningFold", "(Iterable,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "runningFoldIndexed", "(Iterable,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "scan", "(Iterable,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "scanIndexed", "(Iterable,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "shuffled", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "shuffled", "(Iterable,Random)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "single", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "single", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "single", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "singleOrNull", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "singleOrNull", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "singleOrNull", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "slice", "(List,IntRange)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "slice", "(List,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "sorted", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "sortedBy", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "sortedByDescending", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "sortedDescending", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "sortedWith", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "subtract", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "take", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "takeLast", "(List,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "takeLastWhile", "(List,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "takeWhile", "(Iterable,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toCollection", "(Iterable,Collection)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toCollection", "(Iterable,Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toCollection", "(Iterable,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toHashSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toList", "(Enumeration)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toList", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toMutableList", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toMutableList", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toMutableSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toSortedSet", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "toSortedSet", "(Iterable,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "union", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "union", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "unzip", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "withIndex", "(Iterator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Iterable,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Iterable,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Object[],Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zip", "(Iterable,Object[],Function2)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zipWithNext", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "CollectionsKt", false, "zipWithNext", "(Iterable,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "GroupingKt", false, "aggregateTo", "(Grouping,Map,Function4)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "GroupingKt", false, "eachCountTo", "(Grouping,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "GroupingKt", false, "foldTo", "(Grouping,Map,Function2,Function3)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "GroupingKt", false, "foldTo", "(Grouping,Map,Object,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "GroupingKt", false, "reduceTo", "(Grouping,Map,Function3)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "IndexedValue", false, "IndexedValue", "(int,Object)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.collections", "IndexedValue", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "IndexedValue", false, "copy", "(int,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "IndexedValue", false, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "IndexedValue", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapAccessorsKt", false, "getValue", "(Map,Object,KProperty)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapAccessorsKt", false, "getVar", "(Map,Object,KProperty)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapAccessorsKt", false, "setValue", "(Map,Object,KProperty,Object)", "", "Argument[2]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapAccessorsKt", false, "setValue", "(Map,Object,KProperty,Object)", "", "Argument[3]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "asIterable", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "component1", "(Entry)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "component2", "(Entry)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filter", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterKeys", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterNot", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterNotTo", "(Map,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterNotTo", "(Map,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterNotTo", "(Map,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterTo", "(Map,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterTo", "(Map,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterTo", "(Map,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "filterValues", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "firstNotNullOf", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "firstNotNullOfOrNull", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "flatMapSequenceTo", "(Map,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "flatMapTo", "(Map,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "get", "(Map,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "getOrElse", "(Map,Object,Function0)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "getOrPut", "(ConcurrentMap,Object,Function0)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "getOrPut", "(Map,Object,Function0)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "getOrPut", "(Map,Object,Function0)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "getValue", "(Map,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "ifEmpty", "(Map,Function0)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "iterator", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "map", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapKeys", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapKeysTo", "(Map,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapKeysTo", "(Map,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapKeysTo", "(Map,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapNotNullTo", "(Map,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapOf", "(Pair)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapTo", "(Map,Collection,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapTo", "(Map,Collection,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapTo", "(Map,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapValues", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapValuesTo", "(Map,Map,Function1)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapValuesTo", "(Map,Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mapValuesTo", "(Map,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxBy", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxByOrNull", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxByOrThrow", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxOfWith", "(Map,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxOfWithOrNull", "(Map,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxWith", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxWithOrNull", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "maxWithOrThrow", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minBy", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minByOrNull", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minByOrThrow", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minOfWith", "(Map,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minOfWithOrNull", "(Map,Comparator,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minWith", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minWithOrNull", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minWithOrThrow", "(Map,Comparator)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minus", "(Map,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minus", "(Map,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minus", "(Map,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "minus", "(Map,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "mutableIterator", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "onEach", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "onEachIndexed", "(Map,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "orEmpty", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Pair)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Pair)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Pair[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Pair[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plus", "(Map,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plusAssign", "(Map,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plusAssign", "(Map,Map)", "", "Argument[1].Element", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plusAssign", "(Map,Pair)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "plusAssign", "(Map,Sequence)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "putAll", "(Map,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "putAll", "(Map,Sequence)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "remove", "(Map,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "set", "(Map,Object,Object)", "", "Argument[1]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "set", "(Map,Object,Object)", "", "Argument[2]", "Argument[0].Element", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toList", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Iterable,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Map,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Pair[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Pair[],Map)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMap", "(Sequence,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toMutableMap", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toPair", "(Entry)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "toSortedMap", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "withDefault", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "withDefault", "(Map,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "withDefaultMutable", "(Map,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "MapsKt", false, "withDefaultMutable", "(Map,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "minus", "(Set,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "minus", "(Set,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "minus", "(Set,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "minus", "(Set,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "minusElement", "(Set,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "orEmpty", "(Set)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Iterable)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Sequence)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plus", "(Set,Sequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plusElement", "(Set,Object)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "plusElement", "(Set,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "setOf", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "setOf", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "SetsKt", false, "setOfNotNull", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "asByteArray", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "asUByteArray", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "associateWithTo", "(UByteArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "associateWithTo", "(UIntArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "associateWithTo", "(ULongArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "associateWithTo", "(UShortArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "contentToString", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "contentToString", "(UIntArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "contentToString", "(ULongArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "contentToString", "(UShortArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(UByteArray,UByteArray,int,int,int)", "", "Argument[0].Element", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(UByteArray,UByteArray,int,int,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(UByteArray,UByteArray,int,int,int)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(UIntArray,UIntArray,int,int,int)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(ULongArray,ULongArray,int,int,int)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyInto", "(UShortArray,UShortArray,int,int,int)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyOf", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyOf", "(UByteArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "copyOfRange", "(UByteArray,int,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "drop", "(UByteArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "drop", "(UIntArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "drop", "(ULongArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "drop", "(UShortArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLast", "(UByteArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLast", "(UIntArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLast", "(ULongArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLast", "(UShortArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLastWhile", "(UByteArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLastWhile", "(UIntArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLastWhile", "(ULongArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "dropLastWhile", "(UShortArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterIndexedTo", "(UByteArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterIndexedTo", "(UIntArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterIndexedTo", "(ULongArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterIndexedTo", "(UShortArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterNotTo", "(UByteArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterNotTo", "(UIntArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterNotTo", "(ULongArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterNotTo", "(UShortArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterTo", "(UByteArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterTo", "(UIntArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterTo", "(ULongArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "filterTo", "(UShortArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapIndexedTo", "(UByteArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapIndexedTo", "(UIntArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapIndexedTo", "(ULongArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapIndexedTo", "(UShortArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapTo", "(UByteArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapTo", "(UIntArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapTo", "(ULongArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "flatMapTo", "(UShortArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "fold", "(UByteArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "fold", "(UIntArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "fold", "(ULongArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "fold", "(UShortArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldIndexed", "(UByteArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldIndexed", "(UIntArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldIndexed", "(ULongArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldIndexed", "(UShortArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRight", "(UByteArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRight", "(UIntArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRight", "(ULongArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRight", "(UShortArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRightIndexed", "(UByteArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRightIndexed", "(UIntArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRightIndexed", "(ULongArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "foldRightIndexed", "(UShortArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UByteArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UByteArray,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UIntArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UIntArray,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(ULongArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(ULongArray,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UShortArray,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "groupByTo", "(UShortArray,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapIndexedTo", "(UByteArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapIndexedTo", "(UIntArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapIndexedTo", "(ULongArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapIndexedTo", "(UShortArray,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapTo", "(UByteArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapTo", "(UIntArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapTo", "(ULongArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "mapTo", "(UShortArray,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEach", "(UByteArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEach", "(UIntArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEach", "(ULongArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEach", "(UShortArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEachIndexed", "(UByteArray,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEachIndexed", "(UIntArray,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEachIndexed", "(ULongArray,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "onEachIndexed", "(UShortArray,Function2)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "plus", "(UByteArray,Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "plus", "(UByteArray,UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "plus", "(UByteArray,UByteArray)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "plus", "(UByteArray,byte)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "reversed", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "reversed", "(UIntArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "reversed", "(ULongArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "reversed", "(UShortArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "reversedArray", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFold", "(UByteArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFold", "(UIntArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFold", "(ULongArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFold", "(UShortArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFoldIndexed", "(UByteArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFoldIndexed", "(UIntArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFoldIndexed", "(ULongArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "runningFoldIndexed", "(UShortArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scan", "(UByteArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scan", "(UIntArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scan", "(ULongArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scan", "(UShortArray,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scanIndexed", "(UByteArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scanIndexed", "(UIntArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scanIndexed", "(ULongArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "scanIndexed", "(UShortArray,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sliceArray", "(UByteArray,IntRange)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArray", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArray", "(UIntArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArray", "(ULongArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArray", "(UShortArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArrayDescending", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArrayDescending", "(UIntArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArrayDescending", "(ULongArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedArrayDescending", "(UShortArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "sortedDescending", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "take", "(UByteArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "take", "(UIntArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "take", "(ULongArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "take", "(UShortArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLast", "(UByteArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLast", "(UIntArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLast", "(ULongArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLast", "(UShortArray,int)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLastWhile", "(UByteArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLastWhile", "(UIntArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLastWhile", "(ULongArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "takeLastWhile", "(UShortArray,Function1)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "toByteArray", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.collections", "UArraysKt", false, "toUByteArray", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable,Comparable)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Comparable,Comparable[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object,Comparator)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object,Object,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object,Object,Comparator)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object,Object,Comparator)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "maxOf", "(Object,Object[],Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable,Comparable)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Comparable,Comparable[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object,Comparator)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object,Object,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object,Object,Comparator)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object,Object,Comparator)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "minOf", "(Object,Object[],Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", false, "reversed", "(Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "AbstractCoroutineContextElement", true, "AbstractCoroutineContextElement", "(Key)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.coroutines", "AbstractCoroutineContextKey", true, "AbstractCoroutineContextKey", "(Key,Function1)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.coroutines", "AbstractCoroutineContextKey", true, "AbstractCoroutineContextKey", "(Key,Function1)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "fold", "(Object,Function2)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "fold", "(Object,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "get", "(Key)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "minusKey", "(Key)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "minusKey", "(Key)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "plus", "(CoroutineContext)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", true, "plus", "(CoroutineContext)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext$Element", true, "getKey", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContextImplKt", false, "getPolymorphicElement", "(Element,Key)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines", "CoroutineContextImplKt", false, "minusPolymorphicKey", "(Element,Key)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", false, "intercepted", "(Continuation)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.coroutines.jvm.internal", "CoroutineStackFrame", true, "getCallerFrame", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "AccessDeniedException", false, "AccessDeniedException", "(File,File,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "AccessDeniedException", false, "AccessDeniedException", "(File,File,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "AccessDeniedException", false, "AccessDeniedException", "(File,File,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "buffered", "(InputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "buffered", "(OutputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "bufferedReader", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "byteInputStream", "(String,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "copyTo", "(InputStream,OutputStream,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "inputStream", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "inputStream", "(byte[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "readBytes", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "readBytes", "(InputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", false, "reader", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "CloseableKt", false, "use", "(Closeable,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileAlreadyExistsException", false, "FileAlreadyExistsException", "(File,File,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileAlreadyExistsException", false, "FileAlreadyExistsException", "(File,File,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileAlreadyExistsException", false, "FileAlreadyExistsException", "(File,File,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "FileSystemException", "(File,File,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "FileSystemException", "(File,File,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "FileSystemException", "(File,File,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "getFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "getOther", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileSystemException", true, "getReason", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "maxDepth", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onEnter", "(Function1)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onEnter", "(Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onFail", "(Function2)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onFail", "(Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onLeave", "(Function1)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FileTreeWalk", false, "onLeave", "(Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "copyTo", "(File,File,boolean,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "relativeToOrSelf", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "resolve", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "resolve", "(File,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "resolveSibling", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "resolveSibling", "(File,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "walk", "(File,FileWalkDirection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "walkBottomUp", "(File)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "FilesKt", false, "walkTopDown", "(File)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "NoSuchFileException", false, "NoSuchFileException", "(File,File,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "NoSuchFileException", false, "NoSuchFileException", "(File,File,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "NoSuchFileException", false, "NoSuchFileException", "(File,File,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "buffered", "(Reader,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "buffered", "(Writer,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "copyTo", "(Reader,Writer,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "forEachLine", "(Reader,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "lineSequence", "(BufferedReader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "readText", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "reader", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.io", "TextStreamsKt", false, "useLines", "(Reader,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", true, "AdaptedFunctionReference", "(int,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", true, "AdaptedFunctionReference", "(int,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", true, "AdaptedFunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", true, "AdaptedFunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", true, "AdaptedFunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[4]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorKt", false, "iterator", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", false, "iterator", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", false, "iterator", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ByteSpreadBuilder", false, "toArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CallableReference", true, "compute", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CallableReference", true, "getBoundReceiver", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CallableReference", true, "getSignature", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CharSpreadBuilder", false, "toArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference$Companion", false, "getClassQualifiedName", "(Class)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference$Companion", false, "getClassSimpleName", "(Class)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CollectionToArray", false, "toArray", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "CollectionToArray", false, "toArray", "(Collection,Object[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", true, "FunctionReference", "(int,Object)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", true, "FunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", true, "FunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", true, "FunctionReference", "(int,Object,Class,String,String,int)", "", "Argument[4]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,KDeclarationContainer,String,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,Object,Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReferenceImpl", true, "FunctionReferenceImpl", "(int,Object,Class,String,String,int)", "", "Argument[4]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", true, "stringPlus", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", true, "stringPlus", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference", true, "MutablePropertyReference", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference", true, "MutablePropertyReference", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference", true, "MutablePropertyReference", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference", true, "MutablePropertyReference", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0", true, "MutablePropertyReference0", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0", true, "MutablePropertyReference0", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0", true, "MutablePropertyReference0", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0", true, "MutablePropertyReference0", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0Impl", true, "MutablePropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1", true, "MutablePropertyReference1", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1", true, "MutablePropertyReference1", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1", true, "MutablePropertyReference1", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1", true, "MutablePropertyReference1", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1Impl", true, "MutablePropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2", true, "MutablePropertyReference2", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2", true, "MutablePropertyReference2", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2Impl", true, "MutablePropertyReference2Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2Impl", true, "MutablePropertyReference2Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2Impl", true, "MutablePropertyReference2Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2Impl", true, "MutablePropertyReference2Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PackageReference", false, "PackageReference", "(Class,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PrimitiveSpreadBuilder", true, "addSpread", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", true, "PropertyReference", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", true, "PropertyReference", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", true, "PropertyReference", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", true, "PropertyReference", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0", true, "PropertyReference0", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0", true, "PropertyReference0", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0", true, "PropertyReference0", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0", true, "PropertyReference0", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0Impl", true, "PropertyReference0Impl", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1", true, "PropertyReference1", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1", true, "PropertyReference1", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1", true, "PropertyReference1", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1", true, "PropertyReference1", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1Impl", true, "PropertyReference1Impl", "(Object,Class,String,String,int)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2", true, "PropertyReference2", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2", true, "PropertyReference2", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2Impl", true, "PropertyReference2Impl", "(Class,String,String,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2Impl", true, "PropertyReference2Impl", "(Class,String,String,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2Impl", true, "PropertyReference2Impl", "(KDeclarationContainer,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2Impl", true, "PropertyReference2Impl", "(KDeclarationContainer,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "function", "(FunctionReference)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "getOrCreateKotlinPackage", "(Class,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "mutableCollectionType", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "mutableProperty0", "(MutablePropertyReference0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "mutableProperty1", "(MutablePropertyReference1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "mutableProperty2", "(MutablePropertyReference2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "nothingType", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "nullableTypeOf", "(Class,KTypeProjection)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "nullableTypeOf", "(Class,KTypeProjection,KTypeProjection)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "nullableTypeOf", "(Class,KTypeProjection,KTypeProjection)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "nullableTypeOf", "(KClassifier)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "platformType", "(KType,KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "platformType", "(KType,KType)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "property0", "(PropertyReference0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "property1", "(PropertyReference1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "property2", "(PropertyReference2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "setUpperBounds", "(KTypeParameter,KType)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeOf", "(Class,KTypeProjection)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeOf", "(Class,KTypeProjection,KTypeProjection)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeOf", "(Class,KTypeProjection,KTypeProjection)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeOf", "(KClassifier)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeParameter", "(Object,String,KVariance,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", true, "typeParameter", "(Object,String,KVariance,boolean)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "function", "(FunctionReference)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "getOrCreateKotlinPackage", "(Class,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "mutableCollectionType", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "mutableProperty0", "(MutablePropertyReference0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "mutableProperty1", "(MutablePropertyReference1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "mutableProperty2", "(MutablePropertyReference2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "nothingType", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "platformType", "(KType,KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "platformType", "(KType,KType)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "property0", "(PropertyReference0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "property1", "(PropertyReference1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "property2", "(PropertyReference2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "setUpperBounds", "(KTypeParameter,List)", "", "Argument[1].Element", "Argument[0]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "typeOf", "(KClassifier,List,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "typeOf", "(KClassifier,List,boolean)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "typeParameter", "(Object,String,KVariance,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", true, "typeParameter", "(Object,String,KVariance,boolean)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", true, "add", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", true, "addSpread", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", true, "toArray", "(Object[])", "", "Argument[-1]", "Argument[0].ArrayElement", "taint", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", true, "toArray", "(Object[])", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableCollection", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableCollection", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableIterable", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableIterable", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableIterator", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableIterator", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableList", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableList", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableListIterator", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableListIterator", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableMap", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableMap", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableMapEntry", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableMapEntry", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableSet", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "asMutableSet", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "beforeCheckcastToFunctionOfArity", "(Object,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "beforeCheckcastToFunctionOfArity", "(Object,int,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToCollection", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToIterable", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToIterator", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToList", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToListIterator", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToMap", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToMapEntry", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", true, "castToSet", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", false, "TypeParameterReference", "(Object,String,KVariance,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", false, "TypeParameterReference", "(Object,String,KVariance,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", false, "setUpperBounds", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "TypeReference", "(KClassifier,List,KType,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "TypeReference", "(KClassifier,List,KType,int)", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "TypeReference", "(KClassifier,List,KType,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "TypeReference", "(KClassifier,List,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "TypeReference", "(KClassifier,List,boolean)", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.properties", "ObservableProperty", true, "ObservableProperty", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.random", "PlatformRandomKt", false, "asJavaRandom", "(Random)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.random", "PlatformRandomKt", false, "asKotlinRandom", "(Random)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.random", "Random", true, "nextBytes", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.random", "Random", true, "nextBytes", "(byte[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.random", "URandomKt", false, "nextUBytes", "(Random,UByteArray)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.random", "URandomKt", false, "nextUBytes", "(Random,UByteArray,int,int)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "CharRange$Companion", false, "getEMPTY", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "IntRange$Companion", false, "getEMPTY", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "LongRange$Companion", false, "getEMPTY", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceAtLeast", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceAtLeast", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceAtMost", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceAtMost", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceIn", "(Comparable,ClosedFloatingPointRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceIn", "(Comparable,ClosedRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceIn", "(Comparable,Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceIn", "(Comparable,Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "coerceIn", "(Comparable,Comparable,Comparable)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "rangeTo", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "rangeTo", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "rangeUntil", "(Comparable,Comparable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "RangesKt", false, "rangeUntil", "(Comparable,Comparable)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "UIntRange$Companion", false, "getEMPTY", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.ranges", "ULongRange$Companion", false, "getEMPTY", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KClasses", false, "cast", "(KClass,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KClasses", false, "safeCast", "(KClass,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KType", true, "getArguments", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KType", true, "getClassifier", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", true, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", true, "getUpperBounds", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "KTypeProjection", "(KVariance,KType)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "contravariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "copy", "(KVariance,KType)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "covariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "getType", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "invariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection$Companion", false, "contravariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection$Companion", false, "covariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "KTypeProjection$Companion", false, "invariant", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "TypesJVMKt", false, "getJavaType", "(KType)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.reflect", "WildcardTypeImpl$Companion", false, "getSTAR", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequenceScope", true, "yieldAll", "(Sequence)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "asSequence", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateBy", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateByTo", "(Sequence,Map,Function1)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateByTo", "(Sequence,Map,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateByTo", "(Sequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateByTo", "(Sequence,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateTo", "(Sequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateWith", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateWithTo", "(Sequence,Map,Function1)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateWithTo", "(Sequence,Map,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "associateWithTo", "(Sequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "chunked", "(Sequence,int,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "constrainOnce", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "distinct", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "distinctBy", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "distinctBy", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "drop", "(Sequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "dropWhile", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "dropWhile", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "elementAt", "(Sequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "elementAtOrElse", "(Sequence,int,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "elementAtOrNull", "(Sequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filter", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filter", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIndexedTo", "(Sequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstance", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstance", "(Sequence,Class)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection,Class)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection,Class)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterIsInstanceTo", "(Sequence,Collection,Class)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNot", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNot", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotNullTo", "(Sequence,Collection)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotNullTo", "(Sequence,Collection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotNullTo", "(Sequence,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterNotTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "filterTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "find", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "findLast", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "first", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "first", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "firstNotNullOf", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "firstNotNullOfOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "firstOrNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "firstOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMap", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMap", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapIndexedIterableTo", "(Sequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapIndexedSequenceTo", "(Sequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapIterable", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapIterable", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapIterableTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatMapTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flatten", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "flattenSequenceOfIterable", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "fold", "(Sequence,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "foldIndexed", "(Sequence,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "generateSequence", "(Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "generateSequence", "(Function0,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "generateSequence", "(Function0,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "generateSequence", "(Object,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "groupByTo", "(Sequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "groupByTo", "(Sequence,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinTo", "(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[6]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinToString", "(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinToString", "(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinToString", "(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinToString", "(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "joinToString", "(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1)", "", "Argument[5]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "last", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "last", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "lastOrNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "lastOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "map", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "map", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexed", "(Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexed", "(Sequence,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexedNotNull", "(Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexedNotNull", "(Sequence,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexedNotNullTo", "(Sequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapIndexedTo", "(Sequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapNotNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapNotNull", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapNotNullTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapTo", "(Sequence,Collection,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "mapTo", "(Sequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "max", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxBy", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxByOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxByOrThrow", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxOfWith", "(Sequence,Comparator,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxOfWithOrNull", "(Sequence,Comparator,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxOrNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxOrThrow", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxWith", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxWithOrNull", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "maxWithOrThrow", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "min", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minBy", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minByOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minByOrThrow", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minOfWith", "(Sequence,Comparator,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minOfWithOrNull", "(Sequence,Comparator,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minOrNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minOrThrow", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minWith", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minWithOrNull", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minWithOrThrow", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "minus", "(Sequence,Object[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "onEach", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "onEachIndexed", "(Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "orEmpty", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "partition", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "reduce", "(Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "reduceIndexed", "(Sequence,Function3)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "reduceIndexedOrNull", "(Sequence,Function3)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "reduceOrNull", "(Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "requireNoNulls", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "single", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "single", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "singleOrNull", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "singleOrNull", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "take", "(Sequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "takeWhile", "(Sequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "takeWhile", "(Sequence,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toCollection", "(Sequence,Collection)", "", "Argument[0]", "Argument[1].Element", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toCollection", "(Sequence,Collection)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toCollection", "(Sequence,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toHashSet", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toList", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toMutableList", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toMutableSet", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toSet", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toSortedSet", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "toSortedSet", "(Sequence,Comparator)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "unzip", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "windowed", "(Sequence,int,int,boolean,Function1)", "", "Argument[4]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "withIndex", "(Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "zip", "(Sequence,Sequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "zip", "(Sequence,Sequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "zip", "(Sequence,Sequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "zip", "(Sequence,Sequence,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.sequences", "SequencesKt", false, "zip", "(Sequence,Sequence,Function2)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "CharsKt", false, "plus", "(char,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "MatchGroup", "(String,IntRange)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "MatchGroup", "(String,IntRange)", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "component1", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "copy", "(String,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "copy", "(String,IntRange)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "getRange", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchGroup", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult", true, "getDestructured", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult", true, "getGroupValues", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult", true, "getGroups", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult", true, "next", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component1", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component10", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component3", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component4", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component5", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component6", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component7", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component8", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "component9", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "getMatch", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "MatchResult$Destructured", false, "toList", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "find", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "getOptions", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "matchEntire", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "replace", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "replace", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "replace", "(CharSequence,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "replaceFirst", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "replaceFirst", "(CharSequence,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex", false, "toPattern", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "Regex$Companion", false, "escape", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(StringBuffer)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(byte[],Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(byte[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(byte[],int,int,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "String", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(Appendable,CharSequence[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(StringBuilder,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(StringBuilder,Object)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(StringBuilder,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(StringBuilder,Object[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "append", "(StringBuilder,String[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(Appendable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(Appendable,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(Appendable,CharSequence)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(Appendable,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(Appendable,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,CharSequence)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,Object)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,String)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuffer)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuffer)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuffer)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuilder)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,StringBuilder)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,byte)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,char[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,char[])", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,double)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,float)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendLine", "(StringBuilder,short)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(Appendable,CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(Appendable,CharSequence,int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(Appendable,CharSequence,int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,CharSequence,int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,CharSequence,int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,char[],int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendRange", "(StringBuilder,char[],int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(Appendable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(Appendable,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(Appendable,CharSequence)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(Appendable,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(Appendable,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,CharSequence)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,Object)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,String)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuffer)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuffer)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuffer)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuilder)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,StringBuilder)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,byte)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,char[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,char[])", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,double)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,float)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "appendln", "(StringBuilder,short)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "associateByTo", "(CharSequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "associateByTo", "(CharSequence,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "associateTo", "(CharSequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "associateWithTo", "(CharSequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "capitalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "capitalize", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "clear", "(StringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "concatToString", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "concatToString", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "decapitalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "decapitalize", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "decodeToString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "decodeToString", "(byte[],int,int,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "drop", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "drop", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropLast", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropLast", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropLastWhile", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropLastWhile", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropWhile", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "dropWhile", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "encodeToByteArray", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "encodeToByteArray", "(String,int,int,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "filterIndexedTo", "(CharSequence,Appendable,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "filterNotTo", "(CharSequence,Appendable,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "filterTo", "(CharSequence,Appendable,Function1)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "findAnyOf", "(CharSequence,Collection,int,boolean)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "findLastAnyOf", "(CharSequence,Collection,int,boolean)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "flatMapIndexedIterableTo", "(CharSequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "flatMapTo", "(CharSequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "fold", "(CharSequence,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "foldIndexed", "(CharSequence,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "foldRight", "(CharSequence,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "foldRightIndexed", "(CharSequence,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(String,Locale,Object[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(String,Locale,Object[])", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(StringCompanionObject,Locale,String,Object[])", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(StringCompanionObject,Locale,String,Object[])", "", "Argument[3].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(StringCompanionObject,String,Object[])", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "format", "(StringCompanionObject,String,Object[])", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "formatNullable", "(String,Locale,Object[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "formatNullable", "(String,Locale,Object[])", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "formatNullable", "(StringCompanionObject,Locale,String,Object[])", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "formatNullable", "(StringCompanionObject,Locale,String,Object[])", "", "Argument[3].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "groupByTo", "(CharSequence,Map,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "groupByTo", "(CharSequence,Map,Function1,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "ifBlank", "(CharSequence,Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "ifEmpty", "(CharSequence,Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,CharSequence,int,int)", "", "Argument[2]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,CharSequence,int,int)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,char[],int,int)", "", "Argument[2]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "insertRange", "(StringBuilder,int,char[],int,int)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "intern", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "lineSequence", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "lines", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "lowercase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "lowercase", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "mapIndexedNotNullTo", "(CharSequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "mapIndexedTo", "(CharSequence,Collection,Function2)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "mapNotNullTo", "(CharSequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "mapTo", "(CharSequence,Collection,Function1)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "onEach", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "onEachIndexed", "(CharSequence,Function2)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "orEmpty", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "padEnd", "(CharSequence,int,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "padStart", "(CharSequence,int,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "prependIndent", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removePrefix", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removePrefix", "(String,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeRange", "(CharSequence,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeRange", "(CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSuffix", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSuffix", "(String,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSurrounding", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSurrounding", "(CharSequence,CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSurrounding", "(String,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "removeSurrounding", "(String,CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "repeat", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replace", "(CharSequence,Regex,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replace", "(CharSequence,Regex,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replace", "(CharSequence,Regex,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replace", "(String,char,char,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceAfter", "(String,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceAfter", "(String,char,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceAfterLast", "(String,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceAfterLast", "(String,char,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceBefore", "(String,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceBefore", "(String,char,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceBeforeLast", "(String,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceBeforeLast", "(String,char,String,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirst", "(CharSequence,Regex,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirst", "(CharSequence,Regex,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirst", "(String,String,String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirst", "(String,char,char,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirstCharWithChar", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceFirstCharWithCharSequence", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceRange", "(CharSequence,IntRange,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceRange", "(CharSequence,IntRange,CharSequence)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceRange", "(CharSequence,int,int,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "replaceRange", "(CharSequence,int,int,CharSequence)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "reversed", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "runningFold", "(CharSequence,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "runningFoldIndexed", "(CharSequence,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "scan", "(CharSequence,Object,Function2)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "scanIndexed", "(CharSequence,Object,Function3)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "setRange", "(StringBuilder,int,int,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "setRange", "(StringBuilder,int,int,String)", "", "Argument[3]", "Argument[0]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "setRange", "(StringBuilder,int,int,String)", "", "Argument[3]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "slice", "(CharSequence,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "slice", "(String,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "split", "(CharSequence,Pattern,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "splitToSequence", "(CharSequence,String[],boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "splitToSequence", "(CharSequence,char[],boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "subSequence", "(CharSequence,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "subSequence", "(String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substring", "(String,IntRange)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substring", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substring", "(String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfter", "(String,String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfter", "(String,String,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfter", "(String,char,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfter", "(String,char,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfterLast", "(String,String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfterLast", "(String,String,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfterLast", "(String,char,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringAfterLast", "(String,char,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBefore", "(String,String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBefore", "(String,String,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBefore", "(String,char,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBefore", "(String,char,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBeforeLast", "(String,String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBeforeLast", "(String,String,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBeforeLast", "(String,char,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "substringBeforeLast", "(String,char,String)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "take", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "take", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeLast", "(CharSequence,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeLast", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeLastWhile", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeLastWhile", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeWhile", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "takeWhile", "(String,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toByteArray", "(String,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(String,char[],int,int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(String,char[],int,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(String,char[],int,int,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCharArray", "(StringBuilder,char[],int,int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toCollection", "(CharSequence,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toLowerCase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toLowerCase", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toRegex", "(Pattern)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toUpperCase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "toUpperCase", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trim", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trim", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trim", "(CharSequence,char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimEnd", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimEnd", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimEnd", "(CharSequence,char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimStart", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimStart", "(CharSequence,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "trimStart", "(CharSequence,char[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "uppercase", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.text", "StringsKt", false, "uppercase", "(String,Locale)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "div", "(double)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "div", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "getAbsoluteValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "minus", "(Duration)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "plus", "(Duration)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin.time", "Duration", false, "times", "(double)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration", false, "times", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration$Companion", false, "getINFINITE", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "Duration$Companion", false, "getZERO", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "DurationKt", false, "times", "(double,Duration)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "DurationKt", false, "times", "(int,Duration)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimeMark", true, "minus", "(Duration)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimeMark", true, "plus", "(Duration)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimeMark", true, "plus", "(Duration)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimeSource", true, "markNow", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "TimedValue", "(Object,Duration)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "TimedValue", "(Object,Duration)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "component1", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "copy", "(Object,Duration)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "copy", "(Object,Duration)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "getDuration", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin.time", "TimedValue", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "DeepRecursiveFunction", false, "DeepRecursiveFunction", "(SuspendFunction2)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "KotlinVersion$Companion", false, "getCURRENT", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "getValue", "(Lazy,Object,KProperty)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "lazy", "(Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "lazy", "(LazyThreadSafetyMode,Function0)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "lazy", "(Object,Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "lazy", "(Object,Function0)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "LazyKt", false, "lazyOf", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "Pair", "(Object,Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "Pair", false, "Pair", "(Object,Object)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "Pair", false, "component1", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "copy", "(Object,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "copy", "(Object,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "getFirst", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "getSecond", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Pair", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "PreconditionsKt", false, "checkNotNull", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "PreconditionsKt", false, "checkNotNull", "(Object,Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "PreconditionsKt", false, "requireNotNull", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "PreconditionsKt", false, "requireNotNull", "(Object,Function0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Result", false, "exceptionOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Result", false, "getOrNull", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Result", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Result$Companion", false, "failure", "(Throwable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Result$Companion", false, "success", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "fold", "(Result,Function1,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "getOrDefault", "(Result,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "getOrDefault", "(Result,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "getOrElse", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "getOrThrow", "(Result)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "map", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "mapCatching", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "onFailure", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "onSuccess", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "recover", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ResultKt", false, "recoverCatching", "(Result,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "also", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "apply", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "let", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "run", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "takeIf", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "takeUnless", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "StandardKt", false, "with", "(Object,Function1)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "SuspendKt", false, "suspend", "(SuspendFunction0)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "Triple", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "Triple", false, "Triple", "(Object,Object,Object)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "Triple", false, "Triple", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["kotlin", "Triple", false, "component1", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "component2", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "component3", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "copy", "(Object,Object,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "copy", "(Object,Object,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "copy", "(Object,Object,Object)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "getFirst", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "getSecond", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "getThird", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "Triple", false, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "TuplesKt", false, "to", "(Object,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "TuplesKt", false, "to", "(Object,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "TuplesKt", false, "toList", "(Pair)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "TuplesKt", false, "toList", "(Triple)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "UByte", false, "toUByte", "()", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin", "UByteArrayKt", false, "ubyteArrayOf", "(UByteArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "UInt", false, "toUInt", "()", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin", "UIntArrayKt", false, "uintArrayOf", "(UIntArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "ULong", false, "toULong", "()", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin", "ULongArrayKt", false, "ulongArrayOf", "(ULongArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["kotlin", "UShort", false, "toUShort", "()", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["kotlin", "UShortArrayKt", false, "ushortArrayOf", "(UShortArray)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["kotlin.annotation", "AnnotationRetention", "valueOf", "(String)", "generated"]
+      - ["kotlin.annotation", "AnnotationRetention", "values", "()", "generated"]
+      - ["kotlin.annotation", "AnnotationTarget", "valueOf", "(String)", "generated"]
+      - ["kotlin.annotation", "AnnotationTarget", "values", "()", "generated"]
+      - ["kotlin.annotation", "MustBeDocumented", "MustBeDocumented", "()", "generated"]
+      - ["kotlin.annotation", "Repeatable", "Repeatable", "()", "generated"]
+      - ["kotlin.annotation", "Retention", "Retention", "(AnnotationRetention)", "generated"]
+      - ["kotlin.annotation", "Retention", "value", "()", "generated"]
+      - ["kotlin.annotation", "Target", "Target", "(AnnotationTarget[])", "generated"]
+      - ["kotlin.annotation", "Target", "allowedTargets", "()", "generated"]
+      - ["kotlin.collections", "AbstractIterator", "AbstractIterator", "()", "generated"]
+      - ["kotlin.collections", "AbstractList", "equals", "(Object)", "generated"]
+      - ["kotlin.collections", "AbstractList", "hashCode", "()", "generated"]
+      - ["kotlin.collections", "AbstractMap", "equals", "(Object)", "generated"]
+      - ["kotlin.collections", "AbstractMap", "hashCode", "()", "generated"]
+      - ["kotlin.collections", "AbstractMap", "toString", "()", "generated"]
+      - ["kotlin.collections", "AbstractSet", "equals", "(Object)", "generated"]
+      - ["kotlin.collections", "AbstractSet", "hashCode", "()", "generated"]
+      - ["kotlin.collections", "ArrayDeque", "ArrayDeque", "()", "generated"]
+      - ["kotlin.collections", "ArrayDeque", "ArrayDeque", "(int)", "generated"]
+      - ["kotlin.collections", "ArrayList", "ArrayList", "()", "generated"]
+      - ["kotlin.collections", "ArrayList", "ArrayList", "(Collection)", "generated"]
+      - ["kotlin.collections", "ArrayList", "ArrayList", "(int)", "generated"]
+      - ["kotlin.collections", "ArrayList", "ensureCapacity", "(int)", "generated"]
+      - ["kotlin.collections", "ArrayList", "trimToSize", "()", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "all", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "any", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asIterable", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asList", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "asSequence", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associate", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(Object[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(boolean[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(byte[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(char[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(double[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(float[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(int[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(long[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateBy", "(short[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "associateWith", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "average", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfByte", "(Byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfDouble", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfFloat", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfInt", "(Integer[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfLong", "(Long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "averageOfShort", "(Short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(Object[],Object,Comparator,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(Object[],Object,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(byte[],byte,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(char[],char,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(double[],double,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(float[],float,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(int[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(long[],long,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "binarySearch", "(short[],short,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component1", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component2", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component3", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component4", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "component5", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(Object[],Object)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(boolean[],boolean)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(byte[],byte)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(char[],char)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(double[],double)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(float[],float)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(long[],long)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contains", "(short[],short)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepEqualsInline", "(Object[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepEqualsNullable", "(Object[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepHashCodeInline", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepHashCodeNullable", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepToStringInline", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentDeepToStringNullable", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(Object[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(boolean[],boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(byte[],byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(char[],char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(double[],double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(float[],float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(int[],int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(long[],long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEquals", "(short[],short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(Object[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(boolean[],boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(byte[],byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(char[],char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(double[],double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(float[],float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(int[],int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(long[],long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentEqualsNullable", "(short[],short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCode", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentHashCodeNullable", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToString", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "contentToStringNullable", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(boolean[],boolean[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(double[],double[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(float[],float[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(int[],int[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(long[],long[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyInto", "(short[],short[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOf", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(boolean[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(double[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(float[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(int[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(long[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "copyOfRangeInline", "(short[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "count", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinct", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "distinctBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "drop", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLast", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropLastWhile", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "dropWhile", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(Object[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAt", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(Object[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(boolean[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(byte[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(char[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(double[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(float[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(int[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(long[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrElse", "(short[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(Object[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "elementAtOrNull", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(boolean[],boolean,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(byte[],byte,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(char[],char,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(double[],double,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(float[],float,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(int[],int,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(long[],long,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "fill", "(short[],short,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filter", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIndexed", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIsInstance", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterIsInstance", "(Object[],Class)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNot", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "filterNotNull", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "find", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "findLast", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "first", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstNotNullOf", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstNotNullOfOrNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "firstOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMap", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedIterable", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapIndexedSequence", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatMapSequence", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "flatten", "(Object[][])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEach", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "forEachIndexed", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getIndices", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getLastIndex", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(Object[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(boolean[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(byte[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(char[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(double[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(float[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(int[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(long[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrElse", "(short[],int,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(Object[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "getOrNull", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(Object[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(boolean[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(byte[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(char[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(double[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(float[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(int[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(long[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupBy", "(short[],Function1,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "groupingBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(Object[],Object)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(boolean[],boolean)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(byte[],byte)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(char[],char)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(double[],double)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(float[],float)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(long[],long)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOf", "(short[],short)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfFirst", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "indexOfLast", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(Object[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(boolean[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(byte[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(char[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(double[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(float[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(int[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(long[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "intersect", "(short[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isEmpty", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNotEmpty", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "isNullOrEmpty", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "last", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(Object[],Object)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(boolean[],boolean)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(byte[],byte)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(char[],char)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(double[],double)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(float[],float)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(long[],long)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastIndexOf", "(short[],short)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "lastOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "map", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexed", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapIndexedNotNull", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "mapNotNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "max", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxByOrThrow", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOf", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(boolean[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(byte[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(char[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(double[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(float[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(int[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(long[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWith", "(short[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(boolean[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(byte[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(char[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(double[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(float[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(int[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(long[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOfWithOrNull", "(short[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxOrThrow", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWith", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrNull", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "maxWithOrThrow", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "min", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minByOrThrow", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOf", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(boolean[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(byte[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(char[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(double[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(float[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(int[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(long[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWith", "(short[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(boolean[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(byte[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(char[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(double[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(float[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(int[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(long[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOfWithOrNull", "(short[],Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minOrThrow", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWith", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrNull", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "minWithOrThrow", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "none", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEach", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "onEachIndexed", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "partition", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(boolean[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(boolean[],boolean)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(boolean[],boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(double[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(double[],double)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(double[],double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(float[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(float[],float)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(float[],float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(int[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(int[],int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(long[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(long[],long)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(long[],long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(short[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(short[],short)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "plus", "(short[],short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(Object[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(boolean[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(byte[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(char[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(double[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(float[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(int[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(long[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "random", "(short[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(Object[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(boolean[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(byte[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(char[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(double[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(float[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(int[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(long[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "randomOrNull", "(short[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduce", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(boolean[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(byte[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(char[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(double[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(float[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(int[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(long[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexed", "(short[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(boolean[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(byte[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(char[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(double[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(float[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(int[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(long[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceIndexedOrNull", "(short[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceOrNull", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRight", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(Object[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(boolean[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(byte[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(char[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(double[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(float[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(int[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(long[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexed", "(short[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(Object[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(boolean[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(byte[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(char[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(double[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(float[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(int[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(long[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightIndexedOrNull", "(short[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reduceRightOrNull", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(Object[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(boolean[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(byte[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(char[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(double[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(float[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(int[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(long[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reverse", "(short[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversed", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "reversedArray", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduce", "(short[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(Object[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(boolean[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(byte[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(char[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(double[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(float[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(int[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(long[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "runningReduceIndexed", "(short[],Function3)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(Object[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(boolean[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(byte[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(char[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(double[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(float[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(int[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(long[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "shuffle", "(short[],Random)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "single", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "singleOrNull", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(Object[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(boolean[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(boolean[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(byte[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(byte[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(char[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(char[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(double[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(double[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(float[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(float[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(int[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(int[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(long[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(long[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(short[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "slice", "(short[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(boolean[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(boolean[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(byte[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(char[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(double[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(double[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(float[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(float[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(int[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(int[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(long[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(long[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(short[],Collection)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sliceArray", "(short[],IntRange)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(Comparable[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(Comparable[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(Object[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(byte[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(char[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(double[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(float[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(int[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(long[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sort", "(short[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortByDescending", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(Comparable[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(Comparable[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(byte[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(char[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(double[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(float[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(int[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(long[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortDescending", "(short[],int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortWith", "(Object[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortWith", "(Object[],Comparator,int,int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sorted", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArray", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArray", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArray", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArray", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArray", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArrayDescending", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArrayDescending", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArrayDescending", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArrayDescending", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedArrayDescending", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedByDescending", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedDescending", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(boolean[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(byte[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(char[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(double[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(float[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(int[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(long[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sortedWith", "(short[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(Object[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(boolean[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(byte[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(char[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(double[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(float[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(int[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(long[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "subtract", "(short[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sum", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumBy", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumByDouble", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigDecimal", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfBigInteger", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfByte", "(Byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfDouble", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfFloat", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(Integer[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfInt", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(Long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfLong", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfShort", "(Short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfUInt", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "sumOfULong", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "take", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(boolean[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(byte[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(char[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(double[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(float[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(int[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(long[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLast", "(short[],int)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeLastWhile", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(Object[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(boolean[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(byte[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(char[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(double[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(float[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(int[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(long[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "takeWhile", "(short[],Function1)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toBooleanArray", "(Boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toByteArray", "(Byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toCharArray", "(Character[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toDoubleArray", "(Double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toFloatArray", "(Float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toHashSet", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toIntArray", "(Integer[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toList", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toLongArray", "(Long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableList", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toMutableSet", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSet", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toShortArray", "(Short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(Comparable[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(Object[],Comparator)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toSortedSet", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "toTypedArray", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(boolean[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(double[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(float[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(int[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(long[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "union", "(short[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "unzip", "(Pair[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "withIndex", "(short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],boolean[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(boolean[],boolean[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],byte[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(byte[],byte[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],char[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(char[],char[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],double[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(double[],double[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],float[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(float[],float[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],int[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(int[],int[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],long[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(long[],long[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],Iterable)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],Object[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],Object[],Function2)", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],short[])", "generated"]
+      - ["kotlin.collections", "ArraysKt", "zip", "(short[],short[],Function2)", "generated"]
+      - ["kotlin.collections", "BooleanIterator", "BooleanIterator", "()", "generated"]
+      - ["kotlin.collections", "BooleanIterator", "nextBoolean", "()", "generated"]
+      - ["kotlin.collections", "ByteIterator", "ByteIterator", "()", "generated"]
+      - ["kotlin.collections", "ByteIterator", "nextByte", "()", "generated"]
+      - ["kotlin.collections", "CharIterator", "CharIterator", "()", "generated"]
+      - ["kotlin.collections", "CharIterator", "nextChar", "()", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "eachCount", "(Grouping)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "fill", "(List,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "orEmpty", "(Object[])", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "shuffle", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "shuffled", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "sort", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "sortWith", "(List,Comparator)", "generated"]
+      - ["kotlin.collections", "CollectionsHKt", "toTypedArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "Iterable", "(Function0)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "List", "(int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "MutableList", "(int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "all", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "any", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "any", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "arrayListOf", "()", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "asSequence", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfByte", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfDouble", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfFloat", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfInt", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfLong", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "averageOfShort", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "binarySearch", "(List,Comparable,int,int)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "binarySearch", "(List,Object,Comparator,int,int)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "binarySearch", "(List,int,int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "binarySearchBy", "(List,Comparable,int,int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "buildList", "(Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "buildList", "(int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "chunked", "(Iterable,int)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "chunked", "(Iterable,int,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "contains", "(Iterable,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "containsAll", "(Collection,Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "count", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "count", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "count", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "emptyList", "()", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "filterIndexed", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "flatMap", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "flatMapIndexedIterable", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "flatMapIndexedSequence", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "flatMapSequence", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "forEach", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "forEach", "(Iterator,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "forEachIndexed", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "getIndices", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "getLastIndex", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "groupBy", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "groupBy", "(Iterable,Function1,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "groupingBy", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOf", "(Iterable,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOf", "(List,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOfFirst", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOfFirst", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOfLast", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "indexOfLast", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "isNotEmpty", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "isNullOrEmpty", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "iterator", "(Enumeration)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "lastIndexOf", "(Iterable,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "lastIndexOf", "(List,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "listOf", "()", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "listOfNotNull", "(Object[])", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "mapIndexed", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "mapIndexedNotNull", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "mapNotNull", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "max", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "maxOf", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "maxOfOrNull", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "maxOrNull", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "maxOrThrow", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "min", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minOf", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minOfOrNull", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minOrNull", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minOrThrow", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minusAssign", "(Collection,Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minusAssign", "(Collection,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minusAssign", "(Collection,Object[])", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "minusAssign", "(Collection,Sequence)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "mutableListOf", "()", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "none", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "none", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "remove", "(Collection,Object)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(Collection,Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(Collection,Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(Collection,Object[])", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(Collection,Sequence)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "removeAll", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(Collection,Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(Collection,Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(Collection,Object[])", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(Collection,Sequence)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "retainAll", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "reverse", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "runningReduce", "(Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "runningReduceIndexed", "(Iterable,Function3)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "shuffle", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "shuffle", "(List,Random)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sort", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sort", "(List,Comparator)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sort", "(List,Function2)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sortBy", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sortByDescending", "(List,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sortDescending", "(List)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sortWith", "(List,Comparator)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumBy", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumByDouble", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfBigDecimal", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfBigInteger", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfByte", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfDouble", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfDouble", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfFloat", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfInt", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfInt", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfLong", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfLong", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfShort", "(Iterable)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfUInt", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "sumOfULong", "(Iterable,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toBooleanArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toByteArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toCharArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toDoubleArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toFloatArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toIntArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toLongArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "toShortArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "windowed", "(Iterable,int,int,boolean)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "windowed", "(Iterable,int,int,boolean,Function1)", "generated"]
+      - ["kotlin.collections", "CollectionsKt", "withIndex", "(Iterable)", "generated"]
+      - ["kotlin.collections", "DoubleIterator", "DoubleIterator", "()", "generated"]
+      - ["kotlin.collections", "DoubleIterator", "nextDouble", "()", "generated"]
+      - ["kotlin.collections", "FloatIterator", "FloatIterator", "()", "generated"]
+      - ["kotlin.collections", "FloatIterator", "nextFloat", "()", "generated"]
+      - ["kotlin.collections", "Grouping", "keyOf", "(Object)", "generated"]
+      - ["kotlin.collections", "Grouping", "sourceIterator", "()", "generated"]
+      - ["kotlin.collections", "GroupingKt", "aggregate", "(Grouping,Function4)", "generated"]
+      - ["kotlin.collections", "GroupingKt", "eachCount", "(Grouping)", "generated"]
+      - ["kotlin.collections", "GroupingKt", "fold", "(Grouping,Function2,Function3)", "generated"]
+      - ["kotlin.collections", "GroupingKt", "fold", "(Grouping,Object,Function2)", "generated"]
+      - ["kotlin.collections", "GroupingKt", "reduce", "(Grouping,Function3)", "generated"]
+      - ["kotlin.collections", "HashMap", "HashMap", "()", "generated"]
+      - ["kotlin.collections", "HashMap", "HashMap", "(Map)", "generated"]
+      - ["kotlin.collections", "HashMap", "HashMap", "(int)", "generated"]
+      - ["kotlin.collections", "HashMap", "HashMap", "(int,float)", "generated"]
+      - ["kotlin.collections", "HashSet", "HashSet", "()", "generated"]
+      - ["kotlin.collections", "HashSet", "HashSet", "(Collection)", "generated"]
+      - ["kotlin.collections", "HashSet", "HashSet", "(int)", "generated"]
+      - ["kotlin.collections", "HashSet", "HashSet", "(int,float)", "generated"]
+      - ["kotlin.collections", "IndexedValue", "component1", "()", "generated"]
+      - ["kotlin.collections", "IndexedValue", "equals", "(Object)", "generated"]
+      - ["kotlin.collections", "IndexedValue", "getIndex", "()", "generated"]
+      - ["kotlin.collections", "IndexedValue", "hashCode", "()", "generated"]
+      - ["kotlin.collections", "IntIterator", "IntIterator", "()", "generated"]
+      - ["kotlin.collections", "IntIterator", "nextInt", "()", "generated"]
+      - ["kotlin.collections", "LinkedHashMap", "LinkedHashMap", "()", "generated"]
+      - ["kotlin.collections", "LinkedHashMap", "LinkedHashMap", "(Map)", "generated"]
+      - ["kotlin.collections", "LinkedHashMap", "LinkedHashMap", "(int)", "generated"]
+      - ["kotlin.collections", "LinkedHashMap", "LinkedHashMap", "(int,float)", "generated"]
+      - ["kotlin.collections", "LinkedHashSet", "LinkedHashSet", "()", "generated"]
+      - ["kotlin.collections", "LinkedHashSet", "LinkedHashSet", "(Collection)", "generated"]
+      - ["kotlin.collections", "LinkedHashSet", "LinkedHashSet", "(int)", "generated"]
+      - ["kotlin.collections", "LinkedHashSet", "LinkedHashSet", "(int,float)", "generated"]
+      - ["kotlin.collections", "LongIterator", "LongIterator", "()", "generated"]
+      - ["kotlin.collections", "LongIterator", "nextLong", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "all", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "any", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "any", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "asSequence", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "buildMap", "(Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "buildMap", "(int,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "contains", "(Map,Object)", "generated"]
+      - ["kotlin.collections", "MapsKt", "containsKey", "(Map,Object)", "generated"]
+      - ["kotlin.collections", "MapsKt", "containsValue", "(Map,Object)", "generated"]
+      - ["kotlin.collections", "MapsKt", "count", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "count", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "emptyMap", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "flatMap", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "flatMapSequence", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "forEach", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "hashMapOf", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "hashMapOf", "(Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "isNotEmpty", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "isNullOrEmpty", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "linkedMapOf", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "linkedMapOf", "(Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "mapNotNull", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "mapOf", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "mapOf", "(Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "maxOf", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "maxOfOrNull", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "minOf", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "minOfOrNull", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "minusAssign", "(Map,Iterable)", "generated"]
+      - ["kotlin.collections", "MapsKt", "minusAssign", "(Map,Object)", "generated"]
+      - ["kotlin.collections", "MapsKt", "minusAssign", "(Map,Object[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "minusAssign", "(Map,Sequence)", "generated"]
+      - ["kotlin.collections", "MapsKt", "mutableMapOf", "()", "generated"]
+      - ["kotlin.collections", "MapsKt", "mutableMapOf", "(Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "none", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "none", "(Map,Function1)", "generated"]
+      - ["kotlin.collections", "MapsKt", "plusAssign", "(Map,Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "putAll", "(Map,Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "sortedMapOf", "(Comparator,Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "sortedMapOf", "(Pair[])", "generated"]
+      - ["kotlin.collections", "MapsKt", "toMap", "(Sequence)", "generated"]
+      - ["kotlin.collections", "MapsKt", "toProperties", "(Map)", "generated"]
+      - ["kotlin.collections", "MapsKt", "toSortedMap", "(Map,Comparator)", "generated"]
+      - ["kotlin.collections", "SetsKt", "buildSet", "(Function1)", "generated"]
+      - ["kotlin.collections", "SetsKt", "buildSet", "(int,Function1)", "generated"]
+      - ["kotlin.collections", "SetsKt", "emptySet", "()", "generated"]
+      - ["kotlin.collections", "SetsKt", "hashSetOf", "()", "generated"]
+      - ["kotlin.collections", "SetsKt", "hashSetOf", "(Object[])", "generated"]
+      - ["kotlin.collections", "SetsKt", "linkedSetOf", "()", "generated"]
+      - ["kotlin.collections", "SetsKt", "linkedSetOf", "(Object[])", "generated"]
+      - ["kotlin.collections", "SetsKt", "mutableSetOf", "()", "generated"]
+      - ["kotlin.collections", "SetsKt", "mutableSetOf", "(Object[])", "generated"]
+      - ["kotlin.collections", "SetsKt", "setOf", "()", "generated"]
+      - ["kotlin.collections", "SetsKt", "setOfNotNull", "(Object[])", "generated"]
+      - ["kotlin.collections", "SetsKt", "sortedSetOf", "(Comparator,Object[])", "generated"]
+      - ["kotlin.collections", "SetsKt", "sortedSetOf", "(Object[])", "generated"]
+      - ["kotlin.collections", "ShortIterator", "ShortIterator", "()", "generated"]
+      - ["kotlin.collections", "ShortIterator", "nextShort", "()", "generated"]
+      - ["kotlin.collections", "UArraysKt", "all", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "all", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "all", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "all", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "any", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asIntArray", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asList", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asList", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asList", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asList", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asLongArray", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asShortArray", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asUIntArray", "(int[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asULongArray", "(long[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "asUShortArray", "(short[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "associateWith", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "associateWith", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "associateWith", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "associateWith", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "binarySearch", "(UByteArray,byte,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "binarySearch", "(UIntArray,int,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "binarySearch", "(ULongArray,long,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "binarySearch", "(UShortArray,short,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component1", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component1", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component1", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component1", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component2", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component2", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component2", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component2", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component3", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component3", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component3", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component3", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component4", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component4", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component4", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component4", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component5", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component5", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component5", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "component5", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentEquals", "(UByteArray,UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentEquals", "(UIntArray,UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentEquals", "(ULongArray,ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentEquals", "(UShortArray,UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentHashCode", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentHashCode", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentHashCode", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "contentHashCode", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(ULongArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOf", "(UShortArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOfRange", "(UIntArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOfRange", "(ULongArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "copyOfRange", "(UShortArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "count", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "count", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "count", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "count", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "dropWhile", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "dropWhile", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "dropWhile", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "dropWhile", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAt", "(UByteArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAt", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAt", "(ULongArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAt", "(UShortArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrElse", "(UByteArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrElse", "(UIntArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrElse", "(ULongArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrElse", "(UShortArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrNull", "(UByteArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrNull", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrNull", "(ULongArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "elementAtOrNull", "(UShortArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "fill", "(UByteArray,byte,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "fill", "(UIntArray,int,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "fill", "(ULongArray,long,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "fill", "(UShortArray,short,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filter", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filter", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filter", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filter", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterIndexed", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterIndexed", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterIndexed", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterIndexed", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterNot", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterNot", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterNot", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "filterNot", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "find", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "find", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "find", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "find", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "findLast", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "findLast", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "findLast", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "findLast", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "first", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "firstOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMap", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMap", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMap", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMap", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMapIndexed", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMapIndexed", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMapIndexed", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "flatMapIndexed", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEach", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEach", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEach", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEach", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEachIndexed", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEachIndexed", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEachIndexed", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "forEachIndexed", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getIndices", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getIndices", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getIndices", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getIndices", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getLastIndex", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getLastIndex", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getLastIndex", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getLastIndex", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrElse", "(UByteArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrElse", "(UIntArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrElse", "(ULongArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrElse", "(UShortArray,int,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrNull", "(UByteArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrNull", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrNull", "(ULongArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "getOrNull", "(UShortArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UByteArray,Function1,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UIntArray,Function1,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(ULongArray,Function1,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "groupBy", "(UShortArray,Function1,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOf", "(UByteArray,byte)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOf", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOf", "(ULongArray,long)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOf", "(UShortArray,short)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfFirst", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfFirst", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfFirst", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfFirst", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfLast", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfLast", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfLast", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "indexOfLast", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "last", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastIndexOf", "(UByteArray,byte)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastIndexOf", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastIndexOf", "(ULongArray,long)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastIndexOf", "(UShortArray,short)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "lastOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "map", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "map", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "map", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "map", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "mapIndexed", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "mapIndexed", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "mapIndexed", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "mapIndexed", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "max", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "max", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "max", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "max", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxBy", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxBy", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxBy", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxBy", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrThrow-U", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrThrow-U", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrThrow-U", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxByOrThrow-U", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOf", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOf", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOf", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOf", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWith", "(UByteArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWith", "(UIntArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWith", "(ULongArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWith", "(UShortArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWithOrNull", "(UByteArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWithOrNull", "(UIntArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWithOrNull", "(ULongArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOfWithOrNull", "(UShortArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrThrow-U", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrThrow-U", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrThrow-U", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxOrThrow-U", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWith", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWith", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWith", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWith", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrNull", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrNull", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrNull", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrNull", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrThrow-U", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrThrow-U", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrThrow-U", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "maxWithOrThrow-U", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "min", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "min", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "min", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "min", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minBy", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minBy", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minBy", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minBy", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrThrow-U", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrThrow-U", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrThrow-U", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minByOrThrow-U", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOf", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOf", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOf", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOf", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWith", "(UByteArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWith", "(UIntArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWith", "(ULongArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWith", "(UShortArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWithOrNull", "(UByteArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWithOrNull", "(UIntArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWithOrNull", "(ULongArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOfWithOrNull", "(UShortArray,Comparator,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrThrow-U", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrThrow-U", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrThrow-U", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minOrThrow-U", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWith", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWith", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWith", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWith", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrNull", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrNull", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrNull", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrNull", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrThrow-U", "(UByteArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrThrow-U", "(UIntArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrThrow-U", "(ULongArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "minWithOrThrow-U", "(UShortArray,Comparator)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "none", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UIntArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UIntArray,UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UIntArray,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(ULongArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(ULongArray,ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(ULongArray,long)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UShortArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UShortArray,UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "plus", "(UShortArray,short)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UByteArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UIntArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(ULongArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "random", "(UShortArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UByteArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UIntArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(ULongArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "randomOrNull", "(UShortArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduce", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduce", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduce", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduce", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexed", "(UByteArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexed", "(UIntArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexed", "(ULongArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexed", "(UShortArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexedOrNull", "(UByteArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexedOrNull", "(UIntArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexedOrNull", "(ULongArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceIndexedOrNull", "(UShortArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceOrNull", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceOrNull", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceOrNull", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceOrNull", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRight", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRight", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRight", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRight", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexed", "(UByteArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexed", "(UIntArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexed", "(ULongArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexed", "(UShortArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexedOrNull", "(UByteArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexedOrNull", "(UIntArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexedOrNull", "(ULongArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightIndexedOrNull", "(UShortArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightOrNull", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightOrNull", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightOrNull", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reduceRightOrNull", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UByteArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UIntArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(ULongArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reverse", "(UShortArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reversedArray", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reversedArray", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "reversedArray", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduce", "(UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduce", "(UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduce", "(ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduce", "(UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduceIndexed", "(UByteArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduceIndexed", "(UIntArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduceIndexed", "(ULongArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "runningReduceIndexed", "(UShortArray,Function3)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UByteArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UIntArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(ULongArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "shuffle", "(UShortArray,Random)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "single", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "singleOrNull", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UByteArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UByteArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UIntArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UIntArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(ULongArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(ULongArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UShortArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "slice", "(UShortArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(UByteArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(UIntArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(UIntArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(ULongArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(ULongArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(UShortArray,Collection)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sliceArray", "(UShortArray,IntRange)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UByteArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UIntArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(ULongArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sort", "(UShortArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UByteArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UIntArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(ULongArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortDescending", "(UShortArray,int,int)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sorted", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sorted", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sorted", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sorted", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortedDescending", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortedDescending", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sortedDescending", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sum", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sum", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sum", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sum", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumBy", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumBy", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumBy", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumBy", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumByDouble", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumByDouble", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumByDouble", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumByDouble", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigDecimal", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigDecimal", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigDecimal", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigDecimal", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigInteger", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigInteger", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigInteger", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfBigInteger", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfDouble", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfDouble", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfDouble", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfDouble", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfInt", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfInt", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfInt", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfInt", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfLong", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfLong", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfLong", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfLong", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUByte", "(byte[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUInt", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUInt", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUInt", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUInt", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUInt", "(int[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfULong", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfULong", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfULong", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfULong", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfULong", "(long[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "sumOfUShort", "(short[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "takeWhile", "(UByteArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "takeWhile", "(UIntArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "takeWhile", "(ULongArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "takeWhile", "(UShortArray,Function1)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toIntArray", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toLongArray", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toShortArray", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toTypedArray", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toTypedArray", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toTypedArray", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toTypedArray", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toUIntArray", "(int[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toULongArray", "(long[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "toUShortArray", "(short[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "withIndex", "(UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "withIndex", "(UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "withIndex", "(ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "withIndex", "(UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,Object[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,Object[],Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,UByteArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UByteArray,UByteArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,Object[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,Object[],Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,UIntArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UIntArray,UIntArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,Object[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,Object[],Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,ULongArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(ULongArray,ULongArray,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,Iterable)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,Iterable,Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,Object[])", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,Object[],Function2)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,UShortArray)", "generated"]
+      - ["kotlin.collections", "UArraysKt", "zip", "(UShortArray,UShortArray,Function2)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "sumOfUByte", "(Iterable)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "sumOfUInt", "(Iterable)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "sumOfULong", "(Iterable)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "sumOfUShort", "(Iterable)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "toUByteArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "toUIntArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "toULongArray", "(Collection)", "generated"]
+      - ["kotlin.collections", "UCollectionsKt", "toUShortArray", "(Collection)", "generated"]
+      - ["kotlin.collections.builders", "SerializedCollection$Companion", "getTagList", "()", "generated"]
+      - ["kotlin.collections.builders", "SerializedCollection$Companion", "getTagSet", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareBy", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareBy", "(Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareBy", "(Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareByDescending", "(Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareByDescending", "(Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareValues", "(Comparable,Comparable)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareValuesBy", "(Object,Object)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareValuesBy", "(Object,Object,Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "compareValuesBy", "(Object,Object,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(byte,byte)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(byte,byte,byte)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(byte,byte[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(double,double)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(double,double,double)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(double,double[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(float,float)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(float,float,float)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(float,float[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(int,int)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(int,int,int)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(int,int[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(long,long)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(long,long,long)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(long,long[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(short,short)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(short,short,short)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "maxOf", "(short,short[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(byte,byte)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(byte,byte,byte)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(byte,byte[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(double,double)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(double,double,double)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(double,double[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(float,float)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(float,float,float)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(float,float[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(int,int)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(int,int,int)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(int,int[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(long,long)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(long,long,long)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(long,long[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(short,short)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(short,short,short)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "minOf", "(short,short[])", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "naturalOrder", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "nullsFirst", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "nullsFirst", "(Comparator)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "nullsLast", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "nullsLast", "(Comparator)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "reverseOrder", "()", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "then", "(Comparator,Comparator)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenBy", "(Comparator,Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenBy", "(Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenByDescending", "(Comparator,Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenByDescending", "(Comparator,Function1)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenComparator", "(Comparator,Function2)", "generated"]
+      - ["kotlin.comparisons", "ComparisonsKt", "thenDescending", "(Comparator,Comparator)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(byte,UByteArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(byte,byte)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(byte,byte,byte)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(int,UIntArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(int,int)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(int,int,int)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(long,ULongArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(long,long)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(long,long,long)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(short,UShortArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(short,short)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "maxOf", "(short,short,short)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(byte,UByteArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(byte,byte)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(byte,byte,byte)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(int,UIntArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(int,int)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(int,int,int)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(long,ULongArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(long,long)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(long,long,long)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(short,UShortArray)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(short,short)", "generated"]
+      - ["kotlin.comparisons", "UComparisonsKt", "minOf", "(short,short,short)", "generated"]
+      - ["kotlin.concurrent", "LocksKt", "read", "(ReentrantReadWriteLock,Function0)", "generated"]
+      - ["kotlin.concurrent", "LocksKt", "withLock", "(Lock,Function0)", "generated"]
+      - ["kotlin.concurrent", "LocksKt", "write", "(ReentrantReadWriteLock,Function0)", "generated"]
+      - ["kotlin.concurrent", "ThreadsKt", "getOrSet", "(ThreadLocal,Function0)", "generated"]
+      - ["kotlin.concurrent", "ThreadsKt", "thread", "(boolean,boolean,ClassLoader,String,int,Function0)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "fixedRateTimer", "(String,boolean,Date,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "fixedRateTimer", "(String,boolean,long,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "schedule", "(Timer,Date,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "schedule", "(Timer,Date,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "schedule", "(Timer,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "schedule", "(Timer,long,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "scheduleAtFixedRate", "(Timer,Date,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "scheduleAtFixedRate", "(Timer,long,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "timer", "(String,boolean,Date,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "timer", "(String,boolean,long,long,Function1)", "generated"]
+      - ["kotlin.concurrent", "TimersKt", "timerTask", "(Function1)", "generated"]
+      - ["kotlin.contracts", "ContractBuilder", "callsInPlace", "(Function,InvocationKind)", "generated"]
+      - ["kotlin.contracts", "ContractBuilder", "returns", "()", "generated"]
+      - ["kotlin.contracts", "ContractBuilder", "returns", "(Object)", "generated"]
+      - ["kotlin.contracts", "ContractBuilder", "returnsNotNull", "()", "generated"]
+      - ["kotlin.contracts", "ContractBuilderKt", "contract", "(Function1)", "generated"]
+      - ["kotlin.contracts", "ExperimentalContracts", "ExperimentalContracts", "()", "generated"]
+      - ["kotlin.contracts", "InvocationKind", "valueOf", "(String)", "generated"]
+      - ["kotlin.contracts", "InvocationKind", "values", "()", "generated"]
+      - ["kotlin.contracts", "SimpleEffect", "implies", "(boolean)", "generated"]
+      - ["kotlin.coroutines", "Continuation", "getContext", "()", "generated"]
+      - ["kotlin.coroutines", "Continuation", "resumeWith", "(Result)", "generated"]
+      - ["kotlin.coroutines", "ContinuationInterceptor", "interceptContinuation", "(Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationInterceptor", "releaseInterceptedContinuation", "(Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "Continuation", "(CoroutineContext,Function1)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "createCoroutine", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "createCoroutine", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "getCoroutineContext", "()", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "resume", "(Continuation,Object)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "resumeWithException", "(Continuation,Throwable)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "startCoroutine", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "startCoroutine", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines", "ContinuationKt", "suspendCoroutine", "(Function1)", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", "fold", "(Object,Function2)", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", "get", "(Key)", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext", "minusKey", "(Key)", "generated"]
+      - ["kotlin.coroutines", "CoroutineContext$Element", "getKey", "()", "generated"]
+      - ["kotlin.coroutines", "EmptyCoroutineContext", "hashCode", "()", "generated"]
+      - ["kotlin.coroutines", "EmptyCoroutineContext", "toString", "()", "generated"]
+      - ["kotlin.coroutines", "RestrictsSuspension", "RestrictsSuspension", "()", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationException", "CancellationException", "()", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationException", "CancellationException", "(String)", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationExceptionHKt", "CancellationException", "(String,Throwable)", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationExceptionHKt", "CancellationException", "(Throwable)", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationExceptionKt", "CancellationException", "(String,Throwable)", "generated"]
+      - ["kotlin.coroutines.cancellation", "CancellationExceptionKt", "CancellationException", "(Throwable)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "CoroutinesIntrinsicsHKt", "createCoroutineUnintercepted", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "CoroutinesIntrinsicsHKt", "createCoroutineUnintercepted", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "CoroutinesIntrinsicsHKt", "intercepted", "(Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "CoroutinesIntrinsicsHKt", "startCoroutineUninterceptedOrReturn", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "CoroutinesIntrinsicsHKt", "startCoroutineUninterceptedOrReturn", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "createCoroutineUnintercepted", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "createCoroutineUnintercepted", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "getCOROUTINE_SUSPENDED", "()", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "startCoroutineUninterceptedOrReturn", "(SuspendFunction0,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "startCoroutineUninterceptedOrReturn", "(SuspendFunction1,Object,Continuation)", "generated"]
+      - ["kotlin.coroutines.intrinsics", "IntrinsicsKt", "suspendCoroutineUninterceptedOrReturn", "(Function1)", "generated"]
+      - ["kotlin.coroutines.jvm.internal", "CoroutineStackFrame", "getCallerFrame", "()", "generated"]
+      - ["kotlin.coroutines.jvm.internal", "CoroutineStackFrame", "getStackTraceElement", "()", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "and", "(byte,byte)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "and", "(short,short)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "inv", "(byte)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "inv", "(short)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "or", "(byte,byte)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "or", "(short,short)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "xor", "(byte,byte)", "generated"]
+      - ["kotlin.experimental", "BitwiseOperationsKt", "xor", "(short,short)", "generated"]
+      - ["kotlin.experimental", "ExperimentalTypeInference", "ExperimentalTypeInference", "()", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", "bufferedWriter", "(OutputStream,Charset)", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", "iterator", "(BufferedInputStream)", "generated"]
+      - ["kotlin.io", "ByteStreamsKt", "writer", "(OutputStream,Charset)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(Object)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(boolean)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(byte)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(char)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(char[])", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(double)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(float)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(int)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(long)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "print", "(short)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "()", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(Object)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(boolean)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(byte)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(char)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(char[])", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(double)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(float)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(int)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(long)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "println", "(short)", "generated"]
+      - ["kotlin.io", "ConsoleKt", "readLine", "()", "generated"]
+      - ["kotlin.io", "ConsoleKt", "readln", "()", "generated"]
+      - ["kotlin.io", "ConsoleKt", "readlnOrNull", "()", "generated"]
+      - ["kotlin.io", "ConstantsKt", "getDEFAULT_BUFFER_SIZE", "()", "generated"]
+      - ["kotlin.io", "FileWalkDirection", "valueOf", "(String)", "generated"]
+      - ["kotlin.io", "FileWalkDirection", "values", "()", "generated"]
+      - ["kotlin.io", "FilesKt", "appendBytes", "(File,byte[])", "generated"]
+      - ["kotlin.io", "FilesKt", "appendText", "(File,String,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "bufferedReader", "(File,Charset,int)", "generated"]
+      - ["kotlin.io", "FilesKt", "bufferedWriter", "(File,Charset,int)", "generated"]
+      - ["kotlin.io", "FilesKt", "copyRecursively", "(File,File,boolean,Function2)", "generated"]
+      - ["kotlin.io", "FilesKt", "createTempDir", "(String,String,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "createTempFile", "(String,String,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "deleteRecursively", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "endsWith", "(File,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "endsWith", "(File,String)", "generated"]
+      - ["kotlin.io", "FilesKt", "forEachBlock", "(File,Function2)", "generated"]
+      - ["kotlin.io", "FilesKt", "forEachBlock", "(File,int,Function2)", "generated"]
+      - ["kotlin.io", "FilesKt", "forEachLine", "(File,Charset,Function1)", "generated"]
+      - ["kotlin.io", "FilesKt", "getExtension", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "getInvariantSeparatorsPath", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "getNameWithoutExtension", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "inputStream", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "isRooted", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "normalize", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "outputStream", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "printWriter", "(File,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "readBytes", "(File)", "generated"]
+      - ["kotlin.io", "FilesKt", "readLines", "(File,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "readText", "(File,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "reader", "(File,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "relativeTo", "(File,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "relativeToOrNull", "(File,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "startsWith", "(File,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "startsWith", "(File,String)", "generated"]
+      - ["kotlin.io", "FilesKt", "toRelativeString", "(File,File)", "generated"]
+      - ["kotlin.io", "FilesKt", "useLines", "(File,Charset,Function1)", "generated"]
+      - ["kotlin.io", "FilesKt", "writeBytes", "(File,byte[])", "generated"]
+      - ["kotlin.io", "FilesKt", "writeText", "(File,String,Charset)", "generated"]
+      - ["kotlin.io", "FilesKt", "writer", "(File,Charset)", "generated"]
+      - ["kotlin.io", "IoHKt", "print", "(Object)", "generated"]
+      - ["kotlin.io", "IoHKt", "println", "()", "generated"]
+      - ["kotlin.io", "IoHKt", "println", "(Object)", "generated"]
+      - ["kotlin.io", "IoHKt", "readln", "()", "generated"]
+      - ["kotlin.io", "IoHKt", "readlnOrNull", "()", "generated"]
+      - ["kotlin.io", "OnErrorAction", "valueOf", "(String)", "generated"]
+      - ["kotlin.io", "OnErrorAction", "values", "()", "generated"]
+      - ["kotlin.io", "TextStreamsKt", "readBytes", "(URL)", "generated"]
+      - ["kotlin.io", "TextStreamsKt", "readLines", "(Reader)", "generated"]
+      - ["kotlin.io", "TextStreamsKt", "readText", "(URL,Charset)", "generated"]
+      - ["kotlin.js", "ExperimentalJsExport", "ExperimentalJsExport", "()", "generated"]
+      - ["kotlin.js", "JsExport", "JsExport", "()", "generated"]
+      - ["kotlin.js", "JsName", "JsName", "(String)", "generated"]
+      - ["kotlin.js", "JsName", "name", "()", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getAnnotationClass", "(Annotation)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getDeclaringJavaClass", "(Enum)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getJavaClass", "(KClass)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getJavaClass", "(Object)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getJavaObjectType", "(KClass)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getJavaPrimitiveType", "(KClass)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getKotlinClass", "(Class)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "getRuntimeClassOfKClassInstance", "(KClass)", "generated"]
+      - ["kotlin.jvm", "JvmClassMappingKt", "isArrayOf", "(Object[])", "generated"]
+      - ["kotlin.jvm", "JvmDefault", "JvmDefault", "()", "generated"]
+      - ["kotlin.jvm", "JvmDefaultWithCompatibility", "JvmDefaultWithCompatibility", "()", "generated"]
+      - ["kotlin.jvm", "JvmDefaultWithoutCompatibility", "JvmDefaultWithoutCompatibility", "()", "generated"]
+      - ["kotlin.jvm", "JvmField", "JvmField", "()", "generated"]
+      - ["kotlin.jvm", "JvmInline", "JvmInline", "()", "generated"]
+      - ["kotlin.jvm", "JvmMultifileClass", "JvmMultifileClass", "()", "generated"]
+      - ["kotlin.jvm", "JvmName", "JvmName", "(String)", "generated"]
+      - ["kotlin.jvm", "JvmName", "name", "()", "generated"]
+      - ["kotlin.jvm", "JvmOverloads", "JvmOverloads", "()", "generated"]
+      - ["kotlin.jvm", "JvmRecord", "JvmRecord", "()", "generated"]
+      - ["kotlin.jvm", "JvmStatic", "JvmStatic", "()", "generated"]
+      - ["kotlin.jvm", "JvmSuppressWildcards", "JvmSuppressWildcards", "(boolean)", "generated"]
+      - ["kotlin.jvm", "JvmSuppressWildcards", "suppress", "()", "generated"]
+      - ["kotlin.jvm", "JvmSynthetic", "JvmSynthetic", "()", "generated"]
+      - ["kotlin.jvm", "JvmWildcard", "JvmWildcard", "()", "generated"]
+      - ["kotlin.jvm", "KotlinReflectionNotSupportedError", "KotlinReflectionNotSupportedError", "()", "generated"]
+      - ["kotlin.jvm", "KotlinReflectionNotSupportedError", "KotlinReflectionNotSupportedError", "(String)", "generated"]
+      - ["kotlin.jvm", "KotlinReflectionNotSupportedError", "KotlinReflectionNotSupportedError", "(String,Throwable)", "generated"]
+      - ["kotlin.jvm", "KotlinReflectionNotSupportedError", "KotlinReflectionNotSupportedError", "(Throwable)", "generated"]
+      - ["kotlin.jvm", "PurelyImplements", "PurelyImplements", "(String)", "generated"]
+      - ["kotlin.jvm", "PurelyImplements", "value", "()", "generated"]
+      - ["kotlin.jvm", "Strictfp", "Strictfp", "()", "generated"]
+      - ["kotlin.jvm", "Synchronized", "Synchronized", "()", "generated"]
+      - ["kotlin.jvm", "Throws", "Throws", "(KClass[])", "generated"]
+      - ["kotlin.jvm", "Throws", "exceptionClasses", "()", "generated"]
+      - ["kotlin.jvm", "Transient", "Transient", "()", "generated"]
+      - ["kotlin.jvm", "Volatile", "Volatile", "()", "generated"]
+      - ["kotlin.jvm.functions", "Function0", "invoke", "()", "generated"]
+      - ["kotlin.jvm.functions", "Function1", "invoke", "(Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function10", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function11", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function12", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function13", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function14", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function15", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function16", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function17", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function18", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function19", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function2", "invoke", "(Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function20", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function21", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function22", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function3", "invoke", "(Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function4", "invoke", "(Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function5", "invoke", "(Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function6", "invoke", "(Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function7", "invoke", "(Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function8", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "Function9", "invoke", "(Object,Object,Object,Object,Object,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.functions", "FunctionN", "invoke", "(Object[])", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", "getOwner", "()", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "AdaptedFunctionReference", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(boolean[])", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(double[])", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(float[])", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(int[])", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(long[])", "generated"]
+      - ["kotlin.jvm.internal", "ArrayIteratorsKt", "iterator", "(short[])", "generated"]
+      - ["kotlin.jvm.internal", "BooleanSpreadBuilder", "BooleanSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "BooleanSpreadBuilder", "add", "(boolean)", "generated"]
+      - ["kotlin.jvm.internal", "BooleanSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "ByteSpreadBuilder", "ByteSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "ByteSpreadBuilder", "add", "(byte)", "generated"]
+      - ["kotlin.jvm.internal", "CallableReference", "CallableReference", "()", "generated"]
+      - ["kotlin.jvm.internal", "CallableReference", "getOwner", "()", "generated"]
+      - ["kotlin.jvm.internal", "CharSpreadBuilder", "CharSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "CharSpreadBuilder", "add", "(char)", "generated"]
+      - ["kotlin.jvm.internal", "ClassBasedDeclarationContainer", "getJClass", "()", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference", "ClassReference", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "ClassReference$Companion", "isInstance", "(Object,Class)", "generated"]
+      - ["kotlin.jvm.internal", "DoubleSpreadBuilder", "DoubleSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "DoubleSpreadBuilder", "add", "(double)", "generated"]
+      - ["kotlin.jvm.internal", "DoubleSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "FloatSpreadBuilder", "FloatSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "FloatSpreadBuilder", "add", "(float)", "generated"]
+      - ["kotlin.jvm.internal", "FloatSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunInterfaceConstructorReference", "FunInterfaceConstructorReference", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "FunInterfaceConstructorReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "FunInterfaceConstructorReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunInterfaceConstructorReference", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunctionAdapter", "getFunctionDelegate", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunctionBase", "getArity", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunctionImpl", "FunctionImpl", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunctionImpl", "getArity", "()", "generated"]
+      - ["kotlin.jvm.internal", "FunctionImpl", "invokeVararg", "(Object[])", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", "FunctionReference", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "FunctionReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "InlineMarker", "()", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "afterInlineCall", "()", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "beforeInlineCall", "()", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "finallyEnd", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "finallyStart", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "mark", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "InlineMarker", "mark", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "IntSpreadBuilder", "IntSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "IntSpreadBuilder", "add", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "IntSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(Double,Double)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(Double,double)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(Float,Float)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(Float,float)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(Object,Object)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(double,Double)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "areEqual", "(float,Float)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkExpressionValueIsNotNull", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkFieldIsNotNull", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkFieldIsNotNull", "(Object,String,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkHasClass", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkHasClass", "(String,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkNotNull", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkNotNull", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkNotNullExpressionValue", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkNotNullParameter", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkParameterIsNotNull", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkReturnedValueIsNotNull", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "checkReturnedValueIsNotNull", "(Object,String,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "compare", "(int,int)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "compare", "(long,long)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "needClassReification", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "needClassReification", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "reifiedOperationMarker", "(int,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "reifiedOperationMarker", "(int,String,String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwAssert", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwAssert", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwIllegalArgument", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwIllegalArgument", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwIllegalState", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwIllegalState", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwJavaNpe", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwJavaNpe", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwNpe", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwNpe", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwUndefinedForReified", "()", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwUndefinedForReified", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwUninitializedProperty", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "Intrinsics", "throwUninitializedPropertyAccessException", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "KTypeBase", "getJavaType", "()", "generated"]
+      - ["kotlin.jvm.internal", "Lambda", "Lambda", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "Lambda", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "LocalVariableReference", "LocalVariableReference", "()", "generated"]
+      - ["kotlin.jvm.internal", "LongSpreadBuilder", "LongSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "LongSpreadBuilder", "add", "(long)", "generated"]
+      - ["kotlin.jvm.internal", "LongSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "MagicApiIntrinsics", "()", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(int,Object,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(int,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(int,long,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "anyMagicApiCall", "(int,long,long,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(int,Object,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(int,Object,Object,Object,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(int,long,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "intMagicApiCall", "(int,long,long,Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "voidMagicApiCall", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "MagicApiIntrinsics", "voidMagicApiCall", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "MutableLocalVariableReference", "MutableLocalVariableReference", "()", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference", "MutablePropertyReference", "()", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference0", "MutablePropertyReference0", "()", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference1", "MutablePropertyReference1", "()", "generated"]
+      - ["kotlin.jvm.internal", "MutablePropertyReference2", "MutablePropertyReference2", "()", "generated"]
+      - ["kotlin.jvm.internal", "PackageReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "PackageReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "PackageReference", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "PrimitiveSpreadBuilder", "PrimitiveSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", "PropertyReference", "()", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference0", "PropertyReference0", "()", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference1", "PropertyReference1", "()", "generated"]
+      - ["kotlin.jvm.internal", "PropertyReference2", "PropertyReference2", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$BooleanRef", "BooleanRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$BooleanRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ByteRef", "ByteRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ByteRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$CharRef", "CharRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$CharRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$DoubleRef", "DoubleRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$DoubleRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$FloatRef", "FloatRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$FloatRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$IntRef", "IntRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$IntRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$LongRef", "LongRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$LongRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ObjectRef", "ObjectRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ObjectRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ShortRef", "ShortRef", "()", "generated"]
+      - ["kotlin.jvm.internal", "Ref$ShortRef", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "Reflection", "()", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "createKotlinClass", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "createKotlinClass", "(Class,String)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "getOrCreateKotlinClass", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "getOrCreateKotlinClass", "(Class,String)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "getOrCreateKotlinClasses", "(Class[])", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "getOrCreateKotlinPackage", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "nullableTypeOf", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "nullableTypeOf", "(Class,KTypeProjection[])", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "renderLambdaToString", "(FunctionBase)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "renderLambdaToString", "(Lambda)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "setUpperBounds", "(KTypeParameter,KType[])", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "typeOf", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "Reflection", "typeOf", "(Class,KTypeProjection[])", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "ReflectionFactory", "()", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "createKotlinClass", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "createKotlinClass", "(Class,String)", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "getOrCreateKotlinClass", "(Class)", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "getOrCreateKotlinClass", "(Class,String)", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "renderLambdaToString", "(FunctionBase)", "generated"]
+      - ["kotlin.jvm.internal", "ReflectionFactory", "renderLambdaToString", "(Lambda)", "generated"]
+      - ["kotlin.jvm.internal", "SerializedIr", "SerializedIr", "(String[])", "generated"]
+      - ["kotlin.jvm.internal", "SerializedIr", "b", "()", "generated"]
+      - ["kotlin.jvm.internal", "ShortSpreadBuilder", "ShortSpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "ShortSpreadBuilder", "add", "(short)", "generated"]
+      - ["kotlin.jvm.internal", "ShortSpreadBuilder", "toArray", "()", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", "SpreadBuilder", "(int)", "generated"]
+      - ["kotlin.jvm.internal", "SpreadBuilder", "size", "()", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "TypeIntrinsics", "()", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "getFunctionArity", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isFunctionOfArity", "(Object,int)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableCollection", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableIterable", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableIterator", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableList", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableListIterator", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableMap", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableMapEntry", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "isMutableSet", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "throwCce", "(ClassCastException)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "throwCce", "(Object,String)", "generated"]
+      - ["kotlin.jvm.internal", "TypeIntrinsics", "throwCce", "(String)", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", "hashCode", "()", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference", "toString", "()", "generated"]
+      - ["kotlin.jvm.internal", "TypeParameterReference$Companion", "toString", "(KTypeParameter)", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", "equals", "(Object)", "generated"]
+      - ["kotlin.jvm.internal", "TypeReference", "hashCode", "()", "generated"]
+      - ["kotlin.math", "MathKt", "IEEErem", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "IEEErem", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "abs", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "abs", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "abs", "(int)", "generated"]
+      - ["kotlin.math", "MathKt", "abs", "(long)", "generated"]
+      - ["kotlin.math", "MathKt", "acos", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "acos", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "acosh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "acosh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "asin", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "asin", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "asinh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "asinh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "atan", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "atan", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "atan2", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "atan2", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "atanh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "atanh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "cbrt", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "cbrt", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "ceil", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "ceil", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "cos", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "cos", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "cosh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "cosh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "exp", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "exp", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "expm1", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "expm1", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "floor", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "floor", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "getAbsoluteValue", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "getAbsoluteValue", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "getAbsoluteValue", "(int)", "generated"]
+      - ["kotlin.math", "MathKt", "getAbsoluteValue", "(long)", "generated"]
+      - ["kotlin.math", "MathKt", "getE", "()", "generated"]
+      - ["kotlin.math", "MathKt", "getPI", "()", "generated"]
+      - ["kotlin.math", "MathKt", "getSign", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "getSign", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "getSign", "(int)", "generated"]
+      - ["kotlin.math", "MathKt", "getSign", "(long)", "generated"]
+      - ["kotlin.math", "MathKt", "getUlp", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "getUlp", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "hypot", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "hypot", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "ln", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "ln", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "ln1p", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "ln1p", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "log", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "log", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "log10", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "log10", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "log2", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "log2", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "max", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "max", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "max", "(int,int)", "generated"]
+      - ["kotlin.math", "MathKt", "max", "(long,long)", "generated"]
+      - ["kotlin.math", "MathKt", "min", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "min", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "min", "(int,int)", "generated"]
+      - ["kotlin.math", "MathKt", "min", "(long,long)", "generated"]
+      - ["kotlin.math", "MathKt", "nextDown", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "nextDown", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "nextTowards", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "nextTowards", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "nextUp", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "nextUp", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "pow", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "pow", "(double,int)", "generated"]
+      - ["kotlin.math", "MathKt", "pow", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "pow", "(float,int)", "generated"]
+      - ["kotlin.math", "MathKt", "round", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "round", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "roundToInt", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "roundToInt", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "roundToLong", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "roundToLong", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "sign", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "sign", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "sin", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "sin", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "sinh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "sinh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "sqrt", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "sqrt", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "tan", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "tan", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "tanh", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "tanh", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "truncate", "(double)", "generated"]
+      - ["kotlin.math", "MathKt", "truncate", "(float)", "generated"]
+      - ["kotlin.math", "MathKt", "withSign", "(double,double)", "generated"]
+      - ["kotlin.math", "MathKt", "withSign", "(double,int)", "generated"]
+      - ["kotlin.math", "MathKt", "withSign", "(float,float)", "generated"]
+      - ["kotlin.math", "MathKt", "withSign", "(float,int)", "generated"]
+      - ["kotlin.math", "UMathKt", "max", "(int,int)", "generated"]
+      - ["kotlin.math", "UMathKt", "max", "(long,long)", "generated"]
+      - ["kotlin.math", "UMathKt", "min", "(int,int)", "generated"]
+      - ["kotlin.math", "UMathKt", "min", "(long,long)", "generated"]
+      - ["kotlin.native", "CName", "CName", "(String,String)", "generated"]
+      - ["kotlin.native", "CName", "externName", "()", "generated"]
+      - ["kotlin.native", "CName", "shortName", "()", "generated"]
+      - ["kotlin.native.concurrent", "SharedImmutable", "SharedImmutable", "()", "generated"]
+      - ["kotlin.native.concurrent", "ThreadLocal", "ThreadLocal", "()", "generated"]
+      - ["kotlin.properties", "Delegates", "notNull", "()", "generated"]
+      - ["kotlin.properties", "Delegates", "observable", "(Object,Function3)", "generated"]
+      - ["kotlin.properties", "Delegates", "vetoable", "(Object,Function3)", "generated"]
+      - ["kotlin.properties", "PropertyDelegateProvider", "provideDelegate", "(Object,KProperty)", "generated"]
+      - ["kotlin.properties", "ReadOnlyProperty", "getValue", "(Object,KProperty)", "generated"]
+      - ["kotlin.properties", "ReadWriteProperty", "setValue", "(Object,KProperty,Object)", "generated"]
+      - ["kotlin.random", "Random", "Random", "()", "generated"]
+      - ["kotlin.random", "Random", "nextBits", "(int)", "generated"]
+      - ["kotlin.random", "Random", "nextBoolean", "()", "generated"]
+      - ["kotlin.random", "Random", "nextBytes", "(int)", "generated"]
+      - ["kotlin.random", "Random", "nextDouble", "()", "generated"]
+      - ["kotlin.random", "Random", "nextDouble", "(double)", "generated"]
+      - ["kotlin.random", "Random", "nextDouble", "(double,double)", "generated"]
+      - ["kotlin.random", "Random", "nextFloat", "()", "generated"]
+      - ["kotlin.random", "Random", "nextInt", "()", "generated"]
+      - ["kotlin.random", "Random", "nextInt", "(int)", "generated"]
+      - ["kotlin.random", "Random", "nextInt", "(int,int)", "generated"]
+      - ["kotlin.random", "Random", "nextLong", "()", "generated"]
+      - ["kotlin.random", "Random", "nextLong", "(long)", "generated"]
+      - ["kotlin.random", "Random", "nextLong", "(long,long)", "generated"]
+      - ["kotlin.random", "RandomKt", "Random", "(int)", "generated"]
+      - ["kotlin.random", "RandomKt", "Random", "(long)", "generated"]
+      - ["kotlin.random", "RandomKt", "nextInt", "(Random,IntRange)", "generated"]
+      - ["kotlin.random", "RandomKt", "nextLong", "(Random,LongRange)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextUBytes", "(Random,int)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextUInt", "(Random)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextUInt", "(Random,UIntRange)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextUInt", "(Random,int)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextUInt", "(Random,int,int)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextULong", "(Random)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextULong", "(Random,ULongRange)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextULong", "(Random,long)", "generated"]
+      - ["kotlin.random", "URandomKt", "nextULong", "(Random,long,long)", "generated"]
+      - ["kotlin.ranges", "CharProgression", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "CharProgression", "getFirst", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression", "getLast", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression", "getStep", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression", "toString", "()", "generated"]
+      - ["kotlin.ranges", "CharProgression$Companion", "fromClosedRange", "(char,char,int)", "generated"]
+      - ["kotlin.ranges", "CharRange", "CharRange", "(char,char)", "generated"]
+      - ["kotlin.ranges", "CharRange", "contains", "(char)", "generated"]
+      - ["kotlin.ranges", "CharRange", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "CharRange", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "CharRange", "toString", "()", "generated"]
+      - ["kotlin.ranges", "ClosedFloatingPointRange", "lessThanOrEquals", "(Comparable,Comparable)", "generated"]
+      - ["kotlin.ranges", "ClosedRange", "contains", "(Comparable)", "generated"]
+      - ["kotlin.ranges", "ClosedRange", "getEndInclusive", "()", "generated"]
+      - ["kotlin.ranges", "ClosedRange", "getStart", "()", "generated"]
+      - ["kotlin.ranges", "ClosedRange", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "IntProgression", "getFirst", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "getLast", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "getStep", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression", "toString", "()", "generated"]
+      - ["kotlin.ranges", "IntProgression$Companion", "fromClosedRange", "(int,int,int)", "generated"]
+      - ["kotlin.ranges", "IntRange", "IntRange", "(int,int)", "generated"]
+      - ["kotlin.ranges", "IntRange", "contains", "(int)", "generated"]
+      - ["kotlin.ranges", "IntRange", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "IntRange", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "IntRange", "toString", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "LongProgression", "getFirst", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "getLast", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "getStep", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression", "toString", "()", "generated"]
+      - ["kotlin.ranges", "LongProgression$Companion", "fromClosedRange", "(long,long,long)", "generated"]
+      - ["kotlin.ranges", "LongRange", "LongRange", "(long,long)", "generated"]
+      - ["kotlin.ranges", "LongRange", "contains", "(long)", "generated"]
+      - ["kotlin.ranges", "LongRange", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "LongRange", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "LongRange", "toString", "()", "generated"]
+      - ["kotlin.ranges", "OpenEndRange", "contains", "(Comparable)", "generated"]
+      - ["kotlin.ranges", "OpenEndRange", "getEndExclusive", "()", "generated"]
+      - ["kotlin.ranges", "OpenEndRange", "getStart", "()", "generated"]
+      - ["kotlin.ranges", "OpenEndRange", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(ClosedRange,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(ClosedRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(ClosedRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(ClosedRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(ClosedRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(OpenEndRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(OpenEndRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "byteRangeContains", "(OpenEndRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(double,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(float,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtLeast", "(short,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(double,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(float,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceAtMost", "(short,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(byte,byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(double,double,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(float,float,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(int,ClosedRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(int,int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(long,ClosedRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(long,long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "coerceIn", "(short,short,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(CharRange,Character)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(ClosedRange,Object)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(IntRange,Integer)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(IntRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(IntRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(IntRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(LongRange,Long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(LongRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(LongRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(LongRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "contains", "(OpenEndRange,Object)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(ClosedRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(ClosedRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(ClosedRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(ClosedRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(ClosedRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "doubleRangeContains", "(OpenEndRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(byte,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(byte,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(byte,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(char,char)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(int,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(int,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(int,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(long,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(long,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(long,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(short,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(short,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(short,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "downTo", "(short,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "first", "(CharProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "first", "(IntProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "first", "(LongProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "firstOrNull", "(CharProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "firstOrNull", "(IntProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "firstOrNull", "(LongProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "floatRangeContains", "(ClosedRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "floatRangeContains", "(ClosedRange,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "floatRangeContains", "(ClosedRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "floatRangeContains", "(ClosedRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "floatRangeContains", "(ClosedRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(ClosedRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(ClosedRange,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(ClosedRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(ClosedRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(ClosedRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(OpenEndRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(OpenEndRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "intRangeContains", "(OpenEndRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "last", "(CharProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "last", "(IntProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "last", "(LongProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "lastOrNull", "(CharProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "lastOrNull", "(IntProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "lastOrNull", "(LongProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(ClosedRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(ClosedRange,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(ClosedRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(ClosedRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(ClosedRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(OpenEndRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(OpenEndRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "longRangeContains", "(OpenEndRange,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(CharRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(CharRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(IntRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(IntRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(LongRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "random", "(LongRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(CharRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(CharRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(IntRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(IntRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(LongRange)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "randomOrNull", "(LongRange,Random)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeTo", "(double,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeTo", "(float,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(byte,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(byte,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(byte,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(char,char)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(double,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(float,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(int,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(int,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(int,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(long,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(long,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(long,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(short,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(short,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(short,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "rangeUntil", "(short,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "reversed", "(CharProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "reversed", "(IntProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "reversed", "(LongProgression)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(ClosedRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(ClosedRange,double)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(ClosedRange,float)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(ClosedRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(ClosedRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(OpenEndRange,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(OpenEndRange,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "shortRangeContains", "(OpenEndRange,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "step", "(CharProgression,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "step", "(IntProgression,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "step", "(LongProgression,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(byte,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(byte,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(byte,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(char,char)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(int,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(int,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(int,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(int,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(long,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(long,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(long,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(long,short)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(short,byte)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(short,int)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(short,long)", "generated"]
+      - ["kotlin.ranges", "RangesKt", "until", "(short,short)", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "getFirst", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "getLast", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "getStep", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression", "toString", "()", "generated"]
+      - ["kotlin.ranges", "UIntProgression$Companion", "fromClosedRange", "(int,int,int)", "generated"]
+      - ["kotlin.ranges", "UIntRange", "UIntRange", "(int,int)", "generated"]
+      - ["kotlin.ranges", "UIntRange", "contains", "(int)", "generated"]
+      - ["kotlin.ranges", "UIntRange", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "UIntRange", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "UIntRange", "toString", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "getFirst", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "getLast", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "getStep", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "isEmpty", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression", "toString", "()", "generated"]
+      - ["kotlin.ranges", "ULongProgression$Companion", "fromClosedRange", "(long,long,long)", "generated"]
+      - ["kotlin.ranges", "ULongRange", "ULongRange", "(long,long)", "generated"]
+      - ["kotlin.ranges", "ULongRange", "contains", "(long)", "generated"]
+      - ["kotlin.ranges", "ULongRange", "equals", "(Object)", "generated"]
+      - ["kotlin.ranges", "ULongRange", "hashCode", "()", "generated"]
+      - ["kotlin.ranges", "ULongRange", "toString", "()", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtLeast", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtLeast", "(int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtLeast", "(long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtLeast", "(short,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtMost", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtMost", "(int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtMost", "(long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceAtMost", "(short,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(byte,byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(int,ClosedRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(int,int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(long,ClosedRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(long,long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "coerceIn", "(short,short,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(UIntRange,UInt)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(UIntRange,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(UIntRange,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(UIntRange,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(ULongRange,ULong)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(ULongRange,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(ULongRange,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "contains", "(ULongRange,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "downTo", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "downTo", "(int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "downTo", "(long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "downTo", "(short,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "first", "(UIntProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "first", "(ULongProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "firstOrNull", "(UIntProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "firstOrNull", "(ULongProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "last", "(UIntProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "last", "(ULongProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "lastOrNull", "(UIntProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "lastOrNull", "(ULongProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "random", "(UIntRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "random", "(UIntRange,Random)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "random", "(ULongRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "random", "(ULongRange,Random)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "randomOrNull", "(UIntRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "randomOrNull", "(UIntRange,Random)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "randomOrNull", "(ULongRange)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "randomOrNull", "(ULongRange,Random)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "rangeUntil", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "rangeUntil", "(int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "rangeUntil", "(long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "rangeUntil", "(short,short)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "reversed", "(UIntProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "reversed", "(ULongProgression)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "step", "(UIntProgression,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "step", "(ULongProgression,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "until", "(byte,byte)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "until", "(int,int)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "until", "(long,long)", "generated"]
+      - ["kotlin.ranges", "URangesKt", "until", "(short,short)", "generated"]
+      - ["kotlin.reflect", "KAnnotatedElement", "getAnnotations", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "call", "(Object[])", "generated"]
+      - ["kotlin.reflect", "KCallable", "callBy", "(Map)", "generated"]
+      - ["kotlin.reflect", "KCallable", "getName", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "getParameters", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "getReturnType", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "getTypeParameters", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "getVisibility", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "isAbstract", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "isFinal", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "isOpen", "()", "generated"]
+      - ["kotlin.reflect", "KCallable", "isSuspend", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "equals", "(Object)", "generated"]
+      - ["kotlin.reflect", "KClass", "getConstructors", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getNestedClasses", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getObjectInstance", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getQualifiedName", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getSealedSubclasses", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getSimpleName", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getSupertypes", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getTypeParameters", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "getVisibility", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "hashCode", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isAbstract", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isCompanion", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isData", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isFinal", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isFun", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isInner", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isInstance", "(Object)", "generated"]
+      - ["kotlin.reflect", "KClass", "isOpen", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isSealed", "()", "generated"]
+      - ["kotlin.reflect", "KClass", "isValue", "()", "generated"]
+      - ["kotlin.reflect", "KDeclarationContainer", "getMembers", "()", "generated"]
+      - ["kotlin.reflect", "KFunction", "isExternal", "()", "generated"]
+      - ["kotlin.reflect", "KFunction", "isInfix", "()", "generated"]
+      - ["kotlin.reflect", "KFunction", "isInline", "()", "generated"]
+      - ["kotlin.reflect", "KFunction", "isOperator", "()", "generated"]
+      - ["kotlin.reflect", "KMutableProperty", "getSetter", "()", "generated"]
+      - ["kotlin.reflect", "KMutableProperty0", "set", "(Object)", "generated"]
+      - ["kotlin.reflect", "KMutableProperty1", "set", "(Object,Object)", "generated"]
+      - ["kotlin.reflect", "KMutableProperty2", "set", "(Object,Object,Object)", "generated"]
+      - ["kotlin.reflect", "KParameter", "getIndex", "()", "generated"]
+      - ["kotlin.reflect", "KParameter", "getKind", "()", "generated"]
+      - ["kotlin.reflect", "KParameter", "getName", "()", "generated"]
+      - ["kotlin.reflect", "KParameter", "getType", "()", "generated"]
+      - ["kotlin.reflect", "KParameter", "isOptional", "()", "generated"]
+      - ["kotlin.reflect", "KParameter", "isVararg", "()", "generated"]
+      - ["kotlin.reflect", "KParameter$Kind", "valueOf", "(String)", "generated"]
+      - ["kotlin.reflect", "KParameter$Kind", "values", "()", "generated"]
+      - ["kotlin.reflect", "KProperty", "getGetter", "()", "generated"]
+      - ["kotlin.reflect", "KProperty", "isConst", "()", "generated"]
+      - ["kotlin.reflect", "KProperty", "isLateinit", "()", "generated"]
+      - ["kotlin.reflect", "KProperty$Accessor", "getProperty", "()", "generated"]
+      - ["kotlin.reflect", "KProperty0", "get", "()", "generated"]
+      - ["kotlin.reflect", "KProperty0", "getDelegate", "()", "generated"]
+      - ["kotlin.reflect", "KProperty1", "get", "(Object)", "generated"]
+      - ["kotlin.reflect", "KProperty1", "getDelegate", "(Object)", "generated"]
+      - ["kotlin.reflect", "KProperty2", "get", "(Object,Object)", "generated"]
+      - ["kotlin.reflect", "KProperty2", "getDelegate", "(Object,Object)", "generated"]
+      - ["kotlin.reflect", "KType", "getArguments", "()", "generated"]
+      - ["kotlin.reflect", "KType", "getClassifier", "()", "generated"]
+      - ["kotlin.reflect", "KType", "isMarkedNullable", "()", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", "getName", "()", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", "getUpperBounds", "()", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", "getVariance", "()", "generated"]
+      - ["kotlin.reflect", "KTypeParameter", "isReified", "()", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", "component1", "()", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", "equals", "(Object)", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", "getVariance", "()", "generated"]
+      - ["kotlin.reflect", "KTypeProjection", "hashCode", "()", "generated"]
+      - ["kotlin.reflect", "KTypeProjection$Companion", "getSTAR", "()", "generated"]
+      - ["kotlin.reflect", "KVariance", "valueOf", "(String)", "generated"]
+      - ["kotlin.reflect", "KVariance", "values", "()", "generated"]
+      - ["kotlin.reflect", "KVisibility", "valueOf", "(String)", "generated"]
+      - ["kotlin.reflect", "KVisibility", "values", "()", "generated"]
+      - ["kotlin.reflect", "TypeOfKt", "typeOf", "()", "generated"]
+      - ["kotlin.sequences", "Sequence", "iterator", "()", "generated"]
+      - ["kotlin.sequences", "SequenceScope", "yield", "(Object)", "generated"]
+      - ["kotlin.sequences", "SequenceScope", "yieldAll", "(Iterable)", "generated"]
+      - ["kotlin.sequences", "SequenceScope", "yieldAll", "(Iterator)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "Sequence", "(Function0)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "all", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "any", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "any", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "asIterable", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "asSequence", "(Enumeration)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "asSequence", "(Iterator)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "associate", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "associateBy", "(Sequence,Function1,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfByte", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfDouble", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfFloat", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfInt", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfLong", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "averageOfShort", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "chunked", "(Sequence,int)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "contains", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "count", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "count", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "emptySequence", "()", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "filterIndexed", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "flatMapIndexedIterable", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "flatMapIndexedSequence", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "forEach", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "forEachIndexed", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "groupBy", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "groupBy", "(Sequence,Function1,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "groupingBy", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "ifEmpty", "(Sequence,Function0)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "indexOf", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "indexOfFirst", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "indexOfLast", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "iterator", "(SuspendFunction1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "lastIndexOf", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "max", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "maxOf", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "maxOfOrNull", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "maxOrNull", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "maxOrThrow", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "min", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minOf", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minOfOrNull", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minOrNull", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minOrThrow", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minus", "(Sequence,Iterable)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minus", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minus", "(Sequence,Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "minusElement", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "none", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "none", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "plus", "(Sequence,Iterable)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "plus", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "plus", "(Sequence,Object[])", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "plus", "(Sequence,Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "plusElement", "(Sequence,Object)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "runningFold", "(Sequence,Object,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "runningFoldIndexed", "(Sequence,Object,Function3)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "runningReduce", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "runningReduceIndexed", "(Sequence,Function3)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "scan", "(Sequence,Object,Function2)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "scanIndexed", "(Sequence,Object,Function3)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sequence", "(SuspendFunction1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sequenceOf", "(Object[])", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "shuffled", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "shuffled", "(Sequence,Random)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sorted", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sortedBy", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sortedByDescending", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sortedDescending", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sortedWith", "(Sequence,Comparator)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumBy", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumByDouble", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfBigDecimal", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfBigInteger", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfByte", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfDouble", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfDouble", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfFloat", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfInt", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfInt", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfLong", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfLong", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfShort", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfUInt", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "sumOfULong", "(Sequence,Function1)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "windowed", "(Sequence,int,int,boolean)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "zipWithNext", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "SequencesKt", "zipWithNext", "(Sequence,Function2)", "generated"]
+      - ["kotlin.sequences", "USequencesKt", "sumOfUByte", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "USequencesKt", "sumOfUInt", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "USequencesKt", "sumOfULong", "(Sequence)", "generated"]
+      - ["kotlin.sequences", "USequencesKt", "sumOfUShort", "(Sequence)", "generated"]
+      - ["kotlin.system", "ProcessKt", "exitProcess", "(int)", "generated"]
+      - ["kotlin.system", "TimingKt", "measureNanoTime", "(Function0)", "generated"]
+      - ["kotlin.system", "TimingKt", "measureTimeMillis", "(Function0)", "generated"]
+      - ["kotlin.text", "Appendable", "append", "(CharSequence)", "generated"]
+      - ["kotlin.text", "Appendable", "append", "(CharSequence,int,int)", "generated"]
+      - ["kotlin.text", "Appendable", "append", "(char)", "generated"]
+      - ["kotlin.text", "CharCategory", "contains", "(char)", "generated"]
+      - ["kotlin.text", "CharCategory", "getCode", "()", "generated"]
+      - ["kotlin.text", "CharCategory", "getValue", "()", "generated"]
+      - ["kotlin.text", "CharCategory", "valueOf", "(String)", "generated"]
+      - ["kotlin.text", "CharCategory", "values", "()", "generated"]
+      - ["kotlin.text", "CharCategory$Companion", "valueOf", "(int)", "generated"]
+      - ["kotlin.text", "CharDirectionality", "getValue", "()", "generated"]
+      - ["kotlin.text", "CharDirectionality", "valueOf", "(String)", "generated"]
+      - ["kotlin.text", "CharDirectionality", "values", "()", "generated"]
+      - ["kotlin.text", "CharDirectionality$Companion", "valueOf", "(int)", "generated"]
+      - ["kotlin.text", "CharacterCodingException", "CharacterCodingException", "()", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToChar", "(int)", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToChar", "(int,int)", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToInt", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToInt", "(char,int)", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToIntOrNull", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "digitToIntOrNull", "(char,int)", "generated"]
+      - ["kotlin.text", "CharsKt", "equals", "(char,char,boolean)", "generated"]
+      - ["kotlin.text", "CharsKt", "getCategory", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "getDirectionality", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isDefined", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isDigit", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isHighSurrogate", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isISOControl", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isIdentifierIgnorable", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isJavaIdentifierPart", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isJavaIdentifierStart", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isLetter", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isLetterOrDigit", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isLowSurrogate", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isLowerCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isSurrogate", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isTitleCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isUpperCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "isWhitespace", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "lowercase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "lowercase", "(char,Locale)", "generated"]
+      - ["kotlin.text", "CharsKt", "lowercaseChar", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "titlecase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "titlecase", "(char,Locale)", "generated"]
+      - ["kotlin.text", "CharsKt", "titlecaseChar", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "toLowerCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "toTitleCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "toUpperCase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "uppercase", "(char)", "generated"]
+      - ["kotlin.text", "CharsKt", "uppercase", "(char,Locale)", "generated"]
+      - ["kotlin.text", "CharsKt", "uppercaseChar", "(char)", "generated"]
+      - ["kotlin.text", "Charsets", "UTF32", "()", "generated"]
+      - ["kotlin.text", "Charsets", "UTF32_BE", "()", "generated"]
+      - ["kotlin.text", "Charsets", "UTF32_LE", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getISO_8859_1", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getUS_ASCII", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getUTF_16", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getUTF_16BE", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getUTF_16LE", "()", "generated"]
+      - ["kotlin.text", "Charsets", "getUTF_8", "()", "generated"]
+      - ["kotlin.text", "CharsetsKt", "charset", "(String)", "generated"]
+      - ["kotlin.text", "FlagEnum", "getMask", "()", "generated"]
+      - ["kotlin.text", "FlagEnum", "getValue", "()", "generated"]
+      - ["kotlin.text", "MatchGroup", "equals", "(Object)", "generated"]
+      - ["kotlin.text", "MatchGroup", "hashCode", "()", "generated"]
+      - ["kotlin.text", "MatchGroupCollection", "get", "(int)", "generated"]
+      - ["kotlin.text", "MatchNamedGroupCollection", "get", "(String)", "generated"]
+      - ["kotlin.text", "MatchResult", "getGroupValues", "()", "generated"]
+      - ["kotlin.text", "MatchResult", "getGroups", "()", "generated"]
+      - ["kotlin.text", "MatchResult", "getRange", "()", "generated"]
+      - ["kotlin.text", "MatchResult", "getValue", "()", "generated"]
+      - ["kotlin.text", "MatchResult", "next", "()", "generated"]
+      - ["kotlin.text", "Regex", "Regex", "(String)", "generated"]
+      - ["kotlin.text", "Regex", "Regex", "(String,RegexOption)", "generated"]
+      - ["kotlin.text", "Regex", "Regex", "(String,Set)", "generated"]
+      - ["kotlin.text", "Regex", "containsMatchIn", "(CharSequence)", "generated"]
+      - ["kotlin.text", "Regex", "findAll", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "Regex", "getPattern", "()", "generated"]
+      - ["kotlin.text", "Regex", "matchAt", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "Regex", "matches", "(CharSequence)", "generated"]
+      - ["kotlin.text", "Regex", "matchesAt", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "Regex", "split", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "Regex", "splitToSequence", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "Regex", "toString", "()", "generated"]
+      - ["kotlin.text", "Regex$Companion", "escapeReplacement", "(String)", "generated"]
+      - ["kotlin.text", "Regex$Companion", "fromLiteral", "(String)", "generated"]
+      - ["kotlin.text", "RegexOption", "valueOf", "(String)", "generated"]
+      - ["kotlin.text", "RegexOption", "values", "()", "generated"]
+      - ["kotlin.text", "StringBuilder", "StringBuilder", "()", "generated"]
+      - ["kotlin.text", "StringBuilder", "StringBuilder", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringBuilder", "StringBuilder", "(String)", "generated"]
+      - ["kotlin.text", "StringBuilder", "StringBuilder", "(int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "append", "(Object)", "generated"]
+      - ["kotlin.text", "StringBuilder", "append", "(String)", "generated"]
+      - ["kotlin.text", "StringBuilder", "append", "(boolean)", "generated"]
+      - ["kotlin.text", "StringBuilder", "append", "(char[])", "generated"]
+      - ["kotlin.text", "StringBuilder", "capacity", "()", "generated"]
+      - ["kotlin.text", "StringBuilder", "ensureCapacity", "(int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "get", "(int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "indexOf", "(String)", "generated"]
+      - ["kotlin.text", "StringBuilder", "indexOf", "(String,int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,CharSequence)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,Object)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,String)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,boolean)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,char)", "generated"]
+      - ["kotlin.text", "StringBuilder", "insert", "(int,char[])", "generated"]
+      - ["kotlin.text", "StringBuilder", "lastIndexOf", "(String)", "generated"]
+      - ["kotlin.text", "StringBuilder", "lastIndexOf", "(String,int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "reverse", "()", "generated"]
+      - ["kotlin.text", "StringBuilder", "setLength", "(int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "substring", "(int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "substring", "(int,int)", "generated"]
+      - ["kotlin.text", "StringBuilder", "trimToSize", "()", "generated"]
+      - ["kotlin.text", "StringsKt", "String", "(int[],int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "all", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "any", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "any", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "asIterable", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "asSequence", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "associate", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "associateBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "associateBy", "(CharSequence,Function1,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "associateWith", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "buildString", "(Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "buildString", "(int,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "chunked", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "chunked", "(CharSequence,int,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "chunkedSequence", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "chunkedSequence", "(CharSequence,int,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "codePointAt", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "codePointBefore", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "codePointCount", "(String,int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "commonPrefixWith", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "commonSuffixWith", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "compareTo", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "contains", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "contains", "(CharSequence,Regex)", "generated"]
+      - ["kotlin.text", "StringsKt", "contains", "(CharSequence,char,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "contentEquals", "(CharSequence,CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "contentEquals", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "contentEquals", "(String,CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "contentEquals", "(String,StringBuffer)", "generated"]
+      - ["kotlin.text", "StringsKt", "count", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "count", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "deleteAt", "(StringBuilder,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "deleteRange", "(StringBuilder,int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "elementAt", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "elementAtOrElse", "(CharSequence,int,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "elementAtOrNull", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "endsWith", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "endsWith", "(CharSequence,char,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "endsWith", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "equals", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "filter", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "filter", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "filterIndexed", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "filterIndexed", "(String,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "filterNot", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "filterNot", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "find", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "findLast", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "first", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "first", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "firstNotNullOf", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "firstNotNullOfOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "firstOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "firstOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "flatMap", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "flatMapIndexedIterable", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "forEach", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "forEachIndexed", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "getCASE_INSENSITIVE_ORDER", "(StringCompanionObject)", "generated"]
+      - ["kotlin.text", "StringsKt", "getIndices", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "getLastIndex", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "getOrElse", "(CharSequence,int,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "getOrNull", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "groupBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "groupBy", "(CharSequence,Function1,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "groupingBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "hasSurrogatePairAt", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOf", "(CharSequence,String,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOf", "(CharSequence,char,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOfAny", "(CharSequence,Collection,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOfAny", "(CharSequence,char[],int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOfFirst", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "indexOfLast", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "isBlank", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "isEmpty", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "isNotBlank", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "isNotEmpty", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "isNullOrBlank", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "isNullOrEmpty", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "iterator", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "last", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "last", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastIndexOf", "(CharSequence,String,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastIndexOf", "(CharSequence,char,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastIndexOfAny", "(CharSequence,Collection,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastIndexOfAny", "(CharSequence,char[],int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "lastOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "map", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "mapIndexed", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "mapIndexedNotNull", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "mapNotNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "matches", "(CharSequence,Regex)", "generated"]
+      - ["kotlin.text", "StringsKt", "max", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxByOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxByOrThrow", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOf", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOfOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOfWith", "(CharSequence,Comparator,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOfWithOrNull", "(CharSequence,Comparator,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxOrThrow", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxWith", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxWithOrNull", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "maxWithOrThrow", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "min", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "minBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minByOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minByOrThrow", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOf", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOfOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOfWith", "(CharSequence,Comparator,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOfWithOrNull", "(CharSequence,Comparator,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "minOrThrow", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "minWith", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "minWithOrNull", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "minWithOrThrow", "(CharSequence,Comparator)", "generated"]
+      - ["kotlin.text", "StringsKt", "none", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "none", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "offsetByCodePoints", "(String,int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "padEnd", "(String,int,char)", "generated"]
+      - ["kotlin.text", "StringsKt", "padStart", "(String,int,char)", "generated"]
+      - ["kotlin.text", "StringsKt", "partition", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "partition", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "random", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "random", "(CharSequence,Random)", "generated"]
+      - ["kotlin.text", "StringsKt", "randomOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "randomOrNull", "(CharSequence,Random)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduce", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceIndexed", "(CharSequence,Function3)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceIndexedOrNull", "(CharSequence,Function3)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceOrNull", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceRight", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceRightIndexed", "(CharSequence,Function3)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceRightIndexedOrNull", "(CharSequence,Function3)", "generated"]
+      - ["kotlin.text", "StringsKt", "reduceRightOrNull", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "regionMatches", "(CharSequence,int,CharSequence,int,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "regionMatches", "(String,int,String,int,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "removeRange", "(String,IntRange)", "generated"]
+      - ["kotlin.text", "StringsKt", "removeRange", "(String,int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "replace", "(String,String,String,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "replaceIndent", "(String,String)", "generated"]
+      - ["kotlin.text", "StringsKt", "replaceIndentByMargin", "(String,String,String)", "generated"]
+      - ["kotlin.text", "StringsKt", "replaceRange", "(String,IntRange,CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "replaceRange", "(String,int,int,CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "reversed", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "runningReduce", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "runningReduceIndexed", "(CharSequence,Function3)", "generated"]
+      - ["kotlin.text", "StringsKt", "set", "(StringBuilder,int,char)", "generated"]
+      - ["kotlin.text", "StringsKt", "single", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "single", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "singleOrNull", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "singleOrNull", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "slice", "(CharSequence,Iterable)", "generated"]
+      - ["kotlin.text", "StringsKt", "slice", "(String,Iterable)", "generated"]
+      - ["kotlin.text", "StringsKt", "split", "(CharSequence,Regex,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "split", "(CharSequence,String[],boolean,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "split", "(CharSequence,char[],boolean,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "splitToSequence", "(CharSequence,Regex,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "startsWith", "(CharSequence,CharSequence,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "startsWith", "(CharSequence,CharSequence,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "startsWith", "(CharSequence,char,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "startsWith", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "startsWith", "(String,String,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "substring", "(CharSequence,IntRange)", "generated"]
+      - ["kotlin.text", "StringsKt", "substring", "(CharSequence,int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumBy", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumByDouble", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfBigDecimal", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfBigInteger", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfDouble", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfInt", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfLong", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfUInt", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "sumOfULong", "(CharSequence,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigDecimal", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigDecimal", "(String,MathContext)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigDecimalOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigDecimalOrNull", "(String,MathContext)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigInteger", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigInteger", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigIntegerOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBigIntegerOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBoolean", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBooleanNullable", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBooleanStrict", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toBooleanStrictOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toByte", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toByte", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toByteOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toByteOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toDouble", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toDoubleOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toFloat", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toFloatOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toHashSet", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "toInt", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toInt", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toIntOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toIntOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toList", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "toLong", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toLong", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toLongOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toLongOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toMutableList", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "toPattern", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toRegex", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toRegex", "(String,RegexOption)", "generated"]
+      - ["kotlin.text", "StringsKt", "toRegex", "(String,Set)", "generated"]
+      - ["kotlin.text", "StringsKt", "toSet", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "toShort", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toShort", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toShortOrNull", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "toShortOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toSortedSet", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "toString", "(byte,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toString", "(int,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toString", "(long,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "toString", "(short,int)", "generated"]
+      - ["kotlin.text", "StringsKt", "trim", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "trim", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "trim", "(String,char[])", "generated"]
+      - ["kotlin.text", "StringsKt", "trimEnd", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimEnd", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimEnd", "(String,char[])", "generated"]
+      - ["kotlin.text", "StringsKt", "trimIndent", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimMargin", "(String,String)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimStart", "(String)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimStart", "(String,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "trimStart", "(String,char[])", "generated"]
+      - ["kotlin.text", "StringsKt", "windowed", "(CharSequence,int,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "windowed", "(CharSequence,int,int,boolean,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "windowedSequence", "(CharSequence,int,int,boolean)", "generated"]
+      - ["kotlin.text", "StringsKt", "windowedSequence", "(CharSequence,int,int,boolean,Function1)", "generated"]
+      - ["kotlin.text", "StringsKt", "withIndex", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "zip", "(CharSequence,CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "zip", "(CharSequence,CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "StringsKt", "zipWithNext", "(CharSequence)", "generated"]
+      - ["kotlin.text", "StringsKt", "zipWithNext", "(CharSequence,Function2)", "generated"]
+      - ["kotlin.text", "TextHKt", "String", "(char[])", "generated"]
+      - ["kotlin.text", "TextHKt", "String", "(char[],int,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "compareTo", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "concatToString", "(char[])", "generated"]
+      - ["kotlin.text", "TextHKt", "concatToString", "(char[],int,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "decodeToString", "(byte[])", "generated"]
+      - ["kotlin.text", "TextHKt", "decodeToString", "(byte[],int,int,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "encodeToByteArray", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "encodeToByteArray", "(String,int,int,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "endsWith", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "equals", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "getCASE_INSENSITIVE_ORDER", "(StringCompanionObject)", "generated"]
+      - ["kotlin.text", "TextHKt", "isBlank", "(CharSequence)", "generated"]
+      - ["kotlin.text", "TextHKt", "isHighSurrogate", "(char)", "generated"]
+      - ["kotlin.text", "TextHKt", "isLowSurrogate", "(char)", "generated"]
+      - ["kotlin.text", "TextHKt", "regionMatches", "(CharSequence,int,CharSequence,int,int,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "repeat", "(CharSequence,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "replace", "(String,String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "replace", "(String,char,char,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "replaceFirst", "(String,String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "replaceFirst", "(String,char,char,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "startsWith", "(String,String,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "startsWith", "(String,String,int,boolean)", "generated"]
+      - ["kotlin.text", "TextHKt", "substring", "(String,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "substring", "(String,int,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toBoolean", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toByte", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toByte", "(String,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toCharArray", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toCharArray", "(String,int,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toDouble", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toDoubleOrNull", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toFloat", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toFloatOrNull", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toInt", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toInt", "(String,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toLong", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toLong", "(String,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toShort", "(String)", "generated"]
+      - ["kotlin.text", "TextHKt", "toShort", "(String,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toString", "(byte,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toString", "(int,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toString", "(long,int)", "generated"]
+      - ["kotlin.text", "TextHKt", "toString", "(short,int)", "generated"]
+      - ["kotlin.text", "Typography", "getAlmostEqual", "()", "generated"]
+      - ["kotlin.text", "Typography", "getAmp", "()", "generated"]
+      - ["kotlin.text", "Typography", "getBullet", "()", "generated"]
+      - ["kotlin.text", "Typography", "getCent", "()", "generated"]
+      - ["kotlin.text", "Typography", "getCopyright", "()", "generated"]
+      - ["kotlin.text", "Typography", "getDagger", "()", "generated"]
+      - ["kotlin.text", "Typography", "getDegree", "()", "generated"]
+      - ["kotlin.text", "Typography", "getDollar", "()", "generated"]
+      - ["kotlin.text", "Typography", "getDoubleDagger", "()", "generated"]
+      - ["kotlin.text", "Typography", "getDoublePrime", "()", "generated"]
+      - ["kotlin.text", "Typography", "getEllipsis", "()", "generated"]
+      - ["kotlin.text", "Typography", "getEuro", "()", "generated"]
+      - ["kotlin.text", "Typography", "getGreater", "()", "generated"]
+      - ["kotlin.text", "Typography", "getGreaterOrEqual", "()", "generated"]
+      - ["kotlin.text", "Typography", "getHalf", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLeftDoubleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLeftGuillemet", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLeftGuillemete", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLeftSingleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLess", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLessOrEqual", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLowDoubleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getLowSingleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getMdash", "()", "generated"]
+      - ["kotlin.text", "Typography", "getMiddleDot", "()", "generated"]
+      - ["kotlin.text", "Typography", "getNbsp", "()", "generated"]
+      - ["kotlin.text", "Typography", "getNdash", "()", "generated"]
+      - ["kotlin.text", "Typography", "getNotEqual", "()", "generated"]
+      - ["kotlin.text", "Typography", "getParagraph", "()", "generated"]
+      - ["kotlin.text", "Typography", "getPlusMinus", "()", "generated"]
+      - ["kotlin.text", "Typography", "getPound", "()", "generated"]
+      - ["kotlin.text", "Typography", "getPrime", "()", "generated"]
+      - ["kotlin.text", "Typography", "getQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getRegistered", "()", "generated"]
+      - ["kotlin.text", "Typography", "getRightDoubleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getRightGuillemet", "()", "generated"]
+      - ["kotlin.text", "Typography", "getRightGuillemete", "()", "generated"]
+      - ["kotlin.text", "Typography", "getRightSingleQuote", "()", "generated"]
+      - ["kotlin.text", "Typography", "getSection", "()", "generated"]
+      - ["kotlin.text", "Typography", "getTimes", "()", "generated"]
+      - ["kotlin.text", "Typography", "getTm", "()", "generated"]
+      - ["kotlin.text", "UStringsKt", "toString", "(byte,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toString", "(int,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toString", "(long,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toString", "(short,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUByte", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUByte", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUByteOrNull", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUByteOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUInt", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUInt", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUIntOrNull", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUIntOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toULong", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toULong", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toULongOrNull", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toULongOrNull", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUShort", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUShort", "(String,int)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUShortOrNull", "(String)", "generated"]
+      - ["kotlin.text", "UStringsKt", "toUShortOrNull", "(String,int)", "generated"]
+      - ["kotlin.time", "AbstractDoubleTimeSource", "AbstractDoubleTimeSource", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "AbstractLongTimeSource", "AbstractLongTimeSource", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "Duration", "div", "(Duration)", "generated"]
+      - ["kotlin.time", "Duration", "equals", "(Object)", "generated"]
+      - ["kotlin.time", "Duration", "getInDays", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInHours", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInMicroseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInMilliseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInMinutes", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInNanoseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInSeconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeDays", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeHours", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeMicroseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeMilliseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeMinutes", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeNanoseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "getInWholeSeconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "hashCode", "()", "generated"]
+      - ["kotlin.time", "Duration", "isFinite", "()", "generated"]
+      - ["kotlin.time", "Duration", "isInfinite", "()", "generated"]
+      - ["kotlin.time", "Duration", "isNegative", "()", "generated"]
+      - ["kotlin.time", "Duration", "isPositive", "()", "generated"]
+      - ["kotlin.time", "Duration", "toComponents", "(Function2)", "generated"]
+      - ["kotlin.time", "Duration", "toComponents", "(Function3)", "generated"]
+      - ["kotlin.time", "Duration", "toComponents", "(Function4)", "generated"]
+      - ["kotlin.time", "Duration", "toComponents", "(Function5)", "generated"]
+      - ["kotlin.time", "Duration", "toDouble", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "Duration", "toInt", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "Duration", "toIsoString", "()", "generated"]
+      - ["kotlin.time", "Duration", "toLong", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "Duration", "toLongMilliseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "toLongNanoseconds", "()", "generated"]
+      - ["kotlin.time", "Duration", "toString", "()", "generated"]
+      - ["kotlin.time", "Duration", "toString", "(DurationUnit,int)", "generated"]
+      - ["kotlin.time", "Duration", "unaryMinus", "()", "generated"]
+      - ["kotlin.time", "Duration$Companion", "convert", "(double,DurationUnit,DurationUnit)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "days", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "days", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "days", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getDays", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getDays", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getDays", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getHours", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getHours", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getHours", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMicroseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMicroseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMicroseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMilliseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMilliseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMilliseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMinutes", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMinutes", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getMinutes", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getNanoseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getNanoseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getNanoseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getSeconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getSeconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "getSeconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "hours", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "hours", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "hours", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "microseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "microseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "microseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "milliseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "milliseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "milliseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "minutes", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "minutes", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "minutes", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "nanoseconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "nanoseconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "nanoseconds", "(long)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "parse", "(String)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "parseIsoString", "(String)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "parseIsoStringOrNull", "(String)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "parseOrNull", "(String)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "seconds", "(double)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "seconds", "(int)", "generated"]
+      - ["kotlin.time", "Duration$Companion", "seconds", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getDays", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getDays", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getDays", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getHours", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getHours", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getHours", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMicroseconds", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMicroseconds", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMicroseconds", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMilliseconds", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMilliseconds", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMilliseconds", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMinutes", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMinutes", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getMinutes", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getNanoseconds", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getNanoseconds", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getNanoseconds", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "getSeconds", "(double)", "generated"]
+      - ["kotlin.time", "DurationKt", "getSeconds", "(int)", "generated"]
+      - ["kotlin.time", "DurationKt", "getSeconds", "(long)", "generated"]
+      - ["kotlin.time", "DurationKt", "toDuration", "(double,DurationUnit)", "generated"]
+      - ["kotlin.time", "DurationKt", "toDuration", "(int,DurationUnit)", "generated"]
+      - ["kotlin.time", "DurationKt", "toDuration", "(long,DurationUnit)", "generated"]
+      - ["kotlin.time", "DurationUnit", "valueOf", "(String)", "generated"]
+      - ["kotlin.time", "DurationUnit", "values", "()", "generated"]
+      - ["kotlin.time", "DurationUnitKt", "toDurationUnit", "(TimeUnit)", "generated"]
+      - ["kotlin.time", "DurationUnitKt", "toTimeUnit", "(DurationUnit)", "generated"]
+      - ["kotlin.time", "ExperimentalTime", "ExperimentalTime", "()", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTime", "(Function0)", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTime", "(Monotonic,Function0)", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTime", "(TimeSource,Function0)", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTimedValue", "(Function0)", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTimedValue", "(Monotonic,Function0)", "generated"]
+      - ["kotlin.time", "MeasureTimeKt", "measureTimedValue", "(TimeSource,Function0)", "generated"]
+      - ["kotlin.time", "TestTimeSource", "TestTimeSource", "()", "generated"]
+      - ["kotlin.time", "TestTimeSource", "plusAssign", "(Duration)", "generated"]
+      - ["kotlin.time", "TimeMark", "elapsedNow", "()", "generated"]
+      - ["kotlin.time", "TimeMark", "hasNotPassedNow", "()", "generated"]
+      - ["kotlin.time", "TimeMark", "hasPassedNow", "()", "generated"]
+      - ["kotlin.time", "TimeMark", "minus", "(Duration)", "generated"]
+      - ["kotlin.time", "TimeMark", "plus", "(Duration)", "generated"]
+      - ["kotlin.time", "TimeSource", "markNow", "()", "generated"]
+      - ["kotlin.time", "TimeSource$Monotonic", "toString", "()", "generated"]
+      - ["kotlin.time", "TimeSource$Monotonic$ValueTimeMark", "equals", "(Object)", "generated"]
+      - ["kotlin.time", "TimeSource$Monotonic$ValueTimeMark", "hashCode", "()", "generated"]
+      - ["kotlin.time", "TimeSource$Monotonic$ValueTimeMark", "toString", "()", "generated"]
+      - ["kotlin.time", "TimeSourceKt", "compareTo", "(TimeMark,TimeMark)", "generated"]
+      - ["kotlin.time", "TimeSourceKt", "minus", "(TimeMark,TimeMark)", "generated"]
+      - ["kotlin.time", "TimedValue", "equals", "(Object)", "generated"]
+      - ["kotlin.time", "TimedValue", "hashCode", "()", "generated"]
+      - ["kotlin", "ArithmeticException", "ArithmeticException", "()", "generated"]
+      - ["kotlin", "ArithmeticException", "ArithmeticException", "(String)", "generated"]
+      - ["kotlin", "ArrayIntrinsicsKt", "emptyArray", "()", "generated"]
+      - ["kotlin", "AssertionError", "AssertionError", "()", "generated"]
+      - ["kotlin", "AssertionError", "AssertionError", "(Object)", "generated"]
+      - ["kotlin", "BuilderInference", "BuilderInference", "()", "generated"]
+      - ["kotlin", "CharCodeJVMKt", "Char", "(short)", "generated"]
+      - ["kotlin", "CharCodeKt", "Char", "(int)", "generated"]
+      - ["kotlin", "CharCodeKt", "Char", "(short)", "generated"]
+      - ["kotlin", "CharCodeKt", "getCode", "(char)", "generated"]
+      - ["kotlin", "ClassCastException", "ClassCastException", "()", "generated"]
+      - ["kotlin", "ClassCastException", "ClassCastException", "(String)", "generated"]
+      - ["kotlin", "Comparator", "compare", "(Object,Object)", "generated"]
+      - ["kotlin", "CompareToKt", "compareTo", "(Comparable,Object)", "generated"]
+      - ["kotlin", "ConcurrentModificationException", "ConcurrentModificationException", "()", "generated"]
+      - ["kotlin", "ConcurrentModificationException", "ConcurrentModificationException", "(String)", "generated"]
+      - ["kotlin", "ConcurrentModificationException", "ConcurrentModificationException", "(String,Throwable)", "generated"]
+      - ["kotlin", "ConcurrentModificationException", "ConcurrentModificationException", "(Throwable)", "generated"]
+      - ["kotlin", "ContextFunctionTypeParams", "ContextFunctionTypeParams", "(int)", "generated"]
+      - ["kotlin", "ContextFunctionTypeParams", "count", "()", "generated"]
+      - ["kotlin", "DeepRecursiveKt", "invoke", "(DeepRecursiveFunction,Object)", "generated"]
+      - ["kotlin", "DeepRecursiveScope", "callRecursive", "(DeepRecursiveFunction,Object)", "generated"]
+      - ["kotlin", "DeepRecursiveScope", "callRecursive", "(Object)", "generated"]
+      - ["kotlin", "DeepRecursiveScope", "invoke", "(DeepRecursiveFunction,Object)", "generated"]
+      - ["kotlin", "Deprecated", "Deprecated", "(String,ReplaceWith,DeprecationLevel)", "generated"]
+      - ["kotlin", "Deprecated", "level", "()", "generated"]
+      - ["kotlin", "Deprecated", "message", "()", "generated"]
+      - ["kotlin", "Deprecated", "replaceWith", "()", "generated"]
+      - ["kotlin", "DeprecatedSinceKotlin", "DeprecatedSinceKotlin", "(String,String,String)", "generated"]
+      - ["kotlin", "DeprecatedSinceKotlin", "errorSince", "()", "generated"]
+      - ["kotlin", "DeprecatedSinceKotlin", "hiddenSince", "()", "generated"]
+      - ["kotlin", "DeprecatedSinceKotlin", "warningSince", "()", "generated"]
+      - ["kotlin", "DeprecationLevel", "valueOf", "(String)", "generated"]
+      - ["kotlin", "DeprecationLevel", "values", "()", "generated"]
+      - ["kotlin", "DslMarker", "DslMarker", "()", "generated"]
+      - ["kotlin", "Error", "Error", "()", "generated"]
+      - ["kotlin", "Error", "Error", "(String)", "generated"]
+      - ["kotlin", "Error", "Error", "(String,Throwable)", "generated"]
+      - ["kotlin", "Error", "Error", "(Throwable)", "generated"]
+      - ["kotlin", "Exception", "Exception", "()", "generated"]
+      - ["kotlin", "Exception", "Exception", "(String)", "generated"]
+      - ["kotlin", "Exception", "Exception", "(String,Throwable)", "generated"]
+      - ["kotlin", "Exception", "Exception", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsHKt", "addSuppressed", "(Throwable,Throwable)", "generated"]
+      - ["kotlin", "ExceptionsHKt", "getSuppressedExceptions", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsHKt", "printStackTrace", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsHKt", "stackTraceToString", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsKt", "addSuppressed", "(Throwable,Throwable)", "generated"]
+      - ["kotlin", "ExceptionsKt", "getStackTrace", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsKt", "getSuppressedExceptions", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsKt", "printStackTrace", "(Throwable)", "generated"]
+      - ["kotlin", "ExceptionsKt", "printStackTrace", "(Throwable,PrintStream)", "generated"]
+      - ["kotlin", "ExceptionsKt", "printStackTrace", "(Throwable,PrintWriter)", "generated"]
+      - ["kotlin", "ExceptionsKt", "stackTraceToString", "(Throwable)", "generated"]
+      - ["kotlin", "Experimental", "Experimental", "(Level)", "generated"]
+      - ["kotlin", "Experimental", "level", "()", "generated"]
+      - ["kotlin", "Experimental$Level", "valueOf", "(String)", "generated"]
+      - ["kotlin", "Experimental$Level", "values", "()", "generated"]
+      - ["kotlin", "ExperimentalMultiplatform", "ExperimentalMultiplatform", "()", "generated"]
+      - ["kotlin", "ExperimentalStdlibApi", "ExperimentalStdlibApi", "()", "generated"]
+      - ["kotlin", "ExperimentalUnsignedTypes", "ExperimentalUnsignedTypes", "()", "generated"]
+      - ["kotlin", "ExtensionFunctionType", "ExtensionFunctionType", "()", "generated"]
+      - ["kotlin", "HashCodeKt", "hashCode", "(Object)", "generated"]
+      - ["kotlin", "IllegalArgumentException", "IllegalArgumentException", "()", "generated"]
+      - ["kotlin", "IllegalArgumentException", "IllegalArgumentException", "(String)", "generated"]
+      - ["kotlin", "IllegalArgumentException", "IllegalArgumentException", "(String,Throwable)", "generated"]
+      - ["kotlin", "IllegalArgumentException", "IllegalArgumentException", "(Throwable)", "generated"]
+      - ["kotlin", "IllegalStateException", "IllegalStateException", "()", "generated"]
+      - ["kotlin", "IllegalStateException", "IllegalStateException", "(String)", "generated"]
+      - ["kotlin", "IllegalStateException", "IllegalStateException", "(String,Throwable)", "generated"]
+      - ["kotlin", "IllegalStateException", "IllegalStateException", "(Throwable)", "generated"]
+      - ["kotlin", "IndexOutOfBoundsException", "IndexOutOfBoundsException", "()", "generated"]
+      - ["kotlin", "IndexOutOfBoundsException", "IndexOutOfBoundsException", "(String)", "generated"]
+      - ["kotlin", "KotlinHKt", "fromBits", "(DoubleCompanionObject,long)", "generated"]
+      - ["kotlin", "KotlinHKt", "fromBits", "(FloatCompanionObject,int)", "generated"]
+      - ["kotlin", "KotlinHKt", "isFinite", "(double)", "generated"]
+      - ["kotlin", "KotlinHKt", "isFinite", "(float)", "generated"]
+      - ["kotlin", "KotlinHKt", "isInfinite", "(double)", "generated"]
+      - ["kotlin", "KotlinHKt", "isInfinite", "(float)", "generated"]
+      - ["kotlin", "KotlinHKt", "isNaN", "(double)", "generated"]
+      - ["kotlin", "KotlinHKt", "isNaN", "(float)", "generated"]
+      - ["kotlin", "KotlinHKt", "lazy", "(Function0)", "generated"]
+      - ["kotlin", "KotlinHKt", "lazy", "(LazyThreadSafetyMode,Function0)", "generated"]
+      - ["kotlin", "KotlinHKt", "lazy", "(Object,Function0)", "generated"]
+      - ["kotlin", "KotlinHKt", "toBits", "(double)", "generated"]
+      - ["kotlin", "KotlinHKt", "toBits", "(float)", "generated"]
+      - ["kotlin", "KotlinHKt", "toRawBits", "(double)", "generated"]
+      - ["kotlin", "KotlinHKt", "toRawBits", "(float)", "generated"]
+      - ["kotlin", "KotlinNullPointerException", "KotlinNullPointerException", "()", "generated"]
+      - ["kotlin", "KotlinNullPointerException", "KotlinNullPointerException", "(String)", "generated"]
+      - ["kotlin", "KotlinVersion", "KotlinVersion", "(int,int)", "generated"]
+      - ["kotlin", "KotlinVersion", "KotlinVersion", "(int,int,int)", "generated"]
+      - ["kotlin", "KotlinVersion", "equals", "(Object)", "generated"]
+      - ["kotlin", "KotlinVersion", "getMajor", "()", "generated"]
+      - ["kotlin", "KotlinVersion", "getMinor", "()", "generated"]
+      - ["kotlin", "KotlinVersion", "getPatch", "()", "generated"]
+      - ["kotlin", "KotlinVersion", "hashCode", "()", "generated"]
+      - ["kotlin", "KotlinVersion", "isAtLeast", "(int,int)", "generated"]
+      - ["kotlin", "KotlinVersion", "isAtLeast", "(int,int,int)", "generated"]
+      - ["kotlin", "KotlinVersion", "toString", "()", "generated"]
+      - ["kotlin", "KotlinVersion$Companion", "getMAX_COMPONENT_VALUE", "()", "generated"]
+      - ["kotlin", "LateinitKt", "isInitialized", "(KProperty0)", "generated"]
+      - ["kotlin", "Lazy", "getValue", "()", "generated"]
+      - ["kotlin", "Lazy", "isInitialized", "()", "generated"]
+      - ["kotlin", "LazyThreadSafetyMode", "valueOf", "(String)", "generated"]
+      - ["kotlin", "LazyThreadSafetyMode", "values", "()", "generated"]
+      - ["kotlin", "Metadata", "Metadata", "(int,int[],int[],String[],String[],String,String,int)", "generated"]
+      - ["kotlin", "Metadata", "bv", "()", "generated"]
+      - ["kotlin", "Metadata", "d1", "()", "generated"]
+      - ["kotlin", "Metadata", "d2", "()", "generated"]
+      - ["kotlin", "Metadata", "k", "()", "generated"]
+      - ["kotlin", "Metadata", "mv", "()", "generated"]
+      - ["kotlin", "Metadata", "pn", "()", "generated"]
+      - ["kotlin", "Metadata", "xi", "()", "generated"]
+      - ["kotlin", "Metadata", "xs", "()", "generated"]
+      - ["kotlin", "NoSuchElementException", "NoSuchElementException", "()", "generated"]
+      - ["kotlin", "NoSuchElementException", "NoSuchElementException", "(String)", "generated"]
+      - ["kotlin", "NoWhenBranchMatchedException", "NoWhenBranchMatchedException", "()", "generated"]
+      - ["kotlin", "NoWhenBranchMatchedException", "NoWhenBranchMatchedException", "(String)", "generated"]
+      - ["kotlin", "NoWhenBranchMatchedException", "NoWhenBranchMatchedException", "(String,Throwable)", "generated"]
+      - ["kotlin", "NoWhenBranchMatchedException", "NoWhenBranchMatchedException", "(Throwable)", "generated"]
+      - ["kotlin", "NotImplementedError", "NotImplementedError", "(String)", "generated"]
+      - ["kotlin", "NullPointerException", "NullPointerException", "()", "generated"]
+      - ["kotlin", "NullPointerException", "NullPointerException", "(String)", "generated"]
+      - ["kotlin", "NumberFormatException", "NumberFormatException", "()", "generated"]
+      - ["kotlin", "NumberFormatException", "NumberFormatException", "(String)", "generated"]
+      - ["kotlin", "NumbersKt", "and", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "countLeadingZeroBits", "(byte)", "generated"]
+      - ["kotlin", "NumbersKt", "countLeadingZeroBits", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "countLeadingZeroBits", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "countLeadingZeroBits", "(short)", "generated"]
+      - ["kotlin", "NumbersKt", "countOneBits", "(byte)", "generated"]
+      - ["kotlin", "NumbersKt", "countOneBits", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "countOneBits", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "countOneBits", "(short)", "generated"]
+      - ["kotlin", "NumbersKt", "countTrailingZeroBits", "(byte)", "generated"]
+      - ["kotlin", "NumbersKt", "countTrailingZeroBits", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "countTrailingZeroBits", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "countTrailingZeroBits", "(short)", "generated"]
+      - ["kotlin", "NumbersKt", "dec", "(BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "dec", "(BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "div", "(BigDecimal,BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "div", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(byte,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(byte,int)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(byte,long)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(byte,short)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(int,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(int,int)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(int,long)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(int,short)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(long,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(long,int)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(long,long)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(long,short)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(short,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(short,int)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(short,long)", "generated"]
+      - ["kotlin", "NumbersKt", "floorDiv", "(short,short)", "generated"]
+      - ["kotlin", "NumbersKt", "fromBits", "(DoubleCompanionObject,long)", "generated"]
+      - ["kotlin", "NumbersKt", "fromBits", "(FloatCompanionObject,int)", "generated"]
+      - ["kotlin", "NumbersKt", "inc", "(BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "inc", "(BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "inv", "(BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "isFinite", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "isFinite", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "isInfinite", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "isInfinite", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "isNaN", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "isNaN", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "minus", "(BigDecimal,BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "minus", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(byte,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(byte,int)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(byte,long)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(byte,short)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(double,double)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(double,float)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(float,double)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(float,float)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(int,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(int,int)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(int,long)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(int,short)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(long,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(long,int)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(long,long)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(long,short)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(short,byte)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(short,int)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(short,long)", "generated"]
+      - ["kotlin", "NumbersKt", "mod", "(short,short)", "generated"]
+      - ["kotlin", "NumbersKt", "or", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "plus", "(BigDecimal,BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "plus", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "rem", "(BigDecimal,BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "rem", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateLeft", "(byte,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateLeft", "(int,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateLeft", "(long,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateLeft", "(short,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateRight", "(byte,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateRight", "(int,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateRight", "(long,int)", "generated"]
+      - ["kotlin", "NumbersKt", "rotateRight", "(short,int)", "generated"]
+      - ["kotlin", "NumbersKt", "shl", "(BigInteger,int)", "generated"]
+      - ["kotlin", "NumbersKt", "shr", "(BigInteger,int)", "generated"]
+      - ["kotlin", "NumbersKt", "takeHighestOneBit", "(byte)", "generated"]
+      - ["kotlin", "NumbersKt", "takeHighestOneBit", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "takeHighestOneBit", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "takeHighestOneBit", "(short)", "generated"]
+      - ["kotlin", "NumbersKt", "takeLowestOneBit", "(byte)", "generated"]
+      - ["kotlin", "NumbersKt", "takeLowestOneBit", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "takeLowestOneBit", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "takeLowestOneBit", "(short)", "generated"]
+      - ["kotlin", "NumbersKt", "times", "(BigDecimal,BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "times", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(BigInteger,int,MathContext)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(double,MathContext)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(float,MathContext)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(int,MathContext)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigDecimal", "(long,MathContext)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigInteger", "(int)", "generated"]
+      - ["kotlin", "NumbersKt", "toBigInteger", "(long)", "generated"]
+      - ["kotlin", "NumbersKt", "toBits", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "toBits", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "toRawBits", "(double)", "generated"]
+      - ["kotlin", "NumbersKt", "toRawBits", "(float)", "generated"]
+      - ["kotlin", "NumbersKt", "unaryMinus", "(BigDecimal)", "generated"]
+      - ["kotlin", "NumbersKt", "unaryMinus", "(BigInteger)", "generated"]
+      - ["kotlin", "NumbersKt", "xor", "(BigInteger,BigInteger)", "generated"]
+      - ["kotlin", "OptIn", "OptIn", "(KClass[])", "generated"]
+      - ["kotlin", "OptIn", "markerClass", "()", "generated"]
+      - ["kotlin", "OptionalExpectation", "OptionalExpectation", "()", "generated"]
+      - ["kotlin", "OverloadResolutionByLambdaReturnType", "OverloadResolutionByLambdaReturnType", "()", "generated"]
+      - ["kotlin", "Pair", "equals", "(Object)", "generated"]
+      - ["kotlin", "Pair", "hashCode", "()", "generated"]
+      - ["kotlin", "ParameterName", "ParameterName", "(String)", "generated"]
+      - ["kotlin", "ParameterName", "name", "()", "generated"]
+      - ["kotlin", "PreconditionsKt", "assert", "(boolean)", "generated"]
+      - ["kotlin", "PreconditionsKt", "assert", "(boolean,Function0)", "generated"]
+      - ["kotlin", "PreconditionsKt", "check", "(boolean)", "generated"]
+      - ["kotlin", "PreconditionsKt", "check", "(boolean,Function0)", "generated"]
+      - ["kotlin", "PreconditionsKt", "error", "(Object)", "generated"]
+      - ["kotlin", "PreconditionsKt", "require", "(boolean)", "generated"]
+      - ["kotlin", "PreconditionsKt", "require", "(boolean,Function0)", "generated"]
+      - ["kotlin", "PropertyReferenceDelegatesKt", "getValue", "(KProperty0,Object,KProperty)", "generated"]
+      - ["kotlin", "PropertyReferenceDelegatesKt", "getValue", "(KProperty1,Object,KProperty)", "generated"]
+      - ["kotlin", "PropertyReferenceDelegatesKt", "setValue", "(KMutableProperty0,Object,KProperty,Object)", "generated"]
+      - ["kotlin", "PropertyReferenceDelegatesKt", "setValue", "(KMutableProperty1,Object,KProperty,Object)", "generated"]
+      - ["kotlin", "PublishedApi", "PublishedApi", "()", "generated"]
+      - ["kotlin", "ReplaceWith", "ReplaceWith", "(String,String[])", "generated"]
+      - ["kotlin", "ReplaceWith", "expression", "()", "generated"]
+      - ["kotlin", "ReplaceWith", "imports", "()", "generated"]
+      - ["kotlin", "RequiresOptIn", "RequiresOptIn", "(String,Level)", "generated"]
+      - ["kotlin", "RequiresOptIn", "level", "()", "generated"]
+      - ["kotlin", "RequiresOptIn", "message", "()", "generated"]
+      - ["kotlin", "RequiresOptIn$Level", "valueOf", "(String)", "generated"]
+      - ["kotlin", "RequiresOptIn$Level", "values", "()", "generated"]
+      - ["kotlin", "Result", "equals", "(Object)", "generated"]
+      - ["kotlin", "Result", "hashCode", "()", "generated"]
+      - ["kotlin", "Result", "isFailure", "()", "generated"]
+      - ["kotlin", "Result", "isSuccess", "()", "generated"]
+      - ["kotlin", "ResultKt", "runCatching", "(Function0)", "generated"]
+      - ["kotlin", "ResultKt", "runCatching", "(Object,Function1)", "generated"]
+      - ["kotlin", "RuntimeException", "RuntimeException", "()", "generated"]
+      - ["kotlin", "RuntimeException", "RuntimeException", "(String)", "generated"]
+      - ["kotlin", "RuntimeException", "RuntimeException", "(String,Throwable)", "generated"]
+      - ["kotlin", "RuntimeException", "RuntimeException", "(Throwable)", "generated"]
+      - ["kotlin", "SinceKotlin", "SinceKotlin", "(String)", "generated"]
+      - ["kotlin", "SinceKotlin", "version", "()", "generated"]
+      - ["kotlin", "StandardKt", "TODO", "()", "generated"]
+      - ["kotlin", "StandardKt", "TODO", "(String)", "generated"]
+      - ["kotlin", "StandardKt", "repeat", "(int,Function1)", "generated"]
+      - ["kotlin", "StandardKt", "run", "(Function0)", "generated"]
+      - ["kotlin", "StandardKt", "synchronized", "(Object,Function0)", "generated"]
+      - ["kotlin", "Suppress", "Suppress", "(String[])", "generated"]
+      - ["kotlin", "Suppress", "names", "()", "generated"]
+      - ["kotlin", "Throws", "Throws", "(KClass[])", "generated"]
+      - ["kotlin", "Throws", "exceptionClasses", "()", "generated"]
+      - ["kotlin", "Triple", "equals", "(Object)", "generated"]
+      - ["kotlin", "Triple", "hashCode", "()", "generated"]
+      - ["kotlin", "TypeCastException", "TypeCastException", "()", "generated"]
+      - ["kotlin", "TypeCastException", "TypeCastException", "(String)", "generated"]
+      - ["kotlin", "UByte", "and", "(byte)", "generated"]
+      - ["kotlin", "UByte", "compareTo", "(byte)", "generated"]
+      - ["kotlin", "UByte", "compareTo", "(int)", "generated"]
+      - ["kotlin", "UByte", "compareTo", "(long)", "generated"]
+      - ["kotlin", "UByte", "compareTo", "(short)", "generated"]
+      - ["kotlin", "UByte", "dec", "()", "generated"]
+      - ["kotlin", "UByte", "div", "(byte)", "generated"]
+      - ["kotlin", "UByte", "div", "(int)", "generated"]
+      - ["kotlin", "UByte", "div", "(long)", "generated"]
+      - ["kotlin", "UByte", "div", "(short)", "generated"]
+      - ["kotlin", "UByte", "equals", "(Object)", "generated"]
+      - ["kotlin", "UByte", "floorDiv", "(byte)", "generated"]
+      - ["kotlin", "UByte", "floorDiv", "(int)", "generated"]
+      - ["kotlin", "UByte", "floorDiv", "(long)", "generated"]
+      - ["kotlin", "UByte", "floorDiv", "(short)", "generated"]
+      - ["kotlin", "UByte", "hashCode", "()", "generated"]
+      - ["kotlin", "UByte", "inc", "()", "generated"]
+      - ["kotlin", "UByte", "inv", "()", "generated"]
+      - ["kotlin", "UByte", "minus", "(byte)", "generated"]
+      - ["kotlin", "UByte", "minus", "(int)", "generated"]
+      - ["kotlin", "UByte", "minus", "(long)", "generated"]
+      - ["kotlin", "UByte", "minus", "(short)", "generated"]
+      - ["kotlin", "UByte", "mod", "(byte)", "generated"]
+      - ["kotlin", "UByte", "mod", "(int)", "generated"]
+      - ["kotlin", "UByte", "mod", "(long)", "generated"]
+      - ["kotlin", "UByte", "mod", "(short)", "generated"]
+      - ["kotlin", "UByte", "or", "(byte)", "generated"]
+      - ["kotlin", "UByte", "plus", "(byte)", "generated"]
+      - ["kotlin", "UByte", "plus", "(int)", "generated"]
+      - ["kotlin", "UByte", "plus", "(long)", "generated"]
+      - ["kotlin", "UByte", "plus", "(short)", "generated"]
+      - ["kotlin", "UByte", "rangeTo", "(byte)", "generated"]
+      - ["kotlin", "UByte", "rem", "(byte)", "generated"]
+      - ["kotlin", "UByte", "rem", "(int)", "generated"]
+      - ["kotlin", "UByte", "rem", "(long)", "generated"]
+      - ["kotlin", "UByte", "rem", "(short)", "generated"]
+      - ["kotlin", "UByte", "times", "(byte)", "generated"]
+      - ["kotlin", "UByte", "times", "(int)", "generated"]
+      - ["kotlin", "UByte", "times", "(long)", "generated"]
+      - ["kotlin", "UByte", "times", "(short)", "generated"]
+      - ["kotlin", "UByte", "toByte", "()", "generated"]
+      - ["kotlin", "UByte", "toDouble", "()", "generated"]
+      - ["kotlin", "UByte", "toFloat", "()", "generated"]
+      - ["kotlin", "UByte", "toInt", "()", "generated"]
+      - ["kotlin", "UByte", "toLong", "()", "generated"]
+      - ["kotlin", "UByte", "toShort", "()", "generated"]
+      - ["kotlin", "UByte", "toString", "()", "generated"]
+      - ["kotlin", "UByte", "toUInt", "()", "generated"]
+      - ["kotlin", "UByte", "toULong", "()", "generated"]
+      - ["kotlin", "UByte", "toUShort", "()", "generated"]
+      - ["kotlin", "UByte", "xor", "(byte)", "generated"]
+      - ["kotlin", "UByte$Companion", "getMAX_VALUE", "()", "generated"]
+      - ["kotlin", "UByte$Companion", "getMIN_VALUE", "()", "generated"]
+      - ["kotlin", "UByte$Companion", "getSIZE_BITS", "()", "generated"]
+      - ["kotlin", "UByte$Companion", "getSIZE_BYTES", "()", "generated"]
+      - ["kotlin", "UByteArray", "UByteArray", "(int)", "generated"]
+      - ["kotlin", "UByteArray", "equals", "(Object)", "generated"]
+      - ["kotlin", "UByteArray", "get", "(int)", "generated"]
+      - ["kotlin", "UByteArray", "hashCode", "()", "generated"]
+      - ["kotlin", "UByteArray", "set", "(int,byte)", "generated"]
+      - ["kotlin", "UByteArray", "toString", "()", "generated"]
+      - ["kotlin", "UByteArrayKt", "UByteArray", "(int,Function1)", "generated"]
+      - ["kotlin", "UByteKt", "toUByte", "(byte)", "generated"]
+      - ["kotlin", "UByteKt", "toUByte", "(int)", "generated"]
+      - ["kotlin", "UByteKt", "toUByte", "(long)", "generated"]
+      - ["kotlin", "UByteKt", "toUByte", "(short)", "generated"]
+      - ["kotlin", "UInt", "and", "(int)", "generated"]
+      - ["kotlin", "UInt", "compareTo", "(byte)", "generated"]
+      - ["kotlin", "UInt", "compareTo", "(int)", "generated"]
+      - ["kotlin", "UInt", "compareTo", "(long)", "generated"]
+      - ["kotlin", "UInt", "compareTo", "(short)", "generated"]
+      - ["kotlin", "UInt", "dec", "()", "generated"]
+      - ["kotlin", "UInt", "div", "(byte)", "generated"]
+      - ["kotlin", "UInt", "div", "(int)", "generated"]
+      - ["kotlin", "UInt", "div", "(long)", "generated"]
+      - ["kotlin", "UInt", "div", "(short)", "generated"]
+      - ["kotlin", "UInt", "equals", "(Object)", "generated"]
+      - ["kotlin", "UInt", "floorDiv", "(byte)", "generated"]
+      - ["kotlin", "UInt", "floorDiv", "(int)", "generated"]
+      - ["kotlin", "UInt", "floorDiv", "(long)", "generated"]
+      - ["kotlin", "UInt", "floorDiv", "(short)", "generated"]
+      - ["kotlin", "UInt", "hashCode", "()", "generated"]
+      - ["kotlin", "UInt", "inc", "()", "generated"]
+      - ["kotlin", "UInt", "inv", "()", "generated"]
+      - ["kotlin", "UInt", "minus", "(byte)", "generated"]
+      - ["kotlin", "UInt", "minus", "(int)", "generated"]
+      - ["kotlin", "UInt", "minus", "(long)", "generated"]
+      - ["kotlin", "UInt", "minus", "(short)", "generated"]
+      - ["kotlin", "UInt", "mod", "(byte)", "generated"]
+      - ["kotlin", "UInt", "mod", "(int)", "generated"]
+      - ["kotlin", "UInt", "mod", "(long)", "generated"]
+      - ["kotlin", "UInt", "mod", "(short)", "generated"]
+      - ["kotlin", "UInt", "or", "(int)", "generated"]
+      - ["kotlin", "UInt", "plus", "(byte)", "generated"]
+      - ["kotlin", "UInt", "plus", "(int)", "generated"]
+      - ["kotlin", "UInt", "plus", "(long)", "generated"]
+      - ["kotlin", "UInt", "plus", "(short)", "generated"]
+      - ["kotlin", "UInt", "rangeTo", "(int)", "generated"]
+      - ["kotlin", "UInt", "rem", "(byte)", "generated"]
+      - ["kotlin", "UInt", "rem", "(int)", "generated"]
+      - ["kotlin", "UInt", "rem", "(long)", "generated"]
+      - ["kotlin", "UInt", "rem", "(short)", "generated"]
+      - ["kotlin", "UInt", "shl", "(int)", "generated"]
+      - ["kotlin", "UInt", "shr", "(int)", "generated"]
+      - ["kotlin", "UInt", "times", "(byte)", "generated"]
+      - ["kotlin", "UInt", "times", "(int)", "generated"]
+      - ["kotlin", "UInt", "times", "(long)", "generated"]
+      - ["kotlin", "UInt", "times", "(short)", "generated"]
+      - ["kotlin", "UInt", "toByte", "()", "generated"]
+      - ["kotlin", "UInt", "toDouble", "()", "generated"]
+      - ["kotlin", "UInt", "toFloat", "()", "generated"]
+      - ["kotlin", "UInt", "toInt", "()", "generated"]
+      - ["kotlin", "UInt", "toLong", "()", "generated"]
+      - ["kotlin", "UInt", "toShort", "()", "generated"]
+      - ["kotlin", "UInt", "toString", "()", "generated"]
+      - ["kotlin", "UInt", "toUByte", "()", "generated"]
+      - ["kotlin", "UInt", "toULong", "()", "generated"]
+      - ["kotlin", "UInt", "toUShort", "()", "generated"]
+      - ["kotlin", "UInt", "xor", "(int)", "generated"]
+      - ["kotlin", "UInt$Companion", "getMAX_VALUE", "()", "generated"]
+      - ["kotlin", "UInt$Companion", "getMIN_VALUE", "()", "generated"]
+      - ["kotlin", "UInt$Companion", "getSIZE_BITS", "()", "generated"]
+      - ["kotlin", "UInt$Companion", "getSIZE_BYTES", "()", "generated"]
+      - ["kotlin", "UIntArray", "UIntArray", "(int)", "generated"]
+      - ["kotlin", "UIntArray", "equals", "(Object)", "generated"]
+      - ["kotlin", "UIntArray", "get", "(int)", "generated"]
+      - ["kotlin", "UIntArray", "hashCode", "()", "generated"]
+      - ["kotlin", "UIntArray", "set", "(int,int)", "generated"]
+      - ["kotlin", "UIntArray", "toString", "()", "generated"]
+      - ["kotlin", "UIntArrayKt", "UIntArray", "(int,Function1)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(byte)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(double)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(float)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(int)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(long)", "generated"]
+      - ["kotlin", "UIntKt", "toUInt", "(short)", "generated"]
+      - ["kotlin", "ULong", "and", "(long)", "generated"]
+      - ["kotlin", "ULong", "compareTo", "(byte)", "generated"]
+      - ["kotlin", "ULong", "compareTo", "(int)", "generated"]
+      - ["kotlin", "ULong", "compareTo", "(long)", "generated"]
+      - ["kotlin", "ULong", "compareTo", "(short)", "generated"]
+      - ["kotlin", "ULong", "dec", "()", "generated"]
+      - ["kotlin", "ULong", "div", "(byte)", "generated"]
+      - ["kotlin", "ULong", "div", "(int)", "generated"]
+      - ["kotlin", "ULong", "div", "(long)", "generated"]
+      - ["kotlin", "ULong", "div", "(short)", "generated"]
+      - ["kotlin", "ULong", "equals", "(Object)", "generated"]
+      - ["kotlin", "ULong", "floorDiv", "(byte)", "generated"]
+      - ["kotlin", "ULong", "floorDiv", "(int)", "generated"]
+      - ["kotlin", "ULong", "floorDiv", "(long)", "generated"]
+      - ["kotlin", "ULong", "floorDiv", "(short)", "generated"]
+      - ["kotlin", "ULong", "hashCode", "()", "generated"]
+      - ["kotlin", "ULong", "inc", "()", "generated"]
+      - ["kotlin", "ULong", "inv", "()", "generated"]
+      - ["kotlin", "ULong", "minus", "(byte)", "generated"]
+      - ["kotlin", "ULong", "minus", "(int)", "generated"]
+      - ["kotlin", "ULong", "minus", "(long)", "generated"]
+      - ["kotlin", "ULong", "minus", "(short)", "generated"]
+      - ["kotlin", "ULong", "mod", "(byte)", "generated"]
+      - ["kotlin", "ULong", "mod", "(int)", "generated"]
+      - ["kotlin", "ULong", "mod", "(long)", "generated"]
+      - ["kotlin", "ULong", "mod", "(short)", "generated"]
+      - ["kotlin", "ULong", "or", "(long)", "generated"]
+      - ["kotlin", "ULong", "plus", "(byte)", "generated"]
+      - ["kotlin", "ULong", "plus", "(int)", "generated"]
+      - ["kotlin", "ULong", "plus", "(long)", "generated"]
+      - ["kotlin", "ULong", "plus", "(short)", "generated"]
+      - ["kotlin", "ULong", "rangeTo", "(long)", "generated"]
+      - ["kotlin", "ULong", "rem", "(byte)", "generated"]
+      - ["kotlin", "ULong", "rem", "(int)", "generated"]
+      - ["kotlin", "ULong", "rem", "(long)", "generated"]
+      - ["kotlin", "ULong", "rem", "(short)", "generated"]
+      - ["kotlin", "ULong", "shl", "(int)", "generated"]
+      - ["kotlin", "ULong", "shr", "(int)", "generated"]
+      - ["kotlin", "ULong", "times", "(byte)", "generated"]
+      - ["kotlin", "ULong", "times", "(int)", "generated"]
+      - ["kotlin", "ULong", "times", "(long)", "generated"]
+      - ["kotlin", "ULong", "times", "(short)", "generated"]
+      - ["kotlin", "ULong", "toByte", "()", "generated"]
+      - ["kotlin", "ULong", "toDouble", "()", "generated"]
+      - ["kotlin", "ULong", "toFloat", "()", "generated"]
+      - ["kotlin", "ULong", "toInt", "()", "generated"]
+      - ["kotlin", "ULong", "toLong", "()", "generated"]
+      - ["kotlin", "ULong", "toShort", "()", "generated"]
+      - ["kotlin", "ULong", "toString", "()", "generated"]
+      - ["kotlin", "ULong", "toUByte", "()", "generated"]
+      - ["kotlin", "ULong", "toUInt", "()", "generated"]
+      - ["kotlin", "ULong", "toUShort", "()", "generated"]
+      - ["kotlin", "ULong", "xor", "(long)", "generated"]
+      - ["kotlin", "ULong$Companion", "getMAX_VALUE", "()", "generated"]
+      - ["kotlin", "ULong$Companion", "getMIN_VALUE", "()", "generated"]
+      - ["kotlin", "ULong$Companion", "getSIZE_BITS", "()", "generated"]
+      - ["kotlin", "ULong$Companion", "getSIZE_BYTES", "()", "generated"]
+      - ["kotlin", "ULongArray", "ULongArray", "(int)", "generated"]
+      - ["kotlin", "ULongArray", "equals", "(Object)", "generated"]
+      - ["kotlin", "ULongArray", "get", "(int)", "generated"]
+      - ["kotlin", "ULongArray", "hashCode", "()", "generated"]
+      - ["kotlin", "ULongArray", "set", "(int,long)", "generated"]
+      - ["kotlin", "ULongArray", "toString", "()", "generated"]
+      - ["kotlin", "ULongArrayKt", "ULongArray", "(int,Function1)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(byte)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(double)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(float)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(int)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(long)", "generated"]
+      - ["kotlin", "ULongKt", "toULong", "(short)", "generated"]
+      - ["kotlin", "UNumbersKt", "countLeadingZeroBits", "(byte)", "generated"]
+      - ["kotlin", "UNumbersKt", "countLeadingZeroBits", "(int)", "generated"]
+      - ["kotlin", "UNumbersKt", "countLeadingZeroBits", "(long)", "generated"]
+      - ["kotlin", "UNumbersKt", "countLeadingZeroBits", "(short)", "generated"]
+      - ["kotlin", "UNumbersKt", "countOneBits", "(byte)", "generated"]
+      - ["kotlin", "UNumbersKt", "countOneBits", "(int)", "generated"]
+      - ["kotlin", "UNumbersKt", "countOneBits", "(long)", "generated"]
+      - ["kotlin", "UNumbersKt", "countOneBits", "(short)", "generated"]
+      - ["kotlin", "UNumbersKt", "countTrailingZeroBits", "(byte)", "generated"]
+      - ["kotlin", "UNumbersKt", "countTrailingZeroBits", "(int)", "generated"]
+      - ["kotlin", "UNumbersKt", "countTrailingZeroBits", "(long)", "generated"]
+      - ["kotlin", "UNumbersKt", "countTrailingZeroBits", "(short)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateLeft", "(byte,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateLeft", "(int,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateLeft", "(long,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateLeft", "(short,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateRight", "(byte,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateRight", "(int,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateRight", "(long,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "rotateRight", "(short,int)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeHighestOneBit", "(byte)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeHighestOneBit", "(int)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeHighestOneBit", "(long)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeHighestOneBit", "(short)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeLowestOneBit", "(byte)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeLowestOneBit", "(int)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeLowestOneBit", "(long)", "generated"]
+      - ["kotlin", "UNumbersKt", "takeLowestOneBit", "(short)", "generated"]
+      - ["kotlin", "UShort", "and", "(short)", "generated"]
+      - ["kotlin", "UShort", "compareTo", "(byte)", "generated"]
+      - ["kotlin", "UShort", "compareTo", "(int)", "generated"]
+      - ["kotlin", "UShort", "compareTo", "(long)", "generated"]
+      - ["kotlin", "UShort", "compareTo", "(short)", "generated"]
+      - ["kotlin", "UShort", "dec", "()", "generated"]
+      - ["kotlin", "UShort", "div", "(byte)", "generated"]
+      - ["kotlin", "UShort", "div", "(int)", "generated"]
+      - ["kotlin", "UShort", "div", "(long)", "generated"]
+      - ["kotlin", "UShort", "div", "(short)", "generated"]
+      - ["kotlin", "UShort", "equals", "(Object)", "generated"]
+      - ["kotlin", "UShort", "floorDiv", "(byte)", "generated"]
+      - ["kotlin", "UShort", "floorDiv", "(int)", "generated"]
+      - ["kotlin", "UShort", "floorDiv", "(long)", "generated"]
+      - ["kotlin", "UShort", "floorDiv", "(short)", "generated"]
+      - ["kotlin", "UShort", "hashCode", "()", "generated"]
+      - ["kotlin", "UShort", "inc", "()", "generated"]
+      - ["kotlin", "UShort", "inv", "()", "generated"]
+      - ["kotlin", "UShort", "minus", "(byte)", "generated"]
+      - ["kotlin", "UShort", "minus", "(int)", "generated"]
+      - ["kotlin", "UShort", "minus", "(long)", "generated"]
+      - ["kotlin", "UShort", "minus", "(short)", "generated"]
+      - ["kotlin", "UShort", "mod", "(byte)", "generated"]
+      - ["kotlin", "UShort", "mod", "(int)", "generated"]
+      - ["kotlin", "UShort", "mod", "(long)", "generated"]
+      - ["kotlin", "UShort", "mod", "(short)", "generated"]
+      - ["kotlin", "UShort", "or", "(short)", "generated"]
+      - ["kotlin", "UShort", "plus", "(byte)", "generated"]
+      - ["kotlin", "UShort", "plus", "(int)", "generated"]
+      - ["kotlin", "UShort", "plus", "(long)", "generated"]
+      - ["kotlin", "UShort", "plus", "(short)", "generated"]
+      - ["kotlin", "UShort", "rangeTo", "(short)", "generated"]
+      - ["kotlin", "UShort", "rem", "(byte)", "generated"]
+      - ["kotlin", "UShort", "rem", "(int)", "generated"]
+      - ["kotlin", "UShort", "rem", "(long)", "generated"]
+      - ["kotlin", "UShort", "rem", "(short)", "generated"]
+      - ["kotlin", "UShort", "times", "(byte)", "generated"]
+      - ["kotlin", "UShort", "times", "(int)", "generated"]
+      - ["kotlin", "UShort", "times", "(long)", "generated"]
+      - ["kotlin", "UShort", "times", "(short)", "generated"]
+      - ["kotlin", "UShort", "toByte", "()", "generated"]
+      - ["kotlin", "UShort", "toDouble", "()", "generated"]
+      - ["kotlin", "UShort", "toFloat", "()", "generated"]
+      - ["kotlin", "UShort", "toInt", "()", "generated"]
+      - ["kotlin", "UShort", "toLong", "()", "generated"]
+      - ["kotlin", "UShort", "toShort", "()", "generated"]
+      - ["kotlin", "UShort", "toString", "()", "generated"]
+      - ["kotlin", "UShort", "toUByte", "()", "generated"]
+      - ["kotlin", "UShort", "toUInt", "()", "generated"]
+      - ["kotlin", "UShort", "toULong", "()", "generated"]
+      - ["kotlin", "UShort", "xor", "(short)", "generated"]
+      - ["kotlin", "UShort$Companion", "getMAX_VALUE", "()", "generated"]
+      - ["kotlin", "UShort$Companion", "getMIN_VALUE", "()", "generated"]
+      - ["kotlin", "UShort$Companion", "getSIZE_BITS", "()", "generated"]
+      - ["kotlin", "UShort$Companion", "getSIZE_BYTES", "()", "generated"]
+      - ["kotlin", "UShortArray", "UShortArray", "(int)", "generated"]
+      - ["kotlin", "UShortArray", "equals", "(Object)", "generated"]
+      - ["kotlin", "UShortArray", "get", "(int)", "generated"]
+      - ["kotlin", "UShortArray", "hashCode", "()", "generated"]
+      - ["kotlin", "UShortArray", "set", "(int,short)", "generated"]
+      - ["kotlin", "UShortArray", "toString", "()", "generated"]
+      - ["kotlin", "UShortArrayKt", "UShortArray", "(int,Function1)", "generated"]
+      - ["kotlin", "UShortKt", "toUShort", "(byte)", "generated"]
+      - ["kotlin", "UShortKt", "toUShort", "(int)", "generated"]
+      - ["kotlin", "UShortKt", "toUShort", "(long)", "generated"]
+      - ["kotlin", "UShortKt", "toUShort", "(short)", "generated"]
+      - ["kotlin", "UninitializedPropertyAccessException", "UninitializedPropertyAccessException", "()", "generated"]
+      - ["kotlin", "UninitializedPropertyAccessException", "UninitializedPropertyAccessException", "(String)", "generated"]
+      - ["kotlin", "UninitializedPropertyAccessException", "UninitializedPropertyAccessException", "(String,Throwable)", "generated"]
+      - ["kotlin", "UninitializedPropertyAccessException", "UninitializedPropertyAccessException", "(Throwable)", "generated"]
+      - ["kotlin", "Unit", "toString", "()", "generated"]
+      - ["kotlin", "UnsafeVariance", "UnsafeVariance", "()", "generated"]
+      - ["kotlin", "UnsupportedOperationException", "UnsupportedOperationException", "()", "generated"]
+      - ["kotlin", "UnsupportedOperationException", "UnsupportedOperationException", "(String)", "generated"]
+      - ["kotlin", "UnsupportedOperationException", "UnsupportedOperationException", "(String,Throwable)", "generated"]
+      - ["kotlin", "UnsupportedOperationException", "UnsupportedOperationException", "(Throwable)", "generated"]
+      - ["kotlin", "UseExperimental", "UseExperimental", "(KClass[])", "generated"]
+      - ["kotlin", "UseExperimental", "markerClass", "()", "generated"]
diff --git a/java/ql/lib/ext/generated/org.apache.commons.io.model.yml b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml
new file mode 100644
index 00000000000..c2b6697d812
--- /dev/null
+++ b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml
@@ -0,0 +1,1432 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Definitions of models for the org.apache.commons.io framework.
+
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.io.file", "PathFilter", true, "accept", "(Path,BasicFileAttributes)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "newOutputStream", "(Path,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filter", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterList", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterSet", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Tailable", true, "getRandomAccess", "(String)", "", "Argument[-1]", "create-file", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset,boolean,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String,boolean,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyDirectoryToDirectory", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(Iterable,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveDirectory", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveDirectoryToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File,CopyOption[])", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "moveToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "newOutputStream", "(File,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "touch", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[])", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,boolean)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[1]", "create-file", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,Charset)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,String)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "open-url", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(File)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(Path)", "", "Argument[0]", "create-file", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(String)", "", "Argument[0]", "create-file", "generated"]
+
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.io.charset", "CharsetDecoders", true, "toCharsetDecoder", "(CharsetDecoder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.charset", "CharsetEncoders", true, "toCharsetEncoder", "(CharsetEncoder)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.comparator", "CompositeFileComparator", true, "CompositeFileComparator", "(Comparator[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.comparator", "CompositeFileComparator", true, "CompositeFileComparator", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.comparator", "CompositeFileComparator", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file.spi", "FileSystemProviders", true, "getFileSystemProvider", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file.spi", "FileSystemProviders", true, "getFileSystemProvider", "(URI)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file.spi", "FileSystemProviders", true, "getFileSystemProvider", "(URL)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "AccumulatorPathVisitor", "(PathCounters)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "AccumulatorPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "AccumulatorPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "AccumulatorPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "getDirList", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "getFileList", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "withBigIntegerCounters", "(PathFilter,PathFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "withBigIntegerCounters", "(PathFilter,PathFilter)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "withLongCounters", "(PathFilter,PathFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", true, "withLongCounters", "(PathFilter,PathFilter)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", true, "CleaningPathVisitor", "(PathCounters,DeleteOption[],String[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", true, "CleaningPathVisitor", "(PathCounters,DeleteOption[],String[])", "", "Argument[2].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", true, "CleaningPathVisitor", "(PathCounters,String[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", true, "CleaningPathVisitor", "(PathCounters,String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,Path,Path,CopyOption[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,Path,Path,CopyOption[])", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,Path,Path,CopyOption[])", "", "Argument[2].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,Path,Path,CopyOption[])", "", "Argument[3].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[3].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[4].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "CopyDirectoryVisitor", "(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[])", "", "Argument[5].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "getCopyOptions", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "getSourceDirectory", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CopyDirectoryVisitor", true, "getTargetDirectory", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", true, "getByteCounter", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", true, "getDirectoryCounter", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", true, "getFileCounter", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", true, "CountingPathVisitor", "(PathCounters)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", true, "CountingPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", true, "CountingPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", true, "CountingPathVisitor", "(PathCounters,PathFilter,PathFilter)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", true, "getPathCounters", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,DeleteOption[],String[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,DeleteOption[],String[])", "", "Argument[2].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,LinkOption[],DeleteOption[],String[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,LinkOption[],DeleteOption[],String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,LinkOption[],DeleteOption[],String[])", "", "Argument[3].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,String[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", true, "DeletingPathVisitor", "(PathCounters,String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DirectoryStreamFilter", true, "DirectoryStreamFilter", "(PathFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.file", "DirectoryStreamFilter", true, "getPathFilter", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1].Element", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "setReadOnly", "(Path,boolean,LinkOption[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "visitFileTree", "(FileVisitor,Path)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "visitFileTree", "(FileVisitor,Path,Set,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "visitFileTree", "(FileVisitor,String,String[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "visitFileTree", "(FileVisitor,URI)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", true, "AgeFileFilter", "(Instant)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", true, "AgeFileFilter", "(Instant,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "AndFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "AndFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "AndFileFilter", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "AndFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "addFileFilter", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", true, "addFileFilter", "(IOFileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", true, "getFileFilters", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", true, "setFileFilters", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "DelegateFileFilter", true, "DelegateFileFilter", "(FileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "DelegateFileFilter", true, "DelegateFileFilter", "(FilenameFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "DelegateFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileEqualsFileFilter", true, "FileEqualsFileFilter", "(File)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "and", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "andFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "andFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "asFileFilter", "(FileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "asFileFilter", "(FilenameFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "magicNumberFileFilter", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "magicNumberFileFilter", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "magicNumberFileFilter", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "magicNumberFileFilter", "(byte[],long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "makeCVSAware", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "makeDirectoryOnly", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "makeFileOnly", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "makeSVNAware", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "nameFileFilter", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "nameFileFilter", "(String,IOCase)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "notFileFilter", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "or", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "orFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "orFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "prefixFileFilter", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "prefixFileFilter", "(String,IOCase)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "suffixFileFilter", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "suffixFileFilter", "(String,IOCase)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "toList", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", true, "and", "(IOFileFilter)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", true, "and", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", true, "negate", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", true, "or", "(IOFileFilter)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", true, "or", "(IOFileFilter)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "MagicNumberFileFilter", true, "MagicNumberFileFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "MagicNumberFileFilter", true, "MagicNumberFileFilter", "(String,long)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "MagicNumberFileFilter", true, "MagicNumberFileFilter", "(byte[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "MagicNumberFileFilter", true, "MagicNumberFileFilter", "(byte[],long)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "MagicNumberFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(List,IOCase)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(String,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "NameFileFilter", "(String[],IOCase)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NameFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NotFileFilter", true, "NotFileFilter", "(IOFileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "NotFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "OrFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "OrFileFilter", "(IOFileFilter,IOFileFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "OrFileFilter", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "OrFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "addFileFilter", "(IOFileFilter[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PathEqualsFileFilter", true, "PathEqualsFileFilter", "(Path)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PathVisitorFileFilter", true, "PathVisitorFileFilter", "(PathVisitor)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(List,IOCase)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(String,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "PrefixFileFilter", "(String[],IOCase)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "PrefixFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", true, "RegexFileFilter", "(Pattern)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", true, "RegexFileFilter", "(Pattern,Function)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", true, "RegexFileFilter", "(Pattern,Function)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(List,IOCase)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(String,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "SuffixFileFilter", "(String[],IOCase)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "SuffixFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(List,IOCase)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(String,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "WildcardFileFilter", "(String[],IOCase)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFileFilter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFilter", true, "WildcardFilter", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFilter", true, "WildcardFilter", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.filefilter", "WildcardFilter", true, "WildcardFilter", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularBufferInputStream", true, "CircularBufferInputStream", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularBufferInputStream", true, "CircularBufferInputStream", "(InputStream,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input.buffer", "PeekableInputStream", true, "PeekableInputStream", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input.buffer", "PeekableInputStream", true, "PeekableInputStream", "(InputStream,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", true, "BOMInputStream", "(InputStream,ByteOrderMark[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", true, "BOMInputStream", "(InputStream,boolean,ByteOrderMark[])", "", "Argument[2].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", true, "getBOM", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", true, "getBOMCharsetName", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BoundedInputStream", true, "BoundedInputStream", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BoundedInputStream", true, "BoundedInputStream", "(InputStream,long)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BoundedReader", true, "BoundedReader", "(Reader,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BrokenInputStream", true, "BrokenInputStream", "(Supplier)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "BrokenReader", true, "BrokenReader", "(Supplier)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceReader", true, "CharSequenceReader", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceReader", true, "CharSequenceReader", "(CharSequence,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceReader", true, "CharSequenceReader", "(CharSequence,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceReader", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CharacterFilterReader", true, "CharacterFilterReader", "(Reader,IntPredicate)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CircularInputStream", true, "CircularInputStream", "(byte[],long)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ClassLoaderObjectInputStream", true, "ClassLoaderObjectInputStream", "(ClassLoader,InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ClassLoaderObjectInputStream", true, "ClassLoaderObjectInputStream", "(ClassLoader,InputStream)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "CloseShieldInputStream", true, "wrap", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "InfiniteCircularInputStream", true, "InfiniteCircularInputStream", "(byte[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "MessageDigestCalculatingInputStream$MessageDigestMaintainingObserver", true, "MessageDigestMaintainingObserver", "(MessageDigest)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "MessageDigestCalculatingInputStream", true, "MessageDigestCalculatingInputStream", "(InputStream,MessageDigest)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "MessageDigestCalculatingInputStream", true, "getMessageDigest", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", true, "ObservableInputStream", "(InputStream,Observer[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", true, "add", "(Observer)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", true, "getObservers", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "RandomAccessFileInputStream", true, "RandomAccessFileInputStream", "(RandomAccessFile)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "RandomAccessFileInputStream", true, "RandomAccessFileInputStream", "(RandomAccessFile,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "RandomAccessFileInputStream", true, "getRandomAccessFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReadAheadInputStream", true, "ReadAheadInputStream", "(InputStream,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReadAheadInputStream", true, "ReadAheadInputStream", "(InputStream,int,ExecutorService)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReadAheadInputStream", true, "ReadAheadInputStream", "(InputStream,int,ExecutorService)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,Charset)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,Charset,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,CharsetEncoder)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,CharsetEncoder)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,CharsetEncoder,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,CharsetEncoder,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReaderInputStream", true, "ReaderInputStream", "(Reader,String,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", true, "readLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", true, "readLines", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", true, "toString", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "SequenceReader", true, "SequenceReader", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "SequenceReader", true, "SequenceReader", "(Reader[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(File,TailerListener)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(File,TailerListener)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(Path,TailerListener)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(Path,TailerListener)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(Tailable,TailerListener)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "Builder", "(Tailable,TailerListener)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "build", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withBufferSize", "(int)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withCharset", "(Charset)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withDelayDuration", "(Duration)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withDelayDuration", "(Duration)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withReOpen", "(boolean)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withStartThread", "(boolean)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Builder", true, "withTailFromEnd", "(boolean)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,Charset,TailerListener,long,boolean,boolean,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,Charset,TailerListener,long,boolean,boolean,int)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,boolean,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,boolean,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "Tailer", "(File,TailerListener,long,boolean,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,Charset,TailerListener,long,boolean,boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,Charset,TailerListener,long,boolean,boolean,int)", "", "Argument[2]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,boolean)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,boolean,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "create", "(File,TailerListener,long,boolean,int)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "getDelayDuration", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "getFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", true, "getTailable", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TeeInputStream", true, "TeeInputStream", "(InputStream,OutputStream)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TeeInputStream", true, "TeeInputStream", "(InputStream,OutputStream,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TeeReader", true, "TeeReader", "(Reader,Writer)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TeeReader", true, "TeeReader", "(Reader,Writer,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", true, "getCloseInstant", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", true, "getOpenInstant", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedBufferedReader", true, "UncheckedBufferedReader", "(Reader)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedBufferedReader", true, "UncheckedBufferedReader", "(Reader,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedBufferedReader", true, "on", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedFilterInputStream", true, "on", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UnixLineEndingInputStream", true, "UnixLineEndingInputStream", "(InputStream,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UnsynchronizedByteArrayInputStream", true, "UnsynchronizedByteArrayInputStream", "(byte[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UnsynchronizedByteArrayInputStream", true, "UnsynchronizedByteArrayInputStream", "(byte[],int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "UnsynchronizedByteArrayInputStream", true, "UnsynchronizedByteArrayInputStream", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "WindowsLineEndingInputStream", true, "WindowsLineEndingInputStream", "(InputStream,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String,boolean,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String,boolean,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,String,boolean,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,boolean,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(InputStream,boolean,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URLConnection,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "getDefaultEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", true, "getEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String,String,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String,String,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String,String,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String,String,String)", "", "Argument[4]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "XmlStreamReaderException", "(String,String,String,String,String,String)", "", "Argument[5]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "getBomEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "getContentTypeEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "getContentTypeMime", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "getXmlEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReaderException", true, "getXmlGuessEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", false, "FileAlterationMonitor", "(long,Collection)", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", false, "FileAlterationMonitor", "(long,FileAlterationObserver[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", false, "addObserver", "(FileAlterationObserver)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", false, "getObservers", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", false, "setThreadFactory", "(ThreadFactory)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(File)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(File,FileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(File,FileFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(File,FileFilter,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(File,FileFilter,IOCase)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(String,FileFilter)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(String,FileFilter)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(String,FileFilter,IOCase)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "FileAlterationObserver", "(String,FileFilter,IOCase)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "addListener", "(FileAlterationListener)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "getDirectory", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "getFileFilter", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "getListeners", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "FileEntry", "(File)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "FileEntry", "(FileEntry,File)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "FileEntry", "(FileEntry,File)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "getChildren", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "getFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "getLastModifiedFileTime", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "getParent", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "newChildInstance", "(File)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "newChildInstance", "(File)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "setChildren", "(FileEntry[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "setLastModified", "(FileTime)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", true, "setName", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "toByteArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "toString", "(Charset)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "toString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "write", "(InputStream)", "", "Argument[-1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "write", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[-1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AppendableOutputStream", true, "AppendableOutputStream", "(Appendable)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AppendableOutputStream", true, "getAppendable", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AppendableWriter", true, "AppendableWriter", "(Appendable)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "AppendableWriter", true, "getAppendable", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "BrokenOutputStream", true, "BrokenOutputStream", "(Supplier)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "BrokenWriter", true, "BrokenWriter", "(Supplier)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ChunkedOutputStream", true, "ChunkedOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ChunkedOutputStream", true, "ChunkedOutputStream", "(OutputStream,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "CloseShieldOutputStream", true, "CloseShieldOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "CloseShieldOutputStream", true, "wrap", "(OutputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "CountingOutputStream", true, "CountingOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,File)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,String,String,File)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,String,String,File)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,String,String,File)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,int,File)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,int,String,String,File)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,int,String,String,File)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "DeferredFileOutputStream", "(int,int,String,String,File)", "", "Argument[4]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "getData", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "getFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[-1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset,boolean,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String,boolean,String)", "", "Argument[3]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean,String)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ProxyCollectionWriter", true, "ProxyCollectionWriter", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ProxyCollectionWriter", true, "ProxyCollectionWriter", "(Writer[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ProxyOutputStream", true, "ProxyOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "StringBuilderWriter", true, "StringBuilderWriter", "(StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "StringBuilderWriter", true, "getBuilder", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "StringBuilderWriter", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "TaggedOutputStream", true, "TaggedOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "TeeOutputStream", true, "TeeOutputStream", "(OutputStream,OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "TeeOutputStream", true, "TeeOutputStream", "(OutputStream,OutputStream)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "TeeWriter", true, "TeeWriter", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "TeeWriter", true, "TeeWriter", "(Writer[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", true, "ThresholdingOutputStream", "(int,IOConsumer,IOFunction)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", true, "ThresholdingOutputStream", "(int,IOConsumer,IOFunction)", "", "Argument[2]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "UncheckedAppendable", true, "on", "(Appendable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "UncheckedFilterOutputStream", true, "UncheckedFilterOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "UncheckedFilterOutputStream", true, "on", "(OutputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,Charset)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,Charset,int,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,CharsetDecoder)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,CharsetDecoder)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,CharsetDecoder,int,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,CharsetDecoder,int,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "WriterOutputStream", true, "WriterOutputStream", "(Writer,String,int,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(OutputStream,String)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(OutputStream,String)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "getDefaultEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", true, "getEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "ValidatingObjectInputStream", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "accept", "(ClassNameMatcher)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "accept", "(ClassNameMatcher)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "accept", "(Class[])", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "accept", "(Pattern)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "accept", "(String[])", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "reject", "(ClassNameMatcher)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "reject", "(ClassNameMatcher)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "reject", "(Class[])", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "reject", "(Pattern)", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io.serialization", "ValidatingObjectInputStream", true, "reject", "(String[])", "", "Argument[-1]", "ReturnValue", "value", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", true, "ByteOrderMark", "(String,int[])", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", true, "getCharsetName", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(InputStream,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(InputStream,Writer,String)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(String,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(byte[],OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(byte[],Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", true, "copy", "(byte[],Writer,String)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "DirectoryWalker$CancelException", true, "CancelException", "(File,int)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "DirectoryWalker$CancelException", true, "CancelException", "(String,File,int)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "DirectoryWalker$CancelException", true, "getFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", true, "getDeleteFailures", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileDeleteStrategy", true, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileSystem", false, "normalizeSeparators", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileSystem", false, "toLegalFileName", "(String,char)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "checksum", "(File,Checksum)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "convertFileCollectionToFileArray", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "delete", "(File)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "getFile", "(File,String[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "getFile", "(File,String[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "getFile", "(String[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FileUtils", true, "toURLs", "(File[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "concat", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "concat", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getBaseName", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getExtension", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getFullPath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getFullPathNoEndSeparator", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getName", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getPath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getPathNoEndSeparator", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "getPrefix", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "normalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "normalize", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "normalizeNoEndSeparator", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "normalizeNoEndSeparator", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "removeExtension", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "separatorsToSystem", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "separatorsToUnix", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", true, "separatorsToWindows", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", true, "IOExceptionList", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", true, "IOExceptionList", "(String,List)", "", "Argument[1].Element", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", true, "getCause", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", true, "getCauseList", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", true, "getCauseList", "(Class)", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(InputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(OutputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(OutputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(Reader,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(Writer)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "buffer", "(Writer,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(InputStream,OutputStream,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(InputStream,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(InputStream,Writer,Charset)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(InputStream,Writer,String)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Appendable,CharBuffer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Appendable,CharBuffer)", "", "Argument[0]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Appendable,CharBuffer)", "", "Argument[2]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Appendable,CharBuffer)", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copy", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,byte[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,byte[])", "", "Argument[0]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,byte[])", "", "Argument[2]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,byte[])", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,long,long)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,long,long,byte[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,long,long,byte[])", "", "Argument[0]", "Argument[4]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,long,long,byte[])", "", "Argument[4]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(InputStream,OutputStream,long,long,byte[])", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,char[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,char[])", "", "Argument[0]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,char[])", "", "Argument[2]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,char[])", "", "Argument[2]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,long,long)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,long,long,char[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,long,long,char[])", "", "Argument[0]", "Argument[4]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,long,long,char[])", "", "Argument[4]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "copyLarge", "(Reader,Writer,long,long,char[])", "", "Argument[4]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "lineIterator", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "lineIterator", "(InputStream,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "lineIterator", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(InputStream,byte[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(InputStream,byte[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(InputStream,byte[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(InputStream,byte[],int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(ReadableByteChannel,ByteBuffer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(Reader,char[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(Reader,char[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(Reader,char[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "read", "(Reader,char[],int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(InputStream,byte[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(InputStream,byte[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(InputStream,byte[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(InputStream,byte[],int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(InputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(ReadableByteChannel,ByteBuffer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(Reader,char[])", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(Reader,char[])", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(Reader,char[],int,int)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readFully", "(Reader,char[],int,int)", "", "Argument[1]", "Argument[0]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readLines", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readLines", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readLines", "(InputStream,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "readLines", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toBufferedReader", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toBufferedReader", "(Reader,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(InputStream,int)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(InputStream,long)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toCharArray", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toCharArray", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toCharArray", "(InputStream,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toCharArray", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(CharSequence,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(String,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toInputStream", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(InputStream,Charset)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(InputStream,String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "toString", "(byte[],String)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(CharSequence,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(String,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(StringBuffer,Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(byte[],OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(byte[],Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(byte[],Writer,Charset)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(byte[],Writer,String)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "write", "(char[],Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeChunked", "(byte[],OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeChunked", "(char[],Writer)", "", "Argument[0]", "Argument[1]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeLines", "(Collection,String,OutputStream)", "", "Argument[1]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeLines", "(Collection,String,OutputStream,Charset)", "", "Argument[1]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeLines", "(Collection,String,OutputStream,String)", "", "Argument[1]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writeLines", "(Collection,String,Writer)", "", "Argument[1]", "Argument[2]", "taint", "generated"]
+      - ["org.apache.commons.io", "IOUtils", true, "writer", "(Appendable)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "LineIterator", true, "LineIterator", "(Reader)", "", "Argument[0]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "LineIterator", true, "nextLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "TaggedIOException", true, "TaggedIOException", "(IOException,Serializable)", "", "Argument[1]", "Argument[-1]", "taint", "generated"]
+      - ["org.apache.commons.io", "TaggedIOException", true, "getTag", "()", "", "Argument[-1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", true, "apply", "(IOFunction,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", true, "apply", "(IOTriFunction,Object,Object,Object)", "", "Argument[1]", "ReturnValue", "taint", "generated"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["org.apache.commons.io.charset", "CharsetDecoders", "CharsetDecoders", "()", "generated"]
+      - ["org.apache.commons.io.charset", "CharsetEncoders", "CharsetEncoders", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "DefaultFileComparator", "DefaultFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "DirectoryFileComparator", "DirectoryFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "ExtensionFileComparator", "ExtensionFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "ExtensionFileComparator", "ExtensionFileComparator", "(IOCase)", "generated"]
+      - ["org.apache.commons.io.comparator", "ExtensionFileComparator", "toString", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "LastModifiedFileComparator", "LastModifiedFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "NameFileComparator", "NameFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "NameFileComparator", "NameFileComparator", "(IOCase)", "generated"]
+      - ["org.apache.commons.io.comparator", "NameFileComparator", "toString", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "PathFileComparator", "PathFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "PathFileComparator", "PathFileComparator", "(IOCase)", "generated"]
+      - ["org.apache.commons.io.comparator", "PathFileComparator", "toString", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "SizeFileComparator", "SizeFileComparator", "()", "generated"]
+      - ["org.apache.commons.io.comparator", "SizeFileComparator", "SizeFileComparator", "(boolean)", "generated"]
+      - ["org.apache.commons.io.comparator", "SizeFileComparator", "toString", "()", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "minusMillis", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "minusNanos", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "minusSeconds", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "now", "()", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "ntfsTimeToDate", "(long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "ntfsTimeToFileTime", "(long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "plusMillis", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "plusNanos", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "plusSeconds", "(FileTime,long)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "setLastModifiedTime", "(Path)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "toDate", "(FileTime)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "toFileTime", "(Date)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "toNtfsTime", "(Date)", "generated"]
+      - ["org.apache.commons.io.file.attribute", "FileTimes", "toNtfsTime", "(FileTime)", "generated"]
+      - ["org.apache.commons.io.file.spi", "FileSystemProviders", "getFileSystemProvider", "(Path)", "generated"]
+      - ["org.apache.commons.io.file.spi", "FileSystemProviders", "installed", "()", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", "AccumulatorPathVisitor", "()", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", "relativizeDirectories", "(Path,boolean,Comparator)", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", "relativizeFiles", "(Path,boolean,Comparator)", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", "withBigIntegerCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "AccumulatorPathVisitor", "withLongCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", "withBigIntegerCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "CleaningPathVisitor", "withLongCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "add", "(long)", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "get", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "getBigInteger", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "getLong", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "increment", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$Counter", "reset", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", "getByteCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", "getDirectoryCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", "getFileCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters$PathCounters", "reset", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "Counters", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "bigIntegerCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "bigIntegerPathCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "longCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "longPathCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "noopCounter", "()", "generated"]
+      - ["org.apache.commons.io.file", "Counters", "noopPathCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", "toString", "()", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", "withBigIntegerCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "CountingPathVisitor", "withLongCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", "withBigIntegerCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "DeletingPathVisitor", "withLongCounters", "()", "generated"]
+      - ["org.apache.commons.io.file", "NoopPathVisitor", "NoopPathVisitor", "()", "generated"]
+      - ["org.apache.commons.io.file", "PathFilter", "accept", "(Path,BasicFileAttributes)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "cleanDirectory", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "cleanDirectory", "(Path,DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "copyDirectory", "(Path,Path,CopyOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "copyFileToDirectory", "(Path,Path,CopyOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "countDirectory", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "countDirectoryAsBigInteger", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "createParentDirectories", "(Path,FileAttribute[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "createParentDirectories", "(Path,LinkOption,FileAttribute[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "current", "()", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "delete", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "delete", "(Path,DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "delete", "(Path,LinkOption[],DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteDirectory", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteDirectory", "(Path,DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteDirectory", "(Path,LinkOption[],DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteFile", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteFile", "(Path,DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "deleteFile", "(Path,LinkOption[],DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "directoryAndFileContentEquals", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "directoryAndFileContentEquals", "(Path,Path,LinkOption[],OpenOption[],FileVisitOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "directoryContentEquals", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "directoryContentEquals", "(Path,Path,int,LinkOption[],FileVisitOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "fileContentEquals", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "fileContentEquals", "(Path,Path,LinkOption[],OpenOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "filter", "(PathFilter,Path[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "getAclEntryList", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "getAclFileAttributeView", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "getDosFileAttributeView", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "getPosixFileAttributeView", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "getTempDirectory", "()", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isDirectory", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isEmpty", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isEmptyDirectory", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isEmptyFile", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isNewer", "(Path,ChronoZonedDateTime,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isNewer", "(Path,FileTime,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isNewer", "(Path,Instant,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isNewer", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isNewer", "(Path,long,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isOlder", "(Path,FileTime,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isOlder", "(Path,Instant,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isOlder", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isOlder", "(Path,long,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isPosix", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "isRegularFile", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "newDirectoryStream", "(Path,PathFilter)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "newOutputStream", "(Path,boolean)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "noFollowLinkOptionArray", "()", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readAttributes", "(Path,Class,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readBasicFileAttributes", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readBasicFileAttributes", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readBasicFileAttributesUnchecked", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readDosFileAttributes", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readOsFileAttributes", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readPosixFileAttributes", "(Path,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "readString", "(Path,Charset)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "setLastModifiedTime", "(Path,Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "sizeOf", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "sizeOfAsBigInteger", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "sizeOfDirectory", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "sizeOfDirectoryAsBigInteger", "(Path)", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "waitFor", "(Path,Duration,LinkOption[])", "generated"]
+      - ["org.apache.commons.io.file", "PathUtils", "walk", "(Path,PathFilter,int,boolean,FileVisitOption[])", "generated"]
+      - ["org.apache.commons.io.file", "StandardDeleteOption", "overrideReadOnly", "(DeleteOption[])", "generated"]
+      - ["org.apache.commons.io.filefilter", "AbstractFileFilter", "AbstractFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "AbstractFileFilter", "toString", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(Date)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(Date,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(File)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(File,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(long)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AgeFileFilter", "AgeFileFilter", "(long,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "AndFileFilter", "AndFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", "addFileFilter", "(IOFileFilter)", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", "getFileFilters", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", "removeFileFilter", "(IOFileFilter)", "generated"]
+      - ["org.apache.commons.io.filefilter", "ConditionalFileFilter", "setFileFilters", "(List)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FalseFileFilter", "toString", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "FileFilterUtils", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(Date)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(Date,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(File)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(File,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(long)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "ageFileFilter", "(long,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "directoryFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "falseFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "fileFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filter", "(IOFileFilter,File[])", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filter", "(IOFileFilter,Iterable)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filterList", "(IOFileFilter,File[])", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filterList", "(IOFileFilter,Iterable)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filterSet", "(IOFileFilter,File[])", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "filterSet", "(IOFileFilter,Iterable)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "sizeFileFilter", "(long)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "sizeFileFilter", "(long,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "sizeRangeFileFilter", "(long,long)", "generated"]
+      - ["org.apache.commons.io.filefilter", "FileFilterUtils", "trueFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", "and", "(IOFileFilter)", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", "negate", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "IOFileFilter", "or", "(IOFileFilter)", "generated"]
+      - ["org.apache.commons.io.filefilter", "OrFileFilter", "OrFileFilter", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", "RegexFileFilter", "(String)", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", "RegexFileFilter", "(String,IOCase)", "generated"]
+      - ["org.apache.commons.io.filefilter", "RegexFileFilter", "RegexFileFilter", "(String,int)", "generated"]
+      - ["org.apache.commons.io.filefilter", "SizeFileFilter", "SizeFileFilter", "(long)", "generated"]
+      - ["org.apache.commons.io.filefilter", "SizeFileFilter", "SizeFileFilter", "(long,boolean)", "generated"]
+      - ["org.apache.commons.io.filefilter", "SizeFileFilter", "toString", "()", "generated"]
+      - ["org.apache.commons.io.filefilter", "SymbolicLinkFileFilter", "SymbolicLinkFileFilter", "(FileVisitResult,FileVisitResult)", "generated"]
+      - ["org.apache.commons.io.filefilter", "TrueFileFilter", "toString", "()", "generated"]
+      - ["org.apache.commons.io.function", "IOBiConsumer", "accept", "(Object,Object)", "generated"]
+      - ["org.apache.commons.io.function", "IOBiConsumer", "andThen", "(IOBiConsumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOBiFunction", "andThen", "(Function)", "generated"]
+      - ["org.apache.commons.io.function", "IOBiFunction", "andThen", "(IOFunction)", "generated"]
+      - ["org.apache.commons.io.function", "IOBiFunction", "apply", "(Object,Object)", "generated"]
+      - ["org.apache.commons.io.function", "IOConsumer", "accept", "(Object)", "generated"]
+      - ["org.apache.commons.io.function", "IOConsumer", "andThen", "(IOConsumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOConsumer", "forEach", "(Object[],IOConsumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOConsumer", "forEachIndexed", "(Stream,IOConsumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOConsumer", "noop", "()", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "andThen", "(Consumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "andThen", "(Function)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "andThen", "(IOConsumer)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "andThen", "(IOFunction)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "apply", "(Object)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "compose", "(Function)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "compose", "(IOFunction)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "compose", "(IOSupplier)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "compose", "(Supplier)", "generated"]
+      - ["org.apache.commons.io.function", "IOFunction", "identity", "()", "generated"]
+      - ["org.apache.commons.io.function", "IORunnable", "run", "()", "generated"]
+      - ["org.apache.commons.io.function", "IOSupplier", "get", "()", "generated"]
+      - ["org.apache.commons.io.function", "IOTriFunction", "andThen", "(Function)", "generated"]
+      - ["org.apache.commons.io.function", "IOTriFunction", "andThen", "(IOFunction)", "generated"]
+      - ["org.apache.commons.io.function", "IOTriFunction", "apply", "(Object,Object,Object)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "CircularByteBuffer", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "CircularByteBuffer", "(int)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "add", "(byte)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "add", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "clear", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "getCurrentNumberOfBytes", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "getSpace", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "hasBytes", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "hasSpace", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "hasSpace", "(int)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "peek", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "read", "()", "generated"]
+      - ["org.apache.commons.io.input.buffer", "CircularByteBuffer", "read", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io.input.buffer", "PeekableInputStream", "peek", "(byte[])", "generated"]
+      - ["org.apache.commons.io.input.buffer", "PeekableInputStream", "peek", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io.input", "AutoCloseInputStream", "AutoCloseInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", "BOMInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", "BOMInputStream", "(InputStream,boolean)", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", "hasBOM", "()", "generated"]
+      - ["org.apache.commons.io.input", "BOMInputStream", "hasBOM", "(ByteOrderMark)", "generated"]
+      - ["org.apache.commons.io.input", "BoundedInputStream", "isPropagateClose", "()", "generated"]
+      - ["org.apache.commons.io.input", "BoundedInputStream", "setPropagateClose", "(boolean)", "generated"]
+      - ["org.apache.commons.io.input", "BoundedInputStream", "toString", "()", "generated"]
+      - ["org.apache.commons.io.input", "BrokenInputStream", "BrokenInputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "BrokenInputStream", "BrokenInputStream", "(IOException)", "generated"]
+      - ["org.apache.commons.io.input", "BrokenReader", "BrokenReader", "()", "generated"]
+      - ["org.apache.commons.io.input", "BrokenReader", "BrokenReader", "(IOException)", "generated"]
+      - ["org.apache.commons.io.input", "BufferedFileChannelInputStream", "BufferedFileChannelInputStream", "(File)", "generated"]
+      - ["org.apache.commons.io.input", "BufferedFileChannelInputStream", "BufferedFileChannelInputStream", "(File,int)", "generated"]
+      - ["org.apache.commons.io.input", "BufferedFileChannelInputStream", "BufferedFileChannelInputStream", "(Path)", "generated"]
+      - ["org.apache.commons.io.input", "BufferedFileChannelInputStream", "BufferedFileChannelInputStream", "(Path,int)", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceInputStream", "CharSequenceInputStream", "(CharSequence,Charset)", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceInputStream", "CharSequenceInputStream", "(CharSequence,Charset,int)", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceInputStream", "CharSequenceInputStream", "(CharSequence,String)", "generated"]
+      - ["org.apache.commons.io.input", "CharSequenceInputStream", "CharSequenceInputStream", "(CharSequence,String,int)", "generated"]
+      - ["org.apache.commons.io.input", "CharacterFilterReader", "CharacterFilterReader", "(Reader,int)", "generated"]
+      - ["org.apache.commons.io.input", "CharacterSetFilterReader", "CharacterSetFilterReader", "(Reader,Integer[])", "generated"]
+      - ["org.apache.commons.io.input", "CharacterSetFilterReader", "CharacterSetFilterReader", "(Reader,Set)", "generated"]
+      - ["org.apache.commons.io.input", "CloseShieldInputStream", "CloseShieldInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "CloseShieldReader", "CloseShieldReader", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "CloseShieldReader", "wrap", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "ClosedInputStream", "ClosedInputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "ClosedReader", "ClosedReader", "()", "generated"]
+      - ["org.apache.commons.io.input", "CountingInputStream", "CountingInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "CountingInputStream", "getByteCount", "()", "generated"]
+      - ["org.apache.commons.io.input", "CountingInputStream", "getCount", "()", "generated"]
+      - ["org.apache.commons.io.input", "CountingInputStream", "resetByteCount", "()", "generated"]
+      - ["org.apache.commons.io.input", "CountingInputStream", "resetCount", "()", "generated"]
+      - ["org.apache.commons.io.input", "DemuxInputStream", "DemuxInputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "DemuxInputStream", "bindStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "MarkShieldInputStream", "MarkShieldInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "MemoryMappedFileInputStream", "MemoryMappedFileInputStream", "(Path)", "generated"]
+      - ["org.apache.commons.io.input", "MemoryMappedFileInputStream", "MemoryMappedFileInputStream", "(Path,int)", "generated"]
+      - ["org.apache.commons.io.input", "MessageDigestCalculatingInputStream", "MessageDigestCalculatingInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "MessageDigestCalculatingInputStream", "MessageDigestCalculatingInputStream", "(InputStream,String)", "generated"]
+      - ["org.apache.commons.io.input", "NullInputStream", "NullInputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "NullInputStream", "NullInputStream", "(long)", "generated"]
+      - ["org.apache.commons.io.input", "NullInputStream", "NullInputStream", "(long,boolean,boolean)", "generated"]
+      - ["org.apache.commons.io.input", "NullInputStream", "getPosition", "()", "generated"]
+      - ["org.apache.commons.io.input", "NullInputStream", "getSize", "()", "generated"]
+      - ["org.apache.commons.io.input", "NullReader", "NullReader", "()", "generated"]
+      - ["org.apache.commons.io.input", "NullReader", "NullReader", "(long)", "generated"]
+      - ["org.apache.commons.io.input", "NullReader", "NullReader", "(long,boolean,boolean)", "generated"]
+      - ["org.apache.commons.io.input", "NullReader", "getPosition", "()", "generated"]
+      - ["org.apache.commons.io.input", "NullReader", "getSize", "()", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "Observer", "()", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "closed", "()", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "data", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "data", "(int)", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "error", "(IOException)", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream$Observer", "finished", "()", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", "ObservableInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", "consume", "()", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", "remove", "(Observer)", "generated"]
+      - ["org.apache.commons.io.input", "ObservableInputStream", "removeAllObservers", "()", "generated"]
+      - ["org.apache.commons.io.input", "ProxyInputStream", "ProxyInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "ProxyReader", "ProxyReader", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "QueueInputStream", "QueueInputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "QueueInputStream", "QueueInputStream", "(BlockingQueue)", "generated"]
+      - ["org.apache.commons.io.input", "QueueInputStream", "newQueueOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.input", "RandomAccessFileInputStream", "availableLong", "()", "generated"]
+      - ["org.apache.commons.io.input", "RandomAccessFileInputStream", "isCloseOnClose", "()", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(File)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(File,Charset)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(File,int,Charset)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(File,int,String)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(Path,Charset)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(Path,int,Charset)", "generated"]
+      - ["org.apache.commons.io.input", "ReversedLinesFileReader", "ReversedLinesFileReader", "(Path,int,String)", "generated"]
+      - ["org.apache.commons.io.input", "SwappedDataInputStream", "SwappedDataInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedInputStream", "TaggedInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedInputStream", "isCauseOf", "(Throwable)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedInputStream", "throwIfCauseOf", "(Throwable)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedReader", "TaggedReader", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedReader", "isCauseOf", "(Throwable)", "generated"]
+      - ["org.apache.commons.io.input", "TaggedReader", "throwIfCauseOf", "(Throwable)", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$RandomAccessResourceBridge", "getPointer", "()", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$RandomAccessResourceBridge", "read", "(byte[])", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$RandomAccessResourceBridge", "seek", "(long)", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Tailable", "getRandomAccess", "(String)", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Tailable", "isNewer", "(FileTime)", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Tailable", "lastModifiedFileTime", "()", "generated"]
+      - ["org.apache.commons.io.input", "Tailer$Tailable", "size", "()", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", "getDelay", "()", "generated"]
+      - ["org.apache.commons.io.input", "Tailer", "stop", "()", "generated"]
+      - ["org.apache.commons.io.input", "TailerListener", "fileNotFound", "()", "generated"]
+      - ["org.apache.commons.io.input", "TailerListener", "fileRotated", "()", "generated"]
+      - ["org.apache.commons.io.input", "TailerListener", "handle", "(Exception)", "generated"]
+      - ["org.apache.commons.io.input", "TailerListener", "handle", "(String)", "generated"]
+      - ["org.apache.commons.io.input", "TailerListener", "init", "(Tailer)", "generated"]
+      - ["org.apache.commons.io.input", "TailerListenerAdapter", "TailerListenerAdapter", "()", "generated"]
+      - ["org.apache.commons.io.input", "TailerListenerAdapter", "endOfFileReached", "()", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", "TimestampedObserver", "()", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", "getOpenToCloseDuration", "()", "generated"]
+      - ["org.apache.commons.io.input", "TimestampedObserver", "getOpenToNowDuration", "()", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedFilterInputStream", "UncheckedFilterInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedFilterReader", "UncheckedFilterReader", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "UncheckedFilterReader", "on", "(Reader)", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", "XmlStreamReader", "(File)", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", "XmlStreamReader", "(Path)", "generated"]
+      - ["org.apache.commons.io.input", "XmlStreamReader", "XmlStreamReader", "(URL)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onDirectoryChange", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onDirectoryCreate", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onDirectoryDelete", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onFileChange", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onFileCreate", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onFileDelete", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onStart", "(FileAlterationObserver)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListener", "onStop", "(FileAlterationObserver)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationListenerAdaptor", "FileAlterationListenerAdaptor", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "FileAlterationMonitor", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "FileAlterationMonitor", "(long)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "getInterval", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "removeObserver", "(FileAlterationObserver)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "start", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "stop", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationMonitor", "stop", "(long)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", "checkAndNotify", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", "destroy", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", "initialize", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileAlterationObserver", "removeListener", "(FileAlterationListener)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "getLastModified", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "getLength", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "getLevel", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "isDirectory", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "isExists", "()", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "refresh", "(File)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "setDirectory", "(boolean)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "setExists", "(boolean)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "setLastModified", "(long)", "generated"]
+      - ["org.apache.commons.io.monitor", "FileEntry", "setLength", "(long)", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "AbstractByteArrayOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "reset", "()", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "size", "()", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "toByteArray", "()", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "toInputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "write", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.output", "AbstractByteArrayOutputStream", "writeTo", "(OutputStream)", "generated"]
+      - ["org.apache.commons.io.output", "BrokenOutputStream", "BrokenOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "BrokenOutputStream", "BrokenOutputStream", "(IOException)", "generated"]
+      - ["org.apache.commons.io.output", "BrokenWriter", "BrokenWriter", "()", "generated"]
+      - ["org.apache.commons.io.output", "BrokenWriter", "BrokenWriter", "(IOException)", "generated"]
+      - ["org.apache.commons.io.output", "ByteArrayOutputStream", "ByteArrayOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "ByteArrayOutputStream", "ByteArrayOutputStream", "(int)", "generated"]
+      - ["org.apache.commons.io.output", "ByteArrayOutputStream", "toBufferedInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.output", "ByteArrayOutputStream", "toBufferedInputStream", "(InputStream,int)", "generated"]
+      - ["org.apache.commons.io.output", "ChunkedWriter", "ChunkedWriter", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "ChunkedWriter", "ChunkedWriter", "(Writer,int)", "generated"]
+      - ["org.apache.commons.io.output", "CloseShieldWriter", "CloseShieldWriter", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "CloseShieldWriter", "wrap", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "ClosedOutputStream", "ClosedOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "ClosedWriter", "ClosedWriter", "()", "generated"]
+      - ["org.apache.commons.io.output", "CountingOutputStream", "getByteCount", "()", "generated"]
+      - ["org.apache.commons.io.output", "CountingOutputStream", "getCount", "()", "generated"]
+      - ["org.apache.commons.io.output", "CountingOutputStream", "resetByteCount", "()", "generated"]
+      - ["org.apache.commons.io.output", "CountingOutputStream", "resetCount", "()", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", "isInMemory", "()", "generated"]
+      - ["org.apache.commons.io.output", "DeferredFileOutputStream", "toInputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "DemuxOutputStream", "DemuxOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "DemuxOutputStream", "bindStream", "(OutputStream)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,Charset)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,Charset,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,CharsetEncoder)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,CharsetEncoder,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,String)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(File,String,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,Charset)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,Charset,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,CharsetEncoder)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,CharsetEncoder,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,String)", "generated"]
+      - ["org.apache.commons.io.output", "FileWriterWithEncoding", "FileWriterWithEncoding", "(String,String,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(File)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(File,Charset)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(File,String)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(File,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(String)", "generated"]
+      - ["org.apache.commons.io.output", "LockableFileWriter", "LockableFileWriter", "(String,boolean)", "generated"]
+      - ["org.apache.commons.io.output", "NullOutputStream", "NullOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "NullPrintStream", "NullPrintStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "NullWriter", "NullWriter", "()", "generated"]
+      - ["org.apache.commons.io.output", "ProxyWriter", "ProxyWriter", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "QueueOutputStream", "QueueOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "QueueOutputStream", "QueueOutputStream", "(BlockingQueue)", "generated"]
+      - ["org.apache.commons.io.output", "QueueOutputStream", "newQueueInputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "StringBuilderWriter", "StringBuilderWriter", "()", "generated"]
+      - ["org.apache.commons.io.output", "StringBuilderWriter", "StringBuilderWriter", "(int)", "generated"]
+      - ["org.apache.commons.io.output", "TaggedOutputStream", "isCauseOf", "(Exception)", "generated"]
+      - ["org.apache.commons.io.output", "TaggedOutputStream", "throwIfCauseOf", "(Exception)", "generated"]
+      - ["org.apache.commons.io.output", "TaggedWriter", "TaggedWriter", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "TaggedWriter", "isCauseOf", "(Exception)", "generated"]
+      - ["org.apache.commons.io.output", "TaggedWriter", "throwIfCauseOf", "(Exception)", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", "ThresholdingOutputStream", "(int)", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", "getByteCount", "()", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", "getThreshold", "()", "generated"]
+      - ["org.apache.commons.io.output", "ThresholdingOutputStream", "isThresholdExceeded", "()", "generated"]
+      - ["org.apache.commons.io.output", "UncheckedFilterWriter", "on", "(Writer)", "generated"]
+      - ["org.apache.commons.io.output", "UnsynchronizedByteArrayOutputStream", "UnsynchronizedByteArrayOutputStream", "()", "generated"]
+      - ["org.apache.commons.io.output", "UnsynchronizedByteArrayOutputStream", "UnsynchronizedByteArrayOutputStream", "(int)", "generated"]
+      - ["org.apache.commons.io.output", "UnsynchronizedByteArrayOutputStream", "toBufferedInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io.output", "UnsynchronizedByteArrayOutputStream", "toBufferedInputStream", "(InputStream,int)", "generated"]
+      - ["org.apache.commons.io.output", "XmlStreamWriter", "XmlStreamWriter", "(File)", "generated"]
+      - ["org.apache.commons.io.serialization", "ClassNameMatcher", "matches", "(String)", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", "get", "(int)", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", "getBytes", "()", "generated"]
+      - ["org.apache.commons.io", "ByteOrderMark", "length", "()", "generated"]
+      - ["org.apache.commons.io", "ByteOrderParser", "parseByteOrder", "(String)", "generated"]
+      - ["org.apache.commons.io", "Charsets", "Charsets", "()", "generated"]
+      - ["org.apache.commons.io", "Charsets", "requiredCharsets", "()", "generated"]
+      - ["org.apache.commons.io", "Charsets", "toCharset", "(Charset)", "generated"]
+      - ["org.apache.commons.io", "Charsets", "toCharset", "(String)", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", "CopyUtils", "()", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", "copy", "(Reader,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", "copy", "(Reader,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", "copy", "(String,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "CopyUtils", "copy", "(String,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "DirectoryWalker$CancelException", "getDepth", "()", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "EndianUtils", "()", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedDouble", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedDouble", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedFloat", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedFloat", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedInteger", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedInteger", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedLong", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedLong", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedShort", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedShort", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedUnsignedInteger", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedUnsignedInteger", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedUnsignedShort", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "readSwappedUnsignedShort", "(byte[],int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "swapDouble", "(double)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "swapFloat", "(float)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "swapInteger", "(int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "swapLong", "(long)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "swapShort", "(short)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedDouble", "(OutputStream,double)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedDouble", "(byte[],int,double)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedFloat", "(OutputStream,float)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedFloat", "(byte[],int,float)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedInteger", "(OutputStream,int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedInteger", "(byte[],int,int)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedLong", "(OutputStream,long)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedLong", "(byte[],int,long)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedShort", "(OutputStream,short)", "generated"]
+      - ["org.apache.commons.io", "EndianUtils", "writeSwappedShort", "(byte[],int,short)", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "FileCleaner", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "exitWhenFinished", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "getInstance", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "getTrackCount", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "track", "(File,Object)", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "track", "(File,Object,FileDeleteStrategy)", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "track", "(String,Object)", "generated"]
+      - ["org.apache.commons.io", "FileCleaner", "track", "(String,Object,FileDeleteStrategy)", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "FileCleaningTracker", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "exitWhenFinished", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "getTrackCount", "()", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "track", "(File,Object)", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "track", "(File,Object,FileDeleteStrategy)", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "track", "(String,Object)", "generated"]
+      - ["org.apache.commons.io", "FileCleaningTracker", "track", "(String,Object,FileDeleteStrategy)", "generated"]
+      - ["org.apache.commons.io", "FileDeleteStrategy", "delete", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileDeleteStrategy", "deleteQuietly", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileExistsException", "FileExistsException", "()", "generated"]
+      - ["org.apache.commons.io", "FileExistsException", "FileExistsException", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileExistsException", "FileExistsException", "(String)", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getCurrent", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getIllegalFileNameChars", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getMaxFileNameLength", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getMaxPathLength", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getNameSeparator", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "getReservedFileNames", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "isCasePreserving", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "isCaseSensitive", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "isLegalFileName", "(CharSequence)", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "isReservedFileName", "(CharSequence)", "generated"]
+      - ["org.apache.commons.io", "FileSystem", "supportsDriveLetter", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "FileSystemUtils", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "freeSpace", "(String)", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "freeSpaceKb", "()", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "freeSpaceKb", "(String)", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "freeSpaceKb", "(String,long)", "generated"]
+      - ["org.apache.commons.io", "FileSystemUtils", "freeSpaceKb", "(long)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "FileUtils", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "byteCountToDisplaySize", "(BigInteger)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "byteCountToDisplaySize", "(Number)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "byteCountToDisplaySize", "(long)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "checksumCRC32", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "cleanDirectory", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "contentEquals", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "contentEqualsIgnoreEOL", "(File,File,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectory", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectory", "(File,File,FileFilter)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectory", "(File,File,FileFilter,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectory", "(File,File,FileFilter,boolean,CopyOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectory", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyDirectoryToDirectory", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFile", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFile", "(File,File,CopyOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFile", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFile", "(File,File,boolean,CopyOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFile", "(File,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFileToDirectory", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyFileToDirectory", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyInputStreamToFile", "(InputStream,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyToDirectory", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyToDirectory", "(Iterable,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyToFile", "(InputStream,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyURLToFile", "(URL,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "copyURLToFile", "(URL,File,int,int)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "createParentDirectories", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "current", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "deleteDirectory", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "deleteQuietly", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "directoryContains", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "forceDelete", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "forceDeleteOnExit", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "forceMkdir", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "forceMkdirParent", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "getTempDirectory", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "getTempDirectoryPath", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "getUserDirectory", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "getUserDirectoryPath", "()", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isDirectory", "(File,LinkOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isEmptyDirectory", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,ChronoLocalDate)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,ChronoLocalDate,LocalTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,ChronoLocalDateTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,ChronoLocalDateTime,ZoneId)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,ChronoZonedDateTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,Date)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,FileTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,Instant)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileNewer", "(File,long)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,ChronoLocalDate)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,ChronoLocalDate,LocalTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,ChronoLocalDateTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,ChronoLocalDateTime,ZoneId)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,ChronoZonedDateTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,Date)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,FileTime)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,Instant)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isFileOlder", "(File,long)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isRegularFile", "(File,LinkOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "isSymlink", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "iterateFiles", "(File,IOFileFilter,IOFileFilter)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "iterateFiles", "(File,String[],boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "iterateFilesAndDirs", "(File,IOFileFilter,IOFileFilter)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "lastModified", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "lastModifiedFileTime", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "lastModifiedUnchecked", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "lineIterator", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "lineIterator", "(File,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "listFiles", "(File,IOFileFilter,IOFileFilter)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "listFiles", "(File,String[],boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "listFilesAndDirs", "(File,IOFileFilter,IOFileFilter)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveDirectory", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveDirectoryToDirectory", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveFile", "(File,File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveFile", "(File,File,CopyOption[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveFileToDirectory", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "moveToDirectory", "(File,File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "newOutputStream", "(File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "openInputStream", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "openOutputStream", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "openOutputStream", "(File,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readFileToByteArray", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readFileToString", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readFileToString", "(File,Charset)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readFileToString", "(File,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readLines", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readLines", "(File,Charset)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "readLines", "(File,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "sizeOf", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "sizeOfAsBigInteger", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "sizeOfDirectory", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "sizeOfDirectoryAsBigInteger", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "streamFiles", "(File,boolean,String[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "toFile", "(URL)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "toFiles", "(URL[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "touch", "(File)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "waitFor", "(File,int)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence,Charset)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence,Charset,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence,String,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "write", "(File,CharSequence,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeByteArrayToFile", "(File,byte[])", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeByteArrayToFile", "(File,byte[],boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeByteArrayToFile", "(File,byte[],int,int)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeByteArrayToFile", "(File,byte[],int,int,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,Collection)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,Collection,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,Collection,String,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,Collection,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,String,Collection)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,String,Collection,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,String,Collection,String,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeLines", "(File,String,Collection,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String,Charset)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String,Charset,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String,String)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String,String,boolean)", "generated"]
+      - ["org.apache.commons.io", "FileUtils", "writeStringToFile", "(File,String,boolean)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "FilenameUtils", "()", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "directoryContains", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "equals", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "equals", "(String,String,boolean,IOCase)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "equalsNormalized", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "equalsNormalizedOnSystem", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "equalsOnSystem", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "getPrefixLength", "(String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "indexOfExtension", "(String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "indexOfLastSeparator", "(String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "isExtension", "(String,Collection)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "isExtension", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "isExtension", "(String,String[])", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "wildcardMatch", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "wildcardMatch", "(String,String,IOCase)", "generated"]
+      - ["org.apache.commons.io", "FilenameUtils", "wildcardMatchOnSystem", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "HexDump", "HexDump", "()", "generated"]
+      - ["org.apache.commons.io", "HexDump", "dump", "(byte[],long,OutputStream,int)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkCompareTo", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkEndsWith", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkEquals", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkIndexOf", "(String,int,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkRegionMatches", "(String,int,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "checkStartsWith", "(String,String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "forName", "(String)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "getName", "()", "generated"]
+      - ["org.apache.commons.io", "IOCase", "isCaseSensitive", "()", "generated"]
+      - ["org.apache.commons.io", "IOCase", "isCaseSensitive", "(IOCase)", "generated"]
+      - ["org.apache.commons.io", "IOCase", "toString", "()", "generated"]
+      - ["org.apache.commons.io", "IOCase", "value", "(IOCase,IOCase)", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", "checkEmpty", "(List,Object)", "generated"]
+      - ["org.apache.commons.io", "IOExceptionList", "getCause", "(int,Class)", "generated"]
+      - ["org.apache.commons.io", "IOExceptionWithCause", "IOExceptionWithCause", "(String,Throwable)", "generated"]
+      - ["org.apache.commons.io", "IOExceptionWithCause", "IOExceptionWithCause", "(Throwable)", "generated"]
+      - ["org.apache.commons.io", "IOIndexedException", "IOIndexedException", "(int,Throwable)", "generated"]
+      - ["org.apache.commons.io", "IOIndexedException", "getIndex", "()", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "IOUtils", "()", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "byteArray", "()", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "byteArray", "(int)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "close", "(Closeable)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "close", "(Closeable,IOConsumer)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "close", "(Closeable[])", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "close", "(URLConnection)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Closeable)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Closeable,Consumer)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Closeable[])", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Reader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Selector)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(ServerSocket)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Socket)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "closeQuietly", "(Writer)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "consume", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "contentEquals", "(InputStream,InputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "contentEquals", "(Reader,Reader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "contentEqualsIgnoreEOL", "(Reader,Reader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(ByteArrayOutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(Reader,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(Reader,OutputStream,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(Reader,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(URL,File)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "copy", "(URL,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "length", "(CharSequence)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "length", "(Object[])", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "length", "(byte[])", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "length", "(char[])", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToByteArray", "(String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToByteArray", "(String,ClassLoader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToString", "(String,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToString", "(String,Charset,ClassLoader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToURL", "(String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "resourceToURL", "(String,ClassLoader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skip", "(InputStream,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skip", "(ReadableByteChannel,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skip", "(Reader,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skipFully", "(InputStream,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skipFully", "(ReadableByteChannel,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "skipFully", "(Reader,long)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toBufferedInputStream", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toBufferedInputStream", "(InputStream,int)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(InputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(Reader)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(Reader,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(Reader,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(URI)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(URL)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toByteArray", "(URLConnection)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URI)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URI,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URI,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URL)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URL,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "toString", "(URL,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(CharSequence,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(CharSequence,OutputStream,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(CharSequence,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(String,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(String,OutputStream,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(String,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(StringBuffer,OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(StringBuffer,OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(char[],OutputStream)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(char[],OutputStream,Charset)", "generated"]
+      - ["org.apache.commons.io", "IOUtils", "write", "(char[],OutputStream,String)", "generated"]
+      - ["org.apache.commons.io", "LineIterator", "closeQuietly", "(LineIterator)", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", "create", "(File)", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", "create", "(Path)", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", "create", "(String)", "generated"]
+      - ["org.apache.commons.io", "RandomAccessFileMode", "toString", "()", "generated"]
+      - ["org.apache.commons.io", "StandardLineSeparator", "getBytes", "(Charset)", "generated"]
+      - ["org.apache.commons.io", "StandardLineSeparator", "getString", "()", "generated"]
+      - ["org.apache.commons.io", "TaggedIOException", "isTaggedWith", "(Throwable,Object)", "generated"]
+      - ["org.apache.commons.io", "TaggedIOException", "throwCauseIfTaggedWith", "(Throwable,Object)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", "UncheckedIO", "()", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", "accept", "(IOConsumer,Object)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", "apply", "(IOBiFunction,Object,Object)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", "get", "(IOSupplier)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIO", "run", "(IORunnable)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIOExceptions", "UncheckedIOExceptions", "()", "generated"]
+      - ["org.apache.commons.io", "UncheckedIOExceptions", "create", "(Object)", "generated"]
+      - ["org.apache.commons.io", "UncheckedIOExceptions", "wrap", "(IOException,Object)", "generated"]
+
+        
\ No newline at end of file
diff --git a/java/ql/lib/ext/groovy.lang.model.yml b/java/ql/lib/ext/groovy.lang.model.yml
new file mode 100644
index 00000000000..1c775bdd2e5
--- /dev/null
+++ b/java/ql/lib/ext/groovy.lang.model.yml
@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource,boolean)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(InputStream,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(Reader,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(GroovyCodeSource)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "evaluate", "(URI)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "parse", "(Reader)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "parse", "(Reader,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "parse", "(String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "parse", "(String,String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "parse", "(URI)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,List)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,String[])", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,List)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,String[])", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(String,String,List)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(String,String,String[])", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(URI,List)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.lang", "GroovyShell", False, "run", "(URI,String[])", "", "Argument[0]", "groovy", "manual"]
diff --git a/java/ql/lib/ext/groovy.util.model.yml b/java/ql/lib/ext/groovy.util.model.yml
new file mode 100644
index 00000000000..61d1dbb6a05
--- /dev/null
+++ b/java/ql/lib/ext/groovy.util.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["groovy.util", "Eval", False, "me", "(String)", "", "Argument[0]", "groovy", "manual"]
+      - ["groovy.util", "Eval", False, "me", "(String,Object,String)", "", "Argument[2]", "groovy", "manual"]
+      - ["groovy.util", "Eval", False, "x", "(Object,String)", "", "Argument[1]", "groovy", "manual"]
+      - ["groovy.util", "Eval", False, "xy", "(Object,Object,String)", "", "Argument[2]", "groovy", "manual"]
+      - ["groovy.util", "Eval", False, "xyz", "(Object,Object,Object,String)", "", "Argument[3]", "groovy", "manual"]
diff --git a/java/ql/lib/ext/jakarta.faces.context.model.yml b/java/ql/lib/ext/jakarta.faces.context.model.yml
new file mode 100644
index 00000000000..84a0fd22710
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.faces.context.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestCookieMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestHeaderMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestHeaderValuesMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestParameterMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestParameterNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestParameterValuesMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.faces.context", "ExternalContext", True, "getRequestPathInfo", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["jakarta.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "xss", "manual"]
+      - ["jakarta.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "xss", "manual"]
diff --git a/java/ql/lib/ext/jakarta.json.model.yml b/java/ql/lib/ext/jakarta.json.model.yml
new file mode 100644
index 00000000000..3d4d35ca4f0
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.json.model.yml
@@ -0,0 +1,127 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["jakarta.json", "Json", False, "createArrayBuilder", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createArrayBuilder", "(JsonArray)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createDiff", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createMergeDiff", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createMergePatch", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createObjectBuilder", "(JsonObject)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createObjectBuilder", "(Map)", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createObjectBuilder", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createPatch", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createPatchBuilder", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createPointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "createWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "decodePointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "Json", False, "encodePointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getJsonNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getJsonString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArray", False, "getValuesAs", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(BigDecimal)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(BigInteger)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(JsonArrayBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(JsonObjectBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(JsonValue)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(double)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,BigDecimal)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,BigInteger)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,JsonArrayBuilder)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,JsonObjectBuilder)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,JsonValue)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,String)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,double)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(int,long)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "add", "(long)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "addAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "addAll", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "addNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "set", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "set", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonArrayBuilder", False, "setNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonMergePatch", False, "apply", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonMergePatch", False, "apply", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonMergePatch", False, "toJsonValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "bigDecimalValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "bigIntegerValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "bigIntegerValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "doubleValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "intValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "intValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "longValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "longValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonNumber", False, "numberValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getJsonNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getJsonString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObject", False, "getString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "add", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "addAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "addAll", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "addNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonObjectBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatch", False, "apply", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatch", False, "apply", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatch", False, "toJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "add", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "copy", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "copy", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "move", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "move", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "remove", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "replace", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "test", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.json", "JsonPatchBuilder", False, "test", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "add", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "add", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "getValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "remove", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "replace", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonPointer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonReader", False, "read", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonReader", False, "readArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonReader", False, "readObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonReader", False, "readValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonReaderFactory", False, "createReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonString", False, "getChars", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonString", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonStructure", True, "getValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonValue", True, "asJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonValue", True, "asJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonValue", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.json", "JsonWriter", False, "write", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonWriter", False, "writeArray", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonWriter", False, "writeObject", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.json", "JsonWriterFactory", False, "createWriter", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/jakarta.json.stream.model.yml b/java/ql/lib/ext/jakarta.json.stream.model.yml
new file mode 100644
index 00000000000..cc6386121d5
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.json.stream.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["jakarta.json.stream", "JsonParserFactory", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/jakarta.ws.rs.client.model.yml b/java/ql/lib/ext/jakarta.ws.rs.client.model.yml
new file mode 100644
index 00000000000..821ea0ad640
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.ws.rs.client.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["jakarta.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/jakarta.ws.rs.container.model.yml b/java/ql/lib/ext/jakarta.ws.rs.container.model.yml
new file mode 100644
index 00000000000..05ccfd62000
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.ws.rs.container.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getAcceptableLanguages", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getAcceptableMediaTypes", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getEntityStream", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getHeaderString", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getLanguage", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getMediaType", "", "", "ReturnValue", "remote", "manual"]
+      - ["jakarta.ws.rs.container", "ContainerRequestContext", True, "getUriInfo", "", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/jakarta.ws.rs.core.model.yml b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml
new file mode 100644
index 00000000000..593128bd953
--- /dev/null
+++ b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml
@@ -0,0 +1,167 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["jakarta.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirect", "manual"]
+      - ["jakarta.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirect", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["jakarta.ws.rs.core", "AbstractMultivaluedMap", False, "AbstractMultivaluedMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "AbstractMultivaluedMap", False, "AbstractMultivaluedMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", False, "Cookie", "", "", "Argument[0..4]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "getDomain", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "getName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "getValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "getVersion", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Cookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Form", False, "Form", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Form", False, "Form", "", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Form", False, "Form", "", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Form", True, "asMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Form", True, "param", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Form", True, "param", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "GenericEntity", False, "GenericEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "GenericEntity", True, "getEntity", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      # Methods that Date have to be syntax-checked, but those returning MediaType
+      # or Locale are assumed potentially dangerous, as these types do not generally check that the
+      # input data is recognised, only that it conforms to the expected syntax.
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getAcceptableLanguages", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getAcceptableMediaTypes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getCookies", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getHeaderString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getLanguage", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getMediaType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getRequestHeader", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "HttpHeaders", True, "getRequestHeaders", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", False, "MediaType", "", "", "Argument[0..2]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", True, "getParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", True, "getSubtype", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", True, "getType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MediaType", True, "withCharset", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(MultivaluedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(MultivaluedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "add", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "add", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "addAll", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "addAll", "(Object,List)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "addAll", "(Object,Object[])", "", "Argument[1].ArrayElement", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "addFirst", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "addFirst", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "getFirst", "", "", "Argument[-1].MapValue.Element", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "putSingle", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["jakarta.ws.rs.core", "MultivaluedMap", True, "putSingle", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", False, "NewCookie", "", "", "Argument[0..9]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", True, "getComment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", True, "getExpiry", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", True, "getMaxAge", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", True, "toCookie", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "NewCookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "PathSegment", True, "getMatrixParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "PathSegment", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      # The returned ResponseBuilder gains taint from a tainted entity or existing Response
+      - ["jakarta.ws.rs.core", "Response", False, "accepted", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Response", False, "fromResponse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Response", False, "ok", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      # Becomes tainted by a tainted entity, but not by metadata, headers etc
+      # Build() method returns taint
+      # Almost all methods are fluent, and so preserve value
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "allow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "cacheControl", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "contentLocation", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "cookie", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "encoding", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "entity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "entity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "expires", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "header", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "language", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "lastModified", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "link", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "links", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "location", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "status", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "tag", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "type", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "variant", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "variants", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "build", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromEncoded", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromEncoded", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "fragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "fragment", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", False, "fromLink", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", False, "fromPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", False, "fromUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "host", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "host", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "path", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "path", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceMatrix", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceMatrix", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replacePath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replacePath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplate", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplate", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplateFromEncoded", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplateFromEncoded", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "scheme", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "scheme", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "schemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "schemeSpecificPart", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "segment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "segment", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "toTemplate", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "uri", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "uri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "userInfo", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jakarta.ws.rs.core", "UriBuilder", True, "userInfo", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getAbsolutePathBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getPathParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getPathSegments", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getQueryParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getRequestUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "getRequestUriBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "relativize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "resolve", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["jakarta.ws.rs.core", "UriInfo", True, "resolve", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.beans.model.yml b/java/ql/lib/ext/java.beans.model.yml
new file mode 100644
index 00000000000..0d24c372fb0
--- /dev/null
+++ b/java/ql/lib/ext/java.beans.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.beans", "XMLDecoder", False, "XMLDecoder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml
new file mode 100644
index 00000000000..87d6c6311e7
--- /dev/null
+++ b/java/ql/lib/ext/java.io.model.yml
@@ -0,0 +1,86 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(File,Charset)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(File,String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(String,Charset)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", False, "PrintStream", "(String,String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintStream", True, "append", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "format", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "print", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "printf", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "println", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "write", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintStream", True, "writeBytes", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(File)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(File,Charset)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(File,String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(String,Charset)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "PrintWriter", "(String,String)", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "PrintWriter", False, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "format", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "print", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "printf", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"]
+      - ["java.io", "PrintWriter", False, "println", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "RandomAccessFile", False, "RandomAccessFile", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.io", "RandomAccessFile", False, "write", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "RandomAccessFile", False, "writeBytes", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "RandomAccessFile", False, "writeChars", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "RandomAccessFile", False, "writeUTF", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "Writer", True, "append", "", "", "Argument[0]", "write-file", "manual"]
+      - ["java.io", "Writer", True, "write", "", "", "Argument[0]", "write-file", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.io", "BufferedInputStream", False, "BufferedInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "BufferedReader", False, "BufferedReader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "BufferedReader", True, "readLine", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "ByteArrayInputStream", False, "ByteArrayInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "ByteArrayOutputStream", False, "toByteArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "ByteArrayOutputStream", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "ByteArrayOutputStream", False, "writeTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "CharArrayReader", False, "CharArrayReader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "CharArrayWriter", True, "toCharArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "DataInput", True, "readFully", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "DataInput", True, "readLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "DataInput", True, "readUTF", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "DataInputStream", False, "DataInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "File", False, "File", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "File", False, "File", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "File", True, "getAbsoluteFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "getAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "getCanonicalFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "getCanonicalPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "toPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "toURI", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "FilterOutputStream", True, "FilterOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "InputStream", True, "read", "(byte[])", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "InputStream", True, "read", "(byte[],int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "InputStream", True, "readAllBytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "InputStream", True, "readNBytes", "(byte[],int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "InputStream", True, "readNBytes", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "InputStream", True, "transferTo", "(OutputStream)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "InputStreamReader", False, "InputStreamReader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "ObjectInput", True, "read", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "ObjectInputStream", False, "ObjectInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "OutputStream", True, "write", "(byte[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "OutputStream", True, "write", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "OutputStream", True, "write", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "Reader", True, "read", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["java.io", "Reader", True, "read", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "StringReader", False, "StringReader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.io", "Writer", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "Writer", True, "write", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
new file mode 100644
index 00000000000..5ec7a1bba7a
--- /dev/null
+++ b/java/ql/lib/ext/java.lang.model.yml
@@ -0,0 +1,88 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.lang", "String", False, "matches", "(String)", "", "Argument[0]", "regex-use[f-1]", "manual"]
+      - ["java.lang", "String", False, "replaceAll", "(String,String)", "", "Argument[0]", "regex-use[-1]", "manual"]
+      - ["java.lang", "String", False, "replaceFirst", "(String,String)", "", "Argument[0]", "regex-use[-1]", "manual"]
+      - ["java.lang", "String", False, "split", "(String)", "", "Argument[0]", "regex-use[-1]", "manual"]
+      - ["java.lang", "String", False, "split", "(String,int)", "", "Argument[0]", "regex-use[-1]", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Object[])", "", "Argument[2..3]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier,Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.lang", "System$Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.lang", "AbstractStringBuilder", True, "AbstractStringBuilder", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "getChars", "", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "insert", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "insert", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "replace", "", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "reverse", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "substring", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "AbstractStringBuilder", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "Appendable", True, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "Appendable", True, "append", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "CharSequence", True, "charAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "CharSequence", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "CharSequence", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.lang", "String", False, "String", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "copyValueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "endsWith", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "format", "(Locale,String,Object[])", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "format", "(Locale,String,Object[])", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "formatted", "(Object[])", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "formatted", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "getBytes", "", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["java.lang", "String", False, "getBytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "getChars", "", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["java.lang", "String", False, "indent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "intern", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "join", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "repeat", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replace", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replaceAll", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "replaceFirst", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "split", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "strip", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "stripIndent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "stripLeading", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "stripTrailing", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "substring", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "toCharArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "toLowerCase", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "toString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.lang", "String", False, "toUpperCase", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "translateEscapes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "trim", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.net.http.model.yml b/java/ql/lib/ext/java.net.http.model.yml
new file mode 100644
index 00000000000..d967f46494b
--- /dev/null
+++ b/java/ql/lib/ext/java.net.http.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["java.net.http", "WebSocket$Listener", True, "onText", "(WebSocket,CharSequence,boolean)", "", "Parameter[1]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.net.http", "HttpRequest", False, "newBuilder", "", "", "Argument[0]", "open-url", "manual"]
+      - ["java.net.http", "HttpRequest$Builder", False, "uri", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml
new file mode 100644
index 00000000000..2c153b37a05
--- /dev/null
+++ b/java/ql/lib/ext/java.net.model.yml
@@ -0,0 +1,30 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["java.net", "Socket", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
+      - ["java.net", "URLConnection", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.net", "URL", False, "openConnection", "", "", "Argument[-1]", "open-url", "manual"]
+      - ["java.net", "URL", False, "openStream", "", "", "Argument[-1]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"]
+      - ["java.net", "URLClassLoader", False, "newInstance", "", "", "Argument[0]", "open-url", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URI", False, "toAsciiString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URI", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URI", False, "toURL", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.net", "URLDecoder", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.nio.channels.model.yml b/java/ql/lib/ext/java.nio.channels.model.yml
new file mode 100644
index 00000000000..e6b3e301bdf
--- /dev/null
+++ b/java/ql/lib/ext/java.nio.channels.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.nio.channels", "Channels", False, "newChannel", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.channels", "ReadableByteChannel", True, "read", "(ByteBuffer)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml
new file mode 100644
index 00000000000..129bf048b96
--- /dev/null
+++ b/java/ql/lib/ext/java.nio.file.model.yml
@@ -0,0 +1,35 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createLink", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createSymbolicLink", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createTempDirectory", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "write-file", "manual"]
+      - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "write-file", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.nio.model.yml b/java/ql/lib/ext/java.nio.model.yml
new file mode 100644
index 00000000000..ad03fbe2371
--- /dev/null
+++ b/java/ql/lib/ext/java.nio.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.nio", "ByteBuffer", False, "array", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio", "ByteBuffer", False, "get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.nio", "ByteBuffer", False, "wrap", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml
new file mode 100644
index 00000000000..e7017ebd40a
--- /dev/null
+++ b/java/ql/lib/ext/java.sql.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.sql", "Connection", True, "prepareCall", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Connection", True, "prepareStatement", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Driver", False, "connect", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"]
diff --git a/java/ql/lib/ext/java.util.concurrent.model.yml b/java/ql/lib/ext/java.util.concurrent.model.yml
new file mode 100644
index 00000000000..9c202220dde
--- /dev/null
+++ b/java/ql/lib/ext/java.util.concurrent.model.yml
@@ -0,0 +1,23 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util.concurrent", "BlockingDeque", True, "offerFirst", "(Object,long,TimeUnit)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "offerLast", "(Object,long,TimeUnit)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "pollFirst", "(long,TimeUnit)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "pollLast", "(long,TimeUnit)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "putFirst", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "putLast", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "takeFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "BlockingDeque", True, "takeLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "drainTo", "(Collection)", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "drainTo", "(Collection,int)", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "offer", "(Object,long,TimeUnit)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "poll", "(long,TimeUnit)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "put", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "BlockingQueue", True, "take", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent", "ConcurrentHashMap", True, "elements", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.concurrent", "TransferQueue", True, "transfer", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "TransferQueue", True, "tryTransfer", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util.concurrent", "TransferQueue", True, "tryTransfer", "(Object,long,TimeUnit)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
diff --git a/java/ql/lib/ext/java.util.function.model.yml b/java/ql/lib/ext/java.util.function.model.yml
new file mode 100644
index 00000000000..9a608462a92
--- /dev/null
+++ b/java/ql/lib/ext/java.util.function.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.util.function", "Predicate", False, "test", "(Object)", "", "Argument[-1]", "regex-use[0]", "manual"]
diff --git a/java/ql/lib/ext/java.util.logging.model.yml b/java/ql/lib/ext/java.util.logging.model.yml
new file mode 100644
index 00000000000..4f96b8f28ee
--- /dev/null
+++ b/java/ql/lib/ext/java.util.logging.model.yml
@@ -0,0 +1,44 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.util.logging", "Logger", True, "config", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "entering", "(String,String)", "", "Argument[0..1]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "entering", "(String,String,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "entering", "(String,String,Object[])", "", "Argument[0..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "exiting", "(String,String)", "", "Argument[0..1]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "exiting", "(String,String,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "fine", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "finer", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "finest", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "info", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(Level,Throwable,Supplier)", "", "Argument[2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "log", "(LogRecord)", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String)", "", "Argument[1..3]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object[])", "", "Argument[1..4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Throwable)", "", "Argument[1..3]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Supplier)", "", "Argument[1..3]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[4..5]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String)", "", "Argument[1..4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object[])", "", "Argument[1..5]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Throwable)", "", "Argument[1..4]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "severe", "", "", "Argument[0]", "logging", "manual"]
+      - ["java.util.logging", "Logger", True, "warning", "", "", "Argument[0]", "logging", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util.logging", "LogRecord", False, "LogRecord", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.util.model.yml b/java/ql/lib/ext/java.util.model.yml
new file mode 100644
index 00000000000..38368d87bf4
--- /dev/null
+++ b/java/ql/lib/ext/java.util.model.yml
@@ -0,0 +1,357 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util", "AbstractMap$SimpleEntry", False, "SimpleEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleEntry", False, "SimpleEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleEntry", False, "SimpleEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleEntry", False, "SimpleEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleImmutableEntry", False, "SimpleImmutableEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleImmutableEntry", False, "SimpleImmutableEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleImmutableEntry", False, "SimpleImmutableEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "AbstractMap$SimpleImmutableEntry", False, "SimpleImmutableEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "ArrayDeque", False, "ArrayDeque", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "ArrayList", False, "ArrayList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Arrays", False, "asList", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Arrays", False, "copyOf", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "copyOfRange", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(Object[],Object)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(Object[],int,int,Object)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(boolean[],boolean)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(boolean[],int,int,boolean)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(byte[],byte)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(byte[],int,int,byte)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(char[],char)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(char[],int,int,char)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(double[],double)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(double[],int,int,double)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(float[],float)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(float[],int,int,float)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(int[],int)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(int[],int,int,int)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(long[],int,int,long)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(long[],long)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(short[],int,int,short)", "", "Argument[3]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "fill", "(short[],short)", "", "Argument[1]", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Arrays", False, "spliterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Arrays", False, "stream", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Base64$Decoder", False, "decode", "(ByteBuffer)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Decoder", False, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Decoder", False, "decode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Decoder", False, "wrap", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Encoder", False, "encode", "(ByteBuffer)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Encoder", False, "encode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Encoder", False, "encodeToString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Base64$Encoder", False, "wrap", "(OutputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Collection", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Collection", True, "addAll", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Collection", True, "parallelStream", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collection", True, "stream", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collection", True, "toArray", "", "", "Argument[-1].Element", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Collection", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["java.util", "Collections", False, "addAll", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedCollection", "(Collection,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedList", "(List,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedMap", "(Map,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedMap", "(Map,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedNavigableMap", "(NavigableMap,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedNavigableMap", "(NavigableMap,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedNavigableSet", "(NavigableSet,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedSet", "(Set,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedSortedMap", "(SortedMap,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedSortedMap", "(SortedMap,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "checkedSortedSet", "(SortedSet,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "copy", "(List,List)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["java.util", "Collections", False, "enumeration", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "fill", "(List,Object)", "", "Argument[1]", "Argument[0].Element", "value", "manual"]
+      - ["java.util", "Collections", False, "list", "(Enumeration)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "max", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Collections", False, "min", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Collections", False, "nCopies", "(int,Object)", "", "Argument[1]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "replaceAll", "(List,Object,Object)", "", "Argument[2]", "Argument[0].Element", "value", "manual"]
+      - ["java.util", "Collections", False, "singleton", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "singletonList", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "singletonMap", "(Object,Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "singletonMap", "(Object,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedCollection", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedList", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedNavigableMap", "(NavigableMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedNavigableMap", "(NavigableMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedNavigableSet", "(NavigableSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedSortedMap", "(SortedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedSortedMap", "(SortedMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "synchronizedSortedSet", "(SortedSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableCollection", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableList", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableMap", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableMap", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableNavigableMap", "(NavigableMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableNavigableMap", "(NavigableMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableNavigableSet", "(NavigableSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableSortedMap", "(SortedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableSortedMap", "(SortedMap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Collections", False, "unmodifiableSortedSet", "(SortedSet)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Deque", True, "addFirst", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Deque", True, "addLast", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Deque", True, "descendingIterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Deque", True, "getFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "getLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "offerFirst", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Deque", True, "offerLast", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Deque", True, "peekFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "peekLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "pollFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "pollLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "pop", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "push", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Deque", True, "removeFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Deque", True, "removeLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Dictionary", True, "elements", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Dictionary", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Dictionary", True, "keys", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Dictionary", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Dictionary", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Dictionary", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Dictionary", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "EnumMap", False, "EnumMap", "(EnumMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "EnumMap", False, "EnumMap", "(EnumMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "EnumMap", False, "EnumMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "EnumMap", False, "EnumMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Enumeration", True, "asIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Enumeration", True, "nextElement", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "HashMap", False, "HashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "HashMap", False, "HashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "HashSet", False, "HashSet", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Hashtable", False, "Hashtable", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Hashtable", False, "Hashtable", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "IdentityHashMap", False, "IdentityHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "IdentityHashMap", False, "IdentityHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Iterator", True, "forEachRemaining", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Iterator", True, "next", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "LinkedHashMap", False, "LinkedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "LinkedHashMap", False, "LinkedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "LinkedHashSet", False, "LinkedHashSet", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "LinkedList", False, "LinkedList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "List", True, "add", "(int,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "List", True, "addAll", "(int,Collection)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "List", False, "copyOf", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", True, "get", "(int)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "List", True, "listIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object)", "", "Argument[0..1]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object)", "", "Argument[0..2]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object)", "", "Argument[0..3]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object)", "", "Argument[0..4]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", False, "of", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "List", True, "remove", "(int)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "List", True, "set", "(int,Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "List", True, "set", "(int,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "List", True, "subList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "ListIterator", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "ListIterator", True, "previous", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "ListIterator", True, "set", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[1].ReturnValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", False, "copyOf", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "copyOf", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "entry", "(Object,Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "entry", "(Object,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "entrySet", "", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "entrySet", "", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "forEach", "(BiConsumer)", "", "Argument[-1].MapKey", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Map", True, "forEach", "(BiConsumer)", "", "Argument[-1].MapValue", "Argument[0].Parameter[1]", "value", "manual"]
+      - ["java.util", "Map", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "getOrDefault", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "getOrDefault", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Map", True, "merge", "(Object,Object,BiFunction)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[10]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[11]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[12]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[13]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[14]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[15]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[16]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[17]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[18]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[19]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[2]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[3]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[4]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[5]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[6]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[7]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[8]", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "of", "", "", "Argument[9]", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", False, "ofEntries", "", "", "Argument[0].ArrayElement.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "Map", False, "ofEntries", "", "", "Argument[0].ArrayElement.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "putIfAbsent", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "putIfAbsent", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "putIfAbsent", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "replace", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map", True, "replace", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "replace", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "replace", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Map", True, "replace", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Map", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Map$Entry", True, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map$Entry", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map$Entry", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Map$Entry", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "ceilingEntry", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "ceilingEntry", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "descendingMap", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "descendingMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "firstEntry", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "firstEntry", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "floorEntry", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "floorEntry", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "headMap", "(Object,boolean)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "headMap", "(Object,boolean)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "higherEntry", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "higherEntry", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "lastEntry", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "lastEntry", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "lowerEntry", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "lowerEntry", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "pollFirstEntry", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "pollFirstEntry", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "pollLastEntry", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "pollLastEntry", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "subMap", "(Object,boolean,Object,boolean)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "subMap", "(Object,boolean,Object,boolean)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "tailMap", "(Object,boolean)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "NavigableMap", True, "tailMap", "(Object,boolean)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "ceiling", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "descendingIterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "descendingSet", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "floor", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "headSet", "(Object,boolean)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "higher", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "lower", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "pollFirst", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "pollLast", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "subSet", "(Object,boolean,Object,boolean)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "NavigableSet", True, "tailSet", "(Object,boolean)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Objects", False, "requireNonNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Objects", False, "requireNonNullElse", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Objects", False, "requireNonNullElse", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Objects", False, "requireNonNullElseGet", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Objects", False, "toString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "filter", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Optional", False, "filter", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Optional", False, "flatMap", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Optional", False, "flatMap", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "ifPresent", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Optional", False, "ifPresentOrElse", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Optional", False, "map", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util", "Optional", False, "map", "", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Optional", False, "of", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Optional", False, "ofNullable", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Optional", False, "or", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Optional", False, "or", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "orElse", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "orElse", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "orElseGet", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "orElseGet", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "orElseThrow", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Optional", False, "stream", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "PriorityQueue", False, "PriorityQueue", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "PriorityQueue", False, "PriorityQueue", "(PriorityQueue)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "PriorityQueue", False, "PriorityQueue", "(SortedSet)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Properties", True, "getProperty", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Properties", True, "getProperty", "(String,String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Properties", True, "getProperty", "(String,String)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Properties", True, "setProperty", "(String,String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["java.util", "Properties", True, "setProperty", "(String,String)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "Properties", True, "setProperty", "(String,String)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "Queue", True, "element", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Queue", True, "offer", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Queue", True, "peek", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Queue", True, "poll", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Queue", True, "remove", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Scanner", True, "Scanner", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.util", "Scanner", True, "findInLine", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "findWithinHorizon", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "next", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextBigDecimal", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextBigInteger", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextByte", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextLine", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "nextShort", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "Scanner", True, "reset", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Scanner", True, "skip", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Scanner", True, "useDelimiter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Scanner", True, "useLocale", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Scanner", True, "useRadix", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["java.util", "Set", False, "copyOf", "(Collection)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object)", "", "Argument[0..1]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object)", "", "Argument[0..2]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object)", "", "Argument[0..3]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object)", "", "Argument[0..4]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Set", False, "of", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "SortedMap", True, "headMap", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "SortedMap", True, "headMap", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "SortedMap", True, "subMap", "(Object,Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "SortedMap", True, "subMap", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "SortedMap", True, "tailMap", "(Object)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["java.util", "SortedMap", True, "tailMap", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["java.util", "SortedSet", True, "first", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "SortedSet", True, "headSet", "(Object)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "SortedSet", True, "last", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "SortedSet", True, "subSet", "(Object,Object)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "SortedSet", True, "tailSet", "(Object)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Stack", True, "peek", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Stack", True, "pop", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Stack", True, "push", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "StringTokenizer", False, "StringTokenizer", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.util", "StringTokenizer", False, "nextElement", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "StringTokenizer", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "TreeMap", False, "TreeMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "TreeMap", False, "TreeMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "TreeMap", False, "TreeMap", "(SortedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "TreeMap", False, "TreeMap", "(SortedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["java.util", "TreeSet", False, "TreeSet", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "TreeSet", False, "TreeSet", "(SortedSet)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Vector", False, "Vector", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Vector", True, "addElement", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Vector", True, "copyInto", "(Object[])", "", "Argument[-1].Element", "Argument[0].ArrayElement", "value", "manual"]
+      - ["java.util", "Vector", True, "elementAt", "(int)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Vector", True, "elements", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util", "Vector", True, "firstElement", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Vector", True, "insertElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "Vector", True, "lastElement", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/java.util.regex.model.yml b/java/ql/lib/ext/java.util.regex.model.yml
new file mode 100644
index 00000000000..79f50e55e9d
--- /dev/null
+++ b/java/ql/lib/ext/java.util.regex.model.yml
@@ -0,0 +1,26 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.util.regex", "Matcher", False, "matches", "()", "", "Argument[-1]", "regex-use[f]", "manual"]
+      - ["java.util.regex", "Pattern", False, "asMatchPredicate", "()", "", "Argument[-1]", "regex-use[f]", "manual"]
+      - ["java.util.regex", "Pattern", False, "compile", "(String)", "", "Argument[0]", "regex-use[]", "manual"]
+      - ["java.util.regex", "Pattern", False, "compile", "(String,int)", "", "Argument[0]", "regex-use[]", "manual"]
+      - ["java.util.regex", "Pattern", False, "matcher", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+      - ["java.util.regex", "Pattern", False, "matches", "(String,CharSequence)", "", "Argument[0]", "regex-use[f1]", "manual"]
+      - ["java.util.regex", "Pattern", False, "split", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+      - ["java.util.regex", "Pattern", False, "split", "(CharSequence,int)", "", "Argument[-1]", "regex-use[0]", "manual"]
+      - ["java.util.regex", "Pattern", False, "splitAsStream", "(CharSequence)", "", "Argument[-1]", "regex-use[0]", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util.regex", "Matcher", False, "group", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Matcher", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Matcher", False, "replaceAll", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Matcher", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Matcher", False, "replaceFirst", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Pattern", False, "matcher", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Pattern", False, "quote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util.regex", "Pattern", False, "split", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/java.util.stream.model.yml b/java/ql/lib/ext/java.util.stream.model.yml
new file mode 100644
index 00000000000..4ce3812336e
--- /dev/null
+++ b/java/ql/lib/ext/java.util.stream.model.yml
@@ -0,0 +1,89 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util.stream", "BaseStream", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "BaseStream", True, "onClose", "(Runnable)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "BaseStream", True, "parallel", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "BaseStream", True, "sequential", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "BaseStream", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "BaseStream", True, "unordered", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "allMatch", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "anyMatch", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[-1].Element", "Argument[1].Parameter[1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[0].ReturnValue", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[1].Parameter[0]", "Argument[2].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[1].Parameter[0]", "ReturnValue", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[2].Parameter[0..1]", "Argument[1].Parameter[0]", "value", "manual"]
+      # collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD
+      - ["java.util.stream", "Stream", True, "concat", "(Stream,Stream)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "distinct", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "dropWhile", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "dropWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "findAny", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "findFirst", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "flatMap", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "flatMap", "(Function)", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "flatMapToDouble", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "flatMapToInt", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "flatMapToLong", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "forEachOrdered", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "generate", "(Supplier)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,Predicate,UnaryOperator)", "", "Argument[0]", "Argument[1..2].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,Predicate,UnaryOperator)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,Predicate,UnaryOperator)", "", "Argument[2].ReturnValue", "Argument[1..2].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,Predicate,UnaryOperator)", "", "Argument[2].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,UnaryOperator)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,UnaryOperator)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,UnaryOperator)", "", "Argument[1].ReturnValue", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "iterate", "(Object,UnaryOperator)", "", "Argument[1].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "limit", "(long)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      # Missing for mapMulti(BiConsumer) (not currently supported):
+      # Argument[0] of Parameter[1] of Argument[0] -> Element of Parameter[1] of Argument[0]
+      # Element of Parameter[1] of Argument[0] -> Element of ReturnValue
+      - ["java.util.stream", "Stream", True, "mapMulti", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapMultiToDouble", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapMultiToInt", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapMultiToLong", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapToDouble", "(ToDoubleFunction)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapToInt", "(ToIntFunction)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "mapToLong", "(ToLongFunction)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "max", "(Comparator)", "", "Argument[-1].Element", "Argument[0].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "max", "(Comparator)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "min", "(Comparator)", "", "Argument[-1].Element", "Argument[0].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "min", "(Comparator)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "noneMatch", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "of", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "ofNullable", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "peek", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "peek", "(Consumer)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(BinaryOperator)", "", "Argument[-1].Element", "Argument[0].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(BinaryOperator)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(BinaryOperator)", "", "Argument[0].ReturnValue", "Argument[0].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(BinaryOperator)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[-1].Element", "Argument[1].Parameter[1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[0]", "Argument[2].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[1..2].ReturnValue", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[1..2].ReturnValue", "Argument[2].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BiFunction,BinaryOperator)", "", "Argument[1..2].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BinaryOperator)", "", "Argument[-1].Element", "Argument[1].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BinaryOperator)", "", "Argument[0]", "Argument[1].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BinaryOperator)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BinaryOperator)", "", "Argument[1].ReturnValue", "Argument[1].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "reduce", "(Object,BinaryOperator)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "skip", "(long)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "sorted", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "sorted", "(Comparator)", "", "Argument[-1].Element", "Argument[0].Parameter[0..1]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/java.util.zip.model.yml b/java/ql/lib/ext/java.util.zip.model.yml
new file mode 100644
index 00000000000..fd9c0173016
--- /dev/null
+++ b/java/ql/lib/ext/java.util.zip.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.util.zip", "GZIPInputStream", False, "GZIPInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.util.zip", "ZipInputStream", False, "ZipInputStream", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.faces.context.model.yml b/java/ql/lib/ext/javax.faces.context.model.yml
new file mode 100644
index 00000000000..ad33971c2c3
--- /dev/null
+++ b/java/ql/lib/ext/javax.faces.context.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.faces.context", "ExternalContext", True, "getRequestCookieMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestHeaderMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestHeaderValuesMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestParameterMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestParameterNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestParameterValuesMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.faces.context", "ExternalContext", True, "getRequestPathInfo", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "xss", "manual"]
+      - ["javax.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "xss", "manual"]
diff --git a/java/ql/lib/ext/javax.jms.model.yml b/java/ql/lib/ext/javax.jms.model.yml
new file mode 100644
index 00000000000..fed2a255ebd
--- /dev/null
+++ b/java/ql/lib/ext/javax.jms.model.yml
@@ -0,0 +1,80 @@
+ # This model covers JMS API versions 1 and 2.
+ #
+ # https://docs.oracle.com/javaee/6/api/javax/jms/package-summary.html
+ # https://docs.oracle.com/javaee/7/api/javax/jms/package-summary.html
+ #
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.jms", "JMSConsumer", True, "receive", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "JMSConsumer", True, "receiveBody", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "JMSConsumer", True, "receiveBodyNoWait", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "JMSConsumer", True, "receiveNoWait", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "MessageConsumer", True, "receive", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "MessageConsumer", True, "receiveNoWait", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "MessageListener", True, "onMessage", "(Message)", "", "Parameter[0]", "remote", "manual"]
+      - ["javax.jms", "QueueRequestor", True, "request", "(Message)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.jms", "TopicRequestor", True, "request", "(Message)", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.jms", "BytesMessage", True, "readBoolean", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readByte", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readBytes", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readChar", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readDouble", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readFloat", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readInt", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readLong", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readShort", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readUTF", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readUnsignedByte", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "BytesMessage", True, "readUnsignedShort", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getBoolean", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getByte", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getBytes", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getChar", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getDouble", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getFloat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getInt", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getLong", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getMapNames", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getObject", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getShort", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "MapMessage", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getBody", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getBooleanProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getByteProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getDoubleProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getFloatProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getIntProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getJMSCorrelationID", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getJMSCorrelationIDAsBytes", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getJMSDestination", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getJMSReplyTo", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getJMSType", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getLongProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getObjectProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getPropertyNames", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getShortProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Message", True, "getStringProperty", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "ObjectMessage", True, "getObject", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Queue", True, "getQueueName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Queue", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readBoolean", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readByte", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readBytes", "(byte[])", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readChar", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readDouble", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readFloat", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readInt", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readLong", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readObject", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readShort", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "StreamMessage", True, "readString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "TextMessage", True, "getText", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Topic", True, "getTopicName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.jms", "Topic", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.json.model.yml b/java/ql/lib/ext/javax.json.model.yml
new file mode 100644
index 00000000000..47deffe31b9
--- /dev/null
+++ b/java/ql/lib/ext/javax.json.model.yml
@@ -0,0 +1,127 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.json", "Json", False, "createArrayBuilder", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createArrayBuilder", "(JsonArray)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createDiff", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createMergeDiff", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createMergePatch", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createObjectBuilder", "(JsonObject)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createObjectBuilder", "(Map)", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createObjectBuilder", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createPatch", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createPatchBuilder", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createPointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "createWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "decodePointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "Json", False, "encodePointer", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArray", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArray", False, "getJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getJsonNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getJsonString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArray", False, "getString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArray", False, "getValuesAs", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(BigDecimal)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(BigInteger)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(JsonArrayBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(JsonObjectBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(JsonValue)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(double)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,BigDecimal)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,BigInteger)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,JsonArrayBuilder)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,JsonObjectBuilder)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,JsonValue)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,String)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,double)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(int,long)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "add", "(long)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "addAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "addAll", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "addNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "set", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "set", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonArrayBuilder", False, "setNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonMergePatch", False, "apply", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonMergePatch", False, "apply", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonMergePatch", False, "toJsonValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "bigDecimalValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "bigIntegerValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "bigIntegerValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "doubleValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "intValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "intValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "longValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "longValueExact", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonNumber", False, "numberValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObject", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObject", False, "getJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getJsonNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getJsonString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObject", False, "getString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "add", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "addAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "addAll", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "addNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonObjectBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatch", False, "apply", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatch", False, "apply", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatch", False, "toJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "add", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "add", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "copy", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "copy", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "move", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "move", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "remove", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "remove", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "replace", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "test", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.json", "JsonPatchBuilder", False, "test", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "add", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "add", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "getValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "remove", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "replace", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonPointer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonReader", False, "read", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonReader", False, "readArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonReader", False, "readObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonReader", False, "readValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonReaderFactory", False, "createReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonString", False, "getChars", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonString", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonStructure", True, "getValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonValue", True, "asJsonArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonValue", True, "asJsonObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonValue", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.json", "JsonWriter", False, "write", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonWriter", False, "writeArray", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonWriter", False, "writeObject", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.json", "JsonWriterFactory", False, "createWriter", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.json.stream.model.yml b/java/ql/lib/ext/javax.json.stream.model.yml
new file mode 100644
index 00000000000..77d564bfb69
--- /dev/null
+++ b/java/ql/lib/ext/javax.json.stream.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.json.stream", "JsonParserFactory", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.management.remote.model.yml b/java/ql/lib/ext/javax.management.remote.model.yml
new file mode 100644
index 00000000000..3751017d4e6
--- /dev/null
+++ b/java/ql/lib/ext/javax.management.remote.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.management.remote", "JMXConnector", True, "connect", "", "", "Argument[-1]", "jndi-injection", "manual"]
+      - ["javax.management.remote", "JMXConnectorFactory", False, "connect", "", "", "Argument[0]", "jndi-injection", "manual"]
diff --git a/java/ql/lib/ext/javax.naming.directory.model.yml b/java/ql/lib/ext/javax.naming.directory.model.yml
new file mode 100644
index 00000000000..bb350a084cb
--- /dev/null
+++ b/java/ql/lib/ext/javax.naming.directory.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.naming.directory", "DirContext", True, "search", "", "", "Argument[0..1]", "ldap", "manual"]
diff --git a/java/ql/lib/ext/javax.naming.model.yml b/java/ql/lib/ext/javax.naming.model.yml
new file mode 100644
index 00000000000..c55f76557d6
--- /dev/null
+++ b/java/ql/lib/ext/javax.naming.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.naming", "Context", True, "list", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["javax.naming", "Context", True, "listBindings", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["javax.naming", "Context", True, "lookup", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["javax.naming", "Context", True, "lookupLink", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["javax.naming", "Context", True, "rename", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["javax.naming", "InitialContext", True, "doLookup", "", "", "Argument[0]", "jndi-injection", "manual"]
diff --git a/java/ql/lib/ext/javax.net.ssl.model.yml b/java/ql/lib/ext/javax.net.ssl.model.yml
new file mode 100644
index 00000000000..7cbed92c184
--- /dev/null
+++ b/java/ql/lib/ext/javax.net.ssl.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"]
+      - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"]
diff --git a/java/ql/lib/ext/javax.script.model.yml b/java/ql/lib/ext/javax.script.model.yml
new file mode 100644
index 00000000000..1ca0311906a
--- /dev/null
+++ b/java/ql/lib/ext/javax.script.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.script", "CompiledScript", False, "eval", "", "", "Argument[-1]", "mvel", "manual"]
diff --git a/java/ql/lib/ext/javax.servlet.http.model.yml b/java/ql/lib/ext/javax.servlet.http.model.yml
new file mode 100644
index 00000000000..9833d356835
--- /dev/null
+++ b/java/ql/lib/ext/javax.servlet.http.model.yml
@@ -0,0 +1,34 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.servlet.http", "Cookie", False, "getComment", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "Cookie", False, "getName", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "Cookie", False, "getValue", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getParameter", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getParameterMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getParameterNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getParameterValues", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathInfo", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getQueryString", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRemoteUser", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.servlet.http", "HttpServletResponse", False, "addCookie", "", "", "Argument[0]", "header-splitting", "manual"]
+      - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "header-splitting", "manual"]
+      - ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"]
+      - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "header-splitting", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.servlet.http", "Cookie", False, "Cookie", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.servlet.http", "Cookie", False, "Cookie", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml
new file mode 100644
index 00000000000..ba850941729
--- /dev/null
+++ b/java/ql/lib/ext/javax.servlet.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.servlet", "ServletRequest", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet", "ServletRequest", False, "getParameter", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet", "ServletRequest", False, "getParameterMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet", "ServletRequest", False, "getParameterNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet", "ServletRequest", False, "getParameterValues", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet", "ServletRequest", False, "getReader", "()", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/javax.validation.model.yml b/java/ql/lib/ext/javax.validation.model.yml
new file mode 100644
index 00000000000..2f1f3d9a75c
--- /dev/null
+++ b/java/ql/lib/ext/javax.validation.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.validation", "ConstraintValidator", True, "isValid", "", "", "Parameter[0]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.validation", "ConstraintValidatorContext", True, "buildConstraintViolationWithTemplate", "", "", "Argument[0]", "bean-validation", "manual"]
diff --git a/java/ql/lib/ext/javax.ws.rs.client.model.yml b/java/ql/lib/ext/javax.ws.rs.client.model.yml
new file mode 100644
index 00000000000..0a5a01c3338
--- /dev/null
+++ b/java/ql/lib/ext/javax.ws.rs.client.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/javax.ws.rs.container.model.yml b/java/ql/lib/ext/javax.ws.rs.container.model.yml
new file mode 100644
index 00000000000..a76f848a597
--- /dev/null
+++ b/java/ql/lib/ext/javax.ws.rs.container.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getAcceptableLanguages", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getAcceptableMediaTypes", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getEntityStream", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getHeaderString", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getLanguage", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getMediaType", "", "", "ReturnValue", "remote", "manual"]
+      - ["javax.ws.rs.container", "ContainerRequestContext", True, "getUriInfo", "", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/javax.ws.rs.core.model.yml b/java/ql/lib/ext/javax.ws.rs.core.model.yml
new file mode 100644
index 00000000000..c7fb603d3c4
--- /dev/null
+++ b/java/ql/lib/ext/javax.ws.rs.core.model.yml
@@ -0,0 +1,168 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirect", "manual"]
+      - ["javax.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirect", "manual"]
+      - ["javax.ws.rs.core", "ResponseBuilder", False, "header", "", "", "Argument[1]", "header-splitting", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.ws.rs.core", "AbstractMultivaluedMap", False, "AbstractMultivaluedMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "AbstractMultivaluedMap", False, "AbstractMultivaluedMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Cookie", False, "Cookie", "", "", "Argument[0..4]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "getDomain", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "getName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "getValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "getVersion", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Cookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Form", False, "Form", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "Form", False, "Form", "", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "Form", False, "Form", "", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "Form", True, "asMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Form", True, "param", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Form", True, "param", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "GenericEntity", False, "GenericEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "GenericEntity", True, "getEntity", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      # Methods that Date have to be syntax-checked, but those returning MediaType
+      # or Locale are assumed potentially dangerous, as these types do not generally check that the
+      # input data is recognised, only that it conforms to the expected syntax.
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getAcceptableLanguages", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getAcceptableMediaTypes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getCookies", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getHeaderString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getLanguage", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getMediaType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getRequestHeader", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "HttpHeaders", True, "getRequestHeaders", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", False, "MediaType", "", "", "Argument[0..2]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", True, "getParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", True, "getSubtype", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", True, "getType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MediaType", True, "withCharset", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(MultivaluedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedHashMap", False, "MultivaluedHashMap", "(MultivaluedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "add", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "add", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "addAll", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "addAll", "(Object,List)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "addAll", "(Object,Object[])", "", "Argument[1].ArrayElement", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "addFirst", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "addFirst", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "getFirst", "", "", "Argument[-1].MapValue.Element", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "putSingle", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["javax.ws.rs.core", "MultivaluedMap", True, "putSingle", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", False, "NewCookie", "", "", "Argument[0..9]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", True, "getComment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", True, "getExpiry", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", True, "getMaxAge", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", True, "toCookie", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "NewCookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "PathSegment", True, "getMatrixParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "PathSegment", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      # The returned ResponseBuilder gains taint from a tainted entity or existing Response
+      - ["javax.ws.rs.core", "Response", False, "accepted", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Response", False, "fromResponse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Response", False, "ok", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      # Becomes tainted by a tainted entity, but not by metadata, headers etc
+      # Build() method returns taint
+      # Almost all methods are fluent, and so preserve value
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "allow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "cacheControl", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "contentLocation", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "cookie", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "encoding", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "entity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "entity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "expires", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "header", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "language", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "lastModified", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "link", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "links", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "location", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "status", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "tag", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "type", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "variant", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "variants", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "build", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromEncoded", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromEncoded", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromEncodedMap", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "buildFromMap", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "fragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "fragment", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", False, "fromLink", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", False, "fromPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", False, "fromUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "host", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "host", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "matrixParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "path", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "path", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "queryParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceMatrix", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceMatrix", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceMatrixParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replacePath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replacePath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplate", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplate", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplateFromEncoded", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplateFromEncoded", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplates", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "resolveTemplatesFromEncoded", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "scheme", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "scheme", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "schemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "schemeSpecificPart", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "segment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "segment", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "toTemplate", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "uri", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "uri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "userInfo", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["javax.ws.rs.core", "UriBuilder", True, "userInfo", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getAbsolutePathBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getPathParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getPathSegments", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getQueryParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getRequestUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "getRequestUriBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "relativize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "resolve", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.ws.rs.core", "UriInfo", True, "resolve", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.xml.transform.model.yml b/java/ql/lib/ext/javax.xml.transform.model.yml
new file mode 100644
index 00000000000..d9123a46fc7
--- /dev/null
+++ b/java/ql/lib/ext/javax.xml.transform.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.xml.transform", "Transformer", False, "transform", "", "", "Argument[-1]", "xslt", "manual"]
diff --git a/java/ql/lib/ext/javax.xml.transform.sax.model.yml b/java/ql/lib/ext/javax.xml.transform.sax.model.yml
new file mode 100644
index 00000000000..90d583b5116
--- /dev/null
+++ b/java/ql/lib/ext/javax.xml.transform.sax.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.xml.transform.sax", "SAXSource", False, "SAXSource", "(InputSource)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.xml.transform.sax", "SAXSource", False, "SAXSource", "(XMLReader,InputSource)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["javax.xml.transform.sax", "SAXSource", False, "getInputSource", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["javax.xml.transform.sax", "SAXSource", False, "sourceToInputSource", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.xml.transform.stream.model.yml b/java/ql/lib/ext/javax.xml.transform.stream.model.yml
new file mode 100644
index 00000000000..5098f9badfc
--- /dev/null
+++ b/java/ql/lib/ext/javax.xml.transform.stream.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.xml.transform.stream", "StreamSource", False, "StreamSource", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["javax.xml.transform.stream", "StreamSource", False, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/javax.xml.xpath.model.yml b/java/ql/lib/ext/javax.xml.xpath.model.yml
new file mode 100644
index 00000000000..68f51a34a2e
--- /dev/null
+++ b/java/ql/lib/ext/javax.xml.xpath.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.xml.xpath", "XPath", True, "compile", "", "", "Argument[0]", "xpath", "manual"]
+      - ["javax.xml.xpath", "XPath", True, "evaluate", "", "", "Argument[0]", "xpath", "manual"]
+      - ["javax.xml.xpath", "XPath", True, "evaluateExpression", "", "", "Argument[0]", "xpath", "manual"]
diff --git a/java/ql/lib/ext/jodd.json.model.yml b/java/ql/lib/ext/jodd.json.model.yml
new file mode 100644
index 00000000000..cf8005bf909
--- /dev/null
+++ b/java/ql/lib/ext/jodd.json.model.yml
@@ -0,0 +1,21 @@
+ # A partial model of jodd.json.JsonParser noting fluent methods.
+ #
+ # This means that DataFlow::localFlow and similar methods are aware
+ # that the result of (e.g.) JsonParser.allowClass is an alias of the
+ # qualifier.
+ #
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["jodd.json", "JsonParser", False, "allowAllClasses", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "allowClass", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "lazy", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "looseMode", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "map", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "setClassMetadataName", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "strictTypes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "useAltPaths", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "withClassMetadata", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["jodd.json", "JsonParser", False, "withValueConverter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/kotlin.collections.model.yml b/java/ql/lib/ext/kotlin.collections.model.yml
new file mode 100644
index 00000000000..b854230b9c3
--- /dev/null
+++ b/java/ql/lib/ext/kotlin.collections.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["kotlin.collections", "ArraysKt", False, "withIndex", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/kotlin.jvm.internal.model.yml b/java/ql/lib/ext/kotlin.jvm.internal.model.yml
new file mode 100644
index 00000000000..413642bbeee
--- /dev/null
+++ b/java/ql/lib/ext/kotlin.jvm.internal.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["kotlin.jvm.internal", "ArrayIteratorKt", False, "iterator", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/net.sf.saxon.s9api.model.yml b/java/ql/lib/ext/net.sf.saxon.s9api.model.yml
new file mode 100644
index 00000000000..cbe916fd018
--- /dev/null
+++ b/java/ql/lib/ext/net.sf.saxon.s9api.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "applyTemplates", "", "", "Argument[-1]", "xslt", "manual"]
+      - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callFunction", "", "", "Argument[-1]", "xslt", "manual"]
+      - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callTemplate", "", "", "Argument[-1]", "xslt", "manual"]
+      - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "transform", "", "", "Argument[-1]", "xslt", "manual"]
+      - ["net.sf.saxon.s9api", "XsltTransformer", False, "transform", "", "", "Argument[-1]", "xslt", "manual"]
diff --git a/java/ql/lib/ext/ognl.enhance.model.yml b/java/ql/lib/ext/ognl.enhance.model.yml
new file mode 100644
index 00000000000..6e3a27f34ae
--- /dev/null
+++ b/java/ql/lib/ext/ognl.enhance.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["ognl.enhance", "ExpressionAccessor", True, "get", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["ognl.enhance", "ExpressionAccessor", True, "set", "", "", "Argument[-1]", "ognl-injection", "manual"]
diff --git a/java/ql/lib/ext/ognl.model.yml b/java/ql/lib/ext/ognl.model.yml
new file mode 100644
index 00000000000..23de976ef98
--- /dev/null
+++ b/java/ql/lib/ext/ognl.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["ognl", "Node", False, "getValue", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["ognl", "Node", False, "setValue", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["ognl", "Ognl", False, "getValue", "", "", "Argument[0]", "ognl-injection", "manual"]
+      - ["ognl", "Ognl", False, "setValue", "", "", "Argument[0]", "ognl-injection", "manual"]
diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml
new file mode 100644
index 00000000000..7e8459daedc
--- /dev/null
+++ b/java/ql/lib/ext/okhttp3.model.yml
@@ -0,0 +1,58 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "open-url", "manual"]
+      - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "open-url", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["okhttp3", "HttpUrl", False, "parse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["okhttp3", "HttpUrl", False, "uri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["okhttp3", "HttpUrl", False, "url", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedPathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedPathSegment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedPathSegments", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedPathSegments", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedQueryParameter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addEncodedQueryParameter", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addPathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addPathSegment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addPathSegments", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addPathSegments", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addQueryParameter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "addQueryParameter", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedFragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedFragment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedPassword", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedPath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedPath", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedQuery", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "encodedUsername", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "fragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "fragment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "host", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "host", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "password", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "port", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "port", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "query", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "query", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "removeAllEncodedQueryParameters", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "removeAllQueryParameters", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "removePathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "scheme", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "scheme", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setEncodedPathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setEncodedPathSegment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setEncodedQueryParameter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setEncodedQueryParameter", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setPathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setPathSegment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.codec.model.yml b/java/ql/lib/ext/org.apache.commons.codec.model.yml
new file mode 100644
index 00000000000..78d41e6e273
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.codec.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.codec", "BinaryDecoder", True, "decode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.codec", "BinaryEncoder", True, "encode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.codec", "Decoder", True, "decode", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.codec", "Encoder", True, "encode", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.codec", "StringDecoder", True, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.codec", "StringEncoder", True, "encode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml b/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml
new file mode 100644
index 00000000000..64994a3567c
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml
@@ -0,0 +1,24 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag
+      - ["org.apache.commons.collections.bag", "AbstractBagDecorator", True, "AbstractBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "AbstractMapBag", True, "AbstractMapBag", "", "", "Argument[0].MapKey", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "AbstractMapBag", True, "getMap", "", "", "Argument[-1].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "AbstractSortedBagDecorator", True, "AbstractSortedBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "CollectionBag", True, "CollectionBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "CollectionBag", True, "collectionBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "CollectionSortedBag", True, "CollectionSortedBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "CollectionSortedBag", True, "collectionSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "HashBag", True, "HashBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "PredicatedBag", True, "predicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "PredicatedSortedBag", True, "predicatedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "SynchronizedBag", True, "synchronizedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "SynchronizedSortedBag", True, "synchronizedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "TransformedBag", True, "transformedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "TransformedSortedBag", True, "transformedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "TreeBag", True, "TreeBag", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "UnmodifiableBag", True, "unmodifiableBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.bag", "UnmodifiableSortedBag", True, "unmodifiableSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.bidimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections.bidimap.model.yml
new file mode 100644
index 00000000000..067219984bf
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.bidimap.model.yml
@@ -0,0 +1,37 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections.bidimap", "AbstractBidiMapDecorator", True, "AbstractBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractBidiMapDecorator", True, "AbstractBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[1].MapKey", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[1].MapValue", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[2].MapKey", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[2].MapValue", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractOrderedBidiMapDecorator", True, "AbstractOrderedBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractOrderedBidiMapDecorator", True, "AbstractOrderedBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractSortedBidiMapDecorator", True, "AbstractSortedBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "AbstractSortedBidiMapDecorator", True, "AbstractSortedBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualHashBidiMap", True, "DualHashBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualHashBidiMap", True, "DualHashBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualLinkedHashBidiMap", True, "DualLinkedHashBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualLinkedHashBidiMap", True, "DualLinkedHashBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "DualTreeBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "DualTreeBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "inverseSortedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "DualTreeBidiMap", True, "inverseSortedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "TreeBidiMap", True, "TreeBidiMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "TreeBidiMap", True, "TreeBidiMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableBidiMap", True, "unmodifiableBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableBidiMap", True, "unmodifiableBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableOrderedBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableOrderedBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableOrderedBidiMap", True, "unmodifiableOrderedBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableOrderedBidiMap", True, "unmodifiableOrderedBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableSortedBidiMap", True, "unmodifiableSortedBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.bidimap", "UnmodifiableSortedBidiMap", True, "unmodifiableSortedBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml b/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml
new file mode 100644
index 00000000000..ce1caf3d473
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml
@@ -0,0 +1,46 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedCollection
+      - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "AbstractCollectionDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "decorated", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "setCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "CompositeCollection", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "CompositeCollection", "(Collection,Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "CompositeCollection", "(Collection,Collection)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "CompositeCollection", "(Collection[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "addComposited", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "addComposited", "(Collection,Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "addComposited", "(Collection,Collection)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "addComposited", "(Collection[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "getCollections", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection", True, "toCollection", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection$CollectionMutator", True, "add", "", "", "Argument[2]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection$CollectionMutator", True, "add", "", "", "Argument[2]", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection$CollectionMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "CompositeCollection$CollectionMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "IndexedCollection", True, "IndexedCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "IndexedCollection", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "IndexedCollection", True, "nonUniqueIndexedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "IndexedCollection", True, "uniqueIndexedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "IndexedCollection", True, "values", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection", True, "predicatedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "addAll", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedBag", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedMultiSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedQueue", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "createPredicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "PredicatedCollection$Builder", True, "rejectedElements", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "SynchronizedCollection", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "TransformedCollection", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "UnmodifiableBoundedCollection", True, "unmodifiableBoundedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.collection", "UnmodifiableCollection", True, "unmodifiableCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml b/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml
new file mode 100644
index 00000000000..73509f98b1a
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml
@@ -0,0 +1,81 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformIterator
+      - ["org.apache.commons.collections.iterators", "AbstractIteratorDecorator", True, "AbstractIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractListIteratorDecorator", True, "AbstractListIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractListIteratorDecorator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractMapIteratorDecorator", True, "AbstractMapIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractMapIteratorDecorator", True, "AbstractMapIteratorDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractMapIteratorDecorator", True, "getMapIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractMapIteratorDecorator", True, "getMapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractOrderedMapIteratorDecorator", True, "AbstractOrderedMapIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractOrderedMapIteratorDecorator", True, "AbstractOrderedMapIteratorDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractOrderedMapIteratorDecorator", True, "getOrderedMapIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractOrderedMapIteratorDecorator", True, "getOrderedMapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractUntypedIteratorDecorator", True, "AbstractUntypedIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "AbstractUntypedIteratorDecorator", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ArrayIterator", True, "ArrayIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ArrayIterator", True, "getArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ArrayListIterator", True, "ArrayListIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "BoundedIterator", True, "BoundedIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Collection)", "", "Argument[1].Element.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator,Iterator)", "", "Argument[2].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator[])", "", "Argument[1].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "addIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "getIterators", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "CollatingIterator", True, "setIterator", "", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "EnumerationIterator", True, "EnumerationIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "EnumerationIterator", True, "getEnumeration", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "EnumerationIterator", True, "setEnumeration", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterIterator", True, "FilterIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterIterator", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterIterator", True, "setIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterListIterator", True, "FilterListIterator", "(ListIterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterListIterator", True, "FilterListIterator", "(ListIterator,Predicate)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterListIterator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "FilterListIterator", True, "setListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "IteratorChain", "(Collection)", "", "Argument[0].Element.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "IteratorChain", "(Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "IteratorChain", "(Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "IteratorChain", "(Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "IteratorChain", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorChain", True, "addIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorEnumeration", True, "IteratorEnumeration", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorEnumeration", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorEnumeration", True, "setIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "IteratorIterable", True, "IteratorIterable", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ListIteratorWrapper", True, "ListIteratorWrapper", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "LoopingIterator", True, "LoopingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "LoopingListIterator", True, "LoopingListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ObjectArrayIterator", True, "ObjectArrayIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ObjectArrayIterator", True, "getArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ObjectArrayListIterator", True, "ObjectArrayListIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PeekingIterator", True, "PeekingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PeekingIterator", True, "element", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PeekingIterator", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PeekingIterator", True, "peekingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PermutationIterator", True, "PermutationIterator", "", "", "Argument[0].Element", "Argument[-1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PushbackIterator", True, "PushbackIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PushbackIterator", True, "pushback", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "PushbackIterator", True, "pushbackIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ReverseListIterator", True, "ReverseListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "SingletonIterator", True, "SingletonIterator", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "SingletonListIterator", True, "SingletonListIterator", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "SkippingIterator", True, "SkippingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UniqueFilterIterator", True, "UniqueFilterIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableIterator", True, "unmodifiableIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableListIterator", True, "umodifiableListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableMapIterator", True, "unmodifiableMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableMapIterator", True, "unmodifiableMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableOrderedMapIterator", True, "unmodifiableOrderedMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "UnmodifiableOrderedMapIterator", True, "unmodifiableOrderedMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[2].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml b/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml
new file mode 100644
index 00000000000..d2c3e5652b5
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml
@@ -0,0 +1,60 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`,
+      # and when more general callable flow is supported we should model the package
+      # `org.apache.commons.collections4.sequence`.
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntry", True, "AbstractMapEntry", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntry", True, "AbstractMapEntry", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntryDecorator", True, "AbstractMapEntryDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntryDecorator", True, "AbstractMapEntryDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntryDecorator", True, "getMapEntry", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "AbstractMapEntryDecorator", True, "getMapEntry", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "toMapEntry", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultKeyValue", True, "toMapEntry", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[4]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "MultiKey", "(Object[],boolean)", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "MultiKey", True, "getKeys", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "TiedMapEntry", True, "TiedMapEntry", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "TiedMapEntry", True, "TiedMapEntry", "", "", "Argument[1]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.list.model.yml b/java/ql/lib/ext/org.apache.commons.collections.list.model.yml
new file mode 100644
index 00000000000..5fd3b418248
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.list.model.yml
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedList
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "AbstractLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "addFirst", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "addLast", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "getFirst", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "getLast", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "removeFirst", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "removeLast", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractListDecorator", True, "AbstractListDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "AbstractSerializableListDecorator", True, "AbstractSerializableListDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "CursorableLinkedList", True, "CursorableLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "CursorableLinkedList", True, "cursor", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "FixedSizeList", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "GrowthList", True, "growthList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "LazyList", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "NodeCachingLinkedList", True, "NodeCachingLinkedList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "PredicatedList", True, "predicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "SetUniqueList", True, "asSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "SetUniqueList", True, "setUniqueList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "TransformedList", True, "transformingList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "TreeList", True, "TreeList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "UnmodifiableList", True, "UnmodifiableList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.list", "UnmodifiableList", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.map.model.yml b/java/ql/lib/ext/org.apache.commons.collections.map.model.yml
new file mode 100644
index 00000000000..4e0ed31d72f
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.map.model.yml
@@ -0,0 +1,134 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap
+      - ["org.apache.commons.collections.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractMapDecorator", True, "AbstractMapDecorator", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractMapDecorator", True, "AbstractMapDecorator", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractMapDecorator", True, "decorated", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractMapDecorator", True, "decorated", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractOrderedMapDecorator", True, "AbstractOrderedMapDecorator", "(OrderedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractOrderedMapDecorator", True, "AbstractOrderedMapDecorator", "(OrderedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractSortedMapDecorator", True, "AbstractSortedMapDecorator", "(SortedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "AbstractSortedMapDecorator", True, "AbstractSortedMapDecorator", "(SortedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CaseInsensitiveMap", True, "CaseInsensitiveMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CaseInsensitiveMap", True, "CaseInsensitiveMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map[])", "", "Argument[0].ArrayElement.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map[])", "", "Argument[0].ArrayElement.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map[],MapMutator)", "", "Argument[0].ArrayElement.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "CompositeMap", "(Map[],MapMutator)", "", "Argument[0].ArrayElement.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "addComposited", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "addComposited", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "removeComposited", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "removeComposited", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "CompositeMap", True, "removeComposited", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "DefaultedMap", True, "DefaultedMap", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "DefaultedMap", True, "defaultedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "DefaultedMap", True, "defaultedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "DefaultedMap", True, "defaultedMap", "(Map,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "EntrySetToMapIteratorAdapter", True, "EntrySetToMapIteratorAdapter", "", "", "Argument[0].Element.MapKey", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "EntrySetToMapIteratorAdapter", True, "EntrySetToMapIteratorAdapter", "", "", "Argument[0].Element.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "FixedSizeMap", True, "fixedSizeMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "FixedSizeMap", True, "fixedSizeMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "FixedSizeSortedMap", True, "fixedSizeSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "FixedSizeSortedMap", True, "fixedSizeSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "Flat3Map", True, "Flat3Map", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "Flat3Map", True, "Flat3Map", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "HashedMap", True, "HashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "HashedMap", True, "HashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LRUMap", True, "LRUMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LRUMap", True, "LRUMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LRUMap", True, "LRUMap", "(Map,boolean)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LRUMap", True, "LRUMap", "(Map,boolean)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LRUMap", True, "get", "(Object,boolean)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LazyMap", True, "lazyMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LazyMap", True, "lazyMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LazySortedMap", True, "lazySortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LazySortedMap", True, "lazySortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "LinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "LinkedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "asList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "get", "(int)", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "getValue", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "LinkedMap", True, "remove", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "asList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "get", "(int)", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "getValue", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "keyList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "listOrderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "listOrderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "put", "", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "remove", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "setValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "ListOrderedMap", True, "valueList", "", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object)", "", "Argument[0..1]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object)", "", "Argument[0..2]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object)", "", "Argument[0..3]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object)", "", "Argument[4]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[0..4]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[5]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiKeyMap", True, "removeMultiKey", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "getCollection", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "iterator", "()", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "iterator", "()", "", "Argument[-1].MapValue.Element", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "iterator", "(Object)", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "multiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "multiValueMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "MultiValueMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(ExpirationPolicy,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(ExpirationPolicy,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,TimeUnit,Map)", "", "Argument[2].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,TimeUnit,Map)", "", "Argument[2].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PredicatedMap", True, "predicatedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PredicatedMap", True, "predicatedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PredicatedSortedMap", True, "predicatedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "PredicatedSortedMap", True, "predicatedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "SingletonMap", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "SingletonMap", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "TransformedMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "TransformedMap", True, "transformingMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "TransformedSortedMap", True, "transformingSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "TransformedSortedMap", True, "transformingSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableEntrySet", True, "unmodifiableEntrySet", "", "", "Argument[0].Element.MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableEntrySet", True, "unmodifiableEntrySet", "", "", "Argument[0].Element.MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableMap", True, "unmodifiableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableMap", True, "unmodifiableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableOrderedMap", True, "unmodifiableOrderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableOrderedMap", True, "unmodifiableOrderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableSortedMap", True, "unmodifiableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.map", "UnmodifiableSortedMap", True, "unmodifiableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.model.yml b/java/ql/lib/ext/org.apache.commons.collections.model.yml
new file mode 100644
index 00000000000..2df5f5772a4
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.model.yml
@@ -0,0 +1,377 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform
+      # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`,
+      # and when more general callable flow is supported we should model the package
+      # `org.apache.commons.collections4.sequence`.
+      # Note that when lambdas are supported we should have more models for populateMap
+      # Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform
+      # Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator
+      - ["org.apache.commons.collections", "ArrayStack", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ArrayStack", True, "pop", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ArrayStack", True, "push", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ArrayStack", True, "push", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Bag", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "Bag", True, "uniqueSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "collectionBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "predicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "predicatedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "synchronizedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "synchronizedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "transformingBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "transformingSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "unmodifiableBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BagUtils", True, "unmodifiableSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "BidiMap", True, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "BidiMap", True, "inverseBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "BidiMap", True, "inverseBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "BidiMap", True, "removeValue", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "addAll", "(Collection,Enumeration)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "addAll", "(Collection,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "addAll", "(Collection,Iterator)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "addAll", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "addIgnoreNull", "", "", "Argument[1]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "collate", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "collate", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "disjunction", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "disjunction", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "extractSingleton", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Map,int)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Map,int)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "getCardinalityMap", "", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "permutations", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "predicatedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "removeAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "retainAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[0].Element", "Argument[3].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `CollectionUtils.transformingCollection` does not transform existing list elements
+      - ["org.apache.commons.collections", "CollectionUtils", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "CollectionUtils", True, "unmodifiableCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "EnumerationUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "EnumerationUtils", True, "toList", "(Enumeration)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "EnumerationUtils", True, "toList", "(StringTokenizer)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "append", "(Iterable)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "append", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "append", "(Object[])", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "append", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "asEnumeration", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "collate", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "collate", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "copyInto", "", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "eval", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "filter", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "limit", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "loop", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "of", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "of", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "reverse", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "skip", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "toList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "unique", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "unmodifiable", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "zip", "(Iterable)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "zip", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "zip", "(Iterable[])", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "FluentIterable", True, "zip", "(Iterable[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "entrySet", "", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "entrySet", "", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Get", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableGet", True, "mapIterator", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableGet", True, "mapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "boundedIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[3].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "chainedIterable", "(Iterable[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "collatedIterable", "(Comparator,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "collatedIterable", "(Comparator,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "collatedIterable", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "collatedIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "filteredIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "first", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "forEachButLast", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "loopingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "partition", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "reversedIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "skippingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "toList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "toString", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "toString", "", "", "Argument[3]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "toString", "", "", "Argument[4]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "uniqueIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "unmodifiableIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "zippingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "zippingIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IterableUtils", True, "zippingIterable", "(Iterable,Iterable[])", "", "Argument[1].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "arrayIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "arrayListIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "asEnumeration", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "asIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "asIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "asMultipleUseIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "boundedIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "chainedIterator", "(Collection)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "chainedIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "chainedIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "chainedIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "collatedIterator", "(Comparator,Collection)", "", "Argument[1].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator,Iterator)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator[])", "", "Argument[1].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "filteredIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "filteredListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "first", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "forEachButLast", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "getIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "getIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "getIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "getIterator", "", "", "Argument[0].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "loopingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "loopingListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "peekingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "pushbackIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "singletonIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "singletonListIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "skippingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toString", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toString", "", "", "Argument[3]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "toString", "", "", "Argument[4]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "unmodifiableIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "unmodifiableListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "unmodifiableMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "unmodifiableMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "IteratorUtils", True, "zippingIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "KeyValue", True, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "KeyValue", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "defaultIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "defaultIfNull", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `ListUtils.lazyList` does not transform existing list elements
+      - ["org.apache.commons.collections", "ListUtils", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(List,List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(List,List)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(List,List,Equator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(List,List,Equator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "partition", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "predicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "removeAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "retainAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "select", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "selectRejected", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "sum", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "sum", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "synchronizedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `ListUtils.transformedList` does not transform existing list elements
+      - ["org.apache.commons.collections", "ListUtils", True, "transformedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "ListUtils", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that MapIterator<K, V> implements Iterator<K>, so it iterates over the keys of the map.
+      # In order for the models of Iterator to work we have to use Element instead of MapKey for key data.
+      - ["org.apache.commons.collections", "MapIterator", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapIterator", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapIterator", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapIterator", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "fixedSizeMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "fixedSizeMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "fixedSizeSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "fixedSizeSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getMap", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getMap", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getObject", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getObject", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getString", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "getString", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "invertMap", "", "", "Argument[0].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "invertMap", "", "", "Argument[0].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "iterableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "iterableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "iterableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "iterableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "lazyMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "lazyMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "lazySortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "lazySortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "multiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "multiValueMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "orderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "orderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "populateMap", "(Map,Iterable,Transformer)", "", "Argument[1].Element", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "populateMap", "(MultiMap,Iterable,Transformer)", "", "Argument[1].Element", "Argument[0].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "predicatedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "predicatedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "predicatedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "predicatedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapKey", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapValue", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "safeAddToMap", "", "", "Argument[1]", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "safeAddToMap", "", "", "Argument[2]", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "synchronizedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "synchronizedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "synchronizedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "synchronizedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "toMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "toMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "transformedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "transformedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "transformedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "transformedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "unmodifiableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "unmodifiableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMap", True, "get", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMap", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "getCollection", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "getValuesAsBag", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "getValuesAsList", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "getValuesAsSet", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "transformedMultiValuedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "transformedMultiValuedMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "unmodifiableMultiValuedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiMapUtils", True, "unmodifiableMultiValuedMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSet", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSet", True, "entrySet", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSet", True, "uniqueSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSet$Entry", True, "getElement", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSetUtils", True, "predicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSetUtils", True, "synchronizedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiSetUtils", True, "unmodifiableMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "asMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "asMap", "", "", "Argument[-1].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "entries", "", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "entries", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "get", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "keySet", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "keys", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "mapIterator", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "mapIterator", "", "", "Argument[-1].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(Object,Iterable)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "putAll", "(Object,Iterable)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "remove", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "MultiValuedMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "OrderedIterator", True, "previous", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "OrderedMap", True, "firstKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "OrderedMap", True, "lastKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "OrderedMap", True, "nextKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "OrderedMap", True, "previousKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Put", True, "put", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Put", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "Put", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Put", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "Put", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "QueueUtils", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "QueueUtils", True, "synchronizedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "QueueUtils", True, "transformingQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "QueueUtils", True, "unmodifiableQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "difference", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "disjunction", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "disjunction", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "hashSet", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "orderedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "predicatedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "predicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "predicatedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "synchronizedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "synchronizedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "transformedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "transformedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "transformedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "unmodifiableNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "unmodifiableSet", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "unmodifiableSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils", True, "unmodifiableSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils$SetView", True, "copyInto", "", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils$SetView", True, "createIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SetUtils$SetView", True, "toSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections", "SortedBag", True, "first", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "SortedBag", True, "last", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections", "SplitMapUtils", True, "readableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "SplitMapUtils", True, "readableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "SplitMapUtils", True, "writableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "SplitMapUtils", True, "writableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "Trie", True, "prefixMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "Trie", True, "prefixMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections", "TrieUtils", True, "unmodifiableTrie", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections", "TrieUtils", True, "unmodifiableTrie", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml
new file mode 100644
index 00000000000..97ad092bc08
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedMultiValuedMap
+      - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "TransformedMultiValuedMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "TransformedMultiValuedMap", True, "transformingMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "UnmodifiableMultiValuedMap", True, "unmodifiableMultiValuedMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.multimap", "UnmodifiableMultiValuedMap", True, "unmodifiableMultiValuedMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.multiset.model.yml b/java/ql/lib/ext/org.apache.commons.collections.multiset.model.yml
new file mode 100644
index 00000000000..4423d4b1f91
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.multiset.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections.multiset", "HashMultiSet", True, "HashMultiSet", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.multiset", "PredicatedMultiSet", True, "predicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multiset", "SynchronizedMultiSet", True, "synchronizedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.multiset", "UnmodifiableMultiSet", True, "unmodifiableMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.properties.model.yml b/java/ql/lib/ext/org.apache.commons.collections.properties.model.yml
new file mode 100644
index 00000000000..f149889197e
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.properties.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(ClassLoader,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(File)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections.properties", "AbstractPropertiesFactory", True, "load", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml b/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml
new file mode 100644
index 00000000000..3a88fbf5fa4
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedQueue
+      - ["org.apache.commons.collections.queue", "CircularFifoQueue", True, "CircularFifoQueue", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.queue", "CircularFifoQueue", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.queue", "PredicatedQueue", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.queue", "SynchronizedQueue", True, "synchronizedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.queue", "TransformedQueue", True, "transformingQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.queue", "UnmodifiableQueue", True, "unmodifiableQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.set.model.yml b/java/ql/lib/ext/org.apache.commons.collections.set.model.yml
new file mode 100644
index 00000000000..c6288adf72c
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.set.model.yml
@@ -0,0 +1,37 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedNavigableSet
+      - ["org.apache.commons.collections.set", "AbstractNavigableSetDecorator", True, "AbstractNavigableSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "AbstractSetDecorator", True, "AbstractSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "AbstractSortedSetDecorator", True, "AbstractSortedSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "CompositeSet", "(Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "CompositeSet", "(Set[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "addComposited", "(Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "addComposited", "(Set,Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "addComposited", "(Set,Set)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "addComposited", "(Set[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "getSets", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet", True, "toSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet$SetMutator", True, "add", "", "", "Argument[2]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet$SetMutator", True, "add", "", "", "Argument[2]", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "add", "", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "addAll", "", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "asList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "listOrderedSet", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "ListOrderedSet", True, "listOrderedSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "MapBackedSet", True, "mapBackedSet", "", "", "Argument[0].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "PredicatedNavigableSet", True, "predicatedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "PredicatedSet", True, "predicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "PredicatedSortedSet", True, "predicatedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "TransformedNavigableSet", True, "transformingNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "TransformedSet", True, "transformingSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "TransformedSortedSet", True, "transformingSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "UnmodifiableNavigableSet", True, "unmodifiableNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "UnmodifiableSet", True, "unmodifiableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections.set", "UnmodifiableSortedSet", True, "unmodifiableSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml b/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml
new file mode 100644
index 00000000000..65cc1a66fdf
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedSplitMap
+      - ["org.apache.commons.collections.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml b/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml
new file mode 100644
index 00000000000..c58ca641902
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedSplitMap
+      - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "selectKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "selectValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "PatriciaTrie", True, "PatriciaTrie", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "PatriciaTrie", True, "PatriciaTrie", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "UnmodifiableTrie", True, "unmodifiableTrie", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections.trie", "UnmodifiableTrie", True, "unmodifiableTrie", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml
new file mode 100644
index 00000000000..9df2c7aba94
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml
@@ -0,0 +1,24 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag
+      - ["org.apache.commons.collections4.bag", "AbstractBagDecorator", True, "AbstractBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "AbstractMapBag", True, "AbstractMapBag", "", "", "Argument[0].MapKey", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "AbstractMapBag", True, "getMap", "", "", "Argument[-1].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "AbstractSortedBagDecorator", True, "AbstractSortedBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "CollectionBag", True, "CollectionBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "CollectionBag", True, "collectionBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "CollectionSortedBag", True, "CollectionSortedBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "CollectionSortedBag", True, "collectionSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "HashBag", True, "HashBag", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "PredicatedBag", True, "predicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "PredicatedSortedBag", True, "predicatedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "SynchronizedBag", True, "synchronizedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "SynchronizedSortedBag", True, "synchronizedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "TransformedBag", True, "transformedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "TransformedSortedBag", True, "transformedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "TreeBag", True, "TreeBag", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "UnmodifiableBag", True, "unmodifiableBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.bag", "UnmodifiableSortedBag", True, "unmodifiableSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.bidimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.bidimap.model.yml
new file mode 100644
index 00000000000..1a6a3cbab9e
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.bidimap.model.yml
@@ -0,0 +1,37 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections4.bidimap", "AbstractBidiMapDecorator", True, "AbstractBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractBidiMapDecorator", True, "AbstractBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[1].MapKey", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[1].MapValue", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[2].MapKey", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractDualBidiMap", True, "AbstractDualBidiMap", "", "", "Argument[2].MapValue", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractOrderedBidiMapDecorator", True, "AbstractOrderedBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractOrderedBidiMapDecorator", True, "AbstractOrderedBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractSortedBidiMapDecorator", True, "AbstractSortedBidiMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "AbstractSortedBidiMapDecorator", True, "AbstractSortedBidiMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualHashBidiMap", True, "DualHashBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualHashBidiMap", True, "DualHashBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualLinkedHashBidiMap", True, "DualLinkedHashBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualLinkedHashBidiMap", True, "DualLinkedHashBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "DualTreeBidiMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "DualTreeBidiMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "inverseSortedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "DualTreeBidiMap", True, "inverseSortedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "TreeBidiMap", True, "TreeBidiMap", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "TreeBidiMap", True, "TreeBidiMap", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableBidiMap", True, "unmodifiableBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableBidiMap", True, "unmodifiableBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableOrderedBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableOrderedBidiMap", True, "inverseOrderedBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableOrderedBidiMap", True, "unmodifiableOrderedBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableOrderedBidiMap", True, "unmodifiableOrderedBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableSortedBidiMap", True, "unmodifiableSortedBidiMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.bidimap", "UnmodifiableSortedBidiMap", True, "unmodifiableSortedBidiMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml
new file mode 100644
index 00000000000..7533350620b
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml
@@ -0,0 +1,46 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedCollection
+      - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "AbstractCollectionDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "decorated", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "setCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "CompositeCollection", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "CompositeCollection", "(Collection,Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "CompositeCollection", "(Collection,Collection)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "CompositeCollection", "(Collection[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "addComposited", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "addComposited", "(Collection,Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "addComposited", "(Collection,Collection)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "addComposited", "(Collection[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "getCollections", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection", True, "toCollection", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection$CollectionMutator", True, "add", "", "", "Argument[2]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection$CollectionMutator", True, "add", "", "", "Argument[2]", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection$CollectionMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "CompositeCollection$CollectionMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "IndexedCollection", True, "IndexedCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "IndexedCollection", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "IndexedCollection", True, "nonUniqueIndexedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "IndexedCollection", True, "uniqueIndexedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "IndexedCollection", True, "values", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection", True, "predicatedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "addAll", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedBag", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedMultiSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedQueue", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "createPredicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "PredicatedCollection$Builder", True, "rejectedElements", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "SynchronizedCollection", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "TransformedCollection", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "UnmodifiableBoundedCollection", True, "unmodifiableBoundedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.collection", "UnmodifiableCollection", True, "unmodifiableCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml
new file mode 100644
index 00000000000..8fe0e4578f9
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml
@@ -0,0 +1,81 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformIterator
+      - ["org.apache.commons.collections4.iterators", "AbstractIteratorDecorator", True, "AbstractIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractListIteratorDecorator", True, "AbstractListIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractListIteratorDecorator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractMapIteratorDecorator", True, "AbstractMapIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractMapIteratorDecorator", True, "AbstractMapIteratorDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractMapIteratorDecorator", True, "getMapIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractMapIteratorDecorator", True, "getMapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractOrderedMapIteratorDecorator", True, "AbstractOrderedMapIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractOrderedMapIteratorDecorator", True, "AbstractOrderedMapIteratorDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractOrderedMapIteratorDecorator", True, "getOrderedMapIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractOrderedMapIteratorDecorator", True, "getOrderedMapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractUntypedIteratorDecorator", True, "AbstractUntypedIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "AbstractUntypedIteratorDecorator", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ArrayIterator", True, "ArrayIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ArrayIterator", True, "getArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ArrayListIterator", True, "ArrayListIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "BoundedIterator", True, "BoundedIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Collection)", "", "Argument[1].Element.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator,Iterator)", "", "Argument[2].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "CollatingIterator", "(Comparator,Iterator[])", "", "Argument[1].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "addIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "getIterators", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "CollatingIterator", True, "setIterator", "", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "EnumerationIterator", True, "EnumerationIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "EnumerationIterator", True, "getEnumeration", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "EnumerationIterator", True, "setEnumeration", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterIterator", True, "FilterIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterIterator", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterIterator", True, "setIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterListIterator", True, "FilterListIterator", "(ListIterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterListIterator", True, "FilterListIterator", "(ListIterator,Predicate)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterListIterator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "FilterListIterator", True, "setListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "IteratorChain", "(Collection)", "", "Argument[0].Element.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "IteratorChain", "(Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "IteratorChain", "(Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "IteratorChain", "(Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "IteratorChain", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorChain", True, "addIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorEnumeration", True, "IteratorEnumeration", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorEnumeration", True, "getIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorEnumeration", True, "setIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "IteratorIterable", True, "IteratorIterable", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ListIteratorWrapper", True, "ListIteratorWrapper", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "LoopingIterator", True, "LoopingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "LoopingListIterator", True, "LoopingListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ObjectArrayIterator", True, "ObjectArrayIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ObjectArrayIterator", True, "getArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ObjectArrayListIterator", True, "ObjectArrayListIterator", "", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PeekingIterator", True, "PeekingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PeekingIterator", True, "element", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PeekingIterator", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PeekingIterator", True, "peekingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PermutationIterator", True, "PermutationIterator", "", "", "Argument[0].Element", "Argument[-1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PushbackIterator", True, "PushbackIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PushbackIterator", True, "pushback", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "PushbackIterator", True, "pushbackIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ReverseListIterator", True, "ReverseListIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "SingletonIterator", True, "SingletonIterator", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "SingletonListIterator", True, "SingletonListIterator", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "SkippingIterator", True, "SkippingIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UniqueFilterIterator", True, "UniqueFilterIterator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableIterator", True, "unmodifiableIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableListIterator", True, "umodifiableListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableMapIterator", True, "unmodifiableMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableMapIterator", True, "unmodifiableMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableOrderedMapIterator", True, "unmodifiableOrderedMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "UnmodifiableOrderedMapIterator", True, "unmodifiableOrderedMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[2].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.iterators", "ZippingIterator", True, "ZippingIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml
new file mode 100644
index 00000000000..e662c6348bd
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml
@@ -0,0 +1,60 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`,
+      # and when more general callable flow is supported we should model the package
+      # `org.apache.commons.collections4.sequence`.
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntry", True, "AbstractMapEntry", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntry", True, "AbstractMapEntry", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntryDecorator", True, "AbstractMapEntryDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntryDecorator", True, "AbstractMapEntryDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntryDecorator", True, "getMapEntry", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "AbstractMapEntryDecorator", True, "getMapEntry", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "DefaultKeyValue", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "toMapEntry", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultKeyValue", True, "toMapEntry", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "DefaultMapEntry", True, "DefaultMapEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[2]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object,Object,Object,Object,Object)", "", "Argument[4]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "MultiKey", "(Object[],boolean)", "", "Argument[0].ArrayElement", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "MultiKey", True, "getKeys", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "TiedMapEntry", True, "TiedMapEntry", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "TiedMapEntry", True, "TiedMapEntry", "", "", "Argument[1]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.keyvalue", "UnmodifiableMapEntry", True, "UnmodifiableMapEntry", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml
new file mode 100644
index 00000000000..b0e01ed6929
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedList
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "AbstractLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "addFirst", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "addLast", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "getFirst", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "getLast", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "removeFirst", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "removeLast", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractListDecorator", True, "AbstractListDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "AbstractSerializableListDecorator", True, "AbstractSerializableListDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "CursorableLinkedList", True, "CursorableLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "CursorableLinkedList", True, "cursor", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "FixedSizeList", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "GrowthList", True, "growthList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "LazyList", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "NodeCachingLinkedList", True, "NodeCachingLinkedList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "PredicatedList", True, "predicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "SetUniqueList", True, "asSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "SetUniqueList", True, "setUniqueList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "TransformedList", True, "transformingList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "TreeList", True, "TreeList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "UnmodifiableList", True, "UnmodifiableList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.list", "UnmodifiableList", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml
new file mode 100644
index 00000000000..385f73050d5
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml
@@ -0,0 +1,134 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap
+      - ["org.apache.commons.collections4.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractMapDecorator", True, "AbstractMapDecorator", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractMapDecorator", True, "AbstractMapDecorator", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractMapDecorator", True, "decorated", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractMapDecorator", True, "decorated", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractOrderedMapDecorator", True, "AbstractOrderedMapDecorator", "(OrderedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractOrderedMapDecorator", True, "AbstractOrderedMapDecorator", "(OrderedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractSortedMapDecorator", True, "AbstractSortedMapDecorator", "(SortedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "AbstractSortedMapDecorator", True, "AbstractSortedMapDecorator", "(SortedMap)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CaseInsensitiveMap", True, "CaseInsensitiveMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CaseInsensitiveMap", True, "CaseInsensitiveMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map,Map,MapMutator)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map[])", "", "Argument[0].ArrayElement.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map[])", "", "Argument[0].ArrayElement.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map[],MapMutator)", "", "Argument[0].ArrayElement.MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "CompositeMap", "(Map[],MapMutator)", "", "Argument[0].ArrayElement.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "addComposited", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "addComposited", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "removeComposited", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "removeComposited", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "CompositeMap", True, "removeComposited", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "DefaultedMap", True, "DefaultedMap", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "DefaultedMap", True, "defaultedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "DefaultedMap", True, "defaultedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "DefaultedMap", True, "defaultedMap", "(Map,Object)", "", "Argument[1]", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "EntrySetToMapIteratorAdapter", True, "EntrySetToMapIteratorAdapter", "", "", "Argument[0].Element.MapKey", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "EntrySetToMapIteratorAdapter", True, "EntrySetToMapIteratorAdapter", "", "", "Argument[0].Element.MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "FixedSizeMap", True, "fixedSizeMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "FixedSizeMap", True, "fixedSizeMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "FixedSizeSortedMap", True, "fixedSizeSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "FixedSizeSortedMap", True, "fixedSizeSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "Flat3Map", True, "Flat3Map", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "Flat3Map", True, "Flat3Map", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "HashedMap", True, "HashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "HashedMap", True, "HashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LRUMap", True, "LRUMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LRUMap", True, "LRUMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LRUMap", True, "LRUMap", "(Map,boolean)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LRUMap", True, "LRUMap", "(Map,boolean)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LRUMap", True, "get", "(Object,boolean)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LazyMap", True, "lazyMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LazyMap", True, "lazyMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LazySortedMap", True, "lazySortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LazySortedMap", True, "lazySortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "LinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "LinkedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "asList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "get", "(int)", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "getValue", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "LinkedMap", True, "remove", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "asList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "get", "(int)", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "getValue", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "keyList", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "listOrderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "listOrderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "remove", "(int)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "setValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "ListOrderedMap", True, "valueList", "", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object)", "", "Argument[0..1]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object)", "", "Argument[2]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object)", "", "Argument[0..2]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object)", "", "Argument[3]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object)", "", "Argument[0..3]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object)", "", "Argument[4]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[0..4]", "Argument[-1].MapKey.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[5]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiKeyMap", True, "removeMultiKey", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "getCollection", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "iterator", "()", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "iterator", "()", "", "Argument[-1].MapValue.Element", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "iterator", "(Object)", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "multiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "multiValueMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "MultiValueMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(ExpirationPolicy,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(ExpirationPolicy,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,Map)", "", "Argument[1].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,Map)", "", "Argument[1].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,TimeUnit,Map)", "", "Argument[2].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(long,TimeUnit,Map)", "", "Argument[2].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PredicatedMap", True, "predicatedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PredicatedMap", True, "predicatedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PredicatedSortedMap", True, "predicatedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "PredicatedSortedMap", True, "predicatedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Entry)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Entry)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(KeyValue)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(KeyValue)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "SingletonMap", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "SingletonMap", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "TransformedMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "TransformedMap", True, "transformingMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "TransformedSortedMap", True, "transformingSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "TransformedSortedMap", True, "transformingSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableEntrySet", True, "unmodifiableEntrySet", "", "", "Argument[0].Element.MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableEntrySet", True, "unmodifiableEntrySet", "", "", "Argument[0].Element.MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableMap", True, "unmodifiableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableMap", True, "unmodifiableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableOrderedMap", True, "unmodifiableOrderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableOrderedMap", True, "unmodifiableOrderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableSortedMap", True, "unmodifiableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.map", "UnmodifiableSortedMap", True, "unmodifiableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.model.yml
new file mode 100644
index 00000000000..218da08ca22
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.model.yml
@@ -0,0 +1,377 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform
+      # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`,
+      # and when more general callable flow is supported we should model the package
+      # `org.apache.commons.collections4.sequence`.
+      # Note that when lambdas are supported we should have more models for populateMap
+      # Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform
+      # Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator
+      - ["org.apache.commons.collections4", "ArrayStack", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ArrayStack", True, "pop", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ArrayStack", True, "push", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ArrayStack", True, "push", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Bag", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "Bag", True, "uniqueSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "collectionBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "predicatedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "predicatedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "synchronizedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "synchronizedSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "transformingBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "transformingSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "unmodifiableBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BagUtils", True, "unmodifiableSortedBag", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "BidiMap", True, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "BidiMap", True, "inverseBidiMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "BidiMap", True, "inverseBidiMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "BidiMap", True, "removeValue", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "addAll", "(Collection,Enumeration)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "addAll", "(Collection,Iterable)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "addAll", "(Collection,Iterator)", "", "Argument[1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "addAll", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "addIgnoreNull", "", "", "Argument[1]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "collate", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "collate", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "disjunction", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "disjunction", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "extractSingleton", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Iterable,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Iterator,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Map,int)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Map,int)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "get", "(Object,int)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "getCardinalityMap", "", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "permutations", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "predicatedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "removeAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "retainAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[0].Element", "Argument[3].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "select", "(Iterable,Predicate,Collection,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[0].Element", "Argument[2].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `CollectionUtils.transformingCollection` does not transform existing list elements
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "CollectionUtils", True, "unmodifiableCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "EnumerationUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "EnumerationUtils", True, "toList", "(Enumeration)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "EnumerationUtils", True, "toList", "(StringTokenizer)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "append", "(Iterable)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "append", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "append", "(Object[])", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "append", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "asEnumeration", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "collate", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "collate", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "copyInto", "", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "eval", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "filter", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "limit", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "loop", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "of", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "of", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "reverse", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "skip", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "toList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "unique", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "unmodifiable", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "zip", "(Iterable)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "zip", "(Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "zip", "(Iterable[])", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "FluentIterable", True, "zip", "(Iterable[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "entrySet", "", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "entrySet", "", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Get", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableGet", True, "mapIterator", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableGet", True, "mapIterator", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "boundedIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable,Iterable,Iterable,Iterable)", "", "Argument[3].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "chainedIterable", "(Iterable[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "collatedIterable", "(Comparator,Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "collatedIterable", "(Comparator,Iterable,Iterable)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "collatedIterable", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "collatedIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "filteredIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "first", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "forEachButLast", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "loopingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "partition", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "reversedIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "skippingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "toList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "toString", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "toString", "", "", "Argument[3]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "toString", "", "", "Argument[4]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "uniqueIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "unmodifiableIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "zippingIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "zippingIterable", "(Iterable,Iterable)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IterableUtils", True, "zippingIterable", "(Iterable,Iterable[])", "", "Argument[1].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "arrayIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "arrayListIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "asEnumeration", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "asIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "asIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "asMultipleUseIterable", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "boundedIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "chainedIterator", "(Collection)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "chainedIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "chainedIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "chainedIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "collatedIterator", "(Comparator,Collection)", "", "Argument[1].Element.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator,Iterator)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "collatedIterator", "(Comparator,Iterator[])", "", "Argument[1].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "filteredIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "filteredListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "find", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "first", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "forEachButLast", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "get", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "getIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "getIterator", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "getIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "getIterator", "", "", "Argument[0].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "loopingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "loopingListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "peekingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "pushbackIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "singletonIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "singletonListIterator", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "skippingIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toString", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toString", "", "", "Argument[3]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "toString", "", "", "Argument[4]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "unmodifiableIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "unmodifiableListIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "unmodifiableMapIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "unmodifiableMapIterator", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator,Iterator,Iterator)", "", "Argument[2].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "IteratorUtils", True, "zippingIterator", "(Iterator[])", "", "Argument[0].ArrayElement.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "KeyValue", True, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "KeyValue", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "defaultIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "defaultIfNull", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `ListUtils.lazyList` does not transform existing list elements
+      - ["org.apache.commons.collections4", "ListUtils", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(List,List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(List,List)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(List,List,Equator)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(List,List,Equator)", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "partition", "", "", "Argument[0].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "predicatedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "removeAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "retainAll", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "select", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "selectRejected", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "sum", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "sum", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "synchronizedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that `ListUtils.transformedList` does not transform existing list elements
+      - ["org.apache.commons.collections4", "ListUtils", True, "transformedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "ListUtils", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      # Note that MapIterator<K, V> implements Iterator<K>, so it iterates over the keys of the map.
+      # In order for the models of Iterator to work we have to use Element instead of MapKey for key data.
+      - ["org.apache.commons.collections4", "MapIterator", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapIterator", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapIterator", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapIterator", True, "setValue", "", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "fixedSizeMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "fixedSizeMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "fixedSizeSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "fixedSizeSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getMap", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getMap", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getObject", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getObject", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getString", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "getString", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "invertMap", "", "", "Argument[0].MapKey", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "invertMap", "", "", "Argument[0].MapValue", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "iterableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "iterableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "iterableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "iterableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "lazyMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "lazyMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "lazySortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "lazySortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "multiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "multiValueMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "orderedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "orderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "populateMap", "(Map,Iterable,Transformer)", "", "Argument[1].Element", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "populateMap", "(MultiMap,Iterable,Transformer)", "", "Argument[1].Element", "Argument[0].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "predicatedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "predicatedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "predicatedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "predicatedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.ArrayElement", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapKey", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapValue", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "putAll", "", "", "Argument[1].ArrayElement.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "safeAddToMap", "", "", "Argument[1]", "Argument[0].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "safeAddToMap", "", "", "Argument[2]", "Argument[0].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "synchronizedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "synchronizedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "synchronizedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "synchronizedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "toMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "toMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "transformedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "transformedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "transformedSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "transformedSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMap", True, "get", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "getCollection", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "getValuesAsBag", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "getValuesAsList", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "getValuesAsSet", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "transformedMultiValuedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "transformedMultiValuedMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "unmodifiableMultiValuedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiMapUtils", True, "unmodifiableMultiValuedMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSet", True, "add", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSet", True, "entrySet", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSet", True, "uniqueSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSet$Entry", True, "getElement", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSetUtils", True, "predicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSetUtils", True, "synchronizedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiSetUtils", True, "unmodifiableMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "asMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "asMap", "", "", "Argument[-1].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "entries", "", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "entries", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "get", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "keySet", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "keys", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "mapIterator", "", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "mapIterator", "", "", "Argument[-1].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(Object,Iterable)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "putAll", "(Object,Iterable)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "remove", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "MultiValuedMap", True, "values", "", "", "Argument[-1].MapValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "OrderedIterator", True, "previous", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "OrderedMap", True, "firstKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "OrderedMap", True, "lastKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "OrderedMap", True, "nextKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "OrderedMap", True, "previousKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Put", True, "put", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Put", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "Put", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Put", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "Put", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "QueueUtils", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "QueueUtils", True, "synchronizedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "QueueUtils", True, "transformingQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "QueueUtils", True, "unmodifiableQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "difference", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "disjunction", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "disjunction", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "hashSet", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "orderedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "predicatedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "predicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "predicatedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "synchronizedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "synchronizedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "transformedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "transformedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "transformedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "unmodifiableNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "unmodifiableSet", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "unmodifiableSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils", True, "unmodifiableSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils$SetView", True, "copyInto", "", "", "Argument[-1].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils$SetView", True, "createIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SetUtils$SetView", True, "toSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4", "SortedBag", True, "first", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "SortedBag", True, "last", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "SplitMapUtils", True, "readableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "SplitMapUtils", True, "readableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "SplitMapUtils", True, "writableMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "SplitMapUtils", True, "writableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "Trie", True, "prefixMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "Trie", True, "prefixMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4", "TrieUtils", True, "unmodifiableTrie", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4", "TrieUtils", True, "unmodifiableTrie", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml
new file mode 100644
index 00000000000..6bd01379d9e
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedMultiValuedMap
+      - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "HashSetValuedHashMap", True, "HashSetValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "TransformedMultiValuedMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "TransformedMultiValuedMap", True, "transformingMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "UnmodifiableMultiValuedMap", True, "unmodifiableMultiValuedMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.multimap", "UnmodifiableMultiValuedMap", True, "unmodifiableMultiValuedMap", "(MultiValuedMap)", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.multiset.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.multiset.model.yml
new file mode 100644
index 00000000000..c3da82c1b7a
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.multiset.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections4.multiset", "HashMultiSet", True, "HashMultiSet", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multiset", "PredicatedMultiSet", True, "predicatedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multiset", "SynchronizedMultiSet", True, "synchronizedMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.multiset", "UnmodifiableMultiSet", True, "unmodifiableMultiSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.properties.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.properties.model.yml
new file mode 100644
index 00000000000..9187922313a
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.properties.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(ClassLoader,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(File)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.collections4.properties", "AbstractPropertiesFactory", True, "load", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml
new file mode 100644
index 00000000000..b2cab2a0594
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedQueue
+      - ["org.apache.commons.collections4.queue", "CircularFifoQueue", True, "CircularFifoQueue", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.queue", "CircularFifoQueue", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.queue", "PredicatedQueue", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.queue", "SynchronizedQueue", True, "synchronizedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.queue", "TransformedQueue", True, "transformingQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.queue", "UnmodifiableQueue", True, "unmodifiableQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml
new file mode 100644
index 00000000000..deafbdffaaf
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml
@@ -0,0 +1,37 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedNavigableSet
+      - ["org.apache.commons.collections4.set", "AbstractNavigableSetDecorator", True, "AbstractNavigableSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "AbstractSetDecorator", True, "AbstractSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "AbstractSortedSetDecorator", True, "AbstractSortedSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "CompositeSet", "(Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "CompositeSet", "(Set[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "addComposited", "(Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "addComposited", "(Set,Set)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "addComposited", "(Set,Set)", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "addComposited", "(Set[])", "", "Argument[0].ArrayElement.Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "getSets", "", "", "Argument[-1].Element", "ReturnValue.Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet", True, "toSet", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "add", "", "", "Argument[2]", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "add", "", "", "Argument[2]", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[0].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[1].Element.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "add", "", "", "Argument[1]", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "addAll", "", "", "Argument[1].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "asList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "listOrderedSet", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "ListOrderedSet", True, "listOrderedSet", "(Set)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "MapBackedSet", True, "mapBackedSet", "", "", "Argument[0].MapKey", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "PredicatedNavigableSet", True, "predicatedNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "PredicatedSet", True, "predicatedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "PredicatedSortedSet", True, "predicatedSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "TransformedNavigableSet", True, "transformingNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "TransformedSet", True, "transformingSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "TransformedSortedSet", True, "transformingSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "UnmodifiableNavigableSet", True, "unmodifiableNavigableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "UnmodifiableSet", True, "unmodifiableSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.apache.commons.collections4.set", "UnmodifiableSortedSet", True, "unmodifiableSortedSet", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml
new file mode 100644
index 00000000000..7190dac37a0
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedSplitMap
+      - ["org.apache.commons.collections4.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml
new file mode 100644
index 00000000000..7c7195d54dc
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Note that when lambdas are supported we should have more models for TransformedSplitMap
+      - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "selectKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "selectValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "PatriciaTrie", True, "PatriciaTrie", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "PatriciaTrie", True, "PatriciaTrie", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "UnmodifiableTrie", True, "unmodifiableTrie", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.collections4.trie", "UnmodifiableTrie", True, "unmodifiableTrie", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml
new file mode 100644
index 00000000000..d00be2099de
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.io.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      # Models that are not yet auto generated or where the generated summaries will
+      # be ignored.
+      # Note that if a callable has any handwritten summary, all generated summaries
+      # will be ignored for that callable.
+      - ["org.apache.commons.io", "IOUtils", False, "toBufferedInputStream", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.io", "IOUtils", True, "toByteArray", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.io", "IOUtils", True, "toByteArray", "(Reader,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.io", "IOUtils", True, "writeLines", "(Collection,String,Writer)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
+      - ["org.apache.commons.io", "IOUtils", True, "writeLines", "(Collection,String,Writer)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.jexl2.model.yml b/java/ql/lib/ext/org.apache.commons.jexl2.model.yml
new file mode 100644
index 00000000000..2389ae1d183
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.jexl2.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.jexl2", "Expression", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "Expression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(JexlContext,Object,String,Object)", "", "Argument[2]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlExpression", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlExpression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlScript", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "JexlScript", False, "execute", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "Script", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "Script", False, "execute", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "prepare", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl2", "UnifiedJEXL$Template", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.jexl3.model.yml b/java/ql/lib/ext/org.apache.commons.jexl3.model.yml
new file mode 100644
index 00000000000..206eb79420a
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.jexl3.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.jexl3", "Expression", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "Expression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlExpression", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlExpression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlScript", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JexlScript", False, "execute", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "prepare", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "JxltEngine$Template", False, "evaluate", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "Script", False, "callable", "", "", "Argument[-1]", "jexl", "manual"]
+      - ["org.apache.commons.jexl3", "Script", False, "execute", "", "", "Argument[-1]", "jexl", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml
new file mode 100644
index 00000000000..88d2bbe4790
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.Object[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,java.lang.Object)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,java.lang.Object[],boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "append", "(java.lang.String,java.lang.Object[],boolean)", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "appendAsObjectToString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "appendSuper", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "appendSuper", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "appendToString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "appendToString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "getStringBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.builder", "ToStringBuilder", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.lang3.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.model.yml
new file mode 100644
index 00000000000..ad2332fe007
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.lang3.model.yml
@@ -0,0 +1,217 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removeAll", "(String,String)", "", "Argument[1]", "regex-use", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removeFirst", "(String,String)", "", "Argument[1]", "regex-use", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removePattern", "(String,String)", "", "Argument[1]", "regex-use", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceAll", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceFirst", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replacePattern", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "", "", "Argument[2]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(boolean[],boolean)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(byte[],byte)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(char[],char)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(double[],double)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(float[],float)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(int[],int)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(java.lang.Object[],java.lang.Object)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(long[],long)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "add", "(short[],short)", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "addAll", "", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "addFirst", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "addFirst", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "clone", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "get", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "get", "(java.lang.Object[],int,java.lang.Object)", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "insert", "", "", "Argument[1..2].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "nullToEmpty", "(java.lang.Object[],java.lang.Class)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "nullToEmpty", "(java.lang.String[])", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "remove", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "removeAll", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "removeAllOccurences", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "removeAllOccurrences", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "removeElement", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "removeElements", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "subarray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toMap", "", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toMap", "", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toMap", "", "", "Argument[0].ArrayElement.MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toMap", "", "", "Argument[0].ArrayElement.MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toObject", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toPrimitive", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ArrayUtils", False, "toPrimitive", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "CONST", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "CONST_BYTE", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "CONST_SHORT", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "clone", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "cloneIfPossible", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "defaultIfNull", "", "", "Argument[0..1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "firstNonNull", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "getIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "max", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "median", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "min", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "mode", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "requireNonEmpty", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "ObjectUtils", False, "toString", "(Object,String)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removeAll", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removeFirst", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "removePattern", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceAll", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceAll", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceFirst", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replaceFirst", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replacePattern", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "RegExUtils", False, "replacePattern", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringEscapeUtils", False, "escapeJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "abbreviate", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "abbreviate", "(java.lang.String,java.lang.String,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "abbreviate", "(java.lang.String,java.lang.String,int,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "abbreviateMiddle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "abbreviateMiddle", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "appendIfMissing", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "appendIfMissing", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "appendIfMissingIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "appendIfMissingIgnoreCase", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "capitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "center", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "center", "(java.lang.String,int,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "chomp", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "chomp", "(java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "chop", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "defaultIfBlank", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "defaultIfEmpty", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "defaultString", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "deleteWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "difference", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "firstNonBlank", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "firstNonEmpty", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "getBytes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "getCommonPrefix", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "getDigits", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "getIfBlank", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "getIfEmpty", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(char[],char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(char[],char,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Iterable,char)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Iterable,java.lang.String)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Iterable,java.lang.String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],char)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],char,int,int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],java.lang.String)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],java.lang.String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],java.lang.String,int,int)", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.lang.Object[],java.lang.String,int,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.Iterator,char)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.Iterator,java.lang.String)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.Iterator,java.lang.String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.List,char,int,int)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.List,java.lang.String,int,int)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "join", "(java.util.List,java.lang.String,int,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "joinWith", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "joinWith", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "left", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "leftPad", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "leftPad", "(java.lang.String,int,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "lowerCase", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "lowerCase", "(java.lang.String,java.util.Locale)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "mid", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "normalizeSpace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "overlay", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "overlay", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "prependIfMissing", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "prependIfMissing", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "prependIfMissingIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "prependIfMissingIgnoreCase", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "remove", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeAll", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeEnd", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeEndIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeFirst", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removePattern", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeStart", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "removeStartIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "repeat", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "repeat", "(java.lang.String,java.lang.String,int)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replace", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceAll", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceAll", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceChars", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceChars", "(java.lang.String,java.lang.String,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceEach", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceEach", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceEachRepeatedly", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceEachRepeatedly", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceFirst", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceFirst", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceIgnoreCase", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceOnce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceOnce", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceOnceIgnoreCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replaceOnceIgnoreCase", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replacePattern", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "replacePattern", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "reverse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "reverseDelimited", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "right", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "rightPad", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "rightPad", "(java.lang.String,int,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "rotate", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "split", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "split", "(java.lang.String,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "split", "(java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "split", "(java.lang.String,java.lang.String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitByCharacterType", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitByCharacterTypeCamelCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitByWholeSeparator", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitByWholeSeparatorPreserveAllTokens", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitPreserveAllTokens", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitPreserveAllTokens", "(java.lang.String,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitPreserveAllTokens", "(java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "splitPreserveAllTokens", "(java.lang.String,java.lang.String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "strip", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "strip", "(java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripAccents", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripAll", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripEnd", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripStart", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripToEmpty", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "stripToNull", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substring", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringAfter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringAfterLast", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringBefore", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringBeforeLast", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringBetween", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "substringsBetween", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "swapCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "toCodePoints", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "toEncodedString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "toRootLowerCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "toRootUpperCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "trim", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "trimToEmpty", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "trimToNull", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "truncate", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "uncapitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "unwrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "upperCase", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "upperCase", "(java.lang.String,java.util.Locale)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "wrap", "(java.lang.String,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "wrap", "(java.lang.String,java.lang.String)", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "wrapIfMissing", "(java.lang.String,char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3", "StringUtils", False, "wrapIfMissing", "(java.lang.String,java.lang.String)", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.lang3.mutable.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.mutable.model.yml
new file mode 100644
index 00000000000..48816a4a9e2
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.lang3.mutable.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.lang3.mutable", "Mutable", True, "getValue", "", "", "Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.mutable", "Mutable", True, "setValue", "", "", "Argument[0]", "Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value]", "value", "manual"]
+      - ["org.apache.commons.lang3.mutable", "MutableObject", False, "MutableObject", "", "", "Argument[0]", "Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value]", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.lang3.text.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.text.model.yml
new file mode 100644
index 00000000000..e11dfbaa34d
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.lang3.text.model.yml
@@ -0,0 +1,160 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "StrBuilder", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.CharSequence,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.nio.CharBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(java.nio.CharBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "append", "(org.apache.commons.lang3.text.StrBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendAll", "(Iterator)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendAll", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendNewLine", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendPadding", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendSeparator", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendSeparator", "(java.lang.String,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendSeparator", "(java.lang.String,java.lang.String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "(Iterable,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "(Iterator,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendWithSeparators", "(Object[],String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "appendln", "(org.apache.commons.lang3.text.StrBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "asReader", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "asTokenizer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "delete", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "deleteAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "deleteCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "deleteFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "ensureCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "getChars", "(int,int,char[],int)", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "insert", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "leftString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "midString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "minimizeCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "readFrom", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replace", "(int,int,java.lang.String)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replace", "(org.apache.commons.lang3.text.StrMatcher,java.lang.String,int,int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceAll", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "reverse", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "rightString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "setCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "setLength", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "setNewLineText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "setNullText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "substring", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "toCharArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "toStringBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "toStringBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrBuilder", False, "trim", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.text", "StrLookup", False, "lookup", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrLookup", False, "mapLookup", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "StrSubstitutor", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "StrSubstitutor", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Map)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Map)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Map,java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Map,java.lang.String,java.lang.String)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Properties)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.Object,java.util.Properties)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.StringBuffer)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(org.apache.commons.lang3.text.StrBuilder)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replace", "(org.apache.commons.lang3.text.StrBuilder,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(java.lang.StringBuffer)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(java.lang.StringBuffer,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(java.lang.StringBuilder)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(java.lang.StringBuilder,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(org.apache.commons.lang3.text.StrBuilder)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "replaceIn", "(org.apache.commons.lang3.text.StrBuilder,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrSubstitutor", False, "setVariableResolver", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "StrTokenizer", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "getCSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "getContent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "getTSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "getTokenArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "getTokenList", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "next", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "previous", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "previousToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "reset", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "reset", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "StrTokenizer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "capitalize", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "capitalize", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "capitalizeFully", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "capitalizeFully", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "initials", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "initials", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "swapCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "uncapitalize", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "uncapitalize", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "wrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "wrap", "(java.lang.String,int,java.lang.String,boolean)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.lang3.text", "WordUtils", False, "wrap", "(java.lang.String,int,java.lang.String,boolean,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.lang3.tuple.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.tuple.model.yml
new file mode 100644
index 00000000000..ebd11508343
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.lang3.tuple.model.yml
@@ -0,0 +1,52 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "ImmutablePair", "(java.lang.Object,java.lang.Object)", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "ImmutablePair", "(java.lang.Object,java.lang.Object)", "", "Argument[1]", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "left", "", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutablePair", False, "right", "", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "ImmutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "ImmutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[1]", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "ImmutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[2]", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "ImmutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[2]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "MutablePair", "(java.lang.Object,java.lang.Object)", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "MutablePair", "(java.lang.Object,java.lang.Object)", "", "Argument[1]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "setLeft", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "setRight", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutablePair", False, "setValue", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "MutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "MutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[1]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "MutableTriple", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[2]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[2]", "ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "setLeft", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "setMiddle", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "MutableTriple", False, "setRight", "", "", "Argument[0]", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getKey", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getKey", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getLeft", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getLeft", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getRight", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getRight", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getValue", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", True, "getValue", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Pair", False, "of", "(java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getLeft", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getLeft", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getMiddle", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getMiddle", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getRight", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", True, "getRight", "", "", "Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[0]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[1]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle]", "value", "manual"]
+      - ["org.apache.commons.lang3.tuple", "Triple", False, "of", "(java.lang.Object,java.lang.Object,java.lang.Object)", "", "Argument[2]", "ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right]", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.logging.model.yml b/java/ql/lib/ext/org.apache.commons.logging.model.yml
new file mode 100644
index 00000000000..8f40e26f2a1
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.logging.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.logging", "Log", True, "debug", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.commons.logging", "Log", True, "error", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.commons.logging", "Log", True, "fatal", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.commons.logging", "Log", True, "info", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.commons.logging", "Log", True, "trace", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.commons.logging", "Log", True, "warn", "", "", "Argument[0]", "logging", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.ognl.enhance.model.yml b/java/ql/lib/ext/org.apache.commons.ognl.enhance.model.yml
new file mode 100644
index 00000000000..790c7640d9b
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.ognl.enhance.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.ognl.enhance", "ExpressionAccessor", True, "get", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["org.apache.commons.ognl.enhance", "ExpressionAccessor", True, "set", "", "", "Argument[-1]", "ognl-injection", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.ognl.model.yml b/java/ql/lib/ext/org.apache.commons.ognl.model.yml
new file mode 100644
index 00000000000..9b00a781f53
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.ognl.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.ognl", "Node", True, "getValue", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["org.apache.commons.ognl", "Node", True, "setValue", "", "", "Argument[-1]", "ognl-injection", "manual"]
+      - ["org.apache.commons.ognl", "Ognl", False, "getValue", "", "", "Argument[0]", "ognl-injection", "manual"]
+      - ["org.apache.commons.ognl", "Ognl", False, "setValue", "", "", "Argument[0]", "ognl-injection", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.text.lookup.model.yml b/java/ql/lib/ext/org.apache.commons.text.lookup.model.yml
new file mode 100644
index 00000000000..b89855197f1
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.text.lookup.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.text.lookup", "StringLookup", True, "lookup", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text.lookup", "StringLookupFactory", False, "mapStringLookup", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.commons.text.model.yml b/java/ql/lib/ext/org.apache.commons.text.model.yml
new file mode 100644
index 00000000000..c0618224fe4
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.commons.text.model.yml
@@ -0,0 +1,275 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.text", "StrBuilder", False, "StrBuilder", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.CharSequence,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.nio.CharBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(java.nio.CharBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "append", "(org.apache.commons.text.StrBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendAll", "(Iterator)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendAll", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendNewLine", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendPadding", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendSeparator", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendSeparator", "(java.lang.String,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendSeparator", "(java.lang.String,java.lang.String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "(Iterable,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "(Iterator,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendWithSeparators", "(Object[],String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "appendln", "(org.apache.commons.text.StrBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "asReader", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "asTokenizer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "delete", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "deleteAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "deleteCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "deleteFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "ensureCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "getChars", "(int,int,char[],int)", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "insert", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "leftString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "midString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "minimizeCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "readFrom", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replace", "(int,int,java.lang.String)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replace", "(org.apache.commons.text.StrMatcher,java.lang.String,int,int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceAll", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "replaceFirst", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "reverse", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "rightString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "setCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "setLength", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "setNewLineText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "setNullText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "substring", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "toCharArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "toStringBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "toStringBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrBuilder", False, "trim", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "StrTokenizer", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "getCSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "getContent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "getTSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "getTokenArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "getTokenList", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "next", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "previous", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "previousToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "reset", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "reset", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StrTokenizer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "StringSubstitutor", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "StringSubstitutor", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.CharSequence,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Map)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Map)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Map,java.lang.String,java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Map,java.lang.String,java.lang.String)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Properties)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.Object,java.util.Properties)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.StringBuffer)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(org.apache.commons.text.TextStringBuilder)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replace", "(org.apache.commons.text.TextStringBuilder,int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(java.lang.StringBuffer)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(java.lang.StringBuffer,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(java.lang.StringBuilder)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(java.lang.StringBuilder,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(org.apache.commons.text.TextStringBuilder)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "replaceIn", "(org.apache.commons.text.TextStringBuilder,int,int)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringSubstitutor", False, "setVariableResolver", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "StringTokenizer", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "clone", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "getCSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "getContent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "getTSVInstance", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "getTokenArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "getTokenList", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "next", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "previous", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "previousToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "reset", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "reset", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "StringTokenizer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "TextStringBuilder", "(java.lang.CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "TextStringBuilder", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.CharSequence,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.nio.CharBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(java.nio.CharBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "append", "(org.apache.commons.text.TextStringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendAll", "(Iterator)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendAll", "(Object[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadLeft", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendFixedWidthPadRight", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendNewLine", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendNull", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendPadding", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendSeparator", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendSeparator", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendSeparator", "(java.lang.String,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendSeparator", "(java.lang.String,java.lang.String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "(Iterable,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "(Iterator,String)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendWithSeparators", "(Object[],String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(char[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.String,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.String,java.lang.Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.StringBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.StringBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.StringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(java.lang.StringBuilder,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "appendln", "(org.apache.commons.text.TextStringBuilder)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "asReader", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "asTokenizer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "delete", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "deleteAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "deleteCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "deleteFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "ensureCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "getChars", "(char[])", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "getChars", "(int,int,char[],int)", "", "Argument[-1]", "Argument[2]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "insert", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "insert", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "leftString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "midString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "minimizeCapacity", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "readFrom", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replace", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replace", "(int,int,java.lang.String)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replace", "(org.apache.commons.text.matcher.StringMatcher,java.lang.String,int,int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceAll", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceFirst", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "replaceFirst", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "reverse", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "rightString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "setCharAt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "setLength", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "setNewLineText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "setNullText", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "substring", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "toCharArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "toStringBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "toStringBuilder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "TextStringBuilder", False, "trim", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "abbreviate", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "abbreviate", "", "", "Argument[3]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "capitalize", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "capitalize", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "capitalizeFully", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "capitalizeFully", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "initials", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "initials", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "swapCase", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "uncapitalize", "(java.lang.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "uncapitalize", "(java.lang.String,char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "wrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "wrap", "(java.lang.String,int,java.lang.String,boolean)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.commons.text", "WordUtils", False, "wrap", "(java.lang.String,int,java.lang.String,boolean,java.lang.String)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml b/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml
new file mode 100644
index 00000000000..14b580383d3
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.directory.ldap.client.api", "LdapConnection", True, "search", "", "", "Argument[0..2]", "ldap", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.function.model.yml b/java/ql/lib/ext/org.apache.hc.core5.function.model.yml
new file mode 100644
index 00000000000..2763da9cd3d
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.function.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.function", "Supplier", True, "get", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.io.entity.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.io.entity.model.yml
new file mode 100644
index 00000000000..2b7b1a4eaf3
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.http.io.entity.model.yml
@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.http.io.entity", "BasicHttpEntity", True, "BasicHttpEntity", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "BufferedHttpEntity", True, "BufferedHttpEntity", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "ByteArrayEntity", True, "ByteArrayEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "EntityUtils", True, "parse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "EntityUtils", True, "toByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "EntityUtils", True, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntities", True, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntities", True, "createGzipped", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntities", True, "createUrlEncoded", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntities", True, "gzip", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntities", True, "withTrailers", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "HttpEntityWrapper", True, "HttpEntityWrapper", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "InputStreamEntity", True, "InputStreamEntity", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.io.entity", "StringEntity", True, "StringEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.io.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.io.model.yml
new file mode 100644
index 00000000000..8183cb9a3a7
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.http.io.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.hc.core5.http.io", "HttpRequestHandler", True, "handle", "(ClassicHttpRequest,ClassicHttpResponse,HttpContext)", "", "Parameter[0]", "remote", "manual"]
+      - ["org.apache.hc.core5.http.io", "HttpServerRequestHandler", True, "handle", "(ClassicHttpRequest,ResponseTrigger,HttpContext)", "", "Parameter[0]", "remote", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml
new file mode 100644
index 00000000000..bf8ab791ccf
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.http.message", "RequestLine", True, "RequestLine", "(HttpRequest)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.http.message", "RequestLine", True, "RequestLine", "(String,String,ProtocolVersion)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.http.message", "RequestLine", True, "getMethod", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.message", "RequestLine", True, "getUri", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http.message", "RequestLine", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml
new file mode 100644
index 00000000000..c0fcdc852dc
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml
@@ -0,0 +1,30 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "xss", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.http", "EntityDetails", True, "getContentEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "EntityDetails", True, "getContentType", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "EntityDetails", True, "getTrailerNames", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpEntity", True, "getContent", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpEntity", True, "getTrailers", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "getEntity", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpRequest", True, "getAuthority", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpRequest", True, "getMethod", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpRequest", True, "getPath", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpRequest", True, "getRequestUri", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "HttpRequest", True, "getUri", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "getFirstHeader", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "getHeader", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "getHeaders", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "getHeaders", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "getLastHeader", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "headerIterator", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "MessageHeaders", True, "headerIterator", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "NameValuePair", True, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.http", "NameValuePair", True, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.net.model.yml b/java/ql/lib/ext/org.apache.hc.core5.net.model.yml
new file mode 100644
index 00000000000..e16c8b150c3
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.net.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.net", "URIAuthority", True, "getHostName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.net", "URIAuthority", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.hc.core5.util.model.yml b/java/ql/lib/ext/org.apache.hc.core5.util.model.yml
new file mode 100644
index 00000000000..2023ad04f6e
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.hc.core5.util.model.yml
@@ -0,0 +1,29 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hc.core5.util", "Args", True, "containsNoBlanks", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "Args", True, "notBlank", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "Args", True, "notEmpty", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "Args", True, "notEmpty", "(Collection,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "Args", True, "notEmpty", "(Object,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "Args", True, "notNull", "(Object,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.hc.core5.util", "ByteArrayBuffer", True, "append", "(CharArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "ByteArrayBuffer", True, "append", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "ByteArrayBuffer", True, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "ByteArrayBuffer", True, "array", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "ByteArrayBuffer", True, "toByteArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(ByteArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(CharArrayBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(CharArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "array", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "subSequence", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "substring", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "substringTrimmed", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "toCharArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.hc.core5.util", "CharArrayBuffer", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.client.methods.model.yml b/java/ql/lib/ext/org.apache.http.client.methods.model.yml
new file mode 100644
index 00000000000..c90298bddf8
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.client.methods.model.yml
@@ -0,0 +1,23 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.http.client.methods", "HttpDelete", False, "HttpDelete", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpGet", False, "HttpGet", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpHead", False, "HttpHead", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpOptions", False, "HttpOptions", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpPatch", False, "HttpPatch", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpPost", False, "HttpPost", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpPut", False, "HttpPut", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpRequestBase", True, "setURI", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "HttpTrace", False, "HttpTrace", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "delete", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "get", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "head", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "options", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "patch", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "post", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "put", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "setUri", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.client.methods", "RequestBuilder", False, "trace", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.entity.model.yml b/java/ql/lib/ext/org.apache.http.entity.model.yml
new file mode 100644
index 00000000000..4105b55a634
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.entity.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.http.entity", "BasicHttpEntity", True, "setContent", "(InputStream)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.entity", "BufferedHttpEntity", True, "BufferedHttpEntity", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.entity", "ByteArrayEntity", True, "ByteArrayEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.entity", "HttpEntityWrapper", True, "HttpEntityWrapper", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.entity", "InputStreamEntity", True, "InputStreamEntity", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.entity", "StringEntity", True, "StringEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.message.model.yml b/java/ql/lib/ext/org.apache.http.message.model.yml
new file mode 100644
index 00000000000..da798c12017
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.message.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(RequestLine)", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String)", "", "Argument[1]", "open-url", "manual"]
+      - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "open-url", "manual"]
+      - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(RequestLine)", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "manual"]
+      - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "open-url", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.http.message", "BasicRequestLine", False, "BasicRequestLine", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.model.yml b/java/ql/lib/ext/org.apache.http.model.yml
new file mode 100644
index 00000000000..25c5847ad0a
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.model.yml
@@ -0,0 +1,42 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.http", "HttpEntity", False, "getContent", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.apache.http", "HttpMessage", False, "getParams", "()", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.http", "HttpRequest", True, "setURI", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.apache.http", "HttpResponse", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "xss", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.http", "Header", True, "getElements", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderElement", True, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderElement", True, "getParameter", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderElement", True, "getParameterByName", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderElement", True, "getParameters", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderElement", True, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HeaderIterator", True, "nextHeader", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpEntity", True, "getContent", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpEntity", True, "getContentEncoding", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpEntity", True, "getContentType", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpEntityEnclosingRequest", True, "getEntity", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "getAllHeaders", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "getFirstHeader", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "getHeaders", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "getLastHeader", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "getParams", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "headerIterator", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpMessage", True, "headerIterator", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "HttpRequest", True, "getRequestLine", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "NameValuePair", True, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "NameValuePair", True, "getValue", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "RequestLine", True, "getMethod", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "RequestLine", True, "getUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "RequestLine", True, "getUri", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http", "RequestLine", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.params.model.yml b/java/ql/lib/ext/org.apache.http.params.model.yml
new file mode 100644
index 00000000000..35cd5b5c8a3
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.params.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.http.params", "HttpParams", True, "getDoubleParameter", "(String,double)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getDoubleParameter", "(String,double)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getIntParameter", "(String,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getIntParameter", "(String,int)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getLongParameter", "(String,long)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getLongParameter", "(String,long)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.params", "HttpParams", True, "getParameter", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.protocol.model.yml b/java/ql/lib/ext/org.apache.http.protocol.model.yml
new file mode 100644
index 00000000000..c5de98c8c68
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.protocol.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.http.protocol", "HttpRequestHandler", True, "handle", "(HttpRequest,HttpResponse,HttpContext)", "", "Parameter[0]", "remote", "manual"]
diff --git a/java/ql/lib/ext/org.apache.http.util.model.yml b/java/ql/lib/ext/org.apache.http.util.model.yml
new file mode 100644
index 00000000000..34fb87b5cb9
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.http.util.model.yml
@@ -0,0 +1,41 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.http.util", "EntityUtils", True, "updateEntity", "(HttpResponse,HttpEntity)", "", "Argument[1]", "xss", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.http.util", "Args", True, "containsNoBlanks", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.util", "Args", True, "notBlank", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.util", "Args", True, "notEmpty", "(CharSequence,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.util", "Args", True, "notEmpty", "(Collection,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.util", "Args", True, "notNull", "(Object,String)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.http.util", "ByteArrayBuffer", True, "append", "(CharArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "ByteArrayBuffer", True, "append", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "ByteArrayBuffer", True, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "ByteArrayBuffer", True, "buffer", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "ByteArrayBuffer", True, "toByteArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(ByteArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(CharArrayBuffer)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(CharArrayBuffer,int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "append", "(char[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "buffer", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "subSequence", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "substring", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "substringTrimmed", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "toCharArray", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "CharArrayBuffer", True, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EncodingUtils", True, "getAsciiBytes", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EncodingUtils", True, "getAsciiString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EncodingUtils", True, "getBytes", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EncodingUtils", True, "getString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EntityUtils", True, "getContentCharSet", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EntityUtils", True, "getContentMimeType", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EntityUtils", True, "toByteArray", "(HttpEntity)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.http.util", "EntityUtils", True, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml b/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml
new file mode 100644
index 00000000000..05dac3d7f10
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml
@@ -0,0 +1,72 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "delete", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "insert", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "run", "(String)", "", "Argument[0]", "sql", "manual"]
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectAll", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectOne", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+      - ["org.apache.ibatis.jdbc", "SqlRunner", False, "update", "(String,Object[])", "", "Argument[0]", "sql", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "DELETE_FROM", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "FETCH_FIRST_ROWS_ONLY", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "FROM", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "FROM", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "FROM", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "FROM", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "GROUP_BY", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "GROUP_BY", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "GROUP_BY", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "GROUP_BY", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "HAVING", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "HAVING", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "HAVING", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "HAVING", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INNER_JOIN", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INNER_JOIN", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INNER_JOIN", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INNER_JOIN", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INSERT_INTO", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INTO_COLUMNS", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "INTO_VALUES", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "JOIN", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "LEFT_OUTER_JOIN", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "LEFT_OUTER_JOIN", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "LEFT_OUTER_JOIN", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "LEFT_OUTER_JOIN", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "LIMIT", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OFFSET", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OFFSET_ROWS", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "ORDER_BY", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "ORDER_BY", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "ORDER_BY", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "ORDER_BY", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OUTER_JOIN", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OUTER_JOIN", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OUTER_JOIN", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "OUTER_JOIN", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "RIGHT_OUTER_JOIN", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "RIGHT_OUTER_JOIN", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "RIGHT_OUTER_JOIN", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "RIGHT_OUTER_JOIN", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SELECT", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SELECT_DISTINCT", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SELECT_DISTINCT", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SELECT_DISTINCT", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SELECT_DISTINCT", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SET", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SET", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SET", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "SET", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "UPDATE", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "VALUES", "(String,String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "WHERE", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "WHERE", "(String)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "WHERE", "(String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "WHERE", "(String[])", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.apache.ibatis.jdbc", "AbstractSQL", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.log4j.model.yml b/java/ql/lib/ext/org.apache.log4j.model.yml
new file mode 100644
index 00000000000..309f238111b
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.log4j.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.log4j", "Category", True, "assertLog", "", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "debug", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "error", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "fatal", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "forcedLog", "", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "info", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "l7dlog", "(Priority,String,Object[],Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "log", "(Priority,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "log", "(Priority,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "log", "(String,Priority,Object,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.log4j", "Category", True, "warn", "", "", "Argument[0]", "logging", "manual"]
diff --git a/java/ql/lib/ext/org.apache.logging.log4j.model.yml b/java/ql/lib/ext/org.apache.logging.log4j.model.yml
new file mode 100644
index 00000000000..5ffe10450a0
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.logging.log4j.model.yml
@@ -0,0 +1,376 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "entry", "(Object[])", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Message)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object)", "", "Argument[2..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object)", "", "Argument[2..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object)", "", "Argument[2..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[2..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..12]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Supplier)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "logMessage", "(Level,Marker,String,StackTraceElement,Message,Throwable)", "", "Argument[4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Supplier[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Supplier[])", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Message,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Message)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Message)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Object[])", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Supplier[])", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Supplier[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Message,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Object)", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(String,Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.apache.shiro.codec.model.yml b/java/ql/lib/ext/org.apache.shiro.codec.model.yml
new file mode 100644
index 00000000000..f0a40c8549b
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.shiro.codec.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.shiro.codec", "Base64", False, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.apache.shiro.jndi.model.yml b/java/ql/lib/ext/org.apache.shiro.jndi.model.yml
new file mode 100644
index 00000000000..6da50e9d0b6
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.shiro.jndi.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.shiro.jndi", "JndiTemplate", False, "lookup", "", "", "Argument[0]", "jndi-injection", "manual"]
diff --git a/java/ql/lib/ext/org.apache.velocity.app.model.yml b/java/ql/lib/ext/org.apache.velocity.app.model.yml
new file mode 100644
index 00000000000..1afc328b882
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.velocity.app.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.velocity.app", "Velocity", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"]
+      - ["org.apache.velocity.app", "Velocity", True, "mergeTemplate", "", "", "Argument[2]", "ssti", "manual"]
+      - ["org.apache.velocity.app", "VelocityEngine", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"]
+      - ["org.apache.velocity.app", "VelocityEngine", True, "mergeTemplate", "", "", "Argument[2]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/org.apache.velocity.runtime.model.yml b/java/ql/lib/ext/org.apache.velocity.runtime.model.yml
new file mode 100644
index 00000000000..a8f740a2301
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.velocity.runtime.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.velocity.runtime", "RuntimeServices", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"]
+      - ["org.apache.velocity.runtime", "RuntimeServices", True, "parse", "", "", "Argument[0]", "ssti", "manual"]
+      - ["org.apache.velocity.runtime", "RuntimeSingleton", True, "parse", "", "", "Argument[0]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml b/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml
new file mode 100644
index 00000000000..4d3ce4c37ed
--- /dev/null
+++ b/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.velocity.runtime.resource.util", "StringResourceRepository", True, "putStringResource", "", "", "Argument[1]", "ssti", "manual"]
diff --git a/java/ql/lib/ext/org.codehaus.groovy.control.model.yml b/java/ql/lib/ext/org.codehaus.groovy.control.model.yml
new file mode 100644
index 00000000000..77b03818172
--- /dev/null
+++ b/java/ql/lib/ext/org.codehaus.groovy.control.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.codehaus.groovy.control", "CompilationUnit", False, "compile", "", "", "Argument[-1]", "groovy", "manual"]
diff --git a/java/ql/lib/ext/org.dom4j.model.yml b/java/ql/lib/ext/org.dom4j.model.yml
new file mode 100644
index 00000000000..b2e5c2ed379
--- /dev/null
+++ b/java/ql/lib/ext/org.dom4j.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.dom4j", "DocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentHelper", False, "createPattern", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentHelper", False, "createXPath", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentHelper", False, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentHelper", False, "selectNodes", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "DocumentHelper", False, "sort", "", "", "Argument[1]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "matches", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "numberValueOf", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "selectNodes", "", "", "Argument[0..1]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "selectObject", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "selectSingleNode", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j", "Node", True, "valueOf", "", "", "Argument[0]", "xpath", "manual"]
diff --git a/java/ql/lib/ext/org.dom4j.tree.model.yml b/java/ql/lib/ext/org.dom4j.tree.model.yml
new file mode 100644
index 00000000000..0896937bb16
--- /dev/null
+++ b/java/ql/lib/ext/org.dom4j.tree.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.dom4j.tree", "AbstractNode", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j.tree", "AbstractNode", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"]
diff --git a/java/ql/lib/ext/org.dom4j.util.model.yml b/java/ql/lib/ext/org.dom4j.util.model.yml
new file mode 100644
index 00000000000..d7dc55cd145
--- /dev/null
+++ b/java/ql/lib/ext/org.dom4j.util.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.dom4j.util", "ProxyDocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"]
+      - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"]
diff --git a/java/ql/lib/ext/org.hibernate.model.yml b/java/ql/lib/ext/org.hibernate.model.yml
new file mode 100644
index 00000000000..bfc232a82a1
--- /dev/null
+++ b/java/ql/lib/ext/org.hibernate.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.hibernate", "QueryProducer", True, "createNativeQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "QueryProducer", True, "createQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "QueryProducer", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "Session", True, "createQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "Session", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "SharedSessionContract", True, "createQuery", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.hibernate", "SharedSessionContract", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"]
diff --git a/java/ql/lib/ext/org.jboss.logging.model.yml b/java/ql/lib/ext/org.jboss.logging.model.yml
new file mode 100644
index 00000000000..069ae852b77
--- /dev/null
+++ b/java/ql/lib/ext/org.jboss.logging.model.yml
@@ -0,0 +1,329 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"]
diff --git a/java/ql/lib/ext/org.jdbi.v3.core.model.yml b/java/ql/lib/ext/org.jdbi.v3.core.model.yml
new file mode 100644
index 00000000000..fd7f4e824ac
--- /dev/null
+++ b/java/ql/lib/ext/org.jdbi.v3.core.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"]
diff --git a/java/ql/lib/ext/org.jooq.model.yml b/java/ql/lib/ext/org.jooq.model.yml
new file mode 100644
index 00000000000..cf7fc22a923
--- /dev/null
+++ b/java/ql/lib/ext/org.jooq.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.jooq", "PlainSQL", False, "", "", "Annotated", "Argument[0]", "sql", "manual"]
diff --git a/java/ql/lib/ext/org.json.model.yml b/java/ql/lib/ext/org.json.model.yml
new file mode 100644
index 00000000000..da97dfadb38
--- /dev/null
+++ b/java/ql/lib/ext/org.json.model.yml
@@ -0,0 +1,241 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.json", "CDL", False, "rowToJSONArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CDL", False, "rowToJSONObject", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CDL", False, "rowToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CDL", False, "toJSONArray", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CDL", False, "toString", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Cookie", False, "escape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Cookie", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Cookie", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Cookie", False, "unescape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CookieList", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "CookieList", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "HTTP", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "HTTP", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "HTTPTokener", False, "HTTPTokener", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "HTTPTokener", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(JSONArray)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(JSONTokener)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(Object)", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "JSONArray", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getBigDecimal", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getBigInteger", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getEnum", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getJSONArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getJSONObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "iterator", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "join", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "join", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "opt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optBigDecimal", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optBigDecimal", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optBigInteger", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optBigInteger", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optDouble", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optEnum", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optEnum", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optFloat", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optJSONArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optJSONObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optLong", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optNumber", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "optQuery", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "optString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "put", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(Map)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(Map)", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(double)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(float)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,Collection)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,Map)", "", "Argument[1].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,Map)", "", "Argument[1].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,Object)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,double)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,float)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(int,long)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "put", "(long)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "putAll", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONArray", False, "putAll", "(Collection)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "putAll", "(Iterable)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "putAll", "(JSONArray)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "putAll", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "query", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "remove", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "toJSONObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "toList", "", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "write", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.json", "JSONArray", False, "write", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONML", False, "toJSONArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONML", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONML", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(JSONObject,String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(JSONObject,String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(JSONTokener)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(Map)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(Map)", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(Object,String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(Object,String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "JSONObject", "(String,Locale)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "accumulate", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "accumulate", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "append", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "doubleToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", True, "entrySet", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getBigDecimal", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getBigInteger", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getEnum", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getJSONArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getJSONObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getNames", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "getString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "increment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "increment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "keySet", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "keys", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "names", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "numberToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "opt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optBigDecimal", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optBigDecimal", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optBigInteger", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optBigInteger", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optBoolean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optBoolean", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optDouble", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optDouble", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optEnum", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optEnum", "", "", "Argument[2]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optFloat", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optFloat", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optInt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optInt", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optJSONArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optJSONObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optLong", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optLong", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optNumber", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optNumber", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "optQuery", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "optString", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "put", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Collection)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Collection)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Map)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Map)", "", "Argument[1].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Map)", "", "Argument[1].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,Object)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,boolean)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,double)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,double)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,float)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,float)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,int)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,long)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "put", "(String,long)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "putOnce", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "putOnce", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "putOpt", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "putOpt", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "query", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "quote", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "quote", "(String,Writer)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "quote", "(String,Writer)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONObject", False, "remove", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "stringToValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "toJSONArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "toMap", "", "", "Argument[-1]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "toMap", "", "", "Argument[-1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "valueToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "wrap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "write", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.json", "JSONObject", False, "write", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONPointer", False, "JSONPointer", "(List)", "", "Argument[0].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONPointer", False, "JSONPointer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONPointer", False, "queryFrom", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONPointer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONPointer", False, "toURIFragment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONPointer$Builder", False, "append", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONPointer$Builder", False, "append", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONPointer$Builder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONString", True, "toJSONString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONStringer", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "JSONTokener", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "next", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "nextClean", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "nextString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "nextTo", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "nextValue", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "syntaxError", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONTokener", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "JSONWriter", True, "JSONWriter", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.json", "JSONWriter", True, "array", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "endArray", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "endObject", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "key", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "key", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONWriter", True, "object", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "value", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.json", "JSONWriter", True, "value", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "JSONWriter", True, "valueToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Property", False, "toJSONObject", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Property", False, "toJSONObject", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.json", "Property", False, "toProperties", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.json", "Property", False, "toProperties", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.json", "XML", False, "escape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XML", False, "stringToValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XML", False, "toJSONObject", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XML", False, "toString", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XML", False, "unescape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "XMLTokener", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "nextCDATA", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "nextContent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "nextEntity", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "nextMeta", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLTokener", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.json", "XMLXsiTypeConverter", True, "convert", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.mvel2.compiler.model.yml b/java/ql/lib/ext/org.mvel2.compiler.model.yml
new file mode 100644
index 00000000000..0e7f68faea0
--- /dev/null
+++ b/java/ql/lib/ext/org.mvel2.compiler.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.mvel2.compiler", "Accessor", False, "getValue", "", "", "Argument[-1]", "mvel", "manual"]
+      - ["org.mvel2.compiler", "CompiledAccExpression", False, "getValue", "", "", "Argument[-1]", "mvel", "manual"]
+      - ["org.mvel2.compiler", "CompiledExpression", False, "getDirectValue", "", "", "Argument[-1]", "mvel", "manual"]
+      - ["org.mvel2.compiler", "ExecutableStatement", False, "getValue", "", "", "Argument[-1]", "mvel", "manual"]
diff --git a/java/ql/lib/ext/org.mvel2.jsr223.model.yml b/java/ql/lib/ext/org.mvel2.jsr223.model.yml
new file mode 100644
index 00000000000..eeb0cbc7984
--- /dev/null
+++ b/java/ql/lib/ext/org.mvel2.jsr223.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.mvel2.jsr223", "MvelCompiledScript", False, "eval", "", "", "Argument[-1]", "mvel", "manual"]
+      - ["org.mvel2.jsr223", "MvelScriptEngine", False, "eval", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2.jsr223", "MvelScriptEngine", False, "evaluate", "", "", "Argument[0]", "mvel", "manual"]
diff --git a/java/ql/lib/ext/org.mvel2.model.yml b/java/ql/lib/ext/org.mvel2.model.yml
new file mode 100644
index 00000000000..fd7778c89a6
--- /dev/null
+++ b/java/ql/lib/ext/org.mvel2.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.mvel2", "MVEL", False, "eval", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVEL", False, "evalToBoolean", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVEL", False, "evalToString", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVEL", False, "executeAllExpression", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVEL", False, "executeExpression", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVEL", False, "executeSetExpression", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2", "MVELRuntime", False, "execute", "", "", "Argument[1]", "mvel", "manual"]
diff --git a/java/ql/lib/ext/org.mvel2.templates.model.yml b/java/ql/lib/ext/org.mvel2.templates.model.yml
new file mode 100644
index 00000000000..0e31cee38b0
--- /dev/null
+++ b/java/ql/lib/ext/org.mvel2.templates.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.mvel2.templates", "TemplateRuntime", False, "eval", "", "", "Argument[0]", "mvel", "manual"]
+      - ["org.mvel2.templates", "TemplateRuntime", False, "execute", "", "", "Argument[0]", "mvel", "manual"]
diff --git a/java/ql/lib/ext/org.scijava.log.model.yml b/java/ql/lib/ext/org.scijava.log.model.yml
new file mode 100644
index 00000000000..303dbae27e2
--- /dev/null
+++ b/java/ql/lib/ext/org.scijava.log.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.scijava.log", "Logger", True, "alwaysLog", "(int,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "log", "(int,Object)", "", "Argument[1]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "log", "(int,Object,Throwable)", "", "Argument[1]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"]
+      - ["org.scijava.log", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"]
diff --git a/java/ql/lib/ext/org.slf4j.model.yml b/java/ql/lib/ext/org.slf4j.model.yml
new file mode 100644
index 00000000000..6ff2f31847d
--- /dev/null
+++ b/java/ql/lib/ext/org.slf4j.model.yml
@@ -0,0 +1,55 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.slf4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "logging", "manual"]
diff --git a/java/ql/lib/ext/org.slf4j.spi.model.yml b/java/ql/lib/ext/org.slf4j.spi.model.yml
new file mode 100644
index 00000000000..59e4d144157
--- /dev/null
+++ b/java/ql/lib/ext/org.slf4j.spi.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "", "", "Argument[0]", "logging", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(Supplier)", "", "Argument[0]", "logging", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "addArgument", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "addArgument", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "addKeyValue", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "addKeyValue", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "addMarker", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.slf4j.spi", "LoggingEventBuilder", True, "setCause", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.beans.model.yml b/java/ql/lib/ext/org.springframework.beans.model.yml
new file mode 100644
index 00000000000..d3579370ec9
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.beans.model.yml
@@ -0,0 +1,35 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.beans", "MutablePropertyValues", True, "MutablePropertyValues", "(List)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "MutablePropertyValues", "(Map)", "", "Argument[0].MapKey", "Argument[-1].Element.MapKey", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "MutablePropertyValues", "(Map)", "", "Argument[0].MapValue", "Argument[-1].Element.MapValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "MutablePropertyValues", "(PropertyValues)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "add", "(String,Object)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "add", "(String,Object)", "", "Argument[0]", "Argument[-1].Element.MapKey", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "add", "(String,Object)", "", "Argument[1]", "Argument[-1].Element.MapValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValue", "(PropertyValue)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValue", "(PropertyValue)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValue", "(String,Object)", "", "Argument[0]", "Argument[-1].Element.MapKey", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValue", "(String,Object)", "", "Argument[1]", "Argument[-1].Element.MapValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValues", "(Map)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValues", "(Map)", "", "Argument[0].MapKey", "Argument[-1].Element.MapKey", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValues", "(Map)", "", "Argument[0].MapValue", "Argument[-1].Element.MapValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValues", "(PropertyValues)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "addPropertyValues", "(PropertyValues)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "get", "", "", "Argument[-1].Element.MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "getPropertyValue", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "getPropertyValueList", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "getPropertyValues", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.beans", "MutablePropertyValues", True, "setPropertyValueAt", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "PropertyValue", "(PropertyValue)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "PropertyValue", "(PropertyValue,Object)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "PropertyValue", "(PropertyValue,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "PropertyValue", "(String,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "PropertyValue", "(String,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "getName", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValue", False, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValues", True, "getPropertyValue", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.beans", "PropertyValues", True, "getPropertyValues", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml b/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml
new file mode 100644
index 00000000000..bd7c5d8c5c1
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.boot.jdbc", "DataSourceBuilder", False, "url", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.cache.model.yml b/java/ql/lib/ext/org.springframework.cache.model.yml
new file mode 100644
index 00000000000..6fd3cf4610d
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.cache.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.cache", "Cache", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "get", "(Object,Callable)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "get", "(Object,Class)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "getNativeCache", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "getNativeCache", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "put", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "put", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "putIfAbsent", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "putIfAbsent", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.cache", "Cache", True, "putIfAbsent", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache$ValueRetrievalException", False, "ValueRetrievalException", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.cache", "Cache$ValueRetrievalException", False, "getKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"]
+      - ["org.springframework.cache", "Cache$ValueWrapper", True, "get", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.context.model.yml b/java/ql/lib/ext/org.springframework.context.model.yml
new file mode 100644
index 00000000000..c4097103179
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.context.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.context", "MessageSource", True, "getMessage", "(String,Object[],Locale)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.context", "MessageSource", True, "getMessage", "(String,Object[],String,Locale)", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.context", "MessageSource", True, "getMessage", "(String,Object[],String,Locale)", "", "Argument[2]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.data.repository.model.yml b/java/ql/lib/ext/org.springframework.data.repository.model.yml
new file mode 100644
index 00000000000..82a5ba0ec10
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.data.repository.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.data.repository", "CrudRepository", True, "save", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.http.model.yml b/java/ql/lib/ext/org.springframework.http.model.yml
new file mode 100644
index 00000000000..2dac7192da2
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.http.model.yml
@@ -0,0 +1,93 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(HttpMethod,URI)", "", "Argument[1]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(MultiValueMap,HttpMethod,URI)", "", "Argument[2]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI)", "", "Argument[2]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI,Type)", "", "Argument[2]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI)", "", "Argument[3]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI,Type)", "", "Argument[3]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "delete", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "get", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "head", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "method", "", "", "Argument[1]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "options", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "patch", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "post", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.http", "RequestEntity", False, "put", "", "", "Argument[0]", "open-url", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(MultiValueMap)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(MultiValueMap)", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(Object,MultiValueMap)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(Object,MultiValueMap)", "", "Argument[1].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "HttpEntity", "(Object,MultiValueMap)", "", "Argument[1].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "getBody", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpEntity", True, "getHeaders", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "HttpHeaders", "(MultiValueMap)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "HttpHeaders", "(MultiValueMap)", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "add", "(String,String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "addAll", "(MultiValueMap)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "addAll", "(MultiValueMap)", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "addAll", "(String,List)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "addAll", "(String,List)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "encodeBasicAuth", "(String,String,Charset)", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "formatHeaders", "(MultiValueMap)", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "formatHeaders", "(MultiValueMap)", "", "Argument[0].MapValue.Element", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "get", "(Object)", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getAccessControlAllowHeaders", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getAccessControlAllowOrigin", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getAccessControlExposeHeaders", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getAccessControlRequestHeaders", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getCacheControl", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getConnection", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getETag", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getETagValuesAsList", "(String)", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getFieldValues", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getFirst", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getHost", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getIfMatch", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getIfNoneMatch", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getLocation", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getOrEmpty", "(Object)", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getOrigin", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getPragma", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getUpgrade", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getValuesAsList", "(String)", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "getVary", "()", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.http", "HttpHeaders", True, "set", "(String,String)", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "RequestEntity", True, "getUrl", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(MultiValueMap,HttpStatus)", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(MultiValueMap,HttpStatus)", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,HttpStatus)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,HttpStatus)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,HttpStatus)", "", "Argument[1].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,HttpStatus)", "", "Argument[1].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,int)", "", "Argument[1].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ResponseEntity", "(Object,MultiValueMap,int)", "", "Argument[1].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "created", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "of", "(Optional)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity", True, "ok", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$BodyBuilder", True, "body", "(Object)", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$BodyBuilder", True, "contentLength", "(long)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$BodyBuilder", True, "contentType", "(MediaType)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "allow", "(HttpMethod[])", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "build", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "eTag", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "eTag", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "header", "(String,String[])", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "header", "(String,String[])", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "header", "(String,String[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "headers", "(Consumer)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "headers", "(HttpHeaders)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "headers", "(HttpHeaders)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "lastModified", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "location", "(URI)", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "location", "(URI)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.http", "ResponseEntity$HeadersBuilder", True, "varyBy", "(String[])", "", "Argument[-1]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.jdbc.core.model.yml b/java/ql/lib/ext/org.springframework.jdbc.core.model.yml
new file mode 100644
index 00000000000..9374293d0bb
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.jdbc.core.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "(String[])", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "execute", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "query", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForList", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForMap", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForObject", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForRowSet", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForStream", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.core", "JdbcTemplate", False, "update", "", "", "Argument[0]", "sql", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml b/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml
new file mode 100644
index 00000000000..7bb84c37e2c
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.jdbc.datasource", "AbstractDriverBasedDataSource", False, "setUrl", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
+      - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.jdbc.object.model.yml b/java/ql/lib/ext/org.springframework.jdbc.object.model.yml
new file mode 100644
index 00000000000..74e30d28068
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.jdbc.object.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.jdbc.object", "BatchSqlUpdate", False, "BatchSqlUpdate", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "MappingSqlQuery", False, "BatchSqlUpdate", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "MappingSqlQueryWithParameters", False, "BatchSqlUpdate", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "RdbmsOperation", True, "setSql", "", "", "Argument[0]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "SqlCall", False, "SqlCall", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "SqlFunction", False, "SqlFunction", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "SqlQuery", False, "SqlQuery", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "SqlUpdate", False, "SqlUpdate", "", "", "Argument[1]", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "UpdatableSqlQuery", False, "UpdatableSqlQuery", "", "", "Argument[1]", "sql", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.jndi.model.yml b/java/ql/lib/ext/org.springframework.jndi.model.yml
new file mode 100644
index 00000000000..f0d5f7b692d
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.jndi.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.jndi", "JndiTemplate", False, "lookup", "", "", "Argument[0]", "jndi-injection", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.ldap.core.model.yml b/java/ql/lib/ext/org.springframework.ldap.core.model.yml
new file mode 100644
index 00000000000..962dec40c59
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.ldap.core.model.yml
@@ -0,0 +1,38 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.ldap.core", "LdapOperations", True, "findByDn", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "list", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "listBindings", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(Name)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(Name,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(Name,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(String)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookup", "(String,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "lookupContext", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "rename", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(Name,String,int,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(Name,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(String,String,int,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(String,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(LdapQuery,String)", "", "Argument[0]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "find", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "findOne", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "search", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForContext", "", "", "Argument[0..1]", "ldap", "manual"]
+      - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForObject", "", "", "Argument[0..1]", "ldap", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.ldap.model.yml b/java/ql/lib/ext/org.springframework.ldap.model.yml
new file mode 100644
index 00000000000..b42e3e85959
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.ldap.model.yml
@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.ldap", "LdapOperations", True, "findByDn", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "list", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "listBindings", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "lookup", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "lookupContext", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "rename", "", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(Name,String,int,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(Name,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(String,String,int,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "search", "(String,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "searchForObject", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
+      - ["org.springframework.ldap", "LdapOperations", True, "searchForObject", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.security.web.savedrequest.model.yml b/java/ql/lib/ext/org.springframework.security.web.savedrequest.model.yml
new file mode 100644
index 00000000000..e8d9ab1bef5
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.security.web.savedrequest.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getHeaderNames", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getHeaderValues", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getParameterMap", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getParameterValues", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.security.web.savedrequest", "SavedRequest", True, "getRedirectUrl", "", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.ui.model.yml b/java/ql/lib/ext/org.springframework.ui.model.yml
new file mode 100644
index 00000000000..7e230d11f2f
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.ui.model.yml
@@ -0,0 +1,37 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.ui", "ConcurrentModel", False, "ConcurrentModel", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ConcurrentModel", False, "ConcurrentModel", "(String,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "ConcurrentModel", False, "ConcurrentModel", "(String,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAllAttributes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAllAttributes", "(Collection)", "", "Argument[0].Element", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAllAttributes", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAllAttributes", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAttribute", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAttribute", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAttribute", "(String,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "addAttribute", "(String,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "asMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "asMap", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "getAttribute", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "mergeAttributes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "mergeAttributes", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "Model", True, "mergeAttributes", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "ModelMap", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "ModelMap", "(String,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "ModelMap", "(String,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAllAttributes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAllAttributes", "(Collection)", "", "Argument[0].Element", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAllAttributes", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAllAttributes", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAttribute", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAttribute", "(Object)", "", "Argument[0]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAttribute", "(String,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "addAttribute", "(String,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "getAttribute", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "mergeAttributes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "mergeAttributes", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.ui", "ModelMap", False, "mergeAttributes", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.util.model.yml b/java/ql/lib/ext/org.springframework.util.model.yml
new file mode 100644
index 00000000000..817f9b43c01
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.util.model.yml
@@ -0,0 +1,144 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.util", "AntPathMatcher", False, "combine", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "AntPathMatcher", False, "doMatch", "", "", "Argument[1]", "Argument[3].MapValue", "taint", "manual"]
+      - ["org.springframework.util", "AntPathMatcher", False, "extractPathWithinPattern", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "AntPathMatcher", False, "extractUriTemplateVariables", "", "", "Argument[1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.util", "AntPathMatcher", False, "tokenizePath", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "AntPathMatcher", False, "tokenizePattern", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "AutoPopulatingList", False, "AutoPopulatingList", "(java.util.List,java.lang.Class)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.util", "AutoPopulatingList", False, "AutoPopulatingList", "(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "decodeFromString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "decodeFromUrlSafeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "decodeUrlSafe", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "encodeToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "encodeToUrlSafeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "Base64Utils", False, "encodeUrlSafe", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "arrayToList", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "findFirstMatch", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "findValueOfType", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "firstElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "lastElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "mergeArrayIntoCollection", "", "", "Argument[0].ArrayElement", "Argument[1].Element", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "mergePropertiesIntoMap", "", "", "Argument[0].MapKey", "Argument[1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "mergePropertiesIntoMap", "", "", "Argument[0].MapValue", "Argument[1].MapValue", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "toArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "toIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "toMultiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "toMultiValueMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "unmodifiableMultiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "CollectionUtils", False, "unmodifiableMultiValueMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.util", "CompositeIterator", False, "add", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"]
+      - ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getReference", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getReference", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getSegment", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getSegment", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.util", "FastByteArrayOutputStream", False, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "FastByteArrayOutputStream", False, "toByteArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "FastByteArrayOutputStream", False, "write", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.util", "FastByteArrayOutputStream", False, "writeTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copy", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copyToByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copyToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "FileSystemUtils", False, "copyRecursively", "(java.io.File,java.io.File)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "LinkedMultiValueMap", False, "LinkedMultiValueMap", "(java.util.Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "LinkedMultiValueMap", False, "LinkedMultiValueMap", "(java.util.Map)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "LinkedMultiValueMap", False, "deepCopy", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "LinkedMultiValueMap", False, "deepCopy", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "add", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "add", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addAll", "(java.lang.Object,java.util.List)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addAll", "(java.lang.Object,java.util.List)", "", "Argument[1].Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addAll", "(org.springframework.util.MultiValueMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addAll", "(org.springframework.util.MultiValueMap)", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addIfAbsent", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "addIfAbsent", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "getFirst", "", "", "Argument[-1].MapValue.Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "set", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "set", "", "", "Argument[1]", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "setAll", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "setAll", "", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "toSingleValueMap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMap", True, "toSingleValueMap", "", "", "Argument[-1].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMapAdapter", False, "MultiValueMapAdapter", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
+      - ["org.springframework.util", "MultiValueMapAdapter", False, "MultiValueMapAdapter", "", "", "Argument[0].MapValue.Element", "Argument[-1].MapValue.Element", "value", "manual"]
+      - ["org.springframework.util", "ObjectUtils", False, "addObjectToArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "ObjectUtils", False, "addObjectToArray", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "ObjectUtils", False, "toObjectArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "ObjectUtils", False, "unwrapOptional", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "load", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "loadFromXml", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "store", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "store", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "storeToXml", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "PropertiesPersister", True, "storeToXml", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "PropertyPlaceholderHelper", False, "PropertyPlaceholderHelper", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.util", "PropertyPlaceholderHelper", False, "parseStringValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "PropertyPlaceholderHelper", False, "replacePlaceholders", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "PropertyPlaceholderHelper", False, "replacePlaceholders", "(java.lang.String,java.util.Properties)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "ResourceUtils", False, "extractArchiveURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "ResourceUtils", False, "extractJarFileURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "ResourceUtils", False, "getFile", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "ResourceUtils", False, "getURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "ResourceUtils", False, "toURI", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "RouteMatcher", True, "combine", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "RouteMatcher", True, "matchAndExtract", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.util", "RouteMatcher", True, "matchAndExtract", "", "", "Argument[1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.util", "RouteMatcher", True, "parseRoute", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "SerializationUtils", False, "deserialize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "SerializationUtils", False, "serialize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copy", "(byte[],java.io.OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copy", "(java.io.InputStream,java.io.OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copy", "(java.lang.String,java.nio.charset.Charset,java.io.OutputStream)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copyRange", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copyToByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StreamUtils", False, "copyToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "addStringToArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "addStringToArray", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "applyRelativePath", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "arrayToCommaDelimitedString", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "arrayToDelimitedString", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "arrayToDelimitedString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "capitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "cleanPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "collectionToCommaDelimitedString", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "collectionToDelimitedString", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "collectionToDelimitedString", "", "", "Argument[1..3]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "commaDelimitedListToSet", "", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "commaDelimitedListToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "concatenateStringArrays", "", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "delete", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "deleteAny", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "delimitedListToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "getFilename", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "getFilenameExtension", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "mergeStringArrays", "", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "quote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "quoteIfString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "removeDuplicateStrings", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "replace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "replace", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "sortStringArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "split", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "splitArrayElementsIntoProperties", "", "", "Argument[0].ArrayElement", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "splitArrayElementsIntoProperties", "", "", "Argument[0].ArrayElement", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "stripFilenameExtension", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "toStringArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "tokenizeToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimAllWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimArrayElements", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimLeadingCharacter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimLeadingWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimTrailingCharacter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimTrailingWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "trimWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "uncapitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "unqualify", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringUtils", False, "uriDecode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "StringValueResolver", False, "resolveStringValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.util", "SystemPropertyUtils", False, "resolvePlaceholders", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.validation.model.yml b/java/ql/lib/ext/org.springframework.validation.model.yml
new file mode 100644
index 00000000000..190254ad2d1
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.validation.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.validation", "Errors", True, "addAllErrors", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "getAllErrors", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "getFieldError", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "getFieldErrors", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "getGlobalError", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "getGlobalErrors", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "reject", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "reject", "", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "reject", "", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "rejectValue", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "rejectValue", "", "", "Argument[3]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "rejectValue", "(java.lang.String,java.lang.String,java.lang.Object[],java.lang.String)", "", "Argument[2].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.validation", "Errors", True, "rejectValue", "(java.lang.String,java.lang.String,java.lang.String)", "", "Argument[2]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.web.client.model.yml b/java/ql/lib/ext/org.springframework.web.client.model.yml
new file mode 100644
index 00000000000..69f4cb64fc6
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.web.client.model.yml
@@ -0,0 +1,25 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "getForEntity", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "postForEntity", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.web.client", "RestTemplate", False, "delete", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "doExecute", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "execute", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "getForEntity", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "getForObject", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "headForHeaders", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "optionsForAllow", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "patchForObject", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "postForEntity", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "postForLocation", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "postForObject", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.client", "RestTemplate", False, "put", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.web.context.request.model.yml b/java/ql/lib/ext/org.springframework.web.context.request.model.yml
new file mode 100644
index 00000000000..306bb87348e
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.web.context.request.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.context.request", "WebRequest", False, "getDescription", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getHeader", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getHeaderNames", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getHeaderValues", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getParameter", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getParameterMap", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getParameterNames", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.context.request", "WebRequest", False, "getParameterValues", "", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.web.multipart.model.yml b/java/ql/lib/ext/org.springframework.web.multipart.model.yml
new file mode 100644
index 00000000000..7c0505cbcc4
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.web.multipart.model.yml
@@ -0,0 +1,34 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getBytes", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getName", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getOriginalFilename", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getResource", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFile", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFileMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFileNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFiles", "(String)", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getMultiFileMap", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getMultipartContentType", "(String)", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getBytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getOriginalFilename", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartFile", True, "getResource", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartHttpServletRequest", True, "getMultipartHeaders", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartHttpServletRequest", True, "getRequestHeaders", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFileMap", "", "", "Argument[-1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFileNames", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getFiles", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartRequest", True, "getMultiFileMap", "", "", "Argument[-1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.multipart", "MultipartResolver", True, "resolveMultipart", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml b/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml
new file mode 100644
index 00000000000..cb2d1db4444
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.web.reactive.function.client", "WebClient", False, "create", "", "", "Argument[0]", "open-url", "manual"]
+      - ["org.springframework.web.reactive.function.client", "WebClient$Builder", False, "baseUrl", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/ext/org.springframework.web.util.model.yml b/java/ql/lib/ext/org.springframework.web.util.model.yml
new file mode 100644
index 00000000000..336d22b8696
--- /dev/null
+++ b/java/ql/lib/ext/org.springframework.web.util.model.yml
@@ -0,0 +1,169 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "getBaseUrl", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "setBaseUrl", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "setDefaultUriVariables", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      # Writing to a `Request` or `Response` currently doesn't propagate taint to the object itself.
+      - ["org.springframework.web.util", "ContentCachingRequestWrapper", False, "ContentCachingRequestWrapper", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "ContentCachingRequestWrapper", False, "getContentAsByteArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ContentCachingResponseWrapper", False, "ContentCachingResponseWrapper", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "ContentCachingResponseWrapper", False, "getContentAsByteArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ContentCachingResponseWrapper", False, "getContentInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "DefaultUriBuilderFactory", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "builder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "getDefaultUriVariables", "", "", "Argument[-1]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "setDefaultUriVariables", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "uriString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "HtmlUtils", False, "htmlEscape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "HtmlUtils", False, "htmlEscapeDecimal", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "HtmlUtils", False, "htmlEscapeHex", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "HtmlUtils", False, "htmlUnescape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletContextPropertyUtils", False, "resolvePlaceholders", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletRequestPathUtils", False, "getCachedPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletRequestPathUtils", False, "getCachedPathValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletRequestPathUtils", False, "getParsedRequestPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletRequestPathUtils", False, "parseAndCache", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "ServletRequestPathUtils", False, "setParsedRequestPath", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "build", "(Map)", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "build", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "build", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "fragment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "fragment", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "host", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "host", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "path", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "path", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "pathSegment", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "pathSegment", "", "", "Argument[0].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "port", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "port", "(java.lang.String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "query", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "query", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParam", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParam", "(String,Collection)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParam", "(String,Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParamIfPresent", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParamIfPresent", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParamIfPresent", "", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParams", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParams", "", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "queryParams", "", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replacePath", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replacePath", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQuery", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQuery", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParam", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParam", "(String,Collection)", "", "Argument[1].Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParam", "(String,Object[])", "", "Argument[1].ArrayElement", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParams", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParams", "", "", "Argument[0].MapKey", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "replaceQueryParams", "", "", "Argument[0].MapValue.Element", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "scheme", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "scheme", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "userInfo", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriBuilder", True, "userInfo", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilderFactory", True, "builder", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriBuilderFactory", True, "uriString", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "UriComponents", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "copyToUriComponentsBuilder", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "encode", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "expand", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "expand", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "expand", "(UriTemplateVariables)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getFragment", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getHost", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getPathSegments", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getQuery", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getQueryParams", "", "", "Argument[-1]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getQueryParams", "", "", "Argument[-1]", "ReturnValue.MapValue.Element", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getScheme", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getSchemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "getUserInfo", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents", False, "toUriString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponents$UriTemplateVariables", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "buildAndExpand", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "buildAndExpand", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "cloneBuilder", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "encode", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromHttpRequest", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromHttpUrl", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromOriginHeader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "fromUriString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "parseForwardedFor", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "schemeSpecificPart", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "schemeSpecificPart", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "toUriString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uri", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uri", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uriComponents", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uriComponents", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uriVariables", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "UriComponentsBuilder", False, "uriVariables", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplate", False, "expand", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplate", False, "expand", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplate", False, "getVariableNames", "", "", "Argument[-1]", "ReturnValue.Element", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplate", False, "match", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplate", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplateHandler", True, "expand", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplateHandler", True, "expand", "(String,Map)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriTemplateHandler", True, "expand", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeAuthority", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeFragment", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeHost", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodePath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodePathSegment", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodePort", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeQueryParam", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeQueryParams", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeQueryParams", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeScheme", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeUriVariables", "(Map)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeUriVariables", "(Map)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeUriVariables", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "encodeUserInfo", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UriUtils", False, "extractFileExtension", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "decodeMatrixVariables", "", "", "Argument[1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "decodeMatrixVariables", "", "", "Argument[1].MapValue", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "decodePathVariables", "", "", "Argument[1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "decodePathVariables", "", "", "Argument[1].MapValue", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "decodeRequestString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "removeSemicolonContent", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(Map,String)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(ServletRequest,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getCookie", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getNativeRequest", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getNativeResponse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getParametersStartingWith", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getParametersStartingWith", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getRealPath", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getRequiredSessionAttribute", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "getSessionAttribute", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "parseMatrixVariables", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "parseMatrixVariables", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["org.springframework.web.util", "WebUtils", False, "setSessionAttribute", "", "", "Argument[2]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.thymeleaf.model.yml b/java/ql/lib/ext/org.thymeleaf.model.yml
new file mode 100644
index 00000000000..fb294acafe6
--- /dev/null
+++ b/java/ql/lib/ext/org.thymeleaf.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.thymeleaf", "ITemplateEngine", True, "process", "", "", "Argument[0]", "ssti", "manual"]
+      - ["org.thymeleaf", "ITemplateEngine", True, "processThrottled", "", "", "Argument[0]", "ssti", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.thymeleaf", "TemplateSpec", False, "TemplateSpec", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["org.thymeleaf", "TemplateSpec", False, "getTemplate", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.xml.sax.model.yml b/java/ql/lib/ext/org.xml.sax.model.yml
new file mode 100644
index 00000000000..71f1194a94e
--- /dev/null
+++ b/java/ql/lib/ext/org.xml.sax.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.xml.sax", "InputSource", False, "InputSource", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
diff --git a/java/ql/lib/ext/org.xmlpull.v1.model.yml b/java/ql/lib/ext/org.xmlpull.v1.model.yml
new file mode 100644
index 00000000000..9002fda11c1
--- /dev/null
+++ b/java/ql/lib/ext/org.xmlpull.v1.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.xmlpull.v1", "XmlPullParser", False, "getName", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.xmlpull.v1", "XmlPullParser", False, "getNamespace", "()", "", "ReturnValue", "remote", "manual"]
+      - ["org.xmlpull.v1", "XmlPullParser", False, "getText", "()", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/play.mvc.model.yml b/java/ql/lib/ext/play.mvc.model.yml
new file mode 100644
index 00000000000..a1f8dc60fe0
--- /dev/null
+++ b/java/ql/lib/ext/play.mvc.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["play.mvc", "Http$RequestHeader", False, "getHeader", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", False, "getQueryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", False, "header", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", False, "queryString", "", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/lib/ext/ratpack.core.form.model.yml b/java/ql/lib/ext/ratpack.core.form.model.yml
new file mode 100644
index 00000000000..f3df142cf9d
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.core.form.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.core.form", "Form", True, "file", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.form", "Form", True, "files", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.form", "UploadedFile", True, "getFileName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.core.handling.model.yml b/java/ql/lib/ext/ratpack.core.handling.model.yml
new file mode 100644
index 00000000000..0882d1b983d
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.core.handling.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      # All Context#parse methods that return a Promise are remote flow sources.
+      - ["ratpack.core.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken,java.lang.Object)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(java.lang.Class)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(java.lang.Class,java.lang.Object)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.core.parse.Parse)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.parse.Parse)", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["ratpack.core.handling", "Context", True, "parse", "(ratpack.http.TypedData,ratpack.parse.Parse)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.core.http.model.yml b/java/ql/lib/ext/ratpack.core.http.model.yml
new file mode 100644
index 00000000000..2f6bc7fa17c
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.core.http.model.yml
@@ -0,0 +1,29 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["ratpack.core.http", "Request", True, "getBody", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getContentLength", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getQuery", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getQueryParams", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getRawUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "getUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.core.http", "Request", True, "oneCookie", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.core.http", "Headers", True, "asMultiValueMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "Headers", True, "get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "Headers", True, "getAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "Headers", True, "getNames", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "getBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "getBytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "getContentType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "getText", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.core.http", "TypedData", True, "writeTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.exec.model.yml b/java/ql/lib/ext/ratpack.exec.model.yml
new file mode 100644
index 00000000000..b2c0b2a2922
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.exec.model.yml
@@ -0,0 +1,53 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.exec", "Promise", True, "apply", "", "", "Argument[-1].Element", "Argument[0].Parameter[0].Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "apply", "", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "blockingMap", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "blockingMap", "", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "blockingOp", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "cacheIf", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatLeft", "", "", "Argument[-1].Element", "ReturnValue.Element.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatLeft", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatLeft", "(Function)", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatMap", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatMap", "", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatMapError", "", "", "Argument[1].ReturnValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatOp", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatRight", "", "", "Argument[-1].Element", "ReturnValue.Element.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatRight", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatRight", "(Function)", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "flatten", "", "", "Argument[0].ReturnValue.Element", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "left", "", "", "Argument[-1].Element", "ReturnValue.Element.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "left", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "left", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "left", "(Promise)", "", "Argument[0].Element", "ReturnValue.Element.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "map", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "map", "", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapError", "", "", "Argument[1].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapIf", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapIf", "", "", "Argument[-1].Element", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapIf", "", "", "Argument[-1].Element", "Argument[2].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapIf", "", "", "Argument[1].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "mapIf", "", "", "Argument[2].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "next", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "nextOp", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "nextOpIf", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "nextOpIf", "", "", "Argument[-1].Element", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "replace", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "right", "", "", "Argument[-1].Element", "ReturnValue.Element.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "right", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "right", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "right", "(Promise)", "", "Argument[0].Element", "ReturnValue.Element.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "route", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "route", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "route", "", "", "Argument[-1].Element", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "sync", "", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "then", "", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "value", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.exec", "Promise", True, "wiretap", "", "", "Argument[-1].Element", "Argument[0].Parameter[0].Element", "value", "manual"]
+      - ["ratpack.exec", "Result", True, "getValue", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["ratpack.exec", "Result", True, "getValueOrThrow", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
+      - ["ratpack.exec", "Result", True, "success", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
diff --git a/java/ql/lib/ext/ratpack.form.model.yml b/java/ql/lib/ext/ratpack.form.model.yml
new file mode 100644
index 00000000000..3c4f6b2dd2b
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.form.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.form", "Form", True, "file", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.form", "Form", True, "files", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.form", "UploadedFile", True, "getFileName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.func.model.yml b/java/ql/lib/ext/ratpack.func.model.yml
new file mode 100644
index 00000000000..6cd78dc39d9
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.func.model.yml
@@ -0,0 +1,44 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.func", "MultiValueMap", True, "asMultimap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["ratpack.func", "MultiValueMap", True, "asMultimap", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["ratpack.func", "MultiValueMap", True, "getAll", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["ratpack.func", "MultiValueMap", True, "getAll", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["ratpack.func", "MultiValueMap", True, "getAll", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "getLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "getRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "left", "()", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "left", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "left", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      # `map` maps over the `Pair`
+      - ["ratpack.func", "Pair", True, "map", "", "", "Argument[-1]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "map", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      # `mapLeft` & `mapRight` map over their respective fields
+      - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      # `nestLeft` Pair<A, B>.nestLeft(C) -> Pair<Pair<C, A>, B>
+      - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.left]", "value", "manual"]
+      # `nestRight` Pair<A, B>.nestRight(C) -> Pair<A, Pair<C, B>>
+      - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "of", "", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "of", "", "", "Argument[1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pair", "", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pair", "", "", "Argument[1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pushLeft", "(Object)", "", "Argument[-1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pushLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pushRight", "(Object)", "", "Argument[-1]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "pushRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "right", "()", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "right", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.func", "Pair", True, "right", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
diff --git a/java/ql/lib/ext/ratpack.handling.model.yml b/java/ql/lib/ext/ratpack.handling.model.yml
new file mode 100644
index 00000000000..1552fc7c1fd
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.handling.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      # All Context#parse methods that return a Promise are remote flow sources.
+      - ["ratpack.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken,java.lang.Object)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(java.lang.Class)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(java.lang.Class,java.lang.Object)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.core.parse.Parse)", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.parse.Parse)", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.core.http.TypedData,ratpack.core.parse.Parse)", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"]
+      - ["ratpack.handling", "Context", True, "parse", "(ratpack.http.TypedData,ratpack.parse.Parse)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.http.model.yml b/java/ql/lib/ext/ratpack.http.model.yml
new file mode 100644
index 00000000000..340d3d29905
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.http.model.yml
@@ -0,0 +1,29 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["ratpack.http", "Request", True, "getBody", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getContentLength", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getQuery", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getQueryParams", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getRawUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "getUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["ratpack.http", "Request", True, "oneCookie", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.http", "Headers", True, "asMultiValueMap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "Headers", True, "get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "Headers", True, "getAll", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "Headers", True, "getNames", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "getBuffer", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "getBytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "getContentType", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "getText", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ratpack.http", "TypedData", True, "writeTo", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
diff --git a/java/ql/lib/ext/ratpack.util.model.yml b/java/ql/lib/ext/ratpack.util.model.yml
new file mode 100644
index 00000000000..0510897c4c6
--- /dev/null
+++ b/java/ql/lib/ext/ratpack.util.model.yml
@@ -0,0 +1,44 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["ratpack.util", "MultiValueMap", True, "asMultimap", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["ratpack.util", "MultiValueMap", True, "asMultimap", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
+      - ["ratpack.util", "MultiValueMap", True, "getAll", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
+      - ["ratpack.util", "MultiValueMap", True, "getAll", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue.Element", "value", "manual"]
+      - ["ratpack.util", "MultiValueMap", True, "getAll", "(Object)", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "getLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "getRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "left", "()", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "left", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "left", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      # `map` maps over the `Pair`
+      - ["ratpack.util", "Pair", True, "map", "", "", "Argument[-1]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "map", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      # `mapLeft` & `mapRight` map over their respective fields
+      - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      # `nestLeft` Pair<A, B>.nestLeft(C) -> Pair<Pair<C, A>, B>
+      - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.left]", "value", "manual"]
+      # `nestRight` Pair<A, B>.nestRight(C) -> Pair<A, Pair<C, B>>
+      - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "of", "", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "of", "", "", "Argument[1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pair", "", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pair", "", "", "Argument[1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pushLeft", "(Object)", "", "Argument[-1]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pushLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pushRight", "(Object)", "", "Argument[-1]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "pushRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "right", "()", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "right", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"]
+      - ["ratpack.util", "Pair", True, "right", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"]
diff --git a/java/ql/lib/ext/retrofit2.model.yml b/java/ql/lib/ext/retrofit2.model.yml
new file mode 100644
index 00000000000..51c4c0eed83
--- /dev/null
+++ b/java/ql/lib/ext/retrofit2.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["retrofit2", "Retrofit$Builder", True, "baseUrl", "", "", "Argument[0]", "open-url", "manual"]
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
index 0d8258e5ef1..3219ed8b7dc 100644
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,7 +1,15 @@
 name: codeql/java-all
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
 library: true
 upgrades: upgrades
+dependencies:
+  codeql/regex: ${workspace}
+  codeql/typetracking: ${workspace}
+  codeql/util: ${workspace}
+dataExtensions:
+  - ext/*.model.yml
+  - ext/generated/*.model.yml
+  - ext/experimental/*.model.yml
diff --git a/java/ql/lib/semmle/code/java/Annotation.qll b/java/ql/lib/semmle/code/java/Annotation.qll
index 28f994053a2..fa010ec88c0 100644
--- a/java/ql/lib/semmle/code/java/Annotation.qll
+++ b/java/ql/lib/semmle/code/java/Annotation.qll
@@ -37,7 +37,9 @@ class Annotation extends @annotation, Expr {
   }
 
   /** Gets the annotation type declaration for this annotation. */
-  override AnnotationType getType() { result = Expr.super.getType() }
+  override AnnotationType getType() {
+    result = Expr.super.getType().(Interface).getSourceDeclaration()
+  }
 
   /** Gets the annotation element with the specified `name`. */
   AnnotationElement getAnnotationElement(string name) {
@@ -249,7 +251,7 @@ private predicate filteredAnnotValue(Annotation a, Method m, Expr val) {
 
 private predicate sourceAnnotValue(Annotation a, Method m, Expr val) {
   annotValue(a, m, val) and
-  val.getFile().getExtension() = "java"
+  val.getFile().isSourceFile()
 }
 
 /** An abstract representation of language elements that can be annotated. */
diff --git a/java/ql/lib/semmle/code/java/Compilation.qll b/java/ql/lib/semmle/code/java/Compilation.qll
index f38dc8ddb6b..c4b846edade 100644
--- a/java/ql/lib/semmle/code/java/Compilation.qll
+++ b/java/ql/lib/semmle/code/java/Compilation.qll
@@ -143,4 +143,9 @@ class Compilation extends @compilation {
    * Holds if the extractor encountered non-recoverable errors.
    */
   predicate nonRecoverableErrors() { compilation_finished(this, _, _, 2) }
+
+  /**
+   * Gets the piece of compilation information with the given key, if any.
+   */
+  string getInfo(string key) { compilation_info(this, key, result) }
 }
diff --git a/java/ql/lib/semmle/code/java/DependencyCounts.qll b/java/ql/lib/semmle/code/java/DependencyCounts.qll
index 1010be48055..b34e774f1e1 100644
--- a/java/ql/lib/semmle/code/java/DependencyCounts.qll
+++ b/java/ql/lib/semmle/code/java/DependencyCounts.qll
@@ -91,7 +91,7 @@ predicate numDepends(RefType t, RefType dep, int value) {
         elem = a and usesType(a.getType(), dep)
         or
         elem = [a.getValue(_), a.getAnArrayValue(_)] and
-        elem.getFile().getExtension() = "java" and
+        elem.getFile().isSourceFile() and
         usesType(elem.(Expr).getType(), dep)
       )
       or
diff --git a/java/ql/lib/semmle/code/java/Diagnostics.qll b/java/ql/lib/semmle/code/java/Diagnostics.qll
index 086998691bd..e6e16b4e07c 100644
--- a/java/ql/lib/semmle/code/java/Diagnostics.qll
+++ b/java/ql/lib/semmle/code/java/Diagnostics.qll
@@ -15,8 +15,18 @@ class Diagnostic extends @diagnostic {
   string getGeneratedBy() { diagnostics(this, result, _, _, _, _, _) }
 
   /**
-   * Gets the severity of the message, on a range from 1 to 5: 1=remark,
-   * 2=warning, 3=discretionary error, 4=error, 5=catastrophic error.
+   * Gets the severity of the message.
+   *
+   * For Java, this ranges from 1 to 8:
+   * 1=warning(low)
+   * 2=warning(normal)
+   * 3=warning(high)
+   * 4=error(low)    Minor extractor errors, with minimal impact on analysis
+   * 5=error(normal) Most extractor errors, with local impact on analysis
+   * 6=error(high)   Errors from the frontend
+   * 7=error(severe) Severe extractor errors affecting a single source file
+   * 8=error(global) Severe extractor errors likely to affect multiple source files
+   * For Kotlin, only the "normal" warning and error severities are used.
    */
   int getSeverity() { diagnostics(this, _, result, _, _, _, _) }
 
diff --git a/java/ql/lib/semmle/code/java/Element.qll b/java/ql/lib/semmle/code/java/Element.qll
index 751fe1a1d64..08689f05f94 100644
--- a/java/ql/lib/semmle/code/java/Element.qll
+++ b/java/ql/lib/semmle/code/java/Element.qll
@@ -71,6 +71,8 @@ class Element extends @element, Top {
       i = 11 and result = "Forwarder for a Kotlin class inheriting an interface default method"
       or
       i = 12 and result = "Argument for enum constructor call"
+      or
+      i = 13 and result = "The class around a local function, a lambda, or a function reference"
     )
   }
 }
diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll
index fedcfc8ecbb..a10da9ecc9f 100644
--- a/java/ql/lib/semmle/code/java/Expr.qll
+++ b/java/ql/lib/semmle/code/java/Expr.qll
@@ -1896,7 +1896,8 @@ class VarAccess extends Expr, @varaccess {
 class ExtensionReceiverAccess extends VarAccess {
   ExtensionReceiverAccess() {
     exists(Parameter p |
-      this.getVariable() = p and p.getPosition() = 0 and p.getCallable() instanceof ExtensionMethod
+      this.getVariable() = p and
+      p.isExtensionParameter()
     )
   }
 
diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll
index 102006b3213..62f9a22401d 100644
--- a/java/ql/lib/semmle/code/java/Member.qll
+++ b/java/ql/lib/semmle/code/java/Member.qll
@@ -327,18 +327,8 @@ class Callable extends StmtParent, Member, @callable {
         this instanceof Method and
         result instanceof Method and
         this.getName() + "$default" = result.getName() and
-        extraLeadingParams <= 1 and
-        (
-          if ktExtensionFunctions(this, _, _)
-          then
-            // Both extension receivers are expected to occur at arg0, with any
-            // dispatch receiver inserted afterwards in the $default proxy's parameter list.
-            // Check the extension receiver matches here, and note regular args
-            // are bumped one position to the right.
-            regularParamsStartIdx = extraLeadingParams + 1 and
-            this.getParameterType(0).getErasure() = eraseRaw(result.getParameterType(0))
-          else regularParamsStartIdx = extraLeadingParams
-        ) and
+        extraLeadingParams <= 1 and // 0 for static methods, 1 for instance methods
+        regularParamsStartIdx = extraLeadingParams and
         lastParamType instanceof TypeObject
       )
     |
@@ -638,6 +628,9 @@ class Constructor extends Callable, @constructor {
   /** Holds if this is a default constructor, not explicitly declared in source code. */
   predicate isDefaultConstructor() { isDefConstr(this) }
 
+  /** Holds if this is a constructor without parameters. */
+  predicate isParameterless() { this.getNumberOfParameters() = 0 }
+
   override Constructor getSourceDeclaration() { constrs(this, _, _, _, _, result) }
 
   override string getSignature() { constrs(this, _, result, _, _, _) }
@@ -824,4 +817,19 @@ class ExtensionMethod extends Method {
   KotlinType getExtendedKotlinType() { result = extendedKotlinType }
 
   override string getAPrimaryQlClass() { result = "ExtensionMethod" }
+
+  /**
+   * Gets the index of the parameter that is the extension receiver. This is typically index 0. In case of `$default`
+   * extension methods that are defined as members, the index is 1. Index 0 is the dispatch receiver of the `$default`
+   * method.
+   */
+  int getExtensionReceiverParameterIndex() {
+    if
+      exists(Method src |
+        this = src.getKotlinParameterDefaultsProxy() and
+        src.getNumberOfParameters() = this.getNumberOfParameters() - 3 // 2 extra parameters + 1 dispatch receiver
+      )
+    then result = 1
+    else result = 0
+  }
 }
diff --git a/java/ql/lib/semmle/code/java/PrintAst.qll b/java/ql/lib/semmle/code/java/PrintAst.qll
index 4fe7e3f1ec5..0e52be33149 100644
--- a/java/ql/lib/semmle/code/java/PrintAst.qll
+++ b/java/ql/lib/semmle/code/java/PrintAst.qll
@@ -7,7 +7,7 @@
  */
 
 import java
-import semmle.code.java.regex.RegexTreeView
+import semmle.code.java.regex.RegexTreeView as RegexTreeView
 
 private newtype TPrintAstConfiguration = MkPrintAstConfiguration()
 
@@ -120,7 +120,12 @@ private newtype TPrintAstNode =
     shouldPrint(lvde, _) and lvde.getParent() instanceof SingleLocalVarDeclParent
   } or
   TAnnotationsNode(Annotatable ann) {
-    shouldPrint(ann, _) and ann.hasDeclaredAnnotation() and not partOfAnnotation(ann)
+    shouldPrint(ann, _) and
+    ann.hasDeclaredAnnotation() and
+    not partOfAnnotation(ann) and
+    // The Kotlin compiler might add annotations that are only present in byte code, although the annotatable element is
+    // present in source code.
+    exists(Annotation a | a.getAnnotatedElement() = ann and shouldPrint(a, _))
   } or
   TParametersNode(Callable c) { shouldPrint(c, _) and not c.hasNoParameters() } or
   TBaseTypesNode(ClassOrInterface ty) { shouldPrint(ty, _) } or
@@ -134,8 +139,10 @@ private newtype TPrintAstNode =
   TImportsNode(CompilationUnit cu) {
     shouldPrint(cu, _) and exists(Import i | i.getCompilationUnit() = cu)
   } or
-  TRegExpTermNode(RegExpTerm term) {
-    exists(StringLiteral str | term.getRootTerm() = getParsedRegExp(str) and shouldPrint(str, _))
+  TRegExpTermNode(RegexTreeView::RegExpTerm term) {
+    exists(StringLiteral str |
+      term.getRootTerm() = RegexTreeView::getParsedRegExp(str) and shouldPrint(str, _)
+    )
   }
 
 /**
@@ -291,19 +298,21 @@ final class AnnotationPartNode extends ExprStmtNode {
 
   override ElementNode getChild(int childIndex) {
     result.getElement() =
-      rank[childIndex](Element ch, string file, int line, int column |
-        ch = this.getAnAnnotationChild() and locationSortKeys(ch, file, line, column)
+      rank[childIndex](Element ch, string file, int line, int column, int idx |
+        ch = this.getAnnotationChild(idx) and locationSortKeys(ch, file, line, column)
       |
-        ch order by file, line, column
+        ch order by file, line, column, idx
       )
   }
 
-  private Expr getAnAnnotationChild() {
-    result = element.(Annotation).getValue(_)
+  private Expr getAnnotationChild(int index) {
+    result = element.(Annotation).getValue(_) and
+    index >= 0 and
+    if exists(int x | x >= 0 | result.isNthChildOf(element, x))
+    then result.isNthChildOf(element, index)
+    else result.isNthChildOf(element, -(index + 1))
     or
-    result = element.(ArrayInit).getAnInit()
-    or
-    result = element.(ArrayInit).(Annotatable).getAnAnnotation()
+    result = element.(ArrayInit).getInit(index)
   }
 }
 
@@ -316,7 +325,7 @@ final class StringLiteralNode extends ExprStmtNode {
 
   override PrintAstNode getChild(int childIndex) {
     childIndex = 0 and
-    result.(RegExpTermNode).getTerm() = getParsedRegExp(element)
+    result.(RegExpTermNode).getTerm() = RegexTreeView::getParsedRegExp(element)
   }
 }
 
@@ -324,12 +333,12 @@ final class StringLiteralNode extends ExprStmtNode {
  * A node representing a regular expression term.
  */
 class RegExpTermNode extends TRegExpTermNode, PrintAstNode {
-  RegExpTerm term;
+  RegexTreeView::RegExpTerm term;
 
   RegExpTermNode() { this = TRegExpTermNode(term) }
 
   /** Gets the `RegExpTerm` for this node. */
-  RegExpTerm getTerm() { result = term }
+  RegexTreeView::RegExpTerm getTerm() { result = term }
 
   override PrintAstNode getChild(int childIndex) {
     result.(RegExpTermNode).getTerm() = term.getChild(childIndex)
@@ -391,12 +400,6 @@ final class LocalTypeDeclStmtNode extends ExprStmtNode {
   }
 }
 
-/**
- * DEPRECATED: Renamed `LocalTypeDeclStmtNode` to reflect the fact that
- * as of Java 16 interfaces can also be declared locally, not just classes.
- */
-deprecated class LocalClassDeclStmtNode = LocalTypeDeclStmtNode;
-
 /**
  * A node representing a `ForStmt`.
  */
@@ -676,10 +679,10 @@ final class AnnotationsNode extends PrintAstNode, TAnnotationsNode {
 
   override ElementNode getChild(int childIndex) {
     result.getElement() =
-      rank[childIndex](Element e, string file, int line, int column |
-        e = ann.getAnAnnotation() and locationSortKeys(e, file, line, column)
+      rank[childIndex](Element e, string file, int line, int column, string s |
+        e = ann.getAnAnnotation() and locationSortKeys(e, file, line, column) and s = e.toString()
       |
-        e order by file, line, column
+        e order by file, line, column, s
       )
   }
 
diff --git a/java/ql/lib/semmle/code/java/Statement.qll b/java/ql/lib/semmle/code/java/Statement.qll
index 2c8cff3c217..fe0ba23093a 100644
--- a/java/ql/lib/semmle/code/java/Statement.qll
+++ b/java/ql/lib/semmle/code/java/Statement.qll
@@ -781,12 +781,6 @@ class LocalTypeDeclStmt extends Stmt, @localtypedeclstmt {
   /** Gets the local type declared by this statement. */
   LocalClassOrInterface getLocalType() { isLocalClassOrInterface(result, this) }
 
-  /**
-   * DEPRECATED: Renamed `getLocalType` to reflect the fact that
-   * as of Java 16 interfaces can also be declared locally, not just classes.
-   */
-  deprecated LocalClassOrInterface getLocalClass() { result = this.getLocalType() }
-
   private string getDeclKeyword() {
     result = "class" and this.getLocalType() instanceof Class
     or
@@ -802,12 +796,6 @@ class LocalTypeDeclStmt extends Stmt, @localtypedeclstmt {
   override string getAPrimaryQlClass() { result = "LocalTypeDeclStmt" }
 }
 
-/**
- * DEPRECATED: Renamed `LocalTypeDeclStmt` to reflect the fact that
- * as of Java 16 interfaces can also be declared locally, not just classes.
- */
-deprecated class LocalClassDeclStmt = LocalTypeDeclStmt;
-
 /** An explicit `this(...)` constructor invocation. */
 class ThisConstructorInvocationStmt extends Stmt, ConstructorCall, @constructorinvocationstmt {
   /** Gets an argument of this constructor invocation. */
diff --git a/java/ql/lib/semmle/code/java/Type.qll b/java/ql/lib/semmle/code/java/Type.qll
index 63df6feef42..eff61ed0fde 100644
--- a/java/ql/lib/semmle/code/java/Type.qll
+++ b/java/ql/lib/semmle/code/java/Type.qll
@@ -828,12 +828,6 @@ class LocalClassOrInterface extends NestedType, ClassOrInterface {
   /** Gets the statement that declares this local class. */
   LocalTypeDeclStmt getLocalTypeDeclStmt() { isLocalClassOrInterface(this, result) }
 
-  /**
-   * DEPRECATED: renamed `getLocalTypeDeclStmt` to reflect the fact that
-   * as of Java 16 interfaces can also be declared locally.
-   */
-  deprecated LocalTypeDeclStmt getLocalClassDeclStmt() { result = this.getLocalTypeDeclStmt() }
-
   override string getAPrimaryQlClass() { result = "LocalClassOrInterface" }
 }
 
diff --git a/java/ql/lib/semmle/code/java/Variable.qll b/java/ql/lib/semmle/code/java/Variable.qll
index 7be49acf546..82314824395 100644
--- a/java/ql/lib/semmle/code/java/Variable.qll
+++ b/java/ql/lib/semmle/code/java/Variable.qll
@@ -91,7 +91,7 @@ class Parameter extends Element, @param, LocalScopeVariable {
 
   /** Holds if this formal parameter is a parameter representing the dispatch receiver in an extension method. */
   predicate isExtensionParameter() {
-    this.getPosition() = 0 and this.getCallable() instanceof ExtensionMethod
+    this.getPosition() = this.getCallable().(ExtensionMethod).getExtensionReceiverParameterIndex()
   }
 
   /**
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
index 8460c662d5c..02e0953bbc5 100644
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -1,22 +1,23 @@
 /**
  * INTERNAL use only. This is an experimental API subject to change without notice.
  *
- * Provides classes and predicates for dealing with flow models specified in CSV format.
+ * Provides classes and predicates for dealing with flow models specified
+ * in data extensions and CSV format.
  *
  * The CSV specification has the following columns:
  * - Sources:
- *   `namespace; type; subtypes; name; signature; ext; output; kind; provenance`
+ *   `package; type; subtypes; name; signature; ext; output; kind; provenance`
  * - Sinks:
- *   `namespace; type; subtypes; name; signature; ext; input; kind; provenance`
+ *   `package; type; subtypes; name; signature; ext; input; kind; provenance`
  * - Summaries:
- *   `namespace; type; subtypes; name; signature; ext; input; output; kind; provenance`
- * - Negative Summaries:
- *   `namespace; type; name; signature; provenance`
- *   A negative summary is used to indicate that there is no flow via a callable.
+ *   `package; type; subtypes; name; signature; ext; input; output; kind; provenance`
+ * - Neutrals:
+ *   `package; type; name; signature; provenance`
+ *   A neutral is used to indicate that there is no flow via a callable.
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
- * 1. The `namespace` column selects a package.
+ * 1. The `package` column selects a package.
  * 2. The `type` column selects a type within that package.
  * 3. The `subtypes` is a boolean that indicates whether to jump to an
  *    arbitrary subtype of that type.
@@ -77,367 +78,109 @@ private import internal.DataFlowPrivate
 private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific
 private import internal.AccessPathSyntax
+private import ExternalFlowExtensions as Extensions
 private import FlowSummary
 
 /**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import internal.ContainerFlow
-  private import semmle.code.java.frameworks.android.Android
-  private import semmle.code.java.frameworks.android.ContentProviders
-  private import semmle.code.java.frameworks.android.ExternalStorage
-  private import semmle.code.java.frameworks.android.Intent
-  private import semmle.code.java.frameworks.android.Notifications
-  private import semmle.code.java.frameworks.android.SharedPreferences
-  private import semmle.code.java.frameworks.android.Slice
-  private import semmle.code.java.frameworks.android.SQLite
-  private import semmle.code.java.frameworks.android.Widget
-  private import semmle.code.java.frameworks.android.XssSinks
-  private import semmle.code.java.frameworks.ApacheHttp
-  private import semmle.code.java.frameworks.apache.Collections
-  private import semmle.code.java.frameworks.apache.IO
-  private import semmle.code.java.frameworks.apache.Lang
-  private import semmle.code.java.frameworks.Flexjson
-  private import semmle.code.java.frameworks.generated
-  private import semmle.code.java.frameworks.guava.Guava
-  private import semmle.code.java.frameworks.jackson.JacksonSerializability
-  private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
-  private import semmle.code.java.frameworks.JavaIo
-  private import semmle.code.java.frameworks.JavaxJson
-  private import semmle.code.java.frameworks.JaxWS
-  private import semmle.code.java.frameworks.JoddJson
-  private import semmle.code.java.frameworks.JsonJava
-  private import semmle.code.java.frameworks.Logging
-  private import semmle.code.java.frameworks.Objects
-  private import semmle.code.java.frameworks.OkHttp
-  private import semmle.code.java.frameworks.Optional
-  private import semmle.code.java.frameworks.Regex
-  private import semmle.code.java.frameworks.Retrofit
-  private import semmle.code.java.frameworks.Stream
-  private import semmle.code.java.frameworks.Strings
-  private import semmle.code.java.frameworks.Thymeleaf
-  private import semmle.code.java.frameworks.ratpack.Ratpack
-  private import semmle.code.java.frameworks.ratpack.RatpackExec
-  private import semmle.code.java.frameworks.spring.SpringCache
-  private import semmle.code.java.frameworks.spring.SpringContext
-  private import semmle.code.java.frameworks.spring.SpringData
-  private import semmle.code.java.frameworks.spring.SpringHttp
-  private import semmle.code.java.frameworks.spring.SpringUtil
-  private import semmle.code.java.frameworks.spring.SpringUi
-  private import semmle.code.java.frameworks.spring.SpringValidation
-  private import semmle.code.java.frameworks.spring.SpringWebClient
-  private import semmle.code.java.frameworks.spring.SpringBeans
-  private import semmle.code.java.frameworks.spring.SpringWebMultipart
-  private import semmle.code.java.frameworks.spring.SpringWebUtil
-  private import semmle.code.java.security.AndroidIntentRedirection
-  private import semmle.code.java.security.ResponseSplitting
-  private import semmle.code.java.security.InformationLeak
-  private import semmle.code.java.security.Files
-  private import semmle.code.java.security.GroovyInjection
-  private import semmle.code.java.security.ImplicitPendingIntents
-  private import semmle.code.java.security.JexlInjectionSinkModels
-  private import semmle.code.java.security.JndiInjection
-  private import semmle.code.java.security.LdapInjection
-  private import semmle.code.java.security.MvelInjection
-  private import semmle.code.java.security.OgnlInjection
-  private import semmle.code.java.security.TemplateInjection
-  private import semmle.code.java.security.XPath
-  private import semmle.code.java.security.XsltInjection
-  private import semmle.code.java.frameworks.Jdbc
-  private import semmle.code.java.frameworks.Jdbi
-  private import semmle.code.java.frameworks.HikariCP
-  private import semmle.code.java.frameworks.SpringJdbc
-  private import semmle.code.java.frameworks.MyBatis
-  private import semmle.code.java.frameworks.Hibernate
-  private import semmle.code.java.frameworks.jOOQ
-  private import semmle.code.java.frameworks.JMS
-  private import semmle.code.java.frameworks.RabbitMQ
-  private import semmle.code.java.regex.RegexFlowModels
-  private import semmle.code.java.frameworks.kotlin.StdLib
-}
-
-/**
+ * DEPRECATED: Define source models as data extensions instead.
+ *
  * A unit class for adding additional source model rows.
  *
  * Extend this class to add additional source definitions.
  */
-class SourceModelCsv extends Unit {
+deprecated class SourceModelCsv = SourceModelCsvInternal;
+
+private class SourceModelCsvInternal extends Unit {
   /** Holds if `row` specifies a source definition. */
   abstract predicate row(string row);
 }
 
 /**
+ * DEPRECATED: Define sink models as data extensions instead.
+ *
  * A unit class for adding additional sink model rows.
  *
  * Extend this class to add additional sink definitions.
  */
-class SinkModelCsv extends Unit {
+deprecated class SinkModelCsv = SinkModelCsvInternal;
+
+private class SinkModelCsvInternal extends Unit {
   /** Holds if `row` specifies a sink definition. */
   abstract predicate row(string row);
 }
 
 /**
+ * DEPRECATED: Define summary models as data extensions instead.
+ *
  * A unit class for adding additional summary model rows.
  *
  * Extend this class to add additional flow summary definitions.
  */
-class SummaryModelCsv extends Unit {
+deprecated class SummaryModelCsv = SummaryModelCsvInternal;
+
+private class SummaryModelCsvInternal extends Unit {
   /** Holds if `row` specifies a summary definition. */
   abstract predicate row(string row);
 }
 
+private predicate sourceModelInternal(string row) { any(SourceModelCsvInternal s).row(row) }
+
+private predicate summaryModelInternal(string row) { any(SummaryModelCsvInternal s).row(row) }
+
+private predicate sinkModelInternal(string row) { any(SinkModelCsvInternal s).row(row) }
+
 /**
- * A unit class for adding negative summary model rows.
+ * A class for activating additional model rows.
  *
- * Extend this class to add additional flow summary definitions.
+ * Extend this class to include experimental model rows with `this` name
+ * in data flow analysis.
  */
-class NegativeSummaryModelCsv extends Unit {
-  /** Holds if `row` specifies a negative summary definition. */
-  abstract predicate row(string row);
-}
+abstract class ActiveExperimentalModels extends string {
+  bindingset[this]
+  ActiveExperimentalModels() { any() }
 
-private class SourceModelCsvBase extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // org.springframework.security.web.savedrequest.SavedRequest
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getRedirectUrl;;;ReturnValue;remote;manual",
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getCookies;;;ReturnValue;remote;manual",
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getHeaderValues;;;ReturnValue;remote;manual",
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getHeaderNames;;;ReturnValue;remote;manual",
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getParameterValues;;;ReturnValue;remote;manual",
-        "org.springframework.security.web.savedrequest;SavedRequest;true;getParameterMap;;;ReturnValue;remote;manual",
-        // ServletRequestGetParameterMethod
-        "javax.servlet;ServletRequest;false;getParameter;(String);;ReturnValue;remote;manual",
-        "javax.servlet;ServletRequest;false;getParameterValues;(String);;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getParameter;(String);;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getParameterValues;(String);;ReturnValue;remote;manual",
-        // ServletRequestGetParameterMapMethod
-        "javax.servlet;ServletRequest;false;getParameterMap;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getParameterMap;();;ReturnValue;remote;manual",
-        // ServletRequestGetParameterNamesMethod
-        "javax.servlet;ServletRequest;false;getParameterNames;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getParameterNames;();;ReturnValue;remote;manual",
-        // HttpServletRequestGetQueryStringMethod
-        "javax.servlet.http;HttpServletRequest;false;getQueryString;();;ReturnValue;remote;manual",
-        //
-        // URLConnectionGetInputStreamMethod
-        "java.net;URLConnection;false;getInputStream;();;ReturnValue;remote;manual",
-        // SocketGetInputStreamMethod
-        "java.net;Socket;false;getInputStream;();;ReturnValue;remote;manual",
-        // BeanValidationSource
-        "javax.validation;ConstraintValidator;true;isValid;;;Parameter[0];remote;manual",
-        // SpringMultipartRequestSource
-        "org.springframework.web.multipart;MultipartRequest;true;getFile;(String);;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFileMap;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFileNames;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFiles;(String);;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getMultipartContentType;(String);;ReturnValue;remote;manual",
-        // SpringMultipartFileSource
-        "org.springframework.web.multipart;MultipartFile;true;getBytes;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getContentType;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getInputStream;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getName;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;();;ReturnValue;remote;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getResource;();;ReturnValue;remote;manual",
-        // HttpServletRequest.get*
-        "javax.servlet.http;HttpServletRequest;false;getHeader;(String);;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getHeaders;(String);;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getHeaderNames;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getPathInfo;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getRequestURI;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getRequestURL;();;ReturnValue;remote;manual",
-        "javax.servlet.http;HttpServletRequest;false;getRemoteUser;();;ReturnValue;remote;manual",
-        // SpringWebRequestGetMethod
-        "org.springframework.web.context.request;WebRequest;false;getDescription;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getHeader;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getHeaderNames;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getHeaderValues;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getParameter;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getParameterMap;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getParameterNames;;;ReturnValue;remote;manual",
-        "org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote;manual",
-        // TODO consider org.springframework.web.context.request.WebRequest.getRemoteUser
-        // ServletRequestGetBodyMethod
-        "javax.servlet;ServletRequest;false;getInputStream;();;ReturnValue;remote;manual",
-        "javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote;manual",
-        // CookieGet*
-        "javax.servlet.http;Cookie;false;getValue;();;ReturnValue;remote;manual",
-        "javax.servlet.http;Cookie;false;getName;();;ReturnValue;remote;manual",
-        "javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote;manual",
-        // ApacheHttp*
-        "org.apache.http;HttpMessage;false;getParams;();;ReturnValue;remote;manual",
-        "org.apache.http;HttpEntity;false;getContent;();;ReturnValue;remote;manual",
-        // In the setting of Android we assume that XML has been transmitted over
-        // the network, so may be tainted.
-        // XmlPullGetMethod
-        "org.xmlpull.v1;XmlPullParser;false;getName;();;ReturnValue;remote;manual",
-        "org.xmlpull.v1;XmlPullParser;false;getNamespace;();;ReturnValue;remote;manual",
-        "org.xmlpull.v1;XmlPullParser;false;getText;();;ReturnValue;remote;manual",
-        // XmlAttrSetGetMethod
-        "android.util;AttributeSet;false;getAttributeBooleanValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeCount;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeFloatValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeIntValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeListValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeName;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeNameResource;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeNamespace;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeResourceValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeUnsignedIntValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getAttributeValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getClassAttribute;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getIdAttribute;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getIdAttributeResourceValue;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getPositionDescription;;;ReturnValue;remote;manual",
-        "android.util;AttributeSet;false;getStyleAttribute;;;ReturnValue;remote;manual",
-        // The current URL in a browser may be untrusted or uncontrolled.
-        // WebViewGetUrlMethod
-        "android.webkit;WebView;false;getUrl;();;ReturnValue;remote;manual",
-        "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote;manual",
-        // SpringRestTemplateResponseEntityMethod
-        "org.springframework.web.client;RestTemplate;false;exchange;;;ReturnValue;remote;manual",
-        "org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote;manual",
-        "org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote;manual",
-        // WebSocketMessageParameterSource
-        "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote;manual",
-        // PlayRequestGetMethod
-        "play.mvc;Http$RequestHeader;false;queryString;;;ReturnValue;remote;manual",
-        "play.mvc;Http$RequestHeader;false;getQueryString;;;ReturnValue;remote;manual",
-        "play.mvc;Http$RequestHeader;false;header;;;ReturnValue;remote;manual",
-        "play.mvc;Http$RequestHeader;false;getHeader;;;ReturnValue;remote;manual"
-      ]
+  /**
+   * Holds if an experimental source model exists for the given parameters.
+   */
+  predicate sourceModel(
+    string package, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance
+  ) {
+    Extensions::experimentalSourceModel(package, type, subtypes, name, signature, ext, output, kind,
+      provenance, this)
+  }
+
+  /**
+   * Holds if an experimental sink model exists for the given parameters.
+   */
+  predicate sinkModel(
+    string package, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance
+  ) {
+    Extensions::experimentalSinkModel(package, type, subtypes, name, signature, ext, output, kind,
+      provenance, this)
+  }
+
+  /**
+   * Holds if an experimental summary model exists for the given parameters.
+   */
+  predicate summaryModel(
+    string package, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string output, string kind, string provenance
+  ) {
+    Extensions::experimentalSummaryModel(package, type, subtypes, name, signature, ext, input,
+      output, kind, provenance, this)
   }
 }
 
-private class SinkModelCsvBase extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // Open URL
-        "java.net;URL;false;openConnection;;;Argument[-1];open-url;manual",
-        "java.net;URL;false;openStream;;;Argument[-1];open-url;manual",
-        "java.net.http;HttpRequest;false;newBuilder;;;Argument[0];open-url;manual",
-        "java.net.http;HttpRequest$Builder;false;uri;;;Argument[0];open-url;manual",
-        "java.net;URLClassLoader;false;URLClassLoader;(URL[]);;Argument[0];open-url;manual",
-        "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader);;Argument[0];open-url;manual",
-        "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader,URLStreamHandlerFactory);;Argument[0];open-url;manual",
-        "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader);;Argument[1];open-url;manual",
-        "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader,URLStreamHandlerFactory);;Argument[1];open-url;manual",
-        "java.net;URLClassLoader;false;newInstance;;;Argument[0];open-url;manual",
-        // Bean validation
-        "javax.validation;ConstraintValidatorContext;true;buildConstraintViolationWithTemplate;;;Argument[0];bean-validation;manual",
-        // Set hostname
-        "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname-verifier;manual",
-        "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname-verifier;manual"
-      ]
-  }
-}
-
-private class SummaryModelCsvBase extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // qualifier to arg
-        "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual",
-        "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual",
-        "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual",
-        "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual",
-        "java.io;ByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual",
-        "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual",
-        // qualifier to return
-        "java.io;ByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;InputStream;true;readNBytes;(int);;Argument[-1];ReturnValue;taint;manual",
-        "java.util;StringTokenizer;false;nextElement;();;Argument[-1];ReturnValue;taint;manual",
-        "java.util;StringTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual",
-        "javax.xml.transform.sax;SAXSource;false;getInputSource;;;Argument[-1];ReturnValue;taint;manual",
-        "javax.xml.transform.stream;StreamSource;false;getInputStream;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio;ByteBuffer;false;get;;;Argument[-1];ReturnValue;taint;manual",
-        "java.net;URI;false;toURL;;;Argument[-1];ReturnValue;taint;manual",
-        "java.net;URI;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.net;URI;false;toAsciiString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio;ByteBuffer;false;array;();;Argument[-1];ReturnValue;taint;manual",
-        "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;Reader;true;read;();;Argument[-1];ReturnValue;taint;manual",
-        // arg to return
-        "java.nio;ByteBuffer;false;wrap;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Encoder;false;encode;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Encoder;false;encode;(ByteBuffer);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Encoder;false;encodeToString;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Encoder;false;wrap;(OutputStream);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Decoder;false;decode;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Decoder;false;decode;(ByteBuffer);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Decoder;false;decode;(String);;Argument[0];ReturnValue;taint;manual",
-        "java.util;Base64$Decoder;false;wrap;(InputStream);;Argument[0];ReturnValue;taint;manual",
-        "cn.hutool.core.codec;Base64;true;decode;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.shiro.codec;Base64;false;decode;(String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;Encoder;true;encode;(Object);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;Decoder;true;decode;(Object);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;BinaryEncoder;true;encode;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;BinaryDecoder;true;decode;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;StringEncoder;true;encode;(String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.codec;StringDecoder;true;decode;(String);;Argument[0];ReturnValue;taint;manual",
-        "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint;manual",
-        "java.net;URI;false;create;;;Argument[0];ReturnValue;taint;manual",
-        "javax.xml.transform.sax;SAXSource;false;sourceToInputSource;;;Argument[0];ReturnValue;taint;manual",
-        // arg to arg
-        "java.lang;System;false;arraycopy;;;Argument[0];Argument[2];taint;manual",
-        // constructor flow
-        "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint;manual",
-        "java.net;URL;false;URL;(String);;Argument[0];Argument[-1];taint;manual",
-        "javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint;manual",
-        "javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];Argument[-1];taint;manual",
-        "javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];Argument[-1];taint;manual",
-        "org.xml.sax;InputSource;false;InputSource;;;Argument[0];Argument[-1];taint;manual",
-        "javax.servlet.http;Cookie;false;Cookie;;;Argument[0];Argument[-1];taint;manual",
-        "javax.servlet.http;Cookie;false;Cookie;;;Argument[1];Argument[-1];taint;manual",
-        "java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint;manual",
-        "java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];Argument[-1];taint;manual",
-        "com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];Argument[-1];taint;manual",
-        "com.esotericsoftware.kryo5.io;Input;false;Input;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual",
-        "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual",
-        "java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;manual"
-      ]
-  }
-}
-
-/** Holds if `row` is a source model. */
-predicate sourceModel(string row) { any(SourceModelCsv s).row(row) }
-
-/** Holds if `row` is a sink model. */
-predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
-
-/** Holds if `row` is a summary model. */
-predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
-
-/** Holds if `row` is negative summary model. */
-predicate negativeSummaryModel(string row) { any(NegativeSummaryModelCsv s).row(row) }
-
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string package, string type, boolean subtypes, string name, string signature, string ext,
   string output, string kind, string provenance
 ) {
   exists(string row |
-    sourceModel(row) and
-    row.splitAt(";", 0) = namespace and
+    sourceModelInternal(row) and
+    row.splitAt(";", 0) = package and
     row.splitAt(";", 1) = type and
     row.splitAt(";", 2) = subtypes.toString() and
     subtypes = [true, false] and
@@ -448,16 +191,21 @@ predicate sourceModel(
     row.splitAt(";", 7) = kind and
     row.splitAt(";", 8) = provenance
   )
+  or
+  Extensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance)
+  or
+  any(ActiveExperimentalModels q)
+      .sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance)
 }
 
 /** Holds if a sink model exists for the given parameters. */
 predicate sinkModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string package, string type, boolean subtypes, string name, string signature, string ext,
   string input, string kind, string provenance
 ) {
   exists(string row |
-    sinkModel(row) and
-    row.splitAt(";", 0) = namespace and
+    sinkModelInternal(row) and
+    row.splitAt(";", 0) = package and
     row.splitAt(";", 1) = type and
     row.splitAt(";", 2) = subtypes.toString() and
     subtypes = [true, false] and
@@ -468,53 +216,47 @@ predicate sinkModel(
     row.splitAt(";", 7) = kind and
     row.splitAt(";", 8) = provenance
   )
+  or
+  Extensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)
+  or
+  any(ActiveExperimentalModels q)
+      .sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)
 }
 
 /** Holds if a summary model exists for the given parameters. */
 predicate summaryModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string package, string type, boolean subtypes, string name, string signature, string ext,
   string input, string output, string kind, string provenance
-) {
-  summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance, _)
-}
-
-/** Holds if a summary model `row` exists for the given parameters. */
-predicate summaryModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, string row
-) {
-  summaryModel(row) and
-  row.splitAt(";", 0) = namespace and
-  row.splitAt(";", 1) = type and
-  row.splitAt(";", 2) = subtypes.toString() and
-  subtypes = [true, false] and
-  row.splitAt(";", 3) = name and
-  row.splitAt(";", 4) = signature and
-  row.splitAt(";", 5) = ext and
-  row.splitAt(";", 6) = input and
-  row.splitAt(";", 7) = output and
-  row.splitAt(";", 8) = kind and
-  row.splitAt(";", 9) = provenance
-}
-
-/** Holds if a summary model exists indicating there is no flow for the given parameters. */
-predicate negativeSummaryModel(
-  string namespace, string type, string name, string signature, string provenance
 ) {
   exists(string row |
-    negativeSummaryModel(row) and
-    row.splitAt(";", 0) = namespace and
+    summaryModelInternal(row) and
+    row.splitAt(";", 0) = package and
     row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = name and
-    row.splitAt(";", 3) = signature and
-    row.splitAt(";", 4) = provenance
+    row.splitAt(";", 2) = subtypes.toString() and
+    subtypes = [true, false] and
+    row.splitAt(";", 3) = name and
+    row.splitAt(";", 4) = signature and
+    row.splitAt(";", 5) = ext and
+    row.splitAt(";", 6) = input and
+    row.splitAt(";", 7) = output and
+    row.splitAt(";", 8) = kind and
+    row.splitAt(";", 9) = provenance
   )
+  or
+  Extensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind,
+    provenance)
+  or
+  any(ActiveExperimentalModels q)
+      .summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)
 }
 
+/** Holds if a neutral model exists indicating there is no flow for the given parameters. */
+predicate neutralModel = Extensions::neutralModel/5;
+
 private predicate relevantPackage(string package) {
   sourceModel(package, _, _, _, _, _, _, _, _) or
   sinkModel(package, _, _, _, _, _, _, _, _) or
-  summaryModel(package, _, _, _, _, _, _, _, _, _, _)
+  summaryModel(package, _, _, _, _, _, _, _, _, _)
 }
 
 private predicate packageLink(string shortpkg, string longpkg) {
@@ -533,7 +275,7 @@ private predicate canonicalPkgLink(string package, string subpkg) {
 }
 
 /**
- * Holds if CSV framework coverage of `package` is `n` api endpoints of the
+ * Holds if MaD framework coverage of `package` is `n` api endpoints of the
  * kind `(kind, part)`.
  */
 predicate modelCoverage(string package, int pkgs, string kind, string part, int n) {
@@ -565,8 +307,8 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int
   )
 }
 
-/** Provides a query predicate to check the CSV data for validation errors. */
-module CsvValidation {
+/** Provides a query predicate to check the MaD models for validation errors. */
+module ModelValidation {
   private string getInvalidModelInput() {
     exists(string pred, string input, string part |
       sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink"
@@ -600,28 +342,26 @@ module CsvValidation {
   }
 
   private string getInvalidModelKind() {
-    exists(string row, string kind | summaryModel(row) |
-      kind = row.splitAt(";", 8) and
+    exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) |
       not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
     or
-    exists(string row, string kind | sinkModel(row) |
-      kind = row.splitAt(";", 7) and
+    exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
       not kind =
         [
           "open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath",
           "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent",
           "url-open-stream", "url-redirect", "create-file", "write-file", "set-hostname-verifier",
-          "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti"
+          "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti",
+          "fragment-injection"
         ] and
       not kind.matches("regex-use%") and
       not kind.matches("qltest%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
-    exists(string row, string kind | sourceModel(row) |
-      kind = row.splitAt(";", 7) and
+    exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
       not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and
       not kind.matches("qltest%") and
       result = "Invalid kind \"" + kind + "\" in source model."
@@ -630,11 +370,11 @@ module CsvValidation {
 
   private string getInvalidModelSubtype() {
     exists(string pred, string row |
-      sourceModel(row) and pred = "source"
+      sourceModelInternal(row) and pred = "source"
       or
-      sinkModel(row) and pred = "sink"
+      sinkModelInternal(row) and pred = "sink"
       or
-      summaryModel(row) and pred = "summary"
+      summaryModelInternal(row) and pred = "summary"
     |
       exists(string b |
         b = row.splitAt(";", 2) and
@@ -646,13 +386,11 @@ module CsvValidation {
 
   private string getInvalidModelColumnCount() {
     exists(string pred, string row, int expect |
-      sourceModel(row) and expect = 9 and pred = "source"
+      sourceModelInternal(row) and expect = 9 and pred = "source"
       or
-      sinkModel(row) and expect = 9 and pred = "sink"
+      sinkModelInternal(row) and expect = 9 and pred = "sink"
       or
-      summaryModel(row) and expect = 10 and pred = "summary"
-      or
-      negativeSummaryModel(row) and expect = 5 and pred = "negative summary"
+      summaryModelInternal(row) and expect = 10 and pred = "summary"
     |
       exists(int cols |
         cols = 1 + max(int n | exists(row.splitAt(";", n))) and
@@ -666,27 +404,27 @@ module CsvValidation {
 
   private string getInvalidModelSignature() {
     exists(
-      string pred, string namespace, string type, string name, string signature, string ext,
+      string pred, string package, string type, string name, string signature, string ext,
       string provenance
     |
-      sourceModel(namespace, type, _, name, signature, ext, _, _, provenance) and pred = "source"
+      sourceModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "source"
       or
-      sinkModel(namespace, type, _, name, signature, ext, _, _, provenance) and pred = "sink"
+      sinkModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "sink"
       or
-      summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance) and
+      summaryModel(package, type, _, name, signature, ext, _, _, _, provenance) and
       pred = "summary"
       or
-      negativeSummaryModel(namespace, type, name, signature, provenance) and
+      neutralModel(package, type, name, signature, provenance) and
       ext = "" and
-      pred = "negative summary"
+      pred = "neutral"
     |
-      not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
-      result = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
+      not package.regexpMatch("[a-zA-Z0-9_\\.]*") and
+      result = "Dubious package \"" + package + "\" in " + pred + " model."
       or
       not type.regexpMatch("[a-zA-Z0-9_\\$<>]+") and
       result = "Dubious type \"" + type + "\" in " + pred + " model."
       or
-      not name.regexpMatch("[a-zA-Z0-9_]*") and
+      not name.regexpMatch("[a-zA-Z0-9_\\-]*") and
       result = "Dubious name \"" + name + "\" in " + pred + " model."
       or
       not signature.regexpMatch("|\\([a-zA-Z0-9_\\.\\$<>,\\[\\]]*\\)") and
@@ -700,7 +438,7 @@ module CsvValidation {
     )
   }
 
-  /** Holds if some row in a CSV-based flow model appears to contain typos. */
+  /** Holds if some row in a MaD flow model appears to contain typos. */
   query predicate invalidModelRow(string msg) {
     msg =
       [
@@ -712,15 +450,15 @@ module CsvValidation {
 
 pragma[nomagic]
 private predicate elementSpec(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext
+  string package, string type, boolean subtypes, string name, string signature, string ext
 ) {
-  sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _)
+  sourceModel(package, type, subtypes, name, signature, ext, _, _, _)
   or
-  sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _)
+  sinkModel(package, type, subtypes, name, signature, ext, _, _, _)
   or
-  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
+  summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _)
   or
-  negativeSummaryModel(namespace, type, name, signature, _) and ext = "" and subtypes = false
+  neutralModel(package, type, name, signature, _) and ext = "" and subtypes = false
 }
 
 private string paramsStringPart(Callable c, int i) {
@@ -745,10 +483,10 @@ cached
 string paramsString(Callable c) { result = concat(int i | | paramsStringPart(c, i) order by i) }
 
 private Element interpretElement0(
-  string namespace, string type, boolean subtypes, string name, string signature
+  string package, string type, boolean subtypes, string name, string signature
 ) {
-  elementSpec(namespace, type, subtypes, name, signature, _) and
-  exists(RefType t | t.hasQualifiedName(namespace, type) |
+  elementSpec(package, type, subtypes, name, signature, _) and
+  exists(RefType t | t.hasQualifiedName(package, type) |
     exists(Member m |
       (
         result = m
@@ -769,12 +507,12 @@ private Element interpretElement0(
   )
 }
 
-/** Gets the source/sink/summary/negativesummary element corresponding to the supplied parameters. */
+/** Gets the source/sink/summary/neutral element corresponding to the supplied parameters. */
 Element interpretElement(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext
+  string package, string type, boolean subtypes, string name, string signature, string ext
 ) {
-  elementSpec(namespace, type, subtypes, name, signature, ext) and
-  exists(Element e | e = interpretElement0(namespace, type, subtypes, name, signature) |
+  elementSpec(package, type, subtypes, name, signature, ext) and
+  exists(Element e | e = interpretElement0(package, type, subtypes, name, signature) |
     ext = "" and result = e
     or
     ext = "Annotated" and result.(Annotatable).getAnAnnotation().getType() = e
@@ -829,7 +567,7 @@ predicate parseContent(AccessPathToken component, Content content) {
 cached
 private module Cached {
   /**
-   * Holds if `node` is specified as a source with the given kind in a CSV flow
+   * Holds if `node` is specified as a source with the given kind in a MaD flow
    * model.
    */
   cached
@@ -838,7 +576,7 @@ private module Cached {
   }
 
   /**
-   * Holds if `node` is specified as a sink with the given kind in a CSV flow
+   * Holds if `node` is specified as a sink with the given kind in a MaD flow
    * model.
    */
   cached
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll
new file mode 100644
index 00000000000..b06dc92c427
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll
@@ -0,0 +1,61 @@
+/**
+ * This module provides extensible predicates for defining MaD models.
+ */
+
+/**
+ * Holds if a source model exists for the given parameters.
+ */
+extensible predicate sourceModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance
+);
+
+/**
+ * Holds if a sink model exists for the given parameters.
+ */
+extensible predicate sinkModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance
+);
+
+/**
+ * Holds if a summary model exists for the given parameters.
+ */
+extensible predicate summaryModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance
+);
+
+/**
+ * Holds if a neutral model exists indicating there is no flow for the given parameters.
+ */
+extensible predicate neutralModel(
+  string package, string type, string name, string signature, string provenance
+);
+
+/**
+ * Holds if an experimental source model exists for the given parameters.
+ * This is only for experimental queries.
+ */
+extensible predicate experimentalSourceModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance, string filter
+);
+
+/**
+ * Holds if an experimental sink model exists for the given parameters.
+ * This is only for experimental queries.
+ */
+extensible predicate experimentalSinkModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance, string filter
+);
+
+/**
+ * Holds if an experimental summary model exists for the given parameters.
+ * This is only for experimental queries.
+ */
+extensible predicate experimentalSummaryModel(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance, string filter
+);
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
index fcb4ac3b970..4970b8ff642 100644
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -36,6 +36,13 @@ abstract class RemoteFlowSource extends DataFlow::Node {
   abstract string getSourceType();
 }
 
+/**
+ * A module for importing frameworks that define remote flow sources.
+ */
+private module RemoteFlowSources {
+  private import semmle.code.java.frameworks.android.Widget
+}
+
 private class ExternalRemoteFlowSource extends RemoteFlowSource {
   ExternalRemoteFlowSource() { sourceNode(this, "remote") }
 
@@ -165,9 +172,7 @@ abstract class UserInput extends DataFlow::Node { }
 /**
  * Input that may be controlled by a remote user.
  */
-private class RemoteUserInput extends UserInput {
-  RemoteUserInput() { this instanceof RemoteFlowSource }
-}
+private class RemoteUserInput extends UserInput instanceof RemoteFlowSource { }
 
 /** A node with input that may be controlled by a local user. */
 abstract class LocalUserInput extends UserInput { }
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
index 4f350ec9ccb..f6f1d92b195 100644
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
@@ -10,17 +10,19 @@ private import semmle.code.java.dataflow.DataFlow
  * ensuring that they are visible to the taint tracking library.
  */
 private module Frameworks {
-  private import semmle.code.java.JDK
-  private import semmle.code.java.frameworks.jackson.JacksonSerializability
   private import semmle.code.java.frameworks.android.AsyncTask
   private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.android.Slice
   private import semmle.code.java.frameworks.android.SQLite
-  private import semmle.code.java.frameworks.Guice
-  private import semmle.code.java.frameworks.Properties
-  private import semmle.code.java.frameworks.Protobuf
-  private import semmle.code.java.frameworks.guava.Guava
   private import semmle.code.java.frameworks.apache.Lang
   private import semmle.code.java.frameworks.ApacheHttp
+  private import semmle.code.java.frameworks.guava.Guava
+  private import semmle.code.java.frameworks.Guice
+  private import semmle.code.java.frameworks.jackson.JacksonSerializability
+  private import semmle.code.java.frameworks.Properties
+  private import semmle.code.java.frameworks.Protobuf
+  private import semmle.code.java.frameworks.ratpack.RatpackExec
+  private import semmle.code.java.JDK
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
index 6b790e487c1..09a5f05914f 100644
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
@@ -6,11 +6,6 @@ import java
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowUtil
 
-// import all instances of SummarizedCallable below
-private module Summaries {
-  private import semmle.code.java.dataflow.ExternalFlow
-}
-
 class SummaryComponent = Impl::Public::SummaryComponent;
 
 /** Provides predicates for constructing summary components. */
@@ -102,6 +97,14 @@ abstract class SyntheticCallable extends string {
   Type getReturnType() { none() }
 }
 
+/**
+ * A module for importing frameworks that define synthetic callables.
+ */
+private module SyntheticCallables {
+  private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.Stream
+}
+
 private newtype TSummarizedCallableBase =
   TSimpleCallable(Callable c) { c.isSourceDeclaration() } or
   TSyntheticCallable(SyntheticCallable c)
diff --git a/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll b/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
index 4bc17e8c4b4..1c76f554020 100644
--- a/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
@@ -53,16 +53,6 @@ private class TypeFlowNode extends TTypeFlowNode {
   }
 }
 
-private int getNodeKind(TypeFlowNode n) {
-  result = 1 and n instanceof TField
-  or
-  result = 2 and n instanceof TSsa
-  or
-  result = 3 and n instanceof TExpr
-  or
-  result = 4 and n instanceof TMethod
-}
-
 /** Gets `t` if it is a `RefType` or the boxed type if `t` is a primitive type. */
 private RefType boxIfNeeded(Type t) {
   t.(PrimitiveType).getBoxedType() = result or
@@ -158,107 +148,45 @@ private predicate joinStep(TypeFlowNode n1, TypeFlowNode n2) {
 
 private predicate anyStep(TypeFlowNode n1, TypeFlowNode n2) { joinStep(n1, n2) or step(n1, n2) }
 
-private import SccReduction
+private predicate sccEdge(TypeFlowNode n1, TypeFlowNode n2) { anyStep(n1, n2) and anyStep+(n2, n1) }
 
-/**
- * SCC reduction.
- *
- * This ought to be as easy as `equivalenceRelation(sccEdge/2)(n, scc)`, but
- * this HOP is not currently supported for newtypes.
- *
- * A straightforward implementation would be:
- * ```ql
- * predicate sccRepr(TypeFlowNode n, TypeFlowNode scc) {
- *  scc =
- *    max(TypeFlowNode n2 |
- *      sccEdge+(n, n2)
- *    |
- *      n2
- *      order by
- *        n2.getLocation().getStartLine(), n2.getLocation().getStartColumn(), getNodeKind(n2)
- *    )
- * }
- *
- * ```
- * but this is quadratic in the size of the SCCs.
- *
- * Instead we find local maxima by following SCC edges and determine the SCC
- * representatives from those.
- * (This is still worst-case quadratic in the size of the SCCs, but generally
- * performs better.)
- */
-private module SccReduction {
-  private predicate sccEdge(TypeFlowNode n1, TypeFlowNode n2) {
-    anyStep(n1, n2) and anyStep+(n2, n1)
-  }
+private module Scc = QlBuiltins::EquivalenceRelation<TypeFlowNode, sccEdge/2>;
 
-  private predicate sccEdgeWithMax(TypeFlowNode n1, TypeFlowNode n2, TypeFlowNode m) {
-    sccEdge(n1, n2) and
-    m =
-      max(TypeFlowNode n |
-        n = [n1, n2]
-      |
-        n order by n.getLocation().getStartLine(), n.getLocation().getStartColumn(), getNodeKind(n)
-      )
-  }
+private class TypeFlowScc = Scc::EquivalenceClass;
 
-  private predicate hasLargerNeighbor(TypeFlowNode n) {
-    exists(TypeFlowNode n2 |
-      sccEdgeWithMax(n, n2, n2) and
-      not sccEdgeWithMax(n, n2, n)
-      or
-      sccEdgeWithMax(n2, n, n2) and
-      not sccEdgeWithMax(n2, n, n)
-    )
-  }
+/** Holds if `n` is part of an SCC of size 2 or more represented by `scc`. */
+private predicate sccRepr(TypeFlowNode n, TypeFlowScc scc) { scc = Scc::getEquivalenceClass(n) }
 
-  private predicate localMax(TypeFlowNode m) {
-    sccEdgeWithMax(_, _, m) and
-    not hasLargerNeighbor(m)
-  }
-
-  private predicate sccReprFromLocalMax(TypeFlowNode scc) {
-    exists(TypeFlowNode m |
-      localMax(m) and
-      scc =
-        max(TypeFlowNode n2 |
-          sccEdge+(m, n2) and localMax(n2)
-        |
-          n2
-          order by
-            n2.getLocation().getStartLine(), n2.getLocation().getStartColumn(), getNodeKind(n2)
-        )
-    )
-  }
-
-  /** Holds if `n` is part of an SCC of size 2 or more represented by `scc`. */
-  predicate sccRepr(TypeFlowNode n, TypeFlowNode scc) {
-    sccEdge+(n, scc) and sccReprFromLocalMax(scc)
-  }
-
-  predicate sccJoinStep(TypeFlowNode n, TypeFlowNode scc) {
-    exists(TypeFlowNode mid |
-      joinStep(n, mid) and
-      sccRepr(mid, scc) and
-      not sccRepr(n, scc)
-    )
-  }
+private predicate sccJoinStep(TypeFlowNode n, TypeFlowScc scc) {
+  exists(TypeFlowNode mid |
+    joinStep(n, mid) and
+    sccRepr(mid, scc) and
+    not sccRepr(n, scc)
+  )
 }
 
-private signature predicate edgeSig(TypeFlowNode n1, TypeFlowNode n2);
+private signature class NodeSig;
 
-private signature module RankedEdge {
-  predicate edgeRank(int r, TypeFlowNode n1, TypeFlowNode n2);
+private signature module Edge {
+  class Node;
 
-  int lastRank(TypeFlowNode n);
+  predicate edge(TypeFlowNode n1, Node n2);
 }
 
-private module RankEdge<edgeSig/2 edge> implements RankedEdge {
+private signature module RankedEdge<NodeSig Node> {
+  predicate edgeRank(int r, TypeFlowNode n1, Node n2);
+
+  int lastRank(Node n);
+}
+
+private module RankEdge<Edge E> implements RankedEdge<E::Node> {
+  private import E
+
   /**
    * Holds if `r` is a ranking of the incoming edges `(n1,n2)` to `n2`. The used
    * ordering is not necessarily total, so the ranking may have gaps.
    */
-  private predicate edgeRank1(int r, TypeFlowNode n1, TypeFlowNode n2) {
+  private predicate edgeRank1(int r, TypeFlowNode n1, Node n2) {
     n1 =
       rank[r](TypeFlowNode n |
         edge(n, n2)
@@ -271,19 +199,19 @@ private module RankEdge<edgeSig/2 edge> implements RankedEdge {
    * Holds if `r2` is a ranking of the ranks from `edgeRank1`. This removes the
    * gaps from the ranking.
    */
-  private predicate edgeRank2(int r2, int r1, TypeFlowNode n) {
+  private predicate edgeRank2(int r2, int r1, Node n) {
     r1 = rank[r2](int r | edgeRank1(r, _, n) | r)
   }
 
   /** Holds if `r` is a ranking of the incoming edges `(n1,n2)` to `n2`. */
-  predicate edgeRank(int r, TypeFlowNode n1, TypeFlowNode n2) {
+  predicate edgeRank(int r, TypeFlowNode n1, Node n2) {
     exists(int r1 |
       edgeRank1(r1, n1, n2) and
       edgeRank2(r, r1, n2)
     )
   }
 
-  int lastRank(TypeFlowNode n) { result = max(int r | edgeRank(r, _, n)) }
+  int lastRank(Node n) { result = max(int r | edgeRank(r, _, n)) }
 }
 
 private signature module TypePropagation {
@@ -296,16 +224,16 @@ private signature module TypePropagation {
 }
 
 /** Implements recursion through `forall` by way of edge ranking. */
-private module ForAll<RankedEdge Edge, TypePropagation T> {
+private module ForAll<NodeSig Node, RankedEdge<Node> E, TypePropagation T> {
   /**
    * Holds if `t` is a bound that holds on one of the incoming edges to `n` and
    * thus is a candidate bound for `n`.
    */
   pragma[nomagic]
-  private predicate candJoinType(TypeFlowNode n, T::Typ t) {
+  private predicate candJoinType(Node n, T::Typ t) {
     exists(TypeFlowNode mid |
       T::candType(mid, t) and
-      Edge::edgeRank(_, mid, n)
+      E::edgeRank(_, mid, n)
     )
   }
 
@@ -314,13 +242,13 @@ private module ForAll<RankedEdge Edge, TypePropagation T> {
    * through the edges into `n` ranked from `1` to `r`.
    */
   pragma[assume_small_delta]
-  private predicate flowJoin(int r, TypeFlowNode n, T::Typ t) {
+  private predicate flowJoin(int r, Node n, T::Typ t) {
     (
       r = 1 and candJoinType(n, t)
       or
-      flowJoin(r - 1, n, t) and Edge::edgeRank(r, _, n)
+      flowJoin(r - 1, n, t) and E::edgeRank(r, _, n)
     ) and
-    forall(TypeFlowNode mid | Edge::edgeRank(r, mid, n) | T::supportsType(mid, t))
+    forall(TypeFlowNode mid | E::edgeRank(r, mid, n) | T::supportsType(mid, t))
   }
 
   /**
@@ -328,12 +256,24 @@ private module ForAll<RankedEdge Edge, TypePropagation T> {
    * coming through all the incoming edges, and therefore is a valid bound for
    * `n`.
    */
-  predicate flowJoin(TypeFlowNode n, T::Typ t) { flowJoin(Edge::lastRank(n), n, t) }
+  predicate flowJoin(Node n, T::Typ t) { flowJoin(E::lastRank(n), n, t) }
 }
 
-module RankedJoinStep = RankEdge<joinStep/2>;
+private module JoinStep implements Edge {
+  class Node = TypeFlowNode;
 
-module RankedSccJoinStep = RankEdge<sccJoinStep/2>;
+  predicate edge = joinStep/2;
+}
+
+private module SccJoinStep implements Edge {
+  class Node = TypeFlowScc;
+
+  predicate edge = sccJoinStep/2;
+}
+
+private module RankedJoinStep = RankEdge<JoinStep>;
+
+private module RankedSccJoinStep = RankEdge<SccJoinStep>;
 
 private predicate exactTypeBase(TypeFlowNode n, RefType t) {
   exists(ClassInstanceExpr e |
@@ -363,13 +303,13 @@ private predicate exactType(TypeFlowNode n, RefType t) {
   or
   // The following is an optimized version of
   // `forex(TypeFlowNode mid | joinStep(mid, n) | exactType(mid, t))`
-  ForAll<RankedJoinStep, ExactTypePropagation>::flowJoin(n, t)
+  ForAll<TypeFlowNode, RankedJoinStep, ExactTypePropagation>::flowJoin(n, t)
   or
-  exists(TypeFlowNode scc |
+  exists(TypeFlowScc scc |
     sccRepr(n, scc) and
     // Optimized version of
     // `forex(TypeFlowNode mid | sccJoinStep(mid, scc) | exactType(mid, t))`
-    ForAll<RankedSccJoinStep, ExactTypePropagation>::flowJoin(scc, t)
+    ForAll<TypeFlowScc, RankedSccJoinStep, ExactTypePropagation>::flowJoin(scc, t)
   )
 }
 
@@ -563,11 +503,11 @@ private predicate typeFlow(TypeFlowNode n, RefType t) {
   or
   exists(TypeFlowNode mid | typeFlow(mid, t) and step(mid, n))
   or
-  ForAll<RankedJoinStep, TypeFlowPropagation>::flowJoin(n, t)
+  ForAll<TypeFlowNode, RankedJoinStep, TypeFlowPropagation>::flowJoin(n, t)
   or
-  exists(TypeFlowNode scc |
+  exists(TypeFlowScc scc |
     sccRepr(n, scc) and
-    ForAll<RankedSccJoinStep, TypeFlowPropagation>::flowJoin(scc, t)
+    ForAll<TypeFlowScc, RankedSccJoinStep, TypeFlowPropagation>::flowJoin(scc, t)
   )
 }
 
@@ -703,13 +643,13 @@ private predicate hasUnionTypeFlow(TypeFlowNode n) {
   (
     // Optimized version of
     // `forex(TypeFlowNode mid | joinStep(mid, n) | unionTypeFlowBaseCand(mid, _, _) or hasUnionTypeFlow(mid))`
-    ForAll<RankedJoinStep, HasUnionTypePropagation>::flowJoin(n, _)
+    ForAll<TypeFlowNode, RankedJoinStep, HasUnionTypePropagation>::flowJoin(n, _)
     or
-    exists(TypeFlowNode scc |
+    exists(TypeFlowScc scc |
       sccRepr(n, scc) and
       // Optimized version of
       // `forex(TypeFlowNode mid | sccJoinStep(mid, scc) | unionTypeFlowBaseCand(mid, _, _) or hasUnionTypeFlow(mid))`
-      ForAll<RankedSccJoinStep, HasUnionTypePropagation>::flowJoin(scc, _)
+      ForAll<TypeFlowScc, RankedSccJoinStep, HasUnionTypePropagation>::flowJoin(scc, _)
     )
     or
     exists(TypeFlowNode mid | step(mid, n) and hasUnionTypeFlow(mid))
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
index 8f9a40ed8d0..b53138c7421 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -3,7 +3,6 @@ import semmle.code.java.Collections
 import semmle.code.java.Maps
 private import semmle.code.java.dataflow.SSA
 private import DataFlowUtil
-private import semmle.code.java.dataflow.ExternalFlow
 
 private class EntryType extends RefType {
   EntryType() {
@@ -91,356 +90,6 @@ class ContainerType extends RefType {
   }
 }
 
-private class ContainerFlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.lang;Object;true;clone;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.lang;Object;true;clone;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.lang;Object;true;clone;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Map$Entry;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-        "java.util;Map$Entry;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map$Entry;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map$Entry;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual",
-        "java.lang;Iterable;true;iterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.lang;Iterable;true;spliterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.lang;Iterable;true;forEach;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Iterator;true;next;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Iterator;true;forEachRemaining;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;ListIterator;true;previous;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;ListIterator;true;add;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;ListIterator;true;set;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Enumeration;true;asIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Enumeration;true;nextElement;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Map;true;computeIfAbsent;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;computeIfAbsent;;;Argument[1].ReturnValue;ReturnValue;value;manual",
-        "java.util;Map;true;computeIfAbsent;;;Argument[1].ReturnValue;Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;entrySet;;;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual",
-        "java.util;Map;true;entrySet;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual",
-        "java.util;Map;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;getOrDefault;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;getOrDefault;;;Argument[1];ReturnValue;value;manual",
-        "java.util;Map;true;put;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Map;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;putIfAbsent;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;putIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Map;true;putIfAbsent;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;replace;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Map;true;replace;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Map;true;replace;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;replace;(Object,Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Map;true;replace;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-        "java.util;Map;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "java.util;Map;true;merge;(Object,Object,BiFunction);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;Map;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;Map;true;forEach;(BiConsumer);;Argument[-1].MapKey;Argument[0].Parameter[0];value;manual",
-        "java.util;Map;true;forEach;(BiConsumer);;Argument[-1].MapValue;Argument[0].Parameter[1];value;manual",
-        "java.util;Collection;true;parallelStream;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Collection;true;stream;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Collection;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-        "java.util;Collection;true;toArray;;;Argument[-1].Element;Argument[0].ArrayElement;value;manual",
-        "java.util;Collection;true;add;;;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Collection;true;addAll;;;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;List;true;get;(int);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;List;true;listIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;List;true;remove;(int);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;List;true;set;(int,Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;List;true;set;(int,Object);;Argument[1];Argument[-1].Element;value;manual",
-        "java.util;List;true;subList;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;List;true;add;(int,Object);;Argument[1];Argument[-1].Element;value;manual",
-        "java.util;List;true;addAll;(int,Collection);;Argument[1].Element;Argument[-1].Element;value;manual",
-        "java.util;Vector;true;elementAt;(int);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Vector;true;elements;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Vector;true;firstElement;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Vector;true;lastElement;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Vector;true;addElement;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Vector;true;insertElementAt;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Vector;true;setElementAt;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Vector;true;copyInto;(Object[]);;Argument[-1].Element;Argument[0].ArrayElement;value;manual",
-        "java.util;Stack;true;peek;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Stack;true;pop;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Stack;true;push;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Queue;true;element;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Queue;true;peek;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Queue;true;poll;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Queue;true;remove;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Queue;true;offer;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Deque;true;descendingIterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Deque;true;getFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;getLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;peekFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;peekLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;pollFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;pollLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;pop;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;removeFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;removeLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Deque;true;push;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Deque;true;offerLast;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Deque;true;offerFirst;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Deque;true;addLast;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;Deque;true;addFirst;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingDeque;true;pollFirst;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingDeque;true;pollLast;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingDeque;true;takeFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingDeque;true;takeLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingQueue;true;poll;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingQueue;true;take;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util.concurrent;BlockingQueue;true;offer;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingQueue;true;put;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingDeque;true;offerLast;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingDeque;true;offerFirst;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingDeque;true;putLast;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingDeque;true;putFirst;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;BlockingQueue;true;drainTo;(Collection,int);;Argument[-1].Element;Argument[0].Element;value;manual",
-        "java.util.concurrent;BlockingQueue;true;drainTo;(Collection);;Argument[-1].Element;Argument[0].Element;value;manual",
-        "java.util.concurrent;ConcurrentHashMap;true;elements;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "java.util;Dictionary;true;elements;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "java.util;Dictionary;true;get;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Dictionary;true;keys;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-        "java.util;Dictionary;true;put;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Dictionary;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Dictionary;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Dictionary;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;NavigableMap;true;ceilingEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;ceilingEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;descendingMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;descendingMap;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;firstEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;firstEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;floorEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;floorEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;headMap;(Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;headMap;(Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;higherEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;higherEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;lastEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;lastEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;lowerEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;lowerEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;pollFirstEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;pollFirstEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;pollLastEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;pollLastEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableMap;true;tailMap;(Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;NavigableMap;true;tailMap;(Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;NavigableSet;true;ceiling;(Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;descendingIterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;NavigableSet;true;descendingSet;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;NavigableSet;true;floor;(Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;headSet;(Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;NavigableSet;true;higher;(Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;lower;(Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;pollFirst;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;pollLast;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;NavigableSet;true;subSet;(Object,boolean,Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;NavigableSet;true;tailSet;(Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
-        "java.util;Properties;true;setProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "java.util;Properties;true;setProperty;(String,String);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;Properties;true;setProperty;(String,String);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
-        "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual",
-        "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual",
-        "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual",
-        "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual",
-        "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual",
-        "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;SortedMap;true;tailMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;SortedMap;true;tailMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;SortedSet;true;first;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;SortedSet;true;headSet;(Object);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;SortedSet;true;last;();;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;SortedSet;true;subSet;(Object,Object);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;SortedSet;true;tailSet;(Object);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.concurrent;TransferQueue;true;tryTransfer;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;TransferQueue;true;transfer;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util.concurrent;TransferQueue;true;tryTransfer;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "java.util;List;false;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object);;Argument[0..1];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object);;Argument[0..2];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object);;Argument[0..3];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];ReturnValue.Element;value;manual",
-        "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];ReturnValue.Element;value;manual",
-        "java.util;Map;false;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;entry;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;entry;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[10];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[11];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[12];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[13];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[14];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[15];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[16];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[17];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;of;;;Argument[18];ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;of;;;Argument[19];ReturnValue.MapValue;value;manual",
-        "java.util;Map;false;ofEntries;;;Argument[0].ArrayElement.MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Map;false;ofEntries;;;Argument[0].ArrayElement.MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Set;false;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object);;Argument[0..1];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object);;Argument[0..2];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object);;Argument[0..3];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];ReturnValue.Element;value;manual",
-        "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];ReturnValue.Element;value;manual",
-        "java.util;Arrays;false;stream;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util;Arrays;false;spliterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util;Arrays;false;copyOfRange;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "java.util;Arrays;false;copyOf;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "java.util;Collections;false;list;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;enumeration;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;nCopies;(int,Object);;Argument[1];ReturnValue.Element;value;manual",
-        "java.util;Collections;false;singletonMap;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;singletonMap;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;singletonList;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;Collections;false;singleton;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;checkedMap;(Map,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;checkedMap;(Map,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;checkedList;(List,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;checkedNavigableSet;(NavigableSet,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;checkedSortedSet;(SortedSet,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;checkedSet;(Set,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;checkedCollection;(Collection,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;synchronizedSortedMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;synchronizedSortedMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;synchronizedMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;synchronizedMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;synchronizedList;(List);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;synchronizedNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;synchronizedSortedSet;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;synchronizedSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;synchronizedCollection;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;unmodifiableMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "java.util;Collections;false;unmodifiableMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "java.util;Collections;false;unmodifiableList;(List);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;unmodifiableNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;unmodifiableSortedSet;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;unmodifiableSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;unmodifiableCollection;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;max;;;Argument[0].Element;ReturnValue;value;manual",
-        "java.util;Collections;false;min;;;Argument[0].Element;ReturnValue;value;manual",
-        "java.util;Arrays;false;fill;(Object[],int,int,Object);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(Object[],Object);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(float[],int,int,float);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(float[],float);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(double[],int,int,double);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(double[],double);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(boolean[],int,int,boolean);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(boolean[],boolean);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(byte[],int,int,byte);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(byte[],byte);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(char[],int,int,char);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(char[],char);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(short[],int,int,short);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(short[],short);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(int[],int,int,int);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(int[],int);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(long[],int,int,long);;Argument[3];Argument[0].ArrayElement;value;manual",
-        "java.util;Arrays;false;fill;(long[],long);;Argument[1];Argument[0].ArrayElement;value;manual",
-        "java.util;Collections;false;replaceAll;(List,Object,Object);;Argument[2];Argument[0].Element;value;manual",
-        "java.util;Collections;false;copy;(List,List);;Argument[1].Element;Argument[0].Element;value;manual",
-        "java.util;Collections;false;fill;(List,Object);;Argument[1];Argument[0].Element;value;manual",
-        "java.util;Arrays;false;asList;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util;Collections;false;addAll;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;value;manual",
-        "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;ArrayDeque;false;ArrayDeque;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;ArrayList;false;ArrayList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;EnumMap;false;EnumMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;EnumMap;false;EnumMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;EnumMap;false;EnumMap;(EnumMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;EnumMap;false;EnumMap;(EnumMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;HashMap;false;HashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;HashMap;false;HashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;HashSet;false;HashSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;Hashtable;false;Hashtable;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;Hashtable;false;Hashtable;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;LinkedList;false;LinkedList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;PriorityQueue;false;PriorityQueue;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;TreeMap;false;TreeMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;TreeMap;false;TreeMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;TreeMap;false;TreeMap;(SortedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;TreeMap;false;TreeMap;(SortedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "java.util;TreeSet;false;TreeSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;TreeSet;false;TreeSet;(SortedSet);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;Vector;false;Vector;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "java.util;WeakHashMap;false;WeakHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "java.util;WeakHashMap;false;WeakHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual"
-      ]
-  }
-}
-
 private predicate taintPreservingQualifierToMethod(Method m) {
   // java.util.Map.Entry
   m.getDeclaringType() instanceof EntryType and
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
index 2ad6f844492..87ee04c1096 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
@@ -1,49 +1,77 @@
 private import java
 private import semmle.code.java.dataflow.InstanceAccess
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSummary
 private import semmle.code.java.dataflow.TypeFlow
 private import DataFlowPrivate
+private import DataFlowUtil
 private import FlowSummaryImpl as FlowSummaryImpl
 private import DataFlowImplCommon as DataFlowImplCommon
 
+/** Gets a string for approximating the name of a field. */
+string approximateFieldContent(FieldContent fc) { result = fc.getField().getName().prefix(1) }
+
 cached
-newtype TNode =
-  TExprNode(Expr e) {
-    DataFlowImplCommon::forceCachingInSameStage() and
-    not e.getType() instanceof VoidType and
-    not e.getParent*() instanceof Annotation
-  } or
-  TExplicitParameterNode(Parameter p) { exists(p.getCallable().getBody()) } or
-  TImplicitVarargsArray(Call c) {
-    c.getCallee().isVarargs() and
-    not exists(Argument arg | arg.getCall() = c and arg.isExplicitVarargsArray())
-  } or
-  TInstanceParameterNode(Callable c) { exists(c.getBody()) and not c.isStatic() } or
-  TImplicitInstanceAccess(InstanceAccessExt ia) { not ia.isExplicit(_) } or
-  TMallocNode(ClassInstanceExpr cie) or
-  TExplicitExprPostUpdate(Expr e) {
-    explicitInstanceArgument(_, e)
-    or
-    e instanceof Argument and not e.getType() instanceof ImmutableType
-    or
-    exists(FieldAccess fa | fa.getField() instanceof InstanceField and e = fa.getQualifier())
-    or
-    exists(ArrayAccess aa | e = aa.getArray())
-  } or
-  TImplicitExprPostUpdate(InstanceAccessExt ia) {
-    implicitInstanceArgument(_, ia)
-    or
-    exists(FieldAccess fa |
-      fa.getField() instanceof InstanceField and ia.isImplicitFieldQualifier(fa)
-    )
-  } or
-  TSummaryInternalNode(SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
-    FlowSummaryImpl::Private::summaryNodeRange(c, state)
-  } or
-  TSummaryParameterNode(SummarizedCallable c, int pos) {
-    FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
-  } or
-  TFieldValueNode(Field f)
+private module Cached {
+  cached
+  newtype TNode =
+    TExprNode(Expr e) {
+      DataFlowImplCommon::forceCachingInSameStage() and
+      not e.getType() instanceof VoidType and
+      not e.getParent*() instanceof Annotation
+    } or
+    TExplicitParameterNode(Parameter p) { exists(p.getCallable().getBody()) } or
+    TImplicitVarargsArray(Call c) {
+      c.getCallee().isVarargs() and
+      not exists(Argument arg | arg.getCall() = c and arg.isExplicitVarargsArray())
+    } or
+    TInstanceParameterNode(Callable c) { exists(c.getBody()) and not c.isStatic() } or
+    TImplicitInstanceAccess(InstanceAccessExt ia) { not ia.isExplicit(_) } or
+    TMallocNode(ClassInstanceExpr cie) or
+    TExplicitExprPostUpdate(Expr e) {
+      explicitInstanceArgument(_, e)
+      or
+      e instanceof Argument and not e.getType() instanceof ImmutableType
+      or
+      exists(FieldAccess fa | fa.getField() instanceof InstanceField and e = fa.getQualifier())
+      or
+      exists(ArrayAccess aa | e = aa.getArray())
+    } or
+    TImplicitExprPostUpdate(InstanceAccessExt ia) {
+      implicitInstanceArgument(_, ia)
+      or
+      exists(FieldAccess fa |
+        fa.getField() instanceof InstanceField and ia.isImplicitFieldQualifier(fa)
+      )
+    } or
+    TSummaryInternalNode(SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
+      FlowSummaryImpl::Private::summaryNodeRange(c, state)
+    } or
+    TSummaryParameterNode(SummarizedCallable c, int pos) {
+      FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
+    } or
+    TFieldValueNode(Field f)
+
+  cached
+  newtype TContent =
+    TFieldContent(InstanceField f) or
+    TArrayContent() or
+    TCollectionContent() or
+    TMapKeyContent() or
+    TMapValueContent() or
+    TSyntheticFieldContent(SyntheticField s)
+
+  cached
+  newtype TContentApprox =
+    TFieldContentApprox(string firstChar) { firstChar = approximateFieldContent(_) } or
+    TArrayContentApprox() or
+    TCollectionContentApprox() or
+    TMapKeyContentApprox() or
+    TMapValueContentApprox() or
+    TSyntheticFieldApproxContent()
+}
+
+import Cached
 
 private predicate explicitInstanceArgument(Call call, Expr instarg) {
   call instanceof MethodAccess and
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
index 6888899079c..ef89d0f51a2 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -9,6 +9,7 @@ private import semmle.code.java.dataflow.FlowSteps
 private import semmle.code.java.dataflow.FlowSummary
 private import FlowSummaryImpl as FlowSummaryImpl
 private import DataFlowImplConsistency
+private import DataFlowNodes
 import DataFlowNodes::Private
 
 private newtype TReturnKind = TNormalReturnKind()
@@ -420,6 +421,48 @@ predicate allowParameterReturnInSelf(ParameterNode p) {
   FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
 }
 
+/** An approximated `Content`. */
+class ContentApprox extends TContentApprox {
+  /** Gets a textual representation of this approximated `Content`. */
+  string toString() {
+    exists(string firstChar |
+      this = TFieldContentApprox(firstChar) and
+      result = "approximated field " + firstChar
+    )
+    or
+    this = TArrayContentApprox() and
+    result = "[]"
+    or
+    this = TCollectionContentApprox() and
+    result = "<element>"
+    or
+    this = TMapKeyContentApprox() and
+    result = "<map.key>"
+    or
+    this = TMapValueContentApprox() and
+    result = "<map.value>"
+    or
+    this = TSyntheticFieldApproxContent() and
+    result = "approximated synthetic field"
+  }
+}
+
+/** Gets an approximated value for content `c`. */
+pragma[nomagic]
+ContentApprox getContentApprox(Content c) {
+  result = TFieldContentApprox(approximateFieldContent(c))
+  or
+  c instanceof ArrayContent and result = TArrayContentApprox()
+  or
+  c instanceof CollectionContent and result = TCollectionContentApprox()
+  or
+  c instanceof MapKeyContent and result = TMapKeyContentApprox()
+  or
+  c instanceof MapValueContent and result = TMapValueContentApprox()
+  or
+  c instanceof SyntheticFieldContent and result = TSyntheticFieldApproxContent()
+}
+
 private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration {
   override predicate argHasPostUpdateExclude(ArgumentNode n) {
     n.getType() instanceof ImmutableType or n instanceof ImplicitVarargsArray
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
index 4cd63b152f6..ba5a1cfacc7 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -12,6 +12,7 @@ private import semmle.code.java.dataflow.FlowSummary
 private import semmle.code.java.dataflow.InstanceAccess
 private import FlowSummaryImpl as FlowSummaryImpl
 private import TaintTrackingUtil as TaintTrackingUtil
+private import DataFlowNodes
 import DataFlowNodes::Public
 import semmle.code.Unit
 
@@ -186,14 +187,6 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2) {
   FlowSummaryImpl::Private::Steps::summaryLocalStep(node1, node2, true)
 }
 
-private newtype TContent =
-  TFieldContent(InstanceField f) or
-  TArrayContent() or
-  TCollectionContent() or
-  TMapKeyContent() or
-  TMapValueContent() or
-  TSyntheticFieldContent(SyntheticField s)
-
 /**
  * A description of the way data may be stored inside an object. Examples
  * include instance fields, the contents of a collection object, or the contents
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
index 4d41254e5e9..b61142c33a7 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
@@ -241,19 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if the summary is auto generated.
+     * Holds if the summary is auto generated and not manually generated.
      */
     predicate isAutoGenerated() { none() }
-  }
-
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -520,7 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -1011,6 +1018,10 @@ module Private {
       }
 
       override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -1160,9 +1171,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1179,13 +1190,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1204,14 +1215,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
index b005bab3257..883b791835b 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -14,10 +14,17 @@ private import semmle.code.java.dataflow.internal.AccessPathSyntax as AccessPath
 
 class SummarizedCallableBase = FlowSummary::SummarizedCallableBase;
 
+/**
+ * A module for importing frameworks that define synthetic globals.
+ */
+private module SyntheticGlobals {
+  private import semmle.code.java.frameworks.android.Intent
+}
+
 DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() = c }
 
 /** Gets the parameter position of the instance parameter. */
-int instanceParameterPosition() { result = -1 }
+ArgumentPosition instanceParameterPosition() { result = -1 }
 
 /** Gets the synthesized summary data-flow node for the given values. */
 Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = getSummaryNode(c, state) }
@@ -113,8 +120,11 @@ private predicate correspondingKotlinParameterDefaultsArgSpec(
           exists(int oldArgParsed |
             oldArgParsed = AccessPathSyntax::AccessPath::parseInt(oldArgNumber.splitAt(",").trim())
           |
-            if ktExtensionFunctions(originalCallable, _, _) and oldArgParsed = 0
-            then defaultsArgSpec = "Argument[0]"
+            if
+              ktExtensionFunctions(originalCallable, _, _) and
+              ktExtensionFunctions(defaultsCallable, _, _) and
+              oldArgParsed = 0
+            then defaultsArgSpec = "Argument[" + paramOffset + "]" // 1 if dispatch receiver is present, 0 otherwise.
             else defaultsArgSpec = "Argument[" + (oldArgParsed + paramOffset) + "]" + rest
           )
         )
@@ -153,12 +163,12 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the model is autogenerated.
  */
-predicate negativeSummaryElement(SummarizedCallableBase c, boolean generated) {
+predicate neutralElement(SummarizedCallableBase c, boolean generated) {
   exists(string namespace, string type, string name, string signature, string provenance |
-    negativeSummaryModel(namespace, type, name, signature, provenance) and
+    neutralModel(namespace, type, name, signature, provenance) and
     generated = isGenerated(provenance) and
     c.asCallable() = interpretElement(namespace, type, false, name, signature, "")
   )
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/NegativeSummary.qll b/java/ql/lib/semmle/code/java/dataflow/internal/NegativeSummary.qll
deleted file mode 100644
index e7b6b7b8838..00000000000
--- a/java/ql/lib/semmle/code/java/dataflow/internal/NegativeSummary.qll
+++ /dev/null
@@ -1,9 +0,0 @@
-/** Provides modules for importing negative summaries. */
-
-/**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import semmle.code.java.frameworks.GeneratedNegative
-}
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index 4ba026bd045..874c08bdaba 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -10,7 +10,6 @@ private import semmle.code.java.dataflow.internal.ContainerFlow
 private import semmle.code.java.frameworks.spring.SpringController
 private import semmle.code.java.frameworks.spring.SpringHttp
 private import semmle.code.java.frameworks.Networking
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.FlowSteps
diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
index 6296d255103..d20ae81b00b 100644
--- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
@@ -274,7 +274,7 @@ class DeadMethod extends Callable {
 
 class RootdefCallable extends Callable {
   RootdefCallable() {
-    this.fromSource() and
+    this.getFile().isJavaSourceFile() and
     not this.(Method).overridesOrInstantiates(_)
   }
 
diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
index d6d0653c1ea..81f5a2d765e 100644
--- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
@@ -58,9 +58,7 @@ abstract class WhitelistedLiveCallable extends CallableEntryPoint { }
 /**
  * A `public static void main(String[] args)` method.
  */
-class MainMethodEntry extends CallableEntryPoint {
-  MainMethodEntry() { this instanceof MainMethod }
-}
+class MainMethodEntry extends CallableEntryPoint instanceof MainMethod { }
 
 /**
  * A method that overrides a library method -- the result is
@@ -96,9 +94,7 @@ abstract class ReflectivelyConstructedClass extends EntryPoint, Class {
 /**
  * Classes that are deserialized by Jackson are reflectively constructed.
  */
-library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass {
-  JacksonReflectivelyConstructedClass() { this instanceof JacksonDeserializableType }
-
+library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType {
   override Callable getALiveCallable() {
     // Constructors may be called by Jackson, if they are a no-arg, they have a suitable annotation,
     // or inherit a suitable annotation through a mixin.
@@ -312,8 +308,7 @@ class FacesAccessibleMethodEntryPoint extends CallableEntryPoint {
  * A Java Server Faces custom component, that is reflectively constructed by the framework when
  * used in a view (JSP or facelet).
  */
-class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructedClass {
-  FacesComponentReflectivelyConstructedClass() { this instanceof FacesComponent }
+class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof FacesComponent {
 }
 
 /**
@@ -400,8 +395,7 @@ class JavaxManagedBeanReflectivelyConstructed extends ReflectivelyConstructedCla
  * Classes marked as Java persistence entities can be reflectively constructed when the data is
  * loaded.
  */
-class PersistentEntityEntryPoint extends ReflectivelyConstructedClass {
-  PersistentEntityEntryPoint() { this instanceof PersistentEntity }
+class PersistentEntityEntryPoint extends ReflectivelyConstructedClass instanceof PersistentEntity {
 }
 
 /**
@@ -465,6 +459,5 @@ class ArbitraryXmlEntryPoint extends ReflectivelyConstructedClass {
 deprecated class ArbitraryXMLEntryPoint = ArbitraryXmlEntryPoint;
 
 /** A Selenium PageObject, created by a call to PageFactory.initElements(..). */
-class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass {
-  SeleniumPageObjectEntryPoint() { this instanceof SeleniumPageObject }
+class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass instanceof SeleniumPageObject {
 }
diff --git a/java/ql/lib/semmle/code/java/deadcode/SpringEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/SpringEntryPoints.qll
index fd2dc8974f7..caac4d37b6c 100644
--- a/java/ql/lib/semmle/code/java/deadcode/SpringEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/SpringEntryPoints.qll
@@ -50,9 +50,7 @@ class SpringBeanAnnotatedMethod extends CallableEntryPoint {
 /**
  * A live entry point within a Spring controller.
  */
-class SpringControllerEntryPoint extends CallableEntryPoint {
-  SpringControllerEntryPoint() { this instanceof SpringControllerMethod }
-}
+class SpringControllerEntryPoint extends CallableEntryPoint instanceof SpringControllerMethod { }
 
 /**
  * A method that is accessible in a response, because it is part of the returned model,
diff --git a/java/ql/lib/semmle/code/java/deadcode/StrutsEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/StrutsEntryPoints.qll
index 3599d1fe640..de2c0c44678 100644
--- a/java/ql/lib/semmle/code/java/deadcode/StrutsEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/StrutsEntryPoints.qll
@@ -33,23 +33,18 @@ class Struts1ActionEntryPoint extends EntryPoint, Class {
 /**
  * A struts 2 action class that is reflectively constructed.
  */
-class Struts2ReflectivelyConstructedAction extends ReflectivelyConstructedClass {
-  Struts2ReflectivelyConstructedAction() { this instanceof Struts2ActionClass }
+class Struts2ReflectivelyConstructedAction extends ReflectivelyConstructedClass instanceof Struts2ActionClass {
 }
 
 /**
  * A method called on a struts 2 action class when the action is activated.
  */
-class Struts2ActionMethodEntryPoint extends CallableEntryPoint {
-  Struts2ActionMethodEntryPoint() { this instanceof Struts2ActionMethod }
-}
+class Struts2ActionMethodEntryPoint extends CallableEntryPoint instanceof Struts2ActionMethod { }
 
 /**
  * A method called on a struts 2 action class before an action is activated.
  */
-class Struts2PrepareMethodEntryPoint extends CallableEntryPoint {
-  Struts2PrepareMethodEntryPoint() { this instanceof Struts2PrepareMethod }
-}
+class Struts2PrepareMethodEntryPoint extends CallableEntryPoint instanceof Struts2PrepareMethod { }
 
 /**
  * A class which is accessible - directly or indirectly - from a struts action.
diff --git a/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll
index 2d8b28e4de9..d659918e815 100644
--- a/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll
@@ -78,13 +78,10 @@ class JUnitCategory extends WhitelistedLiveClass {
 /**
  * A listener that will be reflectively constructed by TestNG.
  */
-class TestNGReflectivelyConstructedListener extends ReflectivelyConstructedClass {
-  TestNGReflectivelyConstructedListener() {
-    // Consider any class that implements a TestNG listener interface to be live. Listeners can be
-    // specified on the command line, in `testng.xml` files and in Ant build files, so it is safest
-    // to assume that all such listeners are live.
-    this instanceof TestNGListenerImpl
-  }
+class TestNGReflectivelyConstructedListener extends ReflectivelyConstructedClass instanceof TestNGListenerImpl {
+  // Consider any class that implements a TestNG listener interface to be live. Listeners can be
+  // specified on the command line, in `testng.xml` files and in Ant build files, so it is safest
+  // to assume that all such listeners are live.
 }
 
 /**
@@ -99,9 +96,7 @@ class TestNGDataProvidersEntryPoint extends CallableEntryPoint {
 /**
  * A `@Factory` TestNG method or constructor which is live.
  */
-class TestNGFactoryEntryPoint extends CallableEntryPoint {
-  TestNGFactoryEntryPoint() { this instanceof TestNGFactoryCallable }
-}
+class TestNGFactoryEntryPoint extends CallableEntryPoint instanceof TestNGFactoryCallable { }
 
 class TestRefectivelyConstructedClass extends ReflectivelyConstructedClass {
   TestRefectivelyConstructedClass() {
@@ -159,6 +154,5 @@ class CucumberConstructedClass extends ReflectivelyConstructedClass {
 /**
  * A "step definition" that may be called by Cucumber when executing an acceptance test.
  */
-class CucumberStepDefinitionEntryPoint extends CallableEntryPoint {
-  CucumberStepDefinitionEntryPoint() { this instanceof CucumberStepDefinition }
+class CucumberStepDefinitionEntryPoint extends CallableEntryPoint instanceof CucumberStepDefinition {
 }
diff --git a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
index 5f2f215802f..d25b07d1999 100644
--- a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
@@ -7,17 +7,12 @@ import semmle.code.java.frameworks.Servlets
  * Any class which extends the `Servlet` interface is intended to be constructed reflectively by a
  * servlet container.
  */
-class ServletConstructedClass extends ReflectivelyConstructedClass {
+class ServletConstructedClass extends ReflectivelyConstructedClass instanceof ServletClass {
   ServletConstructedClass() {
-    this instanceof ServletClass and
     // If we have seen any `web.xml` files, this servlet will be considered to be live only if it is
     // referred to as a servlet-class in at least one. If no `web.xml` files are found, we assume
     // that XML extraction was not enabled, and therefore consider all `Servlet` classes as live.
-    (
-      isWebXmlIncluded()
-      implies
-      exists(WebServletClass servletClass | this = servletClass.getClass())
-    )
+    isWebXmlIncluded() implies exists(WebServletClass servletClass | this = servletClass.getClass())
   }
 }
 
@@ -112,6 +107,4 @@ class GwtUiBinderEntryPoint extends CallableEntryPoint {
 /**
  * Fields that may be reflectively read or written to by the UiBinder framework.
  */
-class GwtUiBinderReflectivelyReadField extends ReflectivelyReadField {
-  GwtUiBinderReflectivelyReadField() { this instanceof GwtUiField }
-}
+class GwtUiBinderReflectivelyReadField extends ReflectivelyReadField instanceof GwtUiField { }
diff --git a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
index 2087f076fa9..c6419f4c26b 100644
--- a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
+++ b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
@@ -9,11 +9,12 @@
 import java
 private import VirtualDispatch
 private import semmle.code.java.dataflow.internal.BaseSSA
-private import semmle.code.java.dataflow.internal.DataFlowUtil
-private import semmle.code.java.dataflow.internal.DataFlowPrivate
+private import semmle.code.java.dataflow.internal.DataFlowUtil as DataFlow
+private import semmle.code.java.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 private import semmle.code.java.dataflow.InstanceAccess
 private import semmle.code.java.Collections
 private import semmle.code.java.Maps
+private import codeql.typetracking.TypeTracking
 
 /**
  * Gets a viable dispatch target for `ma`. This is the input dispatch relation.
@@ -23,7 +24,8 @@ private Method viableImpl_inp(MethodAccess ma) { result = viableImpl_v2(ma) }
 private Callable dispatchCand(Call c) {
   c instanceof ConstructorCall and result = c.getCallee().getSourceDeclaration()
   or
-  result = viableImpl_inp(c)
+  result = viableImpl_inp(c) and
+  not dispatchOrigin(_, c, result)
 }
 
 /**
@@ -56,7 +58,7 @@ private predicate publicStaticFieldInit(ClassInstanceExpr cie) {
  */
 private predicate publicThroughField(RefType t) {
   exists(ClassInstanceExpr cie |
-    cie.getConstructedType() = t and
+    cie.getConstructedType().getSourceDeclaration() = t and
     publicStaticFieldInit(cie)
   )
 }
@@ -64,7 +66,7 @@ private predicate publicThroughField(RefType t) {
 /**
  * Holds if `t` and its subtypes are private or anonymous.
  */
-private predicate privateConstruction(RefType t) {
+private predicate privateConstruction(SrcRefType t) {
   (t.isPrivate() or t instanceof AnonymousClass) and
   not publicThroughField(t) and
   forall(SrcRefType sub | sub.getASourceSupertype+() = t.getSourceDeclaration() |
@@ -122,188 +124,282 @@ private predicate relevant(RefType t) {
 }
 
 /** A node with a type that is relevant for dispatch flow. */
-private class RelevantNode extends Node {
+private class RelevantNode extends DataFlow::Node {
   RelevantNode() { relevant(this.getType()) }
 }
 
-/**
- * Holds if `p` is the `i`th parameter of a viable dispatch target of `call`.
- * The instance parameter is considered to have index `-1`.
- */
-pragma[nomagic]
-private predicate viableParamCand(Call call, int i, ParameterNode p) {
-  exists(DataFlowCallable callable |
-    callable.asCallable() = dispatchCand(call) and
-    p.isParameterOf(callable, i) and
-    p instanceof RelevantNode
-  )
-}
+private module TypeTrackingSteps {
+  class Node = RelevantNode;
 
-/**
- * Holds if `arg` is a possible argument to `p` taking virtual dispatch into account.
- */
-private predicate viableArgParamCand(ArgumentNode arg, ParameterNode p) {
-  exists(int i, DataFlowCall call |
-    viableParamCand(call.asCall(), i, p) and
-    arg.argumentOf(call, i)
-  )
-}
+  class LocalSourceNode extends RelevantNode {
+    LocalSourceNode() {
+      this.asExpr() instanceof Call or
+      this.asExpr() instanceof RValue or
+      this instanceof DataFlow::ParameterNode or
+      this instanceof DataFlow::ImplicitVarargsArray or
+      this.asExpr() instanceof ArrayInit or
+      this.asExpr() instanceof ArrayAccess or
+      this instanceof DataFlow::FieldValueNode
+    }
+  }
 
-/**
- * Holds if data may flow from `n1` to `n2` in a single step through a call or a return.
- */
-private predicate callFlowStepCand(RelevantNode n1, RelevantNode n2) {
-  exists(ReturnStmt ret, Method m |
-    ret.getEnclosingCallable() = m and
-    ret.getResult() = n1.asExpr() and
-    m = dispatchCand(n2.asExpr())
-  )
-  or
-  viableArgParamCand(n1, n2)
-}
+  private newtype TContent =
+    ContentArray() or
+    ContentArrayArray()
 
-/**
- * Holds if data may flow from `n1` to `n2` in a single step that does not go
- * through a call or a return.
- */
-private predicate flowStep(RelevantNode n1, RelevantNode n2) {
-  exists(BaseSsaVariable v, BaseSsaVariable def |
-    def.(BaseSsaUpdate).getDefiningExpr().(VariableAssign).getSource() = n1.asExpr()
-    or
-    def.(BaseSsaImplicitInit).isParameterDefinition(n1.asParameter())
-    or
-    exists(EnhancedForStmt for |
-      for.getVariable() = def.(BaseSsaUpdate).getDefiningExpr() and
-      for.getExpr() = n1.asExpr() and
-      n1.getType() instanceof Array
-    )
-  |
-    v.getAnUltimateDefinition() = def and
-    v.getAUse() = n2.asExpr()
-  )
-  or
-  exists(Callable c | n1.(InstanceParameterNode).getCallable() = c |
-    exists(InstanceAccess ia |
-      ia = n2.asExpr() and ia.getEnclosingCallable() = c and ia.isOwnInstanceAccess()
+  class Content extends TContent {
+    string toString() {
+      this = ContentArray() and result = "array"
+      or
+      this = ContentArrayArray() and result = "array array"
+    }
+  }
+
+  class ContentFilter extends Content {
+    Content getAMatchingContent() { result = this }
+  }
+
+  predicate compatibleContents(Content storeContents, Content loadContents) {
+    storeContents = loadContents
+  }
+
+  predicate simpleLocalSmallStep(Node n1, Node n2) {
+    exists(BaseSsaVariable v, BaseSsaVariable def |
+      def.(BaseSsaUpdate).getDefiningExpr().(VariableAssign).getSource() = n1.asExpr()
+      or
+      def.(BaseSsaImplicitInit).isParameterDefinition(n1.asParameter())
+    |
+      v.getAnUltimateDefinition() = def and
+      v.getAUse() = n2.asExpr()
     )
     or
-    n2.(ImplicitInstanceAccess).getInstanceAccess().(OwnInstanceAccess).getEnclosingCallable() = c
-  )
-  or
-  n2.(FieldValueNode).getField().getAnAssignedValue() = n1.asExpr()
-  or
-  n2.asExpr().(FieldRead).getField() = n1.(FieldValueNode).getField()
-  or
-  exists(EnumType enum, Method getValue |
-    enum.getAnEnumConstant().getAnAssignedValue() = n1.asExpr() and
-    getValue.getDeclaringType() = enum and
-    (getValue.hasName("values") or getValue.hasName("valueOf")) and
-    n2.asExpr().(MethodAccess).getMethod() = getValue
-  )
-  or
-  n2.asExpr().(CastingExpr).getExpr() = n1.asExpr()
-  or
-  n2.asExpr().(ChooseExpr).getAResultExpr() = n1.asExpr()
-  or
-  n2.asExpr().(AssignExpr).getSource() = n1.asExpr()
-  or
-  n2.asExpr().(ArrayInit).getAnInit() = n1.asExpr()
-  or
-  n2.asExpr().(ArrayCreationExpr).getInit() = n1.asExpr()
-  or
-  n2.asExpr().(ArrayAccess).getArray() = n1.asExpr()
-  or
-  exists(Argument arg |
-    n1.asExpr() = arg and arg.isVararg() and n2.(ImplicitVarargsArray).getCall() = arg.getCall()
-  )
-  or
-  exists(AssignExpr a, Variable v |
-    a.getSource() = n1.asExpr() and
-    a.getDest().(ArrayAccess).getArray() = v.getAnAccess() and
-    n2.asExpr() = v.getAnAccess().(RValue)
-  )
-  or
-  exists(Variable v, MethodAccess put, MethodAccess get |
-    put.getArgument(1) = n1.asExpr() and
-    put.getMethod().(MapMethod).hasName("put") and
-    put.getQualifier() = v.getAnAccess() and
-    get.getQualifier() = v.getAnAccess() and
-    get.getMethod().(MapMethod).hasName("get") and
-    n2.asExpr() = get
-  )
-  or
-  exists(Variable v, MethodAccess add |
-    add.getAnArgument() = n1.asExpr() and
-    add.getMethod().(CollectionMethod).hasName("add") and
-    add.getQualifier() = v.getAnAccess()
-  |
-    exists(MethodAccess get |
+    exists(Callable c | n1.(DataFlow::InstanceParameterNode).getCallable() = c |
+      exists(InstanceAccess ia |
+        ia = n2.asExpr() and ia.getEnclosingCallable() = c and ia.isOwnInstanceAccess()
+      )
+      or
+      n2.(DataFlow::ImplicitInstanceAccess)
+          .getInstanceAccess()
+          .(OwnInstanceAccess)
+          .getEnclosingCallable() = c
+    )
+    or
+    n2.asExpr().(CastingExpr).getExpr() = n1.asExpr()
+    or
+    n2.asExpr().(ChooseExpr).getAResultExpr() = n1.asExpr()
+    or
+    n2.asExpr().(AssignExpr).getSource() = n1.asExpr()
+    or
+    n2.asExpr().(ArrayCreationExpr).getInit() = n1.asExpr()
+  }
+
+  predicate levelStepNoCall(Node n1, LocalSourceNode n2) {
+    exists(EnumType enum, Method getValue |
+      enum.getAnEnumConstant().getAnAssignedValue() = n1.asExpr() and
+      getValue.getDeclaringType() = enum and
+      getValue.hasName("valueOf") and
+      n2.asExpr().(MethodAccess).getMethod() = getValue
+    )
+    or
+    exists(Variable v, MethodAccess put, MethodAccess get |
+      put.getArgument(1) = n1.asExpr() and
+      put.getMethod().(MapMethod).hasName("put") and
+      put.getQualifier() = v.getAnAccess() and
       get.getQualifier() = v.getAnAccess() and
-      get.getMethod().(CollectionMethod).hasName("get") and
+      get.getMethod().(MapMethod).hasName("get") and
       n2.asExpr() = get
     )
     or
-    exists(EnhancedForStmt for, BaseSsaVariable ssa, BaseSsaVariable def |
-      for.getVariable() = def.(BaseSsaUpdate).getDefiningExpr() and
-      for.getExpr() = v.getAnAccess() and
-      ssa.getAnUltimateDefinition() = def and
-      ssa.getAUse() = n2.asExpr()
+    exists(Variable v, MethodAccess add |
+      add.getAnArgument() = n1.asExpr() and
+      add.getMethod().(CollectionMethod).hasName("add") and
+      add.getQualifier() = v.getAnAccess()
+    |
+      exists(MethodAccess get |
+        get.getQualifier() = v.getAnAccess() and
+        get.getMethod().(CollectionMethod).hasName("get") and
+        n2.asExpr() = get
+      )
+      or
+      exists(EnhancedForStmt for, BaseSsaVariable ssa, BaseSsaVariable def |
+        for.getVariable() = def.(BaseSsaUpdate).getDefiningExpr() and
+        for.getExpr() = v.getAnAccess() and
+        ssa.getAnUltimateDefinition() = def and
+        ssa.getAUse() = n2.asExpr()
+      )
     )
-  )
+  }
+
+  predicate levelStepCall(Node n1, LocalSourceNode n2) { none() }
+
+  predicate storeStep(Node n1, Node n2, Content f) {
+    exists(EnumType enum, Method getValue |
+      enum.getAnEnumConstant().getAnAssignedValue() = n1.asExpr() and
+      getValue.getDeclaringType() = enum and
+      getValue.hasName("values") and
+      n2.asExpr().(MethodAccess).getMethod() = getValue and
+      f = ContentArray()
+    )
+    or
+    n2.asExpr().(ArrayInit).getAnInit() = n1.asExpr() and
+    f = ContentArray()
+    or
+    exists(Argument arg |
+      n1.asExpr() = arg and
+      arg.isVararg() and
+      n2.(DataFlow::ImplicitVarargsArray).getCall() = arg.getCall() and
+      f = ContentArray()
+    )
+    or
+    exists(AssignExpr a, Variable v |
+      a.getSource() = n1.asExpr() and
+      a.getDest().(ArrayAccess).getArray() = v.getAnAccess() and
+      n2.asExpr() = v.getAnAccess().(RValue) and
+      f = ContentArray()
+    )
+  }
+
+  predicate loadStep(Node n1, LocalSourceNode n2, Content f) {
+    exists(BaseSsaVariable v, BaseSsaVariable def |
+      exists(EnhancedForStmt for |
+        for.getVariable() = def.(BaseSsaUpdate).getDefiningExpr() and
+        for.getExpr() = n1.asExpr() and
+        n1.getType() instanceof Array and
+        f = ContentArray()
+      )
+    |
+      v.getAnUltimateDefinition() = def and
+      v.getAUse() = n2.asExpr()
+    )
+    or
+    n2.asExpr().(ArrayAccess).getArray() = n1.asExpr()
+  }
+
+  predicate loadStoreStep(Node nodeFrom, Node nodeTo, Content f1, Content f2) {
+    loadStep(nodeFrom, nodeTo, ContentArray()) and
+    f1 = ContentArrayArray() and
+    f2 = ContentArray()
+    or
+    storeStep(nodeFrom, nodeTo, ContentArray()) and
+    f1 = ContentArray() and
+    f2 = ContentArrayArray()
+  }
+
+  predicate withContentStep(Node nodeFrom, LocalSourceNode nodeTo, ContentFilter f) { none() }
+
+  predicate withoutContentStep(Node nodeFrom, LocalSourceNode nodeTo, ContentFilter f) { none() }
+
+  predicate jumpStep(Node n1, LocalSourceNode n2) {
+    n2.(DataFlow::FieldValueNode).getField().getAnAssignedValue() = n1.asExpr()
+    or
+    n2.asExpr().(FieldRead).getField() = n1.(DataFlow::FieldValueNode).getField()
+  }
+
+  predicate hasFeatureBacktrackStoreTarget() { none() }
 }
 
-/**
- * Holds if `n` is forward-reachable from a relevant `ClassInstanceExpr`.
- */
-private predicate nodeCandFwd(Node n) {
-  dispatchOrigin(n.asExpr(), _, _)
-  or
-  exists(Node mid | nodeCandFwd(mid) | flowStep(mid, n) or callFlowStepCand(mid, n))
+private predicate lambdaSource(RelevantNode n) { dispatchOrigin(n.asExpr(), _, _) }
+
+private predicate lambdaSink(RelevantNode n) {
+  exists(MethodAccess ma | dispatchOrigin(_, ma, _) | n = DataFlow::getInstanceArgument(ma))
 }
 
-/**
- * Holds if `n` may occur on a dispatch flow path. That is, a path from a
- * relevant `ClassInstanceExpr` to a qualifier of a relevant `MethodAccess`.
- */
-private predicate nodeCand(Node n) {
-  exists(MethodAccess ma |
-    dispatchOrigin(_, ma, _) and
-    n = getInstanceArgument(ma) and
-    nodeCandFwd(n)
-  )
-  or
-  exists(Node mid | nodeCand(mid) | flowStep(n, mid) or callFlowStepCand(n, mid)) and
-  nodeCandFwd(n)
+private signature Method methodDispatchSig(MethodAccess ma);
+
+private module TrackLambda<methodDispatchSig/1 lambdaDispatch0> {
+  private Callable dispatch(Call c) {
+    result = dispatchCand(c) or
+    result = lambdaDispatch0(c)
+  }
+
+  /**
+   * Holds if `p` is the `i`th parameter of a viable dispatch target of `call`.
+   * The instance parameter is considered to have index `-1`.
+   */
+  pragma[nomagic]
+  private predicate paramCand(Call call, int i, DataFlow::ParameterNode p) {
+    exists(DataFlowPrivate::DataFlowCallable callable |
+      callable.asCallable() = dispatch(call) and
+      p.isParameterOf(callable, i) and
+      p instanceof RelevantNode
+    )
+  }
+
+  /**
+   * Holds if `arg` is a possible argument to `p` taking virtual dispatch into account.
+   */
+  private predicate argParamCand(DataFlowPrivate::ArgumentNode arg, DataFlow::ParameterNode p) {
+    exists(int i, DataFlowPrivate::DataFlowCall call |
+      paramCand(call.asCall(), i, p) and
+      arg.argumentOf(call, i)
+    )
+  }
+
+  private module TtInput implements TypeTrackingInput {
+    import TypeTrackingSteps
+
+    predicate callStep(Node n1, LocalSourceNode n2) { argParamCand(n1, n2) }
+
+    predicate returnStep(Node n1, LocalSourceNode n2) {
+      exists(ReturnStmt ret, Method m |
+        ret.getEnclosingCallable() = m and
+        ret.getResult() = n1.asExpr() and
+        m = dispatch(n2.asExpr())
+      )
+    }
+  }
+
+  private import TypeTracking<TtInput>::TypeTrack<lambdaSource/1>::Graph<lambdaSink/1>
+
+  private predicate edgePlus(PathNode n1, PathNode n2) = fastTC(edges/2)(n1, n2)
+
+  private predicate pairCand(PathNode p1, PathNode p2, Method m, MethodAccess ma) {
+    exists(ClassInstanceExpr cie |
+      dispatchOrigin(cie, ma, m) and
+      p1.getNode() = DataFlow::exprNode(cie) and
+      p2.getNode() = DataFlow::getInstanceArgument(ma) and
+      p1.isSource() and
+      p2.isSink()
+    )
+  }
+
+  /**
+   * Holds if there is flow from a `ClassInstanceExpr` instantiating a type that
+   * declares or inherits the tracked method `result` to the qualifier of `ma` such
+   * that `ma` may dispatch to `result`.
+   */
+  Method lambdaDispatch(MethodAccess ma) {
+    exists(PathNode p1, PathNode p2 |
+      (p1 = p2 or edgePlus(p1, p2)) and
+      pairCand(p1, p2, result, ma)
+    )
+  }
 }
 
-/**
- * Holds if `n1 -> n2` is a relevant dispatch flow step.
- */
-private predicate step(Node n1, Node n2) {
-  (flowStep(n1, n2) or callFlowStepCand(n1, n2)) and
-  nodeCand(n1) and
-  nodeCand(n2)
-}
+private Method noDisp(MethodAccess ma) { none() }
 
-private predicate stepPlus(Node n1, Node n2) = fastTC(step/2)(n1, n2)
+pragma[nomagic]
+private Method d1(MethodAccess ma) { result = TrackLambda<noDisp/1>::lambdaDispatch(ma) }
 
-/**
- * Holds if there is flow from a `ClassInstanceExpr` instantiating a type that
- * declares or inherits the tracked method `m` to the qualifier of `ma` such
- * that `ma` may dispatch to `m`.
- */
-pragma[inline]
-private predicate hasDispatchFlow(MethodAccess ma, Method m) {
-  exists(ClassInstanceExpr cie |
-    dispatchOrigin(cie, ma, m) and
-    stepPlus(exprNode(cie), getInstanceArgument(ma))
-  )
-}
+pragma[nomagic]
+private Method d2(MethodAccess ma) { result = TrackLambda<d1/1>::lambdaDispatch(ma) }
+
+pragma[nomagic]
+private Method d3(MethodAccess ma) { result = TrackLambda<d2/1>::lambdaDispatch(ma) }
+
+pragma[nomagic]
+private Method d4(MethodAccess ma) { result = TrackLambda<d3/1>::lambdaDispatch(ma) }
+
+pragma[nomagic]
+private Method d5(MethodAccess ma) { result = TrackLambda<d4/1>::lambdaDispatch(ma) }
+
+pragma[nomagic]
+private Method d6(MethodAccess ma) { result = TrackLambda<d5/1>::lambdaDispatch(ma) }
 
 /**
  * Gets a viable dispatch target for `ma`. This is the output dispatch relation.
  */
 Method viableImpl_out(MethodAccess ma) {
   result = viableImpl_inp(ma) and
-  (hasDispatchFlow(ma, result) or not dispatchOrigin(_, ma, result))
+  (result = d6(ma) or not dispatchOrigin(_, ma, result))
 }
diff --git a/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll b/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
index 56385e89877..eb1878bf7e4 100644
--- a/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
+++ b/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
@@ -99,10 +99,12 @@ private module Dispatch {
   private predicate lowConfidenceDispatchType(SrcRefType t) {
     t instanceof TypeObject
     or
-    t instanceof FunctionalInterface
+    t instanceof Interface and not t.fromSource()
     or
     t.hasQualifiedName("java.io", "Serializable")
     or
+    t.hasQualifiedName("java.lang", "Iterable")
+    or
     t.hasQualifiedName("java.lang", "Cloneable")
     or
     t.getPackage().hasName("java.util") and t instanceof Interface
diff --git a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll
index 8328a9dfbcb..64e38a19e9d 100644
--- a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll
@@ -4,7 +4,6 @@
 
 import java
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 class ApacheHttpGetParams extends Method {
   ApacheHttpGetParams() {
@@ -42,17 +41,6 @@ class TypeApacheHttpRequestBuilder extends Class {
   }
 }
 
-private class ApacheHttpSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.http.protocol;HttpRequestHandler;true;handle;(HttpRequest,HttpResponse,HttpContext);;Parameter[0];remote;manual",
-        "org.apache.hc.core5.http.io;HttpRequestHandler;true;handle;(ClassicHttpRequest,ClassicHttpResponse,HttpContext);;Parameter[0];remote;manual",
-        "org.apache.hc.core5.http.io;HttpServerRequestHandler;true;handle;(ClassicHttpRequest,ResponseTrigger,HttpContext);;Parameter[0];remote;manual"
-      ]
-  }
-}
-
 /**
  * A call that sets a header of an `HttpResponse`.
  */
@@ -80,191 +68,3 @@ class ApacheHttpSetHeader extends Call {
   /** Gets the expression used as the value of this header. */
   Expr getValue() { result = this.getArgument(1) }
 }
-
-private class ApacheHttpXssSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.http;HttpResponse;true;setEntity;(HttpEntity);;Argument[0];xss;manual",
-        "org.apache.http.util;EntityUtils;true;updateEntity;(HttpResponse,HttpEntity);;Argument[1];xss;manual",
-        "org.apache.hc.core5.http;HttpEntityContainer;true;setEntity;(HttpEntity);;Argument[0];xss;manual"
-      ]
-  }
-}
-
-private class ApacheHttpOpenUrlSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.http;HttpRequest;true;setURI;;;Argument[0];open-url;manual",
-        "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(RequestLine);;Argument[0];open-url;manual",
-        "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(String,String);;Argument[1];open-url;manual",
-        "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(String,String,ProtocolVersion);;Argument[1];open-url;manual",
-        "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(RequestLine);;Argument[0];open-url;manual",
-        "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(String,String);;Argument[1];open-url;manual",
-        "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(String,String,ProtocolVersion);;Argument[1];open-url;manual",
-        "org.apache.http.client.methods;HttpGet;false;HttpGet;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpHead;false;HttpHead;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpPut;false;HttpPut;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpPost;false;HttpPost;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpDelete;false;HttpDelete;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpOptions;false;HttpOptions;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpTrace;false;HttpTrace;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpPatch;false;HttpPatch;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;HttpRequestBase;true;setURI;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;setUri;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;get;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;post;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;put;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;options;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;head;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;delete;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;trace;;;Argument[0];open-url;manual",
-        "org.apache.http.client.methods;RequestBuilder;false;patch;;;Argument[0];open-url;manual"
-      ]
-  }
-}
-
-private class ApacheHttpFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.http;HttpMessage;true;getAllHeaders;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;getFirstHeader;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;getLastHeader;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;getHeaders;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;getParams;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;headerIterator;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpMessage;true;headerIterator;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpRequest;true;getRequestLine;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpEntityEnclosingRequest;true;getEntity;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;Header;true;getElements;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderElement;true;getName;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderElement;true;getValue;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderElement;true;getParameter;(int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderElement;true;getParameterByName;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderElement;true;getParameters;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;NameValuePair;true;getName;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;NameValuePair;true;getValue;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HeaderIterator;true;nextHeader;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpEntity;true;getContent;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpEntity;true;getContentEncoding;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;HttpEntity;true;getContentType;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;RequestLine;true;getMethod;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;RequestLine;true;getUri;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.params;HttpParams;true;getParameter;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.params;HttpParams;true;getDoubleParameter;(String,double);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.params;HttpParams;true;getIntParameter;(String,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.params;HttpParams;true;getLongParameter;(String,long);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.params;HttpParams;true;getDoubleParameter;(String,double);;Argument[1];ReturnValue;value;manual",
-        "org.apache.http.params;HttpParams;true;getIntParameter;(String,int);;Argument[1];ReturnValue;value;manual",
-        "org.apache.http.params;HttpParams;true;getLongParameter;(String,long);;Argument[1];ReturnValue;value;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;getFirstHeader;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;getLastHeader;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;getHeader;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;getHeaders;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;getHeaders;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;headerIterator;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;MessageHeaders;true;headerIterator;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpRequest;true;getAuthority;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpRequest;true;getMethod;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpRequest;true;getPath;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpRequest;true;getUri;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpRequest;true;getRequestUri;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpEntityContainer;true;getEntity;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;NameValuePair;true;getName;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;NameValuePair;true;getValue;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpEntity;true;getContent;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;HttpEntity;true;getTrailers;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;EntityDetails;true;getContentType;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;EntityDetails;true;getContentEncoding;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http;EntityDetails;true;getTrailerNames;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.message;RequestLine;true;getMethod;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.message;RequestLine;true;getUri;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.message;RequestLine;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.message;RequestLine;true;RequestLine;(HttpRequest);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.http.message;RequestLine;true;RequestLine;(String,String,ProtocolVersion);;Argument[1];Argument[-1];taint;manual",
-        "org.apache.hc.core5.function;Supplier;true;get;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.net;URIAuthority;true;getHostName;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.net;URIAuthority;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;EntityUtils;true;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EntityUtils;true;toByteArray;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EntityUtils;true;getContentCharSet;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EntityUtils;true;getContentMimeType;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;EntityUtils;true;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;EntityUtils;true;toByteArray;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;EntityUtils;true;parse;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EncodingUtils;true;getAsciiBytes;(String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EncodingUtils;true;getAsciiString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EncodingUtils;true;getBytes;(String,String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;EncodingUtils;true;getString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.http.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.http.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.http.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.http.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;notEmpty;(Object,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntities;true;create;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntities;true;createGzipped;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntities;true;createUrlEncoded;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntities;true;gzip;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntities;true;withTrailers;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.entity;BasicHttpEntity;true;setContent;(InputStream);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.entity;BufferedHttpEntity;true;BufferedHttpEntity;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.entity;ByteArrayEntity;true;ByteArrayEntity;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.entity;HttpEntityWrapper;true;HttpEntityWrapper;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.entity;InputStreamEntity;true;InputStreamEntity;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.http.entity;StringEntity;true;StringEntity;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.http.io.entity;BasicHttpEntity;true;BasicHttpEntity;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;BufferedHttpEntity;true;BufferedHttpEntity;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;ByteArrayEntity;true;ByteArrayEntity;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.http.io.entity;HttpEntityWrapper;true;HttpEntityWrapper;(HttpEntity);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;InputStreamEntity;true;InputStreamEntity;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.hc.core5.http.io.entity;StringEntity;true;StringEntity;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;ByteArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;ByteArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;ByteArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;ByteArrayBuffer;true;buffer;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;ByteArrayBuffer;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(ByteArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(CharArrayBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;append;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;buffer;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;toCharArray;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;substring;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;subSequence;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.util;CharArrayBuffer;true;substringTrimmed;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;ByteArrayBuffer;true;array;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;ByteArrayBuffer;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(ByteArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(CharArrayBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;append;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;array;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;toCharArray;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;substring;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;subSequence;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.hc.core5.util;CharArrayBuffer;true;substringTrimmed;(int,int);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http.message;BasicRequestLine;false;BasicRequestLine;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.http;RequestLine;true;getUri;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.http;RequestLine;true;toString;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll b/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll
index 615d928a709..55a8e262438 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `flexjson.JSONDeserializer`. */
 class FlexjsonDeserializer extends RefType {
@@ -33,9 +32,3 @@ class FlexjsonDeserializerUseMethod extends Method {
     this.hasName("use")
   }
 }
-
-private class FluentUseMethodModel extends SummaryModelCsv {
-  override predicate row(string r) {
-    r = "flexjson;JSONDeserializer;true;use;;;Argument[-1];ReturnValue;value;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/GeneratedNegative.qll b/java/ql/lib/semmle/code/java/frameworks/GeneratedNegative.qll
deleted file mode 100644
index c12c6c3be16..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/GeneratedNegative.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** Provides a module for importing negative models. */
-
-/**
- * A module importing all generated negative Models as Data models.
- */
-private module GeneratedFrameworks {
-  private import apache.NegativeIOGenerated
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll b/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll
index 4832576b7b9..28b28101454 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The interface `org.hibernate.query.QueryProducer`. */
 class HibernateQueryProducer extends RefType {
@@ -21,19 +20,3 @@ class HibernateSharedSessionContract extends RefType {
 class HibernateSession extends RefType {
   HibernateSession() { this.hasQualifiedName("org.hibernate", "Session") }
 }
-
-private class SqlSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.hibernate;QueryProducer;true;createQuery;;;Argument[0];sql;manual",
-        "org.hibernate;QueryProducer;true;createNativeQuery;;;Argument[0];sql;manual",
-        "org.hibernate;QueryProducer;true;createSQLQuery;;;Argument[0];sql;manual",
-        "org.hibernate;SharedSessionContract;true;createQuery;;;Argument[0];sql;manual",
-        "org.hibernate;SharedSessionContract;true;createSQLQuery;;;Argument[0];sql;manual",
-        "org.hibernate;Session;true;createQuery;;;Argument[0];sql;manual",
-        "org.hibernate;Session;true;createSQLQuery;;;Argument[0];sql;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll b/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll
deleted file mode 100644
index 05f764b357b..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Definitions of sinks in the Hikari Connection Pool library.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class SsrfSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "com.zaxxer.hikari;HikariConfig;false;HikariConfig;(Properties);;Argument[0];jdbc-url;manual",
-        "com.zaxxer.hikari;HikariConfig;false;setJdbcUrl;(String);;Argument[0];jdbc-url;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JMS.qll b/java/ql/lib/semmle/code/java/frameworks/JMS.qll
deleted file mode 100644
index f1eb0ace982..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/JMS.qll
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * This model covers JMS API versions 1 and 2.
- *
- * https://docs.oracle.com/javaee/6/api/javax/jms/package-summary.html
- * https://docs.oracle.com/javaee/7/api/javax/jms/package-summary.html
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-/** Defines sources of tainted data in JMS 1. */
-private class Jms1Source extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // incoming messages are considered tainted
-        "javax.jms;MessageListener;true;onMessage;(Message);;Parameter[0];remote;manual",
-        "javax.jms;MessageConsumer;true;receive;;;ReturnValue;remote;manual",
-        "javax.jms;MessageConsumer;true;receiveNoWait;();;ReturnValue;remote;manual",
-        "javax.jms;QueueRequestor;true;request;(Message);;ReturnValue;remote;manual",
-        "javax.jms;TopicRequestor;true;request;(Message);;ReturnValue;remote;manual",
-      ]
-  }
-}
-
-/** Defines taint propagation steps in JMS 1. */
-private class Jms1FlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // if a message is tainted, then it returns tainted data
-        "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getJMSCorrelationIDAsBytes;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getJMSCorrelationID;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getJMSReplyTo;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getJMSDestination;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getJMSType;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getBooleanProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getByteProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getShortProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getIntProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getLongProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getFloatProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getDoubleProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getStringProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getObjectProperty;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Message;true;getPropertyNames;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readUnsignedByte;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readUnsignedShort;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readUTF;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;BytesMessage;true;readBytes;;;Argument[-1];Argument[0];taint;manual",
-        "javax.jms;MapMessage;true;getBoolean;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getByte;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getShort;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getChar;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getInt;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getLong;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getFloat;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getDouble;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getString;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getBytes;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getObject;(String);;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;MapMessage;true;getMapNames;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;ObjectMessage;true;getObject;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readString;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;StreamMessage;true;readBytes;(byte[]);;Argument[-1];Argument[0];taint;manual",
-        "javax.jms;StreamMessage;true;readObject;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;TextMessage;true;getText;();;Argument[-1];ReturnValue;taint;manual",
-        // if a destination is tainted, then it returns tainted data
-        "javax.jms;Queue;true;getQueueName;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Queue;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Topic;true;getTopicName;();;Argument[-1];ReturnValue;taint;manual",
-        "javax.jms;Topic;true;toString;();;Argument[-1];ReturnValue;taint;manual",
-      ]
-  }
-}
-
-/** Defines additional sources of tainted data in JMS 2. */
-private class Jms2Source extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.jms;JMSConsumer;true;receive;;;ReturnValue;remote;manual",
-        "javax.jms;JMSConsumer;true;receiveBody;;;ReturnValue;remote;manual",
-        "javax.jms;JMSConsumer;true;receiveNoWait;();;ReturnValue;remote;manual",
-        "javax.jms;JMSConsumer;true;receiveBodyNoWait;();;ReturnValue;remote;manual",
-      ]
-  }
-}
-
-/** Defines additional taint propagation steps in JMS 2. */
-private class Jms2FlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll b/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll
deleted file mode 100644
index 8748c2a0cb1..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll
+++ /dev/null
@@ -1,24 +0,0 @@
-/** Definitions of taint steps in Objects class of the JDK */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class JavaIoSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint;manual",
-        "java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;value;manual",
-        "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;Writer;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual",
-        "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual",
-        "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual",
-        "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.channels;ReadableByteChannel;true;read;(ByteBuffer);;Argument[-1];Argument[0];taint;manual",
-        "java.nio.channels;Channels;false;newChannel;(InputStream);;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll
deleted file mode 100644
index 0a2db0d06fc..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll
+++ /dev/null
@@ -1,138 +0,0 @@
-/**
- * Provides models for the `javax.json` and `jakarta.json` packages.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] +
-        [
-          ".json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createArrayBuilder;(Collection);;Argument[0].Element;ReturnValue;taint;manual",
-          ".json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createObjectBuilder;(Map);;Argument[0].MapKey;ReturnValue;taint;manual",
-          ".json;Json;false;createObjectBuilder;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-          ".json;Json;false;createPatch;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createPointer;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint;manual",
-          ".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArray;false;getString;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObject;false;getString;;;Argument[1];ReturnValue;value;manual",
-          ".json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint;manual",
-          ".json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value;manual",
-          ".json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value;manual",
-          ".json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint;manual",
-          ".json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint;manual",
-          ".json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-          ".json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint;manual",
-          ".json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint;manual",
-          ".json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint;manual"
-        ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
index c60c3ff0369..54b41f28a08 100644
--- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
@@ -4,7 +4,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.security.XSS
 
 /**
@@ -321,323 +320,6 @@ private class JaxRSXssSink extends XssSink {
   }
 }
 
-/** A URL redirection sink from JAX-RS */
-private class JaxRsUrlRedirectSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Response;true;" + ["seeOther", "temporaryRedirect"] +
-        ";;;Argument[0];url-redirect;manual"
-  }
-}
-
-/**
- * Model Response:
- *
- * - the returned ResponseBuilder gains taint from a tainted entity or existing Response
- */
-private class ResponseModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Response;false;" + ["accepted", "fromResponse", "ok"] +
-        ";;;Argument[0];ReturnValue;taint;manual"
-  }
-}
-
-/**
- * Model ResponseBuilder:
- *
- * - becomes tainted by a tainted entity, but not by metadata, headers etc
- * - build() method returns taint
- * - almost all methods are fluent, and so preserve value
- */
-private class ResponseBuilderModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Response$ResponseBuilder;true;" +
-        [
-          "allow", "cacheControl", "contentLocation", "cookie", "encoding", "entity", "expires",
-          "header", "language", "lastModified", "link", "links", "location", "replaceAll", "status",
-          "tag", "type", "variant", "variants"
-        ] + ";;;Argument[-1];ReturnValue;value;manual"
-    or
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Response$ResponseBuilder;true;" +
-        [
-          "build;;;Argument[-1];ReturnValue;taint;manual",
-          "entity;;;Argument[0];Argument[-1];taint;manual",
-          "clone;;;Argument[-1];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model HttpHeaders: methods that Date have to be syntax-checked, but those returning MediaType
- * or Locale are assumed potentially dangerous, as these types do not generally check that the
- * input data is recognised, only that it conforms to the expected syntax.
- */
-private class HttpHeadersModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;HttpHeaders;true;" +
-        [
-          "getAcceptableLanguages", "getAcceptableMediaTypes", "getCookies", "getHeaderString",
-          "getLanguage", "getMediaType", "getRequestHeader", "getRequestHeaders"
-        ] + ";;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
-
-/**
- * Model MultivaluedMap, which extends `Map<K, List<V>>` and provides a few extra helper methods.
- */
-private class MultivaluedMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;MultivaluedMap;true;" +
-        [
-          "add;;;Argument[0];Argument[-1].MapKey;value;manual",
-          "add;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-          "addAll;;;Argument[0];Argument[-1].MapKey;value;manual",
-          "addAll;(Object,List);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual",
-          "addAll;(Object,Object[]);;Argument[1].ArrayElement;Argument[-1].MapValue.Element;value;manual",
-          "addFirst;;;Argument[0];Argument[-1].MapKey;value;manual",
-          "addFirst;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-          "getFirst;;;Argument[-1].MapValue.Element;ReturnValue;value;manual",
-          "putSingle;;;Argument[0];Argument[-1].MapKey;value;manual",
-          "putSingle;;;Argument[1];Argument[-1].MapValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Model AbstractMultivaluedMap, which implements MultivaluedMap.
- */
-private class AbstractMultivaluedMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;AbstractMultivaluedMap;false;AbstractMultivaluedMap;;;" +
-        [
-          "Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          "Argument[0].MapValue;Argument[-1].MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Model MultivaluedHashMap, which extends AbstractMultivaluedMap.
- */
-private class MultivaluedHashMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;MultivaluedHashMap;false;MultivaluedHashMap;" +
-        [
-          "(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          "(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-          "(MultivaluedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          "(MultivaluedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Model PathSegment, which wraps a path and its associated matrix parameters.
- */
-private class PathSegmentModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;PathSegment;true;" + ["getMatrixParameters", "getPath"] +
-        ";;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
-
-/**
- * Model UriInfo, which provides URI element accessors.
- */
-private class UriInfoModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;UriInfo;true;" +
-        [
-          "getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual",
-          "getAbsolutePathBuilder;;;Argument[-1];ReturnValue;taint;manual",
-          "getPath;;;Argument[-1];ReturnValue;taint;manual",
-          "getPathParameters;;;Argument[-1];ReturnValue;taint;manual",
-          "getPathSegments;;;Argument[-1];ReturnValue;taint;manual",
-          "getQueryParameters;;;Argument[-1];ReturnValue;taint;manual",
-          "getRequestUri;;;Argument[-1];ReturnValue;taint;manual",
-          "getRequestUriBuilder;;;Argument[-1];ReturnValue;taint;manual",
-          "relativize;;;Argument[0];ReturnValue;taint;manual",
-          "resolve;;;Argument[-1];ReturnValue;taint;manual",
-          "resolve;;;Argument[0];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model Cookie, a simple tuple type.
- */
-private class CookieModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Cookie;" +
-        [
-          "true;getDomain;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getName;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getPath;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getValue;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getVersion;;;Argument[-1];ReturnValue;taint;manual",
-          "true;toString;;;Argument[-1];ReturnValue;taint;manual",
-          "false;Cookie;;;Argument[0..4];Argument[-1];taint;manual",
-          "false;valueOf;;;Argument[0];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model NewCookie, a simple tuple type.
- */
-private class NewCookieModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;NewCookie;" +
-        [
-          "true;getComment;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getExpiry;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getMaxAge;;;Argument[-1];ReturnValue;taint;manual",
-          "true;toCookie;;;Argument[-1];ReturnValue;taint;manual",
-          "false;NewCookie;;;Argument[0..9];Argument[-1];taint;manual",
-          "false;valueOf;;;Argument[0];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model Form, a simple container type.
- */
-private class FormModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;Form;" +
-        [
-          "false;Form;;;Argument[0].MapKey;Argument[-1];taint;manual",
-          "false;Form;;;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-          "false;Form;;;Argument[0..1];Argument[-1];taint;manual",
-          "true;asMap;;;Argument[-1];ReturnValue;taint;manual",
-          "true;param;;;Argument[0..1];Argument[-1];taint;manual",
-          "true;param;;;Argument[-1];ReturnValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Model GenericEntity, a wrapper for HTTP entities (e.g., documents).
- */
-private class GenericEntityModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;GenericEntity;" +
-        [
-          "false;GenericEntity;;;Argument[0];Argument[-1];taint;manual",
-          "true;getEntity;;;Argument[-1];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model MediaType, which provides accessors for elements of Content-Type and similar
- * media type specifications.
- */
-private class MediaTypeModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;MediaType;" +
-        [
-          "false;MediaType;;;Argument[0..2];Argument[-1];taint;manual",
-          "true;getParameters;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getSubtype;;;Argument[-1];ReturnValue;taint;manual",
-          "true;getType;;;Argument[-1];ReturnValue;taint;manual",
-          "false;valueOf;;;Argument[0];ReturnValue;taint;manual",
-          "true;withCharset;;;Argument[-1];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Model UriBuilder, which provides a fluent interface to build a URI from components.
- */
-private class UriBuilderModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax", "jakarta"] + ".ws.rs.core;UriBuilder;" +
-        [
-          "true;build;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-          "true;build;;;Argument[-1];ReturnValue;taint;manual",
-          "true;buildFromEncoded;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-          "true;buildFromEncoded;;;Argument[-1];ReturnValue;taint;manual",
-          "true;buildFromEncodedMap;;;Argument[0].MapKey;ReturnValue;taint;manual",
-          "true;buildFromEncodedMap;;;Argument[0].MapValue;ReturnValue;taint;manual",
-          "true;buildFromEncodedMap;;;Argument[-1];ReturnValue;taint;manual",
-          "true;buildFromMap;;;Argument[0].MapKey;ReturnValue;taint;manual",
-          "true;buildFromMap;;;Argument[0].MapValue;ReturnValue;taint;manual",
-          "true;buildFromMap;;;Argument[-1];ReturnValue;taint;manual",
-          "true;clone;;;Argument[-1];ReturnValue;taint;manual",
-          "true;fragment;;;Argument[0];ReturnValue;taint;manual",
-          "true;fragment;;;Argument[-1];ReturnValue;value;manual",
-          "false;fromLink;;;Argument[0];ReturnValue;taint;manual",
-          "false;fromPath;;;Argument[0];ReturnValue;taint;manual",
-          "false;fromUri;;;Argument[0];ReturnValue;taint;manual",
-          "true;host;;;Argument[0];ReturnValue;taint;manual",
-          "true;host;;;Argument[-1];ReturnValue;value;manual",
-          "true;matrixParam;;;Argument[0];ReturnValue;taint;manual",
-          "true;matrixParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual",
-          "true;matrixParam;;;Argument[-1];ReturnValue;value;manual",
-          "true;path;;;Argument[0..1];ReturnValue;taint;manual",
-          "true;path;;;Argument[-1];ReturnValue;value;manual",
-          "true;queryParam;;;Argument[0];ReturnValue;taint;manual",
-          "true;queryParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual",
-          "true;queryParam;;;Argument[-1];ReturnValue;value;manual",
-          "true;replaceMatrix;;;Argument[0];ReturnValue;taint;manual",
-          "true;replaceMatrix;;;Argument[-1];ReturnValue;value;manual",
-          "true;replaceMatrixParam;;;Argument[0];ReturnValue;taint;manual",
-          "true;replaceMatrixParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual",
-          "true;replaceMatrixParam;;;Argument[-1];ReturnValue;value;manual",
-          "true;replacePath;;;Argument[0];ReturnValue;taint;manual",
-          "true;replacePath;;;Argument[-1];ReturnValue;value;manual",
-          "true;replaceQuery;;;Argument[0];ReturnValue;taint;manual",
-          "true;replaceQuery;;;Argument[-1];ReturnValue;value;manual",
-          "true;replaceQueryParam;;;Argument[0];ReturnValue;taint;manual",
-          "true;replaceQueryParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual",
-          "true;replaceQueryParam;;;Argument[-1];ReturnValue;value;manual",
-          "true;resolveTemplate;;;Argument[0..2];ReturnValue;taint;manual",
-          "true;resolveTemplate;;;Argument[-1];ReturnValue;value;manual",
-          "true;resolveTemplateFromEncoded;;;Argument[0..1];ReturnValue;taint;manual",
-          "true;resolveTemplateFromEncoded;;;Argument[-1];ReturnValue;value;manual",
-          "true;resolveTemplates;;;Argument[0].MapKey;ReturnValue;taint;manual",
-          "true;resolveTemplates;;;Argument[0].MapValue;ReturnValue;taint;manual",
-          "true;resolveTemplates;;;Argument[-1];ReturnValue;value;manual",
-          "true;resolveTemplatesFromEncoded;;;Argument[0].MapKey;ReturnValue;taint;manual",
-          "true;resolveTemplatesFromEncoded;;;Argument[0].MapValue;ReturnValue;taint;manual",
-          "true;resolveTemplatesFromEncoded;;;Argument[-1];ReturnValue;value;manual",
-          "true;scheme;;;Argument[0];ReturnValue;taint;manual",
-          "true;scheme;;;Argument[-1];ReturnValue;value;manual",
-          "true;schemeSpecificPart;;;Argument[0];ReturnValue;taint;manual",
-          "true;schemeSpecificPart;;;Argument[-1];ReturnValue;value;manual",
-          "true;segment;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-          "true;segment;;;Argument[-1];ReturnValue;value;manual",
-          "true;toTemplate;;;Argument[-1];ReturnValue;taint;manual",
-          "true;uri;;;Argument[0];ReturnValue;taint;manual",
-          "true;uri;;;Argument[-1];ReturnValue;value;manual",
-          "true;userInfo;;;Argument[0];ReturnValue;taint;manual",
-          "true;userInfo;;;Argument[-1];ReturnValue;value;manual"
-        ]
-  }
-}
-
-private class JaxRsUrlOpenSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row = ["javax", "jakarta"] + ".ws.rs.client;Client;true;target;;;Argument[0];open-url;manual"
-  }
-}
-
 private predicate isXssVulnerableContentTypeExpr(Expr e) {
   isXssVulnerableContentType(getContentTypeString(e))
 }
@@ -784,17 +466,3 @@ private class VulnerableEntity extends XssSinkBarrier {
       ).getArgument(0)
   }
 }
-
-/**
- * Model sources stemming from `ContainerRequestContext`.
- */
-private class ContainerRequestContextModel extends SourceModelCsv {
-  override predicate row(string s) {
-    s =
-      ["javax", "jakarta"] + ".ws.rs.container;ContainerRequestContext;true;" +
-        [
-          "getAcceptableLanguages", "getAcceptableMediaTypes", "getCookies", "getEntityStream",
-          "getHeaders", "getHeaderString", "getLanguage", "getMediaType", "getUriInfo"
-        ] + ";;;ReturnValue;remote;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll b/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll
index ba9dd8d445c..6807a976e77 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll
@@ -2,7 +2,7 @@
  * Provides classes and predicates for working with the Java JDBC API.
  */
 
-private import semmle.code.java.dataflow.ExternalFlow
+import java
 
 /*--- Types ---*/
 /** The interface `java.sql.Connection`. */
@@ -34,33 +34,3 @@ class ResultSetGetStringMethod extends Method {
     getReturnType() instanceof TypeString
   }
 }
-
-/*--- Other definitions ---*/
-private class SqlSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "java.sql;Connection;true;prepareStatement;;;Argument[0];sql;manual",
-        "java.sql;Connection;true;prepareCall;;;Argument[0];sql;manual",
-        "java.sql;Statement;true;execute;;;Argument[0];sql;manual",
-        "java.sql;Statement;true;executeQuery;;;Argument[0];sql;manual",
-        "java.sql;Statement;true;executeUpdate;;;Argument[0];sql;manual",
-        "java.sql;Statement;true;executeLargeUpdate;;;Argument[0];sql;manual",
-        "java.sql;Statement;true;addBatch;;;Argument[0];sql;manual"
-      ]
-  }
-}
-
-private class SsrfSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "java.sql;DriverManager;false;getConnection;(String);;Argument[0];jdbc-url;manual",
-        "java.sql;DriverManager;false;getConnection;(String,Properties);;Argument[0];jdbc-url;manual",
-        "java.sql;DriverManager;false;getConnection;(String,String,String);;Argument[0];jdbc-url;manual",
-        "java.sql;Driver;false;connect;(String,Properties);;Argument[0];jdbc-url;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll b/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll
deleted file mode 100644
index 698d27d07ed..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * Definitions of sinks in the JDBI library.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class SsrfSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.jdbi.v3.core;Jdbi;false;create;(String);;Argument[0];jdbc-url;manual",
-        "org.jdbi.v3.core;Jdbi;false;create;(String,Properties);;Argument[0];jdbc-url;manual",
-        "org.jdbi.v3.core;Jdbi;false;create;(String,String,String);;Argument[0];jdbc-url;manual",
-        "org.jdbi.v3.core;Jdbi;false;open;(String);;Argument[0];jdbc-url;manual",
-        "org.jdbi.v3.core;Jdbi;false;open;(String,Properties);;Argument[0];jdbc-url;manual",
-        "org.jdbi.v3.core;Jdbi;false;open;(String,String,String);;Argument[0];jdbc-url;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll b/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll
index 9ed563091d7..d92b80ca32b 100644
--- a/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `jodd.json.Parser`. */
 class JoddJsonParser extends RefType {
@@ -41,28 +40,3 @@ class AllowClassMethod extends Method {
     this.hasName("allowClass")
   }
 }
-
-/**
- * A partial model of jodd.json.JsonParser noting fluent methods.
- *
- * This means that DataFlow::localFlow and similar methods are aware
- * that the result of (e.g.) JsonParser.allowClass is an alias of the
- * qualifier.
- */
-private class JsonParserFluentMethods extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        "jodd.json;JsonParser;false;allowAllClasses;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;allowClass;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;lazy;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;looseMode;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;map;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;setClassMetadataName;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;strictTypes;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;useAltPaths;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;withClassMetadata;;;Argument[-1];ReturnValue;value;manual",
-        "jodd.json;JsonParser;false;withValueConverter;;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll b/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll
deleted file mode 100644
index b8c79a010c0..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll
+++ /dev/null
@@ -1,252 +0,0 @@
-/**
- * Provides models for working with the JSON-java library (package `org.json`).
- */
-
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.json;JSONString;true;toJSONString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;XMLXsiTypeConverter;true;convert;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;CDL;false;rowToJSONObject;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.json;CDL;false;toString;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.json;Cookie;false;escape;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;Cookie;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;Cookie;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;Cookie;false;unescape;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;CookieList;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;CookieList;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;HTTP;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;HTTP;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;HTTPTokener;false;HTTPTokener;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;HTTPTokener;false;nextToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;JSONArray;(Collection);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;JSONArray;(Iterable);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;JSONArray;(JSONArray);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;JSONArray;(JSONTokener);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;JSONArray;(Object);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;JSONArray;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;get;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getBigInteger;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getDouble;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getEnum;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getFloat;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getInt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getJSONArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getJSONObject;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getLong;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getNumber;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;getString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;iterator;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.json;JSONArray;false;join;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;join;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;opt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optBigInteger;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optBoolean;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optDouble;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optEnum;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optFloat;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optInt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optJSONArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optJSONObject;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optLong;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optNumber;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optQuery;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;optString;;;Argument[-1];ReturnValue;taint;manual",
-        // Default values that may be returned by the `opt*` methods above:
-        "org.json;JSONArray;false;optBigDecimal;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optBigInteger;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optBoolean;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optDouble;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optEnum;;;Argument[2];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optFloat;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optInt;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optLong;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optNumber;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;optString;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;put;(boolean);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(Collection);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(double);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(float);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(long);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(Map);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(Map);;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,boolean);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,Collection);;Argument[1].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,double);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,float);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,int);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,long);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,Map);;Argument[1].MapKey;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,Map);;Argument[1].MapValue;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;put;(int,Object);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONArray;false;putAll;(Collection);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;putAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONArray;false;putAll;(JSONArray);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;putAll;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;toList;;;Argument[0];ReturnValue.Element;taint;manual",
-        "org.json;JSONArray;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONArray;false;write;;;Argument[-1];Argument[0];taint;manual",
-        "org.json;JSONArray;false;write;;;Argument[0];ReturnValue;value;manual",
-        "org.json;JSONML;false;toJSONArray;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONML;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONML;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;JSONObject;(JSONObject,String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(JSONObject,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(JSONTokener);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(Map);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(Map);;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(Object,String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(Object,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;JSONObject;(String,Locale);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;doubleToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;true;entrySet;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.json;JSONObject;false;get;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getBigInteger;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getDouble;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getEnum;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getFloat;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getInt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getJSONArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getJSONObject;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getLong;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getNames;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.json;JSONObject;false;getNumber;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;getString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;keys;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.json;JSONObject;false;keySet;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.json;JSONObject;false;names;;;Argument[-1];ReturnValue;taint;manual", // Returns a JSONArray, hence this has no Element qualifier or similar
-        "org.json;JSONObject;false;numberToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;opt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optBigInteger;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optBoolean;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optDouble;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optEnum;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optFloat;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optInt;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optJSONArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optJSONObject;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optLong;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optNumber;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optQuery;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;optString;;;Argument[-1];ReturnValue;taint;manual",
-        // Default values that may be returned by the `opt*` methods above:
-        "org.json;JSONObject;false;optBigDecimal;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optBigInteger;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optBoolean;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optDouble;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optEnum;;;Argument[2];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optFloat;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optInt;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optLong;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optNumber;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;optString;;;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;put;(String,boolean);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Collection);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,double);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,float);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,int);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,long);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Map);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Object);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,boolean);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,double);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,float);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,int);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,long);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Map);;Argument[1].MapKey;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Map);;Argument[1].MapValue;Argument[-1];taint;manual",
-        "org.json;JSONObject;false;put;(String,Object);;Argument[1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.json;JSONObject;false;query;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;quote;(String);;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;quote;(String,Writer);;Argument[0];Argument[1];taint;manual",
-        "org.json;JSONObject;false;quote;(String,Writer);;Argument[1];ReturnValue;value;manual",
-        "org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;toJSONArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;toMap;;;Argument[-1];ReturnValue.MapKey;taint;manual",
-        "org.json;JSONObject;false;toMap;;;Argument[-1];ReturnValue.MapValue;taint;manual",
-        "org.json;JSONObject;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;valueToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;wrap;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONObject;false;write;;;Argument[-1];Argument[0];taint;manual",
-        "org.json;JSONObject;false;write;;;Argument[0];ReturnValue;value;manual",
-        "org.json;JSONPointer;false;JSONPointer;(List);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.json;JSONPointer;false;JSONPointer;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONPointer;false;queryFrom;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONPointer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONPointer;false;toURIFragment;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONPointer$Builder;false;append;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONPointer$Builder;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONPointer$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONStringer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        // The following model doesn't work yet due to lack of support for reverse taint flow:
-        "org.json;JSONWriter;true;JSONWriter;;;Argument[-1];Argument[0];taint;manual",
-        "org.json;JSONWriter;true;key;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONWriter;true;value;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;JSONWriter;true;valueToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;JSONWriter;true;array;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONWriter;true;endArray;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONWriter;true;endObject;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONWriter;true;key;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONWriter;true;object;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;JSONWriter;true;value;;;Argument[-1];ReturnValue;value;manual",
-        "org.json;Property;false;toJSONObject;;;Argument[0].MapKey;ReturnValue;taint;manual",
-        "org.json;Property;false;toJSONObject;;;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.json;Property;false;toProperties;;;Argument[0];ReturnValue.MapKey;taint;manual",
-        "org.json;Property;false;toProperties;;;Argument[0];ReturnValue.MapValue;taint;manual",
-        "org.json;XML;false;escape;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;XML;false;stringToValue;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;XML;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.json;XML;false;unescape;;;Argument[0];ReturnValue;taint;manual",
-        "org.json;XMLTokener;false;XMLTokener;;;Argument[0];Argument[-1];taint;manual",
-        "org.json;XMLTokener;false;nextCDATA;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;XMLTokener;false;nextContent;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;XMLTokener;false;nextEntity;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;XMLTokener;false;nextMeta;;;Argument[-1];ReturnValue;taint;manual",
-        "org.json;XMLTokener;false;nextToken;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Logging.qll b/java/ql/lib/semmle/code/java/frameworks/Logging.qll
deleted file mode 100644
index 4c00873781c..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Logging.qll
+++ /dev/null
@@ -1,340 +0,0 @@
-/** Provides classes and predicates to reason about logging. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class LoggingSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.logging.log4j;Logger;true;traceEntry;(Message);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(String,Object[]);;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(String,Supplier[]);;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(Supplier[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage,Object);;Argument[1];ReturnValue;value;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(Message,Object);;Argument[1];ReturnValue;value;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(Object);;Argument[0];ReturnValue;value;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(String,Object);;Argument[1];ReturnValue;value;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;addArgument;;;Argument[1];Argument[-1];taint;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;addArgument;;;Argument[-1];ReturnValue;value;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;addKeyValue;;;Argument[1];Argument[-1];taint;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;addKeyValue;;;Argument[-1];ReturnValue;value;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;addMarker;;;Argument[-1];ReturnValue;value;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;setCause;;;Argument[-1];ReturnValue;value;manual",
-        "java.util.logging;LogRecord;false;LogRecord;;;Argument[1];Argument[-1];taint;manual"
-      ]
-  }
-}
-
-private string jBossLogger() { result = "org.jboss.logging;" + ["BasicLogger", "Logger"] }
-
-private class LoggingSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // org.apache.log4j.Category
-        "org.apache.log4j;Category;true;assertLog;;;Argument[1];logging;manual",
-        "org.apache.log4j;Category;true;debug;;;Argument[0];logging;manual",
-        "org.apache.log4j;Category;true;error;;;Argument[0];logging;manual",
-        "org.apache.log4j;Category;true;fatal;;;Argument[0];logging;manual",
-        "org.apache.log4j;Category;true;forcedLog;;;Argument[2];logging;manual",
-        "org.apache.log4j;Category;true;info;;;Argument[0];logging;manual",
-        "org.apache.log4j;Category;true;l7dlog;(Priority,String,Object[],Throwable);;Argument[2];logging;manual",
-        "org.apache.log4j;Category;true;log;(Priority,Object);;Argument[1];logging;manual",
-        "org.apache.log4j;Category;true;log;(Priority,Object,Throwable);;Argument[1];logging;manual",
-        "org.apache.log4j;Category;true;log;(String,Priority,Object,Throwable);;Argument[2];logging;manual",
-        "org.apache.log4j;Category;true;warn;;;Argument[0];logging;manual",
-        // org.apache.logging.log4j.Logger
-        "org.apache.logging.log4j;Logger;true;" +
-          ["debug", "error", "fatal", "info", "trace", "warn"] +
-          [
-            ";(CharSequence);;Argument[0];logging;manual",
-            ";(CharSequence,Throwable);;Argument[0];logging;manual",
-            ";(Marker,CharSequence);;Argument[1];logging;manual",
-            ";(Marker,CharSequence,Throwable);;Argument[1];logging;manual",
-            ";(Marker,Message);;Argument[1];logging;manual",
-            ";(Marker,MessageSupplier);;Argument[1];logging;manual",
-            ";(Marker,MessageSupplier);;Argument[1];logging;manual",
-            ";(Marker,MessageSupplier,Throwable);;Argument[1];logging;manual",
-            ";(Marker,Object);;Argument[1];logging;manual",
-            ";(Marker,Object,Throwable);;Argument[1];logging;manual",
-            ";(Marker,String);;Argument[1];logging;manual",
-            ";(Marker,String,Object[]);;Argument[1..2];logging;manual",
-            ";(Marker,String,Object);;Argument[1..2];logging;manual",
-            ";(Marker,String,Object,Object);;Argument[1..3];logging;manual",
-            ";(Marker,String,Object,Object,Object);;Argument[1..4];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object);;Argument[1..5];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];logging;manual",
-            ";(Marker,String,Supplier);;Argument[1..2];logging;manual",
-            ";(Marker,String,Throwable);;Argument[1];logging;manual",
-            ";(Marker,Supplier);;Argument[1];logging;manual",
-            ";(Marker,Supplier,Throwable);;Argument[1];logging;manual",
-            ";(MessageSupplier);;Argument[0];logging;manual",
-            ";(MessageSupplier,Throwable);;Argument[0];logging;manual",
-            ";(Message);;Argument[0];logging;manual",
-            ";(Message,Throwable);;Argument[0];logging;manual",
-            ";(Object);;Argument[0];logging;manual",
-            ";(Object,Throwable);;Argument[0];logging;manual",
-            ";(String);;Argument[0];logging;manual",
-            ";(String,Object[]);;Argument[0..1];logging;manual",
-            ";(String,Object);;Argument[0..1];logging;manual",
-            ";(String,Object,Object);;Argument[0..2];logging;manual",
-            ";(String,Object,Object,Object);;Argument[0..3];logging;manual",
-            ";(String,Object,Object,Object,Object);;Argument[0..4];logging;manual",
-            ";(String,Object,Object,Object,Object,Object);;Argument[0..5];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];logging;manual",
-            ";(String,Supplier);;Argument[0..1];logging;manual",
-            ";(String,Throwable);;Argument[0];logging;manual",
-            ";(Supplier);;Argument[0];logging;manual",
-            ";(Supplier,Throwable);;Argument[0];logging;manual"
-          ],
-        "org.apache.logging.log4j;Logger;true;log" +
-          [
-            ";(Level,CharSequence);;Argument[1];logging;manual",
-            ";(Level,CharSequence,Throwable);;Argument[1];logging;manual",
-            ";(Level,Marker,CharSequence);;Argument[2];logging;manual",
-            ";(Level,Marker,CharSequence,Throwable);;Argument[2];logging;manual",
-            ";(Level,Marker,Message);;Argument[2];logging;manual",
-            ";(Level,Marker,MessageSupplier);;Argument[2];logging;manual",
-            ";(Level,Marker,MessageSupplier);;Argument[2];logging;manual",
-            ";(Level,Marker,MessageSupplier,Throwable);;Argument[2];logging;manual",
-            ";(Level,Marker,Object);;Argument[2];logging;manual",
-            ";(Level,Marker,Object,Throwable);;Argument[2];logging;manual",
-            ";(Level,Marker,String);;Argument[2];logging;manual",
-            ";(Level,Marker,String,Object[]);;Argument[2..3];logging;manual",
-            ";(Level,Marker,String,Object);;Argument[2..3];logging;manual",
-            ";(Level,Marker,String,Object,Object);;Argument[2..4];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object);;Argument[2..5];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object);;Argument[2..6];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object);;Argument[2..7];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object);;Argument[2..8];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[2..9];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..10];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..11];logging;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..12];logging;manual",
-            ";(Level,Marker,String,Supplier);;Argument[2..3];logging;manual",
-            ";(Level,Marker,String,Throwable);;Argument[2];logging;manual",
-            ";(Level,Marker,Supplier);;Argument[2];logging;manual",
-            ";(Level,Marker,Supplier,Throwable);;Argument[2];logging;manual",
-            ";(Level,Message);;Argument[1];logging;manual",
-            ";(Level,MessageSupplier);;Argument[1];logging;manual",
-            ";(Level,MessageSupplier,Throwable);;Argument[1];logging;manual",
-            ";(Level,Message);;Argument[1];logging;manual",
-            ";(Level,Message,Throwable);;Argument[1];logging;manual",
-            ";(Level,Object);;Argument[1];logging;manual",
-            ";(Level,Object);;Argument[1];logging;manual",
-            ";(Level,String);;Argument[1];logging;manual",
-            ";(Level,Object,Throwable);;Argument[1];logging;manual",
-            ";(Level,String);;Argument[1];logging;manual",
-            ";(Level,String,Object[]);;Argument[1..2];logging;manual",
-            ";(Level,String,Object);;Argument[1..2];logging;manual",
-            ";(Level,String,Object,Object);;Argument[1..3];logging;manual",
-            ";(Level,String,Object,Object,Object);;Argument[1..4];logging;manual",
-            ";(Level,String,Object,Object,Object,Object);;Argument[1..5];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];logging;manual",
-            ";(Level,String,Supplier);;Argument[1..2];logging;manual",
-            ";(Level,String,Throwable);;Argument[1];logging;manual",
-            ";(Level,Supplier);;Argument[1];logging;manual",
-            ";(Level,Supplier,Throwable);;Argument[1];logging;manual"
-          ], "org.apache.logging.log4j;Logger;true;entry;(Object[]);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;Logger;true;logMessage;(Level,Marker,String,StackTraceElement,Message,Throwable);;Argument[4];logging;manual",
-        "org.apache.logging.log4j;Logger;true;printf;(Level,Marker,String,Object[]);;Argument[2..3];logging;manual",
-        "org.apache.logging.log4j;Logger;true;printf;(Level,String,Object[]);;Argument[1..2];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(Message);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(String,Object[]);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(String,Supplier[]);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceEntry;(Supplier[]);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage,Object);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(Message,Object);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(Object);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;Logger;true;traceExit;(String,Object);;Argument[0..1];logging;manual",
-        // org.apache.logging.log4j.LogBuilder
-        "org.apache.logging.log4j;LogBuilder;true;log;(CharSequence);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Message);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Object);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String);;Argument[0];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object[]);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object);;Argument[0..2];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object);;Argument[0..3];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object);;Argument[0..4];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object);;Argument[0..5];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Supplier);;Argument[0..1];logging;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Supplier);;Argument[0];logging;manual",
-        // org.apache.commons.logging.Log
-        "org.apache.commons.logging;Log;true;" +
-          ["debug", "error", "fatal", "info", "trace", "warn"] + ";;;Argument[0];logging;manual",
-        // org.jboss.logging.BasicLogger and org.jboss.logging.Logger
-        // (org.jboss.logging.Logger does not implement BasicLogger in some implementations like JBoss Application Server 4.0.4)
-        jBossLogger() + ";true;" + ["debug", "error", "fatal", "info", "trace", "warn"] +
-          [
-            ";(Object);;Argument[0];logging;manual",
-            ";(Object,Throwable);;Argument[0];logging;manual",
-            ";(Object,Object[]);;Argument[0..1];logging;manual",
-            ";(Object,Object[],Throwable);;Argument[0..1];logging;manual",
-            ";(String,Object,Object[],Throwable);;Argument[1..2];logging;manual",
-            ";(String,Object,Throwable);;Argument[1];logging;manual"
-          ],
-        jBossLogger() + ";true;log" +
-          [
-            ";(Level,Object);;Argument[1];logging;manual",
-            ";(Level,Object,Object[]);;Argument[1..2];logging;manual",
-            ";(Level,Object,Object[],Throwable);;Argument[1..2];logging;manual",
-            ";(Level,Object,Throwable);;Argument[1];logging;manual",
-            ";(Level,String,Object,Throwable);;Argument[2];logging;manual",
-            ";(String,Level,Object,Object[],Throwable);;Argument[2..3];logging;manual"
-          ],
-        jBossLogger() + ";true;" + ["debug", "error", "fatal", "info", "trace", "warn"] + ["f", "v"]
-          +
-          [
-            ";(String,Object[]);;Argument[0..1];logging;manual",
-            ";(String,Object);;Argument[0..1];logging;manual",
-            ";(String,Object,Object);;Argument[0..2];logging;manual",
-            ";(String,Object,Object,Object);;Argument[0..3];logging;manual",
-            ";(String,Object,Object,Object,Object);;Argument[0..4];logging;manual",
-            ";(Throwable,String,Object);;Argument[1..2];logging;manual",
-            ";(Throwable,String,Object,Object);;Argument[1..3];logging;manual",
-            ";(Throwable,String,Object,Object,Object);;Argument[0..4];logging;manual"
-          ],
-        jBossLogger() + ";true;log" + ["f", "v"] +
-          [
-            ";(Level,String,Object[]);;Argument[1..2];logging;manual",
-            ";(Level,String,Object);;Argument[1..2];logging;manual",
-            ";(Level,String,Object,Object);;Argument[1..3];logging;manual",
-            ";(Level,String,Object,Object,Object);;Argument[1..4];logging;manual",
-            ";(Level,String,Object,Object,Object,Object);;Argument[1..5];logging;manual",
-            ";(Level,Throwable,String,Object);;Argument[2..3];logging;manual",
-            ";(Level,Throwable,String,Object,Object);;Argument[2..4];logging;manual",
-            ";(Level,Throwable,String,Object,Object,Object);;Argument[1..5];logging;manual",
-            ";(String,Level,Throwable,String,Object[]);;Argument[3..4];logging;manual",
-            ";(String,Level,Throwable,String,Object);;Argument[3..4];logging;manual",
-            ";(String,Level,Throwable,String,Object,Object);;Argument[3..5];logging;manual",
-            ";(String,Level,Throwable,String,Object,Object,Object);;Argument[3..6];logging;manual"
-          ],
-        // org.slf4j.spi.LoggingEventBuilder
-        "org.slf4j.spi;LoggingEventBuilder;true;log;;;Argument[0];logging;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object);;Argument[0..1];logging;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object[]);;Argument[0..1];logging;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object,Object);;Argument[0..2];logging;manual",
-        "org.slf4j.spi;LoggingEventBuilder;true;log;(Supplier);;Argument[0];logging;manual",
-        // org.slf4j.Logger
-        "org.slf4j;Logger;true;" + ["debug", "error", "info", "trace", "warn"] +
-          [
-            ";(String);;Argument[0];logging;manual",
-            ";(String,Object);;Argument[0..1];logging;manual",
-            ";(String,Object[]);;Argument[0..1];logging;manual",
-            ";(String,Object,Object);;Argument[0..2];logging;manual",
-            ";(String,Throwable);;Argument[0];logging;manual",
-            ";(Marker,String);;Argument[1];logging;manual",
-            ";(Marker,String,Object);;Argument[1..2];logging;manual",
-            ";(Marker,String,Object[]);;Argument[1..2];logging;manual",
-            ";(Marker,String,Object,Object);;Argument[1..3];logging;manual",
-            ";(Marker,String,Object,Object,Object);;Argument[1..4];logging;manual"
-          ],
-        // org.scijava.Logger
-        "org.scijava.log;Logger;true;alwaysLog;(int,Object,Throwable);;Argument[1];logging;manual",
-        "org.scijava.log;Logger;true;" + ["debug", "error", "info", "trace", "warn"] +
-          [
-            ";(Object);;Argument[0];logging;manual",
-            ";(Object,Throwable);;Argument[0];logging;manual"
-          ], "org.scijava.log;Logger;true;log;(int,Object);;Argument[1];logging;manual",
-        "org.scijava.log;Logger;true;log;(int,Object,Throwable);;Argument[1];logging;manual",
-        // com.google.common.flogger.LoggingApi
-        "com.google.common.flogger;LoggingApi;true;logVarargs;;;Argument[0..1];logging;manual",
-        "com.google.common.flogger;LoggingApi;true;log" +
-          [
-            ";;;Argument[0];logging;manual", ";(String,Object);;Argument[1];logging;manual",
-            ";(String,Object,Object);;Argument[1..2];logging;manual",
-            ";(String,Object,Object,Object);;Argument[1..3];logging;manual",
-            ";(String,Object,Object,Object,Object);;Argument[1..4];logging;manual",
-            ";(String,Object,Object,Object,Object,Object);;Argument[1..5];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object[]);;Argument[1..11];logging;manual",
-            ";(String,Object,boolean);;Argument[1];logging;manual",
-            ";(String,Object,char);;Argument[1];logging;manual",
-            ";(String,Object,byte);;Argument[1];logging;manual",
-            ";(String,Object,short);;Argument[1];logging;manual",
-            ";(String,Object,int);;Argument[1];logging;manual",
-            ";(String,Object,long);;Argument[1];logging;manual",
-            ";(String,Object,float);;Argument[1];logging;manual",
-            ";(String,Object,double);;Argument[1];logging;manual",
-            ";(String,boolean,Object);;Argument[2];logging;manual",
-            ";(String,char,Object);;Argument[2];logging;manual",
-            ";(String,byte,Object);;Argument[2];logging;manual",
-            ";(String,short,Object);;Argument[2];logging;manual",
-            ";(String,int,Object);;Argument[2];logging;manual",
-            ";(String,long,Object);;Argument[2];logging;manual",
-            ";(String,float,Object);;Argument[2];logging;manual",
-            ";(String,double,Object);;Argument[2];logging;manual"
-          ],
-        // java.lang.System$Logger
-        "java.lang;System$Logger;true;log;" +
-          [
-            "(Level,Object);;Argument[1]", "(Level,String);;Argument[1]",
-            "(Level,String,Object[]);;Argument[1..2]", "(Level,String,Throwable);;Argument[1]",
-            "(Level,String,Supplier);;Argument[1..2]",
-            "(Level,String,Supplier,Throwable);;Argument[1..2]",
-            "(Level,ResourceBundle,String,Object[]);;Argument[2..3]",
-            "(Level,ResourceBundle,String,Throwable);;Argument[2]"
-          ] + ";logging;manual",
-        // java.util.logging.Logger
-        "java.util.logging;Logger;true;" +
-          ["config", "fine", "finer", "finest", "info", "severe", "warning"] +
-          ";;;Argument[0];logging;manual",
-        "java.util.logging;Logger;true;entering;(String,String);;Argument[0..1];logging;manual",
-        "java.util.logging;Logger;true;entering;(String,String,Object);;Argument[0..2];logging;manual",
-        "java.util.logging;Logger;true;entering;(String,String,Object[]);;Argument[0..2];logging;manual",
-        "java.util.logging;Logger;true;exiting;(String,String);;Argument[0..1];logging;manual",
-        "java.util.logging;Logger;true;exiting;(String,String,Object);;Argument[0..2];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,String);;Argument[1];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,String,Object);;Argument[1..2];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,String,Object[]);;Argument[1..2];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,String,Throwable);;Argument[1];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,Supplier);;Argument[1];logging;manual",
-        "java.util.logging;Logger;true;log;(Level,Throwable,Supplier);;Argument[2];logging;manual",
-        "java.util.logging;Logger;true;log;(LogRecord);;Argument[0];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,String);;Argument[1..3];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,String,Object);;Argument[1..4];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,String,Object[]);;Argument[1..4];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,String,Throwable);;Argument[1..3];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,Supplier);;Argument[1..3];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,Throwable,Supplier);;Argument[1..2];logging;manual",
-        "java.util.logging;Logger;true;logp;(Level,String,String,Throwable,Supplier);;Argument[4];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Object[]);;Argument[1..2];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Object[]);;Argument[4..5];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Throwable);;Argument[1..2];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Throwable);;Argument[4];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,String,String);;Argument[1..4];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Object);;Argument[1..5];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Object[]);;Argument[1..5];logging;manual",
-        "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Throwable);;Argument[1..4];logging;manual",
-        // android.util.Log
-        "android.util;Log;true;" + ["d", "v", "i", "w", "e", "wtf"] +
-          ";;;Argument[1];logging;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll
index af161760063..9622d7e50ba 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll
@@ -53,9 +53,11 @@ class MockitoInitedTest extends Class {
   MockitoInitedTest() {
     // Tests run with the Mockito runner.
     exists(RunWithAnnotation a | a = this.getAnAncestor().getAnAnnotation() |
+      a.getRunner().(RefType).hasQualifiedName("org.mockito.junit", "MockitoJUnitRunner")
+      or
+      // Deprecated styles.
       a.getRunner().(RefType).hasQualifiedName("org.mockito.runners", "MockitoJUnitRunner")
       or
-      // Deprecated style.
       a.getRunner().(RefType).hasQualifiedName("org.mockito.runners", "MockitoJUnit44Runner")
     )
     or
diff --git a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
index 6c16bb168bb..4c1244ca1d5 100644
--- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
@@ -5,28 +5,12 @@
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.TaintTracking
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `org.apache.ibatis.jdbc.SqlRunner`. */
 class MyBatisSqlRunner extends RefType {
   MyBatisSqlRunner() { this.hasQualifiedName("org.apache.ibatis.jdbc", "SqlRunner") }
 }
 
-private class SqlSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.apache.ibatis.jdbc;SqlRunner;false;delete;(String,Object[]);;Argument[0];sql;manual",
-        "org.apache.ibatis.jdbc;SqlRunner;false;insert;(String,Object[]);;Argument[0];sql;manual",
-        "org.apache.ibatis.jdbc;SqlRunner;false;run;(String);;Argument[0];sql;manual",
-        "org.apache.ibatis.jdbc;SqlRunner;false;selectAll;(String,Object[]);;Argument[0];sql;manual",
-        "org.apache.ibatis.jdbc;SqlRunner;false;selectOne;(String,Object[]);;Argument[0];sql;manual",
-        "org.apache.ibatis.jdbc;SqlRunner;false;update;(String,Object[]);;Argument[0];sql;manual"
-      ]
-  }
-}
-
 /** The class `org.apache.ibatis.session.Configuration`. */
 class IbatisConfiguration extends RefType {
   IbatisConfiguration() { this.hasQualifiedName("org.apache.ibatis.session", "Configuration") }
@@ -144,74 +128,3 @@ private class MyBatisProviderStep extends TaintTracking::AdditionalValueStep {
     )
   }
 }
-
-private class MyBatisAbstractSqlToStringStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = "org.apache.ibatis.jdbc;AbstractSQL;true;toString;;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
-
-private class MyBatisAbstractSqlMethodsStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.ibatis.jdbc;AbstractSQL;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;VALUES;(String,String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;UPDATE;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OFFSET_ROWS;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;OFFSET;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;LIMIT;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INTO_VALUES;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INTO_COLUMNS;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INSERT_INTO;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;FETCH_FIRST_ROWS_ONLY;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.ibatis.jdbc;AbstractSQL;true;DELETE_FROM;(String);;Argument[0];Argument[-1];taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Objects.qll b/java/ql/lib/semmle/code/java/frameworks/Objects.qll
deleted file mode 100644
index 1a7bbe8ef17..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Objects.qll
+++ /dev/null
@@ -1,18 +0,0 @@
-/** Definitions of taint steps in Objects class of the JDK */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class ObjectsSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "java.util;Objects;false;requireNonNull;;;Argument[0];ReturnValue;value;manual",
-        "java.util;Objects;false;requireNonNullElse;;;Argument[0];ReturnValue;value;manual",
-        "java.util;Objects;false;requireNonNullElse;;;Argument[1];ReturnValue;value;manual",
-        "java.util;Objects;false;requireNonNullElseGet;;;Argument[0];ReturnValue;value;manual",
-        "java.util;Objects;false;toString;;;Argument[1];ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll b/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll
deleted file mode 100644
index f541eb983ee..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Provides classes and predicates for working with the OkHttp client.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class OkHttpOpenUrlSinks extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "okhttp3;Request;true;Request;;;Argument[0];open-url;manual",
-        "okhttp3;Request$Builder;true;url;;;Argument[0];open-url;manual"
-      ]
-  }
-}
-
-private class OKHttpSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "okhttp3;HttpUrl;false;parse;;;Argument[0];ReturnValue;taint;manual",
-        "okhttp3;HttpUrl;false;uri;;;Argument[-1];ReturnValue;taint;manual",
-        "okhttp3;HttpUrl;false;url;;;Argument[-1];ReturnValue;taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;port;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;removeAllQueryParameters;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;removePathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;scheme;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;scheme;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value;manual",
-        "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint;manual",
-        "okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Optional.qll b/java/ql/lib/semmle/code/java/frameworks/Optional.qll
deleted file mode 100644
index 7716154a883..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Optional.qll
+++ /dev/null
@@ -1,30 +0,0 @@
-/** Definitions related to `java.util.Optional`. */
-
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class OptionalModel extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        "java.util;Optional;false;filter;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Optional;false;filter;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Optional;false;flatMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Optional;false;flatMap;;;Argument[0].ReturnValue;ReturnValue;value;manual",
-        "java.util;Optional;false;get;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Optional;false;ifPresent;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Optional;false;ifPresentOrElse;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Optional;false;map;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util;Optional;false;map;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-        "java.util;Optional;false;of;;;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;Optional;false;ofNullable;;;Argument[0];ReturnValue.Element;value;manual",
-        "java.util;Optional;false;or;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util;Optional;false;or;;;Argument[0].ReturnValue;ReturnValue;value;manual",
-        "java.util;Optional;false;orElse;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Optional;false;orElse;;;Argument[0];ReturnValue;value;manual",
-        "java.util;Optional;false;orElseGet;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Optional;false;orElseGet;;;Argument[0].ReturnValue;ReturnValue;value;manual",
-        "java.util;Optional;false;orElseThrow;;;Argument[-1].Element;ReturnValue;value;manual",
-        "java.util;Optional;false;stream;;;Argument[-1].Element;ReturnValue.Element;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Properties.qll b/java/ql/lib/semmle/code/java/frameworks/Properties.qll
index 0c7b83b2e52..096e3bbb43c 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Properties.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Properties.qll
@@ -1,4 +1,5 @@
-/* Definitions related to `java.util.Properties`. */
+/** Definitions related to `java.util.Properties`. */
+
 import semmle.code.java.Type
 private import semmle.code.java.dataflow.FlowSteps
 
diff --git a/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll b/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll
deleted file mode 100644
index 4f94cd295a8..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Provides classes and predicates related to RabbitMQ.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-/**
- * Defines remote sources in RabbitMQ.
- */
-private class RabbitMQSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // soruces for RabbitMQ 4.x
-        "com.rabbitmq.client;Command;true;getContentHeader;();;ReturnValue;remote;manual",
-        "com.rabbitmq.client;Command;true;getContentBody;();;ReturnValue;remote;manual",
-        "com.rabbitmq.client;Consumer;true;handleDelivery;(String,Envelope,BasicProperties,byte[]);;Parameter[3];remote;manual",
-        "com.rabbitmq.client;QueueingConsumer;true;nextDelivery;;;ReturnValue;remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCall;(Delivery,BasicProperties);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCall;(BasicProperties,byte[],BasicProperties);;Parameter[1];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCall;(byte[],BasicProperties);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;preprocessReplyProperties;(Delivery,Builder);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;postprocessReplyProperties;(Delivery,Builder);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCast;(Delivery);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCast;(BasicProperties,byte[]);;Parameter[1];remote;manual",
-        "com.rabbitmq.client;RpcServer;true;handleCast;(byte[]);;Parameter[0];remote;manual",
-        "com.rabbitmq.client;StringRpcServer;true;handleStringCall;;;Parameter[0];remote;manual",
-        "com.rabbitmq.client;RpcClient;true;doCall;;;ReturnValue;remote;manual",
-        "com.rabbitmq.client;RpcClient;true;primitiveCall;;;ReturnValue;remote;manual",
-        "com.rabbitmq.client;RpcClient;true;responseCall;;;ReturnValue;remote;manual",
-        "com.rabbitmq.client;RpcClient;true;stringCall;(String);;ReturnValue;remote;manual",
-        "com.rabbitmq.client;RpcClient;true;mapCall;;;ReturnValue;remote;manual",
-        "com.rabbitmq.client.impl;Frame;true;getInputStream;();;ReturnValue;remote;manual",
-        "com.rabbitmq.client.impl;Frame;true;getPayload;();;ReturnValue;remote;manual",
-        "com.rabbitmq.client.impl;FrameHandler;true;readFrame;();;ReturnValue;remote;manual",
-      ]
-  }
-}
-
-/**
- * Defines flow steps in RabbitMQ.
- */
-private class RabbitMQSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // flow steps for RabbitMQ 4.x
-        "com.rabbitmq.client;GetResponse;true;GetResponse;;;Argument[2];Argument[-1];taint;manual",
-        "com.rabbitmq.client;GetResponse;true;getBody;();;Argument[-1];ReturnValue;taint;manual",
-        "com.rabbitmq.client;RpcClient$Response;true;getBody;();;Argument[-1];ReturnValue;taint;manual",
-        "com.rabbitmq.client;QueueingConsumer$Delivery;true;getBody;();;Argument[-1];ReturnValue;taint;manual",
-        "com.rabbitmq.client.impl;Frame;false;fromBodyFragment;(int,byte[],int,int);;Argument[1];ReturnValue;taint;manual",
-        "com.rabbitmq.client.impl;Frame;false;readFrom;(DataInputStream);;Argument[0];ReturnValue;taint;manual",
-        "com.rabbitmq.client.impl;Frame;true;writeTo;(DataOutputStream);;Argument[-1];Argument[0];taint;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Regex.qll b/java/ql/lib/semmle/code/java/frameworks/Regex.qll
index 4e83981d857..780dec48b92 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Regex.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Regex.qll
@@ -1,20 +1,24 @@
 /** Definitions related to `java.util.regex`. */
 
-private import semmle.code.java.dataflow.ExternalFlow
+import java
 
-private class RegexModel extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "java.util.regex;Matcher;false;group;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util.regex;Matcher;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util.regex;Matcher;false;replaceAll;;;Argument[0];ReturnValue;taint;manual",
-        "java.util.regex;Matcher;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual",
-        "java.util.regex;Matcher;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual",
-        "java.util.regex;Pattern;false;matcher;;;Argument[0];ReturnValue;taint;manual",
-        "java.util.regex;Pattern;false;quote;;;Argument[0];ReturnValue;taint;manual",
-        "java.util.regex;Pattern;false;split;;;Argument[0];ReturnValue;taint;manual",
-      ]
+/** The class `java.util.regex.Pattern`. */
+class TypeRegexPattern extends Class {
+  TypeRegexPattern() { this.hasQualifiedName("java.util.regex", "Pattern") }
+}
+
+/** The `quote` method of the `java.util.regex.Pattern` class. */
+class PatternQuoteMethod extends Method {
+  PatternQuoteMethod() {
+    this.getDeclaringType() instanceof TypeRegexPattern and
+    this.hasName("quote")
+  }
+}
+
+/** The `LITERAL` field of the `java.util.regex.Pattern` class. */
+class PatternLiteralField extends Field {
+  PatternLiteralField() {
+    this.getDeclaringType() instanceof TypeRegexPattern and
+    this.hasName("LITERAL")
   }
 }
diff --git a/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll b/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll
deleted file mode 100644
index db79cb84515..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll
+++ /dev/null
@@ -1,12 +0,0 @@
-/**
- * Provides classes and predicates for working with the Retrofit API client.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class RetrofitOpenUrlSinks extends SinkModelCsv {
-  override predicate row(string row) {
-    row = "retrofit2;Retrofit$Builder;true;baseUrl;;;Argument[0];open-url;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Rmi.qll b/java/ql/lib/semmle/code/java/frameworks/Rmi.qll
index 19428afae92..3b96ccd828d 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Rmi.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Rmi.qll
@@ -1,4 +1,5 @@
-/* Remote Method Invocation. */
+/** Remote Method Invocation. */
+
 import java
 
 /** The interface `java.rmi.Remote`. */
diff --git a/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll b/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll
index f0a75c8f3b9..82eedca44e8 100644
--- a/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll
@@ -3,51 +3,8 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `org.springframework.jdbc.core.JdbcTemplate`. */
 class JdbcTemplate extends RefType {
   JdbcTemplate() { this.hasQualifiedName("org.springframework.jdbc.core", "JdbcTemplate") }
 }
-
-private class SqlSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;(String[]);;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;execute;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;update;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;query;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;queryForList;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;queryForMap;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;queryForObject;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;queryForRowSet;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.core;JdbcTemplate;false;queryForStream;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.object;BatchSqlUpdate;false;BatchSqlUpdate;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;MappingSqlQuery;false;BatchSqlUpdate;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;MappingSqlQueryWithParameters;false;BatchSqlUpdate;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;RdbmsOperation;true;setSql;;;Argument[0];sql;manual",
-        "org.springframework.jdbc.object;SqlCall;false;SqlCall;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;SqlFunction;false;SqlFunction;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;SqlQuery;false;SqlQuery;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;SqlUpdate;false;SqlUpdate;;;Argument[1];sql;manual",
-        "org.springframework.jdbc.object;UpdatableSqlQuery;false;UpdatableSqlQuery;;;Argument[1];sql;manual"
-      ]
-  }
-}
-
-private class SsrfSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.springframework.boot.jdbc;DataSourceBuilder;false;url;(String);;Argument[0];jdbc-url;manual",
-        "org.springframework.jdbc.datasource;AbstractDriverBasedDataSource;false;setUrl;(String);;Argument[0];jdbc-url;manual",
-        "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String);;Argument[0];jdbc-url;manual",
-        "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String,String,String);;Argument[0];jdbc-url;manual",
-        "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String,Properties);;Argument[0];jdbc-url;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Stream.qll b/java/ql/lib/semmle/code/java/frameworks/Stream.qll
index 0c1347044c5..f68cd6c844e 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Stream.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Stream.qll
@@ -1,6 +1,5 @@
 /** Definitions related to `java.util.stream`. */
 
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSummary
 
 private class CollectCall extends MethodAccess {
@@ -96,95 +95,3 @@ private class RequiredComponentStackForCollect extends RequiredSummaryComponentS
     tail = SummaryComponentStack::return()
   }
 }
-
-private class StreamModel extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        "java.util.stream;BaseStream;true;iterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;BaseStream;true;onClose;(Runnable);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;BaseStream;true;parallel;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;BaseStream;true;sequential;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;BaseStream;true;spliterator;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;BaseStream;true;unordered;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;allMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;anyMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[0].ReturnValue;Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];ReturnValue;value;manual",
-        "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];Argument[2].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[2].Parameter[0..1];Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[-1].Element;Argument[1].Parameter[1];value;manual",
-        // collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD
-        "java.util.stream;Stream;true;concat;(Stream,Stream);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;distinct;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;filter;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;filter;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;findAny;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;findFirst;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;flatMap;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;flatMap;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;flatMapToDouble;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;flatMapToInt;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;flatMapToLong;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;forEach;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;forEachOrdered;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;generate;(Supplier);;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[0];Argument[1..2].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[2].ReturnValue;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[2].ReturnValue;Argument[1..2].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[1].ReturnValue;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[1].ReturnValue;Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;limit;(long);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;map;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;map;(Function);;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-        // Missing for mapMulti(BiConsumer) (not currently supported):
-        // Argument[0] of Parameter[1] of Argument[0] -> Element of Parameter[1] of Argument[0]
-        // Element of Parameter[1] of Argument[0] -> Element of ReturnValue
-        "java.util.stream;Stream;true;mapMulti;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapMultiToDouble;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapMultiToInt;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapMultiToLong;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapToDouble;(ToDoubleFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapToInt;(ToIntFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;mapToLong;(ToLongFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;max;(Comparator);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;max;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;min;(Comparator);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;min;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;noneMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;ofNullable;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;peek;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;peek;(Consumer);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[0].ReturnValue;Argument[0].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[-1].Element;Argument[1].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[0];Argument[1].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[0];ReturnValue;value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[1].ReturnValue;Argument[1].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[1].ReturnValue;ReturnValue;value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[-1].Element;Argument[1].Parameter[1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];Argument[2].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];ReturnValue;value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;Argument[1].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;Argument[2].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;ReturnValue;value;manual",
-        "java.util.stream;Stream;true;skip;(long);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;sorted;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;sorted;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual",
-        "java.util.stream;Stream;true;takeWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-        "java.util.stream;Stream;true;takeWhile;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "java.util.stream;Stream;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-        "java.util.stream;Stream;true;toList;();;Argument[-1].Element;ReturnValue.Element;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Strings.qll b/java/ql/lib/semmle/code/java/frameworks/Strings.qll
deleted file mode 100644
index c09b959254d..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Strings.qll
+++ /dev/null
@@ -1,70 +0,0 @@
-/** Definitions of taint steps in String and String-related classes of the JDK */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class StringSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "java.lang;String;false;concat;(String);;Argument[0];ReturnValue;taint;manual",
-        "java.lang;String;false;concat;(String);;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;copyValueOf;;;Argument[0];ReturnValue;taint;manual",
-        "java.lang;String;false;endsWith;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;format;(Locale,String,Object[]);;Argument[1];ReturnValue;taint;manual",
-        "java.lang;String;false;format;(Locale,String,Object[]);;Argument[2].ArrayElement;ReturnValue;taint;manual",
-        "java.lang;String;false;format;(String,Object[]);;Argument[0];ReturnValue;taint;manual",
-        "java.lang;String;false;format;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "java.lang;String;false;formatted;(Object[]);;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;formatted;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "java.lang;String;false;getChars;;;Argument[-1];Argument[2];taint;manual",
-        "java.lang;String;false;getBytes;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;getBytes;;;Argument[-1];Argument[2];taint;manual",
-        "java.lang;String;false;indent;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;intern;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;join;;;Argument[0..1];ReturnValue;taint;manual",
-        "java.lang;String;false;repeat;(int);;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;replace;;;Argument[1];ReturnValue;taint;manual",
-        "java.lang;String;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;replaceAll;;;Argument[1];ReturnValue;taint;manual",
-        "java.lang;String;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;replaceFirst;;;Argument[1];ReturnValue;taint;manual",
-        "java.lang;String;false;split;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;String;;;Argument[0];Argument[-1];taint;manual",
-        "java.lang;String;false;strip;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;stripIndent;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;stripLeading;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;stripTrailing;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;substring;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;toLowerCase;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;toString;;;Argument[-1];ReturnValue;value;manual",
-        "java.lang;String;false;toUpperCase;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;translateEscapes;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;trim;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint;manual",
-        "java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint;manual",
-        "java.lang;String;false;valueOf;(char[]);;Argument[0];ReturnValue;taint;manual",
-        "java.lang;AbstractStringBuilder;true;AbstractStringBuilder;(String);;Argument[0];Argument[-1];taint;manual",
-        "java.lang;AbstractStringBuilder;true;append;;;Argument[0];Argument[-1];taint;manual",
-        "java.lang;AbstractStringBuilder;true;append;;;Argument[-1];ReturnValue;value;manual",
-        "java.lang;AbstractStringBuilder;true;getChars;;;Argument[-1];Argument[2];taint;manual",
-        "java.lang;AbstractStringBuilder;true;insert;;;Argument[1];Argument[-1];taint;manual",
-        "java.lang;AbstractStringBuilder;true;insert;;;Argument[-1];ReturnValue;value;manual",
-        "java.lang;AbstractStringBuilder;true;replace;;;Argument[-1];ReturnValue;value;manual",
-        "java.lang;AbstractStringBuilder;true;replace;;;Argument[2];Argument[-1];taint;manual",
-        "java.lang;AbstractStringBuilder;true;reverse;;;Argument[-1];ReturnValue;value;manual",
-        "java.lang;AbstractStringBuilder;true;subSequence;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;AbstractStringBuilder;true;substring;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;AbstractStringBuilder;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;StringBuffer;true;StringBuffer;(CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "java.lang;StringBuffer;true;StringBuffer;(String);;Argument[0];Argument[-1];taint;manual",
-        "java.lang;StringBuilder;true;StringBuilder;;;Argument[0];Argument[-1];taint;manual",
-        "java.lang;CharSequence;true;charAt;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;CharSequence;true;subSequence;;;Argument[-1];ReturnValue;taint;manual",
-        "java.lang;CharSequence;true;toString;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll b/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll
deleted file mode 100644
index 3c550d5441c..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll
+++ /dev/null
@@ -1,16 +0,0 @@
-/**
- * Provides classes and predicates for working with the Thymeleaf template engine.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class ThymeleafSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.thymeleaf;TemplateSpec;false;TemplateSpec;;;Argument[0];Argument[-1];taint;manual",
-        "org.thymeleaf;TemplateSpec;false;getTemplate;;;Argument[-1];ReturnValue;taint;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
index 30f087408af..1a992eb5565 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.xml.AndroidManifest
 
 /**
@@ -27,7 +26,12 @@ class AndroidComponent extends Class {
 
   /** The XML element corresponding to this Android component. */
   AndroidComponentXmlElement getAndroidComponentXmlElement() {
-    result.getResolvedComponentName() = this.getQualifiedName()
+    // Find an element with an identifier matching the qualified name of the component.
+    // Aliases have two identifiers (name and target), so check both identifiers (if present).
+    exists(AndroidIdentifierXmlAttribute identifier |
+      identifier = result.getAnAttribute() and
+      result.getResolvedIdentifier(identifier) = this.getQualifiedName()
+    )
   }
 
   /** Holds if this Android component is configured as `exported` in an `AndroidManifest.xml` file. */
@@ -53,6 +57,12 @@ class ExportableAndroidComponent extends AndroidComponent {
     or
     this.hasIntentFilter() and
     not this.getAndroidComponentXmlElement().isNotExported()
+    or
+    exists(AndroidActivityAliasXmlElement e |
+      e = this.getAndroidComponentXmlElement() and
+      not e.isNotExported() and
+      e.hasAnIntentFilterElement()
+    )
   }
 }
 
@@ -103,74 +113,6 @@ class AndroidContentResolver extends AndroidComponent {
   }
 }
 
-private class UriModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.net;Uri;true;buildUpon;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;false;decode;;;Argument[0];ReturnValue;taint;manual",
-        "android.net;Uri;false;encode;;;Argument[0];ReturnValue;taint;manual",
-        "android.net;Uri;false;fromFile;;;Argument[0];ReturnValue;taint;manual",
-        "android.net;Uri;false;fromParts;;;Argument[0..2];ReturnValue;taint;manual",
-        "android.net;Uri;true;getAuthority;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedAuthority;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedFragment;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedPath;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedQuery;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getEncodedUserInfo;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getFragment;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getHost;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getLastPathSegment;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getPath;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getPathSegments;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getQuery;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getQueryParameter;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getQueryParameterNames;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getQueryParameters;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getScheme;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;getUserInfo;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;true;normalizeScheme;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;false;parse;;;Argument[0];ReturnValue;taint;manual",
-        "android.net;Uri;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri;false;withAppendedPath;;;Argument[0..1];ReturnValue;taint;manual",
-        "android.net;Uri;false;writeToParcel;;;Argument[1];Argument[0];taint;manual",
-        "android.net;Uri$Builder;false;appendEncodedPath;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;appendEncodedPath;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;appendPath;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;appendPath;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;appendQueryParameter;;;Argument[0..1];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;appendQueryParameter;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;authority;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;authority;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "android.net;Uri$Builder;false;clearQuery;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;encodedAuthority;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;encodedAuthority;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;encodedOpaquePart;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;encodedOpaquePart;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;fragment;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;fragment;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;opaquePart;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;opaquePart;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;path;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;path;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;query;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;query;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;scheme;;;Argument[0];Argument[-1];taint;manual",
-        "android.net;Uri$Builder;false;scheme;;;Argument[-1];ReturnValue;value;manual",
-        "android.net;Uri$Builder;false;toString;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
-
 /** Interface for classes whose instances can be written to and restored from a Parcel. */
 class TypeParcelable extends Interface {
   TypeParcelable() { this.hasQualifiedName("android.os", "Parcelable") }
@@ -185,29 +127,3 @@ class CreateFromParcelMethod extends Method {
     this.getEnclosingCallable().getDeclaringType().getAnAncestor() instanceof TypeParcelable
   }
 }
-
-private class ParcelPropagationModels extends SummaryModelCsv {
-  override predicate row(string s) {
-    // Parcel readers that return their value
-    s =
-      "android.os;Parcel;false;read" +
-        [
-          "Array", "ArrayList", "Boolean", "Bundle", "Byte", "Double", "FileDescriptor", "Float",
-          "HashMap", "Int", "Long", "Parcelable", "ParcelableArray", "PersistableBundle",
-          "Serializable", "Size", "SizeF", "SparseArray", "SparseBooleanArray", "String",
-          "StrongBinder", "TypedObject", "Value"
-        ] + ";;;Argument[-1];ReturnValue;taint;manual"
-    or
-    // Parcel readers that write to an existing object
-    s =
-      "android.os;Parcel;false;read" +
-        [
-          "BinderArray", "BinderList", "BooleanArray", "ByteArray", "CharArray", "DoubleArray",
-          "FloatArray", "IntArray", "List", "LongArray", "Map", "ParcelableList", "StringArray",
-          "StringList", "TypedArray", "TypedList"
-        ] + ";;;Argument[-1];Argument[0];taint;manual"
-    or
-    // One Parcel method that aliases an argument to a return value
-    s = "android.os;Parcel;false;readParcelableList;;;Argument[0];ReturnValue;value;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll b/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll
index 1e10a01d451..7bcd4baa3e5 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll
@@ -3,114 +3,8 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `android.content.ContentValues`. */
 class ContentValues extends Class {
   ContentValues() { this.hasQualifiedName("android.content", "ContentValues") }
 }
-
-private class ContentProviderSourceModels extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // ContentInterface models are here for backwards compatibility (it was removed in API 28)
-        "android.content;ContentInterface;true;call;(String,String,String,Bundle);;Parameter[0..3];contentprovider;manual",
-        "android.content;ContentProvider;true;call;(String,String,String,Bundle);;Parameter[0..3];contentprovider;manual",
-        "android.content;ContentProvider;true;call;(String,String,Bundle);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentInterface;true;delete;(Uri,Bundle);;Parameter[0..1];contentprovider;manual",
-        "android.content;ContentProvider;true;delete;(Uri,Bundle);;Parameter[0..1];contentprovider;manual",
-        "android.content;ContentInterface;true;getType;(Uri);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;getType;(Uri);;Parameter[0];contentprovider;manual",
-        "android.content;ContentInterface;true;insert;(Uri,ContentValues,Bundle);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;insert;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;insert;(Uri,ContentValues);;Parameter[0..1];contentprovider;manual",
-        "android.content;ContentInterface;true;openAssetFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;openAssetFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;openAssetFile;(Uri,String);;Parameter[0];contentprovider;manual",
-        "android.content;ContentInterface;true;openTypedAssetFile;(Uri,String,Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentInterface;true;openFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;openFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual",
-        "android.content;ContentProvider;true;openFile;(Uri,String);;Parameter[0];contentprovider;manual",
-        "android.content;ContentInterface;true;query;(Uri,String[],Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Parameter[0..4];contentprovider;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Parameter[0..4];contentprovider;manual",
-        "android.content;ContentInterface;true;update;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;update;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual",
-        "android.content;ContentProvider;true;update;(Uri,ContentValues,String,String[]);;Parameter[0..3];contentprovider;manual"
-      ]
-  }
-}
-
-private class SummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.content;ContentValues;false;put;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.content;ContentValues;false;put;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.content;ContentValues;false;putAll;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "android.content;ContentValues;false;putAll;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "android.content;ContentResolver;true;acquireContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;acquireUnstableContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;acquireUnstableContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;applyBatch;;;Argument[1];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;call;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;canonicalize;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;getStreamTypes;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;getType;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;insert;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;query;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;uncanonicalize;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;wrap;;;Argument[0];ReturnValue;taint;manual",
-        // ContentProviderClient is tainted at its creation, not by its arguments
-        "android.content;ContentProviderClient;true;applyBatch;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;call;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;canonicalize;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;getLocalContentProvider;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;getStreamTypes;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;insert;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;query;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderClient;true;uncanonicalize;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;apply;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;apply;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;getUri;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;newAssertQuery;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;newCall;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;newDelete;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;newInsert;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;newUpdate;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;resolveExtrasBackReferences;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;resolveSelectionArgsBackReferences;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation;false;resolveValueBackReferences;;;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ContentProviderOperation$Builder;false;withExceptionAllowed;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withExpectedCount;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withExtraBackReference;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withExtras;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withSelection;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withSelectionBackReference;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withValue;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withValueBackReference;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withValues;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderOperation$Builder;false;withYieldAllowed;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;ContentProviderResult;false;ContentProviderResult;(Uri);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.uri];value;manual",
-        "android.content;ContentProviderResult;false;ContentProviderResult;(Bundle);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.extras];value;manual",
-        "android.content;ContentProviderResult;false;ContentProviderResult;(Throwable);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.exception];value;manual",
-        "android.content;ContentProviderResult;false;ContentProviderResult;(Parcel);;Argument[0];Argument[-1];taint;manual",
-        "android.database;Cursor;true;copyStringToBuffer;;;Argument[-1];Argument[1];taint;manual",
-        "android.database;Cursor;true;getBlob;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getColumnName;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getColumnNames;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getExtras;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getNotificationUri;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getNotificationUris;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;getString;;;Argument[-1];ReturnValue;taint;manual",
-        "android.database;Cursor;true;respond;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll b/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll
index 1e6919c023b..7eb088a9514 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll
@@ -5,21 +5,6 @@ private import semmle.code.java.security.FileReadWrite
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 
-private class ExternalStorageDirSourceModel extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "android.content;Context;true;getExternalFilesDir;(String);;ReturnValue;android-external-storage-dir;manual",
-        "android.content;Context;true;getExternalFilesDirs;(String);;ReturnValue;android-external-storage-dir;manual",
-        "android.content;Context;true;getExternalCacheDir;();;ReturnValue;android-external-storage-dir;manual",
-        "android.content;Context;true;getExternalCacheDirs;();;ReturnValue;android-external-storage-dir;manual",
-        "android.os;Environment;false;getExternalStorageDirectory;();;ReturnValue;android-external-storage-dir;manual",
-        "android.os;Environment;false;getExternalStoragePublicDirectory;(String);;ReturnValue;android-external-storage-dir;manual",
-      ]
-  }
-}
-
 private predicate externalStorageFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
   DataFlow::localFlowStep(node1, node2)
   or
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
index e37e7f350b8..4f6e9e3f5e4 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
@@ -421,196 +421,3 @@ private class StartServiceIntentStep extends AdditionalValueStep {
     )
   }
 }
-
-private class IntentBundleFlowSteps extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"namespace;type;subtypes;name;signature;ext;input;output;kind"
-        "android.os;BaseBundle;true;get;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;BaseBundle;true;getString;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;BaseBundle;true;getString;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;BaseBundle;true;getString;(String,String);;Argument[1];ReturnValue;value;manual",
-        "android.os;BaseBundle;true;getStringArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;BaseBundle;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-        "android.os;BaseBundle;true;putAll;(PersistableBundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putAll;(PersistableBundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "android.os;BaseBundle;true;putBoolean;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putBooleanArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putDouble;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putDoubleArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putInt;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putIntArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putLong;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putLongArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putString;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putString;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;BaseBundle;true;putStringArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;BaseBundle;true;putStringArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;false;Bundle;(Bundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;false;Bundle;(Bundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;false;Bundle;(PersistableBundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;false;Bundle;(PersistableBundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;clone;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "android.os;Bundle;true;clone;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        // model for Bundle.deepCopy is not fully precise, as some map values aren't copied by value
-        "android.os;Bundle;true;deepCopy;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "android.os;Bundle;true;deepCopy;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "android.os;Bundle;true;getBinder;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getBundle;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getByteArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharSequence;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharSequence;(String,CharSequence);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharSequence;(String,CharSequence);;Argument[1];ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharSequenceArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getCharSequenceArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getParcelable;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getParcelableArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getParcelableArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getSerializable;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getSparseParcelableArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;getStringArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "android.os;Bundle;true;putAll;(Bundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putAll;(Bundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putBinder;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putBinder;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putBundle;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putBundle;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putByte;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putByteArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putByteArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putChar;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putCharArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putCharArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putCharSequence;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putCharSequence;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putCharSequenceArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putCharSequenceArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putCharSequenceArrayList;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putCharSequenceArrayList;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putFloat;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putFloatArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putIntegerArrayList;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putParcelable;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putParcelable;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putParcelableArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putParcelableArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putParcelableArrayList;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putParcelableArrayList;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putSerializable;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putSerializable;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putShort;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putShortArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putSize;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putSizeF;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putSparseParcelableArray;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putSparseParcelableArray;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;putStringArrayList;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "android.os;Bundle;true;putStringArrayList;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "android.os;Bundle;true;readFromParcel;;;Argument[0];Argument[-1].MapKey;taint;manual",
-        "android.os;Bundle;true;readFromParcel;;;Argument[0];Argument[-1].MapValue;taint;manual",
-        // currently only the Extras part of the intent and the data field are fully modeled
-        "android.content;Intent;false;Intent;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;false;Intent;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;false;Intent;(String,Uri);;Argument[1];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;false;Intent;(String,Uri,Context,Class);;Argument[1];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;true;addCategory;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;addFlags;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;false;createChooser;;;Argument[0..2];ReturnValue.SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;getBundleExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getByteArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getCharArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getCharSequenceArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getCharSequenceArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getCharSequenceExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getData;;;Argument[-1].SyntheticField[android.content.Intent.data];ReturnValue;value;manual",
-        "android.content;Intent;true;getDataString;;;Argument[-1].SyntheticField[android.content.Intent.data];ReturnValue;taint;manual",
-        "android.content;Intent;true;getExtras;();;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "android.content;Intent;false;getIntent;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual",
-        "android.content;Intent;false;getIntentOld;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual",
-        "android.content;Intent;true;getParcelableArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getParcelableArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getParcelableExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getSerializableExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getStringArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getStringArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;true;getStringExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual",
-        "android.content;Intent;false;parseUri;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual",
-        "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putExtras;(Bundle);;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putExtras;(Bundle);;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putExtras;(Bundle);;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putExtras;(Intent);;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putIntegerArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putIntegerArrayListExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;putStringArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;putStringArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;putStringArrayListExtra;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;replaceExtras;(Bundle);;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;replaceExtras;(Bundle);;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;replaceExtras;(Bundle);;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;replaceExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.content;Intent;true;replaceExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.content;Intent;true;replaceExtras;(Intent);;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setAction;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setClass;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setClassName;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setComponent;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setData;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setData;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;true;setDataAndNormalize;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setDataAndNormalize;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;true;setDataAndType;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setDataAndType;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;true;setDataAndTypeAndNormalize;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setDataAndTypeAndNormalize;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual",
-        "android.content;Intent;true;setFlags;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setIdentifier;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setPackage;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setType;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;Intent;true;setTypeAndNormalize;;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
-
-private class IntentComponentTaintSteps extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        "android.content;Intent;true;Intent;(Intent);;Argument[0];Argument[-1];taint;manual",
-        "android.content;Intent;true;Intent;(Context,Class);;Argument[1];Argument[-1];taint;manual",
-        "android.content;Intent;true;Intent;(String,Uri,Context,Class);;Argument[3];Argument[-1];taint;manual",
-        "android.content;Intent;true;getIntent;(String);;Argument[0];ReturnValue;taint;manual",
-        "android.content;Intent;true;getIntentOld;(String);;Argument[0];ReturnValue;taint;manual",
-        "android.content;Intent;true;parseUri;(String,int);;Argument[0];ReturnValue;taint;manual",
-        "android.content;Intent;true;setPackage;;;Argument[0];Argument[-1];taint;manual",
-        "android.content;Intent;true;setClass;;;Argument[1];Argument[-1];taint;manual",
-        "android.content;Intent;true;setClassName;(Context,String);;Argument[1];Argument[-1];taint;manual",
-        "android.content;Intent;true;setClassName;(String,String);;Argument[0..1];Argument[-1];taint;manual",
-        "android.content;Intent;true;setComponent;;;Argument[0];Argument[-1];taint;manual",
-        "android.content;ComponentName;false;ComponentName;(String,String);;Argument[0..1];Argument[-1];taint;manual",
-        "android.content;ComponentName;false;ComponentName;(Context,String);;Argument[1];Argument[-1];taint;manual",
-        "android.content;ComponentName;false;ComponentName;(Context,Class);;Argument[1];Argument[-1];taint;manual",
-        "android.content;ComponentName;false;ComponentName;(Parcel);;Argument[0];Argument[-1];taint;manual",
-        "android.content;ComponentName;false;createRelative;(String,String);;Argument[0..1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;createRelative;(Context,String);;Argument[1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;flattenToShortString;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;flattenToString;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;getClassName;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;getPackageName;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;getShortClassName;;;Argument[-1];ReturnValue;taint;manual",
-        "android.content;ComponentName;false;unflattenFromString;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll b/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll
deleted file mode 100644
index 0f69f0bbe1d..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll
+++ /dev/null
@@ -1,101 +0,0 @@
-/** Provides classes and predicates related to Android notifications. */
-
-import java
-private import semmle.code.java.dataflow.DataFlow
-private import semmle.code.java.dataflow.ExternalFlow
-private import semmle.code.java.dataflow.FlowSteps
-
-private class NotificationBuildersSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "android.app;Notification$Action;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$Action$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.app;Notification$Action$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "android.app;Notification$Action$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.SyntheticField[android.content.Intent.extras];value;manual",
-        "android.app;Notification$Action$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "androidx.core.app;NotificationCompat$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Action;true;Action;(IconCompat,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Action;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(IconCompat,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.SyntheticField[android.content.Intent.extras];value;manual",
-        "androidx.core.app;NotificationCompat$Action$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "android.app;Notification$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "android.app;Notification$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.Field[android.app.Notification.extras];value;manual",
-        "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint;manual",
-        "android.app;Notification$Builder;true;setActions;;;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "android.app;Notification$Builder;true;setExtras;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras];value;manual",
-        "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.Field[android.app.Notification.extras];value;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;setExtras;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras];value;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint;manual",
-        "androidx.core.app;NotificationCompat$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$Style;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "android.app;Notification$BigPictureStyle;true;BigPictureStyle;(Builder);;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$BigTextStyle;true;BigTextStyle;(Builder);;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$InboxStyle;true;InboxStyle;(Builder);;Argument[0];Argument[-1];taint;manual",
-        "android.app;Notification$MediaStyle;true;MediaStyle;(Builder);;Argument[0];Argument[-1];taint;manual",
-        // Fluent models
-        ["android.app;Notification", "androidx.core.app;NotificationCompat"] +
-          "$Action$Builder;true;" +
-          [
-            "addExtras", "addRemoteInput", "extend", "setAllowGeneratedReplies",
-            "setAuthenticationRequired", "setContextual", "setSemanticAction"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$Builder;true;" +
-          [
-            "addAction", "addExtras", "addPerson", "extend", "setActions", "setAutoCancel",
-            "setBadgeIconType", "setBubbleMetadata", "setCategory", "setChannelId",
-            "setChronometerCountDown", "setColor", "setColorized", "setContent", "setContentInfo",
-            "setContentIntent", "setContentText", "setContentTitle", "setCustomBigContentView",
-            "setCustomHeadsUpContentView", "setDefaults", "setDeleteIntent", "setExtras", "setFlag",
-            "setForegroundServiceBehavior", "setFullScreenIntent", "setGroup",
-            "setGroupAlertBehavior", "setGroupSummary", "setLargeIcon", "setLights", "setLocalOnly",
-            "setLocusId", "setNumber", "setOngoing", "setOnlyAlertOnce", "setPriority",
-            "setProgress", "setPublicVersion", "setRemoteInputHistory", "setSettingsText",
-            "setShortcutId", "setShowWhen", "setSmallIcon", "setSortKey", "setSound", "setStyle",
-            "setSubText", "setTicker", "setTimeoutAfter", "setUsesChronometer", "setVibrate",
-            "setVisibility", "setWhen"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        ["android.app;Notification", "androidx.core.app;NotificationCompat"] +
-          "$BigPictureStyle;true;" +
-          [
-            "bigLargeIcon", "bigPicture", "setBigContentTitle", "setContentDescription",
-            "setSummaryText", "showBigPictureWhenCollapsed"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$BigTextStyle;true;"
-          + ["bigText", "setBigContentTitle", "setSummaryText"] +
-          ";;;Argument[-1];ReturnValue;value;manual",
-        ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$InboxStyle;true;" +
-          ["addLine", "setBigContentTitle", "setSummaryText"] +
-          ";;;Argument[-1];ReturnValue;value;manual",
-        "android.app;Notification$MediaStyle;true;" +
-          ["setMediaSession", "setShowActionsInCompactView"] +
-          ";;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll
index 5f1c1b19171..2898b6aee54 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll
@@ -1,7 +1,6 @@
 /** Provides classes and predicates for working with SQLite databases. */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSteps
 private import semmle.code.java.frameworks.android.Android
 
@@ -41,138 +40,3 @@ class TypeSQLiteOpenHelper extends Class {
 class TypeSQLiteStatement extends Class {
   TypeSQLiteStatement() { this.hasQualifiedName("android.database.sqlite", "SQLiteStatement") }
 }
-
-private class SQLiteSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;spec;kind"
-        "android.database.sqlite;SQLiteDatabase;false;compileStatement;(String);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;execSQL;(String);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;execSQL;(String,Object[]);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;execPerConnectionSQL;(String,Object[]);;Argument[0];sql;manual",
-        // query(boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)
-        // query(boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal)
-        // query(String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)
-        // query(String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy)
-        // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal)
-        // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)
-        // Each String / String[] arg except for selectionArgs is a sink
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[4..7];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[0..2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[4..6];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[5..8];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[5..8];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[4];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[6..9];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[6..9];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;rawQuery;(String,String[]);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;rawQuery;(String,String[],CancellationSignal);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;rawQueryWithFactory;(CursorFactory,String,String[],String);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;rawQueryWithFactory;(CursorFactory,String,String[],String,CancellationSignal);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;delete;(String,String,String[]);;Argument[0..1];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;update;(String,ContentValues,String,String[]);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;update;(String,ContentValues,String,String[]);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;updateWithOnConflict;(String,ContentValues,String,String[],int);;Argument[0];sql;manual",
-        "android.database.sqlite;SQLiteDatabase;false;updateWithOnConflict;(String,ContentValues,String,String[],int);;Argument[2];sql;manual",
-        "android.database;DatabaseUtils;false;longForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual",
-        "android.database;DatabaseUtils;false;stringForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual",
-        "android.database;DatabaseUtils;false;blobFileDescriptorForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual",
-        "android.database;DatabaseUtils;false;createDbFromSqlStatements;(Context,String,int,String);;Argument[3];sql;manual",
-        "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String);;Argument[1];sql;manual",
-        "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String,String);;Argument[1..2];sql;manual",
-        "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String,String,String[]);;Argument[1..2];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;delete;(SQLiteDatabase,String,String[]);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;delete;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;insert;(SQLiteDatabase,ContentValues);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;update;(SQLiteDatabase,ContentValues,String,String[]);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;update;(SQLiteDatabase,ContentValues,String,String[]);;Argument[2];sql;manual",
-        // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder)
-        // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
-        // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit, CancellationSignal cancellationSignal)
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[4..6];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[4..7];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[-1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4..7];sql;manual",
-        "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Argument[1];sql;manual",
-        "android.content;ContentProvider;true;update;(Uri,ContentValues,String,String[]);;Argument[2];sql;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[2];sql;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Argument[2];sql;manual",
-        "android.content;ContentResolver;true;delete;(Uri,String,String[]);;Argument[1];sql;manual",
-        "android.content;ContentResolver;true;update;(Uri,ContentValues,String,String[]);;Argument[2];sql;manual",
-        "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[2];sql;manual",
-        "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String);;Argument[2];sql;manual"
-      ]
-  }
-}
-
-private class SqlFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit)
-        // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
-        // buildUnionQuery(String[] subQueries, String sortOrder, String limit)
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[-1];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[1..5];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[-1];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[1];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[3..6];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[-1];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[1..2];ReturnValue;taint;manual",
-        // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set<String> columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String[] selectionArgs, String groupBy, String having)
-        // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set<String> columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String groupBy, String having)
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[-1..0];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[2].Element;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[4..5];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[7..8];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[-1..0];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[2].Element;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[4..7];ReturnValue;taint;manual",
-        // static buildQueryString(boolean distinct, String tables, String[] columns, String where, String groupBy, String having, String orderBy, String limit)
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[1];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[2].ArrayElement;ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[3..7];ReturnValue;taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map);;Argument[0].MapValue;Argument[-1];taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;setTables;(String);;Argument[0];Argument[-1];taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;appendWhere;(CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;appendWhereStandalone;(CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "android.database.sqlite;SQLiteQueryBuilder;true;appendColumns;(StringBuilder,String[]);;Argument[1].ArrayElement;Argument[0];taint;manual",
-        "android.database;DatabaseUtils;false;appendSelectionArgs;(String[],String[]);;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;taint;manual",
-        "android.database;DatabaseUtils;false;concatenateWhere;(String,String);;Argument[0..1];ReturnValue;taint;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint;manual",
-        "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll
index 8a5c455fedd..a3298fd70d8 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll
@@ -1,7 +1,6 @@
 /** Provides classes related to `android.content.SharedPreferences`. */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The interface `android.content.SharedPreferences`. */
 class SharedPreferences extends Interface {
@@ -56,19 +55,3 @@ class StoreSharedPreferenceMethod extends Method {
     this.hasName(["commit", "apply"])
   }
 }
-
-private class SharedPreferencesSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.content;SharedPreferences$Editor;true;clear;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putBoolean;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putFloat;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putInt;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putLong;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putString;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;putStringSet;;;Argument[-1];ReturnValue;value;manual",
-        "android.content;SharedPreferences$Editor;true;remove;;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll b/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll
index b787f0ad282..33de1ea0d12 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll
@@ -3,7 +3,6 @@
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `androidx.slice.SliceProvider`. */
 class SliceProvider extends Class {
@@ -39,87 +38,3 @@ private class SliceActionsInheritTaint extends DataFlow::SyntheticFieldContent,
   TaintInheritingContent {
   SliceActionsInheritTaint() { this.getField() = "androidx.slice.Slice.action" }
 }
-
-private class SliceBuildersSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "androidx.slice.builders;ListBuilder;true;addAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addGridRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addInputRange;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addRange;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addRating;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;addSelection;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;setHeader;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;setSeeMoreAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;setSeeMoreRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder;true;build;;;Argument[-1].SyntheticField[androidx.slice.Slice.action];ReturnValue;taint;manual",
-        "androidx.slice.builders;ListBuilder$HeaderBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;addEndItem;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setInputAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RangeBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RatingBuilder;true;setInputAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RatingBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction,boolean);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction,boolean);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;SliceAction;true;create;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;SliceAction;true;createDeeplink;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;SliceAction;true;createToggle;(PendingIntent,CharSequence,boolean);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual",
-        "androidx.slice.builders;SliceAction;true;getAction;;;Argument[-1].SyntheticField[androidx.slice.Slice.action];ReturnValue;taint;manual",
-        // Fluent models
-        "androidx.slice.builders;ListBuilder;true;" +
-          [
-            "addAction", "addGridRow", "addInputRange", "addRange", "addRating", "addRow",
-            "addSelection", "setAccentColor", "setHeader", "setHostExtras", "setIsError",
-            "setKeywords", "setLayoutDirection", "setSeeMoreAction", "setSeeMoreRow"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;ListBuilder$HeaderBuilder;true;" +
-          [
-            "setContentDescription", "setLayoutDirection", "setPrimaryAction", "setSubtitle",
-            "setSummary", "setTitle"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;" +
-          [
-            "addEndItem", "setContentDescription", "setInputAction", "setLayoutDirection", "setMax",
-            "setMin", "setPrimaryAction", "setSubtitle", "setThumb", "setTitle", "setTitleItem",
-            "setValue"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;ListBuilder$RangeBuilder;true;" +
-          [
-            "setContentDescription", "setMax", "setMode", "setPrimaryAction", "setSubtitle",
-            "setTitle", "setTitleItem", "setValue"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;ListBuilder$RatingBuilder;true;" +
-          [
-            "setContentDescription", "setInputAction", "setMax", "setMin", "setPrimaryAction",
-            "setSubtitle", "setTitle", "setTitleItem", "setValue"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;ListBuilder$RowBuilder;true;" +
-          [
-            "addEndItem", "setContentDescription", "setEndOfSection", "setLayoutDirection",
-            "setPrimaryAction", "setSubtitle", "setTitle", "setTitleItem"
-          ] + ";;;Argument[-1];ReturnValue;value;manual",
-        "androidx.slice.builders;SliceAction;true;" +
-          ["setChecked", "setContentDescription", "setPriority"] +
-          ";;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
-
-private class SliceProviderSourceModels extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "androidx.slice;SliceProvider;true;onBindSlice;;;Parameter[0];contentprovider;manual",
-        "androidx.slice;SliceProvider;true;onCreatePermissionRequest;;;Parameter[0];contentprovider;manual",
-        "androidx.slice;SliceProvider;true;onMapIntentToUri;;;Parameter[0];contentprovider;manual",
-        "androidx.slice;SliceProvider;true;onSlicePinned;;;Parameter[0];contentprovider;manual",
-        "androidx.slice;SliceProvider;true;onSliceUnpinned;;;Parameter[0];contentprovider;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
index 8dd91f73f65..b514ca94be7 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
@@ -45,7 +45,10 @@ class WebViewGetUrlMethod extends Method {
 class CrossOriginAccessMethod extends Method {
   CrossOriginAccessMethod() {
     this.getDeclaringType() instanceof TypeWebSettings and
-    this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])
+    this.hasName([
+        "setAllowFileAccess", "setAllowUniversalAccessFromFileURLs",
+        "setAllowFileAccessFromFileURLs"
+      ])
   }
 }
 
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
index e66852e8e2e..81c34179c15 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
@@ -4,12 +4,6 @@ import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 
-private class AndroidWidgetSourceModels extends SourceModelCsv {
-  override predicate row(string row) {
-    row = "android.widget;EditText;true;getText;;;ReturnValue;android-widget;manual"
-  }
-}
-
 private class DefaultAndroidWidgetSources extends RemoteFlowSource {
   DefaultAndroidWidgetSources() { sourceNode(this, "android-widget") }
 
@@ -35,9 +29,3 @@ private class EditableToStringStep extends AdditionalTaintStep {
     )
   }
 }
-
-private class AndroidWidgetSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = "android.widget;EditText;true;getText;;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll b/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll
deleted file mode 100644
index c324d22a605..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll
+++ /dev/null
@@ -1,16 +0,0 @@
-/** Provides XSS sink models relating to the `android.webkit.WebView` class. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-/** CSV sink models representing methods susceptible to XSS attacks. */
-private class DefaultXssSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.webkit;WebView;false;loadData;;;Argument[0];xss;manual",
-        "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss;manual",
-        "android.webkit;WebView;false;evaluateJavascript;;;Argument[0];xss;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll
index 4eb7f644233..24030e35045 100644
--- a/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll
@@ -2,7 +2,6 @@
 
 import java
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * The method `isEmpty` in either `org.apache.commons.collections.CollectionUtils`
@@ -29,1163 +28,3 @@ class MethodApacheCollectionsIsNotEmpty extends Method {
     this.hasName("isNotEmpty")
   }
 }
-
-/**
- * Value-propagating models for classes in the package `org.apache.commons.collections4`.
- */
-private class ApacheCollectionsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform
-          ";ArrayStack;true;peek;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";ArrayStack;true;pop;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";ArrayStack;true;push;;;Argument[0];Argument[-1].Element;value;manual",
-          ";ArrayStack;true;push;;;Argument[0];ReturnValue;value;manual",
-          ";Bag;true;add;;;Argument[0];Argument[-1].Element;value;manual",
-          ";Bag;true;uniqueSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";BidiMap;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";BidiMap;true;removeValue;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";BidiMap;true;inverseBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-          ";BidiMap;true;inverseBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-          ";FluentIterable;true;append;(Object[]);;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;append;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;append;(Iterable);;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;append;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;asEnumeration;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;collate;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;collate;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;copyInto;;;Argument[-1].Element;Argument[0].Element;value;manual",
-          ";FluentIterable;true;eval;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;filter;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;get;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";FluentIterable;true;limit;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;loop;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;of;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual",
-          ";FluentIterable;true;reverse;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;skip;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-          ";FluentIterable;true;toList;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;unique;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;unmodifiable;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;zip;(Iterable);;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;zip;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;zip;(Iterable[]);;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";FluentIterable;true;zip;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";Get;true;entrySet;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual",
-          ";Get;true;entrySet;;;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual",
-          ";Get;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ";Get;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ";Get;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-          ";Get;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-          ";IterableGet;true;mapIterator;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ";IterableGet;true;mapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ";KeyValue;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";KeyValue;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          // Note that MapIterator<K, V> implements Iterator<K>, so it iterates over the keys of the map.
-          // In order for the models of Iterator to work we have to use Element instead of MapKey for key data.
-          ";MapIterator;true;getKey;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";MapIterator;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ";MapIterator;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ";MapIterator;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual",
-          ";MultiMap;true;get;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiMap;true;put;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ";MultiMap;true;put;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-          ";MultiMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiSet$Entry;true;getElement;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";MultiSet;true;add;;;Argument[0];Argument[-1].Element;value;manual",
-          ";MultiSet;true;uniqueSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";MultiSet;true;entrySet;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual",
-          ";MultiValuedMap;true;asMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ";MultiValuedMap;true;asMap;;;Argument[-1].MapValue.Element;ReturnValue.MapValue.Element;value;manual",
-          ";MultiValuedMap;true;entries;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual",
-          ";MultiValuedMap;true;entries;;;Argument[-1].MapValue.Element;ReturnValue.Element.MapValue;value;manual",
-          ";MultiValuedMap;true;get;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiValuedMap;true;keys;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ";MultiValuedMap;true;keySet;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ";MultiValuedMap;true;mapIterator;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ";MultiValuedMap;true;mapIterator;;;Argument[-1].MapValue.Element;ReturnValue.MapValue;value;manual",
-          ";MultiValuedMap;true;put;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ";MultiValuedMap;true;put;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-          ";MultiValuedMap;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual",
-          ";MultiValuedMap;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual",
-          ";MultiValuedMap;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ";MultiValuedMap;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-          ";MultiValuedMap;true;putAll;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ";MultiValuedMap;true;putAll;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-          ";MultiValuedMap;true;remove;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiValuedMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ";OrderedIterator;true;previous;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";OrderedMap;true;firstKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";OrderedMap;true;lastKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";OrderedMap;true;nextKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";OrderedMap;true;previousKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ";Put;true;put;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ";Put;true;put;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ";Put;true;put;;;Argument[1];Argument[-1].MapValue;value;manual",
-          ";Put;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ";Put;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ";SortedBag;true;first;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";SortedBag;true;last;;;Argument[-1].Element;ReturnValue;value;manual",
-          ";Trie;true;prefixMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ";Trie;true;prefixMap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-// Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`,
-// and when more general callable flow is supported we should model the package
-// `org.apache.commons.collections4.sequence`.
-/**
- * Value-propagating models for classes in the package `org.apache.commons.collections4.keyvalue`.
- */
-private class ApacheKeyValueModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ".keyvalue;AbstractKeyValue;true;AbstractKeyValue;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;AbstractKeyValue;true;AbstractKeyValue;;;Argument[1];Argument[-1].MapValue;value;manual",
-          ".keyvalue;AbstractKeyValue;true;setKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ".keyvalue;AbstractKeyValue;true;setKey;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;AbstractKeyValue;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".keyvalue;AbstractKeyValue;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual",
-          ".keyvalue;AbstractMapEntry;true;AbstractMapEntry;;;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;AbstractMapEntry;true;AbstractMapEntry;;;Argument[1];Argument[-1].MapValue;value;manual",
-          ".keyvalue;AbstractMapEntryDecorator;true;AbstractMapEntryDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;AbstractMapEntryDecorator;true;AbstractMapEntryDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;AbstractMapEntryDecorator;true;getMapEntry;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ".keyvalue;AbstractMapEntryDecorator;true;getMapEntry;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;DefaultKeyValue;true;toMapEntry;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ".keyvalue;DefaultKeyValue;true;toMapEntry;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object[]);;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object[],boolean);;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object);;Argument[0];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object);;Argument[1];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[3];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[3];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[4];Argument[-1].Element;value;manual",
-          ".keyvalue;MultiKey;true;getKeys;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-          ".keyvalue;MultiKey;true;getKey;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".keyvalue;TiedMapEntry;true;TiedMapEntry;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;TiedMapEntry;true;TiedMapEntry;;;Argument[1];Argument[-1].MapKey;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for classes in the package `org.apache.commons.collections4.bag`.
- */
-private class ApacheBagModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag
-          ".bag;AbstractBagDecorator;true;AbstractBagDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;AbstractMapBag;true;AbstractMapBag;;;Argument[0].MapKey;Argument[-1].Element;value;manual",
-          ".bag;AbstractMapBag;true;getMap;;;Argument[-1].Element;ReturnValue.MapKey;value;manual",
-          ".bag;AbstractSortedBagDecorator;true;AbstractSortedBagDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;CollectionBag;true;CollectionBag;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;CollectionBag;true;collectionBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;CollectionSortedBag;true;CollectionSortedBag;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;CollectionSortedBag;true;collectionSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;HashBag;true;HashBag;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;PredicatedBag;true;predicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;PredicatedSortedBag;true;predicatedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;SynchronizedBag;true;synchronizedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;SynchronizedSortedBag;true;synchronizedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;TransformedBag;true;transformedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;TransformedSortedBag;true;transformedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;TreeBag;true;TreeBag;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".bag;UnmodifiableBag;true;unmodifiableBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".bag;UnmodifiableSortedBag;true;unmodifiableSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for classes in the package `org.apache.commons.collections4.bidimap`.
- */
-private class ApacheBidiMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ".bidimap;AbstractBidiMapDecorator;true;AbstractBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractBidiMapDecorator;true;AbstractBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[1].MapKey;Argument[-1].MapValue;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[1].MapValue;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[2].MapKey;Argument[-1].MapValue;value;manual",
-          ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[2].MapValue;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractOrderedBidiMapDecorator;true;AbstractOrderedBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractOrderedBidiMapDecorator;true;AbstractOrderedBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;AbstractSortedBidiMapDecorator;true;AbstractSortedBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;AbstractSortedBidiMapDecorator;true;AbstractSortedBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;DualHashBidiMap;true;DualHashBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;DualHashBidiMap;true;DualHashBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;DualLinkedHashBidiMap;true;DualLinkedHashBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;DualLinkedHashBidiMap;true;DualLinkedHashBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;DualTreeBidiMap;true;DualTreeBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;DualTreeBidiMap;true;DualTreeBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;DualTreeBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-          ".bidimap;DualTreeBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-          ".bidimap;DualTreeBidiMap;true;inverseSortedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-          ".bidimap;DualTreeBidiMap;true;inverseSortedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-          ".bidimap;TreeBidiMap;true;TreeBidiMap;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".bidimap;TreeBidiMap;true;TreeBidiMap;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".bidimap;UnmodifiableBidiMap;true;unmodifiableBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".bidimap;UnmodifiableBidiMap;true;unmodifiableBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".bidimap;UnmodifiableOrderedBidiMap;true;unmodifiableOrderedBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".bidimap;UnmodifiableOrderedBidiMap;true;unmodifiableOrderedBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".bidimap;UnmodifiableOrderedBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-          ".bidimap;UnmodifiableOrderedBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-          ".bidimap;UnmodifiableSortedBidiMap;true;unmodifiableSortedBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".bidimap;UnmodifiableSortedBidiMap;true;unmodifiableSortedBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for classes in the package `org.apache.commons.collections4.collection`.
- */
-private class ApacheCollectionModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedCollection
-          ".collection;AbstractCollectionDecorator;true;AbstractCollectionDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;AbstractCollectionDecorator;true;decorated;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;AbstractCollectionDecorator;true;setCollection;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection$CollectionMutator;true;add;;;Argument[2];Argument[0].Element;value;manual",
-          ".collection;CompositeCollection$CollectionMutator;true;add;;;Argument[2];Argument[1].Element.Element;value;manual",
-          ".collection;CompositeCollection$CollectionMutator;true;addAll;;;Argument[2].Element;Argument[0].Element;value;manual",
-          ".collection;CompositeCollection$CollectionMutator;true;addAll;;;Argument[2].Element;Argument[1].Element.Element;value;manual",
-          ".collection;CompositeCollection;true;CompositeCollection;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;CompositeCollection;(Collection,Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;CompositeCollection;(Collection,Collection);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;CompositeCollection;(Collection[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;addComposited;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;addComposited;(Collection,Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;addComposited;(Collection,Collection);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;addComposited;(Collection[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".collection;CompositeCollection;true;toCollection;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;CompositeCollection;true;getCollections;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual",
-          ".collection;IndexedCollection;true;IndexedCollection;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;IndexedCollection;true;uniqueIndexedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;IndexedCollection;true;nonUniqueIndexedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;IndexedCollection;true;get;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".collection;IndexedCollection;true;values;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;add;;;Argument[0];Argument[-1].Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;addAll;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedList;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedMultiSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedBag;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedQueue;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;createPredicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection$Builder;true;rejectedElements;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".collection;PredicatedCollection;true;predicatedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;SynchronizedCollection;true;synchronizedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;TransformedCollection;true;transformingCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;UnmodifiableBoundedCollection;true;unmodifiableBoundedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".collection;UnmodifiableCollection;true;unmodifiableCollection;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.iterators`.
- */
-private class ApacheIteratorsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformIterator
-          ".iterators;AbstractIteratorDecorator;true;AbstractIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;AbstractListIteratorDecorator;true;AbstractListIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;AbstractListIteratorDecorator;true;getListIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;AbstractMapIteratorDecorator;true;AbstractMapIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;AbstractMapIteratorDecorator;true;AbstractMapIteratorDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".iterators;AbstractMapIteratorDecorator;true;getMapIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;AbstractMapIteratorDecorator;true;getMapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".iterators;AbstractOrderedMapIteratorDecorator;true;AbstractOrderedMapIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;AbstractOrderedMapIteratorDecorator;true;AbstractOrderedMapIteratorDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".iterators;AbstractOrderedMapIteratorDecorator;true;getOrderedMapIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;AbstractOrderedMapIteratorDecorator;true;getOrderedMapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".iterators;AbstractUntypedIteratorDecorator;true;AbstractUntypedIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;AbstractUntypedIteratorDecorator;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;ArrayIterator;true;ArrayIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".iterators;ArrayIterator;true;getArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-          ".iterators;ArrayListIterator;true;ArrayListIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".iterators;BoundedIterator;true;BoundedIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator,Iterator);;Argument[2].Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator[]);;Argument[1].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Collection);;Argument[1].Element.Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;addIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;setIterator;;;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".iterators;CollatingIterator;true;getIterators;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual",
-          ".iterators;EnumerationIterator;true;EnumerationIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;EnumerationIterator;true;getEnumeration;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;EnumerationIterator;true;setEnumeration;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;FilterIterator;true;FilterIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;FilterIterator;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;FilterIterator;true;setIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;FilterListIterator;true;FilterListIterator;(ListIterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;FilterListIterator;true;FilterListIterator;(ListIterator,Predicate);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;FilterListIterator;true;getListIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;FilterListIterator;true;setListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;IteratorChain;(Iterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;IteratorChain;(Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;IteratorChain;(Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;IteratorChain;(Iterator[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;IteratorChain;(Collection);;Argument[0].Element.Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorChain;true;addIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorEnumeration;true;IteratorEnumeration;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorEnumeration;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".iterators;IteratorEnumeration;true;setIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;IteratorIterable;true;IteratorIterable;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;ListIteratorWrapper;true;ListIteratorWrapper;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;LoopingIterator;true;LoopingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;LoopingListIterator;true;LoopingListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;ObjectArrayIterator;true;ObjectArrayIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".iterators;ObjectArrayIterator;true;getArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-          ".iterators;ObjectArrayListIterator;true;ObjectArrayListIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-          ".iterators;PeekingIterator;true;PeekingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;PeekingIterator;true;peekingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;PeekingIterator;true;peek;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".iterators;PeekingIterator;true;element;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".iterators;PermutationIterator;true;PermutationIterator;;;Argument[0].Element;Argument[-1].Element.Element;value;manual",
-          ".iterators;PushbackIterator;true;PushbackIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;PushbackIterator;true;pushbackIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;PushbackIterator;true;pushback;;;Argument[0];Argument[-1].Element;value;manual",
-          ".iterators;ReverseListIterator;true;ReverseListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;SingletonIterator;true;SingletonIterator;;;Argument[0];Argument[-1].Element;value;manual",
-          ".iterators;SingletonListIterator;true;SingletonListIterator;;;Argument[0];Argument[-1].Element;value;manual",
-          ".iterators;SkippingIterator;true;SkippingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;UniqueFilterIterator;true;UniqueFilterIterator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;UnmodifiableIterator;true;unmodifiableIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;UnmodifiableListIterator;true;umodifiableListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;UnmodifiableMapIterator;true;unmodifiableMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;UnmodifiableMapIterator;true;unmodifiableMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".iterators;UnmodifiableOrderedMapIterator;true;unmodifiableOrderedMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".iterators;UnmodifiableOrderedMapIterator;true;unmodifiableOrderedMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[2].Element;Argument[-1].Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.list`.
- */
-private class ApacheListModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedList
-          ".list;AbstractLinkedList;true;AbstractLinkedList;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;AbstractLinkedList;true;getFirst;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".list;AbstractLinkedList;true;getLast;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".list;AbstractLinkedList;true;addFirst;;;Argument[0];Argument[-1].Element;value;manual",
-          ".list;AbstractLinkedList;true;addLast;;;Argument[0];Argument[-1].Element;value;manual",
-          ".list;AbstractLinkedList;true;removeFirst;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".list;AbstractLinkedList;true;removeLast;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".list;AbstractListDecorator;true;AbstractListDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;AbstractSerializableListDecorator;true;AbstractSerializableListDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;CursorableLinkedList;true;CursorableLinkedList;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;CursorableLinkedList;true;cursor;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".list;FixedSizeList;true;fixedSizeList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;GrowthList;true;growthList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;LazyList;true;lazyList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;NodeCachingLinkedList;true;NodeCachingLinkedList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;PredicatedList;true;predicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;SetUniqueList;true;setUniqueList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;SetUniqueList;true;asSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".list;TransformedList;true;transformingList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".list;TreeList;true;TreeList;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;UnmodifiableList;true;UnmodifiableList;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".list;UnmodifiableList;true;unmodifiableList;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.map`.
- */
-private class ApacheMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap
-          ".map;AbstractHashedMap;true;AbstractHashedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;AbstractHashedMap;true;AbstractHashedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;AbstractLinkedMap;true;AbstractLinkedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;AbstractLinkedMap;true;AbstractLinkedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;AbstractMapDecorator;true;AbstractMapDecorator;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;AbstractMapDecorator;true;AbstractMapDecorator;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;AbstractMapDecorator;true;decorated;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;AbstractMapDecorator;true;decorated;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;AbstractOrderedMapDecorator;true;AbstractOrderedMapDecorator;(OrderedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;AbstractOrderedMapDecorator;true;AbstractOrderedMapDecorator;(OrderedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;AbstractSortedMapDecorator;true;AbstractSortedMapDecorator;(SortedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;AbstractSortedMapDecorator;true;AbstractSortedMapDecorator;(SortedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CaseInsensitiveMap;true;CaseInsensitiveMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CaseInsensitiveMap;true;CaseInsensitiveMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[1].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[1].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map[]);;Argument[0].ArrayElement.MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map[]);;Argument[0].ArrayElement.MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map[],MapMutator);;Argument[0].ArrayElement.MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;CompositeMap;(Map[],MapMutator);;Argument[0].ArrayElement.MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;addComposited;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;CompositeMap;true;addComposited;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;CompositeMap;true;removeComposited;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;CompositeMap;true;removeComposited;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;CompositeMap;true;removeComposited;;;Argument[0];ReturnValue;value;manual",
-          ".map;DefaultedMap;true;DefaultedMap;(Object);;Argument[0];Argument[-1].MapValue;value;manual",
-          ".map;DefaultedMap;true;defaultedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;DefaultedMap;true;defaultedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;DefaultedMap;true;defaultedMap;(Map,Object);;Argument[1];ReturnValue.MapValue;value;manual",
-          ".map;EntrySetToMapIteratorAdapter;true;EntrySetToMapIteratorAdapter;;;Argument[0].Element.MapKey;Argument[-1].Element;value;manual",
-          ".map;EntrySetToMapIteratorAdapter;true;EntrySetToMapIteratorAdapter;;;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual",
-          ".map;FixedSizeMap;true;fixedSizeMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;FixedSizeMap;true;fixedSizeMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;FixedSizeSortedMap;true;fixedSizeSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;FixedSizeSortedMap;true;fixedSizeSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;Flat3Map;true;Flat3Map;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;Flat3Map;true;Flat3Map;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;HashedMap;true;HashedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;HashedMap;true;HashedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;LazyMap;true;lazyMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;LazyMap;true;lazyMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;LazySortedMap;true;lazySortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;LazySortedMap;true;lazySortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;LinkedMap;true;LinkedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;LinkedMap;true;LinkedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;LinkedMap;true;get;(int);;Argument[-1].MapKey;ReturnValue;value;manual",
-          ".map;LinkedMap;true;getValue;(int);;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;LinkedMap;true;remove;(int);;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;LinkedMap;true;asList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ".map;ListOrderedMap;true;listOrderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;ListOrderedMap;true;listOrderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;ListOrderedMap;true;putAll;;;Argument[1].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;ListOrderedMap;true;putAll;;;Argument[1].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;ListOrderedMap;true;keyList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ".map;ListOrderedMap;true;valueList;;;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-          ".map;ListOrderedMap;true;get;(int);;Argument[-1].MapKey;ReturnValue;value;manual",
-          ".map;ListOrderedMap;true;getValue;(int);;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;ListOrderedMap;true;setValue;;;Argument[1];Argument[-1].MapValue;value;manual",
-          ".map;ListOrderedMap;true;put;;;Argument[1];Argument[-1].MapKey;value;manual",
-          ".map;ListOrderedMap;true;put;;;Argument[2];Argument[-1].MapValue;value;manual",
-          ".map;ListOrderedMap;true;remove;(int);;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;ListOrderedMap;true;asList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-          ".map;LRUMap;true;LRUMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;LRUMap;true;LRUMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;LRUMap;true;LRUMap;(Map,boolean);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;LRUMap;true;LRUMap;(Map,boolean);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;LRUMap;true;get;(Object,boolean);;Argument[0].MapValue;ReturnValue;value;manual",
-          ".map;MultiKeyMap;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;MultiKeyMap;true;put;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object);;Argument[0..1];Argument[-1].MapKey.Element;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object);;Argument[0..2];Argument[-1].MapKey.Element;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object);;Argument[0..3];Argument[-1].MapKey.Element;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object,Object);;Argument[0..4];Argument[-1].MapKey.Element;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object);;Argument[3];Argument[-1].MapValue;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object);;Argument[4];Argument[-1].MapValue;value;manual",
-          ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object,Object);;Argument[5];Argument[-1].MapValue;value;manual",
-          ".map;MultiKeyMap;true;removeMultiKey;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".map;MultiValueMap;true;multiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;MultiValueMap;true;multiValueMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual",
-          ".map;MultiValueMap;true;getCollection;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ".map;MultiValueMap;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-          ".map;MultiValueMap;true;putAll;(Map);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-          ".map;MultiValueMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ".map;MultiValueMap;true;putAll;(Object,Collection);;Argument[0];Argument[-1].MapKey;value;manual",
-          ".map;MultiValueMap;true;putAll;(Object,Collection);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual",
-          ".map;MultiValueMap;true;iterator;(Object);;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual",
-          ".map;MultiValueMap;true;iterator;();;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual",
-          ".map;MultiValueMap;true;iterator;();;Argument[-1].MapValue.Element;ReturnValue.Element.MapValue;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(ExpirationPolicy,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(ExpirationPolicy,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,TimeUnit,Map);;Argument[2].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,TimeUnit,Map);;Argument[2].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;PassiveExpiringMap;true;PassiveExpiringMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;PredicatedMap;true;predicatedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;PredicatedMap;true;predicatedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;PredicatedSortedMap;true;predicatedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;PredicatedSortedMap;true;predicatedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".map;SingletonMap;true;SingletonMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".map;SingletonMap;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual",
-          ".map;TransformedMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;TransformedMap;true;transformingMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;TransformedSortedMap;true;transformingSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;TransformedSortedMap;true;transformingSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;UnmodifiableEntrySet;true;unmodifiableEntrySet;;;Argument[0].Element.MapKey;ReturnValue.Element.MapKey;value;manual",
-          ".map;UnmodifiableEntrySet;true;unmodifiableEntrySet;;;Argument[0].Element.MapValue;ReturnValue.Element.MapValue;value;manual",
-          ".map;UnmodifiableMap;true;unmodifiableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;UnmodifiableMap;true;unmodifiableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;UnmodifiableOrderedMap;true;unmodifiableOrderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;UnmodifiableOrderedMap;true;unmodifiableOrderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ".map;UnmodifiableSortedMap;true;unmodifiableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".map;UnmodifiableSortedMap;true;unmodifiableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.multimap`.
- */
-private class ApacheMultiMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedMultiValuedMap
-          ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-          ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-          ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-          ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-          ".multimap;TransformedMultiValuedMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".multimap;TransformedMultiValuedMap;true;transformingMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual",
-          ".multimap;UnmodifiableMultiValuedMap;true;unmodifiableMultiValuedMap;(MultiValuedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".multimap;UnmodifiableMultiValuedMap;true;unmodifiableMultiValuedMap;(MultiValuedMap);;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.multiset`.
- */
-private class ApacheMultiSetModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ".multiset;HashMultiSet;true;HashMultiSet;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".multiset;PredicatedMultiSet;true;predicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".multiset;SynchronizedMultiSet;true;synchronizedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".multiset;UnmodifiableMultiSet;true;unmodifiableMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.properties`.
- */
-private class ApachePropertiesModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ".properties;AbstractPropertiesFactory;true;load;(ClassLoader,String);;Argument[1];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(File);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(InputStream);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(Path);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(Reader);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(String);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(URI);;Argument[0];ReturnValue;taint;manual",
-          ".properties;AbstractPropertiesFactory;true;load;(URL);;Argument[0];ReturnValue;taint;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.queue`.
- */
-private class ApacheQueueModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedQueue
-          ".queue;CircularFifoQueue;true;CircularFifoQueue;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".queue;CircularFifoQueue;true;get;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".queue;PredicatedQueue;true;predicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".queue;SynchronizedQueue;true;synchronizedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".queue;TransformedQueue;true;transformingQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".queue;UnmodifiableQueue;true;unmodifiableQueue;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.set`.
- */
-private class ApacheSetModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedNavigableSet
-          ".set;AbstractNavigableSetDecorator;true;AbstractNavigableSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;AbstractSetDecorator;true;AbstractSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;AbstractSortedSetDecorator;true;AbstractSortedSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet$SetMutator;true;add;;;Argument[2];Argument[0].Element;value;manual",
-          ".set;CompositeSet$SetMutator;true;add;;;Argument[2];Argument[1].Element.Element;value;manual",
-          ".set;CompositeSet$SetMutator;true;addAll;;;Argument[2].Element;Argument[0].Element;value;manual",
-          ".set;CompositeSet$SetMutator;true;addAll;;;Argument[2].Element;Argument[1].Element.Element;value;manual",
-          ".set;CompositeSet;true;CompositeSet;(Set);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;CompositeSet;(Set[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;addComposited;(Set);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;addComposited;(Set,Set);;Argument[0].Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;addComposited;(Set,Set);;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;addComposited;(Set[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual",
-          ".set;CompositeSet;true;toSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".set;CompositeSet;true;getSets;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual",
-          ".set;ListOrderedSet;true;listOrderedSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;ListOrderedSet;true;listOrderedSet;(List);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;ListOrderedSet;true;asList;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ".set;ListOrderedSet;true;get;;;Argument[-1].Element;ReturnValue;value;manual",
-          ".set;ListOrderedSet;true;add;;;Argument[1];Argument[-1].Element;value;manual",
-          ".set;ListOrderedSet;true;addAll;;;Argument[1].Element;Argument[-1].Element;value;manual",
-          ".set;MapBackedSet;true;mapBackedSet;;;Argument[0].MapKey;ReturnValue.Element;value;manual",
-          ".set;PredicatedNavigableSet;true;predicatedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;PredicatedSet;true;predicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;PredicatedSortedSet;true;predicatedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;TransformedNavigableSet;true;transformingNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;TransformedSet;true;transformingSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;TransformedSortedSet;true;transformingSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;UnmodifiableNavigableSet;true;unmodifiableNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;UnmodifiableSet;true;unmodifiableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ".set;UnmodifiableSortedSet;true;unmodifiableSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.splitmap`.
- */
-private class ApacheSplitMapModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedSplitMap
-          ".splitmap;AbstractIterableGetMapDecorator;true;AbstractIterableGetMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".splitmap;AbstractIterableGetMapDecorator;true;AbstractIterableGetMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".splitmap;TransformedSplitMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".splitmap;TransformedSplitMap;true;transformingMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the package `org.apache.commons.collections4.trie`.
- */
-private class ApacheTrieModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for TransformedSplitMap
-          ".trie;PatriciaTrie;true;PatriciaTrie;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-          ".trie;PatriciaTrie;true;PatriciaTrie;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-          ".trie;AbstractPatriciaTrie;true;select;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          ".trie;AbstractPatriciaTrie;true;select;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-          ".trie;AbstractPatriciaTrie;true;selectKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-          ".trie;AbstractPatriciaTrie;true;selectValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-          ".trie;UnmodifiableTrie;true;unmodifiableTrie;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ".trie;UnmodifiableTrie;true;unmodifiableTrie;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.MapUtils`.
- */
-private class ApacheMapUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have more models for populateMap
-          ";MapUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";MapUtils;true;fixedSizeMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;fixedSizeMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;fixedSizeSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;fixedSizeSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;getMap;;;Argument[0].MapValue;ReturnValue;value;manual",
-          ";MapUtils;true;getMap;;;Argument[2];ReturnValue;value;manual",
-          ";MapUtils;true;getObject;;;Argument[0].MapValue;ReturnValue;value;manual",
-          ";MapUtils;true;getObject;;;Argument[2];ReturnValue;value;manual",
-          ";MapUtils;true;getString;;;Argument[0].MapValue;ReturnValue;value;manual",
-          ";MapUtils;true;getString;;;Argument[2];ReturnValue;value;manual",
-          ";MapUtils;true;invertMap;;;Argument[0].MapKey;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;invertMap;;;Argument[0].MapValue;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;iterableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;iterableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;iterableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;iterableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;lazyMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;lazyMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;lazySortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;lazySortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;multiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;multiValueMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;orderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;orderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;populateMap;(Map,Iterable,Transformer);;Argument[1].Element;Argument[0].MapValue;value;manual",
-          ";MapUtils;true;populateMap;(MultiMap,Iterable,Transformer);;Argument[1].Element;Argument[0].MapValue.Element;value;manual",
-          ";MapUtils;true;predicatedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;predicatedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;predicatedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;predicatedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement;Argument[0].MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement;Argument[0].MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;Argument[0].MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;Argument[0].MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapKey;Argument[0].MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapValue;Argument[0].MapValue;value;manual",
-          ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;safeAddToMap;;;Argument[1];Argument[0].MapKey;value;manual",
-          ";MapUtils;true;safeAddToMap;;;Argument[2];Argument[0].MapValue;value;manual",
-          ";MapUtils;true;synchronizedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;synchronizedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;synchronizedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;synchronizedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;toMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;toMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;transformedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;transformedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;transformedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;transformedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;unmodifiableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;unmodifiableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";MapUtils;true;unmodifiableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MapUtils;true;unmodifiableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.CollectionUtils`.
- */
-private class ApacheCollectionUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform
-          ";CollectionUtils;true;addAll;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;value;manual",
-          ";CollectionUtils;true;addAll;(Collection,Enumeration);;Argument[1].Element;Argument[0].Element;value;manual",
-          ";CollectionUtils;true;addAll;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;value;manual",
-          ";CollectionUtils;true;addAll;(Collection,Iterator);;Argument[1].Element;Argument[0].Element;value;manual",
-          ";CollectionUtils;true;addIgnoreNull;;;Argument[1];Argument[0].Element;value;manual",
-          ";CollectionUtils;true;collate;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;collate;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;disjunction;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;disjunction;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";CollectionUtils;true;extractSingleton;;;Argument[0].Element;ReturnValue;value;manual",
-          ";CollectionUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual",
-          ";CollectionUtils;true;get;(Iterator,int);;Argument[0].Element;ReturnValue;value;manual",
-          ";CollectionUtils;true;get;(Iterable,int);;Argument[0].Element;ReturnValue;value;manual",
-          ";CollectionUtils;true;get;(Map,int);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";CollectionUtils;true;get;(Map,int);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";CollectionUtils;true;get;(Object,int);;Argument[0].ArrayElement;ReturnValue;value;manual",
-          ";CollectionUtils;true;get;(Object,int);;Argument[0].Element;ReturnValue;value;manual",
-          ";CollectionUtils;true;get;(Object,int);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";CollectionUtils;true;get;(Object,int);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";CollectionUtils;true;getCardinalityMap;;;Argument[0].Element;ReturnValue.MapKey;value;manual",
-          ";CollectionUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;permutations;;;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-          ";CollectionUtils;true;predicatedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;removeAll;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;retainAll;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate,Collection);;Argument[0].Element;Argument[2].Element;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate,Collection);;Argument[2];ReturnValue;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[0].Element;Argument[2].Element;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[0].Element;Argument[3].Element;value;manual",
-          ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[2];ReturnValue;value;manual",
-          ";CollectionUtils;true;selectRejected;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;selectRejected;(Iterable,Predicate,Collection);;Argument[0].Element;Argument[2].Element;value;manual",
-          ";CollectionUtils;true;selectRejected;(Iterable,Predicate,Collection);;Argument[2];ReturnValue;value;manual",
-          ";CollectionUtils;true;subtract;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;synchronizedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          // Note that `CollectionUtils.transformingCollection` does not transform existing list elements
-          ";CollectionUtils;true;transformingCollection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";CollectionUtils;true;unmodifiableCollection;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.ListUtils`.
- */
-private class ApacheListUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";ListUtils;true;defaultIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";ListUtils;true;defaultIfNull;;;Argument[1];ReturnValue;value;manual",
-          ";ListUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";ListUtils;true;fixedSizeList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          // Note that `ListUtils.lazyList` does not transform existing list elements
-          ";ListUtils;true;lazyList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;longestCommonSubsequence;(CharSequence,CharSequence);;Argument[0];ReturnValue;taint;manual",
-          ";ListUtils;true;longestCommonSubsequence;(CharSequence,CharSequence);;Argument[1];ReturnValue;taint;manual",
-          ";ListUtils;true;longestCommonSubsequence;(List,List);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;longestCommonSubsequence;(List,List);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;longestCommonSubsequence;(List,List,Equator);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;longestCommonSubsequence;(List,List,Equator);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;partition;;;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-          ";ListUtils;true;predicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;removeAll;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;retainAll;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;select;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;selectRejected;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;subtract;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;sum;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;sum;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;synchronizedList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          // Note that `ListUtils.transformedList` does not transform existing list elements
-          ";ListUtils;true;transformedList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";ListUtils;true;unmodifiableList;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.IteratorUtils`.
- */
-private class ApacheIteratorUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          // Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator
-          ";IteratorUtils;true;arrayIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;arrayListIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;asEnumeration;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;asIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;asIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;asMultipleUseIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;boundedIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;chainedIterator;(Collection);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;chainedIterator;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;chainedIterator;(Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;chainedIterator;(Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;collatedIterator;(Comparator,Collection);;Argument[1].Element.Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;collatedIterator;(Comparator,Iterator[]);;Argument[1].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;collatedIterator;(Comparator,Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;collatedIterator;(Comparator,Iterator,Iterator);;Argument[2].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;filteredIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;filteredListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IteratorUtils;true;first;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IteratorUtils;true;forEachButLast;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IteratorUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IteratorUtils;true;getIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;getIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;getIterator;;;Argument[0];ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;getIterator;;;Argument[0].MapValue;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;loopingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;loopingListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;peekingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;pushbackIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;singletonIterator;;;Argument[0];ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;singletonListIterator;;;Argument[0];ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;skippingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;toArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual",
-          ";IteratorUtils;true;toList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;toListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;toString;;;Argument[2];ReturnValue;taint;manual",
-          ";IteratorUtils;true;toString;;;Argument[3];ReturnValue;taint;manual",
-          ";IteratorUtils;true;toString;;;Argument[4];ReturnValue;taint;manual",
-          ";IteratorUtils;true;unmodifiableIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;unmodifiableListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;unmodifiableMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;unmodifiableMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[2].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.IterableUtils`.
- */
-private class ApacheIterableUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    // Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterable
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";IterableUtils;true;boundedIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[3].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;collatedIterable;(Comparator,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;collatedIterable;(Comparator,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;collatedIterable;(Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;collatedIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";IterableUtils;true;filteredIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IterableUtils;true;first;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IterableUtils;true;forEachButLast;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IterableUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual",
-          ";IterableUtils;true;loopingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;partition;;;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-          ";IterableUtils;true;reversedIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;skippingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;toList;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;toString;;;Argument[2];ReturnValue;taint;manual",
-          ";IterableUtils;true;toString;;;Argument[3];ReturnValue;taint;manual",
-          ";IterableUtils;true;toString;;;Argument[4];ReturnValue;taint;manual",
-          ";IterableUtils;true;uniqueIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;unmodifiableIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;zippingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;zippingIterable;(Iterable,Iterable[]);;Argument[1].ArrayElement.Element;ReturnValue.Element;value;manual",
-          ";IterableUtils;true;zippingIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.EnumerationUtils`.
- */
-private class ApacheEnumerationUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";EnumerationUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual",
-          ";EnumerationUtils;true;toList;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";EnumerationUtils;true;toList;(StringTokenizer);;Argument[0];ReturnValue.Element;taint;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.MultiMapUtils`.
- */
-private class ApacheMultiMapUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";MultiMapUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";MultiMapUtils;true;getCollection;;;Argument[0].MapValue;ReturnValue;value;manual",
-          ";MultiMapUtils;true;getValuesAsBag;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiMapUtils;true;getValuesAsList;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiMapUtils;true;getValuesAsSet;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual",
-          ";MultiMapUtils;true;transformedMultiValuedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MultiMapUtils;true;transformedMultiValuedMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual",
-          ";MultiMapUtils;true;unmodifiableMultiValuedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";MultiMapUtils;true;unmodifiableMultiValuedMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.MultiSetUtils`.
- */
-private class ApacheMultiSetUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";MultiSetUtils;true;predicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";MultiSetUtils;true;synchronizedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";MultiSetUtils;true;unmodifiableMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.QueueUtils`.
- */
-private class ApacheQueueUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";QueueUtils;true;predicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";QueueUtils;true;synchronizedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";QueueUtils;true;transformingQueue;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";QueueUtils;true;unmodifiableQueue;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the classes `org.apache.commons.collections4.SetUtils`
- * and `org.apache.commons.collections4.SetUtils$SetView`.
- */
-private class ApacheSetUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";SetUtils$SetView;true;copyInto;;;Argument[-1].Element;Argument[0].Element;value;manual",
-          ";SetUtils$SetView;true;createIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";SetUtils$SetView;true;toSet;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;difference;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;disjunction;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;disjunction;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual",
-          ";SetUtils;true;hashSet;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";SetUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;orderedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;predicatedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;predicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;predicatedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;synchronizedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;synchronizedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;transformedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;transformedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;transformedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;unmodifiableNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;unmodifiableSet;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-          ";SetUtils;true;unmodifiableSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";SetUtils;true;unmodifiableSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.SplitMapUtils`.
- */
-private class ApacheSplitMapUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";SplitMapUtils;true;readableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";SplitMapUtils;true;readableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-          ";SplitMapUtils;true;writableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";SplitMapUtils;true;writableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.TrieUtils`.
- */
-private class ApacheTrieUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";TrieUtils;true;unmodifiableTrie;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-          ";TrieUtils;true;unmodifiableTrie;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-  }
-}
-
-/**
- * Value-propagating models for the class `org.apache.commons.collections4.BagUtils`.
- */
-private class ApacheBagUtilsModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["org.apache.commons.collections4", "org.apache.commons.collections"] +
-        [
-          ";BagUtils;true;collectionBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;predicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;predicatedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;synchronizedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;synchronizedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;transformingBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;transformingSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;unmodifiableBag;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          ";BagUtils;true;unmodifiableSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual"
-        ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Exec.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Exec.qll
index 978154d3274..5f44f878eb2 100644
--- a/java/ql/lib/semmle/code/java/frameworks/apache/Exec.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/apache/Exec.qll
@@ -1,4 +1,5 @@
-/* Definitions related to the Apache Commons Exec library. */
+/** Definitions related to the Apache Commons Exec library. */
+
 import semmle.code.java.Type
 import semmle.code.java.security.ExternalProcess
 
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll
deleted file mode 100644
index 997bffb9110..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll
+++ /dev/null
@@ -1,23 +0,0 @@
-/** Custom definitions related to the Apache Commons IO library. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class ApacheCommonsIOCustomSummaryCsv extends SummaryModelCsv {
-  /**
-   * Models that are not yet auto generated or where the generated summaries will
-   * be ignored.
-   * Note that if a callable has any handwritten summary, all generated summaries
-   * will be ignored for that callable.
-   */
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.io;IOUtils;false;toBufferedInputStream;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[0].Element;Argument[2];taint;manual",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[1];Argument[2];taint;manual",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(Reader);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(Reader,String);;Argument[0];ReturnValue;taint;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/IOGenerated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/IOGenerated.qll
deleted file mode 100644
index 931764d56d8..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/apache/IOGenerated.qll
+++ /dev/null
@@ -1,680 +0,0 @@
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of taint steps in the IOGenerated framework.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class IOGeneratedSinksCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.io.file;PathFilter;true;accept;(Path,BasicFileAttributes);;Argument[0];create-file;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFile;(URL,Path,CopyOption[]);;Argument[0];open-url;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFile;(URL,Path,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(URL,Path,CopyOption[]);;Argument[0];open-url;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(URL,Path,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.file;PathUtils;false;newOutputStream;(Path,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.file;PathUtils;false;writeString;(Path,CharSequence,Charset,OpenOption[]);;Argument[0];create-file;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;filter;(IOFileFilter,File[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;filterList;(IOFileFilter,File[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;filterSet;(IOFileFilter,File[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io.input;Tailer$Tailable;true;getRandomAccess;(String);;Argument[-1];create-file;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(URL);;Argument[0];open-url;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;writeTo;(OutputStream);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,Charset);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,Charset,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,CharsetEncoder);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,CharsetEncoder,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(File,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,Charset);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,Charset,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,CharsetEncoder);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,CharsetEncoder,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;true;FileWriterWithEncoding;(String,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,Charset);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,Charset,boolean,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,String,boolean,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,boolean,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(String,boolean,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(File);;Argument[0];create-file;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(File,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectory;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectory;(File,File,FileFilter);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectory;(File,File,FileFilter,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectory;(File,File,FileFilter,boolean,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectory;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyDirectoryToDirectory;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFile;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFile;(File,File,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFile;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFile;(File,File,boolean,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFileToDirectory;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyFileToDirectory;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyInputStreamToFile;(InputStream,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyToDirectory;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyToDirectory;(Iterable,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyToFile;(InputStream,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyURLToFile;(URL,File);;Argument[0];open-url;generated",
-        "org.apache.commons.io;FileUtils;true;copyURLToFile;(URL,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;copyURLToFile;(URL,File,int,int);;Argument[0];open-url;generated",
-        "org.apache.commons.io;FileUtils;true;copyURLToFile;(URL,File,int,int);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveDirectory;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveDirectoryToDirectory;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveFile;(File,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveFile;(File,File,CopyOption[]);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveFileToDirectory;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;moveToDirectory;(File,File,boolean);;Argument[1];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;newOutputStream;(File,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;openOutputStream;(File);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;openOutputStream;(File,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;touch;(File);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence,Charset);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence,Charset,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;write;(File,CharSequence,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeByteArrayToFile;(File,byte[]);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeByteArrayToFile;(File,byte[],boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeByteArrayToFile;(File,byte[],int,int);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeByteArrayToFile;(File,byte[],int,int,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,Collection);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,Collection,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,Collection,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,Collection,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,String,Collection);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,String,Collection,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,String,Collection,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeLines;(File,String,Collection,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String,Charset);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String,Charset,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String,String);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;FileUtils;true;writeStringToFile;(File,String,boolean);;Argument[0];create-file;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(URL,File);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(URL,File);;Argument[1];create-file;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(URL,OutputStream);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(URI);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(URL);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URI);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URI,Charset);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URI,String);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URL);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URL,Charset);;Argument[0];open-url;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(URL,String);;Argument[0];open-url;generated",
-        "org.apache.commons.io;RandomAccessFileMode;false;create;(File);;Argument[0];create-file;generated",
-        "org.apache.commons.io;RandomAccessFileMode;false;create;(Path);;Argument[0];create-file;generated",
-        "org.apache.commons.io;RandomAccessFileMode;false;create;(String);;Argument[0];create-file;generated"
-      ]
-  }
-}
-
-private class IOGeneratedSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.io.charset;CharsetDecoders;true;toCharsetDecoder;(CharsetDecoder);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.charset;CharsetEncoders;true;toCharsetEncoder;(CharsetEncoder);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.comparator;CompositeFileComparator;true;CompositeFileComparator;(Comparator[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.comparator;CompositeFileComparator;true;CompositeFileComparator;(Iterable);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.comparator;CompositeFileComparator;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file.spi;FileSystemProviders;true;getFileSystemProvider;(String);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file.spi;FileSystemProviders;true;getFileSystemProvider;(URI);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file.spi;FileSystemProviders;true;getFileSystemProvider;(URL);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;AccumulatorPathVisitor;(PathCounters);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;AccumulatorPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;AccumulatorPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;AccumulatorPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;getDirList;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;getFileList;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;withBigIntegerCounters;(PathFilter,PathFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;withBigIntegerCounters;(PathFilter,PathFilter);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;withLongCounters;(PathFilter,PathFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;true;withLongCounters;(PathFilter,PathFilter);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;true;CleaningPathVisitor;(PathCounters,DeleteOption[],String[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;true;CleaningPathVisitor;(PathCounters,DeleteOption[],String[]);;Argument[2].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;true;CleaningPathVisitor;(PathCounters,String[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;true;CleaningPathVisitor;(PathCounters,String[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,Path,Path,CopyOption[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,Path,Path,CopyOption[]);;Argument[1].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,Path,Path,CopyOption[]);;Argument[2].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,Path,Path,CopyOption[]);;Argument[3].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[3].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[4].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;CopyDirectoryVisitor;(PathCounters,PathFilter,PathFilter,Path,Path,CopyOption[]);;Argument[5].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;getCopyOptions;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;getSourceDirectory;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;CopyDirectoryVisitor;true;getTargetDirectory;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;Counters$PathCounters;true;getByteCounter;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;Counters$PathCounters;true;getDirectoryCounter;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;Counters$PathCounters;true;getFileCounter;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;CountingPathVisitor;true;CountingPathVisitor;(PathCounters);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CountingPathVisitor;true;CountingPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CountingPathVisitor;true;CountingPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CountingPathVisitor;true;CountingPathVisitor;(PathCounters,PathFilter,PathFilter);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;CountingPathVisitor;true;getPathCounters;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,DeleteOption[],String[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,DeleteOption[],String[]);;Argument[2].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,LinkOption[],DeleteOption[],String[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,LinkOption[],DeleteOption[],String[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,LinkOption[],DeleteOption[],String[]);;Argument[3].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,String[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;true;DeletingPathVisitor;(PathCounters,String[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DirectoryStreamFilter;true;DirectoryStreamFilter;(PathFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.file;DirectoryStreamFilter;true;getPathFilter;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFile;(URL,Path,CopyOption[]);;Argument[1].Element;ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(URL,Path,CopyOption[]);;Argument[1].Element;ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;setReadOnly;(Path,boolean,LinkOption[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;visitFileTree;(FileVisitor,Path);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;visitFileTree;(FileVisitor,Path,Set,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;visitFileTree;(FileVisitor,String,String[]);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;visitFileTree;(FileVisitor,URI);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.file;PathUtils;false;writeString;(Path,CharSequence,Charset,OpenOption[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;true;AgeFileFilter;(Instant);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;true;AgeFileFilter;(Instant,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;AndFileFilter;(IOFileFilter,IOFileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;AndFileFilter;(IOFileFilter,IOFileFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;AndFileFilter;(IOFileFilter[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;AndFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;addFileFilter;(IOFileFilter[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;true;addFileFilter;(IOFileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;true;getFileFilters;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;true;setFileFilters;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;DelegateFileFilter;true;DelegateFileFilter;(FileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;DelegateFileFilter;true;DelegateFileFilter;(FilenameFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;DelegateFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileEqualsFileFilter;true;FileEqualsFileFilter;(File);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;and;(IOFileFilter[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;andFileFilter;(IOFileFilter,IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;andFileFilter;(IOFileFilter,IOFileFilter);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;asFileFilter;(FileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;asFileFilter;(FilenameFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;magicNumberFileFilter;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;magicNumberFileFilter;(String,long);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;magicNumberFileFilter;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;magicNumberFileFilter;(byte[],long);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;makeCVSAware;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;makeDirectoryOnly;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;makeFileOnly;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;makeSVNAware;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;nameFileFilter;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;nameFileFilter;(String,IOCase);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;notFileFilter;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;or;(IOFileFilter[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;orFileFilter;(IOFileFilter,IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;orFileFilter;(IOFileFilter,IOFileFilter);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;prefixFileFilter;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;prefixFileFilter;(String,IOCase);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;suffixFileFilter;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;suffixFileFilter;(String,IOCase);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;true;toList;(IOFileFilter[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;true;and;(IOFileFilter);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;true;and;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;true;negate;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;true;or;(IOFileFilter);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;true;or;(IOFileFilter);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;MagicNumberFileFilter;true;MagicNumberFileFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;MagicNumberFileFilter;true;MagicNumberFileFilter;(String,long);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;MagicNumberFileFilter;true;MagicNumberFileFilter;(byte[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;MagicNumberFileFilter;true;MagicNumberFileFilter;(byte[],long);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;MagicNumberFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(List,IOCase);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(String,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;NameFileFilter;(String[],IOCase);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NameFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;NotFileFilter;true;NotFileFilter;(IOFileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;NotFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;OrFileFilter;(IOFileFilter,IOFileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;OrFileFilter;(IOFileFilter,IOFileFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;OrFileFilter;(IOFileFilter[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;OrFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;addFileFilter;(IOFileFilter[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;PathEqualsFileFilter;true;PathEqualsFileFilter;(Path);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PathVisitorFileFilter;true;PathVisitorFileFilter;(PathVisitor);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(List,IOCase);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(String,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;PrefixFileFilter;(String[],IOCase);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;PrefixFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;true;RegexFileFilter;(Pattern);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;true;RegexFileFilter;(Pattern,Function);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;true;RegexFileFilter;(Pattern,Function);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(List,IOCase);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(String,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;SuffixFileFilter;(String[],IOCase);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;SuffixFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(List,IOCase);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(String,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;WildcardFileFilter;(String[],IOCase);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFileFilter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFilter;true;WildcardFilter;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFilter;true;WildcardFilter;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.filefilter;WildcardFilter;true;WildcardFilter;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.input.buffer;CircularBufferInputStream;true;CircularBufferInputStream;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input.buffer;CircularBufferInputStream;true;CircularBufferInputStream;(InputStream,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input.buffer;PeekableInputStream;true;PeekableInputStream;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input.buffer;PeekableInputStream;true;PeekableInputStream;(InputStream,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BOMInputStream;true;BOMInputStream;(InputStream,ByteOrderMark[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BOMInputStream;true;BOMInputStream;(InputStream,boolean,ByteOrderMark[]);;Argument[2].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BOMInputStream;true;getBOM;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;BOMInputStream;true;getBOMCharsetName;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;BoundedInputStream;true;BoundedInputStream;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BoundedInputStream;true;BoundedInputStream;(InputStream,long);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BoundedReader;true;BoundedReader;(Reader,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BrokenInputStream;true;BrokenInputStream;(Supplier);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;BrokenReader;true;BrokenReader;(Supplier);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CharSequenceReader;true;CharSequenceReader;(CharSequence);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CharSequenceReader;true;CharSequenceReader;(CharSequence,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CharSequenceReader;true;CharSequenceReader;(CharSequence,int,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CharSequenceReader;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;CharacterFilterReader;true;CharacterFilterReader;(Reader,IntPredicate);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CircularInputStream;true;CircularInputStream;(byte[],long);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ClassLoaderObjectInputStream;true;ClassLoaderObjectInputStream;(ClassLoader,InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ClassLoaderObjectInputStream;true;ClassLoaderObjectInputStream;(ClassLoader,InputStream);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;CloseShieldInputStream;true;wrap;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;InfiniteCircularInputStream;true;InfiniteCircularInputStream;(byte[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;MessageDigestCalculatingInputStream$MessageDigestMaintainingObserver;true;MessageDigestMaintainingObserver;(MessageDigest);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;MessageDigestCalculatingInputStream;true;MessageDigestCalculatingInputStream;(InputStream,MessageDigest);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;MessageDigestCalculatingInputStream;true;getMessageDigest;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;ObservableInputStream;true;ObservableInputStream;(InputStream,Observer[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ObservableInputStream;true;add;(Observer);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ObservableInputStream;true;getObservers;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;RandomAccessFileInputStream;true;RandomAccessFileInputStream;(RandomAccessFile);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;RandomAccessFileInputStream;true;RandomAccessFileInputStream;(RandomAccessFile,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;RandomAccessFileInputStream;true;getRandomAccessFile;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;ReadAheadInputStream;true;ReadAheadInputStream;(InputStream,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReadAheadInputStream;true;ReadAheadInputStream;(InputStream,int,ExecutorService);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReadAheadInputStream;true;ReadAheadInputStream;(InputStream,int,ExecutorService);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,Charset);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,Charset,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,CharsetEncoder);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,CharsetEncoder);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,CharsetEncoder,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,CharsetEncoder,int);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReaderInputStream;true;ReaderInputStream;(Reader,String,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;true;readLine;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;true;readLines;(int);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;true;toString;(int);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;SequenceReader;true;SequenceReader;(Iterable);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;SequenceReader;true;SequenceReader;(Reader[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(File,TailerListener);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(File,TailerListener);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(Path,TailerListener);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(Path,TailerListener);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(Tailable,TailerListener);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;Builder;(Tailable,TailerListener);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;build;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withBufferSize;(int);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withCharset;(Charset);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withDelayDuration;(Duration);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withDelayDuration;(Duration);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withReOpen;(boolean);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withStartThread;(boolean);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer$Builder;true;withTailFromEnd;(boolean);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,Charset,TailerListener,long,boolean,boolean,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,Charset,TailerListener,long,boolean,boolean,int);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,boolean,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,boolean,int);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;Tailer;(File,TailerListener,long,boolean,int);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,Charset,TailerListener,long,boolean,boolean,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,Charset,TailerListener,long,boolean,boolean,int);;Argument[2];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,boolean);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,boolean);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,boolean,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,boolean,int);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;create;(File,TailerListener,long,boolean,int);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;getDelayDuration;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;getFile;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;Tailer;true;getTailable;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;TeeInputStream;true;TeeInputStream;(InputStream,OutputStream);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;TeeInputStream;true;TeeInputStream;(InputStream,OutputStream,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;TeeReader;true;TeeReader;(Reader,Writer);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;TeeReader;true;TeeReader;(Reader,Writer,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;TimestampedObserver;true;getCloseInstant;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;TimestampedObserver;true;getOpenInstant;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;TimestampedObserver;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;UncheckedBufferedReader;true;UncheckedBufferedReader;(Reader);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;UncheckedBufferedReader;true;UncheckedBufferedReader;(Reader,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;UncheckedBufferedReader;true;on;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;UncheckedFilterInputStream;true;on;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;UnixLineEndingInputStream;true;UnixLineEndingInputStream;(InputStream,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;UnsynchronizedByteArrayInputStream;true;UnsynchronizedByteArrayInputStream;(byte[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;UnsynchronizedByteArrayInputStream;true;UnsynchronizedByteArrayInputStream;(byte[],int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;UnsynchronizedByteArrayInputStream;true;UnsynchronizedByteArrayInputStream;(byte[],int,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;WindowsLineEndingInputStream;true;WindowsLineEndingInputStream;(InputStream,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String,boolean,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String,boolean,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,String,boolean,String);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,boolean,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(InputStream,boolean,String);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;XmlStreamReader;(URLConnection,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;getDefaultEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReader;true;getEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String,String,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String,String,String);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String,String,String);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String,String,String);;Argument[4];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;XmlStreamReaderException;(String,String,String,String,String,String);;Argument[5];Argument[-1];taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;getBomEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;getContentTypeEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;getContentTypeMime;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;getXmlEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.input;XmlStreamReaderException;true;getXmlGuessEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;false;FileAlterationMonitor;(long,Collection);;Argument[1].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;false;FileAlterationMonitor;(long,FileAlterationObserver[]);;Argument[1].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;false;addObserver;(FileAlterationObserver);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;false;getObservers;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;false;setThreadFactory;(ThreadFactory);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(File);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(File,FileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(File,FileFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(File,FileFilter,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(File,FileFilter,IOCase);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(String,FileFilter);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(String,FileFilter);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(String,FileFilter,IOCase);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;FileAlterationObserver;(String,FileFilter,IOCase);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;addListener;(FileAlterationListener);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;getDirectory;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;getFileFilter;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;getListeners;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;FileEntry;(File);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;FileEntry;(FileEntry,File);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;FileEntry;(FileEntry,File);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;getChildren;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;getFile;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;getLastModifiedFileTime;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;getName;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;getParent;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;newChildInstance;(File);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;newChildInstance;(File);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;setChildren;(FileEntry[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;setLastModified;(FileTime);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.monitor;FileEntry;true;setName;(String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;toByteArray;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;toString;(Charset);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;toString;(String);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;write;(InputStream);;Argument[-1];Argument[0];taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;write;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;true;writeTo;(OutputStream);;Argument[-1];Argument[0];taint;generated",
-        "org.apache.commons.io.output;AppendableOutputStream;true;AppendableOutputStream;(Appendable);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;AppendableOutputStream;true;getAppendable;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;AppendableWriter;true;AppendableWriter;(Appendable);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;AppendableWriter;true;getAppendable;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;BrokenOutputStream;true;BrokenOutputStream;(Supplier);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;BrokenWriter;true;BrokenWriter;(Supplier);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ChunkedOutputStream;true;ChunkedOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ChunkedOutputStream;true;ChunkedOutputStream;(OutputStream,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;CloseShieldOutputStream;true;CloseShieldOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;CloseShieldOutputStream;true;wrap;(OutputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;CountingOutputStream;true;CountingOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,File);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,String,String,File);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,String,String,File);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,String,String,File);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,int,File);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,int,String,String,File);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,int,String,String,File);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;DeferredFileOutputStream;(int,int,String,String,File);;Argument[4];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;getData;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;getFile;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;true;writeTo;(OutputStream);;Argument[-1];Argument[0];taint;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,Charset,boolean,String);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,String,boolean,String);;Argument[3];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(File,boolean,String);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;LockableFileWriter;true;LockableFileWriter;(String,boolean,String);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ProxyCollectionWriter;true;ProxyCollectionWriter;(Collection);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ProxyCollectionWriter;true;ProxyCollectionWriter;(Writer[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ProxyOutputStream;true;ProxyOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;StringBuilderWriter;true;StringBuilderWriter;(StringBuilder);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;StringBuilderWriter;true;getBuilder;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;StringBuilderWriter;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;TaggedOutputStream;true;TaggedOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;TeeOutputStream;true;TeeOutputStream;(OutputStream,OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;TeeOutputStream;true;TeeOutputStream;(OutputStream,OutputStream);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;TeeWriter;true;TeeWriter;(Collection);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io.output;TeeWriter;true;TeeWriter;(Writer[]);;Argument[0].ArrayElement;Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;true;ThresholdingOutputStream;(int,IOConsumer,IOFunction);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;true;ThresholdingOutputStream;(int,IOConsumer,IOFunction);;Argument[2];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;UncheckedAppendable;true;on;(Appendable);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;UncheckedFilterOutputStream;true;UncheckedFilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;UncheckedFilterOutputStream;true;on;(OutputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,Charset);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,Charset,int,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,CharsetDecoder);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,CharsetDecoder);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,CharsetDecoder,int,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,CharsetDecoder,int,boolean);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;WriterOutputStream;true;WriterOutputStream;(Writer,String,int,boolean);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(File,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(OutputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(OutputStream,String);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;XmlStreamWriter;(OutputStream,String);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;getDefaultEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.output;XmlStreamWriter;true;getEncoding;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;ValidatingObjectInputStream;(InputStream);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;accept;(ClassNameMatcher);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;accept;(ClassNameMatcher);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;accept;(Class[]);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;accept;(Pattern);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;accept;(String[]);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;reject;(ClassNameMatcher);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;reject;(ClassNameMatcher);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;reject;(Class[]);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;reject;(Pattern);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io.serialization;ValidatingObjectInputStream;true;reject;(String[]);;Argument[-1];ReturnValue;value;generated",
-        "org.apache.commons.io;ByteOrderMark;true;ByteOrderMark;(String,int[]);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io;ByteOrderMark;true;getCharsetName;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;ByteOrderMark;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(InputStream,OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(InputStream,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(InputStream,Writer,String);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(Reader,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(String,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(byte[],OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(byte[],Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;CopyUtils;true;copy;(byte[],Writer,String);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;DirectoryWalker$CancelException;true;CancelException;(File,int);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io;DirectoryWalker$CancelException;true;CancelException;(String,File,int);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io;DirectoryWalker$CancelException;true;getFile;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileCleaningTracker;true;getDeleteFailures;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileDeleteStrategy;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileSystem;false;toLegalFileName;(String,char);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;checksum;(File,Checksum);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;convertFileCollectionToFileArray;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;delete;(File);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;getFile;(File,String[]);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;getFile;(File,String[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;getFile;(String[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io;FileUtils;true;toURLs;(File[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;concat;(String,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;concat;(String,String);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getBaseName;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getExtension;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getFullPath;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getFullPathNoEndSeparator;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getName;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getPath;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getPathNoEndSeparator;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;getPrefix;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;normalize;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;normalize;(String,boolean);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;normalizeNoEndSeparator;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;normalizeNoEndSeparator;(String,boolean);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;FilenameUtils;true;removeExtension;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOExceptionList;true;IOExceptionList;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io;IOExceptionList;true;IOExceptionList;(String,List);;Argument[1].Element;Argument[-1];taint;generated",
-        "org.apache.commons.io;IOExceptionList;true;getCause;(int);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOExceptionList;true;getCauseList;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOExceptionList;true;getCauseList;(Class);;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(OutputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(OutputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(Reader,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(Writer);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;buffer;(Writer,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(InputStream,OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(InputStream,OutputStream,int);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(InputStream,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(InputStream,Writer,Charset);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(InputStream,Writer,String);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Appendable);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Appendable,CharBuffer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Appendable,CharBuffer);;Argument[0];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Appendable,CharBuffer);;Argument[2];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Appendable,CharBuffer);;Argument[2];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copy;(Reader,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,byte[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,byte[]);;Argument[0];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,byte[]);;Argument[2];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,byte[]);;Argument[2];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,long,long);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,long,long,byte[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,long,long,byte[]);;Argument[0];Argument[4];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,long,long,byte[]);;Argument[4];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(InputStream,OutputStream,long,long,byte[]);;Argument[4];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,char[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,char[]);;Argument[0];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,char[]);;Argument[2];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,char[]);;Argument[2];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,long,long);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,long,long,char[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,long,long,char[]);;Argument[0];Argument[4];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,long,long,char[]);;Argument[4];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;copyLarge;(Reader,Writer,long,long,char[]);;Argument[4];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;lineIterator;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;lineIterator;(InputStream,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;lineIterator;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(InputStream,byte[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(InputStream,byte[]);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(InputStream,byte[],int,int);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(ReadableByteChannel,ByteBuffer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(Reader,char[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(Reader,char[]);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(Reader,char[],int,int);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;read;(Reader,char[],int,int);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(InputStream,byte[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(InputStream,byte[]);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(InputStream,byte[],int,int);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(ReadableByteChannel,ByteBuffer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(Reader,char[]);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(Reader,char[]);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(Reader,char[],int,int);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readFully;(Reader,char[],int,int);;Argument[1];Argument[0];taint;generated",
-        "org.apache.commons.io;IOUtils;true;readLines;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;readLines;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;readLines;(InputStream,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;readLines;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toBufferedReader;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toBufferedReader;(Reader,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(InputStream,long);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toCharArray;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toCharArray;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toCharArray;(InputStream,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toCharArray;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(CharSequence,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(CharSequence,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(String,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toInputStream;(String,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(InputStream,String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toString;(byte[],String);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(CharSequence,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(String,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(StringBuffer,Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(byte[],OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(byte[],Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(byte[],Writer,Charset);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(byte[],Writer,String);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;write;(char[],Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeChunked;(char[],Writer);;Argument[0];Argument[1];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream);;Argument[1];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream,Charset);;Argument[1];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream,String);;Argument[1];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[1];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writer;(Appendable);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;LineIterator;true;LineIterator;(Reader);;Argument[0];Argument[-1];taint;generated",
-        "org.apache.commons.io;LineIterator;true;nextLine;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;TaggedIOException;true;TaggedIOException;(IOException,Serializable);;Argument[1];Argument[-1];taint;generated",
-        "org.apache.commons.io;TaggedIOException;true;getTag;();;Argument[-1];ReturnValue;taint;generated",
-        "org.apache.commons.io;UncheckedIO;true;apply;(IOFunction,Object);;Argument[1];ReturnValue;taint;generated",
-        "org.apache.commons.io;UncheckedIO;true;apply;(IOTriFunction,Object,Object,Object);;Argument[1];ReturnValue;taint;generated"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll
index 84db672e935..9ea2400b871 100644
--- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll
@@ -1,10 +1,7 @@
 /** Definitions related to the Apache Commons Lang library. */
 
 import java
-import Lang2Generated
-import Lang3Generated
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * The class `org.apache.commons.lang.RandomStringUtils` or `org.apache.commons.lang3.RandomStringUtils`.
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll
deleted file mode 100644
index 3d9c8116c59..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll
+++ /dev/null
@@ -1,284 +0,0 @@
-/** Definitions related to the Apache Commons Lang 2 library. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class ApacheCommonsLangModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;append;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendln;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replace;(org.apache.commons.text.StrMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StrBuilder;false;StrBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(char[],int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.CharSequence,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuffer,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuilder);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;replaceIn;(org.apache.commons.text.TextStringBuilder);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StringTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;StrTokenizer;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;StrTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;append;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendln;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replace;(org.apache.commons.text.matcher.StringMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;TextStringBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;TextStringBuilder;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;TextStringBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text;TextStringBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.text;WordUtils;false;abbreviate;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;abbreviate;;;Argument[3];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;capitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;capitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;capitalizeFully;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;capitalizeFully;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;initials;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;initials;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;uncapitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;uncapitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;wrap;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.text.lookup;StringLookup;true;lookup;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.text.lookup;StringLookupFactory;false;mapStringLookup;;;Argument[0].MapValue;ReturnValue;taint;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll
deleted file mode 100644
index 532bb20619e..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll
+++ /dev/null
@@ -1,436 +0,0 @@
-/** Definitions related to the Apache Commons Lang 3 library. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class ApacheCommonsLang3Model extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.lang3;ArrayUtils;false;add;;;Argument[2];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(boolean[],boolean);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(byte[],byte);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(char[],char);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(double[],double);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(float[],float);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(int[],int);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(java.lang.Object[],java.lang.Object);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(long[],long);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;add;(short[],short);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;addAll;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;addFirst;;;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;addFirst;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;clone;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;get;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;get;(java.lang.Object[],int,java.lang.Object);;Argument[2];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;insert;;;Argument[1..2].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;nullToEmpty;(java.lang.Object[],java.lang.Class);;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;nullToEmpty;(java.lang.String[]);;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;remove;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;removeAll;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;removeAllOccurences;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;removeAllOccurrences;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;removeElement;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;removeElements;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;subarray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.ArrayElement;ReturnValue.MapKey;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.ArrayElement;ReturnValue.MapValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.MapKey;ReturnValue.MapKey;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.MapValue;ReturnValue.MapValue;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toObject;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;clone;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;cloneIfPossible;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;CONST_BYTE;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;CONST_SHORT;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;CONST;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;defaultIfNull;;;Argument[0..1];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;firstNonNull;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;getIfNull;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;max;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;median;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;min;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;mode;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;requireNonEmpty;;;Argument[0];ReturnValue;value;manual",
-        "org.apache.commons.lang3;ObjectUtils;false;toString;(Object,String);;Argument[1];ReturnValue;value;manual",
-        "org.apache.commons.lang3;RegExUtils;false;removeAll;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;removeFirst;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;removePattern;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replaceAll;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replaceAll;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringEscapeUtils;false;escapeJson;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;abbreviate;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;abbreviateMiddle;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;abbreviateMiddle;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;appendIfMissing;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;appendIfMissing;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;appendIfMissingIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;appendIfMissingIgnoreCase;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;center;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;center;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;chomp;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;chomp;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;chop;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;defaultIfBlank;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;defaultIfEmpty;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;defaultString;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;deleteWhitespace;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;difference;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;firstNonBlank;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;StringUtils;false;firstNonEmpty;;;Argument[0].ArrayElement;ReturnValue;value;manual",
-        "org.apache.commons.lang3;StringUtils;false;getBytes;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;getCommonPrefix;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;getDigits;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;getIfBlank;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;getIfEmpty;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(char[],char,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(char[],char);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,char);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char,int,int);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,char);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,char,int,int);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;left;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;leftPad;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;leftPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;lowerCase;(java.lang.String,java.util.Locale);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;lowerCase;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;mid;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;normalizeSpace;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;overlay;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;overlay;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;prependIfMissing;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;prependIfMissing;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;prependIfMissingIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;prependIfMissingIgnoreCase;;;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;remove;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeAll;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeEnd;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeEndIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeFirst;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removePattern;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeStart;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;removeStartIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;repeat;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;repeat;(java.lang.String,java.lang.String,int);;Argument[1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replace;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replace;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceAll;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceAll;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceChars;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceChars;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[2].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[2].ArrayElement;ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceOnce;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceOnce;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceOnceIgnoreCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replaceOnceIgnoreCase;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replacePattern;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;replacePattern;;;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;reverse;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;reverseDelimited;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;right;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;rightPad;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;rightPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;rotate;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,java.lang.String,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitByCharacterType;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitByCharacterTypeCamelCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitByWholeSeparator;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitByWholeSeparatorPreserveAllTokens;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,java.lang.String,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripAccents;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripAll;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripEnd;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripStart;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripToEmpty;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;stripToNull;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substring;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringAfter;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringAfterLast;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringBefore;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringBeforeLast;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringBetween;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;substringsBetween;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;toCodePoints;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;toEncodedString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;toRootLowerCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;toRootUpperCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;toString;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;trim;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;trimToEmpty;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;trimToNull;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;truncate;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;unwrap;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;upperCase;(java.lang.String,java.util.Locale);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;upperCase;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;valueOf;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,boolean);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object);;Argument[0..1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[],boolean);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[],boolean);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;appendAsObjectToString;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;getStringBuffer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.builder;ToStringBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.mutable;Mutable;true;getValue;;;Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];ReturnValue;value;manual",
-        "org.apache.commons.lang3.mutable;MutableObject;false;MutableObject;;;Argument[0];Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];value;manual",
-        "org.apache.commons.lang3.mutable;Mutable;true;setValue;;;Argument[0];Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;append;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendln;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replace;(org.apache.commons.lang3.text.StrMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;StrBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.commons.lang3.text;StrLookup;false;lookup;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrLookup;false;mapLookup;;;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[],int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.CharSequence,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder);;Argument[-1];Argument[0];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;StrTokenizer;;;Argument[0];Argument[-1];taint;manual",
-        "org.apache.commons.lang3.text;StrTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;capitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;capitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;initials;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;initials;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;uncapitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;uncapitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;wrap;;;Argument[0];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean,java.lang.String);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean);;Argument[2];ReturnValue;taint;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;left;;;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutablePair;false;right;;;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;setLeft;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;setRight;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutablePair;false;setValue;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;setLeft;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;setMiddle;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;MutableTriple;false;setRight;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getKey;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getKey;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getValue;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;true;getValue;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual",
-        "org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getMiddle;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getMiddle;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];ReturnValue;value;manual",
-        "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual",
-        "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual",
-        "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/NegativeIOGenerated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/NegativeIOGenerated.qll
deleted file mode 100644
index 4a9a6394aaf..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/apache/NegativeIOGenerated.qll
+++ /dev/null
@@ -1,769 +0,0 @@
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of negative summaries in the IOGenerated framework.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class IOGeneratedNegativesummaryCsv extends NegativeSummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.io.charset;CharsetDecoders;CharsetDecoders;();generated",
-        "org.apache.commons.io.charset;CharsetEncoders;CharsetEncoders;();generated",
-        "org.apache.commons.io.comparator;DefaultFileComparator;DefaultFileComparator;();generated",
-        "org.apache.commons.io.comparator;DirectoryFileComparator;DirectoryFileComparator;();generated",
-        "org.apache.commons.io.comparator;ExtensionFileComparator;ExtensionFileComparator;();generated",
-        "org.apache.commons.io.comparator;ExtensionFileComparator;ExtensionFileComparator;(IOCase);generated",
-        "org.apache.commons.io.comparator;ExtensionFileComparator;toString;();generated",
-        "org.apache.commons.io.comparator;LastModifiedFileComparator;LastModifiedFileComparator;();generated",
-        "org.apache.commons.io.comparator;NameFileComparator;NameFileComparator;();generated",
-        "org.apache.commons.io.comparator;NameFileComparator;NameFileComparator;(IOCase);generated",
-        "org.apache.commons.io.comparator;NameFileComparator;toString;();generated",
-        "org.apache.commons.io.comparator;PathFileComparator;PathFileComparator;();generated",
-        "org.apache.commons.io.comparator;PathFileComparator;PathFileComparator;(IOCase);generated",
-        "org.apache.commons.io.comparator;PathFileComparator;toString;();generated",
-        "org.apache.commons.io.comparator;SizeFileComparator;SizeFileComparator;();generated",
-        "org.apache.commons.io.comparator;SizeFileComparator;SizeFileComparator;(boolean);generated",
-        "org.apache.commons.io.comparator;SizeFileComparator;toString;();generated",
-        "org.apache.commons.io.file.attribute;FileTimes;minusMillis;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;minusNanos;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;minusSeconds;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;now;();generated",
-        "org.apache.commons.io.file.attribute;FileTimes;ntfsTimeToDate;(long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;ntfsTimeToFileTime;(long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;plusMillis;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;plusNanos;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;plusSeconds;(FileTime,long);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;setLastModifiedTime;(Path);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;toDate;(FileTime);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;toFileTime;(Date);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;toNtfsTime;(Date);generated",
-        "org.apache.commons.io.file.attribute;FileTimes;toNtfsTime;(FileTime);generated",
-        "org.apache.commons.io.file.spi;FileSystemProviders;getFileSystemProvider;(Path);generated",
-        "org.apache.commons.io.file.spi;FileSystemProviders;installed;();generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;AccumulatorPathVisitor;();generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;relativizeDirectories;(Path,boolean,Comparator);generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;relativizeFiles;(Path,boolean,Comparator);generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;withBigIntegerCounters;();generated",
-        "org.apache.commons.io.file;AccumulatorPathVisitor;withLongCounters;();generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;withBigIntegerCounters;();generated",
-        "org.apache.commons.io.file;CleaningPathVisitor;withLongCounters;();generated",
-        "org.apache.commons.io.file;Counters$Counter;add;(long);generated",
-        "org.apache.commons.io.file;Counters$Counter;get;();generated",
-        "org.apache.commons.io.file;Counters$Counter;getBigInteger;();generated",
-        "org.apache.commons.io.file;Counters$Counter;getLong;();generated",
-        "org.apache.commons.io.file;Counters$Counter;increment;();generated",
-        "org.apache.commons.io.file;Counters$Counter;reset;();generated",
-        "org.apache.commons.io.file;Counters$PathCounters;getByteCounter;();generated",
-        "org.apache.commons.io.file;Counters$PathCounters;getDirectoryCounter;();generated",
-        "org.apache.commons.io.file;Counters$PathCounters;getFileCounter;();generated",
-        "org.apache.commons.io.file;Counters$PathCounters;reset;();generated",
-        "org.apache.commons.io.file;Counters;Counters;();generated",
-        "org.apache.commons.io.file;Counters;bigIntegerCounter;();generated",
-        "org.apache.commons.io.file;Counters;bigIntegerPathCounters;();generated",
-        "org.apache.commons.io.file;Counters;longCounter;();generated",
-        "org.apache.commons.io.file;Counters;longPathCounters;();generated",
-        "org.apache.commons.io.file;Counters;noopCounter;();generated",
-        "org.apache.commons.io.file;Counters;noopPathCounters;();generated",
-        "org.apache.commons.io.file;CountingPathVisitor;toString;();generated",
-        "org.apache.commons.io.file;CountingPathVisitor;withBigIntegerCounters;();generated",
-        "org.apache.commons.io.file;CountingPathVisitor;withLongCounters;();generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;withBigIntegerCounters;();generated",
-        "org.apache.commons.io.file;DeletingPathVisitor;withLongCounters;();generated",
-        "org.apache.commons.io.file;NoopPathVisitor;NoopPathVisitor;();generated",
-        "org.apache.commons.io.file;PathFilter;accept;(Path,BasicFileAttributes);generated",
-        "org.apache.commons.io.file;PathUtils;cleanDirectory;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;cleanDirectory;(Path,DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;copyDirectory;(Path,Path,CopyOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;copyFileToDirectory;(Path,Path,CopyOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;countDirectory;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;countDirectoryAsBigInteger;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;createParentDirectories;(Path,FileAttribute[]);generated",
-        "org.apache.commons.io.file;PathUtils;createParentDirectories;(Path,LinkOption,FileAttribute[]);generated",
-        "org.apache.commons.io.file;PathUtils;current;();generated",
-        "org.apache.commons.io.file;PathUtils;delete;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;delete;(Path,DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;delete;(Path,LinkOption[],DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;deleteDirectory;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;deleteDirectory;(Path,DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;deleteDirectory;(Path,LinkOption[],DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;deleteFile;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;deleteFile;(Path,DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;deleteFile;(Path,LinkOption[],DeleteOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;directoryAndFileContentEquals;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;directoryAndFileContentEquals;(Path,Path,LinkOption[],OpenOption[],FileVisitOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;directoryContentEquals;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;directoryContentEquals;(Path,Path,int,LinkOption[],FileVisitOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;fileContentEquals;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;fileContentEquals;(Path,Path,LinkOption[],OpenOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;filter;(PathFilter,Path[]);generated",
-        "org.apache.commons.io.file;PathUtils;getAclEntryList;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;getAclFileAttributeView;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;getDosFileAttributeView;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;getPosixFileAttributeView;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;getTempDirectory;();generated",
-        "org.apache.commons.io.file;PathUtils;isDirectory;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isEmpty;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;isEmptyDirectory;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;isEmptyFile;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;isNewer;(Path,ChronoZonedDateTime,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isNewer;(Path,FileTime,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isNewer;(Path,Instant,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isNewer;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;isNewer;(Path,long,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isOlder;(Path,FileTime,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isOlder;(Path,Instant,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isOlder;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;isOlder;(Path,long,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isPosix;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;isRegularFile;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;newDirectoryStream;(Path,PathFilter);generated",
-        "org.apache.commons.io.file;PathUtils;newOutputStream;(Path,boolean);generated",
-        "org.apache.commons.io.file;PathUtils;noFollowLinkOptionArray;();generated",
-        "org.apache.commons.io.file;PathUtils;readAttributes;(Path,Class,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;readBasicFileAttributes;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;readBasicFileAttributes;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;readBasicFileAttributesUnchecked;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;readDosFileAttributes;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;readOsFileAttributes;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;readPosixFileAttributes;(Path,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;readString;(Path,Charset);generated",
-        "org.apache.commons.io.file;PathUtils;setLastModifiedTime;(Path,Path);generated",
-        "org.apache.commons.io.file;PathUtils;sizeOf;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;sizeOfAsBigInteger;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;sizeOfDirectory;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;sizeOfDirectoryAsBigInteger;(Path);generated",
-        "org.apache.commons.io.file;PathUtils;waitFor;(Path,Duration,LinkOption[]);generated",
-        "org.apache.commons.io.file;PathUtils;walk;(Path,PathFilter,int,boolean,FileVisitOption[]);generated",
-        "org.apache.commons.io.file;StandardDeleteOption;overrideReadOnly;(DeleteOption[]);generated",
-        "org.apache.commons.io.filefilter;AbstractFileFilter;AbstractFileFilter;();generated",
-        "org.apache.commons.io.filefilter;AbstractFileFilter;toString;();generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(Date);generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(Date,boolean);generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(File);generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(File,boolean);generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(long);generated",
-        "org.apache.commons.io.filefilter;AgeFileFilter;AgeFileFilter;(long,boolean);generated",
-        "org.apache.commons.io.filefilter;AndFileFilter;AndFileFilter;();generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;addFileFilter;(IOFileFilter);generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;getFileFilters;();generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;removeFileFilter;(IOFileFilter);generated",
-        "org.apache.commons.io.filefilter;ConditionalFileFilter;setFileFilters;(List);generated",
-        "org.apache.commons.io.filefilter;FalseFileFilter;toString;();generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;FileFilterUtils;();generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(Date);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(Date,boolean);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(File);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(File,boolean);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(long);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;ageFileFilter;(long,boolean);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;directoryFileFilter;();generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;falseFileFilter;();generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;fileFileFilter;();generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filter;(IOFileFilter,File[]);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filter;(IOFileFilter,Iterable);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filterList;(IOFileFilter,File[]);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filterList;(IOFileFilter,Iterable);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filterSet;(IOFileFilter,File[]);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;filterSet;(IOFileFilter,Iterable);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;sizeFileFilter;(long);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;sizeFileFilter;(long,boolean);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;sizeRangeFileFilter;(long,long);generated",
-        "org.apache.commons.io.filefilter;FileFilterUtils;trueFileFilter;();generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;and;(IOFileFilter);generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;negate;();generated",
-        "org.apache.commons.io.filefilter;IOFileFilter;or;(IOFileFilter);generated",
-        "org.apache.commons.io.filefilter;OrFileFilter;OrFileFilter;();generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;RegexFileFilter;(String);generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;RegexFileFilter;(String,IOCase);generated",
-        "org.apache.commons.io.filefilter;RegexFileFilter;RegexFileFilter;(String,int);generated",
-        "org.apache.commons.io.filefilter;SizeFileFilter;SizeFileFilter;(long);generated",
-        "org.apache.commons.io.filefilter;SizeFileFilter;SizeFileFilter;(long,boolean);generated",
-        "org.apache.commons.io.filefilter;SizeFileFilter;toString;();generated",
-        "org.apache.commons.io.filefilter;SymbolicLinkFileFilter;SymbolicLinkFileFilter;(FileVisitResult,FileVisitResult);generated",
-        "org.apache.commons.io.filefilter;TrueFileFilter;toString;();generated",
-        "org.apache.commons.io.function;IOBiConsumer;accept;(Object,Object);generated",
-        "org.apache.commons.io.function;IOBiConsumer;andThen;(IOBiConsumer);generated",
-        "org.apache.commons.io.function;IOBiFunction;andThen;(Function);generated",
-        "org.apache.commons.io.function;IOBiFunction;andThen;(IOFunction);generated",
-        "org.apache.commons.io.function;IOBiFunction;apply;(Object,Object);generated",
-        "org.apache.commons.io.function;IOConsumer;accept;(Object);generated",
-        "org.apache.commons.io.function;IOConsumer;andThen;(IOConsumer);generated",
-        "org.apache.commons.io.function;IOConsumer;forEach;(Object[],IOConsumer);generated",
-        "org.apache.commons.io.function;IOConsumer;forEachIndexed;(Stream,IOConsumer);generated",
-        "org.apache.commons.io.function;IOConsumer;noop;();generated",
-        "org.apache.commons.io.function;IOFunction;andThen;(Consumer);generated",
-        "org.apache.commons.io.function;IOFunction;andThen;(Function);generated",
-        "org.apache.commons.io.function;IOFunction;andThen;(IOConsumer);generated",
-        "org.apache.commons.io.function;IOFunction;andThen;(IOFunction);generated",
-        "org.apache.commons.io.function;IOFunction;apply;(Object);generated",
-        "org.apache.commons.io.function;IOFunction;compose;(Function);generated",
-        "org.apache.commons.io.function;IOFunction;compose;(IOFunction);generated",
-        "org.apache.commons.io.function;IOFunction;compose;(IOSupplier);generated",
-        "org.apache.commons.io.function;IOFunction;compose;(Supplier);generated",
-        "org.apache.commons.io.function;IOFunction;identity;();generated",
-        "org.apache.commons.io.function;IORunnable;run;();generated",
-        "org.apache.commons.io.function;IOSupplier;get;();generated",
-        "org.apache.commons.io.function;IOTriFunction;andThen;(Function);generated",
-        "org.apache.commons.io.function;IOTriFunction;andThen;(IOFunction);generated",
-        "org.apache.commons.io.function;IOTriFunction;apply;(Object,Object,Object);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;CircularByteBuffer;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;CircularByteBuffer;(int);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;add;(byte);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;add;(byte[],int,int);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;clear;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;getCurrentNumberOfBytes;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;getSpace;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;hasBytes;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;hasSpace;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;hasSpace;(int);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;peek;(byte[],int,int);generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;read;();generated",
-        "org.apache.commons.io.input.buffer;CircularByteBuffer;read;(byte[],int,int);generated",
-        "org.apache.commons.io.input.buffer;PeekableInputStream;peek;(byte[]);generated",
-        "org.apache.commons.io.input.buffer;PeekableInputStream;peek;(byte[],int,int);generated",
-        "org.apache.commons.io.input;AutoCloseInputStream;AutoCloseInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;BOMInputStream;BOMInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;BOMInputStream;BOMInputStream;(InputStream,boolean);generated",
-        "org.apache.commons.io.input;BOMInputStream;hasBOM;();generated",
-        "org.apache.commons.io.input;BOMInputStream;hasBOM;(ByteOrderMark);generated",
-        "org.apache.commons.io.input;BoundedInputStream;isPropagateClose;();generated",
-        "org.apache.commons.io.input;BoundedInputStream;setPropagateClose;(boolean);generated",
-        "org.apache.commons.io.input;BoundedInputStream;toString;();generated",
-        "org.apache.commons.io.input;BrokenInputStream;BrokenInputStream;();generated",
-        "org.apache.commons.io.input;BrokenInputStream;BrokenInputStream;(IOException);generated",
-        "org.apache.commons.io.input;BrokenReader;BrokenReader;();generated",
-        "org.apache.commons.io.input;BrokenReader;BrokenReader;(IOException);generated",
-        "org.apache.commons.io.input;BufferedFileChannelInputStream;BufferedFileChannelInputStream;(File);generated",
-        "org.apache.commons.io.input;BufferedFileChannelInputStream;BufferedFileChannelInputStream;(File,int);generated",
-        "org.apache.commons.io.input;BufferedFileChannelInputStream;BufferedFileChannelInputStream;(Path);generated",
-        "org.apache.commons.io.input;BufferedFileChannelInputStream;BufferedFileChannelInputStream;(Path,int);generated",
-        "org.apache.commons.io.input;CharSequenceInputStream;CharSequenceInputStream;(CharSequence,Charset);generated",
-        "org.apache.commons.io.input;CharSequenceInputStream;CharSequenceInputStream;(CharSequence,Charset,int);generated",
-        "org.apache.commons.io.input;CharSequenceInputStream;CharSequenceInputStream;(CharSequence,String);generated",
-        "org.apache.commons.io.input;CharSequenceInputStream;CharSequenceInputStream;(CharSequence,String,int);generated",
-        "org.apache.commons.io.input;CharacterFilterReader;CharacterFilterReader;(Reader,int);generated",
-        "org.apache.commons.io.input;CharacterSetFilterReader;CharacterSetFilterReader;(Reader,Integer[]);generated",
-        "org.apache.commons.io.input;CharacterSetFilterReader;CharacterSetFilterReader;(Reader,Set);generated",
-        "org.apache.commons.io.input;CloseShieldInputStream;CloseShieldInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;CloseShieldReader;CloseShieldReader;(Reader);generated",
-        "org.apache.commons.io.input;CloseShieldReader;wrap;(Reader);generated",
-        "org.apache.commons.io.input;ClosedInputStream;ClosedInputStream;();generated",
-        "org.apache.commons.io.input;ClosedReader;ClosedReader;();generated",
-        "org.apache.commons.io.input;CountingInputStream;CountingInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;CountingInputStream;getByteCount;();generated",
-        "org.apache.commons.io.input;CountingInputStream;getCount;();generated",
-        "org.apache.commons.io.input;CountingInputStream;resetByteCount;();generated",
-        "org.apache.commons.io.input;CountingInputStream;resetCount;();generated",
-        "org.apache.commons.io.input;DemuxInputStream;DemuxInputStream;();generated",
-        "org.apache.commons.io.input;DemuxInputStream;bindStream;(InputStream);generated",
-        "org.apache.commons.io.input;MarkShieldInputStream;MarkShieldInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;MemoryMappedFileInputStream;MemoryMappedFileInputStream;(Path);generated",
-        "org.apache.commons.io.input;MemoryMappedFileInputStream;MemoryMappedFileInputStream;(Path,int);generated",
-        "org.apache.commons.io.input;MessageDigestCalculatingInputStream;MessageDigestCalculatingInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;MessageDigestCalculatingInputStream;MessageDigestCalculatingInputStream;(InputStream,String);generated",
-        "org.apache.commons.io.input;NullInputStream;NullInputStream;();generated",
-        "org.apache.commons.io.input;NullInputStream;NullInputStream;(long);generated",
-        "org.apache.commons.io.input;NullInputStream;NullInputStream;(long,boolean,boolean);generated",
-        "org.apache.commons.io.input;NullInputStream;getPosition;();generated",
-        "org.apache.commons.io.input;NullInputStream;getSize;();generated",
-        "org.apache.commons.io.input;NullReader;NullReader;();generated",
-        "org.apache.commons.io.input;NullReader;NullReader;(long);generated",
-        "org.apache.commons.io.input;NullReader;NullReader;(long,boolean,boolean);generated",
-        "org.apache.commons.io.input;NullReader;getPosition;();generated",
-        "org.apache.commons.io.input;NullReader;getSize;();generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;Observer;();generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;closed;();generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;data;(byte[],int,int);generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;data;(int);generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;error;(IOException);generated",
-        "org.apache.commons.io.input;ObservableInputStream$Observer;finished;();generated",
-        "org.apache.commons.io.input;ObservableInputStream;ObservableInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;ObservableInputStream;consume;();generated",
-        "org.apache.commons.io.input;ObservableInputStream;remove;(Observer);generated",
-        "org.apache.commons.io.input;ObservableInputStream;removeAllObservers;();generated",
-        "org.apache.commons.io.input;ProxyInputStream;ProxyInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;ProxyReader;ProxyReader;(Reader);generated",
-        "org.apache.commons.io.input;QueueInputStream;QueueInputStream;();generated",
-        "org.apache.commons.io.input;QueueInputStream;QueueInputStream;(BlockingQueue);generated",
-        "org.apache.commons.io.input;QueueInputStream;newQueueOutputStream;();generated",
-        "org.apache.commons.io.input;RandomAccessFileInputStream;availableLong;();generated",
-        "org.apache.commons.io.input;RandomAccessFileInputStream;isCloseOnClose;();generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(File);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(File,Charset);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(File,int,Charset);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(File,int,String);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(Path,Charset);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(Path,int,Charset);generated",
-        "org.apache.commons.io.input;ReversedLinesFileReader;ReversedLinesFileReader;(Path,int,String);generated",
-        "org.apache.commons.io.input;SwappedDataInputStream;SwappedDataInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;TaggedInputStream;TaggedInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;TaggedInputStream;isCauseOf;(Throwable);generated",
-        "org.apache.commons.io.input;TaggedInputStream;throwIfCauseOf;(Throwable);generated",
-        "org.apache.commons.io.input;TaggedReader;TaggedReader;(Reader);generated",
-        "org.apache.commons.io.input;TaggedReader;isCauseOf;(Throwable);generated",
-        "org.apache.commons.io.input;TaggedReader;throwIfCauseOf;(Throwable);generated",
-        "org.apache.commons.io.input;Tailer$RandomAccessResourceBridge;getPointer;();generated",
-        "org.apache.commons.io.input;Tailer$RandomAccessResourceBridge;read;(byte[]);generated",
-        "org.apache.commons.io.input;Tailer$RandomAccessResourceBridge;seek;(long);generated",
-        "org.apache.commons.io.input;Tailer$Tailable;getRandomAccess;(String);generated",
-        "org.apache.commons.io.input;Tailer$Tailable;isNewer;(FileTime);generated",
-        "org.apache.commons.io.input;Tailer$Tailable;lastModifiedFileTime;();generated",
-        "org.apache.commons.io.input;Tailer$Tailable;size;();generated",
-        "org.apache.commons.io.input;Tailer;getDelay;();generated",
-        "org.apache.commons.io.input;Tailer;stop;();generated",
-        "org.apache.commons.io.input;TailerListener;fileNotFound;();generated",
-        "org.apache.commons.io.input;TailerListener;fileRotated;();generated",
-        "org.apache.commons.io.input;TailerListener;handle;(Exception);generated",
-        "org.apache.commons.io.input;TailerListener;handle;(String);generated",
-        "org.apache.commons.io.input;TailerListener;init;(Tailer);generated",
-        "org.apache.commons.io.input;TailerListenerAdapter;TailerListenerAdapter;();generated",
-        "org.apache.commons.io.input;TailerListenerAdapter;endOfFileReached;();generated",
-        "org.apache.commons.io.input;TimestampedObserver;TimestampedObserver;();generated",
-        "org.apache.commons.io.input;TimestampedObserver;getOpenToCloseDuration;();generated",
-        "org.apache.commons.io.input;TimestampedObserver;getOpenToNowDuration;();generated",
-        "org.apache.commons.io.input;UncheckedFilterInputStream;UncheckedFilterInputStream;(InputStream);generated",
-        "org.apache.commons.io.input;UncheckedFilterReader;UncheckedFilterReader;(Reader);generated",
-        "org.apache.commons.io.input;UncheckedFilterReader;on;(Reader);generated",
-        "org.apache.commons.io.input;XmlStreamReader;XmlStreamReader;(File);generated",
-        "org.apache.commons.io.input;XmlStreamReader;XmlStreamReader;(Path);generated",
-        "org.apache.commons.io.input;XmlStreamReader;XmlStreamReader;(URL);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onDirectoryChange;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onDirectoryCreate;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onDirectoryDelete;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onFileChange;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onFileCreate;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onFileDelete;(File);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onStart;(FileAlterationObserver);generated",
-        "org.apache.commons.io.monitor;FileAlterationListener;onStop;(FileAlterationObserver);generated",
-        "org.apache.commons.io.monitor;FileAlterationListenerAdaptor;FileAlterationListenerAdaptor;();generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;FileAlterationMonitor;();generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;FileAlterationMonitor;(long);generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;getInterval;();generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;removeObserver;(FileAlterationObserver);generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;start;();generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;stop;();generated",
-        "org.apache.commons.io.monitor;FileAlterationMonitor;stop;(long);generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;checkAndNotify;();generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;destroy;();generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;initialize;();generated",
-        "org.apache.commons.io.monitor;FileAlterationObserver;removeListener;(FileAlterationListener);generated",
-        "org.apache.commons.io.monitor;FileEntry;getLastModified;();generated",
-        "org.apache.commons.io.monitor;FileEntry;getLength;();generated",
-        "org.apache.commons.io.monitor;FileEntry;getLevel;();generated",
-        "org.apache.commons.io.monitor;FileEntry;isDirectory;();generated",
-        "org.apache.commons.io.monitor;FileEntry;isExists;();generated",
-        "org.apache.commons.io.monitor;FileEntry;refresh;(File);generated",
-        "org.apache.commons.io.monitor;FileEntry;setDirectory;(boolean);generated",
-        "org.apache.commons.io.monitor;FileEntry;setExists;(boolean);generated",
-        "org.apache.commons.io.monitor;FileEntry;setLastModified;(long);generated",
-        "org.apache.commons.io.monitor;FileEntry;setLength;(long);generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;AbstractByteArrayOutputStream;();generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;reset;();generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;size;();generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;toByteArray;();generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;toInputStream;();generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;write;(InputStream);generated",
-        "org.apache.commons.io.output;AbstractByteArrayOutputStream;writeTo;(OutputStream);generated",
-        "org.apache.commons.io.output;BrokenOutputStream;BrokenOutputStream;();generated",
-        "org.apache.commons.io.output;BrokenOutputStream;BrokenOutputStream;(IOException);generated",
-        "org.apache.commons.io.output;BrokenWriter;BrokenWriter;();generated",
-        "org.apache.commons.io.output;BrokenWriter;BrokenWriter;(IOException);generated",
-        "org.apache.commons.io.output;ByteArrayOutputStream;ByteArrayOutputStream;();generated",
-        "org.apache.commons.io.output;ByteArrayOutputStream;ByteArrayOutputStream;(int);generated",
-        "org.apache.commons.io.output;ByteArrayOutputStream;toBufferedInputStream;(InputStream);generated",
-        "org.apache.commons.io.output;ByteArrayOutputStream;toBufferedInputStream;(InputStream,int);generated",
-        "org.apache.commons.io.output;ChunkedWriter;ChunkedWriter;(Writer);generated",
-        "org.apache.commons.io.output;ChunkedWriter;ChunkedWriter;(Writer,int);generated",
-        "org.apache.commons.io.output;CloseShieldWriter;CloseShieldWriter;(Writer);generated",
-        "org.apache.commons.io.output;CloseShieldWriter;wrap;(Writer);generated",
-        "org.apache.commons.io.output;ClosedOutputStream;ClosedOutputStream;();generated",
-        "org.apache.commons.io.output;ClosedWriter;ClosedWriter;();generated",
-        "org.apache.commons.io.output;CountingOutputStream;getByteCount;();generated",
-        "org.apache.commons.io.output;CountingOutputStream;getCount;();generated",
-        "org.apache.commons.io.output;CountingOutputStream;resetByteCount;();generated",
-        "org.apache.commons.io.output;CountingOutputStream;resetCount;();generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;isInMemory;();generated",
-        "org.apache.commons.io.output;DeferredFileOutputStream;toInputStream;();generated",
-        "org.apache.commons.io.output;DemuxOutputStream;DemuxOutputStream;();generated",
-        "org.apache.commons.io.output;DemuxOutputStream;bindStream;(OutputStream);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,Charset);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,Charset,boolean);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,CharsetEncoder);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,CharsetEncoder,boolean);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,String);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(File,String,boolean);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,Charset);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,Charset,boolean);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,CharsetEncoder);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,CharsetEncoder,boolean);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,String);generated",
-        "org.apache.commons.io.output;FileWriterWithEncoding;FileWriterWithEncoding;(String,String,boolean);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(File);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(File,Charset);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(File,String);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(File,boolean);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(String);generated",
-        "org.apache.commons.io.output;LockableFileWriter;LockableFileWriter;(String,boolean);generated",
-        "org.apache.commons.io.output;NullOutputStream;NullOutputStream;();generated",
-        "org.apache.commons.io.output;NullPrintStream;NullPrintStream;();generated",
-        "org.apache.commons.io.output;NullWriter;NullWriter;();generated",
-        "org.apache.commons.io.output;ProxyWriter;ProxyWriter;(Writer);generated",
-        "org.apache.commons.io.output;QueueOutputStream;QueueOutputStream;();generated",
-        "org.apache.commons.io.output;QueueOutputStream;QueueOutputStream;(BlockingQueue);generated",
-        "org.apache.commons.io.output;QueueOutputStream;newQueueInputStream;();generated",
-        "org.apache.commons.io.output;StringBuilderWriter;StringBuilderWriter;();generated",
-        "org.apache.commons.io.output;StringBuilderWriter;StringBuilderWriter;(int);generated",
-        "org.apache.commons.io.output;TaggedOutputStream;isCauseOf;(Exception);generated",
-        "org.apache.commons.io.output;TaggedOutputStream;throwIfCauseOf;(Exception);generated",
-        "org.apache.commons.io.output;TaggedWriter;TaggedWriter;(Writer);generated",
-        "org.apache.commons.io.output;TaggedWriter;isCauseOf;(Exception);generated",
-        "org.apache.commons.io.output;TaggedWriter;throwIfCauseOf;(Exception);generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;ThresholdingOutputStream;(int);generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;getByteCount;();generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;getThreshold;();generated",
-        "org.apache.commons.io.output;ThresholdingOutputStream;isThresholdExceeded;();generated",
-        "org.apache.commons.io.output;UncheckedFilterWriter;on;(Writer);generated",
-        "org.apache.commons.io.output;UnsynchronizedByteArrayOutputStream;UnsynchronizedByteArrayOutputStream;();generated",
-        "org.apache.commons.io.output;UnsynchronizedByteArrayOutputStream;UnsynchronizedByteArrayOutputStream;(int);generated",
-        "org.apache.commons.io.output;UnsynchronizedByteArrayOutputStream;toBufferedInputStream;(InputStream);generated",
-        "org.apache.commons.io.output;UnsynchronizedByteArrayOutputStream;toBufferedInputStream;(InputStream,int);generated",
-        "org.apache.commons.io.output;XmlStreamWriter;XmlStreamWriter;(File);generated",
-        "org.apache.commons.io.serialization;ClassNameMatcher;matches;(String);generated",
-        "org.apache.commons.io;ByteOrderMark;get;(int);generated",
-        "org.apache.commons.io;ByteOrderMark;getBytes;();generated",
-        "org.apache.commons.io;ByteOrderMark;length;();generated",
-        "org.apache.commons.io;ByteOrderParser;parseByteOrder;(String);generated",
-        "org.apache.commons.io;Charsets;Charsets;();generated",
-        "org.apache.commons.io;Charsets;requiredCharsets;();generated",
-        "org.apache.commons.io;Charsets;toCharset;(Charset);generated",
-        "org.apache.commons.io;Charsets;toCharset;(String);generated",
-        "org.apache.commons.io;CopyUtils;CopyUtils;();generated",
-        "org.apache.commons.io;CopyUtils;copy;(Reader,OutputStream);generated",
-        "org.apache.commons.io;CopyUtils;copy;(Reader,OutputStream,String);generated",
-        "org.apache.commons.io;CopyUtils;copy;(String,OutputStream);generated",
-        "org.apache.commons.io;CopyUtils;copy;(String,OutputStream,String);generated",
-        "org.apache.commons.io;DirectoryWalker$CancelException;getDepth;();generated",
-        "org.apache.commons.io;EndianUtils;EndianUtils;();generated",
-        "org.apache.commons.io;EndianUtils;readSwappedDouble;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedDouble;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedFloat;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedFloat;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedInteger;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedInteger;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedLong;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedLong;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedShort;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedShort;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedUnsignedInteger;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedUnsignedInteger;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedUnsignedShort;(InputStream);generated",
-        "org.apache.commons.io;EndianUtils;readSwappedUnsignedShort;(byte[],int);generated",
-        "org.apache.commons.io;EndianUtils;swapDouble;(double);generated",
-        "org.apache.commons.io;EndianUtils;swapFloat;(float);generated",
-        "org.apache.commons.io;EndianUtils;swapInteger;(int);generated",
-        "org.apache.commons.io;EndianUtils;swapLong;(long);generated",
-        "org.apache.commons.io;EndianUtils;swapShort;(short);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedDouble;(OutputStream,double);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedDouble;(byte[],int,double);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedFloat;(OutputStream,float);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedFloat;(byte[],int,float);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedInteger;(OutputStream,int);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedInteger;(byte[],int,int);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedLong;(OutputStream,long);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedLong;(byte[],int,long);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedShort;(OutputStream,short);generated",
-        "org.apache.commons.io;EndianUtils;writeSwappedShort;(byte[],int,short);generated",
-        "org.apache.commons.io;FileCleaner;FileCleaner;();generated",
-        "org.apache.commons.io;FileCleaner;exitWhenFinished;();generated",
-        "org.apache.commons.io;FileCleaner;getInstance;();generated",
-        "org.apache.commons.io;FileCleaner;getTrackCount;();generated",
-        "org.apache.commons.io;FileCleaner;track;(File,Object);generated",
-        "org.apache.commons.io;FileCleaner;track;(File,Object,FileDeleteStrategy);generated",
-        "org.apache.commons.io;FileCleaner;track;(String,Object);generated",
-        "org.apache.commons.io;FileCleaner;track;(String,Object,FileDeleteStrategy);generated",
-        "org.apache.commons.io;FileCleaningTracker;FileCleaningTracker;();generated",
-        "org.apache.commons.io;FileCleaningTracker;exitWhenFinished;();generated",
-        "org.apache.commons.io;FileCleaningTracker;getTrackCount;();generated",
-        "org.apache.commons.io;FileCleaningTracker;track;(File,Object);generated",
-        "org.apache.commons.io;FileCleaningTracker;track;(File,Object,FileDeleteStrategy);generated",
-        "org.apache.commons.io;FileCleaningTracker;track;(String,Object);generated",
-        "org.apache.commons.io;FileCleaningTracker;track;(String,Object,FileDeleteStrategy);generated",
-        "org.apache.commons.io;FileDeleteStrategy;delete;(File);generated",
-        "org.apache.commons.io;FileDeleteStrategy;deleteQuietly;(File);generated",
-        "org.apache.commons.io;FileExistsException;FileExistsException;();generated",
-        "org.apache.commons.io;FileExistsException;FileExistsException;(File);generated",
-        "org.apache.commons.io;FileExistsException;FileExistsException;(String);generated",
-        "org.apache.commons.io;FileSystem;getCurrent;();generated",
-        "org.apache.commons.io;FileSystem;getIllegalFileNameChars;();generated",
-        "org.apache.commons.io;FileSystem;getMaxFileNameLength;();generated",
-        "org.apache.commons.io;FileSystem;getMaxPathLength;();generated",
-        "org.apache.commons.io;FileSystem;getNameSeparator;();generated",
-        "org.apache.commons.io;FileSystem;getReservedFileNames;();generated",
-        "org.apache.commons.io;FileSystem;isCasePreserving;();generated",
-        "org.apache.commons.io;FileSystem;isCaseSensitive;();generated",
-        "org.apache.commons.io;FileSystem;isLegalFileName;(CharSequence);generated",
-        "org.apache.commons.io;FileSystem;isReservedFileName;(CharSequence);generated",
-        "org.apache.commons.io;FileSystem;normalizeSeparators;(String);generated",
-        "org.apache.commons.io;FileSystem;supportsDriveLetter;();generated",
-        "org.apache.commons.io;FileSystemUtils;FileSystemUtils;();generated",
-        "org.apache.commons.io;FileSystemUtils;freeSpace;(String);generated",
-        "org.apache.commons.io;FileSystemUtils;freeSpaceKb;();generated",
-        "org.apache.commons.io;FileSystemUtils;freeSpaceKb;(String);generated",
-        "org.apache.commons.io;FileSystemUtils;freeSpaceKb;(String,long);generated",
-        "org.apache.commons.io;FileSystemUtils;freeSpaceKb;(long);generated",
-        "org.apache.commons.io;FileUtils;FileUtils;();generated",
-        "org.apache.commons.io;FileUtils;byteCountToDisplaySize;(BigInteger);generated",
-        "org.apache.commons.io;FileUtils;byteCountToDisplaySize;(Number);generated",
-        "org.apache.commons.io;FileUtils;byteCountToDisplaySize;(long);generated",
-        "org.apache.commons.io;FileUtils;checksumCRC32;(File);generated",
-        "org.apache.commons.io;FileUtils;cleanDirectory;(File);generated",
-        "org.apache.commons.io;FileUtils;contentEquals;(File,File);generated",
-        "org.apache.commons.io;FileUtils;contentEqualsIgnoreEOL;(File,File,String);generated",
-        "org.apache.commons.io;FileUtils;copyDirectory;(File,File);generated",
-        "org.apache.commons.io;FileUtils;copyDirectory;(File,File,FileFilter);generated",
-        "org.apache.commons.io;FileUtils;copyDirectory;(File,File,FileFilter,boolean);generated",
-        "org.apache.commons.io;FileUtils;copyDirectory;(File,File,FileFilter,boolean,CopyOption[]);generated",
-        "org.apache.commons.io;FileUtils;copyDirectory;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;copyDirectoryToDirectory;(File,File);generated",
-        "org.apache.commons.io;FileUtils;copyFile;(File,File);generated",
-        "org.apache.commons.io;FileUtils;copyFile;(File,File,CopyOption[]);generated",
-        "org.apache.commons.io;FileUtils;copyFile;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;copyFile;(File,File,boolean,CopyOption[]);generated",
-        "org.apache.commons.io;FileUtils;copyFile;(File,OutputStream);generated",
-        "org.apache.commons.io;FileUtils;copyFileToDirectory;(File,File);generated",
-        "org.apache.commons.io;FileUtils;copyFileToDirectory;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;copyInputStreamToFile;(InputStream,File);generated",
-        "org.apache.commons.io;FileUtils;copyToDirectory;(File,File);generated",
-        "org.apache.commons.io;FileUtils;copyToDirectory;(Iterable,File);generated",
-        "org.apache.commons.io;FileUtils;copyToFile;(InputStream,File);generated",
-        "org.apache.commons.io;FileUtils;copyURLToFile;(URL,File);generated",
-        "org.apache.commons.io;FileUtils;copyURLToFile;(URL,File,int,int);generated",
-        "org.apache.commons.io;FileUtils;createParentDirectories;(File);generated",
-        "org.apache.commons.io;FileUtils;current;();generated",
-        "org.apache.commons.io;FileUtils;deleteDirectory;(File);generated",
-        "org.apache.commons.io;FileUtils;deleteQuietly;(File);generated",
-        "org.apache.commons.io;FileUtils;directoryContains;(File,File);generated",
-        "org.apache.commons.io;FileUtils;forceDelete;(File);generated",
-        "org.apache.commons.io;FileUtils;forceDeleteOnExit;(File);generated",
-        "org.apache.commons.io;FileUtils;forceMkdir;(File);generated",
-        "org.apache.commons.io;FileUtils;forceMkdirParent;(File);generated",
-        "org.apache.commons.io;FileUtils;getTempDirectory;();generated",
-        "org.apache.commons.io;FileUtils;getTempDirectoryPath;();generated",
-        "org.apache.commons.io;FileUtils;getUserDirectory;();generated",
-        "org.apache.commons.io;FileUtils;getUserDirectoryPath;();generated",
-        "org.apache.commons.io;FileUtils;isDirectory;(File,LinkOption[]);generated",
-        "org.apache.commons.io;FileUtils;isEmptyDirectory;(File);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,ChronoLocalDate);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,ChronoLocalDate,LocalTime);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,ChronoLocalDateTime);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,ChronoLocalDateTime,ZoneId);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,ChronoZonedDateTime);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,Date);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,File);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,FileTime);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,Instant);generated",
-        "org.apache.commons.io;FileUtils;isFileNewer;(File,long);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,ChronoLocalDate);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,ChronoLocalDate,LocalTime);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,ChronoLocalDateTime);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,ChronoLocalDateTime,ZoneId);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,ChronoZonedDateTime);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,Date);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,File);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,FileTime);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,Instant);generated",
-        "org.apache.commons.io;FileUtils;isFileOlder;(File,long);generated",
-        "org.apache.commons.io;FileUtils;isRegularFile;(File,LinkOption[]);generated",
-        "org.apache.commons.io;FileUtils;isSymlink;(File);generated",
-        "org.apache.commons.io;FileUtils;iterateFiles;(File,IOFileFilter,IOFileFilter);generated",
-        "org.apache.commons.io;FileUtils;iterateFiles;(File,String[],boolean);generated",
-        "org.apache.commons.io;FileUtils;iterateFilesAndDirs;(File,IOFileFilter,IOFileFilter);generated",
-        "org.apache.commons.io;FileUtils;lastModified;(File);generated",
-        "org.apache.commons.io;FileUtils;lastModifiedFileTime;(File);generated",
-        "org.apache.commons.io;FileUtils;lastModifiedUnchecked;(File);generated",
-        "org.apache.commons.io;FileUtils;lineIterator;(File);generated",
-        "org.apache.commons.io;FileUtils;lineIterator;(File,String);generated",
-        "org.apache.commons.io;FileUtils;listFiles;(File,IOFileFilter,IOFileFilter);generated",
-        "org.apache.commons.io;FileUtils;listFiles;(File,String[],boolean);generated",
-        "org.apache.commons.io;FileUtils;listFilesAndDirs;(File,IOFileFilter,IOFileFilter);generated",
-        "org.apache.commons.io;FileUtils;moveDirectory;(File,File);generated",
-        "org.apache.commons.io;FileUtils;moveDirectoryToDirectory;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;moveFile;(File,File);generated",
-        "org.apache.commons.io;FileUtils;moveFile;(File,File,CopyOption[]);generated",
-        "org.apache.commons.io;FileUtils;moveFileToDirectory;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;moveToDirectory;(File,File,boolean);generated",
-        "org.apache.commons.io;FileUtils;newOutputStream;(File,boolean);generated",
-        "org.apache.commons.io;FileUtils;openInputStream;(File);generated",
-        "org.apache.commons.io;FileUtils;openOutputStream;(File);generated",
-        "org.apache.commons.io;FileUtils;openOutputStream;(File,boolean);generated",
-        "org.apache.commons.io;FileUtils;readFileToByteArray;(File);generated",
-        "org.apache.commons.io;FileUtils;readFileToString;(File);generated",
-        "org.apache.commons.io;FileUtils;readFileToString;(File,Charset);generated",
-        "org.apache.commons.io;FileUtils;readFileToString;(File,String);generated",
-        "org.apache.commons.io;FileUtils;readLines;(File);generated",
-        "org.apache.commons.io;FileUtils;readLines;(File,Charset);generated",
-        "org.apache.commons.io;FileUtils;readLines;(File,String);generated",
-        "org.apache.commons.io;FileUtils;sizeOf;(File);generated",
-        "org.apache.commons.io;FileUtils;sizeOfAsBigInteger;(File);generated",
-        "org.apache.commons.io;FileUtils;sizeOfDirectory;(File);generated",
-        "org.apache.commons.io;FileUtils;sizeOfDirectoryAsBigInteger;(File);generated",
-        "org.apache.commons.io;FileUtils;streamFiles;(File,boolean,String[]);generated",
-        "org.apache.commons.io;FileUtils;toFile;(URL);generated",
-        "org.apache.commons.io;FileUtils;toFiles;(URL[]);generated",
-        "org.apache.commons.io;FileUtils;touch;(File);generated",
-        "org.apache.commons.io;FileUtils;waitFor;(File,int);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence,Charset);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence,Charset,boolean);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence,String);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence,String,boolean);generated",
-        "org.apache.commons.io;FileUtils;write;(File,CharSequence,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeByteArrayToFile;(File,byte[]);generated",
-        "org.apache.commons.io;FileUtils;writeByteArrayToFile;(File,byte[],boolean);generated",
-        "org.apache.commons.io;FileUtils;writeByteArrayToFile;(File,byte[],int,int);generated",
-        "org.apache.commons.io;FileUtils;writeByteArrayToFile;(File,byte[],int,int,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,Collection);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,Collection,String);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,Collection,String,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,Collection,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,String,Collection);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,String,Collection,String);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,String,Collection,String,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeLines;(File,String,Collection,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String,Charset);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String,Charset,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String,String);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String,String,boolean);generated",
-        "org.apache.commons.io;FileUtils;writeStringToFile;(File,String,boolean);generated",
-        "org.apache.commons.io;FilenameUtils;FilenameUtils;();generated",
-        "org.apache.commons.io;FilenameUtils;directoryContains;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;equals;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;equals;(String,String,boolean,IOCase);generated",
-        "org.apache.commons.io;FilenameUtils;equalsNormalized;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;equalsNormalizedOnSystem;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;equalsOnSystem;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;getPrefixLength;(String);generated",
-        "org.apache.commons.io;FilenameUtils;indexOfExtension;(String);generated",
-        "org.apache.commons.io;FilenameUtils;indexOfLastSeparator;(String);generated",
-        "org.apache.commons.io;FilenameUtils;isExtension;(String,Collection);generated",
-        "org.apache.commons.io;FilenameUtils;isExtension;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;isExtension;(String,String[]);generated",
-        "org.apache.commons.io;FilenameUtils;separatorsToSystem;(String);generated",
-        "org.apache.commons.io;FilenameUtils;separatorsToUnix;(String);generated",
-        "org.apache.commons.io;FilenameUtils;separatorsToWindows;(String);generated",
-        "org.apache.commons.io;FilenameUtils;wildcardMatch;(String,String);generated",
-        "org.apache.commons.io;FilenameUtils;wildcardMatch;(String,String,IOCase);generated",
-        "org.apache.commons.io;FilenameUtils;wildcardMatchOnSystem;(String,String);generated",
-        "org.apache.commons.io;HexDump;HexDump;();generated",
-        "org.apache.commons.io;HexDump;dump;(byte[],long,OutputStream,int);generated",
-        "org.apache.commons.io;IOCase;checkCompareTo;(String,String);generated",
-        "org.apache.commons.io;IOCase;checkEndsWith;(String,String);generated",
-        "org.apache.commons.io;IOCase;checkEquals;(String,String);generated",
-        "org.apache.commons.io;IOCase;checkIndexOf;(String,int,String);generated",
-        "org.apache.commons.io;IOCase;checkRegionMatches;(String,int,String);generated",
-        "org.apache.commons.io;IOCase;checkStartsWith;(String,String);generated",
-        "org.apache.commons.io;IOCase;forName;(String);generated",
-        "org.apache.commons.io;IOCase;getName;();generated",
-        "org.apache.commons.io;IOCase;isCaseSensitive;();generated",
-        "org.apache.commons.io;IOCase;isCaseSensitive;(IOCase);generated",
-        "org.apache.commons.io;IOCase;toString;();generated",
-        "org.apache.commons.io;IOCase;value;(IOCase,IOCase);generated",
-        "org.apache.commons.io;IOExceptionList;checkEmpty;(List,Object);generated",
-        "org.apache.commons.io;IOExceptionList;getCause;(int,Class);generated",
-        "org.apache.commons.io;IOExceptionWithCause;IOExceptionWithCause;(String,Throwable);generated",
-        "org.apache.commons.io;IOExceptionWithCause;IOExceptionWithCause;(Throwable);generated",
-        "org.apache.commons.io;IOIndexedException;IOIndexedException;(int,Throwable);generated",
-        "org.apache.commons.io;IOIndexedException;getIndex;();generated",
-        "org.apache.commons.io;IOUtils;IOUtils;();generated",
-        "org.apache.commons.io;IOUtils;byteArray;();generated",
-        "org.apache.commons.io;IOUtils;byteArray;(int);generated",
-        "org.apache.commons.io;IOUtils;close;(Closeable);generated",
-        "org.apache.commons.io;IOUtils;close;(Closeable,IOConsumer);generated",
-        "org.apache.commons.io;IOUtils;close;(Closeable[]);generated",
-        "org.apache.commons.io;IOUtils;close;(URLConnection);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Closeable);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Closeable,Consumer);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Closeable[]);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(InputStream);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(OutputStream);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Reader);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Selector);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(ServerSocket);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Socket);generated",
-        "org.apache.commons.io;IOUtils;closeQuietly;(Writer);generated",
-        "org.apache.commons.io;IOUtils;consume;(InputStream);generated",
-        "org.apache.commons.io;IOUtils;contentEquals;(InputStream,InputStream);generated",
-        "org.apache.commons.io;IOUtils;contentEquals;(Reader,Reader);generated",
-        "org.apache.commons.io;IOUtils;contentEqualsIgnoreEOL;(Reader,Reader);generated",
-        "org.apache.commons.io;IOUtils;copy;(ByteArrayOutputStream);generated",
-        "org.apache.commons.io;IOUtils;copy;(Reader,OutputStream);generated",
-        "org.apache.commons.io;IOUtils;copy;(Reader,OutputStream,Charset);generated",
-        "org.apache.commons.io;IOUtils;copy;(Reader,OutputStream,String);generated",
-        "org.apache.commons.io;IOUtils;copy;(URL,File);generated",
-        "org.apache.commons.io;IOUtils;copy;(URL,OutputStream);generated",
-        "org.apache.commons.io;IOUtils;length;(CharSequence);generated",
-        "org.apache.commons.io;IOUtils;length;(Object[]);generated",
-        "org.apache.commons.io;IOUtils;length;(byte[]);generated",
-        "org.apache.commons.io;IOUtils;length;(char[]);generated",
-        "org.apache.commons.io;IOUtils;resourceToByteArray;(String);generated",
-        "org.apache.commons.io;IOUtils;resourceToByteArray;(String,ClassLoader);generated",
-        "org.apache.commons.io;IOUtils;resourceToString;(String,Charset);generated",
-        "org.apache.commons.io;IOUtils;resourceToString;(String,Charset,ClassLoader);generated",
-        "org.apache.commons.io;IOUtils;resourceToURL;(String);generated",
-        "org.apache.commons.io;IOUtils;resourceToURL;(String,ClassLoader);generated",
-        "org.apache.commons.io;IOUtils;skip;(InputStream,long);generated",
-        "org.apache.commons.io;IOUtils;skip;(ReadableByteChannel,long);generated",
-        "org.apache.commons.io;IOUtils;skip;(Reader,long);generated",
-        "org.apache.commons.io;IOUtils;skipFully;(InputStream,long);generated",
-        "org.apache.commons.io;IOUtils;skipFully;(ReadableByteChannel,long);generated",
-        "org.apache.commons.io;IOUtils;skipFully;(Reader,long);generated",
-        "org.apache.commons.io;IOUtils;toBufferedInputStream;(InputStream);generated",
-        "org.apache.commons.io;IOUtils;toBufferedInputStream;(InputStream,int);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(InputStream);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(Reader);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(Reader,Charset);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(Reader,String);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(URI);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(URL);generated",
-        "org.apache.commons.io;IOUtils;toByteArray;(URLConnection);generated",
-        "org.apache.commons.io;IOUtils;toString;(URI);generated",
-        "org.apache.commons.io;IOUtils;toString;(URI,Charset);generated",
-        "org.apache.commons.io;IOUtils;toString;(URI,String);generated",
-        "org.apache.commons.io;IOUtils;toString;(URL);generated",
-        "org.apache.commons.io;IOUtils;toString;(URL,Charset);generated",
-        "org.apache.commons.io;IOUtils;toString;(URL,String);generated",
-        "org.apache.commons.io;IOUtils;write;(CharSequence,OutputStream);generated",
-        "org.apache.commons.io;IOUtils;write;(CharSequence,OutputStream,Charset);generated",
-        "org.apache.commons.io;IOUtils;write;(CharSequence,OutputStream,String);generated",
-        "org.apache.commons.io;IOUtils;write;(String,OutputStream);generated",
-        "org.apache.commons.io;IOUtils;write;(String,OutputStream,Charset);generated",
-        "org.apache.commons.io;IOUtils;write;(String,OutputStream,String);generated",
-        "org.apache.commons.io;IOUtils;write;(StringBuffer,OutputStream);generated",
-        "org.apache.commons.io;IOUtils;write;(StringBuffer,OutputStream,String);generated",
-        "org.apache.commons.io;IOUtils;write;(char[],OutputStream);generated",
-        "org.apache.commons.io;IOUtils;write;(char[],OutputStream,Charset);generated",
-        "org.apache.commons.io;IOUtils;write;(char[],OutputStream,String);generated",
-        "org.apache.commons.io;LineIterator;closeQuietly;(LineIterator);generated",
-        "org.apache.commons.io;RandomAccessFileMode;create;(File);generated",
-        "org.apache.commons.io;RandomAccessFileMode;create;(Path);generated",
-        "org.apache.commons.io;RandomAccessFileMode;create;(String);generated",
-        "org.apache.commons.io;RandomAccessFileMode;toString;();generated",
-        "org.apache.commons.io;StandardLineSeparator;getBytes;(Charset);generated",
-        "org.apache.commons.io;StandardLineSeparator;getString;();generated",
-        "org.apache.commons.io;TaggedIOException;isTaggedWith;(Throwable,Object);generated",
-        "org.apache.commons.io;TaggedIOException;throwCauseIfTaggedWith;(Throwable,Object);generated",
-        "org.apache.commons.io;UncheckedIO;UncheckedIO;();generated",
-        "org.apache.commons.io;UncheckedIO;accept;(IOConsumer,Object);generated",
-        "org.apache.commons.io;UncheckedIO;apply;(IOBiFunction,Object,Object);generated",
-        "org.apache.commons.io;UncheckedIO;get;(IOSupplier);generated",
-        "org.apache.commons.io;UncheckedIO;run;(IORunnable);generated",
-        "org.apache.commons.io;UncheckedIOExceptions;UncheckedIOExceptions;();generated",
-        "org.apache.commons.io;UncheckedIOExceptions;create;(Object);generated",
-        "org.apache.commons.io;UncheckedIOExceptions;wrap;(IOException,Object);generated"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/generated.qll b/java/ql/lib/semmle/code/java/frameworks/generated.qll
deleted file mode 100644
index 7a16e24890e..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/generated.qll
+++ /dev/null
@@ -1,10 +0,0 @@
-/**
- * A module importing all generated Models as Data models.
- */
-
-import java
-
-private module GeneratedFrameworks {
-  private import apache.IOGenerated
-  private import kotlin.StdLibGenerated
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll
deleted file mode 100644
index 424dade4291..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll
+++ /dev/null
@@ -1,98 +0,0 @@
-/** Definitions of flow steps through utility methods of `com.google.common.base`. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class GuavaBaseCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "com.google.common.base;Strings;false;emptyToNull;(String);;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Strings;false;nullToEmpty;(String);;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Strings;false;padStart;(String,int,char);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Strings;false;padEnd;(String,int,char);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Strings;false;repeat;(String,int);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Strings;false;lenientFormat;(String,Object[]);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Strings;false;lenientFormat;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;on;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;skipNulls;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;useForNull;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;withKeyValueSeparator;(char);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;Argument[1..2];Argument[0];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;Argument[3].ArrayElement;Argument[0];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterable);;Argument[1].Element;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterator);;Argument[1].Element;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;Argument[1..2];Argument[0];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;Argument[3].ArrayElement;Argument[0];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterable);;Argument[1].Element;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterator);;Argument[1].Element;Argument[-1];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;;;Argument[-1];Argument[0];taint;manual",
-        "com.google.common.base;Joiner;false;appendTo;;;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Joiner;false;join;;;Argument[-1..2];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[1];Argument[0];taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;;;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;Argument[0].Element.MapKey;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;Argument[0].Element.MapValue;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;Argument[0].Element.MapKey;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;Argument[0].Element.MapValue;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Map);;Argument[0].MapKey;ReturnValue;taint;manual",
-        "com.google.common.base;Joiner$MapJoiner;false;join;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "com.google.common.base;Splitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Splitter;false;splitToStream;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Splitter$MapSplitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Preconditions;false;checkNotNull;;;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Verify;false;verifyNotNull;;;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Ascii;false;toLowerCase;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Ascii;false;toLowerCase;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Ascii;false;toUpperCase;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Ascii;false;toUpperCase;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[2];ReturnValue;taint;manual",
-        "com.google.common.base;CaseFormat;true;to;(CaseFormat,String);;Argument[1];ReturnValue;taint;manual",
-        "com.google.common.base;Converter;true;apply;(Object);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Converter;true;convert;(Object);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Converter;true;convertAll;(Iterable);;Argument[0].Element;ReturnValue.Element;taint;manual",
-        "com.google.common.base;Supplier;true;get;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.base;Suppliers;false;ofInstance;(Object);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Suppliers;false;memoize;(Supplier);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Suppliers;false;memoizeWithExpiration;(Supplier,long,TimeUnit);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Suppliers;false;synchronizedSupplier;(Supplier);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Optional;true;fromJavaUtil;(Optional);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;fromNullable;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;get;();;Argument[-1].Element;ReturnValue;value;manual",
-        "com.google.common.base;Optional;true;asSet;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;or;(Optional);;Argument[-1..0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;or;(Supplier);;Argument[-1].Element;ReturnValue;value;manual",
-        "com.google.common.base;Optional;true;or;(Supplier);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;Optional;true;or;(Object);;Argument[-1].Element;ReturnValue;value;manual",
-        "com.google.common.base;Optional;true;or;(Object);;Argument[0];ReturnValue;value;manual",
-        "com.google.common.base;Optional;true;orNull;();;Argument[-1].Element;ReturnValue;value;manual",
-        "com.google.common.base;Optional;true;presentInstances;(Iterable);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;toJavaUtil;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;Optional;true;toJavaUtil;(Optional);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.base;MoreObjects;false;firstNonNull;(Object,Object);;Argument[0..1];ReturnValue;value;manual",
-        "com.google.common.base;MoreObjects;false;toStringHelper;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;add;(String,Object);;Argument[1];ReturnValue;taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;add;(String,Object);;Argument[1];Argument[-1];taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;(Object);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;(Object);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;omitNullValues;();;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.base;MoreObjects$ToStringHelper;false;toString;();;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll
deleted file mode 100644
index d1f8cf4f776..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll
+++ /dev/null
@@ -1,32 +0,0 @@
-/** Flow steps through methods of `com.google.common.cache` */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class GuavaBaseCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "com.google.common.cache;Cache;true;asMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.cache;Cache;true;asMap;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        // lambda flow from Argument[1] not implemented
-        "com.google.common.cache;Cache;true;get;(Object,Callable);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.cache;Cache;true;getIfPresent;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        // the true flow to MapKey of ReturnValue for getAllPresent is the intersection of the these inputs, but intersections cannot be modeled fully accurately.
-        "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.cache;Cache;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.cache;Cache;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.cache;Cache;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.cache;Cache;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.cache;LoadingCache;true;get;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.cache;LoadingCache;true;getUnchecked;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.cache;LoadingCache;true;apply;(Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[0].Element;Argument[-1].MapKey;value;manual",
-        "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll
index d662e7ee7cd..94dd356f62d 100644
--- a/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll
@@ -3,577 +3,10 @@
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.Collections
 
 private string guavaCollectPackage() { result = "com.google.common.collect" }
 
-private class GuavaCollectCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        // Methods depending on lambda flow are not currently modeled
-        // Methods depending on stronger aliasing properties than we support are also not modeled.
-        "com.google.common.collect;ArrayListMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ArrayListMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ArrayTable;true;create;(Iterable,Iterable);;Argument[0].Element;ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ArrayTable;true;create;(Iterable,Iterable);;Argument[1].Element;ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;BiMap;true;forcePut;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;BiMap;true;forcePut;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;BiMap;true;inverse;();;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;BiMap;true;inverse;();;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ClassToInstanceMap;true;getInstance;(Class);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.collect;ClassToInstanceMap;true;putInstance;(Class,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ClassToInstanceMap;true;putInstance;(Class,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.collect;Collections2;false;filter;(Collection,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Collections2;false;orderedPermutations;(Iterable);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Collections2;false;orderedPermutations;(Iterable,Comparator);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Collections2;false;permutations;(Collection);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;ConcurrentHashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;HashBiMap;true;create;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;HashBiMap;true;create;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;HashMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;HashMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;HashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableClassToInstanceMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableClassToInstanceMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableClassToInstanceMap;true;of;(Class,Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableClassToInstanceMap;true;of;(Class,Object);;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;add;(Object);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;add;(Object[]);;Argument[0].ArrayElement;Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;add;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;addAll;(Iterable);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;addAll;(Iterator);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;addAll;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableCollection$Builder;true;build;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableCollection;true;asList;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;of;;;Argument[0..11];ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;of;;;Argument[12].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;reverse;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;sortedCopyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableList;true;sortedCopyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;build;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;orderEntriesByValue;(Comparator);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;put;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;put;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;put;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap$Builder;true;putAll;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;build;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;orderKeysBy;(Comparator);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;orderValuesBy;(Comparator);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;put;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Multimap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Multimap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Object[]);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Object[]);;Argument[1].ArrayElement;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;;;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;copyOf;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;copyOf;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;inverse;();;Argument[-1].MapKey;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;inverse;();;Argument[-1].MapValue;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableMultiset$Builder;true;addCopies;(Object,int);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableMultiset$Builder;true;addCopies;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset$Builder;true;setCount;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset;true;of;;;Argument[0..5];ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableMultiset;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;of;;;Argument[0..5];ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSet;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable,Comparator);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable,Comparator);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map,Comparator);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map,Comparator);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOfSorted;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;copyOfSorted;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparable[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;copyOfSorted;(SortedMultiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;of;;;Argument[0..5];ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedMultiset;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparable[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Collection);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;copyOfSorted;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;of;;;Argument[0..5];ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableSortedSet;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;orderColumnsBy;(Comparator);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;orderRowsBy;(Comparator);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[0];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[1];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[-1];ReturnValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[0];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[1];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[2];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Iterables;false;addAll;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;value;manual",
-        "com.google.common.collect;Iterables;false;concat;(Iterable);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable,Iterable);;Argument[0..2].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable,Iterable,Iterable);;Argument[0..3].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;concat;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;consumingIterable;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;cycle;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;cycle;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;filter;(Iterable,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;filter;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;find;(Iterable,Predicate);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;find;(Iterable,Predicate,Object);;Argument[2];ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;find;(Iterable,Predicate,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;get;(Iterable,int);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;get;(Iterable,int,Object);;Argument[2];ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;get;(Iterable,int,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getLast;(Iterable);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getLast;(Iterable,Object);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getLast;(Iterable,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable,Object);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterables;false;limit;(Iterable,int);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;mergeSorted;(Iterable,Comparator);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;paddedPartition;(Iterable,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Iterables;false;partition;(Iterable,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Iterables;false;skip;(Iterable,int);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;toArray;(Iterable,Class);;Argument[0].Element;ReturnValue.ArrayElement;value;manual",
-        //"com.google.common.collect;Iterables;false;toString;(Iterable);;Element of Argument[0];ReturnValue;taint;manual",
-        "com.google.common.collect;Iterables;false;tryFind;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;unmodifiableIterable;(ImmutableCollection);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterables;false;unmodifiableIterable;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;addAll;(Collection,Iterator);;Argument[1].Element;Argument[0].Element;value;manual",
-        "com.google.common.collect;Iterators;false;asEnumeration;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;concat;(Iterator);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator,Iterator);;Argument[0..2].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator,Iterator,Iterator);;Argument[0..3].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;concat;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;consumingIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;cycle;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;cycle;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;filter;(Iterator,Class);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;filter;(Iterator,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;find;(Iterator,Predicate);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;find;(Iterator,Predicate,Object);;Argument[2];ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;find;(Iterator,Predicate,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;forArray;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;forEnumeration;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;get;(Iterator,int);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;get;(Iterator,int,Object);;Argument[2];ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;get;(Iterator,int,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getLast;(Iterator);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getLast;(Iterator,Object);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getLast;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getNext;(Iterator,Object);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getNext;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator,Object);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Iterators;false;limit;(Iterator,int);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;mergeSorted;(Iterable,Comparator);;Argument[0].Element.Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;paddedPartition;(Iterator,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Iterators;false;partition;(Iterator,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Iterators;false;peekingIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;peekingIterator;(PeekingIterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;singletonIterator;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;toArray;(Iterator,Class);;Argument[0].Element;ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;Iterators;false;tryFind;(Iterator,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;unmodifiableIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Iterators;false;unmodifiableIterator;(UnmodifiableIterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;LinkedHashMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;LinkedHashMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;LinkedHashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;LinkedListMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;LinkedListMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Lists;false;asList;(Object,Object,Object[]);;Argument[0..1];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;asList;(Object,Object,Object[]);;Argument[2].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;asList;(Object,Object[]);;Argument[0];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;asList;(Object,Object[]);;Argument[1].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;cartesianProduct;(List);;Argument[0].Element.Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Lists;false;cartesianProduct;(List[]);;Argument[0].ArrayElement.Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Lists;false;charactersOf;(CharSequence);;Argument[0];ReturnValue.Element;taint;manual",
-        "com.google.common.collect;Lists;false;charactersOf;(String);;Argument[0];ReturnValue.Element;taint;manual",
-        "com.google.common.collect;Lists;false;newArrayList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;newArrayList;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;newArrayList;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;newCopyOnWriteArrayList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;newLinkedList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Lists;false;partition;(List,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Lists;false;reverse;(List);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;MapDifference$ValueDifference;true;leftValue;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left];ReturnValue;value;manual",
-        "com.google.common.collect;MapDifference$ValueDifference;true;rightValue;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right];ReturnValue;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.left];value;manual",
-        "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.right];value;manual",
-        "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesOnlyOnLeft;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesOnlyOnLeft;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesOnlyOnRight;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MapDifference;true;entriesOnlyOnRight;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;asMap;(NavigableSet,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;asMap;(Set,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;asMap;(SortedSet,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual",
-        "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual",
-        "com.google.common.collect;Maps;false;filterEntries;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;filterKeys;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;filterValues;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;fromProperties;(Properties);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;fromProperties;(Properties);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;immutableEntry;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;immutableEntry;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;immutableEnumMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;newEnumMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;newHashMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;newHashMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;newLinkedHashMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;newLinkedHashMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;newTreeMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;newTreeMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;subMap;(NavigableMap,Range);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;subMap;(NavigableMap,Range);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;synchronizedBiMap;(BiMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;synchronizedBiMap;(BiMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;toMap;(Iterable,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;toMap;(Iterator,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;transformValues;(Map,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;transformValues;(NavigableMap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;transformValues;(SortedMap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;uniqueIndex;(Iterable,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;uniqueIndex;(Iterator,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;unmodifiableBiMap;(BiMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;unmodifiableBiMap;(BiMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Maps;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Maps;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;asMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;asMap;();;Argument[-1].MapValue;ReturnValue.MapValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;entries;();;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;entries;();;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;get;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;keys;();;Argument[-1].MapKey;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;putAll;(Multimap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;putAll;(Multimap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;removeAll;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual",
-        "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimap;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;asMap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual",
-        "com.google.common.collect;Multimaps;false;filterEntries;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterEntries;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;filterEntries;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterEntries;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;filterKeys;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterKeys;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;filterKeys;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterKeys;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;filterValues;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterValues;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;filterValues;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;filterValues;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;forMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;forMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;index;(Iterable,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;index;(Iterator,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[1];ReturnValue;value;manual",
-        "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[0].MapKey;Argument[1].MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[0].MapValue;Argument[1].MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;newListMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;newListMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;newMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;newMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;newSetMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;newSetMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;newSortedSetMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;newSortedSetMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedListMultimap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedListMultimap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedMultimap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedMultimap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedSetMultimap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedSetMultimap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;synchronizedSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;transformValues;(ListMultimap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;transformValues;(Multimap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ImmutableListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ImmutableListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(ImmutableMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(ImmutableMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(ImmutableSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(ImmutableSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Multimaps;false;unmodifiableSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Multiset$Entry;true;getElement;();;Argument[-1].Element;ReturnValue;value;manual",
-        "com.google.common.collect;Multiset;true;add;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;Multiset;true;elementSet;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multiset;true;entrySet;();;Argument[-1].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Multiset;true;setCount;(Object,int);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;Multiset;true;setCount;(Object,int,int);;Argument[0];Argument[-1].Element;value;manual",
-        "com.google.common.collect;Multisets;false;copyHighestCountFirst;(Multiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;difference;(Multiset,Multiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;filter;(Multiset,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;immutableEntry;(Object,int);;Argument[0];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;intersection;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;sum;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;union;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;unmodifiableMultiset;(ImmutableMultiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;unmodifiableMultiset;(Multiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Multisets;false;unmodifiableSortedMultiset;(SortedMultiset);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;MutableClassToInstanceMap;true;create;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;MutableClassToInstanceMap;true;create;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;ObjectArrays;false;concat;(Object,Object[]);;Argument[0];ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;ObjectArrays;false;concat;(Object,Object[]);;Argument[1].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object);;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object);;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object[],Class);;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "com.google.common.collect;Queues;false;drain;(BlockingQueue,Collection,int,Duration);;Argument[0].Element;Argument[1].Element;value;manual",
-        "com.google.common.collect;Queues;false;drain;(BlockingQueue,Collection,int,long,TimeUnit);;Argument[0].Element;Argument[1].Element;value;manual",
-        "com.google.common.collect;Queues;false;newArrayDeque;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;newConcurrentLinkedQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;newLinkedBlockingDeque;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;newLinkedBlockingQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;newPriorityBlockingQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;newPriorityQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;synchronizedDeque;(Deque);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Queues;false;synchronizedQueue;(Queue);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets$SetView;true;copyInto;(Set);;Argument[-1].Element;Argument[0].Element;value;manual",
-        "com.google.common.collect;Sets$SetView;true;immutableCopy;();;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;cartesianProduct;(List);;Argument[0].Element.Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Sets;false;cartesianProduct;(Set[]);;Argument[0].ArrayElement.Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Sets;false;combinations;(Set,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Sets;false;difference;(Set,Set);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;filter;(NavigableSet,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;filter;(Set,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;filter;(SortedSet,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;intersection;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newConcurrentHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newConcurrentHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newCopyOnWriteArraySet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newHashSet;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newHashSet;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newLinkedHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newSetFromMap;(Map);;Argument[0].MapKey;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;newTreeSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;powerSet;(Set);;Argument[0].Element;ReturnValue.Element.Element;value;manual",
-        "com.google.common.collect;Sets;false;subSet;(NavigableSet,Range);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;symmetricDifference;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;synchronizedNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;union;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Sets;false;unmodifiableNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Table$Cell;true;getColumnKey;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue;value;manual",
-        "com.google.common.collect;Table$Cell;true;getRowKey;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue;value;manual",
-        "com.google.common.collect;Table$Cell;true;getValue;();;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.collect;Table;true;cellSet;();;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual",
-        "com.google.common.collect;Table;true;cellSet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.Element.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Table;true;cellSet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.Element.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Table;true;column;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Table;true;column;(Object);;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;columnKeySet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Table;true;columnMap;();;Argument[-1].MapValue;ReturnValue.MapValue.MapValue;value;manual",
-        "com.google.common.collect;Table;true;columnMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;columnMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;get;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[0];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[1];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Table;true;remove;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "com.google.common.collect;Table;true;row;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Table;true;row;(Object);;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;rowKeySet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.Element;value;manual",
-        "com.google.common.collect;Table;true;rowMap;();;Argument[-1].MapValue;ReturnValue.MapValue.MapValue;value;manual",
-        "com.google.common.collect;Table;true;rowMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;rowMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;Table;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-        "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[0];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[1];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[2];ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapValue.MapKey;ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapValue.MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;transformValues;(Table,Function);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;transformValues;(Table,Function);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual",
-        "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual",
-        "com.google.common.collect;TreeMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "com.google.common.collect;TreeMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "com.google.common.collect;TreeMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual"
-      ]
-  }
-}
-
 /**
  * A reference type that extends a parameterization of `com.google.common.collect.Multimap`.
  */
diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll
index d7a4ab959df..5dd8aaa18ee 100644
--- a/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll
@@ -3,7 +3,4 @@
  */
 
 import java
-import Base
 import Collections
-import IO
-import Cache
diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll b/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll
deleted file mode 100644
index 6137a4e47f3..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll
+++ /dev/null
@@ -1,102 +0,0 @@
-/** Definitions of taint steps in the IO package of the Guava framework */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class GuavaIoCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "com.google.common.io;BaseEncoding;true;decode;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;decodingStream;(Reader);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;decodingSource;(CharSource);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;encode;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;withSeparator;(String,int);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;decode;(CharSequence);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;decodingStream;(Reader);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;decodingSource;(CharSource);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;encode;(byte[]);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;upperCase;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;lowerCase;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;withPadChar;(char);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;omitPadding;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;concat;(ByteSource[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;concat;(Iterable);;Argument[0].Element;ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;concat;(Iterator);;Argument[0].Element;ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint;manual",
-        "com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;read;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;slice;(long,long);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteSource;true;wrap;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;copy;(InputStream,OutputStream);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;ByteStreams;false;copy;(ReadableByteChannel,WritableByteChannel);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;ByteStreams;false;limit;(InputStream,long);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;newDataInput;(byte[]);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;newDataInput;(byte[],int);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;newDataInput;(ByteArrayInputStream);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;newDataOutput;(ByteArrayOutputStream);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;ByteStreams;false;read;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[]);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;ByteStreams;false;toByteArray;(InputStream);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;asByteSource;(Charset);;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;concat;(CharSource[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;concat;(Iterable);;Argument[0].Element;ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;concat;(Iterator);;Argument[0].Element;ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;copyTo;(Appendable);;Argument[-1];Argument[0];taint;manual",
-        "com.google.common.io;CharSource;true;openStream;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;read;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;readFirstLine;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;readLines;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;lines;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;CharSource;true;wrap;(CharSequence);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;CharStreams;false;copy;(Readable,Appendable);;Argument[0];Argument[1];taint;manual",
-        "com.google.common.io;CharStreams;false;readLines;(Readable);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;CharStreams;false;toString;(Readable);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;Closer;true;register;;;Argument[0];ReturnValue;value;manual",
-        "com.google.common.io;Files;false;getFileExtension;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;Files;false;getNameWithoutExtension;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;Files;false;simplifyPath;(String);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;MoreFiles;false;getFileExtension;(Path);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;MoreFiles;false;getNameWithoutExtension;(Path);;Argument[0];ReturnValue;taint;manual",
-        "com.google.common.io;LineReader;false;LineReader;(Readable);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;LineReader;true;readLine;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;write;(int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeByte;(int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeBytes;(String);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeChar;(int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeChars;(String);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeDouble;(double);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeFloat;(float);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeInt;(int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeLong;(long);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeShort;(int);;Argument[0];Argument[-1];taint;manual",
-        "com.google.common.io;ByteArrayDataOutput;true;writeUTF;(String);;Argument[0];Argument[-1];taint;manual"
-      ]
-  }
-}
-
-private class GuavaIoSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; kind`
-        "com.google.common.io;Resources;false;asByteSource;(URL);;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;asCharSource;(URL,Charset);;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;copy;(URL,OutputStream);;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;asByteSource;(URL);;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;readLines;;;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;toByteArray;(URL);;Argument[0];url-open-stream;manual",
-        "com.google.common.io;Resources;false;toString;(URL,Charset);;Argument[0];url-open-stream;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll b/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll
index 20a7303dd76..2aa78e9425d 100644
--- a/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * Methods annotated with this allow for generation of "plain SQL"
@@ -22,9 +21,3 @@ predicate jOOQSqlMethod(Method m) {
   m.getAnAnnotation() instanceof PlainSqlType and
   m.getParameterType(0) instanceof TypeString
 }
-
-private class SqlSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row = "org.jooq;PlainSQL;false;;;Annotated;Argument[0];sql;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
index 400f96598c1..020c167fab7 100644
--- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -9,7 +9,6 @@ import semmle.code.java.Reflection
 import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.internal.DataFlowForSerializability
 import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation.
@@ -282,18 +281,3 @@ class JacksonMixedInCallable extends Callable {
     )
   }
 }
-
-private class JacksonModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint;manual",
-        "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0].MapValue;ReturnValue;taint;manual",
-        "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0].MapValue.Element;ReturnValue;taint;manual",
-        "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint;manual",
-        "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint;manual",
-        "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint;manual",
-        "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
index 23e1518c916..c56571624e6 100644
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
@@ -75,14 +75,11 @@ class ForbiddenSecurityConfigurationCallable extends ForbiddenCallable {
 }
 
 /** A method or constructor involving serialization that may not be called by an EJB. */
-class ForbiddenSerializationCallable extends ForbiddenCallable {
-  ForbiddenSerializationCallable() { this instanceof ForbiddenSerializationMethod }
+class ForbiddenSerializationCallable extends ForbiddenCallable instanceof ForbiddenSerializationMethod {
 }
 
 /** A method or constructor involving network factory operations that may not be called by an EJB. */
-class ForbiddenSetFactoryCallable extends ForbiddenCallable {
-  ForbiddenSetFactoryCallable() { this instanceof ForbiddenSetFactoryMethod }
-}
+class ForbiddenSetFactoryCallable extends ForbiddenCallable instanceof ForbiddenSetFactoryMethod { }
 
 /** A method or constructor involving server socket operations that may not be called by an EJB. */
 class ForbiddenServerSocketCallable extends ForbiddenCallable {
diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
index 9efa891676b..546d3be6983 100644
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
@@ -1,7 +1,6 @@
 /** Provides classes and predicates for working with JavaServer Faces renderer. */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * The JSF class `FacesContext` for processing HTTP requests.
@@ -12,22 +11,6 @@ class FacesContext extends RefType {
   }
 }
 
-private class ExternalContextSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      ["javax.", "jakarta."] +
-        [
-          "faces.context;ExternalContext;true;getRequestParameterMap;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestParameterNames;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestParameterValuesMap;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestPathInfo;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestCookieMap;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestHeaderMap;();;ReturnValue;remote;manual",
-          "faces.context;ExternalContext;true;getRequestHeaderValuesMap;();;ReturnValue;remote;manual"
-        ]
-  }
-}
-
 /**
  * The method `getResponseWriter()` declared in JSF `ExternalContext`.
  */
@@ -49,15 +32,3 @@ class FacesGetResponseStreamMethod extends Method {
     this.getNumberOfParameters() = 0
   }
 }
-
-private class ExternalContextXssSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.faces.context;ResponseWriter;true;write;;;Argument[0];xss;manual",
-        "javax.faces.context;ResponseStream;true;write;;;Argument[0];xss;manual",
-        "jakarta.faces.context;ResponseWriter;true;write;;;Argument[0];xss;manual",
-        "jakarta.faces.context;ResponseStream;true;write;;;Argument[0];xss;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/IO.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/IO.qll
new file mode 100644
index 00000000000..38af34bc690
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/frameworks/kotlin/IO.qll
@@ -0,0 +1,8 @@
+/** Provides classes and predicates related to `kotlin.io`. */
+
+import java
+
+/** The type `kotlin.io.FilesKt`, where `File` extension methods are declared. */
+class FilesKt extends RefType {
+  FilesKt() { this.hasQualifiedName("kotlin.io", "FilesKt") }
+}
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/NegativeStdLibGenerated.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/NegativeStdLibGenerated.qll
deleted file mode 100644
index 412390f139e..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/kotlin/NegativeStdLibGenerated.qll
+++ /dev/null
@@ -1,4414 +0,0 @@
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of negative summaries in the Kotlin StdLib @30ce58cea74 framework.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class StdLibGeneratedNegativesummaryCsv extends NegativeSummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "kotlin.annotation;AnnotationRetention;valueOf;(String);generated",
-        "kotlin.annotation;AnnotationRetention;values;();generated",
-        "kotlin.annotation;AnnotationTarget;valueOf;(String);generated",
-        "kotlin.annotation;AnnotationTarget;values;();generated",
-        "kotlin.annotation;MustBeDocumented;MustBeDocumented;();generated",
-        "kotlin.annotation;Repeatable;Repeatable;();generated",
-        "kotlin.annotation;Retention;Retention;(AnnotationRetention);generated",
-        "kotlin.annotation;Retention;value;();generated",
-        "kotlin.annotation;Target;Target;(AnnotationTarget[]);generated",
-        "kotlin.annotation;Target;allowedTargets;();generated",
-        "kotlin.collections.builders;SerializedCollection$Companion;getTagList;();generated",
-        "kotlin.collections.builders;SerializedCollection$Companion;getTagSet;();generated",
-        "kotlin.collections;AbstractIterator;AbstractIterator;();generated",
-        "kotlin.collections;AbstractList;equals;(Object);generated",
-        "kotlin.collections;AbstractList;hashCode;();generated",
-        "kotlin.collections;AbstractMap;equals;(Object);generated",
-        "kotlin.collections;AbstractMap;hashCode;();generated",
-        "kotlin.collections;AbstractMap;toString;();generated",
-        "kotlin.collections;AbstractSet;equals;(Object);generated",
-        "kotlin.collections;AbstractSet;hashCode;();generated",
-        "kotlin.collections;ArrayDeque;ArrayDeque;();generated",
-        "kotlin.collections;ArrayDeque;ArrayDeque;(int);generated",
-        "kotlin.collections;ArrayList;ArrayList;();generated",
-        "kotlin.collections;ArrayList;ArrayList;(Collection);generated",
-        "kotlin.collections;ArrayList;ArrayList;(int);generated",
-        "kotlin.collections;ArrayList;ensureCapacity;(int);generated",
-        "kotlin.collections;ArrayList;trimToSize;();generated",
-        "kotlin.collections;ArraysKt;all;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;all;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(Object[]);generated",
-        "kotlin.collections;ArraysKt;any;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;any;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(byte[]);generated",
-        "kotlin.collections;ArraysKt;any;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(char[]);generated",
-        "kotlin.collections;ArraysKt;any;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(double[]);generated",
-        "kotlin.collections;ArraysKt;any;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(float[]);generated",
-        "kotlin.collections;ArraysKt;any;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(int[]);generated",
-        "kotlin.collections;ArraysKt;any;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(long[]);generated",
-        "kotlin.collections;ArraysKt;any;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;any;(short[]);generated",
-        "kotlin.collections;ArraysKt;any;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;asIterable;(Object[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(byte[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(char[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(double[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(float[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(int[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(long[]);generated",
-        "kotlin.collections;ArraysKt;asIterable;(short[]);generated",
-        "kotlin.collections;ArraysKt;asList;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;asList;(byte[]);generated",
-        "kotlin.collections;ArraysKt;asList;(char[]);generated",
-        "kotlin.collections;ArraysKt;asList;(double[]);generated",
-        "kotlin.collections;ArraysKt;asList;(float[]);generated",
-        "kotlin.collections;ArraysKt;asList;(int[]);generated",
-        "kotlin.collections;ArraysKt;asList;(long[]);generated",
-        "kotlin.collections;ArraysKt;asList;(short[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(Object[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(byte[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(char[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(double[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(float[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(int[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(long[]);generated",
-        "kotlin.collections;ArraysKt;asSequence;(short[]);generated",
-        "kotlin.collections;ArraysKt;associate;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;associate;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(Object[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(boolean[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(byte[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(char[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(double[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(float[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(int[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(long[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateBy;(short[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;associateWith;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;average;(byte[]);generated",
-        "kotlin.collections;ArraysKt;average;(double[]);generated",
-        "kotlin.collections;ArraysKt;average;(float[]);generated",
-        "kotlin.collections;ArraysKt;average;(int[]);generated",
-        "kotlin.collections;ArraysKt;average;(long[]);generated",
-        "kotlin.collections;ArraysKt;average;(short[]);generated",
-        "kotlin.collections;ArraysKt;averageOfByte;(Byte[]);generated",
-        "kotlin.collections;ArraysKt;averageOfDouble;(Double[]);generated",
-        "kotlin.collections;ArraysKt;averageOfFloat;(Float[]);generated",
-        "kotlin.collections;ArraysKt;averageOfInt;(Integer[]);generated",
-        "kotlin.collections;ArraysKt;averageOfLong;(Long[]);generated",
-        "kotlin.collections;ArraysKt;averageOfShort;(Short[]);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(Object[],Object,Comparator,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(Object[],Object,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(byte[],byte,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(char[],char,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(double[],double,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(float[],float,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(int[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(long[],long,int,int);generated",
-        "kotlin.collections;ArraysKt;binarySearch;(short[],short,int,int);generated",
-        "kotlin.collections;ArraysKt;component1;(Object[]);generated",
-        "kotlin.collections;ArraysKt;component1;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;component1;(byte[]);generated",
-        "kotlin.collections;ArraysKt;component1;(char[]);generated",
-        "kotlin.collections;ArraysKt;component1;(double[]);generated",
-        "kotlin.collections;ArraysKt;component1;(float[]);generated",
-        "kotlin.collections;ArraysKt;component1;(int[]);generated",
-        "kotlin.collections;ArraysKt;component1;(long[]);generated",
-        "kotlin.collections;ArraysKt;component1;(short[]);generated",
-        "kotlin.collections;ArraysKt;component2;(Object[]);generated",
-        "kotlin.collections;ArraysKt;component2;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;component2;(byte[]);generated",
-        "kotlin.collections;ArraysKt;component2;(char[]);generated",
-        "kotlin.collections;ArraysKt;component2;(double[]);generated",
-        "kotlin.collections;ArraysKt;component2;(float[]);generated",
-        "kotlin.collections;ArraysKt;component2;(int[]);generated",
-        "kotlin.collections;ArraysKt;component2;(long[]);generated",
-        "kotlin.collections;ArraysKt;component2;(short[]);generated",
-        "kotlin.collections;ArraysKt;component3;(Object[]);generated",
-        "kotlin.collections;ArraysKt;component3;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;component3;(byte[]);generated",
-        "kotlin.collections;ArraysKt;component3;(char[]);generated",
-        "kotlin.collections;ArraysKt;component3;(double[]);generated",
-        "kotlin.collections;ArraysKt;component3;(float[]);generated",
-        "kotlin.collections;ArraysKt;component3;(int[]);generated",
-        "kotlin.collections;ArraysKt;component3;(long[]);generated",
-        "kotlin.collections;ArraysKt;component3;(short[]);generated",
-        "kotlin.collections;ArraysKt;component4;(Object[]);generated",
-        "kotlin.collections;ArraysKt;component4;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;component4;(byte[]);generated",
-        "kotlin.collections;ArraysKt;component4;(char[]);generated",
-        "kotlin.collections;ArraysKt;component4;(double[]);generated",
-        "kotlin.collections;ArraysKt;component4;(float[]);generated",
-        "kotlin.collections;ArraysKt;component4;(int[]);generated",
-        "kotlin.collections;ArraysKt;component4;(long[]);generated",
-        "kotlin.collections;ArraysKt;component4;(short[]);generated",
-        "kotlin.collections;ArraysKt;component5;(Object[]);generated",
-        "kotlin.collections;ArraysKt;component5;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;component5;(byte[]);generated",
-        "kotlin.collections;ArraysKt;component5;(char[]);generated",
-        "kotlin.collections;ArraysKt;component5;(double[]);generated",
-        "kotlin.collections;ArraysKt;component5;(float[]);generated",
-        "kotlin.collections;ArraysKt;component5;(int[]);generated",
-        "kotlin.collections;ArraysKt;component5;(long[]);generated",
-        "kotlin.collections;ArraysKt;component5;(short[]);generated",
-        "kotlin.collections;ArraysKt;contains;(Object[],Object);generated",
-        "kotlin.collections;ArraysKt;contains;(boolean[],boolean);generated",
-        "kotlin.collections;ArraysKt;contains;(byte[],byte);generated",
-        "kotlin.collections;ArraysKt;contains;(char[],char);generated",
-        "kotlin.collections;ArraysKt;contains;(double[],double);generated",
-        "kotlin.collections;ArraysKt;contains;(float[],float);generated",
-        "kotlin.collections;ArraysKt;contains;(int[],int);generated",
-        "kotlin.collections;ArraysKt;contains;(long[],long);generated",
-        "kotlin.collections;ArraysKt;contains;(short[],short);generated",
-        "kotlin.collections;ArraysKt;contentDeepEqualsInline;(Object[],Object[]);generated",
-        "kotlin.collections;ArraysKt;contentDeepEqualsNullable;(Object[],Object[]);generated",
-        "kotlin.collections;ArraysKt;contentDeepHashCodeInline;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentDeepHashCodeNullable;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentDeepToStringInline;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentDeepToStringNullable;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(Object[],Object[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(boolean[],boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(byte[],byte[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(char[],char[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(double[],double[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(float[],float[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(int[],int[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(long[],long[]);generated",
-        "kotlin.collections;ArraysKt;contentEquals;(short[],short[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(Object[],Object[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(boolean[],boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(byte[],byte[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(char[],char[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(double[],double[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(float[],float[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(int[],int[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(long[],long[]);generated",
-        "kotlin.collections;ArraysKt;contentEqualsNullable;(short[],short[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(byte[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(char[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(double[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(float[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(int[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(long[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCode;(short[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(byte[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(char[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(double[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(float[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(int[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(long[]);generated",
-        "kotlin.collections;ArraysKt;contentHashCodeNullable;(short[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(byte[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(char[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(double[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(float[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(int[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(long[]);generated",
-        "kotlin.collections;ArraysKt;contentToString;(short[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(Object[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(byte[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(char[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(double[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(float[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(int[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(long[]);generated",
-        "kotlin.collections;ArraysKt;contentToStringNullable;(short[]);generated",
-        "kotlin.collections;ArraysKt;copyInto;(boolean[],boolean[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyInto;(double[],double[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyInto;(float[],float[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyInto;(int[],int[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyInto;(long[],long[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyInto;(short[],short[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(double[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(double[],int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(float[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(float[],int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(int[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(int[],int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(long[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(long[],int);generated",
-        "kotlin.collections;ArraysKt;copyOf;(short[]);generated",
-        "kotlin.collections;ArraysKt;copyOf;(short[],int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(boolean[],int,int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(double[],int,int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(float[],int,int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(int[],int,int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(long[],int,int);generated",
-        "kotlin.collections;ArraysKt;copyOfRangeInline;(short[],int,int);generated",
-        "kotlin.collections;ArraysKt;count;(Object[]);generated",
-        "kotlin.collections;ArraysKt;count;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;count;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(byte[]);generated",
-        "kotlin.collections;ArraysKt;count;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(char[]);generated",
-        "kotlin.collections;ArraysKt;count;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(double[]);generated",
-        "kotlin.collections;ArraysKt;count;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(float[]);generated",
-        "kotlin.collections;ArraysKt;count;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(int[]);generated",
-        "kotlin.collections;ArraysKt;count;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(long[]);generated",
-        "kotlin.collections;ArraysKt;count;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;count;(short[]);generated",
-        "kotlin.collections;ArraysKt;count;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinct;(Object[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(byte[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(char[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(double[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(float[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(int[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(long[]);generated",
-        "kotlin.collections;ArraysKt;distinct;(short[]);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;distinctBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;drop;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(char[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(double[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(float[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(int[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(long[],int);generated",
-        "kotlin.collections;ArraysKt;drop;(short[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(char[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(double[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(float[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(int[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(long[],int);generated",
-        "kotlin.collections;ArraysKt;dropLast;(short[],int);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropLastWhile;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;dropWhile;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;elementAt;(Object[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(char[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(double[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(float[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(int[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(long[],int);generated",
-        "kotlin.collections;ArraysKt;elementAt;(short[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(Object[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(boolean[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(byte[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(char[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(double[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(float[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(int[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(long[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrElse;(short[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(Object[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(char[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(double[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(float[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(int[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(long[],int);generated",
-        "kotlin.collections;ArraysKt;elementAtOrNull;(short[],int);generated",
-        "kotlin.collections;ArraysKt;fill;(boolean[],boolean,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(byte[],byte,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(char[],char,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(double[],double,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(float[],float,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(int[],int,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(long[],long,int,int);generated",
-        "kotlin.collections;ArraysKt;fill;(short[],short,int,int);generated",
-        "kotlin.collections;ArraysKt;filter;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;filter;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIndexed;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;filterIsInstance;(Object[]);generated",
-        "kotlin.collections;ArraysKt;filterIsInstance;(Object[],Class);generated",
-        "kotlin.collections;ArraysKt;filterNot;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNot;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;filterNotNull;(Object[]);generated",
-        "kotlin.collections;ArraysKt;find;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;find;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;findLast;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;first;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(byte[]);generated",
-        "kotlin.collections;ArraysKt;first;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(char[]);generated",
-        "kotlin.collections;ArraysKt;first;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(double[]);generated",
-        "kotlin.collections;ArraysKt;first;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(float[]);generated",
-        "kotlin.collections;ArraysKt;first;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(int[]);generated",
-        "kotlin.collections;ArraysKt;first;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(long[]);generated",
-        "kotlin.collections;ArraysKt;first;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;first;(short[]);generated",
-        "kotlin.collections;ArraysKt;first;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstNotNullOf;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstNotNullOfOrNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;firstOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMap;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedIterable;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapIndexedSequence;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;flatMapSequence;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;flatten;(Object[][]);generated",
-        "kotlin.collections;ArraysKt;forEach;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEach;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;forEachIndexed;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;getIndices;(Object[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(byte[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(char[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(double[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(float[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(int[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(long[]);generated",
-        "kotlin.collections;ArraysKt;getIndices;(short[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(Object[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(byte[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(char[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(double[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(float[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(int[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(long[]);generated",
-        "kotlin.collections;ArraysKt;getLastIndex;(short[]);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(Object[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(boolean[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(byte[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(char[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(double[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(float[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(int[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(long[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrElse;(short[],int,Function1);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(Object[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(char[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(double[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(float[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(int[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(long[],int);generated",
-        "kotlin.collections;ArraysKt;getOrNull;(short[],int);generated",
-        "kotlin.collections;ArraysKt;groupBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(Object[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(boolean[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(byte[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(char[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(double[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(float[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(int[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(long[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;groupBy;(short[],Function1,Function1);generated",
-        "kotlin.collections;ArraysKt;groupingBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOf;(Object[],Object);generated",
-        "kotlin.collections;ArraysKt;indexOf;(boolean[],boolean);generated",
-        "kotlin.collections;ArraysKt;indexOf;(byte[],byte);generated",
-        "kotlin.collections;ArraysKt;indexOf;(char[],char);generated",
-        "kotlin.collections;ArraysKt;indexOf;(double[],double);generated",
-        "kotlin.collections;ArraysKt;indexOf;(float[],float);generated",
-        "kotlin.collections;ArraysKt;indexOf;(int[],int);generated",
-        "kotlin.collections;ArraysKt;indexOf;(long[],long);generated",
-        "kotlin.collections;ArraysKt;indexOf;(short[],short);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfFirst;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;indexOfLast;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;intersect;(Object[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(boolean[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(byte[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(char[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(double[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(float[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(int[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(long[],Iterable);generated",
-        "kotlin.collections;ArraysKt;intersect;(short[],Iterable);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(Object[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(byte[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(char[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(double[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(float[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(int[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(long[]);generated",
-        "kotlin.collections;ArraysKt;isEmpty;(short[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(Object[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(byte[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(char[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(double[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(float[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(int[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(long[]);generated",
-        "kotlin.collections;ArraysKt;isNotEmpty;(short[]);generated",
-        "kotlin.collections;ArraysKt;isNullOrEmpty;(Object[]);generated",
-        "kotlin.collections;ArraysKt;last;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;last;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(byte[]);generated",
-        "kotlin.collections;ArraysKt;last;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(char[]);generated",
-        "kotlin.collections;ArraysKt;last;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(double[]);generated",
-        "kotlin.collections;ArraysKt;last;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(float[]);generated",
-        "kotlin.collections;ArraysKt;last;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(int[]);generated",
-        "kotlin.collections;ArraysKt;last;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(long[]);generated",
-        "kotlin.collections;ArraysKt;last;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;last;(short[]);generated",
-        "kotlin.collections;ArraysKt;last;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(Object[],Object);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(boolean[],boolean);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(byte[],byte);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(char[],char);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(double[],double);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(float[],float);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(int[],int);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(long[],long);generated",
-        "kotlin.collections;ArraysKt;lastIndexOf;(short[],short);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;lastOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;map;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexed;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapIndexedNotNull;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;mapNotNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;max;(Double[]);generated",
-        "kotlin.collections;ArraysKt;max;(Float[]);generated",
-        "kotlin.collections;ArraysKt;max;(byte[]);generated",
-        "kotlin.collections;ArraysKt;max;(char[]);generated",
-        "kotlin.collections;ArraysKt;max;(double[]);generated",
-        "kotlin.collections;ArraysKt;max;(float[]);generated",
-        "kotlin.collections;ArraysKt;max;(int[]);generated",
-        "kotlin.collections;ArraysKt;max;(long[]);generated",
-        "kotlin.collections;ArraysKt;max;(short[]);generated",
-        "kotlin.collections;ArraysKt;maxBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxByOrThrow;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOf;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(boolean[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(byte[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(char[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(double[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(float[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(int[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(long[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWith;(short[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(boolean[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(byte[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(char[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(double[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(float[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(int[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(long[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOfWithOrNull;(short[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(Double[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(Float[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;maxOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(Double[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(Float[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(byte[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(char[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(double[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(float[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(int[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(long[]);generated",
-        "kotlin.collections;ArraysKt;maxOrThrow;(short[]);generated",
-        "kotlin.collections;ArraysKt;maxWith;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWith;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrNull;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;maxWithOrThrow;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;min;(Double[]);generated",
-        "kotlin.collections;ArraysKt;min;(Float[]);generated",
-        "kotlin.collections;ArraysKt;min;(byte[]);generated",
-        "kotlin.collections;ArraysKt;min;(char[]);generated",
-        "kotlin.collections;ArraysKt;min;(double[]);generated",
-        "kotlin.collections;ArraysKt;min;(float[]);generated",
-        "kotlin.collections;ArraysKt;min;(int[]);generated",
-        "kotlin.collections;ArraysKt;min;(long[]);generated",
-        "kotlin.collections;ArraysKt;min;(short[]);generated",
-        "kotlin.collections;ArraysKt;minBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;minBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;minByOrThrow;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOf;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(boolean[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(byte[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(char[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(double[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(float[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(int[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(long[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWith;(short[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(boolean[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(byte[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(char[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(double[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(float[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(int[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(long[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOfWithOrNull;(short[],Comparator,Function1);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(Double[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(Float[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;minOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(Double[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(Float[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(byte[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(char[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(double[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(float[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(int[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(long[]);generated",
-        "kotlin.collections;ArraysKt;minOrThrow;(short[]);generated",
-        "kotlin.collections;ArraysKt;minWith;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWith;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrNull;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;minWithOrThrow;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;none;(Object[]);generated",
-        "kotlin.collections;ArraysKt;none;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;none;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(byte[]);generated",
-        "kotlin.collections;ArraysKt;none;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(char[]);generated",
-        "kotlin.collections;ArraysKt;none;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(double[]);generated",
-        "kotlin.collections;ArraysKt;none;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(float[]);generated",
-        "kotlin.collections;ArraysKt;none;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(int[]);generated",
-        "kotlin.collections;ArraysKt;none;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(long[]);generated",
-        "kotlin.collections;ArraysKt;none;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;none;(short[]);generated",
-        "kotlin.collections;ArraysKt;none;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEach;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;onEachIndexed;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;partition;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;partition;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;plus;(boolean[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(boolean[],boolean);generated",
-        "kotlin.collections;ArraysKt;plus;(boolean[],boolean[]);generated",
-        "kotlin.collections;ArraysKt;plus;(double[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(double[],double);generated",
-        "kotlin.collections;ArraysKt;plus;(double[],double[]);generated",
-        "kotlin.collections;ArraysKt;plus;(float[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(float[],float);generated",
-        "kotlin.collections;ArraysKt;plus;(float[],float[]);generated",
-        "kotlin.collections;ArraysKt;plus;(int[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(int[],int);generated",
-        "kotlin.collections;ArraysKt;plus;(int[],int[]);generated",
-        "kotlin.collections;ArraysKt;plus;(long[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(long[],long);generated",
-        "kotlin.collections;ArraysKt;plus;(long[],long[]);generated",
-        "kotlin.collections;ArraysKt;plus;(short[],Collection);generated",
-        "kotlin.collections;ArraysKt;plus;(short[],short);generated",
-        "kotlin.collections;ArraysKt;plus;(short[],short[]);generated",
-        "kotlin.collections;ArraysKt;random;(Object[]);generated",
-        "kotlin.collections;ArraysKt;random;(Object[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;random;(boolean[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(byte[]);generated",
-        "kotlin.collections;ArraysKt;random;(byte[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(char[]);generated",
-        "kotlin.collections;ArraysKt;random;(char[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(double[]);generated",
-        "kotlin.collections;ArraysKt;random;(double[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(float[]);generated",
-        "kotlin.collections;ArraysKt;random;(float[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(int[]);generated",
-        "kotlin.collections;ArraysKt;random;(int[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(long[]);generated",
-        "kotlin.collections;ArraysKt;random;(long[],Random);generated",
-        "kotlin.collections;ArraysKt;random;(short[]);generated",
-        "kotlin.collections;ArraysKt;random;(short[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(Object[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(Object[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(boolean[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(byte[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(char[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(double[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(float[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(int[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(long[],Random);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;randomOrNull;(short[],Random);generated",
-        "kotlin.collections;ArraysKt;reduce;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduce;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(boolean[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(byte[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(char[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(double[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(float[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(int[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(long[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexed;(short[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(boolean[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(byte[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(char[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(double[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(float[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(int[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(long[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceIndexedOrNull;(short[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceOrNull;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRight;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(Object[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(boolean[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(byte[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(char[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(double[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(float[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(int[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(long[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexed;(short[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(Object[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(boolean[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(byte[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(char[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(double[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(float[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(int[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(long[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightIndexedOrNull;(short[],Function3);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;reduceRightOrNull;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;reverse;(Object[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(Object[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(boolean[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(byte[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(byte[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(char[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(char[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(double[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(double[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(float[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(float[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(int[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(int[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(long[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(long[],int,int);generated",
-        "kotlin.collections;ArraysKt;reverse;(short[]);generated",
-        "kotlin.collections;ArraysKt;reverse;(short[],int,int);generated",
-        "kotlin.collections;ArraysKt;reversed;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(byte[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(char[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(double[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(float[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(int[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(long[]);generated",
-        "kotlin.collections;ArraysKt;reversed;(short[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(double[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(float[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(int[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(long[]);generated",
-        "kotlin.collections;ArraysKt;reversedArray;(short[]);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(char[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(double[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(float[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(int[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(long[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduce;(short[],Function2);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(Object[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(boolean[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(byte[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(char[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(double[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(float[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(int[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(long[],Function3);generated",
-        "kotlin.collections;ArraysKt;runningReduceIndexed;(short[],Function3);generated",
-        "kotlin.collections;ArraysKt;shuffle;(Object[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(Object[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(boolean[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(byte[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(byte[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(char[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(char[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(double[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(double[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(float[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(float[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(int[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(int[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(long[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(long[],Random);generated",
-        "kotlin.collections;ArraysKt;shuffle;(short[]);generated",
-        "kotlin.collections;ArraysKt;shuffle;(short[],Random);generated",
-        "kotlin.collections;ArraysKt;single;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;single;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(byte[]);generated",
-        "kotlin.collections;ArraysKt;single;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(char[]);generated",
-        "kotlin.collections;ArraysKt;single;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(double[]);generated",
-        "kotlin.collections;ArraysKt;single;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(float[]);generated",
-        "kotlin.collections;ArraysKt;single;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(int[]);generated",
-        "kotlin.collections;ArraysKt;single;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(long[]);generated",
-        "kotlin.collections;ArraysKt;single;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;single;(short[]);generated",
-        "kotlin.collections;ArraysKt;single;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(byte[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(char[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(double[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(float[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(int[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(long[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(short[]);generated",
-        "kotlin.collections;ArraysKt;singleOrNull;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;slice;(Object[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(boolean[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(boolean[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(byte[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(byte[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(char[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(char[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(double[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(double[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(float[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(float[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(int[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(int[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(long[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(long[],Iterable);generated",
-        "kotlin.collections;ArraysKt;slice;(short[],IntRange);generated",
-        "kotlin.collections;ArraysKt;slice;(short[],Iterable);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(boolean[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(boolean[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(byte[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(char[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(double[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(double[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(float[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(float[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(int[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(int[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(long[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(long[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(short[],Collection);generated",
-        "kotlin.collections;ArraysKt;sliceArray;(short[],IntRange);generated",
-        "kotlin.collections;ArraysKt;sort;(Comparable[]);generated",
-        "kotlin.collections;ArraysKt;sort;(Comparable[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(Object[]);generated",
-        "kotlin.collections;ArraysKt;sort;(Object[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(byte[]);generated",
-        "kotlin.collections;ArraysKt;sort;(byte[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(char[]);generated",
-        "kotlin.collections;ArraysKt;sort;(char[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(double[]);generated",
-        "kotlin.collections;ArraysKt;sort;(double[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(float[]);generated",
-        "kotlin.collections;ArraysKt;sort;(float[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(int[]);generated",
-        "kotlin.collections;ArraysKt;sort;(int[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(long[]);generated",
-        "kotlin.collections;ArraysKt;sort;(long[],int,int);generated",
-        "kotlin.collections;ArraysKt;sort;(short[]);generated",
-        "kotlin.collections;ArraysKt;sort;(short[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortByDescending;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(Comparable[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(Comparable[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(byte[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(byte[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(char[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(char[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(double[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(double[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(float[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(float[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(int[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(int[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(long[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(long[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(short[]);generated",
-        "kotlin.collections;ArraysKt;sortDescending;(short[],int,int);generated",
-        "kotlin.collections;ArraysKt;sortWith;(Object[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortWith;(Object[],Comparator,int,int);generated",
-        "kotlin.collections;ArraysKt;sorted;(byte[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(char[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(double[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(float[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(int[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(long[]);generated",
-        "kotlin.collections;ArraysKt;sorted;(short[]);generated",
-        "kotlin.collections;ArraysKt;sortedArray;(double[]);generated",
-        "kotlin.collections;ArraysKt;sortedArray;(float[]);generated",
-        "kotlin.collections;ArraysKt;sortedArray;(int[]);generated",
-        "kotlin.collections;ArraysKt;sortedArray;(long[]);generated",
-        "kotlin.collections;ArraysKt;sortedArray;(short[]);generated",
-        "kotlin.collections;ArraysKt;sortedArrayDescending;(double[]);generated",
-        "kotlin.collections;ArraysKt;sortedArrayDescending;(float[]);generated",
-        "kotlin.collections;ArraysKt;sortedArrayDescending;(int[]);generated",
-        "kotlin.collections;ArraysKt;sortedArrayDescending;(long[]);generated",
-        "kotlin.collections;ArraysKt;sortedArrayDescending;(short[]);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedByDescending;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(byte[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(char[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(double[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(float[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(int[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(long[]);generated",
-        "kotlin.collections;ArraysKt;sortedDescending;(short[]);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(boolean[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(byte[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(char[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(double[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(float[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(int[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(long[],Comparator);generated",
-        "kotlin.collections;ArraysKt;sortedWith;(short[],Comparator);generated",
-        "kotlin.collections;ArraysKt;subtract;(Object[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(boolean[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(byte[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(char[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(double[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(float[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(int[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(long[],Iterable);generated",
-        "kotlin.collections;ArraysKt;subtract;(short[],Iterable);generated",
-        "kotlin.collections;ArraysKt;sum;(byte[]);generated",
-        "kotlin.collections;ArraysKt;sum;(double[]);generated",
-        "kotlin.collections;ArraysKt;sum;(float[]);generated",
-        "kotlin.collections;ArraysKt;sum;(int[]);generated",
-        "kotlin.collections;ArraysKt;sum;(long[]);generated",
-        "kotlin.collections;ArraysKt;sum;(short[]);generated",
-        "kotlin.collections;ArraysKt;sumBy;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumBy;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumByDouble;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigDecimal;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfBigInteger;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfByte;(Byte[]);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(Double[]);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfDouble;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfFloat;(Float[]);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(Integer[]);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfInt;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(Long[]);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfLong;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfShort;(Short[]);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfUInt;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;sumOfULong;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;take;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;take;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;take;(char[],int);generated",
-        "kotlin.collections;ArraysKt;take;(double[],int);generated",
-        "kotlin.collections;ArraysKt;take;(float[],int);generated",
-        "kotlin.collections;ArraysKt;take;(int[],int);generated",
-        "kotlin.collections;ArraysKt;take;(long[],int);generated",
-        "kotlin.collections;ArraysKt;take;(short[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(boolean[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(byte[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(char[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(double[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(float[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(int[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(long[],int);generated",
-        "kotlin.collections;ArraysKt;takeLast;(short[],int);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeLastWhile;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(Object[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(boolean[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(byte[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(char[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(double[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(float[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(int[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(long[],Function1);generated",
-        "kotlin.collections;ArraysKt;takeWhile;(short[],Function1);generated",
-        "kotlin.collections;ArraysKt;toBooleanArray;(Boolean[]);generated",
-        "kotlin.collections;ArraysKt;toByteArray;(Byte[]);generated",
-        "kotlin.collections;ArraysKt;toCharArray;(Character[]);generated",
-        "kotlin.collections;ArraysKt;toDoubleArray;(Double[]);generated",
-        "kotlin.collections;ArraysKt;toFloatArray;(Float[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(Object[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(char[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(double[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(float[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(int[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(long[]);generated",
-        "kotlin.collections;ArraysKt;toHashSet;(short[]);generated",
-        "kotlin.collections;ArraysKt;toIntArray;(Integer[]);generated",
-        "kotlin.collections;ArraysKt;toList;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toList;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toList;(char[]);generated",
-        "kotlin.collections;ArraysKt;toList;(double[]);generated",
-        "kotlin.collections;ArraysKt;toList;(float[]);generated",
-        "kotlin.collections;ArraysKt;toList;(int[]);generated",
-        "kotlin.collections;ArraysKt;toList;(long[]);generated",
-        "kotlin.collections;ArraysKt;toList;(short[]);generated",
-        "kotlin.collections;ArraysKt;toLongArray;(Long[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(char[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(double[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(float[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(int[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(long[]);generated",
-        "kotlin.collections;ArraysKt;toMutableList;(short[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(Object[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(char[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(double[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(float[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(int[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(long[]);generated",
-        "kotlin.collections;ArraysKt;toMutableSet;(short[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(char[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(double[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(float[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(int[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(long[]);generated",
-        "kotlin.collections;ArraysKt;toSet;(short[]);generated",
-        "kotlin.collections;ArraysKt;toShortArray;(Short[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(Comparable[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(Object[],Comparator);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(char[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(double[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(float[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(int[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(long[]);generated",
-        "kotlin.collections;ArraysKt;toSortedSet;(short[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(byte[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(char[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(double[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(float[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(int[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(long[]);generated",
-        "kotlin.collections;ArraysKt;toTypedArray;(short[]);generated",
-        "kotlin.collections;ArraysKt;union;(boolean[],Iterable);generated",
-        "kotlin.collections;ArraysKt;union;(double[],Iterable);generated",
-        "kotlin.collections;ArraysKt;union;(float[],Iterable);generated",
-        "kotlin.collections;ArraysKt;union;(int[],Iterable);generated",
-        "kotlin.collections;ArraysKt;union;(long[],Iterable);generated",
-        "kotlin.collections;ArraysKt;union;(short[],Iterable);generated",
-        "kotlin.collections;ArraysKt;unzip;(Pair[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(Object[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(boolean[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(byte[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(char[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(double[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(float[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(int[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(long[]);generated",
-        "kotlin.collections;ArraysKt;withIndex;(short[]);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],boolean[]);generated",
-        "kotlin.collections;ArraysKt;zip;(boolean[],boolean[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],byte[]);generated",
-        "kotlin.collections;ArraysKt;zip;(byte[],byte[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],char[]);generated",
-        "kotlin.collections;ArraysKt;zip;(char[],char[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],double[]);generated",
-        "kotlin.collections;ArraysKt;zip;(double[],double[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],float[]);generated",
-        "kotlin.collections;ArraysKt;zip;(float[],float[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],int[]);generated",
-        "kotlin.collections;ArraysKt;zip;(int[],int[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],long[]);generated",
-        "kotlin.collections;ArraysKt;zip;(long[],long[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],Iterable);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],Iterable,Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],Object[]);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],Object[],Function2);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],short[]);generated",
-        "kotlin.collections;ArraysKt;zip;(short[],short[],Function2);generated",
-        "kotlin.collections;BooleanIterator;BooleanIterator;();generated",
-        "kotlin.collections;BooleanIterator;nextBoolean;();generated",
-        "kotlin.collections;ByteIterator;ByteIterator;();generated",
-        "kotlin.collections;ByteIterator;nextByte;();generated",
-        "kotlin.collections;CharIterator;CharIterator;();generated",
-        "kotlin.collections;CharIterator;nextChar;();generated",
-        "kotlin.collections;CollectionsHKt;eachCount;(Grouping);generated",
-        "kotlin.collections;CollectionsHKt;fill;(List,Object);generated",
-        "kotlin.collections;CollectionsHKt;orEmpty;(Object[]);generated",
-        "kotlin.collections;CollectionsHKt;shuffle;(List);generated",
-        "kotlin.collections;CollectionsHKt;shuffled;(Iterable);generated",
-        "kotlin.collections;CollectionsHKt;sort;(List);generated",
-        "kotlin.collections;CollectionsHKt;sortWith;(List,Comparator);generated",
-        "kotlin.collections;CollectionsHKt;toTypedArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;Iterable;(Function0);generated",
-        "kotlin.collections;CollectionsKt;List;(int,Function1);generated",
-        "kotlin.collections;CollectionsKt;MutableList;(int,Function1);generated",
-        "kotlin.collections;CollectionsKt;all;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;any;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;any;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;arrayListOf;();generated",
-        "kotlin.collections;CollectionsKt;asSequence;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfByte;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfDouble;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfFloat;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfInt;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfLong;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;averageOfShort;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;binarySearch;(List,Comparable,int,int);generated",
-        "kotlin.collections;CollectionsKt;binarySearch;(List,Object,Comparator,int,int);generated",
-        "kotlin.collections;CollectionsKt;binarySearch;(List,int,int,Function1);generated",
-        "kotlin.collections;CollectionsKt;binarySearchBy;(List,Comparable,int,int,Function1);generated",
-        "kotlin.collections;CollectionsKt;buildList;(Function1);generated",
-        "kotlin.collections;CollectionsKt;buildList;(int,Function1);generated",
-        "kotlin.collections;CollectionsKt;chunked;(Iterable,int);generated",
-        "kotlin.collections;CollectionsKt;chunked;(Iterable,int,Function1);generated",
-        "kotlin.collections;CollectionsKt;contains;(Iterable,Object);generated",
-        "kotlin.collections;CollectionsKt;containsAll;(Collection,Collection);generated",
-        "kotlin.collections;CollectionsKt;count;(Collection);generated",
-        "kotlin.collections;CollectionsKt;count;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;count;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;emptyList;();generated",
-        "kotlin.collections;CollectionsKt;filterIndexed;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;flatMap;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;flatMapIndexedIterable;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;flatMapIndexedSequence;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;flatMapSequence;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;forEach;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;forEach;(Iterator,Function1);generated",
-        "kotlin.collections;CollectionsKt;forEachIndexed;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;getIndices;(Collection);generated",
-        "kotlin.collections;CollectionsKt;getLastIndex;(List);generated",
-        "kotlin.collections;CollectionsKt;groupBy;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;groupBy;(Iterable,Function1,Function1);generated",
-        "kotlin.collections;CollectionsKt;groupingBy;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;indexOf;(Iterable,Object);generated",
-        "kotlin.collections;CollectionsKt;indexOf;(List,Object);generated",
-        "kotlin.collections;CollectionsKt;indexOfFirst;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;indexOfFirst;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;indexOfLast;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;indexOfLast;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;isNotEmpty;(Collection);generated",
-        "kotlin.collections;CollectionsKt;isNullOrEmpty;(Collection);generated",
-        "kotlin.collections;CollectionsKt;iterator;(Enumeration);generated",
-        "kotlin.collections;CollectionsKt;lastIndexOf;(Iterable,Object);generated",
-        "kotlin.collections;CollectionsKt;lastIndexOf;(List,Object);generated",
-        "kotlin.collections;CollectionsKt;listOf;();generated",
-        "kotlin.collections;CollectionsKt;listOfNotNull;(Object[]);generated",
-        "kotlin.collections;CollectionsKt;mapIndexed;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;mapIndexedNotNull;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;mapNotNull;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;max;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;maxOf;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;maxOfOrNull;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;maxOrNull;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;maxOrThrow;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;min;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;minOf;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;minOfOrNull;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;minOrNull;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;minOrThrow;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;minusAssign;(Collection,Iterable);generated",
-        "kotlin.collections;CollectionsKt;minusAssign;(Collection,Object);generated",
-        "kotlin.collections;CollectionsKt;minusAssign;(Collection,Object[]);generated",
-        "kotlin.collections;CollectionsKt;minusAssign;(Collection,Sequence);generated",
-        "kotlin.collections;CollectionsKt;mutableListOf;();generated",
-        "kotlin.collections;CollectionsKt;none;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;none;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;remove;(Collection,Object);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(Collection,Collection);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(Collection,Iterable);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(Collection,Object[]);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(Collection,Sequence);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;removeAll;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(Collection,Collection);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(Collection,Iterable);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(Collection,Object[]);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(Collection,Sequence);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;retainAll;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;reverse;(List);generated",
-        "kotlin.collections;CollectionsKt;runningReduce;(Iterable,Function2);generated",
-        "kotlin.collections;CollectionsKt;runningReduceIndexed;(Iterable,Function3);generated",
-        "kotlin.collections;CollectionsKt;shuffle;(List);generated",
-        "kotlin.collections;CollectionsKt;shuffle;(List,Random);generated",
-        "kotlin.collections;CollectionsKt;sort;(List);generated",
-        "kotlin.collections;CollectionsKt;sort;(List,Comparator);generated",
-        "kotlin.collections;CollectionsKt;sort;(List,Function2);generated",
-        "kotlin.collections;CollectionsKt;sortBy;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;sortByDescending;(List,Function1);generated",
-        "kotlin.collections;CollectionsKt;sortDescending;(List);generated",
-        "kotlin.collections;CollectionsKt;sortWith;(List,Comparator);generated",
-        "kotlin.collections;CollectionsKt;sumBy;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumByDouble;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfBigDecimal;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfBigInteger;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfByte;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfDouble;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfDouble;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfFloat;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfInt;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfInt;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfLong;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfLong;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfShort;(Iterable);generated",
-        "kotlin.collections;CollectionsKt;sumOfUInt;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;sumOfULong;(Iterable,Function1);generated",
-        "kotlin.collections;CollectionsKt;toBooleanArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toByteArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toCharArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toDoubleArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toFloatArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toIntArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toLongArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;toShortArray;(Collection);generated",
-        "kotlin.collections;CollectionsKt;windowed;(Iterable,int,int,boolean);generated",
-        "kotlin.collections;CollectionsKt;windowed;(Iterable,int,int,boolean,Function1);generated",
-        "kotlin.collections;CollectionsKt;withIndex;(Iterable);generated",
-        "kotlin.collections;DoubleIterator;DoubleIterator;();generated",
-        "kotlin.collections;DoubleIterator;nextDouble;();generated",
-        "kotlin.collections;FloatIterator;FloatIterator;();generated",
-        "kotlin.collections;FloatIterator;nextFloat;();generated",
-        "kotlin.collections;Grouping;keyOf;(Object);generated",
-        "kotlin.collections;Grouping;sourceIterator;();generated",
-        "kotlin.collections;GroupingKt;aggregate;(Grouping,Function4);generated",
-        "kotlin.collections;GroupingKt;eachCount;(Grouping);generated",
-        "kotlin.collections;GroupingKt;fold;(Grouping,Function2,Function3);generated",
-        "kotlin.collections;GroupingKt;fold;(Grouping,Object,Function2);generated",
-        "kotlin.collections;GroupingKt;reduce;(Grouping,Function3);generated",
-        "kotlin.collections;HashMap;HashMap;();generated",
-        "kotlin.collections;HashMap;HashMap;(Map);generated",
-        "kotlin.collections;HashMap;HashMap;(int);generated",
-        "kotlin.collections;HashMap;HashMap;(int,float);generated",
-        "kotlin.collections;HashSet;HashSet;();generated",
-        "kotlin.collections;HashSet;HashSet;(Collection);generated",
-        "kotlin.collections;HashSet;HashSet;(int);generated",
-        "kotlin.collections;HashSet;HashSet;(int,float);generated",
-        "kotlin.collections;IndexedValue;component1;();generated",
-        "kotlin.collections;IndexedValue;equals;(Object);generated",
-        "kotlin.collections;IndexedValue;getIndex;();generated",
-        "kotlin.collections;IndexedValue;hashCode;();generated",
-        "kotlin.collections;IntIterator;IntIterator;();generated",
-        "kotlin.collections;IntIterator;nextInt;();generated",
-        "kotlin.collections;LinkedHashMap;LinkedHashMap;();generated",
-        "kotlin.collections;LinkedHashMap;LinkedHashMap;(Map);generated",
-        "kotlin.collections;LinkedHashMap;LinkedHashMap;(int);generated",
-        "kotlin.collections;LinkedHashMap;LinkedHashMap;(int,float);generated",
-        "kotlin.collections;LinkedHashSet;LinkedHashSet;();generated",
-        "kotlin.collections;LinkedHashSet;LinkedHashSet;(Collection);generated",
-        "kotlin.collections;LinkedHashSet;LinkedHashSet;(int);generated",
-        "kotlin.collections;LinkedHashSet;LinkedHashSet;(int,float);generated",
-        "kotlin.collections;LongIterator;LongIterator;();generated",
-        "kotlin.collections;LongIterator;nextLong;();generated",
-        "kotlin.collections;MapsKt;all;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;any;(Map);generated",
-        "kotlin.collections;MapsKt;any;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;asSequence;(Map);generated",
-        "kotlin.collections;MapsKt;buildMap;(Function1);generated",
-        "kotlin.collections;MapsKt;buildMap;(int,Function1);generated",
-        "kotlin.collections;MapsKt;contains;(Map,Object);generated",
-        "kotlin.collections;MapsKt;containsKey;(Map,Object);generated",
-        "kotlin.collections;MapsKt;containsValue;(Map,Object);generated",
-        "kotlin.collections;MapsKt;count;(Map);generated",
-        "kotlin.collections;MapsKt;count;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;emptyMap;();generated",
-        "kotlin.collections;MapsKt;flatMap;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;flatMapSequence;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;forEach;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;hashMapOf;();generated",
-        "kotlin.collections;MapsKt;hashMapOf;(Pair[]);generated",
-        "kotlin.collections;MapsKt;isNotEmpty;(Map);generated",
-        "kotlin.collections;MapsKt;isNullOrEmpty;(Map);generated",
-        "kotlin.collections;MapsKt;linkedMapOf;();generated",
-        "kotlin.collections;MapsKt;linkedMapOf;(Pair[]);generated",
-        "kotlin.collections;MapsKt;mapNotNull;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;mapOf;();generated",
-        "kotlin.collections;MapsKt;mapOf;(Pair[]);generated",
-        "kotlin.collections;MapsKt;maxOf;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;maxOfOrNull;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;minOf;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;minOfOrNull;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;minusAssign;(Map,Iterable);generated",
-        "kotlin.collections;MapsKt;minusAssign;(Map,Object);generated",
-        "kotlin.collections;MapsKt;minusAssign;(Map,Object[]);generated",
-        "kotlin.collections;MapsKt;minusAssign;(Map,Sequence);generated",
-        "kotlin.collections;MapsKt;mutableMapOf;();generated",
-        "kotlin.collections;MapsKt;mutableMapOf;(Pair[]);generated",
-        "kotlin.collections;MapsKt;none;(Map);generated",
-        "kotlin.collections;MapsKt;none;(Map,Function1);generated",
-        "kotlin.collections;MapsKt;plusAssign;(Map,Pair[]);generated",
-        "kotlin.collections;MapsKt;putAll;(Map,Pair[]);generated",
-        "kotlin.collections;MapsKt;sortedMapOf;(Comparator,Pair[]);generated",
-        "kotlin.collections;MapsKt;sortedMapOf;(Pair[]);generated",
-        "kotlin.collections;MapsKt;toMap;(Sequence);generated",
-        "kotlin.collections;MapsKt;toProperties;(Map);generated",
-        "kotlin.collections;MapsKt;toSortedMap;(Map,Comparator);generated",
-        "kotlin.collections;SetsKt;buildSet;(Function1);generated",
-        "kotlin.collections;SetsKt;buildSet;(int,Function1);generated",
-        "kotlin.collections;SetsKt;emptySet;();generated",
-        "kotlin.collections;SetsKt;hashSetOf;();generated",
-        "kotlin.collections;SetsKt;hashSetOf;(Object[]);generated",
-        "kotlin.collections;SetsKt;linkedSetOf;();generated",
-        "kotlin.collections;SetsKt;linkedSetOf;(Object[]);generated",
-        "kotlin.collections;SetsKt;mutableSetOf;();generated",
-        "kotlin.collections;SetsKt;mutableSetOf;(Object[]);generated",
-        "kotlin.collections;SetsKt;setOf;();generated",
-        "kotlin.collections;SetsKt;setOfNotNull;(Object[]);generated",
-        "kotlin.collections;SetsKt;sortedSetOf;(Comparator,Object[]);generated",
-        "kotlin.collections;SetsKt;sortedSetOf;(Object[]);generated",
-        "kotlin.collections;ShortIterator;ShortIterator;();generated",
-        "kotlin.collections;ShortIterator;nextShort;();generated",
-        "kotlin.collections;UArraysKt;all;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;all;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;all;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;all;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;any;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;any;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;any;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;any;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;any;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;any;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;any;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;any;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;asIntArray;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;asList;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;asList;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;asList;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;asList;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;asLongArray;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;asShortArray;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;asUIntArray;(int[]);generated",
-        "kotlin.collections;UArraysKt;asULongArray;(long[]);generated",
-        "kotlin.collections;UArraysKt;asUShortArray;(short[]);generated",
-        "kotlin.collections;UArraysKt;associateWith;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;associateWith;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;associateWith;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;associateWith;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;binarySearch;(UByteArray,byte,int,int);generated",
-        "kotlin.collections;UArraysKt;binarySearch;(UIntArray,int,int,int);generated",
-        "kotlin.collections;UArraysKt;binarySearch;(ULongArray,long,int,int);generated",
-        "kotlin.collections;UArraysKt;binarySearch;(UShortArray,short,int,int);generated",
-        "kotlin.collections;UArraysKt;component1;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;component1;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;component1;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;component1;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;component2;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;component2;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;component2;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;component2;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;component3;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;component3;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;component3;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;component3;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;component4;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;component4;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;component4;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;component4;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;component5;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;component5;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;component5;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;component5;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;contentEquals;(UByteArray,UByteArray);generated",
-        "kotlin.collections;UArraysKt;contentEquals;(UIntArray,UIntArray);generated",
-        "kotlin.collections;UArraysKt;contentEquals;(ULongArray,ULongArray);generated",
-        "kotlin.collections;UArraysKt;contentEquals;(UShortArray,UShortArray);generated",
-        "kotlin.collections;UArraysKt;contentHashCode;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;contentHashCode;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;contentHashCode;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;contentHashCode;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;copyOf;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;copyOf;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;copyOf;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;copyOf;(ULongArray,int);generated",
-        "kotlin.collections;UArraysKt;copyOf;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;copyOf;(UShortArray,int);generated",
-        "kotlin.collections;UArraysKt;copyOfRange;(UIntArray,int,int);generated",
-        "kotlin.collections;UArraysKt;copyOfRange;(ULongArray,int,int);generated",
-        "kotlin.collections;UArraysKt;copyOfRange;(UShortArray,int,int);generated",
-        "kotlin.collections;UArraysKt;count;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;count;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;count;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;count;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;dropWhile;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;dropWhile;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;dropWhile;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;dropWhile;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;elementAt;(UByteArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAt;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAt;(ULongArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAt;(UShortArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAtOrElse;(UByteArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;elementAtOrElse;(UIntArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;elementAtOrElse;(ULongArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;elementAtOrElse;(UShortArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;elementAtOrNull;(UByteArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAtOrNull;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAtOrNull;(ULongArray,int);generated",
-        "kotlin.collections;UArraysKt;elementAtOrNull;(UShortArray,int);generated",
-        "kotlin.collections;UArraysKt;fill;(UByteArray,byte,int,int);generated",
-        "kotlin.collections;UArraysKt;fill;(UIntArray,int,int,int);generated",
-        "kotlin.collections;UArraysKt;fill;(ULongArray,long,int,int);generated",
-        "kotlin.collections;UArraysKt;fill;(UShortArray,short,int,int);generated",
-        "kotlin.collections;UArraysKt;filter;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filter;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filter;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filter;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filterIndexed;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;filterIndexed;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;filterIndexed;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;filterIndexed;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;filterNot;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filterNot;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filterNot;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;filterNot;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;find;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;find;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;find;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;find;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;findLast;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;findLast;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;findLast;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;findLast;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;first;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;first;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;first;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;first;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;first;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;first;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;first;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;first;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;firstOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;flatMap;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;flatMap;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;flatMap;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;flatMap;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;flatMapIndexed;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;flatMapIndexed;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;flatMapIndexed;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;flatMapIndexed;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;forEach;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;forEach;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;forEach;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;forEach;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;forEachIndexed;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;forEachIndexed;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;forEachIndexed;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;forEachIndexed;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;getIndices;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;getIndices;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;getIndices;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;getIndices;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;getLastIndex;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;getLastIndex;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;getLastIndex;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;getLastIndex;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;getOrElse;(UByteArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;getOrElse;(UIntArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;getOrElse;(ULongArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;getOrElse;(UShortArray,int,Function1);generated",
-        "kotlin.collections;UArraysKt;getOrNull;(UByteArray,int);generated",
-        "kotlin.collections;UArraysKt;getOrNull;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;getOrNull;(ULongArray,int);generated",
-        "kotlin.collections;UArraysKt;getOrNull;(UShortArray,int);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UByteArray,Function1,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UIntArray,Function1,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(ULongArray,Function1,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;groupBy;(UShortArray,Function1,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOf;(UByteArray,byte);generated",
-        "kotlin.collections;UArraysKt;indexOf;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;indexOf;(ULongArray,long);generated",
-        "kotlin.collections;UArraysKt;indexOf;(UShortArray,short);generated",
-        "kotlin.collections;UArraysKt;indexOfFirst;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfFirst;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfFirst;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfFirst;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfLast;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfLast;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfLast;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;indexOfLast;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;last;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;last;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;last;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;last;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;last;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;last;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;last;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;last;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;lastIndexOf;(UByteArray,byte);generated",
-        "kotlin.collections;UArraysKt;lastIndexOf;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;lastIndexOf;(ULongArray,long);generated",
-        "kotlin.collections;UArraysKt;lastIndexOf;(UShortArray,short);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;lastOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;map;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;map;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;map;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;map;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;mapIndexed;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;mapIndexed;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;mapIndexed;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;mapIndexed;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;max;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;max;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;max;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;max;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;maxBy;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxBy;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxBy;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxBy;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrThrow-U;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrThrow-U;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrThrow-U;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxByOrThrow-U;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOf;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOf;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOf;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOf;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWith;(UByteArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWith;(UIntArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWith;(ULongArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWith;(UShortArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWithOrNull;(UByteArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWithOrNull;(UIntArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWithOrNull;(ULongArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOfWithOrNull;(UShortArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;maxOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;maxOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;maxOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;maxOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;maxOrThrow-U;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;maxOrThrow-U;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;maxOrThrow-U;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;maxOrThrow-U;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;maxWith;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWith;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWith;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWith;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrNull;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrNull;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrNull;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrNull;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrThrow-U;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrThrow-U;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrThrow-U;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;maxWithOrThrow-U;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;min;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;min;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;min;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;min;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;minBy;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minBy;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minBy;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minBy;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrThrow-U;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrThrow-U;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrThrow-U;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minByOrThrow-U;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOf;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOf;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOf;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOf;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWith;(UByteArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWith;(UIntArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWith;(ULongArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWith;(UShortArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWithOrNull;(UByteArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWithOrNull;(UIntArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWithOrNull;(ULongArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOfWithOrNull;(UShortArray,Comparator,Function1);generated",
-        "kotlin.collections;UArraysKt;minOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;minOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;minOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;minOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;minOrThrow-U;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;minOrThrow-U;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;minOrThrow-U;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;minOrThrow-U;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;minWith;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWith;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWith;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWith;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrNull;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrNull;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrNull;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrNull;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrThrow-U;(UByteArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrThrow-U;(UIntArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrThrow-U;(ULongArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;minWithOrThrow-U;(UShortArray,Comparator);generated",
-        "kotlin.collections;UArraysKt;none;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;none;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;none;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;none;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;none;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;none;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;none;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;none;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;plus;(UIntArray,Collection);generated",
-        "kotlin.collections;UArraysKt;plus;(UIntArray,UIntArray);generated",
-        "kotlin.collections;UArraysKt;plus;(UIntArray,int);generated",
-        "kotlin.collections;UArraysKt;plus;(ULongArray,Collection);generated",
-        "kotlin.collections;UArraysKt;plus;(ULongArray,ULongArray);generated",
-        "kotlin.collections;UArraysKt;plus;(ULongArray,long);generated",
-        "kotlin.collections;UArraysKt;plus;(UShortArray,Collection);generated",
-        "kotlin.collections;UArraysKt;plus;(UShortArray,UShortArray);generated",
-        "kotlin.collections;UArraysKt;plus;(UShortArray,short);generated",
-        "kotlin.collections;UArraysKt;random;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;random;(UByteArray,Random);generated",
-        "kotlin.collections;UArraysKt;random;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;random;(UIntArray,Random);generated",
-        "kotlin.collections;UArraysKt;random;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;random;(ULongArray,Random);generated",
-        "kotlin.collections;UArraysKt;random;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;random;(UShortArray,Random);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UByteArray,Random);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UIntArray,Random);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(ULongArray,Random);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;randomOrNull;(UShortArray,Random);generated",
-        "kotlin.collections;UArraysKt;reduce;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduce;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduce;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduce;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceIndexed;(UByteArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexed;(UIntArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexed;(ULongArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexed;(UShortArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexedOrNull;(UByteArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexedOrNull;(UIntArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexedOrNull;(ULongArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceIndexedOrNull;(UShortArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceOrNull;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceOrNull;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceOrNull;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceOrNull;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRight;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRight;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRight;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRight;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexed;(UByteArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexed;(UIntArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexed;(ULongArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexed;(UShortArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexedOrNull;(UByteArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexedOrNull;(UIntArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexedOrNull;(ULongArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightIndexedOrNull;(UShortArray,Function3);generated",
-        "kotlin.collections;UArraysKt;reduceRightOrNull;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRightOrNull;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRightOrNull;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reduceRightOrNull;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;reverse;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;reverse;(UByteArray,int,int);generated",
-        "kotlin.collections;UArraysKt;reverse;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;reverse;(UIntArray,int,int);generated",
-        "kotlin.collections;UArraysKt;reverse;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;reverse;(ULongArray,int,int);generated",
-        "kotlin.collections;UArraysKt;reverse;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;reverse;(UShortArray,int,int);generated",
-        "kotlin.collections;UArraysKt;reversedArray;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;reversedArray;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;reversedArray;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;runningReduce;(UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;runningReduce;(UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;runningReduce;(ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;runningReduce;(UShortArray,Function2);generated",
-        "kotlin.collections;UArraysKt;runningReduceIndexed;(UByteArray,Function3);generated",
-        "kotlin.collections;UArraysKt;runningReduceIndexed;(UIntArray,Function3);generated",
-        "kotlin.collections;UArraysKt;runningReduceIndexed;(ULongArray,Function3);generated",
-        "kotlin.collections;UArraysKt;runningReduceIndexed;(UShortArray,Function3);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UByteArray,Random);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UIntArray,Random);generated",
-        "kotlin.collections;UArraysKt;shuffle;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;shuffle;(ULongArray,Random);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;shuffle;(UShortArray,Random);generated",
-        "kotlin.collections;UArraysKt;single;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;single;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;single;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;single;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;single;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;single;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;single;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;single;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;singleOrNull;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;slice;(UByteArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;slice;(UByteArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;slice;(UIntArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;slice;(UIntArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;slice;(ULongArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;slice;(ULongArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;slice;(UShortArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;slice;(UShortArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(UByteArray,Collection);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(UIntArray,Collection);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(UIntArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(ULongArray,Collection);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(ULongArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(UShortArray,Collection);generated",
-        "kotlin.collections;UArraysKt;sliceArray;(UShortArray,IntRange);generated",
-        "kotlin.collections;UArraysKt;sort;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;sort;(UByteArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sort;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;sort;(UIntArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sort;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;sort;(ULongArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sort;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;sort;(UShortArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UByteArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UIntArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(ULongArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;sortDescending;(UShortArray,int,int);generated",
-        "kotlin.collections;UArraysKt;sorted;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;sorted;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;sorted;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;sorted;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;sortedDescending;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;sortedDescending;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;sortedDescending;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;sum;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;sum;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;sum;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;sum;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;sumBy;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumBy;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumBy;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumBy;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumByDouble;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumByDouble;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumByDouble;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumByDouble;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigDecimal;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigDecimal;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigDecimal;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigDecimal;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigInteger;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigInteger;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigInteger;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfBigInteger;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfDouble;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfDouble;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfDouble;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfDouble;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfInt;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfInt;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfInt;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfInt;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfLong;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfLong;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfLong;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfLong;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfUByte;(byte[]);generated",
-        "kotlin.collections;UArraysKt;sumOfUInt;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfUInt;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfUInt;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfUInt;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfUInt;(int[]);generated",
-        "kotlin.collections;UArraysKt;sumOfULong;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfULong;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfULong;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfULong;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;sumOfULong;(long[]);generated",
-        "kotlin.collections;UArraysKt;sumOfUShort;(short[]);generated",
-        "kotlin.collections;UArraysKt;takeWhile;(UByteArray,Function1);generated",
-        "kotlin.collections;UArraysKt;takeWhile;(UIntArray,Function1);generated",
-        "kotlin.collections;UArraysKt;takeWhile;(ULongArray,Function1);generated",
-        "kotlin.collections;UArraysKt;takeWhile;(UShortArray,Function1);generated",
-        "kotlin.collections;UArraysKt;toIntArray;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;toLongArray;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;toShortArray;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;toTypedArray;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;toTypedArray;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;toTypedArray;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;toTypedArray;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;toUIntArray;(int[]);generated",
-        "kotlin.collections;UArraysKt;toULongArray;(long[]);generated",
-        "kotlin.collections;UArraysKt;toUShortArray;(short[]);generated",
-        "kotlin.collections;UArraysKt;withIndex;(UByteArray);generated",
-        "kotlin.collections;UArraysKt;withIndex;(UIntArray);generated",
-        "kotlin.collections;UArraysKt;withIndex;(ULongArray);generated",
-        "kotlin.collections;UArraysKt;withIndex;(UShortArray);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,Iterable,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,Object[]);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,Object[],Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,UByteArray);generated",
-        "kotlin.collections;UArraysKt;zip;(UByteArray,UByteArray,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,Iterable,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,Object[]);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,Object[],Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,UIntArray);generated",
-        "kotlin.collections;UArraysKt;zip;(UIntArray,UIntArray,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,Iterable,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,Object[]);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,Object[],Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,ULongArray);generated",
-        "kotlin.collections;UArraysKt;zip;(ULongArray,ULongArray,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,Iterable);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,Iterable,Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,Object[]);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,Object[],Function2);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,UShortArray);generated",
-        "kotlin.collections;UArraysKt;zip;(UShortArray,UShortArray,Function2);generated",
-        "kotlin.collections;UCollectionsKt;sumOfUByte;(Iterable);generated",
-        "kotlin.collections;UCollectionsKt;sumOfUInt;(Iterable);generated",
-        "kotlin.collections;UCollectionsKt;sumOfULong;(Iterable);generated",
-        "kotlin.collections;UCollectionsKt;sumOfUShort;(Iterable);generated",
-        "kotlin.collections;UCollectionsKt;toUByteArray;(Collection);generated",
-        "kotlin.collections;UCollectionsKt;toUIntArray;(Collection);generated",
-        "kotlin.collections;UCollectionsKt;toULongArray;(Collection);generated",
-        "kotlin.collections;UCollectionsKt;toUShortArray;(Collection);generated",
-        "kotlin.comparisons;ComparisonsKt;compareBy;();generated",
-        "kotlin.comparisons;ComparisonsKt;compareBy;(Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;compareBy;(Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;compareByDescending;(Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;compareByDescending;(Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;compareValues;(Comparable,Comparable);generated",
-        "kotlin.comparisons;ComparisonsKt;compareValuesBy;(Object,Object);generated",
-        "kotlin.comparisons;ComparisonsKt;compareValuesBy;(Object,Object,Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;compareValuesBy;(Object,Object,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(byte,byte);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(byte,byte,byte);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(byte,byte[]);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(double,double);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(double,double,double);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(double,double[]);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(float,float);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(float,float,float);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(float,float[]);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(int,int);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(int,int,int);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(int,int[]);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(long,long);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(long,long,long);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(long,long[]);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(short,short);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(short,short,short);generated",
-        "kotlin.comparisons;ComparisonsKt;maxOf;(short,short[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(byte,byte);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(byte,byte,byte);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(byte,byte[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(double,double);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(double,double,double);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(double,double[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(float,float);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(float,float,float);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(float,float[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(int,int);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(int,int,int);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(int,int[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(long,long);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(long,long,long);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(long,long[]);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(short,short);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(short,short,short);generated",
-        "kotlin.comparisons;ComparisonsKt;minOf;(short,short[]);generated",
-        "kotlin.comparisons;ComparisonsKt;naturalOrder;();generated",
-        "kotlin.comparisons;ComparisonsKt;nullsFirst;();generated",
-        "kotlin.comparisons;ComparisonsKt;nullsFirst;(Comparator);generated",
-        "kotlin.comparisons;ComparisonsKt;nullsLast;();generated",
-        "kotlin.comparisons;ComparisonsKt;nullsLast;(Comparator);generated",
-        "kotlin.comparisons;ComparisonsKt;reverseOrder;();generated",
-        "kotlin.comparisons;ComparisonsKt;then;(Comparator,Comparator);generated",
-        "kotlin.comparisons;ComparisonsKt;thenBy;(Comparator,Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;thenBy;(Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;thenByDescending;(Comparator,Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;thenByDescending;(Comparator,Function1);generated",
-        "kotlin.comparisons;ComparisonsKt;thenComparator;(Comparator,Function2);generated",
-        "kotlin.comparisons;ComparisonsKt;thenDescending;(Comparator,Comparator);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(byte,UByteArray);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(byte,byte);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(byte,byte,byte);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(int,UIntArray);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(int,int);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(int,int,int);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(long,ULongArray);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(long,long);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(long,long,long);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(short,UShortArray);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(short,short);generated",
-        "kotlin.comparisons;UComparisonsKt;maxOf;(short,short,short);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(byte,UByteArray);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(byte,byte);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(byte,byte,byte);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(int,UIntArray);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(int,int);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(int,int,int);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(long,ULongArray);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(long,long);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(long,long,long);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(short,UShortArray);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(short,short);generated",
-        "kotlin.comparisons;UComparisonsKt;minOf;(short,short,short);generated",
-        "kotlin.concurrent;LocksKt;read;(ReentrantReadWriteLock,Function0);generated",
-        "kotlin.concurrent;LocksKt;withLock;(Lock,Function0);generated",
-        "kotlin.concurrent;LocksKt;write;(ReentrantReadWriteLock,Function0);generated",
-        "kotlin.concurrent;ThreadsKt;getOrSet;(ThreadLocal,Function0);generated",
-        "kotlin.concurrent;ThreadsKt;thread;(boolean,boolean,ClassLoader,String,int,Function0);generated",
-        "kotlin.concurrent;TimersKt;fixedRateTimer;(String,boolean,Date,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;fixedRateTimer;(String,boolean,long,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;schedule;(Timer,Date,Function1);generated",
-        "kotlin.concurrent;TimersKt;schedule;(Timer,Date,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;schedule;(Timer,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;schedule;(Timer,long,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;scheduleAtFixedRate;(Timer,Date,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;scheduleAtFixedRate;(Timer,long,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;timer;(String,boolean,Date,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;timer;(String,boolean,long,long,Function1);generated",
-        "kotlin.concurrent;TimersKt;timerTask;(Function1);generated",
-        "kotlin.contracts;ContractBuilder;callsInPlace;(Function,InvocationKind);generated",
-        "kotlin.contracts;ContractBuilder;returns;();generated",
-        "kotlin.contracts;ContractBuilder;returns;(Object);generated",
-        "kotlin.contracts;ContractBuilder;returnsNotNull;();generated",
-        "kotlin.contracts;ContractBuilderKt;contract;(Function1);generated",
-        "kotlin.contracts;ExperimentalContracts;ExperimentalContracts;();generated",
-        "kotlin.contracts;InvocationKind;valueOf;(String);generated",
-        "kotlin.contracts;InvocationKind;values;();generated",
-        "kotlin.contracts;SimpleEffect;implies;(boolean);generated",
-        "kotlin.coroutines.cancellation;CancellationException;CancellationException;();generated",
-        "kotlin.coroutines.cancellation;CancellationException;CancellationException;(String);generated",
-        "kotlin.coroutines.cancellation;CancellationExceptionHKt;CancellationException;(String,Throwable);generated",
-        "kotlin.coroutines.cancellation;CancellationExceptionHKt;CancellationException;(Throwable);generated",
-        "kotlin.coroutines.cancellation;CancellationExceptionKt;CancellationException;(String,Throwable);generated",
-        "kotlin.coroutines.cancellation;CancellationExceptionKt;CancellationException;(Throwable);generated",
-        "kotlin.coroutines.intrinsics;CoroutinesIntrinsicsHKt;createCoroutineUnintercepted;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines.intrinsics;CoroutinesIntrinsicsHKt;createCoroutineUnintercepted;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines.intrinsics;CoroutinesIntrinsicsHKt;intercepted;(Continuation);generated",
-        "kotlin.coroutines.intrinsics;CoroutinesIntrinsicsHKt;startCoroutineUninterceptedOrReturn;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines.intrinsics;CoroutinesIntrinsicsHKt;startCoroutineUninterceptedOrReturn;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;createCoroutineUnintercepted;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;createCoroutineUnintercepted;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;getCOROUTINE_SUSPENDED;();generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;startCoroutineUninterceptedOrReturn;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;startCoroutineUninterceptedOrReturn;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;suspendCoroutineUninterceptedOrReturn;(Function1);generated",
-        "kotlin.coroutines.jvm.internal;CoroutineStackFrame;getCallerFrame;();generated",
-        "kotlin.coroutines.jvm.internal;CoroutineStackFrame;getStackTraceElement;();generated",
-        "kotlin.coroutines;Continuation;getContext;();generated",
-        "kotlin.coroutines;Continuation;resumeWith;(Result);generated",
-        "kotlin.coroutines;ContinuationInterceptor;interceptContinuation;(Continuation);generated",
-        "kotlin.coroutines;ContinuationInterceptor;releaseInterceptedContinuation;(Continuation);generated",
-        "kotlin.coroutines;ContinuationKt;Continuation;(CoroutineContext,Function1);generated",
-        "kotlin.coroutines;ContinuationKt;createCoroutine;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines;ContinuationKt;createCoroutine;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines;ContinuationKt;getCoroutineContext;();generated",
-        "kotlin.coroutines;ContinuationKt;resume;(Continuation,Object);generated",
-        "kotlin.coroutines;ContinuationKt;resumeWithException;(Continuation,Throwable);generated",
-        "kotlin.coroutines;ContinuationKt;startCoroutine;(SuspendFunction0,Continuation);generated",
-        "kotlin.coroutines;ContinuationKt;startCoroutine;(SuspendFunction1,Object,Continuation);generated",
-        "kotlin.coroutines;ContinuationKt;suspendCoroutine;(Function1);generated",
-        "kotlin.coroutines;CoroutineContext$Element;getKey;();generated",
-        "kotlin.coroutines;CoroutineContext;fold;(Object,Function2);generated",
-        "kotlin.coroutines;CoroutineContext;get;(Key);generated",
-        "kotlin.coroutines;CoroutineContext;minusKey;(Key);generated",
-        "kotlin.coroutines;EmptyCoroutineContext;hashCode;();generated",
-        "kotlin.coroutines;EmptyCoroutineContext;toString;();generated",
-        "kotlin.coroutines;RestrictsSuspension;RestrictsSuspension;();generated",
-        "kotlin.experimental;BitwiseOperationsKt;and;(byte,byte);generated",
-        "kotlin.experimental;BitwiseOperationsKt;and;(short,short);generated",
-        "kotlin.experimental;BitwiseOperationsKt;inv;(byte);generated",
-        "kotlin.experimental;BitwiseOperationsKt;inv;(short);generated",
-        "kotlin.experimental;BitwiseOperationsKt;or;(byte,byte);generated",
-        "kotlin.experimental;BitwiseOperationsKt;or;(short,short);generated",
-        "kotlin.experimental;BitwiseOperationsKt;xor;(byte,byte);generated",
-        "kotlin.experimental;BitwiseOperationsKt;xor;(short,short);generated",
-        "kotlin.experimental;ExperimentalTypeInference;ExperimentalTypeInference;();generated",
-        "kotlin.io;ByteStreamsKt;bufferedWriter;(OutputStream,Charset);generated",
-        "kotlin.io;ByteStreamsKt;iterator;(BufferedInputStream);generated",
-        "kotlin.io;ByteStreamsKt;writer;(OutputStream,Charset);generated",
-        "kotlin.io;ConsoleKt;print;(Object);generated",
-        "kotlin.io;ConsoleKt;print;(boolean);generated",
-        "kotlin.io;ConsoleKt;print;(byte);generated", "kotlin.io;ConsoleKt;print;(char);generated",
-        "kotlin.io;ConsoleKt;print;(char[]);generated",
-        "kotlin.io;ConsoleKt;print;(double);generated",
-        "kotlin.io;ConsoleKt;print;(float);generated", "kotlin.io;ConsoleKt;print;(int);generated",
-        "kotlin.io;ConsoleKt;print;(long);generated", "kotlin.io;ConsoleKt;print;(short);generated",
-        "kotlin.io;ConsoleKt;println;();generated",
-        "kotlin.io;ConsoleKt;println;(Object);generated",
-        "kotlin.io;ConsoleKt;println;(boolean);generated",
-        "kotlin.io;ConsoleKt;println;(byte);generated",
-        "kotlin.io;ConsoleKt;println;(char);generated",
-        "kotlin.io;ConsoleKt;println;(char[]);generated",
-        "kotlin.io;ConsoleKt;println;(double);generated",
-        "kotlin.io;ConsoleKt;println;(float);generated",
-        "kotlin.io;ConsoleKt;println;(int);generated",
-        "kotlin.io;ConsoleKt;println;(long);generated",
-        "kotlin.io;ConsoleKt;println;(short);generated",
-        "kotlin.io;ConsoleKt;readLine;();generated", "kotlin.io;ConsoleKt;readln;();generated",
-        "kotlin.io;ConsoleKt;readlnOrNull;();generated",
-        "kotlin.io;ConstantsKt;getDEFAULT_BUFFER_SIZE;();generated",
-        "kotlin.io;FileWalkDirection;valueOf;(String);generated",
-        "kotlin.io;FileWalkDirection;values;();generated",
-        "kotlin.io;FilesKt;appendBytes;(File,byte[]);generated",
-        "kotlin.io;FilesKt;appendText;(File,String,Charset);generated",
-        "kotlin.io;FilesKt;bufferedReader;(File,Charset,int);generated",
-        "kotlin.io;FilesKt;bufferedWriter;(File,Charset,int);generated",
-        "kotlin.io;FilesKt;copyRecursively;(File,File,boolean,Function2);generated",
-        "kotlin.io;FilesKt;createTempDir;(String,String,File);generated",
-        "kotlin.io;FilesKt;createTempFile;(String,String,File);generated",
-        "kotlin.io;FilesKt;deleteRecursively;(File);generated",
-        "kotlin.io;FilesKt;endsWith;(File,File);generated",
-        "kotlin.io;FilesKt;endsWith;(File,String);generated",
-        "kotlin.io;FilesKt;forEachBlock;(File,Function2);generated",
-        "kotlin.io;FilesKt;forEachBlock;(File,int,Function2);generated",
-        "kotlin.io;FilesKt;forEachLine;(File,Charset,Function1);generated",
-        "kotlin.io;FilesKt;getExtension;(File);generated",
-        "kotlin.io;FilesKt;getInvariantSeparatorsPath;(File);generated",
-        "kotlin.io;FilesKt;getNameWithoutExtension;(File);generated",
-        "kotlin.io;FilesKt;inputStream;(File);generated",
-        "kotlin.io;FilesKt;isRooted;(File);generated",
-        "kotlin.io;FilesKt;normalize;(File);generated",
-        "kotlin.io;FilesKt;outputStream;(File);generated",
-        "kotlin.io;FilesKt;printWriter;(File,Charset);generated",
-        "kotlin.io;FilesKt;readBytes;(File);generated",
-        "kotlin.io;FilesKt;readLines;(File,Charset);generated",
-        "kotlin.io;FilesKt;readText;(File,Charset);generated",
-        "kotlin.io;FilesKt;reader;(File,Charset);generated",
-        "kotlin.io;FilesKt;relativeTo;(File,File);generated",
-        "kotlin.io;FilesKt;relativeToOrNull;(File,File);generated",
-        "kotlin.io;FilesKt;startsWith;(File,File);generated",
-        "kotlin.io;FilesKt;startsWith;(File,String);generated",
-        "kotlin.io;FilesKt;toRelativeString;(File,File);generated",
-        "kotlin.io;FilesKt;useLines;(File,Charset,Function1);generated",
-        "kotlin.io;FilesKt;writeBytes;(File,byte[]);generated",
-        "kotlin.io;FilesKt;writeText;(File,String,Charset);generated",
-        "kotlin.io;FilesKt;writer;(File,Charset);generated",
-        "kotlin.io;IoHKt;print;(Object);generated", "kotlin.io;IoHKt;println;();generated",
-        "kotlin.io;IoHKt;println;(Object);generated", "kotlin.io;IoHKt;readln;();generated",
-        "kotlin.io;IoHKt;readlnOrNull;();generated",
-        "kotlin.io;OnErrorAction;valueOf;(String);generated",
-        "kotlin.io;OnErrorAction;values;();generated",
-        "kotlin.io;TextStreamsKt;readBytes;(URL);generated",
-        "kotlin.io;TextStreamsKt;readLines;(Reader);generated",
-        "kotlin.io;TextStreamsKt;readText;(URL,Charset);generated",
-        "kotlin.js;ExperimentalJsExport;ExperimentalJsExport;();generated",
-        "kotlin.js;JsExport;JsExport;();generated", "kotlin.js;JsName;JsName;(String);generated",
-        "kotlin.js;JsName;name;();generated", "kotlin.jvm.functions;Function0;invoke;();generated",
-        "kotlin.jvm.functions;Function10;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function11;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function12;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function13;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function14;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function15;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function16;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function17;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function18;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function19;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function1;invoke;(Object);generated",
-        "kotlin.jvm.functions;Function20;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function21;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function22;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function2;invoke;(Object,Object);generated",
-        "kotlin.jvm.functions;Function3;invoke;(Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function4;invoke;(Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function5;invoke;(Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function6;invoke;(Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function7;invoke;(Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function8;invoke;(Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;Function9;invoke;(Object,Object,Object,Object,Object,Object,Object,Object,Object);generated",
-        "kotlin.jvm.functions;FunctionN;invoke;(Object[]);generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;equals;(Object);generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;getOwner;();generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;hashCode;();generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;toString;();generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(boolean[]);generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(double[]);generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(float[]);generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(int[]);generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(long[]);generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;iterator;(short[]);generated",
-        "kotlin.jvm.internal;BooleanSpreadBuilder;BooleanSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;BooleanSpreadBuilder;add;(boolean);generated",
-        "kotlin.jvm.internal;BooleanSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;ByteSpreadBuilder;ByteSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;ByteSpreadBuilder;add;(byte);generated",
-        "kotlin.jvm.internal;CallableReference;CallableReference;();generated",
-        "kotlin.jvm.internal;CallableReference;getOwner;();generated",
-        "kotlin.jvm.internal;CharSpreadBuilder;CharSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;CharSpreadBuilder;add;(char);generated",
-        "kotlin.jvm.internal;ClassBasedDeclarationContainer;getJClass;();generated",
-        "kotlin.jvm.internal;ClassReference$Companion;isInstance;(Object,Class);generated",
-        "kotlin.jvm.internal;ClassReference;ClassReference;(Class);generated",
-        "kotlin.jvm.internal;ClassReference;equals;(Object);generated",
-        "kotlin.jvm.internal;ClassReference;hashCode;();generated",
-        "kotlin.jvm.internal;ClassReference;toString;();generated",
-        "kotlin.jvm.internal;DoubleSpreadBuilder;DoubleSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;DoubleSpreadBuilder;add;(double);generated",
-        "kotlin.jvm.internal;DoubleSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;FloatSpreadBuilder;FloatSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;FloatSpreadBuilder;add;(float);generated",
-        "kotlin.jvm.internal;FloatSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;FunInterfaceConstructorReference;FunInterfaceConstructorReference;(Class);generated",
-        "kotlin.jvm.internal;FunInterfaceConstructorReference;equals;(Object);generated",
-        "kotlin.jvm.internal;FunInterfaceConstructorReference;hashCode;();generated",
-        "kotlin.jvm.internal;FunInterfaceConstructorReference;toString;();generated",
-        "kotlin.jvm.internal;FunctionAdapter;getFunctionDelegate;();generated",
-        "kotlin.jvm.internal;FunctionBase;getArity;();generated",
-        "kotlin.jvm.internal;FunctionImpl;FunctionImpl;();generated",
-        "kotlin.jvm.internal;FunctionImpl;getArity;();generated",
-        "kotlin.jvm.internal;FunctionImpl;invokeVararg;(Object[]);generated",
-        "kotlin.jvm.internal;FunctionReference;FunctionReference;(int);generated",
-        "kotlin.jvm.internal;FunctionReference;equals;(Object);generated",
-        "kotlin.jvm.internal;FunctionReference;hashCode;();generated",
-        "kotlin.jvm.internal;InlineMarker;InlineMarker;();generated",
-        "kotlin.jvm.internal;InlineMarker;afterInlineCall;();generated",
-        "kotlin.jvm.internal;InlineMarker;beforeInlineCall;();generated",
-        "kotlin.jvm.internal;InlineMarker;finallyEnd;(int);generated",
-        "kotlin.jvm.internal;InlineMarker;finallyStart;(int);generated",
-        "kotlin.jvm.internal;InlineMarker;mark;(String);generated",
-        "kotlin.jvm.internal;InlineMarker;mark;(int);generated",
-        "kotlin.jvm.internal;IntSpreadBuilder;IntSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;IntSpreadBuilder;add;(int);generated",
-        "kotlin.jvm.internal;IntSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(Double,Double);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(Double,double);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(Float,Float);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(Float,float);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(Object,Object);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(double,Double);generated",
-        "kotlin.jvm.internal;Intrinsics;areEqual;(float,Float);generated",
-        "kotlin.jvm.internal;Intrinsics;checkExpressionValueIsNotNull;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkFieldIsNotNull;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkFieldIsNotNull;(Object,String,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkHasClass;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkHasClass;(String,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkNotNull;(Object);generated",
-        "kotlin.jvm.internal;Intrinsics;checkNotNull;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkNotNullExpressionValue;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkNotNullParameter;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkParameterIsNotNull;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkReturnedValueIsNotNull;(Object,String);generated",
-        "kotlin.jvm.internal;Intrinsics;checkReturnedValueIsNotNull;(Object,String,String);generated",
-        "kotlin.jvm.internal;Intrinsics;compare;(int,int);generated",
-        "kotlin.jvm.internal;Intrinsics;compare;(long,long);generated",
-        "kotlin.jvm.internal;Intrinsics;needClassReification;();generated",
-        "kotlin.jvm.internal;Intrinsics;needClassReification;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;reifiedOperationMarker;(int,String);generated",
-        "kotlin.jvm.internal;Intrinsics;reifiedOperationMarker;(int,String,String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwAssert;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwAssert;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwIllegalArgument;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwIllegalArgument;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwIllegalState;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwIllegalState;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwJavaNpe;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwJavaNpe;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwNpe;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwNpe;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwUndefinedForReified;();generated",
-        "kotlin.jvm.internal;Intrinsics;throwUndefinedForReified;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwUninitializedProperty;(String);generated",
-        "kotlin.jvm.internal;Intrinsics;throwUninitializedPropertyAccessException;(String);generated",
-        "kotlin.jvm.internal;KTypeBase;getJavaType;();generated",
-        "kotlin.jvm.internal;Lambda;Lambda;(int);generated",
-        "kotlin.jvm.internal;Lambda;toString;();generated",
-        "kotlin.jvm.internal;LocalVariableReference;LocalVariableReference;();generated",
-        "kotlin.jvm.internal;LongSpreadBuilder;LongSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;LongSpreadBuilder;add;(long);generated",
-        "kotlin.jvm.internal;LongSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;MagicApiIntrinsics;();generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(int);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(int,Object,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(int,Object,Object,Object,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(int,long,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;anyMagicApiCall;(int,long,long,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(int);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(int,Object,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(int,Object,Object,Object,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(int,long,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;intMagicApiCall;(int,long,long,Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;voidMagicApiCall;(Object);generated",
-        "kotlin.jvm.internal;MagicApiIntrinsics;voidMagicApiCall;(int);generated",
-        "kotlin.jvm.internal;MutableLocalVariableReference;MutableLocalVariableReference;();generated",
-        "kotlin.jvm.internal;MutablePropertyReference0;MutablePropertyReference0;();generated",
-        "kotlin.jvm.internal;MutablePropertyReference1;MutablePropertyReference1;();generated",
-        "kotlin.jvm.internal;MutablePropertyReference2;MutablePropertyReference2;();generated",
-        "kotlin.jvm.internal;MutablePropertyReference;MutablePropertyReference;();generated",
-        "kotlin.jvm.internal;PackageReference;equals;(Object);generated",
-        "kotlin.jvm.internal;PackageReference;hashCode;();generated",
-        "kotlin.jvm.internal;PackageReference;toString;();generated",
-        "kotlin.jvm.internal;PrimitiveSpreadBuilder;PrimitiveSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;PropertyReference0;PropertyReference0;();generated",
-        "kotlin.jvm.internal;PropertyReference1;PropertyReference1;();generated",
-        "kotlin.jvm.internal;PropertyReference2;PropertyReference2;();generated",
-        "kotlin.jvm.internal;PropertyReference;PropertyReference;();generated",
-        "kotlin.jvm.internal;PropertyReference;equals;(Object);generated",
-        "kotlin.jvm.internal;PropertyReference;hashCode;();generated",
-        "kotlin.jvm.internal;Ref$BooleanRef;BooleanRef;();generated",
-        "kotlin.jvm.internal;Ref$BooleanRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$ByteRef;ByteRef;();generated",
-        "kotlin.jvm.internal;Ref$ByteRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$CharRef;CharRef;();generated",
-        "kotlin.jvm.internal;Ref$CharRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$DoubleRef;DoubleRef;();generated",
-        "kotlin.jvm.internal;Ref$DoubleRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$FloatRef;FloatRef;();generated",
-        "kotlin.jvm.internal;Ref$FloatRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$IntRef;IntRef;();generated",
-        "kotlin.jvm.internal;Ref$IntRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$LongRef;LongRef;();generated",
-        "kotlin.jvm.internal;Ref$LongRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$ObjectRef;ObjectRef;();generated",
-        "kotlin.jvm.internal;Ref$ObjectRef;toString;();generated",
-        "kotlin.jvm.internal;Ref$ShortRef;ShortRef;();generated",
-        "kotlin.jvm.internal;Ref$ShortRef;toString;();generated",
-        "kotlin.jvm.internal;Reflection;Reflection;();generated",
-        "kotlin.jvm.internal;Reflection;createKotlinClass;(Class);generated",
-        "kotlin.jvm.internal;Reflection;createKotlinClass;(Class,String);generated",
-        "kotlin.jvm.internal;Reflection;getOrCreateKotlinClass;(Class);generated",
-        "kotlin.jvm.internal;Reflection;getOrCreateKotlinClass;(Class,String);generated",
-        "kotlin.jvm.internal;Reflection;getOrCreateKotlinClasses;(Class[]);generated",
-        "kotlin.jvm.internal;Reflection;getOrCreateKotlinPackage;(Class);generated",
-        "kotlin.jvm.internal;Reflection;nullableTypeOf;(Class);generated",
-        "kotlin.jvm.internal;Reflection;nullableTypeOf;(Class,KTypeProjection[]);generated",
-        "kotlin.jvm.internal;Reflection;renderLambdaToString;(FunctionBase);generated",
-        "kotlin.jvm.internal;Reflection;renderLambdaToString;(Lambda);generated",
-        "kotlin.jvm.internal;Reflection;setUpperBounds;(KTypeParameter,KType[]);generated",
-        "kotlin.jvm.internal;Reflection;typeOf;(Class);generated",
-        "kotlin.jvm.internal;Reflection;typeOf;(Class,KTypeProjection[]);generated",
-        "kotlin.jvm.internal;ReflectionFactory;ReflectionFactory;();generated",
-        "kotlin.jvm.internal;ReflectionFactory;createKotlinClass;(Class);generated",
-        "kotlin.jvm.internal;ReflectionFactory;createKotlinClass;(Class,String);generated",
-        "kotlin.jvm.internal;ReflectionFactory;getOrCreateKotlinClass;(Class);generated",
-        "kotlin.jvm.internal;ReflectionFactory;getOrCreateKotlinClass;(Class,String);generated",
-        "kotlin.jvm.internal;ReflectionFactory;renderLambdaToString;(FunctionBase);generated",
-        "kotlin.jvm.internal;ReflectionFactory;renderLambdaToString;(Lambda);generated",
-        "kotlin.jvm.internal;SerializedIr;SerializedIr;(String[]);generated",
-        "kotlin.jvm.internal;SerializedIr;b;();generated",
-        "kotlin.jvm.internal;ShortSpreadBuilder;ShortSpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;ShortSpreadBuilder;add;(short);generated",
-        "kotlin.jvm.internal;ShortSpreadBuilder;toArray;();generated",
-        "kotlin.jvm.internal;SpreadBuilder;SpreadBuilder;(int);generated",
-        "kotlin.jvm.internal;SpreadBuilder;size;();generated",
-        "kotlin.jvm.internal;TypeIntrinsics;TypeIntrinsics;();generated",
-        "kotlin.jvm.internal;TypeIntrinsics;getFunctionArity;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isFunctionOfArity;(Object,int);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableCollection;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableIterable;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableIterator;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableList;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableListIterator;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableMap;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableMapEntry;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;isMutableSet;(Object);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;throwCce;(ClassCastException);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;throwCce;(Object,String);generated",
-        "kotlin.jvm.internal;TypeIntrinsics;throwCce;(String);generated",
-        "kotlin.jvm.internal;TypeParameterReference$Companion;toString;(KTypeParameter);generated",
-        "kotlin.jvm.internal;TypeParameterReference;equals;(Object);generated",
-        "kotlin.jvm.internal;TypeParameterReference;hashCode;();generated",
-        "kotlin.jvm.internal;TypeParameterReference;toString;();generated",
-        "kotlin.jvm.internal;TypeReference;equals;(Object);generated",
-        "kotlin.jvm.internal;TypeReference;hashCode;();generated",
-        "kotlin.jvm;JvmClassMappingKt;getAnnotationClass;(Annotation);generated",
-        "kotlin.jvm;JvmClassMappingKt;getDeclaringJavaClass;(Enum);generated",
-        "kotlin.jvm;JvmClassMappingKt;getJavaClass;(KClass);generated",
-        "kotlin.jvm;JvmClassMappingKt;getJavaClass;(Object);generated",
-        "kotlin.jvm;JvmClassMappingKt;getJavaObjectType;(KClass);generated",
-        "kotlin.jvm;JvmClassMappingKt;getJavaPrimitiveType;(KClass);generated",
-        "kotlin.jvm;JvmClassMappingKt;getKotlinClass;(Class);generated",
-        "kotlin.jvm;JvmClassMappingKt;getRuntimeClassOfKClassInstance;(KClass);generated",
-        "kotlin.jvm;JvmClassMappingKt;isArrayOf;(Object[]);generated",
-        "kotlin.jvm;JvmDefault;JvmDefault;();generated",
-        "kotlin.jvm;JvmDefaultWithCompatibility;JvmDefaultWithCompatibility;();generated",
-        "kotlin.jvm;JvmDefaultWithoutCompatibility;JvmDefaultWithoutCompatibility;();generated",
-        "kotlin.jvm;JvmField;JvmField;();generated", "kotlin.jvm;JvmInline;JvmInline;();generated",
-        "kotlin.jvm;JvmMultifileClass;JvmMultifileClass;();generated",
-        "kotlin.jvm;JvmName;JvmName;(String);generated", "kotlin.jvm;JvmName;name;();generated",
-        "kotlin.jvm;JvmOverloads;JvmOverloads;();generated",
-        "kotlin.jvm;JvmRecord;JvmRecord;();generated",
-        "kotlin.jvm;JvmStatic;JvmStatic;();generated",
-        "kotlin.jvm;JvmSuppressWildcards;JvmSuppressWildcards;(boolean);generated",
-        "kotlin.jvm;JvmSuppressWildcards;suppress;();generated",
-        "kotlin.jvm;JvmSynthetic;JvmSynthetic;();generated",
-        "kotlin.jvm;JvmWildcard;JvmWildcard;();generated",
-        "kotlin.jvm;KotlinReflectionNotSupportedError;KotlinReflectionNotSupportedError;();generated",
-        "kotlin.jvm;KotlinReflectionNotSupportedError;KotlinReflectionNotSupportedError;(String);generated",
-        "kotlin.jvm;KotlinReflectionNotSupportedError;KotlinReflectionNotSupportedError;(String,Throwable);generated",
-        "kotlin.jvm;KotlinReflectionNotSupportedError;KotlinReflectionNotSupportedError;(Throwable);generated",
-        "kotlin.jvm;PurelyImplements;PurelyImplements;(String);generated",
-        "kotlin.jvm;PurelyImplements;value;();generated",
-        "kotlin.jvm;Strictfp;Strictfp;();generated",
-        "kotlin.jvm;Synchronized;Synchronized;();generated",
-        "kotlin.jvm;Throws;Throws;(KClass[]);generated",
-        "kotlin.jvm;Throws;exceptionClasses;();generated",
-        "kotlin.jvm;Transient;Transient;();generated", "kotlin.jvm;Volatile;Volatile;();generated",
-        "kotlin.math;MathKt;IEEErem;(double,double);generated",
-        "kotlin.math;MathKt;IEEErem;(float,float);generated",
-        "kotlin.math;MathKt;abs;(double);generated", "kotlin.math;MathKt;abs;(float);generated",
-        "kotlin.math;MathKt;abs;(int);generated", "kotlin.math;MathKt;abs;(long);generated",
-        "kotlin.math;MathKt;acos;(double);generated", "kotlin.math;MathKt;acos;(float);generated",
-        "kotlin.math;MathKt;acosh;(double);generated", "kotlin.math;MathKt;acosh;(float);generated",
-        "kotlin.math;MathKt;asin;(double);generated", "kotlin.math;MathKt;asin;(float);generated",
-        "kotlin.math;MathKt;asinh;(double);generated", "kotlin.math;MathKt;asinh;(float);generated",
-        "kotlin.math;MathKt;atan2;(double,double);generated",
-        "kotlin.math;MathKt;atan2;(float,float);generated",
-        "kotlin.math;MathKt;atan;(double);generated", "kotlin.math;MathKt;atan;(float);generated",
-        "kotlin.math;MathKt;atanh;(double);generated", "kotlin.math;MathKt;atanh;(float);generated",
-        "kotlin.math;MathKt;cbrt;(double);generated", "kotlin.math;MathKt;cbrt;(float);generated",
-        "kotlin.math;MathKt;ceil;(double);generated", "kotlin.math;MathKt;ceil;(float);generated",
-        "kotlin.math;MathKt;cos;(double);generated", "kotlin.math;MathKt;cos;(float);generated",
-        "kotlin.math;MathKt;cosh;(double);generated", "kotlin.math;MathKt;cosh;(float);generated",
-        "kotlin.math;MathKt;exp;(double);generated", "kotlin.math;MathKt;exp;(float);generated",
-        "kotlin.math;MathKt;expm1;(double);generated", "kotlin.math;MathKt;expm1;(float);generated",
-        "kotlin.math;MathKt;floor;(double);generated", "kotlin.math;MathKt;floor;(float);generated",
-        "kotlin.math;MathKt;getAbsoluteValue;(double);generated",
-        "kotlin.math;MathKt;getAbsoluteValue;(float);generated",
-        "kotlin.math;MathKt;getAbsoluteValue;(int);generated",
-        "kotlin.math;MathKt;getAbsoluteValue;(long);generated",
-        "kotlin.math;MathKt;getE;();generated", "kotlin.math;MathKt;getPI;();generated",
-        "kotlin.math;MathKt;getSign;(double);generated",
-        "kotlin.math;MathKt;getSign;(float);generated",
-        "kotlin.math;MathKt;getSign;(int);generated", "kotlin.math;MathKt;getSign;(long);generated",
-        "kotlin.math;MathKt;getUlp;(double);generated",
-        "kotlin.math;MathKt;getUlp;(float);generated",
-        "kotlin.math;MathKt;hypot;(double,double);generated",
-        "kotlin.math;MathKt;hypot;(float,float);generated",
-        "kotlin.math;MathKt;ln1p;(double);generated", "kotlin.math;MathKt;ln1p;(float);generated",
-        "kotlin.math;MathKt;ln;(double);generated", "kotlin.math;MathKt;ln;(float);generated",
-        "kotlin.math;MathKt;log10;(double);generated", "kotlin.math;MathKt;log10;(float);generated",
-        "kotlin.math;MathKt;log2;(double);generated", "kotlin.math;MathKt;log2;(float);generated",
-        "kotlin.math;MathKt;log;(double,double);generated",
-        "kotlin.math;MathKt;log;(float,float);generated",
-        "kotlin.math;MathKt;max;(double,double);generated",
-        "kotlin.math;MathKt;max;(float,float);generated",
-        "kotlin.math;MathKt;max;(int,int);generated",
-        "kotlin.math;MathKt;max;(long,long);generated",
-        "kotlin.math;MathKt;min;(double,double);generated",
-        "kotlin.math;MathKt;min;(float,float);generated",
-        "kotlin.math;MathKt;min;(int,int);generated",
-        "kotlin.math;MathKt;min;(long,long);generated",
-        "kotlin.math;MathKt;nextDown;(double);generated",
-        "kotlin.math;MathKt;nextDown;(float);generated",
-        "kotlin.math;MathKt;nextTowards;(double,double);generated",
-        "kotlin.math;MathKt;nextTowards;(float,float);generated",
-        "kotlin.math;MathKt;nextUp;(double);generated",
-        "kotlin.math;MathKt;nextUp;(float);generated",
-        "kotlin.math;MathKt;pow;(double,double);generated",
-        "kotlin.math;MathKt;pow;(double,int);generated",
-        "kotlin.math;MathKt;pow;(float,float);generated",
-        "kotlin.math;MathKt;pow;(float,int);generated",
-        "kotlin.math;MathKt;round;(double);generated", "kotlin.math;MathKt;round;(float);generated",
-        "kotlin.math;MathKt;roundToInt;(double);generated",
-        "kotlin.math;MathKt;roundToInt;(float);generated",
-        "kotlin.math;MathKt;roundToLong;(double);generated",
-        "kotlin.math;MathKt;roundToLong;(float);generated",
-        "kotlin.math;MathKt;sign;(double);generated", "kotlin.math;MathKt;sign;(float);generated",
-        "kotlin.math;MathKt;sin;(double);generated", "kotlin.math;MathKt;sin;(float);generated",
-        "kotlin.math;MathKt;sinh;(double);generated", "kotlin.math;MathKt;sinh;(float);generated",
-        "kotlin.math;MathKt;sqrt;(double);generated", "kotlin.math;MathKt;sqrt;(float);generated",
-        "kotlin.math;MathKt;tan;(double);generated", "kotlin.math;MathKt;tan;(float);generated",
-        "kotlin.math;MathKt;tanh;(double);generated", "kotlin.math;MathKt;tanh;(float);generated",
-        "kotlin.math;MathKt;truncate;(double);generated",
-        "kotlin.math;MathKt;truncate;(float);generated",
-        "kotlin.math;MathKt;withSign;(double,double);generated",
-        "kotlin.math;MathKt;withSign;(double,int);generated",
-        "kotlin.math;MathKt;withSign;(float,float);generated",
-        "kotlin.math;MathKt;withSign;(float,int);generated",
-        "kotlin.math;UMathKt;max;(int,int);generated",
-        "kotlin.math;UMathKt;max;(long,long);generated",
-        "kotlin.math;UMathKt;min;(int,int);generated",
-        "kotlin.math;UMathKt;min;(long,long);generated",
-        "kotlin.native.concurrent;SharedImmutable;SharedImmutable;();generated",
-        "kotlin.native.concurrent;ThreadLocal;ThreadLocal;();generated",
-        "kotlin.native;CName;CName;(String,String);generated",
-        "kotlin.native;CName;externName;();generated", "kotlin.native;CName;shortName;();generated",
-        "kotlin.properties;Delegates;notNull;();generated",
-        "kotlin.properties;Delegates;observable;(Object,Function3);generated",
-        "kotlin.properties;Delegates;vetoable;(Object,Function3);generated",
-        "kotlin.properties;PropertyDelegateProvider;provideDelegate;(Object,KProperty);generated",
-        "kotlin.properties;ReadOnlyProperty;getValue;(Object,KProperty);generated",
-        "kotlin.properties;ReadWriteProperty;setValue;(Object,KProperty,Object);generated",
-        "kotlin.random;Random;Random;();generated", "kotlin.random;Random;nextBits;(int);generated",
-        "kotlin.random;Random;nextBoolean;();generated",
-        "kotlin.random;Random;nextBytes;(int);generated",
-        "kotlin.random;Random;nextDouble;();generated",
-        "kotlin.random;Random;nextDouble;(double);generated",
-        "kotlin.random;Random;nextDouble;(double,double);generated",
-        "kotlin.random;Random;nextFloat;();generated", "kotlin.random;Random;nextInt;();generated",
-        "kotlin.random;Random;nextInt;(int);generated",
-        "kotlin.random;Random;nextInt;(int,int);generated",
-        "kotlin.random;Random;nextLong;();generated",
-        "kotlin.random;Random;nextLong;(long);generated",
-        "kotlin.random;Random;nextLong;(long,long);generated",
-        "kotlin.random;RandomKt;Random;(int);generated",
-        "kotlin.random;RandomKt;Random;(long);generated",
-        "kotlin.random;RandomKt;nextInt;(Random,IntRange);generated",
-        "kotlin.random;RandomKt;nextLong;(Random,LongRange);generated",
-        "kotlin.random;URandomKt;nextUBytes;(Random,int);generated",
-        "kotlin.random;URandomKt;nextUInt;(Random);generated",
-        "kotlin.random;URandomKt;nextUInt;(Random,UIntRange);generated",
-        "kotlin.random;URandomKt;nextUInt;(Random,int);generated",
-        "kotlin.random;URandomKt;nextUInt;(Random,int,int);generated",
-        "kotlin.random;URandomKt;nextULong;(Random);generated",
-        "kotlin.random;URandomKt;nextULong;(Random,ULongRange);generated",
-        "kotlin.random;URandomKt;nextULong;(Random,long);generated",
-        "kotlin.random;URandomKt;nextULong;(Random,long,long);generated",
-        "kotlin.ranges;CharProgression$Companion;fromClosedRange;(char,char,int);generated",
-        "kotlin.ranges;CharProgression;equals;(Object);generated",
-        "kotlin.ranges;CharProgression;getFirst;();generated",
-        "kotlin.ranges;CharProgression;getLast;();generated",
-        "kotlin.ranges;CharProgression;getStep;();generated",
-        "kotlin.ranges;CharProgression;hashCode;();generated",
-        "kotlin.ranges;CharProgression;isEmpty;();generated",
-        "kotlin.ranges;CharProgression;toString;();generated",
-        "kotlin.ranges;CharRange;CharRange;(char,char);generated",
-        "kotlin.ranges;CharRange;contains;(char);generated",
-        "kotlin.ranges;CharRange;equals;(Object);generated",
-        "kotlin.ranges;CharRange;hashCode;();generated",
-        "kotlin.ranges;CharRange;toString;();generated",
-        "kotlin.ranges;ClosedFloatingPointRange;lessThanOrEquals;(Comparable,Comparable);generated",
-        "kotlin.ranges;ClosedRange;contains;(Comparable);generated",
-        "kotlin.ranges;ClosedRange;getEndInclusive;();generated",
-        "kotlin.ranges;ClosedRange;getStart;();generated",
-        "kotlin.ranges;ClosedRange;isEmpty;();generated",
-        "kotlin.ranges;IntProgression$Companion;fromClosedRange;(int,int,int);generated",
-        "kotlin.ranges;IntProgression;equals;(Object);generated",
-        "kotlin.ranges;IntProgression;getFirst;();generated",
-        "kotlin.ranges;IntProgression;getLast;();generated",
-        "kotlin.ranges;IntProgression;getStep;();generated",
-        "kotlin.ranges;IntProgression;hashCode;();generated",
-        "kotlin.ranges;IntProgression;isEmpty;();generated",
-        "kotlin.ranges;IntProgression;toString;();generated",
-        "kotlin.ranges;IntRange;IntRange;(int,int);generated",
-        "kotlin.ranges;IntRange;contains;(int);generated",
-        "kotlin.ranges;IntRange;equals;(Object);generated",
-        "kotlin.ranges;IntRange;hashCode;();generated",
-        "kotlin.ranges;IntRange;toString;();generated",
-        "kotlin.ranges;LongProgression$Companion;fromClosedRange;(long,long,long);generated",
-        "kotlin.ranges;LongProgression;equals;(Object);generated",
-        "kotlin.ranges;LongProgression;getFirst;();generated",
-        "kotlin.ranges;LongProgression;getLast;();generated",
-        "kotlin.ranges;LongProgression;getStep;();generated",
-        "kotlin.ranges;LongProgression;hashCode;();generated",
-        "kotlin.ranges;LongProgression;isEmpty;();generated",
-        "kotlin.ranges;LongProgression;toString;();generated",
-        "kotlin.ranges;LongRange;LongRange;(long,long);generated",
-        "kotlin.ranges;LongRange;contains;(long);generated",
-        "kotlin.ranges;LongRange;equals;(Object);generated",
-        "kotlin.ranges;LongRange;hashCode;();generated",
-        "kotlin.ranges;LongRange;toString;();generated",
-        "kotlin.ranges;OpenEndRange;contains;(Comparable);generated",
-        "kotlin.ranges;OpenEndRange;getEndExclusive;();generated",
-        "kotlin.ranges;OpenEndRange;getStart;();generated",
-        "kotlin.ranges;OpenEndRange;isEmpty;();generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(ClosedRange,double);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(ClosedRange,float);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(ClosedRange,int);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(ClosedRange,long);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(ClosedRange,short);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(OpenEndRange,int);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(OpenEndRange,long);generated",
-        "kotlin.ranges;RangesKt;byteRangeContains;(OpenEndRange,short);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(byte,byte);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(double,double);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(float,float);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(int,int);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(long,long);generated",
-        "kotlin.ranges;RangesKt;coerceAtLeast;(short,short);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(byte,byte);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(double,double);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(float,float);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(int,int);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(long,long);generated",
-        "kotlin.ranges;RangesKt;coerceAtMost;(short,short);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(byte,byte,byte);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(double,double,double);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(float,float,float);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(int,ClosedRange);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(int,int,int);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(long,ClosedRange);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(long,long,long);generated",
-        "kotlin.ranges;RangesKt;coerceIn;(short,short,short);generated",
-        "kotlin.ranges;RangesKt;contains;(CharRange,Character);generated",
-        "kotlin.ranges;RangesKt;contains;(ClosedRange,Object);generated",
-        "kotlin.ranges;RangesKt;contains;(IntRange,Integer);generated",
-        "kotlin.ranges;RangesKt;contains;(IntRange,byte);generated",
-        "kotlin.ranges;RangesKt;contains;(IntRange,long);generated",
-        "kotlin.ranges;RangesKt;contains;(IntRange,short);generated",
-        "kotlin.ranges;RangesKt;contains;(LongRange,Long);generated",
-        "kotlin.ranges;RangesKt;contains;(LongRange,byte);generated",
-        "kotlin.ranges;RangesKt;contains;(LongRange,int);generated",
-        "kotlin.ranges;RangesKt;contains;(LongRange,short);generated",
-        "kotlin.ranges;RangesKt;contains;(OpenEndRange,Object);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(ClosedRange,byte);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(ClosedRange,float);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(ClosedRange,int);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(ClosedRange,long);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(ClosedRange,short);generated",
-        "kotlin.ranges;RangesKt;doubleRangeContains;(OpenEndRange,float);generated",
-        "kotlin.ranges;RangesKt;downTo;(byte,byte);generated",
-        "kotlin.ranges;RangesKt;downTo;(byte,int);generated",
-        "kotlin.ranges;RangesKt;downTo;(byte,long);generated",
-        "kotlin.ranges;RangesKt;downTo;(byte,short);generated",
-        "kotlin.ranges;RangesKt;downTo;(char,char);generated",
-        "kotlin.ranges;RangesKt;downTo;(int,byte);generated",
-        "kotlin.ranges;RangesKt;downTo;(int,int);generated",
-        "kotlin.ranges;RangesKt;downTo;(int,long);generated",
-        "kotlin.ranges;RangesKt;downTo;(int,short);generated",
-        "kotlin.ranges;RangesKt;downTo;(long,byte);generated",
-        "kotlin.ranges;RangesKt;downTo;(long,int);generated",
-        "kotlin.ranges;RangesKt;downTo;(long,long);generated",
-        "kotlin.ranges;RangesKt;downTo;(long,short);generated",
-        "kotlin.ranges;RangesKt;downTo;(short,byte);generated",
-        "kotlin.ranges;RangesKt;downTo;(short,int);generated",
-        "kotlin.ranges;RangesKt;downTo;(short,long);generated",
-        "kotlin.ranges;RangesKt;downTo;(short,short);generated",
-        "kotlin.ranges;RangesKt;first;(CharProgression);generated",
-        "kotlin.ranges;RangesKt;first;(IntProgression);generated",
-        "kotlin.ranges;RangesKt;first;(LongProgression);generated",
-        "kotlin.ranges;RangesKt;firstOrNull;(CharProgression);generated",
-        "kotlin.ranges;RangesKt;firstOrNull;(IntProgression);generated",
-        "kotlin.ranges;RangesKt;firstOrNull;(LongProgression);generated",
-        "kotlin.ranges;RangesKt;floatRangeContains;(ClosedRange,byte);generated",
-        "kotlin.ranges;RangesKt;floatRangeContains;(ClosedRange,double);generated",
-        "kotlin.ranges;RangesKt;floatRangeContains;(ClosedRange,int);generated",
-        "kotlin.ranges;RangesKt;floatRangeContains;(ClosedRange,long);generated",
-        "kotlin.ranges;RangesKt;floatRangeContains;(ClosedRange,short);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(ClosedRange,byte);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(ClosedRange,double);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(ClosedRange,float);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(ClosedRange,long);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(ClosedRange,short);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(OpenEndRange,byte);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(OpenEndRange,long);generated",
-        "kotlin.ranges;RangesKt;intRangeContains;(OpenEndRange,short);generated",
-        "kotlin.ranges;RangesKt;last;(CharProgression);generated",
-        "kotlin.ranges;RangesKt;last;(IntProgression);generated",
-        "kotlin.ranges;RangesKt;last;(LongProgression);generated",
-        "kotlin.ranges;RangesKt;lastOrNull;(CharProgression);generated",
-        "kotlin.ranges;RangesKt;lastOrNull;(IntProgression);generated",
-        "kotlin.ranges;RangesKt;lastOrNull;(LongProgression);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(ClosedRange,byte);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(ClosedRange,double);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(ClosedRange,float);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(ClosedRange,int);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(ClosedRange,short);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(OpenEndRange,byte);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(OpenEndRange,int);generated",
-        "kotlin.ranges;RangesKt;longRangeContains;(OpenEndRange,short);generated",
-        "kotlin.ranges;RangesKt;random;(CharRange);generated",
-        "kotlin.ranges;RangesKt;random;(CharRange,Random);generated",
-        "kotlin.ranges;RangesKt;random;(IntRange);generated",
-        "kotlin.ranges;RangesKt;random;(IntRange,Random);generated",
-        "kotlin.ranges;RangesKt;random;(LongRange);generated",
-        "kotlin.ranges;RangesKt;random;(LongRange,Random);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(CharRange);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(CharRange,Random);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(IntRange);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(IntRange,Random);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(LongRange);generated",
-        "kotlin.ranges;RangesKt;randomOrNull;(LongRange,Random);generated",
-        "kotlin.ranges;RangesKt;rangeTo;(double,double);generated",
-        "kotlin.ranges;RangesKt;rangeTo;(float,float);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(byte,byte);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(byte,int);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(byte,long);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(byte,short);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(char,char);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(double,double);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(float,float);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(int,byte);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(int,int);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(int,long);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(int,short);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(long,byte);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(long,int);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(long,long);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(long,short);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(short,byte);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(short,int);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(short,long);generated",
-        "kotlin.ranges;RangesKt;rangeUntil;(short,short);generated",
-        "kotlin.ranges;RangesKt;reversed;(CharProgression);generated",
-        "kotlin.ranges;RangesKt;reversed;(IntProgression);generated",
-        "kotlin.ranges;RangesKt;reversed;(LongProgression);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(ClosedRange,byte);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(ClosedRange,double);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(ClosedRange,float);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(ClosedRange,int);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(ClosedRange,long);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(OpenEndRange,byte);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(OpenEndRange,int);generated",
-        "kotlin.ranges;RangesKt;shortRangeContains;(OpenEndRange,long);generated",
-        "kotlin.ranges;RangesKt;step;(CharProgression,int);generated",
-        "kotlin.ranges;RangesKt;step;(IntProgression,int);generated",
-        "kotlin.ranges;RangesKt;step;(LongProgression,long);generated",
-        "kotlin.ranges;RangesKt;until;(byte,byte);generated",
-        "kotlin.ranges;RangesKt;until;(byte,int);generated",
-        "kotlin.ranges;RangesKt;until;(byte,long);generated",
-        "kotlin.ranges;RangesKt;until;(byte,short);generated",
-        "kotlin.ranges;RangesKt;until;(char,char);generated",
-        "kotlin.ranges;RangesKt;until;(int,byte);generated",
-        "kotlin.ranges;RangesKt;until;(int,int);generated",
-        "kotlin.ranges;RangesKt;until;(int,long);generated",
-        "kotlin.ranges;RangesKt;until;(int,short);generated",
-        "kotlin.ranges;RangesKt;until;(long,byte);generated",
-        "kotlin.ranges;RangesKt;until;(long,int);generated",
-        "kotlin.ranges;RangesKt;until;(long,long);generated",
-        "kotlin.ranges;RangesKt;until;(long,short);generated",
-        "kotlin.ranges;RangesKt;until;(short,byte);generated",
-        "kotlin.ranges;RangesKt;until;(short,int);generated",
-        "kotlin.ranges;RangesKt;until;(short,long);generated",
-        "kotlin.ranges;RangesKt;until;(short,short);generated",
-        "kotlin.ranges;UIntProgression$Companion;fromClosedRange;(int,int,int);generated",
-        "kotlin.ranges;UIntProgression;equals;(Object);generated",
-        "kotlin.ranges;UIntProgression;getFirst;();generated",
-        "kotlin.ranges;UIntProgression;getLast;();generated",
-        "kotlin.ranges;UIntProgression;getStep;();generated",
-        "kotlin.ranges;UIntProgression;hashCode;();generated",
-        "kotlin.ranges;UIntProgression;isEmpty;();generated",
-        "kotlin.ranges;UIntProgression;toString;();generated",
-        "kotlin.ranges;UIntRange;UIntRange;(int,int);generated",
-        "kotlin.ranges;UIntRange;contains;(int);generated",
-        "kotlin.ranges;UIntRange;equals;(Object);generated",
-        "kotlin.ranges;UIntRange;hashCode;();generated",
-        "kotlin.ranges;UIntRange;toString;();generated",
-        "kotlin.ranges;ULongProgression$Companion;fromClosedRange;(long,long,long);generated",
-        "kotlin.ranges;ULongProgression;equals;(Object);generated",
-        "kotlin.ranges;ULongProgression;getFirst;();generated",
-        "kotlin.ranges;ULongProgression;getLast;();generated",
-        "kotlin.ranges;ULongProgression;getStep;();generated",
-        "kotlin.ranges;ULongProgression;hashCode;();generated",
-        "kotlin.ranges;ULongProgression;isEmpty;();generated",
-        "kotlin.ranges;ULongProgression;toString;();generated",
-        "kotlin.ranges;ULongRange;ULongRange;(long,long);generated",
-        "kotlin.ranges;ULongRange;contains;(long);generated",
-        "kotlin.ranges;ULongRange;equals;(Object);generated",
-        "kotlin.ranges;ULongRange;hashCode;();generated",
-        "kotlin.ranges;ULongRange;toString;();generated",
-        "kotlin.ranges;URangesKt;coerceAtLeast;(byte,byte);generated",
-        "kotlin.ranges;URangesKt;coerceAtLeast;(int,int);generated",
-        "kotlin.ranges;URangesKt;coerceAtLeast;(long,long);generated",
-        "kotlin.ranges;URangesKt;coerceAtLeast;(short,short);generated",
-        "kotlin.ranges;URangesKt;coerceAtMost;(byte,byte);generated",
-        "kotlin.ranges;URangesKt;coerceAtMost;(int,int);generated",
-        "kotlin.ranges;URangesKt;coerceAtMost;(long,long);generated",
-        "kotlin.ranges;URangesKt;coerceAtMost;(short,short);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(byte,byte,byte);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(int,ClosedRange);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(int,int,int);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(long,ClosedRange);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(long,long,long);generated",
-        "kotlin.ranges;URangesKt;coerceIn;(short,short,short);generated",
-        "kotlin.ranges;URangesKt;contains;(UIntRange,UInt);generated",
-        "kotlin.ranges;URangesKt;contains;(UIntRange,byte);generated",
-        "kotlin.ranges;URangesKt;contains;(UIntRange,long);generated",
-        "kotlin.ranges;URangesKt;contains;(UIntRange,short);generated",
-        "kotlin.ranges;URangesKt;contains;(ULongRange,ULong);generated",
-        "kotlin.ranges;URangesKt;contains;(ULongRange,byte);generated",
-        "kotlin.ranges;URangesKt;contains;(ULongRange,int);generated",
-        "kotlin.ranges;URangesKt;contains;(ULongRange,short);generated",
-        "kotlin.ranges;URangesKt;downTo;(byte,byte);generated",
-        "kotlin.ranges;URangesKt;downTo;(int,int);generated",
-        "kotlin.ranges;URangesKt;downTo;(long,long);generated",
-        "kotlin.ranges;URangesKt;downTo;(short,short);generated",
-        "kotlin.ranges;URangesKt;first;(UIntProgression);generated",
-        "kotlin.ranges;URangesKt;first;(ULongProgression);generated",
-        "kotlin.ranges;URangesKt;firstOrNull;(UIntProgression);generated",
-        "kotlin.ranges;URangesKt;firstOrNull;(ULongProgression);generated",
-        "kotlin.ranges;URangesKt;last;(UIntProgression);generated",
-        "kotlin.ranges;URangesKt;last;(ULongProgression);generated",
-        "kotlin.ranges;URangesKt;lastOrNull;(UIntProgression);generated",
-        "kotlin.ranges;URangesKt;lastOrNull;(ULongProgression);generated",
-        "kotlin.ranges;URangesKt;random;(UIntRange);generated",
-        "kotlin.ranges;URangesKt;random;(UIntRange,Random);generated",
-        "kotlin.ranges;URangesKt;random;(ULongRange);generated",
-        "kotlin.ranges;URangesKt;random;(ULongRange,Random);generated",
-        "kotlin.ranges;URangesKt;randomOrNull;(UIntRange);generated",
-        "kotlin.ranges;URangesKt;randomOrNull;(UIntRange,Random);generated",
-        "kotlin.ranges;URangesKt;randomOrNull;(ULongRange);generated",
-        "kotlin.ranges;URangesKt;randomOrNull;(ULongRange,Random);generated",
-        "kotlin.ranges;URangesKt;rangeUntil;(byte,byte);generated",
-        "kotlin.ranges;URangesKt;rangeUntil;(int,int);generated",
-        "kotlin.ranges;URangesKt;rangeUntil;(long,long);generated",
-        "kotlin.ranges;URangesKt;rangeUntil;(short,short);generated",
-        "kotlin.ranges;URangesKt;reversed;(UIntProgression);generated",
-        "kotlin.ranges;URangesKt;reversed;(ULongProgression);generated",
-        "kotlin.ranges;URangesKt;step;(UIntProgression,int);generated",
-        "kotlin.ranges;URangesKt;step;(ULongProgression,long);generated",
-        "kotlin.ranges;URangesKt;until;(byte,byte);generated",
-        "kotlin.ranges;URangesKt;until;(int,int);generated",
-        "kotlin.ranges;URangesKt;until;(long,long);generated",
-        "kotlin.ranges;URangesKt;until;(short,short);generated",
-        "kotlin.reflect;KAnnotatedElement;getAnnotations;();generated",
-        "kotlin.reflect;KCallable;call;(Object[]);generated",
-        "kotlin.reflect;KCallable;callBy;(Map);generated",
-        "kotlin.reflect;KCallable;getName;();generated",
-        "kotlin.reflect;KCallable;getParameters;();generated",
-        "kotlin.reflect;KCallable;getReturnType;();generated",
-        "kotlin.reflect;KCallable;getTypeParameters;();generated",
-        "kotlin.reflect;KCallable;getVisibility;();generated",
-        "kotlin.reflect;KCallable;isAbstract;();generated",
-        "kotlin.reflect;KCallable;isFinal;();generated",
-        "kotlin.reflect;KCallable;isOpen;();generated",
-        "kotlin.reflect;KCallable;isSuspend;();generated",
-        "kotlin.reflect;KClass;equals;(Object);generated",
-        "kotlin.reflect;KClass;getConstructors;();generated",
-        "kotlin.reflect;KClass;getNestedClasses;();generated",
-        "kotlin.reflect;KClass;getObjectInstance;();generated",
-        "kotlin.reflect;KClass;getQualifiedName;();generated",
-        "kotlin.reflect;KClass;getSealedSubclasses;();generated",
-        "kotlin.reflect;KClass;getSimpleName;();generated",
-        "kotlin.reflect;KClass;getSupertypes;();generated",
-        "kotlin.reflect;KClass;getTypeParameters;();generated",
-        "kotlin.reflect;KClass;getVisibility;();generated",
-        "kotlin.reflect;KClass;hashCode;();generated",
-        "kotlin.reflect;KClass;isAbstract;();generated",
-        "kotlin.reflect;KClass;isCompanion;();generated",
-        "kotlin.reflect;KClass;isData;();generated", "kotlin.reflect;KClass;isFinal;();generated",
-        "kotlin.reflect;KClass;isFun;();generated", "kotlin.reflect;KClass;isInner;();generated",
-        "kotlin.reflect;KClass;isInstance;(Object);generated",
-        "kotlin.reflect;KClass;isOpen;();generated", "kotlin.reflect;KClass;isSealed;();generated",
-        "kotlin.reflect;KClass;isValue;();generated",
-        "kotlin.reflect;KDeclarationContainer;getMembers;();generated",
-        "kotlin.reflect;KFunction;isExternal;();generated",
-        "kotlin.reflect;KFunction;isInfix;();generated",
-        "kotlin.reflect;KFunction;isInline;();generated",
-        "kotlin.reflect;KFunction;isOperator;();generated",
-        "kotlin.reflect;KMutableProperty0;set;(Object);generated",
-        "kotlin.reflect;KMutableProperty1;set;(Object,Object);generated",
-        "kotlin.reflect;KMutableProperty2;set;(Object,Object,Object);generated",
-        "kotlin.reflect;KMutableProperty;getSetter;();generated",
-        "kotlin.reflect;KParameter$Kind;valueOf;(String);generated",
-        "kotlin.reflect;KParameter$Kind;values;();generated",
-        "kotlin.reflect;KParameter;getIndex;();generated",
-        "kotlin.reflect;KParameter;getKind;();generated",
-        "kotlin.reflect;KParameter;getName;();generated",
-        "kotlin.reflect;KParameter;getType;();generated",
-        "kotlin.reflect;KParameter;isOptional;();generated",
-        "kotlin.reflect;KParameter;isVararg;();generated",
-        "kotlin.reflect;KProperty$Accessor;getProperty;();generated",
-        "kotlin.reflect;KProperty0;get;();generated",
-        "kotlin.reflect;KProperty0;getDelegate;();generated",
-        "kotlin.reflect;KProperty1;get;(Object);generated",
-        "kotlin.reflect;KProperty1;getDelegate;(Object);generated",
-        "kotlin.reflect;KProperty2;get;(Object,Object);generated",
-        "kotlin.reflect;KProperty2;getDelegate;(Object,Object);generated",
-        "kotlin.reflect;KProperty;getGetter;();generated",
-        "kotlin.reflect;KProperty;isConst;();generated",
-        "kotlin.reflect;KProperty;isLateinit;();generated",
-        "kotlin.reflect;KType;getArguments;();generated",
-        "kotlin.reflect;KType;getClassifier;();generated",
-        "kotlin.reflect;KType;isMarkedNullable;();generated",
-        "kotlin.reflect;KTypeParameter;getName;();generated",
-        "kotlin.reflect;KTypeParameter;getUpperBounds;();generated",
-        "kotlin.reflect;KTypeParameter;getVariance;();generated",
-        "kotlin.reflect;KTypeParameter;isReified;();generated",
-        "kotlin.reflect;KTypeProjection$Companion;getSTAR;();generated",
-        "kotlin.reflect;KTypeProjection;component1;();generated",
-        "kotlin.reflect;KTypeProjection;equals;(Object);generated",
-        "kotlin.reflect;KTypeProjection;getVariance;();generated",
-        "kotlin.reflect;KTypeProjection;hashCode;();generated",
-        "kotlin.reflect;KVariance;valueOf;(String);generated",
-        "kotlin.reflect;KVariance;values;();generated",
-        "kotlin.reflect;KVisibility;valueOf;(String);generated",
-        "kotlin.reflect;KVisibility;values;();generated",
-        "kotlin.reflect;TypeOfKt;typeOf;();generated",
-        "kotlin.sequences;Sequence;iterator;();generated",
-        "kotlin.sequences;SequenceScope;yield;(Object);generated",
-        "kotlin.sequences;SequenceScope;yieldAll;(Iterable);generated",
-        "kotlin.sequences;SequenceScope;yieldAll;(Iterator);generated",
-        "kotlin.sequences;SequencesKt;Sequence;(Function0);generated",
-        "kotlin.sequences;SequencesKt;all;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;any;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;any;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;asIterable;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;asSequence;(Enumeration);generated",
-        "kotlin.sequences;SequencesKt;asSequence;(Iterator);generated",
-        "kotlin.sequences;SequencesKt;associate;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;associateBy;(Sequence,Function1,Function1);generated",
-        "kotlin.sequences;SequencesKt;averageOfByte;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;averageOfDouble;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;averageOfFloat;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;averageOfInt;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;averageOfLong;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;averageOfShort;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;chunked;(Sequence,int);generated",
-        "kotlin.sequences;SequencesKt;contains;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;count;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;count;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;emptySequence;();generated",
-        "kotlin.sequences;SequencesKt;filterIndexed;(Sequence,Function2);generated",
-        "kotlin.sequences;SequencesKt;flatMapIndexedIterable;(Sequence,Function2);generated",
-        "kotlin.sequences;SequencesKt;flatMapIndexedSequence;(Sequence,Function2);generated",
-        "kotlin.sequences;SequencesKt;forEach;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;forEachIndexed;(Sequence,Function2);generated",
-        "kotlin.sequences;SequencesKt;groupBy;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;groupBy;(Sequence,Function1,Function1);generated",
-        "kotlin.sequences;SequencesKt;groupingBy;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;ifEmpty;(Sequence,Function0);generated",
-        "kotlin.sequences;SequencesKt;indexOf;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;indexOfFirst;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;indexOfLast;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;iterator;(SuspendFunction1);generated",
-        "kotlin.sequences;SequencesKt;lastIndexOf;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;max;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;maxOf;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;maxOfOrNull;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;maxOrNull;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;maxOrThrow;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;min;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;minOf;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;minOfOrNull;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;minOrNull;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;minOrThrow;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;minus;(Sequence,Iterable);generated",
-        "kotlin.sequences;SequencesKt;minus;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;minus;(Sequence,Sequence);generated",
-        "kotlin.sequences;SequencesKt;minusElement;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;none;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;none;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;plus;(Sequence,Iterable);generated",
-        "kotlin.sequences;SequencesKt;plus;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;plus;(Sequence,Object[]);generated",
-        "kotlin.sequences;SequencesKt;plus;(Sequence,Sequence);generated",
-        "kotlin.sequences;SequencesKt;plusElement;(Sequence,Object);generated",
-        "kotlin.sequences;SequencesKt;runningFold;(Sequence,Object,Function2);generated",
-        "kotlin.sequences;SequencesKt;runningFoldIndexed;(Sequence,Object,Function3);generated",
-        "kotlin.sequences;SequencesKt;runningReduce;(Sequence,Function2);generated",
-        "kotlin.sequences;SequencesKt;runningReduceIndexed;(Sequence,Function3);generated",
-        "kotlin.sequences;SequencesKt;scan;(Sequence,Object,Function2);generated",
-        "kotlin.sequences;SequencesKt;scanIndexed;(Sequence,Object,Function3);generated",
-        "kotlin.sequences;SequencesKt;sequence;(SuspendFunction1);generated",
-        "kotlin.sequences;SequencesKt;sequenceOf;(Object[]);generated",
-        "kotlin.sequences;SequencesKt;shuffled;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;shuffled;(Sequence,Random);generated",
-        "kotlin.sequences;SequencesKt;sorted;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sortedBy;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sortedByDescending;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sortedDescending;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sortedWith;(Sequence,Comparator);generated",
-        "kotlin.sequences;SequencesKt;sumBy;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumByDouble;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfBigDecimal;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfBigInteger;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfByte;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfDouble;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfDouble;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfFloat;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfInt;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfInt;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfLong;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfLong;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfShort;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;sumOfUInt;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;sumOfULong;(Sequence,Function1);generated",
-        "kotlin.sequences;SequencesKt;windowed;(Sequence,int,int,boolean);generated",
-        "kotlin.sequences;SequencesKt;zipWithNext;(Sequence);generated",
-        "kotlin.sequences;SequencesKt;zipWithNext;(Sequence,Function2);generated",
-        "kotlin.sequences;USequencesKt;sumOfUByte;(Sequence);generated",
-        "kotlin.sequences;USequencesKt;sumOfUInt;(Sequence);generated",
-        "kotlin.sequences;USequencesKt;sumOfULong;(Sequence);generated",
-        "kotlin.sequences;USequencesKt;sumOfUShort;(Sequence);generated",
-        "kotlin.system;ProcessKt;exitProcess;(int);generated",
-        "kotlin.system;TimingKt;measureNanoTime;(Function0);generated",
-        "kotlin.system;TimingKt;measureTimeMillis;(Function0);generated",
-        "kotlin.text;Appendable;append;(CharSequence);generated",
-        "kotlin.text;Appendable;append;(CharSequence,int,int);generated",
-        "kotlin.text;Appendable;append;(char);generated",
-        "kotlin.text;CharCategory$Companion;valueOf;(int);generated",
-        "kotlin.text;CharCategory;contains;(char);generated",
-        "kotlin.text;CharCategory;getCode;();generated",
-        "kotlin.text;CharCategory;getValue;();generated",
-        "kotlin.text;CharCategory;valueOf;(String);generated",
-        "kotlin.text;CharCategory;values;();generated",
-        "kotlin.text;CharDirectionality$Companion;valueOf;(int);generated",
-        "kotlin.text;CharDirectionality;getValue;();generated",
-        "kotlin.text;CharDirectionality;valueOf;(String);generated",
-        "kotlin.text;CharDirectionality;values;();generated",
-        "kotlin.text;CharacterCodingException;CharacterCodingException;();generated",
-        "kotlin.text;CharsKt;digitToChar;(int);generated",
-        "kotlin.text;CharsKt;digitToChar;(int,int);generated",
-        "kotlin.text;CharsKt;digitToInt;(char);generated",
-        "kotlin.text;CharsKt;digitToInt;(char,int);generated",
-        "kotlin.text;CharsKt;digitToIntOrNull;(char);generated",
-        "kotlin.text;CharsKt;digitToIntOrNull;(char,int);generated",
-        "kotlin.text;CharsKt;equals;(char,char,boolean);generated",
-        "kotlin.text;CharsKt;getCategory;(char);generated",
-        "kotlin.text;CharsKt;getDirectionality;(char);generated",
-        "kotlin.text;CharsKt;isDefined;(char);generated",
-        "kotlin.text;CharsKt;isDigit;(char);generated",
-        "kotlin.text;CharsKt;isHighSurrogate;(char);generated",
-        "kotlin.text;CharsKt;isISOControl;(char);generated",
-        "kotlin.text;CharsKt;isIdentifierIgnorable;(char);generated",
-        "kotlin.text;CharsKt;isJavaIdentifierPart;(char);generated",
-        "kotlin.text;CharsKt;isJavaIdentifierStart;(char);generated",
-        "kotlin.text;CharsKt;isLetter;(char);generated",
-        "kotlin.text;CharsKt;isLetterOrDigit;(char);generated",
-        "kotlin.text;CharsKt;isLowSurrogate;(char);generated",
-        "kotlin.text;CharsKt;isLowerCase;(char);generated",
-        "kotlin.text;CharsKt;isSurrogate;(char);generated",
-        "kotlin.text;CharsKt;isTitleCase;(char);generated",
-        "kotlin.text;CharsKt;isUpperCase;(char);generated",
-        "kotlin.text;CharsKt;isWhitespace;(char);generated",
-        "kotlin.text;CharsKt;lowercase;(char);generated",
-        "kotlin.text;CharsKt;lowercase;(char,Locale);generated",
-        "kotlin.text;CharsKt;lowercaseChar;(char);generated",
-        "kotlin.text;CharsKt;titlecase;(char);generated",
-        "kotlin.text;CharsKt;titlecase;(char,Locale);generated",
-        "kotlin.text;CharsKt;titlecaseChar;(char);generated",
-        "kotlin.text;CharsKt;toLowerCase;(char);generated",
-        "kotlin.text;CharsKt;toTitleCase;(char);generated",
-        "kotlin.text;CharsKt;toUpperCase;(char);generated",
-        "kotlin.text;CharsKt;uppercase;(char);generated",
-        "kotlin.text;CharsKt;uppercase;(char,Locale);generated",
-        "kotlin.text;CharsKt;uppercaseChar;(char);generated",
-        "kotlin.text;Charsets;UTF32;();generated", "kotlin.text;Charsets;UTF32_BE;();generated",
-        "kotlin.text;Charsets;UTF32_LE;();generated",
-        "kotlin.text;Charsets;getISO_8859_1;();generated",
-        "kotlin.text;Charsets;getUS_ASCII;();generated",
-        "kotlin.text;Charsets;getUTF_16;();generated",
-        "kotlin.text;Charsets;getUTF_16BE;();generated",
-        "kotlin.text;Charsets;getUTF_16LE;();generated",
-        "kotlin.text;Charsets;getUTF_8;();generated",
-        "kotlin.text;CharsetsKt;charset;(String);generated",
-        "kotlin.text;FlagEnum;getMask;();generated", "kotlin.text;FlagEnum;getValue;();generated",
-        "kotlin.text;MatchGroup;equals;(Object);generated",
-        "kotlin.text;MatchGroup;hashCode;();generated",
-        "kotlin.text;MatchGroupCollection;get;(int);generated",
-        "kotlin.text;MatchNamedGroupCollection;get;(String);generated",
-        "kotlin.text;MatchResult;getGroupValues;();generated",
-        "kotlin.text;MatchResult;getGroups;();generated",
-        "kotlin.text;MatchResult;getRange;();generated",
-        "kotlin.text;MatchResult;getValue;();generated",
-        "kotlin.text;MatchResult;next;();generated",
-        "kotlin.text;Regex$Companion;escapeReplacement;(String);generated",
-        "kotlin.text;Regex$Companion;fromLiteral;(String);generated",
-        "kotlin.text;Regex;Regex;(String);generated",
-        "kotlin.text;Regex;Regex;(String,RegexOption);generated",
-        "kotlin.text;Regex;Regex;(String,Set);generated",
-        "kotlin.text;Regex;containsMatchIn;(CharSequence);generated",
-        "kotlin.text;Regex;findAll;(CharSequence,int);generated",
-        "kotlin.text;Regex;getPattern;();generated",
-        "kotlin.text;Regex;matchAt;(CharSequence,int);generated",
-        "kotlin.text;Regex;matches;(CharSequence);generated",
-        "kotlin.text;Regex;matchesAt;(CharSequence,int);generated",
-        "kotlin.text;Regex;split;(CharSequence,int);generated",
-        "kotlin.text;Regex;splitToSequence;(CharSequence,int);generated",
-        "kotlin.text;Regex;toString;();generated",
-        "kotlin.text;RegexOption;valueOf;(String);generated",
-        "kotlin.text;RegexOption;values;();generated",
-        "kotlin.text;StringBuilder;StringBuilder;();generated",
-        "kotlin.text;StringBuilder;StringBuilder;(CharSequence);generated",
-        "kotlin.text;StringBuilder;StringBuilder;(String);generated",
-        "kotlin.text;StringBuilder;StringBuilder;(int);generated",
-        "kotlin.text;StringBuilder;append;(Object);generated",
-        "kotlin.text;StringBuilder;append;(String);generated",
-        "kotlin.text;StringBuilder;append;(boolean);generated",
-        "kotlin.text;StringBuilder;append;(char[]);generated",
-        "kotlin.text;StringBuilder;capacity;();generated",
-        "kotlin.text;StringBuilder;ensureCapacity;(int);generated",
-        "kotlin.text;StringBuilder;get;(int);generated",
-        "kotlin.text;StringBuilder;indexOf;(String);generated",
-        "kotlin.text;StringBuilder;indexOf;(String,int);generated",
-        "kotlin.text;StringBuilder;insert;(int,CharSequence);generated",
-        "kotlin.text;StringBuilder;insert;(int,Object);generated",
-        "kotlin.text;StringBuilder;insert;(int,String);generated",
-        "kotlin.text;StringBuilder;insert;(int,boolean);generated",
-        "kotlin.text;StringBuilder;insert;(int,char);generated",
-        "kotlin.text;StringBuilder;insert;(int,char[]);generated",
-        "kotlin.text;StringBuilder;lastIndexOf;(String);generated",
-        "kotlin.text;StringBuilder;lastIndexOf;(String,int);generated",
-        "kotlin.text;StringBuilder;reverse;();generated",
-        "kotlin.text;StringBuilder;setLength;(int);generated",
-        "kotlin.text;StringBuilder;substring;(int);generated",
-        "kotlin.text;StringBuilder;substring;(int,int);generated",
-        "kotlin.text;StringBuilder;trimToSize;();generated",
-        "kotlin.text;StringsKt;String;(int[],int,int);generated",
-        "kotlin.text;StringsKt;all;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;any;(CharSequence);generated",
-        "kotlin.text;StringsKt;any;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;asIterable;(CharSequence);generated",
-        "kotlin.text;StringsKt;asSequence;(CharSequence);generated",
-        "kotlin.text;StringsKt;associate;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;associateBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;associateBy;(CharSequence,Function1,Function1);generated",
-        "kotlin.text;StringsKt;associateWith;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;buildString;(Function1);generated",
-        "kotlin.text;StringsKt;buildString;(int,Function1);generated",
-        "kotlin.text;StringsKt;chunked;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;chunked;(CharSequence,int,Function1);generated",
-        "kotlin.text;StringsKt;chunkedSequence;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;chunkedSequence;(CharSequence,int,Function1);generated",
-        "kotlin.text;StringsKt;codePointAt;(String,int);generated",
-        "kotlin.text;StringsKt;codePointBefore;(String,int);generated",
-        "kotlin.text;StringsKt;codePointCount;(String,int,int);generated",
-        "kotlin.text;StringsKt;commonPrefixWith;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;commonSuffixWith;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;compareTo;(String,String,boolean);generated",
-        "kotlin.text;StringsKt;contains;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;contains;(CharSequence,Regex);generated",
-        "kotlin.text;StringsKt;contains;(CharSequence,char,boolean);generated",
-        "kotlin.text;StringsKt;contentEquals;(CharSequence,CharSequence);generated",
-        "kotlin.text;StringsKt;contentEquals;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;contentEquals;(String,CharSequence);generated",
-        "kotlin.text;StringsKt;contentEquals;(String,StringBuffer);generated",
-        "kotlin.text;StringsKt;count;(CharSequence);generated",
-        "kotlin.text;StringsKt;count;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;deleteAt;(StringBuilder,int);generated",
-        "kotlin.text;StringsKt;deleteRange;(StringBuilder,int,int);generated",
-        "kotlin.text;StringsKt;elementAt;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;elementAtOrElse;(CharSequence,int,Function1);generated",
-        "kotlin.text;StringsKt;elementAtOrNull;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;endsWith;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;endsWith;(CharSequence,char,boolean);generated",
-        "kotlin.text;StringsKt;endsWith;(String,String,boolean);generated",
-        "kotlin.text;StringsKt;equals;(String,String,boolean);generated",
-        "kotlin.text;StringsKt;filter;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;filter;(String,Function1);generated",
-        "kotlin.text;StringsKt;filterIndexed;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;filterIndexed;(String,Function2);generated",
-        "kotlin.text;StringsKt;filterNot;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;filterNot;(String,Function1);generated",
-        "kotlin.text;StringsKt;find;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;findLast;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;first;(CharSequence);generated",
-        "kotlin.text;StringsKt;first;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;firstNotNullOf;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;firstNotNullOfOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;firstOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;firstOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;flatMap;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;flatMapIndexedIterable;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;forEach;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;forEachIndexed;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;getCASE_INSENSITIVE_ORDER;(StringCompanionObject);generated",
-        "kotlin.text;StringsKt;getIndices;(CharSequence);generated",
-        "kotlin.text;StringsKt;getLastIndex;(CharSequence);generated",
-        "kotlin.text;StringsKt;getOrElse;(CharSequence,int,Function1);generated",
-        "kotlin.text;StringsKt;getOrNull;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;groupBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;groupBy;(CharSequence,Function1,Function1);generated",
-        "kotlin.text;StringsKt;groupingBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;hasSurrogatePairAt;(CharSequence,int);generated",
-        "kotlin.text;StringsKt;indexOf;(CharSequence,String,int,boolean);generated",
-        "kotlin.text;StringsKt;indexOf;(CharSequence,char,int,boolean);generated",
-        "kotlin.text;StringsKt;indexOfAny;(CharSequence,Collection,int,boolean);generated",
-        "kotlin.text;StringsKt;indexOfAny;(CharSequence,char[],int,boolean);generated",
-        "kotlin.text;StringsKt;indexOfFirst;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;indexOfLast;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;isBlank;(CharSequence);generated",
-        "kotlin.text;StringsKt;isEmpty;(CharSequence);generated",
-        "kotlin.text;StringsKt;isNotBlank;(CharSequence);generated",
-        "kotlin.text;StringsKt;isNotEmpty;(CharSequence);generated",
-        "kotlin.text;StringsKt;isNullOrBlank;(CharSequence);generated",
-        "kotlin.text;StringsKt;isNullOrEmpty;(CharSequence);generated",
-        "kotlin.text;StringsKt;iterator;(CharSequence);generated",
-        "kotlin.text;StringsKt;last;(CharSequence);generated",
-        "kotlin.text;StringsKt;last;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;lastIndexOf;(CharSequence,String,int,boolean);generated",
-        "kotlin.text;StringsKt;lastIndexOf;(CharSequence,char,int,boolean);generated",
-        "kotlin.text;StringsKt;lastIndexOfAny;(CharSequence,Collection,int,boolean);generated",
-        "kotlin.text;StringsKt;lastIndexOfAny;(CharSequence,char[],int,boolean);generated",
-        "kotlin.text;StringsKt;lastOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;lastOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;map;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;mapIndexed;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;mapIndexedNotNull;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;mapNotNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;matches;(CharSequence,Regex);generated",
-        "kotlin.text;StringsKt;max;(CharSequence);generated",
-        "kotlin.text;StringsKt;maxBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;maxByOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;maxByOrThrow;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;maxOf;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;maxOfOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;maxOfWith;(CharSequence,Comparator,Function1);generated",
-        "kotlin.text;StringsKt;maxOfWithOrNull;(CharSequence,Comparator,Function1);generated",
-        "kotlin.text;StringsKt;maxOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;maxOrThrow;(CharSequence);generated",
-        "kotlin.text;StringsKt;maxWith;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;maxWithOrNull;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;maxWithOrThrow;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;min;(CharSequence);generated",
-        "kotlin.text;StringsKt;minBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;minByOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;minByOrThrow;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;minOf;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;minOfOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;minOfWith;(CharSequence,Comparator,Function1);generated",
-        "kotlin.text;StringsKt;minOfWithOrNull;(CharSequence,Comparator,Function1);generated",
-        "kotlin.text;StringsKt;minOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;minOrThrow;(CharSequence);generated",
-        "kotlin.text;StringsKt;minWith;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;minWithOrNull;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;minWithOrThrow;(CharSequence,Comparator);generated",
-        "kotlin.text;StringsKt;none;(CharSequence);generated",
-        "kotlin.text;StringsKt;none;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;offsetByCodePoints;(String,int,int);generated",
-        "kotlin.text;StringsKt;padEnd;(String,int,char);generated",
-        "kotlin.text;StringsKt;padStart;(String,int,char);generated",
-        "kotlin.text;StringsKt;partition;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;partition;(String,Function1);generated",
-        "kotlin.text;StringsKt;random;(CharSequence);generated",
-        "kotlin.text;StringsKt;random;(CharSequence,Random);generated",
-        "kotlin.text;StringsKt;randomOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;randomOrNull;(CharSequence,Random);generated",
-        "kotlin.text;StringsKt;reduce;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;reduceIndexed;(CharSequence,Function3);generated",
-        "kotlin.text;StringsKt;reduceIndexedOrNull;(CharSequence,Function3);generated",
-        "kotlin.text;StringsKt;reduceOrNull;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;reduceRight;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;reduceRightIndexed;(CharSequence,Function3);generated",
-        "kotlin.text;StringsKt;reduceRightIndexedOrNull;(CharSequence,Function3);generated",
-        "kotlin.text;StringsKt;reduceRightOrNull;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;regionMatches;(CharSequence,int,CharSequence,int,int,boolean);generated",
-        "kotlin.text;StringsKt;regionMatches;(String,int,String,int,int,boolean);generated",
-        "kotlin.text;StringsKt;removeRange;(String,IntRange);generated",
-        "kotlin.text;StringsKt;removeRange;(String,int,int);generated",
-        "kotlin.text;StringsKt;replace;(String,String,String,boolean);generated",
-        "kotlin.text;StringsKt;replaceIndent;(String,String);generated",
-        "kotlin.text;StringsKt;replaceIndentByMargin;(String,String,String);generated",
-        "kotlin.text;StringsKt;replaceRange;(String,IntRange,CharSequence);generated",
-        "kotlin.text;StringsKt;replaceRange;(String,int,int,CharSequence);generated",
-        "kotlin.text;StringsKt;reversed;(String);generated",
-        "kotlin.text;StringsKt;runningReduce;(CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;runningReduceIndexed;(CharSequence,Function3);generated",
-        "kotlin.text;StringsKt;set;(StringBuilder,int,char);generated",
-        "kotlin.text;StringsKt;single;(CharSequence);generated",
-        "kotlin.text;StringsKt;single;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;singleOrNull;(CharSequence);generated",
-        "kotlin.text;StringsKt;singleOrNull;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;slice;(CharSequence,Iterable);generated",
-        "kotlin.text;StringsKt;slice;(String,Iterable);generated",
-        "kotlin.text;StringsKt;split;(CharSequence,Regex,int);generated",
-        "kotlin.text;StringsKt;split;(CharSequence,String[],boolean,int);generated",
-        "kotlin.text;StringsKt;split;(CharSequence,char[],boolean,int);generated",
-        "kotlin.text;StringsKt;splitToSequence;(CharSequence,Regex,int);generated",
-        "kotlin.text;StringsKt;startsWith;(CharSequence,CharSequence,boolean);generated",
-        "kotlin.text;StringsKt;startsWith;(CharSequence,CharSequence,int,boolean);generated",
-        "kotlin.text;StringsKt;startsWith;(CharSequence,char,boolean);generated",
-        "kotlin.text;StringsKt;startsWith;(String,String,boolean);generated",
-        "kotlin.text;StringsKt;startsWith;(String,String,int,boolean);generated",
-        "kotlin.text;StringsKt;substring;(CharSequence,IntRange);generated",
-        "kotlin.text;StringsKt;substring;(CharSequence,int,int);generated",
-        "kotlin.text;StringsKt;sumBy;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumByDouble;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfBigDecimal;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfBigInteger;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfDouble;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfInt;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfLong;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfUInt;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;sumOfULong;(CharSequence,Function1);generated",
-        "kotlin.text;StringsKt;toBigDecimal;(String);generated",
-        "kotlin.text;StringsKt;toBigDecimal;(String,MathContext);generated",
-        "kotlin.text;StringsKt;toBigDecimalOrNull;(String);generated",
-        "kotlin.text;StringsKt;toBigDecimalOrNull;(String,MathContext);generated",
-        "kotlin.text;StringsKt;toBigInteger;(String);generated",
-        "kotlin.text;StringsKt;toBigInteger;(String,int);generated",
-        "kotlin.text;StringsKt;toBigIntegerOrNull;(String);generated",
-        "kotlin.text;StringsKt;toBigIntegerOrNull;(String,int);generated",
-        "kotlin.text;StringsKt;toBoolean;(String);generated",
-        "kotlin.text;StringsKt;toBooleanNullable;(String);generated",
-        "kotlin.text;StringsKt;toBooleanStrict;(String);generated",
-        "kotlin.text;StringsKt;toBooleanStrictOrNull;(String);generated",
-        "kotlin.text;StringsKt;toByte;(String);generated",
-        "kotlin.text;StringsKt;toByte;(String,int);generated",
-        "kotlin.text;StringsKt;toByteOrNull;(String);generated",
-        "kotlin.text;StringsKt;toByteOrNull;(String,int);generated",
-        "kotlin.text;StringsKt;toDouble;(String);generated",
-        "kotlin.text;StringsKt;toDoubleOrNull;(String);generated",
-        "kotlin.text;StringsKt;toFloat;(String);generated",
-        "kotlin.text;StringsKt;toFloatOrNull;(String);generated",
-        "kotlin.text;StringsKt;toHashSet;(CharSequence);generated",
-        "kotlin.text;StringsKt;toInt;(String);generated",
-        "kotlin.text;StringsKt;toInt;(String,int);generated",
-        "kotlin.text;StringsKt;toIntOrNull;(String);generated",
-        "kotlin.text;StringsKt;toIntOrNull;(String,int);generated",
-        "kotlin.text;StringsKt;toList;(CharSequence);generated",
-        "kotlin.text;StringsKt;toLong;(String);generated",
-        "kotlin.text;StringsKt;toLong;(String,int);generated",
-        "kotlin.text;StringsKt;toLongOrNull;(String);generated",
-        "kotlin.text;StringsKt;toLongOrNull;(String,int);generated",
-        "kotlin.text;StringsKt;toMutableList;(CharSequence);generated",
-        "kotlin.text;StringsKt;toPattern;(String,int);generated",
-        "kotlin.text;StringsKt;toRegex;(String);generated",
-        "kotlin.text;StringsKt;toRegex;(String,RegexOption);generated",
-        "kotlin.text;StringsKt;toRegex;(String,Set);generated",
-        "kotlin.text;StringsKt;toSet;(CharSequence);generated",
-        "kotlin.text;StringsKt;toShort;(String);generated",
-        "kotlin.text;StringsKt;toShort;(String,int);generated",
-        "kotlin.text;StringsKt;toShortOrNull;(String);generated",
-        "kotlin.text;StringsKt;toShortOrNull;(String,int);generated",
-        "kotlin.text;StringsKt;toSortedSet;(CharSequence);generated",
-        "kotlin.text;StringsKt;toString;(byte,int);generated",
-        "kotlin.text;StringsKt;toString;(int,int);generated",
-        "kotlin.text;StringsKt;toString;(long,int);generated",
-        "kotlin.text;StringsKt;toString;(short,int);generated",
-        "kotlin.text;StringsKt;trim;(String);generated",
-        "kotlin.text;StringsKt;trim;(String,Function1);generated",
-        "kotlin.text;StringsKt;trim;(String,char[]);generated",
-        "kotlin.text;StringsKt;trimEnd;(String);generated",
-        "kotlin.text;StringsKt;trimEnd;(String,Function1);generated",
-        "kotlin.text;StringsKt;trimEnd;(String,char[]);generated",
-        "kotlin.text;StringsKt;trimIndent;(String);generated",
-        "kotlin.text;StringsKt;trimMargin;(String,String);generated",
-        "kotlin.text;StringsKt;trimStart;(String);generated",
-        "kotlin.text;StringsKt;trimStart;(String,Function1);generated",
-        "kotlin.text;StringsKt;trimStart;(String,char[]);generated",
-        "kotlin.text;StringsKt;windowed;(CharSequence,int,int,boolean);generated",
-        "kotlin.text;StringsKt;windowed;(CharSequence,int,int,boolean,Function1);generated",
-        "kotlin.text;StringsKt;windowedSequence;(CharSequence,int,int,boolean);generated",
-        "kotlin.text;StringsKt;windowedSequence;(CharSequence,int,int,boolean,Function1);generated",
-        "kotlin.text;StringsKt;withIndex;(CharSequence);generated",
-        "kotlin.text;StringsKt;zip;(CharSequence,CharSequence);generated",
-        "kotlin.text;StringsKt;zip;(CharSequence,CharSequence,Function2);generated",
-        "kotlin.text;StringsKt;zipWithNext;(CharSequence);generated",
-        "kotlin.text;StringsKt;zipWithNext;(CharSequence,Function2);generated",
-        "kotlin.text;TextHKt;String;(char[]);generated",
-        "kotlin.text;TextHKt;String;(char[],int,int);generated",
-        "kotlin.text;TextHKt;compareTo;(String,String,boolean);generated",
-        "kotlin.text;TextHKt;concatToString;(char[]);generated",
-        "kotlin.text;TextHKt;concatToString;(char[],int,int);generated",
-        "kotlin.text;TextHKt;decodeToString;(byte[]);generated",
-        "kotlin.text;TextHKt;decodeToString;(byte[],int,int,boolean);generated",
-        "kotlin.text;TextHKt;encodeToByteArray;(String);generated",
-        "kotlin.text;TextHKt;encodeToByteArray;(String,int,int,boolean);generated",
-        "kotlin.text;TextHKt;endsWith;(String,String,boolean);generated",
-        "kotlin.text;TextHKt;equals;(String,String,boolean);generated",
-        "kotlin.text;TextHKt;getCASE_INSENSITIVE_ORDER;(StringCompanionObject);generated",
-        "kotlin.text;TextHKt;isBlank;(CharSequence);generated",
-        "kotlin.text;TextHKt;isHighSurrogate;(char);generated",
-        "kotlin.text;TextHKt;isLowSurrogate;(char);generated",
-        "kotlin.text;TextHKt;regionMatches;(CharSequence,int,CharSequence,int,int,boolean);generated",
-        "kotlin.text;TextHKt;repeat;(CharSequence,int);generated",
-        "kotlin.text;TextHKt;replace;(String,String,String,boolean);generated",
-        "kotlin.text;TextHKt;replace;(String,char,char,boolean);generated",
-        "kotlin.text;TextHKt;replaceFirst;(String,String,String,boolean);generated",
-        "kotlin.text;TextHKt;replaceFirst;(String,char,char,boolean);generated",
-        "kotlin.text;TextHKt;startsWith;(String,String,boolean);generated",
-        "kotlin.text;TextHKt;startsWith;(String,String,int,boolean);generated",
-        "kotlin.text;TextHKt;substring;(String,int);generated",
-        "kotlin.text;TextHKt;substring;(String,int,int);generated",
-        "kotlin.text;TextHKt;toBoolean;(String);generated",
-        "kotlin.text;TextHKt;toByte;(String);generated",
-        "kotlin.text;TextHKt;toByte;(String,int);generated",
-        "kotlin.text;TextHKt;toCharArray;(String);generated",
-        "kotlin.text;TextHKt;toCharArray;(String,int,int);generated",
-        "kotlin.text;TextHKt;toDouble;(String);generated",
-        "kotlin.text;TextHKt;toDoubleOrNull;(String);generated",
-        "kotlin.text;TextHKt;toFloat;(String);generated",
-        "kotlin.text;TextHKt;toFloatOrNull;(String);generated",
-        "kotlin.text;TextHKt;toInt;(String);generated",
-        "kotlin.text;TextHKt;toInt;(String,int);generated",
-        "kotlin.text;TextHKt;toLong;(String);generated",
-        "kotlin.text;TextHKt;toLong;(String,int);generated",
-        "kotlin.text;TextHKt;toShort;(String);generated",
-        "kotlin.text;TextHKt;toShort;(String,int);generated",
-        "kotlin.text;TextHKt;toString;(byte,int);generated",
-        "kotlin.text;TextHKt;toString;(int,int);generated",
-        "kotlin.text;TextHKt;toString;(long,int);generated",
-        "kotlin.text;TextHKt;toString;(short,int);generated",
-        "kotlin.text;Typography;getAlmostEqual;();generated",
-        "kotlin.text;Typography;getAmp;();generated",
-        "kotlin.text;Typography;getBullet;();generated",
-        "kotlin.text;Typography;getCent;();generated",
-        "kotlin.text;Typography;getCopyright;();generated",
-        "kotlin.text;Typography;getDagger;();generated",
-        "kotlin.text;Typography;getDegree;();generated",
-        "kotlin.text;Typography;getDollar;();generated",
-        "kotlin.text;Typography;getDoubleDagger;();generated",
-        "kotlin.text;Typography;getDoublePrime;();generated",
-        "kotlin.text;Typography;getEllipsis;();generated",
-        "kotlin.text;Typography;getEuro;();generated",
-        "kotlin.text;Typography;getGreater;();generated",
-        "kotlin.text;Typography;getGreaterOrEqual;();generated",
-        "kotlin.text;Typography;getHalf;();generated",
-        "kotlin.text;Typography;getLeftDoubleQuote;();generated",
-        "kotlin.text;Typography;getLeftGuillemet;();generated",
-        "kotlin.text;Typography;getLeftGuillemete;();generated",
-        "kotlin.text;Typography;getLeftSingleQuote;();generated",
-        "kotlin.text;Typography;getLess;();generated",
-        "kotlin.text;Typography;getLessOrEqual;();generated",
-        "kotlin.text;Typography;getLowDoubleQuote;();generated",
-        "kotlin.text;Typography;getLowSingleQuote;();generated",
-        "kotlin.text;Typography;getMdash;();generated",
-        "kotlin.text;Typography;getMiddleDot;();generated",
-        "kotlin.text;Typography;getNbsp;();generated",
-        "kotlin.text;Typography;getNdash;();generated",
-        "kotlin.text;Typography;getNotEqual;();generated",
-        "kotlin.text;Typography;getParagraph;();generated",
-        "kotlin.text;Typography;getPlusMinus;();generated",
-        "kotlin.text;Typography;getPound;();generated",
-        "kotlin.text;Typography;getPrime;();generated",
-        "kotlin.text;Typography;getQuote;();generated",
-        "kotlin.text;Typography;getRegistered;();generated",
-        "kotlin.text;Typography;getRightDoubleQuote;();generated",
-        "kotlin.text;Typography;getRightGuillemet;();generated",
-        "kotlin.text;Typography;getRightGuillemete;();generated",
-        "kotlin.text;Typography;getRightSingleQuote;();generated",
-        "kotlin.text;Typography;getSection;();generated",
-        "kotlin.text;Typography;getTimes;();generated", "kotlin.text;Typography;getTm;();generated",
-        "kotlin.text;UStringsKt;toString;(byte,int);generated",
-        "kotlin.text;UStringsKt;toString;(int,int);generated",
-        "kotlin.text;UStringsKt;toString;(long,int);generated",
-        "kotlin.text;UStringsKt;toString;(short,int);generated",
-        "kotlin.text;UStringsKt;toUByte;(String);generated",
-        "kotlin.text;UStringsKt;toUByte;(String,int);generated",
-        "kotlin.text;UStringsKt;toUByteOrNull;(String);generated",
-        "kotlin.text;UStringsKt;toUByteOrNull;(String,int);generated",
-        "kotlin.text;UStringsKt;toUInt;(String);generated",
-        "kotlin.text;UStringsKt;toUInt;(String,int);generated",
-        "kotlin.text;UStringsKt;toUIntOrNull;(String);generated",
-        "kotlin.text;UStringsKt;toUIntOrNull;(String,int);generated",
-        "kotlin.text;UStringsKt;toULong;(String);generated",
-        "kotlin.text;UStringsKt;toULong;(String,int);generated",
-        "kotlin.text;UStringsKt;toULongOrNull;(String);generated",
-        "kotlin.text;UStringsKt;toULongOrNull;(String,int);generated",
-        "kotlin.text;UStringsKt;toUShort;(String);generated",
-        "kotlin.text;UStringsKt;toUShort;(String,int);generated",
-        "kotlin.text;UStringsKt;toUShortOrNull;(String);generated",
-        "kotlin.text;UStringsKt;toUShortOrNull;(String,int);generated",
-        "kotlin.time;AbstractDoubleTimeSource;AbstractDoubleTimeSource;(DurationUnit);generated",
-        "kotlin.time;AbstractLongTimeSource;AbstractLongTimeSource;(DurationUnit);generated",
-        "kotlin.time;Duration$Companion;convert;(double,DurationUnit,DurationUnit);generated",
-        "kotlin.time;Duration$Companion;days;(double);generated",
-        "kotlin.time;Duration$Companion;days;(int);generated",
-        "kotlin.time;Duration$Companion;days;(long);generated",
-        "kotlin.time;Duration$Companion;getDays;(double);generated",
-        "kotlin.time;Duration$Companion;getDays;(int);generated",
-        "kotlin.time;Duration$Companion;getDays;(long);generated",
-        "kotlin.time;Duration$Companion;getHours;(double);generated",
-        "kotlin.time;Duration$Companion;getHours;(int);generated",
-        "kotlin.time;Duration$Companion;getHours;(long);generated",
-        "kotlin.time;Duration$Companion;getMicroseconds;(double);generated",
-        "kotlin.time;Duration$Companion;getMicroseconds;(int);generated",
-        "kotlin.time;Duration$Companion;getMicroseconds;(long);generated",
-        "kotlin.time;Duration$Companion;getMilliseconds;(double);generated",
-        "kotlin.time;Duration$Companion;getMilliseconds;(int);generated",
-        "kotlin.time;Duration$Companion;getMilliseconds;(long);generated",
-        "kotlin.time;Duration$Companion;getMinutes;(double);generated",
-        "kotlin.time;Duration$Companion;getMinutes;(int);generated",
-        "kotlin.time;Duration$Companion;getMinutes;(long);generated",
-        "kotlin.time;Duration$Companion;getNanoseconds;(double);generated",
-        "kotlin.time;Duration$Companion;getNanoseconds;(int);generated",
-        "kotlin.time;Duration$Companion;getNanoseconds;(long);generated",
-        "kotlin.time;Duration$Companion;getSeconds;(double);generated",
-        "kotlin.time;Duration$Companion;getSeconds;(int);generated",
-        "kotlin.time;Duration$Companion;getSeconds;(long);generated",
-        "kotlin.time;Duration$Companion;hours;(double);generated",
-        "kotlin.time;Duration$Companion;hours;(int);generated",
-        "kotlin.time;Duration$Companion;hours;(long);generated",
-        "kotlin.time;Duration$Companion;microseconds;(double);generated",
-        "kotlin.time;Duration$Companion;microseconds;(int);generated",
-        "kotlin.time;Duration$Companion;microseconds;(long);generated",
-        "kotlin.time;Duration$Companion;milliseconds;(double);generated",
-        "kotlin.time;Duration$Companion;milliseconds;(int);generated",
-        "kotlin.time;Duration$Companion;milliseconds;(long);generated",
-        "kotlin.time;Duration$Companion;minutes;(double);generated",
-        "kotlin.time;Duration$Companion;minutes;(int);generated",
-        "kotlin.time;Duration$Companion;minutes;(long);generated",
-        "kotlin.time;Duration$Companion;nanoseconds;(double);generated",
-        "kotlin.time;Duration$Companion;nanoseconds;(int);generated",
-        "kotlin.time;Duration$Companion;nanoseconds;(long);generated",
-        "kotlin.time;Duration$Companion;parse;(String);generated",
-        "kotlin.time;Duration$Companion;parseIsoString;(String);generated",
-        "kotlin.time;Duration$Companion;parseIsoStringOrNull;(String);generated",
-        "kotlin.time;Duration$Companion;parseOrNull;(String);generated",
-        "kotlin.time;Duration$Companion;seconds;(double);generated",
-        "kotlin.time;Duration$Companion;seconds;(int);generated",
-        "kotlin.time;Duration$Companion;seconds;(long);generated",
-        "kotlin.time;Duration;div;(Duration);generated",
-        "kotlin.time;Duration;equals;(Object);generated",
-        "kotlin.time;Duration;getInDays;();generated",
-        "kotlin.time;Duration;getInHours;();generated",
-        "kotlin.time;Duration;getInMicroseconds;();generated",
-        "kotlin.time;Duration;getInMilliseconds;();generated",
-        "kotlin.time;Duration;getInMinutes;();generated",
-        "kotlin.time;Duration;getInNanoseconds;();generated",
-        "kotlin.time;Duration;getInSeconds;();generated",
-        "kotlin.time;Duration;getInWholeDays;();generated",
-        "kotlin.time;Duration;getInWholeHours;();generated",
-        "kotlin.time;Duration;getInWholeMicroseconds;();generated",
-        "kotlin.time;Duration;getInWholeMilliseconds;();generated",
-        "kotlin.time;Duration;getInWholeMinutes;();generated",
-        "kotlin.time;Duration;getInWholeNanoseconds;();generated",
-        "kotlin.time;Duration;getInWholeSeconds;();generated",
-        "kotlin.time;Duration;hashCode;();generated", "kotlin.time;Duration;isFinite;();generated",
-        "kotlin.time;Duration;isInfinite;();generated",
-        "kotlin.time;Duration;isNegative;();generated",
-        "kotlin.time;Duration;isPositive;();generated",
-        "kotlin.time;Duration;toComponents;(Function2);generated",
-        "kotlin.time;Duration;toComponents;(Function3);generated",
-        "kotlin.time;Duration;toComponents;(Function4);generated",
-        "kotlin.time;Duration;toComponents;(Function5);generated",
-        "kotlin.time;Duration;toDouble;(DurationUnit);generated",
-        "kotlin.time;Duration;toInt;(DurationUnit);generated",
-        "kotlin.time;Duration;toIsoString;();generated",
-        "kotlin.time;Duration;toLong;(DurationUnit);generated",
-        "kotlin.time;Duration;toLongMilliseconds;();generated",
-        "kotlin.time;Duration;toLongNanoseconds;();generated",
-        "kotlin.time;Duration;toString;();generated",
-        "kotlin.time;Duration;toString;(DurationUnit,int);generated",
-        "kotlin.time;Duration;unaryMinus;();generated",
-        "kotlin.time;DurationKt;getDays;(double);generated",
-        "kotlin.time;DurationKt;getDays;(int);generated",
-        "kotlin.time;DurationKt;getDays;(long);generated",
-        "kotlin.time;DurationKt;getHours;(double);generated",
-        "kotlin.time;DurationKt;getHours;(int);generated",
-        "kotlin.time;DurationKt;getHours;(long);generated",
-        "kotlin.time;DurationKt;getMicroseconds;(double);generated",
-        "kotlin.time;DurationKt;getMicroseconds;(int);generated",
-        "kotlin.time;DurationKt;getMicroseconds;(long);generated",
-        "kotlin.time;DurationKt;getMilliseconds;(double);generated",
-        "kotlin.time;DurationKt;getMilliseconds;(int);generated",
-        "kotlin.time;DurationKt;getMilliseconds;(long);generated",
-        "kotlin.time;DurationKt;getMinutes;(double);generated",
-        "kotlin.time;DurationKt;getMinutes;(int);generated",
-        "kotlin.time;DurationKt;getMinutes;(long);generated",
-        "kotlin.time;DurationKt;getNanoseconds;(double);generated",
-        "kotlin.time;DurationKt;getNanoseconds;(int);generated",
-        "kotlin.time;DurationKt;getNanoseconds;(long);generated",
-        "kotlin.time;DurationKt;getSeconds;(double);generated",
-        "kotlin.time;DurationKt;getSeconds;(int);generated",
-        "kotlin.time;DurationKt;getSeconds;(long);generated",
-        "kotlin.time;DurationKt;toDuration;(double,DurationUnit);generated",
-        "kotlin.time;DurationKt;toDuration;(int,DurationUnit);generated",
-        "kotlin.time;DurationKt;toDuration;(long,DurationUnit);generated",
-        "kotlin.time;DurationUnit;valueOf;(String);generated",
-        "kotlin.time;DurationUnit;values;();generated",
-        "kotlin.time;DurationUnitKt;toDurationUnit;(TimeUnit);generated",
-        "kotlin.time;DurationUnitKt;toTimeUnit;(DurationUnit);generated",
-        "kotlin.time;ExperimentalTime;ExperimentalTime;();generated",
-        "kotlin.time;MeasureTimeKt;measureTime;(Function0);generated",
-        "kotlin.time;MeasureTimeKt;measureTime;(Monotonic,Function0);generated",
-        "kotlin.time;MeasureTimeKt;measureTime;(TimeSource,Function0);generated",
-        "kotlin.time;MeasureTimeKt;measureTimedValue;(Function0);generated",
-        "kotlin.time;MeasureTimeKt;measureTimedValue;(Monotonic,Function0);generated",
-        "kotlin.time;MeasureTimeKt;measureTimedValue;(TimeSource,Function0);generated",
-        "kotlin.time;TestTimeSource;TestTimeSource;();generated",
-        "kotlin.time;TestTimeSource;plusAssign;(Duration);generated",
-        "kotlin.time;TimeMark;elapsedNow;();generated",
-        "kotlin.time;TimeMark;hasNotPassedNow;();generated",
-        "kotlin.time;TimeMark;hasPassedNow;();generated",
-        "kotlin.time;TimeMark;minus;(Duration);generated",
-        "kotlin.time;TimeMark;plus;(Duration);generated",
-        "kotlin.time;TimeSource$Monotonic$ValueTimeMark;equals;(Object);generated",
-        "kotlin.time;TimeSource$Monotonic$ValueTimeMark;hashCode;();generated",
-        "kotlin.time;TimeSource$Monotonic$ValueTimeMark;toString;();generated",
-        "kotlin.time;TimeSource$Monotonic;toString;();generated",
-        "kotlin.time;TimeSource;markNow;();generated",
-        "kotlin.time;TimeSourceKt;compareTo;(TimeMark,TimeMark);generated",
-        "kotlin.time;TimeSourceKt;minus;(TimeMark,TimeMark);generated",
-        "kotlin.time;TimedValue;equals;(Object);generated",
-        "kotlin.time;TimedValue;hashCode;();generated",
-        "kotlin;ArithmeticException;ArithmeticException;();generated",
-        "kotlin;ArithmeticException;ArithmeticException;(String);generated",
-        "kotlin;ArrayIntrinsicsKt;emptyArray;();generated",
-        "kotlin;AssertionError;AssertionError;();generated",
-        "kotlin;AssertionError;AssertionError;(Object);generated",
-        "kotlin;BuilderInference;BuilderInference;();generated",
-        "kotlin;CharCodeJVMKt;Char;(short);generated", "kotlin;CharCodeKt;Char;(int);generated",
-        "kotlin;CharCodeKt;Char;(short);generated", "kotlin;CharCodeKt;getCode;(char);generated",
-        "kotlin;ClassCastException;ClassCastException;();generated",
-        "kotlin;ClassCastException;ClassCastException;(String);generated",
-        "kotlin;Comparator;compare;(Object,Object);generated",
-        "kotlin;CompareToKt;compareTo;(Comparable,Object);generated",
-        "kotlin;ConcurrentModificationException;ConcurrentModificationException;();generated",
-        "kotlin;ConcurrentModificationException;ConcurrentModificationException;(String);generated",
-        "kotlin;ConcurrentModificationException;ConcurrentModificationException;(String,Throwable);generated",
-        "kotlin;ConcurrentModificationException;ConcurrentModificationException;(Throwable);generated",
-        "kotlin;ContextFunctionTypeParams;ContextFunctionTypeParams;(int);generated",
-        "kotlin;ContextFunctionTypeParams;count;();generated",
-        "kotlin;DeepRecursiveKt;invoke;(DeepRecursiveFunction,Object);generated",
-        "kotlin;DeepRecursiveScope;callRecursive;(DeepRecursiveFunction,Object);generated",
-        "kotlin;DeepRecursiveScope;callRecursive;(Object);generated",
-        "kotlin;DeepRecursiveScope;invoke;(DeepRecursiveFunction,Object);generated",
-        "kotlin;Deprecated;Deprecated;(String,ReplaceWith,DeprecationLevel);generated",
-        "kotlin;Deprecated;level;();generated", "kotlin;Deprecated;message;();generated",
-        "kotlin;Deprecated;replaceWith;();generated",
-        "kotlin;DeprecatedSinceKotlin;DeprecatedSinceKotlin;(String,String,String);generated",
-        "kotlin;DeprecatedSinceKotlin;errorSince;();generated",
-        "kotlin;DeprecatedSinceKotlin;hiddenSince;();generated",
-        "kotlin;DeprecatedSinceKotlin;warningSince;();generated",
-        "kotlin;DeprecationLevel;valueOf;(String);generated",
-        "kotlin;DeprecationLevel;values;();generated", "kotlin;DslMarker;DslMarker;();generated",
-        "kotlin;Error;Error;();generated", "kotlin;Error;Error;(String);generated",
-        "kotlin;Error;Error;(String,Throwable);generated",
-        "kotlin;Error;Error;(Throwable);generated", "kotlin;Exception;Exception;();generated",
-        "kotlin;Exception;Exception;(String);generated",
-        "kotlin;Exception;Exception;(String,Throwable);generated",
-        "kotlin;Exception;Exception;(Throwable);generated",
-        "kotlin;ExceptionsHKt;addSuppressed;(Throwable,Throwable);generated",
-        "kotlin;ExceptionsHKt;getSuppressedExceptions;(Throwable);generated",
-        "kotlin;ExceptionsHKt;printStackTrace;(Throwable);generated",
-        "kotlin;ExceptionsHKt;stackTraceToString;(Throwable);generated",
-        "kotlin;ExceptionsKt;addSuppressed;(Throwable,Throwable);generated",
-        "kotlin;ExceptionsKt;getStackTrace;(Throwable);generated",
-        "kotlin;ExceptionsKt;getSuppressedExceptions;(Throwable);generated",
-        "kotlin;ExceptionsKt;printStackTrace;(Throwable);generated",
-        "kotlin;ExceptionsKt;printStackTrace;(Throwable,PrintStream);generated",
-        "kotlin;ExceptionsKt;printStackTrace;(Throwable,PrintWriter);generated",
-        "kotlin;ExceptionsKt;stackTraceToString;(Throwable);generated",
-        "kotlin;Experimental$Level;valueOf;(String);generated",
-        "kotlin;Experimental$Level;values;();generated",
-        "kotlin;Experimental;Experimental;(Level);generated",
-        "kotlin;Experimental;level;();generated",
-        "kotlin;ExperimentalMultiplatform;ExperimentalMultiplatform;();generated",
-        "kotlin;ExperimentalStdlibApi;ExperimentalStdlibApi;();generated",
-        "kotlin;ExperimentalUnsignedTypes;ExperimentalUnsignedTypes;();generated",
-        "kotlin;ExtensionFunctionType;ExtensionFunctionType;();generated",
-        "kotlin;HashCodeKt;hashCode;(Object);generated",
-        "kotlin;IllegalArgumentException;IllegalArgumentException;();generated",
-        "kotlin;IllegalArgumentException;IllegalArgumentException;(String);generated",
-        "kotlin;IllegalArgumentException;IllegalArgumentException;(String,Throwable);generated",
-        "kotlin;IllegalArgumentException;IllegalArgumentException;(Throwable);generated",
-        "kotlin;IllegalStateException;IllegalStateException;();generated",
-        "kotlin;IllegalStateException;IllegalStateException;(String);generated",
-        "kotlin;IllegalStateException;IllegalStateException;(String,Throwable);generated",
-        "kotlin;IllegalStateException;IllegalStateException;(Throwable);generated",
-        "kotlin;IndexOutOfBoundsException;IndexOutOfBoundsException;();generated",
-        "kotlin;IndexOutOfBoundsException;IndexOutOfBoundsException;(String);generated",
-        "kotlin;KotlinHKt;fromBits;(DoubleCompanionObject,long);generated",
-        "kotlin;KotlinHKt;fromBits;(FloatCompanionObject,int);generated",
-        "kotlin;KotlinHKt;isFinite;(double);generated",
-        "kotlin;KotlinHKt;isFinite;(float);generated",
-        "kotlin;KotlinHKt;isInfinite;(double);generated",
-        "kotlin;KotlinHKt;isInfinite;(float);generated",
-        "kotlin;KotlinHKt;isNaN;(double);generated", "kotlin;KotlinHKt;isNaN;(float);generated",
-        "kotlin;KotlinHKt;lazy;(Function0);generated",
-        "kotlin;KotlinHKt;lazy;(LazyThreadSafetyMode,Function0);generated",
-        "kotlin;KotlinHKt;lazy;(Object,Function0);generated",
-        "kotlin;KotlinHKt;toBits;(double);generated", "kotlin;KotlinHKt;toBits;(float);generated",
-        "kotlin;KotlinHKt;toRawBits;(double);generated",
-        "kotlin;KotlinHKt;toRawBits;(float);generated",
-        "kotlin;KotlinNullPointerException;KotlinNullPointerException;();generated",
-        "kotlin;KotlinNullPointerException;KotlinNullPointerException;(String);generated",
-        "kotlin;KotlinVersion$Companion;getMAX_COMPONENT_VALUE;();generated",
-        "kotlin;KotlinVersion;KotlinVersion;(int,int);generated",
-        "kotlin;KotlinVersion;KotlinVersion;(int,int,int);generated",
-        "kotlin;KotlinVersion;equals;(Object);generated",
-        "kotlin;KotlinVersion;getMajor;();generated", "kotlin;KotlinVersion;getMinor;();generated",
-        "kotlin;KotlinVersion;getPatch;();generated", "kotlin;KotlinVersion;hashCode;();generated",
-        "kotlin;KotlinVersion;isAtLeast;(int,int);generated",
-        "kotlin;KotlinVersion;isAtLeast;(int,int,int);generated",
-        "kotlin;KotlinVersion;toString;();generated",
-        "kotlin;LateinitKt;isInitialized;(KProperty0);generated",
-        "kotlin;Lazy;getValue;();generated", "kotlin;Lazy;isInitialized;();generated",
-        "kotlin;LazyThreadSafetyMode;valueOf;(String);generated",
-        "kotlin;LazyThreadSafetyMode;values;();generated",
-        "kotlin;Metadata;Metadata;(int,int[],int[],String[],String[],String,String,int);generated",
-        "kotlin;Metadata;bv;();generated", "kotlin;Metadata;d1;();generated",
-        "kotlin;Metadata;d2;();generated", "kotlin;Metadata;k;();generated",
-        "kotlin;Metadata;mv;();generated", "kotlin;Metadata;pn;();generated",
-        "kotlin;Metadata;xi;();generated", "kotlin;Metadata;xs;();generated",
-        "kotlin;NoSuchElementException;NoSuchElementException;();generated",
-        "kotlin;NoSuchElementException;NoSuchElementException;(String);generated",
-        "kotlin;NoWhenBranchMatchedException;NoWhenBranchMatchedException;();generated",
-        "kotlin;NoWhenBranchMatchedException;NoWhenBranchMatchedException;(String);generated",
-        "kotlin;NoWhenBranchMatchedException;NoWhenBranchMatchedException;(String,Throwable);generated",
-        "kotlin;NoWhenBranchMatchedException;NoWhenBranchMatchedException;(Throwable);generated",
-        "kotlin;NotImplementedError;NotImplementedError;(String);generated",
-        "kotlin;NullPointerException;NullPointerException;();generated",
-        "kotlin;NullPointerException;NullPointerException;(String);generated",
-        "kotlin;NumberFormatException;NumberFormatException;();generated",
-        "kotlin;NumberFormatException;NumberFormatException;(String);generated",
-        "kotlin;NumbersKt;and;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;countLeadingZeroBits;(byte);generated",
-        "kotlin;NumbersKt;countLeadingZeroBits;(int);generated",
-        "kotlin;NumbersKt;countLeadingZeroBits;(long);generated",
-        "kotlin;NumbersKt;countLeadingZeroBits;(short);generated",
-        "kotlin;NumbersKt;countOneBits;(byte);generated",
-        "kotlin;NumbersKt;countOneBits;(int);generated",
-        "kotlin;NumbersKt;countOneBits;(long);generated",
-        "kotlin;NumbersKt;countOneBits;(short);generated",
-        "kotlin;NumbersKt;countTrailingZeroBits;(byte);generated",
-        "kotlin;NumbersKt;countTrailingZeroBits;(int);generated",
-        "kotlin;NumbersKt;countTrailingZeroBits;(long);generated",
-        "kotlin;NumbersKt;countTrailingZeroBits;(short);generated",
-        "kotlin;NumbersKt;dec;(BigDecimal);generated",
-        "kotlin;NumbersKt;dec;(BigInteger);generated",
-        "kotlin;NumbersKt;div;(BigDecimal,BigDecimal);generated",
-        "kotlin;NumbersKt;div;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;floorDiv;(byte,byte);generated",
-        "kotlin;NumbersKt;floorDiv;(byte,int);generated",
-        "kotlin;NumbersKt;floorDiv;(byte,long);generated",
-        "kotlin;NumbersKt;floorDiv;(byte,short);generated",
-        "kotlin;NumbersKt;floorDiv;(int,byte);generated",
-        "kotlin;NumbersKt;floorDiv;(int,int);generated",
-        "kotlin;NumbersKt;floorDiv;(int,long);generated",
-        "kotlin;NumbersKt;floorDiv;(int,short);generated",
-        "kotlin;NumbersKt;floorDiv;(long,byte);generated",
-        "kotlin;NumbersKt;floorDiv;(long,int);generated",
-        "kotlin;NumbersKt;floorDiv;(long,long);generated",
-        "kotlin;NumbersKt;floorDiv;(long,short);generated",
-        "kotlin;NumbersKt;floorDiv;(short,byte);generated",
-        "kotlin;NumbersKt;floorDiv;(short,int);generated",
-        "kotlin;NumbersKt;floorDiv;(short,long);generated",
-        "kotlin;NumbersKt;floorDiv;(short,short);generated",
-        "kotlin;NumbersKt;fromBits;(DoubleCompanionObject,long);generated",
-        "kotlin;NumbersKt;fromBits;(FloatCompanionObject,int);generated",
-        "kotlin;NumbersKt;inc;(BigDecimal);generated",
-        "kotlin;NumbersKt;inc;(BigInteger);generated",
-        "kotlin;NumbersKt;inv;(BigInteger);generated",
-        "kotlin;NumbersKt;isFinite;(double);generated",
-        "kotlin;NumbersKt;isFinite;(float);generated",
-        "kotlin;NumbersKt;isInfinite;(double);generated",
-        "kotlin;NumbersKt;isInfinite;(float);generated",
-        "kotlin;NumbersKt;isNaN;(double);generated", "kotlin;NumbersKt;isNaN;(float);generated",
-        "kotlin;NumbersKt;minus;(BigDecimal,BigDecimal);generated",
-        "kotlin;NumbersKt;minus;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;mod;(byte,byte);generated", "kotlin;NumbersKt;mod;(byte,int);generated",
-        "kotlin;NumbersKt;mod;(byte,long);generated", "kotlin;NumbersKt;mod;(byte,short);generated",
-        "kotlin;NumbersKt;mod;(double,double);generated",
-        "kotlin;NumbersKt;mod;(double,float);generated",
-        "kotlin;NumbersKt;mod;(float,double);generated",
-        "kotlin;NumbersKt;mod;(float,float);generated", "kotlin;NumbersKt;mod;(int,byte);generated",
-        "kotlin;NumbersKt;mod;(int,int);generated", "kotlin;NumbersKt;mod;(int,long);generated",
-        "kotlin;NumbersKt;mod;(int,short);generated", "kotlin;NumbersKt;mod;(long,byte);generated",
-        "kotlin;NumbersKt;mod;(long,int);generated", "kotlin;NumbersKt;mod;(long,long);generated",
-        "kotlin;NumbersKt;mod;(long,short);generated",
-        "kotlin;NumbersKt;mod;(short,byte);generated", "kotlin;NumbersKt;mod;(short,int);generated",
-        "kotlin;NumbersKt;mod;(short,long);generated",
-        "kotlin;NumbersKt;mod;(short,short);generated",
-        "kotlin;NumbersKt;or;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;plus;(BigDecimal,BigDecimal);generated",
-        "kotlin;NumbersKt;plus;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;rem;(BigDecimal,BigDecimal);generated",
-        "kotlin;NumbersKt;rem;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;rotateLeft;(byte,int);generated",
-        "kotlin;NumbersKt;rotateLeft;(int,int);generated",
-        "kotlin;NumbersKt;rotateLeft;(long,int);generated",
-        "kotlin;NumbersKt;rotateLeft;(short,int);generated",
-        "kotlin;NumbersKt;rotateRight;(byte,int);generated",
-        "kotlin;NumbersKt;rotateRight;(int,int);generated",
-        "kotlin;NumbersKt;rotateRight;(long,int);generated",
-        "kotlin;NumbersKt;rotateRight;(short,int);generated",
-        "kotlin;NumbersKt;shl;(BigInteger,int);generated",
-        "kotlin;NumbersKt;shr;(BigInteger,int);generated",
-        "kotlin;NumbersKt;takeHighestOneBit;(byte);generated",
-        "kotlin;NumbersKt;takeHighestOneBit;(int);generated",
-        "kotlin;NumbersKt;takeHighestOneBit;(long);generated",
-        "kotlin;NumbersKt;takeHighestOneBit;(short);generated",
-        "kotlin;NumbersKt;takeLowestOneBit;(byte);generated",
-        "kotlin;NumbersKt;takeLowestOneBit;(int);generated",
-        "kotlin;NumbersKt;takeLowestOneBit;(long);generated",
-        "kotlin;NumbersKt;takeLowestOneBit;(short);generated",
-        "kotlin;NumbersKt;times;(BigDecimal,BigDecimal);generated",
-        "kotlin;NumbersKt;times;(BigInteger,BigInteger);generated",
-        "kotlin;NumbersKt;toBigDecimal;(BigInteger);generated",
-        "kotlin;NumbersKt;toBigDecimal;(BigInteger,int,MathContext);generated",
-        "kotlin;NumbersKt;toBigDecimal;(double);generated",
-        "kotlin;NumbersKt;toBigDecimal;(double,MathContext);generated",
-        "kotlin;NumbersKt;toBigDecimal;(float);generated",
-        "kotlin;NumbersKt;toBigDecimal;(float,MathContext);generated",
-        "kotlin;NumbersKt;toBigDecimal;(int);generated",
-        "kotlin;NumbersKt;toBigDecimal;(int,MathContext);generated",
-        "kotlin;NumbersKt;toBigDecimal;(long);generated",
-        "kotlin;NumbersKt;toBigDecimal;(long,MathContext);generated",
-        "kotlin;NumbersKt;toBigInteger;(int);generated",
-        "kotlin;NumbersKt;toBigInteger;(long);generated",
-        "kotlin;NumbersKt;toBits;(double);generated", "kotlin;NumbersKt;toBits;(float);generated",
-        "kotlin;NumbersKt;toRawBits;(double);generated",
-        "kotlin;NumbersKt;toRawBits;(float);generated",
-        "kotlin;NumbersKt;unaryMinus;(BigDecimal);generated",
-        "kotlin;NumbersKt;unaryMinus;(BigInteger);generated",
-        "kotlin;NumbersKt;xor;(BigInteger,BigInteger);generated",
-        "kotlin;OptIn;OptIn;(KClass[]);generated", "kotlin;OptIn;markerClass;();generated",
-        "kotlin;OptionalExpectation;OptionalExpectation;();generated",
-        "kotlin;OverloadResolutionByLambdaReturnType;OverloadResolutionByLambdaReturnType;();generated",
-        "kotlin;Pair;equals;(Object);generated", "kotlin;Pair;hashCode;();generated",
-        "kotlin;ParameterName;ParameterName;(String);generated",
-        "kotlin;ParameterName;name;();generated",
-        "kotlin;PreconditionsKt;assert;(boolean);generated",
-        "kotlin;PreconditionsKt;assert;(boolean,Function0);generated",
-        "kotlin;PreconditionsKt;check;(boolean);generated",
-        "kotlin;PreconditionsKt;check;(boolean,Function0);generated",
-        "kotlin;PreconditionsKt;error;(Object);generated",
-        "kotlin;PreconditionsKt;require;(boolean);generated",
-        "kotlin;PreconditionsKt;require;(boolean,Function0);generated",
-        "kotlin;PropertyReferenceDelegatesKt;getValue;(KProperty0,Object,KProperty);generated",
-        "kotlin;PropertyReferenceDelegatesKt;getValue;(KProperty1,Object,KProperty);generated",
-        "kotlin;PropertyReferenceDelegatesKt;setValue;(KMutableProperty0,Object,KProperty,Object);generated",
-        "kotlin;PropertyReferenceDelegatesKt;setValue;(KMutableProperty1,Object,KProperty,Object);generated",
-        "kotlin;PublishedApi;PublishedApi;();generated",
-        "kotlin;ReplaceWith;ReplaceWith;(String,String[]);generated",
-        "kotlin;ReplaceWith;expression;();generated", "kotlin;ReplaceWith;imports;();generated",
-        "kotlin;RequiresOptIn$Level;valueOf;(String);generated",
-        "kotlin;RequiresOptIn$Level;values;();generated",
-        "kotlin;RequiresOptIn;RequiresOptIn;(String,Level);generated",
-        "kotlin;RequiresOptIn;level;();generated", "kotlin;RequiresOptIn;message;();generated",
-        "kotlin;Result;equals;(Object);generated", "kotlin;Result;hashCode;();generated",
-        "kotlin;Result;isFailure;();generated", "kotlin;Result;isSuccess;();generated",
-        "kotlin;ResultKt;runCatching;(Function0);generated",
-        "kotlin;ResultKt;runCatching;(Object,Function1);generated",
-        "kotlin;RuntimeException;RuntimeException;();generated",
-        "kotlin;RuntimeException;RuntimeException;(String);generated",
-        "kotlin;RuntimeException;RuntimeException;(String,Throwable);generated",
-        "kotlin;RuntimeException;RuntimeException;(Throwable);generated",
-        "kotlin;SinceKotlin;SinceKotlin;(String);generated",
-        "kotlin;SinceKotlin;version;();generated", "kotlin;StandardKt;TODO;();generated",
-        "kotlin;StandardKt;TODO;(String);generated",
-        "kotlin;StandardKt;repeat;(int,Function1);generated",
-        "kotlin;StandardKt;run;(Function0);generated",
-        "kotlin;StandardKt;synchronized;(Object,Function0);generated",
-        "kotlin;Suppress;Suppress;(String[]);generated", "kotlin;Suppress;names;();generated",
-        "kotlin;Throws;Throws;(KClass[]);generated", "kotlin;Throws;exceptionClasses;();generated",
-        "kotlin;Triple;equals;(Object);generated", "kotlin;Triple;hashCode;();generated",
-        "kotlin;TypeCastException;TypeCastException;();generated",
-        "kotlin;TypeCastException;TypeCastException;(String);generated",
-        "kotlin;UByte$Companion;getMAX_VALUE;();generated",
-        "kotlin;UByte$Companion;getMIN_VALUE;();generated",
-        "kotlin;UByte$Companion;getSIZE_BITS;();generated",
-        "kotlin;UByte$Companion;getSIZE_BYTES;();generated", "kotlin;UByte;and;(byte);generated",
-        "kotlin;UByte;compareTo;(byte);generated", "kotlin;UByte;compareTo;(int);generated",
-        "kotlin;UByte;compareTo;(long);generated", "kotlin;UByte;compareTo;(short);generated",
-        "kotlin;UByte;dec;();generated", "kotlin;UByte;div;(byte);generated",
-        "kotlin;UByte;div;(int);generated", "kotlin;UByte;div;(long);generated",
-        "kotlin;UByte;div;(short);generated", "kotlin;UByte;equals;(Object);generated",
-        "kotlin;UByte;floorDiv;(byte);generated", "kotlin;UByte;floorDiv;(int);generated",
-        "kotlin;UByte;floorDiv;(long);generated", "kotlin;UByte;floorDiv;(short);generated",
-        "kotlin;UByte;hashCode;();generated", "kotlin;UByte;inc;();generated",
-        "kotlin;UByte;inv;();generated", "kotlin;UByte;minus;(byte);generated",
-        "kotlin;UByte;minus;(int);generated", "kotlin;UByte;minus;(long);generated",
-        "kotlin;UByte;minus;(short);generated", "kotlin;UByte;mod;(byte);generated",
-        "kotlin;UByte;mod;(int);generated", "kotlin;UByte;mod;(long);generated",
-        "kotlin;UByte;mod;(short);generated", "kotlin;UByte;or;(byte);generated",
-        "kotlin;UByte;plus;(byte);generated", "kotlin;UByte;plus;(int);generated",
-        "kotlin;UByte;plus;(long);generated", "kotlin;UByte;plus;(short);generated",
-        "kotlin;UByte;rangeTo;(byte);generated", "kotlin;UByte;rem;(byte);generated",
-        "kotlin;UByte;rem;(int);generated", "kotlin;UByte;rem;(long);generated",
-        "kotlin;UByte;rem;(short);generated", "kotlin;UByte;times;(byte);generated",
-        "kotlin;UByte;times;(int);generated", "kotlin;UByte;times;(long);generated",
-        "kotlin;UByte;times;(short);generated", "kotlin;UByte;toByte;();generated",
-        "kotlin;UByte;toDouble;();generated", "kotlin;UByte;toFloat;();generated",
-        "kotlin;UByte;toInt;();generated", "kotlin;UByte;toLong;();generated",
-        "kotlin;UByte;toShort;();generated", "kotlin;UByte;toString;();generated",
-        "kotlin;UByte;toUInt;();generated", "kotlin;UByte;toULong;();generated",
-        "kotlin;UByte;toUShort;();generated", "kotlin;UByte;xor;(byte);generated",
-        "kotlin;UByteArray;UByteArray;(int);generated",
-        "kotlin;UByteArray;equals;(Object);generated", "kotlin;UByteArray;get;(int);generated",
-        "kotlin;UByteArray;hashCode;();generated", "kotlin;UByteArray;set;(int,byte);generated",
-        "kotlin;UByteArray;toString;();generated",
-        "kotlin;UByteArrayKt;UByteArray;(int,Function1);generated",
-        "kotlin;UByteKt;toUByte;(byte);generated", "kotlin;UByteKt;toUByte;(int);generated",
-        "kotlin;UByteKt;toUByte;(long);generated", "kotlin;UByteKt;toUByte;(short);generated",
-        "kotlin;UInt$Companion;getMAX_VALUE;();generated",
-        "kotlin;UInt$Companion;getMIN_VALUE;();generated",
-        "kotlin;UInt$Companion;getSIZE_BITS;();generated",
-        "kotlin;UInt$Companion;getSIZE_BYTES;();generated", "kotlin;UInt;and;(int);generated",
-        "kotlin;UInt;compareTo;(byte);generated", "kotlin;UInt;compareTo;(int);generated",
-        "kotlin;UInt;compareTo;(long);generated", "kotlin;UInt;compareTo;(short);generated",
-        "kotlin;UInt;dec;();generated", "kotlin;UInt;div;(byte);generated",
-        "kotlin;UInt;div;(int);generated", "kotlin;UInt;div;(long);generated",
-        "kotlin;UInt;div;(short);generated", "kotlin;UInt;equals;(Object);generated",
-        "kotlin;UInt;floorDiv;(byte);generated", "kotlin;UInt;floorDiv;(int);generated",
-        "kotlin;UInt;floorDiv;(long);generated", "kotlin;UInt;floorDiv;(short);generated",
-        "kotlin;UInt;hashCode;();generated", "kotlin;UInt;inc;();generated",
-        "kotlin;UInt;inv;();generated", "kotlin;UInt;minus;(byte);generated",
-        "kotlin;UInt;minus;(int);generated", "kotlin;UInt;minus;(long);generated",
-        "kotlin;UInt;minus;(short);generated", "kotlin;UInt;mod;(byte);generated",
-        "kotlin;UInt;mod;(int);generated", "kotlin;UInt;mod;(long);generated",
-        "kotlin;UInt;mod;(short);generated", "kotlin;UInt;or;(int);generated",
-        "kotlin;UInt;plus;(byte);generated", "kotlin;UInt;plus;(int);generated",
-        "kotlin;UInt;plus;(long);generated", "kotlin;UInt;plus;(short);generated",
-        "kotlin;UInt;rangeTo;(int);generated", "kotlin;UInt;rem;(byte);generated",
-        "kotlin;UInt;rem;(int);generated", "kotlin;UInt;rem;(long);generated",
-        "kotlin;UInt;rem;(short);generated", "kotlin;UInt;shl;(int);generated",
-        "kotlin;UInt;shr;(int);generated", "kotlin;UInt;times;(byte);generated",
-        "kotlin;UInt;times;(int);generated", "kotlin;UInt;times;(long);generated",
-        "kotlin;UInt;times;(short);generated", "kotlin;UInt;toByte;();generated",
-        "kotlin;UInt;toDouble;();generated", "kotlin;UInt;toFloat;();generated",
-        "kotlin;UInt;toInt;();generated", "kotlin;UInt;toLong;();generated",
-        "kotlin;UInt;toShort;();generated", "kotlin;UInt;toString;();generated",
-        "kotlin;UInt;toUByte;();generated", "kotlin;UInt;toULong;();generated",
-        "kotlin;UInt;toUShort;();generated", "kotlin;UInt;xor;(int);generated",
-        "kotlin;UIntArray;UIntArray;(int);generated", "kotlin;UIntArray;equals;(Object);generated",
-        "kotlin;UIntArray;get;(int);generated", "kotlin;UIntArray;hashCode;();generated",
-        "kotlin;UIntArray;set;(int,int);generated", "kotlin;UIntArray;toString;();generated",
-        "kotlin;UIntArrayKt;UIntArray;(int,Function1);generated",
-        "kotlin;UIntKt;toUInt;(byte);generated", "kotlin;UIntKt;toUInt;(double);generated",
-        "kotlin;UIntKt;toUInt;(float);generated", "kotlin;UIntKt;toUInt;(int);generated",
-        "kotlin;UIntKt;toUInt;(long);generated", "kotlin;UIntKt;toUInt;(short);generated",
-        "kotlin;ULong$Companion;getMAX_VALUE;();generated",
-        "kotlin;ULong$Companion;getMIN_VALUE;();generated",
-        "kotlin;ULong$Companion;getSIZE_BITS;();generated",
-        "kotlin;ULong$Companion;getSIZE_BYTES;();generated", "kotlin;ULong;and;(long);generated",
-        "kotlin;ULong;compareTo;(byte);generated", "kotlin;ULong;compareTo;(int);generated",
-        "kotlin;ULong;compareTo;(long);generated", "kotlin;ULong;compareTo;(short);generated",
-        "kotlin;ULong;dec;();generated", "kotlin;ULong;div;(byte);generated",
-        "kotlin;ULong;div;(int);generated", "kotlin;ULong;div;(long);generated",
-        "kotlin;ULong;div;(short);generated", "kotlin;ULong;equals;(Object);generated",
-        "kotlin;ULong;floorDiv;(byte);generated", "kotlin;ULong;floorDiv;(int);generated",
-        "kotlin;ULong;floorDiv;(long);generated", "kotlin;ULong;floorDiv;(short);generated",
-        "kotlin;ULong;hashCode;();generated", "kotlin;ULong;inc;();generated",
-        "kotlin;ULong;inv;();generated", "kotlin;ULong;minus;(byte);generated",
-        "kotlin;ULong;minus;(int);generated", "kotlin;ULong;minus;(long);generated",
-        "kotlin;ULong;minus;(short);generated", "kotlin;ULong;mod;(byte);generated",
-        "kotlin;ULong;mod;(int);generated", "kotlin;ULong;mod;(long);generated",
-        "kotlin;ULong;mod;(short);generated", "kotlin;ULong;or;(long);generated",
-        "kotlin;ULong;plus;(byte);generated", "kotlin;ULong;plus;(int);generated",
-        "kotlin;ULong;plus;(long);generated", "kotlin;ULong;plus;(short);generated",
-        "kotlin;ULong;rangeTo;(long);generated", "kotlin;ULong;rem;(byte);generated",
-        "kotlin;ULong;rem;(int);generated", "kotlin;ULong;rem;(long);generated",
-        "kotlin;ULong;rem;(short);generated", "kotlin;ULong;shl;(int);generated",
-        "kotlin;ULong;shr;(int);generated", "kotlin;ULong;times;(byte);generated",
-        "kotlin;ULong;times;(int);generated", "kotlin;ULong;times;(long);generated",
-        "kotlin;ULong;times;(short);generated", "kotlin;ULong;toByte;();generated",
-        "kotlin;ULong;toDouble;();generated", "kotlin;ULong;toFloat;();generated",
-        "kotlin;ULong;toInt;();generated", "kotlin;ULong;toLong;();generated",
-        "kotlin;ULong;toShort;();generated", "kotlin;ULong;toString;();generated",
-        "kotlin;ULong;toUByte;();generated", "kotlin;ULong;toUInt;();generated",
-        "kotlin;ULong;toUShort;();generated", "kotlin;ULong;xor;(long);generated",
-        "kotlin;ULongArray;ULongArray;(int);generated",
-        "kotlin;ULongArray;equals;(Object);generated", "kotlin;ULongArray;get;(int);generated",
-        "kotlin;ULongArray;hashCode;();generated", "kotlin;ULongArray;set;(int,long);generated",
-        "kotlin;ULongArray;toString;();generated",
-        "kotlin;ULongArrayKt;ULongArray;(int,Function1);generated",
-        "kotlin;ULongKt;toULong;(byte);generated", "kotlin;ULongKt;toULong;(double);generated",
-        "kotlin;ULongKt;toULong;(float);generated", "kotlin;ULongKt;toULong;(int);generated",
-        "kotlin;ULongKt;toULong;(long);generated", "kotlin;ULongKt;toULong;(short);generated",
-        "kotlin;UNumbersKt;countLeadingZeroBits;(byte);generated",
-        "kotlin;UNumbersKt;countLeadingZeroBits;(int);generated",
-        "kotlin;UNumbersKt;countLeadingZeroBits;(long);generated",
-        "kotlin;UNumbersKt;countLeadingZeroBits;(short);generated",
-        "kotlin;UNumbersKt;countOneBits;(byte);generated",
-        "kotlin;UNumbersKt;countOneBits;(int);generated",
-        "kotlin;UNumbersKt;countOneBits;(long);generated",
-        "kotlin;UNumbersKt;countOneBits;(short);generated",
-        "kotlin;UNumbersKt;countTrailingZeroBits;(byte);generated",
-        "kotlin;UNumbersKt;countTrailingZeroBits;(int);generated",
-        "kotlin;UNumbersKt;countTrailingZeroBits;(long);generated",
-        "kotlin;UNumbersKt;countTrailingZeroBits;(short);generated",
-        "kotlin;UNumbersKt;rotateLeft;(byte,int);generated",
-        "kotlin;UNumbersKt;rotateLeft;(int,int);generated",
-        "kotlin;UNumbersKt;rotateLeft;(long,int);generated",
-        "kotlin;UNumbersKt;rotateLeft;(short,int);generated",
-        "kotlin;UNumbersKt;rotateRight;(byte,int);generated",
-        "kotlin;UNumbersKt;rotateRight;(int,int);generated",
-        "kotlin;UNumbersKt;rotateRight;(long,int);generated",
-        "kotlin;UNumbersKt;rotateRight;(short,int);generated",
-        "kotlin;UNumbersKt;takeHighestOneBit;(byte);generated",
-        "kotlin;UNumbersKt;takeHighestOneBit;(int);generated",
-        "kotlin;UNumbersKt;takeHighestOneBit;(long);generated",
-        "kotlin;UNumbersKt;takeHighestOneBit;(short);generated",
-        "kotlin;UNumbersKt;takeLowestOneBit;(byte);generated",
-        "kotlin;UNumbersKt;takeLowestOneBit;(int);generated",
-        "kotlin;UNumbersKt;takeLowestOneBit;(long);generated",
-        "kotlin;UNumbersKt;takeLowestOneBit;(short);generated",
-        "kotlin;UShort$Companion;getMAX_VALUE;();generated",
-        "kotlin;UShort$Companion;getMIN_VALUE;();generated",
-        "kotlin;UShort$Companion;getSIZE_BITS;();generated",
-        "kotlin;UShort$Companion;getSIZE_BYTES;();generated", "kotlin;UShort;and;(short);generated",
-        "kotlin;UShort;compareTo;(byte);generated", "kotlin;UShort;compareTo;(int);generated",
-        "kotlin;UShort;compareTo;(long);generated", "kotlin;UShort;compareTo;(short);generated",
-        "kotlin;UShort;dec;();generated", "kotlin;UShort;div;(byte);generated",
-        "kotlin;UShort;div;(int);generated", "kotlin;UShort;div;(long);generated",
-        "kotlin;UShort;div;(short);generated", "kotlin;UShort;equals;(Object);generated",
-        "kotlin;UShort;floorDiv;(byte);generated", "kotlin;UShort;floorDiv;(int);generated",
-        "kotlin;UShort;floorDiv;(long);generated", "kotlin;UShort;floorDiv;(short);generated",
-        "kotlin;UShort;hashCode;();generated", "kotlin;UShort;inc;();generated",
-        "kotlin;UShort;inv;();generated", "kotlin;UShort;minus;(byte);generated",
-        "kotlin;UShort;minus;(int);generated", "kotlin;UShort;minus;(long);generated",
-        "kotlin;UShort;minus;(short);generated", "kotlin;UShort;mod;(byte);generated",
-        "kotlin;UShort;mod;(int);generated", "kotlin;UShort;mod;(long);generated",
-        "kotlin;UShort;mod;(short);generated", "kotlin;UShort;or;(short);generated",
-        "kotlin;UShort;plus;(byte);generated", "kotlin;UShort;plus;(int);generated",
-        "kotlin;UShort;plus;(long);generated", "kotlin;UShort;plus;(short);generated",
-        "kotlin;UShort;rangeTo;(short);generated", "kotlin;UShort;rem;(byte);generated",
-        "kotlin;UShort;rem;(int);generated", "kotlin;UShort;rem;(long);generated",
-        "kotlin;UShort;rem;(short);generated", "kotlin;UShort;times;(byte);generated",
-        "kotlin;UShort;times;(int);generated", "kotlin;UShort;times;(long);generated",
-        "kotlin;UShort;times;(short);generated", "kotlin;UShort;toByte;();generated",
-        "kotlin;UShort;toDouble;();generated", "kotlin;UShort;toFloat;();generated",
-        "kotlin;UShort;toInt;();generated", "kotlin;UShort;toLong;();generated",
-        "kotlin;UShort;toShort;();generated", "kotlin;UShort;toString;();generated",
-        "kotlin;UShort;toUByte;();generated", "kotlin;UShort;toUInt;();generated",
-        "kotlin;UShort;toULong;();generated", "kotlin;UShort;xor;(short);generated",
-        "kotlin;UShortArray;UShortArray;(int);generated",
-        "kotlin;UShortArray;equals;(Object);generated", "kotlin;UShortArray;get;(int);generated",
-        "kotlin;UShortArray;hashCode;();generated", "kotlin;UShortArray;set;(int,short);generated",
-        "kotlin;UShortArray;toString;();generated",
-        "kotlin;UShortArrayKt;UShortArray;(int,Function1);generated",
-        "kotlin;UShortKt;toUShort;(byte);generated", "kotlin;UShortKt;toUShort;(int);generated",
-        "kotlin;UShortKt;toUShort;(long);generated", "kotlin;UShortKt;toUShort;(short);generated",
-        "kotlin;UninitializedPropertyAccessException;UninitializedPropertyAccessException;();generated",
-        "kotlin;UninitializedPropertyAccessException;UninitializedPropertyAccessException;(String);generated",
-        "kotlin;UninitializedPropertyAccessException;UninitializedPropertyAccessException;(String,Throwable);generated",
-        "kotlin;UninitializedPropertyAccessException;UninitializedPropertyAccessException;(Throwable);generated",
-        "kotlin;Unit;toString;();generated", "kotlin;UnsafeVariance;UnsafeVariance;();generated",
-        "kotlin;UnsupportedOperationException;UnsupportedOperationException;();generated",
-        "kotlin;UnsupportedOperationException;UnsupportedOperationException;(String);generated",
-        "kotlin;UnsupportedOperationException;UnsupportedOperationException;(String,Throwable);generated",
-        "kotlin;UnsupportedOperationException;UnsupportedOperationException;(Throwable);generated",
-        "kotlin;UseExperimental;UseExperimental;(KClass[]);generated",
-        "kotlin;UseExperimental;markerClass;();generated"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll
deleted file mode 100644
index 3d70961cf37..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll
+++ /dev/null
@@ -1,14 +0,0 @@
-/** Definitions of taint steps in the KotlinStdLib framework */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class KotlinStdLibSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "kotlin.jvm.internal;ArrayIteratorKt;false;iterator;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "kotlin.collections;ArraysKt;false;withIndex;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLibGenerated.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLibGenerated.qll
deleted file mode 100644
index ed2b0165f47..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLibGenerated.qll
+++ /dev/null
@@ -1,1868 +0,0 @@
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of taint steps in the Kotlin StdLib @30ce58cea74 framework.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class StdLibGeneratedSinksCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "kotlin.io;FilesKt;false;appendBytes;(File,byte[]);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;appendText;(File,String,Charset);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;bufferedWriter;(File,Charset,int);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;copyRecursively;(File,File,boolean,Function2);;Argument[1];create-file;generated",
-        "kotlin.io;FilesKt;false;copyTo;(File,File,boolean,int);;Argument[1];create-file;generated",
-        "kotlin.io;FilesKt;false;outputStream;(File);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;printWriter;(File,Charset);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;writeBytes;(File,byte[]);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;writeText;(File,String,Charset);;Argument[0];create-file;generated",
-        "kotlin.io;FilesKt;false;writer;(File,Charset);;Argument[0];create-file;generated",
-        "kotlin.io;TextStreamsKt;false;readBytes;(URL);;Argument[0];open-url;generated",
-        "kotlin.io;TextStreamsKt;false;readText;(URL,Charset);;Argument[0];open-url;generated"
-      ]
-  }
-}
-
-private class StdLibGeneratedSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "kotlin.collections;AbstractCollection;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;ArrayDeque;(Collection);;Argument[0].Element;Argument[-1];taint;generated",
-        "kotlin.collections;ArrayDeque;false;addFirst;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.collections;ArrayDeque;false;addLast;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.collections;ArrayDeque;false;first;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;firstOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;last;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;lastOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;removeFirst;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;removeFirstOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;removeLast;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArrayDeque;false;removeLastOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;asList;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(Object[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(Object[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(boolean[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(boolean[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(byte[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(byte[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(char[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(char[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(double[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(double[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(float[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(float[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(int[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(int[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(long[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(long[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(short[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateByTo;(short[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(Object[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(boolean[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(byte[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(char[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(double[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(float[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(int[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(long[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateTo;(short[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(Object[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(boolean[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(byte[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(char[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(double[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(float[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(int[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(long[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;associateWithTo;(short[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(Object[],Object[],int,int,int);;Argument[0].ArrayElement;Argument[1].ArrayElement;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(Object[],Object[],int,int,int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(Object[],Object[],int,int,int);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(byte[],byte[],int,int,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(byte[],byte[],int,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(byte[],byte[],int,int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(char[],char[],int,int,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(char[],char[],int,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyInto;(char[],char[],int,int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(Object[],int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(byte[],int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOf;(char[],int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOfRangeInline;(Object[],int,int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOfRangeInline;(byte[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;copyOfRangeInline;(char[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;drop;(Object[],int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;dropLast;(Object[],int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;dropLastWhile;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fill;(Object[],Object,int,int);;Argument[1];Argument[0].ArrayElement;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(Object[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(boolean[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(byte[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(char[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(double[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(float[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(int[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(long[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIndexedTo;(short[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIsInstanceTo;(Object[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterIsInstanceTo;(Object[],Collection,Class);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotNullTo;(Object[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(boolean[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(byte[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(char[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(double[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(float[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(int[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(long[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterNotTo;(short[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(boolean[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(byte[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(char[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(double[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(float[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(int[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(long[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;filterTo;(short[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;findLast;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;first;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;firstOrNull;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(Object[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(boolean[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(byte[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(char[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(double[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(float[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(int[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(long[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedIterableTo;(short[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapIndexedSequenceTo;(Object[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapSequenceTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(boolean[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(byte[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(char[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(double[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(float[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(int[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(long[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;flatMapTo;(short[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(Object[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(boolean[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(byte[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(char[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(double[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(float[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(int[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(long[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;fold;(short[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(Object[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(boolean[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(byte[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(char[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(double[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(float[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(int[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(long[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldIndexed;(short[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(Object[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(boolean[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(byte[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(char[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(double[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(float[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(int[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(long[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRight;(short[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(Object[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(boolean[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(byte[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(char[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(double[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(float[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(int[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(long[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;foldRightIndexed;(short[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(Object[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(Object[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(boolean[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(boolean[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(byte[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(byte[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(char[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(char[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(double[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(double[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(float[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(float[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(int[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(int[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(long[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(long[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(short[],Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;groupByTo;(short[],Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;ifEmpty;(Object[],Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(Object[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(boolean[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(byte[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(char[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(double[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(float[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(int[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(long[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;ArraysKt;false;joinTo;(short[],Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(Object[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(boolean[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(byte[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(char[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(double[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(float[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(int[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(long[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;joinToString;(short[],CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;last;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;last;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;lastOrNull;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;lastOrNull;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedNotNullTo;(Object[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(Object[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(boolean[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(byte[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(char[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(double[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(float[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(int[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(long[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapIndexedTo;(short[],Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapNotNullTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(Object[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(boolean[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(byte[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(char[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(double[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(float[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(int[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(long[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;mapTo;(short[],Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;max;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxBy;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxByOrNull;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxByOrThrow;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxOfWith;(Object[],Comparator,Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxOfWithOrNull;(Object[],Comparator,Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxOrNull;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxOrThrow;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxWith;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxWithOrNull;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;maxWithOrThrow;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;min;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minBy;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minByOrNull;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minByOrThrow;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minOfWith;(Object[],Comparator,Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minOfWithOrNull;(Object[],Comparator,Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minOrNull;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minOrThrow;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minWith;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minWithOrNull;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;minWithOrThrow;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEach;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEach;(byte[],Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEach;(char[],Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEachIndexed;(Object[],Function2);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEachIndexed;(byte[],Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;onEachIndexed;(char[],Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;orEmpty;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(Object[],Collection);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(Object[],Object);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(Object[],Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(Object[],Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(byte[],Collection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(byte[],byte);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(byte[],byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(byte[],byte[]);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(char[],Collection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(char[],char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(char[],char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plus;(char[],char[]);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;plusElement;(Object[],Object);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reduce;(Object[],Function2);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reduceIndexed;(Object[],Function3);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reduceIndexedOrNull;(Object[],Function3);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reduceOrNull;(Object[],Function2);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;requireNoNulls;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reversed;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reversedArray;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reversedArray;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;reversedArray;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(Object[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(boolean[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(byte[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(char[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(double[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(float[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(int[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(long[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFold;(short[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(Object[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(boolean[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(byte[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(char[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(double[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(float[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(int[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(long[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;runningFoldIndexed;(short[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(Object[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(boolean[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(byte[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(char[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(double[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(float[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(int[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(long[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scan;(short[],Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(Object[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(boolean[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(byte[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(char[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(double[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(float[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(int[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(long[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;scanIndexed;(short[],Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;single;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;singleOrNull;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;slice;(Object[],IntRange);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sliceArray;(Object[],Collection);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sliceArray;(Object[],IntRange);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sliceArray;(byte[],IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sliceArray;(char[],IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sorted;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArray;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArray;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArray;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArrayDescending;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArrayDescending;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArrayDescending;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedArrayWith;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedBy;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedByDescending;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedDescending;(Comparable[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;sortedWith;(Object[],Comparator);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;take;(Object[],int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;takeLast;(Object[],int);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;takeLastWhile;(Object[],Function1);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(Object[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(boolean[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(byte[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(char[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(double[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(float[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(int[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(long[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toCollection;(short[],Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toList;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toMutableList;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toSet;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toString;(byte[],Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;toTypedArray;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;union;(Object[],Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;union;(byte[],Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;union;(char[],Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Iterable);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Iterable,Function2);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Iterable,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Object[],Function2);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;ArraysKt;false;zip;(Object[],Object[],Function2);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;addAll;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;addAll;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;addAll;(Collection,Sequence);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;arrayListOf;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;asIterable;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;asReversed;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;asReversedMutable;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associate;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateBy;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateBy;(Iterable,Function1,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateByTo;(Iterable,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateTo;(Iterable,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateTo;(Iterable,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateTo;(Iterable,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateWith;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateWithTo;(Iterable,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateWithTo;(Iterable,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;associateWithTo;(Iterable,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;component1;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;component2;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;component3;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;component4;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;component5;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;distinct;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;distinctBy;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;drop;(Iterable,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;dropLast;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;dropLastWhile;(List,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;dropWhile;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAt;(Iterable,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAt;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAtOrElse;(Iterable,int,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAtOrElse;(List,int,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAtOrNull;(Iterable,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;elementAtOrNull;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;fill;(List,Object);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filter;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIndexedTo;(Iterable,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstance;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstance;(Iterable,Class);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection,Class);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection,Class);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterIsInstanceTo;(Iterable,Collection,Class);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNot;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotNullTo;(Iterable,Collection);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotNullTo;(Iterable,Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotNullTo;(Iterable,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotTo;(Iterable,Collection,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotTo;(Iterable,Collection,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterNotTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterTo;(Iterable,Collection,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterTo;(Iterable,Collection,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;filterTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;find;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;findLast;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;findLast;(List,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;first;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;first;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;first;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;firstNotNullOf;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;firstNotNullOfOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;firstOrNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;firstOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;firstOrNull;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;flatMapIndexedIterableTo;(Iterable,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;flatMapIndexedSequenceTo;(Iterable,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;flatMapSequenceTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;flatMapTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;flatten;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;fold;(Iterable,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;foldIndexed;(Iterable,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;foldRight;(List,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;foldRightIndexed;(List,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;getOrElse;(List,int,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;getOrNull;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;groupByTo;(Iterable,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;groupByTo;(Iterable,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;ifEmpty;(Collection,Function0);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;intersect;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;iterator;(Iterator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0].Element;Argument[1];taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinTo;(Iterable,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinToString;(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinToString;(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinToString;(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinToString;(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;joinToString;(Iterable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;last;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;last;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;last;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;last;(List,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;lastOrNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;lastOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;lastOrNull;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;lastOrNull;(List,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;listOf;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;listOf;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;listOfNotNull;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;map;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapIndexedNotNullTo;(Iterable,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapIndexedTo;(Iterable,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapNotNullTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapTo;(Iterable,Collection,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapTo;(Iterable,Collection,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mapTo;(Iterable,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;max;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxBy;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxByOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxByOrThrow;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxOfWith;(Iterable,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxOfWithOrNull;(Iterable,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxOrNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxOrThrow;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxWith;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxWithOrNull;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;maxWithOrThrow;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;min;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minBy;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minByOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minByOrThrow;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minOfWith;(Iterable,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minOfWithOrNull;(Iterable,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minOrNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minOrThrow;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minWith;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minWithOrNull;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minWithOrThrow;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minus;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minus;(Iterable,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minus;(Iterable,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minus;(Iterable,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;minusElement;(Iterable,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;mutableListOf;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;onEach;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;onEachIndexed;(Iterable,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;orEmpty;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;orEmpty;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;partition;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Collection,Sequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plus;(Iterable,Sequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusAssign;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusAssign;(Collection,Object);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusAssign;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusAssign;(Collection,Sequence);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusElement;(Collection,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusElement;(Collection,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusElement;(Iterable,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;plusElement;(Iterable,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;random;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;random;(Collection,Random);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;randomOrNull;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;randomOrNull;(Collection,Random);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduce;(Iterable,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceIndexed;(Iterable,Function3);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceIndexedOrNull;(Iterable,Function3);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceOrNull;(Iterable,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceRight;(List,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceRightIndexed;(List,Function3);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceRightIndexedOrNull;(List,Function3);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reduceRightOrNull;(List,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;remove;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;removeFirst;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;removeFirstOrNull;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;removeLast;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;removeLastOrNull;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;requireNoNulls;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;requireNoNulls;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;reversed;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;runningFold;(Iterable,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;runningFoldIndexed;(Iterable,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;scan;(Iterable,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;scanIndexed;(Iterable,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;shuffled;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;shuffled;(Iterable,Random);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;single;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;single;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;single;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;singleOrNull;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;singleOrNull;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;singleOrNull;(List);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;slice;(List,IntRange);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;slice;(List,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;sorted;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;sortedBy;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;sortedByDescending;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;sortedDescending;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;sortedWith;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;subtract;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;take;(Iterable,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;takeLast;(List,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;takeLastWhile;(List,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;takeWhile;(Iterable,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toCollection;(Iterable,Collection);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toCollection;(Iterable,Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toCollection;(Iterable,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toHashSet;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toList;(Enumeration);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toList;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toMutableList;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toMutableList;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toMutableSet;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toSet;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toSortedSet;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;toSortedSet;(Iterable,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;union;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;union;(Iterable,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;unzip;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;withIndex;(Iterator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Iterable,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Iterable,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Object[],Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zip;(Iterable,Object[],Function2);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zipWithNext;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;CollectionsKt;false;zipWithNext;(Iterable,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;GroupingKt;false;aggregateTo;(Grouping,Map,Function4);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;GroupingKt;false;eachCountTo;(Grouping,Map);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;GroupingKt;false;foldTo;(Grouping,Map,Function2,Function3);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;GroupingKt;false;foldTo;(Grouping,Map,Object,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;GroupingKt;false;reduceTo;(Grouping,Map,Function3);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;IndexedValue;false;IndexedValue;(int,Object);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.collections;IndexedValue;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;IndexedValue;false;copy;(int,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;IndexedValue;false;getValue;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;IndexedValue;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.collections;MapAccessorsKt;false;getValue;(Map,Object,KProperty);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapAccessorsKt;false;getVar;(Map,Object,KProperty);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapAccessorsKt;false;setValue;(Map,Object,KProperty,Object);;Argument[2];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapAccessorsKt;false;setValue;(Map,Object,KProperty,Object);;Argument[3];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;asIterable;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;component1;(Entry);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;component2;(Entry);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filter;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterKeys;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterNot;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterNotTo;(Map,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;filterNotTo;(Map,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterNotTo;(Map,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterTo;(Map,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;filterTo;(Map,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterTo;(Map,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;filterValues;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;firstNotNullOf;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;firstNotNullOfOrNull;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;flatMapSequenceTo;(Map,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;flatMapTo;(Map,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;get;(Map,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;getOrElse;(Map,Object,Function0);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;getOrPut;(ConcurrentMap,Object,Function0);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;getOrPut;(Map,Object,Function0);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;getOrPut;(Map,Object,Function0);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;getValue;(Map,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;ifEmpty;(Map,Function0);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;iterator;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;map;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapKeys;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapKeysTo;(Map,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;mapKeysTo;(Map,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapKeysTo;(Map,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapNotNullTo;(Map,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapOf;(Pair);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapTo;(Map,Collection,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;mapTo;(Map,Collection,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapTo;(Map,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapValues;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapValuesTo;(Map,Map,Function1);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;mapValuesTo;(Map,Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mapValuesTo;(Map,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxBy;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxByOrNull;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxByOrThrow;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxOfWith;(Map,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxOfWithOrNull;(Map,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxWith;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxWithOrNull;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;maxWithOrThrow;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minBy;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minByOrNull;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minByOrThrow;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minOfWith;(Map,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minOfWithOrNull;(Map,Comparator,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minWith;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minWithOrNull;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minWithOrThrow;(Map,Comparator);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minus;(Map,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minus;(Map,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minus;(Map,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;minus;(Map,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;mutableIterator;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;onEach;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;onEachIndexed;(Map,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;orEmpty;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Pair);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Pair);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Pair[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Pair[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plus;(Map,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;plusAssign;(Map,Iterable);;Argument[1].Element;Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;plusAssign;(Map,Map);;Argument[1].Element;Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;plusAssign;(Map,Pair);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;plusAssign;(Map,Sequence);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;putAll;(Map,Iterable);;Argument[1].Element;Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;putAll;(Map,Sequence);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;remove;(Map,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;set;(Map,Object,Object);;Argument[1];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;set;(Map,Object,Object);;Argument[2];Argument[0].Element;taint;generated",
-        "kotlin.collections;MapsKt;false;toList;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Iterable,Map);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Map,Map);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Pair[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Pair[],Map);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMap;(Sequence,Map);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toMutableMap;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toPair;(Entry);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;toSortedMap;(Map);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;withDefault;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;withDefault;(Map,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;withDefaultMutable;(Map,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;MapsKt;false;withDefaultMutable;(Map,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;minus;(Set,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;minus;(Set,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;minus;(Set,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;minus;(Set,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;minusElement;(Set,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;orEmpty;(Set);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Iterable);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Iterable);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Sequence);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plus;(Set,Sequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plusElement;(Set,Object);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;plusElement;(Set,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;setOf;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;setOf;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.collections;SetsKt;false;setOfNotNull;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;asByteArray;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;asUByteArray;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;associateWithTo;(UByteArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;associateWithTo;(UIntArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;associateWithTo;(ULongArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;associateWithTo;(UShortArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;contentToString;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;contentToString;(UIntArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;contentToString;(ULongArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;contentToString;(UShortArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(UByteArray,UByteArray,int,int,int);;Argument[0].Element;Argument[1].Element;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(UByteArray,UByteArray,int,int,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(UByteArray,UByteArray,int,int,int);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(UIntArray,UIntArray,int,int,int);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(ULongArray,ULongArray,int,int,int);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyInto;(UShortArray,UShortArray,int,int,int);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyOf;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyOf;(UByteArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;copyOfRange;(UByteArray,int,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;drop;(UByteArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;drop;(UIntArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;drop;(ULongArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;drop;(UShortArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLast;(UByteArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLast;(UIntArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLast;(ULongArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLast;(UShortArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLastWhile;(UByteArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLastWhile;(UIntArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLastWhile;(ULongArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;dropLastWhile;(UShortArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterIndexedTo;(UByteArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterIndexedTo;(UIntArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterIndexedTo;(ULongArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterIndexedTo;(UShortArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterNotTo;(UByteArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterNotTo;(UIntArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterNotTo;(ULongArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterNotTo;(UShortArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterTo;(UByteArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterTo;(UIntArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterTo;(ULongArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;filterTo;(UShortArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapIndexedTo;(UByteArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapIndexedTo;(UIntArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapIndexedTo;(ULongArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapIndexedTo;(UShortArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapTo;(UByteArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapTo;(UIntArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapTo;(ULongArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;flatMapTo;(UShortArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;fold;(UByteArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;fold;(UIntArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;fold;(ULongArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;fold;(UShortArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldIndexed;(UByteArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldIndexed;(UIntArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldIndexed;(ULongArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldIndexed;(UShortArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRight;(UByteArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRight;(UIntArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRight;(ULongArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRight;(UShortArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRightIndexed;(UByteArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRightIndexed;(UIntArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRightIndexed;(ULongArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;foldRightIndexed;(UShortArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UByteArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UByteArray,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UIntArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UIntArray,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(ULongArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(ULongArray,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UShortArray,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;groupByTo;(UShortArray,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapIndexedTo;(UByteArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapIndexedTo;(UIntArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapIndexedTo;(ULongArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapIndexedTo;(UShortArray,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapTo;(UByteArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapTo;(UIntArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapTo;(ULongArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;mapTo;(UShortArray,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEach;(UByteArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEach;(UIntArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEach;(ULongArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEach;(UShortArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEachIndexed;(UByteArray,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEachIndexed;(UIntArray,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEachIndexed;(ULongArray,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;onEachIndexed;(UShortArray,Function2);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;plus;(UByteArray,Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;plus;(UByteArray,UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;plus;(UByteArray,UByteArray);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;plus;(UByteArray,byte);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;reversed;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;reversed;(UIntArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;reversed;(ULongArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;reversed;(UShortArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;reversedArray;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFold;(UByteArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFold;(UIntArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFold;(ULongArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFold;(UShortArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFoldIndexed;(UByteArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFoldIndexed;(UIntArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFoldIndexed;(ULongArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;runningFoldIndexed;(UShortArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scan;(UByteArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scan;(UIntArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scan;(ULongArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scan;(UShortArray,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scanIndexed;(UByteArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scanIndexed;(UIntArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scanIndexed;(ULongArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;scanIndexed;(UShortArray,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sliceArray;(UByteArray,IntRange);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArray;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArray;(UIntArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArray;(ULongArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArray;(UShortArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArrayDescending;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArrayDescending;(UIntArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArrayDescending;(ULongArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedArrayDescending;(UShortArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;sortedDescending;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;take;(UByteArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;take;(UIntArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;take;(ULongArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;take;(UShortArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLast;(UByteArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLast;(UIntArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLast;(ULongArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLast;(UShortArray,int);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLastWhile;(UByteArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLastWhile;(UIntArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLastWhile;(ULongArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;takeLastWhile;(UShortArray,Function1);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;toByteArray;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.collections;UArraysKt;false;toUByteArray;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable,Comparable);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Comparable,Comparable[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object,Comparator);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object,Object,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object,Object,Comparator);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object,Object,Comparator);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;maxOf;(Object,Object[],Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable,Comparable);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Comparable,Comparable[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object,Comparator);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object,Object,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object,Object,Comparator);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object,Object,Comparator);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;minOf;(Object,Object[],Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.comparisons;ComparisonsKt;false;reversed;(Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.coroutines.intrinsics;IntrinsicsKt;false;intercepted;(Continuation);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.coroutines.jvm.internal;CoroutineStackFrame;true;getCallerFrame;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;AbstractCoroutineContextElement;true;AbstractCoroutineContextElement;(Key);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.coroutines;AbstractCoroutineContextKey;true;AbstractCoroutineContextKey;(Key,Function1);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.coroutines;AbstractCoroutineContextKey;true;AbstractCoroutineContextKey;(Key,Function1);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.coroutines;CoroutineContext$Element;true;getKey;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;fold;(Object,Function2);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;fold;(Object,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;get;(Key);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;minusKey;(Key);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;minusKey;(Key);;Argument[-1];ReturnValue;value;generated",
-        "kotlin.coroutines;CoroutineContext;true;plus;(CoroutineContext);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContext;true;plus;(CoroutineContext);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContextImplKt;false;getPolymorphicElement;(Element,Key);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.coroutines;CoroutineContextImplKt;false;minusPolymorphicKey;(Element,Key);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;AccessDeniedException;false;AccessDeniedException;(File,File,String);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.io;AccessDeniedException;false;AccessDeniedException;(File,File,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.io;AccessDeniedException;false;AccessDeniedException;(File,File,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.io;ByteStreamsKt;false;buffered;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;buffered;(OutputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;bufferedReader;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;byteInputStream;(String,Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;copyTo;(InputStream,OutputStream,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.io;ByteStreamsKt;false;inputStream;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;inputStream;(byte[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;readBytes;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;readBytes;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;ByteStreamsKt;false;reader;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;CloseableKt;false;use;(Closeable,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FileAlreadyExistsException;false;FileAlreadyExistsException;(File,File,String);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.io;FileAlreadyExistsException;false;FileAlreadyExistsException;(File,File,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.io;FileAlreadyExistsException;false;FileAlreadyExistsException;(File,File,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.io;FileSystemException;true;FileSystemException;(File,File,String);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.io;FileSystemException;true;FileSystemException;(File,File,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.io;FileSystemException;true;FileSystemException;(File,File,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.io;FileSystemException;true;getFile;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileSystemException;true;getOther;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileSystemException;true;getReason;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;maxDepth;(int);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onEnter;(Function1);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onEnter;(Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onFail;(Function2);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onFail;(Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onLeave;(Function1);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.io;FileTreeWalk;false;onLeave;(Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;copyTo;(File,File,boolean,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;relativeToOrSelf;(File,File);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;resolve;(File,File);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;resolve;(File,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;resolveSibling;(File,File);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;resolveSibling;(File,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;walk;(File,FileWalkDirection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;walkBottomUp;(File);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;FilesKt;false;walkTopDown;(File);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;NoSuchFileException;false;NoSuchFileException;(File,File,String);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.io;NoSuchFileException;false;NoSuchFileException;(File,File,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.io;NoSuchFileException;false;NoSuchFileException;(File,File,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.io;TextStreamsKt;false;buffered;(Reader,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;buffered;(Writer,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;copyTo;(Reader,Writer,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.io;TextStreamsKt;false;forEachLine;(Reader,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;lineSequence;(BufferedReader);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;readText;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;reader;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.io;TextStreamsKt;false;useLines;(Reader,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;true;AdaptedFunctionReference;(int,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;true;AdaptedFunctionReference;(int,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;true;AdaptedFunctionReference;(int,Object,Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;true;AdaptedFunctionReference;(int,Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;AdaptedFunctionReference;true;AdaptedFunctionReference;(int,Object,Class,String,String,int);;Argument[4];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;ArrayIteratorKt;false;iterator;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;false;iterator;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ArrayIteratorsKt;false;iterator;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ByteSpreadBuilder;false;toArray;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CallableReference;true;compute;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CallableReference;true;getBoundReceiver;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CallableReference;true;getSignature;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CharSpreadBuilder;false;toArray;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ClassReference$Companion;false;getClassQualifiedName;(Class);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ClassReference$Companion;false;getClassSimpleName;(Class);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CollectionToArray;false;toArray;(Collection);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.jvm.internal;CollectionToArray;false;toArray;(Collection,Object[]);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin.jvm.internal;FunctionReference;true;FunctionReference;(int,Object);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReference;true;FunctionReference;(int,Object,Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReference;true;FunctionReference;(int,Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReference;true;FunctionReference;(int,Object,Class,String,String,int);;Argument[4];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReference;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,KDeclarationContainer,String,String);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,Object,Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;FunctionReferenceImpl;true;FunctionReferenceImpl;(int,Object,Class,String,String,int);;Argument[4];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;Intrinsics;true;stringPlus;(String,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Intrinsics;true;stringPlus;(String,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0;true;MutablePropertyReference0;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0;true;MutablePropertyReference0;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0;true;MutablePropertyReference0;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0;true;MutablePropertyReference0;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference0Impl;true;MutablePropertyReference0Impl;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1;true;MutablePropertyReference1;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1;true;MutablePropertyReference1;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1;true;MutablePropertyReference1;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1;true;MutablePropertyReference1;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference1Impl;true;MutablePropertyReference1Impl;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2;true;MutablePropertyReference2;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2;true;MutablePropertyReference2;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2Impl;true;MutablePropertyReference2Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2Impl;true;MutablePropertyReference2Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2Impl;true;MutablePropertyReference2Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference2Impl;true;MutablePropertyReference2Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference;true;MutablePropertyReference;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference;true;MutablePropertyReference;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference;true;MutablePropertyReference;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;MutablePropertyReference;true;MutablePropertyReference;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PackageReference;false;PackageReference;(Class,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PrimitiveSpreadBuilder;true;addSpread;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0;true;PropertyReference0;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0;true;PropertyReference0;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0;true;PropertyReference0;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0;true;PropertyReference0;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference0Impl;true;PropertyReference0Impl;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1;true;PropertyReference1;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1;true;PropertyReference1;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1;true;PropertyReference1;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1;true;PropertyReference1;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference1Impl;true;PropertyReference1Impl;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2;true;PropertyReference2;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2;true;PropertyReference2;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2Impl;true;PropertyReference2Impl;(Class,String,String,int);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2Impl;true;PropertyReference2Impl;(Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2Impl;true;PropertyReference2Impl;(KDeclarationContainer,String,String);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference2Impl;true;PropertyReference2Impl;(KDeclarationContainer,String,String);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference;true;PropertyReference;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference;true;PropertyReference;(Object,Class,String,String,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference;true;PropertyReference;(Object,Class,String,String,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference;true;PropertyReference;(Object,Class,String,String,int);;Argument[3];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;PropertyReference;true;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;function;(FunctionReference);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;getOrCreateKotlinPackage;(Class,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;mutableCollectionType;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;mutableProperty0;(MutablePropertyReference0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;mutableProperty1;(MutablePropertyReference1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;mutableProperty2;(MutablePropertyReference2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;nothingType;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;nullableTypeOf;(Class,KTypeProjection);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;nullableTypeOf;(Class,KTypeProjection,KTypeProjection);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;nullableTypeOf;(Class,KTypeProjection,KTypeProjection);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;nullableTypeOf;(KClassifier);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;platformType;(KType,KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;platformType;(KType,KType);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;property0;(PropertyReference0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;property1;(PropertyReference1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;property2;(PropertyReference2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;setUpperBounds;(KTypeParameter,KType);;Argument[1];Argument[0];taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeOf;(Class,KTypeProjection);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeOf;(Class,KTypeProjection,KTypeProjection);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeOf;(Class,KTypeProjection,KTypeProjection);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeOf;(KClassifier);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeParameter;(Object,String,KVariance,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;Reflection;true;typeParameter;(Object,String,KVariance,boolean);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;function;(FunctionReference);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;getOrCreateKotlinPackage;(Class,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;mutableCollectionType;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;mutableProperty0;(MutablePropertyReference0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;mutableProperty1;(MutablePropertyReference1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;mutableProperty2;(MutablePropertyReference2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;nothingType;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;platformType;(KType,KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;platformType;(KType,KType);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;property0;(PropertyReference0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;property1;(PropertyReference1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;property2;(PropertyReference2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;setUpperBounds;(KTypeParameter,List);;Argument[1].Element;Argument[0];taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;typeOf;(KClassifier,List,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;typeOf;(KClassifier,List,boolean);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;typeParameter;(Object,String,KVariance,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;ReflectionFactory;true;typeParameter;(Object,String,KVariance,boolean);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;SpreadBuilder;true;add;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;SpreadBuilder;true;addSpread;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;SpreadBuilder;true;toArray;(Object[]);;Argument[-1];Argument[0].ArrayElement;taint;generated",
-        "kotlin.jvm.internal;SpreadBuilder;true;toArray;(Object[]);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableCollection;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableCollection;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableIterable;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableIterable;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableIterator;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableIterator;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableList;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableList;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableListIterator;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableListIterator;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableMap;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableMap;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableMapEntry;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableMapEntry;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableSet;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;asMutableSet;(Object,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;beforeCheckcastToFunctionOfArity;(Object,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;beforeCheckcastToFunctionOfArity;(Object,int,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToCollection;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToIterable;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToIterator;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToList;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToListIterator;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToMap;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToMapEntry;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeIntrinsics;true;castToSet;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.jvm.internal;TypeParameterReference;false;TypeParameterReference;(Object,String,KVariance,boolean);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeParameterReference;false;TypeParameterReference;(Object,String,KVariance,boolean);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeParameterReference;false;setUpperBounds;(List);;Argument[0].Element;Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;TypeReference;(KClassifier,List,KType,int);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;TypeReference;(KClassifier,List,KType,int);;Argument[1].Element;Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;TypeReference;(KClassifier,List,KType,int);;Argument[2];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;TypeReference;(KClassifier,List,boolean);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;TypeReference;(KClassifier,List,boolean);;Argument[1].Element;Argument[-1];taint;generated",
-        "kotlin.jvm.internal;TypeReference;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.properties;ObservableProperty;true;ObservableProperty;(Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.random;PlatformRandomKt;false;asJavaRandom;(Random);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.random;PlatformRandomKt;false;asKotlinRandom;(Random);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.random;Random;true;nextBytes;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.random;Random;true;nextBytes;(byte[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.random;URandomKt;false;nextUBytes;(Random,UByteArray);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.random;URandomKt;false;nextUBytes;(Random,UByteArray,int,int);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.ranges;CharRange$Companion;false;getEMPTY;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.ranges;IntRange$Companion;false;getEMPTY;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.ranges;LongRange$Companion;false;getEMPTY;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceAtLeast;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceAtLeast;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceAtMost;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceAtMost;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceIn;(Comparable,ClosedFloatingPointRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceIn;(Comparable,ClosedRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceIn;(Comparable,Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceIn;(Comparable,Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;coerceIn;(Comparable,Comparable,Comparable);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;rangeTo;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;rangeTo;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;rangeUntil;(Comparable,Comparable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.ranges;RangesKt;false;rangeUntil;(Comparable,Comparable);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.ranges;UIntRange$Companion;false;getEMPTY;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.ranges;ULongRange$Companion;false;getEMPTY;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KClasses;false;cast;(KClass,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.reflect;KClasses;false;safeCast;(KClass,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.reflect;KType;true;getArguments;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KType;true;getClassifier;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeParameter;true;getName;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeParameter;true;getUpperBounds;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection$Companion;false;contravariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection$Companion;false;covariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection$Companion;false;invariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;KTypeProjection;(KVariance,KType);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.reflect;KTypeProjection;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;contravariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;copy;(KVariance,KType);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;covariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;getType;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;invariant;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;KTypeProjection;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.reflect;TypesJVMKt;false;getJavaType;(KType);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.reflect;WildcardTypeImpl$Companion;false;getSTAR;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequenceScope;true;yieldAll;(Sequence);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;asSequence;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateBy;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateByTo;(Sequence,Map,Function1);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateByTo;(Sequence,Map,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateByTo;(Sequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateByTo;(Sequence,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateTo;(Sequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateWith;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateWithTo;(Sequence,Map,Function1);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateWithTo;(Sequence,Map,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;associateWithTo;(Sequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;chunked;(Sequence,int,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;constrainOnce;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;distinct;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;distinctBy;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;distinctBy;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;drop;(Sequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;dropWhile;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;dropWhile;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;elementAt;(Sequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;elementAtOrElse;(Sequence,int,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;elementAtOrNull;(Sequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filter;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filter;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIndexedTo;(Sequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstance;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstance;(Sequence,Class);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection,Class);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection,Class);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterIsInstanceTo;(Sequence,Collection,Class);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNot;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNot;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotNullTo;(Sequence,Collection);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotNullTo;(Sequence,Collection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotNullTo;(Sequence,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotTo;(Sequence,Collection,Function1);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotTo;(Sequence,Collection,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterNotTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterTo;(Sequence,Collection,Function1);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterTo;(Sequence,Collection,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;filterTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;find;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;findLast;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;first;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;first;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;firstNotNullOf;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;firstNotNullOfOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;firstOrNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;firstOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMap;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMap;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapIndexedIterableTo;(Sequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapIndexedSequenceTo;(Sequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapIterable;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapIterable;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapIterableTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatMapTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flatten;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;flattenSequenceOfIterable;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;fold;(Sequence,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;foldIndexed;(Sequence,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;generateSequence;(Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;generateSequence;(Function0,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;generateSequence;(Function0,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;generateSequence;(Object,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;groupByTo;(Sequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;groupByTo;(Sequence,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0];Argument[1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];Argument[1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];Argument[1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];Argument[1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];Argument[1];taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinTo;(Sequence,Appendable,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[6];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinToString;(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinToString;(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinToString;(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinToString;(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;joinToString;(Sequence,CharSequence,CharSequence,CharSequence,int,CharSequence,Function1);;Argument[5];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;last;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;last;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;lastOrNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;lastOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;map;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;map;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexed;(Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexed;(Sequence,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexedNotNull;(Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexedNotNull;(Sequence,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexedNotNullTo;(Sequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapIndexedTo;(Sequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapNotNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapNotNull;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapNotNullTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapTo;(Sequence,Collection,Function1);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapTo;(Sequence,Collection,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;mapTo;(Sequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;max;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxBy;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxByOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxByOrThrow;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxOfWith;(Sequence,Comparator,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxOfWithOrNull;(Sequence,Comparator,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxOrNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxOrThrow;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxWith;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxWithOrNull;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;maxWithOrThrow;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;min;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minBy;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minByOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minByOrThrow;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minOfWith;(Sequence,Comparator,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minOfWithOrNull;(Sequence,Comparator,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minOrNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minOrThrow;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minWith;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minWithOrNull;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minWithOrThrow;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;minus;(Sequence,Object[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;onEach;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;onEachIndexed;(Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;orEmpty;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;partition;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;reduce;(Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;reduceIndexed;(Sequence,Function3);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;reduceIndexedOrNull;(Sequence,Function3);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;reduceOrNull;(Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;requireNoNulls;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;single;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;single;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;singleOrNull;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;singleOrNull;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;take;(Sequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;takeWhile;(Sequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;takeWhile;(Sequence,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toCollection;(Sequence,Collection);;Argument[0];Argument[1].Element;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toCollection;(Sequence,Collection);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toCollection;(Sequence,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toHashSet;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toList;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toMutableList;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toMutableSet;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toSet;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toSortedSet;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;toSortedSet;(Sequence,Comparator);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;unzip;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;windowed;(Sequence,int,int,boolean,Function1);;Argument[4];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;withIndex;(Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;zip;(Sequence,Sequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;zip;(Sequence,Sequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;zip;(Sequence,Sequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;zip;(Sequence,Sequence,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.sequences;SequencesKt;false;zip;(Sequence,Sequence,Function2);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;CharsKt;false;plus;(char,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;MatchGroup;(String,IntRange);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.text;MatchGroup;false;MatchGroup;(String,IntRange);;Argument[1].Element;Argument[-1];taint;generated",
-        "kotlin.text;MatchGroup;false;component1;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;copy;(String,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;copy;(String,IntRange);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;getRange;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;getValue;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchGroup;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component10;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component1;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component3;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component4;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component5;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component6;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component7;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component8;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;component9;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;getMatch;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult$Destructured;false;toList;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult;true;getDestructured;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult;true;getGroupValues;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult;true;getGroups;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;MatchResult;true;next;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;Regex$Companion;false;escape;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;find;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;getOptions;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;matchEntire;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;replace;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;replace;(CharSequence,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;replace;(CharSequence,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;replaceFirst;(CharSequence,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;replaceFirst;(CharSequence,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;Regex;false;toPattern;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(StringBuffer);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(byte[],Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(byte[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(byte[],int,int,Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;String;(char[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;append;(Appendable,CharSequence[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;append;(StringBuilder,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;append;(StringBuilder,Object);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;append;(StringBuilder,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;append;(StringBuilder,Object[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;append;(StringBuilder,String[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(Appendable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(Appendable,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(Appendable,CharSequence);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(Appendable,CharSequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(Appendable,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,CharSequence);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,CharSequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,Object);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,String);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuffer);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuffer);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuffer);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuilder);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,StringBuilder);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,byte);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,char[]);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,char[]);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,double);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,float);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,long);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendLine;(StringBuilder,short);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(Appendable,CharSequence,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(Appendable,CharSequence,int,int);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(Appendable,CharSequence,int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,CharSequence,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,CharSequence,int,int);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,CharSequence,int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,char[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,char[],int,int);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendRange;(StringBuilder,char[],int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(Appendable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(Appendable,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(Appendable,CharSequence);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(Appendable,CharSequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(Appendable,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,CharSequence);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,CharSequence);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,Object);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,String);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,String);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuffer);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuffer);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuffer);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuilder);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,StringBuilder);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,byte);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,char[]);;Argument[1];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,char[]);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,double);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,float);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,long);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;appendln;(StringBuilder,short);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;associateByTo;(CharSequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;associateByTo;(CharSequence,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;associateTo;(CharSequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;associateWithTo;(CharSequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;capitalize;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;capitalize;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;clear;(StringBuilder);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;concatToString;(char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;concatToString;(char[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;decapitalize;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;decapitalize;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;decodeToString;(byte[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;decodeToString;(byte[],int,int,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;drop;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;drop;(String,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropLast;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropLast;(String,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropLastWhile;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropLastWhile;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropWhile;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;dropWhile;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;encodeToByteArray;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;encodeToByteArray;(String,int,int,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;filterIndexedTo;(CharSequence,Appendable,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;filterNotTo;(CharSequence,Appendable,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;filterTo;(CharSequence,Appendable,Function1);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;findAnyOf;(CharSequence,Collection,int,boolean);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;findLastAnyOf;(CharSequence,Collection,int,boolean);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;flatMapIndexedIterableTo;(CharSequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;flatMapTo;(CharSequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;fold;(CharSequence,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;foldIndexed;(CharSequence,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;foldRight;(CharSequence,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;foldRightIndexed;(CharSequence,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(String,Locale,Object[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(String,Locale,Object[]);;Argument[2].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(String,Object[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(StringCompanionObject,Locale,String,Object[]);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(StringCompanionObject,Locale,String,Object[]);;Argument[3].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(StringCompanionObject,String,Object[]);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;format;(StringCompanionObject,String,Object[]);;Argument[2].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;formatNullable;(String,Locale,Object[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;formatNullable;(String,Locale,Object[]);;Argument[2].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;formatNullable;(StringCompanionObject,Locale,String,Object[]);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;formatNullable;(StringCompanionObject,Locale,String,Object[]);;Argument[3].ArrayElement;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;groupByTo;(CharSequence,Map,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;groupByTo;(CharSequence,Map,Function1,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;ifBlank;(CharSequence,Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;ifEmpty;(CharSequence,Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,CharSequence,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,CharSequence,int,int);;Argument[2];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,CharSequence,int,int);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,char[],int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,char[],int,int);;Argument[2];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;insertRange;(StringBuilder,int,char[],int,int);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;intern;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;lineSequence;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;lines;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;lowercase;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;lowercase;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;mapIndexedNotNullTo;(CharSequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;mapIndexedTo;(CharSequence,Collection,Function2);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;mapNotNullTo;(CharSequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;mapTo;(CharSequence,Collection,Function1);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;onEach;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;onEachIndexed;(CharSequence,Function2);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;orEmpty;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;padEnd;(CharSequence,int,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;padStart;(CharSequence,int,char);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;prependIndent;(String,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removePrefix;(CharSequence,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removePrefix;(String,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeRange;(CharSequence,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeRange;(CharSequence,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSuffix;(CharSequence,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSuffix;(String,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSurrounding;(CharSequence,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSurrounding;(CharSequence,CharSequence,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSurrounding;(String,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;removeSurrounding;(String,CharSequence,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;repeat;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replace;(CharSequence,Regex,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replace;(CharSequence,Regex,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replace;(CharSequence,Regex,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replace;(String,char,char,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceAfter;(String,String,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceAfter;(String,char,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceAfterLast;(String,String,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceAfterLast;(String,char,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceBefore;(String,String,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceBefore;(String,char,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceBeforeLast;(String,String,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceBeforeLast;(String,char,String,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirst;(CharSequence,Regex,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirst;(CharSequence,Regex,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirst;(String,String,String,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirst;(String,char,char,boolean);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirstCharWithChar;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceFirstCharWithCharSequence;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceRange;(CharSequence,IntRange,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceRange;(CharSequence,IntRange,CharSequence);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceRange;(CharSequence,int,int,CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;replaceRange;(CharSequence,int,int,CharSequence);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;reversed;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;runningFold;(CharSequence,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;runningFoldIndexed;(CharSequence,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;scan;(CharSequence,Object,Function2);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;scanIndexed;(CharSequence,Object,Function3);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;setRange;(StringBuilder,int,int,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;setRange;(StringBuilder,int,int,String);;Argument[3];Argument[0];taint;generated",
-        "kotlin.text;StringsKt;false;setRange;(StringBuilder,int,int,String);;Argument[3];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;slice;(CharSequence,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;slice;(String,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;split;(CharSequence,Pattern,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;splitToSequence;(CharSequence,String[],boolean,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;splitToSequence;(CharSequence,char[],boolean,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;subSequence;(CharSequence,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;subSequence;(String,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substring;(String,IntRange);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substring;(String,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substring;(String,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfter;(String,String,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfter;(String,String,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfter;(String,char,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfter;(String,char,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfterLast;(String,String,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfterLast;(String,String,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfterLast;(String,char,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringAfterLast;(String,char,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBefore;(String,String,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBefore;(String,String,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBefore;(String,char,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBefore;(String,char,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBeforeLast;(String,String,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBeforeLast;(String,String,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBeforeLast;(String,char,String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;substringBeforeLast;(String,char,String);;Argument[2];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;take;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;take;(String,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeLast;(CharSequence,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeLast;(String,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeLastWhile;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeLastWhile;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeWhile;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;takeWhile;(String,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toByteArray;(String,Charset);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(String,char[],int,int,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(String,char[],int,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(String,char[],int,int,int);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(String,int,int);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toCharArray;(StringBuilder,char[],int,int,int);;Argument[0];Argument[1];taint;generated",
-        "kotlin.text;StringsKt;false;toCollection;(CharSequence,Collection);;Argument[1].Element;ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toLowerCase;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toLowerCase;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toRegex;(Pattern);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toUpperCase;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;toUpperCase;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trim;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trim;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trim;(CharSequence,char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimEnd;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimEnd;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimEnd;(CharSequence,char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimStart;(CharSequence);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimStart;(CharSequence,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;trimStart;(CharSequence,char[]);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;uppercase;(String);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.text;StringsKt;false;uppercase;(String,Locale);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.time;Duration$Companion;false;getINFINITE;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration$Companion;false;getZERO;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;div;(double);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;div;(int);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;getAbsoluteValue;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;minus;(Duration);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;plus;(Duration);;Argument[-1];ReturnValue;value;generated",
-        "kotlin.time;Duration;false;times;(double);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;Duration;false;times;(int);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;DurationKt;false;times;(double,Duration);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.time;DurationKt;false;times;(int,Duration);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.time;TimeMark;true;minus;(Duration);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimeMark;true;plus;(Duration);;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimeMark;true;plus;(Duration);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.time;TimeSource;true;markNow;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;TimedValue;(Object,Duration);;Argument[0];Argument[-1];taint;generated",
-        "kotlin.time;TimedValue;false;TimedValue;(Object,Duration);;Argument[1];Argument[-1];taint;generated",
-        "kotlin.time;TimedValue;false;component1;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;copy;(Object,Duration);;Argument[0];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;copy;(Object,Duration);;Argument[1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;getDuration;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;getValue;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin.time;TimedValue;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;DeepRecursiveFunction;false;DeepRecursiveFunction;(SuspendFunction2);;Argument[0];Argument[-1];taint;generated",
-        "kotlin;KotlinVersion$Companion;false;getCURRENT;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;getValue;(Lazy,Object,KProperty);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;lazy;(Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;lazy;(LazyThreadSafetyMode,Function0);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;lazy;(Object,Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;lazy;(Object,Function0);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;LazyKt;false;lazyOf;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Pair;false;Pair;(Object,Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin;Pair;false;Pair;(Object,Object);;Argument[1];Argument[-1];taint;generated",
-        "kotlin;Pair;false;component1;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Pair;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Pair;false;copy;(Object,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Pair;false;copy;(Object,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;Pair;false;getFirst;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Pair;false;getSecond;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Pair;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;PreconditionsKt;false;checkNotNull;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;PreconditionsKt;false;checkNotNull;(Object,Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;PreconditionsKt;false;requireNotNull;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;PreconditionsKt;false;requireNotNull;(Object,Function0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Result$Companion;false;failure;(Throwable);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Result$Companion;false;success;(Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Result;false;exceptionOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Result;false;getOrNull;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Result;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;fold;(Result,Function1,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;getOrDefault;(Result,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;getOrDefault;(Result,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;getOrElse;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;getOrThrow;(Result);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;map;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;mapCatching;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;onFailure;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;onSuccess;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;recover;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;ResultKt;false;recoverCatching;(Result,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;also;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;apply;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;let;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;run;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;takeIf;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;takeUnless;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;StandardKt;false;with;(Object,Function1);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;SuspendKt;false;suspend;(SuspendFunction0);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Triple;false;Triple;(Object,Object,Object);;Argument[0];Argument[-1];taint;generated",
-        "kotlin;Triple;false;Triple;(Object,Object,Object);;Argument[1];Argument[-1];taint;generated",
-        "kotlin;Triple;false;Triple;(Object,Object,Object);;Argument[2];Argument[-1];taint;generated",
-        "kotlin;Triple;false;component1;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;component2;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;component3;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;copy;(Object,Object,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;Triple;false;copy;(Object,Object,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;copy;(Object,Object,Object);;Argument[2];ReturnValue;taint;generated",
-        "kotlin;Triple;false;getFirst;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;getSecond;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;getThird;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;Triple;false;toString;();;Argument[-1];ReturnValue;taint;generated",
-        "kotlin;TuplesKt;false;to;(Object,Object);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;TuplesKt;false;to;(Object,Object);;Argument[1];ReturnValue;taint;generated",
-        "kotlin;TuplesKt;false;toList;(Pair);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;TuplesKt;false;toList;(Triple);;Argument[0];ReturnValue;taint;generated",
-        "kotlin;UByte;false;toUByte;();;Argument[-1];ReturnValue;value;generated",
-        "kotlin;UByteArrayKt;false;ubyteArrayOf;(UByteArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin;UInt;false;toUInt;();;Argument[-1];ReturnValue;value;generated",
-        "kotlin;UIntArrayKt;false;uintArrayOf;(UIntArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin;ULong;false;toULong;();;Argument[-1];ReturnValue;value;generated",
-        "kotlin;ULongArrayKt;false;ulongArrayOf;(ULongArray);;Argument[0].Element;ReturnValue;taint;generated",
-        "kotlin;UShort;false;toUShort;();;Argument[-1];ReturnValue;value;generated",
-        "kotlin;UShortArrayKt;false;ushortArrayOf;(UShortArray);;Argument[0].Element;ReturnValue;taint;generated"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll
new file mode 100644
index 00000000000..62eafa9565e
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll
@@ -0,0 +1,21 @@
+/** Provides classes and predicates related to `kotlin.text`. */
+
+import java
+
+/** The type `kotlin.text.StringsKt`, where `String` extension methods are declared. */
+class StringsKt extends RefType {
+  StringsKt() { this.hasQualifiedName("kotlin.text", "StringsKt") }
+}
+
+/** A call to the extension method `String.toRegex` from `kotlin.text`. */
+class KtToRegex extends MethodAccess {
+  KtToRegex() {
+    this.getMethod().getDeclaringType() instanceof StringsKt and
+    this.getMethod().hasName("toRegex")
+  }
+
+  /** Gets the constant string value being converted to a regex by this call. */
+  string getExpressionString() {
+    result = this.getArgument(0).(CompileTimeConstantExpr).getStringValue()
+  }
+}
diff --git a/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll b/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll
deleted file mode 100644
index 772ea3866e5..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll
+++ /dev/null
@@ -1,135 +0,0 @@
-/**
- * Provides classes and predicates related to `ratpack.*`.
- */
-
-import java
-private import semmle.code.java.dataflow.DataFlow
-private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
-
-/**
- * Ratpack methods that access user-supplied request data.
- */
-private class RatpackHttpSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      ["ratpack.http;", "ratpack.core.http;"] +
-        [
-          "Request;true;getContentLength;;;ReturnValue;remote;manual",
-          "Request;true;getCookies;;;ReturnValue;remote;manual",
-          "Request;true;oneCookie;;;ReturnValue;remote;manual",
-          "Request;true;getHeaders;;;ReturnValue;remote;manual",
-          "Request;true;getPath;;;ReturnValue;remote;manual",
-          "Request;true;getQuery;;;ReturnValue;remote;manual",
-          "Request;true;getQueryParams;;;ReturnValue;remote;manual",
-          "Request;true;getRawUri;;;ReturnValue;remote;manual",
-          "Request;true;getUri;;;ReturnValue;remote;manual",
-          "Request;true;getBody;;;ReturnValue;remote;manual"
-        ]
-    or
-    // All Context#parse methods that return a Promise are remote flow sources.
-    row =
-      ["ratpack.handling;", "ratpack.core.handling;"] + "Context;true;parse;" +
-        [
-          "(java.lang.Class);", "(com.google.common.reflect.TypeToken);",
-          "(java.lang.Class,java.lang.Object);",
-          "(com.google.common.reflect.TypeToken,java.lang.Object);", "(ratpack.core.parse.Parse);",
-          "(ratpack.parse.Parse);"
-        ] + ";ReturnValue;remote;manual"
-  }
-}
-
-/**
- * Ratpack methods that propagate user-supplied request data as tainted.
- */
-private class RatpackModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      ["ratpack.http;", "ratpack.core.http;"] +
-        [
-          "TypedData;true;getBuffer;;;Argument[-1];ReturnValue;taint;manual",
-          "TypedData;true;getBytes;;;Argument[-1];ReturnValue;taint;manual",
-          "TypedData;true;getContentType;;;Argument[-1];ReturnValue;taint;manual",
-          "TypedData;true;getInputStream;;;Argument[-1];ReturnValue;taint;manual",
-          "TypedData;true;getText;;;Argument[-1];ReturnValue;taint;manual",
-          "TypedData;true;writeTo;;;Argument[-1];Argument[0];taint;manual",
-          "Headers;true;get;;;Argument[-1];ReturnValue;taint;manual",
-          "Headers;true;getAll;;;Argument[-1];ReturnValue;taint;manual",
-          "Headers;true;getNames;;;Argument[-1];ReturnValue;taint;manual",
-          "Headers;true;asMultiValueMap;;;Argument[-1];ReturnValue;taint;manual"
-        ]
-    or
-    row =
-      ["ratpack.form;", "ratpack.core.form;"] +
-        [
-          "UploadedFile;true;getFileName;;;Argument[-1];ReturnValue;taint;manual",
-          "Form;true;file;;;Argument[-1];ReturnValue;taint;manual",
-          "Form;true;files;;;Argument[-1];ReturnValue;taint;manual"
-        ]
-    or
-    row =
-      ["ratpack.handling;", "ratpack.core.handling;"] +
-        [
-          "Context;true;parse;(ratpack.http.TypedData,ratpack.parse.Parse);;Argument[0];ReturnValue;taint;manual",
-          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue;taint;manual",
-          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue.MapKey;taint;manual",
-          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue.MapValue;taint;manual"
-        ]
-    or
-    row =
-      ["ratpack.util;", "ratpack.func;"] +
-        [
-          "MultiValueMap;true;getAll;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          "MultiValueMap;true;getAll;();;Argument[-1].MapValue;ReturnValue.MapValue.Element;value;manual",
-          "MultiValueMap;true;getAll;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual",
-          "MultiValueMap;true;asMultimap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-          "MultiValueMap;true;asMultimap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual"
-        ]
-    or
-    exists(string left, string right |
-      left = "Field[ratpack.func.Pair.left]" and
-      right = "Field[ratpack.func.Pair.right]"
-    |
-      row =
-        ["ratpack.util;", "ratpack.func;"] + "Pair;true;" +
-          [
-            "of;;;Argument[0];ReturnValue." + left + ";value;manual",
-            "of;;;Argument[1];ReturnValue." + right + ";value;manual",
-            "pair;;;Argument[0];ReturnValue." + left + ";value;manual",
-            "pair;;;Argument[1];ReturnValue." + right + ";value;manual",
-            "left;();;Argument[-1]." + left + ";ReturnValue;value;manual",
-            "right;();;Argument[-1]." + right + ";ReturnValue;value;manual",
-            "getLeft;;;Argument[-1]." + left + ";ReturnValue;value;manual",
-            "getRight;;;Argument[-1]." + right + ";ReturnValue;value;manual",
-            "left;(Object);;Argument[0];ReturnValue." + left + ";value;manual",
-            "left;(Object);;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual",
-            "right;(Object);;Argument[0];ReturnValue." + right + ";value;manual",
-            "right;(Object);;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual",
-            "pushLeft;(Object);;Argument[-1];ReturnValue." + right + ";value;manual",
-            "pushRight;(Object);;Argument[-1];ReturnValue." + left + ";value;manual",
-            "pushLeft;(Object);;Argument[0];ReturnValue." + left + ";value;manual",
-            "pushRight;(Object);;Argument[0];ReturnValue." + right + ";value;manual",
-            // `nestLeft` Pair<A, B>.nestLeft(C) -> Pair<Pair<C, A>, B>
-            "nestLeft;(Object);;Argument[0];ReturnValue." + left + "." + left + ";value;manual",
-            "nestLeft;(Object);;Argument[-1]." + left + ";ReturnValue." + left + "." + right +
-              ";value;manual",
-            "nestLeft;(Object);;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual",
-            // `nestRight` Pair<A, B>.nestRight(C) -> Pair<A, Pair<C, B>>
-            "nestRight;(Object);;Argument[0];ReturnValue." + right + "." + left + ";value;manual",
-            "nestRight;(Object);;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual",
-            "nestRight;(Object);;Argument[-1]." + right + ";ReturnValue." + right + "." + right +
-              ";value;manual",
-            // `mapLeft` & `mapRight` map over their respective fields
-            "mapLeft;;;Argument[-1]." + left + ";Argument[0].Parameter[0];value;manual",
-            "mapLeft;;;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual",
-            "mapRight;;;Argument[-1]." + right + ";Argument[0].Parameter[0];value;manual",
-            "mapRight;;;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual",
-            "mapLeft;;;Argument[0].ReturnValue;ReturnValue." + left + ";value;manual",
-            "mapRight;;;Argument[0].ReturnValue;ReturnValue." + right + ";value;manual",
-            // `map` maps over the `Pair`
-            "map;;;Argument[-1];Argument[0].Parameter[0];value;manual",
-            "map;;;Argument[0].ReturnValue;ReturnValue;value;manual"
-          ]
-    )
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll b/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll
index 8f619d4a104..7efa72c3164 100644
--- a/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll
@@ -5,103 +5,6 @@
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
-
-/**
- * Model for Ratpack `Promise` methods.
- */
-private class RatpackExecModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    //"namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-    row =
-      "ratpack.exec;Promise;true;" +
-        [
-          // `Promise` creation methods
-          "value;;;Argument[0];ReturnValue.Element;value;manual",
-          "flatten;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual",
-          "sync;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-          // `Promise` value transformation methods
-          "map;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "map;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-          "blockingMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "blockingMap;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual",
-          "mapError;;;Argument[1].ReturnValue;ReturnValue.Element;value;manual",
-          // `apply` passes the qualifier to the function as the first argument
-          "apply;;;Argument[-1].Element;Argument[0].Parameter[0].Element;value;manual",
-          "apply;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual",
-          // `Promise` termination method
-          "then;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          // 'next' accesses qualifier the 'Promise' value and also returns the qualifier
-          "next;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "nextOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "flatOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          // `nextOpIf` accesses qualifier the 'Promise' value and also returns the qualifier
-          "nextOpIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "nextOpIf;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual",
-          // 'cacheIf' accesses qualifier the 'Promise' value and also returns the qualifier
-          "cacheIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          // 'route' accesses qualifier the 'Promise' value, and conditionally returns the qualifier or
-          // the result of the second argument
-          "route;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "route;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual",
-          "route;;;Argument[-1];ReturnValue;value;manual",
-          // `flatMap` type methods return their returned `Promise`
-          "flatMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "flatMap;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual",
-          "flatMapError;;;Argument[1].ReturnValue.Element;ReturnValue.Element;value;manual",
-          // `blockingOp` passes the value to the argument
-          "blockingOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          // `replace` returns the passed `Promise`
-          "replace;;;Argument[0].Element;ReturnValue.Element;value;manual",
-          // `mapIf` methods conditionally map their values, or return themselves
-          "mapIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-          "mapIf;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual",
-          "mapIf;;;Argument[-1].Element;Argument[2].Parameter[0];value;manual",
-          "mapIf;;;Argument[1].ReturnValue;ReturnValue.Element;value;manual",
-          "mapIf;;;Argument[2].ReturnValue;ReturnValue.Element;value;manual",
-          // `wiretap` wraps the qualifier `Promise` value in a `Result` and passes it to the argument
-          "wiretap;;;Argument[-1].Element;Argument[0].Parameter[0].Element;value;manual"
-        ]
-    or
-    exists(string left, string right |
-      left = "Field[ratpack.func.Pair.left]" and
-      right = "Field[ratpack.func.Pair.right]"
-    |
-      row =
-        "ratpack.exec;Promise;true;" +
-          [
-            // `left`, `right`, `flatLeft`, `flatRight` all pass the qualifier `Promise` element as the other `Pair` field
-            "left;;;Argument[-1].Element;ReturnValue.Element." + right + ";value;manual",
-            "right;;;Argument[-1].Element;ReturnValue.Element." + left + ";value;manual",
-            "flatLeft;;;Argument[-1].Element;ReturnValue.Element." + right + ";value;manual",
-            "flatRight;;;Argument[-1].Element;ReturnValue.Element." + left + ";value;manual",
-            // `left` and `right` taking a `Promise` create a `Promise` of the `Pair`
-            "left;(Promise);;Argument[0].Element;ReturnValue.Element." + left + ";value;manual",
-            "right;(Promise);;Argument[0].Element;ReturnValue.Element." + right + ";value;manual",
-            // `left` and `right` taking a `Function` pass the qualifier element then create a `Pair` with the returned value
-            "left;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-            "flatLeft;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-            "right;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-            "flatRight;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual",
-            "left;(Function);;Argument[0].ReturnValue;ReturnValue.Element." + left + ";value;manual",
-            "flatLeft;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element." + left +
-              ";value;manual",
-            "right;(Function);;Argument[0].ReturnValue;ReturnValue.Element." + right +
-              ";value;manual",
-            "flatRight;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element." + right +
-              ";value;manual"
-          ]
-    )
-    or
-    row =
-      "ratpack.exec;Result;true;" +
-        [
-          "success;;;Argument[0];ReturnValue.Element;value;manual",
-          "getValue;;;Argument[-1].Element;ReturnValue;value;manual",
-          "getValueOrThrow;;;Argument[-1].Element;ReturnValue;value;manual"
-        ]
-  }
-}
 
 /** A reference type that extends a parameterization the Promise type. */
 private class RatpackPromise extends RefType {
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
index fd3008e5f00..2b09288610e 100644
--- a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
@@ -6,14 +6,10 @@ import semmle.code.java.frameworks.spring.SpringAttribute
 import semmle.code.java.frameworks.spring.SpringAutowire
 import semmle.code.java.frameworks.spring.SpringBean
 import semmle.code.java.frameworks.spring.SpringBeanFile
-import semmle.code.java.frameworks.spring.SpringBeans
 import semmle.code.java.frameworks.spring.SpringBeanRefType
-import semmle.code.java.frameworks.spring.SpringCache
-import semmle.code.java.frameworks.spring.SpringContext
 import semmle.code.java.frameworks.spring.SpringComponentScan
 import semmle.code.java.frameworks.spring.SpringConstructorArg
 import semmle.code.java.frameworks.spring.SpringController
-import semmle.code.java.frameworks.spring.SpringData
 import semmle.code.java.frameworks.spring.SpringDescription
 import semmle.code.java.frameworks.spring.SpringEntry
 import semmle.code.java.frameworks.spring.SpringFlex
@@ -36,12 +32,7 @@ import semmle.code.java.frameworks.spring.SpringQualifier
 import semmle.code.java.frameworks.spring.SpringRef
 import semmle.code.java.frameworks.spring.SpringReplacedMethod
 import semmle.code.java.frameworks.spring.SpringSet
-import semmle.code.java.frameworks.spring.SpringUi
-import semmle.code.java.frameworks.spring.SpringUtil
-import semmle.code.java.frameworks.spring.SpringValidation
 import semmle.code.java.frameworks.spring.SpringValue
-import semmle.code.java.frameworks.spring.SpringWebMultipart
-import semmle.code.java.frameworks.spring.SpringWebUtil
 import semmle.code.java.frameworks.spring.SpringXMLElement
 import semmle.code.java.frameworks.spring.metrics.MetricSpringBean
 import semmle.code.java.frameworks.spring.metrics.MetricSpringBeanFile
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll
deleted file mode 100644
index 63671f21855..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Provides classes and predicates for working with Spring classes and interfaces from
- * `org.springframework.beans`.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-/**
- * Provides models for the `org.springframework.beans` package.
- */
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.beans;PropertyValue;false;PropertyValue;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.beans;PropertyValue;false;PropertyValue;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue);;Argument[0];Argument[-1];value;manual",
-        "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue,Object);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.beans;PropertyValue;false;getName;;;Argument[-1].MapKey;ReturnValue;value;manual",
-        "org.springframework.beans;PropertyValue;false;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.beans;PropertyValues;true;getPropertyValue;;;Argument[-1].Element;ReturnValue;value;manual",
-        "org.springframework.beans;PropertyValues;true;getPropertyValues;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(List);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(Map);;Argument[0].MapKey;Argument[-1].Element.MapKey;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(Map);;Argument[0].MapValue;Argument[-1].Element.MapValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(PropertyValues);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[0];Argument[-1].Element.MapKey;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[1];Argument[-1].Element.MapValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(PropertyValue);;Argument[0];Argument[-1].Element;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(PropertyValue);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(String,Object);;Argument[0];Argument[-1].Element.MapKey;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(String,Object);;Argument[1];Argument[-1].Element.MapValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[0].MapKey;Argument[-1].Element.MapKey;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[0].MapValue;Argument[-1].Element.MapValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(PropertyValues);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(PropertyValues);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;get;;;Argument[-1].Element.MapValue;ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;getPropertyValue;;;Argument[-1].Element;ReturnValue;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;getPropertyValueList;;;Argument[-1].Element;ReturnValue.Element;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;getPropertyValues;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.beans;MutablePropertyValues;true;setPropertyValueAt;;;Argument[0];Argument[-1].Element;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll
deleted file mode 100644
index 007ce0d9d71..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Provides models for the `org.springframework.cache` package.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.cache;Cache$ValueRetrievalException;false;ValueRetrievalException;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.cache;Cache$ValueRetrievalException;false;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual",
-        "org.springframework.cache;Cache$ValueWrapper;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.cache;Cache;true;get;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.cache;Cache;true;get;(Object,Callable);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.cache;Cache;true;get;(Object,Class);;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.cache;Cache;true;getNativeCache;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.cache;Cache;true;getNativeCache;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.cache;Cache;true;put;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.cache;Cache;true;put;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll
deleted file mode 100644
index 3860a5457cd..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll
+++ /dev/null
@@ -1,18 +0,0 @@
-/**
- * Provides models for the `org.springframework.context` package.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class StringSummaryCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "org.springframework.context;MessageSource;true;getMessage;(String,Object[],String,Locale);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.context;MessageSource;true;getMessage;(String,Object[],String,Locale);;Argument[2];ReturnValue;taint;manual",
-        "org.springframework.context;MessageSource;true;getMessage;(String,Object[],Locale);;Argument[1].ArrayElement;ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll
deleted file mode 100644
index 52c8579b4c7..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Provides classes and predicates for working with Spring classes and interfaces from
- * `org.springframework.data`.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-/**
- * Provides models for the `org.springframework.data` package.
- */
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      "org.springframework.data.repository;CrudRepository;true;save;;;Argument[0];ReturnValue;value;manual"
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll
index 2114b4fcc75..4e91c1f18a2 100644
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll
@@ -4,7 +4,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.frameworks.spring.SpringController
 private import semmle.code.java.security.XSS as XSS
@@ -43,107 +42,6 @@ class SpringHttpHeaders extends Class {
   SpringHttpHeaders() { this.hasQualifiedName("org.springframework.http", "HttpHeaders") }
 }
 
-private class UrlOpenSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.http;RequestEntity;false;get;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;post;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;head;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;delete;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;options;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;patch;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;put;;;Argument[0];open-url;manual",
-        "org.springframework.http;RequestEntity;false;method;;;Argument[1];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(HttpMethod,URI);;Argument[1];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(MultiValueMap,HttpMethod,URI);;Argument[2];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(Object,HttpMethod,URI);;Argument[2];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(Object,HttpMethod,URI,Type);;Argument[2];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(Object,MultiValueMap,HttpMethod,URI);;Argument[3];open-url;manual",
-        "org.springframework.http;RequestEntity;false;RequestEntity;(Object,MultiValueMap,HttpMethod,URI,Type);;Argument[3];open-url;manual"
-      ]
-  }
-}
-
-private class SpringHttpFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(Object);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[1].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[1].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;HttpEntity;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;HttpEntity;true;getBody;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpEntity;true;getHeaders;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,HttpStatus);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[1].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[1].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(MultiValueMap,HttpStatus);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(MultiValueMap,HttpStatus);;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[1].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[1].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity;true;of;(Optional);;Argument[0].Element;ReturnValue;taint;manual",
-        "org.springframework.http;ResponseEntity;true;ok;(Object);;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.http;ResponseEntity;true;created;(URI);;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.http;ResponseEntity$BodyBuilder;true;contentLength;(long);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$BodyBuilder;true;contentType;(MediaType);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$BodyBuilder;true;body;(Object);;Argument[-1..0];ReturnValue;taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;allow;(HttpMethod[]);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;eTag;(String);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;eTag;(String);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(Consumer);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(HttpHeaders);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(HttpHeaders);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;lastModified;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;location;(URI);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;location;(URI);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;varyBy;(String[]);;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.http;ResponseEntity$HeadersBuilder;true;build;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;RequestEntity;true;getUrl;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;HttpHeaders;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;HttpHeaders;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;get;(Object);;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getAccessControlAllowHeaders;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getAccessControlAllowOrigin;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getAccessControlExposeHeaders;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getAccessControlRequestHeaders;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getCacheControl;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getConnection;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getETag;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getETagValuesAsList;(String);;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getFieldValues;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getFirst;(String);;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getIfMatch;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getIfNoneMatch;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getHost;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getLocation;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getOrEmpty;(Object);;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getOrigin;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getPragma;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getUpgrade;();;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getValuesAsList;(String);;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;getVary;();;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.http;HttpHeaders;true;add;(String,String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;set;(String,String);;Argument[0..1];Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;addAll;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;addAll;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;addAll;(String,List);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;addAll;(String,List);;Argument[1].Element;Argument[-1];taint;manual",
-        "org.springframework.http;HttpHeaders;true;formatHeaders;(MultiValueMap);;Argument[0].MapKey;ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;formatHeaders;(MultiValueMap);;Argument[0].MapValue.Element;ReturnValue;taint;manual",
-        "org.springframework.http;HttpHeaders;true;encodeBasicAuth;(String,String,Charset);;Argument[0..1];ReturnValue;taint;manual"
-      ]
-  }
-}
-
 private predicate specifiesContentType(SpringRequestMappingMethod method) {
   exists(method.getAProducesExpr())
 }
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringProfile.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringProfile.qll
index 7f284b0771f..48a2b367990 100644
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringProfile.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringProfile.qll
@@ -73,9 +73,8 @@ abstract class AlwaysEnabledSpringProfile extends string {
  *
  * Includes all `SpringProfile`s that are not specified as always enabled or never enabled.
  */
-class SometimesEnabledSpringProfile extends string {
+class SometimesEnabledSpringProfile extends string instanceof SpringProfile {
   SometimesEnabledSpringProfile() {
-    this instanceof SpringProfile and
     not (
       this instanceof AlwaysEnabledSpringProfile or
       this instanceof NeverEnabledSpringProfile
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll
deleted file mode 100644
index e8ade8aa432..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Provides models for the `org.springframework.ui` package.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.ui;Model;true;addAllAttributes;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;Model;true;addAllAttributes;(Collection);;Argument[0].Element;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;Model;true;addAllAttributes;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;Model;true;addAllAttributes;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;Model;true;addAttribute;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;Model;true;addAttribute;(Object);;Argument[0];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;Model;true;addAttribute;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;Model;true;addAttribute;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;Model;true;asMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.ui;Model;true;asMap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.ui;Model;true;getAttribute;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.ui;Model;true;mergeAttributes;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;Model;true;mergeAttributes;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;Model;true;mergeAttributes;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;ModelMap;(Object);;Argument[0];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;ModelMap;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;ModelMap;false;ModelMap;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAllAttributes;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAllAttributes;(Collection);;Argument[0].Element;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAllAttributes;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;ModelMap;false;addAllAttributes;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAttribute;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAttribute;(Object);;Argument[0];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;addAttribute;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;ModelMap;false;addAttribute;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ModelMap;false;getAttribute;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(Object);;Argument[0];Argument[-1].MapValue;value;manual",
-        "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll
deleted file mode 100644
index 7c78c6b7afc..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * Provides models for the `org.springframework.util` package.
- */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.util;AntPathMatcher;false;combine;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[1];Argument[3].MapValue;taint;manual",
-        "org.springframework.util;AntPathMatcher;false;extractPathWithinPattern;;;Argument[1];ReturnValue;taint;manual",
-        "org.springframework.util;AntPathMatcher;false;extractUriTemplateVariables;;;Argument[1];ReturnValue.MapValue;taint;manual",
-        "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,java.lang.Class);;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.util;Base64Utils;false;decode;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;decodeFromString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;decodeFromUrlSafeString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;decodeUrlSafe;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;encode;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;encodeToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;encodeToUrlSafeString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;Base64Utils;false;encodeUrlSafe;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;CollectionUtils;false;arrayToList;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual",
-        "org.springframework.util;CollectionUtils;false;findFirstMatch;;;Argument[0].Element;ReturnValue;value;manual",
-        "org.springframework.util;CollectionUtils;false;findValueOfType;;;Argument[0].Element;ReturnValue;value;manual",
-        "org.springframework.util;CollectionUtils;false;firstElement;;;Argument[0].Element;ReturnValue;value;manual",
-        "org.springframework.util;CollectionUtils;false;lastElement;;;Argument[0].Element;ReturnValue;value;manual",
-        "org.springframework.util;CollectionUtils;false;mergeArrayIntoCollection;;;Argument[0].ArrayElement;Argument[1].Element;value;manual",
-        "org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;Argument[0].MapKey;Argument[1].MapKey;value;manual",
-        "org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;Argument[0].MapValue;Argument[1].MapValue;value;manual",
-        "org.springframework.util;CollectionUtils;false;toArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;CollectionUtils;false;toIterator;;;Argument[0].Element;ReturnValue.Element;value;manual",
-        "org.springframework.util;CollectionUtils;false;toMultiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;CollectionUtils;false;toMultiValueMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual",
-        "org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.util;CompositeIterator;false;add;;;Argument[0].Element;Argument[-1].Element;value;manual",
-        "org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.util;FastByteArrayOutputStream;false;getInputStream;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.util;FastByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.util;FastByteArrayOutputStream;false;write;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.util;FastByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual",
-        "org.springframework.util;FileCopyUtils;false;copy;;;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;FileCopyUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;FileCopyUtils;false;copyToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;FileSystemUtils;false;copyRecursively;(java.io.File,java.io.File);;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
-        "org.springframework.util;MultiValueMap;true;add;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;add;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;getFirst;;;Argument[-1].MapValue.Element;ReturnValue;value;manual",
-        "org.springframework.util;MultiValueMap;true;set;;;Argument[0];Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;set;;;Argument[1];Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;setAll;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;setAll;;;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;MultiValueMap;true;toSingleValueMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.util;MultiValueMap;true;toSingleValueMap;;;Argument[-1].MapValue.Element;ReturnValue.MapValue;value;manual",
-        "org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
-        "org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual",
-        "org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;ObjectUtils;false;toObjectArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;ObjectUtils;false;unwrapOptional;;;Argument[0].Element;ReturnValue;value;manual",
-        "org.springframework.util;PropertiesPersister;true;load;;;Argument[1];Argument[0];taint;manual",
-        "org.springframework.util;PropertiesPersister;true;loadFromXml;;;Argument[1];Argument[0];taint;manual",
-        "org.springframework.util;PropertiesPersister;true;store;;;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;PropertiesPersister;true;store;;;Argument[2];Argument[1];taint;manual",
-        "org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[2];Argument[1];taint;manual",
-        "org.springframework.util;PropertyPlaceholderHelper;false;PropertyPlaceholderHelper;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.springframework.util;PropertyPlaceholderHelper;false;parseStringValue;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;(java.lang.String,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.springframework.util;ResourceUtils;false;extractArchiveURL;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;ResourceUtils;false;extractJarFileURL;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;ResourceUtils;false;getFile;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;ResourceUtils;false;getURL;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;ResourceUtils;false;toURI;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;RouteMatcher;true;combine;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[0];ReturnValue.MapKey;taint;manual",
-        "org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[1];ReturnValue.MapValue;taint;manual",
-        "org.springframework.util;RouteMatcher;true;parseRoute;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;SerializationUtils;false;deserialize;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;SerializationUtils;false;serialize;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StreamUtils;false;copy;(byte[],java.io.OutputStream);;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;StreamUtils;false;copy;(java.io.InputStream,java.io.OutputStream);;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;StreamUtils;false;copy;(java.lang.String,java.nio.charset.Charset,java.io.OutputStream);;Argument[0];Argument[2];taint;manual",
-        "org.springframework.util;StreamUtils;false;copyRange;;;Argument[0];Argument[1];taint;manual",
-        "org.springframework.util;StreamUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StreamUtils;false;copyToString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;addStringToArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;addStringToArray;;;Argument[1];ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;applyRelativePath;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;arrayToCommaDelimitedString;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[1];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;cleanPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;collectionToCommaDelimitedString;;;Argument[0].Element;ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[0].Element;ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[1..3];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;commaDelimitedListToSet;;;Argument[0];ReturnValue.Element;taint;manual",
-        "org.springframework.util;StringUtils;false;commaDelimitedListToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;concatenateStringArrays;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;delete;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;deleteAny;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;delimitedListToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;getFilename;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;getFilenameExtension;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;mergeStringArrays;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;quote;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;quoteIfString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;removeDuplicateStrings;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;replace;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;replace;;;Argument[2];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;sortStringArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;split;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;Argument[0].ArrayElement;ReturnValue.MapKey;taint;manual",
-        "org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;Argument[0].ArrayElement;ReturnValue.MapValue;taint;manual",
-        "org.springframework.util;StringUtils;false;stripFilenameExtension;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;tokenizeToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;toStringArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual",
-        "org.springframework.util;StringUtils;false;trimAllWhitespace;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;trimArrayElements;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.util;StringUtils;false;trimLeadingCharacter;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;trimLeadingWhitespace;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;trimTrailingCharacter;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;trimTrailingWhitespace;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;trimWhitespace;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;unqualify;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringUtils;false;uriDecode;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;StringValueResolver;false;resolveStringValue;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.util;SystemPropertyUtils;false;resolvePlaceholders;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll
deleted file mode 100644
index 2dcf184de84..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll
+++ /dev/null
@@ -1,25 +0,0 @@
-/** Definitions of flow steps through utility methods of `org.springframework.validation.Errors`. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class SpringValidationErrorModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.validation;Errors;true;addAllErrors;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;getAllErrors;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.validation;Errors;true;getFieldError;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.validation;Errors;true;getFieldErrors;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.validation;Errors;true;getGlobalError;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.validation;Errors;true;getGlobalErrors;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.validation;Errors;true;reject;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;reject;;;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;reject;;;Argument[2];Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;rejectValue;;;Argument[1];Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;rejectValue;;;Argument[3];Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.Object[],java.lang.String);;Argument[2].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];Argument[-1];taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
index 9744c323e36..3a8d4bb084a 100644
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
@@ -4,7 +4,6 @@
 
 import java
 import SpringHttp
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `org.springframework.web.client.RestTemplate`. */
 class SpringRestTemplate extends Class {
@@ -28,26 +27,3 @@ class SpringWebClient extends Interface {
     this.hasQualifiedName("org.springframework.web.reactive.function.client", "WebClient")
   }
 }
-
-private class UrlOpenSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.web.client;RestTemplate;false;delete;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;doExecute;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;exchange;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;execute;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;getForEntity;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;getForObject;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;headForHeaders;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;optionsForAllow;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;patchForObject;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;postForEntity;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;postForLocation;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;postForObject;;;Argument[0];open-url;manual",
-        "org.springframework.web.client;RestTemplate;false;put;;;Argument[0];open-url;manual",
-        "org.springframework.web.reactive.function.client;WebClient;false;create;;;Argument[0];open-url;manual",
-        "org.springframework.web.reactive.function.client;WebClient$Builder;false;baseUrl;;;Argument[0];open-url;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll
deleted file mode 100644
index 43acaceda76..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll
+++ /dev/null
@@ -1,25 +0,0 @@
-/** Provides models of taint flow in `org.springframework.web.multipart` */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.web.multipart;MultipartFile;true;getBytes;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getInputStream;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getName;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartFile;true;getResource;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartHttpServletRequest;true;getMultipartHeaders;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartHttpServletRequest;true;getRequestHeaders;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFile;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFileMap;;;Argument[-1];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFileNames;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getFiles;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;;;Argument[-1];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.multipart;MultipartResolver;true;resolveMultipart;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll
deleted file mode 100644
index 4f855eedbae..00000000000
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll
+++ /dev/null
@@ -1,176 +0,0 @@
-/** Provides models of taint flow in `org.springframework.web.util` */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class FlowSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.web.util;UriBuilder;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriBuilder;true;build;(Map);;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;build;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriBuilder;true;build;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriBuilder;true;fragment;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;fragment;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;host;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;host;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;path;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;path;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;pathSegment;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;pathSegment;;;Argument[0].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;port;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;port;(java.lang.String);;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;query;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;query;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParam;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParam;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParam;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParam;(String,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[1].Element;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replacePath;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;replacePath;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQuery;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQuery;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParam;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParam;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParam;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParam;(String,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[0].MapKey;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[0].MapValue.Element;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;scheme;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;scheme;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilder;true;userInfo;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriBuilder;true;userInfo;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriBuilderFactory;true;builder;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriBuilderFactory;true;uriString;;;Argument[-1..0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents$UriTemplateVariables;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual",
-        "org.springframework.web.util;UriTemplateHandler;true;expand;;;Argument[-1..0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriTemplateHandler;true;expand;(String,Map);;Argument[1].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriTemplateHandler;true;expand;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.web.util;AbstractUriTemplateHandler;true;getBaseUrl;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;AbstractUriTemplateHandler;true;setBaseUrl;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;AbstractUriTemplateHandler;true;setDefaultUriVariables;;;Argument[0];Argument[-1];taint;manual",
-        // writing to a `Request` or `Response` currently doesn't propagate taint to the object itself.
-        "org.springframework.web.util;ContentCachingRequestWrapper;false;ContentCachingRequestWrapper;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;ContentCachingRequestWrapper;false;getContentAsByteArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;ContentCachingResponseWrapper;false;ContentCachingResponseWrapper;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;ContentCachingResponseWrapper;false;getContentAsByteArray;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;ContentCachingResponseWrapper;false;getContentInputStream;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;DefaultUriBuilderFactory;false;DefaultUriBuilderFactory;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;DefaultUriBuilderFactory;false;builder;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;DefaultUriBuilderFactory;false;getDefaultUriVariables;;;Argument[-1];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;DefaultUriBuilderFactory;false;setDefaultUriVariables;;;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.springframework.web.util;DefaultUriBuilderFactory;false;uriString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;HtmlUtils;false;htmlUnescape;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletContextPropertyUtils;false;resolvePlaceholders;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletRequestPathUtils;false;getCachedPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletRequestPathUtils;false;getCachedPathValue;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletRequestPathUtils;false;getParsedRequestPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletRequestPathUtils;false;parseAndCache;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;ServletRequestPathUtils;false;setParsedRequestPath;;;Argument[0];Argument[1];taint;manual",
-        "org.springframework.web.util;UriComponents;false;UriComponents;;;Argument[0..1];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriComponents;false;copyToUriComponentsBuilder;;;Argument[-1];Argument[0];taint;manual",
-        "org.springframework.web.util;UriComponents;false;encode;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;expand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;expand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;expand;(UriTemplateVariables);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getFragment;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getHost;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getPath;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getPathSegments;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getQuery;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getQueryParams;;;Argument[-1];ReturnValue.MapKey;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getQueryParams;;;Argument[-1];ReturnValue.MapValue.Element;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getScheme;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;getUserInfo;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;toUri;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;toUriString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponents;false;normalize;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;buildAndExpand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;buildAndExpand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;cloneBuilder;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;encode;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromHttpRequest;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromHttpUrl;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromOriginHeader;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromUri;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;fromUriString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;parseForwardedFor;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;schemeSpecificPart;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;schemeSpecificPart;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;toUriString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uri;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uri;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uriComponents;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uriComponents;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uriVariables;;;Argument[-1];ReturnValue;value;manual",
-        "org.springframework.web.util;UriComponentsBuilder;false;uriVariables;;;Argument[0].MapValue;Argument[-1];taint;manual",
-        "org.springframework.web.util;UriTemplate;false;expand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriTemplate;false;expand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual",
-        "org.springframework.web.util;UriTemplate;false;getVariableNames;;;Argument[-1];ReturnValue.Element;taint;manual",
-        "org.springframework.web.util;UriTemplate;false;match;;;Argument[0];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;UriTemplate;false;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;decode;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encode;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeAuthority;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeFragment;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeHost;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodePath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodePathSegment;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodePort;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeQuery;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeQueryParam;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeQueryParams;;;Argument[0].MapKey;ReturnValue.MapKey;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeQueryParams;;;Argument[0].MapValue;ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeScheme;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Map);;Argument[0].MapValue;ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Map);;Argument[0].MapKey;ReturnValue.MapKey;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Object[]);;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual",
-        "org.springframework.web.util;UriUtils;false;encodeUserInfo;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UriUtils;false;extractFileExtension;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;decodeMatrixVariables;;;Argument[1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.web.util;UrlPathHelper;false;decodeMatrixVariables;;;Argument[1].MapValue;ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;decodePathVariables;;;Argument[1].MapKey;ReturnValue.MapKey;value;manual",
-        "org.springframework.web.util;UrlPathHelper;false;decodePathVariables;;;Argument[1].MapValue;ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;decodeRequestString;;;Argument[1];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getContextPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getOriginatingContextPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getOriginatingQueryString;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getOriginatingRequestUri;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getPathWithinApplication;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getPathWithinServletMapping;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getRequestUri;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getResolvedLookupPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;getServletPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;removeSemicolonContent;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;UrlPathHelper;false;resolveAndCacheLookupPath;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;findParameterValue;(Map,String);;Argument[0].MapValue;ReturnValue;value;manual",
-        "org.springframework.web.util;WebUtils;false;findParameterValue;(ServletRequest,String);;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getCookie;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getNativeRequest;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getNativeResponse;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getParametersStartingWith;;;Argument[0];ReturnValue.MapKey;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getParametersStartingWith;;;Argument[0];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getRealPath;;;Argument[0..1];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getRequiredSessionAttribute;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;getSessionAttribute;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];ReturnValue.MapKey;taint;manual",
-        "org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];ReturnValue.MapValue;taint;manual",
-        "org.springframework.web.util;WebUtils;false;setSessionAttribute;;;Argument[2];Argument[0];taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll
index 8936de5a923..5a913ccdef8 100644
--- a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll
@@ -6,7 +6,6 @@ import java
 import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.DataFlow2
-private import RegexFlowModels
 private import semmle.code.java.security.SecurityTests
 
 private class ExploitableStringLiteral extends StringLiteral {
diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll
deleted file mode 100644
index de0b5465fe4..00000000000
--- a/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll
+++ /dev/null
@@ -1,32 +0,0 @@
-/** Definitions of data flow steps for determining flow of regular expressions. */
-
-import java
-import semmle.code.java.dataflow.ExternalFlow
-
-private class RegexSinkCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"namespace;type;subtypes;name;signature;ext;input;kind"
-        "java.util.regex;Matcher;false;matches;();;Argument[-1];regex-use[f];manual",
-        "java.util.regex;Pattern;false;asMatchPredicate;();;Argument[-1];regex-use[f];manual",
-        "java.util.regex;Pattern;false;compile;(String);;Argument[0];regex-use[];manual",
-        "java.util.regex;Pattern;false;compile;(String,int);;Argument[0];regex-use[];manual",
-        "java.util.regex;Pattern;false;matcher;(CharSequence);;Argument[-1];regex-use[0];manual",
-        "java.util.regex;Pattern;false;matches;(String,CharSequence);;Argument[0];regex-use[f1];manual",
-        "java.util.regex;Pattern;false;split;(CharSequence);;Argument[-1];regex-use[0];manual",
-        "java.util.regex;Pattern;false;split;(CharSequence,int);;Argument[-1];regex-use[0];manual",
-        "java.util.regex;Pattern;false;splitAsStream;(CharSequence);;Argument[-1];regex-use[0];manual",
-        "java.util.function;Predicate;false;test;(Object);;Argument[-1];regex-use[0];manual",
-        "java.lang;String;false;matches;(String);;Argument[0];regex-use[f-1];manual",
-        "java.lang;String;false;split;(String);;Argument[0];regex-use[-1];manual",
-        "java.lang;String;false;split;(String,int);;Argument[0];regex-use[-1];manual",
-        "java.lang;String;false;replaceAll;(String,String);;Argument[0];regex-use[-1];manual",
-        "java.lang;String;false;replaceFirst;(String,String);;Argument[0];regex-use[-1];manual",
-        "com.google.common.base;Splitter;false;onPattern;(String);;Argument[0];regex-use[];manual",
-        "com.google.common.base;Splitter;false;split;(CharSequence);;Argument[-1];regex-use[0];manual",
-        "com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[-1];regex-use[0];manual",
-        "com.google.common.base;Splitter$MapSplitter;false;split;(CharSequence);;Argument[-1];regex-use[0];manual",
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
index 14663327103..cb770ffe48a 100644
--- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
@@ -1,7 +1,19 @@
 /** Provides a class hierarchy corresponding to a parse tree of regular expressions. */
 
-private import java
-private import semmle.code.java.regex.regex
+private import semmle.code.java.regex.regex as RE // importing under a namescape to avoid naming conflict for `Top`.
+private import codeql.regex.nfa.NfaUtils as NfaUtils
+// exporting as RegexTreeView, and in the top-level scope.
+import Impl as RegexTreeView
+import Impl
+
+/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
+RegExpTerm getParsedRegExp(RE::StringLiteral re) { result.getRegex() = re and result.isRootTerm() }
+
+private class Regex = RE::Regex;
+
+private class Location = RE::Location;
+
+private class File = RE::File;
 
 /**
  * An element containing a regular expression term, that is, either
@@ -49,1038 +61,1153 @@ private newtype TRegExpParent =
   /** A back reference */
   TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) }
 
-/**
- * An element containing a regular expression term, that is, either
- * a string literal (parsed as a regular expression; the root of the parse tree)
- * or another regular expression term (a descendant of the root).
- */
-class RegExpParent extends TRegExpParent {
-  /** Gets a textual representation of this element. */
-  string toString() { result = "RegExpParent" }
+private import codeql.regex.RegexTreeView
 
-  /** Gets the `i`th child term. */
-  RegExpTerm getChild(int i) { none() }
+/** An implementation that statisfies the RegexTreeView signature. */
+module Impl implements RegexTreeViewSig {
+  /**
+   * An element containing a regular expression term, that is, either
+   * a string literal (parsed as a regular expression; the root of the parse tree)
+   * or another regular expression term (a descendant of the root).
+   */
+  class RegExpParent extends TRegExpParent {
+    /** Gets a textual representation of this element. */
+    string toString() { result = "RegExpParent" }
 
-  /** Gets a child term . */
-  RegExpTerm getAChild() { result = this.getChild(_) }
+    /** Gets the `i`th child term. */
+    RegExpTerm getChild(int i) { none() }
 
-  /** Gets the number of child terms. */
-  int getNumChild() { result = count(this.getAChild()) }
+    /** Gets a child term . */
+    RegExpTerm getAChild() { result = this.getChild(_) }
 
-  /** Gets the associated regex. */
-  abstract Regex getRegex();
-}
+    /** Gets the number of child terms. */
+    int getNumChild() { result = count(this.getAChild()) }
 
-/**
- * A string literal used as a regular expression.
- *
- * As an optimisation, only regexes containing an infinite repitition quatifier (`+`, `*`, or `{x,}`)
- * and therefore may be relevant for ReDoS queries are considered.
- */
-class RegExpLiteral extends TRegExpLiteral, RegExpParent {
-  Regex re;
+    /** Gets the associated regex. */
+    abstract Regex getRegex();
 
-  RegExpLiteral() { this = TRegExpLiteral(re) }
-
-  override string toString() { result = re.toString() }
-
-  override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() }
-
-  /** Holds if dot, `.`, matches all characters, including newlines. */
-  predicate isDotAll() { re.getAMode() = "DOTALL" }
-
-  /** Holds if this regex matching is case-insensitive for this regex. */
-  predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" }
-
-  /** Get a string representing all modes for this regex. */
-  string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") }
-
-  override Regex getRegex() { result = re }
-
-  /** Gets the primary QL class for this regex. */
-  string getPrimaryQLClass() { result = "RegExpLiteral" }
-}
-
-/**
- * A regular expression term, that is, a syntactic part of a regular expression.
- * These are the tree nodes that form the parse tree of a regular expression literal.
- */
-class RegExpTerm extends RegExpParent {
-  Regex re;
-  int start;
-  int end;
-
-  RegExpTerm() {
-    this = TRegExpAlt(re, start, end)
-    or
-    this = TRegExpBackRef(re, start, end)
-    or
-    this = TRegExpCharacterClass(re, start, end)
-    or
-    this = TRegExpCharacterRange(re, start, end)
-    or
-    this = TRegExpNormalChar(re, start, end)
-    or
-    this = TRegExpQuote(re, start, end)
-    or
-    this = TRegExpGroup(re, start, end)
-    or
-    this = TRegExpQuantifier(re, start, end)
-    or
-    this = TRegExpSequence(re, start, end)
-    or
-    this = TRegExpSpecialChar(re, start, end)
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
   }
 
   /**
-   * Gets the outermost term of this regular expression.
+   * A string literal used as a regular expression.
+   *
+   * As an optimisation, only regexes containing an infinite repitition quatifier (`+`, `*`, or `{x,}`)
+   * and therefore may be relevant for ReDoS queries are considered.
    */
-  RegExpTerm getRootTerm() {
-    this.isRootTerm() and result = this
-    or
-    result = this.getParent().(RegExpTerm).getRootTerm()
+  class RegExpLiteral extends TRegExpLiteral, RegExpParent {
+    Regex re;
+
+    RegExpLiteral() { this = TRegExpLiteral(re) }
+
+    override string toString() { result = re.toString() }
+
+    override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() }
+
+    /** Holds if dot, `.`, matches all characters, including newlines. */
+    predicate isDotAll() { re.getAMode() = "DOTALL" }
+
+    /** Holds if this regex matching is case-insensitive for this regex. */
+    predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" }
+
+    /** Get a string representing all modes for this regex. */
+    string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") }
+
+    override Regex getRegex() { result = re }
+
+    /** Gets the primary QL class for this regex. */
+    string getPrimaryQLClass() { result = "RegExpLiteral" }
   }
 
   /**
-   * Holds if this term is part of a string literal
-   * that is interpreted as a regular expression.
+   * A regular expression term, that is, a syntactic part of a regular expression.
+   * These are the tree nodes that form the parse tree of a regular expression literal.
    */
-  predicate isUsedAsRegExp() { any() }
+  class RegExpTerm extends RegExpParent {
+    Regex re;
+    int start;
+    int end;
 
-  /**
-   * Holds if this is the root term of a regular expression.
-   */
-  predicate isRootTerm() { start = 0 and end = re.getText().length() }
+    RegExpTerm() {
+      this = TRegExpAlt(re, start, end)
+      or
+      this = TRegExpBackRef(re, start, end)
+      or
+      this = TRegExpCharacterClass(re, start, end)
+      or
+      this = TRegExpCharacterRange(re, start, end)
+      or
+      this = TRegExpNormalChar(re, start, end)
+      or
+      this = TRegExpQuote(re, start, end)
+      or
+      this = TRegExpGroup(re, start, end)
+      or
+      this = TRegExpQuantifier(re, start, end)
+      or
+      this = TRegExpSequence(re, start, end)
+      or
+      this = TRegExpSpecialChar(re, start, end)
+    }
 
-  /**
-   * Gets the parent term of this regular expression term, or the
-   * regular expression literal if this is the root term.
-   */
-  RegExpParent getParent() { result.getAChild() = this }
-
-  override Regex getRegex() { result = re }
-
-  /** Gets the offset at which this term starts. */
-  int getStart() { result = start }
-
-  /** Gets the offset at which this term ends. */
-  int getEnd() { result = end }
-
-  /** Holds if this term occurs in regex `inRe` offsets `startOffset` to `endOffset`. */
-  predicate occursInRegex(Regex inRe, int startOffset, int endOffset) {
-    inRe = re and startOffset = start and endOffset = end
-  }
-
-  override string toString() { result = re.getText().substring(start, end) }
-
-  /**
-   * Gets the location of the surrounding regex, as locations inside the regex do not exist.
-   * To get location information corresponding to the term inside the regex,
-   * use `hasLocationInfo`.
-   */
-  Location getLocation() { result = re.getLocation() }
-
-  /** Holds if this term is found at the specified location offsets. */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    /*
-     * This is an approximation that handles the simple and common case of single,
-     * normal string literal written in the source, but does not give correct results in more complex cases
-     * such as compile-time concatenation, or multi-line string literals.
+    /**
+     * Gets the outermost term of this regular expression.
      */
-
-    exists(int re_start, int re_end, int src_start, int src_end |
-      re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, re_end) and
-      re.sourceCharacter(start, src_start, _) and
-      re.sourceCharacter(end - 1, _, src_end) and
-      startcolumn = re_start + src_start and
-      endcolumn = re_start + src_end - 1
-    )
-  }
-
-  /** Gets the file in which this term is found. */
-  File getFile() { result = this.getLocation().getFile() }
-
-  /** Gets the raw source text of this term. */
-  string getRawValue() { result = this.toString() }
-
-  /** Gets the string literal in which this term is found. */
-  RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
-
-  /** Gets the regular expression term that is matched (textually) before this one, if any. */
-  RegExpTerm getPredecessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).previousElement(this)
+    RegExpTerm getRootTerm() {
+      this.isRootTerm() and result = this
       or
-      not exists(parent.(RegExpSequence).previousElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getPredecessor()
-    )
+      result = this.getParent().(RegExpTerm).getRootTerm()
+    }
+
+    /**
+     * Holds if this term is part of a string literal
+     * that is interpreted as a regular expression.
+     */
+    predicate isUsedAsRegExp() { any() }
+
+    /**
+     * Holds if this is the root term of a regular expression.
+     */
+    predicate isRootTerm() { start = 0 and end = re.getText().length() }
+
+    /**
+     * Gets the parent term of this regular expression term, or the
+     * regular expression literal if this is the root term.
+     */
+    RegExpParent getParent() { result.getAChild() = this }
+
+    override Regex getRegex() { result = re }
+
+    /** Gets the offset at which this term starts. */
+    int getStart() { result = start }
+
+    /** Gets the offset at which this term ends. */
+    int getEnd() { result = end }
+
+    /** Holds if this term occurs in regex `inRe` offsets `startOffset` to `endOffset`. */
+    predicate occursInRegex(Regex inRe, int startOffset, int endOffset) {
+      inRe = re and startOffset = start and endOffset = end
+    }
+
+    override string toString() { result = re.getText().substring(start, end) }
+
+    /**
+     * Gets the location of the surrounding regex, as locations inside the regex do not exist.
+     * To get location information corresponding to the term inside the regex,
+     * use `hasLocationInfo`.
+     */
+    Location getLocation() { result = re.getLocation() }
+
+    /** Holds if this term is found at the specified location offsets. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      /*
+       * This is an approximation that handles the simple and common case of single,
+       * normal string literal written in the source, but does not give correct results in more complex cases
+       * such as compile-time concatenation, or multi-line string literals.
+       */
+
+      exists(int re_start, int re_end, int src_start, int src_end |
+        re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, re_end) and
+        re.sourceCharacter(start, src_start, _) and
+        re.sourceCharacter(end - 1, _, src_end) and
+        startcolumn = re_start + src_start and
+        endcolumn = re_start + src_end - 1
+      )
+    }
+
+    /** Gets the file in which this term is found. */
+    File getFile() { result = this.getLocation().getFile() }
+
+    /** Gets the raw source text of this term. */
+    string getRawValue() { result = this.toString() }
+
+    /** Gets the string literal in which this term is found. */
+    RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
+
+    /** Gets the regular expression term that is matched (textually) before this one, if any. */
+    RegExpTerm getPredecessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).previousElement(this)
+        or
+        not exists(parent.(RegExpSequence).previousElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getPredecessor()
+      )
+    }
+
+    /** Gets the regular expression term that is matched (textually) after this one, if any. */
+    RegExpTerm getSuccessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).nextElement(this)
+        or
+        not exists(parent.(RegExpSequence).nextElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getSuccessor()
+      )
+    }
+
+    /** Gets the primary QL class for this term. */
+    string getPrimaryQLClass() { result = "RegExpTerm" }
   }
 
-  /** Gets the regular expression term that is matched (textually) after this one, if any. */
-  RegExpTerm getSuccessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).nextElement(this)
-      or
-      not exists(parent.(RegExpSequence).nextElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getSuccessor()
-    )
-  }
-
-  /** Gets the primary QL class for this term. */
-  string getPrimaryQLClass() { result = "RegExpTerm" }
-}
-
-/**
- * A quantified regular expression term.
- *
- * Example:
- *
- * ```
- * ((ECMA|Java)[sS]cript)*
- * ```
- */
-class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
-  int part_end;
-  boolean maybe_empty;
-  boolean may_repeat_forever;
-
-  RegExpQuantifier() {
-    this = TRegExpQuantifier(re, start, end) and
-    re.quantifiedPart(start, part_end, end, maybe_empty, may_repeat_forever)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.occursInRegex(re, start, part_end)
-  }
-
-  /** Holds if this term may match zero times. */
-  predicate mayBeEmpty() { maybe_empty = true }
-
-  /** Holds if this term may match an unlimited number of times. */
-  predicate mayRepeatForever() { may_repeat_forever = true }
-
-  /** Gets the quantifier for this term. That is e.g "?" for "a?". */
-  string getQuantifier() { result = re.getText().substring(part_end, end) }
-
-  /** Holds if this is a possessive quantifier, e.g. a*+. */
-  predicate isPossessive() {
-    exists(string q | q = this.getQuantifier() | q.length() > 1 and q.charAt(q.length() - 1) = "+")
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpQuantifier" }
-}
-
-/**
- * A regular expression term that permits unlimited repetitions.
- */
-class InfiniteRepetitionQuantifier extends RegExpQuantifier {
-  InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
-}
-
-/**
- * A star-quantified term.
- *
- * Example:
- *
- * ```
- * \w*
- * ```
- */
-class RegExpStar extends InfiniteRepetitionQuantifier {
-  RegExpStar() { this.getQuantifier().charAt(0) = "*" }
-
-  override string getPrimaryQLClass() { result = "RegExpStar" }
-}
-
-/**
- * A plus-quantified term.
- *
- * Example:
- *
- * ```
- * \w+
- * ```
- */
-class RegExpPlus extends InfiniteRepetitionQuantifier {
-  RegExpPlus() { this.getQuantifier().charAt(0) = "+" }
-
-  override string getPrimaryQLClass() { result = "RegExpPlus" }
-}
-
-/**
- * An optional term.
- *
- * Example:
- *
- * ```
- * ;?
- * ```
- */
-class RegExpOpt extends RegExpQuantifier {
-  RegExpOpt() { this.getQuantifier().charAt(0) = "?" }
-
-  override string getPrimaryQLClass() { result = "RegExpOpt" }
-}
-
-/**
- * A range-quantified term
- *
- * Examples:
- *
- * ```
- * \w{2,4}
- * \w{2,}
- * \w{2}
- * ```
- */
-class RegExpRange extends RegExpQuantifier {
-  string upper;
-  string lower;
-
-  RegExpRange() { re.multiples(part_end, end, lower, upper) }
-
-  /** Gets the string defining the upper bound of this range, which is empty when no such bound exists. */
-  string getUpper() { result = upper }
-
-  /** Gets the string defining the lower bound of this range, which is empty when no such bound exists. */
-  string getLower() { result = lower }
-
   /**
-   * Gets the upper bound of the range, if any.
+   * A quantified regular expression term.
    *
-   * If there is no upper bound, any number of repetitions is allowed.
-   * For a term of the form `r{lo}`, both the lower and the upper bound
-   * are `lo`.
+   * Example:
+   *
+   * ```
+   * ((ECMA|Java)[sS]cript)*
+   * ```
    */
-  int getUpperBound() { result = this.getUpper().toInt() }
+  class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
+    int part_end;
+    boolean maybe_empty;
+    boolean may_repeat_forever;
 
-  /** Gets the lower bound of the range. */
-  int getLowerBound() { result = this.getLower().toInt() }
+    RegExpQuantifier() {
+      this = TRegExpQuantifier(re, start, end) and
+      re.quantifiedPart(start, part_end, end, maybe_empty, may_repeat_forever)
+    }
 
-  override string getPrimaryQLClass() { result = "RegExpRange" }
-}
-
-/**
- * A sequence term.
- *
- * Example:
- *
- * ```
- * (ECMA|Java)Script
- * ```
- *
- * This is a sequence with the elements `(ECMA|Java)` and `Script`.
- */
-class RegExpSequence extends RegExpTerm, TRegExpSequence {
-  RegExpSequence() { this = TRegExpSequence(re, start, end) }
-
-  override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
-
-  /** Gets the element preceding `element` in this sequence. */
-  RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
-
-  /** Gets the element following `element` in this sequence. */
-  RegExpTerm nextElement(RegExpTerm element) {
-    exists(int i |
-      element = this.getChild(i) and
-      result = this.getChild(i + 1)
-    )
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpSequence" }
-}
-
-pragma[nomagic]
-private int seqChildEnd(Regex re, int start, int end, int i) {
-  result = seqChild(re, start, end, i).getEnd()
-}
-
-// moved out so we can use it in the charpred
-private RegExpTerm seqChild(Regex re, int start, int end, int i) {
-  re.sequence(start, end) and
-  (
-    i = 0 and
-    exists(int itemEnd |
-      re.item(start, itemEnd) and
-      result.occursInRegex(re, start, itemEnd)
-    )
-    or
-    i > 0 and
-    exists(int itemStart, int itemEnd | itemStart = seqChildEnd(re, start, end, i - 1) |
-      re.item(itemStart, itemEnd) and
-      result.occursInRegex(re, itemStart, itemEnd)
-    )
-  )
-}
-
-/**
- * An alternative term, that is, a term of the form `a|b`.
- *
- * Example:
- *
- * ```
- * ECMA|Java
- * ```
- */
-class RegExpAlt extends RegExpTerm, TRegExpAlt {
-  RegExpAlt() { this = TRegExpAlt(re, start, end) }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    exists(int part_end |
-      re.alternationOption(start, end, start, part_end) and
+    override RegExpTerm getChild(int i) {
+      i = 0 and
       result.occursInRegex(re, start, part_end)
-    )
-    or
-    i > 0 and
-    exists(int part_start, int part_end |
-      part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
-    |
-      re.alternationOption(start, end, part_start, part_end) and
-      result.occursInRegex(re, part_start, part_end)
-    )
+    }
+
+    /** Holds if this term may match zero times. */
+    predicate mayBeEmpty() { maybe_empty = true }
+
+    /** Holds if this term may match an unlimited number of times. */
+    predicate mayRepeatForever() { may_repeat_forever = true }
+
+    /** Gets the quantifier for this term. That is e.g "?" for "a?". */
+    string getQuantifier() { result = re.getText().substring(part_end, end) }
+
+    /** Holds if this is a possessive quantifier, e.g. a*+. */
+    predicate isPossessive() {
+      exists(string q | q = this.getQuantifier() |
+        q.length() > 1 and q.charAt(q.length() - 1) = "+"
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpQuantifier" }
   }
 
-  override string getPrimaryQLClass() { result = "RegExpAlt" }
-}
-
-/**
- * An escaped regular expression term, that is, a regular expression
- * term starting with a backslash, which is not a backreference.
- *
- * Example:
- *
- * ```
- * \.
- * \w
- * ```
- */
-class RegExpEscape extends RegExpNormalChar {
-  RegExpEscape() { re.escapedCharacter(start, end) }
-
   /**
-   * Gets the name of the escaped; for example, `w` for `\w`.
-   * TODO: Handle named escapes.
+   * A regular expression term that permits unlimited repetitions.
    */
-  override string getValue() {
-    not this.isUnicode() and
-    this.isIdentityEscape() and
-    result = this.getUnescaped()
-    or
-    this.getUnescaped() = "n" and result = "\n"
-    or
-    this.getUnescaped() = "r" and result = "\r"
-    or
-    this.getUnescaped() = "t" and result = "\t"
-    or
-    this.getUnescaped() = "f" and result = 12.toUnicode() // form feed
-    or
-    this.getUnescaped() = "a" and result = 7.toUnicode() // alert/bell
-    or
-    this.getUnescaped() = "e" and result = 27.toUnicode() // escape (0x1B)
-    or
-    this.isUnicode() and
-    result = this.getUnicode()
-  }
-
-  /** Holds if this terms name is given by the part following the escape character. */
-  predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f", "a", "e"] }
-
-  override string getPrimaryQLClass() { result = "RegExpEscape" }
-
-  /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
-  private string getUnescaped() { result = this.getText().suffix(1) }
-
-  /**
-   * Gets the text for this escape. That is e.g. "\w".
-   */
-  private string getText() { result = re.getText().substring(start, end) }
-
-  /**
-   * Holds if this is a unicode escape.
-   */
-  private predicate isUnicode() { this.getText().matches(["\\u%", "\\x%"]) }
-
-  /**
-   * Gets the unicode char for this escape.
-   * E.g. for `\u0061` this returns "a".
-   */
-  private string getUnicode() {
-    exists(int codepoint | codepoint = sum(this.getHexValueFromUnicode(_)) |
-      result = codepoint.toUnicode()
-    )
-  }
-
-  /** Gets the part of this escape that is a hexidecimal string */
-  private string getHexString() {
-    this.isUnicode() and
-    if this.getText().matches("\\u%") // \uhhhh
-    then result = this.getText().suffix(2)
-    else
-      if this.getText().matches("\\x{%") // \x{h..h}
-      then result = this.getText().substring(3, this.getText().length() - 1)
-      else result = this.getText().suffix(2) // \xhh
+  class InfiniteRepetitionQuantifier extends RegExpQuantifier {
+    InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
   }
 
   /**
-   * Gets int value for the `index`th char in the hex number of the unicode escape.
-   * E.g. for `\u0061` and `index = 2` this returns 96 (the number `6` interpreted as hex).
-   */
-  private int getHexValueFromUnicode(int index) {
-    this.isUnicode() and
-    exists(string hex, string char | hex = this.getHexString() |
-      char = hex.charAt(index) and
-      result = 16.pow(hex.length() - index - 1) * toHex(char)
-    )
-  }
-}
-
-/**
- * Gets the hex number for the `hex` char.
- */
-private int toHex(string hex) {
-  result = [0 .. 9] and hex = result.toString()
-  or
-  result = 10 and hex = ["a", "A"]
-  or
-  result = 11 and hex = ["b", "B"]
-  or
-  result = 12 and hex = ["c", "C"]
-  or
-  result = 13 and hex = ["d", "D"]
-  or
-  result = 14 and hex = ["e", "E"]
-  or
-  result = 15 and hex = ["f", "F"]
-}
-
-/**
- * A character class escape in a regular expression.
- * That is, an escaped character that denotes multiple characters.
- *
- * Examples:
- *
- * ```
- * \w
- * \S
- * ```
- */
-class RegExpCharacterClassEscape extends RegExpEscape {
-  RegExpCharacterClassEscape() {
-    this.getValue() in ["d", "D", "s", "S", "w", "W", "h", "H", "v", "V"] or
-    this.getValue().charAt(0) in ["p", "P"]
-  }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" }
-}
-
-/**
- * A named character class in a regular expression.
- *
- * Examples:
- *
- * ```
- * \p{Digit}
- * \p{IsLowerCase}
- */
-class RegExpNamedProperty extends RegExpCharacterClassEscape {
-  boolean inverted;
-  string name;
-
-  RegExpNamedProperty() {
-    name = this.getValue().substring(2, this.getValue().length() - 1) and
-    (
-      inverted = false and
-      this.getValue().charAt(0) = "p"
-      or
-      inverted = true and
-      this.getValue().charAt(0) = "P"
-    )
-  }
-
-  /** Holds if this class is inverted. */
-  predicate isInverted() { inverted = true }
-
-  /** Gets the name of this class. */
-  string getClassName() { result = name }
-
-  /**
-   * Gets an equivalent single-chcracter escape sequence for this class (e.g. \d) if possible, excluding the escape character.
-   */
-  string getBackslashEquivalent() {
-    exists(string eq | if inverted = true then result = eq.toUpperCase() else result = eq |
-      name = ["Digit", "IsDigit"] and
-      eq = "d"
-      or
-      name = ["Space", "IsWhite_Space"] and
-      eq = "s"
-    )
-  }
-}
-
-/**
- * A character class in a regular expression.
- *
- * Examples:
- *
- * ```
- * [a-z_]
- * [^<>&]
- * ```
- */
-class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
-  RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
-
-  /** Holds if this character class is inverted, matching the opposite of its content. */
-  predicate isInverted() { re.getChar(start + 1) = "^" }
-
-  /** Holds if this character class can match anything. */
-  predicate isUniversalClass() {
-    // [^]
-    this.isInverted() and not exists(this.getAChild())
-    or
-    // [\w\W] and similar
-    not this.isInverted() and
-    exists(string cce1, string cce2 |
-      cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
-      cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
-    |
-      cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
-    )
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    exists(int itemStart, int itemEnd |
-      re.charSetStart(start, itemStart) and
-      re.charSetChild(start, itemStart, itemEnd) and
-      result.occursInRegex(re, itemStart, itemEnd)
-    )
-    or
-    i > 0 and
-    exists(int itemStart, int itemEnd | itemStart = this.getChild(i - 1).getEnd() |
-      result.occursInRegex(re, itemStart, itemEnd) and
-      re.charSetChild(start, itemStart, itemEnd)
-    )
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterClass" }
-}
-
-/**
- * A character range in a character class in a regular expression.
- *
- * Example:
- *
- * ```
- * a-z
- * ```
- */
-class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
-  int lower_end;
-  int upper_start;
-
-  RegExpCharacterRange() {
-    this = TRegExpCharacterRange(re, start, end) and
-    re.charRange(_, start, lower_end, upper_start, end)
-  }
-
-  /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
-  predicate isRange(string lo, string hi) {
-    lo = re.getText().substring(start, lower_end) and
-    hi = re.getText().substring(upper_start, end)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.occursInRegex(re, start, lower_end)
-    or
-    i = 1 and
-    result.occursInRegex(re, upper_start, end)
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterRange" }
-}
-
-/**
- * A normal character in a regular expression, that is, a character
- * without special meaning. This includes escaped characters.
- * It also includes escape sequences that represent character classes.
- *
- * Examples:
- * ```
- * t
- * \t
- * ```
- */
-class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
-  RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string representation of the char matched by this term. */
-  string getValue() { result = re.getText().substring(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpNormalChar" }
-}
-
-/**
- * A quoted sequence.
- *
- * Example:
- * ```
- * \Qabc\E
- * ```
- */
-class RegExpQuote extends RegExpTerm, TRegExpQuote {
-  string value;
-
-  RegExpQuote() {
-    exists(int inner_start, int inner_end |
-      this = TRegExpQuote(re, start, end) and
-      re.quote(start, end, inner_start, inner_end) and
-      value = re.getText().substring(inner_start, inner_end)
-    )
-  }
-
-  /** Gets the string matched by this quote term. */
-  string getValue() { result = value }
-
-  override string getPrimaryQLClass() { result = "RegExpQuote" }
-}
-
-/**
- * A constant regular expression term, that is, a regular expression
- * term matching a single string. This can be a single character or a quoted sequence.
- *
- * Example:
- *
- * ```
- * a
- * ```
- */
-class RegExpConstant extends RegExpTerm {
-  string value;
-
-  RegExpConstant() {
-    (value = this.(RegExpNormalChar).getValue() or value = this.(RegExpQuote).getValue()) and
-    not this instanceof RegExpCharacterClassEscape
-  }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string matched by this constant term. */
-  string getValue() { result = value }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpConstant" }
-}
-
-/**
- * A grouped regular expression.
- *
- * Examples:
- *
- * ```
- * (ECMA|Java)
- * (?:ECMA|Java)
- * (?<quote>['"])
- * ```
- */
-class RegExpGroup extends RegExpTerm, TRegExpGroup {
-  RegExpGroup() { this = TRegExpGroup(re, start, end) }
-
-  /**
-   * Gets the index of this capture group within the enclosing regular
-   * expression literal.
+   * A star-quantified term.
    *
-   * For example, in the regular expression `/((a?).)(?:b)/`, the
-   * group `((a?).)` has index 1, the group `(a?)` nested inside it
-   * has index 2, and the group `(?:b)` has no index, since it is
-   * not a capture group.
+   * Example:
+   *
+   * ```
+   * \w*
+   * ```
    */
-  int getNumber() { result = re.getGroupNumber(start, end) }
+  class RegExpStar extends InfiniteRepetitionQuantifier {
+    RegExpStar() { this.getQuantifier().charAt(0) = "*" }
 
-  /** Holds if this is a named capture group. */
-  predicate isNamed() { exists(this.getName()) }
+    override string getPrimaryQLClass() { result = "RegExpStar" }
+  }
 
-  /** Gets the name of this capture group, if any. */
-  string getName() { result = re.getGroupName(start, end) }
+  /**
+   * A plus-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w+
+   * ```
+   */
+  class RegExpPlus extends InfiniteRepetitionQuantifier {
+    RegExpPlus() { this.getQuantifier().charAt(0) = "+" }
 
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
-      result.occursInRegex(re, in_start, in_end)
+    override string getPrimaryQLClass() { result = "RegExpPlus" }
+  }
+
+  /**
+   * An optional term.
+   *
+   * Example:
+   *
+   * ```
+   * ;?
+   * ```
+   */
+  class RegExpOpt extends RegExpQuantifier {
+    RegExpOpt() { this.getQuantifier().charAt(0) = "?" }
+
+    override string getPrimaryQLClass() { result = "RegExpOpt" }
+  }
+
+  /**
+   * A range-quantified term
+   *
+   * Examples:
+   *
+   * ```
+   * \w{2,4}
+   * \w{2,}
+   * \w{2}
+   * ```
+   */
+  class RegExpRange extends RegExpQuantifier {
+    string upper;
+    string lower;
+
+    RegExpRange() { re.multiples(part_end, end, lower, upper) }
+
+    /** Gets the string defining the upper bound of this range, which is empty when no such bound exists. */
+    string getUpper() { result = upper }
+
+    /** Gets the string defining the lower bound of this range, which is empty when no such bound exists. */
+    string getLower() { result = lower }
+
+    /**
+     * Gets the upper bound of the range, if any.
+     *
+     * If there is no upper bound, any number of repetitions is allowed.
+     * For a term of the form `r{lo}`, both the lower and the upper bound
+     * are `lo`.
+     */
+    int getUpperBound() { result = this.getUpper().toInt() }
+
+    /** Gets the lower bound of the range. */
+    int getLowerBound() { result = this.getLower().toInt() }
+
+    override string getPrimaryQLClass() { result = "RegExpRange" }
+  }
+
+  /**
+   * A sequence term.
+   *
+   * Example:
+   *
+   * ```
+   * (ECMA|Java)Script
+   * ```
+   *
+   * This is a sequence with the elements `(ECMA|Java)` and `Script`.
+   */
+  class RegExpSequence extends RegExpTerm, TRegExpSequence {
+    RegExpSequence() { this = TRegExpSequence(re, start, end) }
+
+    override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
+
+    /** Gets the element preceding `element` in this sequence. */
+    RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
+
+    /** Gets the element following `element` in this sequence. */
+    RegExpTerm nextElement(RegExpTerm element) {
+      exists(int i |
+        element = this.getChild(i) and
+        result = this.getChild(i + 1)
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpSequence" }
+  }
+
+  pragma[nomagic]
+  private int seqChildEnd(Regex re, int start, int end, int i) {
+    result = seqChild(re, start, end, i).getEnd()
+  }
+
+  // moved out so we can use it in the charpred
+  private RegExpTerm seqChild(Regex re, int start, int end, int i) {
+    re.sequence(start, end) and
+    (
+      i = 0 and
+      exists(int itemEnd |
+        re.item(start, itemEnd) and
+        result.occursInRegex(re, start, itemEnd)
+      )
+      or
+      i > 0 and
+      exists(int itemStart, int itemEnd | itemStart = seqChildEnd(re, start, end, i - 1) |
+        re.item(itemStart, itemEnd) and
+        result.occursInRegex(re, itemStart, itemEnd)
+      )
     )
   }
 
-  override string getPrimaryQLClass() { result = "RegExpGroup" }
+  /**
+   * An alternative term, that is, a term of the form `a|b`.
+   *
+   * Example:
+   *
+   * ```
+   * ECMA|Java
+   * ```
+   */
+  class RegExpAlt extends RegExpTerm, TRegExpAlt {
+    RegExpAlt() { this = TRegExpAlt(re, start, end) }
 
-  /** Holds if this is the `n`th numbered group of literal `lit`. */
-  predicate isNumberedGroupOfLiteral(RegExpLiteral lit, int n) {
-    lit = this.getLiteral() and n = this.getNumber()
-  }
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      exists(int part_end |
+        re.alternationOption(start, end, start, part_end) and
+        result.occursInRegex(re, start, part_end)
+      )
+      or
+      i > 0 and
+      exists(int part_start, int part_end |
+        part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
+      |
+        re.alternationOption(start, end, part_start, part_end) and
+        result.occursInRegex(re, part_start, part_end)
+      )
+    }
 
-  /** Holds if this is a group with name `name` of literal `lit`. */
-  predicate isNamedGroupOfLiteral(RegExpLiteral lit, string name) {
-    lit = this.getLiteral() and name = this.getName()
-  }
-}
-
-/**
- * A special character in a regular expression.
- *
- * Examples:
- * ```
- * ^
- * $
- * .
- * ```
- */
-class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
-  string char;
-
-  RegExpSpecialChar() {
-    this = TRegExpSpecialChar(re, start, end) and
-    re.specialCharacter(start, end, char)
+    override string getPrimaryQLClass() { result = "RegExpAlt" }
   }
 
   /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
+   * An escaped regular expression term, that is, a regular expression
+   * term starting with a backslash, which is not a backreference.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * \w
+   * ```
    */
-  predicate isCharacter() { any() }
+  class RegExpEscape extends RegExpNormalChar {
+    RegExpEscape() { re.escapedCharacter(start, end) }
 
-  /** Gets the char for this term. */
-  string getChar() { result = char }
+    /**
+     * Gets the name of the escaped; for example, `w` for `\w`.
+     * TODO: Handle named escapes.
+     */
+    override string getValue() {
+      not this.isUnicode() and
+      this.isIdentityEscape() and
+      result = this.getUnescaped()
+      or
+      this.getUnescaped() = "n" and result = "\n"
+      or
+      this.getUnescaped() = "r" and result = "\r"
+      or
+      this.getUnescaped() = "t" and result = "\t"
+      or
+      this.getUnescaped() = "f" and result = 12.toUnicode() // form feed
+      or
+      this.getUnescaped() = "a" and result = 7.toUnicode() // alert/bell
+      or
+      this.getUnescaped() = "e" and result = 27.toUnicode() // escape (0x1B)
+      or
+      this.isUnicode() and
+      result = this.getUnicode()
+    }
 
-  override RegExpTerm getChild(int i) { none() }
+    /** Holds if this terms name is given by the part following the escape character. */
+    predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f", "a", "e"] }
 
-  override string getPrimaryQLClass() { result = "RegExpSpecialChar" }
-}
+    override string getPrimaryQLClass() { result = "RegExpEscape" }
 
-/**
- * A dot regular expression.
- *
- * Example:
- *
- * ```
- * .
- * ```
- */
-class RegExpDot extends RegExpSpecialChar {
-  RegExpDot() { this.getChar() = "." }
+    /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
+    private string getUnescaped() { result = this.getText().suffix(1) }
 
-  override string getPrimaryQLClass() { result = "RegExpDot" }
-}
+    /**
+     * Gets the text for this escape. That is e.g. "\w".
+     */
+    private string getText() { result = re.getText().substring(start, end) }
 
-/**
- * A dollar assertion `$` matching the end of a line.
- *
- * Example:
- *
- * ```
- * $
- * ```
- */
-class RegExpDollar extends RegExpSpecialChar {
-  RegExpDollar() { this.getChar() = "$" }
+    /**
+     * Holds if this is a unicode escape.
+     */
+    private predicate isUnicode() { this.getText().matches(["\\u%", "\\x%"]) }
 
-  override string getPrimaryQLClass() { result = "RegExpDollar" }
-}
+    /**
+     * Gets the unicode char for this escape.
+     * E.g. for `\u0061` this returns "a".
+     */
+    private string getUnicode() {
+      exists(int codepoint | codepoint = sum(this.getHexValueFromUnicode(_)) |
+        result = codepoint.toUnicode()
+      )
+    }
 
-/**
- * A caret assertion `^` matching the beginning of a line.
- *
- * Example:
- *
- * ```
- * ^
- * ```
- */
-class RegExpCaret extends RegExpSpecialChar {
-  RegExpCaret() { this.getChar() = "^" }
+    /** Gets the part of this escape that is a hexidecimal string */
+    private string getHexString() {
+      this.isUnicode() and
+      if this.getText().matches("\\u%") // \uhhhh
+      then result = this.getText().suffix(2)
+      else
+        if this.getText().matches("\\x{%") // \x{h..h}
+        then result = this.getText().substring(3, this.getText().length() - 1)
+        else result = this.getText().suffix(2) // \xhh
+    }
 
-  override string getPrimaryQLClass() { result = "RegExpCaret" }
-}
-
-/**
- * A zero-width match, that is, either an empty group or an assertion.
- *
- * Examples:
- * ```
- * ()
- * (?=\w)
- * ```
- */
-class RegExpZeroWidthMatch extends RegExpGroup {
-  RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" }
-}
-
-/**
- * A zero-width lookahead or lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-class RegExpSubPattern extends RegExpZeroWidthMatch {
-  RegExpSubPattern() { not re.emptyGroup(start, end) }
-
-  /** Gets the lookahead term. */
-  RegExpTerm getOperand() {
-    exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
-      result.occursInRegex(re, in_start, in_end)
-    )
+    /**
+     * Gets int value for the `index`th char in the hex number of the unicode escape.
+     * E.g. for `\u0061` and `index = 2` this returns 96 (the number `6` interpreted as hex).
+     */
+    private int getHexValueFromUnicode(int index) {
+      this.isUnicode() and
+      exists(string hex, string char | hex = this.getHexString() |
+        char = hex.charAt(index) and
+        result = 16.pow(hex.length() - index - 1) * toHex(char)
+      )
+    }
   }
-}
-
-/**
- * A zero-width lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * ```
- */
-abstract class RegExpLookahead extends RegExpSubPattern { }
-
-/**
- * A positive-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * ```
- */
-class RegExpPositiveLookahead extends RegExpLookahead {
-  RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpPositiveLookahead" }
-}
-
-/**
- * A negative-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?!\n)
- * ```
- */
-class RegExpNegativeLookahead extends RegExpLookahead {
-  RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpNegativeLookahead" }
-}
-
-/**
- * A zero-width lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-abstract class RegExpLookbehind extends RegExpSubPattern { }
-
-/**
- * A positive-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * ```
- */
-class RegExpPositiveLookbehind extends RegExpLookbehind {
-  RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpPositiveLookbehind" }
-}
-
-/**
- * A negative-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<!\\)
- * ```
- */
-class RegExpNegativeLookbehind extends RegExpLookbehind {
-  RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpNegativeLookbehind" }
-}
-
-/**
- * A back reference, that is, a term of the form `\i` or `\k<name>`
- * in a regular expression.
- *
- * Examples:
- *
- * ```
- * \1
- * (?P=quote)
- * ```
- */
-class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
-  RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
 
   /**
-   * Gets the number of the capture group this back reference refers to, if any.
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
    */
-  int getNumber() { result = re.getBackrefNumber(start, end) }
+  class RegExpCharEscape = RegExpEscape;
 
   /**
-   * Gets the name of the capture group this back reference refers to, if any.
+   * A word boundary, that is, a regular expression term of the form `\b`.
    */
-  string getName() { result = re.getBackrefName(start, end) }
+  class RegExpWordBoundary extends RegExpSpecialChar {
+    RegExpWordBoundary() { this.getChar() = "\\b" }
+  }
 
-  /** Gets the capture group this back reference refers to. */
-  RegExpGroup getGroup() {
-    result.isNumberedGroupOfLiteral(this.getLiteral(), this.getNumber())
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
+    RegExpNonWordBoundary() { this.getChar() = "\\B" }
+  }
+
+  /**
+   * Gets the hex number for the `hex` char.
+   */
+  private int toHex(string hex) {
+    result = [0 .. 9] and hex = result.toString()
     or
-    result.isNamedGroupOfLiteral(this.getLiteral(), this.getName())
+    result = 10 and hex = ["a", "A"]
+    or
+    result = 11 and hex = ["b", "B"]
+    or
+    result = 12 and hex = ["c", "C"]
+    or
+    result = 13 and hex = ["d", "D"]
+    or
+    result = 14 and hex = ["e", "E"]
+    or
+    result = 15 and hex = ["f", "F"]
   }
 
-  override RegExpTerm getChild(int i) { none() }
+  /**
+   * A character class escape in a regular expression.
+   * That is, an escaped character that denotes multiple characters.
+   *
+   * Examples:
+   *
+   * ```
+   * \w
+   * \S
+   * ```
+   */
+  class RegExpCharacterClassEscape extends RegExpEscape {
+    RegExpCharacterClassEscape() {
+      this.getValue() in ["d", "D", "s", "S", "w", "W", "h", "H", "v", "V"] or
+      this.getValue().charAt(0) in ["p", "P"]
+    }
 
-  override string getPrimaryQLClass() { result = "RegExpBackRef" }
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" }
+  }
+
+  /**
+   * A named character class in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \p{Digit}
+   * \p{IsLowerCase}
+   */
+  additional class RegExpNamedProperty extends RegExpCharacterClassEscape {
+    boolean inverted;
+    string name;
+
+    RegExpNamedProperty() {
+      name = this.getValue().substring(2, this.getValue().length() - 1) and
+      (
+        inverted = false and
+        this.getValue().charAt(0) = "p"
+        or
+        inverted = true and
+        this.getValue().charAt(0) = "P"
+      )
+    }
+
+    /** Holds if this class is inverted. */
+    predicate isInverted() { inverted = true }
+
+    /** Gets the name of this class. */
+    string getClassName() { result = name }
+
+    /**
+     * Gets an equivalent single-chcracter escape sequence for this class (e.g. \d) if possible, excluding the escape character.
+     */
+    string getBackslashEquivalent() {
+      exists(string eq | if inverted = true then result = eq.toUpperCase() else result = eq |
+        name = ["Digit", "IsDigit"] and
+        eq = "d"
+        or
+        name = ["Space", "IsWhite_Space"] and
+        eq = "s"
+      )
+    }
+  }
+
+  /**
+   * A character class in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * [a-z_]
+   * [^<>&]
+   * ```
+   */
+  class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
+    RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
+
+    /** Holds if this character class is inverted, matching the opposite of its content. */
+    predicate isInverted() { re.getChar(start + 1) = "^" }
+
+    /** Holds if this character class can match anything. */
+    predicate isUniversalClass() {
+      // [^]
+      this.isInverted() and not exists(this.getAChild())
+      or
+      // [\w\W] and similar
+      not this.isInverted() and
+      exists(string cce1, string cce2 |
+        cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
+        cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
+      |
+        cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
+      )
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      exists(int itemStart, int itemEnd |
+        re.charSetStart(start, itemStart) and
+        re.charSetChild(start, itemStart, itemEnd) and
+        result.occursInRegex(re, itemStart, itemEnd)
+      )
+      or
+      i > 0 and
+      exists(int itemStart, int itemEnd | itemStart = this.getChild(i - 1).getEnd() |
+        result.occursInRegex(re, itemStart, itemEnd) and
+        re.charSetChild(start, itemStart, itemEnd)
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterClass" }
+  }
+
+  /**
+   * A character range in a character class in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * a-z
+   * ```
+   */
+  class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
+    int lower_end;
+    int upper_start;
+
+    RegExpCharacterRange() {
+      this = TRegExpCharacterRange(re, start, end) and
+      re.charRange(_, start, lower_end, upper_start, end)
+    }
+
+    /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
+    predicate isRange(string lo, string hi) {
+      lo = re.getText().substring(start, lower_end) and
+      hi = re.getText().substring(upper_start, end)
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.occursInRegex(re, start, lower_end)
+      or
+      i = 1 and
+      result.occursInRegex(re, upper_start, end)
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterRange" }
+  }
+
+  /**
+   * A normal character in a regular expression, that is, a character
+   * without special meaning. This includes escaped characters.
+   * It also includes escape sequences that represent character classes.
+   *
+   * Examples:
+   * ```
+   * t
+   * \t
+   * ```
+   */
+  additional class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
+    RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string representation of the char matched by this term. */
+    string getValue() { result = re.getText().substring(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpNormalChar" }
+  }
+
+  /**
+   * A quoted sequence.
+   *
+   * Example:
+   * ```
+   * \Qabc\E
+   * ```
+   */
+  additional class RegExpQuote extends RegExpTerm, TRegExpQuote {
+    string value;
+
+    RegExpQuote() {
+      exists(int inner_start, int inner_end |
+        this = TRegExpQuote(re, start, end) and
+        re.quote(start, end, inner_start, inner_end) and
+        value = re.getText().substring(inner_start, inner_end)
+      )
+    }
+
+    /** Gets the string matched by this quote term. */
+    string getValue() { result = value }
+
+    override string getPrimaryQLClass() { result = "RegExpQuote" }
+  }
+
+  /**
+   * A constant regular expression term, that is, a regular expression
+   * term matching a single string. This can be a single character or a quoted sequence.
+   *
+   * Example:
+   *
+   * ```
+   * a
+   * ```
+   */
+  class RegExpConstant extends RegExpTerm {
+    string value;
+
+    RegExpConstant() {
+      (value = this.(RegExpNormalChar).getValue() or value = this.(RegExpQuote).getValue()) and
+      not this instanceof RegExpCharacterClassEscape
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string matched by this constant term. */
+    string getValue() { result = value }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpConstant" }
+  }
+
+  /**
+   * A grouped regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * (ECMA|Java)
+   * (?:ECMA|Java)
+   * (?<quote>['"])
+   * ```
+   */
+  class RegExpGroup extends RegExpTerm, TRegExpGroup {
+    RegExpGroup() { this = TRegExpGroup(re, start, end) }
+
+    /**
+     * Gets the index of this capture group within the enclosing regular
+     * expression literal.
+     *
+     * For example, in the regular expression `/((a?).)(?:b)/`, the
+     * group `((a?).)` has index 1, the group `(a?)` nested inside it
+     * has index 2, and the group `(?:b)` has no index, since it is
+     * not a capture group.
+     */
+    int getNumber() { result = re.getGroupNumber(start, end) }
+
+    /** Holds if this is a named capture group. */
+    predicate isNamed() { exists(this.getName()) }
+
+    /** Gets the name of this capture group, if any. */
+    string getName() { result = re.getGroupName(start, end) }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+        result.occursInRegex(re, in_start, in_end)
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpGroup" }
+
+    /** Holds if this is the `n`th numbered group of literal `lit`. */
+    predicate isNumberedGroupOfLiteral(RegExpLiteral lit, int n) {
+      lit = this.getLiteral() and n = this.getNumber()
+    }
+
+    /** Holds if this is a group with name `name` of literal `lit`. */
+    predicate isNamedGroupOfLiteral(RegExpLiteral lit, string name) {
+      lit = this.getLiteral() and name = this.getName()
+    }
+
+    /** Holds if this is a capture group. */
+    predicate isCapture() { exists(this.getNumber()) }
+  }
+
+  /**
+   * A special character in a regular expression.
+   *
+   * Examples:
+   * ```
+   * ^
+   * $
+   * .
+   * ```
+   */
+  additional class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
+    string char;
+
+    RegExpSpecialChar() {
+      this = TRegExpSpecialChar(re, start, end) and
+      re.specialCharacter(start, end, char)
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the char for this term. */
+    string getChar() { result = char }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpSpecialChar" }
+  }
+
+  /**
+   * A dot regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * .
+   * ```
+   */
+  class RegExpDot extends RegExpSpecialChar {
+    RegExpDot() { this.getChar() = "." }
+
+    override string getPrimaryQLClass() { result = "RegExpDot" }
+  }
+
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpAnchor extends RegExpSpecialChar {
+    RegExpAnchor() { this.getChar() = ["$", "^"] }
+
+    override string getPrimaryQLClass() { result = "RegExpAnchor" }
+  }
+
+  /**
+   * A dollar assertion `$` matching the end of a line.
+   *
+   * Example:
+   *
+   * ```
+   * $
+   * ```
+   */
+  class RegExpDollar extends RegExpAnchor {
+    RegExpDollar() { this.getChar() = "$" }
+
+    override string getPrimaryQLClass() { result = "RegExpDollar" }
+  }
+
+  /**
+   * A caret assertion `^` matching the beginning of a line.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpCaret extends RegExpAnchor {
+    RegExpCaret() { this.getChar() = "^" }
+
+    override string getPrimaryQLClass() { result = "RegExpCaret" }
+  }
+
+  /**
+   * A zero-width match, that is, either an empty group or an assertion.
+   *
+   * Examples:
+   * ```
+   * ()
+   * (?=\w)
+   * ```
+   */
+  additional class RegExpZeroWidthMatch extends RegExpGroup {
+    RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" }
+  }
+
+  /**
+   * A zero-width lookahead or lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  class RegExpSubPattern extends RegExpZeroWidthMatch {
+    RegExpSubPattern() { not re.emptyGroup(start, end) }
+
+    /** Gets the lookahead term. */
+    RegExpTerm getOperand() {
+      exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+        result.occursInRegex(re, in_start, in_end)
+      )
+    }
+  }
+
+  /**
+   * A zero-width lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * ```
+   */
+  abstract class RegExpLookahead extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * ```
+   */
+  class RegExpPositiveLookahead extends RegExpLookahead {
+    RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpPositiveLookahead" }
+  }
+
+  /**
+   * A negative-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?!\n)
+   * ```
+   */
+  additional class RegExpNegativeLookahead extends RegExpLookahead {
+    RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpNegativeLookahead" }
+  }
+
+  /**
+   * A zero-width lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  abstract class RegExpLookbehind extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * ```
+   */
+  class RegExpPositiveLookbehind extends RegExpLookbehind {
+    RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpPositiveLookbehind" }
+  }
+
+  /**
+   * A negative-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<!\\)
+   * ```
+   */
+  additional class RegExpNegativeLookbehind extends RegExpLookbehind {
+    RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpNegativeLookbehind" }
+  }
+
+  /**
+   * A back reference, that is, a term of the form `\i` or `\k<name>`
+   * in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \1
+   * (?P=quote)
+   * ```
+   */
+  class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
+    RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
+
+    /**
+     * Gets the number of the capture group this back reference refers to, if any.
+     */
+    int getNumber() { result = re.getBackrefNumber(start, end) }
+
+    /**
+     * Gets the name of the capture group this back reference refers to, if any.
+     */
+    string getName() { result = re.getBackrefName(start, end) }
+
+    /** Gets the capture group this back reference refers to. */
+    RegExpGroup getGroup() {
+      result.isNumberedGroupOfLiteral(this.getLiteral(), this.getNumber())
+      or
+      result.isNamedGroupOfLiteral(this.getLiteral(), this.getName())
+    }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpBackRef" }
+  }
+
+  class Top = RegExpParent;
+
+  /**
+   * Holds if `term` is an escape class representing e.g. `\d`.
+   * `clazz` is which character class it represents, e.g. "d" for `\d`.
+   */
+  predicate isEscapeClass(RegExpTerm term, string clazz) {
+    term.(RegExpCharacterClassEscape).getValue() = clazz
+    or
+    term.(RegExpNamedProperty).getBackslashEquivalent() = clazz
+  }
+
+  /**
+   * Holds if `term` is a possessive quantifier, e.g. `a*+`.
+   */
+  predicate isPossessive(RegExpQuantifier term) { term.isPossessive() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
+   */
+  predicate matchesAnyPrefix(RegExpTerm term) { not term.getRegex().matchesFullString() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
+   */
+  predicate matchesAnySuffix(RegExpTerm term) { not term.getRegex().matchesFullString() }
+
+  /**
+   * Holds if the regular expression should not be considered.
+   *
+   * We make the pragmatic performance optimization to ignore regular expressions in files
+   * that do not belong to the project code (such as installed dependencies).
+   */
+  predicate isExcluded(RegExpParent parent) {
+    not exists(parent.getRegex().getLocation().getFile().getRelativePath())
+    or
+    // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so
+    // we explicitly exclude these.
+    strictcount(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10
+  }
+
+  /**
+   * Holds if `root` has the `i` flag for case-insensitive matching.
+   */
+  predicate isIgnoreCase(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isIgnoreCase()
+  }
+
+  /**
+   * Gets the flags for `root`, or the empty string if `root` has no flags.
+   */
+  additional deprecated string getFlags(RegExpTerm root) {
+    root.isRootTerm() and
+    result = root.getLiteral().getFlags()
+  }
+
+  /**
+   * Holds if `root` has the `s` flag for multi-line matching.
+   */
+  predicate isDotAll(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isDotAll()
+  }
 }
-
-/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
-RegExpTerm getParsedRegExp(StringLiteral re) { result.getRegex() = re and result.isRootTerm() }
diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
index 5252bbfa627..993c2941733 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
@@ -28,37 +28,6 @@ class IntentRedirectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }
 
-private class DefaultIntentRedirectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "android.app;Activity;true;bindService;;;Argument[0];intent-start;manual",
-        "android.app;Activity;true;bindServiceAsUser;;;Argument[0];intent-start;manual",
-        "android.app;Activity;true;startActivityAsCaller;;;Argument[0];intent-start;manual",
-        "android.app;Activity;true;startActivityForResult;(Intent,int);;Argument[0];intent-start;manual",
-        "android.app;Activity;true;startActivityForResult;(Intent,int,Bundle);;Argument[0];intent-start;manual",
-        "android.app;Activity;true;startActivityForResult;(String,Intent,int,Bundle);;Argument[1];intent-start;manual",
-        "android.app;Activity;true;startActivityForResultAsUser;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startActivities;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startActivity;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startActivityAsUser;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startActivityFromChild;;;Argument[1];intent-start;manual",
-        "android.content;Context;true;startActivityFromFragment;;;Argument[1];intent-start;manual",
-        "android.content;Context;true;startActivityIfNeeded;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startForegroundService;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startService;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;startServiceAsUser;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendBroadcast;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendBroadcastAsUser;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendBroadcastWithMultiplePermissions;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendStickyBroadcast;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendStickyBroadcastAsUser;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendStickyOrderedBroadcast;;;Argument[0];intent-start;manual",
-        "android.content;Context;true;sendStickyOrderedBroadcastAsUser;;;Argument[0];intent-start;manual"
-      ]
-  }
-}
-
 /** Default sink for Intent redirection vulnerabilities. */
 private class DefaultIntentRedirectionSink extends IntentRedirectionSink {
   DefaultIntentRedirectionSink() { sinkNode(this, "intent-start") }
diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
index 5b836e4c01f..89cc7ac021b 100644
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
@@ -7,7 +7,6 @@ import java
 import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.security.CleartextStorageQuery
-import semmle.code.java.security.Files
 import semmle.code.xml.AndroidManifest
 
 private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink {
diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index 042018d3e34..3a91ad342dd 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -290,9 +290,7 @@ string getSecureAlgorithmRegex() {
  * algorithm. For example, methods returning ciphers, decryption methods,
  * constructors of cipher classes, etc.
  */
-abstract class CryptoAlgoSpec extends Top {
-  CryptoAlgoSpec() { this instanceof Call }
-
+abstract class CryptoAlgoSpec extends Top instanceof Call {
   abstract Expr getAlgoSpec();
 }
 
diff --git a/java/ql/lib/semmle/code/java/security/ExternalProcess.qll b/java/ql/lib/semmle/code/java/security/ExternalProcess.qll
index fe5e46d5efb..9a061c7a419 100644
--- a/java/ql/lib/semmle/code/java/security/ExternalProcess.qll
+++ b/java/ql/lib/semmle/code/java/security/ExternalProcess.qll
@@ -1,4 +1,5 @@
-/* Definitions related to external processes. */
+/** Definitions related to external processes. */
+
 import semmle.code.java.Member
 
 private module Instances {
diff --git a/java/ql/lib/semmle/code/java/security/Files.qll b/java/ql/lib/semmle/code/java/security/Files.qll
deleted file mode 100644
index 2cc55a1076f..00000000000
--- a/java/ql/lib/semmle/code/java/security/Files.qll
+++ /dev/null
@@ -1,98 +0,0 @@
-/** Provides classes and predicates to work with File objects. */
-
-import java
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class CreateFileSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.io;FileOutputStream;false;FileOutputStream;;;Argument[0];create-file;manual",
-        "java.io;RandomAccessFile;false;RandomAccessFile;;;Argument[0];create-file;manual",
-        "java.io;FileWriter;false;FileWriter;;;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(File);;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(File,String);;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(File,Charset);;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(String);;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(String,String);;Argument[0];create-file;manual",
-        "java.io;PrintStream;false;PrintStream;(String,Charset);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(File);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(File,String);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(File,Charset);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(String);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(String,String);;Argument[0];create-file;manual",
-        "java.io;PrintWriter;false;PrintWriter;(String,Charset);;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;copy;;;Argument[1];create-file;manual",
-        "java.nio.file;Files;false;createDirectories;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createDirectory;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createFile;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createLink;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createSymbolicLink;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createTempDirectory;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;createTempFile;(Path,String,String,FileAttribute[]);;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;move;;;Argument[1];create-file;manual",
-        "java.nio.file;Files;false;newBufferedWriter;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;newOutputStream;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;write;;;Argument[0];create-file;manual",
-        "java.nio.file;Files;false;writeString;;;Argument[0];create-file;manual"
-      ]
-  }
-}
-
-private class WriteFileSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.io;FileOutputStream;false;write;;;Argument[0];write-file;manual",
-        "java.io;RandomAccessFile;false;write;;;Argument[0];write-file;manual",
-        "java.io;RandomAccessFile;false;writeBytes;;;Argument[0];write-file;manual",
-        "java.io;RandomAccessFile;false;writeChars;;;Argument[0];write-file;manual",
-        "java.io;RandomAccessFile;false;writeUTF;;;Argument[0];write-file;manual",
-        "java.io;Writer;true;append;;;Argument[0];write-file;manual",
-        "java.io;Writer;true;write;;;Argument[0];write-file;manual",
-        "java.io;PrintStream;true;append;;;Argument[0];write-file;manual",
-        "java.io;PrintStream;true;format;(String,Object[]);;Argument[0..1];write-file;manual",
-        "java.io;PrintStream;true;format;(Locale,String,Object[]);;Argument[1..2];write-file;manual",
-        "java.io;PrintStream;true;print;;;Argument[0];write-file;manual",
-        "java.io;PrintStream;true;printf;(String,Object[]);;Argument[0..1];write-file;manual",
-        "java.io;PrintStream;true;printf;(Locale,String,Object[]);;Argument[1..2];write-file;manual",
-        "java.io;PrintStream;true;println;;;Argument[0];write-file;manual",
-        "java.io;PrintStream;true;write;;;Argument[0];write-file;manual",
-        "java.io;PrintStream;true;writeBytes;;;Argument[0];write-file;manual",
-        "java.io;PrintWriter;false;format;(String,Object[]);;Argument[0..1];write-file;manual",
-        "java.io;PrintWriter;false;format;(Locale,String,Object[]);;Argument[1..2];write-file;manual",
-        "java.io;PrintWriter;false;print;;;Argument[0];write-file;manual",
-        "java.io;PrintWriter;false;printf;(String,Object[]);;Argument[0..1];write-file;manual",
-        "java.io;PrintWriter;false;printf;(Locale,String,Object[]);;Argument[1..2];write-file;manual",
-        "java.io;PrintWriter;false;println;;;Argument[0];write-file;manual",
-        "java.nio.file;Files;false;write;;;Argument[1];write-file;manual",
-        "java.nio.file;Files;false;writeString;;;Argument[1];write-file;manual"
-      ]
-  }
-}
-
-private class FileSummaryModels extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual",
-        "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual",
-        "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;toAbsolutePath;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual",
-        "java.nio.file;FileSystem;true;getPath;;;Argument[0];ReturnValue;taint;manual",
-        "java.nio.file;FileSystem;true;getRootDirectories;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll
index 78cc2690bec..046993f6658 100644
--- a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll
@@ -43,22 +43,6 @@ class FragmentInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }
 
-private class FragmentInjectionSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      ["android.app", "android.support.v4.app", "androidx.fragment.app"] +
-        ";FragmentTransaction;true;" +
-        [
-          "add;(Class,Bundle,String);;Argument[0]", "add;(Fragment,String);;Argument[0]",
-          "add;(int,Class,Bundle);;Argument[1]", "add;(int,Fragment);;Argument[1]",
-          "add;(int,Class,Bundle,String);;Argument[1]", "add;(int,Fragment,String);;Argument[1]",
-          "attach;(Fragment);;Argument[0]", "replace;(int,Class,Bundle);;Argument[1]",
-          "replace;(int,Fragment);;Argument[1]", "replace;(int,Class,Bundle,String);;Argument[1]",
-          "replace;(int,Fragment,String);;Argument[1]",
-        ] + ";fragment-injection;manual"
-  }
-}
-
 private class DefaultFragmentInjectionSink extends FragmentInjectionSink {
   DefaultFragmentInjectionSink() { sinkNode(this, "fragment-injection") }
 }
diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll
index b735e28cd32..54ea8afce91 100644
--- a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll
@@ -24,47 +24,6 @@ private class DefaultGroovyInjectionSink extends GroovyInjectionSink {
   DefaultGroovyInjectionSink() { sinkNode(this, "groovy") }
 }
 
-private class DefaultGroovyInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // Signatures are specified to exclude sinks of the type `File`
-        "groovy.lang;GroovyShell;false;evaluate;(GroovyCodeSource);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(Reader);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(Reader,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(String,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(String,String,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;evaluate;(URI);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;parse;(Reader);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;parse;(Reader,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;parse;(String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;parse;(String,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;parse;(URI);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,String[]);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,List);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(Reader,String,String[]);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(Reader,String,List);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(String,String,String[]);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(String,String,List);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(URI,String[]);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyShell;false;run;(URI,List);;Argument[0];groovy;manual",
-        "groovy.util;Eval;false;me;(String);;Argument[0];groovy;manual",
-        "groovy.util;Eval;false;me;(String,Object,String);;Argument[2];groovy;manual",
-        "groovy.util;Eval;false;x;(Object,String);;Argument[1];groovy;manual",
-        "groovy.util;Eval;false;xy;(Object,Object,String);;Argument[2];groovy;manual",
-        "groovy.util;Eval;false;xyz;(Object,Object,Object,String);;Argument[3];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource,boolean);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(InputStream,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(Reader,String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(String);;Argument[0];groovy;manual",
-        "groovy.lang;GroovyClassLoader;false;parseClass;(String,String);;Argument[0];groovy;manual",
-        "org.codehaus.groovy.control;CompilationUnit;false;compile;;;Argument[-1];groovy;manual"
-      ]
-  }
-}
-
 /** A set of additional taint steps to consider when taint tracking Groovy related data flows. */
 private class DefaultGroovyInjectionAdditionalTaintStep extends GroovyInjectionAdditionalTaintStep {
   override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
index 3441cfaef18..308b8037554 100644
--- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
+++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
@@ -85,42 +85,20 @@ private class MutablePendingIntentFlowStep extends ImplicitPendingIntentAddition
       // unless it is at least sometimes explicitly marked immutable and never marked mutable.
       // Note: for API level < 31, PendingIntents were mutable by default, whereas since then
       // they are immutable by default.
-      not TaintTracking::localExprTaint(any(ImmutablePendingIntentFlag flag).getAnAccess(), flagArg)
+      not bitwiseLocalTaintStep*(DataFlow::exprNode(any(ImmutablePendingIntentFlag flag)
+              .getAnAccess()), DataFlow::exprNode(flagArg))
       or
-      TaintTracking::localExprTaint(any(MutablePendingIntentFlag flag).getAnAccess(), flagArg)
+      bitwiseLocalTaintStep*(DataFlow::exprNode(any(MutablePendingIntentFlag flag).getAnAccess()),
+        DataFlow::exprNode(flagArg))
     )
   }
 }
 
-private class PendingIntentSentSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "androidx.slice;SliceProvider;true;onBindSlice;;;ReturnValue;pending-intent-sent;manual",
-        "androidx.slice;SliceProvider;true;onCreatePermissionRequest;;;ReturnValue;pending-intent-sent;manual",
-        "android.app;NotificationManager;true;notify;(int,Notification);;Argument[1];pending-intent-sent;manual",
-        "android.app;NotificationManager;true;notify;(String,int,Notification);;Argument[2];pending-intent-sent;manual",
-        "android.app;NotificationManager;true;notifyAsPackage;(String,String,int,Notification);;Argument[3];pending-intent-sent;manual",
-        "android.app;NotificationManager;true;notifyAsUser;(String,int,Notification,UserHandle);;Argument[2];pending-intent-sent;manual",
-        "androidx.core.app;NotificationManagerCompat;true;notify;(int,Notification);;Argument[1];pending-intent-sent;manual",
-        "androidx.core.app;NotificationManagerCompat;true;notify;(String,int,Notification);;Argument[2];pending-intent-sent;manual",
-        "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String,Bundle);;Argument[2];pending-intent-sent;manual",
-        "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String);;Argument[2];pending-intent-sent;manual",
-        "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler);;Argument[2];pending-intent-sent;manual",
-        "android.app;PendingIntent;false;send;(Context,int,Intent);;Argument[2];pending-intent-sent;manual",
-        "android.app;Activity;true;setResult;(int,Intent);;Argument[1];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;set;(int,long,PendingIntent);;Argument[2];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setAlarmClock;;;Argument[1];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setAndAllowWhileIdle;;;Argument[2];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setExact;(int,long,PendingIntent);;Argument[2];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setExactAndAllowWhileIdle;;;Argument[2];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setInexactRepeating;;;Argument[3];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setRepeating;;;Argument[3];pending-intent-sent;manual",
-        "android.app;AlarmManager;true;setWindow;(int,long,long,PendingIntent);;Argument[3];pending-intent-sent;manual",
-        "androidx.core.app;AlarmManagerCompat;true;setAlarmClock;;;Argument[2..3];pending-intent-sent;manual",
-        "androidx.core.app;AlarmManagerCompat;true;setAndAllowWhileIdle;;;Argument[3];pending-intent-sent;manual",
-        "androidx.core.app;AlarmManagerCompat;true;setExact;;;Argument[3];pending-intent-sent;manual",
-        "androidx.core.app;AlarmManagerCompat;true;setExactAndAllowWhileIdle;;;Argument[3];pending-intent-sent;manual",
-      ]
-  }
+/**
+ * Holds if taint can flow from `source` to `sink` in one local step,
+ * including bitwise operations.
+ */
+private predicate bitwiseLocalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
+  TaintTracking::localTaintStep(source, sink) or
+  source.asExpr() = sink.asExpr().(BitwiseExpr).(BinaryExpr).getAnOperand()
 }
diff --git a/java/ql/lib/semmle/code/java/security/InformationLeak.qll b/java/ql/lib/semmle/code/java/security/InformationLeak.qll
index c3a4d0d286c..8fe7d215165 100644
--- a/java/ql/lib/semmle/code/java/security/InformationLeak.qll
+++ b/java/ql/lib/semmle/code/java/security/InformationLeak.qll
@@ -5,14 +5,6 @@ import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.security.XSS
 
-/** CSV sink models representing methods not susceptible to XSS but outputing to an HTTP response body. */
-private class DefaultInformationLeakSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      "javax.servlet.http;HttpServletResponse;false;sendError;(int,String);;Argument[1];information-leak;manual"
-  }
-}
-
 /** A sink that represent a method that outputs data to an HTTP response. */
 abstract class InformationLeakSink extends DataFlow::Node { }
 
diff --git a/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll b/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
index e09bffca8e1..b156b594a70 100644
--- a/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
+++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
@@ -2,6 +2,7 @@
 
 private import semmle.code.java.security.Encryption
 private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.security.internal.EncryptionKeySizes
 
 /** A source for an insufficient key size. */
 abstract class InsufficientKeySizeSource extends DataFlow::Node {
@@ -21,39 +22,67 @@ private module Asymmetric {
   private module NonEllipticCurve {
     /** A source for an insufficient key size used in RSA, DSA, and DH algorithms. */
     private class Source extends InsufficientKeySizeSource {
-      Source() { this.asExpr().(IntegerLiteral).getIntValue() < getMinKeySize() }
+      string algoName;
 
-      override predicate hasState(DataFlow::FlowState state) { state = getMinKeySize().toString() }
+      Source() { this.asExpr().(IntegerLiteral).getIntValue() < getMinKeySize(algoName) }
+
+      override predicate hasState(DataFlow::FlowState state) {
+        state = getMinKeySize(algoName).toString()
+      }
     }
 
     /** A sink for an insufficient key size used in RSA, DSA, and DH algorithms. */
     private class Sink extends InsufficientKeySizeSink {
+      string algoName;
+
       Sink() {
         exists(KeyPairGenInit kpgInit, KeyPairGen kpg |
-          kpg.getAlgoName().matches(["RSA", "DSA", "DH"]) and
+          algoName in ["RSA", "DSA", "DH"] and
+          kpg.getAlgoName() = algoName and
           DataFlow::localExprFlow(kpg, kpgInit.getQualifier()) and
           this.asExpr() = kpgInit.getKeySizeArg()
         )
         or
-        exists(Spec spec | this.asExpr() = spec.getKeySizeArg())
+        exists(Spec spec | this.asExpr() = spec.getKeySizeArg() and algoName = spec.getAlgoName())
       }
 
-      override predicate hasState(DataFlow::FlowState state) { state = getMinKeySize().toString() }
+      override predicate hasState(DataFlow::FlowState state) {
+        state = getMinKeySize(algoName).toString()
+      }
     }
 
     /** Returns the minimum recommended key size for RSA, DSA, and DH algorithms. */
-    private int getMinKeySize() { result = 2048 }
+    private int getMinKeySize(string algoName) {
+      algoName = "RSA" and
+      result = minSecureKeySizeRsa()
+      or
+      algoName = "DSA" and
+      result = minSecureKeySizeDsa()
+      or
+      algoName = "DH" and
+      result = minSecureKeySizeDh()
+    }
 
     /** An instance of an RSA, DSA, or DH algorithm specification. */
     private class Spec extends ClassInstanceExpr {
+      string algoName;
+
       Spec() {
-        this.getConstructedType() instanceof RsaKeyGenParameterSpec or
-        this.getConstructedType() instanceof DsaGenParameterSpec or
-        this.getConstructedType() instanceof DhGenParameterSpec
+        this.getConstructedType() instanceof RsaKeyGenParameterSpec and
+        algoName = "RSA"
+        or
+        this.getConstructedType() instanceof DsaGenParameterSpec and
+        algoName = "DSA"
+        or
+        this.getConstructedType() instanceof DhGenParameterSpec and
+        algoName = "DH"
       }
 
       /** Gets the `keysize` argument of this instance. */
       Argument getKeySizeArg() { result = this.getArgument(0) }
+
+      /** Gets the algorithm name of this spec. */
+      string getAlgoName() { result = algoName }
     }
   }
 
@@ -87,7 +116,7 @@ private module Asymmetric {
     }
 
     /** Returns the minimum recommended key size for elliptic curve (EC) algorithms. */
-    private int getMinKeySize() { result = 256 }
+    private int getMinKeySize() { result = minSecureKeySizeEcc() }
 
     /** Returns the key size from an EC algorithm's curve name string */
     bindingset[algorithm]
@@ -168,7 +197,7 @@ private module Symmetric {
   }
 
   /** Returns the minimum recommended key size for AES algorithms. */
-  private int getMinKeySize() { result = 128 }
+  private int getMinKeySize() { result = minSecureKeySizeAes() }
 
   /** A call to the `init` method declared in `javax.crypto.KeyGenerator`. */
   private class KeyGenInit extends MethodAccess {
diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll
deleted file mode 100644
index ed722c2f18a..00000000000
--- a/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll
+++ /dev/null
@@ -1,43 +0,0 @@
-/** Provides sink models relating to Expression Language (JEXL) injection vulnerabilities. */
-
-private import semmle.code.java.dataflow.ExternalFlow
-
-private class DefaultJexlInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // JEXL2
-        "org.apache.commons.jexl2;JexlEngine;false;getProperty;(JexlContext,Object,String);;Argument[2];jexl;manual",
-        "org.apache.commons.jexl2;JexlEngine;false;getProperty;(Object,String);;Argument[1];jexl;manual",
-        "org.apache.commons.jexl2;JexlEngine;false;setProperty;(JexlContext,Object,String,Object);;Argument[2];jexl;manual",
-        "org.apache.commons.jexl2;JexlEngine;false;setProperty;(Object,String,Object);;Argument[1];jexl;manual",
-        "org.apache.commons.jexl2;Expression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;Expression;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;JexlExpression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;JexlExpression;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;Script;false;execute;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;Script;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;JexlScript;false;execute;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;JexlScript;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;UnifiedJEXL$Expression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;UnifiedJEXL$Expression;false;prepare;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl2;UnifiedJEXL$Template;false;evaluate;;;Argument[-1];jexl;manual",
-        // JEXL3
-        "org.apache.commons.jexl3;JexlEngine;false;getProperty;(JexlContext,Object,String);;Argument[2];jexl;manual",
-        "org.apache.commons.jexl3;JexlEngine;false;getProperty;(Object,String);;Argument[1];jexl;manual",
-        "org.apache.commons.jexl3;JexlEngine;false;setProperty;(JexlContext,Object,String);;Argument[2];jexl;manual",
-        "org.apache.commons.jexl3;JexlEngine;false;setProperty;(Object,String,Object);;Argument[1];jexl;manual",
-        "org.apache.commons.jexl3;Expression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;Expression;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JexlExpression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JexlExpression;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;Script;false;execute;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;Script;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JexlScript;false;execute;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JexlScript;false;callable;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JxltEngine$Expression;false;evaluate;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JxltEngine$Expression;false;prepare;;;Argument[-1];jexl;manual",
-        "org.apache.commons.jexl3;JxltEngine$Template;false;evaluate;;;Argument[-1];jexl;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/security/JndiInjection.qll b/java/ql/lib/semmle/code/java/security/JndiInjection.qll
index 9dca731af80..cacf725cc99 100644
--- a/java/ql/lib/semmle/code/java/security/JndiInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/JndiInjection.qll
@@ -72,62 +72,6 @@ private class ProviderUrlJndiInjectionSink extends JndiInjectionSink, DataFlow::
   }
 }
 
-/** CSV sink models representing methods susceptible to JNDI injection attacks. */
-private class DefaultJndiInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.naming;Context;true;lookup;;;Argument[0];jndi-injection;manual",
-        "javax.naming;Context;true;lookupLink;;;Argument[0];jndi-injection;manual",
-        "javax.naming;Context;true;rename;;;Argument[0];jndi-injection;manual",
-        "javax.naming;Context;true;list;;;Argument[0];jndi-injection;manual",
-        "javax.naming;Context;true;listBindings;;;Argument[0];jndi-injection;manual",
-        "javax.naming;InitialContext;true;doLookup;;;Argument[0];jndi-injection;manual",
-        "javax.management.remote;JMXConnector;true;connect;;;Argument[-1];jndi-injection;manual",
-        "javax.management.remote;JMXConnectorFactory;false;connect;;;Argument[0];jndi-injection;manual",
-        // Spring
-        "org.springframework.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection;manual",
-        // spring-ldap 1.2.x and newer
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(String);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookup;(String,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;findByDn;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;rename;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;list;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;listBindings;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,int,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(String,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(String,String,int,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;search;(String,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;searchForObject;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap.core;LdapOperations;true;searchForObject;(String,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        // spring-ldap 1.1.x
-        "org.springframework.ldap;LdapOperations;true;lookup;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;findByDn;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;rename;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;list;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;listBindings;;;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(Name,String,int,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(Name,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(String,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(String,String,int,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;search;(String,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;searchForObject;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        "org.springframework.ldap;LdapOperations;true;searchForObject;(String,String,ContextMapper);;Argument[0];jndi-injection;manual",
-        // Shiro
-        "org.apache.shiro.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection;manual"
-      ]
-  }
-}
-
 /** A set of additional taint steps to consider when taint tracking JNDI injection related data flows. */
 private class DefaultJndiInjectionAdditionalTaintStep extends JndiInjectionAdditionalTaintStep {
   override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
diff --git a/java/ql/lib/semmle/code/java/security/LdapInjection.qll b/java/ql/lib/semmle/code/java/security/LdapInjection.qll
index 35c59279f4e..d78bd2f7ae1 100644
--- a/java/ql/lib/semmle/code/java/security/LdapInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/LdapInjection.qll
@@ -32,53 +32,6 @@ private class DefaultLdapInjectionSink extends LdapInjectionSink {
   DefaultLdapInjectionSink() { sinkNode(this, "ldap") }
 }
 
-private class DefaultLdapInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // jndi
-        "javax.naming.directory;DirContext;true;search;;;Argument[0..1];ldap;manual",
-        // apache
-        "org.apache.directory.ldap.client.api;LdapConnection;true;search;;;Argument[0..2];ldap;manual",
-        // UnboundID: search
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(ReadOnlySearchRequest);;Argument[0];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchRequest);;Argument[0];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[]);;Argument[0..7];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[]);;Argument[0..7];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,Filter,String[]);;Argument[0..3];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,String,String[]);;Argument[0..3];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[]);;Argument[0..6];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[]);;Argument[0..6];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,Filter,String[]);;Argument[0..2];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,String,String[]);;Argument[0..2];ldap;manual",
-        // UnboundID: searchForEntry
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(ReadOnlySearchRequest);;Argument[0];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(SearchRequest);;Argument[0];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[]);;Argument[0..5];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,DereferencePolicy,int,boolean,String,String[]);;Argument[0..5];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,Filter,String[]);;Argument[0..2];ldap;manual",
-        "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,String,String[]);;Argument[0..2];ldap;manual",
-        // UnboundID: asyncSearch
-        "com.unboundid.ldap.sdk;LDAPConnection;false;asyncSearch;;;Argument[0];ldap;manual",
-        // Spring
-        "org.springframework.ldap.core;LdapTemplate;false;find;;;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;findOne;;;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;search;;;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;searchForContext;;;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;searchForObject;;;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(LdapQuery,String);;Argument[0];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticatedLdapEntryContextCallback);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticationErrorCallback);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticatedLdapEntryContextCallback);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback);;Argument[0..1];ldap;manual",
-        "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticationErrorCallback);;Argument[0..1];ldap;manual"
-      ]
-  }
-}
-
 /** A sanitizer that clears the taint on (boxed) primitive types. */
 private class DefaultLdapSanitizer extends LdapInjectionSanitizer {
   DefaultLdapSanitizer() {
diff --git a/java/ql/lib/semmle/code/java/security/MvelInjection.qll b/java/ql/lib/semmle/code/java/security/MvelInjection.qll
index 167b21edae6..a0ada3d91a1 100644
--- a/java/ql/lib/semmle/code/java/security/MvelInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/MvelInjection.qll
@@ -28,31 +28,6 @@ private class DefaultMvelEvaluationSink extends MvelEvaluationSink {
   DefaultMvelEvaluationSink() { sinkNode(this, "mvel") }
 }
 
-private class DefaulMvelEvaluationSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.script;CompiledScript;false;eval;;;Argument[-1];mvel;manual",
-        "org.mvel2;MVEL;false;eval;;;Argument[0];mvel;manual",
-        "org.mvel2;MVEL;false;executeExpression;;;Argument[0];mvel;manual",
-        "org.mvel2;MVEL;false;evalToBoolean;;;Argument[0];mvel;manual",
-        "org.mvel2;MVEL;false;evalToString;;;Argument[0];mvel;manual",
-        "org.mvel2;MVEL;false;executeAllExpression;;;Argument[0];mvel;manual",
-        "org.mvel2;MVEL;false;executeSetExpression;;;Argument[0];mvel;manual",
-        "org.mvel2;MVELRuntime;false;execute;;;Argument[1];mvel;manual",
-        "org.mvel2.templates;TemplateRuntime;false;eval;;;Argument[0];mvel;manual",
-        "org.mvel2.templates;TemplateRuntime;false;execute;;;Argument[0];mvel;manual",
-        "org.mvel2.jsr223;MvelScriptEngine;false;eval;;;Argument[0];mvel;manual",
-        "org.mvel2.jsr223;MvelScriptEngine;false;evaluate;;;Argument[0];mvel;manual",
-        "org.mvel2.jsr223;MvelCompiledScript;false;eval;;;Argument[-1];mvel;manual",
-        "org.mvel2.compiler;ExecutableStatement;false;getValue;;;Argument[-1];mvel;manual",
-        "org.mvel2.compiler;CompiledExpression;false;getDirectValue;;;Argument[-1];mvel;manual",
-        "org.mvel2.compiler;CompiledAccExpression;false;getValue;;;Argument[-1];mvel;manual",
-        "org.mvel2.compiler;Accessor;false;getValue;;;Argument[-1];mvel;manual"
-      ]
-  }
-}
-
 /** A default sanitizer that considers numeric and boolean typed data safe for building MVEL expressions */
 private class DefaultMvelInjectionSanitizer extends MvelInjectionSanitizer {
   DefaultMvelInjectionSanitizer() {
diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll
index 1ebede55b78..aa10de4d3c1 100644
--- a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll
@@ -25,29 +25,6 @@ class OgnlInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }
 
-private class DefaultOgnlInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.commons.ognl;Ognl;false;getValue;;;Argument[0];ognl-injection;manual",
-        "org.apache.commons.ognl;Ognl;false;setValue;;;Argument[0];ognl-injection;manual",
-        "org.apache.commons.ognl;Node;true;getValue;;;Argument[-1];ognl-injection;manual",
-        "org.apache.commons.ognl;Node;true;setValue;;;Argument[-1];ognl-injection;manual",
-        "org.apache.commons.ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection;manual",
-        "org.apache.commons.ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection;manual",
-        "ognl;Ognl;false;getValue;;;Argument[0];ognl-injection;manual",
-        "ognl;Ognl;false;setValue;;;Argument[0];ognl-injection;manual",
-        "ognl;Node;false;getValue;;;Argument[-1];ognl-injection;manual",
-        "ognl;Node;false;setValue;;;Argument[-1];ognl-injection;manual",
-        "ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection;manual",
-        "ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection;manual",
-        "com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[0];ognl-injection;manual",
-        "com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[0];ognl-injection;manual",
-        "com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[0];ognl-injection;manual"
-      ]
-  }
-}
-
 private class DefaultOgnlInjectionSink extends OgnlInjectionSink {
   DefaultOgnlInjectionSink() { sinkNode(this, "ognl-injection") }
 }
diff --git a/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll b/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll
index 65e662f0bc5..06b538d4a63 100644
--- a/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll
@@ -2,288 +2,7 @@
  * Classes and predicates for working with suspicious character ranges.
  */
 
-// We don't need the NFA utils, just the regexp tree.
-// but the below is a nice shared library that exposes the API we need.
-import regexp.NfaUtils
-
-/**
- * Gets a rank for `range` that is unique for ranges in the same file.
- * Prioritizes ranges that match more characters.
- */
-int rankRange(RegExpCharacterRange range) {
-  range =
-    rank[result](RegExpCharacterRange r, Location l, int low, int high |
-      r.getLocation() = l and
-      isRange(r, low, high)
-    |
-      r order by (high - low) desc, l.getStartLine(), l.getStartColumn()
-    )
-}
-
-/** Holds if `range` spans from the unicode code points `low` to `high` (both inclusive). */
-predicate isRange(RegExpCharacterRange range, int low, int high) {
-  exists(string lowc, string highc |
-    range.isRange(lowc, highc) and
-    low.toUnicode() = lowc and
-    high.toUnicode() = highc
-  )
-}
-
-/** Holds if `char` is an alpha-numeric character. */
-predicate isAlphanumeric(string char) {
-  // written like this to avoid having a bindingset for the predicate
-  char = [[48 .. 57], [65 .. 90], [97 .. 122]].toUnicode() // 0-9, A-Z, a-z
-}
-
-/**
- * Holds if the given ranges are from the same character class
- * and there exists at least one character matched by both ranges.
- */
-predicate overlap(RegExpCharacterRange a, RegExpCharacterRange b) {
-  exists(RegExpCharacterClass clz |
-    a = clz.getAChild() and
-    b = clz.getAChild() and
-    a != b
-  |
-    exists(int alow, int ahigh, int blow, int bhigh |
-      isRange(a, alow, ahigh) and
-      isRange(b, blow, bhigh) and
-      alow <= bhigh and
-      blow <= ahigh
-    )
-  )
-}
-
-/**
- * Holds if `range` overlaps with the char class `escape` from the same character class.
- */
-predicate overlapsWithCharEscape(RegExpCharacterRange range, RegExpCharacterClassEscape escape) {
-  exists(RegExpCharacterClass clz, string low, string high |
-    range = clz.getAChild() and
-    escape = clz.getAChild() and
-    range.isRange(low, high)
-  |
-    escape.getValue() = "w" and
-    getInRange(low, high).regexpMatch("\\w")
-    or
-    escape.getValue() = "d" and
-    getInRange(low, high).regexpMatch("\\d")
-    or
-    escape.getValue() = "s" and
-    getInRange(low, high).regexpMatch("\\s")
-  )
-}
-
-/** Gets the unicode code point for a `char`. */
-bindingset[char]
-int toCodePoint(string char) { result.toUnicode() = char }
-
-/** A character range that appears to be overly wide. */
-class OverlyWideRange extends RegExpCharacterRange {
-  OverlyWideRange() {
-    exists(int low, int high, int numChars |
-      isRange(this, low, high) and
-      numChars = (1 + high - low) and
-      this.getRootTerm().isUsedAsRegExp() and
-      numChars >= 10
-    |
-      // across the Z-a range (which includes backticks)
-      toCodePoint("Z") >= low and
-      toCodePoint("a") <= high
-      or
-      // across the 9-A range (which includes e.g. ; and ?)
-      toCodePoint("9") >= low and
-      toCodePoint("A") <= high
-      or
-      // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
-      // while still being ascii
-      low < 128 and
-      high < 128
-    ) and
-    // allowlist for known ranges
-    not this = allowedWideRanges()
-  }
-
-  /** Gets a string representation of a character class that matches the same chars as this range. */
-  string printEquivalent() { result = RangePrinter::printEquivalentCharClass(this) }
-}
-
-/** Gets a range that should not be reported as an overly wide range. */
-RegExpCharacterRange allowedWideRanges() {
-  // ~ is the last printable ASCII character, it's used right in various wide ranges.
-  result.isRange(_, "~")
-  or
-  // the same with " " and "!". " " is the first printable character, and "!" is the first non-white-space printable character.
-  result.isRange([" ", "!"], _)
-  or
-  // the `[@-_]` range is intentional
-  result.isRange("@", "_")
-  or
-  // starting from the zero byte is a good indication that it's purposely matching a large range.
-  result.isRange(0.toUnicode(), _)
-}
-
-/** Gets a char between (and including) `low` and `high`. */
-bindingset[low, high]
-private string getInRange(string low, string high) {
-  result = [toCodePoint(low) .. toCodePoint(high)].toUnicode()
-}
-
-/** A module computing an equivalent character class for an overly wide range. */
-module RangePrinter {
-  bindingset[char]
-  bindingset[result]
-  private string next(string char) {
-    exists(int prev, int next |
-      prev.toUnicode() = char and
-      next.toUnicode() = result and
-      next = prev + 1
-    )
-  }
-
-  /** Gets the points where the parts of the pretty printed range should be cut off. */
-  private string cutoffs() { result = ["A", "Z", "a", "z", "0", "9"] }
-
-  /** Gets the char to use in the low end of a range for a given `cut` */
-  private string lowCut(string cut) {
-    cut = ["A", "a", "0"] and
-    result = cut
-    or
-    cut = ["Z", "z", "9"] and
-    result = next(cut)
-  }
-
-  /** Gets the char to use in the high end of a range for a given `cut` */
-  private string highCut(string cut) {
-    cut = ["Z", "z", "9"] and
-    result = cut
-    or
-    cut = ["A", "a", "0"] and
-    next(result) = cut
-  }
-
-  /** Gets the cutoff char used for a given `part` of a range when pretty-printing it. */
-  private string cutoff(OverlyWideRange range, int part) {
-    exists(int low, int high | isRange(range, low, high) |
-      result =
-        rank[part + 1](string cut |
-          cut = cutoffs() and low < toCodePoint(cut) and toCodePoint(cut) < high
-        |
-          cut order by toCodePoint(cut)
-        )
-    )
-  }
-
-  /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
-
-  /** Holds if the given part of a range should span from `low` to `high`. */
-  private predicate part(OverlyWideRange range, int part, string low, string high) {
-    // first part.
-    part = 0 and
-    (
-      range.isRange(low, high) and
-      parts(range) = 1
-      or
-      parts(range) >= 2 and
-      range.isRange(low, _) and
-      high = highCut(cutoff(range, part))
-    )
-    or
-    // middle
-    part >= 1 and
-    part < parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    high = highCut(cutoff(range, part))
-    or
-    // last.
-    part = parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    range.isRange(_, high)
-  }
-
-  /** Gets an escaped `char` for use in a character class. */
-  bindingset[char]
-  private string escape(string char) {
-    exists(string reg | reg = "(\\[|\\]|\\\\|-|/)" |
-      if char.regexpMatch(reg) then result = "\\" + char else result = char
-    )
-  }
-
-  /** Gets a part of the equivalent range. */
-  private string printEquivalentCharClass(OverlyWideRange range, int part) {
-    exists(string low, string high | part(range, part, low, high) |
-      if
-        isAlphanumeric(low) and
-        isAlphanumeric(high)
-      then result = low + "-" + high
-      else
-        result =
-          strictconcat(string char | char = getInRange(low, high) | escape(char) order by char)
-    )
-  }
-
-  /** Gets the entire pretty printed equivalent range. */
-  string printEquivalentCharClass(OverlyWideRange range) {
-    result =
-      strictconcat(string r, int part |
-        r = "[" and part = -1 and exists(range)
-        or
-        r = printEquivalentCharClass(range, part)
-        or
-        r = "]" and part = parts(range)
-      |
-        r order by part
-      )
-  }
-}
-
-/** Gets a char range that is overly large because of `reason`. */
-RegExpCharacterRange getABadRange(string reason, int priority) {
-  result instanceof OverlyWideRange and
-  priority = 0 and
-  exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() |
-    if equiv.length() <= 50
-    then reason = "is equivalent to " + equiv
-    else reason = "is equivalent to " + equiv.substring(0, 50) + "..."
-  )
-  or
-  priority = 1 and
-  exists(RegExpCharacterRange other |
-    reason = "overlaps with " + other + " in the same character class" and
-    rankRange(result) < rankRange(other) and
-    overlap(result, other)
-  )
-  or
-  priority = 2 and
-  exists(RegExpCharacterClassEscape escape |
-    reason = "overlaps with " + escape + " in the same character class" and
-    overlapsWithCharEscape(result, escape)
-  )
-  or
-  reason = "is empty" and
-  priority = 3 and
-  exists(int low, int high |
-    isRange(result, low, high) and
-    low > high
-  )
-}
-
-/** Holds if `range` matches suspiciously many characters. */
-predicate problem(RegExpCharacterRange range, string reason) {
-  reason =
-    strictconcat(string m, int priority |
-      range = getABadRange(m, priority)
-    |
-      m, ", and " order by priority desc
-    ) and
-  // specifying a range using an escape is usually OK.
-  not range.getAChild() instanceof RegExpEscape and
-  // Unicode escapes in strings are interpreted before it turns into a regexp,
-  // so e.g. [\u0001-\uFFFF] will just turn up as a range between two constants.
-  // We therefore exclude these ranges.
-  range.getRootTerm().getParent() instanceof RegExpLiteral and
-  // is used as regexp (mostly for JS where regular expressions are parsed eagerly)
-  range.getRootTerm().isUsedAsRegExp()
-}
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
+import Dep
diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll
index 70416546b96..a43f90ae10d 100644
--- a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll
@@ -3,7 +3,6 @@
 import java
 import semmle.code.java.security.PartialPathTraversal
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 
diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
index bd15b0581b7..14445971b47 100644
--- a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
+++ b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
@@ -2,9 +2,10 @@
 
 import java
 private import semmle.code.java.controlflow.Guards
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.SSA
+private import semmle.code.java.frameworks.kotlin.IO
+private import semmle.code.java.frameworks.kotlin.Text
 
 /** A sanitizer that protects against path injection vulnerabilities. */
 abstract class PathInjectionSanitizer extends DataFlow::Node { }
@@ -51,12 +52,14 @@ private predicate exactPathMatchGuard(Guard g, Expr e, boolean branch) {
     t instanceof TypeUri or
     t instanceof TypePath or
     t instanceof TypeFile or
-    t.hasQualifiedName("android.net", "Uri")
+    t.hasQualifiedName("android.net", "Uri") or
+    t instanceof StringsKt or
+    t instanceof FilesKt
   |
+    e = getVisualQualifier(ma).getUnderlyingExpr() and
     ma.getMethod().getDeclaringType() = t and
     ma = g and
-    ma.getMethod().getName() = ["equals", "equalsIgnoreCase"] and
-    e = ma.getQualifier() and
+    getSourceMethod(ma.getMethod()).hasName(["equals", "equalsIgnoreCase"]) and
     branch = true
   )
 }
@@ -87,7 +90,7 @@ private class AllowedPrefixGuard extends PathGuard instanceof MethodAccess {
     not isDisallowedWord(super.getAnArgument())
   }
 
-  override Expr getCheckedExpr() { result = super.getQualifier() }
+  override Expr getCheckedExpr() { result = getVisualQualifier(this).getUnderlyingExpr() }
 }
 
 /**
@@ -154,7 +157,7 @@ private class BlockListGuard extends PathGuard instanceof MethodAccess {
     isDisallowedWord(super.getAnArgument())
   }
 
-  override Expr getCheckedExpr() { result = super.getQualifier() }
+  override Expr getCheckedExpr() { result = getVisualQualifier(this).getUnderlyingExpr() }
 }
 
 /**
@@ -188,15 +191,31 @@ private class BlockListSanitizer extends PathInjectionSanitizer {
   }
 }
 
+private class ConstantOrRegex extends Expr {
+  ConstantOrRegex() {
+    this instanceof CompileTimeConstantExpr or
+    this instanceof KtToRegex
+  }
+
+  string getStringValue() {
+    result = this.(CompileTimeConstantExpr).getStringValue() or
+    result = this.(KtToRegex).getExpressionString()
+  }
+}
+
 private predicate isStringPrefixMatch(MethodAccess ma) {
-  exists(Method m | m = ma.getMethod() and m.getDeclaringType() instanceof TypeString |
-    m.hasName("startsWith")
+  exists(Method m, RefType t |
+    m.getDeclaringType() = t and
+    (t instanceof TypeString or t instanceof StringsKt) and
+    m = ma.getMethod()
+  |
+    getSourceMethod(m).hasName("startsWith")
     or
-    m.hasName("regionMatches") and
-    ma.getArgument(0).(CompileTimeConstantExpr).getIntValue() = 0
+    getSourceMethod(m).hasName("regionMatches") and
+    getVisualArgument(ma, 0).(CompileTimeConstantExpr).getIntValue() = 0
     or
     m.hasName("matches") and
-    not ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().matches(".*%")
+    not getVisualArgument(ma, 0).(ConstantOrRegex).getStringValue().matches(".*%")
   )
 }
 
@@ -206,52 +225,52 @@ private predicate isStringPrefixMatch(MethodAccess ma) {
 private predicate isStringPartialMatch(MethodAccess ma) {
   isStringPrefixMatch(ma)
   or
-  ma.getMethod().getDeclaringType() instanceof TypeString and
-  ma.getMethod().hasName(["contains", "matches", "regionMatches", "indexOf", "lastIndexOf"])
+  exists(RefType t | t = ma.getMethod().getDeclaringType() |
+    t instanceof TypeString or t instanceof StringsKt
+  ) and
+  getSourceMethod(ma.getMethod())
+      .hasName(["contains", "matches", "regionMatches", "indexOf", "lastIndexOf"])
 }
 
 /**
  * Holds if `ma` is a call to a method that checks whether a path starts with a prefix.
  */
 private predicate isPathPrefixMatch(MethodAccess ma) {
-  exists(RefType t |
-    t instanceof TypePath
-    or
-    t.hasQualifiedName("kotlin.io", "FilesKt")
-  |
-    t = ma.getMethod().getDeclaringType() and
-    ma.getMethod().hasName("startsWith")
-  )
+  exists(RefType t | t = ma.getMethod().getDeclaringType() |
+    t instanceof TypePath or t instanceof FilesKt
+  ) and
+  getSourceMethod(ma.getMethod()).hasName("startsWith")
 }
 
-private predicate isDisallowedWord(CompileTimeConstantExpr word) {
+private predicate isDisallowedWord(ConstantOrRegex word) {
   word.getStringValue().matches(["/", "\\", "%WEB-INF%", "%/data%"])
 }
 
 /** A complementary guard that protects against path traversal, by looking for the literal `..`. */
 private class PathTraversalGuard extends PathGuard {
+  Expr checkedExpr;
+
   PathTraversalGuard() {
-    exists(MethodAccess ma |
-      ma.getMethod().getDeclaringType() instanceof TypeString and
+    exists(MethodAccess ma, Method m, RefType t |
+      m = ma.getMethod() and
+      t = m.getDeclaringType() and
+      (t instanceof TypeString or t instanceof StringsKt) and
+      checkedExpr = getVisualQualifier(ma).getUnderlyingExpr() and
       ma.getAnArgument().(CompileTimeConstantExpr).getStringValue() = ".."
     |
       this = ma and
-      ma.getMethod().hasName("contains")
+      getSourceMethod(m).hasName("contains")
       or
       exists(EqualityTest eq |
         this = eq and
-        ma.getMethod().hasName(["indexOf", "lastIndexOf"]) and
+        getSourceMethod(m).hasName(["indexOf", "lastIndexOf"]) and
         eq.getAnOperand() = ma and
         eq.getAnOperand().(CompileTimeConstantExpr).getIntValue() = -1
       )
     )
   }
 
-  override Expr getCheckedExpr() {
-    exists(MethodAccess ma | ma = this.(EqualityTest).getAnOperand() or ma = this |
-      result = ma.getQualifier()
-    )
-  }
+  override Expr getCheckedExpr() { result = checkedExpr }
 
   boolean getBranch() {
     this instanceof MethodAccess and result = false
@@ -263,15 +282,50 @@ private class PathTraversalGuard extends PathGuard {
 /** A complementary sanitizer that protects against path traversal using path normalization. */
 private class PathNormalizeSanitizer extends MethodAccess {
   PathNormalizeSanitizer() {
-    exists(RefType t |
-      t instanceof TypePath or
-      t.hasQualifiedName("kotlin.io", "FilesKt")
-    |
-      this.getMethod().getDeclaringType() = t and
+    exists(RefType t | this.getMethod().getDeclaringType() = t |
+      (t instanceof TypePath or t instanceof FilesKt) and
       this.getMethod().hasName("normalize")
+      or
+      t instanceof TypeFile and
+      this.getMethod().hasName(["getCanonicalPath", "getCanonicalFile"])
     )
-    or
-    this.getMethod().getDeclaringType() instanceof TypeFile and
-    this.getMethod().hasName(["getCanonicalPath", "getCanonicalFile"])
   }
 }
+
+/**
+ * Gets the qualifier of `ma` as seen in the source code.
+ * This is a helper predicate to solve discrepancies between
+ * what `getQualifier` actually gets in Java and Kotlin.
+ */
+private Expr getVisualQualifier(MethodAccess ma) {
+  if ma.getMethod() instanceof ExtensionMethod
+  then
+    result = ma.getArgument(ma.getMethod().(ExtensionMethod).getExtensionReceiverParameterIndex())
+  else result = ma.getQualifier()
+}
+
+/**
+ * Gets the argument of `ma` at position `argPos` as seen in the source code.
+ * This is a helper predicate to solve discrepancies between
+ * what `getArgument` actually gets in Java and Kotlin.
+ */
+bindingset[argPos]
+private Argument getVisualArgument(MethodAccess ma, int argPos) {
+  if ma.getMethod() instanceof ExtensionMethod
+  then
+    result =
+      ma.getArgument(argPos + ma.getMethod().(ExtensionMethod).getExtensionReceiverParameterIndex() +
+          1)
+  else result = ma.getArgument(argPos)
+}
+
+/**
+ * Gets the proxied method if `m` is a Kotlin proxy that supplies default parameter values.
+ * Otherwise, just gets `m`.
+ */
+private Method getSourceMethod(Method m) {
+  m = result.getKotlinParameterDefaultsProxy()
+  or
+  not exists(Method src | m = src.getKotlinParameterDefaultsProxy()) and
+  result = m
+}
diff --git a/java/ql/lib/semmle/code/java/security/RelativePaths.qll b/java/ql/lib/semmle/code/java/security/RelativePaths.qll
index 45473997489..458bb7aea5d 100644
--- a/java/ql/lib/semmle/code/java/security/RelativePaths.qll
+++ b/java/ql/lib/semmle/code/java/security/RelativePaths.qll
@@ -1,4 +1,5 @@
-/* Detection of strings and arrays of strings containing relative paths. */
+/** Detection of strings and arrays of strings containing relative paths. */
+
 import java
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
index d59e6c877c3..916b6df4372 100644
--- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
+++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
@@ -14,22 +14,8 @@ private class DefaultHeaderSplittingSink extends HeaderSplittingSink {
   DefaultHeaderSplittingSink() { sinkNode(this, "header-splitting") }
 }
 
-private class HeaderSplittingSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.servlet.http;HttpServletResponse;false;addCookie;;;Argument[0];header-splitting;manual",
-        "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument[0..1];header-splitting;manual",
-        "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument[0..1];header-splitting;manual",
-        "javax.ws.rs.core;ResponseBuilder;false;header;;;Argument[1];header-splitting;manual"
-      ]
-  }
-}
-
 /** A source that introduces data considered safe to use by a header splitting source. */
-abstract class SafeHeaderSplittingSource extends DataFlow::Node {
-  SafeHeaderSplittingSource() { this instanceof RemoteFlowSource }
-}
+abstract class SafeHeaderSplittingSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A default source that introduces data considered safe to use by a header splitting source. */
 private class DefaultSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll
new file mode 100644
index 00000000000..e7b5112a44a
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll
@@ -0,0 +1,138 @@
+/** Definitions for the keyboard cache query */
+
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.security.SensitiveActions
+import semmle.code.xml.AndroidManifest
+
+/** An Android Layout XML file. */
+private class AndroidLayoutXmlFile extends XmlFile {
+  AndroidLayoutXmlFile() { this.getRelativePath().matches("%/res/layout/%.xml") }
+}
+
+/** A component declared in an Android layout file. */
+class AndroidLayoutXmlElement extends XmlElement {
+  AndroidXmlAttribute id;
+
+  AndroidLayoutXmlElement() {
+    this.getFile() instanceof AndroidLayoutXmlFile and
+    id = this.getAttribute("id")
+  }
+
+  /** Gets the ID of this component. */
+  string getId() { result = id.getValue() }
+
+  /** Gets the class of this component. */
+  Class getClass() {
+    this.getName() = "view" and
+    this.getAttribute("class").getValue() = result.getQualifiedName()
+    or
+    this.getName() = result.getQualifiedName()
+    or
+    result.hasQualifiedName(["android.widget", "android.view"], this.getName())
+  }
+}
+
+/** An XML element that represents an editable text field. */
+class AndroidEditableXmlElement extends AndroidLayoutXmlElement {
+  AndroidEditableXmlElement() {
+    this.getClass().getASourceSupertype*().hasQualifiedName("android.widget", "EditText")
+  }
+
+  /** Gets the input type of this field, if any. */
+  string getInputType() { result = this.getAttribute("inputType").(AndroidXmlAttribute).getValue() }
+}
+
+/** A `findViewById` or `requireViewById` method on `Activity` or `View`. */
+private class FindViewMethod extends Method {
+  FindViewMethod() {
+    this.hasQualifiedName("android.view", "View", ["findViewById", "requireViewById"])
+    or
+    exists(Method m |
+      m.hasQualifiedName("android.app", "Activity", ["findViewById", "requireViewById"]) and
+      this = m.getAnOverride*()
+    )
+  }
+}
+
+/** Gets a use of the view that has the given id. */
+private MethodAccess getAUseOfViewWithId(string id) {
+  exists(string name, NestedClass r_id, Field id_field |
+    id = "@+id/" + name and
+    result.getMethod() instanceof FindViewMethod and
+    r_id.getEnclosingType().hasName("R") and
+    r_id.hasName("id") and
+    id_field.getDeclaringType() = r_id and
+    id_field.hasName(name)
+  |
+    DataFlow::localExprFlow(id_field.getAnAccess(), result.getArgument(0))
+  )
+}
+
+/** Gets the argument of a use of `setInputType` called on the view with the given id. */
+private Argument setInputTypeForId(string id) {
+  exists(MethodAccess setInputType |
+    setInputType.getMethod().hasQualifiedName("android.widget", "TextView", "setInputType") and
+    DataFlow::localExprFlow(getAUseOfViewWithId(id), setInputType.getQualifier()) and
+    result = setInputType.getArgument(0)
+  )
+}
+
+/** Holds if the given field is a constant flag indicating that an input with this type will not be cached. */
+private predicate inputTypeFieldNotCached(Field f) {
+  f.getDeclaringType().hasQualifiedName("android.text", "InputType") and
+  (
+    not f.getName().matches("%TEXT%")
+    or
+    f.getName().matches("%PASSWORD%")
+    or
+    f.hasName("TYPE_TEXT_FLAG_NO_SUGGESTIONS")
+  )
+}
+
+/** Configuration that finds uses of `setInputType` for non cached fields. */
+private class GoodInputTypeConf extends DataFlow::Configuration {
+  GoodInputTypeConf() { this = "GoodInputTypeConf" }
+
+  override predicate isSource(DataFlow::Node node) {
+    inputTypeFieldNotCached(node.asExpr().(FieldAccess).getField())
+  }
+
+  override predicate isSink(DataFlow::Node node) { node.asExpr() = setInputTypeForId(_) }
+
+  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(OrBitwiseExpr bitOr |
+      node1.asExpr() = bitOr.getAChildExpr() and
+      node2.asExpr() = bitOr
+    )
+  }
+}
+
+/** Gets a regex indicating that an input field may contain sensitive data. */
+private string getInputSensitiveInfoRegex() {
+  result =
+    [
+      getCommonSensitiveInfoRegex(),
+      "(?i).*(bank|credit|debit|(pass(wd|word|code|phrase))|security).*"
+    ]
+}
+
+/** Holds if input using the given input type (as written in XML) is not stored in the keyboard cache. */
+bindingset[ty]
+private predicate inputTypeNotCached(string ty) {
+  not ty.matches("%text%")
+  or
+  ty.regexpMatch("(?i).*(nosuggestions|password).*")
+}
+
+/** Gets an input field whose contents may be sensitive and may be stored in the keyboard cache. */
+AndroidEditableXmlElement getASensitiveCachedInput() {
+  result.getId().regexpMatch(getInputSensitiveInfoRegex()) and
+  (
+    not inputTypeNotCached(result.getInputType()) and
+    not exists(GoodInputTypeConf conf, DataFlow::Node src, DataFlow::Node sink |
+      conf.hasFlow(src, sink) and
+      sink.asExpr() = setInputTypeForId(result.getId())
+    )
+  )
+}
diff --git a/java/ql/lib/semmle/code/java/security/SpelInjection.qll b/java/ql/lib/semmle/code/java/security/SpelInjection.qll
index 76fb6191911..55f526d72f4 100644
--- a/java/ql/lib/semmle/code/java/security/SpelInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/SpelInjection.qll
@@ -2,7 +2,6 @@
 
 import java
 private import semmle.code.java.dataflow.DataFlow
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.frameworks.spring.SpringExpression
 
 /** A data flow sink for unvalidated user input that is used to construct SpEL expressions. */
diff --git a/java/ql/lib/semmle/code/java/security/SqlUnescapedLib.qll b/java/ql/lib/semmle/code/java/security/SqlUnescapedLib.qll
index d76c77c499c..3f5810e141b 100644
--- a/java/ql/lib/semmle/code/java/security/SqlUnescapedLib.qll
+++ b/java/ql/lib/semmle/code/java/security/SqlUnescapedLib.qll
@@ -1,4 +1,5 @@
-/* Definitions used by `SqlUnescaped.ql`. */
+/** Definitions used by `SqlUnescaped.ql`. */
+
 import semmle.code.java.security.ControlledString
 import semmle.code.java.dataflow.TaintTracking
 
diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll
index 079ef551bb3..ce2bd9d217d 100644
--- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll
@@ -76,33 +76,3 @@ private class DefaultTemplateInjectionSanitizer extends TemplateInjectionSanitiz
     this.getType() instanceof NumericType
   }
 }
-
-private class TemplateInjectionSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "freemarker.template;Template;true;Template;(String,Reader);;Argument[1];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,Reader,Configuration);;Argument[1];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,Reader,Configuration,String);;Argument[1];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,String,Reader,Configuration);;Argument[2];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,String,Reader,Configuration,String);;Argument[2];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,String,Reader,Configuration,ParserConfiguration,String);;Argument[2];ssti;manual",
-        "freemarker.template;Template;true;Template;(String,String,Configuration);;Argument[1];ssti;manual",
-        "freemarker.cache;StringTemplateLoader;true;putTemplate;;;Argument[1];ssti;manual",
-        "com.mitchellbosecke.pebble;PebbleEngine;true;getTemplate;;;Argument[0];ssti;manual",
-        "com.mitchellbosecke.pebble;PebbleEngine;true;getLiteralTemplate;;;Argument[0];ssti;manual",
-        "com.hubspot.jinjava;Jinjava;true;renderForResult;;;Argument[0];ssti;manual",
-        "com.hubspot.jinjava;Jinjava;true;render;;;Argument[0];ssti;manual",
-        "org.thymeleaf;ITemplateEngine;true;process;;;Argument[0];ssti;manual",
-        "org.thymeleaf;ITemplateEngine;true;processThrottled;;;Argument[0];ssti;manual",
-        "org.apache.velocity.app;Velocity;true;evaluate;;;Argument[3];ssti;manual",
-        "org.apache.velocity.app;Velocity;true;mergeTemplate;;;Argument[2];ssti;manual",
-        "org.apache.velocity.app;VelocityEngine;true;evaluate;;;Argument[3];ssti;manual",
-        "org.apache.velocity.app;VelocityEngine;true;mergeTemplate;;;Argument[2];ssti;manual",
-        "org.apache.velocity.runtime.resource.util;StringResourceRepository;true;putStringResource;;;Argument[1];ssti;manual",
-        "org.apache.velocity.runtime;RuntimeServices;true;evaluate;;;Argument[3];ssti;manual",
-        "org.apache.velocity.runtime;RuntimeServices;true;parse;;;Argument[0];ssti;manual",
-        "org.apache.velocity.runtime;RuntimeSingleton;true;parse;;;Argument[0];ssti;manual"
-      ]
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
index b362a5dceeb..0bc76e384d1 100644
--- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
@@ -1,7 +1,6 @@
 /** Provides taint tracking configurations to be used in unsafe content URI resolution queries. */
 
 import java
-import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.UnsafeContentUriResolution
diff --git a/java/ql/lib/semmle/code/java/security/XPath.qll b/java/ql/lib/semmle/code/java/security/XPath.qll
index 2122093a05c..c8b1077990d 100644
--- a/java/ql/lib/semmle/code/java/security/XPath.qll
+++ b/java/ql/lib/semmle/code/java/security/XPath.qll
@@ -10,38 +10,6 @@ private import semmle.code.java.dataflow.ExternalFlow
  */
 abstract class XPathInjectionSink extends DataFlow::Node { }
 
-/** CSV sink models representing methods susceptible to XPath Injection attacks. */
-private class DefaultXPathInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.xml.xpath;XPath;true;evaluate;;;Argument[0];xpath;manual",
-        "javax.xml.xpath;XPath;true;evaluateExpression;;;Argument[0];xpath;manual",
-        "javax.xml.xpath;XPath;true;compile;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;selectObject;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;selectNodes;;;Argument[0..1];xpath;manual",
-        "org.dom4j;Node;true;selectSingleNode;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;numberValueOf;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;valueOf;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;matches;;;Argument[0];xpath;manual",
-        "org.dom4j;Node;true;createXPath;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentFactory;true;createPattern;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentFactory;true;createXPath;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentFactory;true;createXPathFilter;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentHelper;false;createPattern;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentHelper;false;createXPath;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentHelper;false;createXPathFilter;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentHelper;false;selectNodes;;;Argument[0];xpath;manual",
-        "org.dom4j;DocumentHelper;false;sort;;;Argument[1];xpath;manual",
-        "org.dom4j.tree;AbstractNode;true;createXPathFilter;;;Argument[0];xpath;manual",
-        "org.dom4j.tree;AbstractNode;true;createPattern;;;Argument[0];xpath;manual",
-        "org.dom4j.util;ProxyDocumentFactory;true;createPattern;;;Argument[0];xpath;manual",
-        "org.dom4j.util;ProxyDocumentFactory;true;createXPath;;;Argument[0];xpath;manual",
-        "org.dom4j.util;ProxyDocumentFactory;true;createXPathFilter;;;Argument[0];xpath;manual"
-      ]
-  }
-}
-
 /** A default sink representing methods susceptible to XPath Injection attacks. */
 private class DefaultXPathInjectionSink extends XPathInjectionSink {
   DefaultXPathInjectionSink() {
diff --git a/java/ql/lib/semmle/code/java/security/XsltInjection.qll b/java/ql/lib/semmle/code/java/security/XsltInjection.qll
index 570a7575af3..f6953a09539 100644
--- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll
@@ -15,20 +15,6 @@ private class DefaultXsltInjectionSink extends XsltInjectionSink {
   DefaultXsltInjectionSink() { sinkNode(this, "xslt") }
 }
 
-private class DefaultXsltInjectionSinkModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.xml.transform;Transformer;false;transform;;;Argument[-1];xslt;manual",
-        "net.sf.saxon.s9api;XsltTransformer;false;transform;;;Argument[-1];xslt;manual",
-        "net.sf.saxon.s9api;Xslt30Transformer;false;transform;;;Argument[-1];xslt;manual",
-        "net.sf.saxon.s9api;Xslt30Transformer;false;applyTemplates;;;Argument[-1];xslt;manual",
-        "net.sf.saxon.s9api;Xslt30Transformer;false;callFunction;;;Argument[-1];xslt;manual",
-        "net.sf.saxon.s9api;Xslt30Transformer;false;callTemplate;;;Argument[-1];xslt;manual"
-      ]
-  }
-}
-
 /**
  * A unit class for adding additional taint steps.
  *
diff --git a/java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll b/java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll
new file mode 100644
index 00000000000..46df3a3ca7b
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll
@@ -0,0 +1,21 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides predicates for recommended encryption key sizes.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+
+/** Returns the minimum recommended key size for RSA. */
+int minSecureKeySizeRsa() { result = 2048 }
+
+/** Returns the minimum recommended key size for DSA. */
+int minSecureKeySizeDsa() { result = 2048 }
+
+/** Returns the minimum recommended key size for DH. */
+int minSecureKeySizeDh() { result = 2048 }
+
+/** Returns the minimum recommended key size for elliptic curve cryptography. */
+int minSecureKeySizeEcc() { result = 256 }
+
+/** Returns the minimum recommended key size for AES. */
+int minSecureKeySizeAes() { result = 128 }
diff --git a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll
index 4a608890249..d0a08dc88bf 100644
--- a/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll
@@ -62,284 +62,7 @@
  *     a suffix `x` (possible empty) that is most likely __not__ accepted.
  */
 
-import NfaUtils
-
-/**
- * Holds if state `s` might be inside a backtracking repetition.
- */
-pragma[noinline]
-private predicate stateInsideBacktracking(State s) {
-  s.getRepr().getParent*() instanceof MaybeBacktrackingRepetition
-}
-
-/**
- * A infinitely repeating quantifier that might backtrack.
- */
-private class MaybeBacktrackingRepetition extends InfiniteRepetitionQuantifier {
-  MaybeBacktrackingRepetition() {
-    exists(RegExpTerm child |
-      child instanceof RegExpAlt or
-      child instanceof RegExpQuantifier
-    |
-      child.getParent+() = this
-    )
-  }
-}
-
-/**
- * A state in the product automaton.
- */
-private newtype TStatePair =
-  /**
-   * We lazily only construct those states that we are actually
-   * going to need: `(q, q)` for every fork state `q`, and any
-   * pair of states that can be reached from a pair that we have
-   * already constructed. To cut down on the number of states,
-   * we only represent states `(q1, q2)` where `q1` is lexicographically
-   * no bigger than `q2`.
-   *
-   * States are only constructed if both states in the pair are
-   * inside a repetition that might backtrack.
-   */
-  MkStatePair(State q1, State q2) {
-    isFork(q1, _, _, _, _) and q2 = q1
-    or
-    (step(_, _, _, q1, q2) or step(_, _, _, q2, q1)) and
-    rankState(q1) <= rankState(q2)
-  }
-
-/**
- * Gets a unique number for a `state`.
- * Is used to create an ordering of states, where states with the same `toString()` will be ordered differently.
- */
-private int rankState(State state) {
-  state =
-    rank[result](State s, Location l |
-      stateInsideBacktracking(s) and
-      l = s.getRepr().getLocation()
-    |
-      s order by l.getStartLine(), l.getStartColumn(), s.toString()
-    )
-}
-
-/**
- * A state in the product automaton.
- */
-private class StatePair extends TStatePair {
-  State q1;
-  State q2;
-
-  StatePair() { this = MkStatePair(q1, q2) }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "(" + q1 + ", " + q2 + ")" }
-
-  /** Gets the first component of the state pair. */
-  State getLeft() { result = q1 }
-
-  /** Gets the second component of the state pair. */
-  State getRight() { result = q2 }
-}
-
-/**
- * Holds for `(fork, fork)` state pairs when `isFork(fork, _, _, _, _)` holds.
- *
- * Used in `statePairDistToFork`
- */
-private predicate isStatePairFork(StatePair p) {
-  exists(State fork | p = MkStatePair(fork, fork) and isFork(fork, _, _, _, _))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r`.
- *
- * Used in `statePairDistToFork`
- */
-private predicate reverseStep(StatePair r, StatePair q) { step(q, _, _, r) }
-
-/**
- * Gets the minimum length of a path from `q` to `r` in the
- * product automaton.
- */
-private int statePairDistToFork(StatePair q, StatePair r) =
-  shortestDistances(isStatePairFork/1, reverseStep/2)(r, q, result)
-
-/**
- * Holds if there are transitions from `q` to `r1` and from `q` to `r2`
- * labelled with `s1` and `s2`, respectively, where `s1` and `s2` do not
- * trivially have an empty intersection.
- *
- * This predicate only holds for states associated with regular expressions
- * that have at least one repetition quantifier in them (otherwise the
- * expression cannot be vulnerable to ReDoS attacks anyway).
- */
-pragma[noopt]
-private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  stateInsideBacktracking(q) and
-  exists(State q1, State q2 |
-    q1 = epsilonSucc*(q) and
-    delta(q1, s1, r1) and
-    q2 = epsilonSucc*(q) and
-    delta(q2, s2, r2) and
-    // Use pragma[noopt] to prevent intersect(s1,s2) from being the starting point of the join.
-    // From (s1,s2) it would find a huge number of intermediate state pairs (q1,q2) originating from different literals,
-    // and discover at the end that no `q` can reach both `q1` and `q2` by epsilon transitions.
-    exists(intersect(s1, s2))
-  |
-    s1 != s2
-    or
-    r1 != r2
-    or
-    r1 = r2 and q1 != q2
-    or
-    // If q can reach itself by epsilon transitions, then there are two distinct paths to the q1/q2 state:
-    // one that uses the loop and one that doesn't. The engine will separately attempt to match with each path,
-    // despite ending in the same state. The "fork" thus arises from the choice of whether to use the loop or not.
-    // To avoid every state in the loop becoming a fork state,
-    // we arbitrarily pick the InfiniteRepetitionQuantifier state as the canonical fork state for the loop
-    // (every epsilon-loop must contain such a state).
-    //
-    // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
-    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
-    // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
-    r1 = r2 and
-    q1 = q2 and
-    epsilonSucc+(q) = q and
-    exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and
-    // One of the mid states is an infinite quantifier itself
-    exists(State mid, RegExpTerm term |
-      mid = epsilonSucc+(q) and
-      term = mid.getRepr() and
-      term instanceof InfiniteRepetitionQuantifier and
-      q = epsilonSucc+(mid) and
-      not mid = q
-    )
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-/**
- * Gets the state pair `(q1, q2)` or `(q2, q1)`; note that only
- * one or the other is defined.
- */
-private StatePair mkStatePair(State q1, State q2) {
-  result = MkStatePair(q1, q2) or result = MkStatePair(q2, q1)
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1` and `s2`, respectively.
- */
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, StatePair r) {
-  exists(State r1, State r2 | step(q, s1, s2, r1, r2) and r = mkStatePair(r1, r2))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1` and `r2`
- * labelled with `s1` and `s2`, respectively.
- *
- * We only consider transitions where the resulting states `(r1, r2)` are both
- * inside a repetition that might backtrack.
- */
-pragma[noopt]
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  exists(State q1, State q2 | q.getLeft() = q1 and q.getRight() = q2 |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    // use noopt to force the join on `intersect` to happen last.
-    exists(intersect(s1, s2))
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, TTrace t) { isReachableFromFork(_, _, s1, s2, t, _) }
-
-/**
- * A list of pairs of input symbols that describe a path in the product automaton
- * starting from some fork state.
- */
-private class Trace extends TTrace {
-  /** Gets a textual representation of this element. */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, Trace t | this = Step(s1, s2, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if `r` is reachable from `(fork, fork)` under input `w`, and there is
- * a path from `r` back to `(fork, fork)` with `rem` steps.
- */
-private predicate isReachableFromFork(State fork, StatePair r, Trace w, int rem) {
-  exists(InputSymbol s1, InputSymbol s2, Trace v |
-    isReachableFromFork(fork, r, s1, s2, v, rem) and
-    w = Step(s1, s2, v)
-  )
-}
-
-private predicate isReachableFromFork(
-  State fork, StatePair r, InputSymbol s1, InputSymbol s2, Trace v, int rem
-) {
-  // base case
-  exists(State q1, State q2 |
-    isFork(fork, s1, s2, q1, q2) and
-    r = MkStatePair(q1, q2) and
-    v = Nil() and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-  or
-  // recursive case
-  exists(StatePair p |
-    isReachableFromFork(fork, p, v, rem + 1) and
-    step(p, s1, s2, r) and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-}
-
-/**
- * Gets a state in the product automaton from which `(fork, fork)` is
- * reachable in zero or more epsilon transitions.
- */
-private StatePair getAForkPair(State fork) {
-  isFork(fork, _, _, _, _) and
-  result = MkStatePair(epsilonPred*(fork), epsilonPred*(fork))
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, result) }
-
-  /** Holds if `n` is a trace that is used by `concretize` in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State f | isReachableFromFork(f, getAForkPair(f), n, _))
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2 | t = Step(s1, s2, _) | result = intersect(s1, s2))
-  }
-}
-
-/**
- * Holds if `fork` is a pumpable fork with word `w`.
- */
-private predicate isPumpable(State fork, string w) {
-  exists(StatePair q, Trace t |
-    isReachableFromFork(fork, q, t, _) and
-    q = getAForkPair(fork) and
-    w = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/** Holds if `state` has exponential ReDoS */
-predicate hasReDoSResult = ReDoSPruning<isPumpable/2>::hasReDoSResult/4;
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll
index 5ff0cb6a39e..3b69ecc7120 100644
--- a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll
@@ -7,1332 +7,7 @@
  * other queries that benefit from reasoning about NFAs.
  */
 
-import NfaUtilsSpecific
-
-/**
- * Gets the char after `c` (from a simplified ASCII table).
- */
-private string nextChar(string c) { exists(int code | code = ascii(c) | code + 1 = ascii(result)) }
-
-/**
- * Gets an approximation for the ASCII code for `char`.
- * Only the easily printable chars are included (so no newline, tab, null, etc).
- */
-private int ascii(string char) {
-  char =
-    rank[result](string c |
-      c =
-        "! \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
-            .charAt(_)
-    )
-}
-
-/**
- * Holds if `t` matches at least an epsilon symbol.
- *
- * That is, this term does not restrict the language of the enclosing regular expression.
- *
- * This is implemented as an under-approximation, and this predicate does not hold for sub-patterns in particular.
- */
-predicate matchesEpsilon(RegExpTerm t) {
-  t instanceof RegExpStar
-  or
-  t instanceof RegExpOpt
-  or
-  t.(RegExpRange).getLowerBound() = 0
-  or
-  exists(RegExpTerm child |
-    child = t.getAChild() and
-    matchesEpsilon(child)
-  |
-    t instanceof RegExpAlt or
-    t instanceof RegExpGroup or
-    t instanceof RegExpPlus or
-    t instanceof RegExpRange
-  )
-  or
-  matchesEpsilon(t.(RegExpBackRef).getGroup())
-  or
-  forex(RegExpTerm child | child = t.(RegExpSequence).getAChild() | matchesEpsilon(child))
-}
-
-/**
- * A lookahead/lookbehind that matches the empty string.
- */
-class EmptyPositiveSubPattern extends RegExpSubPattern {
-  EmptyPositiveSubPattern() {
-    (
-      this instanceof RegExpPositiveLookahead
-      or
-      this instanceof RegExpPositiveLookbehind
-    ) and
-    matchesEpsilon(this.getOperand())
-  }
-}
-
-/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
-deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
-
-/**
- * A branch in a disjunction that is the root node in a literal, or a literal
- * whose root node is not a disjunction.
- */
-class RegExpRoot extends RegExpTerm {
-  RegExpRoot() {
-    exists(RegExpParent parent |
-      exists(RegExpAlt alt |
-        alt.isRootTerm() and
-        this = alt.getAChild() and
-        parent = alt.getParent()
-      )
-      or
-      this.isRootTerm() and
-      not this instanceof RegExpAlt and
-      parent = this.getParent()
-    )
-  }
-
-  /**
-   * Holds if this root term is relevant to the ReDoS analysis.
-   */
-  predicate isRelevant() {
-    // is actually used as a RegExp
-    this.isUsedAsRegExp() and
-    // not excluded for library specific reasons
-    not isExcluded(this.getRootTerm().getParent())
-  }
-}
-
-/**
- * A constant in a regular expression that represents valid Unicode character(s).
- */
-private class RegexpCharacterConstant extends RegExpConstant {
-  RegexpCharacterConstant() { this.isCharacter() }
-}
-
-/**
- * A regexp term that is relevant for this ReDoS analysis.
- */
-class RelevantRegExpTerm extends RegExpTerm {
-  RelevantRegExpTerm() { getRoot(this).isRelevant() }
-}
-
-/**
- * Holds if `term` is the chosen canonical representative for all terms with string representation `str`.
- * The string representation includes which flags are used with the regular expression.
- *
- * Using canonical representatives gives a huge performance boost when working with tuples containing multiple `InputSymbol`s.
- * The number of `InputSymbol`s is decreased by 3 orders of magnitude or more in some larger benchmarks.
- */
-private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
-  term =
-    min(RelevantRegExpTerm t, Location loc, File file |
-      loc = t.getLocation() and
-      file = t.getFile() and
-      str = getCanonicalizationString(t)
-    |
-      t order by t.getFile().getRelativePath(), loc.getStartLine(), loc.getStartColumn()
-    )
-}
-
-/**
- * Gets a string representation of `term` that is used for canonicalization.
- */
-private string getCanonicalizationString(RelevantRegExpTerm term) {
-  exists(string ignoreCase |
-    (if RegExpFlags::isIgnoreCase(term.getRootTerm()) then ignoreCase = "i" else ignoreCase = "") and
-    result = term.getRawValue() + "|" + ignoreCase
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-private newtype TInputSymbol =
-  /** An input symbol corresponding to character `c`. */
-  Char(string c) {
-    c =
-      any(RegexpCharacterConstant cc |
-        cc instanceof RelevantRegExpTerm and
-        not RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      ).getValue().charAt(_)
-    or
-    // normalize everything to lower case if the regexp is case insensitive
-    c =
-      any(RegexpCharacterConstant cc, string char |
-        cc instanceof RelevantRegExpTerm and
-        RegExpFlags::isIgnoreCase(cc.getRootTerm()) and
-        char = cc.getValue().charAt(_)
-      |
-        char.toLowerCase()
-      )
-  } or
-  /**
-   * An input symbol representing all characters matched by
-   * a (non-universal) character class that has string representation `charClassString`.
-   */
-  CharClass(string charClassString) {
-    exists(RelevantRegExpTerm recc | isCanonicalTerm(recc, charClassString) |
-      recc instanceof RegExpCharacterClass and
-      not recc.(RegExpCharacterClass).isUniversalClass()
-      or
-      isEscapeClass(recc, _)
-    )
-  } or
-  /** An input symbol representing all characters matched by `.`. */
-  Dot() or
-  /** An input symbol representing all characters. */
-  Any() or
-  /** An epsilon transition in the automaton. */
-  Epsilon()
-
-/**
- * Gets the the CharClass corresponding to the canonical representative `term`.
- */
-private CharClass getCharClassForCanonicalTerm(RegExpTerm term) {
-  exists(string str | isCanonicalTerm(term, str) | result = CharClass(str))
-}
-
-/**
- * Gets a char class that represents `term`, even when `term` is not the canonical representative.
- */
-CharacterClass getCanonicalCharClass(RegExpTerm term) {
-  exists(string str | str = getCanonicalizationString(term) and result = CharClass(str))
-}
-
-/**
- * Holds if `a` and `b` are input symbols from the same regexp.
- */
-private predicate sharesRoot(InputSymbol a, InputSymbol b) {
-  exists(RegExpRoot root |
-    belongsTo(a, root) and
-    belongsTo(b, root)
-  )
-}
-
-/**
- * Holds if the `a` is an input symbol from a regexp that has root `root`.
- */
-private predicate belongsTo(InputSymbol a, RegExpRoot root) {
-  exists(State s | getRoot(s.getRepr()) = root |
-    delta(s, a, _)
-    or
-    delta(_, a, s)
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-class InputSymbol extends TInputSymbol {
-  InputSymbol() { not this instanceof Epsilon }
-
-  /**
-   * Gets a string representation of this input symbol.
-   */
-  string toString() {
-    this = Char(result)
-    or
-    this = CharClass(result)
-    or
-    this = Dot() and result = "."
-    or
-    this = Any() and result = "[^]"
-  }
-}
-
-/**
- * An abstract input symbol that represents a character class.
- */
-abstract class CharacterClass extends InputSymbol {
-  /**
-   * Gets a character that is relevant for intersection-tests involving this
-   * character class.
-   *
-   * Specifically, this is any of the characters mentioned explicitly in the
-   * character class, offset by one if it is inverted. For character class escapes,
-   * the result is as if the class had been written out as a series of intervals.
-   *
-   * This set is large enough to ensure that for any two intersecting character
-   * classes, one contains a relevant character from the other.
-   */
-  abstract string getARelevantChar();
-
-  /**
-   * Holds if this character class matches `char`.
-   */
-  bindingset[char]
-  abstract predicate matches(string char);
-
-  /**
-   * Gets a character matched by this character class.
-   */
-  string choose() { result = this.getARelevantChar() and this.matches(result) }
-}
-
-/**
- * Provides implementations for `CharacterClass`.
- */
-private module CharacterClasses {
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatches(RegExpCharacterClass cc, string char) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then
-      // normalize everything to lower case if the regexp is case insensitive
-      exists(string c | hasChildThatMatchesIgnoringCasingFlags(cc, c) | char = c.toLowerCase())
-    else hasChildThatMatchesIgnoringCasingFlags(cc, char)
-  }
-
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   * Ignores whether the character class is inside a regular expression that has the ignore case flag.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatchesIgnoringCasingFlags(RegExpCharacterClass cc, string char) {
-    exists(getCharClassForCanonicalTerm(cc)) and
-    exists(RegExpTerm child | child = cc.getAChild() |
-      char = child.(RegexpCharacterConstant).getValue()
-      or
-      rangeMatchesOnLetterOrDigits(child, char)
-      or
-      not rangeMatchesOnLetterOrDigits(child, _) and
-      char = getARelevantChar() and
-      exists(string lo, string hi | child.(RegExpCharacterRange).isRange(lo, hi) |
-        lo <= char and
-        char <= hi
-      )
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        charClass.toLowerCase() = charClass and
-        classEscapeMatches(charClass, char)
-        or
-        char = getARelevantChar() and
-        charClass.toUpperCase() = charClass and
-        not classEscapeMatches(charClass, char)
-      )
-    )
-  }
-
-  /**
-   * Holds if `range` is a range on lower-case, upper-case, or digits, and matches `char`.
-   * This predicate is used to restrict the searchspace for ranges by only joining `getAnyPossiblyMatchedChar`
-   * on a few ranges.
-   */
-  private predicate rangeMatchesOnLetterOrDigits(RegExpCharacterRange range, string char) {
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = lowercaseLetter() and hi = lowercaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = lowercaseLetter()
-    )
-    or
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = upperCaseLetter() and hi = upperCaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = upperCaseLetter()
-    )
-    or
-    exists(string lo, string hi | range.isRange(lo, hi) and lo = digit() and hi = digit() |
-      lo <= char and
-      char <= hi and
-      char = digit()
-    )
-  }
-
-  private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }
-
-  private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }
-
-  private string digit() { result = [0 .. 9].toString() }
-
-  /**
-   * Gets a char that could be matched by a regular expression.
-   * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
-   */
-  string getARelevantChar() {
-    exists(ascii(result))
-    or
-    exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
-    or
-    classEscapeMatches(_, result)
-  }
-
-  /**
-   * Gets a char that is mentioned in the character class `c`.
-   */
-  private string getAMentionedChar(RegExpCharacterClass c) {
-    exists(RegExpTerm child | child = c.getAChild() |
-      result = child.(RegexpCharacterConstant).getValue()
-      or
-      child.(RegExpCharacterRange).isRange(result, _)
-      or
-      child.(RegExpCharacterRange).isRange(_, result)
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        result = min(string s | classEscapeMatches(charClass.toLowerCase(), s))
-        or
-        result = max(string s | classEscapeMatches(charClass.toLowerCase(), s))
-      )
-    )
-  }
-
-  bindingset[char, cc]
-  private string caseNormalize(string char, RegExpTerm cc) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then result = char.toLowerCase()
-    else result = char
-  }
-
-  /**
-   * An implementation of `CharacterClass` for positive (non inverted) character classes.
-   */
-  private class PositiveCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    PositiveCharacterClass() { this = getCharClassForCanonicalTerm(cc) and not cc.isInverted() }
-
-    override string getARelevantChar() { result = caseNormalize(getAMentionedChar(cc), cc) }
-
-    override predicate matches(string char) { hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for inverted character classes.
-   */
-  private class InvertedCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    InvertedCharacterClass() { this = getCharClassForCanonicalTerm(cc) and cc.isInverted() }
-
-    override string getARelevantChar() {
-      result = nextChar(caseNormalize(getAMentionedChar(cc), cc)) or
-      nextChar(result) = caseNormalize(getAMentionedChar(cc), cc)
-    }
-
-    bindingset[char]
-    override predicate matches(string char) { not hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * Holds if the character class escape `clazz` (\d, \s, or \w) matches `char`.
-   */
-  pragma[noinline]
-  private predicate classEscapeMatches(string clazz, string char) {
-    clazz = "d" and
-    char = "0123456789".charAt(_)
-    or
-    clazz = "s" and
-    char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f
-    or
-    clazz = "w" and
-    char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \d, \s, and \w.
-   */
-  private class PositiveCharacterClassEscape extends CharacterClass {
-    string charClass;
-    RegExpTerm cc;
-
-    PositiveCharacterClassEscape() {
-      isEscapeClass(cc, charClass) and
-      this = getCharClassForCanonicalTerm(cc) and
-      charClass = ["d", "s", "w"]
-    }
-
-    override string getARelevantChar() {
-      charClass = "d" and
-      result = ["0", "9"]
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      then result = ["a", "z", "_", "0", "9"]
-      else result = ["a", "Z", "_", "0", "9"]
-    }
-
-    override predicate matches(string char) { classEscapeMatches(charClass, char) }
-
-    override string choose() {
-      charClass = "d" and
-      result = "9"
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      result = "a"
-    }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \D, \S, and \W.
-   */
-  private class NegativeCharacterClassEscape extends CharacterClass {
-    string charClass;
-
-    NegativeCharacterClassEscape() {
-      exists(RegExpTerm cc |
-        isEscapeClass(cc, charClass) and
-        this = getCharClassForCanonicalTerm(cc) and
-        charClass = ["D", "S", "W"]
-      )
-    }
-
-    override string getARelevantChar() {
-      charClass = "D" and
-      result = ["a", "Z", "!"]
-      or
-      charClass = "S" and
-      result = ["a", "9", "!"]
-      or
-      charClass = "W" and
-      result = [" ", "!"]
-    }
-
-    bindingset[char]
-    override predicate matches(string char) {
-      not classEscapeMatches(charClass.toLowerCase(), char)
-    }
-  }
-
-  /** Gets a representative for all char classes that match the same chars as `c`. */
-  CharacterClass normalize(CharacterClass c) {
-    exists(string normalization |
-      normalization = getNormalizationString(c) and
-      result =
-        min(CharacterClass cc, string raw |
-          getNormalizationString(cc) = normalization and cc = CharClass(raw)
-        |
-          cc order by raw
-        )
-    )
-  }
-
-  /** Gets a string representing all the chars matched by `c` */
-  private string getNormalizationString(CharacterClass c) {
-    (c instanceof PositiveCharacterClass or c instanceof PositiveCharacterClassEscape) and
-    result = concat(string char | c.matches(char) and char = CharacterClasses::getARelevantChar())
-    or
-    (c instanceof InvertedCharacterClass or c instanceof NegativeCharacterClassEscape) and
-    // the string produced by the concat can not contain repeated chars
-    // so by starting the below with "nn" we can guarantee that
-    // it will not overlap with the above case.
-    // and a negative char class can never match the same chars as a positive one, so we don't miss any results from this.
-    result =
-      "nn:" +
-        concat(string char | not c.matches(char) and char = CharacterClasses::getARelevantChar())
-  }
-}
-
-private class EdgeLabel extends TInputSymbol {
-  string toString() {
-    this = Epsilon() and result = ""
-    or
-    exists(InputSymbol s | this = s and result = s.toString())
-  }
-}
-
-/**
- * A RegExp term that acts like a plus.
- * Either it's a RegExpPlus, or it is a range {1,X} where X is >= 30.
- * 30 has been chosen as a threshold because for exponential blowup 2^30 is enough to get a decent DOS attack.
- */
-private class EffectivelyPlus extends RegExpTerm {
-  EffectivelyPlus() {
-    this instanceof RegExpPlus
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 1 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a star.
- * Either it's a RegExpStar, or it is a range {0,X} where X is >= 30.
- */
-private class EffectivelyStar extends RegExpTerm {
-  EffectivelyStar() {
-    this instanceof RegExpStar
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 0 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a question mark.
- * Either it's a RegExpQuestion, or it is a range {0,1}.
- */
-private class EffectivelyQuestion extends RegExpTerm {
-  EffectivelyQuestion() {
-    this instanceof RegExpOpt
-    or
-    exists(RegExpRange range | range.getLowerBound() = 0 and range.getUpperBound() = 1 |
-      this = range
-    )
-  }
-}
-
-/**
- * Gets the state before matching `t`.
- */
-pragma[inline]
-private State before(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * Gets a state the NFA may be in after matching `t`.
- */
-State after(RegExpTerm t) {
-  exists(RegExpAlt alt | t = alt.getAChild() | result = after(alt))
-  or
-  exists(RegExpSequence seq, int i | t = seq.getChild(i) |
-    result = before(seq.getChild(i + 1))
-    or
-    i + 1 = seq.getNumChild() and result = after(seq)
-  )
-  or
-  exists(RegExpGroup grp | t = grp.getAChild() | result = after(grp))
-  or
-  exists(EffectivelyStar star | t = star.getAChild() |
-    not isPossessive(star) and
-    result = before(star)
-  )
-  or
-  exists(EffectivelyPlus plus | t = plus.getAChild() |
-    not isPossessive(plus) and
-    result = before(plus)
-    or
-    result = after(plus)
-  )
-  or
-  exists(EffectivelyQuestion opt | t = opt.getAChild() | result = after(opt))
-  or
-  exists(RegExpRoot root | t = root |
-    if matchesAnySuffix(root) then result = AcceptAnySuffix(root) else result = Accept(root)
-  )
-}
-
-/**
- * Holds if the NFA has a transition from `q1` to `q2` labelled with `lbl`.
- */
-predicate delta(State q1, EdgeLabel lbl, State q2) {
-  exists(RegexpCharacterConstant s, int i |
-    q1 = Match(s, i) and
-    (
-      not RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      lbl = Char(s.getValue().charAt(i))
-      or
-      // normalize everything to lower case if the regexp is case insensitive
-      RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      exists(string c | c = s.getValue().charAt(i) | lbl = Char(c.toLowerCase()))
-    ) and
-    (
-      q2 = Match(s, i + 1)
-      or
-      s.getValue().length() = i + 1 and
-      q2 = after(s)
-    )
-  )
-  or
-  exists(RegExpDot dot | q1 = before(dot) and q2 = after(dot) |
-    if RegExpFlags::isDotAll(dot.getRootTerm()) then lbl = Any() else lbl = Dot()
-  )
-  or
-  exists(RegExpCharacterClass cc |
-    cc.isUniversalClass() and q1 = before(cc) and lbl = Any() and q2 = after(cc)
-    or
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpTerm cc | isEscapeClass(cc, _) |
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpAlt alt | lbl = Epsilon() | q1 = before(alt) and q2 = before(alt.getAChild()))
-  or
-  exists(RegExpSequence seq | lbl = Epsilon() | q1 = before(seq) and q2 = before(seq.getChild(0)))
-  or
-  exists(RegExpGroup grp | lbl = Epsilon() | q1 = before(grp) and q2 = before(grp.getChild(0)))
-  or
-  exists(EffectivelyStar star | lbl = Epsilon() |
-    q1 = before(star) and q2 = before(star.getChild(0))
-    or
-    q1 = before(star) and q2 = after(star)
-  )
-  or
-  exists(EffectivelyPlus plus | lbl = Epsilon() |
-    q1 = before(plus) and q2 = before(plus.getChild(0))
-  )
-  or
-  exists(EffectivelyQuestion opt | lbl = Epsilon() |
-    q1 = before(opt) and q2 = before(opt.getChild(0))
-    or
-    q1 = before(opt) and q2 = after(opt)
-  )
-  or
-  exists(RegExpRoot root | q1 = AcceptAnySuffix(root) |
-    lbl = Any() and q2 = q1
-    or
-    lbl = Epsilon() and q2 = Accept(root)
-  )
-  or
-  exists(RegExpRoot root | q1 = Match(root, 0) | matchesAnyPrefix(root) and lbl = Any() and q2 = q1)
-  or
-  exists(RegExpDollar dollar | q1 = before(dollar) |
-    lbl = Epsilon() and q2 = Accept(getRoot(dollar))
-  )
-  or
-  exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty))
-}
-
-/**
- * Gets a state that `q` has an epsilon transition to.
- */
-State epsilonSucc(State q) { delta(q, Epsilon(), result) }
-
-/**
- * Gets a state that has an epsilon transition to `q`.
- */
-State epsilonPred(State q) { q = epsilonSucc(result) }
-
-/**
- * Holds if there is a state `q` that can be reached from `q1`
- * along epsilon edges, such that there is a transition from
- * `q` to `q2` that consumes symbol `s`.
- */
-predicate deltaClosed(State q1, InputSymbol s, State q2) { delta(epsilonSucc*(q1), s, q2) }
-
-/**
- * Gets the root containing the given term, that is, the root of the literal,
- * or a branch of the root disjunction.
- */
-RegExpRoot getRoot(RegExpTerm term) {
-  result = term or
-  result = getRoot(term.getParent())
-}
-
-/**
- * A state in the NFA.
- */
-newtype TState =
-  /**
-   * A state representing that the NFA is about to match a term.
-   * `i` is used to index into multi-char literals.
-   */
-  Match(RelevantRegExpTerm t, int i) {
-    i = 0
-    or
-    exists(t.(RegexpCharacterConstant).getValue().charAt(i))
-  } or
-  /**
-   * An accept state, where exactly the given input string is accepted.
-   */
-  Accept(RegExpRoot l) { l.isRelevant() } or
-  /**
-   * An accept state, where the given input string, or any string that has this
-   * string as a prefix, is accepted.
-   */
-  AcceptAnySuffix(RegExpRoot l) { l.isRelevant() }
-
-/**
- * Gets a state that is about to match the regular expression `t`.
- */
-State mkMatch(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * A state in the NFA corresponding to a regular expression.
- *
- * Each regular expression literal `l` has one accepting state
- * `Accept(l)`, one state that accepts all suffixes `AcceptAnySuffix(l)`,
- * and a state `Match(t, i)` for every subterm `t`,
- * which represents the state of the NFA before starting to
- * match `t`, or the `i`th character in `t` if `t` is a constant.
- */
-class State extends TState {
-  RegExpTerm repr;
-
-  State() {
-    this = Match(repr, _) or
-    this = Accept(repr) or
-    this = AcceptAnySuffix(repr)
-  }
-
-  /**
-   * Gets a string representation for this state in a regular expression.
-   */
-  string toString() {
-    exists(int i | this = Match(repr, i) | result = "Match(" + repr + "," + i + ")")
-    or
-    this instanceof Accept and
-    result = "Accept(" + repr + ")"
-    or
-    this instanceof AcceptAnySuffix and
-    result = "AcceptAny(" + repr + ")"
-  }
-
-  /**
-   * Gets the location for this state.
-   */
-  Location getLocation() { result = repr.getLocation() }
-
-  /**
-   * Gets the term represented by this state.
-   */
-  RegExpTerm getRepr() { result = repr }
-}
-
-/**
- * Gets the minimum char that is matched by both the character classes `c` and `d`.
- */
-private string getMinOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  result = min(getAOverlapBetweenCharacterClasses(c, d))
-}
-
-/**
- * Gets a char that is matched by both the character classes `c` and `d`.
- * And `c` and `d` is not the same character class.
- */
-private string getAOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  sharesRoot(c, d) and
-  result = [c.getARelevantChar(), d.getARelevantChar()] and
-  c.matches(result) and
-  d.matches(result) and
-  not c = d
-}
-
-/**
- * Gets a character that is represented by both `c` and `d`.
- */
-string intersect(InputSymbol c, InputSymbol d) {
-  (sharesRoot(c, d) or [c, d] = Any()) and
-  (
-    c = Char(result) and
-    d = getAnInputSymbolMatching(result)
-    or
-    result = getMinOverlapBetweenCharacterClasses(c, d)
-    or
-    result = c.(CharacterClass).choose() and
-    (
-      d = c
-      or
-      d = Dot() and
-      not (result = "\n" or result = "\r")
-      or
-      d = Any()
-    )
-    or
-    (c = Dot() or c = Any()) and
-    (d = Dot() or d = Any()) and
-    result = "a"
-  )
-  or
-  result = intersect(d, c)
-}
-
-/**
- * Gets a symbol that matches `char`.
- */
-bindingset[char]
-InputSymbol getAnInputSymbolMatching(string char) {
-  result = Char(char)
-  or
-  result.(CharacterClass).matches(char)
-  or
-  result = Dot() and
-  not (char = "\n" or char = "\r")
-  or
-  result = Any()
-}
-
-/**
- * Holds if `state` is a start state.
- */
-predicate isStartState(State state) {
-  state = mkMatch(any(RegExpRoot r))
-  or
-  exists(RegExpCaret car | state = after(car))
-}
-
-/**
- * Holds if `state` is a candidate for ReDoS with string `pump`.
- */
-signature predicate isCandidateSig(State state, string pump);
-
-/**
- * Holds if `state` is a candidate for ReDoS.
- */
-signature predicate isCandidateSig(State state);
-
-/**
- * Predicates for constructing a prefix string that leads to a given state.
- */
-module PrefixConstruction<isCandidateSig/1 isCandidate> {
-  /**
-   * Holds if `state` is the textually last start state for the regular expression.
-   */
-  private predicate lastStartState(RelevantState state) {
-    exists(RegExpRoot root |
-      state =
-        max(RelevantState s, Location l |
-          isStartState(s) and
-          getRoot(s.getRepr()) = root and
-          l = s.getRepr().getLocation()
-        |
-          s
-          order by
-            l.getStartLine(), l.getStartColumn(), s.getRepr().toString(), l.getEndColumn(),
-            l.getEndLine()
-        )
-    )
-  }
-
-  /**
-   * Holds if there exists any transition (Epsilon() or other) from `a` to `b`.
-   */
-  private predicate existsTransition(State a, State b) { delta(a, _, b) }
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the `start` state.
-   */
-  int prefixLength(State start, State state) =
-    shortestDistances(lastStartState/1, existsTransition/2)(start, state, result)
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the start state.
-   */
-  private int lengthFromStart(State state) { result = prefixLength(_, state) }
-
-  /**
-   * Gets a string for which the regular expression will reach `state`.
-   *
-   * Has at most one result for any given `state`.
-   * This predicate will not always have a result even if there is a ReDoS issue in
-   * the regular expression.
-   */
-  string prefix(State state) {
-    lastStartState(state) and
-    result = ""
-    or
-    // the search stops past the last redos candidate state.
-    lengthFromStart(state) <= max(lengthFromStart(any(State s | isCandidate(s)))) and
-    exists(State prev |
-      // select a unique predecessor (by an arbitrary measure)
-      prev =
-        min(State s, Location loc |
-          lengthFromStart(s) = lengthFromStart(state) - 1 and
-          loc = s.getRepr().getLocation() and
-          delta(s, _, state)
-        |
-          s
-          order by
-            loc.getStartLine(), loc.getStartColumn(), loc.getEndLine(), loc.getEndColumn(),
-            s.getRepr().toString()
-        )
-    |
-      // greedy search for the shortest prefix
-      result = prefix(prev) and delta(prev, Epsilon(), state)
-      or
-      not delta(prev, Epsilon(), state) and
-      result = prefix(prev) + getCanonicalEdgeChar(prev, state)
-    )
-  }
-
-  /**
-   * Gets a canonical char for which there exists a transition from `prev` to `next` in the NFA.
-   */
-  private string getCanonicalEdgeChar(State prev, State next) {
-    result =
-      min(string c | delta(prev, any(InputSymbol symbol | c = intersect(Any(), symbol)), next))
-  }
-
-  /** A state within a regular expression that contains a candidate state. */
-  class RelevantState instanceof State {
-    RelevantState() {
-      exists(State s | isCandidate(s) | getRoot(s.getRepr()) = getRoot(this.getRepr()))
-    }
-
-    /** Gets a string representation for this state in a regular expression. */
-    string toString() { result = State.super.toString() }
-
-    /** Gets the term represented by this state. */
-    RegExpTerm getRepr() { result = State.super.getRepr() }
-  }
-}
-
-/**
- * A module for pruning candidate ReDoS states.
- * The candidates are specified by the `isCandidate` signature predicate.
- * The candidates are checked for rejecting suffixes and deduplicated,
- * and the resulting ReDoS states are read by the `hasReDoSResult` predicate.
- */
-module ReDoSPruning<isCandidateSig/2 isCandidate> {
-  /**
-   * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
-   * No check whether a rejected suffix exists has been made.
-   */
-  private predicate isReDoSCandidate(State state, string pump) {
-    isCandidate(state, pump) and
-    not state = acceptsAnySuffix() and // pruning early - these can never get stuck in a rejecting state.
-    (
-      not isCandidate(epsilonSucc+(state), _)
-      or
-      epsilonSucc+(state) = state and
-      state =
-        max(State s, Location l |
-          s = epsilonSucc+(state) and
-          l = s.getRepr().getLocation() and
-          isCandidate(s, _) and
-          s.getRepr() instanceof InfiniteRepetitionQuantifier
-        |
-          s order by l.getStartLine(), l.getStartColumn(), l.getEndColumn(), l.getEndLine()
-        )
-    )
-  }
-
-  /** Gets a state that can reach the `accept-any` state using only epsilon steps. */
-  private State acceptsAnySuffix() { epsilonSucc*(result) = AcceptAnySuffix(_) }
-
-  predicate isCandidateState(State s) { isReDoSCandidate(s, _) }
-
-  import PrefixConstruction<isCandidateState/1> as Prefix
-
-  class RelevantState = Prefix::RelevantState;
-
-  /**
-   * Predicates for testing the presence of a rejecting suffix.
-   *
-   * These predicates are used to ensure that the all states reached from the fork
-   * by repeating `w` have a rejecting suffix.
-   *
-   * For example, a regexp like `/^(a+)+/` will accept any string as long the prefix is
-   * some number of `"a"`s, and it is therefore not possible to construct a rejecting suffix.
-   *
-   * A regexp like `/(a+)+$/` or `/(a+)+b/` trivially has a rejecting suffix,
-   * as the suffix "X" will cause both the regular expressions to be rejected.
-   *
-   * The string `w` is repeated any number of times because it needs to be
-   * infinitely repeatable for the attack to work.
-   * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
-   * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
-   */
-  private module SuffixConstruction {
-    /**
-     * Holds if all states reachable from `fork` by repeating `w`
-     * are likely rejectable by appending some suffix.
-     */
-    predicate reachesOnlyRejectableSuffixes(State fork, string w) {
-      isReDoSCandidate(fork, w) and
-      forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
-      not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
-    }
-
-    /**
-     * Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
-     * This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
-     */
-    pragma[noinline]
-    private predicate isLikelyRejectable(RelevantState s) {
-      // exists a reject edge with some char.
-      hasRejectEdge(s)
-      or
-      hasEdgeToLikelyRejectable(s)
-      or
-      // stopping here is rejection
-      isRejectState(s)
-    }
-
-    /**
-     * Holds if `s` is not an accept state, and there is no epsilon transition to an accept state.
-     */
-    predicate isRejectState(RelevantState s) { not epsilonSucc*(s) = Accept(_) }
-
-    /**
-     * Holds if there is likely a non-empty suffix leading to rejection starting in `s`.
-     */
-    pragma[noopt]
-    predicate hasEdgeToLikelyRejectable(RelevantState s) {
-      // all edges (at least one) with some char leads to another state that is rejectable.
-      // the `next` states might not share a common suffix, which can cause FPs.
-      exists(string char | char = hasEdgeToLikelyRejectableHelper(s) |
-        // noopt to force `hasEdgeToLikelyRejectableHelper` to be first in the join-order.
-        exists(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next)) and
-        forall(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next))
-      )
-    }
-
-    /**
-     * Gets a char for there exists a transition away from `s`,
-     * and `s` has not been found to be rejectable by `hasRejectEdge` or `isRejectState`.
-     */
-    pragma[noinline]
-    private string hasEdgeToLikelyRejectableHelper(RelevantState s) {
-      not hasRejectEdge(s) and
-      not isRejectState(s) and
-      deltaClosedChar(s, result, _)
-    }
-
-    /**
-     * Holds if there is a state `next` that can be reached from `prev`
-     * along epsilon edges, such that there is a transition from
-     * `prev` to `next` that the character symbol `char`.
-     */
-    predicate deltaClosedChar(RelevantState prev, string char, RelevantState next) {
-      deltaClosed(prev, getAnInputSymbolMatchingRelevant(char), next)
-    }
-
-    pragma[noinline]
-    InputSymbol getAnInputSymbolMatchingRelevant(string char) {
-      char = relevant(_) and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    pragma[noinline]
-    RegExpRoot relevantRoot() {
-      exists(RegExpTerm term, State s |
-        s.getRepr() = term and isCandidateState(s) and result = term.getRootTerm()
-      )
-    }
-
-    /**
-     * Gets a char used for finding possible suffixes inside `root`.
-     */
-    pragma[noinline]
-    private string relevant(RegExpRoot root) {
-      root = relevantRoot() and
-      (
-        exists(ascii(result)) and exists(root)
-        or
-        exists(InputSymbol s | belongsTo(s, root) | result = intersect(s, _))
-        or
-        // The characters from `hasSimpleRejectEdge`. Only `\n` is really needed (as `\n` is not in the `ascii` relation).
-        // The three chars must be kept in sync with `hasSimpleRejectEdge`.
-        result = ["|", "\n", "Z"] and exists(root)
-      )
-    }
-
-    /**
-     * Holds if there exists a `char` such that there is no edge from `s` labeled `char` in our NFA.
-     * The NFA does not model reject states, so the above is the same as saying there is a reject edge.
-     */
-    private predicate hasRejectEdge(State s) {
-      hasSimpleRejectEdge(s)
-      or
-      not hasSimpleRejectEdge(s) and
-      exists(string char | char = relevant(getRoot(s.getRepr())) | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Holds if there is no edge from `s` labeled with "|", "\n", or "Z" in our NFA.
-     * This predicate is used as a cheap pre-processing to speed up `hasRejectEdge`.
-     */
-    private predicate hasSimpleRejectEdge(State s) {
-      // The three chars were chosen arbitrarily. The three chars must be kept in sync with `relevant`.
-      exists(string char | char = ["|", "\n", "Z"] | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i+1` characters of `w`.
-     */
-    pragma[noopt]
-    private State process(State fork, string w, int i) {
-      exists(State prev | prev = getProcessPrevious(fork, i, w) |
-        not prev = acceptsAnySuffix() and // we stop `process(..)` early if we can. If the successor accepts any suffix, then we know it can never be rejected.
-        exists(string char, InputSymbol sym |
-          char = w.charAt(i) and
-          deltaClosed(prev, sym, result) and
-          // noopt to prevent joining `prev` with all possible `chars` that could transition away from `prev`.
-          // Instead only join with the set of `chars` where a relevant `InputSymbol` has already been found.
-          sym = getAProcessInputSymbol(char)
-        )
-      )
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i` characters of `w`.
-     */
-    private State getProcessPrevious(State fork, int i, string w) {
-      isReDoSCandidate(fork, w) and
-      (
-        i = 0 and result = fork
-        or
-        result = process(fork, w, i - 1)
-        or
-        // repeat until fixpoint
-        i = 0 and
-        result = process(fork, w, w.length() - 1)
-      )
-    }
-
-    /**
-     * Gets an InputSymbol that matches `char`.
-     * The predicate is specialized to only have a result for the `char`s that are relevant for the `process` predicate.
-     */
-    private InputSymbol getAProcessInputSymbol(string char) {
-      char = getAProcessChar() and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    /**
-     * Gets a `char` that occurs in a `pump` string.
-     */
-    private string getAProcessChar() { result = any(string s | isReDoSCandidate(_, s)).charAt(_) }
-  }
-
-  /**
-   * Holds if `term` may cause superlinear backtracking on strings containing many repetitions of `pump`.
-   * Gets the shortest string that causes superlinear backtracking.
-   */
-  private predicate isReDoSAttackable(RegExpTerm term, string pump, State s) {
-    exists(int i, string c | s = Match(term, i) |
-      c =
-        min(string w |
-          isCandidate(s, w) and
-          SuffixConstruction::reachesOnlyRejectableSuffixes(s, w)
-        |
-          w order by w.length(), w
-        ) and
-      pump = escape(rotate(c, i))
-    )
-  }
-
-  /**
-   * Holds if the state `s` (represented by the term `t`) can have backtracking with repetitions of `pump`.
-   *
-   * `prefixMsg` contains a friendly message for a prefix that reaches `s` (or `prefixMsg` is the empty string if the prefix is empty or if no prefix could be found).
-   */
-  predicate hasReDoSResult(RegExpTerm t, string pump, State s, string prefixMsg) {
-    isReDoSAttackable(t, pump, s) and
-    (
-      prefixMsg = "starting with '" + escape(Prefix::prefix(s)) + "' and " and
-      not Prefix::prefix(s) = ""
-      or
-      Prefix::prefix(s) = "" and prefixMsg = ""
-      or
-      not exists(Prefix::prefix(s)) and prefixMsg = ""
-    )
-  }
-
-  /**
-   * Gets the result of backslash-escaping newlines, carriage-returns and
-   * backslashes in `s`.
-   */
-  bindingset[s]
-  private string escape(string s) {
-    result =
-      s.replaceAll("\\", "\\\\")
-          .replaceAll("\n", "\\n")
-          .replaceAll("\r", "\\r")
-          .replaceAll("\t", "\\t")
-  }
-
-  /**
-   * Gets `str` with the last `i` characters moved to the front.
-   *
-   * We use this to adjust the pump string to match with the beginning of
-   * a RegExpTerm, so it doesn't start in the middle of a constant.
-   */
-  bindingset[str, i]
-  private string rotate(string str, int i) {
-    result = str.suffix(str.length() - i) + str.prefix(str.length() - i)
-  }
-}
-
-/**
- * A module that describes a tree where each node has one or more associated characters, also known as a trie.
- * The root node has no associated character.
- * This module is a signature used in `Concretizer`.
- */
-signature module CharTree {
-  /** A node in the tree. */
-  class CharNode;
-
-  /** Gets the previous node in the tree from `t`. */
-  CharNode getPrev(CharNode t);
-
-  /**
-   * Holds if `n` is at the end of a tree. I.e. a node that should have a result in the `Concretizer` module.
-   * Such a node can still have children.
-   */
-  predicate isARelevantEnd(CharNode n);
-
-  /** Gets a char associated with `t`. */
-  string getChar(CharNode t);
-}
-
-/**
- * Implements an algorithm for computing all possible strings
- * from following a tree of nodes (as described in `CharTree`).
- *
- * The string is build using one big concat, where all the chars are computed first.
- * See `concretize`.
- */
-module Concretizer<CharTree Impl> {
-  private class Node = Impl::CharNode;
-
-  private predicate getPrev = Impl::getPrev/1;
-
-  private predicate isARelevantEnd = Impl::isARelevantEnd/1;
-
-  private predicate getChar = Impl::getChar/1;
-
-  /** Holds if `n` is on a path from the root to a leaf, and is therefore relevant for the results in `concretize`. */
-  private predicate isRelevant(Node n) {
-    isARelevantEnd(n)
-    or
-    exists(Node succ | isRelevant(succ) | n = getPrev(succ))
-  }
-
-  /** Holds if `n` is a root with no predecessors. */
-  private predicate isRoot(Node n) { not exists(getPrev(n)) }
-
-  /** Gets the distance from a root to `n`. */
-  private int nodeDepth(Node n) {
-    result = 0 and isRoot(n)
-    or
-    isRelevant(n) and
-    exists(Node prev | result = nodeDepth(prev) + 1 | prev = getPrev(n))
-  }
-
-  /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
-  private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }
-
-  /** Gets the `i`th character on the path from the root to `n`. */
-  pragma[noinline]
-  private string getPrefixChar(Node n, int i) {
-    exists(Node ancestor |
-      result = getChar(ancestor) and
-      ancestor = getAnAncestor(n) and
-      i = nodeDepth(ancestor)
-    )
-  }
-
-  /** Gets a string corresponding to `node`. */
-  language[monotonicAggregates]
-  string concretize(Node n) {
-    result = strictconcat(int i | exists(getPrefixChar(n, i)) | getPrefixChar(n, i) order by i)
-  }
-}
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+// NfaUtils should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
+import Dep
diff --git a/java/ql/lib/semmle/code/java/security/regexp/NfaUtilsSpecific.qll b/java/ql/lib/semmle/code/java/security/regexp/NfaUtilsSpecific.qll
deleted file mode 100644
index 742229eacca..00000000000
--- a/java/ql/lib/semmle/code/java/security/regexp/NfaUtilsSpecific.qll
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * This module should provide a class hierarchy corresponding to a parse tree of regular expressions.
- * This is the interface to the shared ReDoS library.
- */
-
-private import java
-import semmle.code.FileSystem
-import semmle.code.java.regex.RegexTreeView
-
-/**
- * Holds if `term` is an escape class representing e.g. `\d`.
- * `clazz` is which character class it represents, e.g. "d" for `\d`.
- */
-predicate isEscapeClass(RegExpTerm term, string clazz) {
-  term.(RegExpCharacterClassEscape).getValue() = clazz
-  or
-  term.(RegExpNamedProperty).getBackslashEquivalent() = clazz
-}
-
-/**
- * Holds if `term` is a possessive quantifier, e.g. `a*+`.
- */
-predicate isPossessive(RegExpQuantifier term) { term.isPossessive() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
- */
-predicate matchesAnyPrefix(RegExpTerm term) { not term.getRegex().matchesFullString() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
- */
-predicate matchesAnySuffix(RegExpTerm term) { not term.getRegex().matchesFullString() }
-
-/**
- * Holds if the regular expression should not be considered.
- *
- * We make the pragmatic performance optimization to ignore regular expressions in files
- * that do not belong to the project code (such as installed dependencies).
- */
-predicate isExcluded(RegExpParent parent) {
-  not exists(parent.getRegex().getLocation().getFile().getRelativePath())
-  or
-  // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so
-  // we explicitly exclude these.
-  strictcount(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10
-}
-
-/**
- * A module containing predicates for determining which flags a regular expression have.
- */
-module RegExpFlags {
-  /**
-   * Holds if `root` has the `i` flag for case-insensitive matching.
-   */
-  predicate isIgnoreCase(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isIgnoreCase()
-  }
-
-  /**
-   * Gets the flags for `root`, or the empty string if `root` has no flags.
-   */
-  deprecated string getFlags(RegExpTerm root) {
-    root.isRootTerm() and
-    result = root.getLiteral().getFlags()
-  }
-
-  /**
-   * Holds if `root` has the `s` flag for multi-line matching.
-   */
-  predicate isDotAll(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isDotAll()
-  }
-}
diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
index b0a8ff1a3c5..2a822ac69de 100644
--- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
@@ -1,19 +1,19 @@
 /** Definitions and configurations for the Polynomial ReDoS query */
 
-import semmle.code.java.security.regexp.SuperlinearBackTracking
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as SuperlinearBackTracking
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.regex.RegexTreeView
 import semmle.code.java.regex.RegexFlowConfigs
 import semmle.code.java.dataflow.FlowSources
 
 /** A sink for polynomial redos queries, where a regex is matched. */
 class PolynomialRedosSink extends DataFlow::Node {
-  RegExpLiteral reg;
+  TreeView::RegExpLiteral reg;
 
   PolynomialRedosSink() { regexMatchedAgainst(reg.getRegex(), this.asExpr()) }
 
   /** Gets the regex that is matched against this node. */
-  RegExpTerm getRegExp() { result.getParent() = reg }
+  TreeView::RegExpTerm getRegExp() { result.getParent() = reg }
 }
 
 /**
@@ -49,7 +49,8 @@ class PolynomialRedosConfig extends TaintTracking::Configuration {
 
 /** Holds if there is flow from `source` to `sink` that is matched against the regexp term `regexp` that is vulnerable to Polynomial ReDoS. */
 predicate hasPolynomialReDoSResult(
-  DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp
+  DataFlow::PathNode source, DataFlow::PathNode sink,
+  SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
 ) {
   any(PolynomialRedosConfig config).hasFlowPath(source, sink) and
   regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp()
diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
new file mode 100644
index 00000000000..7b96ad6e198
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -0,0 +1,48 @@
+/** Provides classes and predicates related to regex injection in Java. */
+
+import java
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.frameworks.Regex
+
+/** A data flow sink for untrusted user input used to construct regular expressions. */
+abstract class RegexInjectionSink extends DataFlow::ExprNode { }
+
+/** A sanitizer for untrusted user input used to construct regular expressions. */
+abstract class RegexInjectionSanitizer extends DataFlow::ExprNode { }
+
+/** A method call that takes a regular expression as an argument. */
+private class DefaultRegexInjectionSink extends RegexInjectionSink {
+  DefaultRegexInjectionSink() {
+    // we only select sinks where there is direct regex creation, not regex uses
+    sinkNode(this, ["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"])
+  }
+}
+
+/**
+ * A call to the `Pattern.quote` method, which gives metacharacters or escape sequences
+ * no special meaning.
+ */
+private class PatternQuoteCall extends RegexInjectionSanitizer {
+  PatternQuoteCall() {
+    exists(MethodAccess ma, Method m | m = ma.getMethod() |
+      ma.getArgument(0) = this.asExpr() and
+      m instanceof PatternQuoteMethod
+    )
+  }
+}
+
+/**
+ * Use of the `Pattern.LITERAL` flag with `Pattern.compile`, which gives metacharacters
+ * or escape sequences no special meaning.
+ */
+private class PatternLiteralFlag extends RegexInjectionSanitizer {
+  PatternLiteralFlag() {
+    exists(MethodAccess ma, Method m, PatternLiteralField field | m = ma.getMethod() |
+      ma.getArgument(0) = this.asExpr() and
+      m.getDeclaringType() instanceof TypeRegexPattern and
+      m.hasName("compile") and
+      ma.getArgument(1) = field.getAnAccess()
+    )
+  }
+}
diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll
new file mode 100644
index 00000000000..e2453c08dca
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll
@@ -0,0 +1,17 @@
+/** Provides configurations to be used in queries related to regex injection. */
+
+import java
+import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.security.regexp.RegexInjection
+
+/** A taint-tracking configuration for untrusted user input used to construct regular expressions. */
+class RegexInjectionConfiguration extends TaintTracking::Configuration {
+  RegexInjectionConfiguration() { this = "RegexInjection" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink }
+
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof RegexInjectionSanitizer }
+}
diff --git a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll
index 14a69dc0644..623b1540ef1 100644
--- a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll
@@ -1,11 +1,4 @@
 /**
- * Provides classes for working with regular expressions that can
- * perform backtracking in superlinear time.
- */
-
-import NfaUtils
-
-/*
  * This module implements the analysis described in the paper:
  *   Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
  *     Static Detection of DoS Vulnerabilities in
@@ -42,377 +35,7 @@ import NfaUtils
  * It also doesn't find all transitions in the product automaton, which can cause false negatives.
  */
 
-/**
- * Gets any root (start) state of a regular expression.
- */
-private State getRootState() { result = mkMatch(any(RegExpRoot r)) }
-
-private newtype TStateTuple =
-  MkStateTuple(State q1, State q2, State q3) {
-    // starts at (pivot, pivot, succ)
-    isStartLoops(q1, q3) and q1 = q2
-    or
-    step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3)
-  }
-
-/**
- * A state in the product automaton.
- * The product automaton contains 3-tuples of states.
- *
- * We lazily only construct those states that we are actually
- * going to need.
- * Either a start state `(pivot, pivot, succ)`, or a state
- * where there exists a transition from an already existing state.
- *
- * The exponential variant of this query (`js/redos`) uses an optimization
- * trick where `q1 <= q2`. This trick cannot be used here as the order
- * of the elements matter.
- */
-class StateTuple extends TStateTuple {
-  State q1;
-  State q2;
-  State q3;
-
-  StateTuple() { this = MkStateTuple(q1, q2, q3) }
-
-  /**
-   * Gest a string representation of this tuple.
-   */
-  string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
-
-  /**
-   * Holds if this tuple is `(r1, r2, r3)`.
-   */
-  pragma[noinline]
-  predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 }
-}
-
-/**
- * A module for determining feasible tuples for the product automaton.
- *
- * The implementation is split into many predicates for performance reasons.
- */
-private module FeasibleTuple {
-  /**
-   * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton.
-   */
-  pragma[inline]
-  predicate isFeasibleTuple(State r1, State r2, State r3) {
-    // The first element is either inside a repetition (or the start state itself)
-    isRepetitionOrStart(r1) and
-    // The last element is inside a repetition
-    stateInsideRepetition(r3) and
-    // The states are reachable in the NFA in the order r1 -> r2 -> r3
-    delta+(r1) = r2 and
-    delta+(r2) = r3 and
-    // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair).
-    canReachABeginning(r1) and
-    // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair).
-    canReachATarget(r3)
-  }
-
-  /**
-   * Holds if `s` is either inside a repetition, or is the start state (which is a repetition).
-   */
-  pragma[noinline]
-  private predicate isRepetitionOrStart(State s) { stateInsideRepetition(s) or s = getRootState() }
-
-  /**
-   * Holds if state `s` might be inside a backtracking repetition.
-   */
-  pragma[noinline]
-  private predicate stateInsideRepetition(State s) {
-    s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "pivot" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachABeginning(State s) {
-    delta+(s) = any(State pivot | isStartLoops(pivot, _))
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "succ" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachATarget(State s) { delta+(s) = any(State succ | isStartLoops(_, succ)) }
-}
-
-/**
- * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup.
- *
- * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`.
- * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query.
- */
-predicate isStartLoops(State pivot, State succ) {
-  pivot != succ and
-  succ.getRepr() instanceof InfiniteRepetitionQuantifier and
-  delta+(pivot) = succ and
-  (
-    pivot.getRepr() instanceof InfiniteRepetitionQuantifier
-    or
-    pivot = mkMatch(any(RegExpRoot root))
-  )
-}
-
-/**
- * Gets a state for which there exists a transition in the NFA from `s'.
- */
-State delta(State s) { delta(s, _, result) }
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noinline]
-predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) {
-  exists(State r1, State r2, State r3 |
-    step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3)
-  )
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3
- * labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noopt]
-predicate step(
-  StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3
-) {
-  exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    deltaClosed(q3, s3, r3) and
-    // use noopt to force the join on `getAThreewayIntersect` to happen last.
-    exists(getAThreewayIntersect(s1, s2, s3))
-  )
-}
-
-/**
- * Gets a char that is matched by all the edges `s1`, `s2`, and `s3`.
- *
- * The result is not complete, and might miss some combination of edges that share some character.
- */
-pragma[noinline]
-string getAThreewayIntersect(InputSymbol s1, InputSymbol s2, InputSymbol s3) {
-  result = minAndMaxIntersect(s1, s2) and result = [intersect(s2, s3), intersect(s1, s3)]
-  or
-  result = minAndMaxIntersect(s1, s3) and result = [intersect(s2, s3), intersect(s1, s2)]
-  or
-  result = minAndMaxIntersect(s2, s3) and result = [intersect(s1, s2), intersect(s1, s3)]
-}
-
-/**
- * Gets the minimum and maximum characters that intersect between `a` and `b`.
- * This predicate is used to limit the size of `getAThreewayIntersect`.
- */
-pragma[noinline]
-string minAndMaxIntersect(InputSymbol a, InputSymbol b) {
-  result = [min(intersect(a, b)), max(intersect(a, b))]
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) {
-    isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _)
-  }
-
-/**
- * A list of tuples of input symbols that describe a path in the product automaton
- * starting from some start state.
- */
-class Trace extends TTrace {
-  /**
-   * Gets a string representation of this Trace that can be used for debug purposes.
-   */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if there exists a transition from `r` to `q` in the product automaton.
- * Notice that the arguments are flipped, and thus the direction is backwards.
- */
-pragma[noinline]
-predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) }
-
-/**
- * Holds if `tuple` is an end state in our search.
- * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`.
- */
-predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) }
-
-/**
- * Gets the minimum length of a path from `r` to some an end state `end`.
- *
- * The implementation searches backwards from the end-tuple.
- * This approach was chosen because it is way more efficient if the first predicate given to `shortestDistances` is small.
- * The `end` argument must always be an end state.
- */
-int distBackFromEnd(StateTuple r, StateTuple end) =
-  shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result)
-
-/**
- * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that:
- * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton,
- * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`,
- * and a path from a start-state to `tuple` follows the transitions in `trace`.
- */
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, StateTuple tuple, Trace trace, int dist
-) {
-  exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v |
-    isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and
-    trace = Step(s1, s2, s3, v)
-  )
-}
-
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3,
-  StateTuple tuple, int dist
-) {
-  // base case.
-  exists(State q1, State q2, State q3 |
-    isStartLoops(pivot, succ) and
-    step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and
-    tuple = MkStateTuple(q1, q2, q3) and
-    trace = Nil() and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ))
-  )
-  or
-  // recursive case
-  exists(StateTuple p |
-    isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and
-    step(p, s1, s2, s3, tuple)
-  )
-}
-
-/**
- * Gets the tuple `(pivot, succ, succ)` from the product automaton.
- */
-StateTuple getAnEndTuple(State pivot, State succ) {
-  isStartLoops(pivot, succ) and
-  result = MkStateTuple(pivot, succ, succ)
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, _, result) }
-
-  /** Holds if `n` is used in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State pivot, State succ |
-      isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _)
-    )
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) |
-      result = getAThreewayIntersect(s1, s2, s3)
-    )
-  }
-}
-
-/**
- * Holds if matching repetitions of `pump` can:
- * 1) Transition from `pivot` back to `pivot`.
- * 2) Transition from `pivot` to `succ`.
- * 3) Transition from `succ` to `succ`.
- *
- * From theorem 3 in the paper linked in the top of this file we can therefore conclude that
- * the regular expression has polynomial backtracking - if a rejecting suffix exists.
- *
- * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are
- * available in the `hasReDoSResult` predicate.
- */
-predicate isPumpable(State pivot, State succ, string pump) {
-  exists(StateTuple q, Trace t |
-    isReachableFromStartTuple(pivot, succ, q, t, _) and
-    q = getAnEndTuple(pivot, succ) and
-    pump = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/**
- * Holds if states starting in `state` can have polynomial backtracking with the string `pump`.
- */
-predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump) }
-
-/**
- * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
- */
-predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
-  exists(State s, State pivot |
-    ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
-    isPumpable(pivot, s, _) and
-    prev = pivot.getRepr()
-  )
-}
-
-/**
- * Gets a message for why `term` can cause polynomial backtracking.
- */
-string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
-  polynomialReDoS(term, pump, prefixMsg, prev) and
-  result =
-    "Strings " + prefixMsg + "with many repetitions of '" + pump +
-      "' can start matching anywhere after the start of the preceeding " + prev
-}
-
-/**
- * A term that may cause a regular expression engine to perform a
- * polynomial number of match attempts, relative to the input length.
- */
-class PolynomialBackTrackingTerm extends InfiniteRepetitionQuantifier {
-  string reason;
-  string pump;
-  string prefixMsg;
-  RegExpTerm prev;
-
-  PolynomialBackTrackingTerm() {
-    reason = getReasonString(this, pump, prefixMsg, prev) and
-    // there might be many reasons for this term to have polynomial backtracking - we pick the shortest one.
-    reason = min(string msg | msg = getReasonString(this, _, _, _) | msg order by msg.length(), msg)
-  }
-
-  /**
-   * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line.
-   */
-  predicate isAtEndLine() {
-    forall(RegExpTerm succ | this.getSuccessor+() = succ and not matchesEpsilon(succ) |
-      succ instanceof RegExpDollar
-    )
-  }
-
-  /**
-   * Gets the string that should be repeated to cause this regular expression to perform polynomially.
-   */
-  string getPumpString() { result = pump }
-
-  /**
-   * Gets a message for which prefix a matching string must start with for this term to cause polynomial backtracking.
-   */
-  string getPrefixMessage() { result = prefixMsg }
-
-  /**
-   * Gets a predecessor to `this`, which also loops on the pump string, and thereby causes polynomial backtracking.
-   */
-  RegExpTerm getPreviousLoop() { result = prev }
-
-  /**
-   * Gets the reason for the number of match attempts.
-   */
-  string getReason() { result = reason }
-}
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/java/ql/lib/semmle/code/xml/AndroidManifest.qll b/java/ql/lib/semmle/code/xml/AndroidManifest.qll
index c18b32751ed..44e17f5588a 100644
--- a/java/ql/lib/semmle/code/xml/AndroidManifest.qll
+++ b/java/ql/lib/semmle/code/xml/AndroidManifest.qll
@@ -129,6 +129,42 @@ class AndroidApplicationXmlElement extends XmlElement {
  */
 class AndroidActivityXmlElement extends AndroidComponentXmlElement {
   AndroidActivityXmlElement() { this.getName() = "activity" }
+
+  /**
+   * Gets an `<activity-alias>` element aliasing the activity.
+   */
+  AndroidActivityAliasXmlElement getAnAlias() {
+    exists(AndroidActivityAliasXmlElement alias | this = alias.getTarget() | result = alias)
+  }
+}
+
+/**
+ * An `<activity-alias>` element in an Android manifest file.
+ */
+class AndroidActivityAliasXmlElement extends AndroidComponentXmlElement {
+  AndroidActivityAliasXmlElement() { this.getName() = "activity-alias" }
+
+  /**
+   * Get and resolve the name of the target activity from the `android:targetActivity` attribute.
+   */
+  string getResolvedTargetActivityName() {
+    exists(AndroidXmlAttribute attr |
+      attr = this.getAnAttribute() and attr.getName() = "targetActivity"
+    |
+      result = this.getResolvedIdentifier(attr)
+    )
+  }
+
+  /**
+   * Gets the `<activity>` element referenced by the `android:targetActivity` attribute.
+   */
+  AndroidActivityXmlElement getTarget() {
+    exists(AndroidActivityXmlElement activity |
+      activity.getResolvedComponentName() = this.getResolvedTargetActivityName()
+    |
+      result = activity
+    )
+  }
 }
 
 /**
@@ -212,6 +248,13 @@ class AndroidPermissionXmlAttribute extends XmlAttribute {
   predicate isWrite() { this.getName() = "writePermission" }
 }
 
+/**
+ * The attribute `android:name` or `android:targetActivity`.
+ */
+class AndroidIdentifierXmlAttribute extends AndroidXmlAttribute {
+  AndroidIdentifierXmlAttribute() { this.getName() = ["name", "targetActivity"] }
+}
+
 /**
  * The `<path-permission`> element of a `<provider>` in an Android manifest file.
  */
@@ -228,7 +271,7 @@ class AndroidPathPermissionXmlElement extends XmlElement {
 class AndroidComponentXmlElement extends XmlElement {
   AndroidComponentXmlElement() {
     this.getParent() instanceof AndroidApplicationXmlElement and
-    this.getName().regexpMatch("(activity|service|receiver|provider)")
+    this.getName().regexpMatch("(activity|activity-alias|service|receiver|provider)")
   }
 
   /**
@@ -254,19 +297,30 @@ class AndroidComponentXmlElement extends XmlElement {
     )
   }
 
+  /**
+   * Gets the value of an identifier attribute, and tries to resolve it into a fully qualified identifier.
+   */
+  string getResolvedIdentifier(AndroidIdentifierXmlAttribute identifier) {
+    exists(string name | name = identifier.getValue() |
+      if name.matches(".%")
+      then
+        result =
+          this.getParent()
+                .(XmlElement)
+                .getParent()
+                .(AndroidManifestXmlElement)
+                .getPackageAttributeValue() + name
+      else result = name
+    )
+  }
+
   /**
    * Gets the resolved value of the `android:name` attribute of this component element.
    */
   string getResolvedComponentName() {
-    if this.getComponentName().matches(".%")
-    then
-      result =
-        this.getParent()
-              .(XmlElement)
-              .getParent()
-              .(AndroidManifestXmlElement)
-              .getPackageAttributeValue() + this.getComponentName()
-    else result = this.getComponentName()
+    exists(AndroidXmlAttribute attr | attr = this.getAnAttribute() and attr.getName() = "name" |
+      result = this.getResolvedIdentifier(attr)
+    )
   }
 
   /**
diff --git a/java/ql/lib/semmle/code/xml/MavenPom.qll b/java/ql/lib/semmle/code/xml/MavenPom.qll
index 8af6e6f0128..612c1468259 100644
--- a/java/ql/lib/semmle/code/xml/MavenPom.qll
+++ b/java/ql/lib/semmle/code/xml/MavenPom.qll
@@ -381,6 +381,15 @@ class DeclaredRepository extends PomElement {
    * be the string contents of that tag.
    */
   string getRepositoryUrl() { result = this.getAChild("url").(PomElement).getValue() }
+
+  /**
+   * Holds if this repository is disabled in both the `releases` and `snapshots` policies.
+   */
+  predicate isDisabled() {
+    forex(PomElement policy | policy = this.getAChild(["releases", "snapshots"]) |
+      policy.getAChild("enabled").(PomElement).getValue() = "false"
+    )
+  }
 }
 
 /**
diff --git a/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme
new file mode 100644
index 00000000000..709f1d1fd04
--- /dev/null
+++ b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/old.dbscheme
@@ -0,0 +1,1240 @@
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   javac A.java B.java C.java
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    /**
+     * An invocation of the compiler. Note that more than one file may
+     * be compiled per invocation. For example, this command compiles
+     * three source files:
+     *
+     *   javac A.java B.java C.java
+     */
+    unique int id : @compilation,
+    int kind: int ref,
+    string cwd : string ref,
+    string name : string ref
+);
+
+case @compilation.kind of
+   1  = @javacompilation
+|  2  = @kotlincompilation
+;
+
+compilation_started(
+    int id : @compilation ref
+)
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | *path to extractor*
+ * 1   | `--javac-args`
+ * 2   | A.java
+ * 3   | B.java
+ * 4   | C.java
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | A.java
+ * 1   | B.java
+ * 2   | C.java
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * For each file recorded in `compilation_compiling_files`,
+ * there will be a corresponding row in
+ * `compilation_compiling_files_completed` once extraction
+ * of that file is complete. The `result` will indicate the
+ * extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+#keyset[id, num]
+compilation_compiling_files_completed(
+    int id : @compilation ref,
+    int num : int ref,
+    int result : int ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+/**
+ * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed
+ * time (respectively) that the original compilation (not the extraction)
+ * took for compiler invocation `id`.
+ */
+compilation_compiler_times(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ * The `result` will indicate the extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref,
+    int result : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    string generated_by: string ref, // TODO: Sync this with the other languages?
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+/*
+ * External artifacts
+ */
+
+externalData(
+  int id : @externalDataElement,
+  string path : string ref,
+  int column: int ref,
+  string value : string ref
+);
+
+snapshotDate(
+  unique date snapshotDate : date ref
+);
+
+sourceLocationPrefix(
+  string prefix : string ref
+);
+
+/*
+ * Duplicate code
+ */
+
+duplicateCode(
+  unique int id : @duplication,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+similarCode(
+  unique int id : @similarity,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+@duplication_or_similarity = @duplication | @similarity
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref
+);
+
+/*
+ * SMAP
+ */
+
+smap_header(
+  int outputFileId: @file ref,
+  string outputFilename: string ref,
+  string defaultStratum: string ref
+);
+
+smap_files(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  string inputFileName: string ref,
+  int inputFileId: @file ref
+);
+
+smap_lines(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  int inputStartLine: int ref,
+  int inputLineCount: int ref,
+  int outputStartLine: int ref,
+  int outputLineIncrement: int ref
+);
+
+/*
+ * Locations and files
+ */
+
+@location = @location_default ;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref
+);
+
+hasLocation(
+  int locatableid: @locatable ref,
+  int id: @location ref
+);
+
+@sourceline = @locatable ;
+
+#keyset[element_id]
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref
+);
+
+files(
+  unique int id: @file,
+  string name: string ref
+);
+
+folders(
+  unique int id: @folder,
+  string name: string ref
+);
+
+@container = @folder | @file
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref
+);
+
+/*
+ * Java
+ */
+
+cupackage(
+  unique int id: @file ref,
+  int packageid: @package ref
+);
+
+#keyset[fileid,keyName]
+jarManifestMain(
+  int fileid: @file ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+#keyset[fileid,entryName,keyName]
+jarManifestEntries(
+  int fileid: @file ref,
+  string entryName: string ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+packages(
+  unique int id: @package,
+  string nodeName: string ref
+);
+
+primitives(
+  unique int id: @primitive,
+  string nodeName: string ref
+);
+
+modifiers(
+  unique int id: @modifier,
+  string nodeName: string ref
+);
+
+/**
+ * An errortype is used when the extractor is unable to extract a type
+ * correctly for some reason.
+ */
+error_type(
+  unique int id: @errortype
+);
+
+classes(
+  unique int id: @class,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @class ref
+);
+
+file_class(
+  int id: @class ref
+);
+
+class_object(
+  unique int id: @class ref,
+  unique int instance: @field ref
+);
+
+type_companion_object(
+  unique int id: @classorinterface ref,
+  unique int instance: @field ref,
+  unique int companion_object: @class ref
+);
+
+kt_nullable_types(
+  unique int id: @kt_nullable_type,
+  int classid: @reftype ref
+)
+
+kt_notnull_types(
+  unique int id: @kt_notnull_type,
+  int classid: @reftype ref
+)
+
+kt_type_alias(
+  unique int id: @kt_type_alias,
+  string name: string ref,
+  int kttypeid: @kt_type ref
+)
+
+@kt_type = @kt_nullable_type | @kt_notnull_type
+
+isRecord(
+  unique int id: @class ref
+);
+
+interfaces(
+  unique int id: @interface,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @interface ref
+);
+
+fielddecls(
+  unique int id: @fielddecl,
+  int parentid: @reftype ref
+);
+
+#keyset[fieldId] #keyset[fieldDeclId,pos]
+fieldDeclaredIn(
+  int fieldId: @field ref,
+  int fieldDeclId: @fielddecl ref,
+  int pos: int ref
+);
+
+fields(
+  unique int id: @field,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @field ref
+);
+
+fieldsKotlinType(
+  unique int id: @field ref,
+  int kttypeid: @kt_type ref
+);
+
+constrs(
+  unique int id: @constructor,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @constructor ref
+);
+
+constrsKotlinType(
+  unique int id: @constructor ref,
+  int kttypeid: @kt_type ref
+);
+
+methods(
+  unique int id: @method,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @method ref
+);
+
+methodsKotlinType(
+  unique int id: @method ref,
+  int kttypeid: @kt_type ref
+);
+
+#keyset[parentid,pos]
+params(
+  unique int id: @param,
+  int typeid: @type ref,
+  int pos: int ref,
+  int parentid: @callable ref,
+  int sourceid: @param ref
+);
+
+paramsKotlinType(
+  unique int id: @param ref,
+  int kttypeid: @kt_type ref
+);
+
+paramName(
+  unique int id: @param ref,
+  string nodeName: string ref
+);
+
+isVarargsParam(
+  int param: @param ref
+);
+
+exceptions(
+  unique int id: @exception,
+  int typeid: @type ref,
+  int parentid: @callable ref
+);
+
+isAnnotType(
+  int interfaceid: @interface ref
+);
+
+isAnnotElem(
+  int methodid: @method ref
+);
+
+annotValue(
+  int parentid: @annotation ref,
+  int id2: @method ref,
+  unique int value: @expr ref
+);
+
+isEnumType(
+  int classid: @class ref
+);
+
+isEnumConst(
+  int fieldid: @field ref
+);
+
+#keyset[parentid,pos]
+typeVars(
+  unique int id: @typevariable,
+  string nodeName: string ref,
+  int pos: int ref,
+  int kind: int ref, // deprecated
+  int parentid: @classorinterfaceorcallable ref
+);
+
+wildcards(
+  unique int id: @wildcard,
+  string nodeName: string ref,
+  int kind: int ref
+);
+
+#keyset[parentid,pos]
+typeBounds(
+  unique int id: @typebound,
+  int typeid: @reftype ref,
+  int pos: int ref,
+  int parentid: @boundedtype ref
+);
+
+#keyset[parentid,pos]
+typeArgs(
+  int argumentid: @reftype ref,
+  int pos: int ref,
+  int parentid: @classorinterfaceorcallable ref
+);
+
+isParameterized(
+  int memberid: @member ref
+);
+
+isRaw(
+  int memberid: @member ref
+);
+
+erasure(
+  unique int memberid: @member ref,
+  int erasureid: @member ref
+);
+
+#keyset[classid] #keyset[parent]
+isAnonymClass(
+  int classid: @class ref,
+  int parent: @classinstancexpr ref
+);
+
+#keyset[typeid] #keyset[parent]
+isLocalClassOrInterface(
+  int typeid: @classorinterface ref,
+  int parent: @localtypedeclstmt ref
+);
+
+isDefConstr(
+  int constructorid: @constructor ref
+);
+
+#keyset[exprId]
+lambdaKind(
+  int exprId: @lambdaexpr ref,
+  int bodyKind: int ref
+);
+
+arrays(
+  unique int id: @array,
+  string nodeName: string ref,
+  int elementtypeid: @type ref,
+  int dimension: int ref,
+  int componenttypeid: @type ref
+);
+
+enclInReftype(
+  unique int child: @reftype ref,
+  int parent: @reftype ref
+);
+
+extendsReftype(
+  int id1: @reftype ref,
+  int id2: @classorinterface ref
+);
+
+implInterface(
+  int id1: @classorarray ref,
+  int id2: @interface ref
+);
+
+permits(
+  int id1: @classorinterface ref,
+  int id2: @classorinterface ref
+);
+
+hasModifier(
+  int id1: @modifiable ref,
+  int id2: @modifier ref
+);
+
+imports(
+  unique int id: @import,
+  int holder: @classorinterfaceorpackage ref,
+  string name: string ref,
+  int kind: int ref
+);
+
+#keyset[parent,idx]
+stmts(
+  unique int id: @stmt,
+  int kind: int ref,
+  int parent: @stmtparent ref,
+  int idx: int ref,
+  int bodydecl: @callable ref
+);
+
+@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr;
+
+case @stmt.kind of
+  0 = @block
+| 1 = @ifstmt
+| 2 = @forstmt
+| 3 = @enhancedforstmt
+| 4 = @whilestmt
+| 5 = @dostmt
+| 6 = @trystmt
+| 7 = @switchstmt
+| 8 = @synchronizedstmt
+| 9 = @returnstmt
+| 10 = @throwstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @emptystmt
+| 14 = @exprstmt
+| 15 = @labeledstmt
+| 16 = @assertstmt
+| 17 = @localvariabledeclstmt
+| 18 = @localtypedeclstmt
+| 19 = @constructorinvocationstmt
+| 20 = @superconstructorinvocationstmt
+| 21 = @case
+| 22 = @catchclause
+| 23 = @yieldstmt
+| 24 = @errorstmt
+| 25 = @whenbranch
+;
+
+#keyset[parent,idx]
+exprs(
+  unique int id: @expr,
+  int kind: int ref,
+  int typeid: @type ref,
+  int parent: @exprparent ref,
+  int idx: int ref
+);
+
+exprsKotlinType(
+  unique int id: @expr ref,
+  int kttypeid: @kt_type ref
+);
+
+callableEnclosingExpr(
+  unique int id: @expr ref,
+  int callable_id: @callable ref
+);
+
+statementEnclosingExpr(
+  unique int id: @expr ref,
+  int statement_id: @stmt ref
+);
+
+isParenthesized(
+  unique int id: @expr ref,
+  int parentheses: int ref
+);
+
+case @expr.kind of
+   1  = @arrayaccess
+|  2  = @arraycreationexpr
+|  3  = @arrayinit
+|  4  = @assignexpr
+|  5  = @assignaddexpr
+|  6  = @assignsubexpr
+|  7  = @assignmulexpr
+|  8  = @assigndivexpr
+|  9  = @assignremexpr
+| 10  = @assignandexpr
+| 11  = @assignorexpr
+| 12  = @assignxorexpr
+| 13  = @assignlshiftexpr
+| 14  = @assignrshiftexpr
+| 15  = @assignurshiftexpr
+| 16  = @booleanliteral
+| 17  = @integerliteral
+| 18  = @longliteral
+| 19  = @floatingpointliteral
+| 20  = @doubleliteral
+| 21  = @characterliteral
+| 22  = @stringliteral
+| 23  = @nullliteral
+| 24  = @mulexpr
+| 25  = @divexpr
+| 26  = @remexpr
+| 27  = @addexpr
+| 28  = @subexpr
+| 29  = @lshiftexpr
+| 30  = @rshiftexpr
+| 31  = @urshiftexpr
+| 32  = @andbitexpr
+| 33  = @orbitexpr
+| 34  = @xorbitexpr
+| 35  = @andlogicalexpr
+| 36  = @orlogicalexpr
+| 37  = @ltexpr
+| 38  = @gtexpr
+| 39  = @leexpr
+| 40  = @geexpr
+| 41  = @eqexpr
+| 42  = @neexpr
+| 43  = @postincexpr
+| 44  = @postdecexpr
+| 45  = @preincexpr
+| 46  = @predecexpr
+| 47  = @minusexpr
+| 48  = @plusexpr
+| 49  = @bitnotexpr
+| 50  = @lognotexpr
+| 51  = @castexpr
+| 52  = @newexpr
+| 53  = @conditionalexpr
+| 54  = @parexpr         // deprecated
+| 55  = @instanceofexpr
+| 56  = @localvariabledeclexpr
+| 57  = @typeliteral
+| 58  = @thisaccess
+| 59  = @superaccess
+| 60  = @varaccess
+| 61  = @methodaccess
+| 62  = @unannotatedtypeaccess
+| 63  = @arraytypeaccess
+| 64  = @packageaccess
+| 65  = @wildcardtypeaccess
+| 66  = @declannotation
+| 67  = @uniontypeaccess
+| 68  = @lambdaexpr
+| 69  = @memberref
+| 70  = @annotatedtypeaccess
+| 71  = @typeannotation
+| 72  = @intersectiontypeaccess
+| 73  = @switchexpr
+| 74  = @errorexpr
+| 75  = @whenexpr
+| 76  = @getclassexpr
+| 77  = @safecastexpr
+| 78  = @implicitcastexpr
+| 79  = @implicitnotnullexpr
+| 80  = @implicitcoerciontounitexpr
+| 81  = @notinstanceofexpr
+| 82  = @stmtexpr
+| 83  = @stringtemplateexpr
+| 84  = @notnullexpr
+| 85  = @unsafecoerceexpr
+| 86  = @valueeqexpr
+| 87  = @valueneexpr
+| 88  = @propertyref
+;
+
+/** Holds if this `when` expression was written as an `if` expression. */
+when_if(unique int id: @whenexpr ref);
+
+/** Holds if this `when` branch was written as an `else` branch. */
+when_branch_else(unique int id: @whenbranch ref);
+
+@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref
+
+@annotation = @declannotation | @typeannotation
+@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess
+
+@assignment = @assignexpr
+             | @assignop;
+
+@unaryassignment = @postincexpr
+                 | @postdecexpr
+                 | @preincexpr
+                 | @predecexpr;
+
+@assignop = @assignaddexpr
+             | @assignsubexpr
+             | @assignmulexpr
+             | @assigndivexpr
+             | @assignremexpr
+             | @assignandexpr
+             | @assignorexpr
+             | @assignxorexpr
+             | @assignlshiftexpr
+             | @assignrshiftexpr
+             | @assignurshiftexpr;
+
+@literal = @booleanliteral
+             | @integerliteral
+             | @longliteral
+             | @floatingpointliteral
+             | @doubleliteral
+             | @characterliteral
+             | @stringliteral
+             | @nullliteral;
+
+@binaryexpr = @mulexpr
+             | @divexpr
+             | @remexpr
+             | @addexpr
+             | @subexpr
+             | @lshiftexpr
+             | @rshiftexpr
+             | @urshiftexpr
+             | @andbitexpr
+             | @orbitexpr
+             | @xorbitexpr
+             | @andlogicalexpr
+             | @orlogicalexpr
+             | @ltexpr
+             | @gtexpr
+             | @leexpr
+             | @geexpr
+             | @eqexpr
+             | @neexpr
+             | @valueeqexpr
+             | @valueneexpr;
+
+@unaryexpr =   @postincexpr
+             | @postdecexpr
+             | @preincexpr
+             | @predecexpr
+             | @minusexpr
+             | @plusexpr
+             | @bitnotexpr
+             | @lognotexpr
+             | @notnullexpr;
+
+@caller =  @classinstancexpr
+         | @methodaccess
+         | @constructorinvocationstmt
+         | @superconstructorinvocationstmt;
+
+callableBinding(
+  unique int callerid: @caller ref,
+  int callee: @callable ref
+);
+
+memberRefBinding(
+  unique int id: @expr ref,
+  int callable: @callable ref
+);
+
+propertyRefGetBinding(
+  unique int id: @expr ref,
+  int getter: @callable ref
+);
+
+propertyRefFieldBinding(
+  unique int id: @expr ref,
+  int field: @field ref
+);
+
+propertyRefSetBinding(
+  unique int id: @expr ref,
+  int setter: @callable ref
+);
+
+@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable;
+
+variableBinding(
+  unique int expr: @varaccess ref,
+  int variable: @variable ref
+);
+
+@variable = @localscopevariable | @field;
+
+@localscopevariable = @localvar | @param;
+
+localvars(
+  unique int id: @localvar,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @localvariabledeclexpr ref
+);
+
+localvarsKotlinType(
+  unique int id: @localvar ref,
+  int kttypeid: @kt_type ref
+);
+
+@namedexprorstmt = @breakstmt
+                 | @continuestmt
+                 | @labeledstmt
+                 | @literal;
+
+namestrings(
+  string name: string ref,
+  string value: string ref,
+  unique int parent: @namedexprorstmt ref
+);
+
+/*
+ * Modules
+ */
+
+#keyset[name]
+modules(
+  unique int id: @module,
+  string name: string ref
+);
+
+isOpen(
+  int id: @module ref
+);
+
+#keyset[fileId]
+cumodule(
+  int fileId: @file ref,
+  int moduleId: @module ref
+);
+
+@directive = @requires
+           | @exports
+           | @opens
+           | @uses
+           | @provides
+
+#keyset[directive]
+directives(
+  int id: @module ref,
+  int directive: @directive ref
+);
+
+requires(
+  unique int id: @requires,
+  int target: @module ref
+);
+
+isTransitive(
+  int id: @requires ref
+);
+
+isStatic(
+  int id: @requires ref
+);
+
+exports(
+  unique int id: @exports,
+  int target: @package ref
+);
+
+exportsTo(
+  int id: @exports ref,
+  int target: @module ref
+);
+
+opens(
+  unique int id: @opens,
+  int target: @package ref
+);
+
+opensTo(
+  int id: @opens ref,
+  int target: @module ref
+);
+
+uses(
+  unique int id: @uses,
+  string serviceInterface: string ref
+);
+
+provides(
+  unique int id: @provides,
+  string serviceInterface: string ref
+);
+
+providesWith(
+  int id: @provides ref,
+  string serviceImpl: string ref
+);
+
+/*
+ * Javadoc
+ */
+
+javadoc(
+  unique int id: @javadoc
+);
+
+isNormalComment(
+  int commentid : @javadoc ref
+);
+
+isEolComment(
+  int commentid : @javadoc ref
+);
+
+hasJavadoc(
+  int documentableid: @member ref,
+  int javadocid: @javadoc ref
+);
+
+#keyset[parentid,idx]
+javadocTag(
+  unique int id: @javadocTag,
+  string name: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+#keyset[parentid,idx]
+javadocText(
+  unique int id: @javadocText,
+  string text: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+@javadocParent = @javadoc | @javadocTag;
+@javadocElement = @javadocTag | @javadocText;
+
+@classorinterface = @interface | @class;
+@classorinterfaceorpackage = @classorinterface | @package;
+@classorinterfaceorcallable = @classorinterface | @callable;
+@boundedtype = @typevariable | @wildcard;
+@reftype = @classorinterface | @array | @boundedtype | @errortype;
+@classorarray = @class | @array;
+@type = @primitive | @reftype;
+@callable = @method | @constructor;
+
+/** A program element that has a name. */
+@element = @package | @modifier | @annotation | @errortype |
+           @locatableElement;
+
+@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field |
+                    @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias |
+                    @kt_property;
+
+@modifiable = @member_modifiable| @param | @localvar | @typevariable;
+
+@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property;
+
+@member = @method | @constructor | @field | @reftype ;
+
+/** A program element that has a location. */
+@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment |
+             @locatableElement;
+
+@top = @element | @locatable | @folder;
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+ktComments(
+  unique int id: @ktcomment,
+  int kind: int ref,
+  string text : string ref
+)
+
+ktCommentSections(
+  unique int id: @ktcommentsection,
+  int comment: @ktcomment ref,
+  string content : string ref
+)
+
+ktCommentSectionNames(
+  unique int id: @ktcommentsection ref,
+  string name : string ref
+)
+
+ktCommentSectionSubjectNames(
+  unique int id: @ktcommentsection ref,
+  string subjectname : string ref
+)
+
+#keyset[id, owner]
+ktCommentOwners(
+  int id: @ktcomment ref,
+  int owner: @top ref
+)
+
+ktExtensionFunctions(
+  unique int id: @method ref,
+  int typeid: @type ref,
+  int kttypeid: @kt_type ref
+)
+
+ktProperties(
+  unique int id: @kt_property,
+  string nodeName: string ref
+)
+
+ktPropertyGetters(
+  unique int id: @kt_property ref,
+  int getter: @method ref
+)
+
+ktPropertySetters(
+  unique int id: @kt_property ref,
+  int setter: @method ref
+)
+
+ktPropertyBackingFields(
+  unique int id: @kt_property ref,
+  int backingField: @field ref
+)
+
+ktSyntheticBody(
+  unique int id: @callable ref,
+  int kind: int ref
+  // 1: ENUM_VALUES
+  // 2: ENUM_VALUEOF
+)
+
+ktLocalFunction(
+  unique int id: @method ref
+)
+
+ktInitializerAssignment(
+  unique int id: @assignexpr ref
+)
+
+ktPropertyDelegates(
+  unique int id: @kt_property ref,
+  unique int variableId: @variable ref
+)
+
+/**
+ * If `id` is a compiler generated element, then the kind indicates the
+ * reason that the compiler generated it.
+ * See `Element.compilerGeneratedReason()` for an explanation of what
+ * each `kind` means.
+ */
+compiler_generated(
+  unique int id: @element ref,
+  int kind: int ref
+)
+
+ktFunctionOriginalNames(
+  unique int id: @method ref,
+  string name: string ref
+)
+
+ktDataClasses(
+  unique int id: @class ref
+)
diff --git a/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme
new file mode 100644
index 00000000000..44d61b266be
--- /dev/null
+++ b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/semmlecode.dbscheme
@@ -0,0 +1,1246 @@
+/**
+ * An invocation of the compiler. Note that more than one file may be
+ * compiled per invocation. For example, this command compiles three
+ * source files:
+ *
+ *   javac A.java B.java C.java
+ *
+ * The `id` simply identifies the invocation, while `cwd` is the working
+ * directory from which the compiler was invoked.
+ */
+compilations(
+    /**
+     * An invocation of the compiler. Note that more than one file may
+     * be compiled per invocation. For example, this command compiles
+     * three source files:
+     *
+     *   javac A.java B.java C.java
+     */
+    unique int id : @compilation,
+    int kind: int ref,
+    string cwd : string ref,
+    string name : string ref
+);
+
+case @compilation.kind of
+   1  = @javacompilation
+|  2  = @kotlincompilation
+;
+
+compilation_started(
+    int id : @compilation ref
+)
+
+compilation_info(
+    int id : @compilation ref,
+    string info_key: string ref,
+    string info_value: string ref
+)
+
+/**
+ * The arguments that were passed to the extractor for a compiler
+ * invocation. If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then typically there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | *path to extractor*
+ * 1   | `--javac-args`
+ * 2   | A.java
+ * 3   | B.java
+ * 4   | C.java
+ */
+#keyset[id, num]
+compilation_args(
+    int id : @compilation ref,
+    int num : int ref,
+    string arg : string ref
+);
+
+/**
+ * The source files that are compiled by a compiler invocation.
+ * If `id` is for the compiler invocation
+ *
+ *   javac A.java B.java C.java
+ *
+ * then there will be rows for
+ *
+ * num | arg
+ * --- | ---
+ * 0   | A.java
+ * 1   | B.java
+ * 2   | C.java
+ */
+#keyset[id, num]
+compilation_compiling_files(
+    int id : @compilation ref,
+    int num : int ref,
+    int file : @file ref
+);
+
+/**
+ * For each file recorded in `compilation_compiling_files`,
+ * there will be a corresponding row in
+ * `compilation_compiling_files_completed` once extraction
+ * of that file is complete. The `result` will indicate the
+ * extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+#keyset[id, num]
+compilation_compiling_files_completed(
+    int id : @compilation ref,
+    int num : int ref,
+    int result : int ref
+);
+
+/**
+ * The time taken by the extractor for a compiler invocation.
+ *
+ * For each file `num`, there will be rows for
+ *
+ * kind | seconds
+ * ---- | ---
+ * 1    | CPU seconds used by the extractor frontend
+ * 2    | Elapsed seconds during the extractor frontend
+ * 3    | CPU seconds used by the extractor backend
+ * 4    | Elapsed seconds during the extractor backend
+ */
+#keyset[id, num, kind]
+compilation_time(
+    int id : @compilation ref,
+    int num : int ref,
+    /* kind:
+       1 = frontend_cpu_seconds
+       2 = frontend_elapsed_seconds
+       3 = extractor_cpu_seconds
+       4 = extractor_elapsed_seconds
+    */
+    int kind : int ref,
+    float seconds : float ref
+);
+
+/**
+ * An error or warning generated by the extractor.
+ * The diagnostic message `diagnostic` was generated during compiler
+ * invocation `compilation`, and is the `file_number_diagnostic_number`th
+ * message generated while extracting the `file_number`th file of that
+ * invocation.
+ */
+#keyset[compilation, file_number, file_number_diagnostic_number]
+diagnostic_for(
+    unique int diagnostic : @diagnostic ref,
+    int compilation : @compilation ref,
+    int file_number : int ref,
+    int file_number_diagnostic_number : int ref
+);
+
+/**
+ * The `cpu_seconds` and `elapsed_seconds` are the CPU time and elapsed
+ * time (respectively) that the original compilation (not the extraction)
+ * took for compiler invocation `id`.
+ */
+compilation_compiler_times(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref
+);
+
+/**
+ * If extraction was successful, then `cpu_seconds` and
+ * `elapsed_seconds` are the CPU time and elapsed time (respectively)
+ * that extraction took for compiler invocation `id`.
+ * The `result` will indicate the extraction result:
+ *
+ *     0: Successfully extracted
+ *     1: Errors were encountered, but extraction recovered
+ *     2: Errors were encountered, and extraction could not recover
+ */
+compilation_finished(
+    unique int id : @compilation ref,
+    float cpu_seconds : float ref,
+    float elapsed_seconds : float ref,
+    int result : int ref
+);
+
+diagnostics(
+    unique int id: @diagnostic,
+    string generated_by: string ref, // TODO: Sync this with the other languages?
+    int severity: int ref,
+    string error_tag: string ref,
+    string error_message: string ref,
+    string full_error_message: string ref,
+    int location: @location_default ref
+);
+
+/*
+ * External artifacts
+ */
+
+externalData(
+  int id : @externalDataElement,
+  string path : string ref,
+  int column: int ref,
+  string value : string ref
+);
+
+snapshotDate(
+  unique date snapshotDate : date ref
+);
+
+sourceLocationPrefix(
+  string prefix : string ref
+);
+
+/*
+ * Duplicate code
+ */
+
+duplicateCode(
+  unique int id : @duplication,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+similarCode(
+  unique int id : @similarity,
+  string relativePath : string ref,
+  int equivClass : int ref
+);
+
+@duplication_or_similarity = @duplication | @similarity
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref
+);
+
+/*
+ * SMAP
+ */
+
+smap_header(
+  int outputFileId: @file ref,
+  string outputFilename: string ref,
+  string defaultStratum: string ref
+);
+
+smap_files(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  string inputFileName: string ref,
+  int inputFileId: @file ref
+);
+
+smap_lines(
+  int outputFileId: @file ref,
+  string stratum: string ref,
+  int inputFileNum: int ref,
+  int inputStartLine: int ref,
+  int inputLineCount: int ref,
+  int outputStartLine: int ref,
+  int outputLineIncrement: int ref
+);
+
+/*
+ * Locations and files
+ */
+
+@location = @location_default ;
+
+locations_default(
+  unique int id: @location_default,
+  int file: @file ref,
+  int beginLine: int ref,
+  int beginColumn: int ref,
+  int endLine: int ref,
+  int endColumn: int ref
+);
+
+hasLocation(
+  int locatableid: @locatable ref,
+  int id: @location ref
+);
+
+@sourceline = @locatable ;
+
+#keyset[element_id]
+numlines(
+  int element_id: @sourceline ref,
+  int num_lines: int ref,
+  int num_code: int ref,
+  int num_comment: int ref
+);
+
+files(
+  unique int id: @file,
+  string name: string ref
+);
+
+folders(
+  unique int id: @folder,
+  string name: string ref
+);
+
+@container = @folder | @file
+
+containerparent(
+  int parent: @container ref,
+  unique int child: @container ref
+);
+
+/*
+ * Java
+ */
+
+cupackage(
+  unique int id: @file ref,
+  int packageid: @package ref
+);
+
+#keyset[fileid,keyName]
+jarManifestMain(
+  int fileid: @file ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+#keyset[fileid,entryName,keyName]
+jarManifestEntries(
+  int fileid: @file ref,
+  string entryName: string ref,
+  string keyName: string ref,
+  string value: string ref
+);
+
+packages(
+  unique int id: @package,
+  string nodeName: string ref
+);
+
+primitives(
+  unique int id: @primitive,
+  string nodeName: string ref
+);
+
+modifiers(
+  unique int id: @modifier,
+  string nodeName: string ref
+);
+
+/**
+ * An errortype is used when the extractor is unable to extract a type
+ * correctly for some reason.
+ */
+error_type(
+  unique int id: @errortype
+);
+
+classes(
+  unique int id: @class,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @class ref
+);
+
+file_class(
+  int id: @class ref
+);
+
+class_object(
+  unique int id: @class ref,
+  unique int instance: @field ref
+);
+
+type_companion_object(
+  unique int id: @classorinterface ref,
+  unique int instance: @field ref,
+  unique int companion_object: @class ref
+);
+
+kt_nullable_types(
+  unique int id: @kt_nullable_type,
+  int classid: @reftype ref
+)
+
+kt_notnull_types(
+  unique int id: @kt_notnull_type,
+  int classid: @reftype ref
+)
+
+kt_type_alias(
+  unique int id: @kt_type_alias,
+  string name: string ref,
+  int kttypeid: @kt_type ref
+)
+
+@kt_type = @kt_nullable_type | @kt_notnull_type
+
+isRecord(
+  unique int id: @class ref
+);
+
+interfaces(
+  unique int id: @interface,
+  string nodeName: string ref,
+  int parentid: @package ref,
+  int sourceid: @interface ref
+);
+
+fielddecls(
+  unique int id: @fielddecl,
+  int parentid: @reftype ref
+);
+
+#keyset[fieldId] #keyset[fieldDeclId,pos]
+fieldDeclaredIn(
+  int fieldId: @field ref,
+  int fieldDeclId: @fielddecl ref,
+  int pos: int ref
+);
+
+fields(
+  unique int id: @field,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @field ref
+);
+
+fieldsKotlinType(
+  unique int id: @field ref,
+  int kttypeid: @kt_type ref
+);
+
+constrs(
+  unique int id: @constructor,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @constructor ref
+);
+
+constrsKotlinType(
+  unique int id: @constructor ref,
+  int kttypeid: @kt_type ref
+);
+
+methods(
+  unique int id: @method,
+  string nodeName: string ref,
+  string signature: string ref,
+  int typeid: @type ref,
+  int parentid: @reftype ref,
+  int sourceid: @method ref
+);
+
+methodsKotlinType(
+  unique int id: @method ref,
+  int kttypeid: @kt_type ref
+);
+
+#keyset[parentid,pos]
+params(
+  unique int id: @param,
+  int typeid: @type ref,
+  int pos: int ref,
+  int parentid: @callable ref,
+  int sourceid: @param ref
+);
+
+paramsKotlinType(
+  unique int id: @param ref,
+  int kttypeid: @kt_type ref
+);
+
+paramName(
+  unique int id: @param ref,
+  string nodeName: string ref
+);
+
+isVarargsParam(
+  int param: @param ref
+);
+
+exceptions(
+  unique int id: @exception,
+  int typeid: @type ref,
+  int parentid: @callable ref
+);
+
+isAnnotType(
+  int interfaceid: @interface ref
+);
+
+isAnnotElem(
+  int methodid: @method ref
+);
+
+annotValue(
+  int parentid: @annotation ref,
+  int id2: @method ref,
+  unique int value: @expr ref
+);
+
+isEnumType(
+  int classid: @class ref
+);
+
+isEnumConst(
+  int fieldid: @field ref
+);
+
+#keyset[parentid,pos]
+typeVars(
+  unique int id: @typevariable,
+  string nodeName: string ref,
+  int pos: int ref,
+  int kind: int ref, // deprecated
+  int parentid: @classorinterfaceorcallable ref
+);
+
+wildcards(
+  unique int id: @wildcard,
+  string nodeName: string ref,
+  int kind: int ref
+);
+
+#keyset[parentid,pos]
+typeBounds(
+  unique int id: @typebound,
+  int typeid: @reftype ref,
+  int pos: int ref,
+  int parentid: @boundedtype ref
+);
+
+#keyset[parentid,pos]
+typeArgs(
+  int argumentid: @reftype ref,
+  int pos: int ref,
+  int parentid: @classorinterfaceorcallable ref
+);
+
+isParameterized(
+  int memberid: @member ref
+);
+
+isRaw(
+  int memberid: @member ref
+);
+
+erasure(
+  unique int memberid: @member ref,
+  int erasureid: @member ref
+);
+
+#keyset[classid] #keyset[parent]
+isAnonymClass(
+  int classid: @class ref,
+  int parent: @classinstancexpr ref
+);
+
+#keyset[typeid] #keyset[parent]
+isLocalClassOrInterface(
+  int typeid: @classorinterface ref,
+  int parent: @localtypedeclstmt ref
+);
+
+isDefConstr(
+  int constructorid: @constructor ref
+);
+
+#keyset[exprId]
+lambdaKind(
+  int exprId: @lambdaexpr ref,
+  int bodyKind: int ref
+);
+
+arrays(
+  unique int id: @array,
+  string nodeName: string ref,
+  int elementtypeid: @type ref,
+  int dimension: int ref,
+  int componenttypeid: @type ref
+);
+
+enclInReftype(
+  unique int child: @reftype ref,
+  int parent: @reftype ref
+);
+
+extendsReftype(
+  int id1: @reftype ref,
+  int id2: @classorinterface ref
+);
+
+implInterface(
+  int id1: @classorarray ref,
+  int id2: @interface ref
+);
+
+permits(
+  int id1: @classorinterface ref,
+  int id2: @classorinterface ref
+);
+
+hasModifier(
+  int id1: @modifiable ref,
+  int id2: @modifier ref
+);
+
+imports(
+  unique int id: @import,
+  int holder: @classorinterfaceorpackage ref,
+  string name: string ref,
+  int kind: int ref
+);
+
+#keyset[parent,idx]
+stmts(
+  unique int id: @stmt,
+  int kind: int ref,
+  int parent: @stmtparent ref,
+  int idx: int ref,
+  int bodydecl: @callable ref
+);
+
+@stmtparent = @callable | @stmt | @switchexpr | @whenexpr| @stmtexpr;
+
+case @stmt.kind of
+  0 = @block
+| 1 = @ifstmt
+| 2 = @forstmt
+| 3 = @enhancedforstmt
+| 4 = @whilestmt
+| 5 = @dostmt
+| 6 = @trystmt
+| 7 = @switchstmt
+| 8 = @synchronizedstmt
+| 9 = @returnstmt
+| 10 = @throwstmt
+| 11 = @breakstmt
+| 12 = @continuestmt
+| 13 = @emptystmt
+| 14 = @exprstmt
+| 15 = @labeledstmt
+| 16 = @assertstmt
+| 17 = @localvariabledeclstmt
+| 18 = @localtypedeclstmt
+| 19 = @constructorinvocationstmt
+| 20 = @superconstructorinvocationstmt
+| 21 = @case
+| 22 = @catchclause
+| 23 = @yieldstmt
+| 24 = @errorstmt
+| 25 = @whenbranch
+;
+
+#keyset[parent,idx]
+exprs(
+  unique int id: @expr,
+  int kind: int ref,
+  int typeid: @type ref,
+  int parent: @exprparent ref,
+  int idx: int ref
+);
+
+exprsKotlinType(
+  unique int id: @expr ref,
+  int kttypeid: @kt_type ref
+);
+
+callableEnclosingExpr(
+  unique int id: @expr ref,
+  int callable_id: @callable ref
+);
+
+statementEnclosingExpr(
+  unique int id: @expr ref,
+  int statement_id: @stmt ref
+);
+
+isParenthesized(
+  unique int id: @expr ref,
+  int parentheses: int ref
+);
+
+case @expr.kind of
+   1  = @arrayaccess
+|  2  = @arraycreationexpr
+|  3  = @arrayinit
+|  4  = @assignexpr
+|  5  = @assignaddexpr
+|  6  = @assignsubexpr
+|  7  = @assignmulexpr
+|  8  = @assigndivexpr
+|  9  = @assignremexpr
+| 10  = @assignandexpr
+| 11  = @assignorexpr
+| 12  = @assignxorexpr
+| 13  = @assignlshiftexpr
+| 14  = @assignrshiftexpr
+| 15  = @assignurshiftexpr
+| 16  = @booleanliteral
+| 17  = @integerliteral
+| 18  = @longliteral
+| 19  = @floatingpointliteral
+| 20  = @doubleliteral
+| 21  = @characterliteral
+| 22  = @stringliteral
+| 23  = @nullliteral
+| 24  = @mulexpr
+| 25  = @divexpr
+| 26  = @remexpr
+| 27  = @addexpr
+| 28  = @subexpr
+| 29  = @lshiftexpr
+| 30  = @rshiftexpr
+| 31  = @urshiftexpr
+| 32  = @andbitexpr
+| 33  = @orbitexpr
+| 34  = @xorbitexpr
+| 35  = @andlogicalexpr
+| 36  = @orlogicalexpr
+| 37  = @ltexpr
+| 38  = @gtexpr
+| 39  = @leexpr
+| 40  = @geexpr
+| 41  = @eqexpr
+| 42  = @neexpr
+| 43  = @postincexpr
+| 44  = @postdecexpr
+| 45  = @preincexpr
+| 46  = @predecexpr
+| 47  = @minusexpr
+| 48  = @plusexpr
+| 49  = @bitnotexpr
+| 50  = @lognotexpr
+| 51  = @castexpr
+| 52  = @newexpr
+| 53  = @conditionalexpr
+| 54  = @parexpr         // deprecated
+| 55  = @instanceofexpr
+| 56  = @localvariabledeclexpr
+| 57  = @typeliteral
+| 58  = @thisaccess
+| 59  = @superaccess
+| 60  = @varaccess
+| 61  = @methodaccess
+| 62  = @unannotatedtypeaccess
+| 63  = @arraytypeaccess
+| 64  = @packageaccess
+| 65  = @wildcardtypeaccess
+| 66  = @declannotation
+| 67  = @uniontypeaccess
+| 68  = @lambdaexpr
+| 69  = @memberref
+| 70  = @annotatedtypeaccess
+| 71  = @typeannotation
+| 72  = @intersectiontypeaccess
+| 73  = @switchexpr
+| 74  = @errorexpr
+| 75  = @whenexpr
+| 76  = @getclassexpr
+| 77  = @safecastexpr
+| 78  = @implicitcastexpr
+| 79  = @implicitnotnullexpr
+| 80  = @implicitcoerciontounitexpr
+| 81  = @notinstanceofexpr
+| 82  = @stmtexpr
+| 83  = @stringtemplateexpr
+| 84  = @notnullexpr
+| 85  = @unsafecoerceexpr
+| 86  = @valueeqexpr
+| 87  = @valueneexpr
+| 88  = @propertyref
+;
+
+/** Holds if this `when` expression was written as an `if` expression. */
+when_if(unique int id: @whenexpr ref);
+
+/** Holds if this `when` branch was written as an `else` branch. */
+when_branch_else(unique int id: @whenbranch ref);
+
+@classinstancexpr = @newexpr | @lambdaexpr | @memberref | @propertyref
+
+@annotation = @declannotation | @typeannotation
+@typeaccess = @unannotatedtypeaccess | @annotatedtypeaccess
+
+@assignment = @assignexpr
+             | @assignop;
+
+@unaryassignment = @postincexpr
+                 | @postdecexpr
+                 | @preincexpr
+                 | @predecexpr;
+
+@assignop = @assignaddexpr
+             | @assignsubexpr
+             | @assignmulexpr
+             | @assigndivexpr
+             | @assignremexpr
+             | @assignandexpr
+             | @assignorexpr
+             | @assignxorexpr
+             | @assignlshiftexpr
+             | @assignrshiftexpr
+             | @assignurshiftexpr;
+
+@literal = @booleanliteral
+             | @integerliteral
+             | @longliteral
+             | @floatingpointliteral
+             | @doubleliteral
+             | @characterliteral
+             | @stringliteral
+             | @nullliteral;
+
+@binaryexpr = @mulexpr
+             | @divexpr
+             | @remexpr
+             | @addexpr
+             | @subexpr
+             | @lshiftexpr
+             | @rshiftexpr
+             | @urshiftexpr
+             | @andbitexpr
+             | @orbitexpr
+             | @xorbitexpr
+             | @andlogicalexpr
+             | @orlogicalexpr
+             | @ltexpr
+             | @gtexpr
+             | @leexpr
+             | @geexpr
+             | @eqexpr
+             | @neexpr
+             | @valueeqexpr
+             | @valueneexpr;
+
+@unaryexpr =   @postincexpr
+             | @postdecexpr
+             | @preincexpr
+             | @predecexpr
+             | @minusexpr
+             | @plusexpr
+             | @bitnotexpr
+             | @lognotexpr
+             | @notnullexpr;
+
+@caller =  @classinstancexpr
+         | @methodaccess
+         | @constructorinvocationstmt
+         | @superconstructorinvocationstmt;
+
+callableBinding(
+  unique int callerid: @caller ref,
+  int callee: @callable ref
+);
+
+memberRefBinding(
+  unique int id: @expr ref,
+  int callable: @callable ref
+);
+
+propertyRefGetBinding(
+  unique int id: @expr ref,
+  int getter: @callable ref
+);
+
+propertyRefFieldBinding(
+  unique int id: @expr ref,
+  int field: @field ref
+);
+
+propertyRefSetBinding(
+  unique int id: @expr ref,
+  int setter: @callable ref
+);
+
+@exprparent = @stmt | @expr | @whenbranch | @callable | @field | @fielddecl | @class | @interface | @param | @localvar | @typevariable;
+
+variableBinding(
+  unique int expr: @varaccess ref,
+  int variable: @variable ref
+);
+
+@variable = @localscopevariable | @field;
+
+@localscopevariable = @localvar | @param;
+
+localvars(
+  unique int id: @localvar,
+  string nodeName: string ref,
+  int typeid: @type ref,
+  int parentid: @localvariabledeclexpr ref
+);
+
+localvarsKotlinType(
+  unique int id: @localvar ref,
+  int kttypeid: @kt_type ref
+);
+
+@namedexprorstmt = @breakstmt
+                 | @continuestmt
+                 | @labeledstmt
+                 | @literal;
+
+namestrings(
+  string name: string ref,
+  string value: string ref,
+  unique int parent: @namedexprorstmt ref
+);
+
+/*
+ * Modules
+ */
+
+#keyset[name]
+modules(
+  unique int id: @module,
+  string name: string ref
+);
+
+isOpen(
+  int id: @module ref
+);
+
+#keyset[fileId]
+cumodule(
+  int fileId: @file ref,
+  int moduleId: @module ref
+);
+
+@directive = @requires
+           | @exports
+           | @opens
+           | @uses
+           | @provides
+
+#keyset[directive]
+directives(
+  int id: @module ref,
+  int directive: @directive ref
+);
+
+requires(
+  unique int id: @requires,
+  int target: @module ref
+);
+
+isTransitive(
+  int id: @requires ref
+);
+
+isStatic(
+  int id: @requires ref
+);
+
+exports(
+  unique int id: @exports,
+  int target: @package ref
+);
+
+exportsTo(
+  int id: @exports ref,
+  int target: @module ref
+);
+
+opens(
+  unique int id: @opens,
+  int target: @package ref
+);
+
+opensTo(
+  int id: @opens ref,
+  int target: @module ref
+);
+
+uses(
+  unique int id: @uses,
+  string serviceInterface: string ref
+);
+
+provides(
+  unique int id: @provides,
+  string serviceInterface: string ref
+);
+
+providesWith(
+  int id: @provides ref,
+  string serviceImpl: string ref
+);
+
+/*
+ * Javadoc
+ */
+
+javadoc(
+  unique int id: @javadoc
+);
+
+isNormalComment(
+  int commentid : @javadoc ref
+);
+
+isEolComment(
+  int commentid : @javadoc ref
+);
+
+hasJavadoc(
+  int documentableid: @member ref,
+  int javadocid: @javadoc ref
+);
+
+#keyset[parentid,idx]
+javadocTag(
+  unique int id: @javadocTag,
+  string name: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+#keyset[parentid,idx]
+javadocText(
+  unique int id: @javadocText,
+  string text: string ref,
+  int parentid: @javadocParent ref,
+  int idx: int ref
+);
+
+@javadocParent = @javadoc | @javadocTag;
+@javadocElement = @javadocTag | @javadocText;
+
+@classorinterface = @interface | @class;
+@classorinterfaceorpackage = @classorinterface | @package;
+@classorinterfaceorcallable = @classorinterface | @callable;
+@boundedtype = @typevariable | @wildcard;
+@reftype = @classorinterface | @array | @boundedtype | @errortype;
+@classorarray = @class | @array;
+@type = @primitive | @reftype;
+@callable = @method | @constructor;
+
+/** A program element that has a name. */
+@element = @package | @modifier | @annotation | @errortype |
+           @locatableElement;
+
+@locatableElement = @file | @primitive | @class | @interface | @method | @constructor | @param | @exception | @field |
+                    @boundedtype | @array | @localvar | @expr | @stmt | @import | @fielddecl | @kt_type | @kt_type_alias |
+                    @kt_property;
+
+@modifiable = @member_modifiable| @param | @localvar | @typevariable;
+
+@member_modifiable = @class | @interface | @method | @constructor | @field | @kt_property;
+
+@member = @method | @constructor | @field | @reftype ;
+
+/** A program element that has a location. */
+@locatable = @typebound | @javadoc | @javadocTag | @javadocText | @xmllocatable | @ktcomment |
+             @locatableElement;
+
+@top = @element | @locatable | @folder;
+
+/*
+ * XML Files
+ */
+
+xmlEncoding(
+  unique int id: @file ref,
+  string encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  string root: string ref,
+  string publicId: string ref,
+  string systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  string name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  string name: string ref,
+  string value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  string prefixName: string ref,
+  string URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  string text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+ktComments(
+  unique int id: @ktcomment,
+  int kind: int ref,
+  string text : string ref
+)
+
+ktCommentSections(
+  unique int id: @ktcommentsection,
+  int comment: @ktcomment ref,
+  string content : string ref
+)
+
+ktCommentSectionNames(
+  unique int id: @ktcommentsection ref,
+  string name : string ref
+)
+
+ktCommentSectionSubjectNames(
+  unique int id: @ktcommentsection ref,
+  string subjectname : string ref
+)
+
+#keyset[id, owner]
+ktCommentOwners(
+  int id: @ktcomment ref,
+  int owner: @top ref
+)
+
+ktExtensionFunctions(
+  unique int id: @method ref,
+  int typeid: @type ref,
+  int kttypeid: @kt_type ref
+)
+
+ktProperties(
+  unique int id: @kt_property,
+  string nodeName: string ref
+)
+
+ktPropertyGetters(
+  unique int id: @kt_property ref,
+  int getter: @method ref
+)
+
+ktPropertySetters(
+  unique int id: @kt_property ref,
+  int setter: @method ref
+)
+
+ktPropertyBackingFields(
+  unique int id: @kt_property ref,
+  int backingField: @field ref
+)
+
+ktSyntheticBody(
+  unique int id: @callable ref,
+  int kind: int ref
+  // 1: ENUM_VALUES
+  // 2: ENUM_VALUEOF
+)
+
+ktLocalFunction(
+  unique int id: @method ref
+)
+
+ktInitializerAssignment(
+  unique int id: @assignexpr ref
+)
+
+ktPropertyDelegates(
+  unique int id: @kt_property ref,
+  unique int variableId: @variable ref
+)
+
+/**
+ * If `id` is a compiler generated element, then the kind indicates the
+ * reason that the compiler generated it.
+ * See `Element.compilerGeneratedReason()` for an explanation of what
+ * each `kind` means.
+ */
+compiler_generated(
+  unique int id: @element ref,
+  int kind: int ref
+)
+
+ktFunctionOriginalNames(
+  unique int id: @method ref,
+  string name: string ref
+)
+
+ktDataClasses(
+  unique int id: @class ref
+)
diff --git a/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties
new file mode 100644
index 00000000000..1c05ac39dbe
--- /dev/null
+++ b/java/ql/lib/upgrades/709f1d1fd04ffd9bbcf242f17b120f8a389949bd/upgrade.properties
@@ -0,0 +1,2 @@
+description: Add compilation_info
+compatibility: backwards
diff --git a/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql b/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql
index 83093433123..6942eaab69a 100644
--- a/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql
+++ b/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql
@@ -14,5 +14,6 @@ from RefType t
 where
   t.fromSource() and
   not t instanceof AnonymousClass and
+  not t.isCompilerGenerated() and
   not t.getName().substring(0, 1).toUpperCase() = t.getName().substring(0, 1)
 select t, "Class and interface names should start in uppercase."
diff --git a/java/ql/src/Advisory/Statements/OneStatementPerLine.ql b/java/ql/src/Advisory/Statements/OneStatementPerLine.ql
index 99ab9003e60..b4133761e27 100644
--- a/java/ql/src/Advisory/Statements/OneStatementPerLine.ql
+++ b/java/ql/src/Advisory/Statements/OneStatementPerLine.ql
@@ -37,6 +37,7 @@ predicate oneLineStatement(Stmt s, File f, int line, int col) {
 from Stmt s, Stmt s2
 where
   exists(File f, int line, int col, int col2 |
+    f.isJavaSourceFile() and
     oneLineStatement(s, f, line, col) and
     oneLineStatement(s2, f, line, col2) and
     col < col2 and
diff --git a/java/ql/src/AlertSuppression.ql b/java/ql/src/AlertSuppression.ql
index 3fbecf8cfc1..d37bd174692 100644
--- a/java/ql/src/AlertSuppression.ql
+++ b/java/ql/src/AlertSuppression.ql
@@ -53,9 +53,7 @@ class SuppressionComment extends Javadoc {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @javadoc {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @javadoc instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -69,7 +67,7 @@ class SuppressionScope extends @javadoc {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/java/ql/src/AlertSuppressionAnnotations.ql b/java/ql/src/AlertSuppressionAnnotations.ql
index 7f0ee74a0d8..91cb65934cd 100644
--- a/java/ql/src/AlertSuppressionAnnotations.ql
+++ b/java/ql/src/AlertSuppressionAnnotations.ql
@@ -69,9 +69,7 @@ class SuppressionAnnotation extends SuppressWarningsAnnotation {
 /**
  * The scope of an alert suppression annotation.
  */
-class SuppressionScope extends @annotation {
-  SuppressionScope() { this instanceof SuppressionAnnotation }
-
+class SuppressionScope extends @annotation instanceof SuppressionAnnotation {
   /** Gets a suppression annotation with this scope. */
   SuppressionAnnotation getSuppressionAnnotation() { result = this }
 
@@ -85,7 +83,7 @@ class SuppressionScope extends @annotation {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionAnnotation).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/java/ql/src/Architecture/Dependencies/MutualDependency.ql b/java/ql/src/Architecture/Dependencies/MutualDependency.ql
index c6ef88cd305..6d66daf1c67 100644
--- a/java/ql/src/Architecture/Dependencies/MutualDependency.ql
+++ b/java/ql/src/Architecture/Dependencies/MutualDependency.ql
@@ -30,6 +30,8 @@ where
     t2.getName().toLowerCase().matches("%visitor%") or
     t1.getAMethod().getName().toLowerCase().matches("%visit%") or
     t2.getAMethod().getName().toLowerCase().matches("%visit%") or
-    t1.getPackage() = t2.getPackage()
+    t1.getPackage() = t2.getPackage() or
+    t1.getFile().isKotlinSourceFile() or
+    t2.getFile().isKotlinSourceFile()
   )
 select t1, "This type and type $@ are mutually dependent.", t2, t2.getName()
diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md
index 61b4170ca74..7bab127cafc 100644
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 0.4.6
+
+### Minor Analysis Improvements
+
+* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### New Queries
+
+* The query `java/insufficient-key-size` has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4926).
+* Added a new query, `java/android/sensitive-keyboard-cache`, to detect instances of sensitive information possibly being saved to the Android keyboard cache.
+
 ## 0.4.3
 
 No user-facing changes.
diff --git a/java/ql/src/DeadCode/DeadClass.ql b/java/ql/src/DeadCode/DeadClass.ql
index 8a1b5e0be77..23f08fec3b8 100644
--- a/java/ql/src/DeadCode/DeadClass.ql
+++ b/java/ql/src/DeadCode/DeadClass.ql
@@ -14,6 +14,8 @@ import semmle.code.java.deadcode.DeadCode
 
 from DeadClass c, Element origin, string reason
 where
+  not c.getFile().isKotlinSourceFile() and
+  not origin.getFile().isKotlinSourceFile() and
   if exists(DeadRoot root | root = c.getADeadRoot() | not root = c.getACallable())
   then (
     // Report a list of the dead roots.
diff --git a/java/ql/src/DeadCode/DeadField.ql b/java/ql/src/DeadCode/DeadField.ql
index 6a80e13e716..7a8bca7ac7b 100644
--- a/java/ql/src/DeadCode/DeadField.ql
+++ b/java/ql/src/DeadCode/DeadField.ql
@@ -15,6 +15,8 @@ import semmle.code.java.deadcode.DeadCode
 
 from DeadField f, Element origin, string reason
 where
+  not f.getFile().isKotlinSourceFile() and
+  not origin.getFile().isKotlinSourceFile() and
   not f.isInDeadScope() and
   if f.getAnAccess() instanceof FieldRead
   then (
diff --git a/java/ql/src/DeadCode/DeadMethod.ql b/java/ql/src/DeadCode/DeadMethod.ql
index 8b5d0f155ef..77401341b6c 100644
--- a/java/ql/src/DeadCode/DeadMethod.ql
+++ b/java/ql/src/DeadCode/DeadMethod.ql
@@ -15,6 +15,8 @@ import semmle.code.java.deadcode.DeadCode
 
 from DeadMethod c, Callable origin, string reason
 where
+  not c.getFile().isKotlinSourceFile() and
+  not origin.getFile().isKotlinSourceFile() and
   not c.isInDeadScope() and
   if exists(DeadRoot deadRoot | deadRoot = getADeadRoot(c) | deadRoot.getSourceDeclaration() != c)
   then (
diff --git a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
index 1f05298878a..1c7bb13c065 100644
--- a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql	
+++ b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql	
@@ -64,6 +64,7 @@ class UnimplementedEquals extends EqualsMethod {
 
 from EqualsMethod m
 where
+  m.getFile().isJavaSourceFile() and
   exists(m.getBody()) and
   exists(Parameter p | p = m.getAParameter() |
     // The parameter has no type test
diff --git a/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql b/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
index a8faf679f7e..92da62633d8 100644
--- a/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql	
+++ b/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql	
@@ -33,6 +33,7 @@ predicate safeReaderType(RefType t) {
 
 from ClassInstanceExpr cie, RefType t
 where
+  cie.getFile().isJavaSourceFile() and
   badCloseableInit(cie) and
   cie.getType() = t and
   readerType(t) and
diff --git a/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql b/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql
index 44e77f3fe8f..e7584aba67d 100644
--- a/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql	
+++ b/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql	
@@ -15,6 +15,7 @@ import CloseType
 
 from CloseableInitExpr cie, RefType t
 where
+  cie.getFile().isJavaSourceFile() and
   badCloseableInit(cie) and
   cie.getType() = t and
   sqlType(t) and
diff --git a/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql b/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
index 0143a946133..fa04de220bf 100644
--- a/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql	
+++ b/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql	
@@ -29,6 +29,7 @@ predicate safeWriterType(RefType t) {
 
 from ClassInstanceExpr cie, RefType t
 where
+  cie.getFile().isJavaSourceFile() and
   badCloseableInit(cie) and
   cie.getType() = t and
   writerType(t) and
diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql
index 920958ce3ce..a39e29f6576 100644
--- a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql	
+++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql	
@@ -55,6 +55,8 @@ string nonSerialReason(RefType t) {
 predicate exceptions(Class c, Field f) {
   f.getDeclaringType() = c and
   (
+    c.isCompilerGenerated()
+    or
     // `Serializable` objects with custom `readObject` or `writeObject` methods
     // may write out the "non-serializable" fields in a different way.
     c.declaresMethod("readObject")
diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
index 1bf54abb89f..8081c551eed 100644
--- a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql	
+++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql	
@@ -77,7 +77,7 @@ predicate exceptions(NestedClass inner) {
 
 from NestedClass inner, Class outer, string advice
 where
-  inner.fromSource() and
+  inner.getFile().isJavaSourceFile() and
   isSerializable(inner) and
   outer = enclosingInstanceType+(inner) and
   not isSerializable(outer) and
diff --git a/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql b/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql
index 4dd2c397a87..411890474e5 100644
--- a/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql	
+++ b/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql	
@@ -56,6 +56,7 @@ predicate blockParent(Stmt empty, string msg) {
 
 from Stmt empty, string msg
 where
+  empty.getFile().isJavaSourceFile() and
   empty = emptyBody() and
   blockParent(empty, msg)
 select empty, msg + " Typographical error or missing code?"
diff --git a/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql b/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql
index 3355fd22190..c50a9a5f1a4 100644
--- a/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql	
+++ b/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql	
@@ -75,6 +75,7 @@ predicate isMustBeQualifierMockingMethod(Method m) {
 
 predicate relevantMethodCall(MethodAccess ma, Method m) {
   // For "return value ignored", all method calls are relevant.
+  not ma.getFile().isKotlinSourceFile() and
   ma.getMethod() = m and
   not m.getReturnType().hasName("void") and
   (not isMockingMethod(m) or isMustBeQualifierMockingMethod(m)) and
diff --git a/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql b/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql
new file mode 100644
index 00000000000..eb03a785702
--- /dev/null
+++ b/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql
@@ -0,0 +1,76 @@
+/**
+ * @id java/summary/generated-vs-manual-coverage
+ * @name Metrics of generated versus manual MaD coverage
+ * @description Expose metrics for the number of API endpoints covered by generated versus manual MaD models.
+ * @kind table
+ * @tags summary
+ */
+
+import java
+import semmle.code.java.dataflow.FlowSummary
+import utils.modelgenerator.internal.CaptureModels
+
+/**
+ * Returns the number of `DataFlowTargetApi`s with Summary MaD models
+ * for a given package and provenance.
+ */
+bindingset[package]
+private int getNumMadModeledApis(string package, string provenance) {
+  provenance in ["generated", "manual", "both"] and
+  result =
+    count(SummarizedCallable sc |
+      package = sc.asCallable().getCompilationUnit().getPackage().getName() and
+      sc.asCallable() instanceof DataFlowTargetApi and
+      (
+        // "auto-only"
+        sc.isAutoGenerated() and
+        provenance = "generated"
+        or
+        // "manual-only"
+        sc.hasProvenance(false) and
+        not sc.hasProvenance(true) and
+        provenance = "manual"
+        or
+        // "both"
+        sc.hasProvenance(false) and
+        sc.hasProvenance(true) and
+        provenance = "both"
+      )
+    )
+}
+
+/** Returns the total number of `DataFlowTargetApi`s for a given package. */
+private int getNumApis(string package) {
+  result =
+    strictcount(DataFlowTargetApi dataFlowTargApi |
+      package = dataFlowTargApi.getCompilationUnit().getPackage().getName()
+    )
+}
+
+from
+  string package, int generatedOnly, int both, int manualOnly, int generated, int manual, int non,
+  int all, float coverage, float generatedCoverage, float manualCoverage,
+  float manualCoveredByGenerated, float generatedCoveredByManual, float match
+where
+  // count the number of APIs with generated-only, both, and manual-only MaD models for each package
+  generatedOnly = getNumMadModeledApis(package, "generated") and
+  both = getNumMadModeledApis(package, "both") and
+  manualOnly = getNumMadModeledApis(package, "manual") and
+  // calculate the total generated and total manual numbers
+  generated = generatedOnly + both and
+  manual = manualOnly + both and
+  // count the total number of `DataFlowTargetApi`s for each package
+  all = getNumApis(package) and
+  non = all - (generatedOnly + both + manualOnly) and
+  // Proportion of coverage
+  coverage = (generatedOnly + both + manualOnly).(float) / all and
+  generatedCoverage = generated.(float) / all and
+  manualCoverage = manual.(float) / all and
+  // Proportion of manual models covered by generated ones
+  manualCoveredByGenerated = both.(float) / (both + manualOnly) and
+  // Proportion of generated models covered by manual ones
+  generatedCoveredByManual = both.(float) / (both + generatedOnly) and
+  // Proportion of data points that match
+  match = (both.(float) + non) / all
+select package, generatedOnly, both, manualOnly, non, all, coverage, generatedCoverage,
+  manualCoverage, manualCoveredByGenerated, generatedCoveredByManual, match order by package
diff --git a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
index d054659892c..b8ea3e52dbd 100644
--- a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+++ b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
@@ -12,14 +12,15 @@
  *       external/cwe/cwe-020
  */
 
-import semmle.code.java.security.OverlyLargeRangeQuery
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>
 
-RegExpCharacterClass potentialMisparsedCharClass() {
+TreeView::RegExpCharacterClass potentialMisparsedCharClass() {
   // nested char classes are currently misparsed
-  result.getAChild().(RegExpNormalChar).getValue() = "["
+  result.getAChild().(TreeView::RegExpNormalChar).getValue() = "["
 }
 
-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where
   problem(range, reason) and
   not range.getParent() = potentialMisparsedCharClass()
diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.java b/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
index 9246a19dc8d..339640ccc32 100644
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
@@ -16,9 +16,9 @@ public void sendUserFileFixed(Socket sock, String user) {
 	// ...
 	
 	// GOOD: remove all dots and directory delimiters from the filename before using
-	String filename = filenameReader.readLine().replaceAll("\.", "").replaceAll("/", "");
+	String filename = filenameReader.readLine().replaceAll("\\.", "").replaceAll("/", "");
 	BufferedReader fileReader = new BufferedReader(
 			new FileReader("/home/" + user + "/" + filename));
 
 	// ...
-}
\ No newline at end of file
+}
diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.qhelp b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.qhelp
new file mode 100644
index 00000000000..a60ec36995b
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.qhelp
@@ -0,0 +1,49 @@
+<!DOCTYPE qhelp PUBLIC
+ "-//Semmle//qhelp//EN"
+ "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Enabling JavaScript in an Android WebView allows the execution of
+      JavaScript code in the context of the running application. This creates a
+      cross-site scripting vulnerability.
+    </p>
+
+    <p>
+      For example, if your application's WebView allows for visiting web pages
+      that you do not trust, it is possible for an attacker to lead the user to
+      a page which loads malicious JavaScript.
+    </p>
+
+    <p>
+      You can enable or disable Javascript execution using
+      the <code>setJavaScriptEnabled</code> method of the settings of a WebView.
+    </p>
+  </overview>
+
+  <recommendation>
+    <p>JavaScript execution is disabled by default. You can explicitly disable
+    it by calling <code>setJavaScriptEnabled(false)</code> on the settings of
+    the WebView.</p>
+
+    <p>If JavaScript is necessary, only load content from trusted servers using encrypted channels, such as HTTPS with certificate verification.</p>
+  </recommendation>
+
+  <example>
+    <p>In the following (bad) example, a WebView has JavaScript enabled in its settings:</p>
+
+    <sample src="WebSettingsEnableJavascript.java"/>
+
+    <p>In the following (good) example, a WebView explicitly disallows JavaScript execution:</p>
+
+    <sample src="WebSettingsDisableJavascript.java"/>
+
+  </example>
+
+  <references>
+    <li>
+      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setJavaScriptEnabled(boolean)">setJavaScriptEnabled</a>
+    </li>
+  </references>
+
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
new file mode 100644
index 00000000000..d0a92925934
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
@@ -0,0 +1,20 @@
+/**
+ * @name Android WebView JavaScript settings
+ * @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
+ * @kind problem
+ * @id java/android-websettings-javascript-enabled
+ * @problem.severity warning
+ * @security-severity 6.1
+ * @precision medium
+ * @tags security
+ *       external/cwe/cwe-079
+ */
+
+import java
+import semmle.code.java.frameworks.android.WebView
+
+from MethodAccess ma
+where
+  ma.getMethod() instanceof AllowJavaScriptMethod and
+  ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
+select ma, "JavaScript execution enabled in WebView."
diff --git a/java/ql/src/Security/CWE/CWE-079/WebSettingsDisableJavascript.java b/java/ql/src/Security/CWE/CWE-079/WebSettingsDisableJavascript.java
new file mode 100644
index 00000000000..43a8cd92c0e
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/WebSettingsDisableJavascript.java
@@ -0,0 +1,2 @@
+WebSettings settings = webview.getSettings();
+settings.setJavaScriptEnabled(false);
diff --git a/java/ql/src/Security/CWE/CWE-079/WebSettingsEnableJavascript.java b/java/ql/src/Security/CWE/CWE-079/WebSettingsEnableJavascript.java
new file mode 100644
index 00000000000..adfac156009
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/WebSettingsEnableJavascript.java
@@ -0,0 +1,2 @@
+WebSettings settings = webview.getSettings();
+settings.setJavaScriptEnabled(true);
diff --git a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
index 259f36fb42b..bce8d934ac6 100644
--- a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -20,9 +20,7 @@ int leftWidth(ComparisonExpr e) { result = e.getLeftOperand().getType().(NumType
 
 int rightWidth(ComparisonExpr e) { result = e.getRightOperand().getType().(NumType).getWidthRank() }
 
-abstract class WideningComparison extends BinaryExpr {
-  WideningComparison() { this instanceof ComparisonExpr }
-
+abstract class WideningComparison extends BinaryExpr instanceof ComparisonExpr {
   abstract Expr getNarrower();
 
   abstract Expr getWider();
diff --git a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp
new file mode 100644
index 00000000000..44d69f410fb
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp
@@ -0,0 +1,65 @@
+<!DOCTYPE qhelp PUBLIC
+ "-//Semmle//qhelp//EN"
+ "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      Allowing file access in an Android WebView can expose a device's file system to
+      the JavaScript running in that WebView. If the JavaScript contains
+      vulnerabilities or the WebView loads untrusted content, file access
+      allows an attacker to steal the user's data.
+    </p>
+  </overview>
+
+  <recommendation>
+    <p>When possible, do not allow file access. The file access settings
+    are disabled by default. You can explicitly disable file access by setting the
+    following settings to <code>false</code>:</p>
+
+    <ul>
+      <li><code>setAllowFileAccess</code></li>
+      <li><code>setAllowFileAccessFromFileURLs</code></li>
+      <li><code>setAllowUniversalAccessFromFileURLs</code></li>
+    </ul>
+
+    <p>If your application requires access to the file system, it is best to
+    avoid using <code>file://</code> URLs. Instead, use an alternative that
+    loads files via HTTPS, such
+    as <code>androidx.webkit.WebViewAssetLoader</code>.</p>
+  </recommendation>
+
+  <example>
+    <p>In the following (bad) example, the WebView is configured with settings
+    that allow local file access.</p>
+
+    <sample src="WebViewFileAccessUnsafe.java"/>
+
+    <p>In the following (good) example, the WebView is configured to disallow file access.</p>
+
+    <sample src="WebViewFileAccessSafe.java"/>
+
+    <p>
+      As mentioned previously, asset loaders can load files without file system 
+      access. In the following (good) example, an asset loader is configured to 
+      load assets over HTTPS.
+    </p>
+
+    <sample src="AssetLoaderExample.java"/>
+  </example>
+
+  <references>
+    <li>
+      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)">WebSettings.setAllowFileAccess</a>.
+    </li>
+    <li>
+      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)">WebSettings.setAllowFileAccessFromFileURLs</a>.
+    </li>
+    <li>
+      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)">WebSettings.setAllowUniversalAccessFromFileURLs</a>.
+    </li>
+    <li>
+      Android documentation: <a href="https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader">WebViewAssetLoader</a>.
+    </li>
+  </references>
+
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
new file mode 100644
index 00000000000..a477fbe9e82
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
@@ -0,0 +1,22 @@
+/**
+ * @name Android WebSettings file access
+ * @kind problem
+ * @description Enabling access to the file system in a WebView allows attackers to view sensitive information.
+ * @id java/android-websettings-file-access
+ * @problem.severity warning
+ * @security-severity 6.5
+ * @precision medium
+ * @tags security
+ *       external/cwe/cwe-200
+ */
+
+import java
+import semmle.code.java.frameworks.android.WebView
+
+from MethodAccess ma
+where
+  ma.getMethod() instanceof CrossOriginAccessMethod and
+  ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
+select ma,
+  "WebView setting " + ma.getMethod().getName() +
+    " may allow for unauthorized access of sensitive information."
diff --git a/java/ql/src/Security/CWE/CWE-200/AssetLoaderExample.java b/java/ql/src/Security/CWE/CWE-200/AssetLoaderExample.java
new file mode 100644
index 00000000000..dfd5afda5ae
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-200/AssetLoaderExample.java
@@ -0,0 +1,15 @@
+WebViewAssetLoader loader = new WebViewAssetLoader.Builder()
+    // Replace the domain with a domain you control, or use the default
+    // appassets.androidplatform.com
+    .setDomain("appassets.example.com")
+    .addPathHandler("/resources", new AssetsPathHandler(this))
+    .build();
+
+webView.setWebViewClient(new WebViewClientCompat() {
+    @Override
+    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
+        return assetLoader.shouldInterceptRequest(request.getUrl());
+    }
+});
+
+webView.loadUrl("https://appassets.example.com/resources/www/index.html");
diff --git a/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessSafe.java b/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessSafe.java
new file mode 100644
index 00000000000..6002888cba1
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessSafe.java
@@ -0,0 +1,5 @@
+WebSettings settings = view.getSettings();
+
+settings.setAllowFileAccess(false);
+settings.setAllowFileAccessFromURLs(false);
+settings.setAllowUniversalAccessFromURLs(false);
diff --git a/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessUnsafe.java b/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessUnsafe.java
new file mode 100644
index 00000000000..6c17d66c3b0
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-200/WebViewFileAccessUnsafe.java
@@ -0,0 +1,5 @@
+WebSettings settings = view.getSettings();
+
+settings.setAllowFileAccess(true);
+settings.setAllowFileAccessFromURLs(true);
+settings.setAllowUniversalAccessFromURLs(true);
diff --git a/java/ql/src/Security/CWE/CWE-524/Example.xml b/java/ql/src/Security/CWE/CWE-524/Example.xml
new file mode 100644
index 00000000000..7317eda1618
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-524/Example.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto">
+
+    <!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->
+    <EditText
+        android:id="@+id/password_bad"
+        android:inputType="text"/> 
+
+    <!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->
+    <EditText
+        android:id="@+id/password_good"
+        android:inputType="textPassword"/>  
+</LinearLayout>
\ No newline at end of file
diff --git a/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp b/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp
new file mode 100644
index 00000000000..7a16bbd6f80
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp
@@ -0,0 +1,33 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>When a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache.</p>
+
+</overview>
+<recommendation>
+
+<p>For input fields expected to accept sensitive information, use input types such as <code>"textNoSuggestions"</code> (or <code>"textPassword"</code> for a password) to ensure the input does not get stored in the keyboard cache.</p>
+<p>Optionally, instead of declaring an input type through XML, you can set the input type in your code using <code>TextView.setInputType()</code>.</p>
+</recommendation>
+<example>
+
+<p>In the following example, the field labeled BAD allows the password to be saved to the keyboard cache,
+ whereas the field labeled GOOD uses the <code>"textPassword"</code> input type to ensure the password is not cached.</p>
+
+<sample src="Example.xml" />
+
+</example>
+<references>
+
+<li>
+  OWASP Mobile Application Security Testing Guide: <a href="https://github.com/OWASP/owasp-mastg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5">Determining Whether the Keyboard Cache Is Disabled for Text Input Fields</a>.
+</li>
+<li>
+  Android Developers: <a href="https://developer.android.com/reference/android/widget/TextView#attr_android:inputType">android:inputType attribute documentation.</a>
+</li>
+
+</references>
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql b/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
new file mode 100644
index 00000000000..d5a7bc50c05
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
@@ -0,0 +1,18 @@
+/**
+ * @name Android sensitive keyboard cache
+ * @description Allowing the keyboard to cache sensitive information may result in information leaks to other applications.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 8.1
+ * @id java/android/sensitive-keyboard-cache
+ * @tags security
+ *       external/cwe/cwe-524
+ * @precision medium
+ */
+
+import java
+import semmle.code.java.security.SensitiveKeyboardCacheQuery
+
+from AndroidEditableXmlElement el
+where el = getASensitiveCachedInput()
+select el, "This input field may contain sensitive information that is saved to the keyboard cache."
diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
index de4a3bd8ffe..0766ee07134 100644
--- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
@@ -26,18 +26,31 @@ predicate isSafeSecureCookieSetting(Expr e) {
   )
 }
 
+class SecureCookieConfiguration extends DataFlow::Configuration {
+  SecureCookieConfiguration() { this = "SecureCookieConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) {
+    exists(MethodAccess ma, Method m | ma.getMethod() = m |
+      m.getDeclaringType() instanceof TypeCookie and
+      m.getName() = "setSecure" and
+      source.asExpr() = ma.getQualifier() and
+      forex(DataFlow::Node argSource |
+        DataFlow::localFlow(argSource, DataFlow::exprNode(ma.getArgument(0))) and
+        not DataFlow::localFlowStep(_, argSource)
+      |
+        isSafeSecureCookieSetting(argSource.asExpr())
+      )
+    )
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink.asExpr() =
+      any(MethodAccess add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
+  }
+}
+
 from MethodAccess add
 where
   add.getMethod() instanceof ResponseAddCookieMethod and
-  not exists(Variable cookie, MethodAccess m |
-    add.getArgument(0) = cookie.getAnAccess() and
-    m.getMethod().getName() = "setSecure" and
-    forex(DataFlow::Node argSource |
-      DataFlow::localFlow(argSource, DataFlow::exprNode(m.getArgument(0))) and
-      not DataFlow::localFlowStep(_, argSource)
-    |
-      isSafeSecureCookieSetting(argSource.asExpr())
-    ) and
-    m.getQualifier() = cookie.getAnAccess()
-  )
+  not any(SecureCookieConfiguration df).hasFlowToExpr(add.getArgument(0))
 select add, "Cookie is added to response without the 'secure' flag being set."
diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
index 75cd8335fac..a84f1c5213e 100644
--- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
@@ -17,7 +17,9 @@ import java
 import semmle.code.java.security.regexp.PolynomialReDoSQuery
 import DataFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp
+from
+  DataFlow::PathNode source, DataFlow::PathNode sink,
+  SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
 where hasPolynomialReDoSResult(source, sink, regexp)
 select sink, source, sink,
   "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
diff --git a/java/ql/src/Security/CWE/CWE-730/ReDoS.ql b/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
index 23e258e8915..ca4750fc858 100644
--- a/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+++ b/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
@@ -14,12 +14,12 @@
  *       external/cwe/cwe-400
  */
 
-import java
-import semmle.code.java.security.regexp.ExponentialBackTracking
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as ExponentialBackTracking
 
-from RegExpTerm t, string pump, State s, string prefixMsg
+from TreeView::RegExpTerm t, string pump, ExponentialBackTracking::State s, string prefixMsg
 where
-  hasReDoSResult(t, pump, s, prefixMsg) and
+  ExponentialBackTracking::hasReDoSResult(t, pump, s, prefixMsg) and
   // exclude verbose mode regexes for now
   not t.getRegex().getAMode() = "VERBOSE"
 select t,
diff --git a/java/ql/src/Security/CWE/CWE-730/RegexInjection.java b/java/ql/src/Security/CWE/CWE-730/RegexInjection.java
new file mode 100644
index 00000000000..673d5a2fa40
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.java
@@ -0,0 +1,22 @@
+import java.util.regex.Pattern;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+
+public class RegexInjectionDemo extends HttpServlet {
+
+  public boolean badExample(javax.servlet.http.HttpServletRequest request) {
+    String regex = request.getParameter("regex");
+    String input = request.getParameter("input");
+
+    // BAD: Unsanitized user input is used to construct a regular expression
+    return input.matches(regex);
+  }
+
+  public boolean goodExample(javax.servlet.http.HttpServletRequest request) {
+    String regex = request.getParameter("regex");
+    String input = request.getParameter("input");
+
+    // GOOD: User input is sanitized before constructing the regex
+    return input.matches(Pattern.quote(regex));
+  }
+}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.qhelp b/java/ql/src/Security/CWE/CWE-730/RegexInjection.qhelp
similarity index 67%
rename from java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.qhelp
rename to java/ql/src/Security/CWE/CWE-730/RegexInjection.qhelp
index 6cd80b52f75..3e239d07107 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.qhelp
+++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.qhelp
@@ -15,25 +15,25 @@ perform a Denial of Service attack.
 <recommendation>
 <p>
 Before embedding user input into a regular expression, use a sanitization function
-to escape meta-characters that have special meaning.
+such as <code>Pattern.quote</code> to escape meta-characters that have special meaning.
 </p>
 </recommendation>
 
 <example>
 <p>
-The following example shows a HTTP request parameter that is used to construct a regular expression:
+The following example shows an HTTP request parameter that is used to construct a regular expression.
 </p>
-<sample src="RegexInjection.java" />
 <p>
 In the first case the user-provided regex is not escaped.
-If a malicious user provides a regex that has exponential worst case performance,
+If a malicious user provides a regex whose worst-case performance is exponential,
 then this could lead to a Denial of Service.
 </p>
 <p>
-In the second case, the user input is escaped using <code>escapeSpecialRegexChars</code> before being included
+In the second case, the user input is escaped using <code>Pattern.quote</code> before being included
 in the regular expression. This ensures that the user cannot insert characters which have a special
 meaning in regular expressions.
 </p>
+<sample src="RegexInjection.java" />
 </example>
 
 <references>
@@ -44,5 +44,8 @@ OWASP:
 <li>
 Wikipedia: <a href="https://en.wikipedia.org/wiki/ReDoS">ReDoS</a>.
 </li>
+<li>
+Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#quote(java.lang.String)">Pattern.quote</a>.
+</li>
 </references>
 </qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
new file mode 100644
index 00000000000..820e0949d22
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
@@ -0,0 +1,23 @@
+/**
+ * @name Regular expression injection
+ * @description User input should not be used in regular expressions without first being escaped,
+ *              otherwise a malicious user may be able to provide a regex that could require
+ *              exponential time on certain inputs.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 7.5
+ * @precision high
+ * @id java/regex-injection
+ * @tags security
+ *       external/cwe/cwe-730
+ *       external/cwe/cwe-400
+ */
+
+import java
+import semmle.code.java.security.regexp.RegexInjectionQuery
+import DataFlow::PathGraph
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c
+where c.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"
diff --git a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
index ede03c50b00..dca1a9cc4b7 100644
--- a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+++ b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
@@ -17,7 +17,8 @@ import java
 import semmle.code.xml.MavenPom
 
 predicate isInsecureRepositoryUsage(DeclaredRepository repository) {
-  repository.getRepositoryUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
+  repository.getRepositoryUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*") and
+  not repository.isDisabled()
 }
 
 from DeclaredRepository repository
diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll
index c3e11d4b9bc..2f7ebcc9d19 100644
--- a/java/ql/src/Telemetry/ExternalApi.qll
+++ b/java/ql/src/Telemetry/ExternalApi.qll
@@ -31,11 +31,17 @@ private string containerAsJar(Container container) {
   if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
 }
 
+/** Holds if the given callable is not worth supporting. */
+private predicate isUninteresting(Callable c) {
+  c.getDeclaringType() instanceof TestLibrary or
+  c.(Constructor).isParameterless()
+}
+
 /**
  * An external API from either the Standard Library or a 3rd party library.
  */
 class ExternalApi extends Callable {
-  ExternalApi() { not this.fromSource() }
+  ExternalApi() { not this.fromSource() and not isUninteresting(this) }
 
   /**
    * Gets information about the external API in the form expected by the CSV modeling framework.
@@ -73,18 +79,6 @@ class ExternalApi extends Callable {
     TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)
   }
 
-  /** Holds if this API is a constructor without parameters. */
-  private predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
-  }
-
-  /** Holds if this API is part of a common testing library or framework. */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
-
-  /** Holds if this API is not worth supporting. */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
-  /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
   }
diff --git a/java/ql/src/Telemetry/ExternalLibraryUsage.ql b/java/ql/src/Telemetry/ExternalLibraryUsage.ql
index bf63b91d02a..6fe9e3e0915 100644
--- a/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+++ b/java/ql/src/Telemetry/ExternalLibraryUsage.ql
@@ -14,8 +14,7 @@ private predicate getRelevantUsages(string jarname, int usages) {
     strictcount(Call c, ExternalApi a |
       c.getCallee().getSourceDeclaration() = a and
       not c.getFile() instanceof GeneratedFile and
-      a.jarContainer() = jarname and
-      not a.isUninteresting()
+      a.jarContainer() = jarname
     )
 }
 
diff --git a/java/ql/src/Telemetry/ExtractorInformation.ql b/java/ql/src/Telemetry/ExtractorInformation.ql
index 0eb420ba651..48eb49a1b07 100644
--- a/java/ql/src/Telemetry/ExtractorInformation.ql
+++ b/java/ql/src/Telemetry/ExtractorInformation.ql
@@ -9,6 +9,13 @@
 import java
 import semmle.code.java.Diagnostics
 
+predicate compilationInfo(string key, int value) {
+  exists(Compilation c, string infoKey |
+    key = infoKey + ": " + c.getInfo(infoKey) and
+    value = 1
+  )
+}
+
 predicate fileCount(string key, int value) {
   key = "Number of files" and
   value = strictcount(File f)
@@ -53,13 +60,38 @@ predicate extractorDiagnostics(string key, int value) {
   )
 }
 
+/*
+ * Just counting the diagnostics doesn't give the full picture, as
+ * CODEQL_EXTRACTOR_KOTLIN_DIAGNOSTIC_LIMIT means that some diagnostics
+ * will be suppressed. In that case, we need to look for the
+ * suppression message, uncount those that did get emitted, uncount the
+ * suppression message itself, and then add on the full count.
+ */
+
+predicate extractorTotalDiagnostics(string key, int value) {
+  exists(string extractor, string limitRegex |
+    limitRegex = "Total of ([0-9]+) diagnostics \\(reached limit of ([0-9]+)\\).*" and
+    key = "Total number of diagnostics from " + extractor and
+    value =
+      strictcount(Diagnostic d | d.getGeneratedBy() = extractor) +
+        sum(Diagnostic d |
+          d.getGeneratedBy() = extractor
+        |
+          d.getMessage().regexpCapture(limitRegex, 1).toInt() -
+              d.getMessage().regexpCapture(limitRegex, 2).toInt() - 1
+        )
+  )
+}
+
 from string key, int value
 where
+  compilationInfo(key, value) or
   fileCount(key, value) or
   fileCountByExtension(key, value) or
   totalNumberOfLines(key, value) or
   numberOfLinesOfCode(key, value) or
   totalNumberOfLinesByExtension(key, value) or
   numberOfLinesOfCodeByExtension(key, value) or
-  extractorDiagnostics(key, value)
+  extractorDiagnostics(key, value) or
+  extractorTotalDiagnostics(key, value)
 select key, value
diff --git a/java/ql/src/Telemetry/SupportedExternalApis.ql b/java/ql/src/Telemetry/SupportedExternalApis.ql
new file mode 100644
index 00000000000..ad1554dba91
--- /dev/null
+++ b/java/ql/src/Telemetry/SupportedExternalApis.ql
@@ -0,0 +1,20 @@
+/**
+ * @name Usage of supported APIs coming from external libraries
+ * @description A list of supported 3rd party APIs used in the codebase. Excludes test and generated code.
+ * @kind metric
+ * @tags summary telemetry
+ * @id java/telemetry/supported-external-api
+ */
+
+import java
+import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+import ExternalApi
+
+private predicate relevant(ExternalApi api) {
+  api.isSupported() or
+  api = any(FlowSummaryImpl::Public::NeutralCallable nsc).asCallable()
+}
+
+from string apiName, int usages
+where Results<relevant/1>::restrict(apiName, usages)
+select apiName, usages order by usages desc
diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql
index 7593adeed2a..6456b7e296c 100644
--- a/java/ql/src/Telemetry/SupportedExternalSinks.ql
+++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql
@@ -9,10 +9,7 @@
 import java
 import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSink()
-}
+private predicate relevant(ExternalApi api) { api.isSink() }
 
 from string apiName, int usages
 where Results<relevant/1>::restrict(apiName, usages)
diff --git a/java/ql/src/Telemetry/SupportedExternalSources.ql b/java/ql/src/Telemetry/SupportedExternalSources.ql
index 89f9b37cb55..9bb0f1202c1 100644
--- a/java/ql/src/Telemetry/SupportedExternalSources.ql
+++ b/java/ql/src/Telemetry/SupportedExternalSources.ql
@@ -9,10 +9,7 @@
 import java
 import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSource()
-}
+private predicate relevant(ExternalApi api) { api.isSource() }
 
 from string apiName, int usages
 where Results<relevant/1>::restrict(apiName, usages)
diff --git a/java/ql/src/Telemetry/SupportedExternalTaint.ql b/java/ql/src/Telemetry/SupportedExternalTaint.ql
index 3f995138812..52792b2bbd2 100644
--- a/java/ql/src/Telemetry/SupportedExternalTaint.ql
+++ b/java/ql/src/Telemetry/SupportedExternalTaint.ql
@@ -9,10 +9,7 @@
 import java
 import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.hasSummary()
-}
+private predicate relevant(ExternalApi api) { api.hasSummary() }
 
 from string apiName, int usages
 where Results<relevant/1>::restrict(apiName, usages)
diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
index 16871f87a53..3031529626d 100644
--- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -8,13 +8,11 @@
 
 import java
 import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
-import semmle.code.java.dataflow.internal.NegativeSummary
 import ExternalApi
 
 private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
   not api.isSupported() and
-  not api = any(FlowSummaryImpl::Public::NegativeSummarizedCallable nsc).asCallable()
+  not api = any(FlowSummaryImpl::Public::NeutralCallable nsc).asCallable()
 }
 
 from string apiName, int usages
diff --git a/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql b/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql
index 814a45bef6d..9b87a358905 100644
--- a/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql	
+++ b/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql	
@@ -92,13 +92,16 @@ class ComparisonOrEquality extends BinaryExpr {
 
 from Expr e, string pattern, string rewrite
 where
-  e.(BoolCompare).simplify(pattern, rewrite)
-  or
-  conditionalWithBool(e, pattern, rewrite)
-  or
-  e.(LogNotExpr).getExpr().(ComparisonOrEquality).negate(pattern, rewrite)
-  or
-  e.(LogNotExpr).getExpr() instanceof LogNotExpr and
-  pattern = "!!A" and
-  rewrite = "A"
+  e.getFile().isJavaSourceFile() and
+  (
+    e.(BoolCompare).simplify(pattern, rewrite)
+    or
+    conditionalWithBool(e, pattern, rewrite)
+    or
+    e.(LogNotExpr).getExpr().(ComparisonOrEquality).negate(pattern, rewrite)
+    or
+    e.(LogNotExpr).getExpr() instanceof LogNotExpr and
+    pattern = "!!A" and
+    rewrite = "A"
+  )
 select e, "Expressions of the form \"" + pattern + "\" can be simplified to \"" + rewrite + "\"."
diff --git a/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll b/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll
index 82933aa9bac..8837b207e20 100644
--- a/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll	
+++ b/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll	
@@ -1,4 +1,4 @@
-/*
+/**
  * Provides classes and predicates for "dead locals": which variables are used, which assignments are useless, etc.
  */
 
diff --git a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll
index 11dbd5cd8d3..5fc7e9069cd 100644
--- a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll	
+++ b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll	
@@ -8,26 +8,26 @@ private predicate trivialPositiveIntValue(string s) {
   s =
     [
       "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16",
-      "17", "18", "19", "20", "16", "32", "64", "128", "256", "512", "1024", "2048", "4096",
-      "16384", "32768", "65536", "1048576", "2147483648", "4294967296", "15", "31", "63", "127",
-      "255", "511", "1023", "2047", "4095", "16383", "32767", "65535", "1048577", "2147483647",
-      "4294967295", "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010",
-      "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400",
-      "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000",
-      "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000",
-      "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0x08000000", "0x10000000",
-      "0x20000000", "0x40000000", "0x80000000", "0x00000001", "0x00000003", "0x00000007",
-      "0x0000000f", "0x0000001f", "0x0000003f", "0x0000007f", "0x000000ff", "0x000001ff",
-      "0x000003ff", "0x000007ff", "0x00000fff", "0x00001fff", "0x00003fff", "0x00007fff",
-      "0x0000ffff", "0x0001ffff", "0x0003ffff", "0x0007ffff", "0x000fffff", "0x001fffff",
-      "0x003fffff", "0x007fffff", "0x00ffffff", "0x01ffffff", "0x03ffffff", "0x07ffffff",
-      "0x0fffffff", "0x1fffffff", "0x3fffffff", "0x7fffffff", "0xffffffff", "0x0001", "0x0002",
-      "0x0004", "0x0008", "0x0010", "0x0020", "0x0040", "0x0080", "0x0100", "0x0200", "0x0400",
-      "0x0800", "0x1000", "0x2000", "0x4000", "0x8000", "0x0001", "0x0003", "0x0007", "0x000f",
-      "0x001f", "0x003f", "0x007f", "0x00ff", "0x01ff", "0x03ff", "0x07ff", "0x0fff", "0x1fff",
-      "0x3fff", "0x7fff", "0xffff", "0x01", "0x02", "0x04", "0x08", "0x10", "0x20", "0x40", "0x80",
-      "0x01", "0x03", "0x07", "0x0f", "0x1f", "0x3f", "0x7f", "0xff", "0x00", "10", "100", "1000",
-      "10000", "100000", "1000000", "10000000", "100000000", "1000000000"
+      "17", "18", "19", "20", "32", "64", "128", "256", "512", "1024", "2048", "4096", "16384",
+      "32768", "65536", "1048576", "2147483648", "4294967296", "31", "63", "127", "255", "511",
+      "1023", "2047", "4095", "16383", "32767", "65535", "1048577", "2147483647", "4294967295",
+      "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020",
+      "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800",
+      "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000",
+      "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000",
+      "0x01000000", "0x02000000", "0x04000000", "0x08000000", "0x10000000", "0x20000000",
+      "0x40000000", "0x80000000", "0x00000003", "0x00000007", "0x0000000f", "0x0000001f",
+      "0x0000003f", "0x0000007f", "0x000000ff", "0x000001ff", "0x000003ff", "0x000007ff",
+      "0x00000fff", "0x00001fff", "0x00003fff", "0x00007fff", "0x0000ffff", "0x0001ffff",
+      "0x0003ffff", "0x0007ffff", "0x000fffff", "0x001fffff", "0x003fffff", "0x007fffff",
+      "0x00ffffff", "0x01ffffff", "0x03ffffff", "0x07ffffff", "0x0fffffff", "0x1fffffff",
+      "0x3fffffff", "0x7fffffff", "0xffffffff", "0x0001", "0x0002", "0x0004", "0x0008", "0x0010",
+      "0x0020", "0x0040", "0x0080", "0x0100", "0x0200", "0x0400", "0x0800", "0x1000", "0x2000",
+      "0x4000", "0x8000", "0x0003", "0x0007", "0x000f", "0x001f", "0x003f", "0x007f", "0x00ff",
+      "0x01ff", "0x03ff", "0x07ff", "0x0fff", "0x1fff", "0x3fff", "0x7fff", "0xffff", "0x01",
+      "0x02", "0x04", "0x08", "0x10", "0x20", "0x40", "0x80", "0x03", "0x07", "0x0f", "0x1f",
+      "0x3f", "0x7f", "0xff", "0x00", "100", "1000", "10000", "100000", "1000000", "10000000",
+      "100000000", "1000000000"
     ]
 }
 
diff --git a/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql b/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql
index b80f86cd810..c6d8d796309 100644
--- a/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql	
+++ b/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql	
@@ -72,12 +72,16 @@ predicate rebox(Assignment e, Variable v) {
 
 from Expr e, string conv
 where
-  boxed(e) and conv = "This expression is implicitly boxed."
-  or
-  unboxed(e) and conv = "This expression is implicitly unboxed."
-  or
-  exists(Variable v | rebox(e, v) |
-    conv =
-      "This expression implicitly unboxes, updates, and reboxes the value of '" + v.getName() + "'."
+  e.getFile().isJavaSourceFile() and
+  (
+    boxed(e) and conv = "This expression is implicitly boxed."
+    or
+    unboxed(e) and conv = "This expression is implicitly unboxed."
+    or
+    exists(Variable v | rebox(e, v) |
+      conv =
+        "This expression implicitly unboxes, updates, and reboxes the value of '" + v.getName() +
+          "'."
+    )
   )
 select e, conv
diff --git a/java/ql/src/change-notes/2022-11-03-regex-injection.md b/java/ql/src/change-notes/2022-11-03-regex-injection.md
new file mode 100644
index 00000000000..759aa2a86e1
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-03-regex-injection.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* The query, `java/regex-injection`, has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @edvraa](https://github.com/github/codeql/pull/5704).
diff --git a/java/ql/src/change-notes/2022-11-12-android-webview-file-access.md b/java/ql/src/change-notes/2022-11-12-android-webview-file-access.md
new file mode 100644
index 00000000000..3e8777e60cd
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-12-android-webview-file-access.md
@@ -0,0 +1,5 @@
+---
+category: newQuery
+---
+* Added a new query `java/android-websettings-file-access` to detect configurations that enable file system access in Android WebViews.
+
diff --git a/java/ql/src/change-notes/2022-11-12-websettings-setjavascript-enabled.md b/java/ql/src/change-notes/2022-11-12-websettings-setjavascript-enabled.md
new file mode 100644
index 00000000000..58579f006c4
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-12-websettings-setjavascript-enabled.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `java/android-websettings-javascript-enabled`, to detect if JavaScript execution is enabled in an Android WebView.
diff --git a/java/ql/src/change-notes/2022-11-21-disabled-maven-repositories.md b/java/ql/src/change-notes/2022-11-21-disabled-maven-repositories.md
new file mode 100644
index 00000000000..5d060b06076
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-21-disabled-maven-repositories.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/maven/non-https-url` no longer alerts about disabled repositories.
diff --git a/java/ql/src/change-notes/2022-11-22-bitwise-implicit-intent-flags.md b/java/ql/src/change-notes/2022-11-22-bitwise-implicit-intent-flags.md
new file mode 100644
index 00000000000..20612e86325
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-22-bitwise-implicit-intent-flags.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed an issue in the query `java/android/implicit-pendingintents` by which an implicit Pending Intent marked as immutable was not correctly recognized as such.
diff --git a/java/ql/src/change-notes/2022-11-25-NamingConventionsRefTypes-kotlin.md b/java/ql/src/change-notes/2022-11-25-NamingConventionsRefTypes-kotlin.md
new file mode 100644
index 00000000000..c99d7168297
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-25-NamingConventionsRefTypes-kotlin.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/misnamed-type` is now enabled for Kotlin.
diff --git a/java/ql/src/change-notes/2022-11-25-NonSerializableField-kotlin.md b/java/ql/src/change-notes/2022-11-25-NonSerializableField-kotlin.md
new file mode 100644
index 00000000000..25977b2e807
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-25-NonSerializableField-kotlin.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/non-serializable-field` is now enabled for Kotlin.
diff --git a/java/ql/src/change-notes/2022-12-01-supported-external-apis-query.md b/java/ql/src/change-notes/2022-12-01-supported-external-apis-query.md
new file mode 100644
index 00000000000..83bfcf96e20
--- /dev/null
+++ b/java/ql/src/change-notes/2022-12-01-supported-external-apis-query.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `java/telemetry/supported-external-api`, to detect supported 3rd party APIs used in a codebase.
diff --git a/java/ql/src/change-notes/2022-12-12-java-mad-metrics-query.md b/java/ql/src/change-notes/2022-12-12-java-mad-metrics-query.md
new file mode 100644
index 00000000000..8d4dd5d77e1
--- /dev/null
+++ b/java/ql/src/change-notes/2022-12-12-java-mad-metrics-query.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `java/summary/generated-vs-manual-coverage`, to expose metrics for the number of API endpoints covered by generated versus manual MaD models.
diff --git a/java/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md b/java/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md
new file mode 100644
index 00000000000..39532da22c8
--- /dev/null
+++ b/java/ql/src/change-notes/2022-12-15-rename-mad-extensibles.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The extensible predicates for Models as Data have been renamed (the `ext` prefix has been removed). As an example `extSummaryModel` has been renamed to `summaryModel`.
\ No newline at end of file
diff --git a/java/ql/src/change-notes/2022-10-19-insufficient-key-size.md b/java/ql/src/change-notes/released/0.4.4.md
similarity index 58%
rename from java/ql/src/change-notes/2022-10-19-insufficient-key-size.md
rename to java/ql/src/change-notes/released/0.4.4.md
index e117b5b5941..849452aa9c0 100644
--- a/java/ql/src/change-notes/2022-10-19-insufficient-key-size.md
+++ b/java/ql/src/change-notes/released/0.4.4.md
@@ -1,4 +1,6 @@
----
-category: newQuery
----
+## 0.4.4
+
+### New Queries
+
 * The query `java/insufficient-key-size` has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4926).
+* Added a new query, `java/android/sensitive-keyboard-cache`, to detect instances of sensitive information possibly being saved to the Android keyboard cache.
diff --git a/java/ql/src/change-notes/released/0.4.5.md b/java/ql/src/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/java/ql/src/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/java/ql/src/change-notes/released/0.4.6.md b/java/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..ae160f06a20
--- /dev/null
+++ b/java/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,5 @@
+## 0.4.6
+
+### Minor Analysis Improvements
+
+* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results.
diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
index 7b70a2e47d9..369833a4df2 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
@@ -19,159 +19,8 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.ExternalFlow
 import DataFlow::PathGraph
 
-private class Log4jLoggingSinkModels extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        // org.apache.logging.log4j.Logger
-        "org.apache.logging.log4j;Logger;true;" +
-          ["debug", "error", "fatal", "info", "trace", "warn"] +
-          [
-            ";(CharSequence);;Argument[0];log4j;manual",
-            ";(CharSequence,Throwable);;Argument[0];log4j;manual",
-            ";(Marker,CharSequence);;Argument[1];log4j;manual",
-            ";(Marker,CharSequence,Throwable);;Argument[1];log4j;manual",
-            ";(Marker,Message);;Argument[1];log4j;manual",
-            ";(Marker,MessageSupplier);;Argument[1];log4j;manual",
-            ";(Marker,MessageSupplier);;Argument[1];log4j;manual",
-            ";(Marker,MessageSupplier,Throwable);;Argument[1];log4j;manual",
-            ";(Marker,Object);;Argument[1];log4j;manual",
-            ";(Marker,Object,Throwable);;Argument[1];log4j;manual",
-            ";(Marker,String);;Argument[1];log4j;manual",
-            ";(Marker,String,Object[]);;Argument[1..2];log4j;manual",
-            ";(Marker,String,Object);;Argument[1..2];log4j;manual",
-            ";(Marker,String,Object,Object);;Argument[1..3];log4j;manual",
-            ";(Marker,String,Object,Object,Object);;Argument[1..4];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object);;Argument[1..5];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object);;Argument[1..6];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];log4j;manual",
-            ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];log4j;manual",
-            ";(Marker,String,Supplier);;Argument[1..2];log4j;manual",
-            ";(Marker,String,Throwable);;Argument[1];log4j;manual",
-            ";(Marker,Supplier);;Argument[1];log4j;manual",
-            ";(Marker,Supplier,Throwable);;Argument[1];log4j;manual",
-            ";(MessageSupplier);;Argument[0];log4j;manual",
-            ";(MessageSupplier,Throwable);;Argument[0];log4j;manual",
-            ";(Message);;Argument[0];log4j;manual",
-            ";(Message,Throwable);;Argument[0];log4j;manual", ";(Object);;Argument[0];log4j;manual",
-            ";(Object,Throwable);;Argument[0];log4j;manual", ";(String);;Argument[0];log4j;manual",
-            ";(String,Object[]);;Argument[0..1];log4j;manual",
-            ";(String,Object);;Argument[0..1];log4j;manual",
-            ";(String,Object,Object);;Argument[0..2];log4j;manual",
-            ";(String,Object,Object,Object);;Argument[0..3];log4j;manual",
-            ";(String,Object,Object,Object,Object);;Argument[0..4];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object);;Argument[0..5];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];log4j;manual",
-            ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];log4j;manual",
-            ";(String,Supplier);;Argument[0..1];log4j;manual",
-            ";(String,Throwable);;Argument[0];log4j;manual",
-            ";(Supplier);;Argument[0];log4j;manual",
-            ";(Supplier,Throwable);;Argument[0];log4j;manual"
-          ],
-        "org.apache.logging.log4j;Logger;true;log" +
-          [
-            ";(Level,CharSequence);;Argument[1];log4j;manual",
-            ";(Level,CharSequence,Throwable);;Argument[1];log4j;manual",
-            ";(Level,Marker,CharSequence);;Argument[2];log4j;manual",
-            ";(Level,Marker,CharSequence,Throwable);;Argument[2];log4j;manual",
-            ";(Level,Marker,Message);;Argument[2];log4j;manual",
-            ";(Level,Marker,MessageSupplier);;Argument[2];log4j;manual",
-            ";(Level,Marker,MessageSupplier);;Argument[2];log4j;manual",
-            ";(Level,Marker,MessageSupplier,Throwable);;Argument[2];log4j;manual",
-            ";(Level,Marker,Object);;Argument[2];log4j;manual",
-            ";(Level,Marker,Object,Throwable);;Argument[2];log4j;manual",
-            ";(Level,Marker,String);;Argument[2];log4j;manual",
-            ";(Level,Marker,String,Object[]);;Argument[2..3];log4j;manual",
-            ";(Level,Marker,String,Object);;Argument[2..3];log4j;manual",
-            ";(Level,Marker,String,Object,Object);;Argument[2..4];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object);;Argument[2..5];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object);;Argument[2..6];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object);;Argument[2..7];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object);;Argument[2..8];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[2..9];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..10];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..11];log4j;manual",
-            ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..12];log4j;manual",
-            ";(Level,Marker,String,Supplier);;Argument[2..3];log4j;manual",
-            ";(Level,Marker,String,Throwable);;Argument[2];log4j;manual",
-            ";(Level,Marker,Supplier);;Argument[2];log4j;manual",
-            ";(Level,Marker,Supplier,Throwable);;Argument[2];log4j;manual",
-            ";(Level,Message);;Argument[1];log4j;manual",
-            ";(Level,MessageSupplier);;Argument[1];log4j;manual",
-            ";(Level,MessageSupplier,Throwable);;Argument[1];log4j;manual",
-            ";(Level,Message);;Argument[1];log4j;manual",
-            ";(Level,Message,Throwable);;Argument[1];log4j;manual",
-            ";(Level,Object);;Argument[1];log4j;manual",
-            ";(Level,Object);;Argument[1];log4j;manual",
-            ";(Level,String);;Argument[1];log4j;manual",
-            ";(Level,Object,Throwable);;Argument[1];log4j;manual",
-            ";(Level,String);;Argument[1];log4j;manual",
-            ";(Level,String,Object[]);;Argument[1..2];log4j;manual",
-            ";(Level,String,Object);;Argument[1..2];log4j;manual",
-            ";(Level,String,Object,Object);;Argument[1..3];log4j;manual",
-            ";(Level,String,Object,Object,Object);;Argument[1..4];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object);;Argument[1..5];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object);;Argument[1..6];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];log4j;manual",
-            ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];log4j;manual",
-            ";(Level,String,Supplier);;Argument[1..2];log4j;manual",
-            ";(Level,String,Throwable);;Argument[1];log4j;manual",
-            ";(Level,Supplier);;Argument[1];log4j;manual",
-            ";(Level,Supplier,Throwable);;Argument[1];log4j;manual"
-          ], "org.apache.logging.log4j;Logger;true;entry;(Object[]);;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;Logger;true;logMessage;(Level,Marker,String,StackTraceElement,Message,Throwable);;Argument[4];log4j;manual",
-        "org.apache.logging.log4j;Logger;true;printf;(Level,Marker,String,Object[]);;Argument[2..3];log4j;manual",
-        "org.apache.logging.log4j;Logger;true;printf;(Level,String,Object[]);;Argument[1..2];log4j;manual",
-        // org.apache.logging.log4j.LogBuilder
-        "org.apache.logging.log4j;LogBuilder;true;log;(CharSequence);;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Message);;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Object);;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String);;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object[]);;Argument[0..1];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object);;Argument[0..1];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object);;Argument[0..2];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object);;Argument[0..3];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object);;Argument[0..4];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object);;Argument[0..5];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(String,Supplier[]);;Argument[0..1];log4j;manual",
-        "org.apache.logging.log4j;LogBuilder;true;log;(Supplier);;Argument[0];log4j;manual",
-        // org.apache.logging.log4j.ThreadContext
-        "org.apache.logging.log4j;ThreadContext;false;put;;;Argument[1];log4j;manual",
-        "org.apache.logging.log4j;ThreadContext;false;putIfNull;;;Argument[1];log4j;manual",
-        "org.apache.logging.log4j;ThreadContext;false;putAll;;;Argument[0];log4j;manual",
-        // org.apache.logging.log4j.CloseableThreadContext
-        "org.apache.logging.log4j;CloseableThreadContext;false;put;;;Argument[1];log4j;manual",
-        "org.apache.logging.log4j;CloseableThreadContext;false;putAll;;;Argument[0];log4j;manual",
-        "org.apache.logging.log4j;CloseableThreadContext$Instance;false;put;;;Argument[1];log4j;manual",
-        "org.apache.logging.log4j;CloseableThreadContext$Instance;false;putAll;;;Argument[0];log4j;manual",
-      ]
-  }
-}
-
-class Log4jInjectionSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.apache.logging.log4j.message;MapMessage;true;with;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.logging.log4j.message;MapMessage;true;with;;;Argument[-1];ReturnValue;value;manual",
-        "org.apache.logging.log4j.message;MapMessage;true;put;;;Argument[1];Argument[-1];taint;manual",
-        "org.apache.logging.log4j.message;MapMessage;true;putAll;;;Argument[0].MapValue;Argument[-1];taint;manual",
-      ]
-  }
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "log4j-injection" }
 }
 
 /** A data flow sink for unvalidated user input that is used to log messages. */
diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
index fff9a3b3613..9c976c8dce7 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
@@ -12,12 +12,17 @@
  */
 
 import java
+import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.PathCreation
 import JFinalController
 import semmle.code.java.security.PathSanitizer
 import DataFlow::PathGraph
 
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "file-path-injection" }
+}
+
 /** A complementary sanitizer that protects against path traversal using path normalization. */
 class PathNormalizeSanitizer extends MethodAccess {
   PathNormalizeSanitizer() {
diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll b/java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll
index df3b77cddaa..035039046f1 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll
@@ -1,5 +1,4 @@
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 
 /** The class `com.jfinal.core.Controller`. */
@@ -61,24 +60,3 @@ private class SetToGetAttributeStep extends AdditionalValueStep {
     )
   }
 }
-
-/** Remote flow source models relating to `JFinal`. */
-private class JFinalControllerSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "com.jfinal.core;Controller;true;getCookie" + ["", "Object", "Objects", "ToInt", "ToLong"] +
-          ";;;ReturnValue;remote;manual",
-        "com.jfinal.core;Controller;true;getFile" + ["", "s"] + ";;;ReturnValue;remote;manual",
-        "com.jfinal.core;Controller;true;getHeader;;;ReturnValue;remote;manual",
-        "com.jfinal.core;Controller;true;getKv;;;ReturnValue;remote;manual",
-        "com.jfinal.core;Controller;true;getPara" +
-          [
-            "", "Map", "ToBoolean", "ToDate", "ToInt", "ToLong", "Values", "ValuesToInt",
-            "ValuesToLong"
-          ] + ";;;ReturnValue;remote;manual",
-        "com.jfinal.core;Controller;true;get" + ["", "Int", "Long", "Boolean", "Date"] +
-          ";;;ReturnValue;remote;manual"
-      ]
-  }
-}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
index 3351af22a25..b6bc910484b 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
@@ -86,7 +86,7 @@ bindingset[unsafeExpression]
 predicate isMybatisCollectionTypeSqlInjection(
   DataFlow::Node node, MethodAccess ma, string unsafeExpression
 ) {
-  not unsafeExpression.regexpMatch("\\$\\{" + getAMybatisConfigurationVariableKey() + "\\}") and
+  not unsafeExpression.regexpMatch("\\$\\{\\s*" + getAMybatisConfigurationVariableKey() + "\\s*\\}") and
   // The parameter type of the MyBatis method parameter is Map or List or Array.
   // SQL injection vulnerability caused by improper use of this parameter.
   // e.g.
@@ -120,7 +120,7 @@ bindingset[unsafeExpression]
 predicate isMybatisXmlOrAnnotationSqlInjection(
   DataFlow::Node node, MethodAccess ma, string unsafeExpression
 ) {
-  not unsafeExpression.regexpMatch("\\$\\{" + getAMybatisConfigurationVariableKey() + "\\}") and
+  not unsafeExpression.regexpMatch("\\$\\{\\s*" + getAMybatisConfigurationVariableKey() + "\\s*\\}") and
   (
     // The method parameters use `@Param` annotation. Due to improper use of this parameter, SQL injection vulnerabilities are caused.
     // e.g.
@@ -128,16 +128,23 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
     // ```java
     //    @Select(select id,name from test order by ${orderby,jdbcType=VARCHAR})
     //    void test(@Param("orderby") String name);
+    //
+    //    @Select(select id,name from test where name = ${ user . name })
+    //    void test(@Param("user") User u);
     // ```
     exists(Annotation annotation |
       unsafeExpression
-          .matches("${" + annotation.getValue("value").(CompileTimeConstantExpr).getStringValue() +
-              "%}") and
+          .regexpMatch("\\$\\{\\s*" +
+              annotation.getValue("value").(CompileTimeConstantExpr).getStringValue() +
+              "\\b[^}]*\\}") and
       annotation.getType() instanceof TypeParam and
-      ma.getAnArgument() = node.asExpr()
+      ma.getAnArgument() = node.asExpr() and
+      annotation.getTarget() =
+        ma.getMethod().getParameter(node.asExpr().(Argument).getParameterPos())
     )
     or
     // MyBatis default parameter sql injection vulnerabilities.the default parameter form of the method is arg[0...n] or param[1...n].
+    // When compiled with '-parameters' compiler option, the parameter can be reflected in SQL statement as named in method signature.
     // e.g.
     //
     // ```java
@@ -147,9 +154,12 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
     exists(int i |
       not ma.getMethod().getParameter(i).getAnAnnotation().getType() instanceof TypeParam and
       (
-        unsafeExpression.matches("${param" + (i + 1) + "%}")
+        unsafeExpression.regexpMatch("\\$\\{\\s*param" + (i + 1) + "\\b[^}]*\\}")
         or
-        unsafeExpression.matches("${arg" + i + "%}")
+        unsafeExpression.regexpMatch("\\$\\{\\s*arg" + i + "\\b[^}]*\\}")
+        or
+        unsafeExpression
+            .regexpMatch("\\$\\{\\s*" + ma.getMethod().getParameter(i).getName() + "\\b[^}]*\\}")
       ) and
       ma.getArgument(i) = node.asExpr()
     )
@@ -164,7 +174,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
     exists(int i, RefType t |
       not ma.getMethod().getParameter(i).getAnAnnotation().getType() instanceof TypeParam and
       ma.getMethod().getParameterType(i).getName() = t.getName() and
-      unsafeExpression.matches("${" + t.getAField().getName() + "%}") and
+      unsafeExpression.regexpMatch("\\$\\{\\s*" + t.getAField().getName() + "\\b[^}]*\\}") and
       ma.getArgument(i) = node.asExpr()
     )
     or
diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll
index 44e0d7fd96f..bd177b30213 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll
@@ -6,6 +6,10 @@ private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSteps
 private import semmle.code.java.frameworks.android.WebView
 
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "android-web-resource-response" }
+}
+
 /**
  * The Android class `android.webkit.WebResourceRequest` for handling web requests.
  */
@@ -68,14 +72,3 @@ private class FetchUrlStep extends AdditionalValueStep {
     )
   }
 }
-
-/** Value/taint steps relating to url loading and file reading in an Android application. */
-private class LoadUrlSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.io;FileInputStream;true;FileInputStream;;;Argument[0];Argument[-1];taint;manual",
-        "android.webkit;WebResourceRequest;false;getUrl;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
index c3af26f8ff4..a6d2049bd16 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
@@ -1,5 +1,5 @@
 /**
- * @name Disabled ceritificate revocation checking
+ * @name Disabled certificate revocation checking
  * @description Using revoked certificates is dangerous.
  *              Therefore, revocation status of certificates in a chain should be checked.
  * @kind path-problem
diff --git a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll
index b16142f3856..09db11dd40b 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll
@@ -6,6 +6,10 @@ import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "hardcoded-jwt-key" }
+}
+
 /** The class `com.auth0.jwt.JWT`. */
 class Jwt extends RefType {
   Jwt() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
@@ -125,21 +129,3 @@ class HardcodedJwtKeyConfiguration extends TaintTracking::Configuration {
     )
   }
 }
-
-/** Taint model related to verifying JWT tokens. */
-private class VerificationFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "com.auth0.jwt.interfaces;Verification;true;build;;;Argument[-1];ReturnValue;taint;manual",
-        "com.auth0.jwt.interfaces;Verification;true;" +
-          ["acceptLeeway", "acceptExpiresAt", "acceptNotBefore", "acceptIssuedAt", "ignoreIssuedAt"]
-          + ";;;Argument[-1];ReturnValue;value;manual",
-        "com.auth0.jwt.interfaces;Verification;true;with" +
-          [
-            "Issuer", "Subject", "Audience", "AnyOfAudience", "ClaimPresence", "Claim",
-            "ArrayClaim", "JWTId"
-          ] + ";;;Argument[-1];ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
index 5e4df693a00..39d27be133b 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
@@ -81,8 +81,7 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink {
 }
 
 /** A data flow sink for sql operation. */
-private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink {
-  SqlOperationSink() { this instanceof QueryInjectionSink }
+private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink instanceof QueryInjectionSink {
 }
 
 /** A method that split string. */
diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp
new file mode 100644
index 00000000000..bf0c2d4ef2f
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp
@@ -0,0 +1,48 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+
+<overview>
+<p>The <code>Thread.sleep</code> method is used to pause the execution of current thread for 
+specified time. When the sleep time is user-controlled, especially in the web application context, 
+it can be abused to cause all of a server's threads to sleep, leading to denial of service.</p>
+</overview>
+
+<recommendation>
+<p>To guard against this attack, consider specifying an upper range of allowed sleep time or adopting
+the producer/consumer design pattern with <code>Object.wait</code> method to avoid performance 
+problems or even resource exhaustion. For more information, refer to the concurrency tutorial of Oracle
+listed below or <code>java/ql/src/Likely Bugs/Concurrency</code> queries of CodeQL.</p>
+</recommendation>
+
+<example>
+<p>The following example shows a bad situation and a good situation respectively. In the bad situation,
+a thread sleep time comes directly from user input. In the good situation, an upper 
+range check on the maximum sleep time allowed is enforced.</p>
+<sample src="ThreadResourceAbuse.java" />
+</example>
+
+<references>
+<li>
+Snyk:
+<a href="https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGWTUPLOAD-569506">Denial of Service (DoS)
+in com.googlecode.gwtupload:gwtupload</a>.
+</li>
+<li>
+gwtupload:
+<a href="https://github.com/manolo/gwtupload/issues/33">[Fix DOS issue] Updating the 
+AbstractUploadListener.java file</a>.
+</li>
+<li>
+The blog of a gypsy engineer:
+<a href="https://blog.gypsyengineer.com/en/security/cve-2019-17555-dos-via-retry-after-header-in-apache-olingo.html">
+CVE-2019-17555: DoS via Retry-After header in Apache Olingo</a>.
+</li>
+<li>
+Oracle:
+<a href="https://docs.oracle.com/javase/tutorial/essential/concurrency/guardmeth.html">The Java Concurrency Tutorials</a>
+</li>
+</references>
+</qhelp>
diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
index 3c3c58da449..f66235994b0 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
@@ -3,7 +3,7 @@
  * @description Using user input directly to control a thread's sleep time could lead to
  *              performance problems or even resource exhaustion.
  * @kind path-problem
- * @id java/thread-resource-abuse
+ * @id java/local-thread-resource-abuse
  * @problem.severity recommendation
  * @tags security
  *       external/cwe/cwe-400
diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll
index e4dd7458951..3201f9483e4 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll
@@ -6,26 +6,8 @@ private import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.FlowSteps
 import semmle.code.java.controlflow.Guards
 
-/** `java.lang.Math` data model for value comparison in the new CSV format. */
-private class MathCompDataModel extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.lang;Math;false;min;;;Argument[0..1];ReturnValue;value;manual",
-        "java.lang;Math;false;max;;;Argument[0..1];ReturnValue;value;manual"
-      ]
-  }
-}
-
-/** Thread pause data model in the new CSV format. */
-private class PauseThreadDataModel extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.lang;Thread;true;sleep;;;Argument[0];thread-pause;manual",
-        "java.util.concurrent;TimeUnit;true;sleep;;;Argument[0];thread-pause;manual"
-      ]
-  }
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "thread-resource-abuse" }
 }
 
 /** A sink representing methods pausing a thread. */
diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
index aa2999a9955..bff6a0a3893 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
@@ -6,6 +6,10 @@ private import semmle.code.java.dataflow.StringPrefixes
 private import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
 private import experimental.semmle.code.java.frameworks.SpringResource
 
+private class ActiveModels extends ActiveExperimentalModels {
+  ActiveModels() { this = "unsafe-url-forward" }
+}
+
 /** A sink for unsafe URL forward vulnerabilities. */
 abstract class UnsafeUrlForwardSink extends DataFlow::Node { }
 
@@ -161,52 +165,3 @@ private class SpringUrlForwardSink extends UnsafeUrlForwardSink {
     this.asExpr() = any(ForwardPrefix fp).getAnAppendedExpression()
   }
 }
-
-/** Source model of remote flow source from `getServletPath`. */
-private class ServletGetPathSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.servlet.http;HttpServletRequest;true;getServletPath;;;ReturnValue;remote;manual",
-        "jakarta.servlet.http;HttpServletRequest;true;getServletPath;;;ReturnValue;remote;manual"
-      ]
-  }
-}
-
-/** Taint model related to `java.nio.file.Path` and `io.undertow.server.handlers.resource.Resource`. */
-private class FilePathFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual",
-        "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual",
-        "io.undertow.server.handlers.resource;Resource;true;getFile;;;Argument[-1];ReturnValue;taint;manual",
-        "io.undertow.server.handlers.resource;Resource;true;getFilePath;;;Argument[-1];ReturnValue;taint;manual",
-        "io.undertow.server.handlers.resource;Resource;true;getPath;;;Argument[-1];ReturnValue;taint;manual"
-      ]
-  }
-}
-
-/** Taint models related to resource loading in Spring. */
-private class LoadSpringResourceFlowStep extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "org.springframework.core.io;ClassPathResource;false;ClassPathResource;;;Argument[0];Argument[-1];taint;manual",
-        "org.springframework.core.io;ResourceLoader;true;getResource;;;Argument[0];ReturnValue;taint;manual",
-        "org.springframework.core.io;Resource;true;createRelative;;;Argument[0];ReturnValue;taint;manual"
-      ]
-  }
-}
-
-/** Sink models for methods that load Spring resources. */
-private class SpringResourceCsvSink extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      // Get spring resource
-      "org.springframework.core.io;ClassPathResource;true;" +
-        ["getFilename", "getPath", "getURL", "resolveURL"] + ";;;Argument[-1];get-resource;manual"
-  }
-}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
index 21a44ebbb8f..e1c802c0245 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
@@ -8,6 +8,10 @@ import semmle.code.java.controlflow.Guards
 import semmle.code.java.security.UrlRedirect
 import Regex
 
+private class ActivateModels extends ActiveExperimentalModels {
+  ActivateModels() { this = "permissive-dot-regex-query" }
+}
+
 /** A string that ends with `.*` not prefixed with `\`. */
 private class PermissiveDotStr extends StringLiteral {
   PermissiveDotStr() {
@@ -19,20 +23,6 @@ private class PermissiveDotStr extends StringLiteral {
   }
 }
 
-/** Remote flow sources obtained from the URI of a servlet request. */
-private class GetServletUriSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "javax.servlet.http;HttpServletRequest;false;getPathInfo;();;ReturnValue;uri-path;manual",
-        "javax.servlet.http;HttpServletRequest;false;getPathTranslated;();;ReturnValue;uri-path;manual",
-        "javax.servlet.http;HttpServletRequest;false;getRequestURI;();;ReturnValue;uri-path;manual",
-        "javax.servlet.http;HttpServletRequest;false;getRequestURL;();;ReturnValue;uri-path;manual",
-        "javax.servlet.http;HttpServletRequest;false;getServletPath;();;ReturnValue;uri-path;manual"
-      ]
-  }
-}
-
 /** The qualifier of a request dispatch method call. */
 private class UrlDispatchSink extends UrlRedirectSink {
   UrlDispatchSink() {
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.java b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.java
deleted file mode 100644
index 387648a443e..00000000000
--- a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package com.example.demo;
-
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
-
-@RestController
-public class DemoApplication {
-
-    @GetMapping("/string1")
-    public String string1(@RequestParam(value = "input", defaultValue = "test") String input,
-                          @RequestParam(value = "pattern", defaultValue = ".*") String pattern) {
-        // BAD: Unsanitized user input is used to construct a regular expression
-        if (input.matches("^" + pattern + "=.*$"))
-            return "match!";
-
-        return "doesn't match!";
-    }
-
-    @GetMapping("/string2")
-    public String string2(@RequestParam(value = "input", defaultValue = "test") String input,
-                          @RequestParam(value = "pattern", defaultValue = ".*") String pattern) {
-        // GOOD: User input is sanitized before constructing the regex
-        if (input.matches("^" + escapeSpecialRegexChars(pattern) + "=.*$"))
-            return "match!";
-
-        return "doesn't match!";
-    }
-
-    Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\]><-=!.+*?^$\\\\|]");
-
-    String escapeSpecialRegexChars(String str) {
-        return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
-    }
-}
\ No newline at end of file
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
deleted file mode 100644
index f60e5d9070b..00000000000
--- a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * @name Regular expression injection
- * @description User input should not be used in regular expressions without first being sanitized,
- *              otherwise a malicious user may be able to provide a regex that could require
- *              exponential time on certain inputs.
- * @kind path-problem
- * @problem.severity error
- * @precision high
- * @id java/regex-injection
- * @tags security
- *       external/cwe/cwe-730
- *       external/cwe/cwe-400
- */
-
-import java
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking
-import DataFlow::PathGraph
-
-/**
- * A data flow sink for untrusted user input used to construct regular expressions.
- */
-class RegexSink extends DataFlow::ExprNode {
-  RegexSink() {
-    exists(MethodAccess ma, Method m | m = ma.getMethod() |
-      (
-        m.getDeclaringType() instanceof TypeString and
-        (
-          ma.getArgument(0) = this.asExpr() and
-          m.hasName(["matches", "split", "replaceFirst", "replaceAll"])
-        )
-        or
-        m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
-        (
-          ma.getArgument(0) = this.asExpr() and
-          m.hasName(["compile", "matches"])
-        )
-        or
-        m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RegExUtils") and
-        (
-          ma.getArgument(1) = this.asExpr() and
-          m.getParameterType(1) instanceof TypeString and
-          m.hasName([
-              "removeAll", "removeFirst", "removePattern", "replaceAll", "replaceFirst",
-              "replacePattern"
-            ])
-        )
-      )
-    )
-  }
-}
-
-abstract class Sanitizer extends DataFlow::ExprNode { }
-
-/**
- * A call to a function whose name suggests that it escapes regular
- * expression meta-characters.
- */
-class RegExpSanitizationCall extends Sanitizer {
-  RegExpSanitizationCall() {
-    exists(string calleeName, string sanitize, string regexp |
-      calleeName = this.asExpr().(Call).getCallee().getName() and
-      sanitize = "(?:escape|saniti[sz]e)" and
-      regexp = "regexp?"
-    |
-      calleeName
-          .regexpMatch("(?i)(" + sanitize + ".*" + regexp + ".*)" + "|(" + regexp + ".*" + sanitize +
-              ".*)")
-    )
-  }
-}
-
-/**
- * A taint-tracking configuration for untrusted user input used to construct regular expressions.
- */
-class RegexInjectionConfiguration extends TaintTracking::Configuration {
-  RegexInjectionConfiguration() { this = "RegexInjectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof RegexSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
-from DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c
-where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
-  source.getNode(), "user-provided value"
diff --git a/java/ql/src/experimental/semmle/code/java/frameworks/SpringResource.qll b/java/ql/src/experimental/semmle/code/java/frameworks/SpringResource.qll
index e8c86a26512..a4f53284d5d 100644
--- a/java/ql/src/experimental/semmle/code/java/frameworks/SpringResource.qll
+++ b/java/ql/src/experimental/semmle/code/java/frameworks/SpringResource.qll
@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 
 /** A utility class for resolving resource locations to files in the file system in the Spring framework. */
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
index 87267893413..9017221edc3 100644
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: 
   - java
   - queries
diff --git a/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll b/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll
index 046debc5019..f90bbf2c908 100644
--- a/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll
+++ b/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll
@@ -12,7 +12,7 @@ private import FlowTestCaseSupportMethods
 
 /**
  * A CSV row to generate tests for. Users should extend this to define which
- * tests to generate. Rows specified here should also satisfy `SummaryModelCsv.row`.
+ * tests to generate. There should already exist summaries for the rows specified here.
  */
 class TargetSummaryModelCsv extends Unit {
   /**
@@ -21,12 +21,32 @@ class TargetSummaryModelCsv extends Unit {
   abstract predicate row(string r);
 }
 
+/** Holds if a summary model `row` exists for the given parameters. */
+bindingset[row]
+predicate summaryModelRow(
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance, string row
+) {
+  summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) and
+  row =
+    package + ";" //
+      + type + ";" //
+      + subtypes.toString() + ";" //
+      + name + ";" //
+      + signature + ";" //
+      + ext + ";" //
+      + input + ";" //
+      + output + ";" //
+      + kind + ";" //
+      + provenance
+}
+
 /**
- * Gets a CSV row for which a test has been requested, but `SummaryModelCsv.row` does not hold of it.
+ * Gets a CSV row for which a test has been requested, but where a summary has not already been defined.
  */
-query string missingSummaryModelCsv() {
+query string missingSummaryModel() {
   any(TargetSummaryModelCsv target).row(result) and
-  not any(SummaryModelCsv model).row(result)
+  not summaryModelRow(_, _, _, _, _, _, _, _, _, _, result)
 }
 
 /**
@@ -64,8 +84,8 @@ private newtype TTestCase =
       string inputSpec, string outputSpec
     |
       any(TargetSummaryModelCsv tsmc).row(row) and
-      summaryModel(namespace, type, subtypes, name, signature, ext, inputSpec, outputSpec, kind, _,
-        row) and
+      summaryModelRow(namespace, type, subtypes, name, signature, ext, inputSpec, outputSpec, kind,
+        _, row) and
       callable = interpretElement(namespace, type, subtypes, name, signature, ext) and
       Private::External::interpretSpec(inputSpec, input) and
       Private::External::interpretSpec(outputSpec, output)
diff --git a/java/ql/src/utils/flowtestcasegenerator/FlowTestCaseSupportMethods.qll b/java/ql/src/utils/flowtestcasegenerator/FlowTestCaseSupportMethods.qll
index 713c484ff4b..437923c1d1b 100644
--- a/java/ql/src/utils/flowtestcasegenerator/FlowTestCaseSupportMethods.qll
+++ b/java/ql/src/utils/flowtestcasegenerator/FlowTestCaseSupportMethods.qll
@@ -4,7 +4,6 @@
 
 import java
 private import semmle.code.java.dataflow.internal.DataFlowUtil
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSummary
 private import semmle.code.java.dataflow.internal.FlowSummaryImpl
 private import FlowTestCaseUtils
@@ -97,12 +96,12 @@ abstract class SupportMethod extends string {
   int getPriority() { result = 50 }
 
   /**
-   * Gets the CSV row describing this support method if it is needed to set up the output for this test.
+   * Gets the data extension row describing this support method if it is needed to set up the output for this test.
    *
-   * For example, `newWithMapValue` will propagate a value from `Argument[0]` to `MapValue of ReturnValue`, and `getMapValue`
+   * For example, `newWithMapValue` will propagate a value from `Argument[0]` to `ReturnValue.MapValue`, and `getMapValue`
    * will do the opposite.
    */
-  string getCsvModel() { none() }
+  string getDataExtensionModel() { none() }
 }
 
 /**
@@ -162,10 +161,11 @@ private class DefaultGetMethod extends GetMethod {
     result = "Object get" + contentToken(c) + "Default(Object container) { return null; }"
   }
 
-  override string getCsvModel() {
+  override string getDataExtensionModel() {
     result =
-      "generatedtest;Test;false;" + this.getName() + ";(Object);;" +
-        getComponentSpec(SummaryComponent::content(c)) + "Argument[0].;ReturnValue;value;manual"
+      "\"generatedtest\", \"Test\", False, \"" + this.getName() +
+        "\", \"(Object)\", \"\", \"Argument[0]." + getComponentSpec(SummaryComponent::content(c)) +
+        "\", \"ReturnValue\", \"value\", \"manual\""
   }
 }
 
@@ -358,10 +358,11 @@ private class DefaultGenMethod extends GenMethod {
     result = "Object newWith" + contentToken(c) + "Default(Object element) { return null; }"
   }
 
-  override string getCsvModel() {
+  override string getDataExtensionModel() {
     result =
-      "generatedtest;Test;false;" + this.getName() + ";(Object);;Argument[0];" +
-        getComponentSpec(SummaryComponent::content(c)) + "ReturnValue.;value;manual"
+      "\"generatedtest\", \"Test\", False, \"" + this.getName() +
+        "\", \"(Object)\", \"\", \"Argument[0]\", \"ReturnValue." +
+        getComponentSpec(SummaryComponent::content(c)) + "\", \"value\", \"manual\""
   }
 }
 
diff --git a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py
index 38d90830bf5..fb10c934afd 100755
--- a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py
+++ b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py
@@ -16,7 +16,7 @@ if any(s == "--help" for s in sys.argv):
 GenerateFlowTestCase.py specsToTest.csv projectPom.xml outdir [--force]
 
 This generates test cases exercising function model specifications found in specsToTest.csv
-producing files Test.java, test.ql and test.expected in outdir.
+producing files Test.java, test.ql, test.ext.yml and test.expected in outdir.
 
 projectPom.xml should be a Maven pom sufficient to resolve the classes named in specsToTest.csv.
 Typically this means supplying a skeleton POM <dependencies> section that retrieves whatever jars
@@ -24,7 +24,9 @@ contain the needed classes.
 
 If --force is present, existing files may be overwritten.
 
-Requirements: `mvn` and `codeql` should both appear on your path.
+Requirements:
+ - `mvn` and `codeql` should both appear on your path.
+ - `--additional-packs /path/to/semmle-code/ql` should be added to your `.config/codeql/config` file.
 
 After test generation completes, any lines in specsToTest.csv that didn't produce tests are output.
 If this happens, check the spelling of class and method names, and the syntax of input and output specifications.
@@ -52,10 +54,11 @@ except Exception as e:
 
 resultJava = os.path.join(sys.argv[3], "Test.java")
 resultQl = os.path.join(sys.argv[3], "test.ql")
+resultYml = os.path.join(sys.argv[3], "test.ext.yml")
 
-if not force and (os.path.exists(resultJava) or os.path.exists(resultQl)):
-    print("Won't overwrite existing files '%s' or '%s'" %
-          (resultJava, resultQl), file=sys.stderr)
+if not force and (os.path.exists(resultJava) or os.path.exists(resultQl) or os.path.exists(resultYml)):
+    print("Won't overwrite existing files '%s', '%s' or '%s'." %
+          (resultJava, resultQl, resultYml), file=sys.stderr)
     sys.exit(1)
 
 workDir = tempfile.mkdtemp()
@@ -127,7 +130,13 @@ queryDir = os.path.join(workDir, "query")
 os.makedirs(queryDir)
 qlFile = os.path.join(queryDir, "gen.ql")
 with open(os.path.join(queryDir, "qlpack.yml"), "w") as f:
-    f.write("name: test-generation-query\nversion: 0.0.0\nlibraryPathDependencies: codeql/java-queries")
+    f.write("""name: test-generation-query
+version: 0.0.0
+dependencies:
+  codeql/java-all: '*'
+  codeql/java-queries: '*'
+""")
+
 with open(qlFile, "w") as f:
     f.write(
         "import java\nimport utils.flowtestcasegenerator.GenerateFlowTestCase\n\nclass GenRow extends TargetSummaryModelCsv {\n\n\toverride predicate row(string r) {\n\t\tr = [\n")
@@ -163,9 +172,9 @@ def getTuples(queryName, jsonResult, fname):
 with open(generatedJson, "r") as f:
     generateOutput = json.load(f)
     expectedTables = ("getTestCase", "getASupportMethodModel",
-                      "missingSummaryModelCsv", "getAParseFailure", "noTestCaseGenerated")
+                      "missingSummaryModel", "getAParseFailure", "noTestCaseGenerated")
 
-    testCaseRows, supportModelRows, missingSummaryModelCsvRows, parseFailureRows, noTestCaseGeneratedRows = \
+    testCaseRows, supportModelRows, missingSummaryModelRows, parseFailureRows, noTestCaseGeneratedRows = \
         tuple([getTuples(k, generateOutput, generatedJson)
                for k in expectedTables])
 
@@ -182,9 +191,9 @@ with open(generatedJson, "r") as f:
         print("Expected exactly one column in noTestCaseGenerated relation (got: %s)" %
               json.dumps(noTestCaseGeneratedRows), file=sys.stderr)
 
-    if len(missingSummaryModelCsvRows) != 0:
-        print("Tests for some CSV rows were requested that were not in scope (SummaryModelCsv.row does not hold):\n" +
-              "\n".join(r[0] for r in missingSummaryModelCsvRows))
+    if len(missingSummaryModelRows) != 0:
+        print("Tests for some CSV rows were requested that were not in scope (a summary doesn't already exist):\n" +
+              "\n".join(r[0] for r in missingSummaryModelRows))
         sys.exit(1)
     if len(parseFailureRows) != 0:
         print("The following rows failed to generate any test case. Check package, class and method name spelling, and argument and result specifications:\n%s" %
@@ -207,11 +216,20 @@ def copyfile(fromName, toFileHandle):
 
 with open(resultQl, "w") as f:
     copyfile("testHeader.qlfrag", f)
-    if len(supportModelRows) != 0:
-        copyfile("testModelsHeader.qlfrag", f)
-        f.write(", ".join('"%s"' %
-                          modelSpecRow[0].strip() for modelSpecRow in supportModelRows))
-        copyfile("testModelsFooter.qlfrag", f)
+
+if len(supportModelRows) != 0:
+    # Make a test extension file
+    with open(resultYml, "w") as f:
+        models = "\n".join('      - [%s]' %
+                          modelSpecRow[0].strip() for modelSpecRow in supportModelRows)
+        dataextensions = f"""extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+{models}
+"""
+        f.write(dataextensions)
 
 # Make an empty .expected file, since this is an inline-exectations test
 with open(os.path.join(sys.argv[3], "test.expected"), "w"):
diff --git a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.qll b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.qll
index 9eb925be422..b06d9c60220 100644
--- a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.qll
+++ b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.qll
@@ -13,33 +13,33 @@ private import FlowTestCaseSupportMethods
 private import FlowTestCaseUtils
 
 /**
- * Gets a CSV row for which a test has been requested, and `SummaryModelCsv.row` does hold, but
+ * Gets a CSV row for which a test has been requested, and where there exists a summary, but
  * nonetheless we can't generate a test case for it, indicating we cannot resolve either the callable
  * spec or an input or output spec.
  */
 query string getAParseFailure(string reason) {
   any(TargetSummaryModelCsv target).row(result) and
-  any(SummaryModelCsv model).row(result) and
+  summaryModelRow(_, _, _, _, _, _, _, _, _, _, result) and
   (
-    not summaryModel(_, _, _, _, _, _, _, _, _, _, result) and
+    not summaryModelRow(_, _, _, _, _, _, _, _, _, _, result) and
     reason = "row could not be parsed"
     or
     exists(
       string namespace, string type, boolean subtypes, string name, string signature, string ext
     |
-      summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, result) and
+      summaryModelRow(namespace, type, subtypes, name, signature, ext, _, _, _, _, result) and
       not interpretElement(namespace, type, subtypes, name, signature, ext) instanceof Callable and
       reason = "callable could not be resolved"
     )
     or
     exists(string inputSpec |
-      summaryModel(_, _, _, _, _, _, inputSpec, _, _, _, result) and
+      summaryModelRow(_, _, _, _, _, _, inputSpec, _, _, _, result) and
       not Private::External::interpretSpec(inputSpec, _) and
       reason = "input spec could not be parsed"
     )
     or
     exists(string outputSpec |
-      summaryModel(_, _, _, _, _, _, _, outputSpec, _, _, result) and
+      summaryModelRow(_, _, _, _, _, _, _, outputSpec, _, _, result) and
       not Private::External::interpretSpec(outputSpec, _) and
       reason = "output spec could not be parsed"
     )
@@ -52,7 +52,7 @@ query string getAParseFailure(string reason) {
  */
 query string noTestCaseGenerated() {
   any(TargetSummaryModelCsv target).row(result) and
-  any(SummaryModelCsv model).row(result) and
+  summaryModelRow(_, _, _, _, _, _, _, _, _, _, result) and
   not exists(getAParseFailure(_)) and
   not exists(any(TestCase tc).getATestSnippetForRow(result))
 }
@@ -85,12 +85,12 @@ SupportMethod getASupportMethod() {
 }
 
 /**
- * Returns a CSV specification of the taint-/value-propagation behavior of a test support method (`get` or `newWith` method).
+ * Returns a data extension specification of the taint-/value-propagation behavior of a test support method (`get` or `newWith` method).
  */
-query string getASupportMethodModel() { result = getASupportMethod().getCsvModel() }
+query string getASupportMethodModel() { result = getASupportMethod().getDataExtensionModel() }
 
 /**
- * Gets a Java file body testing all requested CSV rows against whatever classes and methods they resolve against.
+ * Gets a Java file body testing all requested Models as Data rows against whatever classes and methods they resolve against.
  */
 query string getTestCase() {
   result =
diff --git a/java/ql/src/utils/flowtestcasegenerator/testModelsFooter.qlfrag b/java/ql/src/utils/flowtestcasegenerator/testModelsFooter.qlfrag
deleted file mode 100644
index 77bc78669d2..00000000000
--- a/java/ql/src/utils/flowtestcasegenerator/testModelsFooter.qlfrag
+++ /dev/null
@@ -1,3 +0,0 @@
-      ]
-  }
-}
diff --git a/java/ql/src/utils/flowtestcasegenerator/testModelsHeader.qlfrag b/java/ql/src/utils/flowtestcasegenerator/testModelsHeader.qlfrag
deleted file mode 100644
index a49dbbe5404..00000000000
--- a/java/ql/src/utils/flowtestcasegenerator/testModelsHeader.qlfrag
+++ /dev/null
@@ -1,5 +0,0 @@
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
diff --git a/java/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureNeutralModels.ql
similarity index 60%
rename from java/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql
rename to java/ql/src/utils/model-generator/CaptureNeutralModels.ql
index a6f6e5f26e5..96744de89b6 100644
--- a/java/ql/src/utils/model-generator/CaptureNegativeSummaryModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureNeutralModels.ql
@@ -1,8 +1,8 @@
 /**
- * @name Capture negative summary models.
- * @description Finds negative summary models to be used by other queries.
+ * @name Capture neutral models.
+ * @description Finds neutral models to be used by other queries.
  * @kind diagnostic
- * @id java/utils/model-generator/negative-summary-models
+ * @id java/utils/model-generator/neutral-models
  * @tags model-generator
  */
 
diff --git a/java/ql/src/utils/model-generator/RegenerateModels.py b/java/ql/src/utils/model-generator/RegenerateModels.py
index 55e9651b4ca..6bea57793a0 100755
--- a/java/ql/src/utils/model-generator/RegenerateModels.py
+++ b/java/ql/src/utils/model-generator/RegenerateModels.py
@@ -2,22 +2,19 @@
 
 # Tool to regenerate existing framework CSV models.
 
-from pathlib import Path
 import json
 import os
-import requests
 import shutil
 import subprocess
 import tempfile
 import sys
 
 
-defaultModelPath = "java/ql/lib/semmle/code/java/frameworks"
 lgtmSlugToModelFile = {
     # "apache/commons-beanutils": "apache/BeanUtilsGenerated.qll",
     # "apache/commons-codec": "apache/CodecGenerated.qll",
     # "apache/commons-lang": "apache/Lang3Generated.qll",
-    "apache/commons-io": "apache/IOGenerated.qll",
+    "apache/commons-io": "org.apache.commons.io",
 }
 
 
@@ -36,13 +33,12 @@ def regenerateModel(lgtmSlug, extractedDb):
         print("ERROR: slug " + lgtmSlug +
               " is not mapped to a model file in script " + sys.argv[0])
         sys.exit(1)
-    modelFile = defaultModelPath + "/" + lgtmSlugToModelFile[lgtmSlug]
+    modelFile = lgtmSlugToModelFile[lgtmSlug]
     codeQlRoot = findGitRoot()
-    targetModel = codeQlRoot + "/" + modelFile
     subprocess.check_call([codeQlRoot + "/java/ql/src/utils/model-generator/GenerateFlowModel.py",
-                           "--with-summaries", "--with-sinks",
-                           extractedDb, targetModel])
-    print("Regenerated " + targetModel)
+                           "--with-summaries", "--with-sinks", "--with-neutrals",
+                           extractedDb, modelFile])
+    print("Regenerated " + modelFile)
     shutil.rmtree(tmpDir)
 
 
diff --git a/java/ql/src/utils/modelconverter/ConvertExtensions.py b/java/ql/src/utils/modelconverter/ConvertExtensions.py
new file mode 100644
index 00000000000..c2d2e7b2e09
--- /dev/null
+++ b/java/ql/src/utils/modelconverter/ConvertExtensions.py
@@ -0,0 +1,41 @@
+# Tool to generate data extensions files based on the existing models.
+# Usage:
+# python3 ConvertExtensions.py
+# (1) A folder named `java/ql/lib/ext` will be created, if it doesn't already exist.
+# (2) The converted models will be written to `java/ql/lib/ext`. One file for each namespace.
+
+import os
+import subprocess
+import sys
+import tempfile
+
+# Add Models as Data script directory to sys.path.
+gitroot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
+madpath = os.path.join(gitroot, "misc/scripts/models-as-data/")
+sys.path.append(madpath)
+
+import helpers
+import convert_extensions as extensions
+
+print('Running script to generate data extensions files from the existing MaD models.')
+print('Making a dummy database.')
+
+# Configuration
+language = "java"
+workDir = tempfile.mkdtemp()
+projectDir = os.path.join(workDir, "project")
+emptyFile = os.path.join(workDir, "Empty.java") 
+dbDir = os.path.join(workDir, "db")
+
+# Make dummy project
+with open(emptyFile, "w") as f:
+    f.write("class Empty {}")
+helpers.run_cmd(['codeql', 'database', 'create', f'--language={language}', '-c', f'javac {emptyFile}', dbDir], "Failed to create dummy database.")
+
+print('Converting data extensions for Java.')
+extensions.Converter(language, dbDir).run()
+
+print('Cleanup.')
+# Cleanup - delete database.
+helpers.remove_dir(dbDir)
+print('Done.')
\ No newline at end of file
diff --git a/java/ql/src/utils/modelconverter/ExtractNeutrals.ql b/java/ql/src/utils/modelconverter/ExtractNeutrals.ql
new file mode 100644
index 00000000000..ad7cef84f04
--- /dev/null
+++ b/java/ql/src/utils/modelconverter/ExtractNeutrals.ql
@@ -0,0 +1,14 @@
+/**
+ * @name Extract MaD neutral model rows.
+ * @description This extracts the Models as data neutral model rows.
+ * @id java/utils/modelconverter/generate-data-extensions-neutral
+ */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+
+from string package, string type, string name, string signature, string provenance
+where
+  neutralModel(package, type, name, signature, provenance) and
+  provenance != "generated"
+select package, type, name, signature, provenance order by package, type, name, signature
diff --git a/java/ql/src/utils/modelconverter/ExtractSinks.ql b/java/ql/src/utils/modelconverter/ExtractSinks.ql
new file mode 100644
index 00000000000..cbfd4f7cebb
--- /dev/null
+++ b/java/ql/src/utils/modelconverter/ExtractSinks.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Extract MaD sink model rows.
+ * @description This extracts the Models as data sink model rows.
+ * @id java/utils/modelconverter/generate-data-extensions-sink
+ */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+
+from
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance
+where
+  sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and
+  provenance != "generated"
+select package, type, subtypes, name, signature, ext, input, kind, provenance order by
+    package, type, name, signature, input, kind
diff --git a/java/ql/src/utils/modelconverter/ExtractSources.ql b/java/ql/src/utils/modelconverter/ExtractSources.ql
new file mode 100644
index 00000000000..b74a97e3728
--- /dev/null
+++ b/java/ql/src/utils/modelconverter/ExtractSources.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Extract MaD source model rows.
+ * @description This extracts the Models as data source model rows.
+ * @id java/utils/modelconverter/generate-data-extensions-source
+ */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+
+from
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance
+where
+  sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) and
+  provenance != "generated"
+select package, type, subtypes, name, signature, ext, output, kind, provenance order by
+    package, type, name, signature, output, kind
diff --git a/java/ql/src/utils/modelconverter/ExtractSummaries.ql b/java/ql/src/utils/modelconverter/ExtractSummaries.ql
new file mode 100644
index 00000000000..65af62b3259
--- /dev/null
+++ b/java/ql/src/utils/modelconverter/ExtractSummaries.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Extract MaD summary model rows.
+ * @description This extracts the Models as data summary model rows.
+ * @id java/utils/modelconverter/generate-data-extensions-summary
+ */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+
+from
+  string package, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance
+where
+  summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) and
+  provenance != "generated"
+select package, type, subtypes, name, signature, ext, input, output, kind, provenance order by
+    package, type, name, signature, input, output, kind
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
index f40b028ba6d..893c62191b3 100644
--- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -58,9 +58,7 @@ private string asSummaryModel(TargetApiSpecific api, string input, string output
       + "generated"
 }
 
-string asNegativeSummaryModel(TargetApiSpecific api) {
-  result = asPartialNegativeModel(api) + "generated"
-}
+string asNeutralModel(TargetApiSpecific api) { result = asPartialNeutralModel(api) + "generated" }
 
 /**
  * Gets the value summary model for `api` with `input` and `output`.
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
index 6e9fe7c29b2..e8be963f0dc 100644
--- a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
@@ -39,15 +39,20 @@ private predicate isJdkInternal(J::CompilationUnit cu) {
   cu.getPackage().getName().matches("javax.swing%") or
   cu.getPackage().getName().matches("java.awt%") or
   cu.getPackage().getName().matches("sun%") or
-  cu.getPackage().getName().matches("jdk.%") or
-  cu.getPackage().getName().matches("java2d.%") or
-  cu.getPackage().getName().matches("build.tools.%") or
-  cu.getPackage().getName().matches("propertiesparser.%") or
-  cu.getPackage().getName().matches("org.jcp.%") or
-  cu.getPackage().getName().matches("org.w3c.%") or
-  cu.getPackage().getName().matches("org.ietf.jgss.%") or
+  cu.getPackage().getName().matches("jdk%") or
+  cu.getPackage().getName().matches("java2d%") or
+  cu.getPackage().getName().matches("build.tools%") or
+  cu.getPackage().getName().matches("propertiesparser%") or
+  cu.getPackage().getName().matches("org.jcp%") or
+  cu.getPackage().getName().matches("org.w3c%") or
+  cu.getPackage().getName().matches("org.ietf.jgss%") or
   cu.getPackage().getName().matches("org.xml.sax%") or
+  cu.getPackage().getName().matches("com.oracle%") or
+  cu.getPackage().getName().matches("org.omg%") or
+  cu.getPackage().getName().matches("org.relaxng%") or
   cu.getPackage().getName() = "compileproperties" or
+  cu.getPackage().getName() = "transparentruler" or
+  cu.getPackage().getName() = "genstubs" or
   cu.getPackage().getName() = "netscape.javascript" or
   cu.getPackage().getName() = ""
 }
@@ -59,7 +64,9 @@ private predicate isRelevantForModels(J::Callable api) {
   not isInTestFile(api.getCompilationUnit().getFile()) and
   not isJdkInternal(api.getCompilationUnit()) and
   not api instanceof J::MainMethod and
-  not api instanceof J::StaticInitializer
+  not api instanceof J::StaticInitializer and
+  not exists(J::FunctionalExpr funcExpr | api = funcExpr.asMethod()) and
+  not api.(J::Constructor).isParameterless()
 }
 
 /**
@@ -131,9 +138,9 @@ string asPartialModel(TargetApiSpecific api) {
 }
 
 /**
- * Computes the first 4 columns for negative CSV rows.
+ * Computes the first 4 columns for neutral CSV rows.
  */
-string asPartialNegativeModel(TargetApiSpecific api) {
+string asPartialNeutralModel(TargetApiSpecific api) {
   exists(string type, string name, string parameters |
     partialModel(api, type, name, parameters) and
     result =
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll b/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
index 4b5293e63cd..04e87d9a385 100644
--- a/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlow.qll
@@ -77,10 +77,10 @@ string captureFlow(DataFlowTargetApi api) {
 }
 
 /**
- * Gets the negative summary for `api`, if any.
- * A negative summary is generated, if there does not exist any positive flow.
+ * Gets the neutral summary for `api`, if any.
+ * A neutral model is generated, if there does not exist any summary model.
  */
 string captureNoFlow(DataFlowTargetApi api) {
   not exists(captureFlow(api)) and
-  result = asNegativeSummaryModel(api)
+  result = asNeutralModel(api)
 }
diff --git a/java/ql/src/utils/stub-generator/Stubs.qll b/java/ql/src/utils/stub-generator/Stubs.qll
index 5c04dee0090..3aca6efa6d6 100644
--- a/java/ql/src/utils/stub-generator/Stubs.qll
+++ b/java/ql/src/utils/stub-generator/Stubs.qll
@@ -7,12 +7,17 @@
 
 import java
 
+/** Holds if `id` is a valid Java identifier. */
+bindingset[id]
+private predicate isValidIdentifier(string id) { id.regexpMatch("[\\w_$]+") }
+
 /** A type that should be in the generated code. */
 abstract private class GeneratedType extends ClassOrInterface {
   GeneratedType() {
     not this instanceof AnonymousClass and
     not this.isLocal() and
-    not this.getPackage() instanceof ExcludedPackage
+    not this.getPackage() instanceof ExcludedPackage and
+    isValidIdentifier(this.getName())
   }
 
   private string stubKeyword() {
@@ -108,7 +113,8 @@ abstract private class GeneratedType extends ClassOrInterface {
     not result.isPrivate() and
     not result.isPackageProtected() and
     not result instanceof StaticInitializer and
-    not result instanceof InstanceInitializer
+    not result instanceof InstanceInitializer and
+    isValidIdentifier(result.getName())
   }
 
   final Type getAGeneratedType() {
@@ -493,11 +499,8 @@ private RefType getAReferencedType(RefType t) {
 }
 
 /** A top level type whose file should be stubbed */
-class GeneratedTopLevel extends TopLevelType {
-  GeneratedTopLevel() {
-    this = this.getSourceDeclaration() and
-    this instanceof GeneratedType
-  }
+class GeneratedTopLevel extends TopLevelType instanceof GeneratedType {
+  GeneratedTopLevel() { this = this.getSourceDeclaration() }
 
   private TopLevelType getAnImportedType() {
     result = getAReferencedType(this).getSourceDeclaration()
@@ -530,8 +533,6 @@ class GeneratedTopLevel extends TopLevelType {
 
   /** Creates a full stub for the file containing this type. */
   string stubFile() {
-    result =
-      this.stubComment() + this.stubPackage() + this.stubImports() + this.(GeneratedType).getStub() +
-        "\n"
+    result = this.stubComment() + this.stubPackage() + this.stubImports() + super.getStub() + "\n"
   }
 }
diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected
index dfc923f9b58..dd3f886ccb1 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected
@@ -1,16 +1,45 @@
 edges
 | MybatisSqlInjection.java:62:19:62:43 | name : String | MybatisSqlInjection.java:63:35:63:38 | name : String |
 | MybatisSqlInjection.java:63:35:63:38 | name : String | MybatisSqlInjectionService.java:48:19:48:29 | name : String |
+| MybatisSqlInjection.java:67:46:67:70 | name : String | MybatisSqlInjection.java:68:40:68:43 | name : String |
+| MybatisSqlInjection.java:68:40:68:43 | name : String | MybatisSqlInjectionService.java:54:32:54:42 | name : String |
+| MybatisSqlInjection.java:99:20:99:44 | name : String | MybatisSqlInjection.java:100:36:100:39 | name : String |
+| MybatisSqlInjection.java:100:36:100:39 | name : String | MybatisSqlInjectionService.java:80:20:80:30 | name : String |
+| MybatisSqlInjection.java:104:20:104:43 | age : String | MybatisSqlInjection.java:105:36:105:38 | age : String |
+| MybatisSqlInjection.java:105:36:105:38 | age : String | MybatisSqlInjectionService.java:84:20:84:29 | age : String |
+| MybatisSqlInjection.java:109:46:109:70 | name : String | MybatisSqlInjection.java:110:40:110:43 | name : String |
+| MybatisSqlInjection.java:110:40:110:43 | name : String | MybatisSqlInjectionService.java:88:32:88:42 | name : String |
 | MybatisSqlInjectionService.java:48:19:48:29 | name : String | MybatisSqlInjectionService.java:50:23:50:26 | name : String |
 | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] [<map.value>] : String | MybatisSqlInjectionService.java:51:27:51:33 | hashMap |
 | MybatisSqlInjectionService.java:50:23:50:26 | name : String | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] [<map.value>] : String |
+| MybatisSqlInjectionService.java:54:32:54:42 | name : String | MybatisSqlInjectionService.java:55:32:55:35 | name |
+| MybatisSqlInjectionService.java:80:20:80:30 | name : String | MybatisSqlInjectionService.java:81:28:81:31 | name |
+| MybatisSqlInjectionService.java:84:20:84:29 | age : String | MybatisSqlInjectionService.java:85:28:85:30 | age |
+| MybatisSqlInjectionService.java:88:32:88:42 | name : String | MybatisSqlInjectionService.java:89:32:89:35 | name |
 nodes
 | MybatisSqlInjection.java:62:19:62:43 | name : String | semmle.label | name : String |
 | MybatisSqlInjection.java:63:35:63:38 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:67:46:67:70 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:68:40:68:43 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:99:20:99:44 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:100:36:100:39 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:104:20:104:43 | age : String | semmle.label | age : String |
+| MybatisSqlInjection.java:105:36:105:38 | age : String | semmle.label | age : String |
+| MybatisSqlInjection.java:109:46:109:70 | name : String | semmle.label | name : String |
+| MybatisSqlInjection.java:110:40:110:43 | name : String | semmle.label | name : String |
 | MybatisSqlInjectionService.java:48:19:48:29 | name : String | semmle.label | name : String |
 | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] [<map.value>] : String | semmle.label | hashMap [post update] [<map.value>] : String |
 | MybatisSqlInjectionService.java:50:23:50:26 | name : String | semmle.label | name : String |
 | MybatisSqlInjectionService.java:51:27:51:33 | hashMap | semmle.label | hashMap |
+| MybatisSqlInjectionService.java:54:32:54:42 | name : String | semmle.label | name : String |
+| MybatisSqlInjectionService.java:55:32:55:35 | name | semmle.label | name |
+| MybatisSqlInjectionService.java:80:20:80:30 | name : String | semmle.label | name : String |
+| MybatisSqlInjectionService.java:81:28:81:31 | name | semmle.label | name |
+| MybatisSqlInjectionService.java:84:20:84:29 | age : String | semmle.label | age : String |
+| MybatisSqlInjectionService.java:85:28:85:30 | age | semmle.label | age |
+| MybatisSqlInjectionService.java:88:32:88:42 | name : String | semmle.label | name : String |
+| MybatisSqlInjectionService.java:89:32:89:35 | name | semmle.label | name |
 subpaths
 #select
 | MybatisSqlInjectionService.java:51:27:51:33 | hashMap | MybatisSqlInjection.java:62:19:62:43 | name : String | MybatisSqlInjectionService.java:51:27:51:33 | hashMap | MyBatis annotation SQL injection might include code from $@ to $@. | MybatisSqlInjection.java:62:19:62:43 | name | this user input | SqlInjectionMapper.java:33:2:33:54 | Select | this SQL operation |
+| MybatisSqlInjectionService.java:55:32:55:35 | name | MybatisSqlInjection.java:67:46:67:70 | name : String | MybatisSqlInjectionService.java:55:32:55:35 | name | MyBatis annotation SQL injection might include code from $@ to $@. | MybatisSqlInjection.java:67:46:67:70 | name | this user input | SqlInjectionMapper.java:36:2:36:72 | Select | this SQL operation |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java
index 624f27ad81d..856c1d0b299 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java
@@ -63,6 +63,11 @@ public class MybatisSqlInjection {
 		mybatisSqlInjectionService.bad9(name);
 	}
 
+	@GetMapping(value = "msi10")
+	public void bad10(@RequestParam Integer id, @RequestParam String name) {
+		mybatisSqlInjectionService.bad10(id, name);
+	}
+
 	@GetMapping(value = "good1")
 	public List<Test> good1(Integer id) {
 		List<Test> result = mybatisSqlInjectionService.good1(id);
@@ -79,7 +84,7 @@ public class MybatisSqlInjection {
 	public void badDelete(@RequestParam String name) {
 		mybatisSqlInjectionService.badDelete(name);
 	}
-	
+
 	@GetMapping(value = "badUpdate")
 	public void badUpdate(@RequestParam String name) {
 		mybatisSqlInjectionService.badUpdate(name);
@@ -89,4 +94,19 @@ public class MybatisSqlInjection {
 	public void badInsert(@RequestParam String name) {
 		mybatisSqlInjectionService.badInsert(name);
 	}
+
+	@GetMapping(value = "good2")
+	public void good2(@RequestParam String name, @RequestParam Integer age) {
+		mybatisSqlInjectionService.good2(name, age);
+	}
+
+	@GetMapping(value = "good3")
+	public void good3(@RequestParam String age) {
+		mybatisSqlInjectionService.good3(age);
+	}
+
+	@GetMapping(value = "good4")
+	public void good4(@RequestParam Integer id, @RequestParam String name) {
+		mybatisSqlInjectionService.good4(id, name);
+	}
 }
diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java
index 89dbd599d71..6e334ea35dd 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java
@@ -51,6 +51,10 @@ public class MybatisSqlInjectionService {
 		sqlInjectionMapper.bad9(hashMap);
 	}
 
+	public void bad10(Integer id, String name) {
+		sqlInjectionMapper.bad10(id, name);
+	}
+
 	public List<Test> good1(Integer id) {
 		List<Test> result = sqlInjectionMapper.good1(id);
 		return result;
@@ -72,4 +76,16 @@ public class MybatisSqlInjectionService {
 	public void badInsert(String input) {
 		sqlInjectionMapper.badInsert(input);
 	}
+
+	public void good2(String name, Integer age){
+		sqlInjectionMapper.good2(name, age);
+	}
+
+	public void good3(String age){
+		sqlInjectionMapper.good3(age);
+	}
+
+	public void good4(Integer id, String name) {
+		sqlInjectionMapper.good4(id, name);
+	}
 }
diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java
index 5b159817297..a8f56b40bc3 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java
@@ -33,30 +33,42 @@ public interface SqlInjectionMapper {
 	@Select({"select * from test", "where id = ${name}"})
 	public Test bad9(HashMap<String, Object> map);
 
+	@Select({"select * from test where id = #{id} and name = '${ name }'"})
+	String bad10(Integer id, String name);
+
 	List<Test> good1(Integer id);
 
 	//using providers
 	@SelectProvider(
-		type = MyBatisProvider.class,
-		method = "badSelect"
+			type = MyBatisProvider.class,
+			method = "badSelect"
 	)
 	String badSelect(String input);
 
 	@DeleteProvider(
-		type = MyBatisProvider.class,
-		method = "badDelete"
+			type = MyBatisProvider.class,
+			method = "badDelete"
 	)
 	void badDelete(String input);
 
 	@UpdateProvider(
-		type = MyBatisProvider.class,
-		method = "badUpdate"
+			type = MyBatisProvider.class,
+			method = "badUpdate"
 	)
 	void badUpdate(String input);
 
 	@InsertProvider(
-		type = MyBatisProvider.class,
-		method = "badInsert"
+			type = MyBatisProvider.class,
+			method = "badInsert"
 	)
 	void badInsert(String input);
+
+	@Select("select * from user_info where name = #{name} and age = ${age}")
+	String good2(@Param("name") String name, Integer age);
+
+	@Select("select * from user_info where age = #{age}")
+	String good3(@Param("age") String age);
+
+	@Select({"select * from test where id = #{id} and name = #{name}"})
+	String good4(Integer id, String name);
 }
diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.xml b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.xml
index 3f3d1f9ba77..a0d8d7a7970 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.xml
+++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.xml
@@ -12,7 +12,7 @@
   <sql id="Update_By_Example_Where_Clause">
     <where>
       <if test="test.name != null">
-        and name = ${test.name,jdbcType=VARCHAR}
+        and name = ${ test . name , jdbcType = VARCHAR }
       </if>
       <if test="test.id != null">
         and id = #{test.id}
diff --git a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.expected
deleted file mode 100644
index a795f1591ad..00000000000
--- a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.expected
+++ /dev/null
@@ -1,73 +0,0 @@
-edges
-| RegexInjection.java:13:22:13:52 | getParameter(...) : String | RegexInjection.java:16:26:16:47 | ... + ... |
-| RegexInjection.java:20:22:20:52 | getParameter(...) : String | RegexInjection.java:23:24:23:30 | pattern |
-| RegexInjection.java:27:22:27:52 | getParameter(...) : String | RegexInjection.java:30:31:30:37 | pattern |
-| RegexInjection.java:34:22:34:52 | getParameter(...) : String | RegexInjection.java:37:29:37:35 | pattern |
-| RegexInjection.java:41:22:41:52 | getParameter(...) : String | RegexInjection.java:44:34:44:40 | pattern |
-| RegexInjection.java:51:22:51:52 | getParameter(...) : String | RegexInjection.java:54:28:54:34 | pattern |
-| RegexInjection.java:58:22:58:52 | getParameter(...) : String | RegexInjection.java:61:28:61:34 | pattern |
-| RegexInjection.java:65:22:65:52 | getParameter(...) : String | RegexInjection.java:68:36:68:42 | pattern : String |
-| RegexInjection.java:68:32:68:43 | foo(...) : String | RegexInjection.java:68:26:68:52 | ... + ... |
-| RegexInjection.java:68:36:68:42 | pattern : String | RegexInjection.java:68:32:68:43 | foo(...) : String |
-| RegexInjection.java:68:36:68:42 | pattern : String | RegexInjection.java:71:14:71:23 | str : String |
-| RegexInjection.java:71:14:71:23 | str : String | RegexInjection.java:72:12:72:14 | str : String |
-| RegexInjection.java:84:22:84:52 | getParameter(...) : String | RegexInjection.java:90:26:90:47 | ... + ... |
-| RegexInjection.java:100:22:100:52 | getParameter(...) : String | RegexInjection.java:103:40:103:46 | pattern |
-| RegexInjection.java:107:22:107:52 | getParameter(...) : String | RegexInjection.java:110:42:110:48 | pattern |
-| RegexInjection.java:114:22:114:52 | getParameter(...) : String | RegexInjection.java:117:44:117:50 | pattern |
-| RegexInjection.java:121:22:121:52 | getParameter(...) : String | RegexInjection.java:124:41:124:47 | pattern |
-| RegexInjection.java:128:22:128:52 | getParameter(...) : String | RegexInjection.java:131:43:131:49 | pattern |
-| RegexInjection.java:143:22:143:52 | getParameter(...) : String | RegexInjection.java:146:45:146:51 | pattern |
-nodes
-| RegexInjection.java:13:22:13:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:16:26:16:47 | ... + ... | semmle.label | ... + ... |
-| RegexInjection.java:20:22:20:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:23:24:23:30 | pattern | semmle.label | pattern |
-| RegexInjection.java:27:22:27:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:30:31:30:37 | pattern | semmle.label | pattern |
-| RegexInjection.java:34:22:34:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:37:29:37:35 | pattern | semmle.label | pattern |
-| RegexInjection.java:41:22:41:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:44:34:44:40 | pattern | semmle.label | pattern |
-| RegexInjection.java:51:22:51:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:54:28:54:34 | pattern | semmle.label | pattern |
-| RegexInjection.java:58:22:58:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:61:28:61:34 | pattern | semmle.label | pattern |
-| RegexInjection.java:65:22:65:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:68:26:68:52 | ... + ... | semmle.label | ... + ... |
-| RegexInjection.java:68:32:68:43 | foo(...) : String | semmle.label | foo(...) : String |
-| RegexInjection.java:68:36:68:42 | pattern : String | semmle.label | pattern : String |
-| RegexInjection.java:71:14:71:23 | str : String | semmle.label | str : String |
-| RegexInjection.java:72:12:72:14 | str : String | semmle.label | str : String |
-| RegexInjection.java:84:22:84:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:90:26:90:47 | ... + ... | semmle.label | ... + ... |
-| RegexInjection.java:100:22:100:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:103:40:103:46 | pattern | semmle.label | pattern |
-| RegexInjection.java:107:22:107:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:110:42:110:48 | pattern | semmle.label | pattern |
-| RegexInjection.java:114:22:114:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:117:44:117:50 | pattern | semmle.label | pattern |
-| RegexInjection.java:121:22:121:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:124:41:124:47 | pattern | semmle.label | pattern |
-| RegexInjection.java:128:22:128:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:131:43:131:49 | pattern | semmle.label | pattern |
-| RegexInjection.java:143:22:143:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| RegexInjection.java:146:45:146:51 | pattern | semmle.label | pattern |
-subpaths
-| RegexInjection.java:68:36:68:42 | pattern : String | RegexInjection.java:71:14:71:23 | str : String | RegexInjection.java:72:12:72:14 | str : String | RegexInjection.java:68:32:68:43 | foo(...) : String |
-#select
-| RegexInjection.java:16:26:16:47 | ... + ... | RegexInjection.java:13:22:13:52 | getParameter(...) : String | RegexInjection.java:16:26:16:47 | ... + ... | This regular expression is constructed from a $@. | RegexInjection.java:13:22:13:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:23:24:23:30 | pattern | RegexInjection.java:20:22:20:52 | getParameter(...) : String | RegexInjection.java:23:24:23:30 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:20:22:20:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:30:31:30:37 | pattern | RegexInjection.java:27:22:27:52 | getParameter(...) : String | RegexInjection.java:30:31:30:37 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:27:22:27:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:37:29:37:35 | pattern | RegexInjection.java:34:22:34:52 | getParameter(...) : String | RegexInjection.java:37:29:37:35 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:34:22:34:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:44:34:44:40 | pattern | RegexInjection.java:41:22:41:52 | getParameter(...) : String | RegexInjection.java:44:34:44:40 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:41:22:41:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:54:28:54:34 | pattern | RegexInjection.java:51:22:51:52 | getParameter(...) : String | RegexInjection.java:54:28:54:34 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:51:22:51:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:61:28:61:34 | pattern | RegexInjection.java:58:22:58:52 | getParameter(...) : String | RegexInjection.java:61:28:61:34 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:58:22:58:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:68:26:68:52 | ... + ... | RegexInjection.java:65:22:65:52 | getParameter(...) : String | RegexInjection.java:68:26:68:52 | ... + ... | This regular expression is constructed from a $@. | RegexInjection.java:65:22:65:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:90:26:90:47 | ... + ... | RegexInjection.java:84:22:84:52 | getParameter(...) : String | RegexInjection.java:90:26:90:47 | ... + ... | This regular expression is constructed from a $@. | RegexInjection.java:84:22:84:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:103:40:103:46 | pattern | RegexInjection.java:100:22:100:52 | getParameter(...) : String | RegexInjection.java:103:40:103:46 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:100:22:100:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:110:42:110:48 | pattern | RegexInjection.java:107:22:107:52 | getParameter(...) : String | RegexInjection.java:110:42:110:48 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:107:22:107:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:117:44:117:50 | pattern | RegexInjection.java:114:22:114:52 | getParameter(...) : String | RegexInjection.java:117:44:117:50 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:114:22:114:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:124:41:124:47 | pattern | RegexInjection.java:121:22:121:52 | getParameter(...) : String | RegexInjection.java:124:41:124:47 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:121:22:121:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:131:43:131:49 | pattern | RegexInjection.java:128:22:128:52 | getParameter(...) : String | RegexInjection.java:131:43:131:49 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:128:22:128:52 | getParameter(...) | user-provided value |
-| RegexInjection.java:146:45:146:51 | pattern | RegexInjection.java:143:22:143:52 | getParameter(...) : String | RegexInjection.java:146:45:146:51 | pattern | This regular expression is constructed from a $@. | RegexInjection.java:143:22:143:52 | getParameter(...) | user-provided value |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.qlref
deleted file mode 100644
index dca594b38d2..00000000000
--- a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/Security/CWE/CWE-730/RegexInjection.ql
\ No newline at end of file
diff --git a/java/ql/test/experimental/query-tests/security/CWE-730/options b/java/ql/test/experimental/query-tests/security/CWE-730/options
deleted file mode 100644
index 73f1b5a3c3e..00000000000
--- a/java/ql/test/experimental/query-tests/security/CWE-730/options
+++ /dev/null
@@ -1 +0,0 @@
-// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-lang3-3.7
\ No newline at end of file
diff --git a/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/PrintAst.expected b/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/PrintAst.expected
index 816b559db7f..3f91fe4f141 100644
--- a/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/PrintAst.expected
@@ -1,82 +1,21 @@
 test.kt:
 #    0| [CompilationUnit] test
 #    3|   1: [Interface] A
-#    3|     1: [Constructor] A
-#-----|       4: (Parameters)
-#    3|         0: [Parameter] c1
-#    3|           0: [TypeAccess] Class<?>
-#    3|             0: [WildcardTypeAccess] ? ...
-#    3|         1: [Parameter] c2
-#    3|           0: [TypeAccess] Class<? extends CharSequence>
-#    3|             0: [WildcardTypeAccess] ? ...
-#    3|               0: [TypeAccess] CharSequence
-#    3|         2: [Parameter] c3
-#    3|           0: [TypeAccess] Class<String>
-#    3|             0: [TypeAccess] String
-#    3|         3: [Parameter] c4
-#    3|           0: [TypeAccess] Class<?>[]
-#    3|             0: [TypeAccess] Class<?>
-#    3|               0: [WildcardTypeAccess] ? ...
-#    3|       5: [BlockStmt] { ... }
-#    3|         0: [SuperConstructorInvocationStmt] super(...)
-#    3|         1: [BlockStmt] { ... }
-#    3|           0: [ExprStmt] <Expr>;
-#    3|             0: [KtInitializerAssignExpr] ...=...
-#    3|               0: [VarAccess] c1
-#    3|           1: [ExprStmt] <Expr>;
-#    3|             0: [KtInitializerAssignExpr] ...=...
-#    3|               0: [VarAccess] c2
-#    3|           2: [ExprStmt] <Expr>;
-#    3|             0: [KtInitializerAssignExpr] ...=...
-#    3|               0: [VarAccess] c3
-#    3|           3: [ExprStmt] <Expr>;
-#    3|             0: [KtInitializerAssignExpr] ...=...
-#    3|               0: [VarAccess] c4
-#    3|     2: [FieldDeclaration] Class<?> c1;
-#    3|       -1: [TypeAccess] Class<?>
-#    3|         0: [WildcardTypeAccess] ? ...
-#    3|       0: [VarAccess] c1
-#    3|     3: [Method] c1
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    3|     1: [Method] c1
 #    3|       3: [TypeAccess] Class<?>
 #    3|         0: [WildcardTypeAccess] ? ...
-#    3|       5: [BlockStmt] { ... }
-#    3|         0: [ReturnStmt] return ...
-#    3|           0: [VarAccess] this.c1
-#    3|             -1: [ThisAccess] this
-#    3|     4: [FieldDeclaration] Class<? extends CharSequence> c2;
-#    3|       -1: [TypeAccess] Class<? extends CharSequence>
-#    3|         0: [WildcardTypeAccess] ? ...
-#    3|           0: [TypeAccess] CharSequence
-#    3|       0: [VarAccess] c2
-#    3|     5: [Method] c2
+#    3|     2: [Method] c2
 #    3|       3: [TypeAccess] Class<? extends CharSequence>
 #    3|         0: [WildcardTypeAccess] ? ...
 #    3|           0: [TypeAccess] CharSequence
-#    3|       5: [BlockStmt] { ... }
-#    3|         0: [ReturnStmt] return ...
-#    3|           0: [VarAccess] this.c2
-#    3|             -1: [ThisAccess] this
-#    3|     6: [FieldDeclaration] Class<String> c3;
-#    3|       -1: [TypeAccess] Class<String>
-#    3|         0: [TypeAccess] String
-#    3|       0: [VarAccess] c3
-#    3|     7: [Method] c3
+#    3|     3: [Method] c3
 #    3|       3: [TypeAccess] Class<String>
 #    3|         0: [TypeAccess] String
-#    3|       5: [BlockStmt] { ... }
-#    3|         0: [ReturnStmt] return ...
-#    3|           0: [VarAccess] this.c3
-#    3|             -1: [ThisAccess] this
-#    3|     8: [FieldDeclaration] Class<?>[] c4;
-#    3|       -1: [TypeAccess] Class<?>[]
-#    3|         0: [TypeAccess] Class<?>
-#    3|           0: [WildcardTypeAccess] ? ...
-#    3|       0: [VarAccess] c4
-#    3|     9: [Method] c4
+#    3|     4: [Method] c4
 #    3|       3: [TypeAccess] Class<?>[]
 #    3|         0: [TypeAccess] Class<?>
 #    3|           0: [WildcardTypeAccess] ? ...
-#    3|       5: [BlockStmt] { ... }
-#    3|         0: [ReturnStmt] return ...
-#    3|           0: [VarAccess] this.c4
-#    3|             -1: [ThisAccess] this
diff --git a/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/test.expected b/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/test.expected
index ce28362cbca..0391e2d9b86 100644
--- a/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/test.expected
+++ b/java/ql/test/kotlin/library-tests/annotation-accessor-result-type/test.expected
@@ -1,35 +1,9 @@
 classExprs
-| test.kt:3:20:3:36 | ...=... | Class<?> |
 | test.kt:3:20:3:36 | Class<?> | Class<?> |
-| test.kt:3:20:3:36 | Class<?> | Class<?> |
-| test.kt:3:20:3:36 | Class<?> | Class<?> |
-| test.kt:3:20:3:36 | c1 | Class<?> |
-| test.kt:3:20:3:36 | c1 | Class<?> |
-| test.kt:3:20:3:36 | this.c1 | Class<?> |
-| test.kt:3:39:3:70 | ...=... | Class<? extends CharSequence> |
 | test.kt:3:39:3:70 | Class<? extends CharSequence> | Class<? extends CharSequence> |
-| test.kt:3:39:3:70 | Class<? extends CharSequence> | Class<? extends CharSequence> |
-| test.kt:3:39:3:70 | Class<? extends CharSequence> | Class<? extends CharSequence> |
-| test.kt:3:39:3:70 | c2 | Class<? extends CharSequence> |
-| test.kt:3:39:3:70 | c2 | Class<? extends CharSequence> |
-| test.kt:3:39:3:70 | this.c2 | Class<? extends CharSequence> |
-| test.kt:3:73:3:94 | ...=... | Class<String> |
 | test.kt:3:73:3:94 | Class<String> | Class<String> |
-| test.kt:3:73:3:94 | Class<String> | Class<String> |
-| test.kt:3:73:3:94 | Class<String> | Class<String> |
-| test.kt:3:73:3:94 | c3 | Class<String> |
-| test.kt:3:73:3:94 | c3 | Class<String> |
-| test.kt:3:73:3:94 | this.c3 | Class<String> |
-| test.kt:3:97:3:120 | ...=... | Class<?>[] |
-| test.kt:3:97:3:120 | Class<?> | Class<?> |
-| test.kt:3:97:3:120 | Class<?> | Class<?> |
 | test.kt:3:97:3:120 | Class<?> | Class<?> |
 | test.kt:3:97:3:120 | Class<?>[] | Class<?>[] |
-| test.kt:3:97:3:120 | Class<?>[] | Class<?>[] |
-| test.kt:3:97:3:120 | Class<?>[] | Class<?>[] |
-| test.kt:3:97:3:120 | c4 | Class<?>[] |
-| test.kt:3:97:3:120 | c4 | Class<?>[] |
-| test.kt:3:97:3:120 | this.c4 | Class<?>[] |
 #select
 | test.kt:3:20:3:36 | c1 | Class<?> |
 | test.kt:3:39:3:70 | c2 | Class<? extends CharSequence> |
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/Annot0j.java b/java/ql/test/kotlin/library-tests/annotation_classes/Annot0j.java
new file mode 100644
index 00000000000..acadc19cc97
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/Annot0j.java
@@ -0,0 +1,3 @@
+public @interface Annot0j {
+    int abc() default 0;
+}
\ No newline at end of file
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/Annot1j.java b/java/ql/test/kotlin/library-tests/annotation_classes/Annot1j.java
new file mode 100644
index 00000000000..b3b1f072eee
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/Annot1j.java
@@ -0,0 +1,15 @@
+public @interface Annot1j {
+    int a() default 2;
+
+    String b() default "ab";
+
+    Class c() default X.class;
+
+    Y d() default Y.A;
+
+    Y[] e() default { Y.A, Y.B };
+
+    Annot0j f() default @Annot0j(
+            abc = 1
+    );
+}
\ No newline at end of file
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.expected
new file mode 100644
index 00000000000..c457b0811dd
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.expected
@@ -0,0 +1,280 @@
+Annot0j.java:
+#    0| [CompilationUnit] Annot0j
+#    1|   1: [Interface] Annot0j
+#    2|     1: [Method] abc
+#    2|       3: [TypeAccess] int
+Annot1j.java:
+#    0| [CompilationUnit] Annot1j
+#    1|   1: [Interface] Annot1j
+#    2|     1: [Method] a
+#    2|       3: [TypeAccess] int
+#    4|     2: [Method] b
+#    4|       3: [TypeAccess] String
+#    6|     3: [Method] c
+#    6|       3: [TypeAccess] Class<>
+#    8|     4: [Method] d
+#    8|       3: [TypeAccess] Y
+#   10|     5: [Method] e
+#   10|       3: [ArrayTypeAccess] ...[]
+#   10|         0: [TypeAccess] Y
+#   12|     6: [Method] f
+#   12|       3: [TypeAccess] Annot0j
+def.kt:
+#    0| [CompilationUnit] def
+#    0|   1: [Class] DefKt
+#   46|     2: [Method] fn
+#-----|       1: (Annotations)
+#   45|         1: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 0
+#-----|       2: (Generic Parameters)
+#   46|         0: [TypeVariable] T
+#   46|       3: [TypeAccess] Unit
+#-----|       4: (Parameters)
+#   46|         0: [Parameter] a
+#-----|           -1: (Annotations)
+#   46|             1: [Annotation] Annot0k
+#    0|               1: [IntegerLiteral] 0
+#   46|           0: [TypeAccess] Annot0k
+#   46|       5: [BlockStmt] { ... }
+#   47|         0: [ExprStmt] <Expr>;
+#   47|           0: [MethodAccess] println(...)
+#   47|             -1: [TypeAccess] ConsoleKt
+#   47|             0: [MethodAccess] a(...)
+#   47|               -1: [VarAccess] a
+#   50|         1: [LocalVariableDeclStmt] var ...;
+#   50|           1: [LocalVariableDeclExpr] x
+#   50|             0: [IntegerLiteral] 10
+#   53|     3: [FieldDeclaration] int p;
+#-----|       -2: (Annotations)
+#   56|         1: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 0
+#   53|       -1: [TypeAccess] int
+#   57|       0: [IntegerLiteral] 5
+#   57|     4: [Method] getP
+#-----|       1: (Annotations)
+#   54|         1: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 0
+#   57|       3: [TypeAccess] int
+#   57|       5: [BlockStmt] { ... }
+#   57|         0: [ReturnStmt] return ...
+#   57|           0: [VarAccess] DefKt.p
+#   57|             -1: [TypeAccess] DefKt
+#   57|     5: [Method] setP
+#-----|       1: (Annotations)
+#   55|         1: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 0
+#   57|       3: [TypeAccess] Unit
+#-----|       4: (Parameters)
+#   57|         0: [Parameter] <set-?>
+#   57|           0: [TypeAccess] int
+#   57|       5: [BlockStmt] { ... }
+#   57|         0: [ExprStmt] <Expr>;
+#   57|           0: [AssignExpr] ...=...
+#   57|             0: [VarAccess] DefKt.p
+#   57|               -1: [TypeAccess] DefKt
+#   57|             1: [VarAccess] <set-?>
+#   59|     6: [ExtensionMethod] myExtension
+#   59|       3: [TypeAccess] Unit
+#-----|       4: (Parameters)
+#   59|         0: [Parameter] <this>
+#-----|           -1: (Annotations)
+#   59|             1: [Annotation] Annot0k
+#    0|               1: [IntegerLiteral] 0
+#   59|           0: [TypeAccess] String
+#   59|       5: [BlockStmt] { ... }
+#    5|   2: [Interface] Annot0k
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    0|       2: [Annotation] Target
+#    0|         1: [ArrayInit] {...}
+#    0|           1: [VarAccess] ElementType.TYPE
+#    0|             -1: [TypeAccess] ElementType
+#    0|           2: [VarAccess] ElementType.FIELD
+#    0|             -1: [TypeAccess] ElementType
+#    0|           3: [VarAccess] ElementType.METHOD
+#    0|             -1: [TypeAccess] ElementType
+#    0|           4: [VarAccess] ElementType.PARAMETER
+#    0|             -1: [TypeAccess] ElementType
+#    0|           5: [VarAccess] ElementType.CONSTRUCTOR
+#    0|             -1: [TypeAccess] ElementType
+#    0|           6: [VarAccess] ElementType.LOCAL_VARIABLE
+#    0|             -1: [TypeAccess] ElementType
+#    0|           7: [VarAccess] ElementType.ANNOTATION_TYPE
+#    0|             -1: [TypeAccess] ElementType
+#    0|           8: [VarAccess] ElementType.TYPE_PARAMETER
+#    0|             -1: [TypeAccess] ElementType
+#    0|           9: [VarAccess] ElementType.TYPE_USE
+#    0|             -1: [TypeAccess] ElementType
+#    5|       3: [Annotation] Target
+#    0|         1: [ArrayInit] {...}
+#    0|           1: [VarAccess] AnnotationTarget.CLASS
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           2: [VarAccess] AnnotationTarget.ANNOTATION_CLASS
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           3: [VarAccess] AnnotationTarget.TYPE_PARAMETER
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           4: [VarAccess] AnnotationTarget.PROPERTY
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           5: [VarAccess] AnnotationTarget.FIELD
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           6: [VarAccess] AnnotationTarget.LOCAL_VARIABLE
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           7: [VarAccess] AnnotationTarget.VALUE_PARAMETER
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           8: [VarAccess] AnnotationTarget.CONSTRUCTOR
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           9: [VarAccess] AnnotationTarget.FUNCTION
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           10: [VarAccess] AnnotationTarget.PROPERTY_GETTER
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           11: [VarAccess] AnnotationTarget.PROPERTY_SETTER
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           12: [VarAccess] AnnotationTarget.TYPE
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           13: [VarAccess] AnnotationTarget.FILE
+#    0|             -1: [TypeAccess] AnnotationTarget
+#    0|           14: [VarAccess] AnnotationTarget.TYPEALIAS
+#    0|             -1: [TypeAccess] AnnotationTarget
+#   21|     1: [Method] a
+#-----|       1: (Annotations)
+#   21|         1: [Annotation] JvmName
+#    0|           1: [StringLiteral] "a"
+#   21|       3: [TypeAccess] int
+#   23|   3: [Interface] Annot1k
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#   23|       2: [Annotation] Annot0k
+#    0|         1: [IntegerLiteral] 0
+#   25|     1: [Method] a
+#   25|       3: [TypeAccess] int
+#   26|     2: [Method] b
+#   26|       3: [TypeAccess] String
+#   27|     3: [Method] c
+#   27|       3: [TypeAccess] Class<?>
+#   27|         0: [WildcardTypeAccess] ? ...
+#   28|     4: [Method] d
+#   28|       3: [TypeAccess] Y
+#   29|     5: [Method] e
+#   29|       3: [TypeAccess] Y[]
+#   29|         0: [TypeAccess] Y
+#   30|     6: [Method] f
+#   30|       3: [TypeAccess] Annot0k
+#   33|   4: [Class] X
+#   33|     1: [Constructor] X
+#   33|       5: [BlockStmt] { ... }
+#   33|         0: [SuperConstructorInvocationStmt] super(...)
+#   33|         1: [BlockStmt] { ... }
+#   34|   5: [Class] Y
+#    0|     2: [Method] valueOf
+#    0|       3: [TypeAccess] Y
+#-----|       4: (Parameters)
+#    0|         0: [Parameter] value
+#    0|           0: [TypeAccess] String
+#    0|     3: [Method] values
+#    0|       3: [TypeAccess] Y[]
+#    0|         0: [TypeAccess] Y
+#   34|     4: [Constructor] Y
+#   34|       5: [BlockStmt] { ... }
+#   34|         0: [ExprStmt] <Expr>;
+#   34|           0: [ClassInstanceExpr] new Enum(...)
+#   34|             -3: [TypeAccess] Enum<Y>
+#   34|               0: [TypeAccess] Y
+#   34|             0: [NullLiteral] null
+#   34|             1: [IntegerLiteral] 0
+#   34|         1: [BlockStmt] { ... }
+#   35|     5: [FieldDeclaration] Y A;
+#   35|       -1: [TypeAccess] Y
+#   35|       0: [ClassInstanceExpr] new Y(...)
+#   35|         -3: [TypeAccess] Y
+#   35|     6: [FieldDeclaration] Y B;
+#   35|       -1: [TypeAccess] Y
+#   35|       0: [ClassInstanceExpr] new Y(...)
+#   35|         -3: [TypeAccess] Y
+#   35|     7: [FieldDeclaration] Y C;
+#   35|       -1: [TypeAccess] Y
+#   35|       0: [ClassInstanceExpr] new Y(...)
+#   35|         -3: [TypeAccess] Y
+#   38|   6: [Class] Z
+#-----|     -3: (Annotations)
+#   38|       1: [Annotation] Annot0k
+#    0|         1: [IntegerLiteral] 1
+#   39|       2: [Annotation] Annot1k
+#    0|         1: [IntegerLiteral] 2
+#    0|         2: [StringLiteral] "ab"
+#    0|         3: [TypeLiteral] X.class
+#    0|           0: [TypeAccess] X
+#    0|         4: [VarAccess] Y.B
+#    0|           -1: [TypeAccess] Y
+#    0|         5: [ArrayInit] {...}
+#    0|           1: [VarAccess] Y.C
+#    0|             -1: [TypeAccess] Y
+#    0|           2: [VarAccess] Y.A
+#    0|             -1: [TypeAccess] Y
+#    0|         6: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 1
+#   42|     1: [Constructor] Z
+#-----|       1: (Annotations)
+#   41|         1: [Annotation] Annot0k
+#    0|           1: [IntegerLiteral] 0
+#   41|       5: [BlockStmt] { ... }
+#   42|         0: [SuperConstructorInvocationStmt] super(...)
+#   42|         1: [BlockStmt] { ... }
+use.java:
+#    0| [CompilationUnit] use
+#    1|   1: [Class] use
+#-----|     -1: (Base Types)
+#    1|       0: [TypeAccess] Annot0k
+#    3|     2: [Method] a
+#-----|       1: (Annotations)
+#    2|         1: [Annotation] Override
+#    3|       3: [TypeAccess] int
+#    3|       5: [BlockStmt] { ... }
+#    3|         0: [ReturnStmt] return ...
+#    3|           0: [IntegerLiteral] 1
+#    6|     3: [Method] annotationType
+#-----|       1: (Annotations)
+#    5|         1: [Annotation] Override
+#    6|       3: [TypeAccess] Class<? extends Annotation>
+#    6|         0: [WildcardTypeAccess] ? ...
+#    6|           0: [TypeAccess] Annotation
+#    6|       5: [BlockStmt] { ... }
+#    7|         0: [ReturnStmt] return ...
+#    7|           0: [NullLiteral] null
+#   14|     4: [Class] Z
+#-----|       -3: (Annotations)
+#   10|         1: [Annotation] Annot0j
+#   10|           1: [IntegerLiteral] 1
+#   11|         2: [Annotation] Annot1j
+#   11|           1: [IntegerLiteral] 1
+#   11|           2: [StringLiteral] "ac"
+#   11|           3: [TypeLiteral] X.class
+#   11|             0: [TypeAccess] X
+#   11|           4: [VarAccess] Y.B
+#   11|             -1: [TypeAccess] Y
+#   11|           5: [ArrayInit] {...}
+#   11|             3: [VarAccess] Y.C
+#   11|               -1: [TypeAccess] Y
+#   11|             4: [VarAccess] Y.A
+#   11|               -1: [TypeAccess] Y
+#   11|           6: [Annotation] Annot0j
+#   11|             1: [IntegerLiteral] 2
+#   12|         3: [Annotation] Annot0k
+#   12|           1: [IntegerLiteral] 1
+#   13|         4: [Annotation] Annot1k
+#   13|           1: [IntegerLiteral] 1
+#   13|           2: [StringLiteral] "ac"
+#   13|           3: [TypeLiteral] X.class
+#   13|             0: [TypeAccess] X
+#   13|           4: [VarAccess] Y.B
+#   13|             -1: [TypeAccess] Y
+#   13|           5: [ArrayInit] {...}
+#   13|             3: [VarAccess] Y.C
+#   13|               -1: [TypeAccess] Y
+#   13|             4: [VarAccess] Y.A
+#   13|               -1: [TypeAccess] Y
+#   13|           6: [Annotation] Annot0k
+#   13|             1: [IntegerLiteral] 2
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.qlref b/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.qlref
new file mode 100644
index 00000000000..c7fd5faf239
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/PrintAst.qlref
@@ -0,0 +1 @@
+semmle/code/java/PrintAst.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/classes.expected b/java/ql/test/kotlin/library-tests/annotation_classes/classes.expected
index 240c4bb055b..b04dd33d2e7 100644
--- a/java/ql/test/kotlin/library-tests/annotation_classes/classes.expected
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/classes.expected
@@ -1,2 +1,82 @@
-| def.kt:2:1:2:31 | SomeAnnotation | Interface |
-| use.java:2:23:2:25 | use | Class |
+annotationDeclarations
+| Annot0j.java:1:19:1:25 | Annot0j | Annot0j.java:2:9:2:11 | abc |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:2:9:2:9 | a |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:4:12:4:12 | b |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:6:11:6:11 | c |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:8:7:8:7 | d |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:10:9:10:9 | e |
+| Annot1j.java:1:19:1:25 | Annot1j | Annot1j.java:12:13:12:13 | f |
+| def.kt:5:1:21:60 | Annot0k | def.kt:21:44:21:59 | a |
+| def.kt:23:1:31:1 | Annot1k | def.kt:25:5:25:18 | a |
+| def.kt:23:1:31:1 | Annot1k | def.kt:26:5:26:24 | b |
+| def.kt:23:1:31:1 | Annot1k | def.kt:27:5:27:31 | c |
+| def.kt:23:1:31:1 | Annot1k | def.kt:28:5:28:18 | d |
+| def.kt:23:1:31:1 | Annot1k | def.kt:29:5:29:32 | e |
+| def.kt:23:1:31:1 | Annot1k | def.kt:30:5:30:31 | f |
+annotations
+| def.kt:0:0:0:0 | Annot0k | def.kt:39:1:39:40 | Annot1k | def.kt:5:1:21:60 | Annot0k |
+| def.kt:23:1:23:8 | Annot0k | def.kt:23:1:31:1 | Annot1k | def.kt:5:1:21:60 | Annot0k |
+| def.kt:38:1:38:17 | Annot0k | def.kt:38:1:43:1 | Z | def.kt:5:1:21:60 | Annot0k |
+| def.kt:39:1:39:40 | Annot1k | def.kt:38:1:43:1 | Z | def.kt:23:1:31:1 | Annot1k |
+| def.kt:41:5:41:12 | Annot0k | def.kt:42:5:42:19 | Z | def.kt:5:1:21:60 | Annot0k |
+| def.kt:45:1:45:8 | Annot0k | def.kt:46:1:51:1 | fn | def.kt:5:1:21:60 | Annot0k |
+| def.kt:46:21:46:28 | Annot0k | def.kt:46:21:46:39 | a | def.kt:5:1:21:60 | Annot0k |
+| def.kt:54:1:54:12 | Annot0k | def.kt:57:1:57:23 | getP | def.kt:5:1:21:60 | Annot0k |
+| def.kt:55:1:55:12 | Annot0k | def.kt:57:1:57:23 | setP | def.kt:5:1:21:60 | Annot0k |
+| def.kt:56:1:56:14 | Annot0k | def.kt:53:1:57:23 | p | def.kt:5:1:21:60 | Annot0k |
+| def.kt:59:5:59:21 | Annot0k | def.kt:59:5:59:28 | <this> | def.kt:5:1:21:60 | Annot0k |
+| use.java:10:5:10:21 | Annot0j | use.java:14:18:14:18 | Z | Annot0j.java:1:19:1:25 | Annot0j |
+| use.java:11:5:11:90 | Annot1j | use.java:14:18:14:18 | Z | Annot1j.java:1:19:1:25 | Annot1j |
+| use.java:11:73:11:89 | Annot0j | use.java:11:5:11:90 | Annot1j | Annot0j.java:1:19:1:25 | Annot0j |
+| use.java:12:5:12:19 | Annot0k | use.java:14:18:14:18 | Z | def.kt:5:1:21:60 | Annot0k |
+| use.java:13:5:13:88 | Annot1k | use.java:14:18:14:18 | Z | def.kt:23:1:31:1 | Annot1k |
+| use.java:13:73:13:87 | Annot0k | use.java:13:5:13:88 | Annot1k | def.kt:5:1:21:60 | Annot0k |
+annotationValues
+| def.kt:0:0:0:0 | Annot0k | def.kt:0:0:0:0 | 1 |
+| def.kt:0:0:0:0 | Retention | def.kt:0:0:0:0 | RetentionPolicy.RUNTIME |
+| def.kt:0:0:0:0 | Retention | def.kt:0:0:0:0 | RetentionPolicy.RUNTIME |
+| def.kt:0:0:0:0 | Target | def.kt:0:0:0:0 | {...} |
+| def.kt:5:1:20:1 | Target | def.kt:0:0:0:0 | {...} |
+| def.kt:21:26:21:42 | JvmName | def.kt:0:0:0:0 | "a" |
+| def.kt:23:1:23:8 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:38:1:38:17 | Annot0k | def.kt:0:0:0:0 | 1 |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | 2 |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | "ab" |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | Annot0k |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | X.class |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | Y.B |
+| def.kt:39:1:39:40 | Annot1k | def.kt:0:0:0:0 | {...} |
+| def.kt:41:5:41:12 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:45:1:45:8 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:46:21:46:28 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:54:1:54:12 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:55:1:55:12 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:56:1:56:14 | Annot0k | def.kt:0:0:0:0 | 0 |
+| def.kt:59:5:59:21 | Annot0k | def.kt:0:0:0:0 | 0 |
+| use.java:10:5:10:21 | Annot0j | use.java:10:20:10:20 | 1 |
+| use.java:11:5:11:90 | Annot1j | use.java:11:18:11:18 | 1 |
+| use.java:11:5:11:90 | Annot1j | use.java:11:25:11:28 | "ac" |
+| use.java:11:5:11:90 | Annot1j | use.java:11:35:11:41 | X.class |
+| use.java:11:5:11:90 | Annot1j | use.java:11:48:11:50 | Y.B |
+| use.java:11:5:11:90 | Annot1j | use.java:11:57:11:66 | {...} |
+| use.java:11:5:11:90 | Annot1j | use.java:11:73:11:89 | Annot0j |
+| use.java:11:73:11:89 | Annot0j | use.java:11:88:11:88 | 2 |
+| use.java:12:5:12:19 | Annot0k | use.java:12:18:12:18 | 1 |
+| use.java:13:5:13:88 | Annot1k | use.java:13:18:13:18 | 1 |
+| use.java:13:5:13:88 | Annot1k | use.java:13:25:13:28 | "ac" |
+| use.java:13:5:13:88 | Annot1k | use.java:13:35:13:41 | X.class |
+| use.java:13:5:13:88 | Annot1k | use.java:13:48:13:50 | Y.B |
+| use.java:13:5:13:88 | Annot1k | use.java:13:57:13:66 | {...} |
+| use.java:13:5:13:88 | Annot1k | use.java:13:73:13:87 | Annot0k |
+| use.java:13:73:13:87 | Annot0k | use.java:13:86:13:86 | 2 |
+#select
+| Annot0j.java:1:19:1:25 | Annot0j | Interface |
+| Annot1j.java:1:19:1:25 | Annot1j | Interface |
+| def.kt:0:0:0:0 | DefKt | Class |
+| def.kt:5:1:21:60 | Annot0k | Interface |
+| def.kt:23:1:31:1 | Annot1k | Interface |
+| def.kt:33:1:33:10 | X | Class |
+| def.kt:34:1:36:1 | Y | Class |
+| def.kt:38:1:43:1 | Z | Class |
+| use.java:1:14:1:16 | use | Class |
+| use.java:14:18:14:18 | Z | Class |
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/classes.ql b/java/ql/test/kotlin/library-tests/annotation_classes/classes.ql
index 652ab21520f..936165cf023 100644
--- a/java/ql/test/kotlin/library-tests/annotation_classes/classes.ql
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/classes.ql
@@ -3,3 +3,18 @@ import java
 from ClassOrInterface x
 where x.fromSource()
 select x, x.getPrimaryQlClasses()
+
+query predicate annotationDeclarations(AnnotationType at, AnnotationElement ae) {
+  at.fromSource() and
+  at.getAnAnnotationElement() = ae
+}
+
+query predicate annotations(Annotation a, Element e, AnnotationType at) {
+  at.fromSource() and
+  a.getAnnotatedElement() = e and
+  at = a.getType()
+}
+
+query predicate annotationValues(Annotation a, Expr v) {
+  a.getValue(_) = v and v.getFile().isSourceFile()
+}
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/def.kt b/java/ql/test/kotlin/library-tests/annotation_classes/def.kt
index 46c2c2055d4..f499d1026fc 100644
--- a/java/ql/test/kotlin/library-tests/annotation_classes/def.kt
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/def.kt
@@ -1,5 +1,62 @@
+@file:Annot0k
 
-annotation class SomeAnnotation
+import kotlin.reflect.KClass
 
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
+@Target(AnnotationTarget.CLASS,
+    AnnotationTarget.ANNOTATION_CLASS,
+    AnnotationTarget.TYPE_PARAMETER,
+    AnnotationTarget.PROPERTY,
+    AnnotationTarget.FIELD,
+    AnnotationTarget.LOCAL_VARIABLE,    // TODO
+    AnnotationTarget.VALUE_PARAMETER,
+    AnnotationTarget.CONSTRUCTOR,
+    AnnotationTarget.FUNCTION,
+    AnnotationTarget.PROPERTY_GETTER,
+    AnnotationTarget.PROPERTY_SETTER,
+    AnnotationTarget.TYPE,              // TODO
+    //AnnotationTarget.EXPRESSION,      // TODO
+    AnnotationTarget.FILE,              // TODO
+    AnnotationTarget.TYPEALIAS          // TODO
+)
+annotation class Annot0k(@get:JvmName("a") val abc: Int = 0)
+
+@Annot0k
+annotation class Annot1k(
+    val a: Int = 2,
+    val b: String = "ab",
+    val c: KClass<*> = X::class,
+    val d: Y = Y.A,
+    val e: Array<Y> = [Y.A, Y.B],
+    val f: Annot0k = Annot0k(1)
+)
+
+class X {}
+enum class Y {
+    A,B,C
+}
+
+@Annot0k(abc = 1)
+@Annot1k(d = Y.B, e = arrayOf(Y.C, Y.A))
+class Z {
+    @Annot0k
+    constructor(){}
+}
+
+@Annot0k
+fun <@Annot0k T> fn(@Annot0k a: Annot0k) {
+    println(a.abc)
+
+    @Annot0k
+    var x = 10
+}
+
+@Annot0k
+@get:Annot0k
+@set:Annot0k
+@field:Annot0k
+var p: @Annot0k Int = 5
+
+fun @receiver:Annot0k String.myExtension() { }
+
+@Annot0k
+typealias AAA = Z
diff --git a/java/ql/test/kotlin/library-tests/annotation_classes/use.java b/java/ql/test/kotlin/library-tests/annotation_classes/use.java
index b848298e1ff..ec0dd0fa447 100644
--- a/java/ql/test/kotlin/library-tests/annotation_classes/use.java
+++ b/java/ql/test/kotlin/library-tests/annotation_classes/use.java
@@ -1,3 +1,15 @@
+public class use implements Annot0k {
+    @Override
+    public int a() { return 1; }
 
-public abstract class use implements SomeAnnotation {}
+    @Override
+    public Class<? extends java.lang.annotation.Annotation> annotationType() {
+        return null;
+    }
 
+    @Annot0j(abc = 1)
+    @Annot1j(a = 1, b = "ac", c = X.class, d = Y.B, e = {Y.C, Y.A}, f = @Annot0j(abc = 2))
+    @Annot0k(a = 1)
+    @Annot1k(a = 1, b = "ac", c = X.class, d = Y.B, e = {Y.C, Y.A}, f = @Annot0k(a = 2))
+    public class Z { }
+}
diff --git a/java/ql/test/kotlin/library-tests/annotations/jvmName/test.kt b/java/ql/test/kotlin/library-tests/annotations/jvmName/test.kt
index b4a4bcf38be..eea98625d5c 100644
--- a/java/ql/test/kotlin/library-tests/annotations/jvmName/test.kt
+++ b/java/ql/test/kotlin/library-tests/annotations/jvmName/test.kt
@@ -16,11 +16,3 @@ class X {
 annotation class Ann(
     val p: Int,
     @get:JvmName("w") val q: Int)
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Incomplete annotation: @kotlin.jvm.JvmName(name="changeY")
-// Diagnostic Matches: Incomplete annotation: @kotlin.jvm.JvmName(name="getX_prop")
-// Diagnostic Matches: Incomplete annotation: @kotlin.jvm.JvmName(name="method")
-// Diagnostic Matches: Incomplete annotation: @kotlin.jvm.JvmName(name="y")
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Unknown location for kotlin.jvm.JvmName
diff --git a/java/ql/test/kotlin/library-tests/arrays-with-variances/takesArrayList.kt b/java/ql/test/kotlin/library-tests/arrays-with-variances/takesArrayList.kt
index 7f529df2dc9..1278d866d84 100644
--- a/java/ql/test/kotlin/library-tests/arrays-with-variances/takesArrayList.kt
+++ b/java/ql/test/kotlin/library-tests/arrays-with-variances/takesArrayList.kt
@@ -110,8 +110,3 @@ public class TakesArrayList {
   fun inInArrayComparableAny(c: Comparable<Array<in Array<in Any>>>) { }
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.NotNull
diff --git a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected
index 698a4f874c9..6f19fb37fee 100644
--- a/java/ql/test/kotlin/library-tests/classes/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/classes/PrintAst.expected
@@ -138,14 +138,14 @@ classes.kt:
 #   39|           0: [ExprStmt] <Expr>;
 #   39|             0: [MethodAccess] f(...)
 #   39|               -1: [TypeAccess] ClassesKt
-#   39|               0: [StringLiteral] init1
+#   39|               0: [StringLiteral] "init1"
 #   42|           1: [ExprStmt] <Expr>;
 #   42|             0: [KtInitializerAssignExpr] ...=...
 #   42|               0: [VarAccess] x
 #   45|           2: [ExprStmt] <Expr>;
 #   45|             0: [MethodAccess] f(...)
 #   45|               -1: [TypeAccess] ClassesKt
-#   45|               0: [StringLiteral] init2
+#   45|               0: [StringLiteral] "init2"
 #   36|         2: [ExprStmt] <Expr>;
 #   36|           0: [MethodAccess] f(...)
 #   36|             -1: [TypeAccess] ClassesKt
@@ -1119,7 +1119,7 @@ local_anonymous.kt:
 #   40|                   1: [BlockStmt] { ... }
 #   42|                     0: [LocalVariableDeclStmt] var ...;
 #   42|                       1: [LocalVariableDeclExpr] answer
-#   42|                         0: [StringLiteral] 42
+#   42|                         0: [StringLiteral] "42"
 #   40|           1: [ExprStmt] <Expr>;
 #   40|             0: [ClassInstanceExpr] new (...)
 #   40|               -3: [TypeAccess] Interface2
diff --git a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected
index 99312685a0e..cbcabc82bd5 100644
--- a/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/collection-literals/PrintAst.expected
@@ -1,84 +1,12 @@
 test.kt:
 #    0| [CompilationUnit] test
 #    1|   1: [Interface] Ann
-#    1|     1: [Constructor] Ann
-#-----|       4: (Parameters)
-#    1|         0: [Parameter] arr1
-#    1|           0: [TypeAccess] String[]
-#    1|             0: [TypeAccess] String
-#    1|         1: [Parameter] arr2
-#    1|           0: [TypeAccess] int[]
-#    1|       5: [BlockStmt] { ... }
-#    1|         0: [SuperConstructorInvocationStmt] super(...)
-#    1|         1: [BlockStmt] { ... }
-#    1|           0: [ExprStmt] <Expr>;
-#    1|             0: [KtInitializerAssignExpr] ...=...
-#    1|               0: [VarAccess] arr1
-#    1|           1: [ExprStmt] <Expr>;
-#    1|             0: [KtInitializerAssignExpr] ...=...
-#    1|               0: [VarAccess] arr2
-#    1|     2: [Constructor] Ann
-#-----|       4: (Parameters)
-#    1|         0: [Parameter] p0
-#    1|           0: [TypeAccess] String[]
-#    1|         1: [Parameter] p1
-#    1|           0: [TypeAccess] int[]
-#    1|         2: [Parameter] p2
-#    1|           0: [TypeAccess] int
-#    1|         3: [Parameter] p3
-#    1|           0: [TypeAccess] DefaultConstructorMarker
-#    1|       5: [BlockStmt] { ... }
-#    1|         0: [IfStmt] if (...)
-#    1|           0: [EQExpr] ... == ...
-#    1|             0: [AndBitwiseExpr] ... & ...
-#    1|               0: [IntegerLiteral] 1
-#    1|               1: [VarAccess] p2
-#    1|             1: [IntegerLiteral] 0
-#    1|           1: [ExprStmt] <Expr>;
-#    1|             0: [AssignExpr] ...=...
-#    1|               0: [VarAccess] p0
-#    0|               1: [ArrayCreationExpr] new String[]
-#    0|                 -2: [ArrayInit] {...}
-#    0|                   0: [StringLiteral] hello
-#    0|                   1: [StringLiteral] world
-#    0|                 -1: [TypeAccess] String
-#    0|                 0: [IntegerLiteral] 2
-#    1|         1: [IfStmt] if (...)
-#    1|           0: [EQExpr] ... == ...
-#    1|             0: [AndBitwiseExpr] ... & ...
-#    1|               0: [IntegerLiteral] 2
-#    1|               1: [VarAccess] p2
-#    1|             1: [IntegerLiteral] 0
-#    1|           1: [ExprStmt] <Expr>;
-#    1|             0: [AssignExpr] ...=...
-#    1|               0: [VarAccess] p1
-#    0|               1: [ArrayCreationExpr] new int[]
-#    0|                 -2: [ArrayInit] {...}
-#    0|                   0: [IntegerLiteral] 1
-#    0|                   1: [IntegerLiteral] 2
-#    0|                   2: [IntegerLiteral] 3
-#    0|                 -1: [TypeAccess] int
-#    0|                 0: [IntegerLiteral] 3
-#    1|         2: [ThisConstructorInvocationStmt] this(...)
-#    1|           0: [VarAccess] p0
-#    1|           1: [VarAccess] p1
-#    1|     3: [FieldDeclaration] String[] arr1;
-#    1|       -1: [TypeAccess] String[]
-#    1|         0: [TypeAccess] String
-#    1|       0: [VarAccess] arr1
-#    1|     4: [Method] arr1
+#-----|     -3: (Annotations)
+#    0|       1: [Annotation] Retention
+#    0|         1: [VarAccess] RetentionPolicy.RUNTIME
+#    0|           -1: [TypeAccess] RetentionPolicy
+#    1|     1: [Method] arr1
 #    1|       3: [TypeAccess] String[]
 #    1|         0: [TypeAccess] String
-#    1|       5: [BlockStmt] { ... }
-#    1|         0: [ReturnStmt] return ...
-#    1|           0: [VarAccess] this.arr1
-#    1|             -1: [ThisAccess] this
-#    1|     5: [Method] arr2
+#    1|     2: [Method] arr2
 #    1|       3: [TypeAccess] int[]
-#    1|       5: [BlockStmt] { ... }
-#    1|         0: [ReturnStmt] return ...
-#    1|           0: [VarAccess] this.arr2
-#    1|             -1: [ThisAccess] this
-#    1|     6: [FieldDeclaration] int[] arr2;
-#    1|       -1: [TypeAccess] int[]
-#    1|       0: [VarAccess] arr2
diff --git a/java/ql/test/kotlin/library-tests/comments/comments.expected b/java/ql/test/kotlin/library-tests/comments/comments.expected
index f37e8322feb..7bd80ec0ed0 100644
--- a/java/ql/test/kotlin/library-tests/comments/comments.expected
+++ b/java/ql/test/kotlin/library-tests/comments/comments.expected
@@ -25,7 +25,6 @@ commentOwners
 | comments.kt:19:5:22:7 | /**\n     * Adds a [member] to this group.\n     * @return the new size of the group.\n     */ | comments.kt:23:5:26:5 | add |
 | comments.kt:35:5:35:34 | /** Medium is in the middle */ | comments.kt:36:5:36:14 | Medium |
 | comments.kt:37:5:37:23 | /** This is high */ | comments.kt:38:5:38:11 | High |
-| comments.kt:42:5:44:7 | /**\n     * A variable.\n     */ | comments.kt:45:5:45:13 | int a |
 | comments.kt:48:1:50:3 | /**\n * A type alias comment\n */ | comments.kt:51:1:51:24 | MyType |
 | comments.kt:54:5:56:7 | /**\n     * An init block comment\n     */ | comments.kt:53:1:58:1 | InitBlock |
 | comments.kt:61:5:63:7 | /**\n     * A prop comment\n     */ | comments.kt:64:5:68:17 | prop |
@@ -40,6 +39,7 @@ commentNoOwners
 | comments.kt:1:1:1:25 | /** Kdoc with no owner */ |
 | comments.kt:24:9:24:25 | // A line comment |
 | comments.kt:28:5:30:6 | /*\n    A block comment\n    */ |
+| comments.kt:42:5:44:7 | /**\n     * A variable.\n     */ |
 | comments.kt:95:1:95:163 | // Diagnostic Matches: % Couldn't get owner of KDoc. The comment is extracted without an owner.  ...while extracting a file (comments.kt) at %comments.kt:1:1:96:0% |
 commentSections
 | comments.kt:1:1:1:25 | /** Kdoc with no owner */ | Kdoc with no owner |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/bbStmts.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/bbStmts.expected
index 4e0724fca1f..767e68d2f75 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/bbStmts.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/bbStmts.expected
@@ -4,18 +4,18 @@
 | Test.kt:3:1:80:1 | { ... } | 3 | Test.kt:3:8:80:1 | Test |
 | Test.kt:4:2:79:2 | test | 0 | Test.kt:4:2:79:2 | test |
 | Test.kt:4:13:79:2 | { ... } | 0 | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:4:13:79:2 | { ... } | 1 | Test.kt:5:3:5:16 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | 1 | Test.kt:5:7:5:7 | var ...; |
 | Test.kt:4:13:79:2 | { ... } | 2 | Test.kt:5:16:5:16 | 0 |
-| Test.kt:4:13:79:2 | { ... } | 3 | Test.kt:5:3:5:16 | x |
-| Test.kt:4:13:79:2 | { ... } | 4 | Test.kt:6:3:6:18 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | 3 | Test.kt:5:7:5:7 | x |
+| Test.kt:4:13:79:2 | { ... } | 4 | Test.kt:6:7:6:7 | var ...; |
 | Test.kt:4:13:79:2 | { ... } | 5 | Test.kt:6:17:6:18 | 50 |
-| Test.kt:4:13:79:2 | { ... } | 6 | Test.kt:6:3:6:18 | y |
-| Test.kt:4:13:79:2 | { ... } | 7 | Test.kt:7:3:7:16 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | 6 | Test.kt:6:7:6:7 | y |
+| Test.kt:4:13:79:2 | { ... } | 7 | Test.kt:7:7:7:7 | var ...; |
 | Test.kt:4:13:79:2 | { ... } | 8 | Test.kt:7:16:7:16 | 0 |
-| Test.kt:4:13:79:2 | { ... } | 9 | Test.kt:7:3:7:16 | z |
-| Test.kt:4:13:79:2 | { ... } | 10 | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | 9 | Test.kt:7:7:7:7 | z |
+| Test.kt:4:13:79:2 | { ... } | 10 | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:4:13:79:2 | { ... } | 11 | Test.kt:8:16:8:16 | 0 |
-| Test.kt:4:13:79:2 | { ... } | 12 | Test.kt:8:3:8:16 | w |
+| Test.kt:4:13:79:2 | { ... } | 12 | Test.kt:8:7:8:7 | w |
 | Test.kt:4:13:79:2 | { ... } | 13 | Test.kt:11:3:16:3 | <Expr>; |
 | Test.kt:4:13:79:2 | { ... } | 14 | Test.kt:11:3:16:3 | when ... |
 | Test.kt:4:13:79:2 | { ... } | 15 | Test.kt:11:3:16:3 | ... -> ... |
@@ -106,12 +106,12 @@
 | Test.kt:82:21:89:1 | { ... } | 0 | Test.kt:82:21:89:1 | { ... } |
 | Test.kt:82:21:89:1 | { ... } | 1 | Test.kt:83:2:88:2 | try ... |
 | Test.kt:82:21:89:1 | { ... } | 2 | Test.kt:83:6:86:2 | { ... } |
-| Test.kt:82:21:89:1 | { ... } | 3 | Test.kt:84:3:84:18 | var ...; |
+| Test.kt:82:21:89:1 | { ... } | 3 | Test.kt:84:7:84:7 | var ...; |
 | Test.kt:82:21:89:1 | { ... } | 4 | Test.kt:84:11:84:11 | o |
 | Test.kt:82:21:89:1 | { ... } | 5 | Test.kt:84:11:84:18 | (...)... |
-| Test.kt:84:3:84:18 | x | 0 | Test.kt:84:3:84:18 | x |
-| Test.kt:84:3:84:18 | x | 1 | Test.kt:85:10:85:10 | 1 |
-| Test.kt:84:3:84:18 | x | 2 | Test.kt:85:3:85:10 | return ... |
+| Test.kt:84:7:84:7 | x | 0 | Test.kt:84:7:84:7 | x |
+| Test.kt:84:7:84:7 | x | 1 | Test.kt:85:10:85:10 | 1 |
+| Test.kt:84:7:84:7 | x | 2 | Test.kt:85:3:85:10 | return ... |
 | Test.kt:86:4:88:2 | catch (...) | 0 | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:86:4:88:2 | catch (...) | 1 | Test.kt:86:11:86:31 | e |
 | Test.kt:86:4:88:2 | catch (...) | 2 | Test.kt:86:34:88:2 | { ... } |
@@ -121,12 +121,12 @@
 | Test.kt:91:22:98:1 | { ... } | 0 | Test.kt:91:22:98:1 | { ... } |
 | Test.kt:91:22:98:1 | { ... } | 1 | Test.kt:92:2:97:2 | try ... |
 | Test.kt:91:22:98:1 | { ... } | 2 | Test.kt:92:6:95:2 | { ... } |
-| Test.kt:91:22:98:1 | { ... } | 3 | Test.kt:93:3:93:13 | var ...; |
+| Test.kt:91:22:98:1 | { ... } | 3 | Test.kt:93:7:93:7 | var ...; |
 | Test.kt:91:22:98:1 | { ... } | 4 | Test.kt:93:11:93:11 | o |
 | Test.kt:91:22:98:1 | { ... } | 5 | Test.kt:93:12:93:13 | ...!! |
-| Test.kt:93:3:93:13 | x | 0 | Test.kt:93:3:93:13 | x |
-| Test.kt:93:3:93:13 | x | 1 | Test.kt:94:10:94:10 | 1 |
-| Test.kt:93:3:93:13 | x | 2 | Test.kt:94:3:94:10 | return ... |
+| Test.kt:93:7:93:7 | x | 0 | Test.kt:93:7:93:7 | x |
+| Test.kt:93:7:93:7 | x | 1 | Test.kt:94:10:94:10 | 1 |
+| Test.kt:93:7:93:7 | x | 2 | Test.kt:94:3:94:10 | return ... |
 | Test.kt:95:4:97:2 | catch (...) | 0 | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:95:4:97:2 | catch (...) | 1 | Test.kt:95:11:95:33 | e |
 | Test.kt:95:4:97:2 | catch (...) | 2 | Test.kt:95:36:97:2 | { ... } |
@@ -155,7 +155,7 @@
 | Test.kt:105:5:109:5 | <Expr>; | 5 | Test.kt:105:9:105:17 | ... (value not-equals) ... |
 | Test.kt:105:20:107:5 | { ... } | 0 | Test.kt:105:20:107:5 | { ... } |
 | Test.kt:105:20:107:5 | { ... } | 1 | Test.kt:106:9:106:29 | <Expr>; |
-| Test.kt:105:20:107:5 | { ... } | 2 | Test.kt:106:18:106:27 | x not null |
+| Test.kt:105:20:107:5 | { ... } | 2 | Test.kt:106:18:106:27 | "x not null" |
 | Test.kt:105:20:107:5 | { ... } | 3 | Test.kt:106:9:106:29 | println(...) |
 | Test.kt:107:16:109:5 | ... -> ... | 0 | Test.kt:107:16:109:5 | ... -> ... |
 | Test.kt:107:16:109:5 | ... -> ... | 1 | Test.kt:107:16:107:16 | y |
@@ -163,7 +163,7 @@
 | Test.kt:107:16:109:5 | ... -> ... | 3 | Test.kt:107:16:107:24 | ... (value not-equals) ... |
 | Test.kt:107:27:109:5 | { ... } | 0 | Test.kt:107:27:109:5 | { ... } |
 | Test.kt:107:27:109:5 | { ... } | 1 | Test.kt:108:9:108:29 | <Expr>; |
-| Test.kt:107:27:109:5 | { ... } | 2 | Test.kt:108:18:108:27 | y not null |
+| Test.kt:107:27:109:5 | { ... } | 2 | Test.kt:108:18:108:27 | "y not null" |
 | Test.kt:107:27:109:5 | { ... } | 3 | Test.kt:108:9:108:29 | println(...) |
 | Test.kt:112:1:116:1 | fn | 0 | Test.kt:112:1:116:1 | fn |
 | Test.kt:112:32:116:1 | { ... } | 0 | Test.kt:112:32:116:1 | { ... } |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/bbStrictDominance.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/bbStrictDominance.expected
index bea96c9445f..90c7d07b8c3 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/bbStrictDominance.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/bbStrictDominance.expected
@@ -28,10 +28,10 @@
 | Test.kt:38:9:38:9 | x | Test.kt:38:16:41:3 | { ... } |
 | Test.kt:38:9:38:9 | x | Test.kt:43:3:43:3 | <Expr>; |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:82:1:89:1 | t1 |
-| Test.kt:82:21:89:1 | { ... } | Test.kt:84:3:84:18 | x |
+| Test.kt:82:21:89:1 | { ... } | Test.kt:84:7:84:7 | x |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:91:1:98:1 | t2 |
-| Test.kt:91:22:98:1 | { ... } | Test.kt:93:3:93:13 | x |
+| Test.kt:91:22:98:1 | { ... } | Test.kt:93:7:93:7 | x |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:100:25:110:1 | { ... } | Test.kt:100:1:110:1 | fn |
 | Test.kt:100:25:110:1 | { ... } | Test.kt:101:22:101:22 | y |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/bbSuccessor.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/bbSuccessor.expected
index 512a6907e2a..35c28b25b91 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/bbSuccessor.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/bbSuccessor.expected
@@ -13,13 +13,13 @@
 | Test.kt:38:9:38:9 | x | Test.kt:43:3:43:3 | <Expr>; |
 | Test.kt:38:16:41:3 | { ... } | Test.kt:38:9:38:9 | x |
 | Test.kt:43:3:43:3 | <Expr>; | Test.kt:4:2:79:2 | test |
-| Test.kt:82:21:89:1 | { ... } | Test.kt:84:3:84:18 | x |
+| Test.kt:82:21:89:1 | { ... } | Test.kt:84:7:84:7 | x |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:86:4:88:2 | catch (...) |
-| Test.kt:84:3:84:18 | x | Test.kt:82:1:89:1 | t1 |
+| Test.kt:84:7:84:7 | x | Test.kt:82:1:89:1 | t1 |
 | Test.kt:86:4:88:2 | catch (...) | Test.kt:82:1:89:1 | t1 |
-| Test.kt:91:22:98:1 | { ... } | Test.kt:93:3:93:13 | x |
+| Test.kt:91:22:98:1 | { ... } | Test.kt:93:7:93:7 | x |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:95:4:97:2 | catch (...) |
-| Test.kt:93:3:93:13 | x | Test.kt:91:1:98:1 | t2 |
+| Test.kt:93:7:93:7 | x | Test.kt:91:1:98:1 | t2 |
 | Test.kt:95:4:97:2 | catch (...) | Test.kt:91:1:98:1 | t2 |
 | Test.kt:100:25:110:1 | { ... } | Test.kt:101:22:101:22 | y |
 | Test.kt:100:25:110:1 | { ... } | Test.kt:105:5:109:5 | <Expr>; |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/getASuccessor.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/getASuccessor.expected
index bba6e9cbae7..36544bd2d93 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/getASuccessor.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/getASuccessor.expected
@@ -8,23 +8,23 @@ missingSuccessor
 | Test.kt:3:8:80:1 | { ... } | BlockStmt | Test.kt:3:8:80:1 | Test | Constructor |
 | Test.kt:4:2:79:2 | Unit | TypeAccess | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:4:2:79:2 | test | Method | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:4:13:79:2 | { ... } | BlockStmt | Test.kt:5:3:5:16 | var ...; | LocalVariableDeclStmt |
-| Test.kt:5:3:5:16 | int x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:5:3:5:16 | var ...; | LocalVariableDeclStmt | Test.kt:5:16:5:16 | 0 | IntegerLiteral |
-| Test.kt:5:3:5:16 | x | LocalVariableDeclExpr | Test.kt:6:3:6:18 | var ...; | LocalVariableDeclStmt |
-| Test.kt:5:16:5:16 | 0 | IntegerLiteral | Test.kt:5:3:5:16 | x | LocalVariableDeclExpr |
-| Test.kt:6:3:6:18 | long y | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:6:3:6:18 | var ...; | LocalVariableDeclStmt | Test.kt:6:17:6:18 | 50 | LongLiteral |
-| Test.kt:6:3:6:18 | y | LocalVariableDeclExpr | Test.kt:7:3:7:16 | var ...; | LocalVariableDeclStmt |
-| Test.kt:6:17:6:18 | 50 | LongLiteral | Test.kt:6:3:6:18 | y | LocalVariableDeclExpr |
-| Test.kt:7:3:7:16 | int z | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:7:3:7:16 | var ...; | LocalVariableDeclStmt | Test.kt:7:16:7:16 | 0 | IntegerLiteral |
-| Test.kt:7:3:7:16 | z | LocalVariableDeclExpr | Test.kt:8:3:8:16 | var ...; | LocalVariableDeclStmt |
-| Test.kt:7:16:7:16 | 0 | IntegerLiteral | Test.kt:7:3:7:16 | z | LocalVariableDeclExpr |
-| Test.kt:8:3:8:16 | int w | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:8:3:8:16 | var ...; | LocalVariableDeclStmt | Test.kt:8:16:8:16 | 0 | IntegerLiteral |
-| Test.kt:8:3:8:16 | w | LocalVariableDeclExpr | Test.kt:11:3:16:3 | <Expr>; | ExprStmt |
-| Test.kt:8:16:8:16 | 0 | IntegerLiteral | Test.kt:8:3:8:16 | w | LocalVariableDeclExpr |
+| Test.kt:4:13:79:2 | { ... } | BlockStmt | Test.kt:5:7:5:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:5:7:5:7 | int x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:5:7:5:7 | var ...; | LocalVariableDeclStmt | Test.kt:5:16:5:16 | 0 | IntegerLiteral |
+| Test.kt:5:7:5:7 | x | LocalVariableDeclExpr | Test.kt:6:7:6:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:5:16:5:16 | 0 | IntegerLiteral | Test.kt:5:7:5:7 | x | LocalVariableDeclExpr |
+| Test.kt:6:7:6:7 | long y | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:6:7:6:7 | var ...; | LocalVariableDeclStmt | Test.kt:6:17:6:18 | 50 | LongLiteral |
+| Test.kt:6:7:6:7 | y | LocalVariableDeclExpr | Test.kt:7:7:7:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:6:17:6:18 | 50 | LongLiteral | Test.kt:6:7:6:7 | y | LocalVariableDeclExpr |
+| Test.kt:7:7:7:7 | int z | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:7:7:7:7 | var ...; | LocalVariableDeclStmt | Test.kt:7:16:7:16 | 0 | IntegerLiteral |
+| Test.kt:7:7:7:7 | z | LocalVariableDeclExpr | Test.kt:8:7:8:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:7:16:7:16 | 0 | IntegerLiteral | Test.kt:7:7:7:7 | z | LocalVariableDeclExpr |
+| Test.kt:8:7:8:7 | int w | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:8:7:8:7 | var ...; | LocalVariableDeclStmt | Test.kt:8:16:8:16 | 0 | IntegerLiteral |
+| Test.kt:8:7:8:7 | w | LocalVariableDeclExpr | Test.kt:11:3:16:3 | <Expr>; | ExprStmt |
+| Test.kt:8:16:8:16 | 0 | IntegerLiteral | Test.kt:8:7:8:7 | w | LocalVariableDeclExpr |
 | Test.kt:11:3:16:3 | ... -> ... | WhenBranch | Test.kt:11:3:16:3 | true | BooleanLiteral |
 | Test.kt:11:3:16:3 | ... -> ... | WhenBranch | Test.kt:11:7:11:7 | x | VarAccess |
 | Test.kt:11:3:16:3 | <Expr>; | ExprStmt | Test.kt:11:3:16:3 | when ... | WhenExpr |
@@ -137,12 +137,12 @@ missingSuccessor
 | Test.kt:82:8:82:13 | o | Parameter | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:82:21:89:1 | { ... } | BlockStmt | Test.kt:83:2:88:2 | try ... | TryStmt |
 | Test.kt:83:2:88:2 | try ... | TryStmt | Test.kt:83:6:86:2 | { ... } | BlockStmt |
-| Test.kt:83:6:86:2 | { ... } | BlockStmt | Test.kt:84:3:84:18 | var ...; | LocalVariableDeclStmt |
-| Test.kt:84:3:84:18 | int x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:84:3:84:18 | var ...; | LocalVariableDeclStmt | Test.kt:84:11:84:11 | o | VarAccess |
-| Test.kt:84:3:84:18 | x | LocalVariableDeclExpr | Test.kt:85:10:85:10 | 1 | IntegerLiteral |
+| Test.kt:83:6:86:2 | { ... } | BlockStmt | Test.kt:84:7:84:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:84:7:84:7 | int x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:84:7:84:7 | var ...; | LocalVariableDeclStmt | Test.kt:84:11:84:11 | o | VarAccess |
+| Test.kt:84:7:84:7 | x | LocalVariableDeclExpr | Test.kt:85:10:85:10 | 1 | IntegerLiteral |
 | Test.kt:84:11:84:11 | o | VarAccess | Test.kt:84:11:84:18 | (...)... | CastExpr |
-| Test.kt:84:11:84:18 | (...)... | CastExpr | Test.kt:84:3:84:18 | x | LocalVariableDeclExpr |
+| Test.kt:84:11:84:18 | (...)... | CastExpr | Test.kt:84:7:84:7 | x | LocalVariableDeclExpr |
 | Test.kt:84:11:84:18 | (...)... | CastExpr | Test.kt:86:4:88:2 | catch (...) | CatchClause |
 | Test.kt:84:11:84:18 | int | TypeAccess | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:85:3:85:10 | return ... | ReturnStmt | Test.kt:82:1:89:1 | t1 | Method |
@@ -160,12 +160,12 @@ missingSuccessor
 | Test.kt:91:8:91:14 | o | Parameter | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:91:22:98:1 | { ... } | BlockStmt | Test.kt:92:2:97:2 | try ... | TryStmt |
 | Test.kt:92:2:97:2 | try ... | TryStmt | Test.kt:92:6:95:2 | { ... } | BlockStmt |
-| Test.kt:92:6:95:2 | { ... } | BlockStmt | Test.kt:93:3:93:13 | var ...; | LocalVariableDeclStmt |
-| Test.kt:93:3:93:13 | Object x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
-| Test.kt:93:3:93:13 | var ...; | LocalVariableDeclStmt | Test.kt:93:11:93:11 | o | VarAccess |
-| Test.kt:93:3:93:13 | x | LocalVariableDeclExpr | Test.kt:94:10:94:10 | 1 | IntegerLiteral |
+| Test.kt:92:6:95:2 | { ... } | BlockStmt | Test.kt:93:7:93:7 | var ...; | LocalVariableDeclStmt |
+| Test.kt:93:7:93:7 | Object x | LocalVariableDecl | file://:0:0:0:0 | <none> | <none> |
+| Test.kt:93:7:93:7 | var ...; | LocalVariableDeclStmt | Test.kt:93:11:93:11 | o | VarAccess |
+| Test.kt:93:7:93:7 | x | LocalVariableDeclExpr | Test.kt:94:10:94:10 | 1 | IntegerLiteral |
 | Test.kt:93:11:93:11 | o | VarAccess | Test.kt:93:12:93:13 | ...!! | NotNullExpr |
-| Test.kt:93:12:93:13 | ...!! | NotNullExpr | Test.kt:93:3:93:13 | x | LocalVariableDeclExpr |
+| Test.kt:93:12:93:13 | ...!! | NotNullExpr | Test.kt:93:7:93:7 | x | LocalVariableDeclExpr |
 | Test.kt:93:12:93:13 | ...!! | NotNullExpr | Test.kt:95:4:97:2 | catch (...) | CatchClause |
 | Test.kt:94:3:94:10 | return ... | ReturnStmt | Test.kt:91:1:98:1 | t2 | Method |
 | Test.kt:94:10:94:10 | 1 | IntegerLiteral | Test.kt:94:3:94:10 | return ... | ReturnStmt |
@@ -207,20 +207,20 @@ missingSuccessor
 | Test.kt:105:9:107:5 | ... -> ... | WhenBranch | Test.kt:105:9:105:9 | x | VarAccess |
 | Test.kt:105:14:105:17 | null | NullLiteral | Test.kt:105:9:105:17 | ... (value not-equals) ... | ValueNEExpr |
 | Test.kt:105:20:107:5 | { ... } | BlockStmt | Test.kt:106:9:106:29 | <Expr>; | ExprStmt |
-| Test.kt:106:9:106:29 | <Expr>; | ExprStmt | Test.kt:106:18:106:27 | x not null | StringLiteral |
+| Test.kt:106:9:106:29 | <Expr>; | ExprStmt | Test.kt:106:18:106:27 | "x not null" | StringLiteral |
 | Test.kt:106:9:106:29 | ConsoleKt | TypeAccess | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:106:9:106:29 | println(...) | MethodAccess | Test.kt:100:1:110:1 | fn | Method |
-| Test.kt:106:18:106:27 | x not null | StringLiteral | Test.kt:106:9:106:29 | println(...) | MethodAccess |
+| Test.kt:106:18:106:27 | "x not null" | StringLiteral | Test.kt:106:9:106:29 | println(...) | MethodAccess |
 | Test.kt:107:16:107:16 | y | VarAccess | Test.kt:107:21:107:24 | null | NullLiteral |
 | Test.kt:107:16:107:24 | ... (value not-equals) ... | ValueNEExpr | Test.kt:100:1:110:1 | fn | Method |
 | Test.kt:107:16:107:24 | ... (value not-equals) ... | ValueNEExpr | Test.kt:107:27:109:5 | { ... } | BlockStmt |
 | Test.kt:107:16:109:5 | ... -> ... | WhenBranch | Test.kt:107:16:107:16 | y | VarAccess |
 | Test.kt:107:21:107:24 | null | NullLiteral | Test.kt:107:16:107:24 | ... (value not-equals) ... | ValueNEExpr |
 | Test.kt:107:27:109:5 | { ... } | BlockStmt | Test.kt:108:9:108:29 | <Expr>; | ExprStmt |
-| Test.kt:108:9:108:29 | <Expr>; | ExprStmt | Test.kt:108:18:108:27 | y not null | StringLiteral |
+| Test.kt:108:9:108:29 | <Expr>; | ExprStmt | Test.kt:108:18:108:27 | "y not null" | StringLiteral |
 | Test.kt:108:9:108:29 | ConsoleKt | TypeAccess | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:108:9:108:29 | println(...) | MethodAccess | Test.kt:100:1:110:1 | fn | Method |
-| Test.kt:108:18:108:27 | y not null | StringLiteral | Test.kt:108:9:108:29 | println(...) | MethodAccess |
+| Test.kt:108:18:108:27 | "y not null" | StringLiteral | Test.kt:108:9:108:29 | println(...) | MethodAccess |
 | Test.kt:112:1:116:1 | Unit | TypeAccess | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:112:1:116:1 | fn | Method | file://:0:0:0:0 | <none> | <none> |
 | Test.kt:112:8:112:17 | boolean | TypeAccess | file://:0:0:0:0 | <none> | <none> |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/strictDominance.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/strictDominance.expected
index b48a2016130..e5e94d38421 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/strictDominance.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/strictDominance.expected
@@ -1,10 +1,10 @@
 | Test.kt:3:1:80:1 | super(...) | Test.kt:3:8:80:1 | { ... } |
 | Test.kt:3:1:80:1 | { ... } | Test.kt:3:1:80:1 | super(...) |
 | Test.kt:3:1:80:1 | { ... } | Test.kt:3:8:80:1 | { ... } |
-| Test.kt:4:13:79:2 | { ... } | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:4:13:79:2 | { ... } | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:4:13:79:2 | { ... } | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:4:13:79:2 | { ... } | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:4:13:79:2 | { ... } | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:4:13:79:2 | { ... } | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:4:13:79:2 | { ... } | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:4:13:79:2 | { ... } | Test.kt:11:3:16:3 | <Expr>; |
@@ -38,144 +38,144 @@
 | Test.kt:4:13:79:2 | { ... } | Test.kt:73:3:73:3 | <Expr>; |
 | Test.kt:4:13:79:2 | { ... } | Test.kt:77:3:77:3 | <Expr>; |
 | Test.kt:4:13:79:2 | { ... } | Test.kt:78:3:78:8 | return ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:8:3:8:16 | var ...; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:11:14:14:3 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:14:10:16:3 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:24:4:24:9 | return ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:30:15:33:3 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:38:3:41:3 | while (...) |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:38:16:41:3 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:40:4:40:6 | var ...; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:40:4:40:6 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:78:3:78:8 | return ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:8:3:8:16 | var ...; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:11:14:14:3 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:14:10:16:3 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:24:4:24:9 | return ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:30:15:33:3 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:38:3:41:3 | while (...) |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:38:16:41:3 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:40:4:40:6 | var ...; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:40:4:40:6 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:78:3:78:8 | return ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:8:3:8:16 | var ...; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:11:14:14:3 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:14:10:16:3 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:24:4:24:9 | return ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:30:15:33:3 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:38:3:41:3 | while (...) |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:38:16:41:3 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:40:4:40:6 | var ...; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:40:4:40:6 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:78:3:78:8 | return ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:11:14:14:3 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:14:10:16:3 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:24:4:24:9 | return ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:30:15:33:3 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:38:3:41:3 | while (...) |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:38:16:41:3 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:40:4:40:6 | var ...; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:40:4:40:6 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:78:3:78:8 | return ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:8:7:8:7 | var ...; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:11:14:14:3 | { ... } |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:14:10:16:3 | { ... } |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:24:4:24:9 | return ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:30:15:33:3 | { ... } |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:38:3:41:3 | while (...) |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:38:16:41:3 | { ... } |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:40:4:40:6 | var ...; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:40:4:40:6 | { ... } |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:78:3:78:8 | return ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:8:7:8:7 | var ...; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:11:14:14:3 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:14:10:16:3 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:24:4:24:9 | return ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:30:15:33:3 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:38:3:41:3 | while (...) |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:38:16:41:3 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:40:4:40:6 | var ...; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:40:4:40:6 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:78:3:78:8 | return ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:8:7:8:7 | var ...; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:11:14:14:3 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:14:10:16:3 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:24:4:24:9 | return ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:30:15:33:3 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:38:3:41:3 | while (...) |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:38:16:41:3 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:40:4:40:6 | var ...; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:40:4:40:6 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:78:3:78:8 | return ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:11:3:16:3 | ... -> ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:11:3:16:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:11:14:14:3 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:12:4:12:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:13:4:13:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:14:10:16:3 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:15:4:15:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:18:3:18:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:21:3:24:9 | ... -> ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:21:3:24:9 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:22:4:22:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:24:4:24:9 | return ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:27:3:27:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:30:3:33:3 | ... -> ... |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:30:3:33:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:30:15:33:3 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:31:4:31:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:32:4:32:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:35:3:35:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:38:3:41:3 | while (...) |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:38:16:41:3 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:39:4:39:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:40:4:40:4 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:40:4:40:6 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:40:4:40:6 | var ...; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:40:4:40:6 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:43:3:43:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:73:3:73:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:77:3:77:3 | <Expr>; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:78:3:78:8 | return ... |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:11:14:14:3 | { ... } |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:12:4:12:4 | <Expr>; |
@@ -440,51 +440,51 @@
 | Test.kt:77:3:77:3 | <Expr>; | Test.kt:78:3:78:8 | return ... |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:83:2:88:2 | try ... |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:83:6:86:2 | { ... } |
-| Test.kt:82:21:89:1 | { ... } | Test.kt:84:3:84:18 | var ...; |
+| Test.kt:82:21:89:1 | { ... } | Test.kt:84:7:84:7 | var ...; |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:85:3:85:10 | return ... |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:86:34:88:2 | { ... } |
 | Test.kt:82:21:89:1 | { ... } | Test.kt:87:3:87:10 | return ... |
 | Test.kt:83:2:88:2 | try ... | Test.kt:83:6:86:2 | { ... } |
-| Test.kt:83:2:88:2 | try ... | Test.kt:84:3:84:18 | var ...; |
+| Test.kt:83:2:88:2 | try ... | Test.kt:84:7:84:7 | var ...; |
 | Test.kt:83:2:88:2 | try ... | Test.kt:85:3:85:10 | return ... |
 | Test.kt:83:2:88:2 | try ... | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:83:2:88:2 | try ... | Test.kt:86:34:88:2 | { ... } |
 | Test.kt:83:2:88:2 | try ... | Test.kt:87:3:87:10 | return ... |
-| Test.kt:83:6:86:2 | { ... } | Test.kt:84:3:84:18 | var ...; |
+| Test.kt:83:6:86:2 | { ... } | Test.kt:84:7:84:7 | var ...; |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:85:3:85:10 | return ... |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:86:34:88:2 | { ... } |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:87:3:87:10 | return ... |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:85:3:85:10 | return ... |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:86:4:88:2 | catch (...) |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:86:34:88:2 | { ... } |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:87:3:87:10 | return ... |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:85:3:85:10 | return ... |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:86:4:88:2 | catch (...) |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:86:34:88:2 | { ... } |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:87:3:87:10 | return ... |
 | Test.kt:86:4:88:2 | catch (...) | Test.kt:86:34:88:2 | { ... } |
 | Test.kt:86:4:88:2 | catch (...) | Test.kt:87:3:87:10 | return ... |
 | Test.kt:86:34:88:2 | { ... } | Test.kt:87:3:87:10 | return ... |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:92:2:97:2 | try ... |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:92:6:95:2 | { ... } |
-| Test.kt:91:22:98:1 | { ... } | Test.kt:93:3:93:13 | var ...; |
+| Test.kt:91:22:98:1 | { ... } | Test.kt:93:7:93:7 | var ...; |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:94:3:94:10 | return ... |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:95:36:97:2 | { ... } |
 | Test.kt:91:22:98:1 | { ... } | Test.kt:96:3:96:10 | return ... |
 | Test.kt:92:2:97:2 | try ... | Test.kt:92:6:95:2 | { ... } |
-| Test.kt:92:2:97:2 | try ... | Test.kt:93:3:93:13 | var ...; |
+| Test.kt:92:2:97:2 | try ... | Test.kt:93:7:93:7 | var ...; |
 | Test.kt:92:2:97:2 | try ... | Test.kt:94:3:94:10 | return ... |
 | Test.kt:92:2:97:2 | try ... | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:92:2:97:2 | try ... | Test.kt:95:36:97:2 | { ... } |
 | Test.kt:92:2:97:2 | try ... | Test.kt:96:3:96:10 | return ... |
-| Test.kt:92:6:95:2 | { ... } | Test.kt:93:3:93:13 | var ...; |
+| Test.kt:92:6:95:2 | { ... } | Test.kt:93:7:93:7 | var ...; |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:94:3:94:10 | return ... |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:95:36:97:2 | { ... } |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:96:3:96:10 | return ... |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:94:3:94:10 | return ... |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:95:4:97:2 | catch (...) |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:95:36:97:2 | { ... } |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:96:3:96:10 | return ... |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:94:3:94:10 | return ... |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:95:4:97:2 | catch (...) |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:95:36:97:2 | { ... } |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:96:3:96:10 | return ... |
 | Test.kt:95:4:97:2 | catch (...) | Test.kt:95:36:97:2 | { ... } |
 | Test.kt:95:4:97:2 | catch (...) | Test.kt:96:3:96:10 | return ... |
 | Test.kt:95:36:97:2 | { ... } | Test.kt:96:3:96:10 | return ... |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/basic/strictPostDominance.expected b/java/ql/test/kotlin/library-tests/controlflow/basic/strictPostDominance.expected
index c7d67d9959b..6d47a44d581 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/basic/strictPostDominance.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/basic/strictPostDominance.expected
@@ -1,27 +1,27 @@
 | Test.kt:3:1:80:1 | super(...) | Test.kt:3:1:80:1 | { ... } |
 | Test.kt:3:8:80:1 | { ... } | Test.kt:3:1:80:1 | super(...) |
 | Test.kt:3:8:80:1 | { ... } | Test.kt:3:1:80:1 | { ... } |
-| Test.kt:5:3:5:16 | var ...; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:6:3:6:18 | var ...; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:7:3:7:16 | var ...; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:8:3:8:16 | var ...; | Test.kt:7:3:7:16 | var ...; |
+| Test.kt:5:7:5:7 | var ...; | Test.kt:4:13:79:2 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:4:13:79:2 | { ... } |
+| Test.kt:6:7:6:7 | var ...; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:4:13:79:2 | { ... } |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:4:13:79:2 | { ... } |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:7:7:7:7 | var ...; |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:11:3:16:3 | ... -> ... | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:11:3:16:3 | ... -> ... | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:11:3:16:3 | ... -> ... | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:11:3:16:3 | ... -> ... | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:11:3:16:3 | ... -> ... | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:11:3:16:3 | ... -> ... | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:11:3:16:3 | ... -> ... | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:11:3:16:3 | ... -> ... | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:11:3:16:3 | <Expr>; |
 | Test.kt:11:3:16:3 | <Expr>; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:11:3:16:3 | <Expr>; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:11:3:16:3 | <Expr>; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:11:3:16:3 | <Expr>; | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:11:3:16:3 | <Expr>; | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:11:3:16:3 | <Expr>; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:11:3:16:3 | <Expr>; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:11:3:16:3 | <Expr>; | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:11:3:16:3 | <Expr>; | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:12:4:12:4 | <Expr>; | Test.kt:11:14:14:3 | { ... } |
 | Test.kt:13:4:13:4 | <Expr>; | Test.kt:11:14:14:3 | { ... } |
 | Test.kt:13:4:13:4 | <Expr>; | Test.kt:12:4:12:4 | <Expr>; |
@@ -29,10 +29,10 @@
 | Test.kt:15:4:15:4 | <Expr>; | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:15:4:15:4 | <Expr>; | Test.kt:14:10:16:3 | { ... } |
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:18:3:18:3 | <Expr>; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:18:3:18:3 | <Expr>; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:18:3:18:3 | <Expr>; | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:18:3:18:3 | <Expr>; | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:18:3:18:3 | <Expr>; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:18:3:18:3 | <Expr>; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:18:3:18:3 | <Expr>; | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:18:3:18:3 | <Expr>; | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:11:3:16:3 | <Expr>; |
@@ -42,10 +42,10 @@
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:14:10:16:3 | { ... } |
 | Test.kt:18:3:18:3 | <Expr>; | Test.kt:15:4:15:4 | <Expr>; |
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:21:3:24:9 | ... -> ... | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:21:3:24:9 | ... -> ... | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:21:3:24:9 | ... -> ... | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:21:3:24:9 | ... -> ... | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:21:3:24:9 | ... -> ... | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:21:3:24:9 | ... -> ... | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:21:3:24:9 | ... -> ... | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:21:3:24:9 | ... -> ... | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:11:3:16:3 | <Expr>; |
@@ -57,10 +57,10 @@
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:18:3:18:3 | <Expr>; |
 | Test.kt:21:3:24:9 | ... -> ... | Test.kt:21:3:24:9 | <Expr>; |
 | Test.kt:21:3:24:9 | <Expr>; | Test.kt:4:13:79:2 | { ... } |
-| Test.kt:21:3:24:9 | <Expr>; | Test.kt:5:3:5:16 | var ...; |
-| Test.kt:21:3:24:9 | <Expr>; | Test.kt:6:3:6:18 | var ...; |
-| Test.kt:21:3:24:9 | <Expr>; | Test.kt:7:3:7:16 | var ...; |
-| Test.kt:21:3:24:9 | <Expr>; | Test.kt:8:3:8:16 | var ...; |
+| Test.kt:21:3:24:9 | <Expr>; | Test.kt:5:7:5:7 | var ...; |
+| Test.kt:21:3:24:9 | <Expr>; | Test.kt:6:7:6:7 | var ...; |
+| Test.kt:21:3:24:9 | <Expr>; | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:21:3:24:9 | <Expr>; | Test.kt:8:7:8:7 | var ...; |
 | Test.kt:21:3:24:9 | <Expr>; | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:21:3:24:9 | <Expr>; | Test.kt:11:3:16:3 | ... -> ... |
 | Test.kt:21:3:24:9 | <Expr>; | Test.kt:11:3:16:3 | <Expr>; |
@@ -189,18 +189,18 @@
 | Test.kt:83:2:88:2 | try ... | Test.kt:82:21:89:1 | { ... } |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:82:21:89:1 | { ... } |
 | Test.kt:83:6:86:2 | { ... } | Test.kt:83:2:88:2 | try ... |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:82:21:89:1 | { ... } |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:83:2:88:2 | try ... |
-| Test.kt:84:3:84:18 | var ...; | Test.kt:83:6:86:2 | { ... } |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:82:21:89:1 | { ... } |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:83:2:88:2 | try ... |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:83:6:86:2 | { ... } |
 | Test.kt:86:34:88:2 | { ... } | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:87:3:87:10 | return ... | Test.kt:86:4:88:2 | catch (...) |
 | Test.kt:87:3:87:10 | return ... | Test.kt:86:34:88:2 | { ... } |
 | Test.kt:92:2:97:2 | try ... | Test.kt:91:22:98:1 | { ... } |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:91:22:98:1 | { ... } |
 | Test.kt:92:6:95:2 | { ... } | Test.kt:92:2:97:2 | try ... |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:91:22:98:1 | { ... } |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:92:2:97:2 | try ... |
-| Test.kt:93:3:93:13 | var ...; | Test.kt:92:6:95:2 | { ... } |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:91:22:98:1 | { ... } |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:92:2:97:2 | try ... |
+| Test.kt:93:7:93:7 | var ...; | Test.kt:92:6:95:2 | { ... } |
 | Test.kt:95:36:97:2 | { ... } | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:96:3:96:10 | return ... | Test.kt:95:4:97:2 | catch (...) |
 | Test.kt:96:3:96:10 | return ... | Test.kt:95:36:97:2 | { ... } |
diff --git a/java/ql/test/kotlin/library-tests/controlflow/dominance/dominator.expected b/java/ql/test/kotlin/library-tests/controlflow/dominance/dominator.expected
index e08a5248672..b76a7777a0d 100644
--- a/java/ql/test/kotlin/library-tests/controlflow/dominance/dominator.expected
+++ b/java/ql/test/kotlin/library-tests/controlflow/dominance/dominator.expected
@@ -1,18 +1,18 @@
-| Test.kt:2:43:79:2 | { ... } | Test.kt:3:9:3:18 | var ...; |
-| Test.kt:3:9:3:18 | var ...; | Test.kt:3:17:3:18 | px |
-| Test.kt:3:9:3:18 | x | Test.kt:4:9:4:18 | var ...; |
-| Test.kt:3:17:3:18 | px | Test.kt:3:9:3:18 | x |
-| Test.kt:4:9:4:18 | var ...; | Test.kt:4:17:4:18 | pw |
-| Test.kt:4:9:4:18 | w | Test.kt:5:9:5:18 | var ...; |
-| Test.kt:4:17:4:18 | pw | Test.kt:4:9:4:18 | w |
-| Test.kt:5:9:5:18 | var ...; | Test.kt:5:17:5:18 | pz |
-| Test.kt:5:9:5:18 | z | Test.kt:7:3:7:12 | var ...; |
-| Test.kt:5:17:5:18 | pz | Test.kt:5:9:5:18 | z |
-| Test.kt:7:3:7:12 | j | Test.kt:8:3:8:18 | var ...; |
-| Test.kt:7:3:7:12 | var ...; | Test.kt:7:3:7:12 | j |
-| Test.kt:8:3:8:18 | var ...; | Test.kt:8:17:8:18 | 50 |
-| Test.kt:8:3:8:18 | y | Test.kt:11:3:16:3 | <Expr>; |
-| Test.kt:8:17:8:18 | 50 | Test.kt:8:3:8:18 | y |
+| Test.kt:2:43:79:2 | { ... } | Test.kt:3:13:3:13 | var ...; |
+| Test.kt:3:13:3:13 | var ...; | Test.kt:3:17:3:18 | px |
+| Test.kt:3:13:3:13 | x | Test.kt:4:13:4:13 | var ...; |
+| Test.kt:3:17:3:18 | px | Test.kt:3:13:3:13 | x |
+| Test.kt:4:13:4:13 | var ...; | Test.kt:4:17:4:18 | pw |
+| Test.kt:4:13:4:13 | w | Test.kt:5:13:5:13 | var ...; |
+| Test.kt:4:17:4:18 | pw | Test.kt:4:13:4:13 | w |
+| Test.kt:5:13:5:13 | var ...; | Test.kt:5:17:5:18 | pz |
+| Test.kt:5:13:5:13 | z | Test.kt:7:7:7:7 | var ...; |
+| Test.kt:5:17:5:18 | pz | Test.kt:5:13:5:13 | z |
+| Test.kt:7:7:7:7 | j | Test.kt:8:7:8:7 | var ...; |
+| Test.kt:7:7:7:7 | var ...; | Test.kt:7:7:7:7 | j |
+| Test.kt:8:7:8:7 | var ...; | Test.kt:8:17:8:18 | 50 |
+| Test.kt:8:7:8:7 | y | Test.kt:11:3:16:3 | <Expr>; |
+| Test.kt:8:17:8:18 | 50 | Test.kt:8:7:8:7 | y |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:11:3:16:3 | true |
 | Test.kt:11:3:16:3 | ... -> ... | Test.kt:11:7:11:7 | x |
 | Test.kt:11:3:16:3 | <Expr>; | Test.kt:11:3:16:3 | when ... |
@@ -111,11 +111,11 @@
 | Test.kt:77:3:77:8 | ...=... | Test.kt:78:10:78:10 | w |
 | Test.kt:77:7:77:8 | 40 | Test.kt:77:3:77:8 | ...=... |
 | Test.kt:78:10:78:10 | w | Test.kt:78:3:78:10 | return ... |
-| Test.kt:81:25:98:2 | { ... } | Test.kt:83:3:83:12 | var ...; |
-| Test.kt:83:3:83:12 | b | Test.kt:84:3:84:12 | var ...; |
-| Test.kt:83:3:83:12 | var ...; | Test.kt:83:3:83:12 | b |
-| Test.kt:84:3:84:12 | c | Test.kt:85:3:85:3 | <Expr>; |
-| Test.kt:84:3:84:12 | var ...; | Test.kt:84:3:84:12 | c |
+| Test.kt:81:25:98:2 | { ... } | Test.kt:83:7:83:7 | var ...; |
+| Test.kt:83:7:83:7 | b | Test.kt:84:7:84:7 | var ...; |
+| Test.kt:83:7:83:7 | var ...; | Test.kt:83:7:83:7 | b |
+| Test.kt:84:7:84:7 | c | Test.kt:85:3:85:3 | <Expr>; |
+| Test.kt:84:7:84:7 | var ...; | Test.kt:84:7:84:7 | c |
 | Test.kt:85:3:85:3 | <Expr>; | Test.kt:85:7:85:7 | 0 |
 | Test.kt:85:3:85:7 | ...=... | Test.kt:86:3:96:3 | while (...) |
 | Test.kt:85:7:85:7 | 0 | Test.kt:85:3:85:7 | ...=... |
diff --git a/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected b/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected
index d52888544dc..7ea9b169c7c 100644
--- a/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected
@@ -145,19 +145,19 @@ dc.kt:
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [StringTemplateExpr] "..."
-#    0|             0: [StringLiteral] ProtoMapValue(
-#    0|             1: [StringLiteral] bytes=
+#    0|             0: [StringLiteral] "ProtoMapValue("
+#    0|             1: [StringLiteral] "bytes="
 #    0|             2: [MethodAccess] toString(...)
 #    0|               -1: [TypeAccess] Arrays
 #    0|               0: [VarAccess] this.bytes
 #    0|                 -1: [ThisAccess] this
-#    0|             3: [StringLiteral] , 
-#    0|             4: [StringLiteral] strs=
+#    0|             3: [StringLiteral] ", "
+#    0|             4: [StringLiteral] "strs="
 #    0|             5: [MethodAccess] toString(...)
 #    0|               -1: [TypeAccess] Arrays
 #    0|               0: [VarAccess] this.strs
 #    0|                 -1: [ThisAccess] this
-#    0|             6: [StringLiteral] )
+#    0|             6: [StringLiteral] ")"
 #    1|     8: [Constructor] ProtoMapValue
 #-----|       4: (Parameters)
 #    1|         0: [Parameter] bytes
diff --git a/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql b/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql
index 47f3ce17767..f30061c4f59 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql
@@ -1,6 +1,5 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:extension-method" }
diff --git a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.expected b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.expected
index f204c12ebe2..7c7b382a9ad 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.expected
+++ b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.expected
@@ -2,7 +2,7 @@
 | C1.java:10:44:10:46 | "a" | C1.java:12:17:12:20 | ...[...] |
 | C1.java:10:44:10:46 | "a" | C1.java:15:20:15:23 | ...[...] |
 | C1.java:10:44:10:46 | "a" | C1.java:19:20:19:20 | s |
-| C2.kt:8:32:8:32 | a | C2.kt:9:14:9:14 | l |
-| C2.kt:8:32:8:32 | a | C2.kt:10:14:10:17 | ...[...] |
-| C2.kt:8:32:8:32 | a | C2.kt:12:18:12:21 | ...[...] |
-| C2.kt:8:32:8:32 | a | C2.kt:15:18:15:18 | s |
+| C2.kt:8:32:8:32 | "a" | C2.kt:9:14:9:14 | l |
+| C2.kt:8:32:8:32 | "a" | C2.kt:10:14:10:17 | ...[...] |
+| C2.kt:8:32:8:32 | "a" | C2.kt:12:18:12:21 | ...[...] |
+| C2.kt:8:32:8:32 | "a" | C2.kt:15:18:15:18 | s |
diff --git a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql
index c14c0ca83d2..1b0dc06d7b7 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql
@@ -1,6 +1,5 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:foreach-array-iterator" }
diff --git a/java/ql/test/kotlin/library-tests/dataflow/func/test.ql b/java/ql/test/kotlin/library-tests/dataflow/func/test.ql
index 54971bbddbd..d9753998114 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/func/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/func/test.ql
@@ -1,6 +1,5 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:lambdaFlow" }
diff --git a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml
new file mode 100644
index 00000000000..7e049c5de11
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["", "Uri", False, "getQueryParameter", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql
index 1bb9801bc64..36fae98724c 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql
@@ -1,12 +1,5 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
-
-class Step extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = ";Uri;false;getQueryParameter;;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:notNullExprFlow" }
diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml
new file mode 100644
index 00000000000..7e049c5de11
--- /dev/null
+++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["", "Uri", False, "getQueryParameter", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
index 1bb9801bc64..36fae98724c 100644
--- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
@@ -1,12 +1,5 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
-
-class Step extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = ";Uri;false;getQueryParameter;;;Argument[-1];ReturnValue;taint;manual"
-  }
-}
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:notNullExprFlow" }
diff --git a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected
index f821bdadd5b..78bf583ec0d 100644
--- a/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/exprs/PrintAst.expected
@@ -171,7 +171,7 @@ delegatedProperties.kt:
 #    7|                         0: [ExprStmt] <Expr>;
 #    7|                           0: [MethodAccess] println(...)
 #    7|                             -1: [TypeAccess] ConsoleKt
-#    7|                             0: [StringLiteral] init
+#    7|                             0: [StringLiteral] "init"
 #    8|                         1: [ReturnStmt] return ...
 #    8|                           0: [IntegerLiteral] 5
 #    6|                   -3: [TypeAccess] Function0<Integer>
@@ -2459,10 +2459,10 @@ exprs.kt:
 #  123|             0: [CharacterLiteral] x
 #  124|         106: [LocalVariableDeclStmt] var ...;
 #  124|           1: [LocalVariableDeclExpr] str
-#  124|             0: [StringLiteral] string lit
+#  124|             0: [StringLiteral] "string lit"
 #  125|         107: [LocalVariableDeclStmt] var ...;
 #  125|           1: [LocalVariableDeclExpr] strWithQuote
-#  125|             0: [StringLiteral] string " lit
+#  125|             0: [StringLiteral] "string \" lit"
 #  126|         108: [LocalVariableDeclStmt] var ...;
 #  126|           1: [LocalVariableDeclExpr] b6
 #  126|             0: [InstanceOfExpr] ...instanceof...
@@ -2480,34 +2480,34 @@ exprs.kt:
 #  128|               1: [VarAccess] b7
 #  129|         111: [LocalVariableDeclStmt] var ...;
 #  129|           1: [LocalVariableDeclExpr] str1
-#  129|             0: [StringLiteral] string lit
+#  129|             0: [StringLiteral] "string lit"
 #  130|         112: [LocalVariableDeclStmt] var ...;
 #  130|           1: [LocalVariableDeclExpr] str2
-#  130|             0: [StringLiteral] string lit
+#  130|             0: [StringLiteral] "string lit"
 #  131|         113: [LocalVariableDeclStmt] var ...;
 #  131|           1: [LocalVariableDeclExpr] str3
 #  131|             0: [NullLiteral] null
 #  132|         114: [LocalVariableDeclStmt] var ...;
 #  132|           1: [LocalVariableDeclExpr] str4
 #  132|             0: [StringTemplateExpr] "..."
-#  132|               0: [StringLiteral] foo 
+#  132|               0: [StringLiteral] "foo "
 #  132|               1: [VarAccess] str1
-#  132|               2: [StringLiteral]  bar 
+#  132|               2: [StringLiteral] " bar "
 #  132|               3: [VarAccess] str2
-#  132|               4: [StringLiteral]  baz
+#  132|               4: [StringLiteral] " baz"
 #  133|         115: [LocalVariableDeclStmt] var ...;
 #  133|           1: [LocalVariableDeclExpr] str5
 #  133|             0: [StringTemplateExpr] "..."
-#  133|               0: [StringLiteral] foo 
+#  133|               0: [StringLiteral] "foo "
 #  133|               1: [AddExpr] ... + ...
 #  133|                 0: [VarAccess] str1
 #  133|                 1: [VarAccess] str2
-#  133|               2: [StringLiteral]  bar 
+#  133|               2: [StringLiteral] " bar "
 #  133|               3: [MethodAccess] stringPlus(...)
 #  133|                 -1: [TypeAccess] Intrinsics
 #  133|                 0: [VarAccess] str2
 #  133|                 1: [VarAccess] str1
-#  133|               4: [StringLiteral]  baz
+#  133|               4: [StringLiteral] " baz"
 #  134|         116: [LocalVariableDeclStmt] var ...;
 #  134|           1: [LocalVariableDeclExpr] str6
 #  134|             0: [AddExpr] ... + ...
@@ -3531,12 +3531,12 @@ exprs.kt:
 #  215|           1: [LocalVariableDeclExpr] d0
 #  215|             0: [MethodAccess] valueOf(...)
 #  215|               -1: [TypeAccess] Color
-#  215|               0: [StringLiteral] GREEN
+#  215|               0: [StringLiteral] "GREEN"
 #  216|         8: [LocalVariableDeclStmt] var ...;
 #  216|           1: [LocalVariableDeclExpr] d1
 #  216|             0: [MethodAccess] valueOf(...)
 #  216|               -1: [TypeAccess] Color
-#  216|               0: [StringLiteral] GREEN
+#  216|               0: [StringLiteral] "GREEN"
 #  224|   11: [Class] SomeClass1
 #  224|     1: [Constructor] SomeClass1
 #  224|       5: [BlockStmt] { ... }
@@ -4468,7 +4468,7 @@ funcExprs.kt:
 #   36|                       0: [TypeAccess] int
 #   36|                   5: [BlockStmt] { ... }
 #   36|                     0: [ReturnStmt] return ...
-#   36|                       0: [StringLiteral] 
+#   36|                       0: [StringLiteral] ""
 #   36|               -3: [TypeAccess] FunctionN<String>
 #   36|                 0: [TypeAccess] String
 #   38|         14: [ExprStmt] <Expr>;
@@ -5316,7 +5316,7 @@ funcExprs.kt:
 #   90|                       0: [TypeAccess] int
 #   90|                   5: [BlockStmt] { ... }
 #   90|                     0: [ReturnStmt] return ...
-#   90|                       0: [StringLiteral] 
+#   90|                       0: [StringLiteral] ""
 #   90|               -3: [TypeAccess] FunctionN<String>
 #   90|                 0: [TypeAccess] String
 #   91|         5: [ExprStmt] <Expr>;
@@ -5407,7 +5407,7 @@ funcExprs.kt:
 #   94|                       0: [TypeAccess] int
 #   94|                   5: [BlockStmt] { ... }
 #   94|                     0: [ReturnStmt] return ...
-#   94|                       0: [StringLiteral] 
+#   94|                       0: [StringLiteral] ""
 #   94|               -3: [TypeAccess] Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,String>
 #   94|                 0: [TypeAccess] Integer
 #   94|                 1: [TypeAccess] Integer
@@ -5599,7 +5599,7 @@ funcExprs.kt:
 #   70|           0: [TypeAccess] int
 #   70|       5: [BlockStmt] { ... }
 #   70|         0: [ReturnStmt] return ...
-#   70|           0: [StringLiteral] 
+#   70|           0: [StringLiteral] ""
 #   73|   4: [Class] Class3
 #   73|     3: [Constructor] Class3
 #   73|       5: [BlockStmt] { ... }
@@ -5625,7 +5625,7 @@ funcExprs.kt:
 #   75|                           0: [TypeAccess] Integer
 #   75|                   5: [BlockStmt] { ... }
 #   75|                     0: [ReturnStmt] return ...
-#   75|                       0: [StringLiteral] a
+#   75|                       0: [StringLiteral] "a"
 #   75|               -3: [TypeAccess] Function1<Generic<Generic<Integer>>,String>
 #   75|                 0: [TypeAccess] Generic<Generic<Integer>>
 #   75|                   0: [TypeAccess] Generic<Integer>
@@ -6014,7 +6014,7 @@ samConversion.kt:
 #    7|                         0: [ReturnStmt] return ...
 #    7|                           0: [ValueEQExpr] ... (value equals) ...
 #    7|                             0: [ExtensionReceiverAccess] this
-#    7|                             1: [StringLiteral] 
+#    7|                             1: [StringLiteral] ""
 #    7|                   -3: [TypeAccess] Function2<String,Integer,Boolean>
 #    7|                     0: [TypeAccess] String
 #    7|                     1: [TypeAccess] Integer
@@ -7058,7 +7058,7 @@ whenExpr.kt:
 #    6|                     1: [ThrowStmt] throw ...
 #    6|                       0: [ClassInstanceExpr] new Exception(...)
 #    6|                         -3: [TypeAccess] Exception
-#    6|                         0: [StringLiteral] No threes please
+#    6|                         0: [StringLiteral] "No threes please"
 #    7|                   4: [WhenBranch] ... -> ...
 #    7|                     0: [BooleanLiteral] true
 #    7|                     1: [ExprStmt] <Expr>;
diff --git a/java/ql/test/kotlin/library-tests/exprs/binop.expected b/java/ql/test/kotlin/library-tests/exprs/binop.expected
index 4c08b123a68..f69701028d5 100644
--- a/java/ql/test/kotlin/library-tests/exprs/binop.expected
+++ b/java/ql/test/kotlin/library-tests/exprs/binop.expected
@@ -127,7 +127,7 @@
 | localFunctionCalls.kt:5:25:5:29 | ... + ... | localFunctionCalls.kt:5:25:5:25 | i | localFunctionCalls.kt:5:29:5:29 | x |
 | samConversion.kt:2:33:2:38 | ... % ... | samConversion.kt:2:33:2:34 | it | samConversion.kt:2:38:2:38 | 2 |
 | samConversion.kt:2:33:2:43 | ... (value equals) ... | samConversion.kt:2:33:2:38 | ... % ... | samConversion.kt:2:43:2:43 | 0 |
-| samConversion.kt:7:36:7:45 | ... (value equals) ... | samConversion.kt:7:36:7:39 | this | samConversion.kt:7:44:7:45 |  |
+| samConversion.kt:7:36:7:45 | ... (value equals) ... | samConversion.kt:7:36:7:39 | this | samConversion.kt:7:44:7:45 | "" |
 | samConversion.kt:10:18:10:22 | ... % ... | samConversion.kt:10:18:10:18 | j | samConversion.kt:10:22:10:22 | 2 |
 | samConversion.kt:10:18:10:27 | ... (value equals) ... | samConversion.kt:10:18:10:22 | ... % ... | samConversion.kt:10:27:10:27 | 0 |
 | samConversion.kt:12:18:12:22 | ... % ... | samConversion.kt:12:18:12:18 | j | samConversion.kt:12:22:12:22 | 2 |
diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.expected b/java/ql/test/kotlin/library-tests/exprs/exprs.expected
index 08a9891f64b..5d35293eb22 100644
--- a/java/ql/test/kotlin/library-tests/exprs/exprs.expected
+++ b/java/ql/test/kotlin/library-tests/exprs/exprs.expected
@@ -51,7 +51,7 @@
 | delegatedProperties.kt:6:32:9:9 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | delegatedProperties.kt:7:13:7:27 | ConsoleKt | delegatedProperties.kt:6:32:9:9 | invoke | TypeAccess |
 | delegatedProperties.kt:7:13:7:27 | println(...) | delegatedProperties.kt:6:32:9:9 | invoke | MethodAccess |
-| delegatedProperties.kt:7:22:7:25 | init | delegatedProperties.kt:6:32:9:9 | invoke | StringLiteral |
+| delegatedProperties.kt:7:22:7:25 | "init" | delegatedProperties.kt:6:32:9:9 | invoke | StringLiteral |
 | delegatedProperties.kt:8:13:8:13 | 5 | delegatedProperties.kt:6:32:9:9 | invoke | IntegerLiteral |
 | delegatedProperties.kt:10:9:10:22 | ConsoleKt | delegatedProperties.kt:5:5:12:5 | fn | TypeAccess |
 | delegatedProperties.kt:10:9:10:22 | println(...) | delegatedProperties.kt:5:5:12:5 | fn | MethodAccess |
@@ -904,484 +904,484 @@
 | exprs.kt:8:32:8:41 | double | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:9:20:9:28 | float | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:9:31:9:39 | float | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:11:5:11:14 | i1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:11:9:11:10 | i1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:11:14:11:14 | 1 | exprs.kt:4:1:142:1 | topLevelMethod | IntegerLiteral |
-| exprs.kt:12:5:12:18 | i2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:12:9:12:10 | i2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:12:14:12:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:12:14:12:18 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:12:18:12:18 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:13:5:13:18 | i3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:13:9:13:10 | i3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:13:14:13:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:13:14:13:18 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:13:18:13:18 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:14:5:14:18 | i4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:14:9:14:10 | i4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:14:14:14:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:14:14:14:18 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:14:18:14:18 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:15:5:15:18 | i5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:15:9:15:10 | i5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:15:14:15:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:15:14:15:18 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:15:18:15:18 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:16:5:16:20 | i6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:16:9:16:10 | i6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:16:14:16:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:16:14:16:20 | ... << ... | exprs.kt:4:1:142:1 | topLevelMethod | LShiftExpr |
 | exprs.kt:16:20:16:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:17:5:17:20 | i7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:17:9:17:10 | i7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:17:14:17:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:17:14:17:20 | ... >> ... | exprs.kt:4:1:142:1 | topLevelMethod | RShiftExpr |
 | exprs.kt:17:20:17:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:18:5:18:21 | i8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:18:9:18:10 | i8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:18:14:18:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:18:14:18:21 | ... >>> ... | exprs.kt:4:1:142:1 | topLevelMethod | URShiftExpr |
 | exprs.kt:18:21:18:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:19:5:19:20 | i9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:19:9:19:10 | i9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:19:14:19:14 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:19:14:19:20 | ... & ... | exprs.kt:4:1:142:1 | topLevelMethod | AndBitwiseExpr |
 | exprs.kt:19:20:19:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:20:5:20:20 | i10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:20:9:20:11 | i10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:20:15:20:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:20:15:20:20 | ... \| ... | exprs.kt:4:1:142:1 | topLevelMethod | OrBitwiseExpr |
 | exprs.kt:20:20:20:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:21:5:21:21 | i11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:21:9:21:11 | i11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:21:15:21:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:21:15:21:21 | ... ^ ... | exprs.kt:4:1:142:1 | topLevelMethod | XorBitwiseExpr |
 | exprs.kt:21:21:21:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:22:5:22:21 | i12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:22:9:22:11 | i12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:22:15:22:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:22:15:22:21 | ~... | exprs.kt:4:1:142:1 | topLevelMethod | BitNotExpr |
-| exprs.kt:23:5:23:20 | i13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:23:9:23:11 | i13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:23:15:23:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:23:15:23:20 | ... (value equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueEQExpr |
 | exprs.kt:23:20:23:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:24:5:24:20 | i14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:24:9:24:11 | i14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:24:15:24:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:24:15:24:20 | ... (value not-equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueNEExpr |
 | exprs.kt:24:20:24:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:25:5:25:19 | i15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:25:9:25:11 | i15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:25:15:25:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:25:15:25:19 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:25:19:25:19 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:26:5:26:20 | i16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:26:9:26:11 | i16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:26:15:26:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:26:15:26:20 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:26:20:26:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:27:5:27:19 | i17 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:27:9:27:11 | i17 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:27:15:27:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:27:15:27:19 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:27:19:27:19 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:28:5:28:20 | i18 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:28:9:28:11 | i18 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:28:15:28:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:28:15:28:20 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:28:20:28:20 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:29:5:29:21 | i19 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:29:9:29:11 | i19 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:29:15:29:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:29:15:29:21 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:29:21:29:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:30:5:30:21 | i20 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:30:9:30:11 | i20 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:30:15:30:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:30:15:30:21 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:30:21:30:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:31:5:31:25 | i21 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:31:9:31:11 | i21 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:31:15:31:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:31:15:31:25 | contains(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:31:20:31:20 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:31:20:31:25 | rangeTo(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:31:25:31:25 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:32:5:32:26 | i22 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:32:9:32:11 | i22 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:32:15:32:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:32:15:32:26 | !... | exprs.kt:4:1:142:1 | topLevelMethod | LogNotExpr |
 | exprs.kt:32:15:32:26 | contains(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:32:21:32:21 | x | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:32:21:32:26 | rangeTo(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:32:26:32:26 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:34:5:34:17 | by1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:34:9:34:11 | by1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:34:15:34:17 | 1.0 | exprs.kt:4:1:142:1 | topLevelMethod | DoubleLiteral |
-| exprs.kt:35:5:35:23 | by2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:35:9:35:11 | by2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:35:15:35:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:35:15:35:23 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:35:21:35:23 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:36:5:36:23 | by3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:36:9:36:11 | by3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:36:15:36:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:36:15:36:23 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:36:21:36:23 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:37:5:37:23 | by4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:37:9:37:11 | by4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:37:15:37:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:37:15:37:23 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:37:21:37:23 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:38:5:38:23 | by5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:38:9:38:11 | by5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:38:15:38:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:38:15:38:23 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:38:21:38:23 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:39:5:39:24 | by6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:39:9:39:11 | by6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:39:15:39:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:39:15:39:17 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:39:15:39:24 | ... (value equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueEQExpr |
 | exprs.kt:39:22:39:24 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:39:22:39:24 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:40:5:40:24 | by7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:40:9:40:11 | by7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:40:15:40:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:40:15:40:17 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:40:15:40:24 | ... (value not-equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueNEExpr |
 | exprs.kt:40:22:40:24 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:40:22:40:24 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:41:5:41:23 | by8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:41:9:41:11 | by8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:41:15:41:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:41:15:41:17 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:41:15:41:23 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:41:21:41:23 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:41:21:41:23 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:42:5:42:24 | by9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:42:9:42:11 | by9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:42:15:42:17 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:42:15:42:17 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:42:15:42:24 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:42:22:42:24 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:42:22:42:24 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:43:5:43:24 | by10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:43:9:43:12 | by10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:43:16:43:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:43:16:43:18 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:43:16:43:24 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:43:22:43:24 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:43:22:43:24 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:44:5:44:25 | by11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:44:9:44:12 | by11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:44:16:44:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:44:16:44:18 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:44:16:44:25 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:44:23:44:25 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:44:23:44:25 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
-| exprs.kt:45:5:45:26 | by12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:45:9:45:12 | by12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:45:16:45:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:45:16:45:26 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:45:24:45:26 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:46:5:46:26 | by13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:46:9:46:12 | by13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:46:16:46:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:46:16:46:26 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:46:24:46:26 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:47:5:47:25 | by14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:47:9:47:12 | by14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:47:16:47:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:47:16:47:25 | ... \| ... | exprs.kt:4:1:142:1 | topLevelMethod | OrBitwiseExpr |
 | exprs.kt:47:23:47:25 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:48:5:48:26 | by15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:48:9:48:12 | by15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:48:16:48:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:48:16:48:26 | ... & ... | exprs.kt:4:1:142:1 | topLevelMethod | AndBitwiseExpr |
 | exprs.kt:48:24:48:26 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:49:5:49:26 | by16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:49:9:49:12 | by16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:49:16:49:18 | byx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:49:16:49:26 | ... ^ ... | exprs.kt:4:1:142:1 | topLevelMethod | XorBitwiseExpr |
 | exprs.kt:49:24:49:26 | byy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:51:5:51:16 | s1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:51:9:51:10 | s1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:51:14:51:16 | 1.0 | exprs.kt:4:1:142:1 | topLevelMethod | DoubleLiteral |
-| exprs.kt:52:5:52:20 | s2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:52:9:52:10 | s2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:52:14:52:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:52:14:52:20 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:52:19:52:20 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:53:5:53:20 | s3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:53:9:53:10 | s3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:53:14:53:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:53:14:53:20 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:53:19:53:20 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:54:5:54:20 | s4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:54:9:54:10 | s4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:54:14:54:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:54:14:54:20 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:54:19:54:20 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:55:5:55:20 | s5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:55:9:55:10 | s5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:55:14:55:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:55:14:55:20 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:55:19:55:20 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:56:5:56:21 | s6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:56:9:56:10 | s6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:56:14:56:15 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:56:14:56:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:56:14:56:21 | ... (value equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueEQExpr |
 | exprs.kt:56:20:56:21 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:56:20:56:21 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:57:5:57:21 | s7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:57:9:57:10 | s7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:57:14:57:15 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:57:14:57:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:57:14:57:21 | ... (value not-equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueNEExpr |
 | exprs.kt:57:20:57:21 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:57:20:57:21 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:58:5:58:20 | s8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:58:9:58:10 | s8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:58:14:58:15 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:58:14:58:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:58:14:58:20 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:58:19:58:20 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:58:19:58:20 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:59:5:59:21 | s9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:59:9:59:10 | s9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:59:14:59:15 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:59:14:59:15 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:59:14:59:21 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:59:20:59:21 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:59:20:59:21 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:60:5:60:21 | s10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:60:9:60:11 | s10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:60:15:60:16 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:60:15:60:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:60:15:60:21 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:60:20:60:21 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:60:20:60:21 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:61:5:61:22 | s11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:61:9:61:11 | s11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:61:15:61:16 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:61:15:61:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:61:15:61:22 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:61:21:61:22 | intValue(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:61:21:61:22 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:62:5:62:23 | s12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:62:9:62:11 | s12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:62:15:62:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:62:15:62:23 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:62:22:62:23 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:63:5:63:23 | s13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:63:9:63:11 | s13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:63:15:63:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:63:15:63:23 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:63:22:63:23 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:64:5:64:22 | s14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:64:9:64:11 | s14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:64:15:64:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:64:15:64:22 | ... \| ... | exprs.kt:4:1:142:1 | topLevelMethod | OrBitwiseExpr |
 | exprs.kt:64:21:64:22 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:65:5:65:23 | s15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:65:9:65:11 | s15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:65:15:65:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:65:15:65:23 | ... & ... | exprs.kt:4:1:142:1 | topLevelMethod | AndBitwiseExpr |
 | exprs.kt:65:22:65:23 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:66:5:66:23 | s16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:66:9:66:11 | s16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:66:15:66:16 | sx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:66:15:66:23 | ... ^ ... | exprs.kt:4:1:142:1 | topLevelMethod | XorBitwiseExpr |
 | exprs.kt:66:22:66:23 | sy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:68:5:68:16 | l1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:68:9:68:10 | l1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:68:14:68:16 | 1.0 | exprs.kt:4:1:142:1 | topLevelMethod | DoubleLiteral |
-| exprs.kt:69:5:69:20 | l2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:69:9:69:10 | l2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:69:14:69:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:69:14:69:20 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:69:19:69:20 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:70:5:70:20 | l3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:70:9:70:10 | l3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:70:14:70:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:70:14:70:20 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:70:19:70:20 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:71:5:71:20 | l4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:71:9:71:10 | l4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:71:14:71:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:71:14:71:20 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:71:19:71:20 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:72:5:72:20 | l5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:72:9:72:10 | l5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:72:14:72:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:72:14:72:20 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:72:19:72:20 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:73:5:73:21 | l6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:73:9:73:10 | l6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:73:14:73:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:73:14:73:21 | ... << ... | exprs.kt:4:1:142:1 | topLevelMethod | LShiftExpr |
 | exprs.kt:73:21:73:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:74:5:74:21 | l7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:74:9:74:10 | l7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:74:14:74:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:74:14:74:21 | ... >> ... | exprs.kt:4:1:142:1 | topLevelMethod | RShiftExpr |
 | exprs.kt:74:21:74:21 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:75:5:75:22 | l8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:75:9:75:10 | l8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:75:14:75:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:75:14:75:22 | ... >>> ... | exprs.kt:4:1:142:1 | topLevelMethod | URShiftExpr |
 | exprs.kt:75:22:75:22 | y | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:76:5:76:22 | l9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:76:9:76:10 | l9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:76:14:76:15 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:76:14:76:22 | ... & ... | exprs.kt:4:1:142:1 | topLevelMethod | AndBitwiseExpr |
 | exprs.kt:76:21:76:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:77:5:77:22 | l10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:77:9:77:11 | l10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:77:15:77:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:77:15:77:22 | ... \| ... | exprs.kt:4:1:142:1 | topLevelMethod | OrBitwiseExpr |
 | exprs.kt:77:21:77:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:78:5:78:23 | l11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:78:9:78:11 | l11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:78:15:78:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:78:15:78:23 | ... ^ ... | exprs.kt:4:1:142:1 | topLevelMethod | XorBitwiseExpr |
 | exprs.kt:78:22:78:23 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:79:5:79:22 | l12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:79:9:79:11 | l12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:79:15:79:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:79:15:79:22 | ~... | exprs.kt:4:1:142:1 | topLevelMethod | BitNotExpr |
-| exprs.kt:80:5:80:22 | l13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:80:9:80:11 | l13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:80:15:80:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:80:15:80:22 | ... (value equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueEQExpr |
 | exprs.kt:80:21:80:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:81:5:81:22 | l14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:81:9:81:11 | l14 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:81:15:81:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:81:15:81:22 | ... (value not-equals) ... | exprs.kt:4:1:142:1 | topLevelMethod | ValueNEExpr |
 | exprs.kt:81:21:81:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:82:5:82:21 | l15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:82:9:82:11 | l15 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:82:15:82:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:82:15:82:21 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:82:20:82:21 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:83:5:83:22 | l16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:83:9:83:11 | l16 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:83:15:83:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:83:15:83:22 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:83:21:83:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:84:5:84:21 | l17 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:84:9:84:11 | l17 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:84:15:84:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:84:15:84:21 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:84:20:84:21 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:85:5:85:22 | l18 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:85:9:85:11 | l18 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:85:15:85:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:85:15:85:22 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:85:21:85:22 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:86:5:86:23 | l19 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:86:9:86:11 | l19 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:86:15:86:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:86:15:86:23 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:86:22:86:23 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:87:5:87:23 | l20 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:87:9:87:11 | l20 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:87:15:87:16 | lx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:87:15:87:23 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:87:22:87:23 | ly | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:89:5:89:16 | d1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:89:9:89:10 | d1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:89:14:89:16 | 1.0 | exprs.kt:4:1:142:1 | topLevelMethod | DoubleLiteral |
-| exprs.kt:90:5:90:20 | d2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:90:9:90:10 | d2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:90:14:90:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:90:14:90:20 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:90:19:90:20 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:91:5:91:20 | d3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:91:9:91:10 | d3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:91:14:91:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:91:14:91:20 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:91:19:91:20 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:92:5:92:20 | d4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:92:9:92:10 | d4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:92:14:92:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:92:14:92:20 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:92:19:92:20 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:93:5:93:20 | d5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:93:9:93:10 | d5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:93:14:93:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:93:14:93:20 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:93:19:93:20 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:94:5:94:21 | d6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:94:9:94:10 | d6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:94:14:94:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:94:14:94:21 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:94:20:94:21 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:95:5:95:21 | d7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:95:9:95:10 | d7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:95:14:95:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:95:14:95:21 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:95:20:95:21 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:96:5:96:20 | d8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:96:9:96:10 | d8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:96:14:96:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:96:14:96:20 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:96:19:96:20 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:97:5:97:21 | d9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:97:9:97:10 | d9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:97:14:97:15 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:97:14:97:21 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:97:20:97:21 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:98:5:98:21 | d10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:98:9:98:11 | d10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:98:15:98:16 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:98:15:98:21 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:98:20:98:21 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:99:5:99:22 | d11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:99:9:99:11 | d11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:99:15:99:16 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:99:15:99:22 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:99:21:99:22 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:100:5:100:23 | d12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:100:9:100:11 | d12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:100:15:100:16 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:100:15:100:23 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:100:22:100:23 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:101:5:101:23 | d13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:101:9:101:11 | d13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:101:15:101:16 | dx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:101:15:101:23 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:101:22:101:23 | dy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:103:5:103:16 | f1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:103:9:103:10 | f1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:103:14:103:16 | 1.0 | exprs.kt:4:1:142:1 | topLevelMethod | DoubleLiteral |
-| exprs.kt:104:5:104:20 | f2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:104:9:104:10 | f2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:104:14:104:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:104:14:104:20 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:104:19:104:20 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:105:5:105:20 | f3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:105:9:105:10 | f3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:105:14:105:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:105:14:105:20 | ... - ... | exprs.kt:4:1:142:1 | topLevelMethod | SubExpr |
 | exprs.kt:105:19:105:20 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:106:5:106:20 | f4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:106:9:106:10 | f4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:106:14:106:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:106:14:106:20 | ... / ... | exprs.kt:4:1:142:1 | topLevelMethod | DivExpr |
 | exprs.kt:106:19:106:20 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:107:5:107:20 | f5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:107:9:107:10 | f5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:107:14:107:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:107:14:107:20 | ... % ... | exprs.kt:4:1:142:1 | topLevelMethod | RemExpr |
 | exprs.kt:107:19:107:20 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:108:5:108:21 | f6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:108:9:108:10 | f6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:108:14:108:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:108:14:108:21 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:108:20:108:21 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:109:5:109:21 | f7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:109:9:109:10 | f7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:109:14:109:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:109:14:109:21 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:109:20:109:21 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:110:5:110:20 | f8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:110:9:110:10 | f8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:110:14:110:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:110:14:110:20 | ... < ... | exprs.kt:4:1:142:1 | topLevelMethod | LTExpr |
 | exprs.kt:110:19:110:20 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:111:5:111:21 | f9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:111:9:111:10 | f9 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:111:14:111:15 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:111:14:111:21 | ... <= ... | exprs.kt:4:1:142:1 | topLevelMethod | LEExpr |
 | exprs.kt:111:20:111:21 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:112:5:112:21 | f10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:112:9:112:11 | f10 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:112:15:112:16 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:112:15:112:21 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
 | exprs.kt:112:20:112:21 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:113:5:113:22 | f11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:113:9:113:11 | f11 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:113:15:113:16 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:113:15:113:22 | ... >= ... | exprs.kt:4:1:142:1 | topLevelMethod | GEExpr |
 | exprs.kt:113:21:113:22 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:114:5:114:23 | f12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:114:9:114:11 | f12 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:114:15:114:16 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:114:15:114:23 | ... == ... | exprs.kt:4:1:142:1 | topLevelMethod | EQExpr |
 | exprs.kt:114:22:114:23 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:115:5:115:23 | f13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:115:9:115:11 | f13 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:115:15:115:16 | fx | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:115:15:115:23 | ... != ... | exprs.kt:4:1:142:1 | topLevelMethod | NEExpr |
 | exprs.kt:115:22:115:23 | fy | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:117:5:117:17 | b1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:117:9:117:10 | b1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:117:14:117:17 | true | exprs.kt:4:1:142:1 | topLevelMethod | BooleanLiteral |
-| exprs.kt:118:5:118:18 | b2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:118:9:118:10 | b2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:118:14:118:18 | false | exprs.kt:4:1:142:1 | topLevelMethod | BooleanLiteral |
-| exprs.kt:119:5:119:21 | b3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:119:9:119:10 | b3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:119:14:119:15 | b1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:119:14:119:21 | ... && ... | exprs.kt:4:1:142:1 | topLevelMethod | AndLogicalExpr |
 | exprs.kt:119:20:119:21 | b2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:120:5:120:21 | b4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:120:9:120:10 | b4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:120:14:120:15 | b1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:120:14:120:21 | ... \|\| ... | exprs.kt:4:1:142:1 | topLevelMethod | OrLogicalExpr |
 | exprs.kt:120:20:120:21 | b2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:121:5:121:16 | b5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:121:9:121:10 | b5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:121:14:121:16 | !... | exprs.kt:4:1:142:1 | topLevelMethod | LogNotExpr |
 | exprs.kt:121:15:121:16 | b1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:123:5:123:15 | c | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:123:9:123:9 | c | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:123:13:123:15 | x | exprs.kt:4:1:142:1 | topLevelMethod | CharacterLiteral |
-| exprs.kt:124:5:124:26 | str | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
-| exprs.kt:124:16:124:25 | string lit | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:125:5:125:38 | strWithQuote | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
-| exprs.kt:125:25:125:37 | string " lit | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:126:5:126:22 | b6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:124:9:124:11 | str | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:124:16:124:25 | "string lit" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:125:9:125:20 | strWithQuote | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:125:25:125:37 | "string \\" lit" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:126:9:126:10 | b6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:126:14:126:15 | i1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:126:14:126:22 | ...instanceof... | exprs.kt:4:1:142:1 | topLevelMethod | InstanceOfExpr |
 | exprs.kt:126:14:126:22 | int | exprs.kt:4:1:142:1 | topLevelMethod | TypeAccess |
-| exprs.kt:127:5:127:23 | b7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:127:9:127:10 | b7 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:127:14:127:15 | i1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:127:14:127:23 | ... !is ... | exprs.kt:4:1:142:1 | topLevelMethod | NotInstanceOfExpr |
 | exprs.kt:127:14:127:23 | int | exprs.kt:4:1:142:1 | topLevelMethod | TypeAccess |
-| exprs.kt:128:5:128:26 | b8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:128:9:128:10 | b8 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:128:14:128:15 | b7 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:128:14:128:26 | (...)... | exprs.kt:4:1:142:1 | topLevelMethod | CastExpr |
 | exprs.kt:128:14:128:26 | boolean | exprs.kt:4:1:142:1 | topLevelMethod | TypeAccess |
-| exprs.kt:129:5:129:35 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
-| exprs.kt:129:25:129:34 | string lit | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:130:5:130:36 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
-| exprs.kt:130:26:130:35 | string lit | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:131:5:131:28 | str3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:129:9:129:12 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:129:25:129:34 | "string lit" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:130:9:130:12 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:130:26:130:35 | "string lit" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:131:9:131:12 | str3 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:131:25:131:28 | null | exprs.kt:4:1:142:1 | topLevelMethod | NullLiteral |
-| exprs.kt:132:5:132:48 | str4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:132:9:132:12 | str4 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:132:24:132:48 | "..." | exprs.kt:4:1:142:1 | topLevelMethod | StringTemplateExpr |
-| exprs.kt:132:25:132:28 | foo  | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:132:25:132:28 | "foo " | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
 | exprs.kt:132:30:132:33 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:132:34:132:38 |  bar  | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:132:34:132:38 | " bar " | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
 | exprs.kt:132:40:132:43 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:132:44:132:47 |  baz | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:133:5:133:66 | str5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:132:44:132:47 | " baz" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:133:9:133:12 | str5 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:133:24:133:66 | "..." | exprs.kt:4:1:142:1 | topLevelMethod | StringTemplateExpr |
-| exprs.kt:133:25:133:28 | foo  | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:133:25:133:28 | "foo " | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
 | exprs.kt:133:31:133:34 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:133:31:133:41 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:133:38:133:41 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:133:43:133:47 |  bar  | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:133:43:133:47 | " bar " | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
 | exprs.kt:133:50:133:53 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:133:50:133:60 | Intrinsics | exprs.kt:4:1:142:1 | topLevelMethod | TypeAccess |
 | exprs.kt:133:50:133:60 | stringPlus(...) | exprs.kt:4:1:142:1 | topLevelMethod | MethodAccess |
 | exprs.kt:133:57:133:60 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:133:62:133:65 |  baz | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
-| exprs.kt:134:5:134:26 | str6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:133:62:133:65 | " baz" | exprs.kt:4:1:142:1 | topLevelMethod | StringLiteral |
+| exprs.kt:134:9:134:12 | str6 | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:134:16:134:19 | str1 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:134:16:134:26 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:134:23:134:26 | str2 | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
-| exprs.kt:136:5:136:21 | variable | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
+| exprs.kt:136:9:136:16 | variable | exprs.kt:4:1:142:1 | topLevelMethod | LocalVariableDeclExpr |
 | exprs.kt:136:20:136:21 | 10 | exprs.kt:4:1:142:1 | topLevelMethod | IntegerLiteral |
 | exprs.kt:137:12:137:19 | variable | exprs.kt:4:1:142:1 | topLevelMethod | VarAccess |
 | exprs.kt:137:12:137:23 | ... > ... | exprs.kt:4:1:142:1 | topLevelMethod | GTExpr |
@@ -1400,7 +1400,7 @@
 | exprs.kt:141:12:141:20 | ... + ... | exprs.kt:4:1:142:1 | topLevelMethod | AddExpr |
 | exprs.kt:141:18:141:20 | 456 | exprs.kt:4:1:142:1 | topLevelMethod | IntegerLiteral |
 | exprs.kt:144:1:146:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:145:5:145:23 | d | exprs.kt:144:1:146:1 | getClass | LocalVariableDeclExpr |
+| exprs.kt:145:9:145:9 | d | exprs.kt:144:1:146:1 | getClass | LocalVariableDeclExpr |
 | exprs.kt:145:13:145:16 | true | exprs.kt:144:1:146:1 | getClass | BooleanLiteral |
 | exprs.kt:145:13:145:23 | ::class | exprs.kt:144:1:146:1 | getClass | ClassExpr |
 | exprs.kt:148:9:148:18 | ...=... | exprs.kt:148:1:150:1 | C | KtInitializerAssignExpr |
@@ -1422,11 +1422,11 @@
 | exprs.kt:157:8:157:8 | x | exprs.kt:156:1:163:1 | typeTests | VarAccess |
 | exprs.kt:157:8:157:21 | ...instanceof... | exprs.kt:156:1:163:1 | typeTests | InstanceOfExpr |
 | exprs.kt:157:8:157:21 | Subclass1 | exprs.kt:156:1:163:1 | typeTests | TypeAccess |
-| exprs.kt:158:9:158:29 | x1 | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
+| exprs.kt:158:13:158:14 | x1 | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
 | exprs.kt:158:29:158:29 | <implicit cast> | exprs.kt:156:1:163:1 | typeTests | ImplicitCastExpr |
 | exprs.kt:158:29:158:29 | Subclass1 | exprs.kt:156:1:163:1 | typeTests | TypeAccess |
 | exprs.kt:158:29:158:29 | x | exprs.kt:156:1:163:1 | typeTests | VarAccess |
-| exprs.kt:160:5:160:60 | y1 | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
+| exprs.kt:160:9:160:10 | y1 | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
 | exprs.kt:160:25:160:60 | true | exprs.kt:156:1:163:1 | typeTests | BooleanLiteral |
 | exprs.kt:160:25:160:60 | when ... | exprs.kt:156:1:163:1 | typeTests | WhenExpr |
 | exprs.kt:160:29:160:29 | x | exprs.kt:156:1:163:1 | typeTests | VarAccess |
@@ -1437,7 +1437,7 @@
 | exprs.kt:160:45:160:49 | Subclass1 | exprs.kt:156:1:163:1 | typeTests | TypeAccess |
 | exprs.kt:160:47:160:47 | x | exprs.kt:156:1:163:1 | typeTests | VarAccess |
 | exprs.kt:160:58:160:58 | y | exprs.kt:156:1:163:1 | typeTests | VarAccess |
-| exprs.kt:161:5:161:13 | q | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
+| exprs.kt:161:9:161:9 | q | exprs.kt:156:1:163:1 | typeTests | LocalVariableDeclExpr |
 | exprs.kt:161:13:161:13 | 1 | exprs.kt:156:1:163:1 | typeTests | IntegerLiteral |
 | exprs.kt:162:5:162:48 | true | exprs.kt:156:1:163:1 | typeTests | BooleanLiteral |
 | exprs.kt:162:5:162:48 | when ... | exprs.kt:156:1:163:1 | typeTests | WhenExpr |
@@ -1452,18 +1452,18 @@
 | exprs.kt:162:46:162:46 | 3 | exprs.kt:156:1:163:1 | typeTests | IntegerLiteral |
 | exprs.kt:165:1:172:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:165:9:165:18 | Polygon | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:166:5:166:25 | r | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
+| exprs.kt:166:9:166:9 | r | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
 | exprs.kt:166:13:166:13 | p | exprs.kt:165:1:172:1 | foo | VarAccess |
 | exprs.kt:166:13:166:25 | getBounds(...) | exprs.kt:165:1:172:1 | foo | MethodAccess |
 | exprs.kt:167:5:171:5 | when ... | exprs.kt:165:1:172:1 | foo | WhenExpr |
 | exprs.kt:167:8:167:8 | r | exprs.kt:165:1:172:1 | foo | VarAccess |
 | exprs.kt:167:8:167:16 | ... (value not-equals) ... | exprs.kt:165:1:172:1 | foo | ValueNEExpr |
 | exprs.kt:167:13:167:16 | null | exprs.kt:165:1:172:1 | foo | NullLiteral |
-| exprs.kt:168:9:168:29 | r2 | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
+| exprs.kt:168:13:168:14 | r2 | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
 | exprs.kt:168:29:168:29 | <implicit not null> | exprs.kt:165:1:172:1 | foo | ImplicitNotNullExpr |
 | exprs.kt:168:29:168:29 | Rectangle | exprs.kt:165:1:172:1 | foo | TypeAccess |
 | exprs.kt:168:29:168:29 | r | exprs.kt:165:1:172:1 | foo | VarAccess |
-| exprs.kt:169:9:169:30 | height | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
+| exprs.kt:169:13:169:18 | height | exprs.kt:165:1:172:1 | foo | LocalVariableDeclExpr |
 | exprs.kt:169:22:169:23 | r2 | exprs.kt:165:1:172:1 | foo | VarAccess |
 | exprs.kt:169:25:169:30 | r2.height | exprs.kt:165:1:172:1 | foo | VarAccess |
 | exprs.kt:170:9:170:10 | r2 | exprs.kt:165:1:172:1 | foo | VarAccess |
@@ -1534,10 +1534,10 @@
 | exprs.kt:181:5:181:18 | new Color(...) | exprs.kt:0:0:0:0 | <clinit> | ClassInstanceExpr |
 | exprs.kt:181:10:181:17 | 255 | exprs.kt:0:0:0:0 | <clinit> | IntegerLiteral |
 | exprs.kt:184:1:187:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:185:5:185:31 | south | exprs.kt:184:1:187:1 | enums | LocalVariableDeclExpr |
+| exprs.kt:185:9:185:13 | south | exprs.kt:184:1:187:1 | enums | LocalVariableDeclExpr |
 | exprs.kt:185:27:185:31 | Direction | exprs.kt:184:1:187:1 | enums | TypeAccess |
 | exprs.kt:185:27:185:31 | Direction.SOUTH | exprs.kt:184:1:187:1 | enums | VarAccess |
-| exprs.kt:186:5:186:27 | green | exprs.kt:184:1:187:1 | enums | LocalVariableDeclExpr |
+| exprs.kt:186:9:186:13 | green | exprs.kt:184:1:187:1 | enums | LocalVariableDeclExpr |
 | exprs.kt:186:23:186:27 | Color | exprs.kt:184:1:187:1 | enums | TypeAccess |
 | exprs.kt:186:23:186:27 | Color.GREEN | exprs.kt:184:1:187:1 | enums | VarAccess |
 | exprs.kt:192:5:192:14 | ...=... | exprs.kt:191:1:199:1 | Class1 | KtInitializerAssignExpr |
@@ -1548,7 +1548,7 @@
 | exprs.kt:192:5:192:14 | this.a1 | exprs.kt:192:5:192:14 | getA1 | VarAccess |
 | exprs.kt:192:14:192:14 | 1 | exprs.kt:191:1:199:1 | Class1 | IntegerLiteral |
 | exprs.kt:193:13:198:5 | Object | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:194:9:194:18 | a2 | exprs.kt:193:13:198:5 | getObject | LocalVariableDeclExpr |
+| exprs.kt:194:13:194:14 | a2 | exprs.kt:193:13:198:5 | getObject | LocalVariableDeclExpr |
 | exprs.kt:194:18:194:18 | 2 | exprs.kt:193:13:198:5 | getObject | IntegerLiteral |
 | exprs.kt:195:16:197:9 | <Stmt> | exprs.kt:193:13:198:5 | getObject | StmtExpr |
 | exprs.kt:195:16:197:9 | Interface1 | exprs.kt:193:13:198:5 | getObject | TypeAccess |
@@ -1566,55 +1566,55 @@
 | exprs.kt:196:36:196:37 | a2 | exprs.kt:195:16:197:9 |  | VarAccess |
 | exprs.kt:201:1:203:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:201:22:201:28 | Object | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:202:5:202:20 | y | exprs.kt:201:1:203:1 | notNullAssertion | LocalVariableDeclExpr |
+| exprs.kt:202:9:202:9 | y | exprs.kt:201:1:203:1 | notNullAssertion | LocalVariableDeclExpr |
 | exprs.kt:202:18:202:18 | x | exprs.kt:201:1:203:1 | notNullAssertion | VarAccess |
 | exprs.kt:202:19:202:20 | ...!! | exprs.kt:201:1:203:1 | notNullAssertion | NotNullExpr |
 | exprs.kt:206:5:217:5 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:206:11:206:18 | Object | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:206:21:206:30 | String | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:208:9:208:29 | a | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:208:13:208:13 | a | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:208:17:208:18 | aa | exprs.kt:206:5:217:5 | x | VarAccess |
 | exprs.kt:208:17:208:29 | String | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:208:17:208:29 | valueOf(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
-| exprs.kt:209:9:209:27 | b0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:209:13:209:14 | b0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:209:19:209:19 | s | exprs.kt:206:5:217:5 | x | VarAccess |
 | exprs.kt:209:19:209:27 | Intrinsics | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:209:19:209:27 | stringPlus(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
 | exprs.kt:209:26:209:26 | 5 | exprs.kt:206:5:217:5 | x | IntegerLiteral |
-| exprs.kt:210:9:210:23 | b1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:210:13:210:14 | b1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:210:19:210:19 | s | exprs.kt:206:5:217:5 | x | VarAccess |
 | exprs.kt:210:19:210:23 | Intrinsics | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:210:19:210:23 | stringPlus(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
 | exprs.kt:210:23:210:23 | 5 | exprs.kt:206:5:217:5 | x | IntegerLiteral |
-| exprs.kt:211:9:211:29 | b2 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:211:13:211:14 | b2 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:211:19:211:19 | s | exprs.kt:206:5:217:5 | x | VarAccess |
 | exprs.kt:211:20:211:21 | ...!! | exprs.kt:206:5:217:5 | x | NotNullExpr |
 | exprs.kt:211:20:211:29 | ... + ... | exprs.kt:206:5:217:5 | x | AddExpr |
 | exprs.kt:211:28:211:28 | 5 | exprs.kt:206:5:217:5 | x | IntegerLiteral |
-| exprs.kt:212:9:212:25 | b3 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:212:13:212:14 | b3 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:212:19:212:19 | s | exprs.kt:206:5:217:5 | x | VarAccess |
 | exprs.kt:212:19:212:25 | ... + ... | exprs.kt:206:5:217:5 | x | AddExpr |
 | exprs.kt:212:20:212:21 | ...!! | exprs.kt:206:5:217:5 | x | NotNullExpr |
 | exprs.kt:212:25:212:25 | 5 | exprs.kt:206:5:217:5 | x | IntegerLiteral |
-| exprs.kt:213:9:213:36 | c0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:213:13:213:14 | c0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:213:18:213:36 | Color | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:213:18:213:36 | values(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
-| exprs.kt:214:9:214:31 | c1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:214:13:214:14 | c1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:214:24:214:31 | Color | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:214:24:214:31 | values(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
-| exprs.kt:215:9:215:44 | d0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:215:13:215:14 | d0 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:215:18:215:44 | Color | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:215:18:215:44 | valueOf(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
-| exprs.kt:215:38:215:42 | GREEN | exprs.kt:206:5:217:5 | x | StringLiteral |
-| exprs.kt:216:9:216:39 | d1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
+| exprs.kt:215:38:215:42 | "GREEN" | exprs.kt:206:5:217:5 | x | StringLiteral |
+| exprs.kt:216:13:216:14 | d1 | exprs.kt:206:5:217:5 | x | LocalVariableDeclExpr |
 | exprs.kt:216:24:216:39 | Color | exprs.kt:206:5:217:5 | x | TypeAccess |
 | exprs.kt:216:24:216:39 | valueOf(...) | exprs.kt:206:5:217:5 | x | MethodAccess |
-| exprs.kt:216:33:216:37 | GREEN | exprs.kt:206:5:217:5 | x | StringLiteral |
+| exprs.kt:216:33:216:37 | "GREEN" | exprs.kt:206:5:217:5 | x | StringLiteral |
 | exprs.kt:220:1:222:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:221:5:221:10 | StandardKt | exprs.kt:220:1:222:1 | todo | TypeAccess |
 | exprs.kt:221:5:221:10 | TODO(...) | exprs.kt:220:1:222:1 | todo | MethodAccess |
 | exprs.kt:225:1:227:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:226:5:226:29 | x | exprs.kt:225:1:227:1 | fnClassRef | LocalVariableDeclExpr |
+| exprs.kt:226:9:226:9 | x | exprs.kt:225:1:227:1 | fnClassRef | LocalVariableDeclExpr |
 | exprs.kt:226:13:226:29 | SomeClass1 | exprs.kt:225:1:227:1 | fnClassRef | TypeAccess |
 | exprs.kt:226:13:226:29 | SomeClass1.class | exprs.kt:225:1:227:1 | fnClassRef | TypeLiteral |
 | exprs.kt:229:1:250:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
@@ -1622,83 +1622,83 @@
 | exprs.kt:229:42:229:64 | Integer | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:229:67:229:88 | String | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:229:91:229:114 | String | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:230:3:230:47 | b1 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:230:7:230:8 | b1 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:230:12:230:27 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:230:12:230:47 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:230:32:230:47 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:231:3:231:48 | b2 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:231:7:231:8 | b2 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:231:12:231:27 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:231:12:231:48 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:231:32:231:48 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:232:3:232:49 | b3 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:232:7:232:8 | b3 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:232:12:232:28 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:232:12:232:49 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:232:33:232:49 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:233:3:233:43 | b4 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:233:7:233:8 | b4 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:233:12:233:25 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:233:12:233:43 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:233:30:233:43 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:234:3:234:44 | b5 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:234:7:234:8 | b5 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:234:12:234:25 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:234:12:234:44 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:234:30:234:44 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:235:3:235:45 | b6 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:235:7:235:8 | b6 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:235:12:235:26 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:235:12:235:45 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:235:31:235:45 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:236:3:236:47 | b7 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:236:7:236:8 | b7 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:236:12:236:27 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:236:12:236:47 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:236:32:236:47 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:237:3:237:48 | b8 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:237:7:237:8 | b8 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:237:12:237:27 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:237:12:237:48 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:237:32:237:48 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:238:3:238:49 | b9 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:238:7:238:8 | b9 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:238:12:238:28 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:238:12:238:49 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:238:33:238:49 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:239:3:239:44 | b10 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:239:7:239:9 | b10 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:239:13:239:26 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:239:13:239:44 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:239:31:239:44 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:240:3:240:45 | b11 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:240:7:240:9 | b11 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:240:13:240:26 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:240:13:240:45 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:240:31:240:45 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:241:3:241:46 | b12 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:241:7:241:9 | b12 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:241:13:241:27 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:241:13:241:46 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:241:32:241:46 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
-| exprs.kt:242:3:242:36 | b13 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:242:7:242:9 | b13 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:242:13:242:28 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:242:13:242:36 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:242:33:242:36 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:243:3:243:37 | b14 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:243:7:243:9 | b14 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:243:13:243:29 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:243:13:243:37 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:243:34:243:37 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:244:3:244:34 | b15 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:244:7:244:9 | b15 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:244:13:244:26 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:244:13:244:34 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:244:31:244:34 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:245:3:245:35 | b16 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:245:7:245:9 | b16 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:245:13:245:27 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:245:13:245:35 | ... (value equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueEQExpr |
 | exprs.kt:245:32:245:35 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:246:3:246:36 | b17 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:246:7:246:9 | b17 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:246:13:246:28 | notNullPrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:246:13:246:36 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:246:33:246:36 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:247:3:247:37 | b18 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:247:7:247:9 | b18 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:247:13:247:29 | nullablePrimitive | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:247:13:247:37 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:247:34:247:37 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:248:3:248:34 | b19 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:248:7:248:9 | b19 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:248:13:248:26 | notNullReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:248:13:248:34 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:248:31:248:34 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
-| exprs.kt:249:3:249:35 | b20 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
+| exprs.kt:249:7:249:9 | b20 | exprs.kt:229:1:250:1 | equalityTests | LocalVariableDeclExpr |
 | exprs.kt:249:13:249:27 | nullableReftype | exprs.kt:229:1:250:1 | equalityTests | VarAccess |
 | exprs.kt:249:13:249:35 | ... (value not-equals) ... | exprs.kt:229:1:250:1 | equalityTests | ValueNEExpr |
 | exprs.kt:249:32:249:35 | null | exprs.kt:229:1:250:1 | equalityTests | NullLiteral |
@@ -1715,28 +1715,28 @@
 | exprs.kt:256:30:256:39 | double | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:257:18:257:26 | float | file://:0:0:0:0 | <none> | TypeAccess |
 | exprs.kt:257:29:257:37 | float | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:259:3:259:15 | i | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
+| exprs.kt:259:7:259:7 | i | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
 | exprs.kt:259:11:259:11 | x | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:259:11:259:15 | ... * ... | exprs.kt:252:1:265:1 | mulOperators | MulExpr |
 | exprs.kt:259:15:259:15 | y | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
-| exprs.kt:260:3:260:19 | b | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
+| exprs.kt:260:7:260:7 | b | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
 | exprs.kt:260:11:260:13 | byx | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:260:11:260:19 | ... * ... | exprs.kt:252:1:265:1 | mulOperators | MulExpr |
 | exprs.kt:260:17:260:19 | byy | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
-| exprs.kt:261:3:261:17 | l | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
+| exprs.kt:261:7:261:7 | l | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
 | exprs.kt:261:11:261:12 | lx | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:261:11:261:17 | ... * ... | exprs.kt:252:1:265:1 | mulOperators | MulExpr |
 | exprs.kt:261:16:261:17 | ly | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
-| exprs.kt:262:3:262:17 | d | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
+| exprs.kt:262:7:262:7 | d | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
 | exprs.kt:262:11:262:12 | dx | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:262:11:262:17 | ... * ... | exprs.kt:252:1:265:1 | mulOperators | MulExpr |
 | exprs.kt:262:16:262:17 | dy | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
-| exprs.kt:263:3:263:17 | f | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
+| exprs.kt:263:7:263:7 | f | exprs.kt:252:1:265:1 | mulOperators | LocalVariableDeclExpr |
 | exprs.kt:263:11:263:12 | fx | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:263:11:263:17 | ... * ... | exprs.kt:252:1:265:1 | mulOperators | MulExpr |
 | exprs.kt:263:16:263:17 | fy | exprs.kt:252:1:265:1 | mulOperators | VarAccess |
 | exprs.kt:267:1:276:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| exprs.kt:269:3:269:17 | updated | exprs.kt:267:1:276:1 | inPlaceOperators | LocalVariableDeclExpr |
+| exprs.kt:269:7:269:13 | updated | exprs.kt:267:1:276:1 | inPlaceOperators | LocalVariableDeclExpr |
 | exprs.kt:269:17:269:17 | 0 | exprs.kt:267:1:276:1 | inPlaceOperators | IntegerLiteral |
 | exprs.kt:270:3:270:9 | updated | exprs.kt:267:1:276:1 | inPlaceOperators | VarAccess |
 | exprs.kt:270:3:270:14 | ...+=... | exprs.kt:267:1:276:1 | inPlaceOperators | AssignAddExpr |
@@ -1789,9 +1789,9 @@
 | exprs.kt:289:5:289:6 | <implicit coercion to unit> | exprs.kt:285:1:346:1 | unaryExprs | ImplicitCoercionToUnitExpr |
 | exprs.kt:289:5:289:6 | Unit | exprs.kt:285:1:346:1 | unaryExprs | TypeAccess |
 | exprs.kt:289:6:289:6 | d | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
-| exprs.kt:290:5:290:14 | i0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:290:9:290:10 | i0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:290:14:290:14 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
-| exprs.kt:291:5:291:14 | i1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:291:9:291:10 | i1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:291:14:291:14 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
 | exprs.kt:292:5:292:6 | i0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
 | exprs.kt:292:5:292:6 | i0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
@@ -1857,9 +1857,9 @@
 | exprs.kt:303:5:303:6 | <implicit coercion to unit> | exprs.kt:285:1:346:1 | unaryExprs | ImplicitCoercionToUnitExpr |
 | exprs.kt:303:5:303:6 | Unit | exprs.kt:285:1:346:1 | unaryExprs | TypeAccess |
 | exprs.kt:303:6:303:6 | b | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
-| exprs.kt:304:5:304:20 | b0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:304:9:304:10 | b0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:304:20:304:20 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
-| exprs.kt:305:5:305:20 | b1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:305:9:305:10 | b1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:305:20:305:20 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
 | exprs.kt:306:5:306:6 | b0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
 | exprs.kt:306:5:306:6 | b0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
@@ -1925,9 +1925,9 @@
 | exprs.kt:317:5:317:6 | <implicit coercion to unit> | exprs.kt:285:1:346:1 | unaryExprs | ImplicitCoercionToUnitExpr |
 | exprs.kt:317:5:317:6 | Unit | exprs.kt:285:1:346:1 | unaryExprs | TypeAccess |
 | exprs.kt:317:6:317:6 | s | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
-| exprs.kt:318:5:318:21 | s0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:318:9:318:10 | s0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:318:21:318:21 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
-| exprs.kt:319:5:319:21 | s1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:319:9:319:10 | s1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:319:21:319:21 | 1 | exprs.kt:285:1:346:1 | unaryExprs | IntegerLiteral |
 | exprs.kt:320:5:320:6 | s0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
 | exprs.kt:320:5:320:6 | s0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
@@ -1993,9 +1993,9 @@
 | exprs.kt:331:5:331:6 | <implicit coercion to unit> | exprs.kt:285:1:346:1 | unaryExprs | ImplicitCoercionToUnitExpr |
 | exprs.kt:331:5:331:6 | Unit | exprs.kt:285:1:346:1 | unaryExprs | TypeAccess |
 | exprs.kt:331:6:331:6 | l | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
-| exprs.kt:332:5:332:20 | l0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:332:9:332:10 | l0 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:332:20:332:20 | 1 | exprs.kt:285:1:346:1 | unaryExprs | LongLiteral |
-| exprs.kt:333:5:333:20 | l1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
+| exprs.kt:333:9:333:10 | l1 | exprs.kt:285:1:346:1 | unaryExprs | LocalVariableDeclExpr |
 | exprs.kt:333:20:333:20 | 1 | exprs.kt:285:1:346:1 | unaryExprs | LongLiteral |
 | exprs.kt:334:5:334:6 | l0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
 | exprs.kt:334:5:334:6 | l0 | exprs.kt:285:1:346:1 | unaryExprs | VarAccess |
@@ -2730,7 +2730,7 @@
 | funcExprs.kt:36:100:36:102 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:36:104:36:106 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:36:108:36:110 | int | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:36:115:36:116 |  | funcExprs.kt:36:29:36:117 | invoke | StringLiteral |
+| funcExprs.kt:36:115:36:116 | "" | funcExprs.kt:36:29:36:117 | invoke | StringLiteral |
 | funcExprs.kt:38:5:38:39 | FuncExprsKt | funcExprs.kt:21:1:52:1 | call | TypeAccess |
 | funcExprs.kt:38:5:38:39 | functionExpression0a(...) | funcExprs.kt:21:1:52:1 | call | MethodAccess |
 | funcExprs.kt:38:26:38:34 | FuncRef | funcExprs.kt:21:1:52:1 | call | TypeAccess |
@@ -3231,7 +3231,7 @@
 | funcExprs.kt:70:102:70:109 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:70:112:70:119 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:70:122:70:129 | int | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:70:134:70:135 |  | funcExprs.kt:69:5:70:135 | f23 | StringLiteral |
+| funcExprs.kt:70:134:70:135 | "" | funcExprs.kt:69:5:70:135 | f23 | StringLiteral |
 | funcExprs.kt:74:5:76:5 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:75:9:75:22 | fn(...) | funcExprs.kt:74:5:76:5 | call | MethodAccess |
 | funcExprs.kt:75:9:75:22 | this | funcExprs.kt:74:5:76:5 | call | ThisAccess |
@@ -3245,7 +3245,7 @@
 | funcExprs.kt:75:14:75:14 | Generic<Generic<Integer>> | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:75:14:75:14 | Generic<Integer> | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:75:14:75:14 | Integer | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:75:20:75:20 | a | funcExprs.kt:75:12:75:22 | invoke | StringLiteral |
+| funcExprs.kt:75:20:75:20 | "a" | funcExprs.kt:75:12:75:22 | invoke | StringLiteral |
 | funcExprs.kt:77:13:77:60 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:77:20:77:55 | ? ... | file://:0:0:0:0 | <none> | WildcardTypeAccess |
 | funcExprs.kt:77:20:77:55 | Function1<? super Generic<Generic<Integer>>,String> | file://:0:0:0:0 | <none> | TypeAccess |
@@ -3254,7 +3254,7 @@
 | funcExprs.kt:77:20:77:55 | Integer | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:77:20:77:55 | String | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:82:9:96:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:83:5:83:51 | l1 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
+| funcExprs.kt:83:9:83:10 | l1 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
 | funcExprs.kt:83:31:83:51 | ...->... | funcExprs.kt:82:9:96:1 | fn | LambdaExpr |
 | funcExprs.kt:83:31:83:51 | Function1<Integer,String> | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
 | funcExprs.kt:83:31:83:51 | Integer | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
@@ -3268,7 +3268,7 @@
 | funcExprs.kt:84:8:84:16 | <implicit coercion to unit> | funcExprs.kt:82:9:96:1 | fn | ImplicitCoercionToUnitExpr |
 | funcExprs.kt:84:8:84:16 | Unit | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
 | funcExprs.kt:84:15:84:15 | 5 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
-| funcExprs.kt:86:5:86:59 | l2 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
+| funcExprs.kt:86:9:86:10 | l2 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
 | funcExprs.kt:86:39:86:59 | ...->... | funcExprs.kt:82:9:96:1 | fn | LambdaExpr |
 | funcExprs.kt:86:39:86:59 | Function1<Integer,String> | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
 | funcExprs.kt:86:39:86:59 | Integer | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
@@ -3282,7 +3282,7 @@
 | funcExprs.kt:87:8:87:16 | <implicit coercion to unit> | funcExprs.kt:82:9:96:1 | fn | ImplicitCoercionToUnitExpr |
 | funcExprs.kt:87:8:87:16 | Unit | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
 | funcExprs.kt:87:15:87:15 | 5 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
-| funcExprs.kt:89:5:90:69 | l3 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
+| funcExprs.kt:89:9:89:10 | l3 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
 | funcExprs.kt:90:15:90:69 | 0 | funcExprs.kt:90:15:90:69 | invoke | IntegerLiteral |
 | funcExprs.kt:90:15:90:69 | 1 | funcExprs.kt:90:15:90:69 | invoke | IntegerLiteral |
 | funcExprs.kt:90:15:90:69 | 2 | funcExprs.kt:90:15:90:69 | invoke | IntegerLiteral |
@@ -3427,7 +3427,7 @@
 | funcExprs.kt:90:57:90:57 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:90:59:90:59 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:90:61:90:61 | int | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:90:67:90:68 |  | funcExprs.kt:90:15:90:69 | invoke | StringLiteral |
+| funcExprs.kt:90:67:90:68 | "" | funcExprs.kt:90:15:90:69 | invoke | StringLiteral |
 | funcExprs.kt:91:5:91:6 | l3 | funcExprs.kt:82:9:96:1 | fn | VarAccess |
 | funcExprs.kt:91:5:91:60 | 23 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
 | funcExprs.kt:91:5:91:60 | Object | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
@@ -3459,7 +3459,7 @@
 | funcExprs.kt:91:55:91:55 | 1 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
 | funcExprs.kt:91:57:91:57 | 2 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
 | funcExprs.kt:91:59:91:59 | 3 | funcExprs.kt:82:9:96:1 | fn | IntegerLiteral |
-| funcExprs.kt:93:5:94:67 | l4 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
+| funcExprs.kt:93:9:93:10 | l4 | funcExprs.kt:82:9:96:1 | fn | LocalVariableDeclExpr |
 | funcExprs.kt:94:15:94:67 | ...->... | funcExprs.kt:82:9:96:1 | fn | LambdaExpr |
 | funcExprs.kt:94:15:94:67 | Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,String> | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
 | funcExprs.kt:94:15:94:67 | Integer | funcExprs.kt:82:9:96:1 | fn | TypeAccess |
@@ -3508,7 +3508,7 @@
 | funcExprs.kt:94:55:94:55 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:94:57:94:57 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | funcExprs.kt:94:59:94:59 | int | file://:0:0:0:0 | <none> | TypeAccess |
-| funcExprs.kt:94:65:94:66 |  | funcExprs.kt:94:15:94:67 | invoke | StringLiteral |
+| funcExprs.kt:94:65:94:66 | "" | funcExprs.kt:94:15:94:67 | invoke | StringLiteral |
 | funcExprs.kt:95:5:95:6 | l4 | funcExprs.kt:82:9:96:1 | fn | VarAccess |
 | funcExprs.kt:95:5:95:58 | invoke(...) | funcExprs.kt:82:9:96:1 | fn | MethodAccess |
 | funcExprs.kt:95:8:95:58 | <implicit coercion to unit> | funcExprs.kt:82:9:96:1 | fn | ImplicitCoercionToUnitExpr |
@@ -3540,7 +3540,7 @@
 | kFunctionInvoke.kt:7:1:10:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | kFunctionInvoke.kt:7:12:7:15 | A | file://:0:0:0:0 | <none> | TypeAccess |
 | kFunctionInvoke.kt:7:18:7:26 | String | file://:0:0:0:0 | <none> | TypeAccess |
-| kFunctionInvoke.kt:8:5:8:47 | toCall | kFunctionInvoke.kt:7:1:10:1 | useRef | LocalVariableDeclExpr |
+| kFunctionInvoke.kt:8:9:8:14 | toCall | kFunctionInvoke.kt:7:1:10:1 | useRef | LocalVariableDeclExpr |
 | kFunctionInvoke.kt:8:44:8:44 | a | kFunctionInvoke.kt:7:1:10:1 | useRef | VarAccess |
 | kFunctionInvoke.kt:8:44:8:47 | 1 | kFunctionInvoke.kt:8:44:8:47 |  | IntegerLiteral |
 | kFunctionInvoke.kt:8:44:8:47 | ...::... | kFunctionInvoke.kt:7:1:10:1 | useRef | MemberRefExpr |
@@ -3560,7 +3560,7 @@
 | kFunctionInvoke.kt:9:5:9:13 | invoke(...) | kFunctionInvoke.kt:7:1:10:1 | useRef | MethodAccess |
 | kFunctionInvoke.kt:9:12:9:12 | s | kFunctionInvoke.kt:7:1:10:1 | useRef | VarAccess |
 | localFunctionCalls.kt:3:1:12:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| localFunctionCalls.kt:4:5:4:13 | x | localFunctionCalls.kt:3:1:12:1 | x | LocalVariableDeclExpr |
+| localFunctionCalls.kt:4:9:4:9 | x | localFunctionCalls.kt:3:1:12:1 | x | LocalVariableDeclExpr |
 | localFunctionCalls.kt:4:13:4:13 | 5 | localFunctionCalls.kt:3:1:12:1 | x | IntegerLiteral |
 | localFunctionCalls.kt:5:5:5:29 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | localFunctionCalls.kt:5:15:5:20 | int | file://:0:0:0:0 | <none> | TypeAccess |
@@ -3607,7 +3607,7 @@
 | localFunctionCalls.kt:11:18:11:19 | 42 | localFunctionCalls.kt:3:1:12:1 | x | IntegerLiteral |
 | samConversion.kt:1:1:14:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:1:10:1:19 | boolean | file://:0:0:0:0 | <none> | TypeAccess |
-| samConversion.kt:2:5:2:45 | isEven | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
+| samConversion.kt:2:9:2:14 | isEven | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
 | samConversion.kt:2:18:2:45 | (...)... | samConversion.kt:1:1:14:1 | main | CastExpr |
 | samConversion.kt:2:18:2:45 | ...=... | samConversion.kt:2:18:2:45 |  | AssignExpr |
 | samConversion.kt:2:18:2:45 | <fn> | samConversion.kt:2:18:2:45 |  | VarAccess |
@@ -3635,7 +3635,7 @@
 | samConversion.kt:2:33:2:43 | ... (value equals) ... | samConversion.kt:2:31:2:45 | invoke | ValueEQExpr |
 | samConversion.kt:2:38:2:38 | 2 | samConversion.kt:2:31:2:45 | invoke | IntegerLiteral |
 | samConversion.kt:2:43:2:43 | 0 | samConversion.kt:2:31:2:45 | invoke | IntegerLiteral |
-| samConversion.kt:4:5:4:42 | i0 | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
+| samConversion.kt:4:9:4:10 | i0 | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
 | samConversion.kt:4:14:4:42 | (...)... | samConversion.kt:1:1:14:1 | main | CastExpr |
 | samConversion.kt:4:14:4:42 | ...=... | samConversion.kt:4:14:4:42 |  | AssignExpr |
 | samConversion.kt:4:14:4:42 | <fn> | samConversion.kt:4:14:4:42 |  | VarAccess |
@@ -3664,7 +3664,7 @@
 | samConversion.kt:4:29:4:29 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:4:32:4:32 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:4:37:4:40 | INSTANCE | samConversion.kt:4:27:4:42 | invoke | VarAccess |
-| samConversion.kt:5:5:5:32 | i1 | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
+| samConversion.kt:5:9:5:10 | i1 | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
 | samConversion.kt:5:14:5:32 | (...)... | samConversion.kt:1:1:14:1 | main | CastExpr |
 | samConversion.kt:5:14:5:32 | ...=... | samConversion.kt:5:14:5:32 |  | AssignExpr |
 | samConversion.kt:5:14:5:32 | <fn> | samConversion.kt:5:14:5:32 |  | VarAccess |
@@ -3694,7 +3694,7 @@
 | samConversion.kt:5:27:5:31 | a0 | samConversion.kt:5:27:5:31 | invoke | VarAccess |
 | samConversion.kt:5:27:5:31 | a1 | samConversion.kt:5:27:5:31 | invoke | VarAccess |
 | samConversion.kt:5:27:5:31 | fn2(...) | samConversion.kt:5:27:5:31 | invoke | MethodAccess |
-| samConversion.kt:7:5:7:46 | i | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
+| samConversion.kt:7:9:7:9 | i | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
 | samConversion.kt:7:13:7:46 | (...)... | samConversion.kt:1:1:14:1 | main | CastExpr |
 | samConversion.kt:7:13:7:46 | ...=... | samConversion.kt:7:13:7:46 |  | AssignExpr |
 | samConversion.kt:7:13:7:46 | <fn> | samConversion.kt:7:13:7:46 |  | VarAccess |
@@ -3724,8 +3724,8 @@
 | samConversion.kt:7:31:7:31 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:7:36:7:39 | this | samConversion.kt:7:29:7:46 | invoke | ExtensionReceiverAccess |
 | samConversion.kt:7:36:7:45 | ... (value equals) ... | samConversion.kt:7:29:7:46 | invoke | ValueEQExpr |
-| samConversion.kt:7:44:7:45 |  | samConversion.kt:7:29:7:46 | invoke | StringLiteral |
-| samConversion.kt:9:5:13:6 | x | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
+| samConversion.kt:7:44:7:45 | "" | samConversion.kt:7:29:7:46 | invoke | StringLiteral |
+| samConversion.kt:9:9:9:9 | x | samConversion.kt:1:1:14:1 | main | LocalVariableDeclExpr |
 | samConversion.kt:9:13:13:6 | (...)... | samConversion.kt:1:1:14:1 | main | CastExpr |
 | samConversion.kt:9:13:13:6 | ...=... | samConversion.kt:9:13:13:6 |  | AssignExpr |
 | samConversion.kt:9:13:13:6 | <fn> | samConversion.kt:9:13:13:6 |  | VarAccess |
@@ -3829,7 +3829,7 @@
 | samConversion.kt:38:49:38:52 | true | samConversion.kt:36:1:38:52 | ff | BooleanLiteral |
 | samConversion.kt:40:1:47:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:40:8:40:19 | boolean | file://:0:0:0:0 | <none> | TypeAccess |
-| samConversion.kt:41:5:41:16 | a | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
+| samConversion.kt:41:9:41:9 | a | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
 | samConversion.kt:41:13:41:16 | 0 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral |
 | samConversion.kt:41:13:41:16 | 1 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral |
 | samConversion.kt:41:13:41:16 | 2 | samConversion.kt:41:13:41:16 | invoke | IntegerLiteral |
@@ -3951,7 +3951,7 @@
 | samConversion.kt:41:13:41:16 | int | samConversion.kt:41:13:41:16 | invoke | TypeAccess |
 | samConversion.kt:41:13:41:16 | int | samConversion.kt:41:13:41:16 | invoke | TypeAccess |
 | samConversion.kt:41:13:41:16 | int | samConversion.kt:41:13:41:16 | invoke | TypeAccess |
-| samConversion.kt:42:5:42:32 | b | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
+| samConversion.kt:42:9:42:9 | b | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
 | samConversion.kt:42:13:42:32 | 23 | samConversion.kt:42:13:42:32 | accept | IntegerLiteral |
 | samConversion.kt:42:13:42:32 | (...)... | samConversion.kt:40:1:47:1 | fn | CastExpr |
 | samConversion.kt:42:13:42:32 | ...=... | samConversion.kt:42:13:42:32 |  | AssignExpr |
@@ -4016,7 +4016,7 @@
 | samConversion.kt:42:13:42:32 | this.<fn> | samConversion.kt:42:13:42:32 |  | VarAccess |
 | samConversion.kt:42:13:42:32 | {...} | samConversion.kt:42:13:42:32 | accept | ArrayInit |
 | samConversion.kt:42:31:42:31 | a | samConversion.kt:40:1:47:1 | fn | VarAccess |
-| samConversion.kt:43:5:45:68 | c | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
+| samConversion.kt:43:9:43:9 | c | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
 | samConversion.kt:43:13:45:68 | 23 | samConversion.kt:43:13:45:68 | accept | IntegerLiteral |
 | samConversion.kt:43:13:45:68 | (...)... | samConversion.kt:40:1:47:1 | fn | CastExpr |
 | samConversion.kt:43:13:45:68 | ...=... | samConversion.kt:43:13:45:68 |  | AssignExpr |
@@ -4225,7 +4225,7 @@
 | samConversion.kt:45:42:45:49 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:45:52:45:59 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:45:64:45:67 | true | samConversion.kt:43:31:45:68 | invoke | BooleanLiteral |
-| samConversion.kt:46:5:46:44 | d | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
+| samConversion.kt:46:9:46:9 | d | samConversion.kt:40:1:47:1 | fn | LocalVariableDeclExpr |
 | samConversion.kt:46:13:46:44 | (...)... | samConversion.kt:40:1:47:1 | fn | CastExpr |
 | samConversion.kt:46:13:46:44 | ...=... | samConversion.kt:46:13:46:44 |  | AssignExpr |
 | samConversion.kt:46:13:46:44 | <fn> | samConversion.kt:46:13:46:44 |  | VarAccess |
@@ -4257,7 +4257,7 @@
 | samConversion.kt:54:21:54:26 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:54:29:54:34 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:57:9:60:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
-| samConversion.kt:58:5:58:45 | i0 | samConversion.kt:57:9:60:1 | test | LocalVariableDeclExpr |
+| samConversion.kt:58:9:58:10 | i0 | samConversion.kt:57:9:60:1 | test | LocalVariableDeclExpr |
 | samConversion.kt:58:14:58:45 | (...)... | samConversion.kt:57:9:60:1 | test | CastExpr |
 | samConversion.kt:58:14:58:45 | ...=... | samConversion.kt:58:14:58:45 |  | AssignExpr |
 | samConversion.kt:58:14:58:45 | <fn> | samConversion.kt:58:14:58:45 |  | VarAccess |
@@ -4302,7 +4302,7 @@
 | samConversion.kt:71:5:71:16 | int | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:74:1:77:1 | Unit | file://:0:0:0:0 | <none> | TypeAccess |
 | samConversion.kt:74:22:74:42 | PropertyRefsTest | file://:0:0:0:0 | <none> | TypeAccess |
-| samConversion.kt:75:5:75:33 | test1 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr |
+| samConversion.kt:75:9:75:13 | test1 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr |
 | samConversion.kt:75:17:75:33 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr |
 | samConversion.kt:75:17:75:33 | ...=... | samConversion.kt:75:17:75:33 |  | AssignExpr |
 | samConversion.kt:75:17:75:33 | <fn> | samConversion.kt:75:17:75:33 |  | VarAccess |
@@ -4330,7 +4330,7 @@
 | samConversion.kt:75:27:75:32 | this | samConversion.kt:75:27:75:32 | invoke | ThisAccess |
 | samConversion.kt:75:27:75:32 | this.<dispatchReceiver> | samConversion.kt:75:27:75:32 |  | VarAccess |
 | samConversion.kt:75:27:75:32 | this.<dispatchReceiver> | samConversion.kt:75:27:75:32 | get | VarAccess |
-| samConversion.kt:76:5:76:55 | test2 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr |
+| samConversion.kt:76:9:76:13 | test2 | samConversion.kt:74:1:77:1 | propertyRefsTest | LocalVariableDeclExpr |
 | samConversion.kt:76:17:76:55 | (...)... | samConversion.kt:74:1:77:1 | propertyRefsTest | CastExpr |
 | samConversion.kt:76:17:76:55 | ...=... | samConversion.kt:76:17:76:55 |  | AssignExpr |
 | samConversion.kt:76:17:76:55 | <fn> | samConversion.kt:76:17:76:55 |  | VarAccess |
@@ -4379,6 +4379,6 @@
 | whenExpr.kt:6:5:6:5 | tmp0_subject | whenExpr.kt:1:1:9:1 | testWhen | VarAccess |
 | whenExpr.kt:6:16:6:44 | Exception | whenExpr.kt:1:1:9:1 | testWhen | TypeAccess |
 | whenExpr.kt:6:16:6:44 | new Exception(...) | whenExpr.kt:1:1:9:1 | testWhen | ClassInstanceExpr |
-| whenExpr.kt:6:27:6:42 | No threes please | whenExpr.kt:1:1:9:1 | testWhen | StringLiteral |
+| whenExpr.kt:6:27:6:42 | "No threes please" | whenExpr.kt:1:1:9:1 | testWhen | StringLiteral |
 | whenExpr.kt:7:13:7:15 | 999 | whenExpr.kt:1:1:9:1 | testWhen | IntegerLiteral |
 | whenExpr.kt:7:13:7:15 | true | whenExpr.kt:1:1:9:1 | testWhen | BooleanLiteral |
diff --git a/java/ql/test/kotlin/library-tests/exprs/exprs.ql b/java/ql/test/kotlin/library-tests/exprs/exprs.ql
index 89eb09fc368..b39528a55e4 100644
--- a/java/ql/test/kotlin/library-tests/exprs/exprs.ql
+++ b/java/ql/test/kotlin/library-tests/exprs/exprs.ql
@@ -35,4 +35,5 @@ MaybeElement enclosingCallable(Expr e) {
 }
 
 from Expr e
+where e.getFile().isSourceFile()
 select e, enclosingCallable(e), e.getPrimaryQlClasses()
diff --git a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected
index 81ea4c51841..b79725a80e3 100644
--- a/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected
+++ b/java/ql/test/kotlin/library-tests/exprs/funcExprs.expected
@@ -43,41 +43,41 @@ memberRefExprs
 | samConversion.kt:5:27:5:31 | ...::... | samConversion.kt:5:27:5:31 | invoke | invoke(int,int) | samConversion.kt:5:27:5:31 | new Function2<Integer,Integer,Unit>(...) { ... } |
 | samConversion.kt:41:13:41:16 | ...::... | samConversion.kt:41:13:41:16 | invoke | invoke(java.lang.Object[]) | samConversion.kt:41:13:41:16 | new FunctionN<Boolean>(...) { ... } |
 lambda_modifiers
-| delegatedProperties.kt:6:32:9:9 | ...->... | delegatedProperties.kt:6:32:9:9 | invoke | override, public |
-| funcExprs.kt:22:26:22:33 | ...->... | funcExprs.kt:22:26:22:33 | invoke | override, public |
-| funcExprs.kt:23:26:23:33 | ...->... | funcExprs.kt:23:26:23:33 | invoke | override, public |
-| funcExprs.kt:24:26:24:33 | ...->... | funcExprs.kt:24:26:24:33 | invoke | override, public |
-| funcExprs.kt:25:29:25:38 | ...->... | funcExprs.kt:25:29:25:38 | invoke | override, public |
-| funcExprs.kt:26:29:26:34 | ...->... | funcExprs.kt:26:29:26:34 | invoke | override, public |
-| funcExprs.kt:27:29:27:42 | ...->... | funcExprs.kt:27:29:27:42 | invoke | override, public |
-| funcExprs.kt:29:29:29:37 | ...->... | funcExprs.kt:29:29:29:37 | invoke | override, public |
-| funcExprs.kt:30:28:30:50 | ...->... | funcExprs.kt:30:28:30:50 | invoke | override, public |
-| funcExprs.kt:31:28:31:40 | ...->... | funcExprs.kt:31:28:31:40 | invoke | override, public |
-| funcExprs.kt:32:28:32:44 | ...->... | funcExprs.kt:32:28:32:44 | invoke | override, public |
-| funcExprs.kt:33:28:33:51 | ...->... | funcExprs.kt:33:28:33:51 | invoke | override, public |
-| funcExprs.kt:33:37:33:47 | ...->... | funcExprs.kt:33:37:33:47 | invoke | override, public |
-| funcExprs.kt:35:29:35:112 | ...->... | funcExprs.kt:35:29:35:112 | invoke | override, public |
+| delegatedProperties.kt:6:32:9:9 | ...->... | delegatedProperties.kt:6:32:9:9 | invoke | final, override, public |
+| funcExprs.kt:22:26:22:33 | ...->... | funcExprs.kt:22:26:22:33 | invoke | final, override, public |
+| funcExprs.kt:23:26:23:33 | ...->... | funcExprs.kt:23:26:23:33 | invoke | final, override, public |
+| funcExprs.kt:24:26:24:33 | ...->... | funcExprs.kt:24:26:24:33 | invoke | final, override, public |
+| funcExprs.kt:25:29:25:38 | ...->... | funcExprs.kt:25:29:25:38 | invoke | final, override, public |
+| funcExprs.kt:26:29:26:34 | ...->... | funcExprs.kt:26:29:26:34 | invoke | final, override, public |
+| funcExprs.kt:27:29:27:42 | ...->... | funcExprs.kt:27:29:27:42 | invoke | final, override, public |
+| funcExprs.kt:29:29:29:37 | ...->... | funcExprs.kt:29:29:29:37 | invoke | final, override, public |
+| funcExprs.kt:30:28:30:50 | ...->... | funcExprs.kt:30:28:30:50 | invoke | final, override, public |
+| funcExprs.kt:31:28:31:40 | ...->... | funcExprs.kt:31:28:31:40 | invoke | final, override, public |
+| funcExprs.kt:32:28:32:44 | ...->... | funcExprs.kt:32:28:32:44 | invoke | final, override, public |
+| funcExprs.kt:33:28:33:51 | ...->... | funcExprs.kt:33:28:33:51 | invoke | final, override, public |
+| funcExprs.kt:33:37:33:47 | ...->... | funcExprs.kt:33:37:33:47 | invoke | final, override, public |
+| funcExprs.kt:35:29:35:112 | ...->... | funcExprs.kt:35:29:35:112 | invoke | final, override, public |
+| funcExprs.kt:36:29:36:117 | ...->... | funcExprs.kt:36:29:36:117 | invoke | final, public |
 | funcExprs.kt:36:29:36:117 | ...->... | funcExprs.kt:36:29:36:117 | invoke | override, public |
-| funcExprs.kt:36:29:36:117 | ...->... | funcExprs.kt:36:29:36:117 | invoke | public |
-| funcExprs.kt:75:12:75:22 | ...->... | funcExprs.kt:75:12:75:22 | invoke | override, public |
-| funcExprs.kt:83:31:83:51 | ...->... | funcExprs.kt:83:31:83:51 | invoke | override, public |
-| funcExprs.kt:86:39:86:59 | ...->... | funcExprs.kt:86:39:86:59 | invoke | override, public, suspend |
+| funcExprs.kt:75:12:75:22 | ...->... | funcExprs.kt:75:12:75:22 | invoke | final, override, public |
+| funcExprs.kt:83:31:83:51 | ...->... | funcExprs.kt:83:31:83:51 | invoke | final, override, public |
+| funcExprs.kt:86:39:86:59 | ...->... | funcExprs.kt:86:39:86:59 | invoke | final, override, public, suspend |
+| funcExprs.kt:90:15:90:69 | ...->... | funcExprs.kt:90:15:90:69 | invoke | final, public |
 | funcExprs.kt:90:15:90:69 | ...->... | funcExprs.kt:90:15:90:69 | invoke | override, public |
-| funcExprs.kt:90:15:90:69 | ...->... | funcExprs.kt:90:15:90:69 | invoke | public |
-| funcExprs.kt:94:15:94:67 | ...->... | funcExprs.kt:94:15:94:67 | invoke | override, public, suspend |
-| samConversion.kt:2:31:2:45 | ...->... | samConversion.kt:2:31:2:45 | invoke | override, public |
-| samConversion.kt:4:27:4:42 | ...->... | samConversion.kt:4:27:4:42 | invoke | override, public |
-| samConversion.kt:7:29:7:46 | ...->... | samConversion.kt:7:29:7:46 | invoke | override, public |
-| samConversion.kt:9:33:11:5 | ...->... | samConversion.kt:9:33:11:5 | invoke | override, public |
-| samConversion.kt:11:12:13:5 | ...->... | samConversion.kt:11:12:13:5 | invoke | override, public |
+| funcExprs.kt:94:15:94:67 | ...->... | funcExprs.kt:94:15:94:67 | invoke | final, override, public, suspend |
+| samConversion.kt:2:31:2:45 | ...->... | samConversion.kt:2:31:2:45 | invoke | final, override, public |
+| samConversion.kt:4:27:4:42 | ...->... | samConversion.kt:4:27:4:42 | invoke | final, override, public |
+| samConversion.kt:7:29:7:46 | ...->... | samConversion.kt:7:29:7:46 | invoke | final, override, public |
+| samConversion.kt:9:33:11:5 | ...->... | samConversion.kt:9:33:11:5 | invoke | final, override, public |
+| samConversion.kt:11:12:13:5 | ...->... | samConversion.kt:11:12:13:5 | invoke | final, override, public |
+| samConversion.kt:43:31:45:68 | ...->... | samConversion.kt:43:31:45:68 | invoke | final, public |
 | samConversion.kt:43:31:45:68 | ...->... | samConversion.kt:43:31:45:68 | invoke | override, public |
-| samConversion.kt:43:31:45:68 | ...->... | samConversion.kt:43:31:45:68 | invoke | public |
-| samConversion.kt:46:32:46:44 | ...->... | samConversion.kt:46:32:46:44 | invoke | override, public |
-| samConversion.kt:58:30:58:45 | ...->... | samConversion.kt:58:30:58:45 | invoke | override, public, suspend |
+| samConversion.kt:46:32:46:44 | ...->... | samConversion.kt:46:32:46:44 | invoke | final, override, public |
+| samConversion.kt:58:30:58:45 | ...->... | samConversion.kt:58:30:58:45 | invoke | final, override, public, suspend |
 anon_class_member_modifiers
 | delegatedProperties.kt:6:24:9:9 | new KProperty0<Integer>(...) { ... } | delegatedProperties.kt:6:24:9:9 | get | override, public |
 | delegatedProperties.kt:6:24:9:9 | new KProperty0<Integer>(...) { ... } | delegatedProperties.kt:6:24:9:9 | invoke | override, public |
-| delegatedProperties.kt:6:32:9:9 | new Function0<Integer>(...) { ... } | delegatedProperties.kt:6:32:9:9 | invoke | override, public |
+| delegatedProperties.kt:6:32:9:9 | new Function0<Integer>(...) { ... } | delegatedProperties.kt:6:32:9:9 | invoke | final, override, public |
 | delegatedProperties.kt:19:31:19:51 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:19:31:19:51 | get | override, public |
 | delegatedProperties.kt:19:31:19:51 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:19:31:19:51 | get | override, public |
 | delegatedProperties.kt:19:31:19:51 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:19:31:19:51 | invoke | override, public |
@@ -86,8 +86,8 @@ anon_class_member_modifiers
 | delegatedProperties.kt:19:31:19:51 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:19:31:19:51 | set | override, public |
 | delegatedProperties.kt:23:26:23:31 | new KProperty0<String>(...) { ... } | delegatedProperties.kt:23:26:23:31 | get | override, public |
 | delegatedProperties.kt:23:26:23:31 | new KProperty0<String>(...) { ... } | delegatedProperties.kt:23:26:23:31 | invoke | override, public |
-| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:26:13:26:28 | getCurValue | public |
-| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:26:13:26:28 | setCurValue | public |
+| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:26:13:26:28 | getCurValue | final, public |
+| delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:26:13:26:28 | setCurValue | final, public |
 | delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:27:22:27:88 | getValue | override, public |
 | delegatedProperties.kt:25:64:31:9 | new ReadWriteProperty<Object,Integer>(...) { ... } | delegatedProperties.kt:28:22:30:13 | setValue | override, public |
 | delegatedProperties.kt:33:27:33:47 | new KProperty0<Integer>(...) { ... } | delegatedProperties.kt:33:27:33:47 | get | override, public |
@@ -187,22 +187,22 @@ anon_class_member_modifiers
 | delegatedProperties.kt:87:34:87:46 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:87:34:87:46 | get | override, public |
 | delegatedProperties.kt:87:34:87:46 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:87:34:87:46 | invoke | override, public |
 | delegatedProperties.kt:87:34:87:46 | new KMutableProperty0<Integer>(...) { ... } | delegatedProperties.kt:87:34:87:46 | set | override, public |
-| exprs.kt:195:16:197:9 | new Interface1(...) { ... } | exprs.kt:196:13:196:49 | getA3 | public |
-| funcExprs.kt:22:26:22:33 | new Function0<Integer>(...) { ... } | funcExprs.kt:22:26:22:33 | invoke | override, public |
-| funcExprs.kt:23:26:23:33 | new Function0<Object>(...) { ... } | funcExprs.kt:23:26:23:33 | invoke | override, public |
-| funcExprs.kt:24:26:24:33 | new Function0<Object>(...) { ... } | funcExprs.kt:24:26:24:33 | invoke | override, public |
-| funcExprs.kt:25:29:25:38 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:25:29:25:38 | invoke | override, public |
-| funcExprs.kt:26:29:26:34 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:26:29:26:34 | invoke | override, public |
-| funcExprs.kt:27:29:27:42 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:27:29:27:42 | invoke | override, public |
-| funcExprs.kt:29:29:29:37 | new Function1<Object,Object>(...) { ... } | funcExprs.kt:29:29:29:37 | invoke | override, public |
-| funcExprs.kt:30:28:30:50 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:30:28:30:50 | invoke | override, public |
-| funcExprs.kt:31:28:31:40 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:31:28:31:40 | invoke | override, public |
-| funcExprs.kt:32:28:32:44 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:32:28:32:44 | invoke | override, public |
-| funcExprs.kt:33:28:33:51 | new Function1<Integer,Function1<Integer,Double>>(...) { ... } | funcExprs.kt:33:28:33:51 | invoke | override, public |
-| funcExprs.kt:33:37:33:47 | new Function1<Integer,Double>(...) { ... } | funcExprs.kt:33:37:33:47 | invoke | override, public |
-| funcExprs.kt:35:29:35:112 | new Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Unit>(...) { ... } | funcExprs.kt:35:29:35:112 | invoke | override, public |
+| exprs.kt:195:16:197:9 | new Interface1(...) { ... } | exprs.kt:196:13:196:49 | getA3 | final, public |
+| funcExprs.kt:22:26:22:33 | new Function0<Integer>(...) { ... } | funcExprs.kt:22:26:22:33 | invoke | final, override, public |
+| funcExprs.kt:23:26:23:33 | new Function0<Object>(...) { ... } | funcExprs.kt:23:26:23:33 | invoke | final, override, public |
+| funcExprs.kt:24:26:24:33 | new Function0<Object>(...) { ... } | funcExprs.kt:24:26:24:33 | invoke | final, override, public |
+| funcExprs.kt:25:29:25:38 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:25:29:25:38 | invoke | final, override, public |
+| funcExprs.kt:26:29:26:34 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:26:29:26:34 | invoke | final, override, public |
+| funcExprs.kt:27:29:27:42 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:27:29:27:42 | invoke | final, override, public |
+| funcExprs.kt:29:29:29:37 | new Function1<Object,Object>(...) { ... } | funcExprs.kt:29:29:29:37 | invoke | final, override, public |
+| funcExprs.kt:30:28:30:50 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:30:28:30:50 | invoke | final, override, public |
+| funcExprs.kt:31:28:31:40 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:31:28:31:40 | invoke | final, override, public |
+| funcExprs.kt:32:28:32:44 | new Function2<Integer,Integer,Integer>(...) { ... } | funcExprs.kt:32:28:32:44 | invoke | final, override, public |
+| funcExprs.kt:33:28:33:51 | new Function1<Integer,Function1<Integer,Double>>(...) { ... } | funcExprs.kt:33:28:33:51 | invoke | final, override, public |
+| funcExprs.kt:33:37:33:47 | new Function1<Integer,Double>(...) { ... } | funcExprs.kt:33:37:33:47 | invoke | final, override, public |
+| funcExprs.kt:35:29:35:112 | new Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Unit>(...) { ... } | funcExprs.kt:35:29:35:112 | invoke | final, override, public |
+| funcExprs.kt:36:29:36:117 | new FunctionN<String>(...) { ... } | funcExprs.kt:36:29:36:117 | invoke | final, public |
 | funcExprs.kt:36:29:36:117 | new FunctionN<String>(...) { ... } | funcExprs.kt:36:29:36:117 | invoke | override, public |
-| funcExprs.kt:36:29:36:117 | new FunctionN<String>(...) { ... } | funcExprs.kt:36:29:36:117 | invoke | public |
 | funcExprs.kt:38:26:38:38 | new Function0<Integer>(...) { ... } | funcExprs.kt:38:26:38:38 | invoke | override, public |
 | funcExprs.kt:39:26:39:36 | new Function0<Integer>(...) { ... } | funcExprs.kt:39:26:39:36 | invoke | override, public |
 | funcExprs.kt:40:29:40:41 | new Function1<Integer,Integer>(...) { ... } | funcExprs.kt:40:29:40:41 | invoke | override, public |
@@ -214,37 +214,37 @@ anon_class_member_modifiers
 | funcExprs.kt:46:30:46:41 | new FunctionN<String>(...) { ... } | funcExprs.kt:46:30:46:41 | invoke | override, public |
 | funcExprs.kt:49:26:49:32 | new Function0<Integer>(...) { ... } | funcExprs.kt:49:26:49:32 | invoke | override, public |
 | funcExprs.kt:51:8:51:16 | new Function0<FuncRef>(...) { ... } | funcExprs.kt:51:8:51:16 | invoke | override, public |
-| funcExprs.kt:75:12:75:22 | new Function1<Generic<Generic<Integer>>,String>(...) { ... } | funcExprs.kt:75:12:75:22 | invoke | override, public |
-| funcExprs.kt:83:31:83:51 | new Function1<Integer,String>(...) { ... } | funcExprs.kt:83:31:83:51 | invoke | override, public |
-| funcExprs.kt:86:39:86:59 | new Function1<Integer,String>(...) { ... } | funcExprs.kt:86:39:86:59 | invoke | override, public, suspend |
+| funcExprs.kt:75:12:75:22 | new Function1<Generic<Generic<Integer>>,String>(...) { ... } | funcExprs.kt:75:12:75:22 | invoke | final, override, public |
+| funcExprs.kt:83:31:83:51 | new Function1<Integer,String>(...) { ... } | funcExprs.kt:83:31:83:51 | invoke | final, override, public |
+| funcExprs.kt:86:39:86:59 | new Function1<Integer,String>(...) { ... } | funcExprs.kt:86:39:86:59 | invoke | final, override, public, suspend |
+| funcExprs.kt:90:15:90:69 | new FunctionN<String>(...) { ... } | funcExprs.kt:90:15:90:69 | invoke | final, public |
 | funcExprs.kt:90:15:90:69 | new FunctionN<String>(...) { ... } | funcExprs.kt:90:15:90:69 | invoke | override, public |
-| funcExprs.kt:90:15:90:69 | new FunctionN<String>(...) { ... } | funcExprs.kt:90:15:90:69 | invoke | public |
-| funcExprs.kt:94:15:94:67 | new Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,String>(...) { ... } | funcExprs.kt:94:15:94:67 | invoke | override, public, suspend |
+| funcExprs.kt:94:15:94:67 | new Function22<Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,Integer,String>(...) { ... } | funcExprs.kt:94:15:94:67 | invoke | final, override, public, suspend |
 | kFunctionInvoke.kt:8:44:8:47 | new Function1<String,Unit>(...) { ... } | kFunctionInvoke.kt:8:44:8:47 | invoke | override, public |
-| samConversion.kt:2:18:2:45 | new IntPredicate(...) { ... } | samConversion.kt:2:18:2:45 | accept | override, public |
-| samConversion.kt:2:31:2:45 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:2:31:2:45 | invoke | override, public |
-| samConversion.kt:4:14:4:42 | new InterfaceFn1(...) { ... } | samConversion.kt:4:14:4:42 | fn1 | override, public |
-| samConversion.kt:4:27:4:42 | new Function2<Integer,Integer,Unit>(...) { ... } | samConversion.kt:4:27:4:42 | invoke | override, public |
-| samConversion.kt:5:14:5:32 | new InterfaceFn1(...) { ... } | samConversion.kt:5:14:5:32 | fn1 | override, public |
+| samConversion.kt:2:18:2:45 | new IntPredicate(...) { ... } | samConversion.kt:2:18:2:45 | accept | final, override, public |
+| samConversion.kt:2:31:2:45 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:2:31:2:45 | invoke | final, override, public |
+| samConversion.kt:4:14:4:42 | new InterfaceFn1(...) { ... } | samConversion.kt:4:14:4:42 | fn1 | final, override, public |
+| samConversion.kt:4:27:4:42 | new Function2<Integer,Integer,Unit>(...) { ... } | samConversion.kt:4:27:4:42 | invoke | final, override, public |
+| samConversion.kt:5:14:5:32 | new InterfaceFn1(...) { ... } | samConversion.kt:5:14:5:32 | fn1 | final, override, public |
 | samConversion.kt:5:27:5:31 | new Function2<Integer,Integer,Unit>(...) { ... } | samConversion.kt:5:27:5:31 | invoke | override, public |
-| samConversion.kt:7:13:7:46 | new InterfaceFnExt1(...) { ... } | samConversion.kt:7:13:7:46 | ext | override, public |
-| samConversion.kt:7:29:7:46 | new Function2<String,Integer,Boolean>(...) { ... } | samConversion.kt:7:29:7:46 | invoke | override, public |
-| samConversion.kt:9:13:13:6 | new IntPredicate(...) { ... } | samConversion.kt:9:13:13:6 | accept | override, public |
-| samConversion.kt:9:33:11:5 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:9:33:11:5 | invoke | override, public |
-| samConversion.kt:11:12:13:5 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:11:12:13:5 | invoke | override, public |
+| samConversion.kt:7:13:7:46 | new InterfaceFnExt1(...) { ... } | samConversion.kt:7:13:7:46 | ext | final, override, public |
+| samConversion.kt:7:29:7:46 | new Function2<String,Integer,Boolean>(...) { ... } | samConversion.kt:7:29:7:46 | invoke | final, override, public |
+| samConversion.kt:9:13:13:6 | new IntPredicate(...) { ... } | samConversion.kt:9:13:13:6 | accept | final, override, public |
+| samConversion.kt:9:33:11:5 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:9:33:11:5 | invoke | final, override, public |
+| samConversion.kt:11:12:13:5 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:11:12:13:5 | invoke | final, override, public |
 | samConversion.kt:41:13:41:16 | new FunctionN<Boolean>(...) { ... } | samConversion.kt:41:13:41:16 | invoke | override, public |
-| samConversion.kt:42:13:42:32 | new BigArityPredicate(...) { ... } | samConversion.kt:42:13:42:32 | accept | override, public |
-| samConversion.kt:43:13:45:68 | new BigArityPredicate(...) { ... } | samConversion.kt:43:13:45:68 | accept | override, public |
+| samConversion.kt:42:13:42:32 | new BigArityPredicate(...) { ... } | samConversion.kt:42:13:42:32 | accept | final, override, public |
+| samConversion.kt:43:13:45:68 | new BigArityPredicate(...) { ... } | samConversion.kt:43:13:45:68 | accept | final, override, public |
+| samConversion.kt:43:31:45:68 | new FunctionN<Boolean>(...) { ... } | samConversion.kt:43:31:45:68 | invoke | final, public |
 | samConversion.kt:43:31:45:68 | new FunctionN<Boolean>(...) { ... } | samConversion.kt:43:31:45:68 | invoke | override, public |
-| samConversion.kt:43:31:45:68 | new FunctionN<Boolean>(...) { ... } | samConversion.kt:43:31:45:68 | invoke | public |
-| samConversion.kt:46:13:46:44 | new SomePredicate<Integer>(...) { ... } | samConversion.kt:46:13:46:44 | fn | override, public |
-| samConversion.kt:46:32:46:44 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:46:32:46:44 | invoke | override, public |
-| samConversion.kt:58:14:58:45 | new InterfaceFn1Sus(...) { ... } | samConversion.kt:58:14:58:45 | fn1 | override, public, suspend |
-| samConversion.kt:58:30:58:45 | new Function2<Integer,Integer,Unit>(...) { ... } | samConversion.kt:58:30:58:45 | invoke | override, public, suspend |
-| samConversion.kt:75:17:75:33 | new IntGetter(...) { ... } | samConversion.kt:75:17:75:33 | f | override, public |
+| samConversion.kt:46:13:46:44 | new SomePredicate<Integer>(...) { ... } | samConversion.kt:46:13:46:44 | fn | final, override, public |
+| samConversion.kt:46:32:46:44 | new Function1<Integer,Boolean>(...) { ... } | samConversion.kt:46:32:46:44 | invoke | final, override, public |
+| samConversion.kt:58:14:58:45 | new InterfaceFn1Sus(...) { ... } | samConversion.kt:58:14:58:45 | fn1 | final, override, public, suspend |
+| samConversion.kt:58:30:58:45 | new Function2<Integer,Integer,Unit>(...) { ... } | samConversion.kt:58:30:58:45 | invoke | final, override, public, suspend |
+| samConversion.kt:75:17:75:33 | new IntGetter(...) { ... } | samConversion.kt:75:17:75:33 | f | final, override, public |
 | samConversion.kt:75:27:75:32 | new KProperty0<Integer>(...) { ... } | samConversion.kt:75:27:75:32 | get | override, public |
 | samConversion.kt:75:27:75:32 | new KProperty0<Integer>(...) { ... } | samConversion.kt:75:27:75:32 | invoke | override, public |
-| samConversion.kt:76:17:76:55 | new PropertyRefsGetter(...) { ... } | samConversion.kt:76:17:76:55 | f | override, public |
+| samConversion.kt:76:17:76:55 | new PropertyRefsGetter(...) { ... } | samConversion.kt:76:17:76:55 | f | final, override, public |
 | samConversion.kt:76:36:76:54 | new KProperty1<PropertyRefsTest,Integer>(...) { ... } | samConversion.kt:76:36:76:54 | get | override, public |
 | samConversion.kt:76:36:76:54 | new KProperty1<PropertyRefsTest,Integer>(...) { ... } | samConversion.kt:76:36:76:54 | invoke | override, public |
 nonOverrideInvoke
diff --git a/java/ql/test/kotlin/library-tests/exprs_typeaccess/PrintAst.expected b/java/ql/test/kotlin/library-tests/exprs_typeaccess/PrintAst.expected
index 77b2fbb794e..5af83a46a01 100644
--- a/java/ql/test/kotlin/library-tests/exprs_typeaccess/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/exprs_typeaccess/PrintAst.expected
@@ -27,7 +27,7 @@ A.kt:
 #   10|         2: [ExprStmt] <Expr>;
 #   10|           0: [MethodAccess] println(...)
 #   10|             -1: [TypeAccess] ConsoleKt
-#   10|             0: [StringLiteral] 
+#   10|             0: [StringLiteral] ""
 #   13|     6: [Method] getProp
 #   13|       3: [TypeAccess] int
 #   13|       5: [BlockStmt] { ... }
diff --git a/java/ql/test/kotlin/library-tests/extensions/extensions.kt b/java/ql/test/kotlin/library-tests/extensions/extensions.kt
index 8742f55e7b9..b5bc5b8c2cb 100644
--- a/java/ql/test/kotlin/library-tests/extensions/extensions.kt
+++ b/java/ql/test/kotlin/library-tests/extensions/extensions.kt
@@ -30,8 +30,3 @@ fun foo() {
     fun String.baz(p1: String): String { return "Baz" }
     "someString".baz("bazParam")
 }
-
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.NotNull
diff --git a/java/ql/test/kotlin/library-tests/extensions/methodaccesses.expected b/java/ql/test/kotlin/library-tests/extensions/methodaccesses.expected
index 03322ec3313..4aa35cde90b 100644
--- a/java/ql/test/kotlin/library-tests/extensions/methodaccesses.expected
+++ b/java/ql/test/kotlin/library-tests/extensions/methodaccesses.expected
@@ -1,20 +1,20 @@
 | A.java:3:9:3:49 | someFun(...) | A.java:3:9:3:20 | ExtensionsKt | A.java:3:30:3:44 | new SomeClass(...) |
 | A.java:3:9:3:49 | someFun(...) | A.java:3:9:3:20 | ExtensionsKt | A.java:3:47:3:48 | "" |
-| extensions.kt:21:5:21:38 | someClassMethod(...) | extensions.kt:21:5:21:15 | new SomeClass(...) | extensions.kt:21:34:21:36 | foo |
+| extensions.kt:21:5:21:38 | someClassMethod(...) | extensions.kt:21:5:21:15 | new SomeClass(...) | extensions.kt:21:34:21:36 | "foo" |
 | extensions.kt:22:5:22:30 | someFun(...) | extensions.kt:22:5:22:30 | ExtensionsKt | extensions.kt:22:5:22:15 | new SomeClass(...) |
-| extensions.kt:22:5:22:30 | someFun(...) | extensions.kt:22:5:22:30 | ExtensionsKt | extensions.kt:22:26:22:28 | foo |
+| extensions.kt:22:5:22:30 | someFun(...) | extensions.kt:22:5:22:30 | ExtensionsKt | extensions.kt:22:26:22:28 | "foo" |
 | extensions.kt:23:5:23:30 | bothFun(...) | extensions.kt:23:5:23:30 | ExtensionsKt | extensions.kt:23:5:23:15 | new SomeClass(...) |
-| extensions.kt:23:5:23:30 | bothFun(...) | extensions.kt:23:5:23:30 | ExtensionsKt | extensions.kt:23:26:23:28 | foo |
+| extensions.kt:23:5:23:30 | bothFun(...) | extensions.kt:23:5:23:30 | ExtensionsKt | extensions.kt:23:26:23:28 | "foo" |
 | extensions.kt:24:5:24:35 | bothFunDiffTypes(...) | extensions.kt:24:5:24:35 | ExtensionsKt | extensions.kt:24:5:24:15 | new SomeClass(...) |
 | extensions.kt:24:5:24:35 | bothFunDiffTypes(...) | extensions.kt:24:5:24:35 | ExtensionsKt | extensions.kt:24:34:24:34 | 1 |
-| extensions.kt:25:5:25:44 | anotherClassMethod(...) | extensions.kt:25:5:25:18 | new AnotherClass(...) | extensions.kt:25:40:25:42 | foo |
+| extensions.kt:25:5:25:44 | anotherClassMethod(...) | extensions.kt:25:5:25:18 | new AnotherClass(...) | extensions.kt:25:40:25:42 | "foo" |
 | extensions.kt:26:5:26:36 | anotherFun(...) | extensions.kt:26:5:26:36 | ExtensionsKt | extensions.kt:26:5:26:18 | new AnotherClass(...) |
-| extensions.kt:26:5:26:36 | anotherFun(...) | extensions.kt:26:5:26:36 | ExtensionsKt | extensions.kt:26:32:26:34 | foo |
+| extensions.kt:26:5:26:36 | anotherFun(...) | extensions.kt:26:5:26:36 | ExtensionsKt | extensions.kt:26:32:26:34 | "foo" |
 | extensions.kt:27:5:27:33 | bothFun(...) | extensions.kt:27:5:27:33 | ExtensionsKt | extensions.kt:27:5:27:18 | new AnotherClass(...) |
-| extensions.kt:27:5:27:33 | bothFun(...) | extensions.kt:27:5:27:33 | ExtensionsKt | extensions.kt:27:29:27:31 | foo |
+| extensions.kt:27:5:27:33 | bothFun(...) | extensions.kt:27:5:27:33 | ExtensionsKt | extensions.kt:27:29:27:31 | "foo" |
 | extensions.kt:28:5:28:42 | bothFunDiffTypes(...) | extensions.kt:28:5:28:42 | ExtensionsKt | extensions.kt:28:5:28:18 | new AnotherClass(...) |
-| extensions.kt:28:5:28:42 | bothFunDiffTypes(...) | extensions.kt:28:5:28:42 | ExtensionsKt | extensions.kt:28:38:28:40 | foo |
-| extensions.kt:29:6:29:27 | bar(...) | extensions.kt:29:6:29:27 | ExtensionsKt | extensions.kt:29:6:29:15 | someString |
-| extensions.kt:29:6:29:27 | bar(...) | extensions.kt:29:6:29:27 | ExtensionsKt | extensions.kt:29:23:29:25 | foo |
-| extensions.kt:31:6:31:32 | baz(...) | extensions.kt:31:6:31:32 | new (...) | extensions.kt:31:6:31:15 | someString |
-| extensions.kt:31:6:31:32 | baz(...) | extensions.kt:31:6:31:32 | new (...) | extensions.kt:31:23:31:30 | bazParam |
+| extensions.kt:28:5:28:42 | bothFunDiffTypes(...) | extensions.kt:28:5:28:42 | ExtensionsKt | extensions.kt:28:38:28:40 | "foo" |
+| extensions.kt:29:6:29:27 | bar(...) | extensions.kt:29:6:29:27 | ExtensionsKt | extensions.kt:29:6:29:15 | "someString" |
+| extensions.kt:29:6:29:27 | bar(...) | extensions.kt:29:6:29:27 | ExtensionsKt | extensions.kt:29:23:29:25 | "foo" |
+| extensions.kt:31:6:31:32 | baz(...) | extensions.kt:31:6:31:32 | new (...) | extensions.kt:31:6:31:15 | "someString" |
+| extensions.kt:31:6:31:32 | baz(...) | extensions.kt:31:6:31:32 | new (...) | extensions.kt:31:23:31:30 | "bazParam" |
diff --git a/java/ql/test/kotlin/library-tests/extensions/parameters.expected b/java/ql/test/kotlin/library-tests/extensions/parameters.expected
index 5cb7e0986d3..65906e57dd2 100644
--- a/java/ql/test/kotlin/library-tests/extensions/parameters.expected
+++ b/java/ql/test/kotlin/library-tests/extensions/parameters.expected
@@ -1,24 +1,24 @@
 parametersWithArgs
-| extensions.kt:3:25:3:34 | p1 | 0 | extensions.kt:21:34:21:36 | foo |
-| extensions.kt:6:28:6:37 | p1 | 0 | extensions.kt:25:40:25:42 | foo |
+| extensions.kt:3:25:3:34 | p1 | 0 | extensions.kt:21:34:21:36 | "foo" |
+| extensions.kt:6:28:6:37 | p1 | 0 | extensions.kt:25:40:25:42 | "foo" |
 | extensions.kt:9:5:9:13 | <this> | 0 | A.java:3:30:3:44 | new SomeClass(...) |
 | extensions.kt:9:5:9:13 | <this> | 0 | extensions.kt:22:5:22:15 | new SomeClass(...) |
 | extensions.kt:9:23:9:32 | p1 | 1 | A.java:3:47:3:48 | "" |
-| extensions.kt:9:23:9:32 | p1 | 1 | extensions.kt:22:26:22:28 | foo |
+| extensions.kt:9:23:9:32 | p1 | 1 | extensions.kt:22:26:22:28 | "foo" |
 | extensions.kt:10:5:10:16 | <this> | 0 | extensions.kt:26:5:26:18 | new AnotherClass(...) |
-| extensions.kt:10:29:10:38 | p1 | 1 | extensions.kt:26:32:26:34 | foo |
+| extensions.kt:10:29:10:38 | p1 | 1 | extensions.kt:26:32:26:34 | "foo" |
 | extensions.kt:12:5:12:13 | <this> | 0 | extensions.kt:23:5:23:15 | new SomeClass(...) |
-| extensions.kt:12:23:12:32 | p1 | 1 | extensions.kt:23:26:23:28 | foo |
+| extensions.kt:12:23:12:32 | p1 | 1 | extensions.kt:23:26:23:28 | "foo" |
 | extensions.kt:13:5:13:16 | <this> | 0 | extensions.kt:27:5:27:18 | new AnotherClass(...) |
-| extensions.kt:13:26:13:35 | p1 | 1 | extensions.kt:27:29:27:31 | foo |
+| extensions.kt:13:26:13:35 | p1 | 1 | extensions.kt:27:29:27:31 | "foo" |
 | extensions.kt:15:5:15:13 | <this> | 0 | extensions.kt:24:5:24:15 | new SomeClass(...) |
 | extensions.kt:15:32:15:38 | p1 | 1 | extensions.kt:24:34:24:34 | 1 |
 | extensions.kt:16:5:16:16 | <this> | 0 | extensions.kt:28:5:28:18 | new AnotherClass(...) |
-| extensions.kt:16:35:16:44 | p1 | 1 | extensions.kt:28:38:28:40 | foo |
-| extensions.kt:18:5:18:10 | <this> | 0 | extensions.kt:29:6:29:15 | someString |
-| extensions.kt:18:16:18:25 | p1 | 1 | extensions.kt:29:23:29:25 | foo |
-| extensions.kt:30:9:30:14 | <this> | 0 | extensions.kt:31:6:31:15 | someString |
-| extensions.kt:30:20:30:29 | p1 | 1 | extensions.kt:31:23:31:30 | bazParam |
+| extensions.kt:16:35:16:44 | p1 | 1 | extensions.kt:28:38:28:40 | "foo" |
+| extensions.kt:18:5:18:10 | <this> | 0 | extensions.kt:29:6:29:15 | "someString" |
+| extensions.kt:18:16:18:25 | p1 | 1 | extensions.kt:29:23:29:25 | "foo" |
+| extensions.kt:30:9:30:14 | <this> | 0 | extensions.kt:31:6:31:15 | "someString" |
+| extensions.kt:30:20:30:29 | p1 | 1 | extensions.kt:31:23:31:30 | "bazParam" |
 extensionParameter
 | extensions.kt:9:5:9:13 | <this> |
 | extensions.kt:10:5:10:16 | <this> |
diff --git a/java/ql/test/kotlin/library-tests/generic-inner-classes/test.expected b/java/ql/test/kotlin/library-tests/generic-inner-classes/test.expected
index deed53a7269..8b6a502898e 100644
--- a/java/ql/test/kotlin/library-tests/generic-inner-classes/test.expected
+++ b/java/ql/test/kotlin/library-tests/generic-inner-classes/test.expected
@@ -2,11 +2,11 @@ callArgs
 | KotlinUser.kt:7:13:7:31 | new OuterGeneric<Integer>(...) | KotlinUser.kt:7:13:7:31 | OuterGeneric<Integer> | -3 |
 | KotlinUser.kt:7:33:7:61 | new InnerGeneric<String>(...) | KotlinUser.kt:7:13:7:31 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:7:33:7:61 | new InnerGeneric<String>(...) | KotlinUser.kt:7:33:7:61 | InnerGeneric<String> | -3 |
-| KotlinUser.kt:7:33:7:61 | new InnerGeneric<String>(...) | KotlinUser.kt:7:55:7:59 | hello | 0 |
+| KotlinUser.kt:7:33:7:61 | new InnerGeneric<String>(...) | KotlinUser.kt:7:55:7:59 | "hello" | 0 |
 | KotlinUser.kt:8:14:8:32 | new OuterGeneric<Integer>(...) | KotlinUser.kt:8:14:8:32 | OuterGeneric<Integer> | -3 |
 | KotlinUser.kt:8:34:8:54 | new InnerGeneric<String>(...) | KotlinUser.kt:8:14:8:32 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:8:34:8:54 | new InnerGeneric<String>(...) | KotlinUser.kt:8:34:8:54 | InnerGeneric<String> | -3 |
-| KotlinUser.kt:8:34:8:54 | new InnerGeneric<String>(...) | KotlinUser.kt:8:48:8:52 | hello | 0 |
+| KotlinUser.kt:8:34:8:54 | new InnerGeneric<String>(...) | KotlinUser.kt:8:48:8:52 | "hello" | 0 |
 | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | KotlinUser.kt:9:13:9:31 | OuterGeneric<Integer> | -3 |
 | KotlinUser.kt:9:33:9:49 | new InnerNotGeneric<>(...) | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:9:33:9:49 | new InnerNotGeneric<>(...) | KotlinUser.kt:9:33:9:49 | InnerNotGeneric<> | -3 |
@@ -15,11 +15,11 @@ callArgs
 | KotlinUser.kt:10:31:10:52 | new InnerGeneric<String>(...) | KotlinUser.kt:10:31:10:52 | InnerGeneric<String> | -3 |
 | KotlinUser.kt:12:19:12:44 | returnsecond(...) | KotlinUser.kt:12:19:12:19 | a | -1 |
 | KotlinUser.kt:12:19:12:44 | returnsecond(...) | KotlinUser.kt:12:34:12:34 | 0 | 0 |
-| KotlinUser.kt:12:19:12:44 | returnsecond(...) | KotlinUser.kt:12:38:12:42 | hello | 1 |
+| KotlinUser.kt:12:19:12:44 | returnsecond(...) | KotlinUser.kt:12:38:12:42 | "hello" | 1 |
 | KotlinUser.kt:13:19:13:31 | identity(...) | KotlinUser.kt:13:19:13:19 | b | -1 |
 | KotlinUser.kt:13:19:13:31 | identity(...) | KotlinUser.kt:13:30:13:30 | 5 | 0 |
 | KotlinUser.kt:14:19:14:37 | identity(...) | KotlinUser.kt:14:19:14:19 | c | -1 |
-| KotlinUser.kt:14:19:14:37 | identity(...) | KotlinUser.kt:14:31:14:35 | world | 0 |
+| KotlinUser.kt:14:19:14:37 | identity(...) | KotlinUser.kt:14:31:14:35 | "world" | 0 |
 genericTypes
 | OuterGeneric.kt:3:1:21:1 | OuterGeneric | OuterGeneric.kt:3:27:3:27 | T |
 | OuterGeneric.kt:11:3:19:3 | InnerGeneric | OuterGeneric.kt:11:35:11:35 | S |
diff --git a/java/ql/test/kotlin/library-tests/generics-location/generics.kt b/java/ql/test/kotlin/library-tests/generics-location/generics.kt
index dff06636bb1..c269ceffea3 100644
--- a/java/ql/test/kotlin/library-tests/generics-location/generics.kt
+++ b/java/ql/test/kotlin/library-tests/generics-location/generics.kt
@@ -9,6 +9,3 @@ class B<T> {
         val b1 = B<Any>()
     }
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
diff --git a/java/ql/test/kotlin/library-tests/generics-location/locations.expected b/java/ql/test/kotlin/library-tests/generics-location/locations.expected
index bafdc26e216..2cd1f0ead27 100644
--- a/java/ql/test/kotlin/library-tests/generics-location/locations.expected
+++ b/java/ql/test/kotlin/library-tests/generics-location/locations.expected
@@ -5,7 +5,6 @@ classLocations
 | main.A<Object> | file:///!unknown-binary-location/main/A.class:0:0:0:0 | file:///!unknown-binary-location/main/A.class:0:0:0:0 |
 | main.A<String> | A.class:0:0:0:0 | A.class:0:0:0:0 |
 | main.A<String> | file:///!unknown-binary-location/main/A.class:0:0:0:0 | file:///!unknown-binary-location/main/A.class:0:0:0:0 |
-| main.B | generics-location.testproj/test.class.files/main/B.class:0:0:0:0 | generics-location.testproj/test.class.files/main/B.class:0:0:0:0 |
 | main.B | generics.kt:3:1:11:1 | generics.kt:3:1:11:1 |
 | main.B<Integer> | generics-location.testproj/test.class.files/main/B.class:0:0:0:0 | generics-location.testproj/test.class.files/main/B.class:0:0:0:0 |
 | main.B<Object> | file:///!unknown-binary-location/main/B.class:0:0:0:0 | file:///!unknown-binary-location/main/B.class:0:0:0:0 |
diff --git a/java/ql/test/kotlin/library-tests/generics/PrintAst.expected b/java/ql/test/kotlin/library-tests/generics/PrintAst.expected
index 619ba5f3bcc..2c3b395f4f1 100644
--- a/java/ql/test/kotlin/library-tests/generics/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/generics/PrintAst.expected
@@ -45,18 +45,18 @@ generics.kt:
 #   27|             0: [MethodAccess] f2(...)
 #   27|               -2: [TypeAccess] String
 #   27|               -1: [VarAccess] c1
-#   27|               0: [StringLiteral] 
+#   27|               0: [StringLiteral] ""
 #   28|         3: [LocalVariableDeclStmt] var ...;
 #   28|           1: [LocalVariableDeclExpr] c2
 #   28|             0: [ClassInstanceExpr] new C1<String,Integer>(...)
 #   28|               -3: [TypeAccess] C1<String,Integer>
 #   28|                 0: [TypeAccess] String
 #   28|                 1: [TypeAccess] Integer
-#   28|               0: [StringLiteral] 
+#   28|               0: [StringLiteral] ""
 #   29|         4: [ExprStmt] <Expr>;
 #   29|           0: [MethodAccess] f1(...)
 #   29|             -1: [VarAccess] c2
-#   29|             0: [StringLiteral] a
+#   29|             0: [StringLiteral] "a"
 #   30|         5: [LocalVariableDeclStmt] var ...;
 #   30|           1: [LocalVariableDeclExpr] x2
 #   30|             0: [MethodAccess] f2(...)
@@ -256,4 +256,4 @@ generics.kt:
 #   61|               -3: [TypeAccess] Local<Integer>
 #   61|                 0: [TypeAccess] Integer
 #   61|             0: [VarAccess] t
-#   61|             1: [StringLiteral] 
+#   61|             1: [StringLiteral] ""
diff --git a/java/ql/test/kotlin/library-tests/instances/classes.expected b/java/ql/test/kotlin/library-tests/instances/classes.expected
index 771d4f32431..72fa8ccccf5 100644
--- a/java/ql/test/kotlin/library-tests/instances/classes.expected
+++ b/java/ql/test/kotlin/library-tests/instances/classes.expected
@@ -1,4 +1,5 @@
 | TestClassA.kt:2:1:3:1 | TestClassA |
+| TestClassA.kt:2:1:3:1 | TestClassA<> |
 | TestClassAUser.kt:0:0:0:0 | TestClassAUserKt |
 | TestClassAUser.kt:15:1:15:24 | TestClassAUser |
 | file:///!unknown-binary-location/TestClassA.class:0:0:0:0 | TestClassA<TestClassAUser> |
diff --git a/java/ql/test/kotlin/library-tests/internal-constructor-called-from-java/test.kt b/java/ql/test/kotlin/library-tests/internal-constructor-called-from-java/test.kt
index b9c4397e920..65c8b43c44c 100644
--- a/java/ql/test/kotlin/library-tests/internal-constructor-called-from-java/test.kt
+++ b/java/ql/test/kotlin/library-tests/internal-constructor-called-from-java/test.kt
@@ -3,6 +3,3 @@ public class Test() {
   internal constructor(x: Int, y: Int) : this() { }
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
diff --git a/java/ql/test/kotlin/library-tests/internal-public-alias/test.kt b/java/ql/test/kotlin/library-tests/internal-public-alias/test.kt
index f363f769e50..e79e6d2f907 100644
--- a/java/ql/test/kotlin/library-tests/internal-public-alias/test.kt
+++ b/java/ql/test/kotlin/library-tests/internal-public-alias/test.kt
@@ -10,6 +10,3 @@ public class Test {
   internal fun internalFun() = 3
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
diff --git a/java/ql/test/kotlin/library-tests/java-lang-number-conversions/test.expected b/java/ql/test/kotlin/library-tests/java-lang-number-conversions/test.expected
index 2e674af64ee..52ed7b2ccfe 100644
--- a/java/ql/test/kotlin/library-tests/java-lang-number-conversions/test.expected
+++ b/java/ql/test/kotlin/library-tests/java-lang-number-conversions/test.expected
@@ -28,6 +28,7 @@
 | kotlin.Byte | describeConstable |
 | kotlin.Byte | div |
 | kotlin.Byte | doubleValue |
+| kotlin.Byte | equals |
 | kotlin.Byte | floatValue |
 | kotlin.Byte | inc |
 | kotlin.Byte | intValue |
@@ -39,6 +40,7 @@
 | kotlin.Byte | shortValue |
 | kotlin.Byte | times |
 | kotlin.Byte | toChar |
+| kotlin.Byte | toString |
 | kotlin.Byte | unaryMinus |
 | kotlin.Byte | unaryPlus |
 | kotlin.Number | byteValue |
diff --git a/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected
index 978c4777b09..e356679e208 100644
--- a/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/java-map-methods/PrintAst.expected
@@ -45,7 +45,7 @@ test.kt:
 #    9|         0: [ReturnStmt] return ...
 #    9|           0: [AddExpr] ... + ...
 #    9|             0: [VarAccess] s
-#    9|             1: [StringLiteral] 
+#    9|             1: [StringLiteral] ""
 #   10|     5: [Method] fn2
 #   10|       3: [TypeAccess] String
 #-----|       4: (Parameters)
@@ -55,7 +55,7 @@ test.kt:
 #   10|         0: [ReturnStmt] return ...
 #   10|           0: [AddExpr] ... + ...
 #   10|             0: [VarAccess] s
-#   10|             1: [StringLiteral] 
+#   10|             1: [StringLiteral] ""
 #   12|     6: [Method] fn1
 #   12|       3: [TypeAccess] int
 #-----|       4: (Parameters)
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin/Java.java b/java/ql/test/kotlin/library-tests/java_and_kotlin/Java.java
index 6240bced9f2..8e9d4895605 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin/Java.java
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin/Java.java
@@ -11,9 +11,13 @@ public class Java {
 			return super.fn0(x);
 		}
 
+/*
+// Java interop disabled as it currently doesn't work (no symbol fn1(int, Completion<...>) gets created)
+// TODO: re-enable this test once a correct function signature is extracted
 		@Override
 		public Object fn1(int x, Continuation<? super String> $completion) {
 			return super.fn1(x, $completion);
 		}
+*/
 	}
 }
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin/Kotlin.kt b/java/ql/test/kotlin/library-tests/java_and_kotlin/Kotlin.kt
index 1686e09e02d..63e5ca99455 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin/Kotlin.kt
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin/Kotlin.kt
@@ -13,10 +13,3 @@ class Dkotlin : Base() {
     override fun fn0(x: Int): String = super.fn0(x)
     override suspend fun fn1(x: Int): String = super.fn1(x)
 }
-
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.Nullable
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.Nullable
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin/test.expected b/java/ql/test/kotlin/library-tests/java_and_kotlin/test.expected
index 8da3febb040..fa37843355f 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin/test.expected
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin/test.expected
@@ -1,7 +1,6 @@
 methods
 | Java.java:4:7:4:13 | javaFun | javaFun() |
 | Java.java:10:17:10:19 | fn0 | fn0(int) |
-| Java.java:15:17:15:19 | fn1 | fn1(int,kotlin.coroutines.Continuation) |
 | Kotlin.kt:2:2:4:2 | kotlinFun | kotlinFun() |
 | Kotlin.kt:8:10:8:38 | fn0 | fn0(int) |
 | Kotlin.kt:9:18:9:46 | fn1 | fn1(int) |
@@ -9,15 +8,12 @@ methods
 | Kotlin.kt:14:22:14:59 | fn1 | fn1(int) |
 overrides
 | Java.java:10:17:10:19 | fn0 | Kotlin.kt:8:10:8:38 | fn0 |
-| Java.java:15:17:15:19 | fn1 | java_and_kotlin.testproj/test.class.files/Base.class:0:0:0:0 | fn1 |
 | Kotlin.kt:13:14:13:51 | fn0 | Kotlin.kt:8:10:8:38 | fn0 |
 | Kotlin.kt:14:22:14:59 | fn1 | Kotlin.kt:9:18:9:46 | fn1 |
 signature_mismatch
 | Kotlin.kt:9:18:9:46 | fn1 | fn1(int) |
-| java_and_kotlin.testproj/test.class.files/Base.class:0:0:0:0 | fn1 | fn1(int,kotlin.coroutines.Continuation) |
 #select
 | Java.java:5:3:5:26 | kotlinFun(...) | Kotlin.kt:2:2:4:2 | kotlinFun |
 | Java.java:11:11:11:22 | fn0(...) | Kotlin.kt:8:10:8:38 | fn0 |
-| Java.java:16:11:16:35 | fn1(...) | java_and_kotlin.testproj/test.class.files/Base.class:0:0:0:0 | fn1 |
 | Kotlin.kt:13:40:13:51 | fn0(...) | Kotlin.kt:8:10:8:38 | fn0 |
 | Kotlin.kt:14:48:14:59 | fn1(...) | Kotlin.kt:9:18:9:46 | fn1 |
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Java.java b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Java.java
index 73be4ea80bb..585161f21c0 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Java.java
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Java.java
@@ -1,5 +1,6 @@
 public class Java {
 	void javaFun() {
 		new Kotlin().kotlinFun$main();
+		KotlinKt.topLevelKotlinFun();
 	}
 }
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Kotlin.kt b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Kotlin.kt
index 4cdedefbbc8..98235ec7ff8 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Kotlin.kt
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/Kotlin.kt
@@ -3,5 +3,4 @@ public class Kotlin {
 	}
 }
 
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
+internal fun topLevelKotlinFun() { }
diff --git a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/visibility.expected b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/visibility.expected
index 3edb62a6505..378da6dd22f 100644
--- a/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/visibility.expected
+++ b/java/ql/test/kotlin/library-tests/java_and_kotlin_internal/visibility.expected
@@ -1,9 +1,16 @@
 isPublic
 isInternal
 | Kotlin.kt:2:11:3:2 | kotlinFun$main |
+| Kotlin.kt:6:10:6:36 | topLevelKotlinFun |
 modifiers_methods
 | file://:0:0:0:0 | final | Kotlin.kt:2:11:3:2 | kotlinFun$main |
+| file://:0:0:0:0 | final | Kotlin.kt:6:10:6:36 | topLevelKotlinFun |
 | file://:0:0:0:0 | internal | Kotlin.kt:2:11:3:2 | kotlinFun$main |
+| file://:0:0:0:0 | internal | Kotlin.kt:6:10:6:36 | topLevelKotlinFun |
+| file://:0:0:0:0 | static | Kotlin.kt:6:10:6:36 | topLevelKotlinFun |
 #select
 | Kotlin.kt:2:11:3:2 | kotlinFun$main | final |
 | Kotlin.kt:2:11:3:2 | kotlinFun$main | internal |
+| Kotlin.kt:6:10:6:36 | topLevelKotlinFun | final |
+| Kotlin.kt:6:10:6:36 | topLevelKotlinFun | internal |
+| Kotlin.kt:6:10:6:36 | topLevelKotlinFun | static |
diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected
index 6dfd45e83f4..172aac49284 100644
--- a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/PrintAst.expected
@@ -5,7 +5,7 @@ test.kt:
 #    1|       3: [TypeAccess] String
 #    1|       5: [BlockStmt] { ... }
 #    1|         0: [ReturnStmt] return ...
-#    1|           0: [StringLiteral] Hello world
+#    1|           0: [StringLiteral] "Hello world"
 #   45|     2: [ExtensionMethod] testExtensionFunction
 #   45|       3: [TypeAccess] int
 #-----|       4: (Parameters)
@@ -55,6 +55,8 @@ test.kt:
 #    1|             6: [IntegerLiteral] 23
 #    1|             7: [NullLiteral] null
 #   45|     4: [ExtensionMethod] testExtensionFunction
+#-----|       1: (Annotations)
+#   44|         1: [Annotation] JvmOverloads
 #   45|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #   45|         0: [Parameter] <this>
@@ -72,7 +74,7 @@ test.kt:
 #   45|       5: [BlockStmt] { ... }
 #   45|         0: [ReturnStmt] return ...
 #   45|           0: [VarAccess] a
-#   45|     5: [Method] testExtensionFunction$default
+#   45|     5: [ExtensionMethod] testExtensionFunction$default
 #   45|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #   45|         0: [Parameter] p0
@@ -116,7 +118,7 @@ test.kt:
 #   45|         2: [ReturnStmt] return ...
 #   45|           0: [MethodAccess] testExtensionFunction(...)
 #   45|             -1: [TypeAccess] TestKt
-#   45|             0: [VarAccess] p0
+#   45|             0: [ExtensionReceiverAccess] this
 #   45|             1: [VarAccess] p1
 #   45|             2: [VarAccess] p2
 #   45|             3: [VarAccess] p3
@@ -170,6 +172,9 @@ test.kt:
 #    1|             5: [IntegerLiteral] 23
 #    1|             6: [NullLiteral] null
 #    6|     4: [Method] testStaticFunction
+#-----|       1: (Annotations)
+#    5|         1: [Annotation] JvmOverloads
+#    5|         2: [Annotation] JvmStatic
 #    6|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #    6|         0: [Parameter] a
@@ -277,6 +282,8 @@ test.kt:
 #    1|             6: [IntegerLiteral] 23
 #    1|             7: [NullLiteral] null
 #    9|     8: [Method] testMemberFunction
+#-----|       1: (Annotations)
+#    8|         1: [Annotation] JvmOverloads
 #    9|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #    9|         0: [Parameter] a
@@ -356,9 +363,9 @@ test.kt:
 #   12|         0: [ReturnStmt] return ...
 #   12|           0: [MethodAccess] testMemberExtensionFunction$default(...)
 #   12|             -1: [TypeAccess] Test
-#    0|             0: [ExtensionReceiverAccess] this
-#    0|             1: [ThisAccess] Test.this
+#    0|             0: [ThisAccess] Test.this
 #    0|               0: [TypeAccess] Test
+#    0|             1: [ExtensionReceiverAccess] this
 #    0|             2: [VarAccess] a
 #    1|             3: [NullLiteral] null
 #    0|             4: [VarAccess] c
@@ -383,9 +390,9 @@ test.kt:
 #   12|         0: [ReturnStmt] return ...
 #   12|           0: [MethodAccess] testMemberExtensionFunction$default(...)
 #   12|             -1: [TypeAccess] Test
-#    0|             0: [ExtensionReceiverAccess] this
-#    0|             1: [ThisAccess] Test.this
+#    0|             0: [ThisAccess] Test.this
 #    0|               0: [TypeAccess] Test
+#    0|             1: [ExtensionReceiverAccess] this
 #    0|             2: [VarAccess] a
 #    0|             3: [VarAccess] b
 #    0|             4: [VarAccess] c
@@ -394,6 +401,8 @@ test.kt:
 #    1|             7: [IntegerLiteral] 23
 #    1|             8: [NullLiteral] null
 #   12|     12: [ExtensionMethod] testMemberExtensionFunction
+#-----|       1: (Annotations)
+#   11|         1: [Annotation] JvmOverloads
 #   12|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #   12|         0: [Parameter] <this>
@@ -411,13 +420,13 @@ test.kt:
 #   12|       5: [BlockStmt] { ... }
 #   12|         0: [ReturnStmt] return ...
 #   12|           0: [VarAccess] a
-#   12|     13: [Method] testMemberExtensionFunction$default
+#   12|     13: [ExtensionMethod] testMemberExtensionFunction$default
 #   12|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #   12|         0: [Parameter] p0
-#   12|           0: [TypeAccess] Test2
-#   12|         1: [Parameter] p1
 #   12|           0: [TypeAccess] Test
+#   12|         1: [Parameter] p1
+#   12|           0: [TypeAccess] Test2
 #   12|         2: [Parameter] p2
 #   12|           0: [TypeAccess] int
 #   12|         3: [Parameter] p3
@@ -456,8 +465,8 @@ test.kt:
 #   12|               1: [FloatLiteral] 1.0
 #   12|         2: [ReturnStmt] return ...
 #   12|           0: [MethodAccess] testMemberExtensionFunction(...)
-#   12|             -1: [VarAccess] p1
-#   12|             0: [VarAccess] p0
+#   12|             -1: [VarAccess] p0
+#   12|             0: [ExtensionReceiverAccess] this
 #   12|             1: [VarAccess] p2
 #   12|             2: [VarAccess] p3
 #   12|             3: [VarAccess] p4
@@ -501,6 +510,8 @@ test.kt:
 #    1|           5: [IntegerLiteral] 23
 #    1|           6: [NullLiteral] null
 #   16|     3: [Constructor] Test2
+#-----|       1: (Annotations)
+#   16|         1: [Annotation] JvmOverloads
 #-----|       4: (Parameters)
 #   16|         0: [Parameter] a
 #   16|           0: [TypeAccess] int
@@ -609,6 +620,8 @@ test.kt:
 #    1|               6: [IntegerLiteral] 23
 #    1|               7: [NullLiteral] null
 #   21|       4: [Method] testCompanionFunction
+#-----|         1: (Annotations)
+#   20|           1: [Annotation] JvmOverloads
 #   21|         3: [TypeAccess] int
 #-----|         4: (Parameters)
 #   21|           0: [Parameter] a
@@ -718,6 +731,9 @@ test.kt:
 #    1|               6: [IntegerLiteral] 23
 #    1|               7: [NullLiteral] null
 #   24|       8: [Method] testStaticCompanionFunction
+#-----|         1: (Annotations)
+#   23|           1: [Annotation] JvmOverloads
+#   23|           2: [Annotation] JvmStatic
 #   24|         3: [TypeAccess] int
 #-----|         4: (Parameters)
 #   24|           0: [Parameter] a
@@ -883,6 +899,8 @@ test.kt:
 #    1|           4: [IntegerLiteral] 11
 #    1|           5: [NullLiteral] null
 #   30|     3: [Constructor] GenericTest
+#-----|       1: (Annotations)
+#   30|         1: [Annotation] JvmOverloads
 #-----|       4: (Parameters)
 #   30|         0: [Parameter] a
 #   30|           0: [TypeAccess] int
@@ -929,7 +947,7 @@ test.kt:
 #   30|           1: [ExprStmt] <Expr>;
 #   30|             0: [AssignExpr] ...=...
 #   30|               0: [VarAccess] p2
-#   30|               1: [StringLiteral] Hello world
+#   30|               1: [StringLiteral] "Hello world"
 #   30|         2: [ThisConstructorInvocationStmt] this(...)
 #   30|           0: [VarAccess] p0
 #   30|           1: [VarAccess] p1
@@ -974,6 +992,8 @@ test.kt:
 #    1|             5: [IntegerLiteral] 11
 #    1|             6: [NullLiteral] null
 #   33|     7: [Method] testMemberFunction
+#-----|       1: (Annotations)
+#   32|         1: [Annotation] JvmOverloads
 #   33|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #   33|         0: [Parameter] a
@@ -1024,7 +1044,7 @@ test.kt:
 #   33|           1: [ExprStmt] <Expr>;
 #   33|             0: [AssignExpr] ...=...
 #   33|               0: [VarAccess] p3
-#   33|               1: [StringLiteral] Hello world
+#   33|               1: [StringLiteral] "Hello world"
 #   33|         2: [ReturnStmt] return ...
 #   33|           0: [MethodAccess] testMemberFunction(...)
 #   33|             -1: [VarAccess] p0
@@ -1049,7 +1069,7 @@ test.kt:
 #   37|               -1: [VarAccess] spec1
 #   37|               0: [IntegerLiteral] 1
 #   37|               1: [FloatLiteral] 1.0
-#   37|               2: [StringLiteral] Hello world
+#   37|               2: [StringLiteral] "Hello world"
 #   37|               3: [FloatLiteral] 2.0
 #   38|         1: [ExprStmt] <Expr>;
 #   38|           0: [ImplicitCoercionToUnitExpr] <implicit coercion to unit>
@@ -1058,5 +1078,5 @@ test.kt:
 #   38|               -1: [VarAccess] spec2
 #   38|               0: [IntegerLiteral] 1
 #   38|               1: [DoubleLiteral] 1.0
-#   38|               2: [StringLiteral] Hello world
+#   38|               2: [StringLiteral] "Hello world"
 #   38|               3: [DoubleLiteral] 2.0
diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected
index 00654e8929f..5fcccaca991 100644
--- a/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected
+++ b/java/ql/test/kotlin/library-tests/jvmoverloads-annotation/test.expected
@@ -29,7 +29,7 @@
 | test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,double,boolean) |
 | test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,java.lang.String,double,boolean) |
 | test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction | testMemberExtensionFunction(Test2,int,java.lang.String,double,float,boolean) |
-| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction$default | testMemberExtensionFunction$default(Test2,Test,int,java.lang.String,double,float,boolean,int,java.lang.Object) |
+| test.kt:3:1:14:1 | Test | test.kt:12:3:12:121 | testMemberExtensionFunction$default | testMemberExtensionFunction$default(Test,Test2,int,java.lang.String,double,float,boolean,int,java.lang.Object) |
 | test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,double,boolean) |
 | test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,java.lang.String,double,boolean) |
 | test.kt:16:1:28:1 | Test2 | test.kt:16:34:28:1 | Test2 | Test2(int,java.lang.String,double,float,boolean) |
diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt
index f7e42c682df..ff5879ebb93 100644
--- a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt
+++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.kt
@@ -85,14 +85,3 @@ public class TestDefaultParameterReference {
   }
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Completion failure for type: kotlin.jvm.JvmOverloads
-// Diagnostic Matches: Completion failure for type: kotlin.jvm.JvmStatic
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.Nullable
-// Diagnostic Matches: Unknown location for kotlin.jvm.JvmOverloads
-// Diagnostic Matches: Unknown location for kotlin.jvm.JvmStatic
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.Nullable
diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt
index ee49968eb57..3e5ced39c3f 100644
--- a/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt
+++ b/java/ql/test/kotlin/library-tests/jvmoverloads_generics/test.kt
@@ -4,10 +4,3 @@ public class A {
   fun <T> genericFunctionWithOverloads(x: T? = null, y: List<T>? = null, z: T? = null): T? = z
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Completion failure for type: kotlin.jvm.JvmOverloads
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.Nullable
-// Diagnostic Matches: Unknown location for kotlin.jvm.JvmOverloads
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.Nullable
diff --git a/java/ql/test/kotlin/library-tests/jvmstatic-annotation/PrintAst.expected b/java/ql/test/kotlin/library-tests/jvmstatic-annotation/PrintAst.expected
index 1376baa4f1d..338e67a33b0 100644
--- a/java/ql/test/kotlin/library-tests/jvmstatic-annotation/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/jvmstatic-annotation/PrintAst.expected
@@ -81,13 +81,13 @@ test.kt:
 #   52|             0: [TypeAccess] Unit
 #   52|             1: [MethodAccess] staticMethod(...)
 #   52|               -1: [VarAccess] Companion
-#   52|               0: [StringLiteral] 1
+#   52|               0: [StringLiteral] "1"
 #   53|         1: [ExprStmt] <Expr>;
 #   53|           0: [ImplicitCoercionToUnitExpr] <implicit coercion to unit>
 #   53|             0: [TypeAccess] Unit
 #   53|             1: [MethodAccess] nonStaticMethod(...)
 #   53|               -1: [VarAccess] Companion
-#   53|               0: [StringLiteral] 2
+#   53|               0: [StringLiteral] "2"
 #   54|         2: [ExprStmt] <Expr>;
 #   54|           0: [MethodAccess] setStaticProp(...)
 #   54|             -1: [VarAccess] Companion
@@ -113,13 +113,13 @@ test.kt:
 #   60|             0: [TypeAccess] Unit
 #   60|             1: [MethodAccess] staticMethod(...)
 #   60|               -1: [TypeAccess] NonCompanion
-#   60|               0: [StringLiteral] 1
+#   60|               0: [StringLiteral] "1"
 #   61|         7: [ExprStmt] <Expr>;
 #   61|           0: [ImplicitCoercionToUnitExpr] <implicit coercion to unit>
 #   61|             0: [TypeAccess] Unit
 #   61|             1: [MethodAccess] nonStaticMethod(...)
 #   61|               -1: [VarAccess] INSTANCE
-#   61|               0: [StringLiteral] 2
+#   61|               0: [StringLiteral] "2"
 #   62|         8: [ExprStmt] <Expr>;
 #   62|           0: [MethodAccess] setStaticProp(...)
 #   62|             -1: [TypeAccess] NonCompanion
@@ -141,13 +141,11 @@ test.kt:
 #   65|             0: [MethodAccess] getPropWithStaticGetter(...)
 #   65|               -1: [TypeAccess] NonCompanion
 #    9|   2: [Class] HasCompanion
-#-----|     -3: (Annotations)
-#    9|     2: [Constructor] HasCompanion
+#    9|     1: [Constructor] HasCompanion
 #    9|       5: [BlockStmt] { ... }
 #    9|         0: [SuperConstructorInvocationStmt] super(...)
 #    9|         1: [BlockStmt] { ... }
-#   11|     3: [Class] Companion
-#-----|       -3: (Annotations)
+#   11|     2: [Class] Companion
 #   11|       1: [Constructor] Companion
 #   11|         5: [BlockStmt] { ... }
 #   11|           0: [SuperConstructorInvocationStmt] super(...)
@@ -160,10 +158,10 @@ test.kt:
 #   17|                 0: [VarAccess] nonStaticProp
 #   13|       2: [Method] staticMethod
 #-----|         1: (Annotations)
+#   13|           1: [Annotation] JvmStatic
 #   13|         3: [TypeAccess] String
 #-----|         4: (Parameters)
 #   13|           0: [Parameter] s
-#-----|             -1: (Annotations)
 #   13|             0: [TypeAccess] String
 #   13|         5: [BlockStmt] { ... }
 #   13|           0: [ReturnStmt] return ...
@@ -171,11 +169,9 @@ test.kt:
 #   13|               -1: [ThisAccess] this
 #   13|               0: [VarAccess] s
 #   14|       3: [Method] nonStaticMethod
-#-----|         1: (Annotations)
 #   14|         3: [TypeAccess] String
 #-----|         4: (Parameters)
 #   14|           0: [Parameter] s
-#-----|             -1: (Annotations)
 #   14|             0: [TypeAccess] String
 #   14|         5: [BlockStmt] { ... }
 #   14|           0: [ReturnStmt] return ...
@@ -184,9 +180,8 @@ test.kt:
 #   14|               0: [VarAccess] s
 #   16|       4: [FieldDeclaration] String staticProp;
 #   16|         -1: [TypeAccess] String
-#   16|         0: [StringLiteral] a
+#   16|         0: [StringLiteral] "a"
 #   16|       5: [Method] getStaticProp
-#-----|         1: (Annotations)
 #   16|         3: [TypeAccess] String
 #   16|         5: [BlockStmt] { ... }
 #   16|           0: [ReturnStmt] return ...
@@ -196,7 +191,6 @@ test.kt:
 #   16|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #   16|           0: [Parameter] <set-?>
-#-----|             -1: (Annotations)
 #   16|             0: [TypeAccess] String
 #   16|         5: [BlockStmt] { ... }
 #   16|           0: [ExprStmt] <Expr>;
@@ -206,9 +200,8 @@ test.kt:
 #   16|               1: [VarAccess] <set-?>
 #   17|       7: [FieldDeclaration] String nonStaticProp;
 #   17|         -1: [TypeAccess] String
-#   17|         0: [StringLiteral] b
+#   17|         0: [StringLiteral] "b"
 #   17|       8: [Method] getNonStaticProp
-#-----|         1: (Annotations)
 #   17|         3: [TypeAccess] String
 #   17|         5: [BlockStmt] { ... }
 #   17|           0: [ReturnStmt] return ...
@@ -218,7 +211,6 @@ test.kt:
 #   17|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #   17|           0: [Parameter] <set-?>
-#-----|             -1: (Annotations)
 #   17|             0: [TypeAccess] String
 #   17|         5: [BlockStmt] { ... }
 #   17|           0: [ExprStmt] <Expr>;
@@ -228,6 +220,7 @@ test.kt:
 #   17|               1: [VarAccess] <set-?>
 #   20|       10: [Method] getPropWithStaticGetter
 #-----|         1: (Annotations)
+#   20|           1: [Annotation] JvmStatic
 #   20|         3: [TypeAccess] String
 #   20|         5: [BlockStmt] { ... }
 #   20|           0: [ReturnStmt] return ...
@@ -237,7 +230,6 @@ test.kt:
 #   21|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #   21|           0: [Parameter] s
-#-----|             -1: (Annotations)
 #   21|             0: [TypeAccess] String
 #   21|         5: [BlockStmt] { ... }
 #   21|           0: [ExprStmt] <Expr>;
@@ -245,7 +237,6 @@ test.kt:
 #   21|               -1: [ThisAccess] this
 #   21|               0: [VarAccess] s
 #   24|       12: [Method] getPropWithStaticSetter
-#-----|         1: (Annotations)
 #   24|         3: [TypeAccess] String
 #   24|         5: [BlockStmt] { ... }
 #   24|           0: [ReturnStmt] return ...
@@ -253,22 +244,20 @@ test.kt:
 #   24|               -1: [ThisAccess] this
 #   25|       13: [Method] setPropWithStaticSetter
 #-----|         1: (Annotations)
+#   25|           1: [Annotation] JvmStatic
 #   25|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #   25|           0: [Parameter] s
-#-----|             -1: (Annotations)
 #   25|             0: [TypeAccess] String
 #   25|         5: [BlockStmt] { ... }
 #   25|           0: [ExprStmt] <Expr>;
 #   25|             0: [MethodAccess] setPropWithStaticGetter(...)
 #   25|               -1: [ThisAccess] this
 #   25|               0: [VarAccess] s
-#   13|     4: [Method] staticMethod
-#-----|       1: (Annotations)
+#   13|     3: [Method] staticMethod
 #   13|       3: [TypeAccess] String
 #-----|       4: (Parameters)
 #   13|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   13|           0: [TypeAccess] String
 #   13|       5: [BlockStmt] { ... }
 #   13|         0: [ReturnStmt] return ...
@@ -276,19 +265,17 @@ test.kt:
 #   13|             -1: [VarAccess] HasCompanion.Companion
 #   13|               -1: [TypeAccess] HasCompanion
 #   13|             0: [VarAccess] s
-#   16|     5: [Method] getStaticProp
-#-----|       1: (Annotations)
+#   16|     4: [Method] getStaticProp
 #   16|       3: [TypeAccess] String
 #   16|       5: [BlockStmt] { ... }
 #   16|         0: [ReturnStmt] return ...
 #   16|           0: [MethodAccess] getStaticProp(...)
 #   16|             -1: [VarAccess] HasCompanion.Companion
 #   16|               -1: [TypeAccess] HasCompanion
-#   16|     6: [Method] setStaticProp
+#   16|     5: [Method] setStaticProp
 #   16|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   16|         0: [Parameter] <set-?>
-#-----|           -1: (Annotations)
 #   16|           0: [TypeAccess] String
 #   16|       5: [BlockStmt] { ... }
 #   16|         0: [ReturnStmt] return ...
@@ -296,20 +283,17 @@ test.kt:
 #   16|             -1: [VarAccess] HasCompanion.Companion
 #   16|               -1: [TypeAccess] HasCompanion
 #   16|             0: [VarAccess] <set-?>
-#   20|     7: [Method] getPropWithStaticGetter
-#-----|       1: (Annotations)
+#   20|     6: [Method] getPropWithStaticGetter
 #   20|       3: [TypeAccess] String
 #   20|       5: [BlockStmt] { ... }
 #   20|         0: [ReturnStmt] return ...
 #   20|           0: [MethodAccess] getPropWithStaticGetter(...)
 #   20|             -1: [VarAccess] HasCompanion.Companion
 #   20|               -1: [TypeAccess] HasCompanion
-#   25|     8: [Method] setPropWithStaticSetter
-#-----|       1: (Annotations)
+#   25|     7: [Method] setPropWithStaticSetter
 #   25|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   25|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   25|           0: [TypeAccess] String
 #   25|       5: [BlockStmt] { ... }
 #   25|         0: [ReturnStmt] return ...
@@ -318,8 +302,7 @@ test.kt:
 #   25|               -1: [TypeAccess] HasCompanion
 #   25|             0: [VarAccess] s
 #   31|   3: [Class] NonCompanion
-#-----|     -3: (Annotations)
-#   31|     2: [Constructor] NonCompanion
+#   31|     1: [Constructor] NonCompanion
 #   31|       5: [BlockStmt] { ... }
 #   31|         0: [SuperConstructorInvocationStmt] super(...)
 #   31|         1: [BlockStmt] { ... }
@@ -329,12 +312,12 @@ test.kt:
 #   37|           1: [ExprStmt] <Expr>;
 #   37|             0: [KtInitializerAssignExpr] ...=...
 #   37|               0: [VarAccess] nonStaticProp
-#   33|     3: [Method] staticMethod
+#   33|     2: [Method] staticMethod
 #-----|       1: (Annotations)
+#   33|         1: [Annotation] JvmStatic
 #   33|       3: [TypeAccess] String
 #-----|       4: (Parameters)
 #   33|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   33|           0: [TypeAccess] String
 #   33|       5: [BlockStmt] { ... }
 #   33|         0: [ReturnStmt] return ...
@@ -342,34 +325,30 @@ test.kt:
 #   33|             -1: [VarAccess] NonCompanion.INSTANCE
 #   33|               -1: [TypeAccess] NonCompanion
 #   33|             0: [VarAccess] s
-#   34|     4: [Method] nonStaticMethod
-#-----|       1: (Annotations)
+#   34|     3: [Method] nonStaticMethod
 #   34|       3: [TypeAccess] String
 #-----|       4: (Parameters)
 #   34|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   34|           0: [TypeAccess] String
 #   34|       5: [BlockStmt] { ... }
 #   34|         0: [ReturnStmt] return ...
 #   34|           0: [MethodAccess] staticMethod(...)
 #   34|             -1: [TypeAccess] NonCompanion
 #   34|             0: [VarAccess] s
-#   36|     5: [FieldDeclaration] String staticProp;
+#   36|     4: [FieldDeclaration] String staticProp;
 #   36|       -1: [TypeAccess] String
-#   36|       0: [StringLiteral] a
-#   36|     6: [Method] getStaticProp
-#-----|       1: (Annotations)
+#   36|       0: [StringLiteral] "a"
+#   36|     5: [Method] getStaticProp
 #   36|       3: [TypeAccess] String
 #   36|       5: [BlockStmt] { ... }
 #   36|         0: [ReturnStmt] return ...
 #   36|           0: [VarAccess] NonCompanion.INSTANCE.staticProp
 #   36|             -1: [VarAccess] NonCompanion.INSTANCE
 #   36|               -1: [TypeAccess] NonCompanion
-#   36|     7: [Method] setStaticProp
+#   36|     6: [Method] setStaticProp
 #   36|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   36|         0: [Parameter] <set-?>
-#-----|           -1: (Annotations)
 #   36|           0: [TypeAccess] String
 #   36|       5: [BlockStmt] { ... }
 #   36|         0: [ExprStmt] <Expr>;
@@ -378,21 +357,19 @@ test.kt:
 #   36|               -1: [VarAccess] NonCompanion.INSTANCE
 #   36|                 -1: [TypeAccess] NonCompanion
 #   36|             1: [VarAccess] <set-?>
-#   37|     8: [FieldDeclaration] String nonStaticProp;
+#   37|     7: [FieldDeclaration] String nonStaticProp;
 #   37|       -1: [TypeAccess] String
-#   37|       0: [StringLiteral] b
-#   37|     9: [Method] getNonStaticProp
-#-----|       1: (Annotations)
+#   37|       0: [StringLiteral] "b"
+#   37|     8: [Method] getNonStaticProp
 #   37|       3: [TypeAccess] String
 #   37|       5: [BlockStmt] { ... }
 #   37|         0: [ReturnStmt] return ...
 #   37|           0: [VarAccess] this.nonStaticProp
 #   37|             -1: [ThisAccess] this
-#   37|     10: [Method] setNonStaticProp
+#   37|     9: [Method] setNonStaticProp
 #   37|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   37|         0: [Parameter] <set-?>
-#-----|           -1: (Annotations)
 #   37|           0: [TypeAccess] String
 #   37|       5: [BlockStmt] { ... }
 #   37|         0: [ExprStmt] <Expr>;
@@ -400,38 +377,37 @@ test.kt:
 #   37|             0: [VarAccess] this.nonStaticProp
 #   37|               -1: [ThisAccess] this
 #   37|             1: [VarAccess] <set-?>
-#   40|     11: [Method] getPropWithStaticGetter
+#   40|     10: [Method] getPropWithStaticGetter
 #-----|       1: (Annotations)
+#   40|         1: [Annotation] JvmStatic
 #   40|       3: [TypeAccess] String
 #   40|       5: [BlockStmt] { ... }
 #   40|         0: [ReturnStmt] return ...
 #   40|           0: [MethodAccess] getPropWithStaticSetter(...)
 #   40|             -1: [VarAccess] NonCompanion.INSTANCE
 #   40|               -1: [TypeAccess] NonCompanion
-#   41|     12: [Method] setPropWithStaticGetter
+#   41|     11: [Method] setPropWithStaticGetter
 #   41|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   41|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   41|           0: [TypeAccess] String
 #   41|       5: [BlockStmt] { ... }
 #   41|         0: [ExprStmt] <Expr>;
 #   41|           0: [MethodAccess] setPropWithStaticSetter(...)
 #   41|             -1: [TypeAccess] NonCompanion
 #   41|             0: [VarAccess] s
-#   44|     13: [Method] getPropWithStaticSetter
-#-----|       1: (Annotations)
+#   44|     12: [Method] getPropWithStaticSetter
 #   44|       3: [TypeAccess] String
 #   44|       5: [BlockStmt] { ... }
 #   44|         0: [ReturnStmt] return ...
 #   44|           0: [MethodAccess] getPropWithStaticGetter(...)
 #   44|             -1: [TypeAccess] NonCompanion
-#   45|     14: [Method] setPropWithStaticSetter
+#   45|     13: [Method] setPropWithStaticSetter
 #-----|       1: (Annotations)
+#   45|         1: [Annotation] JvmStatic
 #   45|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   45|         0: [Parameter] s
-#-----|           -1: (Annotations)
 #   45|           0: [TypeAccess] String
 #   45|       5: [BlockStmt] { ... }
 #   45|         0: [ExprStmt] <Expr>;
diff --git a/java/ql/test/kotlin/library-tests/jvmstatic-annotation/test.kt b/java/ql/test/kotlin/library-tests/jvmstatic-annotation/test.kt
index 6f7014723a2..cbf553725b4 100644
--- a/java/ql/test/kotlin/library-tests/jvmstatic-annotation/test.kt
+++ b/java/ql/test/kotlin/library-tests/jvmstatic-annotation/test.kt
@@ -65,10 +65,3 @@ fun externalUser() {
   NonCompanion.propWithStaticSetter = NonCompanion.propWithStaticGetter
 
 }
-
-// Diagnostic Matches: Incomplete annotation: @kotlin.Metadata(%)
-// Diagnostic Matches: Unknown location for kotlin.Metadata
-// Diagnostic Matches: Completion failure for type: kotlin.jvm.JvmStatic
-// Diagnostic Matches: Completion failure for type: org.jetbrains.annotations.NotNull
-// Diagnostic Matches: Unknown location for kotlin.jvm.JvmStatic
-// Diagnostic Matches: Unknown location for org.jetbrains.annotations.NotNull
diff --git a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected
index c2119ec6123..9f482ab3b71 100644
--- a/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/lateinit/PrintAst.expected
@@ -30,7 +30,7 @@ test.kt:
 #    4|         0: [ReturnStmt] return ...
 #    4|           0: [MethodAccess] println(...)
 #    4|             -1: [TypeAccess] ConsoleKt
-#    4|             0: [StringLiteral] a
+#    4|             0: [StringLiteral] "a"
 #    6|     6: [Method] init
 #    6|       3: [TypeAccess] LateInit
 #    6|       5: [BlockStmt] { ... }
diff --git a/java/ql/test/kotlin/library-tests/literals/literals.expected b/java/ql/test/kotlin/library-tests/literals/literals.expected
index 86d23aa0d05..a22709ce194 100644
--- a/java/ql/test/kotlin/library-tests/literals/literals.expected
+++ b/java/ql/test/kotlin/library-tests/literals/literals.expected
@@ -23,7 +23,7 @@
 | literals.kt:25:34:25:39 | -123.4 | DoubleLiteral |
 | literals.kt:26:30:26:32 | c | CharacterLiteral |
 | literals.kt:27:30:27:33 | \n | CharacterLiteral |
-| literals.kt:28:34:28:35 |  | StringLiteral |
-| literals.kt:29:35:29:45 | Some string | StringLiteral |
-| literals.kt:30:35:30:46 | Some\nstring | StringLiteral |
+| literals.kt:28:34:28:35 | "" | StringLiteral |
+| literals.kt:29:35:29:45 | "Some string" | StringLiteral |
+| literals.kt:30:35:30:46 | "Some\\nstring" | StringLiteral |
 | literals.kt:31:30:31:33 | null | NullLiteral |
diff --git a/java/ql/test/kotlin/library-tests/literals/literals.ql b/java/ql/test/kotlin/library-tests/literals/literals.ql
index db19beff30b..587a71f3dc7 100644
--- a/java/ql/test/kotlin/library-tests/literals/literals.ql
+++ b/java/ql/test/kotlin/library-tests/literals/literals.ql
@@ -1,4 +1,5 @@
 import java
 
 from Literal l
+where l.getFile().isSourceFile()
 select l, l.getPrimaryQlClasses()
diff --git a/java/ql/test/kotlin/library-tests/methods/exprs.expected b/java/ql/test/kotlin/library-tests/methods/exprs.expected
index 76a48c189c4..5de17a12bf9 100644
--- a/java/ql/test/kotlin/library-tests/methods/exprs.expected
+++ b/java/ql/test/kotlin/library-tests/methods/exprs.expected
@@ -17,10 +17,13 @@
 | dataClass.kt:0:0:0:0 | 1 | IntegerLiteral |
 | dataClass.kt:0:0:0:0 | 2 | IntegerLiteral |
 | dataClass.kt:0:0:0:0 | 31 | IntegerLiteral |
+| dataClass.kt:0:0:0:0 | ")" | StringLiteral |
+| dataClass.kt:0:0:0:0 | ", " | StringLiteral |
 | dataClass.kt:0:0:0:0 | "..." | StringTemplateExpr |
+| dataClass.kt:0:0:0:0 | "DataClass(" | StringLiteral |
+| dataClass.kt:0:0:0:0 | "x=" | StringLiteral |
+| dataClass.kt:0:0:0:0 | "y=" | StringLiteral |
 | dataClass.kt:0:0:0:0 | (...)... | CastExpr |
-| dataClass.kt:0:0:0:0 | ) | StringLiteral |
-| dataClass.kt:0:0:0:0 | ,  | StringLiteral |
 | dataClass.kt:0:0:0:0 | ... !is ... | NotInstanceOfExpr |
 | dataClass.kt:0:0:0:0 | ... & ... | AndBitwiseExpr |
 | dataClass.kt:0:0:0:0 | ... & ... | AndBitwiseExpr |
@@ -40,7 +43,6 @@
 | dataClass.kt:0:0:0:0 | DataClass | TypeAccess |
 | dataClass.kt:0:0:0:0 | DataClass | TypeAccess |
 | dataClass.kt:0:0:0:0 | DataClass | TypeAccess |
-| dataClass.kt:0:0:0:0 | DataClass( | StringLiteral |
 | dataClass.kt:0:0:0:0 | Object | TypeAccess |
 | dataClass.kt:0:0:0:0 | Object | TypeAccess |
 | dataClass.kt:0:0:0:0 | String | TypeAccess |
@@ -105,9 +107,7 @@
 | dataClass.kt:0:0:0:0 | when ... | WhenExpr |
 | dataClass.kt:0:0:0:0 | when ... | WhenExpr |
 | dataClass.kt:0:0:0:0 | x | VarAccess |
-| dataClass.kt:0:0:0:0 | x= | StringLiteral |
 | dataClass.kt:0:0:0:0 | y | VarAccess |
-| dataClass.kt:0:0:0:0 | y= | StringLiteral |
 | dataClass.kt:1:22:1:31 | ...=... | KtInitializerAssignExpr |
 | dataClass.kt:1:22:1:31 | int | TypeAccess |
 | dataClass.kt:1:22:1:31 | int | TypeAccess |
@@ -204,7 +204,7 @@
 | delegates.kt:8:35:11:5 | <set-?> | VarAccess |
 | delegates.kt:8:35:11:5 | String | TypeAccess |
 | delegates.kt:8:35:11:5 | observable(...) | MethodAccess |
-| delegates.kt:8:57:8:62 | <none> | StringLiteral |
+| delegates.kt:8:57:8:62 | "<none>" | StringLiteral |
 | delegates.kt:8:66:11:5 | ...->... | LambdaExpr |
 | delegates.kt:8:66:11:5 | Function3<KProperty<?>,String,String,Unit> | TypeAccess |
 | delegates.kt:8:66:11:5 | KProperty<?> | TypeAccess |
@@ -219,9 +219,9 @@
 | delegates.kt:10:9:10:37 | ConsoleKt | TypeAccess |
 | delegates.kt:10:9:10:37 | println(...) | MethodAccess |
 | delegates.kt:10:17:10:36 | "..." | StringTemplateExpr |
-| delegates.kt:10:18:10:21 | Was  | StringLiteral |
+| delegates.kt:10:18:10:21 | "Was " | StringLiteral |
 | delegates.kt:10:23:10:25 | old | VarAccess |
-| delegates.kt:10:26:10:31 | , now  | StringLiteral |
+| delegates.kt:10:26:10:31 | ", now " | StringLiteral |
 | delegates.kt:10:33:10:35 | new | VarAccess |
 | enumClass.kt:0:0:0:0 | EnumClass | TypeAccess |
 | enumClass.kt:0:0:0:0 | EnumClass | TypeAccess |
@@ -293,16 +293,51 @@
 | methods2.kt:8:5:9:5 | Unit | TypeAccess |
 | methods2.kt:8:27:8:32 | int | TypeAccess |
 | methods2.kt:8:35:8:40 | int | TypeAccess |
-| methods3.kt:3:1:3:42 | Unit | TypeAccess |
-| methods3.kt:3:5:3:7 | int | TypeAccess |
-| methods3.kt:3:33:3:38 | int | TypeAccess |
-| methods3.kt:6:5:6:46 | Unit | TypeAccess |
-| methods3.kt:6:9:6:11 | int | TypeAccess |
-| methods3.kt:6:37:6:42 | int | TypeAccess |
+| methods3.kt:3:1:3:49 | 0 | IntegerLiteral |
+| methods3.kt:3:1:3:49 | 1 | IntegerLiteral |
+| methods3.kt:3:1:3:49 | ... & ... | AndBitwiseExpr |
+| methods3.kt:3:1:3:49 | ... == ... | EQExpr |
+| methods3.kt:3:1:3:49 | ...=... | AssignExpr |
+| methods3.kt:3:1:3:49 | Methods3Kt | TypeAccess |
+| methods3.kt:3:1:3:49 | Object | TypeAccess |
+| methods3.kt:3:1:3:49 | String | TypeAccess |
+| methods3.kt:3:1:3:49 | Unit | TypeAccess |
+| methods3.kt:3:1:3:49 | Unit | TypeAccess |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt(...) | MethodAccess |
+| methods3.kt:3:1:3:49 | int | TypeAccess |
+| methods3.kt:3:1:3:49 | int | TypeAccess |
+| methods3.kt:3:1:3:49 | p1 | VarAccess |
+| methods3.kt:3:1:3:49 | p1 | VarAccess |
+| methods3.kt:3:1:3:49 | p2 | VarAccess |
+| methods3.kt:3:1:3:49 | this | ExtensionReceiverAccess |
+| methods3.kt:3:5:3:10 | String | TypeAccess |
+| methods3.kt:3:36:3:45 | int | TypeAccess |
+| methods3.kt:3:45:3:45 | 1 | IntegerLiteral |
+| methods3.kt:6:5:6:45 | 0 | IntegerLiteral |
+| methods3.kt:6:5:6:45 | 1 | IntegerLiteral |
+| methods3.kt:6:5:6:45 | ... & ... | AndBitwiseExpr |
+| methods3.kt:6:5:6:45 | ... == ... | EQExpr |
+| methods3.kt:6:5:6:45 | ...=... | AssignExpr |
+| methods3.kt:6:5:6:45 | Class3 | TypeAccess |
+| methods3.kt:6:5:6:45 | Object | TypeAccess |
+| methods3.kt:6:5:6:45 | String | TypeAccess |
+| methods3.kt:6:5:6:45 | Unit | TypeAccess |
+| methods3.kt:6:5:6:45 | Unit | TypeAccess |
+| methods3.kt:6:5:6:45 | fooBarMethodExt(...) | MethodAccess |
+| methods3.kt:6:5:6:45 | int | TypeAccess |
+| methods3.kt:6:5:6:45 | int | TypeAccess |
+| methods3.kt:6:5:6:45 | p0 | VarAccess |
+| methods3.kt:6:5:6:45 | p2 | VarAccess |
+| methods3.kt:6:5:6:45 | p2 | VarAccess |
+| methods3.kt:6:5:6:45 | p3 | VarAccess |
+| methods3.kt:6:5:6:45 | this | ExtensionReceiverAccess |
+| methods3.kt:6:9:6:14 | String | TypeAccess |
+| methods3.kt:6:32:6:41 | int | TypeAccess |
+| methods3.kt:6:41:6:41 | 1 | IntegerLiteral |
 | methods4.kt:7:5:7:34 | Unit | TypeAccess |
 | methods4.kt:7:11:7:29 | InsideNestedTest | TypeAccess |
 | methods5.kt:3:1:11:1 | Unit | TypeAccess |
-| methods5.kt:4:3:4:11 | x | LocalVariableDeclExpr |
+| methods5.kt:4:7:4:7 | x | LocalVariableDeclExpr |
 | methods5.kt:4:11:4:11 | 5 | IntegerLiteral |
 | methods5.kt:5:3:5:27 | int | TypeAccess |
 | methods5.kt:5:13:5:18 | int | TypeAccess |
diff --git a/java/ql/test/kotlin/library-tests/methods/exprs.ql b/java/ql/test/kotlin/library-tests/methods/exprs.ql
index 6ded7c0026d..c2ae4f55ac7 100644
--- a/java/ql/test/kotlin/library-tests/methods/exprs.ql
+++ b/java/ql/test/kotlin/library-tests/methods/exprs.ql
@@ -1,4 +1,5 @@
 import java
 
 from Expr e
+where e.getFile().isSourceFile()
 select e, e.getPrimaryQlClasses()
diff --git a/java/ql/test/kotlin/library-tests/methods/methods.expected b/java/ql/test/kotlin/library-tests/methods/methods.expected
index 6a86ea6bf5b..89cdd03f303 100644
--- a/java/ql/test/kotlin/library-tests/methods/methods.expected
+++ b/java/ql/test/kotlin/library-tests/methods/methods.expected
@@ -1,59 +1,61 @@
 methods
 | clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:0:0:0:0 | <clinit> | <clinit>() | static | Compiler generated |
-| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | getTopLevelInt | getTopLevelInt() | public, static | Compiler generated |
-| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | setTopLevelInt | setTopLevelInt(int) | public, static | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component1 | component1() | public | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component2 | component2() | public | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | copy | copy(int,java.lang.String) | public | Compiler generated |
+| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | getTopLevelInt | getTopLevelInt() | final, public, static | Compiler generated |
+| clinit.kt:0:0:0:0 | ClinitKt | clinit.kt:3:1:3:24 | setTopLevelInt | setTopLevelInt(int) | final, public, static | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component1 | component1() | final, public | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | component2 | component2() | final, public | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | copy | copy(int,java.lang.String) | final, public | Compiler generated |
 | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | copy$default | copy$default(DataClass,int,java.lang.String,int,java.lang.Object) | public, static | Compiler generated |
 | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | equals | equals(java.lang.Object) | override, public | Compiler generated |
 | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | hashCode | hashCode() | override, public | Compiler generated |
 | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:0:0:0:0 | toString | toString() | override, public | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:22:1:31 | getX | getX() | public | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:34:1:46 | getY | getY() | public | Compiler generated |
-| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:34:1:46 | setY | setY(java.lang.String) | public | Compiler generated |
-| delegates.kt:3:1:12:1 | MyClass | delegates.kt:4:18:6:5 | getLazyProp | getLazyProp() | public | Compiler generated |
-| delegates.kt:3:1:12:1 | MyClass | delegates.kt:8:32:11:5 | getObservableProp | getObservableProp() | public | Compiler generated |
-| delegates.kt:3:1:12:1 | MyClass | delegates.kt:8:32:11:5 | setObservableProp | setObservableProp(java.lang.String) | public | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:22:1:31 | getX | getX() | final, public | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:34:1:46 | getY | getY() | final, public | Compiler generated |
+| dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:34:1:46 | setY | setY(java.lang.String) | final, public | Compiler generated |
+| delegates.kt:3:1:12:1 | MyClass | delegates.kt:4:18:6:5 | getLazyProp | getLazyProp() | final, public | Compiler generated |
+| delegates.kt:3:1:12:1 | MyClass | delegates.kt:8:32:11:5 | getObservableProp | getObservableProp() | final, public | Compiler generated |
+| delegates.kt:3:1:12:1 | MyClass | delegates.kt:8:32:11:5 | setObservableProp | setObservableProp(java.lang.String) | final, public | Compiler generated |
 | delegates.kt:4:18:6:5 | new KProperty1<MyClass,Integer>(...) { ... } | delegates.kt:4:18:6:5 | get | get(MyClass) | override, public |  |
 | delegates.kt:4:18:6:5 | new KProperty1<MyClass,Integer>(...) { ... } | delegates.kt:4:18:6:5 | invoke | invoke(MyClass) | override, public |  |
-| delegates.kt:4:26:6:5 | new Function0<Integer>(...) { ... } | delegates.kt:4:26:6:5 | invoke | invoke() | override, public |  |
+| delegates.kt:4:26:6:5 | new Function0<Integer>(...) { ... } | delegates.kt:4:26:6:5 | invoke | invoke() | final, override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | get | get(MyClass) | override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | get | get(MyClass) | override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | invoke | invoke(MyClass) | override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | invoke | invoke(MyClass) | override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public |  |
 | delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public |  |
-| delegates.kt:8:66:11:5 | new Function3<KProperty<?>,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | invoke | invoke(kotlin.reflect.KProperty,java.lang.String,java.lang.String) | override, public |  |
+| delegates.kt:8:66:11:5 | new Function3<KProperty<?>,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | invoke | invoke(kotlin.reflect.KProperty,java.lang.String,java.lang.String) | final, override, public |  |
 | enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | <clinit> | <clinit>() | static | Compiler generated |
-| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated |
-| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated |
-| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:22:1:31 | getV | getV() | public | Compiler generated |
+| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | final, public, static | Compiler generated |
+| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | values | values() | final, public, static | Compiler generated |
+| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:22:1:31 | getV | getV() | final, public | Compiler generated |
 | enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | <clinit> | <clinit>() | static | Compiler generated |
-| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | public, static | Compiler generated |
-| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | values | values() | public, static | Compiler generated |
-| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:13:12:13:29 | f | f(int) | public |  |
-| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:14:12:14:29 | g | g(int) | public |  |
+| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | final, public, static | Compiler generated |
+| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | values | values() | final, public, static | Compiler generated |
+| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:13:12:13:29 | f | f(int) | abstract, public |  |
+| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:14:12:14:29 | g | g(int) | abstract, public |  |
 | enumClass.kt:8:3:11:4 | VAL | enumClass.kt:9:14:9:30 | f | f(int) | override, public |  |
 | enumClass.kt:8:3:11:4 | VAL | enumClass.kt:10:14:10:42 | g | g(int) | override, public |  |
-| methods2.kt:0:0:0:0 | Methods2Kt | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | fooBarTopLevelMethod(int,int) | public, static |  |
-| methods2.kt:7:1:10:1 | Class2 | methods2.kt:8:5:9:5 | fooBarClassMethod | fooBarClassMethod(int,int) | public |  |
-| methods3.kt:0:0:0:0 | Methods3Kt | methods3.kt:3:1:3:42 | fooBarTopLevelMethodExt | fooBarTopLevelMethodExt(int,int) | public, static |  |
-| methods3.kt:5:1:7:1 | Class3 | methods3.kt:6:5:6:46 | fooBarTopLevelMethodExt | fooBarTopLevelMethodExt(int,int) | public |  |
-| methods4.kt:5:3:9:3 | InsideNestedTest | methods4.kt:7:5:7:34 | m | m(foo.bar.NestedTest.InsideNestedTest) | public |  |
-| methods5.kt:0:0:0:0 | Methods5Kt | methods5.kt:3:1:11:1 | x | x() | public, static |  |
-| methods5.kt:5:3:5:27 |  | methods5.kt:5:3:5:27 | a | a(int) | public |  |
-| methods5.kt:9:3:9:32 |  | methods5.kt:9:3:9:32 | f1 | f1(foo.bar.C1,int) | public |  |
-| methods6.kt:0:0:0:0 | Methods6Kt | methods6.kt:3:9:4:1 | s | s() | public, static, suspend |  |
-| methods.kt:0:0:0:0 | MethodsKt | methods.kt:2:1:3:1 | topLevelMethod | topLevelMethod(int,int) | public, static |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:6:5:7:5 | classMethod | classMethod(int,int) | public |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:9:5:12:5 | anotherClassMethod | anotherClassMethod(int,int) | public |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:14:12:14:29 | publicFun | publicFun() | public |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:15:15:15:35 | protectedFun | protectedFun() | protected |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:16:13:16:31 | privateFun | privateFun() | private |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:17:14:17:33 | internalFun$main | internalFun$main() | internal |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:18:5:18:36 | noExplicitVisibilityFun | noExplicitVisibilityFun() | public |  |
-| methods.kt:5:1:20:1 | Class | methods.kt:19:12:19:29 | inlineFun | inlineFun() | inline, public |  |
+| methods2.kt:0:0:0:0 | Methods2Kt | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | fooBarTopLevelMethod(int,int) | final, public, static |  |
+| methods2.kt:7:1:10:1 | Class2 | methods2.kt:8:5:9:5 | fooBarClassMethod | fooBarClassMethod(int,int) | final, public |  |
+| methods3.kt:0:0:0:0 | Methods3Kt | methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt | fooBarTopLevelMethodExt(java.lang.String,int) | final, public, static |  |
+| methods3.kt:0:0:0:0 | Methods3Kt | methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | fooBarTopLevelMethodExt$default(java.lang.String,int,int,java.lang.Object) | public, static | Compiler generated |
+| methods3.kt:5:1:7:1 | Class3 | methods3.kt:6:5:6:45 | fooBarMethodExt | fooBarMethodExt(java.lang.String,int) | final, public |  |
+| methods3.kt:5:1:7:1 | Class3 | methods3.kt:6:5:6:45 | fooBarMethodExt$default | fooBarMethodExt$default(foo.bar.Class3,java.lang.String,int,int,java.lang.Object) | public, static | Compiler generated |
+| methods4.kt:5:3:9:3 | InsideNestedTest | methods4.kt:7:5:7:34 | m | m(foo.bar.NestedTest.InsideNestedTest) | final, public |  |
+| methods5.kt:0:0:0:0 | Methods5Kt | methods5.kt:3:1:11:1 | x | x() | final, public, static |  |
+| methods5.kt:5:3:5:27 |  | methods5.kt:5:3:5:27 | a | a(int) | final, public |  |
+| methods5.kt:9:3:9:32 |  | methods5.kt:9:3:9:32 | f1 | f1(foo.bar.C1,int) | final, public |  |
+| methods6.kt:0:0:0:0 | Methods6Kt | methods6.kt:3:9:4:1 | s | s() | final, public, static, suspend |  |
+| methods.kt:0:0:0:0 | MethodsKt | methods.kt:2:1:3:1 | topLevelMethod | topLevelMethod(int,int) | final, public, static |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:6:5:7:5 | classMethod | classMethod(int,int) | final, public |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:9:5:12:5 | anotherClassMethod | anotherClassMethod(int,int) | final, public |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:14:12:14:29 | publicFun | publicFun() | final, public |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:15:15:15:35 | protectedFun | protectedFun() | final, protected |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:16:13:16:31 | privateFun | privateFun() | final, private |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:17:14:17:33 | internalFun$main | internalFun$main() | final, internal |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:18:5:18:36 | noExplicitVisibilityFun | noExplicitVisibilityFun() | final, public |  |
+| methods.kt:5:1:20:1 | Class | methods.kt:19:12:19:29 | inlineFun | inlineFun() | final, inline, public |  |
 constructors
 | dataClass.kt:1:1:1:47 | DataClass | dataClass.kt:1:6:1:47 | DataClass | DataClass(int,java.lang.String) |
 | delegates.kt:3:1:12:1 | MyClass | delegates.kt:3:1:12:1 | MyClass | MyClass() |
@@ -74,6 +76,15 @@ constructors
 | methods5.kt:13:1:13:14 | C1 | methods5.kt:13:1:13:14 | C1 | C1() |
 | methods.kt:5:1:20:1 | Class | methods.kt:5:1:20:1 | Class | Class() |
 extensions
-| methods3.kt:3:1:3:42 | fooBarTopLevelMethodExt | file://:0:0:0:0 | int |
-| methods3.kt:6:5:6:46 | fooBarTopLevelMethodExt | file://:0:0:0:0 | int |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:6:5:6:45 | fooBarMethodExt | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
 | methods5.kt:9:3:9:32 | f1 | file:///!unknown-binary-location/foo/bar/C1.class:0:0:0:0 | C1<T1> |
+extensionsMismatch
+extensionIndex
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt | 0 | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | 0 | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:6:5:6:45 | fooBarMethodExt | 0 | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | 1 | file:///modules/java.base/java/lang/String.class:0:0:0:0 | String |
+| methods5.kt:9:3:9:32 | f1 | 0 | file:///!unknown-binary-location/foo/bar/C1.class:0:0:0:0 | C1<T1> |
diff --git a/java/ql/test/kotlin/library-tests/methods/methods.ql b/java/ql/test/kotlin/library-tests/methods/methods.ql
index 365d41ff1ee..0f0b43f4e4b 100644
--- a/java/ql/test/kotlin/library-tests/methods/methods.ql
+++ b/java/ql/test/kotlin/library-tests/methods/methods.ql
@@ -17,3 +17,19 @@ query predicate constructors(RefType declType, Constructor c, string signature)
 }
 
 query predicate extensions(ExtensionMethod m, Type t) { m.getExtendedType() = t and m.fromSource() }
+
+query predicate extensionsMismatch(Method src, Method def) {
+  src.getKotlinParameterDefaultsProxy() = def and
+  (
+    src instanceof ExtensionMethod and not def instanceof ExtensionMethod
+    or
+    def instanceof ExtensionMethod and not src instanceof ExtensionMethod
+  )
+}
+
+query predicate extensionIndex(ExtensionMethod m, int i, Type t) {
+  m.fromSource() and
+  m.getExtensionReceiverParameterIndex() = i and
+  m.getExtendedType() = t and
+  m.getParameter(i).getType() = t
+}
diff --git a/java/ql/test/kotlin/library-tests/methods/methods3.kt b/java/ql/test/kotlin/library-tests/methods/methods3.kt
index fdd759a7840..120a5339a5a 100644
--- a/java/ql/test/kotlin/library-tests/methods/methods3.kt
+++ b/java/ql/test/kotlin/library-tests/methods/methods3.kt
@@ -1,7 +1,7 @@
 package foo.bar
 
-fun Int.fooBarTopLevelMethodExt(x: Int) {}
+fun String.fooBarTopLevelMethodExt(x: Int = 1) {}
 
 class Class3 {
-    fun Int.fooBarTopLevelMethodExt(x: Int) {}
+    fun String.fooBarMethodExt(x: Int = 1) {}
 }
diff --git a/java/ql/test/kotlin/library-tests/methods/parameters.expected b/java/ql/test/kotlin/library-tests/methods/parameters.expected
index 4475aeba459..d4b3a2e2411 100644
--- a/java/ql/test/kotlin/library-tests/methods/parameters.expected
+++ b/java/ql/test/kotlin/library-tests/methods/parameters.expected
@@ -32,10 +32,19 @@
 | methods2.kt:4:1:5:1 | fooBarTopLevelMethod | methods2.kt:4:34:4:39 | y | 1 |
 | methods2.kt:8:5:9:5 | fooBarClassMethod | methods2.kt:8:27:8:32 | x | 0 |
 | methods2.kt:8:5:9:5 | fooBarClassMethod | methods2.kt:8:35:8:40 | y | 1 |
-| methods3.kt:3:1:3:42 | fooBarTopLevelMethodExt | methods3.kt:3:5:3:7 | <this> | 0 |
-| methods3.kt:3:1:3:42 | fooBarTopLevelMethodExt | methods3.kt:3:33:3:38 | x | 1 |
-| methods3.kt:6:5:6:46 | fooBarTopLevelMethodExt | methods3.kt:6:9:6:11 | <this> | 0 |
-| methods3.kt:6:5:6:46 | fooBarTopLevelMethodExt | methods3.kt:6:37:6:42 | x | 1 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt | methods3.kt:3:5:3:10 | <this> | 0 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt | methods3.kt:3:36:3:45 | x | 1 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | methods3.kt:3:1:3:49 | p0 | 0 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | methods3.kt:3:1:3:49 | p1 | 1 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | methods3.kt:3:1:3:49 | p2 | 2 |
+| methods3.kt:3:1:3:49 | fooBarTopLevelMethodExt$default | methods3.kt:3:1:3:49 | p3 | 3 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt | methods3.kt:6:9:6:14 | <this> | 0 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt | methods3.kt:6:32:6:41 | x | 1 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | methods3.kt:6:5:6:45 | p0 | 0 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | methods3.kt:6:5:6:45 | p1 | 1 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | methods3.kt:6:5:6:45 | p2 | 2 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | methods3.kt:6:5:6:45 | p3 | 3 |
+| methods3.kt:6:5:6:45 | fooBarMethodExt$default | methods3.kt:6:5:6:45 | p4 | 4 |
 | methods4.kt:7:5:7:34 | m | methods4.kt:7:11:7:29 | x | 0 |
 | methods5.kt:5:3:5:27 | a | methods5.kt:5:13:5:18 | i | 0 |
 | methods5.kt:9:3:9:32 | f1 | methods5.kt:9:12:9:17 | <this> | 0 |
diff --git a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected
index cdde306d74f..045fdb6d21c 100644
--- a/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected
+++ b/java/ql/test/kotlin/library-tests/modifiers/modifiers.expected
@@ -3,18 +3,22 @@
 | modifiers.kt:2:5:2:21 | a | Field | final |
 | modifiers.kt:2:5:2:21 | a | Field | private |
 | modifiers.kt:2:5:2:21 | a | Property | private |
+| modifiers.kt:2:13:2:21 | getA$private | Method | final |
 | modifiers.kt:2:13:2:21 | getA$private | Method | private |
 | modifiers.kt:3:5:3:23 | b | Field | final |
 | modifiers.kt:3:5:3:23 | b | Field | private |
 | modifiers.kt:3:5:3:23 | b | Property | protected |
+| modifiers.kt:3:15:3:23 | getB | Method | final |
 | modifiers.kt:3:15:3:23 | getB | Method | protected |
 | modifiers.kt:4:5:4:22 | c | Field | final |
 | modifiers.kt:4:5:4:22 | c | Field | private |
 | modifiers.kt:4:5:4:22 | c | Property | internal |
+| modifiers.kt:4:14:4:22 | getC$main | Method | final |
 | modifiers.kt:4:14:4:22 | getC$main | Method | internal |
 | modifiers.kt:5:5:5:34 | d | Field | final |
 | modifiers.kt:5:5:5:34 | d | Field | private |
 | modifiers.kt:5:5:5:34 | d | Property | public |
+| modifiers.kt:5:5:5:34 | getD | Method | final |
 | modifiers.kt:5:5:5:34 | getD | Method | public |
 | modifiers.kt:7:5:9:5 | Nested | Class | final |
 | modifiers.kt:7:5:9:5 | Nested | Class | protected |
@@ -22,29 +26,38 @@
 | modifiers.kt:8:9:8:29 | e | Field | final |
 | modifiers.kt:8:9:8:29 | e | Field | private |
 | modifiers.kt:8:9:8:29 | e | Property | public |
+| modifiers.kt:8:16:8:29 | getE | Method | final |
 | modifiers.kt:8:16:8:29 | getE | Method | public |
+| modifiers.kt:11:5:15:5 | fn1 | Method | final |
 | modifiers.kt:11:5:15:5 | fn1 | Method | public |
 | modifiers.kt:12:16:14:9 |  | Constructor | public |
 | modifiers.kt:12:16:14:9 | new Object(...) { ... } | AnonymousClass | final |
 | modifiers.kt:12:16:14:9 | new Object(...) { ... } | AnonymousClass | private |
 | modifiers.kt:12:16:14:9 | new Object(...) { ... } | LocalClass | final |
 | modifiers.kt:12:16:14:9 | new Object(...) { ... } | LocalClass | private |
+| modifiers.kt:13:13:13:23 | fn | Method | final |
 | modifiers.kt:13:13:13:23 | fn | Method | public |
+| modifiers.kt:17:5:20:5 | fn2 | Method | final |
 | modifiers.kt:17:5:20:5 | fn2 | Method | public |
 | modifiers.kt:18:9:18:24 |  | Constructor | public |
 | modifiers.kt:18:9:18:24 |  | LocalClass | final |
 | modifiers.kt:18:9:18:24 |  | LocalClass | private |
+| modifiers.kt:18:9:18:24 | fnLocal | Method | final |
 | modifiers.kt:18:9:18:24 | fnLocal | Method | public |
+| modifiers.kt:22:5:24:5 | fn3 | Method | final |
 | modifiers.kt:22:5:24:5 | fn3 | Method | public |
 | modifiers.kt:23:9:23:27 | localClass | Constructor | public |
 | modifiers.kt:23:9:23:27 | localClass | LocalClass | final |
 | modifiers.kt:23:9:23:27 | localClass | LocalClass | private |
+| modifiers.kt:26:12:26:46 | fn4 | Method | final |
 | modifiers.kt:26:12:26:46 | fn4 | Method | inline |
 | modifiers.kt:26:12:26:46 | fn4 | Method | public |
 | modifiers.kt:26:20:26:41 | f | Parameter | noinline |
+| modifiers.kt:27:12:27:49 | fn5 | Method | final |
 | modifiers.kt:27:12:27:49 | fn5 | Method | inline |
 | modifiers.kt:27:12:27:49 | fn5 | Method | public |
 | modifiers.kt:27:20:27:44 | f | Parameter | crossinline |
+| modifiers.kt:28:12:28:39 | fn6 | Method | final |
 | modifiers.kt:28:12:28:39 | fn6 | Method | inline |
 | modifiers.kt:28:12:28:39 | fn6 | Method | public |
 | modifiers.kt:28:17:28:25 | T | TypeVariable | reified |
@@ -57,6 +70,7 @@
 | modifiers.kt:31:1:33:1 | Y | ParameterizedType | public |
 | modifiers.kt:31:9:31:13 | T1 | TypeVariable | in |
 | modifiers.kt:31:16:31:21 | T2 | TypeVariable | out |
+| modifiers.kt:32:5:32:32 | foo | Method | final |
 | modifiers.kt:32:5:32:32 | foo | Method | public |
 | modifiers.kt:35:1:41:1 | LateInit | Class | final |
 | modifiers.kt:35:1:41:1 | LateInit | Class | public |
@@ -64,7 +78,10 @@
 | modifiers.kt:36:5:36:40 | test0 | Field | private |
 | modifiers.kt:36:5:36:40 | test0 | Property | lateinit |
 | modifiers.kt:36:5:36:40 | test0 | Property | private |
+| modifiers.kt:36:22:36:40 | getTest0$private | Method | final |
 | modifiers.kt:36:22:36:40 | getTest0$private | Method | private |
+| modifiers.kt:36:22:36:40 | setTest0$private | Method | final |
 | modifiers.kt:36:22:36:40 | setTest0$private | Method | private |
+| modifiers.kt:38:5:40:5 | fn | Method | final |
 | modifiers.kt:38:5:40:5 | fn | Method | public |
-| modifiers.kt:39:9:39:36 | LateInit test1 | LocalVariableDecl | lateinit |
+| modifiers.kt:39:22:39:26 | LateInit test1 | LocalVariableDecl | lateinit |
diff --git a/java/ql/test/kotlin/library-tests/operator-overloads/PrintAst.expected b/java/ql/test/kotlin/library-tests/operator-overloads/PrintAst.expected
index af62c3e412e..46fd70318ad 100644
--- a/java/ql/test/kotlin/library-tests/operator-overloads/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/operator-overloads/PrintAst.expected
@@ -59,7 +59,7 @@ test.kt:
 #   10|           0: [TypeAccess] int
 #   10|       5: [BlockStmt] { ... }
 #   10|         0: [ReturnStmt] return ...
-#   10|           0: [StringLiteral] 
+#   10|           0: [StringLiteral] ""
 #   11|     3: [ExtensionMethod] set
 #   11|       3: [TypeAccess] String
 #-----|       4: (Parameters)
@@ -73,7 +73,7 @@ test.kt:
 #   11|           0: [TypeAccess] int
 #   11|       5: [BlockStmt] { ... }
 #   11|         0: [ReturnStmt] return ...
-#   11|           0: [StringLiteral] 
+#   11|           0: [StringLiteral] ""
 #   12|     4: [ExtensionMethod] set
 #   12|       3: [TypeAccess] String
 #-----|       4: (Parameters)
@@ -85,7 +85,7 @@ test.kt:
 #   12|           0: [TypeAccess] C
 #   12|       5: [BlockStmt] { ... }
 #   12|         0: [ReturnStmt] return ...
-#   12|           0: [StringLiteral] 
+#   12|           0: [StringLiteral] ""
 #   15|   2: [Class] C
 #   15|     1: [Constructor] C
 #   15|       5: [BlockStmt] { ... }
@@ -100,4 +100,4 @@ test.kt:
 #   16|           0: [TypeAccess] int
 #   16|       5: [BlockStmt] { ... }
 #   16|         0: [ReturnStmt] return ...
-#   16|           0: [StringLiteral] 
+#   16|           0: [StringLiteral] ""
diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
index a769bc397ee..13bd441dfcd 100644
--- a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
@@ -56,7 +56,7 @@ test.kt:
 #  184|           1: [ExprStmt] <Expr>;
 #  184|             0: [AssignExpr] ...=...
 #  184|               0: [VarAccess] p0
-#  184|               1: [StringLiteral] before-vararg-default sunk
+#  184|               1: [StringLiteral] "before-vararg-default sunk"
 #  184|         1: [IfStmt] if (...)
 #  184|           0: [EQExpr] ... == ...
 #  184|             0: [AndBitwiseExpr] ... & ...
@@ -68,8 +68,8 @@ test.kt:
 #  184|               0: [VarAccess] p1
 #  184|               1: [ArrayCreationExpr] new String[]
 #  184|                 -2: [ArrayInit] {...}
-#  184|                   0: [StringLiteral] first-vararg-default sunk
-#  184|                   1: [StringLiteral] second-vararg-default sunk
+#  184|                   0: [StringLiteral] "first-vararg-default sunk"
+#  184|                   1: [StringLiteral] "second-vararg-default sunk"
 #  184|                 -1: [TypeAccess] String
 #  184|                 0: [IntegerLiteral] 2
 #  184|         2: [IfStmt] if (...)
@@ -81,7 +81,7 @@ test.kt:
 #  184|           1: [ExprStmt] <Expr>;
 #  184|             0: [AssignExpr] ...=...
 #  184|               0: [VarAccess] p2
-#  184|               1: [StringLiteral] after-vararg-default sunk
+#  184|               1: [StringLiteral] "after-vararg-default sunk"
 #  184|         3: [ReturnStmt] return ...
 #  184|           0: [MethodAccess] varargsTest(...)
 #  184|             -1: [TypeAccess] TestKt
@@ -102,7 +102,7 @@ test.kt:
 #  192|         1: [ExprStmt] <Expr>;
 #  192|           0: [MethodAccess] varargsTest$default(...)
 #  192|             -1: [TypeAccess] TestKt
-#  192|             0: [StringLiteral] no-varargs-before, no-z-parameter sunk
+#  192|             0: [StringLiteral] "no-varargs-before, no-z-parameter sunk"
 #    1|             1: [NullLiteral] null
 #    1|             2: [NullLiteral] null
 #    1|             3: [IntegerLiteral] 1
@@ -110,32 +110,32 @@ test.kt:
 #  193|         2: [ExprStmt] <Expr>;
 #  193|           0: [MethodAccess] varargsTest$default(...)
 #  193|             -1: [TypeAccess] TestKt
-#  193|             0: [StringLiteral] no-varargs-before sunk
+#  193|             0: [StringLiteral] "no-varargs-before sunk"
 #    1|             1: [NullLiteral] null
-#  193|             2: [StringLiteral] no-varargs-after sunk
+#  193|             2: [StringLiteral] "no-varargs-after sunk"
 #    1|             3: [IntegerLiteral] 5
 #    1|             4: [NullLiteral] null
 #  194|         3: [ExprStmt] <Expr>;
 #  194|           0: [MethodAccess] varargsTest(...)
 #  194|             -1: [TypeAccess] TestKt
-#  194|             0: [StringLiteral] one-vararg-before sunk
-#  194|             1: [StringLiteral] one-vararg sunk
-#  194|             2: [StringLiteral] one-vararg-after sunk
+#  194|             0: [StringLiteral] "one-vararg-before sunk"
+#  194|             1: [StringLiteral] "one-vararg sunk"
+#  194|             2: [StringLiteral] "one-vararg-after sunk"
 #  195|         4: [ExprStmt] <Expr>;
 #  195|           0: [MethodAccess] varargsTest(...)
 #  195|             -1: [TypeAccess] TestKt
-#  195|             0: [StringLiteral] two-varargs-before sunk
-#  195|             1: [StringLiteral] two-vararg-first sunk
-#  195|             2: [StringLiteral] two-vararg-second sunk
-#  195|             3: [StringLiteral] two-varargs-after sunk
+#  195|             0: [StringLiteral] "two-varargs-before sunk"
+#  195|             1: [StringLiteral] "two-vararg-first sunk"
+#  195|             2: [StringLiteral] "two-vararg-second sunk"
+#  195|             3: [StringLiteral] "two-varargs-after sunk"
 #  196|         5: [ExprStmt] <Expr>;
 #  196|           0: [MethodAccess] varargsTest$default(...)
 #  196|             -1: [TypeAccess] TestKt
-#  196|             0: [StringLiteral] no-z-parmeter sunk
+#  196|             0: [StringLiteral] "no-z-parmeter sunk"
 #  196|             1: [ArrayCreationExpr] new String[]
 #  196|               -2: [ArrayInit] {...}
-#  196|                 0: [StringLiteral] no-z-parameter first vararg sunk
-#  196|                 1: [StringLiteral] no-z-parameter second vararg sunk
+#  196|                 0: [StringLiteral] "no-z-parameter first vararg sunk"
+#  196|                 1: [StringLiteral] "no-z-parameter second vararg sunk"
 #  196|               -1: [TypeAccess] String
 #  196|               0: [IntegerLiteral] 2
 #    1|             2: [NullLiteral] null
@@ -182,7 +182,7 @@ test.kt:
 #  199|           1: [ExprStmt] <Expr>;
 #  199|             0: [AssignExpr] ...=...
 #  199|               0: [VarAccess] p0
-#  199|               1: [StringLiteral] before-vararg-default not sunk 2
+#  199|               1: [StringLiteral] "before-vararg-default not sunk 2"
 #  199|         1: [IfStmt] if (...)
 #  199|           0: [EQExpr] ... == ...
 #  199|             0: [AndBitwiseExpr] ... & ...
@@ -194,8 +194,8 @@ test.kt:
 #  199|               0: [VarAccess] p1
 #  199|               1: [ArrayCreationExpr] new String[]
 #  199|                 -2: [ArrayInit] {...}
-#  199|                   0: [StringLiteral] first-vararg-default sunk 2
-#  199|                   1: [StringLiteral] second-vararg-default sunk 2
+#  199|                   0: [StringLiteral] "first-vararg-default sunk 2"
+#  199|                   1: [StringLiteral] "second-vararg-default sunk 2"
 #  199|                 -1: [TypeAccess] String
 #  199|                 0: [IntegerLiteral] 2
 #  199|         2: [IfStmt] if (...)
@@ -207,7 +207,7 @@ test.kt:
 #  199|           1: [ExprStmt] <Expr>;
 #  199|             0: [AssignExpr] ...=...
 #  199|               0: [VarAccess] p2
-#  199|               1: [StringLiteral] after-vararg-default not sunk 2
+#  199|               1: [StringLiteral] "after-vararg-default not sunk 2"
 #  199|         3: [ReturnStmt] return ...
 #  199|           0: [MethodAccess] varargsTestOnlySinkVarargs(...)
 #  199|             -1: [TypeAccess] TestKt
@@ -228,7 +228,7 @@ test.kt:
 #  205|         1: [ExprStmt] <Expr>;
 #  205|           0: [MethodAccess] varargsTestOnlySinkVarargs$default(...)
 #  205|             -1: [TypeAccess] TestKt
-#  205|             0: [StringLiteral] no-varargs-before, no-z-parameter not sunk 2
+#  205|             0: [StringLiteral] "no-varargs-before, no-z-parameter not sunk 2"
 #    1|             1: [NullLiteral] null
 #    1|             2: [NullLiteral] null
 #    1|             3: [IntegerLiteral] 1
@@ -236,32 +236,32 @@ test.kt:
 #  206|         2: [ExprStmt] <Expr>;
 #  206|           0: [MethodAccess] varargsTestOnlySinkVarargs$default(...)
 #  206|             -1: [TypeAccess] TestKt
-#  206|             0: [StringLiteral] no-varargs-before not sunk 2
+#  206|             0: [StringLiteral] "no-varargs-before not sunk 2"
 #    1|             1: [NullLiteral] null
-#  206|             2: [StringLiteral] no-varargs-after not sunk 2
+#  206|             2: [StringLiteral] "no-varargs-after not sunk 2"
 #    1|             3: [IntegerLiteral] 5
 #    1|             4: [NullLiteral] null
 #  207|         3: [ExprStmt] <Expr>;
 #  207|           0: [MethodAccess] varargsTestOnlySinkVarargs(...)
 #  207|             -1: [TypeAccess] TestKt
-#  207|             0: [StringLiteral] one-vararg-before not sunk 2
-#  207|             1: [StringLiteral] one-vararg sunk 2
-#  207|             2: [StringLiteral] one-vararg-after not sunk 2
+#  207|             0: [StringLiteral] "one-vararg-before not sunk 2"
+#  207|             1: [StringLiteral] "one-vararg sunk 2"
+#  207|             2: [StringLiteral] "one-vararg-after not sunk 2"
 #  208|         4: [ExprStmt] <Expr>;
 #  208|           0: [MethodAccess] varargsTestOnlySinkVarargs(...)
 #  208|             -1: [TypeAccess] TestKt
-#  208|             0: [StringLiteral] two-varargs-before not sunk 2
-#  208|             1: [StringLiteral] two-vararg-first sunk 2
-#  208|             2: [StringLiteral] two-vararg-second sunk 2
-#  208|             3: [StringLiteral] two-varargs-after not sunk 2
+#  208|             0: [StringLiteral] "two-varargs-before not sunk 2"
+#  208|             1: [StringLiteral] "two-vararg-first sunk 2"
+#  208|             2: [StringLiteral] "two-vararg-second sunk 2"
+#  208|             3: [StringLiteral] "two-varargs-after not sunk 2"
 #  209|         5: [ExprStmt] <Expr>;
 #  209|           0: [MethodAccess] varargsTestOnlySinkVarargs$default(...)
 #  209|             -1: [TypeAccess] TestKt
-#  209|             0: [StringLiteral] no-z-parmeter not sunk 2
+#  209|             0: [StringLiteral] "no-z-parmeter not sunk 2"
 #  209|             1: [ArrayCreationExpr] new String[]
 #  209|               -2: [ArrayInit] {...}
-#  209|                 0: [StringLiteral] no-z-parameter first vararg sunk 2
-#  209|                 1: [StringLiteral] no-z-parameter second vararg sunk 2
+#  209|                 0: [StringLiteral] "no-z-parameter first vararg sunk 2"
+#  209|                 1: [StringLiteral] "no-z-parameter second vararg sunk 2"
 #  209|               -1: [TypeAccess] String
 #  209|               0: [IntegerLiteral] 2
 #    1|             2: [NullLiteral] null
@@ -310,7 +310,7 @@ test.kt:
 #  212|           1: [ExprStmt] <Expr>;
 #  212|             0: [AssignExpr] ...=...
 #  212|               0: [VarAccess] p0
-#  212|               1: [StringLiteral] before-vararg-default sunk 3
+#  212|               1: [StringLiteral] "before-vararg-default sunk 3"
 #  212|         1: [IfStmt] if (...)
 #  212|           0: [EQExpr] ... == ...
 #  212|             0: [AndBitwiseExpr] ... & ...
@@ -322,8 +322,8 @@ test.kt:
 #  212|               0: [VarAccess] p1
 #  212|               1: [ArrayCreationExpr] new String[]
 #  212|                 -2: [ArrayInit] {...}
-#  212|                   0: [StringLiteral] first-vararg-default not sunk 3
-#  212|                   1: [StringLiteral] second-vararg-default not sunk 3
+#  212|                   0: [StringLiteral] "first-vararg-default not sunk 3"
+#  212|                   1: [StringLiteral] "second-vararg-default not sunk 3"
 #  212|                 -1: [TypeAccess] String
 #  212|                 0: [IntegerLiteral] 2
 #  212|         2: [IfStmt] if (...)
@@ -335,7 +335,7 @@ test.kt:
 #  212|           1: [ExprStmt] <Expr>;
 #  212|             0: [AssignExpr] ...=...
 #  212|               0: [VarAccess] p2
-#  212|               1: [StringLiteral] after-vararg-default sunk 3
+#  212|               1: [StringLiteral] "after-vararg-default sunk 3"
 #  212|         3: [ReturnStmt] return ...
 #  212|           0: [MethodAccess] varargsTestOnlySinkRegularArgs(...)
 #  212|             -1: [TypeAccess] TestKt
@@ -356,7 +356,7 @@ test.kt:
 #  219|         1: [ExprStmt] <Expr>;
 #  219|           0: [MethodAccess] varargsTestOnlySinkRegularArgs$default(...)
 #  219|             -1: [TypeAccess] TestKt
-#  219|             0: [StringLiteral] no-varargs-before, no-z-parameter sunk 3
+#  219|             0: [StringLiteral] "no-varargs-before, no-z-parameter sunk 3"
 #    1|             1: [NullLiteral] null
 #    1|             2: [NullLiteral] null
 #    1|             3: [IntegerLiteral] 1
@@ -364,32 +364,32 @@ test.kt:
 #  220|         2: [ExprStmt] <Expr>;
 #  220|           0: [MethodAccess] varargsTestOnlySinkRegularArgs$default(...)
 #  220|             -1: [TypeAccess] TestKt
-#  220|             0: [StringLiteral] no-varargs-before sunk 3
+#  220|             0: [StringLiteral] "no-varargs-before sunk 3"
 #    1|             1: [NullLiteral] null
-#  220|             2: [StringLiteral] no-varargs-after sunk 3
+#  220|             2: [StringLiteral] "no-varargs-after sunk 3"
 #    1|             3: [IntegerLiteral] 5
 #    1|             4: [NullLiteral] null
 #  221|         3: [ExprStmt] <Expr>;
 #  221|           0: [MethodAccess] varargsTestOnlySinkRegularArgs(...)
 #  221|             -1: [TypeAccess] TestKt
-#  221|             0: [StringLiteral] one-vararg-before sunk 3
-#  221|             1: [StringLiteral] one-vararg not sunk 3
-#  221|             2: [StringLiteral] one-vararg-after sunk 3
+#  221|             0: [StringLiteral] "one-vararg-before sunk 3"
+#  221|             1: [StringLiteral] "one-vararg not sunk 3"
+#  221|             2: [StringLiteral] "one-vararg-after sunk 3"
 #  222|         4: [ExprStmt] <Expr>;
 #  222|           0: [MethodAccess] varargsTestOnlySinkRegularArgs(...)
 #  222|             -1: [TypeAccess] TestKt
-#  222|             0: [StringLiteral] two-varargs-before sunk 3
-#  222|             1: [StringLiteral] two-vararg-first not sunk 3
-#  222|             2: [StringLiteral] two-vararg-second not sunk 3
-#  222|             3: [StringLiteral] two-varargs-after sunk 3
+#  222|             0: [StringLiteral] "two-varargs-before sunk 3"
+#  222|             1: [StringLiteral] "two-vararg-first not sunk 3"
+#  222|             2: [StringLiteral] "two-vararg-second not sunk 3"
+#  222|             3: [StringLiteral] "two-varargs-after sunk 3"
 #  223|         5: [ExprStmt] <Expr>;
 #  223|           0: [MethodAccess] varargsTestOnlySinkRegularArgs$default(...)
 #  223|             -1: [TypeAccess] TestKt
-#  223|             0: [StringLiteral] no-z-parmeter sunk 3
+#  223|             0: [StringLiteral] "no-z-parmeter sunk 3"
 #  223|             1: [ArrayCreationExpr] new String[]
 #  223|               -2: [ArrayInit] {...}
-#  223|                 0: [StringLiteral] no-z-parameter first vararg not sunk 3
-#  223|                 1: [StringLiteral] no-z-parameter second vararg not sunk 3
+#  223|                 0: [StringLiteral] "no-z-parameter first vararg not sunk 3"
+#  223|                 1: [StringLiteral] "no-z-parameter second vararg not sunk 3"
 #  223|               -1: [TypeAccess] String
 #  223|               0: [IntegerLiteral] 2
 #    1|             2: [NullLiteral] null
@@ -403,15 +403,15 @@ test.kt:
 #  233|             0: [TypeAccess] Unit
 #  233|             1: [ClassInstanceExpr] new VarargsConstructorTest(...)
 #  233|               -3: [TypeAccess] VarargsConstructorTest
-#  233|               0: [StringLiteral] varargs constructor test sunk
+#  233|               0: [StringLiteral] "varargs constructor test sunk"
 #  234|         1: [ExprStmt] <Expr>;
 #  234|           0: [ImplicitCoercionToUnitExpr] <implicit coercion to unit>
 #  234|             0: [TypeAccess] Unit
 #  234|             1: [ClassInstanceExpr] new VarargsConstructorTest(...)
 #  234|               -3: [TypeAccess] VarargsConstructorTest
-#  234|               0: [StringLiteral] varargs constructor test sunk 2
-#  234|               1: [StringLiteral] varargs constructor test not sunk 1
-#  234|               2: [StringLiteral] varargs constructor test not sunk 2
+#  234|               0: [StringLiteral] "varargs constructor test sunk 2"
+#  234|               1: [StringLiteral] "varargs constructor test not sunk 1"
+#  234|               2: [StringLiteral] "varargs constructor test not sunk 2"
 #    3|   2: [Class] TestMember
 #    3|     1: [Constructor] TestMember
 #    3|       5: [BlockStmt] { ... }
@@ -466,7 +466,7 @@ test.kt:
 #    5|           1: [ExprStmt] <Expr>;
 #    5|             0: [AssignExpr] ...=...
 #    5|               0: [VarAccess] p3
-#    5|               1: [StringLiteral] hello world
+#    5|               1: [StringLiteral] "hello world"
 #    5|         2: [ReturnStmt] return ...
 #    5|           0: [MethodAccess] f(...)
 #    5|             -1: [VarAccess] p0
@@ -480,7 +480,7 @@ test.kt:
 #   10|           0: [MethodAccess] f$default(...)
 #   10|             -1: [TypeAccess] TestMember
 #   10|             0: [ThisAccess] this
-#   10|             1: [StringLiteral] member sunk
+#   10|             1: [StringLiteral] "member sunk"
 #    1|             2: [NullLiteral] null
 #    1|             3: [NullLiteral] null
 #    1|             4: [IntegerLiteral] 1
@@ -489,17 +489,17 @@ test.kt:
 #   11|           0: [MethodAccess] f$default(...)
 #   11|             -1: [TypeAccess] TestMember
 #   11|             0: [ThisAccess] this
-#   11|             1: [StringLiteral] member sunk fp
-#   11|             2: [StringLiteral] member sunk 2
+#   11|             1: [StringLiteral] "member sunk fp"
+#   11|             2: [StringLiteral] "member sunk 2"
 #    1|             3: [NullLiteral] null
 #    1|             4: [IntegerLiteral] 3
 #    1|             5: [NullLiteral] null
 #   12|         2: [ExprStmt] <Expr>;
 #   12|           0: [MethodAccess] f(...)
 #   12|             -1: [ThisAccess] this
-#   12|             0: [StringLiteral] not sunk
-#   12|             1: [StringLiteral] member sunk 3
-#   12|             2: [StringLiteral] not sunk
+#   12|             0: [StringLiteral] "not sunk"
+#   12|             1: [StringLiteral] "member sunk 3"
+#   12|             2: [StringLiteral] "not sunk"
 #   17|   3: [Class] TestExtensionMember
 #   17|     1: [Constructor] TestExtensionMember
 #   17|       5: [BlockStmt] { ... }
@@ -525,13 +525,13 @@ test.kt:
 #   21|           0: [MethodAccess] sink(...)
 #   21|             -1: [TypeAccess] TestKt
 #   21|             0: [VarAccess] y
-#   19|     3: [Method] f$default
+#   19|     3: [ExtensionMethod] f$default
 #   19|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   19|         0: [Parameter] p0
-#   19|           0: [TypeAccess] String
-#   19|         1: [Parameter] p1
 #   19|           0: [TypeAccess] TestExtensionMember
+#   19|         1: [Parameter] p1
+#   19|           0: [TypeAccess] String
 #   19|         2: [Parameter] p2
 #   19|           0: [TypeAccess] String
 #   19|         3: [Parameter] p3
@@ -562,11 +562,11 @@ test.kt:
 #   19|           1: [ExprStmt] <Expr>;
 #   19|             0: [AssignExpr] ...=...
 #   19|               0: [VarAccess] p4
-#   19|               1: [StringLiteral] hello world
+#   19|               1: [StringLiteral] "hello world"
 #   19|         2: [ReturnStmt] return ...
 #   19|           0: [MethodAccess] f(...)
-#   19|             -1: [VarAccess] p1
-#   19|             0: [VarAccess] p0
+#   19|             -1: [VarAccess] p0
+#   19|             0: [ExtensionReceiverAccess] this
 #   19|             1: [VarAccess] p2
 #   19|             2: [VarAccess] p3
 #   19|             3: [VarAccess] p4
@@ -579,9 +579,9 @@ test.kt:
 #   25|         0: [ExprStmt] <Expr>;
 #   25|           0: [MethodAccess] f$default(...)
 #   25|             -1: [TypeAccess] TestExtensionMember
-#   25|             0: [VarAccess] sunk
-#   25|             1: [ThisAccess] this
-#   25|             2: [StringLiteral] extension sunk
+#   25|             0: [ThisAccess] this
+#   25|             1: [VarAccess] sunk
+#   25|             2: [StringLiteral] "extension sunk"
 #    1|             3: [NullLiteral] null
 #    1|             4: [NullLiteral] null
 #    1|             5: [IntegerLiteral] 1
@@ -589,10 +589,10 @@ test.kt:
 #   26|         1: [ExprStmt] <Expr>;
 #   26|           0: [MethodAccess] f$default(...)
 #   26|             -1: [TypeAccess] TestExtensionMember
-#   26|             0: [VarAccess] sunk
-#   26|             1: [ThisAccess] this
-#   26|             2: [StringLiteral] extension sunk fp
-#   26|             3: [StringLiteral] extension sunk 2
+#   26|             0: [ThisAccess] this
+#   26|             1: [VarAccess] sunk
+#   26|             2: [StringLiteral] "extension sunk fp"
+#   26|             3: [StringLiteral] "extension sunk 2"
 #    1|             4: [NullLiteral] null
 #    1|             5: [IntegerLiteral] 3
 #    1|             6: [NullLiteral] null
@@ -600,15 +600,17 @@ test.kt:
 #   27|           0: [MethodAccess] f(...)
 #   27|             -1: [ThisAccess] this
 #   27|             0: [VarAccess] sunk
-#   27|             1: [StringLiteral] not sunk
-#   27|             2: [StringLiteral] extension sunk 3
-#   27|             3: [StringLiteral] not sunk
+#   27|             1: [StringLiteral] "not sunk"
+#   27|             2: [StringLiteral] "extension sunk 3"
+#   27|             3: [StringLiteral] "not sunk"
 #   32|   4: [Class] TestStaticMember
 #   32|     1: [Constructor] TestStaticMember
 #   32|       5: [BlockStmt] { ... }
 #   32|         0: [SuperConstructorInvocationStmt] super(...)
 #   32|         1: [BlockStmt] { ... }
 #   34|     2: [Method] f
+#-----|       1: (Annotations)
+#   34|         1: [Annotation] JvmStatic
 #   34|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   34|         0: [Parameter] x
@@ -655,7 +657,7 @@ test.kt:
 #   34|           1: [ExprStmt] <Expr>;
 #   34|             0: [AssignExpr] ...=...
 #   34|               0: [VarAccess] p2
-#   34|               1: [StringLiteral] hello world
+#   34|               1: [StringLiteral] "hello world"
 #   34|         2: [ReturnStmt] return ...
 #   34|           0: [MethodAccess] f(...)
 #   34|             -1: [TypeAccess] TestStaticMember
@@ -668,7 +670,7 @@ test.kt:
 #   39|         0: [ExprStmt] <Expr>;
 #   39|           0: [MethodAccess] f$default(...)
 #   39|             -1: [TypeAccess] TestStaticMember
-#   39|             0: [StringLiteral] static sunk
+#   39|             0: [StringLiteral] "static sunk"
 #    1|             1: [NullLiteral] null
 #    1|             2: [NullLiteral] null
 #    1|             3: [IntegerLiteral] 1
@@ -676,17 +678,17 @@ test.kt:
 #   40|         1: [ExprStmt] <Expr>;
 #   40|           0: [MethodAccess] f$default(...)
 #   40|             -1: [TypeAccess] TestStaticMember
-#   40|             0: [StringLiteral] static sunk fp
-#   40|             1: [StringLiteral] static sunk 2
+#   40|             0: [StringLiteral] "static sunk fp"
+#   40|             1: [StringLiteral] "static sunk 2"
 #    1|             2: [NullLiteral] null
 #    1|             3: [IntegerLiteral] 3
 #    1|             4: [NullLiteral] null
 #   41|         2: [ExprStmt] <Expr>;
 #   41|           0: [MethodAccess] f(...)
 #   41|             -1: [TypeAccess] TestStaticMember
-#   41|             0: [StringLiteral] not sunk
-#   41|             1: [StringLiteral] static sunk 3
-#   41|             2: [StringLiteral] not sunk
+#   41|             0: [StringLiteral] "not sunk"
+#   41|             1: [StringLiteral] "static sunk 3"
+#   41|             2: [StringLiteral] "not sunk"
 #   46|   5: [Class] ExtendMe
 #   46|     1: [Constructor] ExtendMe
 #   46|       5: [BlockStmt] { ... }
@@ -729,13 +731,13 @@ test.kt:
 #   57|           0: [MethodAccess] sink(...)
 #   57|             -1: [TypeAccess] TestKt
 #   57|             0: [VarAccess] y
-#   56|     4: [Method] test$default
+#   56|     4: [ExtensionMethod] test$default
 #   56|       3: [TypeAccess] Unit
 #-----|       4: (Parameters)
 #   56|         0: [Parameter] p0
-#   56|           0: [TypeAccess] ExtendMe
-#   56|         1: [Parameter] p1
 #   56|           0: [TypeAccess] TestReceiverReferences
+#   56|         1: [Parameter] p1
+#   56|           0: [TypeAccess] ExtendMe
 #   56|         2: [Parameter] p2
 #   56|           0: [TypeAccess] String
 #   56|         3: [Parameter] p3
@@ -759,7 +761,7 @@ test.kt:
 #   56|               1: [MethodAccess] f(...)
 #   56|                 -1: [VarAccess] p0
 #   56|                 0: [MethodAccess] g(...)
-#   56|                   -1: [VarAccess] p1
+#   56|                   -1: [VarAccess] p0
 #   56|                   0: [VarAccess] p2
 #   56|         1: [IfStmt] if (...)
 #   56|           0: [EQExpr] ... == ...
@@ -770,11 +772,11 @@ test.kt:
 #   56|           1: [ExprStmt] <Expr>;
 #   56|             0: [AssignExpr] ...=...
 #   56|               0: [VarAccess] p4
-#   56|               1: [StringLiteral] hello world
+#   56|               1: [StringLiteral] "hello world"
 #   56|         2: [ReturnStmt] return ...
 #   56|           0: [MethodAccess] test(...)
-#   56|             -1: [VarAccess] p1
-#   56|             0: [VarAccess] p0
+#   56|             -1: [VarAccess] p0
+#   56|             0: [ExtensionReceiverAccess] this
 #   56|             1: [VarAccess] p2
 #   56|             2: [VarAccess] p3
 #   56|             3: [VarAccess] p4
@@ -787,9 +789,9 @@ test.kt:
 #   61|         0: [ExprStmt] <Expr>;
 #   61|           0: [MethodAccess] test$default(...)
 #   61|             -1: [TypeAccess] TestReceiverReferences
-#   61|             0: [VarAccess] t
-#   61|             1: [ThisAccess] this
-#   61|             2: [StringLiteral] receiver refs sunk
+#   61|             0: [ThisAccess] this
+#   61|             1: [VarAccess] t
+#   61|             2: [StringLiteral] "receiver refs sunk"
 #    1|             3: [NullLiteral] null
 #    1|             4: [NullLiteral] null
 #    1|             5: [IntegerLiteral] 1
@@ -797,10 +799,10 @@ test.kt:
 #   62|         1: [ExprStmt] <Expr>;
 #   62|           0: [MethodAccess] test$default(...)
 #   62|             -1: [TypeAccess] TestReceiverReferences
-#   62|             0: [VarAccess] t
-#   62|             1: [ThisAccess] this
-#   62|             2: [StringLiteral] receiver refs sunk fp
-#   62|             3: [StringLiteral] receiver refs sunk 2
+#   62|             0: [ThisAccess] this
+#   62|             1: [VarAccess] t
+#   62|             2: [StringLiteral] "receiver refs sunk fp"
+#   62|             3: [StringLiteral] "receiver refs sunk 2"
 #    1|             4: [NullLiteral] null
 #    1|             5: [IntegerLiteral] 3
 #    1|             6: [NullLiteral] null
@@ -808,9 +810,9 @@ test.kt:
 #   63|           0: [MethodAccess] test(...)
 #   63|             -1: [ThisAccess] this
 #   63|             0: [VarAccess] t
-#   63|             1: [StringLiteral] not sunk
-#   63|             2: [StringLiteral] receiver refs sunk 3
-#   63|             3: [StringLiteral] not sunk
+#   63|             1: [StringLiteral] "not sunk"
+#   63|             2: [StringLiteral] "receiver refs sunk 3"
+#   63|             3: [StringLiteral] "not sunk"
 #   68|   7: [Class] TestConstructor
 #   68|     1: [Constructor] TestConstructor
 #-----|       4: (Parameters)
@@ -859,7 +861,7 @@ test.kt:
 #   68|           1: [ExprStmt] <Expr>;
 #   68|             0: [AssignExpr] ...=...
 #   68|               0: [VarAccess] p2
-#   68|               1: [StringLiteral] hello world
+#   68|               1: [StringLiteral] "hello world"
 #   68|         2: [ThisConstructorInvocationStmt] this(...)
 #   68|           0: [VarAccess] p0
 #   68|           1: [VarAccess] p1
@@ -872,7 +874,7 @@ test.kt:
 #   75|             0: [TypeAccess] Unit
 #   75|             1: [ClassInstanceExpr] new TestConstructor(...)
 #   75|               -3: [TypeAccess] TestConstructor
-#   75|               0: [StringLiteral] constructor sunk
+#   75|               0: [StringLiteral] "constructor sunk"
 #    1|               1: [NullLiteral] null
 #    1|               2: [NullLiteral] null
 #    1|               3: [IntegerLiteral] 1
@@ -882,8 +884,8 @@ test.kt:
 #   76|             0: [TypeAccess] Unit
 #   76|             1: [ClassInstanceExpr] new TestConstructor(...)
 #   76|               -3: [TypeAccess] TestConstructor
-#   76|               0: [StringLiteral] constructor sunk fp
-#   76|               1: [StringLiteral] constructor sunk 2
+#   76|               0: [StringLiteral] "constructor sunk fp"
+#   76|               1: [StringLiteral] "constructor sunk 2"
 #    1|               2: [NullLiteral] null
 #    1|               3: [IntegerLiteral] 3
 #    1|               4: [NullLiteral] null
@@ -892,9 +894,9 @@ test.kt:
 #   77|             0: [TypeAccess] Unit
 #   77|             1: [ClassInstanceExpr] new TestConstructor(...)
 #   77|               -3: [TypeAccess] TestConstructor
-#   77|               0: [StringLiteral] not sunk
-#   77|               1: [StringLiteral] constructor sunk 3
-#   77|               2: [StringLiteral] not sunk
+#   77|               0: [StringLiteral] "not sunk"
+#   77|               1: [StringLiteral] "constructor sunk 3"
+#   77|               2: [StringLiteral] "not sunk"
 #   82|   8: [Class] TestLocal
 #   82|     1: [Constructor] TestLocal
 #   82|       5: [BlockStmt] { ... }
@@ -955,7 +957,7 @@ test.kt:
 #   86|                   1: [ExprStmt] <Expr>;
 #   86|                     0: [AssignExpr] ...=...
 #   86|                       0: [VarAccess] p2
-#   86|                       1: [StringLiteral] hello world
+#   86|                       1: [StringLiteral] "hello world"
 #   86|                 2: [ReturnStmt] return ...
 #   86|                   0: [MethodAccess] f(...)
 #   86|                     -1: [ClassInstanceExpr] new (...)
@@ -974,7 +976,7 @@ test.kt:
 #   91|                 0: [ExprStmt] <Expr>;
 #   91|                   0: [MethodAccess] f$default(...)
 #   91|                     -1: [TypeAccess] 
-#   91|                     0: [StringLiteral] local sunk
+#   91|                     0: [StringLiteral] "local sunk"
 #    1|                     1: [NullLiteral] null
 #    1|                     2: [NullLiteral] null
 #    1|                     3: [IntegerLiteral] 1
@@ -982,8 +984,8 @@ test.kt:
 #   92|                 1: [ExprStmt] <Expr>;
 #   92|                   0: [MethodAccess] f$default(...)
 #   92|                     -1: [TypeAccess] 
-#   92|                     0: [StringLiteral] local sunk fp
-#   92|                     1: [StringLiteral] local sunk 2
+#   92|                     0: [StringLiteral] "local sunk fp"
+#   92|                     1: [StringLiteral] "local sunk 2"
 #    1|                     2: [NullLiteral] null
 #    1|                     3: [IntegerLiteral] 3
 #    1|                     4: [NullLiteral] null
@@ -991,9 +993,9 @@ test.kt:
 #   93|                   0: [MethodAccess] f(...)
 #   93|                     -1: [ClassInstanceExpr] new (...)
 #   93|                       -3: [TypeAccess] Object
-#   93|                     0: [StringLiteral] not sunk
-#   93|                     1: [StringLiteral] local sunk 3
-#   93|                     2: [StringLiteral] not sunk
+#   93|                     0: [StringLiteral] "not sunk"
+#   93|                     1: [StringLiteral] "local sunk 3"
+#   93|                     2: [StringLiteral] "not sunk"
 #  100|   9: [Class] TestLocalClass
 #  100|     1: [Constructor] TestLocalClass
 #  100|       5: [BlockStmt] { ... }
@@ -1057,7 +1059,7 @@ test.kt:
 #  106|                   1: [ExprStmt] <Expr>;
 #  106|                     0: [AssignExpr] ...=...
 #  106|                       0: [VarAccess] p3
-#  106|                       1: [StringLiteral] hello world
+#  106|                       1: [StringLiteral] "hello world"
 #  106|                 2: [ReturnStmt] return ...
 #  106|                   0: [MethodAccess] f(...)
 #  106|                     -1: [VarAccess] p0
@@ -1071,7 +1073,7 @@ test.kt:
 #  111|                   0: [MethodAccess] f$default(...)
 #  111|                     -1: [TypeAccess] EnclosingLocalClass
 #  111|                     0: [ThisAccess] this
-#  111|                     1: [StringLiteral] local sunk
+#  111|                     1: [StringLiteral] "local sunk"
 #    1|                     2: [NullLiteral] null
 #    1|                     3: [NullLiteral] null
 #    1|                     4: [IntegerLiteral] 1
@@ -1080,17 +1082,17 @@ test.kt:
 #  112|                   0: [MethodAccess] f$default(...)
 #  112|                     -1: [TypeAccess] EnclosingLocalClass
 #  112|                     0: [ThisAccess] this
-#  112|                     1: [StringLiteral] local sunk fp
-#  112|                     2: [StringLiteral] local sunk 2
+#  112|                     1: [StringLiteral] "local sunk fp"
+#  112|                     2: [StringLiteral] "local sunk 2"
 #    1|                     3: [NullLiteral] null
 #    1|                     4: [IntegerLiteral] 3
 #    1|                     5: [NullLiteral] null
 #  113|                 2: [ExprStmt] <Expr>;
 #  113|                   0: [MethodAccess] f(...)
 #  113|                     -1: [ThisAccess] this
-#  113|                     0: [StringLiteral] not sunk
-#  113|                     1: [StringLiteral] local sunk 3
-#  113|                     2: [StringLiteral] not sunk
+#  113|                     0: [StringLiteral] "not sunk"
+#  113|                     1: [StringLiteral] "local sunk 3"
+#  113|                     2: [StringLiteral] "not sunk"
 #  122|   10: [Class,GenericType,ParameterizedType] TestGeneric
 #-----|     -2: (Generic Parameters)
 #  122|       0: [TypeVariable] T
@@ -1168,7 +1170,7 @@ test.kt:
 #  129|           0: [MethodAccess] f$default(...)
 #  129|             -1: [TypeAccess] TestGeneric<>
 #  129|             0: [VarAccess] tgs
-#  129|             1: [StringLiteral] generic sunk
+#  129|             1: [StringLiteral] "generic sunk"
 #    1|             2: [NullLiteral] null
 #    1|             3: [NullLiteral] null
 #    1|             4: [IntegerLiteral] 1
@@ -1177,23 +1179,23 @@ test.kt:
 #  130|           0: [MethodAccess] f$default(...)
 #  130|             -1: [TypeAccess] TestGeneric<>
 #  130|             0: [VarAccess] tcs
-#  130|             1: [StringLiteral] generic sunk fp
-#  130|             2: [StringLiteral] generic sunk 2
+#  130|             1: [StringLiteral] "generic sunk fp"
+#  130|             2: [StringLiteral] "generic sunk 2"
 #    1|             3: [NullLiteral] null
 #    1|             4: [IntegerLiteral] 3
 #    1|             5: [NullLiteral] null
 #  131|         2: [ExprStmt] <Expr>;
 #  131|           0: [MethodAccess] f(...)
 #  131|             -1: [VarAccess] tgs
-#  131|             0: [StringLiteral] not sunk
-#  131|             1: [StringLiteral] generic sunk 3
-#  131|             2: [StringLiteral] not sunk
+#  131|             0: [StringLiteral] "not sunk"
+#  131|             1: [StringLiteral] "generic sunk 3"
+#  131|             2: [StringLiteral] "not sunk"
 #  132|         3: [ExprStmt] <Expr>;
 #  132|           0: [MethodAccess] f(...)
 #  132|             -1: [VarAccess] tcs
-#  132|             0: [StringLiteral] not sunk
-#  132|             1: [StringLiteral] generic sunk 3
-#  132|             2: [StringLiteral] not sunk
+#  132|             0: [StringLiteral] "not sunk"
+#  132|             1: [StringLiteral] "generic sunk 3"
+#  132|             2: [StringLiteral] "not sunk"
 #  135|     5: [Method] testReturn
 #  135|       3: [TypeAccess] T
 #-----|       4: (Parameters)
@@ -1246,7 +1248,7 @@ test.kt:
 #  138|             0: [MethodAccess] testReturn$default(...)
 #  138|               -1: [TypeAccess] TestGeneric<>
 #  138|               0: [VarAccess] tgs
-#  138|               1: [StringLiteral] sunk return value
+#  138|               1: [StringLiteral] "sunk return value"
 #    1|               2: [NullLiteral] null
 #    1|               3: [IntegerLiteral] 1
 #    1|               4: [NullLiteral] null
@@ -1381,7 +1383,7 @@ test.kt:
 #  150|           0: [MethodAccess] f$default(...)
 #  150|             -1: [TypeAccess] TestGenericFunction<>
 #  150|             0: [VarAccess] inst
-#  150|             1: [StringLiteral] generic function sunk
+#  150|             1: [StringLiteral] "generic function sunk"
 #    1|             2: [NullLiteral] null
 #    1|             3: [NullLiteral] null
 #    1|             4: [NullLiteral] null
@@ -1393,8 +1395,8 @@ test.kt:
 #  151|           0: [MethodAccess] f$default(...)
 #  151|             -1: [TypeAccess] TestGenericFunction<>
 #  151|             0: [VarAccess] inst
-#  151|             1: [StringLiteral] generic function sunk fp
-#  151|             2: [StringLiteral] generic function sunk 2
+#  151|             1: [StringLiteral] "generic function sunk fp"
+#  151|             2: [StringLiteral] "generic function sunk 2"
 #    1|             3: [NullLiteral] null
 #    1|             4: [NullLiteral] null
 #    1|             5: [NullLiteral] null
@@ -1612,7 +1614,7 @@ test.kt:
 #  171|                 -1: [ClassInstanceExpr] new TestGenericUsedWithinDefaultValue<String>(...)
 #  171|                   -3: [TypeAccess] TestGenericUsedWithinDefaultValue<String>
 #  171|                     0: [TypeAccess] String
-#  171|                 0: [StringLiteral] Hello world
+#  171|                 0: [StringLiteral] "Hello world"
 #  171|         1: [ReturnStmt] return ...
 #  171|           0: [MethodAccess] f(...)
 #  171|             -1: [VarAccess] p0
@@ -1662,7 +1664,7 @@ test.kt:
 #  179|           1: [ExprStmt] <Expr>;
 #  179|             0: [AssignExpr] ...=...
 #  179|               0: [VarAccess] p2
-#  179|               1: [StringLiteral] Hello world
+#  179|               1: [StringLiteral] "Hello world"
 #  179|         1: [ReturnStmt] return ...
 #  179|           0: [MethodAccess] f(...)
 #  179|             -1: [VarAccess] p0
diff --git a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected
index 64fffd47586..9f4ece3d033 100644
--- a/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/reflection/PrintAst.expected
@@ -45,7 +45,7 @@ reflection.kt:
 #   50|                 -3: [TypeAccess] KProperty1<String,Character>
 #   50|                   0: [TypeAccess] String
 #   50|                   1: [TypeAccess] Character
-#   50|               0: [StringLiteral] abc
+#   50|               0: [StringLiteral] "abc"
 #   51|         1: [ExprStmt] <Expr>;
 #   51|           0: [MethodAccess] println(...)
 #   51|             -1: [TypeAccess] ConsoleKt
@@ -78,7 +78,7 @@ reflection.kt:
 #   51|                           -1: [ThisAccess] this
 #   51|                 -3: [TypeAccess] KProperty0<Character>
 #   51|                   0: [TypeAccess] Character
-#   51|                 0: [StringLiteral] abcd
+#   51|                 0: [StringLiteral] "abcd"
 #   54|     3: [ExtensionMethod] ext1
 #-----|       2: (Generic Parameters)
 #   54|         0: [TypeVariable] T2
@@ -118,7 +118,7 @@ reflection.kt:
 #   97|               0: [TypeAccess] String
 #   97|             -2: [TypeAccess] String
 #   97|             -1: [TypeAccess] ReflectionKt
-#   97|             0: [StringLiteral] 
+#   97|             0: [StringLiteral] ""
 #   97|             1: [MemberRefExpr] ...::...
 #   97|               -4: [AnonymousClass] new Function1<String,Class2<String>>(...) { ... }
 #   97|                 1: [Constructor] 
@@ -143,7 +143,7 @@ reflection.kt:
 #   98|             -3: [TypeAccess] Unit
 #   98|             -2: [TypeAccess] String
 #   98|             -1: [TypeAccess] ReflectionKt
-#   98|             0: [StringLiteral] 
+#   98|             0: [StringLiteral] ""
 #   98|             1: [MemberRefExpr] ...::...
 #   98|               -4: [AnonymousClass] new Function1<String,Unit>(...) { ... }
 #   98|                 1: [Constructor] 
@@ -169,7 +169,7 @@ reflection.kt:
 #   99|               1: [TypeAccess] Integer
 #   99|             -2: [TypeAccess] String
 #   99|             -1: [TypeAccess] ReflectionKt
-#   99|             0: [StringLiteral] 
+#   99|             0: [StringLiteral] ""
 #   99|             1: [MemberRefExpr] ...::...
 #   99|               -4: [AnonymousClass] new Function1<String,Inner<String>>(...) { ... }
 #   99|                 1: [Constructor] 
@@ -534,7 +534,7 @@ reflection.kt:
 #  150|           0: [AddExpr] ... + ...
 #  150|             0: [VarAccess] x
 #  150|             1: [VarAccess] y
-#  150|     20: [Method] extTakesOptionalParam$default
+#  150|     20: [ExtensionMethod] extTakesOptionalParam$default
 #  150|       3: [TypeAccess] int
 #-----|       4: (Parameters)
 #  150|         0: [Parameter] p0
@@ -561,7 +561,7 @@ reflection.kt:
 #  150|         1: [ReturnStmt] return ...
 #  150|           0: [MethodAccess] extTakesOptionalParam(...)
 #  150|             -1: [TypeAccess] ReflectionKt
-#  150|             0: [VarAccess] p0
+#  150|             0: [ExtensionReceiverAccess] this
 #  150|             1: [VarAccess] p1
 #  150|             2: [VarAccess] p2
 #  152|     21: [Method] extensionAdaptedParams
@@ -1026,7 +1026,7 @@ reflection.kt:
 #   24|                           0: [ValueEQExpr] ... (value equals) ...
 #   24|                             0: [MethodAccess] getName(...)
 #   24|                               -1: [VarAccess] it
-#   24|                             1: [StringLiteral] p3
+#   24|                             1: [StringLiteral] "p3"
 #   24|                   -3: [TypeAccess] Function1<KCallable<?>,Boolean>
 #   24|                     0: [TypeAccess] KCallable<?>
 #   24|                     1: [TypeAccess] Boolean
@@ -1534,7 +1534,7 @@ reflection.kt:
 #   90|               1: [TypeAccess] T
 #   90|             -2: [TypeAccess] String
 #   90|             -1: [TypeAccess] ReflectionKt
-#   90|             0: [StringLiteral] 
+#   90|             0: [StringLiteral] ""
 #   90|             1: [MemberRefExpr] ...::...
 #   90|               -4: [AnonymousClass] new Function1<String,Inner<String>>(...) { ... }
 #   90|                 1: [Constructor] 
diff --git a/java/ql/test/kotlin/library-tests/reflection/reflection.expected b/java/ql/test/kotlin/library-tests/reflection/reflection.expected
index e6a864b11a4..f2482a81ec1 100644
--- a/java/ql/test/kotlin/library-tests/reflection/reflection.expected
+++ b/java/ql/test/kotlin/library-tests/reflection/reflection.expected
@@ -1,26 +1,26 @@
 variableInitializerType
-| reflection.kt:7:9:7:54 | KFunction<Double> ref | file://<external>/KFunction.class:0:0:0:0 | KFunction<Double> | reflection.kt:7:49:7:54 | new Function2<Ccc,Integer,Double>(...) { ... } | file://<external>/Function2.class:0:0:0:0 | Function2<Ccc,Integer,Double> | true |
-| reflection.kt:7:9:7:54 | KFunction<Double> ref | file://<external>/KFunction.class:0:0:0:0 | KFunction<Double> | reflection.kt:7:49:7:54 | new Function2<Ccc,Integer,Double>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
-| reflection.kt:10:9:10:42 | KProperty1<C,Integer> x0 | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | reflection.kt:10:38:10:42 | new KProperty1<C,Integer>(...) { ... } | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | true |
-| reflection.kt:10:9:10:42 | KProperty1<C,Integer> x0 | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | reflection.kt:10:38:10:42 | new KProperty1<C,Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
-| reflection.kt:13:9:13:53 | Getter<C,Integer> x3 | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/Function1.class:0:0:0:0 | Function1<C,Integer> | true |
-| reflection.kt:13:9:13:53 | Getter<C,Integer> x3 | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty$Getter.class:0:0:0:0 | Getter<Integer> | true |
-| reflection.kt:14:9:14:44 | KFunction<Integer> x4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Integer> | reflection.kt:14:38:14:44 | new Function1<C,Integer>(...) { ... } | file://<external>/Function1.class:0:0:0:0 | Function1<C,Integer> | true |
-| reflection.kt:14:9:14:44 | KFunction<Integer> x4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Integer> | reflection.kt:14:38:14:44 | new Function1<C,Integer>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
-| reflection.kt:15:9:15:41 | KProperty0<Integer> x5 | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | reflection.kt:15:35:15:41 | new KProperty0<Integer>(...) { ... } | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | true |
-| reflection.kt:15:9:15:41 | KProperty0<Integer> x5 | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | reflection.kt:15:35:15:41 | new KProperty0<Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
-| reflection.kt:17:9:17:49 | KMutableProperty1<C,Integer> y0 | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | reflection.kt:17:45:17:49 | new KMutableProperty1<C,Integer>(...) { ... } | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | true |
-| reflection.kt:17:9:17:49 | KMutableProperty1<C,Integer> y0 | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | reflection.kt:17:45:17:49 | new KMutableProperty1<C,Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
-| reflection.kt:20:9:20:60 | Setter<C,Integer> y3 | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Unit> | true |
-| reflection.kt:20:9:20:60 | Setter<C,Integer> y3 | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty$Setter.class:0:0:0:0 | Setter<Integer> | true |
-| reflection.kt:21:9:21:50 | KFunction<Unit> y4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:21:44:21:50 | new Function2<C,Integer,Unit>(...) { ... } | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Unit> | true |
-| reflection.kt:21:9:21:50 | KFunction<Unit> y4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:21:44:21:50 | new Function2<C,Integer,Unit>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
-| reflection.kt:22:9:22:48 | KMutableProperty0<Integer> y5 | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | reflection.kt:22:42:22:48 | new KMutableProperty0<Integer>(...) { ... } | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | true |
-| reflection.kt:22:9:22:48 | KMutableProperty0<Integer> y5 | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | reflection.kt:22:42:22:48 | new KMutableProperty0<Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
-| reflection.kt:24:9:24:91 | KProperty2<C,Integer,Integer> prop | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Integer> | true |
-| reflection.kt:24:9:24:91 | KProperty2<C,Integer,Integer> prop | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty.class:0:0:0:0 | KProperty<Integer> | true |
-| reflection.kt:116:9:116:44 | KFunction<Unit> x | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:116:40:116:44 | new Function1<Integer,Unit>(...) { ... } | file://<external>/Function1.class:0:0:0:0 | Function1<Integer,Unit> | true |
-| reflection.kt:116:9:116:44 | KFunction<Unit> x | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:116:40:116:44 | new Function1<Integer,Unit>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
+| reflection.kt:7:13:7:15 | KFunction<Double> ref | file://<external>/KFunction.class:0:0:0:0 | KFunction<Double> | reflection.kt:7:49:7:54 | new Function2<Ccc,Integer,Double>(...) { ... } | file://<external>/Function2.class:0:0:0:0 | Function2<Ccc,Integer,Double> | true |
+| reflection.kt:7:13:7:15 | KFunction<Double> ref | file://<external>/KFunction.class:0:0:0:0 | KFunction<Double> | reflection.kt:7:49:7:54 | new Function2<Ccc,Integer,Double>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
+| reflection.kt:10:13:10:14 | KProperty1<C,Integer> x0 | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | reflection.kt:10:38:10:42 | new KProperty1<C,Integer>(...) { ... } | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | true |
+| reflection.kt:10:13:10:14 | KProperty1<C,Integer> x0 | file://<external>/KProperty1.class:0:0:0:0 | KProperty1<C,Integer> | reflection.kt:10:38:10:42 | new KProperty1<C,Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
+| reflection.kt:13:13:13:14 | Getter<C,Integer> x3 | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/Function1.class:0:0:0:0 | Function1<C,Integer> | true |
+| reflection.kt:13:13:13:14 | Getter<C,Integer> x3 | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty1$Getter.class:0:0:0:0 | Getter<C,Integer> | file://<external>/KProperty$Getter.class:0:0:0:0 | Getter<Integer> | true |
+| reflection.kt:14:13:14:14 | KFunction<Integer> x4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Integer> | reflection.kt:14:38:14:44 | new Function1<C,Integer>(...) { ... } | file://<external>/Function1.class:0:0:0:0 | Function1<C,Integer> | true |
+| reflection.kt:14:13:14:14 | KFunction<Integer> x4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Integer> | reflection.kt:14:38:14:44 | new Function1<C,Integer>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
+| reflection.kt:15:13:15:14 | KProperty0<Integer> x5 | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | reflection.kt:15:35:15:41 | new KProperty0<Integer>(...) { ... } | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | true |
+| reflection.kt:15:13:15:14 | KProperty0<Integer> x5 | file://<external>/KProperty0.class:0:0:0:0 | KProperty0<Integer> | reflection.kt:15:35:15:41 | new KProperty0<Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
+| reflection.kt:17:13:17:14 | KMutableProperty1<C,Integer> y0 | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | reflection.kt:17:45:17:49 | new KMutableProperty1<C,Integer>(...) { ... } | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | true |
+| reflection.kt:17:13:17:14 | KMutableProperty1<C,Integer> y0 | file://<external>/KMutableProperty1.class:0:0:0:0 | KMutableProperty1<C,Integer> | reflection.kt:17:45:17:49 | new KMutableProperty1<C,Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
+| reflection.kt:20:13:20:14 | Setter<C,Integer> y3 | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Unit> | true |
+| reflection.kt:20:13:20:14 | Setter<C,Integer> y3 | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty1$Setter.class:0:0:0:0 | Setter<C,Integer> | file://<external>/KMutableProperty$Setter.class:0:0:0:0 | Setter<Integer> | true |
+| reflection.kt:21:13:21:14 | KFunction<Unit> y4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:21:44:21:50 | new Function2<C,Integer,Unit>(...) { ... } | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Unit> | true |
+| reflection.kt:21:13:21:14 | KFunction<Unit> y4 | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:21:44:21:50 | new Function2<C,Integer,Unit>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
+| reflection.kt:22:13:22:14 | KMutableProperty0<Integer> y5 | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | reflection.kt:22:42:22:48 | new KMutableProperty0<Integer>(...) { ... } | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | true |
+| reflection.kt:22:13:22:14 | KMutableProperty0<Integer> y5 | file://<external>/KMutableProperty0.class:0:0:0:0 | KMutableProperty0<Integer> | reflection.kt:22:42:22:48 | new KMutableProperty0<Integer>(...) { ... } | file://<external>/PropertyReference.class:0:0:0:0 | PropertyReference | true |
+| reflection.kt:24:13:24:16 | KProperty2<C,Integer,Integer> prop | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/Function2.class:0:0:0:0 | Function2<C,Integer,Integer> | true |
+| reflection.kt:24:13:24:16 | KProperty2<C,Integer,Integer> prop | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty2.class:0:0:0:0 | KProperty2<C,Integer,Integer> | file://<external>/KProperty.class:0:0:0:0 | KProperty<Integer> | true |
+| reflection.kt:116:13:116:13 | KFunction<Unit> x | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:116:40:116:44 | new Function1<Integer,Unit>(...) { ... } | file://<external>/Function1.class:0:0:0:0 | Function1<Integer,Unit> | true |
+| reflection.kt:116:13:116:13 | KFunction<Unit> x | file://<external>/KFunction.class:0:0:0:0 | KFunction<Unit> | reflection.kt:116:40:116:44 | new Function1<Integer,Unit>(...) { ... } | file://<external>/FunctionReference.class:0:0:0:0 | FunctionReference | true |
 invocation
 | reflection.kt:8:17:8:24 | getName(...) | file://<external>/KCallable.class:0:0:0:0 | getName |
 | reflection.kt:11:23:11:33 | get(...) | file://<external>/KProperty1.class:0:0:0:0 | get |
@@ -282,23 +282,58 @@ compGenerated
 | file://<external>/LongRange.class:0:0:0:0 | forEach | Forwarder for a Kotlin class inheriting an interface default method |
 | file://<external>/LongRange.class:0:0:0:0 | spliterator | Forwarder for a Kotlin class inheriting an interface default method |
 | file://<external>/String.class:0:0:0:0 | isEmpty | Forwarder for a Kotlin class inheriting an interface default method |
+| reflection.kt:7:49:7:54 | new Function2<Ccc,Integer,Double>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:10:38:10:42 | new KProperty1<C,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:14:38:14:44 | new Function1<C,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:15:35:15:41 | new KProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:17:45:17:49 | new KMutableProperty1<C,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:21:44:21:50 | new Function2<C,Integer,Unit>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:22:42:22:48 | new KMutableProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:24:46:24:64 | new Function1<KCallable<?>,Boolean>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:33:9:33:23 | getP0 | Default property accessor |
 | reflection.kt:34:9:34:23 | getP1 | Default property accessor |
 | reflection.kt:34:9:34:23 | setP1 | Default property accessor |
+| reflection.kt:50:13:50:28 | new KProperty1<String,Character>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:51:13:51:28 | new KProperty0<Character>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:60:17:60:32 | new Function2<Generic<Integer>,Integer,String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:61:17:61:34 | new Function1<Integer,String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:62:17:62:34 | new Function1<Generic<Integer>,String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:63:17:63:36 | new Function0<String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:64:17:64:34 | new Function1<Generic<Integer>,String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:65:17:65:36 | new Function0<String>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:67:17:67:32 | new KMutableProperty1<Generic<Integer>,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:68:17:68:34 | new KMutableProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:70:17:70:30 | new KProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:71:17:71:34 | new KProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:72:17:72:35 | new KMutableProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:83:17:83:28 | getValue | Default property accessor |
+| reflection.kt:90:18:90:24 | new Function1<String,Inner<String>>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:97:14:97:21 | new Function1<String,Class2<String>>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:98:14:98:17 | new Function1<String,Unit>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:99:14:99:29 | new Function1<String,Inner<String>>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:105:18:105:31 | getProp1 | Default property accessor |
 | reflection.kt:105:18:105:31 | setProp1 | Default property accessor |
+| reflection.kt:109:17:109:27 | new KMutableProperty0<Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
+| reflection.kt:115:9:115:27 |  | The class around a local function, a lambda, or a function reference |
+| reflection.kt:116:40:116:44 | new Function1<Integer,Unit>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:126:9:126:13 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:126:9:126:13 | new Function0<Unit>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:131:1:131:50 | takesOptionalParam$default | Forwarder for Kotlin calls that need default arguments filling in |
 | reflection.kt:134:21:134:40 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:134:21:134:40 | new Function1<Integer,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:140:5:140:54 | takesOptionalParam$default | Forwarder for Kotlin calls that need default arguments filling in |
 | reflection.kt:144:21:144:41 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:144:21:144:41 | new Function1<Integer,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:145:32:145:70 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:145:32:145:70 | new Function2<MemberOptionalsTest,Integer,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:150:1:150:60 | extTakesOptionalParam$default | Forwarder for Kotlin calls that need default arguments filling in |
 | reflection.kt:153:21:153:44 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:153:21:153:44 | new Function1<Integer,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:154:33:154:61 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:154:33:154:61 | new Function2<String,Integer,Integer>(...) { ... } | The class around a local function, a lambda, or a function reference |
 | reflection.kt:157:1:157:49 | ConstructorOptional | Forwarder for Kotlin calls that need default arguments filling in |
 | reflection.kt:162:25:162:45 |  | Declaring classes of adapter functions in Kotlin |
+| reflection.kt:162:25:162:45 | new Function1<Integer,ConstructorOptional>(...) { ... } | The class around a local function, a lambda, or a function reference |
 propertyReferenceOverrides
 | reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | get | kotlin.reflect.KProperty1<C,Integer>.get(Reflection.C) |
 | reflection.kt:10:38:10:42 | ...::... | reflection.kt:10:38:10:42 | invoke | kotlin.jvm.functions.Function1<C,Integer>.invoke(Reflection.C) |
diff --git a/java/ql/test/kotlin/library-tests/stmts/PrintAst.expected b/java/ql/test/kotlin/library-tests/stmts/PrintAst.expected
index 2edcd3755b6..9cb7aac3c0f 100644
--- a/java/ql/test/kotlin/library-tests/stmts/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/stmts/PrintAst.expected
@@ -163,12 +163,12 @@ stmts.kt:
 #   41|           2: [BlockStmt] { ... }
 #   41|             0: [LocalVariableDeclStmt] var ...;
 #   41|               1: [LocalVariableDeclExpr] v
-#   41|                 0: [MethodAccess] component1(...)
+#    0|                 0: [MethodAccess] component1(...)
 #   41|                   -1: [VarAccess] tmp3_loop_parameter
 #   41|             1: [LocalVariableDeclStmt] var ...;
 #   41|               1: [LocalVariableDeclExpr] i
-#   41|                 0: [MethodAccess] component2(...)
-#   41|                   -1: [VarAccess] tmp3_loop_parameter
+#    0|                 0: [MethodAccess] component2(...)
+#    0|                   -1: [VarAccess] tmp3_loop_parameter
 #   41|             2: [BlockStmt] { ... }
 #   42|               0: [ExprStmt] <Expr>;
 #   42|                 0: [WhenExpr] when ...
@@ -188,7 +188,7 @@ stmts.kt:
 #   48|             0: [ThrowStmt] throw ...
 #   48|               0: [ClassInstanceExpr] new Exception(...)
 #   48|                 -3: [TypeAccess] Exception
-#   48|                 0: [StringLiteral] Foo
+#   48|                 0: [StringLiteral] "Foo"
 #   50|           0: [CatchClause] catch (...)
 #-----|             0: (Single Local Variable Declaration)
 #   50|               0: [TypeAccess] Exception
diff --git a/java/ql/test/kotlin/library-tests/stmts/exprs.expected b/java/ql/test/kotlin/library-tests/stmts/exprs.expected
index 01631139da3..5f652fdb17c 100644
--- a/java/ql/test/kotlin/library-tests/stmts/exprs.expected
+++ b/java/ql/test/kotlin/library-tests/stmts/exprs.expected
@@ -1,3 +1,6 @@
+| stmts.kt:0:0:0:0 | component1(...) | MethodAccess |
+| stmts.kt:0:0:0:0 | component2(...) | MethodAccess |
+| stmts.kt:0:0:0:0 | tmp3_loop_parameter | VarAccess |
 | stmts.kt:2:1:20:1 | int | TypeAccess |
 | stmts.kt:2:20:2:25 | int | TypeAccess |
 | stmts.kt:2:28:2:33 | int | TypeAccess |
@@ -21,9 +24,9 @@
 | stmts.kt:14:13:14:13 | x | VarAccess |
 | stmts.kt:14:13:14:17 | ... < ... | LTExpr |
 | stmts.kt:14:17:14:17 | y | VarAccess |
-| stmts.kt:15:5:15:13 | z | LocalVariableDeclExpr |
+| stmts.kt:15:9:15:9 | z | LocalVariableDeclExpr |
 | stmts.kt:15:13:15:13 | 3 | IntegerLiteral |
-| stmts.kt:17:5:17:58 | q2 | LocalVariableDeclExpr |
+| stmts.kt:17:9:17:10 | q2 | LocalVariableDeclExpr |
 | stmts.kt:17:26:17:58 | true | BooleanLiteral |
 | stmts.kt:17:26:17:58 | when ... | WhenExpr |
 | stmts.kt:17:29:17:32 | true | BooleanLiteral |
@@ -33,7 +36,7 @@
 | stmts.kt:17:52:17:52 | z | VarAccess |
 | stmts.kt:17:52:17:56 | ...=... | AssignExpr |
 | stmts.kt:17:56:17:56 | 5 | IntegerLiteral |
-| stmts.kt:18:5:18:56 | q3 | LocalVariableDeclExpr |
+| stmts.kt:18:9:18:10 | q3 | LocalVariableDeclExpr |
 | stmts.kt:18:26:18:56 | true | BooleanLiteral |
 | stmts.kt:18:26:18:56 | when ... | WhenExpr |
 | stmts.kt:18:29:18:32 | true | BooleanLiteral |
@@ -81,13 +84,10 @@
 | stmts.kt:38:18:38:18 | y | VarAccess |
 | stmts.kt:38:18:38:24 | ... > ... | GTExpr |
 | stmts.kt:38:22:38:24 | 100 | IntegerLiteral |
-| stmts.kt:41:11:41:11 | component1(...) | MethodAccess |
 | stmts.kt:41:11:41:11 | v | LocalVariableDeclExpr |
-| stmts.kt:41:13:41:13 | component2(...) | MethodAccess |
 | stmts.kt:41:13:41:13 | i | LocalVariableDeclExpr |
 | stmts.kt:41:19:41:36 | tmp3_loop_parameter | LocalVariableDeclExpr |
 | stmts.kt:41:19:41:36 | tmp3_loop_parameter | VarAccess |
-| stmts.kt:41:19:41:36 | tmp3_loop_parameter | VarAccess |
 | stmts.kt:41:20:41:20 | x | VarAccess |
 | stmts.kt:41:20:41:23 | rangeTo(...) | MethodAccess |
 | stmts.kt:41:20:41:36 | CollectionsKt | TypeAccess |
@@ -101,7 +101,7 @@
 | stmts.kt:46:1:56:1 | int | TypeAccess |
 | stmts.kt:48:15:48:30 | Exception | TypeAccess |
 | stmts.kt:48:15:48:30 | new Exception(...) | ClassInstanceExpr |
-| stmts.kt:48:26:48:28 | Foo | StringLiteral |
+| stmts.kt:48:26:48:28 | "Foo" | StringLiteral |
 | stmts.kt:50:12:50:23 | Exception | TypeAccess |
 | stmts.kt:50:12:50:23 | e | LocalVariableDeclExpr |
 | stmts.kt:51:16:51:16 | 1 | IntegerLiteral |
diff --git a/java/ql/test/kotlin/library-tests/stmts/exprs.ql b/java/ql/test/kotlin/library-tests/stmts/exprs.ql
index 6ded7c0026d..c2ae4f55ac7 100644
--- a/java/ql/test/kotlin/library-tests/stmts/exprs.ql
+++ b/java/ql/test/kotlin/library-tests/stmts/exprs.ql
@@ -1,4 +1,5 @@
 import java
 
 from Expr e
+where e.getFile().isSourceFile()
 select e, e.getPrimaryQlClasses()
diff --git a/java/ql/test/kotlin/library-tests/stmts/stmts.expected b/java/ql/test/kotlin/library-tests/stmts/stmts.expected
index c1fae753f23..716bea1649a 100644
--- a/java/ql/test/kotlin/library-tests/stmts/stmts.expected
+++ b/java/ql/test/kotlin/library-tests/stmts/stmts.expected
@@ -15,17 +15,17 @@ enclosing
 | stmts.kt:12:5:14:18 | { ... } | stmts.kt:2:41:20:1 | { ... } |
 | stmts.kt:12:8:14:5 | { ... } | stmts.kt:12:5:14:18 | do ... while (...) |
 | stmts.kt:13:9:13:16 | return ... | stmts.kt:12:8:14:5 | { ... } |
-| stmts.kt:15:5:15:13 | var ...; | stmts.kt:2:41:20:1 | { ... } |
-| stmts.kt:17:5:17:58 | var ...; | stmts.kt:2:41:20:1 | { ... } |
-| stmts.kt:17:26:17:58 | ... -> ... | stmts.kt:17:5:17:58 | var ...; |
-| stmts.kt:17:26:17:58 | ... -> ... | stmts.kt:17:5:17:58 | var ...; |
+| stmts.kt:15:9:15:9 | var ...; | stmts.kt:2:41:20:1 | { ... } |
+| stmts.kt:17:9:17:10 | var ...; | stmts.kt:2:41:20:1 | { ... } |
+| stmts.kt:17:26:17:58 | ... -> ... | stmts.kt:17:9:17:10 | var ...; |
+| stmts.kt:17:26:17:58 | ... -> ... | stmts.kt:17:9:17:10 | var ...; |
 | stmts.kt:17:35:17:43 | { ... } | stmts.kt:17:26:17:58 | ... -> ... |
 | stmts.kt:17:37:17:37 | <Expr>; | stmts.kt:17:35:17:43 | { ... } |
 | stmts.kt:17:50:17:58 | { ... } | stmts.kt:17:26:17:58 | ... -> ... |
 | stmts.kt:17:52:17:52 | <Expr>; | stmts.kt:17:50:17:58 | { ... } |
-| stmts.kt:18:5:18:56 | var ...; | stmts.kt:2:41:20:1 | { ... } |
-| stmts.kt:18:26:18:56 | ... -> ... | stmts.kt:18:5:18:56 | var ...; |
-| stmts.kt:18:26:18:56 | ... -> ... | stmts.kt:18:5:18:56 | var ...; |
+| stmts.kt:18:9:18:10 | var ...; | stmts.kt:2:41:20:1 | { ... } |
+| stmts.kt:18:26:18:56 | ... -> ... | stmts.kt:18:9:18:10 | var ...; |
+| stmts.kt:18:26:18:56 | ... -> ... | stmts.kt:18:9:18:10 | var ...; |
 | stmts.kt:18:37:18:37 | <Expr>; | stmts.kt:18:26:18:56 | ... -> ... |
 | stmts.kt:18:52:18:52 | <Expr>; | stmts.kt:18:26:18:56 | ... -> ... |
 | stmts.kt:19:5:19:16 | return ... | stmts.kt:2:41:20:1 | { ... } |
@@ -88,15 +88,15 @@ enclosing
 | stmts.kt:12:5:14:18 | { ... } | BlockStmt |
 | stmts.kt:12:8:14:5 | { ... } | BlockStmt |
 | stmts.kt:13:9:13:16 | return ... | ReturnStmt |
-| stmts.kt:15:5:15:13 | var ...; | LocalVariableDeclStmt |
-| stmts.kt:17:5:17:58 | var ...; | LocalVariableDeclStmt |
+| stmts.kt:15:9:15:9 | var ...; | LocalVariableDeclStmt |
+| stmts.kt:17:9:17:10 | var ...; | LocalVariableDeclStmt |
 | stmts.kt:17:26:17:58 | ... -> ... | WhenBranch |
 | stmts.kt:17:26:17:58 | ... -> ... | WhenBranch |
 | stmts.kt:17:35:17:43 | { ... } | BlockStmt |
 | stmts.kt:17:37:17:37 | <Expr>; | ExprStmt |
 | stmts.kt:17:50:17:58 | { ... } | BlockStmt |
 | stmts.kt:17:52:17:52 | <Expr>; | ExprStmt |
-| stmts.kt:18:5:18:56 | var ...; | LocalVariableDeclStmt |
+| stmts.kt:18:9:18:10 | var ...; | LocalVariableDeclStmt |
 | stmts.kt:18:26:18:56 | ... -> ... | WhenBranch |
 | stmts.kt:18:26:18:56 | ... -> ... | WhenBranch |
 | stmts.kt:18:37:18:37 | <Expr>; | ExprStmt |
diff --git a/java/ql/test/kotlin/library-tests/trap/diags.expected b/java/ql/test/kotlin/library-tests/trap/diags.expected
index 377b7fd0a99..a4a774de5f9 100644
--- a/java/ql/test/kotlin/library-tests/trap/diags.expected
+++ b/java/ql/test/kotlin/library-tests/trap/diags.expected
@@ -1,9 +1,11 @@
-| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting '//A03BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:22:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE'  ...while extracting a expression (<no name>) at long_string.kt:16:31:16:1048607\n  ...while extracting a variable expr (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a variable (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a statement (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE'  ...while extracting a expression (<no name>) at long_string.kt:16:31:16:1048607\n  ...while extracting a variable expr (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a variable (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a statement (longStringLiteral3) at long_string.kt:16:5:16:1048608\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting '//A04BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:22:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting '//A05"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""', ending '""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""CDEF'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:22:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'A"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""', ending '""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""CDEF'  ...while extracting a expression (<no name>) at long_string.kt:18:31:18:2097181\n  ...while extracting a variable expr (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a variable (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a statement (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'A"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""', ending '""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""CDEF'  ...while extracting a expression (<no name>) at long_string.kt:18:31:18:2097181\n  ...while extracting a variable expr (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a variable (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a statement (longStringLiteral5) at long_string.kt:18:5:18:2097182\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF'  ...while extracting a expression (<no name>) at long_string.kt:17:31:17:1048608\n  ...while extracting a variable expr (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a variable (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a statement (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
-| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF'  ...while extracting a expression (<no name>) at long_string.kt:17:31:17:1048608\n  ...while extracting a variable expr (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a variable (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a statement (longStringLiteral4) at long_string.kt:17:5:17:1048609\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting '"ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBC"'  ...while extracting a expression (<no name>) at long_string.kt:14:31:14:1048605\n  ...while extracting a variable expr (longStringLiteral1) at long_string.kt:14:9:14:26\n  ...while extracting a variable (longStringLiteral1) at long_string.kt:14:9:14:26\n  ...while extracting a statement (longStringLiteral1) at long_string.kt:14:9:14:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting '//A03BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:24:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048577 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048577 | DATE TIME Truncated string of length 1048577\nTruncated string of length 1048577, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE'  ...while extracting a expression (<no name>) at long_string.kt:16:31:16:1048607\n  ...while extracting a variable expr (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a variable (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a statement (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting '"ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCD"'  ...while extracting a expression (<no name>) at long_string.kt:15:31:15:1048606\n  ...while extracting a variable expr (longStringLiteral2) at long_string.kt:15:9:15:26\n  ...while extracting a variable (longStringLiteral2) at long_string.kt:15:9:15:26\n  ...while extracting a statement (longStringLiteral2) at long_string.kt:15:9:15:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting '//A04BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:24:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting '//A05"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""', ending '""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""CDEF'  ...while extracting a file (long_comments.kt) at long_comments.kt:1:1:24:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'A"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""', ending '""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""CDEF'  ...while extracting a expression (<no name>) at long_string.kt:18:31:18:2097181\n  ...while extracting a variable expr (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a variable (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a statement (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048578 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048578 | DATE TIME Truncated string of length 1048578\nTruncated string of length 1048578, starting 'ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF'  ...while extracting a expression (<no name>) at long_string.kt:17:31:17:1048608\n  ...while extracting a variable expr (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a variable (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a statement (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048579 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048579 | DATE TIME Truncated string of length 1048579\nTruncated string of length 1048579, starting '"ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDE"'  ...while extracting a expression (<no name>) at long_string.kt:16:31:16:1048607\n  ...while extracting a variable expr (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a variable (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a statement (longStringLiteral3) at long_string.kt:16:9:16:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 1048580 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 1048580 | DATE TIME Truncated string of length 1048580\nTruncated string of length 1048580, starting '"ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB', ending 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCDEF"'  ...while extracting a expression (<no name>) at long_string.kt:17:31:17:1048608\n  ...while extracting a variable expr (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a variable (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a statement (longStringLiteral4) at long_string.kt:17:9:17:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
+| file://:0:0:0:0 | Truncated string of length 2097153 | CodeQL Kotlin extractor | 2 |  | Truncated string of length 2097153 | DATE TIME Truncated string of length 2097153\nTruncated string of length 2097153, starting '"A\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"', ending '"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"\\"CDEF"'  ...while extracting a expression (<no name>) at long_string.kt:18:31:18:2097181\n  ...while extracting a variable expr (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a variable (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a statement (longStringLiteral5) at long_string.kt:18:9:18:26\n  ...while extracting a block body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a body (<no name>) at long_string.kt:13:22:19:1\n  ...while extracting a function (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a declaration (longLiteralFun) at long_string.kt:13:1:19:1\n  ...while extracting a file (long_string.kt) at long_string.kt:1:1:21:0\n |
diff --git a/java/ql/test/kotlin/library-tests/trap/literals.ql b/java/ql/test/kotlin/library-tests/trap/literals.ql
index 1490a21b458..b6dc1dcff6f 100644
--- a/java/ql/test/kotlin/library-tests/trap/literals.ql
+++ b/java/ql/test/kotlin/library-tests/trap/literals.ql
@@ -1,6 +1,6 @@
 import java
 
 from Literal l, int len
-where len = l.getValue().length()
+where len = l.getValue().length() and l.getFile().isSourceFile()
 select l.getLocation(), len, l.getValue().prefix(5) + "..." + l.getValue().suffix(len - 5),
   l.getPrimaryQlClasses()
diff --git a/java/ql/test/kotlin/library-tests/trap/long_comments.kt b/java/ql/test/kotlin/library-tests/trap/long_comments.kt
index 3c5cb1d3764..55db7520f21 100644
--- a/java/ql/test/kotlin/library-tests/trap/long_comments.kt
+++ b/java/ql/test/kotlin/library-tests/trap/long_comments.kt
@@ -18,4 +18,6 @@
 
 // Diagnostic Matches: %Truncated string of length 1048577%
 // Diagnostic Matches: %Truncated string of length 1048578%
-
+// Diagnostic Matches: %Truncated string of length 1048579%
+// Diagnostic Matches: %Truncated string of length 1048580%
+// Diagnostic Matches: %Truncated string of length 2097153%
diff --git a/java/ql/test/kotlin/library-tests/vararg/args.expected b/java/ql/test/kotlin/library-tests/vararg/args.expected
index 1e5a60a3545..6f5e0fbc035 100644
--- a/java/ql/test/kotlin/library-tests/vararg/args.expected
+++ b/java/ql/test/kotlin/library-tests/vararg/args.expected
@@ -53,33 +53,33 @@ implicitVarargsArguments
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 0 | test.kt:35:24:35:25 | 20 |
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 1 | test.kt:35:28:35:29 | 21 |
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 2 | test.kt:35:32:35:33 | 22 |
-| test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 0 | test.kt:36:28:36:30 | foo |
+| test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 0 | test.kt:36:28:36:30 | "foo" |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 1 | test.kt:36:34:36:37 | true |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 2 | test.kt:36:40:36:41 | 30 |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 3 | test.kt:36:44:36:45 | 31 |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 4 | test.kt:36:48:36:49 | 32 |
-| test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 0 | test.kt:37:27:37:29 | foo |
+| test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 0 | test.kt:37:27:37:29 | "foo" |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 1 | test.kt:37:33:37:34 | 41 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 2 | test.kt:37:37:37:38 | 42 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 3 | test.kt:37:41:37:42 | 43 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 4 | test.kt:37:49:37:52 | true |
 | test.kt:38:5:38:30 | funWithOnlyVarArgs(...) | 0 | test.kt:38:25:38:29 | array |
-| test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 0 | test.kt:39:28:39:30 | foo |
+| test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 0 | test.kt:39:28:39:30 | "foo" |
 | test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 1 | test.kt:39:34:39:37 | true |
 | test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 2 | test.kt:39:41:39:45 | array |
-| test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 0 | test.kt:40:27:40:29 | foo |
+| test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 0 | test.kt:40:27:40:29 | "foo" |
 | test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 1 | test.kt:40:34:40:38 | array |
 | test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 2 | test.kt:40:45:40:48 | true |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 0 | test.kt:41:26:41:27 | 51 |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 1 | test.kt:41:30:41:31 | 52 |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 2 | test.kt:41:34:41:35 | 53 |
-| test.kt:42:5:42:43 | new HasVarargConstructor(...) | 0 | test.kt:42:27:42:29 | foo |
+| test.kt:42:5:42:43 | new HasVarargConstructor(...) | 0 | test.kt:42:27:42:29 | "foo" |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 1 | test.kt:42:33:42:34 | 61 |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 2 | test.kt:42:37:42:38 | 62 |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 3 | test.kt:42:41:42:42 | 63 |
 | test.kt:43:5:43:38 | new SuperclassHasVarargConstructor(...) | 0 | test.kt:43:36:43:37 | 91 |
 | test.kt:44:5:44:32 | new HasVarargConstructor(...) | 0 | test.kt:44:27:44:31 | array |
-| test.kt:45:5:45:39 | new HasVarargConstructor(...) | 0 | test.kt:45:27:45:29 | foo |
+| test.kt:45:5:45:39 | new HasVarargConstructor(...) | 0 | test.kt:45:27:45:29 | "foo" |
 | test.kt:45:5:45:39 | new HasVarargConstructor(...) | 1 | test.kt:45:34:45:38 | array |
 | test.kt:55:13:55:43 | new X(...) | 0 | test.kt:55:42:55:42 | 1 |
 | test.kt:55:13:55:43 | new X(...) | 1 | test.kt:55:15:55:35 | tmp0_s |
diff --git a/java/ql/test/kotlin/library-tests/variables/variableAccesses.ql b/java/ql/test/kotlin/library-tests/variables/variableAccesses.ql
index 0fa6d19d142..2d6622d032c 100644
--- a/java/ql/test/kotlin/library-tests/variables/variableAccesses.ql
+++ b/java/ql/test/kotlin/library-tests/variables/variableAccesses.ql
@@ -1,6 +1,6 @@
 import java
 
-query predicate varAcc(VarAccess va) { any() }
+query predicate varAcc(VarAccess va) { va.getFile().isSourceFile() }
 
 query predicate extensionReceiverAcc(ExtensionReceiverAccess va) { any() }
 
diff --git a/java/ql/test/kotlin/library-tests/variables/variables.expected b/java/ql/test/kotlin/library-tests/variables/variables.expected
index c4aaa4a1620..9b7abda1536 100644
--- a/java/ql/test/kotlin/library-tests/variables/variables.expected
+++ b/java/ql/test/kotlin/library-tests/variables/variables.expected
@@ -1,7 +1,7 @@
 isFinal
-| variables.kt:6:9:6:26 | int local1 | final |
-| variables.kt:8:9:8:26 | int local2 | non-final |
-| variables.kt:10:9:10:26 | int local3 | final |
+| variables.kt:6:13:6:18 | int local1 | final |
+| variables.kt:8:13:8:18 | int local2 | non-final |
+| variables.kt:10:13:10:18 | int local3 | final |
 compileTimeConstant
 | variables.kt:3:5:3:21 | prop |
 | variables.kt:3:5:3:21 | this.prop |
@@ -11,9 +11,9 @@ compileTimeConstant
 #select
 | variables.kt:3:5:3:21 | prop | int | variables.kt:3:21:3:21 | 1 |
 | variables.kt:5:20:5:29 | param | int | file://:0:0:0:0 | <none> |
-| variables.kt:6:9:6:26 | int local1 | int | variables.kt:6:22:6:26 | ... + ... |
-| variables.kt:8:9:8:26 | int local2 | int | variables.kt:8:22:8:26 | ... + ... |
-| variables.kt:10:9:10:26 | int local3 | int | variables.kt:10:22:10:26 | param |
+| variables.kt:6:13:6:18 | int local1 | int | variables.kt:6:22:6:26 | ... + ... |
+| variables.kt:8:13:8:18 | int local2 | int | variables.kt:8:22:8:26 | ... + ... |
+| variables.kt:10:13:10:18 | int local3 | int | variables.kt:10:22:10:26 | param |
 | variables.kt:15:1:15:21 | topLevel | int | variables.kt:15:21:15:21 | 1 |
 | variables.kt:21:11:21:18 | o | C1 | file://:0:0:0:0 | <none> |
 | variables.kt:21:11:21:18 | o | C1 | variables.kt:21:11:21:18 | o |
diff --git a/java/ql/test/library-tests/dataflow/external-models/negativesummaries.expected b/java/ql/test/kotlin/query-tests/AutoBoxing/AutoBoxing.expected
similarity index 100%
rename from java/ql/test/library-tests/dataflow/external-models/negativesummaries.expected
rename to java/ql/test/kotlin/query-tests/AutoBoxing/AutoBoxing.expected
diff --git a/java/ql/test/kotlin/query-tests/AutoBoxing/AutoBoxing.qlref b/java/ql/test/kotlin/query-tests/AutoBoxing/AutoBoxing.qlref
new file mode 100644
index 00000000000..f116f3bd8b4
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/AutoBoxing/AutoBoxing.qlref
@@ -0,0 +1 @@
+Violations of Best Practice/legacy/AutoBoxing.ql
diff --git a/java/ql/test/kotlin/query-tests/AutoBoxing/Test.kt b/java/ql/test/kotlin/query-tests/AutoBoxing/Test.kt
new file mode 100644
index 00000000000..ca3aa52b2c9
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/AutoBoxing/Test.kt
@@ -0,0 +1,5 @@
+fun foo(x: Int?) {
+    if (x != null) {
+        println(x)
+    }
+}
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getIndex.expected b/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.expected
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getIndex.expected
rename to java/ql/test/kotlin/query-tests/CloseReader/CloseReader.expected
diff --git a/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.kt b/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.kt
new file mode 100644
index 00000000000..27358a35587
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.kt
@@ -0,0 +1,7 @@
+import java.io.*
+
+fun test0() {
+    BufferedReader(FileReader("C:\\test.txt")).use { bw ->
+        bw.readLine()
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.qlref b/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.qlref
new file mode 100644
index 00000000000..1c808bb9f46
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/CloseReader/CloseReader.qlref
@@ -0,0 +1 @@
+Likely Bugs/Resource Leaks/CloseReader.ql
diff --git a/swift/ql/test/extractor-tests/generated/expr/BridgeToObjCExpr/bridge_to_objc.swift b/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.expected
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/expr/BridgeToObjCExpr/bridge_to_objc.swift
rename to java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.expected
diff --git a/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.kt b/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.kt
new file mode 100644
index 00000000000..820e40f5666
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.kt
@@ -0,0 +1,45 @@
+import java.io.*
+
+fun test0() {
+    val bw = BufferedWriter(FileWriter("C:\\test.txt"))
+    bw.write("test")
+}
+
+fun test1() {
+    BufferedWriter(FileWriter("C:\\test.txt")).use { bw ->
+        bw.write("test")
+    }
+}
+
+fun test2() {
+    val bw = FileOutputStream(File.createTempFile("","")).bufferedWriter()
+    bw.write("test")
+}
+
+fun test3() {
+    FileOutputStream(File.createTempFile("","")).bufferedWriter().use { bw ->
+        bw.write("test")
+    }
+}
+
+fun test4() {
+    val bw = OutputStreamWriter(FileOutputStream(File.createTempFile("",""))).buffered()
+    bw.write("test")
+}
+
+fun test5() {
+    OutputStreamWriter(FileOutputStream(File.createTempFile("",""))).buffered().use { bw ->
+        bw.write("test")
+    }
+}
+
+fun test6() {
+    val bw = OutputStreamWriter(FileOutputStream(File.createTempFile("","")))
+    bw.write("test")
+}
+
+fun test7() {
+    OutputStreamWriter(FileOutputStream(File.createTempFile("",""))).use { bw ->
+        bw.write("test")
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.qlref b/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.qlref
new file mode 100644
index 00000000000..88008367363
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/CloseWriter/CloseWriter.qlref
@@ -0,0 +1 @@
+Likely Bugs/Resource Leaks/CloseWriter.ql
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getType.expected b/java/ql/test/kotlin/query-tests/ConfusingOverloading/ConfusingOverloading.expected
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getType.expected
rename to java/ql/test/kotlin/query-tests/ConfusingOverloading/ConfusingOverloading.expected
diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref b/java/ql/test/kotlin/query-tests/ConfusingOverloading/ConfusingOverloading.qlref
similarity index 100%
rename from java/ql/test/kotlin/query-tests/ConfusingMethodSignature/ConfusingMethodSignature.qlref
rename to java/ql/test/kotlin/query-tests/ConfusingOverloading/ConfusingOverloading.qlref
diff --git a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt b/java/ql/test/kotlin/query-tests/ConfusingOverloading/Test.kt
similarity index 78%
rename from java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt
rename to java/ql/test/kotlin/query-tests/ConfusingOverloading/Test.kt
index b802d9f76a0..37dbe32f378 100644
--- a/java/ql/test/kotlin/query-tests/ConfusingMethodSignature/Test.kt
+++ b/java/ql/test/kotlin/query-tests/ConfusingOverloading/Test.kt
@@ -12,3 +12,9 @@ class A {
     fun <T : Any> fn(value: T, i: Int = 1) {}
     fun fn(value: String, i: Int = 1) {}
 }
+
+class Foo {
+    val str by lazy {
+        "someString"
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/DeadCode/DeadClass.expected b/java/ql/test/kotlin/query-tests/DeadCode/DeadClass.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/DeadCode/DeadClass.qlref b/java/ql/test/kotlin/query-tests/DeadCode/DeadClass.qlref
new file mode 100644
index 00000000000..d726e7e0849
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/DeadCode/DeadClass.qlref
@@ -0,0 +1 @@
+DeadCode/DeadClass.ql
diff --git a/java/ql/test/kotlin/query-tests/DeadCode/DeadMethod.expected b/java/ql/test/kotlin/query-tests/DeadCode/DeadMethod.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/DeadCode/DeadMethod.qlref b/java/ql/test/kotlin/query-tests/DeadCode/DeadMethod.qlref
new file mode 100644
index 00000000000..76204a1df5a
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/DeadCode/DeadMethod.qlref
@@ -0,0 +1 @@
+DeadCode/DeadMethod.ql
diff --git a/java/ql/test/kotlin/query-tests/DeadCode/Test.kt b/java/ql/test/kotlin/query-tests/DeadCode/Test.kt
new file mode 100644
index 00000000000..67c4a2ae4a7
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/DeadCode/Test.kt
@@ -0,0 +1,31 @@
+sealed interface DbAddexpr
+
+class Label<T> {
+}
+
+fun <T> getFreshIdLabel(): Label<T> {
+    return Label()
+}
+
+fun foo(): Label<DbAddexpr> {
+    val x = getFreshIdLabel<DbAddexpr>()
+    return x
+}
+
+fun main1() {
+    print(foo())
+}
+
+class Foo {
+    data class DC(val x: Int, val y: Int)
+
+    fun foo() {
+        val dc = DC(3, 4)
+        print(dc.x)
+        print(dc.y)
+    }
+}
+
+fun main2() {
+    Foo().foo()
+}
diff --git a/java/ql/test/kotlin/query-tests/EmptyBlock/EmptyBlock.expected b/java/ql/test/kotlin/query-tests/EmptyBlock/EmptyBlock.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/EmptyBlock/EmptyBlock.qlref b/java/ql/test/kotlin/query-tests/EmptyBlock/EmptyBlock.qlref
new file mode 100644
index 00000000000..b0a56e88aa4
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/EmptyBlock/EmptyBlock.qlref
@@ -0,0 +1 @@
+Likely Bugs/Statements/EmptyBlock.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/EmptyBlock/Test.kt b/java/ql/test/kotlin/query-tests/EmptyBlock/Test.kt
new file mode 100644
index 00000000000..12624a92b38
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/EmptyBlock/Test.kt
@@ -0,0 +1,13 @@
+class Foo {
+    abstract inner class Bar {
+        abstract fun myFun(): Int
+    }
+
+    inner class Baz {
+        constructor() {
+        }
+
+        fun fn() {
+        }
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt b/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt
index 6eef90c517c..d5d230bffef 100644
--- a/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt
+++ b/java/ql/test/kotlin/query-tests/MissingInstanceofInEquals/Test.kt
@@ -17,3 +17,9 @@ data class G(val x: Int) {
         return other != null && other.javaClass == this.javaClass
     }
 }
+
+data class H(val x: Int) {
+    override fun equals(other: Any?): Boolean {
+        return other != null
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/MutualDependency/MutualDependency.expected b/java/ql/test/kotlin/query-tests/MutualDependency/MutualDependency.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/MutualDependency/MutualDependency.qlref b/java/ql/test/kotlin/query-tests/MutualDependency/MutualDependency.qlref
new file mode 100644
index 00000000000..ab1dbe353ef
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/MutualDependency/MutualDependency.qlref
@@ -0,0 +1 @@
+Architecture/Dependencies/MutualDependency.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/MutualDependency/Test.kt b/java/ql/test/kotlin/query-tests/MutualDependency/Test.kt
new file mode 100644
index 00000000000..b0a9a45603f
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/MutualDependency/Test.kt
@@ -0,0 +1,8 @@
+package foo.bar
+
+class Foo {
+    private fun someFun() {
+        fun say(s: String) { println(s) }
+        say("Str")
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.expected b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.expected
new file mode 100644
index 00000000000..ffcd13ccc56
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.expected
@@ -0,0 +1 @@
+| Test.kt:12:1:12:13 | aaaa | Class and interface names should start in uppercase. |
diff --git a/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.qlref b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.qlref
new file mode 100644
index 00000000000..6f76aed32cb
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/NamingConventionsRefTypes.qlref
@@ -0,0 +1 @@
+Advisory/Naming/NamingConventionsRefTypes.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/Test.kt b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/Test.kt
new file mode 100644
index 00000000000..f62497d59c6
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NamingConventionsRefTypes/Test.kt
@@ -0,0 +1,12 @@
+class Foo {
+    fun myFun() {
+        val nestedStr by lazy {
+            "another string"
+        }
+
+        fun nestedFun() {
+        }
+    }
+}
+
+class aaaa {}
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableField.expected b/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableField.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableField.qlref b/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableField.qlref
new file mode 100644
index 00000000000..401d63757af
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableField.qlref
@@ -0,0 +1 @@
+Likely Bugs/Serialization/NonSerializableField.ql
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableFieldTest.kt b/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableFieldTest.kt
new file mode 100644
index 00000000000..bf790ea7c1e
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NonSerializableField/NonSerializableFieldTest.kt
@@ -0,0 +1,4 @@
+class Foo {
+    fun f(i: Int) {}
+    fun g(i: Int) { (this::f)(i) }
+}
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.expected b/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref b/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref
new file mode 100644
index 00000000000..4cbb0995764
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref
@@ -0,0 +1 @@
+Likely Bugs/Serialization/NonSerializableInnerClass.ql
diff --git a/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.kt b/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.kt
new file mode 100644
index 00000000000..3c3d72d0291
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.kt
@@ -0,0 +1,11 @@
+import java.io.Serializable
+
+class A {
+  class X : Serializable {
+  }
+}
+
+class B {
+  inner class X : Serializable {
+  }
+}
diff --git a/java/ql/test/kotlin/query-tests/OneStatementPerLine/OneStatementPerLine.expected b/java/ql/test/kotlin/query-tests/OneStatementPerLine/OneStatementPerLine.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/OneStatementPerLine/OneStatementPerLine.qlref b/java/ql/test/kotlin/query-tests/OneStatementPerLine/OneStatementPerLine.qlref
new file mode 100644
index 00000000000..99f3f3f3293
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/OneStatementPerLine/OneStatementPerLine.qlref
@@ -0,0 +1 @@
+Advisory/Statements/OneStatementPerLine.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/OneStatementPerLine/Test.kt b/java/ql/test/kotlin/query-tests/OneStatementPerLine/Test.kt
new file mode 100644
index 00000000000..0936ef67775
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/OneStatementPerLine/Test.kt
@@ -0,0 +1,7 @@
+class Foo {
+    fun foo(): Foo { return this }
+
+    fun bar(x: Foo?): Foo? {
+        return x?.foo()
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/ReturnValueIgnored/ReturnValueIgnored.expected b/java/ql/test/kotlin/query-tests/ReturnValueIgnored/ReturnValueIgnored.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref b/java/ql/test/kotlin/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref
new file mode 100644
index 00000000000..ef1dc964d95
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref
@@ -0,0 +1 @@
+Likely Bugs/Statements/ReturnValueIgnored.ql
\ No newline at end of file
diff --git a/java/ql/test/kotlin/query-tests/ReturnValueIgnored/Test.kt b/java/ql/test/kotlin/query-tests/ReturnValueIgnored/Test.kt
new file mode 100644
index 00000000000..8520b3cedfc
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/ReturnValueIgnored/Test.kt
@@ -0,0 +1,16 @@
+class Foo {
+    fun foo(): Int { return 5 }
+    fun bar() {
+        val x0 = foo()
+        val x1 = foo()
+        val x2 = foo()
+        val x3 = foo()
+        val x4 = foo()
+        val x5 = foo()
+        val x6 = foo()
+        val x7 = foo()
+        val x8 = foo()
+        val x9 = foo()
+        val x = if (true) { foo() } else 6
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.expected b/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.kt b/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.kt
new file mode 100644
index 00000000000..9facfd01785
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.kt
@@ -0,0 +1,13 @@
+fun main() {
+    f(null)
+    f(true)
+    f(false)
+}
+
+fun f(x: Boolean?) {
+    if(x == true) {
+        println("Yes")
+    } else {
+        println("No")
+    }
+}
diff --git a/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref b/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref
new file mode 100644
index 00000000000..d071e989ebb
--- /dev/null
+++ b/java/ql/test/kotlin/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref
@@ -0,0 +1 @@
+Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql
diff --git a/java/ql/test/kotlin/query-tests/UnderscoreIdentifier/test.expected b/java/ql/test/kotlin/query-tests/UnderscoreIdentifier/test.expected
index dc118062b3d..48fa4a1e4ab 100644
--- a/java/ql/test/kotlin/query-tests/UnderscoreIdentifier/test.expected
+++ b/java/ql/test/kotlin/query-tests/UnderscoreIdentifier/test.expected
@@ -1,7 +1,7 @@
-| Test.kt:3:9:3:31 | List<Integer> l |
+| Test.kt:3:13:3:13 | List<Integer> l |
 | Test.kt:4:28:4:32 | index |
 | Test.kt:4:35:4:35 | p1 |
-| Test.kt:6:9:6:26 | Pair<Integer,Integer> p |
+| Test.kt:6:13:6:13 | Pair<Integer,Integer> p |
 | Test.kt:7:14:7:18 | int first |
 | Test.kt:7:26:7:26 | Pair<Integer,Integer> tmp0_container |
 | Test.kt:8:14:8:25 | Exception _ |
diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt
index 4e41e048aa4..d5e6c5ef7b7 100644
--- a/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt
+++ b/java/ql/test/kotlin/query-tests/UselessParameter/Test.kt
@@ -19,3 +19,6 @@ object O {}
 fun C.fn() {}
 fun C.Companion.fn() {}
 fun O.fn() {}
+
+@Suppress("UNUSED_PARAMETER")
+fun fn2(a: Int) {}
diff --git a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected
index 72b3348a019..e69de29bb2d 100644
--- a/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected
+++ b/java/ql/test/kotlin/query-tests/UselessParameter/UselessParameter.expected
@@ -1,2 +0,0 @@
-| Test.kt:11:8:11:18 | a | The parameter 'a' is never used. |
-| Test.kt:19:5:19:5 | <this> | The parameter '<this>' is never used. |
diff --git a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml
new file mode 100644
index 00000000000..5f35c923ad0
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["my.callback.qltest", "A", False, "applyConsumer1", "(Object,Consumer1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConsumer1Field1Field2", "(A,A,Consumer1)", "", "Argument[0].Field[my.callback.qltest.A.field1]", "Argument[2].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConsumer1Field1Field2", "(A,A,Consumer1)", "", "Argument[1].Field[my.callback.qltest.A.field2]", "Argument[2].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConsumer2", "(Object,Consumer2)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConsumer3", "(Object,Consumer3)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConsumer3_ret_postup", "(Consumer3)", "", "Argument[0].Parameter[0]", "ReturnValue", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "forEach", "(Object[],Consumer3)", "", "Argument[0].ArrayElement", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyProducer1", "(Producer1)", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "produceConsume", "(Producer1,Consumer3)", "", "Argument[0].ReturnValue", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "produceConsume", "(Producer1,Consumer3)", "", "Argument[1].Parameter[0]", "ReturnValue", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
+
diff --git a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql
index 4771031581f..cadd07c6f41 100644
--- a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql
+++ b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql
@@ -1,28 +1,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.ExternalFlow
 import TestUtilities.InlineExpectationsTest
 
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "my.callback.qltest;A;false;applyConsumer1;(Object,Consumer1);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConsumer1Field1Field2;(A,A,Consumer1);;Argument[0].Field[my.callback.qltest.A.field1];Argument[2].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConsumer1Field1Field2;(A,A,Consumer1);;Argument[1].Field[my.callback.qltest.A.field2];Argument[2].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConsumer2;(Object,Consumer2);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConsumer3;(Object,Consumer3);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConsumer3_ret_postup;(Consumer3);;Argument[0].Parameter[0];ReturnValue;value;manual",
-        "my.callback.qltest;A;false;forEach;(Object[],Consumer3);;Argument[0].ArrayElement;Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyProducer1;(Producer1);;Argument[0].ReturnValue;ReturnValue;value;manual",
-        "my.callback.qltest;A;false;produceConsume;(Producer1,Consumer3);;Argument[0].ReturnValue;Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;produceConsume;(Producer1,Consumer3);;Argument[1].Parameter[0];ReturnValue;value;manual",
-        "my.callback.qltest;A;false;applyConverter1;(Object,Converter1);;Argument[0];Argument[1].Parameter[0];value;manual",
-        "my.callback.qltest;A;false;applyConverter1;(Object,Converter1);;Argument[1].ReturnValue;ReturnValue;value;manual"
-      ]
-  }
-}
-
 class Conf extends DataFlow::Configuration {
   Conf() { this = "qltest:callback-dispatch" }
 
diff --git a/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml b/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml
new file mode 100644
index 00000000000..ebe7e3b6ea5
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["", "B", False, "readElement", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
+      - ["", "B", False, "readElement", "(Stream)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/dataflow/collections/containerflow.ql b/java/ql/test/library-tests/dataflow/collections/containerflow.ql
index 12f7a3ffd22..df1f397f059 100644
--- a/java/ql/test/library-tests/dataflow/collections/containerflow.ql
+++ b/java/ql/test/library-tests/dataflow/collections/containerflow.ql
@@ -1,19 +1,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.ExternalFlow
 import TestUtilities.InlineFlowTest
 
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        ";B;false;readElement;(Spliterator);;Argument[0].Element;ReturnValue;value;manual",
-        ";B;false;readElement;(Stream);;Argument[0].Element;ReturnValue;value;manual"
-      ]
-  }
-}
-
 class HasFlowTest extends InlineFlowTest {
   override DataFlow::Configuration getTaintFlowConfig() { none() }
 }
diff --git a/java/ql/test/library-tests/dataflow/external-models/negativesummaries.ql b/java/ql/test/library-tests/dataflow/external-models/negativesummaries.ql
deleted file mode 100644
index 8425cf880b0..00000000000
--- a/java/ql/test/library-tests/dataflow/external-models/negativesummaries.ql
+++ /dev/null
@@ -1,8 +0,0 @@
-/**
- * CSV Validation of negative summaries.
- */
-
-import java
-import semmle.code.java.dataflow.ExternalFlow
-import CsvValidation
-import semmle.code.java.dataflow.internal.NegativeSummary
diff --git a/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
new file mode 100644
index 00000000000..55a76b79b21
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: sinkModel
+    data:
+      - ["my.qltest", "B", False, "sink1", "(Object)", "", "Argument[0]", "qltest", "manual"]
+      - ["my.qltest", "B", False, "sinkMethod", "()", "", "ReturnValue", "qltest", "manual"]
+      - ["my.qltest", "B$Tag", False, "", "", "Annotated", "ReturnValue", "qltest-retval", "manual"]
+      - ["my.qltest", "B$Tag", False, "", "", "Annotated", "Argument", "qltest-arg", "manual"]
+      - ["my.qltest", "B$Tag", False, "", "", "Annotated", "", "qltest-nospec", "manual"]
diff --git a/java/ql/test/library-tests/dataflow/external-models/sinks.ql b/java/ql/test/library-tests/dataflow/external-models/sinks.ql
index b44a9eefd88..5da8f29ff4c 100644
--- a/java/ql/test/library-tests/dataflow/external-models/sinks.ql
+++ b/java/ql/test/library-tests/dataflow/external-models/sinks.ql
@@ -1,21 +1,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.ExternalFlow
-import CsvValidation
-
-class SinkModelTest extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; kind`
-        "my.qltest;B;false;sink1;(Object);;Argument[0];qltest;manual",
-        "my.qltest;B;false;sinkMethod;();;ReturnValue;qltest;manual",
-        "my.qltest;B$Tag;false;;;Annotated;ReturnValue;qltest-retval;manual",
-        "my.qltest;B$Tag;false;;;Annotated;Argument;qltest-arg;manual",
-        "my.qltest;B$Tag;false;;;Annotated;;qltest-nospec;manual"
-      ]
-  }
-}
+import ModelValidation
 
 from DataFlow::Node node, string kind
 where sinkNode(node, kind)
diff --git a/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml b/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
new file mode 100644
index 00000000000..7730d41e549
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
@@ -0,0 +1,21 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: sourceModel
+    data:
+      - ["my.qltest", "A", False, "src1", "()", "", "ReturnValue", "qltest", "manual"]
+      - ["my.qltest", "A", False, "src1", "(String)", "", "ReturnValue", "qltest", "manual"]
+      - ["my.qltest", "A", False, "src1", "(java.lang.String)", "", "ReturnValue", "qltest-alt", "manual"]
+      - ["my.qltest", "A", False, "src1", "", "", "ReturnValue", "qltest-all-overloads", "manual"]
+      - ["my.qltest", "A", False, "src2", "()", "", "ReturnValue", "qltest", "manual"]
+      - ["my.qltest", "A", False, "src3", "()", "", "ReturnValue", "qltest", "manual"]
+      - ["my.qltest", "A", True, "src2", "()", "", "ReturnValue", "qltest-w-subtypes", "manual"]
+      - ["my.qltest", "A", True, "src3", "()", "", "ReturnValue", "qltest-w-subtypes", "manual"]
+      - ["my.qltest", "A", False, "srcArg", "(Object)", "", "Argument[0]", "qltest-argnum", "manual"]
+      - ["my.qltest", "A", False, "srcArg", "(Object)", "", "Argument", "qltest-argany", "manual"]
+      - ["my.qltest", "A$Handler", True, "handle", "(Object)", "", "Parameter[0]", "qltest-param-override", "manual"]
+      - ["my.qltest", "A$Tag", False, "", "", "Annotated", "ReturnValue", "qltest-retval", "manual"]
+      - ["my.qltest", "A$Tag", False, "", "", "Annotated", "Parameter", "qltest-param", "manual"]
+      - ["my.qltest", "A$Tag", False, "", "", "Annotated", "", "qltest-nospec", "manual"]
+      - ["my.qltest", "A", False, "srcTwoArg", "(String,String)", "", "ReturnValue", "qltest-shortsig", "manual"]
+      - ["my.qltest", "A", False, "srcTwoArg", "(java.lang.String,java.lang.String)", "", "ReturnValue", "qltest-longsig", "manual"]
diff --git a/java/ql/test/library-tests/dataflow/external-models/srcs.ql b/java/ql/test/library-tests/dataflow/external-models/srcs.ql
index 5e428c412ea..655fee35611 100644
--- a/java/ql/test/library-tests/dataflow/external-models/srcs.ql
+++ b/java/ql/test/library-tests/dataflow/external-models/srcs.ql
@@ -1,32 +1,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.ExternalFlow
-import CsvValidation
-
-class SourceModelTest extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; output; kind`
-        "my.qltest;A;false;src1;();;ReturnValue;qltest;manual",
-        "my.qltest;A;false;src1;(String);;ReturnValue;qltest;manual",
-        "my.qltest;A;false;src1;(java.lang.String);;ReturnValue;qltest-alt;manual",
-        "my.qltest;A;false;src1;;;ReturnValue;qltest-all-overloads;manual",
-        "my.qltest;A;false;src2;();;ReturnValue;qltest;manual",
-        "my.qltest;A;false;src3;();;ReturnValue;qltest;manual",
-        "my.qltest;A;true;src2;();;ReturnValue;qltest-w-subtypes;manual",
-        "my.qltest;A;true;src3;();;ReturnValue;qltest-w-subtypes;manual",
-        "my.qltest;A;false;srcArg;(Object);;Argument[0];qltest-argnum;manual",
-        "my.qltest;A;false;srcArg;(Object);;Argument;qltest-argany;manual",
-        "my.qltest;A$Handler;true;handle;(Object);;Parameter[0];qltest-param-override;manual",
-        "my.qltest;A$Tag;false;;;Annotated;ReturnValue;qltest-retval;manual",
-        "my.qltest;A$Tag;false;;;Annotated;Parameter;qltest-param;manual",
-        "my.qltest;A$Tag;false;;;Annotated;;qltest-nospec;manual",
-        "my.qltest;A;false;srcTwoArg;(String,String);;ReturnValue;qltest-shortsig;manual",
-        "my.qltest;A;false;srcTwoArg;(java.lang.String,java.lang.String);;ReturnValue;qltest-longsig;manual"
-      ]
-  }
-}
+import ModelValidation
 
 from DataFlow::Node node, string kind
 where sourceNode(node, kind)
diff --git a/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml b/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml
new file mode 100644
index 00000000000..d68e50ce558
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["my.qltest", "C", False, "stepArgRes", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["my.qltest", "C", False, "stepArgArg", "(Object,Object)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["my.qltest", "C", False, "stepArgQual", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["my.qltest", "C", False, "stepQualRes", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["my.qltest", "C", False, "stepQualArg", "(Object)", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
+      - ["my.qltest", "C", False, "stepArgResGenerated", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["my.qltest", "C", False, "stepArgResGeneratedIgnored", "(Object,Object)", "", "Argument[0]", "ReturnValue", "taint", "generated"]
+      - ["my.qltest", "C", False, "stepArgResGeneratedIgnored", "(Object,Object)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/test/library-tests/dataflow/external-models/steps.ql b/java/ql/test/library-tests/dataflow/external-models/steps.ql
index eec52c383cd..e57c4d54b17 100644
--- a/java/ql/test/library-tests/dataflow/external-models/steps.ql
+++ b/java/ql/test/library-tests/dataflow/external-models/steps.ql
@@ -1,26 +1,9 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.ExternalFlow
-import CsvValidation
+import ModelValidation
 import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;taint;manual",
-        "my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];taint;manual",
-        "my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];taint;manual",
-        "my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;taint;manual",
-        "my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];taint;manual",
-        "my.qltest;C;false;stepArgResGenerated;(Object);;Argument[0];ReturnValue;taint;generated",
-        "my.qltest;C;false;stepArgResGeneratedIgnored;(Object,Object);;Argument[0];ReturnValue;taint;generated",
-        "my.qltest;C;false;stepArgResGeneratedIgnored;(Object,Object);;Argument[1];ReturnValue;taint;manual",
-      ]
-  }
-}
-
 from DataFlow::Node node1, DataFlow::Node node2
 where FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, _)
 select node1, node2
diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml b/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml
new file mode 100644
index 00000000000..3d3bbe9fd47
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["my.qltest.synth", "A", False, "storeInArray", "(String)", "", "Argument[0]", "SyntheticGlobal[db1].ArrayElement", "value", "manual"]
+      - ["my.qltest.synth", "A", False, "storeTaintInArray", "(String)", "", "Argument[0]", "SyntheticGlobal[db1].ArrayElement", "taint", "manual"]
+      - ["my.qltest.synth", "A", False, "storeValue", "(String)", "", "Argument[0]", "SyntheticGlobal[db1]", "value", "manual"]
+      - ["my.qltest.synth", "A", False, "readValue", "()", "", "SyntheticGlobal[db1]", "ReturnValue", "value", "manual"]
+      - ["my.qltest.synth", "A", False, "readArray", "()", "", "SyntheticGlobal[db1].ArrayElement", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.ql b/java/ql/test/library-tests/dataflow/synth-global/test.ql
index 47a1573865c..0d9f2265afc 100644
--- a/java/ql/test/library-tests/dataflow/synth-global/test.ql
+++ b/java/ql/test/library-tests/dataflow/synth-global/test.ql
@@ -1,16 +1,3 @@
 import java
 import TestUtilities.InlineFlowTest
-import CsvValidation
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "my.qltest.synth;A;false;storeInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;value;manual",
-        "my.qltest.synth;A;false;storeTaintInArray;(String);;Argument[0];SyntheticGlobal[db1].ArrayElement;taint;manual",
-        "my.qltest.synth;A;false;storeValue;(String);;Argument[0];SyntheticGlobal[db1];value;manual",
-        "my.qltest.synth;A;false;readValue;();;SyntheticGlobal[db1];ReturnValue;value;manual",
-        "my.qltest.synth;A;false;readArray;();;SyntheticGlobal[db1].ArrayElement;ReturnValue;value;manual",
-      ]
-  }
-}
+import ModelValidation
diff --git a/java/ql/test/library-tests/dataflow/taintsources/local.ql b/java/ql/test/library-tests/dataflow/taintsources/local.ql
index 61faff7a992..62ad797be67 100644
--- a/java/ql/test/library-tests/dataflow/taintsources/local.ql
+++ b/java/ql/test/library-tests/dataflow/taintsources/local.ql
@@ -2,11 +2,8 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineExpectationsTest
 
-class LocalSource extends DataFlow::Node {
-  LocalSource() {
-    this instanceof UserInput and
-    not this instanceof RemoteFlowSource
-  }
+class LocalSource extends DataFlow::Node instanceof UserInput {
+  LocalSource() { not this instanceof RemoteFlowSource }
 }
 
 predicate isTestSink(DataFlow::Node n) {
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/AndroidManifest.xml b/java/ql/test/library-tests/frameworks/android/activity-alias/AndroidManifest.xml
new file mode 100644
index 00000000000..586545a3b6c
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/AndroidManifest.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+
+      <activity
+            android:name=".MainActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:theme="@style/Theme.MyApplication.NoActionBar">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+        <activity
+            android:name=".AnotherActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:theme="@style/Theme.MyApplication.NoActionBar">
+        </activity>
+
+
+        <activity-alias
+            android:name=".MainAlias"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:targetActivity=".MainActivity"></activity-alias>
+
+        <activity-alias
+            android:name=".SecondAlias"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:targetActivity=".MainActivity"></activity-alias>
+
+        <activity-alias
+            android:name=".AnotherAlias"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:targetActivity="com.example.myapplication.AnotherActivity"></activity-alias>
+        <activity
+            android:name=".ExampleActivity"
+            android:exported="false"
+            android:label="@string/app_name"
+            ></activity>
+
+        <activity-alias
+            android:name=".ExampleAlias"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:targetActivity=".ExampleActivity">
+        </activity-alias>
+
+        <activity
+            android:name=".Example2Activity"
+            android:exported="false"
+            android:label="@string/app_name">
+        </activity>
+
+        <activity-alias
+            android:name=".Example2Alias"
+            android:label="@string/app_name"
+            android:targetActivity=".Example2Activity">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN"></action>
+                <action android:name="android.intent.category.LAUNCHER"></action>
+            </intent-filter>
+        </activity-alias>
+    </application>
+
+</manifest>
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/Example2Activity.java b/java/ql/test/library-tests/frameworks/android/activity-alias/Example2Activity.java
new file mode 100644
index 00000000000..551ed57918f
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/Example2Activity.java
@@ -0,0 +1,7 @@
+package com.example.myapplication;
+
+import android.app.Activity;
+
+public class Example2Activity extends Activity {
+
+}
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/ExampleActivity.java b/java/ql/test/library-tests/frameworks/android/activity-alias/ExampleActivity.java
new file mode 100644
index 00000000000..7f0469ff1d1
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/ExampleActivity.java
@@ -0,0 +1,7 @@
+package com.example.myapplication;
+
+import android.app.Activity;
+
+public class ExampleActivity extends Activity {
+
+}
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.expected b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.expected
new file mode 100644
index 00000000000..7d350358305
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.expected
@@ -0,0 +1,5 @@
+| .AnotherAlias | .AnotherActivity |
+| .Example2Alias | .Example2Activity |
+| .ExampleAlias | .ExampleActivity |
+| .MainAlias | .MainActivity |
+| .SecondAlias | .MainActivity |
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.ql b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.ql
new file mode 100644
index 00000000000..b7322a55027
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAlias.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.xml.AndroidManifest
+
+from AndroidActivityAliasXmlElement alias
+select alias.getComponentName(), alias.getTarget().getComponentName()
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.expected b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.expected
new file mode 100644
index 00000000000..c5993ebf6e4
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.expected
@@ -0,0 +1,4 @@
+| Example2Activity.java:5:14:5:29 | Example2Activity | AndroidManifest.xml:68:9:72:20 | activity |
+| Example2Activity.java:5:14:5:29 | Example2Activity | AndroidManifest.xml:74:9:82:26 | activity-alias |
+| ExampleActivity.java:5:14:5:28 | ExampleActivity | AndroidManifest.xml:55:9:59:25 | activity |
+| ExampleActivity.java:5:14:5:28 | ExampleActivity | AndroidManifest.xml:61:9:66:26 | activity-alias |
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.ql b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.ql
new file mode 100644
index 00000000000..beac467fc0a
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/TestActivityAliasExports.ql
@@ -0,0 +1,6 @@
+import java
+import semmle.code.java.frameworks.android.Android
+
+from ExportableAndroidComponent component
+where component.isExported()
+select component, component.getAndroidComponentXmlElement()
diff --git a/java/ql/test/library-tests/frameworks/android/activity-alias/options b/java/ql/test/library-tests/frameworks/android/activity-alias/options
new file mode 100644
index 00000000000..5aa323ada52
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/activity-alias/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0/
diff --git a/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml
new file mode 100644
index 00000000000..cf5c80bc456
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "newWithMapKeyDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["generatedtest", "Test", False, "getMapValueDefault", "(Object)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "getMapKeyDefault", "(Object)", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ql b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ql
index 2fa9dc00fd8..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ql
@@ -1,15 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "generatedtest;Test;false;newWithMapValueDefault;(Object);;Argument[0];ReturnValue.MapValue;value;manual",
-        "generatedtest;Test;false;newWithMapKeyDefault;(Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "generatedtest;Test;false;getMapValueDefault;(Object);;Argument[0].MapValue;ReturnValue;value;manual",
-        "generatedtest;Test;false;getMapKeyDefault;(Object);;Argument[0].MapKey;ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml b/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml
new file mode 100644
index 00000000000..31321102a46
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "newBundleWithMapValue", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "newPersistableBundleWithMapValue", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "getMapValue", "(BaseBundle)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "newWithIntent_extras", "(Bundle)", "", "Argument[0]", "ReturnValue.SyntheticField[android.content.Intent.extras]", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/android/intent/test.ql b/java/ql/test/library-tests/frameworks/android/intent/test.ql
index a11619fb013..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/frameworks/android/intent/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/intent/test.ql
@@ -1,15 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "generatedtest;Test;false;newBundleWithMapValue;(Object);;Argument[0];ReturnValue.MapValue;value;manual",
-        "generatedtest;Test;false;newPersistableBundleWithMapValue;(Object);;Argument[0];ReturnValue.MapValue;value;manual",
-        "generatedtest;Test;false;getMapValue;(BaseBundle);;Argument[0].MapValue;ReturnValue;value;manual",
-        "generatedtest;Test;false;newWithIntent_extras;(Bundle);;Argument[0];ReturnValue.SyntheticField[android.content.Intent.extras];value;manual"
-      ]
-  }
-}
diff --git a/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml b/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml
new file mode 100644
index 00000000000..bd5c804fddc
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "getMapKeyDefault", "(Bundle)", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/android/notification/test.ql b/java/ql/test/library-tests/frameworks/android/notification/test.ql
index d0dffb02d6b..f0a60550d4d 100644
--- a/java/ql/test/library-tests/frameworks/android/notification/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/notification/test.ql
@@ -1,13 +1,3 @@
 import java
 import semmle.code.java.frameworks.android.Intent
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "generatedtest;Test;false;getMapKeyDefault;(Bundle);;Argument[0].MapKey;ReturnValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml b/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml
new file mode 100644
index 00000000000..a5d1cc8e1ab
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "newRBWithMapValue", "", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]
+      - ["generatedtest", "Test", False, "newRBWithMapKey", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/apache-collections/test.ql b/java/ql/test/library-tests/frameworks/apache-collections/test.ql
index fae8e0bdd77..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/frameworks/apache-collections/test.ql
+++ b/java/ql/test/library-tests/frameworks/apache-collections/test.ql
@@ -1,13 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "generatedtest;Test;false;newRBWithMapValue;;;Argument[0];ReturnValue.MapValue;value;manual",
-        "generatedtest;Test;false;newRBWithMapKey;;;Argument[0];ReturnValue.MapKey;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml
new file mode 100644
index 00000000000..153b649a3e6
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "newWithElementDefault", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
+      - ["generatedtest", "Test", False, "newWithMapKeyDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
+      - ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ql b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ql
index dfafbea561f..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ql
+++ b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ql
@@ -1,14 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "generatedtest;Test;false;newWithElementDefault;(Object);;Argument[0];ReturnValue.Element;value;manual",
-        "generatedtest;Test;false;newWithMapKeyDefault;(Object);;Argument[0];ReturnValue.MapKey;value;manual",
-        "generatedtest;Test;false;newWithMapValueDefault;(Object);;Argument[0];ReturnValue.MapValue;value;manual"
-      ]
-  }
-}
diff --git a/java/ql/test/library-tests/frameworks/stream/test.ext.yml b/java/ql/test/library-tests/frameworks/stream/test.ext.yml
new file mode 100644
index 00000000000..4f1cc3e38ac
--- /dev/null
+++ b/java/ql/test/library-tests/frameworks/stream/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "getElementSpliterator", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/stream/test.ql b/java/ql/test/library-tests/frameworks/stream/test.ql
index adfc47bd521..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/frameworks/stream/test.ql
+++ b/java/ql/test/library-tests/frameworks/stream/test.ql
@@ -1,9 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      "generatedtest;Test;false;getElementSpliterator;(Spliterator);;Argument[0].Element;ReturnValue;value;manual"
-  }
-}
diff --git a/java/ql/test/library-tests/optional/test.ext.yml b/java/ql/test/library-tests/optional/test.ext.yml
new file mode 100644
index 00000000000..2aebf3bdb97
--- /dev/null
+++ b/java/ql/test/library-tests/optional/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "getStreamElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/optional/test.ql b/java/ql/test/library-tests/optional/test.ql
index b0d5ab16112..5d91e4e8e26 100644
--- a/java/ql/test/library-tests/optional/test.ql
+++ b/java/ql/test/library-tests/optional/test.ql
@@ -1,8 +1,2 @@
 import java
 import TestUtilities.InlineFlowTest
-
-class SummaryModelTest extends SummaryModelCsv {
-  override predicate row(string row) {
-    row = "generatedtest;Test;false;getStreamElement;;;Argument[0].Element;ReturnValue;value;manual"
-  }
-}
diff --git a/java/ql/test/library-tests/paths/Test.java b/java/ql/test/library-tests/paths/Test.java
index 3ba4d97ca78..b00a667d823 100644
--- a/java/ql/test/library-tests/paths/Test.java
+++ b/java/ql/test/library-tests/paths/Test.java
@@ -2,6 +2,7 @@ package generatedtest;
 
 import java.io.File;
 import java.net.URI;
+import java.nio.file.FileSystem;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 
@@ -13,6 +14,119 @@ public class Test {
 
 	public void test() throws Exception {
 
+		{
+			// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
+			File out = null;
+			File in = (File)source();
+			out = new File(in, (String)null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
+			File out = null;
+			String in = (String)source();
+			out = new File(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
+			File out = null;
+			String in = (String)source();
+			out = new File(in, (String)null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
+			File out = null;
+			URI in = (URI)source();
+			out = new File(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual"
+			File out = null;
+			String in = (String)source();
+			out = new File((File)null, in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual"
+			File out = null;
+			String in = (String)source();
+			out = new File((String)null, in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual"
+			File out = null;
+			File in = (File)source();
+			out = in.getAbsoluteFile();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			File in = (File)source();
+			out = in.getAbsolutePath();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual"
+			File out = null;
+			File in = (File)source();
+			out = in.getCanonicalFile();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			File in = (File)source();
+			out = in.getCanonicalPath();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual"
+			Path out = null;
+			File in = (File)source();
+			out = in.toPath();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			File in = (File)source();
+			out = in.toString();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual"
+			URI out = null;
+			File in = (File)source();
+			out = in.toURI();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;FileSystem;true;getPath;;;Argument[0];ReturnValue;taint;manual"
+			Path out = null;
+			String in = (String)source();
+			FileSystem instance = null;
+			out = instance.getPath(in, (String[])null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual"
+			File out = null;
+			Path in = (Path)source();
+			out = in.toFile();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;getParent;;;Argument[-1];ReturnValue;taint;manual"
+			Path out = null;
+			Path in = (Path)source();
+			out = in.getParent();
+			sink(out); // $ hasTaintFlow
+		}
 		{
 			// "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual"
 			Path out = null;
@@ -51,10 +165,10 @@ public class Test {
 			sink(out); // $ hasTaintFlow
 		}
 		{
-			// "java.nio.file;Path;true;toFile;;;Argument[-1];ReturnValue;taint;manual"
-			File out = null;
+			// "java.nio.file;Path;true;toAbsolutePath;;;Argument[-1];ReturnValue;taint;manual"
+			Path out = null;
 			Path in = (Path)source();
-			out = in.toFile();
+			out = in.toAbsolutePath();
 			sink(out); // $ hasTaintFlow
 		}
 		{
@@ -72,26 +186,26 @@ public class Test {
 			sink(out); // $ hasTaintFlow
 		}
 		{
-			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
+			// "java.nio.file;Paths;true;get;;;Argument[0];ReturnValue;taint;manual"
 			Path out = null;
 			String in = (String)source();
 			out = Paths.get(in, (String[])null);
 			sink(out); // $ hasTaintFlow
 		}
 		{
-			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
-			Path out = null;
-			String[] in = (String[])source();
-			out = Paths.get((String)null, in);
-			sink(out); // $ hasTaintFlow
-		}
-		{
-			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
+			// "java.nio.file;Paths;true;get;;;Argument[0];ReturnValue;taint;manual"
 			Path out = null;
 			URI in = (URI)source();
 			out = Paths.get(in);
 			sink(out); // $ hasTaintFlow
 		}
+		{
+			// "java.nio.file;Paths;true;get;;;Argument[1].ArrayElement;ReturnValue;taint;manual"
+			Path out = null;
+			String[] in = (String[])new String[]{(String)source()};
+			out = Paths.get((String)null, in);
+			sink(out); // $ hasTaintFlow
+		}
 
 	}
 
diff --git a/java/ql/test/library-tests/pathsanitizer/Test.java b/java/ql/test/library-tests/pathsanitizer/Test.java
index 27a15d867ce..61e0f498bd8 100644
--- a/java/ql/test/library-tests/pathsanitizer/Test.java
+++ b/java/ql/test/library-tests/pathsanitizer/Test.java
@@ -279,7 +279,7 @@ public class Test {
     }
 
     private void blockListGuardValidation(String path) throws Exception {
-        if (path.contains("..") || !path.startsWith("/data"))
+        if (path.contains("..") || path.startsWith("/data"))
             throw new Exception();
     }
 
diff --git a/java/ql/test/library-tests/pathsanitizer/TestKt.kt b/java/ql/test/library-tests/pathsanitizer/TestKt.kt
new file mode 100644
index 00000000000..d0a11dac0ee
--- /dev/null
+++ b/java/ql/test/library-tests/pathsanitizer/TestKt.kt
@@ -0,0 +1,499 @@
+import java.io.File
+import java.net.URI
+import java.nio.file.Path
+import java.nio.file.Paths
+import android.net.Uri
+
+class TestKt {
+    fun source(): Any? {
+        return null
+    }
+
+    fun sink(o: Any?) {}
+
+    @Throws(Exception::class)
+    private fun exactPathMatchGuardValidation(path: String?) {
+        if (!path.equals("/safe/path")) throw Exception()
+    }
+
+    @Throws(Exception::class)
+    fun exactPathMatchGuard() {
+        run {
+            val source = source() as String?
+            if (source!!.equals("/safe/path"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as URI?
+            if (source!!.equals(URI("http://safe/uri")))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as File?
+            if (source!!.equals(File("/safe/file")))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as Uri?
+            if (source!!.equals(Uri.parse("http://safe/uri")))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            exactPathMatchGuardValidation(source)
+            sink(source) // Safe
+        }
+    }
+
+    @Throws(Exception::class)
+    private fun allowListGuardValidation(path: String?) {
+        if (path!!.contains("..") || !path.startsWith("/safe")) throw Exception()
+    }
+
+    @Throws(Exception::class)
+    fun allowListGuard() {
+        // Prefix check by itself is not enough
+        run {
+            val source = source() as String?
+            if (source!!.startsWith("/safe")) {
+                sink(source) // $ hasTaintFlow
+            } else
+                sink(source) // $ hasTaintFlow
+        }
+        // PathTraversalGuard + allowListGuard
+        run {
+            val source = source() as String?
+            if (!source!!.contains("..") && source.startsWith("/safe"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.indexOf("..") == -1 && source.startsWith("/safe"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.lastIndexOf("..") == -1 && source.startsWith("/safe"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        // PathTraversalSanitizer + allowListGuard
+        run {
+            val source: File? = source() as File?
+            val normalized: String = source!!.canonicalPath
+            if (normalized.startsWith("/safe")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source: File? = source() as File?
+            val normalized: File = source!!.canonicalFile
+            if (normalized.startsWith("/safe")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source: File? = source() as File?
+            val normalized: String = source!!.canonicalFile.toString()
+            if (normalized.startsWith("/safe")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            val normalized: Path = Paths.get(source).normalize()
+            if (normalized.startsWith("/safe")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.startsWith("/safe")) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.regionMatches(0, "/safe", 0, 5)) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.matches("/safe/.*".toRegex())) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        // validation method
+        run {
+            val source = source() as String?
+            allowListGuardValidation(source)
+            sink(source) // Safe
+        }
+        // PathInjectionSanitizer + partial string match is considered unsafe
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.contains("/safe")) {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.regionMatches(1, "/safe", 0, 5)) {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (normalized.matches(".*/safe/.*".toRegex())) {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+    }
+
+    @Throws(Exception::class)
+    private fun dotDotCheckGuardValidation(path: String?) {
+        if (!path!!.startsWith("/safe") || path.contains("..")) throw Exception()
+    }
+
+    @Throws(Exception::class)
+    fun dotDotCheckGuard() {
+        // dot dot check by itself is not enough
+        run {
+            val source = source() as String?
+            if (!source!!.contains("..")) {
+                sink(source) // $ hasTaintFlow
+            } else
+                sink(source) // $ hasTaintFlow
+        }
+        // allowListGuard + dotDotCheckGuard
+        run {
+            val source = source() as String?
+            if (source!!.startsWith("/safe") && !source.contains(".."))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.startsWith("/safe") && source.indexOf("..") == -1)
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (!source!!.startsWith("/safe") || source.indexOf("..") != -1)
+                sink(source) // $ hasTaintFlow
+            else
+                sink(source) // Safe
+        }
+        run {
+            val source = source() as String?
+            if (source!!.startsWith("/safe") && source.lastIndexOf("..") == -1)
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        // blockListGuard + dotDotCheckGuard
+        run {
+            val source = source() as String?
+            if (!source!!.startsWith("/data") && !source.contains(".."))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (!source!!.startsWith("/data") && source.indexOf("..") == -1)
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.startsWith("/data") || source.indexOf("..") != -1)
+                sink(source) // $ hasTaintFlow
+            else
+                sink(source) // Safe
+        }
+        run {
+            val source = source() as String?
+            if (!source!!.startsWith("/data") && source.lastIndexOf("..") == -1)
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        // validation method
+        run {
+            val source = source() as String?
+            dotDotCheckGuardValidation(source)
+            sink(source) // Safe
+        }
+    }
+
+    @Throws(Exception::class)
+    private fun blockListGuardValidation(path: String?) {
+        if (path!!.contains("..") || path.startsWith("/data")) throw Exception()
+    }
+
+    @Throws(Exception::class)
+    fun blockListGuard() {
+        // Prefix check by itself is not enough
+        run {
+            val source = source() as String?
+            if (!source!!.startsWith("/data")) {
+                sink(source) // $ hasTaintFlow
+            } else
+                sink(source) // $ hasTaintFlow
+        }
+        // PathTraversalGuard + blockListGuard
+        run {
+            val source = source() as String?
+            if (!source!!.contains("..") && !source.startsWith("/data"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.indexOf("..") == -1 && !source.startsWith("/data"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        run {
+            val source = source() as String?
+            if (source!!.lastIndexOf("..") == -1 && !source.startsWith("/data"))
+                sink(source) // Safe
+            else
+                sink(source) // $ hasTaintFlow
+        }
+        // PathTraversalSanitizer + blockListGuard
+        run {
+            val source: File? = source() as File?
+            val normalized: String = source!!.canonicalPath
+            if (!normalized.startsWith("/data")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source: File? = source() as File?
+            val normalized: File = source!!.canonicalFile
+            if (!normalized.startsWith("/data")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source: File? = source() as File?
+            val normalized: String = source!!.canonicalFile.toString()
+            if (!normalized.startsWith("/data")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            val normalized: Path = Paths.get(source).normalize()
+            if (!normalized.startsWith("/data")) {
+                sink(source) // Safe
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.startsWith("/data")) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+           // normalize().toString() gets extracted as Object.toString, stopping taint here
+             val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.regionMatches(0, "/data", 0, 5)) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.matches("/data/.*".toRegex())) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        // validation method
+        run {
+            val source = source() as String?
+            blockListGuardValidation(source)
+            sink(source) // Safe
+        }
+        // PathInjectionSanitizer + partial string match with disallowed words
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.contains("/")) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.regionMatches(1, "/", 0, 5)) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.matches("/".toRegex())) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        // PathInjectionSanitizer + partial string match with disallowed prefixes
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.contains("/data")) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.regionMatches(1, "/data", 0, 5)) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+        run {
+            val source = source() as String?
+            // normalize().toString() gets extracted as Object.toString, stopping taint here
+            val normalized: String = Paths.get(source).normalize().toString()
+            if (!normalized.matches(".*/data/.*".toRegex())) {
+                sink(source) // $ SPURIOUS: hasTaintFlow
+                sink(normalized) // Safe
+            } else {
+                sink(source) // $ hasTaintFlow
+                sink(normalized) // $ MISSING: hasTaintFlow
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/library-tests/pathsanitizer/options b/java/ql/test/library-tests/pathsanitizer/options
index 1e6e9ea2bf1..02ea18b0cac 100644
--- a/java/ql/test/library-tests/pathsanitizer/options
+++ b/java/ql/test/library-tests/pathsanitizer/options
@@ -1 +1,2 @@
 //semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/google-android-9.0.0
+//codeql-extractor-kotlin-options: ${testdir}/../../stubs/google-android-9.0.0
diff --git a/java/ql/test/library-tests/regex/parser/RegexParseTests.ql b/java/ql/test/library-tests/regex/parser/RegexParseTests.ql
index 345031a3b2d..4c8d7519f14 100644
--- a/java/ql/test/library-tests/regex/parser/RegexParseTests.ql
+++ b/java/ql/test/library-tests/regex/parser/RegexParseTests.ql
@@ -1,10 +1,12 @@
 import java
-import semmle.code.java.regex.RegexTreeView
-import semmle.code.java.regex.regex
+import semmle.code.java.regex.RegexTreeView as RegexTreeView
+import semmle.code.java.regex.regex as Regex
 
-string getQLClases(RegExpTerm t) { result = "[" + strictconcat(t.getPrimaryQLClass(), ",") + "]" }
+string getQLClases(RegexTreeView::RegExpTerm t) {
+  result = "[" + strictconcat(t.getPrimaryQLClass(), ",") + "]"
+}
 
-query predicate parseFailures(Regex r, int i) { r.failedToParse(i) }
+query predicate parseFailures(Regex::Regex r, int i) { r.failedToParse(i) }
 
-from RegExpTerm t
+from RegexTreeView::RegExpTerm t
 select t, getQLClases(t)
diff --git a/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.expected b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.expected
new file mode 100644
index 00000000000..2ce20c00cb4
--- /dev/null
+++ b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.expected
@@ -0,0 +1 @@
+| org.apache.commons.io | 14 | 1 | 1 | 2 | 18 | 0.8888888888888888 | 0.8333333333333334 | 0.1111111111111111 | 0.5 | 0.06666666666666667 | 0.16666666666666666 |
diff --git a/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.qlref b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.qlref
new file mode 100644
index 00000000000..18e1cb980d9
--- /dev/null
+++ b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/GeneratedVsManualCoverage.qlref
@@ -0,0 +1 @@
+Metrics/Summaries/GeneratedVsManualCoverage.ql
diff --git a/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/IOUtils.java b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/IOUtils.java
new file mode 100644
index 00000000000..0bd11f545ac
--- /dev/null
+++ b/java/ql/test/query-tests/Metrics/GeneratedVsManualCoverage/IOUtils.java
@@ -0,0 +1,34 @@
+package org.apache.commons.io;
+import java.io.*;
+import java.util.*;
+
+public class IOUtils {
+
+  // Generated-only summaries
+  public static BufferedInputStream buffer(InputStream inputStream) { return null; }
+  public static void copy(InputStream input, Writer output, String inputEncoding) throws IOException { }
+  public static long copyLarge(Reader input, Writer output) throws IOException { return 42; }
+  public static int read(InputStream input, byte[] buffer) throws IOException { return 42; }
+  public static void readFully(InputStream input, byte[] buffer) throws IOException { }
+  public static byte[] readFully(InputStream input, int length) throws IOException { return null; }
+  public static List<String> readLines(InputStream input, String encoding) throws IOException { return null; }
+  public static BufferedReader toBufferedReader(Reader reader) { return null; }
+  public static byte[] toByteArray(InputStream input, int size) throws IOException { return null; }
+  public static char[] toCharArray(InputStream is, String encoding) throws IOException { return null; }
+  public static InputStream toInputStream(String input, String encoding) throws IOException { return null; }
+  public static String toString(InputStream input, String encoding) throws IOException { return null; }
+  public static void write(char[] data, Writer output) throws IOException { }
+  public static void writeChunked(char[] data, Writer output) throws IOException { }
+
+  // Manual-only summary (generated neutral)
+  public static InputStream toBufferedInputStream(InputStream input) throws IOException { return null; }
+
+  // Both
+  public static void writeLines(Collection<?> lines, String lineEnding, Writer writer) throws IOException { }
+
+  // No model
+  public static void noSummary(String string) throws IOException { }
+
+  // Generated neutral
+  public static void copy(Reader input, OutputStream output) throws IOException { }
+}
diff --git a/java/ql/test/query-tests/Metrics/A.java b/java/ql/test/query-tests/Metrics/LinesOfCode/A.java
similarity index 100%
rename from java/ql/test/query-tests/Metrics/A.java
rename to java/ql/test/query-tests/Metrics/LinesOfCode/A.java
diff --git a/java/ql/test/query-tests/Metrics/LinesOfCode.expected b/java/ql/test/query-tests/Metrics/LinesOfCode/LinesOfCode.expected
similarity index 100%
rename from java/ql/test/query-tests/Metrics/LinesOfCode.expected
rename to java/ql/test/query-tests/Metrics/LinesOfCode/LinesOfCode.expected
diff --git a/java/ql/test/query-tests/Metrics/LinesOfCode.qlref b/java/ql/test/query-tests/Metrics/LinesOfCode/LinesOfCode.qlref
similarity index 100%
rename from java/ql/test/query-tests/Metrics/LinesOfCode.qlref
rename to java/ql/test/query-tests/Metrics/LinesOfCode/LinesOfCode.qlref
diff --git a/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected
new file mode 100644
index 00000000000..8a20a6c6c7b
--- /dev/null
+++ b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.expected
@@ -0,0 +1,10 @@
+| java.io.File#File(String) | 2 |
+| java.net.URL#URL(String) | 2 |
+| java.io.FileWriter#FileWriter(File) | 1 |
+| java.lang.StringBuilder#append(String) | 1 |
+| java.lang.StringBuilder#toString() | 1 |
+| java.net.URL#openConnection() | 1 |
+| java.net.URL#openStream() | 1 |
+| java.net.URLConnection#getInputStream() | 1 |
+| java.util.Map#put(Object,Object) | 1 |
+| org.apache.commons.io.FileUtils#deleteDirectory(File) | 1 |
diff --git a/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.java b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.java
new file mode 100644
index 00000000000..7dd289acbaa
--- /dev/null
+++ b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.java
@@ -0,0 +1,29 @@
+import java.time.Duration;
+import java.util.HashMap;
+import java.util.Map;
+import java.io.InputStream;
+import java.net.URL;
+import java.io.File;
+import java.io.FileWriter;
+import org.apache.commons.io.FileUtils;
+
+class SupportedExternalApis {
+	public static void main(String[] args) throws Exception {
+		StringBuilder builder = new StringBuilder(); // uninteresting (parameterless constructor)
+		builder.append("foo");  // supported summary
+		builder.toString();  // supported summary
+
+		Map<String, Object> map = new HashMap<>(); // uninteresting (parameterless constructor)
+		map.put("foo", new Object()); // supported summary
+
+		Duration d = java.time.Duration.ofMillis(1000); // not supported
+
+		URL github = new URL("https://www.github.com/"); // supported summary
+		InputStream stream = github.openConnection().getInputStream(); // supported source (getInputStream), supported sink (openConnection)
+
+		new FileWriter(new File("foo")); // supported sink (FileWriter), supported summary (File)
+		new URL("http://foo").openStream(); // supported sink (openStream), supported summary (URL)
+
+		FileUtils.deleteDirectory(new File("foo")); // supported negative summary (deleteDirectory), supported summary (File)
+	}
+}
diff --git a/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref
new file mode 100644
index 00000000000..2e12499cf62
--- /dev/null
+++ b/java/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref
@@ -0,0 +1 @@
+Telemetry/SupportedExternalApis.ql
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java
new file mode 100644
index 00000000000..d5593e38678
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java
@@ -0,0 +1,18 @@
+package com.example.test;
+
+import android.webkit.WebView;
+import android.webkit.WebSettings;
+
+public class SetJavascriptEnabled {
+    public static void configureWebViewUnsafe(WebView view) {
+        WebSettings settings = view.getSettings();
+        settings.setJavaScriptEnabled(true); // $javascriptEnabled
+    }
+
+    public static void configureWebViewSafe(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        // Safe: Javascript disabled
+        settings.setJavaScriptEnabled(false);
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.expected b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.expected
new file mode 100644
index 00000000000..22cb40574f4
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.expected
@@ -0,0 +1 @@
+| SetJavascriptEnabled.java:9:9:9:43 | setJavaScriptEnabled(...) | JavaScript execution enabled in WebView. |
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref
new file mode 100644
index 00000000000..e9e8006886d
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
index 22487fb2daf..62fc56e6792 100644
--- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.expected
new file mode 100644
index 00000000000..78cf64f9aa5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.expected
@@ -0,0 +1,3 @@
+| WebViewFileAccess.java:8:9:8:41 | setAllowFileAccess(...) | WebView setting setAllowFileAccess may allow for unauthorized access of sensitive information. |
+| WebViewFileAccess.java:10:9:10:53 | setAllowFileAccessFromFileURLs(...) | WebView setting setAllowFileAccessFromFileURLs may allow for unauthorized access of sensitive information. |
+| WebViewFileAccess.java:12:9:12:58 | setAllowUniversalAccessFromFileURLs(...) | WebView setting setAllowUniversalAccessFromFileURLs may allow for unauthorized access of sensitive information. |
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.java
new file mode 100644
index 00000000000..f42dbfaa84a
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.java
@@ -0,0 +1,24 @@
+import android.webkit.WebView;
+import android.webkit.WebSettings;
+
+class WebViewFileAccess {
+    void configure(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        settings.setAllowFileAccess(true);
+
+        settings.setAllowFileAccessFromFileURLs(true);
+
+        settings.setAllowUniversalAccessFromFileURLs(true);
+    }
+
+    void configureSafe(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        settings.setAllowFileAccess(false);
+
+        settings.setAllowFileAccessFromFileURLs(false);
+
+        settings.setAllowUniversalAccessFromFileURLs(false);
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.qlref
new file mode 100644
index 00000000000..6c3224a4a61
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewFileAccess.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/options b/java/ql/test/query-tests/security/CWE-200/semmle/tests/options
index 8b14bf08cd2..21cf6382c4e 100644
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/options
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/apache-commons-lang3-3.7/
\ No newline at end of file
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/apache-commons-lang3-3.7/:${testdir}/../../../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java
index 3274310a6b2..c198f522e30 100644
--- a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java
+++ b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java
@@ -84,5 +84,15 @@ class Test {
 			response.addCookie(cookie);
 		}
 
+		{
+			// GOOD: set secure flag in call to `createSecureCookie`
+			response.addCookie(createSecureCookie());
+		}
+	}
+	
+	private static Cookie createSecureCookie() {
+		Cookie cookie = new Cookie("secret", "fakesecret");
+		cookie.setSecure(constTrue);
+		return cookie;
 	}
 }
diff --git a/java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml
new file mode 100644
index 00000000000..54b933452c8
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.test">
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-524/R.java b/java/ql/test/query-tests/security/CWE-524/R.java
new file mode 100644
index 00000000000..46eb99e1b7b
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/R.java
@@ -0,0 +1,8 @@
+package com.example.test;
+
+public final class R {
+    public static final class id {
+        public static final int test7_password = 1;
+        public static final int test8_password = 2;
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected b/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql b/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql
new file mode 100644
index 00000000000..26ce8bc7fb7
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql
@@ -0,0 +1,19 @@
+import java
+import semmle.code.java.security.SensitiveKeyboardCacheQuery
+import TestUtilities.InlineExpectationsTest
+
+class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
+  SensitiveKeyboardCacheTest() { this = "SensitiveKeyboardCacheTest" }
+
+  override string getARelevantTag() { result = "hasResult" }
+
+  override predicate hasActualResult(Location loc, string element, string tag, string value) {
+    exists(AndroidEditableXmlElement el |
+      el = getASensitiveCachedInput() and
+      loc = el.getLocation() and
+      element = el.toString() and
+      tag = "hasResult" and
+      value = ""
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-524/Test.java b/java/ql/test/query-tests/security/CWE-524/Test.java
new file mode 100644
index 00000000000..0ceff44adde
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/Test.java
@@ -0,0 +1,16 @@
+package com.example.test;
+import android.app.Activity;
+import android.os.Bundle;
+import android.widget.EditText;
+import android.view.View;
+import android.text.InputType;
+
+class Test extends Activity {
+    public void onCreate(Bundle b) {
+        EditText test7pw = findViewById(R.id.test7_password);
+        test7pw.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS);
+
+        EditText test8pw = requireViewById(R.id.test8_password);
+        test8pw.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-524/options b/java/ql/test/query-tests/security/CWE-524/options
new file mode 100644
index 00000000000..126d514284a
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml b/java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml
new file mode 100644
index 00000000000..107c13dd306
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto">
+
+
+   <!-- $hasResult --> <EditText
+        android:id="@+id/test1_password"
+        android:inputType="text"/>  
+
+    <EditText
+        android:id="@+id/test2_safe"
+        android:inputType="text"/> 
+
+    <EditText
+        android:id="@+id/test3_password"
+        android:inputType="textNoSuggestions"/>  
+
+    <EditText
+        android:id="@+id/test4_password"
+        android:inputType="textPassword"/> 
+
+    <!-- $hasResult --> <EditText
+        android:id="@+id/test5_bank_account_name"
+        android:inputType="textMultiLine"/>  
+
+    <!-- $hasResult --> <EditText
+        android:id="@+id/test6_password"/>  
+
+    <EditText
+        android:id="@+id/test7_password"/>  
+
+    <EditText
+        android:id="@+id/test8_password"/>  
+</LinearLayout>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
index bd600a6d8af..c8c1566a7a4 100644
--- a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
+++ b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
@@ -1,4 +1,3 @@
-import java
 import TestUtilities.InlineExpectationsTest
 import semmle.code.java.security.regexp.PolynomialReDoSQuery
 
@@ -9,7 +8,10 @@ class HasPolyRedos extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasPolyRedos" and
-    exists(DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp |
+    exists(
+      DataFlow::PathNode source, DataFlow::PathNode sink,
+      SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
+    |
       hasPolynomialReDoSResult(source, sink, regexp) and
       location = sink.getNode().getLocation() and
       element = sink.getNode().toString() and
diff --git a/java/ql/test/query-tests/security/CWE-730/ReDoS.ql b/java/ql/test/query-tests/security/CWE-730/ReDoS.ql
index 288ca57f2e2..7226541bcb2 100644
--- a/java/ql/test/query-tests/security/CWE-730/ReDoS.ql
+++ b/java/ql/test/query-tests/security/CWE-730/ReDoS.ql
@@ -1,6 +1,7 @@
 import java
 import TestUtilities.InlineExpectationsTest
-import semmle.code.java.security.regexp.ExponentialBackTracking
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as ExponentialBackTracking
 import semmle.code.java.regex.regex
 
 class HasExpRedos extends InlineExpectationsTest {
@@ -10,8 +11,8 @@ class HasExpRedos extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasExpRedos" and
-    exists(RegExpTerm t, string pump, State s, string prefixMsg |
-      hasReDoSResult(t, pump, s, prefixMsg) and
+    exists(TreeView::RegExpTerm t, string pump, ExponentialBackTracking::State s, string prefixMsg |
+      ExponentialBackTracking::hasReDoSResult(t, pump, s, prefixMsg) and
       not t.getRegex().getAMode() = "VERBOSE" and
       value = "" and
       location = t.getLocation() and
diff --git a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.expected b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.java b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
similarity index 65%
rename from java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.java
rename to java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
index 2aace93aeb8..5c7a3ca0574 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-730/RegexInjection.java
+++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
@@ -7,128 +7,119 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.ServletException;
 
 import org.apache.commons.lang3.RegExUtils;
+import com.google.common.base.Splitter;
 
-public class RegexInjection extends HttpServlet {
+public class RegexInjectionTest extends HttpServlet {
   public boolean string1(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return input.matches("^" + pattern + "=.*$");  // BAD
+    return input.matches("^" + pattern + "=.*$");  // $ hasRegexInjection
   }
 
   public boolean string2(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return input.split(pattern).length > 0;  // BAD
+    return input.split(pattern).length > 0;  // $ hasRegexInjection
   }
 
   public boolean string3(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return input.replaceFirst(pattern, "").length() > 0;  // BAD
+    return input.split(pattern, 0).length > 0;  // $ hasRegexInjection
   }
 
   public boolean string4(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return input.replaceAll(pattern, "").length() > 0;  // BAD
+    return input.replaceFirst(pattern, "").length() > 0;  // $ hasRegexInjection
+  }
+
+  public boolean string5(javax.servlet.http.HttpServletRequest request) {
+    String pattern = request.getParameter("pattern");
+    String input = request.getParameter("input");
+
+    return input.replaceAll(pattern, "").length() > 0;  // $ hasRegexInjection
   }
 
   public boolean pattern1(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    Pattern pt = Pattern.compile(pattern);
+    Pattern pt = Pattern.compile(pattern); // $ hasRegexInjection
     Matcher matcher = pt.matcher(input);
 
-    return matcher.find();  // BAD
+    return matcher.find();
   }
 
   public boolean pattern2(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return Pattern.compile(pattern).matcher(input).matches();  // BAD
+    return Pattern.compile(pattern).matcher(input).matches();  // $ hasRegexInjection
   }
 
   public boolean pattern3(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return Pattern.matches(pattern, input);  // BAD
+    return Pattern.compile(pattern, 0).matcher(input).matches();  // $ hasRegexInjection
   }
 
   public boolean pattern4(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return input.matches("^" + foo(pattern) + "=.*$"); // BAD
-  }
-
-  String foo(String str) {
-    return str;
+    return Pattern.matches(pattern, input);  // $ hasRegexInjection
   }
 
   public boolean pattern5(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    // GOOD: User input is sanitized before constructing the regex
-    return input.matches("^" + escapeSpecialRegexChars(pattern) + "=.*$");
+    return input.matches("^" + foo(pattern) + "=.*$"); // $ hasRegexInjection
   }
 
-  public boolean pattern6(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    escapeSpecialRegexChars(pattern);
-
-    // BAD: the pattern is not really sanitized
-    return input.matches("^" + pattern + "=.*$");
-  }
-
-  Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\]><-=!.+*?^$\\\\|]");
-
-  String escapeSpecialRegexChars(String str) {
-    return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
+  String foo(String str) {
+    return str;
   }
 
   public boolean apache1(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.removeAll(input, pattern).length() > 0;  // BAD
+    return RegExUtils.removeAll(input, pattern).length() > 0;  // $ hasRegexInjection
   }
 
   public boolean apache2(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.removeFirst(input, pattern).length() > 0;  // BAD
+    return RegExUtils.removeFirst(input, pattern).length() > 0;  // $ hasRegexInjection
   }
 
   public boolean apache3(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.removePattern(input, pattern).length() > 0;  // BAD
+    return RegExUtils.removePattern(input, pattern).length() > 0;  // $ hasRegexInjection
   }
 
   public boolean apache4(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.replaceAll(input, pattern, "").length() > 0;  // BAD
+    return RegExUtils.replaceAll(input, pattern, "").length() > 0;  // $ hasRegexInjection
   }
 
   public boolean apache5(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.replaceFirst(input, pattern, "").length() > 0;  // BAD
+    return RegExUtils.replaceFirst(input, pattern, "").length() > 0;  // $ hasRegexInjection
   }
 
   public boolean apache6(javax.servlet.http.HttpServletRequest request) {
@@ -136,13 +127,40 @@ public class RegexInjection extends HttpServlet {
     String input = request.getParameter("input");
 
     Pattern pt = (Pattern)(Object) pattern;
-    return RegExUtils.replaceFirst(input, pt, "").length() > 0;  // GOOD, Pattern compile is the sink instead
+    return RegExUtils.replaceFirst(input, pt, "").length() > 0;  // Safe: Pattern compile is the sink instead
   }
 
   public boolean apache7(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
 
-    return RegExUtils.replacePattern(input, pattern, "").length() > 0;  // BAD
+    return RegExUtils.replacePattern(input, pattern, "").length() > 0;  // $ hasRegexInjection
+  }
+
+  // test `Pattern.quote` sanitizer
+  public boolean quoteTest(javax.servlet.http.HttpServletRequest request) {
+    String pattern = request.getParameter("pattern");
+    String input = request.getParameter("input");
+
+    return input.matches(Pattern.quote(pattern));  // Safe
+  }
+
+  // test `Pattern.LITERAL` sanitizer
+  public boolean literalTest(javax.servlet.http.HttpServletRequest request) {
+    String pattern = request.getParameter("pattern");
+    String input = request.getParameter("input");
+
+    return Pattern.compile(pattern, Pattern.LITERAL).matcher(input).matches();  // Safe
+  }
+
+  public Splitter guava1(javax.servlet.http.HttpServletRequest request) {
+    String pattern = request.getParameter("pattern");
+    return Splitter.onPattern(pattern);  // $ hasRegexInjection
+  }
+
+  public Splitter guava2(javax.servlet.http.HttpServletRequest request) {
+    String pattern = request.getParameter("pattern");
+    // sink is `Pattern.compile`
+    return  Splitter.on(Pattern.compile(pattern));  // $ hasRegexInjection
   }
 }
diff --git a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
new file mode 100644
index 00000000000..368b5170bfc
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
@@ -0,0 +1,20 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.regexp.RegexInjectionQuery
+
+class RegexInjectionTest extends InlineExpectationsTest {
+  RegexInjectionTest() { this = "RegexInjectionTest" }
+
+  override string getARelevantTag() { result = "hasRegexInjection" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasRegexInjection" and
+    exists(DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c |
+      c.hasFlowPath(source, sink)
+    |
+      location = sink.getNode().getLocation() and
+      element = sink.getNode().toString() and
+      value = ""
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-730/options b/java/ql/test/query-tests/security/CWE-730/options
index 2f7d22dc61c..884cb21114c 100644
--- a/java/ql/test/query-tests/security/CWE-730/options
+++ b/java/ql/test/query-tests/security/CWE-730/options
@@ -1 +1 @@
-// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/guava-30.0
\ No newline at end of file
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/guava-30.0:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/apache-commons-lang3-3.7
diff --git a/java/ql/test/query-tests/security/CWE-829/semmle/tests/secure-pom.xml b/java/ql/test/query-tests/security/CWE-829/semmle/tests/secure-pom.xml
index 2f96052d584..2dc5709b320 100644
--- a/java/ql/test/query-tests/security/CWE-829/semmle/tests/secure-pom.xml
+++ b/java/ql/test/query-tests/security/CWE-829/semmle/tests/secure-pom.xml
@@ -61,5 +61,17 @@
             <!-- GOOD! Use HTTPS -->
             <url>https://insecure-repository.example</url>
         </pluginRepository>
+        <pluginRepository>
+            <id>disabled-repo</id>
+            <name>Disabled Repository</name>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+            <!-- GOOD! Disabled repo -->
+            <url>http://insecure-repository.example</url>
+        </pluginRepository>
     </pluginRepositories>
 </project>
diff --git a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
index 9c8f098d467..746c9ca83dc 100644
--- a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
+++ b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
@@ -156,7 +156,7 @@ public class ImplicitPendingIntentsTest {
             PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, flag); // Sanitizer
             Intent fwdIntent = new Intent();
             fwdIntent.putExtra("fwdIntent", pi);
-            ctx.startActivity(fwdIntent); // $ SPURIOUS: $ hasImplicitPendingIntent
+            ctx.startActivity(fwdIntent); // Safe
         }
     }
 
diff --git a/java/ql/test/stubs/google-android-9.0.0/android/app/Activity.java b/java/ql/test/stubs/google-android-9.0.0/android/app/Activity.java
index cad1d58cad5..f292c6b1168 100644
--- a/java/ql/test/stubs/google-android-9.0.0/android/app/Activity.java
+++ b/java/ql/test/stubs/google-android-9.0.0/android/app/Activity.java
@@ -488,4 +488,8 @@ public class Activity extends ContextWrapper {
     public <T extends View> T findViewById(int id) {
         return null;
     }
+
+    public <T extends View> T requireViewById(int id) {
+        return null;
+    }
 }
diff --git a/java/ql/test/utils/flowtestcasegenerator/options b/java/ql/test/utils/flowtestcasegenerator/options
new file mode 100644
index 00000000000..5ae5aad3008
--- /dev/null
+++ b/java/ql/test/utils/flowtestcasegenerator/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/apache-commons-collections4-4.4:${testdir}/../../stubs/apache-log4j-2.14.1:${testdir}/../../stubs/slf4j-2.0.0
\ No newline at end of file
diff --git a/java/ql/test/utils/flowtestcasegenerator/pom.xml b/java/ql/test/utils/flowtestcasegenerator/pom.xml
new file mode 100644
index 00000000000..b4fe0c30974
--- /dev/null
+++ b/java/ql/test/utils/flowtestcasegenerator/pom.xml
@@ -0,0 +1,133 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                      http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.semmle</groupId>
+  <artifactId>parent</artifactId>
+  <version>1.0</version>
+  <repositories>
+    <repository>
+      <id>google</id>
+      <name>Google Maven</name>
+      <url>https://maven.google.com/</url>
+    </repository>
+  </repositories>
+  <properties>
+    <android.platform>31</android.platform>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-api</artifactId>
+      <version>2.14.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-core</artifactId>
+      <version>2.14.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+      <version>2.0.0-alpha5</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jboss.logging</groupId>
+      <artifactId>jboss-logging</artifactId>
+      <version>3.4.2.Final</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.ldap</groupId>
+      <artifactId>spring-ldap</artifactId>
+      <version>1.3.1.RELEASE</version>
+      <type>pom</type>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.ldap</groupId>
+      <artifactId>spring-ldap-core</artifactId>
+      <version>2.3.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+      <version>5.3.18</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context</artifactId>
+      <version>5.3.18</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-webmvc</artifactId>
+      <version>5.3.18</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.data</groupId>
+      <artifactId>spring-data-commons</artifactId>
+      <version>2.6.3</version>
+    </dependency>    
+    <dependency>
+      <groupId>org.apache.shiro</groupId>
+      <artifactId>shiro-core</artifactId>
+      <version>1.8.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.directory.api</groupId>
+      <artifactId>api-ldap-client-all</artifactId>
+      <version>2.1.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.owasp.esapi</groupId>
+      <artifactId>esapi</artifactId>
+      <version>2.2.3.1</version>
+    </dependency>
+    <dependency>
+      <groupId>com.unboundid</groupId>
+      <artifactId>unboundid-ldapsdk</artifactId>
+      <version>6.0.3</version>
+    </dependency>
+    <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>javax.servlet-api</artifactId>
+      <version>4.0.1</version>
+    </dependency>
+    <dependency>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>retrofit</artifactId>
+      <version>2.9.0</version>
+    </dependency>
+    <dependency>
+      <groupId>com.squareup.okhttp3</groupId>
+      <artifactId>okhttp</artifactId>
+      <version>4.9.3</version>
+    </dependency>
+    <dependency>
+        <groupId>org.freemarker</groupId>
+        <artifactId>freemarker</artifactId>
+        <version>2.3.31</version>
+    </dependency>
+    <dependency>
+        <groupId>org.thymeleaf</groupId>
+        <artifactId>thymeleaf</artifactId>
+        <version>3.0.15.RELEASE</version>
+    </dependency>
+    <dependency>
+        <groupId>com.hubspot.jinjava</groupId>
+        <artifactId>jinjava</artifactId>
+        <version>2.6.0</version>
+    </dependency>
+    <dependency>
+        <groupId>io.pebbletemplates</groupId>
+        <artifactId>pebble</artifactId>
+        <version>3.1.5</version>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.velocity</groupId>
+        <artifactId>velocity-engine-core</artifactId>
+        <version>2.3</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/java/ql/test/utils/flowtestcasegenerator/specs.csv b/java/ql/test/utils/flowtestcasegenerator/specs.csv
new file mode 100644
index 00000000000..93f59d05916
--- /dev/null
+++ b/java/ql/test/utils/flowtestcasegenerator/specs.csv
@@ -0,0 +1,11 @@
+org.apache.logging.log4j;Logger;true;traceEntry;(Message);;Argument[0];ReturnValue;taint;manual
+org.apache.logging.log4j;Logger;true;traceEntry;(String,Object[]);;Argument[0..1];ReturnValue;taint;manual
+org.apache.logging.log4j;Logger;true;traceEntry;(String,Supplier[]);;Argument[0..1];ReturnValue;taint;manual
+org.apache.logging.log4j;Logger;true;traceEntry;(Supplier[]);;Argument[0];ReturnValue;taint;manual
+org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage,Object);;Argument[1];ReturnValue;value;manual
+org.apache.logging.log4j;Logger;true;traceExit;(Message,Object);;Argument[1];ReturnValue;value;manual
+org.apache.logging.log4j;Logger;true;traceExit;(Object);;Argument[0];ReturnValue;value;manual
+org.apache.logging.log4j;Logger;true;traceExit;(String,Object);;Argument[1];ReturnValue;value;manual
+org.apache.commons.collections4;MapUtils;true;predicatedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual
+org.apache.commons.collections4;MapUtils;true;toMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual
+org.apache.commons.collections4;MapUtils;true;toMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual
\ No newline at end of file
diff --git a/java/ql/test/utils/flowtestcasegenerator/test.py b/java/ql/test/utils/flowtestcasegenerator/test.py
new file mode 100644
index 00000000000..47b7c3a61f2
--- /dev/null
+++ b/java/ql/test/utils/flowtestcasegenerator/test.py
@@ -0,0 +1,17 @@
+# This script is for debugging purposes for the flow test case generator.
+# Some dummy tests are created and executed.
+# It requites that `--search-path /path/to/semmle-code/ql` is added to `~/.config/codeql/config`
+
+# Usage: python3 test.py
+
+import subprocess
+
+# Generate test cases
+print('Generating test cases...')
+if subprocess.check_call(["../../../src/utils/flowtestcasegenerator/GenerateFlowTestCase.py", "specs.csv", "pom.xml", "--force", "."]):
+    print("Failed to generate test cases.")
+    exit(1)
+
+# Run test cases.
+print('Running test cases...')
+subprocess.call(["codeql", "test", "run", "test.ql"])
\ No newline at end of file
diff --git a/java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref b/java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref
deleted file mode 100644
index c24d124c0b2..00000000000
--- a/java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.qlref
+++ /dev/null
@@ -1 +0,0 @@
-utils/model-generator/CaptureNegativeSummaryModels.ql
\ No newline at end of file
diff --git a/java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.expected b/java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.expected
similarity index 61%
rename from java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.expected
rename to java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.expected
index 36ac5cfe569..0c452b8c49d 100644
--- a/java/ql/test/utils/model-generator/dataflow/CaptureNegativeSummaryModels.expected
+++ b/java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.expected
@@ -1,25 +1,11 @@
-| p;AbstractImplOfExternalSPI;AbstractImplOfExternalSPI;();generated |
 | p;Factory;getIntValue;();generated |
-| p;FinalClass;FinalClass;();generated |
 | p;FinalClass;returnsConstant;();generated |
-| p;FluentAPI$Inner;Inner;();generated |
 | p;FluentAPI$Inner;notThis;(String);generated |
-| p;FluentAPI;FluentAPI;();generated |
 | p;ImmutablePojo;getX;();generated |
-| p;ImplOfExternalSPI;ImplOfExternalSPI;();generated |
-| p;InnerClasses$CaptureMe;CaptureMe;();generated |
-| p;InnerClasses;InnerClasses;();generated |
-| p;InnerHolder;InnerHolder;();generated |
 | p;Joiner;length;();generated |
-| p;MultipleImpls$Strat1;Strat1;();generated |
-| p;MultipleImpls$Strat2;Strat2;();generated |
-| p;MultipleImpls$Strat3;Strat3;();generated |
 | p;MultipleImpls$Strategy;doSomething;(String);generated |
-| p;MultipleImpls;MultipleImpls;();generated |
-| p;ParamFlow;ParamFlow;();generated |
 | p;ParamFlow;ignorePrimitiveReturnValue;(String);generated |
 | p;ParamFlow;mapType;(Class);generated |
-| p;Pojo;Pojo;();generated |
 | p;Pojo;doNotSetValue;(String);generated |
 | p;Pojo;getBigDecimal;();generated |
 | p;Pojo;getBigInt;();generated |
@@ -31,13 +17,10 @@
 | p;Pojo;getPrimitiveArray;();generated |
 | p;PrivateFlowViaPublicInterface$SPI;openStream;();generated |
 | p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();generated |
-| p;PrivateFlowViaPublicInterface;PrivateFlowViaPublicInterface;();generated |
 | p;PrivateFlowViaPublicInterface;createAnSPIWithoutTrackingFile;(File);generated |
-| p;Sinks;Sinks;();generated |
 | p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);generated |
 | p;Sinks;propagate;(String);generated |
 | p;Sinks;readUrl;(URL,Charset);generated |
-| p;Sources;Sources;();generated |
 | p;Sources;readUrl;(URL);generated |
 | p;Sources;socketStream;();generated |
 | p;Sources;sourceToParameter;(InputStream[],List);generated |
diff --git a/java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref b/java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref
new file mode 100644
index 00000000000..cb6ef7faa65
--- /dev/null
+++ b/java/ql/test/utils/model-generator/dataflow/CaptureNeutralModels.qlref
@@ -0,0 +1 @@
+utils/model-generator/CaptureNeutralModels.ql
\ No newline at end of file
diff --git a/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme
new file mode 100644
index 00000000000..4d00210ca57
--- /dev/null
+++ b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme
@@ -0,0 +1,1218 @@
+/*** Standard fragments ***/
+
+/** Files and folders **/
+
+@location = @location_default;
+
+locations_default(unique int id: @location_default,
+          int file: @file ref,
+          int beginLine: int ref,
+          int beginColumn: int ref,
+          int endLine: int ref,
+          int endColumn: int ref
+         );
+
+@sourceline = @locatable;
+
+numlines(int element_id: @sourceline ref,
+         int num_lines: int ref,
+         int num_code: int ref,
+         int num_comment: int ref
+        );
+
+files(unique int id: @file,
+      varchar(900) name: string ref);
+
+folders(unique int id: @folder,
+        varchar(900) name: string ref);
+
+
+@container = @folder | @file ;
+
+
+containerparent(int parent: @container ref,
+                unique int child: @container ref);
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+/** Version control data **/
+
+svnentries(
+  int id : @svnentry,
+  varchar(500) revision : string ref,
+  varchar(500) author : string ref,
+  date revisionDate : date ref,
+  int changeSize : int ref
+);
+
+svnaffectedfiles(
+  int id : @svnentry ref,
+  int file : @file ref,
+  varchar(500) action : string ref
+);
+
+svnentrymsg(
+  int id : @svnentry ref,
+  varchar(500) message : string ref
+);
+
+svnchurn(
+  int commit : @svnentry ref,
+  int file : @file ref,
+  int addedLines : int ref,
+  int deletedLines : int ref
+);
+
+
+/*** JavaScript-specific part ***/
+
+filetype(
+  int file: @file ref,
+  string filetype: string ref
+)
+
+// top-level code fragments
+toplevels (unique int id: @toplevel,
+           int kind: int ref);
+
+is_externs (int toplevel: @toplevel ref);
+
+case @toplevel.kind of
+   0 = @script
+|  1 = @inline_script
+|  2 = @event_handler
+|  3 = @javascript_url
+|  4 = @template_toplevel;
+
+is_module (int tl: @toplevel ref);
+is_nodejs (int tl: @toplevel ref);
+is_es2015_module (int tl: @toplevel ref);
+is_closure_module (int tl: @toplevel ref);
+
+@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag;
+toplevel_parent_xml_node(
+  unique int toplevel: @toplevel ref,
+  int xmlnode: @xml_node_with_code ref);
+
+xml_element_parent_expression(
+  unique int xmlnode: @xmlelement ref,
+  int expression: @expr ref,
+  int index: int ref);
+
+// statements
+#keyset[parent, idx]
+stmts (unique int id: @stmt,
+       int kind: int ref,
+       int parent: @stmt_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+stmt_containers (unique int stmt: @stmt ref,
+       int container: @stmt_container ref);
+
+jump_targets (unique int jump: @stmt ref,
+       int target: @stmt ref);
+
+@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer;
+@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration;
+
+case @stmt.kind of
+   0 = @empty_stmt
+|  1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @labeled_stmt
+|  5 = @break_stmt
+|  6 = @continue_stmt
+|  7 = @with_stmt
+|  8 = @switch_stmt
+|  9 = @return_stmt
+| 10 = @throw_stmt
+| 11 = @try_stmt
+| 12 = @while_stmt
+| 13 = @do_while_stmt
+| 14 = @for_stmt
+| 15 = @for_in_stmt
+| 16 = @debugger_stmt
+| 17 = @function_decl_stmt
+| 18 = @var_decl_stmt
+| 19 = @case
+| 20 = @catch_clause
+| 21 = @for_of_stmt
+| 22 = @const_decl_stmt
+| 23 = @let_stmt
+| 24 = @legacy_let_stmt
+| 25 = @for_each_stmt
+| 26 = @class_decl_stmt
+| 27 = @import_declaration
+| 28 = @export_all_declaration
+| 29 = @export_default_declaration
+| 30 = @export_named_declaration
+| 31 = @namespace_declaration
+| 32 = @import_equals_declaration
+| 33 = @export_assign_declaration
+| 34 = @interface_declaration
+| 35 = @type_alias_declaration
+| 36 = @enum_declaration
+| 37 = @external_module_declaration
+| 38 = @export_as_namespace_declaration
+| 39 = @global_augmentation_declaration
+;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt;
+
+@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration;
+
+@namespace_definition = @namespace_declaration | @enum_declaration;
+@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member;
+
+is_instantiated(unique int decl: @namespace_declaration ref);
+
+@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field;
+has_declare_keyword(unique int stmt: @declarable_node ref);
+
+is_for_await_of(unique int forof: @for_of_stmt ref);
+
+// expressions
+#keyset[parent, idx]
+exprs (unique int id: @expr,
+       int kind: int ref,
+       int parent: @expr_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+literals (varchar(900) value: string ref,
+       varchar(900) raw: string ref,
+       unique int expr: @expr_or_type ref);
+
+enclosing_stmt (unique int expr: @expr_or_type ref,
+       int stmt: @stmt ref);
+
+expr_containers (unique int expr: @expr_or_type ref,
+       int container: @stmt_container ref);
+
+array_size (unique int ae: @arraylike ref,
+       int sz: int ref);
+
+is_delegating (int yield: @yield_expr ref);
+
+@expr_or_stmt = @expr | @stmt;
+@expr_or_type = @expr | @typeexpr;
+@expr_parent = @expr_or_stmt | @property | @function_typeexpr;
+@arraylike = @array_expr | @array_pattern;
+@type_annotation = @typeexpr | @jsdoc_type_expr;
+@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel;
+
+case @expr.kind of
+   0 = @label
+|  1 = @null_literal
+|  2 = @boolean_literal
+|  3 = @number_literal
+|  4 = @string_literal
+|  5 = @regexp_literal
+|  6 = @this_expr
+|  7 = @array_expr
+|  8 = @obj_expr
+|  9 = @function_expr
+| 10 = @seq_expr
+| 11 = @conditional_expr
+| 12 = @new_expr
+| 13 = @call_expr
+| 14 = @dot_expr
+| 15 = @index_expr
+| 16 = @neg_expr
+| 17 = @plus_expr
+| 18 = @log_not_expr
+| 19 = @bit_not_expr
+| 20 = @typeof_expr
+| 21 = @void_expr
+| 22 = @delete_expr
+| 23 = @eq_expr
+| 24 = @neq_expr
+| 25 = @eqq_expr
+| 26 = @neqq_expr
+| 27 = @lt_expr
+| 28 = @le_expr
+| 29 = @gt_expr
+| 30 = @ge_expr
+| 31 = @lshift_expr
+| 32 = @rshift_expr
+| 33 = @urshift_expr
+| 34 = @add_expr
+| 35 = @sub_expr
+| 36 = @mul_expr
+| 37 = @div_expr
+| 38 = @mod_expr
+| 39 = @bitor_expr
+| 40 = @xor_expr
+| 41 = @bitand_expr
+| 42 = @in_expr
+| 43 = @instanceof_expr
+| 44 = @logand_expr
+| 45 = @logor_expr
+| 47 = @assign_expr
+| 48 = @assign_add_expr
+| 49 = @assign_sub_expr
+| 50 = @assign_mul_expr
+| 51 = @assign_div_expr
+| 52 = @assign_mod_expr
+| 53 = @assign_lshift_expr
+| 54 = @assign_rshift_expr
+| 55 = @assign_urshift_expr
+| 56 = @assign_or_expr
+| 57 = @assign_xor_expr
+| 58 = @assign_and_expr
+| 59 = @preinc_expr
+| 60 = @postinc_expr
+| 61 = @predec_expr
+| 62 = @postdec_expr
+| 63 = @par_expr
+| 64 = @var_declarator
+| 65 = @arrow_function_expr
+| 66 = @spread_element
+| 67 = @array_pattern
+| 68 = @object_pattern
+| 69 = @yield_expr
+| 70 = @tagged_template_expr
+| 71 = @template_literal
+| 72 = @template_element
+| 73 = @array_comprehension_expr
+| 74 = @generator_expr
+| 75 = @for_in_comprehension_block
+| 76 = @for_of_comprehension_block
+| 77 = @legacy_letexpr
+| 78 = @var_decl
+| 79 = @proper_varaccess
+| 80 = @class_expr
+| 81 = @super_expr
+| 82 = @newtarget_expr
+| 83 = @named_import_specifier
+| 84 = @import_default_specifier
+| 85 = @import_namespace_specifier
+| 86 = @named_export_specifier
+| 87 = @exp_expr
+| 88 = @assign_exp_expr
+| 89 = @jsx_element
+| 90 = @jsx_qualified_name
+| 91 = @jsx_empty_expr
+| 92 = @await_expr
+| 93 = @function_sent_expr
+| 94 = @decorator
+| 95 = @export_default_specifier
+| 96 = @export_namespace_specifier
+| 97 = @bind_expr
+| 98 = @external_module_reference
+| 99 = @dynamic_import
+| 100 = @expression_with_type_arguments
+| 101 = @prefix_type_assertion
+| 102 = @as_type_assertion
+| 103 = @export_varaccess
+| 104 = @decorator_list
+| 105 = @non_null_assertion
+| 106 = @bigint_literal
+| 107 = @nullishcoalescing_expr
+| 108 = @e4x_xml_anyname
+| 109 = @e4x_xml_static_attribute_selector
+| 110 = @e4x_xml_dynamic_attribute_selector
+| 111 = @e4x_xml_filter_expression
+| 112 = @e4x_xml_static_qualident
+| 113 = @e4x_xml_dynamic_qualident
+| 114 = @e4x_xml_dotdotexpr
+| 115 = @import_meta_expr
+| 116 = @assignlogandexpr
+| 117 = @assignlogorexpr
+| 118 = @assignnullishcoalescingexpr
+| 119 = @template_pipe_ref
+| 120 = @generated_code_expr
+| 121 = @satisfies_expr
+;
+
+@varaccess = @proper_varaccess | @export_varaccess;
+@varref = @var_decl | @varaccess;
+
+@identifier = @label | @varref | @type_identifier;
+
+@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal;
+
+@propaccess = @dot_expr | @index_expr;
+
+@invokeexpr = @new_expr | @call_expr;
+
+@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element;
+
+@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr;
+
+@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr;
+
+@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr;
+
+@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr;
+
+@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr;
+
+@pattern = @varref | @array_pattern | @object_pattern;
+
+@comprehension_expr = @array_comprehension_expr | @generator_expr;
+
+@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block;
+
+@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier;
+
+@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier;
+
+@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier;
+
+@type_assertion = @as_type_assertion | @prefix_type_assertion;
+
+@class_definition = @class_decl_stmt | @class_expr;
+@interface_definition = @interface_declaration | @interface_typeexpr;
+@class_or_interface = @class_definition | @interface_definition;
+
+@lexical_decl = @var_decl | @type_decl;
+@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access;
+@lexical_ref = @lexical_decl | @lexical_access;
+
+@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector;
+@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident;
+
+expr_contains_template_tag_location(
+  int expr: @expr ref,
+  int location: @location ref
+);
+
+@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file;
+
+template_placeholder_tag_info(
+  unique int node: @template_placeholder_tag,
+  int parentNode: @template_placeholder_tag_parent ref,
+  varchar(900) raw: string ref
+);
+
+// scopes
+scopes (unique int id: @scope,
+        int kind: int ref);
+
+case @scope.kind of
+   0 = @global_scope
+|  1 = @function_scope
+|  2 = @catch_scope
+|  3 = @module_scope
+|  4 = @block_scope
+|  5 = @for_scope
+|  6 = @for_in_scope // for-of scopes work the same as for-in scopes
+|  7 = @comprehension_block_scope
+|  8 = @class_expr_scope
+|  9 = @namespace_scope
+| 10 = @class_decl_scope
+| 11 = @interface_scope
+| 12 = @type_alias_scope
+| 13 = @mapped_type_scope
+| 14 = @enum_scope
+| 15 = @external_module_scope
+| 16 = @conditional_type_scope;
+
+scopenodes (unique int node: @ast_node ref,
+            int scope: @scope ref);
+
+scopenesting (unique int inner: @scope ref,
+              int outer: @scope ref);
+
+// functions
+@function = @function_decl_stmt | @function_expr | @arrow_function_expr;
+
+@parameterized = @function | @catch_clause;
+@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr;
+
+is_generator (int fun: @function ref);
+has_rest_parameter (int fun: @function ref);
+is_async (int fun: @function ref);
+
+// variables and lexically scoped type names
+#keyset[scope, name]
+variables (unique int id: @variable,
+           varchar(900) name: string ref,
+           int scope: @scope ref);
+
+#keyset[scope, name]
+local_type_names (unique int id: @local_type_name,
+                  varchar(900) name: string ref,
+                  int scope: @scope ref);
+
+#keyset[scope, name]
+local_namespace_names (unique int id: @local_namespace_name,
+                       varchar(900) name: string ref,
+                       int scope: @scope ref);
+
+is_arguments_object (int id: @variable ref);
+
+@lexical_name = @variable | @local_type_name | @local_namespace_name;
+
+@bind_id = @varaccess | @local_var_type_access;
+bind (unique int id: @bind_id ref,
+      int decl: @variable ref);
+
+decl (unique int id: @var_decl ref,
+      int decl: @variable ref);
+
+@typebind_id = @local_type_access | @export_varaccess;
+typebind (unique int id: @typebind_id ref,
+          int decl: @local_type_name ref);
+
+@typedecl_id = @type_decl | @var_decl;
+typedecl (unique int id: @typedecl_id ref,
+          int decl: @local_type_name ref);
+
+namespacedecl (unique int id: @var_decl ref,
+               int decl: @local_namespace_name ref);
+
+@namespacebind_id = @local_namespace_access | @export_varaccess;
+namespacebind (unique int id: @namespacebind_id ref,
+               int decl: @local_namespace_name ref);
+
+
+// properties in object literals, property patterns in object patterns, and method declarations in classes
+#keyset[parent, index]
+properties (unique int id: @property,
+            int parent: @property_parent ref,
+            int index: int ref,
+            int kind: int ref,
+            varchar(900) tostring: string ref);
+
+case @property.kind of
+  0 = @value_property
+| 1 = @property_getter
+| 2 = @property_setter
+| 3 = @jsx_attribute
+| 4 = @function_call_signature
+| 5 = @constructor_call_signature
+| 6 = @index_signature
+| 7 = @enum_member
+| 8 = @proper_field
+| 9 = @parameter_field
+| 10 = @static_initializer
+;
+
+@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration;
+@property_accessor = @property_getter | @property_setter;
+@call_signature = @function_call_signature | @constructor_call_signature;
+@field = @proper_field | @parameter_field;
+@field_or_vardeclarator = @field | @var_declarator;
+
+is_computed (int id: @property ref);
+is_method   (int id: @property ref);
+is_static   (int id: @property ref);
+is_abstract_member (int id: @property ref);
+is_const_enum (int id: @enum_declaration ref);
+is_abstract_class (int id: @class_decl_stmt ref);
+
+has_public_keyword (int id: @property ref);
+has_private_keyword (int id: @property ref);
+has_protected_keyword (int id: @property ref);
+has_readonly_keyword (int id: @property ref);
+has_type_keyword (int id: @type_keyword_operand ref);
+is_optional_member (int id: @property ref);
+has_definite_assignment_assertion (int id: @field_or_vardeclarator ref);
+is_optional_parameter_declaration (unique int parameter: @pattern ref);
+
+#keyset[constructor, param_index]
+parameter_fields(
+  unique int field: @parameter_field ref,
+  int constructor: @function_expr ref,
+  int param_index: int ref
+);
+
+// types
+#keyset[parent, idx]
+typeexprs (
+  unique int id: @typeexpr,
+  int kind: int ref,
+  int parent: @typeexpr_parent ref,
+  int idx: int ref,
+  varchar(900) tostring: string ref
+);
+
+case @typeexpr.kind of
+  0 = @local_type_access
+| 1 = @type_decl
+| 2 = @keyword_typeexpr
+| 3 = @string_literal_typeexpr
+| 4 = @number_literal_typeexpr
+| 5 = @boolean_literal_typeexpr
+| 6 = @array_typeexpr
+| 7 = @union_typeexpr
+| 8 = @indexed_access_typeexpr
+| 9 = @intersection_typeexpr
+| 10 = @parenthesized_typeexpr
+| 11 = @tuple_typeexpr
+| 12 = @keyof_typeexpr
+| 13 = @qualified_type_access
+| 14 = @generic_typeexpr
+| 15 = @type_label
+| 16 = @typeof_typeexpr
+| 17 = @local_var_type_access
+| 18 = @qualified_var_type_access
+| 19 = @this_var_type_access
+| 20 = @predicate_typeexpr
+| 21 = @interface_typeexpr
+| 22 = @type_parameter
+| 23 = @plain_function_typeexpr
+| 24 = @constructor_typeexpr
+| 25 = @local_namespace_access
+| 26 = @qualified_namespace_access
+| 27 = @mapped_typeexpr
+| 28 = @conditional_typeexpr
+| 29 = @infer_typeexpr
+| 30 = @import_type_access
+| 31 = @import_namespace_access
+| 32 = @import_var_type_access
+| 33 = @optional_typeexpr
+| 34 = @rest_typeexpr
+| 35 = @bigint_literal_typeexpr
+| 36 = @readonly_typeexpr
+| 37 = @template_literal_typeexpr
+;
+
+@typeref = @typeaccess | @type_decl;
+@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access;
+@typeexpr_parent = @expr | @stmt | @property | @typeexpr;
+@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr;
+@typeaccess = @local_type_access | @qualified_type_access | @import_type_access;
+@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access;
+@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access;
+@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access;
+
+@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr;
+
+// types
+types (
+  unique int id: @type,
+  int kind: int ref,
+  varchar(900) tostring: string ref
+);
+
+#keyset[parent, idx]
+type_child (
+  int child: @type ref,
+  int parent: @type ref,
+  int idx: int ref
+);
+
+case @type.kind of
+  0 = @any_type
+| 1 = @string_type
+| 2 = @number_type
+| 3 = @union_type
+| 4 = @true_type
+| 5 = @false_type
+| 6 = @type_reference
+| 7 = @object_type
+| 8 = @canonical_type_variable_type
+| 9 = @typeof_type
+| 10 = @void_type
+| 11 = @undefined_type
+| 12 = @null_type
+| 13 = @never_type
+| 14 = @plain_symbol_type
+| 15 = @unique_symbol_type
+| 16 = @objectkeyword_type
+| 17 = @intersection_type
+| 18 = @tuple_type
+| 19 = @lexical_type_variable_type
+| 20 = @this_type
+| 21 = @number_literal_type
+| 22 = @string_literal_type
+| 23 = @unknown_type
+| 24 = @bigint_type
+| 25 = @bigint_literal_type
+;
+
+@boolean_literal_type = @true_type | @false_type;
+@symbol_type = @plain_symbol_type | @unique_symbol_type;
+@union_or_intersection_type = @union_type | @intersection_type;
+@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type;
+
+has_asserts_keyword(int node: @predicate_typeexpr ref);
+
+@typed_ast_node = @expr | @typeexpr | @function;
+ast_node_type(
+  unique int node: @typed_ast_node ref,
+  int typ: @type ref);
+
+declared_function_signature(
+  unique int node: @function ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_signature(
+  unique int node: @invokeexpr ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_overload_index(
+  unique int node: @invokeexpr ref,
+  int index: int ref
+);
+
+symbols (
+  unique int id: @symbol,
+  int kind: int ref,
+  varchar(900) name: string ref
+);
+
+symbol_parent (
+  unique int symbol: @symbol ref,
+  int parent: @symbol ref
+);
+
+symbol_module (
+  int symbol: @symbol ref,
+  varchar(900) moduleName: string ref
+);
+
+symbol_global (
+  int symbol: @symbol ref,
+  varchar(900) globalName: string ref
+);
+
+case @symbol.kind of
+  0 = @root_symbol
+| 1 = @member_symbol
+| 2 = @other_symbol
+;
+
+@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type;
+@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration;
+
+ast_node_symbol(
+  unique int node: @ast_node_with_symbol ref,
+  int symbol: @symbol ref);
+
+type_symbol(
+  unique int typ: @type_with_symbol ref,
+  int symbol: @symbol ref);
+
+#keyset[typ, name]
+type_property(
+  int typ: @type ref,
+  varchar(900) name: string ref,
+  int propertyType: @type ref);
+
+type_alias(
+  unique int aliasType: @type ref,
+  int underlyingType: @type ref);
+
+@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type;
+@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type;
+type_literal_value(
+  unique int typ: @type_with_literal_value ref,
+  varchar(900) value: string ref);
+
+signature_types (
+  unique int id: @signature_type,
+  int kind: int ref,
+  varchar(900) tostring: string ref,
+  int type_parameters: int ref,
+  int required_params: int ref
+);
+
+is_abstract_signature(
+  unique int sig: @signature_type ref
+);
+
+signature_rest_parameter(
+  unique int sig: @signature_type ref,
+  int rest_param_arra_type: @type ref
+);
+
+case @signature_type.kind of
+  0 = @function_signature_type
+| 1 = @constructor_signature_type
+;
+
+#keyset[typ, kind, index]
+type_contains_signature (
+  int typ: @type ref,
+  int kind: int ref,  // constructor/call/index
+  int index: int ref, // ordering of overloaded signatures
+  int sig: @signature_type ref
+);
+
+#keyset[parent, index]
+signature_contains_type (
+  int child: @type ref,
+  int parent: @signature_type ref,
+  int index: int ref
+);
+
+#keyset[sig, index]
+signature_parameter_name (
+  int sig: @signature_type ref,
+  int index: int ref,
+  varchar(900) name: string ref
+);
+
+number_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+string_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+base_type_names(
+  int typeName: @symbol ref,
+  int baseTypeName: @symbol ref
+);
+
+self_types(
+  int typeName: @symbol ref,
+  int selfType: @type_reference ref
+);
+
+tuple_type_min_length(
+  unique int typ: @type ref,
+  int minLength: int ref
+);
+
+tuple_type_rest_index(
+  unique int typ: @type ref,
+  int index: int ref
+);
+
+// comments
+comments (unique int id: @comment,
+          int kind: int ref,
+          int toplevel: @toplevel ref,
+          varchar(900) text: string ref,
+          varchar(900) tostring: string ref);
+
+case @comment.kind of
+  0 = @slashslash_comment
+| 1 = @slashstar_comment
+| 2 = @doc_comment
+| 3 = @html_comment_start
+| 4 = @htmlcommentend;
+
+@html_comment = @html_comment_start | @htmlcommentend;
+@line_comment = @slashslash_comment | @html_comment;
+@block_comment = @slashstar_comment | @doc_comment;
+
+// source lines
+lines (unique int id: @line,
+       int toplevel: @toplevel ref,
+       varchar(900) text: string ref,
+       varchar(2) terminator: string ref);
+indentation (int file: @file ref,
+            int lineno: int ref,
+            varchar(1) indentChar: string ref,
+            int indentDepth: int ref);
+
+// JavaScript parse errors
+js_parse_errors (unique int id: @js_parse_error,
+        int toplevel: @toplevel ref,
+        varchar(900) message: string ref,
+        varchar(900) line: string ref);
+
+// regular expressions
+#keyset[parent, idx]
+regexpterm (unique int id: @regexpterm,
+        int kind: int ref,
+        int parent: @regexpparent ref,
+        int idx: int ref,
+        varchar(900) tostring: string ref);
+
+@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr;
+
+case @regexpterm.kind of
+   0 = @regexp_alt
+|  1 = @regexp_seq
+|  2 = @regexp_caret
+|  3 = @regexp_dollar
+|  4 = @regexp_wordboundary
+|  5 = @regexp_nonwordboundary
+|  6 = @regexp_positive_lookahead
+|  7 = @regexp_negative_lookahead
+|  8 = @regexp_star
+|  9 = @regexp_plus
+| 10 = @regexp_opt
+| 11 = @regexp_range
+| 12 = @regexp_dot
+| 13 = @regexp_group
+| 14 = @regexp_normal_constant
+| 15 = @regexp_hex_escape
+| 16 = @regexp_unicode_escape
+| 17 = @regexp_dec_escape
+| 18 = @regexp_oct_escape
+| 19 = @regexp_ctrl_escape
+| 20 = @regexp_char_class_escape
+| 21 = @regexp_id_escape
+| 22 = @regexp_backref
+| 23 = @regexp_char_class
+| 24 = @regexp_char_range
+| 25 = @regexp_positive_lookbehind
+| 26 = @regexp_negative_lookbehind
+| 27 = @regexp_unicode_property_escape;
+
+regexp_parse_errors (unique int id: @regexp_parse_error,
+    int regexp: @regexpterm ref,
+    varchar(900) message: string ref);
+
+@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range;
+@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape;
+@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape;
+@regexp_constant = @regexp_normal_constant | @regexp_char_escape;
+@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead;
+@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind;
+@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind;
+@regexp_anchor = @regexp_dollar | @regexp_caret;
+
+is_greedy (int id: @regexp_quantifier ref);
+range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref);
+range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref);
+is_capture (unique int id: @regexp_group ref, int number: int ref);
+is_named_capture (unique int id: @regexp_group ref, string name: string ref);
+is_inverted (int id: @regexp_char_class ref);
+regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref);
+char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref);
+backref (unique int id: @regexp_backref ref, int value: int ref);
+named_backref (unique int id: @regexp_backref ref, string name: string ref);
+unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref);
+unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref);
+
+// tokens
+#keyset[toplevel, idx]
+tokeninfo (unique int id: @token,
+    int kind: int ref,
+    int toplevel: @toplevel ref,
+    int idx: int ref,
+    varchar(900) value: string ref);
+
+case @token.kind of
+  0 = @token_eof
+| 1 = @token_null_literal
+| 2 = @token_boolean_literal
+| 3 = @token_numeric_literal
+| 4 = @token_string_literal
+| 5 = @token_regular_expression
+| 6 = @token_identifier
+| 7 = @token_keyword
+| 8 = @token_punctuator;
+
+// associate comments with the token immediately following them (which may be EOF)
+next_token (int comment: @comment ref, int token: @token ref);
+
+// JSON
+#keyset[parent, idx]
+json (unique int id: @json_value,
+      int kind: int ref,
+      int parent: @json_parent ref,
+      int idx: int ref,
+      varchar(900) tostring: string ref);
+
+json_literals (varchar(900) value: string ref,
+      varchar(900) raw: string ref,
+      unique int expr: @json_value ref);
+
+json_properties (int obj: @json_object ref,
+      varchar(900) property: string ref,
+      int value: @json_value ref);
+
+json_errors (unique int id: @json_parse_error,
+      varchar(900) message: string ref);
+
+json_locations(unique int locatable: @json_locatable ref,
+      int location: @location_default ref);
+
+case @json_value.kind of
+  0 = @json_null
+| 1 = @json_boolean
+| 2 = @json_number
+| 3 = @json_string
+| 4 = @json_array
+| 5 = @json_object;
+
+@json_parent = @json_object | @json_array | @file;
+
+@json_locatable = @json_value | @json_parse_error;
+
+// locations
+@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr;
+
+@locatable = @file
+    | @ast_node
+    | @comment
+    | @line
+    | @js_parse_error | @regexp_parse_error
+    | @regexpterm
+    | @json_locatable
+    | @token
+    | @cfg_node
+    | @jsdoc | @jsdoc_type_expr | @jsdoc_tag
+    | @yaml_locatable
+    | @xmllocatable
+    | @configLocatable
+    | @template_placeholder_tag;
+
+hasLocation (unique int locatable: @locatable ref,
+    int location: @location ref);
+
+// CFG
+entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref);
+exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref);
+guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref);
+case @guard_node.kind of
+  0 = @falsy_guard
+| 1 = @truthy_guard;
+@condition_guard = @falsy_guard | @truthy_guard;
+
+@synthetic_cfg_node = @entry_node | @exit_node | @guard_node;
+@cfg_node = @synthetic_cfg_node | @expr_parent;
+
+successor (int pred: @cfg_node ref, int succ: @cfg_node ref);
+
+// JSDoc comments
+jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref);
+#keyset[parent, idx]
+jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref,
+            int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref);
+jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+
+#keyset[parent, idx]
+jsdoc_type_exprs (unique int id: @jsdoc_type_expr,
+                  int kind: int ref,
+                  int parent: @jsdoc_type_expr_parent ref,
+                  int idx: int ref,
+                  varchar(900) tostring: string ref);
+case @jsdoc_type_expr.kind of
+    0 = @jsdoc_any_type_expr
+|   1 = @jsdoc_null_type_expr
+|   2 = @jsdoc_undefined_type_expr
+|   3 = @jsdoc_unknown_type_expr
+|   4 = @jsdoc_void_type_expr
+|   5 = @jsdoc_named_type_expr
+|   6 = @jsdoc_applied_type_expr
+|   7 = @jsdoc_nullable_type_expr
+|   8 = @jsdoc_non_nullable_type_expr
+|   9 = @jsdoc_record_type_expr
+|  10 = @jsdoc_array_type_expr
+|  11 = @jsdoc_union_type_expr
+|  12 = @jsdoc_function_type_expr
+|  13 = @jsdoc_optional_type_expr
+|  14 = @jsdoc_rest_type_expr
+;
+
+#keyset[id, idx]
+jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref);
+jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref);
+jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref);
+
+@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag;
+
+jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref);
+
+// YAML
+#keyset[parent, idx]
+yaml (unique int id: @yaml_node,
+      int kind: int ref,
+      int parent: @yaml_node_parent ref,
+      int idx: int ref,
+      varchar(900) tag: string ref,
+      varchar(900) tostring: string ref);
+
+case @yaml_node.kind of
+  0 = @yaml_scalar_node
+| 1 = @yaml_mapping_node
+| 2 = @yaml_sequence_node
+| 3 = @yaml_alias_node
+;
+
+@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node;
+
+@yaml_node_parent = @yaml_collection_node | @file;
+
+yaml_anchors (unique int node: @yaml_node ref,
+              varchar(900) anchor: string ref);
+
+yaml_aliases (unique int alias: @yaml_alias_node ref,
+              varchar(900) target: string ref);
+
+yaml_scalars (unique int scalar: @yaml_scalar_node ref,
+              int style: int ref,
+              varchar(900) value: string ref);
+
+yaml_errors (unique int id: @yaml_error,
+             varchar(900) message: string ref);
+
+yaml_locations(unique int locatable: @yaml_locatable ref,
+             int location: @location_default ref);
+
+@yaml_locatable = @yaml_node | @yaml_error;
+
+/* XML Files */
+
+xmlEncoding(
+  unique int id: @file ref,
+  varchar(900) encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  varchar(900) root: string ref,
+  varchar(900) publicId: string ref,
+  varchar(900) systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  varchar(900) name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  varchar(900) name: string ref,
+  varchar(3600) value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  varchar(900) prefixName: string ref,
+  varchar(900) URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property;
+
+@optionalchainable = @call_expr | @propaccess;
+
+isOptionalChaining(int id: @optionalchainable ref);
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+/**
+ * The time taken for the extraction of a file.
+ * This table contains non-deterministic content.
+ *
+ * The sum of the `time` column for each (`file`, `timerKind`) pair
+ * is the total time taken for extraction of `file`.  The `extractionPhase`
+ * column provides a granular view of the extraction time of the file.
+ */
+extraction_time(
+   int file : @file ref,
+   // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`.
+   int extractionPhase: int ref,
+   // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds
+   int timerKind: int ref,
+   float time: float ref
+)
+
+/**
+ * Non-timing related data for the extraction of a single file.
+ * This table contains non-deterministic content.
+ */
+extraction_data(
+   int file : @file ref,
+   // the absolute path to the cache file
+   varchar(900) cacheFile: string ref,
+   boolean fromCache: boolean ref,
+   int length: int ref
+)
diff --git a/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme
new file mode 100644
index 00000000000..c0664d5721c
--- /dev/null
+++ b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme
@@ -0,0 +1,1217 @@
+/*** Standard fragments ***/
+
+/** Files and folders **/
+
+@location = @location_default;
+
+locations_default(unique int id: @location_default,
+          int file: @file ref,
+          int beginLine: int ref,
+          int beginColumn: int ref,
+          int endLine: int ref,
+          int endColumn: int ref
+         );
+
+@sourceline = @locatable;
+
+numlines(int element_id: @sourceline ref,
+         int num_lines: int ref,
+         int num_code: int ref,
+         int num_comment: int ref
+        );
+
+files(unique int id: @file,
+      varchar(900) name: string ref);
+
+folders(unique int id: @folder,
+        varchar(900) name: string ref);
+
+
+@container = @folder | @file ;
+
+
+containerparent(int parent: @container ref,
+                unique int child: @container ref);
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+/** Version control data **/
+
+svnentries(
+  int id : @svnentry,
+  varchar(500) revision : string ref,
+  varchar(500) author : string ref,
+  date revisionDate : date ref,
+  int changeSize : int ref
+);
+
+svnaffectedfiles(
+  int id : @svnentry ref,
+  int file : @file ref,
+  varchar(500) action : string ref
+);
+
+svnentrymsg(
+  int id : @svnentry ref,
+  varchar(500) message : string ref
+);
+
+svnchurn(
+  int commit : @svnentry ref,
+  int file : @file ref,
+  int addedLines : int ref,
+  int deletedLines : int ref
+);
+
+
+/*** JavaScript-specific part ***/
+
+filetype(
+  int file: @file ref,
+  string filetype: string ref
+)
+
+// top-level code fragments
+toplevels (unique int id: @toplevel,
+           int kind: int ref);
+
+is_externs (int toplevel: @toplevel ref);
+
+case @toplevel.kind of
+   0 = @script
+|  1 = @inline_script
+|  2 = @event_handler
+|  3 = @javascript_url
+|  4 = @template_toplevel;
+
+is_module (int tl: @toplevel ref);
+is_nodejs (int tl: @toplevel ref);
+is_es2015_module (int tl: @toplevel ref);
+is_closure_module (int tl: @toplevel ref);
+
+@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag;
+toplevel_parent_xml_node(
+  unique int toplevel: @toplevel ref,
+  int xmlnode: @xml_node_with_code ref);
+
+xml_element_parent_expression(
+  unique int xmlnode: @xmlelement ref,
+  int expression: @expr ref,
+  int index: int ref);
+
+// statements
+#keyset[parent, idx]
+stmts (unique int id: @stmt,
+       int kind: int ref,
+       int parent: @stmt_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+stmt_containers (unique int stmt: @stmt ref,
+       int container: @stmt_container ref);
+
+jump_targets (unique int jump: @stmt ref,
+       int target: @stmt ref);
+
+@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer;
+@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration;
+
+case @stmt.kind of
+   0 = @empty_stmt
+|  1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @labeled_stmt
+|  5 = @break_stmt
+|  6 = @continue_stmt
+|  7 = @with_stmt
+|  8 = @switch_stmt
+|  9 = @return_stmt
+| 10 = @throw_stmt
+| 11 = @try_stmt
+| 12 = @while_stmt
+| 13 = @do_while_stmt
+| 14 = @for_stmt
+| 15 = @for_in_stmt
+| 16 = @debugger_stmt
+| 17 = @function_decl_stmt
+| 18 = @var_decl_stmt
+| 19 = @case
+| 20 = @catch_clause
+| 21 = @for_of_stmt
+| 22 = @const_decl_stmt
+| 23 = @let_stmt
+| 24 = @legacy_let_stmt
+| 25 = @for_each_stmt
+| 26 = @class_decl_stmt
+| 27 = @import_declaration
+| 28 = @export_all_declaration
+| 29 = @export_default_declaration
+| 30 = @export_named_declaration
+| 31 = @namespace_declaration
+| 32 = @import_equals_declaration
+| 33 = @export_assign_declaration
+| 34 = @interface_declaration
+| 35 = @type_alias_declaration
+| 36 = @enum_declaration
+| 37 = @external_module_declaration
+| 38 = @export_as_namespace_declaration
+| 39 = @global_augmentation_declaration
+;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt;
+
+@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration;
+
+@namespace_definition = @namespace_declaration | @enum_declaration;
+@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member;
+
+is_instantiated(unique int decl: @namespace_declaration ref);
+
+@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field;
+has_declare_keyword(unique int stmt: @declarable_node ref);
+
+is_for_await_of(unique int forof: @for_of_stmt ref);
+
+// expressions
+#keyset[parent, idx]
+exprs (unique int id: @expr,
+       int kind: int ref,
+       int parent: @expr_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+literals (varchar(900) value: string ref,
+       varchar(900) raw: string ref,
+       unique int expr: @expr_or_type ref);
+
+enclosing_stmt (unique int expr: @expr_or_type ref,
+       int stmt: @stmt ref);
+
+expr_containers (unique int expr: @expr_or_type ref,
+       int container: @stmt_container ref);
+
+array_size (unique int ae: @arraylike ref,
+       int sz: int ref);
+
+is_delegating (int yield: @yield_expr ref);
+
+@expr_or_stmt = @expr | @stmt;
+@expr_or_type = @expr | @typeexpr;
+@expr_parent = @expr_or_stmt | @property | @function_typeexpr;
+@arraylike = @array_expr | @array_pattern;
+@type_annotation = @typeexpr | @jsdoc_type_expr;
+@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel;
+
+case @expr.kind of
+   0 = @label
+|  1 = @null_literal
+|  2 = @boolean_literal
+|  3 = @number_literal
+|  4 = @string_literal
+|  5 = @regexp_literal
+|  6 = @this_expr
+|  7 = @array_expr
+|  8 = @obj_expr
+|  9 = @function_expr
+| 10 = @seq_expr
+| 11 = @conditional_expr
+| 12 = @new_expr
+| 13 = @call_expr
+| 14 = @dot_expr
+| 15 = @index_expr
+| 16 = @neg_expr
+| 17 = @plus_expr
+| 18 = @log_not_expr
+| 19 = @bit_not_expr
+| 20 = @typeof_expr
+| 21 = @void_expr
+| 22 = @delete_expr
+| 23 = @eq_expr
+| 24 = @neq_expr
+| 25 = @eqq_expr
+| 26 = @neqq_expr
+| 27 = @lt_expr
+| 28 = @le_expr
+| 29 = @gt_expr
+| 30 = @ge_expr
+| 31 = @lshift_expr
+| 32 = @rshift_expr
+| 33 = @urshift_expr
+| 34 = @add_expr
+| 35 = @sub_expr
+| 36 = @mul_expr
+| 37 = @div_expr
+| 38 = @mod_expr
+| 39 = @bitor_expr
+| 40 = @xor_expr
+| 41 = @bitand_expr
+| 42 = @in_expr
+| 43 = @instanceof_expr
+| 44 = @logand_expr
+| 45 = @logor_expr
+| 47 = @assign_expr
+| 48 = @assign_add_expr
+| 49 = @assign_sub_expr
+| 50 = @assign_mul_expr
+| 51 = @assign_div_expr
+| 52 = @assign_mod_expr
+| 53 = @assign_lshift_expr
+| 54 = @assign_rshift_expr
+| 55 = @assign_urshift_expr
+| 56 = @assign_or_expr
+| 57 = @assign_xor_expr
+| 58 = @assign_and_expr
+| 59 = @preinc_expr
+| 60 = @postinc_expr
+| 61 = @predec_expr
+| 62 = @postdec_expr
+| 63 = @par_expr
+| 64 = @var_declarator
+| 65 = @arrow_function_expr
+| 66 = @spread_element
+| 67 = @array_pattern
+| 68 = @object_pattern
+| 69 = @yield_expr
+| 70 = @tagged_template_expr
+| 71 = @template_literal
+| 72 = @template_element
+| 73 = @array_comprehension_expr
+| 74 = @generator_expr
+| 75 = @for_in_comprehension_block
+| 76 = @for_of_comprehension_block
+| 77 = @legacy_letexpr
+| 78 = @var_decl
+| 79 = @proper_varaccess
+| 80 = @class_expr
+| 81 = @super_expr
+| 82 = @newtarget_expr
+| 83 = @named_import_specifier
+| 84 = @import_default_specifier
+| 85 = @import_namespace_specifier
+| 86 = @named_export_specifier
+| 87 = @exp_expr
+| 88 = @assign_exp_expr
+| 89 = @jsx_element
+| 90 = @jsx_qualified_name
+| 91 = @jsx_empty_expr
+| 92 = @await_expr
+| 93 = @function_sent_expr
+| 94 = @decorator
+| 95 = @export_default_specifier
+| 96 = @export_namespace_specifier
+| 97 = @bind_expr
+| 98 = @external_module_reference
+| 99 = @dynamic_import
+| 100 = @expression_with_type_arguments
+| 101 = @prefix_type_assertion
+| 102 = @as_type_assertion
+| 103 = @export_varaccess
+| 104 = @decorator_list
+| 105 = @non_null_assertion
+| 106 = @bigint_literal
+| 107 = @nullishcoalescing_expr
+| 108 = @e4x_xml_anyname
+| 109 = @e4x_xml_static_attribute_selector
+| 110 = @e4x_xml_dynamic_attribute_selector
+| 111 = @e4x_xml_filter_expression
+| 112 = @e4x_xml_static_qualident
+| 113 = @e4x_xml_dynamic_qualident
+| 114 = @e4x_xml_dotdotexpr
+| 115 = @import_meta_expr
+| 116 = @assignlogandexpr
+| 117 = @assignlogorexpr
+| 118 = @assignnullishcoalescingexpr
+| 119 = @template_pipe_ref
+| 120 = @generated_code_expr
+;
+
+@varaccess = @proper_varaccess | @export_varaccess;
+@varref = @var_decl | @varaccess;
+
+@identifier = @label | @varref | @type_identifier;
+
+@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal;
+
+@propaccess = @dot_expr | @index_expr;
+
+@invokeexpr = @new_expr | @call_expr;
+
+@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element;
+
+@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr;
+
+@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr;
+
+@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr;
+
+@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr;
+
+@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr;
+
+@pattern = @varref | @array_pattern | @object_pattern;
+
+@comprehension_expr = @array_comprehension_expr | @generator_expr;
+
+@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block;
+
+@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier;
+
+@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier;
+
+@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier;
+
+@type_assertion = @as_type_assertion | @prefix_type_assertion;
+
+@class_definition = @class_decl_stmt | @class_expr;
+@interface_definition = @interface_declaration | @interface_typeexpr;
+@class_or_interface = @class_definition | @interface_definition;
+
+@lexical_decl = @var_decl | @type_decl;
+@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access;
+@lexical_ref = @lexical_decl | @lexical_access;
+
+@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector;
+@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident;
+
+expr_contains_template_tag_location(
+  int expr: @expr ref,
+  int location: @location ref
+);
+
+@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file;
+
+template_placeholder_tag_info(
+  unique int node: @template_placeholder_tag,
+  int parentNode: @template_placeholder_tag_parent ref,
+  varchar(900) raw: string ref
+);
+
+// scopes
+scopes (unique int id: @scope,
+        int kind: int ref);
+
+case @scope.kind of
+   0 = @global_scope
+|  1 = @function_scope
+|  2 = @catch_scope
+|  3 = @module_scope
+|  4 = @block_scope
+|  5 = @for_scope
+|  6 = @for_in_scope // for-of scopes work the same as for-in scopes
+|  7 = @comprehension_block_scope
+|  8 = @class_expr_scope
+|  9 = @namespace_scope
+| 10 = @class_decl_scope
+| 11 = @interface_scope
+| 12 = @type_alias_scope
+| 13 = @mapped_type_scope
+| 14 = @enum_scope
+| 15 = @external_module_scope
+| 16 = @conditional_type_scope;
+
+scopenodes (unique int node: @ast_node ref,
+            int scope: @scope ref);
+
+scopenesting (unique int inner: @scope ref,
+              int outer: @scope ref);
+
+// functions
+@function = @function_decl_stmt | @function_expr | @arrow_function_expr;
+
+@parameterized = @function | @catch_clause;
+@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr;
+
+is_generator (int fun: @function ref);
+has_rest_parameter (int fun: @function ref);
+is_async (int fun: @function ref);
+
+// variables and lexically scoped type names
+#keyset[scope, name]
+variables (unique int id: @variable,
+           varchar(900) name: string ref,
+           int scope: @scope ref);
+
+#keyset[scope, name]
+local_type_names (unique int id: @local_type_name,
+                  varchar(900) name: string ref,
+                  int scope: @scope ref);
+
+#keyset[scope, name]
+local_namespace_names (unique int id: @local_namespace_name,
+                       varchar(900) name: string ref,
+                       int scope: @scope ref);
+
+is_arguments_object (int id: @variable ref);
+
+@lexical_name = @variable | @local_type_name | @local_namespace_name;
+
+@bind_id = @varaccess | @local_var_type_access;
+bind (unique int id: @bind_id ref,
+      int decl: @variable ref);
+
+decl (unique int id: @var_decl ref,
+      int decl: @variable ref);
+
+@typebind_id = @local_type_access | @export_varaccess;
+typebind (unique int id: @typebind_id ref,
+          int decl: @local_type_name ref);
+
+@typedecl_id = @type_decl | @var_decl;
+typedecl (unique int id: @typedecl_id ref,
+          int decl: @local_type_name ref);
+
+namespacedecl (unique int id: @var_decl ref,
+               int decl: @local_namespace_name ref);
+
+@namespacebind_id = @local_namespace_access | @export_varaccess;
+namespacebind (unique int id: @namespacebind_id ref,
+               int decl: @local_namespace_name ref);
+
+
+// properties in object literals, property patterns in object patterns, and method declarations in classes
+#keyset[parent, index]
+properties (unique int id: @property,
+            int parent: @property_parent ref,
+            int index: int ref,
+            int kind: int ref,
+            varchar(900) tostring: string ref);
+
+case @property.kind of
+  0 = @value_property
+| 1 = @property_getter
+| 2 = @property_setter
+| 3 = @jsx_attribute
+| 4 = @function_call_signature
+| 5 = @constructor_call_signature
+| 6 = @index_signature
+| 7 = @enum_member
+| 8 = @proper_field
+| 9 = @parameter_field
+| 10 = @static_initializer
+;
+
+@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration;
+@property_accessor = @property_getter | @property_setter;
+@call_signature = @function_call_signature | @constructor_call_signature;
+@field = @proper_field | @parameter_field;
+@field_or_vardeclarator = @field | @var_declarator;
+
+is_computed (int id: @property ref);
+is_method   (int id: @property ref);
+is_static   (int id: @property ref);
+is_abstract_member (int id: @property ref);
+is_const_enum (int id: @enum_declaration ref);
+is_abstract_class (int id: @class_decl_stmt ref);
+
+has_public_keyword (int id: @property ref);
+has_private_keyword (int id: @property ref);
+has_protected_keyword (int id: @property ref);
+has_readonly_keyword (int id: @property ref);
+has_type_keyword (int id: @type_keyword_operand ref);
+is_optional_member (int id: @property ref);
+has_definite_assignment_assertion (int id: @field_or_vardeclarator ref);
+is_optional_parameter_declaration (unique int parameter: @pattern ref);
+
+#keyset[constructor, param_index]
+parameter_fields(
+  unique int field: @parameter_field ref,
+  int constructor: @function_expr ref,
+  int param_index: int ref
+);
+
+// types
+#keyset[parent, idx]
+typeexprs (
+  unique int id: @typeexpr,
+  int kind: int ref,
+  int parent: @typeexpr_parent ref,
+  int idx: int ref,
+  varchar(900) tostring: string ref
+);
+
+case @typeexpr.kind of
+  0 = @local_type_access
+| 1 = @type_decl
+| 2 = @keyword_typeexpr
+| 3 = @string_literal_typeexpr
+| 4 = @number_literal_typeexpr
+| 5 = @boolean_literal_typeexpr
+| 6 = @array_typeexpr
+| 7 = @union_typeexpr
+| 8 = @indexed_access_typeexpr
+| 9 = @intersection_typeexpr
+| 10 = @parenthesized_typeexpr
+| 11 = @tuple_typeexpr
+| 12 = @keyof_typeexpr
+| 13 = @qualified_type_access
+| 14 = @generic_typeexpr
+| 15 = @type_label
+| 16 = @typeof_typeexpr
+| 17 = @local_var_type_access
+| 18 = @qualified_var_type_access
+| 19 = @this_var_type_access
+| 20 = @predicate_typeexpr
+| 21 = @interface_typeexpr
+| 22 = @type_parameter
+| 23 = @plain_function_typeexpr
+| 24 = @constructor_typeexpr
+| 25 = @local_namespace_access
+| 26 = @qualified_namespace_access
+| 27 = @mapped_typeexpr
+| 28 = @conditional_typeexpr
+| 29 = @infer_typeexpr
+| 30 = @import_type_access
+| 31 = @import_namespace_access
+| 32 = @import_var_type_access
+| 33 = @optional_typeexpr
+| 34 = @rest_typeexpr
+| 35 = @bigint_literal_typeexpr
+| 36 = @readonly_typeexpr
+| 37 = @template_literal_typeexpr
+;
+
+@typeref = @typeaccess | @type_decl;
+@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access;
+@typeexpr_parent = @expr | @stmt | @property | @typeexpr;
+@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr;
+@typeaccess = @local_type_access | @qualified_type_access | @import_type_access;
+@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access;
+@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access;
+@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access;
+
+@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr;
+
+// types
+types (
+  unique int id: @type,
+  int kind: int ref,
+  varchar(900) tostring: string ref
+);
+
+#keyset[parent, idx]
+type_child (
+  int child: @type ref,
+  int parent: @type ref,
+  int idx: int ref
+);
+
+case @type.kind of
+  0 = @any_type
+| 1 = @string_type
+| 2 = @number_type
+| 3 = @union_type
+| 4 = @true_type
+| 5 = @false_type
+| 6 = @type_reference
+| 7 = @object_type
+| 8 = @canonical_type_variable_type
+| 9 = @typeof_type
+| 10 = @void_type
+| 11 = @undefined_type
+| 12 = @null_type
+| 13 = @never_type
+| 14 = @plain_symbol_type
+| 15 = @unique_symbol_type
+| 16 = @objectkeyword_type
+| 17 = @intersection_type
+| 18 = @tuple_type
+| 19 = @lexical_type_variable_type
+| 20 = @this_type
+| 21 = @number_literal_type
+| 22 = @string_literal_type
+| 23 = @unknown_type
+| 24 = @bigint_type
+| 25 = @bigint_literal_type
+;
+
+@boolean_literal_type = @true_type | @false_type;
+@symbol_type = @plain_symbol_type | @unique_symbol_type;
+@union_or_intersection_type = @union_type | @intersection_type;
+@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type;
+
+has_asserts_keyword(int node: @predicate_typeexpr ref);
+
+@typed_ast_node = @expr | @typeexpr | @function;
+ast_node_type(
+  unique int node: @typed_ast_node ref,
+  int typ: @type ref);
+
+declared_function_signature(
+  unique int node: @function ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_signature(
+  unique int node: @invokeexpr ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_overload_index(
+  unique int node: @invokeexpr ref,
+  int index: int ref
+);
+
+symbols (
+  unique int id: @symbol,
+  int kind: int ref,
+  varchar(900) name: string ref
+);
+
+symbol_parent (
+  unique int symbol: @symbol ref,
+  int parent: @symbol ref
+);
+
+symbol_module (
+  int symbol: @symbol ref,
+  varchar(900) moduleName: string ref
+);
+
+symbol_global (
+  int symbol: @symbol ref,
+  varchar(900) globalName: string ref
+);
+
+case @symbol.kind of
+  0 = @root_symbol
+| 1 = @member_symbol
+| 2 = @other_symbol
+;
+
+@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type;
+@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration;
+
+ast_node_symbol(
+  unique int node: @ast_node_with_symbol ref,
+  int symbol: @symbol ref);
+
+type_symbol(
+  unique int typ: @type_with_symbol ref,
+  int symbol: @symbol ref);
+
+#keyset[typ, name]
+type_property(
+  int typ: @type ref,
+  varchar(900) name: string ref,
+  int propertyType: @type ref);
+
+type_alias(
+  unique int aliasType: @type ref,
+  int underlyingType: @type ref);
+
+@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type;
+@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type;
+type_literal_value(
+  unique int typ: @type_with_literal_value ref,
+  varchar(900) value: string ref);
+
+signature_types (
+  unique int id: @signature_type,
+  int kind: int ref,
+  varchar(900) tostring: string ref,
+  int type_parameters: int ref,
+  int required_params: int ref
+);
+
+is_abstract_signature(
+  unique int sig: @signature_type ref
+);
+
+signature_rest_parameter(
+  unique int sig: @signature_type ref,
+  int rest_param_arra_type: @type ref
+);
+
+case @signature_type.kind of
+  0 = @function_signature_type
+| 1 = @constructor_signature_type
+;
+
+#keyset[typ, kind, index]
+type_contains_signature (
+  int typ: @type ref,
+  int kind: int ref,  // constructor/call/index
+  int index: int ref, // ordering of overloaded signatures
+  int sig: @signature_type ref
+);
+
+#keyset[parent, index]
+signature_contains_type (
+  int child: @type ref,
+  int parent: @signature_type ref,
+  int index: int ref
+);
+
+#keyset[sig, index]
+signature_parameter_name (
+  int sig: @signature_type ref,
+  int index: int ref,
+  varchar(900) name: string ref
+);
+
+number_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+string_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+base_type_names(
+  int typeName: @symbol ref,
+  int baseTypeName: @symbol ref
+);
+
+self_types(
+  int typeName: @symbol ref,
+  int selfType: @type_reference ref
+);
+
+tuple_type_min_length(
+  unique int typ: @type ref,
+  int minLength: int ref
+);
+
+tuple_type_rest_index(
+  unique int typ: @type ref,
+  int index: int ref
+);
+
+// comments
+comments (unique int id: @comment,
+          int kind: int ref,
+          int toplevel: @toplevel ref,
+          varchar(900) text: string ref,
+          varchar(900) tostring: string ref);
+
+case @comment.kind of
+  0 = @slashslash_comment
+| 1 = @slashstar_comment
+| 2 = @doc_comment
+| 3 = @html_comment_start
+| 4 = @htmlcommentend;
+
+@html_comment = @html_comment_start | @htmlcommentend;
+@line_comment = @slashslash_comment | @html_comment;
+@block_comment = @slashstar_comment | @doc_comment;
+
+// source lines
+lines (unique int id: @line,
+       int toplevel: @toplevel ref,
+       varchar(900) text: string ref,
+       varchar(2) terminator: string ref);
+indentation (int file: @file ref,
+            int lineno: int ref,
+            varchar(1) indentChar: string ref,
+            int indentDepth: int ref);
+
+// JavaScript parse errors
+js_parse_errors (unique int id: @js_parse_error,
+        int toplevel: @toplevel ref,
+        varchar(900) message: string ref,
+        varchar(900) line: string ref);
+
+// regular expressions
+#keyset[parent, idx]
+regexpterm (unique int id: @regexpterm,
+        int kind: int ref,
+        int parent: @regexpparent ref,
+        int idx: int ref,
+        varchar(900) tostring: string ref);
+
+@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr;
+
+case @regexpterm.kind of
+   0 = @regexp_alt
+|  1 = @regexp_seq
+|  2 = @regexp_caret
+|  3 = @regexp_dollar
+|  4 = @regexp_wordboundary
+|  5 = @regexp_nonwordboundary
+|  6 = @regexp_positive_lookahead
+|  7 = @regexp_negative_lookahead
+|  8 = @regexp_star
+|  9 = @regexp_plus
+| 10 = @regexp_opt
+| 11 = @regexp_range
+| 12 = @regexp_dot
+| 13 = @regexp_group
+| 14 = @regexp_normal_constant
+| 15 = @regexp_hex_escape
+| 16 = @regexp_unicode_escape
+| 17 = @regexp_dec_escape
+| 18 = @regexp_oct_escape
+| 19 = @regexp_ctrl_escape
+| 20 = @regexp_char_class_escape
+| 21 = @regexp_id_escape
+| 22 = @regexp_backref
+| 23 = @regexp_char_class
+| 24 = @regexp_char_range
+| 25 = @regexp_positive_lookbehind
+| 26 = @regexp_negative_lookbehind
+| 27 = @regexp_unicode_property_escape;
+
+regexp_parse_errors (unique int id: @regexp_parse_error,
+    int regexp: @regexpterm ref,
+    varchar(900) message: string ref);
+
+@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range;
+@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape;
+@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape;
+@regexp_constant = @regexp_normal_constant | @regexp_char_escape;
+@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead;
+@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind;
+@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind;
+@regexp_anchor = @regexp_dollar | @regexp_caret;
+
+is_greedy (int id: @regexp_quantifier ref);
+range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref);
+range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref);
+is_capture (unique int id: @regexp_group ref, int number: int ref);
+is_named_capture (unique int id: @regexp_group ref, string name: string ref);
+is_inverted (int id: @regexp_char_class ref);
+regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref);
+char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref);
+backref (unique int id: @regexp_backref ref, int value: int ref);
+named_backref (unique int id: @regexp_backref ref, string name: string ref);
+unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref);
+unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref);
+
+// tokens
+#keyset[toplevel, idx]
+tokeninfo (unique int id: @token,
+    int kind: int ref,
+    int toplevel: @toplevel ref,
+    int idx: int ref,
+    varchar(900) value: string ref);
+
+case @token.kind of
+  0 = @token_eof
+| 1 = @token_null_literal
+| 2 = @token_boolean_literal
+| 3 = @token_numeric_literal
+| 4 = @token_string_literal
+| 5 = @token_regular_expression
+| 6 = @token_identifier
+| 7 = @token_keyword
+| 8 = @token_punctuator;
+
+// associate comments with the token immediately following them (which may be EOF)
+next_token (int comment: @comment ref, int token: @token ref);
+
+// JSON
+#keyset[parent, idx]
+json (unique int id: @json_value,
+      int kind: int ref,
+      int parent: @json_parent ref,
+      int idx: int ref,
+      varchar(900) tostring: string ref);
+
+json_literals (varchar(900) value: string ref,
+      varchar(900) raw: string ref,
+      unique int expr: @json_value ref);
+
+json_properties (int obj: @json_object ref,
+      varchar(900) property: string ref,
+      int value: @json_value ref);
+
+json_errors (unique int id: @json_parse_error,
+      varchar(900) message: string ref);
+
+json_locations(unique int locatable: @json_locatable ref,
+      int location: @location_default ref);
+
+case @json_value.kind of
+  0 = @json_null
+| 1 = @json_boolean
+| 2 = @json_number
+| 3 = @json_string
+| 4 = @json_array
+| 5 = @json_object;
+
+@json_parent = @json_object | @json_array | @file;
+
+@json_locatable = @json_value | @json_parse_error;
+
+// locations
+@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr;
+
+@locatable = @file
+    | @ast_node
+    | @comment
+    | @line
+    | @js_parse_error | @regexp_parse_error
+    | @regexpterm
+    | @json_locatable
+    | @token
+    | @cfg_node
+    | @jsdoc | @jsdoc_type_expr | @jsdoc_tag
+    | @yaml_locatable
+    | @xmllocatable
+    | @configLocatable
+    | @template_placeholder_tag;
+
+hasLocation (unique int locatable: @locatable ref,
+    int location: @location ref);
+
+// CFG
+entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref);
+exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref);
+guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref);
+case @guard_node.kind of
+  0 = @falsy_guard
+| 1 = @truthy_guard;
+@condition_guard = @falsy_guard | @truthy_guard;
+
+@synthetic_cfg_node = @entry_node | @exit_node | @guard_node;
+@cfg_node = @synthetic_cfg_node | @expr_parent;
+
+successor (int pred: @cfg_node ref, int succ: @cfg_node ref);
+
+// JSDoc comments
+jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref);
+#keyset[parent, idx]
+jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref,
+            int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref);
+jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+
+#keyset[parent, idx]
+jsdoc_type_exprs (unique int id: @jsdoc_type_expr,
+                  int kind: int ref,
+                  int parent: @jsdoc_type_expr_parent ref,
+                  int idx: int ref,
+                  varchar(900) tostring: string ref);
+case @jsdoc_type_expr.kind of
+    0 = @jsdoc_any_type_expr
+|   1 = @jsdoc_null_type_expr
+|   2 = @jsdoc_undefined_type_expr
+|   3 = @jsdoc_unknown_type_expr
+|   4 = @jsdoc_void_type_expr
+|   5 = @jsdoc_named_type_expr
+|   6 = @jsdoc_applied_type_expr
+|   7 = @jsdoc_nullable_type_expr
+|   8 = @jsdoc_non_nullable_type_expr
+|   9 = @jsdoc_record_type_expr
+|  10 = @jsdoc_array_type_expr
+|  11 = @jsdoc_union_type_expr
+|  12 = @jsdoc_function_type_expr
+|  13 = @jsdoc_optional_type_expr
+|  14 = @jsdoc_rest_type_expr
+;
+
+#keyset[id, idx]
+jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref);
+jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref);
+jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref);
+
+@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag;
+
+jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref);
+
+// YAML
+#keyset[parent, idx]
+yaml (unique int id: @yaml_node,
+      int kind: int ref,
+      int parent: @yaml_node_parent ref,
+      int idx: int ref,
+      varchar(900) tag: string ref,
+      varchar(900) tostring: string ref);
+
+case @yaml_node.kind of
+  0 = @yaml_scalar_node
+| 1 = @yaml_mapping_node
+| 2 = @yaml_sequence_node
+| 3 = @yaml_alias_node
+;
+
+@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node;
+
+@yaml_node_parent = @yaml_collection_node | @file;
+
+yaml_anchors (unique int node: @yaml_node ref,
+              varchar(900) anchor: string ref);
+
+yaml_aliases (unique int alias: @yaml_alias_node ref,
+              varchar(900) target: string ref);
+
+yaml_scalars (unique int scalar: @yaml_scalar_node ref,
+              int style: int ref,
+              varchar(900) value: string ref);
+
+yaml_errors (unique int id: @yaml_error,
+             varchar(900) message: string ref);
+
+yaml_locations(unique int locatable: @yaml_locatable ref,
+             int location: @location_default ref);
+
+@yaml_locatable = @yaml_node | @yaml_error;
+
+/* XML Files */
+
+xmlEncoding(
+  unique int id: @file ref,
+  varchar(900) encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  varchar(900) root: string ref,
+  varchar(900) publicId: string ref,
+  varchar(900) systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  varchar(900) name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  varchar(900) name: string ref,
+  varchar(3600) value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  varchar(900) prefixName: string ref,
+  varchar(900) URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property;
+
+@optionalchainable = @call_expr | @propaccess;
+
+isOptionalChaining(int id: @optionalchainable ref);
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+/**
+ * The time taken for the extraction of a file.
+ * This table contains non-deterministic content.
+ *
+ * The sum of the `time` column for each (`file`, `timerKind`) pair
+ * is the total time taken for extraction of `file`.  The `extractionPhase`
+ * column provides a granular view of the extraction time of the file.
+ */
+extraction_time(
+   int file : @file ref,
+   // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`.
+   int extractionPhase: int ref,
+   // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds
+   int timerKind: int ref,
+   float time: float ref
+)
+
+/**
+ * Non-timing related data for the extraction of a single file.
+ * This table contains non-deterministic content.
+ */
+extraction_data(
+   int file : @file ref,
+   // the absolute path to the cache file
+   varchar(900) cacheFile: string ref,
+   boolean fromCache: boolean ref,
+   int length: int ref
+)
diff --git a/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties
new file mode 100644
index 00000000000..476d9aba57e
--- /dev/null
+++ b/javascript/downgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties
@@ -0,0 +1,2 @@
+description: add support for TypeScript 4.9
+compatibility: backwards
diff --git a/javascript/extractor/README.md b/javascript/extractor/README.md
index e9495dd21ec..cf26d9db784 100644
--- a/javascript/extractor/README.md
+++ b/javascript/extractor/README.md
@@ -2,8 +2,8 @@
 
 This directory contains the source code of the JavaScript extractor. The extractor depends on various libraries that are not currently bundled with the source code, so at present it cannot be built in isolation.
 
-The extractor consists of a parser for the latest version of ECMAScript, including a few proposed and historic extensions (see `src/com/semmle/jcorn`), classes for representing JavaScript and TypeScript ASTs (`src/com/semmle/js/ast` and `src/com/semmle/ts/ast`), and various other bits of functionality. Historically, the main entry point of the JavaScript extractor has been `com.semmle.js.extractor.Main`. However, this class is slowly being phased out in favour of `com.semmle.js.extractor.AutoBuild`, which is the entry point used by LGTM.
+The extractor consists of a parser for the latest version of ECMAScript, including a few proposed and historic extensions (see `src/com/semmle/jcorn`), classes for representing JavaScript and TypeScript ASTs (`src/com/semmle/js/ast` and `src/com/semmle/ts/ast`), and various other bits of functionality. Historically, the main entry point of the JavaScript extractor has been `com.semmle.js.extractor.Main`. However, this class is slowly being phased out in favour of `com.semmle.js.extractor.AutoBuild`, which is the entry point used by CodeQL.
 
 ## License
 
-Like the LGTM queries, the JavaScript extractor is licensed under [Apache License 2.0](LICENSE) by [GitHub](https://github.com). Some code is derived from other projects, whose licenses are noted in other `LICENSE-*.md` files in this folder.
+Like the CodeQL queries, the JavaScript extractor is licensed under [Apache License 2.0](LICENSE) by [GitHub](https://github.com). Some code is derived from other projects, whose licenses are noted in other `LICENSE-*.md` files in this folder.
diff --git a/javascript/extractor/lib/typescript/package.json b/javascript/extractor/lib/typescript/package.json
index 2fbc09e8d9e..87c37660479 100644
--- a/javascript/extractor/lib/typescript/package.json
+++ b/javascript/extractor/lib/typescript/package.json
@@ -2,7 +2,7 @@
     "name": "typescript-parser-wrapper",
     "private": true,
     "dependencies": {
-        "typescript": "4.8.2"
+        "typescript": "4.9.3"
     },
     "scripts": {
         "build": "tsc --project tsconfig.json",
diff --git a/javascript/extractor/lib/typescript/src/ast_extractor.ts b/javascript/extractor/lib/typescript/src/ast_extractor.ts
index b935294feb6..e462797867b 100644
--- a/javascript/extractor/lib/typescript/src/ast_extractor.ts
+++ b/javascript/extractor/lib/typescript/src/ast_extractor.ts
@@ -317,6 +317,7 @@ function isTypedNode(node: ts.Node): boolean {
         case ts.SyntaxKind.ArrayLiteralExpression:
         case ts.SyntaxKind.ArrowFunction:
         case ts.SyntaxKind.AsExpression:
+        case ts.SyntaxKind.SatisfiesExpression:
         case ts.SyntaxKind.AwaitExpression:
         case ts.SyntaxKind.BinaryExpression:
         case ts.SyntaxKind.CallExpression:
diff --git a/javascript/extractor/lib/typescript/yarn.lock b/javascript/extractor/lib/typescript/yarn.lock
index 05fb731c9e4..03b6581fadb 100644
--- a/javascript/extractor/lib/typescript/yarn.lock
+++ b/javascript/extractor/lib/typescript/yarn.lock
@@ -6,7 +6,7 @@
   version "12.7.11"
   resolved node-12.7.11.tgz#be879b52031cfb5d295b047f5462d8ef1a716446
 
-typescript@4.8.2:
-  version "4.8.2"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.8.2.tgz#e3b33d5ccfb5914e4eeab6699cf208adee3fd790"
-  integrity sha512-C0I1UsrrDHo2fYI5oaCGbSejwX4ch+9Y5jTQELvovfmFkK3HHSZJB8MSJcWLmCUBzQBchCrZ9rMRV6GuNrvGtw==
+typescript@4.9.3:
+  version "4.9.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.3.tgz#3aea307c1746b8c384435d8ac36b8a2e580d85db"
+  integrity sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==
diff --git a/javascript/extractor/src/com/semmle/js/ast/DefaultVisitor.java b/javascript/extractor/src/com/semmle/js/ast/DefaultVisitor.java
index c450fdd0468..cf57a3ead18 100644
--- a/javascript/extractor/src/com/semmle/js/ast/DefaultVisitor.java
+++ b/javascript/extractor/src/com/semmle/js/ast/DefaultVisitor.java
@@ -47,6 +47,7 @@ import com.semmle.ts.ast.TemplateLiteralTypeExpr;
 import com.semmle.ts.ast.TupleTypeExpr;
 import com.semmle.ts.ast.TypeAliasDeclaration;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.ts.ast.TypeExpression;
 import com.semmle.ts.ast.TypeParameter;
 import com.semmle.ts.ast.TypeofTypeExpr;
@@ -683,6 +684,11 @@ public class DefaultVisitor<C, R> implements Visitor<C, R> {
     return visit((Expression) nd, c);
   }
 
+  @Override
+  public R visit(SatisfiesExpr nd, C c) {
+    return visit((Expression) nd, c);
+  }
+
   @Override
   public R visit(MappedTypeExpr nd, C c) {
     return visit((TypeExpression) nd, c);
diff --git a/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java b/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java
index 83a37e11534..aeea1b79cbc 100644
--- a/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java
+++ b/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java
@@ -46,6 +46,7 @@ import com.semmle.ts.ast.TemplateLiteralTypeExpr;
 import com.semmle.ts.ast.TupleTypeExpr;
 import com.semmle.ts.ast.TypeAliasDeclaration;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.ts.ast.TypeParameter;
 import com.semmle.ts.ast.TypeofTypeExpr;
 import com.semmle.ts.ast.UnaryTypeExpr;
@@ -782,6 +783,14 @@ public class NodeCopier implements Visitor<Void, INode> {
         nd.isAsExpression());
   }
 
+  @Override
+  public INode visit(SatisfiesExpr nd, Void c) {
+    return new SatisfiesExpr(
+        visit(nd.getLoc()),
+        copy(nd.getExpression()),
+        copy(nd.getTypeAnnotation()));
+  }
+
   @Override
   public INode visit(MappedTypeExpr nd, Void c) {
     return new MappedTypeExpr(
diff --git a/javascript/extractor/src/com/semmle/js/ast/Visitor.java b/javascript/extractor/src/com/semmle/js/ast/Visitor.java
index 3d595b981b8..e748e9b5a36 100644
--- a/javascript/extractor/src/com/semmle/js/ast/Visitor.java
+++ b/javascript/extractor/src/com/semmle/js/ast/Visitor.java
@@ -43,6 +43,7 @@ import com.semmle.ts.ast.TemplateLiteralTypeExpr;
 import com.semmle.ts.ast.TupleTypeExpr;
 import com.semmle.ts.ast.TypeAliasDeclaration;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.ts.ast.TypeParameter;
 import com.semmle.ts.ast.TypeofTypeExpr;
 import com.semmle.ts.ast.UnaryTypeExpr;
@@ -276,6 +277,8 @@ public interface Visitor<C, R> {
 
   public R visit(TypeAssertion nd, C c);
 
+  public R visit(SatisfiesExpr nd, C c);
+
   public R visit(MappedTypeExpr nd, C c);
 
   public R visit(TypeAliasDeclaration nd, C c);
diff --git a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java
index 1f322935b56..0a85e1e87f0 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java
@@ -154,6 +154,7 @@ import com.semmle.ts.ast.TemplateLiteralTypeExpr;
 import com.semmle.ts.ast.TupleTypeExpr;
 import com.semmle.ts.ast.TypeAliasDeclaration;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.ts.ast.TypeExpression;
 import com.semmle.ts.ast.TypeParameter;
 import com.semmle.ts.ast.TypeofTypeExpr;
@@ -2111,6 +2112,14 @@ public class ASTExtractor {
       return key;
     }
 
+    @Override
+    public Label visit(SatisfiesExpr nd, Context c) {
+      Label key = super.visit(nd, c);
+      visit(nd.getExpression(), key, 0);
+      visit(nd.getTypeAnnotation(), key, 1, IdContext.TYPE_BIND);
+      return key;
+    }
+
     @Override
     public Label visit(MappedTypeExpr nd, Context c) {
       Label key = super.visit(nd, c);
diff --git a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
index 101b8094fdd..bf5b4e8cb03 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
@@ -52,6 +52,7 @@ import com.semmle.util.exception.ResourceError;
 import com.semmle.util.exception.UserError;
 import com.semmle.util.extraction.ExtractorOutputConfig;
 import com.semmle.util.files.FileUtil;
+import com.semmle.util.files.FileUtil8;
 import com.semmle.util.io.WholeIO;
 import com.semmle.util.io.csv.CSVReader;
 import com.semmle.util.language.LegacyLanguage;
@@ -141,7 +142,7 @@ import com.semmle.util.trap.TrapWriter;
  *   <li>All JavaScript files, that is, files with one of the extensions supported by {@link
  *       FileType#JS} (currently ".js", ".jsx", ".mjs", ".cjs", ".es6", ".es").
  *   <li>All HTML files, that is, files with with one of the extensions supported by {@link
- *       FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue").
+ *       FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue", ".html.erb").
  *   <li>All YAML files, that is, files with one of the extensions supported by {@link
  *       FileType#YAML} (currently ".raml", ".yaml", ".yml").
  *   <li>Files with base name "package.json" or "tsconfig.json", and files whose base name
@@ -433,23 +434,41 @@ public class AutoBuild {
     return true;
   }
 
+  /**
+   * Returns whether the autobuilder has seen code. 
+   * This is overridden in tests. 
+   */
+  protected boolean hasSeenCode() {
+    return seenCode;
+  }
+
   /** Perform extraction. */
   public int run() throws IOException {
     startThreadPool();
     try {
-      extractSource();
-      extractExterns();
+      CompletableFuture<?> sourceFuture = extractSource();
+      sourceFuture.join(); // wait for source extraction to complete
+      if (hasSeenCode()) { // don't bother with the externs if no code was seen
+        extractExterns();
+      }
       extractXml();
     } finally {
       shutdownThreadPool();
     }
-    if (!seenCode) {
+    if (!hasSeenCode()) {
       if (seenFiles) {
         warn("Only found JavaScript or TypeScript files that were empty or contained syntax errors.");
       } else {
         warn("No JavaScript or TypeScript code found.");
       }
-      return -1;
+      // ensuring that the finalize steps detects that no code was seen. 
+      Path srcFolder = Paths.get(EnvironmentVariables.getWipDatabase(), "src");
+      // check that the srcFolder is empty
+      if (Files.list(srcFolder).count() == 0) {
+        // Non-recursive delete because "src/" should be empty.
+        FileUtil8.delete(srcFolder);
+      }
+      return 0;
     }
     return 0;
   }
@@ -571,7 +590,7 @@ public class AutoBuild {
   }
 
   /** Extract all supported candidate files that pass the filters. */
-  private void extractSource() throws IOException {
+  private CompletableFuture<?> extractSource() throws IOException {
     // default extractor
     FileExtractor defaultExtractor =
         new FileExtractor(mkExtractorConfig(), outputConfig, trapCache);
@@ -618,7 +637,7 @@ public class AutoBuild {
     boolean hasTypeScriptFiles = extractedFiles.size() > 0;
 
     // extract remaining files
-    extractFiles(
+    return extractFiles(
         filesToExtract, extractedFiles, extractors,
         f -> !(hasTypeScriptFiles && isFileDerivedFromTypeScriptFile(f, extractedFiles)));
   }
diff --git a/javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java
index fa8452c0b43..5dee9b9f099 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java
@@ -105,6 +105,7 @@ import com.semmle.ts.ast.ImportWholeDeclaration;
 import com.semmle.ts.ast.NamespaceDeclaration;
 import com.semmle.ts.ast.NonNullAssertion;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.util.collections.CollectionUtil;
 import com.semmle.util.data.Pair;
 import com.semmle.util.trap.TrapWriter;
@@ -474,6 +475,11 @@ public class CFGExtractor {
       return nd.getExpression().accept(this, c);
     }
 
+    @Override
+    public Node visit(SatisfiesExpr nd, Void c) {
+      return nd.getExpression().accept(this, c);
+    }
+
     @Override
     public Node visit(NonNullAssertion nd, Void c) {
       return nd.getExpression().accept(this, c);
@@ -2028,6 +2034,13 @@ public class CFGExtractor {
       return null;
     }
 
+    @Override
+    public Void visit(SatisfiesExpr nd, SuccessorInfo c) {
+      visitSequence(nd.getExpression(), nd);
+      writeSuccessors(nd, c.getAllSuccessors());
+      return null;
+    }
+
     @Override
     public Void visit(NonNullAssertion nd, SuccessorInfo c) {
       visitSequence(nd.getExpression(), nd);
diff --git a/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java b/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java
index 9bb5ae766af..17125a9173a 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java
@@ -34,6 +34,7 @@ import com.semmle.js.extractor.ASTExtractor.IdContext;
 import com.semmle.ts.ast.DecoratorList;
 import com.semmle.ts.ast.ExpressionWithTypeArguments;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.util.exception.CatastrophicError;
 
 /** Map from SpiderMonkey expression types to the numeric kinds used in the DB scheme. */
@@ -283,6 +284,11 @@ public class ExprKinds {
                 return nd.isAsExpression() ? 102 : 101;
               }
 
+              @Override
+              public Integer visit(SatisfiesExpr nd, Void c) {
+                return 121;
+              }
+
               @Override
               public Integer visit(DecoratorList nd, Void c) {
                 return 104;
diff --git a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java
index 42a41776916..45bd48bf408 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java
@@ -104,7 +104,7 @@ public class FileExtractor {
 
   /** Information about supported file types. */
   public static enum FileType {
-    HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk") {
+    HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".html.erb") {
       @Override
       public IExtractor mkExtractor(ExtractorConfig config, ExtractorState state) {
         return new HTMLExtractor(config, state);
diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java
index d03b345af59..69503631c04 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/Main.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java
@@ -41,7 +41,7 @@ public class Main {
    * A version identifier that should be updated every time the extractor changes in such a way that
    * it may produce different tuples for the same file under the same {@link ExtractorConfig}.
    */
-  public static final String EXTRACTOR_VERSION = "2022-11-08";
+  public static final String EXTRACTOR_VERSION = "2022-11-29";
 
   public static final Pattern NEWLINE = Pattern.compile("\n");
 
diff --git a/javascript/extractor/src/com/semmle/js/extractor/TypeExprKinds.java b/javascript/extractor/src/com/semmle/js/extractor/TypeExprKinds.java
index a1c7b219a8a..82d4e4319c8 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/TypeExprKinds.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/TypeExprKinds.java
@@ -10,6 +10,7 @@ import com.semmle.js.ast.TemplateElement;
 import com.semmle.js.extractor.ASTExtractor.IdContext;
 import com.semmle.ts.ast.ArrayTypeExpr;
 import com.semmle.ts.ast.ConditionalTypeExpr;
+import com.semmle.js.ast.DynamicImport;
 import com.semmle.ts.ast.FunctionTypeExpr;
 import com.semmle.ts.ast.GenericTypeExpr;
 import com.semmle.ts.ast.ImportTypeExpr;
@@ -221,8 +222,7 @@ public class TypeExprKinds {
                 return inferTypeExpr;
               }
 
-              @Override
-              public Integer visit(ImportTypeExpr nd, Void c) {
+              private Integer handleInlineImport() {
                 switch (idcontext) {
                   case NAMESPACE_BIND:
                     return importNamespaceAccess;
@@ -235,6 +235,17 @@ public class TypeExprKinds {
                 }
               }
 
+              @Override
+              public Integer visit(ImportTypeExpr nd, Void c) {
+                return handleInlineImport();
+              }
+
+              @Override
+              public Integer visit(DynamicImport nd, Void c) {
+                // These may appear in interface 'extend' clauses
+                return handleInlineImport();
+              }
+
               @Override
               public Integer visit(OptionalTypeExpr nd, Void c) {
                 return optionalTypeExpr;
diff --git a/javascript/extractor/src/com/semmle/js/extractor/test/AutoBuildTests.java b/javascript/extractor/src/com/semmle/js/extractor/test/AutoBuildTests.java
index d472353067e..7c60a05d33f 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/test/AutoBuildTests.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/test/AutoBuildTests.java
@@ -119,6 +119,11 @@ public class AutoBuildTests {
           return CompletableFuture.completedFuture(null);
         }
 
+        @Override
+        protected boolean hasSeenCode() {
+          return true;
+        }
+
         @Override
         public void verifyTypeScriptInstallation(ExtractorState state) {}
 
diff --git a/javascript/extractor/src/com/semmle/ts/ast/SatisfiesExpr.java b/javascript/extractor/src/com/semmle/ts/ast/SatisfiesExpr.java
new file mode 100644
index 00000000000..9ca1d575a68
--- /dev/null
+++ b/javascript/extractor/src/com/semmle/ts/ast/SatisfiesExpr.java
@@ -0,0 +1,33 @@
+package com.semmle.ts.ast;
+
+import com.semmle.js.ast.Expression;
+import com.semmle.js.ast.SourceLocation;
+import com.semmle.js.ast.Visitor;
+
+/** An expression of form <code>E satisfies T</code>. */
+public class SatisfiesExpr extends Expression {
+  private final Expression expression;
+  private final ITypeExpression typeAnnotation;
+
+  public SatisfiesExpr(
+      SourceLocation loc,
+      Expression expression,
+      ITypeExpression typeAnnotation) {
+    super("SatisfiesExpr", loc);
+    this.expression = expression;
+    this.typeAnnotation = typeAnnotation;
+  }
+
+  public Expression getExpression() {
+    return expression;
+  }
+
+  public ITypeExpression getTypeAnnotation() {
+    return typeAnnotation;
+  }
+
+  @Override
+  public <C, R> R accept(Visitor<C, R> v, C c) {
+    return v.visit(this, c);
+  }
+}
diff --git a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java
index 1cb1913ee75..cc748054923 100644
--- a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java
+++ b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java
@@ -149,6 +149,7 @@ import com.semmle.ts.ast.TemplateLiteralTypeExpr;
 import com.semmle.ts.ast.TupleTypeExpr;
 import com.semmle.ts.ast.TypeAliasDeclaration;
 import com.semmle.ts.ast.TypeAssertion;
+import com.semmle.ts.ast.SatisfiesExpr;
 import com.semmle.ts.ast.TypeParameter;
 import com.semmle.ts.ast.TypeofTypeExpr;
 import com.semmle.ts.ast.UnaryTypeExpr;
@@ -341,6 +342,8 @@ public class TypeScriptASTConverter {
         return convertArrowFunction(node, loc);
       case "AsExpression":
         return convertTypeAssertionExpression(node, loc);
+      case "SatisfiesExpression": 
+        return convertSatisfiesExpression(node, loc);
       case "AwaitExpression":
         return convertAwaitExpression(node, loc);
       case "BigIntKeyword":
@@ -2273,6 +2276,11 @@ public class TypeScriptASTConverter {
     return new TypeAssertion(loc, convertChild(node, "expression"), type, false);
   }
 
+  private Node convertSatisfiesExpression(JsonObject node, SourceLocation loc) throws ParseError {
+    ITypeExpression type = convertChildAsType(node, "type");
+    return new SatisfiesExpr(loc, convertChild(node, "expression"), type);
+  }
+
   private Node convertTypeLiteral(JsonObject obj, SourceLocation loc) throws ParseError {
     return new InterfaceTypeExpr(loc, convertChildren(obj, "members"));
   }
diff --git a/javascript/extractor/tests/ts/input/dynamic-type.ts b/javascript/extractor/tests/ts/input/dynamic-type.ts
new file mode 100644
index 00000000000..2b2f90337a2
--- /dev/null
+++ b/javascript/extractor/tests/ts/input/dynamic-type.ts
@@ -0,0 +1 @@
+interface Foo extends import("foo").Bar {}
diff --git a/javascript/extractor/tests/ts/output/trap/dynamic-type.ts.trap b/javascript/extractor/tests/ts/output/trap/dynamic-type.ts.trap
new file mode 100644
index 00000000000..71410d093cc
--- /dev/null
+++ b/javascript/extractor/tests/ts/output/trap/dynamic-type.ts.trap
@@ -0,0 +1,139 @@
+#10000=@"/dynamic-type.ts;sourcefile"
+files(#10000,"/dynamic-type.ts")
+#10001=@"/;folder"
+folders(#10001,"/")
+containerparent(#10001,#10000)
+#10002=@"loc,{#10000},0,0,0,0"
+locations_default(#10002,#10000,0,0,0,0)
+hasLocation(#10000,#10002)
+#20000=@"global_scope"
+scopes(#20000,0)
+#20001=@"script;{#10000},1,1"
+#20002=*
+lines(#20002,#20001,"interface Foo extends import(""foo"").Bar {}","
+")
+#20003=@"loc,{#10000},1,1,1,42"
+locations_default(#20003,#10000,1,1,1,42)
+hasLocation(#20002,#20003)
+numlines(#20001,1,1,0)
+#20004=*
+tokeninfo(#20004,7,#20001,0,"interface")
+#20005=@"loc,{#10000},1,1,1,9"
+locations_default(#20005,#10000,1,1,1,9)
+hasLocation(#20004,#20005)
+#20006=*
+tokeninfo(#20006,6,#20001,1,"Foo")
+#20007=@"loc,{#10000},1,11,1,13"
+locations_default(#20007,#10000,1,11,1,13)
+hasLocation(#20006,#20007)
+#20008=*
+tokeninfo(#20008,7,#20001,2,"extends")
+#20009=@"loc,{#10000},1,15,1,21"
+locations_default(#20009,#10000,1,15,1,21)
+hasLocation(#20008,#20009)
+#20010=*
+tokeninfo(#20010,7,#20001,3,"import")
+#20011=@"loc,{#10000},1,23,1,28"
+locations_default(#20011,#10000,1,23,1,28)
+hasLocation(#20010,#20011)
+#20012=*
+tokeninfo(#20012,8,#20001,4,"(")
+#20013=@"loc,{#10000},1,29,1,29"
+locations_default(#20013,#10000,1,29,1,29)
+hasLocation(#20012,#20013)
+#20014=*
+tokeninfo(#20014,4,#20001,5,"""foo""")
+#20015=@"loc,{#10000},1,30,1,34"
+locations_default(#20015,#10000,1,30,1,34)
+hasLocation(#20014,#20015)
+#20016=*
+tokeninfo(#20016,8,#20001,6,")")
+#20017=@"loc,{#10000},1,35,1,35"
+locations_default(#20017,#10000,1,35,1,35)
+hasLocation(#20016,#20017)
+#20018=*
+tokeninfo(#20018,8,#20001,7,".")
+#20019=@"loc,{#10000},1,36,1,36"
+locations_default(#20019,#10000,1,36,1,36)
+hasLocation(#20018,#20019)
+#20020=*
+tokeninfo(#20020,6,#20001,8,"Bar")
+#20021=@"loc,{#10000},1,37,1,39"
+locations_default(#20021,#10000,1,37,1,39)
+hasLocation(#20020,#20021)
+#20022=*
+tokeninfo(#20022,8,#20001,9,"{")
+#20023=@"loc,{#10000},1,41,1,41"
+locations_default(#20023,#10000,1,41,1,41)
+hasLocation(#20022,#20023)
+#20024=*
+tokeninfo(#20024,8,#20001,10,"}")
+#20025=@"loc,{#10000},1,42,1,42"
+locations_default(#20025,#10000,1,42,1,42)
+hasLocation(#20024,#20025)
+#20026=*
+tokeninfo(#20026,0,#20001,11,"")
+#20027=@"loc,{#10000},2,1,2,0"
+locations_default(#20027,#10000,2,1,2,0)
+hasLocation(#20026,#20027)
+toplevels(#20001,0)
+#20028=@"loc,{#10000},1,1,2,0"
+locations_default(#20028,#10000,1,1,2,0)
+hasLocation(#20001,#20028)
+#20029=@"local_type_name;{Foo};{#20000}"
+local_type_names(#20029,"Foo",#20000)
+#20030=*
+stmts(#20030,34,#20001,0,"interfa ... .Bar {}")
+hasLocation(#20030,#20003)
+stmt_containers(#20030,#20001)
+#20031=*
+typeexprs(#20031,13,#20030,-1,"import(""foo"").Bar")
+#20032=@"loc,{#10000},1,23,1,39"
+locations_default(#20032,#10000,1,23,1,39)
+hasLocation(#20031,#20032)
+enclosing_stmt(#20031,#20030)
+expr_containers(#20031,#20001)
+#20033=*
+typeexprs(#20033,31,#20031,0,"import(""foo"")")
+#20034=@"loc,{#10000},1,23,1,35"
+locations_default(#20034,#10000,1,23,1,35)
+hasLocation(#20033,#20034)
+enclosing_stmt(#20033,#20030)
+expr_containers(#20033,#20001)
+#20035=*
+exprs(#20035,4,#20033,0,"""foo""")
+hasLocation(#20035,#20015)
+enclosing_stmt(#20035,#20030)
+expr_containers(#20035,#20001)
+literals("foo","""foo""",#20035)
+#20036=*
+regexpterm(#20036,14,#20035,0,"foo")
+#20037=@"loc,{#10000},1,31,1,33"
+locations_default(#20037,#10000,1,31,1,33)
+hasLocation(#20036,#20037)
+regexp_const_value(#20036,"foo")
+#20038=*
+typeexprs(#20038,15,#20031,1,"Bar")
+hasLocation(#20038,#20021)
+enclosing_stmt(#20038,#20030)
+expr_containers(#20038,#20001)
+literals("Bar","Bar",#20038)
+#20039=*
+typeexprs(#20039,1,#20030,0,"Foo")
+hasLocation(#20039,#20007)
+enclosing_stmt(#20039,#20030)
+expr_containers(#20039,#20001)
+literals("Foo","Foo",#20039)
+typedecl(#20039,#20029)
+#20040=*
+entry_cfg_node(#20040,#20001)
+#20041=@"loc,{#10000},1,1,1,0"
+locations_default(#20041,#10000,1,1,1,0)
+hasLocation(#20040,#20041)
+#20042=*
+exit_cfg_node(#20042,#20001)
+hasLocation(#20042,#20027)
+successor(#20030,#20042)
+successor(#20040,#20030)
+numlines(#10000,1,1,0)
+filetype(#10000,"typescript")
diff --git a/javascript/extractor/tests/vue/input/rails.html.erb b/javascript/extractor/tests/vue/input/rails.html.erb
new file mode 100644
index 00000000000..d9df51cf3c0
--- /dev/null
+++ b/javascript/extractor/tests/vue/input/rails.html.erb
@@ -0,0 +1,3 @@
+<script>
+  console.log("FOO");
+</script>
diff --git a/javascript/extractor/tests/vue/output/trap/rails.html.erb.trap b/javascript/extractor/tests/vue/output/trap/rails.html.erb.trap
new file mode 100644
index 00000000000..76af8c5c8d3
--- /dev/null
+++ b/javascript/extractor/tests/vue/output/trap/rails.html.erb.trap
@@ -0,0 +1,137 @@
+#10000=@"/rails.erb;sourcefile"
+files(#10000,"/rails.erb")
+#10001=@"/;folder"
+folders(#10001,"/")
+containerparent(#10001,#10000)
+#10002=@"loc,{#10000},0,0,0,0"
+locations_default(#10002,#10000,0,0,0,0)
+hasLocation(#10000,#10002)
+#20000=@"global_scope"
+scopes(#20000,0)
+#20001=*
+#20002=@"script;{#10000},1,9"
+#20003=*
+lines(#20003,#20002,"","
+")
+#20004=@"loc,{#10000},1,9,1,8"
+locations_default(#20004,#10000,1,9,1,8)
+hasLocation(#20003,#20004)
+#20005=*
+lines(#20005,#20002,"  console.log(""FOO"");","
+")
+#20006=@"loc,{#10000},2,1,2,21"
+locations_default(#20006,#10000,2,1,2,21)
+hasLocation(#20005,#20006)
+indentation(#10000,2," ",2)
+numlines(#20002,2,1,0)
+#20007=*
+tokeninfo(#20007,6,#20002,0,"console")
+#20008=@"loc,{#10000},2,3,2,9"
+locations_default(#20008,#10000,2,3,2,9)
+hasLocation(#20007,#20008)
+#20009=*
+tokeninfo(#20009,8,#20002,1,".")
+#20010=@"loc,{#10000},2,10,2,10"
+locations_default(#20010,#10000,2,10,2,10)
+hasLocation(#20009,#20010)
+#20011=*
+tokeninfo(#20011,6,#20002,2,"log")
+#20012=@"loc,{#10000},2,11,2,13"
+locations_default(#20012,#10000,2,11,2,13)
+hasLocation(#20011,#20012)
+#20013=*
+tokeninfo(#20013,8,#20002,3,"(")
+#20014=@"loc,{#10000},2,14,2,14"
+locations_default(#20014,#10000,2,14,2,14)
+hasLocation(#20013,#20014)
+#20015=*
+tokeninfo(#20015,4,#20002,4,"""FOO""")
+#20016=@"loc,{#10000},2,15,2,19"
+locations_default(#20016,#10000,2,15,2,19)
+hasLocation(#20015,#20016)
+#20017=*
+tokeninfo(#20017,8,#20002,5,")")
+#20018=@"loc,{#10000},2,20,2,20"
+locations_default(#20018,#10000,2,20,2,20)
+hasLocation(#20017,#20018)
+#20019=*
+tokeninfo(#20019,8,#20002,6,";")
+#20020=@"loc,{#10000},2,21,2,21"
+locations_default(#20020,#10000,2,21,2,21)
+hasLocation(#20019,#20020)
+#20021=*
+tokeninfo(#20021,0,#20002,7,"")
+#20022=@"loc,{#10000},3,1,3,0"
+locations_default(#20022,#10000,3,1,3,0)
+hasLocation(#20021,#20022)
+toplevels(#20002,1)
+#20023=@"loc,{#10000},1,9,3,0"
+locations_default(#20023,#10000,1,9,3,0)
+hasLocation(#20002,#20023)
+#20024=*
+stmts(#20024,2,#20002,0,"console.log(""FOO"");")
+#20025=@"loc,{#10000},2,3,2,21"
+locations_default(#20025,#10000,2,3,2,21)
+hasLocation(#20024,#20025)
+stmt_containers(#20024,#20002)
+#20026=*
+exprs(#20026,13,#20024,0,"console.log(""FOO"")")
+#20027=@"loc,{#10000},2,3,2,20"
+locations_default(#20027,#10000,2,3,2,20)
+hasLocation(#20026,#20027)
+enclosing_stmt(#20026,#20024)
+expr_containers(#20026,#20002)
+#20028=*
+exprs(#20028,14,#20026,-1,"console.log")
+#20029=@"loc,{#10000},2,3,2,13"
+locations_default(#20029,#10000,2,3,2,13)
+hasLocation(#20028,#20029)
+enclosing_stmt(#20028,#20024)
+expr_containers(#20028,#20002)
+#20030=*
+exprs(#20030,79,#20028,0,"console")
+hasLocation(#20030,#20008)
+enclosing_stmt(#20030,#20024)
+expr_containers(#20030,#20002)
+literals("console","console",#20030)
+#20031=@"var;{console};{#20000}"
+variables(#20031,"console",#20000)
+bind(#20030,#20031)
+#20032=*
+exprs(#20032,0,#20028,1,"log")
+hasLocation(#20032,#20012)
+enclosing_stmt(#20032,#20024)
+expr_containers(#20032,#20002)
+literals("log","log",#20032)
+#20033=*
+exprs(#20033,4,#20026,0,"""FOO""")
+hasLocation(#20033,#20016)
+enclosing_stmt(#20033,#20024)
+expr_containers(#20033,#20002)
+literals("FOO","""FOO""",#20033)
+#20034=*
+regexpterm(#20034,14,#20033,0,"FOO")
+#20035=@"loc,{#10000},2,16,2,18"
+locations_default(#20035,#10000,2,16,2,18)
+hasLocation(#20034,#20035)
+regexp_const_value(#20034,"FOO")
+#20036=*
+entry_cfg_node(#20036,#20002)
+hasLocation(#20036,#20004)
+#20037=*
+exit_cfg_node(#20037,#20002)
+hasLocation(#20037,#20022)
+successor(#20024,#20030)
+successor(#20033,#20026)
+successor(#20032,#20028)
+successor(#20030,#20032)
+successor(#20028,#20033)
+successor(#20026,#20037)
+successor(#20036,#20024)
+toplevel_parent_xml_node(#20002,#20001)
+xmlElements(#20001,"script",#10000,0,#10000)
+#20038=@"loc,{#10000},1,1,3,9"
+locations_default(#20038,#10000,1,1,3,9)
+xmllocations(#20001,#20038)
+numlines(#10000,3,1,0)
+filetype(#10000,"html")
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/README.md b/javascript/ql/experimental/adaptivethreatmodeling/README.md
index 341534e3fdf..556d9d94e8f 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/README.md
+++ b/javascript/ql/experimental/adaptivethreatmodeling/README.md
@@ -1,6 +1,8 @@
-# [Internal only] Adaptive Threat Modeling for JavaScript
+# Adaptive Threat Modeling for JavaScript
 
 This directory contains CodeQL libraries and queries that power adaptive threat modeling for JavaScript.
 All APIs are experimental and may change in the future.
 
-These queries can only be run by internal users; for external users they will return no results.
+Only internal users can run these queries directly. External users can run these queries when performing
+JavaScript analysis on Code Scanning. For more information, see 
+[Code scanning finds more vulnerabilities using machine learning](https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
index ba555b0de5b..5532c8d4726 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Configures boosting for adaptive threat modeling (ATM).
@@ -6,7 +6,8 @@
 
 private import javascript as JS
 import EndpointTypes
-import EndpointCharacteristics
+import EndpointCharacteristics as EndpointCharacteristics
+import AdaptiveThreatModeling::ATM::ResultsInfo as AtmResultsInfo
 
 /**
  * EXPERIMENTAL. This API may change in the future.
@@ -29,10 +30,23 @@ import EndpointCharacteristics
  * `isAdditionalFlowStep` with a more generalised definition of additional edges. See
  * `NosqlInjectionATM.qll` for an example of doing this.
  */
-abstract class AtmConfig extends string {
+abstract class AtmConfig extends JS::TaintTracking::Configuration {
   bindingset[this]
   AtmConfig() { any() }
 
+  /**
+   * Holds if `source` is a relevant taint source. When sources are not boosted, `isSource` is equivalent to
+   * `isKnownSource` (i.e there are no "effective" sources to be classified by an ML model).
+   */
+  override predicate isSource(JS::DataFlow::Node source) { this.isKnownSource(source) }
+
+  /**
+   * Holds if `sink` is a known taint sink or an "effective" sink (a candidate to be classified by an ML model).
+   */
+  override predicate isSink(JS::DataFlow::Node sink) {
+    this.isKnownSink(sink) or this.isEffectiveSink(sink)
+  }
+
   /**
    * EXPERIMENTAL. This API may change in the future.
    *
@@ -48,9 +62,10 @@ abstract class AtmConfig extends string {
   final predicate isKnownSink(JS::DataFlow::Node sink) {
     // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a
     // known sink for the class.
-    exists(EndpointCharacteristic characteristic |
-      characteristic.getEndpoints(sink) and
-      characteristic.getImplications(this.getASinkEndpointType(), true, 1.0)
+    exists(EndpointCharacteristics::EndpointCharacteristic characteristic |
+      characteristic.appliesToEndpoint(sink) and
+      characteristic
+          .hasImplications(this.getASinkEndpointType(), true, characteristic.maximalConfidence())
     )
   }
 
@@ -68,7 +83,38 @@ abstract class AtmConfig extends string {
    * Holds if the candidate sink `candidateSink` predicted by the machine learning model should be
    * an effective sink, i.e. one considered as a possible sink of flow in the boosted query.
    */
-  predicate isEffectiveSink(JS::DataFlow::Node candidateSink) { none() }
+  predicate isEffectiveSink(JS::DataFlow::Node candidateSink) {
+    not exists(this.getAReasonSinkExcluded(candidateSink))
+  }
+
+  /**
+   * Gets the list of characteristics that cause `candidateSink` to be excluded as an effective sink.
+   */
+  final EndpointCharacteristics::EndpointCharacteristic getAReasonSinkExcluded(
+    JS::DataFlow::Node candidateSink
+  ) {
+    // An endpoint is an effective sink (sink candidate) if none of its characteristics give much indication whether or
+    // not it is a sink. Historically, we used endpoint filters, and scored endpoints that are filtered out neither by
+    // a standard endpoint filter nor by an endpoint filter specific to this sink type. To replicate this behavior, we
+    // have given the endpoint filter characteristics medium confidence, and we exclude endpoints that have a
+    // medium-confidence characteristic that indicates that they are not sinks, either in general or for this sink type.
+    exists(EndpointCharacteristics::EndpointCharacteristic filter, float confidence |
+      filter.appliesToEndpoint(candidateSink) and
+      confidence >= filter.mediumConfidence() and
+      // TODO: Experiment with excluding all endpoints that have a medium- or high-confidence characteristic that
+      // implies they're not sinks, rather than using only medium-confidence characteristics, by deleting the following
+      // line.
+      confidence < filter.highConfidence() and
+      (
+        // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type.
+        filter.hasImplications(any(NegativeType negative), true, confidence)
+        or
+        // Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type.
+        filter.hasImplications(this.getASinkEndpointType(), false, confidence)
+      ) and
+      result = filter
+    )
+  }
 
   /**
    * EXPERIMENTAL. This API may change in the future.
@@ -84,7 +130,7 @@ abstract class AtmConfig extends string {
    * Get an endpoint type for the sinks of this query. A query may have multiple applicable
    * endpoint types for its sinks.
    */
-  EndpointType getASinkEndpointType() { none() }
+  abstract EndpointType getASinkEndpointType();
 
   /**
    * EXPERIMENTAL. This API may change in the future.
@@ -95,6 +141,30 @@ abstract class AtmConfig extends string {
    * A cut-off value of 1 produces all alerts including those that are likely false-positives.
    */
   float getScoreCutoff() { result = 0.0 }
+
+  /**
+   * Holds if there's an ATM alert (a flow path from `source` to `sink` with ML-determined likelihood `score`) according
+   * to this ML-boosted configuration, whereas the unboosted base query does not contain this source and sink
+   * combination.
+   */
+  predicate hasBoostedFlowPath(
+    JS::DataFlow::PathNode source, JS::DataFlow::PathNode sink, float score
+  ) {
+    this.hasFlowPath(source, sink) and
+    not AtmResultsInfo::isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
+    score = AtmResultsInfo::getScoreForFlow(source.getNode(), sink.getNode())
+  }
+
+  /**
+   * Holds if if `sink` is an effective sink with flow from `source` which gets used as a sink candidate for scoring
+   * with the ML model.
+   */
+  predicate isSinkCandidateWithFlow(JS::DataFlow::PathNode sink) {
+    exists(JS::DataFlow::PathNode source |
+      this.hasFlowPath(source, sink) and
+      not AtmResultsInfo::isFlowLikelyInBaseQuery(source.getNode(), sink.getNode())
+    )
+  }
 }
 
 /** DEPRECATED: Alias for AtmConfig */
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll
index 002a5c8fe8e..0168d167509 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Provides information about the results of boosted queries for use in adaptive threat modeling (ATM).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/BaseScoring.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/BaseScoring.qll
index a6787196bbb..fb9b017b84c 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/BaseScoring.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/BaseScoring.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Provides shared scoring functionality for use in adaptive threat modeling (ATM).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
deleted file mode 100644
index e569fb3dc96..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * For internal use only.
- *
- * Provides predicates that expose the knowledge of models
- * in the core CodeQL JavaScript libraries.
- */
-
-private import javascript
-private import semmle.javascript.security.dataflow.XxeCustomizations
-private import semmle.javascript.security.dataflow.RemotePropertyInjectionCustomizations
-private import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingCustomizations
-private import semmle.javascript.security.dataflow.ZipSlipCustomizations
-private import semmle.javascript.security.dataflow.TaintedPathCustomizations
-private import semmle.javascript.security.dataflow.CleartextLoggingCustomizations
-private import semmle.javascript.security.dataflow.XpathInjectionCustomizations
-private import semmle.javascript.security.dataflow.Xss::Shared as Xss
-private import semmle.javascript.security.dataflow.StackTraceExposureCustomizations
-private import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
-private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
-private import semmle.javascript.security.dataflow.RequestForgeryCustomizations
-private import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
-private import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentCustomizations
-private import semmle.javascript.security.dataflow.DifferentKindsComparisonBypassCustomizations
-private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
-private import semmle.javascript.security.dataflow.PrototypePollutionCustomizations
-private import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations
-private import semmle.javascript.security.dataflow.TaintedFormatStringCustomizations
-private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
-private import semmle.javascript.security.dataflow.PostMessageStarCustomizations
-private import semmle.javascript.security.dataflow.RegExpInjectionCustomizations
-private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
-private import semmle.javascript.security.dataflow.InsecureRandomnessCustomizations
-private import semmle.javascript.security.dataflow.XmlBombCustomizations
-private import semmle.javascript.security.dataflow.InsufficientPasswordHashCustomizations
-private import semmle.javascript.security.dataflow.HardcodedCredentialsCustomizations
-private import semmle.javascript.security.dataflow.FileAccessToHttpCustomizations
-private import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessCustomizations
-private import semmle.javascript.security.dataflow.UnsafeDeserializationCustomizations
-private import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeCustomizations
-private import semmle.javascript.security.dataflow.ServerSideUrlRedirectCustomizations
-private import semmle.javascript.security.dataflow.IndirectCommandInjectionCustomizations
-private import semmle.javascript.security.dataflow.ConditionalBypassCustomizations
-private import semmle.javascript.security.dataflow.HttpToFileAccessCustomizations
-private import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmCustomizations
-private import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations
-private import semmle.javascript.security.dataflow.CleartextStorageCustomizations
-import FilteringReasons
-
-/**
- * Holds if the node `n` is a known sink in a modeled library, or a sibling-argument of such a sink.
- */
-predicate isArgumentToKnownLibrarySinkFunction(DataFlow::Node n) {
-  exists(DataFlow::InvokeNode invk, DataFlow::Node known |
-    invk.getAnArgument() = n and invk.getAnArgument() = known and isKnownLibrarySink(known)
-  )
-}
-
-/**
- * Holds if the node `n` is a known sink for the external API security query.
- *
- * This corresponds to known sinks from security queries whose sources include remote flow and
- * DOM-based sources.
- */
-predicate isKnownExternalApiQuerySink(DataFlow::Node n) {
-  n instanceof Xxe::Sink or
-  n instanceof TaintedPath::Sink or
-  n instanceof XpathInjection::Sink or
-  n instanceof Xss::Sink or
-  n instanceof ClientSideUrlRedirect::Sink or
-  n instanceof CodeInjection::Sink or
-  n instanceof RequestForgery::Sink or
-  n instanceof CorsMisconfigurationForCredentials::Sink or
-  n instanceof CommandInjection::Sink or
-  n instanceof PrototypePollution::Sink or
-  n instanceof UnvalidatedDynamicMethodCall::Sink or
-  n instanceof TaintedFormatString::Sink or
-  n instanceof NosqlInjection::Sink or
-  n instanceof PostMessageStar::Sink or
-  n instanceof RegExpInjection::Sink or
-  n instanceof SqlInjection::Sink or
-  n instanceof XmlBomb::Sink or
-  n instanceof ZipSlip::Sink or
-  n instanceof UnsafeDeserialization::Sink or
-  n instanceof ServerSideUrlRedirect::Sink or
-  n instanceof CleartextStorage::Sink or
-  n instanceof HttpToFileAccess::Sink
-}
-
-/** DEPRECATED: Alias for isKnownExternalApiQuerySink */
-deprecated predicate isKnownExternalAPIQuerySink = isKnownExternalApiQuerySink/1;
-
-/**
- * Holds if the node `n` is a known sink in a modeled library.
- */
-predicate isKnownLibrarySink(DataFlow::Node n) {
-  isKnownExternalApiQuerySink(n) or
-  n instanceof CleartextLogging::Sink or
-  n instanceof StackTraceExposure::Sink or
-  n instanceof ShellCommandInjectionFromEnvironment::Sink or
-  n instanceof InsecureRandomness::Sink or
-  n instanceof FileAccessToHttp::Sink or
-  n instanceof IndirectCommandInjection::Sink
-}
-
-/**
- * Holds if the node `n` is known as the predecessor in a modeled flow step.
- */
-predicate isKnownStepSrc(DataFlow::Node n) {
-  TaintTracking::sharedTaintStep(n, _) or
-  DataFlow::SharedFlowStep::step(n, _) or
-  DataFlow::SharedFlowStep::step(n, _, _, _)
-}
-
-/**
- * Holds if `n` is an argument to a function of a builtin object.
- */
-private predicate isArgumentToBuiltinFunction(DataFlow::Node n, FilteringReason reason) {
-  exists(DataFlow::SourceNode builtin, DataFlow::SourceNode receiver, DataFlow::InvokeNode invk |
-    (
-      builtin instanceof DataFlow::ArrayCreationNode and
-      reason instanceof ArgumentToArrayReason
-      or
-      builtin =
-        DataFlow::globalVarRef([
-            "Map", "Set", "WeakMap", "WeakSet", "Number", "Object", "String", "Array", "Error",
-            "Math", "Boolean"
-          ]) and
-      reason instanceof ArgumentToBuiltinGlobalVarRefReason
-    )
-  |
-    receiver = [builtin.getAnInvocation(), builtin] and
-    invk = [receiver, receiver.getAPropertyRead()].getAnInvocation() and
-    invk.getAnArgument() = n
-  )
-  or
-  exists(Expr primitive, MethodCallExpr c |
-    primitive instanceof ConstantString or
-    primitive instanceof NumberLiteral or
-    primitive instanceof BooleanLiteral
-  |
-    c.calls(primitive, _) and
-    c.getAnArgument() = n.asExpr() and
-    reason instanceof ConstantReceiverReason
-  )
-  or
-  exists(DataFlow::CallNode call |
-    call.getAnArgument() = n and
-    call.getCalleeName() =
-      [
-        "indexOf", "hasOwnProperty", "substring", "isDecimal", "decode", "encode", "keys", "shift",
-        "values", "forEach", "toString", "slice", "splice", "push", "isArray", "sort"
-      ] and
-    reason instanceof BuiltinCallNameReason
-  )
-}
-
-predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
-  isArgumentToBuiltinFunction(n, reason)
-  or
-  any(LodashUnderscore::Member m).getACall().getAnArgument() = n and
-  reason instanceof LodashUnderscoreArgumentReason
-  or
-  any(JQuery::MethodCall m).getAnArgument() = n and
-  reason instanceof JQueryArgumentReason
-  or
-  exists(ClientRequest r |
-    r.getAnArgument() = n or n = r.getUrl() or n = r.getHost() or n = r.getADataNode()
-  ) and
-  reason instanceof ClientRequestReason
-  or
-  exists(PromiseDefinition p |
-    n = [p.getResolveParameter(), p.getRejectParameter()].getACall().getAnArgument()
-  ) and
-  reason instanceof PromiseDefinitionReason
-  or
-  n instanceof CryptographicKey and reason instanceof CryptographicKeyReason
-  or
-  any(CryptographicOperation op).getInput() = n and
-  reason instanceof CryptographicOperationFlowReason
-  or
-  exists(DataFlow::CallNode call | n = call.getAnArgument() |
-    call.getCalleeName() = getAStandardLoggerMethodName() and
-    reason instanceof LoggerMethodReason
-    or
-    call.getCalleeName() = ["setTimeout", "clearTimeout"] and
-    reason instanceof TimeoutReason
-    or
-    call.getReceiver() = DataFlow::globalVarRef(["localStorage", "sessionStorage"]) and
-    reason instanceof ReceiverStorageReason
-    or
-    call instanceof StringOps::StartsWith and reason instanceof StringStartsWithReason
-    or
-    call instanceof StringOps::EndsWith and reason instanceof StringEndsWithReason
-    or
-    call instanceof StringOps::RegExpTest and reason instanceof StringRegExpTestReason
-    or
-    call instanceof EventRegistration and reason instanceof EventRegistrationReason
-    or
-    call instanceof EventDispatch and reason instanceof EventDispatchReason
-    or
-    call = any(MembershipCandidate c).getTest() and
-    reason instanceof MembershipCandidateTestReason
-    or
-    call instanceof FileSystemAccess and reason instanceof FileSystemAccessReason
-    or
-    // TODO database accesses are less well defined than database query sinks, so this may cover unmodeled sinks on existing database models
-    [
-      call, call.getAMethodCall()
-    /* command pattern where the query is built, and then exec'ed later */ ] instanceof
-      DatabaseAccess and
-    reason instanceof DatabaseAccessReason
-    or
-    call = DOM::domValueRef() and reason instanceof DomReason
-    or
-    call.getCalleeName() = "next" and
-    exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall()) and
-    reason instanceof NextFunctionCallReason
-    or
-    call = DataFlow::globalVarRef("dojo").getAPropertyRead("require").getACall() and
-    reason instanceof DojoRequireReason
-  )
-  or
-  (exists(Base64::Decode d | n = d.getInput()) or exists(Base64::Encode d | n = d.getInput())) and
-  reason instanceof Base64ManipulationReason
-}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
index adc98a5c08c..e95b2785ceb 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -7,6 +7,46 @@ private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
 private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 private import semmle.javascript.security.dataflow.TaintedPathCustomizations
+private import semmle.javascript.heuristics.SyntacticHeuristics as SyntacticHeuristics
+private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles
+private import semmle.javascript.security.dataflow.XxeCustomizations
+private import semmle.javascript.security.dataflow.RemotePropertyInjectionCustomizations
+private import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingCustomizations
+private import semmle.javascript.security.dataflow.ZipSlipCustomizations
+private import semmle.javascript.security.dataflow.TaintedPathCustomizations
+private import semmle.javascript.security.dataflow.CleartextLoggingCustomizations
+private import semmle.javascript.security.dataflow.XpathInjectionCustomizations
+private import semmle.javascript.security.dataflow.Xss::Shared as Xss
+private import semmle.javascript.security.dataflow.StackTraceExposureCustomizations
+private import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
+private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
+private import semmle.javascript.security.dataflow.RequestForgeryCustomizations
+private import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
+private import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentCustomizations
+private import semmle.javascript.security.dataflow.DifferentKindsComparisonBypassCustomizations
+private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
+private import semmle.javascript.security.dataflow.PrototypePollutionCustomizations
+private import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations
+private import semmle.javascript.security.dataflow.TaintedFormatStringCustomizations
+private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
+private import semmle.javascript.security.dataflow.PostMessageStarCustomizations
+private import semmle.javascript.security.dataflow.RegExpInjectionCustomizations
+private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
+private import semmle.javascript.security.dataflow.InsecureRandomnessCustomizations
+private import semmle.javascript.security.dataflow.XmlBombCustomizations
+private import semmle.javascript.security.dataflow.InsufficientPasswordHashCustomizations
+private import semmle.javascript.security.dataflow.HardcodedCredentialsCustomizations
+private import semmle.javascript.security.dataflow.FileAccessToHttpCustomizations
+private import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessCustomizations
+private import semmle.javascript.security.dataflow.UnsafeDeserializationCustomizations
+private import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeCustomizations
+private import semmle.javascript.security.dataflow.ServerSideUrlRedirectCustomizations
+private import semmle.javascript.security.dataflow.IndirectCommandInjectionCustomizations
+private import semmle.javascript.security.dataflow.ConditionalBypassCustomizations
+private import semmle.javascript.security.dataflow.HttpToFileAccessCustomizations
+private import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmCustomizations
+private import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations
+private import semmle.javascript.security.dataflow.CleartextStorageCustomizations
 
 /**
  * A set of characteristics that a particular endpoint might have. This set of characteristics is used to make decisions
@@ -25,35 +65,162 @@ abstract class EndpointCharacteristic extends string {
    * Holds for endpoints that have this characteristic. This predicate contains the logic that applies characteristics
    * to the appropriate set of dataflow nodes.
    */
-  abstract predicate getEndpoints(DataFlow::Node n);
+  abstract predicate appliesToEndpoint(DataFlow::Node n);
 
   /**
    * This predicate describes what the characteristic tells us about an endpoint.
    *
-   *  Params:
-   *  endpointClass: Class 0 is the negative class. Each positive int corresponds to a single sink type.
-   *  isPositiveIndicator: Does this characteristic indicate this endpoint _is_ a member of the class, or that it
-   *  _isn't_ a member of the class?
-   *  confidence: A number in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint
-   *  belonging / not belonging to the given class.
+   * Params:
+   * endpointClass: The sink type. Each EndpointType has a predicate getEncoding, which specifies the classifier
+   * class for this sink type. Class 0 is the negative class (non-sink). Each positive int corresponds to a single
+   * sink type.
+   * isPositiveIndicator: If true, this characteristic indicates that this endpoint _is_ a member of the class; if
+   * false, it indicates that it _isn't_ a member of the class.
+   * confidence: A float in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint
+   * belonging / not belonging to the given class. A confidence near zero means this characteristic is a very weak
+   * indicator of whether or not the endpoint belongs to the class. A confidence of 1 means that all endpoints with
+   * this characteristic definitively do/don't belong to the class.
    */
-  abstract predicate getImplications(
+  abstract predicate hasImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   );
+
+  /** Indicators with confidence at or above this threshold are considered to be high-confidence indicators. */
+  final float getHighConfidenceThreshold() { result = 0.8 }
+
+  // The following are some confidence values that are used in practice by the subclasses. They are defined as named
+  // constants here to make it easier to change them in the future.
+  final float maximalConfidence() { result = 1.0 }
+
+  final float highConfidence() { result = 0.9 }
+
+  final float mediumConfidence() { result = 0.6 }
 }
 
+/*
+ * Helper predicates.
+ */
+
+/**
+ * Holds if the node `n` is a known sink for the external API security query.
+ *
+ * This corresponds to known sinks from security queries whose sources include remote flow and
+ * DOM-based sources.
+ */
+private predicate isKnownExternalApiQuerySink(DataFlow::Node n) {
+  n instanceof Xxe::Sink or
+  n instanceof TaintedPath::Sink or
+  n instanceof XpathInjection::Sink or
+  n instanceof Xss::Sink or
+  n instanceof ClientSideUrlRedirect::Sink or
+  n instanceof CodeInjection::Sink or
+  n instanceof RequestForgery::Sink or
+  n instanceof CorsMisconfigurationForCredentials::Sink or
+  n instanceof CommandInjection::Sink or
+  n instanceof PrototypePollution::Sink or
+  n instanceof UnvalidatedDynamicMethodCall::Sink or
+  n instanceof TaintedFormatString::Sink or
+  n instanceof NosqlInjection::Sink or
+  n instanceof PostMessageStar::Sink or
+  n instanceof RegExpInjection::Sink or
+  n instanceof SqlInjection::Sink or
+  n instanceof XmlBomb::Sink or
+  n instanceof ZipSlip::Sink or
+  n instanceof UnsafeDeserialization::Sink or
+  n instanceof ServerSideUrlRedirect::Sink or
+  n instanceof CleartextStorage::Sink or
+  n instanceof HttpToFileAccess::Sink
+}
+
+/**
+ * Holds if the node `n` is a known sink in a modeled library.
+ */
+private predicate isKnownLibrarySink(DataFlow::Node n) {
+  isKnownExternalApiQuerySink(n) or
+  n instanceof CleartextLogging::Sink or
+  n instanceof StackTraceExposure::Sink or
+  n instanceof ShellCommandInjectionFromEnvironment::Sink or
+  n instanceof InsecureRandomness::Sink or
+  n instanceof FileAccessToHttp::Sink or
+  n instanceof IndirectCommandInjection::Sink
+}
+
+/**
+ * Holds if the node `n` is known as the predecessor in a modeled flow step.
+ */
+private predicate isKnownStepSrc(DataFlow::Node n) {
+  TaintTracking::sharedTaintStep(n, _) or
+  DataFlow::SharedFlowStep::step(n, _) or
+  DataFlow::SharedFlowStep::step(n, _, _, _)
+}
+
+/**
+ * Holds if the data flow node is a (possibly indirect) argument of a likely external library call.
+ *
+ * This includes direct arguments of likely external library calls as well as nested object
+ * literals within those calls.
+ */
+private predicate flowsToArgumentOfLikelyExternalLibraryCall(DataFlow::Node n) {
+  n = getACallWithoutCallee().getAnArgument()
+  or
+  exists(DataFlow::SourceNode src | flowsToArgumentOfLikelyExternalLibraryCall(src) |
+    n = src.getAPropertyWrite().getRhs()
+  )
+  or
+  exists(DataFlow::ArrayCreationNode arr | flowsToArgumentOfLikelyExternalLibraryCall(arr) |
+    n = arr.getAnElement()
+  )
+}
+
+/**
+ * Get calls for which we do not have the callee (i.e. the definition of the called function). This
+ * acts as a heuristic for identifying calls to external library functions.
+ */
+private DataFlow::CallNode getACallWithoutCallee() {
+  forall(Function callee | callee = result.getACallee() | callee.getTopLevel().isExterns()) and
+  not exists(DataFlow::ParameterNode param, DataFlow::FunctionNode callback |
+    param.flowsTo(result.getCalleeNode()) and
+    callback = getACallback(param, DataFlow::TypeBackTracker::end())
+  )
+}
+
+/**
+ * Gets a node that flows to callback-parameter `p`.
+ */
+private DataFlow::SourceNode getACallback(DataFlow::ParameterNode p, DataFlow::TypeBackTracker t) {
+  t.start() and
+  result = p and
+  any(DataFlow::FunctionNode f).getLastParameter() = p and
+  exists(p.getACall())
+  or
+  exists(DataFlow::TypeBackTracker t2 | result = getACallback(p, t2).backtrack(t2, t))
+}
+
+/**
+ * Get calls which are likely to be to external non-built-in libraries.
+ */
+DataFlow::CallNode getALikelyExternalLibraryCall() { result = getACallWithoutCallee() }
+
+/*
+ * Characteristics that are indicative of a sink.
+ * NOTE: Initially each sink type has only one characteristic, which is that it's a sink of this type in the standard
+ * JavaScript libraries.
+ */
+
 /**
  * Endpoints identified as "DomBasedXssSink" by the standard JavaScript libraries are XSS sinks with maximal confidence.
  */
 private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
   DomBasedXssSinkCharacteristic() { this = "DomBasedXssSink" }
 
-  override predicate getEndpoints(DataFlow::Node n) { n instanceof DomBasedXss::Sink }
+  override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof DomBasedXss::Sink }
 
-  override predicate getImplications(
+  override predicate hasImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof XssSinkType and isPositiveIndicator = true and confidence = 1.0
+    endpointClass instanceof XssSinkType and
+    isPositiveIndicator = true and
+    confidence = maximalConfidence()
   }
 }
 
@@ -64,12 +231,14 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
 private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
   TaintedPathSinkCharacteristic() { this = "TaintedPathSink" }
 
-  override predicate getEndpoints(DataFlow::Node n) { n instanceof TaintedPath::Sink }
+  override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof TaintedPath::Sink }
 
-  override predicate getImplications(
+  override predicate hasImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
-    endpointClass instanceof TaintedPathSinkType and isPositiveIndicator = true and confidence = 1.0
+    endpointClass instanceof TaintedPathSinkType and
+    isPositiveIndicator = true and
+    confidence = maximalConfidence()
   }
 }
 
@@ -80,14 +249,14 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
 private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   SqlInjectionSinkCharacteristic() { this = "SqlInjectionSink" }
 
-  override predicate getEndpoints(DataFlow::Node n) { n instanceof SqlInjection::Sink }
+  override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof SqlInjection::Sink }
 
-  override predicate getImplications(
+  override predicate hasImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
     endpointClass instanceof SqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = 1.0
+    confidence = maximalConfidence()
   }
 }
 
@@ -98,13 +267,778 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
 private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   NosqlInjectionSinkCharacteristic() { this = "NosqlInjectionSink" }
 
-  override predicate getEndpoints(DataFlow::Node n) { n instanceof NosqlInjection::Sink }
+  override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof NosqlInjection::Sink }
 
-  override predicate getImplications(
+  override predicate hasImplications(
     EndpointType endpointClass, boolean isPositiveIndicator, float confidence
   ) {
     endpointClass instanceof NosqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = 1.0
+    confidence = maximalConfidence()
+  }
+}
+
+/*
+ * Characteristics that are indicative of not being a sink of any type, and have historically been used to select
+ * negative samples for training.
+ */
+
+/**
+ * A characteristic that is an indicator of not being a sink of any type, because it's a modeled argument.
+ */
+abstract class OtherModeledArgumentCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  OtherModeledArgumentCharacteristic() { any() }
+}
+
+/**
+ * A characteristic that is an indicator of not being a sink of any type, because it's an argument to a function of a
+ * builtin object.
+ */
+abstract private class ArgumentToBuiltinFunctionCharacteristic extends OtherModeledArgumentCharacteristic {
+  bindingset[this]
+  ArgumentToBuiltinFunctionCharacteristic() { any() }
+}
+
+/**
+ * A high-confidence characteristic that indicates that an endpoint is not a sink of any type.
+ */
+abstract private class NotASinkCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  NotASinkCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeType and
+    isPositiveIndicator = true and
+    confidence = highConfidence()
+  }
+}
+
+/**
+ * A medium-confidence characteristic that indicates that an endpoint is not a sink of any type.
+ *
+ * TODO: This class is currently not private, because the current extraction logic explicitly avoids including these
+ * endpoints in the training data. We might want to change this in the future.
+ */
+abstract class LikelyNotASinkCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  LikelyNotASinkCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
+  }
+}
+
+private class LodashUnderscoreCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  LodashUnderscoreCharacteristic() { this = "LodashUnderscoreArgument" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    any(LodashUnderscore::Member m).getACall().getAnArgument() = n
+  }
+}
+
+private class JQueryArgumentCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  JQueryArgumentCharacteristic() { this = "JQueryArgument" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    any(JQuery::MethodCall m).getAnArgument() = n
+  }
+}
+
+private class ClientRequestCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  ClientRequestCharacteristic() { this = "ClientRequest" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(ClientRequest r |
+      r.getAnArgument() = n or n = r.getUrl() or n = r.getHost() or n = r.getADataNode()
+    )
+  }
+}
+
+private class PromiseDefinitionCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  PromiseDefinitionCharacteristic() { this = "PromiseDefinition" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(PromiseDefinition p |
+      n = [p.getResolveParameter(), p.getRejectParameter()].getACall().getAnArgument()
+    )
+  }
+}
+
+private class CryptographicKeyCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  CryptographicKeyCharacteristic() { this = "CryptographicKey" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof CryptographicKey }
+}
+
+private class CryptographicOperationFlowCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  CryptographicOperationFlowCharacteristic() { this = "CryptographicOperationFlow" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    any(CryptographicOperation op).getInput() = n
+  }
+}
+
+private class LoggerMethodCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  LoggerMethodCharacteristic() { this = "LoggerMethod" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName() = getAStandardLoggerMethodName()
+    )
+  }
+}
+
+private class TimeoutCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  TimeoutCharacteristic() { this = "Timeout" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName() = ["setTimeout", "clearTimeout"]
+    )
+  }
+}
+
+private class ReceiverStorageCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  ReceiverStorageCharacteristic() { this = "ReceiverStorage" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getReceiver() = DataFlow::globalVarRef(["localStorage", "sessionStorage"])
+    )
+  }
+}
+
+private class StringStartsWithCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  StringStartsWithCharacteristic() { this = "StringStartsWith" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call instanceof StringOps::StartsWith
+    )
+  }
+}
+
+private class StringEndsWithCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  StringEndsWithCharacteristic() { this = "StringEndsWith" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call instanceof StringOps::EndsWith)
+  }
+}
+
+private class StringRegExpTestCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  StringRegExpTestCharacteristic() { this = "StringRegExpTest" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call instanceof StringOps::RegExpTest
+    )
+  }
+}
+
+private class EventRegistrationCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  EventRegistrationCharacteristic() { this = "EventRegistration" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call instanceof EventRegistration)
+  }
+}
+
+private class EventDispatchCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  EventDispatchCharacteristic() { this = "EventDispatch" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call instanceof EventDispatch)
+  }
+}
+
+private class MembershipCandidateTestCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  MembershipCandidateTestCharacteristic() { this = "MembershipCandidateTest" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call = any(MembershipCandidate c).getTest()
+    )
+  }
+}
+
+private class FileSystemAccessCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  FileSystemAccessCharacteristic() { this = "FileSystemAccess" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call instanceof FileSystemAccess)
+  }
+}
+
+private class DatabaseAccessCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  DatabaseAccessCharacteristic() { this = "DatabaseAccess" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // TODO database accesses are less well defined than database query sinks, so this may cover unmodeled sinks on
+    // existing database models
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      [
+        call, call.getAMethodCall()
+      /* command pattern where the query is built, and then exec'ed later */ ] instanceof
+        DatabaseAccess
+    )
+  }
+}
+
+private class DomCharacteristic extends NotASinkCharacteristic, OtherModeledArgumentCharacteristic {
+  DomCharacteristic() { this = "DOM" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call = DOM::domValueRef())
+  }
+}
+
+private class NextFunctionCallCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  NextFunctionCallCharacteristic() { this = "NextFunctionCall" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName() = "next" and
+      exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall())
+    )
+  }
+}
+
+private class DojoRequireCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  DojoRequireCharacteristic() { this = "DojoRequire" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call = DataFlow::globalVarRef("dojo").getAPropertyRead("require").getACall()
+    )
+  }
+}
+
+private class Base64ManipulationCharacteristic extends NotASinkCharacteristic,
+  OtherModeledArgumentCharacteristic {
+  Base64ManipulationCharacteristic() { this = "Base64Manipulation" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Base64::Decode d | n = d.getInput()) or
+    exists(Base64::Encode d | n = d.getInput())
+  }
+}
+
+private class ArgumentToArrayCharacteristic extends ArgumentToBuiltinFunctionCharacteristic,
+  LikelyNotASinkCharacteristic {
+  ArgumentToArrayCharacteristic() { this = "ArgumentToArray" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::SourceNode builtin, DataFlow::SourceNode receiver, DataFlow::InvokeNode invk |
+      builtin instanceof DataFlow::ArrayCreationNode
+    |
+      receiver = [builtin.getAnInvocation(), builtin] and
+      invk = [receiver, receiver.getAPropertyRead()].getAnInvocation() and
+      invk.getAnArgument() = n
+    )
+  }
+}
+
+private class ArgumentToBuiltinGlobalVarRefCharacteristic extends ArgumentToBuiltinFunctionCharacteristic,
+  LikelyNotASinkCharacteristic {
+  ArgumentToBuiltinGlobalVarRefCharacteristic() { this = "ArgumentToBuiltinGlobalVarRef" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::SourceNode builtin, DataFlow::SourceNode receiver, DataFlow::InvokeNode invk |
+      builtin =
+        DataFlow::globalVarRef([
+            "Map", "Set", "WeakMap", "WeakSet", "Number", "Object", "String", "Array", "Error",
+            "Math", "Boolean"
+          ])
+    |
+      receiver = [builtin.getAnInvocation(), builtin] and
+      invk = [receiver, receiver.getAPropertyRead()].getAnInvocation() and
+      invk.getAnArgument() = n
+    )
+  }
+}
+
+private class ConstantReceiverCharacteristic extends ArgumentToBuiltinFunctionCharacteristic,
+  NotASinkCharacteristic {
+  ConstantReceiverCharacteristic() { this = "ConstantReceiver" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(Expr primitive, MethodCallExpr c |
+      primitive instanceof ConstantString or
+      primitive instanceof NumberLiteral or
+      primitive instanceof BooleanLiteral
+    |
+      c.calls(primitive, _) and
+      c.getAnArgument() = n.asExpr()
+    )
+  }
+}
+
+private class BuiltinCallNameCharacteristic extends ArgumentToBuiltinFunctionCharacteristic,
+  NotASinkCharacteristic {
+  BuiltinCallNameCharacteristic() { this = "BuiltinCallName" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call |
+      call.getAnArgument() = n and
+      call.getCalleeName() =
+        [
+          "indexOf", "hasOwnProperty", "substring", "isDecimal", "decode", "encode", "keys",
+          "shift", "values", "forEach", "toString", "slice", "splice", "push", "isArray", "sort"
+        ]
+    )
+  }
+}
+
+/*
+ * Characteristics that have historically acted as endpoint filters to exclude endpoints from scoring at inference time.
+ */
+
+/** A characteristic that has historically acted as an endpoint filter for inference-time scoring. */
+abstract class EndpointFilterCharacteristic extends EndpointCharacteristic {
+  bindingset[this]
+  EndpointFilterCharacteristic() { any() }
+}
+
+/**
+ * An EndpointFilterCharacteristic that indicates that an endpoint is unlikely to be a sink of any type.
+ */
+abstract private class StandardEndpointFilterCharacteristic extends EndpointFilterCharacteristic {
+  bindingset[this]
+  StandardEndpointFilterCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NegativeType and
+    isPositiveIndicator = true and
+    confidence = mediumConfidence()
+  }
+}
+
+class IsArgumentToModeledFunctionCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsArgumentToModeledFunctionCharacteristic() { this = "argument to modeled function" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::InvokeNode invk, DataFlow::Node known |
+      invk.getAnArgument() = n and
+      invk.getAnArgument() = known and
+      (
+        isKnownLibrarySink(known)
+        or
+        isKnownStepSrc(known)
+        or
+        exists(OtherModeledArgumentCharacteristic characteristic |
+          characteristic.appliesToEndpoint(known)
+        )
+      )
+    )
+  }
+}
+
+private class IsArgumentToSinklessLibraryCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsArgumentToSinklessLibraryCharacteristic() { this = "argument to sinkless library" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::InvokeNode invk, DataFlow::SourceNode commonSafeLibrary, string libraryName |
+      libraryName = ["slugify", "striptags", "marked"]
+    |
+      commonSafeLibrary = DataFlow::moduleImport(libraryName) and
+      invk = [commonSafeLibrary, commonSafeLibrary.getAPropertyRead()].getAnInvocation() and
+      n = invk.getAnArgument()
+    )
+  }
+}
+
+private class IsSanitizerCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsSanitizerCharacteristic() { this = "sanitizer" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName().regexpMatch("(?i).*(escape|valid(ate)?|sanitize|purify).*")
+    )
+  }
+}
+
+private class IsPredicateCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsPredicateCharacteristic() { this = "predicate" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName().regexpMatch("(equals|(|is|has|can)(_|[A-Z])).*")
+    )
+  }
+}
+
+private class IsHashCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsHashCharacteristic() { this = "hash" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      call.getCalleeName().regexpMatch("(?i)^(sha\\d*|md5|hash)$")
+    )
+  }
+}
+
+private class IsNumericCharacteristic extends StandardEndpointFilterCharacteristic {
+  IsNumericCharacteristic() { this = "numeric" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    SyntacticHeuristics::isReadFrom(n, ".*index.*")
+  }
+}
+
+private class InIrrelevantFileCharacteristic extends StandardEndpointFilterCharacteristic {
+  private string category;
+
+  InIrrelevantFileCharacteristic() {
+    this = "in " + category + " file" and category = ["externs", "generated", "library", "test"]
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // Ignore candidate sinks within externs, generated, library, and test code
+    ClassifyFiles::classify(n.getFile(), category)
+  }
+}
+
+/** An EndpointFilterCharacteristic that indicates that an endpoint is unlikely to be a NoSQL injection sink. */
+abstract private class NosqlInjectionSinkEndpointFilterCharacteristic extends EndpointFilterCharacteristic {
+  bindingset[this]
+  NosqlInjectionSinkEndpointFilterCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof NosqlInjectionSinkType and
+    isPositiveIndicator = false and
+    confidence = mediumConfidence()
+  }
+}
+
+private class DatabaseAccessCallHeuristicCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  DatabaseAccessCallHeuristicCharacteristic() { this = "matches database access call heuristic" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::MethodCallNode call | n = call.getAnArgument() |
+      // additional databases accesses that aren't modeled yet
+      call.getMethodName() = ["create", "createCollection", "createIndexes"]
+    )
+  }
+}
+
+private class ModeledSinkCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  ModeledSinkCharacteristic() { this = "modeled sink" }
+
+  /**
+   * Holds if the node `n` is a known sink in a modeled library, or a sibling-argument of such a sink.
+   */
+  predicate isArgumentToKnownLibrarySinkFunction(DataFlow::Node n) {
+    exists(DataFlow::InvokeNode invk, DataFlow::Node known |
+      invk.getAnArgument() = n and invk.getAnArgument() = known and isKnownLibrarySink(known)
+    )
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // Remove modeled sinks
+      isArgumentToKnownLibrarySinkFunction(n)
+    )
+  }
+}
+
+private class PredecessorInModeledFlowStepCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  PredecessorInModeledFlowStepCharacteristic() { this = "predecessor in a modeled flow step" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // Remove common kinds of unlikely sinks
+      isKnownStepSrc(n)
+    )
+  }
+}
+
+private class ModeledDatabaseAccessCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  ModeledDatabaseAccessCharacteristic() { this = "modeled database access" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // Remove modeled database calls. Arguments to modeled calls are very likely to be modeled
+      // as sinks if they are true positives. Therefore arguments that are not modeled as sinks
+      // are unlikely to be true positives.
+      call instanceof DatabaseAccess
+    )
+  }
+}
+
+private class ReceiverIsHttpRequestExpressionCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  ReceiverIsHttpRequestExpressionCharacteristic() { this = "receiver is a HTTP request expression" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // Remove calls to APIs that aren't relevant to NoSQL injection
+      call.getReceiver() instanceof Http::RequestNode
+    )
+  }
+}
+
+private class ReceiverIsHttpResponseExpressionCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  ReceiverIsHttpResponseExpressionCharacteristic() {
+    this = "receiver is a HTTP response expression"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // Remove calls to APIs that aren't relevant to NoSQL injection
+      call.getReceiver() instanceof Http::ResponseNode
+    )
+  }
+}
+
+private class NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkNosqlCharacteristic extends NosqlInjectionSinkEndpointFilterCharacteristic {
+  NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkNosqlCharacteristic() {
+    this = "not a direct argument to a likely external library call or a heuristic sink (nosql)"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // Require NoSQL injection sink candidates to be (a) direct arguments to external library calls
+    // or (b) heuristic sinks for NoSQL injection.
+    //
+    // ## Direct arguments to external library calls
+    //
+    // The `flowsToArgumentOfLikelyExternalLibraryCall` endpoint filter
+    // allows sink candidates which are within object literals or array literals, for example
+    // `req.sendFile(_, { path: ENDPOINT })`.
+    //
+    // However, the NoSQL injection query deals differently with these types of sinks compared to
+    // other security queries. Other security queries such as SQL injection tend to treat
+    // `ENDPOINT` as the ground truth sink, but the NoSQL injection query instead treats
+    // `{ path: ENDPOINT }` as the ground truth sink and defines an additional flow step to ensure
+    // data flows from `ENDPOINT` to the ground truth sink `{ path: ENDPOINT }`.
+    //
+    // Therefore for the NoSQL injection boosted query, we must ignore sink candidates within object
+    // literals or array literals, to avoid having multiple alerts for the same security
+    // vulnerability (one FP where the sink is `ENDPOINT` and one TP where the sink is
+    // `{ path: ENDPOINT }`). We accomplish this by directly testing that the sink candidate is an
+    // argument of a likely external library call.
+    //
+    // ## Heuristic sinks
+    //
+    // We also allow heuristic sinks in addition to direct arguments to external library calls.
+    // These are copied from the `HeuristicNosqlInjectionSink` class defined within
+    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
+    // We can't reuse the class because importing that file would cause us to treat these
+    // heuristic sinks as known sinks.
+    not n = getALikelyExternalLibraryCall().getAnArgument() and
+    not (
+      SyntacticHeuristics::isAssignedToOrConcatenatedWith(n, "(?i)(nosql|query)") or
+      SyntacticHeuristics::isArgTo(n, "(?i)(query)")
+    )
+  }
+}
+
+/** An EndpointFilterCharacteristic that indicates that an endpoint is unlikely to be a SQL injection sink. */
+abstract private class SqlInjectionSinkEndpointFilterCharacteristic extends EndpointFilterCharacteristic {
+  bindingset[this]
+  SqlInjectionSinkEndpointFilterCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof SqlInjectionSinkType and
+    isPositiveIndicator = false and
+    confidence = mediumConfidence()
+  }
+}
+
+private class PreparedSqlStatementCharacteristic extends SqlInjectionSinkEndpointFilterCharacteristic {
+  PreparedSqlStatementCharacteristic() { this = "prepared SQL statement" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // prepared statements for SQL
+      any(DataFlow::CallNode cn | cn.getCalleeName() = "prepare")
+          .getAMethodCall("run")
+          .getAnArgument() = n
+    )
+  }
+}
+
+private class ArrayCreationCharacteristic extends SqlInjectionSinkEndpointFilterCharacteristic {
+  ArrayCreationCharacteristic() { this = "array creation" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      n instanceof DataFlow::ArrayCreationNode
+    )
+  }
+}
+
+private class HtmlOrRenderingCharacteristic extends SqlInjectionSinkEndpointFilterCharacteristic {
+  HtmlOrRenderingCharacteristic() { this = "HTML / rendering" }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() |
+      // UI is unrelated to SQL
+      call.getCalleeName().regexpMatch("(?i).*(render|html).*")
+    )
+  }
+}
+
+private class NotAnArgumentToLikelyExternalLibraryCallOrHeuristicSinkCharacteristic extends SqlInjectionSinkEndpointFilterCharacteristic {
+  NotAnArgumentToLikelyExternalLibraryCallOrHeuristicSinkCharacteristic() {
+    this = "not an argument to a likely external library call or a heuristic sink"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // Require SQL injection sink candidates to be (a) arguments to external library calls
+    // (possibly indirectly), or (b) heuristic sinks.
+    //
+    // Heuristic sinks are copied from the `HeuristicSqlInjectionSink` class defined within
+    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
+    // We can't reuse the class because importing that file would cause us to treat these
+    // heuristic sinks as known sinks.
+    not flowsToArgumentOfLikelyExternalLibraryCall(n) and
+    not (
+      SyntacticHeuristics::isAssignedToOrConcatenatedWith(n, "(?i)(sql|query)") or
+      SyntacticHeuristics::isArgTo(n, "(?i)(query)") or
+      SyntacticHeuristics::isConcatenatedWithString(n,
+        "(?s).*(ALTER|COUNT|CREATE|DATABASE|DELETE|DISTINCT|DROP|FROM|GROUP|INSERT|INTO|LIMIT|ORDER|SELECT|TABLE|UPDATE|WHERE).*")
+    )
+  }
+}
+
+/** An EndpointFilterCharacteristic that indicates that an endpoint is unlikely to be a tainted path injection sink. */
+abstract private class TaintedPathSinkEndpointFilterCharacteristic extends EndpointFilterCharacteristic {
+  bindingset[this]
+  TaintedPathSinkEndpointFilterCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof TaintedPathSinkType and
+    isPositiveIndicator = false and
+    confidence = mediumConfidence()
+  }
+}
+
+private class NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkTaintedPathCharacteristic extends TaintedPathSinkEndpointFilterCharacteristic {
+  NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkTaintedPathCharacteristic() {
+    this =
+      "not a direct argument to a likely external library call or a heuristic sink (tainted path)"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // Require path injection sink candidates to be (a) arguments to external library calls
+    // (possibly indirectly), or (b) heuristic sinks.
+    //
+    // Heuristic sinks are mostly copied from the `HeuristicTaintedPathSink` class defined within
+    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
+    // We can't reuse the class because importing that file would cause us to treat these
+    // heuristic sinks as known sinks.
+    not flowsToArgumentOfLikelyExternalLibraryCall(n) and
+    not (
+      SyntacticHeuristics::isAssignedToOrConcatenatedWith(n, "(?i)(file|folder|dir|absolute)")
+      or
+      SyntacticHeuristics::isArgTo(n, "(?i)(get|read)file")
+      or
+      exists(string pathPattern |
+        // paths with at least two parts, and either a trailing or leading slash
+        pathPattern = "(?i)([a-z0-9_.-]+/){2,}" or
+        pathPattern = "(?i)(/[a-z0-9_.-]+){2,}"
+      |
+        SyntacticHeuristics::isConcatenatedWithString(n, pathPattern)
+      )
+      or
+      SyntacticHeuristics::isConcatenatedWithStrings(".*/", n, "/.*")
+      or
+      // In addition to the names from `HeuristicTaintedPathSink` in the
+      // `isAssignedToOrConcatenatedWith` predicate call above, we also allow the noisier "path"
+      // name.
+      SyntacticHeuristics::isAssignedToOrConcatenatedWith(n, "(?i)path")
+    )
+  }
+}
+
+/** An EndpointFilterCharacteristic that indicates that an endpoint is unlikely to be an XSS sink. */
+abstract private class XssSinkEndpointFilterCharacteristic extends EndpointFilterCharacteristic {
+  bindingset[this]
+  XssSinkEndpointFilterCharacteristic() { any() }
+
+  override predicate hasImplications(
+    EndpointType endpointClass, boolean isPositiveIndicator, float confidence
+  ) {
+    endpointClass instanceof XssSinkType and
+    isPositiveIndicator = false and
+    confidence = mediumConfidence()
+  }
+}
+
+private class SetStateCallsInReactApplicationsCharacteristic extends XssSinkEndpointFilterCharacteristic {
+  SetStateCallsInReactApplicationsCharacteristic() {
+    this = "setState calls ought to be safe in react applications"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    exists(DataFlow::CallNode call | n = call.getAnArgument() | call.getCalleeName() = "setState")
+  }
+}
+
+private class NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkXssCharacteristic extends XssSinkEndpointFilterCharacteristic {
+  NotDirectArgumentToLikelyExternalLibraryCallOrHeuristicSinkXssCharacteristic() {
+    this = "not a direct argument to a likely external library call or a heuristic sink (xss)"
+  }
+
+  override predicate appliesToEndpoint(DataFlow::Node n) {
+    // Require XSS sink candidates to be (a) arguments to external library calls (possibly
+    // indirectly), or (b) heuristic sinks.
+    //
+    // Heuristic sinks are copied from the `HeuristicDomBasedXssSink` class defined within
+    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
+    // We can't reuse the class because importing that file would cause us to treat these
+    // heuristic sinks as known sinks.
+    not flowsToArgumentOfLikelyExternalLibraryCall(n) and
+    not (
+      SyntacticHeuristics::isAssignedToOrConcatenatedWith(n, "(?i)(html|innerhtml)")
+      or
+      SyntacticHeuristics::isArgTo(n, "(?i)(html|render)")
+      or
+      n instanceof StringOps::HtmlConcatenationLeaf
+      or
+      SyntacticHeuristics::isConcatenatedWithStrings("(?is).*<[a-z ]+.*", n, "(?s).*>.*")
+      or
+      // In addition to the heuristic sinks from `HeuristicDomBasedXssSink`, explicitly allow
+      // property writes like `elem.innerHTML = <TAINT>` that may not be picked up as HTML
+      // concatenation leaves.
+      exists(DataFlow::PropWrite pw |
+        pw.getPropertyName().regexpMatch("(?i).*html*") and
+        pw.getRhs() = n
+      )
+    )
   }
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
index 60a490cc454..8b4d9147a00 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Extracts data about the database for use in adaptive threat modeling (ATM).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
index 7f9e53a5465..6746c06db7b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Provides an implementation of scoring alerts for use in adaptive threat modeling (ATM).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
index aa625b12862..d2cc37b1b33 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll
@@ -16,6 +16,11 @@ newtype TEndpointType =
 abstract class EndpointType extends TEndpointType {
   abstract string getDescription();
 
+  /**
+   * Gets the integer representation of this endpoint type. This integer representation specifies the class number
+   * used by the endpoint scoring model (the classifier) to represent this endpoint type. Class 0 is the negative
+   * class (non-sink). Each positive int corresponds to a single sink type.
+   */
   abstract int getEncoding();
 
   string toString() { result = getDescription() }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll
deleted file mode 100644
index 4b0cdb986e8..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll
+++ /dev/null
@@ -1,220 +0,0 @@
-/**
- * For internal use only.
- *
- * Defines a set of reasons why a particular endpoint was filtered out. This set of reasons
- * contains both reasons why an endpoint could be `NotASink` and reasons why an endpoint could be
- * `LikelyNotASink`. The `NotASinkReason`s defined here are exhaustive, but the
- * `LikelyNotASinkReason`s are not exhaustive.
- */
-newtype TFilteringReason =
-  TIsArgumentToBuiltinFunctionReason() or
-  TLodashUnderscoreArgumentReason() or
-  TClientRequestReason() or
-  TPromiseDefinitionReason() or
-  TCryptographicKeyReason() or
-  TCryptographicOperationFlowReason() or
-  TLoggerMethodReason() or
-  TTimeoutReason() or
-  TReceiverStorageReason() or
-  TStringStartsWithReason() or
-  TStringEndsWithReason() or
-  TStringRegExpTestReason() or
-  TEventRegistrationReason() or
-  TEventDispatchReason() or
-  TMembershipCandidateTestReason() or
-  TFileSystemAccessReason() or
-  TDatabaseAccessReason() or
-  TDomReason() or
-  TNextFunctionCallReason() or
-  TArgumentToArrayReason() or
-  TArgumentToBuiltinGlobalVarRefReason() or
-  TConstantReceiverReason() or
-  TBuiltinCallNameReason() or
-  TBase64ManipulationReason() or
-  TJQueryArgumentReason() or
-  TDojoRequireReason()
-
-/** A reason why a particular endpoint was filtered out by the endpoint filters. */
-abstract class FilteringReason extends TFilteringReason {
-  abstract string getDescription();
-
-  abstract int getEncoding();
-
-  string toString() { result = getDescription() }
-}
-
-/**
- * A reason why a particular endpoint might be considered to be `NotASink`.
- *
- * An endpoint is `NotASink` if it has at least one `NotASinkReason`, it does not have any
- * `LikelyNotASinkReason`s, and it is not a known sink.
- */
-abstract class NotASinkReason extends FilteringReason { }
-
-/**
- * A reason why a particular endpoint might be considered to be `LikelyNotASink`.
- *
- * An endpoint is `LikelyNotASink` if it has at least one `LikelyNotASinkReason` and it is not a
- * known sink.
- */
-abstract class LikelyNotASinkReason extends FilteringReason { }
-
-class IsArgumentToBuiltinFunctionReason extends NotASinkReason, TIsArgumentToBuiltinFunctionReason {
-  override string getDescription() { result = "IsArgumentToBuiltinFunction" }
-
-  override int getEncoding() { result = 5 }
-}
-
-class LodashUnderscoreArgumentReason extends NotASinkReason, TLodashUnderscoreArgumentReason {
-  override string getDescription() { result = "LodashUnderscoreArgument" }
-
-  override int getEncoding() { result = 6 }
-}
-
-class ClientRequestReason extends NotASinkReason, TClientRequestReason {
-  override string getDescription() { result = "ClientRequest" }
-
-  override int getEncoding() { result = 7 }
-}
-
-class PromiseDefinitionReason extends NotASinkReason, TPromiseDefinitionReason {
-  override string getDescription() { result = "PromiseDefinition" }
-
-  override int getEncoding() { result = 8 }
-}
-
-class CryptographicKeyReason extends NotASinkReason, TCryptographicKeyReason {
-  override string getDescription() { result = "CryptographicKey" }
-
-  override int getEncoding() { result = 9 }
-}
-
-class CryptographicOperationFlowReason extends NotASinkReason, TCryptographicOperationFlowReason {
-  override string getDescription() { result = "CryptographicOperationFlow" }
-
-  override int getEncoding() { result = 10 }
-}
-
-class LoggerMethodReason extends NotASinkReason, TLoggerMethodReason {
-  override string getDescription() { result = "LoggerMethod" }
-
-  override int getEncoding() { result = 11 }
-}
-
-class TimeoutReason extends NotASinkReason, TTimeoutReason {
-  override string getDescription() { result = "Timeout" }
-
-  override int getEncoding() { result = 12 }
-}
-
-class ReceiverStorageReason extends NotASinkReason, TReceiverStorageReason {
-  override string getDescription() { result = "ReceiverStorage" }
-
-  override int getEncoding() { result = 13 }
-}
-
-class StringStartsWithReason extends NotASinkReason, TStringStartsWithReason {
-  override string getDescription() { result = "StringStartsWith" }
-
-  override int getEncoding() { result = 14 }
-}
-
-class StringEndsWithReason extends NotASinkReason, TStringEndsWithReason {
-  override string getDescription() { result = "StringEndsWith" }
-
-  override int getEncoding() { result = 15 }
-}
-
-class StringRegExpTestReason extends NotASinkReason, TStringRegExpTestReason {
-  override string getDescription() { result = "StringRegExpTest" }
-
-  override int getEncoding() { result = 16 }
-}
-
-class EventRegistrationReason extends NotASinkReason, TEventRegistrationReason {
-  override string getDescription() { result = "EventRegistration" }
-
-  override int getEncoding() { result = 17 }
-}
-
-class EventDispatchReason extends NotASinkReason, TEventDispatchReason {
-  override string getDescription() { result = "EventDispatch" }
-
-  override int getEncoding() { result = 18 }
-}
-
-class MembershipCandidateTestReason extends NotASinkReason, TMembershipCandidateTestReason {
-  override string getDescription() { result = "MembershipCandidateTest" }
-
-  override int getEncoding() { result = 19 }
-}
-
-class FileSystemAccessReason extends NotASinkReason, TFileSystemAccessReason {
-  override string getDescription() { result = "FileSystemAccess" }
-
-  override int getEncoding() { result = 20 }
-}
-
-class DatabaseAccessReason extends NotASinkReason, TDatabaseAccessReason {
-  override string getDescription() { result = "DatabaseAccess" }
-
-  override int getEncoding() { result = 21 }
-}
-
-class DomReason extends NotASinkReason, TDomReason {
-  override string getDescription() { result = "DOM" }
-
-  override int getEncoding() { result = 22 }
-}
-
-/** DEPRECATED: Alias for DomReason */
-deprecated class DOMReason = DomReason;
-
-class NextFunctionCallReason extends NotASinkReason, TNextFunctionCallReason {
-  override string getDescription() { result = "NextFunctionCall" }
-
-  override int getEncoding() { result = 23 }
-}
-
-class ArgumentToArrayReason extends LikelyNotASinkReason, TArgumentToArrayReason {
-  override string getDescription() { result = "ArgumentToArray" }
-
-  override int getEncoding() { result = 24 }
-}
-
-class ArgumentToBuiltinGlobalVarRefReason extends LikelyNotASinkReason,
-  TArgumentToBuiltinGlobalVarRefReason {
-  override string getDescription() { result = "ArgumentToBuiltinGlobalVarRef" }
-
-  override int getEncoding() { result = 25 }
-}
-
-class ConstantReceiverReason extends NotASinkReason, TConstantReceiverReason {
-  override string getDescription() { result = "ConstantReceiver" }
-
-  override int getEncoding() { result = 26 }
-}
-
-class BuiltinCallNameReason extends NotASinkReason, TBuiltinCallNameReason {
-  override string getDescription() { result = "BuiltinCallName" }
-
-  override int getEncoding() { result = 27 }
-}
-
-class Base64ManipulationReason extends NotASinkReason, TBase64ManipulationReason {
-  override string getDescription() { result = "Base64Manipulation" }
-
-  override int getEncoding() { result = 28 }
-}
-
-class JQueryArgumentReason extends NotASinkReason, TJQueryArgumentReason {
-  override string getDescription() { result = "JQueryArgument" }
-
-  override int getEncoding() { result = 29 }
-}
-
-class DojoRequireReason extends NotASinkReason, TDojoRequireReason {
-  override string getDescription() { result = "DojoRequire" }
-
-  override int getEncoding() { result = 30 }
-}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll
index 4464842bc38..62531a9d423 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * FunctionBodyFeatures.qll
  *
  * Contains logic relating to the `enclosingFunctionBody` and `enclosingFunctionName` features.
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
index 43d74d5334c..e6d602280a4 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
@@ -1,6 +1,7 @@
 /**
  * For internal use only.
  *
+ * A taint-tracking configuration for reasoning about NoSQL injection vulnerabilities.
  * Defines shared code used by the NoSQL injection boosted query.
  */
 
@@ -8,145 +9,21 @@ import javascript
 private import semmle.javascript.heuristics.SyntacticHeuristics
 private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 import AdaptiveThreatModeling
-private import CoreKnowledge as CoreKnowledge
-private import StandardEndpointFilters as StandardEndpointFilters
-
-module SinkEndpointFilter {
-  /**
-   * Provides a set of reasons why a given data flow node should be excluded as a sink candidate.
-   *
-   * If this predicate has no results for a sink candidate `n`, then we should treat `n` as an
-   * effective sink.
-   */
-  string getAReasonSinkExcluded(DataFlow::Node sinkCandidate) {
-    result = StandardEndpointFilters::getAReasonSinkExcluded(sinkCandidate)
-    or
-    exists(DataFlow::CallNode call | sinkCandidate = call.getAnArgument() |
-      // additional databases accesses that aren't modeled yet
-      call.(DataFlow::MethodCallNode).getMethodName() =
-        ["create", "createCollection", "createIndexes"] and
-      result = "matches database access call heuristic"
-      or
-      // Remove modeled sinks
-      CoreKnowledge::isArgumentToKnownLibrarySinkFunction(sinkCandidate) and
-      result = "modeled sink"
-      or
-      // Remove common kinds of unlikely sinks
-      CoreKnowledge::isKnownStepSrc(sinkCandidate) and
-      result = "predecessor in a modeled flow step"
-      or
-      // Remove modeled database calls. Arguments to modeled calls are very likely to be modeled
-      // as sinks if they are true positives. Therefore arguments that are not modeled as sinks
-      // are unlikely to be true positives.
-      call instanceof DatabaseAccess and
-      result = "modeled database access"
-      or
-      // Remove calls to APIs that aren't relevant to NoSQL injection
-      call.getReceiver() instanceof Http::RequestNode and
-      result = "receiver is a HTTP request expression"
-      or
-      call.getReceiver() instanceof Http::ResponseNode and
-      result = "receiver is a HTTP response expression"
-    )
-    or
-    // Require NoSQL injection sink candidates to be (a) direct arguments to external library calls
-    // or (b) heuristic sinks for NoSQL injection.
-    //
-    // ## Direct arguments to external library calls
-    //
-    // The `StandardEndpointFilters::flowsToArgumentOfLikelyExternalLibraryCall` endpoint filter
-    // allows sink candidates which are within object literals or array literals, for example
-    // `req.sendFile(_, { path: ENDPOINT })`.
-    //
-    // However, the NoSQL injection query deals differently with these types of sinks compared to
-    // other security queries. Other security queries such as SQL injection tend to treat
-    // `ENDPOINT` as the ground truth sink, but the NoSQL injection query instead treats
-    // `{ path: ENDPOINT }` as the ground truth sink and defines an additional flow step to ensure
-    // data flows from `ENDPOINT` to the ground truth sink `{ path: ENDPOINT }`.
-    //
-    // Therefore for the NoSQL injection boosted query, we must ignore sink candidates within object
-    // literals or array literals, to avoid having multiple alerts for the same security
-    // vulnerability (one FP where the sink is `ENDPOINT` and one TP where the sink is
-    // `{ path: ENDPOINT }`). We accomplish this by directly testing that the sink candidate is an
-    // argument of a likely external library call.
-    //
-    // ## Heuristic sinks
-    //
-    // We also allow heuristic sinks in addition to direct arguments to external library calls.
-    // These are copied from the `HeuristicNosqlInjectionSink` class defined within
-    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
-    // We can't reuse the class because importing that file would cause us to treat these
-    // heuristic sinks as known sinks.
-    not sinkCandidate = StandardEndpointFilters::getALikelyExternalLibraryCall().getAnArgument() and
-    not (
-      isAssignedToOrConcatenatedWith(sinkCandidate, "(?i)(nosql|query)") or
-      isArgTo(sinkCandidate, "(?i)(query)")
-    ) and
-    result = "not a direct argument to a likely external library call or a heuristic sink"
-  }
-}
 
 class NosqlInjectionAtmConfig extends AtmConfig {
-  NosqlInjectionAtmConfig() { this = "NosqlInjectionATMConfig" }
+  NosqlInjectionAtmConfig() { this = "NosqlInjectionAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) {
     source instanceof NosqlInjection::Source or TaintedObject::isSource(source, _)
   }
 
-  override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
-    not exists(SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate))
-  }
-
   override EndpointType getASinkEndpointType() { result instanceof NosqlInjectionSinkType }
-}
 
-/** DEPRECATED: Alias for NosqlInjectionAtmConfig */
-deprecated class NosqlInjectionATMConfig = NosqlInjectionAtmConfig;
-
-/** Holds if src -> trg is an additional flow step in the non-boosted NoSql injection security query. */
-predicate isBaseAdditionalFlowStep(
-  DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
-) {
-  TaintedObject::step(src, trg, inlbl, outlbl)
-  or
-  // additional flow step to track taint through NoSQL query objects
-  inlbl = TaintedObject::label() and
-  outlbl = TaintedObject::label() and
-  exists(NoSql::Query query, DataFlow::SourceNode queryObj |
-    queryObj.flowsTo(query) and
-    queryObj.flowsTo(trg) and
-    src = queryObj.getAPropertyWrite().getRhs()
-  )
-}
-
-/**
- * Gets a value that is (transitively) written to `query`, where `query` is a NoSQL sink.
- *
- * This predicate allows us to propagate data flow through property writes and array constructors
- * within a query object, enabling the security query to pick up NoSQL injection vulnerabilities
- * involving more complex queries.
- */
-DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) {
-  any(NosqlInjectionAtmConfig cfg).isEffectiveSink(query) and
-  exists(DataFlow::SourceNode receiver |
-    receiver = [getASubexpressionWithinQuery(query), query].getALocalSource()
-  |
-    result =
-      [receiver.getAPropertyWrite().getRhs(), receiver.(DataFlow::ArrayCreationNode).getAnElement()]
-  )
-}
-
-/**
- * A taint-tracking configuration for reasoning about NoSQL injection vulnerabilities.
- *
- * This is largely a copy of the taint tracking configuration for the standard NoSQL injection
- * query, except additional ATM sinks have been added and the additional flow step has been
- * generalised to cover the sinks predicted by ATM.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "NosqlInjectionATM" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof NosqlInjection::Source }
+  /*
+   * This is largely a copy of the taint tracking configuration for the standard NoSQL injection
+   * query, except additional ATM sinks have been added and the additional flow step has been
+   * generalised to cover the sinks predicted by ATM.
+   */
 
   override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
     TaintedObject::isSource(source, label)
@@ -156,7 +33,7 @@ class Configuration extends TaintTracking::Configuration {
     sink.(NosqlInjection::Sink).getAFlowLabel() = label
     or
     // Allow effective sinks to have any taint label
-    any(NosqlInjectionAtmConfig cfg).isEffectiveSink(sink)
+    isEffectiveSink(sink)
   }
 
   override predicate isSanitizer(DataFlow::Node node) {
@@ -175,7 +52,43 @@ class Configuration extends TaintTracking::Configuration {
     isBaseAdditionalFlowStep(src, trg, inlbl, outlbl)
     or
     // relaxed version of previous step to track taint through unmodeled NoSQL query objects
-    any(NosqlInjectionAtmConfig cfg).isEffectiveSink(trg) and
+    isEffectiveSink(trg) and
     src = getASubexpressionWithinQuery(trg)
   }
+
+  /** Holds if src -> trg is an additional flow step in the non-boosted NoSql injection security query. */
+  private predicate isBaseAdditionalFlowStep(
+    DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
+  ) {
+    TaintedObject::step(src, trg, inlbl, outlbl)
+    or
+    // additional flow step to track taint through NoSQL query objects
+    inlbl = TaintedObject::label() and
+    outlbl = TaintedObject::label() and
+    exists(NoSql::Query query, DataFlow::SourceNode queryObj |
+      queryObj.flowsTo(query) and
+      queryObj.flowsTo(trg) and
+      src = queryObj.getAPropertyWrite().getRhs()
+    )
+  }
+
+  /**
+   * Gets a value that is (transitively) written to `query`, where `query` is a NoSQL sink.
+   *
+   * This predicate allows us to propagate data flow through property writes and array constructors
+   * within a query object, enabling the security query to pick up NoSQL injection vulnerabilities
+   * involving more complex queries.
+   */
+  private DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) {
+    isEffectiveSink(query) and
+    exists(DataFlow::SourceNode receiver |
+      receiver = [getASubexpressionWithinQuery(query), query].getALocalSource()
+    |
+      result =
+        [
+          receiver.getAPropertyWrite().getRhs(),
+          receiver.(DataFlow::ArrayCreationNode).getAnElement()
+        ]
+    )
+  }
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
index 3c78a456f21..917e79f401e 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/SqlInjectionATM.qll
@@ -1,94 +1,25 @@
 /**
  * For internal use only.
  *
+ * A taint-tracking configuration for reasoning about SQL injection vulnerabilities.
  * Defines shared code used by the SQL injection boosted query.
  */
 
 import semmle.javascript.heuristics.SyntacticHeuristics
 import semmle.javascript.security.dataflow.SqlInjectionCustomizations
 import AdaptiveThreatModeling
-import CoreKnowledge as CoreKnowledge
-import StandardEndpointFilters as StandardEndpointFilters
-
-/**
- * This module provides logic to filter candidate sinks to those which are likely SQL injection
- * sinks.
- */
-module SinkEndpointFilter {
-  private import javascript
-  private import SQL
-
-  /**
-   * Provides a set of reasons why a given data flow node should be excluded as a sink candidate.
-   *
-   * If this predicate has no results for a sink candidate `n`, then we should treat `n` as an
-   * effective sink.
-   */
-  string getAReasonSinkExcluded(DataFlow::Node sinkCandidate) {
-    result = StandardEndpointFilters::getAReasonSinkExcluded(sinkCandidate)
-    or
-    exists(DataFlow::CallNode call | sinkCandidate = call.getAnArgument() |
-      // prepared statements for SQL
-      any(DataFlow::CallNode cn | cn.getCalleeName() = "prepare")
-          .getAMethodCall("run")
-          .getAnArgument() = sinkCandidate and
-      result = "prepared SQL statement"
-      or
-      sinkCandidate instanceof DataFlow::ArrayCreationNode and
-      result = "array creation"
-      or
-      // UI is unrelated to SQL
-      call.getCalleeName().regexpMatch("(?i).*(render|html).*") and
-      result = "HTML / rendering"
-    )
-    or
-    // Require SQL injection sink candidates to be (a) arguments to external library calls
-    // (possibly indirectly), or (b) heuristic sinks.
-    //
-    // Heuristic sinks are copied from the `HeuristicSqlInjectionSink` class defined within
-    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
-    // We can't reuse the class because importing that file would cause us to treat these
-    // heuristic sinks as known sinks.
-    not StandardEndpointFilters::flowsToArgumentOfLikelyExternalLibraryCall(sinkCandidate) and
-    not (
-      isAssignedToOrConcatenatedWith(sinkCandidate, "(?i)(sql|query)") or
-      isArgTo(sinkCandidate, "(?i)(query)") or
-      isConcatenatedWithString(sinkCandidate,
-        "(?s).*(ALTER|COUNT|CREATE|DATABASE|DELETE|DISTINCT|DROP|FROM|GROUP|INSERT|INTO|LIMIT|ORDER|SELECT|TABLE|UPDATE|WHERE).*")
-    ) and
-    result = "not an argument to a likely external library call or a heuristic sink"
-  }
-}
 
 class SqlInjectionAtmConfig extends AtmConfig {
-  SqlInjectionAtmConfig() { this = "SqlInjectionATMConfig" }
+  SqlInjectionAtmConfig() { this = "SqlInjectionAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
 
-  override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
-    not exists(SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate))
-  }
-
   override EndpointType getASinkEndpointType() { result instanceof SqlInjectionSinkType }
-}
 
-/** DEPRECATED: Alias for SqlInjectionAtmConfig */
-deprecated class SqlInjectionATMConfig = SqlInjectionAtmConfig;
-
-/**
- * A taint-tracking configuration for reasoning about SQL injection vulnerabilities.
- *
- * This is largely a copy of the taint tracking configuration for the standard SQL injection
- * query, except additional sinks have been added using the sink endpoint filter.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "SqlInjectionATM" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof SqlInjection::Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof SqlInjection::Sink or any(SqlInjectionAtmConfig cfg).isEffectiveSink(sink)
-  }
+  /*
+   * This is largely a copy of the taint tracking configuration for the standard SQL injection
+   * query, except additional sinks have been added using the sink endpoint filter.
+   */
 
   override predicate isSanitizer(DataFlow::Node node) {
     super.isSanitizer(node) or
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll
deleted file mode 100644
index 38d339a8527..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/StandardEndpointFilters.qll
+++ /dev/null
@@ -1,134 +0,0 @@
-/**
- * For internal use only.
- *
- * Provides classes and predicates that are useful for endpoint filters.
- *
- * The standard use of this library is to make use of `isPotentialEffectiveSink/1`
- */
-
-private import javascript
-private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles
-private import semmle.javascript.heuristics.SyntacticHeuristics
-private import CoreKnowledge as CoreKnowledge
-
-/** Provides a set of reasons why a given data flow node should be excluded as a sink candidate. */
-string getAReasonSinkExcluded(DataFlow::Node n) {
-  isArgumentToModeledFunction(n) and result = "argument to modeled function"
-  or
-  isArgumentToSinklessLibrary(n) and result = "argument to sinkless library"
-  or
-  isSanitizer(n) and result = "sanitizer"
-  or
-  isPredicate(n) and result = "predicate"
-  or
-  isHash(n) and result = "hash"
-  or
-  isNumeric(n) and result = "numeric"
-  or
-  // Ignore candidate sinks within externs, generated, library, and test code
-  exists(string category | category = ["externs", "generated", "library", "test"] |
-    ClassifyFiles::classify(n.getFile(), category) and
-    result = "in " + category + " file"
-  )
-}
-
-/**
- * Holds if the node `n` is an argument to a function that has a manual model.
- */
-predicate isArgumentToModeledFunction(DataFlow::Node n) {
-  exists(DataFlow::InvokeNode invk, DataFlow::Node known |
-    invk.getAnArgument() = n and invk.getAnArgument() = known and isSomeModeledArgument(known)
-  )
-}
-
-/**
- * Holds if the node `n` is an argument that has a manual model.
- */
-predicate isSomeModeledArgument(DataFlow::Node n) {
-  CoreKnowledge::isKnownLibrarySink(n) or
-  CoreKnowledge::isKnownStepSrc(n) or
-  CoreKnowledge::isOtherModeledArgument(n, _)
-}
-
-/**
- * Holds if `n` appears to be a numeric value.
- */
-predicate isNumeric(DataFlow::Node n) { isReadFrom(n, ".*index.*") }
-
-/**
- * Holds if `n` is an argument to a library without sinks.
- */
-predicate isArgumentToSinklessLibrary(DataFlow::Node n) {
-  exists(DataFlow::InvokeNode invk, DataFlow::SourceNode commonSafeLibrary, string libraryName |
-    libraryName = ["slugify", "striptags", "marked"]
-  |
-    commonSafeLibrary = DataFlow::moduleImport(libraryName) and
-    invk = [commonSafeLibrary, commonSafeLibrary.getAPropertyRead()].getAnInvocation() and
-    n = invk.getAnArgument()
-  )
-}
-
-predicate isSanitizer(DataFlow::Node n) {
-  exists(DataFlow::CallNode call | n = call.getAnArgument() |
-    call.getCalleeName().regexpMatch("(?i).*(escape|valid(ate)?|sanitize|purify).*")
-  )
-}
-
-predicate isPredicate(DataFlow::Node n) {
-  exists(DataFlow::CallNode call | n = call.getAnArgument() |
-    call.getCalleeName().regexpMatch("(equals|(|is|has|can)(_|[A-Z])).*")
-  )
-}
-
-predicate isHash(DataFlow::Node n) {
-  exists(DataFlow::CallNode call | n = call.getAnArgument() |
-    call.getCalleeName().regexpMatch("(?i)^(sha\\d*|md5|hash)$")
-  )
-}
-
-/**
- * Holds if the data flow node is a (possibly indirect) argument of a likely external library call.
- *
- * This includes direct arguments of likely external library calls as well as nested object
- * literals within those calls.
- */
-predicate flowsToArgumentOfLikelyExternalLibraryCall(DataFlow::Node n) {
-  n = getACallWithoutCallee().getAnArgument()
-  or
-  exists(DataFlow::SourceNode src | flowsToArgumentOfLikelyExternalLibraryCall(src) |
-    n = src.getAPropertyWrite().getRhs()
-  )
-  or
-  exists(DataFlow::ArrayCreationNode arr | flowsToArgumentOfLikelyExternalLibraryCall(arr) |
-    n = arr.getAnElement()
-  )
-}
-
-/**
- * Get calls which are likely to be to external non-built-in libraries.
- */
-DataFlow::CallNode getALikelyExternalLibraryCall() { result = getACallWithoutCallee() }
-
-/**
- * Gets a node that flows to callback-parameter `p`.
- */
-private DataFlow::SourceNode getACallback(DataFlow::ParameterNode p, DataFlow::TypeBackTracker t) {
-  t.start() and
-  result = p and
-  any(DataFlow::FunctionNode f).getLastParameter() = p and
-  exists(p.getACall())
-  or
-  exists(DataFlow::TypeBackTracker t2 | result = getACallback(p, t2).backtrack(t2, t))
-}
-
-/**
- * Get calls for which we do not have the callee (i.e. the definition of the called function). This
- * acts as a heuristic for identifying calls to external library functions.
- */
-private DataFlow::CallNode getACallWithoutCallee() {
-  forall(Function callee | callee = result.getACallee() | callee.getTopLevel().isExterns()) and
-  not exists(DataFlow::ParameterNode param, DataFlow::FunctionNode callback |
-    param.flowsTo(result.getCalleeNode()) and
-    callback = getACallback(param, DataFlow::TypeBackTracker::end())
-  )
-}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
index 8b0ce249f89..c494a7587d6 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
@@ -1,95 +1,31 @@
 /**
  * For internal use only.
  *
+ * A taint-tracking configuration for reasoning about path injection vulnerabilities.
  * Defines shared code used by the path injection boosted query.
  */
 
 import semmle.javascript.heuristics.SyntacticHeuristics
 import semmle.javascript.security.dataflow.TaintedPathCustomizations
 import AdaptiveThreatModeling
-import CoreKnowledge as CoreKnowledge
-import StandardEndpointFilters as StandardEndpointFilters
-
-/**
- * This module provides logic to filter candidate sinks to those which are likely path injection
- * sinks.
- */
-module SinkEndpointFilter {
-  private import javascript
-  private import TaintedPath
-
-  /**
-   * Provides a set of reasons why a given data flow node should be excluded as a sink candidate.
-   *
-   * If this predicate has no results for a sink candidate `n`, then we should treat `n` as an
-   * effective sink.
-   */
-  string getAReasonSinkExcluded(DataFlow::Node sinkCandidate) {
-    result = StandardEndpointFilters::getAReasonSinkExcluded(sinkCandidate)
-    or
-    // Require path injection sink candidates to be (a) arguments to external library calls
-    // (possibly indirectly), or (b) heuristic sinks.
-    //
-    // Heuristic sinks are mostly copied from the `HeuristicTaintedPathSink` class defined within
-    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
-    // We can't reuse the class because importing that file would cause us to treat these
-    // heuristic sinks as known sinks.
-    not StandardEndpointFilters::flowsToArgumentOfLikelyExternalLibraryCall(sinkCandidate) and
-    not (
-      isAssignedToOrConcatenatedWith(sinkCandidate, "(?i)(file|folder|dir|absolute)")
-      or
-      isArgTo(sinkCandidate, "(?i)(get|read)file")
-      or
-      exists(string pathPattern |
-        // paths with at least two parts, and either a trailing or leading slash
-        pathPattern = "(?i)([a-z0-9_.-]+/){2,}" or
-        pathPattern = "(?i)(/[a-z0-9_.-]+){2,}"
-      |
-        isConcatenatedWithString(sinkCandidate, pathPattern)
-      )
-      or
-      isConcatenatedWithStrings(".*/", sinkCandidate, "/.*")
-      or
-      // In addition to the names from `HeuristicTaintedPathSink` in the
-      // `isAssignedToOrConcatenatedWith` predicate call above, we also allow the noisier "path"
-      // name.
-      isAssignedToOrConcatenatedWith(sinkCandidate, "(?i)path")
-    ) and
-    result = "not a direct argument to a likely external library call or a heuristic sink"
-  }
-}
 
 class TaintedPathAtmConfig extends AtmConfig {
-  TaintedPathAtmConfig() { this = "TaintedPathATMConfig" }
+  TaintedPathAtmConfig() { this = "TaintedPathAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof TaintedPath::Source }
 
-  override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
-    not exists(SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate))
-  }
-
   override EndpointType getASinkEndpointType() { result instanceof TaintedPathSinkType }
-}
 
-/** DEPRECATED: Alias for TaintedPathAtmConfig */
-deprecated class TaintedPathATMConfig = TaintedPathAtmConfig;
-
-/**
- * A taint-tracking configuration for reasoning about path injection vulnerabilities.
- *
- * This is largely a copy of the taint tracking configuration for the standard path injection
- * query, except additional ATM sinks have been added to the `isSink` predicate.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "TaintedPathATM" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof TaintedPath::Source }
+  /*
+   * This is largely a copy of the taint tracking configuration for the standard path injection
+   * query, except additional ATM sinks have been added to the `isSink` predicate.
+   */
 
   override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
     label = sink.(TaintedPath::Sink).getAFlowLabel()
     or
     // Allow effective sinks to have any taint label
-    any(TaintedPathAtmConfig cfg).isEffectiveSink(sink)
+    isEffectiveSink(sink)
   }
 
   override predicate isSanitizer(DataFlow::Node node) { node instanceof TaintedPath::Sanitizer }
@@ -115,9 +51,7 @@ class Configuration extends TaintTracking::Configuration {
  * of barrier guards, we port the barrier guards for the boosted query from the standard library to
  * sanitizer guards here.
  */
-class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode {
-  BarrierGuardNodeAsSanitizerGuardNode() { this instanceof TaintedPath::BarrierGuardNode }
-
+private class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode instanceof TaintedPath::BarrierGuardNode {
   override predicate sanitizes(boolean outcome, Expr e) {
     blocks(outcome, e) or blocks(outcome, e, _)
   }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
index cdd49ca302e..d28b669bf49 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
@@ -1,95 +1,25 @@
 /**
  * For internal use only.
  *
+ * A taint-tracking configuration for reasoning about XSS vulnerabilities.
  * Defines shared code used by the XSS boosted query.
  */
 
 private import semmle.javascript.heuristics.SyntacticHeuristics
 private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 import AdaptiveThreatModeling
-import CoreKnowledge as CoreKnowledge
-import StandardEndpointFilters as StandardEndpointFilters
-
-/**
- * This module provides logic to filter candidate sinks to those which are likely XSS sinks.
- */
-module SinkEndpointFilter {
-  private import javascript
-  private import DomBasedXss
-
-  /**
-   * Provides a set of reasons why a given data flow node should be excluded as a sink candidate.
-   *
-   * If this predicate has no results for a sink candidate `n`, then we should treat `n` as an
-   * effective sink.
-   */
-  string getAReasonSinkExcluded(DataFlow::Node sinkCandidate) {
-    result = StandardEndpointFilters::getAReasonSinkExcluded(sinkCandidate)
-    or
-    exists(DataFlow::CallNode call | sinkCandidate = call.getAnArgument() |
-      call.getCalleeName() = "setState"
-    ) and
-    result = "setState calls ought to be safe in react applications"
-    or
-    // Require XSS sink candidates to be (a) arguments to external library calls (possibly
-    // indirectly), or (b) heuristic sinks.
-    //
-    // Heuristic sinks are copied from the `HeuristicDomBasedXssSink` class defined within
-    // `codeql/javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll`.
-    // We can't reuse the class because importing that file would cause us to treat these
-    // heuristic sinks as known sinks.
-    not StandardEndpointFilters::flowsToArgumentOfLikelyExternalLibraryCall(sinkCandidate) and
-    not (
-      isAssignedToOrConcatenatedWith(sinkCandidate, "(?i)(html|innerhtml)")
-      or
-      isArgTo(sinkCandidate, "(?i)(html|render)")
-      or
-      sinkCandidate instanceof StringOps::HtmlConcatenationLeaf
-      or
-      isConcatenatedWithStrings("(?is).*<[a-z ]+.*", sinkCandidate, "(?s).*>.*")
-      or
-      // In addition to the heuristic sinks from `HeuristicDomBasedXssSink`, explicitly allow
-      // property writes like `elem.innerHTML = <TAINT>` that may not be picked up as HTML
-      // concatenation leaves.
-      exists(DataFlow::PropWrite pw |
-        pw.getPropertyName().regexpMatch("(?i).*html*") and
-        pw.getRhs() = sinkCandidate
-      )
-    ) and
-    result = "not a direct argument to a likely external library call or a heuristic sink"
-  }
-}
 
 class DomBasedXssAtmConfig extends AtmConfig {
-  DomBasedXssAtmConfig() { this = "DomBasedXssATMConfig" }
+  DomBasedXssAtmConfig() { this = "DomBasedXssAtmConfig" }
 
   override predicate isKnownSource(DataFlow::Node source) { source instanceof DomBasedXss::Source }
 
-  override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
-    not exists(SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate))
-  }
-
   override EndpointType getASinkEndpointType() { result instanceof XssSinkType }
-}
 
-/** DEPRECATED: Alias for DomBasedXssAtmConfig */
-deprecated class DomBasedXssATMConfig = DomBasedXssAtmConfig;
-
-/**
- * A taint-tracking configuration for reasoning about XSS vulnerabilities.
- *
- * This is largely a copy of the taint tracking configuration for the standard XSSThroughDom query,
- * except additional ATM sinks have been added to the `isSink` predicate.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "DomBasedXssATMConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof DomBasedXss::Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof DomBasedXss::Sink or
-    any(DomBasedXssAtmConfig cfg).isEffectiveSink(sink)
-  }
+  /*
+   * This is largely a copy of the taint tracking configuration for the standard XSSThroughDom query,
+   * except additional ATM sinks have been added to the `isSink` predicate.
+   */
 
   override predicate isSanitizer(DataFlow::Node node) {
     super.isSanitizer(node) or
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
new file mode 100644
index 00000000000..87d69a37165
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
@@ -0,0 +1,88 @@
+/**
+ * For internal use only.
+ *
+ * A taint-tracking configuration for reasoning about XSS through the DOM.
+ * Defines shared code used by the XSS Through DOM boosted query.
+ */
+
+private import semmle.javascript.heuristics.SyntacticHeuristics
+private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
+private import semmle.javascript.dataflow.InferredTypes
+private import semmle.javascript.security.dataflow.XssThroughDomCustomizations::XssThroughDom as XssThroughDom
+private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin as UnsafeJQuery
+import AdaptiveThreatModeling
+
+class XssThroughDomAtmConfig extends AtmConfig {
+  XssThroughDomAtmConfig() { this = "XssThroughDomAtmConfig" }
+
+  override predicate isKnownSource(DataFlow::Node source) {
+    source instanceof XssThroughDom::Source
+  }
+
+  override EndpointType getASinkEndpointType() { result instanceof XssSinkType }
+
+  override predicate isSanitizer(DataFlow::Node node) {
+    super.isSanitizer(node) or
+    node instanceof DomBasedXss::Sanitizer
+  }
+
+  override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
+    guard instanceof TypeTestGuard or
+    guard instanceof UnsafeJQuery::PropertyPresenceSanitizer or
+    guard instanceof UnsafeJQuery::NumberGuard or
+    guard instanceof PrefixStringSanitizer or
+    guard instanceof QuoteGuard or
+    guard instanceof ContainsHtmlGuard
+  }
+
+  override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
+    DomBasedXss::isOptionallySanitizedEdge(pred, succ)
+  }
+}
+
+/**
+ * A test of form `typeof x === "something"`, preventing `x` from being a string in some cases.
+ *
+ * This sanitizer helps prune infeasible paths in type-overloaded functions.
+ */
+class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
+  override EqualityTest astNode;
+  Expr operand;
+  boolean polarity;
+
+  TypeTestGuard() {
+    exists(TypeofTag tag | TaintTracking::isTypeofGuard(astNode, operand, tag) |
+      // typeof x === "string" sanitizes `x` when it evaluates to false
+      tag = "string" and
+      polarity = astNode.getPolarity().booleanNot()
+      or
+      // typeof x === "object" sanitizes `x` when it evaluates to true
+      tag != "string" and
+      polarity = astNode.getPolarity()
+    )
+  }
+
+  override predicate sanitizes(boolean outcome, Expr e) {
+    polarity = outcome and
+    e = operand
+  }
+}
+
+private import semmle.javascript.security.dataflow.Xss::Shared as Shared
+
+private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode,
+  DomBasedXss::PrefixStringSanitizer {
+  PrefixStringSanitizer() { this = this }
+}
+
+private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixString() { this = this }
+}
+
+private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
+  QuoteGuard() { this = this }
+}
+
+private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard {
+  ContainsHtmlGuard() { this = this }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml
index e0571f38255..9e722f81eae 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml
@@ -1,5 +1,6 @@
 name: codeql/javascript-experimental-atm-lib
-version: 0.4.1
+description: CodeQL libraries for the experimental ML-powered queries
+version: 0.4.5
 extractor: javascript
 library: true
 groups:
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml
index 40b611fc72a..e37547ed938 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml
@@ -1,4 +1,5 @@
 name: codeql/javascript-experimental-atm-model
+description: Machine learning model supporting the experimental ML-powered queries
 version: 0.3.1
 groups:
     - javascript
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
index 28a95268a57..ac2f2f1d817 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
@@ -11,20 +11,28 @@
 
 import javascript
 import experimental.adaptivethreatmodeling.ATMConfig
-import extraction.ExtractEndpointData
+import extraction.ExtractEndpointDataTraining
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 
 string getAReasonSinkExcluded(DataFlow::Node sinkCandidate, Query query) {
   query instanceof NosqlInjectionQuery and
-  result = NosqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate)
+  result = any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof SqlInjectionQuery and
-  result = SqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate)
+  result = any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof TaintedPathQuery and
-  result = TaintedPathAtm::SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate)
+  result = any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
   or
   query instanceof XssQuery and
-  result = XssAtm::SinkEndpointFilter::getAReasonSinkExcluded(sinkCandidate)
+  result = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
+  or
+  query instanceof XssThroughDomQuery and
+  result = any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
 }
 
 pragma[inline]
@@ -33,7 +41,7 @@ string getDescriptionForAlertCandidate(
 ) {
   result = "excluded[reason=" + getAReasonSinkExcluded(sinkCandidate, query) + "]"
   or
-  getAtmCfg(query).isKnownSink(sinkCandidate) and
+  getDataFlowCfg(query).(AtmConfig).isKnownSink(sinkCandidate) and
   result = "excluded[reason=known-sink]"
   or
   not exists(getAReasonSinkExcluded(sinkCandidate, query)) and
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
index 2549db106f4..a4f52b1cf78 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting/CountAlertsAndSinks.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  *
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Exclusions.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Exclusions.qll
index 79d3486e2db..822b2d7ea62 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Exclusions.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Exclusions.qll
@@ -1,4 +1,4 @@
-/*
+/**
  * For internal use only.
  *
  * Defines files that should be excluded from the evaluation of ML models.
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.ql
deleted file mode 100644
index 73dab4af324..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.ql
+++ /dev/null
@@ -1,11 +0,0 @@
-/*
- * For internal use only.
- *
- * Extracts training and evaluation data we can use to train ML models for ML-powered queries.
- */
-
-import ExtractEndpointData as ExtractEndpointData
-
-query predicate endpoints = ExtractEndpointData::endpoints/5;
-
-query predicate tokenFeatures = ExtractEndpointData::tokenFeatures/3;
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
deleted file mode 100644
index af91933b7a4..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * For internal use only.
- *
- * Library code for training and evaluation data we can use to train ML models for ML-powered
- * queries.
- */
-
-import javascript
-import Exclusions as Exclusions
-import evaluation.EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.ATMConfig
-import experimental.adaptivethreatmodeling.CoreKnowledge as CoreKnowledge
-import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
-import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
-import experimental.adaptivethreatmodeling.EndpointTypes
-import experimental.adaptivethreatmodeling.FilteringReasons
-import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
-
-/** DEPRECATED: Alias for NosqlInjectionAtm */
-deprecated module NosqlInjectionATM = NosqlInjectionAtm;
-
-import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
-
-/** DEPRECATED: Alias for SqlInjectionAtm */
-deprecated module SqlInjectionATM = SqlInjectionAtm;
-
-import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
-
-/** DEPRECATED: Alias for TaintedPathAtm */
-deprecated module TaintedPathATM = TaintedPathAtm;
-
-import experimental.adaptivethreatmodeling.XssATM as XssAtm
-
-/** DEPRECATED: Alias for XssAtm */
-deprecated module XssATM = XssAtm;
-
-import Labels
-import NoFeaturizationRestrictionsConfig
-import Queries
-
-/** Gets the ATM configuration object for the specified query. */
-AtmConfig getAtmCfg(Query query) {
-  query instanceof NosqlInjectionQuery and
-  result instanceof NosqlInjectionAtm::NosqlInjectionAtmConfig
-  or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionAtm::SqlInjectionAtmConfig
-  or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::TaintedPathAtmConfig
-  or
-  query instanceof XssQuery and result instanceof XssAtm::DomBasedXssAtmConfig
-}
-
-/** DEPRECATED: Alias for getAtmCfg */
-deprecated ATMConfig getATMCfg(Query query) { result = getAtmCfg(query) }
-
-/** Gets the ATM data flow configuration for the specified query. */
-DataFlow::Configuration getDataFlowCfg(Query query) {
-  query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionAtm::Configuration
-  or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionAtm::Configuration
-  or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::Configuration
-  or
-  query instanceof XssQuery and result instanceof XssAtm::Configuration
-}
-
-/** Gets a known sink for the specified query. */
-private DataFlow::Node getASink(Query query) {
-  getAtmCfg(query).isKnownSink(result) and
-  // Only consider the source code for the project being analyzed.
-  exists(result.getFile().getRelativePath())
-}
-
-/** Gets a data flow node that is known not to be a sink for the specified query. */
-private DataFlow::Node getANotASink(NotASinkReason reason) {
-  CoreKnowledge::isOtherModeledArgument(result, reason) and
-  // Some endpoints can be assigned both a `NotASinkReason` and a `LikelyNotASinkReason`. We
-  // consider these endpoints to be `LikelyNotASink`, therefore this line excludes them from the
-  // definition of `NotASink`.
-  not CoreKnowledge::isOtherModeledArgument(result, any(LikelyNotASinkReason t)) and
-  not result = getASink(_) and
-  // Only consider the source code for the project being analyzed.
-  exists(result.getFile().getRelativePath())
-}
-
-/**
- * Gets a data flow node whose label is unknown for the specified query.
- *
- * In other words, this is an endpoint that is not `Sink`, `NotASink`, or `LikelyNotASink` for the
- * specified query.
- */
-private DataFlow::Node getAnUnknown(Query query) {
-  getAtmCfg(query).isEffectiveSink(result) and
-  // Effective sinks should exclude sinks but this is a defensive requirement
-  not result = getASink(query) and
-  // Effective sinks should exclude NotASink but for some queries (e.g. Xss) this is currently not always the case and
-  // so this is a defensive requirement
-  not result = getANotASink(_) and
-  // Only consider the source code for the project being analyzed.
-  exists(result.getFile().getRelativePath())
-}
-
-/** Gets the query-specific sink label for the given endpoint, if such a label exists. */
-private EndpointLabel getSinkLabelForEndpoint(DataFlow::Node endpoint, Query query) {
-  endpoint = getASink(query) and result instanceof SinkLabel
-  or
-  endpoint = getANotASink(_) and result instanceof NotASinkLabel
-  or
-  endpoint = getAnUnknown(query) and result instanceof UnknownLabel
-}
-
-/** Gets an endpoint that should be extracted. */
-DataFlow::Node getAnEndpoint(Query query) { exists(getSinkLabelForEndpoint(result, query)) }
-
-/**
- * Endpoints and associated metadata.
- *
- * Note that we draw a distinction between _features_, that are provided to the model at training
- * and query time, and _metadata_, that is only provided to the model at training time.
- *
- * Internal: See the design document for
- * [extensible extraction queries](https://docs.google.com/document/d/1g3ci2Nf1hGMG6ZUP0Y4PqCy_8elcoC_dhBvgTxdAWpg)
- * for technical information about the design of this predicate.
- */
-predicate endpoints(
-  DataFlow::Node endpoint, string queryName, string key, string value, string valueType
-) {
-  exists(Query query |
-    // Only provide metadata for labelled endpoints, since we do not extract all endpoints.
-    endpoint = getAnEndpoint(query) and
-    queryName = query.getName() and
-    (
-      // Holds if there is a taint flow path from a known source to the endpoint
-      key = "hasFlowFromSource" and
-      (
-        if FlowFromSource::hasFlowFromSource(endpoint, query)
-        then value = "true"
-        else value = "false"
-      ) and
-      valueType = "boolean"
-      or
-      // Constant expressions always evaluate to a constant primitive value. Therefore they can't ever
-      // appear in an alert, making them less interesting training examples.
-      key = "isConstantExpression" and
-      (if endpoint.asExpr() instanceof ConstantExpr then value = "true" else value = "false") and
-      valueType = "boolean"
-      or
-      // Holds if alerts involving the endpoint are excluded from the end-to-end evaluation.
-      key = "isExcludedFromEndToEndEvaluation" and
-      (if Exclusions::isFileExcluded(endpoint.getFile()) then value = "true" else value = "false") and
-      valueType = "boolean"
-      or
-      // The label for this query, considering the endpoint as a sink.
-      key = "sinkLabel" and
-      value = getSinkLabelForEndpoint(endpoint, query).getEncoding() and
-      valueType = "string"
-      or
-      // The reason, or reasons, why the endpoint was labeled NotASink for this query.
-      key = "notASinkReason" and
-      exists(FilteringReason reason |
-        endpoint = getANotASink(reason) and
-        value = reason.getDescription()
-      ) and
-      valueType = "string"
-    )
-  )
-}
-
-/**
- * `EndpointFeatures::tokenFeatures` has no results when `featureName` is absent for the endpoint
- * `endpoint`. To preserve compatibility with the data pipeline, this relation will instead set
- * `featureValue` to the empty string in this case.
- */
-predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
-  endpoints(endpoint, _, _, _, _) and
-  (
-    EndpointFeatures::tokenFeatures(endpoint, featureName, featureValue)
-    or
-    // Performance note: this creates a Cartesian product between `endpoint` and `featureName`.
-    featureName = EndpointFeatures::getASupportedFeatureName() and
-    not exists(string value | EndpointFeatures::tokenFeatures(endpoint, featureName, value)) and
-    featureValue = ""
-  )
-}
-
-module FlowFromSource {
-  predicate hasFlowFromSource(DataFlow::Node endpoint, Query q) {
-    exists(Configuration cfg | cfg.getQuery() = q | cfg.hasFlow(_, endpoint))
-  }
-
-  /**
-   * A data flow configuration that replicates the data flow configuration for a specific query, but
-   * replaces the set of sinks with the set of endpoints we're extracting.
-   *
-   * We use this to find out when there is flow to a particular endpoint from a known source.
-   *
-   * This configuration behaves in a very similar way to the `ForwardExploringConfiguration` class
-   * from the CodeQL standard libraries for JavaScript.
-   */
-  private class Configuration extends DataFlow::Configuration {
-    Query q;
-
-    Configuration() { this = getDataFlowCfg(q) }
-
-    Query getQuery() { result = q }
-
-    /** Holds if `sink` is an endpoint we're extracting. */
-    override predicate isSink(DataFlow::Node sink) { sink = getAnEndpoint(q) }
-
-    /** Holds if `sink` is an endpoint we're extracting. */
-    override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
-      sink = getAnEndpoint(q) and exists(lbl)
-    }
-  }
-}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.ql
index 20ece497585..3b0bb468ffd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.ql
@@ -4,23 +4,8 @@
  * Extracts training data we can use to train ML models for ML-powered queries.
  */
 
-import javascript
-import ExtractEndpointData as ExtractEndpointData
+private import ExtractEndpointDataTraining as ExtractEndpointDataTraining
 
-query predicate endpoints(
-  DataFlow::Node endpoint, string queryName, string key, string value, string valueType
-) {
-  ExtractEndpointData::endpoints(endpoint, queryName, key, value, valueType) and
-  // only select endpoints that are either Sink or NotASink
-  ExtractEndpointData::endpoints(endpoint, queryName, "sinkLabel", ["Sink", "NotASink"], "string") and
-  // do not select endpoints filtered out by end-to-end evaluation
-  ExtractEndpointData::endpoints(endpoint, queryName, "isExcludedFromEndToEndEvaluation", "false",
-    "boolean") and
-  // only select endpoints that can be part of a tainted flow
-  ExtractEndpointData::endpoints(endpoint, queryName, "isConstantExpression", "false", "boolean")
-}
+query predicate endpoints = ExtractEndpointDataTraining::reformattedTrainingEndpoints/5;
 
-query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
-  endpoints(endpoint, _, _, _, _) and
-  ExtractEndpointData::tokenFeatures(endpoint, featureName, featureValue)
-}
+query predicate tokenFeatures = ExtractEndpointDataTraining::tokenFeatures/3;
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll
new file mode 100644
index 00000000000..763c74c7cf3
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll
@@ -0,0 +1,250 @@
+/**
+ * For internal use only.
+ *
+ * Extracts training data we can use to train ML models for ML-powered queries.
+ */
+
+import javascript
+import experimental.adaptivethreatmodeling.EndpointCharacteristics
+import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
+import NoFeaturizationRestrictionsConfig
+private import Exclusions as Exclusions
+import Queries
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
+
+/**
+ * Gets the set of featureName-featureValue pairs for each endpoint in the training set.
+ *
+ * `EndpointFeatures::tokenFeatures` has no results when `featureName` is absent for the endpoint
+ * `endpoint`. To preserve compatibility with the data pipeline, this relation will instead set
+ * `featureValue` to the empty string in this case.
+ */
+predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
+  trainingEndpoints(endpoint, _, _) and
+  (
+    EndpointFeatures::tokenFeatures(endpoint, featureName, featureValue)
+    or
+    // Performance note: this creates a Cartesian product between `endpoint` and `featureName`.
+    featureName = EndpointFeatures::getASupportedFeatureName() and
+    not exists(string value | EndpointFeatures::tokenFeatures(endpoint, featureName, value)) and
+    featureValue = ""
+  )
+}
+
+/**
+ * Holds if the given endpoint should be included in the training set as a sample belonging to endpointClass, and has
+ * the given characteristic. This query uses the endpoint characteristics to select and label endpoints for the training
+ * set, and provides a list of characteristics for each endpoint in the training set, which is used in the modeling
+ * code.
+ *
+ * Params:
+ * endpoint: The endpoint to include / exclude.
+ * endpointClass: The sink type. See the documentation of EndpointType.getEncoding for details about the relationship
+ * between an EndpointType and a class in the classifier.
+ * characteristic: Provides the list of characteristics that apply to the endpoint, which the modeling code currently
+ * uses for type balancing.
+ *
+ * Note: This predicate will produce multiple tuples for endpoints that have multiple characteristics, which we must
+ * then group together into a list of characteristics.
+ */
+query predicate trainingEndpoints(
+  DataFlow::Node endpoint, EndpointType endpointClass, EndpointCharacteristic characteristic
+) {
+  characteristic.appliesToEndpoint(endpoint) and
+  // Only consider the source code for the project being analyzed.
+  exists(endpoint.getFile().getRelativePath()) and
+  // Only select endpoints that can be part of a tainted flow: Constant expressions always evaluate to a constant
+  // primitive value. Therefore they can't ever appear in an alert, making them less interesting training examples.
+  // TODO: Experiment with removing this requirement.
+  not endpoint.asExpr() instanceof ConstantExpr and
+  // Do not select endpoints filtered out by end-to-end evaluation.
+  // TODO: Experiment with removing this requirement.
+  not Exclusions::isFileExcluded(endpoint.getFile()) and
+  // Filter out negative examples that also have a LikelyNotASinkReason, because this is currently done here
+  // https://github.com/github/codeql/blob/387e57546bf7352f7c1cfe781daa1a3799b7063e/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll#L77
+  // TODO: Experiment with removing this requirement.
+  not (
+    endpointClass instanceof NegativeType and
+    exists(EndpointCharacteristic c |
+      c.appliesToEndpoint(endpoint) and
+      c instanceof LikelyNotASinkCharacteristic
+    )
+  ) and
+  // Don't surface endpoint filters as characteristics, because they were previously not surfaced.
+  // TODO: Experiment with surfacing these to the modeling code by removing the following line (and then make
+  // EndpointFilterCharacteristic private).
+  not characteristic instanceof EndpointFilterCharacteristic and
+  (
+    // If the list of characteristics includes positive indicators with high confidence for this class, select this as a
+    // training sample belonging to the class.
+    exists(EndpointCharacteristic characteristic2, float confidence |
+      characteristic2.appliesToEndpoint(endpoint) and
+      characteristic2.hasImplications(endpointClass, true, confidence) and
+      confidence >= characteristic2.getHighConfidenceThreshold()
+    ) and
+    (
+      // Temporarily limit this only to positive classes. For negative classes, additionally select only endpoints that
+      // have no high confidence indicators that they are sinks, because this is what was previously done.
+      // TODO: Experiment with removing this requirement, and instead ensuring that an endpoint never has both a high
+      // confidence indicator that it _is_ a sink and a high confidence indicator that it is _not_ a sink.
+      not endpointClass instanceof NegativeType
+      or
+      not exists(EndpointCharacteristic characteristic3, float confidence3, EndpointType posClass |
+        characteristic3.appliesToEndpoint(endpoint) and
+        characteristic3.hasImplications(posClass, true, confidence3) and
+        confidence3 >= characteristic3.getHighConfidenceThreshold() and
+        not posClass instanceof NegativeType
+      )
+    )
+    or
+    // If the list of characteristics includes negative indicators with high confidence for all classes other than 0,
+    // select this as a training sample of class 0 (this means we had query-specific characteristics to decide this
+    // endpoint isn't a sink for each of our sink types).
+    endpointClass instanceof NegativeType and
+    forall(EndpointType otherClass | not otherClass instanceof NegativeType |
+      exists(EndpointCharacteristic characteristic2, float confidence |
+        characteristic2.appliesToEndpoint(endpoint) and
+        characteristic2.hasImplications(otherClass, false, confidence) and
+        confidence >= characteristic2.getHighConfidenceThreshold()
+      )
+    )
+  )
+}
+
+/**
+ * Temporary:
+ * Reformat the training data that was extracted with the new logic to match the format produced by the old predicate.
+ * This is the format expected by the endpoint pipeline.
+ */
+query predicate reformattedTrainingEndpoints(
+  DataFlow::Node endpoint, string queryName, string key, string value, string valueType
+) {
+  trainingEndpoints(endpoint, _, _) and
+  exists(Query query |
+    queryName = query.getName() and
+    // For sinks, only list that sink type, but for non-sinks, list all sink types.
+    (
+      exists(EndpointType endpointClass |
+        endpointClass.getDescription().matches(queryName + "%") and
+        not endpointClass instanceof NegativeType and
+        trainingEndpoints(endpoint, endpointClass, _)
+      )
+      or
+      exists(EndpointType endpointClass |
+        endpointClass instanceof NegativeType and
+        trainingEndpoints(endpoint, endpointClass, _)
+      )
+    ) and
+    (
+      // NOTE: We don't use hasFlowFromSource in training, so we could just hardcode it to be false.
+      key = "hasFlowFromSource" and
+      (
+        if FlowFromSource::hasFlowFromSource(endpoint, query)
+        then value = "true"
+        else value = "false"
+      ) and
+      valueType = "boolean"
+      or
+      // Constant expressions always evaluate to a constant primitive value. Therefore they can't ever
+      // appear in an alert, making them less interesting training examples.
+      key = "isConstantExpression" and
+      (if endpoint.asExpr() instanceof ConstantExpr then value = "true" else value = "false") and
+      valueType = "boolean"
+      or
+      // Holds if alerts involving the endpoint are excluded from the end-to-end evaluation.
+      key = "isExcludedFromEndToEndEvaluation" and
+      (if Exclusions::isFileExcluded(endpoint.getFile()) then value = "true" else value = "false") and
+      valueType = "boolean"
+      or
+      // The label for this query, considering the endpoint as a sink.
+      key = "sinkLabel" and
+      valueType = "string" and
+      value = "Sink" and
+      exists(EndpointType endpointClass |
+        endpointClass.getDescription().matches(queryName + "%") and
+        not endpointClass instanceof NegativeType and
+        trainingEndpoints(endpoint, endpointClass, _)
+      )
+      or
+      key = "sinkLabel" and
+      valueType = "string" and
+      value = "NotASink" and
+      exists(EndpointType endpointClass |
+        endpointClass instanceof NegativeType and
+        trainingEndpoints(endpoint, endpointClass, _)
+      )
+      or
+      // The reason, or reasons, why the endpoint was labeled NotASink for this query, only for negative examples.
+      key = "notASinkReason" and
+      exists(EndpointCharacteristic characteristic, EndpointType endpointClass |
+        characteristic.appliesToEndpoint(endpoint) and
+        characteristic.hasImplications(endpointClass, true, _) and
+        endpointClass instanceof NegativeType and
+        value = characteristic
+      ) and
+      // Don't include a notASinkReason for endpoints that are also known sinks.
+      not exists(EndpointCharacteristic characteristic3, float confidence3, EndpointType posClass |
+        characteristic3.appliesToEndpoint(endpoint) and
+        characteristic3.hasImplications(posClass, true, confidence3) and
+        confidence3 >= characteristic3.getHighConfidenceThreshold() and
+        not posClass instanceof NegativeType
+      ) and
+      // Don't surface endpoint filters as notASinkReasons, because they were previously not surfaced.
+      // TODO: Experiment with surfacing these to the modeling code by removing the following line (and then make
+      // EndpointFilterCharacteristic private).
+      not value instanceof EndpointFilterCharacteristic and
+      valueType = "string"
+    )
+  )
+}
+
+/**
+ * Gets the ATM data flow configuration for the specified query.
+ * TODO: Delete this once we are no longer surfacing `hasFlowFromSource`.
+ */
+DataFlow::Configuration getDataFlowCfg(Query query) {
+  query instanceof NosqlInjectionQuery and
+  result instanceof NosqlInjectionAtm::NosqlInjectionAtmConfig
+  or
+  query instanceof SqlInjectionQuery and result instanceof SqlInjectionAtm::SqlInjectionAtmConfig
+  or
+  query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::TaintedPathAtmConfig
+  or
+  query instanceof XssQuery and result instanceof XssAtm::DomBasedXssAtmConfig
+  or
+  query instanceof XssThroughDomQuery and result instanceof XssThroughDomAtm::XssThroughDomAtmConfig
+}
+
+// TODO: Delete this once we are no longer surfacing `hasFlowFromSource`.
+private module FlowFromSource {
+  predicate hasFlowFromSource(DataFlow::Node endpoint, Query q) {
+    exists(Configuration cfg | cfg.getQuery() = q | cfg.hasFlow(_, endpoint))
+  }
+
+  /**
+   * A data flow configuration that replicates the data flow configuration for a specific query, but
+   * replaces the set of sinks with the set of endpoints we're extracting.
+   *
+   * We use this to find out when there is flow to a particular endpoint from a known source.
+   *
+   * This configuration behaves in a very similar way to the `ForwardExploringConfiguration` class
+   * from the CodeQL standard libraries for JavaScript.
+   */
+  private class Configuration extends DataFlow::Configuration {
+    Query q;
+
+    Configuration() { this = getDataFlowCfg(q) }
+
+    Query getQuery() { result = q }
+
+    /** Holds if `sink` is an endpoint we're extracting. */
+    override predicate isSink(DataFlow::Node sink) { any() }
+
+    /** Holds if `sink` is an endpoint we're extracting. */
+    override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { exists(lbl) }
+  }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
index 697928d74b0..57c536eac12 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -8,6 +8,7 @@ import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
 
 from string queryName, AtmConfig c, EndpointType e
@@ -23,6 +24,8 @@ where
     c instanceof TaintedPathAtm::TaintedPathAtmConfig
     or
     queryName = "Xss" and c instanceof XssAtm::DomBasedXssAtmConfig
+    or
+    queryName = "XssThroughDom" and c instanceof XssThroughDomAtm::XssThroughDomAtmConfig
   ) and
   e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as label
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
index 51dd3ffec84..a75e01b99cd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
@@ -8,7 +8,8 @@ newtype TQuery =
   TNosqlInjectionQuery() or
   TSqlInjectionQuery() or
   TTaintedPathQuery() or
-  TXssQuery()
+  TXssQuery() or
+  TXssThroughDomQuery()
 
 abstract class Query extends TQuery {
   abstract string getName();
@@ -31,3 +32,7 @@ class TaintedPathQuery extends Query, TTaintedPathQuery {
 class XssQuery extends Query, TXssQuery {
   override string getName() { result = "Xss" }
 }
+
+class XssThroughDomQuery extends Query, TXssThroughDomQuery {
+  override string getName() { result = "XssThroughDom" }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml
index e6657138f1c..ac65fc1bb5f 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml
@@ -1,4 +1,5 @@
 name: codeql/javascript-experimental-atm-model-building
+description: CodeQL libraries for building machine learning models for the experimental ML-powered queries
 extractor: javascript
 library: false
 groups:
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql
index e35653fb96a..6d5428f7c91 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql
@@ -17,11 +17,8 @@ import ATM::ResultsInfo
 import DataFlow::PathGraph
 import experimental.adaptivethreatmodeling.NosqlInjectionATM
 
-from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
-where
-  cfg.hasFlowPath(source, sink) and
-  not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
-  score = getScoreForFlow(source.getNode(), sink.getNode())
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
 select sink.getNode(), source, sink,
   "(Experimental) This may be a database query that depends on $@. Identified using machine learning.",
   source.getNode(), "a user-provided value", score
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql
index b58dd9f4609..fdeb79de145 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql
@@ -17,11 +17,8 @@ import experimental.adaptivethreatmodeling.SqlInjectionATM
 import ATM::ResultsInfo
 import DataFlow::PathGraph
 
-from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
-where
-  cfg.hasFlowPath(source, sink) and
-  not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
-  score = getScoreForFlow(source.getNode(), sink.getNode())
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
 select sink.getNode(), source, sink,
   "(Experimental) This may be a database query that depends on $@. Identified using machine learning.",
   source.getNode(), "a user-provided value", score
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql
index 7e637687d75..b505a381971 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql
@@ -21,11 +21,8 @@ import ATM::ResultsInfo
 import DataFlow::PathGraph
 import experimental.adaptivethreatmodeling.TaintedPathATM
 
-from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
-where
-  cfg.hasFlowPath(source, sink) and
-  not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
-  score = getScoreForFlow(source.getNode(), sink.getNode())
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
 select sink.getNode(), source, sink,
   "(Experimental) This may be a path that depends on $@. Identified using machine learning.",
   source.getNode(), "a user-provided value", score
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql
index d0e98c1cd54..449f450f3ce 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql
@@ -18,11 +18,8 @@ import ATM::ResultsInfo
 import DataFlow::PathGraph
 import experimental.adaptivethreatmodeling.XssATM
 
-from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
-where
-  cfg.hasFlowPath(source, sink) and
-  not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
-  score = getScoreForFlow(source.getNode(), sink.getNode())
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
 select sink.getNode(), source, sink,
   "(Experimental) This may be a cross-site scripting vulnerability due to $@. Identified using machine learning.",
   source.getNode(), "a user-provided value", score
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
new file mode 100644
index 00000000000..494b308893f
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
@@ -0,0 +1,25 @@
+/**
+ * For internal use only.
+ *
+ * @name DOM text reinterpreted as HTML (experimental)
+ * @description Reinterpreting text from the DOM as HTML can lead
+ *              to a cross-site scripting vulnerability.
+ * @kind path-problem
+ * @scored
+ * @problem.severity error
+ * @security-severity 6.1
+ * @id js/ml-powered/xss-through-dom
+ * @tags experimental security
+ *       external/cwe/cwe-079 external/cwe/cwe-116
+ */
+
+import javascript
+import ATM::ResultsInfo
+import DataFlow::PathGraph
+import experimental.adaptivethreatmodeling.XssThroughDomATM
+
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.hasBoostedFlowPath(source, sink, score)
+select sink.getNode(), source, sink,
+  "(Experimental) $@ may be reinterpreted as HTML without escaping meta-characters. Identified using machine learning.",
+  source.getNode(), "DOM text", score
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml
index cab87ce0e33..58fe9d1197d 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml
@@ -1,6 +1,7 @@
 name: codeql/javascript-experimental-atm-queries
+description: Experimental ML-powered queries for JavaScript
 language: javascript
-version: 0.4.1
+version: 0.4.5
 suites: codeql-suites
 defaultSuiteFile: codeql-suites/javascript-atm-code-scanning.qls
 groups:
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.expected
new file mode 100644
index 00000000000..f35770bad95
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.expected
@@ -0,0 +1,2 @@
+erroneousEndpoints
+erroneousConfidences
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.ql
new file mode 100644
index 00000000000..9b06257b91f
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.ql
@@ -0,0 +1,90 @@
+/**
+ * ContradictoryEndpointCharacteristics.ql
+ *
+ * This tests surfaces endpoints that have a set of characteristics are logically incompatible with one another (e.g one
+ * high-confidence characteristic that implies a non-sink and another that implies a sink). If the test surfaces any
+ * such endpoints, this is a hint that some of our endpoint characteristics may be need to be adjusted.
+ */
+
+import javascript
+private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
+private import experimental.adaptivethreatmodeling.EndpointTypes as EndpointTypes
+
+/**
+ * Holds if `characteristic1` and `characteristic2` are among the several pairs of currently known high-confidence
+ * negative characteristics that apply to some known sinks.
+ *
+ * TODO: Experiment with lowering the confidence of `"FileSystemAccess"`, `"DOM"`, `"DatabaseAccess"`, and
+ * `"JQueryArgument"`.
+ */
+private predicate knownContradictoryCharacteristics(
+  EndpointCharacteristics::EndpointCharacteristic characteristic1,
+  EndpointCharacteristics::EndpointCharacteristic characteristic2
+) {
+  characteristic1 != characteristic2 and
+  (
+    characteristic1 = ["TaintedPathSink", "FileSystemAccess"] and
+    characteristic2 = ["TaintedPathSink", "FileSystemAccess"]
+    or
+    characteristic1 = ["DomBasedXssSink", "DOM"] and
+    characteristic2 = ["DomBasedXssSink", "DOM"]
+    or
+    characteristic1 = ["DomBasedXssSink", "JQueryArgument"] and
+    characteristic2 = ["DomBasedXssSink", "JQueryArgument"]
+    or
+    characteristic1 = ["NosqlInjectionSink", "DatabaseAccess"] and
+    characteristic2 = ["NosqlInjectionSink", "DatabaseAccess"]
+    or
+    characteristic1 = ["SqlInjectionSink", "DatabaseAccess"] and
+    characteristic2 = ["SqlInjectionSink", "DatabaseAccess"]
+  )
+}
+
+/**
+ * Holds if the given endpoint has a self-contradictory combination of characteristics. Detects errors in our endpoint
+ * characteristics. Lists the problematic characterisitics and their implications for all such endpoints, together with
+ * an error message indicating why this combination is problematic.
+ */
+query predicate erroneousEndpoints(
+  DataFlow::Node endpoint, EndpointCharacteristics::EndpointCharacteristic characteristic,
+  EndpointTypes::EndpointType endpointClass, float confidence, string errorMessage
+) {
+  // An endpoint's characteristics should not include positive indicators with medium/high confidence for more than one
+  // class.
+  exists(
+    EndpointCharacteristics::EndpointCharacteristic characteristic2,
+    EndpointTypes::EndpointType endpointClass2, float confidence2
+  |
+    endpointClass.getEncoding() != endpointClass2.getEncoding() and
+    characteristic.appliesToEndpoint(endpoint) and
+    characteristic2.appliesToEndpoint(endpoint) and
+    characteristic.hasImplications(endpointClass, true, confidence) and
+    characteristic2.hasImplications(endpointClass2, true, confidence2) and
+    confidence > characteristic.mediumConfidence() and
+    confidence2 > characteristic2.mediumConfidence() and
+    // We currently know of several high-confidence negative characteristics that apply to some known sinks.
+    not knownContradictoryCharacteristics(characteristic, characteristic2)
+  ) and
+  errorMessage = "Endpoint has high-confidence positive indicators for multiple classes"
+  or
+  // An enpoint's characteristics should not include positive indicators with medium/high confidence for some class and
+  // also include negative indicators with medium/high confidence for this same class.
+  exists(EndpointCharacteristics::EndpointCharacteristic characteristic2, float confidence2 |
+    characteristic.appliesToEndpoint(endpoint) and
+    characteristic2.appliesToEndpoint(endpoint) and
+    characteristic.hasImplications(endpointClass, true, confidence) and
+    characteristic2.hasImplications(endpointClass, false, confidence2) and
+    confidence > characteristic.mediumConfidence() and
+    confidence2 > characteristic2.mediumConfidence()
+  ) and
+  errorMessage = "Endpoint has high-confidence positive and negative indicators for the same class"
+}
+
+query predicate erroneousConfidences(
+  EndpointCharacteristics::EndpointCharacteristic characteristic, float confidence,
+  string errorMessage
+) {
+  characteristic.hasImplications(_, _, confidence) and
+  (confidence < 0 or confidence > 1) and
+  errorMessage = "Characteristic has an indicator with confidence outside of [0, 1]"
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
index 7fb7c716ce0..a8dbf544fdd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
@@ -156,26 +156,496 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionName | connect |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | fileImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | calleeImports | @octokit/core |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionBody | req res id req params id response kit graphql \n      query {\n        repository(owner: "github", name: " id ") {\n          object(expression: "master:foo") {\n            ... on Blob {\n              text\n            }\n          }\n        }\n      }\n     |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | CalleeFlexibleAccessPath | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | CalleeFlexibleAccessPath | withCustomRequest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | CalleeFlexibleAccessPath | myGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | CalleeFlexibleAccessPath | graphql.defaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | receiverName | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | InputAccessPathFromCallee | 1.headers.authorization |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | assignedToPropName | authorization |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | CalleeFlexibleAccessPath | request.defaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | receiverName | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | CalleeFlexibleAccessPath | buildSchema |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | InputAccessPathFromCallee | 1.method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | assignedToPropName | method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | InputAccessPathFromCallee | 1.headers.Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | assignedToPropName | Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | InputAccessPathFromCallee | 1.method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | assignedToPropName | method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | InputAccessPathFromCallee | 1.headers.Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | assignedToPropName | Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | InputAccessPathFromCallee | 0.variables |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | assignedToPropName | variables |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | InputAccessPathFromCallee | 0.variables.id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | assignedToPropName | id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | CalleeFlexibleAccessPath | github.getOctokit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | receiverName | github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | receiverName | kit |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | CalleeFlexibleAccessPath | ajv.compile |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | calleeImports | ajv |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | receiverName | ajv |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | calleeImports | express |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | calleeImports | express |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
@@ -184,7 +654,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | receiverName | MongoClient |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | InputArgumentIndex | 1 |
@@ -193,7 +663,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | receiverName | MongoClient |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | CalleeFlexibleAccessPath | db.collection |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputArgumentIndex | 0 |
@@ -201,20 +671,20 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | receiverName | db |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | CalleeFlexibleAccessPath | JSON.parse |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | receiverName | JSON |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | CalleeFlexibleAccessPath | checkSchema |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputArgumentIndex | 0 |
@@ -223,14 +693,14 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputArgumentIndex | 0 |
@@ -238,7 +708,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputArgumentIndex | 0 |
@@ -246,7 +716,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputArgumentIndex | 0 |
@@ -254,8 +724,488 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | receiverName | Joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | InputAccessPathFromCallee | 0.date |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | assignedToPropName | date |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | InputAccessPathFromCallee | 0.title |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | assignedToPropName | title |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | CalleeFlexibleAccessPath | Joi.object().with |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | CalleeFlexibleAccessPath | Joi.object().with |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | calleeImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | receiverName | MongoClient |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | calleeImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | receiverName | MongoClient |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | CalleeFlexibleAccessPath | db.collection |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | receiverName | db |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | CalleeFlexibleAccessPath | JSON.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | CalleeFlexibleAccessPath | ldap.createClient |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | CalleeFlexibleAccessPath | ldap.createClient |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | InputAccessPathFromCallee | 0.url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | assignedToPropName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | CalleeFlexibleAccessPath | input.replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | receiverName | input |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | CalleeFlexibleAccessPath | input.replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | receiverName | input |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | CalleeFlexibleAccessPath | input.replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | CalleeFlexibleAccessPath | input.replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | CalleeFlexibleAccessPath | input.replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | CalleeFlexibleAccessPath | input.replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | receiverName | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | calleeImports | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | receiverName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | calleeImports | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | receiverName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | CalleeFlexibleAccessPath | ldap.parseFilter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | contextSurroundingFunctionParameters | (req, res)\n(err, dn) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | CalleeFlexibleAccessPath | server.listen |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | receiverName | server |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | CalleeFlexibleAccessPath | server.listen |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | contextSurroundingFunctionParameters | () |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | receiverName | server |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | calleeImports |  |
@@ -309,16 +1259,16 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find |
@@ -326,9 +1276,17 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | CalleeFlexibleAccessPath | db.myDoc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | calleeImports | ./marsdb-flow-from |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | calleeImports |  |
@@ -376,16 +1334,16 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find |
@@ -393,10 +1351,19 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | calleeImports | marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | calleeImports |  |
@@ -2327,6 +3294,146 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | fileImports | ./mongooseModel body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | CalleeFlexibleAccessPath | mysql.createPool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | receiverName | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | InputAccessPathFromCallee | 0.values |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | assignedToPropName | values |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | receiverName | connection |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
@@ -2381,17 +3488,17 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | CalleeFlexibleAccessPath | db.any |
@@ -2399,7 +3506,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db |
@@ -2408,7 +3515,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db |
@@ -2417,7 +3524,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db |
@@ -2426,7 +3533,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db |
@@ -2435,7 +3542,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db |
@@ -2444,7 +3551,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db |
@@ -2453,7 +3560,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db |
@@ -2462,7 +3569,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db |
@@ -2471,7 +3578,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db |
@@ -2480,7 +3587,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db |
@@ -2489,7 +3596,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db |
@@ -2498,7 +3605,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2509,7 +3616,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2517,7 +3624,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2528,7 +3635,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2538,7 +3645,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2546,7 +3653,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | receiverName | db |
@@ -2557,7 +3664,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2567,7 +3674,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2575,7 +3682,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2586,7 +3693,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2596,7 +3703,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2604,7 +3711,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | receiverName | db |
@@ -2615,7 +3722,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | CalleeFlexibleAccessPath | db.one |
@@ -2625,22 +3732,22 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2648,7 +3755,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -2659,7 +3766,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | CalleeFlexibleAccessPath | db.one |
@@ -2669,7 +3776,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2679,7 +3786,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
@@ -2689,7 +3796,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2697,7 +3804,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -2708,7 +3815,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | CalleeFlexibleAccessPath | db.one |
@@ -2718,7 +3825,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2728,7 +3835,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
@@ -2738,7 +3845,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | CalleeFlexibleAccessPath | db.one |
@@ -2748,7 +3855,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | CalleeFlexibleAccessPath | db.task |
@@ -2756,7 +3863,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | receiverName | db |
@@ -2764,43 +3871,43 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputAccessPathFromCallee | 0.cnd |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | assignedToPropName | cnd |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputArgumentIndex | 1 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | receiverName | db |
@@ -2808,7 +3915,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t |
@@ -3542,37 +4649,37 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | InputArgumentIndex | 0 |
@@ -3581,7 +4688,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | InputArgumentIndex | 1 |
@@ -3590,7 +4697,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3598,7 +4705,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputArgumentIndex | 0 |
@@ -3607,7 +4714,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | InputArgumentIndex | 0 |
@@ -3615,7 +4722,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputArgumentIndex | 0 |
@@ -3624,7 +4731,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputArgumentIndex | 0 |
@@ -3633,7 +4740,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3641,7 +4748,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputArgumentIndex | 0 |
@@ -3650,7 +4757,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | CalleeFlexibleAccessPath | path.indexOf |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputArgumentIndex | 0 |
@@ -3659,7 +4766,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3667,7 +4774,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputArgumentIndex | 0 |
@@ -3676,7 +4783,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputArgumentIndex | 0 |
@@ -3685,7 +4792,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3693,7 +4800,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputArgumentIndex | 0 |
@@ -3702,7 +4809,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3710,7 +4817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputArgumentIndex | 0 |
@@ -3719,7 +4826,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3727,7 +4834,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputArgumentIndex | 0 |
@@ -3736,7 +4843,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3744,7 +4851,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputArgumentIndex | 0 |
@@ -3753,20 +4860,20 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputArgumentIndex | 0 |
@@ -3775,7 +4882,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | InputArgumentIndex | 0 |
@@ -3784,7 +4891,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | InputArgumentIndex | 1 |
@@ -3793,7 +4900,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3801,7 +4908,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3810,7 +4917,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | CalleeFlexibleAccessPath | pathModule.basename |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | InputArgumentIndex | 0 |
@@ -3819,7 +4926,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3827,7 +4934,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3836,7 +4943,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | CalleeFlexibleAccessPath | pathModule.dirname |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | InputArgumentIndex | 0 |
@@ -3845,7 +4952,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3853,7 +4960,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3862,7 +4969,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | CalleeFlexibleAccessPath | pathModule.extname |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | InputArgumentIndex | 0 |
@@ -3871,7 +4978,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3879,7 +4986,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputArgumentIndex | 0 |
@@ -3888,7 +4995,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | InputArgumentIndex | 0 |
@@ -3897,7 +5004,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | InputArgumentIndex | 0 |
@@ -3905,7 +5012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputArgumentIndex | 0 |
@@ -3914,7 +5021,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | InputArgumentIndex | 0 |
@@ -3923,7 +5030,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | InputArgumentIndex | 1 |
@@ -3932,7 +5039,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | InputArgumentIndex | 2 |
@@ -3941,7 +5048,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | InputArgumentIndex | 3 |
@@ -3950,7 +5057,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3958,7 +5065,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3967,7 +5074,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | InputArgumentIndex | 0 |
@@ -3976,7 +5083,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | InputArgumentIndex | 0 |
@@ -3984,7 +5091,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -3993,7 +5100,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | InputArgumentIndex | 0 |
@@ -4002,7 +5109,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | InputArgumentIndex | 1 |
@@ -4011,7 +5118,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | InputArgumentIndex | 0 |
@@ -4019,7 +5126,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputArgumentIndex | 0 |
@@ -4028,7 +5135,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | InputArgumentIndex | 0 |
@@ -4037,7 +5144,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | InputArgumentIndex | 1 |
@@ -4046,7 +5153,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4054,7 +5161,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -4063,7 +5170,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | InputArgumentIndex | 0 |
@@ -4072,7 +5179,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | InputArgumentIndex | 0 |
@@ -4080,7 +5187,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputArgumentIndex | 0 |
@@ -4089,7 +5196,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | InputArgumentIndex | 0 |
@@ -4098,7 +5205,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | InputArgumentIndex | 1 |
@@ -4107,7 +5214,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | InputArgumentIndex | 2 |
@@ -4116,7 +5223,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | InputArgumentIndex | 3 |
@@ -4125,7 +5232,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4133,7 +5240,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputArgumentIndex | 0 |
@@ -4142,7 +5249,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | CalleeFlexibleAccessPath | pathModule.toNamespacedPath |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | InputArgumentIndex | 0 |
@@ -4151,54 +5258,54 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | receiverName | angular |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | receiverName | angular |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive().directive |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive().directive |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | CalleeFlexibleAccessPath | Cookie.get |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionBody | templateUrl Cookie get unsafe |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | InputArgumentIndex | 0 |
@@ -4206,7 +5313,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputArgumentIndex | 0 |
@@ -4215,7 +5322,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputArgumentIndex | 0 |
@@ -4224,7 +5331,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | calleeImports | querystringify |
@@ -4232,14 +5339,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputArgumentIndex | 0 |
@@ -4248,7 +5355,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputArgumentIndex | 0 |
@@ -4257,7 +5364,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | calleeImports | query-string |
@@ -4265,14 +5372,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputArgumentIndex | 0 |
@@ -4281,7 +5388,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputArgumentIndex | 0 |
@@ -4290,7 +5397,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | calleeImports | querystring |
@@ -4298,7 +5405,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | calleeImports |  |
@@ -4306,14 +5413,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputArgumentIndex | 0 |
@@ -4322,7 +5429,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputArgumentIndex | 1 |
@@ -4331,7 +5438,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputArgumentIndex | 0 |
@@ -4340,7 +5447,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | calleeImports | express |
@@ -4348,7 +5455,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputArgumentIndex | 1 |
@@ -4357,25 +5464,25 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | CalleeFlexibleAccessPath | addEventListener |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | CalleeFlexibleAccessPath | addEventListener |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextSurroundingFunctionParameters | (ev) |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | CalleeFlexibleAccessPath | Cookie.set |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | contextSurroundingFunctionParameters | (ev) |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | enclosingFunctionBody | ev Cookie set unsafe ev data |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | CalleeFlexibleAccessPath | Cookie.set |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | InputArgumentIndex | 1 |
@@ -4383,14 +5490,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | contextSurroundingFunctionParameters | (ev) |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | enclosingFunctionBody | ev Cookie set unsafe ev data |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | InputArgumentIndex | 0 |
@@ -4399,7 +5506,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | InputArgumentIndex | 1 |
@@ -4408,7 +5515,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4416,7 +5523,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputArgumentIndex | 0 |
@@ -4425,7 +5532,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputArgumentIndex | 0 |
@@ -4434,7 +5541,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputArgumentIndex | 0 |
@@ -4443,7 +5550,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | CalleeFlexibleAccessPath | fs.realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | InputArgumentIndex | 1 |
@@ -4452,7 +5559,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | InputArgumentIndex | 0 |
@@ -4460,7 +5567,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputArgumentIndex | 0 |
@@ -4469,14 +5576,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | InputArgumentIndex | 0 |
@@ -4485,7 +5592,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | InputArgumentIndex | 1 |
@@ -4494,13 +5601,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | calleeImports | url |
@@ -4508,7 +5615,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | InputArgumentIndex | 1 |
@@ -4517,13 +5624,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | calleeImports | url |
@@ -4531,7 +5638,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | InputArgumentIndex | 1 |
@@ -4540,7 +5647,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -4548,7 +5655,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputArgumentIndex | 0 |
@@ -4557,14 +5664,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | InputArgumentIndex | 0 |
@@ -4573,7 +5680,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | InputArgumentIndex | 1 |
@@ -4582,13 +5689,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | calleeImports | url |
@@ -4596,7 +5703,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | InputArgumentIndex | 1 |
@@ -4605,13 +5712,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | calleeImports | url |
@@ -4619,7 +5726,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | InputArgumentIndex | 1 |
@@ -4628,7 +5735,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -4636,7 +5743,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputArgumentIndex | 0 |
@@ -4645,14 +5752,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | InputArgumentIndex | 0 |
@@ -4661,7 +5768,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | InputArgumentIndex | 1 |
@@ -4670,7 +5777,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputArgumentIndex | 0 |
@@ -4679,7 +5786,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | calleeImports | send |
@@ -4687,7 +5794,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | calleeImports | send |
@@ -4695,13 +5802,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | InputArgumentIndex | 0 |
@@ -4710,7 +5817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | InputArgumentIndex | 1 |
@@ -4719,7 +5826,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputArgumentIndex | 0 |
@@ -4728,7 +5835,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | CalleeFlexibleAccessPath | path.split |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputArgumentIndex | 0 |
@@ -4737,7 +5844,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputArgumentIndex | 0 |
@@ -4746,7 +5853,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | CalleeFlexibleAccessPath | split.join |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputArgumentIndex | 0 |
@@ -4755,7 +5862,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | receiverName | split |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | InputArgumentIndex | 0 |
@@ -4764,7 +5871,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputArgumentIndex | 0 |
@@ -4773,7 +5880,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputArgumentIndex | 0 |
@@ -4782,7 +5889,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | CalleeFlexibleAccessPath | prefix.concat |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | InputArgumentIndex | 0 |
@@ -4790,7 +5897,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | receiverName | prefix |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | stringConcatenatedWith | prefix -endpoint-  |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -4800,7 +5907,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | CalleeFlexibleAccessPath | concatted.join |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputArgumentIndex | 0 |
@@ -4808,7 +5915,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | receiverName | concatted |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | CalleeFlexibleAccessPath | split.concat |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | InputArgumentIndex | 0 |
@@ -4817,7 +5924,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | receiverName | split |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | stringConcatenatedWith | split -endpoint-  |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -4827,7 +5934,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | CalleeFlexibleAccessPath | concatted2.join |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputArgumentIndex | 0 |
@@ -4836,7 +5943,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | receiverName | concatted2 |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputArgumentIndex | 0 |
@@ -4845,14 +5952,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | InputArgumentIndex | 0 |
@@ -4861,7 +5968,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | InputArgumentIndex | 1 |
@@ -4870,7 +5977,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4878,7 +5985,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4887,7 +5994,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
@@ -4896,7 +6003,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | InputArgumentIndex | 1 |
@@ -4905,7 +6012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4913,7 +6020,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4922,7 +6029,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | InputArgumentIndex | 0 |
@@ -4931,7 +6038,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | InputArgumentIndex | 1 |
@@ -4940,7 +6047,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4948,7 +6055,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4957,7 +6064,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | InputArgumentIndex | 0 |
@@ -4966,7 +6073,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | InputArgumentIndex | 1 |
@@ -4975,7 +6082,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4983,7 +6090,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4992,7 +6099,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | InputArgumentIndex | 0 |
@@ -5001,7 +6108,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | InputArgumentIndex | 1 |
@@ -5010,7 +6117,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5018,7 +6125,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5027,7 +6134,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | InputArgumentIndex | 0 |
@@ -5036,7 +6143,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | InputArgumentIndex | 1 |
@@ -5045,7 +6152,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5053,7 +6160,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5062,7 +6169,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | InputArgumentIndex | 0 |
@@ -5071,7 +6178,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | InputArgumentIndex | 1 |
@@ -5080,7 +6187,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5088,7 +6195,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5097,7 +6204,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | InputArgumentIndex | 0 |
@@ -5106,7 +6213,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | InputArgumentIndex | 1 |
@@ -5115,7 +6222,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5123,7 +6230,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5132,7 +6239,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | InputArgumentIndex | 0 |
@@ -5141,7 +6248,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | InputArgumentIndex | 1 |
@@ -5150,7 +6257,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5158,7 +6265,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5167,7 +6274,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | InputArgumentIndex | 0 |
@@ -5176,7 +6283,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | InputArgumentIndex | 1 |
@@ -5185,7 +6292,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5193,7 +6300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5202,7 +6309,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | InputArgumentIndex | 0 |
@@ -5211,7 +6318,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | InputArgumentIndex | 1 |
@@ -5220,7 +6327,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5228,7 +6335,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5237,7 +6344,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | InputArgumentIndex | 0 |
@@ -5246,7 +6353,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | InputArgumentIndex | 1 |
@@ -5255,7 +6362,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5263,7 +6370,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5272,7 +6379,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | InputArgumentIndex | 0 |
@@ -5281,7 +6388,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | InputArgumentIndex | 1 |
@@ -5290,7 +6397,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5298,7 +6405,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5307,7 +6414,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | InputArgumentIndex | 0 |
@@ -5316,7 +6423,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | InputArgumentIndex | 1 |
@@ -5325,7 +6432,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5333,7 +6440,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5342,7 +6449,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | InputArgumentIndex | 0 |
@@ -5351,7 +6458,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | InputArgumentIndex | 1 |
@@ -5360,7 +6467,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | InputArgumentIndex | 0 |
@@ -5368,7 +6475,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5377,7 +6484,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | InputArgumentIndex | 0 |
@@ -5386,7 +6493,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5395,7 +6502,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | calleeImports | path |
@@ -5403,14 +6510,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5419,7 +6526,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | InputArgumentIndex | 0 |
@@ -5428,7 +6535,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5437,7 +6544,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | calleeImports | path |
@@ -5445,14 +6552,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5461,7 +6568,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | InputArgumentIndex | 0 |
@@ -5470,7 +6577,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | InputArgumentIndex | 0 |
@@ -5479,7 +6586,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | calleeImports | path |
@@ -5487,14 +6594,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputArgumentIndex | 0 |
@@ -5503,7 +6610,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | InputArgumentIndex | 0 |
@@ -5512,7 +6619,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | InputArgumentIndex | 0 |
@@ -5521,7 +6628,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | calleeImports | path |
@@ -5529,14 +6636,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5545,7 +6652,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5554,7 +6661,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | InputArgumentIndex | 1 |
@@ -5563,7 +6670,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | InputArgumentIndex | 0 |
@@ -5571,7 +6678,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputArgumentIndex | 0 |
@@ -5580,7 +6687,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | InputArgumentIndex | 0 |
@@ -5589,7 +6696,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5598,7 +6705,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | calleeImports | path |
@@ -5606,7 +6713,639 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | CalleeFlexibleAccessPath | qs.parse |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | calleeImports | qs |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | receiverName | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | CalleeFlexibleAccessPath | qs.parse |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | calleeImports | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | receiverName | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | CalleeFlexibleAccessPath | normalizeUrl |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | calleeImports | normalize-url |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | CalleeFlexibleAccessPath | parseqs.decode |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | calleeImports | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | receiverName | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | receiverName | url |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputAccessPathFromCallee | 2.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | calleeImports |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | calleeImports |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | CalleeFlexibleAccessPath | app.use |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | calleeImports | express |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | receiverName | app |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | calleeImports | express |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | receiverName | app |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | calleeImports | express |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | receiverName | app |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | CalleeFlexibleAccessPath | req.files.foo.mv |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionBody | req res req files foo mv req query bar |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | CalleeFlexibleAccessPath | fs.readFileSync().split |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | CalleeFlexibleAccessPath | fs.readFileSync().split().map |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | contextSurroundingFunctionParameters | ()\n(prefix, filePath)\n(line) |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | CalleeFlexibleAccessPath | fs.readFileSync().split().map().join |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | CalleeFlexibleAccessPath | data.compiledFileAccess |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | CalleeFlexibleAccessPath | data.compiledFileAccess |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | CalleeFlexibleAccessPath | data.compiledBenign |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | CalleeFlexibleAccessPath | data.compiledBenign |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | InputAccessPathFromCallee | 0.name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | assignedToPropName | name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | CalleeFlexibleAccessPath | data.compiledUnknown |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | CalleeFlexibleAccessPath | data.compiledUnknown |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | InputAccessPathFromCallee | 0.name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | assignedToPropName | name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | InputAccessPathFromCallee | 0.prefix |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | assignedToPropName | prefix |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | InputAccessPathFromCallee | 0.prefix |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | assignedToPropName | prefix |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | fileImports | express fs handlebars |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | calleeImports |  |
@@ -5660,44 +7399,44 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 |
@@ -5706,7 +7445,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputArgumentIndex | 0 |
@@ -5715,7 +7454,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputArgumentIndex | 0 |
@@ -5724,7 +7463,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -5733,7 +7472,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | InputArgumentIndex | 0 |
@@ -5742,7 +7481,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -5751,7 +7490,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -5760,7 +7499,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -5769,7 +7508,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | InputArgumentIndex | 1 |
@@ -5778,27 +7517,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | calleeImports | path |
@@ -5806,7 +7545,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputArgumentIndex | 0 |
@@ -5815,7 +7554,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputArgumentIndex | 0 |
@@ -5824,7 +7563,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputArgumentIndex | 0 |
@@ -5833,7 +7572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -5842,7 +7581,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | InputArgumentIndex | 0 |
@@ -5851,7 +7590,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -5860,7 +7599,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -5869,7 +7608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -5878,7 +7617,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | InputArgumentIndex | 1 |
@@ -5887,27 +7626,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | calleeImports | path |
@@ -5915,7 +7654,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputArgumentIndex | 0 |
@@ -5924,7 +7663,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputArgumentIndex | 0 |
@@ -5933,7 +7672,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputArgumentIndex | 0 |
@@ -5942,7 +7681,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputArgumentIndex | 0 |
@@ -5951,7 +7690,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputArgumentIndex | 0 |
@@ -5960,7 +7699,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputArgumentIndex | 0 |
@@ -5969,7 +7708,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputArgumentIndex | 0 |
@@ -5978,7 +7717,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputArgumentIndex | 0 |
@@ -5987,7 +7726,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
@@ -5996,7 +7735,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputArgumentIndex | 0 |
@@ -6005,27 +7744,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | calleeImports | path |
@@ -6033,7 +7772,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputArgumentIndex | 0 |
@@ -6042,7 +7781,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputArgumentIndex | 0 |
@@ -6051,7 +7790,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputArgumentIndex | 0 |
@@ -6060,7 +7799,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputArgumentIndex | 0 |
@@ -6069,7 +7808,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputArgumentIndex | 0 |
@@ -6078,7 +7817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputArgumentIndex | 0 |
@@ -6087,27 +7826,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | calleeImports | path |
@@ -6115,7 +7854,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputArgumentIndex | 0 |
@@ -6124,7 +7863,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputArgumentIndex | 0 |
@@ -6133,7 +7872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputArgumentIndex | 0 |
@@ -6142,21 +7881,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6164,7 +7903,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputArgumentIndex | 0 |
@@ -6173,7 +7912,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6181,7 +7920,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6189,7 +7928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputArgumentIndex | 0 |
@@ -6198,27 +7937,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | calleeImports | path |
@@ -6226,7 +7965,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6234,7 +7973,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputArgumentIndex | 0 |
@@ -6243,7 +7982,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6252,7 +7991,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6260,7 +7999,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputArgumentIndex | 0 |
@@ -6269,27 +8008,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | calleeImports | path |
@@ -6297,7 +8036,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputArgumentIndex | 0 |
@@ -6306,7 +8045,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputArgumentIndex | 0 |
@@ -6315,7 +8054,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputArgumentIndex | 0 |
@@ -6324,27 +8063,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | calleeImports | fs |
@@ -6352,7 +8091,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputArgumentIndex | 0 |
@@ -6361,7 +8100,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -6370,7 +8109,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | InputArgumentIndex | 0 |
@@ -6379,7 +8118,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -6388,7 +8127,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputArgumentIndex | 0 |
@@ -6397,7 +8136,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputArgumentIndex | 0 |
@@ -6406,7 +8145,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -6415,7 +8154,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | InputArgumentIndex | 0 |
@@ -6424,7 +8163,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | InputArgumentIndex | 1 |
@@ -6433,7 +8172,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -6442,7 +8181,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6451,7 +8190,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | InputArgumentIndex | 1 |
@@ -6460,27 +8199,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | calleeImports | path |
@@ -6488,7 +8227,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | InputArgumentIndex | 1 |
@@ -6497,7 +8236,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputArgumentIndex | 0 |
@@ -6506,7 +8245,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputArgumentIndex | 0 |
@@ -6515,7 +8254,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputArgumentIndex | 0 |
@@ -6524,27 +8263,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | calleeImports | path |
@@ -6552,7 +8291,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | InputArgumentIndex | 1 |
@@ -6561,7 +8300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6570,7 +8309,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputArgumentIndex | 0 |
@@ -6579,7 +8318,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputArgumentIndex | 0 |
@@ -6588,27 +8327,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | calleeImports | path |
@@ -6616,7 +8355,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputArgumentIndex | 0 |
@@ -6625,7 +8364,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputArgumentIndex | 0 |
@@ -6634,7 +8373,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputArgumentIndex | 0 |
@@ -6643,7 +8382,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputArgumentIndex | 0 |
@@ -6652,7 +8391,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputArgumentIndex | 0 |
@@ -6661,27 +8400,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | calleeImports | path |
@@ -6689,7 +8428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputArgumentIndex | 0 |
@@ -6698,7 +8437,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputArgumentIndex | 0 |
@@ -6707,7 +8446,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputArgumentIndex | 0 |
@@ -6716,7 +8455,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputArgumentIndex | 0 |
@@ -6725,21 +8464,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputArgumentIndex | 0 |
@@ -6747,7 +8486,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputArgumentIndex | 0 |
@@ -6755,7 +8494,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputArgumentIndex | 0 |
@@ -6763,7 +8502,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputArgumentIndex | 0 |
@@ -6772,7 +8511,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputArgumentIndex | 0 |
@@ -6781,7 +8520,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputArgumentIndex | 0 |
@@ -6790,7 +8529,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputArgumentIndex | 0 |
@@ -6798,7 +8537,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputArgumentIndex | 0 |
@@ -6807,7 +8546,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputArgumentIndex | 0 |
@@ -6816,7 +8555,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputArgumentIndex | 0 |
@@ -6824,7 +8563,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputArgumentIndex | 0 |
@@ -6833,7 +8572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputArgumentIndex | 0 |
@@ -6842,7 +8581,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | InputArgumentIndex | 0 |
@@ -6851,7 +8590,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6860,7 +8599,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6869,7 +8608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6878,7 +8617,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6887,7 +8626,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputArgumentIndex | 0 |
@@ -6896,7 +8635,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6905,7 +8644,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6914,27 +8653,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | calleeImports | path |
@@ -6942,7 +8681,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputArgumentIndex | 0 |
@@ -6951,7 +8690,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputArgumentIndex | 0 |
@@ -6960,27 +8699,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputArgumentIndex | 0 |
@@ -6989,27 +8728,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | calleeImports | path |
@@ -7017,7 +8756,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | InputArgumentIndex | 0 |
@@ -7026,7 +8765,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | calleeImports | path |
@@ -7034,7 +8773,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | calleeImports | fs |
@@ -7042,13 +8781,13 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | calleeImports | path |
@@ -7056,7 +8795,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | InputArgumentIndex | 1 |
@@ -7065,7 +8804,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputArgumentIndex | 0 |
@@ -7074,27 +8813,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | calleeImports | path |
@@ -7102,7 +8841,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputArgumentIndex | 0 |
@@ -7111,7 +8850,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | CalleeFlexibleAccessPath | path.substring |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputArgumentIndex | 0 |
@@ -7120,7 +8859,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputArgumentIndex | 1 |
@@ -7129,7 +8868,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputArgumentIndex | 0 |
@@ -7138,7 +8877,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputArgumentIndex | 0 |
@@ -7147,7 +8886,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | CalleeFlexibleAccessPath | path.slice |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputArgumentIndex | 0 |
@@ -7156,7 +8895,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputArgumentIndex | 1 |
@@ -7165,7 +8904,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputArgumentIndex | 0 |
@@ -7174,7 +8913,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputArgumentIndex | 0 |
@@ -7183,27 +8922,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | calleeImports | path |
@@ -7211,7 +8950,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputArgumentIndex | 0 |
@@ -7220,7 +8959,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | InputArgumentIndex | 0 |
@@ -7229,7 +8968,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | InputArgumentIndex | 1 |
@@ -7238,7 +8977,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
@@ -7247,7 +8986,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | receiverName | relative |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputArgumentIndex | 0 |
@@ -7256,7 +8995,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputArgumentIndex | 0 |
@@ -7265,7 +9004,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | InputArgumentIndex | 0 |
@@ -7274,7 +9013,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7283,7 +9022,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7292,7 +9031,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | InputArgumentIndex | 1 |
@@ -7301,7 +9040,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | InputArgumentIndex | 0 |
@@ -7310,7 +9049,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputArgumentIndex | 0 |
@@ -7319,7 +9058,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputArgumentIndex | 0 |
@@ -7328,7 +9067,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | InputArgumentIndex | 0 |
@@ -7337,7 +9076,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7346,7 +9085,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7355,7 +9094,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | InputArgumentIndex | 1 |
@@ -7364,7 +9103,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | CalleeFlexibleAccessPath | relativePath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputArgumentIndex | 0 |
@@ -7373,7 +9112,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputArgumentIndex | 0 |
@@ -7382,7 +9121,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputArgumentIndex | 0 |
@@ -7391,7 +9130,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | InputArgumentIndex | 0 |
@@ -7400,7 +9139,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7409,7 +9148,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7418,7 +9157,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | InputArgumentIndex | 1 |
@@ -7427,7 +9166,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | InputArgumentIndex | 0 |
@@ -7436,7 +9175,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputArgumentIndex | 0 |
@@ -7445,7 +9184,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | calleeImports | fs |
@@ -7453,7 +9192,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputArgumentIndex | 0 |
@@ -7462,7 +9201,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | InputArgumentIndex | 0 |
@@ -7471,7 +9210,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7480,7 +9219,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7489,7 +9228,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | InputArgumentIndex | 1 |
@@ -7498,7 +9237,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | InputArgumentIndex | 0 |
@@ -7507,7 +9246,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputArgumentIndex | 0 |
@@ -7516,7 +9255,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | calleeImports | fs |
@@ -7524,7 +9263,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputArgumentIndex | 0 |
@@ -7533,33 +9272,33 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputArgumentIndex | 0 |
@@ -7568,7 +9307,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputArgumentIndex | 0 |
@@ -7577,7 +9316,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputArgumentIndex | 0 |
@@ -7586,7 +9325,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputArgumentIndex | 0 |
@@ -7595,7 +9334,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | calleeImports | path-is-inside |
@@ -7603,7 +9342,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | calleeImports | fs |
@@ -7611,7 +9350,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputArgumentIndex | 0 |
@@ -7620,7 +9359,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | InputArgumentIndex | 0 |
@@ -7629,7 +9368,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | InputArgumentIndex | 1 |
@@ -7638,7 +9377,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7647,7 +9386,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | calleeImports | path-is-inside |
@@ -7655,7 +9394,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | calleeImports | fs |
@@ -7663,7 +9402,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7672,7 +9411,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7681,7 +9420,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | calleeImports | path-is-inside |
@@ -7689,7 +9428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | calleeImports | fs |
@@ -7697,7 +9436,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7706,27 +9445,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | calleeImports | path |
@@ -7734,7 +9473,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputArgumentIndex | 0 |
@@ -7743,7 +9482,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | InputArgumentIndex | 0 |
@@ -7752,7 +9491,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputArgumentIndex | 0 |
@@ -7761,7 +9500,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputArgumentIndex | 0 |
@@ -7770,7 +9509,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputArgumentIndex | 0 |
@@ -7779,21 +9518,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputArgumentIndex | 0 |
@@ -7802,7 +9541,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | InputArgumentIndex | 0 |
@@ -7811,7 +9550,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | InputArgumentIndex | 1 |
@@ -7820,7 +9559,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputArgumentIndex | 0 |
@@ -7828,14 +9567,14 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | calleeImports | fs |
@@ -7843,7 +9582,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputArgumentIndex | 0 |
@@ -7852,7 +9591,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputArgumentIndex | 0 |
@@ -7861,7 +9600,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputArgumentIndex | 0 |
@@ -7869,50 +9608,217 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | CalleeFlexibleAccessPath | slash |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | calleeImports | slash |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | CalleeFlexibleAccessPath | pathModule.normalize |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | receiverName | pathModule |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | InputArgumentIndex | 0 |
@@ -7921,7 +9827,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | InputArgumentIndex | 1 |
@@ -7930,7 +9836,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 |
@@ -7939,7 +9845,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputArgumentIndex | 0 |
@@ -7948,7 +9854,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputArgumentIndex | 0 |
@@ -7957,7 +9863,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputArgumentIndex | 0 |
@@ -7966,7 +9872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputArgumentIndex | 0 |
@@ -7974,14 +9880,14 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | calleeImports |  |
@@ -7989,7 +9895,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | calleeImports | ./my-fs-module |
@@ -7997,7 +9903,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | calleeImports |  |
@@ -8005,7 +9911,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | calleeImports |  |
@@ -8013,7 +9919,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputArgumentIndex | 0 |
@@ -8022,7 +9928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextSurroundingFunctionParameters | (special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionBody | special special require fs require original-fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | calleeImports |  |
@@ -8030,19 +9936,19 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextSurroundingFunctionParameters | (special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | InputArgumentIndex | 0 |
@@ -8051,7 +9957,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | InputArgumentIndex | 1 |
@@ -8060,7 +9966,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | CalleeFlexibleAccessPath | util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputArgumentIndex | 0 |
@@ -8069,7 +9975,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | receiverName | util |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputArgumentIndex | 0 |
@@ -8078,7 +9984,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | calleeImports |  |
@@ -8086,7 +9992,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | CalleeFlexibleAccessPath | import(!).promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | calleeImports | bluebird |
@@ -8094,7 +10000,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | calleeImports | bluebird |
@@ -8102,7 +10008,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | calleeImports |  |
@@ -8110,7 +10016,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | CalleeFlexibleAccessPath | import(!).promisifyAll |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | calleeImports | bluebird |
@@ -8118,7 +10024,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | calleeImports | bluebird |
@@ -8126,56 +10032,370 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | calleeImports | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | calleeImports | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | CalleeFlexibleAccessPath | import(!)().readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | receiverName | readPkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | receiverName | readPkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | receiverName | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | CalleeFlexibleAccessPath | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | CalleeFlexibleAccessPath | mkdirp.sync |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | receiverName | mkdirp |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | calleeImports |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | calleeImports |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | calleeImports | express |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | receiverName | app |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | CalleeFlexibleAccessPath | prettier.resolveConfig().then |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputAccessPathFromCallee | 1.config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | assignedToPropName | config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | CalleeFlexibleAccessPath | prettier.resolveConfig().then |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | receiverName | prettier |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | calleeImports |  |
@@ -8248,25 +10468,25 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | InputArgumentIndex | 0 |
@@ -8275,7 +10495,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | InputArgumentIndex | 1 |
@@ -8284,7 +10504,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | receiverName | url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputArgumentIndex | 0 |
@@ -8293,7 +10513,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputArgumentIndex | 0 |
@@ -8302,7 +10522,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputArgumentIndex | 0 |
@@ -8311,7 +10531,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputArgumentIndex | 0 |
@@ -8320,7 +10540,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputArgumentIndex | 0 |
@@ -8329,7 +10549,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8338,7 +10558,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8347,7 +10567,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8356,8 +10576,111 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | calleeImports |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | CalleeFlexibleAccessPath | nodefs.readFileSync |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | calleeImports | node:fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | receiverName | nodefs |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | calleeImports |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputArgumentIndex | 3 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextSurroundingFunctionParameters | (req, res)\n(err) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | calleeImports |  |
@@ -8475,20 +10798,20 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | calleeImports | express |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | receiverName | app |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | calleeImports | express |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | receiverName | app |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputArgumentIndex | 0 |
@@ -8497,15 +10820,94 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | CalleeFlexibleAccessPath | req.param |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | calleeImports |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | calleeImports | express |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | receiverName | app |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | CalleeFlexibleAccessPath | resolve.sync |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | receiverName | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | InputAccessPathFromCallee | 1.basedir |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | assignedToPropName | basedir |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -9390,17 +11792,17 @@ tokenFeatures
 | autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | receiverName | res |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument |
@@ -9408,17 +11810,17 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument |
@@ -9426,57 +11828,57 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | CalleeFlexibleAccessPath | window.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | receiverName | window |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | CalleeFlexibleAccessPath | window.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | receiverName | window |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | CalleeFlexibleAccessPath | foo.bind |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | receiverName | foo |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | CalleeFlexibleAccessPath | foo.bind |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | receiverName | foo |
@@ -9484,11 +11886,35 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputAccessPathFromCallee | 1.data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | assignedToPropName | data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | CalleeFlexibleAccessPath | mySet.includes |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | receiverName | mySet |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | CalleeFlexibleAccessPath | Component |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputAccessPathFromCallee | 0.selector |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputArgumentIndex | 0 |
@@ -9660,18 +12086,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNames() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9680,30 +12106,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNames() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesD() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9712,30 +12138,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | calleeImports | classnames/dedupe |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesD() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesB() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9744,12 +12170,12 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | calleeImports | classnames/bind |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesB() -endpoint-  |
@@ -9758,7 +12184,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | receiverName | classNames |
@@ -9769,24 +12195,24 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | stringConcatenatedWith |  -endpoint- unsafeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9795,12 +12221,12 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | stringConcatenatedWith | '<span class="' + unsafeStyle() -endpoint-  |
@@ -9809,25 +12235,25 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | receiverName | classNames |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9836,30 +12262,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9868,30 +12294,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | stringConcatenatedWith |  -endpoint- clsx() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9900,15 +12326,408 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | calleeImports | clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | stringConcatenatedWith | '<span class="' + clsx() -endpoint-  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | stringConcatenatedWith |  -endpoint- '<span class="' + clsx() + '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | stringConcatenatedWith | document.body.innerHTML -endpoint- clsx() + '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | stringConcatenatedWith | document.body.innerHTML + '<span class="' -endpoint- '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | CalleeFlexibleAccessPath | clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | calleeImports | clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | stringConcatenatedWith | document.body.innerHTML + '<span class="' + clsx() -endpoint-  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | contextSurroundingFunctionParameters | (el) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | receiverName | el |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | receiverName | el |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | CalleeFlexibleAccessPath | e.originalEvent.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.types.includes |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | CalleeFlexibleAccessPath | container.getElementsByTagName |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | receiverName | container |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | CalleeFlexibleAccessPath | e.clipboardData.types.includes |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | CalleeFlexibleAccessPath | Array.from |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | receiverName | Array |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | CalleeFlexibleAccessPath | div.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | receiverName | div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | div.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | receiverName | div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextFunctionInterfaces | constructor(args)\ntest() |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionBody | innerHTML window name |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | fileImports | dummy |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | calleeImports |  |
@@ -10013,194 +12832,834 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | fileImports | d3 |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | CalleeFlexibleAccessPath | dateFnsEsm.format |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | calleeImports | date-fns/esm |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | receiverName | dateFnsEsm |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | CalleeFlexibleAccessPath | dateFnsEsm.format |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | calleeImports | date-fns/esm |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | receiverName | dateFnsEsm |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | CalleeFlexibleAccessPath | dateFnsFp.format |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | receiverName | dateFnsFp |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | CalleeFlexibleAccessPath | dateFnsFp.format() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | CalleeFlexibleAccessPath | dateFnsFp.format |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | receiverName | dateFnsFp |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | CalleeFlexibleAccessPath | dateFnsFp.format() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | CalleeFlexibleAccessPath | moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | CalleeFlexibleAccessPath | moment().format |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | CalleeFlexibleAccessPath | moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | CalleeFlexibleAccessPath | dateformat |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | calleeImports | dateformat |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | CalleeFlexibleAccessPath | dateformat |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | calleeImports | dateformat |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | CalleeFlexibleAccessPath | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | calleeImports | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | CalleeFlexibleAccessPath | dayjs().format |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | calleeImports | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | CalleeFlexibleAccessPath | dateFns.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | calleeImports | @date-io/date-fns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | receiverName | dateFns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | CalleeFlexibleAccessPath | dateFns.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | calleeImports | @date-io/date-fns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | receiverName | dateFns |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | CalleeFlexibleAccessPath | luxon.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | CalleeFlexibleAccessPath | luxon.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | CalleeFlexibleAccessPath | moment.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | CalleeFlexibleAccessPath | moment.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | CalleeFlexibleAccessPath | dayjs.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | CalleeFlexibleAccessPath | dayjs.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | CalleeFlexibleAccessPath | DateTime.now().plus |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | CalleeFlexibleAccessPath | DateTime.now().plus |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | InputAccessPathFromCallee | 0.years |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | assignedToPropName | years |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | CalleeFlexibleAccessPath | DateTime.now().plus().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | CalleeFlexibleAccessPath | DateTime().setLocale |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | CalleeFlexibleAccessPath | DateTime().setLocale().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | CalleeFlexibleAccessPath | DateTime.fromISO |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | receiverName | DateTime |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | CalleeFlexibleAccessPath | DateTime.fromISO().startOf |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | CalleeFlexibleAccessPath | DateTime.fromISO().startOf().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | CalleeFlexibleAccessPath | moment.addDays |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | CalleeFlexibleAccessPath | moment.date |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | CalleeFlexibleAccessPath | moment.addDays |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | CalleeFlexibleAccessPath | moment.addDays().format |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | CalleeFlexibleAccessPath | luxon.endOfDay |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | CalleeFlexibleAccessPath | luxon.endOfDay().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | CalleeFlexibleAccessPath | dayjs.setHours |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | CalleeFlexibleAccessPath | dayjs.setHours |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | CalleeFlexibleAccessPath | dayjs.setHours().format |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | contextSurroundingFunctionParameters | (el) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | receiverName | el |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | receiverName | el |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | CalleeFlexibleAccessPath | e.originalEvent.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.types.includes |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | CalleeFlexibleAccessPath | container.getElementsByTagName |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | receiverName | container |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | CalleeFlexibleAccessPath | e.dataTransfer.types.includes |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | CalleeFlexibleAccessPath | Array.from |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | receiverName | Array |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
@@ -10319,33 +13778,33 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '">' |
@@ -10353,18 +13812,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '">' |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
@@ -10372,26 +13831,26 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | stringConcatenatedWith |  -endpoint- location.toString() + '</b>' |
@@ -10399,18 +13858,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | stringConcatenatedWith | '<b>' + location.toString() -endpoint-  |
@@ -10418,49 +13877,276 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | receiverName | document |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | CalleeFlexibleAccessPath | hash.substr |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | CalleeFlexibleAccessPath | hash.slice |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | CalleeFlexibleAccessPath | window.location.search.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | CalleeFlexibleAccessPath | window.location.search.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | stringConcatenatedWith |  -endpoint- hash + '</b>' |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | stringConcatenatedWith | '<b>' + hash -endpoint-  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -11957,6 +15643,105 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionName |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | receiverName | searchParams |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | CalleeFlexibleAccessPath | policy1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | receiverName | policy1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | CalleeFlexibleAccessPath | policy2.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | receiverName | policy2 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | CalleeFlexibleAccessPath | policy3.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | receiverName | policy3 |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextFunctionInterfaces |  |
@@ -12095,1751 +15880,2210 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | receiverName | foo |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | stringConcatenatedWith |  -endpoint- document.location.href.substring() + '</OPTION>' |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | stringConcatenatedWith | '<OPTION value=1>' -endpoint- '</OPTION>' |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | CalleeFlexibleAccessPath | document.location.href.indexOf |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | stringConcatenatedWith | '<OPTION value=1>' + document.location.href.substring() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- target + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | stringConcatenatedWith | '<div style="width:' + target -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- ? + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | stringConcatenatedWith | '<div style="width:' + ? -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- parseInt() + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | CalleeFlexibleAccessPath | parseInt |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | stringConcatenatedWith | '<div style="width:' + parseInt() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | CalleeFlexibleAccessPath | params.get |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | receiverName | params |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | CalleeFlexibleAccessPath | URLSearchParams |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | CalleeFlexibleAccessPath | target.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | CalleeFlexibleAccessPath | searchParams.get |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | receiverName | searchParams |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | stringConcatenatedWith |  -endpoint- s + '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | stringConcatenatedWith | '<div>' + s -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | CalleeFlexibleAccessPath | s.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionBody | s s s substr 1  |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionName | chop |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | receiverName | s |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | CalleeFlexibleAccessPath | ?.forEach |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | CalleeFlexibleAccessPath | angular.module().service |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsUNKNOWN |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | CalleeFlexibleAccessPath | $other.trustAsHtml |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | receiverName | $other |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | CalleeFlexibleAccessPath | angular.module().service().service |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | CalleeFlexibleAccessPath | angular.element().html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().service().service().directive |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | CalleeFlexibleAccessPath | element.html |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | CalleeFlexibleAccessPath | document.location.search.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | CalleeFlexibleAccessPath | ?.exec |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | CalleeFlexibleAccessPath | v.match |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService1) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | CalleeFlexibleAccessPath | angular.module().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService2) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | CalleeFlexibleAccessPath | parser.parseFromString |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML.__html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | CalleeFlexibleAccessPath | React.createFactory |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML.__html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextSurroundingFunctionParameters | ()\n()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | CalleeFlexibleAccessPath | super |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextSurroundingFunctionParameters | ()\n(props) |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | CalleeFlexibleAccessPath | range.selectNode |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | CalleeFlexibleAccessPath | document.getElementsByTagName |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | CalleeFlexibleAccessPath | document.getElementsByTagName().item |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | CalleeFlexibleAccessPath | params.get |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | receiverName | params |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | CalleeFlexibleAccessPath | myUrl.get |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | receiverName | myUrl |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | CalleeFlexibleAccessPath | getUrl().hash.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | CalleeFlexibleAccessPath | this.html |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | CalleeFlexibleAccessPath | document.location.href.split |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | CalleeFlexibleAccessPath | window.location.hash.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | CalleeFlexibleAccessPath | window.location.hash.match |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | CalleeFlexibleAccessPath | window.location.hash.split |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | receiverName | target |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | CalleeFlexibleAccessPath | Element |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputAccessPathFromCallee | ?.html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | CalleeFlexibleAccessPath | Element().appendHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | CalleeFlexibleAccessPath | ansiToHtml.toHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | calleeImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | receiverName | ansiToHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | CalleeFlexibleAccessPath | table.insertRow |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | receiverName | table |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | CalleeFlexibleAccessPath | document.location.search.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputAccessPathFromCallee | 0.href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | CalleeFlexibleAccessPath | ?.join |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | CalleeFlexibleAccessPath | url.startsWith |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | receiverName | url |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | CalleeFlexibleAccessPath | window.open |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | receiverName | window |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | CalleeFlexibleAccessPath | location.hash.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | CalleeFlexibleAccessPath | navigation.navigate |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | receiverName | navigation |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | CalleeFlexibleAccessPath | location.hash.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | CalleeFlexibleAccessPath | Bloodhound |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
@@ -14293,19 +18537,19 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | CalleeFlexibleAccessPath | $().ready |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputArgumentIndex | 1 |
@@ -14313,7 +18557,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | InputArgumentIndex | 2 |
@@ -14321,7 +18565,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputArgumentIndex | 0 |
@@ -14329,7 +18573,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputArgumentIndex | 1 |
@@ -14337,7 +18581,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | CalleeFlexibleAccessPath | JSON.parse |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | InputArgumentIndex | 0 |
@@ -14345,7 +18589,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | receiverName | JSON |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputArgumentIndex | 0 |
@@ -14353,28 +18597,76 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | CalleeFlexibleAccessPath | $().ready |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | CalleeFlexibleAccessPath | got.get |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | calleeImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | receiverName | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | CalleeFlexibleAccessPath | JSON.parse |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | receiverName | JSON |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | fileImports | got |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | receiverName | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputAccessPathFromCallee | 0.type |
@@ -14383,7 +18675,7 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputAccessPathFromCallee | 0.additionalProperties |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputArgumentIndex | 0 |
@@ -14391,7 +18683,7 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputAccessPathFromCallee | 0.additionalProperties.type |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputArgumentIndex | 0 |
@@ -14399,27 +18691,27 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputArgumentIndex | 1 |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | receiverName | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | CalleeFlexibleAccessPath | app.post |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | calleeImports | express |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | receiverName | app |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | CalleeFlexibleAccessPath | app.post |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | calleeImports | express |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | receiverName | app |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | InputArgumentIndex | 0 |
@@ -14427,8 +18719,70 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | enclosingFunctionBody | req res ajv validate pollData req body res send ajv errorsText |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | receiverName | res |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | calleeImports |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | InputAccessPathFromCallee | 0.name |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | assignedToPropName | name |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | InputAccessPathFromCallee | 0.age |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | assignedToPropName | age |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | CalleeFlexibleAccessPath | joi.object().keys().with |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | CalleeFlexibleAccessPath | joi.object().keys().with |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | InputArgumentIndex | 1 |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | calleeImports | express |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | receiverName | app |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | calleeImports | express |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | receiverName | app |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | enclosingFunctionBody | req res val joiSchema validate req body val error res send val error |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | receiverName | res |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | CalleeFlexibleAccessPath | unknown |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
@@ -15193,722 +19547,743 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | enclosingFunctionBody | req res isValidUserId req params id res send Unknown user:  req params id moreBadStuff req params res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextSurroundingFunctionParameters | (params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | enclosingFunctionBody | params res res send Unknown user:  params id |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | enclosingFunctionName | moreBadStuff |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | CalleeFlexibleAccessPath | marked |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | calleeImports | marked |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | CalleeFlexibleAccessPath | table |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | calleeImports | markdown-table |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | CalleeFlexibleAccessPath | converter.makeHtml |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | calleeImports | showdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | receiverName | converter |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | CalleeFlexibleAccessPath | unified().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | CalleeFlexibleAccessPath | unified().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputAccessPathFromCallee | 1.title |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | assignedToPropName | title |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | CalleeFlexibleAccessPath | unified().use().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | CalleeFlexibleAccessPath | unified().use().use().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | CalleeFlexibleAccessPath | unified().use().use().use().use().use().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | unified().use().use().use().use().use().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, file) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextSurroundingFunctionParameters | (req, res)\n(err, file) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | CalleeFlexibleAccessPath | remark().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | CalleeFlexibleAccessPath | remark().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | CalleeFlexibleAccessPath | remark().use().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | CalleeFlexibleAccessPath | unified().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | CalleeFlexibleAccessPath | unified().use().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | CalleeFlexibleAccessPath | remark().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | CalleeFlexibleAccessPath | remark().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n(e, f) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextSurroundingFunctionParameters | (req, res)\n(e, f) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | CalleeFlexibleAccessPath | snarkdown |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | calleeImports | snarkdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | CalleeFlexibleAccessPath | snarkdown2 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | calleeImports | snarkdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | assignedToPropName | html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | assignedToPropName | html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | CalleeFlexibleAccessPath | import(!)().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | CalleeFlexibleAccessPath | markdownIt.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | CalleeFlexibleAccessPath | markdownIt2.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | receiverName | markdownIt2 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | CalleeFlexibleAccessPath | markdownIt3.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | receiverName | markdownIt3 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | CalleeFlexibleAccessPath | markdownIt.use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | CalleeFlexibleAccessPath | markdownIt.use().render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | CalleeFlexibleAccessPath | markdownIt.use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | CalleeFlexibleAccessPath | markdownIt.use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | CalleeFlexibleAccessPath | markdownIt.use().use().render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | CalleeFlexibleAccessPath | hapi.route |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | calleeImports | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | receiverName | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | hapi.route |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | InputAccessPathFromCallee | 0.handler |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | assignedToPropName | handler |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | calleeImports | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (request) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -17088,6 +21463,77 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | enclosingFunctionBody | req res evil req query evil res send console log <div>%s</div> evil res send util format <div>%s</div> evil res send require printf <div>%s</div> evil |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | enclosingFunctionName | get#functionalargument |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | fileImports | express printf |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | CalleeFlexibleAccessPath | res.end |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | receiverName | res |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | stringConcatenatedWith |  -endpoint- tainted + '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | stringConcatenatedWith | '<html><body>' -endpoint- '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | stringConcatenatedWith | '<html><body>' + tainted -endpoint-  |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | middleware.push |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | receiverName | middleware |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | CalleeFlexibleAccessPath | res.end |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | receiverName | res |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | stringConcatenatedWith |  -endpoint- tainted + '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | stringConcatenatedWith | '<html><body>' -endpoint- '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | stringConcatenatedWith | '<html><body>' + tainted -endpoint-  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | CalleeFlexibleAccessPath | liveServer.start |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | calleeImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | receiverName | liveServer |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextFunctionInterfaces | handler(req, res) |
@@ -17441,20 +21887,20 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | calleeImports |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | InputArgumentIndex | 0 |
@@ -17462,7 +21908,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | enclosingFunctionBody | req res p q r req params res send p res send r |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | InputArgumentIndex | 0 |
@@ -17470,21 +21916,21 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | enclosingFunctionBody | req res p q r req params res send p res send r |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | InputArgumentIndex | 0 |
@@ -17492,7 +21938,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | InputArgumentIndex | 0 |
@@ -17500,7 +21946,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | InputArgumentIndex | 0 |
@@ -17508,7 +21954,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | InputArgumentIndex | 0 |
@@ -17516,8 +21962,369 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | CalleeFlexibleAccessPath | clone |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | calleeImports | clone |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | InputAccessPathFromCallee | 1.unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | assignedToPropName | unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | CalleeFlexibleAccessPath | fclone |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | calleeImports | fclone |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | CalleeFlexibleAccessPath | jc.retrocycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | calleeImports | json-cycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | receiverName | jc |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | CalleeFlexibleAccessPath | jc.decycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | calleeImports | json-cycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | receiverName | jc |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | CalleeFlexibleAccessPath | sortKeys |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | calleeImports | sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | CalleeFlexibleAccessPath | app.enable |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | CalleeFlexibleAccessPath | app.enable().disable |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | CalleeFlexibleAccessPath | app.enable().disable().get |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.enable().disable().get |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | enclosingFunctionBody | req res p req params res send p |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | enclosingFunctionName | get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | receiverName | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | receiverName | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | InputAccessPathFromCallee | 1.semi |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | assignedToPropName | semi |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | InputAccessPathFromCallee | 1.parser |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | assignedToPropName | parser |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | receiverName | res |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | calleeImports |  |
@@ -17735,29 +22542,29 @@ tokenFeatures
 | autogenerated/Xss/StoredXss/xss-through-torrent.js:7:11:7:14 | name | receiverName | res |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | CalleeFlexibleAccessPath | define |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | CalleeFlexibleAccessPath | define |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionName |  |
@@ -17766,12 +22573,12 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionName |  |
@@ -17780,502 +22587,1023 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | CalleeFlexibleAccessPath | $.trim |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | receiverName | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | stringConcatenatedWith | '<span>' + $.trim() -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | stringConcatenatedWith |  -endpoint- options.foo + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | stringConcatenatedWith | '<span>' + options.foo -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | stringConcatenatedWith |  -endpoint- stuff + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | stringConcatenatedWith | '<span>' + stuff -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | CalleeFlexibleAccessPath | document.createElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | assignedToPropName | html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | CalleeFlexibleAccessPath | markdown.render |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | receiverName | markdown |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | assignedToPropName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | stringConcatenatedWith |  -endpoint- this.step + '</span>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | stringConcatenatedWith | '<span>' + this.step -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | this.each |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | stringConcatenatedWith |  -endpoint- settings.name + '</b>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | stringConcatenatedWith | '<b>' + settings.name -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal.replace() + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | CalleeFlexibleAccessPath | attrVal.replace |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | CalleeFlexibleAccessPath | attrVal.replace |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | receiverName | attrVal |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal.replace() -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | CalleeFlexibleAccessPath | attrVal.indexOf |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | CalleeFlexibleAccessPath | attrVal.indexOf |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | stringConcatenatedWith |  -endpoint- obj.spanTemplate + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | stringConcatenatedWith | '<span>' + obj.spanTemplate -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | stringConcatenatedWith |  -endpoint- x + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | stringConcatenatedWith | '<span>' + x -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | assignedToPropName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | assignedToPropName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | CalleeFlexibleAccessPath | markdown.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | calleeImports | markdown-it |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | receiverName | markdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
@@ -18367,217 +23695,217 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | CalleeFlexibleAccessPath | $().appendTo |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | CalleeFlexibleAccessPath | console.log |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | receiverName | console |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | CalleeFlexibleAccessPath | safe.has |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | receiverName | safe |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | fileImports |  |
@@ -18586,7 +23914,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputAccessPathFromCallee | 0.menu |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | assignedToPropName | menu |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | fileImports |  |
@@ -18594,78 +23922,78 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputAccessPathFromCallee | 0.target |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | assignedToPropName | target |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | fileImports |  |
@@ -18674,207 +24002,246 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputAccessPathFromCallee | 1.my_plugin |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | assignedToPropName | my_plugin |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | stringConcatenatedWith |  -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | stringConcatenatedWith |  -endpoint- options.target + '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | stringConcatenatedWith | '<div>' + options.target -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | stringConcatenatedWith |  -endpoint- ? |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | stringConcatenatedWith | '<div>' -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | stringConcatenatedWith |  -endpoint- options.target + '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | stringConcatenatedWith | '<div class="' -endpoint- '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | stringConcatenatedWith | '<div class="' + options.target -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | CalleeFlexibleAccessPath | something.replace |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | receiverName | something |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | CalleeFlexibleAccessPath | something.replace |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | receiverName | something |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | CalleeFlexibleAccessPath | doSomethingElse |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | CalleeFlexibleAccessPath | doSomethingElse |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | CalleeFlexibleAccessPath | console.log |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | receiverName | console |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
@@ -19137,823 +24504,5243 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | fileImports | formik react react-final-form react-hook-form |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputAccessPathFromCallee | 0.foo |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | assignedToPropName | foo |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | CalleeFlexibleAccessPath | document.querySelectorAll |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | CalleeFlexibleAccessPath | document.getElementById().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | stringConcatenatedWith |  -endpoint- something() + '</p>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | stringConcatenatedWith | '<p>' -endpoint- '</p>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | stringConcatenatedWith | '<p>' + something() -endpoint-  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | CalleeFlexibleAccessPath | $().get().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | CalleeFlexibleAccessPath | $().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | CalleeFlexibleAccessPath | $().find().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | CalleeFlexibleAccessPath | $().find().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | CalleeFlexibleAccessPath | $().prop |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | CalleeFlexibleAccessPath | anser.ansiToHtml |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | calleeImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | receiverName | anser |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | CalleeFlexibleAccessPath | anser().process |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | calleeImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | stringConcatenatedWith |  -endpoint- $().text().toLowerCase().replace().replace() + ''>Section</a>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | stringConcatenatedWith | '<a href='#' -endpoint- ''>Section</a>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | CalleeFlexibleAccessPath | $().text().toLowerCase().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | CalleeFlexibleAccessPath | $().text().toLowerCase().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | CalleeFlexibleAccessPath | $().text().toLowerCase().replace().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | CalleeFlexibleAccessPath | $().text().toLowerCase().replace().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | stringConcatenatedWith | '<a href='#' + $().text().toLowerCase().replace().replace() -endpoint-  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | CalleeFlexibleAccessPath | $().find |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | CalleeFlexibleAccessPath | $().find |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | enclosingFunctionBody | el $ #id get 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | CalleeFlexibleAccessPath | $().get |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | enclosingFunctionBody | el $ #id get 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | CalleeFlexibleAccessPath | $().get |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | stringConcatenatedWith |  -endpoint- this.el.src + '">foo</a>' |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | stringConcatenatedWith | '<a src="' -endpoint- '">foo</a>' |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | stringConcatenatedWith | '<a src="' + this.el.src -endpoint-  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | CalleeFlexibleAccessPath | URL.createObjectURL |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | receiverName | URL |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | CalleeFlexibleAccessPath | cash |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | CalleeFlexibleAccessPath | cash().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | CalleeFlexibleAccessPath | cashDom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | CalleeFlexibleAccessPath | cashDom().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | fileImports | anser cash-dom |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | CalleeFlexibleAccessPath | doFilters |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | fileImports |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | CalleeFlexibleAccessPath | RegExp |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | fileImports |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | CalleeFlexibleAccessPath | RegExp |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | CalleeFlexibleAccessPath | code.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | receiverName | code |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | CalleeFlexibleAccessPath | code.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | receiverName | code |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | CalleeFlexibleAccessPath | code.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | CalleeFlexibleAccessPath | code.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | CalleeFlexibleAccessPath | code.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | CalleeFlexibleAccessPath | code.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | CalleeFlexibleAccessPath | res.push |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | receiverName | res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | contextSurroundingFunctionParameters | (s)\n(c) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | CalleeFlexibleAccessPath | captured.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | contextSurroundingFunctionParameters | (x)\n() |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | enclosingFunctionBody | x captured x captured captured replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | enclosingFunctionName | testWithCapturedVar |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | receiverName | captured |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | CalleeFlexibleAccessPath | captured.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | contextSurroundingFunctionParameters | (x)\n() |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | enclosingFunctionBody | x captured x captured captured replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | enclosingFunctionName | testWithCapturedVar |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | receiverName | captured |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | CalleeFlexibleAccessPath | defaultPattern.match |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | receiverName | defaultPattern |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | CalleeFlexibleAccessPath | getPattern().match |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | CalleeFlexibleAccessPath | responseText.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | contextSurroundingFunctionParameters | (responseText) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | enclosingFunctionBody | responseText rscript /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi responseText replace rscript  responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | receiverName | responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | CalleeFlexibleAccessPath | responseText.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | contextSurroundingFunctionParameters | (responseText) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | enclosingFunctionBody | responseText rscript /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi responseText replace rscript  responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | receiverName | responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | enclosingFunctionBody | text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | enclosingFunctionBody | text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | enclosingFunctionBody | id id id replace /\\.\\./g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | enclosingFunctionBody | id id id replace /\\.\\./g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | id id id replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | enclosingFunctionBody | id id id replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | CalleeFlexibleAccessPath | req.url.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | enclosingFunctionBody | req REG_TRAVEL /(\\/)?\\.\\.\\//g req url req url replace REG_TRAVEL  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | CalleeFlexibleAccessPath | req.url.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | enclosingFunctionBody | req REG_TRAVEL /(\\/)?\\.\\.\\//g req url req url replace REG_TRAVEL  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | CalleeFlexibleAccessPath | req.url.substring |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionBody | req beg i 0 i req url length i req url i . req url i 1 / beg i 1 req url i ? beg req url req url substring beg |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | contextSurroundingFunctionParameters | (x)\n($0) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | CalleeFlexibleAccessPath | x.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | CalleeFlexibleAccessPath | n.cloneNode |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | receiverName | n |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | InputAccessPathFromCallee | 0.specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | assignedToPropName | specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | InputAccessPathFromCallee | 0.nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | assignedToPropName | nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | CalleeFlexibleAccessPath | n.cloneNode |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | receiverName | n |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | InputAccessPathFromCallee | 0.specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | assignedToPropName | specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | InputAccessPathFromCallee | 0.nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | assignedToPropName | nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | enclosingFunctionName | bad1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | enclosingFunctionName | bad1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | enclosingFunctionBody | s s replace /'/  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | enclosingFunctionName | bad2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | enclosingFunctionBody | s s replace /'/  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | enclosingFunctionName | bad2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | enclosingFunctionBody | s s replace /'/g \\' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | enclosingFunctionName | bad3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | enclosingFunctionBody | s s replace /'/g \\' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | enclosingFunctionName | bad3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | enclosingFunctionBody | s s replace /'/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | enclosingFunctionName | bad4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | enclosingFunctionBody | s s replace /'/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | enclosingFunctionName | bad4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | enclosingFunctionBody | s s replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | enclosingFunctionName | bad5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | enclosingFunctionBody | s s replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | enclosingFunctionName | bad5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | enclosingFunctionBody | s s replace /(['"])/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | enclosingFunctionName | bad6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | enclosingFunctionBody | s s replace /(['"])/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | enclosingFunctionName | bad6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | enclosingFunctionBody | s s replace /('\|")/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | enclosingFunctionName | bad7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | enclosingFunctionBody | s s replace /('\|")/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | enclosingFunctionName | bad7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | enclosingFunctionBody | s s replace \|  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | enclosingFunctionName | bad8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | enclosingFunctionBody | s s replace \|  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | enclosingFunctionName | bad8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | enclosingFunctionBody | s s replace /"/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | enclosingFunctionName | bad9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | enclosingFunctionBody | s s replace /"/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | enclosingFunctionName | bad9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | enclosingFunctionBody | s s replace / %2F |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | enclosingFunctionName | bad10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | enclosingFunctionBody | s s replace / %2F |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | enclosingFunctionName | bad10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | enclosingFunctionBody | s s replace %25 % |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | enclosingFunctionName | bad11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | enclosingFunctionBody | s s replace %25 % |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | enclosingFunctionName | bad11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | enclosingFunctionName | bad12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | enclosingFunctionName | bad12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | enclosingFunctionName | bad13 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | enclosingFunctionName | bad13 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | enclosingFunctionName | bad14 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | enclosingFunctionName | bad14 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | enclosingFunctionName | bad15 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | enclosingFunctionName | bad15 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | enclosingFunctionName | bad16 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | enclosingFunctionName | bad16 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | enclosingFunctionBody | s s replace '    |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | enclosingFunctionName | bad17 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | enclosingFunctionBody | s s replace '    |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | enclosingFunctionName | bad17 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | CalleeFlexibleAccessPath | s.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | CalleeFlexibleAccessPath | s.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | enclosingFunctionBody | s s replace @user id10t |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | enclosingFunctionName | good3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | enclosingFunctionBody | s s replace @user id10t |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | enclosingFunctionName | good3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | enclosingFunctionBody | s s replace /#/g \\d+ |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | enclosingFunctionName | good4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | enclosingFunctionBody | s s replace /#/g \\d+ |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | enclosingFunctionName | good4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | enclosingFunctionBody | s s replace /\\W/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | enclosingFunctionName | good8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | enclosingFunctionBody | s s replace /\\W/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | enclosingFunctionName | good8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | enclosingFunctionBody | s s replace /[^\\w\\s]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | enclosingFunctionName | good9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | enclosingFunctionBody | s s replace /[^\\w\\s]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | enclosingFunctionName | good9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | receiverName | JSON |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | CalleeFlexibleAccessPath | s.slice |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | CalleeFlexibleAccessPath | s.slice |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | enclosingFunctionBody | s s replace /#/g \ud83d\udca9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | enclosingFunctionName | flowifyComments |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | enclosingFunctionBody | s s replace /#/g \ud83d\udca9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | enclosingFunctionName | flowifyComments |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | enclosingFunctionBody | s s replace %d 42 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | enclosingFunctionName | good11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | enclosingFunctionBody | s s replace %d 42 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | enclosingFunctionName | good11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | CalleeFlexibleAccessPath | require |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | CalleeFlexibleAccessPath | import(!).execSync |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | CalleeFlexibleAccessPath | import(!).execSync().toString().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | CalleeFlexibleAccessPath | import(!).execSync().toString().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | calleeImports | express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | receiverName | app |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | calleeImports | express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | receiverName | app |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | enclosingFunctionBody | req res untrusted req param p bad1 untrusted bad2 untrusted bad3 untrusted bad4 untrusted bad5 untrusted bad6 untrusted bad7 untrusted bad8 untrusted bad9 untrusted bad10 untrusted bad11 untrusted bad12 untrusted bad13 untrusted bad14 untrusted bad15 untrusted bad16 untrusted bad17 untrusted good1 untrusted good2 untrusted good3 untrusted good4 untrusted good5 untrusted good6 untrusted good7 untrusted good8 untrusted good9 untrusted good10 untrusted flowifyComments untrusted good11 untrusted good12 untrusted |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | receiverName | req |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | enclosingFunctionBody | s indirect /'/ s replace indirect  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | enclosingFunctionBody | s indirect /'/ s replace indirect  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | CalleeFlexibleAccessPath | p.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | contextSurroundingFunctionParameters | (p) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | enclosingFunctionBody | p p replace /../  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | enclosingFunctionName | bad18 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | receiverName | p |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | CalleeFlexibleAccessPath | p.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | contextSurroundingFunctionParameters | (p) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | enclosingFunctionBody | p p replace /../  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | enclosingFunctionName | bad18 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | receiverName | p |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | contextSurroundingFunctionParameters | (s)\n(match) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | CalleeFlexibleAccessPath | value.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | receiverName | value |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | CalleeFlexibleAccessPath | value.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | receiverName | value |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | CalleeFlexibleAccessPath | value.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | CalleeFlexibleAccessPath | value.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | CalleeFlexibleAccessPath | value.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | CalleeFlexibleAccessPath | value.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | CalleeFlexibleAccessPath | escapeHTML().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | contextSurroundingFunctionParameters | (a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | CalleeFlexibleAccessPath | escapeHTML().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | contextSurroundingFunctionParameters | (a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | CalleeFlexibleAccessPath | tag |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | CalleeFlexibleAccessPath | ?.map.call().join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | stringConcatenatedWith |  -endpoint- noise + 'onclick="javascript:document.foo.bar('' + s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | stringConcatenatedWith | '<a' -endpoint- 'onclick="javascript:document.foo.bar('' + s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | stringConcatenatedWith | '<a' + noise -endpoint- s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | stringConcatenatedWith | '<a' + noise + 'onclick="javascript:document.foo.bar('' -endpoint- ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | stringConcatenatedWith | '<a' + noise + 'onclick="javascript:document.foo.bar('' + s().replace() -endpoint-  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | CalleeFlexibleAccessPath | encodeURIComponent |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | CalleeFlexibleAccessPath | arr.join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | receiverName | arr |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | CalleeFlexibleAccessPath | arr2.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | CalleeFlexibleAccessPath | arr2.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | CalleeFlexibleAccessPath | arr2.join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | CalleeFlexibleAccessPath | y.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | CalleeFlexibleAccessPath | y.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | contextSurroundingFunctionParameters | ()\n(str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | contextSurroundingFunctionParameters | ()\n(str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | fileImports | child_process express |
 | index.js:1:20:1:23 | "fs" | CalleeFlexibleAccessPath | require |
 | index.js:1:20:1:23 | "fs" | InputArgumentIndex | 0 |
 | index.js:1:20:1:23 | "fs" | calleeImports |  |
@@ -20141,6 +29928,10 @@ invalidTokenFeatures
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe.call |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 1 |
 | index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success |
 | index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success.call |
 | index.js:44:39:44:57 | '' + x.responseText | InputArgumentIndex | 0 |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
index 9985625d85c..741e8bf8482 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
@@ -11,17 +11,20 @@ import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAt
 import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
-import experimental.adaptivethreatmodeling.StandardEndpointFilters as StandardEndpointFilters
 import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
 
 query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
   (
-    not exists(NosqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
-    not exists(SqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
-    not exists(TaintedPathAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
-    not exists(XssAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint)) or
-    StandardEndpointFilters::isArgumentToModeledFunction(endpoint)
+    not exists(any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    any(EndpointCharacteristics::IsArgumentToModeledFunctionCharacteristic characteristic)
+        .appliesToEndpoint(endpoint)
   ) and
   EndpointFeatures::tokenFeatures(endpoint, featureName, featureValue)
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.expected
deleted file mode 100644
index 6a06015ed47..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.expected
+++ /dev/null
@@ -1,49956 +0,0 @@
-endpoints
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | SqlInjection | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | TaintedPath | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | notASinkReason | EventRegistration | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | SqlInjection | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | notASinkReason | StringStartsWith | string |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | NosqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | SqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | TaintedPath | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | notASinkReason | ConstantReceiver | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | notASinkReason | ClientRequest | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | notASinkReason | ReceiverStorage | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | notASinkReason | StringRegExpTest | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | hasFlowFromSource | true | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | SqlInjection | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | TaintedPath | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | notASinkReason | FileSystemAccess | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | notASinkReason | BuiltinCallName | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | notASinkReason | LoggerMethod | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | notASinkReason | MembershipCandidateTest | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | NosqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | SqlInjection | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | TaintedPath | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | DOM | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | notASinkReason | JQueryArgument | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | Xss | sinkLabel | NotASink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | Xss | sinkLabel | Unknown | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isConstantExpression | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | sinkLabel | Sink | string |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | Xss | hasFlowFromSource | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | Xss | isConstantExpression | true | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | Xss | sinkLabel | Unknown | string |
-| index.js:1:20:1:23 | "fs" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:1:20:1:23 | "fs" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:1:20:1:23 | "fs" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:1:20:1:23 | "fs" | TaintedPath | sinkLabel | Sink | string |
-| index.js:16:19:16:30 | "underscore" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:16:19:16:30 | "underscore" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:16:19:16:30 | "underscore" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:16:19:16:30 | "underscore" | TaintedPath | sinkLabel | Sink | string |
-| index.js:17:16:17:30 | "child_process" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:17:16:17:30 | "child_process" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:17:16:17:30 | "child_process" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:17:16:17:30 | "child_process" | TaintedPath | sinkLabel | Sink | string |
-| index.js:21:9:21:9 | x | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:21:9:21:9 | x | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:21:9:21:9 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:21:9:21:9 | x | NosqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| index.js:21:9:21:9 | x | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:21:9:21:9 | x | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:21:9:21:9 | x | SqlInjection | isConstantExpression | false | boolean |
-| index.js:21:9:21:9 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:21:9:21:9 | x | SqlInjection | notASinkReason | LodashUnderscoreArgument | string |
-| index.js:21:9:21:9 | x | SqlInjection | sinkLabel | NotASink | string |
-| index.js:21:9:21:9 | x | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:21:9:21:9 | x | TaintedPath | isConstantExpression | false | boolean |
-| index.js:21:9:21:9 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:21:9:21:9 | x | TaintedPath | notASinkReason | LodashUnderscoreArgument | string |
-| index.js:21:9:21:9 | x | TaintedPath | sinkLabel | NotASink | string |
-| index.js:21:9:21:9 | x | Xss | hasFlowFromSource | false | boolean |
-| index.js:21:9:21:9 | x | Xss | isConstantExpression | false | boolean |
-| index.js:21:9:21:9 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:21:9:21:9 | x | Xss | notASinkReason | LodashUnderscoreArgument | string |
-| index.js:21:9:21:9 | x | Xss | sinkLabel | NotASink | string |
-| index.js:25:26:25:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:25:26:25:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:25:26:25:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string |
-| index.js:26:25:26:30 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:26:25:26:30 | 'User' | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:26:25:26:30 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:25:26:30 | 'User' | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:26:25:26:30 | 'User' | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:26:25:26:30 | 'User' | SqlInjection | isConstantExpression | true | boolean |
-| index.js:26:25:26:30 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:25:26:30 | 'User' | SqlInjection | sinkLabel | Unknown | string |
-| index.js:26:25:26:30 | 'User' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:26:25:26:30 | 'User' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:26:25:26:30 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:25:26:30 | 'User' | TaintedPath | sinkLabel | Unknown | string |
-| index.js:26:25:26:30 | 'User' | Xss | hasFlowFromSource | false | boolean |
-| index.js:26:25:26:30 | 'User' | Xss | isConstantExpression | true | boolean |
-| index.js:26:25:26:30 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:25:26:30 | 'User' | Xss | sinkLabel | Unknown | string |
-| index.js:26:33:26:36 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:26:33:26:36 | null | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:26:33:26:36 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:33:26:36 | null | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:26:33:26:36 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:26:33:26:36 | null | SqlInjection | isConstantExpression | true | boolean |
-| index.js:26:33:26:36 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:33:26:36 | null | SqlInjection | sinkLabel | Unknown | string |
-| index.js:26:33:26:36 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:26:33:26:36 | null | TaintedPath | isConstantExpression | true | boolean |
-| index.js:26:33:26:36 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:33:26:36 | null | TaintedPath | sinkLabel | Unknown | string |
-| index.js:26:33:26:36 | null | Xss | hasFlowFromSource | false | boolean |
-| index.js:26:33:26:36 | null | Xss | isConstantExpression | true | boolean |
-| index.js:26:33:26:36 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:26:33:26:36 | null | Xss | sinkLabel | Unknown | string |
-| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string |
-| index.js:29:26:29:29 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:29:26:29:29 | true | SqlInjection | isConstantExpression | true | boolean |
-| index.js:29:26:29:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:29:26:29:29 | true | SqlInjection | sinkLabel | Unknown | string |
-| index.js:29:26:29:29 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:29:26:29:29 | true | TaintedPath | isConstantExpression | true | boolean |
-| index.js:29:26:29:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:29:26:29:29 | true | TaintedPath | sinkLabel | Unknown | string |
-| index.js:29:26:29:29 | true | Xss | hasFlowFromSource | false | boolean |
-| index.js:29:26:29:29 | true | Xss | isConstantExpression | true | boolean |
-| index.js:29:26:29:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:29:26:29:29 | true | Xss | sinkLabel | Unknown | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | NosqlInjection | notASinkReason | DatabaseAccess | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | SqlInjection | isConstantExpression | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | SqlInjection | notASinkReason | DatabaseAccess | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | SqlInjection | sinkLabel | NotASink | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | TaintedPath | isConstantExpression | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | TaintedPath | notASinkReason | DatabaseAccess | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | TaintedPath | sinkLabel | NotASink | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | Xss | hasFlowFromSource | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | Xss | isConstantExpression | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:30:11:38:5 | functio ... }\\n    } | Xss | notASinkReason | DatabaseAccess | string |
-| index.js:30:11:38:5 | functio ... }\\n    } | Xss | sinkLabel | NotASink | string |
-| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isConstantExpression | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:36:21:36:33 | adminUsers[i] | SqlInjection | sinkLabel | NotASink | string |
-| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isConstantExpression | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:36:21:36:33 | adminUsers[i] | TaintedPath | sinkLabel | NotASink | string |
-| index.js:36:21:36:33 | adminUsers[i] | Xss | hasFlowFromSource | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | Xss | isConstantExpression | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:21:36:33 | adminUsers[i] | Xss | notASinkReason | LoggerMethod | string |
-| index.js:36:21:36:33 | adminUsers[i] | Xss | sinkLabel | NotASink | string |
-| index.js:44:22:44:36 | o.success_scope | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:44:22:44:36 | o.success_scope | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | SqlInjection | isConstantExpression | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | SqlInjection | sinkLabel | Unknown | string |
-| index.js:44:22:44:36 | o.success_scope | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | TaintedPath | isConstantExpression | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | TaintedPath | sinkLabel | Unknown | string |
-| index.js:44:22:44:36 | o.success_scope | Xss | hasFlowFromSource | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | Xss | isConstantExpression | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:22:44:36 | o.success_scope | Xss | sinkLabel | Unknown | string |
-| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isConstantExpression | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | SqlInjection | sinkLabel | Unknown | string |
-| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isConstantExpression | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | TaintedPath | sinkLabel | Unknown | string |
-| index.js:44:39:44:57 | '' + x.responseText | Xss | hasFlowFromSource | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | Xss | isConstantExpression | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:39:44:57 | '' + x.responseText | Xss | sinkLabel | Unknown | string |
-| index.js:44:60:44:60 | x | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:60:44:60 | x | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:44:60:44:60 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:60:44:60 | x | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:44:60:44:60 | x | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:60:44:60 | x | SqlInjection | isConstantExpression | false | boolean |
-| index.js:44:60:44:60 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:60:44:60 | x | SqlInjection | sinkLabel | Unknown | string |
-| index.js:44:60:44:60 | x | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:44:60:44:60 | x | TaintedPath | isConstantExpression | false | boolean |
-| index.js:44:60:44:60 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:60:44:60 | x | TaintedPath | sinkLabel | Unknown | string |
-| index.js:44:60:44:60 | x | Xss | hasFlowFromSource | false | boolean |
-| index.js:44:60:44:60 | x | Xss | isConstantExpression | false | boolean |
-| index.js:44:60:44:60 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:60:44:60 | x | Xss | sinkLabel | Unknown | string |
-| index.js:44:63:44:63 | o | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:63:44:63 | o | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:44:63:44:63 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:63:44:63 | o | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:44:63:44:63 | o | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:44:63:44:63 | o | SqlInjection | isConstantExpression | false | boolean |
-| index.js:44:63:44:63 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:63:44:63 | o | SqlInjection | sinkLabel | Unknown | string |
-| index.js:44:63:44:63 | o | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:44:63:44:63 | o | TaintedPath | isConstantExpression | false | boolean |
-| index.js:44:63:44:63 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:63:44:63 | o | TaintedPath | sinkLabel | Unknown | string |
-| index.js:44:63:44:63 | o | Xss | hasFlowFromSource | false | boolean |
-| index.js:44:63:44:63 | o | Xss | isConstantExpression | false | boolean |
-| index.js:44:63:44:63 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:44:63:44:63 | o | Xss | sinkLabel | Unknown | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isConstantExpression | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | SqlInjection | sinkLabel | NotASink | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isConstantExpression | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | TaintedPath | sinkLabel | NotASink | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | hasFlowFromSource | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isConstantExpression | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | notASinkReason | LoggerMethod | string |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | sinkLabel | NotASink | string |
-| index.js:46:72:46:72 | x | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:72:46:72 | x | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:46:72:46:72 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:72:46:72 | x | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:72:46:72 | x | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:46:72:46:72 | x | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:72:46:72 | x | SqlInjection | isConstantExpression | false | boolean |
-| index.js:46:72:46:72 | x | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:72:46:72 | x | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:72:46:72 | x | SqlInjection | sinkLabel | NotASink | string |
-| index.js:46:72:46:72 | x | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:46:72:46:72 | x | TaintedPath | isConstantExpression | false | boolean |
-| index.js:46:72:46:72 | x | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:72:46:72 | x | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:46:72:46:72 | x | TaintedPath | sinkLabel | NotASink | string |
-| index.js:46:72:46:72 | x | Xss | hasFlowFromSource | false | boolean |
-| index.js:46:72:46:72 | x | Xss | isConstantExpression | false | boolean |
-| index.js:46:72:46:72 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:72:46:72 | x | Xss | notASinkReason | LoggerMethod | string |
-| index.js:46:72:46:72 | x | Xss | sinkLabel | NotASink | string |
-| index.js:46:75:46:75 | o | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:75:46:75 | o | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:46:75:46:75 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:75:46:75 | o | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:75:46:75 | o | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:46:75:46:75 | o | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:46:75:46:75 | o | SqlInjection | isConstantExpression | false | boolean |
-| index.js:46:75:46:75 | o | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:75:46:75 | o | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:46:75:46:75 | o | SqlInjection | sinkLabel | NotASink | string |
-| index.js:46:75:46:75 | o | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:46:75:46:75 | o | TaintedPath | isConstantExpression | false | boolean |
-| index.js:46:75:46:75 | o | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:75:46:75 | o | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:46:75:46:75 | o | TaintedPath | sinkLabel | NotASink | string |
-| index.js:46:75:46:75 | o | Xss | hasFlowFromSource | false | boolean |
-| index.js:46:75:46:75 | o | Xss | isConstantExpression | false | boolean |
-| index.js:46:75:46:75 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:46:75:46:75 | o | Xss | notASinkReason | LoggerMethod | string |
-| index.js:46:75:46:75 | o | Xss | sinkLabel | NotASink | string |
-| index.js:50:15:50:19 | ready | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:50:15:50:19 | ready | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:50:15:50:19 | ready | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:15:50:19 | ready | NosqlInjection | notASinkReason | Timeout | string |
-| index.js:50:15:50:19 | ready | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:50:15:50:19 | ready | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:50:15:50:19 | ready | SqlInjection | isConstantExpression | false | boolean |
-| index.js:50:15:50:19 | ready | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:15:50:19 | ready | SqlInjection | notASinkReason | Timeout | string |
-| index.js:50:15:50:19 | ready | SqlInjection | sinkLabel | NotASink | string |
-| index.js:50:15:50:19 | ready | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:50:15:50:19 | ready | TaintedPath | isConstantExpression | false | boolean |
-| index.js:50:15:50:19 | ready | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:15:50:19 | ready | TaintedPath | notASinkReason | Timeout | string |
-| index.js:50:15:50:19 | ready | TaintedPath | sinkLabel | NotASink | string |
-| index.js:50:15:50:19 | ready | Xss | hasFlowFromSource | false | boolean |
-| index.js:50:15:50:19 | ready | Xss | isConstantExpression | false | boolean |
-| index.js:50:15:50:19 | ready | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:15:50:19 | ready | Xss | notASinkReason | Timeout | string |
-| index.js:50:15:50:19 | ready | Xss | sinkLabel | NotASink | string |
-| index.js:50:22:50:23 | 10 | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:50:22:50:23 | 10 | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:50:22:50:23 | 10 | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:22:50:23 | 10 | NosqlInjection | notASinkReason | Timeout | string |
-| index.js:50:22:50:23 | 10 | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:50:22:50:23 | 10 | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:50:22:50:23 | 10 | SqlInjection | isConstantExpression | true | boolean |
-| index.js:50:22:50:23 | 10 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:22:50:23 | 10 | SqlInjection | notASinkReason | Timeout | string |
-| index.js:50:22:50:23 | 10 | SqlInjection | sinkLabel | NotASink | string |
-| index.js:50:22:50:23 | 10 | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:50:22:50:23 | 10 | TaintedPath | isConstantExpression | true | boolean |
-| index.js:50:22:50:23 | 10 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:22:50:23 | 10 | TaintedPath | notASinkReason | Timeout | string |
-| index.js:50:22:50:23 | 10 | TaintedPath | sinkLabel | NotASink | string |
-| index.js:50:22:50:23 | 10 | Xss | hasFlowFromSource | false | boolean |
-| index.js:50:22:50:23 | 10 | Xss | isConstantExpression | true | boolean |
-| index.js:50:22:50:23 | 10 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:50:22:50:23 | 10 | Xss | notASinkReason | Timeout | string |
-| index.js:50:22:50:23 | 10 | Xss | sinkLabel | NotASink | string |
-tokenFeatures
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:3:25:3:33 | "express" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:4:28:4:40 | "body-parser" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:10:9:10:25 | bodyParser.json() | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:10:12:16 | "/find" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:12:19:15:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | CalleeFlexibleAccessPath | getCollection().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | CalleeFlexibleAccessPath | getCollection().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionBody | req res v JSON parse req body x getCollection find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:10:20:16 | "/find" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:20:19:24:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseModel().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | CalleeFlexibleAccessPath | getMongooseModel().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | CalleeFlexibleAccessPath | getMongooseQuery().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | CalleeFlexibleAccessPath | getMongooseQuery().find |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextFunctionInterfaces | getCollection()\ngetMongooseModel()\ngetMongooseQuery() |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionBody | req res v JSON parse req body x getMongooseModel find id v getMongooseQuery find id v |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | fileImports | body-parser express mongodb mongoose |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:1:24:1:32 | "mongodb" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | CalleeFlexibleAccessPath | dbClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | contextSurroundingFunctionParameters | (fn) |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | enclosingFunctionName | connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | receiverName | dbClient |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:22:8:39 | process.env.DB_URL | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | CalleeFlexibleAccessPath | dbClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | contextSurroundingFunctionParameters | (fn) |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | enclosingFunctionName | connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | receiverName | dbClient |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:42:8:43 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | CalleeFlexibleAccessPath | dbClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | contextSurroundingFunctionParameters | (fn)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | enclosingFunctionName | connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | receiverName | dbClient |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:46:11:5 | (err, c ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | contextSurroundingFunctionParameters | (fn)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | enclosingFunctionName | connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:22:9:40 | process.env.DB_NAME | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | CalleeFlexibleAccessPath | fn |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextFunctionInterfaces | connect(fn)\ndb() |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | contextSurroundingFunctionParameters | (fn)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionName | connect |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | fileImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | CalleeFlexibleAccessPath | ajv.compile |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | calleeImports | ajv |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | receiverName | ajv |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | CalleeFlexibleAccessPath | checkSchema |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | calleeImports | ajv |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextFunctionInterfaces | validate(x) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | fileImports | marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:28:2:40 | "body-parser" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:3:20:3:39 | './marsdb-flow-from' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | receiverName | bodyParser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:31:7:48 | { extended: true } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputAccessPathFromCallee | 0.extended |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | assignedToPropName | extended |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:43:7:46 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:20:2:27 | "marsdb" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:24:3:36 | "body-parser" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | assignedToPropName | extended |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:43:9:46 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:23:2:33 | "minimongo" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:24:3:36 | "body-parser" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:9:11:49 | bodyPar ... true }) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | receiverName | bodyParser |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:31:11:48 | { extended: true } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputAccessPathFromCallee | 0.extended |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | assignedToPropName | extended |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:11:43:11:46 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:10:13:26 | "/documents/find" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:13:29:19:1 | (req, r ... ery);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | calleeImports | minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | fileImports | body-parser express minimongo |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:1:25:1:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:9:9:49 | bodyPar ... true }) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | receiverName | bodyParser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:31:9:48 | { extended: true } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputAccessPathFromCallee | 0.extended |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | assignedToPropName | extended |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:9:43:9:46 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:11:29:35:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:14:59:34:5 | (err, d ... }\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:15:31:15:35 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:16:21:47 | { title ... title } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputAccessPathFromCallee | 0.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:16:24:52 | { title ... tr(1) } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputAccessPathFromCallee | 0.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | CalleeFlexibleAccessPath | query.body.title.substr |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:49:24:49 | 1 | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:18:29:33 | { title: title } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputAccessPathFromCallee | 0.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:29:27:29:31 | title | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:18:32:45 | { title ... itle) } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputAccessPathFromCallee | 0.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query doc find title  query body title doc find title query body title substr 1 title req body title title string doc find title title doc find title JSON parse title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:32:27:32:43 | JSON.parse(title) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:9:37:14 | '/:id' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:37:17:45:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:38:17:38:36 | { id: req.param.id } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:25:39:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:39:59:44:5 | (err, d ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:40:31:40:35 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionBody | req res query id req param id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:43:16:43:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:10:47:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:47:29:56:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:25:50:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:50:59:55:5 | (err, d ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:51:31:51:35 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:10:58:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:58:29:67:1 | (req, r ... \\n\\t});\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:22:61:53 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:61:56:66:2 | (err, c ... ry);\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | CalleeFlexibleAccessPath | client.db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:23:62:30 | "MASTER" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | CalleeFlexibleAccessPath | client.db().collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:62:44:62:48 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err client doc client db MASTER collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:10:69:29 | "/logs/count-by-tag" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:69:32:86:1 | (req, r ... g });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:23:72:40 | process.env.DB_URL | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:43:72:44 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:72:47:78:3 | (err, c ... });\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | CalleeFlexibleAccessPath | client.db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:74:11:74:29 | process.env.DB_NAME | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | CalleeFlexibleAccessPath | client.db().collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:75:19:75:24 | "logs" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | CalleeFlexibleAccessPath | client.db().collection().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | CalleeFlexibleAccessPath | client.db().collection().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputAccessPathFromCallee | 0.tags |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | assignedToPropName | tags |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | contextSurroundingFunctionParameters | (req, res)\n(err, client) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:80:29:80:38 | "./dbo.js" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | CalleeFlexibleAccessPath | importedDbo.db().collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | calleeImports | ./dbo.js |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:83:17:83:22 | "logs" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | CalleeFlexibleAccessPath | importedDbo.db().collection().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | calleeImports | ./dbo.js |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | CalleeFlexibleAccessPath | importedDbo.db().collection().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputAccessPathFromCallee | 0.tags |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | assignedToPropName | tags |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | calleeImports | ./dbo.js |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionBody | req res tag req query tag MongoClient connect process env DB_URL err client client db process env DB_NAME collection logs count tags tag importedDbo require ./dbo.js importedDbo db collection logs count tags tag |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:9:89:14 | '/:id' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:89:17:91:1 | (req, r ... ram);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | contextSurroundingFunctionParameters | (params) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | enclosingFunctionName | useParams |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:93:15:93:31 | { id: params.id } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (params) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | enclosingFunctionName | useParams |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:23:94:54 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | contextSurroundingFunctionParameters | (params)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | enclosingFunctionName | useParams |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:94:57:99:3 | (err, d ... y);\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | contextSurroundingFunctionParameters | (params)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | enclosingFunctionName | useParams |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:95:29:95:33 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | contextSurroundingFunctionParameters | (params)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionBody | params query id params id MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | enclosingFunctionName | useParams |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:98:14:98:18 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:10:102:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:102:29:104:1 | (req, r ... ery);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | contextSurroundingFunctionParameters | (queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | enclosingFunctionName | useQuery |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | enclosingFunctionName | useQuery |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:23:108:54 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | contextSurroundingFunctionParameters | (queries)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | enclosingFunctionName | useQuery |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:108:57:113:3 | (err, d ... y);\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | contextSurroundingFunctionParameters | (queries)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | enclosingFunctionName | useQuery |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:109:29:109:33 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextFunctionInterfaces | useParams(params)\nuseQuery(queries) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | contextSurroundingFunctionParameters | (queries)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionBody | queries query query title queries title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | enclosingFunctionName | useQuery |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | fileImports | ./dbo.js body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:1:25:1:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:2:25:2:33 | 'mongodb' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:9:9:50 | bodyPar ... alse }) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | receiverName | bodyParser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:31:9:49 | { extended: false } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | CalleeFlexibleAccessPath | bodyParser.urlencoded |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputAccessPathFromCallee | 0.extended |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | assignedToPropName | extended |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | calleeImports | body-parser |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:9:43:9:47 | false | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:10:11:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:11:29:20:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:25:14:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:14:59:19:5 | (err, d ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:15:31:15:35 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionBody | req res query query title req body title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:10:22:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:22:29:31:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:25:25:56 | 'mongod ... 7/test' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | calleeImports | mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | receiverName | MongoClient |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:25:59:30:5 | (err, d ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | CalleeFlexibleAccessPath | db.collection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:26:31:26:35 | 'doc' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | CalleeFlexibleAccessPath | doc.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionBody | req res query query title req query title MongoClient connect mongodb://localhost:27017/test err db doc db collection doc doc find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | fileImports | body-parser express mongodb |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | receiverName | doc |
-| autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:2:25:2:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:9:9:9:25 | BodyParser.json() | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:33:11:42 | 'Document' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | InputAccessPathFromCallee | 1.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:12:12:15:5 | {\\n      ... e\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputAccessPathFromCallee | 1.title.type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | assignedToPropName | type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:13:15:13:20 | String | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputAccessPathFromCallee | 1.title.unique |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | assignedToPropName | unique |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:14:17:14:20 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputAccessPathFromCallee | 1.type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | assignedToPropName | type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:16:11:16:16 | String | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:10:19:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:19:29:132:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | CalleeFlexibleAccessPath | Document.aggregate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:25:24:29 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | CalleeFlexibleAccessPath | Document.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | CalleeFlexibleAccessPath | Document.deleteMany |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | CalleeFlexibleAccessPath | Document.deleteOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | CalleeFlexibleAccessPath | Document.distinct |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | CalleeFlexibleAccessPath | Document.findOneAndDelete |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | CalleeFlexibleAccessPath | Document.findOneAndRemove |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | CalleeFlexibleAccessPath | Document.replaceOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | CalleeFlexibleAccessPath | Document.update |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | CalleeFlexibleAccessPath | Document.updateMany |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | CalleeFlexibleAccessPath | Document.updateOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | CalleeFlexibleAccessPath | Document.updateOne().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | CalleeFlexibleAccessPath | Document.findByIdAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | CalleeFlexibleAccessPath | Document.findByIdAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | CalleeFlexibleAccessPath | Document.findByIdAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | CalleeFlexibleAccessPath | Mongoose.Query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | CalleeFlexibleAccessPath | Mongoose.Query().and |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | CalleeFlexibleAccessPath | Mongoose.Query().and |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | contextSurroundingFunctionParameters | (req, res)\n() |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | CalleeFlexibleAccessPath | Document.where |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | CalleeFlexibleAccessPath | Document.where().where |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | CalleeFlexibleAccessPath | Document.where().where().and |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | CalleeFlexibleAccessPath | Document.where().where().and().or |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | CalleeFlexibleAccessPath | Document.where().where().and().or().distinct().comment().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:28:81:28 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:28:82:28 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | CalleeFlexibleAccessPath | Mongoose.createConnection().model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:37:82:37 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().model().count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | CalleeFlexibleAccessPath | Mongoose.createConnection |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:28:83:28 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | CalleeFlexibleAccessPath | Mongoose.createConnection().models.?.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:19:85:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | CalleeFlexibleAccessPath | res.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | receiverName | res |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:19:86:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | CalleeFlexibleAccessPath | res.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | receiverName | res |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:19:88:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.findOne().exec |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | CalleeFlexibleAccessPath | res.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | receiverName | res |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:19:90:19 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | CalleeFlexibleAccessPath | Document.findOne().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.findOne().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | contextSurroundingFunctionParameters | (req, res)\n(err) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | CalleeFlexibleAccessPath | res.?.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:16:93:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | CalleeFlexibleAccessPath | res.?.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:16:95:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.find().exec |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | CalleeFlexibleAccessPath | Document.find().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | CalleeFlexibleAccessPath | res.?.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | contextSurroundingFunctionParameters | (req, res)\n(res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:16:97:16 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | CalleeFlexibleAccessPath | Document.find().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | CalleeFlexibleAccessPath | Document.find().then |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | CalleeFlexibleAccessPath | err.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | contextSurroundingFunctionParameters | (req, res)\n(err) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | receiverName | err |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | CalleeFlexibleAccessPath | Document.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | CalleeFlexibleAccessPath | Document.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | CalleeFlexibleAccessPath | res.count |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | receiverName | res |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | CalleeFlexibleAccessPath | Mongoose.Query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | contextSurroundingFunctionParameters | (X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:102:53:102:62 | "constant" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | CalleeFlexibleAccessPath | C |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:28:113:28 | X | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | contextSurroundingFunctionParameters | (req, res)\n() |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | CalleeFlexibleAccessPath | Document.deleteMany |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | CalleeFlexibleAccessPath | Document.deleteOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | CalleeFlexibleAccessPath | Document.geoSearch |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | CalleeFlexibleAccessPath | Document.remove |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | CalleeFlexibleAccessPath | Document.replaceOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | CalleeFlexibleAccessPath | Document.findOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | CalleeFlexibleAccessPath | Document.findById |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndDelete |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndRemove |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | CalleeFlexibleAccessPath | Document.findOneAndUpdate |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:34:126:34 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | CalleeFlexibleAccessPath | Document.update |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | CalleeFlexibleAccessPath | Document.update |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:24:127:24 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | CalleeFlexibleAccessPath | Document.updateMany |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | CalleeFlexibleAccessPath | Document.updateMany |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:28:128:28 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | CalleeFlexibleAccessPath | Document.updateOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | CalleeFlexibleAccessPath | Document.updateOne |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:27:129:27 | Y | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputAccessPathFromCallee | 0._id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | assignedToPropName | _id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:16:131:35 | { _id: { $eq: id } } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputAccessPathFromCallee | 0._id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | assignedToPropName | _id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:23:131:33 | { $eq: id } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputAccessPathFromCallee | 0._id.$eq |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | assignedToPropName | $eq |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextFunctionInterfaces | getQueryConstructor()\ninnocent(X, Y, query) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:2:25:2:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:3:28:3:40 | 'body-parser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:4:26:4:35 | 'mongoose' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | CalleeFlexibleAccessPath | Mongoose.connect |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:6:18:6:50 | 'mongod ... table1' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:33:10:42 | 'Document' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | receiverName | Mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:10:45:16:1 | {\\n    t ... tring\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | InputAccessPathFromCallee | 1.title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:11:12:14:5 | {\\n      ... e\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputAccessPathFromCallee | 1.title.type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | assignedToPropName | type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:12:15:12:20 | String | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputAccessPathFromCallee | 1.title.unique |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | assignedToPropName | unique |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:13:17:13:20 | true | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | CalleeFlexibleAccessPath | Mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputAccessPathFromCallee | 1.type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | assignedToPropName | type |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:15:11:15:16 | String | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:9:18:25 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:18:28:24:1 | (req, r ... ery);\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | CalleeFlexibleAccessPath | Document.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionBody | req res query query title JSON parse req query data title Document find query |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | fileImports | body-parser express mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | receiverName | Document |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | CalleeFlexibleAccessPath | mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | fileImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | receiverName | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:39:3:47 | 'MyModel' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | CalleeFlexibleAccessPath | mongoose.model |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | calleeImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | fileImports | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | receiverName | mongoose |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModel.js:3:50:3:60 | getSchema() | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:7:9:7:25 | bodyParser.json() | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:10:9:16 | '/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:9:19:14:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | receiverName | MyModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | receiverName | MyModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | receiverName | MyModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | CalleeFlexibleAccessPath | MyModel.find |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputAccessPathFromCallee | 0.id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | calleeImports | ./mongooseModel |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | fileImports | ./mongooseModel body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionBody | req res taint req params x db one taint res end |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | enclosingFunctionName | onRequest |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:9:13:17 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:26:13:31 | '/foo' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:34:13:76 | (req, r ... q, res) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:1:21:1:32 | 'pg-promise' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:9:3:17 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:26:3:31 | '/foo' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:3:34:66:1 | (req, r ... \\n  );\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | CalleeFlexibleAccessPath | pgp |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | CalleeFlexibleAccessPath | db.any |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | CalleeFlexibleAccessPath | db.many |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | CalleeFlexibleAccessPath | db.manyOrNone |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | CalleeFlexibleAccessPath | db.map |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | CalleeFlexibleAccessPath | db.multi |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | CalleeFlexibleAccessPath | db.multiResult |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | CalleeFlexibleAccessPath | db.none |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | CalleeFlexibleAccessPath | db.oneOrNone |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | CalleeFlexibleAccessPath | db.query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | CalleeFlexibleAccessPath | db.result |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputAccessPathFromCallee | 0.values.id |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputAccessPathFromCallee | 0.values.name |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | assignedToPropName | name |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputAccessPathFromCallee | 0.text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | assignedToPropName | text |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | InputAccessPathFromCallee | 0.values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | assignedToPropName | values |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputAccessPathFromCallee | 0.values.id |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | assignedToPropName | id |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputAccessPathFromCallee | 0.values.name |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | assignedToPropName | name |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | CalleeFlexibleAccessPath | db.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputAccessPathFromCallee | 0.values.title |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | assignedToPropName | title |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | CalleeFlexibleAccessPath | db.task |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | CalleeFlexibleAccessPath | t.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | CalleeFlexibleAccessPath | db.task |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputAccessPathFromCallee | 0.cnd |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | assignedToPropName | cnd |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | calleeImports | pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | CalleeFlexibleAccessPath | t.one |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:2:23:2:29 | "redis" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:5:25:5:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | CalleeFlexibleAccessPath | app.use |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:9:7:37 | require ... .json() | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:7:17:7:29 | 'body-parser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:10:9:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:9:29:33:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:30:10:36 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:20:14:22 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:14:25:14:31 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:21:15:25 | "key" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:28:15:34 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:21:18:27 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | CalleeFlexibleAccessPath | client.hmset |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:18:19:22 | "key" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | CalleeFlexibleAccessPath | client.hmset |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:25:19:31 | "field" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | CalleeFlexibleAccessPath | client.hmset |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:34:19:40 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | CalleeFlexibleAccessPath | client.hmset |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | InputArgumentIndex | 3 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | CalleeFlexibleAccessPath | client.hmset |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | InputArgumentIndex | 4 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:48:19:55 | "value2" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | CalleeFlexibleAccessPath | client.multi().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:14:24:23 | "constant" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | CalleeFlexibleAccessPath | client.multi().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:24:26:24:32 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | CalleeFlexibleAccessPath | client.multi().set().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | CalleeFlexibleAccessPath | client.multi().set().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:19:25:25 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | CalleeFlexibleAccessPath | client.multi().set().set().get |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | CalleeFlexibleAccessPath | client.multi().set().set().get().exec |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | contextSurroundingFunctionParameters | (req, res)\n(err, replies) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | CalleeFlexibleAccessPath | client.duplicate |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | CalleeFlexibleAccessPath | newClient.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | receiverName | newClient |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | CalleeFlexibleAccessPath | newClient.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | contextSurroundingFunctionParameters | (req, res)\n(err, newClient) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | receiverName | newClient |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:28:30:34 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | CalleeFlexibleAccessPath | client.duplicate().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | CalleeFlexibleAccessPath | client.duplicate().set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionBody | req res client set req body key value key req body key key string client set key value client set key value client set key value client hmset key field value key value2 client multi set constant value set key value get key exec err replies client duplicate err newClient newClient set key value client duplicate set key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:33:32:39 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:10:37:26 | '/documents/find' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:37:29:53:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | CalleeFlexibleAccessPath | client.set |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:21:39:27 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | CalleeFlexibleAccessPath | promisify |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:32:41:41 | client.set | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | CalleeFlexibleAccessPath | promisify().bind |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:41:49:41:54 | client | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | CalleeFlexibleAccessPath | setAsync |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | CalleeFlexibleAccessPath | promisify |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:45:33:45:42 | client.set | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | CalleeFlexibleAccessPath | client.setAsync |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | CalleeFlexibleAccessPath | client.setAsync |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:39:46:45 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | CalleeFlexibleAccessPath | promisify |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | contextSurroundingFunctionParameters | (req, res)\n() |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:48:34:48:41 | () => {} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | CalleeFlexibleAccessPath | client.unrelated |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | CalleeFlexibleAccessPath | client.unrelated |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | calleeImports | redis |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | receiverName | client |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:40:49:46 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | CalleeFlexibleAccessPath | promisify |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:33:51:45 | client.foobar | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | CalleeFlexibleAccessPath | promisify().bind |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:51:53:51:58 | client | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | CalleeFlexibleAccessPath | unrelated |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | CalleeFlexibleAccessPath | unrelated |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | calleeImports | util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionBody | req res key req body key client set key value setAsync promisify client set bind client foo1 setAsync key value client setAsync promisify client set foo2 client setAsync key value client unrelated promisify foo3 client unrelated key value unrelated promisify client foobar bind client foo4 unrelated key value |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | fileImports | body-parser express redis util |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:33:52:39 | "value" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:4:23:4:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:8:18:8:28 | 'socket.io' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | CalleeFlexibleAccessPath | io.on |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | calleeImports | socket.io |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | receiverName | io |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:7:9:18 | 'connection' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | CalleeFlexibleAccessPath | io.on |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | calleeImports | socket.io |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | contextSurroundingFunctionParameters | (socket) |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | receiverName | io |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:9:21:13:1 | (socket ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | CalleeFlexibleAccessPath | socket.on |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | contextSurroundingFunctionParameters | (socket) |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES  handle |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | enclosingFunctionName | io.on#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | receiverName | socket |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:13:10:21 | 'newuser' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | CalleeFlexibleAccessPath | socket.on |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | contextSurroundingFunctionParameters | (socket)\n(handle) |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES  handle |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | enclosingFunctionName | io.on#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | receiverName | socket |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | CalleeFlexibleAccessPath | db.run |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | calleeImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | contextSurroundingFunctionParameters | (socket)\n(handle) |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionBody | socket socket on newuser handle db run INSERT INTO users(name) VALUES  handle |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | enclosingFunctionName | io.on#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | fileImports | express socket.io sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:13:2:28 | require('mssql') | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:2:21:2:27 | 'mssql' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:9:5:19 | '/post/:id' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:5:22:10:1 | async f ... "'");\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | enclosingFunctionBody | req res sql query select * from mytable where id =  req params id sql Request query select * from mytable where id = ' req params id ' |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionBody | req res sql query select * from mytable where id =  req params id sql Request query select * from mytable where id = ' req params id ' |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | CalleeFlexibleAccessPath | sql.Request().query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | calleeImports | mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionBody | req res sql query select * from mytable where id =  req params id sql Request query select * from mytable where id = ' req params id ' |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | fileImports | express mssql |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:3:20:3:23 | 'pg' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | contextSurroundingFunctionParameters | (req, res)\n(err, results) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:14:16:15:32 | "SELECT ...  PRICE" | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | CalleeFlexibleAccessPath | pool.query |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | InputArgumentIndex | 2 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | calleeImports | pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | contextSurroundingFunctionParameters | (req, res)\n(err, results) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | enclosingFunctionBody | req res query1 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE pool query query1 err results query2 SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1  ORDER BY PRICE pool query query2 req params category err results |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | enclosingFunctionName | handler |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | receiverName | pool |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:9:21:17 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:26:21:31 | '/foo' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | CalleeFlexibleAccessPath | import(!)().get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | fileImports | express pg |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:21:34:21:40 | handler | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:3:23:3:31 | 'sqlite3' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | receiverName | angular |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:16:6:22 | 'myApp' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | receiverName | angular |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:25:6:35 | ['ngRoute'] | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:6:26:6:34 | 'ngRoute' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | CalleeFlexibleAccessPath | angular.module().controller |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:13:7:22 | 'FindPost' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | angular.module().controller |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | ($routeParams) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:7:25:9:1 | functio ... '"');\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | ($routeParams) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | enclosingFunctionName | controller#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | calleeImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | ($routeParams) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionBody | $routeParams db get SELECT * FROM Post WHERE id = " $routeParams id " |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | enclosingFunctionName | controller#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | fileImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:4:23:4:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | CalleeFlexibleAccessPath | require |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:5:23:5:31 | 'sqlite3' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:9:9:19 | '/post/:id' | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionBody |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | enclosingFunctionName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:9:22:11:1 | functio ... '"');\\n} | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | CalleeFlexibleAccessPath |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | InputArgumentIndex |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | calleeImports |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | receiverName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id | stringConcatenatedWith |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | CalleeFlexibleAccessPath | db.get |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputAccessPathFromCallee |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | InputArgumentIndex | 0 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | assignedToPropName |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | calleeImports | sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionBody | req res db get SELECT * FROM Post WHERE id = " req params id " |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | fileImports | express sqlite3 |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | createServer |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | fileImports | fs http path url |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:6:27:11:1 | functio ... h)));\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | CalleeFlexibleAccessPath | readFileSync |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionBody | req res path parse req url true query path res write readFileSync join public path |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | enclosingFunctionName | createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | fileImports | fs http path url |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | calleeImports | url |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | receiverName | path |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | CalleeFlexibleAccessPath | path.indexOf |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | calleeImports | url |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | receiverName | path |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | receiverName | angular |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | receiverName | angular |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | assignedToPropName | templateUrl |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionBody | templateUrl SAFE |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive().directive |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive().directive |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | assignedToPropName | templateUrl |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionBody | templateUrl Cookie get unsafe |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | CalleeFlexibleAccessPath | Cookie.get |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionBody | templateUrl Cookie get unsafe |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | receiverName | Cookie |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | calleeImports | express |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | receiverName | application |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | CalleeFlexibleAccessPath | application.get |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | calleeImports | express |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | receiverName | application |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | calleeImports | express |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | receiverName | application |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | CalleeFlexibleAccessPath | application.get |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | calleeImports | express |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | receiverName | application |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | CalleeFlexibleAccessPath | addEventListener |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | CalleeFlexibleAccessPath | addEventListener |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextSurroundingFunctionParameters | (ev) |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | CalleeFlexibleAccessPath | fs.realpath |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionBody | req res path url parse req url true query path require send req path |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | calleeImports | send |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | receiverName |  |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | calleeImports | url |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | receiverName | path |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | CalleeFlexibleAccessPath | split.join |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | calleeImports | url |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | receiverName | split |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | CalleeFlexibleAccessPath | concatted.join |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | calleeImports |  |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | receiverName | concatted |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | CalleeFlexibleAccessPath | concatted2.join |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | calleeImports | url |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | receiverName | concatted2 |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | calleeImports | http |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | receiverName | http |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | calleeImports | fs |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextFunctionInterfaces | views_local(req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | fileImports | bluebird fs |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | assignedToPropName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | calleeImports |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | fileImports | bluebird fs |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | receiverName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:2:29:2:38 | 'bluebird' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | CalleeFlexibleAccessPath | promisify |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | assignedToPropName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | calleeImports | bluebird |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | contextSurroundingFunctionParameters | (obj, method) |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionBody | obj method obj method promisify fs method obj |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | enclosingFunctionName | methods.reduce#functionalargument |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | fileImports | bluebird fs |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | receiverName |  |
-| autogenerated/TaintedPath/my-async-fs-module.js:12:27:12:36 | fs[method] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | calleeImports |  |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextFunctionInterfaces | require(special) |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | contextSurroundingFunctionParameters | (special) |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionBody | special special require fs require original-fs |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | enclosingFunctionName | require |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | fileImports | fs original-fs |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | receiverName |  |
-| autogenerated/TaintedPath/my-fs-module.js:3:18:3:21 | "fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | calleeImports |  |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextFunctionInterfaces | require(special) |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | contextSurroundingFunctionParameters | (special) |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | enclosingFunctionName | require |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | fileImports | fs original-fs |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | receiverName |  |
-| autogenerated/TaintedPath/my-fs-module.js:5:18:5:30 | "original-fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | CalleeFlexibleAccessPath | path.includes |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | CalleeFlexibleAccessPath | path.includes |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | CalleeFlexibleAccessPath | path.includes |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | CalleeFlexibleAccessPath | path.includes |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | receiverName | normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | receiverName | normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | receiverName | normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | CalleeFlexibleAccessPath | path.slice |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | receiverName | relative |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | receiverName | relativePath |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | CalleeFlexibleAccessPath | relativePath.indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | receiverName | relativePath |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | calleeImports | path-is-inside |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | InputArgumentIndex |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | calleeImports | path |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | calleeImports | express |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | receiverName | app |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | receiverName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | calleeImports | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | assignedToPropName |  |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | calleeImports |  |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | calleeImports | graceful-fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | calleeImports | fs-extra |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | calleeImports | original-fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | calleeImports | ./my-fs-module |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextSurroundingFunctionParameters | (special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionBody | special special require fs require original-fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextSurroundingFunctionParameters | (special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | CalleeFlexibleAccessPath | util.promisify |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | calleeImports | util |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | receiverName | util |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | calleeImports | util |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | CalleeFlexibleAccessPath | import(!).promisify |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | calleeImports | bluebird |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | calleeImports | bluebird |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | CalleeFlexibleAccessPath | import(!).promisifyAll |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | calleeImports | bluebird |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | calleeImports | bluebird |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | calleeImports |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | receiverName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | assignedToPropName |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | calleeImports |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | assignedToPropName |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | calleeImports |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:2:30:2:44 | 'parse-torrent' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | CalleeFlexibleAccessPath | parseTorrent |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | assignedToPropName |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | calleeImports | parse-torrent |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:5:41:5:47 | torrent | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | CalleeFlexibleAccessPath | page.pdf |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | assignedToPropName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | calleeImports | puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | receiverName | page |
-| autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | CalleeFlexibleAccessPath | page.pdf |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputAccessPathFromCallee | 0.path |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | assignedToPropName | path |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | calleeImports | puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | CalleeFlexibleAccessPath | page.pdf |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputAccessPathFromCallee | 0.format |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | assignedToPropName | format |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | calleeImports | puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:9:45:9:48 | 'a4' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | CalleeFlexibleAccessPath | pages.?.screenshot |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | assignedToPropName |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | calleeImports | puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | CalleeFlexibleAccessPath | pages.?.screenshot |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputAccessPathFromCallee | 0.path |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | assignedToPropName | path |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | calleeImports | puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionBody | tainted dir/ parseTorrent torrent name .torrent.data browser puppeteer launch page browser newPage page pdf path tainted format a4 pages browser pages i 0 i something i pages i screenshot path tainted browser close |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | enclosingFunctionName |  |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | fileImports | parse-torrent puppeteer |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | receiverName |  |
-| autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | receiverName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | receiverName | http |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | receiverName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | receiverName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | receiverName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:5:26:5:31 | 'path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | calleeImports | http |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | receiverName | http |
-| autogenerated/TaintedPath/tainted-array-steps.js:8:32:15:1 | functio ... ENCY]\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | receiverName | fs |
-| autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | receiverName | fs |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | CalleeFlexibleAccessPath | parts.join |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync public path join / parts public path parts parts map x x toLowerCase res write fs readFileSync parts join / |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | receiverName | parts |
-| autogenerated/TaintedPath/tainted-array-steps.js:14:40:14:42 | '/' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | calleeImports | express |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | receiverName | app |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | calleeImports | express |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | receiverName | app |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | receiverName |  |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionBody | req res m require req param module |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | receiverName | req |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | InputArgumentIndex |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:2:20:2:25 | 'path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | calleeImports | express |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | receiverName | app |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:9:6:23 | '/some/path/:x' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | calleeImports | express |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | receiverName | app |
-| autogenerated/TaintedPath/tainted-sendFile.js:6:26:28:1 | functio ... ata/'\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:8:26:8:32 | "gimme" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:10:26:10:32 | "gimme" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:26:13:32 | "gimme" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputAccessPathFromCallee | 1.root |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | assignedToPropName | root |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:26:15:32 | "gimme" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputAccessPathFromCallee | 1.root |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | assignedToPropName | root |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:26:18:31 | "file" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputAccessPathFromCallee | 1.root |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | assignedToPropName | root |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | receiverName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | receiverName | req |
-| autogenerated/TaintedPath/tainted-sendFile.js:18:53:18:57 | "dir" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | CalleeFlexibleAccessPath | res.sendfile |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | CalleeFlexibleAccessPath | res.sendFile |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | calleeImports |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionBody | req res res sendFile req param gimme res sendfile req param gimme res sendFile req param gimme root process cwd res sendfile req param gimme root process cwd res sendFile req param file root req param dir homeDir path resolve . res sendFile homeDir /data/ req params x res sendfile data/ req params x res sendFile path resolve data req params x res sendfile path join data req params x res sendFile homeDir path join data req params x |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | fileImports | express path |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | receiverName | res |
-| autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | receiverName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:2:20:2:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | calleeImports | http |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | receiverName | http |
-| autogenerated/TaintedPath/tainted-string-steps.js:5:32:29:1 | functio ... ENCY]\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:8:33:8:33 | 4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:33:9:33 | 0 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | CalleeFlexibleAccessPath | path.substring |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | InputArgumentIndex | 1 |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | CalleeFlexibleAccessPath | path.substr |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:10:30:10:30 | 4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | CalleeFlexibleAccessPath | path.slice |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:11:29:11:29 | 4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:20:29:20:31 | '/' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:21:29:21:31 | '/' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:22:29:22:31 | '/' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:23:29:23:32 | /\\// | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:24:29:24:31 | "?" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:25:29:25:35 | unknown | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:26:29:26:35 | unknown | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:27:29:27:35 | unknown | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | calleeImports | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | receiverName | fs |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | CalleeFlexibleAccessPath | path.split |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | assignedToPropName |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | calleeImports | url |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path substring i j fs readFileSync path substring 4 fs readFileSync path substring 0 i fs readFileSync path substr 4 fs readFileSync path slice 4 fs readFileSync path concat unknown fs readFileSync unknown concat path fs readFileSync unknown concat unknown path fs readFileSync path trim fs readFileSync path toLowerCase fs readFileSync path split / fs readFileSync path 0 split / 0 fs readFileSync path split / i fs readFileSync path split /\\// i fs readFileSync path 0 split ? 0 fs readFileSync path split unknown i fs readFileSync path split unknown whatever fs readFileSync path split unknown fs readFileSync path split ? i |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | fileImports | fs http url |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | receiverName | path |
-| autogenerated/TaintedPath/tainted-string-steps.js:28:29:28:31 | "?" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | assignedToPropName |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | calleeImports |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces | getTorrentData(dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | fileImports | fs parse-torrent |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | receiverName |  |
-| autogenerated/TaintedPath/torrents.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextFunctionInterfaces | getTorrentData(dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | fileImports | fs parse-torrent |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/torrents.js:2:20:2:23 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | CalleeFlexibleAccessPath | parseTorrent |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | assignedToPropName |  |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | calleeImports | parse-torrent |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextFunctionInterfaces | getTorrentData(dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | contextSurroundingFunctionParameters | (dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | enclosingFunctionName | getTorrentData |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | fileImports | fs parse-torrent |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | receiverName |  |
-| autogenerated/TaintedPath/torrents.js:5:26:5:32 | torrent | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | CalleeFlexibleAccessPath |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | InputArgumentIndex |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | assignedToPropName |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | calleeImports |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextFunctionInterfaces | getTorrentData(dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | contextSurroundingFunctionParameters | (dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | enclosingFunctionName | getTorrentData |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | fileImports | fs parse-torrent |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | receiverName |  |
-| autogenerated/TaintedPath/torrents.js:6:12:6:20 | dir + "/" | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | assignedToPropName |  |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | calleeImports | fs |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextFunctionInterfaces | getTorrentData(dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | contextSurroundingFunctionParameters | (dir, torrent) |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionBody | dir torrent name parseTorrent torrent name loc dir / name .torrent.data fs readFileSync loc |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | enclosingFunctionName | getTorrentData |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | fileImports | fs parse-torrent |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | receiverName | fs |
-| autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | calleeImports |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | receiverName |  |
-| autogenerated/TaintedPath/typescript.ts:1:18:1:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | calleeImports |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | receiverName |  |
-| autogenerated/TaintedPath/typescript.ts:2:20:2:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | calleeImports |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | receiverName |  |
-| autogenerated/TaintedPath/typescript.ts:3:19:3:23 | 'url' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | receiverName |  |
-| autogenerated/TaintedPath/typescript.ts:4:24:4:42 | 'sanitize-filename' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | calleeImports |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | receiverName |  |
-| autogenerated/TaintedPath/typescript.ts:5:26:5:31 | 'path' | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | calleeImports | http |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionBody |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | enclosingFunctionName |  |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | receiverName | http |
-| autogenerated/TaintedPath/typescript.ts:8:32:34:1 | functio ... nted\\n\\n} | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:15:31:15:34 | path | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:18:39:18:43 | path2 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:28:29:28:33 | path5 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | CalleeFlexibleAccessPath | fs.readFileSync |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | assignedToPropName |  |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | calleeImports | fs |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextFunctionInterfaces |  |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path path foo.txt res write fs readFileSync path path2 path path2 res write fs readFileSync path2 path3 path path3 res write fs readFileSync path3 path4 path path4 res write fs readFileSync path4 path5 path path5 clean res write fs readFileSync path5 path6 path path6 clean res write fs readFileSync path6 |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | fileImports | fs http path sanitize-filename url |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | receiverName | fs |
-| autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | stringConcatenatedWith |  |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | CalleeFlexibleAccessPath | res.render |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputAccessPathFromCallee |  |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | assignedToPropName |  |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | calleeImports |  |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextFunctionInterfaces | exports(req, res) |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionBody | req res res render req 0 params 0 |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | enclosingFunctionName | exports |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | fileImports |  |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | receiverName | res |
-| autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (event) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | receiverName | document |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (?) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | receiverName | document |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | CalleeFlexibleAccessPath | window.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | receiverName | window |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | CalleeFlexibleAccessPath | window.addEventListener |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | receiverName | window |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | CalleeFlexibleAccessPath | foo.bind |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | CalleeFlexibleAccessPath | foo.bind |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | CalleeFlexibleAccessPath | foo.bind |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputAccessPathFromCallee | 1.data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | assignedToPropName | data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | CalleeFlexibleAccessPath | Component |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputAccessPathFromCallee | 0.selector |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | assignedToPropName | selector |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | calleeImports | @angular/core |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | CalleeFlexibleAccessPath | Component |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputAccessPathFromCallee | 0.templateUrl |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | assignedToPropName | templateUrl |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | calleeImports | @angular/core |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:8:16:8:37 | './app. ... t.html' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | CalleeFlexibleAccessPath | Component |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputAccessPathFromCallee | 0.styleUrls |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | assignedToPropName | styleUrls |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | calleeImports | @angular/core |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:14:9:36 | ['./app ... t.css'] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:9:15:9:35 | './app. ... nt.css' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.paramMap.get |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:27:77:27:81 | 'foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | CalleeFlexibleAccessPath | this.route.snapshot.queryParamMap.get |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:28:82:28:86 | 'foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | CalleeFlexibleAccessPath | this.route.paramMap.subscribe |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | contextSurroundingFunctionParameters | ()\n(map) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:29:35:31:5 | map =>  ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | contextSurroundingFunctionParameters | ()\n(map) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | CalleeFlexibleAccessPath | map.get |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | contextSurroundingFunctionParameters | ()\n(map) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | receiverName | map |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:30:54:30:58 | 'foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | CalleeFlexibleAccessPath | this.route.snapshot.url.1.parameterMap.get |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:35:88:35:90 | 'x' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | CalleeFlexibleAccessPath | this.sanitizer2.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionBody | sanitizer bypassSecurityTrustHtml \u0275getDOM getLocation href sanitizer bypassSecurityTrustHtml route snapshot params foo sanitizer bypassSecurityTrustHtml route snapshot queryParams foo sanitizer bypassSecurityTrustHtml route snapshot fragment sanitizer bypassSecurityTrustHtml route snapshot paramMap get foo sanitizer bypassSecurityTrustHtml route snapshot queryParamMap get foo route paramMap subscribe map sanitizer bypassSecurityTrustHtml map get foo sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 path sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameters x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap get x sanitizer bypassSecurityTrustHtml 1 route snapshot url 1 parameterMap params x sanitizer bypassSecurityTrustHtml router url sanitizer2 bypassSecurityTrustHtml router url |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | enclosingFunctionName | ngOnInit |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | contextSurroundingFunctionParameters | (routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | enclosingFunctionName | someMethod |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | CalleeFlexibleAccessPath | routeSnapshot.paramMap.get |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextFunctionInterfaces | constructor(route, sanitizer, router, sanitizer2)\nngOnInit()\nsomeMethod(routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | contextSurroundingFunctionParameters | (routeSnapshot) |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionBody | routeSnapshot ActivatedRouteSnapshot sanitizer bypassSecurityTrustHtml routeSnapshot paramMap get foo |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | enclosingFunctionName | someMethod |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | fileImports | @angular/common @angular/core @angular/platform-browser @angular/router |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/angular2-client.ts:44:71:44:75 | 'foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNames() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNames() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesD() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesD() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesB() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesB() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | CalleeFlexibleAccessPath | classNames.bind |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | InputAccessPathFromCallee | 0.foo |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | assignedToPropName | foo |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | calleeImports | classnames |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | stringConcatenatedWith |  -endpoint- unsafeStyle() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | stringConcatenatedWith | '<span class="' + unsafeStyle() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | stringConcatenatedWith |  -endpoint- clsx() + '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | stringConcatenatedWith | '<span class="' + clsx() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | CalleeFlexibleAccessPath | d3.select |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | receiverName | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:8:15:8:21 | '#main' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | CalleeFlexibleAccessPath | d3.select().attr |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:15:9:21 | 'width' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | CalleeFlexibleAccessPath | d3.select().attr |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:9:24:9:26 | 100 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | CalleeFlexibleAccessPath | d3.select().attr().style |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:16:10:22 | 'color' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | CalleeFlexibleAccessPath | d3.select().attr().style |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:10:25:10:29 | 'red' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | CalleeFlexibleAccessPath | d3.select().attr().style().html |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | CalleeFlexibleAccessPath | d3.select().attr().style().html().html |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | contextSurroundingFunctionParameters | ()\n(d) |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:15:12:29 | d => getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | contextSurroundingFunctionParameters | ()\n(d) |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | CalleeFlexibleAccessPath | d3.select().attr().style().html().html().call |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:13:15:13:27 | otherFunction | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | CalleeFlexibleAccessPath | d3.select().attr().style().html().html().call().html |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | calleeImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | contextSurroundingFunctionParameters | ()\n(d) |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:15:14:29 | d => getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | contextSurroundingFunctionParameters | ()\n(d) |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | enclosingFunctionBody | d3 select #main attr width 100 style color red html getTaint html d getTaint call otherFunction html d getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | enclosingFunctionName | doSomething |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | CalleeFlexibleAccessPath | selection.attr |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | contextSurroundingFunctionParameters | (selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | enclosingFunctionBody | selection selection attr foo bar html getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | enclosingFunctionName | otherFunction |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | receiverName | selection |
-| autogenerated/Xss/DomBasedXss/d3.js:20:15:20:19 | 'foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | CalleeFlexibleAccessPath | selection.attr |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | contextSurroundingFunctionParameters | (selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | enclosingFunctionBody | selection selection attr foo bar html getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | enclosingFunctionName | otherFunction |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | receiverName | selection |
-| autogenerated/Xss/DomBasedXss/d3.js:20:22:20:26 | 'bar' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | CalleeFlexibleAccessPath | selection.attr().html |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | contextFunctionInterfaces | doSomething()\ngetTaint()\notherFunction(selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | contextSurroundingFunctionParameters | (selection) |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | enclosingFunctionBody | selection selection attr foo bar html getTaint |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | enclosingFunctionName | otherFunction |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | fileImports | d3 |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | CalleeFlexibleAccessPath | dateFnsFp.format() |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | CalleeFlexibleAccessPath | dateFnsFp.format() |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | CalleeFlexibleAccessPath | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | CalleeFlexibleAccessPath | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | stringConcatenatedWith |  -endpoint- encodeURIComponent() + '">click</a>' |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) | stringConcatenatedWith | '<a href="' -endpoint- '">click</a>' |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/encodeuri.js:3:45:3:57 | '">click</a>' | stringConcatenatedWith | '<a href="' + encodeURIComponent() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | contextFunctionInterfaces | onclick() |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | receiverName | document |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:25:1:31 | 'my-id' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | contextFunctionInterfaces | onclick() |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | enclosingFunctionBody | parentNode innerHTML <h2><a href=" location href ">A link</a></h2> |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | enclosingFunctionName | onclick |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:45 | '<h2><a href="' | stringConcatenatedWith |  -endpoint- location.href + '">A link</a></h2>' |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | contextFunctionInterfaces | onclick() |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | enclosingFunctionBody | parentNode innerHTML <h2><a href=" location href ">A link</a></h2> |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | enclosingFunctionName | onclick |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextFunctionInterfaces | onclick() |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionBody | parentNode innerHTML <h2><a href=" location href ">A link</a></h2> |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | enclosingFunctionName | onclick |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | fileImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | receiverName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href | stringConcatenatedWith | '<h2><a href="' -endpoint- '">A link</a></h2>' |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | contextFunctionInterfaces | onclick() |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | enclosingFunctionBody | parentNode innerHTML <h2><a href=" location href ">A link</a></h2> |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | enclosingFunctionName | onclick |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:65:2:83 | '">A link</a></h2>' | stringConcatenatedWith | '<h2><a href="' + location.href -endpoint-  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/express.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | receiverName | app |
-| autogenerated/Xss/DomBasedXss/express.js:5:9:5:20 | '/some/path' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | receiverName | app |
-| autogenerated/Xss/DomBasedXss/express.js:5:23:11:1 | functio ... " });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | CalleeFlexibleAccessPath | JSDOM |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | calleeImports | jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | enclosingFunctionBody | req res JSDOM req param wobble runScripts dangerously JSDOM req param wobble runScripts outside-only |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | receiverName |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | enclosingFunctionBody | req res JSDOM req param wobble runScripts dangerously JSDOM req param wobble runScripts outside-only |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | receiverName | req |
-| autogenerated/Xss/DomBasedXss/express.js:7:25:7:32 | "wobble" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | enclosingFunctionBody | req res JSDOM req param wobble runScripts dangerously JSDOM req param wobble runScripts outside-only |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | fileImports | express jsdom |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | receiverName | req |
-| autogenerated/Xss/DomBasedXss/express.js:10:25:10:32 | "wobble" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '">' |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '">' |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | stringConcatenatedWith |  -endpoint- location.toString() + '</b>' |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | stringConcatenatedWith | '<b>' + location.toString() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | receiverName | document |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | fileImports | express jsdom jsonwebtoken |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | fileImports | express jsdom jsonwebtoken |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | receiverName | app |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:9:6:20 | '/some/path' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | fileImports | express jsdom jsonwebtoken |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | receiverName | app |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:6:23:13:1 | functio ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | fileImports | express jsdom jsonwebtoken |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | receiverName | req |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:7:27:7:34 | "wobble" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | CalleeFlexibleAccessPath | JSDOM |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | calleeImports | jsdom |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | contextSurroundingFunctionParameters | (req, res)\n(err, decoded) |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionBody | req res taint req param wobble jwt verify taint my-secret-key err decoded JSDOM decoded foo runScripts dangerously |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | fileImports | express jsdom jsonwebtoken |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | CalleeFlexibleAccessPath | $.post |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | calleeImports | jquery |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | fileImports | jquery jwt-decode |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | receiverName | $ |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | CalleeFlexibleAccessPath | $.post |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | calleeImports | jquery |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | fileImports | jquery jwt-decode |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | receiverName | $ |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | CalleeFlexibleAccessPath | $.post |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputAccessPathFromCallee | 1.data |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | assignedToPropName | data |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | calleeImports | jquery |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | fileImports | jquery jwt-decode |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:27:4:31 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | CalleeFlexibleAccessPath | $.post |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | InputArgumentIndex | 2 |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | calleeImports | jquery |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | contextSurroundingFunctionParameters | (data, xhr) |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | fileImports | jquery jwt-decode |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | receiverName | $ |
-| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | CalleeFlexibleAccessPath | $.jGrowl |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | calleeImports | jquery |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | contextSurroundingFunctionParameters | (data, xhr) |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionBody | data xhr decoded jwt_decode data $ jGrowl decoded |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | enclosingFunctionName | $.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | fileImports | jquery jwt-decode |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | receiverName | $ |
-| autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:1:26:1:37 | 'nodemailer' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:2:23:2:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:4:23:4:33 | './backend' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | receiverName | app |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:10:6:27 | '/private_message' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | receiverName | app |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:6:30:15:1 | (req, r ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | CalleeFlexibleAccessPath | nodemailer.createTransport |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | receiverName | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:7:46:7:47 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | receiverName | transport |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputAccessPathFromCallee | 0.from |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | assignedToPropName | from |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:9:11:9:33 | 'webmas ... le.com' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputAccessPathFromCallee | 0.to |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | assignedToPropName | to |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:9:10:48 | backend ... ceiver) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | CalleeFlexibleAccessPath | backend.getUserEmail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | calleeImports | ./backend |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | receiverName | backend |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputAccessPathFromCallee | 0.subject |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | assignedToPropName | subject |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:11:14:11:30 | 'Private message' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.text |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | assignedToPropName | text |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | CalleeFlexibleAccessPath | transport.sendMail |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputAccessPathFromCallee | 0.html |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | assignedToPropName | html |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | calleeImports | nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionBody | req res transport nodemailer createTransport transport sendMail from webmaster@example.com to backend getUserEmail req query receiver subject Private message text Hi, you got a message from someone.  req query message . html Hi, you got a message from someone.  req query message . |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | fileImports | ./backend express nodemailer |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:5:4:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:4:18:4:63 | sanitiz ...  target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:5:6:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:5:9:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:5:13:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:13:18:13:24 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:7:17:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:7:21:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionBody | target document location search $ myId html sanitize DOMPurify sanitize target target $ myId html target tainted target $ myId html tainted sanitize tainted DOMPurify sanitize tainted $ myId html tainted inner target inner x $ myId html x sanitize x DOMPurify sanitize x $ myId html x |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:21:20:21:20 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:5:32:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | CalleeFlexibleAccessPath | sanitizeBad |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:5:36:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:5:39:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | CalleeFlexibleAccessPath | sanitizeBad |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:5:43:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:5:45:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | CalleeFlexibleAccessPath | sanitizeBad |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextFunctionInterfaces | badSanitizer()\ninner(x)\nsanitizeBad(x)\ntest() |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionBody | target document location search sanitizeBad x x tainted2 target $ myId html tainted2 sanitize tainted2 sanitizeBad tainted2 $ myId html tainted2 tainted3 target $ myId html tainted3 sanitize tainted3 sanitizeBad tainted3 $ myId html tainted3 $ myId html sanitize sanitizeBad target target |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | enclosingFunctionName | badSanitizer |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | CalleeFlexibleAccessPath | createContext |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputAccessPathFromCallee | 0.root |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | assignedToPropName | root |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | calleeImports | react |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-create-context.js:3:45:3:48 | null | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | fileImports | express react-native |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | receiverName | app |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:9:6:20 | '/some/path' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | fileImports | express react-native |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/DomBasedXss/react-native.js:6:23:10:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | CalleeFlexibleAccessPath | req.param |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | fileImports | express react-native |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | receiverName | req |
-| autogenerated/Xss/DomBasedXss/react-native.js:7:27:7:32 | "code" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | assignedToPropName | html |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | fileImports | express react-native |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | assignedToPropName | html |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionBody | req res tainted req param code WebView html tainted WebView source html tainted |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | fileImports | express react-native |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | CalleeFlexibleAccessPath | useContext |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | calleeImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionBody | useContext MyContext |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | enclosingFunctionName | useMyContext |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | fileImports | ./react-create-context react |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:5:23:5:31 | MyContext | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | CalleeFlexibleAccessPath | root.appendChild |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionBody | root useMyContext root appendChild window name |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | enclosingFunctionName | useDoc1 |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | fileImports | ./react-create-context react |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | receiverName | root |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | CalleeFlexibleAccessPath | root.appendChild |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextFunctionInterfaces | constructor(args)\nfoo()\nuseDoc1()\nuseMyContext() |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionBody | root context root appendChild window name |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | fileImports | ./react-create-context react |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | receiverName | root |
-| autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | enclosingFunctionName | initialState |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:42:5:56 | {__html: state} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionBody | state setState useState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | enclosingFunctionName | initialState |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | enclosingFunctionName | setStateValue |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:42:11:56 | {__html: state} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | enclosingFunctionName | setStateValue |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | enclosingFunctionName | setStateValueLazy |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:42:17:56 | {__html: state} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionBody | state setState useState foo setState window name div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | enclosingFunctionName | setStateValueLazy |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | contextSurroundingFunctionParameters | ()\n(prev) |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionBody | state setState useState foo setState prev document body innerHTML prev setState window name |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | enclosingFunctionName | setStateValueLazy |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | enclosingFunctionName | setStateValueSafe |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:42:32:56 | {__html: state} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextFunctionInterfaces | initialState()\nsetStateValue()\nsetStateValueLazy()\nsetStateValueLazy()\nsetStateValueSafe() |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionBody | state setState useState foo setState safe setState also safe div dangerouslySetInnerHTML __html state |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | enclosingFunctionName | setStateValueSafe |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | fileImports | react |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | receiverName |  |
-| autogenerated/Xss/DomBasedXss/react-use-state.js:32:51:32:55 | state | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:30 | "<a href=\\"" | stringConcatenatedWith |  -endpoint- escapeAttr() + '">' + escapeHtml() + '</a>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:19:18:91 | "<a hre ...  "</a>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:34:18:52 | escapeAttr(tainted) | stringConcatenatedWith | '<a href="' -endpoint- '">' + escapeHtml() + '</a>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:56:18:60 | "\\">" | stringConcatenatedWith | '<a href="' + escapeAttr() -endpoint- escapeHtml() + '</a>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:64:18:82 | escapeHtml(tainted) | stringConcatenatedWith | '<a href="' + escapeAttr() + '">' -endpoint- '</a>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:18:86:18:91 | "</a>" | stringConcatenatedWith | '<a href="' + escapeAttr() + '">' + escapeHtml() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:25 | "<div>" | stringConcatenatedWith |  -endpoint- escapeAttr() + '</div>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:19:19:58 | "<div>" ... </div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:29:19:47 | escapeAttr(tainted) | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:19:51:19:58 | "</div>" | stringConcatenatedWith | '<div>' + escapeAttr() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | CalleeFlexibleAccessPath | regex.test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | receiverName | regex |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:23:39:23:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:21:25:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:29:25:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:25:39:25:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | CalleeFlexibleAccessPath | regex.test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | receiverName | regex |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:29:28:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:28:39:28:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:30:39:30:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | CalleeFlexibleAccessPath | regex.exec |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | receiverName | regex |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:33:39:33:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:21:35:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:29:35:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:35:39:35:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:38:39:38:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:21:40:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:29:40:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:40:39:40:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:21:43:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:29:43:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:43:39:43:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:25 | '<b>' | stringConcatenatedWith |  -endpoint- tainted + '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:45:39:45:44 | '</b>' | stringConcatenatedWith | '<b>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextFunctionInterfaces | escapeAttr(s)\nescapeHtml(s)\ntest() |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionBody | tainted window name elt document createElement elt innerHTML <a href=" escapeAttr tainted "> escapeHtml tainted </a> elt innerHTML <div> escapeAttr tainted </div> regex /[<>'"&]/ regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex test tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> regex exec tainted null elt innerHTML <b> tainted </b> elt innerHTML <b> tainted </b> elt innerHTML tainted replace /<\\w+/g  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | CalleeFlexibleAccessPath | sessionStorage.setItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | receiverName | sessionStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:28:2:36 | 'session' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | receiverName | sessionStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | CalleeFlexibleAccessPath | localStorage.setItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:26:3:32 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | CalleeFlexibleAccessPath | localStorage.setItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:7:5:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | CalleeFlexibleAccessPath | sessionStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | receiverName | sessionStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:5:43:5:51 | 'session' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:7:6:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:20:6:50 | localSt ... ssion') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | CalleeFlexibleAccessPath | localStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:6:41:6:49 | 'session' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:7:7:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:20:7:50 | session ... local') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | CalleeFlexibleAccessPath | sessionStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | receiverName | sessionStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:7:43:7:49 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:7:8:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:8:41:8:47 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:10:37:10:43 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:7:12:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:31 | "<a href=\\"" | stringConcatenatedWith |  -endpoint- href + '>foobar</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href | stringConcatenatedWith | '<a href="' -endpoint- '>foobar</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:12:42:12:54 | ">foobar</a>" | stringConcatenatedWith | '<a href="' + href -endpoint-  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | CalleeFlexibleAccessPath | href.indexOf |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | receiverName | href |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:14:22:14:25 | "\\"" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:7:17:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:31 | "<a href=\\"" | stringConcatenatedWith |  -endpoint- href + '/>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:20:17:45 | "<a hre ...  + "/>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:35:17:38 | href | stringConcatenatedWith | '<a href="' -endpoint- '/>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:17:42:17:45 | "/>" | stringConcatenatedWith | '<a href="' + href -endpoint-  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:19:38:19:44 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | CalleeFlexibleAccessPath | href2.indexOf |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | receiverName | href2 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:20:23:20:26 | "\\"" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:7:23:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:33 | "\\n<a href=\\"" | stringConcatenatedWith |  -endpoint- href2 + '>foobar</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:20:23:57 | "\\n<a h ... ar</a>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:37:23:41 | href2 | stringConcatenatedWith | '\n<a href="' -endpoint- '>foobar</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:23:45:23:57 | ">foobar</a>" | stringConcatenatedWith | '\n<a href="' + href2 -endpoint-  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | CalleeFlexibleAccessPath | localStorage.getItem |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | receiverName | localStorage |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:25:38:25:44 | 'local' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | CalleeFlexibleAccessPath | href3.indexOf |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | receiverName | href3 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:26:23:26:26 | "\\"" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:7:29:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:35 | '\\r\\n<a href="/' | stringConcatenatedWith |  -endpoint- href3 + '">' + 'something' + '</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:20:29:73 | '\\r\\n<a ...  '</a>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:39:29:43 | href3 | stringConcatenatedWith | '\r\n<a href="/' -endpoint- '">' + 'something' + '</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:47:29:50 | '">' | stringConcatenatedWith | '\r\n<a href="/' + href3 -endpoint- 'something' + '</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:54:29:64 | "something" | stringConcatenatedWith | '\r\n<a href="/' + href3 + '">' -endpoint- '</a>' |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | enclosingFunctionBody | sessionStorage setItem session document location search localStorage setItem local document location search $ myId html sessionStorage getItem session $ myId html localStorage getItem session $ myId html sessionStorage getItem local $ myId html localStorage getItem local href localStorage getItem local $ myId html <a href=" href >foobar</a> href indexOf " 1 $ myId html <a href=" href /> href2 localStorage getItem local href2 indexOf " 1 $ myId html \n<a href=" href2 >foobar</a> href3 localStorage getItem local href3 indexOf " 1 $ myId html \r\n<a href="/ href3 "> something </a> |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/stored-xss.js:29:68:29:73 | '</a>' | stringConcatenatedWith | '\r\n<a href="/' + href3 + '">' + 'something' -endpoint-  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:16:1:51 | documen ... deAt(0) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | CalleeFlexibleAccessPath | document.location.href.charCodeAt |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:1:50:1:50 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:11:16:11:45 | escape( ... n.href) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | receiverName | document |
-| autogenerated/Xss/DomBasedXss/string-manipulations.js:12:16:12:61 | escape( ... href))) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | CalleeFlexibleAccessPath | target.substring |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | receiverName | target |
-| autogenerated/Xss/DomBasedXss/translate.js:7:59:7:59 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:5:9:19 | 'original-term' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | CalleeFlexibleAccessPath | searchParams.get |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | receiverName | searchParams |
-| autogenerated/Xss/DomBasedXss/translate.js:9:44:9:49 | 'term' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:5:11:21 | 'translated-term' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | CalleeFlexibleAccessPath | searchParams.get |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionBody | translate own goal backpass fumble feint target document location search searchParams URLSearchParams target substring 1 $ original-term html searchParams get term $ translated-term html translate searchParams get term |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | receiverName | searchParams |
-| autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | CalleeFlexibleAccessPath | window.location.search.substr |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:2:72:2:72 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:18:6:24 | "width" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | InputArgumentIndex | 2 |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | CalleeFlexibleAccessPath | foo.setAttributeNS |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | InputArgumentIndex | 2 |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | CalleeFlexibleAccessPath | foo.setAttributeNS |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:20:11:24 | 'baz' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | CalleeFlexibleAccessPath | foo.setAttributeNS |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:27:11:33 | 'width' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | CalleeFlexibleAccessPath | foo.setAttributeNS |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | InputArgumentIndex | 2 |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:20:15:20 | p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | CalleeFlexibleAccessPath | foo.setAttribute |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextFunctionInterfaces |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | receiverName | foo |
-| autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | stringConcatenatedWith |  -endpoint- document.location.href.substring() + '</OPTION>' |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | stringConcatenatedWith | '<OPTION value=1>' -endpoint- '</OPTION>' |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | CalleeFlexibleAccessPath | document.location.href.indexOf |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | stringConcatenatedWith | '<OPTION value=1>' + document.location.href.substring() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- target + 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | stringConcatenatedWith | '<div style="width:' + target -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- ? + 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | stringConcatenatedWith | '<div style="width:' + ? -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- parseInt() + 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | CalleeFlexibleAccessPath | parseInt |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | stringConcatenatedWith | '<div style="width:' + parseInt() -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | CalleeFlexibleAccessPath | params.get |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | receiverName | params |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | CalleeFlexibleAccessPath | target.substring |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | receiverName | target |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | CalleeFlexibleAccessPath | searchParams.get |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | receiverName | searchParams |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextSurroundingFunctionParameters | (target) |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionBody | target $ myId html target |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionBody | s <div> s </div> |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | stringConcatenatedWith |  -endpoint- s + '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionBody | s <div> s </div> |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionBody | s <div> s </div> |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | stringConcatenatedWith | '<div>' + s -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | CalleeFlexibleAccessPath | s.substr |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionBody | s s s substr 1  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionName | chop |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | receiverName | s |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionBody | s $ myId html s |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionBody | x x $ myId html x |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | CalleeFlexibleAccessPath | angular.module().service |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsUNKNOWN |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | CalleeFlexibleAccessPath | $sce.trustAs |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | receiverName | $sce |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | CalleeFlexibleAccessPath | $other.trustAsHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | receiverName | $other |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | CalleeFlexibleAccessPath | angular.module().service().service |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | CalleeFlexibleAccessPath | angular.element().html |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().service().service().directive |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | CalleeFlexibleAccessPath | element.html |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextSurroundingFunctionParameters | ()\n(scope, element) |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionBody | link scope element element html document location search element html SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | receiverName | element |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | CalleeFlexibleAccessPath | angular.element |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionBody | angular element document location search angular element SAFE |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | CalleeFlexibleAccessPath | document.location.search.substr |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | CalleeFlexibleAccessPath | v.match |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | receiverName | v |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | CalleeFlexibleAccessPath | angular.module |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | receiverName | angular |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService1) |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | CalleeFlexibleAccessPath | angular.module().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService2) |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | CalleeFlexibleAccessPath | React.createElement |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | receiverName | React |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createElement |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | receiverName | React |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createElement |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML.__html |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | CalleeFlexibleAccessPath | React.createFactory |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | receiverName | React |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createFactory() |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createFactory() |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML.__html |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | CalleeFlexibleAccessPath | this.setState |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextSurroundingFunctionParameters | ()\n()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | CalleeFlexibleAccessPath | this.setState |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | CalleeFlexibleAccessPath | this.setState |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | CalleeFlexibleAccessPath | super |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextSurroundingFunctionParameters | ()\n(props) |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | CalleeFlexibleAccessPath | range.selectNode |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | receiverName | range |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | CalleeFlexibleAccessPath | document.getElementsByTagName |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | CalleeFlexibleAccessPath | document.getElementsByTagName().item |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target length |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | CalleeFlexibleAccessPath | params.get |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | receiverName | params |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | CalleeFlexibleAccessPath | myUrl.get |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | receiverName | myUrl |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | CalleeFlexibleAccessPath | getUrl().hash.substring |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | CalleeFlexibleAccessPath | this.html |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | CalleeFlexibleAccessPath | document.location.href.split |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | CalleeFlexibleAccessPath | window.location.hash.substr |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | CalleeFlexibleAccessPath | window.location.hash.match |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | CalleeFlexibleAccessPath | window.location.hash.split |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | CalleeFlexibleAccessPath | Bloodhound |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | CalleeFlexibleAccessPath | Bloodhound |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputAccessPathFromCallee | ?.prefetch |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | assignedToPropName | prefetch |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:5:6:16 | '.typeahead' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputAccessPathFromCallee | 1.source |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | assignedToPropName | source |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:7:13:7:37 | autocom ... apter() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | InputAccessPathFromCallee | 1.templates |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | assignedToPropName | templates |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:8:16:12:5 | {\\n      ... }\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | InputAccessPathFromCallee | 1.templates.suggestion |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | assignedToPropName | suggestion |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | contextSurroundingFunctionParameters | ()\n(loc) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:9:19:11:7 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | contextSurroundingFunctionParameters | ()\n(loc) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:5:16:16 | '.typeahead' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputAccessPathFromCallee | 1.name |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | assignedToPropName | name |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:18:13:18:24 | 'dashboards' | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | InputAccessPathFromCallee | 1.source |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | assignedToPropName | source |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | contextSurroundingFunctionParameters | ()\n(query, cb) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:19:15:22:7 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | InputAccessPathFromCallee | 1.templates |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | assignedToPropName | templates |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:23:18:27:7 | {\\n      ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | CalleeFlexibleAccessPath | $().typeahead |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | InputAccessPathFromCallee | 1.templates.suggestion |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | assignedToPropName | suggestion |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:24:21:26:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | contextSurroundingFunctionParameters | ()\n(val) |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionBody | autocompleter Bloodhound prefetch remoteUrl autocompleter initialize $ .typeahead typeahead source autocompleter ttAdapter templates suggestion loc loc $ .typeahead typeahead name dashboards source query cb target document location search cb target templates suggestion val val |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | fileImports |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | receiverName |  |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:10 | "<div>" | stringConcatenatedWith |  -endpoint- tainted + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:24:4:31 | "</div>" | stringConcatenatedWith | '<div>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:5:5:9 | <div> | stringConcatenatedWith |  -endpoint- tainted + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:20:5:25 | </div> | stringConcatenatedWith | '<div>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:10 | "<div>" | stringConcatenatedWith |  -endpoint- tainted + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | CalleeFlexibleAccessPath | ?.concat |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:5:7:11 | "<div>" | stringConcatenatedWith |  -endpoint- tainted + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:23:7:30 | "</div>" | stringConcatenatedWith | '<div>' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:15 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:29:9:34 | "\\"/>" | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:5:10:13 | <div id=" | stringConcatenatedWith |  -endpoint- tainted + '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:24:10:26 | "/> | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:15 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | CalleeFlexibleAccessPath | ?.concat |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:5:12:16 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '"/>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:28:12:33 | "\\"/>" | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:10:15:23 | '<div align="' | stringConcatenatedWith |  -endpoint- 'left' + '">' + content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | stringConcatenatedWith | '<div align="' -endpoint- '">' + content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:59:15:62 | '">' | stringConcatenatedWith | '<div align="' + 'left' -endpoint- content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:66:15:72 | content | stringConcatenatedWith | '<div align="' + 'left' + '">' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:76:15:83 | '</div>' | stringConcatenatedWith | '<div align="' + 'left' + '">' + content -endpoint-  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:10:18:23 | '<div align="' | stringConcatenatedWith |  -endpoint- 'left' + '">' + content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | CalleeFlexibleAccessPath | ?.concat |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | stringConcatenatedWith | '<div align="' -endpoint- '">' + content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | InputArgumentIndex |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:68:18:71 | '">' | stringConcatenatedWith | '<div align="' + 'left' -endpoint- content + '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | CalleeFlexibleAccessPath | ?.concat |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | contextSurroundingFunctionParameters | (attrs) |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | stringConcatenatedWith | '<div align="' + 'left' + '">' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextFunctionInterfaces | indirection1(attrs)\nindirection2(attrs)\ntest() |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionBody | tainted document location search $ <div> tainted </div> $ <div> tainted </div> $ <div> concat tainted concat </div> $ <div> tainted </div> join $ <div id=" tainted "/> $ <div id=" tainted "/> $ <div id=" concat tainted concat /> $ <div id=" tainted "/> join indirection1 attrs <div align=" attrs defaultattr left "> content </div> indirection2 attrs <div align=" concat attrs defaultattr left concat "> concat content concat </div> $ indirection1 document location search attrs $ indirection2 document location search attrs |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | fileImports |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | receiverName |  |
-| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | CalleeFlexibleAccessPath | document.location.search.substring |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextFunctionInterfaces | test(elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | contextSurroundingFunctionParameters | (elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | fileImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | receiverName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:2:52:2:52 | 1 | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setInnerHTMLUnsafe |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextFunctionInterfaces | test(elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | contextSurroundingFunctionParameters | (elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | CalleeFlexibleAccessPath | WinJS.Utilities.setOuterHTMLUnsafe |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextFunctionInterfaces | test(elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | contextSurroundingFunctionParameters | (elt) |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionBody | elt tainted document location search substring 1 WinJS Utilities setInnerHTMLUnsafe elt tainted WinJS Utilities setOuterHTMLUnsafe elt tainted |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | fileImports |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | receiverName |  |
-| autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | receiverName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | CalleeFlexibleAccessPath | $().ready |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | receiverName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | receiverName | xhr |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | receiverName | xhr |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | receiverName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | receiverName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | stringConcatenatedWith |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputAccessPathFromCallee |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | assignedToPropName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextFunctionInterfaces | onreadystatechange() |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | CalleeFlexibleAccessPath | ajv.addSchema |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | calleeImports | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | receiverName | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | CalleeFlexibleAccessPath | ajv.addSchema |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputAccessPathFromCallee | 0.type |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | assignedToPropName | type |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | calleeImports | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | CalleeFlexibleAccessPath | ajv.addSchema |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputAccessPathFromCallee | 0.additionalProperties |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | assignedToPropName | additionalProperties |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | calleeImports | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | receiverName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | CalleeFlexibleAccessPath | ajv.addSchema |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputAccessPathFromCallee | 0.additionalProperties.type |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | assignedToPropName | type |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | calleeImports | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | CalleeFlexibleAccessPath | ajv.addSchema |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | calleeImports | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | receiverName | ajv |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | CalleeFlexibleAccessPath | app.post |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | receiverName | app |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | fileImports | ajv express |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | receiverName | app |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:5:11:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:5:17:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:17:18:17:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:5:23:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:23:18:23:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputAccessPathFromCallee | 0.prop |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | assignedToPropName | prop |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:5:29:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:29:18:29:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | InputArgumentIndex |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:12:33:16 | "bar" | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | InputArgumentIndex |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:5:35:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:35:18:35:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:5:48:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:48:18:48:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:5:54:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:54:18:54:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:5:64:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:64:18:64:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | CalleeFlexibleAccessPath | safe.call |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | receiverName | safe |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:13:68:16 | null | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe.call |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | receiverName | safe |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:5:70:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:70:18:70:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:5:78:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:78:18:78:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:5:83:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:83:18:83:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:4:86:9 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | CalleeFlexibleAccessPath | foo.match |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | receiverName | foo |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:89:21:89:25 | /foo/ | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:5:91:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:91:18:91:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | InputArgumentIndex |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | InputArgumentIndex |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:95:17:95:21 | "bar" | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:5:97:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:97:18:97:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:5:107:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionBody | foo document location inner x unknown x unknown foo e $ myId html e inner foo e $ myId html e unknown foo bar e $ myId html e unknown prop foo e $ myId html e unknown bar foo e $ myId html e deep x deep2 x deep2 x inner x deep bar foo e $ myId html e tmp bar foo e $ myId html e safe x foo x bar safe foo e $ myId html e safe call null foo e $ myId html e myWeirdInner myWeirdInner x inner x e $ myId html e myWeirdInner foo e $ myId html e $ myId html foo unknown foo match /foo/ e $ myId html e unknown foo bar e $ myId html e unknown foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:107:18:107:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:111:23:111:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:9:115:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:115:22:121:1 | functio ... K!\\n\\t}\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionBody | req res unknown req params id e res send Exception:  e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.setItem |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | receiverName | sessionStorage |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:25:125:42 | 'exceptionSession' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | CalleeFlexibleAccessPath | sessionStorage.setItem |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | receiverName | sessionStorage |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | CalleeFlexibleAccessPath | sessionStorage.getItem |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | receiverName | sessionStorage |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:128:34:128:51 | 'exceptionSession' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:5:130:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionBody | sessionStorage setItem exceptionSession document location search unknown sessionStorage getItem exceptionSession e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:9:135:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:135:22:143:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:136:25:142:2 | (error, ... ow?)\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:6:138:11 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:138:19:138:23 | error | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:5:141:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:141:18:141:20 | res | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | contextSurroundingFunctionParameters | ()\n(resolve) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | contextSurroundingFunctionParameters | ()\n(resolve) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:38:148:44 | resolve | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:148:54:150:2 | (e) =>  ... T OK\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:5:149:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:149:18:149:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:5:155:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:155:18:155:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:5:161:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:161:18:161:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:5:167:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:167:18:167:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | contextSurroundingFunctionParameters | (tainted, resolve) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | contextSurroundingFunctionParameters | (tainted, resolve) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:171:20:171:26 | resolve | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | CalleeFlexibleAccessPath | Promise().catch |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:174:52:176:2 | (e) =>  ... T OK\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:5:175:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionBody | foo document location search Promise resolve unknown foo resolve catch e $ myId html e null foo e $ myId html e unknown foo e $ myId html e foo foo e $ myId html e inner tainted resolve unknown tainted resolve Promise resolve inner foo resolve catch e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:175:18:175:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:9:179:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:179:22:186:1 | functio ... \\n\\t});\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | CalleeFlexibleAccessPath | unknown |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:180:25:185:2 | (error, ... wn. \\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:6:182:11 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:182:19:182:23 | error | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:5:184:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | contextSurroundingFunctionParameters | (req, res)\n(error, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionBody | req res unknown req params id error res error $ myId html error $ myId html res |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:184:18:184:20 | res | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:9:188:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | calleeImports | express |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | receiverName | app |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:188:22:194:1 | functio ... s)\\n\\t}\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionBody |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:196:18:196:21 | "fs" | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | CalleeFlexibleAccessPath | _.pick |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | receiverName | _ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | CalleeFlexibleAccessPath | _.pick |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | InputArgumentIndex | 1 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | receiverName | _ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | CalleeFlexibleAccessPath | $.val |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | receiverName | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | CalleeFlexibleAccessPath | ?.test |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | CalleeFlexibleAccessPath | console.log |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | receiverName | console |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | CalleeFlexibleAccessPath | log.info |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | receiverName | log |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | CalleeFlexibleAccessPath | localStorage.setItem |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | receiverName | localStorage |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:5:213:10 | 'myId' | stringConcatenatedWith |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | assignedToPropName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | calleeImports |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionBody | foo document location search Object assign foo foo _ pick foo foo foo foo join join $ val foo JSON parse foo /bla/ test foo console log foo log info foo localStorage setItem foo e $ myId html e |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | enclosingFunctionName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | fileImports | express fs |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | receiverName |  |
-| autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | CalleeFlexibleAccessPath | unified().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | CalleeFlexibleAccessPath | unified().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | CalleeFlexibleAccessPath | unified().use().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | CalleeFlexibleAccessPath | unified().use().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | CalleeFlexibleAccessPath | unified().use().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputAccessPathFromCallee | 1.title |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | assignedToPropName | title |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | CalleeFlexibleAccessPath | unified().use().use().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | CalleeFlexibleAccessPath | unified().use().use().use().use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | CalleeFlexibleAccessPath | remark().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | CalleeFlexibleAccessPath | remark().use().processSync |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | CalleeFlexibleAccessPath | unified().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputAccessPathFromCallee | 0.html |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | assignedToPropName | html |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputAccessPathFromCallee | 0.html |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | assignedToPropName | html |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | CalleeFlexibleAccessPath | import(!)().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | CalleeFlexibleAccessPath | markdownIt2.render |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | receiverName | markdownIt2 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | CalleeFlexibleAccessPath | markdownIt.use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | receiverName | markdownIt |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | CalleeFlexibleAccessPath | markdownIt.use().render |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | CalleeFlexibleAccessPath | markdownIt.use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | receiverName | markdownIt |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | CalleeFlexibleAccessPath | markdownIt.use().use |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | moreBadStuff(params, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:9:4:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:22:12:1 | functio ... .\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO:  req params id res set Content-Type text/html res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:13:6:26 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO:  req params id res set Content-Type text/html res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:6:29:6:40 | 'text/plain' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO:  req params id res set Content-Type text/html res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:13:9:26 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionBody | req res whatever res set Content-Type text/plain res send FOO:  req params id res set Content-Type text/html res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:9:29:9:39 | 'text/html' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:9:14:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:14:22:22:1 | functio ... .\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO:  req params id res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:19:16:21 | 200 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO:  req params id res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:24:16:59 | {'Conte ... /json'} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | assignedToPropName | Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO:  req params id res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:16:41:16:58 | 'application/json' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionBody | req res whatever res writeHead 200 Content-Type application/json res send FOO:  req params id res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:19:19:19:21 | 404 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:9:25:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:25:22:33:1 | functio ...  JSON\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO:  req params id res send FOO:  req params id res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:17:26:19 | 200 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO:  req params id res send FOO:  req params id res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:22:26:57 | {'Conte ... /json'} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | assignedToPropName | Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionBody | req res res writeHead 200 Content-Type application/json whatever res send FOO:  req params id res send FOO:  req params id res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:26:39:26:56 | 'application/json' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:36:22:44:1 | functio ... K\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionBody | req res err res statusCode 404 res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:19:41:32 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res statusCode 404 res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:41:35:41:59 | 'text/p ... t=utf8' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:9:50:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:50:22:58:1 | functio ... K\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:16:52:50 | {'Conte ... Type()} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | CalleeFlexibleAccessPath | res.header |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputAccessPathFromCallee | 0.Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | assignedToPropName | Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:52:33:52:49 | textContentType() | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:19:55:32 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionBody | req res err res header Content-Type textContentType res end FOO:  req params id res setHeader Content-Type text/plain;charset=utf8 res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:55:35:55:59 | 'text/p ... t=utf8' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:9:60:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:60:22:71:1 | functio ...  set.\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO:  req params id doSomething somethingMore Math random res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:19:62:21 | 200 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO:  req params id doSomething somethingMore Math random res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:24:62:59 | {'Conte ... /json'} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputAccessPathFromCallee | 1.Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | assignedToPropName | Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO:  req params id doSomething somethingMore Math random res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:62:41:62:58 | 'application/json' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | CalleeFlexibleAccessPath | res.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionBody | req res err res writeHead 200 Content-Type application/json res send FOO:  req params id doSomething somethingMore Math random res writeHead 404 res send FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:69:17:69:19 | 404 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:9:73:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:73:22:79:1 | functio ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | CalleeFlexibleAccessPath | res.header |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO:  req params id res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:14:74:48 | {'Conte ... Type()} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | CalleeFlexibleAccessPath | res.header |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputAccessPathFromCallee | 0.Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | assignedToPropName | Content-Type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO:  req params id res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:74:31:74:47 | textContentType() | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | CalleeFlexibleAccessPath | myFancyFunction |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | contextFunctionInterfaces | textContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | enclosingFunctionBody | req res res header Content-Type textContentType myFancyFunction res send FOO:  req params id res end FOO:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:75:19:77:3 | () => { ...  OK\\n  } | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:1:21:1:25 | "url" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:9:3:14 | "http" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | CalleeFlexibleAccessPath | import(!).createServer |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | calleeImports | http |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | contextSurroundingFunctionParameters | (req, resp) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:3:30:6:1 | functio ... name)\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | CalleeFlexibleAccessPath | resp.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | contextSurroundingFunctionParameters | (resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | enclosingFunctionName | sendTextResponse |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | receiverName | resp |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:18:9:20 | 200 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | CalleeFlexibleAccessPath | resp.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | contextSurroundingFunctionParameters | (resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | enclosingFunctionName | sendTextResponse |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | receiverName | resp |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:23:9:67 | {"conte ... utf-8"} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | CalleeFlexibleAccessPath | resp.writeHead |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputAccessPathFromCallee | 1.content-type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | assignedToPropName | content-type |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextFunctionInterfaces | sendTextResponse(resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | contextSurroundingFunctionParameters | (resp, text) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionBody | resp text resp writeHead 200 content-type text/plain; charset=utf-8 resp end text |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | enclosingFunctionName | sendTextResponse |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | fileImports | http url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood2.js:9:40:9:66 | "text/p ... =utf-8" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:8:14:8:15 | '' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:7:33:45 | html += ...  index) | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:15:33:45 | str.sub ...  index) | stringConcatenatedWith | '' -endpoint-  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | CalleeFlexibleAccessPath | str.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | receiverName | str |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | CalleeFlexibleAccessPath | str.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | receiverName | str |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:5:37:18 | html += escape | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:37:13:37:18 | escape | stringConcatenatedWith | '' -endpoint-  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:7:41:44 | html +  ...  index) | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | CalleeFlexibleAccessPath | str.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | receiverName | str |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | CalleeFlexibleAccessPath | str.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | contextSurroundingFunctionParameters | (string) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionBody | string str  string escape html  lastIndex 0 index 0 index str length index str charCodeAt index 34 escape &quot; 38 escape &amp; 39 escape &#39; 60 escape &lt; 62 escape &gt; lastIndex index html str substring lastIndex index lastIndex index 1 html escape lastIndex index html str substring lastIndex index html |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | receiverName | str |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | CalleeFlexibleAccessPath | value.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | contextSurroundingFunctionParameters | (value) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push &amp; XMLChars QUOT parts push &quot; XMLChars LT parts push &lt; XMLChars GT parts push &gt; i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | enclosingFunctionName | escapeHtml3 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | receiverName | value |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:32:77:32 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | CalleeFlexibleAccessPath | value.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | contextSurroundingFunctionParameters | (value) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push &amp; XMLChars QUOT parts push &quot; XMLChars LT parts push &lt; XMLChars GT parts push &gt; i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | enclosingFunctionName | escapeHtml3 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | receiverName | value |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | CalleeFlexibleAccessPath | value.charCodeAt |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | contextSurroundingFunctionParameters | (value) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push &amp; XMLChars QUOT parts push &quot; XMLChars LT parts push &lt; XMLChars GT parts push &gt; i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | enclosingFunctionName | escapeHtml3 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | receiverName | value |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:96:29:96:29 | i | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | CalleeFlexibleAccessPath | value.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | contextSurroundingFunctionParameters | (value) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push &amp; XMLChars QUOT parts push &quot; XMLChars LT parts push &lt; XMLChars GT parts push &gt; i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | enclosingFunctionName | escapeHtml3 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | receiverName | value |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | CalleeFlexibleAccessPath | value.substring |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | contextSurroundingFunctionParameters | (value) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionBody | value i 0 XMLChars AMP 38 QUOT 34 LT 60 GT 62 parts value substring 0 i i length ch XMLChars AMP parts push &amp; XMLChars QUOT parts push &quot; XMLChars LT parts push &lt; XMLChars GT parts push &gt; i j i i length ch value charCodeAt i ch XMLChars AMP ch XMLChars QUOT ch XMLChars LT ch XMLChars GT i j i parts push value substring j i parts join  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | enclosingFunctionName | escapeHtml3 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | receiverName | value |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | CalleeFlexibleAccessPath | s.chatAt |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionBody | s buf  i s length ch s chatAt i ch & buf &amp; < buf &lt; " buf &quot; buf ch buf |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | enclosingFunctionName | escapeHtml4 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | receiverName | s |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:115:23:115:25 | i++ | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:9:134:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(string)\nescapeHtml2(s)\nescapeHtml3(value)\nescapeHtml4(s) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:134:22:141:1 | functio ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:1:22:1:34 | 'escape-html' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:2:23:2:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:9:6:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:6:22:13:1 | functio ...     ;\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:9:16:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:16:22:20:1 | functio ... d });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | CalleeFlexibleAccessPath | res.render |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | CalleeFlexibleAccessPath | res.render |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputAccessPathFromCallee | 1.id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | assignedToPropName | id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionBody | req res isValidUserId req params id res render invalidUserIdTemplate id req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:9:22:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:22:22:30:1 | functio ...     ;\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:13:25:26 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type text/plain res send Unknown user:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:25:29:25:40 | 'text/plain' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:9:36:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:36:22:44:1 | functio ...     ;\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:13:39:26 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | CalleeFlexibleAccessPath | res.set |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionBody | req res isValidUserId req params id res set Content-Type textContentType res send Unknown user:  req params id |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:39:29:39:45 | textContentType() | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:9:46:15 | '/echo' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:46:18:51:1 | functio ... msg);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:16:48:29 | 'Content-Type' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:48:32:48:49 | 'application/json' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:16:49:31 | 'Content-Length' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | CalleeFlexibleAccessPath | res.setHeader |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionBody | req res msg req params msg res setHeader Content-Type application/json res setHeader Content-Length msg length res end msg |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | receiverName | res |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:9:53:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:53:22:58:1 | functio ... K\\n  }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | CalleeFlexibleAccessPath | ?.exec |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionBody | req res url req params id /["'&<>]/ exec url res send url |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | CalleeFlexibleAccessPath | ?.exec |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | contextSurroundingFunctionParameters | (str) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionBody | str /["'&<>]/ exec str str |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | enclosingFunctionName | escapeHtml1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | receiverName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:9:66:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:66:22:70:1 | functio ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:9:82:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextFunctionInterfaces | escapeHtml1(str)\nescapeHtml2(string)\ntextContentType() |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | fileImports | escape-html express |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:82:22:86:1 | functio ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | fileImports | cookie-parser express |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | fileImports | cookie-parser express |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:2:28:2:42 | 'cookie-parser' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | CalleeFlexibleAccessPath | app.use |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | fileImports | cookie-parser express |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | receiverName | app |
-| autogenerated/Xss/ReflectedXss/cookies.js:5:9:5:22 | cookieParser() | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | fileImports | cookie-parser express |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:9:7:23 | '/cookie/:name' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | fileImports | cookie-parser express |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/cookies.js:7:26:10:1 | functio ... me]);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | fileImports | express is-var-name |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | fileImports | express is-var-name |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:2:25:2:37 | 'is-var-name' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | fileImports | express is-var-name |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:9:5:20 | "/some/path" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | fileImports | express is-var-name |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/etherpad.js:5:23:12:1 | (req, r ... nse);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:15:3:22 | '/user/' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | receiverName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:3:25:8:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | CalleeFlexibleAccessPath | console.log |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | enclosingFunctionBody | req res evil req query evil res send console log <div>%s</div> evil res send util format <div>%s</div> evil res send require printf <div>%s</div> evil |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | receiverName | console |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:26:5:40 | "<div>%s</div>" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | CalleeFlexibleAccessPath | console.log |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionBody | req res evil req query evil res send console log <div>%s</div> evil res send util format <div>%s</div> evil res send require printf <div>%s</div> evil |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | receiverName | console |
-| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionBody | req res evil req query evil res send console log <div>%s</div> evil res send util format <div>%s</div> evil res send require printf <div>%s</div> evil |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | fileImports | express printf |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | receiverName |  |
-| autogenerated/Xss/ReflectedXss/formatting.js:7:22:7:29 | "printf" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | CalleeFlexibleAccessPath | res.send |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextFunctionInterfaces | handler(req, res) |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionBody | req res res send req url |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | enclosingFunctionName | handler |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | fileImports |  |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | receiverName | res |
-| autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:2:26:2:37 | 'underscore' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:3:22:3:29 | 'lodash' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:4:17:4:23 | 'ramda' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:8:9:8:20 | "/some/path" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:8:23:15:1 | (req, r ... ack);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | CalleeFlexibleAccessPath | sendResponse.bind |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | receiverName | sendResponse |
-| autogenerated/Xss/ReflectedXss/partial.js:13:36:13:39 | null | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | CalleeFlexibleAccessPath | sendResponse.bind |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback sendResponse bind null req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | receiverName | sendResponse |
-| autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:17:9:17:21 | "/underscore" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:17:24:24:1 | (req, r ... ack);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | CalleeFlexibleAccessPath | underscore.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | calleeImports | underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | receiverName | underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | CalleeFlexibleAccessPath | underscore.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | calleeImports | underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback underscore partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | receiverName | underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:26:9:26:17 | "/lodash" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:26:20:33:1 | (req, r ... ack);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | CalleeFlexibleAccessPath | lodash.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | calleeImports | lodash |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | receiverName | lodash |
-| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | CalleeFlexibleAccessPath | lodash.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | calleeImports | lodash |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback lodash partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | receiverName | lodash |
-| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:35:9:35:16 | "/ramda" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:35:19:42:1 | (req, r ... ack);\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | CalleeFlexibleAccessPath | R.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | calleeImports | ramda |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | receiverName | R |
-| autogenerated/Xss/ReflectedXss/partial.js:40:28:40:39 | sendResponse | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | CalleeFlexibleAccessPath | R.partial |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | calleeImports | ramda |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | receiverName | R |
-| autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | InputArgumentIndex |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionBody | req res sendResponse x y res send x y callback R partial sendResponse req url 1 2 3 forEach callback |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | receiverName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:44:9:44:17 | "/return" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/partial.js:44:20:55:1 | (req, r ...  site\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | CalleeFlexibleAccessPath | getFirst.bind |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | receiverName | getFirst |
-| autogenerated/Xss/ReflectedXss/partial.js:49:32:49:35 | null | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | CalleeFlexibleAccessPath | getFirst.bind |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextFunctionInterfaces | getFirst(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y)\nsendResponse(x, y) |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionBody | req res getFirst x y x callback getFirst bind null req url res send callback res send callback res send getFirst Hello |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | fileImports | express lodash ramda underscore |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | receiverName | getFirst |
-| autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | receiverName | app |
-| autogenerated/Xss/ReflectedXss/promises.js:4:9:4:20 | "/some/path" | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/promises.js:4:23:11:1 | (req, r ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | CalleeFlexibleAccessPath | resolve |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:6:11:6:26 | x => res.send(x) | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | CalleeFlexibleAccessPath | resolve |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(resolve, reject) |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | CalleeFlexibleAccessPath | Promise().then |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | contextSurroundingFunctionParameters | (req, res)\n(x) |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:9:11:9:28 | x => escapeHtml(x) | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | CalleeFlexibleAccessPath | Promise().then().then |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | contextSurroundingFunctionParameters | (req, res)\n(x) |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionBody | req res Promise resolve reject resolve req query data then x res send x Promise resolve reject resolve req query data then x escapeHtml x then x res send x |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | fileImports | express |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | receiverName |  |
-| autogenerated/Xss/ReflectedXss/promises.js:10:11:10:26 | x => res.send(x) | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | receiverName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | receiverName | app |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | stringConcatenatedWith |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | express |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | receiverName | app |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:2:18:2:21 | 'fs' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:4:23:4:31 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | calleeImports | express |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:15:6:17 | '/' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | calleeImports | express |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:6:20:10:1 | functio ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | calleeImports | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | receiverName | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:16:7:23 | "/myDir" | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | fs.readdir |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | calleeImports | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | enclosingFunctionBody | req res fs readdir /myDir error files1 res send files1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | receiverName | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | calleeImports | http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | receiverName | http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:15:19:40:1 | functio ...   });\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | CalleeFlexibleAccessPath | files2.sort |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | contextSurroundingFunctionParameters | (files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | receiverName | files2 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | CalleeFlexibleAccessPath | files2.sort().forEach |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | contextSurroundingFunctionParameters | (files2)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | InputArgumentIndex |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | contextSurroundingFunctionParameters | (files2)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:30 | '<li>' | stringConcatenatedWith |  -endpoint- file + '</li>' |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | InputArgumentIndex |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | contextSurroundingFunctionParameters | (files2)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:25:20:37 | '<li>' + file | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | InputArgumentIndex |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | contextSurroundingFunctionParameters | (files2)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:34:20:37 | file | stringConcatenatedWith | '<li>' -endpoint- '</li>' |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | InputArgumentIndex |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | contextSurroundingFunctionParameters | (files2)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:20:41:20:47 | '</li>' | stringConcatenatedWith | '<li>' + file -endpoint-  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | CalleeFlexibleAccessPath | fs.readdir |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | calleeImports | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | receiverName | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:16:25:23 | "/myDir" | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | CalleeFlexibleAccessPath | fs.readdir |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | calleeImports | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | contextSurroundingFunctionParameters | (req, res)\n(error, files1) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | receiverName | fs |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | CalleeFlexibleAccessPath | files1.forEach |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | contextFunctionInterfaces | format(files2) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(error, files1)\n(file) |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | enclosingFunctionBody | req res format files2 files3 files2 sort sort forEach file files3 push <li> file </li> files3 join  fs readdir /myDir error files1 res write files1 dirs files2 files1 forEach file files2 push file res write files2 files3 format files2 res write files3 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | fileImports | express fs http |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | receiverName | files1 |
-| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextFunctionInterfaces |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | fileImports | express parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:1:30:1:44 | 'parse-torrent' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | calleeImports |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextFunctionInterfaces |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | fileImports | express parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:2:25:2:33 | 'express' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextFunctionInterfaces |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | fileImports | express parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:15:4:25 | '/user/:id' | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | express().get |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | fileImports | express parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:4:28:8:1 | functio ... OT OK\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | CalleeFlexibleAccessPath | parseTorrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputAccessPathFromCallee |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | InputArgumentIndex | 0 |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | assignedToPropName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | calleeImports | parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextFunctionInterfaces |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionBody | req res torrent parseTorrent unknown name torrent name res send name |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | enclosingFunctionName | get#functionalargument |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | fileImports | express parse-torrent |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | receiverName |  |
-| autogenerated/Xss/StoredXss/xss-through-torrent.js:5:29:5:35 | unknown | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | CalleeFlexibleAccessPath | define |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextSurroundingFunctionParameters | (factory) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextSurroundingFunctionParameters | (factory) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextSurroundingFunctionParameters | ($) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | stringConcatenatedWith |  -endpoint- $.trim() + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextSurroundingFunctionParameters | ($) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextSurroundingFunctionParameters | ($) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | CalleeFlexibleAccessPath | $.trim |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextSurroundingFunctionParameters | ($) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | receiverName | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextFunctionInterfaces |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextSurroundingFunctionParameters | ($) |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | stringConcatenatedWith | '<span>' + $.trim() -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | CalleeFlexibleAccessPath | document.createElement |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | CalleeFlexibleAccessPath | import(!) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputAccessPathFromCallee | 0.html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | assignedToPropName | html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | assignedToPropName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | stringConcatenatedWith |  -endpoint- this.step + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | stringConcatenatedWith | '<span>' + this.step -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | this.each |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | stringConcatenatedWith |  -endpoint- settings.name + '</b>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | stringConcatenatedWith | '<b>' + settings.name -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal.replace() + '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal.replace() -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | CalleeFlexibleAccessPath | attrVal.indexOf |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | receiverName | attrVal |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | CalleeFlexibleAccessPath | attrVal.indexOf |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | receiverName | attrVal |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | stringConcatenatedWith |  -endpoint- obj.spanTemplate + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | stringConcatenatedWith | '<span>' + obj.spanTemplate -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | enclosingFunctionName | basicHtmlConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | basicHtmlConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:41 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | enclosingFunctionName | basicHtmlConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | enclosingFunctionName | basicHtmlConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | enclosingFunctionName | basicHtmlConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | CalleeFlexibleAccessPath | document.implementation.createHTMLDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument  newDoc body innerHTML <span> s </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | enclosingFunctionName | insertIntoCreatedDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:63:7:64 | "" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument  newDoc body innerHTML <span> s </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | enclosingFunctionName | insertIntoCreatedDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:36 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument  newDoc body innerHTML <span> s </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | enclosingFunctionName | insertIntoCreatedDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:29:8:52 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionBody | s newDoc document implementation createHTMLDocument  newDoc body innerHTML <span> s </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | enclosingFunctionName | insertIntoCreatedDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:40:8:40 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | enclosingFunctionBody | s newDoc document implementation createHTMLDocument  newDoc body innerHTML <span> s </span> |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | enclosingFunctionName | insertIntoCreatedDocument |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:8:44:8:52 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | enclosingFunctionBody | s id x html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | enclosingFunctionName | notVulnerable |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | enclosingFunctionBody | s id x html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | enclosingFunctionName | notVulnerable |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:18:17:41 | "<span> ... /span>" | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionBody | s id x html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | enclosingFunctionName | notVulnerable |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:29:17:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | enclosingFunctionBody | s id x html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | enclosingFunctionName | notVulnerable |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:17:33:17:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionBody | s id x html <span> s </span> document body innerHTML html |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | enclosingFunctionName | notVulnerable |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | fileImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | receiverName |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | CalleeFlexibleAccessPath | $().appendTo |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | CalleeFlexibleAccessPath | console.log |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | receiverName | console |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | CalleeFlexibleAccessPath | safe.has |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | receiverName | safe |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputAccessPathFromCallee | 0.menu |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | assignedToPropName | menu |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputAccessPathFromCallee | 0.target |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | assignedToPropName | target |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | receiverName | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputAccessPathFromCallee | 1.my_plugin |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | assignedToPropName | my_plugin |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | stringConcatenatedWith |  -endpoint-  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | stringConcatenatedWith |  -endpoint- options.target + '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | stringConcatenatedWith | '<div>' + options.target -endpoint-  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | stringConcatenatedWith |  -endpoint- ? |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | stringConcatenatedWith | '<div>' -endpoint-  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | stringConcatenatedWith |  -endpoint- options.target + '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | stringConcatenatedWith | '<div class="' -endpoint- '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | InputArgumentIndex |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | stringConcatenatedWith | '<div class="' + options.target -endpoint-  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputAccessPathFromCallee |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | assignedToPropName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionBody |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | receiverName |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | contextSurroundingFunctionParameters | ()\n(values) |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | enclosingFunctionBody | div \n         Formik initialValues email  password  validate values $ #id html values foo onSubmit values setSubmitting $ #id html values bar \n             inputs form onSubmit handleSubmit \n         \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | enclosingFunctionName | FormikBasic |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | contextSurroundingFunctionParameters | ()\n(values) |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | enclosingFunctionBody | div \n         Formik initialValues email  password  validate values $ #id html values foo onSubmit values setSubmitting $ #id html values bar \n             inputs form onSubmit handleSubmit \n         \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | enclosingFunctionName | FormikBasic |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | contextSurroundingFunctionParameters | ()\n(values, ?) |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | enclosingFunctionBody | div \n         Formik initialValues email  password  validate values $ #id html values foo onSubmit values setSubmitting $ #id html values bar \n             inputs form onSubmit handleSubmit \n         \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | enclosingFunctionName | FormikBasic |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:19:12:23 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | contextSurroundingFunctionParameters | ()\n(values, ?) |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | enclosingFunctionBody | div \n         Formik initialValues email  password  validate values $ #id html values foo onSubmit values setSubmitting $ #id html values bar \n             inputs form onSubmit handleSubmit \n         \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | enclosingFunctionName | FormikBasic |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:12:31:12:40 | values.bar | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | CalleeFlexibleAccessPath | withFormik |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | calleeImports | formik |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | enclosingFunctionBody |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:22:35:31:1 | {\\n    m ...     }\\n} | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | CalleeFlexibleAccessPath | withFormik |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputAccessPathFromCallee | 0.mapPropsToValues |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | assignedToPropName | mapPropsToValues |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | calleeImports | formik |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionBody |  |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:23:23:23:42 | () => ({ name: '' }) | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | CalleeFlexibleAccessPath | withFormik |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | InputAccessPathFromCallee | 0.validate |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | assignedToPropName | validate |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | calleeImports | formik |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | contextSurroundingFunctionParameters | (values) |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:24:15:26:5 | values  ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | contextSurroundingFunctionParameters | (values) |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionBody | values $ #id html values email |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | enclosingFunctionName | validate |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:11:25:15 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | contextSurroundingFunctionParameters | (values) |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionBody | values $ #id html values email |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | enclosingFunctionName | validate |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:25:23:25:34 | values.email | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | CalleeFlexibleAccessPath | withFormik |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | InputAccessPathFromCallee | 0.handleSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | assignedToPropName | handleSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | calleeImports | formik |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | contextSurroundingFunctionParameters | (values, ?) |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | enclosingFunctionBody |  |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:28:19:30:5 | (values ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | contextSurroundingFunctionParameters | (values, ?) |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionBody | values setSubmitting $ #id html values email |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | enclosingFunctionName | handleSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:11:29:15 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | contextSurroundingFunctionParameters | (values, ?) |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionBody | values setSubmitting $ #id html values email |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | enclosingFunctionName | handleSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:29:23:29:34 | values.email | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | CalleeFlexibleAccessPath | withFormik() |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | calleeImports | formik |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionBody |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:31:4:31:9 | MyForm | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:7:35:11 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:35:19:35:30 | values.email | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:7:37:11 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionBody | values submitForm useFormikContext $ #id html values email $ #id html submitForm email |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:37:19:37:34 | submitForm.email | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | contextSurroundingFunctionParameters | ()\n(values) |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n         input type text name stooge \n       |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | enclosingFunctionName | App |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:9:45:13 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | contextSurroundingFunctionParameters | ()\n(values) |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionBody | Form onSubmit values $ #id html values stooge initialValues stooge larry employed false render handleSubmit form submitting pristine values form onSubmit handleSubmit \n         input type text name stooge \n       |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | enclosingFunctionName | App |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:45:21:45:33 | values.stooge | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | contextSurroundingFunctionParameters | (e) |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionBody | e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | enclosingFunctionName | plainSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:7:57:11 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | contextSurroundingFunctionParameters | (e) |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionBody | e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | enclosingFunctionName | plainSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:57:19:57:32 | e.target.value | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | contextSurroundingFunctionParameters | ()\n(data) |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n         input name name ref register required true \n         input type submit \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | enclosingFunctionName | HookForm |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:7:72:11 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | contextSurroundingFunctionParameters | ()\n(data) |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n         input name name ref register required true \n         input type submit \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | enclosingFunctionName | HookForm |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:72:19:72:27 | data.name | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | CalleeFlexibleAccessPath | handleSubmit |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | calleeImports | react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n         input name name ref register required true \n         input type submit \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | enclosingFunctionName | HookForm |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:76:34:76:41 | onSubmit | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | CalleeFlexibleAccessPath | register |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | calleeImports | react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n         input name name ref register required true \n         input type submit \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | enclosingFunctionName | HookForm |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:42:77:59 | { required: true } | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | CalleeFlexibleAccessPath | register |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputAccessPathFromCallee | 0.required |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | assignedToPropName | required |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | calleeImports | react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionBody | register handleSubmit errors useForm onSubmit data $ #id html data name form onSubmit handleSubmit onSubmit \n         input name name ref register required true \n         input type submit \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | enclosingFunctionName | HookForm |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:77:54:77:57 | true | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionBody | register getValues useForm form \n       input name name ref register \n       button type button onClick values getValues $ #id html values name \n       \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | enclosingFunctionName | HookForm2 |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:13:93:17 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionBody | register getValues useForm form \n       input name name ref register \n       button type button onClick values getValues $ #id html values name \n       \n     |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | enclosingFunctionName | HookForm2 |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:93:25:93:35 | values.name | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/forms.js:102:28:102:40 | "form.myform" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | CalleeFlexibleAccessPath | document.querySelector().addEventListener |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:60:102:67 | "submit" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | CalleeFlexibleAccessPath | document.querySelector().addEventListener |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:102:70:104:5 | e => {\\n ... K\\n    } | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:11:103:15 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:103:23:103:36 | e.target.value | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | CalleeFlexibleAccessPath | document.querySelector |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/forms.js:106:28:106:40 | "form.myform" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:11:107:15 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | contextSurroundingFunctionParameters | ()\n(e) |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionBody | document querySelector form.myform addEventListener submit e $ #id html e target value document querySelector form.myform onsubmit e $ #id html e target value |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | enclosingFunctionName | vanillaJS |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | fileImports | formik react react-final-form react-hook-form |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | receiverName |  |
-| autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | CalleeFlexibleAccessPath | $().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | CalleeFlexibleAccessPath | $().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | CalleeFlexibleAccessPath | $().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputAccessPathFromCallee | 0.foo |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | assignedToPropName | foo |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | CalleeFlexibleAccessPath | $().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | CalleeFlexibleAccessPath | document.querySelectorAll |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | receiverName | document |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | CalleeFlexibleAccessPath | document.getElementById |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | receiverName | document |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | CalleeFlexibleAccessPath | document.getElementById().getAttribute |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | stringConcatenatedWith |  -endpoint- something() + '</p>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | stringConcatenatedWith | '<p>' -endpoint- '</p>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | stringConcatenatedWith | '<p>' + something() -endpoint-  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | CalleeFlexibleAccessPath | $().get().getAttribute |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | CalleeFlexibleAccessPath | $().getAttribute |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | CalleeFlexibleAccessPath | $().find().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | CalleeFlexibleAccessPath | $().find |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | CalleeFlexibleAccessPath | $().find().attr |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | CalleeFlexibleAccessPath | $().get |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | CalleeFlexibleAccessPath | $().prop |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | CalleeFlexibleAccessPath | require |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | stringConcatenatedWith |  -endpoint- $().text().toLowerCase().replace().replace() + ''>Section</a>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | CalleeFlexibleAccessPath | $().append |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | stringConcatenatedWith | '<a href='#' -endpoint- ''>Section</a>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | stringConcatenatedWith |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | CalleeFlexibleAccessPath |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | InputAccessPathFromCallee |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | InputArgumentIndex |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | assignedToPropName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | receiverName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | stringConcatenatedWith | '<a href='#' + $().text().toLowerCase().replace().replace() -endpoint-  |
-| index.js:1:20:1:23 | "fs" | CalleeFlexibleAccessPath | require |
-| index.js:1:20:1:23 | "fs" | InputAccessPathFromCallee |  |
-| index.js:1:20:1:23 | "fs" | InputArgumentIndex | 0 |
-| index.js:1:20:1:23 | "fs" | assignedToPropName |  |
-| index.js:1:20:1:23 | "fs" | calleeImports |  |
-| index.js:1:20:1:23 | "fs" | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:1:20:1:23 | "fs" | contextSurroundingFunctionParameters |  |
-| index.js:1:20:1:23 | "fs" | enclosingFunctionBody |  |
-| index.js:1:20:1:23 | "fs" | enclosingFunctionName |  |
-| index.js:1:20:1:23 | "fs" | fileImports | child_process fs mongoose underscore |
-| index.js:1:20:1:23 | "fs" | receiverName |  |
-| index.js:1:20:1:23 | "fs" | stringConcatenatedWith |  |
-| index.js:16:19:16:30 | "underscore" | CalleeFlexibleAccessPath | require |
-| index.js:16:19:16:30 | "underscore" | InputAccessPathFromCallee |  |
-| index.js:16:19:16:30 | "underscore" | InputArgumentIndex | 0 |
-| index.js:16:19:16:30 | "underscore" | assignedToPropName |  |
-| index.js:16:19:16:30 | "underscore" | calleeImports |  |
-| index.js:16:19:16:30 | "underscore" | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:16:19:16:30 | "underscore" | contextSurroundingFunctionParameters |  |
-| index.js:16:19:16:30 | "underscore" | enclosingFunctionBody |  |
-| index.js:16:19:16:30 | "underscore" | enclosingFunctionName |  |
-| index.js:16:19:16:30 | "underscore" | fileImports | child_process fs mongoose underscore |
-| index.js:16:19:16:30 | "underscore" | receiverName |  |
-| index.js:16:19:16:30 | "underscore" | stringConcatenatedWith |  |
-| index.js:17:16:17:30 | "child_process" | CalleeFlexibleAccessPath | require |
-| index.js:17:16:17:30 | "child_process" | InputAccessPathFromCallee |  |
-| index.js:17:16:17:30 | "child_process" | InputArgumentIndex | 0 |
-| index.js:17:16:17:30 | "child_process" | assignedToPropName |  |
-| index.js:17:16:17:30 | "child_process" | calleeImports |  |
-| index.js:17:16:17:30 | "child_process" | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:17:16:17:30 | "child_process" | contextSurroundingFunctionParameters |  |
-| index.js:17:16:17:30 | "child_process" | enclosingFunctionBody |  |
-| index.js:17:16:17:30 | "child_process" | enclosingFunctionName |  |
-| index.js:17:16:17:30 | "child_process" | fileImports | child_process fs mongoose underscore |
-| index.js:17:16:17:30 | "child_process" | receiverName |  |
-| index.js:17:16:17:30 | "child_process" | stringConcatenatedWith |  |
-| index.js:21:9:21:9 | x | CalleeFlexibleAccessPath | _.map |
-| index.js:21:9:21:9 | x | InputAccessPathFromCallee |  |
-| index.js:21:9:21:9 | x | InputArgumentIndex | 0 |
-| index.js:21:9:21:9 | x | assignedToPropName |  |
-| index.js:21:9:21:9 | x | calleeImports | underscore |
-| index.js:21:9:21:9 | x | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:21:9:21:9 | x | contextSurroundingFunctionParameters | () |
-| index.js:21:9:21:9 | x | enclosingFunctionBody | x p 42 push x _ map x cp exec x |
-| index.js:21:9:21:9 | x | enclosingFunctionName |  |
-| index.js:21:9:21:9 | x | fileImports | child_process fs mongoose underscore |
-| index.js:21:9:21:9 | x | receiverName | _ |
-| index.js:21:9:21:9 | x | stringConcatenatedWith |  |
-| index.js:25:26:25:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
-| index.js:25:26:25:35 | 'mongoose' | InputAccessPathFromCallee |  |
-| index.js:25:26:25:35 | 'mongoose' | InputArgumentIndex | 0 |
-| index.js:25:26:25:35 | 'mongoose' | assignedToPropName |  |
-| index.js:25:26:25:35 | 'mongoose' | calleeImports |  |
-| index.js:25:26:25:35 | 'mongoose' | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:25:26:25:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
-| index.js:25:26:25:35 | 'mongoose' | enclosingFunctionBody |  |
-| index.js:25:26:25:35 | 'mongoose' | enclosingFunctionName |  |
-| index.js:25:26:25:35 | 'mongoose' | fileImports | child_process fs mongoose underscore |
-| index.js:25:26:25:35 | 'mongoose' | receiverName |  |
-| index.js:25:26:25:35 | 'mongoose' | stringConcatenatedWith |  |
-| index.js:26:25:26:30 | 'User' | CalleeFlexibleAccessPath | mongoose.model |
-| index.js:26:25:26:30 | 'User' | InputAccessPathFromCallee |  |
-| index.js:26:25:26:30 | 'User' | InputArgumentIndex | 0 |
-| index.js:26:25:26:30 | 'User' | assignedToPropName |  |
-| index.js:26:25:26:30 | 'User' | calleeImports | mongoose |
-| index.js:26:25:26:30 | 'User' | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:26:25:26:30 | 'User' | contextSurroundingFunctionParameters |  |
-| index.js:26:25:26:30 | 'User' | enclosingFunctionBody |  |
-| index.js:26:25:26:30 | 'User' | enclosingFunctionName |  |
-| index.js:26:25:26:30 | 'User' | fileImports | child_process fs mongoose underscore |
-| index.js:26:25:26:30 | 'User' | receiverName | mongoose |
-| index.js:26:25:26:30 | 'User' | stringConcatenatedWith |  |
-| index.js:26:33:26:36 | null | CalleeFlexibleAccessPath | mongoose.model |
-| index.js:26:33:26:36 | null | InputAccessPathFromCallee |  |
-| index.js:26:33:26:36 | null | InputArgumentIndex | 1 |
-| index.js:26:33:26:36 | null | assignedToPropName |  |
-| index.js:26:33:26:36 | null | calleeImports | mongoose |
-| index.js:26:33:26:36 | null | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:26:33:26:36 | null | contextSurroundingFunctionParameters |  |
-| index.js:26:33:26:36 | null | enclosingFunctionBody |  |
-| index.js:26:33:26:36 | null | enclosingFunctionName |  |
-| index.js:26:33:26:36 | null | fileImports | child_process fs mongoose underscore |
-| index.js:26:33:26:36 | null | receiverName | mongoose |
-| index.js:26:33:26:36 | null | stringConcatenatedWith |  |
-| index.js:29:13:29:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
-| index.js:29:13:29:31 | { 'isAdmin': true } | InputAccessPathFromCallee |  |
-| index.js:29:13:29:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
-| index.js:29:13:29:31 | { 'isAdmin': true } | assignedToPropName |  |
-| index.js:29:13:29:31 | { 'isAdmin': true } | calleeImports | mongoose |
-| index.js:29:13:29:31 | { 'isAdmin': true } | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:29:13:29:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
-| index.js:29:13:29:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true exec err adminUsers err adminUsers err i 0 i adminUsers length i console log adminUsers i |
-| index.js:29:13:29:31 | { 'isAdmin': true } | enclosingFunctionName | main |
-| index.js:29:13:29:31 | { 'isAdmin': true } | fileImports | child_process fs mongoose underscore |
-| index.js:29:13:29:31 | { 'isAdmin': true } | receiverName | User |
-| index.js:29:13:29:31 | { 'isAdmin': true } | stringConcatenatedWith |  |
-| index.js:29:26:29:29 | true | CalleeFlexibleAccessPath | User.find |
-| index.js:29:26:29:29 | true | InputAccessPathFromCallee | 0.isAdmin |
-| index.js:29:26:29:29 | true | InputArgumentIndex | 0 |
-| index.js:29:26:29:29 | true | assignedToPropName | isAdmin |
-| index.js:29:26:29:29 | true | calleeImports | mongoose |
-| index.js:29:26:29:29 | true | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:29:26:29:29 | true | contextSurroundingFunctionParameters | () |
-| index.js:29:26:29:29 | true | enclosingFunctionBody | User find isAdmin true exec err adminUsers err adminUsers err i 0 i adminUsers length i console log adminUsers i |
-| index.js:29:26:29:29 | true | enclosingFunctionName | main |
-| index.js:29:26:29:29 | true | fileImports | child_process fs mongoose underscore |
-| index.js:29:26:29:29 | true | receiverName |  |
-| index.js:29:26:29:29 | true | stringConcatenatedWith |  |
-| index.js:30:11:38:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | User.find().exec |
-| index.js:30:11:38:5 | functio ... }\\n    } | InputAccessPathFromCallee |  |
-| index.js:30:11:38:5 | functio ... }\\n    } | InputArgumentIndex | 0 |
-| index.js:30:11:38:5 | functio ... }\\n    } | assignedToPropName |  |
-| index.js:30:11:38:5 | functio ... }\\n    } | calleeImports | mongoose |
-| index.js:30:11:38:5 | functio ... }\\n    } | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:30:11:38:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | ()\n(err, adminUsers) |
-| index.js:30:11:38:5 | functio ... }\\n    } | enclosingFunctionBody | User find isAdmin true exec err adminUsers err adminUsers err i 0 i adminUsers length i console log adminUsers i |
-| index.js:30:11:38:5 | functio ... }\\n    } | enclosingFunctionName | main |
-| index.js:30:11:38:5 | functio ... }\\n    } | fileImports | child_process fs mongoose underscore |
-| index.js:30:11:38:5 | functio ... }\\n    } | receiverName |  |
-| index.js:30:11:38:5 | functio ... }\\n    } | stringConcatenatedWith |  |
-| index.js:36:21:36:33 | adminUsers[i] | CalleeFlexibleAccessPath | console.log |
-| index.js:36:21:36:33 | adminUsers[i] | InputAccessPathFromCallee |  |
-| index.js:36:21:36:33 | adminUsers[i] | InputArgumentIndex | 0 |
-| index.js:36:21:36:33 | adminUsers[i] | assignedToPropName |  |
-| index.js:36:21:36:33 | adminUsers[i] | calleeImports |  |
-| index.js:36:21:36:33 | adminUsers[i] | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:36:21:36:33 | adminUsers[i] | contextSurroundingFunctionParameters | ()\n(err, adminUsers) |
-| index.js:36:21:36:33 | adminUsers[i] | enclosingFunctionBody | User find isAdmin true exec err adminUsers err adminUsers err i 0 i adminUsers length i console log adminUsers i |
-| index.js:36:21:36:33 | adminUsers[i] | enclosingFunctionName | main |
-| index.js:36:21:36:33 | adminUsers[i] | fileImports | child_process fs mongoose underscore |
-| index.js:36:21:36:33 | adminUsers[i] | receiverName | console |
-| index.js:36:21:36:33 | adminUsers[i] | stringConcatenatedWith |  |
-| index.js:44:22:44:36 | o.success_scope | CalleeFlexibleAccessPath | o.success.call |
-| index.js:44:22:44:36 | o.success_scope | InputAccessPathFromCallee |  |
-| index.js:44:22:44:36 | o.success_scope | InputArgumentIndex | 0 |
-| index.js:44:22:44:36 | o.success_scope | assignedToPropName |  |
-| index.js:44:22:44:36 | o.success_scope | calleeImports |  |
-| index.js:44:22:44:36 | o.success_scope | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:44:22:44:36 | o.success_scope | contextSurroundingFunctionParameters | () |
-| index.js:44:22:44:36 | o.success_scope | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:44:22:44:36 | o.success_scope | enclosingFunctionName | ready |
-| index.js:44:22:44:36 | o.success_scope | fileImports | child_process fs mongoose underscore |
-| index.js:44:22:44:36 | o.success_scope | receiverName |  |
-| index.js:44:22:44:36 | o.success_scope | stringConcatenatedWith |  |
-| index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success |
-| index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success.call |
-| index.js:44:39:44:57 | '' + x.responseText | InputAccessPathFromCallee |  |
-| index.js:44:39:44:57 | '' + x.responseText | InputArgumentIndex | 0 |
-| index.js:44:39:44:57 | '' + x.responseText | InputArgumentIndex | 1 |
-| index.js:44:39:44:57 | '' + x.responseText | assignedToPropName |  |
-| index.js:44:39:44:57 | '' + x.responseText | calleeImports |  |
-| index.js:44:39:44:57 | '' + x.responseText | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:44:39:44:57 | '' + x.responseText | contextSurroundingFunctionParameters | () |
-| index.js:44:39:44:57 | '' + x.responseText | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:44:39:44:57 | '' + x.responseText | enclosingFunctionName | ready |
-| index.js:44:39:44:57 | '' + x.responseText | fileImports | child_process fs mongoose underscore |
-| index.js:44:39:44:57 | '' + x.responseText | receiverName |  |
-| index.js:44:39:44:57 | '' + x.responseText | stringConcatenatedWith |  |
-| index.js:44:60:44:60 | x | CalleeFlexibleAccessPath | o.success |
-| index.js:44:60:44:60 | x | CalleeFlexibleAccessPath | o.success.call |
-| index.js:44:60:44:60 | x | InputAccessPathFromCallee |  |
-| index.js:44:60:44:60 | x | InputArgumentIndex | 1 |
-| index.js:44:60:44:60 | x | InputArgumentIndex | 2 |
-| index.js:44:60:44:60 | x | assignedToPropName |  |
-| index.js:44:60:44:60 | x | calleeImports |  |
-| index.js:44:60:44:60 | x | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:44:60:44:60 | x | contextSurroundingFunctionParameters | () |
-| index.js:44:60:44:60 | x | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:44:60:44:60 | x | enclosingFunctionName | ready |
-| index.js:44:60:44:60 | x | fileImports | child_process fs mongoose underscore |
-| index.js:44:60:44:60 | x | receiverName |  |
-| index.js:44:60:44:60 | x | stringConcatenatedWith |  |
-| index.js:44:63:44:63 | o | CalleeFlexibleAccessPath | o.success |
-| index.js:44:63:44:63 | o | CalleeFlexibleAccessPath | o.success.call |
-| index.js:44:63:44:63 | o | InputAccessPathFromCallee |  |
-| index.js:44:63:44:63 | o | InputArgumentIndex | 2 |
-| index.js:44:63:44:63 | o | InputArgumentIndex | 3 |
-| index.js:44:63:44:63 | o | assignedToPropName |  |
-| index.js:44:63:44:63 | o | calleeImports |  |
-| index.js:44:63:44:63 | o | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:44:63:44:63 | o | contextSurroundingFunctionParameters | () |
-| index.js:44:63:44:63 | o | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:44:63:44:63 | o | enclosingFunctionName | ready |
-| index.js:44:63:44:63 | o | fileImports | child_process fs mongoose underscore |
-| index.js:44:63:44:63 | o | receiverName |  |
-| index.js:44:63:44:63 | o | stringConcatenatedWith |  |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | CalleeFlexibleAccessPath | o.error.call |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputAccessPathFromCallee |  |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 0 |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | InputArgumentIndex | 1 |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | assignedToPropName |  |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | calleeImports |  |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | contextSurroundingFunctionParameters | () |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | enclosingFunctionName | ready |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | fileImports | child_process fs mongoose underscore |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | receiverName |  |
-| index.js:46:35:46:69 | c > 100 ... ENERAL' | stringConcatenatedWith |  |
-| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error |
-| index.js:46:72:46:72 | x | CalleeFlexibleAccessPath | o.error.call |
-| index.js:46:72:46:72 | x | InputAccessPathFromCallee |  |
-| index.js:46:72:46:72 | x | InputArgumentIndex | 1 |
-| index.js:46:72:46:72 | x | InputArgumentIndex | 2 |
-| index.js:46:72:46:72 | x | assignedToPropName |  |
-| index.js:46:72:46:72 | x | calleeImports |  |
-| index.js:46:72:46:72 | x | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:46:72:46:72 | x | contextSurroundingFunctionParameters | () |
-| index.js:46:72:46:72 | x | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:46:72:46:72 | x | enclosingFunctionName | ready |
-| index.js:46:72:46:72 | x | fileImports | child_process fs mongoose underscore |
-| index.js:46:72:46:72 | x | receiverName |  |
-| index.js:46:72:46:72 | x | stringConcatenatedWith |  |
-| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error |
-| index.js:46:75:46:75 | o | CalleeFlexibleAccessPath | o.error.call |
-| index.js:46:75:46:75 | o | InputAccessPathFromCallee |  |
-| index.js:46:75:46:75 | o | InputArgumentIndex | 2 |
-| index.js:46:75:46:75 | o | InputArgumentIndex | 3 |
-| index.js:46:75:46:75 | o | assignedToPropName |  |
-| index.js:46:75:46:75 | o | calleeImports |  |
-| index.js:46:75:46:75 | o | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:46:75:46:75 | o | contextSurroundingFunctionParameters | () |
-| index.js:46:75:46:75 | o | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:46:75:46:75 | o | enclosingFunctionName | ready |
-| index.js:46:75:46:75 | o | fileImports | child_process fs mongoose underscore |
-| index.js:46:75:46:75 | o | receiverName |  |
-| index.js:46:75:46:75 | o | stringConcatenatedWith |  |
-| index.js:50:15:50:19 | ready | CalleeFlexibleAccessPath | w.setTimeout |
-| index.js:50:15:50:19 | ready | InputAccessPathFromCallee |  |
-| index.js:50:15:50:19 | ready | InputArgumentIndex | 0 |
-| index.js:50:15:50:19 | ready | assignedToPropName |  |
-| index.js:50:15:50:19 | ready | calleeImports |  |
-| index.js:50:15:50:19 | ready | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:50:15:50:19 | ready | contextSurroundingFunctionParameters | () |
-| index.js:50:15:50:19 | ready | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:50:15:50:19 | ready | enclosingFunctionName | ready |
-| index.js:50:15:50:19 | ready | fileImports | child_process fs mongoose underscore |
-| index.js:50:15:50:19 | ready | receiverName | w |
-| index.js:50:15:50:19 | ready | stringConcatenatedWith |  |
-| index.js:50:22:50:23 | 10 | CalleeFlexibleAccessPath | w.setTimeout |
-| index.js:50:22:50:23 | 10 | InputAccessPathFromCallee |  |
-| index.js:50:22:50:23 | 10 | InputArgumentIndex | 1 |
-| index.js:50:22:50:23 | 10 | assignedToPropName |  |
-| index.js:50:22:50:23 | 10 | calleeImports |  |
-| index.js:50:22:50:23 | 10 | contextFunctionInterfaces | c()\nf(cb)\nmain()\nready()\nwithCallback(cb) |
-| index.js:50:22:50:23 | 10 | contextSurroundingFunctionParameters | () |
-| index.js:50:22:50:23 | 10 | enclosingFunctionBody | o async x readyState 4 c 10000 o success c 10000 x status 200 o success call o success_scope  x responseText x o o error o error call o error_scope c 10000 TIMED_OUT GENERAL x o x null w setTimeout ready 10 |
-| index.js:50:22:50:23 | 10 | enclosingFunctionName | ready |
-| index.js:50:22:50:23 | 10 | fileImports | child_process fs mongoose underscore |
-| index.js:50:22:50:23 | 10 | receiverName | w |
-| index.js:50:22:50:23 | 10 | stringConcatenatedWith |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.qlref
deleted file mode 100644
index b1e84d268d9..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.qlref
+++ /dev/null
@@ -1 +0,0 @@
-extraction/ExtractEndpointData.ql
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected
new file mode 100644
index 00000000000..199c59a7691
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected
@@ -0,0 +1,345 @@
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:30:29:30:35 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:33:29:33:35 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:38:29:38:35 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:45:29:45:35 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/stored-xss.js:12:35:12:38 | href |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:14:4:20 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:12:5:18 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:14:7:20 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:19:9:25 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:16:10:22 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:19:12:25 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:24:14:32 | { id: v } |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:27:22:35 | { id: v } |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:12:19:12:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:48:19:48:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:59:16:59:17 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:106:17:106:18 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:12:19:12:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:23:19:23:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:20:19:20:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:76:12:76:16 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:81:37:81:41 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:46:86:50 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:51:88:55 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:49:90:53 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:43:93:47 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:48:95:52 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:46:97:50 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:27:11:27:23 | { prop: foo } |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:33:11:33:22 | ["bar", foo] |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:95:11:95:22 | [foo, "bar"] |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
+| NosqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:11:36:11:41 | data.w |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search |
+| SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:27:19:27:21 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:33:19:33:21 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:89:11:89:26 | foo.match(/foo/) |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:95:12:95:14 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:102:12:102:14 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:128:11:128:52 | session ... ssion') |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:148:33:148:35 | foo |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:171:11:171:17 | tainted |
+| SqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url |
+| SqlInjectionAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:131:30:131:31 | id |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) |
+| TaintedPathAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
+| TaintedPathAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` |
+| TaintedPathAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id |
+| TaintedPathAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:136:10:136:22 | req.params.id |
+| TaintedPathAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:180:10:180:22 | req.params.id |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:49:34:49:43 | msg.length |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url |
+| TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| XssThroughDomAtmConfig | autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src |
+| XssThroughDomAtmConfig | autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.ql
new file mode 100644
index 00000000000..73e68b4f597
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.ql
@@ -0,0 +1,27 @@
+/*
+ * ExtractEndpointDataInference.ql
+ *
+ * This test surfaces the endpoints that pass the endpoint filters and have flow from a source for each query config,
+ * and are therefore used as candidates for scoring at inference time.
+ *
+ * This is equivalent to ExtractEndpointDataTraining.qlref, but testing the inference endpoints rather than the training
+ * endpoints. It detects CodeQL changes that impact the endpoints that get scored at inference time.
+ *
+ * This test does not actually score the endpoints and test for changes in the model predictions: that gets done in the
+ * integration tests.
+ */
+
+private import javascript as JS
+import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
+
+query predicate isSinkCandidateForQuery(
+  AtmConfig::AtmConfig queryConfig, JS::DataFlow::PathNode sink
+) {
+  queryConfig.isSinkCandidateWithFlow(sink)
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
index 822e8c7f34a..aaab275ece6 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
@@ -1,4 +1,273 @@
 endpoints
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -15,14 +284,104 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -103,6 +462,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -179,6 +543,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -207,6 +576,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -235,6 +609,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -291,6 +670,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -319,6 +703,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -343,6 +732,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -371,6 +765,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -395,6 +794,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -423,6 +827,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -443,6 +852,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -467,6 +881,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -495,6 +914,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -519,6 +943,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -547,6 +976,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -571,6 +1005,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -599,6 +1038,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -619,6 +1063,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -643,6 +1092,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -675,6 +1129,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -771,6 +1230,97 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -795,6 +1345,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -907,6 +1462,10 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -923,38 +1482,43 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -975,6 +1539,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -995,11 +1564,16 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | sinkLabel | Sink | string |
@@ -1035,6 +1609,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1055,6 +1634,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | notASinkReason | EventRegistration | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | notASinkReason | EventRegistration | string |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1091,6 +1675,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1111,6 +1700,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1135,6 +1729,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1155,6 +1754,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1203,6 +1807,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1311,6 +1920,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1331,6 +1945,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1351,6 +1970,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1479,6 +2103,67 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1559,6 +2244,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1635,6 +2325,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1779,6 +2474,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1807,6 +2507,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1839,6 +2544,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1867,6 +2577,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1959,6 +2674,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1991,6 +2711,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2011,6 +2736,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2043,6 +2773,168 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2099,6 +2991,50 @@ endpoints
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2139,6 +3075,39 @@ endpoints
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2151,6 +3120,14 @@ endpoints
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2179,6 +3156,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2199,6 +3181,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2223,6 +3210,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2243,6 +3235,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2267,6 +3264,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2287,6 +3289,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2335,6 +3342,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2355,6 +3367,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2383,6 +3400,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2503,6 +3525,39 @@ endpoints
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2587,6 +3642,117 @@ endpoints
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2643,6 +3809,149 @@ endpoints
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2679,6 +3988,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2699,6 +4013,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2727,6 +4046,79 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2755,6 +4147,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2779,6 +4177,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2803,6 +4207,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2859,6 +4269,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2887,6 +4302,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2915,6 +4335,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2979,6 +4404,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3007,6 +4437,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3035,6 +4470,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3083,6 +4523,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3103,6 +4548,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3187,6 +4637,14 @@ endpoints
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3235,6 +4693,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3287,6 +4750,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3375,6 +4843,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3407,6 +4881,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3435,6 +4915,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3463,6 +4948,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3675,6 +5166,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3751,6 +5247,290 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3771,6 +5551,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3791,6 +5576,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3811,6 +5601,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3831,6 +5626,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3855,6 +5655,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3875,6 +5680,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3911,6 +5721,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3947,6 +5762,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3971,6 +5791,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3991,6 +5816,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4031,6 +5861,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4051,6 +5886,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4075,6 +5915,69 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4155,6 +6058,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4215,6 +6123,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4235,6 +6148,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4255,6 +6173,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4275,6 +6198,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4295,6 +6223,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4315,6 +6248,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4335,6 +6273,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4359,6 +6302,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4379,6 +6327,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4399,6 +6352,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4419,6 +6377,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4439,6 +6402,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4459,6 +6427,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4479,6 +6452,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4503,6 +6481,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4523,6 +6506,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4543,6 +6531,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4563,6 +6556,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4583,6 +6581,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4603,6 +6606,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4623,6 +6631,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4643,6 +6656,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | notASinkReason | PromiseDefinition | string |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4663,6 +6681,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | notASinkReason | PromiseDefinition | string |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4683,6 +6706,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4703,6 +6731,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4723,6 +6756,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4743,6 +6781,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4763,6 +6806,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4771,6 +6819,26 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4831,6 +6899,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4851,6 +6924,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4871,6 +6949,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4895,6 +6978,46 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4939,6 +7062,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5019,6 +7147,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5039,6 +7172,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5079,6 +7217,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5099,6 +7242,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5119,6 +7267,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5139,6 +7292,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5163,6 +7321,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5187,6 +7350,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5207,6 +7375,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5235,6 +7408,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5255,6 +7433,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5275,6 +7458,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5307,6 +7495,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5327,6 +7520,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5383,6 +7581,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5411,6 +7614,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5439,6 +7647,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5483,6 +7696,90 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5567,6 +7864,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5615,6 +7917,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5707,6 +8014,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5715,6 +8027,150 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:21:9:21:9 | x | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:21:9:21:9 | x | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:21:9:21:9 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5735,6 +8191,11 @@ endpoints
 | index.js:21:9:21:9 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:21:9:21:9 | x | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | index.js:21:9:21:9 | x | Xss | sinkLabel | NotASink | string |
+| index.js:21:9:21:9 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| index.js:21:9:21:9 | x | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5759,6 +8220,11 @@ endpoints
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | notASinkReason | DatabaseAccess | string |
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | sinkLabel | NotASink | string |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5779,6 +8245,11 @@ endpoints
 | index.js:36:21:36:33 | adminUsers[i] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | Xss | notASinkReason | LoggerMethod | string |
 | index.js:36:21:36:33 | adminUsers[i] | Xss | sinkLabel | NotASink | string |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5799,6 +8270,11 @@ endpoints
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | sinkLabel | NotASink | string |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:72:46:72 | x | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:72:46:72 | x | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:72:46:72 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5819,6 +8295,11 @@ endpoints
 | index.js:46:72:46:72 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:72:46:72 | x | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:72:46:72 | x | Xss | sinkLabel | NotASink | string |
+| index.js:46:72:46:72 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:72:46:72 | x | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:75:46:75 | o | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:75:46:75 | o | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:75:46:75 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5839,6 +8320,11 @@ endpoints
 | index.js:46:75:46:75 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:75:46:75 | o | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:75:46:75 | o | Xss | sinkLabel | NotASink | string |
+| index.js:46:75:46:75 | o | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:75:46:75 | o | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:50:15:50:19 | ready | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:50:15:50:19 | ready | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:50:15:50:19 | ready | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5859,7 +8345,252 @@ endpoints
 | index.js:50:15:50:19 | ready | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:50:15:50:19 | ready | Xss | notASinkReason | Timeout | string |
 | index.js:50:15:50:19 | ready | Xss | sinkLabel | NotASink | string |
+| index.js:50:15:50:19 | ready | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | notASinkReason | Timeout | string |
+| index.js:50:15:50:19 | ready | XssThroughDom | sinkLabel | NotASink | string |
 tokenFeatures
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | calleeImports | @octokit/core |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionBody | req res id req params id response kit graphql \n      query {\n        repository(owner: "github", name: " id ") {\n          object(expression: "master:foo") {\n            ... on Blob {\n              text\n            }\n          }\n        }\n      }\n     |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | CalleeFlexibleAccessPath | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | CalleeFlexibleAccessPath | myGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 |
@@ -5869,7 +8600,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find |
@@ -5881,7 +8612,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find |
@@ -5893,7 +8624,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find |
@@ -5905,9 +8636,129 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputArgumentIndex | 0 |
@@ -5915,11 +8766,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | receiverName |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | CalleeFlexibleAccessPath | db.myDoc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | calleeImports | ./marsdb-flow-from |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputArgumentIndex | 0 |
@@ -5927,11 +8790,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | calleeImports | marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputArgumentIndex | 0 |
@@ -7216,6 +10091,90 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | fileImports | ./mongooseModel body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | receiverName | MyModel |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 |
@@ -7235,7 +10194,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | receiverName |  |
@@ -7247,7 +10206,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db |
@@ -7259,7 +10218,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db |
@@ -7271,7 +10230,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db |
@@ -7283,7 +10242,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db |
@@ -7295,7 +10254,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db |
@@ -7307,7 +10266,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db |
@@ -7319,7 +10278,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db |
@@ -7331,7 +10290,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db |
@@ -7343,7 +10302,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db |
@@ -7355,7 +10314,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db |
@@ -7367,7 +10326,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db |
@@ -7379,7 +10338,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -7391,7 +10350,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | receiverName |  |
@@ -7403,7 +10362,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -7415,7 +10374,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | receiverName | db |
@@ -7427,7 +10386,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | receiverName |  |
@@ -7439,7 +10398,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -7451,7 +10410,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | receiverName |  |
@@ -7463,7 +10422,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | receiverName | db |
@@ -7475,7 +10434,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | receiverName |  |
@@ -7487,7 +10446,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | receiverName |  |
@@ -7499,7 +10458,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | receiverName |  |
@@ -7511,7 +10470,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -7523,7 +10482,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | receiverName |  |
@@ -7535,7 +10494,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -7547,7 +10506,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | receiverName |  |
@@ -7559,7 +10518,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | receiverName |  |
@@ -7571,11 +10530,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | CalleeFlexibleAccessPath | t.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 |
@@ -7583,7 +10554,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t |
@@ -7933,7 +10904,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -7945,7 +10916,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -7957,7 +10928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -7969,7 +10940,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync |
@@ -7981,7 +10952,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -7993,7 +10964,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8005,7 +10976,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8017,7 +10988,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8029,7 +11000,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8041,7 +11012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8053,7 +11024,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8065,7 +11036,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8077,7 +11048,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8089,7 +11060,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8101,7 +11072,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8113,7 +11084,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8125,7 +11096,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8137,7 +11108,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8149,7 +11120,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8161,7 +11132,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8173,7 +11144,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | CalleeFlexibleAccessPath |  |
@@ -8185,7 +11156,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionBody | templateUrl Cookie get unsafe |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | receiverName |  |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8197,7 +11168,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8209,7 +11180,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8221,7 +11192,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render |
@@ -8233,7 +11204,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8245,7 +11216,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync |
@@ -8257,7 +11228,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath |
@@ -8269,7 +11240,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | CalleeFlexibleAccessPath | fs.realpath |
@@ -8281,7 +11252,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8293,7 +11264,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8305,7 +11276,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8317,7 +11288,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) |
@@ -8329,7 +11300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | receiverName |  |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8341,7 +11312,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8353,7 +11324,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8365,7 +11336,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8377,7 +11348,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8389,7 +11360,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8401,7 +11372,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8413,7 +11384,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8425,7 +11396,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8437,7 +11408,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8449,7 +11420,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8461,7 +11432,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8473,7 +11444,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8485,7 +11456,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8497,7 +11468,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8509,7 +11480,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8521,7 +11492,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8533,7 +11504,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8545,7 +11516,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8557,7 +11528,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8569,7 +11540,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8581,7 +11552,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8593,7 +11564,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8605,7 +11576,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8617,7 +11588,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8629,7 +11600,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8641,7 +11612,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8653,7 +11624,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8665,9 +11636,129 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | CalleeFlexibleAccessPath | parseqs.decode |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | calleeImports | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | receiverName | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputAccessPathFromCallee | 2.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | CalleeFlexibleAccessPath | req.files.foo.mv |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | assignedToPropName |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | calleeImports |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionBody | req res req files foo mv req query bar |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | receiverName |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | assignedToPropName |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | assignedToPropName |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 |
@@ -8677,7 +11768,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8689,7 +11780,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8701,7 +11792,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8713,7 +11804,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8725,7 +11816,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8737,7 +11828,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8749,7 +11840,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8761,7 +11852,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8773,7 +11864,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8785,7 +11876,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8797,7 +11888,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8809,7 +11900,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8821,7 +11912,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8833,7 +11924,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8845,7 +11936,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | path.startsWith |
@@ -8857,7 +11948,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8869,7 +11960,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8881,7 +11972,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8893,7 +11984,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8905,7 +11996,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8917,7 +12008,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8929,7 +12020,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8941,7 +12032,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8953,7 +12044,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8965,7 +12056,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8977,7 +12068,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8989,7 +12080,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9001,7 +12092,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9013,7 +12104,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9025,7 +12116,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync |
@@ -9037,7 +12128,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9049,7 +12140,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9061,7 +12152,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9073,7 +12164,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9085,7 +12176,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9097,7 +12188,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9109,7 +12200,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9121,7 +12212,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9133,7 +12224,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9145,7 +12236,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9157,7 +12248,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9169,7 +12260,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9181,7 +12272,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9193,7 +12284,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9205,7 +12296,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9217,7 +12308,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9229,7 +12320,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9241,7 +12332,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9253,7 +12344,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9265,7 +12356,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9277,7 +12368,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9289,7 +12380,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9301,7 +12392,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9313,7 +12404,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9325,7 +12416,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9337,7 +12428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9349,7 +12440,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9361,7 +12452,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9373,7 +12464,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9385,7 +12476,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9397,7 +12488,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9409,7 +12500,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring |
@@ -9421,7 +12512,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9433,7 +12524,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9445,7 +12536,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice |
@@ -9457,7 +12548,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9469,7 +12560,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9481,7 +12572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9493,7 +12584,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith |
@@ -9505,7 +12596,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | receiverName | relative |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9517,7 +12608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9529,7 +12620,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf |
@@ -9541,7 +12632,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9553,7 +12644,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9565,7 +12656,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9577,7 +12668,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9589,7 +12680,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9601,7 +12692,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9613,7 +12704,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9625,7 +12716,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9637,7 +12728,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9649,7 +12740,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9661,7 +12752,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9673,7 +12764,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9685,7 +12776,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9697,7 +12788,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9709,7 +12800,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9721,7 +12812,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9733,7 +12824,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9745,7 +12836,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9757,7 +12848,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf |
@@ -9769,7 +12860,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9781,7 +12872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9793,7 +12884,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9805,7 +12896,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath |
@@ -9817,7 +12908,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | receiverName |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath |
@@ -9829,7 +12920,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | receiverName |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9841,7 +12932,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9853,7 +12944,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9865,7 +12956,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf |
@@ -9877,9 +12968,165 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 |
@@ -9889,7 +13136,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync |
@@ -9901,7 +13148,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync |
@@ -9913,7 +13160,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync |
@@ -9925,7 +13172,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
@@ -9937,7 +13184,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
@@ -9949,7 +13196,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync |
@@ -9961,7 +13208,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | CalleeFlexibleAccessPath | require |
@@ -9973,7 +13220,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync |
@@ -9985,7 +13232,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() |
@@ -9997,7 +13244,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() |
@@ -10009,7 +13256,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync |
@@ -10021,7 +13268,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10031,9 +13278,9 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync |
@@ -10043,11 +13290,143 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | CalleeFlexibleAccessPath | import(!)().readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | CalleeFlexibleAccessPath | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | CalleeFlexibleAccessPath | mkdirp.sync |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | receiverName | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | assignedToPropName |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputAccessPathFromCallee | 1.config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | assignedToPropName | config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | receiverName |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | CalleeFlexibleAccessPath | page.pdf |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputAccessPathFromCallee | 0.path |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputArgumentIndex | 0 |
@@ -10081,7 +13460,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10093,7 +13472,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10105,7 +13484,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10117,7 +13496,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10129,7 +13508,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10141,7 +13520,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10153,7 +13532,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10165,9 +13544,45 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | CalleeFlexibleAccessPath | nodefs.readFileSync |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | calleeImports | node:fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | receiverName | nodefs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | receiverName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputArgumentIndex | 3 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextSurroundingFunctionParameters | (req, res)\n(err) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | receiverName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputArgumentIndex | 0 |
@@ -10201,9 +13616,33 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | receiverName |  |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | CalleeFlexibleAccessPath | resolve.sync |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | receiverName | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | receiverName |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputArgumentIndex | 0 |
@@ -10773,7 +14212,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument |
@@ -10785,7 +14224,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument |
@@ -10797,9 +14236,9 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document |
@@ -10809,9 +14248,9 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document |
@@ -10821,13 +14260,49 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | CalleeFlexibleAccessPath | mySet.includes |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | receiverName | mySet |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputArgumentIndex | 0 |
@@ -11003,7 +14478,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | receiverName |  |
@@ -11015,7 +14490,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | receiverName |  |
@@ -11027,7 +14502,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | receiverName |  |
@@ -11039,7 +14514,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | receiverName |  |
@@ -11051,7 +14526,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | receiverName |  |
@@ -11063,7 +14538,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | receiverName |  |
@@ -11075,11 +14550,155 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextFunctionInterfaces | constructor(args)\ntest() |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionBody | innerHTML window name |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | fileImports | dummy |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | receiverName |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | CalleeFlexibleAccessPath | d3.select().attr().style().html |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputArgumentIndex | 0 |
@@ -11157,11 +14776,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11169,11 +14788,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
@@ -11181,11 +14800,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
@@ -11193,11 +14812,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11205,11 +14824,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11217,11 +14836,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | CalleeFlexibleAccessPath |  |
@@ -11229,11 +14848,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11241,13 +14860,253 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputArgumentIndex | 0 |
@@ -11291,7 +15150,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | receiverName |  |
@@ -11303,7 +15162,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | receiverName |  |
@@ -11315,7 +15174,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | receiverName |  |
@@ -11327,7 +15186,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | receiverName |  |
@@ -11339,7 +15198,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | receiverName |  |
@@ -11351,7 +15210,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | receiverName |  |
@@ -11363,7 +15222,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | receiverName |  |
@@ -11375,7 +15234,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | receiverName |  |
@@ -11387,7 +15246,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | receiverName |  |
@@ -11399,11 +15258,167 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | CalleeFlexibleAccessPath | JSDOM |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputArgumentIndex | 0 |
@@ -12220,6 +16235,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | fileImports |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | receiverName |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | receiverName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | receiverName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | CalleeFlexibleAccessPath | foo.setAttribute |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputArgumentIndex | 1 |
@@ -12285,11 +16324,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
@@ -12297,11 +16336,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring |
@@ -12309,11 +16348,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -12321,11 +16360,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -12333,11 +16372,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -12345,11 +16384,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -12357,11 +16396,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html |
@@ -12369,11 +16408,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -12381,11 +16420,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html |
@@ -12393,11 +16432,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html |
@@ -12405,11 +16444,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz |
@@ -12417,11 +16456,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -12429,11 +16468,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -12441,11 +16480,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -12453,11 +16492,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html |
@@ -12465,11 +16504,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html |
@@ -12477,11 +16516,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html |
@@ -12489,11 +16528,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html |
@@ -12501,11 +16540,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | CalleeFlexibleAccessPath |  |
@@ -12513,11 +16552,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml |
@@ -12525,11 +16564,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss |
@@ -12537,11 +16576,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
@@ -12549,11 +16588,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
@@ -12561,11 +16600,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html |
@@ -12573,11 +16612,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html |
@@ -12585,11 +16624,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element |
@@ -12597,11 +16636,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -12609,11 +16648,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test |
@@ -12621,11 +16660,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write |
@@ -12633,11 +16672,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write |
@@ -12645,11 +16684,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match |
@@ -12657,11 +16696,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write |
@@ -12669,11 +16708,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write |
@@ -12681,11 +16720,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test |
@@ -12693,11 +16732,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -12705,11 +16744,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test |
@@ -12717,11 +16756,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -12729,11 +16768,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html |
@@ -12741,11 +16780,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html |
@@ -12753,11 +16792,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html |
@@ -12765,11 +16804,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html |
@@ -12777,11 +16816,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString |
@@ -12789,11 +16828,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | CalleeFlexibleAccessPath |  |
@@ -12801,11 +16840,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | CalleeFlexibleAccessPath |  |
@@ -12813,11 +16852,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | CalleeFlexibleAccessPath |  |
@@ -12825,11 +16864,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | CalleeFlexibleAccessPath |  |
@@ -12837,11 +16876,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | CalleeFlexibleAccessPath |  |
@@ -12849,11 +16888,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | CalleeFlexibleAccessPath |  |
@@ -12861,11 +16900,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement |
@@ -12873,11 +16912,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() |
@@ -12885,11 +16924,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html |
@@ -12897,11 +16936,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html |
@@ -12909,11 +16948,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html |
@@ -12921,11 +16960,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html |
@@ -12933,11 +16972,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html |
@@ -12945,11 +16984,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html |
@@ -12957,11 +16996,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html |
@@ -12969,11 +17008,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html |
@@ -12981,11 +17020,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html |
@@ -12993,11 +17032,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html |
@@ -13005,11 +17044,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | CalleeFlexibleAccessPath |  |
@@ -13017,11 +17056,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ |
@@ -13029,11 +17068,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ |
@@ -13041,11 +17080,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ |
@@ -13053,11 +17092,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ |
@@ -13065,11 +17104,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ |
@@ -13077,11 +17116,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ |
@@ -13089,11 +17128,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ |
@@ -13101,11 +17140,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ |
@@ -13113,11 +17152,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ |
@@ -13125,11 +17164,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ |
@@ -13137,11 +17176,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append |
@@ -13149,11 +17188,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment |
@@ -13161,11 +17200,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild |
@@ -13173,11 +17212,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ |
@@ -13185,11 +17224,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append |
@@ -13197,11 +17236,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append |
@@ -13209,11 +17248,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString |
@@ -13221,11 +17260,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html |
@@ -13233,11 +17272,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -13245,11 +17284,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -13257,11 +17296,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ |
@@ -13269,11 +17308,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl |
@@ -13281,11 +17320,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html |
@@ -13293,11 +17332,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each |
@@ -13305,11 +17344,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | CalleeFlexibleAccessPath |  |
@@ -13317,11 +17356,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | CalleeFlexibleAccessPath |  |
@@ -13329,11 +17368,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -13341,11 +17380,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html |
@@ -13353,11 +17392,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -13365,11 +17404,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html |
@@ -13377,11 +17416,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html |
@@ -13389,11 +17428,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html |
@@ -13401,11 +17440,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html |
@@ -13413,11 +17452,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html |
@@ -13425,11 +17464,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html |
@@ -13437,11 +17476,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html |
@@ -13449,11 +17488,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html |
@@ -13461,11 +17500,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html |
@@ -13473,11 +17512,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write |
@@ -13485,11 +17524,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write |
@@ -13497,11 +17536,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write |
@@ -13509,11 +17548,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html |
@@ -13521,11 +17560,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html |
@@ -13533,13 +17572,361 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | CalleeFlexibleAccessPath | Element |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputAccessPathFromCallee | ?.html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | CalleeFlexibleAccessPath | Element().appendHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputAccessPathFromCallee | 0.href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | CalleeFlexibleAccessPath | navigation.navigate |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | receiverName | navigation |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | CalleeFlexibleAccessPath | Bloodhound |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputArgumentIndex | 0 |
@@ -13837,7 +18224,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | CalleeFlexibleAccessPath | $().ready |
@@ -13849,7 +18236,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open |
@@ -13861,7 +18248,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html |
@@ -13873,7 +18260,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log |
@@ -13885,9 +18272,57 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | CalleeFlexibleAccessPath | $().ready |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | stringConcatenatedWith |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | assignedToPropName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | receiverName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | stringConcatenatedWith |  |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputAccessPathFromCallee |  |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputArgumentIndex | 0 |
@@ -14565,7 +19000,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName |  |
@@ -14577,23 +19012,83 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputAccessPathFromCallee |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -14601,11 +19096,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild |
@@ -14613,11 +19108,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -14625,11 +19120,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild |
@@ -14637,11 +19132,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild |
@@ -14649,11 +19144,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | CalleeFlexibleAccessPath |  |
@@ -14661,11 +19156,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | CalleeFlexibleAccessPath |  |
@@ -14673,11 +19168,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -14685,11 +19180,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
@@ -14697,11 +19192,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend |
@@ -14709,11 +19204,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend |
@@ -14721,11 +19216,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | this.each |
@@ -14733,11 +19228,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
@@ -14745,11 +19240,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo |
@@ -14757,11 +19252,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -14769,11 +19264,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -14781,11 +19276,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -14793,11 +19288,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | CalleeFlexibleAccessPath |  |
@@ -14805,13 +19300,133 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | CalleeFlexibleAccessPath |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputAccessPathFromCallee |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputArgumentIndex |  |
@@ -14841,7 +19456,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName |  |
@@ -14853,7 +19468,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName |  |
@@ -14865,7 +19480,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName |  |
@@ -14877,7 +19492,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName |  |
@@ -14889,7 +19504,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName |  |
@@ -14901,7 +19516,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName |  |
@@ -14913,7 +19528,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName |  |
@@ -14925,7 +19540,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName |  |
@@ -14937,7 +19552,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName |  |
@@ -14949,7 +19564,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName |  |
@@ -14961,7 +19576,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName |  |
@@ -14973,7 +19588,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName |  |
@@ -14985,7 +19600,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName |  |
@@ -14997,7 +19612,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName |  |
@@ -15009,7 +19624,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName |  |
@@ -15021,7 +19636,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName |  |
@@ -15033,7 +19648,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName |  |
@@ -15045,7 +19660,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName |  |
@@ -15057,7 +19672,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName |  |
@@ -15069,7 +19684,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName |  |
@@ -15081,7 +19696,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName |  |
@@ -15093,7 +19708,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName |  |
@@ -15105,7 +19720,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName |  |
@@ -15117,7 +19732,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName |  |
@@ -15129,7 +19744,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName |  |
@@ -15141,7 +19756,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName |  |
@@ -15153,7 +19768,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName |  |
@@ -15165,7 +19780,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName |  |
@@ -15177,7 +19792,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName |  |
@@ -15189,7 +19804,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName |  |
@@ -15201,7 +19816,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName |  |
@@ -15213,7 +19828,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName |  |
@@ -15225,7 +19840,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName |  |
@@ -15237,7 +19852,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName |  |
@@ -15249,7 +19864,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName |  |
@@ -15261,7 +19876,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName |  |
@@ -15273,7 +19888,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName |  |
@@ -15285,7 +19900,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName |  |
@@ -15297,7 +19912,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName |  |
@@ -15309,7 +19924,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName |  |
@@ -15321,7 +19936,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName |  |
@@ -15333,7 +19948,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName |  |
@@ -15345,7 +19960,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName |  |
@@ -15357,7 +19972,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName |  |
@@ -15369,7 +19984,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName |  |
@@ -15381,7 +19996,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName |  |
@@ -15393,7 +20008,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName |  |
@@ -15405,7 +20020,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName |  |
@@ -15417,7 +20032,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName |  |
@@ -15429,7 +20044,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName |  |
@@ -15441,7 +20056,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName |  |
@@ -15453,7 +20068,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName |  |
@@ -15465,7 +20080,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionName |  |
@@ -15477,7 +20092,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionName |  |
@@ -15489,7 +20104,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionName |  |
@@ -15501,7 +20116,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionName |  |
@@ -15513,7 +20128,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionName |  |
@@ -15525,7 +20140,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionName |  |
@@ -15537,7 +20152,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionName |  |
@@ -15549,7 +20164,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionName |  |
@@ -15561,7 +20176,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionName |  |
@@ -15573,7 +20188,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionName |  |
@@ -15585,7 +20200,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionName |  |
@@ -15597,7 +20212,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionName |  |
@@ -15609,7 +20224,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionName |  |
@@ -15621,7 +20236,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionName |  |
@@ -15633,7 +20248,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionName |  |
@@ -15645,7 +20260,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionName |  |
@@ -15657,13 +20272,61 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | receiverName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | receiverName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | CalleeFlexibleAccessPath | console.log |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | receiverName | console |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputAccessPathFromCallee |  |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputArgumentIndex | 0 |
@@ -15813,11 +20476,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html |
@@ -15825,11 +20488,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | CalleeFlexibleAccessPath | $().html |
@@ -15837,11 +20500,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html |
@@ -15849,11 +20512,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr |
@@ -15861,11 +20524,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html |
@@ -15873,11 +20536,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html |
@@ -15885,11 +20548,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html |
@@ -15897,11 +20560,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html |
@@ -15909,11 +20572,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html |
@@ -15921,11 +20584,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html |
@@ -15933,11 +20596,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ |
@@ -15945,11 +20608,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ |
@@ -15957,11 +20620,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | CalleeFlexibleAccessPath | $().html |
@@ -15969,11 +20632,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | CalleeFlexibleAccessPath | $ |
@@ -15981,11 +20644,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | CalleeFlexibleAccessPath |  |
@@ -15993,11 +20656,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? |
@@ -16005,11 +20668,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | CalleeFlexibleAccessPath |  |
@@ -16017,11 +20680,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | CalleeFlexibleAccessPath |  |
@@ -16029,11 +20692,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | CalleeFlexibleAccessPath |  |
@@ -16041,11 +20704,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | CalleeFlexibleAccessPath |  |
@@ -16053,11 +20716,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ |
@@ -16065,11 +20728,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | CalleeFlexibleAccessPath |  |
@@ -16077,11 +20740,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ |
@@ -16089,11 +20752,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | CalleeFlexibleAccessPath |  |
@@ -16101,11 +20764,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl |
@@ -16113,11 +20776,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ |
@@ -16125,11 +20788,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ |
@@ -16137,11 +20800,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html |
@@ -16149,11 +20812,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html |
@@ -16161,11 +20824,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html |
@@ -16173,11 +20836,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each |
@@ -16185,11 +20848,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | CalleeFlexibleAccessPath | $().append |
@@ -16197,11 +20860,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ |
@@ -16209,13 +20872,193 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionBody |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionBody |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | InputArgumentIndex |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | InputArgumentIndex |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | CalleeFlexibleAccessPath | cash().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | CalleeFlexibleAccessPath | cashDom().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | receiverName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | CalleeFlexibleAccessPath | req.url.substring |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionBody | req beg i 0 i req url length i req url i . req url i 1 / beg i 1 req url i ? beg req url req url substring beg |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | receiverName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | stringConcatenatedWith |  |
 | index.js:21:9:21:9 | x | CalleeFlexibleAccessPath | _.map |
 | index.js:21:9:21:9 | x | InputAccessPathFromCallee |  |
 | index.js:21:9:21:9 | x | InputArgumentIndex | 0 |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
index 46abea4045f..a7dd9af52cb 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
@@ -1,16 +1,32 @@
 nosqlFilteredTruePositives
-| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | not a direct argument to a likely external library call or a heuristic sink |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | not a direct argument to a likely external library call or a heuristic sink (nosql) |
 sqlFilteredTruePositives
 | autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:13:7:45 | select  ... e id =  | not an argument to a likely external library call or a heuristic sink |
 | autogenerated/NosqlAndSqlInjection/untyped/tst2.js:7:48:7:60 | req.params.id | not an argument to a likely external library call or a heuristic sink |
 taintedPathFilteredTruePositives
-| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | not a direct argument to a likely external library call or a heuristic sink |
+| autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | not a direct argument to a likely external library call or a heuristic sink (tainted path) |
+| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | not a direct argument to a likely external library call or a heuristic sink (tainted path) |
 xssFilteredTruePositives
-| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink |
-| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:71:5:76 | 'safe' | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
+xssThroughDomFilteredTruePositives
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:71:5:76 | 'safe' | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
index 8ae82446403..0e382df6ba9 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
@@ -16,32 +16,38 @@ import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 import semmle.javascript.security.dataflow.SqlInjectionCustomizations
 import semmle.javascript.security.dataflow.TaintedPathCustomizations
 import semmle.javascript.security.dataflow.DomBasedXssCustomizations
-import experimental.adaptivethreatmodeling.StandardEndpointFilters as StandardEndpointFilters
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 
 query predicate nosqlFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof NosqlInjection::Sink and
-  reason = NosqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint) and
+  reason = any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   not reason = ["argument to modeled function", "modeled sink", "modeled database access"]
 }
 
 query predicate sqlFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof SqlInjection::Sink and
-  reason = SqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint) and
+  reason = any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
 
 query predicate taintedPathFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof TaintedPath::Sink and
-  reason = TaintedPathAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint) and
+  reason = any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
 
 query predicate xssFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof DomBasedXss::Sink and
-  reason = XssAtm::SinkEndpointFilter::getAReasonSinkExcluded(endpoint) and
+  reason = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
+  reason != "argument to modeled function"
+}
+
+query predicate xssThroughDomFilteredTruePositives(DataFlow::Node endpoint, string reason) {
+  endpoint instanceof DomBasedXss::Sink and
+  reason = any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md
similarity index 52%
rename from javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md
rename to javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md
index f854c482ba3..769dfa6fd27 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md
@@ -1,7 +1,9 @@
-# autogenerated
+# autogenerated folder
 
 This folder contains test data for the ATM endpoint CodeQL tests that has been autogenerated from the standard JS CodeQL libraries.
 
 It is helpful, but not required, to periodically update this test data to incorporate new test data introduced in the standard JS CodeQL libraries.
-To update this test data, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py --codeql-lib-path /path/to/codeql-lib`.
-For more information, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py --help` or view the source code of [`update_endpoint_test_files.py`](../../update_endpoint_test_files.py).
+
+To update this test data, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py`.
+
+For more information view the source code of [`update_endpoint_test_files.py`](../../update_endpoint_test_files.py).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js
new file mode 100644
index 00000000000..723348daf57
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js
@@ -0,0 +1,121 @@
+var express = require('express');
+var app = express();
+
+import { Octokit } from "@octokit/core";
+const kit = new Octokit();
+
+app.get('/post/:id', function(req, res) {
+    const id = req.params.id;
+    // NOT OK
+    const response = kit.graphql(`
+      query {
+        repository(owner: "github", name: "${id}") {
+          object(expression: "master:foo") {
+            ... on Blob {
+              text
+            }
+          }
+        }
+      }
+    `);
+});
+
+import { graphql, withCustomRequest } from "@octokit/graphql";
+
+app.get('/user/:id/', function(req, res) {
+    const id = req.params.id;
+    const response = graphql(`foo ${id}`); // NOT OK
+
+    const myGraphql = withCustomRequest(request);
+    const response = myGraphql(`foo ${id}`); // NOT OK
+
+    const withDefaults = graphql.defaults({});
+    withDefaults(`foo ${id}`); // NOT OK
+});
+
+const { request } = require("@octokit/request");
+
+app.get('/article/:id/', async function(req, res) {
+    const id = req.params.id;
+    const result = await request("POST /graphql", {
+      headers: {
+        authorization: "token 0000000000000000000000000000000000000001",
+      },
+      query: `foo ${id}`, // NOT OK
+    });
+
+    const withDefaults = request.defaults({});
+    withDefaults("POST /graphql", { query: `foo ${id}` }); // NOT OK
+});
+
+import { Octokit as Core } from "@octokit/rest";
+const kit2 = new Core();
+
+app.get('/event/:id/', async function(req, res) {
+    const id = req.params.id;
+    const result = await kit2.graphql(`foo ${id}`); // NOT OK
+
+    const result2 = await kit2.request("POST /graphql", { query: `foo ${id}` }); // NOT OK
+});
+
+import { graphql as nativeGraphql, buildSchema }  from 'graphql';
+var schema = buildSchema(`
+  type Query {
+    hello: String
+  }
+`);
+var root = {
+  hello: () => {
+    return 'Hello world!';
+  },
+};
+
+app.get('/thing/:id', async function(req, res) {
+  const id = req.query.id;
+  const result = await nativeGraphql(schema, "{ foo" + id + " }", root); // NOT OK
+  
+  fetch("https://my-grpahql-server.com/graphql", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      // NOT OK
+      query: `{
+        thing {
+          name
+          url
+          ${id}
+        }
+      }`
+    })
+  })
+
+  fetch("https://my-grpahql-server.com/graphql", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      // OK
+      query: `{
+        thing {
+          name
+          url
+          $id
+        }
+      }`,
+      variables: {
+        id: id
+      }
+    })
+  })
+});
+
+const github = require('@actions/github');
+app.get('/event/:id/', async function(req, res) {
+    const kit = github.getOctokit("foo")
+
+    const id = req.params.id;
+    const result = await kit.graphql(`foo ${id}`); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
index 93f09a51adb..a3bfcfd4a30 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
@@ -35,3 +35,30 @@ app.post('/documents/find', (req, res) => {
         doc.find(query); // NOT OK
     });
 });
+
+import Joi from 'joi';
+
+const joiSchema = Joi.object({
+    date: Joi.string().required(),
+    title: Joi.string().required()
+}).with('date', 'title');
+
+app.post('/documents/insert', (req, res) => {
+    MongoClient.connect('mongodb://localhost:27017/test', async (err, db) => {
+        let doc = db.collection('doc');
+
+        const query = JSON.parse(req.query.data);
+        const validate = joiSchema.validate(query);
+        if (!validate.error) {
+            doc.find(query); // OK
+        } else {
+            doc.find(query); // NOT OK
+        }
+        try {
+            await joiSchema.validateAsync(query);
+            doc.find(query); // OK - but still flagged [INCONSISTENCY]
+        } catch (e) {
+            doc.find(query); // NOT OK
+        }
+    });
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js
new file mode 100644
index 00000000000..9502cace21a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js
@@ -0,0 +1,71 @@
+const http = require("http");
+const url = require("url");
+const ldap = require("ldapjs");
+const client = ldap.createClient({
+  url: "ldap://127.0.0.1:1389",
+});
+
+// https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
+const sanitizeInput = function (input) {
+  return input
+    .replace(/\*/g, "\\2a")
+    .replace(/\(/g, "\\28")
+    .replace(/\)/g, "\\29")
+    .replace(/\\/g, "\\5c")
+    .replace(/\0/g, "\\00")
+    .replace(/\//g, "\\2f");
+};
+
+const server = http.createServer((req, res) => {
+  let q = url.parse(req.url, true);
+
+  let username = q.query.username;
+
+  var opts1 = {
+    filter: `(|(name=${username})(username=${username}))`,
+  };
+
+  client.search("o=example", opts1, function (err, res) {}); // NOT OK
+
+  client.search(
+    "o=example",
+    { filter: `(|(name=${username})(username=${username}))` }, // NOT OK
+    function (err, res) {}
+  );
+
+  // GOOD
+  client.search(
+    "o=example",
+    { // OK
+      filter: `(|(name=${sanitizeInput(username)})(username=${sanitizeInput(
+        username
+      )}))`,
+    },
+    function (err, res) {}
+  );
+
+  // GOOD (https://github.com/ldapjs/node-ldapjs/issues/181)
+  let f = new OrFilter({
+    filters: [
+      new EqualityFilter({
+        attribute: "name",
+        value: username,
+      }),
+      new EqualityFilter({
+        attribute: "username",
+        value: username,
+      }),
+    ],
+  });
+
+  client.search("o=example", { filter: f }, function (err, res) {});
+
+  const parsedFilter = ldap.parseFilter(
+    `(|(name=${username})(username=${username}))`
+  );
+  client.search("o=example", { filter: parsedFilter }, function (err, res) {}); // NOT OK
+
+  const dn = ldap.parseDN(`cn=${username}`, function (err, dn) {}); // NOT OK
+});
+
+server.listen(389, () => {});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
index 0c9e49be8e1..9b6d9b2fb88 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
@@ -11,5 +11,5 @@ app.post("/documents/find", (req, res) => {
   query.title = req.body.title;
 
   // NOT OK: query is tainted by user-provided object value
-  db.myDoc.find(query);
+  db.myDoc.find(query, (err, data) => {});
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
index dc85bc142b5..0ebbb3d8a71 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
@@ -13,5 +13,5 @@ app.post("/documents/find", (req, res) => {
   query.title = req.body.title;
 
   // NOT OK: query is tainted by user-provided object value
-  doc.find(query);
+  doc.find(query, (err, data) => {});
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js
new file mode 100644
index 00000000000..de328fb49fa
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js
@@ -0,0 +1,22 @@
+const app = require("express")();
+const mysql = require('mysql');
+const pool = mysql.createPool(getConfig());
+
+app.get("search", function handler(req, res) {
+    let temp = req.params.value;
+    pool.getConnection(function(err, connection) {
+        connection.query({
+            sql: 'SELECT * FROM `books` WHERE `author` = ?', // OK
+            values: [temp]
+        }, function(error, results, fields) {});
+    });
+    pool.getConnection(function(err, connection) {
+        connection.query({
+            sql: 'SELECT * FROM `books` WHERE `author` = ' + temp, // NOT OK
+        }, function(error, results, fields) {});
+    });
+    pool.getConnection(function(err, connection) {
+        connection.query('SELECT * FROM `books` WHERE `author` = ' + temp, // NOT OK
+            function(error, results, fields) {});
+    });
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
index 07d92a753ec..d3f190dd198 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
@@ -5,7 +5,7 @@ require('express')().get('/foo', (req, res) => {
 
   var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
              + req.params.category + "' ORDER BY PRICE";
-  
+
   db.any(query); // NOT OK
   db.many(query); // NOT OK
   db.manyOrNone(query); // NOT OK
@@ -17,7 +17,7 @@ require('express')().get('/foo', (req, res) => {
   db.oneOrNone(query); // NOT OK
   db.query(query); // NOT OK
   db.result(query); // NOT OK
-  
+
   db.one({
     text: query // NOT OK
   });
@@ -59,7 +59,7 @@ require('express')().get('/foo', (req, res) => {
   db.task(t => {
       return t.one(query); // NOT OK
   });
-  db.task(
+  db.taskIf(
     { cnd: t => t.one(query) }, // NOT OK
     t => t.one(query) // NOT OK
   );
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
index 55e75a53757..f98cc9be554 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
@@ -193,4 +193,23 @@ var server = http.createServer(function(req, res) {
 
   res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized
   res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute)
-});
\ No newline at end of file
+});
+
+import normalizeUrl from 'normalize-url';
+
+var server = http.createServer(function(req, res) {
+  // tests for a few more uri-libraries
+  const qs = require("qs");
+  res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK
+  res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK
+  const parseqs = require("parseqs");
+  res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK
+});
+
+const cp = require("child_process");
+var server = http.createServer(function(req, res) {
+  let path = url.parse(req.url, true).query.path;
+  cp.execSync("foobar", {cwd: path}); // NOT OK
+  cp.execFileSync("foobar", ["args"], {cwd: path}); // NOT OK
+  cp.execFileSync("foobar", {cwd: path}); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js
new file mode 100644
index 00000000000..dad320e3aba
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js
@@ -0,0 +1,9 @@
+var express = require("express"),
+  fileUpload = require("express-fileupload");
+
+let app = express();
+app.use(fileUpload());
+
+app.get("/some/path", function (req, res) {
+  req.files.foo.mv(req.query.bar);
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js
new file mode 100644
index 00000000000..512b851592a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js
@@ -0,0 +1,52 @@
+const express = require('express');
+const hb = require("handlebars");
+const fs = require("fs");
+
+const app = express();
+
+const data = {};
+
+function init() {
+    hb.registerHelper("catFile", function catFile(filePath) {
+        return fs.readFileSync(filePath); // SINK (reads file)
+    });
+    hb.registerHelper("prependToLines", function prependToLines(prefix, filePath) {
+        return fs
+          .readFileSync(filePath)
+          .split("\n")
+          .map((line) => prefix + line)
+          .join("\n");
+    });
+    data.compiledFileAccess = hb.compile("contents of file {{path}} are: {{catFile path}}")
+    data.compiledBenign = hb.compile("hello, {{name}}");
+    data.compiledUnknown = hb.compile(fs.readFileSync("greeting.template"));
+    data.compiledMixed = hb.compile("helpers may have several args, like here: {{prependToLines prefix path}}");
+}
+
+init();
+
+app.get('/some/path1', function (req, res) {
+    res.send(data.compiledFileAccess({ path: req.params.path })); // NOT ALLOWED (template uses vulnerable catFile)
+});
+
+app.get('/some/path2', function (req, res) {
+    res.send(data.compiledBenign({ name: req.params.name })); // ALLOWED (this template does not use catFile)
+});
+
+app.get('/some/path3', function (req, res) {
+    res.send(data.compiledUnknown({ name: req.params.name })); // ALLOWED (could be using a vulnerable helper, but we'll assume it's ok)
+});
+
+app.get('/some/path4', function (req, res) {
+    res.send(data.compiledMixed({
+        prefix: ">>> ",
+        path: req.params.path // NOT ALLOWED (template uses vulnerable helper)
+    }));
+});
+
+app.get('/some/path5', function (req, res) {
+    res.send(data.compiledMixed({
+        prefix: req.params.prefix, // ALLOWED (this parameter is safe)
+        path: "data/path-5.txt"
+    }));
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
index f03260e3c84..f5caae46c45 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
@@ -370,4 +370,35 @@ app.get('/yet-another-prefix2', (req, res) => {
   function allowPath(requestPath, rootPath) {
     return requestPath.indexOf(rootPath) === 0;
   }
-});
\ No newline at end of file
+});
+
+import slash from 'slash';
+app.get('/slash-stuff', (req, res) => {
+  let path = req.query.path;
+
+  fs.readFileSync(path); // NOT OK
+
+  fs.readFileSync(slash(path)); // NOT OK
+});
+
+app.get('/dotdot-regexp', (req, res) => {
+  let path = pathModule.normalize(req.query.x);
+  if (pathModule.isAbsolute(path))
+    return;
+  fs.readFileSync(path); // NOT OK
+  if (!path.match(/\./)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\./)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\.\//)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\.\/foo/)) {
+    fs.readFileSync(path); // NOT OK
+  }
+  if (!path.match(/(\.\.\/|\.\.\\)/)) {
+    fs.readFileSync(path); // OK
+  }
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
index 14c9e357492..bda7051ba80 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
@@ -50,4 +50,24 @@ http.createServer(function(req, res) {
 
   fs.readFileSync(path); // NOT OK
   asyncFS.readFileSync(path); // NOT OK
+
+  require("pify")(fs.readFileSync)(path); // NOT OK
+  require("pify")(fs).readFileSync(path); // NOT OK
+
+  require('util.promisify')(fs.readFileSync)(path); // NOT OK
+
+  require("thenify")(fs.readFileSync)(path); // NOT OK
+
+  const readPkg = require('read-pkg');
+  var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK
+  var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK
+});
+
+const mkdirp = require("mkdirp");
+http.createServer(function(req, res) {
+  var path = url.parse(req.url, true).query.path;
+
+  fs.readFileSync(path); // NOT OK
+  mkdirp(path); // NOT OK
+  mkdirp.sync(path); // NOT OK
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js
new file mode 100644
index 00000000000..7546bb2c293
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js
@@ -0,0 +1,14 @@
+const express = require('express');
+const prettier = require("prettier");
+
+const app = express();
+app.get('/some/path', function (req, res) {
+    const { p } = req.params;
+    prettier.resolveConfig(p).then((options) => { // NOT OK
+        const formatted = prettier.format("foo", options);
+    });
+
+    prettier.resolveConfig("foo", {config: p}).then((options) => { // NOT OK
+        const formatted = prettier.format("bar", options);
+    });
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
index 3c98512dad7..465b5b70b69 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
@@ -32,3 +32,19 @@ var server = http.createServer(function(req, res) {
 });
 
 server.listen();
+
+var nodefs = require('node:fs');
+
+var server2 = http.createServer(function(req, res) {
+  let path = url.parse(req.url, true).query.path;
+  nodefs.readFileSync(path); // NOT OK
+});
+
+server2.listen();
+
+const chownr = require("chownr");
+
+var server3 = http.createServer(function (req, res) {
+  let path = url.parse(req.url, true).query.path;
+  chownr(path, "someuid", "somegid", function (err) {}); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
index 443ccdd31b0..23f89c55c39 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
@@ -6,3 +6,12 @@ app.get('/some/path', function(req, res) {
   // BAD: loading a module based on un-sanitized query parameters
   var m = require(req.param("module"));
 });
+
+const resolve = require("resolve");
+app.get('/some/path', function(req, res) {
+  var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters
+
+  resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters
+    var module = res;
+  });
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
index fbb1dcfe01d..97d21371d08 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
@@ -14,4 +14,17 @@ function test() {
     }
 
     window.addEventListener("message", foo.bind(null, {data: 'items'}));
+
+    window.onmessage = e => {
+        if (e.origin !== "https://foobar.com") {
+            return;
+        }
+        document.write(e.data); // OK - there is an origin check
+    }
+
+    window.onmessage = e => {
+        if (mySet.includes(e.origin)) {
+            document.write(e.data); // OK - there is an origin check
+        }
+    }
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
index e18f7844f68..a0e75045a2e 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
@@ -13,4 +13,6 @@ function main() {
     document.body.innerHTML = `<span class="${safeStyle(window.name)}">Hello<span>`; // NOT OK
     document.body.innerHTML = `<span class="${safeStyle('foo')}">Hello<span>`; // OK
     document.body.innerHTML = `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
+
+    document.body.innerHTML += `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts
new file mode 100644
index 00000000000..b87d5a43bee
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts
@@ -0,0 +1,101 @@
+$("#foo").on("paste", paste);
+
+function paste(e) {
+    const { clipboardData } = e.originalEvent;
+    if (!clipboardData) return;
+
+    const text = clipboardData.getData('text/plain');
+    const html = clipboardData.getData('text/html');
+    if (!text && !html) return;
+
+    e.preventDefault();
+
+    const div = document.createElement('div');
+    if (html) {
+        div.innerHTML = html; // NOT OK
+    } else {
+        div.textContent = text;
+    }
+    document.body.append(div);
+}
+
+export function install(el: HTMLElement): void {
+    el.addEventListener('paste', (e) => {
+        $("#id").html(e.clipboardData.getData('text/html')); // NOT OK    
+    })
+}
+
+document.addEventListener('paste', (e) => {
+    $("#id").html(e.clipboardData.getData('text/html')); // NOT OK
+});
+
+$("#foo").bind('paste', (e) => {
+    $("#id").html(e.originalEvent.clipboardData.getData('text/html')); // NOT OK
+});
+
+(function () {
+    let div = document.createElement("div");
+    div.onpaste = function (e: ClipboardEvent) {
+        const { clipboardData } = e;
+        if (!clipboardData) return;
+
+        const text = clipboardData.getData('text/plain');
+        const html = clipboardData.getData('text/html');
+        if (!text && !html) return;
+
+        e.preventDefault();
+
+        const div = document.createElement('div');
+        if (html) {
+            div.innerHTML = html; // NOT OK
+        } else {
+            div.textContent = text;
+        }
+        document.body.append(div);
+    }
+})();
+
+async function getClipboardData(e: ClipboardEvent): Promise<Array<File | string>> {
+    // Using a set to filter out duplicates. For some reason, dropping URLs duplicates them 3 times (for me)
+    const dropItems = new Set<File | string>();
+  
+    // First get all files in the drop event
+    if (e.clipboardData.files.length > 0) {
+      // tslint:disable-next-line: prefer-for-of
+      for (let i = 0; i < e.clipboardData.files.length; i++) {
+        const file = e.clipboardData.files[i];
+      }
+    }
+  
+    if (e.clipboardData.types.includes('text/html')) {
+      const droppedHtml = e.clipboardData.getData('text/html');
+      const container = document.createElement('html');
+      container.innerHTML = droppedHtml;
+      const imgs = container.getElementsByTagName('img');
+      if (imgs.length === 1) {
+        const src = imgs[0].src;
+        dropItems.add(src);
+      }
+    } else if (e.clipboardData.types.includes('text/plain')) {
+      const plainText = e.clipboardData.getData('text/plain');
+      // Check if text is an URL
+      if (/^https?:\/\//i.test(plainText)) {
+        dropItems.add(plainText);
+      }
+    }
+  
+    const imageItems = Array.from(dropItems);
+    return imageItems;
+  }
+
+// inputevent
+(function () {
+    let div = document.createElement("div");
+    div.addEventListener("beforeinput", function (e: InputEvent) {
+        const { data, inputType, isComposing, dataTransfer } = e;
+        if (!dataTransfer) return;
+
+        const html = dataTransfer.getData('text/html');
+        $("#id").html(html); // NOT OK
+    });
+})();
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js
new file mode 100644
index 00000000000..9177f08bdc5
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js
@@ -0,0 +1,7 @@
+import * as dummy from 'dummy';
+
+class CustomElm extends HTMLElement {
+    test() {
+        this.innerHTML = window.name; // NOT OK
+    }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
index 592dc37c973..47513c796d9 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
@@ -16,4 +16,47 @@ function main() {
     document.body.innerHTML = `Time is ${moment(time).format(taint)}`; // NOT OK
     document.body.innerHTML = `Time is ${moment(taint).format()}`; // OK
     document.body.innerHTML = `Time is ${dateformat(time, taint)}`; // NOT OK
+
+    import dayjs from 'dayjs';
+    document.body.innerHTML = `Time is ${dayjs(time).format(taint)}`; // NOT OK
 }
+
+import LuxonAdapter from "@date-io/luxon";
+import DateFnsAdapter from "@date-io/date-fns";
+import MomentAdapter from "@date-io/moment";
+import DayJSAdapter from "@date-io/dayjs"
+
+function dateio() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    const dateFns = new DateFnsAdapter();
+    const luxon = new LuxonAdapter();
+    const moment = new MomentAdapter();
+    const dayjs = new DayJSAdapter();
+
+    document.body.innerHTML = `Time is ${dateFns.formatByString(new Date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${luxon.formatByString(luxon.date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${moment.formatByString(moment.date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${dayjs.formatByString(dayjs.date(), taint)}`; // NOT OK
+}
+
+import { DateTime } from "luxon";
+
+function luxon() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    document.body.innerHTML = `Time is ${DateTime.now().plus({years: 1}).toFormat(taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${new DateTime().setLocale('fr').toFormat(taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${DateTime.fromISO("2020-01-01").startOf('day').toFormat(taint)}`; // NOT OK
+}
+
+function dateio2() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    const moment = new MomentAdapter();
+    document.body.innerHTML = `Time is ${moment.addDays(moment.date("2020-06-21"), 1).format(taint)}`; // NOT OK
+    const luxon = new LuxonAdapter();
+    document.body.innerHTML = `Time is ${luxon.endOfDay(luxon.date()).toFormat(taint)}`; // NOT OK
+    const dayjs = new DayJSAdapter();
+    document.body.innerHTML = `Time is ${dayjs.setHours(dayjs.date(), 4).format(taint)}`; // NOT OK
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts
new file mode 100644
index 00000000000..487e51c8f8a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts
@@ -0,0 +1,89 @@
+$("#foo").on("drop", drop);
+
+function drop(e) {
+    const { dataTransfer } = e.originalEvent;
+    if (!dataTransfer) return;
+
+    const text = dataTransfer.getData('text/plain');
+    const html = dataTransfer.getData('text/html');
+    if (!text && !html) return;
+
+    e.preventDefault();
+
+    const div = document.createElement('div');
+    if (html) {
+        div.innerHTML = html; // NOT OK
+    } else {
+        div.textContent = text;
+    }
+    document.body.append(div);
+}
+
+export function install(el: HTMLElement): void {
+    el.addEventListener('drop', (e) => {
+        $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK    
+    })
+}
+
+document.addEventListener('drop', (e) => {
+    $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK
+});
+
+$("#foo").bind('drop', (e) => {
+    $("#id").html(e.originalEvent.dataTransfer.getData('text/html')); // NOT OK
+});
+
+(function () {
+    let div = document.createElement("div");
+    div.ondrop = function (e: DragEvent) {
+        const { dataTransfer } = e;
+        if (!dataTransfer) return;
+
+        const text = dataTransfer.getData('text/plain');
+        const html = dataTransfer.getData('text/html');
+        if (!text && !html) return;
+
+        e.preventDefault();
+
+        const div = document.createElement('div');
+        if (html) {
+            div.innerHTML = html; // NOT OK
+        } else {
+            div.textContent = text;
+        }
+        document.body.append(div);
+    }
+})();
+
+async function getDropData(e: DragEvent): Promise<Array<File | string>> {
+    // Using a set to filter out duplicates. For some reason, dropping URLs duplicates them 3 times (for me)
+    const dropItems = new Set<File | string>();
+  
+    // First get all files in the drop event
+    if (e.dataTransfer.files.length > 0) {
+      // tslint:disable-next-line: prefer-for-of
+      for (let i = 0; i < e.dataTransfer.files.length; i++) {
+        const file = e.dataTransfer.files[i];
+      }
+    }
+  
+    if (e.dataTransfer.types.includes('text/html')) {
+      const droppedHtml = e.dataTransfer.getData('text/html');
+      const container = document.createElement('html');
+      container.innerHTML = droppedHtml;
+      const imgs = container.getElementsByTagName('img');
+      if (imgs.length === 1) {
+        const src = imgs[0].src;
+        dropItems.add(src);
+      }
+    } else if (e.dataTransfer.types.includes('text/plain')) {
+      const plainText = e.dataTransfer.getData('text/plain');
+      // Check if text is an URL
+      if (/^https?:\/\//i.test(plainText)) {
+        dropItems.add(plainText);
+      }
+    }
+  
+    const imageItems = Array.from(dropItems);
+    return imageItems;
+  }
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
index 7079f471978..0132d7ae7ca 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
@@ -57,3 +57,13 @@ function Node() {}
  * @type {Node}
  */
 Node.prototype.parentNode;
+
+/**
+ * @return {DomObjectStub}
+ */
+DomObjectStub.prototype.insertRow = function() {};
+
+/**
+ * @return {DomObjectStub}
+ */
+DomObjectStub.prototype.insertCell = function() {};
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
index 928648ced0f..3bff577fbdf 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
@@ -14,4 +14,22 @@ function test() {
   elm.innerHTML = decodeURIComponent(window.location.hash); // NOT OK
   elm.innerHTML = decodeURIComponent(window.location.search); // NOT OK
   elm.innerHTML = decodeURIComponent(window.location.toString()); // NOT OK
+
+  let hash = window.location.hash;
+  $(hash); // OK - start with '#'
+
+  $(hash.substring(1)); // NOT OK
+  $(hash.substring(1, 10)); // NOT OK
+  $(hash.substr(1)); // NOT OK
+  $(hash.slice(1)); // NOT OK
+  $(hash.substring(0, 10)); // OK
+
+  $(hash.replace('#', '')); // NOT OK
+  $(window.location.search.replace('?', '')); // NOT OK
+  $(hash.replace('!', '')); // OK
+  $(hash.replace('blah', '')); // OK
+
+  $(hash + 'blah'); // OK
+  $('blah' + hash); // OK - does not start with '<'
+  $('<b>' + hash + '</b>'); // NOT OK
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js
new file mode 100644
index 00000000000..cba48137122
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js
@@ -0,0 +1,10 @@
+(function() {
+    const policy1 = trustedTypes.createPolicy('x', { createHTML: x => x }); // NOT OK
+    policy1.createHTML(window.name);
+
+    const policy2 = trustedTypes.createPolicy('x', { createHTML: x => 'safe' }); // OK
+    policy2.createHTML(window.name);
+
+    const policy3 = trustedTypes.createPolicy('x', { createHTML: x => x }); // OK
+    policy3.createHTML('safe');
+})();
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
index 44f88e0762b..3c609ddcc92 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
@@ -430,4 +430,63 @@ function nonGlobalSanitizer() {
   $("#foo").html(target.replace(/<metadata>[\s\S]*<\/metadata>/, '<metadata></metadata>')); // NOT OK
 
   $("#foo").html(target.replace(/<|>/g, '')); // OK
-}
\ No newline at end of file
+}
+
+function mootools(){
+	var source = document.location.search;
+
+	new Element("div"); // OK
+	new Element("div", {text: source}); // OK
+	new Element("div", {html: source}); // NOT OK
+	new Element("div").set("html", source); // NOT OK
+	new Element("div").set({"html": source}); // NOT OK
+	new Element("div").setProperty("html", source); // NOT OK
+	new Element("div").setProperties({"html": source}); // NOT OK
+	new Element("div").appendHtml(source); // NOT OK
+}
+
+
+const Convert = require('ansi-to-html');
+const ansiToHtml = new Convert();
+
+function ansiToHTML() {
+  var source = document.location.search;
+
+  $("#foo").html(source); // NOT OK
+  $("#foo").html(ansiToHtml.toHtml(source)); // NOT OK
+}
+
+function domMethods() {
+	var source = document.location.search;
+
+  let table = document.getElementById('mytable');
+  table.innerHTML = source; // NOT OK
+  let row = table.insertRow(-1);
+  row.innerHTML = source; // NOT OK
+  let cell = row.insertCell();
+  cell.innerHTML = source; // NOT OK
+}
+
+function urlStuff() {
+  var url = document.location.search.substr(1);
+
+  $("<a>", {href: url}).appendTo("body"); // NOT OK
+  $("#foo").attr("href", url); // NOT OK
+  $("#foo").attr({href: url}); // NOT OK
+  $("<img>", {src: url}).appendTo("body"); // NOT OK
+  $("<a>", {href: win.location.href}).appendTo("body"); // OK
+
+  $("<img>", {src: "http://google.com/" + url}).appendTo("body"); // OK
+
+  $("<img>", {src: ["http://google.com", url].join("/")}).appendTo("body"); // OK
+
+  if (url.startsWith("https://")) {
+    $("<img>", {src: url}).appendTo("body"); // OK
+  } else {
+    $("<img>", {src: url}).appendTo("body"); // NOT OK
+  }
+
+  window.open(location.hash.substr(1)); // OK - any JavaScript is executed in another context
+
+  navigation.navigate(location.hash.substr(1)); // NOT OK
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
index 91dca5e0c51..28f49bb71ca 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
@@ -6,11 +6,19 @@ $(document).ready(function () {
     xhr.onreadystatechange = function () {
         if (xhr.readyState !== 4) { return }
         var json = JSON.parse(xhr.responseText)
-        $("#myThing").html(json.message);
+        $("#myThing").html(json.message); // caught with additional sources
     }
     try {
         xhr.send()
     } catch (error) {
         console.log(error)
     }
-})
\ No newline at end of file
+});
+
+$(document).ready(async function () {
+    const got = require('got');
+    const resp = await got.get("{{ some_url }}");
+    const json = JSON.parse(resp.body);
+    $("#myThing").html(json.message); // caught with additional sources
+
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
index 2ebbc46a4b3..36dd5181a1b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
@@ -11,3 +11,16 @@ app.post('/polldata', (req, res) => {
         res.send(ajv.errorsText()); // NOT OK
     }
 });
+
+const joi = require("joi");
+const joiSchema = joi.object().keys({
+    name: joi.string().required(),
+    age: joi.number().required()
+}).with('name', 'age');
+
+app.post('/votedata', (req, res) => {
+    const val = joiSchema.validate(req.body);
+    if (val.error) {
+        res.send(val.error); // NOT OK
+    }
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
index 6a85c0ec1b0..2b7c2057f0f 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
@@ -101,4 +101,11 @@ app.get('/user/:id', function (req, res) {
 
   res.send(markdownIt.use(require('markdown-it-sanitizer')).render(req.body)); // OK - HTML is sanitized. 
   res.send(markdownIt.use(require('markdown-it-abbr')).use(unknown).render(req.body)); // NOT OK
-});
\ No newline at end of file
+});
+
+var Hapi = require('hapi');
+var hapi = new Hapi.Server();
+hapi.route({
+    handler: function (request){
+        return request.query.p; // NOT OK
+    }});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js
new file mode 100644
index 00000000000..aed560fc076
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js
@@ -0,0 +1,18 @@
+var liveServer = require("live-server");
+ 
+const middleware = [function(req, res, next) {
+    const tainted = req.url;    
+
+    res.end(`<html><body>${tainted}</body></html>`); // NOT OK
+}];
+
+middleware.push(function(req, res, next) {
+    const tainted = req.url;
+
+    res.end(`<html><body>${tainted}</body></html>`); // NOT OK
+});
+
+var params = {
+    middleware
+};
+liveServer.start(params);
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
index 521b6b20a7c..60399a9b63d 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
@@ -22,3 +22,69 @@ app.get('/bar', function(req, res) {
   else
     res.send(p); // OK
 });
+
+
+const clone = require('clone');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = clone(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const serializeJavaScript = require('serialize-javascript');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var serialized = serializeJavaScript(p);
+
+  res.send(serialized); // OK
+  
+  var unsafe = serializeJavaScript(p, {unsafe: true});
+
+  res.send(unsafe); // NOT OK
+});
+
+const fclone = require('fclone');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = fclone(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const jc = require('json-cycle');
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = jc.retrocycle(jc.decycle(obj));
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const sortKeys = require('sort-keys');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = sortKeys(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js
new file mode 100644
index 00000000000..c7d0fd91a4a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js
@@ -0,0 +1,13 @@
+var express = require('express');
+
+var app = express();
+app.enable('x-powered-by').disable('x-powered-by').get('/', function (req, res) {
+  let { p } = req.params;
+  res.send(p); // NOT OK
+});
+
+const prettier = require("prettier");
+app.post("foobar", function (reg, res) {
+  const code = prettier.format(reg.body, { semi: false, parser: "babel" });
+  res.send(code); // NOT OK
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
index 07b25b558f9..6a133a747bd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
@@ -7,3 +7,9 @@
 }(function ($) {
     $("<span>" + $.trim("foo") + "</span>"); // OK
 }));
+
+$.fn.myPlugin = function (stuff, options) {
+    $("#foo").html("<span>" + options.foo + "</span>"); // NOT OK
+
+    $("#foo").html("<span>" + stuff + "</span>"); // NOT OK
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts
new file mode 100644
index 00000000000..91e81238605
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // NOT OK
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts
new file mode 100644
index 00000000000..21bb420b71f
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // NOT OK - this file is recognized as a main file.
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts
new file mode 100644
index 00000000000..35908c88f16
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // OK - this file is not recognized as a main file.
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
index 1097e126feb..01d376a2f8b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
@@ -75,3 +75,45 @@ module.exports.intentionalTemplate = function (obj) {
     const html = "<span>" + obj.spanTemplate + "</span>"; // OK
     document.querySelector("#template").innerHTML = html;
 }
+
+module.exports.types = function (val) {
+    if (typeof val === "string") {
+        $("#foo").html("<span>" + val + "</span>"); // NOT OK
+    } else if (typeof val === "number") {
+        $("#foo").html("<span>" + val + "</span>"); // OK
+    } else if (typeof val === "boolean") {
+        $("#foo").html("<span>" + val + "</span>"); // OK
+    }
+}
+
+function createHTML(x) {
+    return "<span>" + x + "</span>"; // NOT OK
+}
+
+module.exports.usesCreateHTML = function (x) {
+    $("#foo").html(createHTML(x));
+}
+
+const myMermaid = require('mermaid');
+module.exports.usesCreateHTML = function (x) {
+    myMermaid.render("id", x, function (svg) { // NOT OK
+        $("#foo").html(svg);
+    });
+    
+    $("#foo").html(myMermaid.render("id", x)); // NOT OK
+
+    mermaid.render("id", x, function (svg) {// NOT OK
+        $("#foo").html(svg); 
+    });
+
+    $("#foo").html(mermaid.render("id", x)); // NOT OK
+
+    mermaid.mermaidAPI.render("id", x, function (svg) {// NOT OK
+        $("#foo").html(svg);
+    });
+}
+
+module.exports.xssThroughMarkdown = function (s) {
+    const html = markdown.render(s); // NOT OK
+    document.querySelector("#markdown").innerHTML = html;
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
index 51621fec90b..b695c57fab8 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
@@ -182,4 +182,14 @@
 		$(document).find(options.target); // OK
 	}});
 
+	$.fn.position = function( options ) {
+		if ( !options || !options.of ) {
+			return doSomethingElse( this, arguments );
+		}
+		// extending options
+		options = $.extend( {}, options );
+	
+		var target = $( options.of ); // NOT OK
+		console.log(target);
+	};
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
index 656f233ca9e..7728722bd16 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
@@ -89,4 +89,54 @@
 	$("section h1").each(function(){
 		$("nav ul").append("<a href='#" + $(this).text().toLowerCase().replace(/ /g, '-').replace(/[^\w-]+/g,'') + "'>Section</a>"); // OK
 	});
+
+	$("#id").html($("#foo").find(".bla")[0].value); // NOT OK.
+
+	for (var i = 0; i < foo.length; i++) {
+		$("#id").html($("#foo").find(".bla")[i].value); // NOT OK.
+	}
+})();
+
+class Super {
+	constructor() {
+		this.el = $("#id").get(0);
+	}
+}
+
+class Sub extends Super {
+	constructor() {
+		super();
+		$("#id").get(0).innerHTML = "<a src=\"" + this.el.src + "\">foo</a>"; // NOT OK. Attack: `<mytag id="id" src="x:&quot;&gt;&lt;img src=1 onerror=&quot;alert(1)&quot;&gt;" />`
+	}
+}
+
+(function () {
+    const src = document.getElementById("#link").src;
+	$("#id").html(src); // NOT OK.
+
+    $("#id").attr("src", src); // OK
+
+    $("input.foo")[0].onchange = function (ev) {
+        $("#id").html(ev.target.files[0].name); // NOT OK.
+
+        $("img#id").attr("src", URL.createObjectURL(ev.target.files[0])); // NOT OK
+    }
+})();
+
+(function () {
+	let elem = document.createElement('a');
+	const wSelection = getSelection();
+	const dSelection = document.getSelection();
+	let linkText = wSelection.toString() || dSelection.toString() || '';
+	elem.innerHTML = linkText; // NOT OK
+	$("#id").html(linkText); // NOT OK
+	elem.innerText = linkText; // OK
+})();
+
+const cashDom = require("cash-dom");
+
+(function () {
+    const src = document.getElementById("#link").src;
+	cash("#id").html(src); // NOT OK.
+    cashDom("#id").html(src); // NOT OK
 })();
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js
new file mode 100644
index 00000000000..2b71107e512
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js
@@ -0,0 +1,28 @@
+var filters = [
+    /<script.*?>.*?<\/script>/i, // NOT OK - doesn't match newlines or `</script >`
+    /<script.*?>.*?<\/script>/is, // NOT OK - doesn't match `</script >`
+    /<script.*?>.*?<\/script[^>]*>/is, // OK
+    /<!--.*-->/is, // OK - we don't care regexps that only match comments
+    /<!--.*--!?>/is, // OK
+    /<!--.*--!?>/i, // NOT OK, does not match newlines
+    /<script.*?>(.|\s)*?<\/script[^>]*>/i, // NOT OK - doesn't match inside the script tag
+    /<script[^>]*?>.*?<\/script[^>]*>/i, // NOT OK - doesn't match newlines inside the content
+    /<script(\s|\w|=|")*?>.*?<\/script[^>]*>/is, // NOT OK - does not match single quotes for attribute values
+    /<script(\s|\w|=|')*?>.*?<\/script[^>]*>/is, // NOT OK - does not match double quotes for attribute values
+    /<script( |\n|\w|=|'|")*?>.*?<\/script[^>]*>/is, // NOT OK - does not match tabs between attributes
+    /<script.*?>.*?<\/script[^>]*>/s, // NOT OK - does not match uppercase SCRIPT tags
+    /<(script|SCRIPT).*?>.*?<\/(script|SCRIPT)[^>]*>/s, // NOT OK - does not match mixed case script tags
+    /<script[^>]*?>[\s\S]*?<\/script.*>/i, // NOT OK - doesn't match newlines in the end tag
+    /<script[^>]*?>[\s\S]*?<\/script[^>]*?>/i, // OK
+    /<script\b[^>]*>([\s\S]*?)<\/script>/gi, // NOT OK - too strict matching on the end tag
+    /<(?:!--([\S|\s]*?)-->)|([^\/\s>]+)[\S\s]*?>/, // NOT OK - doesn't match comments with the right capture groups
+    /<(?:(?:\/([^>]+)>)|(?:!--([\S|\s]*?)-->)|(?:([^\/\s>]+)((?:\s+[\w\-:.]+(?:\s*=\s*?(?:(?:"[^"]*")|(?:'[^']*')|[^\s"'\/>]+))?)*)[\S\s]*?(\/?)>))/, // NOT OK - capture groups
+	/(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi, // NOT OK - capture groups
+    /<(?:(?:!--([\w\W]*?)-->)|(?:!\[CDATA\[([\w\W]*?)\]\]>)|(?:!DOCTYPE([\w\W]*?)>)|(?:\?([^\s\/<>]+) ?([\w\W]*?)[?/]>)|(?:\/([A-Za-z][A-Za-z0-9\-_\:\.]*)>)|(?:([A-Za-z][A-Za-z0-9\-_\:\.]*)((?:\s+[^"'>]+(?:(?:"[^"]*")|(?:'[^']*')|[^>]*))*|\/|\s+)>))/g, // NOT OK - capture groups
+    /<!--([\w\W]*?)-->|<([^>]*?)>/g, // NOT OK - capture groups
+]
+
+doFilters(filters)
+
+var strip = '<script([^>]*)>([\\S\\s]*?)<\/script([^>]*)>';  // OK - it's used with the ignorecase flag
+new RegExp(strip, 'gi');
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js
new file mode 100644
index 00000000000..76cfe80b238
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js
@@ -0,0 +1,96 @@
+function badEncode(s) {
+  return s.replace(/"/g, "&quot;")
+          .replace(/'/g, "&apos;")
+          .replace(/&/g, "&amp;");
+}
+
+function goodEncode(s) {
+  return s.replace(/&/g, "&amp;")
+          .replace(/"/g, "&quot;")
+          .replace(/'/g, "&apos;");
+}
+
+function goodDecode(s) {
+  return s.replace(/&quot;/g, "\"")
+          .replace(/&apos;/g, "'")
+          .replace(/&amp;/g, "&");
+}
+
+function badDecode(s) {
+  return s.replace(/&amp;/g, "&")
+          .replace(/&quot;/g, "\"")
+          .replace(/&apos;/g, "'");
+}
+
+function cleverEncode(code) {
+    return code.replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/&(?![\w\#]+;)/g, '&amp;');
+}
+
+function badDecode2(s) {
+  return s.replace(/&amp;/g, "&")
+          .replace(/s?ome|thin*g/g, "else")
+          .replace(/&apos;/g, "'");
+}
+
+function goodDecodeInLoop(ss) {
+  var res = [];
+  for (var s of ss) {
+    s = s.replace(/&quot;/g, "\"")
+         .replace(/&apos;/g, "'")
+         .replace(/&amp;/g, "&");
+    res.push(s);
+  }
+  return res;
+}
+
+function badDecode3(s) {
+  s = s.replace(/&amp;/g, "&");
+  s = s.replace(/&quot;/g, "\"");
+  return s.replace(/&apos;/g, "'");
+}
+
+function badUnescape(s) {
+  return s.replace(/\\\\/g, '\\')
+           .replace(/\\'/g, '\'')
+           .replace(/\\"/g, '\"');
+}
+
+function badPercentEscape(s) {
+  s = s.replace(/&/g, '%26');
+  s = s.replace(/%/g, '%25');
+  return s;
+}
+
+function badEncode(s) {
+  var indirect1 = /"/g;
+  var indirect2 = /'/g;
+  var indirect3 = /&/g;
+  return s.replace(indirect1, "&quot;")
+          .replace(indirect2, "&apos;")
+          .replace(indirect3, "&amp;");
+}
+
+function badEncodeWithReplacer(s) {
+  var repl = {
+    '"': "&quot;",
+    "'": "&apos;",
+    "&": "&amp;"
+  };
+  return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&amp;");
+}
+
+// dubious, but out of scope for this query
+function badRoundtrip(s) {
+  return s.replace(/\\\\/g, "\\").replace(/\\/g, "\\\\");
+}
+
+function testWithCapturedVar(x) {
+  var captured = x;
+  (function() {
+    captured = captured.replace(/\\/g, "\\\\");
+  })();
+}
+
+function encodeDecodeEncode(s) {
+ return goodEncode(goodDecode(goodEncode(s)));
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js
new file mode 100644
index 00000000000..9d45c9f8f49
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js
@@ -0,0 +1,39 @@
+(function(){
+	let defaultPattern = /<(([\w:]+)[^>]*)\/>/gi;
+	let expanded = "<$1></$2>";
+
+	// lib1
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi, expanded); // NOT OK
+
+	// lib2
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([\w:]+)[^>]*)\/>/gi, expanded); // NOT OK
+
+	// lib3
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([\w:-]+)[^>]*)\/>/gi, expanded); // NOT OK
+
+	html.replace(defaultPattern, expanded); // NOT OK
+	function getPattern() {
+		return defaultPattern;
+	}
+	html.replace(getPattern(), expanded); // NOT OK
+
+	function getExpanded() {
+		return expanded;
+	}
+	html.replace(defaultPattern, getExpanded()); // NOT OK (but not tracking the expansion string)
+	html.replace(defaultPattern, something); // OK (possibly)
+	defaultPattern.match(something); // OK (possibly)
+	getPattern().match(something); // OK (possibly)
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js
new file mode 100644
index 00000000000..43f650acce9
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js
@@ -0,0 +1,155 @@
+// CVE-2019-10756
+(function(content) {
+  content = content.replace(/<.*cript.*\/scrip.*>/gi, ""); // NOT OK
+  content = content.replace(/ on\w+=".*"/g, ""); // NOT OK
+  content = content.replace(/ on\w+=\'.*\'/g, ""); // NOT OK
+  return content;
+});
+(function(content) {
+  content = content.replace(/<.*cript.*/gi, ""); // NOT OK
+  content = content.replace(/.on\w+=.*".*"/g, ""); // NOT OK
+  content = content.replace(/.on\w+=.*\'.*\'/g, ""); // NOT OK
+
+  return content;
+});
+
+// CVE-2020-7656
+(function(responseText) {
+  var rscript = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+  responseText.replace(rscript, ""); // NOT OK
+  return responseText;
+});
+
+// CVE-2019-1010091
+(function(text) {
+  text = text.replace(/<!--|--!?>/g, ""); // NOT OK
+  return text;
+});
+(function(text) {
+  while (/<!--|--!?>/g.test(text)) {
+    text = text.replace(/<!--|--!?>/g, ""); // OK
+  }
+
+  return text;
+});
+
+// CVE-2019-10767
+(function(id) {
+  id = id.replace(/\.\./g, ""); // OK (can not contain '..' afterwards)
+  return id;
+});
+(function(id) {
+  id = id.replace(/[\]\[*,;'"`<>\\?\/]/g, ""); // OK (or is it?)
+  return id;
+});
+
+// CVE-2019-8903
+(function(req) {
+  var REG_TRAVEL = /(\/)?\.\.\//g;
+  req.url = req.url.replace(REG_TRAVEL, ""); // NOT OK
+});
+(function(req) {
+  var beg;
+  for (var i = 0; i < req.url.length; i++) {
+    if (req.url[i] === "." && req.url[i + 1] === "/") beg = i + 1;
+    else if (req.url[i] === "?") break;
+  }
+
+  if (beg) req.url = req.url.substring(beg);
+});
+
+// New cases
+
+(function(x) {
+  x = x.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/g, ""); // NOT OK
+
+  x = x.replace(/(\/|\s)on\w+=(\'|")?[^"]*(\'|")?/g, ""); // NOT OK
+
+  x = x.replace(/<\/script>/g, ""); // OK
+
+  x = x.replace(/<(.)?br(.)?>/g, ""); // OK
+  x = x.replace(/<\/?b>/g, ""); // OK
+  x = x.replace(/<(ul|ol)><\/(ul|ol)>/gi, ""); // OK
+  x = x.replace(/<li><\/li>/gi, ""); // OK
+
+  x = x.replace(/<!--(.*?)-->/gm, ""); // NOT OK
+  x = x.replace(/\sng-[a-z-]+/, ""); // NOT OK
+  x = x.replace(/\sng-[a-z-]+/g, ""); // NOT OK (ng-attributes)
+
+  x = x.replace(/(<!--\[CDATA\[|\]\]-->)/g, "\n"); // OK: not a sanitizer
+
+  x = x.replace(/<script.+desktop\-only.+<\/script>/g, ""); // OK [INCONSISTENCY]
+  x = x.replace(/<script async.+?<\/script>/g, ""); // OK
+  x = x.replace(/<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi, ""); // NOT OK
+
+  x = x.replace(/\x2E\x2E\x2F\x2E\x2E\x2F/g, ""); // NOT OK (matches "../../")
+
+  x = x.replace(/<script.*>.*<\/script>/gi, ""); // NOT OK
+
+  x = x.replace(/^(\.\.\/?)+/g, ""); // OK
+
+  // NOT OK
+  x = x.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/g, function(
+    $0
+  ) {
+    return unknown ? $0 : "";
+  });
+
+  x = x.replace(/<\/?([a-z][a-z0-9]*)\b[^>]*>/gi, ""); // NOT OK [INCONSISTENCY]
+
+  x = x.replace(/\.\./g, ""); // OK
+  x = x.replace(/\.\.\//g, ""); // NOT OK
+  x = x.replace(/\/\.\./g, ""); // NOT OK
+
+  x = x.replace(/<script(.*?)>([\s\S]*?)<\/script>/gi, ""); // NOT OK
+
+  x = x.replace(/<(script|del)(?=[\s>])[\w\W]*?<\/\1\s*>/gi, ""); // NOT OK
+  x = x.replace(/\<script[\s\S]*?\>[\s\S]*?\<\/script\>/g, ""); // NOT OK
+  x = x.replace(/<(script|style|title)[^<]+<\/(script|style|title)>/gm, ""); // NOT OK
+  x = x.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, ""); // NOT OK
+  x = x.replace(/<script[\s\S]*?<\/script>/gi, ""); // NOT OK
+  x = x.replace(/ ?<!-- ?/g, ""); // NOT OK
+  x = x.replace(/require\('\.\.\/common'\);/g, ""); // OK
+  x = x.replace(/\.\.\/\.\.\/lib\//g, ""); // OK
+
+  while (x.indexOf(".") !== -1) {
+    x = x
+      .replace(/^\.\//, "")
+      .replace(/\/\.\//, "/")
+      .replace(/[^\/]*\/\.\.\//, ""); // OK
+  }
+
+  x = x.replace(/([^.\s]+\.)+/, ""); // OK
+
+  x = x.replace(/<!\-\-DEVEL[\d\D]*?DEVEL\-\->/g, ""); // OK
+
+  x = x
+    .replace(/^\.\//, "")
+    .replace(/\/\.\//, "/")
+    .replace(/[^\/]*\/\.\.\//, ""); // NOT OK
+
+  return x;
+});
+
+(function (content) {
+	content.replace(/<script.*\/script>/gi, ""); // NOT OK
+	content.replace(/<(script).*\/script>/gi, ""); // NOT OK
+	content.replace(/.+<(script).*\/script>/gi, ""); // NOT OK
+	content.replace(/.*<(script).*\/script>/gi, ""); // NOT OK
+});
+
+(function (content) {
+  content = content.replace(/<script[\s\S]*?<\/script>/gi, ""); // NOT OK
+  content = content.replace(/<[a-zA-Z\/](.|\n)*?>/g, '') || ' '; // NOT OK
+  content = content.replace(/<(script|iframe|video)[\s\S]*?<\/(script|iframe|video)>/g, '') // NOT OK
+  content = content.replace(/<(script|iframe|video)(.|\s)*?\/(script|iframe|video)>/g, '') // NOT OK
+  content = content.replace(/<[^<]*>/g, ""); // OK
+
+  n.cloneNode(false).outerHTML.replace(/<\/?[\w:\-]+ ?|=[\"][^\"]+\"|=\'[^\']+\'|=[\w\-]+|>/gi, '').replace(/[\w:\-]+/gi, function(a) { // NOT OK
+    o.push({specified : 1, nodeName : a});
+  });
+
+  n.cloneNode(false).outerHTML.replace(/<\/?[\w:\-]+ ?|=[\"][^\"]+\"|=\'[^\']+\'|=[\w\-]+|>/gi, '').replace(/[\w:\-]+/gi, function(a) { // NOT OK
+    o.push({specified : 1, nodeName : a});
+  });  
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js
new file mode 100644
index 00000000000..dbd04664a52
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js
@@ -0,0 +1,330 @@
+let express = require('express');
+var app = express();
+
+function bad1(s) {
+  return s.replace("'", ""); // NOT OK
+}
+
+function bad2(s) {
+  return s.replace(/'/, ""); // NOT OK
+}
+
+function bad3(s) {
+  return s.replace(/'/g, "\\'"); // NOT OK
+}
+
+function bad4(s) {
+  return s.replace(/'/g, "\\$&"); // NOT OK
+}
+
+function bad5(s) {
+  return s.replace(/['"]/g, "\\$&"); // NOT OK
+}
+
+function bad6(s) {
+  return s.replace(/(['"])/g, "\\$1"); // NOT OK
+}
+
+function bad7(s) {
+  return s.replace(/('|")/g, "\\$1"); // NOT OK
+}
+
+function bad8(s) {
+  return s.replace('|', '');  // NOT OK
+}
+
+function bad9(s) {
+  return s.replace(/"/g, "\\\"");  // NOT OK
+}
+
+function bad10(s) {
+  return s.replace("/", "%2F"); // NOT OK
+}
+
+function bad11(s) {
+  return s.replace("%25", "%"); // NOT OK
+}
+
+function bad12(s) {
+  return s.replace(`'`, ""); // NOT OK
+}
+
+function bad13(s) {
+  return s.replace("'", ``); // NOT OK
+}
+
+function bad14(s) {
+  return s.replace(`'`, ``); // NOT OK
+}
+
+function bad15(s) {
+  return s.replace("'" + "", ""); // NOT OK
+}
+
+function bad16(s) {
+  return s.replace("'", "" + ""); // NOT OK
+}
+
+function bad17(s) {
+  return s.replace("'" + "", "" + ""); // NOT OK
+}
+
+function good1(s) {
+  while (s.indexOf("'") > 0)
+    s = s.replace("'", ""); // OK
+  return s;
+}
+
+function good2(s) {
+  while (s.indexOf("'") > 0)
+    s = s.replace(/'/, ""); // OK
+  return s;
+}
+
+function good3(s) {
+  return s.replace("@user", "id10t"); // OK
+}
+
+function good4(s) {
+  return s.replace(/#/g, "\\d+"); // OK
+}
+
+function good5(s) {
+  return s.replace(/\\/g, "\\\\").replace(/['"]/g, "\\$&"); // OK
+}
+
+function good6(s) {
+  return s.replace(/[\\]/g, '\\\\').replace(/[\"]/g, '\\"'); // OK
+}
+
+function good7(s) {
+  s = s.replace(/[\\]/g, '\\\\');
+  return s.replace(/[\"]/g, '\\"'); // OK
+}
+
+function good8(s) {
+  return s.replace(/\W/g, '\\$&'); // OK
+}
+
+function good9(s) {
+  return s.replace(/[^\w\s]/g, '\\$&'); // OK
+}
+
+function good10(s) {
+  s = JSON.stringify(s);  // NB: escapes backslashes
+  s = s.slice(1, -1);
+  s = s.replace(/\\"/g, '"');
+  s = s.replace(/'/g, "\\'"); // OK
+  return "'" + s + "'";
+}
+
+function flowifyComments(s) {
+  return s.replace(/#/g, '💩'); // OK
+}
+
+function good11(s) {
+  return s.replace("%d", "42");
+}
+
+function good12(s) {
+	s.replace('[', '').replace(']', ''); // OK
+	s.replace('(', '').replace(')', ''); // OK
+	s.replace('{', '').replace('}', ''); // OK
+	s.replace('<', '').replace('>', ''); // NOT OK: too common as a bad HTML sanitizer
+
+	s.replace('[', '\\[').replace(']', '\\]'); // NOT OK
+	s.replace('{', '\\{').replace('}', '\\}'); // NOT OK
+
+	s = s.replace('[', ''); // OK
+	s = s.replace(']', ''); // OK
+	s.replace(/{/, '').replace(/}/, ''); // NOT OK: should have used a string literal if a single replacement was intended
+	s.replace(']', '').replace('[', ''); // probably OK, but still flagged
+}
+
+function newlines(s) {
+	// motivation for whitelist
+	require("child_process").execSync("which emacs").toString().replace("\n", ""); // OK
+
+	x.replace("\n", "").replace(x, y); // NOT OK
+	x.replace(x, y).replace("\n", ""); // NOT OK
+}
+
+app.get('/some/path', function(req, res) {
+  let untrusted = req.param("p");
+
+  // the query doesn't currently check whether untrusted input flows into the
+  // sanitiser, but we add these calls anyway to make the tests more realistic
+
+  bad1(untrusted);
+  bad2(untrusted);
+  bad3(untrusted);
+  bad4(untrusted);
+  bad5(untrusted);
+  bad6(untrusted);
+  bad7(untrusted);
+  bad8(untrusted);
+  bad9(untrusted);
+  bad10(untrusted);
+  bad11(untrusted);
+  bad12(untrusted);
+  bad13(untrusted);
+  bad14(untrusted);
+  bad15(untrusted);
+  bad16(untrusted);
+  bad17(untrusted);
+
+  good1(untrusted);
+  good2(untrusted);
+  good3(untrusted);
+  good4(untrusted);
+  good5(untrusted);
+  good6(untrusted);
+  good7(untrusted);
+  good8(untrusted);
+  good9(untrusted);
+  good10(untrusted);
+  flowifyComments(untrusted);
+  good11(untrusted);
+  good12(untrusted);
+});
+
+(function (s) {
+	var indirect = /'/;
+	return s.replace(indirect, ""); // NOT OK
+});
+
+(function (s) {
+	s.replace('"', '').replace('"', ''); // OK
+	s.replace("'", "").replace("'", ""); // OK
+});
+
+function bad18(p) {
+  return p.replace("/../", ""); // NOT OK
+}
+
+function typicalBadHtmlSanitizers(s) {
+	s().replace(/[<>]/g,''); // NOT OK
+	s().replace(/[<>&]/g, ''); // NOT OK
+	s().replace(/[<>"]/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/>/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/>/g, '').replace(/&/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/&/g, '').replace(/>/g, ''); // NOT OK
+	s().replace(/&/g, '').replace(/>/g, '').replace(/</g, ''); // NOT OK
+
+	var s = s().replace(/</g, '');
+	s = s.replace(/>/g, '');  // NOT OK
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(/&/g, '&amp;').replace(/"/g, '&#34;'); // OK
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(/&/g, '&amp;').replace(/'/g, '&#39;'); // OK - single quotes or double quotes both work
+
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(RE, function(match) {/* ... */ }); // OK (probably)
+
+	s().replace(/[<>'"&]/g,''); // OK
+
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/&(?![\w\#]+;)/g, '&amp;'); // OK
+
+	s().replace(!encode ? /&(?!#?\w+;)/g : /&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'); // OK (and not recognized due to the ternary)
+
+	s().replace(/[\\/:\*\?"<>\|]/g, ''); // OK
+
+	s().replace(/[<>]/g,'_'); // OK (but probably unsafe)
+
+	s().replace(/&/g, "&gt;"); // OK
+
+	s().replace(/[\#\%4\/\-\~\>8\_\@0\!\&3\[651d\=e7fA2D\(aFBb]/g, ""); // OK
+
+	s().replace(/[<>]/g,'').replace(/[^a-z]/g, ''); // OK
+
+	s().replace(/[<>]/g,'').replace(/[^abc]/g, ''); // OK
+
+	s().replace(/[<>]/g,'').replace(/[ -~]/g, ''); // OK
+}
+
+function incompleteHtmlAttributeSanitization() {
+	'="' + s().replace(/[<>]/g,'') + '"'; // NOT OK
+	'="' + s().replace(/[<>&]/g, '') + '"'; // NOT OK
+	'="' + s().replace(/[<>"]/g, '') + '"'; // OK (maybe, since the attribute name is unknown)
+	'="' + s().replace(/[<>&"]/g,'') + '"'; // OK
+	'="' + s().replace(/[&"]/g,'') + '"'; // OK
+
+	'="' + s().replace(/[<>&']/g,'') + '"'; // NOT OK
+	"='" + s().replace(/[<>&"]/g,'') + "'"; // NOT OK
+	"='" + s().replace(/[<>&']/g,'') + "'"; // OK
+
+	'onFunkyEvent="' + s().replace(/[<>"]/g, '') + '"'; // NOT OK
+	'<div noise onFunkyEvent="' + s().replace(/[<>"]/g, '') + '"'; // NOT OK
+	'<div noise monday="' + s().replace(/[<>"]/g, '') + '"'; // OK
+	'monday="' + s().replace(/[<>"]/g, '') + '"'; // OK
+}
+
+function multiStepSanitization() {
+	function escapeHTML(value) {
+		return value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	}
+	function attr_str(a) {
+		return ' ' + a.name + '="' + escapeHTML(a.value).replace(/"/g, '&quot;') + '"'; // OK
+	}
+	result += '<' + tag(node) + [].map.call(x, attr_str).join('') + '>';
+}
+
+function moreIncompleteHtmlAttributeSanitization() {
+	'<a' + noise + 'onclick="javascript:document.foo.bar(\'' + s().replace(/[<>"]/g, '') + '\'); return false;">'; // NOT OK
+	'="' + s().replace(/[<>]/g,'').replace(/[^\w ]+/g, '') + '"'; // OK
+	'="' + encodeURIComponent(s().replace(/[<>]/g,'')) + '"'; // OK
+
+	var arr = s().val().trim().replace(/^,|,$/g , '').replace(/^;|;$/g , '').replace(/<|>/g , '');
+	'="' + arr.join(" ") + '"'; // NOT OK
+	var arr2 = s().val().trim().replace(/^,|,$/g , '').replace(/^;|;$/g , '').replace(/<|>/g , '')
+	arr2 = arr2.replace(/"/g,"");
+	'="' + arr2.join(" ") + '"'; // OK
+
+	var x;
+	x = x.replace(/&/g, '&amp;');
+	x = x.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	'onclick="' + x + '"'; // NOT OK - but not flagged since the `x` replace chain is extended below
+	x = x.replace(/"/g, '&quot;');
+	'onclick="' + x + '"'; // OK
+
+	var y;
+	if (escapeAmpersand) {
+		y = y.replace(/&/g, '&amp;');
+	}
+	y = y.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	'onclick="' + y + '"'; // NOT OK - but not flagged since the `x` replace chain is extended below
+	if (escapeQuotes) {
+		y = y.replace(/"/g, '&quot;');
+	}
+	'onclick="' + y + '"'; // OK
+}
+
+function incompleteHtmlAttributeSanitization2() {
+	'=\'' + s().replace(/[&<>]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[<>]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[&<>"]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[<>&]/g, '') + '\''; // NOT OK
+	'="' + s().replace(/[<>&"]/g,'') + '"'; // OK
+	'=\'' + s().replace(/[<>&']/g,'') + '\''; // OK
+}
+
+function incompleteComplexSanitizers() {
+	'=\'' + s().replace(/[&<>"]/gm, function (str) { // NOT OK
+		if (str === "&")
+			return "&amp;";
+		if (str === "<")
+			return "&lt;";
+		if (str === ">")
+			return "&gt;";
+		if (str === "\"")
+			return "&quot;";
+	}) + '\'';
+
+	'="' + s().replace(/[&<>"]/gm, function (str) { // OK
+		if (str === "&")
+			return "&amp;";
+		if (str === "<")
+			return "&lt;";
+		if (str === ">")
+			return "&gt;";
+		if (str === "\"")
+			return "&quot;";
+	}) + '"';
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
index 78445f55f46..b9fb02602c5 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
@@ -14,6 +14,35 @@
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:5:11:6 | dbClien ... \\n    }) |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:12:9:41 | client. ... B_NAME) |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:14:10:20 | fn(err) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:15:1:32 | require('express') |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:2:11:2:19 | express() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:1:21:2 | app.get ...  `);\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:22:20:6 | kit.gra ... \\n    `) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:1:34:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:22:27:41 | graphql(`foo ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:23:29:48 | withCus ... equest) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:22:30:43 | myGraph ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:26:32:45 | graphql.defaults({}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:5:33:29 | withDef ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:21:36:47 | require ... quest") |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:1:49:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:26:45:6 | request ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:26:47:45 | request.defaults({}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:5:48:57 | withDef ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:1:59:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:26:56:50 | kit2.gr ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:27:58:79 | kit2.re ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:14:66:2 | buildSc ... \\n  }\\n`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:1:113:2 | app.get ...   })\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:24:75:71 | nativeG ... , root) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:3:92:4 | fetch(" ... })\\n  }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:3:112:4 | fetch(" ... })\\n  }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:16:115:41 | require ... ithub') |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:1:121:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:17:117:40 | github. ... ("foo") |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:26:120:49 | kit.gra ... ${id}`) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:5:13:5:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:21:15:39 | ajv.compile(schema) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:1:37:2 | app.pos ...  });\\n}) |
@@ -26,6 +55,42 @@
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:13:30:27 | doc.find(query) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:13:33:27 | doc.find(query) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:9:35:23 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:19:44:2 | Joi.obj ... ed()\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:19:44:24 | Joi.obj ... title') |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:22 | Joi.string() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:23 | Joi.string() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:1:64:2 | app.pos ...  });\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:5:63:6 | MongoCl ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:19:48:38 | db.collection('doc') |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:51:26:51:50 | joiSche ... (query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:13:53:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:13:55:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:58:19:58:48 | joiSche ... (query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:13:59:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:13:61:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:14:1:28 | require("http") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:13:2:26 | require("url") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:14:3:30 | require("ldapjs") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:16:6:2 | ldap.cr ... 89",\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:11:27 | input\\n  ... "\\\\2a") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:12:27 | input\\n  ... "\\\\28") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:13:27 | input\\n  ... "\\\\29") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:14:27 | input\\n  ... "\\\\5c") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:15:27 | input\\n  ... "\\\\00") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:16:27 | input\\n  ... "\\\\2f") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:16:69:2 | http.cr ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:11:20:34 | url.par ... , true) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:3:28:59 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:30:3:34:3 | client. ...  {}\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:37:3:45:3 | client. ...  {}\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:3:61:67 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:63:24:65:3 | ldap.pa ... ))`\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:3:66:78 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:14:68:66 | ldap.pa ... dn) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:1:71:28 | server. ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:16:1:32 | require("marsdb") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:20:2:41 | require ... arser") |
@@ -33,16 +98,16 @@
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:5:13:5:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:1:7:50 | app.use ... rue })) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:1:15:2 | app.pos ... ry);\\n}) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:3:14:22 | db.myDoc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:1:15:2 | app.pos ... {});\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:3:14:41 | db.myDo ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:12:2:28 | require("marsdb") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:16:3:37 | require ... arser") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:7:13:7:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:1:9:50 | app.use ... rue })) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:1:17:2 | app.pos ... ry);\\n}) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:3:16:17 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:1:17:2 | app.pos ... {});\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:3:16:36 | doc.fin ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:15:2:34 | require("minimongo") |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:16:3:37 | require ... arser") |
@@ -221,6 +286,18 @@
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:3:11:25 | MyModel ... d: v }) |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:3:12:35 | MyModel ... y.id }) |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:3:13:40 | MyModel ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:13:1:30 | require("express") |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:13:1:32 | require("express")() |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:15:2:30 | require('mysql') |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:14:3:42 | mysql.c ... nfig()) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:1:22:2 | app.get ...  });\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:5:12:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:9:11:47 | connect ... ds) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:5:17:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:9:16:47 | connect ... ds) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:5:21:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:9:20:48 | connect ... ds) {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:5:8:22 | this.db.one(taint) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:9:5:9:13 | res.end() |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:1:13:18 | require('express') |
@@ -522,6 +599,63 @@
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') |
+| autogenerated/TaintedPath/TaintedPath.js:200:14:207:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/TaintedPath.js:202:14:202:26 | require("qs") |
+| autogenerated/TaintedPath/TaintedPath.js:203:3:203:51 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| autogenerated/TaintedPath/TaintedPath.js:204:3:204:65 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| autogenerated/TaintedPath/TaintedPath.js:205:19:205:36 | require("parseqs") |
+| autogenerated/TaintedPath/TaintedPath.js:206:3:206:57 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| autogenerated/TaintedPath/TaintedPath.js:209:12:209:35 | require ... ocess") |
+| autogenerated/TaintedPath/TaintedPath.js:210:14:215:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/TaintedPath.js:211:14:211:37 | url.par ... , true) |
+| autogenerated/TaintedPath/TaintedPath.js:212:3:212:36 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/TaintedPath.js:213:3:213:50 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/TaintedPath.js:214:3:214:40 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/express.js:1:15:1:32 | require("express") |
+| autogenerated/TaintedPath/express.js:2:16:2:44 | require ... pload") |
+| autogenerated/TaintedPath/express.js:4:11:4:19 | express() |
+| autogenerated/TaintedPath/express.js:5:1:5:21 | app.use ... load()) |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() |
+| autogenerated/TaintedPath/express.js:7:1:9:2 | app.get ... ar);\\n}) |
+| autogenerated/TaintedPath/express.js:8:3:8:33 | req.fil ... ry.bar) |
+| autogenerated/TaintedPath/handlebars.js:1:17:1:34 | require('express') |
+| autogenerated/TaintedPath/handlebars.js:2:12:2:32 | require ... ebars") |
+| autogenerated/TaintedPath/handlebars.js:3:12:3:24 | require("fs") |
+| autogenerated/TaintedPath/handlebars.js:5:13:5:21 | express() |
+| autogenerated/TaintedPath/handlebars.js:10:5:12:6 | hb.regi ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:11:16:11:40 | fs.read ... lePath) |
+| autogenerated/TaintedPath/handlebars.js:13:5:19:6 | hb.regi ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:14:16:15:33 | fs\\n     ... lePath) |
+| autogenerated/TaintedPath/handlebars.js:14:16:16:22 | fs\\n     ... t("\\n") |
+| autogenerated/TaintedPath/handlebars.js:14:16:17:39 | fs\\n     ... + line) |
+| autogenerated/TaintedPath/handlebars.js:14:16:18:21 | fs\\n     ... n("\\n") |
+| autogenerated/TaintedPath/handlebars.js:20:31:20:91 | hb.comp ... ath}}") |
+| autogenerated/TaintedPath/handlebars.js:21:27:21:55 | hb.comp ... ame}}") |
+| autogenerated/TaintedPath/handlebars.js:22:28:22:75 | hb.comp ... late")) |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") |
+| autogenerated/TaintedPath/handlebars.js:23:26:23:111 | hb.comp ... ath}}") |
+| autogenerated/TaintedPath/handlebars.js:28:1:30:2 | app.get ... ile)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:29:5:29:64 | res.sen ... ath })) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) |
+| autogenerated/TaintedPath/handlebars.js:32:1:34:2 | app.get ... ile)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:33:5:33:60 | res.sen ... ame })) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) |
+| autogenerated/TaintedPath/handlebars.js:36:1:38:2 | app.get ...  ok)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:37:5:37:61 | res.sen ... ame })) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) |
+| autogenerated/TaintedPath/handlebars.js:40:1:45:2 | app.get ... }));\\n}) |
+| autogenerated/TaintedPath/handlebars.js:41:5:44:7 | res.sen ...     })) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:47:1:52:2 | app.get ... }));\\n}) |
+| autogenerated/TaintedPath/handlebars.js:48:5:51:7 | res.sen ...     })) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:12:1:24 | require('fs') |
 | autogenerated/TaintedPath/my-async-fs-module.js:2:21:2:39 | require('bluebird') |
 | autogenerated/TaintedPath/my-async-fs-module.js:11:18:14:6 | methods ... \\n}, {}) |
@@ -749,6 +883,24 @@
 | autogenerated/TaintedPath/normalizedPaths.js:366:5:366:32 | fs.read ... stPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:3:368:29 | fs.read ... etPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:12:371:40 | request ... otPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:1:382:2 | app.get ... T OK\\n}) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:3:379:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:3:381:30 | fs.read ... (path)) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:1:404:2 | app.get ... \\n  }\\n}) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) |
+| autogenerated/TaintedPath/normalizedPaths.js:386:7:386:33 | pathMod ... e(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:3:388:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:8:389:23 | path.match(/\\./) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:5:390:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:8:392:25 | path.match(/\\.\\./) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:5:393:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:8:395:27 | path.match(/\\.\\.\\//) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:5:396:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:8:398:30 | path.ma ... \\/foo/) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:5:399:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:8:401:36 | path.ma ... \\.\\\\)/) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:5:402:25 | fs.read ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:12:1:26 | require("http") |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:9:2:22 | require("url") |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:8:3:20 | require("fs") |
@@ -781,10 +933,41 @@
 | autogenerated/TaintedPath/other-fs-libraries.js:42:3:42:38 | require ... All(fs) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:3:42:57 | require ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:17:46:47 | require ... odule") |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:1:53:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:1:64:2 | http.cr ... T OK\\n}) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:3:51:23 | fs.read ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:3:52:28 | asyncFS ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:17 | require("pify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:34 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:40 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:17 | require("pify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:21 | require("pify")(fs) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:40 | require ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:27 | require ... isify') |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:44 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:50 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:20 | require("thenify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:37 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:43 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:19:61:37 | require('read-pkg') |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:13:62:48 | readPkg ...  path}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:20:63:56 | readPkg ...  path}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:16:66:32 | require("mkdirp") |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:1:73:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:3:70:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:3:71:14 | mkdirp(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:3:72:19 | mkdirp.sync(path) |
+| autogenerated/TaintedPath/prettier.js:1:17:1:34 | require('express') |
+| autogenerated/TaintedPath/prettier.js:2:18:2:36 | require("prettier") |
+| autogenerated/TaintedPath/prettier.js:4:13:4:21 | express() |
+| autogenerated/TaintedPath/prettier.js:5:1:14:2 | app.get ...  });\\n}) |
+| autogenerated/TaintedPath/prettier.js:7:5:7:29 | prettie ... nfig(p) |
+| autogenerated/TaintedPath/prettier.js:7:5:9:6 | prettie ... \\n    }) |
+| autogenerated/TaintedPath/prettier.js:8:27:8:57 | prettie ... ptions) |
+| autogenerated/TaintedPath/prettier.js:11:5:11:46 | prettie ... ig: p}) |
+| autogenerated/TaintedPath/prettier.js:11:5:13:6 | prettie ... \\n    }) |
+| autogenerated/TaintedPath/prettier.js:12:27:12:57 | prettie ... ptions) |
 | autogenerated/TaintedPath/pupeteer.js:1:19:1:38 | require('puppeteer') |
 | autogenerated/TaintedPath/pupeteer.js:2:22:2:45 | require ... rrent') |
 | autogenerated/TaintedPath/pupeteer.js:5:28:5:48 | parseTo ... orrent) |
@@ -812,6 +995,15 @@
 | autogenerated/TaintedPath/tainted-access-paths.js:30:7:30:31 | fs.read ... j.sub4) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:7:31:31 | fs.read ... j.sub4) |
 | autogenerated/TaintedPath/tainted-access-paths.js:34:1:34:15 | server.listen() |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:14:36:31 | require('node:fs') |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:15:41:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:14:39:37 | url.par ... , true) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:3:40:27 | nodefs. ... c(path) |
+| autogenerated/TaintedPath/tainted-access-paths.js:43:1:43:16 | server2.listen() |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:16:45:32 | require("chownr") |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:15:50:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:14:48:37 | url.par ... , true) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:3:49:55 | chownr( ... rr) {}) |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:10:1:22 | require('fs') |
 | autogenerated/TaintedPath/tainted-array-steps.js:2:12:2:26 | require('http') |
 | autogenerated/TaintedPath/tainted-array-steps.js:3:11:3:24 | require('url') |
@@ -833,6 +1025,12 @@
 | autogenerated/TaintedPath/tainted-require.js:5:1:8:2 | app.get ... "));\\n}) |
 | autogenerated/TaintedPath/tainted-require.js:7:11:7:38 | require ... dule")) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") |
+| autogenerated/TaintedPath/tainted-require.js:10:17:10:34 | require("resolve") |
+| autogenerated/TaintedPath/tainted-require.js:11:1:17:2 | app.get ...  });\\n}) |
+| autogenerated/TaintedPath/tainted-require.js:12:16:12:48 | resolve ... dule")) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") |
+| autogenerated/TaintedPath/tainted-require.js:14:3:16:4 | resolve ... s;\\n  }) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:15:1:32 | require('express') |
 | autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') |
 | autogenerated/TaintedPath/tainted-sendFile.js:4:11:4:19 | express() |
@@ -938,6 +1136,9 @@
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:9:13:30 | documen ... y.data) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:5:16:71 | window. ... ems'})) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:9:22:30 | documen ... e.data) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:13:26:36 | mySet.i ... origin) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:13:27:34 | documen ... e.data) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:6:2:10:2 | Compone ... ss']\\n}) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:5:22:72 | this.sa ... ).href) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:52 | \\u0275getDOM() |
@@ -970,6 +1171,49 @@
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:1:1:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:1:1:28 | $("#foo ...  paste) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:18:7:52 | clipboa ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:11:5:11:22 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:17:13:45 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:5:19:29 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:5:25:6 | el.addE ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:9:24:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:9:24:59 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:1:30:2 | documen ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:5:29:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:5:29:55 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:1:32:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:1:34:2 | $("#foo ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:5:33:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:5:33:69 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:15:37:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:22:42:56 | clipboa ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:46:9:46:26 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:21:48:49 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:9:54:33 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:9:70:51 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:27:71:62 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:25:72:54 | documen ... 'html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:20:74:56 | contain ... ('img') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:9:77:26 | dropItems.add(src) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:16:79:59 | e.clipb ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:25:80:61 | e.clipb ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:11:82:41 | /^https ... inText) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:9:83:32 | dropIte ... inText) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:24:87:44 | Array.f ... pItems) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:15:93:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:5:100:6 | div.add ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:9:99:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:9:99:27 | $("#id").html(html) |
+| autogenerated/Xss/DomBasedXss/custom-element.js:3:37:3:36 | super(...args) |
 | autogenerated/Xss/DomBasedXss/d3.js:1:12:1:24 | require('d3') |
 | autogenerated/Xss/DomBasedXss/d3.js:8:5:8:22 | d3.select('#main') |
 | autogenerated/Xss/DomBasedXss/d3.js:8:5:9:27 | d3.sele ... ', 100) |
@@ -995,6 +1239,74 @@
 | autogenerated/Xss/DomBasedXss/dates.js:17:42:17:54 | moment(taint) |
 | autogenerated/Xss/DomBasedXss/dates.js:17:42:17:63 | moment( ... ormat() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:42:18:64 | datefor ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:21:42:21:52 | dayjs(time) |
+| autogenerated/Xss/DomBasedXss/dates.js:21:42:21:66 | dayjs(t ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:30:17:30:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:37:42:37:82 | dateFns ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:38:42:38:82 | luxon.f ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:42:39:84 | moment. ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:42:40:82 | dayjs.f ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:17:46:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:55 | DateTime.now() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:72 | DateTim ... rs: 1}) |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:88 | DateTim ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:49:42:49:71 | new Dat ... e('fr') |
+| autogenerated/Xss/DomBasedXss/dates.js:49:42:49:87 | new Dat ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:71 | DateTim ... 01-01") |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:86 | DateTim ... ('day') |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:102 | DateTim ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:54:17:54:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:42:57:85 | moment. ... 1"), 1) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:42:57:99 | moment. ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") |
+| autogenerated/Xss/DomBasedXss/dates.js:59:42:59:69 | luxon.e ... date()) |
+| autogenerated/Xss/DomBasedXss/dates.js:59:42:59:85 | luxon.e ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:42:61:72 | dayjs.s ... e(), 4) |
+| autogenerated/Xss/DomBasedXss/dates.js:61:42:61:86 | dayjs.s ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:1:1:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:1:1:26 | $("#foo ... , drop) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:18:7:51 | dataTra ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:11:5:11:22 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:17:13:45 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:5:19:29 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:5:25:6 | el.addE ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:9:24:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:9:24:58 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:1:30:2 | documen ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:5:29:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:5:29:54 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:1:32:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:1:34:2 | $("#foo ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:5:33:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:5:33:68 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:15:37:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:22:42:55 | dataTra ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:46:9:46:26 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:21:48:49 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:9:54:33 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:9:70:50 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:25:72:54 | documen ... 'html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:20:74:56 | contain ... ('img') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:9:77:26 | dropItems.add(src) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:16:79:58 | e.dataT ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:25:80:60 | e.dataT ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:11:82:41 | /^https ... inText) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:9:83:32 | dropIte ... inText) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:24:87:44 | Array.f ... pItems) |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:3:3:58 | $('<a h ... k</a>') |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) |
 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:1:1:32 | documen ... my-id') |
@@ -1017,6 +1329,28 @@
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:3:19:9 | $(hash) |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:3:21:22 | $(hash.substring(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:3:22:26 | $(hash. ... 1, 10)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:3:23:19 | $(hash.substr(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:3:24:18 | $(hash.slice(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:3:25:26 | $(hash. ... 0, 10)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:3:27:26 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:3:28:44 | $(windo ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:3:29:26 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:3:30:29 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:3:32:18 | $(hash + 'blah') |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:3:33:18 | $('blah' + hash) |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:3:34:26 | $('<b>' ... '</b>') |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:2:11:2:19 | express() |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:6:1:13:2 | app.get ...  });\\n}) |
@@ -1149,6 +1483,12 @@
 | autogenerated/Xss/DomBasedXss/translate.js:11:3:11:22 | $('translated-term') |
 | autogenerated/Xss/DomBasedXss/translate.js:11:3:11:64 | $('tran ... erm')]) |
 | autogenerated/Xss/DomBasedXss/translate.js:11:39:11:62 | searchP ... 'term') |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:21:2:74 | trusted ... => x }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:5:3:35 | policy1 ... w.name) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:21:5:79 | trusted ... afe' }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:5:6:35 | policy2 ... w.name) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:21:8:74 | trusted ... => x }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:5:9:30 | policy3 ... 'safe') |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:11:1:40 | documen ... ("foo") |
 | autogenerated/Xss/DomBasedXss/tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
 | autogenerated/Xss/DomBasedXss/tst3.js:2:23:2:74 | decodeU ... str(1)) |
@@ -1364,6 +1704,45 @@
 | autogenerated/Xss/DomBasedXss/tst.js:432:3:432:11 | $("#foo") |
 | autogenerated/Xss/DomBasedXss/tst.js:432:3:432:44 | $("#foo ... g, '')) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') |
+| autogenerated/Xss/DomBasedXss/tst.js:441:2:441:39 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:2:442:41 | new Ele ... ource}) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:2:443:47 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:2:444:51 | new Ele ... ource}) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:2:445:38 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:449:17:449:39 | require ... -html') |
+| autogenerated/Xss/DomBasedXss/tst.js:455:3:455:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:455:3:455:24 | $("#foo ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:3:456:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:456:3:456:43 | $("#foo ... ource)) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:462:15:462:48 | documen ... table') |
+| autogenerated/Xss/DomBasedXss/tst.js:464:13:464:31 | table.insertRow(-1) |
+| autogenerated/Xss/DomBasedXss/tst.js:466:14:466:29 | row.insertCell() |
+| autogenerated/Xss/DomBasedXss/tst.js:471:13:471:46 | documen ... bstr(1) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:3:473:23 | $("<a>" ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:3:473:40 | $("<a>" ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:474:3:474:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:474:3:474:29 | $("#foo ... ", url) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:3:475:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:475:3:475:29 | $("#foo ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:3:476:24 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:3:476:41 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:477:3:477:37 | $("<a>" ... .href}) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:3:477:54 | $("<a>" ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:479:3:479:47 | $("<img ... + url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:3:479:64 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:481:3:481:57 | $("<img ... ("/")}) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:3:481:74 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") |
+| autogenerated/Xss/DomBasedXss/tst.js:483:7:483:32 | url.sta ... ps://") |
+| autogenerated/Xss/DomBasedXss/tst.js:484:5:484:26 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:5:484:43 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:486:5:486:26 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:5:486:43 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:489:3:489:38 | window. ... str(1)) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:3:491:46 | navigat ... str(1)) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:5:3:5:28 | autocom ... alize() |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:3:6:17 | $('.typeahead') |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:3:13:4 | $('.typ ...  }\\n  }) |
@@ -1403,12 +1782,30 @@
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:9:9:40 | $("#myT ... essage) |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:12:9:12:18 | xhr.send() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:9:14:26 | console.log(error) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:1:18:11 | $(document) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:1:24:2 | $(docum ... ces\\n\\n}) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:17:19:30 | require('got') |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:24:20:48 | got.get ... rl }}") |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:5:22:17 | $("#myThing") |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:5:22:36 | $("#myT ... essage) |
 | autogenerated/Xss/ExceptionXss/ajv.js:4:11:4:19 | express() |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:1:7:83 | ajv.add ... lData') |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:1:13:2 | app.pos ...    }\\n}) |
 | autogenerated/Xss/ExceptionXss/ajv.js:10:10:10:43 | ajv.val ... q.body) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:9:11:34 | res.sen ... Text()) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:13:15:26 | require("joi") |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:16:30 | joi.object() |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:19:2 | joi.obj ... ed()\\n}) |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:19:22 | joi.obj ...  'age') |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:22 | joi.string() |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:21 | joi.number() |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:1:26:2 | app.pos ...    }\\n}) |
+| autogenerated/Xss/ExceptionXss/ajv.js:22:17:22:44 | joiSche ... q.body) |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:9:24:27 | res.send(val.error) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:3:5:12 | unknown(x) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:9:3:9:14 | unknown(foo) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:3:11:11 | $('myId') |
@@ -1589,6 +1986,8 @@
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:67 | markdow ... nknown) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:12:106:26 | require('hapi') |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:1:111:7 | hapi.ro ...     }}) |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:2:11:2:19 | express() |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:1:12:2 | app.get ... \\n  }\\n}) |
@@ -1708,6 +2107,11 @@
 | autogenerated/Xss/ReflectedXss/formatting.js:7:5:7:54 | res.sen ...  evil)) |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:14:7:30 | require("printf") |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:14:7:53 | require ... , evil) |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:18:1:39 | require ... erver") |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:5:6:51 | res.end ... html>`) |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:1:13:2 | middlew ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:5:12:51 | res.end ... html>`) |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:1:18:24 | liveSer ... params) |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:5:2:21 | res.send(req.url) |
 | autogenerated/Xss/ReflectedXss/partial.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/ReflectedXss/partial.js:2:18:2:38 | require ... score') |
@@ -1756,6 +2160,43 @@
 | autogenerated/Xss/ReflectedXss/tst2.js:18:3:18:13 | res.send(p) |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:5:21:15 | res.send(p) |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:5:23:15 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:15:27:30 | require('clone') |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:1:38:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:15:34:24 | clone(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:3:36:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:3:37:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:29:40:59 | require ... cript') |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:1:52:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:20:45:41 | seriali ... ript(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:3:47:22 | res.send(serialized) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:16:49:53 | seriali ...  true}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:3:51:18 | res.send(unsafe) |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:16:54:32 | require('fclone') |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:1:65:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:15:61:25 | fclone(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:3:63:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:3:64:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:12:67:32 | require ... cycle') |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:1:77:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:15:73:44 | jc.retr ... e(obj)) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:3:75:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:3:76:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:18:79:37 | require('sort-keys') |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:1:90:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:15:86:27 | sortKeys(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:3:88:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:3:89:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:15:1:32 | require('express') |
+| autogenerated/Xss/ReflectedXss/tst3.js:3:11:3:19 | express() |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:4:26 | app.ena ... ed-by') |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:4:50 | app.ena ... ed-by') |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:7:2 | app.ena ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:3:6:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:18:9:36 | require("prettier") |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:1:13:2 | app.pos ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:16:11:74 | prettie ... bel" }) |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:3:12:16 | res.send(code) |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:12:1:26 | require('http') |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:2:10:2:22 | require('fs') |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:4:15:4:32 | require('express') |
@@ -1783,6 +2224,13 @@
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:3:3:42 | define( ... actory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:5:8:43 | $("<spa ... span>") |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:5:12:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:5:12:54 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:5:14:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:5:14:48 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:5:3:35 | documen ... #html") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:5:3:35 | documen ... #html") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:5:3:35 | documen ... #html") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:5:3:35 | documen ... #html") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:17:7:62 | new DOM ... t/xml") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:5:8:34 | documen ... "#xml") |
@@ -1815,6 +2263,32 @@
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:41:69:60 | attrVal.indexOf("'") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:9:70:37 | documen ... ("#id") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:5:76:39 | documen ... plate") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:9:81:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:9:81:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:9:83:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:9:83:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:9:85:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:9:85:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:5:94:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:5:94:33 | $("#foo ... TML(x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:19:97:36 | require('mermaid') |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:5:101:6 | myMerma ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:9:100:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:9:100:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:5:103:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:5:103:45 | $("#foo ... d", x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:5:107:6 | mermaid ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:9:106:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:9:106:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:5:109:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:5:109:43 | $("#foo ... d", x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:5:113:6 | mermaid ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:9:112:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:9:112:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:5:118:39 | documen ... kdown") |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:20:7:65 | documen ... ent("") |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:3:3:12 | $(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:3:5:19 | $(options.target) |
@@ -1882,6 +2356,10 @@
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:3:179:19 | $(options.target) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:3:182:13 | $(document) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:3:182:34 | $(docum ... target) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:11:187:44 | doSomet ... ments ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:13:190:35 | $.exten ... tions ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:16:192:30 | $( options.of ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:3:193:21 | console.log(target) |
 | autogenerated/Xss/XssThroughDom/forms.js:9:17:9:24 | $("#id") |
 | autogenerated/Xss/XssThroughDom/forms.js:9:17:9:41 | $("#id" ... es.foo) |
 | autogenerated/Xss/XssThroughDom/forms.js:12:17:12:24 | $("#id") |
@@ -2030,6 +2508,384 @@
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:64 | $(this) ... rCase() |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:83 | $(this) ... g, '-') |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:2:93:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:2:93:47 | $("#id" ... .value) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:24 | $("#foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:37 | $("#foo ... ".bla") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:3:96:10 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:3:96:48 | $("#id" ... .value) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:25 | $("#foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:38 | $("#foo ... ".bla") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:13:102:20 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:13:102:27 | $("#id").get(0) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:3:109:10 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:3:109:17 | $("#id").get(0) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:17:114:48 | documen ... #link") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:2:115:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:2:115:19 | $("#id").html(src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:5:117:12 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:5:117:29 | $("#id" ... ", src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:5:119:18 | $("input.foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:9:120:16 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:9:120:46 | $("#id" ... ].name) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:9:122:19 | $("img#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:9:122:72 | $("img# ... es[0])) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:13:127:39 | documen ... nt('a') |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:128:21:128:34 | getSelection() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:129:21:129:43 | documen ... ction() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:2:132:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:2:132:24 | $("#id" ... nkText) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:17:136:35 | require("cash-dom") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:17:139:48 | documen ... #link") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:2:140:12 | cash("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:2:140:22 | cash("# ... ml(src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:5:141:18 | cashDom("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:5:141:28 | cashDom ... ml(src) |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:1:25:18 | doFilters(filters) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:2:34 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:3:34 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:4:33 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:8:33 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:9:34 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:10:34 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:14:35 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:15:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:16:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:20:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:21:35 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:22:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:37 | code.re ... '&lt;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:59 | code.re ... '&gt;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:94 | code.re ... &amp;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:30:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:31:43 | s.repla ... "else") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:32:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:38:34 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:39:33 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:40:32 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:5:41:15 | res.push(s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:7:47:30 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:7:48:32 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:10:49:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:53:33 | s.repla ... , '\\\\') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:54:33 | s.repla ... , '\\'') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:55:33 | s.repla ... , '\\"') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:7:59:28 | s.repla ...  '%26') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:7:60:28 | s.repla ...  '%25') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:68:39 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:69:39 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:70:38 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:10:79:43 | s.repla ... epl[c]) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:10:79:66 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:10:84:33 | s.repla ... , "\\\\") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:10:84:56 | s.repla ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:16:90:46 | capture ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:6:2:9:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:2:10:68 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:13:2:16:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:2:17:48 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:20:2:23:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:2:24:49 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:2:26:39 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:2:30:37 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:2:35:44 | html.re ... nded()) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:2:36:40 | html.re ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:2:37:32 | default ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:2:38:30 | getPatt ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:13:3:57 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:13:4:47 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:13:5:49 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:13:9:47 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:13:10:49 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:13:11:51 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:3:19:35 | respons ... pt, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:10:25:40 | text.re ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:10:29:33 | /<!--\|- ... t(text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:12:30:42 | text.re ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:8:38:30 | id.repl ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:8:42:45 | id.repl ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:13:49:43 | req.url ... EL, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:22:58:43 | req.url ... ng(beg) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:7:64:73 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:7:66:56 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:7:68:34 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:7:70:36 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:7:71:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:7:72:45 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:7:73:35 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:7:75:37 | x.repla ... gm, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:7:76:35 | x.repla ... +/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:7:77:36 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:7:79:49 | x.repla ... , "\\n") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:7:82:50 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:7:83:63 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:7:85:48 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:7:87:47 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:7:89:35 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:7:96:4 | x.repla ... ";\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:7:98:53 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:7:100:28 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:7:101:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:7:102:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:7:104:58 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:7:106:64 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:7:107:62 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:7:108:75 | x.repla ... gm, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:7:109:58 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:7:110:50 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:7:111:32 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:7:112:50 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:7:113:41 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:10:115:23 | x.indexOf(".") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:117:27 | x\\n      ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:118:29 | x\\n      ... /, "/") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:119:36 | x\\n      ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:7:122:35 | x.repla ... +/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:7:124:53 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:127:25 | x\\n    . ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:128:27 | x\\n    . ... /, "/") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:129:34 | x\\n    . ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:2:135:44 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:2:136:46 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:2:138:48 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:13:142:62 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:13:143:56 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:13:144:91 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:13:145:90 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:13:146:43 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:148:20 | n.cloneNode(false) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:148:99 | n.clone ... gi, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:150:4 | n.clone ... );\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:5:149:41 | o.push( ... e : a}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:152:20 | n.cloneNode(false) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:152:99 | n.clone ... gi, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:154:4 | n.clone ... );\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:5:153:41 | o.push( ... e : a}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:15:1:32 | require('express') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:2:11:2:19 | express() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:10:5:27 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:10:9:27 | s.replace(/'/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:10:13:31 | s.repla ...  "\\\\'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:10:17:32 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:10:21:35 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:10:25:37 | s.repla ... "\\\\$1") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:10:29:36 | s.repla ... "\\\\$1") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:10:33:27 | s.replace('\|', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:10:37:32 | s.repla ... "\\\\\\"") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:10:41:30 | s.repla ...  "%2F") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:10:45:30 | s.repla ... ", "%") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:10:49:27 | s.replace(`'`, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:10:53:27 | s.replace("'", ``) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:10:57:27 | s.replace(`'`, ``) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:10:61:32 | s.repla ... "", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:10:65:32 | s.repla ... " + "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:10:69:37 | s.repla ... " + "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:10:73:23 | s.indexOf("'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:9:74:26 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:10:79:23 | s.indexOf("'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:9:80:26 | s.replace(/'/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:10:85:36 | s.repla ... id10t") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:10:89:32 | s.repla ... "\\\\d+") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:10:93:33 | s.repla ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:10:93:58 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:10:97:35 | s.repla ... '\\\\\\\\') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:10:97:59 | s.repla ...  '\\\\"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:7:101:32 | s.repla ... '\\\\\\\\') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:10:102:34 | s.repla ...  '\\\\"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:10:106:33 | s.repla ... '\\\\$&') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:10:110:38 | s.repla ... '\\\\$&') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:7:114:23 | JSON.stringify(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:7:115:20 | s.slice(1, -1) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:7:116:28 | s.repla ... g, '"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:7:117:28 | s.repla ...  "\\\\'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:10:122:30 | s.repla ... , '\\u1f4a9\\udca9') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:10:126:30 | s.repla ... , "42") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:2:130:19 | s.replace('[', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:2:130:36 | s.repla ... ]', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:2:131:19 | s.replace('(', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:2:131:36 | s.repla ... )', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:2:132:19 | s.replace('{', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:2:132:36 | s.repla ... }', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:2:133:19 | s.replace('<', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:2:133:36 | s.repla ... >', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:2:135:22 | s.repla ...  '\\\\[') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:2:135:42 | s.repla ...  '\\\\]') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:2:136:22 | s.repla ...  '\\\\{') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:2:136:42 | s.repla ...  '\\\\}') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:6:138:23 | s.replace('[', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:6:139:23 | s.replace(']', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:2:140:19 | s.replace(/{/, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:2:140:36 | s.repla ... }/, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:2:141:19 | s.replace(']', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:2:141:36 | s.repla ... [', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:25 | require ... ocess") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:49 | require ... emacs") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:60 | require ... tring() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:78 | require ... n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:2:148:20 | x.replace("\\n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:2:148:34 | x.repla ... e(x, y) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:2:149:16 | x.replace(x, y) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:2:149:34 | x.repla ... n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:1:189:2 | app.get ... ed);\\n}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:19:153:32 | req.param("p") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:9:193:31 | s.repla ... ct, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:2:197:19 | s.replace('"', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:2:197:36 | s.repla ... "', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:2:198:19 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:2:198:36 | s.repla ... '", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:10:202:30 | p.repla ... /", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:2:206:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:2:206:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:2:207:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:2:207:26 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:2:208:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:2:208:26 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:10:214:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:10:214:30 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:6:215:24 | s.replace(/>/g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:70 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:93 | s().rep ... &#34;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:70 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:93 | s().rep ... &#39;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:89 | s().rep ... . */ }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:2:221:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:2:221:27 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:48 | s().rep ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:72 | s().rep ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:107 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:54 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:76 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:98 | s().rep ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:122 | s().rep ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:146 | s().rep ... apos;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:2:227:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:2:227:36 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:2:229:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:2:229:25 | s().rep ... /g,'_') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:2:231:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:2:231:26 | s().rep ... "&gt;") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:2:233:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:2:233:67 | s().rep ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:47 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:47 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:46 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:9:243:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:9:243:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:9:244:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:9:244:33 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:9:245:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:9:245:33 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:9:246:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:9:246:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:9:247:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:9:247:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:9:249:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:9:249:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:9:250:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:9:250:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:9:251:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:9:251:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:21:253:23 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:21:253:45 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:32:254:34 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:32:254:56 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:26:255:28 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:26:255:50 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:15:256:17 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:15:256:39 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:37 | value.r ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:59 | value.r ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:81 | value.r ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:32:264:74 | escapeH ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:18:266:26 | tag(node) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:53 | [].map. ... tr_str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:53 | reflective call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:62 | [].map. ... oin('') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:63 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:55 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:9:272:51 | encodeU ... /g,'')) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:30 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:14 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:20 | s().val() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:27 | s().val().trim() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:50 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:73 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:94 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:9:275:21 | arr.join(" ") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:15 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:21 | s().val() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:28 | s().val().trim() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:51 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:74 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:95 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:9:277:29 | arr2.re ... "/g,"") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:9:278:22 | arr2.join(" ") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:6:281:29 | x.repla ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:6:282:28 | x.repla ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:6:282:50 | x.repla ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:6:284:30 | x.repla ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:7:289:30 | y.repla ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:6:291:28 | y.repla ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:6:291:50 | y.repla ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:7:294:31 | y.repla ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:10:300:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:10:300:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:10:301:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:10:301:32 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:10:302:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:10:302:34 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:10:303:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:10:303:34 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:9:304:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:9:304:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:10:305:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:10:305:34 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:10:309:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:9:320:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:9:329:3 | s().rep ... ;";\\n\\t}) |
 | index.js:1:12:1:24 | require("fs") |
 | index.js:3:3:3:11 | unknown() |
 | index.js:4:3:4:12 | toString() |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.ql
index 6c2928c74e0..da91ecf1b43 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.ql
@@ -1,3 +1,3 @@
-import experimental.adaptivethreatmodeling.StandardEndpointFilters
+import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
 
-select getALikelyExternalLibraryCall()
+select EndpointCharacteristics::getALikelyExternalLibraryCall()
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.qlref b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.qlref
deleted file mode 100644
index b1e84d268d9..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.qlref
+++ /dev/null
@@ -1 +0,0 @@
-extraction/ExtractEndpointData.ql
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
index bbdd33e8965..55423976708 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
@@ -23,6 +23,11 @@ endpoints
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string |
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -55,6 +60,12 @@ endpoints
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -75,6 +86,11 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | sinkLabel | NotASink | string |
 tokenFeatures
 | index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis/nosql_endpoint_filter_ignores_modeled_apis.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis/nosql_endpoint_filter_ignores_modeled_apis.ql
index 9a81ce73d91..a1d06d2881d 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis/nosql_endpoint_filter_ignores_modeled_apis.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis/nosql_endpoint_filter_ignores_modeled_apis.ql
@@ -2,5 +2,5 @@ import javascript
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 
 query predicate effectiveSinks(DataFlow::Node node) {
-  not exists(NosqlInjectionAtm::SinkEndpointFilter::getAReasonSinkExcluded(node))
+  not exists(any(NosqlInjectionAtm::NosqlInjectionAtmConfig cfg).getAReasonSinkExcluded(node))
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py b/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
index 9dc18530bee..131e4f8f93f 100755
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
@@ -2,10 +2,17 @@
 
 # This script updates the JavaScript test data used by the endpoint CodeQL tests.
 
-import glob
+import git
 import logging
-import os
 import shutil
+from pathlib import Path
+
+# Get relevant paths
+script_path = Path(__file__).absolute()
+git_repo = git.Repo(__file__, search_parent_directories=True)
+git_root = Path(git_repo.git.rev_parse('--show-toplevel'))
+autogenerated_dest_path = script_path.parent.joinpath('endpoint_large_scale',
+                                                      'autogenerated')
 
 # File extensions that should be copied to the endpoint tests. This should include source code files
 # e.g. .js, but not the tests themselves e.g. .expected, .ql, .qlref, etc.
@@ -15,35 +22,31 @@ file_extensions_to_copy = ['.js', '.ts']
 # path of that test relative to a checkout of github/codeql.
 test_root_relative_paths = {
     'NosqlAndSqlInjection': 'javascript/ql/test/query-tests/Security/CWE-089',
-    'TaintedPath': 'javascript/ql/test/query-tests/Security/CWE-022/TaintedPath',
+    'TaintedPath':
+    'javascript/ql/test/query-tests/Security/CWE-022/TaintedPath',
     'Xss': 'javascript/ql/test/query-tests/Security/CWE-079',
+    'XssThroughDom': 'javascript/ql/test/query-tests/Security/CWE-116'
 }
-# The path of the endpoint tests, relative to a checkout of github/codeql
-test_path = 'javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale'
 
 logging.basicConfig(level=logging.INFO)
 
-codeql_lib_path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))))
-
-autogenerated_dest_path = os.path.join(codeql_lib_path, test_path, 'autogenerated')
-if os.path.exists(autogenerated_dest_path):
+if autogenerated_dest_path.exists():
     logging.info(f'Deleting existing autogenerated test files...')
     shutil.rmtree(autogenerated_dest_path)
 
 for key, rel_path in test_root_relative_paths.items():
-    test_files_path = os.path.join(codeql_lib_path, rel_path)
+    test_files_path = git_root.joinpath(rel_path)
     logging.info(f'Copying test files for {key}...')
-
-    for file in glob.glob(test_files_path + '/**', recursive=True):
-        # Ignore .testproj directories
-        if '.testproj' in file:
+    counter = 0
+    for file in Path(test_files_path).glob('**/*'):
+        if file.is_dir() or '.test_proj' in str(file):
             continue
-
-        file_extension = os.path.splitext(file)[1]
-        if file_extension in file_extensions_to_copy:
-            dest_path = os.path.normpath(
-                os.path.join(autogenerated_dest_path, key, os.path.relpath(file, test_files_path))
-            )
+        if file.suffix in file_extensions_to_copy:
+            autogenerated_dest_path.joinpath(key, )
+            dest_path = autogenerated_dest_path.joinpath(
+                key, file.relative_to(test_files_path))
             logging.debug(f'Copying {file} to {dest_path}')
-            os.makedirs(os.path.dirname(dest_path), exist_ok=True)
+            dest_path.parent.mkdir(parents=True, exist_ok=True)
             shutil.copyfile(file, dest_path)
+            counter += 1
+    logging.info(f'copied {counter} files')
diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md
index ac17e9e9f27..b6dc74b4a65 100644
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.3.6
+
+No user-facing changes.
+
+## 0.3.5
+
+No user-facing changes.
+
+## 0.3.4
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.9.
+
 ## 0.3.3
 
 No user-facing changes.
diff --git a/javascript/ql/lib/change-notes/2022-10-13-restify-framework-support-improvements.md b/javascript/ql/lib/change-notes/2022-10-13-restify-framework-support-improvements.md
new file mode 100644
index 00000000000..99e19b51757
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2022-10-13-restify-framework-support-improvements.md
@@ -0,0 +1,5 @@
+---
+category: feature
+---
+
+- Improved support for [Restify](http://restify.com/) framework, leading to more results when scanning applications developed with this framework.
diff --git a/javascript/ql/lib/change-notes/2022-10-13-spife-framework-support.md b/javascript/ql/lib/change-notes/2022-10-13-spife-framework-support.md
new file mode 100644
index 00000000000..52606d44502
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2022-10-13-spife-framework-support.md
@@ -0,0 +1,5 @@
+---
+category: feature
+---
+
+- Added support for the [Spife](https://github.com/npm/spife) framework.
diff --git a/javascript/ql/lib/change-notes/2022-10-31-shared-redos-pack.md b/javascript/ql/lib/change-notes/2022-10-31-shared-redos-pack.md
new file mode 100644
index 00000000000..8ce58ade6f9
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2022-10-31-shared-redos-pack.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * The ReDoS libraries in `semmle.code.javascript.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
\ No newline at end of file
diff --git a/javascript/ql/lib/change-notes/2022-11-17-deleted-deps.md b/javascript/ql/lib/change-notes/2022-11-17-deleted-deps.md
new file mode 100644
index 00000000000..eade7244ce1
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -0,0 +1,6 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `Instance` class from the `Vue` module.
+* Deleted the deprecated `VHtmlSourceWrite` class from `DomBasedXssQuery.qll`.
+* Deleted all the deprecated `[QueryName].qll` files from the `javascript/ql/lib/semmle/javascript/security/dataflow` folder, use the corresponding `[QueryName]Query.qll` files instead.
\ No newline at end of file
diff --git a/javascript/ql/lib/change-notes/released/0.3.4.md b/javascript/ql/lib/change-notes/released/0.3.4.md
new file mode 100644
index 00000000000..04b51176020
--- /dev/null
+++ b/javascript/ql/lib/change-notes/released/0.3.4.md
@@ -0,0 +1,5 @@
+## 0.3.4
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.9.
diff --git a/javascript/ql/lib/change-notes/released/0.3.5.md b/javascript/ql/lib/change-notes/released/0.3.5.md
new file mode 100644
index 00000000000..7a86712e637
--- /dev/null
+++ b/javascript/ql/lib/change-notes/released/0.3.5.md
@@ -0,0 +1,3 @@
+## 0.3.5
+
+No user-facing changes.
diff --git a/javascript/ql/lib/change-notes/released/0.3.6.md b/javascript/ql/lib/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/javascript/ql/lib/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml
index 9da182d3394..7bbaa8987dd 100644
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.6
diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll
index 982ddae9128..53bb91797aa 100644
--- a/javascript/ql/lib/javascript.qll
+++ b/javascript/ql/lib/javascript.qll
@@ -99,7 +99,6 @@ import semmle.javascript.frameworks.JWT
 import semmle.javascript.frameworks.Handlebars
 import semmle.javascript.frameworks.History
 import semmle.javascript.frameworks.Immutable
-import semmle.javascript.frameworks.ImportGeneratedModels
 import semmle.javascript.frameworks.Knex
 import semmle.javascript.frameworks.LazyCache
 import semmle.javascript.frameworks.LdapJS
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
index 0a3a773e368..f506e391d72 100644
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,7 +1,11 @@
 name: codeql/javascript-all
-version: 0.3.4-dev
+version: 0.4.0-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
 library: true
 upgrades: upgrades
+dependencies:
+  codeql/regex: ${workspace}
+dataExtensions:
+  - semmle/javascript/frameworks/**/model.yml
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
index 72d5a50cebe..3e708098635 100644
--- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
+++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -460,7 +460,6 @@ module API {
       this = Impl::MkClassInstance(result) or
       this = Impl::MkUse(result) or
       this = Impl::MkDef(result) or
-      this = Impl::MkAsyncFuncResult(result) or
       this = Impl::MkSyntheticCallbackArg(_, _, result)
     }
 
@@ -562,6 +561,9 @@ module API {
     /** Gets a node whose type has the given qualified name, not including types from models. */
     Node getANodeOfTypeRaw(string moduleName, string exportedName) {
       result = Impl::MkTypeUse(moduleName, exportedName).(Node).getInstance()
+      or
+      exportedName = "" and
+      result = getAModuleImportRaw(moduleName)
     }
   }
 
@@ -671,9 +673,6 @@ module API {
           cls.getAnInstanceReference() = trackDefNode(_)
         )
       } or
-      MkAsyncFuncResult(DataFlow::FunctionNode f) {
-        f = trackDefNode(_) and f.getFunction().isAsync() and hasSemantics(f)
-      } or
       MkDef(DataFlow::Node nd) { rhs(_, _, nd) } or
       MkUse(DataFlow::Node nd) { use(_, _, nd) } or
       /** A use of a TypeScript type. */
@@ -688,8 +687,7 @@ module API {
 
     class TDef = MkModuleDef or TNonModuleDef;
 
-    class TNonModuleDef =
-      MkModuleExport or MkClassInstance or MkAsyncFuncResult or MkDef or MkSyntheticCallbackArg;
+    class TNonModuleDef = MkModuleExport or MkClassInstance or MkDef or MkSyntheticCallbackArg;
 
     class TUse = MkModuleUse or MkModuleImport or MkUse or MkTypeUse;
 
@@ -740,10 +738,11 @@ module API {
             rhs = m.getAnExportedValue(prop)
           )
           or
-          exists(DataFlow::FunctionNode fn | fn = pred |
-            not fn.getFunction().isAsync() and
-            lbl = Label::return() and
-            rhs = fn.getAReturn()
+          exists(DataFlow::FunctionNode fn |
+            fn = pred and
+            lbl = Label::return()
+          |
+            if fn.getFunction().isAsync() then rhs = fn.getReturnNode() else rhs = fn.getAReturn()
           )
           or
           lbl = Label::promised() and
@@ -774,13 +773,12 @@ module API {
         )
         or
         exists(DataFlow::FunctionNode f |
-          base = MkAsyncFuncResult(f) and
+          f.getFunction().isAsync() and
+          base = MkDef(f.getReturnNode())
+        |
           lbl = Label::promised() and
           rhs = f.getAReturn()
-        )
-        or
-        exists(DataFlow::FunctionNode f |
-          base = MkAsyncFuncResult(f) and
+          or
           lbl = Label::promisedError() and
           rhs = f.getExceptionalReturn()
         )
@@ -1272,10 +1270,11 @@ module API {
       )
       or
       exists(DataFlow::Node nd, DataFlow::FunctionNode f |
+        f.getFunction().isAsync() and
         pred = MkDef(nd) and
         f = trackDefNode(nd) and
         lbl = Label::return() and
-        succ = MkAsyncFuncResult(f)
+        succ = MkDef(f.getReturnNode())
       )
       or
       exists(int bound, DataFlow::InvokeNode call |
diff --git a/javascript/ql/lib/semmle/javascript/Closure.qll b/javascript/ql/lib/semmle/javascript/Closure.qll
index 37934f30af0..e27387255a1 100644
--- a/javascript/ql/lib/semmle/javascript/Closure.qll
+++ b/javascript/ql/lib/semmle/javascript/Closure.qll
@@ -75,8 +75,7 @@ module Closure {
   /**
    * A top-level call to `goog.provide`.
    */
-  class ClosureProvideCall extends ClosureNamespaceRef, DataFlow::MethodCallNode {
-    ClosureProvideCall() { this instanceof DefaultClosureProvideCall }
+  class ClosureProvideCall extends ClosureNamespaceRef, DataFlow::MethodCallNode instanceof DefaultClosureProvideCall {
   }
 
   /**
@@ -89,8 +88,7 @@ module Closure {
   /**
    * A call to `goog.require`.
    */
-  class ClosureRequireCall extends ClosureNamespaceAccess, DataFlow::MethodCallNode {
-    ClosureRequireCall() { this instanceof DefaultClosureRequireCall }
+  class ClosureRequireCall extends ClosureNamespaceAccess, DataFlow::MethodCallNode instanceof DefaultClosureRequireCall {
   }
 
   /**
@@ -106,8 +104,7 @@ module Closure {
   /**
    * A top-level call to `goog.module` or `goog.declareModuleId`.
    */
-  class ClosureModuleDeclaration extends ClosureNamespaceRef, DataFlow::MethodCallNode {
-    ClosureModuleDeclaration() { this instanceof DefaultClosureModuleDeclaration }
+  class ClosureModuleDeclaration extends ClosureNamespaceRef, DataFlow::MethodCallNode instanceof DefaultClosureModuleDeclaration {
   }
 
   private GlobalVariable googVariable() { variables(result, "goog", any(GlobalScope sc)) }
diff --git a/javascript/ql/lib/semmle/javascript/DOM.qll b/javascript/ql/lib/semmle/javascript/DOM.qll
index b8db6dad5a7..94809451934 100644
--- a/javascript/ql/lib/semmle/javascript/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/DOM.qll
@@ -138,16 +138,14 @@ module DOM {
   /**
    * A JSX attribute, viewed as an `AttributeDefinition`.
    */
-  private class JsxAttributeDefinition extends AttributeDefinition, @jsx_attribute {
-    JsxAttribute attr;
+  private class JsxAttributeDefinition extends AttributeDefinition, @jsx_attribute instanceof JsxAttribute {
+    override string getName() { result = JsxAttribute.super.getName() }
 
-    JsxAttributeDefinition() { this = attr }
+    override DataFlow::Node getValueNode() {
+      result = DataFlow::valueNode(JsxAttribute.super.getValue())
+    }
 
-    override string getName() { result = attr.getName() }
-
-    override DataFlow::Node getValueNode() { result = DataFlow::valueNode(attr.getValue()) }
-
-    override ElementDefinition getElement() { result = attr.getElement() }
+    override ElementDefinition getElement() { result = JsxAttribute.super.getElement() }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/DefUse.qll b/javascript/ql/lib/semmle/javascript/DefUse.qll
index e603c5b9112..4f7bf1528bc 100644
--- a/javascript/ql/lib/semmle/javascript/DefUse.qll
+++ b/javascript/ql/lib/semmle/javascript/DefUse.qll
@@ -222,9 +222,7 @@ class VarDef extends ControlFlowNode {
  *
  * Some variable definitions are also uses, notably the operands of update expressions.
  */
-class VarUse extends ControlFlowNode, @varref {
-  VarUse() { this instanceof RValue }
-
+class VarUse extends ControlFlowNode, @varref instanceof RValue {
   /** Gets the variable this use refers to. */
   Variable getVariable() { result = this.(VarRef).getVariable() }
 
diff --git a/javascript/ql/lib/semmle/javascript/DefensiveProgramming.qll b/javascript/ql/lib/semmle/javascript/DefensiveProgramming.qll
index 677e931fa25..96bbea0e55c 100644
--- a/javascript/ql/lib/semmle/javascript/DefensiveProgramming.qll
+++ b/javascript/ql/lib/semmle/javascript/DefensiveProgramming.qll
@@ -384,16 +384,11 @@ module DefensiveExpressionTest {
    *
    * Example: `typeof x === "undefined"'.
    */
-  class TypeofUndefinedTest extends UndefinedNullTest {
-    TypeofTest test;
+  class TypeofUndefinedTest extends UndefinedNullTest instanceof TypeofTest {
+    TypeofUndefinedTest() { super.getTag() = "undefined" }
 
-    TypeofUndefinedTest() {
-      this = test and
-      test.getTag() = "undefined"
-    }
+    override boolean getTheTestResult() { result = TypeofTest.super.getTheTestResult() }
 
-    override boolean getTheTestResult() { result = test.getTheTestResult() }
-
-    override Expr getOperand() { result = test.getOperand() }
+    override Expr getOperand() { result = TypeofTest.super.getOperand() }
   }
 }
diff --git a/javascript/ql/lib/semmle/javascript/GeneratedCode.qll b/javascript/ql/lib/semmle/javascript/GeneratedCode.qll
index 8dd53402205..ea397a9c40d 100644
--- a/javascript/ql/lib/semmle/javascript/GeneratedCode.qll
+++ b/javascript/ql/lib/semmle/javascript/GeneratedCode.qll
@@ -16,8 +16,7 @@ abstract class GeneratedCodeMarkerComment extends Comment { }
 /**
  * A source mapping comment, viewed as a marker comment indicating generated code.
  */
-private class SourceMappingCommentMarkerComment extends GeneratedCodeMarkerComment {
-  SourceMappingCommentMarkerComment() { this instanceof SourceMappingComment }
+private class SourceMappingCommentMarkerComment extends GeneratedCodeMarkerComment instanceof SourceMappingComment {
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll
index e443ede5104..9cef1455746 100644
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -176,6 +176,13 @@ class RegExpTerm extends Locatable, @regexpterm {
    * Gets a string that is matched by this regular-expression term.
    */
   string getAMatchedString() { result = this.getConstantValue() }
+
+  /** Holds if this term has the specified location. */
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**
@@ -359,6 +366,9 @@ class RegExpAnchor extends RegExpTerm, @regexp_anchor {
   override predicate isNullable() { any() }
 
   override string getAPrimaryQlClass() { result = "RegExpAnchor" }
+
+  /** Gets the char for this term. */
+  abstract string getChar();
 }
 
 /**
@@ -372,6 +382,8 @@ class RegExpAnchor extends RegExpTerm, @regexp_anchor {
  */
 class RegExpCaret extends RegExpAnchor, @regexp_caret {
   override string getAPrimaryQlClass() { result = "RegExpCaret" }
+
+  override string getChar() { result = "^" }
 }
 
 /**
@@ -385,6 +397,8 @@ class RegExpCaret extends RegExpAnchor, @regexp_caret {
  */
 class RegExpDollar extends RegExpAnchor, @regexp_dollar {
   override string getAPrimaryQlClass() { result = "RegExpDollar" }
+
+  override string getChar() { result = "$" }
 }
 
 /**
@@ -992,11 +1006,12 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) {
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/javascript/ql/lib/semmle/javascript/Routing.qll b/javascript/ql/lib/semmle/javascript/Routing.qll
index a7e37c10743..9c8087adc4c 100644
--- a/javascript/ql/lib/semmle/javascript/Routing.qll
+++ b/javascript/ql/lib/semmle/javascript/Routing.qll
@@ -508,9 +508,7 @@ module Routing {
     /**
      * An array which has been determined to be a route node, seen as a route node with arguments.
      */
-    private class ImpliedArrayRoute extends ValueNode::WithArguments, DataFlow::ArrayCreationNode {
-      ImpliedArrayRoute() { this instanceof ValueNode::UseSite }
-
+    private class ImpliedArrayRoute extends ValueNode::WithArguments, DataFlow::ArrayCreationNode instanceof ValueNode::UseSite {
       override DataFlow::Node getArgumentNode(int n) { result = this.getElement(n) }
     }
   }
diff --git a/javascript/ql/lib/semmle/javascript/TypeScript.qll b/javascript/ql/lib/semmle/javascript/TypeScript.qll
index 51b68220a9e..5b8cd763dfe 100644
--- a/javascript/ql/lib/semmle/javascript/TypeScript.qll
+++ b/javascript/ql/lib/semmle/javascript/TypeScript.qll
@@ -1375,6 +1375,27 @@ class AsTypeAssertion extends TypeAssertion, @as_type_assertion { }
  */
 class PrefixTypeAssertion extends TypeAssertion, @prefix_type_assertion { }
 
+/**
+ * A satisfies type asserion of the form `E satisfies T` where `E` is an expression and `T` is a type.
+ */
+class SatisfiesExpr extends Expr, @satisfies_expr {
+  /** Gets the expression whose type to assert, that is, the `E` in `E as T` or `<T> E`. */
+  Expr getExpression() { result = this.getChildExpr(0) }
+
+  /** Gets the type to cast to, that is, the `T` in `E as T` or `<T> E`. */
+  TypeExpr getTypeAnnotation() { result = this.getChildTypeExpr(1) }
+
+  override ControlFlowNode getFirstControlFlowNode() {
+    result = this.getExpression().getFirstControlFlowNode()
+  }
+
+  override Expr getUnderlyingValue() { result = this.getExpression().getUnderlyingValue() }
+
+  override Expr getUnderlyingReference() { result = this.getExpression().getUnderlyingReference() }
+
+  override string getAPrimaryQlClass() { result = "SatisfiesExpr" }
+}
+
 /**
  * A TypeScript expression of form `E!`, asserting that `E` is not null.
  */
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
index 2404fecbd30..c013dab3680 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
@@ -1580,6 +1580,8 @@ module DataFlow {
       or
       predExpr = succExpr.(TypeAssertion).getExpression()
       or
+      predExpr = succExpr.(SatisfiesExpr).getExpression()
+      or
       predExpr = succExpr.(NonNullAssertion).getExpression()
       or
       predExpr = succExpr.(ExpressionWithTypeArguments).getExpression()
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
index 1c9a9f66100..bc3d205eb6a 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
@@ -298,9 +298,7 @@ class MethodCallNode extends CallNode instanceof DataFlow::Impl::MethodCallNodeD
  * new Array(16)
  * ```
  */
-class NewNode extends InvokeNode {
-  NewNode() { this instanceof DataFlow::Impl::NewNodeDef }
-}
+class NewNode extends InvokeNode instanceof DataFlow::Impl::NewNodeDef { }
 
 /**
  * A data flow node corresponding to the `this` parameter in a function or `this` at the top-level.
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TypeInference.qll b/javascript/ql/lib/semmle/javascript/dataflow/TypeInference.qll
index 35b8f9b4444..a744c38f38e 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/TypeInference.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TypeInference.qll
@@ -180,13 +180,9 @@ class AnalyzedValueNode extends AnalyzedNode, DataFlow::ValueNode { }
  * exports are modeled as property writes on `module.exports`, and imports
  * as property reads on any potential value of `module.exports`.
  */
-class AnalyzedModule extends TopLevel {
-  Module m;
-
-  AnalyzedModule() { this = m }
-
+class AnalyzedModule extends TopLevel instanceof Module {
   /** Gets the name of this module. */
-  string getName() { result = m.getName() }
+  string getName() { result = super.getName() }
 
   /**
    * Gets the abstract value representing this module's `module` object.
@@ -216,7 +212,7 @@ class AnalyzedModule extends TopLevel {
     exists(AbstractValue exports | exports = getAnExportsValue() |
       // CommonJS modules export `module.exports` as their `default`
       // export in an ES2015 setting
-      not m instanceof ES2015Module and
+      not this instanceof ES2015Module and
       name = "default" and
       result = exports
       or
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll
index cebcaa1a1da..63c0105a5ac 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll
@@ -45,6 +45,8 @@ private PropAccess namedPropAccess(AccessPath base, PropertyName name, BasicBloc
 
 private SsaVariable getRefinedVariable(SsaVariable variable) {
   result = variable.getDefinition().(SsaRefinementNode).getAnInput()
+  or
+  result = variable.getDefinition().(SsaPhiNode).getRephinedVariable()
 }
 
 private SsaVariable getARefinementOf(SsaVariable variable) { variable = getRefinedVariable(result) }
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll
index 15a4fec7406..25b6cfdb2d9 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll
@@ -120,15 +120,13 @@ abstract class AnalyzedPropertyWrite extends DataFlow::Node {
 /**
  * Flow analysis for property writes.
  */
-private class AnalyzedExplicitPropertyWrite extends AnalyzedPropertyWrite {
-  AnalyzedExplicitPropertyWrite() { this instanceof DataFlow::PropWrite }
-
+private class AnalyzedExplicitPropertyWrite extends AnalyzedPropertyWrite instanceof DataFlow::PropWrite {
   override predicate writes(AbstractValue base, string prop, DataFlow::AnalyzedNode source) {
     explicitPropertyWrite(this, base, prop, source)
   }
 
   override predicate baseIsIncomplete(DataFlow::Incompleteness reason) {
-    this.(DataFlow::PropWrite).getBase().isIncomplete(reason)
+    super.getBase().isIncomplete(reason)
   }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableTypeInference.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableTypeInference.qll
index b55c0ddc302..29a7b420513 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableTypeInference.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableTypeInference.qll
@@ -144,9 +144,7 @@ class AnalyzedVarDef extends VarDef {
 /**
  * Flow analysis for simple parameters of selected functions.
  */
-private class AnalyzedParameterAsVarDef extends AnalyzedVarDef, @var_decl {
-  AnalyzedParameterAsVarDef() { this instanceof Parameter }
-
+private class AnalyzedParameterAsVarDef extends AnalyzedVarDef, @var_decl instanceof Parameter {
   override AbstractValue getAnRhsValue() {
     result = DataFlow::valueNode(this).(AnalyzedValueNode).getALocalValue()
   }
@@ -692,25 +690,20 @@ abstract private class CallWithAnalyzedParameters extends FunctionWithAnalyzedPa
 /**
  * Flow analysis for simple parameters of IIFEs.
  */
-private class IifeWithAnalyzedParameters extends CallWithAnalyzedParameters {
-  ImmediatelyInvokedFunctionExpr iife;
+private class IifeWithAnalyzedParameters extends CallWithAnalyzedParameters instanceof ImmediatelyInvokedFunctionExpr {
+  IifeWithAnalyzedParameters() { super.getInvocationKind() = "direct" }
 
-  IifeWithAnalyzedParameters() {
-    this = iife and
-    iife.getInvocationKind() = "direct"
-  }
-
-  override DataFlow::InvokeNode getAnInvocation() { result = iife.getInvocation().flow() }
+  override DataFlow::InvokeNode getAnInvocation() { result = super.getInvocation().flow() }
 
   override predicate isIncomplete(DataFlow::Incompleteness cause) {
     // if the IIFE has a name and that name is referenced, we conservatively
     // assume that there may be other calls than the direct one
-    exists(iife.getVariable().getAnAccess()) and cause = "call"
+    exists(ImmediatelyInvokedFunctionExpr.super.getVariable().getAnAccess()) and cause = "call"
     or
     // if the IIFE is non-strict and its `arguments` object is accessed, we
     // also assume that there may be other calls (through `arguments.callee`)
-    not iife.isStrict() and
-    exists(iife.getArgumentsVariable().getAnAccess()) and
+    not ImmediatelyInvokedFunctionExpr.super.isStrict() and
+    exists(ImmediatelyInvokedFunctionExpr.super.getArgumentsVariable().getAnAccess()) and
     cause = "call"
   }
 }
@@ -718,12 +711,8 @@ private class IifeWithAnalyzedParameters extends CallWithAnalyzedParameters {
 /**
  * Enables inter-procedural type inference for `LocalFunction`.
  */
-private class LocalFunctionWithAnalyzedParameters extends CallWithAnalyzedParameters {
-  LocalFunction local;
-
-  LocalFunctionWithAnalyzedParameters() { this = local }
-
-  override DataFlow::InvokeNode getAnInvocation() { result = local.getAnInvocation() }
+private class LocalFunctionWithAnalyzedParameters extends CallWithAnalyzedParameters instanceof LocalFunction {
+  override DataFlow::InvokeNode getAnInvocation() { result = LocalFunction.super.getAnInvocation() }
 
   override predicate isIncomplete(DataFlow::Incompleteness cause) { none() }
 }
diff --git a/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll b/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll
index 024a966bf21..f110f3d5f97 100644
--- a/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll
+++ b/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll
@@ -226,21 +226,17 @@ abstract class ScriptDependency extends Dependency {
 /**
  * An embedded JavaScript library included inside a `<script>` tag.
  */
-class InlineScriptDependency extends ScriptDependency, @toplevel {
-  FrameworkLibraryInstance fli;
-
-  InlineScriptDependency() { this = fli }
-
+class InlineScriptDependency extends ScriptDependency, @toplevel instanceof FrameworkLibraryInstance {
   override predicate info(string id, string v) {
     exists(FrameworkLibrary fl |
-      fli.info(fl, v) and
+      FrameworkLibraryInstance.super.info(fl, v) and
       id = fl.getId()
     )
   }
 
   override Expr getAnApiUse() {
     exists(FrameworkLibrary fl |
-      fli.info(fl, _) and
+      FrameworkLibraryInstance.super.info(fl, _) and
       propAccessOnGlobal(result, fl.getAnEntryPoint()) and
       result.getFile() = this.getFile() and
       result.getTopLevel() != this
@@ -252,21 +248,17 @@ class InlineScriptDependency extends ScriptDependency, @toplevel {
  * An external JavaScript library referenced via the `src` attribute
  * of a `<script>` tag.
  */
-class ExternalScriptDependency extends ScriptDependency, @xmlattribute {
-  FrameworkLibraryReference flr;
-
-  ExternalScriptDependency() { this = flr }
-
+class ExternalScriptDependency extends ScriptDependency, @xmlattribute instanceof FrameworkLibraryReference {
   override predicate info(string id, string v) {
     exists(FrameworkLibrary fl |
-      flr.info(fl, v) and
+      FrameworkLibraryReference.super.info(fl, v) and
       id = fl.getId()
     )
   }
 
   override Expr getAnApiUse() {
     exists(FrameworkLibrary fl |
-      flr.info(fl, _) and
+      FrameworkLibraryReference.super.info(fl, _) and
       propAccessOnGlobal(result, fl.getAnEntryPoint()) and
       result.getFile() = this.getFile()
     )
@@ -276,9 +268,7 @@ class ExternalScriptDependency extends ScriptDependency, @xmlattribute {
 /**
  * A dependency on GWT indicated by a GWT header script.
  */
-private class GwtDependency extends ScriptDependency {
-  GwtDependency() { this instanceof GwtHeader }
-
+private class GwtDependency extends ScriptDependency instanceof GwtHeader {
   override predicate info(string id, string v) {
     id = "gwt" and
     exists(GwtHeader h | h = this |
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
index e26a71bcdd4..5314433e7d6 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
@@ -468,14 +468,10 @@ abstract class DirectiveTarget extends Locatable {
 /**
  * A DOM element, viewed as directive target.
  */
-private class DomElementAsElement extends DirectiveTarget {
-  DOM::ElementDefinition element;
+private class DomElementAsElement extends DirectiveTarget instanceof DOM::ElementDefinition {
+  override string getName() { result = DOM::ElementDefinition.super.getName() }
 
-  DomElementAsElement() { this = element }
-
-  override string getName() { result = element.getName() }
-
-  override DOM::ElementDefinition getElement() { result = element }
+  override DOM::ElementDefinition getElement() { result = this }
 
   override DirectiveTargetType getType() { result = E() }
 }
@@ -483,18 +479,16 @@ private class DomElementAsElement extends DirectiveTarget {
 /**
  * A DOM attribute, viewed as a directive target.
  */
-private class DomAttributeAsElement extends DirectiveTarget {
-  DOM::AttributeDefinition attr;
+private class DomAttributeAsElement extends DirectiveTarget instanceof DOM::AttributeDefinition {
+  override string getName() { result = DOM::AttributeDefinition.super.getName() }
 
-  DomAttributeAsElement() { this = attr }
-
-  override string getName() { result = attr.getName() }
-
-  override DOM::ElementDefinition getElement() { result = attr.getElement() }
+  override DOM::ElementDefinition getElement() {
+    result = DOM::AttributeDefinition.super.getElement()
+  }
 
   override DirectiveTargetType getType() { result = A() }
 
-  DOM::AttributeDefinition asAttribute() { result = attr }
+  DOM::AttributeDefinition asAttribute() { result = this }
 }
 
 /**
@@ -962,17 +956,13 @@ abstract class Controller extends DataFlow::Node {
 /**
  * A controller instantiated through a directive, e.g. `<div ngController="myController"/>`.
  */
-private class DirectiveController extends Controller {
-  ControllerDefinition def;
-
-  DirectiveController() { this = def }
-
+private class DirectiveController extends Controller instanceof ControllerDefinition {
   private predicate boundAnonymously(DOM::ElementDefinition elem) {
     exists(DirectiveInstance instance, DomAttributeAsElement attr |
       instance.getName() = "ngController" and
       instance.getATarget() = attr and
       elem = attr.getElement() and
-      attr.asAttribute().getStringValue() = def.getName()
+      attr.asAttribute().getStringValue() = super.getName()
     )
   }
 
@@ -989,28 +979,26 @@ private class DirectiveController extends Controller {
         attributeValue = attr.asAttribute().getStringValue() and
         pattern = "([^ ]+) +as +([^ ]+)"
       |
-        attributeValue.regexpCapture(pattern, 1) = def.getName() and
+        attributeValue.regexpCapture(pattern, 1) = ControllerDefinition.super.getName() and
         attributeValue.regexpCapture(pattern, 2) = alias
       )
     )
   }
 
-  override InjectableFunction getFactoryFunction() { result = def.getAFactoryFunction() }
+  override InjectableFunction getFactoryFunction() {
+    result = ControllerDefinition.super.getAFactoryFunction()
+  }
 }
 
 /**
  * A controller instantiated through routes, e.g. `$routeProvider.otherwise({controller: ...})`.
  */
-private class RouteInstantiatedController extends Controller {
-  RouteSetup setup;
-
-  RouteInstantiatedController() { this = setup }
-
-  override InjectableFunction getFactoryFunction() { result = setup.getController() }
+private class RouteInstantiatedController extends Controller instanceof RouteSetup {
+  override InjectableFunction getFactoryFunction() { result = super.getController() }
 
   override predicate boundTo(DOM::ElementDefinition elem) {
     exists(string url, HTML::HtmlFile template |
-      setup.getRouteParam("templateUrl").mayHaveStringValue(url) and
+      super.getRouteParam("templateUrl").mayHaveStringValue(url) and
       template.getAbsolutePath().regexpMatch(".*\\Q" + url + "\\E") and
       elem.getFile() = template
     )
@@ -1018,7 +1006,7 @@ private class RouteInstantiatedController extends Controller {
 
   override predicate boundToAs(DOM::ElementDefinition elem, string name) {
     this.boundTo(elem) and
-    setup.getRouteParam("controllerAs").mayHaveStringValue(name)
+    super.getRouteParam("controllerAs").mayHaveStringValue(name)
   }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
index d379184c11f..29d7fe3bdf6 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
@@ -808,23 +808,19 @@ private import Parser
  *
  * Will eventually be a subtype of `DataFlow::Node`.
  */
-class NgDataFlowNode extends TNode {
-  NgAstNode astNode;
-
-  NgDataFlowNode() { this = astNode }
-
+class NgDataFlowNode extends TNode instanceof NgAstNode {
   /** Gets the AST node this node corresponds to. */
-  NgAstNode getAstNode() { result = astNode }
+  NgAstNode getAstNode() { result = this }
 
   /** Gets a textual representation of this element. */
-  string toString() { result = astNode.toString() }
+  string toString() { result = super.toString() }
 
   /**
    * Gets a scope object for this node.
    */
   AngularJS::AngularScope getAScope() {
     exists(NgToken token, NgSource source |
-      astNode.at(token, _) and
+      super.at(token, _) and
       token.at(source, _)
     |
       result.mayApplyTo(source.getProvider().getEnclosingElement())
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
index a9941c6492d..a26c5da1aa4 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
@@ -473,27 +473,21 @@ abstract class ServiceRequestNode extends DataFlow::Node {
 /**
  * The request for a scope service in the form of the link-function of a directive.
  */
-private class LinkFunctionWithScopeInjection extends ServiceRequestNode {
-  LinkFunctionWithScopeInjection() { this instanceof LinkFunction }
-
+private class LinkFunctionWithScopeInjection extends ServiceRequestNode instanceof LinkFunction {
   override DataFlow::ParameterNode getDependencyParameter(ServiceReference service) {
     service instanceof ScopeServiceReference and
-    result = this.(LinkFunction).getScopeParameter()
+    result = super.getScopeParameter()
   }
 }
 
 /**
  * A request for a service, in the form of a dependency-injected function.
  */
-class InjectableFunctionServiceRequest extends ServiceRequestNode {
-  InjectableFunction injectedFunction;
-
-  InjectableFunctionServiceRequest() { injectedFunction = this }
-
+class InjectableFunctionServiceRequest extends ServiceRequestNode instanceof InjectableFunction {
   /**
    * Gets the function of this request.
    */
-  InjectableFunction getAnInjectedFunction() { result = injectedFunction }
+  InjectableFunction getAnInjectedFunction() { result = this }
 
   /**
    * Gets a name of a requested service.
@@ -512,7 +506,7 @@ class InjectableFunctionServiceRequest extends ServiceRequestNode {
   }
 
   override DataFlow::ParameterNode getDependencyParameter(ServiceReference service) {
-    service = injectedFunction.getAResolvedDependency(result)
+    service = super.getAResolvedDependency(result)
   }
 }
 
@@ -631,12 +625,8 @@ class ProviderRecipeDefinition extends RecipeDefinition {
   }
 }
 
-private class ProviderRecipeServiceInjection extends DependencyInjection {
-  ProviderRecipeServiceInjection() { this instanceof ProviderRecipeDefinition }
-
-  override DataFlow::Node getAnInjectableFunction() {
-    result = this.(ProviderRecipeDefinition).getAService()
-  }
+private class ProviderRecipeServiceInjection extends DependencyInjection instanceof ProviderRecipeDefinition {
+  override DataFlow::Node getAnInjectableFunction() { result = super.getAService() }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
index 1453f995433..b3d6b8a3b0e 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -762,14 +762,12 @@ module ClientRequest {
   /**
    * A shell execution of `curl` that downloads some file.
    */
-  class CurlDownload extends ClientRequest::Range {
-    SystemCommandExecution cmd;
-
+  class CurlDownload extends ClientRequest::Range instanceof SystemCommandExecution {
     CurlDownload() {
-      this = cmd and
       (
-        cmd.getACommandArgument().getStringValue() = "curl" or
-        cmd.getACommandArgument()
+        super.getACommandArgument().getStringValue() = "curl" or
+        super
+            .getACommandArgument()
             .(StringOps::ConcatenationRoot)
             .getConstantStringParts()
             .matches("curl %")
@@ -777,8 +775,8 @@ module ClientRequest {
     }
 
     override DataFlow::Node getUrl() {
-      result = cmd.getArgumentList().getALocalSource().getAPropertyWrite().getRhs() or
-      result = cmd.getACommandArgument().(StringOps::ConcatenationRoot).getALeaf()
+      result = super.getArgumentList().getALocalSource().getAPropertyWrite().getRhs() or
+      result = super.getACommandArgument().(StringOps::ConcatenationRoot).getALeaf()
     }
 
     override DataFlow::Node getHost() { none() }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Electron.qll b/javascript/ql/lib/semmle/javascript/frameworks/Electron.qll
index 5ec9c8edcf9..9ab88bcbb38 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Electron.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Electron.qll
@@ -16,16 +16,12 @@ module Electron {
   /**
    * An instantiation of `BrowserWindow` or `BrowserView`.
    */
-  abstract private class NewBrowserObject extends BrowserObject {
-    DataFlow::NewNode self;
-
-    NewBrowserObject() { this = self }
-
+  abstract private class NewBrowserObject extends BrowserObject instanceof DataFlow::NewNode {
     /**
      * Gets the data flow node from which this instantiation takes its `webPreferences` object.
      */
     DataFlow::SourceNode getWebPreferences() {
-      result = self.getOptionArgument(0, "webPreferences").getALocalSource()
+      result = super.getOptionArgument(0, "webPreferences").getALocalSource()
     }
   }
 
@@ -182,8 +178,7 @@ module Electron {
   /**
    * A Node.js-style HTTP or HTTPS request made using an Electron module.
    */
-  class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {
-    ElectronClientRequest() { this instanceof ElectronClientRequest::Range }
+  class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest instanceof ElectronClientRequest::Range {
   }
 
   module ElectronClientRequest {
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
index a48b7d1719a..7776a84612c 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
@@ -76,17 +76,11 @@ module Express {
     result = "del"
   }
 
-  private class RouterRange extends Routing::Router::Range {
-    RouterDefinition def;
-
-    RouterRange() { this = def }
-
-    override DataFlow::SourceNode getAReference() { result = def.ref() }
+  private class RouterRange extends Routing::Router::Range instanceof RouterDefinition {
+    override DataFlow::SourceNode getAReference() { result = super.ref() }
   }
 
-  private class RoutingTreeSetup extends Routing::RouteSetup::MethodCall {
-    RoutingTreeSetup() { this instanceof RouteSetup }
-
+  private class RoutingTreeSetup extends Routing::RouteSetup::MethodCall instanceof RouteSetup {
     override string getRelativePath() {
       not this.getMethodName() = "param" and // do not treat parameter name as a path
       result = this.getArgument(0).getStringValue()
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ExpressModules.qll b/javascript/ql/lib/semmle/javascript/frameworks/ExpressModules.qll
index 6052d97cef8..e692da0333b 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/ExpressModules.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/ExpressModules.qll
@@ -18,9 +18,7 @@ module ExpressLibraries {
   /**
    * A header produced by a route handler of the "x-frame-options" module.
    */
-  class XFrameOptionsRouteHandlerHeader extends Http::ImplicitHeaderDefinition {
-    XFrameOptionsRouteHandlerHeader() { this instanceof XFrameOptionsRouteHandler }
-
+  class XFrameOptionsRouteHandlerHeader extends Http::ImplicitHeaderDefinition instanceof XFrameOptionsRouteHandler {
     override predicate defines(string headerName, string headerValue) {
       xFrameOptionsDefaultImplicitHeaderDefinition(headerName, headerValue)
     }
@@ -45,9 +43,7 @@ module ExpressLibraries {
   /**
    * A header produced by a route handler of the "frameguard" module.
    */
-  class FrameGuardRouteHandlerHeader extends Http::ImplicitHeaderDefinition {
-    FrameGuardRouteHandlerHeader() { this instanceof FrameGuardRouteHandler }
-
+  class FrameGuardRouteHandlerHeader extends Http::ImplicitHeaderDefinition instanceof FrameGuardRouteHandler {
     override predicate defines(string headerName, string headerValue) {
       xFrameOptionsDefaultImplicitHeaderDefinition(headerName, headerValue)
     }
@@ -70,9 +66,7 @@ module ExpressLibraries {
   /**
    * A header produced by a route handler of the "helmet" module.
    */
-  class HelmetRouteHandlerHeader extends Http::ImplicitHeaderDefinition {
-    HelmetRouteHandlerHeader() { this instanceof HelmetRouteHandler }
-
+  class HelmetRouteHandlerHeader extends Http::ImplicitHeaderDefinition instanceof HelmetRouteHandler {
     override predicate defines(string headerName, string headerValue) {
       xFrameOptionsDefaultImplicitHeaderDefinition(headerName, headerValue)
     }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
index d12c4278601..b25dbb63380 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
@@ -168,11 +168,8 @@ module Fastify {
     }
   }
 
-  private class ShorthandRoutingTreeSetup extends Routing::RouteSetup::MethodCall {
-    ShorthandRoutingTreeSetup() {
-      this instanceof RouteSetup and
-      not this.getMethodName() = "route"
-    }
+  private class ShorthandRoutingTreeSetup extends Routing::RouteSetup::MethodCall instanceof RouteSetup {
+    ShorthandRoutingTreeSetup() { not this.getMethodName() = "route" }
 
     override string getRelativePath() { result = this.getArgument(0).getStringValue() }
 
@@ -186,11 +183,8 @@ module Fastify {
           .splitAt(",", n)
   }
 
-  private class FullRoutingTreeSetup extends Routing::RouteSetup::MethodCall {
-    FullRoutingTreeSetup() {
-      this instanceof RouteSetup and
-      this.getMethodName() = "route"
-    }
+  private class FullRoutingTreeSetup extends Routing::RouteSetup::MethodCall instanceof RouteSetup {
+    FullRoutingTreeSetup() { this.getMethodName() = "route" }
 
     override string getRelativePath() { result = this.getOptionArgument(0, "url").getStringValue() }
 
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
index 62788b2a3d7..8fafc7db7c0 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
@@ -156,19 +156,14 @@ module Http {
   /**
    * An expression that sets the `Set-Cookie` header of an HTTP response.
    */
-  class SetCookieHeader extends CookieDefinition {
-    HeaderDefinition header;
-
-    SetCookieHeader() {
-      this = header and
-      header.getAHeaderName() = "set-cookie"
-    }
+  class SetCookieHeader extends CookieDefinition instanceof HeaderDefinition {
+    SetCookieHeader() { super.getAHeaderName() = "set-cookie" }
 
     override DataFlow::Node getHeaderArgument() {
-      header.(ExplicitHeaderDefinition).definesHeaderValue("set-cookie", result)
+      this.(ExplicitHeaderDefinition).definesHeaderValue("set-cookie", result)
     }
 
-    override RouteHandler getRouteHandler() { result = header.getRouteHandler() }
+    override RouteHandler getRouteHandler() { result = HeaderDefinition.super.getRouteHandler() }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll
index e4bc922951c..f38740a490d 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll
@@ -9,10 +9,28 @@ module Hapi {
   /**
    * An expression that creates a new Hapi server.
    */
-  class ServerDefinition extends Http::Servers::StandardServerDefinition, DataFlow::NewNode {
+  class ServerDefinition extends Http::Servers::StandardServerDefinition, DataFlow::Node {
     ServerDefinition() {
       // `server = new Hapi.Server()`
       this = DataFlow::moduleMember("hapi", "Server").getAnInstantiation()
+      or
+      // `server = Glue.compose(manifest, composeOptions)`
+      this = DataFlow::moduleMember("@hapi/glue", "compose").getAnInvocation()
+      or
+      // `register (server, options)`
+      // `module.exports.plugin = {register, pkg};`
+      this =
+        any(Module m)
+            .getAnExportedValue("plugin")
+            .getALocalSource()
+            .getAPropertySource("register")
+            .getAFunctionValue()
+            .getParameter(0)
+      or
+      // `const after = function (server) {...};`
+      // `server.dependency('name', after);`
+      this =
+        any(ServerDefinition s).ref().getAMethodCall("dependency").getABoundCallbackParameter(1, 0)
     }
   }
 
@@ -123,7 +141,7 @@ module Hapi {
         kind = "parameter" and
         exists(DataFlow::PropRead query |
           // `request.query.name`
-          query.accesses(request, "query") and
+          query.accesses(request, ["query", "params"]) and
           this.(DataFlow::PropRead).accesses(query, _)
         )
         or
@@ -131,7 +149,7 @@ module Hapi {
           // `request.url.path`
           kind = "url" and
           url.accesses(request, "url") and
-          this.(DataFlow::PropRead).accesses(url, "path")
+          this.(DataFlow::PropRead).accesses(url, ["path", "origin"])
         )
         or
         exists(DataFlow::PropRead state |
@@ -209,6 +227,17 @@ module Hapi {
         // server.ext('/', fun)
         this.getMethodName() = "ext" and
         handler = this.getArgument(1)
+        or
+        // server.route([{ handler(request){}])
+        this.getMethodName() = "route" and
+        handler =
+          this.getArgument(0)
+              .getALocalSource()
+              .(DataFlow::ArrayCreationNode)
+              .getAnElement()
+              .getALocalSource()
+              .getAPropertySource("handler")
+              .getAFunctionValue()
       )
     }
 
@@ -240,7 +269,7 @@ module Hapi {
     RouteHandlerCandidate() {
       exists(string request, string responseToolkit |
         (request = "request" or request = "req") and
-        responseToolkit = "h" and
+        responseToolkit = ["h", "hapi"] and
         // heuristic: parameter names match the Hapi documentation
         astNode.getNumParameter() = 2 and
         astNode.getParameter(0).getName() = request and
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/HttpFrameworks.qll b/javascript/ql/lib/semmle/javascript/frameworks/HttpFrameworks.qll
index 7568280dcc4..8e91230d3b2 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/HttpFrameworks.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/HttpFrameworks.qll
@@ -7,3 +7,4 @@ import semmle.javascript.frameworks.Micro
 import semmle.javascript.frameworks.Restify
 import semmle.javascript.frameworks.Connect
 import semmle.javascript.frameworks.Fastify
+import semmle.javascript.frameworks.Spife
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ImportGeneratedModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/ImportGeneratedModels.qll
deleted file mode 100644
index ffb7ab60fba..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/ImportGeneratedModels.qll
+++ /dev/null
@@ -1,12 +0,0 @@
-/**
- * Imports all generated models.
- */
-
-private import minimongo.Model
-private import mongodb.Model
-private import mssql.Model
-private import mysql.Model
-private import pg.Model
-private import sequelize.Model
-private import spanner.Model
-private import sqlite3.Model
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
index 11f454eadd5..56e9c6f4406 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
@@ -11,6 +11,10 @@ module NoSql {
     /** Gets an expression that is interpreted as a code operator in this query. */
     DataFlow::Node getACodeOperator() { none() }
   }
+
+  private class QueryFromModel extends Query {
+    QueryFromModel() { this = ModelOutput::getASinkNode("nosql-injection").asSink() }
+  }
 }
 
 /** DEPRECATED: Alias for NoSql */
@@ -24,7 +28,7 @@ private module MongoDB {
     override predicate row(string row) {
       // In Mongo version 2.x, a client and a database handle were the same concept, but in 3.x
       // they were separated. To handle everything with a single model, we treat them as the same here.
-      row = "mongodb;Db;mongodb;MongoClient;"
+      row = "mongodb.Db;mongodb.MongoClient;"
     }
   }
 
@@ -42,11 +46,11 @@ private module MongoDB {
   /** A call to a MongoDB query method. */
   private class QueryCall extends DatabaseAccess, API::CallNode {
     QueryCall() {
-      this = ModelOutput::getATypeNode("mongodb", "Collection").getAMember().getACall() and
+      this = ModelOutput::getATypeNode("mongodb.Collection").getAMember().getACall() and
       not this.getCalleeName() = ["toString", "valueOf", "getLogger"]
       or
       this =
-        ModelOutput::getATypeNode("mongodb", ["Db", "MongoClient"])
+        ModelOutput::getATypeNode(["mongodb.Db", "mongodb.MongoClient"])
             .getMember(["watch", "aggregate"])
             .getACall()
     }
@@ -63,7 +67,7 @@ private module MongoDB {
 
   private class Insertion extends DatabaseAccess, API::CallNode {
     Insertion() {
-      this = ModelOutput::getATypeNode("mongodb", "Collection").getAMember().getACall() and
+      this = ModelOutput::getATypeNode("mongodb.Collection").getAMember().getACall() and
       this.getCalleeName().matches("insert%")
     }
 
@@ -105,9 +109,7 @@ private module Mongoose {
   private class QueryCall extends DatabaseAccess, API::CallNode {
     QueryCall() {
       this =
-        ModelOutput::getATypeNode("mongoose", "Query")
-            .getMember(["exec", "then", "catch"])
-            .getACall()
+        ModelOutput::getATypeNode("mongoose.Query").getMember(["exec", "then", "catch"]).getACall()
     }
 
     override DataFlow::Node getAQueryArgument() { result = this.getReceiver() }
@@ -132,10 +134,10 @@ private module Mongoose {
   private class QueryWithCallback extends DatabaseAccess, API::CallNode {
     QueryWithCallback() {
       this =
-        ModelOutput::getATypeNode("mongoose", ["Document", "Model", "Query"])
+        ModelOutput::getATypeNode(["mongoose.Document", "mongoose.Model", "mongoose.Query"])
             .getAMember()
             .getACall() and
-      this.getReturn() = ModelOutput::getATypeNode("mongoose", "Query") and
+      this.getReturn() = ModelOutput::getATypeNode("mongoose.Query") and
       exists(this.getLastArgument().getABoundFunctionValue(_))
     }
 
@@ -152,7 +154,7 @@ private module Mongoose {
 
     QueryAwait() {
       astNode.getOperand().flow() =
-        ModelOutput::getATypeNode("mongoose", "Query").getAValueReachableFromSource()
+        ModelOutput::getATypeNode("mongoose.Query").getAValueReachableFromSource()
     }
 
     override DataFlow::Node getAQueryArgument() { result = astNode.getOperand().flow() }
@@ -162,7 +164,7 @@ private module Mongoose {
 
   class Insertion extends DatabaseAccess, API::CallNode {
     Insertion() {
-      this = ModelOutput::getATypeNode("mongoose", "Model").getAMember().getACall() and
+      this = ModelOutput::getATypeNode("mongoose.Model").getAMember().getACall() and
       this.getCalleeName().matches("insert%")
     }
 
@@ -180,9 +182,9 @@ private module MarsDB {
     override predicate row(string row) {
       row =
         [
-          "mongoose;Query;marsdb;;Member[Collection].Instance",
-          "mongoose;Model;marsdb;;Member[Collection].Instance",
-          "mongoose;Query;mongoose;Query;Member[sortFunc].ReturnValue",
+          "mongoose.Query;marsdb;Member[Collection].Instance",
+          "mongoose.Model;marsdb;Member[Collection].Instance",
+          "mongoose.Query;mongoose.Query;Member[sortFunc].ReturnValue",
         ]
     }
   }
@@ -251,7 +253,7 @@ private module Redis {
           "set", "publish", "append", "bitfield", "decrby", "getset", "hincrby", "hincrbyfloat",
           "hset", "hsetnx", "incrby", "incrbyfloat", "linsert", "lpush", "lpushx", "lset", "ltrim",
           "rename", "renamenx", "rpushx", "setbit", "setex", "smove", "zincrby", "zinterstore",
-          "hdel", "lpush", "pfadd", "rpush", "sadd", "sdiffstore", "srem"
+          "hdel", "pfadd", "rpush", "sadd", "sdiffstore", "srem"
         ] and
       argIndex = 0
       or
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll b/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll
index 889369c6ea4..190987ba3c9 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll
@@ -4,7 +4,11 @@
 
 import javascript
 import semmle.javascript.frameworks.HTTP
+import semmle.javascript.security.dataflow.RequestForgeryCustomizations as RFC
 
+/**
+ * Provides classes for working with [Restify](https://restify.com/) servers.
+ */
 module Restify {
   /**
    * An expression that creates a new Restify server.
@@ -19,23 +23,23 @@ module Restify {
   /**
    * A Restify route handler.
    */
-  class RouteHandler extends Http::Servers::StandardRouteHandler, DataFlow::ValueNode {
-    Function function;
-
-    RouteHandler() {
-      function = astNode and
-      any(RouteSetup setup).getARouteHandler() = this
-    }
-
+  abstract class RouteHandler extends Http::Servers::StandardRouteHandler, DataFlow::FunctionNode {
     /**
      * Gets the parameter of the route handler that contains the request object.
      */
-    Parameter getRequestParameter() { result = function.getParameter(0) }
+    DataFlow::ParameterNode getRequestParameter() { result = this.getParameter(0) }
 
     /**
      * Gets the parameter of the route handler that contains the response object.
      */
-    Parameter getResponseParameter() { result = function.getParameter(1) }
+    DataFlow::ParameterNode getResponseParameter() { result = this.getParameter(1) }
+  }
+
+  /**
+   * A standard Restify route handler.
+   */
+  class StandardRouteHandler extends RouteHandler, DataFlow::FunctionNode {
+    StandardRouteHandler() { any(RouteSetup setup).getARouteHandler() = this }
   }
 
   /**
@@ -45,7 +49,7 @@ module Restify {
   private class ResponseSource extends Http::Servers::ResponseSource {
     RouteHandler rh;
 
-    ResponseSource() { this = DataFlow::parameterNode(rh.getResponseParameter()) }
+    ResponseSource() { this = rh.getResponseParameter() }
 
     /**
      * Gets the route handler that provides this response.
@@ -60,7 +64,7 @@ module Restify {
   private class RequestSource extends Http::Servers::RequestSource {
     RouteHandler rh;
 
-    RequestSource() { this = DataFlow::parameterNode(rh.getRequestParameter()) }
+    RequestSource() { this = rh.getRequestParameter() }
 
     /**
      * Gets the route handler that handles this request.
@@ -80,7 +84,7 @@ module Restify {
    * A Node.js HTTP response provided by Restify.
    */
   class ResponseNode extends NodeJSLib::ResponseNode {
-    ResponseNode() { src instanceof ResponseSource }
+    ResponseNode() { src instanceof ResponseSource or src instanceof FormatterResponseSource }
   }
 
   /**
@@ -95,14 +99,14 @@ module Restify {
    * A Node.js HTTP request provided by Restify.
    */
   class RequestNode extends NodeJSLib::RequestNode {
-    RequestNode() { src instanceof RequestSource }
+    RequestNode() { src instanceof RequestSource or src instanceof FormatterRequestSource }
   }
 
   /**
    * An access to a user-controlled Restify request input.
    */
   private class RequestInputAccess extends Http::RequestInputAccess {
-    RequestNode request;
+    Http::RequestNode request;
     string kind;
 
     RequestInputAccess() {
@@ -113,23 +117,17 @@ module Restify {
         this.(DataFlow::PropRead).accesses(query, _)
       )
       or
-      exists(string methodName |
-        // `request.href()` or `request.getPath()`
-        kind = "url" and
-        this.(DataFlow::MethodCallNode).calls(request, methodName)
-      |
-        methodName = "href" or
-        methodName = "getPath"
+      exists(DataFlow::PropRead prop |
+        // `request.params.<name>`
+        // `request.query.<name>`
+        kind = "parameter" and
+        prop.accesses(request, ["params", "query"]) and
+        this.(DataFlow::PropRead).accesses(prop, _)
       )
       or
-      // `request.getContentType()`, `request.userAgent()`, `request.trailer(...)`, `request.header(...)`
-      kind = "header" and
-      this.(DataFlow::MethodCallNode)
-          .calls(request, ["getContentType", "userAgent", "trailer", "header"])
-      or
-      // `req.cookies
-      kind = "cookie" and
-      this.(DataFlow::PropRead).accesses(request, "cookies")
+      // `request.href()` or `request.getPath()`
+      kind = "url" and
+      this.(DataFlow::MethodCallNode).calls(request, ["href", "getPath"])
     }
 
     override RouteHandler getRouteHandler() { result = request.getRouteHandler() }
@@ -137,12 +135,35 @@ module Restify {
     override string getKind() { result = kind }
   }
 
+  /**
+   * An access to a header on a Restify request.
+   */
+  private class RequestHeaderAccess extends Http::RequestHeaderAccess instanceof DataFlow::MethodCallNode {
+    RouteHandler rh;
+
+    RequestHeaderAccess() {
+      // `request.getContentType()`, `request.userAgent()`, `request.trailer(...)`, `request.header(...)`
+      this =
+        rh.getARequestSource()
+            .ref()
+            .getAMethodCall(["header", "trailer", "userAgent", "getContentType"])
+    }
+
+    override string getAHeaderName() {
+      super.getArgument(0).mayHaveStringValue(any(string s | s.toLowerCase() = result))
+    }
+
+    override RouteHandler getRouteHandler() { result = rh }
+
+    override string getKind() { result = "header" }
+  }
+
   /**
    * An HTTP header defined in a Restify server.
    */
   private class HeaderDefinition extends Http::Servers::StandardHeaderDefinition {
     HeaderDefinition() {
-      // response.header('Cache-Control', 'no-cache')
+      // res.header('Cache-Control', 'no-cache')
       this.getReceiver() instanceof ResponseNode and
       this.getMethodName() = "header"
     }
@@ -150,6 +171,38 @@ module Restify {
     override RouteHandler getRouteHandler() { this.getReceiver() = result.getAResponseNode() }
   }
 
+  /**
+   * An invocation that sets any number of headers of the HTTP response.
+   */
+  private class MultipleHeaderDefinitions extends Http::ExplicitHeaderDefinition,
+    DataFlow::MethodCallNode {
+    MultipleHeaderDefinitions() {
+      // res.set({'Cache-Control': 'no-cache'})
+      this.getReceiver() instanceof ResponseNode and
+      this.getMethodName() = "set"
+    }
+
+    /**
+     * Gets a reference to the multiple headers object that is to be set.
+     */
+    private DataFlow::ObjectLiteralNode getAHeaderSource() {
+      result = this.getArgument(0).getALocalSource()
+    }
+
+    override predicate definesHeaderValue(string headerName, DataFlow::Node headerValue) {
+      exists(string header |
+        this.getAHeaderSource().hasPropertyWrite(header, headerValue) and
+        headerName = header.toLowerCase()
+      )
+    }
+
+    override DataFlow::Node getNameNode() {
+      result = this.getAHeaderSource().getAPropertyWrite().getPropertyNameExpr().flow()
+    }
+
+    override RouteHandler getRouteHandler() { this.getReceiver() = result.getAResponseNode() }
+  }
+
   /**
    * A call to a Restify method that sets up a route.
    */
@@ -157,13 +210,256 @@ module Restify {
     ServerDefinition server;
 
     RouteSetup() {
-      // server.get('/', fun)
-      // server.head('/', fun)
-      server.ref().getAMethodCall(any(Http::RequestMethodName m).toLowerCase()) = this
+      server
+          .ref()
+          .getAMethodCall([
+              "del", "get", "head", "opts", "post", "put", "patch", "param", "pre", "use", "on"
+            ]) = this
     }
 
-    override DataFlow::SourceNode getARouteHandler() { result.flowsTo(this.getArgument(1)) }
+    override DataFlow::SourceNode getARouteHandler() {
+      exists(DataFlow::Node arg |
+        // server.get('/', fun)
+        // server.get('/', fun1, fun2)
+        // server.get('/', [fun1, fun2])
+        // server.param('name', fun)
+        // server.on('event', fun)
+        this.getMethodName() = ["del", "get", "head", "opts", "post", "put", "patch", "param", "on"] and
+        arg = this.getAnArgument() and
+        not arg = this.getArgument(0)
+        or
+        // server.use(fun)
+        // server.use(fun1, fun2)
+        // server.use([fun1, fun2])
+        this.getMethodName() = ["use", "pre"] and
+        arg = this.getAnArgument()
+      |
+        (
+          // server.use(fun1, fun2)
+          result.flowsTo(arg) and
+          not arg.getALocalSource() instanceof DataFlow::ArrayCreationNode
+          or
+          result.flowsTo(arg.getALocalSource().(DataFlow::ArrayCreationNode).getAnElement())
+        )
+      )
+    }
 
     override DataFlow::Node getServer() { result = server }
   }
+
+  /**
+   * A call to a Restify's createServer method that sets up a formatter.
+   */
+  class FormatterSetup extends DataFlow::CallNode {
+    DataFlow::ObjectLiteralNode formatters;
+
+    FormatterSetup() {
+      // `server = restify.createServer({ formatters: { ... } })`
+      this = DataFlow::moduleMember("restify", "createServer").getACall() and
+      this.getArgument(0)
+          .getALocalSource()
+          .(DataFlow::ObjectLiteralNode)
+          .hasPropertyWrite("formatters", formatters)
+    }
+
+    /**
+     * Gets the formatter handler installed by this setup.
+     */
+    DataFlow::FunctionNode getAFormatterHandler() {
+      result = formatters.getAPropertyWrite().getRhs().getALocalSource()
+    }
+  }
+
+  /**
+   * A Restify route handler.
+   */
+  class FormatterHandler extends Http::Servers::StandardRouteHandler, DataFlow::FunctionNode {
+    FormatterHandler() { any(FormatterSetup setup).getAFormatterHandler() = this }
+
+    /**
+     * Gets the parameter of the formatter handler that contains the request object.
+     */
+    DataFlow::ParameterNode getRequestParameter() { result = this.getParameter(0) }
+
+    /**
+     * Gets the parameter of the formatter handler that contains the response object.
+     */
+    DataFlow::ParameterNode getResponseParameter() { result = this.getParameter(1) }
+
+    /**
+     * Gets the parameter of the formatter handler that contains the body object.
+     */
+    DataFlow::ParameterNode getBodyParameter() { result = this.getParameter(2) }
+  }
+
+  /**
+   * A Restify request source, that is, the request parameter of a
+   * route handler.
+   */
+  private class FormatterRequestSource extends Http::Servers::RequestSource {
+    FormatterHandler fh;
+
+    FormatterRequestSource() { this = fh.getRequestParameter() }
+
+    /**
+     * Gets the formatter handler that handles this request.
+     */
+    override RouteHandler getRouteHandler() { result = fh }
+  }
+
+  /**
+   * A Restify response source, that is, the response parameter of a
+   * route handler.
+   */
+  private class FormatterResponseSource extends Http::Servers::ResponseSource {
+    FormatterHandler fh;
+
+    FormatterResponseSource() { this = fh.getResponseParameter() }
+
+    /**
+     * Gets the route handler that provides this response.
+     */
+    override RouteHandler getRouteHandler() { result = fh }
+  }
+
+  /**
+   * An argument passed to the `send` method of an HTTP response object.
+   */
+  private class ResponseSendArgument extends Http::ResponseSendArgument {
+    RouteHandler rh;
+
+    ResponseSendArgument() {
+      this = rh.getAResponseSource().ref().getAMethodCall(["send", "sendRaw"]).getArgument(0)
+    }
+
+    override RouteHandler getRouteHandler() { result = rh }
+  }
+
+  /**
+   * An expression returned by a formatter
+   */
+  private class FormatterOutput extends Http::ResponseSendArgument {
+    FormatterHandler fh;
+
+    FormatterOutput() { this = fh.getAReturn() }
+
+    override Http::RouteHandler getRouteHandler() { result = fh }
+  }
+
+  /**
+   * An invocation of the `redirect` method of an HTTP response object.
+   */
+  private class RedirectInvocation extends Http::RedirectInvocation, DataFlow::MethodCallNode {
+    RouteHandler rh;
+
+    RedirectInvocation() { this = rh.getAResponseSource().ref().getAMethodCall("redirect") }
+
+    override DataFlow::Node getUrlArgument() {
+      this.getNumArgument() = 3 and
+      result = this.getArgument(1)
+      or
+      this.getNumArgument() = 2 and
+      this.getArgument(0).getALocalSource().hasPropertyWrite("hostname", result)
+      or
+      this.getNumArgument() = 2 and
+      result = this.getArgument(0)
+    }
+
+    override RouteHandler getRouteHandler() { result = rh }
+  }
+
+  /**
+   * A function that looks like a Restify route handler.
+   *
+   * For example, this could be the function `function(req, res, next){...}`.
+   */
+  class RouteHandlerCandidate extends Http::RouteHandlerCandidate {
+    RouteHandlerCandidate() {
+      // heuristic: parameter names match the Restify documentation
+      astNode.getNumParameter() = [2, 3] and
+      astNode.getParameter(0).getName() = ["request", "req"] and
+      astNode.getParameter(1).getName() = ["response", "res"] and
+      not astNode.getParameter(2).getName() != "next" and
+      // heuristic: is not invoked (Restify invokes this at a call site we cannot reason precisely about)
+      not exists(DataFlow::InvokeNode cs | cs.getACallee() = astNode)
+    }
+  }
+
+  /**
+   * The URL of a Restify client, viewed as a sink for request forgery.
+   */
+  class RequestForgerySink extends RFC::RequestForgery::Sink {
+    RequestForgerySink() {
+      exists(DataFlow::Node arg |
+        DataFlow::moduleMember("restify-clients",
+          ["createClient", "createJsonClient", "createStringClient"]).getACall().getArgument(0) =
+          arg and
+        (
+          arg.getALocalSource().(DataFlow::ObjectLiteralNode).hasPropertyWrite("url", this)
+          or
+          not arg.getALocalSource() instanceof DataFlow::ObjectLiteralNode and
+          this = arg
+        )
+      )
+    }
+
+    override DataFlow::Node getARequest() {
+      // returning the createClient argument itself since there is no request associated to the client yet.
+      // `getARequest()` is only used for display purposes
+      result = this
+    }
+
+    override string getKind() { result = "host" }
+  }
+
+  /**
+   * A header produced by a formatter
+   */
+  private class FormatterContentTypeHeader extends Http::ImplicitHeaderDefinition,
+    DataFlow::FunctionNode instanceof FormatterHandler {
+    string contentType;
+
+    FormatterContentTypeHeader() {
+      exists(DataFlow::PropWrite write |
+        write.getRhs() = this and
+        write.getPropertyName() = contentType
+      )
+    }
+
+    override predicate defines(string headerName, string headerValue) {
+      headerName = "content-type" and headerValue = contentType
+    }
+
+    override Http::RouteHandler getRouteHandler() { result = this }
+  }
+
+  /**
+   * A header produced by a route handler with no explicit declaration of a Content-Type.
+   */
+  private class ContentTypeRouteHandlerHeader extends Http::ImplicitHeaderDefinition,
+    DataFlow::FunctionNode instanceof RouteHandler {
+    override predicate defines(string headerName, string headerValue) {
+      headerName = "content-type" and headerValue = "application/json"
+    }
+
+    override Http::RouteHandler getRouteHandler() { result = this }
+  }
+
+  /** A Restify router */
+  private class RouterRange extends Routing::Router::Range {
+    ServerDefinition def;
+
+    RouterRange() { this = def }
+
+    override DataFlow::SourceNode getAReference() { result = def.ref() }
+  }
+
+  private class RoutingTreeSetup extends Routing::RouteSetup::MethodCall instanceof RouteSetup {
+    override string getRelativePath() {
+      not this.getMethodName() = ["use", "pre", "param", "on"] and // do not treat parameter name as a path
+      result = this.getArgument(0).getStringValue()
+    }
+
+    override Http::RequestMethodName getHttpMethod() { result.toLowerCase() = this.getMethodName() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
index 8bbeb1cbf55..2eace281e84 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
@@ -357,7 +357,7 @@ private module Sequelize {
   // Note: the sinks are specified directly in the MaD model
   class SequelizeSource extends ModelInput::SourceModelCsv {
     override predicate row(string row) {
-      row = "sequelize;Sequelize;Member[query].ReturnValue.Awaited;database-access-result"
+      row = "sequelize.Sequelize;Member[query].ReturnValue.Awaited;database-access-result"
     }
   }
 }
@@ -365,13 +365,13 @@ private module Sequelize {
 private module SpannerCsv {
   class SpannerSinks extends ModelInput::SinkModelCsv {
     override predicate row(string row) {
-      // package; type; path; kind
+      // type; path; kind
       row =
         [
-          "@google-cloud/spanner;~SqlExecutorDirect;Argument[0];sql-injection",
-          "@google-cloud/spanner;~SqlExecutorDirect;Argument[0].Member[sql];sql-injection",
-          "@google-cloud/spanner;Transaction;Member[batchUpdate].Argument[0];sql-injection",
-          "@google-cloud/spanner;Transaction;Member[batchUpdate].Argument[0].ArrayElement.Member[sql];sql-injection",
+          "@google-cloud/spanner.~SqlExecutorDirect;Argument[0];sql-injection",
+          "@google-cloud/spanner.~SqlExecutorDirect;Argument[0].Member[sql];sql-injection",
+          "@google-cloud/spanner.Transaction;Member[batchUpdate].Argument[0];sql-injection",
+          "@google-cloud/spanner.Transaction;Member[batchUpdate].Argument[0].ArrayElement.Member[sql];sql-injection",
         ]
     }
   }
@@ -380,10 +380,10 @@ private module SpannerCsv {
     override predicate row(string row) {
       row =
         [
-          "@google-cloud/spanner;~SpannerObject;Member[executeSql].Argument[0..].Parameter[1];database-access-result",
-          "@google-cloud/spanner;~SpannerObject;Member[executeSql].ReturnValue.Awaited.Member[0];database-access-result",
-          "@google-cloud/spanner;~SpannerObject;Member[run].ReturnValue.Awaited;database-access-result",
-          "@google-cloud/spanner;~SpannerObject;Member[run].Argument[0..].Parameter[1];database-access-result",
+          "@google-cloud/spanner.~SpannerObject;Member[executeSql].Argument[0..].Parameter[1];database-access-result",
+          "@google-cloud/spanner.~SpannerObject;Member[executeSql].ReturnValue.Awaited.Member[0];database-access-result",
+          "@google-cloud/spanner.~SpannerObject;Member[run].ReturnValue.Awaited;database-access-result",
+          "@google-cloud/spanner.~SpannerObject;Member[run].Argument[0..].Parameter[1];database-access-result",
         ]
     }
   }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Spife.qll b/javascript/ql/lib/semmle/javascript/frameworks/Spife.qll
new file mode 100644
index 00000000000..7435c23d8c2
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Spife.qll
@@ -0,0 +1,433 @@
+/**
+ * Provides classes for working with [Spife](https://github.com/npm/spife) applications.
+ */
+
+import javascript
+import semmle.javascript.frameworks.HTTP
+private import DataFlow
+
+/**
+ * Provides classes for working with [Spife](https://github.com/npm/spife) applications.
+ */
+module Spife {
+  /**
+   * A call to a Spife method that sets up a route.
+   */
+  private class RouteSetup extends DataFlow::CallNode, Http::Servers::StandardRouteSetup {
+    TaggedTemplateExpr template;
+
+    RouteSetup() {
+      this.getCalleeNode().asExpr() = template and
+      API::moduleImport(["@npm/spife/routing", "spife/routing"])
+          .asSource()
+          .flowsToExpr(template.getTag())
+    }
+
+    private string getRoutePattern() {
+      // Concatenate the constant parts of the expression
+      result =
+        strictconcat(Expr e, int i |
+          e = template.getTemplate().getElement(i) and exists(e.getStringValue())
+        |
+          e.getStringValue() order by i
+        )
+    }
+
+    private string getARouteLine() {
+      result = this.getRoutePattern().splitAt("\n").regexpReplaceAll(" +", " ").trim()
+    }
+
+    private predicate hasLine(string method, string path, string handlerName) {
+      exists(string line | line = this.getARouteLine() |
+        line.splitAt(" ", 0) = method and
+        line.splitAt(" ", 1) = path and
+        line.splitAt(" ", 2) = handlerName
+      )
+    }
+
+    DataFlow::SourceNode getHandlerDefinitions(TypeBackTracker t) {
+      t.start() and
+      result = this.getArgument(0).getALocalSource()
+      or
+      exists(TypeBackTracker t2 | result = this.getHandlerDefinitions(t2).backtrack(t2, t))
+    }
+
+    DataFlow::SourceNode getHandlerDefinitions() {
+      result = this.getHandlerDefinitions(TypeBackTracker::end())
+    }
+
+    DataFlow::SourceNode getHandlerByName(string name) {
+      result = this.getHandlerDefinitions().getAPropertySource(name)
+    }
+
+    DataFlow::SourceNode getHandlerByRoute(string method, string path) {
+      exists(string handlerName |
+        this.hasLine(method, path, handlerName) and
+        result = this.getHandlerByName(handlerName)
+      )
+    }
+
+    override DataFlow::SourceNode getARouteHandler() {
+      result = this.getHandlerByRoute(_, _).getALocalSource().(DataFlow::FunctionNode)
+      or
+      exists(DataFlow::MethodCallNode validation |
+        validation = this.getHandlerByRoute(_, _).getALocalSource() and
+        result = validation.getArgument(1).getAFunctionValue()
+      )
+    }
+
+    override DataFlow::Node getServer() { none() }
+  }
+
+  /**
+   * A Spife route handler.
+   */
+  abstract class RouteHandler extends Http::Servers::StandardRouteHandler, DataFlow::FunctionNode {
+    /**
+     * Gets the parameter of the route handler that contains the request object.
+     */
+    DataFlow::ParameterNode getRequestParameter() { result = this.getParameter(0) }
+
+    /**
+     * Gets the parameter of the route handler that contains the context object.
+     */
+    DataFlow::ParameterNode getContextParameter() { result = this.getParameter(1) }
+  }
+
+  /**
+   * A standard Spife route handler.
+   */
+  private class StandardRouteHandler extends RouteHandler, DataFlow::FunctionNode {
+    StandardRouteHandler() { any(RouteSetup setup).getARouteHandler() = this }
+  }
+
+  /**
+   * A function that looks like a Spife route handler.
+   *
+   * For example, this could be the function `function(request, context){...}`.
+   */
+  class RouteHandlerCandidate extends Http::RouteHandlerCandidate {
+    RouteHandlerCandidate() {
+      // heuristic: parameter names match the Restify documentation
+      astNode.getNumParameter() = 2 and
+      astNode.getParameter(0).getName() = ["request", "req"] and
+      astNode.getParameter(1).getName() = ["context", "ctx"]
+    }
+  }
+
+  /**
+   * A Spife request source, that is, the request parameter of a
+   * route handler.
+   */
+  private class RequestSource extends Http::Servers::RequestSource {
+    RouteHandler rh;
+
+    RequestSource() { this = rh.getRequestParameter() }
+
+    /**
+     * Gets the route handler that handles this request.
+     */
+    override RouteHandler getRouteHandler() { result = rh }
+  }
+
+  /**
+   * A Spife context source, that is, the context the parameter of a
+   * route handler.
+   */
+  private class ContextSource extends Http::Servers::RequestSource {
+    RouteHandler rh;
+
+    ContextSource() { this = rh.getContextParameter() }
+
+    /**
+     * Gets the route handler that handles this request.
+     */
+    override RouteHandler getRouteHandler() { result = rh }
+  }
+
+  /**
+   * An access to a user-controlled Spife request input.
+   */
+  private class RequestInputAccess extends Http::RequestInputAccess {
+    RouteHandler rh;
+    string kind;
+
+    RequestInputAccess() {
+      // req.body
+      this = rh.getARequestSource().ref().getAPropertyRead("body") and
+      kind = "body"
+      or
+      // req.query['foo']
+      this = rh.getARequestSource().ref().getAPropertyRead("query").getAPropertyRead() and
+      kind = "parameter"
+      or
+      // req.raw
+      this = rh.getARequestSource().ref().getAPropertyRead("raw") and
+      kind = "raw"
+      or
+      // req.url
+      // req.urlObject
+      this = rh.getARequestSource().ref().getAPropertyRead(["url", "urlObject"]) and
+      kind = "url"
+      or
+      // req.cookie('foo')
+      // req.cookies()
+      this = rh.getARequestSource().ref().getAMethodCall() and
+      this.(DataFlow::MethodCallNode).getMethodName() = ["cookie", "cookies"] and
+      kind = "cookie"
+      or
+      // req.validatedBody.get('foo')
+      this =
+        rh.getARequestSource()
+            .ref()
+            .getAPropertyRead(any(string s | s.matches("validated%")))
+            .getAMethodCall("get") and
+      kind = "body"
+    }
+
+    override RouteHandler getRouteHandler() { result = rh }
+
+    override string getKind() { result = kind }
+  }
+
+  /**
+   * An access to a user-controlled Spife context input.
+   */
+  private class ContextInputAccess extends Http::RequestInputAccess instanceof DataFlow::MethodCallNode {
+    ContextSource request;
+    string kind;
+
+    ContextInputAccess() {
+      this = request.ref().getAMethodCall("get") and
+      kind = "path"
+    }
+
+    override RouteHandler getRouteHandler() { result = request.getRouteHandler() }
+
+    override string getKind() { result = kind }
+  }
+
+  /**
+   * An access to a header on a Spife request.
+   */
+  private class RequestHeaderAccess extends Http::RequestHeaderAccess instanceof DataFlow::PropRead {
+    RouteHandler rh;
+
+    RequestHeaderAccess() {
+      this =
+        rh.getARequestSource().ref().getAPropertyRead(["headers", "rawHeaders"]).getAPropertyRead()
+    }
+
+    override string getAHeaderName() { result = super.getPropertyName().toLowerCase() }
+
+    override RouteHandler getRouteHandler() { result = rh }
+
+    override string getKind() { result = "header" }
+  }
+
+  /**
+   * A Spife response source, that is, the response variable used by a
+   * route handler.
+   */
+  private class ReplyCall extends API::CallNode {
+    boolean isDirectReplyCall;
+
+    ReplyCall() {
+      // reply(resp)
+      this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getACall() and
+      isDirectReplyCall = true
+      or
+      // reply.header(resp, 'foo', 'bar')
+      this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getAMember().getACall() and
+      isDirectReplyCall = false
+    }
+
+    predicate isDirectReplyCall() { isDirectReplyCall = true }
+
+    /**
+     * Gets the route handler that provides this response.
+     */
+    RouteHandler getRouteHandler() {
+      result.getAReturn() = this.getReturn().getAValueReachableFromSource()
+    }
+  }
+
+  /**
+   * An HTTP header defined in a Spife response.
+   */
+  private class SingleHeaderDefinition extends Http::ExplicitHeaderDefinition instanceof ReplyCall {
+    SingleHeaderDefinition() {
+      // reply.header(RESPONSE, 'Cache-Control', 'no-cache')
+      this.getCalleeName() = "header" and
+      this.getNumArgument() = 3
+    }
+
+    override predicate definesHeaderValue(string headerName, DataFlow::Node headerValue) {
+      // reply.header(RESPONSE, 'Cache-Control', 'no-cache')
+      this.getNameNode().mayHaveStringValue(headerName) and
+      headerValue = super.getArgument(2)
+    }
+
+    override DataFlow::Node getNameNode() { result = super.getArgument(1) }
+
+    override RouteHandler getRouteHandler() { result = ReplyCall.super.getRouteHandler() }
+  }
+
+  /**
+   * An invocation that sets any number of headers of the HTTP response.
+   */
+  private class MultipleHeaderDefinitions extends Http::ExplicitHeaderDefinition instanceof ReplyCall {
+    MultipleHeaderDefinitions() {
+      (
+        // reply.header(RESPONSE, {'Cache-Control': 'no-cache'})
+        this.getCalleeName() = "header"
+        or
+        // reply(RESPONSE, {'Cache-Control': 'no-cache'})
+        this.isDirectReplyCall()
+      ) and
+      this.getAnArgument().getALocalSource() instanceof DataFlow::ObjectLiteralNode
+    }
+
+    /**
+     * Gets a reference to the multiple headers object that is to be set.
+     */
+    DataFlow::ObjectLiteralNode getAHeaderSource() {
+      result = super.getAnArgument().getALocalSource()
+    }
+
+    override predicate definesHeaderValue(string headerName, DataFlow::Node headerValue) {
+      exists(string header |
+        this.getAHeaderSource().hasPropertyWrite(header, headerValue) and
+        headerName = header.toLowerCase()
+      )
+    }
+
+    override DataFlow::Node getNameNode() {
+      result = this.getAHeaderSource().getAPropertyWrite().getPropertyNameExpr().flow()
+    }
+
+    override RouteHandler getRouteHandler() { result = ReplyCall.super.getRouteHandler() }
+  }
+
+  /**
+   * A header produced by a route handler with no explicit declaration of a Content-Type.
+   */
+  private class ContentTypeRouteHandlerHeader extends Http::ImplicitHeaderDefinition instanceof RouteHandler {
+    override predicate defines(string headerName, string headerValue) {
+      headerName = "content-type" and headerValue = "application/json"
+    }
+
+    override RouteHandler getRouteHandler() { result = this }
+  }
+
+  /**
+   * An HTTP cookie defined in a Spife HTTP response.
+   */
+  private class CookieDefinition extends Http::CookieDefinition instanceof ReplyCall {
+    CookieDefinition() {
+      // reply.cookie(RESPONSE, 'TEST', 'FOO', {"maxAge": 1000, "httpOnly": true, "secure": true})
+      this.getCalleeName() = "cookie"
+    }
+
+    //  this = any(ReplyCall r).ref().getAMethodCall("cookie")
+    override DataFlow::Node getNameArgument() { result = super.getArgument(1) }
+
+    override DataFlow::Node getValueArgument() { result = super.getArgument(2) }
+
+    override RouteHandler getRouteHandler() { result = ReplyCall.super.getRouteHandler() }
+  }
+
+  /**
+   * A response sent using a method on the `reply` object.
+   */
+  private class ReplyMethodCallArgument extends Http::ResponseSendArgument {
+    ReplyCall reply;
+
+    ReplyMethodCallArgument() {
+      // reply.header(RESPONSE, {'Cache-Control': 'no-cache'})
+      reply.getCalleeName() =
+        ["cookie", "link", "header", "headers", "raw", "status", "toStream", "vary"] and
+      reply.getArgument(0) = this
+    }
+
+    override RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
+  }
+
+  /**
+   * A response sent using the `reply()` method.
+   */
+  private class ReplyCallArgument extends Http::ResponseSendArgument {
+    ReplyCall reply;
+
+    ReplyCallArgument() {
+      // reply(RESPONSE, {'Cache-Control': 'no-cache'})
+      reply.isDirectReplyCall() and
+      reply.getArgument(0) = this
+    }
+
+    override RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
+  }
+
+  /**
+   * The return statement for a route handler.
+   */
+  private class RouteHandlerReturn extends Http::ResponseSendArgument {
+    RouteHandler rh;
+
+    RouteHandlerReturn() {
+      this = rh.getAReturn() and not this.getALocalSource() instanceof ReplyCall
+    }
+
+    override RouteHandler getRouteHandler() { result = rh }
+  }
+
+  /**
+   * A call to `reply.template('template', { ... })`, seen as a template instantiation.
+   */
+  private class TemplateCall extends Templating::TemplateInstantiation::Range instanceof ReplyCall {
+    TemplateCall() { this.getCalleeName() = "template" }
+
+    override DataFlow::SourceNode getOutput() { result = this }
+
+    override DataFlow::Node getTemplateFileNode() { result = super.getArgument(0) }
+
+    override DataFlow::Node getTemplateParamsNode() { result = super.getArgument(1) }
+  }
+
+  /**
+   * An object passed to the `template` method of the reply object.
+   */
+  private class TemplateObjectInput extends DataFlow::Node {
+    ReplyCall call;
+
+    TemplateObjectInput() { this = call.getArgument(1) }
+
+    /**
+     * Gets the route handler that uses this object.
+     */
+    RouteHandler getRouteHandler() { result = call.getRouteHandler() }
+  }
+
+  /**
+   * An expression passed to the `template` method of the reply object
+   * as the value of a template variable.
+   */
+  private class TemplateInput extends Http::ResponseBody {
+    TemplateObjectInput obj;
+
+    TemplateInput() { obj.getALocalSource().hasPropertyWrite(_, this) }
+
+    override RouteHandler getRouteHandler() { result = obj.getRouteHandler() }
+  }
+
+  /**
+   * An invocation of the `redirect` method of an HTTP response object.
+   */
+  private class RedirectInvocation extends Http::RedirectInvocation instanceof ReplyCall {
+    RedirectInvocation() { this.getCalleeName() = "redirect" }
+
+    override DataFlow::Node getUrlArgument() { result = this.getAnArgument() }
+
+    override RouteHandler getRouteHandler() { result = ReplyCall.super.getRouteHandler() }
+  }
+}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll b/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
index d66ca3baab2..ae68f085703 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
@@ -174,23 +174,19 @@ module Templating {
   /**
    * A place where a template is instantiated or rendered.
    */
-  class TemplateInstantiation extends DataFlow::Node {
-    TemplateInstantiation::Range range;
-
-    TemplateInstantiation() { this = range }
-
+  class TemplateInstantiation extends DataFlow::Node instanceof TemplateInstantiation::Range {
     /** Gets a data flow node that refers to the instantiated template string, if any. */
-    DataFlow::SourceNode getOutput() { result = range.getOutput() }
+    DataFlow::SourceNode getOutput() { result = super.getOutput() }
 
     /** Gets a data flow node that refers a template file to be instantiated, if any. */
-    DataFlow::Node getTemplateFileNode() { result = range.getTemplateFileNode() }
+    DataFlow::Node getTemplateFileNode() { result = super.getTemplateFileNode() }
 
     /** Gets a data flow node that refers to an object whose properties become variables in the template. */
-    DataFlow::Node getTemplateParamsNode() { result = range.getTemplateParamsNode() }
+    DataFlow::Node getTemplateParamsNode() { result = super.getTemplateParamsNode() }
 
     /** Gets a data flow node that provides the value for the template variable at the given access path. */
     DataFlow::Node getTemplateParamForValue(string accessPath) {
-      result = range.getTemplateParamForValue(accessPath)
+      result = super.getTemplateParamForValue(accessPath)
     }
 
     /** Gets the template file instantiated here, if any. */
@@ -203,7 +199,7 @@ module Templating {
      *
      * If not known, the relevant syntax will be determined by a heuristic.
      */
-    TemplateSyntax getTemplateSyntax() { result = range.getTemplateSyntax() }
+    TemplateSyntax getTemplateSyntax() { result = super.getTemplateSyntax() }
   }
 
   /** Companion module to the `TemplateInstantiation` class. */
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll b/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll
index 95a372025e2..f3eb2e5bb0d 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll
@@ -115,11 +115,6 @@ module Vue {
     kind = DataFlow::MemberKind::setter() and result = "set"
   }
 
-  /**
-   * DEPRECATED. This class has been renamed to `Vue::Component`.
-   */
-  deprecated class Instance = Component;
-
   /**
    * A Vue component, such as a `new Vue({ ... })` call or a `.vue` file.
    *
@@ -383,23 +378,6 @@ module Vue {
     }
   }
 
-  /**
-   * DEPRECATED. Use `Vue::Component` instead.
-   *
-   * A Vue component from `new Vue({...})`.
-   */
-  deprecated class VueInstance extends Component {
-    VueInstance() {
-      // restrict charpred to match original behavior
-      this = MkComponentInstantiation(vueLibrary().getAnInstantiation())
-    }
-  }
-
-  /**
-   * DEPRECATED. Use `Vue::ComponentExtension` or `Vue::Component` instead.
-   */
-  deprecated class ExtendedVue = ComponentExtension;
-
   /**
    * A component created via an explicit call to `Vue.extend({...})` or `CustomComponent.extend({...})`.
    */
@@ -429,19 +407,6 @@ module Vue {
     }
   }
 
-  /**
-   * DEPRECATED. Use `Vue::Component` instead.
-   *
-   * An instance of an extended Vue, for example `instance` of `var Ext = Vue.extend({...}); var instance = new Ext({...})`.
-   */
-  deprecated class ExtendedInstance extends Component {
-    ExtendedInstance() {
-      // restrict charpred to match original behavior
-      this =
-        MkComponentInstantiation(vueLibrary().getMember("extend").getReturn().getAnInstantiation())
-    }
-  }
-
   /**
    * A Vue component from `Vue.component("my-component", { ... })`.
    */
@@ -568,9 +533,6 @@ module Vue {
     }
   }
 
-  /** DEPRECATED. Do not use. */
-  deprecated class InstanceHeapStep = PropStep;
-
   /**
    * A Vue `v-html` attribute.
    */
@@ -609,11 +571,6 @@ module Vue {
     }
   }
 
-  /**
-   * DEPRECATED. Do not use.
-   */
-  deprecated class VHtmlSourceWrite = VHtmlAttributeStep;
-
   /*
    * Provides classes for working with Vue templates.
    */
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
index 9b2428f3413..1b7e8cb326a 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
@@ -5,23 +5,20 @@
  *
  * The CSV specification has the following columns:
  * - Sources:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Sinks:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Summaries:
- *   `package; type; path; input; output; kind`
+ *   `type; path; input; output; kind`
  * - Types:
- *   `package1; type1; package2; type2; path`
+ *   `type1; type2; path`
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
- * 1. The `package` column selects a package name, as it would be referenced in the source code,
- *    such as an NPM package, PIP package, or Ruby gem. (See `ModelsAsData.qll` for language-specific details).
- *    It may also be a synthetic package used for a type definition (see type definitions below).
- * 2. The `type` column selects all instances of a named type originating from that package,
- *    or the empty string if referring to the package itself.
+ * 1. The `type` column selects all instances of a named type. The syntax of this column is language-specific.
+ *    The language defines some type names that the analysis knows how to identify without models.
  *    It can also be a synthetic type name defined by a type definition (see type definitions below).
- * 3. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `package` and `type`.
+ * 2. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `type`.
  *
  *    Every language supports the following tokens:
  *     - Argument[n]: the n-th argument to a call. May be a range of form `x..y` (inclusive) and/or a comma-separated list.
@@ -42,10 +39,10 @@
  *
  *    For the time being, please consult `ApiGraphModelsSpecific.qll` to see which language-specific tokens are currently supported.
  *
- * 4. The `input` and `output` columns specify how data enters and leaves the element selected by the
- *    first `(package, type, path)` tuple. Both strings are `.`-separated access paths
+ * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
+ *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 5. The `kind` column is a tag that can be referenced from QL to determine to
+ * 4. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
  *    `"taint"` indicates a default additional taint step and `"value"` indicates a
@@ -53,17 +50,17 @@
  *
  * ### Types
  *
- * A type row of form `package1; type1; package2; type2; path` indicates that `package2; type2; path`
- * should be seen as an instance of the type `package1; type1`.
+ * A type row of form `type1; type2; path` indicates that `type2; path`
+ * should be seen as an instance of the type `type1`.
  *
- * A `(package,type)` pair may refer to a static type or a synthetic type name used internally in the model.
+ * A type may refer to a static type or a synthetic type name used internally in the model.
  * Synthetic type names can be used to reuse intermediate sub-paths, when there are multiple ways to access the same
  * element.
- * See `ModelsAsData.qll` for the language-specific interpretation of packages and static type names.
+ * See `ModelsAsData.qll` for the language-specific interpretation of type names.
  *
- * By convention, if one wants to avoid clashes with static types from the package, the type name
- * should be prefixed with a tilde character (`~`). For example, `(foo, ~Bar)` can be used to indicate that
- * the type is related to the `foo` package but is not intended to match a static type.
+ * By convention, if one wants to avoid clashes with static types, the type name
+ * should be prefixed with a tilde character (`~`). For example, `~Bar` can be used to indicate that
+ * the type is not intended to match a static type.
  */
 
 private import ApiGraphModelsSpecific as Specific
@@ -75,6 +72,7 @@ private module API = Specific::API;
 private module DataFlow = Specific::DataFlow;
 
 private import Specific::AccessPathSyntax
+private import ApiGraphModelsExtensions as Extensions
 
 /** Module containing hooks for providing input data to be interpreted as a model. */
 module ModelInput {
@@ -89,9 +87,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a flow
+     * indicates that the value at `(type, path)` should be seen as a flow
      * source of the given `kind`.
      *
      * The kind `remote` represents a general remote flow source.
@@ -110,9 +108,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a sink
+     * indicates that the value at `(type, path)` should be seen as a sink
      * of the given `kind`.
      */
     abstract predicate row(string row);
@@ -129,9 +127,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;input;output;kind
+     * type;path;input;output;kind
      * ```
-     * indicates that for each call to `(package, type, path)`, the value referred to by `input`
+     * indicates that for each call to `(type, path)`, the value referred to by `input`
      * can flow to the value referred to by `output`.
      *
      * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
@@ -151,9 +149,9 @@ module ModelInput {
      *
      * A row of form,
      * ```
-     * package1;type1;package2;type2;path
+     * type1;type2;path
      * ```
-     * indicates that `(package2, type2, path)` should be seen as an instance of `(package1, type1)`.
+     * indicates that `(type2, path)` should be seen as an instance of `type1`.
      */
     abstract predicate row(string row);
   }
@@ -163,28 +161,28 @@ module ModelInput {
    */
   class TypeModel extends Unit {
     /**
-     * Gets a data-flow node that is a source of the type `package;type`.
+     * Gets a data-flow node that is a source of the given `type`.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the source.
      */
-    DataFlow::Node getASource(string package, string type) { none() }
+    DataFlow::Node getASource(string type) { none() }
 
     /**
-     * Gets a data-flow node that is a sink of the type `package;type`,
+     * Gets a data-flow node that is a sink of the given `type`,
      * usually because it is an argument passed to a parameter of that type.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the sink.
      */
-    DataFlow::Node getASink(string package, string type) { none() }
+    DataFlow::Node getASink(string type) { none() }
 
     /**
-     * Gets an API node that is a source or sink of the type `package;type`.
+     * Gets an API node that is a source or sink of the given `type`.
      *
      * Unlike `getASource` and `getASink`, this may depend on API graphs.
      */
-    API::Node getAnApiNode(string package, string type) { none() }
+    API::Node getAnApiNode(string type) { none() }
   }
 
   /**
@@ -209,7 +207,7 @@ private import ModelInput
 /**
  * An empty class, except in specific tests.
  *
- * If this is non-empty, all models are parsed even if the package is not
+ * If this is non-empty, all models are parsed even if the type name is not
  * considered relevant for the current database.
  */
 abstract class TestAllModels extends Unit { }
@@ -232,54 +230,53 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row
 private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) }
 
 /** Holds if a source model exists for the given parameters. */
-predicate sourceModel(string package, string type, string path, string kind) {
+predicate sourceModel(string type, string path, string kind) {
   exists(string row |
     sourceModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sourceModel(type, path, kind)
 }
 
 /** Holds if a sink model exists for the given parameters. */
-private predicate sinkModel(string package, string type, string path, string kind) {
+private predicate sinkModel(string type, string path, string kind) {
   exists(string row |
     sinkModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sinkModel(type, path, kind)
 }
 
 /** Holds if a summary model `row` exists for the given parameters. */
-private predicate summaryModel(
-  string package, string type, string path, string input, string output, string kind
-) {
+private predicate summaryModel(string type, string path, string input, string output, string kind) {
   exists(string row |
     summaryModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = input and
-    row.splitAt(";", 4) = output and
-    row.splitAt(";", 5) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = input and
+    row.splitAt(";", 3) = output and
+    row.splitAt(";", 4) = kind
   )
+  or
+  Extensions::summaryModel(type, path, input, output, kind)
 }
 
 /** Holds if a type model exists for the given parameters. */
-private predicate typeModel(
-  string package1, string type1, string package2, string type2, string path
-) {
+private predicate typeModel(string type1, string type2, string path) {
   exists(string row |
     typeModel(row) and
-    row.splitAt(";", 0) = package1 and
-    row.splitAt(";", 1) = type1 and
-    row.splitAt(";", 2) = package2 and
-    row.splitAt(";", 3) = type2 and
-    row.splitAt(";", 4) = path
+    row.splitAt(";", 0) = type1 and
+    row.splitAt(";", 1) = type2 and
+    row.splitAt(";", 2) = path
   )
+  or
+  Extensions::typeModel(type1, type2, path)
 }
 
 /** Holds if a type variable model exists for the given parameters. */
@@ -289,64 +286,55 @@ private predicate typeVariableModel(string name, string path) {
     row.splitAt(";", 0) = name and
     row.splitAt(";", 1) = path
   )
-}
-
-/**
- * Gets a package that should be seen as an alias for the given other `package`,
- * or the `package` itself.
- */
-bindingset[package]
-bindingset[result]
-string getAPackageAlias(string package) {
-  typeModel(package, "", result, "", "")
   or
-  result = package
+  Extensions::typeVariableModel(name, path)
 }
 
 /**
- * Holds if CSV rows involving `package` might be relevant for the analysis of this database.
+ * Holds if CSV rows involving `type` might be relevant for the analysis of this database.
  */
-private predicate isRelevantPackage(string package) {
+predicate isRelevantType(string type) {
   (
-    sourceModel(package, _, _, _) or
-    sinkModel(package, _, _, _) or
-    summaryModel(package, _, _, _, _, _) or
-    typeModel(_, _, package, _, _)
+    sourceModel(type, _, _) or
+    sinkModel(type, _, _) or
+    summaryModel(type, _, _, _, _) or
+    typeModel(_, type, _)
   ) and
   (
-    Specific::isPackageUsed(package)
+    Specific::isTypeUsed(type)
     or
     exists(TestAllModels t)
   )
   or
-  exists(string other |
-    isRelevantPackage(other) and
-    typeModel(package, _, other, _, _)
+  exists(string other | isRelevantType(other) |
+    typeModel(type, other, _)
+    or
+    Specific::hasImplicitTypeModel(type, other)
   )
 }
 
 /**
- * Holds if `package,type,path` is used in some CSV row.
+ * Holds if `type,path` is used in some CSV row.
  */
 pragma[nomagic]
-predicate isRelevantFullPath(string package, string type, string path) {
-  isRelevantPackage(package) and
+predicate isRelevantFullPath(string type, string path) {
+  isRelevantType(type) and
   (
-    sourceModel(package, type, path, _) or
-    sinkModel(package, type, path, _) or
-    summaryModel(package, type, path, _, _, _) or
-    typeModel(_, _, package, type, path)
+    sourceModel(type, path, _) or
+    sinkModel(type, path, _) or
+    summaryModel(type, path, _, _, _) or
+    typeModel(_, type, path)
   )
 }
 
 /** A string from a CSV row that should be parsed as an access path. */
 private class AccessPathRange extends AccessPath::Range {
   AccessPathRange() {
-    isRelevantFullPath(_, _, this)
+    isRelevantFullPath(_, this)
     or
-    exists(string package | isRelevantPackage(package) |
-      summaryModel(package, _, _, this, _, _) or
-      summaryModel(package, _, _, _, this, _)
+    exists(string type | isRelevantType(type) |
+      summaryModel(type, _, this, _, _) or
+      summaryModel(type, _, _, this, _)
     )
     or
     typeVariableModel(_, this)
@@ -400,83 +388,73 @@ private predicate invocationMatchesCallSiteFilter(Specific::InvokeNode invoke, A
 }
 
 private class TypeModelUseEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelUseEntry() {
-    exists(any(TypeModel tm).getASource(package, type)) and
-    this = "TypeModelUseEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASource(type)) and
+    this = "TypeModelUseEntry;" + type
   }
 
-  override DataFlow::LocalSourceNode getASource() {
-    result = any(TypeModel tm).getASource(package, type)
-  }
+  override DataFlow::LocalSourceNode getASource() { result = any(TypeModel tm).getASource(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 private class TypeModelDefEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelDefEntry() {
-    exists(any(TypeModel tm).getASink(package, type)) and
-    this = "TypeModelDefEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASink(type)) and
+    this = "TypeModelDefEntry;" + type
   }
 
-  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(package, type) }
+  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 /**
- * Gets an API node identified by the given `(package,type)` pair.
+ * Gets an API node identified by the given `type`.
  */
 pragma[nomagic]
-private API::Node getNodeFromType(string package, string type) {
-  exists(string package2, string type2, AccessPath path2 |
-    typeModel(package, type, package2, type2, path2) and
-    result = getNodeFromPath(package2, type2, path2)
+private API::Node getNodeFromType(string type) {
+  exists(string type2, AccessPath path2 |
+    typeModel(type, type2, path2) and
+    result = getNodeFromPath(type2, path2)
   )
   or
-  result = any(TypeModelUseEntry e).getNodeForType(package, type)
+  result = any(TypeModelUseEntry e).getNodeForType(type)
   or
-  result = any(TypeModelDefEntry e).getNodeForType(package, type)
+  result = any(TypeModelDefEntry e).getNodeForType(type)
   or
-  result = any(TypeModel t).getAnApiNode(package, type)
+  result = any(TypeModel t).getAnApiNode(type)
   or
-  result = Specific::getExtraNodeFromType(package, type)
+  result = Specific::getExtraNodeFromType(type)
 }
 
 /**
- * Gets the API node identified by the first `n` tokens of `path` in the given `(package, type, path)` tuple.
+ * Gets the API node identified by the first `n` tokens of `path` in the given `(type, path)` tuple.
  */
 pragma[nomagic]
-private API::Node getNodeFromPath(string package, string type, AccessPath path, int n) {
-  isRelevantFullPath(package, type, path) and
+private API::Node getNodeFromPath(string type, AccessPath path, int n) {
+  isRelevantFullPath(type, path) and
   (
     n = 0 and
-    result = getNodeFromType(package, type)
+    result = getNodeFromType(type)
     or
-    result = Specific::getExtraNodeFromPath(package, type, path, n)
+    result = Specific::getExtraNodeFromPath(type, path, n)
   )
   or
-  result = getSuccessorFromNode(getNodeFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromNode(getNodeFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Similar to the other recursive case, but where the path may have stepped through one or more call-site filters
-  result =
-    getSuccessorFromInvoke(getInvocationFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromInvoke(getInvocationFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Apply a subpath
-  result =
-    getNodeFromSubPath(getNodeFromPath(package, type, path, n - 1), getSubPathAt(path, n - 1))
+  result = getNodeFromSubPath(getNodeFromPath(type, path, n - 1), getSubPathAt(path, n - 1))
   or
   // Apply a type step
-  typeStep(getNodeFromPath(package, type, path, n), result)
+  typeStep(getNodeFromPath(type, path, n), result)
 }
 
 /**
@@ -496,15 +474,15 @@ private AccessPath getSubPathAt(AccessPath path, int n) {
 pragma[nomagic]
 private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath, int n) {
   exists(AccessPath path, int k |
-    base = [getNodeFromPath(_, _, path, k), getNodeFromSubPath(_, path, k)] and
+    base = [getNodeFromPath(_, path, k), getNodeFromSubPath(_, path, k)] and
     subPath = getSubPathAt(path, k) and
     result = base and
     n = 0
   )
   or
-  exists(string package, string type, AccessPath basePath |
-    typeStepModel(package, type, basePath, subPath) and
-    base = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath |
+    typeStepModel(type, basePath, subPath) and
+    base = getNodeFromPath(type, basePath) and
     result = base and
     n = 0
   )
@@ -543,42 +521,40 @@ private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath) {
   result = getNodeFromSubPath(base, subPath, subPath.getNumToken())
 }
 
-/** Gets the node identified by the given `(package, type, path)` tuple. */
-private API::Node getNodeFromPath(string package, string type, AccessPath path) {
-  result = getNodeFromPath(package, type, path, path.getNumToken())
+/** Gets the node identified by the given `(type, path)` tuple. */
+private API::Node getNodeFromPath(string type, AccessPath path) {
+  result = getNodeFromPath(type, path, path.getNumToken())
 }
 
 pragma[nomagic]
-private predicate typeStepModel(string package, string type, AccessPath basePath, AccessPath output) {
-  summaryModel(package, type, basePath, "", output, "type")
+private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) {
+  summaryModel(type, basePath, "", output, "type")
 }
 
 pragma[nomagic]
 private predicate typeStep(API::Node pred, API::Node succ) {
-  exists(string package, string type, AccessPath basePath, AccessPath output |
-    typeStepModel(package, type, basePath, output) and
-    pred = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath, AccessPath output |
+    typeStepModel(type, basePath, output) and
+    pred = getNodeFromPath(type, basePath) and
     succ = getNodeFromSubPath(pred, output)
   )
 }
 
 /**
- * Gets an invocation identified by the given `(package, type, path)` tuple.
+ * Gets an invocation identified by the given `(type, path)` tuple.
  *
  * Unlike `getNodeFromPath`, the `path` may end with one or more call-site filters.
  */
-private Specific::InvokeNode getInvocationFromPath(
-  string package, string type, AccessPath path, int n
-) {
-  result = Specific::getAnInvocationOf(getNodeFromPath(package, type, path, n))
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path, int n) {
+  result = Specific::getAnInvocationOf(getNodeFromPath(type, path, n))
   or
-  result = getInvocationFromPath(package, type, path, n - 1) and
+  result = getInvocationFromPath(type, path, n - 1) and
   invocationMatchesCallSiteFilter(result, path.getToken(n - 1))
 }
 
-/** Gets an invocation identified by the given `(package, type, path)` tuple. */
-private Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path) {
-  result = getInvocationFromPath(package, type, path, path.getNumToken())
+/** Gets an invocation identified by the given `(type, path)` tuple. */
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path) {
+  result = getInvocationFromPath(type, path, path.getNumToken())
 }
 
 /**
@@ -631,9 +607,9 @@ module ModelOutput {
      */
     cached
     API::Node getASourceNode(string kind) {
-      exists(string package, string type, string path |
-        sourceModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sourceModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -642,9 +618,9 @@ module ModelOutput {
      */
     cached
     API::Node getASinkNode(string kind) {
-      exists(string package, string type, string path |
-        sinkModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sinkModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -653,32 +629,31 @@ module ModelOutput {
      */
     cached
     predicate relevantSummaryModel(
-      string package, string type, string path, string input, string output, string kind
+      string type, string path, string input, string output, string kind
     ) {
-      isRelevantPackage(package) and
-      summaryModel(package, type, path, input, output, kind)
+      isRelevantType(type) and
+      summaryModel(type, path, input, output, kind)
     }
 
     /**
-     * Holds if a `baseNode` is an invocation identified by the `package,type,path` part of a summary row.
+     * Holds if a `baseNode` is an invocation identified by the `type,path` part of a summary row.
      */
     cached
-    predicate resolvedSummaryBase(
-      string package, string type, string path, Specific::InvokeNode baseNode
-    ) {
-      summaryModel(package, type, path, _, _, _) and
-      baseNode = getInvocationFromPath(package, type, path)
+    predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) {
+      summaryModel(type, path, _, _, _) and
+      baseNode = getInvocationFromPath(type, path)
     }
 
     /**
-     * Holds if `node` is seen as an instance of `(package,type)` due to a type definition
+     * Holds if `node` is seen as an instance of `type` due to a type definition
      * contributed by a CSV model.
      */
     cached
-    API::Node getATypeNode(string package, string type) { result = getNodeFromType(package, type) }
+    API::Node getATypeNode(string type) { result = getNodeFromType(type) }
   }
 
   import Cached
+  import Specific::ModelOutputSpecific
 
   /**
    * Gets an error message relating to an invalid CSV row in a model.
@@ -686,13 +661,13 @@ module ModelOutput {
   string getAWarning() {
     // Check number of columns
     exists(string row, string kind, int expectedArity, int actualArity |
-      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 4
+      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 3
       or
-      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 4
+      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 3
       or
-      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 6
+      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 5
       or
-      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 5
+      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 3
       or
       any(TypeVariableModelCsv csv).row(row) and kind = "type-variable" and expectedArity = 2
     |
@@ -705,7 +680,7 @@ module ModelOutput {
     or
     // Check names and arguments of access path tokens
     exists(AccessPath path, AccessPathToken token |
-      (isRelevantFullPath(_, _, path) or typeVariableModel(_, path)) and
+      (isRelevantFullPath(_, path) or typeVariableModel(_, path)) and
       token = path.getToken(_)
     |
       not isValidTokenNameInIdentifyingAccessPath(token.getName()) and
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
new file mode 100644
index 00000000000..11c3bb9657e
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -0,0 +1,36 @@
+/**
+ * Defines extensible predicates for contributing library models from data extensions.
+ */
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a flow
+ * source of the given `kind`.
+ *
+ * The kind `remote` represents a general remote flow source.
+ */
+extensible predicate sourceModel(string type, string path, string kind);
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a sink
+ * of the given `kind`.
+ */
+extensible predicate sinkModel(string type, string path, string kind);
+
+/**
+ * Holds if calls to `(type, path)`, the value referred to by `input`
+ * can flow to the value referred to by `output`.
+ *
+ * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
+ * respectively.
+ */
+extensible predicate summaryModel(string type, string path, string input, string output, string kind);
+
+/**
+ * Holds if `(type2, path)` should be seen as an instance of `type1`.
+ */
+extensible predicate typeModel(string type1, string type2, string path);
+
+/**
+ * Holds if `path` can be substituted for a token `TypeVar[name]`.
+ */
+extensible predicate typeVariableModel(string name, string path);
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
index 097a46fd11a..9ebbe4099db 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
@@ -31,6 +31,21 @@ import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPath
 import JS::DataFlow as DataFlow
 private import AccessPathSyntax
 
+/**
+ * Holds if `rawType` represents the JavaScript type `qualifiedName` from the given NPM `package`.
+ *
+ * Type names have form `package.type` or just `package` if referring to the package export
+ * object. If `package` contains a `.` character it must be enclosed in single quotes, such as `'package'.type`.
+ */
+bindingset[rawType]
+predicate parseTypeString(string rawType, string package, string qualifiedName) {
+  exists(string regexp |
+    regexp = "('[^']+'|[^.]+)(.*)" and
+    package = rawType.regexpCapture(regexp, 1).regexpReplaceAll("^'|'$", "") and
+    qualifiedName = rawType.regexpCapture(regexp, 2).regexpReplaceAll("^\\.", "")
+  )
+}
+
 /**
  * Holds if models describing `package` may be relevant for the analysis of this database.
  */
@@ -42,10 +57,30 @@ predicate isPackageUsed(string package) {
   any(DataFlow::SourceNode sn).hasUnderlyingType(package, _)
 }
 
+bindingset[type]
+predicate isTypeUsed(string type) {
+  exists(string package |
+    parseTypeString(type, package, _) and
+    isPackageUsed(package)
+  )
+}
+
+/**
+ * Holds if `type` can be obtained from an instance of `otherType` due to
+ * language semantics modeled by `getExtraNodeFromType`.
+ */
+predicate hasImplicitTypeModel(string type, string otherType) { none() }
+
+pragma[nomagic]
+private predicate parseRelevantTypeString(string rawType, string package, string qualifiedName) {
+  isRelevantFullPath(rawType, _) and
+  parseTypeString(rawType, package, qualifiedName)
+}
+
 /** Holds if `global` is a global variable referenced via a the `global` package in a CSV row. */
 private predicate isRelevantGlobal(string global) {
   exists(AccessPath path, AccessPathToken token |
-    isRelevantFullPath("global", "", path) and
+    isRelevantFullPath("global", path) and
     token = path.getToken(0) and
     token.getName() = "Member" and
     global = token.getAnArgument()
@@ -74,13 +109,12 @@ private API::Node getGlobalNode(string globalName) {
   result = any(GlobalApiEntryPoint e | e.getGlobal() = globalName).getANode()
 }
 
-/** Gets a JavaScript-specific interpretation of the `(package, type, path)` tuple after resolving the first `n` access path tokens. */
-bindingset[package, type, path]
-API::Node getExtraNodeFromPath(string package, string type, AccessPath path, int n) {
+/** Gets a JavaScript-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */
+bindingset[type, path]
+API::Node getExtraNodeFromPath(string type, AccessPath path, int n) {
   // Global variable accesses is via the 'global' package
   exists(AccessPathToken token |
-    package = getAPackageAlias("global") and
-    type = "" and
+    type = "global" and
     token = path.getToken(0) and
     token.getName() = "Member" and
     result = getGlobalNode(token.getAnArgument()) and
@@ -89,12 +123,16 @@ API::Node getExtraNodeFromPath(string package, string type, AccessPath path, int
 }
 
 /** Gets a JavaScript-specific interpretation of the `(package, type)` tuple. */
-API::Node getExtraNodeFromType(string package, string type) {
-  type = "" and
-  result = API::moduleImport(package)
-  or
-  // Access instance of a type based on type annotations
-  result = API::Internal::getANodeOfTypeRaw(getAPackageAlias(package), type)
+API::Node getExtraNodeFromType(string type) {
+  exists(string package, string qualifiedName |
+    parseRelevantTypeString(type, package, qualifiedName)
+  |
+    qualifiedName = "" and
+    result = API::moduleImport(package)
+    or
+    // Access instance of a type based on type annotations
+    result = API::Internal::getANodeOfTypeRaw(package, qualifiedName)
+  )
 }
 
 /**
@@ -184,9 +222,9 @@ predicate invocationMatchesExtraCallSiteFilter(API::InvokeNode invoke, AccessPat
  */
 pragma[nomagic]
 private predicate relevantInputOutputPath(API::InvokeNode base, AccessPath inputOrOutput) {
-  exists(string package, string type, string input, string output, string path |
-    ModelOutput::relevantSummaryModel(package, type, path, input, output, _) and
-    ModelOutput::resolvedSummaryBase(package, type, path, base) and
+  exists(string type, string input, string output, string path |
+    ModelOutput::relevantSummaryModel(type, path, input, output, _) and
+    ModelOutput::resolvedSummaryBase(type, path, base) and
     inputOrOutput = [input, output]
   )
 }
@@ -216,12 +254,9 @@ private API::Node getNodeFromInputOutputPath(API::InvokeNode baseNode, AccessPat
  * Holds if a CSV summary contributed the step `pred -> succ` of the given `kind`.
  */
 predicate summaryStep(API::Node pred, API::Node succ, string kind) {
-  exists(
-    string package, string type, string path, API::InvokeNode base, AccessPath input,
-    AccessPath output
-  |
-    ModelOutput::relevantSummaryModel(package, type, path, input, output, kind) and
-    ModelOutput::resolvedSummaryBase(package, type, path, base) and
+  exists(string type, string path, API::InvokeNode base, AccessPath input, AccessPath output |
+    ModelOutput::relevantSummaryModel(type, path, input, output, kind) and
+    ModelOutput::resolvedSummaryBase(type, path, base) and
     pred = getNodeFromInputOutputPath(base, input) and
     succ = getNodeFromInputOutputPath(base, output)
   )
@@ -270,3 +305,17 @@ predicate isExtraValidTokenArgumentInIdentifyingAccessPath(string name, string a
   exists(argument.indexOf("=")) and
   exists(AccessPath::parseIntWithArity(argument.splitAt("=", 0), 10))
 }
+
+module ModelOutputSpecific {
+  /**
+   * Gets a node that should be seen as an instance of `package,type` due to a type definition
+   * contributed by a CSV model.
+   */
+  cached
+  API::Node getATypeNode(string package, string qualifiedName) {
+    exists(string rawType |
+      result = ModelOutput::getATypeNode(rawType) and
+      parseTypeString(rawType, package, qualifiedName)
+    )
+  }
+}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml
new file mode 100644
index 00000000000..634a1bb3f8b
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml
@@ -0,0 +1,26 @@
+extensions:
+  # Contribute empty data sets to avoid errors about an undefined extensionals
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data: []
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data: []
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data: []
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data: []
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data: []
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/minimongo/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/minimongo/Model.qll
deleted file mode 100644
index d0ba6c3ed23..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/minimongo/Model.qll
+++ /dev/null
@@ -1,86 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "minimongo/IndexedDb;IndexedDbCollection;minimongo/IndexedDb;IndexedDbCollectionStatic;Instance", //
-        "minimongo/IndexedDb;IndexedDbCollection;minimongo/lib/IndexedDb;default;Member[collections].AnyMember", //
-        "minimongo/MemoryDb;Collection;minimongo/MemoryDb;CollectionStatic;Instance", //
-        "minimongo/MemoryDb;Collection;minimongo/lib/MemoryDb;default;Member[collections].AnyMember", //
-        "minimongo/RemoteDb;Collection;minimongo/RemoteDb;CollectionStatic;Instance", //
-        "minimongo/RemoteDb;Collection;minimongo/lib/RemoteDb;default;Member[collections].AnyMember", //
-        "minimongo/ReplicatingDb;Collection;minimongo/ReplicatingDb;CollectionStatic;Instance", //
-        "minimongo/ReplicatingDb;Collection;minimongo/lib/ReplicatingDb;default;Member[collections].AnyMember", //
-        "minimongo/lib/HybridDb;default;minimongo/lib/HybridDb;defaultStatic;Instance", //
-        "minimongo/lib/HybridDb;defaultStatic;minimongo/lib/HybridDb;;Member[default]", //
-        "minimongo/lib/HybridDb;defaultStatic;minimongo;;Member[HybridDb]", //
-        "minimongo/lib/IndexedDb;default;minimongo/lib/IndexedDb;defaultStatic;Instance", //
-        "minimongo/lib/IndexedDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue", //
-        "minimongo/lib/IndexedDb;defaultStatic;minimongo/lib/IndexedDb;;Member[default]", //
-        "minimongo/lib/IndexedDb;defaultStatic;minimongo;;Member[IndexedDb]", //
-        "minimongo/lib/LocalStorageDb;default;minimongo/lib/LocalStorageDb;defaultStatic;Instance", //
-        "minimongo/lib/LocalStorageDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue", //
-        "minimongo/lib/LocalStorageDb;defaultStatic;minimongo/lib/LocalStorageDb;;Member[default]", //
-        "minimongo/lib/LocalStorageDb;defaultStatic;minimongo;;Member[LocalStorageDb]", //
-        "minimongo/lib/MemoryDb;default;minimongo/lib/MemoryDb;defaultStatic;Instance", //
-        "minimongo/lib/MemoryDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue", //
-        "minimongo/lib/MemoryDb;defaultStatic;minimongo/lib/MemoryDb;;Member[default]", //
-        "minimongo/lib/MemoryDb;defaultStatic;minimongo;;Member[MemoryDb]", //
-        "minimongo/lib/RemoteDb;default;minimongo/lib/RemoteDb;defaultStatic;Instance", //
-        "minimongo/lib/RemoteDb;defaultStatic;minimongo/lib/RemoteDb;;Member[default]", //
-        "minimongo/lib/RemoteDb;defaultStatic;minimongo;;Member[RemoteDb]", //
-        "minimongo/lib/ReplicatingDb;default;minimongo/lib/ReplicatingDb;defaultStatic;Instance", //
-        "minimongo/lib/ReplicatingDb;defaultStatic;minimongo/lib/ReplicatingDb;;Member[default]", //
-        "minimongo/lib/ReplicatingDb;defaultStatic;minimongo;;Member[ReplicatingDb]", //
-        "minimongo/lib/WebSQLDb;default;minimongo/lib/WebSQLDb;defaultStatic;Instance", //
-        "minimongo/lib/WebSQLDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue", //
-        "minimongo/lib/WebSQLDb;defaultStatic;minimongo/lib/WebSQLDb;;Member[default]", //
-        "minimongo/lib/WebSQLDb;defaultStatic;minimongo;;Member[WebSQLDb]", //
-        "minimongo;HybridCollection;minimongo/lib/HybridDb;HybridCollection;", //
-        "minimongo;HybridCollection;minimongo/lib/HybridDb;default;Member[collections].AnyMember", //
-        "minimongo;HybridCollection;minimongo;HybridCollectionStatic;Instance", //
-        "minimongo;HybridCollectionStatic;minimongo/lib/HybridDb;;Member[HybridCollection]", //
-        "minimongo;HybridCollectionStatic;minimongo/lib/HybridDb;HybridCollectionStatic;", //
-        "minimongo;HybridCollectionStatic;minimongo;;Member[HybridCollection]", //
-        "minimongo;MinimongoBaseCollection;minimongo/RemoteDb;Collection;", //
-        "minimongo;MinimongoBaseCollection;minimongo/lib/types;MinimongoBaseCollection;", //
-        "minimongo;MinimongoBaseCollection;minimongo;HybridCollection;", //
-        "minimongo;MinimongoBaseCollection;minimongo;MinimongoCollection;", //
-        "minimongo;MinimongoBaseCollection;minimongo;MinimongoDb;AnyMember", //
-        "minimongo;MinimongoBaseCollection;minimongo;MinimongoLocalCollection;", //
-        "minimongo;MinimongoCollection;minimongo/lib/LocalStorageDb;default;Member[collections].AnyMember", //
-        "minimongo;MinimongoCollection;minimongo/lib/WebSQLDb;default;Member[collections].AnyMember", //
-        "minimongo;MinimongoCollection;minimongo/lib/types;MinimongoCollection;", //
-        "minimongo;MinimongoCollection;minimongo;HybridCollection;Member[remoteCol]", //
-        "minimongo;MinimongoCollection;minimongo;MinimongoDb;Member[collections].AnyMember", //
-        "minimongo;MinimongoDb;minimongo/lib/HybridDb;default;", //
-        "minimongo;MinimongoDb;minimongo/lib/HybridDb;default;Member[remoteDb]", //
-        "minimongo;MinimongoDb;minimongo/lib/LocalStorageDb;default;", //
-        "minimongo;MinimongoDb;minimongo/lib/MemoryDb;default;", //
-        "minimongo;MinimongoDb;minimongo/lib/RemoteDb;default;", //
-        "minimongo;MinimongoDb;minimongo/lib/ReplicatingDb;default;Member[masterDb,replicaDb]", //
-        "minimongo;MinimongoDb;minimongo/lib/WebSQLDb;default;", //
-        "minimongo;MinimongoDb;minimongo/lib/types;MinimongoDb;", //
-        "minimongo;MinimongoDb;minimongo;MinimongoDb;Member[remoteDb]", //
-        "minimongo;MinimongoDb;minimongo;MinimongoLocalDb;", //
-        "minimongo;MinimongoLocalCollection;minimongo/IndexedDb;IndexedDbCollection;", //
-        "minimongo;MinimongoLocalCollection;minimongo/MemoryDb;Collection;", //
-        "minimongo;MinimongoLocalCollection;minimongo/ReplicatingDb;Collection;", //
-        "minimongo;MinimongoLocalCollection;minimongo/ReplicatingDb;Collection;Member[masterCol,replicaCol]", //
-        "minimongo;MinimongoLocalCollection;minimongo/lib/types;MinimongoLocalCollection;", //
-        "minimongo;MinimongoLocalCollection;minimongo;HybridCollection;Member[localCol]", //
-        "minimongo;MinimongoLocalCollection;minimongo;MinimongoCollection;", //
-        "minimongo;MinimongoLocalCollection;minimongo;MinimongoLocalDb;Member[addCollection].Argument[2].Argument[0]", //
-        "minimongo;MinimongoLocalCollection;minimongo;MinimongoLocalDb;Member[collections].AnyMember", //
-        "minimongo;MinimongoLocalDb;minimongo/lib/HybridDb;default;Member[localDb]", //
-        "minimongo;MinimongoLocalDb;minimongo/lib/IndexedDb;default;", //
-        "minimongo;MinimongoLocalDb;minimongo/lib/ReplicatingDb;default;", //
-        "minimongo;MinimongoLocalDb;minimongo/lib/types;MinimongoLocalDb;", //
-        "minimongo;MinimongoLocalDb;minimongo;MinimongoDb;Member[localDb]", //
-        "mongodb;Collection;minimongo;MinimongoBaseCollection;", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.json b/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.json
index 9911cd9b3c8..2a254ea3a69 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.json
@@ -6,87 +6,87 @@
     "language": "javascript",
     "model": {
         "typeDefinitions": [
-            "mongodb;Collection;minimongo;MinimongoBaseCollection;",
-            "minimongo;MinimongoBaseCollection;minimongo;MinimongoDb;AnyMember"
+            "mongodb.Collection;minimongo.MinimongoBaseCollection;",
+            "minimongo.MinimongoBaseCollection;minimongo.MinimongoDb;AnyMember"
         ],
         "sinks": []
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "minimongo/IndexedDb;IndexedDbCollection;minimongo/IndexedDb;IndexedDbCollectionStatic;Instance",
-            "minimongo/IndexedDb;IndexedDbCollection;minimongo/lib/IndexedDb;default;Member[collections].AnyMember",
-            "minimongo/MemoryDb;Collection;minimongo/MemoryDb;CollectionStatic;Instance",
-            "minimongo/MemoryDb;Collection;minimongo/lib/MemoryDb;default;Member[collections].AnyMember",
-            "minimongo/RemoteDb;Collection;minimongo/RemoteDb;CollectionStatic;Instance",
-            "minimongo/RemoteDb;Collection;minimongo/lib/RemoteDb;default;Member[collections].AnyMember",
-            "minimongo/ReplicatingDb;Collection;minimongo/ReplicatingDb;CollectionStatic;Instance",
-            "minimongo/ReplicatingDb;Collection;minimongo/lib/ReplicatingDb;default;Member[collections].AnyMember",
-            "minimongo/lib/HybridDb;default;minimongo/lib/HybridDb;defaultStatic;Instance",
-            "minimongo/lib/HybridDb;defaultStatic;minimongo/lib/HybridDb;;Member[default]",
-            "minimongo/lib/HybridDb;defaultStatic;minimongo;;Member[HybridDb]",
-            "minimongo/lib/IndexedDb;default;minimongo/lib/IndexedDb;defaultStatic;Instance",
-            "minimongo/lib/IndexedDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue",
-            "minimongo/lib/IndexedDb;defaultStatic;minimongo/lib/IndexedDb;;Member[default]",
-            "minimongo/lib/IndexedDb;defaultStatic;minimongo;;Member[IndexedDb]",
-            "minimongo/lib/LocalStorageDb;default;minimongo/lib/LocalStorageDb;defaultStatic;Instance",
-            "minimongo/lib/LocalStorageDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue",
-            "minimongo/lib/LocalStorageDb;defaultStatic;minimongo/lib/LocalStorageDb;;Member[default]",
-            "minimongo/lib/LocalStorageDb;defaultStatic;minimongo;;Member[LocalStorageDb]",
-            "minimongo/lib/MemoryDb;default;minimongo/lib/MemoryDb;defaultStatic;Instance",
-            "minimongo/lib/MemoryDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue",
-            "minimongo/lib/MemoryDb;defaultStatic;minimongo/lib/MemoryDb;;Member[default]",
-            "minimongo/lib/MemoryDb;defaultStatic;minimongo;;Member[MemoryDb]",
-            "minimongo/lib/RemoteDb;default;minimongo/lib/RemoteDb;defaultStatic;Instance",
-            "minimongo/lib/RemoteDb;defaultStatic;minimongo/lib/RemoteDb;;Member[default]",
-            "minimongo/lib/RemoteDb;defaultStatic;minimongo;;Member[RemoteDb]",
-            "minimongo/lib/ReplicatingDb;default;minimongo/lib/ReplicatingDb;defaultStatic;Instance",
-            "minimongo/lib/ReplicatingDb;defaultStatic;minimongo/lib/ReplicatingDb;;Member[default]",
-            "minimongo/lib/ReplicatingDb;defaultStatic;minimongo;;Member[ReplicatingDb]",
-            "minimongo/lib/WebSQLDb;default;minimongo/lib/WebSQLDb;defaultStatic;Instance",
-            "minimongo/lib/WebSQLDb;default;minimongo;;Member[utils].Member[autoselectLocalDb].ReturnValue",
-            "minimongo/lib/WebSQLDb;defaultStatic;minimongo/lib/WebSQLDb;;Member[default]",
-            "minimongo/lib/WebSQLDb;defaultStatic;minimongo;;Member[WebSQLDb]",
-            "minimongo;HybridCollection;minimongo/lib/HybridDb;HybridCollection;",
-            "minimongo;HybridCollection;minimongo/lib/HybridDb;default;Member[collections].AnyMember",
-            "minimongo;HybridCollection;minimongo;HybridCollectionStatic;Instance",
-            "minimongo;HybridCollectionStatic;minimongo/lib/HybridDb;;Member[HybridCollection]",
-            "minimongo;HybridCollectionStatic;minimongo/lib/HybridDb;HybridCollectionStatic;",
-            "minimongo;HybridCollectionStatic;minimongo;;Member[HybridCollection]",
-            "minimongo;MinimongoBaseCollection;minimongo/RemoteDb;Collection;",
-            "minimongo;MinimongoBaseCollection;minimongo/lib/types;MinimongoBaseCollection;",
-            "minimongo;MinimongoBaseCollection;minimongo;HybridCollection;",
-            "minimongo;MinimongoBaseCollection;minimongo;MinimongoCollection;",
-            "minimongo;MinimongoBaseCollection;minimongo;MinimongoLocalCollection;",
-            "minimongo;MinimongoCollection;minimongo/lib/LocalStorageDb;default;Member[collections].AnyMember",
-            "minimongo;MinimongoCollection;minimongo/lib/WebSQLDb;default;Member[collections].AnyMember",
-            "minimongo;MinimongoCollection;minimongo/lib/types;MinimongoCollection;",
-            "minimongo;MinimongoCollection;minimongo;HybridCollection;Member[remoteCol]",
-            "minimongo;MinimongoCollection;minimongo;MinimongoDb;Member[collections].AnyMember",
-            "minimongo;MinimongoDb;minimongo/lib/HybridDb;default;",
-            "minimongo;MinimongoDb;minimongo/lib/HybridDb;default;Member[remoteDb]",
-            "minimongo;MinimongoDb;minimongo/lib/LocalStorageDb;default;",
-            "minimongo;MinimongoDb;minimongo/lib/MemoryDb;default;",
-            "minimongo;MinimongoDb;minimongo/lib/RemoteDb;default;",
-            "minimongo;MinimongoDb;minimongo/lib/ReplicatingDb;default;Member[masterDb,replicaDb]",
-            "minimongo;MinimongoDb;minimongo/lib/WebSQLDb;default;",
-            "minimongo;MinimongoDb;minimongo/lib/types;MinimongoDb;",
-            "minimongo;MinimongoDb;minimongo;MinimongoDb;Member[remoteDb]",
-            "minimongo;MinimongoDb;minimongo;MinimongoLocalDb;",
-            "minimongo;MinimongoLocalCollection;minimongo/IndexedDb;IndexedDbCollection;",
-            "minimongo;MinimongoLocalCollection;minimongo/MemoryDb;Collection;",
-            "minimongo;MinimongoLocalCollection;minimongo/ReplicatingDb;Collection;",
-            "minimongo;MinimongoLocalCollection;minimongo/ReplicatingDb;Collection;Member[masterCol,replicaCol]",
-            "minimongo;MinimongoLocalCollection;minimongo/lib/types;MinimongoLocalCollection;",
-            "minimongo;MinimongoLocalCollection;minimongo;HybridCollection;Member[localCol]",
-            "minimongo;MinimongoLocalCollection;minimongo;MinimongoCollection;",
-            "minimongo;MinimongoLocalCollection;minimongo;MinimongoLocalDb;Member[addCollection].Argument[2].Argument[0]",
-            "minimongo;MinimongoLocalCollection;minimongo;MinimongoLocalDb;Member[collections].AnyMember",
-            "minimongo;MinimongoLocalDb;minimongo/lib/HybridDb;default;Member[localDb]",
-            "minimongo;MinimongoLocalDb;minimongo/lib/IndexedDb;default;",
-            "minimongo;MinimongoLocalDb;minimongo/lib/ReplicatingDb;default;",
-            "minimongo;MinimongoLocalDb;minimongo/lib/types;MinimongoLocalDb;",
-            "minimongo;MinimongoLocalDb;minimongo;MinimongoDb;Member[localDb]"
+            "minimongo.HybridCollection;minimongo.HybridCollectionStatic;Instance",
+            "minimongo.HybridCollection;minimongo/lib/HybridDb.HybridCollection;",
+            "minimongo.HybridCollection;minimongo/lib/HybridDb.default;Member[collections].AnyMember",
+            "minimongo.HybridCollectionStatic;minimongo/lib/HybridDb.HybridCollectionStatic;",
+            "minimongo.HybridCollectionStatic;minimongo/lib/HybridDb;Member[HybridCollection]",
+            "minimongo.HybridCollectionStatic;minimongo;Member[HybridCollection]",
+            "minimongo.MinimongoBaseCollection;minimongo.HybridCollection;",
+            "minimongo.MinimongoBaseCollection;minimongo.MinimongoCollection;",
+            "minimongo.MinimongoBaseCollection;minimongo.MinimongoLocalCollection;",
+            "minimongo.MinimongoBaseCollection;minimongo/RemoteDb.Collection;",
+            "minimongo.MinimongoBaseCollection;minimongo/lib/types.MinimongoBaseCollection;",
+            "minimongo.MinimongoCollection;minimongo.HybridCollection;Member[remoteCol]",
+            "minimongo.MinimongoCollection;minimongo.MinimongoDb;Member[collections].AnyMember",
+            "minimongo.MinimongoCollection;minimongo/lib/LocalStorageDb.default;Member[collections].AnyMember",
+            "minimongo.MinimongoCollection;minimongo/lib/WebSQLDb.default;Member[collections].AnyMember",
+            "minimongo.MinimongoCollection;minimongo/lib/types.MinimongoCollection;",
+            "minimongo.MinimongoDb;minimongo.MinimongoDb;Member[remoteDb]",
+            "minimongo.MinimongoDb;minimongo.MinimongoLocalDb;",
+            "minimongo.MinimongoDb;minimongo/lib/HybridDb.default;",
+            "minimongo.MinimongoDb;minimongo/lib/HybridDb.default;Member[remoteDb]",
+            "minimongo.MinimongoDb;minimongo/lib/LocalStorageDb.default;",
+            "minimongo.MinimongoDb;minimongo/lib/MemoryDb.default;",
+            "minimongo.MinimongoDb;minimongo/lib/RemoteDb.default;",
+            "minimongo.MinimongoDb;minimongo/lib/ReplicatingDb.default;Member[masterDb,replicaDb]",
+            "minimongo.MinimongoDb;minimongo/lib/WebSQLDb.default;",
+            "minimongo.MinimongoDb;minimongo/lib/types.MinimongoDb;",
+            "minimongo.MinimongoLocalCollection;minimongo.HybridCollection;Member[localCol]",
+            "minimongo.MinimongoLocalCollection;minimongo.MinimongoCollection;",
+            "minimongo.MinimongoLocalCollection;minimongo.MinimongoLocalDb;Member[addCollection].Argument[2].Argument[0]",
+            "minimongo.MinimongoLocalCollection;minimongo.MinimongoLocalDb;Member[collections].AnyMember",
+            "minimongo.MinimongoLocalCollection;minimongo/IndexedDb.IndexedDbCollection;",
+            "minimongo.MinimongoLocalCollection;minimongo/MemoryDb.Collection;",
+            "minimongo.MinimongoLocalCollection;minimongo/ReplicatingDb.Collection;",
+            "minimongo.MinimongoLocalCollection;minimongo/ReplicatingDb.Collection;Member[masterCol,replicaCol]",
+            "minimongo.MinimongoLocalCollection;minimongo/lib/types.MinimongoLocalCollection;",
+            "minimongo.MinimongoLocalDb;minimongo.MinimongoDb;Member[localDb]",
+            "minimongo.MinimongoLocalDb;minimongo/lib/HybridDb.default;Member[localDb]",
+            "minimongo.MinimongoLocalDb;minimongo/lib/IndexedDb.default;",
+            "minimongo.MinimongoLocalDb;minimongo/lib/ReplicatingDb.default;",
+            "minimongo.MinimongoLocalDb;minimongo/lib/types.MinimongoLocalDb;",
+            "minimongo/IndexedDb.IndexedDbCollection;minimongo/IndexedDb.IndexedDbCollectionStatic;Instance",
+            "minimongo/IndexedDb.IndexedDbCollection;minimongo/lib/IndexedDb.default;Member[collections].AnyMember",
+            "minimongo/MemoryDb.Collection;minimongo/MemoryDb.CollectionStatic;Instance",
+            "minimongo/MemoryDb.Collection;minimongo/lib/MemoryDb.default;Member[collections].AnyMember",
+            "minimongo/RemoteDb.Collection;minimongo/RemoteDb.CollectionStatic;Instance",
+            "minimongo/RemoteDb.Collection;minimongo/lib/RemoteDb.default;Member[collections].AnyMember",
+            "minimongo/ReplicatingDb.Collection;minimongo/ReplicatingDb.CollectionStatic;Instance",
+            "minimongo/ReplicatingDb.Collection;minimongo/lib/ReplicatingDb.default;Member[collections].AnyMember",
+            "minimongo/lib/HybridDb.default;minimongo/lib/HybridDb.defaultStatic;Instance",
+            "minimongo/lib/HybridDb.defaultStatic;minimongo/lib/HybridDb;Member[default]",
+            "minimongo/lib/HybridDb.defaultStatic;minimongo;Member[HybridDb]",
+            "minimongo/lib/IndexedDb.default;minimongo/lib/IndexedDb.defaultStatic;Instance",
+            "minimongo/lib/IndexedDb.default;minimongo;Member[utils].Member[autoselectLocalDb].ReturnValue",
+            "minimongo/lib/IndexedDb.defaultStatic;minimongo/lib/IndexedDb;Member[default]",
+            "minimongo/lib/IndexedDb.defaultStatic;minimongo;Member[IndexedDb]",
+            "minimongo/lib/LocalStorageDb.default;minimongo/lib/LocalStorageDb.defaultStatic;Instance",
+            "minimongo/lib/LocalStorageDb.default;minimongo;Member[utils].Member[autoselectLocalDb].ReturnValue",
+            "minimongo/lib/LocalStorageDb.defaultStatic;minimongo/lib/LocalStorageDb;Member[default]",
+            "minimongo/lib/LocalStorageDb.defaultStatic;minimongo;Member[LocalStorageDb]",
+            "minimongo/lib/MemoryDb.default;minimongo/lib/MemoryDb.defaultStatic;Instance",
+            "minimongo/lib/MemoryDb.default;minimongo;Member[utils].Member[autoselectLocalDb].ReturnValue",
+            "minimongo/lib/MemoryDb.defaultStatic;minimongo/lib/MemoryDb;Member[default]",
+            "minimongo/lib/MemoryDb.defaultStatic;minimongo;Member[MemoryDb]",
+            "minimongo/lib/RemoteDb.default;minimongo/lib/RemoteDb.defaultStatic;Instance",
+            "minimongo/lib/RemoteDb.defaultStatic;minimongo/lib/RemoteDb;Member[default]",
+            "minimongo/lib/RemoteDb.defaultStatic;minimongo;Member[RemoteDb]",
+            "minimongo/lib/ReplicatingDb.default;minimongo/lib/ReplicatingDb.defaultStatic;Instance",
+            "minimongo/lib/ReplicatingDb.defaultStatic;minimongo/lib/ReplicatingDb;Member[default]",
+            "minimongo/lib/ReplicatingDb.defaultStatic;minimongo;Member[ReplicatingDb]",
+            "minimongo/lib/WebSQLDb.default;minimongo/lib/WebSQLDb.defaultStatic;Instance",
+            "minimongo/lib/WebSQLDb.default;minimongo;Member[utils].Member[autoselectLocalDb].ReturnValue",
+            "minimongo/lib/WebSQLDb.defaultStatic;minimongo/lib/WebSQLDb;Member[default]",
+            "minimongo/lib/WebSQLDb.defaultStatic;minimongo;Member[WebSQLDb]"
         ],
         "summaries": [],
         "typeVariables": []
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.yml
new file mode 100644
index 00000000000..0c0d443fc3f
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/minimongo/model.yml
@@ -0,0 +1,80 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [minimongo.HybridCollection, minimongo.HybridCollectionStatic, Instance]
+      - [minimongo.HybridCollection, "minimongo/lib/HybridDb.HybridCollection", ""]
+      - [minimongo.HybridCollection, "minimongo/lib/HybridDb.default", "Member[collections].AnyMember"]
+      - [minimongo.HybridCollectionStatic, "minimongo/lib/HybridDb.HybridCollectionStatic", ""]
+      - [minimongo.HybridCollectionStatic, "minimongo/lib/HybridDb", "Member[HybridCollection]"]
+      - [minimongo.HybridCollectionStatic, minimongo, "Member[HybridCollection]"]
+      - [minimongo.MinimongoBaseCollection, minimongo.HybridCollection, ""]
+      - [minimongo.MinimongoBaseCollection, minimongo.MinimongoCollection, ""]
+      - [minimongo.MinimongoBaseCollection, minimongo.MinimongoDb, AnyMember]
+      - [minimongo.MinimongoBaseCollection, minimongo.MinimongoLocalCollection, ""]
+      - [minimongo.MinimongoBaseCollection, "minimongo/RemoteDb.Collection", ""]
+      - [minimongo.MinimongoBaseCollection, "minimongo/lib/types.MinimongoBaseCollection", ""]
+      - [minimongo.MinimongoCollection, minimongo.HybridCollection, "Member[remoteCol]"]
+      - [minimongo.MinimongoCollection, minimongo.MinimongoDb, "Member[collections].AnyMember"]
+      - [minimongo.MinimongoCollection, "minimongo/lib/LocalStorageDb.default", "Member[collections].AnyMember"]
+      - [minimongo.MinimongoCollection, "minimongo/lib/WebSQLDb.default", "Member[collections].AnyMember"]
+      - [minimongo.MinimongoCollection, "minimongo/lib/types.MinimongoCollection", ""]
+      - [minimongo.MinimongoDb, minimongo.MinimongoDb, "Member[remoteDb]"]
+      - [minimongo.MinimongoDb, minimongo.MinimongoLocalDb, ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/HybridDb.default", ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/HybridDb.default", "Member[remoteDb]"]
+      - [minimongo.MinimongoDb, "minimongo/lib/LocalStorageDb.default", ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/MemoryDb.default", ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/RemoteDb.default", ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/ReplicatingDb.default", "Member[masterDb,replicaDb]"]
+      - [minimongo.MinimongoDb, "minimongo/lib/WebSQLDb.default", ""]
+      - [minimongo.MinimongoDb, "minimongo/lib/types.MinimongoDb", ""]
+      - [minimongo.MinimongoLocalCollection, minimongo.HybridCollection, "Member[localCol]"]
+      - [minimongo.MinimongoLocalCollection, minimongo.MinimongoCollection, ""]
+      - [minimongo.MinimongoLocalCollection, minimongo.MinimongoLocalDb, "Member[addCollection].Argument[2].Argument[0]"]
+      - [minimongo.MinimongoLocalCollection, minimongo.MinimongoLocalDb, "Member[collections].AnyMember"]
+      - [minimongo.MinimongoLocalCollection, "minimongo/IndexedDb.IndexedDbCollection", ""]
+      - [minimongo.MinimongoLocalCollection, "minimongo/MemoryDb.Collection", ""]
+      - [minimongo.MinimongoLocalCollection, "minimongo/ReplicatingDb.Collection", ""]
+      - [minimongo.MinimongoLocalCollection, "minimongo/ReplicatingDb.Collection", "Member[masterCol,replicaCol]"]
+      - [minimongo.MinimongoLocalCollection, "minimongo/lib/types.MinimongoLocalCollection", ""]
+      - [minimongo.MinimongoLocalDb, minimongo.MinimongoDb, "Member[localDb]"]
+      - [minimongo.MinimongoLocalDb, "minimongo/lib/HybridDb.default", "Member[localDb]"]
+      - [minimongo.MinimongoLocalDb, "minimongo/lib/IndexedDb.default", ""]
+      - [minimongo.MinimongoLocalDb, "minimongo/lib/ReplicatingDb.default", ""]
+      - [minimongo.MinimongoLocalDb, "minimongo/lib/types.MinimongoLocalDb", ""]
+      - ["minimongo/IndexedDb.IndexedDbCollection", "minimongo/IndexedDb.IndexedDbCollectionStatic", Instance]
+      - ["minimongo/IndexedDb.IndexedDbCollection", "minimongo/lib/IndexedDb.default", "Member[collections].AnyMember"]
+      - ["minimongo/MemoryDb.Collection", "minimongo/MemoryDb.CollectionStatic", Instance]
+      - ["minimongo/MemoryDb.Collection", "minimongo/lib/MemoryDb.default", "Member[collections].AnyMember"]
+      - ["minimongo/RemoteDb.Collection", "minimongo/RemoteDb.CollectionStatic", Instance]
+      - ["minimongo/RemoteDb.Collection", "minimongo/lib/RemoteDb.default", "Member[collections].AnyMember"]
+      - ["minimongo/ReplicatingDb.Collection", "minimongo/ReplicatingDb.CollectionStatic", Instance]
+      - ["minimongo/ReplicatingDb.Collection", "minimongo/lib/ReplicatingDb.default", "Member[collections].AnyMember"]
+      - ["minimongo/lib/HybridDb.default", "minimongo/lib/HybridDb.defaultStatic", Instance]
+      - ["minimongo/lib/HybridDb.defaultStatic", "minimongo/lib/HybridDb", "Member[default]"]
+      - ["minimongo/lib/HybridDb.defaultStatic", minimongo, "Member[HybridDb]"]
+      - ["minimongo/lib/IndexedDb.default", "minimongo/lib/IndexedDb.defaultStatic", Instance]
+      - ["minimongo/lib/IndexedDb.default", minimongo, "Member[utils].Member[autoselectLocalDb].ReturnValue"]
+      - ["minimongo/lib/IndexedDb.defaultStatic", "minimongo/lib/IndexedDb", "Member[default]"]
+      - ["minimongo/lib/IndexedDb.defaultStatic", minimongo, "Member[IndexedDb]"]
+      - ["minimongo/lib/LocalStorageDb.default", "minimongo/lib/LocalStorageDb.defaultStatic", Instance]
+      - ["minimongo/lib/LocalStorageDb.default", minimongo, "Member[utils].Member[autoselectLocalDb].ReturnValue"]
+      - ["minimongo/lib/LocalStorageDb.defaultStatic", "minimongo/lib/LocalStorageDb", "Member[default]"]
+      - ["minimongo/lib/LocalStorageDb.defaultStatic", minimongo, "Member[LocalStorageDb]"]
+      - ["minimongo/lib/MemoryDb.default", "minimongo/lib/MemoryDb.defaultStatic", Instance]
+      - ["minimongo/lib/MemoryDb.default", minimongo, "Member[utils].Member[autoselectLocalDb].ReturnValue"]
+      - ["minimongo/lib/MemoryDb.defaultStatic", "minimongo/lib/MemoryDb", "Member[default]"]
+      - ["minimongo/lib/MemoryDb.defaultStatic", minimongo, "Member[MemoryDb]"]
+      - ["minimongo/lib/RemoteDb.default", "minimongo/lib/RemoteDb.defaultStatic", Instance]
+      - ["minimongo/lib/RemoteDb.defaultStatic", "minimongo/lib/RemoteDb", "Member[default]"]
+      - ["minimongo/lib/RemoteDb.defaultStatic", minimongo, "Member[RemoteDb]"]
+      - ["minimongo/lib/ReplicatingDb.default", "minimongo/lib/ReplicatingDb.defaultStatic", Instance]
+      - ["minimongo/lib/ReplicatingDb.defaultStatic", "minimongo/lib/ReplicatingDb", "Member[default]"]
+      - ["minimongo/lib/ReplicatingDb.defaultStatic", minimongo, "Member[ReplicatingDb]"]
+      - ["minimongo/lib/WebSQLDb.default", "minimongo/lib/WebSQLDb.defaultStatic", Instance]
+      - ["minimongo/lib/WebSQLDb.default", minimongo, "Member[utils].Member[autoselectLocalDb].ReturnValue"]
+      - ["minimongo/lib/WebSQLDb.defaultStatic", "minimongo/lib/WebSQLDb", "Member[default]"]
+      - ["minimongo/lib/WebSQLDb.defaultStatic", minimongo, "Member[WebSQLDb]"]
+      - [mongodb.Collection, minimongo.MinimongoBaseCollection, ""]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mongodb/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/mongodb/Model.qll
deleted file mode 100644
index 9509a5a34e0..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/mongodb/Model.qll
+++ /dev/null
@@ -1,806 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Sinks extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mongodb;Collection;Member[aggregate,count,countDocuments,deleteMany,deleteOne,find,findOne,findOneAndDelete,findOneAndReplace,remove,replaceOne,watch].Argument[0];mongodb.sink", //
-        "mongodb;Collection;Member[distinct].Argument[1];mongodb.sink", //
-        "mongodb;Collection;Member[findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink", //
-        "mongodb;Db;Member[aggregate,watch].Argument[0];mongodb.sink", //
-        "mongodb;DeleteManyModel;Member[filter];mongodb.sink", //
-        "mongodb;DeleteOneModel;Member[filter];mongodb.sink", //
-        "mongodb;MongoClient;Member[watch].Argument[0];mongodb.sink", //
-        "mongodb;UpdateManyModel;Member[filter,update];mongodb.sink", //
-        "mongodb;UpdateOneModel;Member[filter,update];mongodb.sink", //
-        "mongoose;CollectionBase;Member[findAndModify].Argument[0];mongodb.sink", //
-        "mongoose;Connection;Member[watch].Argument[0];mongodb.sink", //
-        "mongoose;Document;Member[update,updateOne].Argument[0];mongodb.sink", //
-        "mongoose;Model;Member[$where,aggregate,exists,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,findOneAndReplace,geoSearch,remove,replaceOne,watch].Argument[0];mongodb.sink", //
-        "mongoose;Model;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink", //
-        "mongoose;Model;Member[countDocuments].WithArity[1,2,3].Argument[0];mongodb.sink", //
-        "mongoose;Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink", //
-        "mongoose;Model;Member[distinct,where].Argument[1];mongodb.sink", //
-        "mongoose;Model;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink", //
-        "mongoose;Model;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink", //
-        "mongoose;Query;Member[$where,and,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,nor,or,remove,replaceOne,setUpdate].Argument[0];mongodb.sink", //
-        "mongoose;Query;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink", //
-        "mongoose;Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink", //
-        "mongoose;Query;Member[distinct,where].Argument[1];mongodb.sink", //
-        "mongoose;Query;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink", //
-        "mongoose;Query;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink", //
-        "mongoose;QueryStatic;Argument[2];mongodb.sink", //
-      ]
-  }
-}
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mongodb;;mongoose;;Member[mongodb]", //
-        "mongodb;AbstractCursor;mongodb;FindCursor;", //
-        "mongodb;AbstractCursor;mongodb;ListCollectionsCursor;", //
-        "mongodb;AbstractCursor;mongodb;ListIndexesCursor;", //
-        "mongodb;AbstractCursorOptions;mongodb/mongodb;AbstractCursorOptions;", //
-        "mongodb;AbstractCursorOptions;mongodb;AggregationCursorOptions;", //
-        "mongodb;AbstractCursorOptions;mongoose;mongodb.AbstractCursorOptions;", //
-        "mongodb;AddUserOptions;mongodb/mongodb;AddUserOptions;", //
-        "mongodb;AddUserOptions;mongodb;Admin;Member[addUser].Argument[1,2]", //
-        "mongodb;AddUserOptions;mongodb;Db;Member[addUser].Argument[1,2]", //
-        "mongodb;AddUserOptions;mongoose;mongodb.AddUserOptions;", //
-        "mongodb;Admin;mongodb/mongodb;Admin;", //
-        "mongodb;Admin;mongodb;AdminStatic;Instance", //
-        "mongodb;Admin;mongodb;Db;Member[admin].ReturnValue", //
-        "mongodb;Admin;mongoose;mongodb.Admin;", //
-        "mongodb;AdminStatic;mongodb/mongodb;AdminStatic;", //
-        "mongodb;AdminStatic;mongodb;;Member[Admin]", //
-        "mongodb;AdminStatic;mongoose;mongodb.AdminStatic;", //
-        "mongodb;AggregateOptions;mongodb/mongodb;AggregateOptions;", //
-        "mongodb;AggregateOptions;mongodb;AggregationCursorOptions;", //
-        "mongodb;AggregateOptions;mongodb;ChangeStreamOptions;", //
-        "mongodb;AggregateOptions;mongodb;Collection;Member[aggregate].Argument[1]", //
-        "mongodb;AggregateOptions;mongodb;CountDocumentsOptions;", //
-        "mongodb;AggregateOptions;mongodb;Db;Member[aggregate].Argument[1]", //
-        "mongodb;AggregateOptions;mongoose;mongodb.AggregateOptions;", //
-        "mongodb;AggregationCursorOptions;mongodb/mongodb;AggregationCursorOptions;", //
-        "mongodb;AggregationCursorOptions;mongoose;mongodb.AggregationCursorOptions;", //
-        "mongodb;AnyBulkWriteOperation;mongodb/mongodb;AnyBulkWriteOperation;", //
-        "mongodb;AnyBulkWriteOperation;mongodb;BulkOperationBase;Member[raw].Argument[0]", //
-        "mongodb;AnyBulkWriteOperation;mongodb;Collection;Member[bulkWrite].Argument[0].ArrayElement", //
-        "mongodb;AnyBulkWriteOperation;mongoose;mongodb.AnyBulkWriteOperation;", //
-        "mongodb;Auth;mongodb/mongodb;Auth;", //
-        "mongodb;Auth;mongodb;MongoClientOptions;Member[auth]", //
-        "mongodb;Auth;mongoose;mongodb.Auth;", //
-        "mongodb;AutoEncrypter;mongodb/mongodb;AutoEncrypter;", //
-        "mongodb;AutoEncrypter;mongodb;AutoEncrypter;Instance", //
-        "mongodb;AutoEncrypter;mongodb;ConnectionOptions;Member[autoEncrypter]", //
-        "mongodb;AutoEncrypter;mongodb;MongoClient;Member[autoEncrypter]", //
-        "mongodb;AutoEncrypter;mongodb;MongoOptions;Member[autoEncrypter]", //
-        "mongodb;AutoEncrypter;mongoose;mongodb.AutoEncrypter;", //
-        "mongodb;AutoEncryptionOptions;mongodb/mongodb;AutoEncryptionOptions;", //
-        "mongodb;AutoEncryptionOptions;mongodb;AutoEncrypter;Argument[1]", //
-        "mongodb;AutoEncryptionOptions;mongodb;MongoClientOptions;Member[autoEncryption]", //
-        "mongodb;AutoEncryptionOptions;mongoose;mongodb.AutoEncryptionOptions;", //
-        "mongodb;BulkOperationBase;mongodb/mongodb;BulkOperationBase;", //
-        "mongodb;BulkOperationBase;mongodb;BulkOperationBase;Member[addToOperationsList,insert,raw].ReturnValue", //
-        "mongodb;BulkOperationBase;mongodb;BulkOperationBaseStatic;Instance", //
-        "mongodb;BulkOperationBase;mongodb;FindOperators;Member[bulkOperation]", //
-        "mongodb;BulkOperationBase;mongodb;FindOperators;Member[delete,deleteOne,replaceOne,update,updateOne].ReturnValue", //
-        "mongodb;BulkOperationBase;mongodb;OrderedBulkOperation;", //
-        "mongodb;BulkOperationBase;mongodb;UnorderedBulkOperation;", //
-        "mongodb;BulkOperationBase;mongoose;mongodb.BulkOperationBase;", //
-        "mongodb;BulkOperationBaseStatic;mongodb/mongodb;BulkOperationBaseStatic;", //
-        "mongodb;BulkOperationBaseStatic;mongodb;;Member[BulkOperationBase]", //
-        "mongodb;BulkOperationBaseStatic;mongoose;mongodb.BulkOperationBaseStatic;", //
-        "mongodb;BulkWriteOptions;mongodb/mongodb;BulkWriteOptions;", //
-        "mongodb;BulkWriteOptions;mongodb;BulkOperationBase;Member[execute].WithArity[0,1,2].Argument[0]", //
-        "mongodb;BulkWriteOptions;mongodb;Collection;Member[bulkWrite,insert,insertMany].Argument[1]", //
-        "mongodb;BulkWriteOptions;mongodb;Collection;Member[initializeOrderedBulkOp,initializeUnorderedBulkOp].Argument[0]", //
-        "mongodb;BulkWriteOptions;mongodb;OrderedBulkOperationStatic;Argument[1]", //
-        "mongodb;BulkWriteOptions;mongodb;UnorderedBulkOperationStatic;Argument[1]", //
-        "mongodb;BulkWriteOptions;mongoose;mongodb.BulkWriteOptions;", //
-        "mongodb;ChangeStream;mongodb/mongodb;ChangeStream;", //
-        "mongodb;ChangeStream;mongodb;ChangeStreamStatic;Instance", //
-        "mongodb;ChangeStream;mongodb;Collection;Member[watch].ReturnValue", //
-        "mongodb;ChangeStream;mongodb;Db;Member[watch].ReturnValue", //
-        "mongodb;ChangeStream;mongodb;MongoClient;Member[watch].ReturnValue", //
-        "mongodb;ChangeStream;mongoose;mongodb.ChangeStream;", //
-        "mongodb;ChangeStreamOptions;mongodb/mongodb;ChangeStreamOptions;", //
-        "mongodb;ChangeStreamOptions;mongodb;ChangeStream;Member[options]", //
-        "mongodb;ChangeStreamOptions;mongodb;Collection;Member[watch].Argument[1]", //
-        "mongodb;ChangeStreamOptions;mongodb;Db;Member[watch].Argument[1]", //
-        "mongodb;ChangeStreamOptions;mongodb;MongoClient;Member[watch].Argument[1]", //
-        "mongodb;ChangeStreamOptions;mongoose;mongodb.ChangeStreamOptions;", //
-        "mongodb;ChangeStreamStatic;mongodb/mongodb;ChangeStreamStatic;", //
-        "mongodb;ChangeStreamStatic;mongodb;;Member[ChangeStream]", //
-        "mongodb;ChangeStreamStatic;mongoose;mongodb.ChangeStreamStatic;", //
-        "mongodb;ClientSession;mongodb/mongodb;ClientSession;", //
-        "mongodb;ClientSession;mongodb;AbstractCursorOptions;Member[session]", //
-        "mongodb;ClientSession;mongodb;ClientSession;Member[equals].Argument[0]", //
-        "mongodb;ClientSession;mongodb;ClientSessionEvents;Member[ended].Argument[0]", //
-        "mongodb;ClientSession;mongodb;ClientSessionStatic;Instance", //
-        "mongodb;ClientSession;mongodb;IndexInformationOptions;Member[session]", //
-        "mongodb;ClientSession;mongodb;MongoClient;Member[startSession].ReturnValue", //
-        "mongodb;ClientSession;mongodb;OperationOptions;Member[session]", //
-        "mongodb;ClientSession;mongodb;ReadPreferenceFromOptions;Member[session]", //
-        "mongodb;ClientSession;mongodb;SelectServerOptions;Member[session]", //
-        "mongodb;ClientSession;mongodb;WithSessionCallback;Argument[0]", //
-        "mongodb;ClientSession;mongodb;WithTransactionCallback;Argument[0]", //
-        "mongodb;ClientSession;mongoose;mongodb.ClientSession;", //
-        "mongodb;ClientSessionEvents;mongodb/mongodb;ClientSessionEvents;", //
-        "mongodb;ClientSessionEvents;mongoose;mongodb.ClientSessionEvents;", //
-        "mongodb;ClientSessionOptions;mongodb/mongodb;ClientSessionOptions;", //
-        "mongodb;ClientSessionOptions;mongodb;MongoClient;Member[startSession].Argument[0]", //
-        "mongodb;ClientSessionOptions;mongodb;MongoClient;Member[withSession].WithArity[2].Argument[0]", //
-        "mongodb;ClientSessionOptions;mongoose;mongodb.ClientSessionOptions;", //
-        "mongodb;ClientSessionStatic;mongodb/mongodb;ClientSessionStatic;", //
-        "mongodb;ClientSessionStatic;mongodb;;Member[ClientSession]", //
-        "mongodb;ClientSessionStatic;mongoose;mongodb.ClientSessionStatic;", //
-        "mongodb;CollStatsOptions;mongodb/mongodb;CollStatsOptions;", //
-        "mongodb;CollStatsOptions;mongodb;Collection;Member[stats].Argument[0]", //
-        "mongodb;CollStatsOptions;mongoose;mongodb.CollStatsOptions;", //
-        "mongodb;Collection;mongodb/mongodb;Collection;", //
-        "mongodb;Collection;mongodb;ChangeStream;Member[parent]", //
-        "mongodb;Collection;mongodb;Collection;Member[rename].Argument[1,2].TypeVar[mongodb.Callback.0]", //
-        "mongodb;Collection;mongodb;Collection;Member[rename].WithArity[1,2].ReturnValue.Awaited", //
-        "mongodb;Collection;mongodb;CollectionStatic;Instance", //
-        "mongodb;Collection;mongodb;Db;Member[collection].ReturnValue", //
-        "mongodb;Collection;mongodb;Db;Member[collections].Argument[0,1].TypeVar[mongodb.Callback.0].ArrayElement", //
-        "mongodb;Collection;mongodb;Db;Member[collections].WithArity[0,1].ReturnValue.Awaited.ArrayElement", //
-        "mongodb;Collection;mongodb;Db;Member[createCollection].Argument[2].TypeVar[mongodb.Callback.0]", //
-        "mongodb;Collection;mongodb;Db;Member[createCollection].WithArity[1,2].ReturnValue.Awaited", //
-        "mongodb;Collection;mongodb;Db;Member[createCollection].WithArity[2].Argument[1].TypeVar[mongodb.Callback.0]", //
-        "mongodb;Collection;mongodb;Db;Member[renameCollection].Argument[2,3].TypeVar[mongodb.Callback.0]", //
-        "mongodb;Collection;mongodb;Db;Member[renameCollection].WithArity[2,3].ReturnValue.Awaited", //
-        "mongodb;Collection;mongodb;GridFSBucketWriteStream;Member[chunks,files]", //
-        "mongodb;Collection;mongodb;ListIndexesCursor;Member[parent]", //
-        "mongodb;Collection;mongodb;ListIndexesCursorStatic;Argument[0]", //
-        "mongodb;Collection;mongodb;OrderedBulkOperationStatic;Argument[0]", //
-        "mongodb;Collection;mongodb;UnorderedBulkOperationStatic;Argument[0]", //
-        "mongodb;Collection;mongoose;mongodb.Collection;", //
-        "mongodb;CollectionStatic;mongodb/mongodb;CollectionStatic;", //
-        "mongodb;CollectionStatic;mongodb;;Member[Collection]", //
-        "mongodb;CollectionStatic;mongoose;mongodb.CollectionStatic;", //
-        "mongodb;CommandOperationOptions;mongodb/mongodb;CommandOperationOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;AddUserOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;Admin;Member[buildInfo,ping,replSetGetStatus,serverInfo,serverStatus].Argument[0]", //
-        "mongodb;CommandOperationOptions;mongodb;AggregateOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;BulkWriteOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;CollStatsOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;CountOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;CreateCollectionOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;CreateIndexesOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DbStatsOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DeleteOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DistinctOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DropCollectionOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DropDatabaseOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;DropIndexesOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;EstimatedDocumentCountOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;EvalOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;FindOneAndDeleteOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;FindOneAndReplaceOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;FindOneAndUpdateOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;FindOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;InsertOneOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ListCollectionsOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ListDatabasesOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ListIndexesOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;MapReduceOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ProfilingLevelOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;RemoveUserOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;RenameOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ReplaceOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;RunCommandOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;SetProfilingLevelOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;TransactionOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;UpdateOptions;", //
-        "mongodb;CommandOperationOptions;mongodb;ValidateCollectionOptions;", //
-        "mongodb;CommandOperationOptions;mongoose;mongodb.CommandOperationOptions;", //
-        "mongodb;ConnectionOptions;mongodb/mongodb;ConnectionOptions;", //
-        "mongodb;ConnectionOptions;mongoose;mongodb.ConnectionOptions;", //
-        "mongodb;CountDocumentsOptions;mongodb/mongodb;CountDocumentsOptions;", //
-        "mongodb;CountDocumentsOptions;mongodb;Collection;Member[countDocuments].Argument[1]", //
-        "mongodb;CountDocumentsOptions;mongoose;mongodb.CountDocumentsOptions;", //
-        "mongodb;CountOptions;mongodb/mongodb;CountOptions;", //
-        "mongodb;CountOptions;mongodb;Collection;Member[count].Argument[1]", //
-        "mongodb;CountOptions;mongodb;FindCursor;Member[count].Argument[0]", //
-        "mongodb;CountOptions;mongoose;mongodb.CountOptions;", //
-        "mongodb;CreateCollectionOptions;mongodb/mongodb;CreateCollectionOptions;", //
-        "mongodb;CreateCollectionOptions;mongodb;Db;Member[createCollection].WithArity[1,2,3].Argument[1]", //
-        "mongodb;CreateCollectionOptions;mongoose;mongodb.CreateCollectionOptions;", //
-        "mongodb;CreateIndexesOptions;mongodb/mongodb;CreateIndexesOptions;", //
-        "mongodb;CreateIndexesOptions;mongodb;Collection;Member[createIndex,createIndexes].Argument[1]", //
-        "mongodb;CreateIndexesOptions;mongodb;Db;Member[createIndex].Argument[2]", //
-        "mongodb;CreateIndexesOptions;mongoose;mongodb.CreateIndexesOptions;", //
-        "mongodb;Db;mongodb/mongodb;Db;", //
-        "mongodb;Db;mongodb;ChangeStream;Member[parent]", //
-        "mongodb;Db;mongodb;DbStatic;Instance", //
-        "mongodb;Db;mongodb;GridFSBucketStatic;Argument[0]", //
-        "mongodb;Db;mongodb;ListCollectionsCursor;Member[parent]", //
-        "mongodb;Db;mongodb;ListCollectionsCursorStatic;Argument[0]", //
-        "mongodb;Db;mongodb;MongoClient;Member[db].ReturnValue", //
-        "mongodb;Db;mongoose;mongodb.Db;", //
-        "mongodb;DbStatic;mongodb/mongodb;DbStatic;", //
-        "mongodb;DbStatic;mongodb;;Member[Db]", //
-        "mongodb;DbStatic;mongoose;mongodb.DbStatic;", //
-        "mongodb;DbStatsOptions;mongodb/mongodb;DbStatsOptions;", //
-        "mongodb;DbStatsOptions;mongodb;Db;Member[stats].Argument[0]", //
-        "mongodb;DbStatsOptions;mongoose;mongodb.DbStatsOptions;", //
-        "mongodb;DeleteManyModel;mongodb/mongodb;DeleteManyModel;", //
-        "mongodb;DeleteManyModel;mongodb;AnyBulkWriteOperation;Member[deleteMany]", //
-        "mongodb;DeleteManyModel;mongoose;mongodb.DeleteManyModel;", //
-        "mongodb;DeleteOneModel;mongodb/mongodb;DeleteOneModel;", //
-        "mongodb;DeleteOneModel;mongodb;AnyBulkWriteOperation;Member[deleteOne]", //
-        "mongodb;DeleteOneModel;mongoose;mongodb.DeleteOneModel;", //
-        "mongodb;DeleteOptions;mongodb/mongodb;DeleteOptions;", //
-        "mongodb;DeleteOptions;mongodb;Collection;Member[deleteMany,deleteOne,remove].Argument[1]", //
-        "mongodb;DeleteOptions;mongoose;mongodb.DeleteOptions;", //
-        "mongodb;DistinctOptions;mongodb/mongodb;DistinctOptions;", //
-        "mongodb;DistinctOptions;mongodb;Collection;Member[distinct].Argument[2]", //
-        "mongodb;DistinctOptions;mongoose;mongodb.DistinctOptions;", //
-        "mongodb;DropCollectionOptions;mongodb/mongodb;DropCollectionOptions;", //
-        "mongodb;DropCollectionOptions;mongodb;Collection;Member[drop].Argument[0]", //
-        "mongodb;DropCollectionOptions;mongodb;Db;Member[dropCollection].Argument[1]", //
-        "mongodb;DropCollectionOptions;mongoose;mongodb.DropCollectionOptions;", //
-        "mongodb;DropDatabaseOptions;mongodb/mongodb;DropDatabaseOptions;", //
-        "mongodb;DropDatabaseOptions;mongodb;Db;Member[dropDatabase].Argument[0]", //
-        "mongodb;DropDatabaseOptions;mongoose;mongodb.DropDatabaseOptions;", //
-        "mongodb;DropIndexesOptions;mongodb/mongodb;DropIndexesOptions;", //
-        "mongodb;DropIndexesOptions;mongodb;Collection;Member[dropIndex].Argument[1]", //
-        "mongodb;DropIndexesOptions;mongodb;Collection;Member[dropIndexes].Argument[0]", //
-        "mongodb;DropIndexesOptions;mongoose;mongodb.DropIndexesOptions;", //
-        "mongodb;EstimatedDocumentCountOptions;mongodb/mongodb;EstimatedDocumentCountOptions;", //
-        "mongodb;EstimatedDocumentCountOptions;mongodb;Collection;Member[estimatedDocumentCount].Argument[0]", //
-        "mongodb;EstimatedDocumentCountOptions;mongoose;mongodb.EstimatedDocumentCountOptions;", //
-        "mongodb;EvalOptions;mongodb/mongodb;EvalOptions;", //
-        "mongodb;EvalOptions;mongoose;mongodb.EvalOptions;", //
-        "mongodb;FindCursor;mongodb/mongodb;FindCursor;", //
-        "mongodb;FindCursor;mongodb;Collection;Member[find].WithArity[0,1,2].ReturnValue", //
-        "mongodb;FindCursor;mongodb;FindCursor;Member[addQueryModifier,allowDiskUse,clone,collation,comment,filter,hint,limit,map,max,maxAwaitTimeMS,maxTimeMS,min,project,returnKey,showRecordId,skip,sort].ReturnValue", //
-        "mongodb;FindCursor;mongodb;FindCursorStatic;Instance", //
-        "mongodb;FindCursor;mongodb;GridFSBucket;Member[find].ReturnValue", //
-        "mongodb;FindCursor;mongoose;mongodb.FindCursor;", //
-        "mongodb;FindCursorStatic;mongodb/mongodb;FindCursorStatic;", //
-        "mongodb;FindCursorStatic;mongodb;;Member[FindCursor]", //
-        "mongodb;FindCursorStatic;mongoose;mongodb.FindCursorStatic;", //
-        "mongodb;FindOneAndDeleteOptions;mongodb/mongodb;FindOneAndDeleteOptions;", //
-        "mongodb;FindOneAndDeleteOptions;mongodb;Collection;Member[findOneAndDelete].Argument[1]", //
-        "mongodb;FindOneAndDeleteOptions;mongoose;mongodb.FindOneAndDeleteOptions;", //
-        "mongodb;FindOneAndReplaceOptions;mongodb/mongodb;FindOneAndReplaceOptions;", //
-        "mongodb;FindOneAndReplaceOptions;mongodb;Collection;Member[findOneAndReplace].Argument[2]", //
-        "mongodb;FindOneAndReplaceOptions;mongoose;mongodb.FindOneAndReplaceOptions;", //
-        "mongodb;FindOneAndUpdateOptions;mongodb/mongodb;FindOneAndUpdateOptions;", //
-        "mongodb;FindOneAndUpdateOptions;mongodb;Collection;Member[findOneAndUpdate].Argument[2]", //
-        "mongodb;FindOneAndUpdateOptions;mongoose;mongodb.FindOneAndUpdateOptions;", //
-        "mongodb;FindOperators;mongodb/mongodb;FindOperators;", //
-        "mongodb;FindOperators;mongodb;BulkOperationBase;Member[find].ReturnValue", //
-        "mongodb;FindOperators;mongodb;FindOperators;Member[arrayFilters,collation,upsert].ReturnValue", //
-        "mongodb;FindOperators;mongodb;FindOperatorsStatic;Instance", //
-        "mongodb;FindOperators;mongoose;mongodb.FindOperators;", //
-        "mongodb;FindOperatorsStatic;mongodb/mongodb;FindOperatorsStatic;", //
-        "mongodb;FindOperatorsStatic;mongodb;;Member[FindOperators]", //
-        "mongodb;FindOperatorsStatic;mongoose;mongodb.FindOperatorsStatic;", //
-        "mongodb;FindOptions;mongodb/mongodb;FindOptions;", //
-        "mongodb;FindOptions;mongodb;Collection;Member[find,findOne].Argument[1]", //
-        "mongodb;FindOptions;mongodb;GridFSBucket;Member[find].Argument[1]", //
-        "mongodb;FindOptions;mongoose;mongodb.FindOptions;", //
-        "mongodb;GridFSBucket;mongodb/mongodb;GridFSBucket;", //
-        "mongodb;GridFSBucket;mongodb;GridFSBucketStatic;Instance", //
-        "mongodb;GridFSBucket;mongodb;GridFSBucketWriteStream;Member[bucket]", //
-        "mongodb;GridFSBucket;mongoose;mongodb.GridFSBucket;", //
-        "mongodb;GridFSBucketStatic;mongodb/mongodb;GridFSBucketStatic;", //
-        "mongodb;GridFSBucketStatic;mongodb;;Member[GridFSBucket]", //
-        "mongodb;GridFSBucketStatic;mongoose;mongodb.GridFSBucketStatic;", //
-        "mongodb;GridFSBucketWriteStream;mongodb/mongodb;GridFSBucketWriteStream;", //
-        "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucket;Member[openUploadStream,openUploadStreamWithId].ReturnValue", //
-        "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucketWriteStream;Member[end].ReturnValue", //
-        "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucketWriteStreamStatic;Instance", //
-        "mongodb;GridFSBucketWriteStream;mongoose;mongodb.GridFSBucketWriteStream;", //
-        "mongodb;GridFSBucketWriteStreamStatic;mongodb/mongodb;GridFSBucketWriteStreamStatic;", //
-        "mongodb;GridFSBucketWriteStreamStatic;mongodb;;Member[GridFSBucketWriteStream]", //
-        "mongodb;GridFSBucketWriteStreamStatic;mongoose;mongodb.GridFSBucketWriteStreamStatic;", //
-        "mongodb;IndexInformationOptions;mongodb/mongodb;IndexInformationOptions;", //
-        "mongodb;IndexInformationOptions;mongodb;Collection;Member[indexExists].Argument[1]", //
-        "mongodb;IndexInformationOptions;mongodb;Collection;Member[indexInformation,indexes].Argument[0]", //
-        "mongodb;IndexInformationOptions;mongodb;Db;Member[indexInformation].Argument[1]", //
-        "mongodb;IndexInformationOptions;mongoose;mongodb.IndexInformationOptions;", //
-        "mongodb;InsertOneOptions;mongodb/mongodb;InsertOneOptions;", //
-        "mongodb;InsertOneOptions;mongodb;Collection;Member[insertOne].Argument[1]", //
-        "mongodb;InsertOneOptions;mongoose;mongodb.InsertOneOptions;", //
-        "mongodb;ListCollectionsCursor;mongodb/mongodb;ListCollectionsCursor;", //
-        "mongodb;ListCollectionsCursor;mongodb;Db;Member[listCollections].WithArity[0,1,2].ReturnValue", //
-        "mongodb;ListCollectionsCursor;mongodb;ListCollectionsCursor;Member[clone].ReturnValue", //
-        "mongodb;ListCollectionsCursor;mongodb;ListCollectionsCursorStatic;Instance", //
-        "mongodb;ListCollectionsCursor;mongoose;mongodb.ListCollectionsCursor;", //
-        "mongodb;ListCollectionsCursorStatic;mongodb/mongodb;ListCollectionsCursorStatic;", //
-        "mongodb;ListCollectionsCursorStatic;mongodb;;Member[ListCollectionsCursor]", //
-        "mongodb;ListCollectionsCursorStatic;mongoose;mongodb.ListCollectionsCursorStatic;", //
-        "mongodb;ListCollectionsOptions;mongodb/mongodb;ListCollectionsOptions;", //
-        "mongodb;ListCollectionsOptions;mongodb;Db;Member[collections].Argument[0]", //
-        "mongodb;ListCollectionsOptions;mongodb;Db;Member[listCollections].WithArity[0,1,2].Argument[1]", //
-        "mongodb;ListCollectionsOptions;mongodb;ListCollectionsCursor;Member[options]", //
-        "mongodb;ListCollectionsOptions;mongodb;ListCollectionsCursorStatic;Argument[2]", //
-        "mongodb;ListCollectionsOptions;mongoose;mongodb.ListCollectionsOptions;", //
-        "mongodb;ListDatabasesOptions;mongodb/mongodb;ListDatabasesOptions;", //
-        "mongodb;ListDatabasesOptions;mongodb;Admin;Member[listDatabases].Argument[0]", //
-        "mongodb;ListDatabasesOptions;mongoose;mongodb.ListDatabasesOptions;", //
-        "mongodb;ListIndexesCursor;mongodb/mongodb;ListIndexesCursor;", //
-        "mongodb;ListIndexesCursor;mongodb;Collection;Member[listIndexes].ReturnValue", //
-        "mongodb;ListIndexesCursor;mongodb;ListIndexesCursor;Member[clone].ReturnValue", //
-        "mongodb;ListIndexesCursor;mongodb;ListIndexesCursorStatic;Instance", //
-        "mongodb;ListIndexesCursor;mongoose;mongodb.ListIndexesCursor;", //
-        "mongodb;ListIndexesCursorStatic;mongodb/mongodb;ListIndexesCursorStatic;", //
-        "mongodb;ListIndexesCursorStatic;mongodb;;Member[ListIndexesCursor]", //
-        "mongodb;ListIndexesCursorStatic;mongoose;mongodb.ListIndexesCursorStatic;", //
-        "mongodb;ListIndexesOptions;mongodb/mongodb;ListIndexesOptions;", //
-        "mongodb;ListIndexesOptions;mongodb;Collection;Member[listIndexes].Argument[0]", //
-        "mongodb;ListIndexesOptions;mongodb;ListIndexesCursor;Member[options]", //
-        "mongodb;ListIndexesOptions;mongodb;ListIndexesCursorStatic;Argument[1]", //
-        "mongodb;ListIndexesOptions;mongoose;mongodb.ListIndexesOptions;", //
-        "mongodb;MapReduceOptions;mongodb/mongodb;MapReduceOptions;", //
-        "mongodb;MapReduceOptions;mongodb;Collection;Member[mapReduce].Argument[2]", //
-        "mongodb;MapReduceOptions;mongoose;mongodb.MapReduceOptions;", //
-        "mongodb;MongoClient;mongodb/mongodb;MongoClient;", //
-        "mongodb;MongoClient;mongodb;AutoEncrypter;Argument[0]", //
-        "mongodb;MongoClient;mongodb;AutoEncryptionOptions;Member[keyVaultClient]", //
-        "mongodb;MongoClient;mongodb;ChangeStream;Member[parent]", //
-        "mongodb;MongoClient;mongodb;DbStatic;Argument[0]", //
-        "mongodb;MongoClient;mongodb;MongoClient;Member[connect].Argument[0].TypeVar[mongodb.Callback.0]", //
-        "mongodb;MongoClient;mongodb;MongoClient;Member[connect].WithArity[0].ReturnValue.Awaited", //
-        "mongodb;MongoClient;mongodb;MongoClientEvents;Member[open].Argument[0]", //
-        "mongodb;MongoClient;mongodb;MongoClientStatic;Instance", //
-        "mongodb;MongoClient;mongodb;MongoClientStatic;Member[connect].Argument[1,2].TypeVar[mongodb.Callback.0]", //
-        "mongodb;MongoClient;mongodb;MongoClientStatic;Member[connect].WithArity[1,2].ReturnValue.Awaited", //
-        "mongodb;MongoClient;mongoose;mongodb.MongoClient;", //
-        "mongodb;MongoClientEvents;mongodb/mongodb;MongoClientEvents;", //
-        "mongodb;MongoClientEvents;mongoose;mongodb.MongoClientEvents;", //
-        "mongodb;MongoClientOptions;mongodb/mongodb;MongoClientOptions;", //
-        "mongodb;MongoClientOptions;mongodb;MongoClientStatic;Argument[1]", //
-        "mongodb;MongoClientOptions;mongodb;MongoClientStatic;Member[connect].Argument[1]", //
-        "mongodb;MongoClientOptions;mongoose;mongodb.MongoClientOptions;", //
-        "mongodb;MongoClientStatic;mongodb/mongodb;MongoClientStatic;", //
-        "mongodb;MongoClientStatic;mongodb;;Member[MongoClient]", //
-        "mongodb;MongoClientStatic;mongoose;mongodb.MongoClientStatic;", //
-        "mongodb;MongoOptions;mongodb/mongodb;MongoOptions;", //
-        "mongodb;MongoOptions;mongodb;ClientSession;Member[clientOptions]", //
-        "mongodb;MongoOptions;mongodb;MongoClient;Member[options]", //
-        "mongodb;MongoOptions;mongoose;mongodb.MongoOptions;", //
-        "mongodb;OperationOptions;mongodb/mongodb;OperationOptions;", //
-        "mongodb;OperationOptions;mongodb;Collection;Member[isCapped,options].Argument[0]", //
-        "mongodb;OperationOptions;mongodb;CommandOperationOptions;", //
-        "mongodb;OperationOptions;mongoose;mongodb.OperationOptions;", //
-        "mongodb;OrderedBulkOperation;mongodb/mongodb;OrderedBulkOperation;", //
-        "mongodb;OrderedBulkOperation;mongodb;Collection;Member[initializeOrderedBulkOp].ReturnValue", //
-        "mongodb;OrderedBulkOperation;mongodb;OrderedBulkOperation;Member[addToOperationsList].ReturnValue", //
-        "mongodb;OrderedBulkOperation;mongodb;OrderedBulkOperationStatic;Instance", //
-        "mongodb;OrderedBulkOperation;mongoose;mongodb.OrderedBulkOperation;", //
-        "mongodb;OrderedBulkOperationStatic;mongodb/mongodb;OrderedBulkOperationStatic;", //
-        "mongodb;OrderedBulkOperationStatic;mongodb;;Member[OrderedBulkOperation]", //
-        "mongodb;OrderedBulkOperationStatic;mongoose;mongodb.OrderedBulkOperationStatic;", //
-        "mongodb;ProfilingLevelOptions;mongodb/mongodb;ProfilingLevelOptions;", //
-        "mongodb;ProfilingLevelOptions;mongodb;Db;Member[profilingLevel].Argument[0]", //
-        "mongodb;ProfilingLevelOptions;mongoose;mongodb.ProfilingLevelOptions;", //
-        "mongodb;ReadPreferenceFromOptions;mongodb/mongodb;ReadPreferenceFromOptions;", //
-        "mongodb;ReadPreferenceFromOptions;mongodb;ReadPreferenceStatic;Member[fromOptions].Argument[0]", //
-        "mongodb;ReadPreferenceFromOptions;mongoose;mongodb.ReadPreferenceFromOptions;", //
-        "mongodb;ReadPreferenceStatic;mongodb/mongodb;ReadPreferenceStatic;", //
-        "mongodb;ReadPreferenceStatic;mongodb;;Member[ReadPreference]", //
-        "mongodb;ReadPreferenceStatic;mongoose;mongodb.ReadPreferenceStatic;", //
-        "mongodb;RemoveUserOptions;mongodb/mongodb;RemoveUserOptions;", //
-        "mongodb;RemoveUserOptions;mongodb;Admin;Member[removeUser].Argument[1]", //
-        "mongodb;RemoveUserOptions;mongodb;Db;Member[removeUser].Argument[1]", //
-        "mongodb;RemoveUserOptions;mongoose;mongodb.RemoveUserOptions;", //
-        "mongodb;RenameOptions;mongodb/mongodb;RenameOptions;", //
-        "mongodb;RenameOptions;mongodb;Collection;Member[rename].Argument[1]", //
-        "mongodb;RenameOptions;mongodb;Db;Member[renameCollection].Argument[2]", //
-        "mongodb;RenameOptions;mongoose;mongodb.RenameOptions;", //
-        "mongodb;ReplaceOptions;mongodb/mongodb;ReplaceOptions;", //
-        "mongodb;ReplaceOptions;mongodb;Collection;Member[replaceOne].Argument[2]", //
-        "mongodb;ReplaceOptions;mongoose;mongodb.ReplaceOptions;", //
-        "mongodb;RunCommandOptions;mongodb/mongodb;RunCommandOptions;", //
-        "mongodb;RunCommandOptions;mongodb;Admin;Member[command].Argument[1]", //
-        "mongodb;RunCommandOptions;mongodb;Db;Member[command].Argument[1]", //
-        "mongodb;RunCommandOptions;mongoose;mongodb.RunCommandOptions;", //
-        "mongodb;SelectServerOptions;mongodb/mongodb;SelectServerOptions;", //
-        "mongodb;SelectServerOptions;mongoose;mongodb.SelectServerOptions;", //
-        "mongodb;SetProfilingLevelOptions;mongodb/mongodb;SetProfilingLevelOptions;", //
-        "mongodb;SetProfilingLevelOptions;mongodb;Db;Member[setProfilingLevel].Argument[1]", //
-        "mongodb;SetProfilingLevelOptions;mongoose;mongodb.SetProfilingLevelOptions;", //
-        "mongodb;Transaction;mongodb/mongodb;Transaction;", //
-        "mongodb;Transaction;mongodb;ClientSession;Member[transaction]", //
-        "mongodb;Transaction;mongodb;TransactionStatic;Instance", //
-        "mongodb;Transaction;mongoose;mongodb.Transaction;", //
-        "mongodb;TransactionOptions;mongodb/mongodb;TransactionOptions;", //
-        "mongodb;TransactionOptions;mongodb;ClientSession;Member[defaultTransactionOptions]", //
-        "mongodb;TransactionOptions;mongodb;ClientSession;Member[startTransaction].Argument[0]", //
-        "mongodb;TransactionOptions;mongodb;ClientSession;Member[withTransaction].Argument[1]", //
-        "mongodb;TransactionOptions;mongodb;ClientSessionOptions;Member[defaultTransactionOptions]", //
-        "mongodb;TransactionOptions;mongodb;Transaction;Member[options]", //
-        "mongodb;TransactionOptions;mongoose;mongodb.TransactionOptions;", //
-        "mongodb;TransactionStatic;mongodb/mongodb;TransactionStatic;", //
-        "mongodb;TransactionStatic;mongodb;;Member[Transaction]", //
-        "mongodb;TransactionStatic;mongoose;mongodb.TransactionStatic;", //
-        "mongodb;TypedEventEmitter;mongodb;AbstractCursor;", //
-        "mongodb;TypedEventEmitter;mongodb;ChangeStream;", //
-        "mongodb;TypedEventEmitter;mongodb;ClientSession;", //
-        "mongodb;TypedEventEmitter;mongodb;GridFSBucket;", //
-        "mongodb;TypedEventEmitter;mongodb;MongoClient;", //
-        "mongodb;UnorderedBulkOperation;mongodb/mongodb;UnorderedBulkOperation;", //
-        "mongodb;UnorderedBulkOperation;mongodb;Collection;Member[initializeUnorderedBulkOp].ReturnValue", //
-        "mongodb;UnorderedBulkOperation;mongodb;UnorderedBulkOperation;Member[addToOperationsList].ReturnValue", //
-        "mongodb;UnorderedBulkOperation;mongodb;UnorderedBulkOperationStatic;Instance", //
-        "mongodb;UnorderedBulkOperation;mongoose;mongodb.UnorderedBulkOperation;", //
-        "mongodb;UnorderedBulkOperationStatic;mongodb/mongodb;UnorderedBulkOperationStatic;", //
-        "mongodb;UnorderedBulkOperationStatic;mongodb;;Member[UnorderedBulkOperation]", //
-        "mongodb;UnorderedBulkOperationStatic;mongoose;mongodb.UnorderedBulkOperationStatic;", //
-        "mongodb;UpdateManyModel;mongodb/mongodb;UpdateManyModel;", //
-        "mongodb;UpdateManyModel;mongodb;AnyBulkWriteOperation;Member[updateMany]", //
-        "mongodb;UpdateManyModel;mongoose;mongodb.UpdateManyModel;", //
-        "mongodb;UpdateOneModel;mongodb/mongodb;UpdateOneModel;", //
-        "mongodb;UpdateOneModel;mongodb;AnyBulkWriteOperation;Member[updateOne]", //
-        "mongodb;UpdateOneModel;mongoose;mongodb.UpdateOneModel;", //
-        "mongodb;UpdateOptions;mongodb/mongodb;UpdateOptions;", //
-        "mongodb;UpdateOptions;mongodb;Collection;Member[update,updateMany,updateOne].Argument[2]", //
-        "mongodb;UpdateOptions;mongoose;mongodb.UpdateOptions;", //
-        "mongodb;ValidateCollectionOptions;mongodb/mongodb;ValidateCollectionOptions;", //
-        "mongodb;ValidateCollectionOptions;mongodb;Admin;Member[validateCollection].Argument[1]", //
-        "mongodb;ValidateCollectionOptions;mongoose;mongodb.ValidateCollectionOptions;", //
-        "mongodb;WithSessionCallback;mongodb/mongodb;WithSessionCallback;", //
-        "mongodb;WithSessionCallback;mongodb;MongoClient;Member[withSession].Argument[1]", //
-        "mongodb;WithSessionCallback;mongodb;MongoClient;Member[withSession].WithArity[1].Argument[0]", //
-        "mongodb;WithSessionCallback;mongoose;mongodb.WithSessionCallback;", //
-        "mongodb;WithTransactionCallback;mongodb/mongodb;WithTransactionCallback;", //
-        "mongodb;WithTransactionCallback;mongodb;ClientSession;Member[withTransaction].Argument[0]", //
-        "mongodb;WithTransactionCallback;mongoose;mongodb.WithTransactionCallback;", //
-        "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ObtainDocumentPathType;", //
-        "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3].ArrayElement", //
-        "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3].TypeVar[mongoose.Types.DocumentArray.0]", //
-        "mongoose;;mongoose;;Member[mongoose]", //
-        "mongoose;AcceptsDiscriminator;mongoose;Model;", //
-        "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.Array;", //
-        "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.DocumentArray;", //
-        "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.Subdocument;", //
-        "mongoose;Aggregate;mongoose;Aggregate;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue", //
-        "mongoose;Aggregate;mongoose;AggregateStatic;Instance", //
-        "mongoose;Aggregate;mongoose;Model;Member[aggregate].ReturnValue", //
-        "mongoose;AggregateStatic;mongoose;;Member[Aggregate]", //
-        "mongoose;Collection;mongoose;;Member[Collection]", //
-        "mongoose;Collection;mongoose;Collection;Instance", //
-        "mongoose;Collection;mongoose;Connection;Member[collection].ReturnValue", //
-        "mongoose;Collection;mongoose;Connection;Member[collections].AnyMember", //
-        "mongoose;Collection;mongoose;Document;Member[collection]", //
-        "mongoose;Collection;mongoose;Model;Member[collection]", //
-        "mongoose;CollectionBase;mongoose;Collection;", //
-        "mongoose;CompileModelOptions;mongoose;;Member[model].Argument[3]", //
-        "mongoose;CompileModelOptions;mongoose;Connection;Member[model].Argument[3]", //
-        "mongoose;ConnectOptions;mongoose;;Member[connect,createConnection].WithArity[1,2,3].Argument[1]", //
-        "mongoose;ConnectOptions;mongoose;Connection;Member[openUri].WithArity[1,2,3].Argument[1]", //
-        "mongoose;Connection;mongoose;;Member[connection]", //
-        "mongoose;Connection;mongoose;;Member[connections].ArrayElement", //
-        "mongoose;Connection;mongoose;;Member[createConnection].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Connection;mongoose;;Member[createConnection].WithArity[0,1,2].ReturnValue", //
-        "mongoose;Connection;mongoose;;Member[createConnection].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Connection;mongoose;Collection;Argument[1]", //
-        "mongoose;Connection;mongoose;CollectionBase;Member[conn]", //
-        "mongoose;Connection;mongoose;CompileModelOptions;Member[connection]", //
-        "mongoose;Connection;mongoose;Connection;Member[asPromise].ReturnValue.Awaited", //
-        "mongoose;Connection;mongoose;Connection;Member[deleteModel,plugin,setClient,useDb].ReturnValue", //
-        "mongoose;Connection;mongoose;Connection;Member[openUri].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[1,2].ReturnValue.Awaited", //
-        "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[2,3].ReturnValue", //
-        "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Connection;mongoose;ConnectionStatic;Instance", //
-        "mongoose;Connection;mongoose;Document;Member[db]", //
-        "mongoose;Connection;mongoose;Model;Member[db]", //
-        "mongoose;ConnectionStatic;mongoose;;Member[Connection]", //
-        "mongoose;Cursor;mongoose;Query;Member[cursor].ReturnValue", //
-        "mongoose;DiscriminatorModel;mongoose;DiscriminatorSchema;TypeVar[mongoose.Schema.1]", //
-        "mongoose;Document;mongoose;Document;Member[$getAllSubdocs,$getPopulatedDocs].ReturnValue.ArrayElement", //
-        "mongoose;Document;mongoose;Document;Member[$inc,$parent,$set,depopulate,increment,init,overwrite,set].ReturnValue", //
-        "mongoose;Document;mongoose;Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]", //
-        "mongoose;Document;mongoose;Document;Member[equals].Argument[0]", //
-        "mongoose;Document;mongoose;Document;Member[init].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Document;mongoose;Document;Member[remove,save].WithArity[0,1].ReturnValue.Awaited", //
-        "mongoose;Document;mongoose;Document;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1]", //
-        "mongoose;Document;mongoose;Document;Member[save].Argument[1].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Document;mongoose;Document;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0]", //
-        "mongoose;Document;mongoose;DocumentStatic;Instance", //
-        "mongoose;Document;mongoose;Error.VersionErrorStatic;Argument[0]", //
-        "mongoose;Document;mongoose;HydratedDocument;", //
-        "mongoose;Document;mongoose;HydratedDocument;TypeVar[mongoose.Require_id.0]", //
-        "mongoose;Document;mongoose;Model;Member[bulkSave].Argument[0].ArrayElement", //
-        "mongoose;Document;mongoose;TVirtualPathFN;Argument[2]", //
-        "mongoose;Document;mongoose;Types.Subdocument;", //
-        "mongoose;Document;mongoose;Types.Subdocument;Member[$parent,ownerDocument,parent].ReturnValue", //
-        "mongoose;Document;mongoose;VirtualType;Member[applyGetters,applySetters].Argument[1]", //
-        "mongoose;DocumentStatic;mongoose;;Member[Document]", //
-        "mongoose;Error.VersionErrorStatic;mongoose;;Member[Error].Member[VersionError]", //
-        "mongoose;HydratedDocument;mongoose;Model;Instance", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[$where,find,geoSearch,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[create,insertMany].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[0..,1,2].ReturnValue.Awaited.ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[1].ReturnValue.Awaited", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[exists].WithArity[1,2].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[find,insertMany].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findById,findOne].Argument[3].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findById].WithArity[1,2,3].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findOneAndReplace].WithArity[0,1,2,3,4].Argument[3].Argument[1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findOneAndUpdate].WithArity[3,4].Argument[3].Argument[1]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findOne].WithArity[0,1,2].Argument[1,2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[findOne].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[geoSearch].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[hydrate].ReturnValue", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[init].ReturnValue.Awaited", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[insertMany].WithArity[1,2].ReturnValue.Awaited.ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0]", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].ReturnValue.Awaited", //
-        "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].ReturnValue.Awaited.ArrayElement", //
-        "mongoose;HydratedDocument;mongoose;TVirtualPathFN;Argument[1].TypeVar[mongoose.VirtualType.0]", //
-        "mongoose;HydratedDocument;mongoose;VirtualPathFunctions;Member[options].TypeVar[mongoose.VirtualTypeOptions.0]", //
-        "mongoose;InsertManyOptions;mongoose;Model;Member[insertMany].WithArity[2,3].Argument[1]", //
-        "mongoose;Model;mongoose;;Member[Model]", //
-        "mongoose;Model;mongoose;;Member[model].ReturnValue", //
-        "mongoose;Model;mongoose;AcceptsDiscriminator;Member[discriminator].WithArity[2,3].ReturnValue", //
-        "mongoose;Model;mongoose;Aggregate;Member[model].Argument[0]", //
-        "mongoose;Model;mongoose;Connection;Member[model].WithArity[1,2,3,4].ReturnValue", //
-        "mongoose;Model;mongoose;Connection;Member[models].AnyMember", //
-        "mongoose;Model;mongoose;DiscriminatorModel;", //
-        "mongoose;Model;mongoose;Document;Member[$model].ReturnValue", //
-        "mongoose;Model;mongoose;Document;Member[populate].Argument[2]", //
-        "mongoose;Model;mongoose;Model;Member[discriminators].AnyMember", //
-        "mongoose;Model;mongoose;Models;AnyMember", //
-        "mongoose;Model;mongoose;PopulateOptions;Member[model]", //
-        "mongoose;Model;mongoose;Query;Member[cast].Argument[0]", //
-        "mongoose;Model;mongoose;Query;Member[populate].Argument[2]", //
-        "mongoose;Model;mongoose;Schema.Types.Array;Member[discriminator].WithArity[2,3].ReturnValue", //
-        "mongoose;Model;mongoose;Schema.Types.DocumentArray;Member[discriminator].WithArity[2,3].ReturnValue", //
-        "mongoose;Model;mongoose;Schema.Types.Subdocument;Member[discriminator].WithArity[2,3].ReturnValue", //
-        "mongoose;Model;mongoose;SchemaStatic;Instance.TypeVar[mongoose.Schema.1]", //
-        "mongoose;Models;mongoose;;Member[models]", //
-        "mongoose;PopulateOption;mongoose;InsertManyOptions;", //
-        "mongoose;PopulateOption;mongoose;QueryOptions;", //
-        "mongoose;PopulateOptions;mongoose;Document;Member[populate].Argument[4]", //
-        "mongoose;PopulateOptions;mongoose;Document;Member[populate].WithArity[1,2].Argument[0]", //
-        "mongoose;PopulateOptions;mongoose;Document;Member[populate].WithArity[1,2].Argument[0].ArrayElement", //
-        "mongoose;PopulateOptions;mongoose;Model;Member[populate].Argument[1]", //
-        "mongoose;PopulateOptions;mongoose;Model;Member[populate].Argument[1].ArrayElement", //
-        "mongoose;PopulateOptions;mongoose;PopulateOption;Member[populate]", //
-        "mongoose;PopulateOptions;mongoose;PopulateOption;Member[populate].ArrayElement", //
-        "mongoose;PopulateOptions;mongoose;PopulateOptions;Member[populate]", //
-        "mongoose;PopulateOptions;mongoose;PopulateOptions;Member[populate].ArrayElement", //
-        "mongoose;PopulateOptions;mongoose;Query;Member[populate].WithArity[1].Argument[0]", //
-        "mongoose;PopulateOptions;mongoose;Query;Member[populate].WithArity[1].Argument[0].ArrayElement", //
-        "mongoose;Query;mongoose;Document;Member[replaceOne,update,updateOne].ReturnValue", //
-        "mongoose;Query;mongoose;HydratedDocument;TypeVar[mongoose.Require_id.0]", //
-        "mongoose;Query;mongoose;Query;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,remove,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue", //
-        "mongoose;Query;mongoose;Query;Member[error].WithArity[1].ReturnValue", //
-        "mongoose;Query;mongoose;Query;Member[merge].Argument[0]", //
-        "mongoose;Query;mongoose;QueryStatic;Instance", //
-        "mongoose;Query;mongoose;QueryWithHelpers;", //
-        "mongoose;QueryOptions;mongoose;Document;Member[delete,deleteOne,remove].WithArity[0,1,2].Argument[0]", //
-        "mongoose;QueryOptions;mongoose;Document;Member[replaceOne,update,updateOne].Argument[1]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[countDocuments,findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[1]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[estimatedDocumentCount].Argument[0]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[find,findById].WithArity[1,2,3,4].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[findByIdAndUpdate,findOne,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;Model;Member[replaceOne,update,updateMany,updateOne].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;PopulateOptions;Member[options]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[cursor,estimatedDocumentCount,setOptions].Argument[0]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[findByIdAndUpdate,findOne,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[find].WithArity[1,2,3,4].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;Query;Member[getOptions].ReturnValue", //
-        "mongoose;QueryOptions;mongoose;Query;Member[replaceOne,update,updateMany,updateOne].Argument[2]", //
-        "mongoose;QueryOptions;mongoose;VirtualTypeOptions;Member[options]", //
-        "mongoose;QueryStatic;mongoose;;Member[Query]", //
-        "mongoose;QueryWithHelpers;mongoose;Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Model;Member[exists].WithArity[1,2].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Query;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Query;Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue", //
-        "mongoose;QueryWithHelpers;mongoose;Query;Member[toConstructor].ReturnValue.Instance", //
-        "mongoose;Schema.Types.Array;mongoose;Schema.Types.Array;Member[enum].ReturnValue", //
-        "mongoose;Schema.Types.Array;mongoose;Schema.Types.ArrayStatic;Instance", //
-        "mongoose;Schema.Types.ArrayStatic;mongoose;;Member[Schema].Member[Types].Member[Array]", //
-        "mongoose;Schema.Types.DocumentArray;mongoose;Schema.Types.DocumentArrayStatic;Instance", //
-        "mongoose;Schema.Types.DocumentArrayStatic;mongoose;;Member[Schema].Member[Types].Member[DocumentArray]", //
-        "mongoose;Schema.Types.Subdocument;mongoose;Schema.Types.SubdocumentStatic;Instance", //
-        "mongoose;Schema.Types.SubdocumentStatic;mongoose;;Member[Schema].Member[Types].Member[Subdocument]", //
-        "mongoose;Schema.Types.SubdocumentStatic;mongoose;Schema.Types.DocumentArray;Member[caster]", //
-        "mongoose;SchemaStatic;mongoose;;Member[Schema]", //
-        "mongoose;SessionOperation;mongoose;Aggregate;", //
-        "mongoose;SessionOperation;mongoose;Query;", //
-        "mongoose;TVirtualPathFN;mongoose;VirtualPathFunctions;Member[get,set]", //
-        "mongoose;Types.Array;mongoose;Types.DocumentArray;", //
-        "mongoose;Types.ArraySubdocument;mongoose;Types.ArraySubdocumentStatic;Instance", //
-        "mongoose;Types.ArraySubdocumentStatic;mongoose;;Member[Types].Member[ArraySubdocument]", //
-        "mongoose;Types.DocumentArray;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3]", //
-        "mongoose;Types.DocumentArray;mongoose;Types.ArraySubdocument;Member[parentArray].ReturnValue", //
-        "mongoose;Types.DocumentArray;mongoose;Types.DocumentArrayStatic;Instance", //
-        "mongoose;Types.DocumentArrayStatic;mongoose;;Member[Types].Member[DocumentArray]", //
-        "mongoose;Types.ObjectId;mongoose/inferschematype;ResolvePathType;", //
-        "mongoose;Types.Subdocument;mongoose;Types.ArraySubdocument;", //
-        "mongoose;Types.Subdocument;mongoose;Types.DocumentArray;Member[create,id].ReturnValue", //
-        "mongoose;Types.Subdocument;mongoose;Types.DocumentArray;TypeVar[mongoose.Types.Array.0]", //
-        "mongoose;Types.Subdocument;mongoose;Types.SubdocumentStatic;Instance", //
-        "mongoose;Types.SubdocumentStatic;mongoose;;Member[Types].Member[Subdocument]", //
-        "mongoose;VirtualType;mongoose;TVirtualPathFN;Argument[1]", //
-        "mongoose;VirtualType;mongoose;VirtualType;Member[get,set].Argument[0].Argument[1]", //
-        "mongoose;VirtualType;mongoose;VirtualType;Member[get,set].ReturnValue", //
-        "mongoose;VirtualType;mongoose;VirtualTypeStatic;Instance", //
-        "mongoose;VirtualTypeOptions;mongoose;VirtualPathFunctions;Member[options]", //
-        "mongoose;VirtualTypeStatic;mongoose;;Member[VirtualType]", //
-      ]
-  }
-}
-
-private class Summaries extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mongodb;AbstractCursor;;;Member[addCursorFlag,batchSize,maxTimeMS,withReadConcern,withReadPreference].ReturnValue;type", //
-        "mongodb;BulkOperationBase;;;Member[addToOperationsList,raw].ReturnValue;type", //
-        "mongodb;FindCursor;;;Member[addQueryModifier,allowDiskUse,collation,comment,filter,hint,limit,max,maxAwaitTimeMS,maxTimeMS,min,returnKey,showRecordId,skip,sort].ReturnValue;type", //
-        "mongodb;FindOperators;;;Member[arrayFilters,collation,upsert].ReturnValue;type", //
-        "mongodb;GridFSBucketWriteStream;;;Member[end].ReturnValue;type", //
-        "mongodb;MongoClient;;;Member[connect].Argument[0].TypeVar[mongodb.Callback.0];type", //
-        "mongodb;MongoClient;;;Member[connect].WithArity[0].ReturnValue.Awaited;type", //
-        "mongodb;OrderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type", //
-        "mongodb;TypedEventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type", //
-        "mongodb;UnorderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type", //
-        "mongoose;Aggregate;;;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue;type", //
-        "mongoose;Connection;;;Member[asPromise].ReturnValue.Awaited;type", //
-        "mongoose;Connection;;;Member[deleteModel,setClient].ReturnValue;type", //
-        "mongoose;Cursor;;;Member[addCursorFlag].ReturnValue;type", //
-        "mongoose;Document;;;Member[$inc,$set,depopulate,increment,init,overwrite,set].ReturnValue;type", //
-        "mongoose;Document;;;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1];type", //
-        "mongoose;Document;;;Member[getChanges].ReturnValue.TypeVar[mongoose.UpdateQuery.0];type", //
-        "mongoose;Document;;;Member[init].Argument[2].TypeVar[mongoose.Callback.0];type", //
-        "mongoose;Document;;;Member[populate].Argument[1,5].TypeVar[mongoose.Callback.0].TypeVar[mongoose.MergeType.0];type", //
-        "mongoose;Document;;;Member[populate].WithArity[1,2,3,4,5].ReturnValue.Awaited.TypeVar[mongoose.MergeType.0];type", //
-        "mongoose;Document;;;Member[remove,save].WithArity[0,1].ReturnValue.Awaited;type", //
-        "mongoose;Document;;;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1];type", //
-        "mongoose;Document;;;Member[save].Argument[1].TypeVar[mongoose.Callback.0];type", //
-        "mongoose;Document;;;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0];type", //
-        "mongoose;Document;;;Member[update,updateOne].Argument[0].TypeVar[mongoose.UpdateQuery.0];type", //
-        "mongoose;Query;;;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue;type", //
-        "mongoose;Query;;;Member[error].WithArity[1].ReturnValue;type", //
-        "mongoose;Schema.Types.Array;;;Member[enum].ReturnValue;type", //
-        "mongoose;SessionOperation;;;Member[session].ReturnValue;type", //
-        "mongoose;Types.Array;;;Member[pull,remove,set].ReturnValue;type", //
-        "mongoose;Types.ObjectId;;;Member[_id];type", //
-        "mongoose;VirtualType;;;Member[get,set].ReturnValue;type", //
-      ]
-  }
-}
-
-private class TypeVariables extends ModelInput::TypeVariableModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mongodb.Callback.0;Argument[1]", //
-        "mongoose.Callback.0;Argument[1]", //
-        "mongoose.Cursor.0;Member[eachAsync].WithArity[1,2,3].Argument[0].Argument[0]", //
-        "mongoose.Cursor.0;Member[eachAsync].WithArity[2,3].Argument[0].Argument[0].ArrayElement", //
-        "mongoose.Cursor.0;Member[map].Argument[0].Argument[0]", //
-        "mongoose.Cursor.0;Member[next].Argument[0].TypeVar[mongoose.Callback.0]", //
-        "mongoose.Cursor.0;Member[next].WithArity[0].ReturnValue.Awaited", //
-        "mongoose.Cursor.1;Member[map].ReturnValue.TypeVar[mongoose.Cursor.1]", //
-        "mongoose.Cursor.1;Member[options]", //
-        "mongoose.DiscriminatorSchema.1;TypeVar[mongoose.Schema.1]", //
-        "mongoose.DiscriminatorSchema.1;TypeVar[mongoose.Schema.1].TypeVar[mongoose.DiscriminatorModel.1]", //
-        "mongoose.Document.0;Member[_id]", //
-        "mongoose.Document.0;Member[equals].Argument[0].TypeVar[mongoose.Document.0]", //
-        "mongoose.FilterQuery.0;TypeVar[mongoose._FilterQuery.0]", //
-        "mongoose.IfAny.1;", //
-        "mongoose.IfAny.2;", //
-        "mongoose.IfEquals.3;", //
-        "mongoose.LeanDocumentOrArray.0;", //
-        "mongoose.LeanDocumentOrArray.0;TypeVar[mongoose.LeanDocument.0]", //
-        "mongoose.LeanDocumentOrArrayWithRawType.0;", //
-        "mongoose.ModifyResult.0;Member[value].TypeVar[mongoose.Require_id.0]", //
-        "mongoose.PluginFunction.1;Argument[0].TypeVar[mongoose.Schema.1]", //
-        "mongoose.PostMiddlewareFunction.1;Argument[0]", //
-        "mongoose.Query.0;Member[exec].Argument[0].TypeVar[mongoose.Callback.0]", //
-        "mongoose.Query.0;Member[exec].WithArity[0].ReturnValue.Awaited", //
-        "mongoose.Query.0;Member[lean].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.LeanDocumentOrArray.0,mongoose.LeanDocumentOrArrayWithRawType.0]", //
-        "mongoose.Query.0;Member[orFail].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0]", //
-        "mongoose.Query.0;Member[populate].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.UnpackedIntersection.0]", //
-        "mongoose.Query.0;Member[then,transform].Argument[0].Argument[0]", //
-        "mongoose.Query.0;Member[toConstructor].ReturnValue.Instance.TypeVar[mongoose.QueryWithHelpers.0]", //
-        "mongoose.Query.1;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]", //
-        "mongoose.Query.1;Member[$where,find].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement", //
-        "mongoose.Query.1;Member[_mongooseOptions].TypeVar[mongoose.MongooseQueryOptions.0]", //
-        "mongoose.Query.1;Member[and,nor,or].Argument[0].ArrayElement.TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[countDocuments].WithArity[1,2,3].Argument[0].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[count].WithArity[1,2].Argument[0].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[cursor,estimatedDocumentCount,setOptions].Argument[0].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.0]", //
-        "mongoose.Query.1;Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[distinct].Argument[1].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]", //
-        "mongoose.Query.1;Member[findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]", //
-        "mongoose.Query.1;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[1].TypeVar[mongoose.UpdateQuery.0]", //
-        "mongoose.Query.1;Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]", //
-        "mongoose.Query.1;Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]", //
-        "mongoose.Query.1;Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]", //
-        "mongoose.Query.1;Member[findOne,findOneAndDelete,findOneAndRemove,findOneAndUpdate,merge,remove,replaceOne,setQuery,update,updateMany,updateOne].Argument[0].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[findOneAndUpdate].Argument[3].Argument[1]", //
-        "mongoose.Query.1;Member[findOneAndUpdate].Argument[3].Argument[2].TypeVar[mongoose.ModifyResult.0]", //
-        "mongoose.Query.1;Member[findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]", //
-        "mongoose.Query.1;Member[findOne].Argument[3].TypeVar[mongoose.Callback.0]", //
-        "mongoose.Query.1;Member[findOne].WithArity[0,1,2,3].Argument[2].TypeVar[mongoose.Callback.0,mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[findOne].WithArity[0,1,2].Argument[1].TypeVar[mongoose.Callback.0,mongoose.ProjectionType.0]", //
-        "mongoose.Query.1;Member[findOne].WithArity[3,4].Argument[1].TypeVar[mongoose.ProjectionType.0]", //
-        "mongoose.Query.1;Member[findOne].WithArity[4].Argument[2].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose.Query.1;Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose.Query.1;Member[find].WithArity[1,2,3,4].Argument[0].TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[find].WithArity[1,2,3,4].Argument[1].TypeVar[mongoose.ProjectionType.0]", //
-        "mongoose.Query.1;Member[find].WithArity[1,2,3,4].Argument[2].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose.Query.1;Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose.Query.1;Member[find].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement", //
-        "mongoose.Query.1;Member[getFilter,getQuery].ReturnValue.TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Query.1;Member[getOptions].ReturnValue.TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[getUpdate].ReturnValue.TypeVar[mongoose.UpdateQuery.0]", //
-        "mongoose.Query.1;Member[projection].WithArity[0,1].Argument[0].TypeVar[mongoose.ProjectionFields.0]", //
-        "mongoose.Query.1;Member[projection].WithArity[0,1].ReturnValue.TypeVar[mongoose.ProjectionFields.0]", //
-        "mongoose.Query.1;Member[remove].ReturnValue.TypeVar[mongoose.Query.1]", //
-        "mongoose.Query.1;Member[replaceOne,update,updateMany,updateOne].Argument[2].TypeVar[mongoose.QueryOptions.0]", //
-        "mongoose.Query.1;Member[replaceOne].Argument[1]", //
-        "mongoose.Query.1;Member[setUpdate].Argument[0].TypeVar[mongoose.UpdateQuery.0]", //
-        "mongoose.Query.1;Member[toConstructor].ReturnValue.Instance.TypeVar[mongoose.QueryWithHelpers.1]", //
-        "mongoose.QueryOptions.0;Member[projection].TypeVar[mongoose.ProjectionType.0]", //
-        "mongoose.QueryWithHelpers.0;TypeVar[mongoose.Query.0]", //
-        "mongoose.QueryWithHelpers.1;TypeVar[mongoose.Query.1]", //
-        "mongoose.Require_id.0;", //
-        "mongoose.Require_id.0;TypeVar[mongoose.IfAny.1,mongoose.IfAny.2]", //
-        "mongoose.RootQuerySelector.0;Member[$and,$nor,$or].ArrayElement.TypeVar[mongoose.FilterQuery.0]", //
-        "mongoose.Schema.1;Member[discriminator].ReturnValue.TypeVar[mongoose.DiscriminatorSchema.1]", //
-        "mongoose.Schema.1;Member[plugin].Argument[0].TypeVar[mongoose.PluginFunction.1]", //
-        "mongoose.Schema.1;Member[post].Argument[2].TypeVar[mongoose.ErrorHandlingMiddlewareFunction.0,mongoose.PostMiddlewareFunction.0,mongoose.PostMiddlewareFunction.1]", //
-        "mongoose.Schema.1;Member[post].WithArity[2].WithStringArgument[0=insertMany].Argument[1].TypeVar[mongoose.ErrorHandlingMiddlewareFunction.0,mongoose.PostMiddlewareFunction.0,mongoose.PostMiddlewareFunction.1]", //
-        "mongoose.Types.Array.0;Member[$pop,$shift,shift].ReturnValue", //
-        "mongoose.Types.Array.0;Member[set].Argument[1]", //
-        "mongoose.Types.DocumentArray.0;Member[create,id].ReturnValue", //
-        "mongoose.Types.DocumentArray.0;Member[create,id].ReturnValue.TypeVar[mongoose.Types.Subdocument.0].TypeVar[mongoose.InferId.0]", //
-        "mongoose.Types.DocumentArray.0;Member[push].Argument[0].ArrayElement.TypeVar[mongoose.AnyKeys.0]", //
-        "mongoose.Types.DocumentArray.0;TypeVar[mongoose.Types.Array.0]", //
-        "mongoose.Types.DocumentArray.0;TypeVar[mongoose.Types.Array.0].TypeVar[mongoose.Types.Subdocument.0].TypeVar[mongoose.InferId.0]", //
-        "mongoose.Types.Subdocument.0;TypeVar[mongoose.Document.0]", //
-        "mongoose.UnpackedIntersection.0;", //
-        "mongoose.UpdateQuery.0;TypeVar[mongoose._UpdateQuery.0].TypeVar[mongoose._UpdateQueryDef.0]", //
-        "mongoose.VirtualType.0;Member[get,set].Argument[0].Argument[1].TypeVar[mongoose.VirtualType.0]", //
-        "mongoose.VirtualType.0;Member[get,set].Argument[0].Argument[2]", //
-        "mongoose.VirtualTypeOptions.0;Member[foreignField,localField].Argument[0]", //
-        "mongoose._FilterQuery.0;TypeVar[mongoose.RootQuerySelector.0]", //
-        "mongoose._UpdateQuery.0;Member[$currentDate,$inc,$max,$min,$mul,$pop,$pull,$pullAll,$push,$set,$setOnInsert,$unset].TypeVar[mongoose.AnyKeys.0]", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.json b/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.json
index 583347db454..1111a250741 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.json
@@ -15,700 +15,700 @@
     },
     "language": "javascript",
     "replaceTypeParameters": [
-        "mongoose;HydratedDocument;0;mongoose;Document",
-        "mongoose;HydratedDocument;0;mongoose;Query"
+        "mongoose.HydratedDocument;0;mongoose.Document",
+        "mongoose.HydratedDocument;0;mongoose.Query"
     ],
     "usedTypes": {
         "sinks": [
-            "mongoose;ConnectOptions",
-            "mongodb;Auth"
+            "mongoose.ConnectOptions",
+            "mongodb.Auth"
         ]
     },
     "ignoredTypes": {
         "sourcesAndSinks": [
-            "mongoose;Schema",
-            "mongoose;SchemaType",
-            "mongoose;SchemaTypeOptions"
+            "mongoose.Schema",
+            "mongoose.SchemaType",
+            "mongoose.SchemaTypeOptions"
         ]
     },
     "model": {
         "sinks": [
-            "mongodb;Collection;Member[aggregate,count,countDocuments,deleteMany,deleteOne,find,findOne,findOneAndDelete,findOneAndReplace,remove,replaceOne,watch].Argument[0];mongodb.sink",
-            "mongodb;Collection;Member[distinct].Argument[1];mongodb.sink",
-            "mongodb;Collection;Member[findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
-            "mongodb;Db;Member[aggregate,watch].Argument[0];mongodb.sink",
-            "mongodb;DeleteManyModel;Member[filter];mongodb.sink",
-            "mongodb;DeleteOneModel;Member[filter];mongodb.sink",
-            "mongodb;MongoClient;Member[watch].Argument[0];mongodb.sink",
-            "mongodb;UpdateManyModel;Member[filter,update];mongodb.sink",
-            "mongodb;UpdateOneModel;Member[filter,update];mongodb.sink",
-            "mongoose;CollectionBase;Member[findAndModify].Argument[0];mongodb.sink",
-            "mongoose;Connection;Member[watch].Argument[0];mongodb.sink",
-            "mongoose;Document;Member[update,updateOne].Argument[0];mongodb.sink",
-            "mongoose;Model;Member[$where,aggregate,exists,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,findOneAndReplace,geoSearch,remove,replaceOne,watch].Argument[0];mongodb.sink",
-            "mongoose;Model;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink",
-            "mongoose;Model;Member[countDocuments].WithArity[1,2,3].Argument[0];mongodb.sink",
-            "mongoose;Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink",
-            "mongoose;Model;Member[distinct,where].Argument[1];mongodb.sink",
-            "mongoose;Model;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
-            "mongoose;Model;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink",
-            "mongoose;Query;Member[$where,and,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,nor,or,remove,replaceOne,setUpdate].Argument[0];mongodb.sink",
-            "mongoose;Query;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink",
-            "mongoose;Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink",
-            "mongoose;Query;Member[distinct,where].Argument[1];mongodb.sink",
-            "mongoose;Query;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
-            "mongoose;Query;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink",
-            "mongoose;QueryStatic;Argument[2];mongodb.sink"
+            "mongodb.Collection;Member[aggregate,count,countDocuments,deleteMany,deleteOne,find,findOne,findOneAndDelete,findOneAndReplace,remove,replaceOne,watch].Argument[0];mongodb.sink",
+            "mongodb.Collection;Member[distinct].Argument[1];mongodb.sink",
+            "mongodb.Collection;Member[findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
+            "mongodb.Db;Member[aggregate,watch].Argument[0];mongodb.sink",
+            "mongodb.DeleteManyModel;Member[filter];mongodb.sink",
+            "mongodb.DeleteOneModel;Member[filter];mongodb.sink",
+            "mongodb.MongoClient;Member[watch].Argument[0];mongodb.sink",
+            "mongodb.UpdateManyModel;Member[filter,update];mongodb.sink",
+            "mongodb.UpdateOneModel;Member[filter,update];mongodb.sink",
+            "mongoose.CollectionBase;Member[findAndModify].Argument[0];mongodb.sink",
+            "mongoose.Connection;Member[watch].Argument[0];mongodb.sink",
+            "mongoose.Document;Member[update,updateOne].Argument[0];mongodb.sink",
+            "mongoose.Model;Member[$where,aggregate,exists,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,findOneAndReplace,geoSearch,remove,replaceOne,watch].Argument[0];mongodb.sink",
+            "mongoose.Model;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink",
+            "mongoose.Model;Member[countDocuments].WithArity[1,2,3].Argument[0];mongodb.sink",
+            "mongoose.Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink",
+            "mongoose.Model;Member[distinct,where].Argument[1];mongodb.sink",
+            "mongoose.Model;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
+            "mongoose.Model;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink",
+            "mongoose.Query;Member[$where,and,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,nor,or,remove,replaceOne,setUpdate].Argument[0];mongodb.sink",
+            "mongoose.Query;Member[count,where].WithArity[1,2].Argument[0];mongodb.sink",
+            "mongoose.Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0];mongodb.sink",
+            "mongoose.Query;Member[distinct,where].Argument[1];mongodb.sink",
+            "mongoose.Query;Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1];mongodb.sink",
+            "mongoose.Query;Member[find].WithArity[1,2,3,4].Argument[0];mongodb.sink",
+            "mongoose.QueryStatic;Argument[2];mongodb.sink"
         ]
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "mongodb;;mongoose;;Member[mongodb]",
-            "mongodb;AbstractCursor;mongodb;FindCursor;",
-            "mongodb;AbstractCursor;mongodb;ListCollectionsCursor;",
-            "mongodb;AbstractCursor;mongodb;ListIndexesCursor;",
-            "mongodb;AbstractCursorOptions;mongodb/mongodb;AbstractCursorOptions;",
-            "mongodb;AbstractCursorOptions;mongodb;AggregationCursorOptions;",
-            "mongodb;AbstractCursorOptions;mongoose;mongodb.AbstractCursorOptions;",
-            "mongodb;AddUserOptions;mongodb/mongodb;AddUserOptions;",
-            "mongodb;AddUserOptions;mongodb;Admin;Member[addUser].Argument[1,2]",
-            "mongodb;AddUserOptions;mongodb;Db;Member[addUser].Argument[1,2]",
-            "mongodb;AddUserOptions;mongoose;mongodb.AddUserOptions;",
-            "mongodb;Admin;mongodb/mongodb;Admin;",
-            "mongodb;Admin;mongodb;AdminStatic;Instance",
-            "mongodb;Admin;mongodb;Db;Member[admin].ReturnValue",
-            "mongodb;Admin;mongoose;mongodb.Admin;",
-            "mongodb;AdminStatic;mongodb/mongodb;AdminStatic;",
-            "mongodb;AdminStatic;mongodb;;Member[Admin]",
-            "mongodb;AdminStatic;mongoose;mongodb.AdminStatic;",
-            "mongodb;AggregateOptions;mongodb/mongodb;AggregateOptions;",
-            "mongodb;AggregateOptions;mongodb;AggregationCursorOptions;",
-            "mongodb;AggregateOptions;mongodb;ChangeStreamOptions;",
-            "mongodb;AggregateOptions;mongodb;Collection;Member[aggregate].Argument[1]",
-            "mongodb;AggregateOptions;mongodb;CountDocumentsOptions;",
-            "mongodb;AggregateOptions;mongodb;Db;Member[aggregate].Argument[1]",
-            "mongodb;AggregateOptions;mongoose;mongodb.AggregateOptions;",
-            "mongodb;AggregationCursorOptions;mongodb/mongodb;AggregationCursorOptions;",
-            "mongodb;AggregationCursorOptions;mongoose;mongodb.AggregationCursorOptions;",
-            "mongodb;AnyBulkWriteOperation;mongodb/mongodb;AnyBulkWriteOperation;",
-            "mongodb;AnyBulkWriteOperation;mongodb;BulkOperationBase;Member[raw].Argument[0]",
-            "mongodb;AnyBulkWriteOperation;mongodb;Collection;Member[bulkWrite].Argument[0].ArrayElement",
-            "mongodb;AnyBulkWriteOperation;mongoose;mongodb.AnyBulkWriteOperation;",
-            "mongodb;Auth;mongodb/mongodb;Auth;",
-            "mongodb;Auth;mongodb;MongoClientOptions;Member[auth]",
-            "mongodb;Auth;mongoose;mongodb.Auth;",
-            "mongodb;AutoEncrypter;mongodb/mongodb;AutoEncrypter;",
-            "mongodb;AutoEncrypter;mongodb;AutoEncrypter;Instance",
-            "mongodb;AutoEncrypter;mongodb;ConnectionOptions;Member[autoEncrypter]",
-            "mongodb;AutoEncrypter;mongodb;MongoClient;Member[autoEncrypter]",
-            "mongodb;AutoEncrypter;mongodb;MongoOptions;Member[autoEncrypter]",
-            "mongodb;AutoEncrypter;mongoose;mongodb.AutoEncrypter;",
-            "mongodb;AutoEncryptionOptions;mongodb/mongodb;AutoEncryptionOptions;",
-            "mongodb;AutoEncryptionOptions;mongodb;AutoEncrypter;Argument[1]",
-            "mongodb;AutoEncryptionOptions;mongodb;MongoClientOptions;Member[autoEncryption]",
-            "mongodb;AutoEncryptionOptions;mongoose;mongodb.AutoEncryptionOptions;",
-            "mongodb;BulkOperationBase;mongodb/mongodb;BulkOperationBase;",
-            "mongodb;BulkOperationBase;mongodb;BulkOperationBase;Member[addToOperationsList,insert,raw].ReturnValue",
-            "mongodb;BulkOperationBase;mongodb;BulkOperationBaseStatic;Instance",
-            "mongodb;BulkOperationBase;mongodb;FindOperators;Member[bulkOperation]",
-            "mongodb;BulkOperationBase;mongodb;FindOperators;Member[delete,deleteOne,replaceOne,update,updateOne].ReturnValue",
-            "mongodb;BulkOperationBase;mongodb;OrderedBulkOperation;",
-            "mongodb;BulkOperationBase;mongodb;UnorderedBulkOperation;",
-            "mongodb;BulkOperationBase;mongoose;mongodb.BulkOperationBase;",
-            "mongodb;BulkOperationBaseStatic;mongodb/mongodb;BulkOperationBaseStatic;",
-            "mongodb;BulkOperationBaseStatic;mongodb;;Member[BulkOperationBase]",
-            "mongodb;BulkOperationBaseStatic;mongoose;mongodb.BulkOperationBaseStatic;",
-            "mongodb;BulkWriteOptions;mongodb/mongodb;BulkWriteOptions;",
-            "mongodb;BulkWriteOptions;mongodb;BulkOperationBase;Member[execute].WithArity[0,1,2].Argument[0]",
-            "mongodb;BulkWriteOptions;mongodb;Collection;Member[bulkWrite,insert,insertMany].Argument[1]",
-            "mongodb;BulkWriteOptions;mongodb;Collection;Member[initializeOrderedBulkOp,initializeUnorderedBulkOp].Argument[0]",
-            "mongodb;BulkWriteOptions;mongodb;OrderedBulkOperationStatic;Argument[1]",
-            "mongodb;BulkWriteOptions;mongodb;UnorderedBulkOperationStatic;Argument[1]",
-            "mongodb;BulkWriteOptions;mongoose;mongodb.BulkWriteOptions;",
-            "mongodb;ChangeStream;mongodb/mongodb;ChangeStream;",
-            "mongodb;ChangeStream;mongodb;ChangeStreamStatic;Instance",
-            "mongodb;ChangeStream;mongodb;Collection;Member[watch].ReturnValue",
-            "mongodb;ChangeStream;mongodb;Db;Member[watch].ReturnValue",
-            "mongodb;ChangeStream;mongodb;MongoClient;Member[watch].ReturnValue",
-            "mongodb;ChangeStream;mongoose;mongodb.ChangeStream;",
-            "mongodb;ChangeStreamOptions;mongodb/mongodb;ChangeStreamOptions;",
-            "mongodb;ChangeStreamOptions;mongodb;ChangeStream;Member[options]",
-            "mongodb;ChangeStreamOptions;mongodb;Collection;Member[watch].Argument[1]",
-            "mongodb;ChangeStreamOptions;mongodb;Db;Member[watch].Argument[1]",
-            "mongodb;ChangeStreamOptions;mongodb;MongoClient;Member[watch].Argument[1]",
-            "mongodb;ChangeStreamOptions;mongoose;mongodb.ChangeStreamOptions;",
-            "mongodb;ChangeStreamStatic;mongodb/mongodb;ChangeStreamStatic;",
-            "mongodb;ChangeStreamStatic;mongodb;;Member[ChangeStream]",
-            "mongodb;ChangeStreamStatic;mongoose;mongodb.ChangeStreamStatic;",
-            "mongodb;ClientSession;mongodb/mongodb;ClientSession;",
-            "mongodb;ClientSession;mongodb;AbstractCursorOptions;Member[session]",
-            "mongodb;ClientSession;mongodb;ClientSession;Member[equals].Argument[0]",
-            "mongodb;ClientSession;mongodb;ClientSessionEvents;Member[ended].Argument[0]",
-            "mongodb;ClientSession;mongodb;ClientSessionStatic;Instance",
-            "mongodb;ClientSession;mongodb;IndexInformationOptions;Member[session]",
-            "mongodb;ClientSession;mongodb;MongoClient;Member[startSession].ReturnValue",
-            "mongodb;ClientSession;mongodb;OperationOptions;Member[session]",
-            "mongodb;ClientSession;mongodb;ReadPreferenceFromOptions;Member[session]",
-            "mongodb;ClientSession;mongodb;SelectServerOptions;Member[session]",
-            "mongodb;ClientSession;mongodb;WithSessionCallback;Argument[0]",
-            "mongodb;ClientSession;mongodb;WithTransactionCallback;Argument[0]",
-            "mongodb;ClientSession;mongoose;mongodb.ClientSession;",
-            "mongodb;ClientSessionEvents;mongodb/mongodb;ClientSessionEvents;",
-            "mongodb;ClientSessionEvents;mongoose;mongodb.ClientSessionEvents;",
-            "mongodb;ClientSessionOptions;mongodb/mongodb;ClientSessionOptions;",
-            "mongodb;ClientSessionOptions;mongodb;MongoClient;Member[startSession].Argument[0]",
-            "mongodb;ClientSessionOptions;mongodb;MongoClient;Member[withSession].WithArity[2].Argument[0]",
-            "mongodb;ClientSessionOptions;mongoose;mongodb.ClientSessionOptions;",
-            "mongodb;ClientSessionStatic;mongodb/mongodb;ClientSessionStatic;",
-            "mongodb;ClientSessionStatic;mongodb;;Member[ClientSession]",
-            "mongodb;ClientSessionStatic;mongoose;mongodb.ClientSessionStatic;",
-            "mongodb;CollStatsOptions;mongodb/mongodb;CollStatsOptions;",
-            "mongodb;CollStatsOptions;mongodb;Collection;Member[stats].Argument[0]",
-            "mongodb;CollStatsOptions;mongoose;mongodb.CollStatsOptions;",
-            "mongodb;Collection;mongodb/mongodb;Collection;",
-            "mongodb;Collection;mongodb;ChangeStream;Member[parent]",
-            "mongodb;Collection;mongodb;Collection;Member[rename].Argument[1,2].TypeVar[mongodb.Callback.0]",
-            "mongodb;Collection;mongodb;Collection;Member[rename].WithArity[1,2].ReturnValue.Awaited",
-            "mongodb;Collection;mongodb;CollectionStatic;Instance",
-            "mongodb;Collection;mongodb;Db;Member[collection].ReturnValue",
-            "mongodb;Collection;mongodb;Db;Member[collections].Argument[0,1].TypeVar[mongodb.Callback.0].ArrayElement",
-            "mongodb;Collection;mongodb;Db;Member[collections].WithArity[0,1].ReturnValue.Awaited.ArrayElement",
-            "mongodb;Collection;mongodb;Db;Member[createCollection].Argument[2].TypeVar[mongodb.Callback.0]",
-            "mongodb;Collection;mongodb;Db;Member[createCollection].WithArity[1,2].ReturnValue.Awaited",
-            "mongodb;Collection;mongodb;Db;Member[createCollection].WithArity[2].Argument[1].TypeVar[mongodb.Callback.0]",
-            "mongodb;Collection;mongodb;Db;Member[renameCollection].Argument[2,3].TypeVar[mongodb.Callback.0]",
-            "mongodb;Collection;mongodb;Db;Member[renameCollection].WithArity[2,3].ReturnValue.Awaited",
-            "mongodb;Collection;mongodb;GridFSBucketWriteStream;Member[chunks,files]",
-            "mongodb;Collection;mongodb;ListIndexesCursor;Member[parent]",
-            "mongodb;Collection;mongodb;ListIndexesCursorStatic;Argument[0]",
-            "mongodb;Collection;mongodb;OrderedBulkOperationStatic;Argument[0]",
-            "mongodb;Collection;mongodb;UnorderedBulkOperationStatic;Argument[0]",
-            "mongodb;Collection;mongoose;mongodb.Collection;",
-            "mongodb;CollectionStatic;mongodb/mongodb;CollectionStatic;",
-            "mongodb;CollectionStatic;mongodb;;Member[Collection]",
-            "mongodb;CollectionStatic;mongoose;mongodb.CollectionStatic;",
-            "mongodb;CommandOperationOptions;mongodb/mongodb;CommandOperationOptions;",
-            "mongodb;CommandOperationOptions;mongodb;AddUserOptions;",
-            "mongodb;CommandOperationOptions;mongodb;Admin;Member[buildInfo,ping,replSetGetStatus,serverInfo,serverStatus].Argument[0]",
-            "mongodb;CommandOperationOptions;mongodb;AggregateOptions;",
-            "mongodb;CommandOperationOptions;mongodb;BulkWriteOptions;",
-            "mongodb;CommandOperationOptions;mongodb;CollStatsOptions;",
-            "mongodb;CommandOperationOptions;mongodb;CountOptions;",
-            "mongodb;CommandOperationOptions;mongodb;CreateCollectionOptions;",
-            "mongodb;CommandOperationOptions;mongodb;CreateIndexesOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DbStatsOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DeleteOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DistinctOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DropCollectionOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DropDatabaseOptions;",
-            "mongodb;CommandOperationOptions;mongodb;DropIndexesOptions;",
-            "mongodb;CommandOperationOptions;mongodb;EstimatedDocumentCountOptions;",
-            "mongodb;CommandOperationOptions;mongodb;EvalOptions;",
-            "mongodb;CommandOperationOptions;mongodb;FindOneAndDeleteOptions;",
-            "mongodb;CommandOperationOptions;mongodb;FindOneAndReplaceOptions;",
-            "mongodb;CommandOperationOptions;mongodb;FindOneAndUpdateOptions;",
-            "mongodb;CommandOperationOptions;mongodb;FindOptions;",
-            "mongodb;CommandOperationOptions;mongodb;InsertOneOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ListCollectionsOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ListDatabasesOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ListIndexesOptions;",
-            "mongodb;CommandOperationOptions;mongodb;MapReduceOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ProfilingLevelOptions;",
-            "mongodb;CommandOperationOptions;mongodb;RemoveUserOptions;",
-            "mongodb;CommandOperationOptions;mongodb;RenameOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ReplaceOptions;",
-            "mongodb;CommandOperationOptions;mongodb;RunCommandOptions;",
-            "mongodb;CommandOperationOptions;mongodb;SetProfilingLevelOptions;",
-            "mongodb;CommandOperationOptions;mongodb;TransactionOptions;",
-            "mongodb;CommandOperationOptions;mongodb;UpdateOptions;",
-            "mongodb;CommandOperationOptions;mongodb;ValidateCollectionOptions;",
-            "mongodb;CommandOperationOptions;mongoose;mongodb.CommandOperationOptions;",
-            "mongodb;ConnectionOptions;mongodb/mongodb;ConnectionOptions;",
-            "mongodb;ConnectionOptions;mongoose;mongodb.ConnectionOptions;",
-            "mongodb;CountDocumentsOptions;mongodb/mongodb;CountDocumentsOptions;",
-            "mongodb;CountDocumentsOptions;mongodb;Collection;Member[countDocuments].Argument[1]",
-            "mongodb;CountDocumentsOptions;mongoose;mongodb.CountDocumentsOptions;",
-            "mongodb;CountOptions;mongodb/mongodb;CountOptions;",
-            "mongodb;CountOptions;mongodb;Collection;Member[count].Argument[1]",
-            "mongodb;CountOptions;mongodb;FindCursor;Member[count].Argument[0]",
-            "mongodb;CountOptions;mongoose;mongodb.CountOptions;",
-            "mongodb;CreateCollectionOptions;mongodb/mongodb;CreateCollectionOptions;",
-            "mongodb;CreateCollectionOptions;mongodb;Db;Member[createCollection].WithArity[1,2,3].Argument[1]",
-            "mongodb;CreateCollectionOptions;mongoose;mongodb.CreateCollectionOptions;",
-            "mongodb;CreateIndexesOptions;mongodb/mongodb;CreateIndexesOptions;",
-            "mongodb;CreateIndexesOptions;mongodb;Collection;Member[createIndex,createIndexes].Argument[1]",
-            "mongodb;CreateIndexesOptions;mongodb;Db;Member[createIndex].Argument[2]",
-            "mongodb;CreateIndexesOptions;mongoose;mongodb.CreateIndexesOptions;",
-            "mongodb;Db;mongodb/mongodb;Db;",
-            "mongodb;Db;mongodb;ChangeStream;Member[parent]",
-            "mongodb;Db;mongodb;DbStatic;Instance",
-            "mongodb;Db;mongodb;GridFSBucketStatic;Argument[0]",
-            "mongodb;Db;mongodb;ListCollectionsCursor;Member[parent]",
-            "mongodb;Db;mongodb;ListCollectionsCursorStatic;Argument[0]",
-            "mongodb;Db;mongodb;MongoClient;Member[db].ReturnValue",
-            "mongodb;Db;mongoose;mongodb.Db;",
-            "mongodb;DbStatic;mongodb/mongodb;DbStatic;",
-            "mongodb;DbStatic;mongodb;;Member[Db]",
-            "mongodb;DbStatic;mongoose;mongodb.DbStatic;",
-            "mongodb;DbStatsOptions;mongodb/mongodb;DbStatsOptions;",
-            "mongodb;DbStatsOptions;mongodb;Db;Member[stats].Argument[0]",
-            "mongodb;DbStatsOptions;mongoose;mongodb.DbStatsOptions;",
-            "mongodb;DeleteManyModel;mongodb/mongodb;DeleteManyModel;",
-            "mongodb;DeleteManyModel;mongodb;AnyBulkWriteOperation;Member[deleteMany]",
-            "mongodb;DeleteManyModel;mongoose;mongodb.DeleteManyModel;",
-            "mongodb;DeleteOneModel;mongodb/mongodb;DeleteOneModel;",
-            "mongodb;DeleteOneModel;mongodb;AnyBulkWriteOperation;Member[deleteOne]",
-            "mongodb;DeleteOneModel;mongoose;mongodb.DeleteOneModel;",
-            "mongodb;DeleteOptions;mongodb/mongodb;DeleteOptions;",
-            "mongodb;DeleteOptions;mongodb;Collection;Member[deleteMany,deleteOne,remove].Argument[1]",
-            "mongodb;DeleteOptions;mongoose;mongodb.DeleteOptions;",
-            "mongodb;DistinctOptions;mongodb/mongodb;DistinctOptions;",
-            "mongodb;DistinctOptions;mongodb;Collection;Member[distinct].Argument[2]",
-            "mongodb;DistinctOptions;mongoose;mongodb.DistinctOptions;",
-            "mongodb;DropCollectionOptions;mongodb/mongodb;DropCollectionOptions;",
-            "mongodb;DropCollectionOptions;mongodb;Collection;Member[drop].Argument[0]",
-            "mongodb;DropCollectionOptions;mongodb;Db;Member[dropCollection].Argument[1]",
-            "mongodb;DropCollectionOptions;mongoose;mongodb.DropCollectionOptions;",
-            "mongodb;DropDatabaseOptions;mongodb/mongodb;DropDatabaseOptions;",
-            "mongodb;DropDatabaseOptions;mongodb;Db;Member[dropDatabase].Argument[0]",
-            "mongodb;DropDatabaseOptions;mongoose;mongodb.DropDatabaseOptions;",
-            "mongodb;DropIndexesOptions;mongodb/mongodb;DropIndexesOptions;",
-            "mongodb;DropIndexesOptions;mongodb;Collection;Member[dropIndex].Argument[1]",
-            "mongodb;DropIndexesOptions;mongodb;Collection;Member[dropIndexes].Argument[0]",
-            "mongodb;DropIndexesOptions;mongoose;mongodb.DropIndexesOptions;",
-            "mongodb;EstimatedDocumentCountOptions;mongodb/mongodb;EstimatedDocumentCountOptions;",
-            "mongodb;EstimatedDocumentCountOptions;mongodb;Collection;Member[estimatedDocumentCount].Argument[0]",
-            "mongodb;EstimatedDocumentCountOptions;mongoose;mongodb.EstimatedDocumentCountOptions;",
-            "mongodb;EvalOptions;mongodb/mongodb;EvalOptions;",
-            "mongodb;EvalOptions;mongoose;mongodb.EvalOptions;",
-            "mongodb;FindCursor;mongodb/mongodb;FindCursor;",
-            "mongodb;FindCursor;mongodb;Collection;Member[find].WithArity[0,1,2].ReturnValue",
-            "mongodb;FindCursor;mongodb;FindCursor;Member[addQueryModifier,allowDiskUse,clone,collation,comment,filter,hint,limit,map,max,maxAwaitTimeMS,maxTimeMS,min,project,returnKey,showRecordId,skip,sort].ReturnValue",
-            "mongodb;FindCursor;mongodb;FindCursorStatic;Instance",
-            "mongodb;FindCursor;mongodb;GridFSBucket;Member[find].ReturnValue",
-            "mongodb;FindCursor;mongoose;mongodb.FindCursor;",
-            "mongodb;FindCursorStatic;mongodb/mongodb;FindCursorStatic;",
-            "mongodb;FindCursorStatic;mongodb;;Member[FindCursor]",
-            "mongodb;FindCursorStatic;mongoose;mongodb.FindCursorStatic;",
-            "mongodb;FindOneAndDeleteOptions;mongodb/mongodb;FindOneAndDeleteOptions;",
-            "mongodb;FindOneAndDeleteOptions;mongodb;Collection;Member[findOneAndDelete].Argument[1]",
-            "mongodb;FindOneAndDeleteOptions;mongoose;mongodb.FindOneAndDeleteOptions;",
-            "mongodb;FindOneAndReplaceOptions;mongodb/mongodb;FindOneAndReplaceOptions;",
-            "mongodb;FindOneAndReplaceOptions;mongodb;Collection;Member[findOneAndReplace].Argument[2]",
-            "mongodb;FindOneAndReplaceOptions;mongoose;mongodb.FindOneAndReplaceOptions;",
-            "mongodb;FindOneAndUpdateOptions;mongodb/mongodb;FindOneAndUpdateOptions;",
-            "mongodb;FindOneAndUpdateOptions;mongodb;Collection;Member[findOneAndUpdate].Argument[2]",
-            "mongodb;FindOneAndUpdateOptions;mongoose;mongodb.FindOneAndUpdateOptions;",
-            "mongodb;FindOperators;mongodb/mongodb;FindOperators;",
-            "mongodb;FindOperators;mongodb;BulkOperationBase;Member[find].ReturnValue",
-            "mongodb;FindOperators;mongodb;FindOperators;Member[arrayFilters,collation,upsert].ReturnValue",
-            "mongodb;FindOperators;mongodb;FindOperatorsStatic;Instance",
-            "mongodb;FindOperators;mongoose;mongodb.FindOperators;",
-            "mongodb;FindOperatorsStatic;mongodb/mongodb;FindOperatorsStatic;",
-            "mongodb;FindOperatorsStatic;mongodb;;Member[FindOperators]",
-            "mongodb;FindOperatorsStatic;mongoose;mongodb.FindOperatorsStatic;",
-            "mongodb;FindOptions;mongodb/mongodb;FindOptions;",
-            "mongodb;FindOptions;mongodb;Collection;Member[find,findOne].Argument[1]",
-            "mongodb;FindOptions;mongodb;GridFSBucket;Member[find].Argument[1]",
-            "mongodb;FindOptions;mongoose;mongodb.FindOptions;",
-            "mongodb;GridFSBucket;mongodb/mongodb;GridFSBucket;",
-            "mongodb;GridFSBucket;mongodb;GridFSBucketStatic;Instance",
-            "mongodb;GridFSBucket;mongodb;GridFSBucketWriteStream;Member[bucket]",
-            "mongodb;GridFSBucket;mongoose;mongodb.GridFSBucket;",
-            "mongodb;GridFSBucketStatic;mongodb/mongodb;GridFSBucketStatic;",
-            "mongodb;GridFSBucketStatic;mongodb;;Member[GridFSBucket]",
-            "mongodb;GridFSBucketStatic;mongoose;mongodb.GridFSBucketStatic;",
-            "mongodb;GridFSBucketWriteStream;mongodb/mongodb;GridFSBucketWriteStream;",
-            "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucket;Member[openUploadStream,openUploadStreamWithId].ReturnValue",
-            "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucketWriteStream;Member[end].ReturnValue",
-            "mongodb;GridFSBucketWriteStream;mongodb;GridFSBucketWriteStreamStatic;Instance",
-            "mongodb;GridFSBucketWriteStream;mongoose;mongodb.GridFSBucketWriteStream;",
-            "mongodb;GridFSBucketWriteStreamStatic;mongodb/mongodb;GridFSBucketWriteStreamStatic;",
-            "mongodb;GridFSBucketWriteStreamStatic;mongodb;;Member[GridFSBucketWriteStream]",
-            "mongodb;GridFSBucketWriteStreamStatic;mongoose;mongodb.GridFSBucketWriteStreamStatic;",
-            "mongodb;IndexInformationOptions;mongodb/mongodb;IndexInformationOptions;",
-            "mongodb;IndexInformationOptions;mongodb;Collection;Member[indexExists].Argument[1]",
-            "mongodb;IndexInformationOptions;mongodb;Collection;Member[indexInformation,indexes].Argument[0]",
-            "mongodb;IndexInformationOptions;mongodb;Db;Member[indexInformation].Argument[1]",
-            "mongodb;IndexInformationOptions;mongoose;mongodb.IndexInformationOptions;",
-            "mongodb;InsertOneOptions;mongodb/mongodb;InsertOneOptions;",
-            "mongodb;InsertOneOptions;mongodb;Collection;Member[insertOne].Argument[1]",
-            "mongodb;InsertOneOptions;mongoose;mongodb.InsertOneOptions;",
-            "mongodb;ListCollectionsCursor;mongodb/mongodb;ListCollectionsCursor;",
-            "mongodb;ListCollectionsCursor;mongodb;Db;Member[listCollections].WithArity[0,1,2].ReturnValue",
-            "mongodb;ListCollectionsCursor;mongodb;ListCollectionsCursor;Member[clone].ReturnValue",
-            "mongodb;ListCollectionsCursor;mongodb;ListCollectionsCursorStatic;Instance",
-            "mongodb;ListCollectionsCursor;mongoose;mongodb.ListCollectionsCursor;",
-            "mongodb;ListCollectionsCursorStatic;mongodb/mongodb;ListCollectionsCursorStatic;",
-            "mongodb;ListCollectionsCursorStatic;mongodb;;Member[ListCollectionsCursor]",
-            "mongodb;ListCollectionsCursorStatic;mongoose;mongodb.ListCollectionsCursorStatic;",
-            "mongodb;ListCollectionsOptions;mongodb/mongodb;ListCollectionsOptions;",
-            "mongodb;ListCollectionsOptions;mongodb;Db;Member[collections].Argument[0]",
-            "mongodb;ListCollectionsOptions;mongodb;Db;Member[listCollections].WithArity[0,1,2].Argument[1]",
-            "mongodb;ListCollectionsOptions;mongodb;ListCollectionsCursor;Member[options]",
-            "mongodb;ListCollectionsOptions;mongodb;ListCollectionsCursorStatic;Argument[2]",
-            "mongodb;ListCollectionsOptions;mongoose;mongodb.ListCollectionsOptions;",
-            "mongodb;ListDatabasesOptions;mongodb/mongodb;ListDatabasesOptions;",
-            "mongodb;ListDatabasesOptions;mongodb;Admin;Member[listDatabases].Argument[0]",
-            "mongodb;ListDatabasesOptions;mongoose;mongodb.ListDatabasesOptions;",
-            "mongodb;ListIndexesCursor;mongodb/mongodb;ListIndexesCursor;",
-            "mongodb;ListIndexesCursor;mongodb;Collection;Member[listIndexes].ReturnValue",
-            "mongodb;ListIndexesCursor;mongodb;ListIndexesCursor;Member[clone].ReturnValue",
-            "mongodb;ListIndexesCursor;mongodb;ListIndexesCursorStatic;Instance",
-            "mongodb;ListIndexesCursor;mongoose;mongodb.ListIndexesCursor;",
-            "mongodb;ListIndexesCursorStatic;mongodb/mongodb;ListIndexesCursorStatic;",
-            "mongodb;ListIndexesCursorStatic;mongodb;;Member[ListIndexesCursor]",
-            "mongodb;ListIndexesCursorStatic;mongoose;mongodb.ListIndexesCursorStatic;",
-            "mongodb;ListIndexesOptions;mongodb/mongodb;ListIndexesOptions;",
-            "mongodb;ListIndexesOptions;mongodb;Collection;Member[listIndexes].Argument[0]",
-            "mongodb;ListIndexesOptions;mongodb;ListIndexesCursor;Member[options]",
-            "mongodb;ListIndexesOptions;mongodb;ListIndexesCursorStatic;Argument[1]",
-            "mongodb;ListIndexesOptions;mongoose;mongodb.ListIndexesOptions;",
-            "mongodb;MapReduceOptions;mongodb/mongodb;MapReduceOptions;",
-            "mongodb;MapReduceOptions;mongodb;Collection;Member[mapReduce].Argument[2]",
-            "mongodb;MapReduceOptions;mongoose;mongodb.MapReduceOptions;",
-            "mongodb;MongoClient;mongodb/mongodb;MongoClient;",
-            "mongodb;MongoClient;mongodb;AutoEncrypter;Argument[0]",
-            "mongodb;MongoClient;mongodb;AutoEncryptionOptions;Member[keyVaultClient]",
-            "mongodb;MongoClient;mongodb;ChangeStream;Member[parent]",
-            "mongodb;MongoClient;mongodb;DbStatic;Argument[0]",
-            "mongodb;MongoClient;mongodb;MongoClient;Member[connect].Argument[0].TypeVar[mongodb.Callback.0]",
-            "mongodb;MongoClient;mongodb;MongoClient;Member[connect].WithArity[0].ReturnValue.Awaited",
-            "mongodb;MongoClient;mongodb;MongoClientEvents;Member[open].Argument[0]",
-            "mongodb;MongoClient;mongodb;MongoClientStatic;Instance",
-            "mongodb;MongoClient;mongodb;MongoClientStatic;Member[connect].Argument[1,2].TypeVar[mongodb.Callback.0]",
-            "mongodb;MongoClient;mongodb;MongoClientStatic;Member[connect].WithArity[1,2].ReturnValue.Awaited",
-            "mongodb;MongoClient;mongoose;mongodb.MongoClient;",
-            "mongodb;MongoClientEvents;mongodb/mongodb;MongoClientEvents;",
-            "mongodb;MongoClientEvents;mongoose;mongodb.MongoClientEvents;",
-            "mongodb;MongoClientOptions;mongodb/mongodb;MongoClientOptions;",
-            "mongodb;MongoClientOptions;mongodb;MongoClientStatic;Argument[1]",
-            "mongodb;MongoClientOptions;mongodb;MongoClientStatic;Member[connect].Argument[1]",
-            "mongodb;MongoClientOptions;mongoose;mongodb.MongoClientOptions;",
-            "mongodb;MongoClientStatic;mongodb/mongodb;MongoClientStatic;",
-            "mongodb;MongoClientStatic;mongodb;;Member[MongoClient]",
-            "mongodb;MongoClientStatic;mongoose;mongodb.MongoClientStatic;",
-            "mongodb;MongoOptions;mongodb/mongodb;MongoOptions;",
-            "mongodb;MongoOptions;mongodb;ClientSession;Member[clientOptions]",
-            "mongodb;MongoOptions;mongodb;MongoClient;Member[options]",
-            "mongodb;MongoOptions;mongoose;mongodb.MongoOptions;",
-            "mongodb;OperationOptions;mongodb/mongodb;OperationOptions;",
-            "mongodb;OperationOptions;mongodb;Collection;Member[isCapped,options].Argument[0]",
-            "mongodb;OperationOptions;mongodb;CommandOperationOptions;",
-            "mongodb;OperationOptions;mongoose;mongodb.OperationOptions;",
-            "mongodb;OrderedBulkOperation;mongodb/mongodb;OrderedBulkOperation;",
-            "mongodb;OrderedBulkOperation;mongodb;Collection;Member[initializeOrderedBulkOp].ReturnValue",
-            "mongodb;OrderedBulkOperation;mongodb;OrderedBulkOperation;Member[addToOperationsList].ReturnValue",
-            "mongodb;OrderedBulkOperation;mongodb;OrderedBulkOperationStatic;Instance",
-            "mongodb;OrderedBulkOperation;mongoose;mongodb.OrderedBulkOperation;",
-            "mongodb;OrderedBulkOperationStatic;mongodb/mongodb;OrderedBulkOperationStatic;",
-            "mongodb;OrderedBulkOperationStatic;mongodb;;Member[OrderedBulkOperation]",
-            "mongodb;OrderedBulkOperationStatic;mongoose;mongodb.OrderedBulkOperationStatic;",
-            "mongodb;ProfilingLevelOptions;mongodb/mongodb;ProfilingLevelOptions;",
-            "mongodb;ProfilingLevelOptions;mongodb;Db;Member[profilingLevel].Argument[0]",
-            "mongodb;ProfilingLevelOptions;mongoose;mongodb.ProfilingLevelOptions;",
-            "mongodb;ReadPreferenceFromOptions;mongodb/mongodb;ReadPreferenceFromOptions;",
-            "mongodb;ReadPreferenceFromOptions;mongodb;ReadPreferenceStatic;Member[fromOptions].Argument[0]",
-            "mongodb;ReadPreferenceFromOptions;mongoose;mongodb.ReadPreferenceFromOptions;",
-            "mongodb;ReadPreferenceStatic;mongodb/mongodb;ReadPreferenceStatic;",
-            "mongodb;ReadPreferenceStatic;mongodb;;Member[ReadPreference]",
-            "mongodb;ReadPreferenceStatic;mongoose;mongodb.ReadPreferenceStatic;",
-            "mongodb;RemoveUserOptions;mongodb/mongodb;RemoveUserOptions;",
-            "mongodb;RemoveUserOptions;mongodb;Admin;Member[removeUser].Argument[1]",
-            "mongodb;RemoveUserOptions;mongodb;Db;Member[removeUser].Argument[1]",
-            "mongodb;RemoveUserOptions;mongoose;mongodb.RemoveUserOptions;",
-            "mongodb;RenameOptions;mongodb/mongodb;RenameOptions;",
-            "mongodb;RenameOptions;mongodb;Collection;Member[rename].Argument[1]",
-            "mongodb;RenameOptions;mongodb;Db;Member[renameCollection].Argument[2]",
-            "mongodb;RenameOptions;mongoose;mongodb.RenameOptions;",
-            "mongodb;ReplaceOptions;mongodb/mongodb;ReplaceOptions;",
-            "mongodb;ReplaceOptions;mongodb;Collection;Member[replaceOne].Argument[2]",
-            "mongodb;ReplaceOptions;mongoose;mongodb.ReplaceOptions;",
-            "mongodb;RunCommandOptions;mongodb/mongodb;RunCommandOptions;",
-            "mongodb;RunCommandOptions;mongodb;Admin;Member[command].Argument[1]",
-            "mongodb;RunCommandOptions;mongodb;Db;Member[command].Argument[1]",
-            "mongodb;RunCommandOptions;mongoose;mongodb.RunCommandOptions;",
-            "mongodb;SelectServerOptions;mongodb/mongodb;SelectServerOptions;",
-            "mongodb;SelectServerOptions;mongoose;mongodb.SelectServerOptions;",
-            "mongodb;SetProfilingLevelOptions;mongodb/mongodb;SetProfilingLevelOptions;",
-            "mongodb;SetProfilingLevelOptions;mongodb;Db;Member[setProfilingLevel].Argument[1]",
-            "mongodb;SetProfilingLevelOptions;mongoose;mongodb.SetProfilingLevelOptions;",
-            "mongodb;Transaction;mongodb/mongodb;Transaction;",
-            "mongodb;Transaction;mongodb;ClientSession;Member[transaction]",
-            "mongodb;Transaction;mongodb;TransactionStatic;Instance",
-            "mongodb;Transaction;mongoose;mongodb.Transaction;",
-            "mongodb;TransactionOptions;mongodb/mongodb;TransactionOptions;",
-            "mongodb;TransactionOptions;mongodb;ClientSession;Member[defaultTransactionOptions]",
-            "mongodb;TransactionOptions;mongodb;ClientSession;Member[startTransaction].Argument[0]",
-            "mongodb;TransactionOptions;mongodb;ClientSession;Member[withTransaction].Argument[1]",
-            "mongodb;TransactionOptions;mongodb;ClientSessionOptions;Member[defaultTransactionOptions]",
-            "mongodb;TransactionOptions;mongodb;Transaction;Member[options]",
-            "mongodb;TransactionOptions;mongoose;mongodb.TransactionOptions;",
-            "mongodb;TransactionStatic;mongodb/mongodb;TransactionStatic;",
-            "mongodb;TransactionStatic;mongodb;;Member[Transaction]",
-            "mongodb;TransactionStatic;mongoose;mongodb.TransactionStatic;",
-            "mongodb;TypedEventEmitter;mongodb;AbstractCursor;",
-            "mongodb;TypedEventEmitter;mongodb;ChangeStream;",
-            "mongodb;TypedEventEmitter;mongodb;ClientSession;",
-            "mongodb;TypedEventEmitter;mongodb;GridFSBucket;",
-            "mongodb;TypedEventEmitter;mongodb;MongoClient;",
-            "mongodb;UnorderedBulkOperation;mongodb/mongodb;UnorderedBulkOperation;",
-            "mongodb;UnorderedBulkOperation;mongodb;Collection;Member[initializeUnorderedBulkOp].ReturnValue",
-            "mongodb;UnorderedBulkOperation;mongodb;UnorderedBulkOperation;Member[addToOperationsList].ReturnValue",
-            "mongodb;UnorderedBulkOperation;mongodb;UnorderedBulkOperationStatic;Instance",
-            "mongodb;UnorderedBulkOperation;mongoose;mongodb.UnorderedBulkOperation;",
-            "mongodb;UnorderedBulkOperationStatic;mongodb/mongodb;UnorderedBulkOperationStatic;",
-            "mongodb;UnorderedBulkOperationStatic;mongodb;;Member[UnorderedBulkOperation]",
-            "mongodb;UnorderedBulkOperationStatic;mongoose;mongodb.UnorderedBulkOperationStatic;",
-            "mongodb;UpdateManyModel;mongodb/mongodb;UpdateManyModel;",
-            "mongodb;UpdateManyModel;mongodb;AnyBulkWriteOperation;Member[updateMany]",
-            "mongodb;UpdateManyModel;mongoose;mongodb.UpdateManyModel;",
-            "mongodb;UpdateOneModel;mongodb/mongodb;UpdateOneModel;",
-            "mongodb;UpdateOneModel;mongodb;AnyBulkWriteOperation;Member[updateOne]",
-            "mongodb;UpdateOneModel;mongoose;mongodb.UpdateOneModel;",
-            "mongodb;UpdateOptions;mongodb/mongodb;UpdateOptions;",
-            "mongodb;UpdateOptions;mongodb;Collection;Member[update,updateMany,updateOne].Argument[2]",
-            "mongodb;UpdateOptions;mongoose;mongodb.UpdateOptions;",
-            "mongodb;ValidateCollectionOptions;mongodb/mongodb;ValidateCollectionOptions;",
-            "mongodb;ValidateCollectionOptions;mongodb;Admin;Member[validateCollection].Argument[1]",
-            "mongodb;ValidateCollectionOptions;mongoose;mongodb.ValidateCollectionOptions;",
-            "mongodb;WithSessionCallback;mongodb/mongodb;WithSessionCallback;",
-            "mongodb;WithSessionCallback;mongodb;MongoClient;Member[withSession].Argument[1]",
-            "mongodb;WithSessionCallback;mongodb;MongoClient;Member[withSession].WithArity[1].Argument[0]",
-            "mongodb;WithSessionCallback;mongoose;mongodb.WithSessionCallback;",
-            "mongodb;WithTransactionCallback;mongodb/mongodb;WithTransactionCallback;",
-            "mongodb;WithTransactionCallback;mongodb;ClientSession;Member[withTransaction].Argument[0]",
-            "mongodb;WithTransactionCallback;mongoose;mongodb.WithTransactionCallback;",
-            "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ObtainDocumentPathType;",
-            "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3].ArrayElement",
-            "mongoose/inferschematype;ResolvePathType;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3].TypeVar[mongoose.Types.DocumentArray.0]",
-            "mongoose;;mongoose;;Member[mongoose]",
-            "mongoose;AcceptsDiscriminator;mongoose;Model;",
-            "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.Array;",
-            "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.DocumentArray;",
-            "mongoose;AcceptsDiscriminator;mongoose;Schema.Types.Subdocument;",
-            "mongoose;Aggregate;mongoose;Aggregate;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue",
-            "mongoose;Aggregate;mongoose;AggregateStatic;Instance",
-            "mongoose;Aggregate;mongoose;Model;Member[aggregate].ReturnValue",
-            "mongoose;AggregateStatic;mongoose;;Member[Aggregate]",
-            "mongoose;Collection;mongoose;;Member[Collection]",
-            "mongoose;Collection;mongoose;Collection;Instance",
-            "mongoose;Collection;mongoose;Connection;Member[collection].ReturnValue",
-            "mongoose;Collection;mongoose;Connection;Member[collections].AnyMember",
-            "mongoose;Collection;mongoose;Document;Member[collection]",
-            "mongoose;Collection;mongoose;Model;Member[collection]",
-            "mongoose;CollectionBase;mongoose;Collection;",
-            "mongoose;CompileModelOptions;mongoose;;Member[model].Argument[3]",
-            "mongoose;CompileModelOptions;mongoose;Connection;Member[model].Argument[3]",
-            "mongoose;ConnectOptions;mongoose;;Member[connect,createConnection].WithArity[1,2,3].Argument[1]",
-            "mongoose;ConnectOptions;mongoose;Connection;Member[openUri].WithArity[1,2,3].Argument[1]",
-            "mongoose;Connection;mongoose;;Member[connection]",
-            "mongoose;Connection;mongoose;;Member[connections].ArrayElement",
-            "mongoose;Connection;mongoose;;Member[createConnection].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;Connection;mongoose;;Member[createConnection].WithArity[0,1,2].ReturnValue",
-            "mongoose;Connection;mongoose;;Member[createConnection].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
-            "mongoose;Connection;mongoose;Collection;Argument[1]",
-            "mongoose;Connection;mongoose;CollectionBase;Member[conn]",
-            "mongoose;Connection;mongoose;CompileModelOptions;Member[connection]",
-            "mongoose;Connection;mongoose;Connection;Member[asPromise].ReturnValue.Awaited",
-            "mongoose;Connection;mongoose;Connection;Member[deleteModel,plugin,setClient,useDb].ReturnValue",
-            "mongoose;Connection;mongoose;Connection;Member[openUri].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[1,2].ReturnValue.Awaited",
-            "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[2,3].ReturnValue",
-            "mongoose;Connection;mongoose;Connection;Member[openUri].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
-            "mongoose;Connection;mongoose;ConnectionStatic;Instance",
-            "mongoose;Connection;mongoose;Document;Member[db]",
-            "mongoose;Connection;mongoose;Model;Member[db]",
-            "mongoose;ConnectionStatic;mongoose;;Member[Connection]",
-            "mongoose;Cursor;mongoose;Query;Member[cursor].ReturnValue",
-            "mongoose;DiscriminatorModel;mongoose;DiscriminatorSchema;TypeVar[mongoose.Schema.1]",
-            "mongoose;Document;mongoose;Document;Member[$getAllSubdocs,$getPopulatedDocs].ReturnValue.ArrayElement",
-            "mongoose;Document;mongoose;Document;Member[$inc,$parent,$set,depopulate,increment,init,overwrite,set].ReturnValue",
-            "mongoose;Document;mongoose;Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
-            "mongoose;Document;mongoose;Document;Member[equals].Argument[0]",
-            "mongoose;Document;mongoose;Document;Member[init].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;Document;mongoose;Document;Member[remove,save].WithArity[0,1].ReturnValue.Awaited",
-            "mongoose;Document;mongoose;Document;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1]",
-            "mongoose;Document;mongoose;Document;Member[save].Argument[1].TypeVar[mongoose.Callback.0]",
-            "mongoose;Document;mongoose;Document;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0]",
-            "mongoose;Document;mongoose;DocumentStatic;Instance",
-            "mongoose;Document;mongoose;Error.VersionErrorStatic;Argument[0]",
-            "mongoose;Document;mongoose;HydratedDocument;",
-            "mongoose;Document;mongoose;HydratedDocument;TypeVar[mongoose.Require_id.0]",
-            "mongoose;Document;mongoose;Model;Member[bulkSave].Argument[0].ArrayElement",
-            "mongoose;Document;mongoose;TVirtualPathFN;Argument[2]",
-            "mongoose;Document;mongoose;Types.Subdocument;",
-            "mongoose;Document;mongoose;Types.Subdocument;Member[$parent,ownerDocument,parent].ReturnValue",
-            "mongoose;Document;mongoose;VirtualType;Member[applyGetters,applySetters].Argument[1]",
-            "mongoose;DocumentStatic;mongoose;;Member[Document]",
-            "mongoose;Error.VersionErrorStatic;mongoose;;Member[Error].Member[VersionError]",
-            "mongoose;HydratedDocument;mongoose;Model;Instance",
-            "mongoose;HydratedDocument;mongoose;Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[$where,find,geoSearch,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[create,insertMany].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[0..,1,2].ReturnValue.Awaited.ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[1].ReturnValue.Awaited",
-            "mongoose;HydratedDocument;mongoose;Model;Member[create].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[exists].WithArity[1,2].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[find,insertMany].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findById,findOne].Argument[3].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findById].WithArity[1,2,3].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findOneAndReplace].WithArity[0,1,2,3,4].Argument[3].Argument[1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findOneAndUpdate].WithArity[3,4].Argument[3].Argument[1]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findOne].WithArity[0,1,2].Argument[1,2].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[findOne].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[geoSearch].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[hydrate].ReturnValue",
-            "mongoose;HydratedDocument;mongoose;Model;Member[init].ReturnValue.Awaited",
-            "mongoose;HydratedDocument;mongoose;Model;Member[insertMany].WithArity[1,2].ReturnValue.Awaited.ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0]",
-            "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
-            "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].ReturnValue.Awaited",
-            "mongoose;HydratedDocument;mongoose;Model;Member[populate].WithArity[2,3].ReturnValue.Awaited.ArrayElement",
-            "mongoose;HydratedDocument;mongoose;TVirtualPathFN;Argument[1].TypeVar[mongoose.VirtualType.0]",
-            "mongoose;HydratedDocument;mongoose;VirtualPathFunctions;Member[options].TypeVar[mongoose.VirtualTypeOptions.0]",
-            "mongoose;InsertManyOptions;mongoose;Model;Member[insertMany].WithArity[2,3].Argument[1]",
-            "mongoose;Model;mongoose;;Member[Model]",
-            "mongoose;Model;mongoose;;Member[model].ReturnValue",
-            "mongoose;Model;mongoose;AcceptsDiscriminator;Member[discriminator].WithArity[2,3].ReturnValue",
-            "mongoose;Model;mongoose;Aggregate;Member[model].Argument[0]",
-            "mongoose;Model;mongoose;Connection;Member[model].WithArity[1,2,3,4].ReturnValue",
-            "mongoose;Model;mongoose;Connection;Member[models].AnyMember",
-            "mongoose;Model;mongoose;DiscriminatorModel;",
-            "mongoose;Model;mongoose;Document;Member[$model].ReturnValue",
-            "mongoose;Model;mongoose;Document;Member[populate].Argument[2]",
-            "mongoose;Model;mongoose;Model;Member[discriminators].AnyMember",
-            "mongoose;Model;mongoose;Models;AnyMember",
-            "mongoose;Model;mongoose;PopulateOptions;Member[model]",
-            "mongoose;Model;mongoose;Query;Member[cast].Argument[0]",
-            "mongoose;Model;mongoose;Query;Member[populate].Argument[2]",
-            "mongoose;Model;mongoose;Schema.Types.Array;Member[discriminator].WithArity[2,3].ReturnValue",
-            "mongoose;Model;mongoose;Schema.Types.DocumentArray;Member[discriminator].WithArity[2,3].ReturnValue",
-            "mongoose;Model;mongoose;Schema.Types.Subdocument;Member[discriminator].WithArity[2,3].ReturnValue",
-            "mongoose;Model;mongoose;SchemaStatic;Instance.TypeVar[mongoose.Schema.1]",
-            "mongoose;Models;mongoose;;Member[models]",
-            "mongoose;PopulateOption;mongoose;InsertManyOptions;",
-            "mongoose;PopulateOption;mongoose;QueryOptions;",
-            "mongoose;PopulateOptions;mongoose;Document;Member[populate].Argument[4]",
-            "mongoose;PopulateOptions;mongoose;Document;Member[populate].WithArity[1,2].Argument[0]",
-            "mongoose;PopulateOptions;mongoose;Document;Member[populate].WithArity[1,2].Argument[0].ArrayElement",
-            "mongoose;PopulateOptions;mongoose;Model;Member[populate].Argument[1]",
-            "mongoose;PopulateOptions;mongoose;Model;Member[populate].Argument[1].ArrayElement",
-            "mongoose;PopulateOptions;mongoose;PopulateOption;Member[populate]",
-            "mongoose;PopulateOptions;mongoose;PopulateOption;Member[populate].ArrayElement",
-            "mongoose;PopulateOptions;mongoose;PopulateOptions;Member[populate]",
-            "mongoose;PopulateOptions;mongoose;PopulateOptions;Member[populate].ArrayElement",
-            "mongoose;PopulateOptions;mongoose;Query;Member[populate].WithArity[1].Argument[0]",
-            "mongoose;PopulateOptions;mongoose;Query;Member[populate].WithArity[1].Argument[0].ArrayElement",
-            "mongoose;Query;mongoose;Document;Member[replaceOne,update,updateOne].ReturnValue",
-            "mongoose;Query;mongoose;HydratedDocument;TypeVar[mongoose.Require_id.0]",
-            "mongoose;Query;mongoose;Query;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,remove,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue",
-            "mongoose;Query;mongoose;Query;Member[error].WithArity[1].ReturnValue",
-            "mongoose;Query;mongoose;Query;Member[merge].Argument[0]",
-            "mongoose;Query;mongoose;QueryStatic;Instance",
-            "mongoose;Query;mongoose;QueryWithHelpers;",
-            "mongoose;QueryOptions;mongoose;Document;Member[delete,deleteOne,remove].WithArity[0,1,2].Argument[0]",
-            "mongoose;QueryOptions;mongoose;Document;Member[replaceOne,update,updateOne].Argument[1]",
-            "mongoose;QueryOptions;mongoose;Model;Member[countDocuments,findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[1]",
-            "mongoose;QueryOptions;mongoose;Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]",
-            "mongoose;QueryOptions;mongoose;Model;Member[estimatedDocumentCount].Argument[0]",
-            "mongoose;QueryOptions;mongoose;Model;Member[find,findById].WithArity[1,2,3,4].Argument[2]",
-            "mongoose;QueryOptions;mongoose;Model;Member[findByIdAndUpdate,findOne,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]",
-            "mongoose;QueryOptions;mongoose;Model;Member[replaceOne,update,updateMany,updateOne].Argument[2]",
-            "mongoose;QueryOptions;mongoose;PopulateOptions;Member[options]",
-            "mongoose;QueryOptions;mongoose;Query;Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1]",
-            "mongoose;QueryOptions;mongoose;Query;Member[cursor,estimatedDocumentCount,setOptions].Argument[0]",
-            "mongoose;QueryOptions;mongoose;Query;Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1]",
-            "mongoose;QueryOptions;mongoose;Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]",
-            "mongoose;QueryOptions;mongoose;Query;Member[findByIdAndUpdate,findOne,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]",
-            "mongoose;QueryOptions;mongoose;Query;Member[find].WithArity[1,2,3,4].Argument[2]",
-            "mongoose;QueryOptions;mongoose;Query;Member[getOptions].ReturnValue",
-            "mongoose;QueryOptions;mongoose;Query;Member[replaceOne,update,updateMany,updateOne].Argument[2]",
-            "mongoose;QueryOptions;mongoose;VirtualTypeOptions;Member[options]",
-            "mongoose;QueryStatic;mongoose;;Member[Query]",
-            "mongoose;QueryWithHelpers;mongoose;Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Model;Member[exists].WithArity[1,2].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Query;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Query;Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue",
-            "mongoose;QueryWithHelpers;mongoose;Query;Member[toConstructor].ReturnValue.Instance",
-            "mongoose;Schema.Types.Array;mongoose;Schema.Types.Array;Member[enum].ReturnValue",
-            "mongoose;Schema.Types.Array;mongoose;Schema.Types.ArrayStatic;Instance",
-            "mongoose;Schema.Types.ArrayStatic;mongoose;;Member[Schema].Member[Types].Member[Array]",
-            "mongoose;Schema.Types.DocumentArray;mongoose;Schema.Types.DocumentArrayStatic;Instance",
-            "mongoose;Schema.Types.DocumentArrayStatic;mongoose;;Member[Schema].Member[Types].Member[DocumentArray]",
-            "mongoose;Schema.Types.Subdocument;mongoose;Schema.Types.SubdocumentStatic;Instance",
-            "mongoose;Schema.Types.SubdocumentStatic;mongoose;;Member[Schema].Member[Types].Member[Subdocument]",
-            "mongoose;Schema.Types.SubdocumentStatic;mongoose;Schema.Types.DocumentArray;Member[caster]",
-            "mongoose;SchemaStatic;mongoose;;Member[Schema]",
-            "mongoose;SessionOperation;mongoose;Aggregate;",
-            "mongoose;SessionOperation;mongoose;Query;",
-            "mongoose;TVirtualPathFN;mongoose;VirtualPathFunctions;Member[get,set]",
-            "mongoose;Types.Array;mongoose;Types.DocumentArray;",
-            "mongoose;Types.ArraySubdocument;mongoose;Types.ArraySubdocumentStatic;Instance",
-            "mongoose;Types.ArraySubdocumentStatic;mongoose;;Member[Types].Member[ArraySubdocument]",
-            "mongoose;Types.DocumentArray;mongoose/inferschematype;ResolvePathType;TypeVar[mongoose.IfEquals.3]",
-            "mongoose;Types.DocumentArray;mongoose;Types.ArraySubdocument;Member[parentArray].ReturnValue",
-            "mongoose;Types.DocumentArray;mongoose;Types.DocumentArrayStatic;Instance",
-            "mongoose;Types.DocumentArrayStatic;mongoose;;Member[Types].Member[DocumentArray]",
-            "mongoose;Types.ObjectId;mongoose/inferschematype;ResolvePathType;",
-            "mongoose;Types.Subdocument;mongoose;Types.ArraySubdocument;",
-            "mongoose;Types.Subdocument;mongoose;Types.DocumentArray;Member[create,id].ReturnValue",
-            "mongoose;Types.Subdocument;mongoose;Types.DocumentArray;TypeVar[mongoose.Types.Array.0]",
-            "mongoose;Types.Subdocument;mongoose;Types.SubdocumentStatic;Instance",
-            "mongoose;Types.SubdocumentStatic;mongoose;;Member[Types].Member[Subdocument]",
-            "mongoose;VirtualType;mongoose;TVirtualPathFN;Argument[1]",
-            "mongoose;VirtualType;mongoose;VirtualType;Member[get,set].Argument[0].Argument[1]",
-            "mongoose;VirtualType;mongoose;VirtualType;Member[get,set].ReturnValue",
-            "mongoose;VirtualType;mongoose;VirtualTypeStatic;Instance",
-            "mongoose;VirtualTypeOptions;mongoose;VirtualPathFunctions;Member[options]",
-            "mongoose;VirtualTypeStatic;mongoose;;Member[VirtualType]"
+            "mongodb.AbstractCursor;mongodb.FindCursor;",
+            "mongodb.AbstractCursor;mongodb.ListCollectionsCursor;",
+            "mongodb.AbstractCursor;mongodb.ListIndexesCursor;",
+            "mongodb.AbstractCursorOptions;mongodb.AggregationCursorOptions;",
+            "mongodb.AbstractCursorOptions;mongodb/mongodb.AbstractCursorOptions;",
+            "mongodb.AbstractCursorOptions;mongoose.mongodb.AbstractCursorOptions;",
+            "mongodb.AddUserOptions;mongodb.Admin;Member[addUser].Argument[1,2]",
+            "mongodb.AddUserOptions;mongodb.Db;Member[addUser].Argument[1,2]",
+            "mongodb.AddUserOptions;mongodb/mongodb.AddUserOptions;",
+            "mongodb.AddUserOptions;mongoose.mongodb.AddUserOptions;",
+            "mongodb.Admin;mongodb.AdminStatic;Instance",
+            "mongodb.Admin;mongodb.Db;Member[admin].ReturnValue",
+            "mongodb.Admin;mongodb/mongodb.Admin;",
+            "mongodb.Admin;mongoose.mongodb.Admin;",
+            "mongodb.AdminStatic;mongodb/mongodb.AdminStatic;",
+            "mongodb.AdminStatic;mongodb;Member[Admin]",
+            "mongodb.AdminStatic;mongoose.mongodb.AdminStatic;",
+            "mongodb.AggregateOptions;mongodb.AggregationCursorOptions;",
+            "mongodb.AggregateOptions;mongodb.ChangeStreamOptions;",
+            "mongodb.AggregateOptions;mongodb.Collection;Member[aggregate].Argument[1]",
+            "mongodb.AggregateOptions;mongodb.CountDocumentsOptions;",
+            "mongodb.AggregateOptions;mongodb.Db;Member[aggregate].Argument[1]",
+            "mongodb.AggregateOptions;mongodb/mongodb.AggregateOptions;",
+            "mongodb.AggregateOptions;mongoose.mongodb.AggregateOptions;",
+            "mongodb.AggregationCursorOptions;mongodb/mongodb.AggregationCursorOptions;",
+            "mongodb.AggregationCursorOptions;mongoose.mongodb.AggregationCursorOptions;",
+            "mongodb.AnyBulkWriteOperation;mongodb.BulkOperationBase;Member[raw].Argument[0]",
+            "mongodb.AnyBulkWriteOperation;mongodb.Collection;Member[bulkWrite].Argument[0].ArrayElement",
+            "mongodb.AnyBulkWriteOperation;mongodb/mongodb.AnyBulkWriteOperation;",
+            "mongodb.AnyBulkWriteOperation;mongoose.mongodb.AnyBulkWriteOperation;",
+            "mongodb.Auth;mongodb.MongoClientOptions;Member[auth]",
+            "mongodb.Auth;mongodb/mongodb.Auth;",
+            "mongodb.Auth;mongoose.mongodb.Auth;",
+            "mongodb.AutoEncrypter;mongodb.AutoEncrypter;Instance",
+            "mongodb.AutoEncrypter;mongodb.ConnectionOptions;Member[autoEncrypter]",
+            "mongodb.AutoEncrypter;mongodb.MongoClient;Member[autoEncrypter]",
+            "mongodb.AutoEncrypter;mongodb.MongoOptions;Member[autoEncrypter]",
+            "mongodb.AutoEncrypter;mongodb/mongodb.AutoEncrypter;",
+            "mongodb.AutoEncrypter;mongoose.mongodb.AutoEncrypter;",
+            "mongodb.AutoEncryptionOptions;mongodb.AutoEncrypter;Argument[1]",
+            "mongodb.AutoEncryptionOptions;mongodb.MongoClientOptions;Member[autoEncryption]",
+            "mongodb.AutoEncryptionOptions;mongodb/mongodb.AutoEncryptionOptions;",
+            "mongodb.AutoEncryptionOptions;mongoose.mongodb.AutoEncryptionOptions;",
+            "mongodb.BulkOperationBase;mongodb.BulkOperationBase;Member[addToOperationsList,insert,raw].ReturnValue",
+            "mongodb.BulkOperationBase;mongodb.BulkOperationBaseStatic;Instance",
+            "mongodb.BulkOperationBase;mongodb.FindOperators;Member[bulkOperation]",
+            "mongodb.BulkOperationBase;mongodb.FindOperators;Member[delete,deleteOne,replaceOne,update,updateOne].ReturnValue",
+            "mongodb.BulkOperationBase;mongodb.OrderedBulkOperation;",
+            "mongodb.BulkOperationBase;mongodb.UnorderedBulkOperation;",
+            "mongodb.BulkOperationBase;mongodb/mongodb.BulkOperationBase;",
+            "mongodb.BulkOperationBase;mongoose.mongodb.BulkOperationBase;",
+            "mongodb.BulkOperationBaseStatic;mongodb/mongodb.BulkOperationBaseStatic;",
+            "mongodb.BulkOperationBaseStatic;mongodb;Member[BulkOperationBase]",
+            "mongodb.BulkOperationBaseStatic;mongoose.mongodb.BulkOperationBaseStatic;",
+            "mongodb.BulkWriteOptions;mongodb.BulkOperationBase;Member[execute].WithArity[0,1,2].Argument[0]",
+            "mongodb.BulkWriteOptions;mongodb.Collection;Member[bulkWrite,insert,insertMany].Argument[1]",
+            "mongodb.BulkWriteOptions;mongodb.Collection;Member[initializeOrderedBulkOp,initializeUnorderedBulkOp].Argument[0]",
+            "mongodb.BulkWriteOptions;mongodb.OrderedBulkOperationStatic;Argument[1]",
+            "mongodb.BulkWriteOptions;mongodb.UnorderedBulkOperationStatic;Argument[1]",
+            "mongodb.BulkWriteOptions;mongodb/mongodb.BulkWriteOptions;",
+            "mongodb.BulkWriteOptions;mongoose.mongodb.BulkWriteOptions;",
+            "mongodb.ChangeStream;mongodb.ChangeStreamStatic;Instance",
+            "mongodb.ChangeStream;mongodb.Collection;Member[watch].ReturnValue",
+            "mongodb.ChangeStream;mongodb.Db;Member[watch].ReturnValue",
+            "mongodb.ChangeStream;mongodb.MongoClient;Member[watch].ReturnValue",
+            "mongodb.ChangeStream;mongodb/mongodb.ChangeStream;",
+            "mongodb.ChangeStream;mongoose.mongodb.ChangeStream;",
+            "mongodb.ChangeStreamOptions;mongodb.ChangeStream;Member[options]",
+            "mongodb.ChangeStreamOptions;mongodb.Collection;Member[watch].Argument[1]",
+            "mongodb.ChangeStreamOptions;mongodb.Db;Member[watch].Argument[1]",
+            "mongodb.ChangeStreamOptions;mongodb.MongoClient;Member[watch].Argument[1]",
+            "mongodb.ChangeStreamOptions;mongodb/mongodb.ChangeStreamOptions;",
+            "mongodb.ChangeStreamOptions;mongoose.mongodb.ChangeStreamOptions;",
+            "mongodb.ChangeStreamStatic;mongodb/mongodb.ChangeStreamStatic;",
+            "mongodb.ChangeStreamStatic;mongodb;Member[ChangeStream]",
+            "mongodb.ChangeStreamStatic;mongoose.mongodb.ChangeStreamStatic;",
+            "mongodb.ClientSession;mongodb.AbstractCursorOptions;Member[session]",
+            "mongodb.ClientSession;mongodb.ClientSession;Member[equals].Argument[0]",
+            "mongodb.ClientSession;mongodb.ClientSessionEvents;Member[ended].Argument[0]",
+            "mongodb.ClientSession;mongodb.ClientSessionStatic;Instance",
+            "mongodb.ClientSession;mongodb.IndexInformationOptions;Member[session]",
+            "mongodb.ClientSession;mongodb.MongoClient;Member[startSession].ReturnValue",
+            "mongodb.ClientSession;mongodb.OperationOptions;Member[session]",
+            "mongodb.ClientSession;mongodb.ReadPreferenceFromOptions;Member[session]",
+            "mongodb.ClientSession;mongodb.SelectServerOptions;Member[session]",
+            "mongodb.ClientSession;mongodb.WithSessionCallback;Argument[0]",
+            "mongodb.ClientSession;mongodb.WithTransactionCallback;Argument[0]",
+            "mongodb.ClientSession;mongodb/mongodb.ClientSession;",
+            "mongodb.ClientSession;mongoose.mongodb.ClientSession;",
+            "mongodb.ClientSessionEvents;mongodb/mongodb.ClientSessionEvents;",
+            "mongodb.ClientSessionEvents;mongoose.mongodb.ClientSessionEvents;",
+            "mongodb.ClientSessionOptions;mongodb.MongoClient;Member[startSession].Argument[0]",
+            "mongodb.ClientSessionOptions;mongodb.MongoClient;Member[withSession].WithArity[2].Argument[0]",
+            "mongodb.ClientSessionOptions;mongodb/mongodb.ClientSessionOptions;",
+            "mongodb.ClientSessionOptions;mongoose.mongodb.ClientSessionOptions;",
+            "mongodb.ClientSessionStatic;mongodb/mongodb.ClientSessionStatic;",
+            "mongodb.ClientSessionStatic;mongodb;Member[ClientSession]",
+            "mongodb.ClientSessionStatic;mongoose.mongodb.ClientSessionStatic;",
+            "mongodb.CollStatsOptions;mongodb.Collection;Member[stats].Argument[0]",
+            "mongodb.CollStatsOptions;mongodb/mongodb.CollStatsOptions;",
+            "mongodb.CollStatsOptions;mongoose.mongodb.CollStatsOptions;",
+            "mongodb.Collection;mongodb.ChangeStream;Member[parent]",
+            "mongodb.Collection;mongodb.Collection;Member[rename].Argument[1,2].TypeVar[mongodb.Callback.0]",
+            "mongodb.Collection;mongodb.Collection;Member[rename].WithArity[1,2].ReturnValue.Awaited",
+            "mongodb.Collection;mongodb.CollectionStatic;Instance",
+            "mongodb.Collection;mongodb.Db;Member[collection].ReturnValue",
+            "mongodb.Collection;mongodb.Db;Member[collections].Argument[0,1].TypeVar[mongodb.Callback.0].ArrayElement",
+            "mongodb.Collection;mongodb.Db;Member[collections].WithArity[0,1].ReturnValue.Awaited.ArrayElement",
+            "mongodb.Collection;mongodb.Db;Member[createCollection].Argument[2].TypeVar[mongodb.Callback.0]",
+            "mongodb.Collection;mongodb.Db;Member[createCollection].WithArity[1,2].ReturnValue.Awaited",
+            "mongodb.Collection;mongodb.Db;Member[createCollection].WithArity[2].Argument[1].TypeVar[mongodb.Callback.0]",
+            "mongodb.Collection;mongodb.Db;Member[renameCollection].Argument[2,3].TypeVar[mongodb.Callback.0]",
+            "mongodb.Collection;mongodb.Db;Member[renameCollection].WithArity[2,3].ReturnValue.Awaited",
+            "mongodb.Collection;mongodb.GridFSBucketWriteStream;Member[chunks,files]",
+            "mongodb.Collection;mongodb.ListIndexesCursor;Member[parent]",
+            "mongodb.Collection;mongodb.ListIndexesCursorStatic;Argument[0]",
+            "mongodb.Collection;mongodb.OrderedBulkOperationStatic;Argument[0]",
+            "mongodb.Collection;mongodb.UnorderedBulkOperationStatic;Argument[0]",
+            "mongodb.Collection;mongodb/mongodb.Collection;",
+            "mongodb.Collection;mongoose.mongodb.Collection;",
+            "mongodb.CollectionStatic;mongodb/mongodb.CollectionStatic;",
+            "mongodb.CollectionStatic;mongodb;Member[Collection]",
+            "mongodb.CollectionStatic;mongoose.mongodb.CollectionStatic;",
+            "mongodb.CommandOperationOptions;mongodb.AddUserOptions;",
+            "mongodb.CommandOperationOptions;mongodb.Admin;Member[buildInfo,ping,replSetGetStatus,serverInfo,serverStatus].Argument[0]",
+            "mongodb.CommandOperationOptions;mongodb.AggregateOptions;",
+            "mongodb.CommandOperationOptions;mongodb.BulkWriteOptions;",
+            "mongodb.CommandOperationOptions;mongodb.CollStatsOptions;",
+            "mongodb.CommandOperationOptions;mongodb.CountOptions;",
+            "mongodb.CommandOperationOptions;mongodb.CreateCollectionOptions;",
+            "mongodb.CommandOperationOptions;mongodb.CreateIndexesOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DbStatsOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DeleteOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DistinctOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DropCollectionOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DropDatabaseOptions;",
+            "mongodb.CommandOperationOptions;mongodb.DropIndexesOptions;",
+            "mongodb.CommandOperationOptions;mongodb.EstimatedDocumentCountOptions;",
+            "mongodb.CommandOperationOptions;mongodb.EvalOptions;",
+            "mongodb.CommandOperationOptions;mongodb.FindOneAndDeleteOptions;",
+            "mongodb.CommandOperationOptions;mongodb.FindOneAndReplaceOptions;",
+            "mongodb.CommandOperationOptions;mongodb.FindOneAndUpdateOptions;",
+            "mongodb.CommandOperationOptions;mongodb.FindOptions;",
+            "mongodb.CommandOperationOptions;mongodb.InsertOneOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ListCollectionsOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ListDatabasesOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ListIndexesOptions;",
+            "mongodb.CommandOperationOptions;mongodb.MapReduceOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ProfilingLevelOptions;",
+            "mongodb.CommandOperationOptions;mongodb.RemoveUserOptions;",
+            "mongodb.CommandOperationOptions;mongodb.RenameOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ReplaceOptions;",
+            "mongodb.CommandOperationOptions;mongodb.RunCommandOptions;",
+            "mongodb.CommandOperationOptions;mongodb.SetProfilingLevelOptions;",
+            "mongodb.CommandOperationOptions;mongodb.TransactionOptions;",
+            "mongodb.CommandOperationOptions;mongodb.UpdateOptions;",
+            "mongodb.CommandOperationOptions;mongodb.ValidateCollectionOptions;",
+            "mongodb.CommandOperationOptions;mongodb/mongodb.CommandOperationOptions;",
+            "mongodb.CommandOperationOptions;mongoose.mongodb.CommandOperationOptions;",
+            "mongodb.ConnectionOptions;mongodb/mongodb.ConnectionOptions;",
+            "mongodb.ConnectionOptions;mongoose.mongodb.ConnectionOptions;",
+            "mongodb.CountDocumentsOptions;mongodb.Collection;Member[countDocuments].Argument[1]",
+            "mongodb.CountDocumentsOptions;mongodb/mongodb.CountDocumentsOptions;",
+            "mongodb.CountDocumentsOptions;mongoose.mongodb.CountDocumentsOptions;",
+            "mongodb.CountOptions;mongodb.Collection;Member[count].Argument[1]",
+            "mongodb.CountOptions;mongodb.FindCursor;Member[count].Argument[0]",
+            "mongodb.CountOptions;mongodb/mongodb.CountOptions;",
+            "mongodb.CountOptions;mongoose.mongodb.CountOptions;",
+            "mongodb.CreateCollectionOptions;mongodb.Db;Member[createCollection].WithArity[1,2,3].Argument[1]",
+            "mongodb.CreateCollectionOptions;mongodb/mongodb.CreateCollectionOptions;",
+            "mongodb.CreateCollectionOptions;mongoose.mongodb.CreateCollectionOptions;",
+            "mongodb.CreateIndexesOptions;mongodb.Collection;Member[createIndex,createIndexes].Argument[1]",
+            "mongodb.CreateIndexesOptions;mongodb.Db;Member[createIndex].Argument[2]",
+            "mongodb.CreateIndexesOptions;mongodb/mongodb.CreateIndexesOptions;",
+            "mongodb.CreateIndexesOptions;mongoose.mongodb.CreateIndexesOptions;",
+            "mongodb.Db;mongodb.ChangeStream;Member[parent]",
+            "mongodb.Db;mongodb.DbStatic;Instance",
+            "mongodb.Db;mongodb.GridFSBucketStatic;Argument[0]",
+            "mongodb.Db;mongodb.ListCollectionsCursor;Member[parent]",
+            "mongodb.Db;mongodb.ListCollectionsCursorStatic;Argument[0]",
+            "mongodb.Db;mongodb.MongoClient;Member[db].ReturnValue",
+            "mongodb.Db;mongodb/mongodb.Db;",
+            "mongodb.Db;mongoose.mongodb.Db;",
+            "mongodb.DbStatic;mongodb/mongodb.DbStatic;",
+            "mongodb.DbStatic;mongodb;Member[Db]",
+            "mongodb.DbStatic;mongoose.mongodb.DbStatic;",
+            "mongodb.DbStatsOptions;mongodb.Db;Member[stats].Argument[0]",
+            "mongodb.DbStatsOptions;mongodb/mongodb.DbStatsOptions;",
+            "mongodb.DbStatsOptions;mongoose.mongodb.DbStatsOptions;",
+            "mongodb.DeleteManyModel;mongodb.AnyBulkWriteOperation;Member[deleteMany]",
+            "mongodb.DeleteManyModel;mongodb/mongodb.DeleteManyModel;",
+            "mongodb.DeleteManyModel;mongoose.mongodb.DeleteManyModel;",
+            "mongodb.DeleteOneModel;mongodb.AnyBulkWriteOperation;Member[deleteOne]",
+            "mongodb.DeleteOneModel;mongodb/mongodb.DeleteOneModel;",
+            "mongodb.DeleteOneModel;mongoose.mongodb.DeleteOneModel;",
+            "mongodb.DeleteOptions;mongodb.Collection;Member[deleteMany,deleteOne,remove].Argument[1]",
+            "mongodb.DeleteOptions;mongodb/mongodb.DeleteOptions;",
+            "mongodb.DeleteOptions;mongoose.mongodb.DeleteOptions;",
+            "mongodb.DistinctOptions;mongodb.Collection;Member[distinct].Argument[2]",
+            "mongodb.DistinctOptions;mongodb/mongodb.DistinctOptions;",
+            "mongodb.DistinctOptions;mongoose.mongodb.DistinctOptions;",
+            "mongodb.DropCollectionOptions;mongodb.Collection;Member[drop].Argument[0]",
+            "mongodb.DropCollectionOptions;mongodb.Db;Member[dropCollection].Argument[1]",
+            "mongodb.DropCollectionOptions;mongodb/mongodb.DropCollectionOptions;",
+            "mongodb.DropCollectionOptions;mongoose.mongodb.DropCollectionOptions;",
+            "mongodb.DropDatabaseOptions;mongodb.Db;Member[dropDatabase].Argument[0]",
+            "mongodb.DropDatabaseOptions;mongodb/mongodb.DropDatabaseOptions;",
+            "mongodb.DropDatabaseOptions;mongoose.mongodb.DropDatabaseOptions;",
+            "mongodb.DropIndexesOptions;mongodb.Collection;Member[dropIndex].Argument[1]",
+            "mongodb.DropIndexesOptions;mongodb.Collection;Member[dropIndexes].Argument[0]",
+            "mongodb.DropIndexesOptions;mongodb/mongodb.DropIndexesOptions;",
+            "mongodb.DropIndexesOptions;mongoose.mongodb.DropIndexesOptions;",
+            "mongodb.EstimatedDocumentCountOptions;mongodb.Collection;Member[estimatedDocumentCount].Argument[0]",
+            "mongodb.EstimatedDocumentCountOptions;mongodb/mongodb.EstimatedDocumentCountOptions;",
+            "mongodb.EstimatedDocumentCountOptions;mongoose.mongodb.EstimatedDocumentCountOptions;",
+            "mongodb.EvalOptions;mongodb/mongodb.EvalOptions;",
+            "mongodb.EvalOptions;mongoose.mongodb.EvalOptions;",
+            "mongodb.FindCursor;mongodb.Collection;Member[find].WithArity[0,1,2].ReturnValue",
+            "mongodb.FindCursor;mongodb.FindCursor;Member[addQueryModifier,allowDiskUse,clone,collation,comment,filter,hint,limit,map,max,maxAwaitTimeMS,maxTimeMS,min,project,returnKey,showRecordId,skip,sort].ReturnValue",
+            "mongodb.FindCursor;mongodb.FindCursorStatic;Instance",
+            "mongodb.FindCursor;mongodb.GridFSBucket;Member[find].ReturnValue",
+            "mongodb.FindCursor;mongodb/mongodb.FindCursor;",
+            "mongodb.FindCursor;mongoose.mongodb.FindCursor;",
+            "mongodb.FindCursorStatic;mongodb/mongodb.FindCursorStatic;",
+            "mongodb.FindCursorStatic;mongodb;Member[FindCursor]",
+            "mongodb.FindCursorStatic;mongoose.mongodb.FindCursorStatic;",
+            "mongodb.FindOneAndDeleteOptions;mongodb.Collection;Member[findOneAndDelete].Argument[1]",
+            "mongodb.FindOneAndDeleteOptions;mongodb/mongodb.FindOneAndDeleteOptions;",
+            "mongodb.FindOneAndDeleteOptions;mongoose.mongodb.FindOneAndDeleteOptions;",
+            "mongodb.FindOneAndReplaceOptions;mongodb.Collection;Member[findOneAndReplace].Argument[2]",
+            "mongodb.FindOneAndReplaceOptions;mongodb/mongodb.FindOneAndReplaceOptions;",
+            "mongodb.FindOneAndReplaceOptions;mongoose.mongodb.FindOneAndReplaceOptions;",
+            "mongodb.FindOneAndUpdateOptions;mongodb.Collection;Member[findOneAndUpdate].Argument[2]",
+            "mongodb.FindOneAndUpdateOptions;mongodb/mongodb.FindOneAndUpdateOptions;",
+            "mongodb.FindOneAndUpdateOptions;mongoose.mongodb.FindOneAndUpdateOptions;",
+            "mongodb.FindOperators;mongodb.BulkOperationBase;Member[find].ReturnValue",
+            "mongodb.FindOperators;mongodb.FindOperators;Member[arrayFilters,collation,upsert].ReturnValue",
+            "mongodb.FindOperators;mongodb.FindOperatorsStatic;Instance",
+            "mongodb.FindOperators;mongodb/mongodb.FindOperators;",
+            "mongodb.FindOperators;mongoose.mongodb.FindOperators;",
+            "mongodb.FindOperatorsStatic;mongodb/mongodb.FindOperatorsStatic;",
+            "mongodb.FindOperatorsStatic;mongodb;Member[FindOperators]",
+            "mongodb.FindOperatorsStatic;mongoose.mongodb.FindOperatorsStatic;",
+            "mongodb.FindOptions;mongodb.Collection;Member[find,findOne].Argument[1]",
+            "mongodb.FindOptions;mongodb.GridFSBucket;Member[find].Argument[1]",
+            "mongodb.FindOptions;mongodb/mongodb.FindOptions;",
+            "mongodb.FindOptions;mongoose.mongodb.FindOptions;",
+            "mongodb.GridFSBucket;mongodb.GridFSBucketStatic;Instance",
+            "mongodb.GridFSBucket;mongodb.GridFSBucketWriteStream;Member[bucket]",
+            "mongodb.GridFSBucket;mongodb/mongodb.GridFSBucket;",
+            "mongodb.GridFSBucket;mongoose.mongodb.GridFSBucket;",
+            "mongodb.GridFSBucketStatic;mongodb/mongodb.GridFSBucketStatic;",
+            "mongodb.GridFSBucketStatic;mongodb;Member[GridFSBucket]",
+            "mongodb.GridFSBucketStatic;mongoose.mongodb.GridFSBucketStatic;",
+            "mongodb.GridFSBucketWriteStream;mongodb.GridFSBucket;Member[openUploadStream,openUploadStreamWithId].ReturnValue",
+            "mongodb.GridFSBucketWriteStream;mongodb.GridFSBucketWriteStream;Member[end].ReturnValue",
+            "mongodb.GridFSBucketWriteStream;mongodb.GridFSBucketWriteStreamStatic;Instance",
+            "mongodb.GridFSBucketWriteStream;mongodb/mongodb.GridFSBucketWriteStream;",
+            "mongodb.GridFSBucketWriteStream;mongoose.mongodb.GridFSBucketWriteStream;",
+            "mongodb.GridFSBucketWriteStreamStatic;mongodb/mongodb.GridFSBucketWriteStreamStatic;",
+            "mongodb.GridFSBucketWriteStreamStatic;mongodb;Member[GridFSBucketWriteStream]",
+            "mongodb.GridFSBucketWriteStreamStatic;mongoose.mongodb.GridFSBucketWriteStreamStatic;",
+            "mongodb.IndexInformationOptions;mongodb.Collection;Member[indexExists].Argument[1]",
+            "mongodb.IndexInformationOptions;mongodb.Collection;Member[indexInformation,indexes].Argument[0]",
+            "mongodb.IndexInformationOptions;mongodb.Db;Member[indexInformation].Argument[1]",
+            "mongodb.IndexInformationOptions;mongodb/mongodb.IndexInformationOptions;",
+            "mongodb.IndexInformationOptions;mongoose.mongodb.IndexInformationOptions;",
+            "mongodb.InsertOneOptions;mongodb.Collection;Member[insertOne].Argument[1]",
+            "mongodb.InsertOneOptions;mongodb/mongodb.InsertOneOptions;",
+            "mongodb.InsertOneOptions;mongoose.mongodb.InsertOneOptions;",
+            "mongodb.ListCollectionsCursor;mongodb.Db;Member[listCollections].WithArity[0,1,2].ReturnValue",
+            "mongodb.ListCollectionsCursor;mongodb.ListCollectionsCursor;Member[clone].ReturnValue",
+            "mongodb.ListCollectionsCursor;mongodb.ListCollectionsCursorStatic;Instance",
+            "mongodb.ListCollectionsCursor;mongodb/mongodb.ListCollectionsCursor;",
+            "mongodb.ListCollectionsCursor;mongoose.mongodb.ListCollectionsCursor;",
+            "mongodb.ListCollectionsCursorStatic;mongodb/mongodb.ListCollectionsCursorStatic;",
+            "mongodb.ListCollectionsCursorStatic;mongodb;Member[ListCollectionsCursor]",
+            "mongodb.ListCollectionsCursorStatic;mongoose.mongodb.ListCollectionsCursorStatic;",
+            "mongodb.ListCollectionsOptions;mongodb.Db;Member[collections].Argument[0]",
+            "mongodb.ListCollectionsOptions;mongodb.Db;Member[listCollections].WithArity[0,1,2].Argument[1]",
+            "mongodb.ListCollectionsOptions;mongodb.ListCollectionsCursor;Member[options]",
+            "mongodb.ListCollectionsOptions;mongodb.ListCollectionsCursorStatic;Argument[2]",
+            "mongodb.ListCollectionsOptions;mongodb/mongodb.ListCollectionsOptions;",
+            "mongodb.ListCollectionsOptions;mongoose.mongodb.ListCollectionsOptions;",
+            "mongodb.ListDatabasesOptions;mongodb.Admin;Member[listDatabases].Argument[0]",
+            "mongodb.ListDatabasesOptions;mongodb/mongodb.ListDatabasesOptions;",
+            "mongodb.ListDatabasesOptions;mongoose.mongodb.ListDatabasesOptions;",
+            "mongodb.ListIndexesCursor;mongodb.Collection;Member[listIndexes].ReturnValue",
+            "mongodb.ListIndexesCursor;mongodb.ListIndexesCursor;Member[clone].ReturnValue",
+            "mongodb.ListIndexesCursor;mongodb.ListIndexesCursorStatic;Instance",
+            "mongodb.ListIndexesCursor;mongodb/mongodb.ListIndexesCursor;",
+            "mongodb.ListIndexesCursor;mongoose.mongodb.ListIndexesCursor;",
+            "mongodb.ListIndexesCursorStatic;mongodb/mongodb.ListIndexesCursorStatic;",
+            "mongodb.ListIndexesCursorStatic;mongodb;Member[ListIndexesCursor]",
+            "mongodb.ListIndexesCursorStatic;mongoose.mongodb.ListIndexesCursorStatic;",
+            "mongodb.ListIndexesOptions;mongodb.Collection;Member[listIndexes].Argument[0]",
+            "mongodb.ListIndexesOptions;mongodb.ListIndexesCursor;Member[options]",
+            "mongodb.ListIndexesOptions;mongodb.ListIndexesCursorStatic;Argument[1]",
+            "mongodb.ListIndexesOptions;mongodb/mongodb.ListIndexesOptions;",
+            "mongodb.ListIndexesOptions;mongoose.mongodb.ListIndexesOptions;",
+            "mongodb.MapReduceOptions;mongodb.Collection;Member[mapReduce].Argument[2]",
+            "mongodb.MapReduceOptions;mongodb/mongodb.MapReduceOptions;",
+            "mongodb.MapReduceOptions;mongoose.mongodb.MapReduceOptions;",
+            "mongodb.MongoClient;mongodb.AutoEncrypter;Argument[0]",
+            "mongodb.MongoClient;mongodb.AutoEncryptionOptions;Member[keyVaultClient]",
+            "mongodb.MongoClient;mongodb.ChangeStream;Member[parent]",
+            "mongodb.MongoClient;mongodb.DbStatic;Argument[0]",
+            "mongodb.MongoClient;mongodb.MongoClient;Member[connect].Argument[0].TypeVar[mongodb.Callback.0]",
+            "mongodb.MongoClient;mongodb.MongoClient;Member[connect].WithArity[0].ReturnValue.Awaited",
+            "mongodb.MongoClient;mongodb.MongoClientEvents;Member[open].Argument[0]",
+            "mongodb.MongoClient;mongodb.MongoClientStatic;Instance",
+            "mongodb.MongoClient;mongodb.MongoClientStatic;Member[connect].Argument[1,2].TypeVar[mongodb.Callback.0]",
+            "mongodb.MongoClient;mongodb.MongoClientStatic;Member[connect].WithArity[1,2].ReturnValue.Awaited",
+            "mongodb.MongoClient;mongodb/mongodb.MongoClient;",
+            "mongodb.MongoClient;mongoose.mongodb.MongoClient;",
+            "mongodb.MongoClientEvents;mongodb/mongodb.MongoClientEvents;",
+            "mongodb.MongoClientEvents;mongoose.mongodb.MongoClientEvents;",
+            "mongodb.MongoClientOptions;mongodb.MongoClientStatic;Argument[1]",
+            "mongodb.MongoClientOptions;mongodb.MongoClientStatic;Member[connect].Argument[1]",
+            "mongodb.MongoClientOptions;mongodb/mongodb.MongoClientOptions;",
+            "mongodb.MongoClientOptions;mongoose.mongodb.MongoClientOptions;",
+            "mongodb.MongoClientStatic;mongodb/mongodb.MongoClientStatic;",
+            "mongodb.MongoClientStatic;mongodb;Member[MongoClient]",
+            "mongodb.MongoClientStatic;mongoose.mongodb.MongoClientStatic;",
+            "mongodb.MongoOptions;mongodb.ClientSession;Member[clientOptions]",
+            "mongodb.MongoOptions;mongodb.MongoClient;Member[options]",
+            "mongodb.MongoOptions;mongodb/mongodb.MongoOptions;",
+            "mongodb.MongoOptions;mongoose.mongodb.MongoOptions;",
+            "mongodb.OperationOptions;mongodb.Collection;Member[isCapped,options].Argument[0]",
+            "mongodb.OperationOptions;mongodb.CommandOperationOptions;",
+            "mongodb.OperationOptions;mongodb/mongodb.OperationOptions;",
+            "mongodb.OperationOptions;mongoose.mongodb.OperationOptions;",
+            "mongodb.OrderedBulkOperation;mongodb.Collection;Member[initializeOrderedBulkOp].ReturnValue",
+            "mongodb.OrderedBulkOperation;mongodb.OrderedBulkOperation;Member[addToOperationsList].ReturnValue",
+            "mongodb.OrderedBulkOperation;mongodb.OrderedBulkOperationStatic;Instance",
+            "mongodb.OrderedBulkOperation;mongodb/mongodb.OrderedBulkOperation;",
+            "mongodb.OrderedBulkOperation;mongoose.mongodb.OrderedBulkOperation;",
+            "mongodb.OrderedBulkOperationStatic;mongodb/mongodb.OrderedBulkOperationStatic;",
+            "mongodb.OrderedBulkOperationStatic;mongodb;Member[OrderedBulkOperation]",
+            "mongodb.OrderedBulkOperationStatic;mongoose.mongodb.OrderedBulkOperationStatic;",
+            "mongodb.ProfilingLevelOptions;mongodb.Db;Member[profilingLevel].Argument[0]",
+            "mongodb.ProfilingLevelOptions;mongodb/mongodb.ProfilingLevelOptions;",
+            "mongodb.ProfilingLevelOptions;mongoose.mongodb.ProfilingLevelOptions;",
+            "mongodb.ReadPreferenceFromOptions;mongodb.ReadPreferenceStatic;Member[fromOptions].Argument[0]",
+            "mongodb.ReadPreferenceFromOptions;mongodb/mongodb.ReadPreferenceFromOptions;",
+            "mongodb.ReadPreferenceFromOptions;mongoose.mongodb.ReadPreferenceFromOptions;",
+            "mongodb.ReadPreferenceStatic;mongodb/mongodb.ReadPreferenceStatic;",
+            "mongodb.ReadPreferenceStatic;mongodb;Member[ReadPreference]",
+            "mongodb.ReadPreferenceStatic;mongoose.mongodb.ReadPreferenceStatic;",
+            "mongodb.RemoveUserOptions;mongodb.Admin;Member[removeUser].Argument[1]",
+            "mongodb.RemoveUserOptions;mongodb.Db;Member[removeUser].Argument[1]",
+            "mongodb.RemoveUserOptions;mongodb/mongodb.RemoveUserOptions;",
+            "mongodb.RemoveUserOptions;mongoose.mongodb.RemoveUserOptions;",
+            "mongodb.RenameOptions;mongodb.Collection;Member[rename].Argument[1]",
+            "mongodb.RenameOptions;mongodb.Db;Member[renameCollection].Argument[2]",
+            "mongodb.RenameOptions;mongodb/mongodb.RenameOptions;",
+            "mongodb.RenameOptions;mongoose.mongodb.RenameOptions;",
+            "mongodb.ReplaceOptions;mongodb.Collection;Member[replaceOne].Argument[2]",
+            "mongodb.ReplaceOptions;mongodb/mongodb.ReplaceOptions;",
+            "mongodb.ReplaceOptions;mongoose.mongodb.ReplaceOptions;",
+            "mongodb.RunCommandOptions;mongodb.Admin;Member[command].Argument[1]",
+            "mongodb.RunCommandOptions;mongodb.Db;Member[command].Argument[1]",
+            "mongodb.RunCommandOptions;mongodb/mongodb.RunCommandOptions;",
+            "mongodb.RunCommandOptions;mongoose.mongodb.RunCommandOptions;",
+            "mongodb.SelectServerOptions;mongodb/mongodb.SelectServerOptions;",
+            "mongodb.SelectServerOptions;mongoose.mongodb.SelectServerOptions;",
+            "mongodb.SetProfilingLevelOptions;mongodb.Db;Member[setProfilingLevel].Argument[1]",
+            "mongodb.SetProfilingLevelOptions;mongodb/mongodb.SetProfilingLevelOptions;",
+            "mongodb.SetProfilingLevelOptions;mongoose.mongodb.SetProfilingLevelOptions;",
+            "mongodb.Transaction;mongodb.ClientSession;Member[transaction]",
+            "mongodb.Transaction;mongodb.TransactionStatic;Instance",
+            "mongodb.Transaction;mongodb/mongodb.Transaction;",
+            "mongodb.Transaction;mongoose.mongodb.Transaction;",
+            "mongodb.TransactionOptions;mongodb.ClientSession;Member[defaultTransactionOptions]",
+            "mongodb.TransactionOptions;mongodb.ClientSession;Member[startTransaction].Argument[0]",
+            "mongodb.TransactionOptions;mongodb.ClientSession;Member[withTransaction].Argument[1]",
+            "mongodb.TransactionOptions;mongodb.ClientSessionOptions;Member[defaultTransactionOptions]",
+            "mongodb.TransactionOptions;mongodb.Transaction;Member[options]",
+            "mongodb.TransactionOptions;mongodb/mongodb.TransactionOptions;",
+            "mongodb.TransactionOptions;mongoose.mongodb.TransactionOptions;",
+            "mongodb.TransactionStatic;mongodb/mongodb.TransactionStatic;",
+            "mongodb.TransactionStatic;mongodb;Member[Transaction]",
+            "mongodb.TransactionStatic;mongoose.mongodb.TransactionStatic;",
+            "mongodb.TypedEventEmitter;mongodb.AbstractCursor;",
+            "mongodb.TypedEventEmitter;mongodb.ChangeStream;",
+            "mongodb.TypedEventEmitter;mongodb.ClientSession;",
+            "mongodb.TypedEventEmitter;mongodb.GridFSBucket;",
+            "mongodb.TypedEventEmitter;mongodb.MongoClient;",
+            "mongodb.UnorderedBulkOperation;mongodb.Collection;Member[initializeUnorderedBulkOp].ReturnValue",
+            "mongodb.UnorderedBulkOperation;mongodb.UnorderedBulkOperation;Member[addToOperationsList].ReturnValue",
+            "mongodb.UnorderedBulkOperation;mongodb.UnorderedBulkOperationStatic;Instance",
+            "mongodb.UnorderedBulkOperation;mongodb/mongodb.UnorderedBulkOperation;",
+            "mongodb.UnorderedBulkOperation;mongoose.mongodb.UnorderedBulkOperation;",
+            "mongodb.UnorderedBulkOperationStatic;mongodb/mongodb.UnorderedBulkOperationStatic;",
+            "mongodb.UnorderedBulkOperationStatic;mongodb;Member[UnorderedBulkOperation]",
+            "mongodb.UnorderedBulkOperationStatic;mongoose.mongodb.UnorderedBulkOperationStatic;",
+            "mongodb.UpdateManyModel;mongodb.AnyBulkWriteOperation;Member[updateMany]",
+            "mongodb.UpdateManyModel;mongodb/mongodb.UpdateManyModel;",
+            "mongodb.UpdateManyModel;mongoose.mongodb.UpdateManyModel;",
+            "mongodb.UpdateOneModel;mongodb.AnyBulkWriteOperation;Member[updateOne]",
+            "mongodb.UpdateOneModel;mongodb/mongodb.UpdateOneModel;",
+            "mongodb.UpdateOneModel;mongoose.mongodb.UpdateOneModel;",
+            "mongodb.UpdateOptions;mongodb.Collection;Member[update,updateMany,updateOne].Argument[2]",
+            "mongodb.UpdateOptions;mongodb/mongodb.UpdateOptions;",
+            "mongodb.UpdateOptions;mongoose.mongodb.UpdateOptions;",
+            "mongodb.ValidateCollectionOptions;mongodb.Admin;Member[validateCollection].Argument[1]",
+            "mongodb.ValidateCollectionOptions;mongodb/mongodb.ValidateCollectionOptions;",
+            "mongodb.ValidateCollectionOptions;mongoose.mongodb.ValidateCollectionOptions;",
+            "mongodb.WithSessionCallback;mongodb.MongoClient;Member[withSession].Argument[1]",
+            "mongodb.WithSessionCallback;mongodb.MongoClient;Member[withSession].WithArity[1].Argument[0]",
+            "mongodb.WithSessionCallback;mongodb/mongodb.WithSessionCallback;",
+            "mongodb.WithSessionCallback;mongoose.mongodb.WithSessionCallback;",
+            "mongodb.WithTransactionCallback;mongodb.ClientSession;Member[withTransaction].Argument[0]",
+            "mongodb.WithTransactionCallback;mongodb/mongodb.WithTransactionCallback;",
+            "mongodb.WithTransactionCallback;mongoose.mongodb.WithTransactionCallback;",
+            "mongodb;mongoose;Member[mongodb]",
+            "mongoose.AcceptsDiscriminator;mongoose.Model;",
+            "mongoose.AcceptsDiscriminator;mongoose.Schema.Types.Array;",
+            "mongoose.AcceptsDiscriminator;mongoose.Schema.Types.DocumentArray;",
+            "mongoose.AcceptsDiscriminator;mongoose.Schema.Types.Subdocument;",
+            "mongoose.Aggregate;mongoose.Aggregate;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue",
+            "mongoose.Aggregate;mongoose.AggregateStatic;Instance",
+            "mongoose.Aggregate;mongoose.Model;Member[aggregate].ReturnValue",
+            "mongoose.AggregateStatic;mongoose;Member[Aggregate]",
+            "mongoose.Collection;mongoose.Collection;Instance",
+            "mongoose.Collection;mongoose.Connection;Member[collection].ReturnValue",
+            "mongoose.Collection;mongoose.Connection;Member[collections].AnyMember",
+            "mongoose.Collection;mongoose.Document;Member[collection]",
+            "mongoose.Collection;mongoose.Model;Member[collection]",
+            "mongoose.Collection;mongoose;Member[Collection]",
+            "mongoose.CollectionBase;mongoose.Collection;",
+            "mongoose.CompileModelOptions;mongoose.Connection;Member[model].Argument[3]",
+            "mongoose.CompileModelOptions;mongoose;Member[model].Argument[3]",
+            "mongoose.ConnectOptions;mongoose.Connection;Member[openUri].WithArity[1,2,3].Argument[1]",
+            "mongoose.ConnectOptions;mongoose;Member[connect,createConnection].WithArity[1,2,3].Argument[1]",
+            "mongoose.Connection;mongoose.Collection;Argument[1]",
+            "mongoose.Connection;mongoose.CollectionBase;Member[conn]",
+            "mongoose.Connection;mongoose.CompileModelOptions;Member[connection]",
+            "mongoose.Connection;mongoose.Connection;Member[asPromise].ReturnValue.Awaited",
+            "mongoose.Connection;mongoose.Connection;Member[deleteModel,plugin,setClient,useDb].ReturnValue",
+            "mongoose.Connection;mongoose.Connection;Member[openUri].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.Connection;mongoose.Connection;Member[openUri].WithArity[1,2].ReturnValue.Awaited",
+            "mongoose.Connection;mongoose.Connection;Member[openUri].WithArity[2,3].ReturnValue",
+            "mongoose.Connection;mongoose.Connection;Member[openUri].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
+            "mongoose.Connection;mongoose.ConnectionStatic;Instance",
+            "mongoose.Connection;mongoose.Document;Member[db]",
+            "mongoose.Connection;mongoose.Model;Member[db]",
+            "mongoose.Connection;mongoose;Member[connection]",
+            "mongoose.Connection;mongoose;Member[connections].ArrayElement",
+            "mongoose.Connection;mongoose;Member[createConnection].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.Connection;mongoose;Member[createConnection].WithArity[0,1,2].ReturnValue",
+            "mongoose.Connection;mongoose;Member[createConnection].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
+            "mongoose.ConnectionStatic;mongoose;Member[Connection]",
+            "mongoose.Cursor;mongoose.Query;Member[cursor].ReturnValue",
+            "mongoose.DiscriminatorModel;mongoose.DiscriminatorSchema;TypeVar[mongoose.Schema.1]",
+            "mongoose.Document;mongoose.Document;Member[$getAllSubdocs,$getPopulatedDocs].ReturnValue.ArrayElement",
+            "mongoose.Document;mongoose.Document;Member[$inc,$parent,$set,depopulate,increment,init,overwrite,set].ReturnValue",
+            "mongoose.Document;mongoose.Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
+            "mongoose.Document;mongoose.Document;Member[equals].Argument[0]",
+            "mongoose.Document;mongoose.Document;Member[init].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.Document;mongoose.Document;Member[remove,save].WithArity[0,1].ReturnValue.Awaited",
+            "mongoose.Document;mongoose.Document;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1]",
+            "mongoose.Document;mongoose.Document;Member[save].Argument[1].TypeVar[mongoose.Callback.0]",
+            "mongoose.Document;mongoose.Document;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0]",
+            "mongoose.Document;mongoose.DocumentStatic;Instance",
+            "mongoose.Document;mongoose.Error.VersionErrorStatic;Argument[0]",
+            "mongoose.Document;mongoose.HydratedDocument;",
+            "mongoose.Document;mongoose.HydratedDocument;TypeVar[mongoose.Require_id.0]",
+            "mongoose.Document;mongoose.Model;Member[bulkSave].Argument[0].ArrayElement",
+            "mongoose.Document;mongoose.TVirtualPathFN;Argument[2]",
+            "mongoose.Document;mongoose.Types.Subdocument;",
+            "mongoose.Document;mongoose.Types.Subdocument;Member[$parent,ownerDocument,parent].ReturnValue",
+            "mongoose.Document;mongoose.VirtualType;Member[applyGetters,applySetters].Argument[1]",
+            "mongoose.DocumentStatic;mongoose;Member[Document]",
+            "mongoose.Error.VersionErrorStatic;mongoose;Member[Error].Member[VersionError]",
+            "mongoose.HydratedDocument;mongoose.Model;Instance",
+            "mongoose.HydratedDocument;mongoose.Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[$where,find,geoSearch,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[create,insertMany].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[create].WithArity[0..,1,2].ReturnValue.Awaited.ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[create].WithArity[1].ReturnValue.Awaited",
+            "mongoose.HydratedDocument;mongoose.Model;Member[create].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[exists].WithArity[1,2].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[find,insertMany].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findById,findOne].Argument[3].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findById].WithArity[1,2,3].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findOneAndReplace].WithArity[0,1,2,3,4].Argument[3].Argument[1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findOneAndUpdate].WithArity[3,4].Argument[3].Argument[1]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findOne].WithArity[0,1,2].Argument[1,2].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[findOne].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[geoSearch].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[hydrate].ReturnValue",
+            "mongoose.HydratedDocument;mongoose.Model;Member[init].ReturnValue.Awaited",
+            "mongoose.HydratedDocument;mongoose.Model;Member[insertMany].WithArity[1,2].ReturnValue.Awaited.ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0]",
+            "mongoose.HydratedDocument;mongoose.Model;Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement",
+            "mongoose.HydratedDocument;mongoose.Model;Member[populate].WithArity[2,3].ReturnValue.Awaited",
+            "mongoose.HydratedDocument;mongoose.Model;Member[populate].WithArity[2,3].ReturnValue.Awaited.ArrayElement",
+            "mongoose.HydratedDocument;mongoose.TVirtualPathFN;Argument[1].TypeVar[mongoose.VirtualType.0]",
+            "mongoose.HydratedDocument;mongoose.VirtualPathFunctions;Member[options].TypeVar[mongoose.VirtualTypeOptions.0]",
+            "mongoose.InsertManyOptions;mongoose.Model;Member[insertMany].WithArity[2,3].Argument[1]",
+            "mongoose.Model;mongoose.AcceptsDiscriminator;Member[discriminator].WithArity[2,3].ReturnValue",
+            "mongoose.Model;mongoose.Aggregate;Member[model].Argument[0]",
+            "mongoose.Model;mongoose.Connection;Member[model].WithArity[1,2,3,4].ReturnValue",
+            "mongoose.Model;mongoose.Connection;Member[models].AnyMember",
+            "mongoose.Model;mongoose.DiscriminatorModel;",
+            "mongoose.Model;mongoose.Document;Member[$model].ReturnValue",
+            "mongoose.Model;mongoose.Document;Member[populate].Argument[2]",
+            "mongoose.Model;mongoose.Model;Member[discriminators].AnyMember",
+            "mongoose.Model;mongoose.Models;AnyMember",
+            "mongoose.Model;mongoose.PopulateOptions;Member[model]",
+            "mongoose.Model;mongoose.Query;Member[cast].Argument[0]",
+            "mongoose.Model;mongoose.Query;Member[populate].Argument[2]",
+            "mongoose.Model;mongoose.Schema.Types.Array;Member[discriminator].WithArity[2,3].ReturnValue",
+            "mongoose.Model;mongoose.Schema.Types.DocumentArray;Member[discriminator].WithArity[2,3].ReturnValue",
+            "mongoose.Model;mongoose.Schema.Types.Subdocument;Member[discriminator].WithArity[2,3].ReturnValue",
+            "mongoose.Model;mongoose.SchemaStatic;Instance.TypeVar[mongoose.Schema.1]",
+            "mongoose.Model;mongoose;Member[Model]",
+            "mongoose.Model;mongoose;Member[model].ReturnValue",
+            "mongoose.Models;mongoose;Member[models]",
+            "mongoose.PopulateOption;mongoose.InsertManyOptions;",
+            "mongoose.PopulateOption;mongoose.QueryOptions;",
+            "mongoose.PopulateOptions;mongoose.Document;Member[populate].Argument[4]",
+            "mongoose.PopulateOptions;mongoose.Document;Member[populate].WithArity[1,2].Argument[0]",
+            "mongoose.PopulateOptions;mongoose.Document;Member[populate].WithArity[1,2].Argument[0].ArrayElement",
+            "mongoose.PopulateOptions;mongoose.Model;Member[populate].Argument[1]",
+            "mongoose.PopulateOptions;mongoose.Model;Member[populate].Argument[1].ArrayElement",
+            "mongoose.PopulateOptions;mongoose.PopulateOption;Member[populate]",
+            "mongoose.PopulateOptions;mongoose.PopulateOption;Member[populate].ArrayElement",
+            "mongoose.PopulateOptions;mongoose.PopulateOptions;Member[populate]",
+            "mongoose.PopulateOptions;mongoose.PopulateOptions;Member[populate].ArrayElement",
+            "mongoose.PopulateOptions;mongoose.Query;Member[populate].WithArity[1].Argument[0]",
+            "mongoose.PopulateOptions;mongoose.Query;Member[populate].WithArity[1].Argument[0].ArrayElement",
+            "mongoose.Query;mongoose.Document;Member[replaceOne,update,updateOne].ReturnValue",
+            "mongoose.Query;mongoose.HydratedDocument;TypeVar[mongoose.Require_id.0]",
+            "mongoose.Query;mongoose.Query;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,remove,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue",
+            "mongoose.Query;mongoose.Query;Member[error].WithArity[1].ReturnValue",
+            "mongoose.Query;mongoose.Query;Member[merge].Argument[0]",
+            "mongoose.Query;mongoose.QueryStatic;Instance",
+            "mongoose.Query;mongoose.QueryWithHelpers;",
+            "mongoose.QueryOptions;mongoose.Document;Member[delete,deleteOne,remove].WithArity[0,1,2].Argument[0]",
+            "mongoose.QueryOptions;mongoose.Document;Member[replaceOne,update,updateOne].Argument[1]",
+            "mongoose.QueryOptions;mongoose.Model;Member[countDocuments,findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[1]",
+            "mongoose.QueryOptions;mongoose.Model;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]",
+            "mongoose.QueryOptions;mongoose.Model;Member[estimatedDocumentCount].Argument[0]",
+            "mongoose.QueryOptions;mongoose.Model;Member[find,findById].WithArity[1,2,3,4].Argument[2]",
+            "mongoose.QueryOptions;mongoose.Model;Member[findByIdAndUpdate,findOne,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]",
+            "mongoose.QueryOptions;mongoose.Model;Member[replaceOne,update,updateMany,updateOne].Argument[2]",
+            "mongoose.QueryOptions;mongoose.PopulateOptions;Member[options]",
+            "mongoose.QueryOptions;mongoose.Query;Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1]",
+            "mongoose.QueryOptions;mongoose.Query;Member[cursor,estimatedDocumentCount,setOptions].Argument[0]",
+            "mongoose.QueryOptions;mongoose.Query;Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1]",
+            "mongoose.QueryOptions;mongoose.Query;Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]",
+            "mongoose.QueryOptions;mongoose.Query;Member[findByIdAndUpdate,findOne,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]",
+            "mongoose.QueryOptions;mongoose.Query;Member[find].WithArity[1,2,3,4].Argument[2]",
+            "mongoose.QueryOptions;mongoose.Query;Member[getOptions].ReturnValue",
+            "mongoose.QueryOptions;mongoose.Query;Member[replaceOne,update,updateMany,updateOne].Argument[2]",
+            "mongoose.QueryOptions;mongoose.VirtualTypeOptions;Member[options]",
+            "mongoose.QueryStatic;mongoose;Member[Query]",
+            "mongoose.QueryWithHelpers;mongoose.Document;Member[delete,deleteOne].WithArity[0,1].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Model;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Model;Member[exists].WithArity[1,2].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Model;Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Query;Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Query;Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue",
+            "mongoose.QueryWithHelpers;mongoose.Query;Member[toConstructor].ReturnValue.Instance",
+            "mongoose.Schema.Types.Array;mongoose.Schema.Types.Array;Member[enum].ReturnValue",
+            "mongoose.Schema.Types.Array;mongoose.Schema.Types.ArrayStatic;Instance",
+            "mongoose.Schema.Types.ArrayStatic;mongoose;Member[Schema].Member[Types].Member[Array]",
+            "mongoose.Schema.Types.DocumentArray;mongoose.Schema.Types.DocumentArrayStatic;Instance",
+            "mongoose.Schema.Types.DocumentArrayStatic;mongoose;Member[Schema].Member[Types].Member[DocumentArray]",
+            "mongoose.Schema.Types.Subdocument;mongoose.Schema.Types.SubdocumentStatic;Instance",
+            "mongoose.Schema.Types.SubdocumentStatic;mongoose.Schema.Types.DocumentArray;Member[caster]",
+            "mongoose.Schema.Types.SubdocumentStatic;mongoose;Member[Schema].Member[Types].Member[Subdocument]",
+            "mongoose.SchemaStatic;mongoose;Member[Schema]",
+            "mongoose.SessionOperation;mongoose.Aggregate;",
+            "mongoose.SessionOperation;mongoose.Query;",
+            "mongoose.TVirtualPathFN;mongoose.VirtualPathFunctions;Member[get,set]",
+            "mongoose.Types.Array;mongoose.Types.DocumentArray;",
+            "mongoose.Types.ArraySubdocument;mongoose.Types.ArraySubdocumentStatic;Instance",
+            "mongoose.Types.ArraySubdocumentStatic;mongoose;Member[Types].Member[ArraySubdocument]",
+            "mongoose.Types.DocumentArray;mongoose.Types.ArraySubdocument;Member[parentArray].ReturnValue",
+            "mongoose.Types.DocumentArray;mongoose.Types.DocumentArrayStatic;Instance",
+            "mongoose.Types.DocumentArray;mongoose/inferschematype.ResolvePathType;TypeVar[mongoose.IfEquals.3]",
+            "mongoose.Types.DocumentArrayStatic;mongoose;Member[Types].Member[DocumentArray]",
+            "mongoose.Types.ObjectId;mongoose/inferschematype.ResolvePathType;",
+            "mongoose.Types.Subdocument;mongoose.Types.ArraySubdocument;",
+            "mongoose.Types.Subdocument;mongoose.Types.DocumentArray;Member[create,id].ReturnValue",
+            "mongoose.Types.Subdocument;mongoose.Types.DocumentArray;TypeVar[mongoose.Types.Array.0]",
+            "mongoose.Types.Subdocument;mongoose.Types.SubdocumentStatic;Instance",
+            "mongoose.Types.SubdocumentStatic;mongoose;Member[Types].Member[Subdocument]",
+            "mongoose.VirtualType;mongoose.TVirtualPathFN;Argument[1]",
+            "mongoose.VirtualType;mongoose.VirtualType;Member[get,set].Argument[0].Argument[1]",
+            "mongoose.VirtualType;mongoose.VirtualType;Member[get,set].ReturnValue",
+            "mongoose.VirtualType;mongoose.VirtualTypeStatic;Instance",
+            "mongoose.VirtualTypeOptions;mongoose.VirtualPathFunctions;Member[options]",
+            "mongoose.VirtualTypeStatic;mongoose;Member[VirtualType]",
+            "mongoose/inferschematype.ResolvePathType;mongoose/inferschematype.ObtainDocumentPathType;",
+            "mongoose/inferschematype.ResolvePathType;mongoose/inferschematype.ResolvePathType;TypeVar[mongoose.IfEquals.3].ArrayElement",
+            "mongoose/inferschematype.ResolvePathType;mongoose/inferschematype.ResolvePathType;TypeVar[mongoose.IfEquals.3].TypeVar[mongoose.Types.DocumentArray.0]",
+            "mongoose;mongoose;Member[mongoose]"
         ],
         "summaries": [
-            "mongodb;AbstractCursor;;;Member[addCursorFlag,batchSize,maxTimeMS,withReadConcern,withReadPreference].ReturnValue;type",
-            "mongodb;BulkOperationBase;;;Member[addToOperationsList,raw].ReturnValue;type",
-            "mongodb;FindCursor;;;Member[addQueryModifier,allowDiskUse,collation,comment,filter,hint,limit,max,maxAwaitTimeMS,maxTimeMS,min,returnKey,showRecordId,skip,sort].ReturnValue;type",
-            "mongodb;FindOperators;;;Member[arrayFilters,collation,upsert].ReturnValue;type",
-            "mongodb;GridFSBucketWriteStream;;;Member[end].ReturnValue;type",
-            "mongodb;MongoClient;;;Member[connect].Argument[0].TypeVar[mongodb.Callback.0];type",
-            "mongodb;MongoClient;;;Member[connect].WithArity[0].ReturnValue.Awaited;type",
-            "mongodb;OrderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type",
-            "mongodb;TypedEventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type",
-            "mongodb;UnorderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type",
-            "mongoose;Aggregate;;;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue;type",
-            "mongoose;Connection;;;Member[asPromise].ReturnValue.Awaited;type",
-            "mongoose;Connection;;;Member[deleteModel,setClient].ReturnValue;type",
-            "mongoose;Cursor;;;Member[addCursorFlag].ReturnValue;type",
-            "mongoose;Document;;;Member[$inc,$set,depopulate,increment,init,overwrite,set].ReturnValue;type",
-            "mongoose;Document;;;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1];type",
-            "mongoose;Document;;;Member[getChanges].ReturnValue.TypeVar[mongoose.UpdateQuery.0];type",
-            "mongoose;Document;;;Member[init].Argument[2].TypeVar[mongoose.Callback.0];type",
-            "mongoose;Document;;;Member[populate].Argument[1,5].TypeVar[mongoose.Callback.0].TypeVar[mongoose.MergeType.0];type",
-            "mongoose;Document;;;Member[populate].WithArity[1,2,3,4,5].ReturnValue.Awaited.TypeVar[mongoose.MergeType.0];type",
-            "mongoose;Document;;;Member[remove,save].WithArity[0,1].ReturnValue.Awaited;type",
-            "mongoose;Document;;;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1];type",
-            "mongoose;Document;;;Member[save].Argument[1].TypeVar[mongoose.Callback.0];type",
-            "mongoose;Document;;;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0];type",
-            "mongoose;Document;;;Member[update,updateOne].Argument[0].TypeVar[mongoose.UpdateQuery.0];type",
-            "mongoose;Query;;;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue;type",
-            "mongoose;Query;;;Member[error].WithArity[1].ReturnValue;type",
-            "mongoose;Schema.Types.Array;;;Member[enum].ReturnValue;type",
-            "mongoose;SessionOperation;;;Member[session].ReturnValue;type",
-            "mongoose;Types.Array;;;Member[pull,remove,set].ReturnValue;type",
-            "mongoose;Types.ObjectId;;;Member[_id];type",
-            "mongoose;VirtualType;;;Member[get,set].ReturnValue;type"
+            "mongodb.AbstractCursor;;;Member[addCursorFlag,batchSize,maxTimeMS,withReadConcern,withReadPreference].ReturnValue;type",
+            "mongodb.BulkOperationBase;;;Member[addToOperationsList,raw].ReturnValue;type",
+            "mongodb.FindCursor;;;Member[addQueryModifier,allowDiskUse,collation,comment,filter,hint,limit,max,maxAwaitTimeMS,maxTimeMS,min,returnKey,showRecordId,skip,sort].ReturnValue;type",
+            "mongodb.FindOperators;;;Member[arrayFilters,collation,upsert].ReturnValue;type",
+            "mongodb.GridFSBucketWriteStream;;;Member[end].ReturnValue;type",
+            "mongodb.MongoClient;;;Member[connect].Argument[0].TypeVar[mongodb.Callback.0];type",
+            "mongodb.MongoClient;;;Member[connect].WithArity[0].ReturnValue.Awaited;type",
+            "mongodb.OrderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type",
+            "mongodb.TypedEventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type",
+            "mongodb.UnorderedBulkOperation;;;Member[addToOperationsList].ReturnValue;type",
+            "mongoose.Aggregate;;;Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue;type",
+            "mongoose.Connection;;;Member[asPromise].ReturnValue.Awaited;type",
+            "mongoose.Connection;;;Member[deleteModel,setClient].ReturnValue;type",
+            "mongoose.Cursor;;;Member[addCursorFlag].ReturnValue;type",
+            "mongoose.Document;;;Member[$inc,$set,depopulate,increment,init,overwrite,set].ReturnValue;type",
+            "mongoose.Document;;;Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1];type",
+            "mongoose.Document;;;Member[getChanges].ReturnValue.TypeVar[mongoose.UpdateQuery.0];type",
+            "mongoose.Document;;;Member[init].Argument[2].TypeVar[mongoose.Callback.0];type",
+            "mongoose.Document;;;Member[populate].Argument[1,5].TypeVar[mongoose.Callback.0].TypeVar[mongoose.MergeType.0];type",
+            "mongoose.Document;;;Member[populate].WithArity[1,2,3,4,5].ReturnValue.Awaited.TypeVar[mongoose.MergeType.0];type",
+            "mongoose.Document;;;Member[remove,save].WithArity[0,1].ReturnValue.Awaited;type",
+            "mongoose.Document;;;Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1];type",
+            "mongoose.Document;;;Member[save].Argument[1].TypeVar[mongoose.Callback.0];type",
+            "mongoose.Document;;;Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0];type",
+            "mongoose.Document;;;Member[update,updateOne].Argument[0].TypeVar[mongoose.UpdateQuery.0];type",
+            "mongoose.Query;;;Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue;type",
+            "mongoose.Query;;;Member[error].WithArity[1].ReturnValue;type",
+            "mongoose.Schema.Types.Array;;;Member[enum].ReturnValue;type",
+            "mongoose.SessionOperation;;;Member[session].ReturnValue;type",
+            "mongoose.Types.Array;;;Member[pull,remove,set].ReturnValue;type",
+            "mongoose.Types.ObjectId;;;Member[_id];type",
+            "mongoose.VirtualType;;;Member[get,set].ReturnValue;type"
         ],
         "typeVariables": [
             "mongodb.Callback.0;Argument[1]",
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.yml
new file mode 100644
index 00000000000..e2f3f20ee29
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mongodb/model.yml
@@ -0,0 +1,791 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - [mongodb.Collection, "Member[aggregate,count,countDocuments,deleteMany,deleteOne,find,findOne,findOneAndDelete,findOneAndReplace,remove,replaceOne,watch].Argument[0]", mongodb.sink]
+      - [mongodb.Collection, "Member[distinct].Argument[1]", mongodb.sink]
+      - [mongodb.Collection, "Member[findOneAndUpdate,update,updateMany,updateOne].Argument[0,1]", mongodb.sink]
+      - [mongodb.Db, "Member[aggregate,watch].Argument[0]", mongodb.sink]
+      - [mongodb.DeleteManyModel, "Member[filter]", mongodb.sink]
+      - [mongodb.DeleteOneModel, "Member[filter]", mongodb.sink]
+      - [mongodb.MongoClient, "Member[watch].Argument[0]", mongodb.sink]
+      - [mongodb.UpdateManyModel, "Member[filter,update]", mongodb.sink]
+      - [mongodb.UpdateOneModel, "Member[filter,update]", mongodb.sink]
+      - [mongoose.CollectionBase, "Member[findAndModify].Argument[0]", mongodb.sink]
+      - [mongoose.Connection, "Member[watch].Argument[0]", mongodb.sink]
+      - [mongoose.Document, "Member[update,updateOne].Argument[0]", mongodb.sink]
+      - [mongoose.Model, "Member[$where,aggregate,exists,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,findOneAndReplace,geoSearch,remove,replaceOne,watch].Argument[0]", mongodb.sink]
+      - [mongoose.Model, "Member[count,where].WithArity[1,2].Argument[0]", mongodb.sink]
+      - [mongoose.Model, "Member[countDocuments].WithArity[1,2,3].Argument[0]", mongodb.sink]
+      - [mongoose.Model, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0]", mongodb.sink]
+      - [mongoose.Model, "Member[distinct,where].Argument[1]", mongodb.sink]
+      - [mongoose.Model, "Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1]", mongodb.sink]
+      - [mongoose.Model, "Member[find].WithArity[1,2,3,4].Argument[0]", mongodb.sink]
+      - [mongoose.Query, "Member[$where,and,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,nor,or,remove,replaceOne,setUpdate].Argument[0]", mongodb.sink]
+      - [mongoose.Query, "Member[count,where].WithArity[1,2].Argument[0]", mongodb.sink]
+      - [mongoose.Query, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0]", mongodb.sink]
+      - [mongoose.Query, "Member[distinct,where].Argument[1]", mongodb.sink]
+      - [mongoose.Query, "Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[0,1]", mongodb.sink]
+      - [mongoose.Query, "Member[find].WithArity[1,2,3,4].Argument[0]", mongodb.sink]
+      - [mongoose.QueryStatic, "Argument[2]", mongodb.sink]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [mongodb.AbstractCursor, mongodb.FindCursor, ""]
+      - [mongodb.AbstractCursor, mongodb.ListCollectionsCursor, ""]
+      - [mongodb.AbstractCursor, mongodb.ListIndexesCursor, ""]
+      - [mongodb.AbstractCursorOptions, mongodb.AggregationCursorOptions, ""]
+      - [mongodb.AbstractCursorOptions, "mongodb/mongodb.AbstractCursorOptions", ""]
+      - [mongodb.AbstractCursorOptions, mongoose.mongodb.AbstractCursorOptions, ""]
+      - [mongodb.AddUserOptions, mongodb.Admin, "Member[addUser].Argument[1,2]"]
+      - [mongodb.AddUserOptions, mongodb.Db, "Member[addUser].Argument[1,2]"]
+      - [mongodb.AddUserOptions, "mongodb/mongodb.AddUserOptions", ""]
+      - [mongodb.AddUserOptions, mongoose.mongodb.AddUserOptions, ""]
+      - [mongodb.Admin, mongodb.AdminStatic, Instance]
+      - [mongodb.Admin, mongodb.Db, "Member[admin].ReturnValue"]
+      - [mongodb.Admin, "mongodb/mongodb.Admin", ""]
+      - [mongodb.Admin, mongoose.mongodb.Admin, ""]
+      - [mongodb.AdminStatic, "mongodb/mongodb.AdminStatic", ""]
+      - [mongodb.AdminStatic, mongodb, "Member[Admin]"]
+      - [mongodb.AdminStatic, mongoose.mongodb.AdminStatic, ""]
+      - [mongodb.AggregateOptions, mongodb.AggregationCursorOptions, ""]
+      - [mongodb.AggregateOptions, mongodb.ChangeStreamOptions, ""]
+      - [mongodb.AggregateOptions, mongodb.Collection, "Member[aggregate].Argument[1]"]
+      - [mongodb.AggregateOptions, mongodb.CountDocumentsOptions, ""]
+      - [mongodb.AggregateOptions, mongodb.Db, "Member[aggregate].Argument[1]"]
+      - [mongodb.AggregateOptions, "mongodb/mongodb.AggregateOptions", ""]
+      - [mongodb.AggregateOptions, mongoose.mongodb.AggregateOptions, ""]
+      - [mongodb.AggregationCursorOptions, "mongodb/mongodb.AggregationCursorOptions", ""]
+      - [mongodb.AggregationCursorOptions, mongoose.mongodb.AggregationCursorOptions, ""]
+      - [mongodb.AnyBulkWriteOperation, mongodb.BulkOperationBase, "Member[raw].Argument[0]"]
+      - [mongodb.AnyBulkWriteOperation, mongodb.Collection, "Member[bulkWrite].Argument[0].ArrayElement"]
+      - [mongodb.AnyBulkWriteOperation, "mongodb/mongodb.AnyBulkWriteOperation", ""]
+      - [mongodb.AnyBulkWriteOperation, mongoose.mongodb.AnyBulkWriteOperation, ""]
+      - [mongodb.Auth, mongodb.MongoClientOptions, "Member[auth]"]
+      - [mongodb.Auth, "mongodb/mongodb.Auth", ""]
+      - [mongodb.Auth, mongoose.mongodb.Auth, ""]
+      - [mongodb.AutoEncrypter, mongodb.AutoEncrypter, Instance]
+      - [mongodb.AutoEncrypter, mongodb.ConnectionOptions, "Member[autoEncrypter]"]
+      - [mongodb.AutoEncrypter, mongodb.MongoClient, "Member[autoEncrypter]"]
+      - [mongodb.AutoEncrypter, mongodb.MongoOptions, "Member[autoEncrypter]"]
+      - [mongodb.AutoEncrypter, "mongodb/mongodb.AutoEncrypter", ""]
+      - [mongodb.AutoEncrypter, mongoose.mongodb.AutoEncrypter, ""]
+      - [mongodb.AutoEncryptionOptions, mongodb.AutoEncrypter, "Argument[1]"]
+      - [mongodb.AutoEncryptionOptions, mongodb.MongoClientOptions, "Member[autoEncryption]"]
+      - [mongodb.AutoEncryptionOptions, "mongodb/mongodb.AutoEncryptionOptions", ""]
+      - [mongodb.AutoEncryptionOptions, mongoose.mongodb.AutoEncryptionOptions, ""]
+      - [mongodb.BulkOperationBase, mongodb.BulkOperationBase, "Member[addToOperationsList,insert,raw].ReturnValue"]
+      - [mongodb.BulkOperationBase, mongodb.BulkOperationBaseStatic, Instance]
+      - [mongodb.BulkOperationBase, mongodb.FindOperators, "Member[bulkOperation]"]
+      - [mongodb.BulkOperationBase, mongodb.FindOperators, "Member[delete,deleteOne,replaceOne,update,updateOne].ReturnValue"]
+      - [mongodb.BulkOperationBase, mongodb.OrderedBulkOperation, ""]
+      - [mongodb.BulkOperationBase, mongodb.UnorderedBulkOperation, ""]
+      - [mongodb.BulkOperationBase, "mongodb/mongodb.BulkOperationBase", ""]
+      - [mongodb.BulkOperationBase, mongoose.mongodb.BulkOperationBase, ""]
+      - [mongodb.BulkOperationBaseStatic, "mongodb/mongodb.BulkOperationBaseStatic", ""]
+      - [mongodb.BulkOperationBaseStatic, mongodb, "Member[BulkOperationBase]"]
+      - [mongodb.BulkOperationBaseStatic, mongoose.mongodb.BulkOperationBaseStatic, ""]
+      - [mongodb.BulkWriteOptions, mongodb.BulkOperationBase, "Member[execute].WithArity[0,1,2].Argument[0]"]
+      - [mongodb.BulkWriteOptions, mongodb.Collection, "Member[bulkWrite,insert,insertMany].Argument[1]"]
+      - [mongodb.BulkWriteOptions, mongodb.Collection, "Member[initializeOrderedBulkOp,initializeUnorderedBulkOp].Argument[0]"]
+      - [mongodb.BulkWriteOptions, mongodb.OrderedBulkOperationStatic, "Argument[1]"]
+      - [mongodb.BulkWriteOptions, mongodb.UnorderedBulkOperationStatic, "Argument[1]"]
+      - [mongodb.BulkWriteOptions, "mongodb/mongodb.BulkWriteOptions", ""]
+      - [mongodb.BulkWriteOptions, mongoose.mongodb.BulkWriteOptions, ""]
+      - [mongodb.ChangeStream, mongodb.ChangeStreamStatic, Instance]
+      - [mongodb.ChangeStream, mongodb.Collection, "Member[watch].ReturnValue"]
+      - [mongodb.ChangeStream, mongodb.Db, "Member[watch].ReturnValue"]
+      - [mongodb.ChangeStream, mongodb.MongoClient, "Member[watch].ReturnValue"]
+      - [mongodb.ChangeStream, "mongodb/mongodb.ChangeStream", ""]
+      - [mongodb.ChangeStream, mongoose.mongodb.ChangeStream, ""]
+      - [mongodb.ChangeStreamOptions, mongodb.ChangeStream, "Member[options]"]
+      - [mongodb.ChangeStreamOptions, mongodb.Collection, "Member[watch].Argument[1]"]
+      - [mongodb.ChangeStreamOptions, mongodb.Db, "Member[watch].Argument[1]"]
+      - [mongodb.ChangeStreamOptions, mongodb.MongoClient, "Member[watch].Argument[1]"]
+      - [mongodb.ChangeStreamOptions, "mongodb/mongodb.ChangeStreamOptions", ""]
+      - [mongodb.ChangeStreamOptions, mongoose.mongodb.ChangeStreamOptions, ""]
+      - [mongodb.ChangeStreamStatic, "mongodb/mongodb.ChangeStreamStatic", ""]
+      - [mongodb.ChangeStreamStatic, mongodb, "Member[ChangeStream]"]
+      - [mongodb.ChangeStreamStatic, mongoose.mongodb.ChangeStreamStatic, ""]
+      - [mongodb.ClientSession, mongodb.AbstractCursorOptions, "Member[session]"]
+      - [mongodb.ClientSession, mongodb.ClientSession, "Member[equals].Argument[0]"]
+      - [mongodb.ClientSession, mongodb.ClientSessionEvents, "Member[ended].Argument[0]"]
+      - [mongodb.ClientSession, mongodb.ClientSessionStatic, Instance]
+      - [mongodb.ClientSession, mongodb.IndexInformationOptions, "Member[session]"]
+      - [mongodb.ClientSession, mongodb.MongoClient, "Member[startSession].ReturnValue"]
+      - [mongodb.ClientSession, mongodb.OperationOptions, "Member[session]"]
+      - [mongodb.ClientSession, mongodb.ReadPreferenceFromOptions, "Member[session]"]
+      - [mongodb.ClientSession, mongodb.SelectServerOptions, "Member[session]"]
+      - [mongodb.ClientSession, mongodb.WithSessionCallback, "Argument[0]"]
+      - [mongodb.ClientSession, mongodb.WithTransactionCallback, "Argument[0]"]
+      - [mongodb.ClientSession, "mongodb/mongodb.ClientSession", ""]
+      - [mongodb.ClientSession, mongoose.mongodb.ClientSession, ""]
+      - [mongodb.ClientSessionEvents, "mongodb/mongodb.ClientSessionEvents", ""]
+      - [mongodb.ClientSessionEvents, mongoose.mongodb.ClientSessionEvents, ""]
+      - [mongodb.ClientSessionOptions, mongodb.MongoClient, "Member[startSession].Argument[0]"]
+      - [mongodb.ClientSessionOptions, mongodb.MongoClient, "Member[withSession].WithArity[2].Argument[0]"]
+      - [mongodb.ClientSessionOptions, "mongodb/mongodb.ClientSessionOptions", ""]
+      - [mongodb.ClientSessionOptions, mongoose.mongodb.ClientSessionOptions, ""]
+      - [mongodb.ClientSessionStatic, "mongodb/mongodb.ClientSessionStatic", ""]
+      - [mongodb.ClientSessionStatic, mongodb, "Member[ClientSession]"]
+      - [mongodb.ClientSessionStatic, mongoose.mongodb.ClientSessionStatic, ""]
+      - [mongodb.CollStatsOptions, mongodb.Collection, "Member[stats].Argument[0]"]
+      - [mongodb.CollStatsOptions, "mongodb/mongodb.CollStatsOptions", ""]
+      - [mongodb.CollStatsOptions, mongoose.mongodb.CollStatsOptions, ""]
+      - [mongodb.Collection, mongodb.ChangeStream, "Member[parent]"]
+      - [mongodb.Collection, mongodb.Collection, "Member[rename].Argument[1,2].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.Collection, mongodb.Collection, "Member[rename].WithArity[1,2].ReturnValue.Awaited"]
+      - [mongodb.Collection, mongodb.CollectionStatic, Instance]
+      - [mongodb.Collection, mongodb.Db, "Member[collection].ReturnValue"]
+      - [mongodb.Collection, mongodb.Db, "Member[collections].Argument[0,1].TypeVar[mongodb.Callback.0].ArrayElement"]
+      - [mongodb.Collection, mongodb.Db, "Member[collections].WithArity[0,1].ReturnValue.Awaited.ArrayElement"]
+      - [mongodb.Collection, mongodb.Db, "Member[createCollection].Argument[2].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.Collection, mongodb.Db, "Member[createCollection].WithArity[1,2].ReturnValue.Awaited"]
+      - [mongodb.Collection, mongodb.Db, "Member[createCollection].WithArity[2].Argument[1].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.Collection, mongodb.Db, "Member[renameCollection].Argument[2,3].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.Collection, mongodb.Db, "Member[renameCollection].WithArity[2,3].ReturnValue.Awaited"]
+      - [mongodb.Collection, mongodb.GridFSBucketWriteStream, "Member[chunks,files]"]
+      - [mongodb.Collection, mongodb.ListIndexesCursor, "Member[parent]"]
+      - [mongodb.Collection, mongodb.ListIndexesCursorStatic, "Argument[0]"]
+      - [mongodb.Collection, mongodb.OrderedBulkOperationStatic, "Argument[0]"]
+      - [mongodb.Collection, mongodb.UnorderedBulkOperationStatic, "Argument[0]"]
+      - [mongodb.Collection, "mongodb/mongodb.Collection", ""]
+      - [mongodb.Collection, mongoose.mongodb.Collection, ""]
+      - [mongodb.CollectionStatic, "mongodb/mongodb.CollectionStatic", ""]
+      - [mongodb.CollectionStatic, mongodb, "Member[Collection]"]
+      - [mongodb.CollectionStatic, mongoose.mongodb.CollectionStatic, ""]
+      - [mongodb.CommandOperationOptions, mongodb.AddUserOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.Admin, "Member[buildInfo,ping,replSetGetStatus,serverInfo,serverStatus].Argument[0]"]
+      - [mongodb.CommandOperationOptions, mongodb.AggregateOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.BulkWriteOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.CollStatsOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.CountOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.CreateCollectionOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.CreateIndexesOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DbStatsOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DeleteOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DistinctOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DropCollectionOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DropDatabaseOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.DropIndexesOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.EstimatedDocumentCountOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.EvalOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.FindOneAndDeleteOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.FindOneAndReplaceOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.FindOneAndUpdateOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.FindOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.InsertOneOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ListCollectionsOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ListDatabasesOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ListIndexesOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.MapReduceOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ProfilingLevelOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.RemoveUserOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.RenameOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ReplaceOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.RunCommandOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.SetProfilingLevelOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.TransactionOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.UpdateOptions, ""]
+      - [mongodb.CommandOperationOptions, mongodb.ValidateCollectionOptions, ""]
+      - [mongodb.CommandOperationOptions, "mongodb/mongodb.CommandOperationOptions", ""]
+      - [mongodb.CommandOperationOptions, mongoose.mongodb.CommandOperationOptions, ""]
+      - [mongodb.ConnectionOptions, "mongodb/mongodb.ConnectionOptions", ""]
+      - [mongodb.ConnectionOptions, mongoose.mongodb.ConnectionOptions, ""]
+      - [mongodb.CountDocumentsOptions, mongodb.Collection, "Member[countDocuments].Argument[1]"]
+      - [mongodb.CountDocumentsOptions, "mongodb/mongodb.CountDocumentsOptions", ""]
+      - [mongodb.CountDocumentsOptions, mongoose.mongodb.CountDocumentsOptions, ""]
+      - [mongodb.CountOptions, mongodb.Collection, "Member[count].Argument[1]"]
+      - [mongodb.CountOptions, mongodb.FindCursor, "Member[count].Argument[0]"]
+      - [mongodb.CountOptions, "mongodb/mongodb.CountOptions", ""]
+      - [mongodb.CountOptions, mongoose.mongodb.CountOptions, ""]
+      - [mongodb.CreateCollectionOptions, mongodb.Db, "Member[createCollection].WithArity[1,2,3].Argument[1]"]
+      - [mongodb.CreateCollectionOptions, "mongodb/mongodb.CreateCollectionOptions", ""]
+      - [mongodb.CreateCollectionOptions, mongoose.mongodb.CreateCollectionOptions, ""]
+      - [mongodb.CreateIndexesOptions, mongodb.Collection, "Member[createIndex,createIndexes].Argument[1]"]
+      - [mongodb.CreateIndexesOptions, mongodb.Db, "Member[createIndex].Argument[2]"]
+      - [mongodb.CreateIndexesOptions, "mongodb/mongodb.CreateIndexesOptions", ""]
+      - [mongodb.CreateIndexesOptions, mongoose.mongodb.CreateIndexesOptions, ""]
+      - [mongodb.Db, mongodb.ChangeStream, "Member[parent]"]
+      - [mongodb.Db, mongodb.DbStatic, Instance]
+      - [mongodb.Db, mongodb.GridFSBucketStatic, "Argument[0]"]
+      - [mongodb.Db, mongodb.ListCollectionsCursor, "Member[parent]"]
+      - [mongodb.Db, mongodb.ListCollectionsCursorStatic, "Argument[0]"]
+      - [mongodb.Db, mongodb.MongoClient, "Member[db].ReturnValue"]
+      - [mongodb.Db, "mongodb/mongodb.Db", ""]
+      - [mongodb.Db, mongoose.mongodb.Db, ""]
+      - [mongodb.DbStatic, "mongodb/mongodb.DbStatic", ""]
+      - [mongodb.DbStatic, mongodb, "Member[Db]"]
+      - [mongodb.DbStatic, mongoose.mongodb.DbStatic, ""]
+      - [mongodb.DbStatsOptions, mongodb.Db, "Member[stats].Argument[0]"]
+      - [mongodb.DbStatsOptions, "mongodb/mongodb.DbStatsOptions", ""]
+      - [mongodb.DbStatsOptions, mongoose.mongodb.DbStatsOptions, ""]
+      - [mongodb.DeleteManyModel, mongodb.AnyBulkWriteOperation, "Member[deleteMany]"]
+      - [mongodb.DeleteManyModel, "mongodb/mongodb.DeleteManyModel", ""]
+      - [mongodb.DeleteManyModel, mongoose.mongodb.DeleteManyModel, ""]
+      - [mongodb.DeleteOneModel, mongodb.AnyBulkWriteOperation, "Member[deleteOne]"]
+      - [mongodb.DeleteOneModel, "mongodb/mongodb.DeleteOneModel", ""]
+      - [mongodb.DeleteOneModel, mongoose.mongodb.DeleteOneModel, ""]
+      - [mongodb.DeleteOptions, mongodb.Collection, "Member[deleteMany,deleteOne,remove].Argument[1]"]
+      - [mongodb.DeleteOptions, "mongodb/mongodb.DeleteOptions", ""]
+      - [mongodb.DeleteOptions, mongoose.mongodb.DeleteOptions, ""]
+      - [mongodb.DistinctOptions, mongodb.Collection, "Member[distinct].Argument[2]"]
+      - [mongodb.DistinctOptions, "mongodb/mongodb.DistinctOptions", ""]
+      - [mongodb.DistinctOptions, mongoose.mongodb.DistinctOptions, ""]
+      - [mongodb.DropCollectionOptions, mongodb.Collection, "Member[drop].Argument[0]"]
+      - [mongodb.DropCollectionOptions, mongodb.Db, "Member[dropCollection].Argument[1]"]
+      - [mongodb.DropCollectionOptions, "mongodb/mongodb.DropCollectionOptions", ""]
+      - [mongodb.DropCollectionOptions, mongoose.mongodb.DropCollectionOptions, ""]
+      - [mongodb.DropDatabaseOptions, mongodb.Db, "Member[dropDatabase].Argument[0]"]
+      - [mongodb.DropDatabaseOptions, "mongodb/mongodb.DropDatabaseOptions", ""]
+      - [mongodb.DropDatabaseOptions, mongoose.mongodb.DropDatabaseOptions, ""]
+      - [mongodb.DropIndexesOptions, mongodb.Collection, "Member[dropIndex].Argument[1]"]
+      - [mongodb.DropIndexesOptions, mongodb.Collection, "Member[dropIndexes].Argument[0]"]
+      - [mongodb.DropIndexesOptions, "mongodb/mongodb.DropIndexesOptions", ""]
+      - [mongodb.DropIndexesOptions, mongoose.mongodb.DropIndexesOptions, ""]
+      - [mongodb.EstimatedDocumentCountOptions, mongodb.Collection, "Member[estimatedDocumentCount].Argument[0]"]
+      - [mongodb.EstimatedDocumentCountOptions, "mongodb/mongodb.EstimatedDocumentCountOptions", ""]
+      - [mongodb.EstimatedDocumentCountOptions, mongoose.mongodb.EstimatedDocumentCountOptions, ""]
+      - [mongodb.EvalOptions, "mongodb/mongodb.EvalOptions", ""]
+      - [mongodb.EvalOptions, mongoose.mongodb.EvalOptions, ""]
+      - [mongodb.FindCursor, mongodb.Collection, "Member[find].WithArity[0,1,2].ReturnValue"]
+      - [mongodb.FindCursor, mongodb.FindCursor, "Member[addQueryModifier,allowDiskUse,clone,collation,comment,filter,hint,limit,map,max,maxAwaitTimeMS,maxTimeMS,min,project,returnKey,showRecordId,skip,sort].ReturnValue"]
+      - [mongodb.FindCursor, mongodb.FindCursorStatic, Instance]
+      - [mongodb.FindCursor, mongodb.GridFSBucket, "Member[find].ReturnValue"]
+      - [mongodb.FindCursor, "mongodb/mongodb.FindCursor", ""]
+      - [mongodb.FindCursor, mongoose.mongodb.FindCursor, ""]
+      - [mongodb.FindCursorStatic, "mongodb/mongodb.FindCursorStatic", ""]
+      - [mongodb.FindCursorStatic, mongodb, "Member[FindCursor]"]
+      - [mongodb.FindCursorStatic, mongoose.mongodb.FindCursorStatic, ""]
+      - [mongodb.FindOneAndDeleteOptions, mongodb.Collection, "Member[findOneAndDelete].Argument[1]"]
+      - [mongodb.FindOneAndDeleteOptions, "mongodb/mongodb.FindOneAndDeleteOptions", ""]
+      - [mongodb.FindOneAndDeleteOptions, mongoose.mongodb.FindOneAndDeleteOptions, ""]
+      - [mongodb.FindOneAndReplaceOptions, mongodb.Collection, "Member[findOneAndReplace].Argument[2]"]
+      - [mongodb.FindOneAndReplaceOptions, "mongodb/mongodb.FindOneAndReplaceOptions", ""]
+      - [mongodb.FindOneAndReplaceOptions, mongoose.mongodb.FindOneAndReplaceOptions, ""]
+      - [mongodb.FindOneAndUpdateOptions, mongodb.Collection, "Member[findOneAndUpdate].Argument[2]"]
+      - [mongodb.FindOneAndUpdateOptions, "mongodb/mongodb.FindOneAndUpdateOptions", ""]
+      - [mongodb.FindOneAndUpdateOptions, mongoose.mongodb.FindOneAndUpdateOptions, ""]
+      - [mongodb.FindOperators, mongodb.BulkOperationBase, "Member[find].ReturnValue"]
+      - [mongodb.FindOperators, mongodb.FindOperators, "Member[arrayFilters,collation,upsert].ReturnValue"]
+      - [mongodb.FindOperators, mongodb.FindOperatorsStatic, Instance]
+      - [mongodb.FindOperators, "mongodb/mongodb.FindOperators", ""]
+      - [mongodb.FindOperators, mongoose.mongodb.FindOperators, ""]
+      - [mongodb.FindOperatorsStatic, "mongodb/mongodb.FindOperatorsStatic", ""]
+      - [mongodb.FindOperatorsStatic, mongodb, "Member[FindOperators]"]
+      - [mongodb.FindOperatorsStatic, mongoose.mongodb.FindOperatorsStatic, ""]
+      - [mongodb.FindOptions, mongodb.Collection, "Member[find,findOne].Argument[1]"]
+      - [mongodb.FindOptions, mongodb.GridFSBucket, "Member[find].Argument[1]"]
+      - [mongodb.FindOptions, "mongodb/mongodb.FindOptions", ""]
+      - [mongodb.FindOptions, mongoose.mongodb.FindOptions, ""]
+      - [mongodb.GridFSBucket, mongodb.GridFSBucketStatic, Instance]
+      - [mongodb.GridFSBucket, mongodb.GridFSBucketWriteStream, "Member[bucket]"]
+      - [mongodb.GridFSBucket, "mongodb/mongodb.GridFSBucket", ""]
+      - [mongodb.GridFSBucket, mongoose.mongodb.GridFSBucket, ""]
+      - [mongodb.GridFSBucketStatic, "mongodb/mongodb.GridFSBucketStatic", ""]
+      - [mongodb.GridFSBucketStatic, mongodb, "Member[GridFSBucket]"]
+      - [mongodb.GridFSBucketStatic, mongoose.mongodb.GridFSBucketStatic, ""]
+      - [mongodb.GridFSBucketWriteStream, mongodb.GridFSBucket, "Member[openUploadStream,openUploadStreamWithId].ReturnValue"]
+      - [mongodb.GridFSBucketWriteStream, mongodb.GridFSBucketWriteStream, "Member[end].ReturnValue"]
+      - [mongodb.GridFSBucketWriteStream, mongodb.GridFSBucketWriteStreamStatic, Instance]
+      - [mongodb.GridFSBucketWriteStream, "mongodb/mongodb.GridFSBucketWriteStream", ""]
+      - [mongodb.GridFSBucketWriteStream, mongoose.mongodb.GridFSBucketWriteStream, ""]
+      - [mongodb.GridFSBucketWriteStreamStatic, "mongodb/mongodb.GridFSBucketWriteStreamStatic", ""]
+      - [mongodb.GridFSBucketWriteStreamStatic, mongodb, "Member[GridFSBucketWriteStream]"]
+      - [mongodb.GridFSBucketWriteStreamStatic, mongoose.mongodb.GridFSBucketWriteStreamStatic, ""]
+      - [mongodb.IndexInformationOptions, mongodb.Collection, "Member[indexExists].Argument[1]"]
+      - [mongodb.IndexInformationOptions, mongodb.Collection, "Member[indexInformation,indexes].Argument[0]"]
+      - [mongodb.IndexInformationOptions, mongodb.Db, "Member[indexInformation].Argument[1]"]
+      - [mongodb.IndexInformationOptions, "mongodb/mongodb.IndexInformationOptions", ""]
+      - [mongodb.IndexInformationOptions, mongoose.mongodb.IndexInformationOptions, ""]
+      - [mongodb.InsertOneOptions, mongodb.Collection, "Member[insertOne].Argument[1]"]
+      - [mongodb.InsertOneOptions, "mongodb/mongodb.InsertOneOptions", ""]
+      - [mongodb.InsertOneOptions, mongoose.mongodb.InsertOneOptions, ""]
+      - [mongodb.ListCollectionsCursor, mongodb.Db, "Member[listCollections].WithArity[0,1,2].ReturnValue"]
+      - [mongodb.ListCollectionsCursor, mongodb.ListCollectionsCursor, "Member[clone].ReturnValue"]
+      - [mongodb.ListCollectionsCursor, mongodb.ListCollectionsCursorStatic, Instance]
+      - [mongodb.ListCollectionsCursor, "mongodb/mongodb.ListCollectionsCursor", ""]
+      - [mongodb.ListCollectionsCursor, mongoose.mongodb.ListCollectionsCursor, ""]
+      - [mongodb.ListCollectionsCursorStatic, "mongodb/mongodb.ListCollectionsCursorStatic", ""]
+      - [mongodb.ListCollectionsCursorStatic, mongodb, "Member[ListCollectionsCursor]"]
+      - [mongodb.ListCollectionsCursorStatic, mongoose.mongodb.ListCollectionsCursorStatic, ""]
+      - [mongodb.ListCollectionsOptions, mongodb.Db, "Member[collections].Argument[0]"]
+      - [mongodb.ListCollectionsOptions, mongodb.Db, "Member[listCollections].WithArity[0,1,2].Argument[1]"]
+      - [mongodb.ListCollectionsOptions, mongodb.ListCollectionsCursor, "Member[options]"]
+      - [mongodb.ListCollectionsOptions, mongodb.ListCollectionsCursorStatic, "Argument[2]"]
+      - [mongodb.ListCollectionsOptions, "mongodb/mongodb.ListCollectionsOptions", ""]
+      - [mongodb.ListCollectionsOptions, mongoose.mongodb.ListCollectionsOptions, ""]
+      - [mongodb.ListDatabasesOptions, mongodb.Admin, "Member[listDatabases].Argument[0]"]
+      - [mongodb.ListDatabasesOptions, "mongodb/mongodb.ListDatabasesOptions", ""]
+      - [mongodb.ListDatabasesOptions, mongoose.mongodb.ListDatabasesOptions, ""]
+      - [mongodb.ListIndexesCursor, mongodb.Collection, "Member[listIndexes].ReturnValue"]
+      - [mongodb.ListIndexesCursor, mongodb.ListIndexesCursor, "Member[clone].ReturnValue"]
+      - [mongodb.ListIndexesCursor, mongodb.ListIndexesCursorStatic, Instance]
+      - [mongodb.ListIndexesCursor, "mongodb/mongodb.ListIndexesCursor", ""]
+      - [mongodb.ListIndexesCursor, mongoose.mongodb.ListIndexesCursor, ""]
+      - [mongodb.ListIndexesCursorStatic, "mongodb/mongodb.ListIndexesCursorStatic", ""]
+      - [mongodb.ListIndexesCursorStatic, mongodb, "Member[ListIndexesCursor]"]
+      - [mongodb.ListIndexesCursorStatic, mongoose.mongodb.ListIndexesCursorStatic, ""]
+      - [mongodb.ListIndexesOptions, mongodb.Collection, "Member[listIndexes].Argument[0]"]
+      - [mongodb.ListIndexesOptions, mongodb.ListIndexesCursor, "Member[options]"]
+      - [mongodb.ListIndexesOptions, mongodb.ListIndexesCursorStatic, "Argument[1]"]
+      - [mongodb.ListIndexesOptions, "mongodb/mongodb.ListIndexesOptions", ""]
+      - [mongodb.ListIndexesOptions, mongoose.mongodb.ListIndexesOptions, ""]
+      - [mongodb.MapReduceOptions, mongodb.Collection, "Member[mapReduce].Argument[2]"]
+      - [mongodb.MapReduceOptions, "mongodb/mongodb.MapReduceOptions", ""]
+      - [mongodb.MapReduceOptions, mongoose.mongodb.MapReduceOptions, ""]
+      - [mongodb.MongoClient, mongodb.AutoEncrypter, "Argument[0]"]
+      - [mongodb.MongoClient, mongodb.AutoEncryptionOptions, "Member[keyVaultClient]"]
+      - [mongodb.MongoClient, mongodb.ChangeStream, "Member[parent]"]
+      - [mongodb.MongoClient, mongodb.DbStatic, "Argument[0]"]
+      - [mongodb.MongoClient, mongodb.MongoClient, "Member[connect].Argument[0].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.MongoClient, mongodb.MongoClient, "Member[connect].WithArity[0].ReturnValue.Awaited"]
+      - [mongodb.MongoClient, mongodb.MongoClientEvents, "Member[open].Argument[0]"]
+      - [mongodb.MongoClient, mongodb.MongoClientStatic, Instance]
+      - [mongodb.MongoClient, mongodb.MongoClientStatic, "Member[connect].Argument[1,2].TypeVar[mongodb.Callback.0]"]
+      - [mongodb.MongoClient, mongodb.MongoClientStatic, "Member[connect].WithArity[1,2].ReturnValue.Awaited"]
+      - [mongodb.MongoClient, "mongodb/mongodb.MongoClient", ""]
+      - [mongodb.MongoClient, mongoose.mongodb.MongoClient, ""]
+      - [mongodb.MongoClientEvents, "mongodb/mongodb.MongoClientEvents", ""]
+      - [mongodb.MongoClientEvents, mongoose.mongodb.MongoClientEvents, ""]
+      - [mongodb.MongoClientOptions, mongodb.MongoClientStatic, "Argument[1]"]
+      - [mongodb.MongoClientOptions, mongodb.MongoClientStatic, "Member[connect].Argument[1]"]
+      - [mongodb.MongoClientOptions, "mongodb/mongodb.MongoClientOptions", ""]
+      - [mongodb.MongoClientOptions, mongoose.mongodb.MongoClientOptions, ""]
+      - [mongodb.MongoClientStatic, "mongodb/mongodb.MongoClientStatic", ""]
+      - [mongodb.MongoClientStatic, mongodb, "Member[MongoClient]"]
+      - [mongodb.MongoClientStatic, mongoose.mongodb.MongoClientStatic, ""]
+      - [mongodb.MongoOptions, mongodb.ClientSession, "Member[clientOptions]"]
+      - [mongodb.MongoOptions, mongodb.MongoClient, "Member[options]"]
+      - [mongodb.MongoOptions, "mongodb/mongodb.MongoOptions", ""]
+      - [mongodb.MongoOptions, mongoose.mongodb.MongoOptions, ""]
+      - [mongodb.OperationOptions, mongodb.Collection, "Member[isCapped,options].Argument[0]"]
+      - [mongodb.OperationOptions, mongodb.CommandOperationOptions, ""]
+      - [mongodb.OperationOptions, "mongodb/mongodb.OperationOptions", ""]
+      - [mongodb.OperationOptions, mongoose.mongodb.OperationOptions, ""]
+      - [mongodb.OrderedBulkOperation, mongodb.Collection, "Member[initializeOrderedBulkOp].ReturnValue"]
+      - [mongodb.OrderedBulkOperation, mongodb.OrderedBulkOperation, "Member[addToOperationsList].ReturnValue"]
+      - [mongodb.OrderedBulkOperation, mongodb.OrderedBulkOperationStatic, Instance]
+      - [mongodb.OrderedBulkOperation, "mongodb/mongodb.OrderedBulkOperation", ""]
+      - [mongodb.OrderedBulkOperation, mongoose.mongodb.OrderedBulkOperation, ""]
+      - [mongodb.OrderedBulkOperationStatic, "mongodb/mongodb.OrderedBulkOperationStatic", ""]
+      - [mongodb.OrderedBulkOperationStatic, mongodb, "Member[OrderedBulkOperation]"]
+      - [mongodb.OrderedBulkOperationStatic, mongoose.mongodb.OrderedBulkOperationStatic, ""]
+      - [mongodb.ProfilingLevelOptions, mongodb.Db, "Member[profilingLevel].Argument[0]"]
+      - [mongodb.ProfilingLevelOptions, "mongodb/mongodb.ProfilingLevelOptions", ""]
+      - [mongodb.ProfilingLevelOptions, mongoose.mongodb.ProfilingLevelOptions, ""]
+      - [mongodb.ReadPreferenceFromOptions, mongodb.ReadPreferenceStatic, "Member[fromOptions].Argument[0]"]
+      - [mongodb.ReadPreferenceFromOptions, "mongodb/mongodb.ReadPreferenceFromOptions", ""]
+      - [mongodb.ReadPreferenceFromOptions, mongoose.mongodb.ReadPreferenceFromOptions, ""]
+      - [mongodb.ReadPreferenceStatic, "mongodb/mongodb.ReadPreferenceStatic", ""]
+      - [mongodb.ReadPreferenceStatic, mongodb, "Member[ReadPreference]"]
+      - [mongodb.ReadPreferenceStatic, mongoose.mongodb.ReadPreferenceStatic, ""]
+      - [mongodb.RemoveUserOptions, mongodb.Admin, "Member[removeUser].Argument[1]"]
+      - [mongodb.RemoveUserOptions, mongodb.Db, "Member[removeUser].Argument[1]"]
+      - [mongodb.RemoveUserOptions, "mongodb/mongodb.RemoveUserOptions", ""]
+      - [mongodb.RemoveUserOptions, mongoose.mongodb.RemoveUserOptions, ""]
+      - [mongodb.RenameOptions, mongodb.Collection, "Member[rename].Argument[1]"]
+      - [mongodb.RenameOptions, mongodb.Db, "Member[renameCollection].Argument[2]"]
+      - [mongodb.RenameOptions, "mongodb/mongodb.RenameOptions", ""]
+      - [mongodb.RenameOptions, mongoose.mongodb.RenameOptions, ""]
+      - [mongodb.ReplaceOptions, mongodb.Collection, "Member[replaceOne].Argument[2]"]
+      - [mongodb.ReplaceOptions, "mongodb/mongodb.ReplaceOptions", ""]
+      - [mongodb.ReplaceOptions, mongoose.mongodb.ReplaceOptions, ""]
+      - [mongodb.RunCommandOptions, mongodb.Admin, "Member[command].Argument[1]"]
+      - [mongodb.RunCommandOptions, mongodb.Db, "Member[command].Argument[1]"]
+      - [mongodb.RunCommandOptions, "mongodb/mongodb.RunCommandOptions", ""]
+      - [mongodb.RunCommandOptions, mongoose.mongodb.RunCommandOptions, ""]
+      - [mongodb.SelectServerOptions, "mongodb/mongodb.SelectServerOptions", ""]
+      - [mongodb.SelectServerOptions, mongoose.mongodb.SelectServerOptions, ""]
+      - [mongodb.SetProfilingLevelOptions, mongodb.Db, "Member[setProfilingLevel].Argument[1]"]
+      - [mongodb.SetProfilingLevelOptions, "mongodb/mongodb.SetProfilingLevelOptions", ""]
+      - [mongodb.SetProfilingLevelOptions, mongoose.mongodb.SetProfilingLevelOptions, ""]
+      - [mongodb.Transaction, mongodb.ClientSession, "Member[transaction]"]
+      - [mongodb.Transaction, mongodb.TransactionStatic, Instance]
+      - [mongodb.Transaction, "mongodb/mongodb.Transaction", ""]
+      - [mongodb.Transaction, mongoose.mongodb.Transaction, ""]
+      - [mongodb.TransactionOptions, mongodb.ClientSession, "Member[defaultTransactionOptions]"]
+      - [mongodb.TransactionOptions, mongodb.ClientSession, "Member[startTransaction].Argument[0]"]
+      - [mongodb.TransactionOptions, mongodb.ClientSession, "Member[withTransaction].Argument[1]"]
+      - [mongodb.TransactionOptions, mongodb.ClientSessionOptions, "Member[defaultTransactionOptions]"]
+      - [mongodb.TransactionOptions, mongodb.Transaction, "Member[options]"]
+      - [mongodb.TransactionOptions, "mongodb/mongodb.TransactionOptions", ""]
+      - [mongodb.TransactionOptions, mongoose.mongodb.TransactionOptions, ""]
+      - [mongodb.TransactionStatic, "mongodb/mongodb.TransactionStatic", ""]
+      - [mongodb.TransactionStatic, mongodb, "Member[Transaction]"]
+      - [mongodb.TransactionStatic, mongoose.mongodb.TransactionStatic, ""]
+      - [mongodb.TypedEventEmitter, mongodb.AbstractCursor, ""]
+      - [mongodb.TypedEventEmitter, mongodb.ChangeStream, ""]
+      - [mongodb.TypedEventEmitter, mongodb.ClientSession, ""]
+      - [mongodb.TypedEventEmitter, mongodb.GridFSBucket, ""]
+      - [mongodb.TypedEventEmitter, mongodb.MongoClient, ""]
+      - [mongodb.UnorderedBulkOperation, mongodb.Collection, "Member[initializeUnorderedBulkOp].ReturnValue"]
+      - [mongodb.UnorderedBulkOperation, mongodb.UnorderedBulkOperation, "Member[addToOperationsList].ReturnValue"]
+      - [mongodb.UnorderedBulkOperation, mongodb.UnorderedBulkOperationStatic, Instance]
+      - [mongodb.UnorderedBulkOperation, "mongodb/mongodb.UnorderedBulkOperation", ""]
+      - [mongodb.UnorderedBulkOperation, mongoose.mongodb.UnorderedBulkOperation, ""]
+      - [mongodb.UnorderedBulkOperationStatic, "mongodb/mongodb.UnorderedBulkOperationStatic", ""]
+      - [mongodb.UnorderedBulkOperationStatic, mongodb, "Member[UnorderedBulkOperation]"]
+      - [mongodb.UnorderedBulkOperationStatic, mongoose.mongodb.UnorderedBulkOperationStatic, ""]
+      - [mongodb.UpdateManyModel, mongodb.AnyBulkWriteOperation, "Member[updateMany]"]
+      - [mongodb.UpdateManyModel, "mongodb/mongodb.UpdateManyModel", ""]
+      - [mongodb.UpdateManyModel, mongoose.mongodb.UpdateManyModel, ""]
+      - [mongodb.UpdateOneModel, mongodb.AnyBulkWriteOperation, "Member[updateOne]"]
+      - [mongodb.UpdateOneModel, "mongodb/mongodb.UpdateOneModel", ""]
+      - [mongodb.UpdateOneModel, mongoose.mongodb.UpdateOneModel, ""]
+      - [mongodb.UpdateOptions, mongodb.Collection, "Member[update,updateMany,updateOne].Argument[2]"]
+      - [mongodb.UpdateOptions, "mongodb/mongodb.UpdateOptions", ""]
+      - [mongodb.UpdateOptions, mongoose.mongodb.UpdateOptions, ""]
+      - [mongodb.ValidateCollectionOptions, mongodb.Admin, "Member[validateCollection].Argument[1]"]
+      - [mongodb.ValidateCollectionOptions, "mongodb/mongodb.ValidateCollectionOptions", ""]
+      - [mongodb.ValidateCollectionOptions, mongoose.mongodb.ValidateCollectionOptions, ""]
+      - [mongodb.WithSessionCallback, mongodb.MongoClient, "Member[withSession].Argument[1]"]
+      - [mongodb.WithSessionCallback, mongodb.MongoClient, "Member[withSession].WithArity[1].Argument[0]"]
+      - [mongodb.WithSessionCallback, "mongodb/mongodb.WithSessionCallback", ""]
+      - [mongodb.WithSessionCallback, mongoose.mongodb.WithSessionCallback, ""]
+      - [mongodb.WithTransactionCallback, mongodb.ClientSession, "Member[withTransaction].Argument[0]"]
+      - [mongodb.WithTransactionCallback, "mongodb/mongodb.WithTransactionCallback", ""]
+      - [mongodb.WithTransactionCallback, mongoose.mongodb.WithTransactionCallback, ""]
+      - [mongodb, mongoose, "Member[mongodb]"]
+      - [mongoose.AcceptsDiscriminator, mongoose.Model, ""]
+      - [mongoose.AcceptsDiscriminator, mongoose.Schema.Types.Array, ""]
+      - [mongoose.AcceptsDiscriminator, mongoose.Schema.Types.DocumentArray, ""]
+      - [mongoose.AcceptsDiscriminator, mongoose.Schema.Types.Subdocument, ""]
+      - [mongoose.Aggregate, mongoose.Aggregate, "Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue"]
+      - [mongoose.Aggregate, mongoose.AggregateStatic, Instance]
+      - [mongoose.Aggregate, mongoose.Model, "Member[aggregate].ReturnValue"]
+      - [mongoose.AggregateStatic, mongoose, "Member[Aggregate]"]
+      - [mongoose.Collection, mongoose.Collection, Instance]
+      - [mongoose.Collection, mongoose.Connection, "Member[collection].ReturnValue"]
+      - [mongoose.Collection, mongoose.Connection, "Member[collections].AnyMember"]
+      - [mongoose.Collection, mongoose.Document, "Member[collection]"]
+      - [mongoose.Collection, mongoose.Model, "Member[collection]"]
+      - [mongoose.Collection, mongoose, "Member[Collection]"]
+      - [mongoose.CollectionBase, mongoose.Collection, ""]
+      - [mongoose.CompileModelOptions, mongoose.Connection, "Member[model].Argument[3]"]
+      - [mongoose.CompileModelOptions, mongoose, "Member[model].Argument[3]"]
+      - [mongoose.ConnectOptions, mongoose.Connection, "Member[openUri].WithArity[1,2,3].Argument[1]"]
+      - [mongoose.ConnectOptions, mongoose, "Member[connect,createConnection].WithArity[1,2,3].Argument[1]"]
+      - [mongoose.Connection, mongoose.Collection, "Argument[1]"]
+      - [mongoose.Connection, mongoose.CollectionBase, "Member[conn]"]
+      - [mongoose.Connection, mongoose.CompileModelOptions, "Member[connection]"]
+      - [mongoose.Connection, mongoose.Connection, "Member[asPromise].ReturnValue.Awaited"]
+      - [mongoose.Connection, mongoose.Connection, "Member[deleteModel,plugin,setClient,useDb].ReturnValue"]
+      - [mongoose.Connection, mongoose.Connection, "Member[openUri].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Connection, mongoose.Connection, "Member[openUri].WithArity[1,2].ReturnValue.Awaited"]
+      - [mongoose.Connection, mongoose.Connection, "Member[openUri].WithArity[2,3].ReturnValue"]
+      - [mongoose.Connection, mongoose.Connection, "Member[openUri].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Connection, mongoose.ConnectionStatic, Instance]
+      - [mongoose.Connection, mongoose.Document, "Member[db]"]
+      - [mongoose.Connection, mongoose.Model, "Member[db]"]
+      - [mongoose.Connection, mongoose, "Member[connection]"]
+      - [mongoose.Connection, mongoose, "Member[connections].ArrayElement"]
+      - [mongoose.Connection, mongoose, "Member[createConnection].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Connection, mongoose, "Member[createConnection].WithArity[0,1,2].ReturnValue"]
+      - [mongoose.Connection, mongoose, "Member[createConnection].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.ConnectionStatic, mongoose, "Member[Connection]"]
+      - [mongoose.Cursor, mongoose.Query, "Member[cursor].ReturnValue"]
+      - [mongoose.DiscriminatorModel, mongoose.DiscriminatorSchema, "TypeVar[mongoose.Schema.1]"]
+      - [mongoose.Document, mongoose.Document, "Member[$getAllSubdocs,$getPopulatedDocs].ReturnValue.ArrayElement"]
+      - [mongoose.Document, mongoose.Document, "Member[$inc,$parent,$set,depopulate,increment,init,overwrite,set].ReturnValue"]
+      - [mongoose.Document, mongoose.Document, "Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]"]
+      - [mongoose.Document, mongoose.Document, "Member[equals].Argument[0]"]
+      - [mongoose.Document, mongoose.Document, "Member[init].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Document, mongoose.Document, "Member[remove,save].WithArity[0,1].ReturnValue.Awaited"]
+      - [mongoose.Document, mongoose.Document, "Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1]"]
+      - [mongoose.Document, mongoose.Document, "Member[save].Argument[1].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Document, mongoose.Document, "Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Document, mongoose.DocumentStatic, Instance]
+      - [mongoose.Document, mongoose.Error.VersionErrorStatic, "Argument[0]"]
+      - [mongoose.Document, mongoose.HydratedDocument, ""]
+      - [mongoose.Document, mongoose.HydratedDocument, "TypeVar[mongoose.Require_id.0]"]
+      - [mongoose.Document, mongoose.Model, "Member[bulkSave].Argument[0].ArrayElement"]
+      - [mongoose.Document, mongoose.TVirtualPathFN, "Argument[2]"]
+      - [mongoose.Document, mongoose.Types.Subdocument, ""]
+      - [mongoose.Document, mongoose.Types.Subdocument, "Member[$parent,ownerDocument,parent].ReturnValue"]
+      - [mongoose.Document, mongoose.VirtualType, "Member[applyGetters,applySetters].Argument[1]"]
+      - [mongoose.DocumentStatic, mongoose, "Member[Document]"]
+      - [mongoose.Error.VersionErrorStatic, mongoose, "Member[Error].Member[VersionError]"]
+      - [mongoose.HydratedDocument, mongoose.Model, Instance]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[$where,find,geoSearch,where].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[create,insertMany].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[create].WithArity[0..,1,2].ReturnValue.Awaited.ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[create].WithArity[1].ReturnValue.Awaited"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[create].WithArity[2].Argument[1].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[exists].WithArity[1,2].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[find,insertMany].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findById,findOne].Argument[3].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findById].WithArity[1,2,3].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findOneAndReplace].WithArity[0,1,2,3,4].Argument[3].Argument[1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findOneAndUpdate].WithArity[3,4].Argument[3].Argument[1]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findOne].WithArity[0,1,2].Argument[1,2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[findOne].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[geoSearch].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[hydrate].ReturnValue"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[init].ReturnValue.Awaited"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[insertMany].WithArity[1,2].ReturnValue.Awaited.ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[populate].WithArity[2,3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[populate].WithArity[2,3].ReturnValue.Awaited"]
+      - [mongoose.HydratedDocument, mongoose.Model, "Member[populate].WithArity[2,3].ReturnValue.Awaited.ArrayElement"]
+      - [mongoose.HydratedDocument, mongoose.TVirtualPathFN, "Argument[1].TypeVar[mongoose.VirtualType.0]"]
+      - [mongoose.HydratedDocument, mongoose.VirtualPathFunctions, "Member[options].TypeVar[mongoose.VirtualTypeOptions.0]"]
+      - [mongoose.InsertManyOptions, mongoose.Model, "Member[insertMany].WithArity[2,3].Argument[1]"]
+      - [mongoose.Model, mongoose.AcceptsDiscriminator, "Member[discriminator].WithArity[2,3].ReturnValue"]
+      - [mongoose.Model, mongoose.Aggregate, "Member[model].Argument[0]"]
+      - [mongoose.Model, mongoose.Connection, "Member[model].WithArity[1,2,3,4].ReturnValue"]
+      - [mongoose.Model, mongoose.Connection, "Member[models].AnyMember"]
+      - [mongoose.Model, mongoose.DiscriminatorModel, ""]
+      - [mongoose.Model, mongoose.Document, "Member[$model].ReturnValue"]
+      - [mongoose.Model, mongoose.Document, "Member[populate].Argument[2]"]
+      - [mongoose.Model, mongoose.Model, "Member[discriminators].AnyMember"]
+      - [mongoose.Model, mongoose.Models, AnyMember]
+      - [mongoose.Model, mongoose.PopulateOptions, "Member[model]"]
+      - [mongoose.Model, mongoose.Query, "Member[cast].Argument[0]"]
+      - [mongoose.Model, mongoose.Query, "Member[populate].Argument[2]"]
+      - [mongoose.Model, mongoose.Schema.Types.Array, "Member[discriminator].WithArity[2,3].ReturnValue"]
+      - [mongoose.Model, mongoose.Schema.Types.DocumentArray, "Member[discriminator].WithArity[2,3].ReturnValue"]
+      - [mongoose.Model, mongoose.Schema.Types.Subdocument, "Member[discriminator].WithArity[2,3].ReturnValue"]
+      - [mongoose.Model, mongoose.SchemaStatic, "Instance.TypeVar[mongoose.Schema.1]"]
+      - [mongoose.Model, mongoose, "Member[Model]"]
+      - [mongoose.Model, mongoose, "Member[model].ReturnValue"]
+      - [mongoose.Models, mongoose, "Member[models]"]
+      - [mongoose.PopulateOption, mongoose.InsertManyOptions, ""]
+      - [mongoose.PopulateOption, mongoose.QueryOptions, ""]
+      - [mongoose.PopulateOptions, mongoose.Document, "Member[populate].Argument[4]"]
+      - [mongoose.PopulateOptions, mongoose.Document, "Member[populate].WithArity[1,2].Argument[0]"]
+      - [mongoose.PopulateOptions, mongoose.Document, "Member[populate].WithArity[1,2].Argument[0].ArrayElement"]
+      - [mongoose.PopulateOptions, mongoose.Model, "Member[populate].Argument[1]"]
+      - [mongoose.PopulateOptions, mongoose.Model, "Member[populate].Argument[1].ArrayElement"]
+      - [mongoose.PopulateOptions, mongoose.PopulateOption, "Member[populate]"]
+      - [mongoose.PopulateOptions, mongoose.PopulateOption, "Member[populate].ArrayElement"]
+      - [mongoose.PopulateOptions, mongoose.PopulateOptions, "Member[populate]"]
+      - [mongoose.PopulateOptions, mongoose.PopulateOptions, "Member[populate].ArrayElement"]
+      - [mongoose.PopulateOptions, mongoose.Query, "Member[populate].WithArity[1].Argument[0]"]
+      - [mongoose.PopulateOptions, mongoose.Query, "Member[populate].WithArity[1].Argument[0].ArrayElement"]
+      - [mongoose.Query, mongoose.Document, "Member[replaceOne,update,updateOne].ReturnValue"]
+      - [mongoose.Query, mongoose.HydratedDocument, "TypeVar[mongoose.Require_id.0]"]
+      - [mongoose.Query, mongoose.Query, "Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,remove,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue"]
+      - [mongoose.Query, mongoose.Query, "Member[error].WithArity[1].ReturnValue"]
+      - [mongoose.Query, mongoose.Query, "Member[merge].Argument[0]"]
+      - [mongoose.Query, mongoose.QueryStatic, Instance]
+      - [mongoose.Query, mongoose.QueryWithHelpers, ""]
+      - [mongoose.QueryOptions, mongoose.Document, "Member[delete,deleteOne,remove].WithArity[0,1,2].Argument[0]"]
+      - [mongoose.QueryOptions, mongoose.Document, "Member[replaceOne,update,updateOne].Argument[1]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[countDocuments,findByIdAndDelete,findByIdAndRemove,findOneAndDelete,findOneAndRemove].Argument[1]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[estimatedDocumentCount].Argument[0]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[find,findById].WithArity[1,2,3,4].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[findByIdAndUpdate,findOne,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.Model, "Member[replaceOne,update,updateMany,updateOne].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.PopulateOptions, "Member[options]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[cursor,estimatedDocumentCount,setOptions].Argument[0]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[findByIdAndUpdate,findOne,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[find].WithArity[1,2,3,4].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[getOptions].ReturnValue"]
+      - [mongoose.QueryOptions, mongoose.Query, "Member[replaceOne,update,updateMany,updateOne].Argument[2]"]
+      - [mongoose.QueryOptions, mongoose.VirtualTypeOptions, "Member[options]"]
+      - [mongoose.QueryStatic, mongoose, "Member[Query]"]
+      - [mongoose.QueryWithHelpers, mongoose.Document, "Member[delete,deleteOne].WithArity[0,1].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Model, "Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findById,findByIdAndDelete,findByIdAndRemove,findOne,findOneAndDelete,findOneAndRemove,geoSearch,remove,replaceOne,update,updateMany,updateOne,where].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Model, "Member[exists].WithArity[1,2].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Model, "Member[findByIdAndUpdate,findOneAndReplace,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Query, "Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Query, "Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue"]
+      - [mongoose.QueryWithHelpers, mongoose.Query, "Member[toConstructor].ReturnValue.Instance"]
+      - [mongoose.Schema.Types.Array, mongoose.Schema.Types.Array, "Member[enum].ReturnValue"]
+      - [mongoose.Schema.Types.Array, mongoose.Schema.Types.ArrayStatic, Instance]
+      - [mongoose.Schema.Types.ArrayStatic, mongoose, "Member[Schema].Member[Types].Member[Array]"]
+      - [mongoose.Schema.Types.DocumentArray, mongoose.Schema.Types.DocumentArrayStatic, Instance]
+      - [mongoose.Schema.Types.DocumentArrayStatic, mongoose, "Member[Schema].Member[Types].Member[DocumentArray]"]
+      - [mongoose.Schema.Types.Subdocument, mongoose.Schema.Types.SubdocumentStatic, Instance]
+      - [mongoose.Schema.Types.SubdocumentStatic, mongoose.Schema.Types.DocumentArray, "Member[caster]"]
+      - [mongoose.Schema.Types.SubdocumentStatic, mongoose, "Member[Schema].Member[Types].Member[Subdocument]"]
+      - [mongoose.SchemaStatic, mongoose, "Member[Schema]"]
+      - [mongoose.SessionOperation, mongoose.Aggregate, ""]
+      - [mongoose.SessionOperation, mongoose.Query, ""]
+      - [mongoose.TVirtualPathFN, mongoose.VirtualPathFunctions, "Member[get,set]"]
+      - [mongoose.Types.Array, mongoose.Types.DocumentArray, ""]
+      - [mongoose.Types.ArraySubdocument, mongoose.Types.ArraySubdocumentStatic, Instance]
+      - [mongoose.Types.ArraySubdocumentStatic, mongoose, "Member[Types].Member[ArraySubdocument]"]
+      - [mongoose.Types.DocumentArray, mongoose.Types.ArraySubdocument, "Member[parentArray].ReturnValue"]
+      - [mongoose.Types.DocumentArray, mongoose.Types.DocumentArrayStatic, Instance]
+      - [mongoose.Types.DocumentArray, "mongoose/inferschematype.ResolvePathType", "TypeVar[mongoose.IfEquals.3]"]
+      - [mongoose.Types.DocumentArrayStatic, mongoose, "Member[Types].Member[DocumentArray]"]
+      - [mongoose.Types.ObjectId, "mongoose/inferschematype.ResolvePathType", ""]
+      - [mongoose.Types.Subdocument, mongoose.Types.ArraySubdocument, ""]
+      - [mongoose.Types.Subdocument, mongoose.Types.DocumentArray, "Member[create,id].ReturnValue"]
+      - [mongoose.Types.Subdocument, mongoose.Types.DocumentArray, "TypeVar[mongoose.Types.Array.0]"]
+      - [mongoose.Types.Subdocument, mongoose.Types.SubdocumentStatic, Instance]
+      - [mongoose.Types.SubdocumentStatic, mongoose, "Member[Types].Member[Subdocument]"]
+      - [mongoose.VirtualType, mongoose.TVirtualPathFN, "Argument[1]"]
+      - [mongoose.VirtualType, mongoose.VirtualType, "Member[get,set].Argument[0].Argument[1]"]
+      - [mongoose.VirtualType, mongoose.VirtualType, "Member[get,set].ReturnValue"]
+      - [mongoose.VirtualType, mongoose.VirtualTypeStatic, Instance]
+      - [mongoose.VirtualTypeOptions, mongoose.VirtualPathFunctions, "Member[options]"]
+      - [mongoose.VirtualTypeStatic, mongoose, "Member[VirtualType]"]
+      - ["mongoose/inferschematype.ResolvePathType", "mongoose/inferschematype.ObtainDocumentPathType", ""]
+      - ["mongoose/inferschematype.ResolvePathType", "mongoose/inferschematype.ResolvePathType", "TypeVar[mongoose.IfEquals.3].ArrayElement"]
+      - ["mongoose/inferschematype.ResolvePathType", "mongoose/inferschematype.ResolvePathType", "TypeVar[mongoose.IfEquals.3].TypeVar[mongoose.Types.DocumentArray.0]"]
+      - [mongoose, mongoose, "Member[mongoose]"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - [mongodb.AbstractCursor, "", "", "Member[addCursorFlag,batchSize,maxTimeMS,withReadConcern,withReadPreference].ReturnValue", type]
+      - [mongodb.BulkOperationBase, "", "", "Member[addToOperationsList,raw].ReturnValue", type]
+      - [mongodb.FindCursor, "", "", "Member[addQueryModifier,allowDiskUse,collation,comment,filter,hint,limit,max,maxAwaitTimeMS,maxTimeMS,min,returnKey,showRecordId,skip,sort].ReturnValue", type]
+      - [mongodb.FindOperators, "", "", "Member[arrayFilters,collation,upsert].ReturnValue", type]
+      - [mongodb.GridFSBucketWriteStream, "", "", "Member[end].ReturnValue", type]
+      - [mongodb.MongoClient, "", "", "Member[connect].Argument[0].TypeVar[mongodb.Callback.0]", type]
+      - [mongodb.MongoClient, "", "", "Member[connect].WithArity[0].ReturnValue.Awaited", type]
+      - [mongodb.OrderedBulkOperation, "", "", "Member[addToOperationsList].ReturnValue", type]
+      - [mongodb.TypedEventEmitter, "", "", "Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue", type]
+      - [mongodb.UnorderedBulkOperation, "", "", "Member[addToOperationsList].ReturnValue", type]
+      - [mongoose.Aggregate, "", "", "Member[addCursorFlag,addFields,allowDiskUse,append,collation,count,facet,graphLookup,group,hint,limit,lookup,match,model,near,option,project,read,readConcern,redact,replaceRoot,sample,search,session,skip,sort,sortByCount,unionWith,unwind].ReturnValue", type]
+      - [mongoose.Connection, "", "", "Member[asPromise].ReturnValue.Awaited", type]
+      - [mongoose.Connection, "", "", "Member[deleteModel,setClient].ReturnValue", type]
+      - [mongoose.Cursor, "", "", "Member[addCursorFlag].ReturnValue", type]
+      - [mongoose.Document, "", "", "Member[$inc,$set,depopulate,increment,init,overwrite,set].ReturnValue", type]
+      - [mongoose.Document, "", "", "Member[delete,deleteOne].WithArity[0,1].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]", type]
+      - [mongoose.Document, "", "", "Member[getChanges].ReturnValue.TypeVar[mongoose.UpdateQuery.0]", type]
+      - [mongoose.Document, "", "", "Member[init].Argument[2].TypeVar[mongoose.Callback.0]", type]
+      - [mongoose.Document, "", "", "Member[populate].Argument[1,5].TypeVar[mongoose.Callback.0].TypeVar[mongoose.MergeType.0]", type]
+      - [mongoose.Document, "", "", "Member[populate].WithArity[1,2,3,4,5].ReturnValue.Awaited.TypeVar[mongoose.MergeType.0]", type]
+      - [mongoose.Document, "", "", "Member[remove,save].WithArity[0,1].ReturnValue.Awaited", type]
+      - [mongoose.Document, "", "", "Member[replaceOne,update,updateOne].ReturnValue.TypeVar[mongoose.Query.1]", type]
+      - [mongoose.Document, "", "", "Member[save].Argument[1].TypeVar[mongoose.Callback.0]", type]
+      - [mongoose.Document, "", "", "Member[save].WithArity[1].Argument[0].TypeVar[mongoose.Callback.0]", type]
+      - [mongoose.Document, "", "", "Member[update,updateOne].Argument[0].TypeVar[mongoose.UpdateQuery.0]", type]
+      - [mongoose.Query, "", "", "Member[all,allowDiskUse,and,batchSize,box,circle,clone,collation,comment,elemMatch,equals,exists,explain,geometry,gt,gte,hint,in,intersects,j,limit,lt,lte,maxDistance,maxScan,maxTimeMS,merge,mod,ne,near,nin,nor,or,polygon,read,readConcern,regex,select,session,set,setOptions,size,skip,slice,snapshot,sort,tailable,w,where,within,wtimeout].ReturnValue", type]
+      - [mongoose.Query, "", "", "Member[error].WithArity[1].ReturnValue", type]
+      - [mongoose.Schema.Types.Array, "", "", "Member[enum].ReturnValue", type]
+      - [mongoose.SessionOperation, "", "", "Member[session].ReturnValue", type]
+      - [mongoose.Types.Array, "", "", "Member[pull,remove,set].ReturnValue", type]
+      - [mongoose.Types.ObjectId, "", "", "Member[_id]", type]
+      - [mongoose.VirtualType, "", "", "Member[get,set].ReturnValue", type]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data:
+      - [mongodb.Callback.0, "Argument[1]"]
+      - [mongoose.Callback.0, "Argument[1]"]
+      - [mongoose.Cursor.0, "Member[eachAsync].WithArity[1,2,3].Argument[0].Argument[0]"]
+      - [mongoose.Cursor.0, "Member[eachAsync].WithArity[2,3].Argument[0].Argument[0].ArrayElement"]
+      - [mongoose.Cursor.0, "Member[map].Argument[0].Argument[0]"]
+      - [mongoose.Cursor.0, "Member[next].Argument[0].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Cursor.0, "Member[next].WithArity[0].ReturnValue.Awaited"]
+      - [mongoose.Cursor.1, "Member[map].ReturnValue.TypeVar[mongoose.Cursor.1]"]
+      - [mongoose.Cursor.1, "Member[options]"]
+      - [mongoose.DiscriminatorSchema.1, "TypeVar[mongoose.Schema.1]"]
+      - [mongoose.DiscriminatorSchema.1, "TypeVar[mongoose.Schema.1].TypeVar[mongoose.DiscriminatorModel.1]"]
+      - [mongoose.Document.0, "Member[_id]"]
+      - [mongoose.Document.0, "Member[equals].Argument[0].TypeVar[mongoose.Document.0]"]
+      - [mongoose.FilterQuery.0, "TypeVar[mongoose._FilterQuery.0]"]
+      - [mongoose.IfAny.1, ""]
+      - [mongoose.IfAny.2, ""]
+      - [mongoose.IfEquals.3, ""]
+      - [mongoose.LeanDocumentOrArray.0, ""]
+      - [mongoose.LeanDocumentOrArray.0, "TypeVar[mongoose.LeanDocument.0]"]
+      - [mongoose.LeanDocumentOrArrayWithRawType.0, ""]
+      - [mongoose.ModifyResult.0, "Member[value].TypeVar[mongoose.Require_id.0]"]
+      - [mongoose.PluginFunction.1, "Argument[0].TypeVar[mongoose.Schema.1]"]
+      - [mongoose.PostMiddlewareFunction.1, "Argument[0]"]
+      - [mongoose.Query.0, "Member[exec].Argument[0].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Query.0, "Member[exec].WithArity[0].ReturnValue.Awaited"]
+      - [mongoose.Query.0, "Member[lean].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.LeanDocumentOrArray.0,mongoose.LeanDocumentOrArrayWithRawType.0]"]
+      - [mongoose.Query.0, "Member[orFail].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0]"]
+      - [mongoose.Query.0, "Member[populate].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.UnpackedIntersection.0]"]
+      - [mongoose.Query.0, "Member[then,transform].Argument[0].Argument[0]"]
+      - [mongoose.Query.0, "Member[toConstructor].ReturnValue.Instance.TypeVar[mongoose.QueryWithHelpers.0]"]
+      - [mongoose.Query.1, "Member[$where,count,countDocuments,deleteMany,deleteOne,distinct,estimatedDocumentCount,find,lean,orFail,populate,replaceOne,transform,update,updateMany,updateOne].ReturnValue.TypeVar[mongoose.QueryWithHelpers.1]"]
+      - [mongoose.Query.1, "Member[$where,find].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[_mongooseOptions].TypeVar[mongoose.MongooseQueryOptions.0]"]
+      - [mongoose.Query.1, "Member[and,nor,or].Argument[0].ArrayElement.TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[countDocuments,findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[1].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[countDocuments].WithArity[1,2,3].Argument[0].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[count].WithArity[1,2].Argument[0].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[cursor,estimatedDocumentCount,setOptions].Argument[0].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.0]"]
+      - [mongoose.Query.1, "Member[cursor].ReturnValue.TypeVar[mongoose.Cursor.1].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[0].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[deleteMany,deleteOne].WithArity[0,1,2,3].Argument[1].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[distinct].Argument[1].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[findByIdAndDelete,findOne,findOneAndDelete,findOneAndRemove].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]"]
+      - [mongoose.Query.1, "Member[findByIdAndDelete,findOneAndDelete,findOneAndRemove].Argument[2].Argument[1]"]
+      - [mongoose.Query.1, "Member[findByIdAndUpdate,findOneAndUpdate,update,updateMany,updateOne].Argument[1].TypeVar[mongoose.UpdateQuery.0]"]
+      - [mongoose.Query.1, "Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].Argument[2].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[findByIdAndUpdate,findOneAndUpdate].WithArity[0,1,2,3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0,mongoose.QueryWithHelpers.1]"]
+      - [mongoose.Query.1, "Member[findByIdAndUpdate].WithArity[0,1,2,4].Argument[3].Argument[1]"]
+      - [mongoose.Query.1, "Member[findByIdAndUpdate].WithArity[3].Argument[2,3].Argument[1]"]
+      - [mongoose.Query.1, "Member[findOne,findOneAndDelete,findOneAndRemove,findOneAndUpdate,merge,remove,replaceOne,setQuery,update,updateMany,updateOne].Argument[0].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[findOneAndUpdate].Argument[3].Argument[1]"]
+      - [mongoose.Query.1, "Member[findOneAndUpdate].Argument[3].Argument[2].TypeVar[mongoose.ModifyResult.0]"]
+      - [mongoose.Query.1, "Member[findOneAndUpdate].WithArity[3,4].ReturnValue.TypeVar[mongoose.QueryWithHelpers.0].TypeVar[mongoose.ModifyResult.0]"]
+      - [mongoose.Query.1, "Member[findOne].Argument[3].TypeVar[mongoose.Callback.0]"]
+      - [mongoose.Query.1, "Member[findOne].WithArity[0,1,2,3].Argument[2].TypeVar[mongoose.Callback.0,mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[findOne].WithArity[0,1,2].Argument[1].TypeVar[mongoose.Callback.0,mongoose.ProjectionType.0]"]
+      - [mongoose.Query.1, "Member[findOne].WithArity[3,4].Argument[1].TypeVar[mongoose.ProjectionType.0]"]
+      - [mongoose.Query.1, "Member[findOne].WithArity[4].Argument[2].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[find].Argument[3].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[find].WithArity[0].Argument[0].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[find].WithArity[1,2,3,4].Argument[0].TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[find].WithArity[1,2,3,4].Argument[1].TypeVar[mongoose.ProjectionType.0]"]
+      - [mongoose.Query.1, "Member[find].WithArity[1,2,3,4].Argument[2].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[find].WithArity[1].Argument[0,1,2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[find].WithArity[2].Argument[1,2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[find].WithArity[3].Argument[2].TypeVar[mongoose.Callback.0].ArrayElement"]
+      - [mongoose.Query.1, "Member[getFilter,getQuery].ReturnValue.TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Query.1, "Member[getOptions].ReturnValue.TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[getUpdate].ReturnValue.TypeVar[mongoose.UpdateQuery.0]"]
+      - [mongoose.Query.1, "Member[projection].WithArity[0,1].Argument[0].TypeVar[mongoose.ProjectionFields.0]"]
+      - [mongoose.Query.1, "Member[projection].WithArity[0,1].ReturnValue.TypeVar[mongoose.ProjectionFields.0]"]
+      - [mongoose.Query.1, "Member[remove].ReturnValue.TypeVar[mongoose.Query.1]"]
+      - [mongoose.Query.1, "Member[replaceOne,update,updateMany,updateOne].Argument[2].TypeVar[mongoose.QueryOptions.0]"]
+      - [mongoose.Query.1, "Member[replaceOne].Argument[1]"]
+      - [mongoose.Query.1, "Member[setUpdate].Argument[0].TypeVar[mongoose.UpdateQuery.0]"]
+      - [mongoose.Query.1, "Member[toConstructor].ReturnValue.Instance.TypeVar[mongoose.QueryWithHelpers.1]"]
+      - [mongoose.QueryOptions.0, "Member[projection].TypeVar[mongoose.ProjectionType.0]"]
+      - [mongoose.QueryWithHelpers.0, "TypeVar[mongoose.Query.0]"]
+      - [mongoose.QueryWithHelpers.1, "TypeVar[mongoose.Query.1]"]
+      - [mongoose.Require_id.0, ""]
+      - [mongoose.Require_id.0, "TypeVar[mongoose.IfAny.1,mongoose.IfAny.2]"]
+      - [mongoose.RootQuerySelector.0, "Member[$and,$nor,$or].ArrayElement.TypeVar[mongoose.FilterQuery.0]"]
+      - [mongoose.Schema.1, "Member[discriminator].ReturnValue.TypeVar[mongoose.DiscriminatorSchema.1]"]
+      - [mongoose.Schema.1, "Member[plugin].Argument[0].TypeVar[mongoose.PluginFunction.1]"]
+      - [mongoose.Schema.1, "Member[post].Argument[2].TypeVar[mongoose.ErrorHandlingMiddlewareFunction.0,mongoose.PostMiddlewareFunction.0,mongoose.PostMiddlewareFunction.1]"]
+      - [mongoose.Schema.1, "Member[post].WithArity[2].WithStringArgument[0=insertMany].Argument[1].TypeVar[mongoose.ErrorHandlingMiddlewareFunction.0,mongoose.PostMiddlewareFunction.0,mongoose.PostMiddlewareFunction.1]"]
+      - [mongoose.Types.Array.0, "Member[$pop,$shift,shift].ReturnValue"]
+      - [mongoose.Types.Array.0, "Member[set].Argument[1]"]
+      - [mongoose.Types.DocumentArray.0, "Member[create,id].ReturnValue"]
+      - [mongoose.Types.DocumentArray.0, "Member[create,id].ReturnValue.TypeVar[mongoose.Types.Subdocument.0].TypeVar[mongoose.InferId.0]"]
+      - [mongoose.Types.DocumentArray.0, "Member[push].Argument[0].ArrayElement.TypeVar[mongoose.AnyKeys.0]"]
+      - [mongoose.Types.DocumentArray.0, "TypeVar[mongoose.Types.Array.0]"]
+      - [mongoose.Types.DocumentArray.0, "TypeVar[mongoose.Types.Array.0].TypeVar[mongoose.Types.Subdocument.0].TypeVar[mongoose.InferId.0]"]
+      - [mongoose.Types.Subdocument.0, "TypeVar[mongoose.Document.0]"]
+      - [mongoose.UnpackedIntersection.0, ""]
+      - [mongoose.UpdateQuery.0, "TypeVar[mongoose._UpdateQuery.0].TypeVar[mongoose._UpdateQueryDef.0]"]
+      - [mongoose.VirtualType.0, "Member[get,set].Argument[0].Argument[1].TypeVar[mongoose.VirtualType.0]"]
+      - [mongoose.VirtualType.0, "Member[get,set].Argument[0].Argument[2]"]
+      - [mongoose.VirtualTypeOptions.0, "Member[foreignField,localField].Argument[0]"]
+      - [mongoose._FilterQuery.0, "TypeVar[mongoose.RootQuerySelector.0]"]
+      - [mongoose._UpdateQuery.0, "Member[$currentDate,$inc,$max,$min,$mul,$pop,$pull,$pullAll,$push,$set,$setOnInsert,$unset].TypeVar[mongoose.AnyKeys.0]"]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mssql/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/mssql/Model.qll
deleted file mode 100644
index 0d69eea01e0..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/mssql/Model.qll
+++ /dev/null
@@ -1,45 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mssql;ConnectionPool;mssql/msnodesqlv8;;Member[connect].ReturnValue.Awaited", //
-        "mssql;ConnectionPool;mssql/msnodesqlv8;;Member[pool]", //
-        "mssql;ConnectionPool;mssql;;Member[connect].ReturnValue.Awaited", //
-        "mssql;ConnectionPool;mssql;;Member[pool]", //
-        "mssql;ConnectionPool;mssql;ConnectionPool;Member[connect].WithArity[0].ReturnValue.Awaited", //
-        "mssql;ConnectionPool;mssql;ConnectionPoolStatic;Instance", //
-        "mssql;ConnectionPoolStatic;mssql/msnodesqlv8;;Member[ConnectionPool]", //
-        "mssql;ConnectionPoolStatic;mssql;;Member[ConnectionPool]", //
-        "mssql;PreparedStatement;mssql;PreparedStatement;Member[input,output].ReturnValue", //
-        "mssql;PreparedStatement;mssql;PreparedStatement;Member[prepare].WithArity[0,1,2].ReturnValue", //
-        "mssql;PreparedStatement;mssql;PreparedStatement;Member[unprepare].WithArity[1].ReturnValue", //
-        "mssql;PreparedStatement;mssql;PreparedStatementStatic;Instance", //
-        "mssql;PreparedStatement;mssql;Request;Member[pstatement]", //
-        "mssql;PreparedStatementStatic;mssql/msnodesqlv8;;Member[PreparedStatement]", //
-        "mssql;PreparedStatementStatic;mssql;;Member[PreparedStatement]", //
-        "mssql;Request;mssql;ConnectionPool;Member[request].ReturnValue", //
-        "mssql;Request;mssql;PreparedStatement;Member[execute].WithArity[2].ReturnValue", //
-        "mssql;Request;mssql;Request;Member[input,output,replaceInput].ReturnValue", //
-        "mssql;Request;mssql;Request;Member[replaceOutput].ReturnValue", //
-        "mssql;Request;mssql;RequestStatic;Instance", //
-        "mssql;Request;mssql;Transaction;Member[request].ReturnValue", //
-        "mssql;RequestStatic;mssql/msnodesqlv8;;Member[Request]", //
-        "mssql;RequestStatic;mssql;;Member[Request]", //
-        "mssql;Transaction;mssql;ConnectionPool;Member[transaction].ReturnValue", //
-        "mssql;Transaction;mssql;PreparedStatement;Member[transaction]", //
-        "mssql;Transaction;mssql;Request;Member[transaction]", //
-        "mssql;Transaction;mssql;Transaction;Member[begin].WithArity[0,1,2].ReturnValue", //
-        "mssql;Transaction;mssql;Transaction;Member[begin].WithArity[0,1].ReturnValue.Awaited", //
-        "mssql;Transaction;mssql;TransactionStatic;Instance", //
-        "mssql;TransactionStatic;mssql/msnodesqlv8;;Member[Transaction]", //
-        "mssql;TransactionStatic;mssql;;Member[Transaction]", //
-        "mssql;config;mssql/msnodesqlv8;;Member[connect].Argument[0]", //
-        "mssql;config;mssql;;Member[connect].Argument[0]", //
-        "mssql;config;mssql;ConnectionPoolStatic;WithArity[1,2].Argument[0]", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.json b/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.json
index bd8e780a881..5dc81faeb49 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.json
@@ -10,55 +10,55 @@
     "language": "javascript",
     "usedTypes": {
         "sources": [
-            "mssql;Request",
-            "mssql;ConnectionPool"
+            "mssql.Request",
+            "mssql.ConnectionPool"
         ],
         "sinks": [
-            "mssql;config"
+            "mssql.config"
         ]
     },
     "model": {
         "typeDefinitions": [
-            "mssql;Request;mssql;Request;Member[replaceOutput].ReturnValue"
+            "mssql.Request;mssql.Request;Member[replaceOutput].ReturnValue"
         ],
         "sinks": []
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "mssql;ConnectionPool;mssql/msnodesqlv8;;Member[connect].ReturnValue.Awaited",
-            "mssql;ConnectionPool;mssql/msnodesqlv8;;Member[pool]",
-            "mssql;ConnectionPool;mssql;;Member[connect].ReturnValue.Awaited",
-            "mssql;ConnectionPool;mssql;;Member[pool]",
-            "mssql;ConnectionPool;mssql;ConnectionPool;Member[connect].WithArity[0].ReturnValue.Awaited",
-            "mssql;ConnectionPool;mssql;ConnectionPoolStatic;Instance",
-            "mssql;ConnectionPoolStatic;mssql/msnodesqlv8;;Member[ConnectionPool]",
-            "mssql;ConnectionPoolStatic;mssql;;Member[ConnectionPool]",
-            "mssql;PreparedStatement;mssql;PreparedStatement;Member[input,output].ReturnValue",
-            "mssql;PreparedStatement;mssql;PreparedStatement;Member[prepare].WithArity[0,1,2].ReturnValue",
-            "mssql;PreparedStatement;mssql;PreparedStatement;Member[unprepare].WithArity[1].ReturnValue",
-            "mssql;PreparedStatement;mssql;PreparedStatementStatic;Instance",
-            "mssql;PreparedStatement;mssql;Request;Member[pstatement]",
-            "mssql;PreparedStatementStatic;mssql/msnodesqlv8;;Member[PreparedStatement]",
-            "mssql;PreparedStatementStatic;mssql;;Member[PreparedStatement]",
-            "mssql;Request;mssql;ConnectionPool;Member[request].ReturnValue",
-            "mssql;Request;mssql;PreparedStatement;Member[execute].WithArity[2].ReturnValue",
-            "mssql;Request;mssql;Request;Member[input,output,replaceInput].ReturnValue",
-            "mssql;Request;mssql;RequestStatic;Instance",
-            "mssql;Request;mssql;Transaction;Member[request].ReturnValue",
-            "mssql;RequestStatic;mssql/msnodesqlv8;;Member[Request]",
-            "mssql;RequestStatic;mssql;;Member[Request]",
-            "mssql;Transaction;mssql;ConnectionPool;Member[transaction].ReturnValue",
-            "mssql;Transaction;mssql;PreparedStatement;Member[transaction]",
-            "mssql;Transaction;mssql;Request;Member[transaction]",
-            "mssql;Transaction;mssql;Transaction;Member[begin].WithArity[0,1,2].ReturnValue",
-            "mssql;Transaction;mssql;Transaction;Member[begin].WithArity[0,1].ReturnValue.Awaited",
-            "mssql;Transaction;mssql;TransactionStatic;Instance",
-            "mssql;TransactionStatic;mssql/msnodesqlv8;;Member[Transaction]",
-            "mssql;TransactionStatic;mssql;;Member[Transaction]",
-            "mssql;config;mssql/msnodesqlv8;;Member[connect].Argument[0]",
-            "mssql;config;mssql;;Member[connect].Argument[0]",
-            "mssql;config;mssql;ConnectionPoolStatic;WithArity[1,2].Argument[0]"
+            "mssql.ConnectionPool;mssql.ConnectionPool;Member[connect].WithArity[0].ReturnValue.Awaited",
+            "mssql.ConnectionPool;mssql.ConnectionPoolStatic;Instance",
+            "mssql.ConnectionPool;mssql/msnodesqlv8;Member[connect].ReturnValue.Awaited",
+            "mssql.ConnectionPool;mssql/msnodesqlv8;Member[pool]",
+            "mssql.ConnectionPool;mssql;Member[connect].ReturnValue.Awaited",
+            "mssql.ConnectionPool;mssql;Member[pool]",
+            "mssql.ConnectionPoolStatic;mssql/msnodesqlv8;Member[ConnectionPool]",
+            "mssql.ConnectionPoolStatic;mssql;Member[ConnectionPool]",
+            "mssql.PreparedStatement;mssql.PreparedStatement;Member[input,output].ReturnValue",
+            "mssql.PreparedStatement;mssql.PreparedStatement;Member[prepare].WithArity[0,1,2].ReturnValue",
+            "mssql.PreparedStatement;mssql.PreparedStatement;Member[unprepare].WithArity[1].ReturnValue",
+            "mssql.PreparedStatement;mssql.PreparedStatementStatic;Instance",
+            "mssql.PreparedStatement;mssql.Request;Member[pstatement]",
+            "mssql.PreparedStatementStatic;mssql/msnodesqlv8;Member[PreparedStatement]",
+            "mssql.PreparedStatementStatic;mssql;Member[PreparedStatement]",
+            "mssql.Request;mssql.ConnectionPool;Member[request].ReturnValue",
+            "mssql.Request;mssql.PreparedStatement;Member[execute].WithArity[2].ReturnValue",
+            "mssql.Request;mssql.Request;Member[input,output,replaceInput].ReturnValue",
+            "mssql.Request;mssql.RequestStatic;Instance",
+            "mssql.Request;mssql.Transaction;Member[request].ReturnValue",
+            "mssql.RequestStatic;mssql/msnodesqlv8;Member[Request]",
+            "mssql.RequestStatic;mssql;Member[Request]",
+            "mssql.Transaction;mssql.ConnectionPool;Member[transaction].ReturnValue",
+            "mssql.Transaction;mssql.PreparedStatement;Member[transaction]",
+            "mssql.Transaction;mssql.Request;Member[transaction]",
+            "mssql.Transaction;mssql.Transaction;Member[begin].WithArity[0,1,2].ReturnValue",
+            "mssql.Transaction;mssql.Transaction;Member[begin].WithArity[0,1].ReturnValue.Awaited",
+            "mssql.Transaction;mssql.TransactionStatic;Instance",
+            "mssql.TransactionStatic;mssql/msnodesqlv8;Member[Transaction]",
+            "mssql.TransactionStatic;mssql;Member[Transaction]",
+            "mssql.config;mssql.ConnectionPoolStatic;WithArity[1,2].Argument[0]",
+            "mssql.config;mssql/msnodesqlv8;Member[connect].Argument[0]",
+            "mssql.config;mssql;Member[connect].Argument[0]"
         ],
         "summaries": [],
         "typeVariables": []
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.yml
new file mode 100644
index 00000000000..bbc3279b81d
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mssql/model.yml
@@ -0,0 +1,39 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [mssql.ConnectionPool, mssql.ConnectionPool, "Member[connect].WithArity[0].ReturnValue.Awaited"]
+      - [mssql.ConnectionPool, mssql.ConnectionPoolStatic, Instance]
+      - [mssql.ConnectionPool, "mssql/msnodesqlv8", "Member[connect].ReturnValue.Awaited"]
+      - [mssql.ConnectionPool, "mssql/msnodesqlv8", "Member[pool]"]
+      - [mssql.ConnectionPool, mssql, "Member[connect].ReturnValue.Awaited"]
+      - [mssql.ConnectionPool, mssql, "Member[pool]"]
+      - [mssql.ConnectionPoolStatic, "mssql/msnodesqlv8", "Member[ConnectionPool]"]
+      - [mssql.ConnectionPoolStatic, mssql, "Member[ConnectionPool]"]
+      - [mssql.PreparedStatement, mssql.PreparedStatement, "Member[input,output].ReturnValue"]
+      - [mssql.PreparedStatement, mssql.PreparedStatement, "Member[prepare].WithArity[0,1,2].ReturnValue"]
+      - [mssql.PreparedStatement, mssql.PreparedStatement, "Member[unprepare].WithArity[1].ReturnValue"]
+      - [mssql.PreparedStatement, mssql.PreparedStatementStatic, Instance]
+      - [mssql.PreparedStatement, mssql.Request, "Member[pstatement]"]
+      - [mssql.PreparedStatementStatic, "mssql/msnodesqlv8", "Member[PreparedStatement]"]
+      - [mssql.PreparedStatementStatic, mssql, "Member[PreparedStatement]"]
+      - [mssql.Request, mssql.ConnectionPool, "Member[request].ReturnValue"]
+      - [mssql.Request, mssql.PreparedStatement, "Member[execute].WithArity[2].ReturnValue"]
+      - [mssql.Request, mssql.Request, "Member[input,output,replaceInput].ReturnValue"]
+      - [mssql.Request, mssql.Request, "Member[replaceOutput].ReturnValue"]
+      - [mssql.Request, mssql.RequestStatic, Instance]
+      - [mssql.Request, mssql.Transaction, "Member[request].ReturnValue"]
+      - [mssql.RequestStatic, "mssql/msnodesqlv8", "Member[Request]"]
+      - [mssql.RequestStatic, mssql, "Member[Request]"]
+      - [mssql.Transaction, mssql.ConnectionPool, "Member[transaction].ReturnValue"]
+      - [mssql.Transaction, mssql.PreparedStatement, "Member[transaction]"]
+      - [mssql.Transaction, mssql.Request, "Member[transaction]"]
+      - [mssql.Transaction, mssql.Transaction, "Member[begin].WithArity[0,1,2].ReturnValue"]
+      - [mssql.Transaction, mssql.Transaction, "Member[begin].WithArity[0,1].ReturnValue.Awaited"]
+      - [mssql.Transaction, mssql.TransactionStatic, Instance]
+      - [mssql.TransactionStatic, "mssql/msnodesqlv8", "Member[Transaction]"]
+      - [mssql.TransactionStatic, mssql, "Member[Transaction]"]
+      - [mssql.config, mssql.ConnectionPoolStatic, "WithArity[1,2].Argument[0]"]
+      - [mssql.config, "mssql/msnodesqlv8", "Member[connect].Argument[0]"]
+      - [mssql.config, mssql, "Member[connect].Argument[0]"]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mysql/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/mysql/Model.qll
deleted file mode 100644
index e8019d5a435..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/mysql/Model.qll
+++ /dev/null
@@ -1,79 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mysql2/promise;Connection;mysql2/promise;;Member[createConnectionPromise].ReturnValue.Awaited", //
-        "mysql2/promise;Connection;mysql2/promise;;Member[createConnection].ReturnValue.Awaited", //
-        "mysql2/promise;Connection;mysql2/promise;PoolConnection;", //
-        "mysql2/promise;Connection;mysql2;;Member[createConnectionPromise].ReturnValue.Awaited", //
-        "mysql2/promise;Connection;mysql2;Connection;Member[promise].ReturnValue", //
-        "mysql2/promise;Pool;mysql2/promise;;Member[createPool].ReturnValue", //
-        "mysql2/promise;Pool;mysql2/promise;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", //
-        "mysql2/promise;Pool;mysql2;Pool;Member[promise].ReturnValue", //
-        "mysql2/promise;PoolConnection;mysql2/promise;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]", //
-        "mysql2/promise;PoolConnection;mysql2/promise;Pool;Member[getConnection].ReturnValue.Awaited", //
-        "mysql2/promise;PoolConnection;mysql2;PoolConnection;Member[promise].ReturnValue", //
-        "mysql2/typings/mysql/lib/Connection;;mysql2/typings/mysql/lib/PoolConnection;;", //
-        "mysql2/typings/mysql/lib/Connection;;mysql2/typings/mysql;Connection;", //
-        "mysql2/typings/mysql/lib/PoolConnection;;mysql2/typings/mysql;PoolConnection;", //
-        "mysql2/typings/mysql;Connection;mysql2;Connection;", //
-        "mysql2/typings/mysql;Connection;mysql2;Pool;", //
-        "mysql2/typings/mysql;PoolConnection;mysql2;PoolConnection;", //
-        "mysql2;Connection;mysql2;;Member[createConnection].ReturnValue", //
-        "mysql2;Connection;mysql2;PoolConnection;", //
-        "mysql2;Connection;mysql2;authPlugins;Argument[0].Member[connection]", //
-        "mysql2;ConnectionOptions;mysql2/promise;;Member[createConnection].Argument[0]", //
-        "mysql2;ConnectionOptions;mysql2/promise;Connection;Member[changeUser].Argument[0]", //
-        "mysql2;ConnectionOptions;mysql2/promise;Connection;Member[config]", //
-        "mysql2;ConnectionOptions;mysql2;;Member[createConnection].Argument[0]", //
-        "mysql2;ConnectionOptions;mysql2;PoolOptions;", //
-        "mysql2;Pool;mysql2;;Member[createPool].ReturnValue", //
-        "mysql2;Pool;mysql2;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", //
-        "mysql2;PoolConnection;mysql2;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]", //
-        "mysql2;PoolConnection;mysql2;Pool;Member[getConnection].Argument[0].Argument[1]", //
-        "mysql2;PoolOptions;mysql2/promise;;Member[createPool].Argument[0]", //
-        "mysql2;PoolOptions;mysql2;;Member[createPool].Argument[0]", //
-        "mysql2;authPlugins;mysql2;ConnectionOptions;Member[authPlugins].AnyMember", //
-        "mysql;Connection;mysql;;Member[createConnection].ReturnValue", //
-        "mysql;Connection;mysql;Pool;Member[on,addListener].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]", //
-        "mysql;Connection;mysql;PoolConnection;", //
-        "mysql;Connection;mysql;Query;Member[RowDataPacket].Argument[2]", //
-        "mysql;ConnectionConfig;mysql;;Member[createConnection].Argument[0]", //
-        "mysql;ConnectionConfig;mysql;Connection;Member[config]", //
-        "mysql;ConnectionConfig;mysql;PoolConfig;", //
-        "mysql;ConnectionOptions;mysql;Connection;Member[changeUser].WithArity[1,2].Argument[0]", //
-        "mysql;ConnectionOptions;mysql;ConnectionConfig;", //
-        "mysql;Pool;mysql;;Member[createPool].ReturnValue", //
-        "mysql;Pool;mysql;PoolCluster;Member[of].ReturnValue", //
-        "mysql;PoolCluster;mysql;;Member[createPoolCluster].ReturnValue", //
-        "mysql;PoolConfig;mysql;;Member[createPool].Argument[0]", //
-        "mysql;PoolConfig;mysql;PoolCluster;Member[add].Argument[1]", //
-        "mysql;PoolConfig;mysql;PoolCluster;Member[add].WithArity[1].Argument[0]", //
-        "mysql;PoolConnection;mysql;Pool;Member[acquireConnection].Argument[0]", //
-        "mysql;PoolConnection;mysql;Pool;Member[acquireConnection].Argument[1].Argument[1]", //
-        "mysql;PoolConnection;mysql;Pool;Member[getConnection].Argument[0].Argument[1]", //
-        "mysql;PoolConnection;mysql;PoolCluster;Member[getConnection].Argument[1,2].Argument[1]", //
-        "mysql;PoolConnection;mysql;PoolCluster;Member[getConnection].WithArity[1].Argument[0].Argument[1]", //
-        "mysql;Query;mysql;Query;Member[on].ReturnValue", //
-        "mysql;Query;mysql;QueryFunction;ReturnValue", //
-        "mysql;Query;mysql;QueryFunction;WithArity[1].Argument[0]", //
-        "mysql;QueryFunction;mysql;Connection;Member[createQuery,query]", //
-        "mysql;QueryFunction;mysql;Pool;Member[query]", //
-      ]
-  }
-}
-
-private class Summaries extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "mysql2/promise;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-        "mysql2/typings/mysql/lib/Connection;;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-        "mysql2;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.json b/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.json
index 759956faa11..69add1ddad9 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.json
@@ -11,89 +11,89 @@
     "language": "javascript",
     "usedTypes": {
         "sources": [
-            "mysql;Pool",
-            "mysql;Connection",
-            "mysql2;Pool",
-            "mysql2;Connection",
-            "mysql2/promise;Pool",
-            "mysql2/promise;Connection"
+            "mysql.Pool",
+            "mysql.Connection",
+            "mysql2.Pool",
+            "mysql2.Connection",
+            "mysql2/promise.Pool",
+            "mysql2/promise.Connection"
         ],
         "sinks": [
-            "mysql;ConnectionOptions",
-            "mysql2;ConnectionOptions",
-            "mysql2/promise;ConnectionOptions"
+            "mysql.ConnectionOptions",
+            "mysql2.ConnectionOptions",
+            "mysql2/promise.ConnectionOptions"
         ]
     },
     "model": {
         "sinks": [],
         "typeDefinitions": [
-            "mysql;Connection;mysql;Pool;Member[on,addListener].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
-            "mysql2/promise;Connection;mysql2;;Member[createConnectionPromise].ReturnValue.Awaited",
-            "mysql2/promise;Connection;mysql2/promise;;Member[createConnectionPromise].ReturnValue.Awaited"
+            "mysql.Connection;mysql.Pool;Member[on,addListener].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
+            "mysql2/promise.Connection;mysql2;Member[createConnectionPromise].ReturnValue.Awaited",
+            "mysql2/promise.Connection;mysql2/promise;Member[createConnectionPromise].ReturnValue.Awaited"
         ]
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "mysql2/promise;Connection;mysql2/promise;;Member[createConnection].ReturnValue.Awaited",
-            "mysql2/promise;Connection;mysql2/promise;PoolConnection;",
-            "mysql2/promise;Connection;mysql2;Connection;Member[promise].ReturnValue",
-            "mysql2/promise;Pool;mysql2/promise;;Member[createPool].ReturnValue",
-            "mysql2/promise;Pool;mysql2/promise;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
-            "mysql2/promise;Pool;mysql2;Pool;Member[promise].ReturnValue",
-            "mysql2/promise;PoolConnection;mysql2/promise;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
-            "mysql2/promise;PoolConnection;mysql2/promise;Pool;Member[getConnection].ReturnValue.Awaited",
-            "mysql2/promise;PoolConnection;mysql2;PoolConnection;Member[promise].ReturnValue",
-            "mysql2/typings/mysql/lib/Connection;;mysql2/typings/mysql/lib/PoolConnection;;",
-            "mysql2/typings/mysql/lib/Connection;;mysql2/typings/mysql;Connection;",
-            "mysql2/typings/mysql/lib/PoolConnection;;mysql2/typings/mysql;PoolConnection;",
-            "mysql2/typings/mysql;Connection;mysql2;Connection;",
-            "mysql2/typings/mysql;Connection;mysql2;Pool;",
-            "mysql2/typings/mysql;PoolConnection;mysql2;PoolConnection;",
-            "mysql2;Connection;mysql2;;Member[createConnection].ReturnValue",
-            "mysql2;Connection;mysql2;PoolConnection;",
-            "mysql2;Connection;mysql2;authPlugins;Argument[0].Member[connection]",
-            "mysql2;ConnectionOptions;mysql2/promise;;Member[createConnection].Argument[0]",
-            "mysql2;ConnectionOptions;mysql2/promise;Connection;Member[changeUser].Argument[0]",
-            "mysql2;ConnectionOptions;mysql2/promise;Connection;Member[config]",
-            "mysql2;ConnectionOptions;mysql2;;Member[createConnection].Argument[0]",
-            "mysql2;ConnectionOptions;mysql2;PoolOptions;",
-            "mysql2;Pool;mysql2;;Member[createPool].ReturnValue",
-            "mysql2;Pool;mysql2;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
-            "mysql2;PoolConnection;mysql2;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
-            "mysql2;PoolConnection;mysql2;Pool;Member[getConnection].Argument[0].Argument[1]",
-            "mysql2;PoolOptions;mysql2/promise;;Member[createPool].Argument[0]",
-            "mysql2;PoolOptions;mysql2;;Member[createPool].Argument[0]",
-            "mysql2;authPlugins;mysql2;ConnectionOptions;Member[authPlugins].AnyMember",
-            "mysql;Connection;mysql;;Member[createConnection].ReturnValue",
-            "mysql;Connection;mysql;PoolConnection;",
-            "mysql;Connection;mysql;Query;Member[RowDataPacket].Argument[2]",
-            "mysql;ConnectionConfig;mysql;;Member[createConnection].Argument[0]",
-            "mysql;ConnectionConfig;mysql;Connection;Member[config]",
-            "mysql;ConnectionConfig;mysql;PoolConfig;",
-            "mysql;ConnectionOptions;mysql;Connection;Member[changeUser].WithArity[1,2].Argument[0]",
-            "mysql;ConnectionOptions;mysql;ConnectionConfig;",
-            "mysql;Pool;mysql;;Member[createPool].ReturnValue",
-            "mysql;Pool;mysql;PoolCluster;Member[of].ReturnValue",
-            "mysql;PoolCluster;mysql;;Member[createPoolCluster].ReturnValue",
-            "mysql;PoolConfig;mysql;;Member[createPool].Argument[0]",
-            "mysql;PoolConfig;mysql;PoolCluster;Member[add].Argument[1]",
-            "mysql;PoolConfig;mysql;PoolCluster;Member[add].WithArity[1].Argument[0]",
-            "mysql;PoolConnection;mysql;Pool;Member[acquireConnection].Argument[0]",
-            "mysql;PoolConnection;mysql;Pool;Member[acquireConnection].Argument[1].Argument[1]",
-            "mysql;PoolConnection;mysql;Pool;Member[getConnection].Argument[0].Argument[1]",
-            "mysql;PoolConnection;mysql;PoolCluster;Member[getConnection].Argument[1,2].Argument[1]",
-            "mysql;PoolConnection;mysql;PoolCluster;Member[getConnection].WithArity[1].Argument[0].Argument[1]",
-            "mysql;Query;mysql;Query;Member[on].ReturnValue",
-            "mysql;Query;mysql;QueryFunction;ReturnValue",
-            "mysql;Query;mysql;QueryFunction;WithArity[1].Argument[0]",
-            "mysql;QueryFunction;mysql;Connection;Member[createQuery,query]",
-            "mysql;QueryFunction;mysql;Pool;Member[query]"
+            "mysql.Connection;mysql.PoolConnection;",
+            "mysql.Connection;mysql.Query;Member[RowDataPacket].Argument[2]",
+            "mysql.Connection;mysql;Member[createConnection].ReturnValue",
+            "mysql.ConnectionConfig;mysql.Connection;Member[config]",
+            "mysql.ConnectionConfig;mysql.PoolConfig;",
+            "mysql.ConnectionConfig;mysql;Member[createConnection].Argument[0]",
+            "mysql.ConnectionOptions;mysql.Connection;Member[changeUser].WithArity[1,2].Argument[0]",
+            "mysql.ConnectionOptions;mysql.ConnectionConfig;",
+            "mysql.Pool;mysql.PoolCluster;Member[of].ReturnValue",
+            "mysql.Pool;mysql;Member[createPool].ReturnValue",
+            "mysql.PoolCluster;mysql;Member[createPoolCluster].ReturnValue",
+            "mysql.PoolConfig;mysql.PoolCluster;Member[add].Argument[1]",
+            "mysql.PoolConfig;mysql.PoolCluster;Member[add].WithArity[1].Argument[0]",
+            "mysql.PoolConfig;mysql;Member[createPool].Argument[0]",
+            "mysql.PoolConnection;mysql.Pool;Member[acquireConnection].Argument[0]",
+            "mysql.PoolConnection;mysql.Pool;Member[acquireConnection].Argument[1].Argument[1]",
+            "mysql.PoolConnection;mysql.Pool;Member[getConnection].Argument[0].Argument[1]",
+            "mysql.PoolConnection;mysql.PoolCluster;Member[getConnection].Argument[1,2].Argument[1]",
+            "mysql.PoolConnection;mysql.PoolCluster;Member[getConnection].WithArity[1].Argument[0].Argument[1]",
+            "mysql.Query;mysql.Query;Member[on].ReturnValue",
+            "mysql.Query;mysql.QueryFunction;ReturnValue",
+            "mysql.Query;mysql.QueryFunction;WithArity[1].Argument[0]",
+            "mysql.QueryFunction;mysql.Connection;Member[createQuery,query]",
+            "mysql.QueryFunction;mysql.Pool;Member[query]",
+            "mysql2.Connection;mysql2.PoolConnection;",
+            "mysql2.Connection;mysql2.authPlugins;Argument[0].Member[connection]",
+            "mysql2.Connection;mysql2;Member[createConnection].ReturnValue",
+            "mysql2.ConnectionOptions;mysql2.PoolOptions;",
+            "mysql2.ConnectionOptions;mysql2/promise.Connection;Member[changeUser].Argument[0]",
+            "mysql2.ConnectionOptions;mysql2/promise.Connection;Member[config]",
+            "mysql2.ConnectionOptions;mysql2/promise;Member[createConnection].Argument[0]",
+            "mysql2.ConnectionOptions;mysql2;Member[createConnection].Argument[0]",
+            "mysql2.Pool;mysql2.Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
+            "mysql2.Pool;mysql2;Member[createPool].ReturnValue",
+            "mysql2.PoolConnection;mysql2.Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
+            "mysql2.PoolConnection;mysql2.Pool;Member[getConnection].Argument[0].Argument[1]",
+            "mysql2.PoolOptions;mysql2/promise;Member[createPool].Argument[0]",
+            "mysql2.PoolOptions;mysql2;Member[createPool].Argument[0]",
+            "mysql2.authPlugins;mysql2.ConnectionOptions;Member[authPlugins].AnyMember",
+            "mysql2/promise.Connection;mysql2.Connection;Member[promise].ReturnValue",
+            "mysql2/promise.Connection;mysql2/promise.PoolConnection;",
+            "mysql2/promise.Connection;mysql2/promise;Member[createConnection].ReturnValue.Awaited",
+            "mysql2/promise.Pool;mysql2.Pool;Member[promise].ReturnValue",
+            "mysql2/promise.Pool;mysql2/promise.Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
+            "mysql2/promise.Pool;mysql2/promise;Member[createPool].ReturnValue",
+            "mysql2/promise.PoolConnection;mysql2.PoolConnection;Member[promise].ReturnValue",
+            "mysql2/promise.PoolConnection;mysql2/promise.Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]",
+            "mysql2/promise.PoolConnection;mysql2/promise.Pool;Member[getConnection].ReturnValue.Awaited",
+            "mysql2/typings/mysql.Connection;mysql2.Connection;",
+            "mysql2/typings/mysql.Connection;mysql2.Pool;",
+            "mysql2/typings/mysql.PoolConnection;mysql2.PoolConnection;",
+            "mysql2/typings/mysql/lib/Connection;mysql2/typings/mysql.Connection;",
+            "mysql2/typings/mysql/lib/Connection;mysql2/typings/mysql/lib/PoolConnection;",
+            "mysql2/typings/mysql/lib/PoolConnection;mysql2/typings/mysql.PoolConnection;"
         ],
         "summaries": [
-            "mysql2/promise;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
-            "mysql2/typings/mysql/lib/Connection;;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
-            "mysql2;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type"
+            "mysql2.Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
+            "mysql2/promise.Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
+            "mysql2/typings/mysql/lib/Connection;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type"
         ],
         "typeVariables": []
     }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.yml
new file mode 100644
index 00000000000..506dc42b7c3
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/mysql/model.yml
@@ -0,0 +1,70 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [mysql.Connection, mysql.Pool, "Member[on,addListener].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]"]
+      - [mysql.Connection, mysql.PoolConnection, ""]
+      - [mysql.Connection, mysql.Query, "Member[RowDataPacket].Argument[2]"]
+      - [mysql.Connection, mysql, "Member[createConnection].ReturnValue"]
+      - [mysql.ConnectionConfig, mysql.Connection, "Member[config]"]
+      - [mysql.ConnectionConfig, mysql.PoolConfig, ""]
+      - [mysql.ConnectionConfig, mysql, "Member[createConnection].Argument[0]"]
+      - [mysql.ConnectionOptions, mysql.Connection, "Member[changeUser].WithArity[1,2].Argument[0]"]
+      - [mysql.ConnectionOptions, mysql.ConnectionConfig, ""]
+      - [mysql.Pool, mysql.PoolCluster, "Member[of].ReturnValue"]
+      - [mysql.Pool, mysql, "Member[createPool].ReturnValue"]
+      - [mysql.PoolCluster, mysql, "Member[createPoolCluster].ReturnValue"]
+      - [mysql.PoolConfig, mysql.PoolCluster, "Member[add].Argument[1]"]
+      - [mysql.PoolConfig, mysql.PoolCluster, "Member[add].WithArity[1].Argument[0]"]
+      - [mysql.PoolConfig, mysql, "Member[createPool].Argument[0]"]
+      - [mysql.PoolConnection, mysql.Pool, "Member[acquireConnection].Argument[0]"]
+      - [mysql.PoolConnection, mysql.Pool, "Member[acquireConnection].Argument[1].Argument[1]"]
+      - [mysql.PoolConnection, mysql.Pool, "Member[getConnection].Argument[0].Argument[1]"]
+      - [mysql.PoolConnection, mysql.PoolCluster, "Member[getConnection].Argument[1,2].Argument[1]"]
+      - [mysql.PoolConnection, mysql.PoolCluster, "Member[getConnection].WithArity[1].Argument[0].Argument[1]"]
+      - [mysql.Query, mysql.Query, "Member[on].ReturnValue"]
+      - [mysql.Query, mysql.QueryFunction, ReturnValue]
+      - [mysql.Query, mysql.QueryFunction, "WithArity[1].Argument[0]"]
+      - [mysql.QueryFunction, mysql.Connection, "Member[createQuery,query]"]
+      - [mysql.QueryFunction, mysql.Pool, "Member[query]"]
+      - [mysql2.Connection, mysql2.PoolConnection, ""]
+      - [mysql2.Connection, mysql2.authPlugins, "Argument[0].Member[connection]"]
+      - [mysql2.Connection, mysql2, "Member[createConnection].ReturnValue"]
+      - [mysql2.ConnectionOptions, mysql2.PoolOptions, ""]
+      - [mysql2.ConnectionOptions, "mysql2/promise.Connection", "Member[changeUser].Argument[0]"]
+      - [mysql2.ConnectionOptions, "mysql2/promise.Connection", "Member[config]"]
+      - [mysql2.ConnectionOptions, "mysql2/promise", "Member[createConnection].Argument[0]"]
+      - [mysql2.ConnectionOptions, mysql2, "Member[createConnection].Argument[0]"]
+      - [mysql2.Pool, mysql2.Pool, "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue"]
+      - [mysql2.Pool, mysql2, "Member[createPool].ReturnValue"]
+      - [mysql2.PoolConnection, mysql2.Pool, "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]"]
+      - [mysql2.PoolConnection, mysql2.Pool, "Member[getConnection].Argument[0].Argument[1]"]
+      - [mysql2.PoolOptions, "mysql2/promise", "Member[createPool].Argument[0]"]
+      - [mysql2.PoolOptions, mysql2, "Member[createPool].Argument[0]"]
+      - [mysql2.authPlugins, mysql2.ConnectionOptions, "Member[authPlugins].AnyMember"]
+      - ["mysql2/promise.Connection", mysql2.Connection, "Member[promise].ReturnValue"]
+      - ["mysql2/promise.Connection", "mysql2/promise.PoolConnection", ""]
+      - ["mysql2/promise.Connection", "mysql2/promise", "Member[createConnectionPromise].ReturnValue.Awaited"]
+      - ["mysql2/promise.Connection", "mysql2/promise", "Member[createConnection].ReturnValue.Awaited"]
+      - ["mysql2/promise.Connection", mysql2, "Member[createConnectionPromise].ReturnValue.Awaited"]
+      - ["mysql2/promise.Pool", mysql2.Pool, "Member[promise].ReturnValue"]
+      - ["mysql2/promise.Pool", "mysql2/promise.Pool", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue"]
+      - ["mysql2/promise.Pool", "mysql2/promise", "Member[createPool].ReturnValue"]
+      - ["mysql2/promise.PoolConnection", mysql2.PoolConnection, "Member[promise].ReturnValue"]
+      - ["mysql2/promise.PoolConnection", "mysql2/promise.Pool", "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connection,0=release].Argument[1].Argument[0]"]
+      - ["mysql2/promise.PoolConnection", "mysql2/promise.Pool", "Member[getConnection].ReturnValue.Awaited"]
+      - ["mysql2/typings/mysql.Connection", mysql2.Connection, ""]
+      - ["mysql2/typings/mysql.Connection", mysql2.Pool, ""]
+      - ["mysql2/typings/mysql.PoolConnection", mysql2.PoolConnection, ""]
+      - ["mysql2/typings/mysql/lib/Connection", "mysql2/typings/mysql.Connection", ""]
+      - ["mysql2/typings/mysql/lib/Connection", "mysql2/typings/mysql/lib/PoolConnection", ""]
+      - ["mysql2/typings/mysql/lib/PoolConnection", "mysql2/typings/mysql.PoolConnection", ""]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - [mysql2.Pool, "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+      - ["mysql2/promise.Pool", "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+      - ["mysql2/typings/mysql/lib/Connection", "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/pg/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/pg/Model.qll
deleted file mode 100644
index 82a43df3174..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/pg/Model.qll
+++ /dev/null
@@ -1,120 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "events;;pg-cursor;;", //
-        "events;;pg-promise/pg-subset;pg.IClient;", //
-        "events;;pg-promise/pg-subset;pg.IConnection;", //
-        "events;;pg-promise/pg-subset;pg.IPool;", //
-        "events;;pg;ClientBase;", //
-        "events;;pg;Events;", //
-        "events;;pg;Pool;", //
-        "global;NodeJS.EventEmitter;events;;", //
-        "pg-cursor;;pg-cursor;Static;Instance", //
-        "pg-cursor;Static;pg-cursor;;", //
-        "pg-pool;;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", //
-        "pg-pool;;pg-pool;Static;Instance", //
-        "pg-pool;Static;pg-pool;;", //
-        "pg-promise/pg-subset;pg.IClient;pg-promise/pg-subset;;Member[Client].Instance", //
-        "pg-promise/pg-subset;pg.IClient;pg-promise;;Argument[0].TypeVar[pg-promise.IInitOptions.1]", //
-        "pg-promise/pg-subset;pg.IClient;pg-promise;IMain;Argument[0].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]", //
-        "pg-promise/pg-subset;pg.IClient;pg-promise;IMain;ReturnValue.TypeVar[pg-promise.IDatabase.1]", //
-        "pg-promise/pg-subset;pg.IConnection;pg-promise/pg-subset;pg.IClient;Member[connection]", //
-        "pg-promise/pg-subset;pg.IPool;pg-promise;IDatabase;Member[$pool]", //
-        "pg-promise;IBaseProtocol;pg-promise/typescript/pg-promise;IBaseProtocol;", //
-        "pg-promise;IBaseProtocol;pg-promise;IConnected;", //
-        "pg-promise;IBaseProtocol;pg-promise;IDatabase;", //
-        "pg-promise;IBaseProtocol;pg-promise;ITask;", //
-        "pg-promise;IConnected;pg-promise/typescript/pg-promise;IConnected;", //
-        "pg-promise;IConnected;pg-promise;IDatabase;Member[connect].ReturnValue.Awaited", //
-        "pg-promise;IDatabase;pg-promise/typescript/pg-promise;IDatabase;", //
-        "pg-promise;IDatabase;pg-promise;IInitOptions;Member[extend].Argument[0]", //
-        "pg-promise;IDatabase;pg-promise;IMain;ReturnValue", //
-        "pg-promise;IInitOptions;pg-promise/typescript/pg-promise;IInitOptions;", //
-        "pg-promise;IInitOptions;pg-promise;;Argument[0]", //
-        "pg-promise;IInitOptions;pg-promise;ILibConfig;Member[options]", //
-        "pg-promise;ILibConfig;pg-promise/typescript/pg-promise;ILibConfig;", //
-        "pg-promise;ILibConfig;pg-promise;IDatabase;Member[$config]", //
-        "pg-promise;IMain;pg-promise/typescript/pg-promise;IMain;", //
-        "pg-promise;IMain;pg-promise;;ReturnValue", //
-        "pg-promise;IMain;pg-promise;ILibConfig;Member[pgp]", //
-        "pg-promise;ITask;pg-promise/typescript/pg-promise;ITask;", //
-        "pg-promise;ITask;pg-promise;IBaseProtocol;Member[task,taskIf,tx,txIf].Argument[1].Argument[0]", //
-        "pg-promise;ITask;pg-promise;IBaseProtocol;Member[task,taskIf,tx,txIf].WithArity[1].Argument[0].Argument[0]", //
-        "pg-promise;ITask;pg-promise;IBaseProtocol;Member[taskIf].WithArity[2].Argument[0].Member[cnd].Argument[0]", //
-        "pg-promise;ITask;pg-promise;IBaseProtocol;Member[txIf].WithArity[2].Argument[0].Member[cnd,reusable].Argument[0]", //
-        "pg;Client;pg-pool;Static;Instance.TypeVar[pg-pool..0]", //
-        "pg;Client;pg-promise/pg-subset;pg.IClient;", //
-        "pg;Client;pg;ClientStatic;Instance", //
-        "pg;Client;pg;Events;Member[addListener,on,once,prependListener,prependOnceListener].Argument[1].Argument[1]", //
-        "pg;ClientBase;pg;Client;", //
-        "pg;ClientBase;pg;PoolClient;", //
-        "pg;ClientStatic;pg;;Member[Client]", //
-        "pg;Connection;pg-promise/pg-subset;pg.IConnection;", //
-        "pg;Events;pg;Events;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", //
-        "pg;Events;pg;EventsStatic;Instance", //
-        "pg;EventsStatic;pg;;Member[Events]", //
-        "pg;Pool;pg-pool;;", //
-        "pg;Pool;pg-promise/pg-subset;pg.IPool;", //
-        "pg;Pool;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", //
-        "pg;Pool;pg;PoolStatic;Instance", //
-        "pg;PoolClient;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]", //
-        "pg;PoolClient;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]", //
-        "pg;PoolClient;pg-pool;;Member[connect].Argument[0].Argument[1]", //
-        "pg;PoolClient;pg-pool;;Member[connect].WithArity[0].ReturnValue.Awaited", //
-        "pg;PoolClient;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]", //
-        "pg;PoolClient;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]", //
-        "pg;PoolClient;pg;Pool;Member[connect].Argument[0].Argument[1]", //
-        "pg;PoolClient;pg;Pool;Member[connect].WithArity[0].ReturnValue.Awaited", //
-        "pg;PoolStatic;pg;;Member[Pool]", //
-      ]
-  }
-}
-
-private class Summaries extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "global;NodeJS.EventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type", //
-        "pg-pool;;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-        "pg;ClientBase;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-        "pg;Events;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-        "pg;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type", //
-      ]
-  }
-}
-
-private class TypeVariables extends ModelInput::TypeVariableModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "pg-pool..0;Member[Client].TypeVar[pg-pool.ClientLikeCtr.0]", //
-        "pg-pool..0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]", //
-        "pg-pool..0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]", //
-        "pg-pool..0;Member[connect].Argument[0].Argument[1]", //
-        "pg-pool..0;Member[connect].WithArity[0].ReturnValue.Awaited", //
-        "pg-pool.ClientLikeCtr.0;Instance", //
-        "pg-promise.IConnected.1;Member[client]", //
-        "pg-promise.IConnectionOptions.0;Member[onLost].Argument[1].TypeVar[pg-promise.ILostContext.0]", //
-        "pg-promise.IDatabase.1;Member[$cn].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]", //
-        "pg-promise.IDatabase.1;Member[$config].TypeVar[pg-promise.ILibConfig.1]", //
-        "pg-promise.IDatabase.1;Member[connect].Argument[0].TypeVar[pg-promise.IConnectionOptions.0]", //
-        "pg-promise.IDatabase.1;Member[connect].ReturnValue.Awaited.TypeVar[pg-promise.IConnected.1]", //
-        "pg-promise.IEventContext.0;Member[client]", //
-        "pg-promise.IInitOptions.1;Member[connect,disconnect].Argument[0]", //
-        "pg-promise.IInitOptions.1;Member[error].Argument[1].TypeVar[pg-promise.IEventContext.0]", //
-        "pg-promise.IInitOptions.1;Member[extend].Argument[0].TypeVar[pg-promise.IDatabase.1]", //
-        "pg-promise.IInitOptions.1;Member[query,task,transact].Argument[0].TypeVar[pg-promise.IEventContext.0]", //
-        "pg-promise.IInitOptions.1;Member[receive].Argument[2].TypeVar[pg-promise.IEventContext.0]", //
-        "pg-promise.ILibConfig.1;Member[options].TypeVar[pg-promise.IInitOptions.1]", //
-        "pg-promise.ILibConfig.1;Member[pgp].TypeVar[pg-promise.IMain.1]", //
-        "pg-promise.ILostContext.0;Member[client]", //
-        "pg-promise/pg-promise.XPromise.0;Awaited", //
-        "pg-promise/pg-subset.pg.IConnectionParameters.0;Member[Client].Instance", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/pg/model.json b/javascript/ql/lib/semmle/javascript/frameworks/pg/model.json
index 50e1c6c8949..783759df4b9 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/pg/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/pg/model.json
@@ -18,103 +18,103 @@
     "language": "javascript",
     "usedTypes": {
         "sources": [
-            "pg-cursor;",
-            "pg-pool;",
-            "pg-promise;IBaseProtocol",
-            "pg;Client",
-            "pg;ClientStatic",
-            "pg;Pool",
-            "pg;PoolClient",
-            "pg;PoolStatic"
+            "pg-cursor",
+            "pg-pool",
+            "pg-promise.IBaseProtocol",
+            "pg.Client",
+            "pg.ClientStatic",
+            "pg.Pool",
+            "pg.PoolClient",
+            "pg.PoolStatic"
         ]
     },
     "model": {
         "typeDefinitions": [
-            "pg;Client;pg-promise/pg-subset;pg.IClient;",
-            "pg;Connection;pg-promise/pg-subset;pg.IConnection;",
-            "pg;Pool;pg-promise/pg-subset;pg.IPool;"
+            "pg.Client;pg-promise/pg-subset.pg.IClient;",
+            "pg.Connection;pg-promise/pg-subset.pg.IConnection;",
+            "pg.Pool;pg-promise/pg-subset.pg.IPool;"
         ],
         "sinks": []
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "events;;pg-cursor;;",
-            "events;;pg-promise/pg-subset;pg.IClient;",
-            "events;;pg-promise/pg-subset;pg.IConnection;",
-            "events;;pg-promise/pg-subset;pg.IPool;",
-            "events;;pg;ClientBase;",
-            "events;;pg;Events;",
-            "events;;pg;Pool;",
-            "global;NodeJS.EventEmitter;events;;",
-            "pg-cursor;;pg-cursor;Static;Instance",
-            "pg-cursor;Static;pg-cursor;;",
-            "pg-pool;;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
-            "pg-pool;;pg-pool;Static;Instance",
-            "pg-pool;Static;pg-pool;;",
-            "pg-promise/pg-subset;pg.IClient;pg-promise/pg-subset;;Member[Client].Instance",
-            "pg-promise/pg-subset;pg.IClient;pg-promise;;Argument[0].TypeVar[pg-promise.IInitOptions.1]",
-            "pg-promise/pg-subset;pg.IClient;pg-promise;IMain;Argument[0].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]",
-            "pg-promise/pg-subset;pg.IClient;pg-promise;IMain;ReturnValue.TypeVar[pg-promise.IDatabase.1]",
-            "pg-promise/pg-subset;pg.IConnection;pg-promise/pg-subset;pg.IClient;Member[connection]",
-            "pg-promise/pg-subset;pg.IPool;pg-promise;IDatabase;Member[$pool]",
-            "pg-promise;IBaseProtocol;pg-promise/typescript/pg-promise;IBaseProtocol;",
-            "pg-promise;IBaseProtocol;pg-promise;IConnected;",
-            "pg-promise;IBaseProtocol;pg-promise;IDatabase;",
-            "pg-promise;IBaseProtocol;pg-promise;ITask;",
-            "pg-promise;IConnected;pg-promise/typescript/pg-promise;IConnected;",
-            "pg-promise;IConnected;pg-promise;IDatabase;Member[connect].ReturnValue.Awaited",
-            "pg-promise;IDatabase;pg-promise/typescript/pg-promise;IDatabase;",
-            "pg-promise;IDatabase;pg-promise;IInitOptions;Member[extend].Argument[0]",
-            "pg-promise;IDatabase;pg-promise;IMain;ReturnValue",
-            "pg-promise;IInitOptions;pg-promise/typescript/pg-promise;IInitOptions;",
-            "pg-promise;IInitOptions;pg-promise;;Argument[0]",
-            "pg-promise;IInitOptions;pg-promise;ILibConfig;Member[options]",
-            "pg-promise;ILibConfig;pg-promise/typescript/pg-promise;ILibConfig;",
-            "pg-promise;ILibConfig;pg-promise;IDatabase;Member[$config]",
-            "pg-promise;IMain;pg-promise/typescript/pg-promise;IMain;",
-            "pg-promise;IMain;pg-promise;;ReturnValue",
-            "pg-promise;IMain;pg-promise;ILibConfig;Member[pgp]",
-            "pg-promise;ITask;pg-promise/typescript/pg-promise;ITask;",
-            "pg-promise;ITask;pg-promise;IBaseProtocol;Member[task,taskIf,tx,txIf].Argument[1].Argument[0]",
-            "pg-promise;ITask;pg-promise;IBaseProtocol;Member[task,taskIf,tx,txIf].WithArity[1].Argument[0].Argument[0]",
-            "pg-promise;ITask;pg-promise;IBaseProtocol;Member[taskIf].WithArity[2].Argument[0].Member[cnd].Argument[0]",
-            "pg-promise;ITask;pg-promise;IBaseProtocol;Member[txIf].WithArity[2].Argument[0].Member[cnd,reusable].Argument[0]",
-            "pg;Client;pg-pool;Static;Instance.TypeVar[pg-pool..0]",
-            "pg;Client;pg;ClientStatic;Instance",
-            "pg;Client;pg;Events;Member[addListener,on,once,prependListener,prependOnceListener].Argument[1].Argument[1]",
-            "pg;ClientBase;pg;Client;",
-            "pg;ClientBase;pg;PoolClient;",
-            "pg;ClientStatic;pg;;Member[Client]",
-            "pg;Events;pg;Events;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
-            "pg;Events;pg;EventsStatic;Instance",
-            "pg;EventsStatic;pg;;Member[Events]",
-            "pg;Pool;pg-pool;;",
-            "pg;Pool;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
-            "pg;Pool;pg;PoolStatic;Instance",
-            "pg;PoolClient;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
-            "pg;PoolClient;pg-pool;;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
-            "pg;PoolClient;pg-pool;;Member[connect].Argument[0].Argument[1]",
-            "pg;PoolClient;pg-pool;;Member[connect].WithArity[0].ReturnValue.Awaited",
-            "pg;PoolClient;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
-            "pg;PoolClient;pg;Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
-            "pg;PoolClient;pg;Pool;Member[connect].Argument[0].Argument[1]",
-            "pg;PoolClient;pg;Pool;Member[connect].WithArity[0].ReturnValue.Awaited",
-            "pg;PoolStatic;pg;;Member[Pool]"
+            "events;pg-cursor;",
+            "events;pg-promise/pg-subset.pg.IClient;",
+            "events;pg-promise/pg-subset.pg.IConnection;",
+            "events;pg-promise/pg-subset.pg.IPool;",
+            "events;pg.ClientBase;",
+            "events;pg.Events;",
+            "events;pg.Pool;",
+            "global.NodeJS.EventEmitter;events;",
+            "pg-cursor.Static;pg-cursor;",
+            "pg-cursor;pg-cursor.Static;Instance",
+            "pg-pool.Static;pg-pool;",
+            "pg-pool;pg-pool.Static;Instance",
+            "pg-pool;pg-pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
+            "pg-promise.IBaseProtocol;pg-promise.IConnected;",
+            "pg-promise.IBaseProtocol;pg-promise.IDatabase;",
+            "pg-promise.IBaseProtocol;pg-promise.ITask;",
+            "pg-promise.IBaseProtocol;pg-promise/typescript/pg-promise.IBaseProtocol;",
+            "pg-promise.IConnected;pg-promise.IDatabase;Member[connect].ReturnValue.Awaited",
+            "pg-promise.IConnected;pg-promise/typescript/pg-promise.IConnected;",
+            "pg-promise.IDatabase;pg-promise.IInitOptions;Member[extend].Argument[0]",
+            "pg-promise.IDatabase;pg-promise.IMain;ReturnValue",
+            "pg-promise.IDatabase;pg-promise/typescript/pg-promise.IDatabase;",
+            "pg-promise.IInitOptions;pg-promise.ILibConfig;Member[options]",
+            "pg-promise.IInitOptions;pg-promise/typescript/pg-promise.IInitOptions;",
+            "pg-promise.IInitOptions;pg-promise;Argument[0]",
+            "pg-promise.ILibConfig;pg-promise.IDatabase;Member[$config]",
+            "pg-promise.ILibConfig;pg-promise/typescript/pg-promise.ILibConfig;",
+            "pg-promise.IMain;pg-promise.ILibConfig;Member[pgp]",
+            "pg-promise.IMain;pg-promise/typescript/pg-promise.IMain;",
+            "pg-promise.IMain;pg-promise;ReturnValue",
+            "pg-promise.ITask;pg-promise.IBaseProtocol;Member[task,taskIf,tx,txIf].Argument[1].Argument[0]",
+            "pg-promise.ITask;pg-promise.IBaseProtocol;Member[task,taskIf,tx,txIf].WithArity[1].Argument[0].Argument[0]",
+            "pg-promise.ITask;pg-promise.IBaseProtocol;Member[taskIf].WithArity[2].Argument[0].Member[cnd].Argument[0]",
+            "pg-promise.ITask;pg-promise.IBaseProtocol;Member[txIf].WithArity[2].Argument[0].Member[cnd,reusable].Argument[0]",
+            "pg-promise.ITask;pg-promise/typescript/pg-promise.ITask;",
+            "pg-promise/pg-subset.pg.IClient;pg-promise.IMain;Argument[0].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]",
+            "pg-promise/pg-subset.pg.IClient;pg-promise.IMain;ReturnValue.TypeVar[pg-promise.IDatabase.1]",
+            "pg-promise/pg-subset.pg.IClient;pg-promise/pg-subset;Member[Client].Instance",
+            "pg-promise/pg-subset.pg.IClient;pg-promise;Argument[0].TypeVar[pg-promise.IInitOptions.1]",
+            "pg-promise/pg-subset.pg.IConnection;pg-promise/pg-subset.pg.IClient;Member[connection]",
+            "pg-promise/pg-subset.pg.IPool;pg-promise.IDatabase;Member[$pool]",
+            "pg.Client;pg-pool.Static;Instance.TypeVar[pg-pool.0]",
+            "pg.Client;pg.ClientStatic;Instance",
+            "pg.Client;pg.Events;Member[addListener,on,once,prependListener,prependOnceListener].Argument[1].Argument[1]",
+            "pg.ClientBase;pg.Client;",
+            "pg.ClientBase;pg.PoolClient;",
+            "pg.ClientStatic;pg;Member[Client]",
+            "pg.Events;pg.Events;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
+            "pg.Events;pg.EventsStatic;Instance",
+            "pg.EventsStatic;pg;Member[Events]",
+            "pg.Pool;pg-pool;",
+            "pg.Pool;pg.Pool;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue",
+            "pg.Pool;pg.PoolStatic;Instance",
+            "pg.PoolClient;pg-pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
+            "pg.PoolClient;pg-pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
+            "pg.PoolClient;pg-pool;Member[connect].Argument[0].Argument[1]",
+            "pg.PoolClient;pg-pool;Member[connect].WithArity[0].ReturnValue.Awaited",
+            "pg.PoolClient;pg.Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
+            "pg.PoolClient;pg.Pool;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
+            "pg.PoolClient;pg.Pool;Member[connect].Argument[0].Argument[1]",
+            "pg.PoolClient;pg.Pool;Member[connect].WithArity[0].ReturnValue.Awaited",
+            "pg.PoolStatic;pg;Member[Pool]"
         ],
         "summaries": [
-            "global;NodeJS.EventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type",
-            "pg-pool;;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
-            "pg;ClientBase;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
-            "pg;Events;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
-            "pg;Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type"
+            "global.NodeJS.EventEmitter;;;Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue;type",
+            "pg-pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
+            "pg.ClientBase;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
+            "pg.Events;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type",
+            "pg.Pool;;;Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue;type"
         ],
         "typeVariables": [
-            "pg-pool..0;Member[Client].TypeVar[pg-pool.ClientLikeCtr.0]",
-            "pg-pool..0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
-            "pg-pool..0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
-            "pg-pool..0;Member[connect].Argument[0].Argument[1]",
-            "pg-pool..0;Member[connect].WithArity[0].ReturnValue.Awaited",
+            "pg-pool.0;Member[Client].TypeVar[pg-pool.ClientLikeCtr.0]",
+            "pg-pool.0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]",
+            "pg-pool.0;Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]",
+            "pg-pool.0;Member[connect].Argument[0].Argument[1]",
+            "pg-pool.0;Member[connect].WithArity[0].ReturnValue.Awaited",
             "pg-pool.ClientLikeCtr.0;Instance",
             "pg-promise.IConnected.1;Member[client]",
             "pg-promise.IConnectionOptions.0;Member[onLost].Argument[1].TypeVar[pg-promise.ILostContext.0]",
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/pg/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/pg/model.yml
new file mode 100644
index 00000000000..27207b6aff9
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/pg/model.yml
@@ -0,0 +1,108 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [events, "pg-cursor", ""]
+      - [events, "pg-promise/pg-subset.pg.IClient", ""]
+      - [events, "pg-promise/pg-subset.pg.IConnection", ""]
+      - [events, "pg-promise/pg-subset.pg.IPool", ""]
+      - [events, pg.ClientBase, ""]
+      - [events, pg.Events, ""]
+      - [events, pg.Pool, ""]
+      - [global.NodeJS.EventEmitter, events, ""]
+      - ["pg-cursor.Static", "pg-cursor", ""]
+      - ["pg-cursor", "pg-cursor.Static", Instance]
+      - ["pg-pool.Static", "pg-pool", ""]
+      - ["pg-pool", "pg-pool.Static", Instance]
+      - ["pg-pool", "pg-pool", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue"]
+      - ["pg-promise.IBaseProtocol", "pg-promise.IConnected", ""]
+      - ["pg-promise.IBaseProtocol", "pg-promise.IDatabase", ""]
+      - ["pg-promise.IBaseProtocol", "pg-promise.ITask", ""]
+      - ["pg-promise.IBaseProtocol", "pg-promise/typescript/pg-promise.IBaseProtocol", ""]
+      - ["pg-promise.IConnected", "pg-promise.IDatabase", "Member[connect].ReturnValue.Awaited"]
+      - ["pg-promise.IConnected", "pg-promise/typescript/pg-promise.IConnected", ""]
+      - ["pg-promise.IDatabase", "pg-promise.IInitOptions", "Member[extend].Argument[0]"]
+      - ["pg-promise.IDatabase", "pg-promise.IMain", ReturnValue]
+      - ["pg-promise.IDatabase", "pg-promise/typescript/pg-promise.IDatabase", ""]
+      - ["pg-promise.IInitOptions", "pg-promise.ILibConfig", "Member[options]"]
+      - ["pg-promise.IInitOptions", "pg-promise/typescript/pg-promise.IInitOptions", ""]
+      - ["pg-promise.IInitOptions", "pg-promise", "Argument[0]"]
+      - ["pg-promise.ILibConfig", "pg-promise.IDatabase", "Member[$config]"]
+      - ["pg-promise.ILibConfig", "pg-promise/typescript/pg-promise.ILibConfig", ""]
+      - ["pg-promise.IMain", "pg-promise.ILibConfig", "Member[pgp]"]
+      - ["pg-promise.IMain", "pg-promise/typescript/pg-promise.IMain", ""]
+      - ["pg-promise.IMain", "pg-promise", ReturnValue]
+      - ["pg-promise.ITask", "pg-promise.IBaseProtocol", "Member[task,taskIf,tx,txIf].Argument[1].Argument[0]"]
+      - ["pg-promise.ITask", "pg-promise.IBaseProtocol", "Member[task,taskIf,tx,txIf].WithArity[1].Argument[0].Argument[0]"]
+      - ["pg-promise.ITask", "pg-promise.IBaseProtocol", "Member[taskIf].WithArity[2].Argument[0].Member[cnd].Argument[0]"]
+      - ["pg-promise.ITask", "pg-promise.IBaseProtocol", "Member[txIf].WithArity[2].Argument[0].Member[cnd,reusable].Argument[0]"]
+      - ["pg-promise.ITask", "pg-promise/typescript/pg-promise.ITask", ""]
+      - ["pg-promise/pg-subset.pg.IClient", "pg-promise.IMain", "Argument[0].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]"]
+      - ["pg-promise/pg-subset.pg.IClient", "pg-promise.IMain", "ReturnValue.TypeVar[pg-promise.IDatabase.1]"]
+      - ["pg-promise/pg-subset.pg.IClient", "pg-promise/pg-subset", "Member[Client].Instance"]
+      - ["pg-promise/pg-subset.pg.IClient", "pg-promise", "Argument[0].TypeVar[pg-promise.IInitOptions.1]"]
+      - ["pg-promise/pg-subset.pg.IConnection", "pg-promise/pg-subset.pg.IClient", "Member[connection]"]
+      - ["pg-promise/pg-subset.pg.IPool", "pg-promise.IDatabase", "Member[$pool]"]
+      - [pg.Client, "pg-pool.Static", "Instance.TypeVar[pg-pool.0]"]
+      - [pg.Client, "pg-promise/pg-subset.pg.IClient", ""]
+      - [pg.Client, pg.ClientStatic, Instance]
+      - [pg.Client, pg.Events, "Member[addListener,on,once,prependListener,prependOnceListener].Argument[1].Argument[1]"]
+      - [pg.ClientBase, pg.Client, ""]
+      - [pg.ClientBase, pg.PoolClient, ""]
+      - [pg.ClientStatic, pg, "Member[Client]"]
+      - [pg.Connection, "pg-promise/pg-subset.pg.IConnection", ""]
+      - [pg.Events, pg.Events, "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue"]
+      - [pg.Events, pg.EventsStatic, Instance]
+      - [pg.EventsStatic, pg, "Member[Events]"]
+      - [pg.Pool, "pg-pool", ""]
+      - [pg.Pool, "pg-promise/pg-subset.pg.IPool", ""]
+      - [pg.Pool, pg.Pool, "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue"]
+      - [pg.Pool, pg.PoolStatic, Instance]
+      - [pg.PoolClient, "pg-pool", "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]"]
+      - [pg.PoolClient, "pg-pool", "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]"]
+      - [pg.PoolClient, "pg-pool", "Member[connect].Argument[0].Argument[1]"]
+      - [pg.PoolClient, "pg-pool", "Member[connect].WithArity[0].ReturnValue.Awaited"]
+      - [pg.PoolClient, pg.Pool, "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]"]
+      - [pg.PoolClient, pg.Pool, "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]"]
+      - [pg.PoolClient, pg.Pool, "Member[connect].Argument[0].Argument[1]"]
+      - [pg.PoolClient, pg.Pool, "Member[connect].WithArity[0].ReturnValue.Awaited"]
+      - [pg.PoolStatic, pg, "Member[Pool]"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - [global.NodeJS.EventEmitter, "", "", "Member[addListener,off,on,once,prependListener,prependOnceListener,removeAllListeners,removeListener,setMaxListeners].ReturnValue", type]
+      - ["pg-pool", "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+      - [pg.ClientBase, "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+      - [pg.Events, "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+      - [pg.Pool, "", "", "Member[addListener,on,once,prependListener,prependOnceListener].ReturnValue", type]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data:
+      - ["pg-pool.0", "Member[Client].TypeVar[pg-pool.ClientLikeCtr.0]"]
+      - ["pg-pool.0", "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=acquire,0=connect,0=remove].Argument[1].Argument[0]"]
+      - ["pg-pool.0", "Member[addListener,on,once,prependListener,prependOnceListener].WithArity[2].WithStringArgument[0=error].Argument[1].Argument[1]"]
+      - ["pg-pool.0", "Member[connect].Argument[0].Argument[1]"]
+      - ["pg-pool.0", "Member[connect].WithArity[0].ReturnValue.Awaited"]
+      - ["pg-pool.ClientLikeCtr.0", Instance]
+      - ["pg-promise.IConnected.1", "Member[client]"]
+      - ["pg-promise.IConnectionOptions.0", "Member[onLost].Argument[1].TypeVar[pg-promise.ILostContext.0]"]
+      - ["pg-promise.IDatabase.1", "Member[$cn].TypeVar[pg-promise/pg-subset.pg.IConnectionParameters.0]"]
+      - ["pg-promise.IDatabase.1", "Member[$config].TypeVar[pg-promise.ILibConfig.1]"]
+      - ["pg-promise.IDatabase.1", "Member[connect].Argument[0].TypeVar[pg-promise.IConnectionOptions.0]"]
+      - ["pg-promise.IDatabase.1", "Member[connect].ReturnValue.Awaited.TypeVar[pg-promise.IConnected.1]"]
+      - ["pg-promise.IEventContext.0", "Member[client]"]
+      - ["pg-promise.IInitOptions.1", "Member[connect,disconnect].Argument[0]"]
+      - ["pg-promise.IInitOptions.1", "Member[error].Argument[1].TypeVar[pg-promise.IEventContext.0]"]
+      - ["pg-promise.IInitOptions.1", "Member[extend].Argument[0].TypeVar[pg-promise.IDatabase.1]"]
+      - ["pg-promise.IInitOptions.1", "Member[query,task,transact].Argument[0].TypeVar[pg-promise.IEventContext.0]"]
+      - ["pg-promise.IInitOptions.1", "Member[receive].Argument[2].TypeVar[pg-promise.IEventContext.0]"]
+      - ["pg-promise.ILibConfig.1", "Member[options].TypeVar[pg-promise.IInitOptions.1]"]
+      - ["pg-promise.ILibConfig.1", "Member[pgp].TypeVar[pg-promise.IMain.1]"]
+      - ["pg-promise.ILostContext.0", "Member[client]"]
+      - ["pg-promise/pg-promise.XPromise.0", Awaited]
+      - ["pg-promise/pg-subset.pg.IConnectionParameters.0", "Member[Client].Instance"]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/Model.qll
deleted file mode 100644
index f9c06c3739a..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/Model.qll
+++ /dev/null
@@ -1,297 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Sinks extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sequelize;;Argument[0..].Member[password];credentials[password]", //
-        "sequelize;;Argument[0..].Member[username];credentials[username]", //
-        "sequelize;;Argument[1];credentials[username]", //
-        "sequelize;;Argument[2];credentials[password]", //
-        "sequelize;Sequelize;Member[query].Argument[0].Member[query];sql-injection", //
-        "sequelize;Sequelize;Member[query].Argument[0];sql-injection", //
-        "sequelize;SequelizeStaticAndInstance;Member[asIs,literal].Argument[0];sql-injection", //
-      ]
-  }
-}
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sequelize-typescript/associations/foreign-key/foreign-key-meta;ForeignKeyMeta;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[getForeignKeys].ReturnValue.ArrayElement", //
-        "sequelize-typescript/model/model/association/association-create-options;AssociationCreateOptions;sequelize-typescript;Model;Member[$create].Argument[2]", //
-        "sequelize-typescript/model/shared/model-not-initialized-error;ModelNotInitializedErrorStatic;sequelize-typescript/model/shared/model-not-initialized-error;;Member[ModelNotInitializedError]", //
-        "sequelize-typescript;AssociationCountOptions;sequelize-typescript/model/model/association/association-count-options;AssociationCountOptions;", //
-        "sequelize-typescript;AssociationCountOptions;sequelize-typescript;Model;Member[$count].Argument[1]", //
-        "sequelize-typescript;AssociationGetOptions;sequelize-typescript/model/model/association/association-get-options;AssociationGetOptions;", //
-        "sequelize-typescript;AssociationGetOptions;sequelize-typescript;Model;Member[$get].Argument[1]", //
-        "sequelize-typescript;AssociationGetOptions;sequelize-typescript;Model;Member[$has].Argument[2]", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[addAssociation].Argument[1]", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[setAssociations].Argument[1].ArrayElement", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/base-association;BaseAssociation;", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[addAssociation].Argument[1]", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[setAssociations].Argument[1].ArrayElement", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;BaseAssociationStatic;Instance", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;BelongsToAssociation;", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;BelongsToManyAssociation;", //
-        "sequelize-typescript;BaseAssociation;sequelize-typescript;HasAssociation;", //
-        "sequelize-typescript;BaseAssociationStatic;sequelize-typescript/associations/shared/base-association;;Member[BaseAssociation]", //
-        "sequelize-typescript;BaseAssociationStatic;sequelize-typescript/associations/shared/base-association;BaseAssociationStatic;", //
-        "sequelize-typescript;BaseAssociationStatic;sequelize-typescript;;Member[BaseAssociation]", //
-        "sequelize-typescript;BelongsToAssociation;sequelize-typescript/associations/belongs-to/belongs-to-association;BelongsToAssociation;", //
-        "sequelize-typescript;BelongsToAssociation;sequelize-typescript;BelongsToAssociationStatic;Instance", //
-        "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association;;Member[BelongsToAssociation]", //
-        "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association;BelongsToAssociationStatic;", //
-        "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript;;Member[BelongsToAssociation]", //
-        "sequelize-typescript;BelongsToManyAssociation;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;BelongsToManyAssociation;", //
-        "sequelize-typescript;BelongsToManyAssociation;sequelize-typescript;BelongsToManyAssociationStatic;Instance", //
-        "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;;Member[BelongsToManyAssociation]", //
-        "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;BelongsToManyAssociationStatic;", //
-        "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript;;Member[BelongsToManyAssociation]", //
-        "sequelize-typescript;DefaultScopeGetter;sequelize-typescript/scopes/default-scope;;Member[DefaultScope].Argument[0]", //
-        "sequelize-typescript;DefaultScopeGetter;sequelize-typescript/scopes/scope-options;DefaultScopeGetter;", //
-        "sequelize-typescript;DefaultScopeGetter;sequelize-typescript;;Member[DefaultScope].Argument[0]", //
-        "sequelize-typescript;DefaultScopeGetter;sequelize-typescript;ScopeOptionsGetters;Member[getDefaultScope]", //
-        "sequelize-typescript;HasAssociation;sequelize-typescript/associations/has/has-association;HasAssociation;", //
-        "sequelize-typescript;HasAssociation;sequelize-typescript;HasAssociationStatic;Instance", //
-        "sequelize-typescript;HasAssociationStatic;sequelize-typescript/associations/has/has-association;;Member[HasAssociation]", //
-        "sequelize-typescript;HasAssociationStatic;sequelize-typescript/associations/has/has-association;HasAssociationStatic;", //
-        "sequelize-typescript;HasAssociationStatic;sequelize-typescript;;Member[HasAssociation]", //
-        "sequelize-typescript;Model;sequelize-typescript/model/model/model;Model;", //
-        "sequelize-typescript;Model;sequelize-typescript;Model;Member[$add,$has,$remove,$set].Argument[1]", //
-        "sequelize-typescript;Model;sequelize-typescript;Model;Member[$add,$has,$remove,$set].Argument[1].ArrayElement", //
-        "sequelize-typescript;Model;sequelize-typescript;Model;Member[$create,reload].ReturnValue.Awaited", //
-        "sequelize-typescript;Model;sequelize-typescript;ModelStatic~;Instance", //
-        "sequelize-typescript;Model;sequelize-typescript;ModelStatic~;Member[initialize].ReturnValue.TypeVar[sequelize-typescript.ModelStatic.0]", //
-        "sequelize-typescript;Model;sequelize-typescript;ModelType;Instance", //
-        "sequelize-typescript;Model;sequelize-typescript;Sequelize;Member[getRepository].Argument[0].Instance", //
-        "sequelize-typescript;Model;sequelize-typescript;Sequelize;Member[getRepository].ReturnValue.TypeVar[sequelize-typescript.Repository.0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/belongs-to-many/belongs-to-many;;Member[BelongsToMany].Argument[0,1]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/belongs-to/belongs-to;;Member[BelongsTo].Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-meta;ForeignKeyMeta;Member[relatedClassGetter]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[addForeignKey].Argument[1]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key;;Member[ForeignKey].Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/has/has-many;;Member[HasMany].Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/has/has-one;;Member[HasOne].Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript/model/shared/model-class-getter;ModelClassGetter;", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;;Member[BelongsTo,ForeignKey,HasMany,HasOne].Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;;Member[BelongsToMany].Argument[0,1]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;BaseAssociationStatic;Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;BelongsToAssociationStatic;Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;BelongsToManyAssociationStatic;Argument[0]", //
-        "sequelize-typescript;ModelClassGetter;sequelize-typescript;HasAssociationStatic;Argument[0]", //
-        "sequelize-typescript;ModelStatic~;sequelize-typescript/model/model/model;;Member[Model]", //
-        "sequelize-typescript;ModelStatic~;sequelize-typescript/model/model/model;ModelStatic~;", //
-        "sequelize-typescript;ModelStatic~;sequelize-typescript/model/shared/model-not-initialized-error;ModelNotInitializedErrorStatic;Argument[0]", //
-        "sequelize-typescript;ModelStatic~;sequelize-typescript;;Member[Model]", //
-        "sequelize-typescript;ModelType;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[getForeignKeyOptions].Argument[0,1]", //
-        "sequelize-typescript;ModelType;sequelize-typescript/model/model/model;ModelType;", //
-        "sequelize-typescript;ModelType;sequelize-typescript;BaseAssociation;Member[getAssociatedClass].ReturnValue", //
-        "sequelize-typescript;ModelType;sequelize-typescript;BaseAssociation;Member[getSequelizeOptions].Argument[0]", //
-        "sequelize-typescript;ModelType;sequelize-typescript;BelongsToAssociation;Member[getSequelizeOptions].Argument[0]", //
-        "sequelize-typescript;ModelType;sequelize-typescript;BelongsToManyAssociation;Member[getSequelizeOptions].Argument[0]", //
-        "sequelize-typescript;ModelType;sequelize-typescript;HasAssociation;Member[getSequelizeOptions].Argument[0]", //
-        "sequelize-typescript;ModelType;sequelize-typescript;ModelClassGetter;ReturnValue", //
-        "sequelize-typescript;ModelType;sequelize-typescript;Sequelize;Member[model].Argument[0]", //
-        "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-options;ScopeOptionsGetters;", //
-        "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]", //
-        "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;;Member[getScopeOptionsGetters].ReturnValue", //
-        "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript;;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]", //
-        "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript;;Member[getScopeOptionsGetters].ReturnValue", //
-        "sequelize-typescript;ScopesOptions;sequelize-typescript/scopes/scope-options;ScopesOptions;", //
-        "sequelize-typescript;ScopesOptions;sequelize-typescript/scopes/scope-service;;Member[resolveScope].Argument[2]", //
-        "sequelize-typescript;ScopesOptions;sequelize-typescript;;Member[resolveScope].Argument[2]", //
-        "sequelize-typescript;ScopesOptions;sequelize-typescript;ScopesOptionsGetter;ReturnValue.AnyMember", //
-        "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript/scopes/scope-options;ScopesOptionsGetter;", //
-        "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript/scopes/scopes;;Member[Scopes].Argument[0]", //
-        "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript;;Member[Scopes].Argument[0]", //
-        "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript;ScopeOptionsGetters;Member[getScopes]", //
-        "sequelize-typescript;Sequelize;sequelize-typescript/sequelize/sequelize/sequelize;Sequelize;", //
-        "sequelize-typescript;Sequelize;sequelize-typescript;BaseAssociation;Member[getSequelizeOptions].Argument[1]", //
-        "sequelize-typescript;Sequelize;sequelize-typescript;BelongsToManyAssociation;Member[getSequelizeOptions].Argument[1]", //
-        "sequelize-typescript;Sequelize;sequelize-typescript;SequelizeStatic;Instance", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-options;SequelizeOptions;", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareArgs].ReturnValue.Member[options]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareOptions].Argument[0]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareOptions].ReturnValue", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareArgs].ReturnValue.Member[options]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareOptions].Argument[0]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareOptions].ReturnValue", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;Sequelize;Member[options]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;Argument[3]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[0].Argument[0]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[1].Argument[0,1]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[2].Argument[1,2]", //
-        "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[3].Argument[2]", //
-        "sequelize-typescript;SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize;;Member[Sequelize]", //
-        "sequelize-typescript;SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize;SequelizeStatic;", //
-        "sequelize-typescript;SequelizeStatic;sequelize-typescript;;Member[Sequelize]", //
-        "sequelize;AnyFindOptions;sequelize;BelongsToManyAddAssociationMixin;Argument[1]", //
-        "sequelize;AnyFindOptions;sequelize;BelongsToManyAddAssociationsMixin;Argument[1]", //
-        "sequelize;AnyFindOptions;sequelize;BelongsToManySetAssociationsMixin;Argument[1]", //
-        "sequelize;AnyFindOptions;sequelize;DefineOptions;Member[defaultScope]", //
-        "sequelize;AnyFindOptions;sequelize;DefineScopeOptions;AnyMember", //
-        "sequelize;AnyFindOptions;sequelize;HasManySetAssociationsMixin;Argument[1]", //
-        "sequelize;AnyFindOptions;sequelize;Instance;Member[reload].Argument[0]", //
-        "sequelize;AnyFindOptions;sequelize;Model;Member[addScope].Argument[1]", //
-        "sequelize;AssociationOptionsBelongsToMany;sequelize;Associations;Member[belongsToMany].Argument[1]", //
-        "sequelize;Associations;sequelize;Model;", //
-        "sequelize;Associations;sequelize;SequelizeStaticAndInstance.Model;", //
-        "sequelize;BuildOptions;sequelize-typescript;ModelStatic~;Argument[1]", //
-        "sequelize;BuildOptions;sequelize;CreateOptions;", //
-        "sequelize;BuildOptions;sequelize;Model;Member[build,bulkBuild].Argument[1]", //
-        "sequelize;CountOptions;sequelize;Model;Member[count].Argument[0]", //
-        "sequelize;CreateOptions;sequelize-typescript/model/model/association/association-create-options;AssociationCreateOptions;", //
-        "sequelize;CreateOptions;sequelize;BelongsToCreateAssociationMixin;Argument[1]", //
-        "sequelize;CreateOptions;sequelize;BelongsToManyCreateAssociationMixin;Argument[1]", //
-        "sequelize;CreateOptions;sequelize;HasManyCreateAssociationMixin;Argument[1]", //
-        "sequelize;CreateOptions;sequelize;HasOneCreateAssociationMixin;Argument[1]", //
-        "sequelize;CreateOptions;sequelize;Model;Member[create].Argument[1]", //
-        "sequelize;DefineAttributeColumnOptions;sequelize;DefineAttributes;AnyMember", //
-        "sequelize;DefineAttributeColumnOptions;sequelize;QueryInterface;Member[addColumn,changeColumn].Argument[2]", //
-        "sequelize;DefineAttributeColumnReferencesOptions;sequelize;DefineAttributeColumnOptions;Member[references]", //
-        "sequelize;DefineAttributes;sequelize;Hooks;Member[beforeDefine].Argument[1].Argument[0]", //
-        "sequelize;DefineAttributes;sequelize;Hooks;Member[beforeDefine].WithArity[1].Argument[0].Argument[0]", //
-        "sequelize;DefineAttributes;sequelize;QueryInterface;Member[createTable].Argument[1]", //
-        "sequelize;DefineOptions;sequelize;Options;Member[define]", //
-        "sequelize;DefineOptions;sequelize;Sequelize;Member[define].Argument[2]", //
-        "sequelize;DefineScopeOptions;sequelize;DefineOptions;Member[scopes]", //
-        "sequelize;FindCreateFindOptions;sequelize;Model;Member[findCreateFind].Argument[0]", //
-        "sequelize;FindOptions;sequelize-typescript;AssociationCountOptions;", //
-        "sequelize;FindOptions;sequelize-typescript;AssociationGetOptions;", //
-        "sequelize;FindOptions;sequelize-typescript;DefaultScopeGetter;ReturnValue", //
-        "sequelize;FindOptions;sequelize-typescript;Model;Member[reload].Argument[0]", //
-        "sequelize;FindOptions;sequelize-typescript;ScopesOptions;", //
-        "sequelize;FindOptions;sequelize-typescript;ScopesOptions;ReturnValue", //
-        "sequelize;FindOptions;sequelize;AnyFindOptions;", //
-        "sequelize;FindOptions;sequelize;FindCreateFindOptions;", //
-        "sequelize;FindOptions;sequelize;FindOrInitializeOptions;", //
-        "sequelize;FindOptions;sequelize;Model;Member[all,find,findAll,findAndCount,findAndCountAll,findOne].Argument[0]", //
-        "sequelize;FindOptionsOrderArray;sequelize;FindOptions;Member[order]", //
-        "sequelize;FindOptionsOrderArray;sequelize;FindOptions;Member[order].ArrayElement", //
-        "sequelize;FindOrInitializeOptions;sequelize;Model;Member[findOrBuild,findOrCreate,findOrInitialize].Argument[0]", //
-        "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyGetAssociationsMixin;Argument[0]", //
-        "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyHasAssociationMixin;Argument[1]", //
-        "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyHasAssociationsMixin;Argument[1]", //
-        "sequelize;Hooks;sequelize;Hooks;Member[addHook,hook,removeHook].ReturnValue", //
-        "sequelize;Hooks;sequelize;Model;", //
-        "sequelize;Hooks;sequelize;Sequelize;", //
-        "sequelize;Hooks;sequelize;SequelizeStaticAndInstance.Model;", //
-        "sequelize;IncludeAssociation;sequelize;Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].ReturnValue", //
-        "sequelize;IncludeAssociation;sequelize;IncludeOptions;Member[association]", //
-        "sequelize;IncludeOptions;sequelize;BuildOptions;Member[include].ArrayElement", //
-        "sequelize;IncludeOptions;sequelize;CountOptions;Member[include]", //
-        "sequelize;IncludeOptions;sequelize;CountOptions;Member[include].ArrayElement", //
-        "sequelize;IncludeOptions;sequelize;FindOptions;Member[include]", //
-        "sequelize;IncludeOptions;sequelize;FindOptions;Member[include].ArrayElement", //
-        "sequelize;IncludeOptions;sequelize;HasManyGetAssociationsMixinOptions;Member[include]", //
-        "sequelize;IncludeOptions;sequelize;IncludeOptions;Member[include]", //
-        "sequelize;IncludeOptions;sequelize;IncludeOptions;Member[include].ArrayElement", //
-        "sequelize;Instance;sequelize;Instance;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited", //
-        "sequelize;Instance;sequelize;Instance;Member[equalsOneOf].Argument[0].ArrayElement", //
-        "sequelize;Instance;sequelize;Instance;Member[equals].Argument[0]", //
-        "sequelize;Instance;sequelize;Instance;Member[set,setAttributes].ReturnValue", //
-        "sequelize;Instance;sequelize;Model;Member[Instance,build].ReturnValue", //
-        "sequelize;Instance;sequelize;Model;Member[all,bulkCreate,findAll].ReturnValue.Awaited.ArrayElement", //
-        "sequelize;Instance;sequelize;Model;Member[bulkBuild].ReturnValue.ArrayElement", //
-        "sequelize;Instance;sequelize;Model;Member[create,find,findById,findByPk,findByPrimary,findOne].ReturnValue.Awaited", //
-        "sequelize;Instance;sequelize;Model;Member[findAndCount,findAndCountAll].ReturnValue.Awaited.Member[rows].ArrayElement", //
-        "sequelize;Instance;sequelize;QueryInterface;Member[delete,increment,insert,update].Argument[0]", //
-        "sequelize;Instance;sequelize;QueryOptions;Member[instance]", //
-        "sequelize;Instance;sequelize;SequelizeStaticAndInstance;Member[Instance]", //
-        "sequelize;Model;sequelize;AssociationOptionsBelongsToMany;Member[through]", //
-        "sequelize;Model;sequelize;Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].Argument[0]", //
-        "sequelize;Model;sequelize;BuildOptions;Member[include].ArrayElement", //
-        "sequelize;Model;sequelize;CountOptions;Member[include]", //
-        "sequelize;Model;sequelize;CountOptions;Member[include].ArrayElement", //
-        "sequelize;Model;sequelize;DefineAttributeColumnReferencesOptions;Member[model]", //
-        "sequelize;Model;sequelize;FindOptions;Member[include]", //
-        "sequelize;Model;sequelize;FindOptions;Member[include].ArrayElement", //
-        "sequelize;Model;sequelize;FindOptions;Member[lock].Member[of]", //
-        "sequelize;Model;sequelize;FindOptionsOrderArray;ArrayElement", //
-        "sequelize;Model;sequelize;FindOptionsOrderArray;ArrayElement.Member[model]", //
-        "sequelize;Model;sequelize;Hooks;Member[afterDefine].Argument[1].Argument[0]", //
-        "sequelize;Model;sequelize;Hooks;Member[afterDefine].WithArity[1].Argument[0].Argument[0]", //
-        "sequelize;Model;sequelize;IncludeAssociation;Member[source,target]", //
-        "sequelize;Model;sequelize;IncludeOptions;Member[include,model]", //
-        "sequelize;Model;sequelize;IncludeOptions;Member[include].ArrayElement", //
-        "sequelize;Model;sequelize;Instance;Member[Model]", //
-        "sequelize;Model;sequelize;Model;Member[schema,scope,unscoped].ReturnValue", //
-        "sequelize;Model;sequelize;Model;Member[sync].ReturnValue.Awaited", //
-        "sequelize;Model;sequelize;Models;AnyMember", //
-        "sequelize;Model;sequelize;ModelsHashInterface;AnyMember", //
-        "sequelize;Model;sequelize;QueryInterface;Member[bulkDelete,rawSelect,upsert].Argument[3]", //
-        "sequelize;Model;sequelize;QueryInterface;Member[select].Argument[0]", //
-        "sequelize;Model;sequelize;QueryOptions;Member[model]", //
-        "sequelize;Model;sequelize;Sequelize;Member[define,import,model].ReturnValue", //
-        "sequelize;Model;sequelize;Sequelize;Member[import].Argument[1].ReturnValue", //
-        "sequelize;Model;sequelize;SequelizeStaticAndInstance;Member[Model]", //
-        "sequelize;Model;sequelize;ThroughOptions;Member[model]", //
-        "sequelize;Model;sequelize;Utils;Member[mapOptionFieldNames].Argument[1]", //
-        "sequelize;Model;sequelize;Utils;Member[mapValueFieldNames].Argument[2]", //
-        "sequelize;Models;sequelize;Model;Member[associate].Argument[0]", //
-        "sequelize;ModelsHashInterface;sequelize;Sequelize;Member[models]", //
-        "sequelize;Options;sequelize-typescript;SequelizeOptions;", //
-        "sequelize;Options;sequelize;Sequelize;Member[options]", //
-        "sequelize;Options;sequelize;SequelizeStatic;Argument[3]", //
-        "sequelize;Options;sequelize;SequelizeStatic;WithArity[1].Argument[0,1]", //
-        "sequelize;Options;sequelize;SequelizeStatic;WithArity[2].Argument[1,2]", //
-        "sequelize;Options;sequelize;SequelizeStatic;WithArity[3].Argument[2]", //
-        "sequelize;QueryInterface;sequelize;Sequelize;Member[getQueryInterface].ReturnValue", //
-        "sequelize;QueryOptions;sequelize;Options;Member[query]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[bulkDelete,bulkInsert,createTable,select,setAutocommit,setIsolationLevel].Argument[2]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[bulkUpdate,delete,insert].Argument[3]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[commitTransaction,deferConstraints,dropTable,rawSelect,rollbackTransaction,showIndex,startTransaction].Argument[1]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[createFunction].Argument[5]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[dropAllEnums,dropAllTables,showAllSchemas,showAllTables].Argument[0]", //
-        "sequelize;QueryOptions;sequelize;QueryInterface;Member[increment,update,upsert].Argument[4]", //
-        "sequelize;QueryOptions;sequelize;Sequelize;Member[authenticate,validate].Argument[0]", //
-        "sequelize;QueryOptions;sequelize;Sequelize;Member[query].Argument[1]", //
-        "sequelize;Sequelize;sequelize-typescript;Sequelize;", //
-        "sequelize;Sequelize;sequelize;Hooks;Member[afterInit].Argument[1].Argument[0]", //
-        "sequelize;Sequelize;sequelize;Hooks;Member[afterInit].WithArity[1].Argument[0].Argument[0]", //
-        "sequelize;Sequelize;sequelize;Instance;Member[sequelize]", //
-        "sequelize;Sequelize;sequelize;QueryInterface;Member[sequelize]", //
-        "sequelize;Sequelize;sequelize;Sequelize;Member[import].Argument[1].Argument[0]", //
-        "sequelize;Sequelize;sequelize;SequelizeStatic;Instance", //
-        "sequelize;Sequelize;sequelize;SequelizeStatic;Member[useCLS].ReturnValue", //
-        "sequelize;SequelizeStatic;sequelize-typescript;Sequelize;", //
-        "sequelize;SequelizeStatic;sequelize;;", //
-        "sequelize;SequelizeStatic;sequelize;Sequelize;Member[Sequelize]", //
-        "sequelize;SequelizeStatic;sequelize;SequelizeStatic;Member[Sequelize,default]", //
-        "sequelize;SequelizeStaticAndInstance.Model;sequelize-typescript;Model;", //
-        "sequelize;SequelizeStaticAndInstance;sequelize;Sequelize;", //
-        "sequelize;SequelizeStaticAndInstance;sequelize;SequelizeStatic;", //
-        "sequelize;ThroughOptions;sequelize;AssociationOptionsBelongsToMany;Member[through]", //
-        "sequelize;Utils;sequelize;SequelizeStaticAndInstance;Member[Utils]", //
-      ]
-  }
-}
-
-private class Summaries extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sequelize-typescript;Model;;;Member[reload].ReturnValue.Awaited;type", //
-        "sequelize;Instance;;;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited;type", //
-        "sequelize;Instance;;;Member[set,setAttributes].ReturnValue;type", //
-        "sequelize;Model;;;Member[schema,scope,unscoped].ReturnValue;type", //
-        "sequelize;Model;;;Member[sync].ReturnValue.Awaited;type", //
-      ]
-  }
-}
-
-private class TypeVariables extends ModelInput::TypeVariableModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sequelize-typescript.ModelStatic.0;Instance", //
-        "sequelize-typescript.Repository.0;Instance", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json
index 8d6c473de29..88568283605 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json
@@ -12,279 +12,279 @@
     },
     "language": "javascript",
     "replaceTypeParameters": [
-        "sequelize;Model;TInstance;sequelize;Instance"
+        "sequelize.Model;TInstance;sequelize.Instance"
     ],
     "model": {
         "sinks": [
-            "sequelize;;Argument[0..].Member[password];credentials[password]",
-            "sequelize;;Argument[0..].Member[username];credentials[username]",
-            "sequelize;;Argument[1];credentials[username]",
-            "sequelize;;Argument[2];credentials[password]",
-            "sequelize;Sequelize;Member[query].Argument[0].Member[query];sql-injection",
-            "sequelize;Sequelize;Member[query].Argument[0];sql-injection",
-            "sequelize;SequelizeStaticAndInstance;Member[asIs,literal].Argument[0];sql-injection"
+            "sequelize.Sequelize;Member[query].Argument[0].Member[query];sql-injection",
+            "sequelize.Sequelize;Member[query].Argument[0];sql-injection",
+            "sequelize.SequelizeStaticAndInstance;Member[asIs,literal].Argument[0];sql-injection",
+            "sequelize;Argument[0..].Member[password];credentials[password]",
+            "sequelize;Argument[0..].Member[username];credentials[username]",
+            "sequelize;Argument[1];credentials[username]",
+            "sequelize;Argument[2];credentials[password]"
         ],
         "typeDefinitions": [
-            "sequelize;Sequelize;sequelize-typescript;Sequelize;"
+            "sequelize.Sequelize;sequelize-typescript.Sequelize;"
         ]
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "sequelize-typescript/associations/foreign-key/foreign-key-meta;ForeignKeyMeta;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[getForeignKeys].ReturnValue.ArrayElement",
-            "sequelize-typescript/model/model/association/association-create-options;AssociationCreateOptions;sequelize-typescript;Model;Member[$create].Argument[2]",
-            "sequelize-typescript/model/shared/model-not-initialized-error;ModelNotInitializedErrorStatic;sequelize-typescript/model/shared/model-not-initialized-error;;Member[ModelNotInitializedError]",
-            "sequelize-typescript;AssociationCountOptions;sequelize-typescript/model/model/association/association-count-options;AssociationCountOptions;",
-            "sequelize-typescript;AssociationCountOptions;sequelize-typescript;Model;Member[$count].Argument[1]",
-            "sequelize-typescript;AssociationGetOptions;sequelize-typescript/model/model/association/association-get-options;AssociationGetOptions;",
-            "sequelize-typescript;AssociationGetOptions;sequelize-typescript;Model;Member[$get].Argument[1]",
-            "sequelize-typescript;AssociationGetOptions;sequelize-typescript;Model;Member[$has].Argument[2]",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[addAssociation].Argument[1]",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/association-service;;Member[setAssociations].Argument[1].ArrayElement",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript/associations/shared/base-association;BaseAssociation;",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[addAssociation].Argument[1]",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;;Member[setAssociations].Argument[1].ArrayElement",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;BaseAssociationStatic;Instance",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;BelongsToAssociation;",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;BelongsToManyAssociation;",
-            "sequelize-typescript;BaseAssociation;sequelize-typescript;HasAssociation;",
-            "sequelize-typescript;BaseAssociationStatic;sequelize-typescript/associations/shared/base-association;;Member[BaseAssociation]",
-            "sequelize-typescript;BaseAssociationStatic;sequelize-typescript/associations/shared/base-association;BaseAssociationStatic;",
-            "sequelize-typescript;BaseAssociationStatic;sequelize-typescript;;Member[BaseAssociation]",
-            "sequelize-typescript;BelongsToAssociation;sequelize-typescript/associations/belongs-to/belongs-to-association;BelongsToAssociation;",
-            "sequelize-typescript;BelongsToAssociation;sequelize-typescript;BelongsToAssociationStatic;Instance",
-            "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association;;Member[BelongsToAssociation]",
-            "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association;BelongsToAssociationStatic;",
-            "sequelize-typescript;BelongsToAssociationStatic;sequelize-typescript;;Member[BelongsToAssociation]",
-            "sequelize-typescript;BelongsToManyAssociation;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;BelongsToManyAssociation;",
-            "sequelize-typescript;BelongsToManyAssociation;sequelize-typescript;BelongsToManyAssociationStatic;Instance",
-            "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;;Member[BelongsToManyAssociation]",
-            "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;BelongsToManyAssociationStatic;",
-            "sequelize-typescript;BelongsToManyAssociationStatic;sequelize-typescript;;Member[BelongsToManyAssociation]",
-            "sequelize-typescript;DefaultScopeGetter;sequelize-typescript/scopes/default-scope;;Member[DefaultScope].Argument[0]",
-            "sequelize-typescript;DefaultScopeGetter;sequelize-typescript/scopes/scope-options;DefaultScopeGetter;",
-            "sequelize-typescript;DefaultScopeGetter;sequelize-typescript;;Member[DefaultScope].Argument[0]",
-            "sequelize-typescript;DefaultScopeGetter;sequelize-typescript;ScopeOptionsGetters;Member[getDefaultScope]",
-            "sequelize-typescript;HasAssociation;sequelize-typescript/associations/has/has-association;HasAssociation;",
-            "sequelize-typescript;HasAssociation;sequelize-typescript;HasAssociationStatic;Instance",
-            "sequelize-typescript;HasAssociationStatic;sequelize-typescript/associations/has/has-association;;Member[HasAssociation]",
-            "sequelize-typescript;HasAssociationStatic;sequelize-typescript/associations/has/has-association;HasAssociationStatic;",
-            "sequelize-typescript;HasAssociationStatic;sequelize-typescript;;Member[HasAssociation]",
-            "sequelize-typescript;Model;sequelize-typescript/model/model/model;Model;",
-            "sequelize-typescript;Model;sequelize-typescript;Model;Member[$add,$has,$remove,$set].Argument[1]",
-            "sequelize-typescript;Model;sequelize-typescript;Model;Member[$add,$has,$remove,$set].Argument[1].ArrayElement",
-            "sequelize-typescript;Model;sequelize-typescript;Model;Member[$create,reload].ReturnValue.Awaited",
-            "sequelize-typescript;Model;sequelize-typescript;ModelStatic~;Instance",
-            "sequelize-typescript;Model;sequelize-typescript;ModelStatic~;Member[initialize].ReturnValue.TypeVar[sequelize-typescript.ModelStatic.0]",
-            "sequelize-typescript;Model;sequelize-typescript;ModelType;Instance",
-            "sequelize-typescript;Model;sequelize-typescript;Sequelize;Member[getRepository].Argument[0].Instance",
-            "sequelize-typescript;Model;sequelize-typescript;Sequelize;Member[getRepository].ReturnValue.TypeVar[sequelize-typescript.Repository.0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/belongs-to-many/belongs-to-many;;Member[BelongsToMany].Argument[0,1]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/belongs-to/belongs-to;;Member[BelongsTo].Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-meta;ForeignKeyMeta;Member[relatedClassGetter]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[addForeignKey].Argument[1]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key;;Member[ForeignKey].Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/has/has-many;;Member[HasMany].Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/associations/has/has-one;;Member[HasOne].Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript/model/shared/model-class-getter;ModelClassGetter;",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;;Member[BelongsTo,ForeignKey,HasMany,HasOne].Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;;Member[BelongsToMany].Argument[0,1]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;BaseAssociationStatic;Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;BelongsToAssociationStatic;Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;BelongsToManyAssociationStatic;Argument[0]",
-            "sequelize-typescript;ModelClassGetter;sequelize-typescript;HasAssociationStatic;Argument[0]",
-            "sequelize-typescript;ModelStatic~;sequelize-typescript/model/model/model;;Member[Model]",
-            "sequelize-typescript;ModelStatic~;sequelize-typescript/model/model/model;ModelStatic~;",
-            "sequelize-typescript;ModelStatic~;sequelize-typescript/model/shared/model-not-initialized-error;ModelNotInitializedErrorStatic;Argument[0]",
-            "sequelize-typescript;ModelStatic~;sequelize-typescript;;Member[Model]",
-            "sequelize-typescript;ModelType;sequelize-typescript/associations/foreign-key/foreign-key-service;;Member[getForeignKeyOptions].Argument[0,1]",
-            "sequelize-typescript;ModelType;sequelize-typescript/model/model/model;ModelType;",
-            "sequelize-typescript;ModelType;sequelize-typescript;BaseAssociation;Member[getAssociatedClass].ReturnValue",
-            "sequelize-typescript;ModelType;sequelize-typescript;BaseAssociation;Member[getSequelizeOptions].Argument[0]",
-            "sequelize-typescript;ModelType;sequelize-typescript;BelongsToAssociation;Member[getSequelizeOptions].Argument[0]",
-            "sequelize-typescript;ModelType;sequelize-typescript;BelongsToManyAssociation;Member[getSequelizeOptions].Argument[0]",
-            "sequelize-typescript;ModelType;sequelize-typescript;HasAssociation;Member[getSequelizeOptions].Argument[0]",
-            "sequelize-typescript;ModelType;sequelize-typescript;ModelClassGetter;ReturnValue",
-            "sequelize-typescript;ModelType;sequelize-typescript;Sequelize;Member[model].Argument[0]",
-            "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-options;ScopeOptionsGetters;",
-            "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]",
-            "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;;Member[getScopeOptionsGetters].ReturnValue",
-            "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript;;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]",
-            "sequelize-typescript;ScopeOptionsGetters;sequelize-typescript;;Member[getScopeOptionsGetters].ReturnValue",
-            "sequelize-typescript;ScopesOptions;sequelize-typescript/scopes/scope-options;ScopesOptions;",
-            "sequelize-typescript;ScopesOptions;sequelize-typescript/scopes/scope-service;;Member[resolveScope].Argument[2]",
-            "sequelize-typescript;ScopesOptions;sequelize-typescript;;Member[resolveScope].Argument[2]",
-            "sequelize-typescript;ScopesOptions;sequelize-typescript;ScopesOptionsGetter;ReturnValue.AnyMember",
-            "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript/scopes/scope-options;ScopesOptionsGetter;",
-            "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript/scopes/scopes;;Member[Scopes].Argument[0]",
-            "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript;;Member[Scopes].Argument[0]",
-            "sequelize-typescript;ScopesOptionsGetter;sequelize-typescript;ScopeOptionsGetters;Member[getScopes]",
-            "sequelize-typescript;Sequelize;sequelize-typescript/sequelize/sequelize/sequelize;Sequelize;",
-            "sequelize-typescript;Sequelize;sequelize-typescript;BaseAssociation;Member[getSequelizeOptions].Argument[1]",
-            "sequelize-typescript;Sequelize;sequelize-typescript;BelongsToManyAssociation;Member[getSequelizeOptions].Argument[1]",
-            "sequelize-typescript;Sequelize;sequelize-typescript;SequelizeStatic;Instance",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-options;SequelizeOptions;",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareArgs].ReturnValue.Member[options]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareOptions].Argument[0]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;;Member[prepareOptions].ReturnValue",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareArgs].ReturnValue.Member[options]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareOptions].Argument[0]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;;Member[prepareOptions].ReturnValue",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;Sequelize;Member[options]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;Argument[3]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[0].Argument[0]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[1].Argument[0,1]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[2].Argument[1,2]",
-            "sequelize-typescript;SequelizeOptions;sequelize-typescript;SequelizeStatic;WithArity[3].Argument[2]",
-            "sequelize-typescript;SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize;;Member[Sequelize]",
-            "sequelize-typescript;SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize;SequelizeStatic;",
-            "sequelize-typescript;SequelizeStatic;sequelize-typescript;;Member[Sequelize]",
-            "sequelize;AnyFindOptions;sequelize;BelongsToManyAddAssociationMixin;Argument[1]",
-            "sequelize;AnyFindOptions;sequelize;BelongsToManyAddAssociationsMixin;Argument[1]",
-            "sequelize;AnyFindOptions;sequelize;BelongsToManySetAssociationsMixin;Argument[1]",
-            "sequelize;AnyFindOptions;sequelize;DefineOptions;Member[defaultScope]",
-            "sequelize;AnyFindOptions;sequelize;DefineScopeOptions;AnyMember",
-            "sequelize;AnyFindOptions;sequelize;HasManySetAssociationsMixin;Argument[1]",
-            "sequelize;AnyFindOptions;sequelize;Instance;Member[reload].Argument[0]",
-            "sequelize;AnyFindOptions;sequelize;Model;Member[addScope].Argument[1]",
-            "sequelize;AssociationOptionsBelongsToMany;sequelize;Associations;Member[belongsToMany].Argument[1]",
-            "sequelize;Associations;sequelize;Model;",
-            "sequelize;Associations;sequelize;SequelizeStaticAndInstance.Model;",
-            "sequelize;BuildOptions;sequelize-typescript;ModelStatic~;Argument[1]",
-            "sequelize;BuildOptions;sequelize;CreateOptions;",
-            "sequelize;BuildOptions;sequelize;Model;Member[build,bulkBuild].Argument[1]",
-            "sequelize;CountOptions;sequelize;Model;Member[count].Argument[0]",
-            "sequelize;CreateOptions;sequelize-typescript/model/model/association/association-create-options;AssociationCreateOptions;",
-            "sequelize;CreateOptions;sequelize;BelongsToCreateAssociationMixin;Argument[1]",
-            "sequelize;CreateOptions;sequelize;BelongsToManyCreateAssociationMixin;Argument[1]",
-            "sequelize;CreateOptions;sequelize;HasManyCreateAssociationMixin;Argument[1]",
-            "sequelize;CreateOptions;sequelize;HasOneCreateAssociationMixin;Argument[1]",
-            "sequelize;CreateOptions;sequelize;Model;Member[create].Argument[1]",
-            "sequelize;DefineAttributeColumnOptions;sequelize;DefineAttributes;AnyMember",
-            "sequelize;DefineAttributeColumnOptions;sequelize;QueryInterface;Member[addColumn,changeColumn].Argument[2]",
-            "sequelize;DefineAttributeColumnReferencesOptions;sequelize;DefineAttributeColumnOptions;Member[references]",
-            "sequelize;DefineAttributes;sequelize;Hooks;Member[beforeDefine].Argument[1].Argument[0]",
-            "sequelize;DefineAttributes;sequelize;Hooks;Member[beforeDefine].WithArity[1].Argument[0].Argument[0]",
-            "sequelize;DefineAttributes;sequelize;QueryInterface;Member[createTable].Argument[1]",
-            "sequelize;DefineOptions;sequelize;Options;Member[define]",
-            "sequelize;DefineOptions;sequelize;Sequelize;Member[define].Argument[2]",
-            "sequelize;DefineScopeOptions;sequelize;DefineOptions;Member[scopes]",
-            "sequelize;FindCreateFindOptions;sequelize;Model;Member[findCreateFind].Argument[0]",
-            "sequelize;FindOptions;sequelize-typescript;AssociationCountOptions;",
-            "sequelize;FindOptions;sequelize-typescript;AssociationGetOptions;",
-            "sequelize;FindOptions;sequelize-typescript;DefaultScopeGetter;ReturnValue",
-            "sequelize;FindOptions;sequelize-typescript;Model;Member[reload].Argument[0]",
-            "sequelize;FindOptions;sequelize-typescript;ScopesOptions;",
-            "sequelize;FindOptions;sequelize-typescript;ScopesOptions;ReturnValue",
-            "sequelize;FindOptions;sequelize;AnyFindOptions;",
-            "sequelize;FindOptions;sequelize;FindCreateFindOptions;",
-            "sequelize;FindOptions;sequelize;FindOrInitializeOptions;",
-            "sequelize;FindOptions;sequelize;Model;Member[all,find,findAll,findAndCount,findAndCountAll,findOne].Argument[0]",
-            "sequelize;FindOptionsOrderArray;sequelize;FindOptions;Member[order]",
-            "sequelize;FindOptionsOrderArray;sequelize;FindOptions;Member[order].ArrayElement",
-            "sequelize;FindOrInitializeOptions;sequelize;Model;Member[findOrBuild,findOrCreate,findOrInitialize].Argument[0]",
-            "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyGetAssociationsMixin;Argument[0]",
-            "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyHasAssociationMixin;Argument[1]",
-            "sequelize;HasManyGetAssociationsMixinOptions;sequelize;HasManyHasAssociationsMixin;Argument[1]",
-            "sequelize;Hooks;sequelize;Hooks;Member[addHook,hook,removeHook].ReturnValue",
-            "sequelize;Hooks;sequelize;Model;",
-            "sequelize;Hooks;sequelize;Sequelize;",
-            "sequelize;Hooks;sequelize;SequelizeStaticAndInstance.Model;",
-            "sequelize;IncludeAssociation;sequelize;Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].ReturnValue",
-            "sequelize;IncludeAssociation;sequelize;IncludeOptions;Member[association]",
-            "sequelize;IncludeOptions;sequelize;BuildOptions;Member[include].ArrayElement",
-            "sequelize;IncludeOptions;sequelize;CountOptions;Member[include]",
-            "sequelize;IncludeOptions;sequelize;CountOptions;Member[include].ArrayElement",
-            "sequelize;IncludeOptions;sequelize;FindOptions;Member[include]",
-            "sequelize;IncludeOptions;sequelize;FindOptions;Member[include].ArrayElement",
-            "sequelize;IncludeOptions;sequelize;HasManyGetAssociationsMixinOptions;Member[include]",
-            "sequelize;IncludeOptions;sequelize;IncludeOptions;Member[include]",
-            "sequelize;IncludeOptions;sequelize;IncludeOptions;Member[include].ArrayElement",
-            "sequelize;Instance;sequelize;Instance;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited",
-            "sequelize;Instance;sequelize;Instance;Member[equalsOneOf].Argument[0].ArrayElement",
-            "sequelize;Instance;sequelize;Instance;Member[equals].Argument[0]",
-            "sequelize;Instance;sequelize;Instance;Member[set,setAttributes].ReturnValue",
-            "sequelize;Instance;sequelize;Model;Member[Instance,build].ReturnValue",
-            "sequelize;Instance;sequelize;Model;Member[all,bulkCreate,findAll].ReturnValue.Awaited.ArrayElement",
-            "sequelize;Instance;sequelize;Model;Member[bulkBuild].ReturnValue.ArrayElement",
-            "sequelize;Instance;sequelize;Model;Member[create,find,findById,findByPk,findByPrimary,findOne].ReturnValue.Awaited",
-            "sequelize;Instance;sequelize;Model;Member[findAndCount,findAndCountAll].ReturnValue.Awaited.Member[rows].ArrayElement",
-            "sequelize;Instance;sequelize;QueryInterface;Member[delete,increment,insert,update].Argument[0]",
-            "sequelize;Instance;sequelize;QueryOptions;Member[instance]",
-            "sequelize;Instance;sequelize;SequelizeStaticAndInstance;Member[Instance]",
-            "sequelize;Model;sequelize;AssociationOptionsBelongsToMany;Member[through]",
-            "sequelize;Model;sequelize;Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].Argument[0]",
-            "sequelize;Model;sequelize;BuildOptions;Member[include].ArrayElement",
-            "sequelize;Model;sequelize;CountOptions;Member[include]",
-            "sequelize;Model;sequelize;CountOptions;Member[include].ArrayElement",
-            "sequelize;Model;sequelize;DefineAttributeColumnReferencesOptions;Member[model]",
-            "sequelize;Model;sequelize;FindOptions;Member[include]",
-            "sequelize;Model;sequelize;FindOptions;Member[include].ArrayElement",
-            "sequelize;Model;sequelize;FindOptions;Member[lock].Member[of]",
-            "sequelize;Model;sequelize;FindOptionsOrderArray;ArrayElement",
-            "sequelize;Model;sequelize;FindOptionsOrderArray;ArrayElement.Member[model]",
-            "sequelize;Model;sequelize;Hooks;Member[afterDefine].Argument[1].Argument[0]",
-            "sequelize;Model;sequelize;Hooks;Member[afterDefine].WithArity[1].Argument[0].Argument[0]",
-            "sequelize;Model;sequelize;IncludeAssociation;Member[source,target]",
-            "sequelize;Model;sequelize;IncludeOptions;Member[include,model]",
-            "sequelize;Model;sequelize;IncludeOptions;Member[include].ArrayElement",
-            "sequelize;Model;sequelize;Instance;Member[Model]",
-            "sequelize;Model;sequelize;Model;Member[schema,scope,unscoped].ReturnValue",
-            "sequelize;Model;sequelize;Model;Member[sync].ReturnValue.Awaited",
-            "sequelize;Model;sequelize;Models;AnyMember",
-            "sequelize;Model;sequelize;ModelsHashInterface;AnyMember",
-            "sequelize;Model;sequelize;QueryInterface;Member[bulkDelete,rawSelect,upsert].Argument[3]",
-            "sequelize;Model;sequelize;QueryInterface;Member[select].Argument[0]",
-            "sequelize;Model;sequelize;QueryOptions;Member[model]",
-            "sequelize;Model;sequelize;Sequelize;Member[define,import,model].ReturnValue",
-            "sequelize;Model;sequelize;Sequelize;Member[import].Argument[1].ReturnValue",
-            "sequelize;Model;sequelize;SequelizeStaticAndInstance;Member[Model]",
-            "sequelize;Model;sequelize;ThroughOptions;Member[model]",
-            "sequelize;Model;sequelize;Utils;Member[mapOptionFieldNames].Argument[1]",
-            "sequelize;Model;sequelize;Utils;Member[mapValueFieldNames].Argument[2]",
-            "sequelize;Models;sequelize;Model;Member[associate].Argument[0]",
-            "sequelize;ModelsHashInterface;sequelize;Sequelize;Member[models]",
-            "sequelize;Options;sequelize-typescript;SequelizeOptions;",
-            "sequelize;Options;sequelize;Sequelize;Member[options]",
-            "sequelize;Options;sequelize;SequelizeStatic;Argument[3]",
-            "sequelize;Options;sequelize;SequelizeStatic;WithArity[1].Argument[0,1]",
-            "sequelize;Options;sequelize;SequelizeStatic;WithArity[2].Argument[1,2]",
-            "sequelize;Options;sequelize;SequelizeStatic;WithArity[3].Argument[2]",
-            "sequelize;QueryInterface;sequelize;Sequelize;Member[getQueryInterface].ReturnValue",
-            "sequelize;QueryOptions;sequelize;Options;Member[query]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[bulkDelete,bulkInsert,createTable,select,setAutocommit,setIsolationLevel].Argument[2]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[bulkUpdate,delete,insert].Argument[3]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[commitTransaction,deferConstraints,dropTable,rawSelect,rollbackTransaction,showIndex,startTransaction].Argument[1]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[createFunction].Argument[5]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[dropAllEnums,dropAllTables,showAllSchemas,showAllTables].Argument[0]",
-            "sequelize;QueryOptions;sequelize;QueryInterface;Member[increment,update,upsert].Argument[4]",
-            "sequelize;QueryOptions;sequelize;Sequelize;Member[authenticate,validate].Argument[0]",
-            "sequelize;QueryOptions;sequelize;Sequelize;Member[query].Argument[1]",
-            "sequelize;Sequelize;sequelize;Hooks;Member[afterInit].Argument[1].Argument[0]",
-            "sequelize;Sequelize;sequelize;Hooks;Member[afterInit].WithArity[1].Argument[0].Argument[0]",
-            "sequelize;Sequelize;sequelize;Instance;Member[sequelize]",
-            "sequelize;Sequelize;sequelize;QueryInterface;Member[sequelize]",
-            "sequelize;Sequelize;sequelize;Sequelize;Member[import].Argument[1].Argument[0]",
-            "sequelize;Sequelize;sequelize;SequelizeStatic;Instance",
-            "sequelize;Sequelize;sequelize;SequelizeStatic;Member[useCLS].ReturnValue",
-            "sequelize;SequelizeStatic;sequelize-typescript;Sequelize;",
-            "sequelize;SequelizeStatic;sequelize;;",
-            "sequelize;SequelizeStatic;sequelize;Sequelize;Member[Sequelize]",
-            "sequelize;SequelizeStatic;sequelize;SequelizeStatic;Member[Sequelize,default]",
-            "sequelize;SequelizeStaticAndInstance.Model;sequelize-typescript;Model;",
-            "sequelize;SequelizeStaticAndInstance;sequelize;Sequelize;",
-            "sequelize;SequelizeStaticAndInstance;sequelize;SequelizeStatic;",
-            "sequelize;ThroughOptions;sequelize;AssociationOptionsBelongsToMany;Member[through]",
-            "sequelize;Utils;sequelize;SequelizeStaticAndInstance;Member[Utils]"
+            "sequelize-typescript.AssociationCountOptions;sequelize-typescript.Model;Member[$count].Argument[1]",
+            "sequelize-typescript.AssociationCountOptions;sequelize-typescript/model/model/association/association-count-options.AssociationCountOptions;",
+            "sequelize-typescript.AssociationGetOptions;sequelize-typescript.Model;Member[$get].Argument[1]",
+            "sequelize-typescript.AssociationGetOptions;sequelize-typescript.Model;Member[$has].Argument[2]",
+            "sequelize-typescript.AssociationGetOptions;sequelize-typescript/model/model/association/association-get-options.AssociationGetOptions;",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript.BaseAssociationStatic;Instance",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript.BelongsToAssociation;",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript.BelongsToManyAssociation;",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript.HasAssociation;",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript/associations/shared/association-service;Member[addAssociation].Argument[1]",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript/associations/shared/association-service;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript/associations/shared/association-service;Member[setAssociations].Argument[1].ArrayElement",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript/associations/shared/base-association.BaseAssociation;",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript;Member[addAssociation].Argument[1]",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript;Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement",
+            "sequelize-typescript.BaseAssociation;sequelize-typescript;Member[setAssociations].Argument[1].ArrayElement",
+            "sequelize-typescript.BaseAssociationStatic;sequelize-typescript/associations/shared/base-association.BaseAssociationStatic;",
+            "sequelize-typescript.BaseAssociationStatic;sequelize-typescript/associations/shared/base-association;Member[BaseAssociation]",
+            "sequelize-typescript.BaseAssociationStatic;sequelize-typescript;Member[BaseAssociation]",
+            "sequelize-typescript.BelongsToAssociation;sequelize-typescript.BelongsToAssociationStatic;Instance",
+            "sequelize-typescript.BelongsToAssociation;sequelize-typescript/associations/belongs-to/belongs-to-association.BelongsToAssociation;",
+            "sequelize-typescript.BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association.BelongsToAssociationStatic;",
+            "sequelize-typescript.BelongsToAssociationStatic;sequelize-typescript/associations/belongs-to/belongs-to-association;Member[BelongsToAssociation]",
+            "sequelize-typescript.BelongsToAssociationStatic;sequelize-typescript;Member[BelongsToAssociation]",
+            "sequelize-typescript.BelongsToManyAssociation;sequelize-typescript.BelongsToManyAssociationStatic;Instance",
+            "sequelize-typescript.BelongsToManyAssociation;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association.BelongsToManyAssociation;",
+            "sequelize-typescript.BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association.BelongsToManyAssociationStatic;",
+            "sequelize-typescript.BelongsToManyAssociationStatic;sequelize-typescript/associations/belongs-to-many/belongs-to-many-association;Member[BelongsToManyAssociation]",
+            "sequelize-typescript.BelongsToManyAssociationStatic;sequelize-typescript;Member[BelongsToManyAssociation]",
+            "sequelize-typescript.DefaultScopeGetter;sequelize-typescript.ScopeOptionsGetters;Member[getDefaultScope]",
+            "sequelize-typescript.DefaultScopeGetter;sequelize-typescript/scopes/default-scope;Member[DefaultScope].Argument[0]",
+            "sequelize-typescript.DefaultScopeGetter;sequelize-typescript/scopes/scope-options.DefaultScopeGetter;",
+            "sequelize-typescript.DefaultScopeGetter;sequelize-typescript;Member[DefaultScope].Argument[0]",
+            "sequelize-typescript.HasAssociation;sequelize-typescript.HasAssociationStatic;Instance",
+            "sequelize-typescript.HasAssociation;sequelize-typescript/associations/has/has-association.HasAssociation;",
+            "sequelize-typescript.HasAssociationStatic;sequelize-typescript/associations/has/has-association.HasAssociationStatic;",
+            "sequelize-typescript.HasAssociationStatic;sequelize-typescript/associations/has/has-association;Member[HasAssociation]",
+            "sequelize-typescript.HasAssociationStatic;sequelize-typescript;Member[HasAssociation]",
+            "sequelize-typescript.Model;sequelize-typescript.Model;Member[$add,$has,$remove,$set].Argument[1]",
+            "sequelize-typescript.Model;sequelize-typescript.Model;Member[$add,$has,$remove,$set].Argument[1].ArrayElement",
+            "sequelize-typescript.Model;sequelize-typescript.Model;Member[$create,reload].ReturnValue.Awaited",
+            "sequelize-typescript.Model;sequelize-typescript.ModelStatic~;Instance",
+            "sequelize-typescript.Model;sequelize-typescript.ModelStatic~;Member[initialize].ReturnValue.TypeVar[sequelize-typescript.ModelStatic.0]",
+            "sequelize-typescript.Model;sequelize-typescript.ModelType;Instance",
+            "sequelize-typescript.Model;sequelize-typescript.Sequelize;Member[getRepository].Argument[0].Instance",
+            "sequelize-typescript.Model;sequelize-typescript.Sequelize;Member[getRepository].ReturnValue.TypeVar[sequelize-typescript.Repository.0]",
+            "sequelize-typescript.Model;sequelize-typescript/model/model/model.Model;",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript.BaseAssociationStatic;Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript.BelongsToAssociationStatic;Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript.BelongsToManyAssociationStatic;Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript.HasAssociationStatic;Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/belongs-to-many/belongs-to-many;Member[BelongsToMany].Argument[0,1]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/belongs-to/belongs-to;Member[BelongsTo].Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-meta.ForeignKeyMeta;Member[relatedClassGetter]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key-service;Member[addForeignKey].Argument[1]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/foreign-key/foreign-key;Member[ForeignKey].Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/has/has-many;Member[HasMany].Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/associations/has/has-one;Member[HasOne].Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript/model/shared/model-class-getter.ModelClassGetter;",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript;Member[BelongsTo,ForeignKey,HasMany,HasOne].Argument[0]",
+            "sequelize-typescript.ModelClassGetter;sequelize-typescript;Member[BelongsToMany].Argument[0,1]",
+            "sequelize-typescript.ModelStatic~;sequelize-typescript/model/model/model.ModelStatic~;",
+            "sequelize-typescript.ModelStatic~;sequelize-typescript/model/model/model;Member[Model]",
+            "sequelize-typescript.ModelStatic~;sequelize-typescript/model/shared/model-not-initialized-error.ModelNotInitializedErrorStatic;Argument[0]",
+            "sequelize-typescript.ModelStatic~;sequelize-typescript;Member[Model]",
+            "sequelize-typescript.ModelType;sequelize-typescript.BaseAssociation;Member[getAssociatedClass].ReturnValue",
+            "sequelize-typescript.ModelType;sequelize-typescript.BaseAssociation;Member[getSequelizeOptions].Argument[0]",
+            "sequelize-typescript.ModelType;sequelize-typescript.BelongsToAssociation;Member[getSequelizeOptions].Argument[0]",
+            "sequelize-typescript.ModelType;sequelize-typescript.BelongsToManyAssociation;Member[getSequelizeOptions].Argument[0]",
+            "sequelize-typescript.ModelType;sequelize-typescript.HasAssociation;Member[getSequelizeOptions].Argument[0]",
+            "sequelize-typescript.ModelType;sequelize-typescript.ModelClassGetter;ReturnValue",
+            "sequelize-typescript.ModelType;sequelize-typescript.Sequelize;Member[model].Argument[0]",
+            "sequelize-typescript.ModelType;sequelize-typescript/associations/foreign-key/foreign-key-service;Member[getForeignKeyOptions].Argument[0,1]",
+            "sequelize-typescript.ModelType;sequelize-typescript/model/model/model.ModelType;",
+            "sequelize-typescript.ScopeOptionsGetters;sequelize-typescript/scopes/scope-options.ScopeOptionsGetters;",
+            "sequelize-typescript.ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]",
+            "sequelize-typescript.ScopeOptionsGetters;sequelize-typescript/scopes/scope-service;Member[getScopeOptionsGetters].ReturnValue",
+            "sequelize-typescript.ScopeOptionsGetters;sequelize-typescript;Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]",
+            "sequelize-typescript.ScopeOptionsGetters;sequelize-typescript;Member[getScopeOptionsGetters].ReturnValue",
+            "sequelize-typescript.ScopesOptions;sequelize-typescript.ScopesOptionsGetter;ReturnValue.AnyMember",
+            "sequelize-typescript.ScopesOptions;sequelize-typescript/scopes/scope-options.ScopesOptions;",
+            "sequelize-typescript.ScopesOptions;sequelize-typescript/scopes/scope-service;Member[resolveScope].Argument[2]",
+            "sequelize-typescript.ScopesOptions;sequelize-typescript;Member[resolveScope].Argument[2]",
+            "sequelize-typescript.ScopesOptionsGetter;sequelize-typescript.ScopeOptionsGetters;Member[getScopes]",
+            "sequelize-typescript.ScopesOptionsGetter;sequelize-typescript/scopes/scope-options.ScopesOptionsGetter;",
+            "sequelize-typescript.ScopesOptionsGetter;sequelize-typescript/scopes/scopes;Member[Scopes].Argument[0]",
+            "sequelize-typescript.ScopesOptionsGetter;sequelize-typescript;Member[Scopes].Argument[0]",
+            "sequelize-typescript.Sequelize;sequelize-typescript.BaseAssociation;Member[getSequelizeOptions].Argument[1]",
+            "sequelize-typescript.Sequelize;sequelize-typescript.BelongsToManyAssociation;Member[getSequelizeOptions].Argument[1]",
+            "sequelize-typescript.Sequelize;sequelize-typescript.SequelizeStatic;Instance",
+            "sequelize-typescript.Sequelize;sequelize-typescript/sequelize/sequelize/sequelize.Sequelize;",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.Sequelize;Member[options]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.SequelizeStatic;Argument[3]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.SequelizeStatic;WithArity[0].Argument[0]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.SequelizeStatic;WithArity[1].Argument[0,1]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.SequelizeStatic;WithArity[2].Argument[1,2]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript.SequelizeStatic;WithArity[3].Argument[2]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-options.SequelizeOptions;",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;Member[prepareArgs].ReturnValue.Member[options]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;Member[prepareOptions].Argument[0]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript/sequelize/sequelize/sequelize-service;Member[prepareOptions].ReturnValue",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript;Member[prepareArgs].ReturnValue.Member[options]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript;Member[prepareOptions].Argument[0]",
+            "sequelize-typescript.SequelizeOptions;sequelize-typescript;Member[prepareOptions].ReturnValue",
+            "sequelize-typescript.SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize.SequelizeStatic;",
+            "sequelize-typescript.SequelizeStatic;sequelize-typescript/sequelize/sequelize/sequelize;Member[Sequelize]",
+            "sequelize-typescript.SequelizeStatic;sequelize-typescript;Member[Sequelize]",
+            "sequelize-typescript/associations/foreign-key/foreign-key-meta.ForeignKeyMeta;sequelize-typescript/associations/foreign-key/foreign-key-service;Member[getForeignKeys].ReturnValue.ArrayElement",
+            "sequelize-typescript/model/model/association/association-create-options.AssociationCreateOptions;sequelize-typescript.Model;Member[$create].Argument[2]",
+            "sequelize-typescript/model/shared/model-not-initialized-error.ModelNotInitializedErrorStatic;sequelize-typescript/model/shared/model-not-initialized-error;Member[ModelNotInitializedError]",
+            "sequelize.AnyFindOptions;sequelize.BelongsToManyAddAssociationMixin;Argument[1]",
+            "sequelize.AnyFindOptions;sequelize.BelongsToManyAddAssociationsMixin;Argument[1]",
+            "sequelize.AnyFindOptions;sequelize.BelongsToManySetAssociationsMixin;Argument[1]",
+            "sequelize.AnyFindOptions;sequelize.DefineOptions;Member[defaultScope]",
+            "sequelize.AnyFindOptions;sequelize.DefineScopeOptions;AnyMember",
+            "sequelize.AnyFindOptions;sequelize.HasManySetAssociationsMixin;Argument[1]",
+            "sequelize.AnyFindOptions;sequelize.Instance;Member[reload].Argument[0]",
+            "sequelize.AnyFindOptions;sequelize.Model;Member[addScope].Argument[1]",
+            "sequelize.AssociationOptionsBelongsToMany;sequelize.Associations;Member[belongsToMany].Argument[1]",
+            "sequelize.Associations;sequelize.Model;",
+            "sequelize.Associations;sequelize.SequelizeStaticAndInstance.Model;",
+            "sequelize.BuildOptions;sequelize-typescript.ModelStatic~;Argument[1]",
+            "sequelize.BuildOptions;sequelize.CreateOptions;",
+            "sequelize.BuildOptions;sequelize.Model;Member[build,bulkBuild].Argument[1]",
+            "sequelize.CountOptions;sequelize.Model;Member[count].Argument[0]",
+            "sequelize.CreateOptions;sequelize-typescript/model/model/association/association-create-options.AssociationCreateOptions;",
+            "sequelize.CreateOptions;sequelize.BelongsToCreateAssociationMixin;Argument[1]",
+            "sequelize.CreateOptions;sequelize.BelongsToManyCreateAssociationMixin;Argument[1]",
+            "sequelize.CreateOptions;sequelize.HasManyCreateAssociationMixin;Argument[1]",
+            "sequelize.CreateOptions;sequelize.HasOneCreateAssociationMixin;Argument[1]",
+            "sequelize.CreateOptions;sequelize.Model;Member[create].Argument[1]",
+            "sequelize.DefineAttributeColumnOptions;sequelize.DefineAttributes;AnyMember",
+            "sequelize.DefineAttributeColumnOptions;sequelize.QueryInterface;Member[addColumn,changeColumn].Argument[2]",
+            "sequelize.DefineAttributeColumnReferencesOptions;sequelize.DefineAttributeColumnOptions;Member[references]",
+            "sequelize.DefineAttributes;sequelize.Hooks;Member[beforeDefine].Argument[1].Argument[0]",
+            "sequelize.DefineAttributes;sequelize.Hooks;Member[beforeDefine].WithArity[1].Argument[0].Argument[0]",
+            "sequelize.DefineAttributes;sequelize.QueryInterface;Member[createTable].Argument[1]",
+            "sequelize.DefineOptions;sequelize.Options;Member[define]",
+            "sequelize.DefineOptions;sequelize.Sequelize;Member[define].Argument[2]",
+            "sequelize.DefineScopeOptions;sequelize.DefineOptions;Member[scopes]",
+            "sequelize.FindCreateFindOptions;sequelize.Model;Member[findCreateFind].Argument[0]",
+            "sequelize.FindOptions;sequelize-typescript.AssociationCountOptions;",
+            "sequelize.FindOptions;sequelize-typescript.AssociationGetOptions;",
+            "sequelize.FindOptions;sequelize-typescript.DefaultScopeGetter;ReturnValue",
+            "sequelize.FindOptions;sequelize-typescript.Model;Member[reload].Argument[0]",
+            "sequelize.FindOptions;sequelize-typescript.ScopesOptions;",
+            "sequelize.FindOptions;sequelize-typescript.ScopesOptions;ReturnValue",
+            "sequelize.FindOptions;sequelize.AnyFindOptions;",
+            "sequelize.FindOptions;sequelize.FindCreateFindOptions;",
+            "sequelize.FindOptions;sequelize.FindOrInitializeOptions;",
+            "sequelize.FindOptions;sequelize.Model;Member[all,find,findAll,findAndCount,findAndCountAll,findOne].Argument[0]",
+            "sequelize.FindOptionsOrderArray;sequelize.FindOptions;Member[order]",
+            "sequelize.FindOptionsOrderArray;sequelize.FindOptions;Member[order].ArrayElement",
+            "sequelize.FindOrInitializeOptions;sequelize.Model;Member[findOrBuild,findOrCreate,findOrInitialize].Argument[0]",
+            "sequelize.HasManyGetAssociationsMixinOptions;sequelize.HasManyGetAssociationsMixin;Argument[0]",
+            "sequelize.HasManyGetAssociationsMixinOptions;sequelize.HasManyHasAssociationMixin;Argument[1]",
+            "sequelize.HasManyGetAssociationsMixinOptions;sequelize.HasManyHasAssociationsMixin;Argument[1]",
+            "sequelize.Hooks;sequelize.Hooks;Member[addHook,hook,removeHook].ReturnValue",
+            "sequelize.Hooks;sequelize.Model;",
+            "sequelize.Hooks;sequelize.Sequelize;",
+            "sequelize.Hooks;sequelize.SequelizeStaticAndInstance.Model;",
+            "sequelize.IncludeAssociation;sequelize.Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].ReturnValue",
+            "sequelize.IncludeAssociation;sequelize.IncludeOptions;Member[association]",
+            "sequelize.IncludeOptions;sequelize.BuildOptions;Member[include].ArrayElement",
+            "sequelize.IncludeOptions;sequelize.CountOptions;Member[include]",
+            "sequelize.IncludeOptions;sequelize.CountOptions;Member[include].ArrayElement",
+            "sequelize.IncludeOptions;sequelize.FindOptions;Member[include]",
+            "sequelize.IncludeOptions;sequelize.FindOptions;Member[include].ArrayElement",
+            "sequelize.IncludeOptions;sequelize.HasManyGetAssociationsMixinOptions;Member[include]",
+            "sequelize.IncludeOptions;sequelize.IncludeOptions;Member[include]",
+            "sequelize.IncludeOptions;sequelize.IncludeOptions;Member[include].ArrayElement",
+            "sequelize.Instance;sequelize.Instance;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited",
+            "sequelize.Instance;sequelize.Instance;Member[equalsOneOf].Argument[0].ArrayElement",
+            "sequelize.Instance;sequelize.Instance;Member[equals].Argument[0]",
+            "sequelize.Instance;sequelize.Instance;Member[set,setAttributes].ReturnValue",
+            "sequelize.Instance;sequelize.Model;Member[Instance,build].ReturnValue",
+            "sequelize.Instance;sequelize.Model;Member[all,bulkCreate,findAll].ReturnValue.Awaited.ArrayElement",
+            "sequelize.Instance;sequelize.Model;Member[bulkBuild].ReturnValue.ArrayElement",
+            "sequelize.Instance;sequelize.Model;Member[create,find,findById,findByPk,findByPrimary,findOne].ReturnValue.Awaited",
+            "sequelize.Instance;sequelize.Model;Member[findAndCount,findAndCountAll].ReturnValue.Awaited.Member[rows].ArrayElement",
+            "sequelize.Instance;sequelize.QueryInterface;Member[delete,increment,insert,update].Argument[0]",
+            "sequelize.Instance;sequelize.QueryOptions;Member[instance]",
+            "sequelize.Instance;sequelize.SequelizeStaticAndInstance;Member[Instance]",
+            "sequelize.Model;sequelize.AssociationOptionsBelongsToMany;Member[through]",
+            "sequelize.Model;sequelize.Associations;Member[belongsTo,belongsToMany,hasMany,hasOne].Argument[0]",
+            "sequelize.Model;sequelize.BuildOptions;Member[include].ArrayElement",
+            "sequelize.Model;sequelize.CountOptions;Member[include]",
+            "sequelize.Model;sequelize.CountOptions;Member[include].ArrayElement",
+            "sequelize.Model;sequelize.DefineAttributeColumnReferencesOptions;Member[model]",
+            "sequelize.Model;sequelize.FindOptions;Member[include]",
+            "sequelize.Model;sequelize.FindOptions;Member[include].ArrayElement",
+            "sequelize.Model;sequelize.FindOptions;Member[lock].Member[of]",
+            "sequelize.Model;sequelize.FindOptionsOrderArray;ArrayElement",
+            "sequelize.Model;sequelize.FindOptionsOrderArray;ArrayElement.Member[model]",
+            "sequelize.Model;sequelize.Hooks;Member[afterDefine].Argument[1].Argument[0]",
+            "sequelize.Model;sequelize.Hooks;Member[afterDefine].WithArity[1].Argument[0].Argument[0]",
+            "sequelize.Model;sequelize.IncludeAssociation;Member[source,target]",
+            "sequelize.Model;sequelize.IncludeOptions;Member[include,model]",
+            "sequelize.Model;sequelize.IncludeOptions;Member[include].ArrayElement",
+            "sequelize.Model;sequelize.Instance;Member[Model]",
+            "sequelize.Model;sequelize.Model;Member[schema,scope,unscoped].ReturnValue",
+            "sequelize.Model;sequelize.Model;Member[sync].ReturnValue.Awaited",
+            "sequelize.Model;sequelize.Models;AnyMember",
+            "sequelize.Model;sequelize.ModelsHashInterface;AnyMember",
+            "sequelize.Model;sequelize.QueryInterface;Member[bulkDelete,rawSelect,upsert].Argument[3]",
+            "sequelize.Model;sequelize.QueryInterface;Member[select].Argument[0]",
+            "sequelize.Model;sequelize.QueryOptions;Member[model]",
+            "sequelize.Model;sequelize.Sequelize;Member[define,import,model].ReturnValue",
+            "sequelize.Model;sequelize.Sequelize;Member[import].Argument[1].ReturnValue",
+            "sequelize.Model;sequelize.SequelizeStaticAndInstance;Member[Model]",
+            "sequelize.Model;sequelize.ThroughOptions;Member[model]",
+            "sequelize.Model;sequelize.Utils;Member[mapOptionFieldNames].Argument[1]",
+            "sequelize.Model;sequelize.Utils;Member[mapValueFieldNames].Argument[2]",
+            "sequelize.Models;sequelize.Model;Member[associate].Argument[0]",
+            "sequelize.ModelsHashInterface;sequelize.Sequelize;Member[models]",
+            "sequelize.Options;sequelize-typescript.SequelizeOptions;",
+            "sequelize.Options;sequelize.Sequelize;Member[options]",
+            "sequelize.Options;sequelize.SequelizeStatic;Argument[3]",
+            "sequelize.Options;sequelize.SequelizeStatic;WithArity[1].Argument[0,1]",
+            "sequelize.Options;sequelize.SequelizeStatic;WithArity[2].Argument[1,2]",
+            "sequelize.Options;sequelize.SequelizeStatic;WithArity[3].Argument[2]",
+            "sequelize.QueryInterface;sequelize.Sequelize;Member[getQueryInterface].ReturnValue",
+            "sequelize.QueryOptions;sequelize.Options;Member[query]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[bulkDelete,bulkInsert,createTable,select,setAutocommit,setIsolationLevel].Argument[2]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[bulkUpdate,delete,insert].Argument[3]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[commitTransaction,deferConstraints,dropTable,rawSelect,rollbackTransaction,showIndex,startTransaction].Argument[1]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[createFunction].Argument[5]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[dropAllEnums,dropAllTables,showAllSchemas,showAllTables].Argument[0]",
+            "sequelize.QueryOptions;sequelize.QueryInterface;Member[increment,update,upsert].Argument[4]",
+            "sequelize.QueryOptions;sequelize.Sequelize;Member[authenticate,validate].Argument[0]",
+            "sequelize.QueryOptions;sequelize.Sequelize;Member[query].Argument[1]",
+            "sequelize.Sequelize;sequelize.Hooks;Member[afterInit].Argument[1].Argument[0]",
+            "sequelize.Sequelize;sequelize.Hooks;Member[afterInit].WithArity[1].Argument[0].Argument[0]",
+            "sequelize.Sequelize;sequelize.Instance;Member[sequelize]",
+            "sequelize.Sequelize;sequelize.QueryInterface;Member[sequelize]",
+            "sequelize.Sequelize;sequelize.Sequelize;Member[import].Argument[1].Argument[0]",
+            "sequelize.Sequelize;sequelize.SequelizeStatic;Instance",
+            "sequelize.Sequelize;sequelize.SequelizeStatic;Member[useCLS].ReturnValue",
+            "sequelize.SequelizeStatic;sequelize-typescript.Sequelize;",
+            "sequelize.SequelizeStatic;sequelize.Sequelize;Member[Sequelize]",
+            "sequelize.SequelizeStatic;sequelize.SequelizeStatic;Member[Sequelize,default]",
+            "sequelize.SequelizeStatic;sequelize;",
+            "sequelize.SequelizeStaticAndInstance.Model;sequelize-typescript.Model;",
+            "sequelize.SequelizeStaticAndInstance;sequelize.Sequelize;",
+            "sequelize.SequelizeStaticAndInstance;sequelize.SequelizeStatic;",
+            "sequelize.ThroughOptions;sequelize.AssociationOptionsBelongsToMany;Member[through]",
+            "sequelize.Utils;sequelize.SequelizeStaticAndInstance;Member[Utils]"
         ],
         "summaries": [
-            "sequelize-typescript;Model;;;Member[reload].ReturnValue.Awaited;type",
-            "sequelize;Instance;;;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited;type",
-            "sequelize;Instance;;;Member[set,setAttributes].ReturnValue;type",
-            "sequelize;Model;;;Member[schema,scope,unscoped].ReturnValue;type",
-            "sequelize;Model;;;Member[sync].ReturnValue.Awaited;type"
+            "sequelize-typescript.Model;;;Member[reload].ReturnValue.Awaited;type",
+            "sequelize.Instance;;;Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited;type",
+            "sequelize.Instance;;;Member[set,setAttributes].ReturnValue;type",
+            "sequelize.Model;;;Member[schema,scope,unscoped].ReturnValue;type",
+            "sequelize.Model;;;Member[sync].ReturnValue.Awaited;type"
         ],
         "typeVariables": [
             "sequelize-typescript.ModelStatic.0;Instance",
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml
new file mode 100644
index 00000000000..41a97e63a76
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml
@@ -0,0 +1,282 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - [sequelize.Sequelize, "Member[query].Argument[0].Member[query]", "sql-injection"]
+      - [sequelize.Sequelize, "Member[query].Argument[0]", "sql-injection"]
+      - [sequelize.SequelizeStaticAndInstance, "Member[asIs,literal].Argument[0]", "sql-injection"]
+      - [sequelize, "Argument[0..].Member[password]", "credentials[password]"]
+      - [sequelize, "Argument[0..].Member[username]", "credentials[username]"]
+      - [sequelize, "Argument[1]", "credentials[username]"]
+      - [sequelize, "Argument[2]", "credentials[password]"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ["sequelize-typescript.AssociationCountOptions", "sequelize-typescript.Model", "Member[$count].Argument[1]"]
+      - ["sequelize-typescript.AssociationCountOptions", "sequelize-typescript/model/model/association/association-count-options.AssociationCountOptions", ""]
+      - ["sequelize-typescript.AssociationGetOptions", "sequelize-typescript.Model", "Member[$get].Argument[1]"]
+      - ["sequelize-typescript.AssociationGetOptions", "sequelize-typescript.Model", "Member[$has].Argument[2]"]
+      - ["sequelize-typescript.AssociationGetOptions", "sequelize-typescript/model/model/association/association-get-options.AssociationGetOptions", ""]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript.BaseAssociationStatic", Instance]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript.BelongsToAssociation", ""]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript.BelongsToManyAssociation", ""]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript.HasAssociation", ""]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript/associations/shared/association-service", "Member[addAssociation].Argument[1]"]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript/associations/shared/association-service", "Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement"]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript/associations/shared/association-service", "Member[setAssociations].Argument[1].ArrayElement"]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript/associations/shared/base-association.BaseAssociation", ""]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript", "Member[addAssociation].Argument[1]"]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript", "Member[getAssociations,getAssociationsByRelation].ReturnValue.ArrayElement"]
+      - ["sequelize-typescript.BaseAssociation", "sequelize-typescript", "Member[setAssociations].Argument[1].ArrayElement"]
+      - ["sequelize-typescript.BaseAssociationStatic", "sequelize-typescript/associations/shared/base-association.BaseAssociationStatic", ""]
+      - ["sequelize-typescript.BaseAssociationStatic", "sequelize-typescript/associations/shared/base-association", "Member[BaseAssociation]"]
+      - ["sequelize-typescript.BaseAssociationStatic", "sequelize-typescript", "Member[BaseAssociation]"]
+      - ["sequelize-typescript.BelongsToAssociation", "sequelize-typescript.BelongsToAssociationStatic", Instance]
+      - ["sequelize-typescript.BelongsToAssociation", "sequelize-typescript/associations/belongs-to/belongs-to-association.BelongsToAssociation", ""]
+      - ["sequelize-typescript.BelongsToAssociationStatic", "sequelize-typescript/associations/belongs-to/belongs-to-association.BelongsToAssociationStatic", ""]
+      - ["sequelize-typescript.BelongsToAssociationStatic", "sequelize-typescript/associations/belongs-to/belongs-to-association", "Member[BelongsToAssociation]"]
+      - ["sequelize-typescript.BelongsToAssociationStatic", "sequelize-typescript", "Member[BelongsToAssociation]"]
+      - ["sequelize-typescript.BelongsToManyAssociation", "sequelize-typescript.BelongsToManyAssociationStatic", Instance]
+      - ["sequelize-typescript.BelongsToManyAssociation", "sequelize-typescript/associations/belongs-to-many/belongs-to-many-association.BelongsToManyAssociation", ""]
+      - ["sequelize-typescript.BelongsToManyAssociationStatic", "sequelize-typescript/associations/belongs-to-many/belongs-to-many-association.BelongsToManyAssociationStatic", ""]
+      - ["sequelize-typescript.BelongsToManyAssociationStatic", "sequelize-typescript/associations/belongs-to-many/belongs-to-many-association", "Member[BelongsToManyAssociation]"]
+      - ["sequelize-typescript.BelongsToManyAssociationStatic", "sequelize-typescript", "Member[BelongsToManyAssociation]"]
+      - ["sequelize-typescript.DefaultScopeGetter", "sequelize-typescript.ScopeOptionsGetters", "Member[getDefaultScope]"]
+      - ["sequelize-typescript.DefaultScopeGetter", "sequelize-typescript/scopes/default-scope", "Member[DefaultScope].Argument[0]"]
+      - ["sequelize-typescript.DefaultScopeGetter", "sequelize-typescript/scopes/scope-options.DefaultScopeGetter", ""]
+      - ["sequelize-typescript.DefaultScopeGetter", "sequelize-typescript", "Member[DefaultScope].Argument[0]"]
+      - ["sequelize-typescript.HasAssociation", "sequelize-typescript.HasAssociationStatic", Instance]
+      - ["sequelize-typescript.HasAssociation", "sequelize-typescript/associations/has/has-association.HasAssociation", ""]
+      - ["sequelize-typescript.HasAssociationStatic", "sequelize-typescript/associations/has/has-association.HasAssociationStatic", ""]
+      - ["sequelize-typescript.HasAssociationStatic", "sequelize-typescript/associations/has/has-association", "Member[HasAssociation]"]
+      - ["sequelize-typescript.HasAssociationStatic", "sequelize-typescript", "Member[HasAssociation]"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.Model", "Member[$add,$has,$remove,$set].Argument[1]"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.Model", "Member[$add,$has,$remove,$set].Argument[1].ArrayElement"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.Model", "Member[$create,reload].ReturnValue.Awaited"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.ModelStatic~", Instance]
+      - ["sequelize-typescript.Model", "sequelize-typescript.ModelStatic~", "Member[initialize].ReturnValue.TypeVar[sequelize-typescript.ModelStatic.0]"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.ModelType", Instance]
+      - ["sequelize-typescript.Model", "sequelize-typescript.Sequelize", "Member[getRepository].Argument[0].Instance"]
+      - ["sequelize-typescript.Model", "sequelize-typescript.Sequelize", "Member[getRepository].ReturnValue.TypeVar[sequelize-typescript.Repository.0]"]
+      - ["sequelize-typescript.Model", "sequelize-typescript/model/model/model.Model", ""]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript.BaseAssociationStatic", "Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript.BelongsToAssociationStatic", "Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript.BelongsToManyAssociationStatic", "Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript.HasAssociationStatic", "Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/belongs-to-many/belongs-to-many", "Member[BelongsToMany].Argument[0,1]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/belongs-to/belongs-to", "Member[BelongsTo].Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/foreign-key/foreign-key-meta.ForeignKeyMeta", "Member[relatedClassGetter]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/foreign-key/foreign-key-service", "Member[addForeignKey].Argument[1]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/foreign-key/foreign-key", "Member[ForeignKey].Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/has/has-many", "Member[HasMany].Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/associations/has/has-one", "Member[HasOne].Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript/model/shared/model-class-getter.ModelClassGetter", ""]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript", "Member[BelongsTo,ForeignKey,HasMany,HasOne].Argument[0]"]
+      - ["sequelize-typescript.ModelClassGetter", "sequelize-typescript", "Member[BelongsToMany].Argument[0,1]"]
+      - ["sequelize-typescript.ModelStatic~", "sequelize-typescript/model/model/model.ModelStatic~", ""]
+      - ["sequelize-typescript.ModelStatic~", "sequelize-typescript/model/model/model", "Member[Model]"]
+      - ["sequelize-typescript.ModelStatic~", "sequelize-typescript/model/shared/model-not-initialized-error.ModelNotInitializedErrorStatic", "Argument[0]"]
+      - ["sequelize-typescript.ModelStatic~", "sequelize-typescript", "Member[Model]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.BaseAssociation", "Member[getAssociatedClass].ReturnValue"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.BaseAssociation", "Member[getSequelizeOptions].Argument[0]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.BelongsToAssociation", "Member[getSequelizeOptions].Argument[0]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.BelongsToManyAssociation", "Member[getSequelizeOptions].Argument[0]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.HasAssociation", "Member[getSequelizeOptions].Argument[0]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.ModelClassGetter", ReturnValue]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript.Sequelize", "Member[model].Argument[0]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript/associations/foreign-key/foreign-key-service", "Member[getForeignKeyOptions].Argument[0,1]"]
+      - ["sequelize-typescript.ModelType", "sequelize-typescript/model/model/model.ModelType", ""]
+      - ["sequelize-typescript.ScopeOptionsGetters", "sequelize-typescript/scopes/scope-options.ScopeOptionsGetters", ""]
+      - ["sequelize-typescript.ScopeOptionsGetters", "sequelize-typescript/scopes/scope-service", "Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]"]
+      - ["sequelize-typescript.ScopeOptionsGetters", "sequelize-typescript/scopes/scope-service", "Member[getScopeOptionsGetters].ReturnValue"]
+      - ["sequelize-typescript.ScopeOptionsGetters", "sequelize-typescript", "Member[addScopeOptionsGetter,setScopeOptionsGetters].Argument[1]"]
+      - ["sequelize-typescript.ScopeOptionsGetters", "sequelize-typescript", "Member[getScopeOptionsGetters].ReturnValue"]
+      - ["sequelize-typescript.ScopesOptions", "sequelize-typescript.ScopesOptionsGetter", ReturnValue.AnyMember]
+      - ["sequelize-typescript.ScopesOptions", "sequelize-typescript/scopes/scope-options.ScopesOptions", ""]
+      - ["sequelize-typescript.ScopesOptions", "sequelize-typescript/scopes/scope-service", "Member[resolveScope].Argument[2]"]
+      - ["sequelize-typescript.ScopesOptions", "sequelize-typescript", "Member[resolveScope].Argument[2]"]
+      - ["sequelize-typescript.ScopesOptionsGetter", "sequelize-typescript.ScopeOptionsGetters", "Member[getScopes]"]
+      - ["sequelize-typescript.ScopesOptionsGetter", "sequelize-typescript/scopes/scope-options.ScopesOptionsGetter", ""]
+      - ["sequelize-typescript.ScopesOptionsGetter", "sequelize-typescript/scopes/scopes", "Member[Scopes].Argument[0]"]
+      - ["sequelize-typescript.ScopesOptionsGetter", "sequelize-typescript", "Member[Scopes].Argument[0]"]
+      - ["sequelize-typescript.Sequelize", "sequelize-typescript.BaseAssociation", "Member[getSequelizeOptions].Argument[1]"]
+      - ["sequelize-typescript.Sequelize", "sequelize-typescript.BelongsToManyAssociation", "Member[getSequelizeOptions].Argument[1]"]
+      - ["sequelize-typescript.Sequelize", "sequelize-typescript.SequelizeStatic", Instance]
+      - ["sequelize-typescript.Sequelize", "sequelize-typescript/sequelize/sequelize/sequelize.Sequelize", ""]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.Sequelize", "Member[options]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.SequelizeStatic", "Argument[3]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.SequelizeStatic", "WithArity[0].Argument[0]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.SequelizeStatic", "WithArity[1].Argument[0,1]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.SequelizeStatic", "WithArity[2].Argument[1,2]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript.SequelizeStatic", "WithArity[3].Argument[2]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript/sequelize/sequelize/sequelize-options.SequelizeOptions", ""]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript/sequelize/sequelize/sequelize-service", "Member[prepareArgs].ReturnValue.Member[options]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript/sequelize/sequelize/sequelize-service", "Member[prepareOptions].Argument[0]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript/sequelize/sequelize/sequelize-service", "Member[prepareOptions].ReturnValue"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript", "Member[prepareArgs].ReturnValue.Member[options]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript", "Member[prepareOptions].Argument[0]"]
+      - ["sequelize-typescript.SequelizeOptions", "sequelize-typescript", "Member[prepareOptions].ReturnValue"]
+      - ["sequelize-typescript.SequelizeStatic", "sequelize-typescript/sequelize/sequelize/sequelize.SequelizeStatic", ""]
+      - ["sequelize-typescript.SequelizeStatic", "sequelize-typescript/sequelize/sequelize/sequelize", "Member[Sequelize]"]
+      - ["sequelize-typescript.SequelizeStatic", "sequelize-typescript", "Member[Sequelize]"]
+      - ["sequelize-typescript/associations/foreign-key/foreign-key-meta.ForeignKeyMeta", "sequelize-typescript/associations/foreign-key/foreign-key-service", "Member[getForeignKeys].ReturnValue.ArrayElement"]
+      - ["sequelize-typescript/model/model/association/association-create-options.AssociationCreateOptions", "sequelize-typescript.Model", "Member[$create].Argument[2]"]
+      - ["sequelize-typescript/model/shared/model-not-initialized-error.ModelNotInitializedErrorStatic", "sequelize-typescript/model/shared/model-not-initialized-error", "Member[ModelNotInitializedError]"]
+      - [sequelize.AnyFindOptions, sequelize.BelongsToManyAddAssociationMixin, "Argument[1]"]
+      - [sequelize.AnyFindOptions, sequelize.BelongsToManyAddAssociationsMixin, "Argument[1]"]
+      - [sequelize.AnyFindOptions, sequelize.BelongsToManySetAssociationsMixin, "Argument[1]"]
+      - [sequelize.AnyFindOptions, sequelize.DefineOptions, "Member[defaultScope]"]
+      - [sequelize.AnyFindOptions, sequelize.DefineScopeOptions, AnyMember]
+      - [sequelize.AnyFindOptions, sequelize.HasManySetAssociationsMixin, "Argument[1]"]
+      - [sequelize.AnyFindOptions, sequelize.Instance, "Member[reload].Argument[0]"]
+      - [sequelize.AnyFindOptions, sequelize.Model, "Member[addScope].Argument[1]"]
+      - [sequelize.AssociationOptionsBelongsToMany, sequelize.Associations, "Member[belongsToMany].Argument[1]"]
+      - [sequelize.Associations, sequelize.Model, ""]
+      - [sequelize.Associations, sequelize.SequelizeStaticAndInstance.Model, ""]
+      - [sequelize.BuildOptions, "sequelize-typescript.ModelStatic~", "Argument[1]"]
+      - [sequelize.BuildOptions, sequelize.CreateOptions, ""]
+      - [sequelize.BuildOptions, sequelize.Model, "Member[build,bulkBuild].Argument[1]"]
+      - [sequelize.CountOptions, sequelize.Model, "Member[count].Argument[0]"]
+      - [sequelize.CreateOptions, "sequelize-typescript/model/model/association/association-create-options.AssociationCreateOptions", ""]
+      - [sequelize.CreateOptions, sequelize.BelongsToCreateAssociationMixin, "Argument[1]"]
+      - [sequelize.CreateOptions, sequelize.BelongsToManyCreateAssociationMixin, "Argument[1]"]
+      - [sequelize.CreateOptions, sequelize.HasManyCreateAssociationMixin, "Argument[1]"]
+      - [sequelize.CreateOptions, sequelize.HasOneCreateAssociationMixin, "Argument[1]"]
+      - [sequelize.CreateOptions, sequelize.Model, "Member[create].Argument[1]"]
+      - [sequelize.DefineAttributeColumnOptions, sequelize.DefineAttributes, AnyMember]
+      - [sequelize.DefineAttributeColumnOptions, sequelize.QueryInterface, "Member[addColumn,changeColumn].Argument[2]"]
+      - [sequelize.DefineAttributeColumnReferencesOptions, sequelize.DefineAttributeColumnOptions, "Member[references]"]
+      - [sequelize.DefineAttributes, sequelize.Hooks, "Member[beforeDefine].Argument[1].Argument[0]"]
+      - [sequelize.DefineAttributes, sequelize.Hooks, "Member[beforeDefine].WithArity[1].Argument[0].Argument[0]"]
+      - [sequelize.DefineAttributes, sequelize.QueryInterface, "Member[createTable].Argument[1]"]
+      - [sequelize.DefineOptions, sequelize.Options, "Member[define]"]
+      - [sequelize.DefineOptions, sequelize.Sequelize, "Member[define].Argument[2]"]
+      - [sequelize.DefineScopeOptions, sequelize.DefineOptions, "Member[scopes]"]
+      - [sequelize.FindCreateFindOptions, sequelize.Model, "Member[findCreateFind].Argument[0]"]
+      - [sequelize.FindOptions, "sequelize-typescript.AssociationCountOptions", ""]
+      - [sequelize.FindOptions, "sequelize-typescript.AssociationGetOptions", ""]
+      - [sequelize.FindOptions, "sequelize-typescript.DefaultScopeGetter", ReturnValue]
+      - [sequelize.FindOptions, "sequelize-typescript.Model", "Member[reload].Argument[0]"]
+      - [sequelize.FindOptions, "sequelize-typescript.ScopesOptions", ""]
+      - [sequelize.FindOptions, "sequelize-typescript.ScopesOptions", ReturnValue]
+      - [sequelize.FindOptions, sequelize.AnyFindOptions, ""]
+      - [sequelize.FindOptions, sequelize.FindCreateFindOptions, ""]
+      - [sequelize.FindOptions, sequelize.FindOrInitializeOptions, ""]
+      - [sequelize.FindOptions, sequelize.Model, "Member[all,find,findAll,findAndCount,findAndCountAll,findOne].Argument[0]"]
+      - [sequelize.FindOptionsOrderArray, sequelize.FindOptions, "Member[order]"]
+      - [sequelize.FindOptionsOrderArray, sequelize.FindOptions, "Member[order].ArrayElement"]
+      - [sequelize.FindOrInitializeOptions, sequelize.Model, "Member[findOrBuild,findOrCreate,findOrInitialize].Argument[0]"]
+      - [sequelize.HasManyGetAssociationsMixinOptions, sequelize.HasManyGetAssociationsMixin, "Argument[0]"]
+      - [sequelize.HasManyGetAssociationsMixinOptions, sequelize.HasManyHasAssociationMixin, "Argument[1]"]
+      - [sequelize.HasManyGetAssociationsMixinOptions, sequelize.HasManyHasAssociationsMixin, "Argument[1]"]
+      - [sequelize.Hooks, sequelize.Hooks, "Member[addHook,hook,removeHook].ReturnValue"]
+      - [sequelize.Hooks, sequelize.Model, ""]
+      - [sequelize.Hooks, sequelize.Sequelize, ""]
+      - [sequelize.Hooks, sequelize.SequelizeStaticAndInstance.Model, ""]
+      - [sequelize.IncludeAssociation, sequelize.Associations, "Member[belongsTo,belongsToMany,hasMany,hasOne].ReturnValue"]
+      - [sequelize.IncludeAssociation, sequelize.IncludeOptions, "Member[association]"]
+      - [sequelize.IncludeOptions, sequelize.BuildOptions, "Member[include].ArrayElement"]
+      - [sequelize.IncludeOptions, sequelize.CountOptions, "Member[include]"]
+      - [sequelize.IncludeOptions, sequelize.CountOptions, "Member[include].ArrayElement"]
+      - [sequelize.IncludeOptions, sequelize.FindOptions, "Member[include]"]
+      - [sequelize.IncludeOptions, sequelize.FindOptions, "Member[include].ArrayElement"]
+      - [sequelize.IncludeOptions, sequelize.HasManyGetAssociationsMixinOptions, "Member[include]"]
+      - [sequelize.IncludeOptions, sequelize.IncludeOptions, "Member[include]"]
+      - [sequelize.IncludeOptions, sequelize.IncludeOptions, "Member[include].ArrayElement"]
+      - [sequelize.Instance, sequelize.Instance, "Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited"]
+      - [sequelize.Instance, sequelize.Instance, "Member[equalsOneOf].Argument[0].ArrayElement"]
+      - [sequelize.Instance, sequelize.Instance, "Member[equals].Argument[0]"]
+      - [sequelize.Instance, sequelize.Instance, "Member[set,setAttributes].ReturnValue"]
+      - [sequelize.Instance, sequelize.Model, "Member[Instance,build].ReturnValue"]
+      - [sequelize.Instance, sequelize.Model, "Member[all,bulkCreate,findAll].ReturnValue.Awaited.ArrayElement"]
+      - [sequelize.Instance, sequelize.Model, "Member[bulkBuild].ReturnValue.ArrayElement"]
+      - [sequelize.Instance, sequelize.Model, "Member[create,find,findById,findByPk,findByPrimary,findOne].ReturnValue.Awaited"]
+      - [sequelize.Instance, sequelize.Model, "Member[findAndCount,findAndCountAll].ReturnValue.Awaited.Member[rows].ArrayElement"]
+      - [sequelize.Instance, sequelize.QueryInterface, "Member[delete,increment,insert,update].Argument[0]"]
+      - [sequelize.Instance, sequelize.QueryOptions, "Member[instance]"]
+      - [sequelize.Instance, sequelize.SequelizeStaticAndInstance, "Member[Instance]"]
+      - [sequelize.Model, sequelize.AssociationOptionsBelongsToMany, "Member[through]"]
+      - [sequelize.Model, sequelize.Associations, "Member[belongsTo,belongsToMany,hasMany,hasOne].Argument[0]"]
+      - [sequelize.Model, sequelize.BuildOptions, "Member[include].ArrayElement"]
+      - [sequelize.Model, sequelize.CountOptions, "Member[include]"]
+      - [sequelize.Model, sequelize.CountOptions, "Member[include].ArrayElement"]
+      - [sequelize.Model, sequelize.DefineAttributeColumnReferencesOptions, "Member[model]"]
+      - [sequelize.Model, sequelize.FindOptions, "Member[include]"]
+      - [sequelize.Model, sequelize.FindOptions, "Member[include].ArrayElement"]
+      - [sequelize.Model, sequelize.FindOptions, "Member[lock].Member[of]"]
+      - [sequelize.Model, sequelize.FindOptionsOrderArray, ArrayElement]
+      - [sequelize.Model, sequelize.FindOptionsOrderArray, "ArrayElement.Member[model]"]
+      - [sequelize.Model, sequelize.Hooks, "Member[afterDefine].Argument[1].Argument[0]"]
+      - [sequelize.Model, sequelize.Hooks, "Member[afterDefine].WithArity[1].Argument[0].Argument[0]"]
+      - [sequelize.Model, sequelize.IncludeAssociation, "Member[source,target]"]
+      - [sequelize.Model, sequelize.IncludeOptions, "Member[include,model]"]
+      - [sequelize.Model, sequelize.IncludeOptions, "Member[include].ArrayElement"]
+      - [sequelize.Model, sequelize.Instance, "Member[Model]"]
+      - [sequelize.Model, sequelize.Model, "Member[schema,scope,unscoped].ReturnValue"]
+      - [sequelize.Model, sequelize.Model, "Member[sync].ReturnValue.Awaited"]
+      - [sequelize.Model, sequelize.Models, AnyMember]
+      - [sequelize.Model, sequelize.ModelsHashInterface, AnyMember]
+      - [sequelize.Model, sequelize.QueryInterface, "Member[bulkDelete,rawSelect,upsert].Argument[3]"]
+      - [sequelize.Model, sequelize.QueryInterface, "Member[select].Argument[0]"]
+      - [sequelize.Model, sequelize.QueryOptions, "Member[model]"]
+      - [sequelize.Model, sequelize.Sequelize, "Member[define,import,model].ReturnValue"]
+      - [sequelize.Model, sequelize.Sequelize, "Member[import].Argument[1].ReturnValue"]
+      - [sequelize.Model, sequelize.SequelizeStaticAndInstance, "Member[Model]"]
+      - [sequelize.Model, sequelize.ThroughOptions, "Member[model]"]
+      - [sequelize.Model, sequelize.Utils, "Member[mapOptionFieldNames].Argument[1]"]
+      - [sequelize.Model, sequelize.Utils, "Member[mapValueFieldNames].Argument[2]"]
+      - [sequelize.Models, sequelize.Model, "Member[associate].Argument[0]"]
+      - [sequelize.ModelsHashInterface, sequelize.Sequelize, "Member[models]"]
+      - [sequelize.Options, "sequelize-typescript.SequelizeOptions", ""]
+      - [sequelize.Options, sequelize.Sequelize, "Member[options]"]
+      - [sequelize.Options, sequelize.SequelizeStatic, "Argument[3]"]
+      - [sequelize.Options, sequelize.SequelizeStatic, "WithArity[1].Argument[0,1]"]
+      - [sequelize.Options, sequelize.SequelizeStatic, "WithArity[2].Argument[1,2]"]
+      - [sequelize.Options, sequelize.SequelizeStatic, "WithArity[3].Argument[2]"]
+      - [sequelize.QueryInterface, sequelize.Sequelize, "Member[getQueryInterface].ReturnValue"]
+      - [sequelize.QueryOptions, sequelize.Options, "Member[query]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[bulkDelete,bulkInsert,createTable,select,setAutocommit,setIsolationLevel].Argument[2]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[bulkUpdate,delete,insert].Argument[3]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[commitTransaction,deferConstraints,dropTable,rawSelect,rollbackTransaction,showIndex,startTransaction].Argument[1]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[createFunction].Argument[5]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[dropAllEnums,dropAllTables,showAllSchemas,showAllTables].Argument[0]"]
+      - [sequelize.QueryOptions, sequelize.QueryInterface, "Member[increment,update,upsert].Argument[4]"]
+      - [sequelize.QueryOptions, sequelize.Sequelize, "Member[authenticate,validate].Argument[0]"]
+      - [sequelize.QueryOptions, sequelize.Sequelize, "Member[query].Argument[1]"]
+      - [sequelize.Sequelize, "sequelize-typescript.Sequelize", ""]
+      - [sequelize.Sequelize, sequelize.Hooks, "Member[afterInit].Argument[1].Argument[0]"]
+      - [sequelize.Sequelize, sequelize.Hooks, "Member[afterInit].WithArity[1].Argument[0].Argument[0]"]
+      - [sequelize.Sequelize, sequelize.Instance, "Member[sequelize]"]
+      - [sequelize.Sequelize, sequelize.QueryInterface, "Member[sequelize]"]
+      - [sequelize.Sequelize, sequelize.Sequelize, "Member[import].Argument[1].Argument[0]"]
+      - [sequelize.Sequelize, sequelize.SequelizeStatic, Instance]
+      - [sequelize.Sequelize, sequelize.SequelizeStatic, "Member[useCLS].ReturnValue"]
+      - [sequelize.SequelizeStatic, "sequelize-typescript.Sequelize", ""]
+      - [sequelize.SequelizeStatic, sequelize.Sequelize, "Member[Sequelize]"]
+      - [sequelize.SequelizeStatic, sequelize.SequelizeStatic, "Member[Sequelize,default]"]
+      - [sequelize.SequelizeStatic, sequelize, ""]
+      - [sequelize.SequelizeStaticAndInstance.Model, "sequelize-typescript.Model", ""]
+      - [sequelize.SequelizeStaticAndInstance, sequelize.Sequelize, ""]
+      - [sequelize.SequelizeStaticAndInstance, sequelize.SequelizeStatic, ""]
+      - [sequelize.ThroughOptions, sequelize.AssociationOptionsBelongsToMany, "Member[through]"]
+      - [sequelize.Utils, sequelize.SequelizeStaticAndInstance, "Member[Utils]"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - ["sequelize-typescript.Model", "", "", "Member[reload].ReturnValue.Awaited", type]
+      - [sequelize.Instance, "", "", "Member[decrement,increment,reload,save,update,updateAttributes].ReturnValue.Awaited", type]
+      - [sequelize.Instance, "", "", "Member[set,setAttributes].ReturnValue", type]
+      - [sequelize.Model, "", "", "Member[schema,scope,unscoped].ReturnValue", type]
+      - [sequelize.Model, "", "", "Member[sync].ReturnValue.Awaited", type]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data:
+      - ["sequelize-typescript.ModelStatic.0", Instance]
+      - ["sequelize-typescript.Repository.0", Instance]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/spanner/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/spanner/Model.qll
deleted file mode 100644
index f99266b6e54..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/spanner/Model.qll
+++ /dev/null
@@ -1,198 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner/batch-transaction;BatchTransactionStatic;Instance", //
-        "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner/database;CreateBatchTransactionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]", //
-        "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner;Database;Member[batchTransaction].ReturnValue", //
-        "@google-cloud/spanner/batch-transaction;BatchTransactionStatic;@google-cloud/spanner/batch-transaction;;Member[BatchTransaction]", //
-        "@google-cloud/spanner/batch-transaction;TransactionIdentifier;@google-cloud/spanner/batch-transaction;BatchTransaction;Member[identifier].ReturnValue", //
-        "@google-cloud/spanner/batch-transaction;TransactionIdentifier;@google-cloud/spanner;Database;Member[batchTransaction].Argument[0]", //
-        "@google-cloud/spanner/database;BatchCreateSessionsCallback;@google-cloud/spanner;Database;Member[batchCreateSessions].Argument[1]", //
-        "@google-cloud/spanner/database;CreateBatchTransactionCallback;@google-cloud/spanner;Database;Member[createBatchTransaction].Argument[1]", //
-        "@google-cloud/spanner/database;CreateBatchTransactionCallback;@google-cloud/spanner;Database;Member[createBatchTransaction].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/database;CreateSessionCallback;@google-cloud/spanner;Database;Member[createSession].Argument[1]", //
-        "@google-cloud/spanner/database;CreateSessionCallback;@google-cloud/spanner;Database;Member[createSession].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/database;DatabaseCallback;@google-cloud/spanner;Database;Member[get].Argument[1]", //
-        "@google-cloud/spanner/database;DatabaseCallback;@google-cloud/spanner;Database;Member[get].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/database;GetSessionsCallback;@google-cloud/spanner;Database;Member[getSessions].Argument[1]", //
-        "@google-cloud/spanner/database;GetSessionsCallback;@google-cloud/spanner;Database;Member[getSessions].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/database;GetSnapshotCallback;@google-cloud/spanner;Database;Member[getSnapshot].Argument[1]", //
-        "@google-cloud/spanner/database;GetSnapshotCallback;@google-cloud/spanner;Database;Member[getSnapshot].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/database;GetTransactionCallback;@google-cloud/spanner;Database;Member[getTransaction].Argument[0]", //
-        "@google-cloud/spanner/database;PoolRequestCallback;@google-cloud/spanner;Database;Member[makePooledRequest_].Argument[1]", //
-        "@google-cloud/spanner/database;RestoreDatabaseCallback;@google-cloud/spanner;Database;Member[restore].Argument[1,2]", //
-        "@google-cloud/spanner/database;SessionPoolConstructor;@google-cloud/spanner;DatabaseStatic;Argument[2]", //
-        "@google-cloud/spanner/database;SessionPoolConstructor;@google-cloud/spanner;Instance;Member[database].Argument[1]", //
-        "@google-cloud/spanner/instance;CreateDatabaseCallback;@google-cloud/spanner;Instance;Member[createDatabase].Argument[2]", //
-        "@google-cloud/spanner/instance;CreateDatabaseCallback;@google-cloud/spanner;Instance;Member[createDatabase].WithArity[2].Argument[1]", //
-        "@google-cloud/spanner/instance;CreateDatabaseOptions;@google-cloud/spanner;Instance;Member[createDatabase].WithArity[1,2,3].Argument[1]", //
-        "@google-cloud/spanner/instance;CreateInstanceCallback;@google-cloud/spanner;Spanner;Member[createInstance].Argument[2]", //
-        "@google-cloud/spanner/instance;GetDatabasesCallback;@google-cloud/spanner;Instance;Member[getDatabases].Argument[1]", //
-        "@google-cloud/spanner/instance;GetDatabasesCallback;@google-cloud/spanner;Instance;Member[getDatabases].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/instance;GetInstanceCallback;@google-cloud/spanner;Instance;Member[get].Argument[1]", //
-        "@google-cloud/spanner/instance;GetInstanceCallback;@google-cloud/spanner;Instance;Member[get].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/session-pool;GetReadSessionCallback;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[getReadSession].Argument[0]", //
-        "@google-cloud/spanner/session-pool;GetReadSessionCallback;@google-cloud/spanner;SessionPool;Member[getReadSession].Argument[0]", //
-        "@google-cloud/spanner/session-pool;GetWriteSessionCallback;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[getWriteSession].Argument[0]", //
-        "@google-cloud/spanner/session-pool;GetWriteSessionCallback;@google-cloud/spanner;SessionPool;Member[getWriteSession].Argument[0]", //
-        "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner/database;SessionPoolConstructor;Instance", //
-        "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner;Database;Member[pool_]", //
-        "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner;SessionPool;", //
-        "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Database;Member[createTable].Argument[2]", //
-        "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Database;Member[createTable].WithArity[2].Argument[1]", //
-        "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Table;Member[create].Argument[2]", //
-        "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Table;Member[create].WithArity[2].Argument[1]", //
-        "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;Argument[2]", //
-        "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner;Database;Member[runTransactionAsync].Argument[1]", //
-        "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner;Database;Member[runTransactionAsync].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/transaction-runner;AsyncTransactionRunner;@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;Instance", //
-        "@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;@google-cloud/spanner/transaction-runner;;Member[AsyncTransactionRunner]", //
-        "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;Argument[2]", //
-        "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner;Database;Member[runTransaction].Argument[1]", //
-        "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner;Database;Member[runTransaction].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;AsyncTransactionRunner;", //
-        "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;RunnerStatic;Instance", //
-        "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;TransactionRunner;", //
-        "@google-cloud/spanner/transaction-runner;RunnerStatic;@google-cloud/spanner/transaction-runner;;Member[Runner]", //
-        "@google-cloud/spanner/transaction-runner;TransactionRunner;@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;Instance", //
-        "@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;@google-cloud/spanner/transaction-runner;;Member[TransactionRunner]", //
-        "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner/transaction;DmlStatic;Instance", //
-        "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner;PartitionedDml;", //
-        "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner;Transaction;", //
-        "@google-cloud/spanner/transaction;DmlStatic;@google-cloud/spanner/transaction;;Member[Dml]", //
-        "@google-cloud/spanner;BackupStatic;@google-cloud/spanner/backup;;Member[Backup]", //
-        "@google-cloud/spanner;BackupStatic;@google-cloud/spanner/backup;BackupStatic;", //
-        "@google-cloud/spanner;BackupStatic;@google-cloud/spanner;;Member[Backup]", //
-        "@google-cloud/spanner;BatchTransaction;@google-cloud/spanner/batch-transaction;BatchTransaction;", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/database;Database;", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/database;DatabaseCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/database;RestoreDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/database;SessionPoolConstructor;Argument[0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/instance;CreateDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner/instance;GetDatabasesCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;DatabaseStatic;Instance", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;Instance;Member[database].ReturnValue", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;SessionPool;Member[database]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;SessionPoolStatic;Argument[0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;SessionStatic;Argument[0]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;Table;Member[database]", //
-        "@google-cloud/spanner;Database;@google-cloud/spanner;TableStatic;Argument[0]", //
-        "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner/database;;Member[Database]", //
-        "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner/database;DatabaseStatic;", //
-        "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner;;Member[Database]", //
-        "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner/build/src;GetInstancesCallback;", //
-        "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner;Spanner;Member[getInstances].Argument[1]", //
-        "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner;Spanner;Member[getInstances].WithArity[1].Argument[0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;CreateInstanceCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;GetInstanceCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;Instance;", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner;BackupStatic;Argument[0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner;DatabaseStatic;Argument[0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner;GetInstancesCallback;TypeVar[@google-cloud/spanner/common.PagedCallback.0]", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner;InstanceStatic;Instance", //
-        "@google-cloud/spanner;Instance;@google-cloud/spanner;Spanner;Member[instance].ReturnValue", //
-        "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner/instance;;Member[Instance]", //
-        "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner/instance;InstanceStatic;", //
-        "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner;;Member[Instance]", //
-        "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner/transaction;PartitionedDml;", //
-        "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner;PartitionedDmlStatic;Instance", //
-        "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner;Session;Member[partitionedDml].ReturnValue", //
-        "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner/transaction;;Member[PartitionedDml]", //
-        "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner/transaction;PartitionedDmlStatic;", //
-        "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner;;Member[PartitionedDml]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/batch-transaction;TransactionIdentifier;Member[session]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/database;BatchCreateSessionsCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0].ArrayElement", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/database;CreateSessionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/database;GetSessionsCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/database;PoolRequestCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;GetReadSessionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;GetWriteSessionCallback;Argument[1]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[release].Argument[0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/session;Session;", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner/transaction-runner;Runner;Member[session]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[_runPartitionedUpdate].Argument[0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[makePooledRequest_].WithArity[1].ReturnValue.Awaited", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[session].ReturnValue", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_acquire,_getSession].ReturnValue.Awaited", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_borrow,_destroy,_isValidSession,_ping,_prepareTransaction,_release,release].Argument[0]", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_borrowFrom,_borrowNextAvailableSession].ReturnValue", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_getIdleSessions].ReturnValue.ArrayElement", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;SessionStatic;Instance", //
-        "@google-cloud/spanner;Session;@google-cloud/spanner;Snapshot;Member[session]", //
-        "@google-cloud/spanner;SessionPool;@google-cloud/spanner/instance;CreateDatabaseOptions;Member[poolCtor]", //
-        "@google-cloud/spanner;SessionPool;@google-cloud/spanner/session-pool;SessionPool;", //
-        "@google-cloud/spanner;SessionPool;@google-cloud/spanner;SessionPoolStatic;Instance", //
-        "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner/session-pool;;Member[SessionPool]", //
-        "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner/session-pool;SessionPoolStatic;", //
-        "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner;;Member[SessionPool]", //
-        "@google-cloud/spanner;SessionStatic;@google-cloud/spanner/session;;Member[Session]", //
-        "@google-cloud/spanner;SessionStatic;@google-cloud/spanner/session;SessionStatic;", //
-        "@google-cloud/spanner;SessionStatic;@google-cloud/spanner;;Member[Session]", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner/batch-transaction;BatchTransaction;", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner/database;GetSnapshotCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner/transaction;Dml;", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner/transaction;Snapshot;", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner;Session;Member[snapshot].ReturnValue", //
-        "@google-cloud/spanner;Snapshot;@google-cloud/spanner;SnapshotStatic;Instance", //
-        "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner/transaction;;Member[Snapshot]", //
-        "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner/transaction;SnapshotStatic;", //
-        "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner;;Member[Snapshot]", //
-        "@google-cloud/spanner;Spanner;@google-cloud/spanner;InstanceStatic;Argument[0]", //
-        "@google-cloud/spanner;Spanner;@google-cloud/spanner;SpannerStatic;Instance", //
-        "@google-cloud/spanner;SpannerStatic;@google-cloud/spanner;;Member[Spanner]", //
-        "@google-cloud/spanner;Table;@google-cloud/spanner/table;CreateTableCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]", //
-        "@google-cloud/spanner;Table;@google-cloud/spanner/table;Table;", //
-        "@google-cloud/spanner;Table;@google-cloud/spanner;Database;Member[table].ReturnValue", //
-        "@google-cloud/spanner;Table;@google-cloud/spanner;TableStatic;Instance", //
-        "@google-cloud/spanner;TableStatic;@google-cloud/spanner/table;;Member[Table]", //
-        "@google-cloud/spanner;TableStatic;@google-cloud/spanner/table;TableStatic;", //
-        "@google-cloud/spanner;TableStatic;@google-cloud/spanner;;Member[Table]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/database;GetTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/session-pool;GetWriteSessionCallback;Argument[2]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;Argument[0]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;RunTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;Runner;Member[getTransaction].ReturnValue.Awaited", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;Runner;Member[transaction]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction;Transaction;", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner;Session;Member[transaction].ReturnValue", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner;Session;Member[txn]", //
-        "@google-cloud/spanner;Transaction;@google-cloud/spanner;TransactionStatic;Instance", //
-        "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner/transaction;;Member[Transaction]", //
-        "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner/transaction;TransactionStatic;", //
-        "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner;;Member[Transaction]", //
-        "@google-cloud/spanner;v1.SpannerClient;@google-cloud/spanner/v1/spanner_client;SpannerClient;", //
-        "@google-cloud/spanner;v1.SpannerClient;@google-cloud/spanner;v1.SpannerClientStatic;Instance", //
-        "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client;;Member[SpannerClient]", //
-        "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client;SpannerClientStatic;", //
-        "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner;;Member[v1].Member[SpannerClient]", //
-        "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Database;", //
-        "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Snapshot;", //
-        "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Transaction;", //
-        "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;v1.SpannerClient;", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;BatchTransaction;Member[createQueryPartitions]", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Database;Member[run,runPartitionedUpdate,runStream]", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;PartitionedDml;Member[runUpdate]", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Snapshot;Member[run,runStream]", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Transaction;Member[run,runStream,runUpdate]", //
-        "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;v1.SpannerClient;Member[executeSql,executeStreamingSql,partitionQuery]", //
-      ]
-  }
-}
-
-private class TypeVariables extends ModelInput::TypeVariableModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "@google-cloud/spanner/common.LongRunningCallback.0;Argument[1]", //
-        "@google-cloud/spanner/common.NormalCallback.0;Argument[1]", //
-        "@google-cloud/spanner/common.PagedCallback.0;Argument[1].ArrayElement", //
-        "@google-cloud/spanner/common.RequestCallback.0;TypeVar[@google-cloud/spanner/common.NormalCallback.0,@google-cloud/spanner/common.PagedCallback.0]", //
-        "@google-cloud/spanner/common.ResourceCallback.0;Argument[1]", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.json b/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.json
index d2fe140f4d8..c4f583df6e4 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.json
@@ -56,186 +56,186 @@
     "language": "javascript",
     "model": {
         "typeDefinitions": [
-            "@google-cloud/spanner;BatchTransaction;@google-cloud/spanner/batch-transaction;BatchTransaction;",
-            "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Database;",
-            "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Snapshot;",
-            "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;Transaction;",
-            "@google-cloud/spanner;~SpannerObject;@google-cloud/spanner;v1.SpannerClient;",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;BatchTransaction;Member[createQueryPartitions]",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Database;Member[run,runPartitionedUpdate,runStream]",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;PartitionedDml;Member[runUpdate]",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Snapshot;Member[run,runStream]",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;Transaction;Member[run,runStream,runUpdate]",
-            "@google-cloud/spanner;~SqlExecutorDirect;@google-cloud/spanner;v1.SpannerClient;Member[executeSql,executeStreamingSql,partitionQuery]"
+            "@google-cloud/spanner.BatchTransaction;@google-cloud/spanner/batch-transaction.BatchTransaction;",
+            "@google-cloud/spanner.~SpannerObject;@google-cloud/spanner.Database;",
+            "@google-cloud/spanner.~SpannerObject;@google-cloud/spanner.Snapshot;",
+            "@google-cloud/spanner.~SpannerObject;@google-cloud/spanner.Transaction;",
+            "@google-cloud/spanner.~SpannerObject;@google-cloud/spanner.v1.SpannerClient;",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.BatchTransaction;Member[createQueryPartitions]",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.Database;Member[run,runPartitionedUpdate,runStream]",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.PartitionedDml;Member[runUpdate]",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.Snapshot;Member[run,runStream]",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.Transaction;Member[run,runStream,runUpdate]",
+            "@google-cloud/spanner.~SqlExecutorDirect;@google-cloud/spanner.v1.SpannerClient;Member[executeSql,executeStreamingSql,partitionQuery]"
         ],
         "sinks": []
     },
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner/batch-transaction;BatchTransactionStatic;Instance",
-            "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner/database;CreateBatchTransactionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
-            "@google-cloud/spanner/batch-transaction;BatchTransaction;@google-cloud/spanner;Database;Member[batchTransaction].ReturnValue",
-            "@google-cloud/spanner/batch-transaction;BatchTransactionStatic;@google-cloud/spanner/batch-transaction;;Member[BatchTransaction]",
-            "@google-cloud/spanner/batch-transaction;TransactionIdentifier;@google-cloud/spanner/batch-transaction;BatchTransaction;Member[identifier].ReturnValue",
-            "@google-cloud/spanner/batch-transaction;TransactionIdentifier;@google-cloud/spanner;Database;Member[batchTransaction].Argument[0]",
-            "@google-cloud/spanner/database;BatchCreateSessionsCallback;@google-cloud/spanner;Database;Member[batchCreateSessions].Argument[1]",
-            "@google-cloud/spanner/database;CreateBatchTransactionCallback;@google-cloud/spanner;Database;Member[createBatchTransaction].Argument[1]",
-            "@google-cloud/spanner/database;CreateBatchTransactionCallback;@google-cloud/spanner;Database;Member[createBatchTransaction].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/database;CreateSessionCallback;@google-cloud/spanner;Database;Member[createSession].Argument[1]",
-            "@google-cloud/spanner/database;CreateSessionCallback;@google-cloud/spanner;Database;Member[createSession].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/database;DatabaseCallback;@google-cloud/spanner;Database;Member[get].Argument[1]",
-            "@google-cloud/spanner/database;DatabaseCallback;@google-cloud/spanner;Database;Member[get].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/database;GetSessionsCallback;@google-cloud/spanner;Database;Member[getSessions].Argument[1]",
-            "@google-cloud/spanner/database;GetSessionsCallback;@google-cloud/spanner;Database;Member[getSessions].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/database;GetSnapshotCallback;@google-cloud/spanner;Database;Member[getSnapshot].Argument[1]",
-            "@google-cloud/spanner/database;GetSnapshotCallback;@google-cloud/spanner;Database;Member[getSnapshot].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/database;GetTransactionCallback;@google-cloud/spanner;Database;Member[getTransaction].Argument[0]",
-            "@google-cloud/spanner/database;PoolRequestCallback;@google-cloud/spanner;Database;Member[makePooledRequest_].Argument[1]",
-            "@google-cloud/spanner/database;RestoreDatabaseCallback;@google-cloud/spanner;Database;Member[restore].Argument[1,2]",
-            "@google-cloud/spanner/database;SessionPoolConstructor;@google-cloud/spanner;DatabaseStatic;Argument[2]",
-            "@google-cloud/spanner/database;SessionPoolConstructor;@google-cloud/spanner;Instance;Member[database].Argument[1]",
-            "@google-cloud/spanner/instance;CreateDatabaseCallback;@google-cloud/spanner;Instance;Member[createDatabase].Argument[2]",
-            "@google-cloud/spanner/instance;CreateDatabaseCallback;@google-cloud/spanner;Instance;Member[createDatabase].WithArity[2].Argument[1]",
-            "@google-cloud/spanner/instance;CreateDatabaseOptions;@google-cloud/spanner;Instance;Member[createDatabase].WithArity[1,2,3].Argument[1]",
-            "@google-cloud/spanner/instance;CreateInstanceCallback;@google-cloud/spanner;Spanner;Member[createInstance].Argument[2]",
-            "@google-cloud/spanner/instance;GetDatabasesCallback;@google-cloud/spanner;Instance;Member[getDatabases].Argument[1]",
-            "@google-cloud/spanner/instance;GetDatabasesCallback;@google-cloud/spanner;Instance;Member[getDatabases].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/instance;GetInstanceCallback;@google-cloud/spanner;Instance;Member[get].Argument[1]",
-            "@google-cloud/spanner/instance;GetInstanceCallback;@google-cloud/spanner;Instance;Member[get].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/session-pool;GetReadSessionCallback;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[getReadSession].Argument[0]",
-            "@google-cloud/spanner/session-pool;GetReadSessionCallback;@google-cloud/spanner;SessionPool;Member[getReadSession].Argument[0]",
-            "@google-cloud/spanner/session-pool;GetWriteSessionCallback;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[getWriteSession].Argument[0]",
-            "@google-cloud/spanner/session-pool;GetWriteSessionCallback;@google-cloud/spanner;SessionPool;Member[getWriteSession].Argument[0]",
-            "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner/database;SessionPoolConstructor;Instance",
-            "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner;Database;Member[pool_]",
-            "@google-cloud/spanner/session-pool;SessionPoolInterface;@google-cloud/spanner;SessionPool;",
-            "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Database;Member[createTable].Argument[2]",
-            "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Database;Member[createTable].WithArity[2].Argument[1]",
-            "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Table;Member[create].Argument[2]",
-            "@google-cloud/spanner/table;CreateTableCallback;@google-cloud/spanner;Table;Member[create].WithArity[2].Argument[1]",
-            "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;Argument[2]",
-            "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner;Database;Member[runTransactionAsync].Argument[1]",
-            "@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;@google-cloud/spanner;Database;Member[runTransactionAsync].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/transaction-runner;AsyncTransactionRunner;@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;Instance",
-            "@google-cloud/spanner/transaction-runner;AsyncTransactionRunnerStatic;@google-cloud/spanner/transaction-runner;;Member[AsyncTransactionRunner]",
-            "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;Argument[2]",
-            "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner;Database;Member[runTransaction].Argument[1]",
-            "@google-cloud/spanner/transaction-runner;RunTransactionCallback;@google-cloud/spanner;Database;Member[runTransaction].WithArity[1].Argument[0]",
-            "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;AsyncTransactionRunner;",
-            "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;RunnerStatic;Instance",
-            "@google-cloud/spanner/transaction-runner;Runner;@google-cloud/spanner/transaction-runner;TransactionRunner;",
-            "@google-cloud/spanner/transaction-runner;RunnerStatic;@google-cloud/spanner/transaction-runner;;Member[Runner]",
-            "@google-cloud/spanner/transaction-runner;TransactionRunner;@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;Instance",
-            "@google-cloud/spanner/transaction-runner;TransactionRunnerStatic;@google-cloud/spanner/transaction-runner;;Member[TransactionRunner]",
-            "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner/transaction;DmlStatic;Instance",
-            "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner;PartitionedDml;",
-            "@google-cloud/spanner/transaction;Dml;@google-cloud/spanner;Transaction;",
-            "@google-cloud/spanner/transaction;DmlStatic;@google-cloud/spanner/transaction;;Member[Dml]",
-            "@google-cloud/spanner;BackupStatic;@google-cloud/spanner/backup;;Member[Backup]",
-            "@google-cloud/spanner;BackupStatic;@google-cloud/spanner/backup;BackupStatic;",
-            "@google-cloud/spanner;BackupStatic;@google-cloud/spanner;;Member[Backup]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/database;Database;",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/database;DatabaseCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/database;RestoreDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/database;SessionPoolConstructor;Argument[0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/instance;CreateDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner/instance;GetDatabasesCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;DatabaseStatic;Instance",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;Instance;Member[database].ReturnValue",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;SessionPool;Member[database]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;SessionPoolStatic;Argument[0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;SessionStatic;Argument[0]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;Table;Member[database]",
-            "@google-cloud/spanner;Database;@google-cloud/spanner;TableStatic;Argument[0]",
-            "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner/database;;Member[Database]",
-            "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner/database;DatabaseStatic;",
-            "@google-cloud/spanner;DatabaseStatic;@google-cloud/spanner;;Member[Database]",
-            "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner/build/src;GetInstancesCallback;",
-            "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner;Spanner;Member[getInstances].Argument[1]",
-            "@google-cloud/spanner;GetInstancesCallback;@google-cloud/spanner;Spanner;Member[getInstances].WithArity[1].Argument[0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;CreateInstanceCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;GetInstanceCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner/instance;Instance;",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner;BackupStatic;Argument[0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner;DatabaseStatic;Argument[0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner;GetInstancesCallback;TypeVar[@google-cloud/spanner/common.PagedCallback.0]",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner;InstanceStatic;Instance",
-            "@google-cloud/spanner;Instance;@google-cloud/spanner;Spanner;Member[instance].ReturnValue",
-            "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner/instance;;Member[Instance]",
-            "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner/instance;InstanceStatic;",
-            "@google-cloud/spanner;InstanceStatic;@google-cloud/spanner;;Member[Instance]",
-            "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner/transaction;PartitionedDml;",
-            "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner;PartitionedDmlStatic;Instance",
-            "@google-cloud/spanner;PartitionedDml;@google-cloud/spanner;Session;Member[partitionedDml].ReturnValue",
-            "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner/transaction;;Member[PartitionedDml]",
-            "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner/transaction;PartitionedDmlStatic;",
-            "@google-cloud/spanner;PartitionedDmlStatic;@google-cloud/spanner;;Member[PartitionedDml]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/batch-transaction;TransactionIdentifier;Member[session]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/database;BatchCreateSessionsCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0].ArrayElement",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/database;CreateSessionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/database;GetSessionsCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/database;PoolRequestCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;GetReadSessionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;GetWriteSessionCallback;Argument[1]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/session-pool;SessionPoolInterface;Member[release].Argument[0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/session;Session;",
-            "@google-cloud/spanner;Session;@google-cloud/spanner/transaction-runner;Runner;Member[session]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[_runPartitionedUpdate].Argument[0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[makePooledRequest_].WithArity[1].ReturnValue.Awaited",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;Database;Member[session].ReturnValue",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_acquire,_getSession].ReturnValue.Awaited",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_borrow,_destroy,_isValidSession,_ping,_prepareTransaction,_release,release].Argument[0]",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_borrowFrom,_borrowNextAvailableSession].ReturnValue",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;SessionPool;Member[_getIdleSessions].ReturnValue.ArrayElement",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;SessionStatic;Instance",
-            "@google-cloud/spanner;Session;@google-cloud/spanner;Snapshot;Member[session]",
-            "@google-cloud/spanner;SessionPool;@google-cloud/spanner/instance;CreateDatabaseOptions;Member[poolCtor]",
-            "@google-cloud/spanner;SessionPool;@google-cloud/spanner/session-pool;SessionPool;",
-            "@google-cloud/spanner;SessionPool;@google-cloud/spanner;SessionPoolStatic;Instance",
-            "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner/session-pool;;Member[SessionPool]",
-            "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner/session-pool;SessionPoolStatic;",
-            "@google-cloud/spanner;SessionPoolStatic;@google-cloud/spanner;;Member[SessionPool]",
-            "@google-cloud/spanner;SessionStatic;@google-cloud/spanner/session;;Member[Session]",
-            "@google-cloud/spanner;SessionStatic;@google-cloud/spanner/session;SessionStatic;",
-            "@google-cloud/spanner;SessionStatic;@google-cloud/spanner;;Member[Session]",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner/batch-transaction;BatchTransaction;",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner/database;GetSnapshotCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner/transaction;Dml;",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner/transaction;Snapshot;",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner;Session;Member[snapshot].ReturnValue",
-            "@google-cloud/spanner;Snapshot;@google-cloud/spanner;SnapshotStatic;Instance",
-            "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner/transaction;;Member[Snapshot]",
-            "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner/transaction;SnapshotStatic;",
-            "@google-cloud/spanner;SnapshotStatic;@google-cloud/spanner;;Member[Snapshot]",
-            "@google-cloud/spanner;Spanner;@google-cloud/spanner;InstanceStatic;Argument[0]",
-            "@google-cloud/spanner;Spanner;@google-cloud/spanner;SpannerStatic;Instance",
-            "@google-cloud/spanner;SpannerStatic;@google-cloud/spanner;;Member[Spanner]",
-            "@google-cloud/spanner;Table;@google-cloud/spanner/table;CreateTableCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
-            "@google-cloud/spanner;Table;@google-cloud/spanner/table;Table;",
-            "@google-cloud/spanner;Table;@google-cloud/spanner;Database;Member[table].ReturnValue",
-            "@google-cloud/spanner;Table;@google-cloud/spanner;TableStatic;Instance",
-            "@google-cloud/spanner;TableStatic;@google-cloud/spanner/table;;Member[Table]",
-            "@google-cloud/spanner;TableStatic;@google-cloud/spanner/table;TableStatic;",
-            "@google-cloud/spanner;TableStatic;@google-cloud/spanner;;Member[Table]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/database;GetTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/session-pool;GetWriteSessionCallback;Argument[2]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;AsyncRunTransactionCallback;Argument[0]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;RunTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;Runner;Member[getTransaction].ReturnValue.Awaited",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction-runner;Runner;Member[transaction]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner/transaction;Transaction;",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner;Session;Member[transaction].ReturnValue",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner;Session;Member[txn]",
-            "@google-cloud/spanner;Transaction;@google-cloud/spanner;TransactionStatic;Instance",
-            "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner/transaction;;Member[Transaction]",
-            "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner/transaction;TransactionStatic;",
-            "@google-cloud/spanner;TransactionStatic;@google-cloud/spanner;;Member[Transaction]",
-            "@google-cloud/spanner;v1.SpannerClient;@google-cloud/spanner/v1/spanner_client;SpannerClient;",
-            "@google-cloud/spanner;v1.SpannerClient;@google-cloud/spanner;v1.SpannerClientStatic;Instance",
-            "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client;;Member[SpannerClient]",
-            "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client;SpannerClientStatic;",
-            "@google-cloud/spanner;v1.SpannerClientStatic;@google-cloud/spanner;;Member[v1].Member[SpannerClient]"
+            "@google-cloud/spanner.BackupStatic;@google-cloud/spanner/backup.BackupStatic;",
+            "@google-cloud/spanner.BackupStatic;@google-cloud/spanner/backup;Member[Backup]",
+            "@google-cloud/spanner.BackupStatic;@google-cloud/spanner;Member[Backup]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.DatabaseStatic;Instance",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.Instance;Member[database].ReturnValue",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.SessionPool;Member[database]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.SessionPoolStatic;Argument[0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.SessionStatic;Argument[0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.Table;Member[database]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner.TableStatic;Argument[0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/database.Database;",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/database.DatabaseCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/database.RestoreDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/database.SessionPoolConstructor;Argument[0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/instance.CreateDatabaseCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
+            "@google-cloud/spanner.Database;@google-cloud/spanner/instance.GetDatabasesCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
+            "@google-cloud/spanner.DatabaseStatic;@google-cloud/spanner/database.DatabaseStatic;",
+            "@google-cloud/spanner.DatabaseStatic;@google-cloud/spanner/database;Member[Database]",
+            "@google-cloud/spanner.DatabaseStatic;@google-cloud/spanner;Member[Database]",
+            "@google-cloud/spanner.GetInstancesCallback;@google-cloud/spanner.Spanner;Member[getInstances].Argument[1]",
+            "@google-cloud/spanner.GetInstancesCallback;@google-cloud/spanner.Spanner;Member[getInstances].WithArity[1].Argument[0]",
+            "@google-cloud/spanner.GetInstancesCallback;@google-cloud/spanner/build/src.GetInstancesCallback;",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner.BackupStatic;Argument[0]",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner.DatabaseStatic;Argument[0]",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner.GetInstancesCallback;TypeVar[@google-cloud/spanner/common.PagedCallback.0]",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner.InstanceStatic;Instance",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner.Spanner;Member[instance].ReturnValue",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner/instance.CreateInstanceCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner/instance.GetInstanceCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
+            "@google-cloud/spanner.Instance;@google-cloud/spanner/instance.Instance;",
+            "@google-cloud/spanner.InstanceStatic;@google-cloud/spanner/instance.InstanceStatic;",
+            "@google-cloud/spanner.InstanceStatic;@google-cloud/spanner/instance;Member[Instance]",
+            "@google-cloud/spanner.InstanceStatic;@google-cloud/spanner;Member[Instance]",
+            "@google-cloud/spanner.PartitionedDml;@google-cloud/spanner.PartitionedDmlStatic;Instance",
+            "@google-cloud/spanner.PartitionedDml;@google-cloud/spanner.Session;Member[partitionedDml].ReturnValue",
+            "@google-cloud/spanner.PartitionedDml;@google-cloud/spanner/transaction.PartitionedDml;",
+            "@google-cloud/spanner.PartitionedDmlStatic;@google-cloud/spanner/transaction.PartitionedDmlStatic;",
+            "@google-cloud/spanner.PartitionedDmlStatic;@google-cloud/spanner/transaction;Member[PartitionedDml]",
+            "@google-cloud/spanner.PartitionedDmlStatic;@google-cloud/spanner;Member[PartitionedDml]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.Database;Member[_runPartitionedUpdate].Argument[0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.Database;Member[makePooledRequest_].WithArity[1].ReturnValue.Awaited",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.Database;Member[session].ReturnValue",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.SessionPool;Member[_acquire,_getSession].ReturnValue.Awaited",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.SessionPool;Member[_borrow,_destroy,_isValidSession,_ping,_prepareTransaction,_release,release].Argument[0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.SessionPool;Member[_borrowFrom,_borrowNextAvailableSession].ReturnValue",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.SessionPool;Member[_getIdleSessions].ReturnValue.ArrayElement",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.SessionStatic;Instance",
+            "@google-cloud/spanner.Session;@google-cloud/spanner.Snapshot;Member[session]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/batch-transaction.TransactionIdentifier;Member[session]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/database.BatchCreateSessionsCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0].ArrayElement",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/database.CreateSessionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/database.GetSessionsCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/database.PoolRequestCallback;TypeVar[@google-cloud/spanner/common.RequestCallback.0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/session-pool.GetReadSessionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/session-pool.GetWriteSessionCallback;Argument[1]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/session-pool.SessionPoolInterface;Member[release].Argument[0]",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/session.Session;",
+            "@google-cloud/spanner.Session;@google-cloud/spanner/transaction-runner.Runner;Member[session]",
+            "@google-cloud/spanner.SessionPool;@google-cloud/spanner.SessionPoolStatic;Instance",
+            "@google-cloud/spanner.SessionPool;@google-cloud/spanner/instance.CreateDatabaseOptions;Member[poolCtor]",
+            "@google-cloud/spanner.SessionPool;@google-cloud/spanner/session-pool.SessionPool;",
+            "@google-cloud/spanner.SessionPoolStatic;@google-cloud/spanner/session-pool.SessionPoolStatic;",
+            "@google-cloud/spanner.SessionPoolStatic;@google-cloud/spanner/session-pool;Member[SessionPool]",
+            "@google-cloud/spanner.SessionPoolStatic;@google-cloud/spanner;Member[SessionPool]",
+            "@google-cloud/spanner.SessionStatic;@google-cloud/spanner/session.SessionStatic;",
+            "@google-cloud/spanner.SessionStatic;@google-cloud/spanner/session;Member[Session]",
+            "@google-cloud/spanner.SessionStatic;@google-cloud/spanner;Member[Session]",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner.Session;Member[snapshot].ReturnValue",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner.SnapshotStatic;Instance",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner/batch-transaction.BatchTransaction;",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner/database.GetSnapshotCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner/transaction.Dml;",
+            "@google-cloud/spanner.Snapshot;@google-cloud/spanner/transaction.Snapshot;",
+            "@google-cloud/spanner.SnapshotStatic;@google-cloud/spanner/transaction.SnapshotStatic;",
+            "@google-cloud/spanner.SnapshotStatic;@google-cloud/spanner/transaction;Member[Snapshot]",
+            "@google-cloud/spanner.SnapshotStatic;@google-cloud/spanner;Member[Snapshot]",
+            "@google-cloud/spanner.Spanner;@google-cloud/spanner.InstanceStatic;Argument[0]",
+            "@google-cloud/spanner.Spanner;@google-cloud/spanner.SpannerStatic;Instance",
+            "@google-cloud/spanner.SpannerStatic;@google-cloud/spanner;Member[Spanner]",
+            "@google-cloud/spanner.Table;@google-cloud/spanner.Database;Member[table].ReturnValue",
+            "@google-cloud/spanner.Table;@google-cloud/spanner.TableStatic;Instance",
+            "@google-cloud/spanner.Table;@google-cloud/spanner/table.CreateTableCallback;TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]",
+            "@google-cloud/spanner.Table;@google-cloud/spanner/table.Table;",
+            "@google-cloud/spanner.TableStatic;@google-cloud/spanner/table.TableStatic;",
+            "@google-cloud/spanner.TableStatic;@google-cloud/spanner/table;Member[Table]",
+            "@google-cloud/spanner.TableStatic;@google-cloud/spanner;Member[Table]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner.Session;Member[transaction].ReturnValue",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner.Session;Member[txn]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner.TransactionStatic;Instance",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/database.GetTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/session-pool.GetWriteSessionCallback;Argument[2]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback;Argument[0]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/transaction-runner.RunTransactionCallback;TypeVar[@google-cloud/spanner/common.NormalCallback.0]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/transaction-runner.Runner;Member[getTransaction].ReturnValue.Awaited",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/transaction-runner.Runner;Member[transaction]",
+            "@google-cloud/spanner.Transaction;@google-cloud/spanner/transaction.Transaction;",
+            "@google-cloud/spanner.TransactionStatic;@google-cloud/spanner/transaction.TransactionStatic;",
+            "@google-cloud/spanner.TransactionStatic;@google-cloud/spanner/transaction;Member[Transaction]",
+            "@google-cloud/spanner.TransactionStatic;@google-cloud/spanner;Member[Transaction]",
+            "@google-cloud/spanner.v1.SpannerClient;@google-cloud/spanner.v1.SpannerClientStatic;Instance",
+            "@google-cloud/spanner.v1.SpannerClient;@google-cloud/spanner/v1/spanner_client.SpannerClient;",
+            "@google-cloud/spanner.v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client.SpannerClientStatic;",
+            "@google-cloud/spanner.v1.SpannerClientStatic;@google-cloud/spanner/v1/spanner_client;Member[SpannerClient]",
+            "@google-cloud/spanner.v1.SpannerClientStatic;@google-cloud/spanner;Member[v1].Member[SpannerClient]",
+            "@google-cloud/spanner/batch-transaction.BatchTransaction;@google-cloud/spanner.Database;Member[batchTransaction].ReturnValue",
+            "@google-cloud/spanner/batch-transaction.BatchTransaction;@google-cloud/spanner/batch-transaction.BatchTransactionStatic;Instance",
+            "@google-cloud/spanner/batch-transaction.BatchTransaction;@google-cloud/spanner/database.CreateBatchTransactionCallback;TypeVar[@google-cloud/spanner/common.ResourceCallback.0]",
+            "@google-cloud/spanner/batch-transaction.BatchTransactionStatic;@google-cloud/spanner/batch-transaction;Member[BatchTransaction]",
+            "@google-cloud/spanner/batch-transaction.TransactionIdentifier;@google-cloud/spanner.Database;Member[batchTransaction].Argument[0]",
+            "@google-cloud/spanner/batch-transaction.TransactionIdentifier;@google-cloud/spanner/batch-transaction.BatchTransaction;Member[identifier].ReturnValue",
+            "@google-cloud/spanner/database.BatchCreateSessionsCallback;@google-cloud/spanner.Database;Member[batchCreateSessions].Argument[1]",
+            "@google-cloud/spanner/database.CreateBatchTransactionCallback;@google-cloud/spanner.Database;Member[createBatchTransaction].Argument[1]",
+            "@google-cloud/spanner/database.CreateBatchTransactionCallback;@google-cloud/spanner.Database;Member[createBatchTransaction].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/database.CreateSessionCallback;@google-cloud/spanner.Database;Member[createSession].Argument[1]",
+            "@google-cloud/spanner/database.CreateSessionCallback;@google-cloud/spanner.Database;Member[createSession].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/database.DatabaseCallback;@google-cloud/spanner.Database;Member[get].Argument[1]",
+            "@google-cloud/spanner/database.DatabaseCallback;@google-cloud/spanner.Database;Member[get].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/database.GetSessionsCallback;@google-cloud/spanner.Database;Member[getSessions].Argument[1]",
+            "@google-cloud/spanner/database.GetSessionsCallback;@google-cloud/spanner.Database;Member[getSessions].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/database.GetSnapshotCallback;@google-cloud/spanner.Database;Member[getSnapshot].Argument[1]",
+            "@google-cloud/spanner/database.GetSnapshotCallback;@google-cloud/spanner.Database;Member[getSnapshot].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/database.GetTransactionCallback;@google-cloud/spanner.Database;Member[getTransaction].Argument[0]",
+            "@google-cloud/spanner/database.PoolRequestCallback;@google-cloud/spanner.Database;Member[makePooledRequest_].Argument[1]",
+            "@google-cloud/spanner/database.RestoreDatabaseCallback;@google-cloud/spanner.Database;Member[restore].Argument[1,2]",
+            "@google-cloud/spanner/database.SessionPoolConstructor;@google-cloud/spanner.DatabaseStatic;Argument[2]",
+            "@google-cloud/spanner/database.SessionPoolConstructor;@google-cloud/spanner.Instance;Member[database].Argument[1]",
+            "@google-cloud/spanner/instance.CreateDatabaseCallback;@google-cloud/spanner.Instance;Member[createDatabase].Argument[2]",
+            "@google-cloud/spanner/instance.CreateDatabaseCallback;@google-cloud/spanner.Instance;Member[createDatabase].WithArity[2].Argument[1]",
+            "@google-cloud/spanner/instance.CreateDatabaseOptions;@google-cloud/spanner.Instance;Member[createDatabase].WithArity[1,2,3].Argument[1]",
+            "@google-cloud/spanner/instance.CreateInstanceCallback;@google-cloud/spanner.Spanner;Member[createInstance].Argument[2]",
+            "@google-cloud/spanner/instance.GetDatabasesCallback;@google-cloud/spanner.Instance;Member[getDatabases].Argument[1]",
+            "@google-cloud/spanner/instance.GetDatabasesCallback;@google-cloud/spanner.Instance;Member[getDatabases].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/instance.GetInstanceCallback;@google-cloud/spanner.Instance;Member[get].Argument[1]",
+            "@google-cloud/spanner/instance.GetInstanceCallback;@google-cloud/spanner.Instance;Member[get].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/session-pool.GetReadSessionCallback;@google-cloud/spanner.SessionPool;Member[getReadSession].Argument[0]",
+            "@google-cloud/spanner/session-pool.GetReadSessionCallback;@google-cloud/spanner/session-pool.SessionPoolInterface;Member[getReadSession].Argument[0]",
+            "@google-cloud/spanner/session-pool.GetWriteSessionCallback;@google-cloud/spanner.SessionPool;Member[getWriteSession].Argument[0]",
+            "@google-cloud/spanner/session-pool.GetWriteSessionCallback;@google-cloud/spanner/session-pool.SessionPoolInterface;Member[getWriteSession].Argument[0]",
+            "@google-cloud/spanner/session-pool.SessionPoolInterface;@google-cloud/spanner.Database;Member[pool_]",
+            "@google-cloud/spanner/session-pool.SessionPoolInterface;@google-cloud/spanner.SessionPool;",
+            "@google-cloud/spanner/session-pool.SessionPoolInterface;@google-cloud/spanner/database.SessionPoolConstructor;Instance",
+            "@google-cloud/spanner/table.CreateTableCallback;@google-cloud/spanner.Database;Member[createTable].Argument[2]",
+            "@google-cloud/spanner/table.CreateTableCallback;@google-cloud/spanner.Database;Member[createTable].WithArity[2].Argument[1]",
+            "@google-cloud/spanner/table.CreateTableCallback;@google-cloud/spanner.Table;Member[create].Argument[2]",
+            "@google-cloud/spanner/table.CreateTableCallback;@google-cloud/spanner.Table;Member[create].WithArity[2].Argument[1]",
+            "@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback;@google-cloud/spanner.Database;Member[runTransactionAsync].Argument[1]",
+            "@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback;@google-cloud/spanner.Database;Member[runTransactionAsync].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback;@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic;Argument[2]",
+            "@google-cloud/spanner/transaction-runner.AsyncTransactionRunner;@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic;Instance",
+            "@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic;@google-cloud/spanner/transaction-runner;Member[AsyncTransactionRunner]",
+            "@google-cloud/spanner/transaction-runner.RunTransactionCallback;@google-cloud/spanner.Database;Member[runTransaction].Argument[1]",
+            "@google-cloud/spanner/transaction-runner.RunTransactionCallback;@google-cloud/spanner.Database;Member[runTransaction].WithArity[1].Argument[0]",
+            "@google-cloud/spanner/transaction-runner.RunTransactionCallback;@google-cloud/spanner/transaction-runner.TransactionRunnerStatic;Argument[2]",
+            "@google-cloud/spanner/transaction-runner.Runner;@google-cloud/spanner/transaction-runner.AsyncTransactionRunner;",
+            "@google-cloud/spanner/transaction-runner.Runner;@google-cloud/spanner/transaction-runner.RunnerStatic;Instance",
+            "@google-cloud/spanner/transaction-runner.Runner;@google-cloud/spanner/transaction-runner.TransactionRunner;",
+            "@google-cloud/spanner/transaction-runner.RunnerStatic;@google-cloud/spanner/transaction-runner;Member[Runner]",
+            "@google-cloud/spanner/transaction-runner.TransactionRunner;@google-cloud/spanner/transaction-runner.TransactionRunnerStatic;Instance",
+            "@google-cloud/spanner/transaction-runner.TransactionRunnerStatic;@google-cloud/spanner/transaction-runner;Member[TransactionRunner]",
+            "@google-cloud/spanner/transaction.Dml;@google-cloud/spanner.PartitionedDml;",
+            "@google-cloud/spanner/transaction.Dml;@google-cloud/spanner.Transaction;",
+            "@google-cloud/spanner/transaction.Dml;@google-cloud/spanner/transaction.DmlStatic;Instance",
+            "@google-cloud/spanner/transaction.DmlStatic;@google-cloud/spanner/transaction;Member[Dml]"
         ],
         "summaries": [],
         "typeVariables": [
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.yml
new file mode 100644
index 00000000000..bf6e3fa4e5a
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/spanner/model.yml
@@ -0,0 +1,189 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ["@google-cloud/spanner.BackupStatic", "@google-cloud/spanner/backup.BackupStatic", ""]
+      - ["@google-cloud/spanner.BackupStatic", "@google-cloud/spanner/backup", "Member[Backup]"]
+      - ["@google-cloud/spanner.BackupStatic", "@google-cloud/spanner", "Member[Backup]"]
+      - ["@google-cloud/spanner.BatchTransaction", "@google-cloud/spanner/batch-transaction.BatchTransaction", ""]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.DatabaseStatic", Instance]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.Instance", "Member[database].ReturnValue"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.SessionPool", "Member[database]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.SessionPoolStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.SessionStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.Table", "Member[database]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner.TableStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/database.Database", ""]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/database.DatabaseCallback", "TypeVar[@google-cloud/spanner/common.ResourceCallback.0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/database.RestoreDatabaseCallback", "TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/database.SessionPoolConstructor", "Argument[0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/instance.CreateDatabaseCallback", "TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]"]
+      - ["@google-cloud/spanner.Database", "@google-cloud/spanner/instance.GetDatabasesCallback", "TypeVar[@google-cloud/spanner/common.RequestCallback.0]"]
+      - ["@google-cloud/spanner.DatabaseStatic", "@google-cloud/spanner/database.DatabaseStatic", ""]
+      - ["@google-cloud/spanner.DatabaseStatic", "@google-cloud/spanner/database", "Member[Database]"]
+      - ["@google-cloud/spanner.DatabaseStatic", "@google-cloud/spanner", "Member[Database]"]
+      - ["@google-cloud/spanner.GetInstancesCallback", "@google-cloud/spanner.Spanner", "Member[getInstances].Argument[1]"]
+      - ["@google-cloud/spanner.GetInstancesCallback", "@google-cloud/spanner.Spanner", "Member[getInstances].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner.GetInstancesCallback", "@google-cloud/spanner/build/src.GetInstancesCallback", ""]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner.BackupStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner.DatabaseStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner.GetInstancesCallback", "TypeVar[@google-cloud/spanner/common.PagedCallback.0]"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner.InstanceStatic", Instance]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner.Spanner", "Member[instance].ReturnValue"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner/instance.CreateInstanceCallback", "TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner/instance.GetInstanceCallback", "TypeVar[@google-cloud/spanner/common.ResourceCallback.0]"]
+      - ["@google-cloud/spanner.Instance", "@google-cloud/spanner/instance.Instance", ""]
+      - ["@google-cloud/spanner.InstanceStatic", "@google-cloud/spanner/instance.InstanceStatic", ""]
+      - ["@google-cloud/spanner.InstanceStatic", "@google-cloud/spanner/instance", "Member[Instance]"]
+      - ["@google-cloud/spanner.InstanceStatic", "@google-cloud/spanner", "Member[Instance]"]
+      - ["@google-cloud/spanner.PartitionedDml", "@google-cloud/spanner.PartitionedDmlStatic", Instance]
+      - ["@google-cloud/spanner.PartitionedDml", "@google-cloud/spanner.Session", "Member[partitionedDml].ReturnValue"]
+      - ["@google-cloud/spanner.PartitionedDml", "@google-cloud/spanner/transaction.PartitionedDml", ""]
+      - ["@google-cloud/spanner.PartitionedDmlStatic", "@google-cloud/spanner/transaction.PartitionedDmlStatic", ""]
+      - ["@google-cloud/spanner.PartitionedDmlStatic", "@google-cloud/spanner/transaction", "Member[PartitionedDml]"]
+      - ["@google-cloud/spanner.PartitionedDmlStatic", "@google-cloud/spanner", "Member[PartitionedDml]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.Database", "Member[_runPartitionedUpdate].Argument[0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.Database", "Member[makePooledRequest_].WithArity[1].ReturnValue.Awaited"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.Database", "Member[session].ReturnValue"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.SessionPool", "Member[_acquire,_getSession].ReturnValue.Awaited"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.SessionPool", "Member[_borrow,_destroy,_isValidSession,_ping,_prepareTransaction,_release,release].Argument[0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.SessionPool", "Member[_borrowFrom,_borrowNextAvailableSession].ReturnValue"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.SessionPool", "Member[_getIdleSessions].ReturnValue.ArrayElement"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.SessionStatic", Instance]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner.Snapshot", "Member[session]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/batch-transaction.TransactionIdentifier", "Member[session]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/database.BatchCreateSessionsCallback", "TypeVar[@google-cloud/spanner/common.ResourceCallback.0].ArrayElement"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/database.CreateSessionCallback", "TypeVar[@google-cloud/spanner/common.ResourceCallback.0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/database.GetSessionsCallback", "TypeVar[@google-cloud/spanner/common.RequestCallback.0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/database.PoolRequestCallback", "TypeVar[@google-cloud/spanner/common.RequestCallback.0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/session-pool.GetReadSessionCallback", "TypeVar[@google-cloud/spanner/common.NormalCallback.0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/session-pool.GetWriteSessionCallback", "Argument[1]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/session-pool.SessionPoolInterface", "Member[release].Argument[0]"]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/session.Session", ""]
+      - ["@google-cloud/spanner.Session", "@google-cloud/spanner/transaction-runner.Runner", "Member[session]"]
+      - ["@google-cloud/spanner.SessionPool", "@google-cloud/spanner.SessionPoolStatic", Instance]
+      - ["@google-cloud/spanner.SessionPool", "@google-cloud/spanner/instance.CreateDatabaseOptions", "Member[poolCtor]"]
+      - ["@google-cloud/spanner.SessionPool", "@google-cloud/spanner/session-pool.SessionPool", ""]
+      - ["@google-cloud/spanner.SessionPoolStatic", "@google-cloud/spanner/session-pool.SessionPoolStatic", ""]
+      - ["@google-cloud/spanner.SessionPoolStatic", "@google-cloud/spanner/session-pool", "Member[SessionPool]"]
+      - ["@google-cloud/spanner.SessionPoolStatic", "@google-cloud/spanner", "Member[SessionPool]"]
+      - ["@google-cloud/spanner.SessionStatic", "@google-cloud/spanner/session.SessionStatic", ""]
+      - ["@google-cloud/spanner.SessionStatic", "@google-cloud/spanner/session", "Member[Session]"]
+      - ["@google-cloud/spanner.SessionStatic", "@google-cloud/spanner", "Member[Session]"]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner.Session", "Member[snapshot].ReturnValue"]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner.SnapshotStatic", Instance]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner/batch-transaction.BatchTransaction", ""]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner/database.GetSnapshotCallback", "TypeVar[@google-cloud/spanner/common.NormalCallback.0]"]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner/transaction.Dml", ""]
+      - ["@google-cloud/spanner.Snapshot", "@google-cloud/spanner/transaction.Snapshot", ""]
+      - ["@google-cloud/spanner.SnapshotStatic", "@google-cloud/spanner/transaction.SnapshotStatic", ""]
+      - ["@google-cloud/spanner.SnapshotStatic", "@google-cloud/spanner/transaction", "Member[Snapshot]"]
+      - ["@google-cloud/spanner.SnapshotStatic", "@google-cloud/spanner", "Member[Snapshot]"]
+      - ["@google-cloud/spanner.Spanner", "@google-cloud/spanner.InstanceStatic", "Argument[0]"]
+      - ["@google-cloud/spanner.Spanner", "@google-cloud/spanner.SpannerStatic", Instance]
+      - ["@google-cloud/spanner.SpannerStatic", "@google-cloud/spanner", "Member[Spanner]"]
+      - ["@google-cloud/spanner.Table", "@google-cloud/spanner.Database", "Member[table].ReturnValue"]
+      - ["@google-cloud/spanner.Table", "@google-cloud/spanner.TableStatic", Instance]
+      - ["@google-cloud/spanner.Table", "@google-cloud/spanner/table.CreateTableCallback", "TypeVar[@google-cloud/spanner/common.LongRunningCallback.0]"]
+      - ["@google-cloud/spanner.Table", "@google-cloud/spanner/table.Table", ""]
+      - ["@google-cloud/spanner.TableStatic", "@google-cloud/spanner/table.TableStatic", ""]
+      - ["@google-cloud/spanner.TableStatic", "@google-cloud/spanner/table", "Member[Table]"]
+      - ["@google-cloud/spanner.TableStatic", "@google-cloud/spanner", "Member[Table]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner.Session", "Member[transaction].ReturnValue"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner.Session", "Member[txn]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner.TransactionStatic", Instance]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/database.GetTransactionCallback", "TypeVar[@google-cloud/spanner/common.NormalCallback.0]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/session-pool.GetWriteSessionCallback", "Argument[2]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback", "Argument[0]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/transaction-runner.RunTransactionCallback", "TypeVar[@google-cloud/spanner/common.NormalCallback.0]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/transaction-runner.Runner", "Member[getTransaction].ReturnValue.Awaited"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/transaction-runner.Runner", "Member[transaction]"]
+      - ["@google-cloud/spanner.Transaction", "@google-cloud/spanner/transaction.Transaction", ""]
+      - ["@google-cloud/spanner.TransactionStatic", "@google-cloud/spanner/transaction.TransactionStatic", ""]
+      - ["@google-cloud/spanner.TransactionStatic", "@google-cloud/spanner/transaction", "Member[Transaction]"]
+      - ["@google-cloud/spanner.TransactionStatic", "@google-cloud/spanner", "Member[Transaction]"]
+      - ["@google-cloud/spanner.v1.SpannerClient", "@google-cloud/spanner.v1.SpannerClientStatic", Instance]
+      - ["@google-cloud/spanner.v1.SpannerClient", "@google-cloud/spanner/v1/spanner_client.SpannerClient", ""]
+      - ["@google-cloud/spanner.v1.SpannerClientStatic", "@google-cloud/spanner/v1/spanner_client.SpannerClientStatic", ""]
+      - ["@google-cloud/spanner.v1.SpannerClientStatic", "@google-cloud/spanner/v1/spanner_client", "Member[SpannerClient]"]
+      - ["@google-cloud/spanner.v1.SpannerClientStatic", "@google-cloud/spanner", "Member[v1].Member[SpannerClient]"]
+      - ["@google-cloud/spanner.~SpannerObject", "@google-cloud/spanner.Database", ""]
+      - ["@google-cloud/spanner.~SpannerObject", "@google-cloud/spanner.Snapshot", ""]
+      - ["@google-cloud/spanner.~SpannerObject", "@google-cloud/spanner.Transaction", ""]
+      - ["@google-cloud/spanner.~SpannerObject", "@google-cloud/spanner.v1.SpannerClient", ""]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.BatchTransaction", "Member[createQueryPartitions]"]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.Database", "Member[run,runPartitionedUpdate,runStream]"]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.PartitionedDml", "Member[runUpdate]"]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.Snapshot", "Member[run,runStream]"]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.Transaction", "Member[run,runStream,runUpdate]"]
+      - ["@google-cloud/spanner.~SqlExecutorDirect", "@google-cloud/spanner.v1.SpannerClient", "Member[executeSql,executeStreamingSql,partitionQuery]"]
+      - ["@google-cloud/spanner/batch-transaction.BatchTransaction", "@google-cloud/spanner.Database", "Member[batchTransaction].ReturnValue"]
+      - ["@google-cloud/spanner/batch-transaction.BatchTransaction", "@google-cloud/spanner/batch-transaction.BatchTransactionStatic", Instance]
+      - ["@google-cloud/spanner/batch-transaction.BatchTransaction", "@google-cloud/spanner/database.CreateBatchTransactionCallback", "TypeVar[@google-cloud/spanner/common.ResourceCallback.0]"]
+      - ["@google-cloud/spanner/batch-transaction.BatchTransactionStatic", "@google-cloud/spanner/batch-transaction", "Member[BatchTransaction]"]
+      - ["@google-cloud/spanner/batch-transaction.TransactionIdentifier", "@google-cloud/spanner.Database", "Member[batchTransaction].Argument[0]"]
+      - ["@google-cloud/spanner/batch-transaction.TransactionIdentifier", "@google-cloud/spanner/batch-transaction.BatchTransaction", "Member[identifier].ReturnValue"]
+      - ["@google-cloud/spanner/database.BatchCreateSessionsCallback", "@google-cloud/spanner.Database", "Member[batchCreateSessions].Argument[1]"]
+      - ["@google-cloud/spanner/database.CreateBatchTransactionCallback", "@google-cloud/spanner.Database", "Member[createBatchTransaction].Argument[1]"]
+      - ["@google-cloud/spanner/database.CreateBatchTransactionCallback", "@google-cloud/spanner.Database", "Member[createBatchTransaction].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/database.CreateSessionCallback", "@google-cloud/spanner.Database", "Member[createSession].Argument[1]"]
+      - ["@google-cloud/spanner/database.CreateSessionCallback", "@google-cloud/spanner.Database", "Member[createSession].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/database.DatabaseCallback", "@google-cloud/spanner.Database", "Member[get].Argument[1]"]
+      - ["@google-cloud/spanner/database.DatabaseCallback", "@google-cloud/spanner.Database", "Member[get].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/database.GetSessionsCallback", "@google-cloud/spanner.Database", "Member[getSessions].Argument[1]"]
+      - ["@google-cloud/spanner/database.GetSessionsCallback", "@google-cloud/spanner.Database", "Member[getSessions].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/database.GetSnapshotCallback", "@google-cloud/spanner.Database", "Member[getSnapshot].Argument[1]"]
+      - ["@google-cloud/spanner/database.GetSnapshotCallback", "@google-cloud/spanner.Database", "Member[getSnapshot].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/database.GetTransactionCallback", "@google-cloud/spanner.Database", "Member[getTransaction].Argument[0]"]
+      - ["@google-cloud/spanner/database.PoolRequestCallback", "@google-cloud/spanner.Database", "Member[makePooledRequest_].Argument[1]"]
+      - ["@google-cloud/spanner/database.RestoreDatabaseCallback", "@google-cloud/spanner.Database", "Member[restore].Argument[1,2]"]
+      - ["@google-cloud/spanner/database.SessionPoolConstructor", "@google-cloud/spanner.DatabaseStatic", "Argument[2]"]
+      - ["@google-cloud/spanner/database.SessionPoolConstructor", "@google-cloud/spanner.Instance", "Member[database].Argument[1]"]
+      - ["@google-cloud/spanner/instance.CreateDatabaseCallback", "@google-cloud/spanner.Instance", "Member[createDatabase].Argument[2]"]
+      - ["@google-cloud/spanner/instance.CreateDatabaseCallback", "@google-cloud/spanner.Instance", "Member[createDatabase].WithArity[2].Argument[1]"]
+      - ["@google-cloud/spanner/instance.CreateDatabaseOptions", "@google-cloud/spanner.Instance", "Member[createDatabase].WithArity[1,2,3].Argument[1]"]
+      - ["@google-cloud/spanner/instance.CreateInstanceCallback", "@google-cloud/spanner.Spanner", "Member[createInstance].Argument[2]"]
+      - ["@google-cloud/spanner/instance.GetDatabasesCallback", "@google-cloud/spanner.Instance", "Member[getDatabases].Argument[1]"]
+      - ["@google-cloud/spanner/instance.GetDatabasesCallback", "@google-cloud/spanner.Instance", "Member[getDatabases].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/instance.GetInstanceCallback", "@google-cloud/spanner.Instance", "Member[get].Argument[1]"]
+      - ["@google-cloud/spanner/instance.GetInstanceCallback", "@google-cloud/spanner.Instance", "Member[get].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/session-pool.GetReadSessionCallback", "@google-cloud/spanner.SessionPool", "Member[getReadSession].Argument[0]"]
+      - ["@google-cloud/spanner/session-pool.GetReadSessionCallback", "@google-cloud/spanner/session-pool.SessionPoolInterface", "Member[getReadSession].Argument[0]"]
+      - ["@google-cloud/spanner/session-pool.GetWriteSessionCallback", "@google-cloud/spanner.SessionPool", "Member[getWriteSession].Argument[0]"]
+      - ["@google-cloud/spanner/session-pool.GetWriteSessionCallback", "@google-cloud/spanner/session-pool.SessionPoolInterface", "Member[getWriteSession].Argument[0]"]
+      - ["@google-cloud/spanner/session-pool.SessionPoolInterface", "@google-cloud/spanner.Database", "Member[pool_]"]
+      - ["@google-cloud/spanner/session-pool.SessionPoolInterface", "@google-cloud/spanner.SessionPool", ""]
+      - ["@google-cloud/spanner/session-pool.SessionPoolInterface", "@google-cloud/spanner/database.SessionPoolConstructor", Instance]
+      - ["@google-cloud/spanner/table.CreateTableCallback", "@google-cloud/spanner.Database", "Member[createTable].Argument[2]"]
+      - ["@google-cloud/spanner/table.CreateTableCallback", "@google-cloud/spanner.Database", "Member[createTable].WithArity[2].Argument[1]"]
+      - ["@google-cloud/spanner/table.CreateTableCallback", "@google-cloud/spanner.Table", "Member[create].Argument[2]"]
+      - ["@google-cloud/spanner/table.CreateTableCallback", "@google-cloud/spanner.Table", "Member[create].WithArity[2].Argument[1]"]
+      - ["@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback", "@google-cloud/spanner.Database", "Member[runTransactionAsync].Argument[1]"]
+      - ["@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback", "@google-cloud/spanner.Database", "Member[runTransactionAsync].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/transaction-runner.AsyncRunTransactionCallback", "@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic", "Argument[2]"]
+      - ["@google-cloud/spanner/transaction-runner.AsyncTransactionRunner", "@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic", Instance]
+      - ["@google-cloud/spanner/transaction-runner.AsyncTransactionRunnerStatic", "@google-cloud/spanner/transaction-runner", "Member[AsyncTransactionRunner]"]
+      - ["@google-cloud/spanner/transaction-runner.RunTransactionCallback", "@google-cloud/spanner.Database", "Member[runTransaction].Argument[1]"]
+      - ["@google-cloud/spanner/transaction-runner.RunTransactionCallback", "@google-cloud/spanner.Database", "Member[runTransaction].WithArity[1].Argument[0]"]
+      - ["@google-cloud/spanner/transaction-runner.RunTransactionCallback", "@google-cloud/spanner/transaction-runner.TransactionRunnerStatic", "Argument[2]"]
+      - ["@google-cloud/spanner/transaction-runner.Runner", "@google-cloud/spanner/transaction-runner.AsyncTransactionRunner", ""]
+      - ["@google-cloud/spanner/transaction-runner.Runner", "@google-cloud/spanner/transaction-runner.RunnerStatic", Instance]
+      - ["@google-cloud/spanner/transaction-runner.Runner", "@google-cloud/spanner/transaction-runner.TransactionRunner", ""]
+      - ["@google-cloud/spanner/transaction-runner.RunnerStatic", "@google-cloud/spanner/transaction-runner", "Member[Runner]"]
+      - ["@google-cloud/spanner/transaction-runner.TransactionRunner", "@google-cloud/spanner/transaction-runner.TransactionRunnerStatic", Instance]
+      - ["@google-cloud/spanner/transaction-runner.TransactionRunnerStatic", "@google-cloud/spanner/transaction-runner", "Member[TransactionRunner]"]
+      - ["@google-cloud/spanner/transaction.Dml", "@google-cloud/spanner.PartitionedDml", ""]
+      - ["@google-cloud/spanner/transaction.Dml", "@google-cloud/spanner.Transaction", ""]
+      - ["@google-cloud/spanner/transaction.Dml", "@google-cloud/spanner/transaction.DmlStatic", Instance]
+      - ["@google-cloud/spanner/transaction.DmlStatic", "@google-cloud/spanner/transaction", "Member[Dml]"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data:
+      - ["@google-cloud/spanner/common.LongRunningCallback.0", "Argument[1]"]
+      - ["@google-cloud/spanner/common.NormalCallback.0", "Argument[1]"]
+      - ["@google-cloud/spanner/common.PagedCallback.0", "Argument[1].ArrayElement"]
+      - ["@google-cloud/spanner/common.RequestCallback.0", "TypeVar[@google-cloud/spanner/common.NormalCallback.0,@google-cloud/spanner/common.PagedCallback.0]"]
+      - ["@google-cloud/spanner/common.ResourceCallback.0", "Argument[1]"]
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/Model.qll b/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/Model.qll
deleted file mode 100644
index 727408e7569..00000000000
--- a/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/Model.qll
+++ /dev/null
@@ -1,37 +0,0 @@
-/** Generated model file */
-
-private import javascript
-
-private class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sqlite3;Database;sqlite3;;Member[cached].Member[Database].ReturnValue", //
-        "sqlite3;Database;sqlite3;Database;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue", //
-        "sqlite3;Database;sqlite3;DatabaseStatic;Instance", //
-        "sqlite3;Database;sqlite3;Statement;Member[finalize].ReturnValue", //
-        "sqlite3;DatabaseStatic;sqlite3;;Member[Database]", //
-        "sqlite3;DatabaseStatic;sqlite3;sqlite3;Member[Database]", //
-        "sqlite3;RunResult;sqlite3;sqlite3;Member[RunResult]", //
-        "sqlite3;Statement;sqlite3;Database;Member[prepare].ReturnValue", //
-        "sqlite3;Statement;sqlite3;RunResult;", //
-        "sqlite3;Statement;sqlite3;Statement;Member[all,bind,each,get,reset,run].ReturnValue", //
-        "sqlite3;Statement;sqlite3;StatementStatic;Instance", //
-        "sqlite3;StatementStatic;sqlite3;;Member[Statement]", //
-        "sqlite3;StatementStatic;sqlite3;sqlite3;Member[Statement]", //
-        "sqlite3;sqlite3;sqlite3;;Member[verbose].ReturnValue", //
-        "sqlite3;sqlite3;sqlite3;sqlite3;Member[verbose].ReturnValue", //
-      ]
-  }
-}
-
-private class Summaries extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "sqlite3;Database;;;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue;type", //
-        "sqlite3;Statement;;;Member[all,bind,each,get,reset,run].ReturnValue;type", //
-        "sqlite3;sqlite3;;;Member[verbose].ReturnValue;type", //
-      ]
-  }
-}
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.json b/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.json
index 2cc41498ead..2d9a919bd1f 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.json
+++ b/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.json
@@ -8,7 +8,7 @@
     "language": "javascript",
     "usedTypes": {
         "sources": [
-            "sqlite3;Database"
+            "sqlite3.Database"
         ]
     },
     "model": {
@@ -17,26 +17,26 @@
     "generatedModel": {
         "//": "Autogenerated section. Manual edits in here will be lost.",
         "typeDefinitions": [
-            "sqlite3;Database;sqlite3;;Member[cached].Member[Database].ReturnValue",
-            "sqlite3;Database;sqlite3;Database;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue",
-            "sqlite3;Database;sqlite3;DatabaseStatic;Instance",
-            "sqlite3;Database;sqlite3;Statement;Member[finalize].ReturnValue",
-            "sqlite3;DatabaseStatic;sqlite3;;Member[Database]",
-            "sqlite3;DatabaseStatic;sqlite3;sqlite3;Member[Database]",
-            "sqlite3;RunResult;sqlite3;sqlite3;Member[RunResult]",
-            "sqlite3;Statement;sqlite3;Database;Member[prepare].ReturnValue",
-            "sqlite3;Statement;sqlite3;RunResult;",
-            "sqlite3;Statement;sqlite3;Statement;Member[all,bind,each,get,reset,run].ReturnValue",
-            "sqlite3;Statement;sqlite3;StatementStatic;Instance",
-            "sqlite3;StatementStatic;sqlite3;;Member[Statement]",
-            "sqlite3;StatementStatic;sqlite3;sqlite3;Member[Statement]",
-            "sqlite3;sqlite3;sqlite3;;Member[verbose].ReturnValue",
-            "sqlite3;sqlite3;sqlite3;sqlite3;Member[verbose].ReturnValue"
+            "sqlite3.Database;sqlite3.Database;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue",
+            "sqlite3.Database;sqlite3.DatabaseStatic;Instance",
+            "sqlite3.Database;sqlite3.Statement;Member[finalize].ReturnValue",
+            "sqlite3.Database;sqlite3;Member[cached].Member[Database].ReturnValue",
+            "sqlite3.DatabaseStatic;sqlite3.sqlite3;Member[Database]",
+            "sqlite3.DatabaseStatic;sqlite3;Member[Database]",
+            "sqlite3.RunResult;sqlite3.sqlite3;Member[RunResult]",
+            "sqlite3.Statement;sqlite3.Database;Member[prepare].ReturnValue",
+            "sqlite3.Statement;sqlite3.RunResult;",
+            "sqlite3.Statement;sqlite3.Statement;Member[all,bind,each,get,reset,run].ReturnValue",
+            "sqlite3.Statement;sqlite3.StatementStatic;Instance",
+            "sqlite3.StatementStatic;sqlite3.sqlite3;Member[Statement]",
+            "sqlite3.StatementStatic;sqlite3;Member[Statement]",
+            "sqlite3.sqlite3;sqlite3.sqlite3;Member[verbose].ReturnValue",
+            "sqlite3.sqlite3;sqlite3;Member[verbose].ReturnValue"
         ],
         "summaries": [
-            "sqlite3;Database;;;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue;type",
-            "sqlite3;Statement;;;Member[all,bind,each,get,reset,run].ReturnValue;type",
-            "sqlite3;sqlite3;;;Member[verbose].ReturnValue;type"
+            "sqlite3.Database;;;Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue;type",
+            "sqlite3.Statement;;;Member[all,bind,each,get,reset,run].ReturnValue;type",
+            "sqlite3.sqlite3;;;Member[verbose].ReturnValue;type"
         ],
         "typeVariables": []
     }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.yml
new file mode 100644
index 00000000000..643ef4efb25
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/frameworks/sqlite3/model.yml
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [sqlite3.Database, sqlite3.Database, "Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue"]
+      - [sqlite3.Database, sqlite3.DatabaseStatic, Instance]
+      - [sqlite3.Database, sqlite3.Statement, "Member[finalize].ReturnValue"]
+      - [sqlite3.Database, sqlite3, "Member[cached].Member[Database].ReturnValue"]
+      - [sqlite3.DatabaseStatic, sqlite3.sqlite3, "Member[Database]"]
+      - [sqlite3.DatabaseStatic, sqlite3, "Member[Database]"]
+      - [sqlite3.RunResult, sqlite3.sqlite3, "Member[RunResult]"]
+      - [sqlite3.Statement, sqlite3.Database, "Member[prepare].ReturnValue"]
+      - [sqlite3.Statement, sqlite3.RunResult, ""]
+      - [sqlite3.Statement, sqlite3.Statement, "Member[all,bind,each,get,reset,run].ReturnValue"]
+      - [sqlite3.Statement, sqlite3.StatementStatic, Instance]
+      - [sqlite3.StatementStatic, sqlite3.sqlite3, "Member[Statement]"]
+      - [sqlite3.StatementStatic, sqlite3, "Member[Statement]"]
+      - [sqlite3.sqlite3, sqlite3.sqlite3, "Member[verbose].ReturnValue"]
+      - [sqlite3.sqlite3, sqlite3, "Member[verbose].ReturnValue"]
+
+  - addsTo: 
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - [sqlite3.Database, "", "", "Member[addListener,all,each,exec,get,on,once,prependListener,prependOnceListener,run].ReturnValue", type]
+      - [sqlite3.Statement, "", "", "Member[all,bind,each,get,reset,run].ReturnValue", type]
+      - [sqlite3.sqlite3, "", "", "Member[verbose].ReturnValue", type]
diff --git a/javascript/ql/lib/semmle/javascript/heuristics/AdditionalRouteHandlers.qll b/javascript/ql/lib/semmle/javascript/heuristics/AdditionalRouteHandlers.qll
index 76a8aff557b..a62edc692b3 100644
--- a/javascript/ql/lib/semmle/javascript/heuristics/AdditionalRouteHandlers.qll
+++ b/javascript/ql/lib/semmle/javascript/heuristics/AdditionalRouteHandlers.qll
@@ -11,24 +11,19 @@ private import semmle.javascript.frameworks.ConnectExpressShared
  * Add `NodeJSLib::RouteHandlerCandidate` to the extent of `NodeJSLib::RouteHandler`.
  */
 private class PromotedNodeJSLibCandidate extends NodeJSLib::RouteHandler,
-  Http::Servers::StandardRouteHandler {
-  PromotedNodeJSLibCandidate() { this instanceof NodeJSLib::RouteHandlerCandidate }
-}
+  Http::Servers::StandardRouteHandler instanceof NodeJSLib::RouteHandlerCandidate { }
 
 /**
  * Add `Hapi::RouteHandlerCandidate` to the extent of `Hapi::RouteHandler`.
  */
-private class PromotedHapiCandidate extends Hapi::RouteHandler, Http::Servers::StandardRouteHandler {
-  PromotedHapiCandidate() { this instanceof Hapi::RouteHandlerCandidate }
+private class PromotedHapiCandidate extends Hapi::RouteHandler, Http::Servers::StandardRouteHandler instanceof Hapi::RouteHandlerCandidate {
 }
 
 /**
  * Add `ConnectExpressShared::RouteHandlerCandidate` to the extent of `Express::RouteHandler`.
  */
 private class PromotedExpressCandidate extends Express::RouteHandler,
-  Http::Servers::StandardRouteHandler {
-  PromotedExpressCandidate() { this instanceof ConnectExpressShared::RouteHandlerCandidate }
-
+  Http::Servers::StandardRouteHandler instanceof ConnectExpressShared::RouteHandlerCandidate {
   override DataFlow::ParameterNode getRouteHandlerParameter(string kind) {
     result = ConnectExpressShared::getRouteHandlerParameter(this, kind)
   }
@@ -38,10 +33,24 @@ private class PromotedExpressCandidate extends Express::RouteHandler,
  * Add `ConnectExpressShared::RouteHandlerCandidate` to the extent of `Connect::RouteHandler`.
  */
 private class PromotedConnectCandidate extends Connect::RouteHandler,
-  Http::Servers::StandardRouteHandler {
-  PromotedConnectCandidate() { this instanceof ConnectExpressShared::RouteHandlerCandidate }
-
+  Http::Servers::StandardRouteHandler instanceof ConnectExpressShared::RouteHandlerCandidate {
   override DataFlow::ParameterNode getRouteHandlerParameter(string kind) {
     result = ConnectExpressShared::getRouteHandlerParameter(this, kind)
   }
 }
+
+/**
+ * Add `Restify::RouteHandlerCandidate` to the extent of `Restify::RouteHandler`.
+ */
+private class PromotedRestifyCandidate extends Restify::RouteHandler,
+  Http::Servers::StandardRouteHandler {
+  PromotedRestifyCandidate() { this instanceof Restify::RouteHandlerCandidate }
+}
+
+/**
+ * Add `Spife::RouteHandlerCandidate` to the extent of `Spife::RouteHandler`.
+ */
+private class PromotedSpifeCandidate extends Spife::RouteHandler,
+  Http::Servers::StandardRouteHandler {
+  PromotedSpifeCandidate() { this instanceof Spife::RouteHandlerCandidate }
+}
diff --git a/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll b/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll
index 40c86ed4855..c8b1f5df31a 100644
--- a/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll
+++ b/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll
@@ -27,9 +27,7 @@ private class RemoteFlowPassword extends HeuristicSource, RemoteFlowSource {
  * since it does not properly escape single quotes and dollar symbols.
  */
 private class JsonStringifyAsCommandInjectionSource extends HeuristicSource,
-  CommandInjection::Source {
-  JsonStringifyAsCommandInjectionSource() { this instanceof JsonStringifyCall }
-
+  CommandInjection::Source instanceof JsonStringifyCall {
   override string getSourceType() { result = "a string from JSON.stringify" }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
index 95bfbeeeb5d..0bc83143e8c 100644
--- a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
@@ -2,155 +2,7 @@
  * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
-import regexp.RegexpMatching
-
-/**
- * Holds if the regexp `root` should be tested against `str`.
- * Implements the `isRegexpMatchingCandidateSig` signature from `RegexpMatching`.
- * `ignorePrefix` toggles whether the regular expression should be treated as accepting any prefix if it's unanchored.
- * `testWithGroups` toggles whether it's tested which groups are filled by a given input string.
- */
-private predicate isBadTagFilterCandidate(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-) {
-  // the regexp must mention "<" and ">" explicitly.
-  forall(string angleBracket | angleBracket = ["<", ">"] |
-    any(RegExpConstant term | term.getValue().matches("%" + angleBracket + "%")).getRootTerm() =
-      root
-  ) and
-  ignorePrefix = true and
-  (
-    str = ["<!-- foo -->", "<!-- foo --!>", "<!- foo ->", "<foo>", "<script>"] and
-    testWithGroups = true
-    or
-    str =
-      [
-        "<!-- foo -->", "<!- foo ->", "<!-- foo --!>", "<!-- foo\n -->", "<script>foo</script>",
-        "<script \n>foo</script>", "<script >foo\n</script>", "<foo ></foo>", "<foo>",
-        "<foo src=\"foo\"></foo>", "<script>", "<script src=\"foo\"></script>",
-        "<script src='foo'></script>", "<SCRIPT>foo</SCRIPT>", "<script\tsrc=\"foo\"/>",
-        "<script\tsrc='foo'></script>", "<sCrIpT>foo</ScRiPt>", "<script src=\"foo\">foo</script >",
-        "<script src=\"foo\">foo</script foo=\"bar\">", "<script src=\"foo\">foo</script\t\n bar>"
-      ] and
-    testWithGroups = false
-  )
-}
-
-/**
- * A regexp that matches some string from the `isBadTagFilterCandidate` predicate.
- */
-class HtmlMatchingRegExp extends RootTerm {
-  HtmlMatchingRegExp() { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, _) }
-
-  /** Holds if this regexp matched `str`, where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate matches(string str) { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, str) }
-
-  /** Holds if this regexp fills capture group `g' when matching `str', where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate fillsCaptureGroup(string str, int g) {
-    RegexpMatching<isBadTagFilterCandidate/4>::fillsCaptureGroup(this, str, g)
-  }
-}
-
-/** DEPRECATED: Alias for HtmlMatchingRegExp */
-deprecated class HTMLMatchingRegExp = HtmlMatchingRegExp;
-
-/**
- * Holds if `regexp` matches some HTML tags, but misses some HTML tags that it should match.
- *
- * When adding a new case to this predicate, make sure the test string used in `matches(..)` calls are present in `HTMLMatchingRegExp::test` / `HTMLMatchingRegExp::testWithGroups`.
- */
-predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
-  // CVE-2021-33829 - matching both "<!-- foo -->" and "<!-- foo --!>", but in different capture groups
-  regexp.matches("<!-- foo -->") and
-  regexp.matches("<!-- foo --!>") and
-  exists(int a, int b | a != b |
-    regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
-    regexp.fillsCaptureGroup("<!-- foo --!>", b) and
-    not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
-    msg =
-      "Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group "
-        + a + " and comments ending with --!> are matched with capture group " +
-        strictconcat(int i | regexp.fillsCaptureGroup("<!-- foo --!>", i) | i.toString(), ", ") +
-        "."
-  )
-  or
-  // CVE-2020-17480 - matching "<!-- foo -->" and other tags, but not "<!-- foo --!>".
-  exists(int group, int other |
-    group != other and
-    regexp.fillsCaptureGroup("<!-- foo -->", group) and
-    regexp.fillsCaptureGroup("<foo>", other) and
-    not regexp.matches("<!-- foo --!>") and
-    not regexp.fillsCaptureGroup("<!-- foo -->", any(int i | i != group)) and
-    not regexp.fillsCaptureGroup("<!- foo ->", group) and
-    not regexp.fillsCaptureGroup("<foo>", group) and
-    not regexp.fillsCaptureGroup("<script>", group) and
-    msg =
-      "This regular expression only parses --> (capture group " + group +
-        ") and not --!> as an HTML comment end tag."
-  )
-  or
-  regexp.matches("<!-- foo -->") and
-  not regexp.matches("<!-- foo\n -->") and
-  not regexp.matches("<!- foo ->") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<script>") and
-  msg = "This regular expression does not match comments containing newlines."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script \n>foo</script>") and
-    msg = "This regular expression matches <script></script>, but not <script \\n></script>"
-    or
-    not regexp.matches("<script >foo\n</script>") and
-    msg = "This regular expression matches <script>...</script>, but not <script >...\\n</script>"
-  )
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses single-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses double-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script\tsrc='foo'></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo src=\"foo\"></foo>") and
-  msg = "This regular expression does not match script tags where tabs are used between attributes."
-  or
-  regexp.matches("<script>foo</script>") and
-  not RegExpFlags::isIgnoreCase(regexp) and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match upper case <SCRIPT> tags."
-    or
-    not regexp.matches("<sCrIpT>foo</ScRiPt>") and
-    regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match mixed case <sCrIpT> tags."
-  )
-  or
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script src=\"foo\">foo</script >") and
-    msg = "This regular expression does not match script end tags like </script >."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script foo=\"bar\">") and
-    msg = "This regular expression does not match script end tags like </script foo=\"bar\">."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script\t\n bar>") and
-    msg = "This regular expression does not match script end tags like </script\\t\\n bar>."
-  )
-}
+private import regexp.RegExpTreeView::RegExpTreeView as TreeView
+// BadTagFilterQuery should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/IncompleteBlacklistSanitizer.qll b/javascript/ql/lib/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
index 7f84128af23..31656df3471 100644
--- a/javascript/ql/lib/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
+++ b/javascript/ql/lib/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
@@ -38,9 +38,8 @@ string describeCharacters(string rep) {
  * A local sequence of calls to `String.prototype.replace`,
  * represented by the last call.
  */
-class StringReplaceCallSequence extends DataFlow::CallNode {
+class StringReplaceCallSequence extends DataFlow::CallNode instanceof StringReplaceCall {
   StringReplaceCallSequence() {
-    this instanceof StringReplaceCall and
     not exists(getAStringReplaceMethodCall(this)) // terminal
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll b/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
index db394e43285..10d9ab19f98 100644
--- a/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
@@ -3,7 +3,8 @@
  */
 
 import javascript
-import semmle.javascript.security.regexp.NfaUtils as NfaUtils
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils
 
 class StringSubstitutionCall = StringReplaceCall;
 
diff --git a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll
index 65e662f0bc5..2053afe95f8 100644
--- a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll
@@ -2,288 +2,7 @@
  * Classes and predicates for working with suspicious character ranges.
  */
 
-// We don't need the NFA utils, just the regexp tree.
-// but the below is a nice shared library that exposes the API we need.
-import regexp.NfaUtils
-
-/**
- * Gets a rank for `range` that is unique for ranges in the same file.
- * Prioritizes ranges that match more characters.
- */
-int rankRange(RegExpCharacterRange range) {
-  range =
-    rank[result](RegExpCharacterRange r, Location l, int low, int high |
-      r.getLocation() = l and
-      isRange(r, low, high)
-    |
-      r order by (high - low) desc, l.getStartLine(), l.getStartColumn()
-    )
-}
-
-/** Holds if `range` spans from the unicode code points `low` to `high` (both inclusive). */
-predicate isRange(RegExpCharacterRange range, int low, int high) {
-  exists(string lowc, string highc |
-    range.isRange(lowc, highc) and
-    low.toUnicode() = lowc and
-    high.toUnicode() = highc
-  )
-}
-
-/** Holds if `char` is an alpha-numeric character. */
-predicate isAlphanumeric(string char) {
-  // written like this to avoid having a bindingset for the predicate
-  char = [[48 .. 57], [65 .. 90], [97 .. 122]].toUnicode() // 0-9, A-Z, a-z
-}
-
-/**
- * Holds if the given ranges are from the same character class
- * and there exists at least one character matched by both ranges.
- */
-predicate overlap(RegExpCharacterRange a, RegExpCharacterRange b) {
-  exists(RegExpCharacterClass clz |
-    a = clz.getAChild() and
-    b = clz.getAChild() and
-    a != b
-  |
-    exists(int alow, int ahigh, int blow, int bhigh |
-      isRange(a, alow, ahigh) and
-      isRange(b, blow, bhigh) and
-      alow <= bhigh and
-      blow <= ahigh
-    )
-  )
-}
-
-/**
- * Holds if `range` overlaps with the char class `escape` from the same character class.
- */
-predicate overlapsWithCharEscape(RegExpCharacterRange range, RegExpCharacterClassEscape escape) {
-  exists(RegExpCharacterClass clz, string low, string high |
-    range = clz.getAChild() and
-    escape = clz.getAChild() and
-    range.isRange(low, high)
-  |
-    escape.getValue() = "w" and
-    getInRange(low, high).regexpMatch("\\w")
-    or
-    escape.getValue() = "d" and
-    getInRange(low, high).regexpMatch("\\d")
-    or
-    escape.getValue() = "s" and
-    getInRange(low, high).regexpMatch("\\s")
-  )
-}
-
-/** Gets the unicode code point for a `char`. */
-bindingset[char]
-int toCodePoint(string char) { result.toUnicode() = char }
-
-/** A character range that appears to be overly wide. */
-class OverlyWideRange extends RegExpCharacterRange {
-  OverlyWideRange() {
-    exists(int low, int high, int numChars |
-      isRange(this, low, high) and
-      numChars = (1 + high - low) and
-      this.getRootTerm().isUsedAsRegExp() and
-      numChars >= 10
-    |
-      // across the Z-a range (which includes backticks)
-      toCodePoint("Z") >= low and
-      toCodePoint("a") <= high
-      or
-      // across the 9-A range (which includes e.g. ; and ?)
-      toCodePoint("9") >= low and
-      toCodePoint("A") <= high
-      or
-      // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
-      // while still being ascii
-      low < 128 and
-      high < 128
-    ) and
-    // allowlist for known ranges
-    not this = allowedWideRanges()
-  }
-
-  /** Gets a string representation of a character class that matches the same chars as this range. */
-  string printEquivalent() { result = RangePrinter::printEquivalentCharClass(this) }
-}
-
-/** Gets a range that should not be reported as an overly wide range. */
-RegExpCharacterRange allowedWideRanges() {
-  // ~ is the last printable ASCII character, it's used right in various wide ranges.
-  result.isRange(_, "~")
-  or
-  // the same with " " and "!". " " is the first printable character, and "!" is the first non-white-space printable character.
-  result.isRange([" ", "!"], _)
-  or
-  // the `[@-_]` range is intentional
-  result.isRange("@", "_")
-  or
-  // starting from the zero byte is a good indication that it's purposely matching a large range.
-  result.isRange(0.toUnicode(), _)
-}
-
-/** Gets a char between (and including) `low` and `high`. */
-bindingset[low, high]
-private string getInRange(string low, string high) {
-  result = [toCodePoint(low) .. toCodePoint(high)].toUnicode()
-}
-
-/** A module computing an equivalent character class for an overly wide range. */
-module RangePrinter {
-  bindingset[char]
-  bindingset[result]
-  private string next(string char) {
-    exists(int prev, int next |
-      prev.toUnicode() = char and
-      next.toUnicode() = result and
-      next = prev + 1
-    )
-  }
-
-  /** Gets the points where the parts of the pretty printed range should be cut off. */
-  private string cutoffs() { result = ["A", "Z", "a", "z", "0", "9"] }
-
-  /** Gets the char to use in the low end of a range for a given `cut` */
-  private string lowCut(string cut) {
-    cut = ["A", "a", "0"] and
-    result = cut
-    or
-    cut = ["Z", "z", "9"] and
-    result = next(cut)
-  }
-
-  /** Gets the char to use in the high end of a range for a given `cut` */
-  private string highCut(string cut) {
-    cut = ["Z", "z", "9"] and
-    result = cut
-    or
-    cut = ["A", "a", "0"] and
-    next(result) = cut
-  }
-
-  /** Gets the cutoff char used for a given `part` of a range when pretty-printing it. */
-  private string cutoff(OverlyWideRange range, int part) {
-    exists(int low, int high | isRange(range, low, high) |
-      result =
-        rank[part + 1](string cut |
-          cut = cutoffs() and low < toCodePoint(cut) and toCodePoint(cut) < high
-        |
-          cut order by toCodePoint(cut)
-        )
-    )
-  }
-
-  /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
-
-  /** Holds if the given part of a range should span from `low` to `high`. */
-  private predicate part(OverlyWideRange range, int part, string low, string high) {
-    // first part.
-    part = 0 and
-    (
-      range.isRange(low, high) and
-      parts(range) = 1
-      or
-      parts(range) >= 2 and
-      range.isRange(low, _) and
-      high = highCut(cutoff(range, part))
-    )
-    or
-    // middle
-    part >= 1 and
-    part < parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    high = highCut(cutoff(range, part))
-    or
-    // last.
-    part = parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    range.isRange(_, high)
-  }
-
-  /** Gets an escaped `char` for use in a character class. */
-  bindingset[char]
-  private string escape(string char) {
-    exists(string reg | reg = "(\\[|\\]|\\\\|-|/)" |
-      if char.regexpMatch(reg) then result = "\\" + char else result = char
-    )
-  }
-
-  /** Gets a part of the equivalent range. */
-  private string printEquivalentCharClass(OverlyWideRange range, int part) {
-    exists(string low, string high | part(range, part, low, high) |
-      if
-        isAlphanumeric(low) and
-        isAlphanumeric(high)
-      then result = low + "-" + high
-      else
-        result =
-          strictconcat(string char | char = getInRange(low, high) | escape(char) order by char)
-    )
-  }
-
-  /** Gets the entire pretty printed equivalent range. */
-  string printEquivalentCharClass(OverlyWideRange range) {
-    result =
-      strictconcat(string r, int part |
-        r = "[" and part = -1 and exists(range)
-        or
-        r = printEquivalentCharClass(range, part)
-        or
-        r = "]" and part = parts(range)
-      |
-        r order by part
-      )
-  }
-}
-
-/** Gets a char range that is overly large because of `reason`. */
-RegExpCharacterRange getABadRange(string reason, int priority) {
-  result instanceof OverlyWideRange and
-  priority = 0 and
-  exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() |
-    if equiv.length() <= 50
-    then reason = "is equivalent to " + equiv
-    else reason = "is equivalent to " + equiv.substring(0, 50) + "..."
-  )
-  or
-  priority = 1 and
-  exists(RegExpCharacterRange other |
-    reason = "overlaps with " + other + " in the same character class" and
-    rankRange(result) < rankRange(other) and
-    overlap(result, other)
-  )
-  or
-  priority = 2 and
-  exists(RegExpCharacterClassEscape escape |
-    reason = "overlaps with " + escape + " in the same character class" and
-    overlapsWithCharEscape(result, escape)
-  )
-  or
-  reason = "is empty" and
-  priority = 3 and
-  exists(int low, int high |
-    isRange(result, low, high) and
-    low > high
-  )
-}
-
-/** Holds if `range` matches suspiciously many characters. */
-predicate problem(RegExpCharacterRange range, string reason) {
-  reason =
-    strictconcat(string m, int priority |
-      range = getABadRange(m, priority)
-    |
-      m, ", and " order by priority desc
-    ) and
-  // specifying a range using an escape is usually OK.
-  not range.getAChild() instanceof RegExpEscape and
-  // Unicode escapes in strings are interpreted before it turns into a regexp,
-  // so e.g. [\u0001-\uFFFF] will just turn up as a range between two constants.
-  // We therefore exclude these ranges.
-  range.getRootTerm().getParent() instanceof RegExpLiteral and
-  // is used as regexp (mostly for JS where regular expressions are parsed eagerly)
-  range.getRootTerm().isUsedAsRegExp()
-}
+private import regexp.RegExpTreeView::RegExpTreeView as TreeView
+// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll b/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll
index 5428e14abee..e66200370dd 100644
--- a/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll
+++ b/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll
@@ -10,21 +10,17 @@ import Declarations.UnusedVariable
  * A call that executes a system command.
  * This class provides utility predicates for reasoning about command execution calls.
  */
-private class CommandCall extends DataFlow::InvokeNode {
-  SystemCommandExecution command;
-
-  CommandCall() { this = command }
-
+private class CommandCall extends DataFlow::InvokeNode instanceof SystemCommandExecution {
   /**
    * Holds if the call is synchronous (e.g. `execFileSync`).
    */
-  predicate isSync() { command.isSync() }
+  predicate isSync() { super.isSync() }
 
   /**
    * Gets a list that specifies the arguments given to the command.
    */
   DataFlow::ArrayCreationNode getArgumentList() {
-    result = command.getArgumentList().getALocalSource()
+    result = super.getArgumentList().getALocalSource()
   }
 
   /**
@@ -42,7 +38,7 @@ private class CommandCall extends DataFlow::InvokeNode {
   /**
    * Gets the data-flow node (if it exists) for an options argument for an `exec`-like call.
    */
-  DataFlow::Node getOptionsArg() { result = command.getOptionsArg() }
+  DataFlow::Node getOptionsArg() { result = super.getOptionsArg() }
 
   /**
    * Gets the constant-string parts that are not part of the command itself.
@@ -99,7 +95,6 @@ private string getConstantStringParts(DataFlow::Node node) {
  */
 class UselessCat extends CommandCall {
   UselessCat() {
-    this = command and
     this.isACallTo(getACatExecuteable()) and
     // There is a file to read, it's not just spawning `cat`.
     not (
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll
deleted file mode 100644
index 43a56b14dbc..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `BrokenCryptoAlgorithmQuery` instead. */
-
-import javascript
-private import BrokenCryptoAlgorithmQuery as BrokenCryptoAlgorithmQuery // ignore-query-import
-
-/** DEPRECATED. Import `BrokenCryptoAlgorithmQuery` instead. */
-deprecated module BrokenCryptoAlgorithm = BrokenCryptoAlgorithmQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeak.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeak.qll
deleted file mode 100644
index f4853263d63..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeak.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `BuildArtifactLeakQuery` instead. */
-
-import javascript
-private import BuildArtifactLeakQuery as BuildArtifactLeakQuery // ignore-query-import
-
-/** DEPRECATED. Import `BuildArtifactLeakQuery` instead. */
-deprecated module BuildArtifactLeak = BuildArtifactLeakQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLogging.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLogging.qll
deleted file mode 100644
index 40f18772fb3..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLogging.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `CleartextLoggingQuery` instead. */
-
-import javascript
-private import CleartextLoggingQuery as CleartextLoggingQuery // ignore-query-import
-
-/** DEPRECATED. Import `CleartextLoggingQuery` instead. */
-deprecated module CleartextLogging = CleartextLoggingQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorage.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorage.qll
deleted file mode 100644
index ac6bc090d66..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorage.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `CleartextStorageQuery` instead. */
-
-import javascript
-private import CleartextStorageQuery as CleartextStorageQuery // ignore-query-import
-
-/** DEPRECATED. Import `CleartextStorageQuery` instead. */
-deprecated module CleartextStorage = CleartextStorageQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
index d158e4b0cac..1d57fdb50fd 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
@@ -40,9 +40,7 @@ module CleartextStorage {
   }
 
   /** A call to any function whose name suggests that it encodes or encrypts its arguments. */
-  class ProtectSanitizer extends Sanitizer {
-    ProtectSanitizer() { this instanceof ProtectCall }
-  }
+  class ProtectSanitizer extends Sanitizer instanceof ProtectCall { }
 
   /**
    * An expression set as a value on a cookie instance.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll
deleted file mode 100644
index 744646e168c..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `ClientSideUrlRedirectQuery` instead. */
-
-import javascript
-import UrlConcatenation
-private import ClientSideUrlRedirectQuery as ClientSideUrlRedirectQuery // ignore-query-import
-
-/** DEPRECATED. Import `ClientSideUrlRedirectQuery` instead. */
-deprecated module ClientSideUrlRedirect = ClientSideUrlRedirectQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
index 4c6ad8b0ee9..98d85d88741 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -39,11 +39,8 @@ module ClientSideUrlRedirect {
   }
 
   /** A source of remote user input, considered as a flow source for unvalidated URL redirects. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() {
-      this instanceof RemoteFlowSource and
-      not this.(ClientSideRemoteFlowSource).getKind().isPath()
-    }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
+    RemoteFlowSourceAsSource() { not this.(ClientSideRemoteFlowSource).getKind().isPath() }
 
     override DataFlow::FlowLabel getAFlowLabel() {
       if this.(ClientSideRemoteFlowSource).getKind().isUrl()
@@ -235,4 +232,8 @@ module ClientSideUrlRedirect {
       this = NextJS::nextRouter().getAMemberCall(["push", "replace"]).getArgument(0)
     }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("url-redirection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjection.qll
deleted file mode 100644
index 6c03cef6cd3..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `CodeInjectionQuery` instead. */
-
-import javascript
-private import CodeInjectionQuery as CodeInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `CodeInjectionQuery` instead. */
-deprecated module CodeInjection = CodeInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
index 0aa0241c780..3df4508ac72 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
@@ -34,9 +34,7 @@ module CodeInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for code injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An expression which may be interpreted as an AngularJS expression.
@@ -410,4 +408,8 @@ module CodeInjection {
 
   /** DEPRECATED: Alias for JsonStringifySanitizer */
   deprecated class JSONStringifySanitizer = JsonStringifySanitizer;
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("code-injection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjection.qll
deleted file mode 100644
index b424c3695e1..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `CommandInjectionQuery` instead. */
-
-import javascript
-private import CommandInjectionQuery as CommandInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `CommandInjectionQuery` instead. */
-deprecated module CommandInjection = CommandInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
index f0f6b17dce0..fee201c1d05 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
@@ -26,11 +26,8 @@ module CommandInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for command injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() {
-      this instanceof RemoteFlowSource and
-      not this instanceof ClientSideRemoteFlowSource
-    }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
+    RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
 
     override string getSourceType() { result = "a user-provided value" }
   }
@@ -50,4 +47,8 @@ module CommandInjection {
   class SystemCommandExecutionSink extends Sink, DataFlow::ValueNode {
     SystemCommandExecutionSink() { this = any(SystemCommandExecution sys).getACommandArgument() }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("command-line-injection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypass.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypass.qll
deleted file mode 100644
index 54f1e9418fc..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypass.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ConditionalBypassQuery` instead. */
-
-import javascript
-private import ConditionalBypassQuery as ConditionalBypassQuery // ignore-query-import
-
-/** DEPRECATED. Import `ConditionalBypassQuery` instead. */
-deprecated module ConditionalBypass = ConditionalBypassQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassCustomizations.qll
index 3d455f6070f..224615c1e8f 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassCustomizations.qll
@@ -32,9 +32,7 @@ module ConditionalBypass {
    * A source of remote user input, considered as a flow source for bypass of
    * sensitive action guards.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * Holds if `bb` dominates the basic block in which `action` occurs.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll
deleted file mode 100644
index 06a6378e8ef..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `CorsMisconfigurationForCredentialsQuery` instead. */
-
-import javascript
-private import CorsMisconfigurationForCredentialsQuery as CorsMisconfigurationForCredentialsQuery // ignore-query-import
-
-/** DEPRECATED. Import `CorsMisconfigurationForCredentialsQuery` instead. */
-deprecated module CorsMisconfigurationForCredentials = CorsMisconfigurationForCredentialsQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
index 79868ea9989..690bc61e14b 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
@@ -28,11 +28,8 @@ module CorsMisconfigurationForCredentials {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for CORS misconfiguration. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() {
-      this instanceof RemoteFlowSource and
-      not this instanceof ClientSideRemoteFlowSource
-    }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
+    RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustion.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustion.qll
deleted file mode 100644
index 82d9f4156a5..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustion.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `DeepObjectResourceExhaustionQuery` instead. */
-
-import javascript
-import semmle.javascript.security.TaintedObject
-private import DeepObjectResourceExhaustionQuery as DeepObjectResourceExhaustionQuery // ignore-query-import
-
-/** DEPRECATED. Import `DeepObjectResourceExhaustionQuery` instead. */
-deprecated module DeepObjectResourceExhaustion = DeepObjectResourceExhaustionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll
index 52b3874c8cc..baa62720717 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll
@@ -19,15 +19,11 @@ module DeepObjectResourceExhaustion {
     DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
   }
 
-  private class TaintedObjectSourceAsSource extends Source {
-    TaintedObjectSourceAsSource() { this instanceof TaintedObject::Source }
-
+  private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source {
     override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
   }
 
-  private class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-
+  private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
     override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypass.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypass.qll
deleted file mode 100644
index e28dc5e34f1..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypass.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `DifferentKindsComparisonBypassQuery` instead. */
-
-import javascript
-private import DifferentKindsComparisonBypassQuery as DifferentKindsComparisonBypassQuery // ignore-query-import
-
-/** DEPRECATED. Import `DifferentKindsComparisonBypassQuery` instead. */
-deprecated module DifferentKindsComparisonBypass = DifferentKindsComparisonBypassQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassCustomizations.qll
index 956fe352854..ad1748d6f9f 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassCustomizations.qll
@@ -30,19 +30,15 @@ module DifferentKindsComparisonBypass {
   /**
    * A HTTP request input that is suspicious to compare with another HTTP request input of a different kind.
    */
-  class RequestInputComparisonSource extends Source {
-    Http::RequestInputAccess input;
-
-    RequestInputComparisonSource() { input = this }
-
+  class RequestInputComparisonSource extends Source instanceof Http::RequestInputAccess {
     override predicate isSuspiciousToCompareWith(Source other) {
-      input.getKind() != other.(RequestInputComparisonSource).getInput().getKind()
+      super.getKind() != other.(RequestInputComparisonSource).getInput().getKind()
     }
 
     /**
      * Gets the HTTP request input of this source.
      */
-    private Http::RequestInputAccess getInput() { result = input }
+    private Http::RequestInputAccess getInput() { result = this }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXss.qll
deleted file mode 100644
index 9a687eb06a0..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXss.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `DomBasedXssQuery` instead. */
-
-import javascript
-private import DomBasedXssQuery as DomBasedXssQuery // ignore-query-import
-
-/** DEPRECATED. Import `DomBasedXssQuery` instead. */
-deprecated module DomBasedXss = DomBasedXssQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
index 18230c92037..9ee8feeb074 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
@@ -318,9 +318,7 @@ module DomBasedXss {
   }
 
   /** A source of remote user input, considered as a flow source for DOM-based XSS. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A flow-label representing tainted values where the prefix is attacker controlled.
@@ -342,4 +340,8 @@ module DomBasedXss {
       outcome = super.getPolarity()
     }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("html-injection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
index e8c1a144920..2f920f59604 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
@@ -8,11 +8,6 @@ private import semmle.javascript.security.TaintedUrlSuffix
 import DomBasedXssCustomizations::DomBasedXss
 private import Xss::Shared as Shared
 
-/**
- * DEPRECATED. Use `Vue::VHtmlSourceWrite` instead.
- */
-deprecated class VHtmlSourceWrite = Vue::VHtmlSourceWrite;
-
 /** DEPRECATED. Use `Configuration`. */
 deprecated class HtmlInjectionConfiguration = Configuration;
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXss.qll
deleted file mode 100644
index 7f133319438..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXss.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ExceptionXssQuery` instead. */
-
-import javascript
-private import ExceptionXssQuery as ExceptionXssQuery // ignore-query-import
-
-/** DEPRECATED. Import `ExceptionXssQuery` instead. */
-deprecated module ExceptionXss = ExceptionXssQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll
index 2418962ef65..20a710a9da6 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll
@@ -42,9 +42,7 @@ module ExceptionXss {
     NotYetThrown() { this = "NotYetThrown" }
   }
 
-  private class XssSourceAsSource extends Source {
-    XssSourceAsSource() { this instanceof Shared::Source }
-
+  private class XssSourceAsSource extends Source instanceof Shared::Source {
     override DataFlow::FlowLabel getAFlowLabel() { result instanceof NotYetThrown }
 
     override string getDescription() { result = "Exception text" }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
index 785677488e4..f17eab628ff 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
@@ -55,9 +55,7 @@ module ExternalApiUsedWithUntrustedData {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
-  private class RemoteFlowAsSource extends Source {
-    RemoteFlowAsSource() { this instanceof RemoteFlowSource }
-  }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A package name whose entire API is considered "safe" for the purpose of this query.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
index 15c538113a1..c6b2f27b9a9 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
@@ -59,9 +59,7 @@ class Configuration extends TaintTracking::Configuration {
 }
 
 /** A node representing data being passed to an external API. */
-class ExternalApiDataNode extends DataFlow::Node {
-  ExternalApiDataNode() { this instanceof Sink }
-}
+class ExternalApiDataNode extends DataFlow::Node instanceof Sink { }
 
 /** DEPRECATED: Alias for ExternalApiDataNode */
 deprecated class ExternalAPIDataNode = ExternalApiDataNode;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttp.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttp.qll
deleted file mode 100644
index 7b6e88d0669..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttp.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `FileAccessToHttpQuery` instead. */
-
-import javascript
-private import FileAccessToHttpQuery as FileAccessToHttpQuery // ignore-query-import
-
-/** DEPRECATED. Import `FileAccessToHttpQuery` instead. */
-deprecated module FileAccessToHttp = FileAccessToHttpQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentials.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentials.qll
deleted file mode 100644
index 9fabc93d9ac..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentials.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `HardcodedCredentialsQuery` instead. */
-
-import javascript
-private import HardcodedCredentialsQuery as HardcodedCredentialsQuery // ignore-query-import
-
-/** DEPRECATED. Import `HardcodedCredentialsQuery` instead. */
-deprecated module HardcodedCredentials = HardcodedCredentialsQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCode.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCode.qll
deleted file mode 100644
index e1ca461183a..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCode.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `HardcodedDataInterpretedAsCodeQuery` instead. */
-
-import javascript
-private import HardcodedDataInterpretedAsCodeQuery as HardcodedDataInterpretedAsCodeQuery // ignore-query-import
-
-/** DEPRECATED. Import `HardcodedDataInterpretedAsCodeQuery` instead. */
-deprecated module HardcodedDataInterpretedAsCode = HardcodedDataInterpretedAsCodeQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll
index 2d12f60552e..14d2c8fc148 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll
@@ -49,9 +49,7 @@ module HardcodedDataInterpretedAsCode {
   /**
    * A code injection sink; hard-coded data should not flow here.
    */
-  private class DefaultCodeInjectionSink extends Sink {
-    DefaultCodeInjectionSink() { this instanceof CodeInjection::Sink }
-
+  private class DefaultCodeInjectionSink extends Sink instanceof CodeInjection::Sink {
     override DataFlow::FlowLabel getLabel() { result.isTaint() }
 
     override string getKind() { result = "Code" }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGeneration.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGeneration.qll
deleted file mode 100644
index 18f90400e3d..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGeneration.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `HostHeaderPoisoningInEmailGenerationQuery` instead. */
-
-import javascript
-private import HostHeaderPoisoningInEmailGenerationQuery as HostHeaderPoisoningInEmailGenerationQuery // ignore-query-import
-
-/** DEPRECATED. Import `HostHeaderPoisoningInEmailGenerationQuery` instead. */
-deprecated module HostHeaderPoisoningInEmailGeneration = HostHeaderPoisoningInEmailGenerationQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccess.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccess.qll
deleted file mode 100644
index 0569ba0e692..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccess.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `HttpToFileAccessQuery` instead. */
-
-import javascript
-private import HttpToFileAccessQuery as HttpToFileAccessQuery // ignore-query-import
-
-/** DEPRECATED. Import `HttpToFileAccessQuery` instead. */
-deprecated module HttpToFileAccess = HttpToFileAccessQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessSpecific.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessSpecific.qll
index 7ed38fdf3f2..2b44de07a4c 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessSpecific.qll
@@ -8,9 +8,7 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess
 /**
  * An access to a user-controlled HTTP request input, considered as a flow source for writing user-controlled data to files
  */
-private class RequestInputAccessAsSource extends Source {
-  RequestInputAccessAsSource() { this instanceof Http::RequestInputAccess }
-}
+private class RequestInputAccessAsSource extends Source instanceof Http::RequestInputAccess { }
 
 /** A response from a server, considered as a flow source for writing user-controlled data to files. */
 private class ServerResponseAsSource extends Source {
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitization.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitization.qll
deleted file mode 100644
index 7b221c4edb5..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitization.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ImproperCodeSanitizationQuery` instead. */
-
-import javascript
-private import ImproperCodeSanitizationQuery as ImproperCodeSanitizationQuery // ignore-query-import
-
-/** DEPRECATED. Import `ImproperCodeSanitizationQuery` instead. */
-deprecated module ImproperCodeSanitization = ImproperCodeSanitizationQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll
index d6e6baa71bf..8968360d636 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll
@@ -28,16 +28,12 @@ module ImproperCodeSanitization {
   /**
    * A call to an HTML sanitizer seen as a source for improper code sanitization
    */
-  class HtmlSanitizerCallAsSource extends Source {
-    HtmlSanitizerCallAsSource() { this instanceof HtmlSanitizerCall }
-  }
+  class HtmlSanitizerCallAsSource extends Source instanceof HtmlSanitizerCall { }
 
   /**
    * A call to `JSON.stringify()` seen as a source for improper code sanitization
    */
-  class JsonStringifyAsSource extends Source {
-    JsonStringifyAsSource() { this instanceof JsonStringifyCall }
-  }
+  class JsonStringifyAsSource extends Source instanceof JsonStringifyCall { }
 
   /** DEPRECATED: Alias for JsonStringifyAsSource */
   deprecated class JSONStringifyAsSource = JsonStringifyAsSource;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitization.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitization.qll
deleted file mode 100644
index f036a3388df..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitization.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `IncompleteHtmlAttributeSanitizationQuery` instead. */
-
-import javascript
-private import IncompleteHtmlAttributeSanitizationQuery as IncompleteHtmlAttributeSanitizationQuery // ignore-query-import
-
-/** DEPRECATED. Import `IncompleteHtmlAttributeSanitizationQuery` instead. */
-deprecated module IncompleteHtmlAttributeSanitization = IncompleteHtmlAttributeSanitizationQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjection.qll
deleted file mode 100644
index 64e24b9ceba..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `IndirectCommandInjectionQuery` instead. */
-
-import javascript
-private import IndirectCommandInjectionQuery as IndirectCommandInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `IndirectCommandInjectionQuery` instead. */
-deprecated module IndirectCommandInjection = IndirectCommandInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
index 108ce5d8e62..eed346d8d0b 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
@@ -25,8 +25,7 @@ module IndirectCommandInjection {
   /**
    * A source of user input from the command-line, considered as a flow source for command injection.
    */
-  private class CommandLineArgumentsArrayAsSource extends Source {
-    CommandLineArgumentsArrayAsSource() { this instanceof CommandLineArgumentsArray }
+  private class CommandLineArgumentsArrayAsSource extends Source instanceof CommandLineArgumentsArray {
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownload.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownload.qll
deleted file mode 100644
index 83c1d179243..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownload.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `InsecureDownloadQuery` instead. */
-
-import javascript
-private import InsecureDownloadQuery as InsecureDownloadQuery // ignore-query-import
-
-/** DEPRECATED. Import `InsecureDownloadQuery` instead. */
-deprecated module InsecureDownload = InsecureDownloadQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomness.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomness.qll
deleted file mode 100644
index 2672d48bee7..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomness.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `InsecureRandomnessQuery` instead. */
-
-import javascript
-private import InsecureRandomnessQuery as InsecureRandomnessQuery // ignore-query-import
-
-/** DEPRECATED. Import `InsecureRandomnessQuery` instead. */
-deprecated module InsecureRandomness = InsecureRandomnessQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessCustomizations.qll
index 37c5998df5f..d40e3a510c7 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessCustomizations.qll
@@ -78,17 +78,13 @@ module InsecureRandomness {
    * A sensitive write, considered as a sink for random values that are not cryptographically
    * secure.
    */
-  class SensitiveWriteSink extends Sink {
-    SensitiveWriteSink() { this instanceof SensitiveWrite }
-  }
+  class SensitiveWriteSink extends Sink instanceof SensitiveWrite { }
 
   /**
    * A cryptographic key, considered as a sink for random values that are not cryptographically
    * secure.
    */
-  class CryptoKeySink extends Sink {
-    CryptoKeySink() { this instanceof CryptographicKey }
-  }
+  class CryptoKeySink extends Sink instanceof CryptographicKey { }
 
   /**
    * Holds if the step `pred` -> `succ` is an additional taint-step for random values that are not cryptographically secure.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll
deleted file mode 100644
index f3d814e3601..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `InsufficientPasswordHashQuery` instead. */
-
-import javascript
-private import InsufficientPasswordHashQuery as InsufficientPasswordHashQuery // ignore-query-import
-
-/** DEPRECATED. Import `InsufficientPasswordHashQuery` instead. */
-deprecated module InsufficientPasswordHash = InsufficientPasswordHashQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjection.qll
deleted file mode 100644
index 95dec6e87fd..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `LogInjectionQuery` instead. */
-
-import javascript
-private import LogInjectionQuery as LogInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `LogInjectionQuery` instead. */
-deprecated module LogInjection = LogInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
index 2cdfc2ed9f7..cfae5b83409 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
@@ -35,10 +35,8 @@ class LogInjectionConfiguration extends TaintTracking::Configuration {
 /**
  * A source of remote user controlled input.
  */
-class RemoteSource extends Source {
-  RemoteSource() {
-    this instanceof RemoteFlowSource and not this instanceof ClientSideRemoteFlowSource
-  }
+class RemoteSource extends Source instanceof RemoteFlowSource {
+  RemoteSource() { not this instanceof ClientSideRemoteFlowSource }
 }
 
 /**
@@ -60,9 +58,7 @@ class StringReplaceSanitizer extends Sanitizer {
 /**
  * A call to an HTML sanitizer is considered to sanitize the user input.
  */
-class HtmlSanitizer extends Sanitizer {
-  HtmlSanitizer() { this instanceof HtmlSanitizerCall }
-}
+class HtmlSanitizer extends Sanitizer instanceof HtmlSanitizerCall { }
 
 /**
  * A call to `JSON.stringify` or similar, seen as sanitizing log output.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjection.qll
deleted file mode 100644
index ab65fb9705e..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjection.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `LoopBoundInjectionQuery` instead. */
-
-import javascript
-import semmle.javascript.security.TaintedObject
-private import LoopBoundInjectionQuery as LoopBoundInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `LoopBoundInjectionQuery` instead. */
-deprecated module LoopBoundInjection = LoopBoundInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll
index 2142d468b90..81f78fbfd47 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll
@@ -122,10 +122,10 @@ module LoopBoundInjection {
         "flattenDeep", "flattenDepth", "initial", "intersection", "intersectionBy",
         "intersectionWith", "join", "remove", "reverse", "slice", "sortedUniq", "sortedUniqBy",
         "tail", "union", "unionBy", "unionWith", "uniqBy", "unzip", "unzipWith", "without", "zip",
-        "zipObject", "zipObjectDeep", "zipWith", "countBy", "each", "forEach", "eachRight",
-        "forEachRight", "filter", "find", "findLast", "flatMap", "flatMapDeep", "flatMapDepth",
-        "forEach", "forEachRight", "groupBy", "invokeMap", "keyBy", "map", "orderBy", "partition",
-        "reduce", "reduceRight", "reject", "sortBy"
+        "zipObject", "zipObjectDeep", "zipWith", "countBy", "each", "eachRight", "forEachRight",
+        "filter", "find", "findLast", "flatMap", "flatMapDeep", "flatMapDepth", "forEach",
+        "groupBy", "invokeMap", "keyBy", "map", "orderBy", "partition", "reduce", "reduceRight",
+        "reject", "sortBy"
       ]
   }
 
@@ -169,9 +169,7 @@ module LoopBoundInjection {
   /**
    * A source of remote user input objects.
    */
-  class TaintedObjectSource extends Source {
-    TaintedObjectSource() { this instanceof TaintedObject::Source }
-  }
+  class TaintedObjectSource extends Source instanceof TaintedObject::Source { }
 
   /**
    * A sanitizer that blocks taint flow if the array is checked to be an array using an `isArray` function.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
index 7d3958d83d8..1eff7fd335e 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
@@ -80,30 +80,22 @@ abstract class ExpensiveAction extends DataFlow::Node {
 }
 
 /** A call to an authorization function, considered as an expensive action. */
-class AuthorizationCallAsExpensiveAction extends ExpensiveAction {
-  AuthorizationCallAsExpensiveAction() { this instanceof AuthorizationCall }
-
+class AuthorizationCallAsExpensiveAction extends ExpensiveAction instanceof AuthorizationCall {
   override string describe() { result = "authorization" }
 }
 
 /** A file system access, considered as an expensive action. */
-class FileSystemAccessAsExpensiveAction extends ExpensiveAction {
-  FileSystemAccessAsExpensiveAction() { this instanceof FileSystemAccess }
-
+class FileSystemAccessAsExpensiveAction extends ExpensiveAction instanceof FileSystemAccess {
   override string describe() { result = "a file system access" }
 }
 
 /** A system command execution, considered as an expensive action. */
-class SystemCommandExecutionAsExpensiveAction extends ExpensiveAction {
-  SystemCommandExecutionAsExpensiveAction() { this instanceof SystemCommandExecution }
-
+class SystemCommandExecutionAsExpensiveAction extends ExpensiveAction instanceof SystemCommandExecution {
   override string describe() { result = "a system command" }
 }
 
 /** A database access, considered as an expensive action. */
-class DatabaseAccessAsExpensiveAction extends ExpensiveAction {
-  DatabaseAccessAsExpensiveAction() { this instanceof DatabaseAccess }
-
+class DatabaseAccessAsExpensiveAction extends ExpensiveAction instanceof DatabaseAccess {
   override string describe() { result = "a database access" }
 }
 
@@ -208,8 +200,7 @@ class RateLimiterFlexibleRateLimiter extends DataFlow::FunctionNode {
 /**
  * A route-handler expression that is rate-limited by the `rate-limiter-flexible` package.
  */
-class RouteHandlerLimitedByRateLimiterFlexible extends RateLimitingMiddleware {
-  RouteHandlerLimitedByRateLimiterFlexible() { this instanceof RateLimiterFlexibleRateLimiter }
+class RouteHandlerLimitedByRateLimiterFlexible extends RateLimitingMiddleware instanceof RateLimiterFlexibleRateLimiter {
 }
 
 private class FastifyRateLimiter extends RateLimitingMiddleware {
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjection.qll
deleted file mode 100644
index 8534cad9a7e..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjection.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `NosqlInjectionQuery` instead. */
-
-import javascript
-import semmle.javascript.security.TaintedObject
-private import NosqlInjectionQuery as NosqlInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `NosqlInjectionQuery` instead. */
-deprecated module NosqlInjection = NosqlInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll
index 50dd7fc0053..988cb59a6e7 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll
@@ -31,9 +31,7 @@ module NosqlInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for NoSql injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /** An expression interpreted as a NoSql query, viewed as a sink. */
   class NosqlQuerySink extends Sink instanceof NoSql::Query { }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStar.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStar.qll
deleted file mode 100644
index 392466f32ab..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStar.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `PostMessageStarQuery` instead. */
-
-import javascript
-private import PostMessageStarQuery as PostMessageStarQuery // ignore-query-import
-
-/** DEPRECATED. Import `PostMessageStarQuery` instead. */
-deprecated module PostMessageStar = PostMessageStarQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll
index b35d564bcaf..736e47daaf6 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll
@@ -44,9 +44,7 @@ module PostMessageStar {
   class SensitiveExprSource extends Source instanceof SensitiveNode { }
 
   /** A call to any function whose name suggests that it encodes or encrypts its arguments. */
-  class ProtectSanitizer extends Sanitizer {
-    ProtectSanitizer() { this instanceof ProtectCall }
-  }
+  class ProtectSanitizer extends Sanitizer instanceof ProtectCall { }
 
   /**
    * An expression sent using `postMessage` without restricting the target window origin.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignment.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignment.qll
deleted file mode 100644
index 6663d74e91a..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignment.qll
+++ /dev/null
@@ -1,6 +0,0 @@
-/** DEPRECATED. Import `PrototypePollutingAssignmentQuery` instead. */
-
-private import PrototypePollutingAssignmentQuery as PrototypePollutingAssignmentQuery // ignore-query-import
-
-/** DEPRECATED. Import `PrototypePollutingAssignmentQuery` instead. */
-deprecated module PrototypePollutingAssignment = PrototypePollutingAssignmentQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll
index 2a35489aa93..656c7bb3849 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll
@@ -57,9 +57,7 @@ module PrototypePollutingAssignment {
   }
 
   /** A remote flow source or location.{hash,search} as a taint source. */
-  private class DefaultSource extends Source {
-    DefaultSource() { this instanceof RemoteFlowSource }
-
+  private class DefaultSource extends Source instanceof RemoteFlowSource {
     override string describe() { result = "user controlled input" }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollution.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollution.qll
deleted file mode 100644
index 7783a551775..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollution.qll
+++ /dev/null
@@ -1,10 +0,0 @@
-/** DEPRECATED. Import `PrototypePollutionQuery` instead. */
-
-import javascript
-import semmle.javascript.security.TaintedObject
-import semmle.javascript.dependencies.Dependencies
-import semmle.javascript.dependencies.SemVer
-private import PrototypePollutionQuery as PrototypePollutionQuery // ignore-query-import
-
-/** DEPRECATED. Import `PrototypePollutionQuery` instead. */
-deprecated module PrototypePollution = PrototypePollutionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll
index 162246dcf23..bd233e33ae1 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll
@@ -68,18 +68,14 @@ module PrototypePollution {
    * Note that values from this type of source will need to flow through a `JSON.parse` call
    * in order to be flagged for prototype pollution.
    */
-  private class RemoteFlowAsSource extends Source {
-    RemoteFlowAsSource() { this instanceof RemoteFlowSource }
-
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource {
     override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() }
   }
 
   /**
    * A source of user-controlled objects.
    */
-  private class TaintedObjectSource extends Source {
-    TaintedObjectSource() { this instanceof TaintedObject::Source }
-
+  private class TaintedObjectSource extends Source instanceof TaintedObject::Source {
     override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXss.qll
deleted file mode 100644
index 92ffd84fdda..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXss.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ReflectedXssQuery` instead. */
-
-import javascript
-private import ReflectedXssQuery as ReflectedXssQuery // ignore-query-import
-
-/** DEPRECATED. Import `ReflectedXssQuery` instead. */
-deprecated module ReflectedXss = ReflectedXssQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
index 8343da9f5a5..a91f21f7c23 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
@@ -150,4 +150,8 @@ module ReflectedXss {
       this.(Http::RequestHeaderAccess).getAHeaderName() = "referer"
     }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("html-injection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjection.qll
deleted file mode 100644
index c1a27c66354..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `RegExpInjectionQuery` instead. */
-
-import javascript
-private import RegExpInjectionQuery as RegExpInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `RegExpInjectionQuery` instead. */
-deprecated module RegExpInjection = RegExpInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
index e4555bb5ca8..ab9f3d90e02 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
@@ -26,11 +26,8 @@ module RegExpInjection {
    * A source of remote user input, considered as a flow source for regular
    * expression injection.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() {
-      this instanceof RemoteFlowSource and
-      not this instanceof ClientSideRemoteFlowSource
-    }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
+    RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjection.qll
deleted file mode 100644
index f19b02fdcb3..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `RemotePropertyInjectionQuery` instead. */
-
-import javascript
-private import RemotePropertyInjectionQuery as RemotePropertyInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `RemotePropertyInjectionQuery` instead. */
-deprecated module RemotePropertyInjection = RemotePropertyInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll
index 8af60e6e529..8923946f831 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll
@@ -34,9 +34,7 @@ module RemotePropertyInjection {
    * A source of remote user input, considered as a flow source for remote property
    * injection.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A sink for property writes with dynamically computed property name.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgery.qll
deleted file mode 100644
index a4612bf360d..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgery.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `RequestForgeryQuery` instead. */
-
-import javascript
-import UrlConcatenation
-private import RequestForgeryQuery as RequestForgeryQuery // ignore-query-import
-
-/** DEPRECATED. Import `RequestForgeryQuery` instead. */
-deprecated module RequestForgery = RequestForgeryQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
index 519ecd1c23f..29b015e09d6 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
@@ -73,4 +73,12 @@ module RequestForgery {
       pred = url.getArgument(0)
     )
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("request-forgery").asSink() }
+
+    override DataFlow::Node getARequest() { result = this }
+
+    override string getKind() { result = "endpoint" }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll
index eb3fac4e860..fc10cd30c71 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll
@@ -12,7 +12,7 @@ import SecondOrderCommandInjectionCustomizations::SecondOrderCommandInjection
 private import semmle.javascript.security.TaintedObject
 
 /**
- * A taint-tracking configuration for reasoning about command-injection vulnerabilities.
+ * A taint-tracking configuration for reasoning about second order command-injection vulnerabilities.
  */
 class Configuration extends TaintTracking::Configuration {
   Configuration() { this = "SecondOrderCommandInjection" }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll
deleted file mode 100644
index 25d27e77f2f..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll
+++ /dev/null
@@ -1,9 +0,0 @@
-/** DEPRECATED. Import `ServerSideUrlRedirectQuery` instead. */
-
-import javascript
-import RemoteFlowSources
-import UrlConcatenation
-private import ServerSideUrlRedirectQuery as ServerSideUrlRedirectQuery // ignore-query-import
-
-/** DEPRECATED. Import `ServerSideUrlRedirectQuery` instead. */
-deprecated module ServerSideUrlRedirect = ServerSideUrlRedirectQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll
index c15dbc2ecf8..55815717e98 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll
@@ -62,4 +62,8 @@ module ServerSideUrlRedirect {
       )
     }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("url-redirection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironment.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironment.qll
deleted file mode 100644
index af1c0e7a574..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironment.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ShellCommandInjectionFromEnvironmentQuery` instead. */
-
-import javascript
-private import ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironmentQuery // ignore-query-import
-
-/** DEPRECATED. Import `ShellCommandInjectionFromEnvironmentQuery` instead. */
-deprecated module ShellCommandInjectionFromEnvironment = ShellCommandInjectionFromEnvironmentQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentCustomizations.qll
index 178c396ad8c..87d7d340afd 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentCustomizations.qll
@@ -27,9 +27,7 @@ module ShellCommandInjectionFromEnvironment {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** An file name from the local file system, considered as a flow source for command injection. */
-  class FileNameSourceAsSource extends Source {
-    FileNameSourceAsSource() { this instanceof FileNameSource }
-
+  class FileNameSourceAsSource extends Source instanceof FileNameSource {
     override string getSourceType() { result = "file name" }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjection.qll
deleted file mode 100644
index 32b0d80669b..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `SqlInjectionQuery` instead. */
-
-import javascript
-private import SqlInjectionQuery as SqlInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `SqlInjectionQuery` instead. */
-deprecated module SqlInjection = SqlInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll
index dd6f5d79ac8..96dc5978708 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll
@@ -23,9 +23,7 @@ module SqlInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for string based query injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /** An SQL expression passed to an API call that executes SQL. */
   class SqlInjectionExprSink extends Sink instanceof SQL::SqlString { }
@@ -36,9 +34,7 @@ module SqlInjection {
   }
 
   /** An GraphQL expression passed to an API call that executes GraphQL. */
-  class GraphqlInjectionSink extends Sink {
-    GraphqlInjectionSink() { this instanceof GraphQL::GraphQLString }
-  }
+  class GraphqlInjectionSink extends Sink instanceof GraphQL::GraphQLString { }
 
   /**
    * An LDAPjs sink.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposure.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposure.qll
deleted file mode 100644
index 4211c6fd633..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposure.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `StackTraceExposureQuery` instead. */
-
-import javascript
-private import StackTraceExposureQuery as StackTraceExposureQuery // ignore-query-import
-
-/** DEPRECATED. Import `StackTraceExposureQuery` instead. */
-deprecated module StackTraceExposure = StackTraceExposureQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXss.qll
deleted file mode 100644
index 65536440bcb..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXss.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `StoredXssQuery` instead. */
-
-import javascript
-private import StoredXssQuery as StoredXssQuery // ignore-query-import
-
-/** DEPRECATED. Import `StoredXssQuery` instead. */
-deprecated module StoredXss = StoredXssQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll
index 6e50de8332b..2aa5b444f5b 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll
@@ -27,13 +27,10 @@ module StoredXss {
   }
 
   /** A file name, considered as a flow source for stored XSS. */
-  class FileNameSourceAsSource extends Source {
-    FileNameSourceAsSource() { this instanceof FileNameSource }
-  }
+  class FileNameSourceAsSource extends Source instanceof FileNameSource { }
 
   /** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */
-  class UserControlledTorrentInfoAsSource extends Source {
-    UserControlledTorrentInfoAsSource() { this instanceof ParseTorrent::UserControlledTorrentInfo }
+  class UserControlledTorrentInfoAsSource extends Source instanceof ParseTorrent::UserControlledTorrentInfo {
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatString.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatString.qll
deleted file mode 100644
index a0660580206..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatString.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `TaintedFormatStringQuery` instead. */
-
-import javascript
-import semmle.javascript.security.dataflow.DOM
-private import TaintedFormatStringQuery as TaintedFormatStringQuery // ignore-query-import
-
-/** DEPRECATED. Import `TaintedFormatStringQuery` instead. */
-deprecated module TaintedFormatString = TaintedFormatStringQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPath.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPath.qll
deleted file mode 100644
index ffd7d320684..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPath.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `TaintedPathQuery` instead. */
-
-import javascript
-private import TaintedPathQuery as TaintedPathQuery // ignore-query-import
-
-/** DEPRECATED. Import `TaintedPathQuery` instead. */
-deprecated module TaintedPath = TaintedPathQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
index c463b1d3ecb..35507981569 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -345,21 +345,16 @@ module TaintedPath {
    *
    * This is relevant for paths that are known to be normalized.
    */
-  class StartsWithDotDotSanitizer extends BarrierGuardNode {
-    StringOps::StartsWith startsWith;
-
-    StartsWithDotDotSanitizer() {
-      this = startsWith and
-      isDotDotSlashPrefix(startsWith.getSubstring())
-    }
+  class StartsWithDotDotSanitizer extends BarrierGuardNode instanceof StringOps::StartsWith {
+    StartsWithDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) }
 
     override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) {
       // Sanitize in the false case for:
       //   .startsWith(".")
       //   .startsWith("..")
       //   .startsWith("../")
-      outcome = startsWith.getPolarity().booleanNot() and
-      e = startsWith.getBaseString().asExpr() and
+      outcome = super.getPolarity().booleanNot() and
+      e = super.getBaseString().asExpr() and
       exists(Label::PosixPath posixPath | posixPath = label |
         posixPath.isNormalized() and
         posixPath.isRelative()
@@ -946,4 +941,8 @@ module TaintedPath {
       )
     )
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("path-injection").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjection.qll
deleted file mode 100644
index 37f3721d600..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjection.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `TemplateObjectInjectionQuery` instead. */
-
-import javascript
-private import TemplateObjectInjectionQuery as TemplateObjectInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `TemplateObjectInjectionQuery` instead. */
-deprecated module TemplateObjectInjection = TemplateObjectInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll
index 6191c389873..c0499be7d2e 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll
@@ -30,15 +30,11 @@ module TemplateObjectInjection {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
-  private class TaintedObjectSourceAsSource extends Source {
-    TaintedObjectSourceAsSource() { this instanceof TaintedObject::Source }
-
+  private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source {
     override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
   }
 
-  private class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-
+  private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
     override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
deleted file mode 100644
index 44744e0efa3..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `TypeConfusionThroughParameterTamperingQuery` instead. */
-
-import javascript
-private import TypeConfusionThroughParameterTamperingQuery as TypeConfusionThroughParameterTamperingQuery // ignore-query-import
-
-/** DEPRECATED. Import `TypeConfusionThroughParameterTamperingQuery` instead. */
-deprecated module TypeConfusionThroughParameterTampering =
-  TypeConfusionThroughParameterTamperingQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserialization.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserialization.qll
deleted file mode 100644
index 4b1fd4b58ea..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserialization.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `UnsafeDeserializationQuery` instead. */
-
-import javascript
-private import UnsafeDeserializationQuery as UnsafeDeserializationQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnsafeDeserializationQuery` instead. */
-deprecated module UnsafeDeserialization = UnsafeDeserializationQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll
index 995e7e14411..a234a2d8829 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll
@@ -23,9 +23,7 @@ module UnsafeDeserialization {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for unsafe deserialization. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An expression passed to one of the unsafe load functions of the `js-yaml` package.
@@ -49,4 +47,8 @@ module UnsafeDeserialization {
       )
     }
   }
+
+  private class SinkFromModel extends Sink {
+    SinkFromModel() { this = ModelOutput::getASinkNode("unsafe-deserialization").asSink() }
+  }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
deleted file mode 100644
index c38bb4cdeb8..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `UnsafeDynamicMethodAccessQuery` instead. */
-
-import javascript
-import PropertyInjectionShared
-private import UnsafeDynamicMethodAccessQuery as UnsafeDynamicMethodAccessQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnsafeDynamicMethodAccessQuery` instead. */
-deprecated module UnsafeDynamicMethodAccess = UnsafeDynamicMethodAccessQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
index 9fed42d5bdd..ec365b7d4b2 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
@@ -54,9 +54,7 @@ module UnsafeDynamicMethodAccess {
   /**
    * A source of remote user input, considered as a source for unsafe dynamic method access.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A function invocation of an unsafe function, as a sink for remote unsafe dynamic method access.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstruction.qll
deleted file mode 100644
index 8617d3e8724..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstruction.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `UnsafeHtmlConstructionQuery` instead. */
-
-import javascript
-private import UnsafeHtmlConstructionQuery as UnsafeHtmlConstructionQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnsafeHtmlConstructionQuery` instead. */
-deprecated module UnsafeHtmlConstruction = UnsafeHtmlConstructionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll
deleted file mode 100644
index 634b7d917aa..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `UnsafeJQueryPluginQuery` instead. */
-
-import javascript
-import semmle.javascript.security.dataflow.Xss
-private import UnsafeJQueryPluginQuery as UnsafeJQueryPluginQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnsafeJQueryPluginQuery` instead. */
-deprecated module UnsafeJQueryPlugin = UnsafeJQueryPluginQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
index 19d5988ae80..b2c62449ab4 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
@@ -175,10 +175,8 @@ module UnsafeJQueryPlugin {
   /**
    * An argument that may act as an HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins.
    */
-  class AmbiguousHtmlOrSelectorArgumentAsSink extends Sink {
-    AmbiguousHtmlOrSelectorArgumentAsSink() {
-      this instanceof AmbiguousHtmlOrSelectorArgument and not isLikelyIntentionalHtmlSink(this)
-    }
+  class AmbiguousHtmlOrSelectorArgumentAsSink extends Sink instanceof AmbiguousHtmlOrSelectorArgument {
+    AmbiguousHtmlOrSelectorArgumentAsSink() { not isLikelyIntentionalHtmlSink(this) }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll
deleted file mode 100644
index 7e9470a7334..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `UnsafeShellCommandConstructionQuery` instead. */
-
-import javascript
-private import UnsafeShellCommandConstructionQuery as UnsafeShellCommandConstructionQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnsafeShellCommandConstructionQuery` instead. */
-deprecated module UnsafeShellCommandConstruction = UnsafeShellCommandConstructionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
index 0b4923de179..ca6920db466 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
@@ -156,14 +156,9 @@ module UnsafeShellCommandConstruction {
   }
 
   /**
-   * Gets a node that ends up in an array that is ultimately executed as a shell script by `sys`.
+   * Holds if the arguments array given to `sys` is joined as a string because `shell` is set to true.
    */
-  private DataFlow::SourceNode endsInShellExecutedArray(
-    DataFlow::TypeBackTracker t, SystemCommandExecution sys
-  ) {
-    t.start() and
-    result = sys.getArgumentList().getALocalSource() and
-    // the array gets joined to a string when `shell` is set to true.
+  predicate executesArrayAsShell(SystemCommandExecution sys) {
     sys.getOptionsArg()
         .getALocalSource()
         .getAPropertyWrite("shell")
@@ -171,6 +166,17 @@ module UnsafeShellCommandConstruction {
         .asExpr()
         .(BooleanLiteral)
         .getValue() = "true"
+  }
+
+  /**
+   * Gets a node that ends up in an array that is ultimately executed as a shell script by `sys`.
+   */
+  private DataFlow::SourceNode endsInShellExecutedArray(
+    DataFlow::TypeBackTracker t, SystemCommandExecution sys
+  ) {
+    t.start() and
+    result = sys.getArgumentList().getALocalSource() and
+    executesArrayAsShell(sys)
     or
     exists(DataFlow::TypeBackTracker t2 |
       result = endsInShellExecutedArray(t2, sys).backtrack(t2, t)
@@ -193,6 +199,10 @@ module UnsafeShellCommandConstruction {
         or
         this = arr.getAMethodCall(["push", "unshift"]).getAnArgument()
       )
+      or
+      this = sys.getArgumentList() and
+      not this instanceof DataFlow::ArrayCreationNode and
+      executesArrayAsShell(sys)
     }
 
     override string getSinkType() { result = "shell argument" }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
deleted file mode 100644
index f5af520e0d7..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
+++ /dev/null
@@ -1,9 +0,0 @@
-/** DEPRECATED. Import `UnvalidatedDynamicMethodCallQuery` instead. */
-
-import javascript
-import semmle.javascript.frameworks.Express
-import PropertyInjectionShared
-private import UnvalidatedDynamicMethodCallQuery as UnvalidatedDynamicMethodCallQuery // ignore-query-import
-
-/** DEPRECATED. Import `UnvalidatedDynamicMethodCallQuery` instead. */
-deprecated module UnvalidatedDynamicMethodCall = UnvalidatedDynamicMethodCallQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
index 2353cf68c50..704bd4a94a5 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
@@ -60,9 +60,7 @@ module UnvalidatedDynamicMethodCall {
   /**
    * A source of remote user input, considered as a source for unvalidated dynamic method calls.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * The page URL considered as a flow source for unvalidated dynamic method calls.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBomb.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBomb.qll
deleted file mode 100644
index 45615a92000..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBomb.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `XmlBombQuery` instead. */
-
-import javascript
-private import XmlBombQuery as XmlBombQuery // ignore-query-import
-
-/** DEPRECATED. Import `XmlBombQuery` instead. */
-deprecated module XmlBomb = XmlBombQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombCustomizations.qll
index 7d9755ca7a5..9e031fb19fb 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombCustomizations.qll
@@ -24,9 +24,7 @@ module XmlBomb {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for XML bomb vulnerabilities. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An access to `document.location`, considered as a flow source for XML bomb vulnerabilities.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjection.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjection.qll
deleted file mode 100644
index 15f5413a620..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjection.qll
+++ /dev/null
@@ -1,8 +0,0 @@
-/** DEPRECATED. Import `XpathInjectionQuery` instead. */
-
-import javascript
-import semmle.javascript.security.dataflow.DOM
-private import XpathInjectionQuery as XpathInjectionQuery // ignore-query-import
-
-/** DEPRECATED. Import `XpathInjectionQuery` instead. */
-deprecated module XpathInjection = XpathInjectionQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionCustomizations.qll
index 14b423f7d42..6eb3f12d16a 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionCustomizations.qll
@@ -24,9 +24,7 @@ module XpathInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for XPath injection. */
-  class RemoteSource extends Source {
-    RemoteSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * The `expression` argument to `xpath.parse` or `xpath.select` (and similar) from
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDom.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDom.qll
deleted file mode 100644
index 0d3096d5c1b..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDom.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `XssThroughDomQuery` instead. */
-
-import javascript
-private import XssThroughDomQuery as XssThroughDomQuery // ignore-query-import
-
-/** DEPRECATED. Import `XssThroughDomQuery` instead. */
-deprecated module XssThroughDom = XssThroughDomQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xxe.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xxe.qll
deleted file mode 100644
index 5275c96bada..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xxe.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `XxeQuery` instead. */
-
-import javascript
-private import XxeQuery as XxeQuery // ignore-query-import
-
-/** DEPRECATED. Import `XxeQuery` instead. */
-deprecated module Xxe = XxeQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeCustomizations.qll
index 0b54c3bf301..9a225e8f2e4 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeCustomizations.qll
@@ -24,9 +24,7 @@ module Xxe {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for XXE vulnerabilities. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An access to `document.location`, considered as a flow source for XXE vulnerabilities.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlip.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlip.qll
deleted file mode 100644
index cc3fd8a2f27..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlip.qll
+++ /dev/null
@@ -1,7 +0,0 @@
-/** DEPRECATED. Import `ZipSlipQuery` instead. */
-
-import javascript
-private import ZipSlipQuery as ZipSlipQuery // ignore-query-import
-
-/** DEPRECATED. Import `ZipSlipQuery` instead. */
-deprecated module ZipSlip = ZipSlipQuery;
diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll
index 8edb433b202..65b120d21cf 100644
--- a/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll
@@ -1,4 +1,4 @@
 /** DEPRECATED. Import `semmle.javascript.security.regexp.ExponentialBackTracking` instead. */
 
-deprecated import semmle.javascript.security.regexp.ExponentialBackTracking as Dep
+deprecated private import semmle.javascript.security.regexp.ExponentialBackTracking as Dep
 import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll
index 96a6ef67188..e1c70e5ac53 100644
--- a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll
@@ -1,4 +1,4 @@
 /** DEPRECATED. Import `semmle.javascript.security.regexp.PolynomialReDoSCustomizations` instead. */
 
-deprecated import semmle.javascript.security.regexp.PolynomialReDoSCustomizations as Dep
+deprecated private import semmle.javascript.security.regexp.PolynomialReDoSCustomizations as Dep
 import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll
index 42e6270bf18..952e0eda722 100644
--- a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll
+++ b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll
@@ -1,4 +1,4 @@
 /** DEPRECATED. Import `semmle.javascript.security.regexp.NfaUtils` instead. */
 
-deprecated import semmle.javascript.security.regexp.NfaUtils as Dep
+deprecated private import semmle.javascript.security.regexp.NfaUtils as Dep
 import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll
index 11bdab67bd5..ee36f03b116 100644
--- a/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll
@@ -1,4 +1,4 @@
 /** DEPRECATED. Import `semmle.javascript.security.regexp.SuperlinearBackTracking` instead. */
 
-deprecated import semmle.javascript.security.regexp.SuperlinearBackTracking as Dep
+deprecated private import semmle.javascript.security.regexp.SuperlinearBackTracking as Dep
 import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
index 4a608890249..aa0cd6b3e69 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
@@ -62,284 +62,7 @@
  *     a suffix `x` (possible empty) that is most likely __not__ accepted.
  */
 
-import NfaUtils
-
-/**
- * Holds if state `s` might be inside a backtracking repetition.
- */
-pragma[noinline]
-private predicate stateInsideBacktracking(State s) {
-  s.getRepr().getParent*() instanceof MaybeBacktrackingRepetition
-}
-
-/**
- * A infinitely repeating quantifier that might backtrack.
- */
-private class MaybeBacktrackingRepetition extends InfiniteRepetitionQuantifier {
-  MaybeBacktrackingRepetition() {
-    exists(RegExpTerm child |
-      child instanceof RegExpAlt or
-      child instanceof RegExpQuantifier
-    |
-      child.getParent+() = this
-    )
-  }
-}
-
-/**
- * A state in the product automaton.
- */
-private newtype TStatePair =
-  /**
-   * We lazily only construct those states that we are actually
-   * going to need: `(q, q)` for every fork state `q`, and any
-   * pair of states that can be reached from a pair that we have
-   * already constructed. To cut down on the number of states,
-   * we only represent states `(q1, q2)` where `q1` is lexicographically
-   * no bigger than `q2`.
-   *
-   * States are only constructed if both states in the pair are
-   * inside a repetition that might backtrack.
-   */
-  MkStatePair(State q1, State q2) {
-    isFork(q1, _, _, _, _) and q2 = q1
-    or
-    (step(_, _, _, q1, q2) or step(_, _, _, q2, q1)) and
-    rankState(q1) <= rankState(q2)
-  }
-
-/**
- * Gets a unique number for a `state`.
- * Is used to create an ordering of states, where states with the same `toString()` will be ordered differently.
- */
-private int rankState(State state) {
-  state =
-    rank[result](State s, Location l |
-      stateInsideBacktracking(s) and
-      l = s.getRepr().getLocation()
-    |
-      s order by l.getStartLine(), l.getStartColumn(), s.toString()
-    )
-}
-
-/**
- * A state in the product automaton.
- */
-private class StatePair extends TStatePair {
-  State q1;
-  State q2;
-
-  StatePair() { this = MkStatePair(q1, q2) }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "(" + q1 + ", " + q2 + ")" }
-
-  /** Gets the first component of the state pair. */
-  State getLeft() { result = q1 }
-
-  /** Gets the second component of the state pair. */
-  State getRight() { result = q2 }
-}
-
-/**
- * Holds for `(fork, fork)` state pairs when `isFork(fork, _, _, _, _)` holds.
- *
- * Used in `statePairDistToFork`
- */
-private predicate isStatePairFork(StatePair p) {
-  exists(State fork | p = MkStatePair(fork, fork) and isFork(fork, _, _, _, _))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r`.
- *
- * Used in `statePairDistToFork`
- */
-private predicate reverseStep(StatePair r, StatePair q) { step(q, _, _, r) }
-
-/**
- * Gets the minimum length of a path from `q` to `r` in the
- * product automaton.
- */
-private int statePairDistToFork(StatePair q, StatePair r) =
-  shortestDistances(isStatePairFork/1, reverseStep/2)(r, q, result)
-
-/**
- * Holds if there are transitions from `q` to `r1` and from `q` to `r2`
- * labelled with `s1` and `s2`, respectively, where `s1` and `s2` do not
- * trivially have an empty intersection.
- *
- * This predicate only holds for states associated with regular expressions
- * that have at least one repetition quantifier in them (otherwise the
- * expression cannot be vulnerable to ReDoS attacks anyway).
- */
-pragma[noopt]
-private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  stateInsideBacktracking(q) and
-  exists(State q1, State q2 |
-    q1 = epsilonSucc*(q) and
-    delta(q1, s1, r1) and
-    q2 = epsilonSucc*(q) and
-    delta(q2, s2, r2) and
-    // Use pragma[noopt] to prevent intersect(s1,s2) from being the starting point of the join.
-    // From (s1,s2) it would find a huge number of intermediate state pairs (q1,q2) originating from different literals,
-    // and discover at the end that no `q` can reach both `q1` and `q2` by epsilon transitions.
-    exists(intersect(s1, s2))
-  |
-    s1 != s2
-    or
-    r1 != r2
-    or
-    r1 = r2 and q1 != q2
-    or
-    // If q can reach itself by epsilon transitions, then there are two distinct paths to the q1/q2 state:
-    // one that uses the loop and one that doesn't. The engine will separately attempt to match with each path,
-    // despite ending in the same state. The "fork" thus arises from the choice of whether to use the loop or not.
-    // To avoid every state in the loop becoming a fork state,
-    // we arbitrarily pick the InfiniteRepetitionQuantifier state as the canonical fork state for the loop
-    // (every epsilon-loop must contain such a state).
-    //
-    // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
-    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
-    // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
-    r1 = r2 and
-    q1 = q2 and
-    epsilonSucc+(q) = q and
-    exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and
-    // One of the mid states is an infinite quantifier itself
-    exists(State mid, RegExpTerm term |
-      mid = epsilonSucc+(q) and
-      term = mid.getRepr() and
-      term instanceof InfiniteRepetitionQuantifier and
-      q = epsilonSucc+(mid) and
-      not mid = q
-    )
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-/**
- * Gets the state pair `(q1, q2)` or `(q2, q1)`; note that only
- * one or the other is defined.
- */
-private StatePair mkStatePair(State q1, State q2) {
-  result = MkStatePair(q1, q2) or result = MkStatePair(q2, q1)
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1` and `s2`, respectively.
- */
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, StatePair r) {
-  exists(State r1, State r2 | step(q, s1, s2, r1, r2) and r = mkStatePair(r1, r2))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1` and `r2`
- * labelled with `s1` and `s2`, respectively.
- *
- * We only consider transitions where the resulting states `(r1, r2)` are both
- * inside a repetition that might backtrack.
- */
-pragma[noopt]
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  exists(State q1, State q2 | q.getLeft() = q1 and q.getRight() = q2 |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    // use noopt to force the join on `intersect` to happen last.
-    exists(intersect(s1, s2))
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, TTrace t) { isReachableFromFork(_, _, s1, s2, t, _) }
-
-/**
- * A list of pairs of input symbols that describe a path in the product automaton
- * starting from some fork state.
- */
-private class Trace extends TTrace {
-  /** Gets a textual representation of this element. */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, Trace t | this = Step(s1, s2, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if `r` is reachable from `(fork, fork)` under input `w`, and there is
- * a path from `r` back to `(fork, fork)` with `rem` steps.
- */
-private predicate isReachableFromFork(State fork, StatePair r, Trace w, int rem) {
-  exists(InputSymbol s1, InputSymbol s2, Trace v |
-    isReachableFromFork(fork, r, s1, s2, v, rem) and
-    w = Step(s1, s2, v)
-  )
-}
-
-private predicate isReachableFromFork(
-  State fork, StatePair r, InputSymbol s1, InputSymbol s2, Trace v, int rem
-) {
-  // base case
-  exists(State q1, State q2 |
-    isFork(fork, s1, s2, q1, q2) and
-    r = MkStatePair(q1, q2) and
-    v = Nil() and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-  or
-  // recursive case
-  exists(StatePair p |
-    isReachableFromFork(fork, p, v, rem + 1) and
-    step(p, s1, s2, r) and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-}
-
-/**
- * Gets a state in the product automaton from which `(fork, fork)` is
- * reachable in zero or more epsilon transitions.
- */
-private StatePair getAForkPair(State fork) {
-  isFork(fork, _, _, _, _) and
-  result = MkStatePair(epsilonPred*(fork), epsilonPred*(fork))
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, result) }
-
-  /** Holds if `n` is a trace that is used by `concretize` in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State f | isReachableFromFork(f, getAForkPair(f), n, _))
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2 | t = Step(s1, s2, _) | result = intersect(s1, s2))
-  }
-}
-
-/**
- * Holds if `fork` is a pumpable fork with word `w`.
- */
-private predicate isPumpable(State fork, string w) {
-  exists(StatePair q, Trace t |
-    isReachableFromFork(fork, q, t, _) and
-    q = getAForkPair(fork) and
-    w = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/** Holds if `state` has exponential ReDoS */
-predicate hasReDoSResult = ReDoSPruning<isPumpable/2>::hasReDoSResult/4;
+private import RegExpTreeView::RegExpTreeView as TreeView
+// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
new file mode 100644
index 00000000000..c9853ce35f1
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
@@ -0,0 +1,18 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import javascript as JS
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeImpl
+private import semmle.javascript.Regexp as RegExp
+private import codeql.regex.HostnameRegexp as Shared
+
+/** An implementation of the signature that allows the Hostname analysis to run. */
+module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = JS::DataFlow::Node;
+
+  class RegExpPatternSource = RegExp::RegExpPatternSource;
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
index 5ff0cb6a39e..c2be46a244d 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
@@ -7,1332 +7,7 @@
  * other queries that benefit from reasoning about NFAs.
  */
 
-import NfaUtilsSpecific
-
-/**
- * Gets the char after `c` (from a simplified ASCII table).
- */
-private string nextChar(string c) { exists(int code | code = ascii(c) | code + 1 = ascii(result)) }
-
-/**
- * Gets an approximation for the ASCII code for `char`.
- * Only the easily printable chars are included (so no newline, tab, null, etc).
- */
-private int ascii(string char) {
-  char =
-    rank[result](string c |
-      c =
-        "! \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
-            .charAt(_)
-    )
-}
-
-/**
- * Holds if `t` matches at least an epsilon symbol.
- *
- * That is, this term does not restrict the language of the enclosing regular expression.
- *
- * This is implemented as an under-approximation, and this predicate does not hold for sub-patterns in particular.
- */
-predicate matchesEpsilon(RegExpTerm t) {
-  t instanceof RegExpStar
-  or
-  t instanceof RegExpOpt
-  or
-  t.(RegExpRange).getLowerBound() = 0
-  or
-  exists(RegExpTerm child |
-    child = t.getAChild() and
-    matchesEpsilon(child)
-  |
-    t instanceof RegExpAlt or
-    t instanceof RegExpGroup or
-    t instanceof RegExpPlus or
-    t instanceof RegExpRange
-  )
-  or
-  matchesEpsilon(t.(RegExpBackRef).getGroup())
-  or
-  forex(RegExpTerm child | child = t.(RegExpSequence).getAChild() | matchesEpsilon(child))
-}
-
-/**
- * A lookahead/lookbehind that matches the empty string.
- */
-class EmptyPositiveSubPattern extends RegExpSubPattern {
-  EmptyPositiveSubPattern() {
-    (
-      this instanceof RegExpPositiveLookahead
-      or
-      this instanceof RegExpPositiveLookbehind
-    ) and
-    matchesEpsilon(this.getOperand())
-  }
-}
-
-/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
-deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
-
-/**
- * A branch in a disjunction that is the root node in a literal, or a literal
- * whose root node is not a disjunction.
- */
-class RegExpRoot extends RegExpTerm {
-  RegExpRoot() {
-    exists(RegExpParent parent |
-      exists(RegExpAlt alt |
-        alt.isRootTerm() and
-        this = alt.getAChild() and
-        parent = alt.getParent()
-      )
-      or
-      this.isRootTerm() and
-      not this instanceof RegExpAlt and
-      parent = this.getParent()
-    )
-  }
-
-  /**
-   * Holds if this root term is relevant to the ReDoS analysis.
-   */
-  predicate isRelevant() {
-    // is actually used as a RegExp
-    this.isUsedAsRegExp() and
-    // not excluded for library specific reasons
-    not isExcluded(this.getRootTerm().getParent())
-  }
-}
-
-/**
- * A constant in a regular expression that represents valid Unicode character(s).
- */
-private class RegexpCharacterConstant extends RegExpConstant {
-  RegexpCharacterConstant() { this.isCharacter() }
-}
-
-/**
- * A regexp term that is relevant for this ReDoS analysis.
- */
-class RelevantRegExpTerm extends RegExpTerm {
-  RelevantRegExpTerm() { getRoot(this).isRelevant() }
-}
-
-/**
- * Holds if `term` is the chosen canonical representative for all terms with string representation `str`.
- * The string representation includes which flags are used with the regular expression.
- *
- * Using canonical representatives gives a huge performance boost when working with tuples containing multiple `InputSymbol`s.
- * The number of `InputSymbol`s is decreased by 3 orders of magnitude or more in some larger benchmarks.
- */
-private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
-  term =
-    min(RelevantRegExpTerm t, Location loc, File file |
-      loc = t.getLocation() and
-      file = t.getFile() and
-      str = getCanonicalizationString(t)
-    |
-      t order by t.getFile().getRelativePath(), loc.getStartLine(), loc.getStartColumn()
-    )
-}
-
-/**
- * Gets a string representation of `term` that is used for canonicalization.
- */
-private string getCanonicalizationString(RelevantRegExpTerm term) {
-  exists(string ignoreCase |
-    (if RegExpFlags::isIgnoreCase(term.getRootTerm()) then ignoreCase = "i" else ignoreCase = "") and
-    result = term.getRawValue() + "|" + ignoreCase
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-private newtype TInputSymbol =
-  /** An input symbol corresponding to character `c`. */
-  Char(string c) {
-    c =
-      any(RegexpCharacterConstant cc |
-        cc instanceof RelevantRegExpTerm and
-        not RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      ).getValue().charAt(_)
-    or
-    // normalize everything to lower case if the regexp is case insensitive
-    c =
-      any(RegexpCharacterConstant cc, string char |
-        cc instanceof RelevantRegExpTerm and
-        RegExpFlags::isIgnoreCase(cc.getRootTerm()) and
-        char = cc.getValue().charAt(_)
-      |
-        char.toLowerCase()
-      )
-  } or
-  /**
-   * An input symbol representing all characters matched by
-   * a (non-universal) character class that has string representation `charClassString`.
-   */
-  CharClass(string charClassString) {
-    exists(RelevantRegExpTerm recc | isCanonicalTerm(recc, charClassString) |
-      recc instanceof RegExpCharacterClass and
-      not recc.(RegExpCharacterClass).isUniversalClass()
-      or
-      isEscapeClass(recc, _)
-    )
-  } or
-  /** An input symbol representing all characters matched by `.`. */
-  Dot() or
-  /** An input symbol representing all characters. */
-  Any() or
-  /** An epsilon transition in the automaton. */
-  Epsilon()
-
-/**
- * Gets the the CharClass corresponding to the canonical representative `term`.
- */
-private CharClass getCharClassForCanonicalTerm(RegExpTerm term) {
-  exists(string str | isCanonicalTerm(term, str) | result = CharClass(str))
-}
-
-/**
- * Gets a char class that represents `term`, even when `term` is not the canonical representative.
- */
-CharacterClass getCanonicalCharClass(RegExpTerm term) {
-  exists(string str | str = getCanonicalizationString(term) and result = CharClass(str))
-}
-
-/**
- * Holds if `a` and `b` are input symbols from the same regexp.
- */
-private predicate sharesRoot(InputSymbol a, InputSymbol b) {
-  exists(RegExpRoot root |
-    belongsTo(a, root) and
-    belongsTo(b, root)
-  )
-}
-
-/**
- * Holds if the `a` is an input symbol from a regexp that has root `root`.
- */
-private predicate belongsTo(InputSymbol a, RegExpRoot root) {
-  exists(State s | getRoot(s.getRepr()) = root |
-    delta(s, a, _)
-    or
-    delta(_, a, s)
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-class InputSymbol extends TInputSymbol {
-  InputSymbol() { not this instanceof Epsilon }
-
-  /**
-   * Gets a string representation of this input symbol.
-   */
-  string toString() {
-    this = Char(result)
-    or
-    this = CharClass(result)
-    or
-    this = Dot() and result = "."
-    or
-    this = Any() and result = "[^]"
-  }
-}
-
-/**
- * An abstract input symbol that represents a character class.
- */
-abstract class CharacterClass extends InputSymbol {
-  /**
-   * Gets a character that is relevant for intersection-tests involving this
-   * character class.
-   *
-   * Specifically, this is any of the characters mentioned explicitly in the
-   * character class, offset by one if it is inverted. For character class escapes,
-   * the result is as if the class had been written out as a series of intervals.
-   *
-   * This set is large enough to ensure that for any two intersecting character
-   * classes, one contains a relevant character from the other.
-   */
-  abstract string getARelevantChar();
-
-  /**
-   * Holds if this character class matches `char`.
-   */
-  bindingset[char]
-  abstract predicate matches(string char);
-
-  /**
-   * Gets a character matched by this character class.
-   */
-  string choose() { result = this.getARelevantChar() and this.matches(result) }
-}
-
-/**
- * Provides implementations for `CharacterClass`.
- */
-private module CharacterClasses {
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatches(RegExpCharacterClass cc, string char) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then
-      // normalize everything to lower case if the regexp is case insensitive
-      exists(string c | hasChildThatMatchesIgnoringCasingFlags(cc, c) | char = c.toLowerCase())
-    else hasChildThatMatchesIgnoringCasingFlags(cc, char)
-  }
-
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   * Ignores whether the character class is inside a regular expression that has the ignore case flag.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatchesIgnoringCasingFlags(RegExpCharacterClass cc, string char) {
-    exists(getCharClassForCanonicalTerm(cc)) and
-    exists(RegExpTerm child | child = cc.getAChild() |
-      char = child.(RegexpCharacterConstant).getValue()
-      or
-      rangeMatchesOnLetterOrDigits(child, char)
-      or
-      not rangeMatchesOnLetterOrDigits(child, _) and
-      char = getARelevantChar() and
-      exists(string lo, string hi | child.(RegExpCharacterRange).isRange(lo, hi) |
-        lo <= char and
-        char <= hi
-      )
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        charClass.toLowerCase() = charClass and
-        classEscapeMatches(charClass, char)
-        or
-        char = getARelevantChar() and
-        charClass.toUpperCase() = charClass and
-        not classEscapeMatches(charClass, char)
-      )
-    )
-  }
-
-  /**
-   * Holds if `range` is a range on lower-case, upper-case, or digits, and matches `char`.
-   * This predicate is used to restrict the searchspace for ranges by only joining `getAnyPossiblyMatchedChar`
-   * on a few ranges.
-   */
-  private predicate rangeMatchesOnLetterOrDigits(RegExpCharacterRange range, string char) {
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = lowercaseLetter() and hi = lowercaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = lowercaseLetter()
-    )
-    or
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = upperCaseLetter() and hi = upperCaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = upperCaseLetter()
-    )
-    or
-    exists(string lo, string hi | range.isRange(lo, hi) and lo = digit() and hi = digit() |
-      lo <= char and
-      char <= hi and
-      char = digit()
-    )
-  }
-
-  private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }
-
-  private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }
-
-  private string digit() { result = [0 .. 9].toString() }
-
-  /**
-   * Gets a char that could be matched by a regular expression.
-   * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
-   */
-  string getARelevantChar() {
-    exists(ascii(result))
-    or
-    exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
-    or
-    classEscapeMatches(_, result)
-  }
-
-  /**
-   * Gets a char that is mentioned in the character class `c`.
-   */
-  private string getAMentionedChar(RegExpCharacterClass c) {
-    exists(RegExpTerm child | child = c.getAChild() |
-      result = child.(RegexpCharacterConstant).getValue()
-      or
-      child.(RegExpCharacterRange).isRange(result, _)
-      or
-      child.(RegExpCharacterRange).isRange(_, result)
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        result = min(string s | classEscapeMatches(charClass.toLowerCase(), s))
-        or
-        result = max(string s | classEscapeMatches(charClass.toLowerCase(), s))
-      )
-    )
-  }
-
-  bindingset[char, cc]
-  private string caseNormalize(string char, RegExpTerm cc) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then result = char.toLowerCase()
-    else result = char
-  }
-
-  /**
-   * An implementation of `CharacterClass` for positive (non inverted) character classes.
-   */
-  private class PositiveCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    PositiveCharacterClass() { this = getCharClassForCanonicalTerm(cc) and not cc.isInverted() }
-
-    override string getARelevantChar() { result = caseNormalize(getAMentionedChar(cc), cc) }
-
-    override predicate matches(string char) { hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for inverted character classes.
-   */
-  private class InvertedCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    InvertedCharacterClass() { this = getCharClassForCanonicalTerm(cc) and cc.isInverted() }
-
-    override string getARelevantChar() {
-      result = nextChar(caseNormalize(getAMentionedChar(cc), cc)) or
-      nextChar(result) = caseNormalize(getAMentionedChar(cc), cc)
-    }
-
-    bindingset[char]
-    override predicate matches(string char) { not hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * Holds if the character class escape `clazz` (\d, \s, or \w) matches `char`.
-   */
-  pragma[noinline]
-  private predicate classEscapeMatches(string clazz, string char) {
-    clazz = "d" and
-    char = "0123456789".charAt(_)
-    or
-    clazz = "s" and
-    char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f
-    or
-    clazz = "w" and
-    char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \d, \s, and \w.
-   */
-  private class PositiveCharacterClassEscape extends CharacterClass {
-    string charClass;
-    RegExpTerm cc;
-
-    PositiveCharacterClassEscape() {
-      isEscapeClass(cc, charClass) and
-      this = getCharClassForCanonicalTerm(cc) and
-      charClass = ["d", "s", "w"]
-    }
-
-    override string getARelevantChar() {
-      charClass = "d" and
-      result = ["0", "9"]
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      then result = ["a", "z", "_", "0", "9"]
-      else result = ["a", "Z", "_", "0", "9"]
-    }
-
-    override predicate matches(string char) { classEscapeMatches(charClass, char) }
-
-    override string choose() {
-      charClass = "d" and
-      result = "9"
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      result = "a"
-    }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \D, \S, and \W.
-   */
-  private class NegativeCharacterClassEscape extends CharacterClass {
-    string charClass;
-
-    NegativeCharacterClassEscape() {
-      exists(RegExpTerm cc |
-        isEscapeClass(cc, charClass) and
-        this = getCharClassForCanonicalTerm(cc) and
-        charClass = ["D", "S", "W"]
-      )
-    }
-
-    override string getARelevantChar() {
-      charClass = "D" and
-      result = ["a", "Z", "!"]
-      or
-      charClass = "S" and
-      result = ["a", "9", "!"]
-      or
-      charClass = "W" and
-      result = [" ", "!"]
-    }
-
-    bindingset[char]
-    override predicate matches(string char) {
-      not classEscapeMatches(charClass.toLowerCase(), char)
-    }
-  }
-
-  /** Gets a representative for all char classes that match the same chars as `c`. */
-  CharacterClass normalize(CharacterClass c) {
-    exists(string normalization |
-      normalization = getNormalizationString(c) and
-      result =
-        min(CharacterClass cc, string raw |
-          getNormalizationString(cc) = normalization and cc = CharClass(raw)
-        |
-          cc order by raw
-        )
-    )
-  }
-
-  /** Gets a string representing all the chars matched by `c` */
-  private string getNormalizationString(CharacterClass c) {
-    (c instanceof PositiveCharacterClass or c instanceof PositiveCharacterClassEscape) and
-    result = concat(string char | c.matches(char) and char = CharacterClasses::getARelevantChar())
-    or
-    (c instanceof InvertedCharacterClass or c instanceof NegativeCharacterClassEscape) and
-    // the string produced by the concat can not contain repeated chars
-    // so by starting the below with "nn" we can guarantee that
-    // it will not overlap with the above case.
-    // and a negative char class can never match the same chars as a positive one, so we don't miss any results from this.
-    result =
-      "nn:" +
-        concat(string char | not c.matches(char) and char = CharacterClasses::getARelevantChar())
-  }
-}
-
-private class EdgeLabel extends TInputSymbol {
-  string toString() {
-    this = Epsilon() and result = ""
-    or
-    exists(InputSymbol s | this = s and result = s.toString())
-  }
-}
-
-/**
- * A RegExp term that acts like a plus.
- * Either it's a RegExpPlus, or it is a range {1,X} where X is >= 30.
- * 30 has been chosen as a threshold because for exponential blowup 2^30 is enough to get a decent DOS attack.
- */
-private class EffectivelyPlus extends RegExpTerm {
-  EffectivelyPlus() {
-    this instanceof RegExpPlus
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 1 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a star.
- * Either it's a RegExpStar, or it is a range {0,X} where X is >= 30.
- */
-private class EffectivelyStar extends RegExpTerm {
-  EffectivelyStar() {
-    this instanceof RegExpStar
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 0 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a question mark.
- * Either it's a RegExpQuestion, or it is a range {0,1}.
- */
-private class EffectivelyQuestion extends RegExpTerm {
-  EffectivelyQuestion() {
-    this instanceof RegExpOpt
-    or
-    exists(RegExpRange range | range.getLowerBound() = 0 and range.getUpperBound() = 1 |
-      this = range
-    )
-  }
-}
-
-/**
- * Gets the state before matching `t`.
- */
-pragma[inline]
-private State before(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * Gets a state the NFA may be in after matching `t`.
- */
-State after(RegExpTerm t) {
-  exists(RegExpAlt alt | t = alt.getAChild() | result = after(alt))
-  or
-  exists(RegExpSequence seq, int i | t = seq.getChild(i) |
-    result = before(seq.getChild(i + 1))
-    or
-    i + 1 = seq.getNumChild() and result = after(seq)
-  )
-  or
-  exists(RegExpGroup grp | t = grp.getAChild() | result = after(grp))
-  or
-  exists(EffectivelyStar star | t = star.getAChild() |
-    not isPossessive(star) and
-    result = before(star)
-  )
-  or
-  exists(EffectivelyPlus plus | t = plus.getAChild() |
-    not isPossessive(plus) and
-    result = before(plus)
-    or
-    result = after(plus)
-  )
-  or
-  exists(EffectivelyQuestion opt | t = opt.getAChild() | result = after(opt))
-  or
-  exists(RegExpRoot root | t = root |
-    if matchesAnySuffix(root) then result = AcceptAnySuffix(root) else result = Accept(root)
-  )
-}
-
-/**
- * Holds if the NFA has a transition from `q1` to `q2` labelled with `lbl`.
- */
-predicate delta(State q1, EdgeLabel lbl, State q2) {
-  exists(RegexpCharacterConstant s, int i |
-    q1 = Match(s, i) and
-    (
-      not RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      lbl = Char(s.getValue().charAt(i))
-      or
-      // normalize everything to lower case if the regexp is case insensitive
-      RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      exists(string c | c = s.getValue().charAt(i) | lbl = Char(c.toLowerCase()))
-    ) and
-    (
-      q2 = Match(s, i + 1)
-      or
-      s.getValue().length() = i + 1 and
-      q2 = after(s)
-    )
-  )
-  or
-  exists(RegExpDot dot | q1 = before(dot) and q2 = after(dot) |
-    if RegExpFlags::isDotAll(dot.getRootTerm()) then lbl = Any() else lbl = Dot()
-  )
-  or
-  exists(RegExpCharacterClass cc |
-    cc.isUniversalClass() and q1 = before(cc) and lbl = Any() and q2 = after(cc)
-    or
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpTerm cc | isEscapeClass(cc, _) |
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpAlt alt | lbl = Epsilon() | q1 = before(alt) and q2 = before(alt.getAChild()))
-  or
-  exists(RegExpSequence seq | lbl = Epsilon() | q1 = before(seq) and q2 = before(seq.getChild(0)))
-  or
-  exists(RegExpGroup grp | lbl = Epsilon() | q1 = before(grp) and q2 = before(grp.getChild(0)))
-  or
-  exists(EffectivelyStar star | lbl = Epsilon() |
-    q1 = before(star) and q2 = before(star.getChild(0))
-    or
-    q1 = before(star) and q2 = after(star)
-  )
-  or
-  exists(EffectivelyPlus plus | lbl = Epsilon() |
-    q1 = before(plus) and q2 = before(plus.getChild(0))
-  )
-  or
-  exists(EffectivelyQuestion opt | lbl = Epsilon() |
-    q1 = before(opt) and q2 = before(opt.getChild(0))
-    or
-    q1 = before(opt) and q2 = after(opt)
-  )
-  or
-  exists(RegExpRoot root | q1 = AcceptAnySuffix(root) |
-    lbl = Any() and q2 = q1
-    or
-    lbl = Epsilon() and q2 = Accept(root)
-  )
-  or
-  exists(RegExpRoot root | q1 = Match(root, 0) | matchesAnyPrefix(root) and lbl = Any() and q2 = q1)
-  or
-  exists(RegExpDollar dollar | q1 = before(dollar) |
-    lbl = Epsilon() and q2 = Accept(getRoot(dollar))
-  )
-  or
-  exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty))
-}
-
-/**
- * Gets a state that `q` has an epsilon transition to.
- */
-State epsilonSucc(State q) { delta(q, Epsilon(), result) }
-
-/**
- * Gets a state that has an epsilon transition to `q`.
- */
-State epsilonPred(State q) { q = epsilonSucc(result) }
-
-/**
- * Holds if there is a state `q` that can be reached from `q1`
- * along epsilon edges, such that there is a transition from
- * `q` to `q2` that consumes symbol `s`.
- */
-predicate deltaClosed(State q1, InputSymbol s, State q2) { delta(epsilonSucc*(q1), s, q2) }
-
-/**
- * Gets the root containing the given term, that is, the root of the literal,
- * or a branch of the root disjunction.
- */
-RegExpRoot getRoot(RegExpTerm term) {
-  result = term or
-  result = getRoot(term.getParent())
-}
-
-/**
- * A state in the NFA.
- */
-newtype TState =
-  /**
-   * A state representing that the NFA is about to match a term.
-   * `i` is used to index into multi-char literals.
-   */
-  Match(RelevantRegExpTerm t, int i) {
-    i = 0
-    or
-    exists(t.(RegexpCharacterConstant).getValue().charAt(i))
-  } or
-  /**
-   * An accept state, where exactly the given input string is accepted.
-   */
-  Accept(RegExpRoot l) { l.isRelevant() } or
-  /**
-   * An accept state, where the given input string, or any string that has this
-   * string as a prefix, is accepted.
-   */
-  AcceptAnySuffix(RegExpRoot l) { l.isRelevant() }
-
-/**
- * Gets a state that is about to match the regular expression `t`.
- */
-State mkMatch(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * A state in the NFA corresponding to a regular expression.
- *
- * Each regular expression literal `l` has one accepting state
- * `Accept(l)`, one state that accepts all suffixes `AcceptAnySuffix(l)`,
- * and a state `Match(t, i)` for every subterm `t`,
- * which represents the state of the NFA before starting to
- * match `t`, or the `i`th character in `t` if `t` is a constant.
- */
-class State extends TState {
-  RegExpTerm repr;
-
-  State() {
-    this = Match(repr, _) or
-    this = Accept(repr) or
-    this = AcceptAnySuffix(repr)
-  }
-
-  /**
-   * Gets a string representation for this state in a regular expression.
-   */
-  string toString() {
-    exists(int i | this = Match(repr, i) | result = "Match(" + repr + "," + i + ")")
-    or
-    this instanceof Accept and
-    result = "Accept(" + repr + ")"
-    or
-    this instanceof AcceptAnySuffix and
-    result = "AcceptAny(" + repr + ")"
-  }
-
-  /**
-   * Gets the location for this state.
-   */
-  Location getLocation() { result = repr.getLocation() }
-
-  /**
-   * Gets the term represented by this state.
-   */
-  RegExpTerm getRepr() { result = repr }
-}
-
-/**
- * Gets the minimum char that is matched by both the character classes `c` and `d`.
- */
-private string getMinOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  result = min(getAOverlapBetweenCharacterClasses(c, d))
-}
-
-/**
- * Gets a char that is matched by both the character classes `c` and `d`.
- * And `c` and `d` is not the same character class.
- */
-private string getAOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  sharesRoot(c, d) and
-  result = [c.getARelevantChar(), d.getARelevantChar()] and
-  c.matches(result) and
-  d.matches(result) and
-  not c = d
-}
-
-/**
- * Gets a character that is represented by both `c` and `d`.
- */
-string intersect(InputSymbol c, InputSymbol d) {
-  (sharesRoot(c, d) or [c, d] = Any()) and
-  (
-    c = Char(result) and
-    d = getAnInputSymbolMatching(result)
-    or
-    result = getMinOverlapBetweenCharacterClasses(c, d)
-    or
-    result = c.(CharacterClass).choose() and
-    (
-      d = c
-      or
-      d = Dot() and
-      not (result = "\n" or result = "\r")
-      or
-      d = Any()
-    )
-    or
-    (c = Dot() or c = Any()) and
-    (d = Dot() or d = Any()) and
-    result = "a"
-  )
-  or
-  result = intersect(d, c)
-}
-
-/**
- * Gets a symbol that matches `char`.
- */
-bindingset[char]
-InputSymbol getAnInputSymbolMatching(string char) {
-  result = Char(char)
-  or
-  result.(CharacterClass).matches(char)
-  or
-  result = Dot() and
-  not (char = "\n" or char = "\r")
-  or
-  result = Any()
-}
-
-/**
- * Holds if `state` is a start state.
- */
-predicate isStartState(State state) {
-  state = mkMatch(any(RegExpRoot r))
-  or
-  exists(RegExpCaret car | state = after(car))
-}
-
-/**
- * Holds if `state` is a candidate for ReDoS with string `pump`.
- */
-signature predicate isCandidateSig(State state, string pump);
-
-/**
- * Holds if `state` is a candidate for ReDoS.
- */
-signature predicate isCandidateSig(State state);
-
-/**
- * Predicates for constructing a prefix string that leads to a given state.
- */
-module PrefixConstruction<isCandidateSig/1 isCandidate> {
-  /**
-   * Holds if `state` is the textually last start state for the regular expression.
-   */
-  private predicate lastStartState(RelevantState state) {
-    exists(RegExpRoot root |
-      state =
-        max(RelevantState s, Location l |
-          isStartState(s) and
-          getRoot(s.getRepr()) = root and
-          l = s.getRepr().getLocation()
-        |
-          s
-          order by
-            l.getStartLine(), l.getStartColumn(), s.getRepr().toString(), l.getEndColumn(),
-            l.getEndLine()
-        )
-    )
-  }
-
-  /**
-   * Holds if there exists any transition (Epsilon() or other) from `a` to `b`.
-   */
-  private predicate existsTransition(State a, State b) { delta(a, _, b) }
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the `start` state.
-   */
-  int prefixLength(State start, State state) =
-    shortestDistances(lastStartState/1, existsTransition/2)(start, state, result)
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the start state.
-   */
-  private int lengthFromStart(State state) { result = prefixLength(_, state) }
-
-  /**
-   * Gets a string for which the regular expression will reach `state`.
-   *
-   * Has at most one result for any given `state`.
-   * This predicate will not always have a result even if there is a ReDoS issue in
-   * the regular expression.
-   */
-  string prefix(State state) {
-    lastStartState(state) and
-    result = ""
-    or
-    // the search stops past the last redos candidate state.
-    lengthFromStart(state) <= max(lengthFromStart(any(State s | isCandidate(s)))) and
-    exists(State prev |
-      // select a unique predecessor (by an arbitrary measure)
-      prev =
-        min(State s, Location loc |
-          lengthFromStart(s) = lengthFromStart(state) - 1 and
-          loc = s.getRepr().getLocation() and
-          delta(s, _, state)
-        |
-          s
-          order by
-            loc.getStartLine(), loc.getStartColumn(), loc.getEndLine(), loc.getEndColumn(),
-            s.getRepr().toString()
-        )
-    |
-      // greedy search for the shortest prefix
-      result = prefix(prev) and delta(prev, Epsilon(), state)
-      or
-      not delta(prev, Epsilon(), state) and
-      result = prefix(prev) + getCanonicalEdgeChar(prev, state)
-    )
-  }
-
-  /**
-   * Gets a canonical char for which there exists a transition from `prev` to `next` in the NFA.
-   */
-  private string getCanonicalEdgeChar(State prev, State next) {
-    result =
-      min(string c | delta(prev, any(InputSymbol symbol | c = intersect(Any(), symbol)), next))
-  }
-
-  /** A state within a regular expression that contains a candidate state. */
-  class RelevantState instanceof State {
-    RelevantState() {
-      exists(State s | isCandidate(s) | getRoot(s.getRepr()) = getRoot(this.getRepr()))
-    }
-
-    /** Gets a string representation for this state in a regular expression. */
-    string toString() { result = State.super.toString() }
-
-    /** Gets the term represented by this state. */
-    RegExpTerm getRepr() { result = State.super.getRepr() }
-  }
-}
-
-/**
- * A module for pruning candidate ReDoS states.
- * The candidates are specified by the `isCandidate` signature predicate.
- * The candidates are checked for rejecting suffixes and deduplicated,
- * and the resulting ReDoS states are read by the `hasReDoSResult` predicate.
- */
-module ReDoSPruning<isCandidateSig/2 isCandidate> {
-  /**
-   * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
-   * No check whether a rejected suffix exists has been made.
-   */
-  private predicate isReDoSCandidate(State state, string pump) {
-    isCandidate(state, pump) and
-    not state = acceptsAnySuffix() and // pruning early - these can never get stuck in a rejecting state.
-    (
-      not isCandidate(epsilonSucc+(state), _)
-      or
-      epsilonSucc+(state) = state and
-      state =
-        max(State s, Location l |
-          s = epsilonSucc+(state) and
-          l = s.getRepr().getLocation() and
-          isCandidate(s, _) and
-          s.getRepr() instanceof InfiniteRepetitionQuantifier
-        |
-          s order by l.getStartLine(), l.getStartColumn(), l.getEndColumn(), l.getEndLine()
-        )
-    )
-  }
-
-  /** Gets a state that can reach the `accept-any` state using only epsilon steps. */
-  private State acceptsAnySuffix() { epsilonSucc*(result) = AcceptAnySuffix(_) }
-
-  predicate isCandidateState(State s) { isReDoSCandidate(s, _) }
-
-  import PrefixConstruction<isCandidateState/1> as Prefix
-
-  class RelevantState = Prefix::RelevantState;
-
-  /**
-   * Predicates for testing the presence of a rejecting suffix.
-   *
-   * These predicates are used to ensure that the all states reached from the fork
-   * by repeating `w` have a rejecting suffix.
-   *
-   * For example, a regexp like `/^(a+)+/` will accept any string as long the prefix is
-   * some number of `"a"`s, and it is therefore not possible to construct a rejecting suffix.
-   *
-   * A regexp like `/(a+)+$/` or `/(a+)+b/` trivially has a rejecting suffix,
-   * as the suffix "X" will cause both the regular expressions to be rejected.
-   *
-   * The string `w` is repeated any number of times because it needs to be
-   * infinitely repeatable for the attack to work.
-   * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
-   * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
-   */
-  private module SuffixConstruction {
-    /**
-     * Holds if all states reachable from `fork` by repeating `w`
-     * are likely rejectable by appending some suffix.
-     */
-    predicate reachesOnlyRejectableSuffixes(State fork, string w) {
-      isReDoSCandidate(fork, w) and
-      forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
-      not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
-    }
-
-    /**
-     * Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
-     * This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
-     */
-    pragma[noinline]
-    private predicate isLikelyRejectable(RelevantState s) {
-      // exists a reject edge with some char.
-      hasRejectEdge(s)
-      or
-      hasEdgeToLikelyRejectable(s)
-      or
-      // stopping here is rejection
-      isRejectState(s)
-    }
-
-    /**
-     * Holds if `s` is not an accept state, and there is no epsilon transition to an accept state.
-     */
-    predicate isRejectState(RelevantState s) { not epsilonSucc*(s) = Accept(_) }
-
-    /**
-     * Holds if there is likely a non-empty suffix leading to rejection starting in `s`.
-     */
-    pragma[noopt]
-    predicate hasEdgeToLikelyRejectable(RelevantState s) {
-      // all edges (at least one) with some char leads to another state that is rejectable.
-      // the `next` states might not share a common suffix, which can cause FPs.
-      exists(string char | char = hasEdgeToLikelyRejectableHelper(s) |
-        // noopt to force `hasEdgeToLikelyRejectableHelper` to be first in the join-order.
-        exists(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next)) and
-        forall(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next))
-      )
-    }
-
-    /**
-     * Gets a char for there exists a transition away from `s`,
-     * and `s` has not been found to be rejectable by `hasRejectEdge` or `isRejectState`.
-     */
-    pragma[noinline]
-    private string hasEdgeToLikelyRejectableHelper(RelevantState s) {
-      not hasRejectEdge(s) and
-      not isRejectState(s) and
-      deltaClosedChar(s, result, _)
-    }
-
-    /**
-     * Holds if there is a state `next` that can be reached from `prev`
-     * along epsilon edges, such that there is a transition from
-     * `prev` to `next` that the character symbol `char`.
-     */
-    predicate deltaClosedChar(RelevantState prev, string char, RelevantState next) {
-      deltaClosed(prev, getAnInputSymbolMatchingRelevant(char), next)
-    }
-
-    pragma[noinline]
-    InputSymbol getAnInputSymbolMatchingRelevant(string char) {
-      char = relevant(_) and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    pragma[noinline]
-    RegExpRoot relevantRoot() {
-      exists(RegExpTerm term, State s |
-        s.getRepr() = term and isCandidateState(s) and result = term.getRootTerm()
-      )
-    }
-
-    /**
-     * Gets a char used for finding possible suffixes inside `root`.
-     */
-    pragma[noinline]
-    private string relevant(RegExpRoot root) {
-      root = relevantRoot() and
-      (
-        exists(ascii(result)) and exists(root)
-        or
-        exists(InputSymbol s | belongsTo(s, root) | result = intersect(s, _))
-        or
-        // The characters from `hasSimpleRejectEdge`. Only `\n` is really needed (as `\n` is not in the `ascii` relation).
-        // The three chars must be kept in sync with `hasSimpleRejectEdge`.
-        result = ["|", "\n", "Z"] and exists(root)
-      )
-    }
-
-    /**
-     * Holds if there exists a `char` such that there is no edge from `s` labeled `char` in our NFA.
-     * The NFA does not model reject states, so the above is the same as saying there is a reject edge.
-     */
-    private predicate hasRejectEdge(State s) {
-      hasSimpleRejectEdge(s)
-      or
-      not hasSimpleRejectEdge(s) and
-      exists(string char | char = relevant(getRoot(s.getRepr())) | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Holds if there is no edge from `s` labeled with "|", "\n", or "Z" in our NFA.
-     * This predicate is used as a cheap pre-processing to speed up `hasRejectEdge`.
-     */
-    private predicate hasSimpleRejectEdge(State s) {
-      // The three chars were chosen arbitrarily. The three chars must be kept in sync with `relevant`.
-      exists(string char | char = ["|", "\n", "Z"] | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i+1` characters of `w`.
-     */
-    pragma[noopt]
-    private State process(State fork, string w, int i) {
-      exists(State prev | prev = getProcessPrevious(fork, i, w) |
-        not prev = acceptsAnySuffix() and // we stop `process(..)` early if we can. If the successor accepts any suffix, then we know it can never be rejected.
-        exists(string char, InputSymbol sym |
-          char = w.charAt(i) and
-          deltaClosed(prev, sym, result) and
-          // noopt to prevent joining `prev` with all possible `chars` that could transition away from `prev`.
-          // Instead only join with the set of `chars` where a relevant `InputSymbol` has already been found.
-          sym = getAProcessInputSymbol(char)
-        )
-      )
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i` characters of `w`.
-     */
-    private State getProcessPrevious(State fork, int i, string w) {
-      isReDoSCandidate(fork, w) and
-      (
-        i = 0 and result = fork
-        or
-        result = process(fork, w, i - 1)
-        or
-        // repeat until fixpoint
-        i = 0 and
-        result = process(fork, w, w.length() - 1)
-      )
-    }
-
-    /**
-     * Gets an InputSymbol that matches `char`.
-     * The predicate is specialized to only have a result for the `char`s that are relevant for the `process` predicate.
-     */
-    private InputSymbol getAProcessInputSymbol(string char) {
-      char = getAProcessChar() and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    /**
-     * Gets a `char` that occurs in a `pump` string.
-     */
-    private string getAProcessChar() { result = any(string s | isReDoSCandidate(_, s)).charAt(_) }
-  }
-
-  /**
-   * Holds if `term` may cause superlinear backtracking on strings containing many repetitions of `pump`.
-   * Gets the shortest string that causes superlinear backtracking.
-   */
-  private predicate isReDoSAttackable(RegExpTerm term, string pump, State s) {
-    exists(int i, string c | s = Match(term, i) |
-      c =
-        min(string w |
-          isCandidate(s, w) and
-          SuffixConstruction::reachesOnlyRejectableSuffixes(s, w)
-        |
-          w order by w.length(), w
-        ) and
-      pump = escape(rotate(c, i))
-    )
-  }
-
-  /**
-   * Holds if the state `s` (represented by the term `t`) can have backtracking with repetitions of `pump`.
-   *
-   * `prefixMsg` contains a friendly message for a prefix that reaches `s` (or `prefixMsg` is the empty string if the prefix is empty or if no prefix could be found).
-   */
-  predicate hasReDoSResult(RegExpTerm t, string pump, State s, string prefixMsg) {
-    isReDoSAttackable(t, pump, s) and
-    (
-      prefixMsg = "starting with '" + escape(Prefix::prefix(s)) + "' and " and
-      not Prefix::prefix(s) = ""
-      or
-      Prefix::prefix(s) = "" and prefixMsg = ""
-      or
-      not exists(Prefix::prefix(s)) and prefixMsg = ""
-    )
-  }
-
-  /**
-   * Gets the result of backslash-escaping newlines, carriage-returns and
-   * backslashes in `s`.
-   */
-  bindingset[s]
-  private string escape(string s) {
-    result =
-      s.replaceAll("\\", "\\\\")
-          .replaceAll("\n", "\\n")
-          .replaceAll("\r", "\\r")
-          .replaceAll("\t", "\\t")
-  }
-
-  /**
-   * Gets `str` with the last `i` characters moved to the front.
-   *
-   * We use this to adjust the pump string to match with the beginning of
-   * a RegExpTerm, so it doesn't start in the middle of a constant.
-   */
-  bindingset[str, i]
-  private string rotate(string str, int i) {
-    result = str.suffix(str.length() - i) + str.prefix(str.length() - i)
-  }
-}
-
-/**
- * A module that describes a tree where each node has one or more associated characters, also known as a trie.
- * The root node has no associated character.
- * This module is a signature used in `Concretizer`.
- */
-signature module CharTree {
-  /** A node in the tree. */
-  class CharNode;
-
-  /** Gets the previous node in the tree from `t`. */
-  CharNode getPrev(CharNode t);
-
-  /**
-   * Holds if `n` is at the end of a tree. I.e. a node that should have a result in the `Concretizer` module.
-   * Such a node can still have children.
-   */
-  predicate isARelevantEnd(CharNode n);
-
-  /** Gets a char associated with `t`. */
-  string getChar(CharNode t);
-}
-
-/**
- * Implements an algorithm for computing all possible strings
- * from following a tree of nodes (as described in `CharTree`).
- *
- * The string is build using one big concat, where all the chars are computed first.
- * See `concretize`.
- */
-module Concretizer<CharTree Impl> {
-  private class Node = Impl::CharNode;
-
-  private predicate getPrev = Impl::getPrev/1;
-
-  private predicate isARelevantEnd = Impl::isARelevantEnd/1;
-
-  private predicate getChar = Impl::getChar/1;
-
-  /** Holds if `n` is on a path from the root to a leaf, and is therefore relevant for the results in `concretize`. */
-  private predicate isRelevant(Node n) {
-    isARelevantEnd(n)
-    or
-    exists(Node succ | isRelevant(succ) | n = getPrev(succ))
-  }
-
-  /** Holds if `n` is a root with no predecessors. */
-  private predicate isRoot(Node n) { not exists(getPrev(n)) }
-
-  /** Gets the distance from a root to `n`. */
-  private int nodeDepth(Node n) {
-    result = 0 and isRoot(n)
-    or
-    isRelevant(n) and
-    exists(Node prev | result = nodeDepth(prev) + 1 | prev = getPrev(n))
-  }
-
-  /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
-  private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }
-
-  /** Gets the `i`th character on the path from the root to `n`. */
-  pragma[noinline]
-  private string getPrefixChar(Node n, int i) {
-    exists(Node ancestor |
-      result = getChar(ancestor) and
-      ancestor = getAnAncestor(n) and
-      i = nodeDepth(ancestor)
-    )
-  }
-
-  /** Gets a string corresponding to `node`. */
-  language[monotonicAggregates]
-  string concretize(Node n) {
-    result = strictconcat(int i | exists(getPrefixChar(n, i)) | getPrefixChar(n, i) order by i)
-  }
-}
+private import RegExpTreeView::RegExpTreeView as TreeView
+// NfaUtils should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll
deleted file mode 100644
index b5abec6667a..00000000000
--- a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtilsSpecific.qll
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Provides JavaScript-specific definitions for use in the NfaUtils module.
- */
-
-import javascript
-
-/**
- * Holds if `term` is an escape class representing e.g. `\d`.
- * `clazz` is which character class it represents, e.g. "d" for `\d`.
- */
-predicate isEscapeClass(RegExpTerm term, string clazz) {
-  exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
-}
-
-/**
- * Holds if `term` is a possessive quantifier.
- * As javascript's regexes do not support possessive quantifiers, this never holds, but is used by the shared library.
- */
-predicate isPossessive(RegExpQuantifier term) { none() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
- * Not yet implemented for JavaScript.
- */
-predicate matchesAnyPrefix(RegExpTerm term) { any() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
- * Not yet implemented for JavaScript.
- */
-predicate matchesAnySuffix(RegExpTerm term) { any() }
-
-/**
- * Holds if the regular expression should not be considered.
- *
- * For javascript we make the pragmatic performance optimization to ignore minified files.
- */
-predicate isExcluded(RegExpParent parent) { parent.(Expr).getTopLevel().isMinified() }
-
-/**
- * A module containing predicates for determining which flags a regular expression have.
- */
-module RegExpFlags {
-  /**
-   * Holds if `root` has the `i` flag for case-insensitive matching.
-   */
-  predicate isIgnoreCase(RegExpTerm root) { RegExp::isIgnoreCase(getFlags(root)) }
-
-  /**
-   * Gets the flags for `root`, or the empty string if `root` has no flags.
-   */
-  string getFlags(RegExpTerm root) {
-    root.isRootTerm() and
-    exists(DataFlow::RegExpCreationNode node | node.getRoot() = root |
-      result = node.getFlags()
-      or
-      not exists(node.getFlags()) and
-      result = ""
-    )
-    or
-    exists(RegExpPatternSource source | source.getRegExpTerm() = root |
-      result = source.getARegExpObject().(DataFlow::RegExpCreationNode).getFlags()
-    )
-  }
-
-  /**
-   * Holds if `root` has the `s` flag for multi-line matching.
-   */
-  predicate isDotAll(RegExpTerm root) { RegExp::isDotAll(getFlags(root)) }
-}
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
index 87f9437196f..ba663ff8890 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
@@ -5,10 +5,12 @@
  */
 
 import javascript
-import SuperlinearBackTracking
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 
 /** Module containing sources, sinks, and sanitizers for polynomial regular expression denial-of-service attacks. */
 module PolynomialReDoS {
+  import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>
+
   /**
    * A data flow source node for polynomial regular expression denial-of-service vulnerabilities.
    */
@@ -90,7 +92,8 @@ module PolynomialReDoS {
         isCharClassLike(root)
       )
       or
-      this.(DataFlow::MethodCallNode).getMethodName() = StringOps::substringMethodName()
+      this.(DataFlow::MethodCallNode).getMethodName() = StringOps::substringMethodName() and
+      not this.(DataFlow::MethodCallNode).getNumArgument() = 1 // with one argument it just slices off the beginning
     }
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll b/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll
new file mode 100644
index 00000000000..d4440ed7db5
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll
@@ -0,0 +1,73 @@
+/**
+ * Provides JavaScript-specific definitions for use in the NfaUtils module.
+ */
+
+private import codeql.regex.nfa.NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+
+/** An implementation that parses a regular expression into a tree of `RegExpTerm`s. */
+module RegExpTreeView implements RegexTreeViewSig {
+  import javascript
+
+  class Top = Locatable;
+
+  /**
+   * Holds if `term` is an escape class representing e.g. `\d`.
+   * `clazz` is which character class it represents, e.g. "d" for `\d`.
+   */
+  predicate isEscapeClass(RegExpTerm term, string clazz) {
+    exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
+  }
+
+  /**
+   * Holds if `term` is a possessive quantifier.
+   * As javascript's regexes do not support possessive quantifiers, this never holds, but is used by the shared library.
+   */
+  predicate isPossessive(RegExpQuantifier term) { none() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
+   * Not yet implemented for JavaScript.
+   */
+  predicate matchesAnyPrefix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
+   * Not yet implemented for JavaScript.
+   */
+  predicate matchesAnySuffix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if the regular expression should not be considered.
+   *
+   * For javascript we make the pragmatic performance optimization to ignore minified files.
+   */
+  predicate isExcluded(RegExpParent parent) { parent.(Expr).getTopLevel().isMinified() }
+
+  /**
+   * Holds if `root` has the `i` flag for case-insensitive matching.
+   */
+  predicate isIgnoreCase(RegExpTerm root) { RegExp::isIgnoreCase(getFlags(root)) }
+
+  /**
+   * Gets the flags for `root`, or the empty string if `root` has no flags.
+   */
+  private string getFlags(RegExpTerm root) {
+    root.isRootTerm() and
+    exists(DataFlow::RegExpCreationNode node | node.getRoot() = root |
+      result = node.getFlags()
+      or
+      not exists(node.getFlags()) and
+      result = ""
+    )
+    or
+    exists(RegExpPatternSource source | source.getRegExpTerm() = root |
+      result = source.getARegExpObject().(DataFlow::RegExpCreationNode).getFlags()
+    )
+  }
+
+  /**
+   * Holds if `root` has the `s` flag for multi-line matching.
+   */
+  predicate isDotAll(RegExpTerm root) { RegExp::isDotAll(getFlags(root)) }
+}
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll
index e2c75ff980b..cfc0f499240 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll
@@ -3,155 +3,7 @@
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 
-import NfaUtils
-
-/** A root term */
-class RootTerm extends RegExpTerm {
-  RootTerm() { this.isRootTerm() }
-}
-
-/**
- * Holds if it should be tested whether `root` matches `str`.
- *
- * If `ignorePrefix` is true, then a regexp without a start anchor will be treated as if it had a start anchor.
- * E.g. a regular expression `/foo$/` will match any string that ends with "foo",
- * but if `ignorePrefix` is true, it will only match "foo".
- *
- * If `testWithGroups` is true, then the `RegexpMatching::fillsCaptureGroup` predicate can be used to determine which capture
- * groups are filled by a string.
- */
-signature predicate isRegexpMatchingCandidateSig(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-);
-
-/**
- * A module for determining if a regexp matches a given string,
- * and reasoning about which capture groups are filled by a given string.
- *
- * The module parameter `isCandidate` determines which strings should be tested,
- * and the results can be read from the `matches` and `fillsCaptureGroup` predicates.
- */
-module RegexpMatching<isRegexpMatchingCandidateSig/4 isCandidate> {
-  /**
-   * Gets a state the regular expression `reg` can be in after matching the `i`th char in `str`.
-   * The regular expression is modeled as a non-determistic finite automaton,
-   * the regular expression can therefore be in multiple states after matching a character.
-   *
-   * It's a forward search to all possible states, and there is thus no guarantee that the state is on a path to an accepting state.
-   */
-  private State getAState(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // start state, the -1 position before any chars have been matched
-    i = -1 and
-    isCandidate(reg, str, ignorePrefix, _) and
-    result.getRepr().getRootTerm() = reg and
-    isStartState(result)
-    or
-    // recursive case
-    result = getAStateAfterMatching(reg, _, str, i, _, ignorePrefix)
-  }
-
-  /**
-   * Gets the next state after the `prev` state from `reg`.
-   * `prev` is the state after matching `fromIndex` chars in `str`,
-   * and the result is the state after matching `toIndex` chars in `str`.
-   *
-   * This predicate is used as a step relation in the forwards search (`getAState`),
-   * and also as a step relation in the later backwards search (`getAStateThatReachesAccept`).
-   */
-  private State getAStateAfterMatching(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    // the basic recursive case - outlined into a noopt helper to make performance work out.
-    result = getAStateAfterMatchingAux(reg, prev, str, toIndex, fromIndex, ignorePrefix)
-    or
-    // we can skip past word boundaries if the next char is a non-word char.
-    fromIndex = toIndex and
-    prev.getRepr() instanceof RegExpWordBoundary and
-    prev = getAState(reg, toIndex, str, ignorePrefix) and
-    after(prev.getRepr()) = result and
-    str.charAt(toIndex + 1).regexpMatch("\\W") // \W matches any non-word char.
-  }
-
-  pragma[noopt]
-  private State getAStateAfterMatchingAux(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    prev = getAState(reg, fromIndex, str, ignorePrefix) and
-    fromIndex = toIndex - 1 and
-    exists(string char | char = str.charAt(toIndex) | specializedDeltaClosed(prev, char, result)) and
-    not discardedPrefixStep(prev, result, ignorePrefix)
-  }
-
-  /** Holds if a step from `prev` to `next` should be discarded when the `ignorePrefix` flag is set. */
-  private predicate discardedPrefixStep(State prev, State next, boolean ignorePrefix) {
-    prev = mkMatch(any(RegExpRoot r)) and
-    ignorePrefix = true and
-    next = prev
-  }
-
-  // The `deltaClosed` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  private predicate specializedDeltaClosed(State prev, string char, State next) {
-    deltaClosed(prev, specializedGetAnInputSymbolMatching(char), next)
-  }
-
-  // The `getAnInputSymbolMatching` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  pragma[noinline]
-  private InputSymbol specializedGetAnInputSymbolMatching(string char) {
-    exists(string s, RootTerm r | isCandidate(r, s, _, _) | char = s.charAt(_)) and
-    result = getAnInputSymbolMatching(char)
-  }
-
-  /**
-   * Gets the `i`th state on a path to the accepting state when `reg` matches `str`.
-   * Starts with an accepting state as found by `getAState` and searches backwards
-   * to the start state through the reachable states (as found by `getAState`).
-   *
-   * This predicate satisfies the invariant that the result state can be reached with `i` steps from a start state,
-   * and an accepting state can be found after (`str.length() - 1 - i`) steps from the result.
-   * The result state is therefore always on a valid path where `reg` accepts `str`.
-   *
-   * This predicate is only used to find which capture groups a regular expression has filled,
-   * and thus the search is only performed for the strings in the `testWithGroups(..)` predicate.
-   */
-  private State getAStateThatReachesAccept(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // base case, reaches an accepting state from the last state in `getAState(..)`
-    isCandidate(reg, str, ignorePrefix, true) and
-    i = str.length() - 1 and
-    result = getAState(reg, i, str, ignorePrefix) and
-    epsilonSucc*(result) = Accept(_)
-    or
-    // recursive case. `next` is the next state to be matched after matching `prev`.
-    // this predicate is doing a backwards search, so `prev` is the result we are looking for.
-    exists(State next, State prev, int fromIndex, int toIndex |
-      next = getAStateThatReachesAccept(reg, toIndex, str, ignorePrefix) and
-      next = getAStateAfterMatching(reg, prev, str, toIndex, fromIndex, ignorePrefix) and
-      i = fromIndex and
-      result = prev
-    )
-  }
-
-  /** Gets the capture group number that `term` belongs to. */
-  private int group(RegExpTerm term) {
-    exists(RegExpGroup grp | grp.getNumber() = result | term.getParent*() = grp)
-  }
-
-  /**
-   * Holds if `reg` matches `str`, where `str` is in the `isCandidate` predicate.
-   */
-  predicate matches(RootTerm reg, string str) {
-    exists(State state | state = getAState(reg, str.length() - 1, str, _) |
-      epsilonSucc*(state) = Accept(_)
-    )
-  }
-
-  /**
-   * Holds if matching `str` against `reg` may fill capture group number `g`.
-   * Only holds if `str` is in the `testWithGroups` predicate.
-   */
-  predicate fillsCaptureGroup(RootTerm reg, string str, int g) {
-    exists(State s |
-      s = getAStateThatReachesAccept(reg, _, str, _) and
-      g = group(s.getRepr())
-    )
-  }
-}
+private import RegExpTreeView::RegExpTreeView as TreeView
+// RegexpMatching should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.RegexpMatching::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
index 14a69dc0644..ec3d65ab195 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
@@ -1,11 +1,4 @@
 /**
- * Provides classes for working with regular expressions that can
- * perform backtracking in superlinear time.
- */
-
-import NfaUtils
-
-/*
  * This module implements the analysis described in the paper:
  *   Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
  *     Static Detection of DoS Vulnerabilities in
@@ -42,377 +35,7 @@ import NfaUtils
  * It also doesn't find all transitions in the product automaton, which can cause false negatives.
  */
 
-/**
- * Gets any root (start) state of a regular expression.
- */
-private State getRootState() { result = mkMatch(any(RegExpRoot r)) }
-
-private newtype TStateTuple =
-  MkStateTuple(State q1, State q2, State q3) {
-    // starts at (pivot, pivot, succ)
-    isStartLoops(q1, q3) and q1 = q2
-    or
-    step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3)
-  }
-
-/**
- * A state in the product automaton.
- * The product automaton contains 3-tuples of states.
- *
- * We lazily only construct those states that we are actually
- * going to need.
- * Either a start state `(pivot, pivot, succ)`, or a state
- * where there exists a transition from an already existing state.
- *
- * The exponential variant of this query (`js/redos`) uses an optimization
- * trick where `q1 <= q2`. This trick cannot be used here as the order
- * of the elements matter.
- */
-class StateTuple extends TStateTuple {
-  State q1;
-  State q2;
-  State q3;
-
-  StateTuple() { this = MkStateTuple(q1, q2, q3) }
-
-  /**
-   * Gest a string representation of this tuple.
-   */
-  string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
-
-  /**
-   * Holds if this tuple is `(r1, r2, r3)`.
-   */
-  pragma[noinline]
-  predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 }
-}
-
-/**
- * A module for determining feasible tuples for the product automaton.
- *
- * The implementation is split into many predicates for performance reasons.
- */
-private module FeasibleTuple {
-  /**
-   * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton.
-   */
-  pragma[inline]
-  predicate isFeasibleTuple(State r1, State r2, State r3) {
-    // The first element is either inside a repetition (or the start state itself)
-    isRepetitionOrStart(r1) and
-    // The last element is inside a repetition
-    stateInsideRepetition(r3) and
-    // The states are reachable in the NFA in the order r1 -> r2 -> r3
-    delta+(r1) = r2 and
-    delta+(r2) = r3 and
-    // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair).
-    canReachABeginning(r1) and
-    // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair).
-    canReachATarget(r3)
-  }
-
-  /**
-   * Holds if `s` is either inside a repetition, or is the start state (which is a repetition).
-   */
-  pragma[noinline]
-  private predicate isRepetitionOrStart(State s) { stateInsideRepetition(s) or s = getRootState() }
-
-  /**
-   * Holds if state `s` might be inside a backtracking repetition.
-   */
-  pragma[noinline]
-  private predicate stateInsideRepetition(State s) {
-    s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "pivot" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachABeginning(State s) {
-    delta+(s) = any(State pivot | isStartLoops(pivot, _))
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "succ" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachATarget(State s) { delta+(s) = any(State succ | isStartLoops(_, succ)) }
-}
-
-/**
- * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup.
- *
- * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`.
- * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query.
- */
-predicate isStartLoops(State pivot, State succ) {
-  pivot != succ and
-  succ.getRepr() instanceof InfiniteRepetitionQuantifier and
-  delta+(pivot) = succ and
-  (
-    pivot.getRepr() instanceof InfiniteRepetitionQuantifier
-    or
-    pivot = mkMatch(any(RegExpRoot root))
-  )
-}
-
-/**
- * Gets a state for which there exists a transition in the NFA from `s'.
- */
-State delta(State s) { delta(s, _, result) }
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noinline]
-predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) {
-  exists(State r1, State r2, State r3 |
-    step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3)
-  )
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3
- * labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noopt]
-predicate step(
-  StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3
-) {
-  exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    deltaClosed(q3, s3, r3) and
-    // use noopt to force the join on `getAThreewayIntersect` to happen last.
-    exists(getAThreewayIntersect(s1, s2, s3))
-  )
-}
-
-/**
- * Gets a char that is matched by all the edges `s1`, `s2`, and `s3`.
- *
- * The result is not complete, and might miss some combination of edges that share some character.
- */
-pragma[noinline]
-string getAThreewayIntersect(InputSymbol s1, InputSymbol s2, InputSymbol s3) {
-  result = minAndMaxIntersect(s1, s2) and result = [intersect(s2, s3), intersect(s1, s3)]
-  or
-  result = minAndMaxIntersect(s1, s3) and result = [intersect(s2, s3), intersect(s1, s2)]
-  or
-  result = minAndMaxIntersect(s2, s3) and result = [intersect(s1, s2), intersect(s1, s3)]
-}
-
-/**
- * Gets the minimum and maximum characters that intersect between `a` and `b`.
- * This predicate is used to limit the size of `getAThreewayIntersect`.
- */
-pragma[noinline]
-string minAndMaxIntersect(InputSymbol a, InputSymbol b) {
-  result = [min(intersect(a, b)), max(intersect(a, b))]
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) {
-    isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _)
-  }
-
-/**
- * A list of tuples of input symbols that describe a path in the product automaton
- * starting from some start state.
- */
-class Trace extends TTrace {
-  /**
-   * Gets a string representation of this Trace that can be used for debug purposes.
-   */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if there exists a transition from `r` to `q` in the product automaton.
- * Notice that the arguments are flipped, and thus the direction is backwards.
- */
-pragma[noinline]
-predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) }
-
-/**
- * Holds if `tuple` is an end state in our search.
- * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`.
- */
-predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) }
-
-/**
- * Gets the minimum length of a path from `r` to some an end state `end`.
- *
- * The implementation searches backwards from the end-tuple.
- * This approach was chosen because it is way more efficient if the first predicate given to `shortestDistances` is small.
- * The `end` argument must always be an end state.
- */
-int distBackFromEnd(StateTuple r, StateTuple end) =
-  shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result)
-
-/**
- * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that:
- * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton,
- * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`,
- * and a path from a start-state to `tuple` follows the transitions in `trace`.
- */
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, StateTuple tuple, Trace trace, int dist
-) {
-  exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v |
-    isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and
-    trace = Step(s1, s2, s3, v)
-  )
-}
-
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3,
-  StateTuple tuple, int dist
-) {
-  // base case.
-  exists(State q1, State q2, State q3 |
-    isStartLoops(pivot, succ) and
-    step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and
-    tuple = MkStateTuple(q1, q2, q3) and
-    trace = Nil() and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ))
-  )
-  or
-  // recursive case
-  exists(StateTuple p |
-    isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and
-    step(p, s1, s2, s3, tuple)
-  )
-}
-
-/**
- * Gets the tuple `(pivot, succ, succ)` from the product automaton.
- */
-StateTuple getAnEndTuple(State pivot, State succ) {
-  isStartLoops(pivot, succ) and
-  result = MkStateTuple(pivot, succ, succ)
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, _, result) }
-
-  /** Holds if `n` is used in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State pivot, State succ |
-      isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _)
-    )
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) |
-      result = getAThreewayIntersect(s1, s2, s3)
-    )
-  }
-}
-
-/**
- * Holds if matching repetitions of `pump` can:
- * 1) Transition from `pivot` back to `pivot`.
- * 2) Transition from `pivot` to `succ`.
- * 3) Transition from `succ` to `succ`.
- *
- * From theorem 3 in the paper linked in the top of this file we can therefore conclude that
- * the regular expression has polynomial backtracking - if a rejecting suffix exists.
- *
- * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are
- * available in the `hasReDoSResult` predicate.
- */
-predicate isPumpable(State pivot, State succ, string pump) {
-  exists(StateTuple q, Trace t |
-    isReachableFromStartTuple(pivot, succ, q, t, _) and
-    q = getAnEndTuple(pivot, succ) and
-    pump = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/**
- * Holds if states starting in `state` can have polynomial backtracking with the string `pump`.
- */
-predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump) }
-
-/**
- * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
- */
-predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
-  exists(State s, State pivot |
-    ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
-    isPumpable(pivot, s, _) and
-    prev = pivot.getRepr()
-  )
-}
-
-/**
- * Gets a message for why `term` can cause polynomial backtracking.
- */
-string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
-  polynomialReDoS(term, pump, prefixMsg, prev) and
-  result =
-    "Strings " + prefixMsg + "with many repetitions of '" + pump +
-      "' can start matching anywhere after the start of the preceeding " + prev
-}
-
-/**
- * A term that may cause a regular expression engine to perform a
- * polynomial number of match attempts, relative to the input length.
- */
-class PolynomialBackTrackingTerm extends InfiniteRepetitionQuantifier {
-  string reason;
-  string pump;
-  string prefixMsg;
-  RegExpTerm prev;
-
-  PolynomialBackTrackingTerm() {
-    reason = getReasonString(this, pump, prefixMsg, prev) and
-    // there might be many reasons for this term to have polynomial backtracking - we pick the shortest one.
-    reason = min(string msg | msg = getReasonString(this, _, _, _) | msg order by msg.length(), msg)
-  }
-
-  /**
-   * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line.
-   */
-  predicate isAtEndLine() {
-    forall(RegExpTerm succ | this.getSuccessor+() = succ and not matchesEpsilon(succ) |
-      succ instanceof RegExpDollar
-    )
-  }
-
-  /**
-   * Gets the string that should be repeated to cause this regular expression to perform polynomially.
-   */
-  string getPumpString() { result = pump }
-
-  /**
-   * Gets a message for which prefix a matching string must start with for this term to cause polynomial backtracking.
-   */
-  string getPrefixMessage() { result = prefixMsg }
-
-  /**
-   * Gets a predecessor to `this`, which also loops on the pump string, and thereby causes polynomial backtracking.
-   */
-  RegExpTerm getPreviousLoop() { result = prev }
-
-  /**
-   * Gets the reason for the number of match attempts.
-   */
-  string getReason() { result = reason }
-}
+private import RegExpTreeView::RegExpTreeView as TreeView
+// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme b/javascript/ql/lib/semmlecode.javascript.dbscheme
index c0664d5721c..4d00210ca57 100644
--- a/javascript/ql/lib/semmlecode.javascript.dbscheme
+++ b/javascript/ql/lib/semmlecode.javascript.dbscheme
@@ -357,6 +357,7 @@ case @expr.kind of
 | 118 = @assignnullishcoalescingexpr
 | 119 = @template_pipe_ref
 | 120 = @generated_code_expr
+| 121 = @satisfies_expr
 ;
 
 @varaccess = @proper_varaccess | @export_varaccess;
diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats
index ed051cd16ac..7e0b98ea867 100644
--- a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats
+++ b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats
@@ -450,6 +450,10 @@
 <v>100</v>
 </e>
 <e>
+<k>@satisfies_expr</k>
+<v>100</v>
+</e>
+<e>
 <k>@preinc_expr</k>
 <v>1792</v>
 </e>
diff --git a/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/old.dbscheme b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/old.dbscheme
new file mode 100644
index 00000000000..c0664d5721c
--- /dev/null
+++ b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/old.dbscheme
@@ -0,0 +1,1217 @@
+/*** Standard fragments ***/
+
+/** Files and folders **/
+
+@location = @location_default;
+
+locations_default(unique int id: @location_default,
+          int file: @file ref,
+          int beginLine: int ref,
+          int beginColumn: int ref,
+          int endLine: int ref,
+          int endColumn: int ref
+         );
+
+@sourceline = @locatable;
+
+numlines(int element_id: @sourceline ref,
+         int num_lines: int ref,
+         int num_code: int ref,
+         int num_comment: int ref
+        );
+
+files(unique int id: @file,
+      varchar(900) name: string ref);
+
+folders(unique int id: @folder,
+        varchar(900) name: string ref);
+
+
+@container = @folder | @file ;
+
+
+containerparent(int parent: @container ref,
+                unique int child: @container ref);
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+/** Version control data **/
+
+svnentries(
+  int id : @svnentry,
+  varchar(500) revision : string ref,
+  varchar(500) author : string ref,
+  date revisionDate : date ref,
+  int changeSize : int ref
+);
+
+svnaffectedfiles(
+  int id : @svnentry ref,
+  int file : @file ref,
+  varchar(500) action : string ref
+);
+
+svnentrymsg(
+  int id : @svnentry ref,
+  varchar(500) message : string ref
+);
+
+svnchurn(
+  int commit : @svnentry ref,
+  int file : @file ref,
+  int addedLines : int ref,
+  int deletedLines : int ref
+);
+
+
+/*** JavaScript-specific part ***/
+
+filetype(
+  int file: @file ref,
+  string filetype: string ref
+)
+
+// top-level code fragments
+toplevels (unique int id: @toplevel,
+           int kind: int ref);
+
+is_externs (int toplevel: @toplevel ref);
+
+case @toplevel.kind of
+   0 = @script
+|  1 = @inline_script
+|  2 = @event_handler
+|  3 = @javascript_url
+|  4 = @template_toplevel;
+
+is_module (int tl: @toplevel ref);
+is_nodejs (int tl: @toplevel ref);
+is_es2015_module (int tl: @toplevel ref);
+is_closure_module (int tl: @toplevel ref);
+
+@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag;
+toplevel_parent_xml_node(
+  unique int toplevel: @toplevel ref,
+  int xmlnode: @xml_node_with_code ref);
+
+xml_element_parent_expression(
+  unique int xmlnode: @xmlelement ref,
+  int expression: @expr ref,
+  int index: int ref);
+
+// statements
+#keyset[parent, idx]
+stmts (unique int id: @stmt,
+       int kind: int ref,
+       int parent: @stmt_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+stmt_containers (unique int stmt: @stmt ref,
+       int container: @stmt_container ref);
+
+jump_targets (unique int jump: @stmt ref,
+       int target: @stmt ref);
+
+@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer;
+@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration;
+
+case @stmt.kind of
+   0 = @empty_stmt
+|  1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @labeled_stmt
+|  5 = @break_stmt
+|  6 = @continue_stmt
+|  7 = @with_stmt
+|  8 = @switch_stmt
+|  9 = @return_stmt
+| 10 = @throw_stmt
+| 11 = @try_stmt
+| 12 = @while_stmt
+| 13 = @do_while_stmt
+| 14 = @for_stmt
+| 15 = @for_in_stmt
+| 16 = @debugger_stmt
+| 17 = @function_decl_stmt
+| 18 = @var_decl_stmt
+| 19 = @case
+| 20 = @catch_clause
+| 21 = @for_of_stmt
+| 22 = @const_decl_stmt
+| 23 = @let_stmt
+| 24 = @legacy_let_stmt
+| 25 = @for_each_stmt
+| 26 = @class_decl_stmt
+| 27 = @import_declaration
+| 28 = @export_all_declaration
+| 29 = @export_default_declaration
+| 30 = @export_named_declaration
+| 31 = @namespace_declaration
+| 32 = @import_equals_declaration
+| 33 = @export_assign_declaration
+| 34 = @interface_declaration
+| 35 = @type_alias_declaration
+| 36 = @enum_declaration
+| 37 = @external_module_declaration
+| 38 = @export_as_namespace_declaration
+| 39 = @global_augmentation_declaration
+;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt;
+
+@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration;
+
+@namespace_definition = @namespace_declaration | @enum_declaration;
+@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member;
+
+is_instantiated(unique int decl: @namespace_declaration ref);
+
+@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field;
+has_declare_keyword(unique int stmt: @declarable_node ref);
+
+is_for_await_of(unique int forof: @for_of_stmt ref);
+
+// expressions
+#keyset[parent, idx]
+exprs (unique int id: @expr,
+       int kind: int ref,
+       int parent: @expr_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+literals (varchar(900) value: string ref,
+       varchar(900) raw: string ref,
+       unique int expr: @expr_or_type ref);
+
+enclosing_stmt (unique int expr: @expr_or_type ref,
+       int stmt: @stmt ref);
+
+expr_containers (unique int expr: @expr_or_type ref,
+       int container: @stmt_container ref);
+
+array_size (unique int ae: @arraylike ref,
+       int sz: int ref);
+
+is_delegating (int yield: @yield_expr ref);
+
+@expr_or_stmt = @expr | @stmt;
+@expr_or_type = @expr | @typeexpr;
+@expr_parent = @expr_or_stmt | @property | @function_typeexpr;
+@arraylike = @array_expr | @array_pattern;
+@type_annotation = @typeexpr | @jsdoc_type_expr;
+@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel;
+
+case @expr.kind of
+   0 = @label
+|  1 = @null_literal
+|  2 = @boolean_literal
+|  3 = @number_literal
+|  4 = @string_literal
+|  5 = @regexp_literal
+|  6 = @this_expr
+|  7 = @array_expr
+|  8 = @obj_expr
+|  9 = @function_expr
+| 10 = @seq_expr
+| 11 = @conditional_expr
+| 12 = @new_expr
+| 13 = @call_expr
+| 14 = @dot_expr
+| 15 = @index_expr
+| 16 = @neg_expr
+| 17 = @plus_expr
+| 18 = @log_not_expr
+| 19 = @bit_not_expr
+| 20 = @typeof_expr
+| 21 = @void_expr
+| 22 = @delete_expr
+| 23 = @eq_expr
+| 24 = @neq_expr
+| 25 = @eqq_expr
+| 26 = @neqq_expr
+| 27 = @lt_expr
+| 28 = @le_expr
+| 29 = @gt_expr
+| 30 = @ge_expr
+| 31 = @lshift_expr
+| 32 = @rshift_expr
+| 33 = @urshift_expr
+| 34 = @add_expr
+| 35 = @sub_expr
+| 36 = @mul_expr
+| 37 = @div_expr
+| 38 = @mod_expr
+| 39 = @bitor_expr
+| 40 = @xor_expr
+| 41 = @bitand_expr
+| 42 = @in_expr
+| 43 = @instanceof_expr
+| 44 = @logand_expr
+| 45 = @logor_expr
+| 47 = @assign_expr
+| 48 = @assign_add_expr
+| 49 = @assign_sub_expr
+| 50 = @assign_mul_expr
+| 51 = @assign_div_expr
+| 52 = @assign_mod_expr
+| 53 = @assign_lshift_expr
+| 54 = @assign_rshift_expr
+| 55 = @assign_urshift_expr
+| 56 = @assign_or_expr
+| 57 = @assign_xor_expr
+| 58 = @assign_and_expr
+| 59 = @preinc_expr
+| 60 = @postinc_expr
+| 61 = @predec_expr
+| 62 = @postdec_expr
+| 63 = @par_expr
+| 64 = @var_declarator
+| 65 = @arrow_function_expr
+| 66 = @spread_element
+| 67 = @array_pattern
+| 68 = @object_pattern
+| 69 = @yield_expr
+| 70 = @tagged_template_expr
+| 71 = @template_literal
+| 72 = @template_element
+| 73 = @array_comprehension_expr
+| 74 = @generator_expr
+| 75 = @for_in_comprehension_block
+| 76 = @for_of_comprehension_block
+| 77 = @legacy_letexpr
+| 78 = @var_decl
+| 79 = @proper_varaccess
+| 80 = @class_expr
+| 81 = @super_expr
+| 82 = @newtarget_expr
+| 83 = @named_import_specifier
+| 84 = @import_default_specifier
+| 85 = @import_namespace_specifier
+| 86 = @named_export_specifier
+| 87 = @exp_expr
+| 88 = @assign_exp_expr
+| 89 = @jsx_element
+| 90 = @jsx_qualified_name
+| 91 = @jsx_empty_expr
+| 92 = @await_expr
+| 93 = @function_sent_expr
+| 94 = @decorator
+| 95 = @export_default_specifier
+| 96 = @export_namespace_specifier
+| 97 = @bind_expr
+| 98 = @external_module_reference
+| 99 = @dynamic_import
+| 100 = @expression_with_type_arguments
+| 101 = @prefix_type_assertion
+| 102 = @as_type_assertion
+| 103 = @export_varaccess
+| 104 = @decorator_list
+| 105 = @non_null_assertion
+| 106 = @bigint_literal
+| 107 = @nullishcoalescing_expr
+| 108 = @e4x_xml_anyname
+| 109 = @e4x_xml_static_attribute_selector
+| 110 = @e4x_xml_dynamic_attribute_selector
+| 111 = @e4x_xml_filter_expression
+| 112 = @e4x_xml_static_qualident
+| 113 = @e4x_xml_dynamic_qualident
+| 114 = @e4x_xml_dotdotexpr
+| 115 = @import_meta_expr
+| 116 = @assignlogandexpr
+| 117 = @assignlogorexpr
+| 118 = @assignnullishcoalescingexpr
+| 119 = @template_pipe_ref
+| 120 = @generated_code_expr
+;
+
+@varaccess = @proper_varaccess | @export_varaccess;
+@varref = @var_decl | @varaccess;
+
+@identifier = @label | @varref | @type_identifier;
+
+@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal;
+
+@propaccess = @dot_expr | @index_expr;
+
+@invokeexpr = @new_expr | @call_expr;
+
+@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element;
+
+@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr;
+
+@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr;
+
+@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr;
+
+@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr;
+
+@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr;
+
+@pattern = @varref | @array_pattern | @object_pattern;
+
+@comprehension_expr = @array_comprehension_expr | @generator_expr;
+
+@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block;
+
+@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier;
+
+@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier;
+
+@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier;
+
+@type_assertion = @as_type_assertion | @prefix_type_assertion;
+
+@class_definition = @class_decl_stmt | @class_expr;
+@interface_definition = @interface_declaration | @interface_typeexpr;
+@class_or_interface = @class_definition | @interface_definition;
+
+@lexical_decl = @var_decl | @type_decl;
+@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access;
+@lexical_ref = @lexical_decl | @lexical_access;
+
+@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector;
+@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident;
+
+expr_contains_template_tag_location(
+  int expr: @expr ref,
+  int location: @location ref
+);
+
+@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file;
+
+template_placeholder_tag_info(
+  unique int node: @template_placeholder_tag,
+  int parentNode: @template_placeholder_tag_parent ref,
+  varchar(900) raw: string ref
+);
+
+// scopes
+scopes (unique int id: @scope,
+        int kind: int ref);
+
+case @scope.kind of
+   0 = @global_scope
+|  1 = @function_scope
+|  2 = @catch_scope
+|  3 = @module_scope
+|  4 = @block_scope
+|  5 = @for_scope
+|  6 = @for_in_scope // for-of scopes work the same as for-in scopes
+|  7 = @comprehension_block_scope
+|  8 = @class_expr_scope
+|  9 = @namespace_scope
+| 10 = @class_decl_scope
+| 11 = @interface_scope
+| 12 = @type_alias_scope
+| 13 = @mapped_type_scope
+| 14 = @enum_scope
+| 15 = @external_module_scope
+| 16 = @conditional_type_scope;
+
+scopenodes (unique int node: @ast_node ref,
+            int scope: @scope ref);
+
+scopenesting (unique int inner: @scope ref,
+              int outer: @scope ref);
+
+// functions
+@function = @function_decl_stmt | @function_expr | @arrow_function_expr;
+
+@parameterized = @function | @catch_clause;
+@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr;
+
+is_generator (int fun: @function ref);
+has_rest_parameter (int fun: @function ref);
+is_async (int fun: @function ref);
+
+// variables and lexically scoped type names
+#keyset[scope, name]
+variables (unique int id: @variable,
+           varchar(900) name: string ref,
+           int scope: @scope ref);
+
+#keyset[scope, name]
+local_type_names (unique int id: @local_type_name,
+                  varchar(900) name: string ref,
+                  int scope: @scope ref);
+
+#keyset[scope, name]
+local_namespace_names (unique int id: @local_namespace_name,
+                       varchar(900) name: string ref,
+                       int scope: @scope ref);
+
+is_arguments_object (int id: @variable ref);
+
+@lexical_name = @variable | @local_type_name | @local_namespace_name;
+
+@bind_id = @varaccess | @local_var_type_access;
+bind (unique int id: @bind_id ref,
+      int decl: @variable ref);
+
+decl (unique int id: @var_decl ref,
+      int decl: @variable ref);
+
+@typebind_id = @local_type_access | @export_varaccess;
+typebind (unique int id: @typebind_id ref,
+          int decl: @local_type_name ref);
+
+@typedecl_id = @type_decl | @var_decl;
+typedecl (unique int id: @typedecl_id ref,
+          int decl: @local_type_name ref);
+
+namespacedecl (unique int id: @var_decl ref,
+               int decl: @local_namespace_name ref);
+
+@namespacebind_id = @local_namespace_access | @export_varaccess;
+namespacebind (unique int id: @namespacebind_id ref,
+               int decl: @local_namespace_name ref);
+
+
+// properties in object literals, property patterns in object patterns, and method declarations in classes
+#keyset[parent, index]
+properties (unique int id: @property,
+            int parent: @property_parent ref,
+            int index: int ref,
+            int kind: int ref,
+            varchar(900) tostring: string ref);
+
+case @property.kind of
+  0 = @value_property
+| 1 = @property_getter
+| 2 = @property_setter
+| 3 = @jsx_attribute
+| 4 = @function_call_signature
+| 5 = @constructor_call_signature
+| 6 = @index_signature
+| 7 = @enum_member
+| 8 = @proper_field
+| 9 = @parameter_field
+| 10 = @static_initializer
+;
+
+@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration;
+@property_accessor = @property_getter | @property_setter;
+@call_signature = @function_call_signature | @constructor_call_signature;
+@field = @proper_field | @parameter_field;
+@field_or_vardeclarator = @field | @var_declarator;
+
+is_computed (int id: @property ref);
+is_method   (int id: @property ref);
+is_static   (int id: @property ref);
+is_abstract_member (int id: @property ref);
+is_const_enum (int id: @enum_declaration ref);
+is_abstract_class (int id: @class_decl_stmt ref);
+
+has_public_keyword (int id: @property ref);
+has_private_keyword (int id: @property ref);
+has_protected_keyword (int id: @property ref);
+has_readonly_keyword (int id: @property ref);
+has_type_keyword (int id: @type_keyword_operand ref);
+is_optional_member (int id: @property ref);
+has_definite_assignment_assertion (int id: @field_or_vardeclarator ref);
+is_optional_parameter_declaration (unique int parameter: @pattern ref);
+
+#keyset[constructor, param_index]
+parameter_fields(
+  unique int field: @parameter_field ref,
+  int constructor: @function_expr ref,
+  int param_index: int ref
+);
+
+// types
+#keyset[parent, idx]
+typeexprs (
+  unique int id: @typeexpr,
+  int kind: int ref,
+  int parent: @typeexpr_parent ref,
+  int idx: int ref,
+  varchar(900) tostring: string ref
+);
+
+case @typeexpr.kind of
+  0 = @local_type_access
+| 1 = @type_decl
+| 2 = @keyword_typeexpr
+| 3 = @string_literal_typeexpr
+| 4 = @number_literal_typeexpr
+| 5 = @boolean_literal_typeexpr
+| 6 = @array_typeexpr
+| 7 = @union_typeexpr
+| 8 = @indexed_access_typeexpr
+| 9 = @intersection_typeexpr
+| 10 = @parenthesized_typeexpr
+| 11 = @tuple_typeexpr
+| 12 = @keyof_typeexpr
+| 13 = @qualified_type_access
+| 14 = @generic_typeexpr
+| 15 = @type_label
+| 16 = @typeof_typeexpr
+| 17 = @local_var_type_access
+| 18 = @qualified_var_type_access
+| 19 = @this_var_type_access
+| 20 = @predicate_typeexpr
+| 21 = @interface_typeexpr
+| 22 = @type_parameter
+| 23 = @plain_function_typeexpr
+| 24 = @constructor_typeexpr
+| 25 = @local_namespace_access
+| 26 = @qualified_namespace_access
+| 27 = @mapped_typeexpr
+| 28 = @conditional_typeexpr
+| 29 = @infer_typeexpr
+| 30 = @import_type_access
+| 31 = @import_namespace_access
+| 32 = @import_var_type_access
+| 33 = @optional_typeexpr
+| 34 = @rest_typeexpr
+| 35 = @bigint_literal_typeexpr
+| 36 = @readonly_typeexpr
+| 37 = @template_literal_typeexpr
+;
+
+@typeref = @typeaccess | @type_decl;
+@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access;
+@typeexpr_parent = @expr | @stmt | @property | @typeexpr;
+@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr;
+@typeaccess = @local_type_access | @qualified_type_access | @import_type_access;
+@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access;
+@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access;
+@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access;
+
+@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr;
+
+// types
+types (
+  unique int id: @type,
+  int kind: int ref,
+  varchar(900) tostring: string ref
+);
+
+#keyset[parent, idx]
+type_child (
+  int child: @type ref,
+  int parent: @type ref,
+  int idx: int ref
+);
+
+case @type.kind of
+  0 = @any_type
+| 1 = @string_type
+| 2 = @number_type
+| 3 = @union_type
+| 4 = @true_type
+| 5 = @false_type
+| 6 = @type_reference
+| 7 = @object_type
+| 8 = @canonical_type_variable_type
+| 9 = @typeof_type
+| 10 = @void_type
+| 11 = @undefined_type
+| 12 = @null_type
+| 13 = @never_type
+| 14 = @plain_symbol_type
+| 15 = @unique_symbol_type
+| 16 = @objectkeyword_type
+| 17 = @intersection_type
+| 18 = @tuple_type
+| 19 = @lexical_type_variable_type
+| 20 = @this_type
+| 21 = @number_literal_type
+| 22 = @string_literal_type
+| 23 = @unknown_type
+| 24 = @bigint_type
+| 25 = @bigint_literal_type
+;
+
+@boolean_literal_type = @true_type | @false_type;
+@symbol_type = @plain_symbol_type | @unique_symbol_type;
+@union_or_intersection_type = @union_type | @intersection_type;
+@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type;
+
+has_asserts_keyword(int node: @predicate_typeexpr ref);
+
+@typed_ast_node = @expr | @typeexpr | @function;
+ast_node_type(
+  unique int node: @typed_ast_node ref,
+  int typ: @type ref);
+
+declared_function_signature(
+  unique int node: @function ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_signature(
+  unique int node: @invokeexpr ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_overload_index(
+  unique int node: @invokeexpr ref,
+  int index: int ref
+);
+
+symbols (
+  unique int id: @symbol,
+  int kind: int ref,
+  varchar(900) name: string ref
+);
+
+symbol_parent (
+  unique int symbol: @symbol ref,
+  int parent: @symbol ref
+);
+
+symbol_module (
+  int symbol: @symbol ref,
+  varchar(900) moduleName: string ref
+);
+
+symbol_global (
+  int symbol: @symbol ref,
+  varchar(900) globalName: string ref
+);
+
+case @symbol.kind of
+  0 = @root_symbol
+| 1 = @member_symbol
+| 2 = @other_symbol
+;
+
+@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type;
+@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration;
+
+ast_node_symbol(
+  unique int node: @ast_node_with_symbol ref,
+  int symbol: @symbol ref);
+
+type_symbol(
+  unique int typ: @type_with_symbol ref,
+  int symbol: @symbol ref);
+
+#keyset[typ, name]
+type_property(
+  int typ: @type ref,
+  varchar(900) name: string ref,
+  int propertyType: @type ref);
+
+type_alias(
+  unique int aliasType: @type ref,
+  int underlyingType: @type ref);
+
+@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type;
+@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type;
+type_literal_value(
+  unique int typ: @type_with_literal_value ref,
+  varchar(900) value: string ref);
+
+signature_types (
+  unique int id: @signature_type,
+  int kind: int ref,
+  varchar(900) tostring: string ref,
+  int type_parameters: int ref,
+  int required_params: int ref
+);
+
+is_abstract_signature(
+  unique int sig: @signature_type ref
+);
+
+signature_rest_parameter(
+  unique int sig: @signature_type ref,
+  int rest_param_arra_type: @type ref
+);
+
+case @signature_type.kind of
+  0 = @function_signature_type
+| 1 = @constructor_signature_type
+;
+
+#keyset[typ, kind, index]
+type_contains_signature (
+  int typ: @type ref,
+  int kind: int ref,  // constructor/call/index
+  int index: int ref, // ordering of overloaded signatures
+  int sig: @signature_type ref
+);
+
+#keyset[parent, index]
+signature_contains_type (
+  int child: @type ref,
+  int parent: @signature_type ref,
+  int index: int ref
+);
+
+#keyset[sig, index]
+signature_parameter_name (
+  int sig: @signature_type ref,
+  int index: int ref,
+  varchar(900) name: string ref
+);
+
+number_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+string_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+base_type_names(
+  int typeName: @symbol ref,
+  int baseTypeName: @symbol ref
+);
+
+self_types(
+  int typeName: @symbol ref,
+  int selfType: @type_reference ref
+);
+
+tuple_type_min_length(
+  unique int typ: @type ref,
+  int minLength: int ref
+);
+
+tuple_type_rest_index(
+  unique int typ: @type ref,
+  int index: int ref
+);
+
+// comments
+comments (unique int id: @comment,
+          int kind: int ref,
+          int toplevel: @toplevel ref,
+          varchar(900) text: string ref,
+          varchar(900) tostring: string ref);
+
+case @comment.kind of
+  0 = @slashslash_comment
+| 1 = @slashstar_comment
+| 2 = @doc_comment
+| 3 = @html_comment_start
+| 4 = @htmlcommentend;
+
+@html_comment = @html_comment_start | @htmlcommentend;
+@line_comment = @slashslash_comment | @html_comment;
+@block_comment = @slashstar_comment | @doc_comment;
+
+// source lines
+lines (unique int id: @line,
+       int toplevel: @toplevel ref,
+       varchar(900) text: string ref,
+       varchar(2) terminator: string ref);
+indentation (int file: @file ref,
+            int lineno: int ref,
+            varchar(1) indentChar: string ref,
+            int indentDepth: int ref);
+
+// JavaScript parse errors
+js_parse_errors (unique int id: @js_parse_error,
+        int toplevel: @toplevel ref,
+        varchar(900) message: string ref,
+        varchar(900) line: string ref);
+
+// regular expressions
+#keyset[parent, idx]
+regexpterm (unique int id: @regexpterm,
+        int kind: int ref,
+        int parent: @regexpparent ref,
+        int idx: int ref,
+        varchar(900) tostring: string ref);
+
+@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr;
+
+case @regexpterm.kind of
+   0 = @regexp_alt
+|  1 = @regexp_seq
+|  2 = @regexp_caret
+|  3 = @regexp_dollar
+|  4 = @regexp_wordboundary
+|  5 = @regexp_nonwordboundary
+|  6 = @regexp_positive_lookahead
+|  7 = @regexp_negative_lookahead
+|  8 = @regexp_star
+|  9 = @regexp_plus
+| 10 = @regexp_opt
+| 11 = @regexp_range
+| 12 = @regexp_dot
+| 13 = @regexp_group
+| 14 = @regexp_normal_constant
+| 15 = @regexp_hex_escape
+| 16 = @regexp_unicode_escape
+| 17 = @regexp_dec_escape
+| 18 = @regexp_oct_escape
+| 19 = @regexp_ctrl_escape
+| 20 = @regexp_char_class_escape
+| 21 = @regexp_id_escape
+| 22 = @regexp_backref
+| 23 = @regexp_char_class
+| 24 = @regexp_char_range
+| 25 = @regexp_positive_lookbehind
+| 26 = @regexp_negative_lookbehind
+| 27 = @regexp_unicode_property_escape;
+
+regexp_parse_errors (unique int id: @regexp_parse_error,
+    int regexp: @regexpterm ref,
+    varchar(900) message: string ref);
+
+@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range;
+@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape;
+@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape;
+@regexp_constant = @regexp_normal_constant | @regexp_char_escape;
+@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead;
+@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind;
+@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind;
+@regexp_anchor = @regexp_dollar | @regexp_caret;
+
+is_greedy (int id: @regexp_quantifier ref);
+range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref);
+range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref);
+is_capture (unique int id: @regexp_group ref, int number: int ref);
+is_named_capture (unique int id: @regexp_group ref, string name: string ref);
+is_inverted (int id: @regexp_char_class ref);
+regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref);
+char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref);
+backref (unique int id: @regexp_backref ref, int value: int ref);
+named_backref (unique int id: @regexp_backref ref, string name: string ref);
+unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref);
+unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref);
+
+// tokens
+#keyset[toplevel, idx]
+tokeninfo (unique int id: @token,
+    int kind: int ref,
+    int toplevel: @toplevel ref,
+    int idx: int ref,
+    varchar(900) value: string ref);
+
+case @token.kind of
+  0 = @token_eof
+| 1 = @token_null_literal
+| 2 = @token_boolean_literal
+| 3 = @token_numeric_literal
+| 4 = @token_string_literal
+| 5 = @token_regular_expression
+| 6 = @token_identifier
+| 7 = @token_keyword
+| 8 = @token_punctuator;
+
+// associate comments with the token immediately following them (which may be EOF)
+next_token (int comment: @comment ref, int token: @token ref);
+
+// JSON
+#keyset[parent, idx]
+json (unique int id: @json_value,
+      int kind: int ref,
+      int parent: @json_parent ref,
+      int idx: int ref,
+      varchar(900) tostring: string ref);
+
+json_literals (varchar(900) value: string ref,
+      varchar(900) raw: string ref,
+      unique int expr: @json_value ref);
+
+json_properties (int obj: @json_object ref,
+      varchar(900) property: string ref,
+      int value: @json_value ref);
+
+json_errors (unique int id: @json_parse_error,
+      varchar(900) message: string ref);
+
+json_locations(unique int locatable: @json_locatable ref,
+      int location: @location_default ref);
+
+case @json_value.kind of
+  0 = @json_null
+| 1 = @json_boolean
+| 2 = @json_number
+| 3 = @json_string
+| 4 = @json_array
+| 5 = @json_object;
+
+@json_parent = @json_object | @json_array | @file;
+
+@json_locatable = @json_value | @json_parse_error;
+
+// locations
+@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr;
+
+@locatable = @file
+    | @ast_node
+    | @comment
+    | @line
+    | @js_parse_error | @regexp_parse_error
+    | @regexpterm
+    | @json_locatable
+    | @token
+    | @cfg_node
+    | @jsdoc | @jsdoc_type_expr | @jsdoc_tag
+    | @yaml_locatable
+    | @xmllocatable
+    | @configLocatable
+    | @template_placeholder_tag;
+
+hasLocation (unique int locatable: @locatable ref,
+    int location: @location ref);
+
+// CFG
+entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref);
+exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref);
+guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref);
+case @guard_node.kind of
+  0 = @falsy_guard
+| 1 = @truthy_guard;
+@condition_guard = @falsy_guard | @truthy_guard;
+
+@synthetic_cfg_node = @entry_node | @exit_node | @guard_node;
+@cfg_node = @synthetic_cfg_node | @expr_parent;
+
+successor (int pred: @cfg_node ref, int succ: @cfg_node ref);
+
+// JSDoc comments
+jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref);
+#keyset[parent, idx]
+jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref,
+            int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref);
+jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+
+#keyset[parent, idx]
+jsdoc_type_exprs (unique int id: @jsdoc_type_expr,
+                  int kind: int ref,
+                  int parent: @jsdoc_type_expr_parent ref,
+                  int idx: int ref,
+                  varchar(900) tostring: string ref);
+case @jsdoc_type_expr.kind of
+    0 = @jsdoc_any_type_expr
+|   1 = @jsdoc_null_type_expr
+|   2 = @jsdoc_undefined_type_expr
+|   3 = @jsdoc_unknown_type_expr
+|   4 = @jsdoc_void_type_expr
+|   5 = @jsdoc_named_type_expr
+|   6 = @jsdoc_applied_type_expr
+|   7 = @jsdoc_nullable_type_expr
+|   8 = @jsdoc_non_nullable_type_expr
+|   9 = @jsdoc_record_type_expr
+|  10 = @jsdoc_array_type_expr
+|  11 = @jsdoc_union_type_expr
+|  12 = @jsdoc_function_type_expr
+|  13 = @jsdoc_optional_type_expr
+|  14 = @jsdoc_rest_type_expr
+;
+
+#keyset[id, idx]
+jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref);
+jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref);
+jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref);
+
+@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag;
+
+jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref);
+
+// YAML
+#keyset[parent, idx]
+yaml (unique int id: @yaml_node,
+      int kind: int ref,
+      int parent: @yaml_node_parent ref,
+      int idx: int ref,
+      varchar(900) tag: string ref,
+      varchar(900) tostring: string ref);
+
+case @yaml_node.kind of
+  0 = @yaml_scalar_node
+| 1 = @yaml_mapping_node
+| 2 = @yaml_sequence_node
+| 3 = @yaml_alias_node
+;
+
+@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node;
+
+@yaml_node_parent = @yaml_collection_node | @file;
+
+yaml_anchors (unique int node: @yaml_node ref,
+              varchar(900) anchor: string ref);
+
+yaml_aliases (unique int alias: @yaml_alias_node ref,
+              varchar(900) target: string ref);
+
+yaml_scalars (unique int scalar: @yaml_scalar_node ref,
+              int style: int ref,
+              varchar(900) value: string ref);
+
+yaml_errors (unique int id: @yaml_error,
+             varchar(900) message: string ref);
+
+yaml_locations(unique int locatable: @yaml_locatable ref,
+             int location: @location_default ref);
+
+@yaml_locatable = @yaml_node | @yaml_error;
+
+/* XML Files */
+
+xmlEncoding(
+  unique int id: @file ref,
+  varchar(900) encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  varchar(900) root: string ref,
+  varchar(900) publicId: string ref,
+  varchar(900) systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  varchar(900) name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  varchar(900) name: string ref,
+  varchar(3600) value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  varchar(900) prefixName: string ref,
+  varchar(900) URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property;
+
+@optionalchainable = @call_expr | @propaccess;
+
+isOptionalChaining(int id: @optionalchainable ref);
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+/**
+ * The time taken for the extraction of a file.
+ * This table contains non-deterministic content.
+ *
+ * The sum of the `time` column for each (`file`, `timerKind`) pair
+ * is the total time taken for extraction of `file`.  The `extractionPhase`
+ * column provides a granular view of the extraction time of the file.
+ */
+extraction_time(
+   int file : @file ref,
+   // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`.
+   int extractionPhase: int ref,
+   // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds
+   int timerKind: int ref,
+   float time: float ref
+)
+
+/**
+ * Non-timing related data for the extraction of a single file.
+ * This table contains non-deterministic content.
+ */
+extraction_data(
+   int file : @file ref,
+   // the absolute path to the cache file
+   varchar(900) cacheFile: string ref,
+   boolean fromCache: boolean ref,
+   int length: int ref
+)
diff --git a/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/semmlecode.javascript.dbscheme b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/semmlecode.javascript.dbscheme
new file mode 100644
index 00000000000..4d00210ca57
--- /dev/null
+++ b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/semmlecode.javascript.dbscheme
@@ -0,0 +1,1218 @@
+/*** Standard fragments ***/
+
+/** Files and folders **/
+
+@location = @location_default;
+
+locations_default(unique int id: @location_default,
+          int file: @file ref,
+          int beginLine: int ref,
+          int beginColumn: int ref,
+          int endLine: int ref,
+          int endColumn: int ref
+         );
+
+@sourceline = @locatable;
+
+numlines(int element_id: @sourceline ref,
+         int num_lines: int ref,
+         int num_code: int ref,
+         int num_comment: int ref
+        );
+
+files(unique int id: @file,
+      varchar(900) name: string ref);
+
+folders(unique int id: @folder,
+        varchar(900) name: string ref);
+
+
+@container = @folder | @file ;
+
+
+containerparent(int parent: @container ref,
+                unique int child: @container ref);
+
+/** Duplicate code **/
+
+duplicateCode(
+  unique int id : @duplication,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+similarCode(
+  unique int id : @similarity,
+  varchar(900) relativePath : string ref,
+  int equivClass : int ref);
+
+@duplication_or_similarity = @duplication | @similarity;
+
+tokens(
+  int id : @duplication_or_similarity ref,
+  int offset : int ref,
+  int beginLine : int ref,
+  int beginColumn : int ref,
+  int endLine : int ref,
+  int endColumn : int ref);
+
+/** External data **/
+
+externalData(
+  int id : @externalDataElement,
+  varchar(900) path : string ref,
+  int column: int ref,
+  varchar(900) value : string ref
+);
+
+snapshotDate(unique date snapshotDate : date ref);
+
+sourceLocationPrefix(varchar(900) prefix : string ref);
+
+/** Version control data **/
+
+svnentries(
+  int id : @svnentry,
+  varchar(500) revision : string ref,
+  varchar(500) author : string ref,
+  date revisionDate : date ref,
+  int changeSize : int ref
+);
+
+svnaffectedfiles(
+  int id : @svnentry ref,
+  int file : @file ref,
+  varchar(500) action : string ref
+);
+
+svnentrymsg(
+  int id : @svnentry ref,
+  varchar(500) message : string ref
+);
+
+svnchurn(
+  int commit : @svnentry ref,
+  int file : @file ref,
+  int addedLines : int ref,
+  int deletedLines : int ref
+);
+
+
+/*** JavaScript-specific part ***/
+
+filetype(
+  int file: @file ref,
+  string filetype: string ref
+)
+
+// top-level code fragments
+toplevels (unique int id: @toplevel,
+           int kind: int ref);
+
+is_externs (int toplevel: @toplevel ref);
+
+case @toplevel.kind of
+   0 = @script
+|  1 = @inline_script
+|  2 = @event_handler
+|  3 = @javascript_url
+|  4 = @template_toplevel;
+
+is_module (int tl: @toplevel ref);
+is_nodejs (int tl: @toplevel ref);
+is_es2015_module (int tl: @toplevel ref);
+is_closure_module (int tl: @toplevel ref);
+
+@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag;
+toplevel_parent_xml_node(
+  unique int toplevel: @toplevel ref,
+  int xmlnode: @xml_node_with_code ref);
+
+xml_element_parent_expression(
+  unique int xmlnode: @xmlelement ref,
+  int expression: @expr ref,
+  int index: int ref);
+
+// statements
+#keyset[parent, idx]
+stmts (unique int id: @stmt,
+       int kind: int ref,
+       int parent: @stmt_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+stmt_containers (unique int stmt: @stmt ref,
+       int container: @stmt_container ref);
+
+jump_targets (unique int jump: @stmt ref,
+       int target: @stmt ref);
+
+@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer;
+@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration;
+
+case @stmt.kind of
+   0 = @empty_stmt
+|  1 = @block_stmt
+|  2 = @expr_stmt
+|  3 = @if_stmt
+|  4 = @labeled_stmt
+|  5 = @break_stmt
+|  6 = @continue_stmt
+|  7 = @with_stmt
+|  8 = @switch_stmt
+|  9 = @return_stmt
+| 10 = @throw_stmt
+| 11 = @try_stmt
+| 12 = @while_stmt
+| 13 = @do_while_stmt
+| 14 = @for_stmt
+| 15 = @for_in_stmt
+| 16 = @debugger_stmt
+| 17 = @function_decl_stmt
+| 18 = @var_decl_stmt
+| 19 = @case
+| 20 = @catch_clause
+| 21 = @for_of_stmt
+| 22 = @const_decl_stmt
+| 23 = @let_stmt
+| 24 = @legacy_let_stmt
+| 25 = @for_each_stmt
+| 26 = @class_decl_stmt
+| 27 = @import_declaration
+| 28 = @export_all_declaration
+| 29 = @export_default_declaration
+| 30 = @export_named_declaration
+| 31 = @namespace_declaration
+| 32 = @import_equals_declaration
+| 33 = @export_assign_declaration
+| 34 = @interface_declaration
+| 35 = @type_alias_declaration
+| 36 = @enum_declaration
+| 37 = @external_module_declaration
+| 38 = @export_as_namespace_declaration
+| 39 = @global_augmentation_declaration
+;
+
+@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt;
+
+@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration;
+
+@namespace_definition = @namespace_declaration | @enum_declaration;
+@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member;
+
+is_instantiated(unique int decl: @namespace_declaration ref);
+
+@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field;
+has_declare_keyword(unique int stmt: @declarable_node ref);
+
+is_for_await_of(unique int forof: @for_of_stmt ref);
+
+// expressions
+#keyset[parent, idx]
+exprs (unique int id: @expr,
+       int kind: int ref,
+       int parent: @expr_parent ref,
+       int idx: int ref,
+       varchar(900) tostring: string ref);
+
+literals (varchar(900) value: string ref,
+       varchar(900) raw: string ref,
+       unique int expr: @expr_or_type ref);
+
+enclosing_stmt (unique int expr: @expr_or_type ref,
+       int stmt: @stmt ref);
+
+expr_containers (unique int expr: @expr_or_type ref,
+       int container: @stmt_container ref);
+
+array_size (unique int ae: @arraylike ref,
+       int sz: int ref);
+
+is_delegating (int yield: @yield_expr ref);
+
+@expr_or_stmt = @expr | @stmt;
+@expr_or_type = @expr | @typeexpr;
+@expr_parent = @expr_or_stmt | @property | @function_typeexpr;
+@arraylike = @array_expr | @array_pattern;
+@type_annotation = @typeexpr | @jsdoc_type_expr;
+@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel;
+
+case @expr.kind of
+   0 = @label
+|  1 = @null_literal
+|  2 = @boolean_literal
+|  3 = @number_literal
+|  4 = @string_literal
+|  5 = @regexp_literal
+|  6 = @this_expr
+|  7 = @array_expr
+|  8 = @obj_expr
+|  9 = @function_expr
+| 10 = @seq_expr
+| 11 = @conditional_expr
+| 12 = @new_expr
+| 13 = @call_expr
+| 14 = @dot_expr
+| 15 = @index_expr
+| 16 = @neg_expr
+| 17 = @plus_expr
+| 18 = @log_not_expr
+| 19 = @bit_not_expr
+| 20 = @typeof_expr
+| 21 = @void_expr
+| 22 = @delete_expr
+| 23 = @eq_expr
+| 24 = @neq_expr
+| 25 = @eqq_expr
+| 26 = @neqq_expr
+| 27 = @lt_expr
+| 28 = @le_expr
+| 29 = @gt_expr
+| 30 = @ge_expr
+| 31 = @lshift_expr
+| 32 = @rshift_expr
+| 33 = @urshift_expr
+| 34 = @add_expr
+| 35 = @sub_expr
+| 36 = @mul_expr
+| 37 = @div_expr
+| 38 = @mod_expr
+| 39 = @bitor_expr
+| 40 = @xor_expr
+| 41 = @bitand_expr
+| 42 = @in_expr
+| 43 = @instanceof_expr
+| 44 = @logand_expr
+| 45 = @logor_expr
+| 47 = @assign_expr
+| 48 = @assign_add_expr
+| 49 = @assign_sub_expr
+| 50 = @assign_mul_expr
+| 51 = @assign_div_expr
+| 52 = @assign_mod_expr
+| 53 = @assign_lshift_expr
+| 54 = @assign_rshift_expr
+| 55 = @assign_urshift_expr
+| 56 = @assign_or_expr
+| 57 = @assign_xor_expr
+| 58 = @assign_and_expr
+| 59 = @preinc_expr
+| 60 = @postinc_expr
+| 61 = @predec_expr
+| 62 = @postdec_expr
+| 63 = @par_expr
+| 64 = @var_declarator
+| 65 = @arrow_function_expr
+| 66 = @spread_element
+| 67 = @array_pattern
+| 68 = @object_pattern
+| 69 = @yield_expr
+| 70 = @tagged_template_expr
+| 71 = @template_literal
+| 72 = @template_element
+| 73 = @array_comprehension_expr
+| 74 = @generator_expr
+| 75 = @for_in_comprehension_block
+| 76 = @for_of_comprehension_block
+| 77 = @legacy_letexpr
+| 78 = @var_decl
+| 79 = @proper_varaccess
+| 80 = @class_expr
+| 81 = @super_expr
+| 82 = @newtarget_expr
+| 83 = @named_import_specifier
+| 84 = @import_default_specifier
+| 85 = @import_namespace_specifier
+| 86 = @named_export_specifier
+| 87 = @exp_expr
+| 88 = @assign_exp_expr
+| 89 = @jsx_element
+| 90 = @jsx_qualified_name
+| 91 = @jsx_empty_expr
+| 92 = @await_expr
+| 93 = @function_sent_expr
+| 94 = @decorator
+| 95 = @export_default_specifier
+| 96 = @export_namespace_specifier
+| 97 = @bind_expr
+| 98 = @external_module_reference
+| 99 = @dynamic_import
+| 100 = @expression_with_type_arguments
+| 101 = @prefix_type_assertion
+| 102 = @as_type_assertion
+| 103 = @export_varaccess
+| 104 = @decorator_list
+| 105 = @non_null_assertion
+| 106 = @bigint_literal
+| 107 = @nullishcoalescing_expr
+| 108 = @e4x_xml_anyname
+| 109 = @e4x_xml_static_attribute_selector
+| 110 = @e4x_xml_dynamic_attribute_selector
+| 111 = @e4x_xml_filter_expression
+| 112 = @e4x_xml_static_qualident
+| 113 = @e4x_xml_dynamic_qualident
+| 114 = @e4x_xml_dotdotexpr
+| 115 = @import_meta_expr
+| 116 = @assignlogandexpr
+| 117 = @assignlogorexpr
+| 118 = @assignnullishcoalescingexpr
+| 119 = @template_pipe_ref
+| 120 = @generated_code_expr
+| 121 = @satisfies_expr
+;
+
+@varaccess = @proper_varaccess | @export_varaccess;
+@varref = @var_decl | @varaccess;
+
+@identifier = @label | @varref | @type_identifier;
+
+@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal;
+
+@propaccess = @dot_expr | @index_expr;
+
+@invokeexpr = @new_expr | @call_expr;
+
+@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element;
+
+@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr;
+
+@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr;
+
+@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr;
+
+@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr;
+
+@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr;
+
+@pattern = @varref | @array_pattern | @object_pattern;
+
+@comprehension_expr = @array_comprehension_expr | @generator_expr;
+
+@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block;
+
+@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier;
+
+@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier;
+
+@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier;
+
+@type_assertion = @as_type_assertion | @prefix_type_assertion;
+
+@class_definition = @class_decl_stmt | @class_expr;
+@interface_definition = @interface_declaration | @interface_typeexpr;
+@class_or_interface = @class_definition | @interface_definition;
+
+@lexical_decl = @var_decl | @type_decl;
+@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access;
+@lexical_ref = @lexical_decl | @lexical_access;
+
+@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector;
+@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident;
+
+expr_contains_template_tag_location(
+  int expr: @expr ref,
+  int location: @location ref
+);
+
+@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file;
+
+template_placeholder_tag_info(
+  unique int node: @template_placeholder_tag,
+  int parentNode: @template_placeholder_tag_parent ref,
+  varchar(900) raw: string ref
+);
+
+// scopes
+scopes (unique int id: @scope,
+        int kind: int ref);
+
+case @scope.kind of
+   0 = @global_scope
+|  1 = @function_scope
+|  2 = @catch_scope
+|  3 = @module_scope
+|  4 = @block_scope
+|  5 = @for_scope
+|  6 = @for_in_scope // for-of scopes work the same as for-in scopes
+|  7 = @comprehension_block_scope
+|  8 = @class_expr_scope
+|  9 = @namespace_scope
+| 10 = @class_decl_scope
+| 11 = @interface_scope
+| 12 = @type_alias_scope
+| 13 = @mapped_type_scope
+| 14 = @enum_scope
+| 15 = @external_module_scope
+| 16 = @conditional_type_scope;
+
+scopenodes (unique int node: @ast_node ref,
+            int scope: @scope ref);
+
+scopenesting (unique int inner: @scope ref,
+              int outer: @scope ref);
+
+// functions
+@function = @function_decl_stmt | @function_expr | @arrow_function_expr;
+
+@parameterized = @function | @catch_clause;
+@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr;
+
+is_generator (int fun: @function ref);
+has_rest_parameter (int fun: @function ref);
+is_async (int fun: @function ref);
+
+// variables and lexically scoped type names
+#keyset[scope, name]
+variables (unique int id: @variable,
+           varchar(900) name: string ref,
+           int scope: @scope ref);
+
+#keyset[scope, name]
+local_type_names (unique int id: @local_type_name,
+                  varchar(900) name: string ref,
+                  int scope: @scope ref);
+
+#keyset[scope, name]
+local_namespace_names (unique int id: @local_namespace_name,
+                       varchar(900) name: string ref,
+                       int scope: @scope ref);
+
+is_arguments_object (int id: @variable ref);
+
+@lexical_name = @variable | @local_type_name | @local_namespace_name;
+
+@bind_id = @varaccess | @local_var_type_access;
+bind (unique int id: @bind_id ref,
+      int decl: @variable ref);
+
+decl (unique int id: @var_decl ref,
+      int decl: @variable ref);
+
+@typebind_id = @local_type_access | @export_varaccess;
+typebind (unique int id: @typebind_id ref,
+          int decl: @local_type_name ref);
+
+@typedecl_id = @type_decl | @var_decl;
+typedecl (unique int id: @typedecl_id ref,
+          int decl: @local_type_name ref);
+
+namespacedecl (unique int id: @var_decl ref,
+               int decl: @local_namespace_name ref);
+
+@namespacebind_id = @local_namespace_access | @export_varaccess;
+namespacebind (unique int id: @namespacebind_id ref,
+               int decl: @local_namespace_name ref);
+
+
+// properties in object literals, property patterns in object patterns, and method declarations in classes
+#keyset[parent, index]
+properties (unique int id: @property,
+            int parent: @property_parent ref,
+            int index: int ref,
+            int kind: int ref,
+            varchar(900) tostring: string ref);
+
+case @property.kind of
+  0 = @value_property
+| 1 = @property_getter
+| 2 = @property_setter
+| 3 = @jsx_attribute
+| 4 = @function_call_signature
+| 5 = @constructor_call_signature
+| 6 = @index_signature
+| 7 = @enum_member
+| 8 = @proper_field
+| 9 = @parameter_field
+| 10 = @static_initializer
+;
+
+@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration;
+@property_accessor = @property_getter | @property_setter;
+@call_signature = @function_call_signature | @constructor_call_signature;
+@field = @proper_field | @parameter_field;
+@field_or_vardeclarator = @field | @var_declarator;
+
+is_computed (int id: @property ref);
+is_method   (int id: @property ref);
+is_static   (int id: @property ref);
+is_abstract_member (int id: @property ref);
+is_const_enum (int id: @enum_declaration ref);
+is_abstract_class (int id: @class_decl_stmt ref);
+
+has_public_keyword (int id: @property ref);
+has_private_keyword (int id: @property ref);
+has_protected_keyword (int id: @property ref);
+has_readonly_keyword (int id: @property ref);
+has_type_keyword (int id: @type_keyword_operand ref);
+is_optional_member (int id: @property ref);
+has_definite_assignment_assertion (int id: @field_or_vardeclarator ref);
+is_optional_parameter_declaration (unique int parameter: @pattern ref);
+
+#keyset[constructor, param_index]
+parameter_fields(
+  unique int field: @parameter_field ref,
+  int constructor: @function_expr ref,
+  int param_index: int ref
+);
+
+// types
+#keyset[parent, idx]
+typeexprs (
+  unique int id: @typeexpr,
+  int kind: int ref,
+  int parent: @typeexpr_parent ref,
+  int idx: int ref,
+  varchar(900) tostring: string ref
+);
+
+case @typeexpr.kind of
+  0 = @local_type_access
+| 1 = @type_decl
+| 2 = @keyword_typeexpr
+| 3 = @string_literal_typeexpr
+| 4 = @number_literal_typeexpr
+| 5 = @boolean_literal_typeexpr
+| 6 = @array_typeexpr
+| 7 = @union_typeexpr
+| 8 = @indexed_access_typeexpr
+| 9 = @intersection_typeexpr
+| 10 = @parenthesized_typeexpr
+| 11 = @tuple_typeexpr
+| 12 = @keyof_typeexpr
+| 13 = @qualified_type_access
+| 14 = @generic_typeexpr
+| 15 = @type_label
+| 16 = @typeof_typeexpr
+| 17 = @local_var_type_access
+| 18 = @qualified_var_type_access
+| 19 = @this_var_type_access
+| 20 = @predicate_typeexpr
+| 21 = @interface_typeexpr
+| 22 = @type_parameter
+| 23 = @plain_function_typeexpr
+| 24 = @constructor_typeexpr
+| 25 = @local_namespace_access
+| 26 = @qualified_namespace_access
+| 27 = @mapped_typeexpr
+| 28 = @conditional_typeexpr
+| 29 = @infer_typeexpr
+| 30 = @import_type_access
+| 31 = @import_namespace_access
+| 32 = @import_var_type_access
+| 33 = @optional_typeexpr
+| 34 = @rest_typeexpr
+| 35 = @bigint_literal_typeexpr
+| 36 = @readonly_typeexpr
+| 37 = @template_literal_typeexpr
+;
+
+@typeref = @typeaccess | @type_decl;
+@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access;
+@typeexpr_parent = @expr | @stmt | @property | @typeexpr;
+@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr;
+@typeaccess = @local_type_access | @qualified_type_access | @import_type_access;
+@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access;
+@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access;
+@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access;
+
+@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr;
+
+// types
+types (
+  unique int id: @type,
+  int kind: int ref,
+  varchar(900) tostring: string ref
+);
+
+#keyset[parent, idx]
+type_child (
+  int child: @type ref,
+  int parent: @type ref,
+  int idx: int ref
+);
+
+case @type.kind of
+  0 = @any_type
+| 1 = @string_type
+| 2 = @number_type
+| 3 = @union_type
+| 4 = @true_type
+| 5 = @false_type
+| 6 = @type_reference
+| 7 = @object_type
+| 8 = @canonical_type_variable_type
+| 9 = @typeof_type
+| 10 = @void_type
+| 11 = @undefined_type
+| 12 = @null_type
+| 13 = @never_type
+| 14 = @plain_symbol_type
+| 15 = @unique_symbol_type
+| 16 = @objectkeyword_type
+| 17 = @intersection_type
+| 18 = @tuple_type
+| 19 = @lexical_type_variable_type
+| 20 = @this_type
+| 21 = @number_literal_type
+| 22 = @string_literal_type
+| 23 = @unknown_type
+| 24 = @bigint_type
+| 25 = @bigint_literal_type
+;
+
+@boolean_literal_type = @true_type | @false_type;
+@symbol_type = @plain_symbol_type | @unique_symbol_type;
+@union_or_intersection_type = @union_type | @intersection_type;
+@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type;
+
+has_asserts_keyword(int node: @predicate_typeexpr ref);
+
+@typed_ast_node = @expr | @typeexpr | @function;
+ast_node_type(
+  unique int node: @typed_ast_node ref,
+  int typ: @type ref);
+
+declared_function_signature(
+  unique int node: @function ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_signature(
+  unique int node: @invokeexpr ref,
+  int sig: @signature_type ref
+);
+
+invoke_expr_overload_index(
+  unique int node: @invokeexpr ref,
+  int index: int ref
+);
+
+symbols (
+  unique int id: @symbol,
+  int kind: int ref,
+  varchar(900) name: string ref
+);
+
+symbol_parent (
+  unique int symbol: @symbol ref,
+  int parent: @symbol ref
+);
+
+symbol_module (
+  int symbol: @symbol ref,
+  varchar(900) moduleName: string ref
+);
+
+symbol_global (
+  int symbol: @symbol ref,
+  varchar(900) globalName: string ref
+);
+
+case @symbol.kind of
+  0 = @root_symbol
+| 1 = @member_symbol
+| 2 = @other_symbol
+;
+
+@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type;
+@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration;
+
+ast_node_symbol(
+  unique int node: @ast_node_with_symbol ref,
+  int symbol: @symbol ref);
+
+type_symbol(
+  unique int typ: @type_with_symbol ref,
+  int symbol: @symbol ref);
+
+#keyset[typ, name]
+type_property(
+  int typ: @type ref,
+  varchar(900) name: string ref,
+  int propertyType: @type ref);
+
+type_alias(
+  unique int aliasType: @type ref,
+  int underlyingType: @type ref);
+
+@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type;
+@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type;
+type_literal_value(
+  unique int typ: @type_with_literal_value ref,
+  varchar(900) value: string ref);
+
+signature_types (
+  unique int id: @signature_type,
+  int kind: int ref,
+  varchar(900) tostring: string ref,
+  int type_parameters: int ref,
+  int required_params: int ref
+);
+
+is_abstract_signature(
+  unique int sig: @signature_type ref
+);
+
+signature_rest_parameter(
+  unique int sig: @signature_type ref,
+  int rest_param_arra_type: @type ref
+);
+
+case @signature_type.kind of
+  0 = @function_signature_type
+| 1 = @constructor_signature_type
+;
+
+#keyset[typ, kind, index]
+type_contains_signature (
+  int typ: @type ref,
+  int kind: int ref,  // constructor/call/index
+  int index: int ref, // ordering of overloaded signatures
+  int sig: @signature_type ref
+);
+
+#keyset[parent, index]
+signature_contains_type (
+  int child: @type ref,
+  int parent: @signature_type ref,
+  int index: int ref
+);
+
+#keyset[sig, index]
+signature_parameter_name (
+  int sig: @signature_type ref,
+  int index: int ref,
+  varchar(900) name: string ref
+);
+
+number_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+string_index_type (
+  unique int baseType: @type ref,
+  int propertyType: @type ref
+);
+
+base_type_names(
+  int typeName: @symbol ref,
+  int baseTypeName: @symbol ref
+);
+
+self_types(
+  int typeName: @symbol ref,
+  int selfType: @type_reference ref
+);
+
+tuple_type_min_length(
+  unique int typ: @type ref,
+  int minLength: int ref
+);
+
+tuple_type_rest_index(
+  unique int typ: @type ref,
+  int index: int ref
+);
+
+// comments
+comments (unique int id: @comment,
+          int kind: int ref,
+          int toplevel: @toplevel ref,
+          varchar(900) text: string ref,
+          varchar(900) tostring: string ref);
+
+case @comment.kind of
+  0 = @slashslash_comment
+| 1 = @slashstar_comment
+| 2 = @doc_comment
+| 3 = @html_comment_start
+| 4 = @htmlcommentend;
+
+@html_comment = @html_comment_start | @htmlcommentend;
+@line_comment = @slashslash_comment | @html_comment;
+@block_comment = @slashstar_comment | @doc_comment;
+
+// source lines
+lines (unique int id: @line,
+       int toplevel: @toplevel ref,
+       varchar(900) text: string ref,
+       varchar(2) terminator: string ref);
+indentation (int file: @file ref,
+            int lineno: int ref,
+            varchar(1) indentChar: string ref,
+            int indentDepth: int ref);
+
+// JavaScript parse errors
+js_parse_errors (unique int id: @js_parse_error,
+        int toplevel: @toplevel ref,
+        varchar(900) message: string ref,
+        varchar(900) line: string ref);
+
+// regular expressions
+#keyset[parent, idx]
+regexpterm (unique int id: @regexpterm,
+        int kind: int ref,
+        int parent: @regexpparent ref,
+        int idx: int ref,
+        varchar(900) tostring: string ref);
+
+@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr;
+
+case @regexpterm.kind of
+   0 = @regexp_alt
+|  1 = @regexp_seq
+|  2 = @regexp_caret
+|  3 = @regexp_dollar
+|  4 = @regexp_wordboundary
+|  5 = @regexp_nonwordboundary
+|  6 = @regexp_positive_lookahead
+|  7 = @regexp_negative_lookahead
+|  8 = @regexp_star
+|  9 = @regexp_plus
+| 10 = @regexp_opt
+| 11 = @regexp_range
+| 12 = @regexp_dot
+| 13 = @regexp_group
+| 14 = @regexp_normal_constant
+| 15 = @regexp_hex_escape
+| 16 = @regexp_unicode_escape
+| 17 = @regexp_dec_escape
+| 18 = @regexp_oct_escape
+| 19 = @regexp_ctrl_escape
+| 20 = @regexp_char_class_escape
+| 21 = @regexp_id_escape
+| 22 = @regexp_backref
+| 23 = @regexp_char_class
+| 24 = @regexp_char_range
+| 25 = @regexp_positive_lookbehind
+| 26 = @regexp_negative_lookbehind
+| 27 = @regexp_unicode_property_escape;
+
+regexp_parse_errors (unique int id: @regexp_parse_error,
+    int regexp: @regexpterm ref,
+    varchar(900) message: string ref);
+
+@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range;
+@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape;
+@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape;
+@regexp_constant = @regexp_normal_constant | @regexp_char_escape;
+@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead;
+@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind;
+@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind;
+@regexp_anchor = @regexp_dollar | @regexp_caret;
+
+is_greedy (int id: @regexp_quantifier ref);
+range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref);
+range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref);
+is_capture (unique int id: @regexp_group ref, int number: int ref);
+is_named_capture (unique int id: @regexp_group ref, string name: string ref);
+is_inverted (int id: @regexp_char_class ref);
+regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref);
+char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref);
+backref (unique int id: @regexp_backref ref, int value: int ref);
+named_backref (unique int id: @regexp_backref ref, string name: string ref);
+unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref);
+unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref);
+
+// tokens
+#keyset[toplevel, idx]
+tokeninfo (unique int id: @token,
+    int kind: int ref,
+    int toplevel: @toplevel ref,
+    int idx: int ref,
+    varchar(900) value: string ref);
+
+case @token.kind of
+  0 = @token_eof
+| 1 = @token_null_literal
+| 2 = @token_boolean_literal
+| 3 = @token_numeric_literal
+| 4 = @token_string_literal
+| 5 = @token_regular_expression
+| 6 = @token_identifier
+| 7 = @token_keyword
+| 8 = @token_punctuator;
+
+// associate comments with the token immediately following them (which may be EOF)
+next_token (int comment: @comment ref, int token: @token ref);
+
+// JSON
+#keyset[parent, idx]
+json (unique int id: @json_value,
+      int kind: int ref,
+      int parent: @json_parent ref,
+      int idx: int ref,
+      varchar(900) tostring: string ref);
+
+json_literals (varchar(900) value: string ref,
+      varchar(900) raw: string ref,
+      unique int expr: @json_value ref);
+
+json_properties (int obj: @json_object ref,
+      varchar(900) property: string ref,
+      int value: @json_value ref);
+
+json_errors (unique int id: @json_parse_error,
+      varchar(900) message: string ref);
+
+json_locations(unique int locatable: @json_locatable ref,
+      int location: @location_default ref);
+
+case @json_value.kind of
+  0 = @json_null
+| 1 = @json_boolean
+| 2 = @json_number
+| 3 = @json_string
+| 4 = @json_array
+| 5 = @json_object;
+
+@json_parent = @json_object | @json_array | @file;
+
+@json_locatable = @json_value | @json_parse_error;
+
+// locations
+@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr;
+
+@locatable = @file
+    | @ast_node
+    | @comment
+    | @line
+    | @js_parse_error | @regexp_parse_error
+    | @regexpterm
+    | @json_locatable
+    | @token
+    | @cfg_node
+    | @jsdoc | @jsdoc_type_expr | @jsdoc_tag
+    | @yaml_locatable
+    | @xmllocatable
+    | @configLocatable
+    | @template_placeholder_tag;
+
+hasLocation (unique int locatable: @locatable ref,
+    int location: @location ref);
+
+// CFG
+entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref);
+exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref);
+guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref);
+case @guard_node.kind of
+  0 = @falsy_guard
+| 1 = @truthy_guard;
+@condition_guard = @falsy_guard | @truthy_guard;
+
+@synthetic_cfg_node = @entry_node | @exit_node | @guard_node;
+@cfg_node = @synthetic_cfg_node | @expr_parent;
+
+successor (int pred: @cfg_node ref, int succ: @cfg_node ref);
+
+// JSDoc comments
+jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref);
+#keyset[parent, idx]
+jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref,
+            int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref);
+jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref);
+
+#keyset[parent, idx]
+jsdoc_type_exprs (unique int id: @jsdoc_type_expr,
+                  int kind: int ref,
+                  int parent: @jsdoc_type_expr_parent ref,
+                  int idx: int ref,
+                  varchar(900) tostring: string ref);
+case @jsdoc_type_expr.kind of
+    0 = @jsdoc_any_type_expr
+|   1 = @jsdoc_null_type_expr
+|   2 = @jsdoc_undefined_type_expr
+|   3 = @jsdoc_unknown_type_expr
+|   4 = @jsdoc_void_type_expr
+|   5 = @jsdoc_named_type_expr
+|   6 = @jsdoc_applied_type_expr
+|   7 = @jsdoc_nullable_type_expr
+|   8 = @jsdoc_non_nullable_type_expr
+|   9 = @jsdoc_record_type_expr
+|  10 = @jsdoc_array_type_expr
+|  11 = @jsdoc_union_type_expr
+|  12 = @jsdoc_function_type_expr
+|  13 = @jsdoc_optional_type_expr
+|  14 = @jsdoc_rest_type_expr
+;
+
+#keyset[id, idx]
+jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref);
+jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref);
+jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref);
+
+@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag;
+
+jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref);
+
+// YAML
+#keyset[parent, idx]
+yaml (unique int id: @yaml_node,
+      int kind: int ref,
+      int parent: @yaml_node_parent ref,
+      int idx: int ref,
+      varchar(900) tag: string ref,
+      varchar(900) tostring: string ref);
+
+case @yaml_node.kind of
+  0 = @yaml_scalar_node
+| 1 = @yaml_mapping_node
+| 2 = @yaml_sequence_node
+| 3 = @yaml_alias_node
+;
+
+@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node;
+
+@yaml_node_parent = @yaml_collection_node | @file;
+
+yaml_anchors (unique int node: @yaml_node ref,
+              varchar(900) anchor: string ref);
+
+yaml_aliases (unique int alias: @yaml_alias_node ref,
+              varchar(900) target: string ref);
+
+yaml_scalars (unique int scalar: @yaml_scalar_node ref,
+              int style: int ref,
+              varchar(900) value: string ref);
+
+yaml_errors (unique int id: @yaml_error,
+             varchar(900) message: string ref);
+
+yaml_locations(unique int locatable: @yaml_locatable ref,
+             int location: @location_default ref);
+
+@yaml_locatable = @yaml_node | @yaml_error;
+
+/* XML Files */
+
+xmlEncoding(
+  unique int id: @file ref,
+  varchar(900) encoding: string ref
+);
+
+xmlDTDs(
+  unique int id: @xmldtd,
+  varchar(900) root: string ref,
+  varchar(900) publicId: string ref,
+  varchar(900) systemId: string ref,
+  int fileid: @file ref
+);
+
+xmlElements(
+  unique int id: @xmlelement,
+  varchar(900) name: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlAttrs(
+  unique int id: @xmlattribute,
+  int elementid: @xmlelement ref,
+  varchar(900) name: string ref,
+  varchar(3600) value: string ref,
+  int idx: int ref,
+  int fileid: @file ref
+);
+
+xmlNs(
+  int id: @xmlnamespace,
+  varchar(900) prefixName: string ref,
+  varchar(900) URI: string ref,
+  int fileid: @file ref
+);
+
+xmlHasNs(
+  int elementId: @xmlnamespaceable ref,
+  int nsId: @xmlnamespace ref,
+  int fileid: @file ref
+);
+
+xmlComments(
+  unique int id: @xmlcomment,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int fileid: @file ref
+);
+
+xmlChars(
+  unique int id: @xmlcharacters,
+  varchar(3600) text: string ref,
+  int parentid: @xmlparent ref,
+  int idx: int ref,
+  int isCDATA: int ref,
+  int fileid: @file ref
+);
+
+@xmlparent = @file | @xmlelement;
+@xmlnamespaceable = @xmlelement | @xmlattribute;
+
+xmllocations(
+  int xmlElement: @xmllocatable ref,
+  int location: @location_default ref
+);
+
+@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
+
+@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property;
+
+@optionalchainable = @call_expr | @propaccess;
+
+isOptionalChaining(int id: @optionalchainable ref);
+
+/*
+ * configuration files with key value pairs
+ */
+
+configs(
+  unique int id: @config
+);
+
+configNames(
+  unique int id: @configName,
+  int config: @config ref,
+  string name: string ref
+);
+
+configValues(
+  unique int id: @configValue,
+  int config: @config ref,
+  string value: string ref
+);
+
+configLocations(
+  int locatable: @configLocatable ref,
+  int location: @location_default ref
+);
+
+@configLocatable = @config | @configName | @configValue;
+
+/**
+ * The time taken for the extraction of a file.
+ * This table contains non-deterministic content.
+ *
+ * The sum of the `time` column for each (`file`, `timerKind`) pair
+ * is the total time taken for extraction of `file`.  The `extractionPhase`
+ * column provides a granular view of the extraction time of the file.
+ */
+extraction_time(
+   int file : @file ref,
+   // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`.
+   int extractionPhase: int ref,
+   // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds
+   int timerKind: int ref,
+   float time: float ref
+)
+
+/**
+ * Non-timing related data for the extraction of a single file.
+ * This table contains non-deterministic content.
+ */
+extraction_data(
+   int file : @file ref,
+   // the absolute path to the cache file
+   varchar(900) cacheFile: string ref,
+   boolean fromCache: boolean ref,
+   int length: int ref
+)
diff --git a/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/upgrade.properties b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/upgrade.properties
new file mode 100644
index 00000000000..476d9aba57e
--- /dev/null
+++ b/javascript/ql/lib/upgrades/c0664d5721c90dd32a5b167efea24f9cc6f57cfb/upgrade.properties
@@ -0,0 +1,2 @@
+description: add support for TypeScript 4.9
+compatibility: backwards
diff --git a/javascript/ql/src/AlertSuppression.ql b/javascript/ql/src/AlertSuppression.ql
index 4366eb3ba7e..2a7ae3bdc50 100644
--- a/javascript/ql/src/AlertSuppression.ql
+++ b/javascript/ql/src/AlertSuppression.ql
@@ -52,9 +52,7 @@ class SuppressionComment extends Locatable {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @locatable {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @locatable instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -68,7 +66,7 @@ class SuppressionScope extends @locatable {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md
index bdd74c9a701..37e184e9490 100644
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* Added support for `@hapi/glue` and Hapi plugins to the `frameworks/Hapi.qll` library.
+
+### Bug Fixes
+
+* Fixed a bug that would cause the extractor to crash when an `import` type is used in
+  the `extends` clause of an `interface`.
+* Fixed an issue with multi-line strings in YAML files being associated with an invalid location,
+  causing alerts related to such strings to appear at the top of the YAML file.
+
 ## 0.4.3
 
 ### New Queries
diff --git a/javascript/ql/src/Declarations/UnusedProperty.ql b/javascript/ql/src/Declarations/UnusedProperty.ql
index 1a8f9ee291f..f5521cfe087 100644
--- a/javascript/ql/src/Declarations/UnusedProperty.ql
+++ b/javascript/ql/src/Declarations/UnusedProperty.ql
@@ -45,6 +45,11 @@ predicate flowsToTypeRestrictedExpression(LocalObject obj) {
       restricted = assertion.getExpression()
     )
     or
+    exists(SatisfiesExpr assertion |
+      type = assertion.getTypeAnnotation() and
+      restricted = assertion.getExpression()
+    )
+    or
     exists(BindingPattern v |
       type = v.getTypeAnnotation() and
       restricted = v.getAVariable().getAnAssignedExpr()
diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql
index 6b66f3812fe..befc556b033 100644
--- a/javascript/ql/src/Performance/PolynomialReDoS.ql
+++ b/javascript/ql/src/Performance/PolynomialReDoS.ql
@@ -15,7 +15,6 @@
 
 import javascript
 import semmle.javascript.security.regexp.PolynomialReDoSQuery
-import semmle.javascript.security.regexp.SuperlinearBackTracking
 import DataFlow::PathGraph
 
 from
diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql
index aacf1134fda..cf4f80c34ce 100644
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -15,8 +15,8 @@
  */
 
 import javascript
-import semmle.javascript.security.regexp.NfaUtils
-import semmle.javascript.security.regexp.ExponentialBackTracking
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>
 
 from RegExpTerm t, string pump, State s, string prefixMsg
 where hasReDoSResult(t, pump, s, prefixMsg)
diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
index 5e9bc406512..524be45c653 100644
--- a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
+++ b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -3,200 +3,5 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+deprecated import semmle.javascript.security.regexp.HostnameRegexp as Dep
+import Dep
diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 7046b14f09d..00000000000
--- a/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1 +0,0 @@
-import javascript
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
index 3ae844bf57f..2bf62b710a0 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegexp::incompleteHostnameRegExp/4;
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
index ca8b15eab29..8718bff5963 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
@@ -3,6 +3,7 @@
  */
 
 private import IncompleteUrlSubstringSanitizationSpecific
+private import codeql.regex.HostnameRegexp::Utils
 
 /**
  * A check on a string for whether it contains a given substring, possibly with restrictions on the location of the substring.
@@ -30,9 +31,7 @@ query predicate problems(
   mayHaveStringValue(substring, target) and
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
-    target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + RegExpPatterns::getACommonTld() +
-            "(:[0-9]+)?/?")
+    target.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + getACommonTld() + "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
     target.regexpMatch("(?i)https?://([a-z0-9-]+\\.)+([a-z]+)(:[0-9]+)?/?")
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
index 2d0e9e3d458..39cae5fdc28 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -3,3 +3,5 @@ import semmle.javascript.dataflow.InferredTypes
 
 /** Holds if `node` may evaluate to `value` */
 predicate mayHaveStringValue(DataFlow::Node node, string value) { node.mayHaveStringValue(value) }
+
+import codeql.regex.HostnameRegexp::Utils
diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
index cd71f5c6a49..abebc5943de 100644
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
@@ -11,214 +11,39 @@
  *       external/cwe/cwe-020
  */
 
-import javascript
-import HostnameRegexpShared
+private import javascript
+private import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
+private import codeql.regex.MissingRegExpAnchor as MissingRegExpAnchor
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeImpl
 
-/** Holds if `term` is one of the transitive left children of a regexp. */
-predicate isLeftArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getChild(0) and
-    isLeftArmTerm(parent)
-  )
-}
-
-/** Holds if `term` is one of the transitive right children of a regexp. */
-predicate isRightArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getLastChild() and
-    isRightArmTerm(parent)
-  )
-}
-
-/**
- * Holds if `term` is an anchor that is not the first or last node
- * in its tree.
- */
-predicate isInteriorAnchor(RegExpAnchor term) {
-  not isLeftArmTerm(term) and
-  not isRightArmTerm(term)
-}
-
-/**
- * Holds if `term` contains an anchor that is not the first or last node
- * in its tree, such as `(foo|bar$|baz)`.
- */
-predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
-
-/**
- * Holds if `term` starts with a word boundary or lookbehind assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsLeadingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getChild(0) |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookbehind
-  )
-}
-
-/**
- * Holds if `term` ends with a word boundary or lookahead assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsTrailingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getLastChild() |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookahead
-  )
-}
-
-/**
- * Holds if `term` is an empty sequence, usually arising from
- * literals with a trailing alternative such as `foo|`.
- */
-predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
-
-/**
- * Holds if `term` contains a letter constant.
- *
- * We use this as a heuristic to filter out uninteresting results.
- */
-predicate containsLetters(RegExpTerm term) {
-  term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
-}
-
-/**
- * Holds if `term` consists only of an anchor and a parenthesized term,
- * such as the left side of `^(foo|bar)|baz`.
- *
- * The precedence of the anchor is likely to be intentional in this case,
- * as the group wouldn't be needed otherwise.
- */
-predicate isAnchoredGroup(RegExpSequence term) {
-  term.getNumChild() = 2 and
-  term.getAChild() instanceof RegExpAnchor and
-  term.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
- * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
- */
-predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
-  isAnchoredGroup(alt.getAChild()) and
-  not alt.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `src` is a pattern for a collection of alternatives where
- * only the first or last alternative is anchored, indicating a
- * precedence mistake explained by `msg`.
- *
- * The canonical example of such a mistake is: `^a|b|c`, which is
- * parsed as `(^a)|(b)|(c)`.
- */
-predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
-  exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
-    root = src.getRegExpTerm() and
-    not containsInteriorAnchor(root) and
-    not isEmpty(root.getAChild()) and
-    not hasExplicitAnchorPrecedence(root) and
-    containsLetters(anchoredTerm) and
-    (
-      anchoredTerm = root.getChild(0) and
-      anchoredTerm.getChild(0) instanceof RegExpCaret and
-      not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
-      containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
-      direction = "beginning"
-      or
-      anchoredTerm = root.getLastChild() and
-      anchoredTerm.getLastChild() instanceof RegExpDollar and
-      not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
-      containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
-      direction = "end"
-    ) and
-    // is not used for replace
-    not exists(DataFlow::MethodCallNode replace |
-      replace.getMethodName() = "replace" and
-      src.getARegExpObject().flowsTo(replace.getArgument(0))
-    ) and
-    msg =
-      "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
-        "' is anchored at the " + direction +
-        ", but the other parts of this regular expression are not"
-  )
-}
-
-/**
- * Holds if `term` is a final term, that is, no term will match anything after this one.
- */
-predicate isFinalRegExpTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpSequence seq |
-    isFinalRegExpTerm(seq) and
-    term = seq.getLastChild()
-  )
-  or
-  exists(RegExpTerm parent |
-    isFinalRegExpTerm(parent) and
-    term = parent.getAChild() and
-    not parent instanceof RegExpSequence and
-    not parent instanceof RegExpQuantifier
-  )
-}
-
-/**
- * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
- */
-predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    tld.getChild(0) instanceof RegExpCaret and
-    msg =
-      "This hostname pattern may match any domain name, as it is missing a '$' or '/' at the end."
-  )
-}
-
-/**
- * Holds if `src` is an unanchored pattern for a URL, indicating a
- * mistake explained by `msg`.
- */
-predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
-    alwaysMatchesHostname(term) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld) and
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    not term.getAChild*() instanceof RegExpAnchor and
-    // that is not used for capture or replace
-    not exists(DataFlow::MethodCallNode mcn, string name | name = mcn.getMethodName() |
+private module Impl implements
+MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl> {
+  predicate isUsedAsReplace(RegExpPatternSource pattern) {
+    // is used for capture or replace
+    exists(DataFlow::MethodCallNode mcn, string name | name = mcn.getMethodName() |
       name = "exec" and
-      mcn = src.getARegExpObject().getAMethodCall() and
+      mcn = pattern.getARegExpObject().getAMethodCall() and
       exists(mcn.getAPropertyRead())
       or
       exists(DataFlow::Node arg |
         arg = mcn.getArgument(0) and
         (
-          src.getARegExpObject().flowsTo(arg) or
-          src.getAParse() = arg
+          pattern.getARegExpObject().flowsTo(arg) or
+          pattern.getAParse() = arg
         )
       |
         name = "replace"
         or
         name = "match" and exists(mcn.getAPropertyRead())
       )
-    ) and
-    msg =
-      "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
-  )
+    )
+  }
+
+  string getEndAnchorText() { result = "$" }
 }
 
+import MissingRegExpAnchor::Make<TreeImpl, HostnameRegexp::Impl, Impl>
+
 from DataFlow::Node nd, string msg
 where
   isUnanchoredHostnameRegExp(nd, msg)
@@ -226,4 +51,5 @@ where
   isSemiAnchoredHostnameRegExp(nd, msg)
   or
   hasMisleadingAnchorPrecedence(nd, msg)
+// isLineAnchoredHostnameRegExp is not used here, as it is not relevant to JS.
 select nd, msg
diff --git a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
index 77cf0044a34..582a8975c8f 100644
--- a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+++ b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
@@ -12,8 +12,9 @@
  *       external/cwe/cwe-020
  */
 
-import semmle.javascript.security.OverlyLargeRangeQuery
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>
 
-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where problem(range, reason)
 select range, "Suspicious character range that " + reason + "."
diff --git a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
index 1de903d6394..fc376566823 100644
--- a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+++ b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
@@ -16,7 +16,8 @@
  *       external/cwe/cwe-186
  */
 
-import semmle.javascript.security.BadTagFilterQuery
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView>
 
 from HtmlMatchingRegExp regexp, string msg
 where msg = min(string m | isBadRegexpFilter(regexp, m) | m order by m.length(), m) // there might be multiple, we arbitrarily pick the shortest one
diff --git a/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql b/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
index 18596f57488..d16f72d4172 100644
--- a/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+++ b/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
@@ -20,7 +20,8 @@ string toOtherCase(string s) {
   if s.regexpMatch(".*[a-z].*") then result = s.toUpperCase() else result = s.toLowerCase()
 }
 
-import semmle.javascript.security.regexp.NfaUtils as NfaUtils
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils
 
 /** Holds if `s` is a relevant regexp term were we want to compute a string that matches the term (for `getCaseSensitiveBypassExample`). */
 predicate isCand(NfaUtils::State s) {
@@ -92,7 +93,7 @@ string getAnEndpointExample(Routing::RouteSetup endpoint) {
   )
 }
 
-import semmle.javascript.security.regexp.RegexpMatching as RegexpMatching
+import codeql.regex.nfa.RegexpMatching::Make<TreeView> as RegexpMatching
 
 NfaUtils::RegExpRoot getARoot(DataFlow::RegExpCreationNode creator) {
   result.getRootTerm() = creator.getRoot()
diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp
index a019d65c02b..a3809eebfb4 100644
--- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp
+++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp
@@ -25,7 +25,7 @@
 <recommendation>
 	<p>
 
-		Use a middleware package such as <code>csurf</code> to protect against CSRF attacks.
+		Use a middleware package such as <code>lusca.csrf</code> to protect against CSRF attacks.
 
 	</p>
 </recommendation>
@@ -58,6 +58,6 @@
 
 <references>
 	<li>OWASP: <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)">Cross-Site Request Forgery (CSRF)</a></li>
-	<li>NPM: <a href="https://www.npmjs.com/package/csurf">csurf</a></li>
+	<li>NPM: <a href="https://www.npmjs.com/package/lusca">lusca</a></li>
 </references>
 </qhelp>
diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
index cd82bb21596..1d5148166d6 100644
--- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
@@ -57,7 +57,7 @@ predicate hasCookieMiddleware(Routing::Node route, Http::CookieMiddlewareInstanc
  */
 DataFlow::SourceNode csrfMiddlewareCreation() {
   exists(DataFlow::SourceNode callee | result = callee.getACall() |
-    callee = DataFlow::moduleImport("csurf")
+    callee = DataFlow::moduleImport(["csurf", "tiny-csrf"])
     or
     callee = DataFlow::moduleImport("lusca") and
     exists(result.(DataFlow::CallNode).getOptionArgument(0, "csrf"))
diff --git a/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareBad.js b/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareBad.js
index d6fb8443e64..12fa976cee3 100644
--- a/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareBad.js
+++ b/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareBad.js
@@ -1,11 +1,16 @@
-var app = require("express")(),
+const app = require("express")(),
   cookieParser = require("cookie-parser"),
-  passport = require("passport");
+  bodyParser = require("body-parser"),
+  session = require("express-session");
 
 app.use(cookieParser());
-app.use(passport.authorize({ session: true }));
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(session({ secret: process.env['SECRET'], cookie: { maxAge: 60000 } }));
+
+// ...
 
 app.post("/changeEmail", function(req, res) {
-  let newEmail = req.cookies["newEmail"];
-  // ...
+  const userId = req.session.id;
+  const email = req.body["email"];
+  // ... update email associated with userId
 });
diff --git a/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareGood.js b/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareGood.js
index 5a22b733834..19d1d4af90b 100644
--- a/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareGood.js
+++ b/javascript/ql/src/Security/CWE-352/examples/MissingCsrfMiddlewareGood.js
@@ -1,12 +1,18 @@
-var app = require("express")(),
+const app = require("express")(),
   cookieParser = require("cookie-parser"),
-  passport = require("passport"),
-  csrf = require("csurf");
+  bodyParser = require("body-parser"),
+  session = require("express-session"),
+  csrf = require('lusca').csrf;
 
 app.use(cookieParser());
-app.use(passport.authorize({ session: true }));
-app.use(csrf({ cookie: true }));
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(session({ secret: process.env['SECRET'], cookie: { maxAge: 60000 } }));
+app.use(csrf());
+
+// ...
+
 app.post("/changeEmail", function(req, res) {
-  let newEmail = req.cookies["newEmail"];
-  // ...
+  const userId = req.session.id;
+  const email = req.body["email"];
+  // ... update email associated with userId
 });
diff --git a/javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js b/javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js
index 1153627dfcc..6d6b55b99e1 100644
--- a/javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js
+++ b/javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js
@@ -1,8 +1,7 @@
 import http from 'http';
-import url from 'url';
 
-var server = http.createServer(function(req, res) {
-    var target = url.parse(req.url, true).query.target;
+const server = http.createServer(function(req, res) {
+    const target = new URL(req.url, "http://example.com").searchParams.get("target");
 
     // BAD: `target` is controlled by the attacker
     http.get('https://' + target + ".example.com/data/", res => {
diff --git a/javascript/ql/src/Security/CWE-918/examples/RequestForgeryGood.js b/javascript/ql/src/Security/CWE-918/examples/RequestForgeryGood.js
index d603ffedc2e..fd65fafeba0 100644
--- a/javascript/ql/src/Security/CWE-918/examples/RequestForgeryGood.js
+++ b/javascript/ql/src/Security/CWE-918/examples/RequestForgeryGood.js
@@ -1,10 +1,9 @@
 import http from 'http';
-import url from 'url';
 
-var server = http.createServer(function(req, res) {
-    var target = url.parse(req.url, true).query.target;
+const server = http.createServer(function(req, res) {
+    const target = new URL(req.url, "http://example.com").searchParams.get("target");
 
-    var subdomain;
+    let subdomain;
     if (target === 'EU') {
         subdomain = "europe"
     } else {
diff --git a/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md b/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md
deleted file mode 100644
index 68664780beb..00000000000
--- a/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-category: fix
----
-* Fixed an issue with multi-line strings in YAML files being associated with an invalid location,
-  causing alerts related to such strings to appear at the top of the YAML file.
diff --git a/javascript/ql/src/change-notes/released/0.4.4.md b/javascript/ql/src/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..90a5df9d9df
--- /dev/null
+++ b/javascript/ql/src/change-notes/released/0.4.4.md
@@ -0,0 +1,12 @@
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* Added support for `@hapi/glue` and Hapi plugins to the `frameworks/Hapi.qll` library.
+
+### Bug Fixes
+
+* Fixed a bug that would cause the extractor to crash when an `import` type is used in
+  the `extends` clause of an `interface`.
+* Fixed an issue with multi-line strings in YAML files being associated with an invalid location,
+  causing alerts related to such strings to appear at the top of the YAML file.
diff --git a/javascript/ql/src/change-notes/released/0.4.5.md b/javascript/ql/src/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/javascript/ql/src/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/javascript/ql/src/change-notes/released/0.4.6.md b/javascript/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/javascript/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
index 4d4471e9a55..2c3b5a59eee 100644
--- a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
+++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
@@ -6,7 +6,7 @@
  * @precision medium
  * @problem.severity error
  * @security-severity 5
- * @id py/predictable-token
+ * @id js/predictable-token
  * @tags security
  *       external/cwe/cwe-340
  */
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
index 0d9eb306ee9..e22b3c4b5f1 100644
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: 
   - javascript
   - queries
diff --git a/javascript/ql/test/ApiGraphs/typed/NodeOfType.expected b/javascript/ql/test/ApiGraphs/typed/NodeOfType.expected
index 0f237bfe6f2..da535a9c14c 100644
--- a/javascript/ql/test/ApiGraphs/typed/NodeOfType.expected
+++ b/javascript/ql/test/ApiGraphs/typed/NodeOfType.expected
@@ -24,7 +24,12 @@ getANodeOfType
 | puppeteer |  | index.ts:26:8:26:21 | * as puppeteer |
 | puppeteer | Browser | index.ts:30:22:30:33 | this.browser |
 getANodeOfTypeRaw
+| body-parser |  | index.ts:4:20:4:41 | require ... arser") |
+| express |  | index.ts:3:17:3:34 | require("express") |
+| mongodb |  | index.ts:1:8:1:19 | * as mongodb |
 | mongodb | Collection | index.ts:14:3:14:17 | getCollection() |
+| mongoose |  | index.ts:17:8:17:20 | * as mongoose |
 | mongoose | Model | index.ts:22:3:22:20 | getMongooseModel() |
 | mongoose | Query | index.ts:23:3:23:20 | getMongooseQuery() |
+| puppeteer |  | index.ts:26:8:26:21 | * as puppeteer |
 | puppeteer | Browser | index.ts:30:22:30:33 | this.browser |
diff --git a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql
index 4b7e798b226..5ea8c17fc28 100644
--- a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql
+++ b/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql
@@ -4,9 +4,9 @@
 
 import javascript
 import experimental.poi.PoI
-import semmle.javascript.security.dataflow.CommandInjection
-import semmle.javascript.security.dataflow.IndirectCommandInjection
-import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironment
+import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection
+import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection
+import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment
 
 class MyDataFlowConfigurationPoIs extends DataFlowConfigurationPoI, ActivePoI { }
 
diff --git a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql
index e21bc68f68c..784abb7e85b 100644
--- a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql
+++ b/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql
@@ -4,7 +4,7 @@
 
 import javascript
 import experimental.poi.PoI
-import semmle.javascript.security.dataflow.TaintedPath
+import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath
 
 class MyDataflowRelatedPoIs extends DataFlowConfigurationPoI, ActivePoI { }
 
diff --git a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql
index e18b2e96913..05b43a06cd1 100644
--- a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql
+++ b/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql
@@ -4,10 +4,10 @@
 
 import javascript
 import experimental.poi.PoI
-import semmle.javascript.security.dataflow.ReflectedXss
-import semmle.javascript.security.dataflow.StoredXss
-import semmle.javascript.security.dataflow.DomBasedXss
-import semmle.javascript.security.dataflow.ExceptionXss
+import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss
+import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss
+import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
+import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss
 
 class MyDataFlowConfigurationPoIs extends DataFlowConfigurationPoI, ActivePoI { }
 
diff --git a/javascript/ql/test/library-tests/DataExtensions/Test.expected b/javascript/ql/test/library-tests/DataExtensions/Test.expected
new file mode 100644
index 00000000000..ba7992e3143
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/Test.expected
@@ -0,0 +1,7 @@
+commandInjectionSinks
+| execa.example.js:2:7:2:9 | cmd |
+sqlInjectionSinks
+| connection.example.ts:4:20:4:20 | q |
+| connection.example.ts:9:18:9:18 | q |
+remoteFlowSources
+| message.example.js:1:46:1:50 | event |
diff --git a/javascript/ql/test/library-tests/DataExtensions/Test.ql b/javascript/ql/test/library-tests/DataExtensions/Test.ql
new file mode 100644
index 00000000000..38eda6b4f78
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/Test.ql
@@ -0,0 +1,11 @@
+import javascript
+private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
+private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
+
+query predicate commandInjectionSinks(DataFlow::Node node) {
+  node instanceof CommandInjection::Sink
+}
+
+query predicate sqlInjectionSinks(DataFlow::Node node) { node instanceof SqlInjection::Sink }
+
+query predicate remoteFlowSources(RemoteFlowSource node) { any() }
diff --git a/javascript/ql/test/library-tests/DataExtensions/connection.example.ts b/javascript/ql/test/library-tests/DataExtensions/connection.example.ts
new file mode 100644
index 00000000000..ddcacd47ecc
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/connection.example.ts
@@ -0,0 +1,9 @@
+import { Connection } from "@example/mysql";
+
+function submit(connection: Connection, q: string) {
+  connection.query(q); // <-- add 'q' as a SQL injection sink
+}
+
+import { getConnection } from "@example/db";
+let connection = getConnection();
+connection.query(q); // <-- add 'q' as a SQL injection sink
diff --git a/javascript/ql/test/library-tests/DataExtensions/connection.model.yml b/javascript/ql/test/library-tests/DataExtensions/connection.model.yml
new file mode 100644
index 00000000000..353decf08be
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/connection.model.yml
@@ -0,0 +1,20 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - [
+          "@example/mysql.Connection",
+          "Member[query].Argument[0]",
+          "sql-injection",
+        ]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - [
+          "@example/mysql.Connection",
+          "@example/db",
+          "Member[getConnection].ReturnValue",
+        ]
diff --git a/javascript/ql/test/library-tests/DataExtensions/execa.example.js b/javascript/ql/test/library-tests/DataExtensions/execa.example.js
new file mode 100644
index 00000000000..6804c1d3783
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/execa.example.js
@@ -0,0 +1,2 @@
+import { shell } from "@example/execa";
+shell(cmd);
diff --git a/javascript/ql/test/library-tests/DataExtensions/execa.model.yml b/javascript/ql/test/library-tests/DataExtensions/execa.model.yml
new file mode 100644
index 00000000000..2516e1a7be8
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/execa.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - [
+          "@example/execa",
+          "Member[shell].Argument[0]",
+          "command-line-injection",
+        ]
diff --git a/javascript/ql/test/library-tests/DataExtensions/message.example.js b/javascript/ql/test/library-tests/DataExtensions/message.example.js
new file mode 100644
index 00000000000..dec004c9982
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/message.example.js
@@ -0,0 +1,7 @@
+window.addEventListener("message", function (event) {
+    let data = event.data; // <-- add 'event.data' as a taint source
+});
+
+window.addEventListener("onclick", function (event) {
+    let data = event.data; // <-- 'event.data' should not be a taint source
+});
diff --git a/javascript/ql/test/library-tests/DataExtensions/message.model.yml b/javascript/ql/test/library-tests/DataExtensions/message.model.yml
new file mode 100644
index 00000000000..9c575566ce4
--- /dev/null
+++ b/javascript/ql/test/library-tests/DataExtensions/message.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - [
+          "global",
+          "Member[addEventListener].WithStringArgument[0=message].Argument[1].Parameter[0].Member[data]",
+          "remote-flow",
+        ]
diff --git a/javascript/ql/test/library-tests/DataFlow/tests.expected b/javascript/ql/test/library-tests/DataFlow/tests.expected
index 28b6ef3e94a..02bfbe09e2d 100644
--- a/javascript/ql/test/library-tests/DataFlow/tests.expected
+++ b/javascript/ql/test/library-tests/DataFlow/tests.expected
@@ -182,6 +182,12 @@ basicBlock
 | tst2.ts:13:39:13:38 | super | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
 | tst2.ts:13:39:13:38 | super(...args) | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
 | tst2.ts:13:39:13:38 | this | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
+| tst2.ts:15:5:15:7 | nd2 | tst2.ts:1:1:1:0 | entry node of <toplevel> |
+| tst2.ts:15:5:15:30 | nd2 = A ...  number | tst2.ts:1:1:1:0 | entry node of <toplevel> |
+| tst2.ts:15:11:15:11 | A | tst2.ts:1:1:1:0 | entry node of <toplevel> |
+| tst2.ts:15:11:15:13 | A.x | tst2.ts:1:1:1:0 | entry node of <toplevel> |
+| tst2.ts:15:11:15:30 | A.x satisfies number | tst2.ts:1:1:1:0 | entry node of <toplevel> |
+| tst2.ts:15:13:15:13 | x | tst2.ts:1:1:1:0 | entry node of <toplevel> |
 | tst.js:1:1:1:0 | this | tst.js:1:1:1:0 | entry node of <toplevel> |
 | tst.js:1:1:1:1 | x | tst.js:1:1:1:0 | entry node of <toplevel> |
 | tst.js:1:1:1:24 | import  ... m 'fs'; | tst.js:1:1:1:0 | entry node of <toplevel> |
@@ -674,6 +680,12 @@ enclosingExpr
 | tst2.ts:13:39:13:38 | constructor | tst2.ts:13:39:13:38 | constructor |
 | tst2.ts:13:39:13:38 | super | tst2.ts:13:39:13:38 | super |
 | tst2.ts:13:39:13:38 | super(...args) | tst2.ts:13:39:13:38 | super(...args) |
+| tst2.ts:15:5:15:7 | nd2 | tst2.ts:15:5:15:7 | nd2 |
+| tst2.ts:15:5:15:30 | nd2 = A ...  number | tst2.ts:15:5:15:30 | nd2 = A ...  number |
+| tst2.ts:15:11:15:11 | A | tst2.ts:15:11:15:11 | A |
+| tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:13 | A.x |
+| tst2.ts:15:11:15:30 | A.x satisfies number | tst2.ts:15:11:15:30 | A.x satisfies number |
+| tst2.ts:15:13:15:13 | x | tst2.ts:15:13:15:13 | x |
 | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs |
 | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs |
 | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs |
@@ -973,6 +985,7 @@ flowStep
 | tst2.ts:1:1:1:1 | A | tst2.ts:1:18:1:18 | A |
 | tst2.ts:1:8:5:1 | A | tst2.ts:1:18:1:18 | A |
 | tst2.ts:1:8:5:1 | A | tst2.ts:11:11:11:11 | A |
+| tst2.ts:1:8:5:1 | A | tst2.ts:15:11:15:11 | A |
 | tst2.ts:1:8:5:1 | namespa ... lysed\\n} | tst2.ts:1:8:5:1 | A |
 | tst2.ts:1:18:1:18 | A | tst2.ts:7:1:7:0 | A |
 | tst2.ts:2:14:2:19 | x | tst2.ts:4:3:4:3 | x |
@@ -985,6 +998,7 @@ flowStep
 | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List<string> |
 | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args |
 | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args |
+| tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number |
 | tst.js:1:1:1:1 | x | tst.js:3:5:3:5 | x |
 | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs |
 | tst.js:1:10:1:11 | fs | tst.js:7:1:7:2 | fs |
@@ -1159,6 +1173,7 @@ getImmediatePredecessor
 | sources.js:11:14:11:16 | key | sources.js:11:12:11:18 | key |
 | tst2.ts:1:1:1:1 | A | tst2.ts:1:18:1:18 | A |
 | tst2.ts:1:8:5:1 | A | tst2.ts:11:11:11:11 | A |
+| tst2.ts:1:8:5:1 | A | tst2.ts:15:11:15:11 | A |
 | tst2.ts:1:8:5:1 | namespa ... lysed\\n} | tst2.ts:1:8:5:1 | A |
 | tst2.ts:2:14:2:19 | x | tst2.ts:4:3:4:3 | x |
 | tst2.ts:2:18:2:19 | 42 | tst2.ts:2:14:2:19 | x |
@@ -1170,6 +1185,7 @@ getImmediatePredecessor
 | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List<string> |
 | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args |
 | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args |
+| tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number |
 | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs |
 | tst.js:1:10:1:11 | fs | tst.js:7:1:7:2 | fs |
 | tst.js:1:10:1:11 | fs | tst.js:22:24:22:25 | fs |
@@ -1340,6 +1356,7 @@ incomplete
 | tst2.ts:13:39:13:38 | exceptional return of super(...args) | call |
 | tst2.ts:13:39:13:38 | super | call |
 | tst2.ts:13:39:13:38 | super(...args) | call |
+| tst2.ts:15:11:15:13 | A.x | heap |
 | tst.js:1:10:1:11 | fs | import |
 | tst.js:16:1:20:9 | exceptional return of (functi ... ("arg") | call |
 | tst.js:16:2:20:1 | exceptional return of function f | call |
@@ -1504,6 +1521,7 @@ sources
 | tst2.ts:13:39:13:38 | return of default constructor of class StringList |
 | tst2.ts:13:39:13:38 | super(...args) |
 | tst2.ts:13:39:13:38 | this |
+| tst2.ts:15:11:15:13 | A.x |
 | tst.js:1:1:1:0 | this |
 | tst.js:1:1:1:24 | import  ... m 'fs'; |
 | tst.js:1:10:1:11 | fs |
diff --git a/javascript/ql/test/library-tests/DataFlow/tst2.ts b/javascript/ql/test/library-tests/DataFlow/tst2.ts
index 29c85cba933..d9a1668adfa 100644
--- a/javascript/ql/test/library-tests/DataFlow/tst2.ts
+++ b/javascript/ql/test/library-tests/DataFlow/tst2.ts
@@ -11,3 +11,5 @@ function setX() {
 var nd2 = A.x as number;                 // flow through type assertions
 
 class StringList extends List<string> {} // flow through expressions with type arguments
+
+var nd2 = A.x satisfies number;          // flow through satisfies expressions
diff --git a/javascript/ql/test/library-tests/TaintTracking/refinement-sanitizer.js b/javascript/ql/test/library-tests/TaintTracking/refinement-sanitizer.js
new file mode 100644
index 00000000000..df34cc9127d
--- /dev/null
+++ b/javascript/ql/test/library-tests/TaintTracking/refinement-sanitizer.js
@@ -0,0 +1,34 @@
+import * as dummy from 'dummy';
+
+function oneUse() {
+    let taint = source();
+
+    if (!isSafe(taint)) {
+        return;
+    }
+
+    let array = [];
+    if (taint) {
+        array.push(taint);
+    }
+
+    sink(array.join()); // OK
+}
+
+function secondUse() {
+    let taint = source();
+
+    if (!isSafe(taint)) {
+        return;
+    }
+
+    let array = [];
+    if (taint) {
+        array.push(taint);
+    }
+    if (taint) {
+        array.push(taint);
+    }
+
+    sink(array.join()); // OK
+}
diff --git a/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected b/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected
index 9c271410ecf..2d553ec5df3 100644
--- a/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected
+++ b/javascript/ql/test/library-tests/TypeScript/Types/printAst.expected
@@ -100,6 +100,9 @@ nodes
 | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
 | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
 | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
+| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
+| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
+| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
 | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
 | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
 | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
@@ -1424,8 +1427,105 @@ nodes
 | tst.ts:385:56:385:56 | [Literal] 0 | semmle.label | [Literal] 0 |
 | tst.ts:385:59:385:63 | [Literal] false | semmle.label | [Literal] false |
 | tst.ts:385:66:385:71 | [Literal] "bye!" | semmle.label | [Literal] "bye!" |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | semmle.label | [NamespaceDeclaration] module ... } } } |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | semmle.order | 85 |
+| tst.ts:390:8:390:11 | [VarDecl] TS49 | semmle.label | [VarDecl] TS49 |
+| tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; |
+| tst.ts:391:8:391:13 | [Identifier] Colors | semmle.label | [Identifier] Colors |
+| tst.ts:391:17:391:21 | [LiteralTypeExpr] "red" | semmle.label | [LiteralTypeExpr] "red" |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | semmle.label | [UnionTypeExpr] "red" \| ... "blue" |
+| tst.ts:391:25:391:31 | [LiteralTypeExpr] "green" | semmle.label | [LiteralTypeExpr] "green" |
+| tst.ts:391:35:391:40 | [LiteralTypeExpr] "blue" | semmle.label | [LiteralTypeExpr] "blue" |
+| tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; |
+| tst.ts:393:8:393:10 | [Identifier] RGB | semmle.label | [Identifier] RGB |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | semmle.label | [TupleTypeExpr] [red: n ... number] |
+| tst.ts:393:15:393:17 | [Identifier] red | semmle.label | [Identifier] red |
+| tst.ts:393:20:393:25 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
+| tst.ts:393:28:393:32 | [Identifier] green | semmle.label | [Identifier] green |
+| tst.ts:393:35:393:40 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
+| tst.ts:393:43:393:46 | [Identifier] blue | semmle.label | [Identifier] blue |
+| tst.ts:393:49:393:54 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
+| tst.ts:395:3:399:43 | [DeclStmt] const palette = ... | semmle.label | [DeclStmt] const palette = ... |
+| tst.ts:395:9:395:15 | [VarDecl] palette | semmle.label | [VarDecl] palette |
+| tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | semmle.label | [VariableDeclarator] palette ... \| RGB> |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | semmle.label | [ObjectExpr] {red: ...} |
+| tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | semmle.label | [SatisfiesExpr] { r ... \| RGB> |
+| tst.ts:396:5:396:7 | [Label] red | semmle.label | [Label] red |
+| tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | semmle.label | [Property] red: [255, 0, 0] |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | semmle.label | [ArrayExpr] [255, 0, 0] |
+| tst.ts:396:11:396:13 | [Literal] 255 | semmle.label | [Literal] 255 |
+| tst.ts:396:16:396:16 | [Literal] 0 | semmle.label | [Literal] 0 |
+| tst.ts:396:19:396:19 | [Literal] 0 | semmle.label | [Literal] 0 |
+| tst.ts:397:5:397:9 | [Label] green | semmle.label | [Label] green |
+| tst.ts:397:5:397:20 | [Property] green: "#00ff00" | semmle.label | [Property] green: "#00ff00" |
+| tst.ts:397:12:397:20 | [Literal] "#00ff00" | semmle.label | [Literal] "#00ff00" |
+| tst.ts:398:5:398:8 | [Label] bleu | semmle.label | [Label] bleu |
+| tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | semmle.label | [Property] bleu: [0, 0, 255] |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | semmle.label | [ArrayExpr] [0, 0, 255] |
+| tst.ts:398:12:398:12 | [Literal] 0 | semmle.label | [Literal] 0 |
+| tst.ts:398:15:398:15 | [Literal] 0 | semmle.label | [Literal] 0 |
+| tst.ts:398:18:398:20 | [Literal] 255 | semmle.label | [Literal] 255 |
+| tst.ts:399:15:399:20 | [LocalTypeAccess] Record | semmle.label | [LocalTypeAccess] Record |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | semmle.label | [GenericTypeExpr] Record< ... \| RGB> |
+| tst.ts:399:22:399:27 | [LocalTypeAccess] Colors | semmle.label | [LocalTypeAccess] Colors |
+| tst.ts:399:30:399:35 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
+| tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | semmle.label | [UnionTypeExpr] string \| RGB |
+| tst.ts:399:39:399:41 | [LocalTypeAccess] RGB | semmle.label | [LocalTypeAccess] RGB |
+| tst.ts:402:3:402:41 | [DeclStmt] const redComponent = ... | semmle.label | [DeclStmt] const redComponent = ... |
+| tst.ts:402:9:402:20 | [VarDecl] redComponent | semmle.label | [VarDecl] redComponent |
+| tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | semmle.label | [VariableDeclarator] redComp ... d.at(0) |
+| tst.ts:402:24:402:30 | [VarRef] palette | semmle.label | [VarRef] palette |
+| tst.ts:402:24:402:34 | [DotExpr] palette.red | semmle.label | [DotExpr] palette.red |
+| tst.ts:402:24:402:37 | [DotExpr] palette.red.at | semmle.label | [DotExpr] palette.red.at |
+| tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | semmle.label | [MethodCallExpr] palette.red.at(0) |
+| tst.ts:402:32:402:34 | [Label] red | semmle.label | [Label] red |
+| tst.ts:402:36:402:37 | [Label] at | semmle.label | [Label] at |
+| tst.ts:402:39:402:39 | [Literal] 0 | semmle.label | [Literal] 0 |
+| tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... er; } |
+| tst.ts:404:13:404:18 | [Identifier] RGBObj | semmle.label | [Identifier] RGBObj |
+| tst.ts:405:5:405:7 | [Label] red | semmle.label | [Label] red |
+| tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | semmle.label | [FieldDeclaration] red: number; |
+| tst.ts:405:10:405:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
+| tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... er; } |
+| tst.ts:408:13:408:18 | [Identifier] HSVObj | semmle.label | [Identifier] HSVObj |
+| tst.ts:409:5:409:7 | [Label] hue | semmle.label | [Label] hue |
+| tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | semmle.label | [FieldDeclaration] hue: number; |
+| tst.ts:409:10:409:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | semmle.label | [FunctionDeclStmt] functio ... } } |
+| tst.ts:412:12:412:19 | [VarDecl] setColor | semmle.label | [VarDecl] setColor |
+| tst.ts:412:21:412:25 | [SimpleParameter] color | semmle.label | [SimpleParameter] color |
+| tst.ts:412:28:412:33 | [LocalTypeAccess] RGBObj | semmle.label | [LocalTypeAccess] RGBObj |
+| tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | semmle.label | [UnionTypeExpr] RGBObj \| HSVObj |
+| tst.ts:412:37:412:42 | [LocalTypeAccess] HSVObj | semmle.label | [LocalTypeAccess] HSVObj |
+| tst.ts:412:45:416:3 | [BlockStmt] { i ... } } | semmle.label | [BlockStmt] { i ... } } |
+| tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | semmle.label | [IfStmt] if ("hu ... j } |
+| tst.ts:413:9:413:13 | [Literal] "hue" | semmle.label | [Literal] "hue" |
+| tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | semmle.label | [BinaryExpr] "hue" in color |
+| tst.ts:413:18:413:22 | [VarRef] color | semmle.label | [VarRef] color |
+| tst.ts:413:25:415:5 | [BlockStmt] { ... j } | semmle.label | [BlockStmt] { ... j } |
+| tst.ts:414:7:414:20 | [DeclStmt] let h = ... | semmle.label | [DeclStmt] let h = ... |
+| tst.ts:414:11:414:11 | [VarDecl] h | semmle.label | [VarDecl] h |
+| tst.ts:414:11:414:19 | [VariableDeclarator] h = color | semmle.label | [VariableDeclarator] h = color |
+| tst.ts:414:15:414:19 | [VarRef] color | semmle.label | [VarRef] color |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | semmle.label | [ClassDefinition,TypeDefinition] class P ... } } |
+| tst.ts:419:9:419:14 | [VarDecl] Person | semmle.label | [VarDecl] Person |
+| tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | semmle.label | [FieldDeclaration] accesso ... string; |
+| tst.ts:420:14:420:17 | [Label] name | semmle.label | [Label] name |
+| tst.ts:420:20:420:25 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
+| tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | semmle.label | [ClassInitializedMember,ConstructorDefinition] constru ... ; } |
+| tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | semmle.label | [FunctionExpr] constru ... ; } |
+| tst.ts:422:5:424:5 | [Label] constructor | semmle.label | [Label] constructor |
+| tst.ts:422:17:422:20 | [SimpleParameter] name | semmle.label | [SimpleParameter] name |
+| tst.ts:422:23:422:28 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
+| tst.ts:422:31:424:5 | [BlockStmt] { ... ; } | semmle.label | [BlockStmt] { ... ; } |
+| tst.ts:423:7:423:10 | [ThisExpr] this | semmle.label | [ThisExpr] this |
+| tst.ts:423:7:423:15 | [DotExpr] this.name | semmle.label | [DotExpr] this.name |
+| tst.ts:423:7:423:22 | [AssignExpr] this.name = name | semmle.label | [AssignExpr] this.name = name |
+| tst.ts:423:7:423:23 | [ExprStmt] this.name = name; | semmle.label | [ExprStmt] this.name = name; |
+| tst.ts:423:12:423:15 | [Label] name | semmle.label | [Label] name |
+| tst.ts:423:19:423:22 | [VarRef] name | semmle.label | [VarRef] name |
 | tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.label | [ExportDeclaration] export ... 'b'; } |
-| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 85 |
+| tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 86 |
 | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | [FunctionDeclStmt] functio ... 'b'; } |
 | tstModuleCJS.cts:1:17:1:28 | [VarDecl] tstModuleCJS | semmle.label | [VarDecl] tstModuleCJS |
 | tstModuleCJS.cts:1:33:1:35 | [LiteralTypeExpr] 'a' | semmle.label | [LiteralTypeExpr] 'a' |
@@ -1443,7 +1543,7 @@ nodes
 | tstModuleCJS.cts:2:34:2:36 | [Literal] 'a' | semmle.label | [Literal] 'a' |
 | tstModuleCJS.cts:2:40:2:42 | [Literal] 'b' | semmle.label | [Literal] 'b' |
 | tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.label | [ExportDeclaration] export ... 'b'; } |
-| tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 86 |
+| tstModuleES.mts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | semmle.order | 87 |
 | tstModuleES.mts:1:16:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | [FunctionDeclStmt] functio ... 'b'; } |
 | tstModuleES.mts:1:25:1:35 | [VarDecl] tstModuleES | semmle.label | [VarDecl] tstModuleES |
 | tstModuleES.mts:1:40:1:42 | [LiteralTypeExpr] 'a' | semmle.label | [LiteralTypeExpr] 'a' |
@@ -1461,7 +1561,7 @@ nodes
 | tstModuleES.mts:2:34:2:36 | [Literal] 'a' | semmle.label | [Literal] 'a' |
 | tstModuleES.mts:2:40:2:42 | [Literal] 'b' | semmle.label | [Literal] 'b' |
 | tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
-| tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 87 |
+| tstSuffixA.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 88 |
 | tstSuffixA.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
 | tstSuffixA.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
 | tstSuffixA.ts:1:33:1:47 | [LiteralTypeExpr] 'tstSuffixA.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixA.ts' |
@@ -1469,7 +1569,7 @@ nodes
 | tstSuffixA.ts:2:5:2:27 | [ReturnStmt] return ... xA.ts'; | semmle.label | [ReturnStmt] return ... xA.ts'; |
 | tstSuffixA.ts:2:12:2:26 | [Literal] 'tstSuffixA.ts' | semmle.label | [Literal] 'tstSuffixA.ts' |
 | tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
-| tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 88 |
+| tstSuffixB.ios.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 89 |
 | tstSuffixB.ios.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
 | tstSuffixB.ios.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
 | tstSuffixB.ios.ts:1:33:1:51 | [LiteralTypeExpr] 'tstSuffixB.ios.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixB.ios.ts' |
@@ -1477,7 +1577,7 @@ nodes
 | tstSuffixB.ios.ts:2:5:2:31 | [ReturnStmt] return ... os.ts'; | semmle.label | [ReturnStmt] return ... os.ts'; |
 | tstSuffixB.ios.ts:2:12:2:30 | [Literal] 'tstSuffixB.ios.ts' | semmle.label | [Literal] 'tstSuffixB.ios.ts' |
 | tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.label | [ExportDeclaration] export ... .ts'; } |
-| tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 89 |
+| tstSuffixB.ts:1:1:3:1 | [ExportDeclaration] export ... .ts'; } | semmle.order | 90 |
 | tstSuffixB.ts:1:8:3:1 | [FunctionDeclStmt] functio ... .ts'; } | semmle.label | [FunctionDeclStmt] functio ... .ts'; } |
 | tstSuffixB.ts:1:17:1:28 | [VarDecl] resolvedFile | semmle.label | [VarDecl] resolvedFile |
 | tstSuffixB.ts:1:33:1:47 | [LiteralTypeExpr] 'tstSuffixB.ts' | semmle.label | [LiteralTypeExpr] 'tstSuffixB.ts' |
@@ -1485,16 +1585,16 @@ nodes
 | tstSuffixB.ts:2:5:2:27 | [ReturnStmt] return ... xB.ts'; | semmle.label | [ReturnStmt] return ... xB.ts'; |
 | tstSuffixB.ts:2:12:2:26 | [Literal] 'tstSuffixB.ts' | semmle.label | [Literal] 'tstSuffixB.ts' |
 | type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type B = boolean; |
-| type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.order | 90 |
+| type_alias.ts:1:1:1:17 | [TypeAliasDeclaration,TypeDefinition] type B = boolean; | semmle.order | 91 |
 | type_alias.ts:1:6:1:6 | [Identifier] B | semmle.label | [Identifier] B |
 | type_alias.ts:1:10:1:16 | [KeywordTypeExpr] boolean | semmle.label | [KeywordTypeExpr] boolean |
 | type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.label | [DeclStmt] var b = ... |
-| type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.order | 91 |
+| type_alias.ts:3:1:3:9 | [DeclStmt] var b = ... | semmle.order | 92 |
 | type_alias.ts:3:5:3:5 | [VarDecl] b | semmle.label | [VarDecl] b |
 | type_alias.ts:3:5:3:8 | [VariableDeclarator] b: B | semmle.label | [VariableDeclarator] b: B |
 | type_alias.ts:3:8:3:8 | [LocalTypeAccess] B | semmle.label | [LocalTypeAccess] B |
 | type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; |
-| type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.order | 92 |
+| type_alias.ts:5:1:5:50 | [TypeAliasDeclaration,TypeDefinition] type Va ... ay<T>>; | semmle.order | 93 |
 | type_alias.ts:5:6:5:17 | [Identifier] ValueOrArray | semmle.label | [Identifier] ValueOrArray |
 | type_alias.ts:5:19:5:19 | [Identifier] T | semmle.label | [Identifier] T |
 | type_alias.ts:5:19:5:19 | [TypeParameter] T | semmle.label | [TypeParameter] T |
@@ -1506,14 +1606,14 @@ nodes
 | type_alias.ts:5:34:5:48 | [GenericTypeExpr] ValueOrArray<T> | semmle.label | [GenericTypeExpr] ValueOrArray<T> |
 | type_alias.ts:5:47:5:47 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
 | type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.label | [DeclStmt] var c = ... |
-| type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.order | 93 |
+| type_alias.ts:7:1:7:28 | [DeclStmt] var c = ... | semmle.order | 94 |
 | type_alias.ts:7:5:7:5 | [VarDecl] c | semmle.label | [VarDecl] c |
 | type_alias.ts:7:5:7:27 | [VariableDeclarator] c: Valu ... number> | semmle.label | [VariableDeclarator] c: Valu ... number> |
 | type_alias.ts:7:8:7:19 | [LocalTypeAccess] ValueOrArray | semmle.label | [LocalTypeAccess] ValueOrArray |
 | type_alias.ts:7:8:7:27 | [GenericTypeExpr] ValueOrArray<number> | semmle.label | [GenericTypeExpr] ValueOrArray<number> |
 | type_alias.ts:7:21:7:26 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
 | type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; |
-| type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.order | 94 |
+| type_alias.ts:9:1:15:13 | [TypeAliasDeclaration,TypeDefinition] type Js ... Json[]; | semmle.order | 95 |
 | type_alias.ts:9:6:9:9 | [Identifier] Json | semmle.label | [Identifier] Json |
 | type_alias.ts:10:5:15:12 | [UnionTypeExpr] \| strin ... Json[] | semmle.label | [UnionTypeExpr] \| strin ... Json[] |
 | type_alias.ts:10:7:10:12 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
@@ -1529,12 +1629,12 @@ nodes
 | type_alias.ts:15:7:15:10 | [LocalTypeAccess] Json | semmle.label | [LocalTypeAccess] Json |
 | type_alias.ts:15:7:15:12 | [ArrayTypeExpr] Json[] | semmle.label | [ArrayTypeExpr] Json[] |
 | type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.label | [DeclStmt] var json = ... |
-| type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.order | 95 |
+| type_alias.ts:17:1:17:15 | [DeclStmt] var json = ... | semmle.order | 96 |
 | type_alias.ts:17:5:17:8 | [VarDecl] json | semmle.label | [VarDecl] json |
 | type_alias.ts:17:5:17:14 | [VariableDeclarator] json: Json | semmle.label | [VariableDeclarator] json: Json |
 | type_alias.ts:17:11:17:14 | [LocalTypeAccess] Json | semmle.label | [LocalTypeAccess] Json |
 | type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; |
-| type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.order | 96 |
+| type_alias.ts:19:1:21:57 | [TypeAliasDeclaration,TypeDefinition] type Vi ... ode[]]; | semmle.order | 97 |
 | type_alias.ts:19:6:19:16 | [Identifier] VirtualNode | semmle.label | [Identifier] VirtualNode |
 | type_alias.ts:20:5:21:56 | [UnionTypeExpr] \| strin ... Node[]] | semmle.label | [UnionTypeExpr] \| strin ... Node[]] |
 | type_alias.ts:20:7:20:12 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string |
@@ -1550,7 +1650,7 @@ nodes
 | type_alias.ts:21:43:21:53 | [LocalTypeAccess] VirtualNode | semmle.label | [LocalTypeAccess] VirtualNode |
 | type_alias.ts:21:43:21:55 | [ArrayTypeExpr] VirtualNode[] | semmle.label | [ArrayTypeExpr] VirtualNode[] |
 | type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.label | [DeclStmt] const myNode = ... |
-| type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.order | 97 |
+| type_alias.ts:23:1:27:6 | [DeclStmt] const myNode = ... | semmle.order | 98 |
 | type_alias.ts:23:7:23:12 | [VarDecl] myNode | semmle.label | [VarDecl] myNode |
 | type_alias.ts:23:7:27:5 | [VariableDeclarator] myNode: ... ] ] | semmle.label | [VariableDeclarator] myNode: ... ] ] |
 | type_alias.ts:23:15:23:25 | [LocalTypeAccess] VirtualNode | semmle.label | [LocalTypeAccess] VirtualNode |
@@ -1575,12 +1675,12 @@ nodes
 | type_alias.ts:26:23:26:36 | [Literal] "second-child" | semmle.label | [Literal] "second-child" |
 | type_alias.ts:26:41:26:62 | [Literal] "I'm the second child" | semmle.label | [Literal] "I'm the second child" |
 | type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.label | [ImportDeclaration] import ... dummy"; |
-| type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 98 |
+| type_definition_objects.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 99 |
 | type_definition_objects.ts:1:8:1:17 | [ImportSpecifier] * as dummy | semmle.label | [ImportSpecifier] * as dummy |
 | type_definition_objects.ts:1:13:1:17 | [VarDecl] dummy | semmle.label | [VarDecl] dummy |
 | type_definition_objects.ts:1:24:1:32 | [Literal] "./dummy" | semmle.label | [Literal] "./dummy" |
 | type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.label | [ExportDeclaration] export class C {} |
-| type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.order | 99 |
+| type_definition_objects.ts:3:1:3:17 | [ExportDeclaration] export class C {} | semmle.order | 100 |
 | type_definition_objects.ts:3:8:3:17 | [ClassDefinition,TypeDefinition] class C {} | semmle.label | [ClassDefinition,TypeDefinition] class C {} |
 | type_definition_objects.ts:3:14:3:14 | [VarDecl] C | semmle.label | [VarDecl] C |
 | type_definition_objects.ts:3:16:3:15 | [BlockStmt] {} | semmle.label | [BlockStmt] {} |
@@ -1588,36 +1688,36 @@ nodes
 | type_definition_objects.ts:3:16:3:15 | [FunctionExpr] () {} | semmle.label | [FunctionExpr] () {} |
 | type_definition_objects.ts:3:16:3:15 | [Label] constructor | semmle.label | [Label] constructor |
 | type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.label | [DeclStmt] let classObj = ... |
-| type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.order | 100 |
+| type_definition_objects.ts:4:1:4:17 | [DeclStmt] let classObj = ... | semmle.order | 101 |
 | type_definition_objects.ts:4:5:4:12 | [VarDecl] classObj | semmle.label | [VarDecl] classObj |
 | type_definition_objects.ts:4:5:4:16 | [VariableDeclarator] classObj = C | semmle.label | [VariableDeclarator] classObj = C |
 | type_definition_objects.ts:4:16:4:16 | [VarRef] C | semmle.label | [VarRef] C |
 | type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.label | [ExportDeclaration] export enum E {} |
-| type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.order | 101 |
+| type_definition_objects.ts:6:1:6:16 | [ExportDeclaration] export enum E {} | semmle.order | 102 |
 | type_definition_objects.ts:6:8:6:16 | [EnumDeclaration,TypeDefinition] enum E {} | semmle.label | [EnumDeclaration,TypeDefinition] enum E {} |
 | type_definition_objects.ts:6:13:6:13 | [VarDecl] E | semmle.label | [VarDecl] E |
 | type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.label | [DeclStmt] let enumObj = ... |
-| type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.order | 102 |
+| type_definition_objects.ts:7:1:7:16 | [DeclStmt] let enumObj = ... | semmle.order | 103 |
 | type_definition_objects.ts:7:5:7:11 | [VarDecl] enumObj | semmle.label | [VarDecl] enumObj |
 | type_definition_objects.ts:7:5:7:15 | [VariableDeclarator] enumObj = E | semmle.label | [VariableDeclarator] enumObj = E |
 | type_definition_objects.ts:7:15:7:15 | [VarRef] E | semmle.label | [VarRef] E |
 | type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.label | [ExportDeclaration] export ... e N {;} |
-| type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.order | 103 |
+| type_definition_objects.ts:9:1:9:22 | [ExportDeclaration] export ... e N {;} | semmle.order | 104 |
 | type_definition_objects.ts:9:8:9:22 | [NamespaceDeclaration] namespace N {;} | semmle.label | [NamespaceDeclaration] namespace N {;} |
 | type_definition_objects.ts:9:18:9:18 | [VarDecl] N | semmle.label | [VarDecl] N |
 | type_definition_objects.ts:9:21:9:21 | [EmptyStmt] ; | semmle.label | [EmptyStmt] ; |
 | type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.label | [DeclStmt] let namespaceObj = ... |
-| type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.order | 104 |
+| type_definition_objects.ts:10:1:10:21 | [DeclStmt] let namespaceObj = ... | semmle.order | 105 |
 | type_definition_objects.ts:10:5:10:16 | [VarDecl] namespaceObj | semmle.label | [VarDecl] namespaceObj |
 | type_definition_objects.ts:10:5:10:20 | [VariableDeclarator] namespaceObj = N | semmle.label | [VariableDeclarator] namespaceObj = N |
 | type_definition_objects.ts:10:20:10:20 | [VarRef] N | semmle.label | [VarRef] N |
 | type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.label | [ImportDeclaration] import ... dummy"; |
-| type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 105 |
+| type_definitions.ts:1:1:1:33 | [ImportDeclaration] import ... dummy"; | semmle.order | 106 |
 | type_definitions.ts:1:8:1:17 | [ImportSpecifier] * as dummy | semmle.label | [ImportSpecifier] * as dummy |
 | type_definitions.ts:1:13:1:17 | [VarDecl] dummy | semmle.label | [VarDecl] dummy |
 | type_definitions.ts:1:24:1:32 | [Literal] "./dummy" | semmle.label | [Literal] "./dummy" |
 | type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } |
-| type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.order | 106 |
+| type_definitions.ts:3:1:5:1 | [InterfaceDeclaration,TypeDefinition] interfa ... x: S; } | semmle.order | 107 |
 | type_definitions.ts:3:11:3:11 | [Identifier] I | semmle.label | [Identifier] I |
 | type_definitions.ts:3:13:3:13 | [Identifier] S | semmle.label | [Identifier] S |
 | type_definitions.ts:3:13:3:13 | [TypeParameter] S | semmle.label | [TypeParameter] S |
@@ -1625,14 +1725,14 @@ nodes
 | type_definitions.ts:4:3:4:7 | [FieldDeclaration] x: S; | semmle.label | [FieldDeclaration] x: S; |
 | type_definitions.ts:4:6:4:6 | [LocalTypeAccess] S | semmle.label | [LocalTypeAccess] S |
 | type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.label | [DeclStmt] let i = ... |
-| type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.order | 107 |
+| type_definitions.ts:6:1:6:16 | [DeclStmt] let i = ... | semmle.order | 108 |
 | type_definitions.ts:6:5:6:5 | [VarDecl] i | semmle.label | [VarDecl] i |
 | type_definitions.ts:6:5:6:16 | [VariableDeclarator] i: I<number> | semmle.label | [VariableDeclarator] i: I<number> |
 | type_definitions.ts:6:8:6:8 | [LocalTypeAccess] I | semmle.label | [LocalTypeAccess] I |
 | type_definitions.ts:6:8:6:16 | [GenericTypeExpr] I<number> | semmle.label | [GenericTypeExpr] I<number> |
 | type_definitions.ts:6:10:6:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
 | type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.label | [ClassDefinition,TypeDefinition] class C ... x: T } |
-| type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.order | 108 |
+| type_definitions.ts:8:1:10:1 | [ClassDefinition,TypeDefinition] class C ... x: T } | semmle.order | 109 |
 | type_definitions.ts:8:7:8:7 | [VarDecl] C | semmle.label | [VarDecl] C |
 | type_definitions.ts:8:8:8:7 | [BlockStmt] {} | semmle.label | [BlockStmt] {} |
 | type_definitions.ts:8:8:8:7 | [ClassInitializedMember,ConstructorDefinition] constructor() {} | semmle.label | [ClassInitializedMember,ConstructorDefinition] constructor() {} |
@@ -1644,14 +1744,14 @@ nodes
 | type_definitions.ts:9:3:9:6 | [FieldDeclaration] x: T | semmle.label | [FieldDeclaration] x: T |
 | type_definitions.ts:9:6:9:6 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
 | type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.label | [DeclStmt] let c = ... |
-| type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.order | 109 |
+| type_definitions.ts:11:1:11:17 | [DeclStmt] let c = ... | semmle.order | 110 |
 | type_definitions.ts:11:5:11:5 | [VarDecl] c | semmle.label | [VarDecl] c |
 | type_definitions.ts:11:5:11:16 | [VariableDeclarator] c: C<number> | semmle.label | [VariableDeclarator] c: C<number> |
 | type_definitions.ts:11:8:11:8 | [LocalTypeAccess] C | semmle.label | [LocalTypeAccess] C |
 | type_definitions.ts:11:8:11:16 | [GenericTypeExpr] C<number> | semmle.label | [GenericTypeExpr] C<number> |
 | type_definitions.ts:11:10:11:15 | [KeywordTypeExpr] number | semmle.label | [KeywordTypeExpr] number |
 | type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.label | [EnumDeclaration,TypeDefinition] enum Co ... blue } |
-| type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.order | 110 |
+| type_definitions.ts:13:1:15:1 | [EnumDeclaration,TypeDefinition] enum Co ... blue } | semmle.order | 111 |
 | type_definitions.ts:13:6:13:10 | [VarDecl] Color | semmle.label | [VarDecl] Color |
 | type_definitions.ts:14:3:14:5 | [EnumMember,TypeDefinition] red | semmle.label | [EnumMember,TypeDefinition] red |
 | type_definitions.ts:14:3:14:5 | [VarDecl] red | semmle.label | [VarDecl] red |
@@ -1660,29 +1760,29 @@ nodes
 | type_definitions.ts:14:15:14:18 | [EnumMember,TypeDefinition] blue | semmle.label | [EnumMember,TypeDefinition] blue |
 | type_definitions.ts:14:15:14:18 | [VarDecl] blue | semmle.label | [VarDecl] blue |
 | type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.label | [DeclStmt] let color = ... |
-| type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.order | 111 |
+| type_definitions.ts:16:1:16:17 | [DeclStmt] let color = ... | semmle.order | 112 |
 | type_definitions.ts:16:5:16:9 | [VarDecl] color | semmle.label | [VarDecl] color |
 | type_definitions.ts:16:5:16:16 | [VariableDeclarator] color: Color | semmle.label | [VariableDeclarator] color: Color |
 | type_definitions.ts:16:12:16:16 | [LocalTypeAccess] Color | semmle.label | [LocalTypeAccess] Color |
 | type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.label | [EnumDeclaration,TypeDefinition] enum En ... ember } |
-| type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.order | 112 |
+| type_definitions.ts:18:1:18:33 | [EnumDeclaration,TypeDefinition] enum En ... ember } | semmle.order | 113 |
 | type_definitions.ts:18:6:18:22 | [VarDecl] EnumWithOneMember | semmle.label | [VarDecl] EnumWithOneMember |
 | type_definitions.ts:18:26:18:31 | [EnumMember,TypeDefinition] member | semmle.label | [EnumMember,TypeDefinition] member |
 | type_definitions.ts:18:26:18:31 | [VarDecl] member | semmle.label | [VarDecl] member |
 | type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.label | [DeclStmt] let e = ... |
-| type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.order | 113 |
+| type_definitions.ts:19:1:19:25 | [DeclStmt] let e = ... | semmle.order | 114 |
 | type_definitions.ts:19:5:19:5 | [VarDecl] e | semmle.label | [VarDecl] e |
 | type_definitions.ts:19:5:19:24 | [VariableDeclarator] e: EnumWithOneMember | semmle.label | [VariableDeclarator] e: EnumWithOneMember |
 | type_definitions.ts:19:8:19:24 | [LocalTypeAccess] EnumWithOneMember | semmle.label | [LocalTypeAccess] EnumWithOneMember |
 | type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; |
-| type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.order | 114 |
+| type_definitions.ts:21:1:21:20 | [TypeAliasDeclaration,TypeDefinition] type Alias<T> = T[]; | semmle.order | 115 |
 | type_definitions.ts:21:6:21:10 | [Identifier] Alias | semmle.label | [Identifier] Alias |
 | type_definitions.ts:21:12:21:12 | [Identifier] T | semmle.label | [Identifier] T |
 | type_definitions.ts:21:12:21:12 | [TypeParameter] T | semmle.label | [TypeParameter] T |
 | type_definitions.ts:21:17:21:17 | [LocalTypeAccess] T | semmle.label | [LocalTypeAccess] T |
 | type_definitions.ts:21:17:21:19 | [ArrayTypeExpr] T[] | semmle.label | [ArrayTypeExpr] T[] |
 | type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.label | [DeclStmt] let aliasForNumberArray = ... |
-| type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.order | 115 |
+| type_definitions.ts:22:1:22:39 | [DeclStmt] let aliasForNumberArray = ... | semmle.order | 116 |
 | type_definitions.ts:22:5:22:23 | [VarDecl] aliasForNumberArray | semmle.label | [VarDecl] aliasForNumberArray |
 | type_definitions.ts:22:5:22:38 | [VariableDeclarator] aliasFo ... number> | semmle.label | [VariableDeclarator] aliasFo ... number> |
 | type_definitions.ts:22:26:22:30 | [LocalTypeAccess] Alias | semmle.label | [LocalTypeAccess] Alias |
@@ -1841,6 +1941,8 @@ edges
 | file://:0:0:0:0 | (Arguments) | tst.ts:385:36:385:52 | [ArrayExpr] [42, true, "hi!"] | semmle.order | 0 |
 | file://:0:0:0:0 | (Arguments) | tst.ts:385:55:385:72 | [ArrayExpr] [0, false, "bye!"] | semmle.label | 1 |
 | file://:0:0:0:0 | (Arguments) | tst.ts:385:55:385:72 | [ArrayExpr] [0, false, "bye!"] | semmle.order | 1 |
+| file://:0:0:0:0 | (Arguments) | tst.ts:402:39:402:39 | [Literal] 0 | semmle.label | 0 |
+| file://:0:0:0:0 | (Arguments) | tst.ts:402:39:402:39 | [Literal] 0 | semmle.order | 0 |
 | file://:0:0:0:0 | (Parameters) | tst.ts:14:17:14:17 | [SimpleParameter] x | semmle.label | 0 |
 | file://:0:0:0:0 | (Parameters) | tst.ts:14:17:14:17 | [SimpleParameter] x | semmle.order | 0 |
 | file://:0:0:0:0 | (Parameters) | tst.ts:14:28:14:28 | [SimpleParameter] y | semmle.label | 1 |
@@ -1917,6 +2019,10 @@ edges
 | file://:0:0:0:0 | (Parameters) | tst.ts:383:40:383:40 | [SimpleParameter] x | semmle.order | 0 |
 | file://:0:0:0:0 | (Parameters) | tst.ts:383:46:383:46 | [SimpleParameter] y | semmle.label | 1 |
 | file://:0:0:0:0 | (Parameters) | tst.ts:383:46:383:46 | [SimpleParameter] y | semmle.order | 1 |
+| file://:0:0:0:0 | (Parameters) | tst.ts:412:21:412:25 | [SimpleParameter] color | semmle.label | 0 |
+| file://:0:0:0:0 | (Parameters) | tst.ts:412:21:412:25 | [SimpleParameter] color | semmle.order | 0 |
+| file://:0:0:0:0 | (Parameters) | tst.ts:422:17:422:20 | [SimpleParameter] name | semmle.label | 0 |
+| file://:0:0:0:0 | (Parameters) | tst.ts:422:17:422:20 | [SimpleParameter] name | semmle.order | 0 |
 | file://:0:0:0:0 | (Parameters) | type_alias.ts:14:10:14:17 | [SimpleParameter] property | semmle.label | 0 |
 | file://:0:0:0:0 | (Parameters) | type_alias.ts:14:10:14:17 | [SimpleParameter] property | semmle.order | 0 |
 | file://:0:0:0:0 | (Parameters) | type_alias.ts:21:19:21:21 | [SimpleParameter] key | semmle.label | 0 |
@@ -4203,6 +4309,196 @@ edges
 | tst.ts:385:55:385:72 | [ArrayExpr] [0, false, "bye!"] | tst.ts:385:59:385:63 | [Literal] false | semmle.order | 2 |
 | tst.ts:385:55:385:72 | [ArrayExpr] [0, false, "bye!"] | tst.ts:385:66:385:71 | [Literal] "bye!" | semmle.label | 3 |
 | tst.ts:385:55:385:72 | [ArrayExpr] [0, false, "bye!"] | tst.ts:385:66:385:71 | [Literal] "bye!" | semmle.order | 3 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:390:8:390:11 | [VarDecl] TS49 | semmle.label | 1 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:390:8:390:11 | [VarDecl] TS49 | semmle.order | 1 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | semmle.label | 2 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | semmle.order | 2 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | semmle.label | 3 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | semmle.order | 3 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:395:3:399:43 | [DeclStmt] const palette = ... | semmle.label | 4 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:395:3:399:43 | [DeclStmt] const palette = ... | semmle.order | 4 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:402:3:402:41 | [DeclStmt] const redComponent = ... | semmle.label | 5 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:402:3:402:41 | [DeclStmt] const redComponent = ... | semmle.order | 5 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.label | 6 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.order | 6 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.label | 7 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | semmle.order | 7 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | semmle.label | 8 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | semmle.order | 8 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | semmle.label | 9 |
+| tst.ts:390:1:426:1 | [NamespaceDeclaration] module ... } } } | tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | semmle.order | 9 |
+| tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | tst.ts:391:8:391:13 | [Identifier] Colors | semmle.label | 1 |
+| tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | tst.ts:391:8:391:13 | [Identifier] Colors | semmle.order | 1 |
+| tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | semmle.label | 2 |
+| tst.ts:391:3:391:41 | [TypeAliasDeclaration,TypeDefinition] type Co ... "blue"; | tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | semmle.order | 2 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:17:391:21 | [LiteralTypeExpr] "red" | semmle.label | 1 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:17:391:21 | [LiteralTypeExpr] "red" | semmle.order | 1 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:25:391:31 | [LiteralTypeExpr] "green" | semmle.label | 2 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:25:391:31 | [LiteralTypeExpr] "green" | semmle.order | 2 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:35:391:40 | [LiteralTypeExpr] "blue" | semmle.label | 3 |
+| tst.ts:391:17:391:40 | [UnionTypeExpr] "red" \| ... "blue" | tst.ts:391:35:391:40 | [LiteralTypeExpr] "blue" | semmle.order | 3 |
+| tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | tst.ts:393:8:393:10 | [Identifier] RGB | semmle.label | 1 |
+| tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | tst.ts:393:8:393:10 | [Identifier] RGB | semmle.order | 1 |
+| tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | semmle.label | 2 |
+| tst.ts:393:3:393:56 | [TypeAliasDeclaration,TypeDefinition] type RG ... umber]; | tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | semmle.order | 2 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:15:393:17 | [Identifier] red | semmle.label | 1 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:15:393:17 | [Identifier] red | semmle.order | 1 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:20:393:25 | [KeywordTypeExpr] number | semmle.label | 2 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:20:393:25 | [KeywordTypeExpr] number | semmle.order | 2 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:28:393:32 | [Identifier] green | semmle.label | 3 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:28:393:32 | [Identifier] green | semmle.order | 3 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:35:393:40 | [KeywordTypeExpr] number | semmle.label | 4 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:35:393:40 | [KeywordTypeExpr] number | semmle.order | 4 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:43:393:46 | [Identifier] blue | semmle.label | 5 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:43:393:46 | [Identifier] blue | semmle.order | 5 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:49:393:54 | [KeywordTypeExpr] number | semmle.label | 6 |
+| tst.ts:393:14:393:55 | [TupleTypeExpr] [red: n ... number] | tst.ts:393:49:393:54 | [KeywordTypeExpr] number | semmle.order | 6 |
+| tst.ts:395:3:399:43 | [DeclStmt] const palette = ... | tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | semmle.label | 1 |
+| tst.ts:395:3:399:43 | [DeclStmt] const palette = ... | tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | semmle.order | 1 |
+| tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | tst.ts:395:9:395:15 | [VarDecl] palette | semmle.label | 1 |
+| tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | tst.ts:395:9:395:15 | [VarDecl] palette | semmle.order | 1 |
+| tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | semmle.label | 2 |
+| tst.ts:395:9:399:42 | [VariableDeclarator] palette ... \| RGB> | tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | semmle.order | 2 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | semmle.label | 1 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | semmle.order | 1 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:397:5:397:20 | [Property] green: "#00ff00" | semmle.label | 2 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:397:5:397:20 | [Property] green: "#00ff00" | semmle.order | 2 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | semmle.label | 3 |
+| tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | semmle.order | 3 |
+| tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | semmle.label | 1 |
+| tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | tst.ts:395:19:399:3 | [ObjectExpr] {red: ...} | semmle.order | 1 |
+| tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | semmle.label | 2 |
+| tst.ts:395:19:399:42 | [SatisfiesExpr] { r ... \| RGB> | tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | semmle.order | 2 |
+| tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | tst.ts:396:5:396:7 | [Label] red | semmle.label | 1 |
+| tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | tst.ts:396:5:396:7 | [Label] red | semmle.order | 1 |
+| tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | semmle.label | 2 |
+| tst.ts:396:5:396:20 | [Property] red: [255, 0, 0] | tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | semmle.order | 2 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:11:396:13 | [Literal] 255 | semmle.label | 1 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:11:396:13 | [Literal] 255 | semmle.order | 1 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:16:396:16 | [Literal] 0 | semmle.label | 2 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:16:396:16 | [Literal] 0 | semmle.order | 2 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:19:396:19 | [Literal] 0 | semmle.label | 3 |
+| tst.ts:396:10:396:20 | [ArrayExpr] [255, 0, 0] | tst.ts:396:19:396:19 | [Literal] 0 | semmle.order | 3 |
+| tst.ts:397:5:397:20 | [Property] green: "#00ff00" | tst.ts:397:5:397:9 | [Label] green | semmle.label | 1 |
+| tst.ts:397:5:397:20 | [Property] green: "#00ff00" | tst.ts:397:5:397:9 | [Label] green | semmle.order | 1 |
+| tst.ts:397:5:397:20 | [Property] green: "#00ff00" | tst.ts:397:12:397:20 | [Literal] "#00ff00" | semmle.label | 2 |
+| tst.ts:397:5:397:20 | [Property] green: "#00ff00" | tst.ts:397:12:397:20 | [Literal] "#00ff00" | semmle.order | 2 |
+| tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | tst.ts:398:5:398:8 | [Label] bleu | semmle.label | 1 |
+| tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | tst.ts:398:5:398:8 | [Label] bleu | semmle.order | 1 |
+| tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | semmle.label | 2 |
+| tst.ts:398:5:398:21 | [Property] bleu: [0, 0, 255] | tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | semmle.order | 2 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:12:398:12 | [Literal] 0 | semmle.label | 1 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:12:398:12 | [Literal] 0 | semmle.order | 1 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:15:398:15 | [Literal] 0 | semmle.label | 2 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:15:398:15 | [Literal] 0 | semmle.order | 2 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:18:398:20 | [Literal] 255 | semmle.label | 3 |
+| tst.ts:398:11:398:21 | [ArrayExpr] [0, 0, 255] | tst.ts:398:18:398:20 | [Literal] 255 | semmle.order | 3 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:15:399:20 | [LocalTypeAccess] Record | semmle.label | 1 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:15:399:20 | [LocalTypeAccess] Record | semmle.order | 1 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:22:399:27 | [LocalTypeAccess] Colors | semmle.label | 2 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:22:399:27 | [LocalTypeAccess] Colors | semmle.order | 2 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | semmle.label | 3 |
+| tst.ts:399:15:399:42 | [GenericTypeExpr] Record< ... \| RGB> | tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | semmle.order | 3 |
+| tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | tst.ts:399:30:399:35 | [KeywordTypeExpr] string | semmle.label | 1 |
+| tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | tst.ts:399:30:399:35 | [KeywordTypeExpr] string | semmle.order | 1 |
+| tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | tst.ts:399:39:399:41 | [LocalTypeAccess] RGB | semmle.label | 2 |
+| tst.ts:399:30:399:41 | [UnionTypeExpr] string \| RGB | tst.ts:399:39:399:41 | [LocalTypeAccess] RGB | semmle.order | 2 |
+| tst.ts:402:3:402:41 | [DeclStmt] const redComponent = ... | tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | semmle.label | 1 |
+| tst.ts:402:3:402:41 | [DeclStmt] const redComponent = ... | tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | semmle.order | 1 |
+| tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | tst.ts:402:9:402:20 | [VarDecl] redComponent | semmle.label | 1 |
+| tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | tst.ts:402:9:402:20 | [VarDecl] redComponent | semmle.order | 1 |
+| tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | semmle.label | 2 |
+| tst.ts:402:9:402:40 | [VariableDeclarator] redComp ... d.at(0) | tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | semmle.order | 2 |
+| tst.ts:402:24:402:34 | [DotExpr] palette.red | tst.ts:402:24:402:30 | [VarRef] palette | semmle.label | 1 |
+| tst.ts:402:24:402:34 | [DotExpr] palette.red | tst.ts:402:24:402:30 | [VarRef] palette | semmle.order | 1 |
+| tst.ts:402:24:402:34 | [DotExpr] palette.red | tst.ts:402:32:402:34 | [Label] red | semmle.label | 2 |
+| tst.ts:402:24:402:34 | [DotExpr] palette.red | tst.ts:402:32:402:34 | [Label] red | semmle.order | 2 |
+| tst.ts:402:24:402:37 | [DotExpr] palette.red.at | tst.ts:402:24:402:34 | [DotExpr] palette.red | semmle.label | 1 |
+| tst.ts:402:24:402:37 | [DotExpr] palette.red.at | tst.ts:402:24:402:34 | [DotExpr] palette.red | semmle.order | 1 |
+| tst.ts:402:24:402:37 | [DotExpr] palette.red.at | tst.ts:402:36:402:37 | [Label] at | semmle.label | 2 |
+| tst.ts:402:24:402:37 | [DotExpr] palette.red.at | tst.ts:402:36:402:37 | [Label] at | semmle.order | 2 |
+| tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
+| tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
+| tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | tst.ts:402:24:402:37 | [DotExpr] palette.red.at | semmle.label | 0 |
+| tst.ts:402:24:402:40 | [MethodCallExpr] palette.red.at(0) | tst.ts:402:24:402:37 | [DotExpr] palette.red.at | semmle.order | 0 |
+| tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:404:13:404:18 | [Identifier] RGBObj | semmle.label | 1 |
+| tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:404:13:404:18 | [Identifier] RGBObj | semmle.order | 1 |
+| tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | semmle.label | 2 |
+| tst.ts:404:3:406:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | semmle.order | 2 |
+| tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | tst.ts:405:5:405:7 | [Label] red | semmle.label | 1 |
+| tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | tst.ts:405:5:405:7 | [Label] red | semmle.order | 1 |
+| tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | tst.ts:405:10:405:15 | [KeywordTypeExpr] number | semmle.label | 2 |
+| tst.ts:405:5:405:16 | [FieldDeclaration] red: number; | tst.ts:405:10:405:15 | [KeywordTypeExpr] number | semmle.order | 2 |
+| tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:408:13:408:18 | [Identifier] HSVObj | semmle.label | 1 |
+| tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:408:13:408:18 | [Identifier] HSVObj | semmle.order | 1 |
+| tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | semmle.label | 2 |
+| tst.ts:408:3:410:3 | [InterfaceDeclaration,TypeDefinition] interfa ... er; } | tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | semmle.order | 2 |
+| tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | tst.ts:409:5:409:7 | [Label] hue | semmle.label | 1 |
+| tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | tst.ts:409:5:409:7 | [Label] hue | semmle.order | 1 |
+| tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | tst.ts:409:10:409:15 | [KeywordTypeExpr] number | semmle.label | 2 |
+| tst.ts:409:5:409:16 | [FieldDeclaration] hue: number; | tst.ts:409:10:409:15 | [KeywordTypeExpr] number | semmle.order | 2 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | tst.ts:412:12:412:19 | [VarDecl] setColor | semmle.label | 0 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | tst.ts:412:12:412:19 | [VarDecl] setColor | semmle.order | 0 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | tst.ts:412:45:416:3 | [BlockStmt] { i ... } } | semmle.label | 5 |
+| tst.ts:412:3:416:3 | [FunctionDeclStmt] functio ... } } | tst.ts:412:45:416:3 | [BlockStmt] { i ... } } | semmle.order | 5 |
+| tst.ts:412:21:412:25 | [SimpleParameter] color | tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | semmle.label | 0 |
+| tst.ts:412:21:412:25 | [SimpleParameter] color | tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | semmle.order | 0 |
+| tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | tst.ts:412:28:412:33 | [LocalTypeAccess] RGBObj | semmle.label | 1 |
+| tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | tst.ts:412:28:412:33 | [LocalTypeAccess] RGBObj | semmle.order | 1 |
+| tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | tst.ts:412:37:412:42 | [LocalTypeAccess] HSVObj | semmle.label | 2 |
+| tst.ts:412:28:412:42 | [UnionTypeExpr] RGBObj \| HSVObj | tst.ts:412:37:412:42 | [LocalTypeAccess] HSVObj | semmle.order | 2 |
+| tst.ts:412:45:416:3 | [BlockStmt] { i ... } } | tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | semmle.label | 1 |
+| tst.ts:412:45:416:3 | [BlockStmt] { i ... } } | tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | semmle.order | 1 |
+| tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | semmle.label | 1 |
+| tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | semmle.order | 1 |
+| tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | tst.ts:413:25:415:5 | [BlockStmt] { ... j } | semmle.label | 2 |
+| tst.ts:413:5:415:5 | [IfStmt] if ("hu ... j } | tst.ts:413:25:415:5 | [BlockStmt] { ... j } | semmle.order | 2 |
+| tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | tst.ts:413:9:413:13 | [Literal] "hue" | semmle.label | 1 |
+| tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | tst.ts:413:9:413:13 | [Literal] "hue" | semmle.order | 1 |
+| tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | tst.ts:413:18:413:22 | [VarRef] color | semmle.label | 2 |
+| tst.ts:413:9:413:22 | [BinaryExpr] "hue" in color | tst.ts:413:18:413:22 | [VarRef] color | semmle.order | 2 |
+| tst.ts:413:25:415:5 | [BlockStmt] { ... j } | tst.ts:414:7:414:20 | [DeclStmt] let h = ... | semmle.label | 1 |
+| tst.ts:413:25:415:5 | [BlockStmt] { ... j } | tst.ts:414:7:414:20 | [DeclStmt] let h = ... | semmle.order | 1 |
+| tst.ts:414:7:414:20 | [DeclStmt] let h = ... | tst.ts:414:11:414:19 | [VariableDeclarator] h = color | semmle.label | 1 |
+| tst.ts:414:7:414:20 | [DeclStmt] let h = ... | tst.ts:414:11:414:19 | [VariableDeclarator] h = color | semmle.order | 1 |
+| tst.ts:414:11:414:19 | [VariableDeclarator] h = color | tst.ts:414:11:414:11 | [VarDecl] h | semmle.label | 1 |
+| tst.ts:414:11:414:19 | [VariableDeclarator] h = color | tst.ts:414:11:414:11 | [VarDecl] h | semmle.order | 1 |
+| tst.ts:414:11:414:19 | [VariableDeclarator] h = color | tst.ts:414:15:414:19 | [VarRef] color | semmle.label | 2 |
+| tst.ts:414:11:414:19 | [VariableDeclarator] h = color | tst.ts:414:15:414:19 | [VarRef] color | semmle.order | 2 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:419:9:419:14 | [VarDecl] Person | semmle.label | 1 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:419:9:419:14 | [VarDecl] Person | semmle.order | 1 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | semmle.label | 2 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | semmle.order | 2 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | semmle.label | 3 |
+| tst.ts:419:3:425:3 | [ClassDefinition,TypeDefinition] class P ... } } | tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | semmle.order | 3 |
+| tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | tst.ts:420:14:420:17 | [Label] name | semmle.label | 1 |
+| tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | tst.ts:420:14:420:17 | [Label] name | semmle.order | 1 |
+| tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | tst.ts:420:20:420:25 | [KeywordTypeExpr] string | semmle.label | 2 |
+| tst.ts:420:5:420:26 | [FieldDeclaration] accesso ... string; | tst.ts:420:20:420:25 | [KeywordTypeExpr] string | semmle.order | 2 |
+| tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | semmle.label | 2 |
+| tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | semmle.order | 2 |
+| tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | tst.ts:422:5:424:5 | [Label] constructor | semmle.label | 1 |
+| tst.ts:422:5:424:5 | [ClassInitializedMember,ConstructorDefinition] constru ... ; } | tst.ts:422:5:424:5 | [Label] constructor | semmle.order | 1 |
+| tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
+| tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
+| tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | tst.ts:422:31:424:5 | [BlockStmt] { ... ; } | semmle.label | 5 |
+| tst.ts:422:5:424:5 | [FunctionExpr] constru ... ; } | tst.ts:422:31:424:5 | [BlockStmt] { ... ; } | semmle.order | 5 |
+| tst.ts:422:17:422:20 | [SimpleParameter] name | tst.ts:422:23:422:28 | [KeywordTypeExpr] string | semmle.label | 0 |
+| tst.ts:422:17:422:20 | [SimpleParameter] name | tst.ts:422:23:422:28 | [KeywordTypeExpr] string | semmle.order | 0 |
+| tst.ts:422:31:424:5 | [BlockStmt] { ... ; } | tst.ts:423:7:423:23 | [ExprStmt] this.name = name; | semmle.label | 1 |
+| tst.ts:422:31:424:5 | [BlockStmt] { ... ; } | tst.ts:423:7:423:23 | [ExprStmt] this.name = name; | semmle.order | 1 |
+| tst.ts:423:7:423:15 | [DotExpr] this.name | tst.ts:423:7:423:10 | [ThisExpr] this | semmle.label | 1 |
+| tst.ts:423:7:423:15 | [DotExpr] this.name | tst.ts:423:7:423:10 | [ThisExpr] this | semmle.order | 1 |
+| tst.ts:423:7:423:15 | [DotExpr] this.name | tst.ts:423:12:423:15 | [Label] name | semmle.label | 2 |
+| tst.ts:423:7:423:15 | [DotExpr] this.name | tst.ts:423:12:423:15 | [Label] name | semmle.order | 2 |
+| tst.ts:423:7:423:22 | [AssignExpr] this.name = name | tst.ts:423:7:423:15 | [DotExpr] this.name | semmle.label | 1 |
+| tst.ts:423:7:423:22 | [AssignExpr] this.name = name | tst.ts:423:7:423:15 | [DotExpr] this.name | semmle.order | 1 |
+| tst.ts:423:7:423:22 | [AssignExpr] this.name = name | tst.ts:423:19:423:22 | [VarRef] name | semmle.label | 2 |
+| tst.ts:423:7:423:22 | [AssignExpr] this.name = name | tst.ts:423:19:423:22 | [VarRef] name | semmle.order | 2 |
+| tst.ts:423:7:423:23 | [ExprStmt] this.name = name; | tst.ts:423:7:423:22 | [AssignExpr] this.name = name | semmle.label | 1 |
+| tst.ts:423:7:423:23 | [ExprStmt] this.name = name; | tst.ts:423:7:423:22 | [AssignExpr] this.name = name | semmle.order | 1 |
 | tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.label | 1 |
 | tstModuleCJS.cts:1:1:3:1 | [ExportDeclaration] export ... 'b'; } | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | semmle.order | 1 |
 | tstModuleCJS.cts:1:8:3:1 | [FunctionDeclStmt] functio ... 'b'; } | tstModuleCJS.cts:1:17:1:28 | [VarDecl] tstModuleCJS | semmle.label | 0 |
diff --git a/javascript/ql/test/library-tests/TypeScript/Types/tests.expected b/javascript/ql/test/library-tests/TypeScript/Types/tests.expected
index 6727ab01b13..c265205cf6b 100644
--- a/javascript/ql/test/library-tests/TypeScript/Types/tests.expected
+++ b/javascript/ql/test/library-tests/TypeScript/Types/tests.expected
@@ -519,6 +519,47 @@ getExprType
 | tst.ts:385:56:385:56 | 0 | 0 |
 | tst.ts:385:59:385:63 | false | false |
 | tst.ts:385:66:385:71 | "bye!" | "bye!" |
+| tst.ts:390:8:390:11 | TS49 | typeof TS49 in library-tests/TypeScript/Types/tst.ts |
+| tst.ts:395:9:395:15 | palette | { red: [number, number, number]; green: string;... |
+| tst.ts:395:19:399:3 | {\\n    r ... 5],\\n  } | Record<Colors, string \| RGB> |
+| tst.ts:395:19:399:42 | {\\n    r ...  \| RGB> | { red: [number, number, number]; green: string;... |
+| tst.ts:396:5:396:7 | red | [red: number, green: number, blue: number] |
+| tst.ts:396:10:396:20 | [255, 0, 0] | string \| RGB |
+| tst.ts:396:11:396:13 | 255 | 255 |
+| tst.ts:396:16:396:16 | 0 | 0 |
+| tst.ts:396:19:396:19 | 0 | 0 |
+| tst.ts:397:5:397:9 | green | string |
+| tst.ts:397:12:397:20 | "#00ff00" | "#00ff00" |
+| tst.ts:398:5:398:8 | bleu | number[] |
+| tst.ts:398:11:398:21 | [0, 0, 255] | number[] |
+| tst.ts:398:12:398:12 | 0 | 0 |
+| tst.ts:398:15:398:15 | 0 | 0 |
+| tst.ts:398:18:398:20 | 255 | 255 |
+| tst.ts:402:9:402:20 | redComponent | number |
+| tst.ts:402:24:402:30 | palette | { red: [number, number, number]; green: string;... |
+| tst.ts:402:24:402:34 | palette.red | [red: number, green: number, blue: number] |
+| tst.ts:402:24:402:37 | palette.red.at | (index: number) => number |
+| tst.ts:402:24:402:40 | palette.red.at(0) | number |
+| tst.ts:402:32:402:34 | red | [red: number, green: number, blue: number] |
+| tst.ts:402:36:402:37 | at | (index: number) => number |
+| tst.ts:402:39:402:39 | 0 | 0 |
+| tst.ts:405:5:405:7 | red | number |
+| tst.ts:409:5:409:7 | hue | number |
+| tst.ts:412:12:412:19 | setColor | (color: RGBObj \| HSVObj) => void |
+| tst.ts:412:21:412:25 | color | RGBObj \| HSVObj |
+| tst.ts:413:9:413:13 | "hue" | "hue" |
+| tst.ts:413:9:413:22 | "hue" in color | boolean |
+| tst.ts:413:18:413:22 | color | RGBObj \| HSVObj |
+| tst.ts:414:11:414:11 | h | HSVObj |
+| tst.ts:414:15:414:19 | color | HSVObj |
+| tst.ts:419:9:419:14 | Person | Person |
+| tst.ts:420:14:420:17 | name | string |
+| tst.ts:422:5:424:5 | constru ... ;\\n    } | any |
+| tst.ts:422:17:422:20 | name | string |
+| tst.ts:423:7:423:15 | this.name | string |
+| tst.ts:423:7:423:22 | this.name = name | string |
+| tst.ts:423:12:423:15 | name | string |
+| tst.ts:423:19:423:22 | name | string |
 | tstModuleCJS.cts:1:17:1:28 | tstModuleCJS | () => "a" \| "b" |
 | tstModuleCJS.cts:2:12:2:15 | Math | Math |
 | tstModuleCJS.cts:2:12:2:22 | Math.random | () => number |
@@ -624,6 +665,11 @@ getTypeDefinitionType
 | tst.ts:336:1:336:51 | type F  ... lean]>; | "a" \| "b" |
 | tst.ts:342:1:345:1 | interfa ... void;\\n} | State<T> |
 | tst.ts:381:5:381:73 | type So ...  never; | 100 |
+| tst.ts:391:3:391:41 | type Co ... "blue"; | Colors |
+| tst.ts:393:3:393:56 | type RG ... umber]; | RGB |
+| tst.ts:404:3:406:3 | interfa ... er;\\n  } | RGBObj |
+| tst.ts:408:3:410:3 | interfa ... er;\\n  } | HSVObj |
+| tst.ts:419:3:425:3 | class P ...   }\\n  } | Person |
 | type_alias.ts:1:1:1:17 | type B = boolean; | boolean |
 | type_alias.ts:5:1:5:50 | type Va ... ay<T>>; | ValueOrArray<T> |
 | type_alias.ts:9:1:15:13 | type Js ... Json[]; | Json |
@@ -921,6 +967,34 @@ getTypeExprType
 | tst.ts:383:43:383:43 | T | T |
 | tst.ts:383:49:383:49 | T | T |
 | tst.ts:383:53:383:53 | T | T |
+| tst.ts:391:8:391:13 | Colors | Colors |
+| tst.ts:391:17:391:21 | "red" | "red" |
+| tst.ts:391:17:391:40 | "red" \| ...  "blue" | "red" \| "green" \| "blue" |
+| tst.ts:391:25:391:31 | "green" | "green" |
+| tst.ts:391:35:391:40 | "blue" | "blue" |
+| tst.ts:393:8:393:10 | RGB | RGB |
+| tst.ts:393:14:393:55 | [red: n ... number] | [red: number, green: number, blue: number] |
+| tst.ts:393:15:393:17 | red | any |
+| tst.ts:393:20:393:25 | number | number |
+| tst.ts:393:28:393:32 | green | any |
+| tst.ts:393:35:393:40 | number | number |
+| tst.ts:393:43:393:46 | blue | any |
+| tst.ts:393:49:393:54 | number | number |
+| tst.ts:399:15:399:20 | Record | Record<K, T> |
+| tst.ts:399:15:399:42 | Record< ...  \| RGB> | Record<Colors, string \| RGB> |
+| tst.ts:399:22:399:27 | Colors | Colors |
+| tst.ts:399:30:399:35 | string | string |
+| tst.ts:399:30:399:41 | string \| RGB | string \| RGB |
+| tst.ts:399:39:399:41 | RGB | RGB |
+| tst.ts:404:13:404:18 | RGBObj | RGBObj |
+| tst.ts:405:10:405:15 | number | number |
+| tst.ts:408:13:408:18 | HSVObj | HSVObj |
+| tst.ts:409:10:409:15 | number | number |
+| tst.ts:412:28:412:33 | RGBObj | RGBObj |
+| tst.ts:412:28:412:42 | RGBObj \| HSVObj | RGBObj \| HSVObj |
+| tst.ts:412:37:412:42 | HSVObj | HSVObj |
+| tst.ts:420:20:420:25 | string | string |
+| tst.ts:422:23:422:28 | string | string |
 | tstModuleCJS.cts:1:33:1:35 | 'a' | "a" |
 | tstModuleCJS.cts:1:33:1:41 | 'a' \| 'b' | "a" \| "b" |
 | tstModuleCJS.cts:1:39:1:41 | 'b' | "b" |
@@ -1005,6 +1079,7 @@ referenceDefinition
 | Color.green | type_definitions.ts:14:8:14:12 | green |
 | Color.red | type_definitions.ts:14:3:14:5 | red |
 | Colors | tst.ts:152:5:156:5 | interfa ... ;\\n    } |
+| Colors | tst.ts:391:3:391:41 | type Co ... "blue"; |
 | Data | tst.ts:171:5:173:5 | interfa ... ;\\n    } |
 | Derived | tst.ts:243:3:250:3 | class D ...   }\\n  } |
 | E | type_definition_objects.ts:6:8:6:16 | enum E {} |
@@ -1015,6 +1090,7 @@ referenceDefinition
 | Foo | tst.ts:165:5:167:5 | interfa ... ;\\n    } |
 | Foo | tst.ts:179:3:192:3 | class F ...    \\n  } |
 | Func | tst.ts:289:3:289:63 | type Fu ... > void; |
+| HSVObj | tst.ts:408:3:410:3 | interfa ... er;\\n  } |
 | HasArea | tst.ts:58:1:60:1 | interfa ... mber;\\n} |
 | I<S> | type_definitions.ts:3:1:5:1 | interfa ... x: S;\\n} |
 | I<number> | type_definitions.ts:3:1:5:1 | interfa ... x: S;\\n} |
@@ -1023,6 +1099,9 @@ referenceDefinition
 | MyUnion2 | tst.ts:68:1:68:49 | type My ...  true}; |
 | NonAbstractDummy | tst.ts:54:1:56:1 | interfa ... mber;\\n} |
 | Person | tst.ts:222:3:234:3 | class P ...   }\\n  } |
+| Person | tst.ts:419:3:425:3 | class P ...   }\\n  } |
+| RGB | tst.ts:393:3:393:56 | type RG ... umber]; |
+| RGBObj | tst.ts:404:3:406:3 | interfa ... er;\\n  } |
 | Shape | tst.ts:140:3:142:47 | type Sh ... mber }; |
 | State<T> | tst.ts:342:1:345:1 | interfa ... void;\\n} |
 | State<number> | tst.ts:342:1:345:1 | interfa ... void;\\n} |
@@ -1076,6 +1155,15 @@ tupleTypes
 | tst.ts:385:55:385:72 | [0, false, "bye!"] | [number, boolean, string] | 0 | number | 3 | no-rest |
 | tst.ts:385:55:385:72 | [0, false, "bye!"] | [number, boolean, string] | 1 | boolean | 3 | no-rest |
 | tst.ts:385:55:385:72 | [0, false, "bye!"] | [number, boolean, string] | 2 | string | 3 | no-rest |
+| tst.ts:396:5:396:7 | red | [red: number, green: number, blue: number] | 0 | number | 3 | no-rest |
+| tst.ts:396:5:396:7 | red | [red: number, green: number, blue: number] | 1 | number | 3 | no-rest |
+| tst.ts:396:5:396:7 | red | [red: number, green: number, blue: number] | 2 | number | 3 | no-rest |
+| tst.ts:402:24:402:34 | palette.red | [red: number, green: number, blue: number] | 0 | number | 3 | no-rest |
+| tst.ts:402:24:402:34 | palette.red | [red: number, green: number, blue: number] | 1 | number | 3 | no-rest |
+| tst.ts:402:24:402:34 | palette.red | [red: number, green: number, blue: number] | 2 | number | 3 | no-rest |
+| tst.ts:402:32:402:34 | red | [red: number, green: number, blue: number] | 0 | number | 3 | no-rest |
+| tst.ts:402:32:402:34 | red | [red: number, green: number, blue: number] | 1 | number | 3 | no-rest |
+| tst.ts:402:32:402:34 | red | [red: number, green: number, blue: number] | 2 | number | 3 | no-rest |
 unknownType
 | tst.ts:40:5:40:15 | unknownType | unknown |
 | tst.ts:47:8:47:8 | e | unknown |
@@ -1100,14 +1188,17 @@ unionIndex
 | "b" | 1 | "a" \| "b" |
 | "b" | 4 | number \| boolean \| "a" \| "b" |
 | "bigint" | 2 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
+| "blue" | 2 | "red" \| "green" \| "blue" |
 | "boolean" | 2 | keyof TypeMap |
 | "boolean" | 3 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
 | "circle" | 0 | "circle" \| "square" |
 | "function" | 7 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
+| "green" | 1 | "red" \| "green" \| "blue" |
 | "hello" | 0 | "hello" \| 42 |
 | "number" | 1 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
 | "number" | 1 | keyof TypeMap |
 | "object" | 6 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
+| "red" | 0 | "red" \| "green" \| "blue" |
 | "square" | 1 | "circle" \| "square" |
 | "string" | 0 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
 | "string" | 0 | keyof TypeMap |
@@ -1115,10 +1206,13 @@ unionIndex
 | "undefined" | 5 | "string" \| "number" \| "bigint" \| "boolean" \| "s... |
 | Error | 1 | Success \| Error |
 | Error | 1 | string \| Error |
+| HSVObj | 1 | RGBObj \| HSVObj |
 | Json[] | 5 | string \| number \| boolean \| { [property: string... |
 | Promise<number> | 2 | boolean \| Promise<number> |
 | PromiseLike<TResult1> | 1 | TResult1 \| PromiseLike<TResult1> |
 | PromiseLike<TResult2> | 1 | TResult2 \| PromiseLike<TResult2> |
+| RGB | 1 | string \| RGB |
+| RGBObj | 0 | RGBObj \| HSVObj |
 | Success | 0 | Success \| Error |
 | T | 0 | T \| ValueOrArray<T>[] |
 | TResult1 | 0 | TResult1 \| PromiseLike<TResult1> |
@@ -1147,6 +1241,7 @@ unionIndex
 | number | 1 | string \| number \| true |
 | string | 0 | VirtualNode \| { [key: string]: any; } |
 | string | 0 | string \| Error |
+| string | 0 | string \| RGB |
 | string | 0 | string \| [string, { [key: string]: any; }, ...V... |
 | string | 0 | string \| number |
 | string | 0 | string \| number \| boolean |
diff --git a/javascript/ql/test/library-tests/TypeScript/Types/tst.ts b/javascript/ql/test/library-tests/TypeScript/Types/tst.ts
index 67e31b27afa..74411db37a9 100644
--- a/javascript/ql/test/library-tests/TypeScript/Types/tst.ts
+++ b/javascript/ql/test/library-tests/TypeScript/Types/tst.ts
@@ -383,4 +383,44 @@ module TS48 {
     declare function chooseRandomly<T>(x: T, y: T): T;
 
     let [a, b, c] = chooseRandomly([42, true, "hi!"], [0, false, "bye!"]);    
+}
+
+/////////////////
+
+module TS49 {
+  type Colors = "red" | "green" | "blue";
+
+  type RGB = [red: number, green: number, blue: number];
+
+  const palette = {
+    red: [255, 0, 0],
+    green: "#00ff00",
+    bleu: [0, 0, 255],
+  } satisfies Record<Colors, string | RGB>;
+
+  // Both of these methods are still accessible!
+  const redComponent = palette.red.at(0);
+
+  interface RGBObj {
+    red: number;
+  }
+
+  interface HSVObj {
+    hue: number;
+  }
+
+  function setColor(color: RGBObj | HSVObj) {
+    if ("hue" in color) {
+      let h = color; // <- HSVObj
+    }
+  }
+
+  // auto-accessors
+  class Person {
+    accessor name: string; // behaves as a normal field for our purposes
+
+    constructor(name: string) {
+      this.name = name;
+    }
+  }
 }
\ No newline at end of file
diff --git a/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected b/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected
index c3bd4a86afe..e6c285607c4 100644
--- a/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected
+++ b/javascript/ql/test/library-tests/frameworks/HTTP/RemoteRequestInput.expected
@@ -35,4 +35,3 @@
 | restify.js:9:5:9:17 | req.trailer() | header |
 | restify.js:10:5:10:16 | req.header() | header |
 | restify.js:11:5:11:11 | req.url | url |
-| restify.js:12:5:12:15 | req.cookies | cookie |
diff --git a/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql b/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql
index 787d0a5fdc4..e96cbc4b70f 100644
--- a/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql
+++ b/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql
@@ -1,3 +1,3 @@
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.ReflectedXss
-import semmle.javascript.security.dataflow.ServerSideUrlRedirect
+import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss
+import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery as ServerSideUrlRedirect
diff --git a/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected b/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
index 7d2d6abfddb..78c2c35309f 100644
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
@@ -299,11 +299,13 @@ test_RemoteFlowSources
 | src/http.js:30:28:30:32 | chunk |
 | src/http.js:40:23:40:30 | authInfo |
 | src/http.js:45:23:45:27 | error |
+| src/http.js:63:17:63:33 | req.query.myParam |
 | src/http.js:73:18:73:22 | chunk |
 | src/http.js:82:18:82:22 | chunk |
 | src/https.js:6:26:6:32 | req.url |
 | src/https.js:8:3:8:20 | req.headers.cookie |
 | src/https.js:9:3:9:17 | req.headers.foo |
+| src/indirect2.js:10:12:10:25 | req.params.key |
 | src/indirect.js:17:28:17:34 | req.url |
 test_RouteHandler
 | createServer.js:2:20:2:41 | functio ... res) {} | createServer.js:2:1:2:42 | https.c ... es) {}) |
diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/src/index.js b/javascript/ql/test/library-tests/frameworks/Restify2/src/index.js
new file mode 100644
index 00000000000..9031aa24564
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Restify2/src/index.js
@@ -0,0 +1,214 @@
+var restify = require('restify');
+const restifyPlugins = require('restify-plugins');
+var clients = require('restify-clients');
+
+const opts = {
+  formatters: {
+    'text/plain': function(req, res, body) { // test: formatter
+      if (body instanceof Error) {
+        return '<html><body>' + body.message + '</body></html>'; // test: stackTraceExposureSink
+      } else {
+        return '<html><body>' + body + req.params.name + '</body></html>'; // test: source, stackTraceExposureSink, !xssSink, !xss
+      }
+    }
+  }
+}
+const _server = restify.createServer(opts)
+
+const server = restify.createServer({
+  formatters: {
+    'text/html': function(req, res, body) { // test: formatter
+      if (body instanceof Error) {
+        return '<html><body>' + body.message + '</body></html>'; // test: stackTraceExposureSink, xssSink
+      } else {
+        return '<html><body>' + body + req.params.name + '</body></html>'; // test: source, stackTraceExposureSink, xssSink, xss
+      }
+    }
+  }
+});
+
+// The pre handler chain is executed before routing. That means these handlers will execute for an incoming request even if it’s for a route that you did not register.
+server.pre(restify.plugins.pre.dedupeSlashes());
+server.pre(function(req, res, next) { // test: handler
+  return next();
+});
+
+// The use handler chains is executed after a route has been chosen to service the request. 
+server.use(restifyPlugins.jsonBodyParser({ mapParams: true })); // TODO: prototype pollution?
+server.use(restifyPlugins.acceptParser(server.acceptable));
+server.use(restifyPlugins.queryParser({ mapParams: true })); // TODO: prototype pollution?
+server.use(restifyPlugins.fullResponse());
+server.use(function(req, res, next) { // test: handler
+  return next();
+});
+function filter(req, res, next) { // test: handler
+  return next();
+}
+function filter1(req, res, next) { // test: handler
+  return next();
+}
+function filter2(req, res, next) { // test: handler
+  return next();
+}
+function filter3(req, res, next) { // test: handler
+  return next();
+}
+function filter4(req, res, next) { // test: handler
+  return next();
+}
+function filter5(req, res, next) { // test: handler
+  return next();
+}
+function filter6(req, res, next) { // test: handler
+  return next();
+}
+const handlers = [filter5, filter6];
+server.use(filter); // test: setup
+server.use(filter1, filter2); // test: setup
+server.use([filter3, filter4]); // test: setup
+server.use(handlers); // setup
+
+function respond(req, res, next) { // test: handler
+  res.send('hello ' + req.params.name); // test: source, stackTraceExposureSink 
+  res.send('hello ' + req.params["name"]); // test: source, stackTraceExposureSink
+  res.send('hello ' + req.query.name); // test: source, stackTraceExposureSink
+  res.send('hello ' + req.params[0]); // test: source, stackTraceExposureSink
+
+  res.redirect({
+    hostname: req.params.name, // test: source, redirectSink
+    pathname: '/bar',
+    port: 80,
+    secure: true,
+    permanent: true,
+    query: {
+      a: 1
+    }
+  }, next);
+  res.redirect(301, req.params.name, next); // test: source, redirectSink
+  res.redirect(req.params.name, next); // test: source, redirectSink
+  next();
+}
+server.get('/hello/:name', respond); // test: setup
+server.head('/hello/:name', respond); // test: setup
+server.get('/', function(req, res, next) { // test: setup, handler
+  res.send('home')
+  return next();
+});
+
+server.get('/foo', // test: setup
+  function(req, res, next) { // test: handler
+    req.someData = req.params.name; // test: source
+    return next();
+  },
+  function(req, res, next) { // test: handler
+    res.header("Content-Type", "text/html"); // test: headerDefinition
+    res.send(req.someData); // test: stackTraceExposureSink, xssSink, xss
+    return next();
+  }
+);
+
+server.get('/foo2', // test: setup
+  [function(req, res, next) { // test: handler
+    req.someData = 'foo';
+    return next();
+  },
+  function(req, res, next) { // test: handler
+    res.send(req.someData); // test: stackTraceExposureSink
+    return next();
+  }]
+);
+
+function xss(req, res, next) { // test: handler
+  res.header("Content-Type", "text/html"); // test: headerDefinition
+  res.send('hello ' + req.query.name); // test: source, stackTraceExposureSink, xssSink, xss
+  next();
+}
+
+function xss2(req, res, next) { // test: candidateHandler
+  next()
+}
+
+function xss3(req, res, next) { // test: handler
+  res.header("Content-Type", "text/html"); // test: headerDefinition
+  res.send('hello ' + req.header("foo")); // test: source, stackTraceExposureSink, xssSink, !xss
+  next();
+}
+
+function xss4(req, res, next) { // test: handler
+  var body = req.params.name; // test: source
+  res.writeHead(200, {
+    'Content-Length': Buffer.byteLength(body),
+    'Content-Type': 'text/html'
+  });
+  res.write(body); // test: stackTraceExposureSink, xssSink, xss
+  res.end();
+  next();
+}
+
+server["get"]('/xss', xss); // test: setup
+["get", "head"].forEach(method => {
+  server[method]('/xss2', xss2);
+});
+server["get"]('/xss3', xss3); // test: setup
+server["get"]('/xss4', xss4); // test: setup
+
+
+server.get('/testv2', function(req, res, next) { // test: handler
+  res.set({
+    "Content-Type": "text/html",
+    "access-control-allow-origin": "*", // test: corsMiconfigurationSink
+    "access-control-allow-headers": "Content-Type, Authorization, Content-Length, X-Requested-With",
+    "access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "access-control-allow-credentials": "true"
+  })
+  res.send('hello ' + req.params.name); // test: source, stackTraceExposureSink, xssSink, xss
+  clients.createJsonClient({
+    url: req.params.uri, // test: source, ssrfSink
+  });
+  clients.createJsonClient(req.params.uri); // test: source, ssrfSink
+
+  next();
+})
+
+server.get('/hello2/:name', restify.plugins.conditionalHandler([ // test: setup
+  { version: ['2.0.0', '2.1.0', '2.2.0'], handler: sendV2 }
+]));
+
+server.get('/version/test', restify.plugins.conditionalHandler([ //test: setup
+  {
+    version: ['2.0.0', '2.1.0', '2.2.0'],
+    handler: function(req, res, next) {  // test: candidateHandler
+      res.send(200, {
+        requestedVersion: req.version(),
+        matchedVersion: req.matchedVersion()
+      });
+      return next();
+    }
+  }
+]));
+
+server.on('InternalServer', function(req, res, err, callback) { // test: setup, handler
+  return callback();
+});
+
+server.on('restifyError', function(req, res, err, callback) { // test: setup, handler
+  return callback();
+});
+server.on('after', function(req, res, route, error) { // test: setup, handler
+});
+server.on('pre', function(req, res) { // test: setup, handler
+});
+server.on('routed', function(req, res, route) { // test: setup, handler
+  res.header("Content-Type", "text/plain")
+  res.send(req.params.foo) // test: source, !xssSink, !xss
+});
+server.on('uncaughtException', function(req, res, route, err) { // test: setup, handler
+  res.header("Content-Type", "text/html")
+  res.send(req.params.foo) // test: source, xssSink, xss
+});
+
+
+server.listen(8080, function() {
+  console.log('%s listening at %s', server.name, server.url);
+});
+
diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/tests.expected b/javascript/ql/test/library-tests/frameworks/Restify2/tests.expected
new file mode 100644
index 00000000000..678104f52a8
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Restify2/tests.expected
@@ -0,0 +1,110 @@
+passingPositiveTests
+| PASSED | candidateHandler | src/index.js:127:33:127:57 | // test ... Handler |
+| PASSED | candidateHandler | src/index.js:180:42:180:66 | // test ... Handler |
+| PASSED | corsMiconfigurationSink | src/index.js:159:41:159:72 | // test ... ionSink |
+| PASSED | handler | src/index.js:32:39:32:54 | // test: handler |
+| PASSED | handler | src/index.js:41:39:41:54 | // test: handler |
+| PASSED | handler | src/index.js:44:35:44:50 | // test: handler |
+| PASSED | handler | src/index.js:47:36:47:51 | // test: handler |
+| PASSED | handler | src/index.js:50:36:50:51 | // test: handler |
+| PASSED | handler | src/index.js:53:36:53:51 | // test: handler |
+| PASSED | handler | src/index.js:56:36:56:51 | // test: handler |
+| PASSED | handler | src/index.js:59:36:59:51 | // test: handler |
+| PASSED | handler | src/index.js:62:36:62:51 | // test: handler |
+| PASSED | handler | src/index.js:71:36:71:51 | // test: handler |
+| PASSED | handler | src/index.js:93:44:93:66 | // test ... handler |
+| PASSED | handler | src/index.js:99:30:99:45 | // test: handler |
+| PASSED | handler | src/index.js:103:30:103:45 | // test: handler |
+| PASSED | handler | src/index.js:111:31:111:46 | // test: handler |
+| PASSED | handler | src/index.js:115:30:115:45 | // test: handler |
+| PASSED | handler | src/index.js:121:32:121:47 | // test: handler |
+| PASSED | handler | src/index.js:131:33:131:48 | // test: handler |
+| PASSED | handler | src/index.js:137:33:137:48 | // test: handler |
+| PASSED | handler | src/index.js:156:50:156:65 | // test: handler |
+| PASSED | handler | src/index.js:190:65:190:87 | // test ... handler |
+| PASSED | handler | src/index.js:194:63:194:85 | // test ... handler |
+| PASSED | handler | src/index.js:197:55:197:77 | // test ... handler |
+| PASSED | handler | src/index.js:199:39:199:61 | // test ... handler |
+| PASSED | handler | src/index.js:201:49:201:71 | // test ... handler |
+| PASSED | handler | src/index.js:205:65:205:87 | // test ... handler |
+| PASSED | headerDefinition | src/index.js:104:46:104:70 | // test ... inition |
+| PASSED | headerDefinition | src/index.js:122:44:122:68 | // test ... inition |
+| PASSED | headerDefinition | src/index.js:132:44:132:68 | // test ... inition |
+| PASSED | redirectSink | src/index.js:78:32:78:60 | // test ... ectSink |
+| PASSED | redirectSink | src/index.js:87:45:87:73 | // test ... ectSink |
+| PASSED | redirectSink | src/index.js:88:40:88:68 | // test ... ectSink |
+| PASSED | setup | src/index.js:66:21:66:34 | // test: setup |
+| PASSED | setup | src/index.js:67:31:67:44 | // test: setup |
+| PASSED | setup | src/index.js:68:33:68:46 | // test: setup |
+| PASSED | setup | src/index.js:91:38:91:51 | // test: setup |
+| PASSED | setup | src/index.js:92:39:92:52 | // test: setup |
+| PASSED | setup | src/index.js:93:44:93:66 | // test ... handler |
+| PASSED | setup | src/index.js:98:20:98:33 | // test: setup |
+| PASSED | setup | src/index.js:110:21:110:34 | // test: setup |
+| PASSED | setup | src/index.js:148:29:148:42 | // test: setup |
+| PASSED | setup | src/index.js:152:31:152:44 | // test: setup |
+| PASSED | setup | src/index.js:153:31:153:44 | // test: setup |
+| PASSED | setup | src/index.js:173:66:173:79 | // test: setup |
+| PASSED | setup | src/index.js:177:66:177:78 | //test: setup |
+| PASSED | setup | src/index.js:190:65:190:87 | // test ... handler |
+| PASSED | setup | src/index.js:194:63:194:85 | // test ... handler |
+| PASSED | setup | src/index.js:197:55:197:77 | // test ... handler |
+| PASSED | setup | src/index.js:199:39:199:61 | // test ... handler |
+| PASSED | setup | src/index.js:201:49:201:71 | // test ... handler |
+| PASSED | setup | src/index.js:205:65:205:87 | // test ... handler |
+| PASSED | source | src/index.js:11:76:11:130 | // test ... k, !xss |
+| PASSED | source | src/index.js:24:76:24:128 | // test ... nk, xss |
+| PASSED | source | src/index.js:72:41:72:80 | // test ... reSink  |
+| PASSED | source | src/index.js:73:44:73:82 | // test ... ureSink |
+| PASSED | source | src/index.js:74:40:74:78 | // test ... ureSink |
+| PASSED | source | src/index.js:75:39:75:77 | // test ... ureSink |
+| PASSED | source | src/index.js:78:32:78:60 | // test ... ectSink |
+| PASSED | source | src/index.js:87:45:87:73 | // test ... ectSink |
+| PASSED | source | src/index.js:88:40:88:68 | // test ... ectSink |
+| PASSED | source | src/index.js:100:37:100:51 | // test: source |
+| PASSED | source | src/index.js:123:40:123:92 | // test ... nk, xss |
+| PASSED | source | src/index.js:133:43:133:96 | // test ... k, !xss |
+| PASSED | source | src/index.js:138:31:138:45 | // test: source |
+| PASSED | source | src/index.js:164:41:164:93 | // test ... nk, xss |
+| PASSED | source | src/index.js:166:26:166:50 | // test ... srfSink |
+| PASSED | source | src/index.js:168:45:168:69 | // test ... srfSink |
+| PASSED | source | src/index.js:203:28:203:58 | // test ... k, !xss |
+| PASSED | source | src/index.js:207:28:207:56 | // test ... nk, xss |
+| PASSED | ssrfSink | src/index.js:166:26:166:50 | // test ... srfSink |
+| PASSED | ssrfSink | src/index.js:168:45:168:69 | // test ... srfSink |
+| PASSED | stackTraceExposureSink | src/index.js:9:66:9:96 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | src/index.js:11:76:11:130 | // test ... k, !xss |
+| PASSED | stackTraceExposureSink | src/index.js:22:66:22:105 | // test ... xssSink |
+| PASSED | stackTraceExposureSink | src/index.js:24:76:24:128 | // test ... nk, xss |
+| PASSED | stackTraceExposureSink | src/index.js:72:41:72:80 | // test ... reSink  |
+| PASSED | stackTraceExposureSink | src/index.js:73:44:73:82 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | src/index.js:74:40:74:78 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | src/index.js:75:39:75:77 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | src/index.js:105:29:105:73 | // test ... nk, xss |
+| PASSED | stackTraceExposureSink | src/index.js:116:29:116:59 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | src/index.js:123:40:123:92 | // test ... nk, xss |
+| PASSED | stackTraceExposureSink | src/index.js:133:43:133:96 | // test ... k, !xss |
+| PASSED | stackTraceExposureSink | src/index.js:143:20:143:64 | // test ... nk, xss |
+| PASSED | stackTraceExposureSink | src/index.js:164:41:164:93 | // test ... nk, xss |
+| PASSED | xss | src/index.js:24:76:24:128 | // test ... nk, xss |
+| PASSED | xss | src/index.js:105:29:105:73 | // test ... nk, xss |
+| PASSED | xss | src/index.js:123:40:123:92 | // test ... nk, xss |
+| PASSED | xss | src/index.js:143:20:143:64 | // test ... nk, xss |
+| PASSED | xss | src/index.js:164:41:164:93 | // test ... nk, xss |
+| PASSED | xss | src/index.js:207:28:207:56 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:22:66:22:105 | // test ... xssSink |
+| PASSED | xssSink | src/index.js:24:76:24:128 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:105:29:105:73 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:123:40:123:92 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:133:43:133:96 | // test ... k, !xss |
+| PASSED | xssSink | src/index.js:143:20:143:64 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:164:41:164:93 | // test ... nk, xss |
+| PASSED | xssSink | src/index.js:207:28:207:56 | // test ... nk, xss |
+failingPositiveTests
+passingNegativeTests
+| PASSED | !xss | src/index.js:11:76:11:130 | // test ... k, !xss |
+| PASSED | !xss | src/index.js:133:43:133:96 | // test ... k, !xss |
+| PASSED | !xss | src/index.js:203:28:203:58 | // test ... k, !xss |
+| PASSED | !xssSink | src/index.js:11:76:11:130 | // test ... k, !xss |
+| PASSED | !xssSink | src/index.js:203:28:203:58 | // test ... k, !xss |
+failingNegativeTests
diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql
new file mode 100644
index 00000000000..e385b558458
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql
@@ -0,0 +1,229 @@
+import javascript
+import semmle.javascript.security.dataflow.CleartextStorageCustomizations
+import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
+import semmle.javascript.security.dataflow.StackTraceExposureCustomizations
+import semmle.javascript.security.dataflow.ServerSideUrlRedirectCustomizations
+import semmle.javascript.security.dataflow.RequestForgeryCustomizations
+import semmle.javascript.security.dataflow.ReflectedXssCustomizations
+import semmle.javascript.security.dataflow.ReflectedXssQuery as XssConfig
+
+class InlineTest extends LineComment {
+  string tests;
+
+  InlineTest() { tests = this.getText().regexpCapture("\\s*test:(.*)", 1) }
+
+  string getPositiveTest() {
+    result = tests.trim().splitAt(",").trim() and not result.matches("!%")
+  }
+
+  string getNegativeTest() { result = tests.trim().splitAt(",").trim() and result.matches("!%") }
+
+  predicate hasPositiveTest(string test) { test = this.getPositiveTest() }
+
+  predicate hasNegativeTest(string test) { test = this.getNegativeTest() }
+
+  predicate inNode(DataFlow::Node n) {
+    this.getLocation().getFile() = n.getFile() and
+    this.getLocation().getStartLine() = n.getStartLine()
+  }
+}
+
+query predicate passingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "PASSED" and
+  t.hasPositiveTest(expectation) and
+  (
+    expectation = "headerDefinition" and
+    exists(Http::HeaderDefinition n | t.inNode(n))
+    or
+    expectation = "cookieDefinition" and
+    exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "templateInstantiation" and
+    exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "source" and
+    exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "setup" and
+    exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "handler" and
+    exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "candidateHandler" and
+    exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "xssSink" and
+    exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "xss" and
+    exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "cleartextStorageSink" and
+    exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "corsMiconfigurationSink" and
+    exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "stackTraceExposureSink" and
+    exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "redirectSink" and
+    exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "ssrfSink" and
+    exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate failingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "FAILED" and
+  t.hasPositiveTest(expectation) and
+  (
+    expectation = "headerDefinition" and
+    not exists(Http::HeaderDefinition n | t.inNode(n))
+    or
+    expectation = "cookieDefinition" and
+    not exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "templateInstantiation" and
+    not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "source" and
+    not exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "setup" and
+    not exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "handler" and
+    not exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "candidateHandler" and
+    not exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "xssSink" and
+    not exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "xss" and
+    not exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "cleartextStorageSink" and
+    not exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "corsMiconfigurationSink" and
+    not exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "stackTraceExposureSink" and
+    not exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "redirectSink" and
+    not exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "ssrfSink" and
+    not exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate passingNegativeTests(string res, string expectation, InlineTest t) {
+  res = "PASSED" and
+  t.hasNegativeTest(expectation) and
+  (
+    expectation = "!headerDefinition" and
+    not exists(Http::HeaderDefinition n | t.inNode(n))
+    or
+    expectation = "!cookieDefinition" and
+    not exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "!templateInstantiation" and
+    not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "!source" and
+    not exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "!setup" and
+    not exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "!handler" and
+    not exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "!candidateHandler" and
+    not exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "!xssSink" and
+    not exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "!xss" and
+    not exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "!cleartextStorageSink" and
+    not exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "!corsMiconfigurationSink" and
+    not exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "!stackTraceExposureSink" and
+    not exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "!redirectSink" and
+    not exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "!ssrfSink" and
+    not exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate failingNegativeTests(string res, string expectation, InlineTest t) {
+  res = "FAILED" and
+  t.hasNegativeTest(expectation) and
+  (
+    expectation = "!headerDefinition" and
+    exists(Http::HeaderDefinition n | t.inNode(n))
+    or
+    expectation = "!cookieDefinition" and
+    exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "!templateInstantiation" and
+    exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "!source" and
+    exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "!setup" and
+    exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "!handler" and
+    exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "!candidateHandler" and
+    exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "!xssSink" and
+    exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "!xss" and
+    exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "!cleartextStorageSink" and
+    exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "!corsMiconfigurationSink" and
+    exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "!stackTraceExposureSink" and
+    exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "!redirectSink" and
+    exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "!ssrfSink" and
+    exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/lib/routes/index.js b/javascript/ql/test/library-tests/frameworks/Spife/lib/routes/index.js
new file mode 100644
index 00000000000..cd7ac6340c5
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Spife/lib/routes/index.js
@@ -0,0 +1,28 @@
+'use strict'
+
+const routes = require('@npm/spife/routing')
+
+module.exports = routes`
+  GET / homepage
+  GET /test1 test1
+  GET /test1 test2
+  GET /test4 test4
+  GET /test5 test5
+  GET /test6 test6
+  GET /raw1 raw1
+  GET /raw2 raw2
+  POST /body parseBody
+  GET /redirect/:redirect_url redirect
+  POST /packages/new createPackage
+`(require('../views'))
+
+
+const a = routes`GET /packages/package/${p} viewPackage`(require('../views')) // test:routeSetup
+
+const b = routes`GET / list`({ ...require('../views'), ...require('../views/orgs') }) // test: routeSetup
+
+const c = routes`POST  /message  handleMessage`({ handleMessage: console.log }) // test: routeSetup
+
+const d = routes`GET /version versionHandler`({ versionHandler: (req, context) => { console.log(req) } }) // test: routeSetup
+
+const e = routes`GET / handler`({ handler: async (req, context) => { console.log(req) } }) // test: routeSetup
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/lib/routes/parameters.js b/javascript/ql/test/library-tests/frameworks/Spife/lib/routes/parameters.js
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/lib/settings.js b/javascript/ql/test/library-tests/frameworks/Spife/lib/settings.js
new file mode 100644
index 00000000000..5d3b9824132
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Spife/lib/settings.js
@@ -0,0 +1,46 @@
+'use strict'
+
+const { Environment, FileSystemLoader } = require('nunjucks')
+const Loader = require('@npm/spife/templates/loader')
+const path = require('path')
+
+const isDev = !new Set(['prod', 'production', 'stag', 'staging']).has(
+  process.env.NODE_ENV
+)
+
+const templateDirs = [path.join(__dirname, '..', 'templates')]
+const nunjucksEnv = new Environment(new FileSystemLoader(templateDirs))
+const nunjucksLoader = new Loader({
+  dirs: templateDirs,
+  load (resolved) {
+    const template = nunjucksEnv.getTemplate(resolved.path, true)
+    return context => {
+      return template.render(context)
+    }
+  }
+})
+
+module.exports = {
+  DEBUG: process.env.DEBUG,
+  ENABLE_FORM_PARSING: false,
+  METRICS: process.env.METRICS,
+  MIDDLEWARE: [
+    '@npm/spife/middleware/debug',
+    ['@npm/spife/middleware/template', [
+      nunjucksLoader
+    ], [
+      // template context processors go here
+    ]],
+    '@npm/spife/middleware/common',
+    '@npm/spife/middleware/logging',
+    '@npm/spife/middleware/metrics',
+    '@npm/spife/middleware/monitor',
+    '@npm/spife/middleware/hot-reload',
+    ['@npm/spife/middleware/csrf', { secureCookie: !isDev }]
+  ],
+  NAME: 'nunjucks-example',
+  NODE_ENV: process.env.NODE_ENV,
+  PORT: 8124,
+  ROUTER: './routes/index.js',
+  HOT: true
+}
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/lib/views/index.js b/javascript/ql/test/library-tests/frameworks/Spife/lib/views/index.js
new file mode 100644
index 00000000000..51fe2622603
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Spife/lib/views/index.js
@@ -0,0 +1,115 @@
+'use strict'
+
+const reply = require('@npm/spife/reply')
+const validate = require('@npm/spife/decorators/validate')
+const joi = require('@npm/spife/joi')
+const concat = require('concat-stream')
+
+const createPackageSchema = joi.object().keys({
+  contents: joi.string().max(200).required(),
+  destination: joi.any().valid([
+    joi.object({
+      name: joi.string().max(200).required(),
+      address: joi.string().max(200).required()
+    }),
+    joi.string().min(1)
+  ])
+})
+
+module.exports = { homepage, parseBody, raw1, raw2, test1, test2, test3, test4, test5, test6, redirect, createPackage: validate.body(createPackageSchema, createPackage), }
+
+function sink(obj) { console.log(obj) }
+
+function createPackage(req, context) { // test: handler
+  const tainted = req.validatedBody.get('destination') // test: source
+  sink(taitned)
+}
+
+function homepage(req, context) { // test: handler
+  sink(req.cookie("test")) // test: source
+  sink(req.cookies().test) // test: source
+  sink(req.headers.test) // test: source
+  sink(req.rawHeaders[0]) // test: source
+  sink(req.raw.headers) // test: source
+  sink(req.url) // test: source
+  sink(req.urlObject.pathname) // test: source
+  sink(context.get('package')) // test: source
+  sink(context)
+  return reply.template('home', { target: req.query.name }) // test: source, templateInstantiation, stackTraceExposureSink, responseBody
+}
+
+function raw1(req, context) { // test: handler
+  sink(req.query.name) // test: source
+  return reply(req.query.name, 200, { // test: source, xssSink, stackTraceExposureSink, xss
+    "content-type": "text/html", // test: headerDefinition
+    "access-control-allow-origin": "*", // test: corsMiconfigurationSink, headerDefinition
+    "access-control-allow-headers": "Content-Type, Authorization, Content-Length, X-Requested-With", // test: headerDefinition
+    "access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS", // test: headerDefinition
+    "access-control-allow-credentials": "true" //test: headerDefinition
+
+  })
+}
+
+function redirect(req, context) { // test: handler
+  return reply.redirect(context.get('redirect_url')) // test: redirectSink, source
+}
+function raw2(req, context) { // test: handler
+  return reply.cookie({ "test": req.query.name }, "test", req.query.name, { "httpOnly": false, "secure": false }) // test: source, cleartextStorageSink, stackTraceExposureSink, cookieDefinition
+}
+
+function test1(req, context) { // test: handler
+  switch (req.accept.type(['json', 'html', 'plain'])) {
+    case 'json':
+      return { "some": req.query.name } // test: source, stackTraceExposureSink
+    case 'html':
+      return reply.header('<p>' + req.query.name + '</p>', 'content-type', 'text/html') // test: source, xssSink, stackTraceExposureSink, xss, headerDefinition
+    case 'plain':
+      return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition, headerDefinition
+  }
+  return 'well, I guess you just want plaintext.'
+}
+
+function test2(req, context) { // test: handler
+  switch (req.accept.type(['json', 'html'])) {
+    case 'json':
+      return { "some": req.query.name } // test: source, stackTraceExposureSink
+    case 'html':
+      return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition
+  }
+  return 'well, I guess you just want plaintext.'
+}
+
+function test3(req, context) { // test: candidateHandler
+  return reply('<p>' + req.query.name + '</p>')
+}
+
+function test4(req, context) { // test: handler
+  const body = req.body // test: source
+  const newPackument = body['package-json']
+  const message = `INFO: User invited to package ${newPackument._id} successfully.`
+  return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss, headerDefinition
+}
+
+function test5(req, context) { // test: handler
+  const body = req.body // test: source
+  const newPackument = body['package-json']
+  const message = `INFO: User invited to package ${newPackument._id} successfully.`
+  return reply(message, 200) // test: stackTraceExposureSink, !xssSink, !xss
+}
+
+function test6(req, context) { // test: handler
+  const body = req.body // test: source
+  const newPackument = body['package-json']
+  const message = `INFO: User invited to package ${newPackument._id} successfully.`
+  if (message.contains('foo')) {
+    return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss, headerDefinition
+  } else {
+    return reply(message, 200, { 'npm-notice': message, 'content-type': 'text/html' }) // test: stackTraceExposureSink, xssSink, xss, headerDefinition
+  }
+}
+
+function parseBody(req, context) {
+  return req.body.then(data => { // test: source, stackTraceExposureSink
+    sink(data.name)
+  })
+}
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/lib/views/orgs.js b/javascript/ql/test/library-tests/frameworks/Spife/lib/views/orgs.js
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/tests.expected b/javascript/ql/test/library-tests/frameworks/Spife/tests.expected
new file mode 100644
index 00000000000..e264b573792
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Spife/tests.expected
@@ -0,0 +1,89 @@
+passingPositiveTests
+| PASSED | candidateHandler | lib/views/index.js:82:32:82:56 | // test ... Handler |
+| PASSED | cleartextStorageSink | lib/views/index.js:57:115:57:193 | // test ... inition |
+| PASSED | cookieDefinition | lib/views/index.js:57:115:57:193 | // test ... inition |
+| PASSED | corsMiconfigurationSink | lib/views/index.js:45:41:45:90 | // test ... inition |
+| PASSED | handler | lib/views/index.js:23:40:23:55 | // test: handler |
+| PASSED | handler | lib/views/index.js:28:35:28:50 | // test: handler |
+| PASSED | handler | lib/views/index.js:41:31:41:46 | // test: handler |
+| PASSED | handler | lib/views/index.js:53:35:53:50 | // test: handler |
+| PASSED | handler | lib/views/index.js:56:31:56:46 | // test: handler |
+| PASSED | handler | lib/views/index.js:60:32:60:47 | // test: handler |
+| PASSED | handler | lib/views/index.js:72:32:72:47 | // test: handler |
+| PASSED | handler | lib/views/index.js:86:32:86:47 | // test: handler |
+| PASSED | handler | lib/views/index.js:93:32:93:47 | // test: handler |
+| PASSED | handler | lib/views/index.js:100:32:100:47 | // test: handler |
+| PASSED | headerDefinition | lib/views/index.js:44:34:44:58 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:45:41:45:90 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:46:102:46:126 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:47:72:47:96 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:48:48:48:71 | //test: ... inition |
+| PASSED | headerDefinition | lib/views/index.js:65:89:65:159 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:67:94:67:184 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:77:94:77:166 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:90:57:90:121 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:105:59:105:123 | // test ... inition |
+| PASSED | headerDefinition | lib/views/index.js:107:88:107:150 | // test ... inition |
+| PASSED | redirectSink | lib/views/index.js:54:54:54:82 | // test ...  source |
+| PASSED | responseBody | lib/views/index.js:38:61:38:136 | // test ... nseBody |
+| PASSED | routeSetup | lib/routes/index.js:20:79:20:96 | // test:routeSetup |
+| PASSED | routeSetup | lib/routes/index.js:22:87:22:105 | // test: routeSetup |
+| PASSED | routeSetup | lib/routes/index.js:24:81:24:99 | // test: routeSetup |
+| PASSED | routeSetup | lib/routes/index.js:26:107:26:125 | // test: routeSetup |
+| PASSED | routeSetup | lib/routes/index.js:28:92:28:110 | // test: routeSetup |
+| PASSED | source | lib/views/index.js:24:56:24:70 | // test: source |
+| PASSED | source | lib/views/index.js:29:28:29:42 | // test: source |
+| PASSED | source | lib/views/index.js:30:28:30:42 | // test: source |
+| PASSED | source | lib/views/index.js:31:26:31:40 | // test: source |
+| PASSED | source | lib/views/index.js:32:27:32:41 | // test: source |
+| PASSED | source | lib/views/index.js:33:25:33:39 | // test: source |
+| PASSED | source | lib/views/index.js:34:17:34:31 | // test: source |
+| PASSED | source | lib/views/index.js:35:32:35:46 | // test: source |
+| PASSED | source | lib/views/index.js:36:32:36:46 | // test: source |
+| PASSED | source | lib/views/index.js:38:61:38:136 | // test ... nseBody |
+| PASSED | source | lib/views/index.js:42:24:42:38 | // test: source |
+| PASSED | source | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
+| PASSED | source | lib/views/index.js:54:54:54:82 | // test ...  source |
+| PASSED | source | lib/views/index.js:57:115:57:193 | // test ... inition |
+| PASSED | source | lib/views/index.js:63:41:63:79 | // test ... ureSink |
+| PASSED | source | lib/views/index.js:65:89:65:159 | // test ... inition |
+| PASSED | source | lib/views/index.js:67:94:67:184 | // test ... inition |
+| PASSED | source | lib/views/index.js:75:41:75:79 | // test ... ureSink |
+| PASSED | source | lib/views/index.js:77:94:77:166 | // test ... inition |
+| PASSED | source | lib/views/index.js:87:25:87:39 | // test: source |
+| PASSED | source | lib/views/index.js:94:25:94:39 | // test: source |
+| PASSED | source | lib/views/index.js:101:25:101:39 | // test: source |
+| PASSED | source | lib/views/index.js:112:34:112:72 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | lib/views/index.js:38:61:38:136 | // test ... nseBody |
+| PASSED | stackTraceExposureSink | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
+| PASSED | stackTraceExposureSink | lib/views/index.js:57:115:57:193 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:63:41:63:79 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | lib/views/index.js:65:89:65:159 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:67:94:67:184 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:75:41:75:79 | // test ... ureSink |
+| PASSED | stackTraceExposureSink | lib/views/index.js:77:94:77:166 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:90:57:90:121 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
+| PASSED | stackTraceExposureSink | lib/views/index.js:105:59:105:123 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:107:88:107:150 | // test ... inition |
+| PASSED | stackTraceExposureSink | lib/views/index.js:112:34:112:72 | // test ... ureSink |
+| PASSED | templateInstantiation | lib/views/index.js:38:61:38:136 | // test ... nseBody |
+| PASSED | xss | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
+| PASSED | xss | lib/views/index.js:65:89:65:159 | // test ... inition |
+| PASSED | xss | lib/views/index.js:107:88:107:150 | // test ... inition |
+| PASSED | xssSink | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
+| PASSED | xssSink | lib/views/index.js:65:89:65:159 | // test ... inition |
+| PASSED | xssSink | lib/views/index.js:107:88:107:150 | // test ... inition |
+failingPositiveTests
+passingNegativeTests
+| PASSED | !xss | lib/views/index.js:67:94:67:184 | // test ... inition |
+| PASSED | !xss | lib/views/index.js:77:94:77:166 | // test ... inition |
+| PASSED | !xss | lib/views/index.js:90:57:90:121 | // test ... inition |
+| PASSED | !xss | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
+| PASSED | !xss | lib/views/index.js:105:59:105:123 | // test ... inition |
+| PASSED | !xssSink | lib/views/index.js:67:94:67:184 | // test ... inition |
+| PASSED | !xssSink | lib/views/index.js:77:94:77:166 | // test ... inition |
+| PASSED | !xssSink | lib/views/index.js:90:57:90:121 | // test ... inition |
+| PASSED | !xssSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
+| PASSED | !xssSink | lib/views/index.js:105:59:105:123 | // test ... inition |
+failingNegativeTests
diff --git a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql
new file mode 100644
index 00000000000..ef785a2860b
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql
@@ -0,0 +1,253 @@
+import javascript
+import semmle.javascript.security.dataflow.CleartextStorageCustomizations
+import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
+import semmle.javascript.security.dataflow.StackTraceExposureCustomizations
+import semmle.javascript.security.dataflow.ServerSideUrlRedirectCustomizations
+import semmle.javascript.security.dataflow.RequestForgeryCustomizations
+import semmle.javascript.security.dataflow.ReflectedXssCustomizations
+import semmle.javascript.security.dataflow.ReflectedXssQuery as XssConfig
+
+class InlineTest extends LineComment {
+  string tests;
+
+  InlineTest() { tests = this.getText().regexpCapture("\\s*test:(.*)", 1) }
+
+  string getPositiveTest() {
+    result = tests.trim().splitAt(",").trim() and not result.matches("!%")
+  }
+
+  string getNegativeTest() { result = tests.trim().splitAt(",").trim() and result.matches("!%") }
+
+  predicate hasPositiveTest(string test) { test = this.getPositiveTest() }
+
+  predicate hasNegativeTest(string test) { test = this.getNegativeTest() }
+
+  predicate inNode(DataFlow::Node n) {
+    this.getLocation().getFile() = n.getFile() and
+    this.getLocation().getStartLine() = n.getStartLine()
+  }
+}
+
+query predicate passingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "PASSED" and
+  t.hasPositiveTest(expectation) and
+  (
+    expectation = "responseBody" and
+    exists(Http::ResponseBody n | t.inNode(n))
+    or
+    expectation = "headerDefinition" and
+    exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
+      t.inNode(n) and
+      h.definesHeaderValue(_, n)
+    )
+    or
+    expectation = "cookieDefinition" and
+    exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "templateInstantiation" and
+    exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "source" and
+    exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "routeSetup" and
+    exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "handler" and
+    exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "candidateHandler" and
+    exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "xssSink" and
+    exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "xss" and
+    exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "cleartextStorageSink" and
+    exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "corsMiconfigurationSink" and
+    exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "stackTraceExposureSink" and
+    exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "redirectSink" and
+    exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "ssrfSink" and
+    exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate failingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "FAILED" and
+  t.hasPositiveTest(expectation) and
+  (
+    expectation = "responseBody" and
+    not exists(Http::ResponseBody n | t.inNode(n))
+    or
+    expectation = "headerDefinition" and
+    not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
+      t.inNode(n) and
+      h.definesHeaderValue(_, n)
+    )
+    or
+    expectation = "cookieDefinition" and
+    not exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "templateInstantiation" and
+    not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "source" and
+    not exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "routeSetup" and
+    not exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "handler" and
+    not exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "candidateHandler" and
+    not exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "xssSink" and
+    not exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "xss" and
+    not exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "cleartextStorageSink" and
+    not exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "corsMiconfigurationSink" and
+    not exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "stackTraceExposureSink" and
+    not exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "redirectSink" and
+    not exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "ssrfSink" and
+    not exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate passingNegativeTests(string res, string expectation, InlineTest t) {
+  res = "PASSED" and
+  t.hasNegativeTest(expectation) and
+  (
+    expectation = "!responseBody" and
+    not exists(Http::ResponseBody n | t.inNode(n))
+    or
+    expectation = "!headerDefinition" and
+    not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
+      t.inNode(n) and
+      h.definesHeaderValue(_, n)
+    )
+    or
+    expectation = "!cookieDefinition" and
+    not exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "!templateInstantiation" and
+    not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "!source" and
+    not exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "!routeSetup" and
+    not exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "!handler" and
+    not exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "!candidateHandler" and
+    not exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "!xssSink" and
+    not exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "!xss" and
+    not exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "!cleartextStorageSink" and
+    not exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "!corsMiconfigurationSink" and
+    not exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "!stackTraceExposureSink" and
+    not exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "!redirectSink" and
+    not exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "!ssrfSink" and
+    not exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
+
+query predicate failingNegativeTests(string res, string expectation, InlineTest t) {
+  res = "FAILED" and
+  t.hasNegativeTest(expectation) and
+  (
+    expectation = "!responseBody" and
+    exists(Http::ResponseBody n | t.inNode(n))
+    or
+    expectation = "!headerDefinition" and
+    not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
+      t.inNode(n) and
+      h.definesHeaderValue(_, n)
+    )
+    or
+    expectation = "!cookieDefinition" and
+    exists(Http::CookieDefinition n | t.inNode(n))
+    or
+    expectation = "!templateInstantiation" and
+    exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
+    or
+    expectation = "!source" and
+    exists(RemoteFlowSource n | t.inNode(n))
+    or
+    expectation = "!routeSetup" and
+    exists(Http::RouteSetup n | t.inNode(n))
+    or
+    expectation = "!handler" and
+    exists(Http::RouteHandler n | t.inNode(n))
+    or
+    expectation = "!candidateHandler" and
+    exists(Http::RouteHandlerCandidate n | t.inNode(n))
+    or
+    expectation = "!xssSink" and
+    exists(ReflectedXss::Sink n | t.inNode(n))
+    or
+    expectation = "!xss" and
+    exists(XssConfig::Configuration cfg, DataFlow::Node sink |
+      cfg.hasFlow(_, sink) and t.inNode(sink)
+    )
+    or
+    expectation = "!cleartextStorageSink" and
+    exists(CleartextStorage::Sink n | t.inNode(n))
+    or
+    expectation = "!corsMiconfigurationSink" and
+    exists(CorsMisconfigurationForCredentials::Sink n | t.inNode(n))
+    or
+    expectation = "!stackTraceExposureSink" and
+    exists(StackTraceExposure::Sink n | t.inNode(n))
+    or
+    expectation = "!redirectSink" and
+    exists(ServerSideUrlRedirect::Sink n | t.inNode(n))
+    or
+    expectation = "!ssrfSink" and
+    exists(RequestForgery::Sink n | t.inNode(n))
+  )
+}
diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected
index 138547cc7ff..39439f64629 100644
--- a/javascript/ql/test/library-tests/frameworks/data/test.expected
+++ b/javascript/ql/test/library-tests/frameworks/data/test.expected
@@ -147,3 +147,4 @@ syntaxErrors
 | Member[foo]Member[bar] |
 | Member[foo]] |
 | Member[foo]].Member[bar] |
+warning
diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ql b/javascript/ql/test/library-tests/frameworks/data/test.ql
index 053e41e22ff..c5e3ce9ea8c 100644
--- a/javascript/ql/test/library-tests/frameworks/data/test.ql
+++ b/javascript/ql/test/library-tests/frameworks/data/test.ql
@@ -4,17 +4,17 @@ import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPath
 
 class Steps extends ModelInput::SummaryModelCsv {
   override predicate row(string row) {
-    // package;type;path;input;output;kind
+    // type;path;input;output;kind
     row =
       [
-        "testlib;;Member[preserveTaint];Argument[0];ReturnValue;taint",
-        "testlib;;Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
-        "testlib;;Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
-        "testlib;;Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
-        "testlib;;Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
-        "testlib;;Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
-        "testlib;;Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
-        "testlib;~HasThisFlow;;;Member[getThis].ReturnValue;type",
+        "testlib;Member[preserveTaint];Argument[0];ReturnValue;taint",
+        "testlib;Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
+        "testlib;Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
+        "testlib;Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
+        "testlib;Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
+        "testlib;Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
+        "testlib;Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
+        "testlib.~HasThisFlow;;;Member[getThis].ReturnValue;type",
       ]
   }
 }
@@ -23,37 +23,37 @@ class TypeDefs extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
     row =
       [
-        "testlib;~HasThisFlow;testlib;;Member[typevar]",
-        "testlib;~HasThisFlow;testlib;~HasThisFlow;Member[left,right,x]",
+        "testlib.~HasThisFlow;testlib;Member[typevar]",
+        "testlib.~HasThisFlow;testlib.~HasThisFlow;Member[left,right,x]",
       ]
   }
 }
 
 class Sinks extends ModelInput::SinkModelCsv {
   override predicate row(string row) {
-    // package;type;path;kind
+    // type;path;kind
     row =
       [
-        "testlib;;Member[mySink].Argument[0];test-sink",
-        "testlib;;Member[mySinkIfCall].Call.Argument[0];test-sink",
-        "testlib;;Member[mySinkIfNew].NewCall.Argument[0];test-sink",
-        "testlib;;Member[mySinkLast].Argument[N-1];test-sink",
-        "testlib;;Member[mySinkSecondLast].Argument[N-2];test-sink",
-        "testlib;;Member[mySinkTwoLast].Argument[N-1,N-2];test-sink",
-        "testlib;;Member[mySinkTwoLastRange].Argument[N-2..N-1];test-sink",
-        "testlib;;Member[mySinkExceptLast].Argument[0..N-2];test-sink",
-        "testlib;;Member[mySinkIfArityTwo].WithArity[2].Argument[0];test-sink",
-        "testlib;;Member[sink1, sink2, sink3 ].Argument[0];test-sink",
-        "testlib;;Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue;test-sink",
-        "testlib;;Member[FieldDecoratorSink].DecoratedMember;test-sink",
-        "testlib;;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",
-        "testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",
-        "testlib;;Member[ParamDecoratorSink].DecoratedParameter;test-sink",
-        "testlib;;AnyMember.Member[memberSink].Argument[0];test-sink",
-        "testlib;;Member[overloadedSink].WithStringArgument[0=danger].Argument[1];test-sink",
-        "testlib;;Member[typevar].TypeVar[ABC].Member[mySink].Argument[0];test-sink",
-        "testlib;;Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1];test-sink",
-        "testlib;;Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0];test-sink",
+        "testlib;Member[mySink].Argument[0];test-sink",
+        "testlib;Member[mySinkIfCall].Call.Argument[0];test-sink",
+        "testlib;Member[mySinkIfNew].NewCall.Argument[0];test-sink",
+        "testlib;Member[mySinkLast].Argument[N-1];test-sink",
+        "testlib;Member[mySinkSecondLast].Argument[N-2];test-sink",
+        "testlib;Member[mySinkTwoLast].Argument[N-1,N-2];test-sink",
+        "testlib;Member[mySinkTwoLastRange].Argument[N-2..N-1];test-sink",
+        "testlib;Member[mySinkExceptLast].Argument[0..N-2];test-sink",
+        "testlib;Member[mySinkIfArityTwo].WithArity[2].Argument[0];test-sink",
+        "testlib;Member[sink1, sink2, sink3 ].Argument[0];test-sink",
+        "testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue;test-sink",
+        "testlib;Member[FieldDecoratorSink].DecoratedMember;test-sink",
+        "testlib;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",
+        "testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",
+        "testlib;Member[ParamDecoratorSink].DecoratedParameter;test-sink",
+        "testlib;AnyMember.Member[memberSink].Argument[0];test-sink",
+        "testlib;Member[overloadedSink].WithStringArgument[0=danger].Argument[1];test-sink",
+        "testlib;Member[typevar].TypeVar[ABC].Member[mySink].Argument[0];test-sink",
+        "testlib;Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1];test-sink",
+        "testlib;Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0];test-sink",
       ]
   }
 }
@@ -73,12 +73,12 @@ class Sources extends ModelInput::SourceModelCsv {
   override predicate row(string row) {
     row =
       [
-        "testlib;;Member[getSource].ReturnValue;test-source",
-        "testlib;;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",
-        "testlib;;Member[FieldDecoratorSource].DecoratedMember;test-source",
-        "testlib;;Member[ParamDecoratorSource].DecoratedParameter;test-source",
-        "testlib;;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",
-        "testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",
+        "testlib;Member[getSource].ReturnValue;test-source",
+        "testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",
+        "testlib;Member[FieldDecoratorSource].DecoratedMember;test-source",
+        "testlib;Member[ParamDecoratorSource].DecoratedParameter;test-source",
+        "testlib;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",
+        "testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",
       ]
   }
 }
@@ -111,15 +111,20 @@ class SyntaxErrorTest extends ModelInput::SinkModelCsv {
   override predicate row(string row) {
     row =
       [
-        "testlib;;Member[foo],Member[bar];test-sink", "testlib;;Member[foo] Member[bar];test-sink",
-        "testlib;;Member[foo]. Member[bar];test-sink",
-        "testlib;;Member[foo], Member[bar];test-sink",
-        "testlib;;Member[foo]..Member[bar];test-sink",
-        "testlib;;Member[foo] .Member[bar];test-sink", "testlib;;Member[foo]Member[bar];test-sink",
-        "testlib;;Member[foo;test-sink", "testlib;;Member[foo]];test-sink",
-        "testlib;;Member[foo]].Member[bar];test-sink"
+        "testlib;Member[foo],Member[bar];test-sink", //
+        "testlib;Member[foo] Member[bar];test-sink", //
+        "testlib;Member[foo]. Member[bar];test-sink", //
+        "testlib;Member[foo], Member[bar];test-sink", //
+        "testlib;Member[foo]..Member[bar];test-sink", //
+        "testlib;Member[foo] .Member[bar];test-sink", //
+        "testlib;Member[foo]Member[bar];test-sink", //
+        "testlib;Member[foo;test-sink", //
+        "testlib;Member[foo]];test-sink", //
+        "testlib;Member[foo]].Member[bar];test-sink"
       ]
   }
 }
 
 query predicate syntaxErrors(AccessPathSyntax::AccessPath path) { path.hasSyntaxError() }
+
+query predicate warning = ModelOutput::getAWarning/0;
diff --git a/javascript/ql/test/library-tests/frameworks/data/warnings.expected b/javascript/ql/test/library-tests/frameworks/data/warnings.expected
index 7ba231c9627..cfb4265b2c8 100644
--- a/javascript/ql/test/library-tests/frameworks/data/warnings.expected
+++ b/javascript/ql/test/library-tests/frameworks/data/warnings.expected
@@ -1,5 +1,5 @@
-| CSV type row should have 5 columns but has 2: test;TooFewColumns |
-| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |
+| CSV type row should have 3 columns but has 1: test.TooFewColumns |
+| CSV type row should have 3 columns but has 6: test.TooManyColumns;;Member[Foo].Instance;too;many;columns |
 | Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
 | Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
 | Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |
diff --git a/javascript/ql/test/library-tests/frameworks/data/warnings.ql b/javascript/ql/test/library-tests/frameworks/data/warnings.ql
index 9ae05b8dcc0..94e6f74aae7 100644
--- a/javascript/ql/test/library-tests/frameworks/data/warnings.ql
+++ b/javascript/ql/test/library-tests/frameworks/data/warnings.ql
@@ -6,13 +6,13 @@ private class InvalidTypeModel extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
     row =
       [
-        "test;TooManyColumns;;;Member[Foo].Instance;too;many;columns", //
-        "test;TooFewColumns", //
-        "test;X;test;Y;Method[foo].Arg[0]", //
-        "test;X;test;Y;Method[foo].Argument[0-1]", //
-        "test;X;test;Y;Method[foo].Argument[*]", //
-        "test;X;test;Y;Method[foo].Argument", //
-        "test;X;test;Y;Method[foo].Member", //
+        "test.TooManyColumns;;Member[Foo].Instance;too;many;columns", //
+        "test.TooFewColumns", //
+        "test.X;test.Y;Method[foo].Arg[0]", //
+        "test.X;test.Y;Method[foo].Argument[0-1]", //
+        "test.X;test.Y;Method[foo].Argument[*]", //
+        "test.X;test.Y;Method[foo].Argument", //
+        "test.X;test.Y;Method[foo].Member", //
       ]
   }
 }
diff --git a/javascript/ql/test/library-tests/frameworks/hapi/src/hapiglue.js b/javascript/ql/test/library-tests/frameworks/hapi/src/hapiglue.js
new file mode 100644
index 00000000000..d2401209028
--- /dev/null
+++ b/javascript/ql/test/library-tests/frameworks/hapi/src/hapiglue.js
@@ -0,0 +1,50 @@
+var server1 = new (require('@hapi/glue')).compose(require("./manifest"), composeOptions); // test_ServerDefinition
+
+var Hapi = require('@hapi/glue');
+var server2 = new Hapi.compose(require("./manifest"), composeOptions); // test_ServerDefinition
+
+function handler1(){} // HTTP::RouteHandler
+server2.route({
+    handler: handler1
+});
+
+
+server2.route({
+    handler: function handler2(request, reply){ // HTTP::RouteHandler
+        request.response.header('HEADER1', '') // HTTP::HeaderDefinition
+    }});
+
+server2.ext('onPreResponse', function handler3(request, reply) { // HTTP::RouteHandler
+})
+
+function handler4(request, reply){
+  request.rawPayload;
+  request.payload.foo;
+  request.query.bar;
+  request.params.bar;
+  request.url.path;
+  request.url.origin;
+  request.headers.baz;
+  request.state.token;
+}
+var route = {handler: handler4};
+server2.route(route);
+
+server2.cache({ segment: 'countries', expiresIn: 60*60*1000 });
+
+function getHandler() {
+    return function (req, hapi){}
+}
+server2.route({handler: getHandler()});
+
+function after(server) {
+};
+
+function register(server, options) {// test_ServerDefinition
+    server.dependency(options.dependencies, server_ => after(server_, options)); // test_ServerDefinition
+}
+
+module.exports.plugin = {
+    register,
+    pkg
+};
diff --git a/javascript/ql/test/library-tests/frameworks/hapi/tests.expected b/javascript/ql/test/library-tests/frameworks/hapi/tests.expected
index fb73a32acf6..57d3d4a81f7 100644
--- a/javascript/ql/test/library-tests/frameworks/hapi/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/hapi/tests.expected
@@ -4,6 +4,11 @@ test_RouteSetup
 | src/hapi.js:17:1:18:2 | server2 ... dler\\n}) |
 | src/hapi.js:29:1:29:20 | server2.route(route) |
 | src/hapi.js:36:1:36:38 | server2 ... ler()}) |
+| src/hapiglue.js:7:1:9:2 | server2 ... ler1\\n}) |
+| src/hapiglue.js:12:1:15:7 | server2 ...     }}) |
+| src/hapiglue.js:17:1:18:2 | server2 ... dler\\n}) |
+| src/hapiglue.js:31:1:31:20 | server2.route(route) |
+| src/hapiglue.js:38:1:38:38 | server2 ... ler()}) |
 test_RequestInputAccess
 | src/hapi.js:21:3:21:20 | request.rawPayload | body | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:22:3:22:21 | request.payload.foo | body | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
@@ -11,27 +16,50 @@ test_RequestInputAccess
 | src/hapi.js:24:3:24:18 | request.url.path | url | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:25:3:25:21 | request.headers.baz | header | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:26:3:26:21 | request.state.token | cookie | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
+| src/hapiglue.js:21:3:21:20 | request.rawPayload | body | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:22:3:22:21 | request.payload.foo | body | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:23:3:23:19 | request.query.bar | parameter | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:24:3:24:20 | request.params.bar | parameter | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:25:3:25:18 | request.url.path | url | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:26:3:26:20 | request.url.origin | url | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:27:3:27:21 | request.headers.baz | header | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:28:3:28:21 | request.state.token | cookie | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
 test_RouteHandler_getAResponseHeader
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | header1 | src/hapi.js:14:9:14:46 | request ... 1', '') |
+| src/hapiglue.js:13:14:15:5 | functio ... n\\n    } | header1 | src/hapiglue.js:14:9:14:46 | request ... 1', '') |
 test_HeaderDefinition_defines
 | src/hapi.js:14:9:14:46 | request ... 1', '') | header1 |  |
+| src/hapiglue.js:14:9:14:46 | request ... 1', '') | header1 |  |
 test_ResponseExpr
 | src/hapi.js:14:9:14:24 | request.response | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:14:9:14:24 | request.response | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
 test_HeaderDefinition
 | src/hapi.js:14:9:14:46 | request ... 1', '') | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:14:9:14:46 | request ... 1', '') | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
 test_RouteSetup_getServer
 | src/hapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:12:1:15:7 | server2 ...     }}) | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:17:1:18:2 | server2 ... dler\\n}) | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:29:1:29:20 | server2.route(route) | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:36:1:36:38 | server2 ... ler()}) | src/hapi.js:4:15:4:31 | new Hapi.Server() |
+| src/hapiglue.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:12:1:15:7 | server2 ...     }}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:17:1:18:2 | server2 ... dler\\n}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:31:1:31:20 | server2.route(route) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
 test_HeaderDefinition_getAHeaderName
 | src/hapi.js:14:9:14:46 | request ... 1', '') | header1 |
+| src/hapiglue.js:14:9:14:46 | request ... 1', '') | header1 |
 test_ServerDefinition
 | src/hapi.js:1:15:1:44 | new (re ... erver() |
 | src/hapi.js:4:15:4:31 | new Hapi.Server() |
+| src/hapiglue.js:1:15:1:88 | new (re ... ptions) |
+| src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:43:19:43:24 | server |
+| src/hapiglue.js:44:45:44:51 | server_ |
 test_HeaderAccess
 | src/hapi.js:25:3:25:21 | request.headers.baz | baz |
+| src/hapiglue.js:27:3:27:21 | request.headers.baz | baz |
 test_RouteSetup_getARouteHandler
 | src/hapi.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapi.js:6:1:6:21 | functio ... er1(){} |
 | src/hapi.js:12:1:15:7 | server2 ...     }}) | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
@@ -40,12 +68,24 @@ test_RouteSetup_getARouteHandler
 | src/hapi.js:36:1:36:38 | server2 ... ler()}) | src/hapi.js:33:1:35:1 | return of function getHandler |
 | src/hapi.js:36:1:36:38 | server2 ... ler()}) | src/hapi.js:34:12:34:30 | function (req, h){} |
 | src/hapi.js:36:1:36:38 | server2 ... ler()}) | src/hapi.js:36:25:36:36 | getHandler() |
+| src/hapiglue.js:7:1:9:2 | server2 ... ler1\\n}) | src/hapiglue.js:6:1:6:21 | functio ... er1(){} |
+| src/hapiglue.js:12:1:15:7 | server2 ...     }}) | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:17:1:18:2 | server2 ... dler\\n}) | src/hapiglue.js:17:30:18:1 | functio ... ndler\\n} |
+| src/hapiglue.js:31:1:31:20 | server2.route(route) | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:35:1:37:1 | return of function getHandler |
+| src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:36:12:36:33 | functio ... hapi){} |
+| src/hapiglue.js:38:1:38:38 | server2 ... ler()}) | src/hapiglue.js:38:25:38:36 | getHandler() |
 test_RouteHandler
 | src/hapi.js:6:1:6:21 | functio ... er1(){} | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:17:30:18:1 | functio ... ndler\\n} | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 | src/hapi.js:34:12:34:30 | function (req, h){} | src/hapi.js:4:15:4:31 | new Hapi.Server() |
+| src/hapiglue.js:6:1:6:21 | functio ... er1(){} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:13:14:15:5 | functio ... n\\n    } | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:17:30:18:1 | functio ... ndler\\n} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
+| src/hapiglue.js:36:12:36:33 | functio ... hapi){} | src/hapiglue.js:4:15:4:69 | new Hap ... ptions) |
 test_RequestExpr
 | src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
 | src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
@@ -60,6 +100,21 @@ test_RequestExpr
 | src/hapi.js:25:3:25:9 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:26:3:26:9 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:34:22:34:24 | req | src/hapi.js:34:12:34:30 | function (req, h){} |
+| src/hapiglue.js:13:32:13:38 | request | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:13:32:13:38 | request | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:14:9:14:15 | request | src/hapiglue.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapiglue.js:17:48:17:54 | request | src/hapiglue.js:17:30:18:1 | functio ... ndler\\n} |
+| src/hapiglue.js:20:19:20:25 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:20:19:20:25 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:21:3:21:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:22:3:22:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:23:3:23:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:24:3:24:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:25:3:25:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:26:3:26:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:27:3:27:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:28:3:28:9 | request | src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} |
+| src/hapiglue.js:36:22:36:24 | req | src/hapiglue.js:36:12:36:33 | functio ... hapi){} |
 test_RouteHandler_getARequestExpr
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:13:32:13:38 | request |
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:13:32:13:38 | request |
@@ -74,3 +129,18 @@ test_RouteHandler_getARequestExpr
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:25:3:25:9 | request |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:26:3:26:9 | request |
 | src/hapi.js:34:12:34:30 | function (req, h){} | src/hapi.js:34:22:34:24 | req |
+| src/hapiglue.js:13:14:15:5 | functio ... n\\n    } | src/hapiglue.js:13:32:13:38 | request |
+| src/hapiglue.js:13:14:15:5 | functio ... n\\n    } | src/hapiglue.js:13:32:13:38 | request |
+| src/hapiglue.js:13:14:15:5 | functio ... n\\n    } | src/hapiglue.js:14:9:14:15 | request |
+| src/hapiglue.js:17:30:18:1 | functio ... ndler\\n} | src/hapiglue.js:17:48:17:54 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:20:19:20:25 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:20:19:20:25 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:21:3:21:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:22:3:22:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:23:3:23:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:24:3:24:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:25:3:25:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:26:3:26:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:27:3:27:9 | request |
+| src/hapiglue.js:20:1:29:1 | functio ... oken;\\n} | src/hapiglue.js:28:3:28:9 | request |
+| src/hapiglue.js:36:12:36:33 | functio ... hapi){} | src/hapiglue.js:36:22:36:24 | req |
diff --git a/javascript/ql/test/library-tests/frameworks/restify/tests.expected b/javascript/ql/test/library-tests/frameworks/restify/tests.expected
index 3f26379a3fa..09ccb149eae 100644
--- a/javascript/ql/test/library-tests/frameworks/restify/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/restify/tests.expected
@@ -11,10 +11,16 @@ test_RequestInputAccess
 | src/test.js:19:5:19:26 | request ... ('bar') | header | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:20:5:20:25 | request ... ('baz') | header | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 test_RouteHandler_getAResponseHeader
+| src/test.js:6:1:6:21 | functio ... er1(){} | content-type | src/test.js:6:1:6:21 | functio ... er1(){} |
+| src/test.js:9:19:11:1 | functio ... ition\\n} | content-type | src/test.js:9:19:11:1 | functio ... ition\\n} |
 | src/test.js:9:19:11:1 | functio ... ition\\n} | header1 | src/test.js:10:5:10:34 | respons ... 1', '') |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | content-type | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | header2 | src/test.js:13:5:13:37 | respons ... 2', '') |
 test_HeaderDefinition_defines
+| src/test.js:6:1:6:21 | functio ... er1(){} | content-type | application/json |
+| src/test.js:9:19:11:1 | functio ... ition\\n} | content-type | application/json |
 | src/test.js:10:5:10:34 | respons ... 1', '') | header1 |  |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | content-type | application/json |
 | src/test.js:13:5:13:37 | respons ... 2', '') | header2 |  |
 test_ResponseExpr
 | src/test.js:9:46:9:53 | response | src/test.js:9:19:11:1 | functio ... ition\\n} |
@@ -24,14 +30,20 @@ test_ResponseExpr
 | src/test.js:12:46:12:53 | response | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:13:5:13:12 | response | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 test_HeaderDefinition
+| src/test.js:6:1:6:21 | functio ... er1(){} | src/test.js:6:1:6:21 | functio ... er1(){} |
+| src/test.js:9:19:11:1 | functio ... ition\\n} | src/test.js:9:19:11:1 | functio ... ition\\n} |
 | src/test.js:10:5:10:34 | respons ... 1', '') | src/test.js:9:19:11:1 | functio ... ition\\n} |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:13:5:13:37 | respons ... 2', '') | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 test_RouteSetup_getServer
 | src/test.js:7:1:7:26 | server2 ... ndler1) | src/test.js:4:15:4:36 | restify ... erver() |
 | src/test.js:9:1:11:2 | server2 ... tion\\n}) | src/test.js:4:15:4:36 | restify ... erver() |
 | src/test.js:12:1:22:2 | server2 ... kie;\\n}) | src/test.js:4:15:4:36 | restify ... erver() |
 test_HeaderDefinition_getAHeaderName
+| src/test.js:6:1:6:21 | functio ... er1(){} | content-type |
+| src/test.js:9:19:11:1 | functio ... ition\\n} | content-type |
 | src/test.js:10:5:10:34 | respons ... 1', '') | header1 |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | content-type |
 | src/test.js:13:5:13:37 | respons ... 2', '') | header2 |
 test_ServerDefinition
 | src/test.js:1:15:1:47 | require ... erver() |
diff --git a/javascript/ql/test/qlpack.yml b/javascript/ql/test/qlpack.yml
index bb4fd89f43e..e5cdedb3b0e 100644
--- a/javascript/ql/test/qlpack.yml
+++ b/javascript/ql/test/qlpack.yml
@@ -5,3 +5,5 @@ dependencies:
   codeql/javascript-queries: ${workspace}
 extractor: javascript
 tests: .
+dataExtensions:
+  - library-tests/DataExtensions/*.model.yml
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
index 6ae7fd0a970..c48af1a7971 100644
--- a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
@@ -1,10 +1,10 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.CommandInjection
-import semmle.javascript.security.dataflow.IndirectCommandInjection
-import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironment
-import semmle.javascript.security.dataflow.UnsafeShellCommandConstruction
-import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery
+import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection
+import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection
+import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment
+import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery as UnsafeShellCommandConstruction
+import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery as SecondOrderCommandInjectionQuery
 
 class CommandInjectionConsistency extends ConsistencyConfiguration {
   CommandInjectionConsistency() { this = "ComandInjection" }
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
index c97e4dc650e..de11fb884c9 100644
--- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
@@ -227,8 +227,14 @@ nodes
 | lib/lib.js:420:29:420:32 | name |
 | lib/lib.js:424:24:424:27 | name |
 | lib/lib.js:424:24:424:27 | name |
+| lib/lib.js:425:6:425:13 | arr |
+| lib/lib.js:425:12:425:13 | [] |
 | lib/lib.js:426:11:426:14 | name |
 | lib/lib.js:426:11:426:14 | name |
+| lib/lib.js:427:14:427:16 | arr |
+| lib/lib.js:427:14:427:16 | arr |
+| lib/lib.js:428:14:428:58 | build(" ...  + '-') |
+| lib/lib.js:428:14:428:58 | build(" ...  + '-') |
 | lib/lib.js:428:28:428:51 | (name ? ... ' : '') |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' |
 | lib/lib.js:428:29:428:50 | name ?  ... :' : '' |
@@ -306,6 +312,10 @@ nodes
 | lib/subLib/index.js:7:32:7:35 | name |
 | lib/subLib/index.js:8:22:8:25 | name |
 | lib/subLib/index.js:8:22:8:25 | name |
+| lib/subLib/index.js:13:44:13:46 | arr |
+| lib/subLib/index.js:13:44:13:46 | arr |
+| lib/subLib/index.js:14:22:14:24 | arr |
+| lib/subLib/index.js:14:22:14:24 | arr |
 edges
 | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name |
 | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name |
@@ -584,7 +594,13 @@ edges
 | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name |
 | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name |
 | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name |
+| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr |
+| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr |
+| lib/lib.js:425:12:425:13 | [] | lib/lib.js:425:6:425:13 | arr |
+| lib/lib.js:426:11:426:14 | name | lib/lib.js:425:12:425:13 | [] |
 | lib/lib.js:428:28:428:51 | (name ? ... ' : '') | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' |
+| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ...  + '-') |
+| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ...  + '-') |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last |
 | lib/lib.js:428:29:428:50 | name ?  ... :' : '' | lib/lib.js:428:28:428:51 | (name ? ... ' : '') |
 | lib/lib.js:428:36:428:39 | name | lib/lib.js:428:36:428:45 | name + ':' |
@@ -672,6 +688,10 @@ edges
 | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
 | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
 | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name |
+| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr |
+| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr |
+| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr |
+| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr |
 #select
 | lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command |
 | lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |
@@ -739,6 +759,8 @@ edges
 | lib/lib.js:420:29:420:32 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:420:2:420:49 | cp.spaw ...  true}) | shell command |
 | lib/lib.js:424:24:424:27 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:424:2:424:40 | spawn(" ... WN_OPT) | shell command |
 | lib/lib.js:426:11:426:14 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command |
+| lib/lib.js:427:14:427:16 | arr | lib/lib.js:414:40:414:43 | name | lib/lib.js:427:14:427:16 | arr | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:427:2:427:28 | spawn(" ... WN_OPT) | shell command |
+| lib/lib.js:428:14:428:58 | build(" ...  + '-') | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:14:428:58 | build(" ...  + '-') | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command |
 | lib/lib.js:436:19:436:22 | last | lib/lib.js:414:40:414:43 | name | lib/lib.js:436:19:436:22 | last | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:428:2:428:70 | spawn(" ... WN_OPT) | shell command |
 | lib/lib.js:442:12:442:27 | "rm -rf " + name | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:441:39:441:42 | name | library input | lib/lib.js:442:2:442:28 | asyncEx ... + name) | shell command |
 | lib/lib.js:447:13:447:28 | "rm -rf " + name | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:446:20:446:23 | name | library input | lib/lib.js:447:3:447:29 | asyncEx ... + name) | shell command |
@@ -760,3 +782,4 @@ edges
 | lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | shell command |
 | lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | shell command |
 | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | shell command |
+| lib/subLib/index.js:14:22:14:24 | arr | lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | This shell argument which depends on $@ is later used in a $@. | lib/subLib/index.js:13:44:13:46 | arr | library input | lib/subLib/index.js:14:5:14:40 | cp.spaw ...  true}) | shell command |
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js
index 9e105338669..6e7d3498723 100644
--- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js
+++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/subLib/index.js
@@ -8,4 +8,8 @@ module.exports.foo = function (name) {
 	cp.exec("rm -rf " + name); // NOT OK - this is being called explicitly from child_process-test.js
 };
 
-module.exports.amd = require("./amd.js");
\ No newline at end of file
+module.exports.amd = require("./amd.js");
+
+module.exports.arrToShell = function (cmd, arr) {
+    cp.spawn("echo", arr, {shell: true}); // NOT OK
+}
\ No newline at end of file
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql
index 584faa27c11..5b40a626e4a 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.ExceptionXss as ExceptionXss
+import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql
index 76785917fb5..3200271daa6 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.ReflectedXss as ReflectedXss
+import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql
index 63794389bab..c75dbb17b71 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.StoredXss as StoredXss
+import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql
index 823644730b2..f09744a4d6c 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.UnsafeHtmlConstruction as UnsafeHtmlConstruction
+import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery as UnsafeHtmlConstruction
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql
index 6a16badb37f..b77df2a8d67 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.UnsafeJQueryPlugin as UnsafeJqueryPlugin
+import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery as UnsafeJqueryPlugin
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql
index 118a875f15d..75416d5a0dc 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql
@@ -1,3 +1,3 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.XssThroughDom as ThroughDomXss
+import semmle.javascript.security.dataflow.XssThroughDomQuery as ThroughDomXss
diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql
index 0ab292b7b82..bd24059f31c 100644
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql
@@ -1,4 +1,4 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.SqlInjection
-import semmle.javascript.security.dataflow.NosqlInjection
+import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
+import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected
index e1ad3adb91c..feaac892936 100644
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected
@@ -33,6 +33,8 @@
 | lib/lib.js:8:3:8:4 | f* | Strings with many repetitions of 'f' can start matching anywhere after the start of the preceeding f*g |
 | lib/lib.js:28:3:28:4 | f* | Strings with many repetitions of 'f' can start matching anywhere after the start of the preceeding f*g |
 | lib/lib.js:36:3:36:4 | f* | Strings with many repetitions of 'f' can start matching anywhere after the start of the preceeding f*g |
+| lib/lib.js:42:29:42:30 | f* | Strings with many repetitions of 'f' can start matching anywhere after the start of the preceeding f*g |
+| lib/lib.js:45:29:45:30 | f* | Strings with many repetitions of 'f' can start matching anywhere after the start of the preceeding f*g |
 | lib/moduleLib/moduleLib.js:2:3:2:4 | a* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding a*b |
 | lib/otherLib/js/src/index.js:2:3:2:4 | a* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding a*b |
 | lib/snapdragon.js:7:28:7:29 | a* | Strings starting with 'a' and with many repetitions of 'a' can start matching anywhere after the start of the preceeding aa*$ |
@@ -86,8 +88,8 @@
 | polynomial-redos.js:59:11:59:14 | (.)* | Strings starting with 'fB' and with many repetitions of 'B' can start matching anywhere after the start of the preceeding (B\|Y)+ |
 | polynomial-redos.js:62:7:62:8 | Y* | Strings with many repetitions of 'Y' can start matching anywhere after the start of the preceeding Y* |
 | polynomial-redos.js:63:11:63:12 | Y* | Strings starting with 'K' and with many repetitions of 'Y' can start matching anywhere after the start of the preceeding (K\|Y)+ |
-| polynomial-redos.js:64:14:64:15 | Y* | Strings starting with 'fooK' and with many repetitions of 'Y' can start matching anywhere after the start of the preceeding (K\|Y)+ |
-| polynomial-redos.js:65:14:65:15 | .* | Strings starting with 'fooK' and with many repetitions of 'K' can start matching anywhere after the start of the preceeding (K\|Y)+ |
+| polynomial-redos.js:64:14:64:15 | Y* | Strings starting with 'fooY' and with many repetitions of 'Y' can start matching anywhere after the start of the preceeding (K\|Y)+ |
+| polynomial-redos.js:65:14:65:15 | .* | Strings starting with 'fooY' and with many repetitions of 'K' can start matching anywhere after the start of the preceeding (K\|Y)+ |
 | polynomial-redos.js:66:9:66:10 | .* | Strings starting with 'K' and with many repetitions of 'K' can start matching anywhere after the start of the preceeding (K\|Y).*X |
 | polynomial-redos.js:67:8:67:9 | .* | Strings starting with 'X' and with many repetitions of 'Z' can start matching anywhere after the start of the preceeding [^Y].*X |
 | polynomial-redos.js:68:8:68:9 | .* | Strings starting with 'X' and with many repetitions of 'X' can start matching anywhere after the start of the preceeding [^Y].*$ |
@@ -129,27 +131,27 @@
 | regexplib/address.js:27:93:27:95 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*(7\|8)(\\d{7}\|\\d{3}(\\-\|\\s{1})\\d{4})\\s*) |
 | regexplib/address.js:38:39:38:45 | [ 0-9]* | Strings starting with 'po' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding [ \|\\.]* |
 | regexplib/address.js:51:220:51:222 | \\w+ | Strings starting with 'C/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:51:331:51:344 | [a-zA-Z0-9\\-]+ | Strings starting with '0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:51:399:51:401 | \\s+ | Strings starting with '0 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:51:415:51:419 | \\x20+ | Strings starting with '0 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:51:420:51:422 | \\w+ | Strings starting with '0 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:51:616:51:618 | \\w+ | Strings starting with '0 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:51:727:51:740 | [a-zA-Z0-9\\-]+ | Strings starting with '0 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:51:796:51:798 | \\s+ | Strings starting with '0 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ |
-| regexplib/address.js:51:803:51:811 | [A-Za-z]+ | Strings starting with '0 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:51:331:51:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:51:399:51:401 | \\s+ | Strings starting with 'C/O 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:51:415:51:419 | \\x20+ | Strings starting with 'C/O 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:51:420:51:422 | \\w+ | Strings starting with 'C/O 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:51:616:51:618 | \\w+ | Strings starting with 'C/O 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:51:727:51:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:51:796:51:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ |
+| regexplib/address.js:51:803:51:811 | [A-Za-z]+ | Strings starting with 'C/O 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ |
 | regexplib/address.js:67:379:67:755 | [a-zA-Z0-9&#192;&#193;&#194;&#195;&#196;&#197;&#198;&#199;&#200;&#201;&#202;&#203;&#204;&#205;&#206;&#207;&#208;&#209;&#210;&#211;&#212;&#213;&#214;&#216;&#217;&#218;&#219;&#220;&#221;&#223;&#224;&#225;&#226;&#227;&#228;&#229;&#230;&#231;&#232;&#233;&#234;&#235;&#236;&#237;&#238;&#239;&#241;&#242;&#243;&#244;&#245;&#246;&#248;&#249;&#250;&#251;&#252;&#253;&#255;\\.\\,\\-\\/\\' ]+ | Strings starting with '#' and with many repetitions of '#' can start matching anywhere after the start of the preceeding [a-zA-Z0-9&#192;&#193;&#194;&#195;&#196;&#197;&#198;&#199;&#200;&#201;&#202;&#203;&#204;&#205;&#206;&#207;&#208;&#209;&#210;&#211;&#212;&#213;&#214;&#216;&#217;&#218;&#219;&#220;&#221;&#223;&#224;&#225;&#226;&#227;&#228;&#229;&#230;&#231;&#232;&#233;&#234;&#235;&#236;&#237;&#238;&#239;&#241;&#242;&#243;&#244;&#245;&#246;&#248;&#249;&#250;&#251;&#252;&#253;&#255;\\.\\,\\-\\/\\']+ |
 | regexplib/address.js:69:3:69:5 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{4}\\)?(\\s*\|-)\\d{3}(\\s*\|-)\\d{3}\\s*) |
 | regexplib/address.js:69:48:69:50 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{3}\\)?(\\s*\|-)\\d{3}(\\s*\|-)\\d{4}\\s*) |
 | regexplib/address.js:69:93:69:95 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*(7\|8)(\\d{7}\|\\d{3}(\\-\|\\s{1})\\d{4})\\s*) |
 | regexplib/address.js:75:220:75:222 | \\w+ | Strings starting with 'C/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:75:331:75:344 | [a-zA-Z0-9\\-]+ | Strings starting with '0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:75:399:75:401 | \\s+ | Strings starting with '0 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:75:415:75:419 | \\x20+ | Strings starting with '0 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:75:420:75:422 | \\w+ | Strings starting with '0 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:75:616:75:618 | \\w+ | Strings starting with '0 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
-| regexplib/address.js:75:727:75:740 | [a-zA-Z0-9\\-]+ | Strings starting with '0 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
-| regexplib/address.js:75:796:75:798 | \\s+ | Strings starting with '0 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ |
-| regexplib/address.js:75:803:75:811 | [A-Za-z]+ | Strings starting with '0 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:75:331:75:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:75:399:75:401 | \\s+ | Strings starting with 'C/O 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:75:415:75:419 | \\x20+ | Strings starting with 'C/O 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:75:420:75:422 | \\w+ | Strings starting with 'C/O 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:75:616:75:618 | \\w+ | Strings starting with 'C/O 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* |
+| regexplib/address.js:75:727:75:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ |
+| regexplib/address.js:75:796:75:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ |
+| regexplib/address.js:75:803:75:811 | [A-Za-z]+ | Strings starting with 'C/O 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ |
 | regexplib/address.js:85:15:85:49 | ([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+ | Strings with many repetitions of ' ' can start matching anywhere after the start of the preceeding (?<Telephone>([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+)([ ]\|[:]\|\\t\|[-])*(?<Where>Home\|Office\|Work\|Away\|Fax\|FAX\|Phone) |
 | regexplib/address.js:85:51:85:67 | ([ ]\|[:]\|\\t\|[-])* | Strings starting with '0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding ([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+ |
 | regexplib/address.js:93:3:93:5 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{4}\\)?(\\s*\|-)\\d{3}(\\s*\|-)\\d{3}\\s*) |
@@ -199,7 +201,7 @@
 | regexplib/markup.js:5:1525:5:1527 | \\s* | Strings starting with '?'DateLiteral' ?# Per the VB Spec : DateLiteral ::= '#'   DateOrTime   '#'  # ?'DateOrTime'  DateValue    ?# TimeValue ::= HourValue : MinuteValue        10 ?# Hour 01 - 24  : 60 ?# Minute 01 - 60  :  ?# Optional Minute :01 - :60       ' and with many repetitions of '     ' can start matching anywhere after the start of the preceeding \\s* |
 | regexplib/markup.js:6:11:6:25 | [\\w\\*\\)\\(\\,\\s]+ | Strings starting with 'SELECT\\t' and with many repetitions of 'SELECT\\t' can start matching anywhere after the start of the preceeding (SELECT\\s[\\w\\*\\)\\(\\,\\s]+\\sFROM\\s[\\w]+) |
 | regexplib/markup.js:6:99:6:113 | [\\s\\w\\d\\)\\(\\,]* | Strings starting with ' INSERT\\tINTO\\t0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [\\d\\w]+ |
-| regexplib/markup.js:7:15:7:21 | [^\\\\"]* | Strings starting with '"!' and with many repetitions of '\\\\"!!' can start matching anywhere after the start of the preceeding "([^"](?:\\\\.\|[^\\\\"]*)*)" |
+| regexplib/markup.js:7:8:7:23 | (?:\\\\.\|[^\\\\"]*)* | Strings starting with '"!' and with many repetitions of '\\\\"!\\\\a' can start matching anywhere after the start of the preceeding "([^"](?:\\\\.\|[^\\\\"]*)*)" |
 | regexplib/markup.js:9:6:9:13 | [\\s\\S]*? | Strings starting with '<!--' and with many repetitions of '<!--' can start matching anywhere after the start of the preceeding <!--[\\s\\S]*?--[ \\t\\n\\r]*> |
 | regexplib/markup.js:11:6:11:8 | .*? | Strings starting with '<!--' and with many repetitions of '<!--' can start matching anywhere after the start of the preceeding <!--.*?--> |
 | regexplib/markup.js:12:40:12:42 | .*? | Strings starting with '<!--[if' and with many repetitions of '<!--[if' can start matching anywhere after the start of the preceeding (<!--\\[if.*?<!\\[endif\\]-->) |
@@ -282,7 +284,7 @@
 | regexplib/misc.js:112:32:112:34 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{3}\\)?\\s*\\d{3}\\s*\\d{4}\\s*) |
 | regexplib/misc.js:114:6:114:8 | \\\|+ | Strings starting with 'a' and with many repetitions of '\|' can start matching anywhere after the start of the preceeding .+ |
 | regexplib/misc.js:116:3:116:4 | .* | Strings starting with '{' and with many repetitions of '{' can start matching anywhere after the start of the preceeding {.*} |
-| regexplib/misc.js:117:25:117:26 | .+ | Strings starting with '{a}' and with many repetitions of 'a)' can start matching anywhere after the start of the preceeding .+ |
+| regexplib/misc.js:117:25:117:26 | .+ | Strings starting with '(a}' and with many repetitions of 'a)' can start matching anywhere after the start of the preceeding .+ |
 | regexplib/misc.js:119:20:119:22 | \\w+ | Strings with many repetitions of '0' can start matching anywhere after the start of the preceeding (NOT)?(\\s*\\(*)\\s*(\\w+)\\s*(=\|<>\|<\|>\|LIKE\|IN)\\s*(\\(([^\\)]*)\\)\|'([^']*)'\|(-?\\d*\\.?\\d+))(\\s*\\)*\\s*)(AND\|OR)? |
 | regexplib/misc.js:119:52:119:57 | [^\\)]* | Strings starting with '0=(' and with many repetitions of '0<((' can start matching anywhere after the start of the preceeding (NOT)?(\\s*\\(*)\\s*(\\w+)\\s*(=\|<>\|<\|>\|LIKE\|IN)\\s*(\\(([^\\)]*)\\)\|'([^']*)'\|(-?\\d*\\.?\\d+))(\\s*\\)*\\s*)(AND\|OR)? |
 | regexplib/misc.js:123:36:123:38 | .*? | Strings starting with '?se[A' and with many repetitions of '?se[Aa' can start matching anywhere after the start of the preceeding (?s)(?:\\e\\[(?:(\\d+);?)*([A-Za-z])(.*?))(?=\\e\\[\|\\z) |
@@ -339,7 +341,7 @@
 | regexplib/strings.js:53:65:53:73 | [a-z0-9]+ | Strings starting with '0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [a-z0-9]+ |
 | regexplib/strings.js:54:20:54:22 | \\w+ | Strings with many repetitions of '0' can start matching anywhere after the start of the preceeding (NOT)?(\\s*\\(*)\\s*(\\w+)\\s*(=\|<>\|<\|>\|LIKE\|IN)\\s*(\\(([^\\)]*)\\)\|'([^']*)'\|(-?\\d*\\.?\\d+))(\\s*\\)*\\s*)(AND\|OR)? |
 | regexplib/strings.js:54:52:54:57 | [^\\)]* | Strings starting with '0=(' and with many repetitions of '0<((' can start matching anywhere after the start of the preceeding (NOT)?(\\s*\\(*)\\s*(\\w+)\\s*(=\|<>\|<\|>\|LIKE\|IN)\\s*(\\(([^\\)]*)\\)\|'([^']*)'\|(-?\\d*\\.?\\d+))(\\s*\\)*\\s*)(AND\|OR)? |
-| regexplib/strings.js:56:52:56:53 | .+ | Strings starting with 'PRN.' and with many repetitions of '.' can start matching anywhere after the start of the preceeding .* |
+| regexplib/strings.js:56:52:56:53 | .+ | Strings starting with 'AUX.' and with many repetitions of '.' can start matching anywhere after the start of the preceeding .* |
 | regexplib/strings.js:57:36:57:38 | .*? | Strings starting with '?se[A' and with many repetitions of '?se[Aa' can start matching anywhere after the start of the preceeding (?s)(?:\\e\\[(?:(\\d+);?)*([A-Za-z])(.*?))(?=\\e\\[\|\\z) |
 | regexplib/strings.js:64:3:64:5 | \\w+ | Strings with many repetitions of '0' can start matching anywhere after the start of the preceeding (\\w+)\\s+\\1 |
 | regexplib/strings.js:70:6:70:17 | [a-zA-Z,\\s]+ | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding \\s* |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql
index 007683e1c4a..5b5d5eb14ab 100644
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql
@@ -1,4 +1,5 @@
-import semmle.javascript.security.regexp.SuperlinearBackTracking
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
+import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>
 
 from PolynomialBackTrackingTerm t
 select t, t.getReason()
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
index 3df7db24964..cc3b7184c27 100644
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
@@ -28,6 +28,15 @@ nodes
 | lib/lib.js:35:28:35:31 | name |
 | lib/lib.js:36:13:36:16 | name |
 | lib/lib.js:36:13:36:16 | name |
+| lib/lib.js:41:32:41:35 | name |
+| lib/lib.js:41:32:41:35 | name |
+| lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:44:5:44:25 | name |
+| lib/lib.js:44:12:44:15 | name |
+| lib/lib.js:44:12:44:25 | name.substr(1) |
+| lib/lib.js:45:17:45:20 | name |
+| lib/lib.js:45:17:45:20 | name |
 | lib/moduleLib/moduleLib.js:1:28:1:31 | name |
 | lib/moduleLib/moduleLib.js:1:28:1:31 | name |
 | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
@@ -249,6 +258,16 @@ edges
 | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name |
 | lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name |
 | lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name |
+| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name |
+| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name |
+| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name |
+| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) |
+| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name |
 | lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
 | lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
 | lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name |
@@ -440,6 +459,8 @@ edges
 | lib/lib.js:4:2:4:18 | regexp.test(name) | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'a'. | lib/lib.js:1:15:1:16 | a* | regular expression | lib/lib.js:3:28:3:31 | name | library input |
 | lib/lib.js:8:2:8:17 | /f*g/.test(name) | lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'f'. | lib/lib.js:8:3:8:4 | f* | regular expression | lib/lib.js:7:19:7:22 | name | library input |
 | lib/lib.js:36:2:36:17 | /f*g/.test(name) | lib/lib.js:32:32:32:40 | arguments | lib/lib.js:36:13:36:16 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'f'. | lib/lib.js:36:3:36:4 | f* | regular expression | lib/lib.js:32:32:32:40 | arguments | library input |
+| lib/lib.js:42:17:42:33 | name.match(/f*g/) | lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'f'. | lib/lib.js:42:29:42:30 | f* | regular expression | lib/lib.js:41:32:41:35 | name | library input |
+| lib/lib.js:45:17:45:33 | name.match(/f*g/) | lib/lib.js:41:32:41:35 | name | lib/lib.js:45:17:45:20 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'f'. | lib/lib.js:45:29:45:30 | f* | regular expression | lib/lib.js:41:32:41:35 | name | library input |
 | lib/moduleLib/moduleLib.js:2:2:2:17 | /a*b/.test(name) | lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'a'. | lib/moduleLib/moduleLib.js:2:3:2:4 | a* | regular expression | lib/moduleLib/moduleLib.js:1:28:1:31 | name | library input |
 | lib/otherLib/js/src/index.js:2:2:2:17 | /a*b/.test(name) | lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | This $@ that depends on $@ may run slow on strings with many repetitions of 'a'. | lib/otherLib/js/src/index.js:2:3:2:4 | a* | regular expression | lib/otherLib/js/src/index.js:1:28:1:31 | name | library input |
 | lib/snapdragon.js:7:15:7:32 | this.match(/aa*$/) | lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:7:15:7:18 | this | This $@ that depends on $@ may run slow on strings starting with 'a' and with many repetitions of 'a'. | lib/snapdragon.js:7:28:7:29 | a* | regular expression | lib/snapdragon.js:3:34:3:38 | input | library input |
@@ -490,8 +511,8 @@ edges
 | polynomial-redos.js:59:3:59:30 | /f(B\|Y) ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:59:23:59:29 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fB' and with many repetitions of 'B'. | polynomial-redos.js:59:11:59:14 | (.)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
 | polynomial-redos.js:62:3:62:24 | /^Y*Y*X ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:62:17:62:23 | tainted | This $@ that depends on $@ may run slow on strings with many repetitions of 'Y'. | polynomial-redos.js:62:7:62:8 | Y* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
 | polynomial-redos.js:63:3:63:28 | /^(K\|Y) ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:63:21:63:27 | tainted | This $@ that depends on $@ may run slow on strings starting with 'K' and with many repetitions of 'Y'. | polynomial-redos.js:63:11:63:12 | Y* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
-| polynomial-redos.js:64:3:64:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:64:24:64:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooK' and with many repetitions of 'Y'. | polynomial-redos.js:64:14:64:15 | Y* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
-| polynomial-redos.js:65:3:65:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:65:24:65:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooK' and with many repetitions of 'K'. | polynomial-redos.js:65:14:65:15 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
+| polynomial-redos.js:64:3:64:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:64:24:64:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooY' and with many repetitions of 'Y'. | polynomial-redos.js:64:14:64:15 | Y* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
+| polynomial-redos.js:65:3:65:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:65:24:65:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooY' and with many repetitions of 'K'. | polynomial-redos.js:65:14:65:15 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
 | polynomial-redos.js:66:3:66:26 | /(K\|Y). ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:66:19:66:25 | tainted | This $@ that depends on $@ may run slow on strings starting with 'K' and with many repetitions of 'K'. | polynomial-redos.js:66:9:66:10 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
 | polynomial-redos.js:67:3:67:25 | /[^Y].* ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:67:18:67:24 | tainted | This $@ that depends on $@ may run slow on strings starting with 'X' and with many repetitions of 'Z'. | polynomial-redos.js:67:8:67:9 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
 | polynomial-redos.js:69:3:69:26 | /[^Y].* ... q.body) | polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body | This $@ that depends on $@ may run slow on strings starting with 'X' and with many repetitions of 'X'. | polynomial-redos.js:69:8:69:9 | .* | regular expression | polynomial-redos.js:69:18:69:25 | req.body | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/ReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/ReDoS.expected
index 13a15e87c29..674a0dcc29e 100644
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/ReDoS.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/ReDoS.expected
@@ -19,11 +19,11 @@
 | polynomial-redos.js:41:52:41:63 | [\\x21-\\x7E]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '?'. |
 | polynomial-redos.js:46:33:46:45 | [a-zA-Z_0-9]* | This part of the regular expression may cause exponential backtracking on strings starting with 'A' and containing many repetitions of 'A'. |
 | regexplib/address.js:51:220:51:222 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O ' and containing many repetitions of '0'. |
-| regexplib/address.js:51:616:51:618 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with '0 0\\tC/O ' and containing many repetitions of '0'. |
-| regexplib/address.js:51:803:51:811 | [A-Za-z]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0 0\\t\\t' and containing many repetitions of 'A'. |
+| regexplib/address.js:51:616:51:618 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O 0\\tC/O ' and containing many repetitions of '0'. |
+| regexplib/address.js:51:803:51:811 | [A-Za-z]+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O 0\\t\\t' and containing many repetitions of 'A'. |
 | regexplib/address.js:75:220:75:222 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O ' and containing many repetitions of '0'. |
-| regexplib/address.js:75:616:75:618 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with '0 0\\tC/O ' and containing many repetitions of '0'. |
-| regexplib/address.js:75:803:75:811 | [A-Za-z]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0 0\\t\\t' and containing many repetitions of 'A'. |
+| regexplib/address.js:75:616:75:618 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O 0\\tC/O ' and containing many repetitions of '0'. |
+| regexplib/address.js:75:803:75:811 | [A-Za-z]+ | This part of the regular expression may cause exponential backtracking on strings starting with 'C/O 0\\t\\t' and containing many repetitions of 'A'. |
 | regexplib/dates.js:27:341:27:348 | [^\\(\\)]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '''. |
 | regexplib/email.js:1:16:1:22 | [-.\\w]* | This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'. |
 | regexplib/email.js:5:24:5:35 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'. |
@@ -43,7 +43,7 @@
 | regexplib/email.js:34:24:34:35 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'. |
 | regexplib/email.js:34:63:34:74 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0@0' and containing many repetitions of '0'. |
 | regexplib/markup.js:3:451:3:453 | .+? | This part of the regular expression may cause exponential backtracking on strings starting with '<?i:q\\t' and containing many repetitions of 'a\\t'. |
-| regexplib/markup.js:7:15:7:21 | [^\\\\"]* | This part of the regular expression may cause exponential backtracking on strings starting with '"!' and containing many repetitions of '!'. |
+| regexplib/markup.js:7:8:7:23 | (?:\\\\.\|[^\\\\"]*)* | This part of the regular expression may cause exponential backtracking on strings starting with '"!' and containing many repetitions of '!'. |
 | regexplib/markup.js:13:6:13:12 | [^"']+? | This part of the regular expression may cause exponential backtracking on strings starting with '<' and containing many repetitions of '!'. |
 | regexplib/markup.js:13:14:13:16 | .+? | This part of the regular expression may cause exponential backtracking on strings starting with '<' and containing many repetitions of 'a"'. |
 | regexplib/markup.js:17:17:17:19 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '<0\\t="' and containing many repetitions of '"\\t="'. |
@@ -51,12 +51,12 @@
 | regexplib/markup.js:24:47:24:118 | (\\s*=\\s*([-\\w\\.]{1,1024}\|&quot;[^&quot;]{0,1024}&quot;\|'[^']{0,1024}'))? | This part of the regular expression may cause exponential backtracking on strings starting with '&lt;A\\t!' and containing many repetitions of '\\t=-\\t!'. |
 | regexplib/markup.js:37:29:37:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings starting with '[0=' and containing many repetitions of '='. |
 | regexplib/markup.js:40:23:40:25 | \\w+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
-| regexplib/markup.js:40:132:40:134 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0[@0=''' and containing many repetitions of '\\t@0<""'. |
+| regexplib/markup.js:40:132:40:134 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0[@0<''' and containing many repetitions of '\\t@0<""'. |
 | regexplib/markup.js:47:43:47:45 | \\S+ | This part of the regular expression may cause exponential backtracking on strings starting with '&lt;A\\t' and containing many repetitions of '!=-\\t'. |
 | regexplib/markup.js:47:47:47:118 | (\\s*=\\s*([-\\w\\.]{1,1024}\|&quot;[^&quot;]{0,1024}&quot;\|'[^']{0,1024}'))? | This part of the regular expression may cause exponential backtracking on strings starting with '&lt;A\\t!' and containing many repetitions of '\\t=-\\t!'. |
 | regexplib/markup.js:53:29:53:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings starting with '[0=' and containing many repetitions of '='. |
 | regexplib/markup.js:56:23:56:25 | \\w+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
-| regexplib/markup.js:56:132:56:134 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0[@0=''' and containing many repetitions of '\\t@0<""'. |
+| regexplib/markup.js:56:132:56:134 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0[@0<''' and containing many repetitions of '\\t@0<""'. |
 | regexplib/misc.js:4:36:4:44 | [a-zA-Z]* | This part of the regular expression may cause exponential backtracking on strings starting with 'A' and containing many repetitions of 'A'. |
 | regexplib/misc.js:15:56:15:118 | (([^\\\\/:\\*\\?"\\\|<>\\. ])\|([^\\\\/:\\*\\?"\\\|<>]*[^\\\\/:\\*\\?"\\\|<>\\. ]))? | This part of the regular expression may cause exponential backtracking on strings starting with '!' and containing many repetitions of '!\\\\!'. |
 | regexplib/misc.js:24:56:24:118 | (([^\\\\/:\\*\\?"\\\|<>\\. ])\|([^\\\\/:\\*\\?"\\\|<>]*[^\\\\/:\\*\\?"\\\|<>\\. ]))? | This part of the regular expression may cause exponential backtracking on strings starting with '!' and containing many repetitions of '!\\\\!'. |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/lib/lib.js b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/lib/lib.js
index 5c892f328a3..73700dfbc6b 100644
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/lib/lib.js
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/lib/lib.js
@@ -36,4 +36,11 @@ function usedWithArguments(name) {
 	/f*g/.test(name); // NOT OK
 }
 
-module.exports.snapdragon = require("./snapdragon")
\ No newline at end of file
+module.exports.snapdragon = require("./snapdragon")
+
+module.exports.foo = function (name) {
+    var data1 = name.match(/f*g/); // NOT OK
+
+    name = name.substr(1);
+    var data2 = name.match(/f*g/); // NOT OK
+}
\ No newline at end of file
diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll
index d7c7df8e1fd..bf4d1dc2067 100644
--- a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll	
+++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll	
@@ -1,4 +1,5 @@
-/* Model of Osprey API implementations. */
+/** Model of Osprey API implementations. */
+
 import javascript
 import HTTP
 
diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll
index a871d5e751e..b110a339046 100644
--- a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll	
+++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll	
@@ -1,4 +1,5 @@
-/* Model of RAML specifications. */
+/** Model of RAML specifications. */
+
 import javascript
 import HTTP
 
diff --git a/misc/bazel/workspace.bzl b/misc/bazel/workspace.bzl
index 4248a09d47a..30b26103b99 100644
--- a/misc/bazel/workspace.bzl
+++ b/misc/bazel/workspace.bzl
@@ -1,15 +1,15 @@
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe")
 
-_swift_prebuilt_version = "swift-5.7-RELEASE.43809.66"
+_swift_prebuilt_version = "swift-5.7.1-RELEASE.44582.104"
 _swift_sha_map = {
-    "linux": "8c6480ed4b38bf46d2e55a97f08c38ae183bfeb68649f98193b7540b04428741",
-    "macos-x86_64": "ab103774b384a7f3f01c0d876699cae6afafe6cf2ee458b77b9aac6e08e4ca4d",
+  "Linux-X64": "8d94f2d75f2aa9ee8e5421318d2f07b27e095127c9be0156794a88d8e9a0f19a",
+  "macOS-X64": "5f0550d2924e7071d006a0c9802acbd9a11f0017073e4a1eb27b7ddc4764f3f2",
 }
 
 _swift_arch_map = {
-    "linux": "linux",
-    "macos-x86_64": "darwin_x86_64",
+    "Linux-X64": "linux",
+    "macOS-X64": "darwin_x86_64",
 }
 
 def codeql_workspace(repository_name = "codeql"):
@@ -22,10 +22,6 @@ def codeql_workspace(repository_name = "codeql"):
                 _swift_prebuilt_version,
                 repo_arch,
             ),
-            patches = [
-                "@%s//swift/third_party/swift-llvm-support:patches/remove_getFallthrougDest_assert.patch" % repository_name,
-            ],
-            patch_args = ["-p1"],
             build_file = "@%s//swift/third_party/swift-llvm-support:BUILD.swift-prebuilt.bazel" % repository_name,
             sha256 = sha256,
         )
diff --git a/misc/scripts/check-query-ids.py b/misc/scripts/check-query-ids.py
new file mode 100644
index 00000000000..aa06ae3a6a5
--- /dev/null
+++ b/misc/scripts/check-query-ids.py
@@ -0,0 +1,44 @@
+from pathlib import Path
+import re
+import sys
+from typing import Dict, List, Optional
+
+ID = re.compile(r" +\* +@id\s*(.*)")
+
+def get_query_id(query_path: Path) -> Optional[str]:
+    with open(query_path) as f:
+        for line in f:
+            m = ID.match(line)
+            if m:
+                return m.group(1)
+        return None
+
+def main():
+    # Map query IDs to paths of queries with those IDs. We want to check that this is a 1:1 map.
+    query_ids: Dict[str, List[str]] = {}
+
+    # Just check src folders for now to avoid churn
+    for query_path in Path().glob("**/src/**/*.ql"):
+        # Skip compiled query packs
+        if any(p == ".codeql" for p in query_path.parts):
+            continue
+        query_id = get_query_id(query_path)
+        if query_id is not None:
+            query_ids.setdefault(query_id, []).append(str(query_path))
+
+    fail = False
+    for query_id, query_paths in query_ids.items():
+        if len(query_paths) > 1:
+            fail = True
+            print(f"Query ID {query_id} is used in multiple queries:")
+            for query_path in query_paths:
+                print(f" - {query_path}")
+
+    if fail:
+        print("FAIL: duplicate query IDs found in src folders. Please assign these queries unique IDs.")
+        sys.exit(1)
+    else:
+        print("PASS: no duplicate query IDs found in src folders.")
+
+if __name__ == "__main__":
+    main()
diff --git a/misc/scripts/models-as-data/convert_extensions.py b/misc/scripts/models-as-data/convert_extensions.py
index ff5d5ee6cd5..51e1e30f389 100644
--- a/misc/scripts/models-as-data/convert_extensions.py
+++ b/misc/scripts/models-as-data/convert_extensions.py
@@ -74,7 +74,8 @@ class Converter:
         summaries = self.getAddsTo("ExtractSummaries.ql", helpers.summaryModelPredicate)
         sources = self.getAddsTo("ExtractSources.ql", helpers.sourceModelPredicate)
         sinks = self.getAddsTo("ExtractSinks.ql", helpers.sinkModelPredicate)
-        return merge(sources, sinks, summaries)
+        neutrals = self.getAddsTo("ExtractNeutrals.ql", helpers.neutralModelPredicate)
+        return merge(sources, sinks, summaries, neutrals)
 
 
     def save(self, extensions):
diff --git a/misc/scripts/models-as-data/generate_flow_model.py b/misc/scripts/models-as-data/generate_flow_model.py
index b2e8e1a2e52..30f90000d4c 100644
--- a/misc/scripts/models-as-data/generate_flow_model.py
+++ b/misc/scripts/models-as-data/generate_flow_model.py
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 
+import helpers
 import json
 import os
 import os.path
@@ -8,41 +9,56 @@ import subprocess
 import sys
 import tempfile
 
+def quote_if_needed(row):
+    if row != "true" and row != "false":
+        return "\"" + row + "\""
+    # subtypes column
+    return row
+
+def parseData(data):
+    rows = ""
+    for (row) in data:
+        d = row[0].split(';')
+        d = map(quote_if_needed, d)
+        rows += "      - [" + ', '.join(d) + ']\n'
+
+    return rows
+
 class Generator:
     def __init__ (self, language):
         self.language = language
         self.generateSinks = False
         self.generateSources = False
         self.generateSummaries = False
-        self.generateNegativeSummaries = False
+        self.generateNeutrals = False
         self.generateTypeBasedSummaries = False
         self.dryRun = False
+        self.dirname = "model-generator"
 
 
     def printHelp(self):
         print(f"""Usage:
-python3 GenerateFlowModel.py <library-database> <outputQll> [<friendlyFrameworkName>] [--with-sinks] [--with-sources] [--with-summaries] [--with-typebased-summaries] [--dry-run]
+python3 GenerateFlowModel.py <library-database> <outputYml> [<friendlyFrameworkName>] [--with-sinks] [--with-sources] [--with-summaries] [--with-typebased-summaries] [--dry-run]
 
 This generates summary, source and sink models for the code in the database.
-The files will be placed in `{self.language}/ql/lib/semmle/code/{self.language}/frameworks/<outputQll>` where
-outputQll is the name (and path) of the output QLL file. Usually, models are grouped by their
+The files will be placed in `{self.language}/ql/lib/ext/generated/<outputYml>.model.yml` where
+outputYml is the name (and path) of the output YAML file. Usually, models are grouped by their
 respective frameworks.
-If negative summaries are produced a file prefixed with `Negative` will be generated and stored in the same folder.
 
 Which models are generated is controlled by the flags:
     --with-sinks
     --with-sources
     --with-summaries
-    --with-negative-summaries
-    --with-typebased-summaries
-If none of these flags are specified, all models are generated.
+    --with-neutrals
+    --with-typebased-summaries (Experimental)
+If none of these flags are specified, all models are generated except for the type based models.
 
     --dry-run: Only run the queries, but don't write to file.
 
 Example invocations:
-$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db "mylibrary/Framework.qll"
-$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db "mylibrary/Framework.qll" "Friendly Name of Framework"
-$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db "mylibrary/FrameworkSinks.qll" --with-sinks
+$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db mylibrary
+$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db mylibrary "Friendly Name of Framework"
+$ python3 GenerateFlowModel.py /tmp/dbs/my_library_db --with-sinks
 
 Requirements: `codeql` should both appear on your path.
     """)
@@ -50,22 +66,19 @@ Requirements: `codeql` should both appear on your path.
 
     def setenvironment(self, target, database, friendlyName):
         self.codeQlRoot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
-        if not target.endswith(".qll"):
-            target += ".qll"
+        if not target.endswith(".model.yml"):
+            target += ".model.yml"
         filename = os.path.basename(target)
-        dirname = os.path.dirname(target)
         if friendlyName is not None:
             self.friendlyname = friendlyName
         else:
-            self.friendlyname = filename[:-4]
-        self.shortname = filename[:-4]
+            self.friendlyname = filename[:-10]
+        self.shortname = filename[:-10]
         self.database = database
         self.generatedFrameworks = os.path.join(
-            self.codeQlRoot, f"{self.language}/ql/lib/semmle/code/{self.language}/frameworks/")
-        self.frameworkTarget = os.path.join(self.generatedFrameworks, dirname, filename)
-        self.negativeFrameworkTarget = os.path.join(self.generatedFrameworks, dirname, "Negative" + filename)
-        self.typeBasedFrameworkTarget = os.path.join(self.generatedFrameworks, dirname, "TypeBased" + filename)
-
+            self.codeQlRoot, f"{self.language}/ql/lib/ext/generated/")
+        self.frameworkTarget = os.path.join(self.generatedFrameworks, filename)
+        self.typeBasedFrameworkTarget = os.path.join(self.generatedFrameworks, "TypeBased" + filename)
         self.workDir = tempfile.mkdtemp()
         os.makedirs(self.generatedFrameworks, exist_ok=True)
 
@@ -89,9 +102,9 @@ Requirements: `codeql` should both appear on your path.
             sys.argv.remove("--with-summaries")
             generator.generateSummaries = True
 
-        if "--with-negative-summaries" in sys.argv:
-            sys.argv.remove("--with-negative-summaries")
-            generator.generateNegativeSummaries = True
+        if "--with-neutrals" in sys.argv:
+            sys.argv.remove("--with-neutrals")
+            generator.generateNeutrals = True
 
         if "--with-typebased-summaries" in sys.argv:
             sys.argv.remove("--with-typebased-summaries")
@@ -101,8 +114,8 @@ Requirements: `codeql` should both appear on your path.
             sys.argv.remove("--dry-run")
             generator.dryRun = True
 
-        if not generator.generateSinks and not generator.generateSources and not generator.generateSummaries and not generator.generateNegativeSummaries and not generator.generateTypeBasedSummaries:
-            generator.generateSinks = generator.generateSources = generator.generateSummaries = generator.generateNegativeSummaries = True
+        if not generator.generateSinks and not generator.generateSources and not generator.generateSummaries and not generator.generateNeutrals and not generator.generateTypeBasedSummaries:
+            generator.generateSinks = generator.generateSources = generator.generateSummaries = generator.generateNeutrals = True
 
         if len(sys.argv) < 3 or len(sys.argv) > 4:
             generator.printHelp()
@@ -114,166 +127,84 @@ Requirements: `codeql` should both appear on your path.
 
         generator.setenvironment(sys.argv[2], sys.argv[1], friendlyName)
         return generator
+    
 
-
-    def runQuery(self, infoMessage, query):
-        print("########## Querying " + infoMessage + "...")
-        queryFile = os.path.join(self.codeQlRoot, f"{self.language}/ql/src/utils/model-generator", query)
+    def runQuery(self, query):
+        print("########## Querying " + query + "...")
+        queryFile = os.path.join(self.codeQlRoot, f"{self.language}/ql/src/utils/{self.dirname}", query)
         resultBqrs = os.path.join(self.workDir, "out.bqrs")
-        cmd = ['codeql', 'query', 'run', queryFile, '--database',
-               self.database, '--output', resultBqrs, '--threads', '8']
 
-        ret = subprocess.call(cmd)
-        if ret != 0:
-            print("Failed to generate " + infoMessage +
-                  ". Failed command was: " + shlex.join(cmd))
-            sys.exit(1)
-        return self.readRows(resultBqrs)
+        helpers.run_cmd(['codeql', 'query', 'run', queryFile, '--database',
+               self.database, '--output', resultBqrs, '--threads', '8'], "Failed to generate " + query)
+
+        return helpers.readData(self.workDir, resultBqrs)
 
 
-    def readRows(self, bqrsFile):
-        generatedJson = os.path.join(self.workDir, "out.json")
-        cmd = ['codeql', 'bqrs', 'decode', bqrsFile,
-               '--format=json', '--output', generatedJson]
-        ret = subprocess.call(cmd)
-        if ret != 0:
-            print("Failed to decode BQRS. Failed command was: " + shlex.join(cmd))
-            sys.exit(1)
-
-        with open(generatedJson) as f:
-            results = json.load(f)
-
-        try:
-            results['#select']['tuples']
-        except KeyError:
-            print('Unexpected JSON output - no tuples found')
-            exit(1)
-
-        rows = ""
-        for (row) in results['#select']['tuples']:
-            rows += "            \"" + row[0] + "\",\n"
-
-        return rows[:-2]
-
-
-    def asCsvModel(self, superclass, kind, rows):
-        classTemplate = """
-private class {0}{1}Csv extends {2} {{
-    override predicate row(string row) {{
-        row =
-            [
-{3}
-            ]
-    }}
-}}
-        """
+    def asAddsTo(self, rows, predicate):
         if rows.strip() == "":
             return ""
-        return classTemplate.format(self.shortname[0].upper() + self.shortname[1:], kind.capitalize(), superclass, rows)
+        return helpers.addsToTemplate.format(f"codeql/{self.language}-all", predicate, rows)
+
+
+    def getAddsTo(self, query, predicate):
+        data = self.runQuery(query)
+        rows = parseData(data)
+        return self.asAddsTo(rows, predicate)
 
 
     def makeContent(self):
         if self.generateSummaries:
-            summaryRows = self.runQuery("summary models", "CaptureSummaryModels.ql")
-            summaryCsv = self.asCsvModel("SummaryModelCsv", "summary", summaryRows)
+            summaryAddsTo = self.getAddsTo("CaptureSummaryModels.ql", helpers.summaryModelPredicate)
         else:
-            summaryCsv = ""
+            summaryAddsTo = ""
 
         if self.generateSinks:
-            sinkRows = self.runQuery("sink models", "CaptureSinkModels.ql")
-            sinkCsv = self.asCsvModel("SinkModelCsv", "sinks", sinkRows)
+            sinkAddsTo = self.getAddsTo("CaptureSinkModels.ql", helpers.sinkModelPredicate)
         else:
-            sinkCsv = ""
+            sinkAddsTo = ""
 
         if self.generateSources:
-            sourceRows = self.runQuery("source models", "CaptureSourceModels.ql")
-            sourceCsv = self.asCsvModel("SourceModelCsv", "sources", sourceRows)
+            sourceAddsTo = self.getAddsTo("CaptureSourceModels.ql", helpers.sourceModelPredicate)
         else:
-            sourceCsv = ""
+            sourceAddsTo = ""
 
-        return f"""
-/** 
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of taint steps in the {self.friendlyname} framework.
- */
-
-import {self.language}
-private import semmle.code.{self.language}.dataflow.ExternalFlow
-
-{sinkCsv}
-{sourceCsv}
-{summaryCsv}
-
-        """
-
-    def makeNegativeContent(self):
-        if self.generateNegativeSummaries:
-            negativeSummaryRows = self.runQuery("negative summary models", "CaptureNegativeSummaryModels.ql")
-            negativeSummaryCsv = self.asCsvModel("NegativeSummaryModelCsv", "NegativeSummary", negativeSummaryRows)
+        if self.generateNeutrals:
+            neutralAddsTo = self.getAddsTo("CaptureNeutralModels.ql", helpers.neutralModelPredicate)
         else:
-            negativeSummaryCsv = ""
-
-        return f"""
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of negative summaries in the {self.friendlyname} framework.
- */
-
-import {self.language}
-private import semmle.code.{self.language}.dataflow.ExternalFlow
-
-{negativeSummaryCsv}
-
-        """
+            neutralAddsTo = ""
+        
+        return f"""# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Definitions of models for the {self.friendlyname} framework.
+extensions:
+{sinkAddsTo}{sourceAddsTo}{summaryAddsTo}{neutralAddsTo}"""
 
     def makeTypeBasedContent(self):
         if self.generateTypeBasedSummaries:
-            typeBasedSummaryRows = self.runQuery("type based summary models", "CaptureTypeBasedSummaryModels.ql")
-            typeBasedSummaryCsv = self.asCsvModel("SummaryModelCsv", "TypeBasedSummary", typeBasedSummaryRows)
+            typeBasedSummaryAddsTo = self.getAddsTo("CaptureTypeBasedSummaryModels.ql", "extSummaryModel")
         else:
-            typeBasedSummaryCsv = ""
+            typeBasedSummaryAddsTo = ""
 
-        return f"""
-/**
- * THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
- * Definitions of type based summaries in the {self.friendlyname} framework.
- */
-
-import {self.language}
-private import semmle.code.{self.language}.dataflow.ExternalFlow
-
-{typeBasedSummaryCsv}
-
-        """
+        return f"""# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Definitions of type based summaries in the {self.friendlyname} framework.
+extensions:
+{typeBasedSummaryAddsTo}"""
 
     def save(self, content, target):
-        with open(target, "w") as targetQll:
-            targetQll.write(content)
-
-        cmd = ['codeql', 'query', 'format', '--in-place', target]
-        ret = subprocess.call(cmd)
-        if ret != 0:
-            print("Failed to format query. Failed command was: " + shlex.join(cmd))
-            sys.exit(1)
-
-        print("")
-        print("CSV model written to " + target)
+        with open(target, "w") as targetYml:
+            targetYml.write(content)
+        print("Models as data extensions written to " + target)
 
 
     def run(self):
         content = self.makeContent()
-        negativeContent = self.makeNegativeContent()
         typeBasedContent = self.makeTypeBasedContent()
 
         if self.dryRun:
-            print("CSV Models generated, but not written to file.")
+            print("Models as data extensions generated, but not written to file.")
             sys.exit(0)
         
         if self.generateSinks or self.generateSinks or self.generateSummaries:
             self.save(content, self.frameworkTarget)
 
-        if self.generateNegativeSummaries:
-            self.save(negativeContent, self.negativeFrameworkTarget)
-
         if self.generateTypeBasedSummaries:
             self.save(typeBasedContent, self.typeBasedFrameworkTarget)
diff --git a/misc/scripts/models-as-data/generate_flow_model_extensions.py b/misc/scripts/models-as-data/generate_flow_model_extensions.py
deleted file mode 100644
index 5367f87b1f6..00000000000
--- a/misc/scripts/models-as-data/generate_flow_model_extensions.py
+++ /dev/null
@@ -1,219 +0,0 @@
-#!/usr/bin/python3
-
-import helpers
-import json
-import os
-import os.path
-import shlex
-import subprocess
-import sys
-import tempfile
-
-def quote_if_needed(row):
-    if row != "true" and row != "false":
-        return "\"" + row + "\""
-    # subtypes column
-    return row
-
-def parseData(data):
-    rows = ""
-    for (row) in data:
-        d = row[0].split(';')
-        d = map(quote_if_needed, d)
-        rows += "      - [" + ', '.join(d) + ']\n'
-
-    return rows
-
-class Generator:
-    def __init__ (self, language):
-        self.language = language
-        self.generateSinks = False
-        self.generateSources = False
-        self.generateSummaries = False
-        self.generateNegativeSummaries = False
-        self.generateTypeBasedSummaries = False
-        self.dryRun = False
-        self.dirname = "model-generator"
-
-
-    def printHelp(self):
-        print(f"""Usage:
-python3 GenerateFlowModelExtensions.py <library-database> <outputYml> [<friendlyFrameworkName>] [--with-sinks] [--with-sources] [--with-summaries] [--with-typebased-summaries] [--dry-run]
-
-This generates summary, source and sink models for the code in the database.
-The files will be placed in `{self.language}/ql/lib/ext/generated/<outputYml>.model.yml` where
-outputYml is the name (and path) of the output YAML file. Usually, models are grouped by their
-respective frameworks.
-
-Which models are generated is controlled by the flags:
-    --with-sinks
-    --with-sources
-    --with-summaries
-    --with-negative-summaries
-    --with-typebased-summaries (Experimental - only for C#)
-If none of these flags are specified, all models are generated except for the type based models.
-
-    --dry-run: Only run the queries, but don't write to file.
-
-Example invocations:
-$ python3 GenerateFlowModelExtensions.py /tmp/dbs/my_library_db mylibrary
-$ python3 GenerateFlowModelExtensions.py /tmp/dbs/my_library_db mylibrary "Friendly Name of Framework"
-$ python3 GenerateFlowModelExtensions.py /tmp/dbs/my_library_db --with-sinks
-
-Requirements: `codeql` should both appear on your path.
-    """)
-
-
-    def setenvironment(self, target, database, friendlyName):
-        self.codeQlRoot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
-        if not target.endswith(".model.yml"):
-            target += ".model.yml"
-        filename = os.path.basename(target)
-        if friendlyName is not None:
-            self.friendlyname = friendlyName
-        else:
-            self.friendlyname = filename[:-10]
-        self.shortname = filename[:-10]
-        self.database = database
-        self.generatedFrameworks = os.path.join(
-            self.codeQlRoot, f"{self.language}/ql/lib/ext/generated/")
-        self.frameworkTarget = os.path.join(self.generatedFrameworks, filename)
-        self.typeBasedFrameworkTarget = os.path.join(self.generatedFrameworks, "TypeBased" + filename)
-        self.workDir = tempfile.mkdtemp()
-        os.makedirs(self.generatedFrameworks, exist_ok=True)
-
-
-    @staticmethod
-    def make(language):
-        generator = Generator(language)
-        if any(s == "--help" for s in sys.argv):
-            generator.printHelp()
-            sys.exit(0)
-
-        if "--with-sinks" in sys.argv:
-            sys.argv.remove("--with-sinks")
-            generator.generateSinks = True
-
-        if "--with-sources" in sys.argv:
-            sys.argv.remove("--with-sources")
-            generator.generateSources = True
-
-        if "--with-summaries" in sys.argv:
-            sys.argv.remove("--with-summaries")
-            generator.generateSummaries = True
-
-        if "--with-negative-summaries" in sys.argv:
-            sys.argv.remove("--with-negative-summaries")
-            generator.generateNegativeSummaries = True
-
-        if "--with-typebased-summaries" in sys.argv:
-            sys.argv.remove("--with-typebased-summaries")
-            generator.generateTypeBasedSummaries = True
-
-        if "--dry-run" in sys.argv:
-            sys.argv.remove("--dry-run")
-            generator.dryRun = True
-
-        if not generator.generateSinks and not generator.generateSources and not generator.generateSummaries and not generator.generateNegativeSummaries and not generator.generateTypeBasedSummaries:
-            generator.generateSinks = generator.generateSources = generator.generateSummaries = generator.generateNegativeSummaries = True
-
-        if len(sys.argv) < 3 or len(sys.argv) > 4:
-            generator.printHelp()
-            sys.exit(1)
-
-        friendlyName = None
-        if len(sys.argv) == 4:
-            friendlyName = sys.argv[3]
-
-        generator.setenvironment(sys.argv[2], sys.argv[1], friendlyName)
-        return generator
-    
-
-    def runQuery(self, query):
-        print("########## Querying " + query + "...")
-        queryFile = os.path.join(self.codeQlRoot, f"{self.language}/ql/src/utils/{self.dirname}", query)
-        resultBqrs = os.path.join(self.workDir, "out.bqrs")
-
-        helpers.run_cmd(['codeql', 'query', 'run', queryFile, '--database',
-               self.database, '--output', resultBqrs, '--threads', '8'], "Failed to generate " + query)
-
-        return helpers.readData(self.workDir, resultBqrs)
-
-
-    def asAddsTo(self, rows, predicate):
-        if rows.strip() == "":
-            return ""
-        return helpers.addsToTemplate.format(f"codeql/{self.language}-all", predicate, rows)
-
-
-    def getAddsTo(self, query, predicate):
-        data = self.runQuery(query)
-        rows = parseData(data)
-        return self.asAddsTo(rows, predicate)
-
-
-    def makeContent(self):
-        if self.generateSummaries:
-            summaryAddsTo = self.getAddsTo("CaptureSummaryModels.ql", helpers.summaryModelPredicate)
-        else:
-            summaryAddsTo = ""
-
-        if self.generateSinks:
-            sinkAddsTo = self.getAddsTo("CaptureSinkModels.ql", helpers.sinkModelPredicate)
-        else:
-            sinkAddsTo = ""
-
-        if self.generateSources:
-            sourceAddsTo = self.getAddsTo("CaptureSourceModels.ql", helpers.sourceModelPredicate)
-        else:
-            sourceAddsTo = ""
-
-        if self.generateNegativeSummaries:
-            negativeSummaryAddsTo = self.getAddsTo("CaptureNegativeSummaryModels.ql", "extNegativeSummaryModel")
-        else:
-            negativeSummaryAddsTo = ""
-        
-        return f""" 
-# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
-# Definitions of taint steps in the {self.friendlyname} framework.
-
-extensions:
-{sinkAddsTo}
-{sourceAddsTo}
-{summaryAddsTo}
-{negativeSummaryAddsTo}
-        """
-
-    def makeTypeBasedContent(self):
-        if self.generateTypeBasedSummaries:
-            typeBasedSummaryAddsTo = self.getAddsTo("CaptureTypeBasedSummaryModels.ql", "extSummaryModel")
-        else:
-            typeBasedSummaryAddsTo = ""
-
-        return f"""
-# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
-# Definitions of type based summaries in the {self.friendlyname} framework.
-
-extensions:
-{typeBasedSummaryAddsTo}
-        """
-
-    def save(self, content, target):
-        with open(target, "w") as targetYml:
-            targetYml.write(content)
-        print("Models as data extensions written to " + target)
-
-
-    def run(self):
-        content = self.makeContent()
-        typeBasedContent = self.makeTypeBasedContent()
-
-        if self.dryRun:
-            print("Models as data extensions generated, but not written to file.")
-            sys.exit(0)
-        
-        if self.generateSinks or self.generateSinks or self.generateSummaries:
-            self.save(content, self.frameworkTarget)
-
-        if self.generateTypeBasedSummaries:
-            self.save(typeBasedContent, self.typeBasedFrameworkTarget)
diff --git a/misc/scripts/models-as-data/helpers.py b/misc/scripts/models-as-data/helpers.py
index cc69cee53c0..58594102037 100644
--- a/misc/scripts/models-as-data/helpers.py
+++ b/misc/scripts/models-as-data/helpers.py
@@ -4,9 +4,10 @@ import shutil
 import subprocess
 
 # Shared strings.
-summaryModelPredicate = "extSummaryModel"
-sinkModelPredicate = "extSinkModel"
-sourceModelPredicate = "extSourceModel"
+summaryModelPredicate = "summaryModel"
+sinkModelPredicate = "sinkModel"
+sourceModelPredicate = "sourceModel"
+neutralModelPredicate = "neutralModel"
 addsToTemplate = """  - addsTo:
       pack: {0}
       extensible: {1}
diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md
index e3d9cec6f66..c7efd60a3c7 100644
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.3.6
+
+No user-facing changes.
+
+## 0.3.5
+
+No user-facing changes.
+
+## 0.3.4
+
+No user-facing changes.
+
 ## 0.3.3
 
 No user-facing changes.
diff --git a/misc/suite-helpers/change-notes/released/0.3.4.md b/misc/suite-helpers/change-notes/released/0.3.4.md
new file mode 100644
index 00000000000..5fae94b07c9
--- /dev/null
+++ b/misc/suite-helpers/change-notes/released/0.3.4.md
@@ -0,0 +1,3 @@
+## 0.3.4
+
+No user-facing changes.
diff --git a/misc/suite-helpers/change-notes/released/0.3.5.md b/misc/suite-helpers/change-notes/released/0.3.5.md
new file mode 100644
index 00000000000..7a86712e637
--- /dev/null
+++ b/misc/suite-helpers/change-notes/released/0.3.5.md
@@ -0,0 +1,3 @@
+## 0.3.5
+
+No user-facing changes.
diff --git a/misc/suite-helpers/change-notes/released/0.3.6.md b/misc/suite-helpers/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/misc/suite-helpers/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml
index 9da182d3394..7bbaa8987dd 100644
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.6
diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml
index 6a377895b2a..5ecfc312c46 100644
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.3.4-dev
+version: 0.4.0-dev
 groups: shared
diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md
index ee84607f683..793438c4fb6 100644
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.6.6
+
+No user-facing changes.
+
+## 0.6.5
+
+No user-facing changes.
+
+## 0.6.4
+
+### Minor Analysis Improvements
+
+ * The ReDoS libraries in `semmle.code.python.security.regexp` have been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
+
 ## 0.6.3
 
 No user-facing changes.
diff --git a/python/ql/lib/change-notes/2022-11-17-deleted-deps.md b/python/ql/lib/change-notes/2022-11-17-deleted-deps.md
new file mode 100644
index 00000000000..6d366b9c114
--- /dev/null
+++ b/python/ql/lib/change-notes/2022-11-17-deleted-deps.md
@@ -0,0 +1,7 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `importNode` predicate from the `DataFlowUtil.qll` file.
+* Deleted the deprecated features from `PEP249.qll` that were not inside the `PEP249` module.
+* Deleted the deprecated `werkzeug` from the `Werkzeug` module in `Werkzeug.qll`.
+* Deleted the deprecated `methodResult` predicate from `PEP249::Cursor`.
\ No newline at end of file
diff --git a/python/ql/lib/change-notes/2022-11-17-py-pam-improve.md b/python/ql/lib/change-notes/2022-11-17-py-pam-improve.md
new file mode 100644
index 00000000000..78a267d3caa
--- /dev/null
+++ b/python/ql/lib/change-notes/2022-11-17-py-pam-improve.md
@@ -0,0 +1,4 @@
+---
+ category: majorAnalysis
+---
+* The _PAM authorization bypass due to incorrect usage_ (`py/pam-auth-bypass`) query has been converted to a taint-tracking query, resulting in significantly fewer false positives.
diff --git a/python/ql/lib/change-notes/2022-11-21-module-resolution-rewrite.md b/python/ql/lib/change-notes/2022-11-21-module-resolution-rewrite.md
new file mode 100644
index 00000000000..fa04c07e9d5
--- /dev/null
+++ b/python/ql/lib/change-notes/2022-11-21-module-resolution-rewrite.md
@@ -0,0 +1,5 @@
+---
+ category: minorAnalysis
+---
+ * The data-flow library has been rewritten to no longer rely on the points-to analysis in order to
+   resolve references to modules. Improvements in the module resolution can lead to more results.
diff --git a/python/ql/lib/change-notes/2022-12-03-new-stdlib-cmdi-sinks.md b/python/ql/lib/change-notes/2022-12-03-new-stdlib-cmdi-sinks.md
new file mode 100644
index 00000000000..ca2fa376a5d
--- /dev/null
+++ b/python/ql/lib/change-notes/2022-12-03-new-stdlib-cmdi-sinks.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+- Added `subprocess.getoutput` and `subprocess.getoutputstatus` as new command injection sinks for the StdLib.
+
diff --git a/python/ql/lib/change-notes/released/0.6.4.md b/python/ql/lib/change-notes/released/0.6.4.md
new file mode 100644
index 00000000000..9f12960721c
--- /dev/null
+++ b/python/ql/lib/change-notes/released/0.6.4.md
@@ -0,0 +1,5 @@
+## 0.6.4
+
+### Minor Analysis Improvements
+
+ * The ReDoS libraries in `semmle.code.python.security.regexp` have been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
diff --git a/python/ql/lib/change-notes/released/0.6.5.md b/python/ql/lib/change-notes/released/0.6.5.md
new file mode 100644
index 00000000000..b2bc387588d
--- /dev/null
+++ b/python/ql/lib/change-notes/released/0.6.5.md
@@ -0,0 +1,3 @@
+## 0.6.5
+
+No user-facing changes.
diff --git a/python/ql/lib/change-notes/released/0.6.6.md b/python/ql/lib/change-notes/released/0.6.6.md
new file mode 100644
index 00000000000..ab10d897be1
--- /dev/null
+++ b/python/ql/lib/change-notes/released/0.6.6.md
@@ -0,0 +1,3 @@
+## 0.6.6
+
+No user-facing changes.
diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml
index b7dafe32c5d..f4cae0a77ad 100644
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.6
diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml
index 9d8ac91c0a6..7da58edd333 100644
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,7 +1,11 @@
 name: codeql/python-all
-version: 0.6.4-dev
+version: 0.7.0-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
 library: true
 upgrades: upgrades
+dependencies:
+  codeql/regex: ${workspace}
+dataExtensions:
+  - semmle/python/frameworks/**/model.yml
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
index fe091f84e9c..b4d2a64cb45 100644
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -9,6 +9,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.Frameworks
+private import semmle.python.security.internal.EncryptionKeySizes
 
 /**
  * A data-flow node that executes an operating system command,
@@ -311,7 +312,7 @@ module CodeExecution {
  * Often, it is worthy of an alert if an SQL statement is constructed such that
  * executing it would be a security risk.
  *
- * If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
+ * If it is important that the SQL statement is indeed executed, then use `SqlExecution`.
  *
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `SqlConstruction::Range` instead.
@@ -329,7 +330,7 @@ module SqlConstruction {
    * Often, it is worthy of an alert if an SQL statement is constructed such that
    * executing it would be a security risk.
    *
-   * If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
+   * If it is important that the SQL statement is indeed executed, then use `SqlExecution`.
    *
    * Extend this class to model new APIs. If you want to refine existing API models,
    * extend `SqlConstruction` instead.
@@ -1141,21 +1142,21 @@ module Cryptography {
       abstract class RsaRange extends Range {
         final override string getName() { result = "RSA" }
 
-        final override int minimumSecureKeySize() { result = 2048 }
+        final override int minimumSecureKeySize() { result = minSecureKeySizeRsa() }
       }
 
       /** A data-flow node that generates a new DSA key-pair. */
       abstract class DsaRange extends Range {
         final override string getName() { result = "DSA" }
 
-        final override int minimumSecureKeySize() { result = 2048 }
+        final override int minimumSecureKeySize() { result = minSecureKeySizeDsa() }
       }
 
       /** A data-flow node that generates a new ECC key-pair. */
       abstract class EccRange extends Range {
         final override string getName() { result = "ECC" }
 
-        final override int minimumSecureKeySize() { result = 224 }
+        final override int minimumSecureKeySize() { result = minSecureKeySizeEcc() }
       }
     }
   }
diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll
index 808a784d472..dea896ebbc7 100644
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -2,6 +2,14 @@
 
 import python
 private import semmle.python.regex
+private import codeql.regex.nfa.NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+// exporting as RegexTreeView, and in the top-level scope.
+import Impl as RegexTreeView
+import Impl
+
+/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
+RegExpTerm getParsedRegExp(StrConst re) { result.getRegex() = re and result.isRootTerm() }
 
 /**
  * An element containing a regular expression term, that is, either
@@ -12,7 +20,7 @@ private import semmle.python.regex
  * Otherwise, we wish to represent the term differently.
  * This avoids multiple representations of the same term.
  */
-newtype TRegExpParent =
+private newtype TRegExpParent =
   /** A string literal used as a regular expression */
   TRegExpLiteral(Regex re) or
   /** A quantified term */
@@ -48,343 +56,6 @@ newtype TRegExpParent =
   /** A back reference */
   TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) }
 
-/**
- * An element containing a regular expression term, that is, either
- * a string literal (parsed as a regular expression)
- * or another regular expression term.
- */
-class RegExpParent extends TRegExpParent {
-  /** Gets a textual representation of this element. */
-  string toString() { result = "RegExpParent" }
-
-  /** Gets the `i`th child term. */
-  abstract RegExpTerm getChild(int i);
-
-  /** Gets a child term . */
-  RegExpTerm getAChild() { result = this.getChild(_) }
-
-  /** Gets the number of child terms. */
-  int getNumChild() { result = count(this.getAChild()) }
-
-  /** Gets the associated regex. */
-  abstract Regex getRegex();
-}
-
-/** A string literal used as a regular expression */
-class RegExpLiteral extends TRegExpLiteral, RegExpParent {
-  Regex re;
-
-  RegExpLiteral() { this = TRegExpLiteral(re) }
-
-  override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() }
-
-  /** Holds if dot, `.`, matches all characters, including newlines. */
-  predicate isDotAll() { re.getAMode() = "DOTALL" }
-
-  /** Holds if this regex matching is case-insensitive for this regex. */
-  predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" }
-
-  /** Get a string representing all modes for this regex. */
-  string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") }
-
-  override Regex getRegex() { result = re }
-
-  /** Gets the primary QL class for this regex. */
-  string getPrimaryQLClass() { result = "RegExpLiteral" }
-}
-
-/**
- * A regular expression term, that is, a syntactic part of a regular expression.
- */
-class RegExpTerm extends RegExpParent {
-  Regex re;
-  int start;
-  int end;
-
-  RegExpTerm() {
-    this = TRegExpAlt(re, start, end)
-    or
-    this = TRegExpBackRef(re, start, end)
-    or
-    this = TRegExpCharacterClass(re, start, end)
-    or
-    this = TRegExpCharacterRange(re, start, end)
-    or
-    this = TRegExpNormalChar(re, start, end)
-    or
-    this = TRegExpGroup(re, start, end)
-    or
-    this = TRegExpQuantifier(re, start, end)
-    or
-    this = TRegExpSequence(re, start, end)
-    or
-    this = TRegExpSpecialChar(re, start, end)
-  }
-
-  /**
-   * Gets the outermost term of this regular expression.
-   */
-  RegExpTerm getRootTerm() {
-    this.isRootTerm() and result = this
-    or
-    result = this.getParent().(RegExpTerm).getRootTerm()
-  }
-
-  /**
-   * Holds if this term is part of a string literal
-   * that is interpreted as a regular expression.
-   */
-  predicate isUsedAsRegExp() { any() }
-
-  /**
-   * Holds if this is the root term of a regular expression.
-   */
-  predicate isRootTerm() { start = 0 and end = re.getText().length() }
-
-  override RegExpTerm getChild(int i) {
-    result = this.(RegExpAlt).getChild(i)
-    or
-    result = this.(RegExpBackRef).getChild(i)
-    or
-    result = this.(RegExpCharacterClass).getChild(i)
-    or
-    result = this.(RegExpCharacterRange).getChild(i)
-    or
-    result = this.(RegExpNormalChar).getChild(i)
-    or
-    result = this.(RegExpGroup).getChild(i)
-    or
-    result = this.(RegExpQuantifier).getChild(i)
-    or
-    result = this.(RegExpSequence).getChild(i)
-    or
-    result = this.(RegExpSpecialChar).getChild(i)
-  }
-
-  /**
-   * Gets the parent term of this regular expression term, or the
-   * regular expression literal if this is the root term.
-   */
-  RegExpParent getParent() { result.getAChild() = this }
-
-  override Regex getRegex() { result = re }
-
-  /** Gets the offset at which this term starts. */
-  int getStart() { result = start }
-
-  /** Gets the offset at which this term ends. */
-  int getEnd() { result = end }
-
-  override string toString() { result = re.getText().substring(start, end) }
-
-  /**
-   * Gets the location of the surrounding regex, as locations inside the regex do not exist.
-   * To get location information corresponding to the term inside the regex,
-   * use `hasLocationInfo`.
-   */
-  Location getLocation() { result = re.getLocation() }
-
-  /** Holds if this term is found at the specified location offsets. */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    exists(int re_start, int re_end |
-      re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, re_end) and
-      startcolumn = re_start + start + 4 and
-      endcolumn = re_start + end + 3
-    )
-  }
-
-  /** Gets the file in which this term is found. */
-  File getFile() { result = this.getLocation().getFile() }
-
-  /** Gets the raw source text of this term. */
-  string getRawValue() { result = this.toString() }
-
-  /** Gets the string literal in which this term is found. */
-  RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
-
-  /** Gets the regular expression term that is matched (textually) before this one, if any. */
-  RegExpTerm getPredecessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).previousElement(this)
-      or
-      not exists(parent.(RegExpSequence).previousElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getPredecessor()
-    )
-  }
-
-  /** Gets the regular expression term that is matched (textually) after this one, if any. */
-  RegExpTerm getSuccessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).nextElement(this)
-      or
-      not exists(parent.(RegExpSequence).nextElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getSuccessor()
-    )
-  }
-
-  /** Gets the primary QL class for this term. */
-  string getPrimaryQLClass() { result = "RegExpTerm" }
-}
-
-/**
- * A quantified regular expression term.
- *
- * Example:
- *
- * ```
- * ((ECMA|Java)[sS]cript)*
- * ```
- */
-class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
-  int part_end;
-  boolean maybe_empty;
-  boolean may_repeat_forever;
-
-  RegExpQuantifier() {
-    this = TRegExpQuantifier(re, start, end) and
-    re.qualifiedPart(start, part_end, end, maybe_empty, may_repeat_forever)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegex() = re and
-    result.getStart() = start and
-    result.getEnd() = part_end
-  }
-
-  /** Hols if this term may match an unlimited number of times. */
-  predicate mayRepeatForever() { may_repeat_forever = true }
-
-  /** Gets the qualifier for this term. That is e.g "?" for "a?". */
-  string getQualifier() { result = re.getText().substring(part_end, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpQuantifier" }
-}
-
-/**
- * A regular expression term that permits unlimited repetitions.
- */
-class InfiniteRepetitionQuantifier extends RegExpQuantifier {
-  InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
-}
-
-/**
- * A star-quantified term.
- *
- * Example:
- *
- * ```
- * \w*
- * ```
- */
-class RegExpStar extends InfiniteRepetitionQuantifier {
-  RegExpStar() { this.getQualifier().charAt(0) = "*" }
-
-  override string getPrimaryQLClass() { result = "RegExpStar" }
-}
-
-/**
- * A plus-quantified term.
- *
- * Example:
- *
- * ```
- * \w+
- * ```
- */
-class RegExpPlus extends InfiniteRepetitionQuantifier {
-  RegExpPlus() { this.getQualifier().charAt(0) = "+" }
-
-  override string getPrimaryQLClass() { result = "RegExpPlus" }
-}
-
-/**
- * An optional term.
- *
- * Example:
- *
- * ```
- * ;?
- * ```
- */
-class RegExpOpt extends RegExpQuantifier {
-  RegExpOpt() { this.getQualifier().charAt(0) = "?" }
-
-  override string getPrimaryQLClass() { result = "RegExpOpt" }
-}
-
-/**
- * A range-quantified term
- *
- * Examples:
- *
- * ```
- * \w{2,4}
- * \w{2,}
- * \w{2}
- * ```
- */
-class RegExpRange extends RegExpQuantifier {
-  string upper;
-  string lower;
-
-  RegExpRange() { re.multiples(part_end, end, lower, upper) }
-
-  /** Gets the string defining the upper bound of this range, if any. */
-  string getUpper() { result = upper }
-
-  /** Gets the string defining the lower bound of this range, if any. */
-  string getLower() { result = lower }
-
-  /**
-   * Gets the upper bound of the range, if any.
-   *
-   * If there is no upper bound, any number of repetitions is allowed.
-   * For a term of the form `r{lo}`, both the lower and the upper bound
-   * are `lo`.
-   */
-  int getUpperBound() { result = this.getUpper().toInt() }
-
-  /** Gets the lower bound of the range. */
-  int getLowerBound() { result = this.getLower().toInt() }
-
-  override string getPrimaryQLClass() { result = "RegExpRange" }
-}
-
-/**
- * A sequence term.
- *
- * Example:
- *
- * ```
- * (ECMA|Java)Script
- * ```
- *
- * This is a sequence with the elements `(ECMA|Java)` and `Script`.
- */
-class RegExpSequence extends RegExpTerm, TRegExpSequence {
-  RegExpSequence() { this = TRegExpSequence(re, start, end) }
-
-  override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
-
-  /** Gets the element preceding `element` in this sequence. */
-  RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
-
-  /** Gets the element following `element` in this sequence. */
-  RegExpTerm nextElement(RegExpTerm element) {
-    exists(int i |
-      element = this.getChild(i) and
-      result = this.getChild(i + 1)
-    )
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpSequence" }
-}
-
 pragma[nomagic]
 private int seqChildEnd(Regex re, int start, int end, int i) {
   result = seqChild(re, start, end, i).getEnd()
@@ -411,619 +82,1045 @@ private RegExpTerm seqChild(Regex re, int start, int end, int i) {
   )
 }
 
-/**
- * An alternative term, that is, a term of the form `a|b`.
- *
- * Example:
- *
- * ```
- * ECMA|Java
- * ```
- */
-class RegExpAlt extends RegExpTerm, TRegExpAlt {
-  RegExpAlt() { this = TRegExpAlt(re, start, end) }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegex() = re and
-    result.getStart() = start and
-    exists(int part_end |
-      re.alternationOption(start, end, start, part_end) and
-      result.getEnd() = part_end
-    )
-    or
-    i > 0 and
-    result.getRegex() = re and
-    exists(int part_start |
-      part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
-    |
-      result.getStart() = part_start and
-      re.alternationOption(start, end, part_start, result.getEnd())
-    )
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpAlt" }
-}
-
-class RegExpCharEscape = RegExpEscape;
-
-/**
- * An escaped regular expression term, that is, a regular expression
- * term starting with a backslash, which is not a backreference.
- *
- * Example:
- *
- * ```
- * \.
- * \w
- * ```
- */
-class RegExpEscape extends RegExpNormalChar {
-  RegExpEscape() { re.escapedCharacter(start, end) }
-
+/** An implementation that satisfies the RegexTreeView signature. */
+module Impl implements RegexTreeViewSig {
   /**
-   * Gets the name of the escaped; for example, `w` for `\w`.
-   * TODO: Handle named escapes.
+   * An element containing a regular expression term, that is, either
+   * a string literal (parsed as a regular expression)
+   * or another regular expression term.
    */
-  override string getValue() {
-    not this.isUnicode() and
-    this.isIdentityEscape() and
-    result = this.getUnescaped()
-    or
-    this.getUnescaped() = "n" and result = "\n"
-    or
-    this.getUnescaped() = "r" and result = "\r"
-    or
-    this.getUnescaped() = "t" and result = "\t"
-    or
-    this.getUnescaped() = "f" and result = 12.toUnicode()
-    or
-    this.getUnescaped() = "v" and result = 11.toUnicode()
-    or
-    this.isUnicode() and
-    result = this.getUnicode()
+  class RegExpParent extends TRegExpParent {
+    /** Gets a textual representation of this element. */
+    string toString() { result = "RegExpParent" }
+
+    /** Gets the `i`th child term. */
+    abstract RegExpTerm getChild(int i);
+
+    /** Gets a child term . */
+    RegExpTerm getAChild() { result = this.getChild(_) }
+
+    /** Gets the number of child terms. */
+    int getNumChild() { result = count(this.getAChild()) }
+
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
+
+    /** Gets the associated regex. */
+    abstract Regex getRegex();
   }
 
-  /** Holds if this terms name is given by the part following the escape character. */
-  predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f"] }
+  /** A string literal used as a regular expression */
+  class RegExpLiteral extends TRegExpLiteral, RegExpParent {
+    Regex re;
 
-  override string getPrimaryQLClass() { result = "RegExpEscape" }
+    RegExpLiteral() { this = TRegExpLiteral(re) }
 
-  /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
-  string getUnescaped() { result = this.getText().suffix(1) }
+    override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() }
+
+    /** Holds if dot, `.`, matches all characters, including newlines. */
+    predicate isDotAll() { re.getAMode() = "DOTALL" }
+
+    /** Holds if this regex matching is case-insensitive for this regex. */
+    predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" }
+
+    /** Get a string representing all modes for this regex. */
+    string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") }
+
+    override Regex getRegex() { result = re }
+
+    /** Gets the primary QL class for this regex. */
+    string getPrimaryQLClass() { result = "RegExpLiteral" }
+  }
 
   /**
-   * Gets the text for this escape. That is e.g. "\w".
+   * A regular expression term, that is, a syntactic part of a regular expression.
    */
-  private string getText() { result = re.getText().substring(start, end) }
+  class RegExpTerm extends RegExpParent {
+    Regex re;
+    int start;
+    int end;
 
-  /**
-   * Holds if this is a unicode escape.
-   */
-  private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
+    RegExpTerm() {
+      this = TRegExpAlt(re, start, end)
+      or
+      this = TRegExpBackRef(re, start, end)
+      or
+      this = TRegExpCharacterClass(re, start, end)
+      or
+      this = TRegExpCharacterRange(re, start, end)
+      or
+      this = TRegExpNormalChar(re, start, end)
+      or
+      this = TRegExpGroup(re, start, end)
+      or
+      this = TRegExpQuantifier(re, start, end)
+      or
+      this = TRegExpSequence(re, start, end)
+      or
+      this = TRegExpSpecialChar(re, start, end)
+    }
 
-  /**
-   * Gets the unicode char for this escape.
-   * E.g. for `\u0061` this returns "a".
-   */
-  private string getUnicode() {
-    exists(int codepoint | codepoint = sum(this.getHexValueFromUnicode(_)) |
-      result = codepoint.toUnicode()
-    )
+    /**
+     * Gets the outermost term of this regular expression.
+     */
+    RegExpTerm getRootTerm() {
+      this.isRootTerm() and result = this
+      or
+      result = this.getParent().(RegExpTerm).getRootTerm()
+    }
+
+    /**
+     * Holds if this term is part of a string literal
+     * that is interpreted as a regular expression.
+     */
+    predicate isUsedAsRegExp() { any() }
+
+    /**
+     * Holds if this is the root term of a regular expression.
+     */
+    predicate isRootTerm() { start = 0 and end = re.getText().length() }
+
+    override RegExpTerm getChild(int i) {
+      result = this.(RegExpAlt).getChild(i)
+      or
+      result = this.(RegExpBackRef).getChild(i)
+      or
+      result = this.(RegExpCharacterClass).getChild(i)
+      or
+      result = this.(RegExpCharacterRange).getChild(i)
+      or
+      result = this.(RegExpNormalChar).getChild(i)
+      or
+      result = this.(RegExpGroup).getChild(i)
+      or
+      result = this.(RegExpQuantifier).getChild(i)
+      or
+      result = this.(RegExpSequence).getChild(i)
+      or
+      result = this.(RegExpSpecialChar).getChild(i)
+    }
+
+    /**
+     * Gets the parent term of this regular expression term, or the
+     * regular expression literal if this is the root term.
+     */
+    RegExpParent getParent() { result.getAChild() = this }
+
+    override Regex getRegex() { result = re }
+
+    /** Gets the offset at which this term starts. */
+    int getStart() { result = start }
+
+    /** Gets the offset at which this term ends. */
+    int getEnd() { result = end }
+
+    override string toString() { result = re.getText().substring(start, end) }
+
+    /**
+     * Gets the location of the surrounding regex, as locations inside the regex do not exist.
+     * To get location information corresponding to the term inside the regex,
+     * use `hasLocationInfo`.
+     */
+    Location getLocation() { result = re.getLocation() }
+
+    /** Holds if this term is found at the specified location offsets. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      exists(int re_start, int re_end |
+        re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, re_end) and
+        startcolumn = re_start + start + 4 and
+        endcolumn = re_start + end + 3
+      )
+    }
+
+    /** Gets the file in which this term is found. */
+    File getFile() { result = this.getLocation().getFile() }
+
+    /** Gets the raw source text of this term. */
+    string getRawValue() { result = this.toString() }
+
+    /** Gets the string literal in which this term is found. */
+    RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
+
+    /** Gets the regular expression term that is matched (textually) before this one, if any. */
+    RegExpTerm getPredecessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).previousElement(this)
+        or
+        not exists(parent.(RegExpSequence).previousElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getPredecessor()
+      )
+    }
+
+    /** Gets the regular expression term that is matched (textually) after this one, if any. */
+    RegExpTerm getSuccessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).nextElement(this)
+        or
+        not exists(parent.(RegExpSequence).nextElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getSuccessor()
+      )
+    }
+
+    /** Gets the primary QL class for this term. */
+    string getPrimaryQLClass() { result = "RegExpTerm" }
   }
 
   /**
-   * Gets int value for the `index`th char in the hex number of the unicode escape.
-   * E.g. for `\u0061` and `index = 2` this returns 96 (the number `6` interpreted as hex).
-   */
-  private int getHexValueFromUnicode(int index) {
-    this.isUnicode() and
-    exists(string hex, string char | hex = this.getText().suffix(2) |
-      char = hex.charAt(index) and
-      result = 16.pow(hex.length() - index - 1) * toHex(char)
-    )
-  }
-}
-
-/**
- * Gets the hex number for the `hex` char.
- */
-private int toHex(string hex) {
-  hex = [0 .. 9].toString() and
-  result = hex.toInt()
-  or
-  result = 10 and hex = ["a", "A"]
-  or
-  result = 11 and hex = ["b", "B"]
-  or
-  result = 12 and hex = ["c", "C"]
-  or
-  result = 13 and hex = ["d", "D"]
-  or
-  result = 14 and hex = ["e", "E"]
-  or
-  result = 15 and hex = ["f", "F"]
-}
-
-/**
- * A word boundary, that is, a regular expression term of the form `\b`.
- */
-class RegExpWordBoundary extends RegExpSpecialChar {
-  RegExpWordBoundary() { this.getChar() = "\\b" }
-}
-
-/**
- * A character class escape in a regular expression.
- * That is, an escaped character that denotes multiple characters.
- *
- * Examples:
- *
- * ```
- * \w
- * \S
- * ```
- */
-class RegExpCharacterClassEscape extends RegExpEscape {
-  RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W"] }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" }
-}
-
-/**
- * A character class in a regular expression.
- *
- * Examples:
- *
- * ```
- * [a-z_]
- * [^<>&]
- * ```
- */
-class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
-  RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
-
-  /** Holds if this character class is inverted, matching the opposite of its content. */
-  predicate isInverted() { re.getChar(start + 1) = "^" }
-
-  /** Gets the `i`th char inside this charater class. */
-  string getCharThing(int i) { result = re.getChar(i + start) }
-
-  /** Holds if this character class can match anything. */
-  predicate isUniversalClass() {
-    // [^]
-    this.isInverted() and not exists(this.getAChild())
-    or
-    // [\w\W] and similar
-    not this.isInverted() and
-    exists(string cce1, string cce2 |
-      cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
-      cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
-    |
-      cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
-    )
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegex() = re and
-    exists(int itemStart, int itemEnd |
-      result.getStart() = itemStart and
-      re.char_set_start(start, itemStart) and
-      re.char_set_child(start, itemStart, itemEnd) and
-      result.getEnd() = itemEnd
-    )
-    or
-    i > 0 and
-    result.getRegex() = re and
-    exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() |
-      result.getStart() = itemStart and
-      re.char_set_child(start, itemStart, result.getEnd())
-    )
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterClass" }
-}
-
-/**
- * A character range in a character class in a regular expression.
- *
- * Example:
- *
- * ```
- * a-z
- * ```
- */
-class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
-  int lower_end;
-  int upper_start;
-
-  RegExpCharacterRange() {
-    this = TRegExpCharacterRange(re, start, end) and
-    re.charRange(_, start, lower_end, upper_start, end)
-  }
-
-  /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
-  predicate isRange(string lo, string hi) {
-    lo = re.getText().substring(start, lower_end) and
-    hi = re.getText().substring(upper_start, end)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegex() = re and
-    result.getStart() = start and
-    result.getEnd() = lower_end
-    or
-    i = 1 and
-    result.getRegex() = re and
-    result.getStart() = upper_start and
-    result.getEnd() = end
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpCharacterRange" }
-}
-
-/**
- * A normal character in a regular expression, that is, a character
- * without special meaning. This includes escaped characters.
- *
- * Examples:
- * ```
- * t
- * \t
- * ```
- */
-class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
-  RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string representation of the char matched by this term. */
-  string getValue() { result = re.getText().substring(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpNormalChar" }
-}
-
-/**
- * A constant regular expression term, that is, a regular expression
- * term matching a single string. Currently, this will always be a single character.
- *
- * Example:
- *
- * ```
- * a
- * ```
- */
-class RegExpConstant extends RegExpTerm {
-  string value;
-
-  RegExpConstant() {
-    this = TRegExpNormalChar(re, start, end) and
-    not this instanceof RegExpCharacterClassEscape and
-    // exclude chars in qualifiers
-    // TODO: push this into regex library
-    not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) |
-      qstart <= start and end <= qend
-    ) and
-    value = this.(RegExpNormalChar).getValue()
-  }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string matched by this constant term. */
-  string getValue() { result = value }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpConstant" }
-}
-
-/**
- * A grouped regular expression.
- *
- * Examples:
- *
- * ```
- * (ECMA|Java)
- * (?:ECMA|Java)
- * (?<quote>['"])
- * ```
- */
-class RegExpGroup extends RegExpTerm, TRegExpGroup {
-  RegExpGroup() { this = TRegExpGroup(re, start, end) }
-
-  /**
-   * Gets the index of this capture group within the enclosing regular
-   * expression literal.
+   * A quantified regular expression term.
    *
-   * For example, in the regular expression `/((a?).)(?:b)/`, the
-   * group `((a?).)` has index 1, the group `(a?)` nested inside it
-   * has index 2, and the group `(?:b)` has no index, since it is
-   * not a capture group.
+   * Example:
+   *
+   * ```
+   * ((ECMA|Java)[sS]cript)*
+   * ```
    */
-  int getNumber() { result = re.getGroupNumber(start, end) }
+  class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
+    int part_end;
+    boolean may_repeat_forever;
 
-  /** Holds if this is a capture group. */
-  predicate isCapture() { exists(this.getNumber()) }
+    RegExpQuantifier() {
+      this = TRegExpQuantifier(re, start, end) and
+      re.qualifiedPart(start, part_end, end, _, may_repeat_forever)
+    }
 
-  /** Holds if this is a named capture group. */
-  predicate isNamed() { exists(this.getName()) }
-
-  /** Gets the name of this capture group, if any. */
-  string getName() { result = re.getGroupName(start, end) }
-
-  override RegExpTerm getChild(int i) {
-    result.getRegex() = re and
-    i = 0 and
-    re.groupContents(start, end, result.getStart(), result.getEnd())
-  }
-
-  override string getPrimaryQLClass() { result = "RegExpGroup" }
-}
-
-/**
- * A special character in a regular expression.
- *
- * Examples:
- * ```
- * ^
- * $
- * .
- * ```
- */
-class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
-  string char;
-
-  RegExpSpecialChar() {
-    this = TRegExpSpecialChar(re, start, end) and
-    re.specialCharacter(start, end, char)
-  }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the char for this term. */
-  string getChar() { result = char }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpSpecialChar" }
-}
-
-/**
- * A dot regular expression.
- *
- * Example:
- *
- * ```
- * .
- * ```
- */
-class RegExpDot extends RegExpSpecialChar {
-  RegExpDot() { this.getChar() = "." }
-
-  override string getPrimaryQLClass() { result = "RegExpDot" }
-}
-
-/**
- * A dollar assertion `$` or `\Z` matching the end of a line.
- *
- * Example:
- *
- * ```
- * $
- * ```
- */
-class RegExpDollar extends RegExpSpecialChar {
-  RegExpDollar() { this.getChar() = ["$", "\\Z"] }
-
-  override string getPrimaryQLClass() { result = "RegExpDollar" }
-}
-
-/**
- * A caret assertion `^` or `\A` matching the beginning of a line.
- *
- * Example:
- *
- * ```
- * ^
- * ```
- */
-class RegExpCaret extends RegExpSpecialChar {
-  RegExpCaret() { this.getChar() = ["^", "\\A"] }
-
-  override string getPrimaryQLClass() { result = "RegExpCaret" }
-}
-
-/**
- * A zero-width match, that is, either an empty group or an assertion.
- *
- * Examples:
- * ```
- * ()
- * (?=\w)
- * ```
- */
-class RegExpZeroWidthMatch extends RegExpGroup {
-  RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" }
-}
-
-/**
- * A zero-width lookahead or lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-class RegExpSubPattern extends RegExpZeroWidthMatch {
-  RegExpSubPattern() { not re.emptyGroup(start, end) }
-
-  /** Gets the lookahead term. */
-  RegExpTerm getOperand() {
-    exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+    override RegExpTerm getChild(int i) {
+      i = 0 and
       result.getRegex() = re and
-      result.getStart() = in_start and
-      result.getEnd() = in_end
-    )
+      result.getStart() = start and
+      result.getEnd() = part_end
+    }
+
+    /** Hols if this term may match an unlimited number of times. */
+    predicate mayRepeatForever() { may_repeat_forever = true }
+
+    /** Gets the qualifier for this term. That is e.g "?" for "a?". */
+    string getQualifier() { result = re.getText().substring(part_end, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpQuantifier" }
   }
-}
-
-/**
- * A zero-width lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * ```
- */
-abstract class RegExpLookahead extends RegExpSubPattern { }
-
-/**
- * A positive-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * ```
- */
-class RegExpPositiveLookahead extends RegExpLookahead {
-  RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpPositiveLookahead" }
-}
-
-/**
- * A negative-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?!\n)
- * ```
- */
-class RegExpNegativeLookahead extends RegExpLookahead {
-  RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpNegativeLookahead" }
-}
-
-/**
- * A zero-width lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-abstract class RegExpLookbehind extends RegExpSubPattern { }
-
-/**
- * A positive-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * ```
- */
-class RegExpPositiveLookbehind extends RegExpLookbehind {
-  RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpPositiveLookbehind" }
-}
-
-/**
- * A negative-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<!\\)
- * ```
- */
-class RegExpNegativeLookbehind extends RegExpLookbehind {
-  RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
-
-  override string getPrimaryQLClass() { result = "RegExpNegativeLookbehind" }
-}
-
-/**
- * A back reference, that is, a term of the form `\i` or `\k<name>`
- * in a regular expression.
- *
- * Examples:
- *
- * ```
- * \1
- * (?P=quote)
- * ```
- */
-class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
-  RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
 
   /**
-   * Gets the number of the capture group this back reference refers to, if any.
+   * A regular expression term that permits unlimited repetitions.
    */
-  int getNumber() { result = re.getBackrefNumber(start, end) }
+  class InfiniteRepetitionQuantifier extends RegExpQuantifier {
+    InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
+  }
 
   /**
-   * Gets the name of the capture group this back reference refers to, if any.
+   * A star-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w*
+   * ```
    */
-  string getName() { result = re.getBackrefName(start, end) }
+  class RegExpStar extends InfiniteRepetitionQuantifier {
+    RegExpStar() { this.getQualifier().charAt(0) = "*" }
 
-  /** Gets the capture group this back reference refers to. */
-  RegExpGroup getGroup() {
-    this.hasLiteralAndNumber(result.getLiteral(), result.getNumber()) or
-    this.hasLiteralAndName(result.getLiteral(), result.getName())
+    override string getPrimaryQLClass() { result = "RegExpStar" }
   }
 
-  /** Join-order helper for `getGroup`. */
-  pragma[nomagic]
-  private predicate hasLiteralAndNumber(RegExpLiteral literal, int number) {
-    literal = this.getLiteral() and
-    number = this.getNumber()
+  /**
+   * A plus-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w+
+   * ```
+   */
+  class RegExpPlus extends InfiniteRepetitionQuantifier {
+    RegExpPlus() { this.getQualifier().charAt(0) = "+" }
+
+    override string getPrimaryQLClass() { result = "RegExpPlus" }
   }
 
-  /** Join-order helper for `getGroup`. */
-  pragma[nomagic]
-  private predicate hasLiteralAndName(RegExpLiteral literal, string name) {
-    literal = this.getLiteral() and
-    name = this.getName()
+  /**
+   * An optional term.
+   *
+   * Example:
+   *
+   * ```
+   * ;?
+   * ```
+   */
+  class RegExpOpt extends RegExpQuantifier {
+    RegExpOpt() { this.getQualifier().charAt(0) = "?" }
+
+    override string getPrimaryQLClass() { result = "RegExpOpt" }
   }
 
-  override RegExpTerm getChild(int i) { none() }
+  /**
+   * A range-quantified term
+   *
+   * Examples:
+   *
+   * ```
+   * \w{2,4}
+   * \w{2,}
+   * \w{2}
+   * ```
+   */
+  class RegExpRange extends RegExpQuantifier {
+    string upper;
+    string lower;
 
-  override string getPrimaryQLClass() { result = "RegExpBackRef" }
+    RegExpRange() { re.multiples(part_end, end, lower, upper) }
+
+    /** Gets the string defining the upper bound of this range, if any. */
+    string getUpper() { result = upper }
+
+    /** Gets the string defining the lower bound of this range, if any. */
+    string getLower() { result = lower }
+
+    /**
+     * Gets the upper bound of the range, if any.
+     *
+     * If there is no upper bound, any number of repetitions is allowed.
+     * For a term of the form `r{lo}`, both the lower and the upper bound
+     * are `lo`.
+     */
+    int getUpperBound() { result = this.getUpper().toInt() }
+
+    /** Gets the lower bound of the range. */
+    int getLowerBound() { result = this.getLower().toInt() }
+
+    override string getPrimaryQLClass() { result = "RegExpRange" }
+  }
+
+  /**
+   * A sequence term.
+   *
+   * Example:
+   *
+   * ```
+   * (ECMA|Java)Script
+   * ```
+   *
+   * This is a sequence with the elements `(ECMA|Java)` and `Script`.
+   */
+  class RegExpSequence extends RegExpTerm, TRegExpSequence {
+    RegExpSequence() { this = TRegExpSequence(re, start, end) }
+
+    override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
+
+    /** Gets the element preceding `element` in this sequence. */
+    RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
+
+    /** Gets the element following `element` in this sequence. */
+    RegExpTerm nextElement(RegExpTerm element) {
+      exists(int i |
+        element = this.getChild(i) and
+        result = this.getChild(i + 1)
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpSequence" }
+  }
+
+  /**
+   * An alternative term, that is, a term of the form `a|b`.
+   *
+   * Example:
+   *
+   * ```
+   * ECMA|Java
+   * ```
+   */
+  class RegExpAlt extends RegExpTerm, TRegExpAlt {
+    RegExpAlt() { this = TRegExpAlt(re, start, end) }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegex() = re and
+      result.getStart() = start and
+      exists(int part_end |
+        re.alternationOption(start, end, start, part_end) and
+        result.getEnd() = part_end
+      )
+      or
+      i > 0 and
+      result.getRegex() = re and
+      exists(int part_start |
+        part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
+      |
+        result.getStart() = part_start and
+        re.alternationOption(start, end, part_start, result.getEnd())
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpAlt" }
+  }
+
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
+  class RegExpCharEscape = RegExpEscape;
+
+  /**
+   * An escaped regular expression term, that is, a regular expression
+   * term starting with a backslash, which is not a backreference.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * \w
+   * ```
+   */
+  class RegExpEscape extends RegExpNormalChar {
+    RegExpEscape() { re.escapedCharacter(start, end) }
+
+    /**
+     * Gets the name of the escaped; for example, `w` for `\w`.
+     * TODO: Handle named escapes.
+     */
+    override string getValue() {
+      not this.isUnicode() and
+      this.isIdentityEscape() and
+      result = this.getUnescaped()
+      or
+      this.getUnescaped() = "n" and result = "\n"
+      or
+      this.getUnescaped() = "r" and result = "\r"
+      or
+      this.getUnescaped() = "t" and result = "\t"
+      or
+      this.getUnescaped() = "f" and result = 12.toUnicode()
+      or
+      this.getUnescaped() = "v" and result = 11.toUnicode()
+      or
+      this.isUnicode() and
+      result = this.getUnicode()
+    }
+
+    /** Holds if this terms name is given by the part following the escape character. */
+    predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f"] }
+
+    override string getPrimaryQLClass() { result = "RegExpEscape" }
+
+    /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
+    string getUnescaped() { result = this.getText().suffix(1) }
+
+    /**
+     * Gets the text for this escape. That is e.g. "\w".
+     */
+    private string getText() { result = re.getText().substring(start, end) }
+
+    /**
+     * Holds if this is a unicode escape.
+     */
+    private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
+
+    /**
+     * Gets the unicode char for this escape.
+     * E.g. for `\u0061` this returns "a".
+     */
+    private string getUnicode() {
+      exists(int codepoint | codepoint = sum(this.getHexValueFromUnicode(_)) |
+        result = codepoint.toUnicode()
+      )
+    }
+
+    /**
+     * Gets int value for the `index`th char in the hex number of the unicode escape.
+     * E.g. for `\u0061` and `index = 2` this returns 96 (the number `6` interpreted as hex).
+     */
+    private int getHexValueFromUnicode(int index) {
+      this.isUnicode() and
+      exists(string hex, string char | hex = this.getText().suffix(2) |
+        char = hex.charAt(index) and
+        result = 16.pow(hex.length() - index - 1) * toHex(char)
+      )
+    }
+  }
+
+  /**
+   * Gets the hex number for the `hex` char.
+   */
+  private int toHex(string hex) {
+    hex = [0 .. 9].toString() and
+    result = hex.toInt()
+    or
+    result = 10 and hex = ["a", "A"]
+    or
+    result = 11 and hex = ["b", "B"]
+    or
+    result = 12 and hex = ["c", "C"]
+    or
+    result = 13 and hex = ["d", "D"]
+    or
+    result = 14 and hex = ["e", "E"]
+    or
+    result = 15 and hex = ["f", "F"]
+  }
+
+  /**
+   * A word boundary, that is, a regular expression term of the form `\b`.
+   */
+  class RegExpWordBoundary extends RegExpSpecialChar {
+    RegExpWordBoundary() { this.getChar() = "\\b" }
+  }
+
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
+    RegExpNonWordBoundary() { this.getChar() = "\\B" }
+  }
+
+  /**
+   * A character class escape in a regular expression.
+   * That is, an escaped character that denotes multiple characters.
+   *
+   * Examples:
+   *
+   * ```
+   * \w
+   * \S
+   * ```
+   */
+  class RegExpCharacterClassEscape extends RegExpEscape {
+    RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W"] }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" }
+  }
+
+  /**
+   * A character class in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * [a-z_]
+   * [^<>&]
+   * ```
+   */
+  class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
+    RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
+
+    /** Holds if this character class is inverted, matching the opposite of its content. */
+    predicate isInverted() { re.getChar(start + 1) = "^" }
+
+    /** Gets the `i`th char inside this charater class. */
+    string getCharThing(int i) { result = re.getChar(i + start) }
+
+    /** Holds if this character class can match anything. */
+    predicate isUniversalClass() {
+      // [^]
+      this.isInverted() and not exists(this.getAChild())
+      or
+      // [\w\W] and similar
+      not this.isInverted() and
+      exists(string cce1, string cce2 |
+        cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
+        cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
+      |
+        cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
+      )
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegex() = re and
+      exists(int itemStart, int itemEnd |
+        result.getStart() = itemStart and
+        re.char_set_start(start, itemStart) and
+        re.char_set_child(start, itemStart, itemEnd) and
+        result.getEnd() = itemEnd
+      )
+      or
+      i > 0 and
+      result.getRegex() = re and
+      exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() |
+        result.getStart() = itemStart and
+        re.char_set_child(start, itemStart, result.getEnd())
+      )
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterClass" }
+  }
+
+  /**
+   * A character range in a character class in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * a-z
+   * ```
+   */
+  class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
+    int lower_end;
+    int upper_start;
+
+    RegExpCharacterRange() {
+      this = TRegExpCharacterRange(re, start, end) and
+      re.charRange(_, start, lower_end, upper_start, end)
+    }
+
+    /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
+    predicate isRange(string lo, string hi) {
+      lo = re.getText().substring(start, lower_end) and
+      hi = re.getText().substring(upper_start, end)
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegex() = re and
+      result.getStart() = start and
+      result.getEnd() = lower_end
+      or
+      i = 1 and
+      result.getRegex() = re and
+      result.getStart() = upper_start and
+      result.getEnd() = end
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpCharacterRange" }
+  }
+
+  /**
+   * A normal character in a regular expression, that is, a character
+   * without special meaning. This includes escaped characters.
+   *
+   * Examples:
+   * ```
+   * t
+   * \t
+   * ```
+   */
+  additional class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
+    RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string representation of the char matched by this term. */
+    string getValue() { result = re.getText().substring(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpNormalChar" }
+  }
+
+  /**
+   * A constant regular expression term, that is, a regular expression
+   * term matching a single string. Currently, this will always be a single character.
+   *
+   * Example:
+   *
+   * ```
+   * a
+   * ```
+   */
+  class RegExpConstant extends RegExpTerm {
+    string value;
+
+    RegExpConstant() {
+      this = TRegExpNormalChar(re, start, end) and
+      not this instanceof RegExpCharacterClassEscape and
+      // exclude chars in qualifiers
+      // TODO: push this into regex library
+      not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) |
+        qstart <= start and end <= qend
+      ) and
+      value = this.(RegExpNormalChar).getValue()
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string matched by this constant term. */
+    string getValue() { result = value }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpConstant" }
+  }
+
+  /**
+   * A grouped regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * (ECMA|Java)
+   * (?:ECMA|Java)
+   * (?<quote>['"])
+   * ```
+   */
+  class RegExpGroup extends RegExpTerm, TRegExpGroup {
+    RegExpGroup() { this = TRegExpGroup(re, start, end) }
+
+    /**
+     * Gets the index of this capture group within the enclosing regular
+     * expression literal.
+     *
+     * For example, in the regular expression `/((a?).)(?:b)/`, the
+     * group `((a?).)` has index 1, the group `(a?)` nested inside it
+     * has index 2, and the group `(?:b)` has no index, since it is
+     * not a capture group.
+     */
+    int getNumber() { result = re.getGroupNumber(start, end) }
+
+    /** Holds if this is a capture group. */
+    predicate isCapture() { exists(this.getNumber()) }
+
+    /** Holds if this is a named capture group. */
+    predicate isNamed() { exists(this.getName()) }
+
+    /** Gets the name of this capture group, if any. */
+    string getName() { result = re.getGroupName(start, end) }
+
+    override RegExpTerm getChild(int i) {
+      result.getRegex() = re and
+      i = 0 and
+      re.groupContents(start, end, result.getStart(), result.getEnd())
+    }
+
+    override string getPrimaryQLClass() { result = "RegExpGroup" }
+  }
+
+  /**
+   * A special character in a regular expression.
+   *
+   * Examples:
+   * ```
+   * ^
+   * $
+   * .
+   * ```
+   */
+  additional class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
+    string char;
+
+    RegExpSpecialChar() {
+      this = TRegExpSpecialChar(re, start, end) and
+      re.specialCharacter(start, end, char)
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the char for this term. */
+    string getChar() { result = char }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpSpecialChar" }
+  }
+
+  /**
+   * A dot regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * .
+   * ```
+   */
+  class RegExpDot extends RegExpSpecialChar {
+    RegExpDot() { this.getChar() = "." }
+
+    override string getPrimaryQLClass() { result = "RegExpDot" }
+  }
+
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * \A
+   * ```
+   */
+  class RegExpAnchor extends RegExpSpecialChar {
+    RegExpAnchor() { this.getChar() = ["\\A", "^", "$", "\\Z"] }
+  }
+
+  /**
+   * A dollar assertion `$` or `\Z` matching the end of a line.
+   *
+   * Example:
+   *
+   * ```
+   * $
+   * ```
+   */
+  class RegExpDollar extends RegExpAnchor {
+    RegExpDollar() { this.getChar() = ["$", "\\Z"] }
+
+    override string getPrimaryQLClass() { result = "RegExpDollar" }
+  }
+
+  /**
+   * A caret assertion `^` or `\A` matching the beginning of a line.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpCaret extends RegExpAnchor {
+    RegExpCaret() { this.getChar() = ["^", "\\A"] }
+
+    override string getPrimaryQLClass() { result = "RegExpCaret" }
+  }
+
+  /**
+   * A zero-width match, that is, either an empty group or an assertion.
+   *
+   * Examples:
+   * ```
+   * ()
+   * (?=\w)
+   * ```
+   */
+  additional class RegExpZeroWidthMatch extends RegExpGroup {
+    RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" }
+  }
+
+  /**
+   * A zero-width lookahead or lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  class RegExpSubPattern extends RegExpZeroWidthMatch {
+    RegExpSubPattern() { not re.emptyGroup(start, end) }
+
+    /** Gets the lookahead term. */
+    RegExpTerm getOperand() {
+      exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+        result.getRegex() = re and
+        result.getStart() = in_start and
+        result.getEnd() = in_end
+      )
+    }
+  }
+
+  /**
+   * A zero-width lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * ```
+   */
+  abstract class RegExpLookahead extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * ```
+   */
+  class RegExpPositiveLookahead extends RegExpLookahead {
+    RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpPositiveLookahead" }
+  }
+
+  /**
+   * A negative-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?!\n)
+   * ```
+   */
+  additional class RegExpNegativeLookahead extends RegExpLookahead {
+    RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpNegativeLookahead" }
+  }
+
+  /**
+   * A zero-width lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  abstract class RegExpLookbehind extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * ```
+   */
+  class RegExpPositiveLookbehind extends RegExpLookbehind {
+    RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpPositiveLookbehind" }
+  }
+
+  /**
+   * A negative-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<!\\)
+   * ```
+   */
+  additional class RegExpNegativeLookbehind extends RegExpLookbehind {
+    RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
+
+    override string getPrimaryQLClass() { result = "RegExpNegativeLookbehind" }
+  }
+
+  /**
+   * A back reference, that is, a term of the form `\i` or `\k<name>`
+   * in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \1
+   * (?P=quote)
+   * ```
+   */
+  class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
+    RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
+
+    /**
+     * Gets the number of the capture group this back reference refers to, if any.
+     */
+    int getNumber() { result = re.getBackrefNumber(start, end) }
+
+    /**
+     * Gets the name of the capture group this back reference refers to, if any.
+     */
+    string getName() { result = re.getBackrefName(start, end) }
+
+    /** Gets the capture group this back reference refers to. */
+    RegExpGroup getGroup() {
+      this.hasLiteralAndNumber(result.getLiteral(), result.getNumber()) or
+      this.hasLiteralAndName(result.getLiteral(), result.getName())
+    }
+
+    /** Join-order helper for `getGroup`. */
+    pragma[nomagic]
+    private predicate hasLiteralAndNumber(RegExpLiteral literal, int number) {
+      literal = this.getLiteral() and
+      number = this.getNumber()
+    }
+
+    /** Join-order helper for `getGroup`. */
+    pragma[nomagic]
+    private predicate hasLiteralAndName(RegExpLiteral literal, string name) {
+      literal = this.getLiteral() and
+      name = this.getName()
+    }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getPrimaryQLClass() { result = "RegExpBackRef" }
+  }
+
+  class Top = RegExpParent;
+
+  /**
+   * Holds if `term` is an escape class representing e.g. `\d`.
+   * `clazz` is which character class it represents, e.g. "d" for `\d`.
+   */
+  predicate isEscapeClass(RegExpTerm term, string clazz) {
+    exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
+  }
+
+  /**
+   * Holds if `term` is a possessive quantifier.
+   * As python's regexes do not support possessive quantifiers, this never holds, but is used by the shared library.
+   */
+  predicate isPossessive(RegExpQuantifier term) { none() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
+   * Not yet implemented for Python.
+   */
+  predicate matchesAnyPrefix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
+   * Not yet implemented for Python.
+   */
+  predicate matchesAnySuffix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if the regular expression should not be considered.
+   *
+   * We make the pragmatic performance optimization to ignore regular expressions in files
+   * that does not belong to the project code (such as installed dependencies).
+   */
+  predicate isExcluded(RegExpParent parent) {
+    not exists(parent.getRegex().getLocation().getFile().getRelativePath())
+    or
+    // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so
+    // we explicitly exclude these.
+    count(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10
+  }
+
+  /**
+   * Holds if `root` has the `i` flag for case-insensitive matching.
+   */
+  predicate isIgnoreCase(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isIgnoreCase()
+  }
+
+  /**
+   * Holds if `root` has the `s` flag for multi-line matching.
+   */
+  predicate isDotAll(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isDotAll()
+  }
 }
-
-/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
-RegExpTerm getParsedRegExp(StrConst re) { result.getRegex() = re and result.isRootTerm() }
diff --git a/python/ql/lib/semmle/python/SpecialMethods.qll b/python/ql/lib/semmle/python/SpecialMethods.qll
index eb960005f4d..a5832ae45ae 100644
--- a/python/ql/lib/semmle/python/SpecialMethods.qll
+++ b/python/ql/lib/semmle/python/SpecialMethods.qll
@@ -11,9 +11,7 @@
 private import python
 
 /** A control flow node which might correspond to a special method call. */
-class PotentialSpecialMethodCallNode extends ControlFlowNode {
-  PotentialSpecialMethodCallNode() { this instanceof SpecialMethod::Potential }
-}
+class PotentialSpecialMethodCallNode extends ControlFlowNode instanceof SpecialMethod::Potential { }
 
 /**
  * Machinery for detecting special method calls.
diff --git a/python/ql/lib/semmle/python/TestUtils.qll b/python/ql/lib/semmle/python/TestUtils.qll
index d7b8fc24676..8b1ae58be4f 100644
--- a/python/ql/lib/semmle/python/TestUtils.qll
+++ b/python/ql/lib/semmle/python/TestUtils.qll
@@ -1,4 +1,5 @@
-/* This file contains test-related utility functions */
+/** This file contains test-related utility functions */
+
 import python
 
 /** Removes everything up to the occurrence of `sub` in the string `str` */
diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
index 2ecde8686c3..a518fc41f46 100644
--- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
@@ -9,11 +9,12 @@ private import semmle.python.dataflow.new.DataFlow
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll b/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll
index 63b0f9c733b..4ad0aee1f31 100644
--- a/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/RemoteFlowSources.qll
@@ -15,13 +15,9 @@ private import semmle.python.Concepts
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `RemoteFlowSource::Range` instead.
  */
-class RemoteFlowSource extends DataFlow::Node {
-  RemoteFlowSource::Range self;
-
-  RemoteFlowSource() { this = self }
-
+class RemoteFlowSource extends DataFlow::Node instanceof RemoteFlowSource::Range {
   /** Gets a string that describes the type of this remote flow source. */
-  string getSourceType() { result = self.getSourceType() }
+  string getSourceType() { result = super.getSourceType() }
 }
 
 /** Provides a class for modeling new sources of remote user input. */
diff --git a/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll b/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll
index 65d334f1c38..0ef65c478d5 100644
--- a/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/SensitiveDataSources.qll
@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow
 // Need to import `semmle.python.Frameworks` since frameworks can extend `SensitiveDataSource::Range`
 private import semmle.python.Frameworks
 private import semmle.python.security.internal.SensitiveDataHeuristics as SensitiveDataHeuristics
+private import semmle.python.ApiGraphs
 
 // We export these explicitly, so we don't also export the `HeuristicNames` module.
 class SensitiveDataClassification = SensitiveDataHeuristics::SensitiveDataClassification;
@@ -20,15 +21,22 @@ module SensitiveDataClassification = SensitiveDataHeuristics::SensitiveDataClass
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `SensitiveDataSource::Range` instead.
  */
-class SensitiveDataSource extends DataFlow::Node {
-  SensitiveDataSource::Range range;
-
-  SensitiveDataSource() { this = range }
+class SensitiveDataSource extends DataFlow::Node instanceof SensitiveDataSource::Range {
+  SensitiveDataSource() {
+    // ignore sensitive password sources in getpass.py, that can escape through `getpass.getpass()` return value,
+    // since `getpass.getpass()` is considered a source itself.
+    not exists(Module getpass |
+      getpass.getName() = "getpass" and
+      this.getScope().getEnclosingModule() = getpass and
+      // do allow this call if we're analyzing getpass.py as part of CPython though
+      not exists(getpass.getFile().getRelativePath())
+    )
+  }
 
   /**
    * Gets the classification of the sensitive data.
    */
-  SensitiveDataClassification getClassification() { result = range.getClassification() }
+  SensitiveDataClassification getClassification() { result = super.getClassification() }
 }
 
 /** Provides a class for modeling new sources of sensitive data, such as secrets, certificates, or passwords. */
@@ -312,6 +320,17 @@ private module SensitiveDataModeling {
 
     override SensitiveDataClassification getClassification() { result = classification }
   }
+
+  /**
+   * A call to `getpass.getpass`, see https://docs.python.org/3.10/library/getpass.html#getpass.getpass
+   */
+  class GetPassCall extends SensitiveDataSource::Range, API::CallNode {
+    GetPassCall() { this = API::moduleImport("getpass").getMember("getpass").getACall() }
+
+    override SensitiveDataClassification getClassification() {
+      result = SensitiveDataClassification::password()
+    }
+  }
 }
 
 predicate sensitiveDataExtraStepForCalls = SensitiveDataModeling::extraStepForCalls/2;
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
index 6f1396518aa..9e76658e42a 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -948,3 +948,10 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
 predicate allowParameterReturnInSelf(ParameterNode p) {
   FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
 }
+
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll
index fc697d45524..7f1a6464adf 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll
@@ -26,67 +26,3 @@ predicate localFlowStep(Node nodeFrom, Node nodeTo) {
  */
 pragma[inline]
 predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) }
-
-/**
- * DEPRECATED. Use the API graphs library (`semmle.python.ApiGraphs`) instead.
- *
- * For a drop-in replacement, use `API::moduleImport(name).getAUse()`.
- *
- * Gets a `Node` that refers to the module referenced by `name`.
- * Note that for the statement `import pkg.mod`, the new variable introduced is `pkg` that is a
- * reference to the module `pkg`.
- *
- * This predicate handles (with optional `... as <new-name>`):
- * 1. `import <name>`
- * 2. `from <package> import <module>` when `<name> = <package> + "." + <module>`
- * 3. `from <module> import <member>` when `<name> = <module> + "." + <member>`
- *
- * Finally, in `from <module> import <member>` we consider the `ImportExpr` corresponding to
- * `<module>` to be a reference to that module.
- *
- * Note:
- * While it is technically possible that `import mypkg.foo` and `from mypkg import foo` can give different values,
- * it's highly unlikely that this will be a problem in production level code.
- *   Example: If `mypkg/__init__.py` contains `foo = 42`, then `from mypkg import foo` will not import the module
- *   `mypkg/foo.py` but the variable `foo` containing `42` -- however, `import mypkg.foo` will always cause `mypkg.foo`
- *   to refer to the module.
- */
-deprecated Node importNode(string name) {
-  exists(Variable var, Import imp, Alias alias |
-    alias = imp.getAName() and
-    alias.getAsname() = var.getAStore() and
-    (
-      name = alias.getValue().(ImportMember).getImportedModuleName()
-      or
-      name = alias.getValue().(ImportExpr).getImportedModuleName()
-    ) and
-    result.asExpr() = alias.getValue()
-  )
-  or
-  // Although it may seem superfluous to consider the `foo` part of `from foo import bar as baz` to
-  // be a reference to a module (since that reference only makes sense locally within the `import`
-  // statement), it's important for our use of type trackers to consider this local reference to
-  // also refer to the `foo` module. That way, if one wants to track references to the `bar`
-  // attribute using a type tracker, one can simply write
-  //
-  // ```ql
-  // DataFlow::Node bar_attr_tracker(TypeTracker t) {
-  //   t.startInAttr("bar") and
-  //   result = foo_module_tracker()
-  //   or
-  //   exists(TypeTracker t2 | result = bar_attr_tracker(t2).track(t2, t))
-  // }
-  // ```
-  //
-  // Where `foo_module_tracker` is a type tracker that tracks references to the `foo` module.
-  // Because named imports are modeled as `AttrRead`s, the statement `from foo import bar as baz`
-  // is interpreted as if it was an assignment `baz = foo.bar`, which means `baz` gets tracked as a
-  // reference to `foo.bar`, as desired.
-  exists(ImportExpr imp_expr |
-    imp_expr.getName() = name and
-    result.asCfgNode().getNode() = imp_expr and
-    // in `import foo.bar` we DON'T want to give a result for `importNode("foo.bar")`,
-    // only for `importNode("foo")`. We exclude those cases with the following clause.
-    not exists(Import imp | imp.getAName().getValue() = imp_expr)
-  )
-}
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
index 4d41254e5e9..b61142c33a7 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
@@ -241,19 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if the summary is auto generated.
+     * Holds if the summary is auto generated and not manually generated.
      */
     predicate isAutoGenerated() { none() }
-  }
-
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -520,7 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -1011,6 +1018,10 @@ module Private {
       }
 
       override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -1160,9 +1171,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1179,13 +1190,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1204,14 +1215,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll
index 056ed02a874..c78fe0c857d 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll
@@ -92,11 +92,11 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
- * Note. Negative flow summaries has not been implemented for Python.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the neutral model is autogenerated.
+ * Note. Neutral models have not been implemented for Python.
  */
-predicate negativeSummaryElement(FlowSummary::SummarizedCallable c, boolean generated) { none() }
+predicate neutralElement(FlowSummary::SummarizedCallable c, boolean generated) { none() }
 
 /**
  * Gets the summary component for specification component `c`, if any.
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
index 0c346fa2dd4..e4af21caacc 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
@@ -1,14 +1,75 @@
+/**
+ * INTERNAL. DO NOT USE.
+ *
+ * Provides predicates for resolving imports.
+ */
+
 private import python
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.internal.ImportStar
 private import semmle.python.dataflow.new.TypeTracker
+private import semmle.python.dataflow.new.internal.DataFlowPrivate
 
+/**
+ * Python modules and the way imports are resolved are... complicated. Here's a crash course in how
+ * it works, as well as some caveats to bear in mind when looking at the implementation in this
+ * module.
+ *
+ * First, let's consider the humble `import` statement:
+ * ```python
+ * import foo
+ * import bar.baz
+ * import ham.eggs as spam
+ * ```
+ *
+ * In the AST, all imports are aliased, as in the last import above. That is, `import foo` becomes
+ * `import foo as foo`, and `import bar.baz` becomes `import bar as bar`. Note that `import` is
+ * exclusively used to import modules -- if `eggs` is an attribute of the `ham` module (and not a
+ * submodule of the `ham` package), then the third line above is an error.
+ *
+ * Next, we have the `from` statement. This one is a bit more complicated, but still has the same
+ * aliasing desugaring as above applied to it. Thus, `from foo import bar` becomes
+ * `from foo import bar as bar`.
+ *
+ * In general, `from foo import bar` can mean two different things:
+ *
+ * 1. If `foo` is a module, and `bar` is an attribute of `foo`, then `from foo import bar` imports
+ *    the attribute `bar` into the current module (binding it to the name `bar`).
+ * 2. If `foo` is a package, and `bar` is already defined in `foo/__init__.py`,
+ *    that value will be imported. If it is not defined, and `bar` is a submodule of `foo`, then
+ *    `bar` is imported to `foo`, and the `bar` submodule imported.
+ *    Note: We don't currently model if the attribute is already defined in `__init__.py`
+ *    and always assume that the submodule will be used.
+ *
+ * Now, when it comes to how these imports are represented in the AST, things get a bit complicated.
+ * First of all, both of the above forms of imports get mapped to the same kind of AST node:
+ * `Import`. An `Import` node has a sequence of names, each of which is an `Alias` node. This `Alias`
+ * node represents the `x as y` bit of each imported module.
+ *
+ * The same is true for `from` imports. So, how then do we distinguish between the two forms of
+ * imports? The distinguishing feature is the left hand side of the `as` node. If the left hand side
+ * is an `ImportExpr`, then it is a plain import. If it is an `ImportMember`, then it is a `from`
+ * import. (And to confuse matters even more, this `ImportMember` contains another `ImportExpr` for
+ * the bit between the `from` and `import` keywords.)
+ *
+ * Caveats:
+ *
+ * - A relative import of the form `from .foo import bar as baz` not only imports `bar` and binds it
+ *   to the name `baz`, but also imports `foo` and binds it to the name `foo`. This only happens with
+ *   relative imports. `from foo import bar as baz` only binds `bar` to `baz`.
+ * - Modules may also be packages, so e.g. `import foo.bar` may import the `bar` submodule in the `foo`
+ *   package, or the `bar` subpackage of the `foo` package. The practical difference here is the name of
+ *   the module that is imported, as the package `foo.bar` will have the "name" `foo.bar.__init__`,
+ *   corresponding to the fact that the code that is executed is in the `__init__.py` file of the
+ *   `bar` subpackage.
+ */
 module ImportResolution {
   /**
    * Holds if the module `m` defines a name `name` by assigning `defn` to it. This is an
    * overapproximation, as `name` may not in fact be exported (e.g. by defining an `__all__` that does
    * not include `name`).
    */
+  pragma[nomagic]
   predicate module_export(Module m, string name, DataFlow::CfgNode defn) {
     exists(EssaVariable v |
       v.getName() = name and
@@ -18,12 +79,223 @@ module ImportResolution {
       or
       defn.getNode() = v.getDefinition().(ArgumentRefinement).getArgument()
     )
-  }
-
-  Module getModule(DataFlow::CfgNode node) {
-    exists(ModuleValue mv |
-      node.getNode().pointsTo(mv) and
-      result = mv.getScope()
+    or
+    exists(Alias a |
+      defn.asExpr() = [a.getValue(), a.getValue().(ImportMember).getModule()] and
+      a.getAsname().(Name).getId() = name and
+      defn.getScope() = m
     )
   }
+
+  /**
+   * Holds if the module `m` explicitly exports the name `name` by listing it in `__all__`. Only
+   * handles simple cases where we can statically tell that this is the case.
+   */
+  private predicate all_mentions_name(Module m, string name) {
+    exists(DefinitionNode def, SequenceNode n |
+      def.getValue() = n and
+      def.(NameNode).getId() = "__all__" and
+      def.getScope() = m and
+      any(StrConst s | s.getText() = name) = n.getAnElement().getNode()
+    )
+  }
+
+  /**
+   * Holds if the module `m` either does not set `__all__` (and so implicitly exports anything that
+   * doesn't start with an underscore), or sets `__all__` in a way that's too complicated for us to
+   * handle (in which case we _also_ pretend that it just exports all such names).
+   */
+  private predicate no_or_complicated_all(Module m) {
+    // No mention of `__all__` in the module
+    not exists(DefinitionNode def | def.getScope() = m and def.(NameNode).getId() = "__all__")
+    or
+    // `__all__` is set to a non-sequence value
+    exists(DefinitionNode def |
+      def.(NameNode).getId() = "__all__" and
+      def.getScope() = m and
+      not def.getValue() instanceof SequenceNode
+    )
+    or
+    // `__all__` is used in some way that doesn't involve storing a value in it. This usually means
+    // it is being mutated through `append` or `extend`, which we don't handle.
+    exists(NameNode n | n.getId() = "__all__" and n.getScope() = m and n.isLoad())
+  }
+
+  private predicate potential_module_export(Module m, string name) {
+    all_mentions_name(m, name)
+    or
+    no_or_complicated_all(m) and
+    (
+      exists(NameNode n | n.getId() = name and n.getScope() = m and name.charAt(0) != "_")
+      or
+      exists(Alias a | a.getAsname().(Name).getId() = name and a.getValue().getScope() = m)
+    )
+  }
+
+  /**
+   * Holds if the module `reexporter` exports the module `reexported` under the name
+   * `reexported_name`.
+   */
+  private predicate module_reexport(Module reexporter, string reexported_name, Module reexported) {
+    exists(DataFlow::Node ref |
+      ref = getImmediateModuleReference(reexported) and
+      module_export(reexporter, reexported_name, ref) and
+      potential_module_export(reexporter, reexported_name)
+    )
+  }
+
+  /**
+   * Gets a reference to `sys.modules`.
+   */
+  private DataFlow::Node sys_modules_reference() {
+    result =
+      any(DataFlow::AttrRef a |
+        a.getAttributeName() = "modules" and a.getObject().asExpr().(Name).getId() = "sys"
+      )
+  }
+
+  /** Gets a module that may have been added to `sys.modules`. */
+  private Module sys_modules_module_with_name(string name) {
+    exists(ControlFlowNode n, DataFlow::Node mod |
+      exists(SubscriptNode sub |
+        sub.getObject() = sys_modules_reference().asCfgNode() and
+        sub.getIndex() = n and
+        n.getNode().(StrConst).getText() = name and
+        sub.(DefinitionNode).getValue() = mod.asCfgNode() and
+        mod = getModuleReference(result)
+      )
+    )
+  }
+
+  Module getModuleImportedByImportStar(ImportStar i) {
+    isPreferredModuleForName(result.getFile(), i.getImportedModuleName())
+  }
+
+  /**
+   * Gets a data-flow node that may be a reference to a module with the name `module_name`.
+   *
+   * This is a helper predicate for `getImmediateModuleReference`. It captures the fact that in an
+   * import such as `import foo`,
+   * - `foo` may simply be the name of a module, or
+   * - `foo` may be the name of a package (in which case its name is actually `foo.__init__`), or
+   * - `foo` may be a module name that has been added to `sys.modules` (in which case its actual name can
+   *   be anything, for instance `os.path` is either `posixpath` or `ntpath`).
+   */
+  private DataFlow::Node getReferenceToModuleName(string module_name) {
+    // Regular import statements, e.g.
+    // import foo    # implicitly `import foo as foo`
+    // import foo as foo_alias
+    exists(Import i, Alias a | a = i.getAName() |
+      result.asExpr() = a.getAsname() and
+      module_name = a.getValue().(ImportExpr).getImportedModuleName()
+    )
+    or
+    // The module part of a `from ... import ...` statement, e.g. the `..foo.bar` in
+    // from ..foo.bar import baz    # ..foo.bar might point to, say, package.subpackage.foo.bar
+    exists(ImportMember i | result.asExpr() = i.getModule() |
+      module_name = i.getModule().(ImportExpr).getImportedModuleName()
+    )
+    or
+    // Modules (not attributes) imported via `from ... import ... statements`, e.g.
+    // from foo.bar import baz    # imports foo.bar.baz as baz
+    // from foo.bar import baz as baz_alias    # imports foo.bar.baz as baz_alias
+    exists(Import i, Alias a, ImportMember im | a = i.getAName() and im = a.getValue() |
+      result.asExpr() = a.getAsname() and
+      module_name = im.getModule().(ImportExpr).getImportedModuleName() + "." + im.getName()
+    )
+    or
+    // For parity with the points-to based solution, the `ImportExpr` and `ImportMember` bits of the
+    // above cases should _also_ point to the right modules.
+    result.asExpr() = any(ImportExpr i | i.getImportedModuleName() = module_name)
+    or
+    result.asExpr() =
+      any(ImportMember i |
+        i.getModule().(ImportExpr).getImportedModuleName() + "." + i.getName() = module_name
+      )
+  }
+
+  /**
+   * Gets a dataflow node that is an immediate reference to the module `m`.
+   *
+   * Because of attribute lookups, this is mutually recursive with `getModuleReference`.
+   */
+  DataFlow::Node getImmediateModuleReference(Module m) {
+    exists(string module_name | result = getReferenceToModuleName(module_name) |
+      // Depending on whether the referenced module is a package or not, we may need to add a
+      // trailing `.__init__` to the module name.
+      isPreferredModuleForName(m.getFile(), module_name + ["", ".__init__"])
+      or
+      // Module defined via `sys.modules`
+      m = sys_modules_module_with_name(module_name)
+    )
+    or
+    // Reading an attribute on a module may return a submodule (or subpackage).
+    exists(DataFlow::AttrRead ar, Module p, string attr_name |
+      ar.accesses(getModuleReference(p), attr_name) and
+      result = ar
+    |
+      isPreferredModuleForName(m.getFile(), p.getPackageName() + "." + attr_name + ["", ".__init__"])
+    )
+    or
+    // This is also true for attributes that come from reexports.
+    exists(Module reexporter, string attr_name |
+      result.(DataFlow::AttrRead).accesses(getModuleReference(reexporter), attr_name) and
+      module_reexport(reexporter, attr_name, m)
+    )
+    or
+    // Submodules that are implicitly defined with relative imports of the form `from .foo import ...`.
+    // In practice, we create a definition for each module in a package, even if it is not imported.
+    exists(string submodule, Module package |
+      SsaSource::init_module_submodule_defn(result.asVar().getSourceVariable(),
+        package.getEntryNode()) and
+      isPreferredModuleForName(m.getFile(),
+        package.getPackageName() + "." + submodule + ["", ".__init__"])
+    )
+  }
+
+  /** Join-order helper for `getModuleReference`. */
+  pragma[nomagic]
+  private predicate module_reference_in_scope(DataFlow::Node node, Scope s, string name, Module m) {
+    node.getScope() = s and
+    node.asExpr().(Name).getId() = name and
+    pragma[only_bind_into](node) = getImmediateModuleReference(pragma[only_bind_into](m))
+  }
+
+  /** Join-order helper for `getModuleReference`. */
+  pragma[nomagic]
+  private predicate module_name_in_scope(DataFlow::Node node, Scope s, string name) {
+    node.getScope() = s and
+    exists(Name n | n = node.asExpr() |
+      n.getId() = name and
+      pragma[only_bind_into](n).isUse()
+    )
+  }
+
+  /**
+   * Gets a reference to the module `m` (including through certain kinds of local and global flow).
+   */
+  DataFlow::Node getModuleReference(Module m) {
+    // Immedate references to the module
+    result = getImmediateModuleReference(m)
+    or
+    // Flow (local or global) forward to a later reference to the module.
+    exists(DataFlow::Node ref | ref = getModuleReference(m) |
+      simpleLocalFlowStepForTypetracking(ref, result)
+      or
+      exists(DataFlow::ModuleVariableNode mv |
+        mv.getAWrite() = ref and
+        result = mv.getARead()
+      )
+    )
+    or
+    // A reference to a name that is bound to a module in an enclosing scope.
+    exists(DataFlow::Node def, Scope def_scope, Scope use_scope, string name |
+      module_reference_in_scope(pragma[only_bind_into](def), pragma[only_bind_into](def_scope),
+        pragma[only_bind_into](name), pragma[only_bind_into](m)) and
+      module_name_in_scope(result, use_scope, name) and
+      use_scope.getEnclosingScope*() = def_scope
+    )
+  }
+
+  Module getModule(DataFlow::CfgNode node) { node = getModuleReference(result) }
 }
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll b/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll
index ae115342dba..564630c47db 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll
@@ -76,7 +76,7 @@ module ImportStar {
     exists(ImportStar i, DataFlow::CfgNode imported_module |
       imported_module.getNode().getNode() = i.getModule() and
       i.getScope() = m and
-      result = ImportResolution::getModule(imported_module)
+      result = ImportResolution::getModuleImportedByImportStar(i)
     )
   }
 
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll
index c0c62e80315..9f4dfed0871 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll
@@ -207,16 +207,13 @@ class AssignmentTarget extends ControlFlowNode {
 }
 
 /** A direct (or top-level) target of an unpacking assignment. */
-class UnpackingAssignmentDirectTarget extends ControlFlowNode {
+class UnpackingAssignmentDirectTarget extends ControlFlowNode instanceof SequenceNode {
   Expr value;
 
   UnpackingAssignmentDirectTarget() {
-    this instanceof SequenceNode and
-    (
-      value = this.(AssignmentTarget).getValue()
-      or
-      value = this.(ForTarget).getSource()
-    )
+    value = this.(AssignmentTarget).getValue()
+    or
+    value = this.(ForTarget).getSource()
   }
 
   Expr getValue() { result = value }
diff --git a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
index 76510b5f712..434df3df26d 100644
--- a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
@@ -197,9 +197,7 @@ class TaintTrackingNode extends TTaintTrackingNode {
  * It is implemented as a separate class for clarity and to keep the code
  * in `TaintTracking::Configuration` simpler.
  */
-class TaintTrackingImplementation extends string {
-  TaintTrackingImplementation() { this instanceof TaintTracking::Configuration }
-
+class TaintTrackingImplementation extends string instanceof TaintTracking::Configuration {
   /**
    * Hold if there is a flow from `source`, which is a taint source, to
    * `sink`, which is a taint sink, with this configuration.
@@ -218,7 +216,7 @@ class TaintTrackingImplementation extends string {
   ) {
     context = TNoParam() and
     path = TNoAttribute() and
-    this.(TaintTracking::Configuration).isSource(node, kind)
+    super.isSource(node, kind)
   }
 
   /** Hold if `source` is a source of taint. */
@@ -234,7 +232,7 @@ class TaintTrackingImplementation extends string {
     exists(DataFlow::Node node, AttributePath path, TaintKind kind |
       sink = TTaintTrackingNode_(node, _, path, kind, this) and
       path = TNoAttribute() and
-      this.(TaintTracking::Configuration).isSink(node, kind)
+      super.isSink(node, kind)
     )
   }
 
@@ -259,11 +257,11 @@ class TaintTrackingImplementation extends string {
   ) {
     this.unprunedStep(src, node, context, path, kind, edgeLabel) and
     node.getBasicBlock().likelyReachable() and
-    not this.(TaintTracking::Configuration).isBarrier(node) and
+    not super.isBarrier(node) and
     (
       not path = TNoAttribute()
       or
-      not this.(TaintTracking::Configuration).isBarrier(node, kind) and
+      not super.isBarrier(node, kind) and
       exists(DataFlow::Node srcnode, TaintKind srckind |
         src = TTaintTrackingNode_(srcnode, _, _, srckind, this) and
         not this.prunedEdge(srcnode, node, srckind, kind)
@@ -274,9 +272,9 @@ class TaintTrackingImplementation extends string {
   private predicate prunedEdge(
     DataFlow::Node srcnode, DataFlow::Node destnode, TaintKind srckind, TaintKind destkind
   ) {
-    this.(TaintTracking::Configuration).isBarrierEdge(srcnode, destnode, srckind, destkind)
+    super.isBarrierEdge(srcnode, destnode, srckind, destkind)
     or
-    srckind = destkind and this.(TaintTracking::Configuration).isBarrierEdge(srcnode, destnode)
+    srckind = destkind and super.isBarrierEdge(srcnode, destnode)
   }
 
   private predicate unprunedStep(
@@ -314,14 +312,14 @@ class TaintTrackingImplementation extends string {
     this.legacyExtensionStep(src, node, context, path, kind, edgeLabel)
     or
     exists(DataFlow::Node srcnode, TaintKind srckind |
-      this.(TaintTracking::Configuration).isAdditionalFlowStep(srcnode, node, srckind, kind) and
+      super.isAdditionalFlowStep(srcnode, node, srckind, kind) and
       src = TTaintTrackingNode_(srcnode, context, path, srckind, this) and
       path.noAttribute() and
       edgeLabel = "additional with kind"
     )
     or
     exists(DataFlow::Node srcnode |
-      this.(TaintTracking::Configuration).isAdditionalFlowStep(srcnode, node) and
+      super.isAdditionalFlowStep(srcnode, node) and
       src = TTaintTrackingNode_(srcnode, context, path, kind, this) and
       path.noAttribute() and
       edgeLabel = "additional"
@@ -618,7 +616,7 @@ class TaintTrackingImplementation extends string {
     TaintKind kind, string edgeLabel
   ) {
     exists(TaintTracking::Extension extension, DataFlow::Node srcnode, TaintKind srckind |
-      this.(TaintTracking::Configuration).isExtension(extension) and
+      super.isExtension(extension) and
       src = TTaintTrackingNode_(srcnode, context, path, srckind, this) and
       srcnode.asCfgNode() = extension
     |
@@ -646,9 +644,7 @@ class TaintTrackingImplementation extends string {
  * Another taint-tracking class to help partition the code for clarity
  * This class handle tracking of ESSA variables.
  */
-private class EssaTaintTracking extends string {
-  EssaTaintTracking() { this instanceof TaintTracking::Configuration }
-
+private class EssaTaintTracking extends string instanceof TaintTracking::Configuration {
   pragma[noinline]
   predicate taintedDefinition(
     TaintTrackingNode src, EssaDefinition defn, TaintTrackingContext context, AttributePath path,
@@ -691,7 +687,7 @@ private class EssaTaintTracking extends string {
       defn = phi.asVariable().getDefinition() and
       predvar = defn.getInput(pred) and
       not pred.unlikelySuccessor(defn.getBasicBlock()) and
-      not this.(TaintTracking::Configuration).isBarrierEdge(srcnode, phi) and
+      not super.isBarrierEdge(srcnode, phi) and
       srcnode.asVariable() = predvar
     )
   }
@@ -781,7 +777,7 @@ private class EssaTaintTracking extends string {
     exists(DataFlow::Node srcnode |
       src = TTaintTrackingNode_(srcnode, context, path, kind, this) and
       srcnode.asVariable() = defn.getInput() and
-      not this.(TaintTracking::Configuration).isBarrierTest(defn.getTest(), defn.getSense())
+      not super.isBarrierTest(defn.getTest(), defn.getSense())
     )
   }
 
@@ -801,7 +797,7 @@ private class EssaTaintTracking extends string {
   ) {
     exists(DataFlow::Node srcnode, ControlFlowNode use |
       src = TTaintTrackingNode_(srcnode, context, path, kind, this) and
-      not this.(TaintTracking::Configuration).isBarrierTest(defn.getTest(), defn.getSense()) and
+      not super.isBarrierTest(defn.getTest(), defn.getSense()) and
       defn.getSense() = this.testEvaluates(defn, defn.getTest(), use, src)
     )
   }
@@ -815,7 +811,7 @@ private class EssaTaintTracking extends string {
       src = TTaintTrackingNode_(srcnode, context, path, kind, this) and
       piNodeTestAndUse(defn, test, use) and
       srcnode.asVariable() = defn.getInput() and
-      not this.(TaintTracking::Configuration).isBarrierTest(test, defn.getSense()) and
+      not super.isBarrierTest(test, defn.getSense()) and
       testEvaluatesMaybe(test, use)
     )
   }
diff --git a/python/ql/lib/semmle/python/essa/Definitions.qll b/python/ql/lib/semmle/python/essa/Definitions.qll
index d18a3f1b855..9c0df69c28e 100644
--- a/python/ql/lib/semmle/python/essa/Definitions.qll
+++ b/python/ql/lib/semmle/python/essa/Definitions.qll
@@ -207,22 +207,19 @@ class BuiltinVariable extends SsaSourceVariable {
   override CallNode redefinedAtCallSite() { none() }
 }
 
-class ModuleVariable extends SsaSourceVariable {
+class ModuleVariable extends SsaSourceVariable instanceof GlobalVariable {
   ModuleVariable() {
-    this instanceof GlobalVariable and
-    (
-      exists(this.(Variable).getAStore())
-      or
-      this.(Variable).getId() = "__name__"
-      or
-      this.(Variable).getId() = "__package__"
-      or
-      exists(ImportStar is | is.getScope() = this.(Variable).getScope())
-    )
+    exists(this.(Variable).getAStore())
+    or
+    this.(Variable).getId() = "__name__"
+    or
+    this.(Variable).getId() = "__package__"
+    or
+    exists(ImportStar is | is.getScope() = this.(Variable).getScope())
   }
 
   pragma[nomagic]
-  private Scope scope_as_global_variable() { result = this.(GlobalVariable).getScope() }
+  private Scope scope_as_global_variable() { result = GlobalVariable.super.getScope() }
 
   pragma[noinline]
   CallNode global_variable_callnode() { result.getScope() = this.scope_as_global_variable() }
@@ -265,7 +262,7 @@ class ModuleVariable extends SsaSourceVariable {
       class_with_global_metaclass(s, this)
       or
       /* Variable is used in scope */
-      this.(GlobalVariable).getAUse().getScope() = s
+      GlobalVariable.super.getAUse().getScope() = s
     )
     or
     exists(ImportTimeScope scope | scope.entryEdge(_, result) |
diff --git a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
index bf361083867..d9a1f4c519f 100644
--- a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
+++ b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll
@@ -59,24 +59,24 @@ module AiohttpWebModel {
    * Extend this class to refine existing API models. If you want to model new APIs,
    * extend `AiohttpRouteSetup::Range` instead.
    */
-  class AiohttpRouteSetup extends Http::Server::RouteSetup::Range {
-    AiohttpRouteSetup::Range range;
-
-    AiohttpRouteSetup() { this = range }
-
+  class AiohttpRouteSetup extends Http::Server::RouteSetup::Range instanceof AiohttpRouteSetup::Range {
     override Parameter getARoutedParameter() { none() }
 
     override string getFramework() { result = "aiohttp.web" }
 
     /** Gets the argument specifying the handler (either a coroutine or a view-class). */
-    DataFlow::Node getHandlerArg() { result = range.getHandlerArg() }
+    DataFlow::Node getHandlerArg() { result = super.getHandlerArg() }
 
-    override DataFlow::Node getUrlPatternArg() { result = range.getUrlPatternArg() }
+    override DataFlow::Node getUrlPatternArg() {
+      result = AiohttpRouteSetup::Range.super.getUrlPatternArg()
+    }
 
     /** Gets the view-class that is referenced in the view-class handler argument, if any. */
-    Class getViewClass() { result = range.getViewClass() }
+    Class getViewClass() { result = super.getViewClass() }
 
-    override Function getARequestHandler() { result = range.getARequestHandler() }
+    override Function getARequestHandler() {
+      result = AiohttpRouteSetup::Range.super.getARequestHandler()
+    }
   }
 
   /** Provides a class for modeling new aiohttp.web route setups. */
diff --git a/python/ql/lib/semmle/python/frameworks/Asyncpg.qll b/python/ql/lib/semmle/python/frameworks/Asyncpg.qll
index ca28dca550f..259699eeb0e 100644
--- a/python/ql/lib/semmle/python/frameworks/Asyncpg.qll
+++ b/python/ql/lib/semmle/python/frameworks/Asyncpg.qll
@@ -13,35 +13,36 @@ private import semmle.python.frameworks.data.ModelsAsData
 private module Asyncpg {
   class AsyncpgModel extends ModelInput::TypeModelCsv {
     override predicate row(string row) {
-      // package1;type1;package2;type2;path
+      // type1;type2;path
       row =
         [
           // a `ConnectionPool` that is created when the result of `asyncpg.create_pool()` is awaited.
-          "asyncpg;ConnectionPool;asyncpg;;Member[create_pool].ReturnValue.Awaited",
+          "asyncpg.ConnectionPool;asyncpg;Member[create_pool].ReturnValue.Awaited",
           // a `Connection` that is created when
           // * - the result of `asyncpg.connect()` is awaited.
           // * - the result of calling `acquire` on a `ConnectionPool` is awaited.
-          "asyncpg;Connection;asyncpg;;Member[connect].ReturnValue.Awaited",
-          "asyncpg;Connection;asyncpg;ConnectionPool;Member[acquire].ReturnValue.Awaited",
+          "asyncpg.Connection;asyncpg;Member[connect].ReturnValue.Awaited",
+          "asyncpg.Connection;asyncpg.ConnectionPool;Member[acquire].ReturnValue.Awaited",
           // Creating an internal `~Connection` type that contains both `Connection` and `ConnectionPool`.
-          "asyncpg;~Connection;asyncpg;Connection;", "asyncpg;~Connection;asyncpg;ConnectionPool;"
+          "asyncpg.~Connection;asyncpg.Connection;", //
+          "asyncpg.~Connection;asyncpg.ConnectionPool;"
         ]
     }
   }
 
   class AsyncpgSink extends ModelInput::SinkModelCsv {
-    // package;type;path;kind
+    // type;path;kind
     override predicate row(string row) {
       row =
         [
           // `Connection`s and `ConnectionPool`s provide some methods that execute SQL.
-          "asyncpg;~Connection;Member[copy_from_query,execute,fetch,fetchrow,fetchval].Argument[0,query:];sql-injection",
-          "asyncpg;~Connection;Member[executemany].Argument[0,command:];sql-injection",
+          "asyncpg.~Connection;Member[copy_from_query,execute,fetch,fetchrow,fetchval].Argument[0,query:];sql-injection",
+          "asyncpg.~Connection;Member[executemany].Argument[0,command:];sql-injection",
           // A model of `Connection` and `ConnectionPool`, which provide some methods that access the file system.
-          "asyncpg;~Connection;Member[copy_from_query,copy_from_table].Argument[output:];path-injection",
-          "asyncpg;~Connection;Member[copy_to_table].Argument[source:];path-injection",
+          "asyncpg.~Connection;Member[copy_from_query,copy_from_table].Argument[output:];path-injection",
+          "asyncpg.~Connection;Member[copy_to_table].Argument[source:];path-injection",
           // the `PreparedStatement` class in `asyncpg`.
-          "asyncpg;Connection;Member[prepare].Argument[0,query:];sql-injection",
+          "asyncpg.Connection;Member[prepare].Argument[0,query:];sql-injection",
         ]
     }
   }
@@ -58,7 +59,7 @@ private module Asyncpg {
   module Cursor {
     class CursorConstruction extends SqlConstruction::Range, API::CallNode {
       CursorConstruction() {
-        this = ModelOutput::getATypeNode("asyncpg", "Connection").getMember("cursor").getACall()
+        this = ModelOutput::getATypeNode("asyncpg.Connection").getMember("cursor").getACall()
       }
 
       override DataFlow::Node getSql() { result = this.getParameter(0, "query").asSink() }
@@ -76,7 +77,7 @@ private module Asyncpg {
         or
         exists(API::CallNode prepareCall |
           prepareCall =
-            ModelOutput::getATypeNode("asyncpg", "Connection").getMember("prepare").getACall()
+            ModelOutput::getATypeNode("asyncpg.Connection").getMember("prepare").getACall()
         |
           sql = prepareCall.getParameter(0, "query").asSink() and
           this =
diff --git a/python/ql/lib/semmle/python/frameworks/Django.qll b/python/ql/lib/semmle/python/frameworks/Django.qll
index e67bb8cf385..db9c7bba763 100644
--- a/python/ql/lib/semmle/python/frameworks/Django.qll
+++ b/python/ql/lib/semmle/python/frameworks/Django.qll
@@ -2526,11 +2526,10 @@ module PrivateDjango {
    *
    * Needs this subclass to be considered a RegexString.
    */
-  private class DjangoRouteRegex extends RegexString {
+  private class DjangoRouteRegex extends RegexString instanceof StrConst {
     DjangoRegexRouteSetup rePathCall;
 
     DjangoRouteRegex() {
-      this instanceof StrConst and
       rePathCall.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(this)
     }
 
diff --git a/python/ql/lib/semmle/python/frameworks/PEP249.qll b/python/ql/lib/semmle/python/frameworks/PEP249.qll
index 6c4e07cd801..594c3e938e2 100644
--- a/python/ql/lib/semmle/python/frameworks/PEP249.qll
+++ b/python/ql/lib/semmle/python/frameworks/PEP249.qll
@@ -8,29 +8,170 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
-import semmle.python.frameworks.internal.PEP249Impl
 
 /**
- * DEPRECATED: Use `PEP249::PEP249ModuleApiNode` instead.
+ * Provides classes modeling database interfaces following PEP 249.
+ * See https://www.python.org/dev/peps/pep-0249/.
  */
-deprecated class PEP249ModuleApiNode = PEP249::PEP249ModuleApiNode;
+module PEP249 {
+  /**
+   * An API graph node representing a module that implements PEP 249.
+   */
+  abstract class PEP249ModuleApiNode extends API::Node {
+    /** Gets a string representation of this element. */
+    override string toString() { result = this.(API::Node).toString() }
+  }
 
-/**
- * DEPRECATED: Use `PEP249::Connection` instead.
- */
-deprecated module Connection = PEP249::Connection;
+  /** Gets a reference to the `connect` function of a module that implements PEP 249. */
+  DataFlow::Node connect() {
+    result = any(PEP249ModuleApiNode a).getMember("connect").getAValueReachableFromSource()
+  }
 
-/**
- * DEPRECATED: Use `PEP249::Cursor` instead.
- */
-deprecated module cursor = PEP249::Cursor;
+  /**
+   * Provides models for database connections (following PEP 249).
+   *
+   * See https://www.python.org/dev/peps/pep-0249/#connection-objects.
+   */
+  module Connection {
+    /**
+     * A source of database connections (following PEP 249), extend this class to model new instances.
+     *
+     * This can include instantiations of the class, return values from function
+     * calls, or a special parameter that will be set when functions are called by external
+     * libraries.
+     *
+     * Use the predicate `Connection::instance()` to get references to database connections (following PEP 249).
+     *
+     * Extend this class if the module implementing PEP 249 offers more direct ways to obtain
+     * a connection than going through `connect`.
+     */
+    abstract class InstanceSource extends DataFlow::Node { }
 
-/**
- * DEPRECATED: Use `PEP249::execute` instead.
- */
-deprecated predicate execute = PEP249::execute/0;
+    /** A call to the `connect` function of a module that implements PEP 249. */
+    private class ConnectCall extends InstanceSource, DataFlow::CallCfgNode {
+      ConnectCall() { this.getFunction() = connect() }
+    }
 
-/**
- * DEPRECATED: Use `PEP249::connect` instead.
- */
-deprecated predicate connect = PEP249::connect/0;
+    /** Gets a reference to a database connection (following PEP 249). */
+    private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
+      t.start() and
+      result instanceof InstanceSource
+      or
+      exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
+    }
+
+    /** Gets a reference to a database connection (following PEP 249). */
+    DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
+  }
+
+  /**
+   * Provides models for database cursors (following PEP 249).
+   *
+   * These are returned by the `cursor` method on a database connection.
+   * See https://www.python.org/dev/peps/pep-0249/#cursor.
+   */
+  module Cursor {
+    /**
+     * A source of database cursors (following PEP 249), extend this class to model new instances.
+     *
+     * This can include instantiations of the class, return values from function
+     * calls, or a special parameter that will be set when functions are called by external
+     * libraries.
+     *
+     * Use the predicate `Cursor::instance()` to get references to database cursors (following PEP 249).
+     *
+     * Extend this class if the module implementing PEP 249 offers more direct ways to obtain
+     * a connection than going through `connect`.
+     */
+    abstract class InstanceSource extends DataFlow::LocalSourceNode { }
+
+    /** Gets a reference to a database cursor. */
+    private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
+      t.start() and
+      result instanceof InstanceSource
+      or
+      exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
+    }
+
+    /** Gets a reference to a database cursor. */
+    DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
+
+    /** Gets a reference to the `cursor` method on a database connection. */
+    private DataFlow::TypeTrackingNode methodRef(DataFlow::TypeTracker t) {
+      t.startInAttr("cursor") and
+      result = Connection::instance()
+      or
+      exists(DataFlow::TypeTracker t2 | result = methodRef(t2).track(t2, t))
+    }
+
+    /** Gets a reference to the `cursor` method on a database connection. */
+    DataFlow::Node methodRef() { methodRef(DataFlow::TypeTracker::end()).flowsTo(result) }
+
+    /** A call to the `cursor` method on a database connection */
+    private class CursorCall extends InstanceSource, DataFlow::CallCfgNode {
+      CursorCall() { this.getFunction() = methodRef() }
+    }
+  }
+
+  /**
+   * Gets a reference to the `execute` method on a cursor (or on a connection).
+   *
+   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `execute` on it.
+   *
+   * See https://peps.python.org/pep-0249/#execute.
+   */
+  private DataFlow::TypeTrackingNode execute(DataFlow::TypeTracker t) {
+    t.startInAttr("execute") and
+    result in [Cursor::instance(), Connection::instance()]
+    or
+    exists(DataFlow::TypeTracker t2 | result = execute(t2).track(t2, t))
+  }
+
+  /**
+   * Gets a reference to the `execute` method on a cursor (or on a connection).
+   *
+   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `execute` on it.
+   *
+   * See https://peps.python.org/pep-0249/#execute.
+   */
+  DataFlow::Node execute() { execute(DataFlow::TypeTracker::end()).flowsTo(result) }
+
+  /**
+   * A call to the `execute` method on a cursor or a connection.
+   *
+   * See https://peps.python.org/pep-0249/#execute
+   *
+   * Note: While `execute` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `execute` on it.
+   */
+  private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {
+    ExecuteCall() { this.getFunction() = execute() }
+
+    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
+  }
+
+  private DataFlow::TypeTrackingNode executemany(DataFlow::TypeTracker t) {
+    t.startInAttr("executemany") and
+    result in [Cursor::instance(), Connection::instance()]
+    or
+    exists(DataFlow::TypeTracker t2 | result = executemany(t2).track(t2, t))
+  }
+
+  private DataFlow::Node executemany() { executemany(DataFlow::TypeTracker::end()).flowsTo(result) }
+
+  /**
+   * A call to the `executemany` method on a cursor or a connection.
+   *
+   * See https://peps.python.org/pep-0249/#executemany
+   *
+   * Note: While `executemany` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `executemany` on it.
+   */
+  private class ExecutemanyCall extends SqlExecution::Range, DataFlow::CallCfgNode {
+    ExecutemanyCall() { this.getFunction() = executemany() }
+
+    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
+  }
+}
diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
index f5d6dd8df1c..3fce979c147 100644
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -1163,13 +1163,16 @@ private module StdlibPrivate {
   API::Node subprocess() { result = API::moduleImport("subprocess") }
 
   /**
-   * A call to `subprocess.Popen` or helper functions (call, check_call, check_output, run)
+   * A call to `subprocess.Popen` or helper functions (call, check_call, check_output, run, getoutput, getstatusoutput)
    * See https://docs.python.org/3.8/library/subprocess.html#subprocess.Popen
+   * ref: https://docs.python.org/3/library/subprocess.html#legacy-shell-invocation-functions
    */
   private class SubprocessPopenCall extends SystemCommandExecution::Range, DataFlow::CallCfgNode {
     SubprocessPopenCall() {
       exists(string name |
-        name in ["Popen", "call", "check_call", "check_output", "run"] and
+        name in [
+            "Popen", "call", "check_call", "check_output", "run", "getoutput", "getstatusoutput"
+          ] and
         this = subprocess().getMember(name).getACall()
       )
     }
diff --git a/python/ql/lib/semmle/python/frameworks/Tornado.qll b/python/ql/lib/semmle/python/frameworks/Tornado.qll
index 9cf258babe9..f78adca8074 100644
--- a/python/ql/lib/semmle/python/frameworks/Tornado.qll
+++ b/python/ql/lib/semmle/python/frameworks/Tornado.qll
@@ -385,13 +385,10 @@ module Tornado {
    *
    * Needs this subclass to be considered a RegexString.
    */
-  private class TornadoRouteRegex extends RegexString {
+  private class TornadoRouteRegex extends RegexString instanceof StrConst {
     TornadoRouteSetup setup;
 
-    TornadoRouteRegex() {
-      this instanceof StrConst and
-      setup.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(this)
-    }
+    TornadoRouteRegex() { setup.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(this) }
 
     TornadoRouteSetup getRouteSetup() { result = setup }
   }
diff --git a/python/ql/lib/semmle/python/frameworks/Werkzeug.qll b/python/ql/lib/semmle/python/frameworks/Werkzeug.qll
index 2867516dcd8..66cea37020e 100644
--- a/python/ql/lib/semmle/python/frameworks/Werkzeug.qll
+++ b/python/ql/lib/semmle/python/frameworks/Werkzeug.qll
@@ -231,119 +231,4 @@ module Werkzeug {
       override string getAsyncMethodName() { none() }
     }
   }
-
-  import WerkzeugOld
-}
-
-/**
- * Old version that contains the deprecated modules.
- */
-private module WerkzeugOld {
-  /**
-   * DEPRECATED: Use the modeling available directly in the `Werkzeug` module instead.
-   *
-   * Provides models for the `werkzeug` module.
-   */
-  deprecated module werkzeug {
-    /**
-     * DEPRECATED: Use the modeling available directly in the `Werkzeug` module instead.
-     *
-     * Provides models for the `werkzeug.datastructures` module.
-     */
-    deprecated module datastructures {
-      /**
-       * DEPRECATED: Use `Werkzeug::MultiDict` instead.
-       *
-       * Provides models for the `werkzeug.datastructures.MultiDict` class
-       *
-       * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.MultiDict.
-       */
-      deprecated module MultiDict {
-        /**
-         * DEPRECATED. Use `Werkzeug::MultiDict::InstanceSource` instead.
-         *
-         * A source of instances of `werkzeug.datastructures.MultiDict`, extend this class to model new instances.
-         *
-         * This can include instantiations of the class, return values from function
-         * calls, or a special parameter that will be set when functions are called by an external
-         * library.
-         *
-         * Use the predicate `MultiDict::instance()` to get references to instances of `werkzeug.datastructures.MultiDict`.
-         */
-        abstract deprecated class InstanceSourceApiNode extends API::Node { }
-
-        /**
-         * DEPRECATED
-         *
-         * Gets a reference to the `getlist` method on an instance of `werkzeug.datastructures.MultiDict`.
-         *
-         * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.Headers.getlist
-         */
-        deprecated DataFlow::Node getlist() {
-          result = any(InstanceSourceApiNode a).getMember("getlist").getAValueReachableFromSource()
-        }
-
-        private class MultiDictAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
-          override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-            // obj -> obj.getlist
-            exists(DataFlow::AttrRead read |
-              read.getObject() = nodeFrom and
-              nodeTo = read and
-              nodeTo = getlist()
-            )
-            or
-            // getlist -> getlist()
-            nodeFrom = getlist() and
-            nodeTo.(DataFlow::CallCfgNode).getFunction() = nodeFrom
-          }
-        }
-      }
-
-      /**
-       * DEPRECATED: Use `Werkzeug::FileStorage` instead.
-       *
-       * Provides models for the `werkzeug.datastructures.FileStorage` class
-       *
-       * See https://werkzeug.palletsprojects.com/en/1.0.x/datastructures/#werkzeug.datastructures.FileStorage.
-       */
-      deprecated module FileStorage {
-        /**
-         * DEPRECATED. Use `Werkzeug::FileStorage::InstanceSource` instead.
-         *
-         * A source of instances of `werkzeug.datastructures.FileStorage`, extend this class to model new instances.
-         *
-         * This can include instantiations of the class, return values from function
-         * calls, or a special parameter that will be set when functions are called by an external
-         * library.
-         *
-         * Use the predicate `FileStorage::instance()` to get references to instances of `werkzeug.datastructures.FileStorage`.
-         */
-        abstract deprecated class InstanceSourceApiNode extends API::Node { }
-
-        /** Gets a reference to an instance of `werkzeug.datastructures.FileStorage`. */
-        deprecated DataFlow::Node instance() {
-          result = any(InstanceSourceApiNode a).getAValueReachableFromSource()
-        }
-
-        private class FileStorageAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
-          override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-            nodeFrom = instance() and
-            exists(DataFlow::AttrRead read | nodeTo = read |
-              read.getAttributeName() in [
-                  // str
-                  "filename", "name", "content_type", "mimetype",
-                  // file-like
-                  "stream",
-                  // TODO: werkzeug.datastructures.Headers
-                  "headers",
-                  // dict[str, str]
-                  "mimetype_params"
-                ] and
-              read.getObject() = nodeFrom
-            )
-          }
-        }
-      }
-    }
-  }
 }
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
index 9b2428f3413..1b7e8cb326a 100644
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
@@ -5,23 +5,20 @@
  *
  * The CSV specification has the following columns:
  * - Sources:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Sinks:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Summaries:
- *   `package; type; path; input; output; kind`
+ *   `type; path; input; output; kind`
  * - Types:
- *   `package1; type1; package2; type2; path`
+ *   `type1; type2; path`
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
- * 1. The `package` column selects a package name, as it would be referenced in the source code,
- *    such as an NPM package, PIP package, or Ruby gem. (See `ModelsAsData.qll` for language-specific details).
- *    It may also be a synthetic package used for a type definition (see type definitions below).
- * 2. The `type` column selects all instances of a named type originating from that package,
- *    or the empty string if referring to the package itself.
+ * 1. The `type` column selects all instances of a named type. The syntax of this column is language-specific.
+ *    The language defines some type names that the analysis knows how to identify without models.
  *    It can also be a synthetic type name defined by a type definition (see type definitions below).
- * 3. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `package` and `type`.
+ * 2. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `type`.
  *
  *    Every language supports the following tokens:
  *     - Argument[n]: the n-th argument to a call. May be a range of form `x..y` (inclusive) and/or a comma-separated list.
@@ -42,10 +39,10 @@
  *
  *    For the time being, please consult `ApiGraphModelsSpecific.qll` to see which language-specific tokens are currently supported.
  *
- * 4. The `input` and `output` columns specify how data enters and leaves the element selected by the
- *    first `(package, type, path)` tuple. Both strings are `.`-separated access paths
+ * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
+ *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 5. The `kind` column is a tag that can be referenced from QL to determine to
+ * 4. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
  *    `"taint"` indicates a default additional taint step and `"value"` indicates a
@@ -53,17 +50,17 @@
  *
  * ### Types
  *
- * A type row of form `package1; type1; package2; type2; path` indicates that `package2; type2; path`
- * should be seen as an instance of the type `package1; type1`.
+ * A type row of form `type1; type2; path` indicates that `type2; path`
+ * should be seen as an instance of the type `type1`.
  *
- * A `(package,type)` pair may refer to a static type or a synthetic type name used internally in the model.
+ * A type may refer to a static type or a synthetic type name used internally in the model.
  * Synthetic type names can be used to reuse intermediate sub-paths, when there are multiple ways to access the same
  * element.
- * See `ModelsAsData.qll` for the language-specific interpretation of packages and static type names.
+ * See `ModelsAsData.qll` for the language-specific interpretation of type names.
  *
- * By convention, if one wants to avoid clashes with static types from the package, the type name
- * should be prefixed with a tilde character (`~`). For example, `(foo, ~Bar)` can be used to indicate that
- * the type is related to the `foo` package but is not intended to match a static type.
+ * By convention, if one wants to avoid clashes with static types, the type name
+ * should be prefixed with a tilde character (`~`). For example, `~Bar` can be used to indicate that
+ * the type is not intended to match a static type.
  */
 
 private import ApiGraphModelsSpecific as Specific
@@ -75,6 +72,7 @@ private module API = Specific::API;
 private module DataFlow = Specific::DataFlow;
 
 private import Specific::AccessPathSyntax
+private import ApiGraphModelsExtensions as Extensions
 
 /** Module containing hooks for providing input data to be interpreted as a model. */
 module ModelInput {
@@ -89,9 +87,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a flow
+     * indicates that the value at `(type, path)` should be seen as a flow
      * source of the given `kind`.
      *
      * The kind `remote` represents a general remote flow source.
@@ -110,9 +108,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a sink
+     * indicates that the value at `(type, path)` should be seen as a sink
      * of the given `kind`.
      */
     abstract predicate row(string row);
@@ -129,9 +127,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;input;output;kind
+     * type;path;input;output;kind
      * ```
-     * indicates that for each call to `(package, type, path)`, the value referred to by `input`
+     * indicates that for each call to `(type, path)`, the value referred to by `input`
      * can flow to the value referred to by `output`.
      *
      * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
@@ -151,9 +149,9 @@ module ModelInput {
      *
      * A row of form,
      * ```
-     * package1;type1;package2;type2;path
+     * type1;type2;path
      * ```
-     * indicates that `(package2, type2, path)` should be seen as an instance of `(package1, type1)`.
+     * indicates that `(type2, path)` should be seen as an instance of `type1`.
      */
     abstract predicate row(string row);
   }
@@ -163,28 +161,28 @@ module ModelInput {
    */
   class TypeModel extends Unit {
     /**
-     * Gets a data-flow node that is a source of the type `package;type`.
+     * Gets a data-flow node that is a source of the given `type`.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the source.
      */
-    DataFlow::Node getASource(string package, string type) { none() }
+    DataFlow::Node getASource(string type) { none() }
 
     /**
-     * Gets a data-flow node that is a sink of the type `package;type`,
+     * Gets a data-flow node that is a sink of the given `type`,
      * usually because it is an argument passed to a parameter of that type.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the sink.
      */
-    DataFlow::Node getASink(string package, string type) { none() }
+    DataFlow::Node getASink(string type) { none() }
 
     /**
-     * Gets an API node that is a source or sink of the type `package;type`.
+     * Gets an API node that is a source or sink of the given `type`.
      *
      * Unlike `getASource` and `getASink`, this may depend on API graphs.
      */
-    API::Node getAnApiNode(string package, string type) { none() }
+    API::Node getAnApiNode(string type) { none() }
   }
 
   /**
@@ -209,7 +207,7 @@ private import ModelInput
 /**
  * An empty class, except in specific tests.
  *
- * If this is non-empty, all models are parsed even if the package is not
+ * If this is non-empty, all models are parsed even if the type name is not
  * considered relevant for the current database.
  */
 abstract class TestAllModels extends Unit { }
@@ -232,54 +230,53 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row
 private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) }
 
 /** Holds if a source model exists for the given parameters. */
-predicate sourceModel(string package, string type, string path, string kind) {
+predicate sourceModel(string type, string path, string kind) {
   exists(string row |
     sourceModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sourceModel(type, path, kind)
 }
 
 /** Holds if a sink model exists for the given parameters. */
-private predicate sinkModel(string package, string type, string path, string kind) {
+private predicate sinkModel(string type, string path, string kind) {
   exists(string row |
     sinkModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sinkModel(type, path, kind)
 }
 
 /** Holds if a summary model `row` exists for the given parameters. */
-private predicate summaryModel(
-  string package, string type, string path, string input, string output, string kind
-) {
+private predicate summaryModel(string type, string path, string input, string output, string kind) {
   exists(string row |
     summaryModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = input and
-    row.splitAt(";", 4) = output and
-    row.splitAt(";", 5) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = input and
+    row.splitAt(";", 3) = output and
+    row.splitAt(";", 4) = kind
   )
+  or
+  Extensions::summaryModel(type, path, input, output, kind)
 }
 
 /** Holds if a type model exists for the given parameters. */
-private predicate typeModel(
-  string package1, string type1, string package2, string type2, string path
-) {
+private predicate typeModel(string type1, string type2, string path) {
   exists(string row |
     typeModel(row) and
-    row.splitAt(";", 0) = package1 and
-    row.splitAt(";", 1) = type1 and
-    row.splitAt(";", 2) = package2 and
-    row.splitAt(";", 3) = type2 and
-    row.splitAt(";", 4) = path
+    row.splitAt(";", 0) = type1 and
+    row.splitAt(";", 1) = type2 and
+    row.splitAt(";", 2) = path
   )
+  or
+  Extensions::typeModel(type1, type2, path)
 }
 
 /** Holds if a type variable model exists for the given parameters. */
@@ -289,64 +286,55 @@ private predicate typeVariableModel(string name, string path) {
     row.splitAt(";", 0) = name and
     row.splitAt(";", 1) = path
   )
-}
-
-/**
- * Gets a package that should be seen as an alias for the given other `package`,
- * or the `package` itself.
- */
-bindingset[package]
-bindingset[result]
-string getAPackageAlias(string package) {
-  typeModel(package, "", result, "", "")
   or
-  result = package
+  Extensions::typeVariableModel(name, path)
 }
 
 /**
- * Holds if CSV rows involving `package` might be relevant for the analysis of this database.
+ * Holds if CSV rows involving `type` might be relevant for the analysis of this database.
  */
-private predicate isRelevantPackage(string package) {
+predicate isRelevantType(string type) {
   (
-    sourceModel(package, _, _, _) or
-    sinkModel(package, _, _, _) or
-    summaryModel(package, _, _, _, _, _) or
-    typeModel(_, _, package, _, _)
+    sourceModel(type, _, _) or
+    sinkModel(type, _, _) or
+    summaryModel(type, _, _, _, _) or
+    typeModel(_, type, _)
   ) and
   (
-    Specific::isPackageUsed(package)
+    Specific::isTypeUsed(type)
     or
     exists(TestAllModels t)
   )
   or
-  exists(string other |
-    isRelevantPackage(other) and
-    typeModel(package, _, other, _, _)
+  exists(string other | isRelevantType(other) |
+    typeModel(type, other, _)
+    or
+    Specific::hasImplicitTypeModel(type, other)
   )
 }
 
 /**
- * Holds if `package,type,path` is used in some CSV row.
+ * Holds if `type,path` is used in some CSV row.
  */
 pragma[nomagic]
-predicate isRelevantFullPath(string package, string type, string path) {
-  isRelevantPackage(package) and
+predicate isRelevantFullPath(string type, string path) {
+  isRelevantType(type) and
   (
-    sourceModel(package, type, path, _) or
-    sinkModel(package, type, path, _) or
-    summaryModel(package, type, path, _, _, _) or
-    typeModel(_, _, package, type, path)
+    sourceModel(type, path, _) or
+    sinkModel(type, path, _) or
+    summaryModel(type, path, _, _, _) or
+    typeModel(_, type, path)
   )
 }
 
 /** A string from a CSV row that should be parsed as an access path. */
 private class AccessPathRange extends AccessPath::Range {
   AccessPathRange() {
-    isRelevantFullPath(_, _, this)
+    isRelevantFullPath(_, this)
     or
-    exists(string package | isRelevantPackage(package) |
-      summaryModel(package, _, _, this, _, _) or
-      summaryModel(package, _, _, _, this, _)
+    exists(string type | isRelevantType(type) |
+      summaryModel(type, _, this, _, _) or
+      summaryModel(type, _, _, this, _)
     )
     or
     typeVariableModel(_, this)
@@ -400,83 +388,73 @@ private predicate invocationMatchesCallSiteFilter(Specific::InvokeNode invoke, A
 }
 
 private class TypeModelUseEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelUseEntry() {
-    exists(any(TypeModel tm).getASource(package, type)) and
-    this = "TypeModelUseEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASource(type)) and
+    this = "TypeModelUseEntry;" + type
   }
 
-  override DataFlow::LocalSourceNode getASource() {
-    result = any(TypeModel tm).getASource(package, type)
-  }
+  override DataFlow::LocalSourceNode getASource() { result = any(TypeModel tm).getASource(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 private class TypeModelDefEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelDefEntry() {
-    exists(any(TypeModel tm).getASink(package, type)) and
-    this = "TypeModelDefEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASink(type)) and
+    this = "TypeModelDefEntry;" + type
   }
 
-  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(package, type) }
+  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 /**
- * Gets an API node identified by the given `(package,type)` pair.
+ * Gets an API node identified by the given `type`.
  */
 pragma[nomagic]
-private API::Node getNodeFromType(string package, string type) {
-  exists(string package2, string type2, AccessPath path2 |
-    typeModel(package, type, package2, type2, path2) and
-    result = getNodeFromPath(package2, type2, path2)
+private API::Node getNodeFromType(string type) {
+  exists(string type2, AccessPath path2 |
+    typeModel(type, type2, path2) and
+    result = getNodeFromPath(type2, path2)
   )
   or
-  result = any(TypeModelUseEntry e).getNodeForType(package, type)
+  result = any(TypeModelUseEntry e).getNodeForType(type)
   or
-  result = any(TypeModelDefEntry e).getNodeForType(package, type)
+  result = any(TypeModelDefEntry e).getNodeForType(type)
   or
-  result = any(TypeModel t).getAnApiNode(package, type)
+  result = any(TypeModel t).getAnApiNode(type)
   or
-  result = Specific::getExtraNodeFromType(package, type)
+  result = Specific::getExtraNodeFromType(type)
 }
 
 /**
- * Gets the API node identified by the first `n` tokens of `path` in the given `(package, type, path)` tuple.
+ * Gets the API node identified by the first `n` tokens of `path` in the given `(type, path)` tuple.
  */
 pragma[nomagic]
-private API::Node getNodeFromPath(string package, string type, AccessPath path, int n) {
-  isRelevantFullPath(package, type, path) and
+private API::Node getNodeFromPath(string type, AccessPath path, int n) {
+  isRelevantFullPath(type, path) and
   (
     n = 0 and
-    result = getNodeFromType(package, type)
+    result = getNodeFromType(type)
     or
-    result = Specific::getExtraNodeFromPath(package, type, path, n)
+    result = Specific::getExtraNodeFromPath(type, path, n)
   )
   or
-  result = getSuccessorFromNode(getNodeFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromNode(getNodeFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Similar to the other recursive case, but where the path may have stepped through one or more call-site filters
-  result =
-    getSuccessorFromInvoke(getInvocationFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromInvoke(getInvocationFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Apply a subpath
-  result =
-    getNodeFromSubPath(getNodeFromPath(package, type, path, n - 1), getSubPathAt(path, n - 1))
+  result = getNodeFromSubPath(getNodeFromPath(type, path, n - 1), getSubPathAt(path, n - 1))
   or
   // Apply a type step
-  typeStep(getNodeFromPath(package, type, path, n), result)
+  typeStep(getNodeFromPath(type, path, n), result)
 }
 
 /**
@@ -496,15 +474,15 @@ private AccessPath getSubPathAt(AccessPath path, int n) {
 pragma[nomagic]
 private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath, int n) {
   exists(AccessPath path, int k |
-    base = [getNodeFromPath(_, _, path, k), getNodeFromSubPath(_, path, k)] and
+    base = [getNodeFromPath(_, path, k), getNodeFromSubPath(_, path, k)] and
     subPath = getSubPathAt(path, k) and
     result = base and
     n = 0
   )
   or
-  exists(string package, string type, AccessPath basePath |
-    typeStepModel(package, type, basePath, subPath) and
-    base = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath |
+    typeStepModel(type, basePath, subPath) and
+    base = getNodeFromPath(type, basePath) and
     result = base and
     n = 0
   )
@@ -543,42 +521,40 @@ private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath) {
   result = getNodeFromSubPath(base, subPath, subPath.getNumToken())
 }
 
-/** Gets the node identified by the given `(package, type, path)` tuple. */
-private API::Node getNodeFromPath(string package, string type, AccessPath path) {
-  result = getNodeFromPath(package, type, path, path.getNumToken())
+/** Gets the node identified by the given `(type, path)` tuple. */
+private API::Node getNodeFromPath(string type, AccessPath path) {
+  result = getNodeFromPath(type, path, path.getNumToken())
 }
 
 pragma[nomagic]
-private predicate typeStepModel(string package, string type, AccessPath basePath, AccessPath output) {
-  summaryModel(package, type, basePath, "", output, "type")
+private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) {
+  summaryModel(type, basePath, "", output, "type")
 }
 
 pragma[nomagic]
 private predicate typeStep(API::Node pred, API::Node succ) {
-  exists(string package, string type, AccessPath basePath, AccessPath output |
-    typeStepModel(package, type, basePath, output) and
-    pred = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath, AccessPath output |
+    typeStepModel(type, basePath, output) and
+    pred = getNodeFromPath(type, basePath) and
     succ = getNodeFromSubPath(pred, output)
   )
 }
 
 /**
- * Gets an invocation identified by the given `(package, type, path)` tuple.
+ * Gets an invocation identified by the given `(type, path)` tuple.
  *
  * Unlike `getNodeFromPath`, the `path` may end with one or more call-site filters.
  */
-private Specific::InvokeNode getInvocationFromPath(
-  string package, string type, AccessPath path, int n
-) {
-  result = Specific::getAnInvocationOf(getNodeFromPath(package, type, path, n))
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path, int n) {
+  result = Specific::getAnInvocationOf(getNodeFromPath(type, path, n))
   or
-  result = getInvocationFromPath(package, type, path, n - 1) and
+  result = getInvocationFromPath(type, path, n - 1) and
   invocationMatchesCallSiteFilter(result, path.getToken(n - 1))
 }
 
-/** Gets an invocation identified by the given `(package, type, path)` tuple. */
-private Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path) {
-  result = getInvocationFromPath(package, type, path, path.getNumToken())
+/** Gets an invocation identified by the given `(type, path)` tuple. */
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path) {
+  result = getInvocationFromPath(type, path, path.getNumToken())
 }
 
 /**
@@ -631,9 +607,9 @@ module ModelOutput {
      */
     cached
     API::Node getASourceNode(string kind) {
-      exists(string package, string type, string path |
-        sourceModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sourceModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -642,9 +618,9 @@ module ModelOutput {
      */
     cached
     API::Node getASinkNode(string kind) {
-      exists(string package, string type, string path |
-        sinkModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sinkModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -653,32 +629,31 @@ module ModelOutput {
      */
     cached
     predicate relevantSummaryModel(
-      string package, string type, string path, string input, string output, string kind
+      string type, string path, string input, string output, string kind
     ) {
-      isRelevantPackage(package) and
-      summaryModel(package, type, path, input, output, kind)
+      isRelevantType(type) and
+      summaryModel(type, path, input, output, kind)
     }
 
     /**
-     * Holds if a `baseNode` is an invocation identified by the `package,type,path` part of a summary row.
+     * Holds if a `baseNode` is an invocation identified by the `type,path` part of a summary row.
      */
     cached
-    predicate resolvedSummaryBase(
-      string package, string type, string path, Specific::InvokeNode baseNode
-    ) {
-      summaryModel(package, type, path, _, _, _) and
-      baseNode = getInvocationFromPath(package, type, path)
+    predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) {
+      summaryModel(type, path, _, _, _) and
+      baseNode = getInvocationFromPath(type, path)
     }
 
     /**
-     * Holds if `node` is seen as an instance of `(package,type)` due to a type definition
+     * Holds if `node` is seen as an instance of `type` due to a type definition
      * contributed by a CSV model.
      */
     cached
-    API::Node getATypeNode(string package, string type) { result = getNodeFromType(package, type) }
+    API::Node getATypeNode(string type) { result = getNodeFromType(type) }
   }
 
   import Cached
+  import Specific::ModelOutputSpecific
 
   /**
    * Gets an error message relating to an invalid CSV row in a model.
@@ -686,13 +661,13 @@ module ModelOutput {
   string getAWarning() {
     // Check number of columns
     exists(string row, string kind, int expectedArity, int actualArity |
-      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 4
+      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 3
       or
-      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 4
+      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 3
       or
-      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 6
+      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 5
       or
-      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 5
+      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 3
       or
       any(TypeVariableModelCsv csv).row(row) and kind = "type-variable" and expectedArity = 2
     |
@@ -705,7 +680,7 @@ module ModelOutput {
     or
     // Check names and arguments of access path tokens
     exists(AccessPath path, AccessPathToken token |
-      (isRelevantFullPath(_, _, path) or typeVariableModel(_, path)) and
+      (isRelevantFullPath(_, path) or typeVariableModel(_, path)) and
       token = path.getToken(_)
     |
       not isValidTokenNameInIdentifyingAccessPath(token.getName()) and
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
new file mode 100644
index 00000000000..11c3bb9657e
--- /dev/null
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -0,0 +1,36 @@
+/**
+ * Defines extensible predicates for contributing library models from data extensions.
+ */
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a flow
+ * source of the given `kind`.
+ *
+ * The kind `remote` represents a general remote flow source.
+ */
+extensible predicate sourceModel(string type, string path, string kind);
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a sink
+ * of the given `kind`.
+ */
+extensible predicate sinkModel(string type, string path, string kind);
+
+/**
+ * Holds if calls to `(type, path)`, the value referred to by `input`
+ * can flow to the value referred to by `output`.
+ *
+ * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
+ * respectively.
+ */
+extensible predicate summaryModel(string type, string path, string input, string output, string kind);
+
+/**
+ * Holds if `(type2, path)` should be seen as an instance of `type1`.
+ */
+extensible predicate typeModel(string type1, string type2, string path);
+
+/**
+ * Holds if `path` can be substituted for a token `TypeVar[name]`.
+ */
+extensible predicate typeVariableModel(string name, string path);
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll
index 2f53c4fdeea..eb23efe4aff 100644
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll
@@ -31,19 +31,22 @@ import semmle.python.dataflow.new.DataFlow::DataFlow as DataFlow
 private import AccessPathSyntax
 
 /**
- * Holds if models describing `package` may be relevant for the analysis of this database.
+ * Holds if models describing `type` may be relevant for the analysis of this database.
  */
-predicate isPackageUsed(string package) { API::moduleImportExists(package) }
+predicate isTypeUsed(string type) { API::moduleImportExists(type) }
 
-/** Gets a Python-specific interpretation of the `(package, type, path)` tuple after resolving the first `n` access path tokens. */
-bindingset[package, type, path]
-API::Node getExtraNodeFromPath(string package, string type, AccessPath path, int n) { none() }
+/**
+ * Holds if `type` can be obtained from an instance of `otherType` due to
+ * language semantics modeled by `getExtraNodeFromType`.
+ */
+predicate hasImplicitTypeModel(string type, string otherType) { none() }
 
-/** Gets a Python-specific interpretation of the `(package, type)` tuple. */
-API::Node getExtraNodeFromType(string package, string type) {
-  type = "" and
-  result = API::moduleImport(package)
-}
+/** Gets a Python-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */
+bindingset[type, path]
+API::Node getExtraNodeFromPath(string type, AccessPath path, int n) { none() }
+
+/** Gets a Python-specific interpretation of the given `type`. */
+API::Node getExtraNodeFromType(string type) { result = API::moduleImport(type) }
 
 /**
  * Gets a Python-specific API graph successor of `node` reachable by resolving `token`.
@@ -121,9 +124,9 @@ predicate invocationMatchesExtraCallSiteFilter(API::CallNode invoke, AccessPathT
  */
 pragma[nomagic]
 private predicate relevantInputOutputPath(API::CallNode base, AccessPath inputOrOutput) {
-  exists(string package, string type, string input, string output, string path |
-    ModelOutput::relevantSummaryModel(package, type, path, input, output, _) and
-    ModelOutput::resolvedSummaryBase(package, type, path, base) and
+  exists(string type, string input, string output, string path |
+    ModelOutput::relevantSummaryModel(type, path, input, output, _) and
+    ModelOutput::resolvedSummaryBase(type, path, base) and
     inputOrOutput = [input, output]
   )
 }
@@ -153,12 +156,9 @@ private API::Node getNodeFromInputOutputPath(API::CallNode baseNode, AccessPath
  * Holds if a CSV summary contributed the step `pred -> succ` of the given `kind`.
  */
 predicate summaryStep(API::Node pred, API::Node succ, string kind) {
-  exists(
-    string package, string type, string path, API::CallNode base, AccessPath input,
-    AccessPath output
-  |
-    ModelOutput::relevantSummaryModel(package, type, path, input, output, kind) and
-    ModelOutput::resolvedSummaryBase(package, type, path, base) and
+  exists(string type, string path, API::CallNode base, AccessPath input, AccessPath output |
+    ModelOutput::relevantSummaryModel(type, path, input, output, kind) and
+    ModelOutput::resolvedSummaryBase(type, path, base) and
     pred = getNodeFromInputOutputPath(base, input) and
     succ = getNodeFromInputOutputPath(base, output)
   )
@@ -201,3 +201,5 @@ predicate isExtraValidTokenArgumentInIdentifyingAccessPath(string name, string a
     argument.regexpMatch("\\w+:") // keyword argument
   )
 }
+
+module ModelOutputSpecific { }
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/model.yml b/python/ql/lib/semmle/python/frameworks/data/internal/model.yml
new file mode 100644
index 00000000000..46fdcfe96bf
--- /dev/null
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/model.yml
@@ -0,0 +1,26 @@
+extensions:
+  # Contribute empty data sets to avoid errors about an undefined extensionals
+  - addsTo:
+      pack: codeql/python-all
+      extensible: sourceModel
+    data: []
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: sinkModel
+    data: []
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: summaryModel
+    data: []
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: typeModel
+    data: []
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: typeVariableModel
+    data: []
diff --git a/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll b/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll
deleted file mode 100644
index bf63bbb3731..00000000000
--- a/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll
+++ /dev/null
@@ -1,204 +0,0 @@
-/**
- * INTERNAL: Do not use.
- *
- * Provides internal implementation of PEP249. This currently resides in a different
- * file than `python/ql/src/semmle/python/frameworks/PEP249.qll`, since we used to
- * export everything without being encapsulated in a module, and shadowing rules means
- * that we can't just add the module directly to that file :(
- *
- * So once we can remove those deprecated things (Start of July 2022), we can also move
- * the core implementation into its' proper place.
- *
- * Provides classes modeling PEP 249.
- * See https://www.python.org/dev/peps/pep-0249/.
- */
-
-private import python
-private import semmle.python.dataflow.new.DataFlow
-private import semmle.python.dataflow.new.RemoteFlowSources
-private import semmle.python.Concepts
-private import semmle.python.ApiGraphs
-
-/**
- * Provides classes modeling database interfaces following PEP 249.
- * See https://www.python.org/dev/peps/pep-0249/.
- */
-module PEP249 {
-  /**
-   * An API graph node representing a module that implements PEP 249.
-   */
-  abstract class PEP249ModuleApiNode extends API::Node {
-    /** Gets a string representation of this element. */
-    override string toString() { result = this.(API::Node).toString() }
-  }
-
-  /** Gets a reference to the `connect` function of a module that implements PEP 249. */
-  DataFlow::Node connect() {
-    result = any(PEP249ModuleApiNode a).getMember("connect").getAValueReachableFromSource()
-  }
-
-  /**
-   * Provides models for database connections (following PEP 249).
-   *
-   * See https://www.python.org/dev/peps/pep-0249/#connection-objects.
-   */
-  module Connection {
-    /**
-     * A source of database connections (following PEP 249), extend this class to model new instances.
-     *
-     * This can include instantiations of the class, return values from function
-     * calls, or a special parameter that will be set when functions are called by external
-     * libraries.
-     *
-     * Use the predicate `Connection::instance()` to get references to database connections (following PEP 249).
-     *
-     * Extend this class if the module implementing PEP 249 offers more direct ways to obtain
-     * a connection than going through `connect`.
-     */
-    abstract class InstanceSource extends DataFlow::Node { }
-
-    /** A call to the `connect` function of a module that implements PEP 249. */
-    private class ConnectCall extends InstanceSource, DataFlow::CallCfgNode {
-      ConnectCall() { this.getFunction() = connect() }
-    }
-
-    /** Gets a reference to a database connection (following PEP 249). */
-    private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
-      t.start() and
-      result instanceof InstanceSource
-      or
-      exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
-    }
-
-    /** Gets a reference to a database connection (following PEP 249). */
-    DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
-  }
-
-  /**
-   * Provides models for database cursors (following PEP 249).
-   *
-   * These are returned by the `cursor` method on a database connection.
-   * See https://www.python.org/dev/peps/pep-0249/#cursor.
-   */
-  module Cursor {
-    /**
-     * A source of database cursors (following PEP 249), extend this class to model new instances.
-     *
-     * This can include instantiations of the class, return values from function
-     * calls, or a special parameter that will be set when functions are called by external
-     * libraries.
-     *
-     * Use the predicate `Cursor::instance()` to get references to database cursors (following PEP 249).
-     *
-     * Extend this class if the module implementing PEP 249 offers more direct ways to obtain
-     * a connection than going through `connect`.
-     */
-    abstract class InstanceSource extends DataFlow::LocalSourceNode { }
-
-    /** Gets a reference to a database cursor. */
-    private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
-      t.start() and
-      result instanceof InstanceSource
-      or
-      exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
-    }
-
-    /** Gets a reference to a database cursor. */
-    DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
-
-    /** Gets a reference to the `cursor` method on a database connection. */
-    private DataFlow::TypeTrackingNode methodRef(DataFlow::TypeTracker t) {
-      t.startInAttr("cursor") and
-      result = Connection::instance()
-      or
-      exists(DataFlow::TypeTracker t2 | result = methodRef(t2).track(t2, t))
-    }
-
-    /** Gets a reference to the `cursor` method on a database connection. */
-    DataFlow::Node methodRef() { methodRef(DataFlow::TypeTracker::end()).flowsTo(result) }
-
-    /** A call to the `cursor` method on a database connection */
-    private class CursorCall extends InstanceSource, DataFlow::CallCfgNode {
-      CursorCall() { this.getFunction() = methodRef() }
-    }
-
-    /** Gets a reference to a result of calling the `cursor` method on a database connection. */
-    private DataFlow::TypeTrackingNode methodResult(DataFlow::TypeTracker t) {
-      t.start() and
-      result.asCfgNode().(CallNode).getFunction() = methodRef().asCfgNode()
-      or
-      exists(DataFlow::TypeTracker t2 | result = methodResult(t2).track(t2, t))
-    }
-
-    /**
-     * DEPRECATED: Use `Cursor::instance()` to get references to database cursors instead.
-     *
-     * Gets a reference to a result of calling the `cursor` method on a database connection.
-     */
-    deprecated DataFlow::Node methodResult() {
-      methodResult(DataFlow::TypeTracker::end()).flowsTo(result)
-    }
-  }
-
-  /**
-   * Gets a reference to the `execute` method on a cursor (or on a connection).
-   *
-   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
-   * recognize it as an alias for constructing a cursor and calling `execute` on it.
-   *
-   * See https://peps.python.org/pep-0249/#execute.
-   */
-  private DataFlow::TypeTrackingNode execute(DataFlow::TypeTracker t) {
-    t.startInAttr("execute") and
-    result in [Cursor::instance(), Connection::instance()]
-    or
-    exists(DataFlow::TypeTracker t2 | result = execute(t2).track(t2, t))
-  }
-
-  /**
-   * Gets a reference to the `execute` method on a cursor (or on a connection).
-   *
-   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
-   * recognize it as an alias for constructing a cursor and calling `execute` on it.
-   *
-   * See https://peps.python.org/pep-0249/#execute.
-   */
-  DataFlow::Node execute() { execute(DataFlow::TypeTracker::end()).flowsTo(result) }
-
-  /**
-   * A call to the `execute` method on a cursor or a connection.
-   *
-   * See https://peps.python.org/pep-0249/#execute
-   *
-   * Note: While `execute` method on a connection is not part of PEP249, if it is used, we
-   * recognize it as an alias for constructing a cursor and calling `execute` on it.
-   */
-  private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {
-    ExecuteCall() { this.getFunction() = execute() }
-
-    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
-  }
-
-  private DataFlow::TypeTrackingNode executemany(DataFlow::TypeTracker t) {
-    t.startInAttr("executemany") and
-    result in [Cursor::instance(), Connection::instance()]
-    or
-    exists(DataFlow::TypeTracker t2 | result = executemany(t2).track(t2, t))
-  }
-
-  private DataFlow::Node executemany() { executemany(DataFlow::TypeTracker::end()).flowsTo(result) }
-
-  /**
-   * A call to the `executemany` method on a cursor or a connection.
-   *
-   * See https://peps.python.org/pep-0249/#executemany
-   *
-   * Note: While `executemany` method on a connection is not part of PEP249, if it is used, we
-   * recognize it as an alias for constructing a cursor and calling `executemany` on it.
-   */
-  private class ExecutemanyCall extends SqlExecution::Range, DataFlow::CallCfgNode {
-    ExecutemanyCall() { this.getFunction() = executemany() }
-
-    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
-  }
-}
diff --git a/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll b/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll
index 95bfbeeeb5d..446e4487a0f 100644
--- a/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll
+++ b/python/ql/lib/semmle/python/security/BadTagFilterQuery.qll
@@ -2,155 +2,7 @@
  * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
-import regexp.RegexpMatching
-
-/**
- * Holds if the regexp `root` should be tested against `str`.
- * Implements the `isRegexpMatchingCandidateSig` signature from `RegexpMatching`.
- * `ignorePrefix` toggles whether the regular expression should be treated as accepting any prefix if it's unanchored.
- * `testWithGroups` toggles whether it's tested which groups are filled by a given input string.
- */
-private predicate isBadTagFilterCandidate(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-) {
-  // the regexp must mention "<" and ">" explicitly.
-  forall(string angleBracket | angleBracket = ["<", ">"] |
-    any(RegExpConstant term | term.getValue().matches("%" + angleBracket + "%")).getRootTerm() =
-      root
-  ) and
-  ignorePrefix = true and
-  (
-    str = ["<!-- foo -->", "<!-- foo --!>", "<!- foo ->", "<foo>", "<script>"] and
-    testWithGroups = true
-    or
-    str =
-      [
-        "<!-- foo -->", "<!- foo ->", "<!-- foo --!>", "<!-- foo\n -->", "<script>foo</script>",
-        "<script \n>foo</script>", "<script >foo\n</script>", "<foo ></foo>", "<foo>",
-        "<foo src=\"foo\"></foo>", "<script>", "<script src=\"foo\"></script>",
-        "<script src='foo'></script>", "<SCRIPT>foo</SCRIPT>", "<script\tsrc=\"foo\"/>",
-        "<script\tsrc='foo'></script>", "<sCrIpT>foo</ScRiPt>", "<script src=\"foo\">foo</script >",
-        "<script src=\"foo\">foo</script foo=\"bar\">", "<script src=\"foo\">foo</script\t\n bar>"
-      ] and
-    testWithGroups = false
-  )
-}
-
-/**
- * A regexp that matches some string from the `isBadTagFilterCandidate` predicate.
- */
-class HtmlMatchingRegExp extends RootTerm {
-  HtmlMatchingRegExp() { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, _) }
-
-  /** Holds if this regexp matched `str`, where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate matches(string str) { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, str) }
-
-  /** Holds if this regexp fills capture group `g' when matching `str', where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate fillsCaptureGroup(string str, int g) {
-    RegexpMatching<isBadTagFilterCandidate/4>::fillsCaptureGroup(this, str, g)
-  }
-}
-
-/** DEPRECATED: Alias for HtmlMatchingRegExp */
-deprecated class HTMLMatchingRegExp = HtmlMatchingRegExp;
-
-/**
- * Holds if `regexp` matches some HTML tags, but misses some HTML tags that it should match.
- *
- * When adding a new case to this predicate, make sure the test string used in `matches(..)` calls are present in `HTMLMatchingRegExp::test` / `HTMLMatchingRegExp::testWithGroups`.
- */
-predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
-  // CVE-2021-33829 - matching both "<!-- foo -->" and "<!-- foo --!>", but in different capture groups
-  regexp.matches("<!-- foo -->") and
-  regexp.matches("<!-- foo --!>") and
-  exists(int a, int b | a != b |
-    regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
-    regexp.fillsCaptureGroup("<!-- foo --!>", b) and
-    not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
-    msg =
-      "Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group "
-        + a + " and comments ending with --!> are matched with capture group " +
-        strictconcat(int i | regexp.fillsCaptureGroup("<!-- foo --!>", i) | i.toString(), ", ") +
-        "."
-  )
-  or
-  // CVE-2020-17480 - matching "<!-- foo -->" and other tags, but not "<!-- foo --!>".
-  exists(int group, int other |
-    group != other and
-    regexp.fillsCaptureGroup("<!-- foo -->", group) and
-    regexp.fillsCaptureGroup("<foo>", other) and
-    not regexp.matches("<!-- foo --!>") and
-    not regexp.fillsCaptureGroup("<!-- foo -->", any(int i | i != group)) and
-    not regexp.fillsCaptureGroup("<!- foo ->", group) and
-    not regexp.fillsCaptureGroup("<foo>", group) and
-    not regexp.fillsCaptureGroup("<script>", group) and
-    msg =
-      "This regular expression only parses --> (capture group " + group +
-        ") and not --!> as an HTML comment end tag."
-  )
-  or
-  regexp.matches("<!-- foo -->") and
-  not regexp.matches("<!-- foo\n -->") and
-  not regexp.matches("<!- foo ->") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<script>") and
-  msg = "This regular expression does not match comments containing newlines."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script \n>foo</script>") and
-    msg = "This regular expression matches <script></script>, but not <script \\n></script>"
-    or
-    not regexp.matches("<script >foo\n</script>") and
-    msg = "This regular expression matches <script>...</script>, but not <script >...\\n</script>"
-  )
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses single-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses double-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script\tsrc='foo'></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo src=\"foo\"></foo>") and
-  msg = "This regular expression does not match script tags where tabs are used between attributes."
-  or
-  regexp.matches("<script>foo</script>") and
-  not RegExpFlags::isIgnoreCase(regexp) and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match upper case <SCRIPT> tags."
-    or
-    not regexp.matches("<sCrIpT>foo</ScRiPt>") and
-    regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match mixed case <sCrIpT> tags."
-  )
-  or
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script src=\"foo\">foo</script >") and
-    msg = "This regular expression does not match script end tags like </script >."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script foo=\"bar\">") and
-    msg = "This regular expression does not match script end tags like </script foo=\"bar\">."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script\t\n bar>") and
-    msg = "This regular expression does not match script end tags like </script\\t\\n bar>."
-  )
-}
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// BadTagFilterQuery should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll b/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll
index 65e662f0bc5..49ec333161c 100644
--- a/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll
+++ b/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll
@@ -2,288 +2,7 @@
  * Classes and predicates for working with suspicious character ranges.
  */
 
-// We don't need the NFA utils, just the regexp tree.
-// but the below is a nice shared library that exposes the API we need.
-import regexp.NfaUtils
-
-/**
- * Gets a rank for `range` that is unique for ranges in the same file.
- * Prioritizes ranges that match more characters.
- */
-int rankRange(RegExpCharacterRange range) {
-  range =
-    rank[result](RegExpCharacterRange r, Location l, int low, int high |
-      r.getLocation() = l and
-      isRange(r, low, high)
-    |
-      r order by (high - low) desc, l.getStartLine(), l.getStartColumn()
-    )
-}
-
-/** Holds if `range` spans from the unicode code points `low` to `high` (both inclusive). */
-predicate isRange(RegExpCharacterRange range, int low, int high) {
-  exists(string lowc, string highc |
-    range.isRange(lowc, highc) and
-    low.toUnicode() = lowc and
-    high.toUnicode() = highc
-  )
-}
-
-/** Holds if `char` is an alpha-numeric character. */
-predicate isAlphanumeric(string char) {
-  // written like this to avoid having a bindingset for the predicate
-  char = [[48 .. 57], [65 .. 90], [97 .. 122]].toUnicode() // 0-9, A-Z, a-z
-}
-
-/**
- * Holds if the given ranges are from the same character class
- * and there exists at least one character matched by both ranges.
- */
-predicate overlap(RegExpCharacterRange a, RegExpCharacterRange b) {
-  exists(RegExpCharacterClass clz |
-    a = clz.getAChild() and
-    b = clz.getAChild() and
-    a != b
-  |
-    exists(int alow, int ahigh, int blow, int bhigh |
-      isRange(a, alow, ahigh) and
-      isRange(b, blow, bhigh) and
-      alow <= bhigh and
-      blow <= ahigh
-    )
-  )
-}
-
-/**
- * Holds if `range` overlaps with the char class `escape` from the same character class.
- */
-predicate overlapsWithCharEscape(RegExpCharacterRange range, RegExpCharacterClassEscape escape) {
-  exists(RegExpCharacterClass clz, string low, string high |
-    range = clz.getAChild() and
-    escape = clz.getAChild() and
-    range.isRange(low, high)
-  |
-    escape.getValue() = "w" and
-    getInRange(low, high).regexpMatch("\\w")
-    or
-    escape.getValue() = "d" and
-    getInRange(low, high).regexpMatch("\\d")
-    or
-    escape.getValue() = "s" and
-    getInRange(low, high).regexpMatch("\\s")
-  )
-}
-
-/** Gets the unicode code point for a `char`. */
-bindingset[char]
-int toCodePoint(string char) { result.toUnicode() = char }
-
-/** A character range that appears to be overly wide. */
-class OverlyWideRange extends RegExpCharacterRange {
-  OverlyWideRange() {
-    exists(int low, int high, int numChars |
-      isRange(this, low, high) and
-      numChars = (1 + high - low) and
-      this.getRootTerm().isUsedAsRegExp() and
-      numChars >= 10
-    |
-      // across the Z-a range (which includes backticks)
-      toCodePoint("Z") >= low and
-      toCodePoint("a") <= high
-      or
-      // across the 9-A range (which includes e.g. ; and ?)
-      toCodePoint("9") >= low and
-      toCodePoint("A") <= high
-      or
-      // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
-      // while still being ascii
-      low < 128 and
-      high < 128
-    ) and
-    // allowlist for known ranges
-    not this = allowedWideRanges()
-  }
-
-  /** Gets a string representation of a character class that matches the same chars as this range. */
-  string printEquivalent() { result = RangePrinter::printEquivalentCharClass(this) }
-}
-
-/** Gets a range that should not be reported as an overly wide range. */
-RegExpCharacterRange allowedWideRanges() {
-  // ~ is the last printable ASCII character, it's used right in various wide ranges.
-  result.isRange(_, "~")
-  or
-  // the same with " " and "!". " " is the first printable character, and "!" is the first non-white-space printable character.
-  result.isRange([" ", "!"], _)
-  or
-  // the `[@-_]` range is intentional
-  result.isRange("@", "_")
-  or
-  // starting from the zero byte is a good indication that it's purposely matching a large range.
-  result.isRange(0.toUnicode(), _)
-}
-
-/** Gets a char between (and including) `low` and `high`. */
-bindingset[low, high]
-private string getInRange(string low, string high) {
-  result = [toCodePoint(low) .. toCodePoint(high)].toUnicode()
-}
-
-/** A module computing an equivalent character class for an overly wide range. */
-module RangePrinter {
-  bindingset[char]
-  bindingset[result]
-  private string next(string char) {
-    exists(int prev, int next |
-      prev.toUnicode() = char and
-      next.toUnicode() = result and
-      next = prev + 1
-    )
-  }
-
-  /** Gets the points where the parts of the pretty printed range should be cut off. */
-  private string cutoffs() { result = ["A", "Z", "a", "z", "0", "9"] }
-
-  /** Gets the char to use in the low end of a range for a given `cut` */
-  private string lowCut(string cut) {
-    cut = ["A", "a", "0"] and
-    result = cut
-    or
-    cut = ["Z", "z", "9"] and
-    result = next(cut)
-  }
-
-  /** Gets the char to use in the high end of a range for a given `cut` */
-  private string highCut(string cut) {
-    cut = ["Z", "z", "9"] and
-    result = cut
-    or
-    cut = ["A", "a", "0"] and
-    next(result) = cut
-  }
-
-  /** Gets the cutoff char used for a given `part` of a range when pretty-printing it. */
-  private string cutoff(OverlyWideRange range, int part) {
-    exists(int low, int high | isRange(range, low, high) |
-      result =
-        rank[part + 1](string cut |
-          cut = cutoffs() and low < toCodePoint(cut) and toCodePoint(cut) < high
-        |
-          cut order by toCodePoint(cut)
-        )
-    )
-  }
-
-  /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
-
-  /** Holds if the given part of a range should span from `low` to `high`. */
-  private predicate part(OverlyWideRange range, int part, string low, string high) {
-    // first part.
-    part = 0 and
-    (
-      range.isRange(low, high) and
-      parts(range) = 1
-      or
-      parts(range) >= 2 and
-      range.isRange(low, _) and
-      high = highCut(cutoff(range, part))
-    )
-    or
-    // middle
-    part >= 1 and
-    part < parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    high = highCut(cutoff(range, part))
-    or
-    // last.
-    part = parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    range.isRange(_, high)
-  }
-
-  /** Gets an escaped `char` for use in a character class. */
-  bindingset[char]
-  private string escape(string char) {
-    exists(string reg | reg = "(\\[|\\]|\\\\|-|/)" |
-      if char.regexpMatch(reg) then result = "\\" + char else result = char
-    )
-  }
-
-  /** Gets a part of the equivalent range. */
-  private string printEquivalentCharClass(OverlyWideRange range, int part) {
-    exists(string low, string high | part(range, part, low, high) |
-      if
-        isAlphanumeric(low) and
-        isAlphanumeric(high)
-      then result = low + "-" + high
-      else
-        result =
-          strictconcat(string char | char = getInRange(low, high) | escape(char) order by char)
-    )
-  }
-
-  /** Gets the entire pretty printed equivalent range. */
-  string printEquivalentCharClass(OverlyWideRange range) {
-    result =
-      strictconcat(string r, int part |
-        r = "[" and part = -1 and exists(range)
-        or
-        r = printEquivalentCharClass(range, part)
-        or
-        r = "]" and part = parts(range)
-      |
-        r order by part
-      )
-  }
-}
-
-/** Gets a char range that is overly large because of `reason`. */
-RegExpCharacterRange getABadRange(string reason, int priority) {
-  result instanceof OverlyWideRange and
-  priority = 0 and
-  exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() |
-    if equiv.length() <= 50
-    then reason = "is equivalent to " + equiv
-    else reason = "is equivalent to " + equiv.substring(0, 50) + "..."
-  )
-  or
-  priority = 1 and
-  exists(RegExpCharacterRange other |
-    reason = "overlaps with " + other + " in the same character class" and
-    rankRange(result) < rankRange(other) and
-    overlap(result, other)
-  )
-  or
-  priority = 2 and
-  exists(RegExpCharacterClassEscape escape |
-    reason = "overlaps with " + escape + " in the same character class" and
-    overlapsWithCharEscape(result, escape)
-  )
-  or
-  reason = "is empty" and
-  priority = 3 and
-  exists(int low, int high |
-    isRange(result, low, high) and
-    low > high
-  )
-}
-
-/** Holds if `range` matches suspiciously many characters. */
-predicate problem(RegExpCharacterRange range, string reason) {
-  reason =
-    strictconcat(string m, int priority |
-      range = getABadRange(m, priority)
-    |
-      m, ", and " order by priority desc
-    ) and
-  // specifying a range using an escape is usually OK.
-  not range.getAChild() instanceof RegExpEscape and
-  // Unicode escapes in strings are interpreted before it turns into a regexp,
-  // so e.g. [\u0001-\uFFFF] will just turn up as a range between two constants.
-  // We therefore exclude these ranges.
-  range.getRootTerm().getParent() instanceof RegExpLiteral and
-  // is used as regexp (mostly for JS where regular expressions are parsed eagerly)
-  range.getRootTerm().isUsedAsRegExp()
-}
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationCustomizations.qll
new file mode 100644
index 00000000000..b3acdef6ef5
--- /dev/null
+++ b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationCustomizations.qll
@@ -0,0 +1,61 @@
+/**
+ * Provides default sources, sinks and sanitizers for detecting
+ * "PAM Authorization" vulnerabilities.
+ */
+
+import python
+import semmle.python.ApiGraphs
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.dataflow.new.RemoteFlowSources
+
+/**
+ * Provides default sources, sinks and sanitizers for detecting
+ * "PAM Authorization" vulnerabilities.
+ */
+module PamAuthorizationCustomizations {
+  /**
+   * Models a node corresponding to the `pam` library
+   */
+  API::Node libPam() {
+    exists(API::CallNode findLibCall, API::CallNode cdllCall |
+      findLibCall =
+        API::moduleImport("ctypes").getMember("util").getMember("find_library").getACall() and
+      findLibCall.getParameter(0).getAValueReachingSink().asExpr().(StrConst).getText() = "pam" and
+      cdllCall = API::moduleImport("ctypes").getMember("CDLL").getACall() and
+      cdllCall.getParameter(0).getAValueReachingSink() = findLibCall
+    |
+      result = cdllCall.getReturn()
+    )
+  }
+
+  /**
+   * A data flow source for "PAM Authorization" vulnerabilities.
+   */
+  abstract class Source extends DataFlow::Node { }
+
+  /**
+   * A data flow sink for "PAM Authorization" vulnerabilities.
+   */
+  abstract class Sink extends DataFlow::Node { }
+
+  /**
+   * A source of remote user input, considered as a flow source.
+   */
+  class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
+
+  /**
+   * A vulnerable `pam_authenticate` call considered as a flow sink.
+   */
+  class VulnPamAuthCall extends API::CallNode, Sink {
+    VulnPamAuthCall() {
+      exists(DataFlow::Node h |
+        this = libPam().getMember("pam_authenticate").getACall() and
+        h = this.getArg(0) and
+        not exists(API::CallNode acctMgmtCall |
+          acctMgmtCall = libPam().getMember("pam_acct_mgmt").getACall() and
+          DataFlow::localFlow(h, acctMgmtCall.getArg(0))
+        )
+      )
+    }
+  }
+}
diff --git a/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll
new file mode 100644
index 00000000000..18dc29a4a71
--- /dev/null
+++ b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll
@@ -0,0 +1,39 @@
+/**
+ * Provides a taint-tracking configuration for detecting "PAM Authorization" vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `PamAuthorization::Configuration` is needed, otherwise
+ * `PamAuthorizationCustomizations` should be imported instead.
+ */
+
+import python
+import semmle.python.ApiGraphs
+import semmle.python.dataflow.new.TaintTracking
+import PamAuthorizationCustomizations::PamAuthorizationCustomizations
+
+/**
+ * A taint-tracking configuration for detecting "PAM Authorization" vulnerabilities.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "PamAuthorization" }
+
+  override predicate isSource(DataFlow::Node node) { node instanceof Source }
+
+  override predicate isSink(DataFlow::Node node) { node instanceof Sink }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    // Models flow from a remotely supplied username field to a PAM `handle`.
+    // `retval = pam_start(service, username, byref(conv), byref(handle))`
+    exists(API::CallNode pamStart, DataFlow::Node handle, API::CallNode pointer |
+      pointer = API::moduleImport("ctypes").getMember(["pointer", "byref"]).getACall() and
+      pamStart = libPam().getMember("pam_start").getACall() and
+      pointer = pamStart.getArg(3) and
+      handle = pointer.getArg(0) and
+      pamStart.getArg(1) = node1 and
+      handle = node2
+    )
+    or
+    // Flow from handle to the authenticate call in the final step
+    exists(VulnPamAuthCall c | c.getArg(0) = node1 | node2 = c)
+  }
+}
diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
index 7e1a2c9561c..fac16730f2c 100644
--- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
@@ -11,7 +11,7 @@ private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.Concepts
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
-private import semmle.python.RegexTreeView
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
 private import semmle.python.ApiGraphs
 
 /**
@@ -20,6 +20,9 @@ private import semmle.python.ApiGraphs
  * vulnerabilities, as well as extension points for adding your own.
  */
 module PolynomialReDoS {
+  private import TreeView
+  import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>
+
   /**
    * A data flow source for "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
    */
diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll
index 09f84327a63..9a31dcc2a10 100644
--- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll
@@ -41,9 +41,7 @@ module StackTraceExposure {
   /**
    * A source of exception info, considered as a flow source.
    */
-  class ExceptionInfoAsSource extends Source {
-    ExceptionInfoAsSource() { this instanceof ExceptionInfo }
-  }
+  class ExceptionInfoAsSource extends Source instanceof ExceptionInfo { }
 
   /**
    * The body of a HTTP response that will be returned from a server, considered as a flow sink.
diff --git a/python/ql/lib/semmle/python/security/dataflow/XmlBombCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/XmlBombCustomizations.qll
index a2fe1b8ecb2..317bee33387 100644
--- a/python/ql/lib/semmle/python/security/dataflow/XmlBombCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/XmlBombCustomizations.qll
@@ -30,9 +30,7 @@ module XmlBomb {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for XML bomb vulnerabilities. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A call to an XML parser that is vulnerable to XML bombs.
diff --git a/python/ql/lib/semmle/python/security/dataflow/XxeCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/XxeCustomizations.qll
index 1d1ad087f84..525bceeb04a 100644
--- a/python/ql/lib/semmle/python/security/dataflow/XxeCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/XxeCustomizations.qll
@@ -30,9 +30,7 @@ module Xxe {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for XXE vulnerabilities. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A call to an XML parser that is vulnerable to XXE.
diff --git a/python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll b/python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll
new file mode 100644
index 00000000000..46df3a3ca7b
--- /dev/null
+++ b/python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll
@@ -0,0 +1,21 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides predicates for recommended encryption key sizes.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+
+/** Returns the minimum recommended key size for RSA. */
+int minSecureKeySizeRsa() { result = 2048 }
+
+/** Returns the minimum recommended key size for DSA. */
+int minSecureKeySizeDsa() { result = 2048 }
+
+/** Returns the minimum recommended key size for DH. */
+int minSecureKeySizeDh() { result = 2048 }
+
+/** Returns the minimum recommended key size for elliptic curve cryptography. */
+int minSecureKeySizeEcc() { result = 256 }
+
+/** Returns the minimum recommended key size for AES. */
+int minSecureKeySizeAes() { result = 128 }
diff --git a/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll b/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll
index 4a608890249..f4628b883da 100644
--- a/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll
+++ b/python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll
@@ -62,284 +62,7 @@
  *     a suffix `x` (possible empty) that is most likely __not__ accepted.
  */
 
-import NfaUtils
-
-/**
- * Holds if state `s` might be inside a backtracking repetition.
- */
-pragma[noinline]
-private predicate stateInsideBacktracking(State s) {
-  s.getRepr().getParent*() instanceof MaybeBacktrackingRepetition
-}
-
-/**
- * A infinitely repeating quantifier that might backtrack.
- */
-private class MaybeBacktrackingRepetition extends InfiniteRepetitionQuantifier {
-  MaybeBacktrackingRepetition() {
-    exists(RegExpTerm child |
-      child instanceof RegExpAlt or
-      child instanceof RegExpQuantifier
-    |
-      child.getParent+() = this
-    )
-  }
-}
-
-/**
- * A state in the product automaton.
- */
-private newtype TStatePair =
-  /**
-   * We lazily only construct those states that we are actually
-   * going to need: `(q, q)` for every fork state `q`, and any
-   * pair of states that can be reached from a pair that we have
-   * already constructed. To cut down on the number of states,
-   * we only represent states `(q1, q2)` where `q1` is lexicographically
-   * no bigger than `q2`.
-   *
-   * States are only constructed if both states in the pair are
-   * inside a repetition that might backtrack.
-   */
-  MkStatePair(State q1, State q2) {
-    isFork(q1, _, _, _, _) and q2 = q1
-    or
-    (step(_, _, _, q1, q2) or step(_, _, _, q2, q1)) and
-    rankState(q1) <= rankState(q2)
-  }
-
-/**
- * Gets a unique number for a `state`.
- * Is used to create an ordering of states, where states with the same `toString()` will be ordered differently.
- */
-private int rankState(State state) {
-  state =
-    rank[result](State s, Location l |
-      stateInsideBacktracking(s) and
-      l = s.getRepr().getLocation()
-    |
-      s order by l.getStartLine(), l.getStartColumn(), s.toString()
-    )
-}
-
-/**
- * A state in the product automaton.
- */
-private class StatePair extends TStatePair {
-  State q1;
-  State q2;
-
-  StatePair() { this = MkStatePair(q1, q2) }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "(" + q1 + ", " + q2 + ")" }
-
-  /** Gets the first component of the state pair. */
-  State getLeft() { result = q1 }
-
-  /** Gets the second component of the state pair. */
-  State getRight() { result = q2 }
-}
-
-/**
- * Holds for `(fork, fork)` state pairs when `isFork(fork, _, _, _, _)` holds.
- *
- * Used in `statePairDistToFork`
- */
-private predicate isStatePairFork(StatePair p) {
-  exists(State fork | p = MkStatePair(fork, fork) and isFork(fork, _, _, _, _))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r`.
- *
- * Used in `statePairDistToFork`
- */
-private predicate reverseStep(StatePair r, StatePair q) { step(q, _, _, r) }
-
-/**
- * Gets the minimum length of a path from `q` to `r` in the
- * product automaton.
- */
-private int statePairDistToFork(StatePair q, StatePair r) =
-  shortestDistances(isStatePairFork/1, reverseStep/2)(r, q, result)
-
-/**
- * Holds if there are transitions from `q` to `r1` and from `q` to `r2`
- * labelled with `s1` and `s2`, respectively, where `s1` and `s2` do not
- * trivially have an empty intersection.
- *
- * This predicate only holds for states associated with regular expressions
- * that have at least one repetition quantifier in them (otherwise the
- * expression cannot be vulnerable to ReDoS attacks anyway).
- */
-pragma[noopt]
-private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  stateInsideBacktracking(q) and
-  exists(State q1, State q2 |
-    q1 = epsilonSucc*(q) and
-    delta(q1, s1, r1) and
-    q2 = epsilonSucc*(q) and
-    delta(q2, s2, r2) and
-    // Use pragma[noopt] to prevent intersect(s1,s2) from being the starting point of the join.
-    // From (s1,s2) it would find a huge number of intermediate state pairs (q1,q2) originating from different literals,
-    // and discover at the end that no `q` can reach both `q1` and `q2` by epsilon transitions.
-    exists(intersect(s1, s2))
-  |
-    s1 != s2
-    or
-    r1 != r2
-    or
-    r1 = r2 and q1 != q2
-    or
-    // If q can reach itself by epsilon transitions, then there are two distinct paths to the q1/q2 state:
-    // one that uses the loop and one that doesn't. The engine will separately attempt to match with each path,
-    // despite ending in the same state. The "fork" thus arises from the choice of whether to use the loop or not.
-    // To avoid every state in the loop becoming a fork state,
-    // we arbitrarily pick the InfiniteRepetitionQuantifier state as the canonical fork state for the loop
-    // (every epsilon-loop must contain such a state).
-    //
-    // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
-    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
-    // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
-    r1 = r2 and
-    q1 = q2 and
-    epsilonSucc+(q) = q and
-    exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and
-    // One of the mid states is an infinite quantifier itself
-    exists(State mid, RegExpTerm term |
-      mid = epsilonSucc+(q) and
-      term = mid.getRepr() and
-      term instanceof InfiniteRepetitionQuantifier and
-      q = epsilonSucc+(mid) and
-      not mid = q
-    )
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-/**
- * Gets the state pair `(q1, q2)` or `(q2, q1)`; note that only
- * one or the other is defined.
- */
-private StatePair mkStatePair(State q1, State q2) {
-  result = MkStatePair(q1, q2) or result = MkStatePair(q2, q1)
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1` and `s2`, respectively.
- */
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, StatePair r) {
-  exists(State r1, State r2 | step(q, s1, s2, r1, r2) and r = mkStatePair(r1, r2))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1` and `r2`
- * labelled with `s1` and `s2`, respectively.
- *
- * We only consider transitions where the resulting states `(r1, r2)` are both
- * inside a repetition that might backtrack.
- */
-pragma[noopt]
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  exists(State q1, State q2 | q.getLeft() = q1 and q.getRight() = q2 |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    // use noopt to force the join on `intersect` to happen last.
-    exists(intersect(s1, s2))
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, TTrace t) { isReachableFromFork(_, _, s1, s2, t, _) }
-
-/**
- * A list of pairs of input symbols that describe a path in the product automaton
- * starting from some fork state.
- */
-private class Trace extends TTrace {
-  /** Gets a textual representation of this element. */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, Trace t | this = Step(s1, s2, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if `r` is reachable from `(fork, fork)` under input `w`, and there is
- * a path from `r` back to `(fork, fork)` with `rem` steps.
- */
-private predicate isReachableFromFork(State fork, StatePair r, Trace w, int rem) {
-  exists(InputSymbol s1, InputSymbol s2, Trace v |
-    isReachableFromFork(fork, r, s1, s2, v, rem) and
-    w = Step(s1, s2, v)
-  )
-}
-
-private predicate isReachableFromFork(
-  State fork, StatePair r, InputSymbol s1, InputSymbol s2, Trace v, int rem
-) {
-  // base case
-  exists(State q1, State q2 |
-    isFork(fork, s1, s2, q1, q2) and
-    r = MkStatePair(q1, q2) and
-    v = Nil() and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-  or
-  // recursive case
-  exists(StatePair p |
-    isReachableFromFork(fork, p, v, rem + 1) and
-    step(p, s1, s2, r) and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-}
-
-/**
- * Gets a state in the product automaton from which `(fork, fork)` is
- * reachable in zero or more epsilon transitions.
- */
-private StatePair getAForkPair(State fork) {
-  isFork(fork, _, _, _, _) and
-  result = MkStatePair(epsilonPred*(fork), epsilonPred*(fork))
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, result) }
-
-  /** Holds if `n` is a trace that is used by `concretize` in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State f | isReachableFromFork(f, getAForkPair(f), n, _))
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2 | t = Step(s1, s2, _) | result = intersect(s1, s2))
-  }
-}
-
-/**
- * Holds if `fork` is a pumpable fork with word `w`.
- */
-private predicate isPumpable(State fork, string w) {
-  exists(StatePair q, Trace t |
-    isReachableFromFork(fork, q, t, _) and
-    q = getAForkPair(fork) and
-    w = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/** Holds if `state` has exponential ReDoS */
-predicate hasReDoSResult = ReDoSPruning<isPumpable/2>::hasReDoSResult/4;
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
new file mode 100644
index 00000000000..1feffcc1087
--- /dev/null
+++ b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
@@ -0,0 +1,18 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.RegexTreeView::RegexTreeView as TreeImpl
+private import semmle.python.dataflow.new.Regexp as Regexp
+private import codeql.regex.HostnameRegexp as Shared
+
+private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = DataFlow::Node;
+
+  class RegExpPatternSource = Regexp::RegExpPatternSource;
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll b/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll
index 5ff0cb6a39e..942830d95b2 100644
--- a/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll
+++ b/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll
@@ -7,1332 +7,7 @@
  * other queries that benefit from reasoning about NFAs.
  */
 
-import NfaUtilsSpecific
-
-/**
- * Gets the char after `c` (from a simplified ASCII table).
- */
-private string nextChar(string c) { exists(int code | code = ascii(c) | code + 1 = ascii(result)) }
-
-/**
- * Gets an approximation for the ASCII code for `char`.
- * Only the easily printable chars are included (so no newline, tab, null, etc).
- */
-private int ascii(string char) {
-  char =
-    rank[result](string c |
-      c =
-        "! \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
-            .charAt(_)
-    )
-}
-
-/**
- * Holds if `t` matches at least an epsilon symbol.
- *
- * That is, this term does not restrict the language of the enclosing regular expression.
- *
- * This is implemented as an under-approximation, and this predicate does not hold for sub-patterns in particular.
- */
-predicate matchesEpsilon(RegExpTerm t) {
-  t instanceof RegExpStar
-  or
-  t instanceof RegExpOpt
-  or
-  t.(RegExpRange).getLowerBound() = 0
-  or
-  exists(RegExpTerm child |
-    child = t.getAChild() and
-    matchesEpsilon(child)
-  |
-    t instanceof RegExpAlt or
-    t instanceof RegExpGroup or
-    t instanceof RegExpPlus or
-    t instanceof RegExpRange
-  )
-  or
-  matchesEpsilon(t.(RegExpBackRef).getGroup())
-  or
-  forex(RegExpTerm child | child = t.(RegExpSequence).getAChild() | matchesEpsilon(child))
-}
-
-/**
- * A lookahead/lookbehind that matches the empty string.
- */
-class EmptyPositiveSubPattern extends RegExpSubPattern {
-  EmptyPositiveSubPattern() {
-    (
-      this instanceof RegExpPositiveLookahead
-      or
-      this instanceof RegExpPositiveLookbehind
-    ) and
-    matchesEpsilon(this.getOperand())
-  }
-}
-
-/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
-deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
-
-/**
- * A branch in a disjunction that is the root node in a literal, or a literal
- * whose root node is not a disjunction.
- */
-class RegExpRoot extends RegExpTerm {
-  RegExpRoot() {
-    exists(RegExpParent parent |
-      exists(RegExpAlt alt |
-        alt.isRootTerm() and
-        this = alt.getAChild() and
-        parent = alt.getParent()
-      )
-      or
-      this.isRootTerm() and
-      not this instanceof RegExpAlt and
-      parent = this.getParent()
-    )
-  }
-
-  /**
-   * Holds if this root term is relevant to the ReDoS analysis.
-   */
-  predicate isRelevant() {
-    // is actually used as a RegExp
-    this.isUsedAsRegExp() and
-    // not excluded for library specific reasons
-    not isExcluded(this.getRootTerm().getParent())
-  }
-}
-
-/**
- * A constant in a regular expression that represents valid Unicode character(s).
- */
-private class RegexpCharacterConstant extends RegExpConstant {
-  RegexpCharacterConstant() { this.isCharacter() }
-}
-
-/**
- * A regexp term that is relevant for this ReDoS analysis.
- */
-class RelevantRegExpTerm extends RegExpTerm {
-  RelevantRegExpTerm() { getRoot(this).isRelevant() }
-}
-
-/**
- * Holds if `term` is the chosen canonical representative for all terms with string representation `str`.
- * The string representation includes which flags are used with the regular expression.
- *
- * Using canonical representatives gives a huge performance boost when working with tuples containing multiple `InputSymbol`s.
- * The number of `InputSymbol`s is decreased by 3 orders of magnitude or more in some larger benchmarks.
- */
-private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
-  term =
-    min(RelevantRegExpTerm t, Location loc, File file |
-      loc = t.getLocation() and
-      file = t.getFile() and
-      str = getCanonicalizationString(t)
-    |
-      t order by t.getFile().getRelativePath(), loc.getStartLine(), loc.getStartColumn()
-    )
-}
-
-/**
- * Gets a string representation of `term` that is used for canonicalization.
- */
-private string getCanonicalizationString(RelevantRegExpTerm term) {
-  exists(string ignoreCase |
-    (if RegExpFlags::isIgnoreCase(term.getRootTerm()) then ignoreCase = "i" else ignoreCase = "") and
-    result = term.getRawValue() + "|" + ignoreCase
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-private newtype TInputSymbol =
-  /** An input symbol corresponding to character `c`. */
-  Char(string c) {
-    c =
-      any(RegexpCharacterConstant cc |
-        cc instanceof RelevantRegExpTerm and
-        not RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      ).getValue().charAt(_)
-    or
-    // normalize everything to lower case if the regexp is case insensitive
-    c =
-      any(RegexpCharacterConstant cc, string char |
-        cc instanceof RelevantRegExpTerm and
-        RegExpFlags::isIgnoreCase(cc.getRootTerm()) and
-        char = cc.getValue().charAt(_)
-      |
-        char.toLowerCase()
-      )
-  } or
-  /**
-   * An input symbol representing all characters matched by
-   * a (non-universal) character class that has string representation `charClassString`.
-   */
-  CharClass(string charClassString) {
-    exists(RelevantRegExpTerm recc | isCanonicalTerm(recc, charClassString) |
-      recc instanceof RegExpCharacterClass and
-      not recc.(RegExpCharacterClass).isUniversalClass()
-      or
-      isEscapeClass(recc, _)
-    )
-  } or
-  /** An input symbol representing all characters matched by `.`. */
-  Dot() or
-  /** An input symbol representing all characters. */
-  Any() or
-  /** An epsilon transition in the automaton. */
-  Epsilon()
-
-/**
- * Gets the the CharClass corresponding to the canonical representative `term`.
- */
-private CharClass getCharClassForCanonicalTerm(RegExpTerm term) {
-  exists(string str | isCanonicalTerm(term, str) | result = CharClass(str))
-}
-
-/**
- * Gets a char class that represents `term`, even when `term` is not the canonical representative.
- */
-CharacterClass getCanonicalCharClass(RegExpTerm term) {
-  exists(string str | str = getCanonicalizationString(term) and result = CharClass(str))
-}
-
-/**
- * Holds if `a` and `b` are input symbols from the same regexp.
- */
-private predicate sharesRoot(InputSymbol a, InputSymbol b) {
-  exists(RegExpRoot root |
-    belongsTo(a, root) and
-    belongsTo(b, root)
-  )
-}
-
-/**
- * Holds if the `a` is an input symbol from a regexp that has root `root`.
- */
-private predicate belongsTo(InputSymbol a, RegExpRoot root) {
-  exists(State s | getRoot(s.getRepr()) = root |
-    delta(s, a, _)
-    or
-    delta(_, a, s)
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-class InputSymbol extends TInputSymbol {
-  InputSymbol() { not this instanceof Epsilon }
-
-  /**
-   * Gets a string representation of this input symbol.
-   */
-  string toString() {
-    this = Char(result)
-    or
-    this = CharClass(result)
-    or
-    this = Dot() and result = "."
-    or
-    this = Any() and result = "[^]"
-  }
-}
-
-/**
- * An abstract input symbol that represents a character class.
- */
-abstract class CharacterClass extends InputSymbol {
-  /**
-   * Gets a character that is relevant for intersection-tests involving this
-   * character class.
-   *
-   * Specifically, this is any of the characters mentioned explicitly in the
-   * character class, offset by one if it is inverted. For character class escapes,
-   * the result is as if the class had been written out as a series of intervals.
-   *
-   * This set is large enough to ensure that for any two intersecting character
-   * classes, one contains a relevant character from the other.
-   */
-  abstract string getARelevantChar();
-
-  /**
-   * Holds if this character class matches `char`.
-   */
-  bindingset[char]
-  abstract predicate matches(string char);
-
-  /**
-   * Gets a character matched by this character class.
-   */
-  string choose() { result = this.getARelevantChar() and this.matches(result) }
-}
-
-/**
- * Provides implementations for `CharacterClass`.
- */
-private module CharacterClasses {
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatches(RegExpCharacterClass cc, string char) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then
-      // normalize everything to lower case if the regexp is case insensitive
-      exists(string c | hasChildThatMatchesIgnoringCasingFlags(cc, c) | char = c.toLowerCase())
-    else hasChildThatMatchesIgnoringCasingFlags(cc, char)
-  }
-
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   * Ignores whether the character class is inside a regular expression that has the ignore case flag.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatchesIgnoringCasingFlags(RegExpCharacterClass cc, string char) {
-    exists(getCharClassForCanonicalTerm(cc)) and
-    exists(RegExpTerm child | child = cc.getAChild() |
-      char = child.(RegexpCharacterConstant).getValue()
-      or
-      rangeMatchesOnLetterOrDigits(child, char)
-      or
-      not rangeMatchesOnLetterOrDigits(child, _) and
-      char = getARelevantChar() and
-      exists(string lo, string hi | child.(RegExpCharacterRange).isRange(lo, hi) |
-        lo <= char and
-        char <= hi
-      )
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        charClass.toLowerCase() = charClass and
-        classEscapeMatches(charClass, char)
-        or
-        char = getARelevantChar() and
-        charClass.toUpperCase() = charClass and
-        not classEscapeMatches(charClass, char)
-      )
-    )
-  }
-
-  /**
-   * Holds if `range` is a range on lower-case, upper-case, or digits, and matches `char`.
-   * This predicate is used to restrict the searchspace for ranges by only joining `getAnyPossiblyMatchedChar`
-   * on a few ranges.
-   */
-  private predicate rangeMatchesOnLetterOrDigits(RegExpCharacterRange range, string char) {
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = lowercaseLetter() and hi = lowercaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = lowercaseLetter()
-    )
-    or
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = upperCaseLetter() and hi = upperCaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = upperCaseLetter()
-    )
-    or
-    exists(string lo, string hi | range.isRange(lo, hi) and lo = digit() and hi = digit() |
-      lo <= char and
-      char <= hi and
-      char = digit()
-    )
-  }
-
-  private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }
-
-  private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }
-
-  private string digit() { result = [0 .. 9].toString() }
-
-  /**
-   * Gets a char that could be matched by a regular expression.
-   * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
-   */
-  string getARelevantChar() {
-    exists(ascii(result))
-    or
-    exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
-    or
-    classEscapeMatches(_, result)
-  }
-
-  /**
-   * Gets a char that is mentioned in the character class `c`.
-   */
-  private string getAMentionedChar(RegExpCharacterClass c) {
-    exists(RegExpTerm child | child = c.getAChild() |
-      result = child.(RegexpCharacterConstant).getValue()
-      or
-      child.(RegExpCharacterRange).isRange(result, _)
-      or
-      child.(RegExpCharacterRange).isRange(_, result)
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        result = min(string s | classEscapeMatches(charClass.toLowerCase(), s))
-        or
-        result = max(string s | classEscapeMatches(charClass.toLowerCase(), s))
-      )
-    )
-  }
-
-  bindingset[char, cc]
-  private string caseNormalize(string char, RegExpTerm cc) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then result = char.toLowerCase()
-    else result = char
-  }
-
-  /**
-   * An implementation of `CharacterClass` for positive (non inverted) character classes.
-   */
-  private class PositiveCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    PositiveCharacterClass() { this = getCharClassForCanonicalTerm(cc) and not cc.isInverted() }
-
-    override string getARelevantChar() { result = caseNormalize(getAMentionedChar(cc), cc) }
-
-    override predicate matches(string char) { hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for inverted character classes.
-   */
-  private class InvertedCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    InvertedCharacterClass() { this = getCharClassForCanonicalTerm(cc) and cc.isInverted() }
-
-    override string getARelevantChar() {
-      result = nextChar(caseNormalize(getAMentionedChar(cc), cc)) or
-      nextChar(result) = caseNormalize(getAMentionedChar(cc), cc)
-    }
-
-    bindingset[char]
-    override predicate matches(string char) { not hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * Holds if the character class escape `clazz` (\d, \s, or \w) matches `char`.
-   */
-  pragma[noinline]
-  private predicate classEscapeMatches(string clazz, string char) {
-    clazz = "d" and
-    char = "0123456789".charAt(_)
-    or
-    clazz = "s" and
-    char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f
-    or
-    clazz = "w" and
-    char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \d, \s, and \w.
-   */
-  private class PositiveCharacterClassEscape extends CharacterClass {
-    string charClass;
-    RegExpTerm cc;
-
-    PositiveCharacterClassEscape() {
-      isEscapeClass(cc, charClass) and
-      this = getCharClassForCanonicalTerm(cc) and
-      charClass = ["d", "s", "w"]
-    }
-
-    override string getARelevantChar() {
-      charClass = "d" and
-      result = ["0", "9"]
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      then result = ["a", "z", "_", "0", "9"]
-      else result = ["a", "Z", "_", "0", "9"]
-    }
-
-    override predicate matches(string char) { classEscapeMatches(charClass, char) }
-
-    override string choose() {
-      charClass = "d" and
-      result = "9"
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      result = "a"
-    }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \D, \S, and \W.
-   */
-  private class NegativeCharacterClassEscape extends CharacterClass {
-    string charClass;
-
-    NegativeCharacterClassEscape() {
-      exists(RegExpTerm cc |
-        isEscapeClass(cc, charClass) and
-        this = getCharClassForCanonicalTerm(cc) and
-        charClass = ["D", "S", "W"]
-      )
-    }
-
-    override string getARelevantChar() {
-      charClass = "D" and
-      result = ["a", "Z", "!"]
-      or
-      charClass = "S" and
-      result = ["a", "9", "!"]
-      or
-      charClass = "W" and
-      result = [" ", "!"]
-    }
-
-    bindingset[char]
-    override predicate matches(string char) {
-      not classEscapeMatches(charClass.toLowerCase(), char)
-    }
-  }
-
-  /** Gets a representative for all char classes that match the same chars as `c`. */
-  CharacterClass normalize(CharacterClass c) {
-    exists(string normalization |
-      normalization = getNormalizationString(c) and
-      result =
-        min(CharacterClass cc, string raw |
-          getNormalizationString(cc) = normalization and cc = CharClass(raw)
-        |
-          cc order by raw
-        )
-    )
-  }
-
-  /** Gets a string representing all the chars matched by `c` */
-  private string getNormalizationString(CharacterClass c) {
-    (c instanceof PositiveCharacterClass or c instanceof PositiveCharacterClassEscape) and
-    result = concat(string char | c.matches(char) and char = CharacterClasses::getARelevantChar())
-    or
-    (c instanceof InvertedCharacterClass or c instanceof NegativeCharacterClassEscape) and
-    // the string produced by the concat can not contain repeated chars
-    // so by starting the below with "nn" we can guarantee that
-    // it will not overlap with the above case.
-    // and a negative char class can never match the same chars as a positive one, so we don't miss any results from this.
-    result =
-      "nn:" +
-        concat(string char | not c.matches(char) and char = CharacterClasses::getARelevantChar())
-  }
-}
-
-private class EdgeLabel extends TInputSymbol {
-  string toString() {
-    this = Epsilon() and result = ""
-    or
-    exists(InputSymbol s | this = s and result = s.toString())
-  }
-}
-
-/**
- * A RegExp term that acts like a plus.
- * Either it's a RegExpPlus, or it is a range {1,X} where X is >= 30.
- * 30 has been chosen as a threshold because for exponential blowup 2^30 is enough to get a decent DOS attack.
- */
-private class EffectivelyPlus extends RegExpTerm {
-  EffectivelyPlus() {
-    this instanceof RegExpPlus
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 1 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a star.
- * Either it's a RegExpStar, or it is a range {0,X} where X is >= 30.
- */
-private class EffectivelyStar extends RegExpTerm {
-  EffectivelyStar() {
-    this instanceof RegExpStar
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 0 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a question mark.
- * Either it's a RegExpQuestion, or it is a range {0,1}.
- */
-private class EffectivelyQuestion extends RegExpTerm {
-  EffectivelyQuestion() {
-    this instanceof RegExpOpt
-    or
-    exists(RegExpRange range | range.getLowerBound() = 0 and range.getUpperBound() = 1 |
-      this = range
-    )
-  }
-}
-
-/**
- * Gets the state before matching `t`.
- */
-pragma[inline]
-private State before(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * Gets a state the NFA may be in after matching `t`.
- */
-State after(RegExpTerm t) {
-  exists(RegExpAlt alt | t = alt.getAChild() | result = after(alt))
-  or
-  exists(RegExpSequence seq, int i | t = seq.getChild(i) |
-    result = before(seq.getChild(i + 1))
-    or
-    i + 1 = seq.getNumChild() and result = after(seq)
-  )
-  or
-  exists(RegExpGroup grp | t = grp.getAChild() | result = after(grp))
-  or
-  exists(EffectivelyStar star | t = star.getAChild() |
-    not isPossessive(star) and
-    result = before(star)
-  )
-  or
-  exists(EffectivelyPlus plus | t = plus.getAChild() |
-    not isPossessive(plus) and
-    result = before(plus)
-    or
-    result = after(plus)
-  )
-  or
-  exists(EffectivelyQuestion opt | t = opt.getAChild() | result = after(opt))
-  or
-  exists(RegExpRoot root | t = root |
-    if matchesAnySuffix(root) then result = AcceptAnySuffix(root) else result = Accept(root)
-  )
-}
-
-/**
- * Holds if the NFA has a transition from `q1` to `q2` labelled with `lbl`.
- */
-predicate delta(State q1, EdgeLabel lbl, State q2) {
-  exists(RegexpCharacterConstant s, int i |
-    q1 = Match(s, i) and
-    (
-      not RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      lbl = Char(s.getValue().charAt(i))
-      or
-      // normalize everything to lower case if the regexp is case insensitive
-      RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      exists(string c | c = s.getValue().charAt(i) | lbl = Char(c.toLowerCase()))
-    ) and
-    (
-      q2 = Match(s, i + 1)
-      or
-      s.getValue().length() = i + 1 and
-      q2 = after(s)
-    )
-  )
-  or
-  exists(RegExpDot dot | q1 = before(dot) and q2 = after(dot) |
-    if RegExpFlags::isDotAll(dot.getRootTerm()) then lbl = Any() else lbl = Dot()
-  )
-  or
-  exists(RegExpCharacterClass cc |
-    cc.isUniversalClass() and q1 = before(cc) and lbl = Any() and q2 = after(cc)
-    or
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpTerm cc | isEscapeClass(cc, _) |
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpAlt alt | lbl = Epsilon() | q1 = before(alt) and q2 = before(alt.getAChild()))
-  or
-  exists(RegExpSequence seq | lbl = Epsilon() | q1 = before(seq) and q2 = before(seq.getChild(0)))
-  or
-  exists(RegExpGroup grp | lbl = Epsilon() | q1 = before(grp) and q2 = before(grp.getChild(0)))
-  or
-  exists(EffectivelyStar star | lbl = Epsilon() |
-    q1 = before(star) and q2 = before(star.getChild(0))
-    or
-    q1 = before(star) and q2 = after(star)
-  )
-  or
-  exists(EffectivelyPlus plus | lbl = Epsilon() |
-    q1 = before(plus) and q2 = before(plus.getChild(0))
-  )
-  or
-  exists(EffectivelyQuestion opt | lbl = Epsilon() |
-    q1 = before(opt) and q2 = before(opt.getChild(0))
-    or
-    q1 = before(opt) and q2 = after(opt)
-  )
-  or
-  exists(RegExpRoot root | q1 = AcceptAnySuffix(root) |
-    lbl = Any() and q2 = q1
-    or
-    lbl = Epsilon() and q2 = Accept(root)
-  )
-  or
-  exists(RegExpRoot root | q1 = Match(root, 0) | matchesAnyPrefix(root) and lbl = Any() and q2 = q1)
-  or
-  exists(RegExpDollar dollar | q1 = before(dollar) |
-    lbl = Epsilon() and q2 = Accept(getRoot(dollar))
-  )
-  or
-  exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty))
-}
-
-/**
- * Gets a state that `q` has an epsilon transition to.
- */
-State epsilonSucc(State q) { delta(q, Epsilon(), result) }
-
-/**
- * Gets a state that has an epsilon transition to `q`.
- */
-State epsilonPred(State q) { q = epsilonSucc(result) }
-
-/**
- * Holds if there is a state `q` that can be reached from `q1`
- * along epsilon edges, such that there is a transition from
- * `q` to `q2` that consumes symbol `s`.
- */
-predicate deltaClosed(State q1, InputSymbol s, State q2) { delta(epsilonSucc*(q1), s, q2) }
-
-/**
- * Gets the root containing the given term, that is, the root of the literal,
- * or a branch of the root disjunction.
- */
-RegExpRoot getRoot(RegExpTerm term) {
-  result = term or
-  result = getRoot(term.getParent())
-}
-
-/**
- * A state in the NFA.
- */
-newtype TState =
-  /**
-   * A state representing that the NFA is about to match a term.
-   * `i` is used to index into multi-char literals.
-   */
-  Match(RelevantRegExpTerm t, int i) {
-    i = 0
-    or
-    exists(t.(RegexpCharacterConstant).getValue().charAt(i))
-  } or
-  /**
-   * An accept state, where exactly the given input string is accepted.
-   */
-  Accept(RegExpRoot l) { l.isRelevant() } or
-  /**
-   * An accept state, where the given input string, or any string that has this
-   * string as a prefix, is accepted.
-   */
-  AcceptAnySuffix(RegExpRoot l) { l.isRelevant() }
-
-/**
- * Gets a state that is about to match the regular expression `t`.
- */
-State mkMatch(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * A state in the NFA corresponding to a regular expression.
- *
- * Each regular expression literal `l` has one accepting state
- * `Accept(l)`, one state that accepts all suffixes `AcceptAnySuffix(l)`,
- * and a state `Match(t, i)` for every subterm `t`,
- * which represents the state of the NFA before starting to
- * match `t`, or the `i`th character in `t` if `t` is a constant.
- */
-class State extends TState {
-  RegExpTerm repr;
-
-  State() {
-    this = Match(repr, _) or
-    this = Accept(repr) or
-    this = AcceptAnySuffix(repr)
-  }
-
-  /**
-   * Gets a string representation for this state in a regular expression.
-   */
-  string toString() {
-    exists(int i | this = Match(repr, i) | result = "Match(" + repr + "," + i + ")")
-    or
-    this instanceof Accept and
-    result = "Accept(" + repr + ")"
-    or
-    this instanceof AcceptAnySuffix and
-    result = "AcceptAny(" + repr + ")"
-  }
-
-  /**
-   * Gets the location for this state.
-   */
-  Location getLocation() { result = repr.getLocation() }
-
-  /**
-   * Gets the term represented by this state.
-   */
-  RegExpTerm getRepr() { result = repr }
-}
-
-/**
- * Gets the minimum char that is matched by both the character classes `c` and `d`.
- */
-private string getMinOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  result = min(getAOverlapBetweenCharacterClasses(c, d))
-}
-
-/**
- * Gets a char that is matched by both the character classes `c` and `d`.
- * And `c` and `d` is not the same character class.
- */
-private string getAOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  sharesRoot(c, d) and
-  result = [c.getARelevantChar(), d.getARelevantChar()] and
-  c.matches(result) and
-  d.matches(result) and
-  not c = d
-}
-
-/**
- * Gets a character that is represented by both `c` and `d`.
- */
-string intersect(InputSymbol c, InputSymbol d) {
-  (sharesRoot(c, d) or [c, d] = Any()) and
-  (
-    c = Char(result) and
-    d = getAnInputSymbolMatching(result)
-    or
-    result = getMinOverlapBetweenCharacterClasses(c, d)
-    or
-    result = c.(CharacterClass).choose() and
-    (
-      d = c
-      or
-      d = Dot() and
-      not (result = "\n" or result = "\r")
-      or
-      d = Any()
-    )
-    or
-    (c = Dot() or c = Any()) and
-    (d = Dot() or d = Any()) and
-    result = "a"
-  )
-  or
-  result = intersect(d, c)
-}
-
-/**
- * Gets a symbol that matches `char`.
- */
-bindingset[char]
-InputSymbol getAnInputSymbolMatching(string char) {
-  result = Char(char)
-  or
-  result.(CharacterClass).matches(char)
-  or
-  result = Dot() and
-  not (char = "\n" or char = "\r")
-  or
-  result = Any()
-}
-
-/**
- * Holds if `state` is a start state.
- */
-predicate isStartState(State state) {
-  state = mkMatch(any(RegExpRoot r))
-  or
-  exists(RegExpCaret car | state = after(car))
-}
-
-/**
- * Holds if `state` is a candidate for ReDoS with string `pump`.
- */
-signature predicate isCandidateSig(State state, string pump);
-
-/**
- * Holds if `state` is a candidate for ReDoS.
- */
-signature predicate isCandidateSig(State state);
-
-/**
- * Predicates for constructing a prefix string that leads to a given state.
- */
-module PrefixConstruction<isCandidateSig/1 isCandidate> {
-  /**
-   * Holds if `state` is the textually last start state for the regular expression.
-   */
-  private predicate lastStartState(RelevantState state) {
-    exists(RegExpRoot root |
-      state =
-        max(RelevantState s, Location l |
-          isStartState(s) and
-          getRoot(s.getRepr()) = root and
-          l = s.getRepr().getLocation()
-        |
-          s
-          order by
-            l.getStartLine(), l.getStartColumn(), s.getRepr().toString(), l.getEndColumn(),
-            l.getEndLine()
-        )
-    )
-  }
-
-  /**
-   * Holds if there exists any transition (Epsilon() or other) from `a` to `b`.
-   */
-  private predicate existsTransition(State a, State b) { delta(a, _, b) }
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the `start` state.
-   */
-  int prefixLength(State start, State state) =
-    shortestDistances(lastStartState/1, existsTransition/2)(start, state, result)
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the start state.
-   */
-  private int lengthFromStart(State state) { result = prefixLength(_, state) }
-
-  /**
-   * Gets a string for which the regular expression will reach `state`.
-   *
-   * Has at most one result for any given `state`.
-   * This predicate will not always have a result even if there is a ReDoS issue in
-   * the regular expression.
-   */
-  string prefix(State state) {
-    lastStartState(state) and
-    result = ""
-    or
-    // the search stops past the last redos candidate state.
-    lengthFromStart(state) <= max(lengthFromStart(any(State s | isCandidate(s)))) and
-    exists(State prev |
-      // select a unique predecessor (by an arbitrary measure)
-      prev =
-        min(State s, Location loc |
-          lengthFromStart(s) = lengthFromStart(state) - 1 and
-          loc = s.getRepr().getLocation() and
-          delta(s, _, state)
-        |
-          s
-          order by
-            loc.getStartLine(), loc.getStartColumn(), loc.getEndLine(), loc.getEndColumn(),
-            s.getRepr().toString()
-        )
-    |
-      // greedy search for the shortest prefix
-      result = prefix(prev) and delta(prev, Epsilon(), state)
-      or
-      not delta(prev, Epsilon(), state) and
-      result = prefix(prev) + getCanonicalEdgeChar(prev, state)
-    )
-  }
-
-  /**
-   * Gets a canonical char for which there exists a transition from `prev` to `next` in the NFA.
-   */
-  private string getCanonicalEdgeChar(State prev, State next) {
-    result =
-      min(string c | delta(prev, any(InputSymbol symbol | c = intersect(Any(), symbol)), next))
-  }
-
-  /** A state within a regular expression that contains a candidate state. */
-  class RelevantState instanceof State {
-    RelevantState() {
-      exists(State s | isCandidate(s) | getRoot(s.getRepr()) = getRoot(this.getRepr()))
-    }
-
-    /** Gets a string representation for this state in a regular expression. */
-    string toString() { result = State.super.toString() }
-
-    /** Gets the term represented by this state. */
-    RegExpTerm getRepr() { result = State.super.getRepr() }
-  }
-}
-
-/**
- * A module for pruning candidate ReDoS states.
- * The candidates are specified by the `isCandidate` signature predicate.
- * The candidates are checked for rejecting suffixes and deduplicated,
- * and the resulting ReDoS states are read by the `hasReDoSResult` predicate.
- */
-module ReDoSPruning<isCandidateSig/2 isCandidate> {
-  /**
-   * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
-   * No check whether a rejected suffix exists has been made.
-   */
-  private predicate isReDoSCandidate(State state, string pump) {
-    isCandidate(state, pump) and
-    not state = acceptsAnySuffix() and // pruning early - these can never get stuck in a rejecting state.
-    (
-      not isCandidate(epsilonSucc+(state), _)
-      or
-      epsilonSucc+(state) = state and
-      state =
-        max(State s, Location l |
-          s = epsilonSucc+(state) and
-          l = s.getRepr().getLocation() and
-          isCandidate(s, _) and
-          s.getRepr() instanceof InfiniteRepetitionQuantifier
-        |
-          s order by l.getStartLine(), l.getStartColumn(), l.getEndColumn(), l.getEndLine()
-        )
-    )
-  }
-
-  /** Gets a state that can reach the `accept-any` state using only epsilon steps. */
-  private State acceptsAnySuffix() { epsilonSucc*(result) = AcceptAnySuffix(_) }
-
-  predicate isCandidateState(State s) { isReDoSCandidate(s, _) }
-
-  import PrefixConstruction<isCandidateState/1> as Prefix
-
-  class RelevantState = Prefix::RelevantState;
-
-  /**
-   * Predicates for testing the presence of a rejecting suffix.
-   *
-   * These predicates are used to ensure that the all states reached from the fork
-   * by repeating `w` have a rejecting suffix.
-   *
-   * For example, a regexp like `/^(a+)+/` will accept any string as long the prefix is
-   * some number of `"a"`s, and it is therefore not possible to construct a rejecting suffix.
-   *
-   * A regexp like `/(a+)+$/` or `/(a+)+b/` trivially has a rejecting suffix,
-   * as the suffix "X" will cause both the regular expressions to be rejected.
-   *
-   * The string `w` is repeated any number of times because it needs to be
-   * infinitely repeatable for the attack to work.
-   * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
-   * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
-   */
-  private module SuffixConstruction {
-    /**
-     * Holds if all states reachable from `fork` by repeating `w`
-     * are likely rejectable by appending some suffix.
-     */
-    predicate reachesOnlyRejectableSuffixes(State fork, string w) {
-      isReDoSCandidate(fork, w) and
-      forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
-      not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
-    }
-
-    /**
-     * Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
-     * This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
-     */
-    pragma[noinline]
-    private predicate isLikelyRejectable(RelevantState s) {
-      // exists a reject edge with some char.
-      hasRejectEdge(s)
-      or
-      hasEdgeToLikelyRejectable(s)
-      or
-      // stopping here is rejection
-      isRejectState(s)
-    }
-
-    /**
-     * Holds if `s` is not an accept state, and there is no epsilon transition to an accept state.
-     */
-    predicate isRejectState(RelevantState s) { not epsilonSucc*(s) = Accept(_) }
-
-    /**
-     * Holds if there is likely a non-empty suffix leading to rejection starting in `s`.
-     */
-    pragma[noopt]
-    predicate hasEdgeToLikelyRejectable(RelevantState s) {
-      // all edges (at least one) with some char leads to another state that is rejectable.
-      // the `next` states might not share a common suffix, which can cause FPs.
-      exists(string char | char = hasEdgeToLikelyRejectableHelper(s) |
-        // noopt to force `hasEdgeToLikelyRejectableHelper` to be first in the join-order.
-        exists(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next)) and
-        forall(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next))
-      )
-    }
-
-    /**
-     * Gets a char for there exists a transition away from `s`,
-     * and `s` has not been found to be rejectable by `hasRejectEdge` or `isRejectState`.
-     */
-    pragma[noinline]
-    private string hasEdgeToLikelyRejectableHelper(RelevantState s) {
-      not hasRejectEdge(s) and
-      not isRejectState(s) and
-      deltaClosedChar(s, result, _)
-    }
-
-    /**
-     * Holds if there is a state `next` that can be reached from `prev`
-     * along epsilon edges, such that there is a transition from
-     * `prev` to `next` that the character symbol `char`.
-     */
-    predicate deltaClosedChar(RelevantState prev, string char, RelevantState next) {
-      deltaClosed(prev, getAnInputSymbolMatchingRelevant(char), next)
-    }
-
-    pragma[noinline]
-    InputSymbol getAnInputSymbolMatchingRelevant(string char) {
-      char = relevant(_) and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    pragma[noinline]
-    RegExpRoot relevantRoot() {
-      exists(RegExpTerm term, State s |
-        s.getRepr() = term and isCandidateState(s) and result = term.getRootTerm()
-      )
-    }
-
-    /**
-     * Gets a char used for finding possible suffixes inside `root`.
-     */
-    pragma[noinline]
-    private string relevant(RegExpRoot root) {
-      root = relevantRoot() and
-      (
-        exists(ascii(result)) and exists(root)
-        or
-        exists(InputSymbol s | belongsTo(s, root) | result = intersect(s, _))
-        or
-        // The characters from `hasSimpleRejectEdge`. Only `\n` is really needed (as `\n` is not in the `ascii` relation).
-        // The three chars must be kept in sync with `hasSimpleRejectEdge`.
-        result = ["|", "\n", "Z"] and exists(root)
-      )
-    }
-
-    /**
-     * Holds if there exists a `char` such that there is no edge from `s` labeled `char` in our NFA.
-     * The NFA does not model reject states, so the above is the same as saying there is a reject edge.
-     */
-    private predicate hasRejectEdge(State s) {
-      hasSimpleRejectEdge(s)
-      or
-      not hasSimpleRejectEdge(s) and
-      exists(string char | char = relevant(getRoot(s.getRepr())) | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Holds if there is no edge from `s` labeled with "|", "\n", or "Z" in our NFA.
-     * This predicate is used as a cheap pre-processing to speed up `hasRejectEdge`.
-     */
-    private predicate hasSimpleRejectEdge(State s) {
-      // The three chars were chosen arbitrarily. The three chars must be kept in sync with `relevant`.
-      exists(string char | char = ["|", "\n", "Z"] | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i+1` characters of `w`.
-     */
-    pragma[noopt]
-    private State process(State fork, string w, int i) {
-      exists(State prev | prev = getProcessPrevious(fork, i, w) |
-        not prev = acceptsAnySuffix() and // we stop `process(..)` early if we can. If the successor accepts any suffix, then we know it can never be rejected.
-        exists(string char, InputSymbol sym |
-          char = w.charAt(i) and
-          deltaClosed(prev, sym, result) and
-          // noopt to prevent joining `prev` with all possible `chars` that could transition away from `prev`.
-          // Instead only join with the set of `chars` where a relevant `InputSymbol` has already been found.
-          sym = getAProcessInputSymbol(char)
-        )
-      )
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i` characters of `w`.
-     */
-    private State getProcessPrevious(State fork, int i, string w) {
-      isReDoSCandidate(fork, w) and
-      (
-        i = 0 and result = fork
-        or
-        result = process(fork, w, i - 1)
-        or
-        // repeat until fixpoint
-        i = 0 and
-        result = process(fork, w, w.length() - 1)
-      )
-    }
-
-    /**
-     * Gets an InputSymbol that matches `char`.
-     * The predicate is specialized to only have a result for the `char`s that are relevant for the `process` predicate.
-     */
-    private InputSymbol getAProcessInputSymbol(string char) {
-      char = getAProcessChar() and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    /**
-     * Gets a `char` that occurs in a `pump` string.
-     */
-    private string getAProcessChar() { result = any(string s | isReDoSCandidate(_, s)).charAt(_) }
-  }
-
-  /**
-   * Holds if `term` may cause superlinear backtracking on strings containing many repetitions of `pump`.
-   * Gets the shortest string that causes superlinear backtracking.
-   */
-  private predicate isReDoSAttackable(RegExpTerm term, string pump, State s) {
-    exists(int i, string c | s = Match(term, i) |
-      c =
-        min(string w |
-          isCandidate(s, w) and
-          SuffixConstruction::reachesOnlyRejectableSuffixes(s, w)
-        |
-          w order by w.length(), w
-        ) and
-      pump = escape(rotate(c, i))
-    )
-  }
-
-  /**
-   * Holds if the state `s` (represented by the term `t`) can have backtracking with repetitions of `pump`.
-   *
-   * `prefixMsg` contains a friendly message for a prefix that reaches `s` (or `prefixMsg` is the empty string if the prefix is empty or if no prefix could be found).
-   */
-  predicate hasReDoSResult(RegExpTerm t, string pump, State s, string prefixMsg) {
-    isReDoSAttackable(t, pump, s) and
-    (
-      prefixMsg = "starting with '" + escape(Prefix::prefix(s)) + "' and " and
-      not Prefix::prefix(s) = ""
-      or
-      Prefix::prefix(s) = "" and prefixMsg = ""
-      or
-      not exists(Prefix::prefix(s)) and prefixMsg = ""
-    )
-  }
-
-  /**
-   * Gets the result of backslash-escaping newlines, carriage-returns and
-   * backslashes in `s`.
-   */
-  bindingset[s]
-  private string escape(string s) {
-    result =
-      s.replaceAll("\\", "\\\\")
-          .replaceAll("\n", "\\n")
-          .replaceAll("\r", "\\r")
-          .replaceAll("\t", "\\t")
-  }
-
-  /**
-   * Gets `str` with the last `i` characters moved to the front.
-   *
-   * We use this to adjust the pump string to match with the beginning of
-   * a RegExpTerm, so it doesn't start in the middle of a constant.
-   */
-  bindingset[str, i]
-  private string rotate(string str, int i) {
-    result = str.suffix(str.length() - i) + str.prefix(str.length() - i)
-  }
-}
-
-/**
- * A module that describes a tree where each node has one or more associated characters, also known as a trie.
- * The root node has no associated character.
- * This module is a signature used in `Concretizer`.
- */
-signature module CharTree {
-  /** A node in the tree. */
-  class CharNode;
-
-  /** Gets the previous node in the tree from `t`. */
-  CharNode getPrev(CharNode t);
-
-  /**
-   * Holds if `n` is at the end of a tree. I.e. a node that should have a result in the `Concretizer` module.
-   * Such a node can still have children.
-   */
-  predicate isARelevantEnd(CharNode n);
-
-  /** Gets a char associated with `t`. */
-  string getChar(CharNode t);
-}
-
-/**
- * Implements an algorithm for computing all possible strings
- * from following a tree of nodes (as described in `CharTree`).
- *
- * The string is build using one big concat, where all the chars are computed first.
- * See `concretize`.
- */
-module Concretizer<CharTree Impl> {
-  private class Node = Impl::CharNode;
-
-  private predicate getPrev = Impl::getPrev/1;
-
-  private predicate isARelevantEnd = Impl::isARelevantEnd/1;
-
-  private predicate getChar = Impl::getChar/1;
-
-  /** Holds if `n` is on a path from the root to a leaf, and is therefore relevant for the results in `concretize`. */
-  private predicate isRelevant(Node n) {
-    isARelevantEnd(n)
-    or
-    exists(Node succ | isRelevant(succ) | n = getPrev(succ))
-  }
-
-  /** Holds if `n` is a root with no predecessors. */
-  private predicate isRoot(Node n) { not exists(getPrev(n)) }
-
-  /** Gets the distance from a root to `n`. */
-  private int nodeDepth(Node n) {
-    result = 0 and isRoot(n)
-    or
-    isRelevant(n) and
-    exists(Node prev | result = nodeDepth(prev) + 1 | prev = getPrev(n))
-  }
-
-  /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
-  private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }
-
-  /** Gets the `i`th character on the path from the root to `n`. */
-  pragma[noinline]
-  private string getPrefixChar(Node n, int i) {
-    exists(Node ancestor |
-      result = getChar(ancestor) and
-      ancestor = getAnAncestor(n) and
-      i = nodeDepth(ancestor)
-    )
-  }
-
-  /** Gets a string corresponding to `node`. */
-  language[monotonicAggregates]
-  string concretize(Node n) {
-    result = strictconcat(int i | exists(getPrefixChar(n, i)) | getPrefixChar(n, i) order by i)
-  }
-}
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// NfaUtils should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll b/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll
deleted file mode 100644
index 70ed5bcedad..00000000000
--- a/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * Provides Python-specific definitions for use in the NfaUtils module.
- */
-
-import python
-import semmle.python.RegexTreeView
-
-/**
- * Holds if `term` is an escape class representing e.g. `\d`.
- * `clazz` is which character class it represents, e.g. "d" for `\d`.
- */
-predicate isEscapeClass(RegExpTerm term, string clazz) {
-  exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
-}
-
-/**
- * Holds if `term` is a possessive quantifier.
- * As python's regexes do not support possessive quantifiers, this never holds, but is used by the shared library.
- */
-predicate isPossessive(RegExpQuantifier term) { none() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
- * Not yet implemented for Python.
- */
-predicate matchesAnyPrefix(RegExpTerm term) { any() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
- * Not yet implemented for Python.
- */
-predicate matchesAnySuffix(RegExpTerm term) { any() }
-
-/**
- * Holds if the regular expression should not be considered.
- *
- * We make the pragmatic performance optimization to ignore regular expressions in files
- * that does not belong to the project code (such as installed dependencies).
- */
-predicate isExcluded(RegExpParent parent) {
-  not exists(parent.getRegex().getLocation().getFile().getRelativePath())
-  or
-  // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so
-  // we explicitly exclude these.
-  count(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10
-}
-
-/**
- * A module containing predicates for determining which flags a regular expression have.
- */
-module RegExpFlags {
-  /**
-   * Holds if `root` has the `i` flag for case-insensitive matching.
-   */
-  predicate isIgnoreCase(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isIgnoreCase()
-  }
-
-  /**
-   * Gets the flags for `root`, or the empty string if `root` has no flags.
-   */
-  string getFlags(RegExpTerm root) {
-    root.isRootTerm() and
-    result = root.getLiteral().getFlags()
-  }
-
-  /**
-   * Holds if `root` has the `s` flag for multi-line matching.
-   */
-  predicate isDotAll(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isDotAll()
-  }
-}
diff --git a/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll b/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll
index e2c75ff980b..d73a67add16 100644
--- a/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll
+++ b/python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll
@@ -3,155 +3,7 @@
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 
-import NfaUtils
-
-/** A root term */
-class RootTerm extends RegExpTerm {
-  RootTerm() { this.isRootTerm() }
-}
-
-/**
- * Holds if it should be tested whether `root` matches `str`.
- *
- * If `ignorePrefix` is true, then a regexp without a start anchor will be treated as if it had a start anchor.
- * E.g. a regular expression `/foo$/` will match any string that ends with "foo",
- * but if `ignorePrefix` is true, it will only match "foo".
- *
- * If `testWithGroups` is true, then the `RegexpMatching::fillsCaptureGroup` predicate can be used to determine which capture
- * groups are filled by a string.
- */
-signature predicate isRegexpMatchingCandidateSig(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-);
-
-/**
- * A module for determining if a regexp matches a given string,
- * and reasoning about which capture groups are filled by a given string.
- *
- * The module parameter `isCandidate` determines which strings should be tested,
- * and the results can be read from the `matches` and `fillsCaptureGroup` predicates.
- */
-module RegexpMatching<isRegexpMatchingCandidateSig/4 isCandidate> {
-  /**
-   * Gets a state the regular expression `reg` can be in after matching the `i`th char in `str`.
-   * The regular expression is modeled as a non-determistic finite automaton,
-   * the regular expression can therefore be in multiple states after matching a character.
-   *
-   * It's a forward search to all possible states, and there is thus no guarantee that the state is on a path to an accepting state.
-   */
-  private State getAState(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // start state, the -1 position before any chars have been matched
-    i = -1 and
-    isCandidate(reg, str, ignorePrefix, _) and
-    result.getRepr().getRootTerm() = reg and
-    isStartState(result)
-    or
-    // recursive case
-    result = getAStateAfterMatching(reg, _, str, i, _, ignorePrefix)
-  }
-
-  /**
-   * Gets the next state after the `prev` state from `reg`.
-   * `prev` is the state after matching `fromIndex` chars in `str`,
-   * and the result is the state after matching `toIndex` chars in `str`.
-   *
-   * This predicate is used as a step relation in the forwards search (`getAState`),
-   * and also as a step relation in the later backwards search (`getAStateThatReachesAccept`).
-   */
-  private State getAStateAfterMatching(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    // the basic recursive case - outlined into a noopt helper to make performance work out.
-    result = getAStateAfterMatchingAux(reg, prev, str, toIndex, fromIndex, ignorePrefix)
-    or
-    // we can skip past word boundaries if the next char is a non-word char.
-    fromIndex = toIndex and
-    prev.getRepr() instanceof RegExpWordBoundary and
-    prev = getAState(reg, toIndex, str, ignorePrefix) and
-    after(prev.getRepr()) = result and
-    str.charAt(toIndex + 1).regexpMatch("\\W") // \W matches any non-word char.
-  }
-
-  pragma[noopt]
-  private State getAStateAfterMatchingAux(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    prev = getAState(reg, fromIndex, str, ignorePrefix) and
-    fromIndex = toIndex - 1 and
-    exists(string char | char = str.charAt(toIndex) | specializedDeltaClosed(prev, char, result)) and
-    not discardedPrefixStep(prev, result, ignorePrefix)
-  }
-
-  /** Holds if a step from `prev` to `next` should be discarded when the `ignorePrefix` flag is set. */
-  private predicate discardedPrefixStep(State prev, State next, boolean ignorePrefix) {
-    prev = mkMatch(any(RegExpRoot r)) and
-    ignorePrefix = true and
-    next = prev
-  }
-
-  // The `deltaClosed` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  private predicate specializedDeltaClosed(State prev, string char, State next) {
-    deltaClosed(prev, specializedGetAnInputSymbolMatching(char), next)
-  }
-
-  // The `getAnInputSymbolMatching` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  pragma[noinline]
-  private InputSymbol specializedGetAnInputSymbolMatching(string char) {
-    exists(string s, RootTerm r | isCandidate(r, s, _, _) | char = s.charAt(_)) and
-    result = getAnInputSymbolMatching(char)
-  }
-
-  /**
-   * Gets the `i`th state on a path to the accepting state when `reg` matches `str`.
-   * Starts with an accepting state as found by `getAState` and searches backwards
-   * to the start state through the reachable states (as found by `getAState`).
-   *
-   * This predicate satisfies the invariant that the result state can be reached with `i` steps from a start state,
-   * and an accepting state can be found after (`str.length() - 1 - i`) steps from the result.
-   * The result state is therefore always on a valid path where `reg` accepts `str`.
-   *
-   * This predicate is only used to find which capture groups a regular expression has filled,
-   * and thus the search is only performed for the strings in the `testWithGroups(..)` predicate.
-   */
-  private State getAStateThatReachesAccept(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // base case, reaches an accepting state from the last state in `getAState(..)`
-    isCandidate(reg, str, ignorePrefix, true) and
-    i = str.length() - 1 and
-    result = getAState(reg, i, str, ignorePrefix) and
-    epsilonSucc*(result) = Accept(_)
-    or
-    // recursive case. `next` is the next state to be matched after matching `prev`.
-    // this predicate is doing a backwards search, so `prev` is the result we are looking for.
-    exists(State next, State prev, int fromIndex, int toIndex |
-      next = getAStateThatReachesAccept(reg, toIndex, str, ignorePrefix) and
-      next = getAStateAfterMatching(reg, prev, str, toIndex, fromIndex, ignorePrefix) and
-      i = fromIndex and
-      result = prev
-    )
-  }
-
-  /** Gets the capture group number that `term` belongs to. */
-  private int group(RegExpTerm term) {
-    exists(RegExpGroup grp | grp.getNumber() = result | term.getParent*() = grp)
-  }
-
-  /**
-   * Holds if `reg` matches `str`, where `str` is in the `isCandidate` predicate.
-   */
-  predicate matches(RootTerm reg, string str) {
-    exists(State state | state = getAState(reg, str.length() - 1, str, _) |
-      epsilonSucc*(state) = Accept(_)
-    )
-  }
-
-  /**
-   * Holds if matching `str` against `reg` may fill capture group number `g`.
-   * Only holds if `str` is in the `testWithGroups` predicate.
-   */
-  predicate fillsCaptureGroup(RootTerm reg, string str, int g) {
-    exists(State s |
-      s = getAStateThatReachesAccept(reg, _, str, _) and
-      g = group(s.getRepr())
-    )
-  }
-}
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// RegexpMatching should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.nfa.RegexpMatching::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll b/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll
index 14a69dc0644..6eca3722e09 100644
--- a/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll
+++ b/python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll
@@ -1,11 +1,4 @@
 /**
- * Provides classes for working with regular expressions that can
- * perform backtracking in superlinear time.
- */
-
-import NfaUtils
-
-/*
  * This module implements the analysis described in the paper:
  *   Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
  *     Static Detection of DoS Vulnerabilities in
@@ -42,377 +35,7 @@ import NfaUtils
  * It also doesn't find all transitions in the product automaton, which can cause false negatives.
  */
 
-/**
- * Gets any root (start) state of a regular expression.
- */
-private State getRootState() { result = mkMatch(any(RegExpRoot r)) }
-
-private newtype TStateTuple =
-  MkStateTuple(State q1, State q2, State q3) {
-    // starts at (pivot, pivot, succ)
-    isStartLoops(q1, q3) and q1 = q2
-    or
-    step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3)
-  }
-
-/**
- * A state in the product automaton.
- * The product automaton contains 3-tuples of states.
- *
- * We lazily only construct those states that we are actually
- * going to need.
- * Either a start state `(pivot, pivot, succ)`, or a state
- * where there exists a transition from an already existing state.
- *
- * The exponential variant of this query (`js/redos`) uses an optimization
- * trick where `q1 <= q2`. This trick cannot be used here as the order
- * of the elements matter.
- */
-class StateTuple extends TStateTuple {
-  State q1;
-  State q2;
-  State q3;
-
-  StateTuple() { this = MkStateTuple(q1, q2, q3) }
-
-  /**
-   * Gest a string representation of this tuple.
-   */
-  string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
-
-  /**
-   * Holds if this tuple is `(r1, r2, r3)`.
-   */
-  pragma[noinline]
-  predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 }
-}
-
-/**
- * A module for determining feasible tuples for the product automaton.
- *
- * The implementation is split into many predicates for performance reasons.
- */
-private module FeasibleTuple {
-  /**
-   * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton.
-   */
-  pragma[inline]
-  predicate isFeasibleTuple(State r1, State r2, State r3) {
-    // The first element is either inside a repetition (or the start state itself)
-    isRepetitionOrStart(r1) and
-    // The last element is inside a repetition
-    stateInsideRepetition(r3) and
-    // The states are reachable in the NFA in the order r1 -> r2 -> r3
-    delta+(r1) = r2 and
-    delta+(r2) = r3 and
-    // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair).
-    canReachABeginning(r1) and
-    // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair).
-    canReachATarget(r3)
-  }
-
-  /**
-   * Holds if `s` is either inside a repetition, or is the start state (which is a repetition).
-   */
-  pragma[noinline]
-  private predicate isRepetitionOrStart(State s) { stateInsideRepetition(s) or s = getRootState() }
-
-  /**
-   * Holds if state `s` might be inside a backtracking repetition.
-   */
-  pragma[noinline]
-  private predicate stateInsideRepetition(State s) {
-    s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "pivot" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachABeginning(State s) {
-    delta+(s) = any(State pivot | isStartLoops(pivot, _))
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "succ" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachATarget(State s) { delta+(s) = any(State succ | isStartLoops(_, succ)) }
-}
-
-/**
- * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup.
- *
- * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`.
- * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query.
- */
-predicate isStartLoops(State pivot, State succ) {
-  pivot != succ and
-  succ.getRepr() instanceof InfiniteRepetitionQuantifier and
-  delta+(pivot) = succ and
-  (
-    pivot.getRepr() instanceof InfiniteRepetitionQuantifier
-    or
-    pivot = mkMatch(any(RegExpRoot root))
-  )
-}
-
-/**
- * Gets a state for which there exists a transition in the NFA from `s'.
- */
-State delta(State s) { delta(s, _, result) }
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noinline]
-predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) {
-  exists(State r1, State r2, State r3 |
-    step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3)
-  )
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3
- * labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noopt]
-predicate step(
-  StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3
-) {
-  exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    deltaClosed(q3, s3, r3) and
-    // use noopt to force the join on `getAThreewayIntersect` to happen last.
-    exists(getAThreewayIntersect(s1, s2, s3))
-  )
-}
-
-/**
- * Gets a char that is matched by all the edges `s1`, `s2`, and `s3`.
- *
- * The result is not complete, and might miss some combination of edges that share some character.
- */
-pragma[noinline]
-string getAThreewayIntersect(InputSymbol s1, InputSymbol s2, InputSymbol s3) {
-  result = minAndMaxIntersect(s1, s2) and result = [intersect(s2, s3), intersect(s1, s3)]
-  or
-  result = minAndMaxIntersect(s1, s3) and result = [intersect(s2, s3), intersect(s1, s2)]
-  or
-  result = minAndMaxIntersect(s2, s3) and result = [intersect(s1, s2), intersect(s1, s3)]
-}
-
-/**
- * Gets the minimum and maximum characters that intersect between `a` and `b`.
- * This predicate is used to limit the size of `getAThreewayIntersect`.
- */
-pragma[noinline]
-string minAndMaxIntersect(InputSymbol a, InputSymbol b) {
-  result = [min(intersect(a, b)), max(intersect(a, b))]
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) {
-    isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _)
-  }
-
-/**
- * A list of tuples of input symbols that describe a path in the product automaton
- * starting from some start state.
- */
-class Trace extends TTrace {
-  /**
-   * Gets a string representation of this Trace that can be used for debug purposes.
-   */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if there exists a transition from `r` to `q` in the product automaton.
- * Notice that the arguments are flipped, and thus the direction is backwards.
- */
-pragma[noinline]
-predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) }
-
-/**
- * Holds if `tuple` is an end state in our search.
- * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`.
- */
-predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) }
-
-/**
- * Gets the minimum length of a path from `r` to some an end state `end`.
- *
- * The implementation searches backwards from the end-tuple.
- * This approach was chosen because it is way more efficient if the first predicate given to `shortestDistances` is small.
- * The `end` argument must always be an end state.
- */
-int distBackFromEnd(StateTuple r, StateTuple end) =
-  shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result)
-
-/**
- * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that:
- * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton,
- * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`,
- * and a path from a start-state to `tuple` follows the transitions in `trace`.
- */
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, StateTuple tuple, Trace trace, int dist
-) {
-  exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v |
-    isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and
-    trace = Step(s1, s2, s3, v)
-  )
-}
-
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3,
-  StateTuple tuple, int dist
-) {
-  // base case.
-  exists(State q1, State q2, State q3 |
-    isStartLoops(pivot, succ) and
-    step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and
-    tuple = MkStateTuple(q1, q2, q3) and
-    trace = Nil() and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ))
-  )
-  or
-  // recursive case
-  exists(StateTuple p |
-    isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and
-    step(p, s1, s2, s3, tuple)
-  )
-}
-
-/**
- * Gets the tuple `(pivot, succ, succ)` from the product automaton.
- */
-StateTuple getAnEndTuple(State pivot, State succ) {
-  isStartLoops(pivot, succ) and
-  result = MkStateTuple(pivot, succ, succ)
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, _, result) }
-
-  /** Holds if `n` is used in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State pivot, State succ |
-      isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _)
-    )
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) |
-      result = getAThreewayIntersect(s1, s2, s3)
-    )
-  }
-}
-
-/**
- * Holds if matching repetitions of `pump` can:
- * 1) Transition from `pivot` back to `pivot`.
- * 2) Transition from `pivot` to `succ`.
- * 3) Transition from `succ` to `succ`.
- *
- * From theorem 3 in the paper linked in the top of this file we can therefore conclude that
- * the regular expression has polynomial backtracking - if a rejecting suffix exists.
- *
- * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are
- * available in the `hasReDoSResult` predicate.
- */
-predicate isPumpable(State pivot, State succ, string pump) {
-  exists(StateTuple q, Trace t |
-    isReachableFromStartTuple(pivot, succ, q, t, _) and
-    q = getAnEndTuple(pivot, succ) and
-    pump = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/**
- * Holds if states starting in `state` can have polynomial backtracking with the string `pump`.
- */
-predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump) }
-
-/**
- * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
- */
-predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
-  exists(State s, State pivot |
-    ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
-    isPumpable(pivot, s, _) and
-    prev = pivot.getRepr()
-  )
-}
-
-/**
- * Gets a message for why `term` can cause polynomial backtracking.
- */
-string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
-  polynomialReDoS(term, pump, prefixMsg, prev) and
-  result =
-    "Strings " + prefixMsg + "with many repetitions of '" + pump +
-      "' can start matching anywhere after the start of the preceeding " + prev
-}
-
-/**
- * A term that may cause a regular expression engine to perform a
- * polynomial number of match attempts, relative to the input length.
- */
-class PolynomialBackTrackingTerm extends InfiniteRepetitionQuantifier {
-  string reason;
-  string pump;
-  string prefixMsg;
-  RegExpTerm prev;
-
-  PolynomialBackTrackingTerm() {
-    reason = getReasonString(this, pump, prefixMsg, prev) and
-    // there might be many reasons for this term to have polynomial backtracking - we pick the shortest one.
-    reason = min(string msg | msg = getReasonString(this, _, _, _) | msg order by msg.length(), msg)
-  }
-
-  /**
-   * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line.
-   */
-  predicate isAtEndLine() {
-    forall(RegExpTerm succ | this.getSuccessor+() = succ and not matchesEpsilon(succ) |
-      succ instanceof RegExpDollar
-    )
-  }
-
-  /**
-   * Gets the string that should be repeated to cause this regular expression to perform polynomially.
-   */
-  string getPumpString() { result = pump }
-
-  /**
-   * Gets a message for which prefix a matching string must start with for this term to cause polynomial backtracking.
-   */
-  string getPrefixMessage() { result = prefixMsg }
-
-  /**
-   * Gets a predecessor to `this`, which also loops on the pump string, and thereby causes polynomial backtracking.
-   */
-  RegExpTerm getPreviousLoop() { result = prev }
-
-  /**
-   * Gets the reason for the number of match attempts.
-   */
-  string getReason() { result = reason }
-}
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md
index 9e30f0aba2f..e5d6103239d 100644
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.5.6
+
+No user-facing changes.
+
+## 0.5.5
+
+No user-facing changes.
+
+## 0.5.4
+
+No user-facing changes.
+
 ## 0.5.3
 
 No user-facing changes.
diff --git a/python/ql/src/Expressions/CallToSuperWrongClass.ql b/python/ql/src/Expressions/CallToSuperWrongClass.ql
index 4098653d7f8..af5c33ef13a 100644
--- a/python/ql/src/Expressions/CallToSuperWrongClass.ql
+++ b/python/ql/src/Expressions/CallToSuperWrongClass.ql
@@ -13,17 +13,15 @@
  */
 
 import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.ApiGraphs
 
-from CallNode call_to_super, string name
+from DataFlow::CallCfgNode call_to_super, string name
 where
-  exists(GlobalVariable gv, ControlFlowNode cn |
-    call_to_super = ClassValue::super_().getACall() and
-    gv.getId() = "super" and
-    cn = call_to_super.getArg(0) and
-    name = call_to_super.getScope().getScope().(Class).getName() and
-    exists(ClassValue other |
-      cn.pointsTo(other) and
-      not other.getScope().getName() = name
-    )
+  call_to_super = API::builtin("super").getACall() and
+  name = call_to_super.getScope().getScope().(Class).getName() and
+  exists(DataFlow::Node arg |
+    arg = call_to_super.getArg(0) and
+    arg.getALocalSource().asExpr().(Name).getId() != name
   )
 select call_to_super.getNode(), "First argument to super() should be " + name + "."
diff --git a/python/ql/src/Imports/SyntaxError.qhelp b/python/ql/src/Imports/SyntaxError.qhelp
index 00b4870e86a..3498a7a5510 100644
--- a/python/ql/src/Imports/SyntaxError.qhelp
+++ b/python/ql/src/Imports/SyntaxError.qhelp
@@ -26,9 +26,10 @@ However, it is worth investigating why a module containing a syntax error
 was able to persist and address that problem as well.
 </p>
 <p>If you suspect that the syntax error is caused by the analysis using the
-wrong version of Python, consider specifying the version explicitly. For
-LGTM.com, you can customize extraction using an <code>lgtm.yml</code> file as
-described <a href="https://lgtm.com/help/lgtm/python-extraction">here</a>.
+wrong version of Python, consider specifying the version explicitly. When
+you run code scanning using the CodeQL action, you can configure the Python
+version to use. For more information, see 
+<a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#analyzing-python-dependencies">Analyzing Python dependencies</a>.
 </p>
 </recommendation>
 <references>
diff --git a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
index 5e9bc406512..d15714d406a 100644
--- a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
+++ b/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -3,200 +3,6 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+// HostnameRegexp should be used directly from the shared regex pack, and not from this file.
+deprecated private import semmle.python.security.regexp.HostnameRegex as Dep
+import Dep
diff --git a/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll b/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 5f60495b202..00000000000
--- a/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1,3 +0,0 @@
-import semmle.python.RegexTreeView
-import semmle.python.dataflow.new.DataFlow
-import semmle.python.dataflow.new.Regexp
diff --git a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
index db7129e5ac5..d394107f9d6 100644
--- a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+++ b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import semmle.python.security.regexp.HostnameRegex as HostnameRegex
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegex::incompleteHostnameRegExp/4;
diff --git a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql
index b4d2caf5e80..6bf7f41d8ed 100644
--- a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql
+++ b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql
@@ -12,8 +12,9 @@
  *       external/cwe/cwe-020
  */
 
-import semmle.python.security.OverlyLargeRangeQuery
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>
 
-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where problem(range, reason)
 select range, "Suspicious character range that " + reason + "."
diff --git a/python/ql/src/Security/CWE-116/BadTagFilter.ql b/python/ql/src/Security/CWE-116/BadTagFilter.ql
index 654df65275b..afcf73f357a 100644
--- a/python/ql/src/Security/CWE-116/BadTagFilter.ql
+++ b/python/ql/src/Security/CWE-116/BadTagFilter.ql
@@ -14,7 +14,8 @@
  *       external/cwe/cwe-186
  */
 
-import semmle.python.security.BadTagFilterQuery
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView>
 
 from HtmlMatchingRegExp regexp, string msg
 where msg = min(string m | isBadRegexpFilter(regexp, m) | m order by m.length(), m) // there might be multiple, we arbitrarily pick the shortest one
diff --git a/python/ql/src/Security/CWE-285/PamAuthorization.ql b/python/ql/src/Security/CWE-285/PamAuthorization.ql
index affb59ff7db..43cbc33917a 100644
--- a/python/ql/src/Security/CWE-285/PamAuthorization.ql
+++ b/python/ql/src/Security/CWE-285/PamAuthorization.ql
@@ -1,7 +1,7 @@
 /**
  * @name PAM authorization bypass due to incorrect usage
  * @description Not using `pam_acct_mgmt` after `pam_authenticate` to check the validity of a login can lead to authorization bypass.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @security-severity 8.1
  * @precision high
@@ -11,28 +11,12 @@
  */
 
 import python
+import DataFlow::PathGraph
 import semmle.python.ApiGraphs
-import experimental.semmle.python.Concepts
-import semmle.python.dataflow.new.TaintTracking
+import semmle.python.security.dataflow.PamAuthorizationQuery
 
-API::Node libPam() {
-  exists(API::CallNode findLibCall, API::CallNode cdllCall |
-    findLibCall = API::moduleImport("ctypes").getMember("util").getMember("find_library").getACall() and
-    findLibCall.getParameter(0).getAValueReachingSink().asExpr().(StrConst).getText() = "pam" and
-    cdllCall = API::moduleImport("ctypes").getMember("CDLL").getACall() and
-    cdllCall.getParameter(0).getAValueReachingSink() = findLibCall
-  |
-    result = cdllCall.getReturn()
-  )
-}
-
-from API::CallNode authenticateCall, DataFlow::Node handle
-where
-  authenticateCall = libPam().getMember("pam_authenticate").getACall() and
-  handle = authenticateCall.getArg(0) and
-  not exists(API::CallNode acctMgmtCall |
-    acctMgmtCall = libPam().getMember("pam_acct_mgmt").getACall() and
-    DataFlow::localFlow(handle, acctMgmtCall.getArg(0))
-  )
-select authenticateCall,
-  "This PAM authentication call may lead to an authorization bypass, since 'pam_acct_mgmt' is not called afterwards."
+from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
+where config.hasFlowPath(source, sink)
+select sink.getNode(), source, sink,
+  "This PAM authentication depends on a $@, and 'pam_acct_mgmt' is not called afterwards.",
+  source.getNode(), "user-provided value"
diff --git a/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp b/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp
index 8c6b578d12d..2bc138f86bb 100644
--- a/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp
+++ b/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp
@@ -11,13 +11,13 @@ As computational power increases, the ability to break ciphers grows and keys ne
 <p>
 The three main asymmetric key algorithms currently in use are Rivest–Shamir–Adleman (RSA) cryptography, Digital Signature Algorithm (DSA), and Elliptic-curve cryptography (ECC).
 With current technology, key sizes of 2048 bits for RSA and DSA,
-or 224 bits for ECC, are regarded as unbreakable.
+or 256 bits for ECC, are regarded as unbreakable.
 </p>
 </overview>
 
 <recommendation>
 <p>
-Increase the key size to the recommended amount or larger. For RSA or DSA this is at least 2048 bits, for ECC this is at least 224 bits.
+Increase the key size to the recommended amount or larger. For RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
 </p>
 </recommendation>
 
@@ -45,4 +45,3 @@ Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Len
 </li>
 </references>
 </qhelp>
-
diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.ql b/python/ql/src/Security/CWE-730/PolynomialReDoS.ql
index 1637686c1d8..1b315c651c3 100644
--- a/python/ql/src/Security/CWE-730/PolynomialReDoS.ql
+++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.ql
@@ -14,7 +14,6 @@
  */
 
 import python
-import semmle.python.security.regexp.SuperlinearBackTracking
 import semmle.python.security.dataflow.PolynomialReDoSQuery
 import DataFlow::PathGraph
 
diff --git a/python/ql/src/Security/CWE-730/ReDoS.ql b/python/ql/src/Security/CWE-730/ReDoS.ql
index 0e66d3cdb79..4ba35c598da 100644
--- a/python/ql/src/Security/CWE-730/ReDoS.ql
+++ b/python/ql/src/Security/CWE-730/ReDoS.ql
@@ -14,10 +14,10 @@
  *       external/cwe/cwe-400
  */
 
-import python
-import semmle.python.security.regexp.ExponentialBackTracking
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>
 
-from RegExpTerm t, string pump, State s, string prefixMsg
+from TreeView::RegExpTerm t, string pump, State s, string prefixMsg
 where
   hasReDoSResult(t, pump, s, prefixMsg) and
   // exclude verbose mode regexes for now
diff --git a/python/ql/src/analysis/AlertSuppression.ql b/python/ql/src/analysis/AlertSuppression.ql
index 1c876f367ea..6a14c9b6233 100644
--- a/python/ql/src/analysis/AlertSuppression.ql
+++ b/python/ql/src/analysis/AlertSuppression.ql
@@ -80,9 +80,7 @@ class NoqaSuppressionComment extends LineSuppressionComment {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @py_comment {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @py_comment instanceof SuppressionComment {
   /**
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
@@ -93,7 +91,7 @@ class SuppressionScope extends @py_comment {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/python/ql/src/change-notes/2022-11-22-getpass.md b/python/ql/src/change-notes/2022-11-22-getpass.md
new file mode 100644
index 00000000000..d9df302bc63
--- /dev/null
+++ b/python/ql/src/change-notes/2022-11-22-getpass.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * Added modeling of `getpass.getpass` as a source of passwords, which will be an additional source for `py/clear-text-logging-sensitive-data`, `py/clear-text-storage-sensitive-data`, and `py/weak-sensitive-data-hashing`.
diff --git a/python/ql/src/change-notes/2022-11-29-ecc-min-secure-keysize.md b/python/ql/src/change-notes/2022-11-29-ecc-min-secure-keysize.md
new file mode 100644
index 00000000000..2fc0532d547
--- /dev/null
+++ b/python/ql/src/change-notes/2022-11-29-ecc-min-secure-keysize.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Bumped the minimum keysize we consider secure for elliptic curve cryptography from 224 to 256 bits, following current best practices. This might effect results from the _Use of weak cryptographic key_ (`py/weak-crypto-key`) query.
diff --git a/python/ql/src/change-notes/released/0.5.4.md b/python/ql/src/change-notes/released/0.5.4.md
new file mode 100644
index 00000000000..1686ab4354d
--- /dev/null
+++ b/python/ql/src/change-notes/released/0.5.4.md
@@ -0,0 +1,3 @@
+## 0.5.4
+
+No user-facing changes.
diff --git a/python/ql/src/change-notes/released/0.5.5.md b/python/ql/src/change-notes/released/0.5.5.md
new file mode 100644
index 00000000000..5f5ae32c059
--- /dev/null
+++ b/python/ql/src/change-notes/released/0.5.5.md
@@ -0,0 +1,3 @@
+## 0.5.5
+
+No user-facing changes.
diff --git a/python/ql/src/change-notes/released/0.5.6.md b/python/ql/src/change-notes/released/0.5.6.md
new file mode 100644
index 00000000000..f717e01ed57
--- /dev/null
+++ b/python/ql/src/change-notes/released/0.5.6.md
@@ -0,0 +1,3 @@
+## 0.5.6
+
+No user-facing changes.
diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml
index 2164e038a5d..361de279943 100644
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.6
diff --git a/python/ql/src/experimental/Security/CWE-022bis/TarSlip.qhelp b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.qhelp.disabled
similarity index 97%
rename from python/ql/src/experimental/Security/CWE-022bis/TarSlip.qhelp
rename to python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.qhelp.disabled
index 75ba15abf42..ce3ec17c362 100644
--- a/python/ql/src/experimental/Security/CWE-022bis/TarSlip.qhelp
+++ b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.qhelp.disabled
@@ -1,6 +1,7 @@
 <!DOCTYPE qhelp PUBLIC
   "-//Semmle//qhelp//EN"
   "qhelp.dtd">
+<!-- Disabled since it refers to examples which do not exist. -->
 <qhelp>
 
 <overview>
diff --git a/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
index e614c1a3d78..80462fc91c0 100755
--- a/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
+++ b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
@@ -4,7 +4,7 @@
  *              destination file path is within the destination directory can cause files outside
  *              the destination directory to be overwritten.
  * @kind path-problem
- * @id py/tarslip
+ * @id py/tarslip-extended
  * @problem.severity error
  * @security-severity 7.5
  * @precision high
diff --git a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql
index 008650c86e7..46382ad296d 100644
--- a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql
+++ b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql
@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 2.9
  * @sub-severity high
- * @id py/reflective-xss
+ * @id py/reflective-xss-email
  * @tags security
  *       external/cwe/cwe-079
  *       external/cwe/cwe-116
diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll
index 16aa54ccea5..0e22afd2869 100644
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -42,14 +42,10 @@ module CopyFile {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `CopyFile::Range` instead.
  */
-class CopyFile extends DataFlow::Node {
-  CopyFile::Range range;
+class CopyFile extends DataFlow::Node instanceof CopyFile::Range {
+  DataFlow::Node getAPathArgument() { result = super.getAPathArgument() }
 
-  CopyFile() { this = range }
-
-  DataFlow::Node getAPathArgument() { result = range.getAPathArgument() }
-
-  DataFlow::Node getfsrcArgument() { result = range.getfsrcArgument() }
+  DataFlow::Node getfsrcArgument() { result = super.getfsrcArgument() }
 }
 
 /** Provides classes for modeling log related APIs. */
@@ -74,12 +70,8 @@ module LogOutput {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `LogOutput::Range` instead.
  */
-class LogOutput extends DataFlow::Node {
-  LogOutput::Range range;
-
-  LogOutput() { this = range }
-
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+class LogOutput extends DataFlow::Node instanceof LogOutput::Range {
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 }
 
 /** Provides classes for modeling LDAP query execution-related APIs. */
@@ -107,15 +99,11 @@ deprecated module LDAPQuery = LdapQuery;
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `LDAPQuery::Range` instead.
  */
-class LdapQuery extends DataFlow::Node {
-  LdapQuery::Range range;
-
-  LdapQuery() { this = range }
-
+class LdapQuery extends DataFlow::Node instanceof LdapQuery::Range {
   /**
    * Gets the argument containing the executed expression.
    */
-  DataFlow::Node getQuery() { result = range.getQuery() }
+  DataFlow::Node getQuery() { result = super.getQuery() }
 }
 
 /** DEPRECATED: Alias for LdapQuery */
@@ -146,15 +134,11 @@ deprecated module LDAPEscape = LdapEscape;
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `LDAPEscape::Range` instead.
  */
-class LdapEscape extends DataFlow::Node {
-  LdapEscape::Range range;
-
-  LdapEscape() { this = range }
-
+class LdapEscape extends DataFlow::Node instanceof LdapEscape::Range {
   /**
    * Gets the argument containing the escaped expression.
    */
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 }
 
 /** DEPRECATED: Alias for LdapEscape */
@@ -198,25 +182,21 @@ deprecated module LDAPBind = LdapBind;
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `LDAPBind::Range` instead.
  */
-class LdapBind extends DataFlow::Node {
-  LdapBind::Range range;
-
-  LdapBind() { this = range }
-
+class LdapBind extends DataFlow::Node instanceof LdapBind::Range {
   /**
    * Gets the argument containing the binding host.
    */
-  DataFlow::Node getHost() { result = range.getHost() }
+  DataFlow::Node getHost() { result = super.getHost() }
 
   /**
    * Gets the argument containing the binding expression.
    */
-  DataFlow::Node getPassword() { result = range.getPassword() }
+  DataFlow::Node getPassword() { result = super.getPassword() }
 
   /**
    * Holds if the binding process use SSL.
    */
-  predicate useSsl() { range.useSsl() }
+  predicate useSsl() { super.useSsl() }
 
   /** DEPRECATED: Alias for useSsl */
   deprecated predicate useSSL() { useSsl() }
@@ -250,15 +230,11 @@ deprecated module SQLEscape = SqlEscape;
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `SQLEscape::Range` instead.
  */
-class SqlEscape extends DataFlow::Node {
-  SqlEscape::Range range;
-
-  SqlEscape() { this = range }
-
+class SqlEscape extends DataFlow::Node instanceof SqlEscape::Range {
   /**
    * Gets the argument containing the raw SQL statement.
    */
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 }
 
 /** DEPRECATED: Alias for SqlEscape */
@@ -287,13 +263,9 @@ deprecated module NoSQLQuery = NoSqlQuery;
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `NoSQLQuery::Range` instead.
  */
-class NoSqlQuery extends DataFlow::Node {
-  NoSqlQuery::Range range;
-
-  NoSqlQuery() { this = range }
-
+class NoSqlQuery extends DataFlow::Node instanceof NoSqlQuery::Range {
   /** Gets the argument that specifies the NoSql query to be executed. */
-  DataFlow::Node getQuery() { result = range.getQuery() }
+  DataFlow::Node getQuery() { result = super.getQuery() }
 }
 
 /** DEPRECATED: Alias for NoSqlQuery */
@@ -322,13 +294,9 @@ deprecated module NoSQLSanitizer = NoSqlSanitizer;
  * Extend this class to model new APIs. If you want to refine existing API models,
  * extend `NoSQLSanitizer::Range` instead.
  */
-class NoSqlSanitizer extends DataFlow::Node {
-  NoSqlSanitizer::Range range;
-
-  NoSqlSanitizer() { this = range }
-
+class NoSqlSanitizer extends DataFlow::Node instanceof NoSqlSanitizer::Range {
   /** Gets the argument that specifies the NoSql query to be sanitized. */
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 }
 
 /** DEPRECATED: Alias for NoSqlSanitizer */
@@ -361,20 +329,16 @@ module HeaderDeclaration {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `HeaderDeclaration::Range` instead.
  */
-class HeaderDeclaration extends DataFlow::Node {
-  HeaderDeclaration::Range range;
-
-  HeaderDeclaration() { this = range }
-
+class HeaderDeclaration extends DataFlow::Node instanceof HeaderDeclaration::Range {
   /**
    * Gets the argument containing the header name.
    */
-  DataFlow::Node getNameArg() { result = range.getNameArg() }
+  DataFlow::Node getNameArg() { result = super.getNameArg() }
 
   /**
    * Gets the argument containing the header value.
    */
-  DataFlow::Node getValueArg() { result = range.getValueArg() }
+  DataFlow::Node getValueArg() { result = super.getValueArg() }
 }
 
 /** Provides classes for modeling Csv writer APIs. */
@@ -399,15 +363,11 @@ module CsvWriter {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `CsvWriter::Range` instead.
  */
-class CsvWriter extends DataFlow::Node {
-  CsvWriter::Range range;
-
-  CsvWriter() { this = range }
-
+class CsvWriter extends DataFlow::Node instanceof CsvWriter::Range {
   /**
    * Get the parameter value of the csv writer function.
    */
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 }
 
 /**
diff --git a/python/ql/src/experimental/semmle/python/CookieHeader.qll b/python/ql/src/experimental/semmle/python/CookieHeader.qll
index 1d28548e5a4..690dff3ecba 100644
--- a/python/ql/src/experimental/semmle/python/CookieHeader.qll
+++ b/python/ql/src/experimental/semmle/python/CookieHeader.qll
@@ -28,7 +28,6 @@ import experimental.semmle.python.Concepts
  */
 class CookieHeader extends Cookie::Range instanceof HeaderDeclaration {
   CookieHeader() {
-    this instanceof HeaderDeclaration and
     exists(StrConst str |
       str.getText() = "Set-Cookie" and
       DataFlow::exprNode(str)
diff --git a/python/ql/src/meta/alerts/TaintSinks.ql b/python/ql/src/meta/alerts/TaintSinks.ql
new file mode 100644
index 00000000000..634ef18f129
--- /dev/null
+++ b/python/ql/src/meta/alerts/TaintSinks.ql
@@ -0,0 +1,87 @@
+/**
+ * @name Taint sinks
+ * @description Sinks from TaintTracking queries.
+ * @kind problem
+ * @problem.severity recommendation
+ * @id py/meta/alerts/taint-sinks
+ * @tags meta
+ * @precision very-low
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import meta.MetaMetrics
+import semmle.python.security.dataflow.CleartextLoggingCustomizations
+import semmle.python.security.dataflow.CleartextStorageCustomizations
+import semmle.python.security.dataflow.CodeInjectionCustomizations
+import semmle.python.security.dataflow.CommandInjectionCustomizations
+import semmle.python.security.dataflow.LdapInjectionCustomizations
+import semmle.python.security.dataflow.LogInjectionCustomizations
+import semmle.python.security.dataflow.PathInjectionCustomizations
+import semmle.python.security.dataflow.PolynomialReDoSCustomizations
+import semmle.python.security.dataflow.ReflectedXSSCustomizations
+import semmle.python.security.dataflow.RegexInjectionCustomizations
+import semmle.python.security.dataflow.ServerSideRequestForgeryCustomizations
+import semmle.python.security.dataflow.SqlInjectionCustomizations
+import semmle.python.security.dataflow.StackTraceExposureCustomizations
+import semmle.python.security.dataflow.TarSlipCustomizations
+import semmle.python.security.dataflow.UnsafeDeserializationCustomizations
+import semmle.python.security.dataflow.UrlRedirectCustomizations
+import semmle.python.security.dataflow.WeakSensitiveDataHashingCustomizations
+import semmle.python.security.dataflow.XmlBombCustomizations
+import semmle.python.security.dataflow.XpathInjectionCustomizations
+import semmle.python.security.dataflow.XxeCustomizations
+
+DataFlow::Node relevantTaintSink(string kind) {
+  not result.getLocation().getFile() instanceof IgnoredFile and
+  (
+    kind = "CleartextLogging" and result instanceof CleartextLogging::Sink
+    or
+    kind = "CleartextStorage" and result instanceof CleartextStorage::Sink
+    or
+    kind = "CodeInjection" and result instanceof CodeInjection::Sink
+    or
+    kind = "CommandInjection" and result instanceof CommandInjection::Sink
+    or
+    kind = "LdapInjection (DN)" and result instanceof LdapInjection::DnSink
+    or
+    kind = "LdapInjection (Filter)" and result instanceof LdapInjection::FilterSink
+    or
+    kind = "LogInjection" and result instanceof LogInjection::Sink
+    or
+    kind = "PathInjection" and result instanceof PathInjection::Sink
+    or
+    kind = "PolynomialReDoS" and result instanceof PolynomialReDoS::Sink
+    or
+    kind = "ReflectedXss" and result instanceof ReflectedXss::Sink
+    or
+    kind = "RegexInjection" and result instanceof RegexInjection::Sink
+    or
+    kind = "ServerSideRequestForgery" and result instanceof ServerSideRequestForgery::Sink
+    or
+    kind = "SqlInjection" and result instanceof SqlInjection::Sink
+    or
+    kind = "StackTraceExposure" and result instanceof StackTraceExposure::Sink
+    or
+    kind = "TarSlip" and result instanceof TarSlip::Sink
+    or
+    kind = "UnsafeDeserialization" and result instanceof UnsafeDeserialization::Sink
+    or
+    kind = "UrlRedirect" and result instanceof UrlRedirect::Sink
+    or
+    kind = "WeakSensitiveDataHashing (NormalHashFunction)" and
+    result instanceof NormalHashFunction::Sink
+    or
+    kind = "WeakSensitiveDataHashing (ComputationallyExpensiveHashFunction)" and
+    result instanceof ComputationallyExpensiveHashFunction::Sink
+    or
+    kind = "XmlBomb" and result instanceof XmlBomb::Sink
+    or
+    kind = "XpathInjection" and result instanceof XpathInjection::Sink
+    or
+    kind = "Xxe" and result instanceof Xxe::Sink
+  )
+}
+
+from string kind
+select relevantTaintSink(kind), kind + " sink"
diff --git a/python/ql/src/meta/analysis-quality/CallGraph.ql b/python/ql/src/meta/analysis-quality/CallGraph.ql
index d23ee43014c..2872912bb51 100644
--- a/python/ql/src/meta/analysis-quality/CallGraph.ql
+++ b/python/ql/src/meta/analysis-quality/CallGraph.ql
@@ -10,7 +10,11 @@
 
 import python
 import semmle.python.dataflow.new.internal.DataFlowPrivate
+import meta.MetaMetrics
 
 from DataFlowCall c, DataFlowCallableValue f
-where c.getCallable() = f
+where
+  c.getCallable() = f and
+  not c.getLocation().getFile() instanceof IgnoredFile and
+  not f.getScope().getLocation().getFile() instanceof IgnoredFile
 select c, "Call to $@", f.getScope(), f.toString()
diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml
index c5f06d5b464..0bcf45523e7 100644
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.4-dev
+version: 0.6.0-dev
 groups: 
   - python
   - queries
diff --git a/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll b/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll
index b0f0009b30d..f526a1f43ae 100644
--- a/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll
@@ -16,8 +16,9 @@ class DataFlowTest extends FlowTest {
 query predicate missingAnnotationOnSink(Location location, string error, string element) {
   error = "ERROR, you should add `# $ MISSING: flow` annotation" and
   exists(DataFlow::Node sink |
+    any(TestConfiguration config).isSink(sink) and
+    // note: we only care about `SINK` and not `SINK_F`, so we have to reconstruct manually.
     exists(DataFlow::CallCfgNode call |
-      // note: we only care about `SINK` and not `SINK_F`, so we have to reconstruct manually.
       call.getFunction().asCfgNode().(NameNode).getId() = "SINK" and
       (sink = call.getArg(_) or sink = call.getArgByName(_))
     ) and
diff --git a/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/coverage/classesCallGraph.expected b/python/ql/test/experimental/dataflow/coverage/classesCallGraph.expected
deleted file mode 100644
index f297c4be6e3..00000000000
--- a/python/ql/test/experimental/dataflow/coverage/classesCallGraph.expected
+++ /dev/null
@@ -1,80 +0,0 @@
-| classes.py:14:17:14:60 | ControlFlowNode for Attribute() | classes.py:14:17:14:60 | ControlFlowNode for Attribute() |
-| classes.py:45:16:45:35 | ControlFlowNode for Attribute() | classes.py:45:16:45:35 | ControlFlowNode for Attribute() |
-| classes.py:60:17:60:27 | [pre objCreate] ControlFlowNode for With_init() | classes.py:54:18:54:21 | ControlFlowNode for self |
-| classes.py:242:9:242:24 | ControlFlowNode for set() | classes.py:242:9:242:24 | ControlFlowNode for set() |
-| classes.py:247:9:247:30 | ControlFlowNode for frozenset() | classes.py:247:9:247:30 | ControlFlowNode for frozenset() |
-| classes.py:252:9:252:28 | ControlFlowNode for dict() | classes.py:252:9:252:28 | ControlFlowNode for dict() |
-| classes.py:559:16:559:17 | ControlFlowNode for Str | classes.py:565:5:565:22 | ControlFlowNode for Subscript |
-| classes.py:565:5:565:16 | ControlFlowNode for with_getitem | classes.py:555:21:555:24 | ControlFlowNode for self |
-| classes.py:565:18:565:21 | ControlFlowNode for arg2 | classes.py:555:27:555:29 | ControlFlowNode for key |
-| classes.py:581:5:581:16 | ControlFlowNode for with_setitem | classes.py:570:21:570:24 | ControlFlowNode for self |
-| classes.py:581:18:581:21 | ControlFlowNode for arg2 | classes.py:570:27:570:29 | ControlFlowNode for key |
-| classes.py:581:26:581:29 | ControlFlowNode for arg3 | classes.py:570:32:570:36 | ControlFlowNode for value |
-| classes.py:595:9:595:20 | ControlFlowNode for with_delitem | classes.py:586:21:586:24 | ControlFlowNode for self |
-| classes.py:595:22:595:25 | ControlFlowNode for arg2 | classes.py:586:27:586:29 | ControlFlowNode for key |
-| classes.py:618:16:618:28 | ControlFlowNode for Attribute() | classes.py:618:16:618:28 | ControlFlowNode for Attribute() |
-| classes.py:659:15:659:18 | ControlFlowNode for self | classes.py:667:5:667:19 | ControlFlowNode for BinaryExpr |
-| classes.py:661:16:661:19 | ControlFlowNode for self | classes.py:667:5:667:19 | ControlFlowNode for BinaryExpr |
-| classes.py:667:5:667:12 | ControlFlowNode for with_add | classes.py:657:17:657:20 | ControlFlowNode for self |
-| classes.py:667:5:667:12 | ControlFlowNode for with_add | classes.py:667:5:667:19 | ControlFlowNode for BinaryExpr |
-| classes.py:667:16:667:19 | ControlFlowNode for arg2 | classes.py:657:23:657:27 | ControlFlowNode for other |
-| classes.py:674:15:674:18 | ControlFlowNode for self | classes.py:682:5:682:19 | ControlFlowNode for BinaryExpr |
-| classes.py:676:16:676:19 | ControlFlowNode for self | classes.py:682:5:682:19 | ControlFlowNode for BinaryExpr |
-| classes.py:682:5:682:12 | ControlFlowNode for with_sub | classes.py:672:17:672:20 | ControlFlowNode for self |
-| classes.py:682:5:682:12 | ControlFlowNode for with_sub | classes.py:682:5:682:19 | ControlFlowNode for BinaryExpr |
-| classes.py:682:16:682:19 | ControlFlowNode for arg2 | classes.py:672:23:672:27 | ControlFlowNode for other |
-| classes.py:689:15:689:18 | ControlFlowNode for self | classes.py:697:5:697:19 | ControlFlowNode for BinaryExpr |
-| classes.py:691:16:691:19 | ControlFlowNode for self | classes.py:697:5:697:19 | ControlFlowNode for BinaryExpr |
-| classes.py:697:5:697:12 | ControlFlowNode for with_mul | classes.py:687:17:687:20 | ControlFlowNode for self |
-| classes.py:697:5:697:12 | ControlFlowNode for with_mul | classes.py:697:5:697:19 | ControlFlowNode for BinaryExpr |
-| classes.py:697:16:697:19 | ControlFlowNode for arg2 | classes.py:687:23:687:27 | ControlFlowNode for other |
-| classes.py:704:15:704:18 | ControlFlowNode for self | classes.py:712:5:712:22 | ControlFlowNode for BinaryExpr |
-| classes.py:706:16:706:19 | ControlFlowNode for self | classes.py:712:5:712:22 | ControlFlowNode for BinaryExpr |
-| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | classes.py:702:20:702:23 | ControlFlowNode for self |
-| classes.py:712:5:712:15 | ControlFlowNode for with_matmul | classes.py:712:5:712:22 | ControlFlowNode for BinaryExpr |
-| classes.py:712:19:712:22 | ControlFlowNode for arg2 | classes.py:702:26:702:30 | ControlFlowNode for other |
-| classes.py:719:15:719:18 | ControlFlowNode for self | classes.py:727:5:727:23 | ControlFlowNode for BinaryExpr |
-| classes.py:721:16:721:19 | ControlFlowNode for self | classes.py:727:5:727:23 | ControlFlowNode for BinaryExpr |
-| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | classes.py:717:21:717:24 | ControlFlowNode for self |
-| classes.py:727:5:727:16 | ControlFlowNode for with_truediv | classes.py:727:5:727:23 | ControlFlowNode for BinaryExpr |
-| classes.py:727:20:727:23 | ControlFlowNode for arg2 | classes.py:717:27:717:31 | ControlFlowNode for other |
-| classes.py:734:15:734:18 | ControlFlowNode for self | classes.py:742:5:742:25 | ControlFlowNode for BinaryExpr |
-| classes.py:736:16:736:19 | ControlFlowNode for self | classes.py:742:5:742:25 | ControlFlowNode for BinaryExpr |
-| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | classes.py:732:22:732:25 | ControlFlowNode for self |
-| classes.py:742:5:742:17 | ControlFlowNode for with_floordiv | classes.py:742:5:742:25 | ControlFlowNode for BinaryExpr |
-| classes.py:742:22:742:25 | ControlFlowNode for arg2 | classes.py:732:28:732:32 | ControlFlowNode for other |
-| classes.py:749:15:749:18 | ControlFlowNode for self | classes.py:757:5:757:19 | ControlFlowNode for BinaryExpr |
-| classes.py:751:16:751:19 | ControlFlowNode for self | classes.py:757:5:757:19 | ControlFlowNode for BinaryExpr |
-| classes.py:757:5:757:12 | ControlFlowNode for with_mod | classes.py:747:17:747:20 | ControlFlowNode for self |
-| classes.py:757:5:757:12 | ControlFlowNode for with_mod | classes.py:757:5:757:19 | ControlFlowNode for BinaryExpr |
-| classes.py:757:16:757:19 | ControlFlowNode for arg2 | classes.py:747:23:747:27 | ControlFlowNode for other |
-| classes.py:779:15:779:18 | ControlFlowNode for self | classes.py:793:5:793:20 | ControlFlowNode for BinaryExpr |
-| classes.py:781:16:781:19 | ControlFlowNode for self | classes.py:793:5:793:20 | ControlFlowNode for BinaryExpr |
-| classes.py:793:5:793:12 | ControlFlowNode for with_pow | classes.py:777:17:777:20 | ControlFlowNode for self |
-| classes.py:793:5:793:12 | ControlFlowNode for with_pow | classes.py:793:5:793:20 | ControlFlowNode for BinaryExpr |
-| classes.py:793:17:793:20 | ControlFlowNode for arg2 | classes.py:777:23:777:27 | ControlFlowNode for other |
-| classes.py:800:15:800:18 | ControlFlowNode for self | classes.py:808:5:808:23 | ControlFlowNode for BinaryExpr |
-| classes.py:802:16:802:19 | ControlFlowNode for self | classes.py:808:5:808:23 | ControlFlowNode for BinaryExpr |
-| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | classes.py:798:20:798:23 | ControlFlowNode for self |
-| classes.py:808:5:808:15 | ControlFlowNode for with_lshift | classes.py:808:5:808:23 | ControlFlowNode for BinaryExpr |
-| classes.py:808:20:808:23 | ControlFlowNode for arg2 | classes.py:798:26:798:30 | ControlFlowNode for other |
-| classes.py:815:15:815:18 | ControlFlowNode for self | classes.py:823:5:823:23 | ControlFlowNode for BinaryExpr |
-| classes.py:817:16:817:19 | ControlFlowNode for self | classes.py:823:5:823:23 | ControlFlowNode for BinaryExpr |
-| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | classes.py:813:20:813:23 | ControlFlowNode for self |
-| classes.py:823:5:823:15 | ControlFlowNode for with_rshift | classes.py:823:5:823:23 | ControlFlowNode for BinaryExpr |
-| classes.py:823:20:823:23 | ControlFlowNode for arg2 | classes.py:813:26:813:30 | ControlFlowNode for other |
-| classes.py:830:15:830:18 | ControlFlowNode for self | classes.py:838:5:838:19 | ControlFlowNode for BinaryExpr |
-| classes.py:832:16:832:19 | ControlFlowNode for self | classes.py:838:5:838:19 | ControlFlowNode for BinaryExpr |
-| classes.py:838:5:838:12 | ControlFlowNode for with_and | classes.py:828:17:828:20 | ControlFlowNode for self |
-| classes.py:838:5:838:12 | ControlFlowNode for with_and | classes.py:838:5:838:19 | ControlFlowNode for BinaryExpr |
-| classes.py:838:16:838:19 | ControlFlowNode for arg2 | classes.py:828:23:828:27 | ControlFlowNode for other |
-| classes.py:845:15:845:18 | ControlFlowNode for self | classes.py:853:5:853:19 | ControlFlowNode for BinaryExpr |
-| classes.py:847:16:847:19 | ControlFlowNode for self | classes.py:853:5:853:19 | ControlFlowNode for BinaryExpr |
-| classes.py:853:5:853:12 | ControlFlowNode for with_xor | classes.py:843:17:843:20 | ControlFlowNode for self |
-| classes.py:853:5:853:12 | ControlFlowNode for with_xor | classes.py:853:5:853:19 | ControlFlowNode for BinaryExpr |
-| classes.py:853:16:853:19 | ControlFlowNode for arg2 | classes.py:843:23:843:27 | ControlFlowNode for other |
-| classes.py:860:15:860:18 | ControlFlowNode for self | classes.py:868:5:868:18 | ControlFlowNode for BinaryExpr |
-| classes.py:862:16:862:19 | ControlFlowNode for self | classes.py:868:5:868:18 | ControlFlowNode for BinaryExpr |
-| classes.py:868:5:868:11 | ControlFlowNode for with_or | classes.py:858:16:858:19 | ControlFlowNode for self |
-| classes.py:868:5:868:11 | ControlFlowNode for with_or | classes.py:868:5:868:18 | ControlFlowNode for BinaryExpr |
-| classes.py:868:15:868:18 | ControlFlowNode for arg2 | classes.py:858:22:858:26 | ControlFlowNode for other |
diff --git a/python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql b/python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql
deleted file mode 100644
index c1b66d0f323..00000000000
--- a/python/ql/test/experimental/dataflow/coverage/classesCallGraph.ql
+++ /dev/null
@@ -1,37 +0,0 @@
-import semmle.python.dataflow.new.DataFlow
-private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
-
-/**
- * A configuration to find the call graph edges.
- */
-class CallGraphConfig extends DataFlow::Configuration {
-  CallGraphConfig() { this = "CallGraphConfig" }
-
-  override predicate isSource(DataFlow::Node node) {
-    node instanceof DataFlowPrivate::ReturnNode
-    or
-    // These sources should allow for the non-standard call syntax
-    node instanceof DataFlow::ArgumentNode
-  }
-
-  override predicate isSink(DataFlow::Node node) {
-    node instanceof DataFlowPrivate::OutNode
-    or
-    node instanceof DataFlow::ParameterNode and
-    // exclude parameters to the SINK-functions
-    not exists(DataFlowPrivate::DataFlowCallable c |
-      c.getParameter(_) = node.asCfgNode() and
-      c.getName().matches("SINK_")
-    )
-  }
-}
-
-from DataFlow::Node source, DataFlow::Node sink
-where
-  source.getLocation().getFile().getBaseName() = "classes.py" and
-  sink.getLocation().getFile().getBaseName() = "classes.py" and
-  exists(CallGraphConfig cfg | cfg.hasFlow(source, sink))
-select source, sink
-// Ideally, we would just have 1-step paths either from argument to parameter
-// or from return to call. This gives a bit more, so should be rewritten.
-// We should also consider splitting this into two, one for each direction.
diff --git a/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/coverage/dataflow.expected b/python/ql/test/experimental/dataflow/coverage/dataflow.expected
deleted file mode 100644
index c7a0294d66a..00000000000
--- a/python/ql/test/experimental/dataflow/coverage/dataflow.expected
+++ /dev/null
@@ -1,970 +0,0 @@
-edges
-| datamodel.py:35:7:35:7 | ControlFlowNode for a | datamodel.py:36:10:36:10 | ControlFlowNode for a |
-| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:35:7:35:7 | ControlFlowNode for a |
-| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() |
-| datamodel.py:44:22:44:22 | ControlFlowNode for x | datamodel.py:46:16:46:16 | ControlFlowNode for x |
-| datamodel.py:49:26:49:26 | ControlFlowNode for x | datamodel.py:50:16:50:16 | ControlFlowNode for x |
-| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:44:22:44:22 | ControlFlowNode for x |
-| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() |
-| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:44:22:44:22 | ControlFlowNode for x |
-| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() |
-| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:49:26:49:26 | ControlFlowNode for x |
-| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() |
-| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:49:26:49:26 | ControlFlowNode for x |
-| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() |
-| datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] | datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] |
-| datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] |
-| datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] | datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] |
-| datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] | datamodel.py:159:6:159:17 | ControlFlowNode for Attribute |
-| test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] |
-| test.py:42:21:42:26 | ControlFlowNode for SOURCE | test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] | test.py:43:9:43:12 | ControlFlowNode for Subscript |
-| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:44:10:44:10 | ControlFlowNode for y |
-| test.py:55:9:55:14 | ControlFlowNode for SOURCE | test.py:56:10:56:10 | ControlFlowNode for x |
-| test.py:61:9:61:16 | ControlFlowNode for Str | test.py:62:10:62:10 | ControlFlowNode for x |
-| test.py:66:9:66:17 | ControlFlowNode for Str | test.py:67:10:67:10 | ControlFlowNode for x |
-| test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | test.py:72:10:72:10 | ControlFlowNode for x |
-| test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | test.py:77:10:77:10 | ControlFlowNode for x |
-| test.py:87:10:87:15 | ControlFlowNode for SOURCE | test.py:88:10:88:10 | ControlFlowNode for x |
-| test.py:93:9:93:16 | ControlFlowNode for List [List element] | test.py:94:10:94:10 | ControlFlowNode for x [List element] |
-| test.py:93:10:93:15 | ControlFlowNode for SOURCE | test.py:93:9:93:16 | ControlFlowNode for List [List element] |
-| test.py:94:10:94:10 | ControlFlowNode for x [List element] | test.py:94:10:94:13 | ControlFlowNode for Subscript |
-| test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] | test.py:104:10:104:10 | ControlFlowNode for x [List element] |
-| test.py:103:10:103:15 | ControlFlowNode for SOURCE | test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] |
-| test.py:104:10:104:10 | ControlFlowNode for x [List element] | test.py:104:10:104:13 | ControlFlowNode for Subscript |
-| test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] | test.py:109:10:109:10 | ControlFlowNode for x [List element] |
-| test.py:108:10:108:10 | ControlFlowNode for y | test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] |
-| test.py:108:16:108:16 | SSA variable y | test.py:108:10:108:10 | ControlFlowNode for y |
-| test.py:108:21:108:28 | ControlFlowNode for List [List element] | test.py:108:16:108:16 | SSA variable y |
-| test.py:108:22:108:27 | ControlFlowNode for SOURCE | test.py:108:21:108:28 | ControlFlowNode for List [List element] |
-| test.py:109:10:109:10 | ControlFlowNode for x [List element] | test.py:109:10:109:13 | ControlFlowNode for Subscript |
-| test.py:113:9:113:16 | ControlFlowNode for List [List element] | test.py:114:21:114:21 | ControlFlowNode for l [List element] |
-| test.py:113:10:113:15 | ControlFlowNode for SOURCE | test.py:113:9:113:16 | ControlFlowNode for List [List element] |
-| test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] | test.py:115:10:115:10 | ControlFlowNode for x [List element] |
-| test.py:114:10:114:10 | ControlFlowNode for y | test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] |
-| test.py:114:16:114:16 | SSA variable y | test.py:114:10:114:10 | ControlFlowNode for y |
-| test.py:114:21:114:21 | ControlFlowNode for l [List element] | test.py:114:16:114:16 | SSA variable y |
-| test.py:115:10:115:10 | ControlFlowNode for x [List element] | test.py:115:10:115:13 | ControlFlowNode for Subscript |
-| test.py:125:9:125:16 | ControlFlowNode for Set [Set element] | test.py:126:10:126:10 | ControlFlowNode for x [Set element] |
-| test.py:125:10:125:15 | ControlFlowNode for SOURCE | test.py:125:9:125:16 | ControlFlowNode for Set [Set element] |
-| test.py:126:10:126:10 | ControlFlowNode for x [Set element] | test.py:126:10:126:16 | ControlFlowNode for Attribute() |
-| test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] | test.py:131:10:131:10 | ControlFlowNode for x [Set element] |
-| test.py:130:10:130:15 | ControlFlowNode for SOURCE | test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] |
-| test.py:131:10:131:10 | ControlFlowNode for x [Set element] | test.py:131:10:131:16 | ControlFlowNode for Attribute() |
-| test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] | test.py:136:10:136:10 | ControlFlowNode for x [Set element] |
-| test.py:135:10:135:10 | ControlFlowNode for y | test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] |
-| test.py:135:16:135:16 | SSA variable y | test.py:135:10:135:10 | ControlFlowNode for y |
-| test.py:135:21:135:28 | ControlFlowNode for List [List element] | test.py:135:16:135:16 | SSA variable y |
-| test.py:135:22:135:27 | ControlFlowNode for SOURCE | test.py:135:21:135:28 | ControlFlowNode for List [List element] |
-| test.py:136:10:136:10 | ControlFlowNode for x [Set element] | test.py:136:10:136:16 | ControlFlowNode for Attribute() |
-| test.py:140:9:140:16 | ControlFlowNode for Set [Set element] | test.py:141:21:141:21 | ControlFlowNode for l [Set element] |
-| test.py:140:10:140:15 | ControlFlowNode for SOURCE | test.py:140:9:140:16 | ControlFlowNode for Set [Set element] |
-| test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] | test.py:142:10:142:10 | ControlFlowNode for x [Set element] |
-| test.py:141:10:141:10 | ControlFlowNode for y | test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] |
-| test.py:141:16:141:16 | SSA variable y | test.py:141:10:141:10 | ControlFlowNode for y |
-| test.py:141:21:141:21 | ControlFlowNode for l [Set element] | test.py:141:16:141:16 | SSA variable y |
-| test.py:142:10:142:10 | ControlFlowNode for x [Set element] | test.py:142:10:142:16 | ControlFlowNode for Attribute() |
-| test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] |
-| test.py:152:15:152:20 | ControlFlowNode for SOURCE | test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:153:10:153:15 | ControlFlowNode for Subscript |
-| test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] |
-| test.py:157:15:157:20 | ControlFlowNode for SOURCE | test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] | test.py:158:10:158:19 | ControlFlowNode for Attribute() |
-| test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] | test.py:184:10:184:10 | ControlFlowNode for x [List element] |
-| test.py:183:10:183:10 | ControlFlowNode for y | test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] |
-| test.py:183:16:183:16 | SSA variable z [List element] | test.py:183:41:183:41 | ControlFlowNode for z [List element] |
-| test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] | test.py:183:16:183:16 | SSA variable z [List element] |
-| test.py:183:22:183:29 | ControlFlowNode for List [List element] | test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] |
-| test.py:183:23:183:28 | ControlFlowNode for SOURCE | test.py:183:22:183:29 | ControlFlowNode for List [List element] |
-| test.py:183:36:183:36 | SSA variable y | test.py:183:10:183:10 | ControlFlowNode for y |
-| test.py:183:41:183:41 | ControlFlowNode for z [List element] | test.py:183:36:183:36 | SSA variable y |
-| test.py:184:10:184:10 | ControlFlowNode for x [List element] | test.py:184:10:184:13 | ControlFlowNode for Subscript |
-| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | test.py:189:10:189:10 | ControlFlowNode for x [List element] |
-| test.py:188:10:188:10 | ControlFlowNode for y | test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] |
-| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] |
-| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | test.py:188:16:188:16 | SSA variable v [List element, List element, List element] |
-| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] |
-| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] |
-| test.py:188:24:188:31 | ControlFlowNode for List [List element] | test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] |
-| test.py:188:25:188:30 | ControlFlowNode for SOURCE | test.py:188:24:188:31 | ControlFlowNode for List [List element] |
-| test.py:188:40:188:40 | SSA variable u [List element, List element] | test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] |
-| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | test.py:188:40:188:40 | SSA variable u [List element, List element] |
-| test.py:188:51:188:51 | SSA variable z [List element] | test.py:188:67:188:67 | ControlFlowNode for z [List element] |
-| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | test.py:188:51:188:51 | SSA variable z [List element] |
-| test.py:188:62:188:62 | SSA variable y | test.py:188:10:188:10 | ControlFlowNode for y |
-| test.py:188:67:188:67 | ControlFlowNode for z [List element] | test.py:188:62:188:62 | SSA variable y |
-| test.py:189:10:189:10 | ControlFlowNode for x [List element] | test.py:189:10:189:13 | ControlFlowNode for Subscript |
-| test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] | test.py:200:10:200:10 | ControlFlowNode for x [List element] |
-| test.py:199:10:199:10 | ControlFlowNode for y | test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] |
-| test.py:199:16:199:16 | SSA variable y | test.py:199:10:199:10 | ControlFlowNode for y |
-| test.py:199:22:199:22 | ControlFlowNode for z | test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] |
-| test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] | test.py:199:16:199:16 | SSA variable y |
-| test.py:199:28:199:28 | SSA variable z | test.py:199:22:199:22 | ControlFlowNode for z |
-| test.py:199:33:199:40 | ControlFlowNode for List [List element] | test.py:199:28:199:28 | SSA variable z |
-| test.py:199:34:199:39 | ControlFlowNode for SOURCE | test.py:199:33:199:40 | ControlFlowNode for List [List element] |
-| test.py:200:10:200:10 | ControlFlowNode for x [List element] | test.py:200:10:200:13 | ControlFlowNode for Subscript |
-| test.py:205:9:205:47 | ControlFlowNode for ListComp [List element] | test.py:206:10:206:10 | ControlFlowNode for x [List element] |
-| test.py:205:10:205:10 | ControlFlowNode for a | test.py:205:9:205:47 | ControlFlowNode for ListComp [List element] |
-| test.py:205:17:205:17 | SSA variable a | test.py:205:10:205:10 | ControlFlowNode for a |
-| test.py:205:17:205:20 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:205:17:205:17 | SSA variable a |
-| test.py:205:17:205:20 | IterableSequence [Tuple element at index 0] | test.py:205:17:205:20 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:205:26:205:46 | ControlFlowNode for List [List element, Tuple element at index 0] | test.py:205:17:205:20 | IterableSequence [Tuple element at index 0] |
-| test.py:205:28:205:33 | ControlFlowNode for SOURCE | test.py:205:28:205:44 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:205:28:205:44 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:205:26:205:46 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:206:10:206:10 | ControlFlowNode for x [List element] | test.py:206:10:206:13 | ControlFlowNode for Subscript |
-| test.py:210:9:210:51 | ControlFlowNode for ListComp [List element] | test.py:211:10:211:10 | ControlFlowNode for x [List element] |
-| test.py:210:10:210:10 | ControlFlowNode for a [List element] | test.py:210:10:210:13 | ControlFlowNode for Subscript |
-| test.py:210:10:210:13 | ControlFlowNode for Subscript | test.py:210:9:210:51 | ControlFlowNode for ListComp [List element] |
-| test.py:210:20:210:21 | IterableElement | test.py:210:20:210:21 | SSA variable a [List element] |
-| test.py:210:20:210:21 | SSA variable a [List element] | test.py:210:10:210:10 | ControlFlowNode for a [List element] |
-| test.py:210:20:210:24 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:210:20:210:21 | IterableElement |
-| test.py:210:20:210:24 | IterableSequence [Tuple element at index 0] | test.py:210:20:210:24 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:210:30:210:50 | ControlFlowNode for List [List element, Tuple element at index 0] | test.py:210:20:210:24 | IterableSequence [Tuple element at index 0] |
-| test.py:210:32:210:37 | ControlFlowNode for SOURCE | test.py:210:32:210:48 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:210:32:210:48 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:210:30:210:50 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:211:10:211:10 | ControlFlowNode for x [List element] | test.py:211:10:211:13 | ControlFlowNode for Subscript |
-| test.py:349:11:349:16 | ControlFlowNode for SOURCE | test.py:349:11:349:17 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:349:11:349:17 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:349:10:349:21 | ControlFlowNode for Subscript |
-| test.py:353:10:353:17 | ControlFlowNode for List [List element] | test.py:353:10:353:20 | ControlFlowNode for Subscript |
-| test.py:353:11:353:16 | ControlFlowNode for SOURCE | test.py:353:10:353:17 | ControlFlowNode for List [List element] |
-| test.py:357:10:357:22 | ControlFlowNode for Dict [Dictionary element at key s] | test.py:357:10:357:27 | ControlFlowNode for Subscript |
-| test.py:357:16:357:21 | ControlFlowNode for SOURCE | test.py:357:10:357:22 | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:375:15:375:15 | ControlFlowNode for b | test.py:376:12:376:12 | ControlFlowNode for b |
-| test.py:380:28:380:33 | ControlFlowNode for SOURCE | test.py:375:15:375:15 | ControlFlowNode for b |
-| test.py:380:28:380:33 | ControlFlowNode for SOURCE | test.py:380:10:380:34 | ControlFlowNode for second() |
-| test.py:388:30:388:35 | ControlFlowNode for SOURCE | test.py:375:15:375:15 | ControlFlowNode for b |
-| test.py:388:30:388:35 | ControlFlowNode for SOURCE | test.py:388:10:388:36 | ControlFlowNode for second() |
-| test.py:396:10:396:43 | KwUnpacked b | test.py:375:15:375:15 | ControlFlowNode for b |
-| test.py:396:10:396:43 | KwUnpacked b | test.py:396:10:396:43 | ControlFlowNode for second() |
-| test.py:396:30:396:42 | ControlFlowNode for Dict [Dictionary element at key b] | test.py:396:10:396:43 | KwUnpacked b |
-| test.py:396:36:396:41 | ControlFlowNode for SOURCE | test.py:396:30:396:42 | ControlFlowNode for Dict [Dictionary element at key b] |
-| test.py:399:21:399:21 | ControlFlowNode for b [Tuple element at index 0] | test.py:400:12:400:12 | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:400:12:400:12 | ControlFlowNode for b [Tuple element at index 0] | test.py:400:12:400:15 | ControlFlowNode for Subscript |
-| test.py:404:10:404:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:399:21:399:21 | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:404:10:404:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:404:10:404:39 | ControlFlowNode for f_extra_pos() |
-| test.py:404:33:404:38 | ControlFlowNode for SOURCE | test.py:404:10:404:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
-| test.py:407:26:407:26 | ControlFlowNode for b [Dictionary element at key b] | test.py:408:12:408:12 | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:408:12:408:12 | ControlFlowNode for b [Dictionary element at key b] | test.py:408:12:408:17 | ControlFlowNode for Subscript |
-| test.py:412:10:412:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:407:26:407:26 | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:412:10:412:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:412:10:412:45 | ControlFlowNode for f_extra_keyword() |
-| test.py:412:39:412:44 | ControlFlowNode for SOURCE | test.py:412:10:412:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
-| test.py:429:15:429:20 | ControlFlowNode for SOURCE | test.py:429:10:429:20 | ControlFlowNode for BoolExpr |
-| test.py:434:16:434:21 | ControlFlowNode for SOURCE | test.py:434:10:434:21 | ControlFlowNode for BoolExpr |
-| test.py:445:10:445:15 | ControlFlowNode for SOURCE | test.py:445:10:445:38 | ControlFlowNode for IfExp |
-| test.py:453:34:453:39 | ControlFlowNode for SOURCE | test.py:453:10:453:39 | ControlFlowNode for IfExp |
-| test.py:474:11:474:11 | ControlFlowNode for x | test.py:475:16:475:16 | ControlFlowNode for x |
-| test.py:477:12:477:17 | ControlFlowNode for SOURCE | test.py:474:11:474:11 | ControlFlowNode for x |
-| test.py:477:12:477:17 | ControlFlowNode for SOURCE | test.py:477:10:477:18 | ControlFlowNode for f() |
-| test.py:481:19:481:19 | ControlFlowNode for b | test.py:482:16:482:16 | ControlFlowNode for b |
-| test.py:484:28:484:33 | ControlFlowNode for SOURCE | test.py:481:19:481:19 | ControlFlowNode for b |
-| test.py:484:28:484:33 | ControlFlowNode for SOURCE | test.py:484:10:484:34 | ControlFlowNode for second() |
-| test.py:495:19:495:19 | ControlFlowNode for b | test.py:496:16:496:16 | ControlFlowNode for b |
-| test.py:498:30:498:35 | ControlFlowNode for SOURCE | test.py:495:19:495:19 | ControlFlowNode for b |
-| test.py:498:30:498:35 | ControlFlowNode for SOURCE | test.py:498:10:498:36 | ControlFlowNode for second() |
-| test.py:509:19:509:19 | ControlFlowNode for b | test.py:510:16:510:16 | ControlFlowNode for b |
-| test.py:512:10:512:43 | KwUnpacked b | test.py:509:19:509:19 | ControlFlowNode for b |
-| test.py:512:10:512:43 | KwUnpacked b | test.py:512:10:512:43 | ControlFlowNode for second() |
-| test.py:512:30:512:42 | ControlFlowNode for Dict [Dictionary element at key b] | test.py:512:10:512:43 | KwUnpacked b |
-| test.py:512:36:512:41 | ControlFlowNode for SOURCE | test.py:512:30:512:42 | ControlFlowNode for Dict [Dictionary element at key b] |
-| test.py:516:30:516:30 | ControlFlowNode for b [Tuple element at index 0] | test.py:516:33:516:33 | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:516:33:516:33 | ControlFlowNode for b [Tuple element at index 0] | test.py:516:33:516:36 | ControlFlowNode for Subscript |
-| test.py:517:10:517:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:516:30:516:30 | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:517:10:517:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:517:10:517:39 | ControlFlowNode for f_extra_pos() |
-| test.py:517:33:517:38 | ControlFlowNode for SOURCE | test.py:517:10:517:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
-| test.py:521:35:521:35 | ControlFlowNode for b [Dictionary element at key b] | test.py:521:38:521:38 | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:521:38:521:38 | ControlFlowNode for b [Dictionary element at key b] | test.py:521:38:521:43 | ControlFlowNode for Subscript |
-| test.py:522:10:522:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:521:35:521:35 | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:522:10:522:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:522:10:522:45 | ControlFlowNode for f_extra_keyword() |
-| test.py:522:39:522:44 | ControlFlowNode for SOURCE | test.py:522:10:522:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
-| test.py:534:9:534:14 | ControlFlowNode for SOURCE | test.py:536:10:536:10 | ControlFlowNode for a |
-| test.py:534:9:534:14 | ControlFlowNode for SOURCE | test.py:541:10:541:10 | ControlFlowNode for b |
-| test.py:546:10:546:15 | ControlFlowNode for SOURCE | test.py:546:10:546:26 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:546:10:546:26 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:547:5:547:8 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:547:5:547:5 | SSA variable a | test.py:548:10:548:10 | ControlFlowNode for a |
-| test.py:547:5:547:8 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:547:5:547:5 | SSA variable a |
-| test.py:554:10:554:15 | ControlFlowNode for SOURCE | test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] | test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] |
-| test.py:554:19:554:35 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] |
-| test.py:554:30:554:35 | ControlFlowNode for SOURCE | test.py:554:19:554:35 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:555:5:555:5 | SSA variable a | test.py:556:10:556:10 | ControlFlowNode for a |
-| test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:555:5:555:5 | SSA variable a |
-| test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] | test.py:555:9:555:12 | IterableSequence [Tuple element at index 1] |
-| test.py:555:9:555:12 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:555:12:555:12 | SSA variable c |
-| test.py:555:9:555:12 | IterableSequence [Tuple element at index 1] | test.py:555:9:555:12 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:555:12:555:12 | SSA variable c | test.py:558:10:558:10 | ControlFlowNode for c |
-| test.py:563:9:563:33 | ControlFlowNode for List [List element, List element, List element, List element] | test.py:564:5:564:14 | IterableSequence [List element, List element, List element, List element] |
-| test.py:563:10:563:21 | ControlFlowNode for List [List element, List element, List element] | test.py:563:9:563:33 | ControlFlowNode for List [List element, List element, List element, List element] |
-| test.py:563:11:563:20 | ControlFlowNode for List [List element, List element] | test.py:563:10:563:21 | ControlFlowNode for List [List element, List element, List element] |
-| test.py:563:12:563:19 | ControlFlowNode for List [List element] | test.py:563:11:563:20 | ControlFlowNode for List [List element, List element] |
-| test.py:563:13:563:18 | ControlFlowNode for SOURCE | test.py:563:12:563:19 | ControlFlowNode for List [List element] |
-| test.py:564:5:564:11 | ControlFlowNode for List [Tuple element at index 0, List element, List element] | test.py:564:6:564:10 | IterableSequence [List element, List element] |
-| test.py:564:5:564:11 | IterableElement [List element, List element] | test.py:564:5:564:11 | ControlFlowNode for List [Tuple element at index 0, List element, List element] |
-| test.py:564:5:564:11 | IterableSequence [List element, List element, List element] | test.py:564:5:564:11 | IterableElement [List element, List element] |
-| test.py:564:5:564:14 | ControlFlowNode for Tuple [Tuple element at index 0, List element, List element, List element] | test.py:564:5:564:11 | IterableSequence [List element, List element, List element] |
-| test.py:564:5:564:14 | IterableElement [List element, List element, List element] | test.py:564:5:564:14 | ControlFlowNode for Tuple [Tuple element at index 0, List element, List element, List element] |
-| test.py:564:5:564:14 | IterableSequence [List element, List element, List element, List element] | test.py:564:5:564:14 | IterableElement [List element, List element, List element] |
-| test.py:564:6:564:10 | ControlFlowNode for List [Tuple element at index 0, List element] | test.py:564:7:564:9 | IterableSequence [List element] |
-| test.py:564:6:564:10 | IterableElement [List element] | test.py:564:6:564:10 | ControlFlowNode for List [Tuple element at index 0, List element] |
-| test.py:564:6:564:10 | IterableSequence [List element, List element] | test.py:564:6:564:10 | IterableElement [List element] |
-| test.py:564:7:564:9 | ControlFlowNode for List [Tuple element at index 0] | test.py:564:8:564:8 | SSA variable a |
-| test.py:564:7:564:9 | IterableElement | test.py:564:7:564:9 | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:564:7:564:9 | IterableSequence [List element] | test.py:564:7:564:9 | IterableElement |
-| test.py:564:8:564:8 | SSA variable a | test.py:565:10:565:10 | ControlFlowNode for a |
-| test.py:571:10:571:15 | ControlFlowNode for SOURCE | test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:571:18:571:23 | ControlFlowNode for SOURCE | test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:572:5:572:5 | SSA variable a | test.py:573:10:573:10 | ControlFlowNode for a |
-| test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:572:5:572:5 | SSA variable a |
-| test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:572:8:572:9 | IterableElement |
-| test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:572:12:572:12 | SSA variable c |
-| test.py:572:8:572:9 | IterableElement | test.py:572:8:572:9 | SSA variable b [List element] |
-| test.py:572:8:572:9 | SSA variable b [List element] | test.py:575:10:575:10 | ControlFlowNode for b [List element] |
-| test.py:572:12:572:12 | SSA variable c | test.py:576:12:576:12 | ControlFlowNode for c |
-| test.py:575:10:575:10 | ControlFlowNode for b [List element] | test.py:575:10:575:13 | ControlFlowNode for Subscript |
-| test.py:581:10:581:15 | ControlFlowNode for SOURCE | test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:581:18:581:23 | ControlFlowNode for SOURCE | test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:582:5:582:5 | SSA variable a | test.py:583:10:583:10 | ControlFlowNode for a |
-| test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:582:5:582:5 | SSA variable a |
-| test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:582:12:582:12 | SSA variable c |
-| test.py:582:12:582:12 | SSA variable c | test.py:585:10:585:10 | ControlFlowNode for c |
-| test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] | test.py:593:6:593:23 | IterableSequence [List element, List element] |
-| test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] | test.py:601:5:601:24 | IterableSequence [List element, List element] |
-| test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] | test.py:609:6:609:23 | IterableSequence [List element, List element] |
-| test.py:590:11:590:37 | ControlFlowNode for List [List element] | test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] |
-| test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:590:11:590:37 | ControlFlowNode for List [List element] |
-| test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:590:11:590:37 | ControlFlowNode for List [List element] |
-| test.py:590:40:590:47 | ControlFlowNode for List [List element] | test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] |
-| test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:590:40:590:47 | ControlFlowNode for List [List element] |
-| test.py:593:6:593:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] | test.py:593:7:593:16 | IterableSequence [List element] |
-| test.py:593:6:593:23 | IterableElement [List element] | test.py:593:6:593:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] |
-| test.py:593:6:593:23 | IterableSequence [List element, List element] | test.py:593:6:593:23 | IterableElement [List element] |
-| test.py:593:7:593:8 | SSA variable a1 | test.py:594:10:594:11 | ControlFlowNode for a1 |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:593:7:593:8 | SSA variable a1 |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:593:11:593:12 | SSA variable a2 |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 2] | test.py:593:15:593:16 | SSA variable a3 |
-| test.py:593:7:593:16 | IterableElement | test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:593:7:593:16 | IterableElement | test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:593:7:593:16 | IterableElement | test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:593:7:593:16 | IterableSequence [List element] | test.py:593:7:593:16 | IterableElement |
-| test.py:593:11:593:12 | SSA variable a2 | test.py:595:12:595:13 | ControlFlowNode for a2 |
-| test.py:593:15:593:16 | SSA variable a3 | test.py:596:10:596:11 | ControlFlowNode for a3 |
-| test.py:601:5:601:24 | ControlFlowNode for List [Tuple element at index 0, List element] | test.py:601:7:601:16 | IterableSequence [List element] |
-| test.py:601:5:601:24 | IterableElement [List element] | test.py:601:5:601:24 | ControlFlowNode for List [Tuple element at index 0, List element] |
-| test.py:601:5:601:24 | IterableSequence [List element, List element] | test.py:601:5:601:24 | IterableElement [List element] |
-| test.py:601:7:601:8 | SSA variable a1 | test.py:602:10:602:11 | ControlFlowNode for a1 |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:601:7:601:8 | SSA variable a1 |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 1] | test.py:601:11:601:12 | SSA variable a2 |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 2] | test.py:601:15:601:16 | SSA variable a3 |
-| test.py:601:7:601:16 | IterableElement | test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:601:7:601:16 | IterableElement | test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:601:7:601:16 | IterableElement | test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:601:7:601:16 | IterableSequence [List element] | test.py:601:7:601:16 | IterableElement |
-| test.py:601:11:601:12 | SSA variable a2 | test.py:603:12:603:13 | ControlFlowNode for a2 |
-| test.py:601:15:601:16 | SSA variable a3 | test.py:604:10:604:11 | ControlFlowNode for a3 |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 0] | test.py:609:7:609:8 | SSA variable a1 |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 1] | test.py:609:11:609:12 | SSA variable a2 |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 2] | test.py:609:15:609:16 | SSA variable a3 |
-| test.py:609:6:609:17 | IterableElement | test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:609:6:609:17 | IterableElement | test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 1] |
-| test.py:609:6:609:17 | IterableElement | test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:609:6:609:17 | IterableSequence [List element] | test.py:609:6:609:17 | IterableElement |
-| test.py:609:6:609:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] | test.py:609:6:609:17 | IterableSequence [List element] |
-| test.py:609:6:609:23 | IterableElement [List element] | test.py:609:6:609:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] |
-| test.py:609:6:609:23 | IterableSequence [List element, List element] | test.py:609:6:609:23 | IterableElement [List element] |
-| test.py:609:7:609:8 | SSA variable a1 | test.py:610:10:610:11 | ControlFlowNode for a1 |
-| test.py:609:11:609:12 | SSA variable a2 | test.py:611:12:611:13 | ControlFlowNode for a2 |
-| test.py:609:15:609:16 | SSA variable a3 | test.py:612:10:612:11 | ControlFlowNode for a3 |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:12:618:17 | ControlFlowNode for SOURCE | test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 2] | test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] | test.py:621:6:621:14 | IterableSequence [Tuple element at index 0] |
-| test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] | test.py:621:6:621:14 | IterableSequence [Tuple element at index 2] |
-| test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 0] | test.py:621:7:621:8 | SSA variable a1 |
-| test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 2] | test.py:621:11:621:13 | IterableElement |
-| test.py:621:6:621:14 | IterableSequence [Tuple element at index 0] | test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:621:6:621:14 | IterableSequence [Tuple element at index 2] | test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:621:7:621:8 | SSA variable a1 | test.py:622:10:622:11 | ControlFlowNode for a1 |
-| test.py:621:11:621:13 | IterableElement | test.py:621:11:621:13 | SSA variable a2 [List element] |
-| test.py:621:11:621:13 | SSA variable a2 [List element] | test.py:624:12:624:13 | ControlFlowNode for a2 [List element] |
-| test.py:621:11:621:13 | SSA variable a2 [List element] | test.py:625:10:625:11 | ControlFlowNode for a2 [List element] |
-| test.py:624:12:624:13 | ControlFlowNode for a2 [List element] | test.py:624:12:624:16 | ControlFlowNode for Subscript |
-| test.py:625:10:625:11 | ControlFlowNode for a2 [List element] | test.py:625:10:625:14 | ControlFlowNode for Subscript |
-| test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:630:7:630:13 | IterableSequence [Tuple element at index 0] |
-| test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:630:7:630:13 | IterableSequence [Tuple element at index 2] |
-| test.py:630:7:630:8 | SSA variable a1 | test.py:631:10:631:11 | ControlFlowNode for a1 |
-| test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:630:7:630:8 | SSA variable a1 |
-| test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 2] | test.py:630:11:630:13 | IterableElement |
-| test.py:630:7:630:13 | IterableSequence [Tuple element at index 0] | test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:630:7:630:13 | IterableSequence [Tuple element at index 2] | test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:630:11:630:13 | IterableElement | test.py:630:11:630:13 | SSA variable a2 [List element] |
-| test.py:630:11:630:13 | SSA variable a2 [List element] | test.py:633:12:633:13 | ControlFlowNode for a2 [List element] |
-| test.py:630:11:630:13 | SSA variable a2 [List element] | test.py:634:10:634:11 | ControlFlowNode for a2 [List element] |
-| test.py:633:12:633:13 | ControlFlowNode for a2 [List element] | test.py:633:12:633:16 | ControlFlowNode for Subscript |
-| test.py:634:10:634:11 | ControlFlowNode for a2 [List element] | test.py:634:10:634:14 | ControlFlowNode for Subscript |
-| test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] | test.py:639:7:639:13 | IterableSequence [Tuple element at index 0] |
-| test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] | test.py:639:7:639:13 | IterableSequence [Tuple element at index 2] |
-| test.py:639:7:639:8 | SSA variable a1 | test.py:640:10:640:11 | ControlFlowNode for a1 |
-| test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:639:7:639:8 | SSA variable a1 |
-| test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 2] | test.py:639:11:639:13 | IterableElement |
-| test.py:639:7:639:13 | IterableSequence [Tuple element at index 0] | test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:639:7:639:13 | IterableSequence [Tuple element at index 2] | test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:639:11:639:13 | IterableElement | test.py:639:11:639:13 | SSA variable a2 [List element] |
-| test.py:639:11:639:13 | SSA variable a2 [List element] | test.py:642:12:642:13 | ControlFlowNode for a2 [List element] |
-| test.py:639:11:639:13 | SSA variable a2 [List element] | test.py:643:10:643:11 | ControlFlowNode for a2 [List element] |
-| test.py:642:12:642:13 | ControlFlowNode for a2 [List element] | test.py:642:12:642:16 | ControlFlowNode for Subscript |
-| test.py:643:10:643:11 | ControlFlowNode for a2 [List element] | test.py:643:10:643:14 | ControlFlowNode for Subscript |
-| test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 0] | test.py:648:7:648:8 | SSA variable a1 |
-| test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 2] | test.py:648:11:648:13 | IterableElement |
-| test.py:648:6:648:14 | IterableSequence [Tuple element at index 0] | test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:648:6:648:14 | IterableSequence [Tuple element at index 2] | test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | test.py:648:6:648:14 | IterableSequence [Tuple element at index 0] |
-| test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | test.py:648:6:648:14 | IterableSequence [Tuple element at index 2] |
-| test.py:648:7:648:8 | SSA variable a1 | test.py:649:10:649:11 | ControlFlowNode for a1 |
-| test.py:648:11:648:13 | IterableElement | test.py:648:11:648:13 | SSA variable a2 [List element] |
-| test.py:648:11:648:13 | SSA variable a2 [List element] | test.py:651:12:651:13 | ControlFlowNode for a2 [List element] |
-| test.py:648:11:648:13 | SSA variable a2 [List element] | test.py:652:10:652:11 | ControlFlowNode for a2 [List element] |
-| test.py:651:12:651:13 | ControlFlowNode for a2 [List element] | test.py:651:12:651:16 | ControlFlowNode for Subscript |
-| test.py:652:10:652:11 | ControlFlowNode for a2 [List element] | test.py:652:10:652:14 | ControlFlowNode for Subscript |
-| test.py:659:19:659:24 | ControlFlowNode for SOURCE | test.py:660:10:660:10 | ControlFlowNode for a |
-| test.py:667:10:667:51 | ControlFlowNode for List [List element, Tuple element at index 0] | test.py:668:16:668:17 | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:667:12:667:17 | ControlFlowNode for SOURCE | test.py:667:12:667:28 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:667:12:667:28 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:667:10:667:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:667:33:667:38 | ControlFlowNode for SOURCE | test.py:667:33:667:49 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:667:33:667:49 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:667:10:667:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:668:9:668:9 | SSA variable x | test.py:669:14:669:14 | ControlFlowNode for x |
-| test.py:668:9:668:11 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:668:9:668:9 | SSA variable x |
-| test.py:668:9:668:11 | IterableSequence [Tuple element at index 0] | test.py:668:9:668:11 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:668:16:668:17 | ControlFlowNode for tl [List element, Tuple element at index 0] | test.py:668:9:668:11 | IterableSequence [Tuple element at index 0] |
-| test.py:675:10:675:51 | ControlFlowNode for List [List element, Tuple element at index 0] | test.py:676:17:676:18 | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:675:12:675:17 | ControlFlowNode for SOURCE | test.py:675:12:675:28 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:675:12:675:28 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:675:10:675:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:675:33:675:38 | ControlFlowNode for SOURCE | test.py:675:33:675:49 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:675:33:675:49 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:675:10:675:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:676:9:676:10 | IterableElement | test.py:676:9:676:10 | SSA variable x [List element] |
-| test.py:676:9:676:10 | SSA variable x [List element] | test.py:678:14:678:14 | ControlFlowNode for x [List element] |
-| test.py:676:9:676:12 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:676:9:676:10 | IterableElement |
-| test.py:676:9:676:12 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:676:12:676:12 | SSA variable y |
-| test.py:676:9:676:12 | IterableSequence [Tuple element at index 0] | test.py:676:9:676:12 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:676:12:676:12 | SSA variable y | test.py:679:16:679:16 | ControlFlowNode for y |
-| test.py:676:17:676:18 | ControlFlowNode for tl [List element, Tuple element at index 0] | test.py:676:9:676:12 | IterableSequence [Tuple element at index 0] |
-| test.py:678:14:678:14 | ControlFlowNode for x [List element] | test.py:678:14:678:17 | ControlFlowNode for Subscript |
-| test.py:684:10:684:51 | ControlFlowNode for List [List element, Tuple element at index 0] | test.py:685:19:685:20 | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:684:12:684:17 | ControlFlowNode for SOURCE | test.py:684:12:684:28 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:684:12:684:28 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:684:10:684:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:684:33:684:38 | ControlFlowNode for SOURCE | test.py:684:33:684:49 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:684:33:684:49 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:684:10:684:51 | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:685:9:685:9 | SSA variable x | test.py:686:14:686:14 | ControlFlowNode for x |
-| test.py:685:9:685:14 | ControlFlowNode for Tuple [Tuple element at index 0] | test.py:685:9:685:9 | SSA variable x |
-| test.py:685:9:685:14 | IterableSequence [Tuple element at index 0] | test.py:685:9:685:14 | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:685:19:685:20 | ControlFlowNode for tl [List element, Tuple element at index 0] | test.py:685:9:685:14 | IterableSequence [Tuple element at index 0] |
-| test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 0] | test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 0] |
-| test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 1] | test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 1] |
-| test.py:691:7:691:9 | SSA variable arg | test.py:692:10:692:12 | ControlFlowNode for arg |
-| test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 0] | test.py:691:7:691:9 | SSA variable arg |
-| test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 1] | test.py:691:7:691:9 | SSA variable arg |
-| test.py:697:7:697:12 | ControlFlowNode for SOURCE | test.py:698:51:698:51 | ControlFlowNode for s |
-| test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 0] | test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 0] |
-| test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 1] | test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 1] |
-| test.py:698:43:698:48 | ControlFlowNode for SOURCE | test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 0] |
-| test.py:698:51:698:51 | ControlFlowNode for s | test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 1] |
-| test.py:769:16:769:21 | ControlFlowNode for SOURCE | test.py:772:10:772:36 | ControlFlowNode for return_from_inner_scope() |
-| test.py:807:35:807:35 | ControlFlowNode for x | test.py:808:10:808:10 | ControlFlowNode for x |
-| test.py:807:37:807:42 | ControlFlowNode for SOURCE | test.py:807:35:807:35 | ControlFlowNode for x |
-| test.py:807:48:807:48 | ControlFlowNode for y | test.py:809:10:809:10 | ControlFlowNode for y |
-| test.py:807:50:807:55 | ControlFlowNode for SOURCE | test.py:807:48:807:48 | ControlFlowNode for y |
-| test.py:807:61:807:61 | ControlFlowNode for z | test.py:810:10:810:10 | ControlFlowNode for z |
-| test.py:807:63:807:68 | ControlFlowNode for SOURCE | test.py:807:61:807:61 | ControlFlowNode for z |
-nodes
-| datamodel.py:35:7:35:7 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| datamodel.py:36:10:36:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| datamodel.py:38:6:38:17 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
-| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:44:22:44:22 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| datamodel.py:46:16:46:16 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| datamodel.py:49:26:49:26 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| datamodel.py:50:16:50:16 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:152:5:152:8 | [post store] ControlFlowNode for self [Attribute b] | semmle.label | [post store] ControlFlowNode for self [Attribute b] |
-| datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| datamodel.py:155:14:155:25 | ControlFlowNode for Customized() [Attribute b] | semmle.label | ControlFlowNode for Customized() [Attribute b] |
-| datamodel.py:159:6:159:15 | ControlFlowNode for customized [Attribute b] | semmle.label | ControlFlowNode for customized [Attribute b] |
-| datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| test.py:42:10:42:26 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:42:21:42:26 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:43:9:43:9 | ControlFlowNode for x [Tuple element at index 1] | semmle.label | ControlFlowNode for x [Tuple element at index 1] |
-| test.py:43:9:43:12 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:44:10:44:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:55:9:55:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:56:10:56:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:61:9:61:16 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
-| test.py:62:10:62:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:66:9:66:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
-| test.py:67:10:67:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | semmle.label | ControlFlowNode for IntegerLiteral |
-| test.py:72:10:72:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | semmle.label | ControlFlowNode for FloatLiteral |
-| test.py:77:10:77:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:87:10:87:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:88:10:88:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:93:9:93:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:93:10:93:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:94:10:94:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:94:10:94:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:103:9:103:37 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:103:10:103:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:104:10:104:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:104:10:104:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:108:9:108:29 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:108:10:108:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:108:16:108:16 | SSA variable y | semmle.label | SSA variable y |
-| test.py:108:21:108:28 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:108:22:108:27 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:109:10:109:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:109:10:109:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:113:9:113:16 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:113:10:113:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:114:9:114:22 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:114:10:114:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:114:16:114:16 | SSA variable y | semmle.label | SSA variable y |
-| test.py:114:21:114:21 | ControlFlowNode for l [List element] | semmle.label | ControlFlowNode for l [List element] |
-| test.py:115:10:115:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:115:10:115:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:125:9:125:16 | ControlFlowNode for Set [Set element] | semmle.label | ControlFlowNode for Set [Set element] |
-| test.py:125:10:125:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:126:10:126:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
-| test.py:126:10:126:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:130:9:130:37 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
-| test.py:130:10:130:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:131:10:131:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
-| test.py:131:10:131:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:135:9:135:29 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
-| test.py:135:10:135:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:135:16:135:16 | SSA variable y | semmle.label | SSA variable y |
-| test.py:135:21:135:28 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:135:22:135:27 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:136:10:136:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
-| test.py:136:10:136:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:140:9:140:16 | ControlFlowNode for Set [Set element] | semmle.label | ControlFlowNode for Set [Set element] |
-| test.py:140:10:140:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:141:9:141:22 | ControlFlowNode for SetComp [Set element] | semmle.label | ControlFlowNode for SetComp [Set element] |
-| test.py:141:10:141:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:141:16:141:16 | SSA variable y | semmle.label | SSA variable y |
-| test.py:141:21:141:21 | ControlFlowNode for l [Set element] | semmle.label | ControlFlowNode for l [Set element] |
-| test.py:142:10:142:10 | ControlFlowNode for x [Set element] | semmle.label | ControlFlowNode for x [Set element] |
-| test.py:142:10:142:16 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:152:9:152:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:152:15:152:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:153:10:153:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
-| test.py:153:10:153:15 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:157:9:157:21 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:157:15:157:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:158:10:158:10 | ControlFlowNode for x [Dictionary element at key s] | semmle.label | ControlFlowNode for x [Dictionary element at key s] |
-| test.py:158:10:158:19 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:183:9:183:42 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:183:10:183:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:183:16:183:16 | SSA variable z [List element] | semmle.label | SSA variable z [List element] |
-| test.py:183:21:183:30 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
-| test.py:183:22:183:29 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:183:23:183:28 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:183:36:183:36 | SSA variable y | semmle.label | SSA variable y |
-| test.py:183:41:183:41 | ControlFlowNode for z [List element] | semmle.label | ControlFlowNode for z [List element] |
-| test.py:184:10:184:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:184:10:184:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:188:9:188:68 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:188:10:188:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:188:16:188:16 | SSA variable v [List element, List element, List element] | semmle.label | SSA variable v [List element, List element, List element] |
-| test.py:188:21:188:34 | ControlFlowNode for List [List element, List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element, List element] |
-| test.py:188:22:188:33 | ControlFlowNode for List [List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element] |
-| test.py:188:23:188:32 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
-| test.py:188:24:188:31 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:188:25:188:30 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:188:40:188:40 | SSA variable u [List element, List element] | semmle.label | SSA variable u [List element, List element] |
-| test.py:188:45:188:45 | ControlFlowNode for v [List element, List element, List element] | semmle.label | ControlFlowNode for v [List element, List element, List element] |
-| test.py:188:51:188:51 | SSA variable z [List element] | semmle.label | SSA variable z [List element] |
-| test.py:188:56:188:56 | ControlFlowNode for u [List element, List element] | semmle.label | ControlFlowNode for u [List element, List element] |
-| test.py:188:62:188:62 | SSA variable y | semmle.label | SSA variable y |
-| test.py:188:67:188:67 | ControlFlowNode for z [List element] | semmle.label | ControlFlowNode for z [List element] |
-| test.py:189:10:189:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:189:10:189:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:199:9:199:42 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:199:10:199:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:199:16:199:16 | SSA variable y | semmle.label | SSA variable y |
-| test.py:199:22:199:22 | ControlFlowNode for z | semmle.label | ControlFlowNode for z |
-| test.py:199:22:199:40 | ControlFlowNode for GeneratorExp [List element] | semmle.label | ControlFlowNode for GeneratorExp [List element] |
-| test.py:199:28:199:28 | SSA variable z | semmle.label | SSA variable z |
-| test.py:199:33:199:40 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:199:34:199:39 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:200:10:200:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:200:10:200:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:205:9:205:47 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:205:10:205:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:205:17:205:17 | SSA variable a | semmle.label | SSA variable a |
-| test.py:205:17:205:20 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:205:17:205:20 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:205:26:205:46 | ControlFlowNode for List [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:205:28:205:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:205:28:205:44 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:206:10:206:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:206:10:206:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:210:9:210:51 | ControlFlowNode for ListComp [List element] | semmle.label | ControlFlowNode for ListComp [List element] |
-| test.py:210:10:210:10 | ControlFlowNode for a [List element] | semmle.label | ControlFlowNode for a [List element] |
-| test.py:210:10:210:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:210:20:210:21 | IterableElement | semmle.label | IterableElement |
-| test.py:210:20:210:21 | SSA variable a [List element] | semmle.label | SSA variable a [List element] |
-| test.py:210:20:210:24 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:210:20:210:24 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:210:30:210:50 | ControlFlowNode for List [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:210:32:210:37 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:210:32:210:48 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:211:10:211:10 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:211:10:211:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:349:10:349:21 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:349:11:349:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:349:11:349:17 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:353:10:353:17 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:353:10:353:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:353:11:353:16 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:357:10:357:22 | ControlFlowNode for Dict [Dictionary element at key s] | semmle.label | ControlFlowNode for Dict [Dictionary element at key s] |
-| test.py:357:10:357:27 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:357:16:357:21 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:375:15:375:15 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:376:12:376:12 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:380:10:380:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:380:28:380:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:388:10:388:36 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:388:30:388:35 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:396:10:396:43 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:396:10:396:43 | KwUnpacked b | semmle.label | KwUnpacked b |
-| test.py:396:30:396:42 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
-| test.py:396:36:396:41 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:399:21:399:21 | ControlFlowNode for b [Tuple element at index 0] | semmle.label | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:400:12:400:12 | ControlFlowNode for b [Tuple element at index 0] | semmle.label | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:400:12:400:15 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:404:10:404:39 | ControlFlowNode for f_extra_pos() | semmle.label | ControlFlowNode for f_extra_pos() |
-| test.py:404:10:404:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | semmle.label | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
-| test.py:404:33:404:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:407:26:407:26 | ControlFlowNode for b [Dictionary element at key b] | semmle.label | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:408:12:408:12 | ControlFlowNode for b [Dictionary element at key b] | semmle.label | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:408:12:408:17 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:412:10:412:45 | ControlFlowNode for f_extra_keyword() | semmle.label | ControlFlowNode for f_extra_keyword() |
-| test.py:412:10:412:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | semmle.label | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
-| test.py:412:39:412:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:429:10:429:20 | ControlFlowNode for BoolExpr | semmle.label | ControlFlowNode for BoolExpr |
-| test.py:429:15:429:20 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:434:10:434:21 | ControlFlowNode for BoolExpr | semmle.label | ControlFlowNode for BoolExpr |
-| test.py:434:16:434:21 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:445:10:445:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:445:10:445:38 | ControlFlowNode for IfExp | semmle.label | ControlFlowNode for IfExp |
-| test.py:453:10:453:39 | ControlFlowNode for IfExp | semmle.label | ControlFlowNode for IfExp |
-| test.py:453:34:453:39 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:474:11:474:11 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:475:16:475:16 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:477:10:477:18 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
-| test.py:477:12:477:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:481:19:481:19 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:482:16:482:16 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:484:10:484:34 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:484:28:484:33 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:495:19:495:19 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:496:16:496:16 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:498:10:498:36 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:498:30:498:35 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:509:19:509:19 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:510:16:510:16 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:512:10:512:43 | ControlFlowNode for second() | semmle.label | ControlFlowNode for second() |
-| test.py:512:10:512:43 | KwUnpacked b | semmle.label | KwUnpacked b |
-| test.py:512:30:512:42 | ControlFlowNode for Dict [Dictionary element at key b] | semmle.label | ControlFlowNode for Dict [Dictionary element at key b] |
-| test.py:512:36:512:41 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:516:30:516:30 | ControlFlowNode for b [Tuple element at index 0] | semmle.label | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:516:33:516:33 | ControlFlowNode for b [Tuple element at index 0] | semmle.label | ControlFlowNode for b [Tuple element at index 0] |
-| test.py:516:33:516:36 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:517:10:517:39 | ControlFlowNode for f_extra_pos() | semmle.label | ControlFlowNode for f_extra_pos() |
-| test.py:517:10:517:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | semmle.label | PosOverflowNode for f_extra_pos() [Tuple element at index 0] |
-| test.py:517:33:517:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:521:35:521:35 | ControlFlowNode for b [Dictionary element at key b] | semmle.label | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:521:38:521:38 | ControlFlowNode for b [Dictionary element at key b] | semmle.label | ControlFlowNode for b [Dictionary element at key b] |
-| test.py:521:38:521:43 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:522:10:522:45 | ControlFlowNode for f_extra_keyword() | semmle.label | ControlFlowNode for f_extra_keyword() |
-| test.py:522:10:522:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | semmle.label | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] |
-| test.py:522:39:522:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:534:9:534:14 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:536:10:536:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:541:10:541:10 | ControlFlowNode for b | semmle.label | ControlFlowNode for b |
-| test.py:546:10:546:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:546:10:546:26 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:547:5:547:5 | SSA variable a | semmle.label | SSA variable a |
-| test.py:547:5:547:8 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:548:10:548:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:554:10:554:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:554:10:554:36 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] |
-| test.py:554:19:554:35 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:554:30:554:35 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:555:5:555:5 | SSA variable a | semmle.label | SSA variable a |
-| test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:555:5:555:13 | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1, Tuple element at index 1] |
-| test.py:555:9:555:12 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:555:9:555:12 | IterableSequence [Tuple element at index 1] | semmle.label | IterableSequence [Tuple element at index 1] |
-| test.py:555:12:555:12 | SSA variable c | semmle.label | SSA variable c |
-| test.py:556:10:556:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:558:10:558:10 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
-| test.py:563:9:563:33 | ControlFlowNode for List [List element, List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element, List element] |
-| test.py:563:10:563:21 | ControlFlowNode for List [List element, List element, List element] | semmle.label | ControlFlowNode for List [List element, List element, List element] |
-| test.py:563:11:563:20 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
-| test.py:563:12:563:19 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:563:13:563:18 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:564:5:564:11 | ControlFlowNode for List [Tuple element at index 0, List element, List element] | semmle.label | ControlFlowNode for List [Tuple element at index 0, List element, List element] |
-| test.py:564:5:564:11 | IterableElement [List element, List element] | semmle.label | IterableElement [List element, List element] |
-| test.py:564:5:564:11 | IterableSequence [List element, List element, List element] | semmle.label | IterableSequence [List element, List element, List element] |
-| test.py:564:5:564:14 | ControlFlowNode for Tuple [Tuple element at index 0, List element, List element, List element] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, List element, List element, List element] |
-| test.py:564:5:564:14 | IterableElement [List element, List element, List element] | semmle.label | IterableElement [List element, List element, List element] |
-| test.py:564:5:564:14 | IterableSequence [List element, List element, List element, List element] | semmle.label | IterableSequence [List element, List element, List element, List element] |
-| test.py:564:6:564:10 | ControlFlowNode for List [Tuple element at index 0, List element] | semmle.label | ControlFlowNode for List [Tuple element at index 0, List element] |
-| test.py:564:6:564:10 | IterableElement [List element] | semmle.label | IterableElement [List element] |
-| test.py:564:6:564:10 | IterableSequence [List element, List element] | semmle.label | IterableSequence [List element, List element] |
-| test.py:564:7:564:9 | ControlFlowNode for List [Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:564:7:564:9 | IterableElement | semmle.label | IterableElement |
-| test.py:564:7:564:9 | IterableSequence [List element] | semmle.label | IterableSequence [List element] |
-| test.py:564:8:564:8 | SSA variable a | semmle.label | SSA variable a |
-| test.py:565:10:565:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:571:10:571:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:571:10:571:34 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:571:18:571:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:572:5:572:5 | SSA variable a | semmle.label | SSA variable a |
-| test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:572:5:572:12 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:572:8:572:9 | IterableElement | semmle.label | IterableElement |
-| test.py:572:8:572:9 | SSA variable b [List element] | semmle.label | SSA variable b [List element] |
-| test.py:572:12:572:12 | SSA variable c | semmle.label | SSA variable c |
-| test.py:573:10:573:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:575:10:575:10 | ControlFlowNode for b [List element] | semmle.label | ControlFlowNode for b [List element] |
-| test.py:575:10:575:13 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:576:12:576:12 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
-| test.py:581:10:581:15 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:581:10:581:23 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:581:18:581:23 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:582:5:582:5 | SSA variable a | semmle.label | SSA variable a |
-| test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:582:5:582:12 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:582:12:582:12 | SSA variable c | semmle.label | SSA variable c |
-| test.py:583:10:583:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:585:10:585:10 | ControlFlowNode for c | semmle.label | ControlFlowNode for c |
-| test.py:590:10:590:61 | ControlFlowNode for List [List element, List element] | semmle.label | ControlFlowNode for List [List element, List element] |
-| test.py:590:11:590:37 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:590:12:590:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:590:31:590:36 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:590:40:590:47 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
-| test.py:590:41:590:46 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:593:6:593:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, List element] |
-| test.py:593:6:593:23 | IterableElement [List element] | semmle.label | IterableElement [List element] |
-| test.py:593:6:593:23 | IterableSequence [List element, List element] | semmle.label | IterableSequence [List element, List element] |
-| test.py:593:7:593:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:593:7:593:16 | ControlFlowNode for Tuple [Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:593:7:593:16 | IterableElement | semmle.label | IterableElement |
-| test.py:593:7:593:16 | IterableSequence [List element] | semmle.label | IterableSequence [List element] |
-| test.py:593:11:593:12 | SSA variable a2 | semmle.label | SSA variable a2 |
-| test.py:593:15:593:16 | SSA variable a3 | semmle.label | SSA variable a3 |
-| test.py:594:10:594:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:595:12:595:13 | ControlFlowNode for a2 | semmle.label | ControlFlowNode for a2 |
-| test.py:596:10:596:11 | ControlFlowNode for a3 | semmle.label | ControlFlowNode for a3 |
-| test.py:601:5:601:24 | ControlFlowNode for List [Tuple element at index 0, List element] | semmle.label | ControlFlowNode for List [Tuple element at index 0, List element] |
-| test.py:601:5:601:24 | IterableElement [List element] | semmle.label | IterableElement [List element] |
-| test.py:601:5:601:24 | IterableSequence [List element, List element] | semmle.label | IterableSequence [List element, List element] |
-| test.py:601:7:601:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 1] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 1] |
-| test.py:601:7:601:16 | ControlFlowNode for Tuple [Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:601:7:601:16 | IterableElement | semmle.label | IterableElement |
-| test.py:601:7:601:16 | IterableSequence [List element] | semmle.label | IterableSequence [List element] |
-| test.py:601:11:601:12 | SSA variable a2 | semmle.label | SSA variable a2 |
-| test.py:601:15:601:16 | SSA variable a3 | semmle.label | SSA variable a3 |
-| test.py:602:10:602:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:603:12:603:13 | ControlFlowNode for a2 | semmle.label | ControlFlowNode for a2 |
-| test.py:604:10:604:11 | ControlFlowNode for a3 | semmle.label | ControlFlowNode for a3 |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 1] | semmle.label | ControlFlowNode for List [Tuple element at index 1] |
-| test.py:609:6:609:17 | ControlFlowNode for List [Tuple element at index 2] | semmle.label | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:609:6:609:17 | IterableElement | semmle.label | IterableElement |
-| test.py:609:6:609:17 | IterableSequence [List element] | semmle.label | IterableSequence [List element] |
-| test.py:609:6:609:23 | ControlFlowNode for Tuple [Tuple element at index 0, List element] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, List element] |
-| test.py:609:6:609:23 | IterableElement [List element] | semmle.label | IterableElement [List element] |
-| test.py:609:6:609:23 | IterableSequence [List element, List element] | semmle.label | IterableSequence [List element, List element] |
-| test.py:609:7:609:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:609:11:609:12 | SSA variable a2 | semmle.label | SSA variable a2 |
-| test.py:609:15:609:16 | SSA variable a3 | semmle.label | SSA variable a3 |
-| test.py:610:10:610:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:611:12:611:13 | ControlFlowNode for a2 | semmle.label | ControlFlowNode for a2 |
-| test.py:612:10:612:11 | ControlFlowNode for a3 | semmle.label | ControlFlowNode for a3 |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:618:11:618:47 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:618:12:618:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:618:12:618:36 | ControlFlowNode for Tuple [Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:618:31:618:36 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] |
-| test.py:621:5:621:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] | semmle.label | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] |
-| test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:621:6:621:14 | ControlFlowNode for List [Tuple element at index 2] | semmle.label | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:621:6:621:14 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:621:6:621:14 | IterableSequence [Tuple element at index 2] | semmle.label | IterableSequence [Tuple element at index 2] |
-| test.py:621:7:621:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:621:11:621:13 | IterableElement | semmle.label | IterableElement |
-| test.py:621:11:621:13 | SSA variable a2 [List element] | semmle.label | SSA variable a2 [List element] |
-| test.py:622:10:622:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:624:12:624:13 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:624:12:624:16 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:625:10:625:11 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:625:10:625:14 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:630:6:630:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:630:7:630:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:630:7:630:13 | ControlFlowNode for Tuple [Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:630:7:630:13 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:630:7:630:13 | IterableSequence [Tuple element at index 2] | semmle.label | IterableSequence [Tuple element at index 2] |
-| test.py:630:11:630:13 | IterableElement | semmle.label | IterableElement |
-| test.py:630:11:630:13 | SSA variable a2 [List element] | semmle.label | SSA variable a2 [List element] |
-| test.py:631:10:631:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:633:12:633:13 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:633:12:633:16 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:634:10:634:11 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:634:10:634:14 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 0] |
-| test.py:639:5:639:19 | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] | semmle.label | ControlFlowNode for List [Tuple element at index 0, Tuple element at index 2] |
-| test.py:639:7:639:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:639:7:639:13 | ControlFlowNode for Tuple [Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 2] |
-| test.py:639:7:639:13 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:639:7:639:13 | IterableSequence [Tuple element at index 2] | semmle.label | IterableSequence [Tuple element at index 2] |
-| test.py:639:11:639:13 | IterableElement | semmle.label | IterableElement |
-| test.py:639:11:639:13 | SSA variable a2 [List element] | semmle.label | SSA variable a2 [List element] |
-| test.py:640:10:640:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:642:12:642:13 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:642:12:642:16 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:643:10:643:11 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:643:10:643:14 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 0] | semmle.label | ControlFlowNode for List [Tuple element at index 0] |
-| test.py:648:6:648:14 | ControlFlowNode for List [Tuple element at index 2] | semmle.label | ControlFlowNode for List [Tuple element at index 2] |
-| test.py:648:6:648:14 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:648:6:648:14 | IterableSequence [Tuple element at index 2] | semmle.label | IterableSequence [Tuple element at index 2] |
-| test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 0] |
-| test.py:648:6:648:18 | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0, Tuple element at index 2] |
-| test.py:648:7:648:8 | SSA variable a1 | semmle.label | SSA variable a1 |
-| test.py:648:11:648:13 | IterableElement | semmle.label | IterableElement |
-| test.py:648:11:648:13 | SSA variable a2 [List element] | semmle.label | SSA variable a2 [List element] |
-| test.py:649:10:649:11 | ControlFlowNode for a1 | semmle.label | ControlFlowNode for a1 |
-| test.py:651:12:651:13 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:651:12:651:16 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:652:10:652:11 | ControlFlowNode for a2 [List element] | semmle.label | ControlFlowNode for a2 [List element] |
-| test.py:652:10:652:14 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:659:19:659:24 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:660:10:660:10 | ControlFlowNode for a | semmle.label | ControlFlowNode for a |
-| test.py:667:10:667:51 | ControlFlowNode for List [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:667:12:667:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:667:12:667:28 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:667:33:667:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:667:33:667:49 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:668:9:668:9 | SSA variable x | semmle.label | SSA variable x |
-| test.py:668:9:668:11 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:668:9:668:11 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:668:16:668:17 | ControlFlowNode for tl [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:669:14:669:14 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:675:10:675:51 | ControlFlowNode for List [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:675:12:675:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:675:12:675:28 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:675:33:675:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:675:33:675:49 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:676:9:676:10 | IterableElement | semmle.label | IterableElement |
-| test.py:676:9:676:10 | SSA variable x [List element] | semmle.label | SSA variable x [List element] |
-| test.py:676:9:676:12 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:676:9:676:12 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:676:12:676:12 | SSA variable y | semmle.label | SSA variable y |
-| test.py:676:17:676:18 | ControlFlowNode for tl [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:678:14:678:14 | ControlFlowNode for x [List element] | semmle.label | ControlFlowNode for x [List element] |
-| test.py:678:14:678:17 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| test.py:679:16:679:16 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:684:10:684:51 | ControlFlowNode for List [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for List [List element, Tuple element at index 0] |
-| test.py:684:12:684:17 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:684:12:684:28 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:684:33:684:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:684:33:684:49 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:685:9:685:9 | SSA variable x | semmle.label | SSA variable x |
-| test.py:685:9:685:14 | ControlFlowNode for Tuple [Tuple element at index 0] | semmle.label | ControlFlowNode for Tuple [Tuple element at index 0] |
-| test.py:685:9:685:14 | IterableSequence [Tuple element at index 0] | semmle.label | IterableSequence [Tuple element at index 0] |
-| test.py:685:19:685:20 | ControlFlowNode for tl [List element, Tuple element at index 0] | semmle.label | ControlFlowNode for tl [List element, Tuple element at index 0] |
-| test.py:686:14:686:14 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 0] | semmle.label | ControlFlowNode for args [Tuple element at index 0] |
-| test.py:690:39:690:42 | ControlFlowNode for args [Tuple element at index 1] | semmle.label | ControlFlowNode for args [Tuple element at index 1] |
-| test.py:691:7:691:9 | SSA variable arg | semmle.label | SSA variable arg |
-| test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 0] | semmle.label | ControlFlowNode for args [Tuple element at index 0] |
-| test.py:691:14:691:17 | ControlFlowNode for args [Tuple element at index 1] | semmle.label | ControlFlowNode for args [Tuple element at index 1] |
-| test.py:692:10:692:12 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg |
-| test.py:697:7:697:12 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 0] | semmle.label | PosOverflowNode for iterate_star_args() [Tuple element at index 0] |
-| test.py:698:3:698:52 | PosOverflowNode for iterate_star_args() [Tuple element at index 1] | semmle.label | PosOverflowNode for iterate_star_args() [Tuple element at index 1] |
-| test.py:698:43:698:48 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:698:51:698:51 | ControlFlowNode for s | semmle.label | ControlFlowNode for s |
-| test.py:769:16:769:21 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:772:10:772:36 | ControlFlowNode for return_from_inner_scope() | semmle.label | ControlFlowNode for return_from_inner_scope() |
-| test.py:807:35:807:35 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:807:37:807:42 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:807:48:807:48 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:807:50:807:55 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:807:61:807:61 | ControlFlowNode for z | semmle.label | ControlFlowNode for z |
-| test.py:807:63:807:68 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
-| test.py:808:10:808:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:809:10:809:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:810:10:810:10 | ControlFlowNode for z | semmle.label | ControlFlowNode for z |
-subpaths
-| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:35:7:35:7 | ControlFlowNode for a | datamodel.py:36:10:36:10 | ControlFlowNode for a | datamodel.py:38:6:38:17 | ControlFlowNode for f() |
-| datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:44:22:44:22 | ControlFlowNode for x | datamodel.py:46:16:46:16 | ControlFlowNode for x | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() |
-| datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:44:22:44:22 | ControlFlowNode for x | datamodel.py:46:16:46:16 | ControlFlowNode for x | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() |
-| datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:49:26:49:26 | ControlFlowNode for x | datamodel.py:50:16:50:16 | ControlFlowNode for x | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() |
-| datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:49:26:49:26 | ControlFlowNode for x | datamodel.py:50:16:50:16 | ControlFlowNode for x | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() |
-| test.py:380:28:380:33 | ControlFlowNode for SOURCE | test.py:375:15:375:15 | ControlFlowNode for b | test.py:376:12:376:12 | ControlFlowNode for b | test.py:380:10:380:34 | ControlFlowNode for second() |
-| test.py:388:30:388:35 | ControlFlowNode for SOURCE | test.py:375:15:375:15 | ControlFlowNode for b | test.py:376:12:376:12 | ControlFlowNode for b | test.py:388:10:388:36 | ControlFlowNode for second() |
-| test.py:396:10:396:43 | KwUnpacked b | test.py:375:15:375:15 | ControlFlowNode for b | test.py:376:12:376:12 | ControlFlowNode for b | test.py:396:10:396:43 | ControlFlowNode for second() |
-| test.py:404:10:404:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:399:21:399:21 | ControlFlowNode for b [Tuple element at index 0] | test.py:400:12:400:15 | ControlFlowNode for Subscript | test.py:404:10:404:39 | ControlFlowNode for f_extra_pos() |
-| test.py:412:10:412:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:407:26:407:26 | ControlFlowNode for b [Dictionary element at key b] | test.py:408:12:408:17 | ControlFlowNode for Subscript | test.py:412:10:412:45 | ControlFlowNode for f_extra_keyword() |
-| test.py:477:12:477:17 | ControlFlowNode for SOURCE | test.py:474:11:474:11 | ControlFlowNode for x | test.py:475:16:475:16 | ControlFlowNode for x | test.py:477:10:477:18 | ControlFlowNode for f() |
-| test.py:484:28:484:33 | ControlFlowNode for SOURCE | test.py:481:19:481:19 | ControlFlowNode for b | test.py:482:16:482:16 | ControlFlowNode for b | test.py:484:10:484:34 | ControlFlowNode for second() |
-| test.py:498:30:498:35 | ControlFlowNode for SOURCE | test.py:495:19:495:19 | ControlFlowNode for b | test.py:496:16:496:16 | ControlFlowNode for b | test.py:498:10:498:36 | ControlFlowNode for second() |
-| test.py:512:10:512:43 | KwUnpacked b | test.py:509:19:509:19 | ControlFlowNode for b | test.py:510:16:510:16 | ControlFlowNode for b | test.py:512:10:512:43 | ControlFlowNode for second() |
-| test.py:517:10:517:39 | PosOverflowNode for f_extra_pos() [Tuple element at index 0] | test.py:516:30:516:30 | ControlFlowNode for b [Tuple element at index 0] | test.py:516:33:516:36 | ControlFlowNode for Subscript | test.py:517:10:517:39 | ControlFlowNode for f_extra_pos() |
-| test.py:522:10:522:45 | KwOverflowNode for f_extra_keyword() [Dictionary element at key b] | test.py:521:35:521:35 | ControlFlowNode for b [Dictionary element at key b] | test.py:521:38:521:43 | ControlFlowNode for Subscript | test.py:522:10:522:45 | ControlFlowNode for f_extra_keyword() |
-#select
-| datamodel.py:38:6:38:17 | ControlFlowNode for f() | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | datamodel.py:38:6:38:17 | ControlFlowNode for f() | Flow found |
-| datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE | datamodel.py:71:6:71:24 | ControlFlowNode for Attribute() | Flow found |
-| datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE | datamodel.py:72:6:72:27 | ControlFlowNode for Attribute() | Flow found |
-| datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE | datamodel.py:80:6:80:26 | ControlFlowNode for Attribute() | Flow found |
-| datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE | datamodel.py:81:6:81:26 | ControlFlowNode for Attribute() | Flow found |
-| datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | datamodel.py:152:14:152:19 | ControlFlowNode for SOURCE | datamodel.py:159:6:159:17 | ControlFlowNode for Attribute | Flow found |
-| test.py:44:10:44:10 | ControlFlowNode for y | test.py:42:21:42:26 | ControlFlowNode for SOURCE | test.py:44:10:44:10 | ControlFlowNode for y | Flow found |
-| test.py:56:10:56:10 | ControlFlowNode for x | test.py:55:9:55:14 | ControlFlowNode for SOURCE | test.py:56:10:56:10 | ControlFlowNode for x | Flow found |
-| test.py:62:10:62:10 | ControlFlowNode for x | test.py:61:9:61:16 | ControlFlowNode for Str | test.py:62:10:62:10 | ControlFlowNode for x | Flow found |
-| test.py:67:10:67:10 | ControlFlowNode for x | test.py:66:9:66:17 | ControlFlowNode for Str | test.py:67:10:67:10 | ControlFlowNode for x | Flow found |
-| test.py:72:10:72:10 | ControlFlowNode for x | test.py:71:9:71:10 | ControlFlowNode for IntegerLiteral | test.py:72:10:72:10 | ControlFlowNode for x | Flow found |
-| test.py:77:10:77:10 | ControlFlowNode for x | test.py:76:9:76:12 | ControlFlowNode for FloatLiteral | test.py:77:10:77:10 | ControlFlowNode for x | Flow found |
-| test.py:88:10:88:10 | ControlFlowNode for x | test.py:87:10:87:15 | ControlFlowNode for SOURCE | test.py:88:10:88:10 | ControlFlowNode for x | Flow found |
-| test.py:94:10:94:13 | ControlFlowNode for Subscript | test.py:93:10:93:15 | ControlFlowNode for SOURCE | test.py:94:10:94:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:104:10:104:13 | ControlFlowNode for Subscript | test.py:103:10:103:15 | ControlFlowNode for SOURCE | test.py:104:10:104:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:109:10:109:13 | ControlFlowNode for Subscript | test.py:108:22:108:27 | ControlFlowNode for SOURCE | test.py:109:10:109:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:115:10:115:13 | ControlFlowNode for Subscript | test.py:113:10:113:15 | ControlFlowNode for SOURCE | test.py:115:10:115:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:126:10:126:16 | ControlFlowNode for Attribute() | test.py:125:10:125:15 | ControlFlowNode for SOURCE | test.py:126:10:126:16 | ControlFlowNode for Attribute() | Flow found |
-| test.py:131:10:131:16 | ControlFlowNode for Attribute() | test.py:130:10:130:15 | ControlFlowNode for SOURCE | test.py:131:10:131:16 | ControlFlowNode for Attribute() | Flow found |
-| test.py:136:10:136:16 | ControlFlowNode for Attribute() | test.py:135:22:135:27 | ControlFlowNode for SOURCE | test.py:136:10:136:16 | ControlFlowNode for Attribute() | Flow found |
-| test.py:142:10:142:16 | ControlFlowNode for Attribute() | test.py:140:10:140:15 | ControlFlowNode for SOURCE | test.py:142:10:142:16 | ControlFlowNode for Attribute() | Flow found |
-| test.py:153:10:153:15 | ControlFlowNode for Subscript | test.py:152:15:152:20 | ControlFlowNode for SOURCE | test.py:153:10:153:15 | ControlFlowNode for Subscript | Flow found |
-| test.py:158:10:158:19 | ControlFlowNode for Attribute() | test.py:157:15:157:20 | ControlFlowNode for SOURCE | test.py:158:10:158:19 | ControlFlowNode for Attribute() | Flow found |
-| test.py:184:10:184:13 | ControlFlowNode for Subscript | test.py:183:23:183:28 | ControlFlowNode for SOURCE | test.py:184:10:184:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:189:10:189:13 | ControlFlowNode for Subscript | test.py:188:25:188:30 | ControlFlowNode for SOURCE | test.py:189:10:189:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:200:10:200:13 | ControlFlowNode for Subscript | test.py:199:34:199:39 | ControlFlowNode for SOURCE | test.py:200:10:200:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:206:10:206:13 | ControlFlowNode for Subscript | test.py:205:28:205:33 | ControlFlowNode for SOURCE | test.py:206:10:206:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:211:10:211:13 | ControlFlowNode for Subscript | test.py:210:32:210:37 | ControlFlowNode for SOURCE | test.py:211:10:211:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:349:10:349:21 | ControlFlowNode for Subscript | test.py:349:11:349:16 | ControlFlowNode for SOURCE | test.py:349:10:349:21 | ControlFlowNode for Subscript | Flow found |
-| test.py:353:10:353:20 | ControlFlowNode for Subscript | test.py:353:11:353:16 | ControlFlowNode for SOURCE | test.py:353:10:353:20 | ControlFlowNode for Subscript | Flow found |
-| test.py:357:10:357:27 | ControlFlowNode for Subscript | test.py:357:16:357:21 | ControlFlowNode for SOURCE | test.py:357:10:357:27 | ControlFlowNode for Subscript | Flow found |
-| test.py:380:10:380:34 | ControlFlowNode for second() | test.py:380:28:380:33 | ControlFlowNode for SOURCE | test.py:380:10:380:34 | ControlFlowNode for second() | Flow found |
-| test.py:388:10:388:36 | ControlFlowNode for second() | test.py:388:30:388:35 | ControlFlowNode for SOURCE | test.py:388:10:388:36 | ControlFlowNode for second() | Flow found |
-| test.py:396:10:396:43 | ControlFlowNode for second() | test.py:396:36:396:41 | ControlFlowNode for SOURCE | test.py:396:10:396:43 | ControlFlowNode for second() | Flow found |
-| test.py:404:10:404:39 | ControlFlowNode for f_extra_pos() | test.py:404:33:404:38 | ControlFlowNode for SOURCE | test.py:404:10:404:39 | ControlFlowNode for f_extra_pos() | Flow found |
-| test.py:412:10:412:45 | ControlFlowNode for f_extra_keyword() | test.py:412:39:412:44 | ControlFlowNode for SOURCE | test.py:412:10:412:45 | ControlFlowNode for f_extra_keyword() | Flow found |
-| test.py:429:10:429:20 | ControlFlowNode for BoolExpr | test.py:429:15:429:20 | ControlFlowNode for SOURCE | test.py:429:10:429:20 | ControlFlowNode for BoolExpr | Flow found |
-| test.py:434:10:434:21 | ControlFlowNode for BoolExpr | test.py:434:16:434:21 | ControlFlowNode for SOURCE | test.py:434:10:434:21 | ControlFlowNode for BoolExpr | Flow found |
-| test.py:445:10:445:38 | ControlFlowNode for IfExp | test.py:445:10:445:15 | ControlFlowNode for SOURCE | test.py:445:10:445:38 | ControlFlowNode for IfExp | Flow found |
-| test.py:453:10:453:39 | ControlFlowNode for IfExp | test.py:453:34:453:39 | ControlFlowNode for SOURCE | test.py:453:10:453:39 | ControlFlowNode for IfExp | Flow found |
-| test.py:477:10:477:18 | ControlFlowNode for f() | test.py:477:12:477:17 | ControlFlowNode for SOURCE | test.py:477:10:477:18 | ControlFlowNode for f() | Flow found |
-| test.py:484:10:484:34 | ControlFlowNode for second() | test.py:484:28:484:33 | ControlFlowNode for SOURCE | test.py:484:10:484:34 | ControlFlowNode for second() | Flow found |
-| test.py:498:10:498:36 | ControlFlowNode for second() | test.py:498:30:498:35 | ControlFlowNode for SOURCE | test.py:498:10:498:36 | ControlFlowNode for second() | Flow found |
-| test.py:512:10:512:43 | ControlFlowNode for second() | test.py:512:36:512:41 | ControlFlowNode for SOURCE | test.py:512:10:512:43 | ControlFlowNode for second() | Flow found |
-| test.py:517:10:517:39 | ControlFlowNode for f_extra_pos() | test.py:517:33:517:38 | ControlFlowNode for SOURCE | test.py:517:10:517:39 | ControlFlowNode for f_extra_pos() | Flow found |
-| test.py:522:10:522:45 | ControlFlowNode for f_extra_keyword() | test.py:522:39:522:44 | ControlFlowNode for SOURCE | test.py:522:10:522:45 | ControlFlowNode for f_extra_keyword() | Flow found |
-| test.py:536:10:536:10 | ControlFlowNode for a | test.py:534:9:534:14 | ControlFlowNode for SOURCE | test.py:536:10:536:10 | ControlFlowNode for a | Flow found |
-| test.py:541:10:541:10 | ControlFlowNode for b | test.py:534:9:534:14 | ControlFlowNode for SOURCE | test.py:541:10:541:10 | ControlFlowNode for b | Flow found |
-| test.py:548:10:548:10 | ControlFlowNode for a | test.py:546:10:546:15 | ControlFlowNode for SOURCE | test.py:548:10:548:10 | ControlFlowNode for a | Flow found |
-| test.py:556:10:556:10 | ControlFlowNode for a | test.py:554:10:554:15 | ControlFlowNode for SOURCE | test.py:556:10:556:10 | ControlFlowNode for a | Flow found |
-| test.py:558:10:558:10 | ControlFlowNode for c | test.py:554:30:554:35 | ControlFlowNode for SOURCE | test.py:558:10:558:10 | ControlFlowNode for c | Flow found |
-| test.py:565:10:565:10 | ControlFlowNode for a | test.py:563:13:563:18 | ControlFlowNode for SOURCE | test.py:565:10:565:10 | ControlFlowNode for a | Flow found |
-| test.py:573:10:573:10 | ControlFlowNode for a | test.py:571:10:571:15 | ControlFlowNode for SOURCE | test.py:573:10:573:10 | ControlFlowNode for a | Flow found |
-| test.py:575:10:575:13 | ControlFlowNode for Subscript | test.py:571:18:571:23 | ControlFlowNode for SOURCE | test.py:575:10:575:13 | ControlFlowNode for Subscript | Flow found |
-| test.py:576:12:576:12 | ControlFlowNode for c | test.py:571:18:571:23 | ControlFlowNode for SOURCE | test.py:576:12:576:12 | ControlFlowNode for c | Flow found |
-| test.py:583:10:583:10 | ControlFlowNode for a | test.py:581:10:581:15 | ControlFlowNode for SOURCE | test.py:583:10:583:10 | ControlFlowNode for a | Flow found |
-| test.py:585:10:585:10 | ControlFlowNode for c | test.py:581:18:581:23 | ControlFlowNode for SOURCE | test.py:585:10:585:10 | ControlFlowNode for c | Flow found |
-| test.py:594:10:594:11 | ControlFlowNode for a1 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:594:10:594:11 | ControlFlowNode for a1 | Flow found |
-| test.py:594:10:594:11 | ControlFlowNode for a1 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:594:10:594:11 | ControlFlowNode for a1 | Flow found |
-| test.py:594:10:594:11 | ControlFlowNode for a1 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:594:10:594:11 | ControlFlowNode for a1 | Flow found |
-| test.py:595:12:595:13 | ControlFlowNode for a2 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:595:12:595:13 | ControlFlowNode for a2 | Flow found |
-| test.py:595:12:595:13 | ControlFlowNode for a2 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:595:12:595:13 | ControlFlowNode for a2 | Flow found |
-| test.py:595:12:595:13 | ControlFlowNode for a2 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:595:12:595:13 | ControlFlowNode for a2 | Flow found |
-| test.py:596:10:596:11 | ControlFlowNode for a3 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:596:10:596:11 | ControlFlowNode for a3 | Flow found |
-| test.py:596:10:596:11 | ControlFlowNode for a3 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:596:10:596:11 | ControlFlowNode for a3 | Flow found |
-| test.py:596:10:596:11 | ControlFlowNode for a3 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:596:10:596:11 | ControlFlowNode for a3 | Flow found |
-| test.py:602:10:602:11 | ControlFlowNode for a1 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:602:10:602:11 | ControlFlowNode for a1 | Flow found |
-| test.py:602:10:602:11 | ControlFlowNode for a1 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:602:10:602:11 | ControlFlowNode for a1 | Flow found |
-| test.py:602:10:602:11 | ControlFlowNode for a1 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:602:10:602:11 | ControlFlowNode for a1 | Flow found |
-| test.py:603:12:603:13 | ControlFlowNode for a2 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:603:12:603:13 | ControlFlowNode for a2 | Flow found |
-| test.py:603:12:603:13 | ControlFlowNode for a2 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:603:12:603:13 | ControlFlowNode for a2 | Flow found |
-| test.py:603:12:603:13 | ControlFlowNode for a2 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:603:12:603:13 | ControlFlowNode for a2 | Flow found |
-| test.py:604:10:604:11 | ControlFlowNode for a3 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:604:10:604:11 | ControlFlowNode for a3 | Flow found |
-| test.py:604:10:604:11 | ControlFlowNode for a3 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:604:10:604:11 | ControlFlowNode for a3 | Flow found |
-| test.py:604:10:604:11 | ControlFlowNode for a3 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:604:10:604:11 | ControlFlowNode for a3 | Flow found |
-| test.py:610:10:610:11 | ControlFlowNode for a1 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:610:10:610:11 | ControlFlowNode for a1 | Flow found |
-| test.py:610:10:610:11 | ControlFlowNode for a1 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:610:10:610:11 | ControlFlowNode for a1 | Flow found |
-| test.py:610:10:610:11 | ControlFlowNode for a1 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:610:10:610:11 | ControlFlowNode for a1 | Flow found |
-| test.py:611:12:611:13 | ControlFlowNode for a2 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:611:12:611:13 | ControlFlowNode for a2 | Flow found |
-| test.py:611:12:611:13 | ControlFlowNode for a2 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:611:12:611:13 | ControlFlowNode for a2 | Flow found |
-| test.py:611:12:611:13 | ControlFlowNode for a2 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:611:12:611:13 | ControlFlowNode for a2 | Flow found |
-| test.py:612:10:612:11 | ControlFlowNode for a3 | test.py:590:12:590:17 | ControlFlowNode for SOURCE | test.py:612:10:612:11 | ControlFlowNode for a3 | Flow found |
-| test.py:612:10:612:11 | ControlFlowNode for a3 | test.py:590:31:590:36 | ControlFlowNode for SOURCE | test.py:612:10:612:11 | ControlFlowNode for a3 | Flow found |
-| test.py:612:10:612:11 | ControlFlowNode for a3 | test.py:590:41:590:46 | ControlFlowNode for SOURCE | test.py:612:10:612:11 | ControlFlowNode for a3 | Flow found |
-| test.py:622:10:622:11 | ControlFlowNode for a1 | test.py:618:12:618:17 | ControlFlowNode for SOURCE | test.py:622:10:622:11 | ControlFlowNode for a1 | Flow found |
-| test.py:624:12:624:16 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:624:12:624:16 | ControlFlowNode for Subscript | Flow found |
-| test.py:625:10:625:14 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:625:10:625:14 | ControlFlowNode for Subscript | Flow found |
-| test.py:631:10:631:11 | ControlFlowNode for a1 | test.py:618:12:618:17 | ControlFlowNode for SOURCE | test.py:631:10:631:11 | ControlFlowNode for a1 | Flow found |
-| test.py:633:12:633:16 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:633:12:633:16 | ControlFlowNode for Subscript | Flow found |
-| test.py:634:10:634:14 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:634:10:634:14 | ControlFlowNode for Subscript | Flow found |
-| test.py:640:10:640:11 | ControlFlowNode for a1 | test.py:618:12:618:17 | ControlFlowNode for SOURCE | test.py:640:10:640:11 | ControlFlowNode for a1 | Flow found |
-| test.py:642:12:642:16 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:642:12:642:16 | ControlFlowNode for Subscript | Flow found |
-| test.py:643:10:643:14 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:643:10:643:14 | ControlFlowNode for Subscript | Flow found |
-| test.py:649:10:649:11 | ControlFlowNode for a1 | test.py:618:12:618:17 | ControlFlowNode for SOURCE | test.py:649:10:649:11 | ControlFlowNode for a1 | Flow found |
-| test.py:651:12:651:16 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:651:12:651:16 | ControlFlowNode for Subscript | Flow found |
-| test.py:652:10:652:14 | ControlFlowNode for Subscript | test.py:618:31:618:36 | ControlFlowNode for SOURCE | test.py:652:10:652:14 | ControlFlowNode for Subscript | Flow found |
-| test.py:660:10:660:10 | ControlFlowNode for a | test.py:659:19:659:24 | ControlFlowNode for SOURCE | test.py:660:10:660:10 | ControlFlowNode for a | Flow found |
-| test.py:669:14:669:14 | ControlFlowNode for x | test.py:667:12:667:17 | ControlFlowNode for SOURCE | test.py:669:14:669:14 | ControlFlowNode for x | Flow found |
-| test.py:669:14:669:14 | ControlFlowNode for x | test.py:667:33:667:38 | ControlFlowNode for SOURCE | test.py:669:14:669:14 | ControlFlowNode for x | Flow found |
-| test.py:678:14:678:17 | ControlFlowNode for Subscript | test.py:675:12:675:17 | ControlFlowNode for SOURCE | test.py:678:14:678:17 | ControlFlowNode for Subscript | Flow found |
-| test.py:678:14:678:17 | ControlFlowNode for Subscript | test.py:675:33:675:38 | ControlFlowNode for SOURCE | test.py:678:14:678:17 | ControlFlowNode for Subscript | Flow found |
-| test.py:679:16:679:16 | ControlFlowNode for y | test.py:675:12:675:17 | ControlFlowNode for SOURCE | test.py:679:16:679:16 | ControlFlowNode for y | Flow found |
-| test.py:679:16:679:16 | ControlFlowNode for y | test.py:675:33:675:38 | ControlFlowNode for SOURCE | test.py:679:16:679:16 | ControlFlowNode for y | Flow found |
-| test.py:686:14:686:14 | ControlFlowNode for x | test.py:684:12:684:17 | ControlFlowNode for SOURCE | test.py:686:14:686:14 | ControlFlowNode for x | Flow found |
-| test.py:686:14:686:14 | ControlFlowNode for x | test.py:684:33:684:38 | ControlFlowNode for SOURCE | test.py:686:14:686:14 | ControlFlowNode for x | Flow found |
-| test.py:692:10:692:12 | ControlFlowNode for arg | test.py:697:7:697:12 | ControlFlowNode for SOURCE | test.py:692:10:692:12 | ControlFlowNode for arg | Flow found |
-| test.py:692:10:692:12 | ControlFlowNode for arg | test.py:698:43:698:48 | ControlFlowNode for SOURCE | test.py:692:10:692:12 | ControlFlowNode for arg | Flow found |
-| test.py:772:10:772:36 | ControlFlowNode for return_from_inner_scope() | test.py:769:16:769:21 | ControlFlowNode for SOURCE | test.py:772:10:772:36 | ControlFlowNode for return_from_inner_scope() | Flow found |
-| test.py:808:10:808:10 | ControlFlowNode for x | test.py:807:37:807:42 | ControlFlowNode for SOURCE | test.py:808:10:808:10 | ControlFlowNode for x | Flow found |
-| test.py:809:10:809:10 | ControlFlowNode for y | test.py:807:50:807:55 | ControlFlowNode for SOURCE | test.py:809:10:809:10 | ControlFlowNode for y | Flow found |
-| test.py:810:10:810:10 | ControlFlowNode for z | test.py:807:63:807:68 | ControlFlowNode for SOURCE | test.py:810:10:810:10 | ControlFlowNode for z | Flow found |
diff --git a/python/ql/test/experimental/dataflow/coverage/dataflow.ql b/python/ql/test/experimental/dataflow/coverage/dataflow.ql
deleted file mode 100644
index 868f24a598f..00000000000
--- a/python/ql/test/experimental/dataflow/coverage/dataflow.ql
+++ /dev/null
@@ -1,11 +0,0 @@
-/**
- * @kind path-problem
- */
-
-import python
-import experimental.dataflow.testConfig
-import DataFlow::PathGraph
-
-from TestConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Flow found"
diff --git a/python/ql/test/experimental/dataflow/coverage/datamodel.py b/python/ql/test/experimental/dataflow/coverage/datamodel.py
index f165e3d67e1..364dbb299d7 100644
--- a/python/ql/test/experimental/dataflow/coverage/datamodel.py
+++ b/python/ql/test/experimental/dataflow/coverage/datamodel.py
@@ -8,15 +8,30 @@
 # Intended sources should be the variable `SOURCE` and intended sinks should be
 # arguments to the function `SINK` (see python/ql/test/experimental/dataflow/testConfig.qll).
 
+import sys
+import os
+import functools
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
 # These are defined so that we can evaluate the test code.
 NONSOURCE = "not a source"
 SOURCE = "source"
 
+arg1 = "source1"
+arg2 = "source2"
+arg3 = "source3"
+arg4 = "source4"
+arg5 = "source5"
+arg6 = "source6"
+arg7 = "source7"
+
 def is_source(x):
     return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
 
-def SINK(x):
-    if is_source(x):
+def SINK(x, expected=SOURCE):
+    if is_source(x) or x == expected:
         print("OK")
     else:
         print("Unexpected flow", x)
@@ -27,6 +42,14 @@ def SINK_F(x):
     else:
         print("OK")
 
+SINK1 = functools.partial(SINK, expected=arg1)
+SINK2 = functools.partial(SINK, expected=arg2)
+SINK3 = functools.partial(SINK, expected=arg3)
+SINK4 = functools.partial(SINK, expected=arg4)
+SINK5 = functools.partial(SINK, expected=arg5)
+SINK6 = functools.partial(SINK, expected=arg6)
+SINK7 = functools.partial(SINK, expected=arg7)
+
 # Callable types
 # These are the types to which the function call operation (see section Calls) can be applied:
 
@@ -41,17 +64,19 @@ SINK(f(SOURCE, 3)) #$ flow="SOURCE -> f(..)"
 # An instance method object combines a class, a class instance and any callable object (normally a user-defined function).
 class C(object):
 
-    def method(self, x, cls):
-        assert cls is self.__class__
-        return x
+    def method(self, x, y):
+        SINK1(x)
+        SINK2(y)
 
     @classmethod
-    def classmethod(cls, x):
-        return x
+    def classmethod(cls, x, y):
+        SINK1(x)
+        SINK2(y)
 
     @staticmethod
-    def staticmethod(x):
-        return x
+    def staticmethod(x, y):
+        SINK1(x)
+        SINK2(y)
 
     def gen(self, x, count):
       n = count
@@ -64,22 +89,40 @@ class C(object):
 
 c = C()
 
-# When an instance method object is created by retrieving a user-defined function object from a class via one of its instances, its __self__ attribute is the instance, and the method object is said to be bound. The new method’s __func__ attribute is the original function object.
-func_obj = c.method.__func__
+@expects(6)
+def test_method_call():
+  # When an instance method object is created by retrieving a user-defined function object from a class via one of its instances, its __self__ attribute is the instance, and the method object is said to be bound. The new method’s __func__ attribute is the original function object.
+  func_obj = c.method.__func__
 
-# When an instance method object is called, the underlying function (__func__) is called, inserting the class instance (__self__) in front of the argument list. For instance, when C is a class which contains a definition for a function f(), and x is an instance of C, calling x.f(1) is equivalent to calling C.f(x, 1).
-SINK(c.method(SOURCE, C)) #$ flow="SOURCE -> c.method(..)"
-SINK(C.method(c, SOURCE, C)) #$ flow="SOURCE -> C.method(..)"
-SINK(func_obj(c, SOURCE, C)) #$ MISSING: flow="SOURCE -> func_obj(..)"
+  # When an instance method object is called, the underlying function (__func__) is called, inserting the class instance (__self__) in front of the argument list. For instance, when C is a class which contains a definition for a function f(), and x is an instance of C, calling x.f(1) is equivalent to calling C.f(x, 1).
+  c.method(arg1, arg2) # $ func=C.method arg1 arg2
+  C.method(c, arg1, arg2) # $ func=C.method arg1 arg2
+  func_obj(c, arg1, arg2) # $ MISSING: func=C.method arg1 arg2
 
 
-# When an instance method object is created by retrieving a class method object from a class or instance, its __self__ attribute is the class itself, and its __func__ attribute is the function object underlying the class method.
-c_func_obj = C.classmethod.__func__
+@expects(6)
+def test_classmethod_call():
+  # When an instance method object is created by retrieving a class method object from a class or instance, its __self__ attribute is the class itself, and its __func__ attribute is the function object underlying the class method.
+  c_func_obj = C.classmethod.__func__
+
+  # When an instance method object is derived from a class method object, the “class instance” stored in __self__ will actually be the class itself, so that calling either x.f(1) or C.f(1) is equivalent to calling f(C,1) where f is the underlying function.
+  c.classmethod(arg1, arg2) # $ func=C.classmethod arg1 arg2
+  C.classmethod(arg1, arg2) # $ func=C.classmethod arg1 arg2
+  c_func_obj(C, arg1, arg2) # $ MISSING: func=C.classmethod arg1 arg2
+
+
+@expects(5)
+def test_staticmethod_call():
+  # staticmethods does not have a __func__ attribute
+  try:
+    C.staticmethod.__func__
+  except AttributeError:
+    print("OK")
+
+  # When an instance method object is derived from a class method object, the “class instance” stored in __self__ will actually be the class itself, so that calling either x.f(1) or C.f(1) is equivalent to calling f(C,1) where f is the underlying function.
+  c.staticmethod(arg1, arg2) # $ func=C.staticmethod arg1 arg2
+  C.staticmethod(arg1, arg2) # $ func=C.staticmethod arg1 arg2
 
-# When an instance method object is derived from a class method object, the “class instance” stored in __self__ will actually be the class itself, so that calling either x.f(1) or C.f(1) is equivalent to calling f(C,1) where f is the underlying function.
-SINK(c.classmethod(SOURCE)) #$ flow="SOURCE -> c.classmethod(..)"
-SINK(C.classmethod(SOURCE)) #$ flow="SOURCE -> C.classmethod(..)"
-SINK(c_func_obj(C, SOURCE)) #$ MISSING: flow="SOURCE -> c_func_obj(..)"
 
 # Generator functions
 # A function or method which uses the yield statement (see section The yield statement) is called a generator function. Such a function, when called, always returns an iterator object which can be used to execute the body of the function: calling the iterator’s iterator.__next__() method will cause the function to execute until it provides a value using the yield statement. When the function executes a return statement or falls off the end, a StopIteration exception is raised and the iterator will have reached the end of the set of values to be returned.
diff --git a/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected
new file mode 100644
index 00000000000..a1e3de562f5
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected
@@ -0,0 +1,24 @@
+| file://:0:0:0:0 | Function generator_func | generator.py:1:20:1:21 | ControlFlowNode for xs |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for ListComp |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for Yield |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for x |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:19:2:19 | ControlFlowNode for x |
+| file://:0:0:0:0 | Function generator_func | generator.py:2:24:2:25 | ControlFlowNode for xs |
+| file://:0:0:0:0 | Module class_example | class_example.py:1:1:1:3 | ControlFlowNode for wat |
+| file://:0:0:0:0 | Module class_example | class_example.py:1:7:1:7 | ControlFlowNode for IntegerLiteral |
+| file://:0:0:0:0 | Module class_example | class_example.py:3:1:3:10 | ControlFlowNode for ClassExpr |
+| file://:0:0:0:0 | Module class_example | class_example.py:3:7:3:9 | ControlFlowNode for Wat |
+| file://:0:0:0:0 | Module class_example | class_example.py:4:5:4:7 | ControlFlowNode for wat |
+| file://:0:0:0:0 | Module class_example | class_example.py:4:11:4:11 | ControlFlowNode for IntegerLiteral |
+| file://:0:0:0:0 | Module class_example | class_example.py:5:5:5:9 | ControlFlowNode for print |
+| file://:0:0:0:0 | Module class_example | class_example.py:5:5:5:26 | ControlFlowNode for print() |
+| file://:0:0:0:0 | Module class_example | class_example.py:5:11:5:20 | ControlFlowNode for Str |
+| file://:0:0:0:0 | Module class_example | class_example.py:5:23:5:25 | ControlFlowNode for wat |
+| file://:0:0:0:0 | Module class_example | class_example.py:7:1:7:5 | ControlFlowNode for print |
+| file://:0:0:0:0 | Module class_example | class_example.py:7:1:7:23 | ControlFlowNode for print() |
+| file://:0:0:0:0 | Module class_example | class_example.py:7:7:7:17 | ControlFlowNode for Str |
+| file://:0:0:0:0 | Module class_example | class_example.py:7:20:7:22 | ControlFlowNode for wat |
+| file://:0:0:0:0 | Module generator | generator.py:1:1:1:23 | ControlFlowNode for FunctionExpr |
+| file://:0:0:0:0 | Module generator | generator.py:1:5:1:18 | ControlFlowNode for generator_func |
diff --git a/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.ql b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.ql
new file mode 100644
index 00000000000..1fa6a8ffc54
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.ql
@@ -0,0 +1,6 @@
+import python
+import semmle.python.dataflow.new.DataFlow
+
+from DataFlow::CfgNode node
+where exists(node.getLocation().getFile().getRelativePath())
+select node.getEnclosingCallable() as enclosingCallable, node
diff --git a/python/ql/test/experimental/dataflow/enclosing-callable/class_example.py b/python/ql/test/experimental/dataflow/enclosing-callable/class_example.py
new file mode 100644
index 00000000000..389b293d2bd
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/enclosing-callable/class_example.py
@@ -0,0 +1,7 @@
+wat = 1
+
+class Wat:
+    wat = 2
+    print("in class", wat) # prints 2
+
+print("in module", wat) # prints 1
diff --git a/python/ql/test/experimental/dataflow/enclosing-callable/generator.py b/python/ql/test/experimental/dataflow/enclosing-callable/generator.py
new file mode 100644
index 00000000000..56b6202abd7
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/enclosing-callable/generator.py
@@ -0,0 +1,2 @@
+def generator_func(xs):
+    return [x for x in xs]
diff --git a/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/fieldflow/test.py b/python/ql/test/experimental/dataflow/fieldflow/test.py
index d8d4b5f6fe0..100ab6aac70 100644
--- a/python/ql/test/experimental/dataflow/fieldflow/test.py
+++ b/python/ql/test/experimental/dataflow/fieldflow/test.py
@@ -13,7 +13,17 @@ def is_source(x):
     return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
 
 
-def SINK(x):
+def SINK(x, *, not_present_at_runtime=False):
+    # not_present_at_runtime supports use-cases where we want flow from data-flow layer
+    # (so we want to use SINK), but we end up in a siaution where it's not possible to
+    # actually get flow from a source at runtime. The only use-case is for the
+    # cross-talk tests, where our ability to use if-then-else is limited because doing
+    # so would make cfg-splitting kick in, and that would solve the problem trivially
+    # (by the splitting).
+    if not_present_at_runtime:
+        print("OK")
+        return
+
     if is_source(x):
         print("OK")
     else:
@@ -39,33 +49,55 @@ class MyObj(object):
         self.foo = foo
 
 def setFoo(obj, x):
-    SINK_F(obj.foo)
     obj.foo = x
 
-@expects(2) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+
+@expects(3) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
 def test_indirect_assign():
-    myobj = MyObj("OK")
+    myobj = MyObj(NONSOURCE)
+    SINK_F(myobj.foo)
 
     setFoo(myobj, SOURCE)
     SINK(myobj.foo) # $ flow="SOURCE, l:-1 -> myobj.foo"
 
+    setFoo(myobj, NONSOURCE)
+    SINK_F(myobj.foo) # $ SPURIOUS: flow="SOURCE, l:-4 -> myobj.foo"
 
+
+@expects(3) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
 def test_indirect_assign_method():
-    myobj = MyObj("OK")
+    myobj = MyObj(NONSOURCE)
+    SINK_F(myobj.foo)
 
     myobj.setFoo(SOURCE)
     SINK(myobj.foo) # $ flow="SOURCE, l:-1 -> myobj.foo"
 
+    myobj.setFoo(NONSOURCE)
+    SINK_F(myobj.foo) # $ SPURIOUS: flow="SOURCE, l:-4 -> myobj.foo"
 
+
+@expects(3) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_indirect_assign_bound_method():
+    myobj = MyObj(NONSOURCE)
+    SINK_F(myobj.foo)
+
+    sf = myobj.setFoo
+
+    sf(SOURCE)
+    SINK(myobj.foo) # $ MISSING: flow="SOURCE, l:-1 -> myobj.foo"
+
+    sf(NONSOURCE)
+    SINK_F(myobj.foo)
+
+
+@expects(3) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
 def test_direct_assign():
     myobj = MyObj(NONSOURCE)
+    SINK_F(myobj.foo)
+
     myobj.foo = SOURCE
     SINK(myobj.foo) # $ flow="SOURCE, l:-1 -> myobj.foo"
 
-
-def test_direct_assign_overwrite():
-    myobj = MyObj(NONSOURCE)
-    myobj.foo = SOURCE
     myobj.foo = NONSOURCE
     SINK_F(myobj.foo)
 
@@ -160,6 +192,164 @@ def test_nested_obj_method():
     a.getObj().foo = x
     SINK(a.obj.foo) # $ flow="SOURCE, l:-3 -> a.obj.foo"
 
+
+# ------------------------------------------------------------------------------
+# Field access on compound arguments
+# ------------------------------------------------------------------------------
+
+# TODO: Add support for this, see https://github.com/github/codeql/pull/10444
+
+@expects(5) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_field_on_compound_arg(cond_true=True, cond_false=False):
+    class Ex:
+        def __init__(self):
+            self.attr = None
+
+    def set_attr(obj):
+        obj.attr = SOURCE
+
+    x = Ex()
+    y = Ex()
+    set_attr(x if cond_true else y)
+    SINK(x.attr) # $ MISSING: flow
+
+    x = Ex()
+    y = Ex()
+    set_attr(x if cond_false else y)
+    SINK(y.attr) # $ MISSING: flow
+
+    x = Ex()
+    y = Ex()
+    z = Ex()
+    set_attr(x if cond_false else (y if cond_true else z))
+    SINK_F(x.attr) # $ MISSING: flow
+    SINK(y.attr) # $ MISSING: flow
+    SINK_F(z.attr) # $ MISSING: flow
+
+# ------------------------------------------------------------------------------
+# Crosstalk test -- using different function based on conditional
+# ------------------------------------------------------------------------------
+# NOTE: These tests use `SINK(objy.y, not_present_at_runtime=True)` since it's not
+# possible to use if-then-else statements, since that would make cfg-splitting kick in,
+# and that would solve the problem trivially (by the splitting).
+
+class CrosstalkTestX:
+    def __init__(self):
+        self.x = None
+        self.y = None
+
+    def setx(self, value):
+        self.x = value
+
+    def setvalue(self, value):
+        self.x = value
+
+
+class CrosstalkTestY:
+    def __init__(self):
+        self.x = None
+        self.y = None
+
+    def sety(self ,value):
+        self.y = value
+
+    def setvalue(self, value):
+        self.y = value
+
+
+@expects(8) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_no_crosstalk_reference(cond=True):
+    objx = CrosstalkTestX()
+    SINK_F(objx.x)
+    SINK_F(objx.y)
+
+    objy = CrosstalkTestY()
+    SINK_F(objy.x)
+    SINK_F(objy.y)
+
+    if cond:
+        objx.setvalue(SOURCE)
+    else:
+        objy.setvalue(SOURCE)
+
+    SINK(objx.x) # $ flow="SOURCE, l:-4 -> objx.x"
+    SINK_F(objx.y)
+    SINK_F(objy.x)
+    SINK(objy.y, not_present_at_runtime=True) # $ flow="SOURCE, l:-5 -> objy.y"
+
+
+@expects(8) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_potential_crosstalk_different_name(cond=True):
+    objx = CrosstalkTestX()
+    SINK_F(objx.x)
+    SINK_F(objx.y)
+
+    objy = CrosstalkTestY()
+    SINK_F(objy.x)
+    SINK_F(objy.y)
+
+    if cond:
+        func = objx.setx
+    else:
+        func = objy.sety
+
+    func(SOURCE)
+
+    SINK(objx.x) # $ MISSING: flow="SOURCE, l:-2 -> objx.x"
+    SINK_F(objx.y)
+    SINK_F(objy.x)
+    SINK(objy.y, not_present_at_runtime=True) # $ MISSING: flow="SOURCE, l:-5 -> objy.y"
+
+
+@expects(8) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_potential_crosstalk_same_name(cond=True):
+    objx = CrosstalkTestX()
+    SINK_F(objx.x)
+    SINK_F(objx.y)
+
+    objy = CrosstalkTestY()
+    SINK_F(objy.x)
+    SINK_F(objy.y)
+
+    if cond:
+        func = objx.setvalue
+    else:
+        func = objy.setvalue
+
+    func(SOURCE)
+
+    SINK(objx.x) # $ MISSING: flow="SOURCE, l:-2 -> objx.x"
+    SINK_F(objx.y)
+    SINK_F(objy.x)
+    SINK(objy.y, not_present_at_runtime=True) # $ MISSING: flow="SOURCE, l:-5 -> objy.y"
+
+
+@expects(10) # $ unresolved_call=expects(..) unresolved_call=expects(..)(..)
+def test_potential_crosstalk_same_name_object_reference(cond=True):
+    objx = CrosstalkTestX()
+    SINK_F(objx.x)
+    SINK_F(objx.y)
+
+    objy = CrosstalkTestY()
+    SINK_F(objy.x)
+    SINK_F(objy.y)
+
+    if cond:
+        obj = objx
+    else:
+        obj = objy
+
+    obj.setvalue(SOURCE)
+
+    SINK(objx.x) # $ MISSING: flow="SOURCE, l:-2 -> objx.x"
+    SINK_F(objx.y)
+    SINK_F(objy.x)
+    SINK(objy.y, not_present_at_runtime=True) # $ MISSING: flow="SOURCE, l:-5 -> objy.y"
+
+    SINK(obj.x) # $ flow="SOURCE, l:-7 -> obj.x"
+    SINK(obj.y, not_present_at_runtime=True) # $ flow="SOURCE, l:-8 -> obj.y"
+
+
 # ------------------------------------------------------------------------------
 # Global scope
 # ------------------------------------------------------------------------------
diff --git a/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/match/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/testConfig.qll b/python/ql/test/experimental/dataflow/testConfig.qll
index 03815e2f7f9..addbeefeebf 100644
--- a/python/ql/test/experimental/dataflow/testConfig.qll
+++ b/python/ql/test/experimental/dataflow/testConfig.qll
@@ -38,9 +38,10 @@ class TestConfiguration extends DataFlow::Configuration {
   }
 
   override predicate isSink(DataFlow::Node node) {
-    exists(CallNode call |
-      call.getFunction().(NameNode).getId() in ["SINK", "SINK_F"] and
-      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    exists(DataFlow::CallCfgNode call |
+      call.getFunction().asCfgNode().(NameNode).getId() in ["SINK", "SINK_F"] and
+      (node = call.getArg(_) or node = call.getArgByName(_)) and
+      not node = call.getArgByName("not_present_at_runtime")
     )
   }
 
diff --git a/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/dataflow/typetracking_imports/pkg/use.py b/python/ql/test/experimental/dataflow/typetracking_imports/pkg/use.py
index 023af8684f2..a23ddc54b2d 100644
--- a/python/ql/test/experimental/dataflow/typetracking_imports/pkg/use.py
+++ b/python/ql/test/experimental/dataflow/typetracking_imports/pkg/use.py
@@ -6,8 +6,8 @@ test_direct_import()
 
 
 def test_alias_problem():
-    from .alias_problem import foo # $ MISSING: tracked
-    print(foo) # $ MISSING: tracked
+    from .alias_problem import foo # $ tracked
+    print(foo) # $ tracked
 
 test_alias_problem()
 
@@ -34,8 +34,8 @@ test_alias_only_direct()
 
 
 def test_problem_absolute_import():
-    from pkg.problem_absolute_import import foo # $ MISSING: tracked
-    print(foo) # $ MISSING: tracked
+    from pkg.problem_absolute_import import foo # $ tracked
+    print(foo) # $ tracked
 
 test_problem_absolute_import()
 
diff --git a/python/ql/test/experimental/dataflow/validTest.py b/python/ql/test/experimental/dataflow/validTest.py
index 9d277747d80..c2280521113 100644
--- a/python/ql/test/experimental/dataflow/validTest.py
+++ b/python/ql/test/experimental/dataflow/validTest.py
@@ -63,6 +63,7 @@ if __name__ == "__main__":
     check_tests_valid("coverage.classes")
     check_tests_valid("coverage.test")
     check_tests_valid("coverage.argumentPassing")
+    check_tests_valid("coverage.datamodel")
     check_tests_valid("variable-capture.in")
     check_tests_valid("variable-capture.nonlocal")
     check_tests_valid("variable-capture.dict")
diff --git a/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
+++ b/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/experimental/import-resolution/attr_clash/__init__.py b/python/ql/test/experimental/import-resolution/attr_clash/__init__.py
new file mode 100644
index 00000000000..d210fbd703b
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/attr_clash/__init__.py
@@ -0,0 +1,6 @@
+from trace import *
+enter(__file__)
+
+clashing_attr = "clashing_attr"
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/attr_clash/clashing_attr.py b/python/ql/test/experimental/import-resolution/attr_clash/clashing_attr.py
new file mode 100644
index 00000000000..7544594893b
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/attr_clash/clashing_attr.py
@@ -0,0 +1,4 @@
+from trace import *
+enter(__file__)
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/attr_clash/non_clashing_submodule.py b/python/ql/test/experimental/import-resolution/attr_clash/non_clashing_submodule.py
new file mode 100644
index 00000000000..7544594893b
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/attr_clash/non_clashing_submodule.py
@@ -0,0 +1,4 @@
+from trace import *
+enter(__file__)
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/bar.py b/python/ql/test/experimental/import-resolution/bar.py
new file mode 100644
index 00000000000..5cb6339be17
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/bar.py
@@ -0,0 +1,6 @@
+from trace import *
+enter(__file__)
+
+bar_attr = "bar_attr"
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/foo.py b/python/ql/test/experimental/import-resolution/foo.py
new file mode 100644
index 00000000000..d112007ad03
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/foo.py
@@ -0,0 +1,14 @@
+from trace import *
+enter(__file__)
+
+# A simple attribute. Used in main.py
+foo_attr = "foo_attr"
+
+# A private attribute. Accessible from main.py despite this.
+__private_foo_attr = "__private_foo_attr"
+
+# A reexport of bar under a new name. Used in main.py
+import bar as bar_reexported #$ imports=bar as=bar_reexported
+check("bar_reexported.bar_attr", bar_reexported.bar_attr, "bar_attr", globals()) #$ prints=bar_attr
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/importflow.expected b/python/ql/test/experimental/import-resolution/importflow.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/python/ql/test/experimental/import-resolution/importflow.ql b/python/ql/test/experimental/import-resolution/importflow.ql
new file mode 100644
index 00000000000..e6e51afa963
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/importflow.ql
@@ -0,0 +1,125 @@
+import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.ApiGraphs
+import TestUtilities.InlineExpectationsTest
+import semmle.python.dataflow.new.internal.ImportResolution
+
+/** A string that appears on the right hand side of an assignment. */
+private class SourceString extends DataFlow::Node {
+  string contents;
+
+  SourceString() {
+    this.asExpr().(StrConst).getText() = contents and
+    this.asExpr().getParent() instanceof Assign
+  }
+
+  string getContents() { result = contents }
+}
+
+/** An argument that is checked using the `check` function. */
+private class CheckArgument extends DataFlow::Node {
+  CheckArgument() { this = API::moduleImport("trace").getMember("check").getACall().getArg(1) }
+}
+
+/** A data-flow node that is a reference to a module. */
+private class ModuleRef extends DataFlow::Node {
+  Module mod;
+
+  ModuleRef() {
+    this = ImportResolution::getModuleReference(mod) and
+    not mod.getName() in ["__future__", "trace"]
+  }
+
+  string getName() { result = mod.getName() }
+}
+
+/**
+ * A data-flow node that is guarded by a version check. Only supports checks of the form `if
+ *sys.version_info[0] == ...` where the right hand side is either `2` or `3`.
+ */
+private class VersionGuardedNode extends DataFlow::Node {
+  int version;
+
+  VersionGuardedNode() {
+    version in [2, 3] and
+    exists(If parent, CompareNode c | parent.getBody().contains(this.asExpr()) |
+      c.operands(API::moduleImport("sys")
+            .getMember("version_info")
+            .getASubscript()
+            .asSource()
+            .asCfgNode(), any(Eq eq),
+        any(IntegerLiteral lit | lit.getValue() = version).getAFlowNode())
+    )
+  }
+
+  int getVersion() { result = version }
+}
+
+private class ImportConfiguration extends DataFlow::Configuration {
+  ImportConfiguration() { this = "ImportConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof SourceString }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink = API::moduleImport("trace").getMember("check").getACall().getArg(1)
+  }
+}
+
+class ResolutionTest extends InlineExpectationsTest {
+  ResolutionTest() { this = "ResolutionTest" }
+
+  override string getARelevantTag() { result = "prints" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    (
+      exists(DataFlow::PathNode source, DataFlow::PathNode sink, ImportConfiguration config |
+        config.hasFlowPath(source, sink) and
+        not sink.getNode() instanceof VersionGuardedNode and
+        tag = "prints" and
+        location = sink.getNode().getLocation() and
+        value = source.getNode().(SourceString).getContents() and
+        element = sink.getNode().toString()
+      )
+      or
+      exists(ModuleRef ref |
+        not ref instanceof VersionGuardedNode and
+        ref instanceof CheckArgument and
+        tag = "prints" and
+        location = ref.getLocation() and
+        value = "\"<module " + ref.getName() + ">\"" and
+        element = ref.toString()
+      )
+    )
+  }
+}
+
+private string getTagForVersion(int version) {
+  result = "prints" + version and
+  version = major_version()
+}
+
+class VersionSpecificResolutionTest extends InlineExpectationsTest {
+  VersionSpecificResolutionTest() { this = "VersionSpecificResolutionTest" }
+
+  override string getARelevantTag() { result = getTagForVersion(_) }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    (
+      exists(DataFlow::PathNode source, DataFlow::PathNode sink, ImportConfiguration config |
+        config.hasFlowPath(source, sink) and
+        tag = getTagForVersion(sink.getNode().(VersionGuardedNode).getVersion()) and
+        location = sink.getNode().getLocation() and
+        value = source.getNode().(SourceString).getContents() and
+        element = sink.getNode().toString()
+      )
+      or
+      exists(ModuleRef ref |
+        ref instanceof CheckArgument and
+        tag = getTagForVersion(ref.(VersionGuardedNode).getVersion()) and
+        location = ref.getLocation() and
+        value = "\"<module " + ref.getName() + ">\"" and
+        element = ref.toString()
+      )
+    )
+  }
+}
diff --git a/python/ql/test/experimental/import-resolution/imports.expected b/python/ql/test/experimental/import-resolution/imports.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/python/ql/test/experimental/import-resolution/imports.ql b/python/ql/test/experimental/import-resolution/imports.ql
new file mode 100644
index 00000000000..e5d357c5ef4
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/imports.ql
@@ -0,0 +1,49 @@
+import python
+import TestUtilities.InlineExpectationsTest
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.internal.ImportResolution
+
+private class ImmediateModuleRef extends DataFlow::Node {
+  Module mod;
+  string alias;
+
+  ImmediateModuleRef() {
+    this = ImportResolution::getImmediateModuleReference(mod) and
+    not mod.getName() in ["__future__", "trace"] and
+    this.asExpr() = any(Alias a | alias = a.getAsname().(Name).getId()).getAsname()
+  }
+
+  Module getModule() { result = mod }
+
+  string getAsname() { result = alias }
+}
+
+class ImportTest extends InlineExpectationsTest {
+  ImportTest() { this = "ImportTest" }
+
+  override string getARelevantTag() { result = "imports" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(ImmediateModuleRef ref |
+      tag = "imports" and
+      location = ref.getLocation() and
+      value = ref.getModule().getName() and
+      element = ref.toString()
+    )
+  }
+}
+
+class AliasTest extends InlineExpectationsTest {
+  AliasTest() { this = "AliasTest" }
+
+  override string getARelevantTag() { result = "as" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(ImmediateModuleRef ref |
+      tag = "as" and
+      location = ref.getLocation() and
+      value = ref.getAsname() and
+      element = ref.toString()
+    )
+  }
+}
diff --git a/python/ql/test/experimental/import-resolution/main.py b/python/ql/test/experimental/import-resolution/main.py
new file mode 100644
index 00000000000..45c84559fb6
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/main.py
@@ -0,0 +1,94 @@
+#! /usr/bin/env python3
+"""
+A slightly complicated test setup. I wanted to both make sure I captured
+the semantics of Python and also the fact that the kinds of global flow
+we expect to see are indeed present.
+
+The code is executable, and prints out both when the execution reaches
+certain files, and also what values are assigned to the various
+attributes that are referenced throughout the program. These values are
+validated in the test as well.
+
+My original version used introspection to avoid referencing attributes
+directly (thus enabling better error diagnostics), but unfortunately
+that made it so that the model couldn't follow what was going on.
+
+The current setup is a bit clunky (and Python's scoping rules makes it
+especially so -- cf. the explicit calls to `globals` and `locals`), but
+I think it does the job okay.
+"""
+
+from __future__ import print_function
+import sys
+from trace import *
+enter(__file__)
+
+# A simple import. Binds foo to the foo module
+import foo #$ imports=foo as=foo
+check("foo.foo_attr", foo.foo_attr, "foo_attr", globals()) #$ prints=foo_attr
+
+# Private attributes are still accessible.
+check("foo.__private_foo_attr", foo.__private_foo_attr, "__private_foo_attr", globals()) #$ prints=__private_foo_attr
+
+# An aliased import, binding foo to foo_alias
+import foo as foo_alias #$ imports=foo as=foo_alias
+check("foo_alias.foo_attr", foo_alias.foo_attr, "foo_attr", globals()) #$ prints=foo_attr
+
+# A reference to a reexported module
+check("foo.bar_reexported", foo.bar_reexported, "<module bar>", globals()) #$ prints="<module bar>"
+check("foo.bar_reexported.bar_attr", foo.bar_reexported.bar_attr, "bar_attr", globals()) #$ prints=bar_attr
+
+# A simple "import from" statement.
+from bar import bar_attr
+check("bar_attr", bar_attr, "bar_attr", globals()) #$ prints=bar_attr
+
+# Importing an attribute from a subpackage of a package.
+from package.subpackage import subpackage_attr
+check("subpackage_attr", subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr
+
+# Importing a package attribute under an alias.
+from package import package_attr as package_attr_alias
+check("package_attr_alias", package_attr_alias,  "package_attr", globals()) #$ prints=package_attr
+
+# Importing a subpackage under an alias.
+from package import subpackage as aliased_subpackage #$ imports=package.subpackage.__init__ as=aliased_subpackage
+check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr
+
+def local_import():
+    # Same as above, but in a local scope.
+    import package.subpackage as local_subpackage #$ imports=package.subpackage.__init__ as=local_subpackage
+    check("local_subpackage.subpackage_attr", local_subpackage.subpackage_attr, "subpackage_attr", locals()) #$ prints=subpackage_attr
+
+local_import()
+
+# Importing a subpacking using `import` and binding it to a name.
+import package.subpackage as aliased_subpackage #$ imports=package.subpackage.__init__ as=aliased_subpackage
+check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr
+
+# Importing without binding instead binds the top level name.
+import package.subpackage #$ imports=package.__init__ as=package
+check("package.package_attr", package.package_attr, "package_attr", globals()) #$ prints=package_attr
+
+# Deep imports
+import package.subpackage.submodule #$ imports=package.__init__ as=package
+check("package.subpackage.submodule.submodule_attr", package.subpackage.submodule.submodule_attr, "submodule_attr", globals()) #$ prints=submodule_attr
+
+
+if sys.version_info[0] == 3:
+    # Importing from a namespace module.
+    from namespace_package.namespace_module import namespace_module_attr
+    check("namespace_module_attr", namespace_module_attr, "namespace_module_attr", globals()) #$ prints3=namespace_module_attr
+
+
+from attr_clash import clashing_attr, non_clashing_submodule #$ imports=attr_clash.clashing_attr as=clashing_attr imports=attr_clash.non_clashing_submodule as=non_clashing_submodule
+check("clashing_attr", clashing_attr, "clashing_attr", globals()) #$ prints=clashing_attr SPURIOUS: prints="<module attr_clash.clashing_attr>"
+check("non_clashing_submodule", non_clashing_submodule, "<module attr_clash.non_clashing_submodule>", globals()) #$ prints="<module attr_clash.non_clashing_submodule>"
+
+exit(__file__)
+
+print()
+
+if status() == 0:
+    print("PASS")
+else:
+    print("FAIL")
diff --git a/python/ql/test/experimental/import-resolution/namespace_package/namespace_module.py b/python/ql/test/experimental/import-resolution/namespace_package/namespace_module.py
new file mode 100644
index 00000000000..2c831662f47
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/namespace_package/namespace_module.py
@@ -0,0 +1,6 @@
+from trace import *
+enter(__file__)
+
+namespace_module_attr = "namespace_module_attr"
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/package/__init__.py b/python/ql/test/experimental/import-resolution/package/__init__.py
new file mode 100644
index 00000000000..ee2e3211a2c
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/package/__init__.py
@@ -0,0 +1,7 @@
+from trace import *
+enter(__file__)
+
+attr_used_in_subpackage = "attr_used_in_subpackage"
+package_attr = "package_attr"
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py b/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py
new file mode 100644
index 00000000000..86cc92dd37b
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py
@@ -0,0 +1,14 @@
+from trace import *
+enter(__file__)
+
+subpackage_attr = "subpackage_attr"
+
+# Importing an attribute from the parent package.
+from .. import attr_used_in_subpackage as imported_attr
+check("imported_attr", imported_attr,  "attr_used_in_subpackage", globals()) #$ prints=attr_used_in_subpackage
+
+# Importing an irrelevant attribute from a sibling module binds the name to the module.
+from .submodule import irrelevant_attr
+check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ prints=submodule_attr
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/package/subpackage/submodule.py b/python/ql/test/experimental/import-resolution/package/subpackage/submodule.py
new file mode 100644
index 00000000000..89f9dd497a4
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/package/subpackage/submodule.py
@@ -0,0 +1,7 @@
+from trace import *
+enter(__file__)
+
+submodule_attr = "submodule_attr"
+irrelevant_attr = "irrelevant_attr"
+
+exit(__file__)
diff --git a/python/ql/test/experimental/import-resolution/trace.py b/python/ql/test/experimental/import-resolution/trace.py
new file mode 100644
index 00000000000..90d8efba3fb
--- /dev/null
+++ b/python/ql/test/experimental/import-resolution/trace.py
@@ -0,0 +1,52 @@
+from __future__ import print_function
+
+_indent_level = 0
+
+_print = print
+
+def print(*args, **kwargs):
+    _print("  " * _indent_level, end="")
+    _print(*args, **kwargs)
+
+def enter(file_name):
+    global _indent_level
+    print("Entering {}".format(file_name))
+    _indent_level += 1
+
+def exit(file_name):
+    global _indent_level
+    _indent_level -= 1
+    print("Leaving {}".format(file_name))
+
+_status = 0
+
+def status():
+    return _status
+
+def check(attr_path, actual_value, expected_value, bindings):
+    global _status
+    parts = attr_path.split(".")
+    base, parts = parts[0], parts[1:]
+    if base not in bindings:
+        print("Error: {} not in bindings".format(base))
+        _status = 1
+        return
+    val = bindings[base]
+    for part in parts:
+        if not hasattr(val, part):
+            print("Error: Unknown attribute {}".format(part))
+            _status = 1
+            return
+        val = getattr(val, part)
+    if val != actual_value:
+        print("Error: Value at path {} and actual value are out of sync! {} != {}".format(attr_path, val, actual_value))
+        _status = 1
+    if str(val).startswith("<module"):
+        val = "<module " + val.__name__ + ">"
+    if val != expected_value:
+        print("Error: Expected {} to be {}, got {}".format(attr_path, expected_value, val))
+        _status = 1
+        return
+    print("OK: {} = {}".format(attr_path, val))
+
+__all__ = ["enter", "exit", "check", "status"]
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.expected b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.expected
new file mode 100644
index 00000000000..c847f9a8aa2
--- /dev/null
+++ b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.expected
@@ -0,0 +1,5 @@
+failures
+debug_callableNotUnique
+pointsTo_found_typeTracker_notFound
+| example.py:22:1:22:16 | ControlFlowNode for explicit_afunc() | explicit_afunc |
+typeTracker_found_pointsTo_notFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.qlref b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.qlref
new file mode 100644
index 00000000000..25117a4582b
--- /dev/null
+++ b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/InlineCallGraphTest.qlref
@@ -0,0 +1 @@
+../CallGraph/InlineCallGraphTest.ql
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.expected b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.expected
deleted file mode 100644
index 349d99b46d8..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.expected
+++ /dev/null
@@ -1,6 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-expectedCallEdgeNotFound
-| example.py:19:1:19:7 | afunc() | foo/bar/a.py:2:1:2:12 | Function afunc |
-unexpectedCallEdgeFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.qlref b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.qlref
deleted file mode 100644
index da8a0d1631a..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/PointsTo.qlref
+++ /dev/null
@@ -1 +0,0 @@
-../CallGraph/PointsTo.ql
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.expected b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.expected
deleted file mode 100644
index 38aab0b5888..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.expected
+++ /dev/null
@@ -1,6 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-pointsTo_found_typeTracker_notFound
-| example.py:22:1:22:16 | explicit_afunc() | foo_explicit/bar/a.py:2:1:2:21 | Function explicit_afunc |
-pointsTo_notFound_typeTracker_found
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.qlref b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.qlref
deleted file mode 100644
index 2ffa6c10d51..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/Relative.qlref
+++ /dev/null
@@ -1 +0,0 @@
-../CallGraph/Relative.ql
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.expected b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.expected
deleted file mode 100644
index 5283683a6a5..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.expected
+++ /dev/null
@@ -1,7 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-expectedCallEdgeNotFound
-| example.py:19:1:19:7 | afunc() | foo/bar/a.py:2:1:2:12 | Function afunc |
-| example.py:22:1:22:16 | explicit_afunc() | foo_explicit/bar/a.py:2:1:2:21 | Function explicit_afunc |
-unexpectedCallEdgeFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.qlref b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.qlref
deleted file mode 100644
index 60c029a5510..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/TypeTracker.qlref
+++ /dev/null
@@ -1 +0,0 @@
-../CallGraph/TypeTracker.ql
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/example.py b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/example.py
index 35d56620af7..75ad8a9db11 100644
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/example.py
+++ b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/example.py
@@ -5,18 +5,18 @@ This is not included in the standard `CallGraph/code` folder, since we're testin
 understanding import work properly, so it's better to have a clean test setup that is
 obviously correct (the other one isn't in regards to imports).
 
-Technically this is part of PEP 420 -- Implicit Namespace Packages, but does use the
+Technically this is part of PEP 420 -- Implicit Namespace Packages, but does not use the
 *real* namespace package feature of allowing source code for a single package to reside
 in multiple places.
 
+Maybe this should have been an import resolution test, and not a call-graph test ¯\_(ツ)_/¯
+
 Since PEP 420 was accepted in Python 3, this test is Python 3 only.
 """
 
 from foo.bar.a import afunc
 from foo_explicit.bar.a import explicit_afunc
 
-# calls:afunc
-afunc()
+afunc() # $ MISSING: pt,tt=afunc
 
-# calls:explicit_afunc
-explicit_afunc()
+explicit_afunc() # $ pt=explicit_afunc MISSING: tt=explicit_afunc
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo/bar/a.py b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo/bar/a.py
index a294b33191e..bc639f6c537 100644
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo/bar/a.py
+++ b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo/bar/a.py
@@ -1,4 +1,3 @@
-# name:afunc
 def afunc():
   print("afunc called")
   return 1
diff --git a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo_explicit/bar/a.py b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo_explicit/bar/a.py
index 616c3fddca1..c84d63cfce2 100644
--- a/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo_explicit/bar/a.py
+++ b/python/ql/test/experimental/library-tests/CallGraph-implicit-init/foo_explicit/bar/a.py
@@ -1,4 +1,3 @@
-# name:explicit_afunc
 def explicit_afunc():
   print("explicit_afunc called")
   return 1
diff --git a/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.expected b/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.expected
deleted file mode 100644
index 680cee0e8b2..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.expected
+++ /dev/null
@@ -1,18 +0,0 @@
-debug_missingAnnotationForCallable
-| annotation_xfail.py:10:1:10:24 | callable_not_annotated() | This call is annotated with 'callable_not_annotated', but no callable with that annotation was extracted. Please fix. |
-debug_nonUniqueAnnotationForCallable
-| annotation_xfail.py:13:1:13:17 | Function non_unique | Multiple callables are annotated with 'non_unique'. Please fix. |
-| annotation_xfail.py:17:1:17:26 | Function too_much_copy_paste | Multiple callables are annotated with 'non_unique'. Please fix. |
-debug_missingAnnotationForCall
-| annotation_xfail.py:2:1:2:24 | Function no_annotated_call | This callable is annotated with 'no_annotated_call', but no call with that annotation was extracted. Please fix. |
-expectedCallEdgeNotFound
-| call_edge_xfail.py:36:1:36:11 | xfail_foo() | call_edge_xfail.py:8:1:8:16 | Function xfail_bar |
-| call_edge_xfail.py:39:1:39:11 | xfail_baz() | call_edge_xfail.py:8:1:8:16 | Function xfail_bar |
-unexpectedCallEdgeFound
-| call_edge_xfail.py:29:1:29:6 | func() | call_edge_xfail.py:4:1:4:16 | Function xfail_foo | Call resolved to the callable named 'xfail_foo' but was not annotated as such |
-| call_edge_xfail.py:29:1:29:6 | func() | call_edge_xfail.py:8:1:8:16 | Function xfail_bar | Call resolved to the callable named 'xfail_bar' but was not annotated as such |
-| call_edge_xfail.py:30:1:30:11 | xfail_foo() | call_edge_xfail.py:4:1:4:16 | Function xfail_foo | Call resolved to the callable named 'xfail_foo' but was not annotated as such |
-| call_edge_xfail.py:31:1:31:14 | xfail_lambda() | call_edge_xfail.py:15:16:15:44 | Function lambda | Call resolved to the callable named 'xfail_lambda' but was not annotated as such |
-| call_edge_xfail.py:36:1:36:11 | xfail_foo() | call_edge_xfail.py:4:1:4:16 | Function xfail_foo | Call resolved to the callable named 'xfail_foo' but was not annotated as such |
-| call_edge_xfail.py:39:1:39:11 | xfail_baz() | call_edge_xfail.py:11:1:11:16 | Function xfail_baz | Annotated call resolved to unannotated callable |
-| call_edge_xfail.py:43:1:43:6 | func() | call_edge_xfail.py:8:1:8:16 | Function xfail_bar | Call resolved to the callable named 'xfail_bar' but was not annotated as such |
diff --git a/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.qlref b/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.qlref
deleted file mode 100644
index da8a0d1631a..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-xfail/PointsTo.qlref
+++ /dev/null
@@ -1 +0,0 @@
-../CallGraph/PointsTo.ql
diff --git a/python/ql/test/experimental/library-tests/CallGraph-xfail/README.md b/python/ql/test/experimental/library-tests/CallGraph-xfail/README.md
deleted file mode 100644
index 39021bce2a1..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-xfail/README.md
+++ /dev/null
@@ -1 +0,0 @@
-Test that show our failure handling in [CallGraph](../CallGraph/) works as expected.
diff --git a/python/ql/test/experimental/library-tests/CallGraph-xfail/annotation_xfail.py b/python/ql/test/experimental/library-tests/CallGraph-xfail/annotation_xfail.py
deleted file mode 100644
index f8dbf88aa02..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-xfail/annotation_xfail.py
+++ /dev/null
@@ -1,21 +0,0 @@
-# name:no_annotated_call
-def no_annotated_call():
-    pass
-
-def callable_not_annotated():
-    pass
-
-no_annotated_call()
-# calls:callable_not_annotated
-callable_not_annotated()
-
-# name:non_unique
-def non_unique():
-    pass
-
-# name:non_unique
-def too_much_copy_paste():
-    pass
-
-# calls:non_unique
-non_unique()
diff --git a/python/ql/test/experimental/library-tests/CallGraph-xfail/call_edge_xfail.py b/python/ql/test/experimental/library-tests/CallGraph-xfail/call_edge_xfail.py
deleted file mode 100644
index e72e02e376b..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph-xfail/call_edge_xfail.py
+++ /dev/null
@@ -1,43 +0,0 @@
-import sys
-
-# name:xfail_foo
-def xfail_foo():
-    print('xfail_foo')
-
-# name:xfail_bar
-def xfail_bar():
-    print('xfail_bar')
-
-def xfail_baz():
-    print('xfail_baz')
-
-# name:xfail_lambda
-xfail_lambda = lambda: print('xfail_lambda')
-
-if len(sys.argv) >= 2 and not sys.argv[1] in ['0', 'False', 'false']:
-    func = xfail_foo
-else:
-    func = xfail_bar
-
-# Correct usage to suppress bad annotation errors
-# calls:xfail_foo calls:xfail_bar
-func()
-# calls:xfail_lambda
-xfail_lambda()
-
-# These are not annotated, and will give rise to unexpectedCallEdgeFound
-func()
-xfail_foo()
-xfail_lambda()
-
-# These are annotated wrongly, and will give rise to unexpectedCallEdgeFound
-
-# calls:xfail_bar
-xfail_foo()
-
-# calls:xfail_bar
-xfail_baz()
-
-# The annotation is incomplete (does not include the call to xfail_bar)
-# calls:xfail_foo
-func()
diff --git a/python/ql/test/experimental/library-tests/CallGraph/CallGraphTest.qll b/python/ql/test/experimental/library-tests/CallGraph/CallGraphTest.qll
deleted file mode 100644
index 0f8b3162980..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/CallGraphTest.qll
+++ /dev/null
@@ -1,147 +0,0 @@
-import python
-
-/** Gets the comment on the line above `ast` */
-Comment commentFor(AstNode ast) {
-  exists(int line | line = ast.getLocation().getStartLine() - 1 |
-    result
-        .getLocation()
-        .hasLocationInfo(ast.getLocation().getFile().getAbsolutePath(), line, _, line, _)
-  )
-}
-
-/** Gets the value from `tag:value` in the comment for `ast` */
-string getAnnotation(AstNode ast, string tag) {
-  exists(Comment comment, string match, string theRegex |
-    theRegex = "([\\w]+):([\\w.]+)" and
-    comment = commentFor(ast) and
-    match = comment.getText().regexpFind(theRegex, _, _) and
-    tag = match.regexpCapture(theRegex, 1) and
-    result = match.regexpCapture(theRegex, 2)
-  )
-}
-
-/** Gets a callable annotated with `name:name` */
-Function annotatedCallable(string name) { name = getAnnotation(result, "name") }
-
-/** Gets a call annotated with `calls:name` */
-Call annotatedCall(string name) { name = getAnnotation(result, "calls") }
-
-predicate missingAnnotationForCallable(string name, Call call) {
-  call = annotatedCall(name) and
-  not exists(annotatedCallable(name))
-}
-
-predicate nonUniqueAnnotationForCallable(string name, Function callable) {
-  strictcount(annotatedCallable(name)) > 1 and
-  callable = annotatedCallable(name)
-}
-
-predicate missingAnnotationForCall(string name, Function callable) {
-  not exists(annotatedCall(name)) and
-  callable = annotatedCallable(name)
-}
-
-/** There is an obvious problem with the annotation `name` */
-predicate nameInErrorState(string name) {
-  missingAnnotationForCallable(name, _)
-  or
-  nonUniqueAnnotationForCallable(name, _)
-  or
-  missingAnnotationForCall(name, _)
-}
-
-/** Source code has annotation with `name` showing that `call` will call `callable` */
-predicate annotatedCallEdge(string name, Call call, Function callable) {
-  not nameInErrorState(name) and
-  call = annotatedCall(name) and
-  callable = annotatedCallable(name)
-}
-
-// ------------------------- Annotation debug query predicates -------------------------
-query predicate debug_missingAnnotationForCallable(Call call, string message) {
-  exists(string name |
-    message =
-      "This call is annotated with '" + name +
-        "', but no callable with that annotation was extracted. Please fix." and
-    missingAnnotationForCallable(name, call)
-  )
-}
-
-query predicate debug_nonUniqueAnnotationForCallable(Function callable, string message) {
-  exists(string name |
-    message = "Multiple callables are annotated with '" + name + "'. Please fix." and
-    nonUniqueAnnotationForCallable(name, callable)
-  )
-}
-
-query predicate debug_missingAnnotationForCall(Function callable, string message) {
-  exists(string name |
-    message =
-      "This callable is annotated with '" + name +
-        "', but no call with that annotation was extracted. Please fix." and
-    missingAnnotationForCall(name, callable)
-  )
-}
-
-// ------------------------- Call Graph resolution -------------------------
-private newtype TCallGraphResolver =
-  TPointsToResolver() or
-  TTypeTrackerResolver()
-
-/** A method of call graph resolution */
-abstract class CallGraphResolver extends TCallGraphResolver {
-  abstract predicate callEdge(Call call, Function callable);
-
-  /**
-   * Holds if annotations show that `call` will call `callable`,
-   * but our call graph resolver was not able to figure that out
-   */
-  predicate expectedCallEdgeNotFound(Call call, Function callable) {
-    annotatedCallEdge(_, call, callable) and
-    not this.callEdge(call, callable)
-  }
-
-  /**
-   * Holds if there are no annotations that show that `call` will call `callable` (where at least one of these are annotated),
-   * but the call graph resolver claims that `call` will call `callable`
-   */
-  predicate unexpectedCallEdgeFound(Call call, Function callable, string message) {
-    this.callEdge(call, callable) and
-    not annotatedCallEdge(_, call, callable) and
-    (
-      exists(string name |
-        message = "Call resolved to the callable named '" + name + "' but was not annotated as such" and
-        callable = annotatedCallable(name) and
-        not nameInErrorState(name)
-      )
-      or
-      exists(string name |
-        message = "Annotated call resolved to unannotated callable" and
-        call = annotatedCall(name) and
-        not nameInErrorState(name) and
-        not exists( | callable = annotatedCallable(_))
-      )
-    )
-  }
-
-  string toString() { result = "CallGraphResolver" }
-}
-
-/** A call graph resolver based on the existing points-to analysis */
-class PointsToResolver extends CallGraphResolver, TPointsToResolver {
-  override predicate callEdge(Call call, Function callable) {
-    exists(PythonFunctionValue funcValue |
-      funcValue.getScope() = callable and
-      call = funcValue.getACall().getNode()
-    )
-  }
-
-  override string toString() { result = "PointsToResolver" }
-}
-
-/** A call graph resolved based on Type Trackers */
-class TypeTrackerResolver extends CallGraphResolver, TTypeTrackerResolver {
-  override predicate callEdge(Call call, Function callable) { none() }
-
-  override string toString() { result = "TypeTrackerResolver" }
-}
diff --git a/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected b/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected
new file mode 100644
index 00000000000..02d08ac4c81
--- /dev/null
+++ b/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected
@@ -0,0 +1,22 @@
+failures
+debug_callableNotUnique
+| code/class_advanced.py:18:5:18:18 | Function arg | Qualified function name 'B.arg' is not unique. Please fix. |
+| code/class_advanced.py:23:5:23:25 | Function arg | Qualified function name 'B.arg' is not unique. Please fix. |
+pointsTo_found_typeTracker_notFound
+| code/class_simple.py:24:1:24:15 | ControlFlowNode for Attribute() | A.some_method |
+| code/class_simple.py:25:1:25:21 | ControlFlowNode for Attribute() | A.some_staticmethod |
+| code/class_simple.py:26:1:26:20 | ControlFlowNode for Attribute() | A.some_classmethod |
+| code/class_simple.py:28:1:28:21 | ControlFlowNode for Attribute() | A.some_staticmethod |
+| code/class_simple.py:29:1:29:20 | ControlFlowNode for Attribute() | A.some_classmethod |
+| code/runtime_decision.py:18:1:18:6 | ControlFlowNode for func() | rd_bar |
+| code/runtime_decision.py:18:1:18:6 | ControlFlowNode for func() | rd_foo |
+| code/runtime_decision.py:26:1:26:7 | ControlFlowNode for func2() | rd_bar |
+| code/runtime_decision.py:26:1:26:7 | ControlFlowNode for func2() | rd_foo |
+| code/simple.py:15:1:15:5 | ControlFlowNode for foo() | foo |
+| code/simple.py:16:1:16:14 | ControlFlowNode for indirect_foo() | foo |
+| code/simple.py:17:1:17:5 | ControlFlowNode for bar() | bar |
+| code/simple.py:18:1:18:5 | ControlFlowNode for lam() | lambda[simple.py:12:7] |
+| code/underscore_prefix_func_name.py:18:5:18:19 | ControlFlowNode for some_function() | some_function |
+| code/underscore_prefix_func_name.py:21:5:21:19 | ControlFlowNode for some_function() | some_function |
+| code/underscore_prefix_func_name.py:24:1:24:21 | ControlFlowNode for _works_since_called() | _works_since_called |
+typeTracker_found_pointsTo_notFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.ql b/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.ql
new file mode 100644
index 00000000000..50ad10bd191
--- /dev/null
+++ b/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.ql
@@ -0,0 +1,68 @@
+import python
+import TestUtilities.InlineExpectationsTest
+
+/** Holds when `call` is resolved to `callable` using points-to based call-graph. */
+predicate pointsToCallEdge(CallNode call, Function callable) {
+  exists(PythonFunctionValue funcValue |
+    funcValue.getScope() = callable and
+    call = funcValue.getACall()
+  )
+}
+
+/** Holds when `call` is resolved to `callable` using type-tracking based call-graph. */
+predicate typeTrackerCallEdge(CallNode call, Function callable) { none() }
+
+class CallGraphTest extends InlineExpectationsTest {
+  CallGraphTest() { this = "CallGraphTest" }
+
+  override string getARelevantTag() { result in ["pt", "tt"] }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(location.getFile().getRelativePath()) and
+    exists(CallNode call, Function target |
+      tag = "tt" and
+      typeTrackerCallEdge(call, target)
+      or
+      tag = "pt" and
+      pointsToCallEdge(call, target)
+    |
+      location = call.getLocation() and
+      element = call.toString() and
+      value = betterQualName(target)
+    )
+  }
+}
+
+bindingset[func]
+string betterQualName(Function func) {
+  // note: `target.getQualifiedName` for Lambdas is just "lambda", so is not very useful :|
+  not func.isLambda() and
+  result = func.getQualifiedName()
+  or
+  func.isLambda() and
+  result =
+    "lambda[" + func.getLocation().getFile().getShortName() + ":" +
+      func.getLocation().getStartLine() + ":" + func.getLocation().getStartColumn() + "]"
+}
+
+query predicate debug_callableNotUnique(Function callable, string message) {
+  exists(Function f | f != callable and f.getQualifiedName() = callable.getQualifiedName()) and
+  message =
+    "Qualified function name '" + callable.getQualifiedName() + "' is not unique. Please fix."
+}
+
+query predicate pointsTo_found_typeTracker_notFound(CallNode call, string qualname) {
+  exists(Function target |
+    pointsToCallEdge(call, target) and
+    not typeTrackerCallEdge(call, target) and
+    qualname = betterQualName(target)
+  )
+}
+
+query predicate typeTracker_found_pointsTo_notFound(CallNode call, string qualname) {
+  exists(Function target |
+    not pointsToCallEdge(call, target) and
+    typeTrackerCallEdge(call, target) and
+    qualname = betterQualName(target)
+  )
+}
diff --git a/python/ql/test/experimental/library-tests/CallGraph/PointsTo.expected b/python/ql/test/experimental/library-tests/CallGraph/PointsTo.expected
deleted file mode 100644
index e7db0fde98c..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/PointsTo.expected
+++ /dev/null
@@ -1,6 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-expectedCallEdgeNotFound
-| code/underscore_prefix_func_name.py:16:5:16:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-unexpectedCallEdgeFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph/PointsTo.ql b/python/ql/test/experimental/library-tests/CallGraph/PointsTo.ql
deleted file mode 100644
index f86842f2fe4..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/PointsTo.ql
+++ /dev/null
@@ -1,10 +0,0 @@
-import python
-import CallGraphTest
-
-query predicate expectedCallEdgeNotFound(Call call, Function callable) {
-  any(PointsToResolver r).expectedCallEdgeNotFound(call, callable)
-}
-
-query predicate unexpectedCallEdgeFound(Call call, Function callable, string message) {
-  any(PointsToResolver r).unexpectedCallEdgeFound(call, callable, message)
-}
diff --git a/python/ql/test/experimental/library-tests/CallGraph/README.md b/python/ql/test/experimental/library-tests/CallGraph/README.md
deleted file mode 100644
index 0fbf6bdac9d..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Call Graph Tests
-
-A small testing framework for our call graph resolution. It relies on manual annotation of calls and callables, **and will only include output if something is wrong**. For example, if we are not able to resolve that the `foo()` call will call the `foo` function, that should give an alert.
-
-```py
-# name:foo
-def foo():
-    pass
-# calls:foo
-foo()
-```
-
-This is greatly inspired by [`CallGraphs/AnnotatedTest`](https://github.com/github/codeql/blob/696d19cb1440b6f6a75c6a2c1319e18860ceb436/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.ql) from JavaScript.
-
-IMPORTANT: Names used in annotations are not scoped, so must be unique globally. (this is a bit annoying, but makes things simple). If multiple identical annotations are used, an error message will be output.
-
-Important files:
-
-- `CallGraphTest.qll`: main code to find annotated calls/callables and setting everything up.
-- `PointsTo.ql`: results when using points-to for call graph resolution.
-- `TypeTracker.ql`: results when using TypeTracking for call graph resolution.
-- `Relative.ql`: differences between using points-to and TypeTracking.
-- `code/` contains the actual Python code we test against (included by `test.py`).
-
-All queries will also execute some `debug_*` predicates. These highlight any obvious problems with the annotation setup, and so there should never be any results committed. To show that this works as expected, see the [CallGraph-xfail](../CallGraph-xfail/)  which uses symlinked versions of the files in this directory (can't include as subdir, so has to be a sibling).
-
-## `options` file
-
-If the value for `--max-import-depth` is set so that `import random` will extract `random.py` from the standard library, BUT NO transitive imports are extracted, then points-to analysis will fail to handle the following snippet.
-
-```py
-import random
-if random.random() < 0.5:
-    func = foo
-else:
-    func = bar
-func()
-```
diff --git a/python/ql/test/experimental/library-tests/CallGraph/Relative.expected b/python/ql/test/experimental/library-tests/CallGraph/Relative.expected
deleted file mode 100644
index 9882dda21bf..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/Relative.expected
+++ /dev/null
@@ -1,20 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-pointsTo_found_typeTracker_notFound
-| code/class_simple.py:28:1:28:15 | Attribute() | code/class_simple.py:8:5:8:26 | Function some_method |
-| code/class_simple.py:30:1:30:21 | Attribute() | code/class_simple.py:13:5:13:28 | Function some_staticmethod |
-| code/class_simple.py:32:1:32:20 | Attribute() | code/class_simple.py:18:5:18:30 | Function some_classmethod |
-| code/class_simple.py:35:1:35:21 | Attribute() | code/class_simple.py:13:5:13:28 | Function some_staticmethod |
-| code/class_simple.py:37:1:37:20 | Attribute() | code/class_simple.py:18:5:18:30 | Function some_classmethod |
-| code/runtime_decision.py:21:1:21:6 | func() | code/runtime_decision.py:8:1:8:13 | Function rd_foo |
-| code/runtime_decision.py:21:1:21:6 | func() | code/runtime_decision.py:12:1:12:13 | Function rd_bar |
-| code/runtime_decision.py:30:1:30:7 | func2() | code/runtime_decision.py:8:1:8:13 | Function rd_foo |
-| code/runtime_decision.py:30:1:30:7 | func2() | code/runtime_decision.py:12:1:12:13 | Function rd_bar |
-| code/simple.py:19:1:19:5 | foo() | code/simple.py:2:1:2:10 | Function foo |
-| code/simple.py:21:1:21:14 | indirect_foo() | code/simple.py:2:1:2:10 | Function foo |
-| code/simple.py:23:1:23:5 | bar() | code/simple.py:10:1:10:10 | Function bar |
-| code/simple.py:25:1:25:5 | lam() | code/simple.py:15:7:15:36 | Function lambda |
-| code/underscore_prefix_func_name.py:21:5:21:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-| code/underscore_prefix_func_name.py:25:5:25:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-pointsTo_notFound_typeTracker_found
diff --git a/python/ql/test/experimental/library-tests/CallGraph/Relative.ql b/python/ql/test/experimental/library-tests/CallGraph/Relative.ql
deleted file mode 100644
index f62e4d21cbd..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/Relative.ql
+++ /dev/null
@@ -1,14 +0,0 @@
-import python
-import CallGraphTest
-
-query predicate pointsTo_found_typeTracker_notFound(Call call, Function callable) {
-  annotatedCallEdge(_, call, callable) and
-  any(PointsToResolver r).callEdge(call, callable) and
-  not any(TypeTrackerResolver r).callEdge(call, callable)
-}
-
-query predicate pointsTo_notFound_typeTracker_found(Call call, Function callable) {
-  annotatedCallEdge(_, call, callable) and
-  not any(PointsToResolver r).callEdge(call, callable) and
-  any(TypeTrackerResolver r).callEdge(call, callable)
-}
diff --git a/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.expected b/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.expected
deleted file mode 100644
index 5fc5376ca25..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.expected
+++ /dev/null
@@ -1,21 +0,0 @@
-debug_missingAnnotationForCallable
-debug_nonUniqueAnnotationForCallable
-debug_missingAnnotationForCall
-expectedCallEdgeNotFound
-| code/class_simple.py:28:1:28:15 | Attribute() | code/class_simple.py:8:5:8:26 | Function some_method |
-| code/class_simple.py:30:1:30:21 | Attribute() | code/class_simple.py:13:5:13:28 | Function some_staticmethod |
-| code/class_simple.py:32:1:32:20 | Attribute() | code/class_simple.py:18:5:18:30 | Function some_classmethod |
-| code/class_simple.py:35:1:35:21 | Attribute() | code/class_simple.py:13:5:13:28 | Function some_staticmethod |
-| code/class_simple.py:37:1:37:20 | Attribute() | code/class_simple.py:18:5:18:30 | Function some_classmethod |
-| code/runtime_decision.py:21:1:21:6 | func() | code/runtime_decision.py:8:1:8:13 | Function rd_foo |
-| code/runtime_decision.py:21:1:21:6 | func() | code/runtime_decision.py:12:1:12:13 | Function rd_bar |
-| code/runtime_decision.py:30:1:30:7 | func2() | code/runtime_decision.py:8:1:8:13 | Function rd_foo |
-| code/runtime_decision.py:30:1:30:7 | func2() | code/runtime_decision.py:12:1:12:13 | Function rd_bar |
-| code/simple.py:19:1:19:5 | foo() | code/simple.py:2:1:2:10 | Function foo |
-| code/simple.py:21:1:21:14 | indirect_foo() | code/simple.py:2:1:2:10 | Function foo |
-| code/simple.py:23:1:23:5 | bar() | code/simple.py:10:1:10:10 | Function bar |
-| code/simple.py:25:1:25:5 | lam() | code/simple.py:15:7:15:36 | Function lambda |
-| code/underscore_prefix_func_name.py:16:5:16:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-| code/underscore_prefix_func_name.py:21:5:21:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-| code/underscore_prefix_func_name.py:25:5:25:19 | some_function() | code/underscore_prefix_func_name.py:10:1:10:20 | Function some_function |
-unexpectedCallEdgeFound
diff --git a/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.ql b/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.ql
deleted file mode 100644
index a62332e3839..00000000000
--- a/python/ql/test/experimental/library-tests/CallGraph/TypeTracker.ql
+++ /dev/null
@@ -1,10 +0,0 @@
-import python
-import CallGraphTest
-
-query predicate expectedCallEdgeNotFound(Call call, Function callable) {
-  any(TypeTrackerResolver r).expectedCallEdgeNotFound(call, callable)
-}
-
-query predicate unexpectedCallEdgeFound(Call call, Function callable, string message) {
-  any(TypeTrackerResolver r).unexpectedCallEdgeFound(call, callable, message)
-}
diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/class_simple.py b/python/ql/test/experimental/library-tests/CallGraph/code/class_simple.py
index 7309620b3ec..f201e648e3a 100644
--- a/python/ql/test/experimental/library-tests/CallGraph/code/class_simple.py
+++ b/python/ql/test/experimental/library-tests/CallGraph/code/class_simple.py
@@ -4,17 +4,14 @@ class A(object):
         print('A.__init__', arg)
         self.arg = arg
 
-    # name:A.some_method
     def some_method(self):
         print('A.some_method', self)
 
     @staticmethod
-    # name:A.some_staticmethod
     def some_staticmethod():
         print('A.some_staticmethod')
 
     @classmethod
-    # name:A.some_classmethod
     def some_classmethod(cls):
         print('A.some_classmethod', cls)
 
@@ -24,14 +21,9 @@ class A(object):
 # However, current test setup uses "callable" for naming, and expects things to be Function.
 a = A(42)
 
-# calls:A.some_method
-a.some_method()
-# calls:A.some_staticmethod
-a.some_staticmethod()
-# calls:A.some_classmethod
-a.some_classmethod()
+a.some_method() # $ pt=A.some_method
+a.some_staticmethod() # $ pt=A.some_staticmethod
+a.some_classmethod() # $ pt=A.some_classmethod
 
-# calls:A.some_staticmethod
-A.some_staticmethod()
-# calls:A.some_classmethod
-A.some_classmethod()
+A.some_staticmethod() # $ pt=A.some_staticmethod
+A.some_classmethod() # $ pt=A.some_classmethod
diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py b/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py
index fd2f7773ced..3c4ebbb73e1 100644
--- a/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py
+++ b/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py
@@ -4,11 +4,9 @@ import random
 # hmm, annoying that you have to keep names unique across files :|
 # since I like to use foo and bar ALL the time :D
 
-# name:rd_foo
 def rd_foo():
     print('rd_foo')
 
-# name:rd_bar
 def rd_bar():
     print('rd_bar')
 
@@ -17,8 +15,7 @@ if len(sys.argv) >= 2 and not sys.argv[1] in ['0', 'False', 'false']:
 else:
     func = rd_bar
 
-# calls:rd_foo calls:rd_bar
-func()
+func() # $ pt=rd_foo pt=rd_bar
 
 # Random doesn't work with points-to :O
 if random.random() < 0.5:
@@ -26,5 +23,4 @@ if random.random() < 0.5:
 else:
     func2 = rd_bar
 
-# calls:rd_foo calls:rd_bar
-func2()
+func2() # $ pt=rd_foo pt=rd_bar
diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/simple.py b/python/ql/test/experimental/library-tests/CallGraph/code/simple.py
index d3c39e42fd5..ac07ace93b2 100644
--- a/python/ql/test/experimental/library-tests/CallGraph/code/simple.py
+++ b/python/ql/test/experimental/library-tests/CallGraph/code/simple.py
@@ -1,4 +1,3 @@
-# name:foo
 def foo():
     print("foo called")
 
@@ -6,22 +5,16 @@ def foo():
 indirect_foo = foo
 
 
-# name:bar
 def bar():
     print("bar called")
 
 
-# name:lam
 lam = lambda: print("lambda called")
 
 
-# calls:foo
-foo()
-# calls:foo
-indirect_foo()
-# calls:bar
-bar()
-# calls:lam
-lam()
+foo() # $ pt=foo
+indirect_foo() # $ pt=foo
+bar() # $ pt=bar
+lam() # $ pt=lambda[simple.py:12:7]
 
 # python -m trace --trackcalls simple.py
diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/underscore_prefix_func_name.py b/python/ql/test/experimental/library-tests/CallGraph/code/underscore_prefix_func_name.py
index 1ec87efd757..fb3f5fc45a8 100644
--- a/python/ql/test/experimental/library-tests/CallGraph/code/underscore_prefix_func_name.py
+++ b/python/ql/test/experimental/library-tests/CallGraph/code/underscore_prefix_func_name.py
@@ -6,23 +6,19 @@
 # points-to information about the `open` call in
 # https://google-gruyere.appspot.com/code/gruyere.py on line 227
 
-# name:some_function
 def some_function():
     print('some_function')
 
 def _ignored():
     print('_ignored')
-    # calls:some_function
     some_function()
 
 def _works_since_called():
     print('_works_since_called')
-    # calls:some_function
-    some_function()
+    some_function() # $ pt=some_function
 
 def works_even_though_not_called():
-    # calls:some_function
-    some_function()
+    some_function() # $ pt=some_function
 
 globals()['_ignored']()
-_works_since_called()
+_works_since_called() # $ pt=_works_since_called
diff --git a/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected b/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected
index 9fedaf9f663..410b626ffff 100644
--- a/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected
+++ b/python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected
@@ -6,6 +6,8 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +19,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/library-tests/frameworks/data/test.ql b/python/ql/test/library-tests/frameworks/data/test.ql
index 00411a5f95f..6c7639dc0c3 100644
--- a/python/ql/test/library-tests/frameworks/data/test.ql
+++ b/python/ql/test/library-tests/frameworks/data/test.ql
@@ -7,78 +7,78 @@ private import semmle.python.ApiGraphs
 
 class Steps extends ModelInput::SummaryModelCsv {
   override predicate row(string row) {
-    // package;type;path;input;output;kind
+    // type;path;input;output;kind
     row =
       [
-        "testlib;;Member[Steps].Member[preserveTaint].Call;Argument[0];ReturnValue;taint",
-        "testlib;;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
-        "testlib;;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
-        "testlib;;Member[Steps].Member[preserveAllButFirstArgument].Call;Argument[1..];ReturnValue;taint",
+        "testlib;Member[Steps].Member[preserveTaint].Call;Argument[0];ReturnValue;taint",
+        "testlib;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
+        "testlib;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
+        "testlib;Member[Steps].Member[preserveAllButFirstArgument].Call;Argument[1..];ReturnValue;taint",
       ]
   }
 }
 
 class Types extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
-    // package1;type1;package2;type2;path
+    // type1;type2;path
     row =
       [
-        "testlib;Alias;testlib;;Member[alias].ReturnValue",
-        "testlib;Alias;testlib;Alias;Member[chain].ReturnValue",
+        "testlib.Alias;testlib;Member[alias].ReturnValue",
+        "testlib.Alias;testlib.Alias;Member[chain].ReturnValue",
       ]
   }
 }
 
 class Sinks extends ModelInput::SinkModelCsv {
   override predicate row(string row) {
-    // package;type;path;kind
+    // type;path;kind
     row =
       [
-        "testlib;;Member[mySink].Argument[0,sinkName:];test-sink",
+        "testlib;Member[mySink].Argument[0,sinkName:];test-sink",
         // testing argument syntax
-        "testlib;;Member[Args].Member[arg0].Argument[0];test-sink", //
-        "testlib;;Member[Args].Member[arg1to3].Argument[1..3];test-sink", //
-        "testlib;;Member[Args].Member[lastarg].Argument[N-1];test-sink", //
-        "testlib;;Member[Args].Member[nonFist].Argument[1..];test-sink", //
+        "testlib;Member[Args].Member[arg0].Argument[0];test-sink", //
+        "testlib;Member[Args].Member[arg1to3].Argument[1..3];test-sink", //
+        "testlib;Member[Args].Member[lastarg].Argument[N-1];test-sink", //
+        "testlib;Member[Args].Member[nonFist].Argument[1..];test-sink", //
         // callsite filter.
-        "testlib;;Member[CallFilter].Member[arityOne].WithArity[1].Argument[any];test-sink", //
-        "testlib;;Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..];test-sink", //
+        "testlib;Member[CallFilter].Member[arityOne].WithArity[1].Argument[any];test-sink", //
+        "testlib;Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..];test-sink", //
         // testing non-positional arguments
-        "testlib;;Member[ArgPos].Instance.Member[self_thing].Argument[self];test-sink", //
+        "testlib;Member[ArgPos].Instance.Member[self_thing].Argument[self];test-sink", //
         // any argument
-        "testlib;;Member[ArgPos].Member[anyParam].Argument[any];test-sink", //
-        "testlib;;Member[ArgPos].Member[anyNamed].Argument[any-named];test-sink", //
+        "testlib;Member[ArgPos].Member[anyParam].Argument[any];test-sink", //
+        "testlib;Member[ArgPos].Member[anyNamed].Argument[any-named];test-sink", //
         // testing package syntax
-        "foo1.bar;;Member[baz1].Argument[any];test-sink", //
-        "foo2;;Member[bar].Member[baz2].Argument[any];test-sink", //
+        "foo1.bar;Member[baz1].Argument[any];test-sink", //
+        "foo2;Member[bar].Member[baz2].Argument[any];test-sink", //
       ]
   }
 }
 
 class Sources extends ModelInput::SourceModelCsv {
-  // package;type;path;kind
+  // type;path;kind
   override predicate row(string row) {
     row =
       [
-        "testlib;;Member[getSource].ReturnValue;test-source", //
-        "testlib;Alias;;test-source",
+        "testlib;Member[getSource].ReturnValue;test-source", //
+        "testlib.Alias;;test-source",
         // testing parameter syntax
-        "testlib;;Member[Callbacks].Member[first].Argument[0].Parameter[0];test-source", //
-        "testlib;;Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3];test-source", //
-        "testlib;;Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..];test-source", //
+        "testlib;Member[Callbacks].Member[first].Argument[0].Parameter[0];test-source", //
+        "testlib;Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3];test-source", //
+        "testlib;Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..];test-source", //
         // Common tokens.
-        "testlib;;Member[CommonTokens].Member[makePromise].ReturnValue.Awaited;test-source", //
-        "testlib;;Member[CommonTokens].Member[Class].Instance;test-source", //
-        "testlib;;Member[CommonTokens].Member[Super].Subclass.Instance;test-source", //
+        "testlib;Member[CommonTokens].Member[makePromise].ReturnValue.Awaited;test-source", //
+        "testlib;Member[CommonTokens].Member[Class].Instance;test-source", //
+        "testlib;Member[CommonTokens].Member[Super].Subclass.Instance;test-source", //
         // method
-        "testlib;;Member[CommonTokens].Member[Class].Instance.Method[foo];test-source", //
+        "testlib;Member[CommonTokens].Member[Class].Instance.Method[foo];test-source", //
         // testing non-positional arguments
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self];test-source", //
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:];test-source", //
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..];test-source", //
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0];test-source", //
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any];test-source", //
-        "testlib;;Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any];test-source", //
+        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named];test-source", //
       ]
   }
 }
@@ -111,13 +111,16 @@ class SyntaxErrorTest extends ModelInput::SinkModelCsv {
   override predicate row(string row) {
     row =
       [
-        "testlib;;Member[foo],Member[bar];test-sink", "testlib;;Member[foo] Member[bar];test-sink",
-        "testlib;;Member[foo]. Member[bar];test-sink",
-        "testlib;;Member[foo], Member[bar];test-sink",
-        "testlib;;Member[foo]..Member[bar];test-sink",
-        "testlib;;Member[foo] .Member[bar];test-sink", "testlib;;Member[foo]Member[bar];test-sink",
-        "testlib;;Member[foo;test-sink", "testlib;;Member[foo]];test-sink",
-        "testlib;;Member[foo]].Member[bar];test-sink"
+        "testlib;Member[foo],Member[bar];test-sink", //
+        "testlib;Member[foo] Member[bar];test-sink", //
+        "testlib;Member[foo]. Member[bar];test-sink", //
+        "testlib;Member[foo], Member[bar];test-sink", //
+        "testlib;Member[foo]..Member[bar];test-sink", //
+        "testlib;Member[foo] .Member[bar];test-sink", //
+        "testlib;Member[foo]Member[bar];test-sink", //
+        "testlib;Member[foo;test-sink", //
+        "testlib;Member[foo]];test-sink", //
+        "testlib;Member[foo]].Member[bar];test-sink", //
       ]
   }
 }
diff --git a/python/ql/test/library-tests/frameworks/data/warnings.expected b/python/ql/test/library-tests/frameworks/data/warnings.expected
index 5cebb548358..23ce426abb9 100644
--- a/python/ql/test/library-tests/frameworks/data/warnings.expected
+++ b/python/ql/test/library-tests/frameworks/data/warnings.expected
@@ -1,5 +1,5 @@
-| CSV type row should have 5 columns but has 2: test;TooFewColumns |
-| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |
+| CSV type row should have 3 columns but has 1: test.TooFewColumns |
+| CSV type row should have 3 columns but has 6: test.TooManyColumns;;Member[Foo].Instance;too;many;columns |
 | Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
 | Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
 | Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |
diff --git a/python/ql/test/library-tests/frameworks/data/warnings.ql b/python/ql/test/library-tests/frameworks/data/warnings.ql
index 20b87211765..c6561797164 100644
--- a/python/ql/test/library-tests/frameworks/data/warnings.ql
+++ b/python/ql/test/library-tests/frameworks/data/warnings.ql
@@ -7,13 +7,13 @@ private class InvalidTypeModel extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
     row =
       [
-        "test;TooManyColumns;;;Member[Foo].Instance;too;many;columns", //
-        "test;TooFewColumns", //
-        "test;X;test;Y;Method[foo].Arg[0]", //
-        "test;X;test;Y;Method[foo].Argument[0-1]", //
-        "test;X;test;Y;Method[foo].Argument[*]", //
-        "test;X;test;Y;Method[foo].Argument", //
-        "test;X;test;Y;Method[foo].Member", //
+        "test.TooManyColumns;;Member[Foo].Instance;too;many;columns", //
+        "test.TooFewColumns", //
+        "test.X;test.Y;Method[foo].Arg[0]", //
+        "test.X;test.Y;Method[foo].Argument[0-1]", //
+        "test.X;test.Y;Method[foo].Argument[*]", //
+        "test.X;test.Y;Method[foo].Argument", //
+        "test.X;test.Y;Method[foo].Member", //
       ]
   }
 }
diff --git a/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected b/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected
index 9fedaf9f663..255a315ac6a 100644
--- a/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected
+++ b/python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected
@@ -6,6 +6,56 @@ uniqueNodeToString
 missingToString
 parameterCallable
 localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
+| testapp/orm_form_test.py:6:1:6:28 | [orm-model] Class MyModel | testapp/tests.py:83:16:83:36 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_form_test.py:6:1:6:28 | [orm-model] Class MyModel | testapp/tests.py:84:16:84:43 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_form_test.py:6:1:6:28 | [orm-model] Class MyModel | testapp/tests.py:85:16:85:36 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:45:15:45:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:29:1:29:25 | [orm-model] Class Book | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:76:15:76:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:29:1:29:25 | [orm-model] Class Book | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:76:15:76:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:33:1:33:25 | [orm-model] Class PhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:77:27:77:32 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:33:1:33:25 | [orm-model] Class PhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:78:35:78:40 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:33:1:33:25 | [orm-model] Class PhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:93:15:93:26 | ControlFlowNode for Str | testapp/orm_inheritance.py:29:1:29:25 | [orm-model] Class Book | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:93:15:93:26 | ControlFlowNode for Str | testapp/orm_inheritance.py:38:1:38:18 | [orm-model] Class EBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:94:23:94:28 | ControlFlowNode for Str | testapp/orm_inheritance.py:38:1:38:18 | [orm-model] Class EBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:95:35:95:40 | ControlFlowNode for Str | testapp/orm_inheritance.py:38:1:38:18 | [orm-model] Class EBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:133:15:133:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:117:1:117:33 | [orm-model] Class PolyBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:167:15:167:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:117:1:117:33 | [orm-model] Class PolyBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:167:15:167:20 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:121:1:121:33 | [orm-model] Class PolyPhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:168:27:168:32 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:121:1:121:33 | [orm-model] Class PolyPhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:169:35:169:40 | ControlFlowNode for SOURCE | testapp/orm_inheritance.py:121:1:121:33 | [orm-model] Class PolyPhysicalBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:183:15:183:26 | ControlFlowNode for Str | testapp/orm_inheritance.py:117:1:117:33 | [orm-model] Class PolyBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:183:15:183:26 | ControlFlowNode for Str | testapp/orm_inheritance.py:126:1:126:26 | [orm-model] Class PolyEBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:184:23:184:28 | ControlFlowNode for Str | testapp/orm_inheritance.py:126:1:126:26 | [orm-model] Class PolyEBook | Store step does not preserve enclosing callable. |
+| testapp/orm_inheritance.py:185:35:185:40 | ControlFlowNode for Str | testapp/orm_inheritance.py:126:1:126:26 | [orm-model] Class PolyEBook | Store step does not preserve enclosing callable. |
+| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:115:41:115:46 | ControlFlowNode for SOURCE | testapp/orm_tests.py:110:1:110:30 | [orm-model] Class TestSave5 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:131:86:131:91 | ControlFlowNode for SOURCE | testapp/orm_tests.py:126:1:126:30 | [orm-model] Class TestSave6 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:149:89:149:94 | ControlFlowNode for SOURCE | testapp/orm_tests.py:144:1:144:30 | [orm-model] Class TestSave7 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:161:1:161:30 | [orm-model] Class TestSave8 | testapp/orm_tests.py:168:22:168:44 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:165:35:165:39 | ControlFlowNode for Str | testapp/orm_tests.py:161:1:161:30 | [orm-model] Class TestSave8 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:168:58:168:63 | ControlFlowNode for SOURCE | testapp/orm_tests.py:161:1:161:30 | [orm-model] Class TestSave8 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:184:41:184:45 | ControlFlowNode for Str | testapp/orm_tests.py:177:1:177:30 | [orm-model] Class TestSave9 | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:185:49:185:51 | ControlFlowNode for obj | testapp/orm_tests.py:180:1:180:44 | [orm-model] Class TestSave9WithForeignKey | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:212:55:212:59 | ControlFlowNode for Str | testapp/orm_tests.py:206:1:206:35 | [orm-model] Class save10_Comment | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:239:55:239:59 | ControlFlowNode for Str | testapp/orm_tests.py:233:1:233:35 | [orm-model] Class save11_Comment | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:273:1:273:31 | [orm-model] Class TestSave13 | testapp/orm_tests.py:281:12:281:35 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:308:12:308:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:314:12:314:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:320:11:320:32 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:320:11:320:59 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:320:11:320:78 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:324:12:324:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:324:12:324:60 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:324:12:324:79 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:331:12:331:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:337:12:337:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:344:12:344:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:350:12:350:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:356:12:356:33 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/orm_tests.py:294:1:294:29 | [orm-model] Class TestLoad | testapp/orm_tests.py:363:9:363:37 | ControlFlowNode for Attribute() | Store step does not preserve enclosing callable. |
+| testapp/tests.py:81:33:81:37 | ControlFlowNode for Str | testapp/orm_form_test.py:6:1:6:28 | [orm-model] Class MyModel | Store step does not preserve enclosing callable. |
 compatibleTypesReflexive
 unreachableNodeCCtx
 localCallNodes
@@ -17,3 +67,6 @@ reverseRead
 argHasPostUpdate
 postWithInFlow
 viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
diff --git a/python/ql/test/query-tests/Expressions/super/CallToSuperWrongClass.expected b/python/ql/test/query-tests/Expressions/super/CallToSuperWrongClass.expected
index 66508e08d70..859e4624a01 100644
--- a/python/ql/test/query-tests/Expressions/super/CallToSuperWrongClass.expected
+++ b/python/ql/test/query-tests/Expressions/super/CallToSuperWrongClass.expected
@@ -1 +1 @@
-| test.py:10:9:10:27 | super() | First argument to super() should be NotMyDict. |
+| test.py:10:9:10:27 | ControlFlowNode for super() | First argument to super() should be NotMyDict. |
diff --git a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
index c070169615c..7438c415858 100644
--- a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
+++ b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
@@ -1 +1 @@
-| hmac.new [param 1] | 1 | 1 |
+| hmac.new [param 1] | 2 | 1 |
diff --git a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
index c64a6943813..e024ef20cba 100644
--- a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
+++ b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
@@ -1,9 +1,12 @@
 edges
 | test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:13:16:13:22 | ControlFlowNode for request |
+| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:23:16:23:22 | ControlFlowNode for request |
 | test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:5:26:5:32 | GSSA Variable request |
 | test.py:5:26:5:32 | GSSA Variable request | test.py:0:0:0:0 | ModuleVariableNode for test.request |
 | test.py:13:16:13:22 | ControlFlowNode for request | test.py:13:16:13:27 | ControlFlowNode for Attribute |
 | test.py:13:16:13:27 | ControlFlowNode for Attribute | test.py:15:36:15:39 | ControlFlowNode for data |
+| test.py:23:16:23:22 | ControlFlowNode for request | test.py:23:16:23:27 | ControlFlowNode for Attribute |
+| test.py:23:16:23:27 | ControlFlowNode for Attribute | test.py:25:44:25:47 | ControlFlowNode for data |
 nodes
 | test.py:0:0:0:0 | ModuleVariableNode for test.request | semmle.label | ModuleVariableNode for test.request |
 | test.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
@@ -11,6 +14,10 @@ nodes
 | test.py:13:16:13:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | test.py:13:16:13:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | test.py:15:36:15:39 | ControlFlowNode for data | semmle.label | ControlFlowNode for data |
+| test.py:23:16:23:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| test.py:23:16:23:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| test.py:25:44:25:47 | ControlFlowNode for data | semmle.label | ControlFlowNode for data |
 subpaths
 #select
 | test.py:15:36:15:39 | ControlFlowNode for data | test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:15:36:15:39 | ControlFlowNode for data | Call to hmac.new [param 1] with untrusted data from $@. | test.py:5:26:5:32 | ControlFlowNode for ImportMember | ControlFlowNode for ImportMember |
+| test.py:25:44:25:47 | ControlFlowNode for data | test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:25:44:25:47 | ControlFlowNode for data | Call to hmac.new [param 1] with untrusted data from $@. | test.py:5:26:5:32 | ControlFlowNode for ImportMember | ControlFlowNode for ImportMember |
diff --git a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/test.py b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/test.py
index b88748fbb29..ca4191ded85 100644
--- a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/test.py
+++ b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/test.py
@@ -18,11 +18,22 @@ def hmac_example():
     return "ok"
 
 
+@app.route("/hmac-example2")
+def hmac_example2():
+    data_raw = request.args.get("data").encode('utf-8')
+    data = base64.decodebytes(data_raw)
+    my_hmac = hmac.new(key=SECRET_KEY, msg=data, digestmod=hashlib.sha256)
+    digest = my_hmac.digest()
+    print(digest)
+    return "ok"
+
+
 @app.route("/unknown-lib-1")
 def unknown_lib_1():
     from unknown.lib import func
     data = request.args.get("data")
     func(data) # TODO: currently not recognized
+    func(kw=data) # TODO: currently not recognized
 
 
 @app.route("/unknown-lib-2")
@@ -30,6 +41,7 @@ def unknown_lib_2():
     import unknown.lib
     data = request.args.get("data")
     unknown.lib.func(data) # TODO: currently not recognized
+    unknown.lib.func(kw=data) # TODO: currently not recognized
 
 
 if __name__ == "__main__":
diff --git a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected
index 54b38f21aa6..3cb2cf2782d 100644
--- a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected
+++ b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected
@@ -1 +1,16 @@
-| pam_test.py:48:18:48:44 | ControlFlowNode for pam_authenticate() | This PAM authentication call may lead to an authorization bypass, since 'pam_acct_mgmt' is not called afterwards. |
+edges
+| pam_test.py:0:0:0:0 | ModuleVariableNode for pam_test.request | pam_test.py:71:16:71:22 | ControlFlowNode for request |
+| pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | pam_test.py:4:26:4:32 | GSSA Variable request |
+| pam_test.py:4:26:4:32 | GSSA Variable request | pam_test.py:0:0:0:0 | ModuleVariableNode for pam_test.request |
+| pam_test.py:71:16:71:22 | ControlFlowNode for request | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute |
+| pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() |
+nodes
+| pam_test.py:0:0:0:0 | ModuleVariableNode for pam_test.request | semmle.label | ModuleVariableNode for pam_test.request |
+| pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
+| pam_test.py:4:26:4:32 | GSSA Variable request | semmle.label | GSSA Variable request |
+| pam_test.py:71:16:71:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | semmle.label | ControlFlowNode for pam_authenticate() |
+subpaths
+#select
+| pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | This PAM authentication depends on a $@, and 'pam_acct_mgmt' is not called afterwards. | pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/pam_test.py b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/pam_test.py
index 966e13cb991..f16e3c9941e 100644
--- a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/pam_test.py
+++ b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/pam_test.py
@@ -1,6 +1,7 @@
 from ctypes import CDLL, POINTER, Structure, byref
 from ctypes import c_char_p, c_int
 from ctypes.util import find_library
+from flask import Flask, request, redirect
 
 
 class PamHandle(Structure):
@@ -38,26 +39,57 @@ pam_acct_mgmt.restype = c_int
 pam_acct_mgmt.argtypes = [PamHandle, c_int]
 
 
-class pam():
+def authenticate_bad_but_no_alert(self, username, service='login'):
+    # This is not OK, but since we don't have flow from a remote-flow-source, we
+    # don't give an alert.
+    handle = PamHandle()
+    conv = PamConv(None, 0)
+    retval = pam_start(service, username, byref(conv), byref(handle))
+    retval = pam_authenticate(handle, 0)
+    # NOT OK: no call to `pam_acct_mgmt`
+    auth_success = retval == 0
 
-    def authenticate_bad(self, username, service='login'):
-        handle = PamHandle()
-        conv = PamConv(None, 0)
-        retval = pam_start(service, username, byref(conv), byref(handle))
+    return auth_success
 
-        retval = pam_authenticate(handle, 0)
-        auth_success = retval == 0
 
-        return auth_success
+def authenticate_good(self, username, service='login'):
+    handle = PamHandle()
+    conv = PamConv(None, 0)
+    retval = pam_start(service, username, byref(conv), byref(handle))
 
-    def authenticate_good(self, username, service='login'):
-        handle = PamHandle()
-        conv = PamConv(None, 0)
-        retval = pam_start(service, username, byref(conv), byref(handle))
+    retval = pam_authenticate(handle, 0)
+    if retval == 0:
+        retval = pam_acct_mgmt(handle, 0)
+    auth_success = retval == 0
 
-        retval = pam_authenticate(handle, 0)
-        if retval == 0:
-            retval = pam_acct_mgmt(handle, 0)
-        auth_success = retval == 0
+    return auth_success
 
-        return auth_success
+
+app = Flask(__name__)
+@app.route('/bad')
+def bad():
+    username = request.args.get('username', '')
+    handle = PamHandle()
+    conv = PamConv(None, 0)
+    retval = pam_start(service, username, byref(conv), byref(handle))
+
+    retval = pam_authenticate(handle, 0)
+    # NOT OK: no call to `pam_acct_mgmt`
+    auth_success = retval == 0
+
+    return auth_success
+
+
+@app.route('/good')
+def good():
+    username = request.args.get('username', '')
+    handle = PamHandle()
+    conv = PamConv(None, 0)
+    retval = pam_start(service, username, byref(conv), byref(handle))
+
+    retval = pam_authenticate(handle, 0)
+    if retval == 0:
+        retval = pam_acct_mgmt(handle, 0)
+    auth_success = retval == 0
+
+    return auth_success
diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
index e9b5ac67585..b2162352bae 100644
--- a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
+++ b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
@@ -4,8 +4,9 @@ edges
 | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:23:58:23:65 | ControlFlowNode for password |
 | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:27:40:27:47 | ControlFlowNode for password |
 | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:30:58:30:65 | ControlFlowNode for password |
-| test.py:65:14:68:5 | ControlFlowNode for Dict | test.py:69:11:69:31 | ControlFlowNode for Subscript |
-| test.py:67:21:67:37 | ControlFlowNode for Attribute | test.py:65:14:68:5 | ControlFlowNode for Dict |
+| test.py:44:9:44:25 | ControlFlowNode for Attribute() | test.py:45:11:45:11 | ControlFlowNode for x |
+| test.py:70:14:73:5 | ControlFlowNode for Dict | test.py:74:11:74:31 | ControlFlowNode for Subscript |
+| test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:70:14:73:5 | ControlFlowNode for Dict |
 nodes
 | test.py:19:16:19:29 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
 | test.py:20:48:20:55 | ControlFlowNode for password | semmle.label | ControlFlowNode for password |
@@ -17,9 +18,11 @@ nodes
 | test.py:37:11:37:24 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
 | test.py:39:22:39:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
 | test.py:40:22:40:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() |
-| test.py:65:14:68:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
-| test.py:67:21:67:37 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| test.py:69:11:69:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
+| test.py:44:9:44:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:45:11:45:11 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
+| test.py:70:14:73:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
+| test.py:72:21:72:37 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| test.py:74:11:74:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 subpaths
 #select
 | test.py:20:48:20:55 | ControlFlowNode for password | test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:20:48:20:55 | ControlFlowNode for password | This expression logs $@ as clear text. | test.py:19:16:19:29 | ControlFlowNode for get_password() | sensitive data (password) |
@@ -31,4 +34,5 @@ subpaths
 | test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | test.py:37:11:37:24 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:37:11:37:24 | ControlFlowNode for get_password() | sensitive data (password) |
 | test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | test.py:39:22:39:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:39:22:39:35 | ControlFlowNode for get_password() | sensitive data (password) |
 | test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | test.py:40:22:40:35 | ControlFlowNode for get_password() | This expression logs $@ as clear text. | test.py:40:22:40:35 | ControlFlowNode for get_password() | sensitive data (password) |
-| test.py:69:11:69:31 | ControlFlowNode for Subscript | test.py:67:21:67:37 | ControlFlowNode for Attribute | test.py:69:11:69:31 | ControlFlowNode for Subscript | This expression logs $@ as clear text. | test.py:67:21:67:37 | ControlFlowNode for Attribute | sensitive data (password) |
+| test.py:45:11:45:11 | ControlFlowNode for x | test.py:44:9:44:25 | ControlFlowNode for Attribute() | test.py:45:11:45:11 | ControlFlowNode for x | This expression logs $@ as clear text. | test.py:44:9:44:25 | ControlFlowNode for Attribute() | sensitive data (password) |
+| test.py:74:11:74:31 | ControlFlowNode for Subscript | test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:74:11:74:31 | ControlFlowNode for Subscript | This expression logs $@ as clear text. | test.py:72:21:72:37 | ControlFlowNode for Attribute | sensitive data (password) |
diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py
index 0a3d97426e0..b5ebe7593ba 100644
--- a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py
+++ b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py
@@ -39,6 +39,11 @@ def print_password():
     sys.stdout.write(get_password()) # NOT OK
     sys.stderr.write(get_password()) # NOT OK
 
+    import getpass
+
+    x = getpass.getpass()
+    print(x) # NOT OK
+
 
 def FPs(account, account_id):
     # we assume that any account parameter is sensitive (id/username)
diff --git a/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/WeakCryptoKey.expected b/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/WeakCryptoKey.expected
index dc50ddd7873..ea1f924045b 100644
--- a/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/WeakCryptoKey.expected
+++ b/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/WeakCryptoKey.expected
@@ -1,8 +1,8 @@
 | weak_crypto.py:68:1:68:21 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:16:12:16:15 | ControlFlowNode for IntegerLiteral | 1024 |
-| weak_crypto.py:69:1:69:19 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:22:11:22:22 | ControlFlowNode for Attribute | 163 |
+| weak_crypto.py:69:1:69:19 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 256 and considered breakable. | weak_crypto.py:22:11:22:22 | ControlFlowNode for Attribute | 224 |
 | weak_crypto.py:70:1:70:28 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
 | weak_crypto.py:72:1:72:30 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:16:12:16:15 | ControlFlowNode for IntegerLiteral | 1024 |
-| weak_crypto.py:73:1:73:25 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:22:11:22:22 | ControlFlowNode for Attribute | 163 |
+| weak_crypto.py:73:1:73:25 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 256 and considered breakable. | weak_crypto.py:22:11:22:22 | ControlFlowNode for Attribute | 224 |
 | weak_crypto.py:74:1:74:37 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
 | weak_crypto.py:76:1:76:22 | ControlFlowNode for Attribute() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:16:12:16:15 | ControlFlowNode for IntegerLiteral | 1024 |
 | weak_crypto.py:77:1:77:22 | ControlFlowNode for Attribute() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
diff --git a/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/weak_crypto.py b/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/weak_crypto.py
index de533254cfe..5ec929c7d09 100644
--- a/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/weak_crypto.py
+++ b/python/ql/test/query-tests/Security/CWE-326-WeakCryptoKey/weak_crypto.py
@@ -19,8 +19,8 @@ DSA_STRONG = 3076
 
 BIG = 10000
 
-EC_WEAK = ec.SECT163K1()  # has key size of 163
-EC_OK = ec.SECP224R1()
+EC_WEAK = ec.SECP224R1()
+EC_OK = ec.SECP256R1()
 EC_STRONG = ec.SECP384R1()
 EC_BIG = ec.SECT571R1()
 
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.expected
index 0f422fdc6aa..b72ea986b93 100644
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.expected
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.expected
@@ -1,2 +1,2 @@
 | test.py:8:12:8:23 | Str | test.py:8:21:8:23 | \\s+ | Strings with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+$ |
-| test.py:9:14:9:29 | Str | test.py:9:27:9:29 | \\d+ | Strings with many repetitions of '99' can start matching anywhere after the start of the preceeding \\d+ |
+| test.py:9:14:9:29 | Str | test.py:9:27:9:29 | \\d+ | Strings starting with '0.9' and with many repetitions of '99' can start matching anywhere after the start of the preceeding \\d+ |
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql
index 8d0aa2f8f91..19c905be1fe 100644
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql
@@ -1,5 +1,6 @@
 import python
-import semmle.python.security.regexp.SuperlinearBackTracking
+private import semmle.python.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>
 
 from PolynomialBackTrackingTerm t
-select t.getRegex(), t, t.getReason()
+select t.(TreeView::RegExpTerm).getRegex(), t, t.getReason()
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
index 424b07a0b9d..14817348cb3 100644
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
@@ -16,4 +16,4 @@ nodes
 subpaths
 #select
 | test.py:8:30:8:33 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
-| test.py:9:32:9:35 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on a $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
+| test.py:9:32:9:35 | ControlFlowNode for text | test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:2:26:2:32 | ControlFlowNode for ImportMember | user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected
index bcd6dd36685..b1ed5e099cc 100644
--- a/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected
+++ b/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected
@@ -2,20 +2,20 @@
 | KnownCVEs.py:30:24:31:25 | .* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ','. |
 | KnownCVEs.py:35:18:35:81 | ([-/:,#%.'"\\s!\\w]\|\\w-\\w\|'[\\s\\w]+'\\s*\|"[\\s\\w]+"\|\\([\\d,%\\.\\s]+\\))* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '"\\t"'. |
 | redos.py:6:28:6:42 | (?:__\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '__'. |
-| redos.py:6:52:6:68 | (?:\\*\\*\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '**'. |
-| redos.py:21:34:21:53 | (?:[^"\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
-| redos.py:21:57:21:76 | (?:[^'\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
-| redos.py:21:81:21:100 | (?:[^)\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
-| redos.py:33:64:33:65 | .* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\|\|\\n'. |
+| redos.py:6:52:6:68 | (?:\\*\\*\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings starting with '*' and containing many repetitions of '**'. |
+| redos.py:21:34:21:53 | (?:[^"\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\t"' and containing many repetitions of '\\\\\\\\'. |
+| redos.py:21:57:21:76 | (?:[^'\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\t'' and containing many repetitions of '\\\\\\\\'. |
+| redos.py:21:81:21:100 | (?:[^)\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\t(' and containing many repetitions of '\\\\\\\\'. |
+| redos.py:33:64:33:65 | .* | This part of the regular expression may cause exponential backtracking on strings starting with '!\|\\n-\|\\n' and containing many repetitions of '\|\|\\n'. |
 | redos.py:38:33:38:42 | (\\\\\\/\|.)*? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\/'. |
-| redos.py:43:37:43:38 | .* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '#'. |
+| redos.py:43:37:43:38 | .* | This part of the regular expression may cause exponential backtracking on strings starting with '#' and containing many repetitions of '#'. |
 | redos.py:49:41:49:43 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '""'. |
 | redos.py:49:47:49:49 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of ''''. |
-| redos.py:54:47:54:49 | .*? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ']['. |
-| redos.py:54:80:54:82 | .*? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ']['. |
+| redos.py:54:47:54:49 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '$[' and containing many repetitions of ']['. |
+| redos.py:54:80:54:82 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '$.$[' and containing many repetitions of ']['. |
 | redos.py:60:25:60:30 | [a-z]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:61:25:61:30 | [a-z]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
-| redos.py:62:53:62:64 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
+| redos.py:62:53:62:64 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'. |
 | redos.py:63:26:63:33 | ([a-z])+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
 | redos.py:68:26:68:41 | [\\w#:.~>+()\\s-]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\t'. |
 | redos.py:68:48:68:50 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of ']['. |
@@ -51,7 +51,6 @@
 | redos.py:196:91:196:92 | ,? | This part of the regular expression may cause exponential backtracking on strings starting with '{[A(A)A: ' and containing many repetitions of ',A: '. |
 | redos.py:199:25:199:26 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:199:28:199:29 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
-| redos.py:202:26:202:32 | (a+a?)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:202:27:202:28 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:205:25:205:26 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:211:25:211:26 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
@@ -71,16 +70,16 @@
 | redos.py:268:28:268:39 | ([\ufffd\ufffd]\|[\ufffd\ufffd])* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
 | redos.py:271:28:271:41 | ((\ufffd\|\ufffd)\|(\ufffd\|\ufffd))* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
 | redos.py:274:31:274:32 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
-| redos.py:277:48:277:50 | \\s* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '""\\t0='. |
+| redos.py:277:48:277:50 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '<0\\t0=' and containing many repetitions of '""\\t0='. |
 | redos.py:283:26:283:27 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:286:26:286:27 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:292:26:292:27 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:295:35:295:36 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
-| redos.py:301:100:301:101 | e+ | This part of the regular expression may cause exponential backtracking on strings starting with ';00000000000000' and containing many repetitions of 'e'. |
+| redos.py:301:100:301:101 | e+ | This part of the regular expression may cause exponential backtracking on strings starting with '00000000000000' and containing many repetitions of 'e'. |
 | redos.py:304:28:304:29 | c+ | This part of the regular expression may cause exponential backtracking on strings starting with 'ab' and containing many repetitions of 'c'. |
 | redos.py:307:28:307:30 | \\s+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\t'. |
 | redos.py:310:26:310:34 | ([^/]\|X)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'X'. |
-| redos.py:313:30:313:34 | [^Y]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'Xx'. |
+| redos.py:313:30:313:34 | [^Y]+ | This part of the regular expression may cause exponential backtracking on strings starting with 'x' and containing many repetitions of 'Xx'. |
 | redos.py:316:25:316:26 | a* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | redos.py:319:28:319:33 | [\\w-]* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '-'. |
 | redos.py:322:25:322:29 | (ab)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ab'. |
diff --git a/ql/node-types/src/lib.rs b/ql/node-types/src/lib.rs
index 0472443a380..9467e23fd62 100644
--- a/ql/node-types/src/lib.rs
+++ b/ql/node-types/src/lib.rs
@@ -81,6 +81,14 @@ pub enum Storage {
     },
 }
 
+impl Storage {
+    pub fn is_column(&self) -> bool {
+        match self {
+            Storage::Column { .. } => true,
+            _ => false,
+        }
+    }
+}
 pub fn read_node_types(prefix: &str, node_types_path: &Path) -> std::io::Result<NodeTypeMap> {
     let file = fs::File::open(node_types_path)?;
     let node_types: Vec<NodeInfo> = serde_json::from_reader(file)?;
@@ -245,10 +253,11 @@ fn add_field(
         }
     };
     let converted_types = convert_types(&field_info.types);
-    let type_info = if field_info
-        .types
-        .iter()
-        .all(|t| !t.named && token_kinds.contains(&convert_type(t)))
+    let type_info = if storage.is_column()
+        && field_info
+            .types
+            .iter()
+            .all(|t| !t.named && token_kinds.contains(&convert_type(t)))
     {
         // All possible types for this field are reserved words. The db
         // representation will be an `int` with a `case @foo.field = ...` to
diff --git a/ql/ql/src/codeql/GlobalValueNumbering.qll b/ql/ql/src/codeql/GlobalValueNumbering.qll
index cb9483200d0..21fe729fedc 100644
--- a/ql/ql/src/codeql/GlobalValueNumbering.qll
+++ b/ql/ql/src/codeql/GlobalValueNumbering.qll
@@ -237,7 +237,7 @@ private TValueNumber nonUniqueValueNumber(Expr e) {
 
 /** Gets the value number of an expression `e`. */
 cached
-TValueNumber valueNumber(Expr e) {
+ValueNumber valueNumber(Expr e) {
   result = nonUniqueValueNumber(e)
   or
   uniqueValueNumber(e) and
diff --git a/ql/ql/src/codeql_ql/ast/Ast.qll b/ql/ql/src/codeql_ql/ast/Ast.qll
index d6a5039a3c7..7962421eb7f 100644
--- a/ql/ql/src/codeql_ql/ast/Ast.qll
+++ b/ql/ql/src/codeql_ql/ast/Ast.qll
@@ -156,12 +156,24 @@ class TopLevel extends TTopLevel, AstNode {
   }
 
   QLDoc getQLDocFor(ModuleMember m) {
-    exists(int i | i > 0 and result = this.getMember(i) and m = this.getMember(i + 1))
+    exists(int i | result = this.getMember(i) and m = this.getMember(i + 1)) and
+    (
+      m instanceof ClasslessPredicate
+      or
+      m instanceof Class
+      or
+      m instanceof Module
+    )
   }
 
   override string getAPrimaryQlClass() { result = "TopLevel" }
 
-  override QLDoc getQLDoc() { result = this.getMember(0) }
+  override QLDoc getQLDoc() {
+    result = this.getMember(0) and
+    // it's not the QLDoc for a module member
+    not this.getQLDocFor(_) = result and
+    result.getLocation().getStartLine() = 1 // this might not hold if there is a block comment above, and that's the point.
+  }
 }
 
 abstract class Comment extends AstNode, TComment {
@@ -536,6 +548,12 @@ class ClasslessPredicate extends TClasslessPredicate, Predicate, ModuleDeclarati
 
   /** Holds if this classless predicate is a signature predicate with no body. */
   predicate isSignature() { not exists(this.getBody()) }
+
+  override QLDoc getQLDoc() {
+    result = any(TopLevel m).getQLDocFor(this)
+    or
+    result = any(Module m).getQLDocFor(this)
+  }
 }
 
 /**
@@ -983,6 +1001,8 @@ class NewTypeBranch extends TNewTypeBranch, Predicate, TypeDeclaration {
 
   override NewTypeBranchType getReturnType() { result.getDeclaration() = this }
 
+  override Annotation getAnAnnotation() { toQL(this).getAFieldOrChild() = toQL(result) }
+
   override Type getParameterType(int i) { result = this.getField(i).getType() }
 
   override int getArity() { result = count(this.getField(_)) }
@@ -2397,6 +2417,8 @@ private class AnnotationArg extends TAnnotationArg, AstNode {
   }
 
   override string toString() { result = this.getValue() }
+
+  override string getAPrimaryQlClass() { result = "AnnotationArg" }
 }
 
 private class NoInlineArg extends AnnotationArg {
diff --git a/ql/ql/src/codeql_ql/performance/VarUnusedInDisjunctQuery.qll b/ql/ql/src/codeql_ql/performance/VarUnusedInDisjunctQuery.qll
new file mode 100644
index 00000000000..503ad6db3ad
--- /dev/null
+++ b/ql/ql/src/codeql_ql/performance/VarUnusedInDisjunctQuery.qll
@@ -0,0 +1,27 @@
+import ql
+
+/**
+ * Holds if we assume `t` is a small type, and
+ * variables of this type are therefore not an issue in cartesian products.
+ */
+predicate isSmallType(Type t) {
+  t.getName() = "string" // DataFlow::Configuration and the like
+  or
+  exists(NewType newType | newType = t.getDeclaration() |
+    forex(NewTypeBranch branch | branch = newType.getABranch() | branch.getArity() = 0)
+  )
+  or
+  t.getName() = "boolean"
+  or
+  exists(NewType newType | newType = t.getDeclaration() |
+    forex(NewTypeBranch branch | branch = newType.getABranch() |
+      isSmallType(branch.getReturnType())
+    )
+  )
+  or
+  exists(NewTypeBranch branch | t = branch.getReturnType() |
+    forall(Type param | param = branch.getParameterType(_) | isSmallType(param))
+  )
+  or
+  isSmallType(t.getASuperType())
+}
diff --git a/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql b/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql
index c26b47554fe..2d85b872153 100644
--- a/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql
+++ b/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql
@@ -10,6 +10,7 @@
  */
 
 import ql
+import codeql_ql.performance.VarUnusedInDisjunctQuery
 
 /**
  * Holds if `node` bind `var` in a (transitive) child node.
@@ -48,32 +49,6 @@ predicate alwaysBindsVar(VarDef var, AstNode node) {
   exists(IfFormula ifForm | ifForm = node | alwaysBindsVar(var, ifForm.getCondition()))
 }
 
-/**
- * Holds if we assume `t` is a small type, and
- * variables of this type are therefore not an issue in cartesian products.
- */
-predicate isSmallType(Type t) {
-  t.getName() = "string" // DataFlow::Configuration and the like
-  or
-  exists(NewType newType | newType = t.getDeclaration() |
-    forex(NewTypeBranch branch | branch = newType.getABranch() | branch.getArity() = 0)
-  )
-  or
-  t.getName() = "boolean"
-  or
-  exists(NewType newType | newType = t.getDeclaration() |
-    forex(NewTypeBranch branch | branch = newType.getABranch() |
-      isSmallType(branch.getReturnType())
-    )
-  )
-  or
-  exists(NewTypeBranch branch | t = branch.getReturnType() |
-    forall(Type param | param = branch.getParameterType(_) | isSmallType(param))
-  )
-  or
-  isSmallType(t.getASuperType())
-}
-
 /**
  * Holds if `pred` is inlined.
  */
diff --git a/ql/ql/src/queries/style/NonDocBlock.ql b/ql/ql/src/queries/style/NonDocBlock.ql
index 17d39eb9bdb..61efce0b902 100644
--- a/ql/ql/src/queries/style/NonDocBlock.ql
+++ b/ql/ql/src/queries/style/NonDocBlock.ql
@@ -29,24 +29,59 @@ int getLineAboveNodeThatCouldHaveDoc(File file) {
 
 pragma[noinline]
 BlockComment getACommentThatCouldBeQLDoc(File file) {
-  file = result.getLocation().getFile() and
-  result.getLocation().getEndLine() = getLineAboveNodeThatCouldHaveDoc(file) and
-  result.getLocation().getFile().getExtension() = "qll" and
-  not result.getContents().matches("/**%")
+  exists(Location loc | loc = result.getLocation() |
+    file = loc.getFile() and
+    loc.getFile().getExtension() = "qll" and
+    not result.getContents().matches("/**%") and
+    not [loc.getStartLine(), loc.getEndLine()] = getLinesWithNonComment(file) and
+    (
+      // above something that can be commented.
+      loc.getEndLine() = getLineAboveNodeThatCouldHaveDoc(file)
+      or
+      // toplevel in file.
+      loc.getStartLine() = 1 and
+      loc.getStartColumn() = 1
+    )
+  )
 }
 
 pragma[noinline]
-BlockComment getCommentAt(File file, int endLine) {
+int getLinesWithNonComment(File f) {
+  exists(AstNode n, Location loc |
+    not n instanceof Comment and
+    not n instanceof TopLevel and
+    loc = n.getLocation() and
+    loc.getFile() = f
+  |
+    result = [loc.getEndLine(), loc.getStartLine()]
+  )
+}
+
+pragma[noinline]
+BlockComment getCommentAtEnd(File file, int endLine) {
   result = getACommentThatCouldBeQLDoc(file) and
   result.getLocation().getEndLine() = endLine
 }
 
-from AstNode node, BlockComment comment
+pragma[noinline]
+BlockComment getCommentAtStart(File file, int startLine) {
+  result = getACommentThatCouldBeQLDoc(file) and
+  result.getLocation().getStartLine() = startLine
+}
+
+from AstNode node, BlockComment comment, string nodeDescrip
 where
-  canHaveQLDoc(node) and
+  (
+    canHaveQLDoc(node) and
+    comment = getCommentAtEnd(node.getLocation().getFile(), node.getLocation().getStartLine() - 1) and
+    nodeDescrip = "the below code"
+    or
+    node instanceof TopLevel and
+    comment = getCommentAtStart(node.getLocation().getFile(), 1) and
+    nodeDescrip = "the file"
+  ) and
   not exists(node.getQLDoc()) and
   not node.(ClassPredicate).isOverride() and // ignore override predicates
   not node.hasAnnotation("deprecated") and // ignore deprecated
-  not node.hasAnnotation("private") and // ignore private
-  comment = getCommentAt(node.getLocation().getFile(), node.getLocation().getStartLine() - 1)
-select comment, "Block comment could be QLDoc for $@.", node, "the below code"
+  not node.hasAnnotation("private") // ignore private
+select comment, "Block comment could be QLDoc for $@.", node, nodeDescrip
diff --git a/ql/ql/src/queries/style/OverrideAny.ql b/ql/ql/src/queries/style/OverrideAny.ql
new file mode 100644
index 00000000000..ed3a762f0e9
--- /dev/null
+++ b/ql/ql/src/queries/style/OverrideAny.ql
@@ -0,0 +1,41 @@
+/**
+ * @name Override with unmentioned parameter
+ * @description A predicate that overrides the default behavior but doesn't mention a parameter is suspicious.
+ * @kind problem
+ * @problem.severity warning
+ * @id ql/override-any
+ * @precision high
+ */
+
+import ql
+import codeql_ql.performance.VarUnusedInDisjunctQuery
+
+AstNode param(Predicate pred, string name, Type t) {
+  result = pred.getParameter(_) and
+  result.(VarDecl).getName() = name and
+  result.(VarDecl).getType() = t
+  or
+  result = pred.getReturnTypeExpr() and
+  name = "result" and
+  t = pred.getReturnType()
+}
+
+predicate hasAccess(Predicate pred, string name) {
+  exists(param(pred, name, _).(VarDecl).getAnAccess())
+  or
+  name = "result" and
+  exists(param(pred, name, _)) and
+  exists(ResultAccess res | res.getEnclosingPredicate() = pred)
+}
+
+from Predicate pred, AstNode param, string name, Type paramType
+where
+  pred.hasAnnotation("override") and
+  param = param(pred, name, paramType) and
+  not hasAccess(pred, name) and
+  not pred.getBody() instanceof NoneCall and
+  exists(pred.getBody()) and
+  not isSmallType(pred.getParent().(Class).getType()) and
+  not isSmallType(paramType)
+select pred, "Override predicate doesn't mention $@. Maybe mention it in a 'exists(" + name + ")'?",
+  param, name
diff --git a/ql/ql/src/queries/style/RedundantAssignment.ql b/ql/ql/src/queries/style/RedundantAssignment.ql
new file mode 100644
index 00000000000..7baf046b97a
--- /dev/null
+++ b/ql/ql/src/queries/style/RedundantAssignment.ql
@@ -0,0 +1,110 @@
+/**
+ * @name Redundant assignment.
+ * @description Assigning the same value twice is redundant.
+ * @kind problem
+ * @problem.severity warning
+ * @precision high
+ * @id ql/redunant-assignment
+ * @tags maintainability
+ */
+
+import ql
+
+/**
+ * A variable that is set equal to (assigned) a value one or more times.
+ */
+class AssignedVariable extends VarDecl {
+  AssignedVariable() {
+    exists(VarAccess access, ComparisonFormula comp | comp.getOperator() = "=" |
+      access.getDeclaration() = this and
+      comp.getAnOperand() = access
+    )
+  }
+
+  /**
+   * Gets an expression that is assigned to this variable.
+   */
+  Expr getAnAssignedExpr() {
+    exists(VarAccess access, ComparisonFormula comp, Expr operand |
+      comp.getOperator() = "=" and
+      access.getDeclaration() = this and
+      comp.getAnOperand() = access and
+      operand = comp.getAnOperand() and
+      not operand.(VarAccess).getDeclaration() = this
+    |
+      result = operand and
+      not result instanceof Set
+      or
+      result = operand.(Set).getAnElement()
+    )
+  }
+}
+
+import codeql.GlobalValueNumbering as GVN
+
+/**
+ * Holds if `assigned1` and `assigned2` assigns the same value to `var`.
+ * The assignments may be on different branches of a disjunction.
+ */
+predicate candidateRedundantAssignment(AssignedVariable var, Expr assigned1, Expr assigned2) {
+  assigned1 = var.getAnAssignedExpr() and
+  assigned2 = var.getAnAssignedExpr() and
+  (
+    GVN::valueNumber(assigned1) = GVN::valueNumber(assigned2)
+    or
+    // because GVN skips large strings, we need to check for equality manually
+    assigned1.(String).getValue() = assigned2.(String).getValue()
+  ) and
+  assigned1 != assigned2
+}
+
+/**
+ * Gets a (transitive) parent of `p`, where the parent is not a disjunction, and `p` is a candidate assignment from `candidateRedundantAssignment`.
+ */
+AstNode getConjunctionParentRec(AstNode p) {
+  candidateRedundantAssignment(_, p, _) and
+  result = p
+  or
+  result = getConjunctionParentRec(p).getParent() and
+  not result instanceof Disjunction and
+  not result instanceof IfFormula and
+  not result instanceof Implication and
+  not result instanceof Negation and
+  not result instanceof Predicate
+}
+
+/**
+ * Gets which level in the AST `p` is at.
+ * E.g. the top-level is 0, the next level is 1, etc.
+ */
+int level(AstNode p) {
+  p instanceof TopLevel and result = 0
+  or
+  result = level(p.getParent()) + 1
+}
+
+/**
+ * Gets the top-most parent of `p` that is not a disjunction.
+ */
+AstNode getConjunctionParent(AstNode p) {
+  result =
+    min(int level, AstNode parent |
+      parent = getConjunctionParentRec(p) and level = level(parent)
+    |
+      parent order by level
+    )
+}
+
+from AssignedVariable var, Expr assigned1, Expr assigned2
+where
+  candidateRedundantAssignment(var, assigned1, assigned2) and
+  getConjunctionParent(assigned1) = getConjunctionParent(assigned2) and
+  // de-duplcation:
+  (
+    assigned1.getLocation().getStartLine() < assigned2.getLocation().getStartLine()
+    or
+    assigned1.getLocation().getStartLine() = assigned2.getLocation().getStartLine() and
+    assigned1.getLocation().getStartColumn() < assigned2.getLocation().getStartColumn()
+  )
+select assigned2, "$@ has previously been assigned $@.", var, "The variable " + var.getName(),
+  assigned1, "the same value"
diff --git a/ql/ql/test/printAst/Foo.qll b/ql/ql/test/printAst/Foo.qll
index 17e4a4d636d..461402cd2eb 100644
--- a/ql/ql/test/printAst/Foo.qll
+++ b/ql/ql/test/printAst/Foo.qll
@@ -25,3 +25,7 @@ predicate calls(Foo f) {
   or
   true = false
 }
+
+newtype TPathNode =
+  pragma[assume_small_delta]
+  TPathNodeMid()
diff --git a/ql/ql/test/printAst/printAst.expected b/ql/ql/test/printAst/printAst.expected
index 333b42332e7..e53f9112569 100644
--- a/ql/ql/test/printAst/printAst.expected
+++ b/ql/ql/test/printAst/printAst.expected
@@ -1,8 +1,8 @@
 nodes
 | Foo.qll:1:1:1:17 | Import | semmle.label | [Import] Import |
 | Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
-| Foo.qll:1:1:27:2 | TopLevel | semmle.label | [TopLevel] TopLevel |
-| Foo.qll:1:1:27:2 | TopLevel | semmle.order | 1 |
+| Foo.qll:1:1:31:17 | TopLevel | semmle.label | [TopLevel] TopLevel |
+| Foo.qll:1:1:31:17 | TopLevel | semmle.order | 1 |
 | Foo.qll:1:8:1:17 | javascript | semmle.label | [ModuleExpr] javascript |
 | Foo.qll:1:8:1:17 | javascript | semmle.order | 3 |
 | Foo.qll:3:7:3:9 | Class Foo | semmle.label | [Class] Class Foo |
@@ -153,6 +153,14 @@ nodes
 | Foo.qll:26:3:26:14 | ComparisonFormula | semmle.order | 75 |
 | Foo.qll:26:10:26:14 | Boolean | semmle.label | [Boolean] Boolean |
 | Foo.qll:26:10:26:14 | Boolean | semmle.order | 77 |
+| Foo.qll:29:9:29:17 | NewType TPathNode | semmle.label | [NewType] NewType TPathNode |
+| Foo.qll:29:9:29:17 | NewType TPathNode | semmle.order | 78 |
+| Foo.qll:30:3:30:28 | annotation | semmle.label | [Annotation] annotation |
+| Foo.qll:30:3:30:28 | annotation | semmle.order | 79 |
+| Foo.qll:30:10:30:27 | assume_small_delta | semmle.label | [AnnotationArg] assume_small_delta |
+| Foo.qll:30:10:30:27 | assume_small_delta | semmle.order | 80 |
+| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.label | [NewTypeBranch] NewTypeBranch TPathNodeMid |
+| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.order | 81 |
 | file://:0:0:0:0 | abs | semmle.label | [BuiltinPredicate] abs |
 | file://:0:0:0:0 | abs | semmle.label | [BuiltinPredicate] abs |
 | file://:0:0:0:0 | acos | semmle.label | [BuiltinPredicate] acos |
@@ -235,22 +243,24 @@ nodes
 | file://:0:0:0:0 | trim | semmle.label | [BuiltinPredicate] trim |
 | file://:0:0:0:0 | ulp | semmle.label | [BuiltinPredicate] ulp |
 | printAst.ql:1:1:1:28 | Import | semmle.label | [Import] Import |
-| printAst.ql:1:1:1:28 | Import | semmle.order | 78 |
+| printAst.ql:1:1:1:28 | Import | semmle.order | 82 |
 | printAst.ql:1:1:1:29 | TopLevel | semmle.label | [TopLevel] TopLevel |
-| printAst.ql:1:1:1:29 | TopLevel | semmle.order | 78 |
+| printAst.ql:1:1:1:29 | TopLevel | semmle.order | 82 |
 | printAst.ql:1:18:1:28 | printAstAst | semmle.label | [ModuleExpr] printAstAst |
-| printAst.ql:1:18:1:28 | printAstAst | semmle.order | 80 |
+| printAst.ql:1:18:1:28 | printAstAst | semmle.order | 84 |
 edges
 | Foo.qll:1:1:1:17 | Import | Foo.qll:1:8:1:17 | javascript | semmle.label | getModuleExpr() |
 | Foo.qll:1:1:1:17 | Import | Foo.qll:1:8:1:17 | javascript | semmle.order | 3 |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.label | getAnImport() |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.label | getAClass() |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.order | 4 |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.label | getAPredicate() |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.order | 16 |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.label | getAPredicate() |
-| Foo.qll:1:1:27:2 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.order | 32 |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.label | getAnImport() |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.label | getAClass() |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.order | 4 |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.label | getAPredicate() |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.order | 16 |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.label | getAPredicate() |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.order | 32 |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.label | getANewType() |
+| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.order | 78 |
 | Foo.qll:3:7:3:9 | Class Foo | Foo.qll:3:19:3:22 | TypeExpr | semmle.label | getASuperType() |
 | Foo.qll:3:7:3:9 | Class Foo | Foo.qll:3:19:3:22 | TypeExpr | semmle.order | 5 |
 | Foo.qll:3:7:3:9 | Class Foo | Foo.qll:4:3:4:17 | CharPred Foo | semmle.label | getCharPred() |
@@ -393,9 +403,15 @@ edges
 | Foo.qll:26:3:26:14 | ComparisonFormula | Foo.qll:26:3:26:6 | Boolean | semmle.order | 75 |
 | Foo.qll:26:3:26:14 | ComparisonFormula | Foo.qll:26:10:26:14 | Boolean | semmle.label | getRightOperand() |
 | Foo.qll:26:3:26:14 | ComparisonFormula | Foo.qll:26:10:26:14 | Boolean | semmle.order | 77 |
+| Foo.qll:29:9:29:17 | NewType TPathNode | Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.label | getABranch() |
+| Foo.qll:29:9:29:17 | NewType TPathNode | Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.order | 81 |
+| Foo.qll:30:3:30:28 | annotation | Foo.qll:30:10:30:27 | assume_small_delta | semmle.label | getArgs(_) |
+| Foo.qll:30:3:30:28 | annotation | Foo.qll:30:10:30:27 | assume_small_delta | semmle.order | 80 |
+| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | Foo.qll:30:3:30:28 | annotation | semmle.label | getAnAnnotation() |
+| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | Foo.qll:30:3:30:28 | annotation | semmle.order | 79 |
 | printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.label | getModuleExpr() |
-| printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.order | 80 |
+| printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.order | 84 |
 | printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.label | getAnImport() |
-| printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.order | 78 |
+| printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.order | 82 |
 graphProperties
 | semmle.graphKind | tree |
diff --git a/ql/ql/test/queries/style/NonDocBlock/Foo.qll b/ql/ql/test/queries/style/NonDocBlock/Foo.qll
new file mode 100644
index 00000000000..99f957fa770
--- /dev/null
+++ b/ql/ql/test/queries/style/NonDocBlock/Foo.qll
@@ -0,0 +1,22 @@
+/*
+ * This should be QLDoc.
+ */
+
+/**
+ * this is fine
+ */
+predicate foo() { any() }
+
+/* Note: this is bad. */
+class Foo extends string {
+  Foo() { this = "FOo" }
+}
+
+/**
+ * This is also fine.
+ */
+/*abstract*/ class Bar extends string {
+  string getMergeRaw() { none() } // <- fine. The abstract comment is fine, it doesn't need to be QLDoc.
+
+  Bar() { this = "bar" }
+}
diff --git a/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.expected b/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.expected
new file mode 100644
index 00000000000..41f029af5fd
--- /dev/null
+++ b/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.expected
@@ -0,0 +1,2 @@
+| Foo.qll:1:1:3:3 | BlockComment | Block comment could be QLDoc for $@. | Foo.qll:1:1:22:2 | TopLevel | the file |
+| Foo.qll:10:1:10:24 | BlockComment | Block comment could be QLDoc for $@. | Foo.qll:11:7:11:9 | Class Foo | the below code |
diff --git a/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.qlref b/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.qlref
new file mode 100644
index 00000000000..b6dbdf50604
--- /dev/null
+++ b/ql/ql/test/queries/style/NonDocBlock/NonDocBlock.qlref
@@ -0,0 +1 @@
+queries/style/NonDocBlock.ql
\ No newline at end of file
diff --git a/ruby/actions/create-extractor-pack/action.yml b/ruby/actions/create-extractor-pack/action.yml
index b0907eff834..667158c264c 100644
--- a/ruby/actions/create-extractor-pack/action.yml
+++ b/ruby/actions/create-extractor-pack/action.yml
@@ -3,7 +3,15 @@ description: Builds the Ruby CodeQL pack
 runs:
   using: composite
   steps:
-    - uses: actions/cache@v3
+    - name: Cache entire extractor
+      id: cache-extractor
+      uses: actions/cache@v3
+      with:
+        path: ruby/extractor-pack
+        key: ${{ runner.os }}-extractor-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}-${{ hashFiles('ruby/**/*.rs') }}-${{ hashFiles('ruby/codeql-extractor.yml', 'ruby/downgrades', 'ruby/tools', 'ruby/ql/lib/ruby.dbscheme', 'ruby/ql/lib/ruby.dbscheme.stats') }}
+    - name: Cache cargo
+      uses: actions/cache@v3
+      if: steps.cache-extractor.outputs.cache-hit != 'true'
       with:
         path: |
           ~/.cargo/registry
@@ -11,6 +19,7 @@ runs:
           ruby/target
         key: ${{ runner.os }}-ruby-qltest-cargo-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}
     - name: Build Extractor
+      if: steps.cache-extractor.outputs.cache-hit != 'true'
       shell: bash
       run: scripts/create-extractor-pack.sh
       working-directory: ruby
diff --git a/ruby/downgrades/1199e154f5e9b3560297633c6ebb4dfe0b191ae4/upgrade.properties b/ruby/downgrades/1199e154f5e9b3560297633c6ebb4dfe0b191ae4/upgrade.properties
index f1b4e1fd9f7..443afb8639f 100644
--- a/ruby/downgrades/1199e154f5e9b3560297633c6ebb4dfe0b191ae4/upgrade.properties
+++ b/ruby/downgrades/1199e154f5e9b3560297633c6ebb4dfe0b191ae4/upgrade.properties
@@ -9,4 +9,4 @@ ruby_rational_def.rel:           run ruby_rational_def.qlo
 ruby_call_method.rel: delete
 ruby_complex_def.rel: delete
 ruby_block_parameters_locals.rel: delete
-ruby_call_operator: delete
+ruby_call_operator.rel: delete
diff --git a/ruby/node-types/src/lib.rs b/ruby/node-types/src/lib.rs
index a48e9ddbf9a..97b535ae912 100644
--- a/ruby/node-types/src/lib.rs
+++ b/ruby/node-types/src/lib.rs
@@ -81,6 +81,14 @@ pub enum Storage {
     },
 }
 
+impl Storage {
+    pub fn is_column(&self) -> bool {
+        match self {
+            Storage::Column { .. } => true,
+            _ => false,
+        }
+    }
+}
 pub fn read_node_types(prefix: &str, node_types_path: &Path) -> std::io::Result<NodeTypeMap> {
     let file = fs::File::open(node_types_path)?;
     let node_types: Vec<NodeInfo> = serde_json::from_reader(file)?;
@@ -245,10 +253,11 @@ fn add_field(
         }
     };
     let converted_types = convert_types(&field_info.types);
-    let type_info = if field_info
-        .types
-        .iter()
-        .all(|t| !t.named && token_kinds.contains(&convert_type(t)))
+    let type_info = if storage.is_column()
+        && field_info
+            .types
+            .iter()
+            .all(|t| !t.named && token_kinds.contains(&convert_type(t)))
     {
         // All possible types for this field are reserved words. The db
         // representation will be an `int` with a `case @foo.field = ...` to
diff --git a/ruby/ql/consistency-queries/SsaConsistency.ql b/ruby/ql/consistency-queries/SsaConsistency.ql
index 54c1b149ab2..30503e6aa1f 100644
--- a/ruby/ql/consistency-queries/SsaConsistency.ql
+++ b/ruby/ql/consistency-queries/SsaConsistency.ql
@@ -1,7 +1,8 @@
 import codeql.ruby.dataflow.SSA
-import codeql.ruby.dataflow.internal.SsaImpl::Consistency as Consistency
+import codeql.ruby.dataflow.internal.SsaImpl
+import Consistency
 
-class MyRelevantDefinition extends Consistency::RelevantDefinition, Ssa::Definition {
+class MyRelevantDefinition extends RelevantDefinition, Ssa::Definition {
   override predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
@@ -9,10 +10,10 @@ class MyRelevantDefinition extends Consistency::RelevantDefinition, Ssa::Definit
   }
 }
 
-query predicate nonUniqueDef = Consistency::nonUniqueDef/4;
-
-query predicate readWithoutDef = Consistency::readWithoutDef/3;
-
-query predicate deadDef = Consistency::deadDef/2;
-
-query predicate notDominatedByDef = Consistency::notDominatedByDef/4;
+class MyRelevantDefinitionExt extends RelevantDefinitionExt, DefinitionExt {
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md
index c92874cdbb7..2e1a767da78 100644
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled.
+* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class.
+* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept.
+* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input.
+* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters.
+* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances.
+* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses.
+* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses.
+* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions.
+
 ## 0.4.3
 
 ### Minor Analysis Improvements
diff --git a/ruby/ql/lib/change-notes/2022-10-26-case-expression-barrier-guard.md b/ruby/ql/lib/change-notes/2022-10-26-case-expression-barrier-guard.md
new file mode 100644
index 00000000000..6f3df870eed
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-10-26-case-expression-barrier-guard.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * String literals and arrays of string literals in case expression patterns are now recognised as barrier guards.
diff --git a/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md b/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md
deleted file mode 100644
index af5b1cb59e4..00000000000
--- a/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions.
diff --git a/ruby/ql/lib/change-notes/2022-10-31-shared-redos-pack.md b/ruby/ql/lib/change-notes/2022-10-31-shared-redos-pack.md
new file mode 100644
index 00000000000..55918160b1f
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-10-31-shared-redos-pack.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * The ReDoS libraries in `codeql.ruby.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated.
\ No newline at end of file
diff --git a/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md b/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md
deleted file mode 100644
index e979c49ce0a..00000000000
--- a/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters.
diff --git a/ruby/ql/lib/change-notes/2022-11-24-json-taint-flow.md b/ruby/ql/lib/change-notes/2022-11-24-json-taint-flow.md
new file mode 100644
index 00000000000..c816037ccb9
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-11-24-json-taint-flow.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * Taint flow is now tracked through many common JSON parsing and generation methods.
\ No newline at end of file
diff --git a/ruby/ql/lib/change-notes/2022-11-28-activesupport-enumerable.md b/ruby/ql/lib/change-notes/2022-11-28-activesupport-enumerable.md
new file mode 100644
index 00000000000..81e11cc2eef
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-11-28-activesupport-enumerable.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Data flow through the `ActiveSupport` extensions `Enumerable#index_with`, `Enumerable#pick`, `Enumerable#pluck` and `Enumerable#sole`  are now modeled.
diff --git a/ruby/ql/lib/change-notes/2022-11-28-subclass-calls.md b/ruby/ql/lib/change-notes/2022-11-28-subclass-calls.md
new file mode 100644
index 00000000000..b37686daf94
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-11-28-subclass-calls.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* When resolving a method call, the analysis now also searches in sub-classes of the receiver's type.
diff --git a/ruby/ql/lib/change-notes/2022-11-30-actionmailbox.md b/ruby/ql/lib/change-notes/2022-11-30-actionmailbox.md
new file mode 100644
index 00000000000..81c737c6b57
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-11-30-actionmailbox.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * Calls to `mail` and `inbound_mail` in `ActionMailbox` controllers are now considered sources of remote input.
\ No newline at end of file
diff --git a/ruby/ql/lib/change-notes/2022-11-30-rails-globalid.md b/ruby/ql/lib/change-notes/2022-11-30-rails-globalid.md
new file mode 100644
index 00000000000..c3db54fcb9e
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-11-30-rails-globalid.md
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * Calls to `GlobalID::Locator.locate` and its variants are now recognized as instances of `OrmInstantiation`.
diff --git a/ruby/ql/lib/change-notes/2022-12-14-constructor-flow.md b/ruby/ql/lib/change-notes/2022-12-14-constructor-flow.md
new file mode 100644
index 00000000000..612c323010a
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-12-14-constructor-flow.md
@@ -0,0 +1,14 @@
+---
+ category: majorAnalysis
+---
+ * Flow through `initialize` constructors is now taken into account. For example, in
+ ```rb
+class C
+  def initialize(x)
+    @field = x
+  end
+end
+
+C.new(y)
+```
+there will be flow from `y` to the field `@field` on the constructed `C` object.
\ No newline at end of file
diff --git a/ruby/ql/lib/change-notes/released/0.4.4.md b/ruby/ql/lib/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..6147687886b
--- /dev/null
+++ b/ruby/ql/lib/change-notes/released/0.4.4.md
@@ -0,0 +1,13 @@
+## 0.4.4
+
+### Minor Analysis Improvements
+
+* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled.
+* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class.
+* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept.
+* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input.
+* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters.
+* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances.
+* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses.
+* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses.
+* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions.
diff --git a/ruby/ql/lib/change-notes/released/0.4.5.md b/ruby/ql/lib/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/ruby/ql/lib/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/ruby/ql/lib/change-notes/released/0.4.6.md b/ruby/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/ruby/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/ruby/ql/lib/codeql/Locations.qll b/ruby/ql/lib/codeql/Locations.qll
index 8bed8d904f1..269d16833eb 100644
--- a/ruby/ql/lib/codeql/Locations.qll
+++ b/ruby/ql/lib/codeql/Locations.qll
@@ -6,7 +6,7 @@ import files.FileSystem
  * A location as given by a file, a start line, a start column,
  * an end line, and an end column.
  *
- * For more information about locations see [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+ * For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
  */
 class Location extends @location {
   /** Gets the file for this location. */
@@ -40,7 +40,7 @@ class Location extends @location {
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
-   * [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Providing locations in CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll
index 2d70cc31796..54eee4e3e0a 100644
--- a/ruby/ql/lib/codeql/ruby/Concepts.qll
+++ b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -11,9 +11,47 @@ private import codeql.ruby.Frameworks
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.ApiGraphs
 
+/**
+ * A data-flow node that constructs a SQL statement.
+ *
+ * Often, it is worthy of an alert if a SQL statement is constructed such that
+ * executing it would be a security risk.
+ *
+ * If it is important that the SQL statement is executed, use `SqlExecution`.
+ *
+ * Extend this class to refine existing API models. If you want to model new APIs,
+ * extend `SqlConstruction::Range` instead.
+ */
+class SqlConstruction extends DataFlow::Node instanceof SqlConstruction::Range {
+  /** Gets the argument that specifies the SQL statements to be constructed. */
+  DataFlow::Node getSql() { result = super.getSql() }
+}
+
+/** Provides a class for modeling new SQL execution APIs. */
+module SqlConstruction {
+  /**
+   * A data-flow node that constructs a SQL statement.
+   *
+   * Often, it is worthy of an alert if a SQL statement is constructed such that
+   * executing it would be a security risk.
+   *
+   * If it is important that the SQL statement is executed, use `SqlExecution`.
+   *
+   * Extend this class to model new APIs. If you want to refine existing API models,
+   * extend `SqlConstruction` instead.
+   */
+  abstract class Range extends DataFlow::Node {
+    /** Gets the argument that specifies the SQL statements to be constructed. */
+    abstract DataFlow::Node getSql();
+  }
+}
+
 /**
  * A data-flow node that executes SQL statements.
  *
+ * If the context of interest is such that merely constructing a SQL statement
+ * would be valuable to report, consider using `SqlConstruction`.
+ *
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `SqlExecution::Range` instead.
  */
@@ -27,6 +65,9 @@ module SqlExecution {
   /**
    * A data-flow node that executes SQL statements.
    *
+   * If the context of interest is such that merely constructing a SQL
+   * statement would be valuable to report, consider using `SqlConstruction`.
+   *
    * Extend this class to model new APIs. If you want to refine existing API models,
    * extend `SqlExecution` instead.
    */
diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll
index f89040b1d5d..5f43a70ddfe 100644
--- a/ruby/ql/lib/codeql/ruby/Frameworks.qll
+++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll
@@ -7,6 +7,7 @@ private import codeql.ruby.frameworks.ActionCable
 private import codeql.ruby.frameworks.ActionController
 private import codeql.ruby.frameworks.ActiveJob
 private import codeql.ruby.frameworks.ActionMailer
+private import codeql.ruby.frameworks.ActionMailbox
 private import codeql.ruby.frameworks.ActiveRecord
 private import codeql.ruby.frameworks.ActiveResource
 private import codeql.ruby.frameworks.ActiveStorage
@@ -23,3 +24,5 @@ private import codeql.ruby.frameworks.HttpClients
 private import codeql.ruby.frameworks.XmlParsing
 private import codeql.ruby.frameworks.ActionDispatch
 private import codeql.ruby.frameworks.PosixSpawn
+private import codeql.ruby.frameworks.StringFormatters
+private import codeql.ruby.frameworks.Json
diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll
index 0d5760491f7..e235d92ed73 100644
--- a/ruby/ql/lib/codeql/ruby/Regexp.qll
+++ b/ruby/ql/lib/codeql/ruby/Regexp.qll
@@ -15,11 +15,12 @@ private import codeql.ruby.ApiGraphs
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/ruby/ql/lib/codeql/ruby/ast/Call.qll b/ruby/ql/lib/codeql/ruby/ast/Call.qll
index 04ac15ededc..e97497ade52 100644
--- a/ruby/ql/lib/codeql/ruby/ast/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/Call.qll
@@ -53,9 +53,12 @@ class Call extends Expr instanceof CallImpl {
 
   /** Gets a potential target of this call, if any. */
   final Callable getATarget() {
-    exists(DataFlowCall c | this = c.asCall().getExpr() |
-      TCfgScope(result) = [viableCallable(c), viableCallableLambda(c, _)]
+    exists(DataFlowCall c |
+      this = c.asCall().getExpr() and
+      TCfgScope(result) = viableCallableLambda(c, _)
     )
+    or
+    result = getTarget(this.getAControlFlowNode())
   }
 
   override AstNode getAChild(string pred) {
diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll
index d0511247251..7b8ab7acba3 100644
--- a/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/internal/Module.qll
@@ -165,7 +165,7 @@ private module Cached {
    */
   cached
   Method lookupMethodInSubClasses(Module m, string name) {
-    exists(Module sub | sub.getSuperClass() = m |
+    exists(Module sub | sub.getAnImmediateAncestor() = m |
       TMethod(result) = lookupMethodOrConst0(sub, name) or
       result = lookupMethodInSubClasses(sub, name)
     )
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll
index f7be488d0fd..c8ca8ff12e6 100644
--- a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll
+++ b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll
@@ -234,7 +234,7 @@ module ExprNodes {
     override predicate relevantChild(AstNode n) { none() }
   }
 
-  /** A control-flow node that wraps an `ArrayLiteral` AST expression. */
+  /** A control-flow node that wraps a `Literal` AST expression. */
   class LiteralCfgNode extends ExprCfgNode {
     override string getAPrimaryQlClass() { result = "LiteralCfgNode" }
 
@@ -432,8 +432,36 @@ module ExprNodes {
     final ExprCfgNode getBody() { e.hasCfgChild(e.getBody(), this, result) }
   }
 
-  private class WhenClauseChildMapping extends NonExprChildMapping, WhenClause {
-    override predicate relevantChild(AstNode e) { e = [this.getBody(), this.getAPattern()] }
+  // `when` clauses need special treatment, since they are neither pre-order
+  // nor post-order
+  private class WhenClauseChildMapping extends WhenClause {
+    predicate patternReachesBasicBlock(int i, CfgNode cfnPattern, BasicBlock bb) {
+      exists(Expr pattern |
+        pattern = this.getPattern(i) and
+        cfnPattern.getNode() = pattern and
+        bb.getANode() = cfnPattern
+      )
+      or
+      exists(BasicBlock mid |
+        this.patternReachesBasicBlock(i, cfnPattern, mid) and
+        bb = mid.getASuccessor() and
+        not mid.getANode().getNode() = this
+      )
+    }
+
+    predicate bodyReachesBasicBlock(CfgNode cfnBody, BasicBlock bb) {
+      exists(Stmt body |
+        body = this.getBody() and
+        cfnBody.getNode() = body and
+        bb.getANode() = cfnBody
+      )
+      or
+      exists(BasicBlock mid |
+        this.bodyReachesBasicBlock(cfnBody, mid) and
+        bb = mid.getAPredecessor() and
+        not mid.getANode().getNode() = this
+      )
+    }
   }
 
   /** A control-flow node that wraps a `WhenClause` AST expression. */
@@ -443,10 +471,16 @@ module ExprNodes {
     override WhenClauseChildMapping e;
 
     /** Gets the body of this `when`-clause. */
-    final ExprCfgNode getBody() { e.hasCfgChild(e.getBody(), this, result) }
+    final ExprCfgNode getBody() {
+      result.getNode() = desugar(e.getBody()) and
+      e.bodyReachesBasicBlock(result, this.getBasicBlock())
+    }
 
     /** Gets the `i`th pattern this `when`-clause. */
-    final ExprCfgNode getPattern(int i) { e.hasCfgChild(e.getPattern(i), this, result) }
+    final ExprCfgNode getPattern(int i) {
+      result.getNode() = desugar(e.getPattern(i)) and
+      e.patternReachesBasicBlock(i, result, this.getBasicBlock())
+    }
   }
 
   /** A control-flow node that wraps a `CasePattern`. */
@@ -866,6 +900,19 @@ module ExprNodes {
     final override RelationalOperation getExpr() { result = super.getExpr() }
   }
 
+  private class SplatExprChildMapping extends OperationExprChildMapping, SplatExpr {
+    override predicate relevantChild(AstNode n) { n = this.getOperand() }
+  }
+
+  /** A control-flow node that wraps a `SplatExpr` AST expression. */
+  class SplatExprCfgNode extends UnaryOperationCfgNode {
+    override string getAPrimaryQlClass() { result = "SplatExprCfgNode" }
+
+    override SplatExprChildMapping e;
+
+    final override SplatExpr getExpr() { result = super.getExpr() }
+  }
+
   /** A control-flow node that wraps an `ElementReference` AST expression. */
   class ElementReferenceCfgNode extends MethodCallCfgNode {
     override string getAPrimaryQlClass() { result = "ElementReferenceCfgNode" }
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll
index fe4cca24d69..26e62e0c077 100644
--- a/ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll
+++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll
@@ -211,8 +211,11 @@ private predicate inBooleanContext(AstNode n) {
   or
   exists(CaseExpr c, WhenClause w |
     not exists(c.getValue()) and
-    c.getABranch() = w and
+    c.getABranch() = w
+  |
     w.getPattern(_) = n
+    or
+    w = n
   )
 }
 
@@ -233,8 +236,11 @@ private predicate inMatchingContext(AstNode n) {
   or
   exists(CaseExpr c, WhenClause w |
     exists(c.getValue()) and
-    c.getABranch() = w and
+    c.getABranch() = w
+  |
     w.getPattern(_) = n
+    or
+    w = n
   )
   or
   n instanceof CasePattern
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
index bdd67d2a693..ba77d6beaba 100644
--- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
@@ -400,8 +400,9 @@ module Trees {
       c instanceof SimpleCompletion
       or
       exists(int i, WhenTree branch | branch = this.getBranch(i) |
-        last(branch.getLastPattern(), pred, c) and
+        pred = branch and
         first(this.getBranch(i + 1), succ) and
+        c.isValidFor(branch) and
         c.(ConditionalCompletion).getValue() = false
       )
       or
@@ -1397,8 +1398,10 @@ module Trees {
     final override ControlFlowTree getChildElement(int i) { result = this.getMethodName(i) }
   }
 
-  private class WhenTree extends PreOrderTree, WhenClause {
-    final override predicate propagatesAbnormal(AstNode child) { child = this.getAPattern() }
+  private class WhenTree extends ControlFlowTree, WhenClause {
+    final override predicate propagatesAbnormal(AstNode child) {
+      child = [this.getAPattern(), this.getBody()]
+    }
 
     final Expr getLastPattern() {
       exists(int i |
@@ -1407,8 +1410,11 @@ module Trees {
       )
     }
 
+    final override predicate first(AstNode first) { first(this.getPattern(0), first) }
+
     final override predicate last(AstNode last, Completion c) {
-      last(this.getLastPattern(), last, c) and
+      last = this and
+      c.isValidFor(this) and
       c.(ConditionalCompletion).getValue() = false
       or
       last(this.getBody(), last, c)
@@ -1416,8 +1422,9 @@ module Trees {
 
     final override predicate succ(AstNode pred, AstNode succ, Completion c) {
       pred = this and
-      first(this.getPattern(0), succ) and
-      c instanceof SimpleCompletion
+      c.isValidFor(this) and
+      c.(ConditionalCompletion).getValue() = true and
+      first(this.getBody(), succ)
       or
       exists(int i, Expr p, boolean b |
         p = this.getPattern(i) and
@@ -1425,10 +1432,13 @@ module Trees {
         b = c.(ConditionalCompletion).getValue()
       |
         b = true and
-        first(this.getBody(), succ)
+        succ = this
         or
         b = false and
         first(this.getPattern(i + 1), succ)
+        or
+        not exists(this.getPattern(i + 1)) and
+        succ = this
       )
     }
   }
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll
index dbd90ba0ae1..5039d09ff22 100644
--- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll
+++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll
@@ -907,9 +907,13 @@ module TestOutput {
 
   query predicate edges(RelevantNode pred, RelevantNode succ, string attr, string val) {
     attr = "semmle.label" and
-    exists(SuccessorType t | succ = getASuccessor(pred, t) |
-      if successorTypeIsSimple(t) then val = "" else val = t.toString()
-    )
+    val =
+      strictconcat(SuccessorType t, string s |
+        succ = getASuccessor(pred, t) and
+        if successorTypeIsSimple(t) then s = "" else s = t.toString()
+      |
+        s, ", " order by s
+      )
     or
     attr = "semmle.order" and
     val =
diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll
index 9581b45a95e..a048e2d4044 100644
--- a/ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll
+++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll
@@ -86,6 +86,10 @@ private module ConditionalCompletionSplitting {
         last(succ.(ConditionalExpr).getBranch(_), pred, c) and
         completion = c
       )
+      or
+      succ(pred, succ, c) and
+      succ instanceof WhenClause and
+      completion = c
     }
 
     override predicate hasEntryScope(CfgScope scope, AstNode succ) { none() }
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
index c22aa4ca1cf..f586c7d74cc 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll
@@ -7,22 +7,53 @@ private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.dataflow.SSA
 private import codeql.ruby.ast.internal.Constant
 private import codeql.ruby.InclusionTests
+private import codeql.ruby.ast.internal.Literal
 
-private predicate stringConstCompare(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
+cached
+private predicate stringConstCompare(CfgNodes::AstCfgNode guard, CfgNode testedNode, boolean branch) {
   exists(CfgNodes::ExprNodes::ComparisonOperationCfgNode c |
-    c = g and
+    c = guard and
     exists(CfgNodes::ExprNodes::StringLiteralCfgNode strLitNode |
-      c.getExpr() instanceof EqExpr and branch = true
+      // Only consider strings without any interpolations
+      not strLitNode.getExpr().getComponent(_) instanceof StringInterpolationComponent and
+      c.getExpr() instanceof EqExpr and
+      branch = true
       or
       c.getExpr() instanceof CaseEqExpr and branch = true
       or
       c.getExpr() instanceof NEExpr and branch = false
     |
-      c.getLeftOperand() = strLitNode and c.getRightOperand() = e
+      c.getLeftOperand() = strLitNode and c.getRightOperand() = testedNode
       or
-      c.getLeftOperand() = e and c.getRightOperand() = strLitNode
+      c.getLeftOperand() = testedNode and c.getRightOperand() = strLitNode
     )
   )
+  or
+  stringConstCaseCompare(guard, testedNode, branch)
+  or
+  exists(CfgNodes::ExprNodes::BinaryOperationCfgNode g |
+    g = guard and
+    stringConstCompareOr(guard, branch) and
+    stringConstCompare(g.getLeftOperand(), testedNode, _)
+  )
+}
+
+/**
+ * Holds if `guard` is an `or` expression whose operands are string comparison guards.
+ * For example:
+ *
+ * ```rb
+ * x == "foo" or x == "bar"
+ * ```
+ */
+private predicate stringConstCompareOr(
+  CfgNodes::ExprNodes::BinaryOperationCfgNode guard, boolean branch
+) {
+  guard.getExpr() instanceof LogicalOrExpr and
+  branch = true and
+  forall(CfgNode innerGuard | innerGuard = guard.getAnOperand() |
+    stringConstCompare(innerGuard, any(Ssa::Definition def).getARead(), branch)
+  )
 }
 
 /**
@@ -72,10 +103,13 @@ deprecated class StringConstCompare extends DataFlow::BarrierGuard,
   }
 }
 
-private predicate stringConstArrayInclusionCall(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch) {
+cached
+private predicate stringConstArrayInclusionCall(
+  CfgNodes::AstCfgNode guard, CfgNode testedNode, boolean branch
+) {
   exists(InclusionTest t |
-    t.asExpr() = g and
-    e = t.getContainedNode().asExpr() and
+    t.asExpr() = guard and
+    testedNode = t.getContainedNode().asExpr() and
     branch = t.getPolarity()
   |
     exists(ExprNodes::ArrayLiteralCfgNode arr |
@@ -132,3 +166,68 @@ deprecated class StringConstArrayInclusionCall extends DataFlow::BarrierGuard,
 
   override predicate checks(CfgNode expr, boolean branch) { expr = checkedNode and branch = true }
 }
+
+/**
+ * A validation of a value by comparing with a constant string via a `case`
+ * expression. For example:
+ *
+ * ```rb
+ * name = params[:user_name]
+ * case name
+ * when "alice"
+ *   User.find_by("username = #{name}")
+ * when *["bob", "charlie"]
+ *   User.find_by("username = #{name}")
+ * when "dave", "eve" # this is not yet recognised as a barrier guard
+ *   User.find_by("username = #{name}")
+ * end
+ * ```
+ */
+private predicate stringConstCaseCompare(
+  CfgNodes::AstCfgNode guard, CfgNode testedNode, boolean branch
+) {
+  branch = true and
+  exists(CfgNodes::ExprNodes::CaseExprCfgNode case |
+    case.getValue() = testedNode and
+    (
+      guard =
+        any(CfgNodes::ExprNodes::WhenClauseCfgNode branchNode |
+          branchNode = case.getBranch(_) and
+          // For simplicity, consider patterns that contain only string literals or arrays of string literals
+          forall(ExprCfgNode pattern | pattern = branchNode.getPattern(_) |
+            // when "foo"
+            // when "foo", "bar"
+            pattern instanceof ExprNodes::StringLiteralCfgNode
+            or
+            pattern =
+              any(CfgNodes::ExprNodes::SplatExprCfgNode splat |
+                // when *["foo", "bar"]
+                forex(ExprCfgNode elem |
+                  elem = splat.getOperand().(ExprNodes::ArrayLiteralCfgNode).getAnArgument()
+                |
+                  elem instanceof ExprNodes::StringLiteralCfgNode
+                )
+                or
+                // when *some_var
+                // when *SOME_CONST
+                exists(ExprNodes::ArrayLiteralCfgNode arr |
+                  isArrayConstant(splat.getOperand(), arr) and
+                  forall(ExprCfgNode elem | elem = arr.getAnArgument() |
+                    elem instanceof ExprNodes::StringLiteralCfgNode
+                  )
+                )
+              )
+          )
+        )
+      or
+      // in "foo"
+      exists(
+        CfgNodes::ExprNodes::InClauseCfgNode branchNode, ExprNodes::StringLiteralCfgNode pattern
+      |
+        branchNode = case.getBranch(_) and
+        pattern = branchNode.getPattern() and
+        guard = pattern
+      )
+    )
+  )
+}
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSteps.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSteps.qll
new file mode 100644
index 00000000000..881441fc765
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSteps.qll
@@ -0,0 +1,30 @@
+/**
+ * Provides classes representing various flow steps for taint tracking.
+ */
+
+private import codeql.ruby.DataFlow
+private import internal.DataFlowPrivate as DFPrivate
+
+private class Unit = DFPrivate::Unit;
+
+/**
+ * A module importing the frameworks that implement additional flow steps,
+ * ensuring that they are visible to the taint tracking library.
+ */
+private module Frameworks {
+  import codeql.ruby.frameworks.StringFormatters
+}
+
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to all
+ * taint configurations.
+ */
+class AdditionalTaintStep extends Unit {
+  /**
+   * Holds if the step from `node1` to `node2` should be considered a taint
+   * step for all configurations.
+   */
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
index 5f3e11d2703..e2cff3d4878 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
@@ -4,7 +4,9 @@ import codeql.ruby.AST
 import codeql.ruby.DataFlow
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowDispatch
+private import internal.DataFlowImplCommon as DataFlowImplCommon
 private import internal.DataFlowPrivate
+private import internal.FlowSummaryImplSpecific
 
 // import all instances below
 private module Summaries {
@@ -127,6 +129,17 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari
    */
   pragma[nomagic]
   predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() }
+
+  /**
+   * Gets the synthesized parameter that results from an input specification
+   * that starts with `Argument[s]` for this library callable.
+   */
+  DataFlow::ParameterNode getParameter(string s) {
+    exists(ParameterPosition pos |
+      DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
+      s = getParameterPositionCsv(pos)
+    )
+  }
 }
 
 /**
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
index 4b97772d2c9..c3197d42b8c 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
@@ -11,7 +11,8 @@ private import codeql.ruby.dataflow.SSA
 
 newtype TReturnKind =
   TNormalReturnKind() or
-  TBreakReturnKind()
+  TBreakReturnKind() or
+  TNewReturnKind()
 
 /**
  * Gets a node that can read the value returned from `call` with return kind
@@ -43,6 +44,15 @@ class BreakReturnKind extends ReturnKind, TBreakReturnKind {
   override string toString() { result = "break" }
 }
 
+/**
+ * A special return kind that is used to represent the value returned
+ * from user-defined `new` methods as well as the effect on `self` in
+ * `initialize` methods.
+ */
+class NewReturnKind extends ReturnKind, TNewReturnKind {
+  override string toString() { result = "new" }
+}
+
 /** A callable defined in library code, identified by a unique string. */
 abstract class LibraryCallable extends string {
   bindingset[this]
@@ -190,13 +200,10 @@ private Block yieldCall(RelevantCall call) {
 }
 
 pragma[nomagic]
-private predicate superCall(RelevantCall call, Module superClass, string method) {
+private predicate superCall(RelevantCall call, Module cls, string method) {
   call.getExpr() instanceof SuperCall and
-  exists(Module tp |
-    tp = call.getExpr().getEnclosingModule().getModule() and
-    superClass = tp.getSuperClass() and
-    method = call.getExpr().getEnclosingMethod().getName()
-  )
+  cls = call.getExpr().getEnclosingModule().getModule() and
+  method = call.getExpr().getEnclosingMethod().getName()
 }
 
 /** Holds if `self` belongs to module `m`. */
@@ -240,10 +247,10 @@ private predicate selfInToplevel(SelfVariable self, Module m) {
  *
  * the SSA definition for `c` is introduced by matching on `C`.
  */
-private predicate asModulePattern(SsaDefinitionNode def, Module m) {
+private predicate asModulePattern(SsaDefinitionExtNode def, Module m) {
   exists(AsPattern ap |
     m = resolveConstantReadAccess(ap.getPattern()) and
-    def.getDefinition().(Ssa::WriteDefinition).getWriteAccess() = ap.getVariableAccess()
+    def.getDefinitionExt().(Ssa::WriteDefinition).getWriteAccess() = ap.getVariableAccess()
   )
 }
 
@@ -278,14 +285,33 @@ private predicate hasAdjacentTypeCheckedReads(
   )
 }
 
+/** Holds if `new` is a user-defined `self.new` method. */
+predicate isUserDefinedNew(SingletonMethod new) {
+  exists(Expr object | singletonMethod(new, "new", object) |
+    selfInModule(object.(SelfVariableReadAccess).getVariable(), _)
+    or
+    exists(resolveConstantReadAccess(object))
+  )
+}
+
+private Callable viableSourceCallableNonInit(RelevantCall call) {
+  result = getTarget(call) and
+  not call.getExpr() instanceof YieldCall // handled by `lambdaCreation`/`lambdaCall`
+}
+
+private Callable viableSourceCallableInit(RelevantCall call) {
+  result = getInitializeTarget(call) and
+  not isUserDefinedNew(getTarget(call))
+}
+
 /** Holds if `call` may resolve to the returned source-code method. */
-private DataFlowCallable viableSourceCallable(DataFlowCall call) {
-  result = TCfgScope(getTarget(call.asCall())) and
-  not call.asCall().getExpr() instanceof YieldCall // handled by `lambdaCreation`/`lambdaCall`
+private Callable viableSourceCallable(RelevantCall call) {
+  result = viableSourceCallableNonInit(call) or
+  result = viableSourceCallableInit(call)
 }
 
 /** Holds if `call` may resolve to the returned summarized library method. */
-private DataFlowCallable viableLibraryCallable(DataFlowCall call) {
+DataFlowCallable viableLibraryCallable(DataFlowCall call) {
   exists(LibraryCallable callable |
     result = TLibraryCallable(callable) and
     call.asCall().getExpr() = [callable.getACall(), callable.getACallSimple()]
@@ -343,130 +369,26 @@ private module Cached {
       FlowSummaryImpl::Private::summaryCallbackRange(c, receiver)
     }
 
-  pragma[nomagic]
-  private Method lookupInstanceMethodCall(RelevantCall call, string method, boolean exact) {
-    exists(Module tp, DataFlow::Node receiver |
-      methodCall(call, pragma[only_bind_into](receiver), pragma[only_bind_into](method)) and
-      receiver = trackInstance(tp, exact) and
-      result = lookupMethod(tp, pragma[only_bind_into](method), exact)
-    )
-  }
-
-  pragma[nomagic]
-  private predicate isToplevelMethodInFile(Method m, File f) {
-    m.getEnclosingModule() instanceof Toplevel and
-    f = m.getFile()
-  }
-
-  /** Holds if a `self` access may be the receiver of `call` directly inside module `m`. */
-  pragma[nomagic]
-  private predicate selfInModuleFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) {
-    exists(SsaSelfDefinitionNode self |
-      flowsToMethodCallReceiver(call, self, method) and
-      selfInModule(self.getVariable(), m)
-    )
-  }
-
   /**
-   * Holds if a `self` access may be the receiver of `call` inside some singleton method, where
-   * that method belongs to `m` or one of `m`'s transitive super classes.
+   * Gets the relevant `initialize` method for the `new` call, if any.
    */
-  pragma[nomagic]
-  private predicate selfInSingletonMethodFlowsToMethodCallReceiver(
-    RelevantCall call, Module m, string method
-  ) {
-    exists(SsaSelfDefinitionNode self, MethodBase caller |
-      flowsToMethodCallReceiver(call, self, method) and
-      selfInMethod(self.getVariable(), caller, m) and
-      singletonMethod(caller, _, _)
+  cached
+  Method getInitializeTarget(RelevantCall new) {
+    exists(Module m |
+      moduleFlowsToMethodCallReceiver(new, m, "new") and
+      result = lookupMethod(m, "initialize")
     )
   }
 
   cached
   CfgScope getTarget(RelevantCall call) {
-    exists(string method |
-      exists(boolean exact |
-        result = lookupInstanceMethodCall(call, method, exact) and
-        (
-          if result.(Method).isPrivate()
-          then
-            call.getReceiver().getExpr() instanceof SelfVariableAccess and
-            // For now, we restrict the scope of top-level declarations to their file.
-            // This may remove some plausible targets, but also removes a lot of
-            // implausible targets
-            (
-              isToplevelMethodInFile(result, call.getFile()) or
-              not isToplevelMethodInFile(result, _)
-            )
-          else any()
-        ) and
-        if result.(Method).isProtected()
-        then result = lookupMethod(call.getExpr().getEnclosingModule().getModule(), method, exact)
-        else any()
-      )
-      or
-      // singleton method defined on an instance, e.g.
-      // ```rb
-      // c = C.new
-      // def c.singleton; end # <- result
-      // c.singleton          # <- call
-      // ```
-      // or an `extend`ed instance, e.g.
-      // ```rb
-      // c = C.new
-      // module M
-      //   def instance; end  # <- result
-      // end
-      // c.extend M
-      // c.instance # <- call
-      // ```
-      exists(DataFlow::Node receiver |
-        methodCall(call, receiver, method) and
-        receiver = trackSingletonMethodOnInstance(result, method)
-      )
-      or
-      // singleton method defined on a module
-      // or an `extend`ed module, e.g.
-      // ```rb
-      // module M
-      //   def instance; end  # <- result
-      // end
-      // M.extend(M)
-      // M.instance           # <- call
-      // ```
-      exists(Module m, boolean exact | result = lookupSingletonMethod(m, method, exact) |
-        // ```rb
-        // def C.singleton; end # <- result
-        // C.singleton          # <- call
-        // ```
-        moduleFlowsToMethodCallReceiver(call, m, method) and
-        exact = true
-        or
-        // ```rb
-        // class C
-        //   def self.singleton; end # <- result
-        //   self.singleton          # <- call
-        // end
-        // ```
-        selfInModuleFlowsToMethodCallReceiver(call, m, method) and
-        exact = true
-        or
-        // ```rb
-        // class C
-        //   def self.singleton; end # <- result
-        //   def self.other
-        //     self.singleton        # <- call
-        //   end
-        // end
-        // ```
-        selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method) and
-        exact = false
-      )
-    )
+    result = getTargetInstance(call, _)
     or
-    exists(Module superClass, string method |
-      superCall(call, superClass, method) and
-      result = lookupMethod(superClass, method)
+    result = getTargetSingleton(call, _)
+    or
+    exists(Module cls, string method |
+      superCall(call, cls, method) and
+      result = lookupMethod(cls.getAnImmediateAncestor(), method)
     )
     or
     result = yieldCall(call)
@@ -475,7 +397,7 @@ private module Cached {
   /** Gets a viable run-time target for the call `call`. */
   cached
   DataFlowCallable viableCallable(DataFlowCall call) {
-    result = viableSourceCallable(call)
+    result.asCallable() = viableSourceCallable(call.asCall())
     or
     result = viableLibraryCallable(call)
   }
@@ -497,6 +419,7 @@ private module Cached {
       FlowSummaryImplSpecific::ParsePositions::isParsedKeywordParameterPosition(_, name)
     } or
     THashSplatArgumentPosition() or
+    TSplatAllArgumentPosition() or
     TAnyArgumentPosition() or
     TAnyKeywordArgumentPosition()
 
@@ -518,6 +441,7 @@ private module Cached {
       FlowSummaryImplSpecific::ParsePositions::isParsedKeywordArgumentPosition(_, name)
     } or
     THashSplatParameterPosition() or
+    TSplatAllParameterPosition() or
     TAnyParameterPosition() or
     TAnyKeywordParameterPosition()
 }
@@ -548,6 +472,15 @@ private DataFlow::LocalSourceNode trackModuleAccess(Module m) {
   result = trackModuleAccess(m, TypeTracker::end())
 }
 
+pragma[nomagic]
+private predicate hasUserDefinedNew(Module m) {
+  exists(DataFlow::MethodNode method |
+    // not `getAnAncestor` because singleton methods cannot be included
+    singletonMethodOnModule(method.asCallableAstNode(), "new", m.getSuperClass*()) and
+    not method.getSelfParameter().getAMethodCall("allocate").flowsTo(method.getAReturningNode())
+  )
+}
+
 /** Holds if `n` is an instance of type `tp`. */
 private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
   n.asExpr().getExpr() instanceof NilLiteral and
@@ -604,7 +537,9 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) {
   or
   exists(RelevantCall call, DataFlow::LocalSourceNode sourceNode |
     flowsToMethodCallReceiver(call, sourceNode, "new") and
-    n.asExpr() = call
+    n.asExpr() = call and
+    // `tp` should not have a user-defined `self.new` method
+    not hasUserDefinedNew(tp)
   |
     // `C.new`
     sourceNode = trackModuleAccess(tp) and
@@ -703,6 +638,44 @@ private DataFlow::Node trackInstance(Module tp, boolean exact) {
   result = trackInstance(tp, exact, TypeTracker::end())
 }
 
+pragma[nomagic]
+private Method lookupInstanceMethodCall(RelevantCall call, string method, boolean exact) {
+  exists(Module tp, DataFlow::Node receiver |
+    methodCall(call, pragma[only_bind_into](receiver), pragma[only_bind_into](method)) and
+    receiver = trackInstance(tp, exact) and
+    result = lookupMethod(tp, pragma[only_bind_into](method), exact)
+  )
+}
+
+pragma[nomagic]
+private predicate isToplevelMethodInFile(Method m, File f) {
+  m.getEnclosingModule() instanceof Toplevel and
+  f = m.getFile()
+}
+
+pragma[nomagic]
+private CfgScope getTargetInstance(RelevantCall call, string method) {
+  exists(boolean exact |
+    result = lookupInstanceMethodCall(call, method, exact) and
+    (
+      if result.(Method).isPrivate()
+      then
+        call.getReceiver().getExpr() instanceof SelfVariableAccess and
+        // For now, we restrict the scope of top-level declarations to their file.
+        // This may remove some plausible targets, but also removes a lot of
+        // implausible targets
+        (
+          isToplevelMethodInFile(result, call.getFile()) or
+          not isToplevelMethodInFile(result, _)
+        )
+      else any()
+    ) and
+    if result.(Method).isProtected()
+    then result = lookupMethod(call.getExpr().getEnclosingModule().getModule(), method, exact)
+    else any()
+  )
+}
+
 pragma[nomagic]
 private DataFlow::LocalSourceNode trackBlock(Block block, TypeTracker t) {
   t.start() and result.asExpr().getExpr() = block
@@ -814,7 +787,7 @@ private MethodBase lookupSingletonMethod(Module m, string name) {
   // cannot use `lookupSingletonMethodDirect` because it would introduce
   // negative recursion
   not singletonMethodOnModule(_, name, m) and
-  result = lookupSingletonMethod(m.getSuperClass(), name)
+  result = lookupSingletonMethod(m.getSuperClass(), name) // not `getAnImmediateAncestor` because singleton methods cannot be included
 }
 
 pragma[nomagic]
@@ -825,7 +798,9 @@ private MethodBase lookupSingletonMethodInSubClasses(Module m, string name) {
   // being resolved to arbitrary singleton methods.
   // To remedy this, we do not allow following super-classes all the way to Object.
   not m = TResolved("Object") and
-  exists(Module sub | sub.getSuperClass() = m |
+  exists(Module sub |
+    sub.getSuperClass() = m // not `getAnImmediateAncestor` because singleton methods cannot be included
+  |
     result = lookupSingletonMethodDirect(sub, name) or
     result = lookupSingletonMethodInSubClasses(sub, name)
   )
@@ -973,14 +948,88 @@ private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string
   result = trackSingletonMethodOnInstance(method, name, TypeTracker::end())
 }
 
-/** Same as `isInstance`, but includes local must-flow through SSA definitions. */
-private predicate isInstanceLocalMustFlow(DataFlow::Node n, Module tp, boolean exact) {
-  isInstance(n, tp, exact)
+/** Holds if a `self` access may be the receiver of `call` directly inside module `m`. */
+pragma[nomagic]
+private predicate selfInModuleFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) {
+  exists(SsaSelfDefinitionNode self |
+    flowsToMethodCallReceiver(call, self, method) and
+    selfInModule(self.getVariable(), m)
+  )
+}
+
+/**
+ * Holds if a `self` access may be the receiver of `call` inside some singleton method, where
+ * that method belongs to `m` or one of `m`'s transitive super classes.
+ */
+pragma[nomagic]
+private predicate selfInSingletonMethodFlowsToMethodCallReceiver(
+  RelevantCall call, Module m, string method
+) {
+  exists(SsaSelfDefinitionNode self, MethodBase caller |
+    flowsToMethodCallReceiver(call, self, method) and
+    selfInMethod(self.getVariable(), caller, m) and
+    singletonMethod(caller, _, _)
+  )
+}
+
+pragma[nomagic]
+private CfgScope getTargetSingleton(RelevantCall call, string method) {
+  // singleton method defined on an instance, e.g.
+  // ```rb
+  // c = C.new
+  // def c.singleton; end # <- result
+  // c.singleton          # <- call
+  // ```
+  // or an `extend`ed instance, e.g.
+  // ```rb
+  // c = C.new
+  // module M
+  //   def instance; end  # <- result
+  // end
+  // c.extend M
+  // c.instance # <- call
+  // ```
+  exists(DataFlow::Node receiver |
+    methodCall(call, receiver, method) and
+    receiver = trackSingletonMethodOnInstance(result, method)
+  )
   or
-  exists(DataFlow::Node mid | isInstanceLocalMustFlow(mid, tp, exact) |
-    n.asExpr() = mid.(SsaDefinitionNode).getDefinition().getARead()
+  // singleton method defined on a module
+  // or an `extend`ed module, e.g.
+  // ```rb
+  // module M
+  //   def instance; end  # <- result
+  // end
+  // M.extend(M)
+  // M.instance           # <- call
+  // ```
+  exists(Module m, boolean exact | result = lookupSingletonMethod(m, method, exact) |
+    // ```rb
+    // def C.singleton; end # <- result
+    // C.singleton          # <- call
+    // ```
+    moduleFlowsToMethodCallReceiver(call, m, method) and
+    exact = true
     or
-    n.(SsaDefinitionNode).getDefinition().(Ssa::WriteDefinition).assigns(mid.asExpr())
+    // ```rb
+    // class C
+    //   def self.singleton; end # <- result
+    //   self.singleton          # <- call
+    // end
+    // ```
+    selfInModuleFlowsToMethodCallReceiver(call, m, method) and
+    exact = true
+    or
+    // ```rb
+    // class C
+    //   def self.singleton; end # <- result
+    //   def self.other
+    //     self.singleton        # <- call
+    //   end
+    // end
+    // ```
+    selfInSingletonMethodFlowsToMethodCallReceiver(call, m, method) and
+    exact = false
   )
 }
 
@@ -988,27 +1037,60 @@ private predicate isInstanceLocalMustFlow(DataFlow::Node n, Module tp, boolean e
  * Holds if `ctx` targets `encl`, which is the enclosing callable of `call`, the receiver
  * of `call` is a parameter access, where the corresponding argument of `ctx` is `arg`.
  *
- * `name` is the name of the method being called by `call`.
+ * `name` is the name of the method being called by `call`, `source` is a
+ * `LocalSourceNode` that flows to `arg`, and `paramDef` is the SSA definition for the
+ * parameter that is the receiver of `call`.
  */
 pragma[nomagic]
-private predicate argFlowsToReceiver(
-  RelevantCall ctx, ArgumentNode arg, RelevantCall call, Callable encl, string name
+private predicate argMustFlowToReceiver(
+  RelevantCall ctx, DataFlow::LocalSourceNode source, DataFlow::Node arg,
+  SsaDefinitionExtNode paramDef, RelevantCall call, Callable encl, string name
 ) {
-  exists(
-    ParameterNodeImpl p, SsaDefinitionNode ssaNode, ParameterPosition ppos, ArgumentPosition apos
-  |
+  exists(ParameterNodeImpl p, ParameterPosition ppos, ArgumentPosition apos |
     // the receiver of `call` references `p`
-    LocalFlow::localFlowSsaParamInput(p, ssaNode) and
-    flowsToMethodCallReceiver(pragma[only_bind_into](call), pragma[only_bind_into](ssaNode),
-      pragma[only_bind_into](name)) and
+    exists(DataFlow::Node receiver |
+      LocalFlow::localFlowSsaParamInput(p, paramDef) and
+      methodCall(pragma[only_bind_into](call), pragma[only_bind_into](receiver),
+        pragma[only_bind_into](name)) and
+      receiver.asExpr() = paramDef.getDefinitionExt().(Ssa::Definition).getARead()
+    ) and
     // `p` is a parameter of `encl`,
     encl = call.getScope() and
     p.isParameterOf(TCfgScope(encl), ppos) and
-    // `ctx` targets `encl`
-    getTarget(ctx) = encl and
     // `arg` is the argument for `p` in the call `ctx`
-    arg.sourceArgumentOf(ctx, apos) and
-    parameterMatch(ppos, apos)
+    parameterMatch(ppos, apos) and
+    source.flowsTo(arg)
+  |
+    encl = viableSourceCallableNonInit(ctx) and
+    arg.(ArgumentNode).sourceArgumentOf(ctx, apos)
+    or
+    encl = viableSourceCallableInit(ctx) and
+    if apos.isSelf()
+    then
+      // when we are targeting an initializer, the type of `self` inside the
+      // initializer will be the type of the `new` call itself, not the receiver
+      // of the `new` call
+      arg.asExpr() = ctx
+    else arg.(ArgumentNode).sourceArgumentOf(ctx, apos)
+  )
+}
+
+/**
+ * Holds if `ctx` targets `encl`, which is the enclosing callable of `new`, and
+ * the receiver of `new` is a parameter access, where the corresponding argument
+ * `arg` of `ctx` has type `tp`.
+ *
+ * `new` calls the object creation `new` method.
+ */
+pragma[nomagic]
+private predicate mayBenefitFromCallContextInitialize(
+  RelevantCall ctx, RelevantCall new, DataFlow::Node arg, Callable encl, Module tp, string name
+) {
+  exists(DataFlow::LocalSourceNode source |
+    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, _, new, encl, "new") and
+    source = trackModuleAccess(tp) and
+    name = "initialize" and
+    exists(lookupMethod(tp, name))
   )
 }
 
@@ -1022,23 +1104,14 @@ private predicate argFlowsToReceiver(
  */
 pragma[nomagic]
 private predicate mayBenefitFromCallContextInstance(
-  RelevantCall ctx, RelevantCall call, ArgumentNode arg, Callable encl, Module tp, boolean exact,
+  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Callable encl, Module tp, boolean exact,
   string name
 ) {
-  argFlowsToReceiver(ctx, pragma[only_bind_into](arg), call, encl, pragma[only_bind_into](name)) and
-  // `arg` has a relevant instance type
-  isInstanceLocalMustFlow(arg, tp, exact) and
-  exists(lookupMethod(tp, pragma[only_bind_into](name)))
-}
-
-/** Same as `resolveConstantReadAccess`, but includes local must-flow through SSA definitions. */
-private predicate resolveConstantReadAccessMustFlow(DataFlow::Node n, Module tp) {
-  tp = resolveConstantReadAccess(n.asExpr().getExpr())
-  or
-  exists(DataFlow::Node mid | resolveConstantReadAccessMustFlow(mid, tp) |
-    n.asExpr() = mid.(SsaDefinitionNode).getDefinition().getARead()
-    or
-    n.(SsaDefinitionNode).getDefinition().(Ssa::WriteDefinition).assigns(mid.asExpr())
+  exists(DataFlow::LocalSourceNode source |
+    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, _, call, encl,
+      pragma[only_bind_into](name)) and
+    source = trackInstance(tp, exact) and
+    exists(lookupMethod(tp, pragma[only_bind_into](name)))
   )
 }
 
@@ -1052,13 +1125,15 @@ private predicate resolveConstantReadAccessMustFlow(DataFlow::Node n, Module tp)
  */
 pragma[nomagic]
 private predicate mayBenefitFromCallContextSingleton(
-  RelevantCall ctx, RelevantCall call, ArgumentNode arg, Callable encl, Module tp, boolean exact,
+  RelevantCall ctx, RelevantCall call, DataFlow::Node arg, Callable encl, Module tp, boolean exact,
   string name
 ) {
-  argFlowsToReceiver(ctx, pragma[only_bind_into](arg), call, encl, pragma[only_bind_into](name)) and
-  // `arg` has a relevant module type
-  (
-    resolveConstantReadAccessMustFlow(arg, tp) and
+  exists(DataFlow::LocalSourceNode source |
+    argMustFlowToReceiver(ctx, pragma[only_bind_into](source), pragma[only_bind_into](arg), _, call,
+      encl, pragma[only_bind_into](name)) and
+    exists(lookupSingletonMethod(tp, pragma[only_bind_into](name), exact))
+  |
+    source = trackModuleAccess(tp) and
     exact = true
     or
     exists(SelfVariable self | arg.asExpr().getExpr() = self.getAnAccess() |
@@ -1071,8 +1146,7 @@ private predicate mayBenefitFromCallContextSingleton(
         exact = false
       )
     )
-  ) and
-  exists(lookupSingletonMethod(tp, pragma[only_bind_into](name), exact))
+  )
 }
 
 /**
@@ -1082,6 +1156,8 @@ private predicate mayBenefitFromCallContextSingleton(
  * the implicit `self` parameter).
  */
 predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
+  mayBenefitFromCallContextInitialize(_, call.asCall(), _, c.asCallable(), _, _)
+  or
   mayBenefitFromCallContextInstance(_, call.asCall(), _, c.asCallable(), _, _, _)
   or
   mayBenefitFromCallContextSingleton(_, call.asCall(), _, c.asCallable(), _, _, _)
@@ -1099,30 +1175,43 @@ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
     exists(RelevantCall call0, Callable res |
       call0 = call.asCall() and
       res = result.asCallable() and
-      res = getTarget(call0) and // make sure to not include e.g. private methods
-      exists(Module m, boolean exact, string name |
-        mayBenefitFromCallContextInstance(ctx.asCall(), pragma[only_bind_into](call0), _, _,
-          pragma[only_bind_into](m), exact, pragma[only_bind_into](name)) and
-        res = lookupMethod(m, name, exact)
+      exists(Module m, string name |
+        mayBenefitFromCallContextInitialize(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+          pragma[only_bind_into](m), pragma[only_bind_into](name)) and
+        res = getInitializeTarget(call0) and
+        res = lookupMethod(m, name)
         or
-        mayBenefitFromCallContextSingleton(ctx.asCall(), pragma[only_bind_into](call0), _, _,
-          pragma[only_bind_into](m), exact, pragma[only_bind_into](name)) and
-        res = lookupSingletonMethod(m, name, exact)
+        exists(boolean exact |
+          mayBenefitFromCallContextInstance(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+            pragma[only_bind_into](m), pragma[only_bind_into](exact), pragma[only_bind_into](name)) and
+          res = getTargetInstance(call0, name) and
+          res = lookupMethod(m, name, exact)
+          or
+          mayBenefitFromCallContextSingleton(ctx.asCall(), pragma[only_bind_into](call0), _, _,
+            pragma[only_bind_into](m), pragma[only_bind_into](exact), pragma[only_bind_into](name)) and
+          res = getTargetSingleton(call0, name) and
+          res = lookupSingletonMethod(m, name, exact)
+        )
       )
     )
     or
-    // `ctx` cannot provide a type bound
-    exists(RelevantCall call0, RelevantCall ctx0, ArgumentNode arg, string name |
+    // `ctx` cannot provide a type bound, and the receiver of the call is `self`;
+    // in this case, still apply an open-world assumption
+    exists(
+      RelevantCall call0, RelevantCall ctx0, DataFlow::Node arg, SsaSelfDefinitionNode self,
+      string name
+    |
       call0 = call.asCall() and
       ctx0 = ctx.asCall() and
-      argFlowsToReceiver(ctx0, arg, call0, _, name) and
+      argMustFlowToReceiver(ctx0, _, arg, self, call0, _, name) and
+      not mayBenefitFromCallContextInitialize(ctx0, call0, arg, _, _, _) and
       not mayBenefitFromCallContextInstance(ctx0, call0, arg, _, _, _, name) and
       not mayBenefitFromCallContextSingleton(ctx0, call0, arg, _, _, _, name) and
-      result = viableSourceCallable(call)
+      result.asCallable() = viableSourceCallable(call0)
     )
     or
     // library calls should always be able to resolve
-    argFlowsToReceiver(ctx.asCall(), _, call.asCall(), _, _) and
+    argMustFlowToReceiver(ctx.asCall(), _, _, _, call.asCall(), _, _) and
     result = viableLibraryCallable(call)
   )
 }
@@ -1149,6 +1238,8 @@ class ParameterPosition extends TParameterPosition {
   /** Holds if this position represents a hash-splat parameter. */
   predicate isHashSplat() { this = THashSplatParameterPosition() }
 
+  predicate isSplatAll() { this = TSplatAllParameterPosition() }
+
   /**
    * Holds if this position represents any parameter, except `self` parameters. This
    * includes both positional, named, and block parameters.
@@ -1172,6 +1263,8 @@ class ParameterPosition extends TParameterPosition {
     or
     this.isHashSplat() and result = "**"
     or
+    this.isSplatAll() and result = "*"
+    or
     this.isAny() and result = "any"
     or
     this.isAnyNamed() and result = "any-named"
@@ -1207,6 +1300,8 @@ class ArgumentPosition extends TArgumentPosition {
    */
   predicate isHashSplat() { this = THashSplatArgumentPosition() }
 
+  predicate isSplatAll() { this = TSplatAllArgumentPosition() }
+
   /** Gets a textual representation of this position. */
   string toString() {
     this.isSelf() and result = "self"
@@ -1222,6 +1317,8 @@ class ArgumentPosition extends TArgumentPosition {
     this.isAnyNamed() and result = "any-named"
     or
     this.isHashSplat() and result = "**"
+    or
+    this.isSplatAll() and result = "*"
   }
 }
 
@@ -1248,6 +1345,8 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
   or
   ppos.isHashSplat() and apos.isHashSplat()
   or
+  ppos.isSplatAll() and apos.isSplatAll()
+  or
   ppos.isAny() and argumentPositionIsNotSelf(apos)
   or
   apos.isAny() and parameterPositionIsNotSelf(ppos)
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForRegExp.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
index 8c9c8242c71..76380de9415 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
@@ -75,16 +75,26 @@ CfgNodes::ExprCfgNode getAPostUpdateNodeForArg(Argument arg) {
 module LocalFlow {
   private import codeql.ruby.dataflow.internal.SsaImpl
 
+  /** An SSA definition into which another SSA definition may flow. */
+  private class SsaInputDefinitionExtNode extends SsaDefinitionExtNode {
+    SsaInputDefinitionExtNode() {
+      def instanceof Ssa::PhiNode
+      or
+      def instanceof SsaImpl::PhiReadNode
+      //TODO: or def instanceof LocalFlow::UncertainExplicitSsaDefinition
+    }
+  }
+
   /**
    * Holds if `nodeFrom` is a node for SSA definition `def`, which can reach `next`.
    */
   private predicate localFlowSsaInputFromDef(
-    SsaDefinitionNode nodeFrom, Ssa::Definition def, Ssa::Definition next
+    SsaDefinitionExtNode nodeFrom, SsaImpl::DefinitionExt def, SsaInputDefinitionExtNode next
   ) {
     exists(BasicBlock bb, int i |
-      lastRefBeforeRedef(def, bb, i, next) and
-      def = nodeFrom.getDefinition() and
-      def.definesAt(_, bb, i)
+      lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and
+      def = nodeFrom.getDefinitionExt() and
+      def.definesAt(_, bb, i, _)
     )
   }
 
@@ -92,27 +102,27 @@ module LocalFlow {
    * Holds if `exprFrom` is a last read of SSA definition `def`, which
    * can reach `next`.
    */
-  predicate localFlowSsaInputFromExpr(
-    CfgNodes::ExprCfgNode exprFrom, Ssa::Definition def, Ssa::Definition next
+  predicate localFlowSsaInputFromRead(
+    CfgNodes::ExprCfgNode exprFrom, SsaImpl::DefinitionExt def, SsaInputDefinitionExtNode next
   ) {
     exists(BasicBlock bb, int i |
-      lastRefBeforeRedef(def, bb, i, next) and
+      SsaImpl::lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and
       exprFrom = bb.getNode(i) and
       exprFrom.getExpr() instanceof VariableReadAccess
     )
   }
 
   /** Gets the SSA definition node corresponding to parameter `p`. */
-  SsaDefinitionNode getParameterDefNode(NamedParameter p) {
+  SsaDefinitionExtNode getParameterDefNode(NamedParameter p) {
     exists(BasicBlock bb, int i |
       bb.getNode(i).getNode() = p.getDefiningAccess() and
-      result.getDefinition().definesAt(_, bb, i)
+      result.getDefinitionExt().definesAt(_, bb, i, _)
     )
   }
 
   /** Gets the SSA definition node corresponding to the implicit `self` parameter for `m`. */
-  private SsaDefinitionNode getSelfParameterDefNode(MethodBase m) {
-    result.getDefinition().(Ssa::SelfDefinition).getSourceVariable().getDeclaringScope() = m
+  private SsaDefinitionExtNode getSelfParameterDefNode(MethodBase m) {
+    result.getDefinitionExt().(Ssa::SelfDefinition).getSourceVariable().getDeclaringScope() = m
   }
 
   /**
@@ -136,7 +146,7 @@ module LocalFlow {
       or
       nodeFrom.(SelfParameterNode).getSelfVariable() = def.getSourceVariable()
     |
-      nodeTo.(SsaDefinitionNode).getDefinition() = def
+      nodeTo.(SsaDefinitionExtNode).getDefinitionExt() = def
     )
   }
 
@@ -144,8 +154,8 @@ module LocalFlow {
    * Holds if there is a local use-use flow step from `nodeFrom` to `nodeTo`
    * involving SSA definition `def`.
    */
-  predicate localSsaFlowStepUseUse(Ssa::Definition def, Node nodeFrom, Node nodeTo) {
-    def.hasAdjacentReads(nodeFrom.asExpr(), nodeTo.asExpr())
+  predicate localSsaFlowStepUseUse(SsaImpl::DefinitionExt def, Node nodeFrom, Node nodeTo) {
+    SsaImpl::adjacentReadPairExt(def, nodeFrom.asExpr(), nodeTo.asExpr())
   }
 
   /**
@@ -153,24 +163,20 @@ module LocalFlow {
    * SSA definition `def`.
    */
   private predicate localSsaFlowStep(Node nodeFrom, Node nodeTo) {
-    exists(Ssa::Definition def |
+    exists(SsaImpl::DefinitionExt def |
       // Flow from assignment into SSA definition
       def.(Ssa::WriteDefinition).assigns(nodeFrom.asExpr()) and
-      nodeTo.(SsaDefinitionNode).getDefinition() = def
+      nodeTo.(SsaDefinitionExtNode).getDefinitionExt() = def
       or
       // Flow from SSA definition to first read
-      def = nodeFrom.(SsaDefinitionNode).getDefinition() and
-      nodeTo.asExpr() = def.getAFirstRead()
+      def = nodeFrom.(SsaDefinitionExtNode).getDefinitionExt() and
+      firstReadExt(def, nodeTo.asExpr())
       or
       // Flow from read to next read
       localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
       or
-      // Flow into phi node from definition
-      exists(Ssa::PhiNode phi |
-        localFlowSsaInputFromDef(nodeFrom, def, phi) and
-        phi = nodeTo.(SsaDefinitionNode).getDefinition() and
-        def = phi.getAnInput()
-      )
+      // Flow into phi (read) SSA definition node from def
+      localFlowSsaInputFromDef(nodeFrom, def, nodeTo)
     )
     // TODO
     // or
@@ -183,6 +189,18 @@ module LocalFlow {
   }
 
   predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) {
+    exists(DataFlowCallable c | nodeFrom = TSynthHashSplatParameterNode(c) |
+      exists(HashSplatParameter p |
+        p.getCallable() = c.asCallable() and
+        nodeTo = TNormalParameterNode(p)
+      )
+      or
+      exists(ParameterPosition pos |
+        nodeTo = TSummaryParameterNode(c.asLibraryCallable(), pos) and
+        pos.isHashSplat()
+      )
+    )
+    or
     localSsaFlowStep(nodeFrom, nodeTo)
     or
     nodeFrom.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::BlockArgumentCfgNode).getValue()
@@ -241,6 +259,10 @@ private class Argument extends CfgNodes::ExprCfgNode {
     this = call.getAnArgument() and
     this.getExpr() instanceof HashSplatExpr and
     arg.isHashSplat()
+    or
+    this = call.getArgument(0) and
+    this.getExpr() instanceof SplatExpr and
+    arg.isSplatAll()
   }
 
   /** Holds if this expression is the `i`th argument of `c`. */
@@ -271,12 +293,13 @@ private module Cached {
         ret.getKind() = kind
       )
     } or
-    TSsaDefinitionNode(Ssa::Definition def) or
+    TSsaDefinitionExtNode(SsaImpl::DefinitionExt def) or
     TNormalParameterNode(Parameter p) {
       p instanceof SimpleParameter or
       p instanceof OptionalParameter or
       p instanceof KeywordParameter or
-      p instanceof HashSplatParameter
+      p instanceof HashSplatParameter or
+      p instanceof SplatParameter
     } or
     TSelfParameterNode(MethodBase m) or
     TBlockParameterNode(MethodBase m) or
@@ -317,6 +340,12 @@ private module Cached {
     p.(KeywordParameter).getDefaultValue() = e.getExprNode().getExpr()
   }
 
+  cached
+  Location getLocation(NodeImpl n) { result = n.getLocationImpl() }
+
+  cached
+  string toString(NodeImpl n) { result = n.toStringImpl() }
+
   /**
    * This is the local flow predicate that is used as a building block in global
    * data flow.
@@ -335,10 +364,8 @@ private module Cached {
     not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _)
     or
     // Flow into phi node from read
-    exists(Ssa::Definition def, Ssa::PhiNode phi, CfgNodes::ExprCfgNode exprFrom |
-      LocalFlow::localFlowSsaInputFromExpr(exprFrom, def, phi) and
-      phi = nodeTo.(SsaDefinitionNode).getDefinition() and
-      def = phi.getAnInput()
+    exists(SsaImpl::DefinitionExt def, CfgNodes::ExprCfgNode exprFrom |
+      LocalFlow::localFlowSsaInputFromRead(exprFrom, def, nodeTo)
     |
       exprFrom = nodeFrom.asExpr() and
       not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _)
@@ -383,18 +410,16 @@ private module Cached {
     LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo)
     or
     // Flow into phi node from read
-    exists(Ssa::Definition def, Ssa::PhiNode phi, CfgNodes::ExprCfgNode exprFrom |
-      LocalFlow::localFlowSsaInputFromExpr(exprFrom, def, phi) and
-      phi = nodeTo.(SsaDefinitionNode).getDefinition() and
-      def = phi.getAnInput() and
+    exists(SsaImpl::DefinitionExt def, CfgNodes::ExprCfgNode exprFrom |
+      LocalFlow::localFlowSsaInputFromRead(exprFrom, def, nodeTo) and
       exprFrom = [nodeFrom.asExpr(), nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr()]
     )
   }
 
-  private predicate entrySsaDefinition(SsaDefinitionNode n) {
+  private predicate entrySsaDefinition(SsaDefinitionExtNode n) {
     n = LocalFlow::getParameterDefNode(_)
     or
-    exists(Ssa::Definition def | def = n.getDefinition() |
+    exists(SsaImpl::DefinitionExt def | def = n.getDefinitionExt() |
       def instanceof Ssa::SelfDefinition
       or
       def instanceof Ssa::CapturedEntryDefinition
@@ -474,7 +499,7 @@ private module Cached {
       // external model data. This, unfortunately, does not included any field names used
       // in models defined in QL code.
       exists(string input, string output |
-        ModelOutput::relevantSummaryModel(_, _, _, input, output, _)
+        ModelOutput::relevantSummaryModel(_, _, input, output, _)
       |
         name = [input, output].regexpFind("(?<=(^|\\.)Field\\[)[^\\]]+(?=\\])", _, _).trim()
       )
@@ -495,6 +520,13 @@ private module Cached {
       )
     )
   }
+
+  cached
+  newtype TContentApprox =
+    TUnknownElementContentApprox() or
+    TKnownIntegerElementContentApprox() or
+    TKnownElementContentApprox(string approx) { approx = approxKnownElementIndex(_) } or
+    TNonElementContentApprox(Content c) { not c instanceof Content::ElementContent }
 }
 
 class TElementContent = TKnownElementContent or TUnknownElementContent;
@@ -503,8 +535,9 @@ import Cached
 
 /** Holds if `n` should be hidden from path explanations. */
 predicate nodeIsHidden(Node n) {
-  exists(Ssa::Definition def | def = n.(SsaDefinitionNode).getDefinition() |
+  exists(SsaImpl::DefinitionExt def | def = n.(SsaDefinitionExtNode).getDefinitionExt() |
     def instanceof Ssa::PhiNode or
+    def instanceof SsaImpl::PhiReadNode or
     def instanceof Ssa::CapturedEntryDefinition or
     def instanceof Ssa::CapturedCallDefinition
   )
@@ -525,13 +558,13 @@ predicate nodeIsHidden(Node n) {
 }
 
 /** An SSA definition, viewed as a node in a data flow graph. */
-class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode {
-  Ssa::Definition def;
+class SsaDefinitionExtNode extends NodeImpl, TSsaDefinitionExtNode {
+  SsaImpl::DefinitionExt def;
 
-  SsaDefinitionNode() { this = TSsaDefinitionNode(def) }
+  SsaDefinitionExtNode() { this = TSsaDefinitionExtNode(def) }
 
   /** Gets the underlying SSA definition. */
-  Ssa::Definition getDefinition() { result = def }
+  SsaImpl::DefinitionExt getDefinitionExt() { result = def }
 
   /** Gets the underlying variable. */
   Variable getVariable() { result = def.getSourceVariable() }
@@ -544,7 +577,7 @@ class SsaDefinitionNode extends NodeImpl, TSsaDefinitionNode {
 }
 
 /** An SSA definition for a `self` variable. */
-class SsaSelfDefinitionNode extends LocalSourceNode, SsaDefinitionNode {
+class SsaSelfDefinitionNode extends LocalSourceNode, SsaDefinitionExtNode {
   private SelfVariable self;
 
   SsaSelfDefinitionNode() { self = def.getSourceVariable() }
@@ -615,7 +648,12 @@ private module ParameterNodes {
           )
         or
         parameter = callable.getAParameter().(HashSplatParameter) and
-        pos.isHashSplat()
+        pos.isHashSplat() and
+        // avoid overlap with `SynthHashSplatParameterNode`
+        not callable.getAParameter() instanceof KeywordParameter
+        or
+        parameter = callable.getParameter(0).(SplatParameter) and
+        pos.isSplatAll()
       )
     }
 
@@ -764,7 +802,16 @@ private module ParameterNodes {
     override Parameter getParameter() { none() }
 
     override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
-      sc = c.asLibraryCallable() and pos = pos_
+      sc = c.asLibraryCallable() and
+      pos = pos_ and
+      // avoid overlap with `SynthHashSplatParameterNode`
+      not (
+        pos.isHashSplat() and
+        exists(ParameterPosition keywordPos |
+          FlowSummaryImpl::Private::summaryParameterNodeRange(sc, keywordPos) and
+          keywordPos.isKeyword(_)
+        )
+      )
     }
 
     override CfgScope getCfgScope() { none() }
@@ -781,8 +828,8 @@ import ParameterNodes
 
 /** A data-flow node used to model flow summaries. */
 class SummaryNode extends NodeImpl, TSummaryNode {
-  private FlowSummaryImpl::Public::SummarizedCallable c;
-  private FlowSummaryImpl::Private::SummaryNodeState state;
+  FlowSummaryImpl::Public::SummarizedCallable c;
+  FlowSummaryImpl::Private::SummaryNodeState state;
 
   SummaryNode() { this = TSummaryNode(c, state) }
 
@@ -904,6 +951,11 @@ private module ArgumentNodes {
 
 import ArgumentNodes
 
+/** A call to `new`. */
+private class NewCall extends DataFlowCall {
+  NewCall() { this.asCall().getExpr().(MethodCall).getMethodName() = "new" }
+}
+
 /** A data-flow node that represents a value syntactically returned by a callable. */
 abstract class ReturningNode extends Node {
   /** Gets the kind of this return node. */
@@ -947,7 +999,12 @@ private module ReturnNodes {
     override ReturnKind getKind() {
       if n.getNode() instanceof BreakStmt
       then result instanceof BreakReturnKind
-      else result instanceof NormalReturnKind
+      else
+        exists(CfgScope scope | scope = this.getCfgScope() |
+          if isUserDefinedNew(scope)
+          then result instanceof NewReturnKind
+          else result instanceof NormalReturnKind
+        )
     }
   }
 
@@ -971,7 +1028,42 @@ private module ReturnNodes {
   class ExprReturnNode extends ReturningNode, ExprNode {
     ExprReturnNode() { exists(Callable c | implicitReturn(c, this) = c.getAStmt()) }
 
-    override ReturnKind getKind() { result instanceof NormalReturnKind }
+    override ReturnKind getKind() {
+      exists(CfgScope scope | scope = this.(NodeImpl).getCfgScope() |
+        if isUserDefinedNew(scope)
+        then result instanceof NewReturnKind
+        else result instanceof NormalReturnKind
+      )
+    }
+  }
+
+  /**
+   * A `self` node inside an `initialize` method through which data may return.
+   *
+   * For example, in
+   *
+   * ```rb
+   * class C
+   *   def initialize(x)
+   *     @x = x
+   *   end
+   * end
+   * ```
+   *
+   * the implicit `self` reference in `@x` will return data stored in the field
+   * `x` out to the call `C.new`.
+   */
+  class InitializeReturnNode extends ExprPostUpdateNode, ReturningNode {
+    InitializeReturnNode() {
+      exists(Method initialize |
+        this.getCfgScope() = initialize and
+        initialize.getName() = "initialize" and
+        initialize = any(ClassDeclaration c).getAMethod() and
+        this.getPreUpdateNode().asExpr().getExpr() instanceof SelfVariableReadAccess
+      )
+    }
+
+    override ReturnKind getKind() { result instanceof NewReturnKind }
   }
 
   /**
@@ -1007,7 +1099,14 @@ private module ReturnNodes {
 
     SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this, rk) }
 
-    override ReturnKind getKind() { result = rk }
+    override ReturnKind getKind() {
+      result = rk
+      or
+      exists(NewCall new |
+        TLibraryCallable(c) = viableLibraryCallable(new) and
+        result instanceof NewReturnKind
+      )
+    }
   }
 }
 
@@ -1031,7 +1130,9 @@ private module OutNodes {
 
     override DataFlowCall getCall(ReturnKind kind) {
       result = call and
-      kind instanceof NormalReturnKind
+      if call instanceof NewCall
+      then kind instanceof NewReturnKind
+      else kind instanceof NormalReturnKind
     }
   }
 
@@ -1047,11 +1148,11 @@ private module OutNodes {
 import OutNodes
 
 predicate jumpStep(Node pred, Node succ) {
-  SsaImpl::captureFlowIn(_, pred.(SsaDefinitionNode).getDefinition(),
-    succ.(SsaDefinitionNode).getDefinition())
+  SsaImpl::captureFlowIn(_, pred.(SsaDefinitionExtNode).getDefinitionExt(),
+    succ.(SsaDefinitionExtNode).getDefinitionExt())
   or
-  SsaImpl::captureFlowOut(_, pred.(SsaDefinitionNode).getDefinition(),
-    succ.(SsaDefinitionNode).getDefinition())
+  SsaImpl::captureFlowOut(_, pred.(SsaDefinitionExtNode).getDefinitionExt(),
+    succ.(SsaDefinitionExtNode).getDefinitionExt())
   or
   succ.asExpr().getExpr().(ConstantReadAccess).getValue() = pred.asExpr().getExpr()
   or
@@ -1166,11 +1267,11 @@ predicate clearsContent(Node n, ContentSet c) {
   // Filter out keyword arguments that are part of the method signature from
   // the hash-splat parameter
   exists(
-    DataFlowCallable callable, ParameterPosition hashSplatPos, ParameterNodeImpl keywordParam,
+    DataFlowCallable callable, HashSplatParameter hashSplatParam, ParameterNodeImpl keywordParam,
     ParameterPosition keywordPos, string name
   |
-    n.(ParameterNodes::NormalParameterNode).isParameterOf(callable, hashSplatPos) and
-    hashSplatPos.isHashSplat() and
+    n = TNormalParameterNode(hashSplatParam) and
+    callable.asCallable() = hashSplatParam.getCallable() and
     keywordParam.isParameterOf(callable, keywordPos) and
     keywordPos.isKeyword(name) and
     c = getKeywordContent(name)
@@ -1249,9 +1350,7 @@ private module PostUpdateNodes {
 private import PostUpdateNodes
 
 /** A node that performs a type cast. */
-class CastNode extends Node {
-  CastNode() { this instanceof ReturningNode }
-}
+class CastNode extends Node instanceof ReturningNode { }
 
 class DataFlowExpr = CfgNodes::ExprCfgNode;
 
@@ -1330,3 +1429,58 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
 predicate allowParameterReturnInSelf(ParameterNode p) {
   FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
 }
+
+/** An approximated `Content`. */
+class ContentApprox extends TContentApprox {
+  string toString() {
+    this = TUnknownElementContentApprox() and
+    result = "element"
+    or
+    this = TKnownIntegerElementContentApprox() and
+    result = "approximated integer element"
+    or
+    exists(string approx |
+      this = TKnownElementContentApprox(approx) and
+      result = "approximated element " + approx
+    )
+    or
+    exists(Content c |
+      this = TNonElementContentApprox(c) and
+      result = c.toString()
+    )
+  }
+}
+
+/**
+ * Gets a string for approximating known element indices.
+ *
+ * We take two characters from the serialized index as the projection,
+ * since for symbols this will include the first character.
+ */
+private string approxKnownElementIndex(Content::KnownElementContent c) {
+  not c.getIndex().isInt(_) and
+  exists(string s | s = c.getIndex().serialize() |
+    s.length() < 2 and
+    result = s
+    or
+    result = s.prefix(2)
+    or
+    // workaround for `prefix` not working with Unicode characters
+    s.length() >= 2 and
+    not exists(s.prefix(2)) and
+    result = s
+  )
+}
+
+/** Gets an approximated value for content `c`. */
+ContentApprox getContentApprox(Content c) {
+  c instanceof Content::UnknownElementContent and
+  result = TUnknownElementContentApprox()
+  or
+  c.(Content::KnownElementContent).getIndex().isInt(_) and
+  result = TKnownIntegerElementContentApprox()
+  or
+  result = TKnownElementContentApprox(approxKnownElementIndex(c))
+  or
+  result = TNonElementContentApprox(c)
+}
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
index e04449fbeaa..53a576f18b3 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
@@ -19,12 +19,10 @@ class Node extends TNode {
   Parameter asParameter() { result = this.(ParameterNode).getParameter() }
 
   /** Gets a textual representation of this node. */
-  cached
-  final string toString() { result = this.(NodeImpl).toStringImpl() }
+  final string toString() { result = toString(this) }
 
   /** Gets the location of this node. */
-  cached
-  final Location getLocation() { result = this.(NodeImpl).getLocationImpl() }
+  final Location getLocation() { result = getLocation(this) }
 
   /**
    * Holds if this element is at the specified location.
@@ -373,7 +371,7 @@ private module Cached {
   LocalSourceNode getConstantAccessNode(ConstantAccess access) {
     // Namespaces don't evaluate to the constant being accessed, they return the value of their last statement.
     // Use the definition of 'self' in the namespace as the representative in this case.
-    result.(SsaDefinitionNode).getDefinition().(Ssa::SelfDefinition).getSourceVariable() =
+    result.(SsaDefinitionExtNode).getDefinitionExt().(Ssa::SelfDefinition).getSourceVariable() =
       access.(Namespace).getModuleSelfVariable()
     or
     not access instanceof Namespace and
@@ -615,7 +613,7 @@ class ContentSet extends TContentSet {
  * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
  * the argument `x`.
  */
-signature predicate guardChecksSig(CfgNodes::ExprCfgNode g, CfgNode e, boolean branch);
+signature predicate guardChecksSig(CfgNodes::AstCfgNode g, CfgNode e, boolean branch);
 
 /**
  * Provides a set of barrier nodes for a guard that validates an expression.
@@ -625,13 +623,13 @@ signature predicate guardChecksSig(CfgNodes::ExprCfgNode g, CfgNode e, boolean b
  */
 module BarrierGuard<guardChecksSig/3 guardChecks> {
   pragma[nomagic]
-  private predicate guardChecksSsaDef(CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def) {
+  private predicate guardChecksSsaDef(CfgNodes::AstCfgNode g, boolean branch, Ssa::Definition def) {
     guardChecks(g, def.getARead(), branch)
   }
 
   pragma[nomagic]
   private predicate guardControlsSsaDef(
-    CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def, Node n
+    CfgNodes::AstCfgNode g, boolean branch, Ssa::Definition def, Node n
   ) {
     def.getARead() = n.asExpr() and
     guardControlsBlock(g, n.asExpr().getBasicBlock(), branch)
@@ -639,7 +637,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
 
   /** Gets a node that is safely guarded by the given guard check. */
   Node getABarrierNode() {
-    exists(CfgNodes::ExprCfgNode g, boolean branch, Ssa::Definition def |
+    exists(CfgNodes::AstCfgNode g, boolean branch, Ssa::Definition def |
       guardChecksSsaDef(g, branch, def) and
       guardControlsSsaDef(g, branch, def, result)
     )
@@ -669,8 +667,8 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
 }
 
 /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
-private predicate guardControlsBlock(CfgNodes::ExprCfgNode guard, BasicBlock bb, boolean branch) {
-  exists(ConditionBlock conditionBlock, SuccessorTypes::BooleanSuccessor s |
+private predicate guardControlsBlock(CfgNodes::AstCfgNode guard, BasicBlock bb, boolean branch) {
+  exists(ConditionBlock conditionBlock, SuccessorTypes::ConditionalSuccessor s |
     guard = conditionBlock.getLastNode() and
     s.getValue() = branch and
     conditionBlock.controls(bb, s)
@@ -819,7 +817,7 @@ class ModuleNode instanceof Module {
    * This only gets `self` at the module level, not inside any (singleton) method.
    */
   LocalSourceNode getModuleLevelSelf() {
-    result.(SsaDefinitionNode).getVariable() = super.getADeclaration().getModuleSelfVariable()
+    result.(SsaDefinitionExtNode).getVariable() = super.getADeclaration().getModuleSelfVariable()
   }
 
   /**
@@ -1058,6 +1056,15 @@ class MethodNode extends CallableNode {
 
   /** Gets the name of this method. */
   string getMethodName() { result = this.asCallableAstNode().getName() }
+
+  /** Holds if this method is public. */
+  predicate isPublic() { this.asCallableAstNode().isPublic() }
+
+  /** Holds if this method is private. */
+  predicate isPrivate() { this.asCallableAstNode().isPrivate() }
+
+  /** Holds if this method is protected. */
+  predicate isProtected() { this.asCallableAstNode().isProtected() }
 }
 
 /**
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
index 4d41254e5e9..b61142c33a7 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
@@ -241,19 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if the summary is auto generated.
+     * Holds if the summary is auto generated and not manually generated.
      */
     predicate isAutoGenerated() { none() }
-  }
-
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -520,7 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -1011,6 +1018,10 @@ module Private {
       }
 
       override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -1160,9 +1171,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1179,13 +1190,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1204,14 +1215,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
index 0fde6438872..7e569972bb6 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -63,11 +63,11 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
- * Note. Negative flow summaries has not been implemented for ruby.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the neutral model is autogenerated.
+ * Note. Neutral models have not been implemented for ruby.
  */
-predicate negativeSummaryElement(FlowSummary::SummarizedCallable c, boolean generated) { none() }
+predicate neutralElement(FlowSummary::SummarizedCallable c, boolean generated) { none() }
 
 bindingset[arg]
 private SummaryComponent interpretElementArg(string arg) {
@@ -145,19 +145,32 @@ string getComponentSpecificCsv(SummaryComponent sc) { none() }
 
 /** Gets the textual representation of a parameter position in the format used for flow summaries. */
 string getParameterPositionCsv(ParameterPosition pos) {
-  pos.isSelf() and result = "self"
-  or
-  pos.isBlock() and result = "block"
-  or
   exists(int i |
     pos.isPositional(i) and
     result = i.toString()
   )
   or
+  exists(int i |
+    pos.isPositionalLowerBound(i) and
+    result = i + ".."
+  )
+  or
   exists(string name |
     pos.isKeyword(name) and
     result = name + ":"
   )
+  or
+  pos.isSelf() and
+  result = "self"
+  or
+  pos.isBlock() and
+  result = "block"
+  or
+  pos.isAny() and
+  result = "any"
+  or
+  pos.isAnyNamed() and
+  result = "any-named"
 }
 
 /** Gets the textual representation of an argument position in the format used for flow summaries. */
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
index c7154b50d0f..4ec23705b44 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
@@ -2,6 +2,7 @@ private import codeql.ssa.Ssa as SsaImplCommon
 private import codeql.ruby.AST
 private import codeql.ruby.CFG as Cfg
 private import codeql.ruby.controlflow.internal.ControlFlowGraphImplShared as ControlFlowGraphImplShared
+private import codeql.ruby.dataflow.SSA
 private import codeql.ruby.ast.Variable
 private import Cfg::CfgNodes::ExprNodes
 
@@ -61,7 +62,23 @@ private module SsaInput implements SsaImplCommon::InputSig {
   }
 }
 
-import SsaImplCommon::Make<SsaInput>
+private import SsaImplCommon::Make<SsaInput> as Impl
+
+class Definition = Impl::Definition;
+
+class WriteDefinition = Impl::WriteDefinition;
+
+class UncertainWriteDefinition = Impl::UncertainWriteDefinition;
+
+class PhiNode = Impl::PhiNode;
+
+module Consistency = Impl::Consistency;
+
+module ExposedForTestingOnly {
+  predicate ssaDefReachesReadExt = Impl::ssaDefReachesReadExt/4;
+
+  predicate phiHasInputFromBlockExt = Impl::phiHasInputFromBlockExt/3;
+}
 
 /** Holds if `v` is uninitialized at index `i` in entry block `bb`. */
 predicate uninitializedWrite(Cfg::EntryBasicBlock bb, int i, LocalVariable v) {
@@ -204,7 +221,16 @@ private predicate adjacentDefRead(
   Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2,
   SsaInput::SourceVariable v
 ) {
-  adjacentDefRead(def, bb1, i1, bb2, i2) and
+  Impl::adjacentDefRead(def, bb1, i1, bb2, i2) and
+  v = def.getSourceVariable()
+}
+
+pragma[noinline]
+private predicate adjacentDefReadExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2,
+  SsaInput::SourceVariable v
+) {
+  Impl::adjacentDefReadExt(def, _, bb1, i1, bb2, i2) and
   v = def.getSourceVariable()
 }
 
@@ -220,7 +246,23 @@ private predicate adjacentDefReachesRead(
   exists(SsaInput::BasicBlock bb3, int i3 |
     adjacentDefReachesRead(def, bb1, i1, bb3, i3) and
     SsaInput::variableRead(bb3, i3, _, false) and
-    adjacentDefRead(def, bb3, i3, bb2, i2)
+    Impl::adjacentDefRead(def, bb3, i3, bb2, i2)
+  )
+}
+
+private predicate adjacentDefReachesReadExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+) {
+  exists(SsaInput::SourceVariable v | adjacentDefReadExt(def, bb1, i1, bb2, i2, v) |
+    def.definesAt(v, bb1, i1, _)
+    or
+    SsaInput::variableRead(bb1, i1, v, true)
+  )
+  or
+  exists(SsaInput::BasicBlock bb3, int i3 |
+    adjacentDefReachesReadExt(def, bb1, i1, bb3, i3) and
+    SsaInput::variableRead(bb3, i3, _, false) and
+    Impl::adjacentDefReadExt(def, _, bb3, i3, bb2, i2)
   )
 }
 
@@ -233,22 +275,31 @@ private predicate adjacentDefSkipUncertainReads(
   SsaInput::variableRead(bb2, i2, _, true)
 }
 
-private predicate adjacentDefReachesUncertainRead(
-  Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+/** Same as `adjacentDefReadExt`, but skips uncertain reads. */
+pragma[nomagic]
+private predicate adjacentDefSkipUncertainReadsExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
 ) {
-  adjacentDefReachesRead(def, bb1, i1, bb2, i2) and
+  adjacentDefReachesReadExt(def, bb1, i1, bb2, i2) and
+  SsaInput::variableRead(bb2, i2, _, true)
+}
+
+private predicate adjacentDefReachesUncertainReadExt(
+  DefinitionExt def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
+) {
+  adjacentDefReachesReadExt(def, bb1, i1, bb2, i2) and
   SsaInput::variableRead(bb2, i2, _, false)
 }
 
 /** Same as `lastRefRedef`, but skips uncertain reads. */
 pragma[nomagic]
-private predicate lastRefSkipUncertainReads(Definition def, SsaInput::BasicBlock bb, int i) {
-  lastRef(def, bb, i) and
+private predicate lastRefSkipUncertainReadsExt(DefinitionExt def, SsaInput::BasicBlock bb, int i) {
+  Impl::lastRef(def, bb, i) and
   not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
   or
   exists(SsaInput::BasicBlock bb0, int i0 |
-    lastRef(def, bb0, i0) and
-    adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
+    Impl::lastRef(def, bb0, i0) and
+    adjacentDefReachesUncertainReadExt(def, bb, i, bb0, i0)
   )
 }
 
@@ -304,7 +355,7 @@ private module Cached {
   cached
   VariableReadAccessCfgNode getARead(Definition def) {
     exists(LocalVariable v, Cfg::BasicBlock bb, int i |
-      ssaDefReachesRead(v, def, bb, i) and
+      Impl::ssaDefReachesRead(v, def, bb, i) and
       variableReadActual(bb, i, v) and
       result = bb.getNode(i)
     )
@@ -315,7 +366,7 @@ private module Cached {
     Definition def, CallCfgNode call, LocalVariable v, Cfg::CfgScope scope
   ) {
     exists(Cfg::BasicBlock bb, int i |
-      ssaDefReachesRead(v, def, bb, i) and
+      Impl::ssaDefReachesRead(v, def, bb, i) and
       capturedCallRead(call, bb, i, v) and
       scope.getOuterCfgScope() = bb.getScope()
     )
@@ -360,7 +411,7 @@ private module Cached {
     Definition def, LocalVariable v, Cfg::CfgScope scope
   ) {
     exists(Cfg::BasicBlock bb, int i |
-      ssaDefReachesRead(v, def, bb, i) and
+      Impl::ssaDefReachesRead(v, def, bb, i) and
       capturedExitRead(bb, i, v) and
       scope = bb.getScope().getOuterCfgScope*()
     )
@@ -403,7 +454,7 @@ private module Cached {
 
   cached
   Definition phiHasInputFromBlock(PhiNode phi, Cfg::BasicBlock bb) {
-    phiHasInputFromBlock(phi, result, bb)
+    Impl::phiHasInputFromBlock(phi, result, bb)
   }
 
   /**
@@ -419,6 +470,19 @@ private module Cached {
     )
   }
 
+  /**
+   * Holds if the value defined at SSA definition `def` can reach a read at `read`,
+   * without passing through any other non-pseudo read.
+   */
+  cached
+  predicate firstReadExt(DefinitionExt def, VariableReadAccessCfgNode read) {
+    exists(Cfg::BasicBlock bb1, int i1, Cfg::BasicBlock bb2, int i2 |
+      def.definesAt(_, bb1, i1, _) and
+      adjacentDefSkipUncertainReadsExt(def, bb1, i1, bb2, i2) and
+      read = bb2.getNode(i2)
+    )
+  }
+
   /**
    * Holds if the read at `read2` is a read of the same SSA definition `def`
    * as the read at `read1`, and `read2` can be reached from `read1` without
@@ -436,6 +500,23 @@ private module Cached {
     )
   }
 
+  /**
+   * Holds if the read at `read2` is a read of the same SSA definition `def`
+   * as the read at `read1`, and `read2` can be reached from `read1` without
+   * passing through another non-pseudo read.
+   */
+  cached
+  predicate adjacentReadPairExt(
+    DefinitionExt def, VariableReadAccessCfgNode read1, VariableReadAccessCfgNode read2
+  ) {
+    exists(Cfg::BasicBlock bb1, int i1, Cfg::BasicBlock bb2, int i2 |
+      read1 = bb1.getNode(i1) and
+      variableReadActual(bb1, i1, _) and
+      adjacentDefSkipUncertainReadsExt(def, bb1, i1, bb2, i2) and
+      read2 = bb2.getNode(i2)
+    )
+  }
+
   /**
    * Holds if the read of `def` at `read` may be a last read. That is, `read`
    * can either reach another definition of the underlying source variable or
@@ -444,7 +525,7 @@ private module Cached {
   cached
   predicate lastRead(Definition def, VariableReadAccessCfgNode read) {
     exists(Cfg::BasicBlock bb, int i |
-      lastRefSkipUncertainReads(def, bb, i) and
+      lastRefSkipUncertainReadsExt(def, bb, i) and
       variableReadActual(bb, i, _) and
       read = bb.getNode(i)
     )
@@ -458,20 +539,48 @@ private module Cached {
    * The reference is either a read of `def` or `def` itself.
    */
   cached
-  predicate lastRefBeforeRedef(Definition def, Cfg::BasicBlock bb, int i, Definition next) {
-    lastRefRedef(def, bb, i, next) and
-    not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
+  predicate lastRefBeforeRedefExt(DefinitionExt def, Cfg::BasicBlock bb, int i, DefinitionExt next) {
+    exists(LocalVariable v |
+      Impl::lastRefRedefExt(def, v, bb, i, next) and
+      not SsaInput::variableRead(bb, i, v, false)
+    )
     or
     exists(SsaInput::BasicBlock bb0, int i0 |
-      lastRefRedef(def, bb0, i0, next) and
-      adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
+      Impl::lastRefRedefExt(def, _, bb0, i0, next) and
+      adjacentDefReachesUncertainReadExt(def, bb, i, bb0, i0)
     )
   }
 
   cached
   Definition uncertainWriteDefinitionInput(UncertainWriteDefinition def) {
-    uncertainWriteDefinitionInput(def, result)
+    Impl::uncertainWriteDefinitionInput(def, result)
   }
 }
 
 import Cached
+
+/**
+ * An extended static single assignment (SSA) definition.
+ *
+ * This is either a normal SSA definition (`Definition`) or a
+ * phi-read node (`PhiReadNode`).
+ *
+ * Only intended for internal use.
+ */
+class DefinitionExt extends Impl::DefinitionExt {
+  override string toString() { result = this.(Ssa::Definition).toString() }
+
+  /** Gets the location of this definition. */
+  Location getLocation() { result = this.(Ssa::Definition).getLocation() }
+}
+
+/**
+ * A phi-read node.
+ *
+ * Only intended for internal use.
+ */
+class PhiReadNode extends DefinitionExt, Impl::PhiReadNode {
+  override string toString() { result = "SSA phi read(" + this.getSourceVariable() + ")" }
+
+  override Location getLocation() { result = this.getBasicBlock().getLocation() }
+}
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
index 7c4e85dba28..c89a629e198 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
@@ -4,6 +4,7 @@ private import TaintTrackingPublic
 private import codeql.ruby.CFG
 private import codeql.ruby.DataFlow
 private import FlowSummaryImpl as FlowSummaryImpl
+private import codeql.ruby.dataflow.SSA
 
 /**
  * Holds if `node` should be a sanitizer in all global taint flow configurations
@@ -62,6 +63,8 @@ private CfgNodes::ExprNodes::VariableWriteAccessCfgNode variablesInPattern(
 
 cached
 private module Cached {
+  private import codeql.ruby.dataflow.FlowSteps as FlowSteps
+
   cached
   predicate forceCachingInSameStage() { any() }
 
@@ -75,7 +78,7 @@ private module Cached {
     exists(CfgNodes::ExprNodes::CaseExprCfgNode case, CfgNodes::ExprNodes::InClauseCfgNode clause |
       nodeFrom.asExpr() = case.getValue() and
       clause = case.getBranch(_) and
-      nodeTo.(SsaDefinitionNode).getDefinition().getControlFlowNode() =
+      nodeTo.(SsaDefinitionExtNode).getDefinitionExt().(Ssa::Definition).getControlFlowNode() =
         variablesInPattern(clause.getPattern())
     )
     or
@@ -93,12 +96,10 @@ private module Cached {
         )
     )
     or
-    // string interpolation of `nodeFrom` into `nodeTo`
-    nodeFrom.asExpr() =
-      nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent()
-    or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
     or
+    any(FlowSteps::AdditionalTaintStep s).step(nodeFrom, nodeTo)
+    or
     // Although flow through collections is modeled precisely using stores/reads, we still
     // allow flow out of a _tainted_ collection. This is needed in order to support taint-
     // tracking configurations where the source is a collection.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionCable.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionCable.qll
index e306b7d2b99..a586abc977c 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActionCable.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionCable.qll
@@ -6,6 +6,8 @@
 private import codeql.ruby.AST
 private import codeql.ruby.Concepts
 private import codeql.ruby.ApiGraphs
+private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.frameworks.stdlib.Logger::Logger as StdlibLogger
 
 /**
@@ -26,4 +28,36 @@ module ActionCable {
       }
     }
   }
+
+  private DataFlow::ConstRef getActionCableChannelBase() {
+    result = DataFlow::getConstant("ActionCable").getConstant("Channel").getConstant("Base")
+  }
+
+  /**
+   * The data argument in an RPC endpoint method on a subclass of
+   * `ActionCable::Channel::Base`, considered as a remote flow source.
+   */
+  class ActionCableChannelRpcParam extends RemoteFlowSource::Range {
+    ActionCableChannelRpcParam() {
+      exists(DataFlow::MethodNode m |
+        // Any method on a subclass of `ActionCable::Channel::Base`
+        // automatically becomes an RPC endpoint
+        m = getActionCableChannelBase().getADescendentModule().getAnInstanceMethod() and
+        // as long as it's not an instance method of
+        // `ActionCable::Channel::Base` itself, which might exist in the
+        // database
+        not m = getActionCableChannelBase().asModule().getAnInstanceMethod() and
+        // and as long as it's public
+        m.isPublic() and
+        // and is not called `subscribed` or `unsubscribed`.
+        not m.getMethodName() = ["subscribed", "unsubscribed"]
+      |
+        // If the method takes a parameter, it contains data from the remote
+        // request.
+        this = m.getParameter(0)
+      )
+    }
+
+    override string getSourceType() { result = "ActionCable channel RPC data" }
+  }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
index 7b6db787732..2f7841befb8 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -12,6 +12,7 @@ private import codeql.ruby.frameworks.ActionDispatch
 private import codeql.ruby.frameworks.ActionView
 private import codeql.ruby.frameworks.Rails
 private import codeql.ruby.frameworks.internal.Rails
+private import codeql.ruby.dataflow.internal.DataFlowDispatch
 
 /**
  * DEPRECATED: Import `codeql.ruby.frameworks.Rails` and use `Rails::ParamsCall` instead.
@@ -295,7 +296,7 @@ private module Request {
 
   /** A method call on `request` which returns the request body. */
   private class BodyCall extends RequestInputAccess {
-    BodyCall() { this.getMethodName() = ["body", "raw_post"] }
+    BodyCall() { this.getMethodName() = ["body", "raw_post", "body_stream"] }
 
     override Http::Server::RequestInputKind getKind() { result = Http::Server::bodyInputKind() }
   }
@@ -538,12 +539,34 @@ private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetti
 /**
  * A call to `send_file`, which sends the file at the given path to the client.
  */
-private class SendFile extends FileSystemAccess::Range, DataFlow::CallNode {
+private class SendFile extends FileSystemAccess::Range, Http::Server::HttpResponse::Range,
+  DataFlow::CallNode {
   SendFile() {
     this = [actionControllerInstance(), Response::response()].getAMethodCall("send_file")
   }
 
   override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
+
+  override DataFlow::Node getBody() { result = this.getArgument(0) }
+
+  override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
+
+  override string getMimetypeDefault() { result = "application/octet-stream" }
+}
+
+/**
+ * A call to `send_data`, which sends the given data to the client.
+ */
+class SendDataCall extends DataFlow::CallNode, Http::Server::HttpResponse::Range {
+  SendDataCall() {
+    this = [actionControllerInstance(), Response::response()].getAMethodCall("send_data")
+  }
+
+  override DataFlow::Node getBody() { result = this.getArgument(0) }
+
+  override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
+
+  override string getMimetypeDefault() { result = "application/octet-stream" }
 }
 
 private module ParamsSummaries {
@@ -733,3 +756,28 @@ private module Response {
     override DataFlow::Node getValue() { result = this.getArgument(0) }
   }
 }
+
+private class ActionControllerLoggerInstance extends DataFlow::Node {
+  ActionControllerLoggerInstance() {
+    this = actionControllerInstance().getAMethodCall("logger")
+    or
+    any(ActionControllerLoggerInstance i).(DataFlow::LocalSourceNode).flowsTo(this)
+  }
+}
+
+private class ActionControllerLoggingCall extends DataFlow::CallNode, Logging::Range {
+  ActionControllerLoggingCall() {
+    this.getReceiver() instanceof ActionControllerLoggerInstance and
+    this.getMethodName() = ["debug", "error", "fatal", "info", "unknown", "warn"]
+  }
+
+  // Note: this is identical to the definition `stdlib.Logger.LoggerInfoStyleCall`.
+  override DataFlow::Node getAnInput() {
+    // `msg` from `Logger#info(msg)`,
+    // or `progname` from `Logger#info(progname) <block>`
+    result = this.getArgument(0)
+    or
+    // a return value from the block in `Logger#info(progname) <block>`
+    exprNodeReturnedFrom(result, this.getBlock().asExpr().getExpr())
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll
index e9ff9d5c86a..cc898abe034 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionDispatch.qll
@@ -21,23 +21,21 @@ module ActionDispatch {
    */
   private class MimeTypeTypeSummary extends ModelInput::TypeModelCsv {
     override predicate row(string row) {
-      // package1;type1;package2;type2;path
+      // type1;type2;path
       row =
         [
           // Mime[type] : Mime::Type (omitted)
           // Method names with brackets like [] cannot be represented in MaD.
           // Mime.fetch(type) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Method[fetch].ReturnValue",
-          // Mime::Type.new(str) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Instance",
+          "Mime::Type;Mime!;Method[fetch].ReturnValue",
           // Mime::Type.lookup(str) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[lookup].ReturnValue",
+          "Mime::Type;Mime::Type!;Method[lookup].ReturnValue",
           // Mime::Type.lookup_by_extension(str) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[lookup_by_extension].ReturnValue",
+          "Mime::Type;Mime::Type!;Method[lookup_by_extension].ReturnValue",
           // Mime::Type.register(str) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[register].ReturnValue",
+          "Mime::Type;Mime::Type!;Method[register].ReturnValue",
           // Mime::Type.register_alias(str) : Mime::Type
-          "actiondispatch;Mime::Type;;;Member[Mime].Member[Type].Method[register_alias].ReturnValue",
+          "Mime::Type;Mime::Type!;Method[register_alias].ReturnValue",
         ]
     }
   }
@@ -48,10 +46,7 @@ module ActionDispatch {
    */
   class MimeTypeMatchRegExpInterpretation extends RE::RegExpInterpretation::Range {
     MimeTypeMatchRegExpInterpretation() {
-      this =
-        ModelOutput::getATypeNode("actiondispatch", "Mime::Type")
-            .getAMethodCall(["match?", "=~"])
-            .getArgument(0)
+      this = ModelOutput::getATypeNode("Mime::Type").getAMethodCall(["match?", "=~"]).getArgument(0)
     }
   }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionMailbox.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionMailbox.qll
new file mode 100644
index 00000000000..13607f67926
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionMailbox.qll
@@ -0,0 +1,54 @@
+/**
+ * Models the `ActionMailbox` library, which is part of Rails.
+ * Version: 7.0.4.
+ */
+
+private import codeql.ruby.AST
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.RemoteFlowSources
+
+/**
+ * Models the `ActionMailbox` library, which is part of Rails.
+ * Version: 7.0.4.
+ */
+module ActionMailbox {
+  private DataFlow::ClassNode controller() {
+    result = DataFlow::getConstant("ActionMailbox").getConstant("Base").getADescendentModule()
+  }
+
+  /**
+   * A call to `mail` on the return value of
+   * `ActionMailbox::Base#inbound_email`, or a direct call to
+   * `ActionMailbox::Base#mail`, which is equivalent. The returned object
+   * contains data from the incoming email.
+   */
+  class Mail extends DataFlow::CallNode {
+    Mail() {
+      this =
+        [
+          controller().getAnInstanceSelf().getAMethodCall("inbound_email").getAMethodCall("mail"),
+          controller().getAnInstanceSelf().getAMethodCall("mail")
+        ]
+    }
+  }
+
+  /**
+   * A method call on a `Mail::Message` object which may return data from a remote source.
+   */
+  private class RemoteContent extends DataFlow::CallNode, RemoteFlowSource::Range {
+    RemoteContent() {
+      this =
+        any(Mail m)
+            .(DataFlow::LocalSourceNode)
+            .getAMethodCall([
+                "body", "to", "from", "raw_source", "subject", "from_address",
+                "recipients_addresses", "cc_addresses", "bcc_addresses", "in_reply_to",
+                "references", "reply_to", "raw_envelope", "to_s", "encoded", "header", "bcc", "cc",
+                "text_part", "html_part"
+              ])
+    }
+
+    override string getSourceType() { result = "ActionMailbox" }
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
index 389ac9ee64d..0a10f53f0eb 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveStorage.qll
@@ -31,8 +31,8 @@ module ActiveStorage {
     override predicate row(string row) {
       row =
         [
-          "activestorage;;Member[ActiveStorage].Member[Filename].Method[new];Argument[0];ReturnValue;taint",
-          "activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized];Argument[self];ReturnValue;taint",
+          "ActiveStorage::Filename!;Method[new];Argument[0];ReturnValue;taint",
+          "ActiveStorage::Filename;Method[sanitized];Argument[self];ReturnValue;taint",
         ]
     }
   }
@@ -45,25 +45,23 @@ module ActiveStorage {
       // package1;type1;package2;type2;path
       row =
         [
-          // ActiveStorage::Blob.new : Blob
-          "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Instance",
           // ActiveStorage::Blob.create_and_upload! : Blob
-          "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Method[create_and_upload!].ReturnValue",
+          "ActiveStorage::Blob;ActiveStorage::Blob!;Method[create_and_upload!].ReturnValue",
           // ActiveStorage::Blob.create_before_direct_upload! : Blob
-          "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Method[create_before_direct_upload!].ReturnValue",
+          "ActiveStorage::Blob;ActiveStorage::Blob!;Method[create_before_direct_upload!].ReturnValue",
           // ActiveStorage::Blob.compose(blobs : [Blob]) : Blob
-          "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Method[compose].ReturnValue",
+          "ActiveStorage::Blob;ActiveStorage::Blob!;Method[compose].ReturnValue",
           // gives error: Invalid name 'Element' in access path
-          // "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Method[compose].Argument[0].Element[any]",
+          // "ActiveStorage::Blob;ActiveStorage::Blob!;Method[compose].Argument[0].Element[any]",
           // ActiveStorage::Blob.find_signed(!) : Blob
-          "activestorage;Blob;activestorage;;Member[ActiveStorage].Member[Blob].Method[find_signed,find_signed!].ReturnValue",
+          "ActiveStorage::Blob;ActiveStorage::Blob!;Method[find_signed,find_signed!].ReturnValue",
         ]
     }
   }
 
   private class BlobInstance extends DataFlow::Node {
     BlobInstance() {
-      this = ModelOutput::getATypeNode("activestorage", "Blob").getAValueReachableFromSource()
+      this = ModelOutput::getATypeNode("ActiveStorage::Blob").getAValueReachableFromSource()
       or
       // ActiveStorage::Attachment#blob : Blob
       exists(DataFlow::CallNode call |
@@ -168,7 +166,7 @@ module ActiveStorage {
    * A call on an ActiveStorage object that results in an image transformation.
    * Arguments to these calls may be executed as system commands.
    */
-  private class ImageProcessingCall extends DataFlow::CallNode, SystemCommandExecution::Range {
+  private class ImageProcessingCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     ImageProcessingCall() {
       this.getReceiver() instanceof BlobInstance and
       this.getMethodName() = ["variant", "preview", "representation"]
@@ -209,7 +207,7 @@ module ActiveStorage {
       this = API::getTopLevelMember("ActiveStorage").getAMethodCall("video_preview_arguments=")
     }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument(0) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(0) }
   }
 
   /**
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
index 47742531e30..441c75a81f4 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
@@ -104,6 +104,17 @@ module ActiveSupport {
 
         override predicate runsArbitraryCode() { none() }
       }
+
+      /** Flow summary for `Object#to_json`, which serializes the receiver as a JSON string. */
+      private class ToJsonSummary extends SimpleSummarizedCallable {
+        ToJsonSummary() { this = "to_json" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = ["Argument[self]", "Argument[self].Element[any]"] and
+          output = "ReturnValue" and
+          preservesValue = false
+        }
+      }
     }
 
     /**
@@ -284,7 +295,153 @@ module ActiveSupport {
           preservesValue = true
         }
       }
-      // TODO: index_by, index_with, pick, pluck (they require Hash dataflow)
+
+      private class IndexBySummary extends SimpleSummarizedCallable {
+        IndexBySummary() { this = "index_by" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = ["Argument[block].Parameter[0]", "ReturnValue.Element[?]"] and
+          preservesValue = true
+        }
+      }
+
+      private class IndexWithSummary extends SimpleSummarizedCallable {
+        IndexWithSummary() { this = "index_with" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any]" and
+          output = "Argument[block].Parameter[0]" and
+          preservesValue = true
+          or
+          input = ["Argument[0]", "Argument[block].ReturnValue"] and
+          output = "ReturnValue.Element[?]" and
+          preservesValue = true
+        }
+      }
+
+      private string getKeyArgument(MethodCall mc, int i) {
+        mc.getMethodName() = ["pick", "pluck"] and
+        result = DataFlow::Content::getKnownElementIndex(mc.getArgument(i)).serialize()
+      }
+
+      private class PickSingleSummary extends SummarizedCallable {
+        private MethodCall mc;
+        private string key;
+
+        PickSingleSummary() {
+          key = getKeyArgument(mc, 0) and
+          this = "Enumerable.pick(" + key + ")" and
+          mc.getMethodName() = "pick" and
+          mc.getNumberOfArguments() = 1
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[0].Element[" + key + "]" and
+          output = "ReturnValue" and
+          preservesValue = true
+        }
+      }
+
+      private class PickMultipleSummary extends SummarizedCallable {
+        private MethodCall mc;
+
+        PickMultipleSummary() {
+          mc.getMethodName() = "pick" and
+          mc.getNumberOfArguments() > 1 and
+          exists(int maxKey |
+            maxKey = max(int j | exists(getKeyArgument(mc, j))) and
+            this =
+              "Enumerable.pick(" +
+                concat(int i, string key |
+                  key = getKeyArgument(mc, i)
+                  or
+                  key = "_" and
+                  not exists(getKeyArgument(mc, i)) and
+                  i in [0 .. maxKey]
+                |
+                  key, "," order by i
+                ) + ")"
+          )
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          exists(string s, int i |
+            s = getKeyArgument(mc, i) and
+            input = "Argument[self].Element[0].Element[" + s + "]" and
+            output = "ReturnValue.Element[" + i + "]"
+          ) and
+          preservesValue = true
+        }
+      }
+
+      private class PluckSingleSummary extends SummarizedCallable {
+        private MethodCall mc;
+        private string key;
+
+        PluckSingleSummary() {
+          key = getKeyArgument(mc, 0) and
+          this = "Enumerable.pluck(" + key + ")" and
+          mc.getMethodName() = "pluck" and
+          mc.getNumberOfArguments() = 1
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[any].Element[" + key + "]" and
+          output = "ReturnValue.Element[any]" and
+          preservesValue = true
+        }
+      }
+
+      private class PluckMultipleSummary extends SummarizedCallable {
+        private MethodCall mc;
+
+        PluckMultipleSummary() {
+          mc.getMethodName() = "pluck" and
+          mc.getNumberOfArguments() > 1 and
+          exists(int maxKey |
+            maxKey = max(int j | exists(getKeyArgument(mc, j))) and
+            this =
+              "Enumerable.pluck(" +
+                concat(int i, string key |
+                  key = getKeyArgument(mc, i)
+                  or
+                  key = "_" and
+                  not exists(getKeyArgument(mc, i)) and
+                  i in [0 .. maxKey]
+                |
+                  key, "," order by i
+                ) + ")"
+          )
+        }
+
+        override MethodCall getACall() { result = mc }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          exists(string s, int i |
+            s = getKeyArgument(mc, i) and
+            input = "Argument[self].Element[any].Element[" + s + "]" and
+            output = "ReturnValue.Element[?].Element[" + i + "]"
+          ) and
+          preservesValue = true
+        }
+      }
+
+      private class SoleSummary extends SimpleSummarizedCallable {
+        SoleSummary() { this = "sole" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[self].Element[0]" and
+          output = "ReturnValue" and
+          preservesValue = true
+        }
+      }
     }
   }
 
@@ -302,14 +459,34 @@ module ActiveSupport {
     }
   }
 
+  /**
+   * `ActiveSupport::ERB`
+   */
+  module Erb {
+    /**
+     * `ActiveSupport::ERB::Util`
+     */
+    module Util {
+      private class JsonEscapeSummary extends SimpleSummarizedCallable {
+        JsonEscapeSummary() { this = "json_escape" }
+
+        override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+          input = "Argument[0]" and
+          output = "ReturnValue" and
+          preservesValue = false
+        }
+      }
+    }
+  }
+
   /**
    * Type summaries for extensions to the `Pathname` module.
    */
   private class PathnameTypeSummary extends ModelInput::TypeModelCsv {
     override predicate row(string row) {
-      // package1;type1;package2;type2;path
+      // type1;type2;path
       // Pathname#existence : Pathname
-      row = ";Pathname;;Pathname;Method[existence].ReturnValue"
+      row = "Pathname;Pathname;Method[existence].ReturnValue"
     }
   }
 
@@ -317,7 +494,7 @@ module ActiveSupport {
   private class PathnameTaintSummary extends ModelInput::SummaryModelCsv {
     override predicate row(string row) {
       // Pathname#existence
-      row = ";Pathname;Method[existence];Argument[self];ReturnValue;taint"
+      row = "Pathname;Method[existence];Argument[self];ReturnValue;taint"
     }
   }
 
@@ -335,13 +512,26 @@ module ActiveSupport {
       row =
         [
           // SafeBuffer.new(x) does not sanitize x
-          "activesupport;;Member[ActionView].Member[SafeBuffer].Method[new];Argument[0];ReturnValue;taint",
+          "ActionView::SafeBuffer!;Method[new];Argument[0];ReturnValue;taint",
           // SafeBuffer#safe_concat(x) does not sanitize x
-          "activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat];Argument[0];ReturnValue;taint",
-          "activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat];Argument[0];Argument[self];taint",
+          "ActionView::SafeBuffer;Method[safe_concat];Argument[0];ReturnValue;taint",
+          "ActionView::SafeBuffer;Method[safe_concat];Argument[0];Argument[self];taint",
           // These methods preserve taint in self
-          "activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param];Argument[self];ReturnValue;taint",
+          "ActionView::SafeBuffer;Method[concat,insert,prepend,to_s,to_param];Argument[self];ReturnValue;taint",
         ]
     }
   }
+
+  /** `ActiveSupport::JSON` */
+  module Json {
+    private class JsonSummary extends ModelInput::SummaryModelCsv {
+      override predicate row(string row) {
+        row =
+          [
+            "ActiveSupport::JSON!;Method[encode,dump];Argument[0];ReturnValue;taint",
+            "ActiveSupport::JSON!;Method[decode,load];Argument[0];ReturnValue;taint",
+          ]
+      }
+    }
+  }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll b/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
index 9fa17f4e5a5..f57fa41c740 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
@@ -6,6 +6,7 @@
 
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.dataflow.FlowSummary
+private import codeql.ruby.Concepts
 
 /**
  * Provides modeling for Arel, a low level SQL library that powers ActiveRecord.
@@ -28,4 +29,14 @@ module Arel {
       input = "Argument[0]" and output = "ReturnValue" and preservesValue = false
     }
   }
+
+  /** A call to `Arel.sql`, considered as a SQL construction. */
+  private class ArelSqlConstruction extends SqlConstruction::Range, DataFlow::CallNode {
+    ArelSqlConstruction() {
+      this = DataFlow::getConstant("Arel").getAMethodCall() and
+      this.getMethodName() = "sql"
+    }
+
+    override DataFlow::Node getSql() { result = this.getArgument(0) }
+  }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Files.qll b/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
index cf2018d39c9..2da8accc190 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Files.qll
@@ -133,7 +133,7 @@ module File {
     }
 
     override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-      input = "Argument[0..]" and
+      input = "Argument[0,1..]" and
       output = "ReturnValue" and
       preservesValue = false
     }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/GlobalId.qll b/ruby/ql/lib/codeql/ruby/frameworks/GlobalId.qll
new file mode 100644
index 00000000000..cb3a8abfd20
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/GlobalId.qll
@@ -0,0 +1,125 @@
+/**
+ * Provides modeling for `GlobalID`, a library for identifying model instances by URI.
+ * Version: 1.0.0
+ * https://github.com/rails/globalid
+ */
+
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+private import codeql.ruby.frameworks.ActiveRecord
+
+/**
+ * Provides modeling for `GlobalID`, a library for identifying model instances by URI.
+ * Version: 1.0.0
+ * https://github.com/rails/globalid
+ */
+module GlobalId {
+  /** A call to `GlobalID::parse` */
+  class ParseCall extends DataFlow::CallNode {
+    ParseCall() { this = API::getTopLevelMember("GlobalID").getAMethodCall("parse") }
+  }
+
+  /** A call to `GlobalID::find` */
+  class FindCall extends DataFlow::CallNode, OrmInstantiation::Range {
+    FindCall() { this = API::getTopLevelMember("GlobalID").getAMethodCall("find") }
+
+    override predicate methodCallMayAccessField(string methodName) { none() }
+  }
+
+  /** `GlobalID::Locator` */
+  module Locator {
+    /** A call to `GlobalID::Locator.locate` */
+    class LocateCall extends DataFlow::CallNode, OrmInstantiation::Range {
+      LocateCall() {
+        this = API::getTopLevelMember("GlobalID").getMember("Locator").getAMethodCall("locate")
+      }
+
+      override predicate methodCallMayAccessField(string methodName) { none() }
+    }
+
+    /** A call to `GlobalID::Locator.locate_signed` */
+    class LocateSignedCall extends DataFlow::CallNode, OrmInstantiation::Range {
+      LocateSignedCall() {
+        this =
+          API::getTopLevelMember("GlobalID").getMember("Locator").getAMethodCall("locate_signed")
+      }
+
+      override predicate methodCallMayAccessField(string methodName) { none() }
+    }
+
+    /** A call to `GlobalID::Locator.locate_many` */
+    class LocateManyCall extends DataFlow::CallNode, OrmInstantiation::Range {
+      LocateManyCall() {
+        this = API::getTopLevelMember("GlobalID").getMember("Locator").getAMethodCall("locate_many")
+      }
+
+      override predicate methodCallMayAccessField(string methodName) { none() }
+    }
+
+    /** A call to `GlobalID::Locator.locate_many_signed` */
+    class LocateManySignedCall extends DataFlow::CallNode, OrmInstantiation::Range {
+      LocateManySignedCall() {
+        this =
+          API::getTopLevelMember("GlobalID")
+              .getMember("Locator")
+              .getAMethodCall("locate_many_signed")
+      }
+
+      override predicate methodCallMayAccessField(string methodName) { none() }
+    }
+  }
+
+  /** `GlobalID::Identification` */
+  module Identification {
+    /** A `DataFlow::CallNode` against an instance of a class that includes the `GlobalID::Identification` module */
+    private class IdentificationInstanceCall extends DataFlow::CallNode {
+      IdentificationInstanceCall() {
+        this =
+          DataFlow::getConstant("GlobalID")
+              .getConstant("Identification")
+              .getADescendentModule()
+              .getAnImmediateReference()
+              .getAMethodCall(["new", "find"])
+              .getAMethodCall()
+        or
+        this instanceof ActiveRecordInstanceMethodCall
+      }
+    }
+
+    /** A call to `GlobalID::Identification.to_global_id` */
+    class ToGlobalIdCall extends IdentificationInstanceCall {
+      ToGlobalIdCall() { this.getMethodName() = ["to_global_id", "to_gid"] }
+    }
+
+    /** A call to `GlobalID::Identification.to_gid_param` */
+    class ToGidParamCall extends DataFlow::CallNode {
+      ToGidParamCall() { this.getMethodName() = "to_gid_param" }
+    }
+
+    /** A call to `GlobalID::Identification.to_signed_global_id` */
+    class ToSignedGlobalIdCall extends DataFlow::CallNode {
+      ToSignedGlobalIdCall() { this.getMethodName() = ["to_signed_global_id", "to_sgid"] }
+    }
+
+    /** A call to `GlobalID::Identification.to_sgid_param` */
+    class ToSgidParamCall extends DataFlow::CallNode {
+      ToSgidParamCall() { this.getMethodName() = "to_sgid_param" }
+    }
+  }
+}
+
+/** Provides modeling for `SignedGlobalID`, a module of the `rails/globalid` library. */
+module SignedGlobalId {
+  /** A call to `SignedGlobalID::parse` */
+  class ParseCall extends DataFlow::CallNode {
+    ParseCall() { this = API::getTopLevelMember("SignedGlobalID").getAMethodCall("parse") }
+  }
+
+  /** A call to `SignedGlobalID::find` */
+  class FindCall extends DataFlow::CallNode, OrmInstantiation::Range {
+    FindCall() { this = API::getTopLevelMember("SignedGlobalID").getAMethodCall("find") }
+
+    override predicate methodCallMayAccessField(string methodName) { none() }
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Json.qll b/ruby/ql/lib/codeql/ruby/frameworks/Json.qll
new file mode 100644
index 00000000000..353d28c34bb
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Json.qll
@@ -0,0 +1,22 @@
+/** Provides modeling for the `json` gem. */
+
+private import codeql.ruby.frameworks.data.ModelsAsData
+
+/** Provides modeling for the `json` gem. */
+module Json {
+  /**
+   * Flow summaries for common `JSON` methods.
+   * Not all of these methods are strictly defined in the `json` gem.
+   * The `JSON` namespace is heavily overloaded by other JSON parsing gems such as `oj`, `json_pure`, `multi_json` etc.
+   * This summary covers common methods we've seen called on `JSON` in the wild.
+   */
+  private class JsonSummary extends ModelInput::SummaryModelCsv {
+    override predicate row(string row) {
+      row =
+        [
+          "JSON!;Method[parse,parse!,load,restore];Argument[0];ReturnValue;taint",
+          "JSON!;Method[generate,fast_generate,pretty_generate,dump,unparse,fast_unparse];Argument[0];ReturnValue;taint",
+        ]
+    }
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll b/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
index 6c4d2ab1a47..92b6eb0fe71 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/PosixSpawn.qll
@@ -20,7 +20,7 @@ module PosixSpawn {
   /**
    * A call to `POSIX::Spawn::Child.new` or `POSIX::Spawn::Child.build`.
    */
-  class ChildCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+  class ChildCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     ChildCall() {
       this =
         [
@@ -30,7 +30,7 @@ module PosixSpawn {
     }
 
     override DataFlow::Node getAnArgument() {
-      result = this.getArgument(_) and not result.asExpr() instanceof ExprNodes::PairCfgNode
+      result = super.getArgument(_) and not result.asExpr() instanceof ExprNodes::PairCfgNode
     }
 
     override predicate isShellInterpreted(DataFlow::Node arg) { none() }
@@ -39,7 +39,7 @@ module PosixSpawn {
   /**
    * A call to `POSIX::Spawn.spawn` or a related method.
    */
-  class SystemCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+  class SystemCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     SystemCall() {
       this =
         posixSpawnModule()
@@ -71,7 +71,7 @@ module PosixSpawn {
     }
 
     private predicate argument(DataFlow::Node arg) {
-      arg = this.getArgument(_) and
+      arg = super.getArgument(_) and
       not arg.asExpr() instanceof ExprNodes::HashLiteralCfgNode and
       not arg.asExpr() instanceof ExprNodes::ArrayLiteralCfgNode and
       not arg.asExpr() instanceof ExprNodes::PairCfgNode
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll b/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
index fdcd3a0e1a8..509f72cafb9 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/Railties.qll
@@ -27,12 +27,12 @@ module Railties {
    * A call to `Rails::Generators::Actions#execute_command`.
    * This method concatenates its first and second arguments and executes the result as a shell command.
    */
-  private class ExecuteCommandCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+  private class ExecuteCommandCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     ExecuteCommandCall() {
       this = generatorsActionsClass().getAnInstanceSelf().getAMethodCall("execute_command")
     }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument([0, 1]) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument([0, 1]) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
   }
@@ -40,7 +40,7 @@ module Railties {
   /**
    * A call to a method in `Rails::Generators::Actions` which delegates to `execute_command`.
    */
-  private class ExecuteCommandWrapperCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+  private class ExecuteCommandWrapperCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     ExecuteCommandWrapperCall() {
       this =
         generatorsActionsClass()
@@ -48,7 +48,7 @@ module Railties {
             .getAMethodCall(["rake", "rails_command", "git"])
     }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument(0) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(0) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getAnArgument() }
   }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll b/ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll
new file mode 100644
index 00000000000..479507dd0e6
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/StringFormatters.qll
@@ -0,0 +1,135 @@
+/**
+ * Provides classes for modeling string formatting libraries.
+ */
+
+private import codeql.ruby.AST as Ast
+private import codeql.ruby.DataFlow
+private import codeql.ruby.ApiGraphs
+private import codeql.ruby.frameworks.core.IO
+
+/**
+ * A call to `printf` or `sprintf`.
+ */
+abstract class PrintfStyleCall extends DataFlow::CallNode {
+  // We assume that most printf-like calls have the signature f(format_string, args...)
+  /**
+   * Gets the format string of this call.
+   */
+  DataFlow::Node getFormatString() { result = this.getArgument(0) }
+
+  /**
+   * Gets then `n`th formatted argument of this call.
+   */
+  DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }
+
+  /** Holds if this call returns the formatted string. */
+  predicate returnsFormatted() { any() }
+}
+
+/**
+ * A call to `Kernel.printf`.
+ */
+class KernelPrintfCall extends PrintfStyleCall {
+  KernelPrintfCall() {
+    this = API::getTopLevelMember("Kernel").getAMethodCall("printf")
+    or
+    this.asExpr().getExpr() instanceof Ast::UnknownMethodCall and
+    this.getMethodName() = "printf"
+  }
+
+  // Kernel#printf supports two signatures:
+  //   printf(io, string, ...)
+  //   printf(string, ...)
+  override DataFlow::Node getFormatString() {
+    // Because `printf` has two different signatures, we can't be sure which
+    // argument is the format string, so we use a heuristic:
+    // If the first argument has a string value, then we assume it is the format string.
+    // Otherwise we treat both the first and second args as the format string.
+    if this.getArgument(0).getExprNode().getConstantValue().isString(_)
+    then result = this.getArgument(0)
+    else result = this.getArgument([0, 1])
+  }
+
+  override predicate returnsFormatted() { none() }
+}
+
+/**
+ * A call to `Kernel.sprintf`.
+ */
+class KernelSprintfCall extends PrintfStyleCall {
+  KernelSprintfCall() {
+    this = API::getTopLevelMember("Kernel").getAMethodCall("sprintf")
+    or
+    this.asExpr().getExpr() instanceof Ast::UnknownMethodCall and
+    this.getMethodName() = "sprintf"
+  }
+
+  override predicate returnsFormatted() { any() }
+}
+
+/**
+ * A call to `IO#printf`.
+ */
+class IOPrintfCall extends PrintfStyleCall {
+  IOPrintfCall() {
+    this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"
+  }
+
+  override predicate returnsFormatted() { none() }
+}
+
+/**
+ * A call to `String#%`.
+ */
+class StringPercentCall extends PrintfStyleCall {
+  StringPercentCall() { this.getMethodName() = "%" }
+
+  override DataFlow::Node getFormatString() { result = this.getReceiver() }
+
+  override DataFlow::Node getFormatArgument(int n) {
+    exists(CfgNodes::ExprNodes::ArrayLiteralCfgNode arrLit | arrLit = this.getArgument(0).asExpr() |
+      result.asExpr() = arrLit.getArgument(n)
+    )
+    or
+    exists(CfgNodes::ExprNodes::HashLiteralCfgNode hashLit |
+      hashLit = this.getArgument(0).asExpr()
+    |
+      n = -2 and // -2 is indicates that the index does not make sense in this context
+      result.asExpr() = hashLit.getAKeyValuePair().getValue()
+    )
+  }
+
+  override predicate returnsFormatted() { any() }
+}
+
+private import codeql.ruby.dataflow.FlowSteps
+private import codeql.ruby.CFG
+
+/**
+ * A step for string interpolation of `pred` into `succ`.
+ * E.g.
+ * ```rb
+ * succ = "foo #{pred} bar"
+ * ```
+ */
+private class StringLiteralFormatStep extends AdditionalTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    pred.asExpr() = succ.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent()
+  }
+}
+
+/**
+ * A taint propagating data flow edge arising from string formatting.
+ */
+private class StringFormattingTaintStep extends AdditionalTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(PrintfStyleCall call |
+      call.returnsFormatted() and
+      succ = call
+    |
+      pred = call.getFormatString()
+      or
+      pred = call.getFormatArgument(_)
+    )
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
index 12b96e579e5..b2fbf7870ce 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
@@ -140,10 +140,9 @@ module Array {
     }
   }
 
-  private class SetDifferenceSummary extends SummarizedCallable {
-    SetDifferenceSummary() { this = "-" }
-
-    override SubExpr getACallSimple() { any() }
+  abstract private class DifferenceSummaryShared extends SummarizedCallable {
+    bindingset[this]
+    DifferenceSummaryShared() { any() }
 
     override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
       input = "Argument[self].Element[any]" and
@@ -152,6 +151,12 @@ module Array {
     }
   }
 
+  private class SetDifferenceSummary extends DifferenceSummaryShared {
+    SetDifferenceSummary() { this = "-" }
+
+    override SubExpr getACallSimple() { any() }
+  }
+
   /** Flow summary for `Array#<<`. For `Array#append`, see `PushSummary`. */
   private class AppendOperatorSummary extends SummarizedCallable {
     AppendOperatorSummary() { this = "<<" }
@@ -687,14 +692,8 @@ module Array {
     }
   }
 
-  private class DifferenceSummary extends SimpleSummarizedCallable {
+  private class DifferenceSummary extends DifferenceSummaryShared, SimpleSummarizedCallable {
     DifferenceSummary() { this = "difference" }
-
-    override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-      // `Array#difference` and `Array#-` do not behave exactly the same way,
-      // but we model their flow the same way.
-      any(SetDifferenceSummary s).propagatesFlowExt(input, output, preservesValue)
-    }
   }
 
   private string getDigArg(MethodCall dig, int i) {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll
index 0828a6dcea7..e751e882ddb 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/IO.qll
@@ -114,7 +114,7 @@ module IO {
    * ```
    * Ruby documentation: https://docs.ruby-lang.org/en/3.1/IO.html#method-c-popen
    */
-  class POpenCall extends SystemCommandExecution::Range, DataFlow::CallNode {
+  class POpenCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     POpenCall() { this = API::getTopLevelMember("IO").getAMethodCall("popen") }
 
     override DataFlow::Node getAnArgument() { this.argument(result, _) }
@@ -131,7 +131,7 @@ module IO {
         not n instanceof ExprNodes::ArrayLiteralCfgNode and
         (
           // IO.popen({var: "a"}, "cmd", {some: :opt})
-          arg = this.getArgument([0, 1]) and
+          arg = super.getArgument([0, 1]) and
           // We over-approximate by assuming a subshell if the argument isn't an array or "-".
           // This increases the sensitivity of the CommandInjection query at the risk of some FPs.
           if n.getConstantValue().getString() = "-" then shell = false else shell = true
@@ -139,7 +139,7 @@ module IO {
           // IO.popen([{var: "b"}, "cmd", "arg1", "arg2", {some: :opt}])
           // IO.popen({var: "a"}, ["cmd", "arg1", "arg2", {some: :opt}])
           shell = false and
-          exists(ExprNodes::ArrayLiteralCfgNode arr | this.getArgument([0, 1]).asExpr() = arr |
+          exists(ExprNodes::ArrayLiteralCfgNode arr | super.getArgument([0, 1]).asExpr() = arr |
             n = arr.getAnArgument()
             or
             // IO.popen([{var: "b"}, ["cmd", "argv0"], "arg1", "arg2", {some: :opt}])
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Regexp.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Regexp.qll
index cea79f19cf1..581c0d581c9 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Regexp.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Regexp.qll
@@ -13,7 +13,7 @@ module Regexp {
   /** A flow summary for `Regexp.escape` and its alias, `Regexp.quote`. */
   class RegexpEscapeSummary extends ModelInput::SummaryModelCsv {
     override predicate row(string row) {
-      row = ";;Member[Regexp].Method[escape,quote];Argument[0];ReturnValue;taint"
+      row = "Regexp!;Method[escape,quote];Argument[0];ReturnValue;taint"
     }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
index 8302a2c4300..2e3fa21a45b 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
@@ -33,26 +33,23 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource::Range {
 }
 
 private class SummarizedCallableFromModel extends SummarizedCallable {
-  string package;
   string type;
   string path;
 
   SummarizedCallableFromModel() {
-    ModelOutput::relevantSummaryModel(package, type, path, _, _, _) and
-    this = package + ";" + type + ";" + path
+    ModelOutput::relevantSummaryModel(type, path, _, _, _) and
+    this = type + ";" + path
   }
 
   override Call getACall() {
     exists(API::MethodAccessNode base |
-      ModelOutput::resolvedSummaryBase(package, type, path, base) and
+      ModelOutput::resolvedSummaryBase(type, path, base) and
       result = base.getCallNode().asExpr().getExpr()
     )
   }
 
   override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    exists(string kind |
-      ModelOutput::relevantSummaryModel(package, type, path, input, output, kind)
-    |
+    exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) |
       kind = "value" and
       preservesValue = true
       or
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
index 9b2428f3413..1b7e8cb326a 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
@@ -5,23 +5,20 @@
  *
  * The CSV specification has the following columns:
  * - Sources:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Sinks:
- *   `package; type; path; kind`
+ *   `type; path; kind`
  * - Summaries:
- *   `package; type; path; input; output; kind`
+ *   `type; path; input; output; kind`
  * - Types:
- *   `package1; type1; package2; type2; path`
+ *   `type1; type2; path`
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
- * 1. The `package` column selects a package name, as it would be referenced in the source code,
- *    such as an NPM package, PIP package, or Ruby gem. (See `ModelsAsData.qll` for language-specific details).
- *    It may also be a synthetic package used for a type definition (see type definitions below).
- * 2. The `type` column selects all instances of a named type originating from that package,
- *    or the empty string if referring to the package itself.
+ * 1. The `type` column selects all instances of a named type. The syntax of this column is language-specific.
+ *    The language defines some type names that the analysis knows how to identify without models.
  *    It can also be a synthetic type name defined by a type definition (see type definitions below).
- * 3. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `package` and `type`.
+ * 2. The `path` column is a `.`-separated list of "access path tokens" to resolve, starting at the node selected by `type`.
  *
  *    Every language supports the following tokens:
  *     - Argument[n]: the n-th argument to a call. May be a range of form `x..y` (inclusive) and/or a comma-separated list.
@@ -42,10 +39,10 @@
  *
  *    For the time being, please consult `ApiGraphModelsSpecific.qll` to see which language-specific tokens are currently supported.
  *
- * 4. The `input` and `output` columns specify how data enters and leaves the element selected by the
- *    first `(package, type, path)` tuple. Both strings are `.`-separated access paths
+ * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
+ *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 5. The `kind` column is a tag that can be referenced from QL to determine to
+ * 4. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
  *    `"taint"` indicates a default additional taint step and `"value"` indicates a
@@ -53,17 +50,17 @@
  *
  * ### Types
  *
- * A type row of form `package1; type1; package2; type2; path` indicates that `package2; type2; path`
- * should be seen as an instance of the type `package1; type1`.
+ * A type row of form `type1; type2; path` indicates that `type2; path`
+ * should be seen as an instance of the type `type1`.
  *
- * A `(package,type)` pair may refer to a static type or a synthetic type name used internally in the model.
+ * A type may refer to a static type or a synthetic type name used internally in the model.
  * Synthetic type names can be used to reuse intermediate sub-paths, when there are multiple ways to access the same
  * element.
- * See `ModelsAsData.qll` for the language-specific interpretation of packages and static type names.
+ * See `ModelsAsData.qll` for the language-specific interpretation of type names.
  *
- * By convention, if one wants to avoid clashes with static types from the package, the type name
- * should be prefixed with a tilde character (`~`). For example, `(foo, ~Bar)` can be used to indicate that
- * the type is related to the `foo` package but is not intended to match a static type.
+ * By convention, if one wants to avoid clashes with static types, the type name
+ * should be prefixed with a tilde character (`~`). For example, `~Bar` can be used to indicate that
+ * the type is not intended to match a static type.
  */
 
 private import ApiGraphModelsSpecific as Specific
@@ -75,6 +72,7 @@ private module API = Specific::API;
 private module DataFlow = Specific::DataFlow;
 
 private import Specific::AccessPathSyntax
+private import ApiGraphModelsExtensions as Extensions
 
 /** Module containing hooks for providing input data to be interpreted as a model. */
 module ModelInput {
@@ -89,9 +87,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a flow
+     * indicates that the value at `(type, path)` should be seen as a flow
      * source of the given `kind`.
      *
      * The kind `remote` represents a general remote flow source.
@@ -110,9 +108,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;kind
+     * type;path;kind
      * ```
-     * indicates that the value at `(package, type, path)` should be seen as a sink
+     * indicates that the value at `(type, path)` should be seen as a sink
      * of the given `kind`.
      */
     abstract predicate row(string row);
@@ -129,9 +127,9 @@ module ModelInput {
      *
      * A row of form
      * ```
-     * package;type;path;input;output;kind
+     * type;path;input;output;kind
      * ```
-     * indicates that for each call to `(package, type, path)`, the value referred to by `input`
+     * indicates that for each call to `(type, path)`, the value referred to by `input`
      * can flow to the value referred to by `output`.
      *
      * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
@@ -151,9 +149,9 @@ module ModelInput {
      *
      * A row of form,
      * ```
-     * package1;type1;package2;type2;path
+     * type1;type2;path
      * ```
-     * indicates that `(package2, type2, path)` should be seen as an instance of `(package1, type1)`.
+     * indicates that `(type2, path)` should be seen as an instance of `type1`.
      */
     abstract predicate row(string row);
   }
@@ -163,28 +161,28 @@ module ModelInput {
    */
   class TypeModel extends Unit {
     /**
-     * Gets a data-flow node that is a source of the type `package;type`.
+     * Gets a data-flow node that is a source of the given `type`.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the source.
      */
-    DataFlow::Node getASource(string package, string type) { none() }
+    DataFlow::Node getASource(string type) { none() }
 
     /**
-     * Gets a data-flow node that is a sink of the type `package;type`,
+     * Gets a data-flow node that is a sink of the given `type`,
      * usually because it is an argument passed to a parameter of that type.
      *
      * This must not depend on API graphs, but ensures that an API node is generated for
      * the sink.
      */
-    DataFlow::Node getASink(string package, string type) { none() }
+    DataFlow::Node getASink(string type) { none() }
 
     /**
-     * Gets an API node that is a source or sink of the type `package;type`.
+     * Gets an API node that is a source or sink of the given `type`.
      *
      * Unlike `getASource` and `getASink`, this may depend on API graphs.
      */
-    API::Node getAnApiNode(string package, string type) { none() }
+    API::Node getAnApiNode(string type) { none() }
   }
 
   /**
@@ -209,7 +207,7 @@ private import ModelInput
 /**
  * An empty class, except in specific tests.
  *
- * If this is non-empty, all models are parsed even if the package is not
+ * If this is non-empty, all models are parsed even if the type name is not
  * considered relevant for the current database.
  */
 abstract class TestAllModels extends Unit { }
@@ -232,54 +230,53 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row
 private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) }
 
 /** Holds if a source model exists for the given parameters. */
-predicate sourceModel(string package, string type, string path, string kind) {
+predicate sourceModel(string type, string path, string kind) {
   exists(string row |
     sourceModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sourceModel(type, path, kind)
 }
 
 /** Holds if a sink model exists for the given parameters. */
-private predicate sinkModel(string package, string type, string path, string kind) {
+private predicate sinkModel(string type, string path, string kind) {
   exists(string row |
     sinkModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = kind
   )
+  or
+  Extensions::sinkModel(type, path, kind)
 }
 
 /** Holds if a summary model `row` exists for the given parameters. */
-private predicate summaryModel(
-  string package, string type, string path, string input, string output, string kind
-) {
+private predicate summaryModel(string type, string path, string input, string output, string kind) {
   exists(string row |
     summaryModel(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = path and
-    row.splitAt(";", 3) = input and
-    row.splitAt(";", 4) = output and
-    row.splitAt(";", 5) = kind
+    row.splitAt(";", 0) = type and
+    row.splitAt(";", 1) = path and
+    row.splitAt(";", 2) = input and
+    row.splitAt(";", 3) = output and
+    row.splitAt(";", 4) = kind
   )
+  or
+  Extensions::summaryModel(type, path, input, output, kind)
 }
 
 /** Holds if a type model exists for the given parameters. */
-private predicate typeModel(
-  string package1, string type1, string package2, string type2, string path
-) {
+private predicate typeModel(string type1, string type2, string path) {
   exists(string row |
     typeModel(row) and
-    row.splitAt(";", 0) = package1 and
-    row.splitAt(";", 1) = type1 and
-    row.splitAt(";", 2) = package2 and
-    row.splitAt(";", 3) = type2 and
-    row.splitAt(";", 4) = path
+    row.splitAt(";", 0) = type1 and
+    row.splitAt(";", 1) = type2 and
+    row.splitAt(";", 2) = path
   )
+  or
+  Extensions::typeModel(type1, type2, path)
 }
 
 /** Holds if a type variable model exists for the given parameters. */
@@ -289,64 +286,55 @@ private predicate typeVariableModel(string name, string path) {
     row.splitAt(";", 0) = name and
     row.splitAt(";", 1) = path
   )
-}
-
-/**
- * Gets a package that should be seen as an alias for the given other `package`,
- * or the `package` itself.
- */
-bindingset[package]
-bindingset[result]
-string getAPackageAlias(string package) {
-  typeModel(package, "", result, "", "")
   or
-  result = package
+  Extensions::typeVariableModel(name, path)
 }
 
 /**
- * Holds if CSV rows involving `package` might be relevant for the analysis of this database.
+ * Holds if CSV rows involving `type` might be relevant for the analysis of this database.
  */
-private predicate isRelevantPackage(string package) {
+predicate isRelevantType(string type) {
   (
-    sourceModel(package, _, _, _) or
-    sinkModel(package, _, _, _) or
-    summaryModel(package, _, _, _, _, _) or
-    typeModel(_, _, package, _, _)
+    sourceModel(type, _, _) or
+    sinkModel(type, _, _) or
+    summaryModel(type, _, _, _, _) or
+    typeModel(_, type, _)
   ) and
   (
-    Specific::isPackageUsed(package)
+    Specific::isTypeUsed(type)
     or
     exists(TestAllModels t)
   )
   or
-  exists(string other |
-    isRelevantPackage(other) and
-    typeModel(package, _, other, _, _)
+  exists(string other | isRelevantType(other) |
+    typeModel(type, other, _)
+    or
+    Specific::hasImplicitTypeModel(type, other)
   )
 }
 
 /**
- * Holds if `package,type,path` is used in some CSV row.
+ * Holds if `type,path` is used in some CSV row.
  */
 pragma[nomagic]
-predicate isRelevantFullPath(string package, string type, string path) {
-  isRelevantPackage(package) and
+predicate isRelevantFullPath(string type, string path) {
+  isRelevantType(type) and
   (
-    sourceModel(package, type, path, _) or
-    sinkModel(package, type, path, _) or
-    summaryModel(package, type, path, _, _, _) or
-    typeModel(_, _, package, type, path)
+    sourceModel(type, path, _) or
+    sinkModel(type, path, _) or
+    summaryModel(type, path, _, _, _) or
+    typeModel(_, type, path)
   )
 }
 
 /** A string from a CSV row that should be parsed as an access path. */
 private class AccessPathRange extends AccessPath::Range {
   AccessPathRange() {
-    isRelevantFullPath(_, _, this)
+    isRelevantFullPath(_, this)
     or
-    exists(string package | isRelevantPackage(package) |
-      summaryModel(package, _, _, this, _, _) or
-      summaryModel(package, _, _, _, this, _)
+    exists(string type | isRelevantType(type) |
+      summaryModel(type, _, this, _, _) or
+      summaryModel(type, _, _, this, _)
     )
     or
     typeVariableModel(_, this)
@@ -400,83 +388,73 @@ private predicate invocationMatchesCallSiteFilter(Specific::InvokeNode invoke, A
 }
 
 private class TypeModelUseEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelUseEntry() {
-    exists(any(TypeModel tm).getASource(package, type)) and
-    this = "TypeModelUseEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASource(type)) and
+    this = "TypeModelUseEntry;" + type
   }
 
-  override DataFlow::LocalSourceNode getASource() {
-    result = any(TypeModel tm).getASource(package, type)
-  }
+  override DataFlow::LocalSourceNode getASource() { result = any(TypeModel tm).getASource(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 private class TypeModelDefEntry extends API::EntryPoint {
-  private string package;
   private string type;
 
   TypeModelDefEntry() {
-    exists(any(TypeModel tm).getASink(package, type)) and
-    this = "TypeModelDefEntry;" + package + ";" + type
+    exists(any(TypeModel tm).getASink(type)) and
+    this = "TypeModelDefEntry;" + type
   }
 
-  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(package, type) }
+  override DataFlow::Node getASink() { result = any(TypeModel tm).getASink(type) }
 
-  API::Node getNodeForType(string package_, string type_) {
-    package = package_ and type = type_ and result = this.getANode()
-  }
+  API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
 /**
- * Gets an API node identified by the given `(package,type)` pair.
+ * Gets an API node identified by the given `type`.
  */
 pragma[nomagic]
-private API::Node getNodeFromType(string package, string type) {
-  exists(string package2, string type2, AccessPath path2 |
-    typeModel(package, type, package2, type2, path2) and
-    result = getNodeFromPath(package2, type2, path2)
+private API::Node getNodeFromType(string type) {
+  exists(string type2, AccessPath path2 |
+    typeModel(type, type2, path2) and
+    result = getNodeFromPath(type2, path2)
   )
   or
-  result = any(TypeModelUseEntry e).getNodeForType(package, type)
+  result = any(TypeModelUseEntry e).getNodeForType(type)
   or
-  result = any(TypeModelDefEntry e).getNodeForType(package, type)
+  result = any(TypeModelDefEntry e).getNodeForType(type)
   or
-  result = any(TypeModel t).getAnApiNode(package, type)
+  result = any(TypeModel t).getAnApiNode(type)
   or
-  result = Specific::getExtraNodeFromType(package, type)
+  result = Specific::getExtraNodeFromType(type)
 }
 
 /**
- * Gets the API node identified by the first `n` tokens of `path` in the given `(package, type, path)` tuple.
+ * Gets the API node identified by the first `n` tokens of `path` in the given `(type, path)` tuple.
  */
 pragma[nomagic]
-private API::Node getNodeFromPath(string package, string type, AccessPath path, int n) {
-  isRelevantFullPath(package, type, path) and
+private API::Node getNodeFromPath(string type, AccessPath path, int n) {
+  isRelevantFullPath(type, path) and
   (
     n = 0 and
-    result = getNodeFromType(package, type)
+    result = getNodeFromType(type)
     or
-    result = Specific::getExtraNodeFromPath(package, type, path, n)
+    result = Specific::getExtraNodeFromPath(type, path, n)
   )
   or
-  result = getSuccessorFromNode(getNodeFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromNode(getNodeFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Similar to the other recursive case, but where the path may have stepped through one or more call-site filters
-  result =
-    getSuccessorFromInvoke(getInvocationFromPath(package, type, path, n - 1), path.getToken(n - 1))
+  result = getSuccessorFromInvoke(getInvocationFromPath(type, path, n - 1), path.getToken(n - 1))
   or
   // Apply a subpath
-  result =
-    getNodeFromSubPath(getNodeFromPath(package, type, path, n - 1), getSubPathAt(path, n - 1))
+  result = getNodeFromSubPath(getNodeFromPath(type, path, n - 1), getSubPathAt(path, n - 1))
   or
   // Apply a type step
-  typeStep(getNodeFromPath(package, type, path, n), result)
+  typeStep(getNodeFromPath(type, path, n), result)
 }
 
 /**
@@ -496,15 +474,15 @@ private AccessPath getSubPathAt(AccessPath path, int n) {
 pragma[nomagic]
 private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath, int n) {
   exists(AccessPath path, int k |
-    base = [getNodeFromPath(_, _, path, k), getNodeFromSubPath(_, path, k)] and
+    base = [getNodeFromPath(_, path, k), getNodeFromSubPath(_, path, k)] and
     subPath = getSubPathAt(path, k) and
     result = base and
     n = 0
   )
   or
-  exists(string package, string type, AccessPath basePath |
-    typeStepModel(package, type, basePath, subPath) and
-    base = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath |
+    typeStepModel(type, basePath, subPath) and
+    base = getNodeFromPath(type, basePath) and
     result = base and
     n = 0
   )
@@ -543,42 +521,40 @@ private API::Node getNodeFromSubPath(API::Node base, AccessPath subPath) {
   result = getNodeFromSubPath(base, subPath, subPath.getNumToken())
 }
 
-/** Gets the node identified by the given `(package, type, path)` tuple. */
-private API::Node getNodeFromPath(string package, string type, AccessPath path) {
-  result = getNodeFromPath(package, type, path, path.getNumToken())
+/** Gets the node identified by the given `(type, path)` tuple. */
+private API::Node getNodeFromPath(string type, AccessPath path) {
+  result = getNodeFromPath(type, path, path.getNumToken())
 }
 
 pragma[nomagic]
-private predicate typeStepModel(string package, string type, AccessPath basePath, AccessPath output) {
-  summaryModel(package, type, basePath, "", output, "type")
+private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) {
+  summaryModel(type, basePath, "", output, "type")
 }
 
 pragma[nomagic]
 private predicate typeStep(API::Node pred, API::Node succ) {
-  exists(string package, string type, AccessPath basePath, AccessPath output |
-    typeStepModel(package, type, basePath, output) and
-    pred = getNodeFromPath(package, type, basePath) and
+  exists(string type, AccessPath basePath, AccessPath output |
+    typeStepModel(type, basePath, output) and
+    pred = getNodeFromPath(type, basePath) and
     succ = getNodeFromSubPath(pred, output)
   )
 }
 
 /**
- * Gets an invocation identified by the given `(package, type, path)` tuple.
+ * Gets an invocation identified by the given `(type, path)` tuple.
  *
  * Unlike `getNodeFromPath`, the `path` may end with one or more call-site filters.
  */
-private Specific::InvokeNode getInvocationFromPath(
-  string package, string type, AccessPath path, int n
-) {
-  result = Specific::getAnInvocationOf(getNodeFromPath(package, type, path, n))
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path, int n) {
+  result = Specific::getAnInvocationOf(getNodeFromPath(type, path, n))
   or
-  result = getInvocationFromPath(package, type, path, n - 1) and
+  result = getInvocationFromPath(type, path, n - 1) and
   invocationMatchesCallSiteFilter(result, path.getToken(n - 1))
 }
 
-/** Gets an invocation identified by the given `(package, type, path)` tuple. */
-private Specific::InvokeNode getInvocationFromPath(string package, string type, AccessPath path) {
-  result = getInvocationFromPath(package, type, path, path.getNumToken())
+/** Gets an invocation identified by the given `(type, path)` tuple. */
+private Specific::InvokeNode getInvocationFromPath(string type, AccessPath path) {
+  result = getInvocationFromPath(type, path, path.getNumToken())
 }
 
 /**
@@ -631,9 +607,9 @@ module ModelOutput {
      */
     cached
     API::Node getASourceNode(string kind) {
-      exists(string package, string type, string path |
-        sourceModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sourceModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -642,9 +618,9 @@ module ModelOutput {
      */
     cached
     API::Node getASinkNode(string kind) {
-      exists(string package, string type, string path |
-        sinkModel(package, type, path, kind) and
-        result = getNodeFromPath(package, type, path)
+      exists(string type, string path |
+        sinkModel(type, path, kind) and
+        result = getNodeFromPath(type, path)
       )
     }
 
@@ -653,32 +629,31 @@ module ModelOutput {
      */
     cached
     predicate relevantSummaryModel(
-      string package, string type, string path, string input, string output, string kind
+      string type, string path, string input, string output, string kind
     ) {
-      isRelevantPackage(package) and
-      summaryModel(package, type, path, input, output, kind)
+      isRelevantType(type) and
+      summaryModel(type, path, input, output, kind)
     }
 
     /**
-     * Holds if a `baseNode` is an invocation identified by the `package,type,path` part of a summary row.
+     * Holds if a `baseNode` is an invocation identified by the `type,path` part of a summary row.
      */
     cached
-    predicate resolvedSummaryBase(
-      string package, string type, string path, Specific::InvokeNode baseNode
-    ) {
-      summaryModel(package, type, path, _, _, _) and
-      baseNode = getInvocationFromPath(package, type, path)
+    predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) {
+      summaryModel(type, path, _, _, _) and
+      baseNode = getInvocationFromPath(type, path)
     }
 
     /**
-     * Holds if `node` is seen as an instance of `(package,type)` due to a type definition
+     * Holds if `node` is seen as an instance of `type` due to a type definition
      * contributed by a CSV model.
      */
     cached
-    API::Node getATypeNode(string package, string type) { result = getNodeFromType(package, type) }
+    API::Node getATypeNode(string type) { result = getNodeFromType(type) }
   }
 
   import Cached
+  import Specific::ModelOutputSpecific
 
   /**
    * Gets an error message relating to an invalid CSV row in a model.
@@ -686,13 +661,13 @@ module ModelOutput {
   string getAWarning() {
     // Check number of columns
     exists(string row, string kind, int expectedArity, int actualArity |
-      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 4
+      any(SourceModelCsv csv).row(row) and kind = "source" and expectedArity = 3
       or
-      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 4
+      any(SinkModelCsv csv).row(row) and kind = "sink" and expectedArity = 3
       or
-      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 6
+      any(SummaryModelCsv csv).row(row) and kind = "summary" and expectedArity = 5
       or
-      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 5
+      any(TypeModelCsv csv).row(row) and kind = "type" and expectedArity = 3
       or
       any(TypeVariableModelCsv csv).row(row) and kind = "type-variable" and expectedArity = 2
     |
@@ -705,7 +680,7 @@ module ModelOutput {
     or
     // Check names and arguments of access path tokens
     exists(AccessPath path, AccessPathToken token |
-      (isRelevantFullPath(_, _, path) or typeVariableModel(_, path)) and
+      (isRelevantFullPath(_, path) or typeVariableModel(_, path)) and
       token = path.getToken(_)
     |
       not isValidTokenNameInIdentifyingAccessPath(token.getName()) and
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
new file mode 100644
index 00000000000..11c3bb9657e
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -0,0 +1,36 @@
+/**
+ * Defines extensible predicates for contributing library models from data extensions.
+ */
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a flow
+ * source of the given `kind`.
+ *
+ * The kind `remote` represents a general remote flow source.
+ */
+extensible predicate sourceModel(string type, string path, string kind);
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a sink
+ * of the given `kind`.
+ */
+extensible predicate sinkModel(string type, string path, string kind);
+
+/**
+ * Holds if calls to `(type, path)`, the value referred to by `input`
+ * can flow to the value referred to by `output`.
+ *
+ * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps,
+ * respectively.
+ */
+extensible predicate summaryModel(string type, string path, string input, string output, string kind);
+
+/**
+ * Holds if `(type2, path)` should be seen as an instance of `type1`.
+ */
+extensible predicate typeModel(string type1, string type2, string path);
+
+/**
+ * Holds if `path` can be substituted for a token `TypeVar[name]`.
+ */
+extensible predicate typeVariableModel(string name, string path);
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll
index 03390a6c34e..500197f2f89 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll
@@ -34,30 +34,73 @@ private import codeql.ruby.dataflow.internal.FlowSummaryImplSpecific as FlowSumm
 private import codeql.ruby.dataflow.internal.FlowSummaryImpl::Public
 private import codeql.ruby.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 
-/**
- * Holds if models describing `package` may be relevant for the analysis of this database.
- *
- * In the context of Ruby, this is the name of a Ruby gem.
- */
-bindingset[package]
-predicate isPackageUsed(string package) {
-  // For now everything is modeled as an access path starting at any top-level, so the package name has no effect.
-  //
-  // We allow an arbitrary package name so that the model can record the name of the package in case it's needed in the future.
-  //
-  // In principle we should consider a package to be "used" if there is a transitive dependency on it, but we can only
-  // reliably see the direct dependencies.
-  //
-  // In practice, packages try to use unique top-level module names, which mitigates the precision loss of not checking
-  // the package name.
-  any()
+pragma[nomagic]
+private predicate isUsedTopLevelConstant(string name) {
+  exists(ConstantAccess access |
+    access.getName() = name and
+    not exists(access.getScopeExpr())
+  )
 }
 
-/** Gets a Ruby-specific interpretation of the `(package, type, path)` tuple after resolving the first `n` access path tokens. */
-bindingset[package, type, path]
-API::Node getExtraNodeFromPath(string package, string type, AccessPath path, int n) {
-  // A row of form `;any;Method[foo]` should match any method named `foo`.
-  exists(package) and
+bindingset[rawType]
+predicate isTypeUsed(string rawType) {
+  exists(string consts |
+    parseType(rawType, consts, _) and
+    isUsedTopLevelConstant(consts.splitAt("::", 0))
+  )
+  or
+  rawType = ["", "any"]
+}
+
+bindingset[rawType]
+private predicate parseType(string rawType, string consts, string suffix) {
+  exists(string regexp |
+    regexp = "([^!]+)(!|)" and
+    consts = rawType.regexpCapture(regexp, 1) and
+    suffix = rawType.regexpCapture(regexp, 2)
+  )
+}
+
+/**
+ * Holds if `type` can be obtained from an instance of `otherType` due to
+ * language semantics modeled by `getExtraNodeFromType`.
+ */
+bindingset[otherType]
+predicate hasImplicitTypeModel(string type, string otherType) {
+  // A::B! can be used to obtain A::B
+  parseType(otherType, type, _)
+}
+
+private predicate parseRelevantType(string rawType, string consts, string suffix) {
+  isRelevantType(rawType) and
+  parseType(rawType, consts, suffix)
+}
+
+pragma[nomagic]
+private string getConstComponent(string consts, int n) {
+  parseRelevantType(_, consts, _) and
+  result = consts.splitAt("::", n)
+}
+
+private int getNumConstComponents(string consts) {
+  result = strictcount(int n | exists(getConstComponent(consts, n)))
+}
+
+private DataFlow::ConstRef getConstantFromConstPath(string consts, int n) {
+  n = 1 and
+  result = DataFlow::getConstant(getConstComponent(consts, 0))
+  or
+  result = getConstantFromConstPath(consts, n - 1).getConstant(getConstComponent(consts, n - 1))
+}
+
+private DataFlow::ConstRef getConstantFromConstPath(string consts) {
+  result = getConstantFromConstPath(consts, getNumConstComponents(consts))
+}
+
+/** Gets a Ruby-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */
+bindingset[type, path]
+API::Node getExtraNodeFromPath(string type, AccessPath path, int n) {
+  // A row of form `any;Method[foo]` should match any method named `foo`.
   type = "any" and
   n = 1 and
   exists(EntryPointFromAnyType entry |
@@ -66,9 +109,27 @@ API::Node getExtraNodeFromPath(string package, string type, AccessPath path, int
   )
 }
 
-/** Gets a Ruby-specific interpretation of the `(package, type)` tuple. */
-API::Node getExtraNodeFromType(string package, string type) {
-  isRelevantFullPath(package, type, _) and // Allow any package name, see `isPackageUsed`.
+/** Gets a Ruby-specific interpretation of the given `type`. */
+API::Node getExtraNodeFromType(string type) {
+  exists(string consts, string suffix, DataFlow::ConstRef constRef |
+    parseRelevantType(type, consts, suffix) and
+    constRef = getConstantFromConstPath(consts)
+  |
+    suffix = "!" and
+    (
+      result.asSource() = constRef
+      or
+      result.asSource() = constRef.getADescendentModule().getAnOwnModuleSelf()
+    )
+    or
+    suffix = "" and
+    (
+      result.asSource() = constRef.getAMethodCall("new")
+      or
+      result.asSource() = constRef.getADescendentModule().getAnInstanceSelf()
+    )
+  )
+  or
   type = "" and
   result = API::root()
 }
@@ -78,7 +139,7 @@ API::Node getExtraNodeFromType(string package, string type) {
  * matching anywhere, and the path begins with `Method[methodName]`.
  */
 private predicate methodMatchedByName(AccessPath path, string methodName) {
-  isRelevantFullPath(_, "any", path) and
+  isRelevantFullPath("any", path) and
   exists(AccessPathToken token |
     token = path.getToken(0) and
     token.getName() = "Method" and
@@ -190,3 +251,5 @@ predicate isExtraValidTokenArgumentInIdentifyingAccessPath(string name, string a
     argument.regexpMatch("\\w+:") // keyword argument
   )
 }
+
+module ModelOutputSpecific { }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml
new file mode 100644
index 00000000000..f69da6cc363
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml
@@ -0,0 +1,26 @@
+extensions:
+  # Contribute empty data sets to avoid errors about an undefined extensionals
+  - addsTo:
+      pack: codeql/ruby-all
+      extensible: sourceModel
+    data: []
+
+  - addsTo:
+      pack: codeql/ruby-all
+      extensible: sinkModel
+    data: []
+
+  - addsTo:
+      pack: codeql/ruby-all
+      extensible: summaryModel
+    data: []
+
+  - addsTo:
+      pack: codeql/ruby-all
+      extensible: typeModel
+    data: []
+
+  - addsTo:
+      pack: codeql/ruby-all
+      extensible: typeVariableModel
+    data: []
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
index 68ca62beaf8..3a1c96aaf55 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -62,11 +62,8 @@ class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {
  * Kernel.open("http://example.com").read
  * ```
  */
-class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode {
-  OpenUriKernelOpenRequest() {
-    this instanceof KernelMethodCall and
-    this.getMethodName() = "open"
-  }
+class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode instanceof KernelMethodCall {
+  OpenUriKernelOpenRequest() { this.getMethodName() = "open" }
 
   override DataFlow::Node getAUrlPart() { result = this.getArgument(0) }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Open3.qll b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Open3.qll
index 3272056b4f1..e65f3005503 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Open3.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Open3.qll
@@ -2,10 +2,8 @@
  * Provides modeling for the `Open3` library.
  */
 
-private import codeql.ruby.AST
-private import codeql.ruby.DataFlow
+private import ruby
 private import codeql.ruby.ApiGraphs
-private import codeql.ruby.frameworks.Stdlib
 private import codeql.ruby.Concepts
 
 /**
@@ -17,23 +15,19 @@ module Open3 {
    * These methods take the same argument forms as `Kernel.system`.
    * See `KernelSystemCall` for details.
    */
-  class Open3Call extends SystemCommandExecution::Range {
-    MethodCall methodCall;
-
+  class Open3Call extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     Open3Call() {
-      this.asExpr().getExpr() = methodCall and
       this =
         API::getTopLevelMember("Open3")
             .getAMethodCall(["popen3", "popen2", "popen2e", "capture3", "capture2", "capture2e"])
     }
 
-    override DataFlow::Node getAnArgument() {
-      result.asExpr().getExpr() = methodCall.getAnArgument()
-    }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) {
       // These Open3 methods invoke a subshell if you provide a single string as argument
-      methodCall.getNumberOfArguments() = 1 and arg.asExpr().getExpr() = methodCall.getAnArgument()
+      super.getNumberOfArguments() = 1 and
+      arg = this.getAnArgument()
     }
   }
 
@@ -47,11 +41,8 @@ module Open3 {
    * Open3.pipeline([{}, "cat", "foo.txt"], "tail")
    * Open3.pipeline([["cat", "cat"], "foo.txt"], "tail")
    */
-  class Open3PipelineCall extends SystemCommandExecution::Range {
-    MethodCall methodCall;
-
+  class Open3PipelineCall extends SystemCommandExecution::Range instanceof DataFlow::CallNode {
     Open3PipelineCall() {
-      this.asExpr().getExpr() = methodCall and
       this =
         API::getTopLevelMember("Open3")
             .getAMethodCall([
@@ -59,14 +50,12 @@ module Open3 {
               ])
     }
 
-    override DataFlow::Node getAnArgument() {
-      result.asExpr().getExpr() = methodCall.getAnArgument()
-    }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) {
       // A command in the pipeline is executed in a subshell if it is given as a single string argument.
-      arg.asExpr().getExpr() instanceof StringlikeLiteral and
-      arg.asExpr().getExpr() = methodCall.getAnArgument()
+      arg.asExpr().getExpr() instanceof Ast::StringlikeLiteral and
+      arg = this.getAnArgument()
     }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
index 85db78252c8..0ef535d3aa7 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
@@ -123,33 +123,31 @@ module Pathname {
    */
   private class PathnameTypeSummary extends ModelInput::TypeModelCsv {
     override predicate row(string row) {
-      // package1;type1;package2;type2;path
+      // type1;type2;path
       row =
         [
-          // Pathname.new : Pathname
-          ";Pathname;;;Member[Pathname].Instance",
           // Pathname#+(path) : Pathname
-          ";Pathname;;Pathname;Method[+].ReturnValue",
+          "Pathname;Pathname;Method[+].ReturnValue",
           // Pathname#/(path) : Pathname
-          ";Pathname;;Pathname;Method[/].ReturnValue",
+          "Pathname;Pathname;Method[/].ReturnValue",
           // Pathname#basename(path) : Pathname
-          ";Pathname;;Pathname;Method[basename].ReturnValue",
+          "Pathname;Pathname;Method[basename].ReturnValue",
           // Pathname#cleanpath(path) : Pathname
-          ";Pathname;;Pathname;Method[cleanpath].ReturnValue",
+          "Pathname;Pathname;Method[cleanpath].ReturnValue",
           // Pathname#expand_path(path) : Pathname
-          ";Pathname;;Pathname;Method[expand_path].ReturnValue",
+          "Pathname;Pathname;Method[expand_path].ReturnValue",
           // Pathname#join(path) : Pathname
-          ";Pathname;;Pathname;Method[join].ReturnValue",
+          "Pathname;Pathname;Method[join].ReturnValue",
           // Pathname#realpath(path) : Pathname
-          ";Pathname;;Pathname;Method[realpath].ReturnValue",
+          "Pathname;Pathname;Method[realpath].ReturnValue",
           // Pathname#relative_path_from(path) : Pathname
-          ";Pathname;;Pathname;Method[relative_path_from].ReturnValue",
+          "Pathname;Pathname;Method[relative_path_from].ReturnValue",
           // Pathname#sub(path) : Pathname
-          ";Pathname;;Pathname;Method[sub].ReturnValue",
+          "Pathname;Pathname;Method[sub].ReturnValue",
           // Pathname#sub_ext(path) : Pathname
-          ";Pathname;;Pathname;Method[sub_ext].ReturnValue",
+          "Pathname;Pathname;Method[sub_ext].ReturnValue",
           // Pathname#to_path(path) : Pathname
-          ";Pathname;;Pathname;Method[to_path].ReturnValue",
+          "Pathname;Pathname;Method[to_path].ReturnValue",
         ]
     }
   }
@@ -160,31 +158,31 @@ module Pathname {
       row =
         [
           // Pathname.new(path)
-          ";;Member[Pathname].Method[new];Argument[0];ReturnValue;taint",
+          "Pathname!;Method[new];Argument[0];ReturnValue;taint",
           // Pathname#dirname
-          ";Pathname;Method[dirname];Argument[self];ReturnValue;taint",
+          "Pathname;Method[dirname];Argument[self];ReturnValue;taint",
           // Pathname#each_filename
-          ";Pathname;Method[each_filename];Argument[self];Argument[block].Parameter[0];taint",
+          "Pathname;Method[each_filename];Argument[self];Argument[block].Parameter[0];taint",
           // Pathname#expand_path
-          ";Pathname;Method[expand_path];Argument[self];ReturnValue;taint",
+          "Pathname;Method[expand_path];Argument[self];ReturnValue;taint",
           // Pathname#join
-          ";Pathname;Method[join];Argument[self,any];ReturnValue;taint",
+          "Pathname;Method[join];Argument[self,any];ReturnValue;taint",
           // Pathname#parent
-          ";Pathname;Method[parent];Argument[self];ReturnValue;taint",
+          "Pathname;Method[parent];Argument[self];ReturnValue;taint",
           // Pathname#realpath
-          ";Pathname;Method[realpath];Argument[self];ReturnValue;taint",
+          "Pathname;Method[realpath];Argument[self];ReturnValue;taint",
           // Pathname#relative_path_from
-          ";Pathname;Method[relative_path_from];Argument[self];ReturnValue;taint",
+          "Pathname;Method[relative_path_from];Argument[self];ReturnValue;taint",
           // Pathname#to_path
-          ";Pathname;Method[to_path];Argument[self];ReturnValue;taint",
+          "Pathname;Method[to_path];Argument[self];ReturnValue;taint",
           // Pathname#basename
-          ";Pathname;Method[basename];Argument[self];ReturnValue;taint",
+          "Pathname;Method[basename];Argument[self];ReturnValue;taint",
           // Pathname#cleanpath
-          ";Pathname;Method[cleanpath];Argument[self];ReturnValue;taint",
+          "Pathname;Method[cleanpath];Argument[self];ReturnValue;taint",
           // Pathname#sub
-          ";Pathname;Method[sub];Argument[self];ReturnValue;taint",
+          "Pathname;Method[sub];Argument[self];ReturnValue;taint",
           // Pathname#sub_ext
-          ";Pathname;Method[sub_ext];Argument[self];ReturnValue;taint",
+          "Pathname;Method[sub_ext];Argument[self];ReturnValue;taint",
         ]
     }
   }
diff --git a/ruby/ql/lib/codeql/ruby/printAst.qll b/ruby/ql/lib/codeql/ruby/printAst.qll
index 28f5def4969..25aa7908db3 100644
--- a/ruby/ql/lib/codeql/ruby/printAst.qll
+++ b/ruby/ql/lib/codeql/ruby/printAst.qll
@@ -70,7 +70,7 @@ class PrintAstNode extends TPrintNode {
    * Holds if this node is at the specified location. The location spans column
    * `startcolumn` of line `startline` to column `endcolumn` of line `endline`
    * in file `filepath`. For more information, see
-   * [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
diff --git a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
index 1ff182e3dcc..38d5de5d33a 100644
--- a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
+++ b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
@@ -4,6 +4,16 @@ private import internal.ParseRegExp
 private import codeql.NumberUtils
 private import codeql.ruby.ast.Literal as Ast
 private import codeql.Locations
+private import codeql.regex.nfa.NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+// exporting as RegexTreeView, and in the top-level scope.
+import Impl as RegexTreeView
+import Impl
+
+/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
+RegExpTerm getParsedRegExp(Ast::RegExpLiteral re) {
+  result.getRegExp() = re and result.isRootTerm()
+}
 
 /**
  * An element containing a regular expression term, that is, either
@@ -45,1109 +55,1182 @@ private newtype TRegExpParent =
     re.namedCharacterProperty(start, end, _)
   }
 
-/**
- * An element containing a regular expression term, that is, either
- * a string literal (parsed as a regular expression)
- * or another regular expression term.
- */
-class RegExpParent extends TRegExpParent {
-  /** Gets a textual representation of this element. */
-  string toString() { result = "RegExpParent" }
-
-  /** Gets the `i`th child term. */
-  RegExpTerm getChild(int i) { none() }
-
-  /** Gets a child term . */
-  final RegExpTerm getAChild() { result = this.getChild(_) }
-
-  /** Gets the number of child terms. */
-  int getNumChild() { result = count(this.getAChild()) }
-
-  /** Gets the last child term of this element. */
-  RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
-
+/** An implementation that statisfies the RegexTreeView signature. */
+private module Impl implements RegexTreeViewSig {
   /**
-   * Gets the name of a primary CodeQL class to which this regular
-   * expression term belongs.
+   * An element containing a regular expression term, that is, either
+   * a string literal (parsed as a regular expression)
+   * or another regular expression term.
    */
-  string getAPrimaryQlClass() { result = "RegExpParent" }
+  class RegExpParent extends TRegExpParent {
+    /** Gets a textual representation of this element. */
+    string toString() { result = "RegExpParent" }
 
-  /**
-   * Gets a comma-separated list of the names of the primary CodeQL classes to
-   * which this regular expression term belongs.
-   */
-  final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") }
-}
+    /** Gets the `i`th child term. */
+    RegExpTerm getChild(int i) { none() }
 
-/** A string literal used as a regular expression */
-class RegExpLiteral extends TRegExpLiteral, RegExpParent {
-  RegExp re;
+    /** Gets a child term . */
+    final RegExpTerm getAChild() { result = this.getChild(_) }
 
-  RegExpLiteral() { this = TRegExpLiteral(re) }
+    /** Gets the number of child terms. */
+    int getNumChild() { result = count(this.getAChild()) }
 
-  override RegExpTerm getChild(int i) { i = 0 and result.getRegExp() = re and result.isRootTerm() }
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
 
-  /** Holds if dot, `.`, matches all characters, including newlines. */
-  predicate isDotAll() { re.isDotAll() }
+    /**
+     * Gets the name of a primary CodeQL class to which this regular
+     * expression term belongs.
+     */
+    string getAPrimaryQlClass() { result = "RegExpParent" }
 
-  /** Holds if this regex matching is case-insensitive for this regex. */
-  predicate isIgnoreCase() { re.isIgnoreCase() }
+    /**
+     * Gets a comma-separated list of the names of the primary CodeQL classes to
+     * which this regular expression term belongs.
+     */
+    final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") }
+  }
 
-  /** Get a string representing all modes for this regex. */
-  string getFlags() { result = re.getFlags() }
+  /** A string literal used as a regular expression */
+  class RegExpLiteral extends TRegExpLiteral, RegExpParent {
+    RegExp re;
 
-  /** Gets the primary QL class for this regex. */
-  override string getAPrimaryQlClass() { result = "RegExpLiteral" }
-}
+    RegExpLiteral() { this = TRegExpLiteral(re) }
 
-/**
- * A regular expression term, that is, a syntactic part of a regular expression.
- */
-class RegExpTerm extends RegExpParent {
-  RegExp re;
-  int start;
-  int end;
+    override RegExpTerm getChild(int i) {
+      i = 0 and result.getRegExp() = re and result.isRootTerm()
+    }
 
-  RegExpTerm() {
-    this = TRegExpAlt(re, start, end)
-    or
-    this = TRegExpBackRef(re, start, end)
-    or
-    this = TRegExpCharacterClass(re, start, end)
-    or
-    this = TRegExpCharacterRange(re, start, end)
-    or
-    this = TRegExpNormalChar(re, start, end)
-    or
-    this = TRegExpGroup(re, start, end)
-    or
-    this = TRegExpQuantifier(re, start, end)
-    or
-    this = TRegExpSequence(re, start, end) and
-    exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead.
-    or
-    this = TRegExpSpecialChar(re, start, end)
-    or
-    this = TRegExpNamedCharacterProperty(re, start, end)
+    /** Holds if dot, `.`, matches all characters, including newlines. */
+    predicate isDotAll() { re.isDotAll() }
+
+    /** Holds if this regex matching is case-insensitive for this regex. */
+    predicate isIgnoreCase() { re.isIgnoreCase() }
+
+    /** Get a string representing all modes for this regex. */
+    string getFlags() { result = re.getFlags() }
+
+    /** Gets the primary QL class for this regex. */
+    override string getAPrimaryQlClass() { result = "RegExpLiteral" }
   }
 
   /**
-   * Gets the outermost term of this regular expression.
+   * A regular expression term, that is, a syntactic part of a regular expression.
    */
-  RegExpTerm getRootTerm() {
-    this.isRootTerm() and result = this
-    or
-    result = this.getParent().(RegExpTerm).getRootTerm()
-  }
+  class RegExpTerm extends RegExpParent {
+    RegExp re;
+    int start;
+    int end;
 
-  /**
-   * Holds if this term is part of a string literal
-   * that is interpreted as a regular expression.
-   */
-  predicate isUsedAsRegExp() { any() }
-
-  /**
-   * Holds if this is the root term of a regular expression.
-   */
-  predicate isRootTerm() { start = 0 and end = re.getText().length() }
-
-  override RegExpTerm getChild(int i) {
-    result = this.(RegExpAlt).getChild(i)
-    or
-    result = this.(RegExpBackRef).getChild(i)
-    or
-    result = this.(RegExpCharacterClass).getChild(i)
-    or
-    result = this.(RegExpCharacterRange).getChild(i)
-    or
-    result = this.(RegExpNormalChar).getChild(i)
-    or
-    result = this.(RegExpGroup).getChild(i)
-    or
-    result = this.(RegExpQuantifier).getChild(i)
-    or
-    result = this.(RegExpSequence).getChild(i)
-    or
-    result = this.(RegExpSpecialChar).getChild(i)
-    or
-    result = this.(RegExpNamedCharacterProperty).getChild(i)
-  }
-
-  /**
-   * Gets the parent term of this regular expression term, or the
-   * regular expression literal if this is the root term.
-   */
-  RegExpParent getParent() { result.getAChild() = this }
-
-  /** Gets the associated `RegExp`. */
-  RegExp getRegExp() { result = re }
-
-  /** Gets the offset at which this term starts. */
-  int getStart() { result = start }
-
-  /** Gets the offset at which this term ends. */
-  int getEnd() { result = end }
-
-  override string toString() { result = re.getText().substring(start, end) }
-
-  /**
-   * Gets the location of the surrounding regex, as locations inside the regex do not exist.
-   * To get location information corresponding to the term inside the regex,
-   * use `hasLocationInfo`.
-   */
-  Location getLocation() { result = re.getLocation() }
-
-  pragma[noinline]
-  private predicate componentHasLocationInfo(
-    int i, string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    re.getComponent(i)
-        .getLocation()
-        .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
-  /** Holds if this term is found at the specified location offsets. */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    exists(int re_start, int re_end |
-      this.componentHasLocationInfo(0, filepath, startline, re_start, _, _) and
-      this.componentHasLocationInfo(re.getNumberOfComponents() - 1, filepath, _, _, endline, re_end) and
-      startcolumn = re_start + start and
-      endcolumn = re_start + end - 1
-    )
-  }
-
-  /** Gets the file in which this term is found. */
-  File getFile() { result = this.getLocation().getFile() }
-
-  /** Gets the raw source text of this term. */
-  string getRawValue() { result = this.toString() }
-
-  /** Gets the string literal in which this term is found. */
-  RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
-
-  /** Gets the regular expression term that is matched (textually) before this one, if any. */
-  RegExpTerm getPredecessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).previousElement(this)
+    RegExpTerm() {
+      this = TRegExpAlt(re, start, end)
       or
-      not exists(parent.(RegExpSequence).previousElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getPredecessor()
-    )
-  }
-
-  /** Gets the regular expression term that is matched (textually) after this one, if any. */
-  RegExpTerm getSuccessor() {
-    exists(RegExpTerm parent | parent = this.getParent() |
-      result = parent.(RegExpSequence).nextElement(this)
+      this = TRegExpBackRef(re, start, end)
       or
-      not exists(parent.(RegExpSequence).nextElement(this)) and
-      not parent instanceof RegExpSubPattern and
-      result = parent.getSuccessor()
-    )
+      this = TRegExpCharacterClass(re, start, end)
+      or
+      this = TRegExpCharacterRange(re, start, end)
+      or
+      this = TRegExpNormalChar(re, start, end)
+      or
+      this = TRegExpGroup(re, start, end)
+      or
+      this = TRegExpQuantifier(re, start, end)
+      or
+      this = TRegExpSequence(re, start, end) and
+      exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead.
+      or
+      this = TRegExpSpecialChar(re, start, end)
+      or
+      this = TRegExpNamedCharacterProperty(re, start, end)
+    }
+
+    /**
+     * Gets the outermost term of this regular expression.
+     */
+    RegExpTerm getRootTerm() {
+      this.isRootTerm() and result = this
+      or
+      result = this.getParent().(RegExpTerm).getRootTerm()
+    }
+
+    /**
+     * Holds if this term is part of a string literal
+     * that is interpreted as a regular expression.
+     */
+    predicate isUsedAsRegExp() { any() }
+
+    /**
+     * Holds if this is the root term of a regular expression.
+     */
+    predicate isRootTerm() { start = 0 and end = re.getText().length() }
+
+    override RegExpTerm getChild(int i) {
+      result = this.(RegExpAlt).getChild(i)
+      or
+      result = this.(RegExpBackRef).getChild(i)
+      or
+      result = this.(RegExpCharacterClass).getChild(i)
+      or
+      result = this.(RegExpCharacterRange).getChild(i)
+      or
+      result = this.(RegExpNormalChar).getChild(i)
+      or
+      result = this.(RegExpGroup).getChild(i)
+      or
+      result = this.(RegExpQuantifier).getChild(i)
+      or
+      result = this.(RegExpSequence).getChild(i)
+      or
+      result = this.(RegExpSpecialChar).getChild(i)
+      or
+      result = this.(RegExpNamedCharacterProperty).getChild(i)
+    }
+
+    /**
+     * Gets the parent term of this regular expression term, or the
+     * regular expression literal if this is the root term.
+     */
+    RegExpParent getParent() { result.getAChild() = this }
+
+    /** Gets the associated `RegExp`. */
+    RegExp getRegExp() { result = re }
+
+    /** Gets the offset at which this term starts. */
+    int getStart() { result = start }
+
+    /** Gets the offset at which this term ends. */
+    int getEnd() { result = end }
+
+    override string toString() { result = re.getText().substring(start, end) }
+
+    /**
+     * Gets the location of the surrounding regex, as locations inside the regex do not exist.
+     * To get location information corresponding to the term inside the regex,
+     * use `hasLocationInfo`.
+     */
+    Location getLocation() { result = re.getLocation() }
+
+    pragma[noinline]
+    private predicate componentHasLocationInfo(
+      int i, string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      re.getComponent(i)
+          .getLocation()
+          .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Holds if this term is found at the specified location offsets. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      exists(int re_start, int re_end |
+        this.componentHasLocationInfo(0, filepath, startline, re_start, _, _) and
+        this.componentHasLocationInfo(re.getNumberOfComponents() - 1, filepath, _, _, endline,
+          re_end) and
+        startcolumn = re_start + start and
+        endcolumn = re_start + end - 1
+      )
+    }
+
+    /** Gets the file in which this term is found. */
+    File getFile() { result = this.getLocation().getFile() }
+
+    /** Gets the raw source text of this term. */
+    string getRawValue() { result = this.toString() }
+
+    /** Gets the string literal in which this term is found. */
+    RegExpLiteral getLiteral() { result = TRegExpLiteral(re) }
+
+    /** Gets the regular expression term that is matched (textually) before this one, if any. */
+    RegExpTerm getPredecessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).previousElement(this)
+        or
+        not exists(parent.(RegExpSequence).previousElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getPredecessor()
+      )
+    }
+
+    /** Gets the regular expression term that is matched (textually) after this one, if any. */
+    RegExpTerm getSuccessor() {
+      exists(RegExpTerm parent | parent = this.getParent() |
+        result = parent.(RegExpSequence).nextElement(this)
+        or
+        not exists(parent.(RegExpSequence).nextElement(this)) and
+        not parent instanceof RegExpSubPattern and
+        result = parent.getSuccessor()
+      )
+    }
+
+    /**
+     * Gets the single string this regular-expression term matches.
+     *
+     * This predicate is only defined for (sequences/groups of) constant regular
+     * expressions.  In particular, terms involving zero-width assertions like `^`
+     * or `\b` are not considered to have a constant value.
+     *
+     * Note that this predicate does not take flags of the enclosing
+     * regular-expression literal into account.
+     */
+    string getConstantValue() { none() }
+
+    /**
+     * Gets a string that is matched by this regular-expression term.
+     */
+    string getAMatchedString() { result = this.getConstantValue() }
+
+    /** Gets the primary QL class for this term. */
+    override string getAPrimaryQlClass() { result = "RegExpTerm" }
+
+    /** Holds if this regular expression term can match the empty string. */
+    predicate isNullable() { none() }
   }
 
   /**
-   * Gets the single string this regular-expression term matches.
+   * A quantified regular expression term.
    *
-   * This predicate is only defined for (sequences/groups of) constant regular
-   * expressions.  In particular, terms involving zero-width assertions like `^`
-   * or `\b` are not considered to have a constant value.
+   * Example:
    *
-   * Note that this predicate does not take flags of the enclosing
-   * regular-expression literal into account.
+   * ```
+   * ((ECMA|Java)[sS]cript)*
+   * ```
    */
-  string getConstantValue() { none() }
+  class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
+    int part_end;
+    boolean may_repeat_forever;
 
-  /**
-   * Gets a string that is matched by this regular-expression term.
-   */
-  string getAMatchedString() { result = this.getConstantValue() }
+    RegExpQuantifier() {
+      this = TRegExpQuantifier(re, start, end) and
+      re.qualifiedPart(start, part_end, end, _, may_repeat_forever)
+    }
 
-  /** Gets the primary QL class for this term. */
-  override string getAPrimaryQlClass() { result = "RegExpTerm" }
-
-  /** Holds if this regular expression term can match the empty string. */
-  predicate isNullable() { none() }
-}
-
-/**
- * A quantified regular expression term.
- *
- * Example:
- *
- * ```
- * ((ECMA|Java)[sS]cript)*
- * ```
- */
-class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier {
-  int part_end;
-  boolean may_repeat_forever;
-
-  RegExpQuantifier() {
-    this = TRegExpQuantifier(re, start, end) and
-    re.qualifiedPart(start, part_end, end, _, may_repeat_forever)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegExp() = re and
-    result.getStart() = start and
-    result.getEnd() = part_end
-  }
-
-  /** Hols if this term may match an unlimited number of times. */
-  predicate mayRepeatForever() { may_repeat_forever = true }
-
-  /** Gets the qualifier for this term. That is e.g "?" for "a?". */
-  string getQualifier() { result = re.getText().substring(part_end, end) }
-
-  override string getAPrimaryQlClass() { result = "RegExpQuantifier" }
-}
-
-/**
- * A regular expression term that permits unlimited repetitions.
- */
-class InfiniteRepetitionQuantifier extends RegExpQuantifier {
-  InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
-
-  override string getAPrimaryQlClass() { result = "InfiniteRepetitionQuantifier" }
-}
-
-/**
- * A star-quantified term.
- *
- * Example:
- *
- * ```
- * \w*
- * ```
- */
-class RegExpStar extends InfiniteRepetitionQuantifier {
-  RegExpStar() { this.getQualifier().charAt(0) = "*" }
-
-  override string getAPrimaryQlClass() { result = "RegExpStar" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A plus-quantified term.
- *
- * Example:
- *
- * ```
- * \w+
- * ```
- */
-class RegExpPlus extends InfiniteRepetitionQuantifier {
-  RegExpPlus() { this.getQualifier().charAt(0) = "+" }
-
-  override string getAPrimaryQlClass() { result = "RegExpPlus" }
-
-  override predicate isNullable() { this.getAChild().isNullable() }
-}
-
-/**
- * An optional term.
- *
- * Example:
- *
- * ```
- * ;?
- * ```
- */
-class RegExpOpt extends RegExpQuantifier {
-  RegExpOpt() { this.getQualifier().charAt(0) = "?" }
-
-  override string getAPrimaryQlClass() { result = "RegExpOpt" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A range-quantified term
- *
- * Examples:
- *
- * ```
- * \w{2,4}
- * \w{2,}
- * \w{2}
- * ```
- */
-class RegExpRange extends RegExpQuantifier {
-  string upper;
-  string lower;
-
-  RegExpRange() { re.multiples(part_end, end, lower, upper) }
-
-  override string getAPrimaryQlClass() { result = "RegExpRange" }
-
-  /** Gets the string defining the upper bound of this range, if any. */
-  string getUpper() { result = upper }
-
-  /** Gets the string defining the lower bound of this range, if any. */
-  string getLower() { result = lower }
-
-  /**
-   * Gets the upper bound of the range, if any.
-   *
-   * If there is no upper bound, any number of repetitions is allowed.
-   * For a term of the form `r{lo}`, both the lower and the upper bound
-   * are `lo`.
-   */
-  int getUpperBound() { result = this.getUpper().toInt() }
-
-  /** Gets the lower bound of the range. */
-  int getLowerBound() { result = this.getLower().toInt() }
-
-  override predicate isNullable() { this.getAChild().isNullable() or this.getLowerBound() = 0 }
-}
-
-/**
- * A sequence term.
- *
- * Example:
- *
- * ```
- * (ECMA|Java)Script
- * ```
- *
- * This is a sequence with the elements `(ECMA|Java)` and `Script`.
- */
-class RegExpSequence extends RegExpTerm, TRegExpSequence {
-  RegExpSequence() {
-    this = TRegExpSequence(re, start, end) and
-    exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead.
-  }
-
-  override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
-
-  /** Gets the element preceding `element` in this sequence. */
-  RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
-
-  /** Gets the element following `element` in this sequence. */
-  RegExpTerm nextElement(RegExpTerm element) {
-    exists(int i |
-      element = this.getChild(i) and
-      result = this.getChild(i + 1)
-    )
-  }
-
-  override string getConstantValue() { result = this.getConstantValue(0) }
-
-  /**
-   * Gets the single string matched by the `i`th child and all following
-   * children of this sequence, if any.
-   */
-  private string getConstantValue(int i) {
-    i = this.getNumChild() and
-    result = ""
-    or
-    result = this.getChild(i).getConstantValue() + this.getConstantValue(i + 1)
-  }
-
-  override string getAPrimaryQlClass() { result = "RegExpSequence" }
-
-  override predicate isNullable() {
-    forall(RegExpTerm child | child = this.getAChild() | child.isNullable())
-  }
-}
-
-pragma[nomagic]
-private int seqChildEnd(RegExp re, int start, int end, int i) {
-  result = seqChild(re, start, end, i).getEnd()
-}
-
-// moved out so we can use it in the charpred
-private RegExpTerm seqChild(RegExp re, int start, int end, int i) {
-  re.sequence(start, end) and
-  (
-    i = 0 and
-    result.getRegExp() = re and
-    result.getStart() = start and
-    exists(int itemEnd |
-      re.item(start, itemEnd) and
-      result.getEnd() = itemEnd
-    )
-    or
-    i > 0 and
-    result.getRegExp() = re and
-    exists(int itemStart | itemStart = seqChildEnd(re, start, end, i - 1) |
-      result.getStart() = itemStart and
-      re.item(itemStart, result.getEnd())
-    )
-  )
-}
-
-/**
- * An alternative term, that is, a term of the form `a|b`.
- *
- * Example:
- *
- * ```
- * ECMA|Java
- * ```
- */
-class RegExpAlt extends RegExpTerm, TRegExpAlt {
-  RegExpAlt() { this = TRegExpAlt(re, start, end) }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegExp() = re and
-    result.getStart() = start and
-    exists(int part_end |
-      re.alternationOption(start, end, start, part_end) and
-      result.getEnd() = part_end
-    )
-    or
-    i > 0 and
-    result.getRegExp() = re and
-    exists(int part_start |
-      part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
-    |
-      result.getStart() = part_start and
-      re.alternationOption(start, end, part_start, result.getEnd())
-    )
-  }
-
-  /** Gets an alternative of this term. */
-  RegExpTerm getAlternative() { result = this.getAChild() }
-
-  override string getAMatchedString() { result = this.getAlternative().getAMatchedString() }
-
-  override string getAPrimaryQlClass() { result = "RegExpAlt" }
-
-  override predicate isNullable() { this.getAChild().isNullable() }
-}
-
-class RegExpCharEscape = RegExpEscape;
-
-/**
- * An escaped regular expression term, that is, a regular expression
- * term starting with a backslash, which is not a backreference.
- *
- * Example:
- *
- * ```
- * \.
- * \w
- * ```
- */
-class RegExpEscape extends RegExpNormalChar {
-  RegExpEscape() { re.escapedCharacter(start, end) }
-
-  /**
-   * Gets the name of the escaped; for example, `w` for `\w`.
-   * TODO: Handle named escapes.
-   */
-  override string getValue() {
-    not this.isUnicode() and
-    this.isIdentityEscape() and
-    result = this.getUnescaped()
-    or
-    this.getUnescaped() = "n" and result = "\n"
-    or
-    this.getUnescaped() = "r" and result = "\r"
-    or
-    this.getUnescaped() = "t" and result = "\t"
-    or
-    this.getUnescaped() = "f" and result = 12.toUnicode()
-    or
-    this.getUnescaped() = "v" and result = 11.toUnicode()
-    or
-    this.isUnicode() and
-    result = this.getUnicode()
-  }
-
-  /** Holds if this terms name is given by the part following the escape character. */
-  predicate isIdentityEscape() {
-    not this.getUnescaped() in ["n", "r", "t", "f", "v"] and not this.isUnicode()
-  }
-
-  override string getAPrimaryQlClass() { result = "RegExpEscape" }
-
-  /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
-  string getUnescaped() { result = this.getText().suffix(1) }
-
-  /**
-   * Gets the text for this escape. That is e.g. "\w".
-   */
-  private string getText() { result = re.getText().substring(start, end) }
-
-  /**
-   * Holds if this is a unicode escape.
-   */
-  private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
-
-  /**
-   * Gets the unicode char for this escape.
-   * E.g. for `\u0061` this returns "a".
-   */
-  private string getUnicode() {
-    this.isUnicode() and
-    result = parseHexInt(this.getText().suffix(2)).toUnicode()
-  }
-}
-
-/**
- * A word boundary, that is, a regular expression term of the form `\b`.
- */
-class RegExpWordBoundary extends RegExpSpecialChar {
-  RegExpWordBoundary() { this.getChar() = "\\b" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A non-word boundary, that is, a regular expression term of the form `\B`.
- */
-class RegExpNonWordBoundary extends RegExpSpecialChar {
-  RegExpNonWordBoundary() { this.getChar() = "\\B" }
-
-  override string getAPrimaryQlClass() { result = "RegExpNonWordBoundary" }
-}
-
-/**
- * A character class escape in a regular expression.
- * That is, an escaped character that denotes multiple characters.
- *
- * Examples:
- *
- * ```
- * \w
- * \S
- * ```
- */
-class RegExpCharacterClassEscape extends RegExpEscape {
-  RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W", "h", "H"] }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getAPrimaryQlClass() { result = "RegExpCharacterClassEscape" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A character class in a regular expression.
- *
- * Examples:
- *
- * ```rb
- * /[a-fA-F0-9]/
- * /[^abc]/
- * ```
- */
-class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
-  RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
-
-  /** Holds if this character class is inverted, matching the opposite of its content. */
-  predicate isInverted() { re.getChar(start + 1) = "^" }
-
-  /** Holds if this character class can match anything. */
-  predicate isUniversalClass() {
-    // [^]
-    this.isInverted() and not exists(this.getAChild())
-    or
-    // [\w\W] and similar
-    not this.isInverted() and
-    exists(string cce1, string cce2 |
-      cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
-      cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
-    |
-      cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
-    )
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegExp() = re and
-    exists(int itemStart, int itemEnd |
-      result.getStart() = itemStart and
-      re.charSetStart(start, itemStart) and
-      re.charSetChild(start, itemStart, itemEnd) and
-      result.getEnd() = itemEnd
-    )
-    or
-    i > 0 and
-    result.getRegExp() = re and
-    exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() |
-      result.getStart() = itemStart and
-      re.charSetChild(start, itemStart, result.getEnd())
-    )
-  }
-
-  override string getAMatchedString() {
-    not this.isInverted() and result = this.getAChild().getAMatchedString()
-  }
-
-  override string getAPrimaryQlClass() { result = "RegExpCharacterClass" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A character range in a character class in a regular expression.
- *
- * Example:
- *
- * ```
- * a-z
- * ```
- */
-class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
-  int lower_end;
-  int upper_start;
-
-  RegExpCharacterRange() {
-    this = TRegExpCharacterRange(re, start, end) and
-    re.charRange(_, start, lower_end, upper_start, end)
-  }
-
-  /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
-  predicate isRange(string lo, string hi) {
-    lo = re.getText().substring(start, lower_end) and
-    hi = re.getText().substring(upper_start, end)
-  }
-
-  override RegExpTerm getChild(int i) {
-    i = 0 and
-    result.getRegExp() = re and
-    result.getStart() = start and
-    result.getEnd() = lower_end
-    or
-    i = 1 and
-    result.getRegExp() = re and
-    result.getStart() = upper_start and
-    result.getEnd() = end
-  }
-
-  override string getAPrimaryQlClass() { result = "RegExpCharacterRange" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A normal character in a regular expression, that is, a character
- * without special meaning. This includes escaped characters.
- *
- * Examples:
- * ```
- * t
- * \t
- * ```
- */
-class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
-  RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string representation of the char matched by this term. */
-  string getValue() { result = re.getText().substring(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getAPrimaryQlClass() { result = "RegExpNormalChar" }
-}
-
-/**
- * A constant regular expression term, that is, a regular expression
- * term matching a single string. Currently, this will always be a single character.
- *
- * Example:
- *
- * ```
- * a
- * ```
- */
-class RegExpConstant extends RegExpTerm {
-  string value;
-
-  RegExpConstant() {
-    this = TRegExpNormalChar(re, start, end) and
-    not this instanceof RegExpCharacterClassEscape and
-    // exclude chars in qualifiers
-    // TODO: push this into regex library
-    not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) |
-      qstart <= start and end <= qend
-    ) and
-    value = this.(RegExpNormalChar).getValue()
-    or
-    this = TRegExpSpecialChar(re, start, end) and
-    re.inCharSet(start) and
-    value = this.(RegExpSpecialChar).getChar()
-  }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the string matched by this constant term. */
-  string getValue() { result = value }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getConstantValue() { result = this.getValue() }
-
-  override string getAPrimaryQlClass() { result = "RegExpConstant" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A grouped regular expression.
- *
- * Examples:
- *
- * ```
- * (ECMA|Java)
- * (?:ECMA|Java)
- * (?<quote>['"])
- * ```
- */
-class RegExpGroup extends RegExpTerm, TRegExpGroup {
-  RegExpGroup() { this = TRegExpGroup(re, start, end) }
-
-  /**
-   * Gets the index of this capture group within the enclosing regular
-   * expression literal.
-   *
-   * For example, in the regular expression `/((a?).)(?:b)/`, the
-   * group `((a?).)` has index 1, the group `(a?)` nested inside it
-   * has index 2, and the group `(?:b)` has no index, since it is
-   * not a capture group.
-   */
-  int getNumber() { result = re.getGroupNumber(start, end) }
-
-  /** Holds if this is a capture group. */
-  predicate isCapture() { exists(this.getNumber()) }
-
-  /** Holds if this is a named capture group. */
-  predicate isNamed() { exists(this.getName()) }
-
-  /** Gets the name of this capture group, if any. */
-  string getName() { result = re.getGroupName(start, end) }
-
-  override RegExpTerm getChild(int i) {
-    result.getRegExp() = re and
-    i = 0 and
-    re.groupContents(start, end, result.getStart(), result.getEnd())
-  }
-
-  override string getConstantValue() { result = this.getAChild().getConstantValue() }
-
-  override string getAMatchedString() { result = this.getAChild().getAMatchedString() }
-
-  override string getAPrimaryQlClass() { result = "RegExpGroup" }
-
-  override predicate isNullable() { this.getAChild().isNullable() }
-}
-
-/**
- * A special character in a regular expression.
- *
- * Examples:
- * ```
- * ^
- * $
- * .
- * ```
- */
-class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
-  string char;
-
-  RegExpSpecialChar() {
-    this = TRegExpSpecialChar(re, start, end) and
-    re.specialCharacter(start, end, char)
-  }
-
-  /**
-   * Holds if this constant represents a valid Unicode character (as opposed
-   * to a surrogate code point that does not correspond to a character by itself.)
-   */
-  predicate isCharacter() { any() }
-
-  /** Gets the char for this term. */
-  string getChar() { result = char }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getAPrimaryQlClass() { result = "RegExpSpecialChar" }
-}
-
-/**
- * A dot regular expression.
- *
- * Example:
- *
- * ```
- * .
- * ```
- */
-class RegExpDot extends RegExpSpecialChar {
-  RegExpDot() { this.getChar() = "." }
-
-  override string getAPrimaryQlClass() { result = "RegExpDot" }
-
-  override predicate isNullable() { none() }
-}
-
-/**
- * A term that matches a specific position between characters in the string.
- *
- * Example:
- *
- * ```
- * \A
- * ```
- */
-class RegExpAnchor extends RegExpSpecialChar {
-  RegExpAnchor() { this.getChar() = ["^", "$", "\\A", "\\Z", "\\z"] }
-
-  override string getAPrimaryQlClass() { result = "RegExpAnchor" }
-}
-
-/**
- * A dollar assertion `$` or `\Z` matching the end of a line.
- *
- * Example:
- *
- * ```
- * $
- * ```
- */
-class RegExpDollar extends RegExpAnchor {
-  RegExpDollar() { this.getChar() = ["$", "\\Z", "\\z"] }
-
-  override string getAPrimaryQlClass() { result = "RegExpDollar" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A caret assertion `^` or `\A` matching the beginning of a line.
- *
- * Example:
- *
- * ```
- * ^
- * ```
- */
-class RegExpCaret extends RegExpAnchor {
-  RegExpCaret() { this.getChar() = ["^", "\\A"] }
-
-  override string getAPrimaryQlClass() { result = "RegExpCaret" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A zero-width match, that is, either an empty group or an assertion.
- *
- * Examples:
- * ```
- * ()
- * (?=\w)
- * ```
- */
-class RegExpZeroWidthMatch extends RegExpGroup {
-  RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
-
-  override RegExpTerm getChild(int i) { none() }
-
-  override string getAPrimaryQlClass() { result = "RegExpZeroWidthMatch" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A zero-width lookahead or lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-class RegExpSubPattern extends RegExpZeroWidthMatch {
-  RegExpSubPattern() { not re.emptyGroup(start, end) }
-
-  /** Gets the lookahead term. */
-  RegExpTerm getOperand() {
-    exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+    override RegExpTerm getChild(int i) {
+      i = 0 and
       result.getRegExp() = re and
-      result.getStart() = in_start and
-      result.getEnd() = in_end
-    )
+      result.getStart() = start and
+      result.getEnd() = part_end
+    }
+
+    /** Hols if this term may match an unlimited number of times. */
+    predicate mayRepeatForever() { may_repeat_forever = true }
+
+    /** Gets the qualifier for this term. That is e.g "?" for "a?". */
+    string getQualifier() { result = re.getText().substring(part_end, end) }
+
+    override string getAPrimaryQlClass() { result = "RegExpQuantifier" }
   }
 
-  override predicate isNullable() { any() }
-}
+  /**
+   * A regular expression term that permits unlimited repetitions.
+   */
+  class InfiniteRepetitionQuantifier extends RegExpQuantifier {
+    InfiniteRepetitionQuantifier() { this.mayRepeatForever() }
 
-/**
- * A zero-width lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * (?!\n)
- * ```
- */
-abstract class RegExpLookahead extends RegExpSubPattern { }
-
-/**
- * A positive-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?=\w)
- * ```
- */
-class RegExpPositiveLookahead extends RegExpLookahead {
-  RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
-
-  override string getAPrimaryQlClass() { result = "RegExpPositiveLookahead" }
-
-  override predicate isNullable() { any() }
-}
-
-/**
- * A negative-lookahead assertion.
- *
- * Examples:
- *
- * ```
- * (?!\n)
- * ```
- */
-class RegExpNegativeLookahead extends RegExpLookahead {
-  RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
-
-  override string getAPrimaryQlClass() { result = "RegExpNegativeLookahead" }
-}
-
-/**
- * A zero-width lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * (?<!\\)
- * ```
- */
-abstract class RegExpLookbehind extends RegExpSubPattern { }
-
-/**
- * A positive-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<=\.)
- * ```
- */
-class RegExpPositiveLookbehind extends RegExpLookbehind {
-  RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
-
-  override string getAPrimaryQlClass() { result = "RegExpPositiveLookbehind" }
-}
-
-/**
- * A negative-lookbehind assertion.
- *
- * Examples:
- *
- * ```
- * (?<!\\)
- * ```
- */
-class RegExpNegativeLookbehind extends RegExpLookbehind {
-  RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
-
-  override string getAPrimaryQlClass() { result = "RegExpNegativeLookbehind" }
-}
-
-/**
- * A back reference, that is, a term of the form `\i` or `\k<name>`
- * in a regular expression.
- *
- * Examples:
- *
- * ```
- * \1
- * (?P=quote)
- * ```
- */
-class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
-  RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
+    override string getAPrimaryQlClass() { result = "InfiniteRepetitionQuantifier" }
+  }
 
   /**
-   * Gets the number of the capture group this back reference refers to, if any.
+   * A star-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w*
+   * ```
    */
-  int getNumber() { result = re.getBackRefNumber(start, end) }
+  class RegExpStar extends InfiniteRepetitionQuantifier {
+    RegExpStar() { this.getQualifier().charAt(0) = "*" }
+
+    override string getAPrimaryQlClass() { result = "RegExpStar" }
+
+    override predicate isNullable() { any() }
+  }
 
   /**
-   * Gets the name of the capture group this back reference refers to, if any.
+   * A plus-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w+
+   * ```
    */
-  string getName() { result = re.getBackRefName(start, end) }
+  class RegExpPlus extends InfiniteRepetitionQuantifier {
+    RegExpPlus() { this.getQualifier().charAt(0) = "+" }
 
-  /** Gets the capture group this back reference refers to. */
-  RegExpGroup getGroup() {
-    result.getLiteral() = this.getLiteral() and
+    override string getAPrimaryQlClass() { result = "RegExpPlus" }
+
+    override predicate isNullable() { this.getAChild().isNullable() }
+  }
+
+  /**
+   * An optional term.
+   *
+   * Example:
+   *
+   * ```
+   * ;?
+   * ```
+   */
+  class RegExpOpt extends RegExpQuantifier {
+    RegExpOpt() { this.getQualifier().charAt(0) = "?" }
+
+    override string getAPrimaryQlClass() { result = "RegExpOpt" }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A range-quantified term
+   *
+   * Examples:
+   *
+   * ```
+   * \w{2,4}
+   * \w{2,}
+   * \w{2}
+   * ```
+   */
+  class RegExpRange extends RegExpQuantifier {
+    string upper;
+    string lower;
+
+    RegExpRange() { re.multiples(part_end, end, lower, upper) }
+
+    override string getAPrimaryQlClass() { result = "RegExpRange" }
+
+    /** Gets the string defining the upper bound of this range, if any. */
+    string getUpper() { result = upper }
+
+    /** Gets the string defining the lower bound of this range, if any. */
+    string getLower() { result = lower }
+
+    /**
+     * Gets the upper bound of the range, if any.
+     *
+     * If there is no upper bound, any number of repetitions is allowed.
+     * For a term of the form `r{lo}`, both the lower and the upper bound
+     * are `lo`.
+     */
+    int getUpperBound() { result = this.getUpper().toInt() }
+
+    /** Gets the lower bound of the range. */
+    int getLowerBound() { result = this.getLower().toInt() }
+
+    override predicate isNullable() { this.getAChild().isNullable() or this.getLowerBound() = 0 }
+  }
+
+  /**
+   * A sequence term.
+   *
+   * Example:
+   *
+   * ```
+   * (ECMA|Java)Script
+   * ```
+   *
+   * This is a sequence with the elements `(ECMA|Java)` and `Script`.
+   */
+  class RegExpSequence extends RegExpTerm, TRegExpSequence {
+    RegExpSequence() {
+      this = TRegExpSequence(re, start, end) and
+      exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead.
+    }
+
+    override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) }
+
+    /** Gets the element preceding `element` in this sequence. */
+    RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) }
+
+    /** Gets the element following `element` in this sequence. */
+    RegExpTerm nextElement(RegExpTerm element) {
+      exists(int i |
+        element = this.getChild(i) and
+        result = this.getChild(i + 1)
+      )
+    }
+
+    override string getConstantValue() { result = this.getConstantValue(0) }
+
+    /**
+     * Gets the single string matched by the `i`th child and all following
+     * children of this sequence, if any.
+     */
+    private string getConstantValue(int i) {
+      i = this.getNumChild() and
+      result = ""
+      or
+      result = this.getChild(i).getConstantValue() + this.getConstantValue(i + 1)
+    }
+
+    override string getAPrimaryQlClass() { result = "RegExpSequence" }
+
+    override predicate isNullable() {
+      forall(RegExpTerm child | child = this.getAChild() | child.isNullable())
+    }
+  }
+
+  pragma[nomagic]
+  private int seqChildEnd(RegExp re, int start, int end, int i) {
+    result = seqChild(re, start, end, i).getEnd()
+  }
+
+  // moved out so we can use it in the charpred
+  private RegExpTerm seqChild(RegExp re, int start, int end, int i) {
+    re.sequence(start, end) and
     (
-      result.getNumber() = this.getNumber() or
-      result.getName() = this.getName()
+      i = 0 and
+      result.getRegExp() = re and
+      result.getStart() = start and
+      exists(int itemEnd |
+        re.item(start, itemEnd) and
+        result.getEnd() = itemEnd
+      )
+      or
+      i > 0 and
+      result.getRegExp() = re and
+      exists(int itemStart | itemStart = seqChildEnd(re, start, end, i - 1) |
+        result.getStart() = itemStart and
+        re.item(itemStart, result.getEnd())
+      )
     )
   }
 
-  override RegExpTerm getChild(int i) { none() }
+  /**
+   * An alternative term, that is, a term of the form `a|b`.
+   *
+   * Example:
+   *
+   * ```
+   * ECMA|Java
+   * ```
+   */
+  class RegExpAlt extends RegExpTerm, TRegExpAlt {
+    RegExpAlt() { this = TRegExpAlt(re, start, end) }
 
-  override string getAPrimaryQlClass() { result = "RegExpBackRef" }
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegExp() = re and
+      result.getStart() = start and
+      exists(int part_end |
+        re.alternationOption(start, end, start, part_end) and
+        result.getEnd() = part_end
+      )
+      or
+      i > 0 and
+      result.getRegExp() = re and
+      exists(int part_start |
+        part_start = this.getChild(i - 1).getEnd() + 1 // allow for the |
+      |
+        result.getStart() = part_start and
+        re.alternationOption(start, end, part_start, result.getEnd())
+      )
+    }
 
-  override predicate isNullable() { this.getGroup().isNullable() }
-}
+    /** Gets an alternative of this term. */
+    RegExpTerm getAlternative() { result = this.getAChild() }
 
-/**
- * A named character property. For example, the POSIX bracket expression
- * `[[:digit:]]`.
- */
-class RegExpNamedCharacterProperty extends RegExpTerm, TRegExpNamedCharacterProperty {
-  RegExpNamedCharacterProperty() { this = TRegExpNamedCharacterProperty(re, start, end) }
+    override string getAMatchedString() { result = this.getAlternative().getAMatchedString() }
 
-  override RegExpTerm getChild(int i) { none() }
+    override string getAPrimaryQlClass() { result = "RegExpAlt" }
 
-  override string getAPrimaryQlClass() { result = "RegExpNamedCharacterProperty" }
+    override predicate isNullable() { this.getAChild().isNullable() }
+  }
 
   /**
-   * Gets the property name. For example, in `\p{Space}`, the result is
-   * `"Space"`.
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
    */
-  string getName() { result = re.getCharacterPropertyName(start, end) }
+  class RegExpCharEscape = RegExpEscape;
 
   /**
-   * Holds if the property is inverted. For example, it holds for `\p{^Digit}`,
-   * which matches non-digits.
+   * An escaped regular expression term, that is, a regular expression
+   * term starting with a backslash, which is not a backreference.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * \w
+   * ```
    */
-  predicate isInverted() { re.namedCharacterPropertyIsInverted(start, end) }
-}
+  class RegExpEscape extends RegExpNormalChar {
+    RegExpEscape() { re.escapedCharacter(start, end) }
 
-/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */
-RegExpTerm getParsedRegExp(Ast::RegExpLiteral re) {
-  result.getRegExp() = re and result.isRootTerm()
+    /**
+     * Gets the name of the escaped; for example, `w` for `\w`.
+     * TODO: Handle named escapes.
+     */
+    override string getValue() {
+      not this.isUnicode() and
+      this.isIdentityEscape() and
+      result = this.getUnescaped()
+      or
+      this.getUnescaped() = "n" and result = "\n"
+      or
+      this.getUnescaped() = "r" and result = "\r"
+      or
+      this.getUnescaped() = "t" and result = "\t"
+      or
+      this.getUnescaped() = "f" and result = 12.toUnicode()
+      or
+      this.getUnescaped() = "v" and result = 11.toUnicode()
+      or
+      this.isUnicode() and
+      result = this.getUnicode()
+    }
+
+    /** Holds if this terms name is given by the part following the escape character. */
+    predicate isIdentityEscape() {
+      not this.getUnescaped() in ["n", "r", "t", "f", "v"] and not this.isUnicode()
+    }
+
+    override string getAPrimaryQlClass() { result = "RegExpEscape" }
+
+    /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */
+    string getUnescaped() { result = this.getText().suffix(1) }
+
+    /**
+     * Gets the text for this escape. That is e.g. "\w".
+     */
+    private string getText() { result = re.getText().substring(start, end) }
+
+    /**
+     * Holds if this is a unicode escape.
+     */
+    private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] }
+
+    /**
+     * Gets the unicode char for this escape.
+     * E.g. for `\u0061` this returns "a".
+     */
+    private string getUnicode() {
+      this.isUnicode() and
+      result = parseHexInt(this.getText().suffix(2)).toUnicode()
+    }
+  }
+
+  /**
+   * A word boundary, that is, a regular expression term of the form `\b`.
+   */
+  class RegExpWordBoundary extends RegExpSpecialChar {
+    RegExpWordBoundary() { this.getChar() = "\\b" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
+    RegExpNonWordBoundary() { this.getChar() = "\\B" }
+
+    override string getAPrimaryQlClass() { result = "RegExpNonWordBoundary" }
+  }
+
+  /**
+   * A character class escape in a regular expression.
+   * That is, an escaped character that denotes multiple characters.
+   *
+   * Examples:
+   *
+   * ```
+   * \w
+   * \S
+   * ```
+   */
+  class RegExpCharacterClassEscape extends RegExpEscape {
+    RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W", "h", "H"] }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpCharacterClassEscape" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A character class in a regular expression.
+   *
+   * Examples:
+   *
+   * ```rb
+   * /[a-fA-F0-9]/
+   * /[^abc]/
+   * ```
+   */
+  class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass {
+    RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) }
+
+    /** Holds if this character class is inverted, matching the opposite of its content. */
+    predicate isInverted() { re.getChar(start + 1) = "^" }
+
+    /** Holds if this character class can match anything. */
+    predicate isUniversalClass() {
+      // [^]
+      this.isInverted() and not exists(this.getAChild())
+      or
+      // [\w\W] and similar
+      not this.isInverted() and
+      exists(string cce1, string cce2 |
+        cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and
+        cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue()
+      |
+        cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase()
+      )
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegExp() = re and
+      exists(int itemStart, int itemEnd |
+        result.getStart() = itemStart and
+        re.charSetStart(start, itemStart) and
+        re.charSetChild(start, itemStart, itemEnd) and
+        result.getEnd() = itemEnd
+      )
+      or
+      i > 0 and
+      result.getRegExp() = re and
+      exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() |
+        result.getStart() = itemStart and
+        re.charSetChild(start, itemStart, result.getEnd())
+      )
+    }
+
+    override string getAMatchedString() {
+      not this.isInverted() and result = this.getAChild().getAMatchedString()
+    }
+
+    override string getAPrimaryQlClass() { result = "RegExpCharacterClass" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A character range in a character class in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * a-z
+   * ```
+   */
+  class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange {
+    int lower_end;
+    int upper_start;
+
+    RegExpCharacterRange() {
+      this = TRegExpCharacterRange(re, start, end) and
+      re.charRange(_, start, lower_end, upper_start, end)
+    }
+
+    /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */
+    predicate isRange(string lo, string hi) {
+      lo = re.getText().substring(start, lower_end) and
+      hi = re.getText().substring(upper_start, end)
+    }
+
+    override RegExpTerm getChild(int i) {
+      i = 0 and
+      result.getRegExp() = re and
+      result.getStart() = start and
+      result.getEnd() = lower_end
+      or
+      i = 1 and
+      result.getRegExp() = re and
+      result.getStart() = upper_start and
+      result.getEnd() = end
+    }
+
+    override string getAPrimaryQlClass() { result = "RegExpCharacterRange" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A normal character in a regular expression, that is, a character
+   * without special meaning. This includes escaped characters.
+   *
+   * Examples:
+   * ```
+   * t
+   * \t
+   * ```
+   */
+  additional class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar {
+    RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string representation of the char matched by this term. */
+    string getValue() { result = re.getText().substring(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpNormalChar" }
+  }
+
+  /**
+   * A constant regular expression term, that is, a regular expression
+   * term matching a single string. Currently, this will always be a single character.
+   *
+   * Example:
+   *
+   * ```
+   * a
+   * ```
+   */
+  class RegExpConstant extends RegExpTerm {
+    string value;
+
+    RegExpConstant() {
+      this = TRegExpNormalChar(re, start, end) and
+      not this instanceof RegExpCharacterClassEscape and
+      // exclude chars in qualifiers
+      // TODO: push this into regex library
+      not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) |
+        qstart <= start and end <= qend
+      ) and
+      value = this.(RegExpNormalChar).getValue()
+      or
+      this = TRegExpSpecialChar(re, start, end) and
+      re.inCharSet(start) and
+      value = this.(RegExpSpecialChar).getChar()
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the string matched by this constant term. */
+    string getValue() { result = value }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getConstantValue() { result = this.getValue() }
+
+    override string getAPrimaryQlClass() { result = "RegExpConstant" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A grouped regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * (ECMA|Java)
+   * (?:ECMA|Java)
+   * (?<quote>['"])
+   * ```
+   */
+  class RegExpGroup extends RegExpTerm, TRegExpGroup {
+    RegExpGroup() { this = TRegExpGroup(re, start, end) }
+
+    /**
+     * Gets the index of this capture group within the enclosing regular
+     * expression literal.
+     *
+     * For example, in the regular expression `/((a?).)(?:b)/`, the
+     * group `((a?).)` has index 1, the group `(a?)` nested inside it
+     * has index 2, and the group `(?:b)` has no index, since it is
+     * not a capture group.
+     */
+    int getNumber() { result = re.getGroupNumber(start, end) }
+
+    /** Holds if this is a capture group. */
+    predicate isCapture() { exists(this.getNumber()) }
+
+    /** Holds if this is a named capture group. */
+    predicate isNamed() { exists(this.getName()) }
+
+    /** Gets the name of this capture group, if any. */
+    string getName() { result = re.getGroupName(start, end) }
+
+    override RegExpTerm getChild(int i) {
+      result.getRegExp() = re and
+      i = 0 and
+      re.groupContents(start, end, result.getStart(), result.getEnd())
+    }
+
+    override string getConstantValue() { result = this.getAChild().getConstantValue() }
+
+    override string getAMatchedString() { result = this.getAChild().getAMatchedString() }
+
+    override string getAPrimaryQlClass() { result = "RegExpGroup" }
+
+    override predicate isNullable() { this.getAChild().isNullable() }
+  }
+
+  /**
+   * A special character in a regular expression.
+   *
+   * Examples:
+   * ```
+   * ^
+   * $
+   * .
+   * ```
+   */
+  additional class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar {
+    string char;
+
+    RegExpSpecialChar() {
+      this = TRegExpSpecialChar(re, start, end) and
+      re.specialCharacter(start, end, char)
+    }
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter() { any() }
+
+    /** Gets the char for this term. */
+    string getChar() { result = char }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpSpecialChar" }
+  }
+
+  /**
+   * A dot regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * .
+   * ```
+   */
+  class RegExpDot extends RegExpSpecialChar {
+    RegExpDot() { this.getChar() = "." }
+
+    override string getAPrimaryQlClass() { result = "RegExpDot" }
+
+    override predicate isNullable() { none() }
+  }
+
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * \A
+   * ```
+   */
+  class RegExpAnchor extends RegExpSpecialChar {
+    RegExpAnchor() { this.getChar() = ["^", "$", "\\A", "\\Z", "\\z"] }
+
+    override string getAPrimaryQlClass() { result = "RegExpAnchor" }
+  }
+
+  /**
+   * A dollar assertion `$` or `\Z` matching the end of a line.
+   *
+   * Example:
+   *
+   * ```
+   * $
+   * ```
+   */
+  class RegExpDollar extends RegExpAnchor {
+    RegExpDollar() { this.getChar() = ["$", "\\Z", "\\z"] }
+
+    override string getAPrimaryQlClass() { result = "RegExpDollar" }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A caret assertion `^` or `\A` matching the beginning of a line.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpCaret extends RegExpAnchor {
+    RegExpCaret() { this.getChar() = ["^", "\\A"] }
+
+    override string getAPrimaryQlClass() { result = "RegExpCaret" }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A zero-width match, that is, either an empty group or an assertion.
+   *
+   * Examples:
+   * ```
+   * ()
+   * (?=\w)
+   * ```
+   */
+  additional class RegExpZeroWidthMatch extends RegExpGroup {
+    RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpZeroWidthMatch" }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A zero-width lookahead or lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  class RegExpSubPattern extends RegExpZeroWidthMatch {
+    RegExpSubPattern() { not re.emptyGroup(start, end) }
+
+    /** Gets the lookahead term. */
+    RegExpTerm getOperand() {
+      exists(int in_start, int in_end | re.groupContents(start, end, in_start, in_end) |
+        result.getRegExp() = re and
+        result.getStart() = in_start and
+        result.getEnd() = in_end
+      )
+    }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A zero-width lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * ```
+   */
+  abstract class RegExpLookahead extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * ```
+   */
+  class RegExpPositiveLookahead extends RegExpLookahead {
+    RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
+
+    override string getAPrimaryQlClass() { result = "RegExpPositiveLookahead" }
+
+    override predicate isNullable() { any() }
+  }
+
+  /**
+   * A negative-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?!\n)
+   * ```
+   */
+  additional class RegExpNegativeLookahead extends RegExpLookahead {
+    RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
+
+    override string getAPrimaryQlClass() { result = "RegExpNegativeLookahead" }
+  }
+
+  /**
+   * A zero-width lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  abstract class RegExpLookbehind extends RegExpSubPattern { }
+
+  /**
+   * A positive-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * ```
+   */
+  class RegExpPositiveLookbehind extends RegExpLookbehind {
+    RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
+
+    override string getAPrimaryQlClass() { result = "RegExpPositiveLookbehind" }
+  }
+
+  /**
+   * A negative-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<!\\)
+   * ```
+   */
+  additional class RegExpNegativeLookbehind extends RegExpLookbehind {
+    RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
+
+    override string getAPrimaryQlClass() { result = "RegExpNegativeLookbehind" }
+  }
+
+  /**
+   * A back reference, that is, a term of the form `\i` or `\k<name>`
+   * in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \1
+   * (?P=quote)
+   * ```
+   */
+  class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
+    RegExpBackRef() { this = TRegExpBackRef(re, start, end) }
+
+    /**
+     * Gets the number of the capture group this back reference refers to, if any.
+     */
+    int getNumber() { result = re.getBackRefNumber(start, end) }
+
+    /**
+     * Gets the name of the capture group this back reference refers to, if any.
+     */
+    string getName() { result = re.getBackRefName(start, end) }
+
+    /** Gets the capture group this back reference refers to. */
+    RegExpGroup getGroup() {
+      result.getLiteral() = this.getLiteral() and
+      (
+        result.getNumber() = this.getNumber() or
+        result.getName() = this.getName()
+      )
+    }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpBackRef" }
+
+    override predicate isNullable() { this.getGroup().isNullable() }
+  }
+
+  /**
+   * A named character property. For example, the POSIX bracket expression
+   * `[[:digit:]]`.
+   */
+  additional class RegExpNamedCharacterProperty extends RegExpTerm, TRegExpNamedCharacterProperty {
+    RegExpNamedCharacterProperty() { this = TRegExpNamedCharacterProperty(re, start, end) }
+
+    override RegExpTerm getChild(int i) { none() }
+
+    override string getAPrimaryQlClass() { result = "RegExpNamedCharacterProperty" }
+
+    /**
+     * Gets the property name. For example, in `\p{Space}`, the result is
+     * `"Space"`.
+     */
+    string getName() { result = re.getCharacterPropertyName(start, end) }
+
+    /**
+     * Holds if the property is inverted. For example, it holds for `\p{^Digit}`,
+     * which matches non-digits.
+     */
+    predicate isInverted() { re.namedCharacterPropertyIsInverted(start, end) }
+  }
+
+  class Top = RegExpParent;
+
+  /**
+   * Holds if `term` is an escape class representing e.g. `\d`.
+   * `clazz` is which character class it represents, e.g. "d" for `\d`.
+   */
+  predicate isEscapeClass(RegExpTerm term, string clazz) {
+    exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
+    or
+    // TODO: expand to cover more properties
+    exists(RegExpNamedCharacterProperty escape | term = escape |
+      escape.getName().toLowerCase() = "digit" and
+      if escape.isInverted() then clazz = "D" else clazz = "d"
+      or
+      escape.getName().toLowerCase() = "space" and
+      if escape.isInverted() then clazz = "S" else clazz = "s"
+      or
+      escape.getName().toLowerCase() = "word" and
+      if escape.isInverted() then clazz = "W" else clazz = "w"
+    )
+  }
+
+  /**
+   * Holds if the regular expression should not be considered.
+   */
+  predicate isExcluded(RegExpParent parent) {
+    parent.(RegExpTerm).getRegExp().(Ast::RegExpLiteral).hasFreeSpacingFlag() // exclude free-spacing mode regexes
+  }
+
+  /**
+   * Holds if `term` is a possessive quantifier.
+   * Not currently implemented, but is used by the shared library.
+   */
+  predicate isPossessive(RegExpQuantifier term) { none() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
+   * Not yet implemented for Ruby.
+   */
+  predicate matchesAnyPrefix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
+   * Not yet implemented for Ruby.
+   */
+  predicate matchesAnySuffix(RegExpTerm term) { any() }
+
+  /**
+   * Holds if `root` has the `i` flag for case-insensitive matching.
+   */
+  predicate isIgnoreCase(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isIgnoreCase()
+  }
+
+  /**
+   * Holds if `root` has the `s` flag for multi-line matching.
+   */
+  predicate isDotAll(RegExpTerm root) {
+    root.isRootTerm() and
+    root.getLiteral().isDotAll()
+  }
 }
diff --git a/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll b/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll
index 95bfbeeeb5d..370baaf3a5d 100644
--- a/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll
@@ -2,155 +2,7 @@
  * Provides predicates for reasoning about bad tag filter vulnerabilities.
  */
 
-import regexp.RegexpMatching
-
-/**
- * Holds if the regexp `root` should be tested against `str`.
- * Implements the `isRegexpMatchingCandidateSig` signature from `RegexpMatching`.
- * `ignorePrefix` toggles whether the regular expression should be treated as accepting any prefix if it's unanchored.
- * `testWithGroups` toggles whether it's tested which groups are filled by a given input string.
- */
-private predicate isBadTagFilterCandidate(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-) {
-  // the regexp must mention "<" and ">" explicitly.
-  forall(string angleBracket | angleBracket = ["<", ">"] |
-    any(RegExpConstant term | term.getValue().matches("%" + angleBracket + "%")).getRootTerm() =
-      root
-  ) and
-  ignorePrefix = true and
-  (
-    str = ["<!-- foo -->", "<!-- foo --!>", "<!- foo ->", "<foo>", "<script>"] and
-    testWithGroups = true
-    or
-    str =
-      [
-        "<!-- foo -->", "<!- foo ->", "<!-- foo --!>", "<!-- foo\n -->", "<script>foo</script>",
-        "<script \n>foo</script>", "<script >foo\n</script>", "<foo ></foo>", "<foo>",
-        "<foo src=\"foo\"></foo>", "<script>", "<script src=\"foo\"></script>",
-        "<script src='foo'></script>", "<SCRIPT>foo</SCRIPT>", "<script\tsrc=\"foo\"/>",
-        "<script\tsrc='foo'></script>", "<sCrIpT>foo</ScRiPt>", "<script src=\"foo\">foo</script >",
-        "<script src=\"foo\">foo</script foo=\"bar\">", "<script src=\"foo\">foo</script\t\n bar>"
-      ] and
-    testWithGroups = false
-  )
-}
-
-/**
- * A regexp that matches some string from the `isBadTagFilterCandidate` predicate.
- */
-class HtmlMatchingRegExp extends RootTerm {
-  HtmlMatchingRegExp() { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, _) }
-
-  /** Holds if this regexp matched `str`, where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate matches(string str) { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, str) }
-
-  /** Holds if this regexp fills capture group `g' when matching `str', where `str` is one of the string from `isBadTagFilterCandidate`. */
-  predicate fillsCaptureGroup(string str, int g) {
-    RegexpMatching<isBadTagFilterCandidate/4>::fillsCaptureGroup(this, str, g)
-  }
-}
-
-/** DEPRECATED: Alias for HtmlMatchingRegExp */
-deprecated class HTMLMatchingRegExp = HtmlMatchingRegExp;
-
-/**
- * Holds if `regexp` matches some HTML tags, but misses some HTML tags that it should match.
- *
- * When adding a new case to this predicate, make sure the test string used in `matches(..)` calls are present in `HTMLMatchingRegExp::test` / `HTMLMatchingRegExp::testWithGroups`.
- */
-predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
-  // CVE-2021-33829 - matching both "<!-- foo -->" and "<!-- foo --!>", but in different capture groups
-  regexp.matches("<!-- foo -->") and
-  regexp.matches("<!-- foo --!>") and
-  exists(int a, int b | a != b |
-    regexp.fillsCaptureGroup("<!-- foo -->", a) and
-    // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
-    regexp.fillsCaptureGroup("<!-- foo --!>", b) and
-    not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
-    msg =
-      "Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group "
-        + a + " and comments ending with --!> are matched with capture group " +
-        strictconcat(int i | regexp.fillsCaptureGroup("<!-- foo --!>", i) | i.toString(), ", ") +
-        "."
-  )
-  or
-  // CVE-2020-17480 - matching "<!-- foo -->" and other tags, but not "<!-- foo --!>".
-  exists(int group, int other |
-    group != other and
-    regexp.fillsCaptureGroup("<!-- foo -->", group) and
-    regexp.fillsCaptureGroup("<foo>", other) and
-    not regexp.matches("<!-- foo --!>") and
-    not regexp.fillsCaptureGroup("<!-- foo -->", any(int i | i != group)) and
-    not regexp.fillsCaptureGroup("<!- foo ->", group) and
-    not regexp.fillsCaptureGroup("<foo>", group) and
-    not regexp.fillsCaptureGroup("<script>", group) and
-    msg =
-      "This regular expression only parses --> (capture group " + group +
-        ") and not --!> as an HTML comment end tag."
-  )
-  or
-  regexp.matches("<!-- foo -->") and
-  not regexp.matches("<!-- foo\n -->") and
-  not regexp.matches("<!- foo ->") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<script>") and
-  msg = "This regular expression does not match comments containing newlines."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script \n>foo</script>") and
-    msg = "This regular expression matches <script></script>, but not <script \\n></script>"
-    or
-    not regexp.matches("<script >foo\n</script>") and
-    msg = "This regular expression matches <script>...</script>, but not <script >...\\n</script>"
-  )
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses single-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  msg = "This regular expression does not match script tags where the attribute uses double-quotes."
-  or
-  regexp.matches("<script>foo</script>") and
-  regexp.matches("<script src='foo'></script>") and
-  not regexp.matches("<script\tsrc='foo'></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo src=\"foo\"></foo>") and
-  msg = "This regular expression does not match script tags where tabs are used between attributes."
-  or
-  regexp.matches("<script>foo</script>") and
-  not RegExpFlags::isIgnoreCase(regexp) and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match upper case <SCRIPT> tags."
-    or
-    not regexp.matches("<sCrIpT>foo</ScRiPt>") and
-    regexp.matches("<SCRIPT>foo</SCRIPT>") and
-    msg = "This regular expression does not match mixed case <sCrIpT> tags."
-  )
-  or
-  regexp.matches("<script src=\"foo\"></script>") and
-  not regexp.matches("<foo>") and
-  not regexp.matches("<foo ></foo>") and
-  (
-    not regexp.matches("<script src=\"foo\">foo</script >") and
-    msg = "This regular expression does not match script end tags like </script >."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script foo=\"bar\">") and
-    msg = "This regular expression does not match script end tags like </script foo=\"bar\">."
-    or
-    not regexp.matches("<script src=\"foo\">foo</script\t\n bar>") and
-    msg = "This regular expression does not match script end tags like </script\\t\\n bar>."
-  )
-}
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// BadTagFilterQuery should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
index 20cc8d5b26b..7a4399afda9 100644
--- a/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
@@ -30,9 +30,7 @@ module CommandInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for command injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
     override string getSourceType() { result = "user-provided value" }
   }
 
diff --git a/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll
index da51c1fe600..45fa5794250 100644
--- a/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll
@@ -37,9 +37,7 @@ module ConditionalBypass {
    * A source of remote user input, considered as a flow source for bypass of
    * sensitive action guards.
    */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * A conditional that guards a sensitive action, e.g. `ok` in `if (ok) login()`.
diff --git a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
index b9aa115fe56..1cdf88169c3 100644
--- a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
@@ -87,9 +87,7 @@ module HardcodedDataInterpretedAsCode {
   /**
    * A code injection sink; hard-coded data should not flow here.
    */
-  private class DefaultCodeInjectionSink extends Sink {
-    DefaultCodeInjectionSink() { this instanceof CodeInjection::Sink }
-
+  private class DefaultCodeInjectionSink extends Sink instanceof CodeInjection::Sink {
     override string getKind() { result = "code" }
   }
 
diff --git a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll
index 608afed69cb..5fcc790b91e 100644
--- a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll
@@ -3,8 +3,9 @@
  */
 
 import codeql.ruby.frameworks.core.String
-import codeql.ruby.regexp.RegExpTreeView
-import codeql.ruby.security.regexp.NfaUtils as NfaUtils
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+import TreeView
+import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils
 
 /**
  * A regexp term that matches substrings that should be replaced with the empty string.
diff --git a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
index 309a26ac9df..31c9055d7cc 100644
--- a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
@@ -7,6 +7,7 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.AST
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.frameworks.core.Kernel::Kernel
+private import codeql.ruby.frameworks.Files
 
 /** A call to a method that might access a file or start a process. */
 class AmbiguousPathCall extends DataFlow::CallNode {
@@ -16,9 +17,15 @@ class AmbiguousPathCall extends DataFlow::CallNode {
     this.(KernelMethodCall).getMethodName() = "open" and
     name = "Kernel.open"
     or
-    this = API::getTopLevelMember("IO").getAMethodCall("read") and
-    not this = API::getTopLevelMember("File").getAMethodCall("read") and // needed in e.g. opal/opal, where some calls have both paths, but I'm not sure why
-    name = "IO.read"
+    exists(string methodName |
+      methodName = ["read", "write", "binread", "binwrite", "foreach", "readlines"]
+    |
+      methodCallOnlyOnIO(this, methodName) and
+      name = "IO." + methodName
+    )
+    or
+    this = API::getTopLevelMember("URI").getAMethodCall("open") and
+    name = "URI.open"
   }
 
   /** Gets the name for the method being called. */
@@ -26,11 +33,41 @@ class AmbiguousPathCall extends DataFlow::CallNode {
 
   /** Gets the name for a safer method that can be used instead. */
   string getReplacement() {
+    result = "File.open" and name = "Kernel.open"
+    or
     result = "File.read" and name = "IO.read"
     or
-    result = "File.open" and name = "Kernel.open"
+    result = "File.write" and name = "IO.write"
+    or
+    result = "File.binread" and name = "IO.binread"
+    or
+    result = "File.binwrite" and name = "IO.binwrite"
+    or
+    result = "File.foreach" and name = "IO.foreach"
+    or
+    result = "File.readlines" and name = "IO.readlines"
+    or
+    result = "URI(<uri>).open" and name = "URI.open"
   }
 
   /** Gets the argument that specifies the path to be accessed. */
   DataFlow::Node getPathArgument() { result = this.getArgument(0) }
 }
+
+private predicate methodCallOnlyOnIO(DataFlow::CallNode node, string methodName) {
+  node = API::getTopLevelMember("IO").getAMethodCall(methodName) and
+  not node = API::getTopLevelMember("File").getAMethodCall(methodName) // needed in e.g. opal/opal, where some calls have both paths (opal implements an own corelib)
+}
+
+/**
+ * A sanitizer for kernel open vulnerabilities.
+ */
+abstract class Sanitizer extends DataFlow::Node { }
+
+/**
+ * If a `File.join` is performed the resulting string will not start with a pipe `|`.
+ * This is true as long the tainted data doesn't flow into the first argument.
+ */
+private class FileJoinSanitizer extends Sanitizer {
+  FileJoinSanitizer() { this = any(File::FileJoinSummary s).getParameter("1..") }
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll
index beb21d0e734..9c67132565a 100644
--- a/ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll
@@ -60,6 +60,14 @@ class StringReplaceSanitizer extends Sanitizer {
   }
 }
 
+/**
+ * A call to `Object#inspect`, considered as a sanitizer.
+ * This is because `inspect` will replace newlines in strings with `\n`.
+ */
+class InspectSanitizer extends Sanitizer {
+  InspectSanitizer() { this.(DataFlow::CallNode).getMethodName() = "inspect" }
+}
+
 /**
  * A call to an HTML escape method is considered to sanitize its input.
  */
diff --git a/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll b/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll
index 65e662f0bc5..d9a8d80e09a 100644
--- a/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll
@@ -2,288 +2,7 @@
  * Classes and predicates for working with suspicious character ranges.
  */
 
-// We don't need the NFA utils, just the regexp tree.
-// but the below is a nice shared library that exposes the API we need.
-import regexp.NfaUtils
-
-/**
- * Gets a rank for `range` that is unique for ranges in the same file.
- * Prioritizes ranges that match more characters.
- */
-int rankRange(RegExpCharacterRange range) {
-  range =
-    rank[result](RegExpCharacterRange r, Location l, int low, int high |
-      r.getLocation() = l and
-      isRange(r, low, high)
-    |
-      r order by (high - low) desc, l.getStartLine(), l.getStartColumn()
-    )
-}
-
-/** Holds if `range` spans from the unicode code points `low` to `high` (both inclusive). */
-predicate isRange(RegExpCharacterRange range, int low, int high) {
-  exists(string lowc, string highc |
-    range.isRange(lowc, highc) and
-    low.toUnicode() = lowc and
-    high.toUnicode() = highc
-  )
-}
-
-/** Holds if `char` is an alpha-numeric character. */
-predicate isAlphanumeric(string char) {
-  // written like this to avoid having a bindingset for the predicate
-  char = [[48 .. 57], [65 .. 90], [97 .. 122]].toUnicode() // 0-9, A-Z, a-z
-}
-
-/**
- * Holds if the given ranges are from the same character class
- * and there exists at least one character matched by both ranges.
- */
-predicate overlap(RegExpCharacterRange a, RegExpCharacterRange b) {
-  exists(RegExpCharacterClass clz |
-    a = clz.getAChild() and
-    b = clz.getAChild() and
-    a != b
-  |
-    exists(int alow, int ahigh, int blow, int bhigh |
-      isRange(a, alow, ahigh) and
-      isRange(b, blow, bhigh) and
-      alow <= bhigh and
-      blow <= ahigh
-    )
-  )
-}
-
-/**
- * Holds if `range` overlaps with the char class `escape` from the same character class.
- */
-predicate overlapsWithCharEscape(RegExpCharacterRange range, RegExpCharacterClassEscape escape) {
-  exists(RegExpCharacterClass clz, string low, string high |
-    range = clz.getAChild() and
-    escape = clz.getAChild() and
-    range.isRange(low, high)
-  |
-    escape.getValue() = "w" and
-    getInRange(low, high).regexpMatch("\\w")
-    or
-    escape.getValue() = "d" and
-    getInRange(low, high).regexpMatch("\\d")
-    or
-    escape.getValue() = "s" and
-    getInRange(low, high).regexpMatch("\\s")
-  )
-}
-
-/** Gets the unicode code point for a `char`. */
-bindingset[char]
-int toCodePoint(string char) { result.toUnicode() = char }
-
-/** A character range that appears to be overly wide. */
-class OverlyWideRange extends RegExpCharacterRange {
-  OverlyWideRange() {
-    exists(int low, int high, int numChars |
-      isRange(this, low, high) and
-      numChars = (1 + high - low) and
-      this.getRootTerm().isUsedAsRegExp() and
-      numChars >= 10
-    |
-      // across the Z-a range (which includes backticks)
-      toCodePoint("Z") >= low and
-      toCodePoint("a") <= high
-      or
-      // across the 9-A range (which includes e.g. ; and ?)
-      toCodePoint("9") >= low and
-      toCodePoint("A") <= high
-      or
-      // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
-      // while still being ascii
-      low < 128 and
-      high < 128
-    ) and
-    // allowlist for known ranges
-    not this = allowedWideRanges()
-  }
-
-  /** Gets a string representation of a character class that matches the same chars as this range. */
-  string printEquivalent() { result = RangePrinter::printEquivalentCharClass(this) }
-}
-
-/** Gets a range that should not be reported as an overly wide range. */
-RegExpCharacterRange allowedWideRanges() {
-  // ~ is the last printable ASCII character, it's used right in various wide ranges.
-  result.isRange(_, "~")
-  or
-  // the same with " " and "!". " " is the first printable character, and "!" is the first non-white-space printable character.
-  result.isRange([" ", "!"], _)
-  or
-  // the `[@-_]` range is intentional
-  result.isRange("@", "_")
-  or
-  // starting from the zero byte is a good indication that it's purposely matching a large range.
-  result.isRange(0.toUnicode(), _)
-}
-
-/** Gets a char between (and including) `low` and `high`. */
-bindingset[low, high]
-private string getInRange(string low, string high) {
-  result = [toCodePoint(low) .. toCodePoint(high)].toUnicode()
-}
-
-/** A module computing an equivalent character class for an overly wide range. */
-module RangePrinter {
-  bindingset[char]
-  bindingset[result]
-  private string next(string char) {
-    exists(int prev, int next |
-      prev.toUnicode() = char and
-      next.toUnicode() = result and
-      next = prev + 1
-    )
-  }
-
-  /** Gets the points where the parts of the pretty printed range should be cut off. */
-  private string cutoffs() { result = ["A", "Z", "a", "z", "0", "9"] }
-
-  /** Gets the char to use in the low end of a range for a given `cut` */
-  private string lowCut(string cut) {
-    cut = ["A", "a", "0"] and
-    result = cut
-    or
-    cut = ["Z", "z", "9"] and
-    result = next(cut)
-  }
-
-  /** Gets the char to use in the high end of a range for a given `cut` */
-  private string highCut(string cut) {
-    cut = ["Z", "z", "9"] and
-    result = cut
-    or
-    cut = ["A", "a", "0"] and
-    next(result) = cut
-  }
-
-  /** Gets the cutoff char used for a given `part` of a range when pretty-printing it. */
-  private string cutoff(OverlyWideRange range, int part) {
-    exists(int low, int high | isRange(range, low, high) |
-      result =
-        rank[part + 1](string cut |
-          cut = cutoffs() and low < toCodePoint(cut) and toCodePoint(cut) < high
-        |
-          cut order by toCodePoint(cut)
-        )
-    )
-  }
-
-  /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
-
-  /** Holds if the given part of a range should span from `low` to `high`. */
-  private predicate part(OverlyWideRange range, int part, string low, string high) {
-    // first part.
-    part = 0 and
-    (
-      range.isRange(low, high) and
-      parts(range) = 1
-      or
-      parts(range) >= 2 and
-      range.isRange(low, _) and
-      high = highCut(cutoff(range, part))
-    )
-    or
-    // middle
-    part >= 1 and
-    part < parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    high = highCut(cutoff(range, part))
-    or
-    // last.
-    part = parts(range) - 1 and
-    low = lowCut(cutoff(range, part - 1)) and
-    range.isRange(_, high)
-  }
-
-  /** Gets an escaped `char` for use in a character class. */
-  bindingset[char]
-  private string escape(string char) {
-    exists(string reg | reg = "(\\[|\\]|\\\\|-|/)" |
-      if char.regexpMatch(reg) then result = "\\" + char else result = char
-    )
-  }
-
-  /** Gets a part of the equivalent range. */
-  private string printEquivalentCharClass(OverlyWideRange range, int part) {
-    exists(string low, string high | part(range, part, low, high) |
-      if
-        isAlphanumeric(low) and
-        isAlphanumeric(high)
-      then result = low + "-" + high
-      else
-        result =
-          strictconcat(string char | char = getInRange(low, high) | escape(char) order by char)
-    )
-  }
-
-  /** Gets the entire pretty printed equivalent range. */
-  string printEquivalentCharClass(OverlyWideRange range) {
-    result =
-      strictconcat(string r, int part |
-        r = "[" and part = -1 and exists(range)
-        or
-        r = printEquivalentCharClass(range, part)
-        or
-        r = "]" and part = parts(range)
-      |
-        r order by part
-      )
-  }
-}
-
-/** Gets a char range that is overly large because of `reason`. */
-RegExpCharacterRange getABadRange(string reason, int priority) {
-  result instanceof OverlyWideRange and
-  priority = 0 and
-  exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() |
-    if equiv.length() <= 50
-    then reason = "is equivalent to " + equiv
-    else reason = "is equivalent to " + equiv.substring(0, 50) + "..."
-  )
-  or
-  priority = 1 and
-  exists(RegExpCharacterRange other |
-    reason = "overlaps with " + other + " in the same character class" and
-    rankRange(result) < rankRange(other) and
-    overlap(result, other)
-  )
-  or
-  priority = 2 and
-  exists(RegExpCharacterClassEscape escape |
-    reason = "overlaps with " + escape + " in the same character class" and
-    overlapsWithCharEscape(result, escape)
-  )
-  or
-  reason = "is empty" and
-  priority = 3 and
-  exists(int low, int high |
-    isRange(result, low, high) and
-    low > high
-  )
-}
-
-/** Holds if `range` matches suspiciously many characters. */
-predicate problem(RegExpCharacterRange range, string reason) {
-  reason =
-    strictconcat(string m, int priority |
-      range = getABadRange(m, priority)
-    |
-      m, ", and " order by priority desc
-    ) and
-  // specifying a range using an escape is usually OK.
-  not range.getAChild() instanceof RegExpEscape and
-  // Unicode escapes in strings are interpreted before it turns into a regexp,
-  // so e.g. [\u0001-\uFFFF] will just turn up as a range between two constants.
-  // We therefore exclude these ranges.
-  range.getRootTerm().getParent() instanceof RegExpLiteral and
-  // is used as regexp (mostly for JS where regular expressions are parsed eagerly)
-  range.getRootTerm().isUsedAsRegExp()
-}
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
index cda3d0a0c3d..b927ec80f5c 100644
--- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
@@ -39,9 +39,7 @@ module ServerSideRequestForgery {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of remote user input, considered as a flow source for server side request forgery. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /** The URL of an HTTP request, considered as a sink. */
   class HttpRequestAsSink extends Sink {
diff --git a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
new file mode 100644
index 00000000000..66d3b0d4afd
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
@@ -0,0 +1,55 @@
+/**
+ * Provides default sources, sinks and sanitizers for detecting SQL injection
+ * vulnerabilities, as well as extension points for adding your own.
+ */
+
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.BarrierGuards
+private import codeql.ruby.dataflow.RemoteFlowSources
+
+/**
+ * Provides default sources, sinks and sanitizers for detecting SQL injection
+ * vulnerabilities, as well as extension points for adding your own.
+ */
+module SqlInjection {
+  /** A data flow source for SQL injection vulnerabilities. */
+  abstract class Source extends DataFlow::Node { }
+
+  /** A data flow sink for SQL injection vulnerabilities. */
+  abstract class Sink extends DataFlow::Node { }
+
+  /** A sanitizer for SQL injection vulnerabilities. */
+  abstract class Sanitizer extends DataFlow::Node { }
+
+  /**
+   * A source of remote user input, considered as a flow source.
+   */
+  private class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
+
+  /**
+   * An SQL statement of a SQL execution, considered as a flow sink.
+   */
+  private class SqlExecutionAsSink extends Sink {
+    SqlExecutionAsSink() { this = any(SqlExecution e).getSql() }
+  }
+
+  /**
+   * An SQL statement of a SQL construction, considered as a flow sink.
+   */
+  private class SqlConstructionAsSink extends Sink {
+    SqlConstructionAsSink() { this = any(SqlConstruction e).getSql() }
+  }
+
+  /**
+   * A comparison with a constant string, considered as a sanitizer-guard.
+   */
+  private class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+
+  /**
+   * An inclusion check against an array of constant strings, considered as a
+   * sanitizer-guard.
+   */
+  class StringConstArrayInclusionCallAsSanitizer extends Sanitizer,
+    StringConstArrayInclusionCallBarrier { }
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/SqlInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/SqlInjectionQuery.qll
new file mode 100644
index 00000000000..f74e919ffe5
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionQuery.qll
@@ -0,0 +1,21 @@
+/**
+ * Provides default sources, sinks and sanitizers for detecting SQL injection
+ * vulnerabilities, as well as extension points for adding your own.
+ */
+
+private import codeql.ruby.DataFlow
+private import codeql.ruby.TaintTracking
+import SqlInjectionCustomizations::SqlInjection
+
+/**
+ * A taint-tracking configuration for detecting SQL injection vulnerabilities.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "SqlInjectionConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  override predicate isSink(DataFlow::Node source) { source instanceof Sink }
+
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
new file mode 100644
index 00000000000..9a25dda844d
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
@@ -0,0 +1,55 @@
+/**
+ * Provides default sources, sinks and sanitizers for detecting stack trace
+ * exposure vulnerabilities, as well as extension points for adding your own.
+ */
+
+private import codeql.ruby.AST
+private import codeql.ruby.Concepts
+private import codeql.ruby.DataFlow
+private import codeql.ruby.controlflow.CfgNodes
+private import codeql.ruby.frameworks.core.Kernel
+
+/**
+ * Provides default sources, sinks and sanitizers for detecting stack trace
+ * exposure vulnerabilities, as well as extension points for adding your own.
+ */
+module StackTraceExposure {
+  /** A data flow source for stack trace exposure vulnerabilities. */
+  abstract class Source extends DataFlow::Node { }
+
+  /** A data flow sink for stack trace exposure vulnerabilities. */
+  abstract class Sink extends DataFlow::Node { }
+
+  /** A data flow sanitizer for stack trace exposure vulnerabilities. */
+  abstract class Sanitizer extends DataFlow::Node { }
+
+  /**
+   * A call to `backtrace` or `backtrace_locations` on a `rescue` variable,
+   * considered as a flow source.
+   */
+  class BacktraceCall extends Source, DataFlow::CallNode {
+    BacktraceCall() {
+      exists(DataFlow::LocalSourceNode varAccess |
+        varAccess.asExpr().(ExprNodes::VariableReadAccessCfgNode).getExpr().getVariable() =
+          any(RescueClause rc).getVariableExpr().(VariableAccess).getVariable() and
+        varAccess.flowsTo(this.getReceiver())
+      ) and
+      this.getMethodName() = ["backtrace", "backtrace_locations"]
+    }
+  }
+
+  /**
+   * A call to `Kernel#caller`, considered as a flow source.
+   */
+  class KernelCallerCall extends Source, Kernel::KernelMethodCall {
+    KernelCallerCall() { this.getMethodName() = "caller" }
+  }
+
+  /**
+   * The body of an HTTP response that will be returned from a server,
+   * considered as a flow sink.
+   */
+  class ServerHttpResponseBodyAsSink extends Sink {
+    ServerHttpResponseBodyAsSink() { this = any(Http::Server::HttpResponse response).getBody() }
+  }
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureQuery.qll b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureQuery.qll
new file mode 100644
index 00000000000..408d903d7b4
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureQuery.qll
@@ -0,0 +1,25 @@
+/**
+ * Provides a taint-tracking configuration for detecting stack-trace exposure
+ * vulnerabilities.
+ *
+ * Note, for performance reasons: only import this file if
+ * `StackTraceExposure::Configuration` is needed; otherwise,
+ * `StackTraceExposureCustomizations` should be imported instead.
+ */
+
+private import codeql.ruby.DataFlow
+private import codeql.ruby.TaintTracking
+private import StackTraceExposureCustomizations::StackTraceExposure
+
+/**
+ * A taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "StackTraceExposure" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll b/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll
index 2f5f6069594..43f9dff4a25 100644
--- a/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/security/TaintedFormatStringSpecific.qll
@@ -2,73 +2,8 @@
  * Provides Ruby-specific imports and classes needed for `TaintedFormatStringQuery` and `TaintedFormatStringCustomizations`.
  */
 
-import codeql.ruby.AST
+import codeql.ruby.frameworks.StringFormatters
 import codeql.ruby.DataFlow
 import codeql.ruby.dataflow.RemoteFlowSources
-import codeql.ruby.ApiGraphs
 import codeql.ruby.TaintTracking
-private import codeql.ruby.frameworks.Files
-private import codeql.ruby.frameworks.core.IO
-private import codeql.ruby.controlflow.CfgNodes
-
-/**
- * A call to `printf` or `sprintf`.
- */
-abstract class PrintfStyleCall extends DataFlow::CallNode {
-  // We assume that most printf-like calls have the signature f(format_string, args...)
-  /**
-   * Gets the format string of this call.
-   */
-  DataFlow::Node getFormatString() { result = this.getArgument(0) }
-
-  /**
-   * Gets then `n`th formatted argument of this call.
-   */
-  DataFlow::Node getFormatArgument(int n) { n >= 0 and result = this.getArgument(n + 1) }
-}
-
-/**
- * A call to `Kernel.printf`.
- */
-class KernelPrintfCall extends PrintfStyleCall {
-  KernelPrintfCall() {
-    this = API::getTopLevelMember("Kernel").getAMethodCall("printf")
-    or
-    this.asExpr().getExpr() instanceof UnknownMethodCall and
-    this.getMethodName() = "printf"
-  }
-
-  // Kernel#printf supports two signatures:
-  //   printf(io, string, ...)
-  //   printf(string, ...)
-  override DataFlow::Node getFormatString() {
-    // Because `printf` has two different signatures, we can't be sure which
-    // argument is the format string, so we use a heuristic:
-    // If the first argument has a string value, then we assume it is the format string.
-    // Otherwise we treat both the first and second args as the format string.
-    if this.getArgument(0).getExprNode().getConstantValue().isString(_)
-    then result = this.getArgument(0)
-    else result = this.getArgument([0, 1])
-  }
-}
-
-/**
- * A call to `Kernel.sprintf`.
- */
-class KernelSprintfCall extends PrintfStyleCall {
-  KernelSprintfCall() {
-    this = API::getTopLevelMember("Kernel").getAMethodCall("sprintf")
-    or
-    this.asExpr().getExpr() instanceof UnknownMethodCall and
-    this.getMethodName() = "sprintf"
-  }
-}
-
-/**
- * A call to `IO#printf`.
- */
-class IOPrintfCall extends PrintfStyleCall {
-  IOPrintfCall() {
-    this.getReceiver() instanceof IO::IOInstance and this.getMethodName() = "printf"
-  }
-}
+import codeql.ruby.DataFlow
diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
index f12db1435d6..7e6ff6a2e1c 100644
--- a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
@@ -35,9 +35,7 @@ module UnsafeDeserialization {
   }
 
   /** A source of remote user input, considered as a flow source for unsafe deserialization. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
 
   /**
    * An argument in a call to `Marshal.load` or `Marshal.restore`, considered a
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll
index 4a608890249..608f0e59552 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll
@@ -62,284 +62,7 @@
  *     a suffix `x` (possible empty) that is most likely __not__ accepted.
  */
 
-import NfaUtils
-
-/**
- * Holds if state `s` might be inside a backtracking repetition.
- */
-pragma[noinline]
-private predicate stateInsideBacktracking(State s) {
-  s.getRepr().getParent*() instanceof MaybeBacktrackingRepetition
-}
-
-/**
- * A infinitely repeating quantifier that might backtrack.
- */
-private class MaybeBacktrackingRepetition extends InfiniteRepetitionQuantifier {
-  MaybeBacktrackingRepetition() {
-    exists(RegExpTerm child |
-      child instanceof RegExpAlt or
-      child instanceof RegExpQuantifier
-    |
-      child.getParent+() = this
-    )
-  }
-}
-
-/**
- * A state in the product automaton.
- */
-private newtype TStatePair =
-  /**
-   * We lazily only construct those states that we are actually
-   * going to need: `(q, q)` for every fork state `q`, and any
-   * pair of states that can be reached from a pair that we have
-   * already constructed. To cut down on the number of states,
-   * we only represent states `(q1, q2)` where `q1` is lexicographically
-   * no bigger than `q2`.
-   *
-   * States are only constructed if both states in the pair are
-   * inside a repetition that might backtrack.
-   */
-  MkStatePair(State q1, State q2) {
-    isFork(q1, _, _, _, _) and q2 = q1
-    or
-    (step(_, _, _, q1, q2) or step(_, _, _, q2, q1)) and
-    rankState(q1) <= rankState(q2)
-  }
-
-/**
- * Gets a unique number for a `state`.
- * Is used to create an ordering of states, where states with the same `toString()` will be ordered differently.
- */
-private int rankState(State state) {
-  state =
-    rank[result](State s, Location l |
-      stateInsideBacktracking(s) and
-      l = s.getRepr().getLocation()
-    |
-      s order by l.getStartLine(), l.getStartColumn(), s.toString()
-    )
-}
-
-/**
- * A state in the product automaton.
- */
-private class StatePair extends TStatePair {
-  State q1;
-  State q2;
-
-  StatePair() { this = MkStatePair(q1, q2) }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "(" + q1 + ", " + q2 + ")" }
-
-  /** Gets the first component of the state pair. */
-  State getLeft() { result = q1 }
-
-  /** Gets the second component of the state pair. */
-  State getRight() { result = q2 }
-}
-
-/**
- * Holds for `(fork, fork)` state pairs when `isFork(fork, _, _, _, _)` holds.
- *
- * Used in `statePairDistToFork`
- */
-private predicate isStatePairFork(StatePair p) {
-  exists(State fork | p = MkStatePair(fork, fork) and isFork(fork, _, _, _, _))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r`.
- *
- * Used in `statePairDistToFork`
- */
-private predicate reverseStep(StatePair r, StatePair q) { step(q, _, _, r) }
-
-/**
- * Gets the minimum length of a path from `q` to `r` in the
- * product automaton.
- */
-private int statePairDistToFork(StatePair q, StatePair r) =
-  shortestDistances(isStatePairFork/1, reverseStep/2)(r, q, result)
-
-/**
- * Holds if there are transitions from `q` to `r1` and from `q` to `r2`
- * labelled with `s1` and `s2`, respectively, where `s1` and `s2` do not
- * trivially have an empty intersection.
- *
- * This predicate only holds for states associated with regular expressions
- * that have at least one repetition quantifier in them (otherwise the
- * expression cannot be vulnerable to ReDoS attacks anyway).
- */
-pragma[noopt]
-private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  stateInsideBacktracking(q) and
-  exists(State q1, State q2 |
-    q1 = epsilonSucc*(q) and
-    delta(q1, s1, r1) and
-    q2 = epsilonSucc*(q) and
-    delta(q2, s2, r2) and
-    // Use pragma[noopt] to prevent intersect(s1,s2) from being the starting point of the join.
-    // From (s1,s2) it would find a huge number of intermediate state pairs (q1,q2) originating from different literals,
-    // and discover at the end that no `q` can reach both `q1` and `q2` by epsilon transitions.
-    exists(intersect(s1, s2))
-  |
-    s1 != s2
-    or
-    r1 != r2
-    or
-    r1 = r2 and q1 != q2
-    or
-    // If q can reach itself by epsilon transitions, then there are two distinct paths to the q1/q2 state:
-    // one that uses the loop and one that doesn't. The engine will separately attempt to match with each path,
-    // despite ending in the same state. The "fork" thus arises from the choice of whether to use the loop or not.
-    // To avoid every state in the loop becoming a fork state,
-    // we arbitrarily pick the InfiniteRepetitionQuantifier state as the canonical fork state for the loop
-    // (every epsilon-loop must contain such a state).
-    //
-    // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
-    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
-    // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
-    // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
-    r1 = r2 and
-    q1 = q2 and
-    epsilonSucc+(q) = q and
-    exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and
-    // One of the mid states is an infinite quantifier itself
-    exists(State mid, RegExpTerm term |
-      mid = epsilonSucc+(q) and
-      term = mid.getRepr() and
-      term instanceof InfiniteRepetitionQuantifier and
-      q = epsilonSucc+(mid) and
-      not mid = q
-    )
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-/**
- * Gets the state pair `(q1, q2)` or `(q2, q1)`; note that only
- * one or the other is defined.
- */
-private StatePair mkStatePair(State q1, State q2) {
-  result = MkStatePair(q1, q2) or result = MkStatePair(q2, q1)
-}
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1` and `s2`, respectively.
- */
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, StatePair r) {
-  exists(State r1, State r2 | step(q, s1, s2, r1, r2) and r = mkStatePair(r1, r2))
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1` and `r2`
- * labelled with `s1` and `s2`, respectively.
- *
- * We only consider transitions where the resulting states `(r1, r2)` are both
- * inside a repetition that might backtrack.
- */
-pragma[noopt]
-private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
-  exists(State q1, State q2 | q.getLeft() = q1 and q.getRight() = q2 |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    // use noopt to force the join on `intersect` to happen last.
-    exists(intersect(s1, s2))
-  ) and
-  stateInsideBacktracking(r1) and
-  stateInsideBacktracking(r2)
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, TTrace t) { isReachableFromFork(_, _, s1, s2, t, _) }
-
-/**
- * A list of pairs of input symbols that describe a path in the product automaton
- * starting from some fork state.
- */
-private class Trace extends TTrace {
-  /** Gets a textual representation of this element. */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, Trace t | this = Step(s1, s2, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if `r` is reachable from `(fork, fork)` under input `w`, and there is
- * a path from `r` back to `(fork, fork)` with `rem` steps.
- */
-private predicate isReachableFromFork(State fork, StatePair r, Trace w, int rem) {
-  exists(InputSymbol s1, InputSymbol s2, Trace v |
-    isReachableFromFork(fork, r, s1, s2, v, rem) and
-    w = Step(s1, s2, v)
-  )
-}
-
-private predicate isReachableFromFork(
-  State fork, StatePair r, InputSymbol s1, InputSymbol s2, Trace v, int rem
-) {
-  // base case
-  exists(State q1, State q2 |
-    isFork(fork, s1, s2, q1, q2) and
-    r = MkStatePair(q1, q2) and
-    v = Nil() and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-  or
-  // recursive case
-  exists(StatePair p |
-    isReachableFromFork(fork, p, v, rem + 1) and
-    step(p, s1, s2, r) and
-    rem = statePairDistToFork(r, MkStatePair(fork, fork))
-  )
-}
-
-/**
- * Gets a state in the product automaton from which `(fork, fork)` is
- * reachable in zero or more epsilon transitions.
- */
-private StatePair getAForkPair(State fork) {
-  isFork(fork, _, _, _, _) and
-  result = MkStatePair(epsilonPred*(fork), epsilonPred*(fork))
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, result) }
-
-  /** Holds if `n` is a trace that is used by `concretize` in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State f | isReachableFromFork(f, getAForkPair(f), n, _))
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2 | t = Step(s1, s2, _) | result = intersect(s1, s2))
-  }
-}
-
-/**
- * Holds if `fork` is a pumpable fork with word `w`.
- */
-private predicate isPumpable(State fork, string w) {
-  exists(StatePair q, Trace t |
-    isReachableFromFork(fork, q, t, _) and
-    q = getAForkPair(fork) and
-    w = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/** Holds if `state` has exponential ReDoS */
-predicate hasReDoSResult = ReDoSPruning<isPumpable/2>::hasReDoSResult/4;
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
new file mode 100644
index 00000000000..88e07527bb7
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
@@ -0,0 +1,18 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import ruby
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
+private import codeql.ruby.Regexp as Regexp
+private import codeql.regex.HostnameRegexp as Shared
+
+/** An implementation of the signature that allows the Hostname analysis to run. */
+module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = DataFlow::Node;
+
+  class RegExpPatternSource = Regexp::RegExpPatternSource;
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll
index 5ff0cb6a39e..721905a34bf 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll
@@ -7,1332 +7,7 @@
  * other queries that benefit from reasoning about NFAs.
  */
 
-import NfaUtilsSpecific
-
-/**
- * Gets the char after `c` (from a simplified ASCII table).
- */
-private string nextChar(string c) { exists(int code | code = ascii(c) | code + 1 = ascii(result)) }
-
-/**
- * Gets an approximation for the ASCII code for `char`.
- * Only the easily printable chars are included (so no newline, tab, null, etc).
- */
-private int ascii(string char) {
-  char =
-    rank[result](string c |
-      c =
-        "! \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
-            .charAt(_)
-    )
-}
-
-/**
- * Holds if `t` matches at least an epsilon symbol.
- *
- * That is, this term does not restrict the language of the enclosing regular expression.
- *
- * This is implemented as an under-approximation, and this predicate does not hold for sub-patterns in particular.
- */
-predicate matchesEpsilon(RegExpTerm t) {
-  t instanceof RegExpStar
-  or
-  t instanceof RegExpOpt
-  or
-  t.(RegExpRange).getLowerBound() = 0
-  or
-  exists(RegExpTerm child |
-    child = t.getAChild() and
-    matchesEpsilon(child)
-  |
-    t instanceof RegExpAlt or
-    t instanceof RegExpGroup or
-    t instanceof RegExpPlus or
-    t instanceof RegExpRange
-  )
-  or
-  matchesEpsilon(t.(RegExpBackRef).getGroup())
-  or
-  forex(RegExpTerm child | child = t.(RegExpSequence).getAChild() | matchesEpsilon(child))
-}
-
-/**
- * A lookahead/lookbehind that matches the empty string.
- */
-class EmptyPositiveSubPattern extends RegExpSubPattern {
-  EmptyPositiveSubPattern() {
-    (
-      this instanceof RegExpPositiveLookahead
-      or
-      this instanceof RegExpPositiveLookbehind
-    ) and
-    matchesEpsilon(this.getOperand())
-  }
-}
-
-/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
-deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
-
-/**
- * A branch in a disjunction that is the root node in a literal, or a literal
- * whose root node is not a disjunction.
- */
-class RegExpRoot extends RegExpTerm {
-  RegExpRoot() {
-    exists(RegExpParent parent |
-      exists(RegExpAlt alt |
-        alt.isRootTerm() and
-        this = alt.getAChild() and
-        parent = alt.getParent()
-      )
-      or
-      this.isRootTerm() and
-      not this instanceof RegExpAlt and
-      parent = this.getParent()
-    )
-  }
-
-  /**
-   * Holds if this root term is relevant to the ReDoS analysis.
-   */
-  predicate isRelevant() {
-    // is actually used as a RegExp
-    this.isUsedAsRegExp() and
-    // not excluded for library specific reasons
-    not isExcluded(this.getRootTerm().getParent())
-  }
-}
-
-/**
- * A constant in a regular expression that represents valid Unicode character(s).
- */
-private class RegexpCharacterConstant extends RegExpConstant {
-  RegexpCharacterConstant() { this.isCharacter() }
-}
-
-/**
- * A regexp term that is relevant for this ReDoS analysis.
- */
-class RelevantRegExpTerm extends RegExpTerm {
-  RelevantRegExpTerm() { getRoot(this).isRelevant() }
-}
-
-/**
- * Holds if `term` is the chosen canonical representative for all terms with string representation `str`.
- * The string representation includes which flags are used with the regular expression.
- *
- * Using canonical representatives gives a huge performance boost when working with tuples containing multiple `InputSymbol`s.
- * The number of `InputSymbol`s is decreased by 3 orders of magnitude or more in some larger benchmarks.
- */
-private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
-  term =
-    min(RelevantRegExpTerm t, Location loc, File file |
-      loc = t.getLocation() and
-      file = t.getFile() and
-      str = getCanonicalizationString(t)
-    |
-      t order by t.getFile().getRelativePath(), loc.getStartLine(), loc.getStartColumn()
-    )
-}
-
-/**
- * Gets a string representation of `term` that is used for canonicalization.
- */
-private string getCanonicalizationString(RelevantRegExpTerm term) {
-  exists(string ignoreCase |
-    (if RegExpFlags::isIgnoreCase(term.getRootTerm()) then ignoreCase = "i" else ignoreCase = "") and
-    result = term.getRawValue() + "|" + ignoreCase
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-private newtype TInputSymbol =
-  /** An input symbol corresponding to character `c`. */
-  Char(string c) {
-    c =
-      any(RegexpCharacterConstant cc |
-        cc instanceof RelevantRegExpTerm and
-        not RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      ).getValue().charAt(_)
-    or
-    // normalize everything to lower case if the regexp is case insensitive
-    c =
-      any(RegexpCharacterConstant cc, string char |
-        cc instanceof RelevantRegExpTerm and
-        RegExpFlags::isIgnoreCase(cc.getRootTerm()) and
-        char = cc.getValue().charAt(_)
-      |
-        char.toLowerCase()
-      )
-  } or
-  /**
-   * An input symbol representing all characters matched by
-   * a (non-universal) character class that has string representation `charClassString`.
-   */
-  CharClass(string charClassString) {
-    exists(RelevantRegExpTerm recc | isCanonicalTerm(recc, charClassString) |
-      recc instanceof RegExpCharacterClass and
-      not recc.(RegExpCharacterClass).isUniversalClass()
-      or
-      isEscapeClass(recc, _)
-    )
-  } or
-  /** An input symbol representing all characters matched by `.`. */
-  Dot() or
-  /** An input symbol representing all characters. */
-  Any() or
-  /** An epsilon transition in the automaton. */
-  Epsilon()
-
-/**
- * Gets the the CharClass corresponding to the canonical representative `term`.
- */
-private CharClass getCharClassForCanonicalTerm(RegExpTerm term) {
-  exists(string str | isCanonicalTerm(term, str) | result = CharClass(str))
-}
-
-/**
- * Gets a char class that represents `term`, even when `term` is not the canonical representative.
- */
-CharacterClass getCanonicalCharClass(RegExpTerm term) {
-  exists(string str | str = getCanonicalizationString(term) and result = CharClass(str))
-}
-
-/**
- * Holds if `a` and `b` are input symbols from the same regexp.
- */
-private predicate sharesRoot(InputSymbol a, InputSymbol b) {
-  exists(RegExpRoot root |
-    belongsTo(a, root) and
-    belongsTo(b, root)
-  )
-}
-
-/**
- * Holds if the `a` is an input symbol from a regexp that has root `root`.
- */
-private predicate belongsTo(InputSymbol a, RegExpRoot root) {
-  exists(State s | getRoot(s.getRepr()) = root |
-    delta(s, a, _)
-    or
-    delta(_, a, s)
-  )
-}
-
-/**
- * An abstract input symbol, representing a set of concrete characters.
- */
-class InputSymbol extends TInputSymbol {
-  InputSymbol() { not this instanceof Epsilon }
-
-  /**
-   * Gets a string representation of this input symbol.
-   */
-  string toString() {
-    this = Char(result)
-    or
-    this = CharClass(result)
-    or
-    this = Dot() and result = "."
-    or
-    this = Any() and result = "[^]"
-  }
-}
-
-/**
- * An abstract input symbol that represents a character class.
- */
-abstract class CharacterClass extends InputSymbol {
-  /**
-   * Gets a character that is relevant for intersection-tests involving this
-   * character class.
-   *
-   * Specifically, this is any of the characters mentioned explicitly in the
-   * character class, offset by one if it is inverted. For character class escapes,
-   * the result is as if the class had been written out as a series of intervals.
-   *
-   * This set is large enough to ensure that for any two intersecting character
-   * classes, one contains a relevant character from the other.
-   */
-  abstract string getARelevantChar();
-
-  /**
-   * Holds if this character class matches `char`.
-   */
-  bindingset[char]
-  abstract predicate matches(string char);
-
-  /**
-   * Gets a character matched by this character class.
-   */
-  string choose() { result = this.getARelevantChar() and this.matches(result) }
-}
-
-/**
- * Provides implementations for `CharacterClass`.
- */
-private module CharacterClasses {
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatches(RegExpCharacterClass cc, string char) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then
-      // normalize everything to lower case if the regexp is case insensitive
-      exists(string c | hasChildThatMatchesIgnoringCasingFlags(cc, c) | char = c.toLowerCase())
-    else hasChildThatMatchesIgnoringCasingFlags(cc, char)
-  }
-
-  /**
-   * Holds if the character class `cc` has a child (constant or range) that matches `char`.
-   * Ignores whether the character class is inside a regular expression that has the ignore case flag.
-   */
-  pragma[noinline]
-  predicate hasChildThatMatchesIgnoringCasingFlags(RegExpCharacterClass cc, string char) {
-    exists(getCharClassForCanonicalTerm(cc)) and
-    exists(RegExpTerm child | child = cc.getAChild() |
-      char = child.(RegexpCharacterConstant).getValue()
-      or
-      rangeMatchesOnLetterOrDigits(child, char)
-      or
-      not rangeMatchesOnLetterOrDigits(child, _) and
-      char = getARelevantChar() and
-      exists(string lo, string hi | child.(RegExpCharacterRange).isRange(lo, hi) |
-        lo <= char and
-        char <= hi
-      )
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        charClass.toLowerCase() = charClass and
-        classEscapeMatches(charClass, char)
-        or
-        char = getARelevantChar() and
-        charClass.toUpperCase() = charClass and
-        not classEscapeMatches(charClass, char)
-      )
-    )
-  }
-
-  /**
-   * Holds if `range` is a range on lower-case, upper-case, or digits, and matches `char`.
-   * This predicate is used to restrict the searchspace for ranges by only joining `getAnyPossiblyMatchedChar`
-   * on a few ranges.
-   */
-  private predicate rangeMatchesOnLetterOrDigits(RegExpCharacterRange range, string char) {
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = lowercaseLetter() and hi = lowercaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = lowercaseLetter()
-    )
-    or
-    exists(string lo, string hi |
-      range.isRange(lo, hi) and lo = upperCaseLetter() and hi = upperCaseLetter()
-    |
-      lo <= char and
-      char <= hi and
-      char = upperCaseLetter()
-    )
-    or
-    exists(string lo, string hi | range.isRange(lo, hi) and lo = digit() and hi = digit() |
-      lo <= char and
-      char <= hi and
-      char = digit()
-    )
-  }
-
-  private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }
-
-  private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }
-
-  private string digit() { result = [0 .. 9].toString() }
-
-  /**
-   * Gets a char that could be matched by a regular expression.
-   * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
-   */
-  string getARelevantChar() {
-    exists(ascii(result))
-    or
-    exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
-    or
-    classEscapeMatches(_, result)
-  }
-
-  /**
-   * Gets a char that is mentioned in the character class `c`.
-   */
-  private string getAMentionedChar(RegExpCharacterClass c) {
-    exists(RegExpTerm child | child = c.getAChild() |
-      result = child.(RegexpCharacterConstant).getValue()
-      or
-      child.(RegExpCharacterRange).isRange(result, _)
-      or
-      child.(RegExpCharacterRange).isRange(_, result)
-      or
-      exists(string charClass | isEscapeClass(child, charClass) |
-        result = min(string s | classEscapeMatches(charClass.toLowerCase(), s))
-        or
-        result = max(string s | classEscapeMatches(charClass.toLowerCase(), s))
-      )
-    )
-  }
-
-  bindingset[char, cc]
-  private string caseNormalize(string char, RegExpTerm cc) {
-    if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-    then result = char.toLowerCase()
-    else result = char
-  }
-
-  /**
-   * An implementation of `CharacterClass` for positive (non inverted) character classes.
-   */
-  private class PositiveCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    PositiveCharacterClass() { this = getCharClassForCanonicalTerm(cc) and not cc.isInverted() }
-
-    override string getARelevantChar() { result = caseNormalize(getAMentionedChar(cc), cc) }
-
-    override predicate matches(string char) { hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for inverted character classes.
-   */
-  private class InvertedCharacterClass extends CharacterClass {
-    RegExpCharacterClass cc;
-
-    InvertedCharacterClass() { this = getCharClassForCanonicalTerm(cc) and cc.isInverted() }
-
-    override string getARelevantChar() {
-      result = nextChar(caseNormalize(getAMentionedChar(cc), cc)) or
-      nextChar(result) = caseNormalize(getAMentionedChar(cc), cc)
-    }
-
-    bindingset[char]
-    override predicate matches(string char) { not hasChildThatMatches(cc, char) }
-  }
-
-  /**
-   * Holds if the character class escape `clazz` (\d, \s, or \w) matches `char`.
-   */
-  pragma[noinline]
-  private predicate classEscapeMatches(string clazz, string char) {
-    clazz = "d" and
-    char = "0123456789".charAt(_)
-    or
-    clazz = "s" and
-    char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f
-    or
-    clazz = "w" and
-    char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \d, \s, and \w.
-   */
-  private class PositiveCharacterClassEscape extends CharacterClass {
-    string charClass;
-    RegExpTerm cc;
-
-    PositiveCharacterClassEscape() {
-      isEscapeClass(cc, charClass) and
-      this = getCharClassForCanonicalTerm(cc) and
-      charClass = ["d", "s", "w"]
-    }
-
-    override string getARelevantChar() {
-      charClass = "d" and
-      result = ["0", "9"]
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      if RegExpFlags::isIgnoreCase(cc.getRootTerm())
-      then result = ["a", "z", "_", "0", "9"]
-      else result = ["a", "Z", "_", "0", "9"]
-    }
-
-    override predicate matches(string char) { classEscapeMatches(charClass, char) }
-
-    override string choose() {
-      charClass = "d" and
-      result = "9"
-      or
-      charClass = "s" and
-      result = " "
-      or
-      charClass = "w" and
-      result = "a"
-    }
-  }
-
-  /**
-   * An implementation of `CharacterClass` for \D, \S, and \W.
-   */
-  private class NegativeCharacterClassEscape extends CharacterClass {
-    string charClass;
-
-    NegativeCharacterClassEscape() {
-      exists(RegExpTerm cc |
-        isEscapeClass(cc, charClass) and
-        this = getCharClassForCanonicalTerm(cc) and
-        charClass = ["D", "S", "W"]
-      )
-    }
-
-    override string getARelevantChar() {
-      charClass = "D" and
-      result = ["a", "Z", "!"]
-      or
-      charClass = "S" and
-      result = ["a", "9", "!"]
-      or
-      charClass = "W" and
-      result = [" ", "!"]
-    }
-
-    bindingset[char]
-    override predicate matches(string char) {
-      not classEscapeMatches(charClass.toLowerCase(), char)
-    }
-  }
-
-  /** Gets a representative for all char classes that match the same chars as `c`. */
-  CharacterClass normalize(CharacterClass c) {
-    exists(string normalization |
-      normalization = getNormalizationString(c) and
-      result =
-        min(CharacterClass cc, string raw |
-          getNormalizationString(cc) = normalization and cc = CharClass(raw)
-        |
-          cc order by raw
-        )
-    )
-  }
-
-  /** Gets a string representing all the chars matched by `c` */
-  private string getNormalizationString(CharacterClass c) {
-    (c instanceof PositiveCharacterClass or c instanceof PositiveCharacterClassEscape) and
-    result = concat(string char | c.matches(char) and char = CharacterClasses::getARelevantChar())
-    or
-    (c instanceof InvertedCharacterClass or c instanceof NegativeCharacterClassEscape) and
-    // the string produced by the concat can not contain repeated chars
-    // so by starting the below with "nn" we can guarantee that
-    // it will not overlap with the above case.
-    // and a negative char class can never match the same chars as a positive one, so we don't miss any results from this.
-    result =
-      "nn:" +
-        concat(string char | not c.matches(char) and char = CharacterClasses::getARelevantChar())
-  }
-}
-
-private class EdgeLabel extends TInputSymbol {
-  string toString() {
-    this = Epsilon() and result = ""
-    or
-    exists(InputSymbol s | this = s and result = s.toString())
-  }
-}
-
-/**
- * A RegExp term that acts like a plus.
- * Either it's a RegExpPlus, or it is a range {1,X} where X is >= 30.
- * 30 has been chosen as a threshold because for exponential blowup 2^30 is enough to get a decent DOS attack.
- */
-private class EffectivelyPlus extends RegExpTerm {
-  EffectivelyPlus() {
-    this instanceof RegExpPlus
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 1 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a star.
- * Either it's a RegExpStar, or it is a range {0,X} where X is >= 30.
- */
-private class EffectivelyStar extends RegExpTerm {
-  EffectivelyStar() {
-    this instanceof RegExpStar
-    or
-    exists(RegExpRange range |
-      range.getLowerBound() = 0 and
-      (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
-    |
-      this = range
-    )
-  }
-}
-
-/**
- * A RegExp term that acts like a question mark.
- * Either it's a RegExpQuestion, or it is a range {0,1}.
- */
-private class EffectivelyQuestion extends RegExpTerm {
-  EffectivelyQuestion() {
-    this instanceof RegExpOpt
-    or
-    exists(RegExpRange range | range.getLowerBound() = 0 and range.getUpperBound() = 1 |
-      this = range
-    )
-  }
-}
-
-/**
- * Gets the state before matching `t`.
- */
-pragma[inline]
-private State before(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * Gets a state the NFA may be in after matching `t`.
- */
-State after(RegExpTerm t) {
-  exists(RegExpAlt alt | t = alt.getAChild() | result = after(alt))
-  or
-  exists(RegExpSequence seq, int i | t = seq.getChild(i) |
-    result = before(seq.getChild(i + 1))
-    or
-    i + 1 = seq.getNumChild() and result = after(seq)
-  )
-  or
-  exists(RegExpGroup grp | t = grp.getAChild() | result = after(grp))
-  or
-  exists(EffectivelyStar star | t = star.getAChild() |
-    not isPossessive(star) and
-    result = before(star)
-  )
-  or
-  exists(EffectivelyPlus plus | t = plus.getAChild() |
-    not isPossessive(plus) and
-    result = before(plus)
-    or
-    result = after(plus)
-  )
-  or
-  exists(EffectivelyQuestion opt | t = opt.getAChild() | result = after(opt))
-  or
-  exists(RegExpRoot root | t = root |
-    if matchesAnySuffix(root) then result = AcceptAnySuffix(root) else result = Accept(root)
-  )
-}
-
-/**
- * Holds if the NFA has a transition from `q1` to `q2` labelled with `lbl`.
- */
-predicate delta(State q1, EdgeLabel lbl, State q2) {
-  exists(RegexpCharacterConstant s, int i |
-    q1 = Match(s, i) and
-    (
-      not RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      lbl = Char(s.getValue().charAt(i))
-      or
-      // normalize everything to lower case if the regexp is case insensitive
-      RegExpFlags::isIgnoreCase(s.getRootTerm()) and
-      exists(string c | c = s.getValue().charAt(i) | lbl = Char(c.toLowerCase()))
-    ) and
-    (
-      q2 = Match(s, i + 1)
-      or
-      s.getValue().length() = i + 1 and
-      q2 = after(s)
-    )
-  )
-  or
-  exists(RegExpDot dot | q1 = before(dot) and q2 = after(dot) |
-    if RegExpFlags::isDotAll(dot.getRootTerm()) then lbl = Any() else lbl = Dot()
-  )
-  or
-  exists(RegExpCharacterClass cc |
-    cc.isUniversalClass() and q1 = before(cc) and lbl = Any() and q2 = after(cc)
-    or
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpTerm cc | isEscapeClass(cc, _) |
-    q1 = before(cc) and
-    lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
-    q2 = after(cc)
-  )
-  or
-  exists(RegExpAlt alt | lbl = Epsilon() | q1 = before(alt) and q2 = before(alt.getAChild()))
-  or
-  exists(RegExpSequence seq | lbl = Epsilon() | q1 = before(seq) and q2 = before(seq.getChild(0)))
-  or
-  exists(RegExpGroup grp | lbl = Epsilon() | q1 = before(grp) and q2 = before(grp.getChild(0)))
-  or
-  exists(EffectivelyStar star | lbl = Epsilon() |
-    q1 = before(star) and q2 = before(star.getChild(0))
-    or
-    q1 = before(star) and q2 = after(star)
-  )
-  or
-  exists(EffectivelyPlus plus | lbl = Epsilon() |
-    q1 = before(plus) and q2 = before(plus.getChild(0))
-  )
-  or
-  exists(EffectivelyQuestion opt | lbl = Epsilon() |
-    q1 = before(opt) and q2 = before(opt.getChild(0))
-    or
-    q1 = before(opt) and q2 = after(opt)
-  )
-  or
-  exists(RegExpRoot root | q1 = AcceptAnySuffix(root) |
-    lbl = Any() and q2 = q1
-    or
-    lbl = Epsilon() and q2 = Accept(root)
-  )
-  or
-  exists(RegExpRoot root | q1 = Match(root, 0) | matchesAnyPrefix(root) and lbl = Any() and q2 = q1)
-  or
-  exists(RegExpDollar dollar | q1 = before(dollar) |
-    lbl = Epsilon() and q2 = Accept(getRoot(dollar))
-  )
-  or
-  exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty))
-}
-
-/**
- * Gets a state that `q` has an epsilon transition to.
- */
-State epsilonSucc(State q) { delta(q, Epsilon(), result) }
-
-/**
- * Gets a state that has an epsilon transition to `q`.
- */
-State epsilonPred(State q) { q = epsilonSucc(result) }
-
-/**
- * Holds if there is a state `q` that can be reached from `q1`
- * along epsilon edges, such that there is a transition from
- * `q` to `q2` that consumes symbol `s`.
- */
-predicate deltaClosed(State q1, InputSymbol s, State q2) { delta(epsilonSucc*(q1), s, q2) }
-
-/**
- * Gets the root containing the given term, that is, the root of the literal,
- * or a branch of the root disjunction.
- */
-RegExpRoot getRoot(RegExpTerm term) {
-  result = term or
-  result = getRoot(term.getParent())
-}
-
-/**
- * A state in the NFA.
- */
-newtype TState =
-  /**
-   * A state representing that the NFA is about to match a term.
-   * `i` is used to index into multi-char literals.
-   */
-  Match(RelevantRegExpTerm t, int i) {
-    i = 0
-    or
-    exists(t.(RegexpCharacterConstant).getValue().charAt(i))
-  } or
-  /**
-   * An accept state, where exactly the given input string is accepted.
-   */
-  Accept(RegExpRoot l) { l.isRelevant() } or
-  /**
-   * An accept state, where the given input string, or any string that has this
-   * string as a prefix, is accepted.
-   */
-  AcceptAnySuffix(RegExpRoot l) { l.isRelevant() }
-
-/**
- * Gets a state that is about to match the regular expression `t`.
- */
-State mkMatch(RegExpTerm t) { result = Match(t, 0) }
-
-/**
- * A state in the NFA corresponding to a regular expression.
- *
- * Each regular expression literal `l` has one accepting state
- * `Accept(l)`, one state that accepts all suffixes `AcceptAnySuffix(l)`,
- * and a state `Match(t, i)` for every subterm `t`,
- * which represents the state of the NFA before starting to
- * match `t`, or the `i`th character in `t` if `t` is a constant.
- */
-class State extends TState {
-  RegExpTerm repr;
-
-  State() {
-    this = Match(repr, _) or
-    this = Accept(repr) or
-    this = AcceptAnySuffix(repr)
-  }
-
-  /**
-   * Gets a string representation for this state in a regular expression.
-   */
-  string toString() {
-    exists(int i | this = Match(repr, i) | result = "Match(" + repr + "," + i + ")")
-    or
-    this instanceof Accept and
-    result = "Accept(" + repr + ")"
-    or
-    this instanceof AcceptAnySuffix and
-    result = "AcceptAny(" + repr + ")"
-  }
-
-  /**
-   * Gets the location for this state.
-   */
-  Location getLocation() { result = repr.getLocation() }
-
-  /**
-   * Gets the term represented by this state.
-   */
-  RegExpTerm getRepr() { result = repr }
-}
-
-/**
- * Gets the minimum char that is matched by both the character classes `c` and `d`.
- */
-private string getMinOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  result = min(getAOverlapBetweenCharacterClasses(c, d))
-}
-
-/**
- * Gets a char that is matched by both the character classes `c` and `d`.
- * And `c` and `d` is not the same character class.
- */
-private string getAOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
-  sharesRoot(c, d) and
-  result = [c.getARelevantChar(), d.getARelevantChar()] and
-  c.matches(result) and
-  d.matches(result) and
-  not c = d
-}
-
-/**
- * Gets a character that is represented by both `c` and `d`.
- */
-string intersect(InputSymbol c, InputSymbol d) {
-  (sharesRoot(c, d) or [c, d] = Any()) and
-  (
-    c = Char(result) and
-    d = getAnInputSymbolMatching(result)
-    or
-    result = getMinOverlapBetweenCharacterClasses(c, d)
-    or
-    result = c.(CharacterClass).choose() and
-    (
-      d = c
-      or
-      d = Dot() and
-      not (result = "\n" or result = "\r")
-      or
-      d = Any()
-    )
-    or
-    (c = Dot() or c = Any()) and
-    (d = Dot() or d = Any()) and
-    result = "a"
-  )
-  or
-  result = intersect(d, c)
-}
-
-/**
- * Gets a symbol that matches `char`.
- */
-bindingset[char]
-InputSymbol getAnInputSymbolMatching(string char) {
-  result = Char(char)
-  or
-  result.(CharacterClass).matches(char)
-  or
-  result = Dot() and
-  not (char = "\n" or char = "\r")
-  or
-  result = Any()
-}
-
-/**
- * Holds if `state` is a start state.
- */
-predicate isStartState(State state) {
-  state = mkMatch(any(RegExpRoot r))
-  or
-  exists(RegExpCaret car | state = after(car))
-}
-
-/**
- * Holds if `state` is a candidate for ReDoS with string `pump`.
- */
-signature predicate isCandidateSig(State state, string pump);
-
-/**
- * Holds if `state` is a candidate for ReDoS.
- */
-signature predicate isCandidateSig(State state);
-
-/**
- * Predicates for constructing a prefix string that leads to a given state.
- */
-module PrefixConstruction<isCandidateSig/1 isCandidate> {
-  /**
-   * Holds if `state` is the textually last start state for the regular expression.
-   */
-  private predicate lastStartState(RelevantState state) {
-    exists(RegExpRoot root |
-      state =
-        max(RelevantState s, Location l |
-          isStartState(s) and
-          getRoot(s.getRepr()) = root and
-          l = s.getRepr().getLocation()
-        |
-          s
-          order by
-            l.getStartLine(), l.getStartColumn(), s.getRepr().toString(), l.getEndColumn(),
-            l.getEndLine()
-        )
-    )
-  }
-
-  /**
-   * Holds if there exists any transition (Epsilon() or other) from `a` to `b`.
-   */
-  private predicate existsTransition(State a, State b) { delta(a, _, b) }
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the `start` state.
-   */
-  int prefixLength(State start, State state) =
-    shortestDistances(lastStartState/1, existsTransition/2)(start, state, result)
-
-  /**
-   * Gets the minimum number of transitions it takes to reach `state` from the start state.
-   */
-  private int lengthFromStart(State state) { result = prefixLength(_, state) }
-
-  /**
-   * Gets a string for which the regular expression will reach `state`.
-   *
-   * Has at most one result for any given `state`.
-   * This predicate will not always have a result even if there is a ReDoS issue in
-   * the regular expression.
-   */
-  string prefix(State state) {
-    lastStartState(state) and
-    result = ""
-    or
-    // the search stops past the last redos candidate state.
-    lengthFromStart(state) <= max(lengthFromStart(any(State s | isCandidate(s)))) and
-    exists(State prev |
-      // select a unique predecessor (by an arbitrary measure)
-      prev =
-        min(State s, Location loc |
-          lengthFromStart(s) = lengthFromStart(state) - 1 and
-          loc = s.getRepr().getLocation() and
-          delta(s, _, state)
-        |
-          s
-          order by
-            loc.getStartLine(), loc.getStartColumn(), loc.getEndLine(), loc.getEndColumn(),
-            s.getRepr().toString()
-        )
-    |
-      // greedy search for the shortest prefix
-      result = prefix(prev) and delta(prev, Epsilon(), state)
-      or
-      not delta(prev, Epsilon(), state) and
-      result = prefix(prev) + getCanonicalEdgeChar(prev, state)
-    )
-  }
-
-  /**
-   * Gets a canonical char for which there exists a transition from `prev` to `next` in the NFA.
-   */
-  private string getCanonicalEdgeChar(State prev, State next) {
-    result =
-      min(string c | delta(prev, any(InputSymbol symbol | c = intersect(Any(), symbol)), next))
-  }
-
-  /** A state within a regular expression that contains a candidate state. */
-  class RelevantState instanceof State {
-    RelevantState() {
-      exists(State s | isCandidate(s) | getRoot(s.getRepr()) = getRoot(this.getRepr()))
-    }
-
-    /** Gets a string representation for this state in a regular expression. */
-    string toString() { result = State.super.toString() }
-
-    /** Gets the term represented by this state. */
-    RegExpTerm getRepr() { result = State.super.getRepr() }
-  }
-}
-
-/**
- * A module for pruning candidate ReDoS states.
- * The candidates are specified by the `isCandidate` signature predicate.
- * The candidates are checked for rejecting suffixes and deduplicated,
- * and the resulting ReDoS states are read by the `hasReDoSResult` predicate.
- */
-module ReDoSPruning<isCandidateSig/2 isCandidate> {
-  /**
-   * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
-   * No check whether a rejected suffix exists has been made.
-   */
-  private predicate isReDoSCandidate(State state, string pump) {
-    isCandidate(state, pump) and
-    not state = acceptsAnySuffix() and // pruning early - these can never get stuck in a rejecting state.
-    (
-      not isCandidate(epsilonSucc+(state), _)
-      or
-      epsilonSucc+(state) = state and
-      state =
-        max(State s, Location l |
-          s = epsilonSucc+(state) and
-          l = s.getRepr().getLocation() and
-          isCandidate(s, _) and
-          s.getRepr() instanceof InfiniteRepetitionQuantifier
-        |
-          s order by l.getStartLine(), l.getStartColumn(), l.getEndColumn(), l.getEndLine()
-        )
-    )
-  }
-
-  /** Gets a state that can reach the `accept-any` state using only epsilon steps. */
-  private State acceptsAnySuffix() { epsilonSucc*(result) = AcceptAnySuffix(_) }
-
-  predicate isCandidateState(State s) { isReDoSCandidate(s, _) }
-
-  import PrefixConstruction<isCandidateState/1> as Prefix
-
-  class RelevantState = Prefix::RelevantState;
-
-  /**
-   * Predicates for testing the presence of a rejecting suffix.
-   *
-   * These predicates are used to ensure that the all states reached from the fork
-   * by repeating `w` have a rejecting suffix.
-   *
-   * For example, a regexp like `/^(a+)+/` will accept any string as long the prefix is
-   * some number of `"a"`s, and it is therefore not possible to construct a rejecting suffix.
-   *
-   * A regexp like `/(a+)+$/` or `/(a+)+b/` trivially has a rejecting suffix,
-   * as the suffix "X" will cause both the regular expressions to be rejected.
-   *
-   * The string `w` is repeated any number of times because it needs to be
-   * infinitely repeatable for the attack to work.
-   * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
-   * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
-   */
-  private module SuffixConstruction {
-    /**
-     * Holds if all states reachable from `fork` by repeating `w`
-     * are likely rejectable by appending some suffix.
-     */
-    predicate reachesOnlyRejectableSuffixes(State fork, string w) {
-      isReDoSCandidate(fork, w) and
-      forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
-      not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
-    }
-
-    /**
-     * Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
-     * This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
-     */
-    pragma[noinline]
-    private predicate isLikelyRejectable(RelevantState s) {
-      // exists a reject edge with some char.
-      hasRejectEdge(s)
-      or
-      hasEdgeToLikelyRejectable(s)
-      or
-      // stopping here is rejection
-      isRejectState(s)
-    }
-
-    /**
-     * Holds if `s` is not an accept state, and there is no epsilon transition to an accept state.
-     */
-    predicate isRejectState(RelevantState s) { not epsilonSucc*(s) = Accept(_) }
-
-    /**
-     * Holds if there is likely a non-empty suffix leading to rejection starting in `s`.
-     */
-    pragma[noopt]
-    predicate hasEdgeToLikelyRejectable(RelevantState s) {
-      // all edges (at least one) with some char leads to another state that is rejectable.
-      // the `next` states might not share a common suffix, which can cause FPs.
-      exists(string char | char = hasEdgeToLikelyRejectableHelper(s) |
-        // noopt to force `hasEdgeToLikelyRejectableHelper` to be first in the join-order.
-        exists(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next)) and
-        forall(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next))
-      )
-    }
-
-    /**
-     * Gets a char for there exists a transition away from `s`,
-     * and `s` has not been found to be rejectable by `hasRejectEdge` or `isRejectState`.
-     */
-    pragma[noinline]
-    private string hasEdgeToLikelyRejectableHelper(RelevantState s) {
-      not hasRejectEdge(s) and
-      not isRejectState(s) and
-      deltaClosedChar(s, result, _)
-    }
-
-    /**
-     * Holds if there is a state `next` that can be reached from `prev`
-     * along epsilon edges, such that there is a transition from
-     * `prev` to `next` that the character symbol `char`.
-     */
-    predicate deltaClosedChar(RelevantState prev, string char, RelevantState next) {
-      deltaClosed(prev, getAnInputSymbolMatchingRelevant(char), next)
-    }
-
-    pragma[noinline]
-    InputSymbol getAnInputSymbolMatchingRelevant(string char) {
-      char = relevant(_) and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    pragma[noinline]
-    RegExpRoot relevantRoot() {
-      exists(RegExpTerm term, State s |
-        s.getRepr() = term and isCandidateState(s) and result = term.getRootTerm()
-      )
-    }
-
-    /**
-     * Gets a char used for finding possible suffixes inside `root`.
-     */
-    pragma[noinline]
-    private string relevant(RegExpRoot root) {
-      root = relevantRoot() and
-      (
-        exists(ascii(result)) and exists(root)
-        or
-        exists(InputSymbol s | belongsTo(s, root) | result = intersect(s, _))
-        or
-        // The characters from `hasSimpleRejectEdge`. Only `\n` is really needed (as `\n` is not in the `ascii` relation).
-        // The three chars must be kept in sync with `hasSimpleRejectEdge`.
-        result = ["|", "\n", "Z"] and exists(root)
-      )
-    }
-
-    /**
-     * Holds if there exists a `char` such that there is no edge from `s` labeled `char` in our NFA.
-     * The NFA does not model reject states, so the above is the same as saying there is a reject edge.
-     */
-    private predicate hasRejectEdge(State s) {
-      hasSimpleRejectEdge(s)
-      or
-      not hasSimpleRejectEdge(s) and
-      exists(string char | char = relevant(getRoot(s.getRepr())) | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Holds if there is no edge from `s` labeled with "|", "\n", or "Z" in our NFA.
-     * This predicate is used as a cheap pre-processing to speed up `hasRejectEdge`.
-     */
-    private predicate hasSimpleRejectEdge(State s) {
-      // The three chars were chosen arbitrarily. The three chars must be kept in sync with `relevant`.
-      exists(string char | char = ["|", "\n", "Z"] | not deltaClosedChar(s, char, _))
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i+1` characters of `w`.
-     */
-    pragma[noopt]
-    private State process(State fork, string w, int i) {
-      exists(State prev | prev = getProcessPrevious(fork, i, w) |
-        not prev = acceptsAnySuffix() and // we stop `process(..)` early if we can. If the successor accepts any suffix, then we know it can never be rejected.
-        exists(string char, InputSymbol sym |
-          char = w.charAt(i) and
-          deltaClosed(prev, sym, result) and
-          // noopt to prevent joining `prev` with all possible `chars` that could transition away from `prev`.
-          // Instead only join with the set of `chars` where a relevant `InputSymbol` has already been found.
-          sym = getAProcessInputSymbol(char)
-        )
-      )
-    }
-
-    /**
-     * Gets a state that can be reached from pumpable `fork` consuming all
-     * chars in `w` any number of times followed by the first `i` characters of `w`.
-     */
-    private State getProcessPrevious(State fork, int i, string w) {
-      isReDoSCandidate(fork, w) and
-      (
-        i = 0 and result = fork
-        or
-        result = process(fork, w, i - 1)
-        or
-        // repeat until fixpoint
-        i = 0 and
-        result = process(fork, w, w.length() - 1)
-      )
-    }
-
-    /**
-     * Gets an InputSymbol that matches `char`.
-     * The predicate is specialized to only have a result for the `char`s that are relevant for the `process` predicate.
-     */
-    private InputSymbol getAProcessInputSymbol(string char) {
-      char = getAProcessChar() and
-      result = getAnInputSymbolMatching(char)
-    }
-
-    /**
-     * Gets a `char` that occurs in a `pump` string.
-     */
-    private string getAProcessChar() { result = any(string s | isReDoSCandidate(_, s)).charAt(_) }
-  }
-
-  /**
-   * Holds if `term` may cause superlinear backtracking on strings containing many repetitions of `pump`.
-   * Gets the shortest string that causes superlinear backtracking.
-   */
-  private predicate isReDoSAttackable(RegExpTerm term, string pump, State s) {
-    exists(int i, string c | s = Match(term, i) |
-      c =
-        min(string w |
-          isCandidate(s, w) and
-          SuffixConstruction::reachesOnlyRejectableSuffixes(s, w)
-        |
-          w order by w.length(), w
-        ) and
-      pump = escape(rotate(c, i))
-    )
-  }
-
-  /**
-   * Holds if the state `s` (represented by the term `t`) can have backtracking with repetitions of `pump`.
-   *
-   * `prefixMsg` contains a friendly message for a prefix that reaches `s` (or `prefixMsg` is the empty string if the prefix is empty or if no prefix could be found).
-   */
-  predicate hasReDoSResult(RegExpTerm t, string pump, State s, string prefixMsg) {
-    isReDoSAttackable(t, pump, s) and
-    (
-      prefixMsg = "starting with '" + escape(Prefix::prefix(s)) + "' and " and
-      not Prefix::prefix(s) = ""
-      or
-      Prefix::prefix(s) = "" and prefixMsg = ""
-      or
-      not exists(Prefix::prefix(s)) and prefixMsg = ""
-    )
-  }
-
-  /**
-   * Gets the result of backslash-escaping newlines, carriage-returns and
-   * backslashes in `s`.
-   */
-  bindingset[s]
-  private string escape(string s) {
-    result =
-      s.replaceAll("\\", "\\\\")
-          .replaceAll("\n", "\\n")
-          .replaceAll("\r", "\\r")
-          .replaceAll("\t", "\\t")
-  }
-
-  /**
-   * Gets `str` with the last `i` characters moved to the front.
-   *
-   * We use this to adjust the pump string to match with the beginning of
-   * a RegExpTerm, so it doesn't start in the middle of a constant.
-   */
-  bindingset[str, i]
-  private string rotate(string str, int i) {
-    result = str.suffix(str.length() - i) + str.prefix(str.length() - i)
-  }
-}
-
-/**
- * A module that describes a tree where each node has one or more associated characters, also known as a trie.
- * The root node has no associated character.
- * This module is a signature used in `Concretizer`.
- */
-signature module CharTree {
-  /** A node in the tree. */
-  class CharNode;
-
-  /** Gets the previous node in the tree from `t`. */
-  CharNode getPrev(CharNode t);
-
-  /**
-   * Holds if `n` is at the end of a tree. I.e. a node that should have a result in the `Concretizer` module.
-   * Such a node can still have children.
-   */
-  predicate isARelevantEnd(CharNode n);
-
-  /** Gets a char associated with `t`. */
-  string getChar(CharNode t);
-}
-
-/**
- * Implements an algorithm for computing all possible strings
- * from following a tree of nodes (as described in `CharTree`).
- *
- * The string is build using one big concat, where all the chars are computed first.
- * See `concretize`.
- */
-module Concretizer<CharTree Impl> {
-  private class Node = Impl::CharNode;
-
-  private predicate getPrev = Impl::getPrev/1;
-
-  private predicate isARelevantEnd = Impl::isARelevantEnd/1;
-
-  private predicate getChar = Impl::getChar/1;
-
-  /** Holds if `n` is on a path from the root to a leaf, and is therefore relevant for the results in `concretize`. */
-  private predicate isRelevant(Node n) {
-    isARelevantEnd(n)
-    or
-    exists(Node succ | isRelevant(succ) | n = getPrev(succ))
-  }
-
-  /** Holds if `n` is a root with no predecessors. */
-  private predicate isRoot(Node n) { not exists(getPrev(n)) }
-
-  /** Gets the distance from a root to `n`. */
-  private int nodeDepth(Node n) {
-    result = 0 and isRoot(n)
-    or
-    isRelevant(n) and
-    exists(Node prev | result = nodeDepth(prev) + 1 | prev = getPrev(n))
-  }
-
-  /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
-  private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }
-
-  /** Gets the `i`th character on the path from the root to `n`. */
-  pragma[noinline]
-  private string getPrefixChar(Node n, int i) {
-    exists(Node ancestor |
-      result = getChar(ancestor) and
-      ancestor = getAnAncestor(n) and
-      i = nodeDepth(ancestor)
-    )
-  }
-
-  /** Gets a string corresponding to `node`. */
-  language[monotonicAggregates]
-  string concretize(Node n) {
-    result = strictconcat(int i | exists(getPrefixChar(n, i)) | getPrefixChar(n, i) order by i)
-  }
-}
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// NfaUtils should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll b/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll
deleted file mode 100644
index 821586b1f90..00000000000
--- a/ruby/ql/lib/codeql/ruby/security/regexp/NfaUtilsSpecific.qll
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Provides Ruby-specific definitions for use in the NfaUtils module.
- */
-
-import codeql.ruby.Regexp
-import codeql.Locations
-private import codeql.ruby.ast.Literal as Ast
-
-/**
- * Holds if `term` is an escape class representing e.g. `\d`.
- * `clazz` is which character class it represents, e.g. "d" for `\d`.
- */
-predicate isEscapeClass(RegExpTerm term, string clazz) {
-  exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz)
-  or
-  // TODO: expand to cover more properties
-  exists(RegExpNamedCharacterProperty escape | term = escape |
-    escape.getName().toLowerCase() = "digit" and
-    if escape.isInverted() then clazz = "D" else clazz = "d"
-    or
-    escape.getName().toLowerCase() = "space" and
-    if escape.isInverted() then clazz = "S" else clazz = "s"
-    or
-    escape.getName().toLowerCase() = "word" and
-    if escape.isInverted() then clazz = "W" else clazz = "w"
-  )
-}
-
-/**
- * Holds if the regular expression should not be considered.
- */
-predicate isExcluded(RegExpParent parent) {
-  parent.(RegExpTerm).getRegExp().(Ast::RegExpLiteral).hasFreeSpacingFlag() // exclude free-spacing mode regexes
-}
-
-/**
- * Holds if `term` is a possessive quantifier.
- * Not currently implemented, but is used by the shared library.
- */
-predicate isPossessive(RegExpQuantifier term) { none() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
- * Not yet implemented for Ruby.
- */
-predicate matchesAnyPrefix(RegExpTerm term) { any() }
-
-/**
- * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
- * Not yet implemented for Ruby.
- */
-predicate matchesAnySuffix(RegExpTerm term) { any() }
-
-/**
- * A module containing predicates for determining which flags a regular expression have.
- */
-module RegExpFlags {
-  /**
-   * Holds if `root` has the `i` flag for case-insensitive matching.
-   */
-  predicate isIgnoreCase(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isIgnoreCase()
-  }
-
-  /**
-   * Holds if `root` has the `s` flag for multi-line matching.
-   */
-  predicate isDotAll(RegExpTerm root) {
-    root.isRootTerm() and
-    root.getLiteral().isDotAll()
-  }
-}
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll
index 8c05642fc83..d56ddcd87c7 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll
@@ -8,8 +8,7 @@ private import codeql.ruby.AST as Ast
 private import codeql.ruby.CFG
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
-private import codeql.ruby.Regexp
-private import codeql.ruby.security.regexp.SuperlinearBackTracking
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
 
 /**
  * Provides default sources, sinks and sanitizers for reasoning about
@@ -17,6 +16,9 @@ private import codeql.ruby.security.regexp.SuperlinearBackTracking
  * as extension points for adding your own.
  */
 module PolynomialReDoS {
+  private import TreeView
+  import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>
+
   /**
    * A data flow source node for polynomial regular expression denial-of-service vulnerabilities.
    */
@@ -127,7 +129,7 @@ module PolynomialReDoS {
     override DataFlow::Node getHighlight() { result = matchNode }
   }
 
-  private predicate lengthGuard(CfgNodes::ExprCfgNode g, CfgNode node, boolean branch) {
+  private predicate lengthGuard(CfgNodes::AstCfgNode g, CfgNode node, boolean branch) {
     exists(DataFlow::Node input, DataFlow::CallNode length, DataFlow::ExprNode operand |
       length.asExpr().getExpr().(Ast::MethodCall).getMethodName() = "length" and
       length.getReceiver() = input and
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll b/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll
index e2c75ff980b..572d42d9617 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll
@@ -3,155 +3,7 @@
  * and for testing which capture groups are filled when a particular regexp matches a string.
  */
 
-import NfaUtils
-
-/** A root term */
-class RootTerm extends RegExpTerm {
-  RootTerm() { this.isRootTerm() }
-}
-
-/**
- * Holds if it should be tested whether `root` matches `str`.
- *
- * If `ignorePrefix` is true, then a regexp without a start anchor will be treated as if it had a start anchor.
- * E.g. a regular expression `/foo$/` will match any string that ends with "foo",
- * but if `ignorePrefix` is true, it will only match "foo".
- *
- * If `testWithGroups` is true, then the `RegexpMatching::fillsCaptureGroup` predicate can be used to determine which capture
- * groups are filled by a string.
- */
-signature predicate isRegexpMatchingCandidateSig(
-  RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
-);
-
-/**
- * A module for determining if a regexp matches a given string,
- * and reasoning about which capture groups are filled by a given string.
- *
- * The module parameter `isCandidate` determines which strings should be tested,
- * and the results can be read from the `matches` and `fillsCaptureGroup` predicates.
- */
-module RegexpMatching<isRegexpMatchingCandidateSig/4 isCandidate> {
-  /**
-   * Gets a state the regular expression `reg` can be in after matching the `i`th char in `str`.
-   * The regular expression is modeled as a non-determistic finite automaton,
-   * the regular expression can therefore be in multiple states after matching a character.
-   *
-   * It's a forward search to all possible states, and there is thus no guarantee that the state is on a path to an accepting state.
-   */
-  private State getAState(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // start state, the -1 position before any chars have been matched
-    i = -1 and
-    isCandidate(reg, str, ignorePrefix, _) and
-    result.getRepr().getRootTerm() = reg and
-    isStartState(result)
-    or
-    // recursive case
-    result = getAStateAfterMatching(reg, _, str, i, _, ignorePrefix)
-  }
-
-  /**
-   * Gets the next state after the `prev` state from `reg`.
-   * `prev` is the state after matching `fromIndex` chars in `str`,
-   * and the result is the state after matching `toIndex` chars in `str`.
-   *
-   * This predicate is used as a step relation in the forwards search (`getAState`),
-   * and also as a step relation in the later backwards search (`getAStateThatReachesAccept`).
-   */
-  private State getAStateAfterMatching(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    // the basic recursive case - outlined into a noopt helper to make performance work out.
-    result = getAStateAfterMatchingAux(reg, prev, str, toIndex, fromIndex, ignorePrefix)
-    or
-    // we can skip past word boundaries if the next char is a non-word char.
-    fromIndex = toIndex and
-    prev.getRepr() instanceof RegExpWordBoundary and
-    prev = getAState(reg, toIndex, str, ignorePrefix) and
-    after(prev.getRepr()) = result and
-    str.charAt(toIndex + 1).regexpMatch("\\W") // \W matches any non-word char.
-  }
-
-  pragma[noopt]
-  private State getAStateAfterMatchingAux(
-    RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
-  ) {
-    prev = getAState(reg, fromIndex, str, ignorePrefix) and
-    fromIndex = toIndex - 1 and
-    exists(string char | char = str.charAt(toIndex) | specializedDeltaClosed(prev, char, result)) and
-    not discardedPrefixStep(prev, result, ignorePrefix)
-  }
-
-  /** Holds if a step from `prev` to `next` should be discarded when the `ignorePrefix` flag is set. */
-  private predicate discardedPrefixStep(State prev, State next, boolean ignorePrefix) {
-    prev = mkMatch(any(RegExpRoot r)) and
-    ignorePrefix = true and
-    next = prev
-  }
-
-  // The `deltaClosed` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  private predicate specializedDeltaClosed(State prev, string char, State next) {
-    deltaClosed(prev, specializedGetAnInputSymbolMatching(char), next)
-  }
-
-  // The `getAnInputSymbolMatching` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
-  pragma[noinline]
-  private InputSymbol specializedGetAnInputSymbolMatching(string char) {
-    exists(string s, RootTerm r | isCandidate(r, s, _, _) | char = s.charAt(_)) and
-    result = getAnInputSymbolMatching(char)
-  }
-
-  /**
-   * Gets the `i`th state on a path to the accepting state when `reg` matches `str`.
-   * Starts with an accepting state as found by `getAState` and searches backwards
-   * to the start state through the reachable states (as found by `getAState`).
-   *
-   * This predicate satisfies the invariant that the result state can be reached with `i` steps from a start state,
-   * and an accepting state can be found after (`str.length() - 1 - i`) steps from the result.
-   * The result state is therefore always on a valid path where `reg` accepts `str`.
-   *
-   * This predicate is only used to find which capture groups a regular expression has filled,
-   * and thus the search is only performed for the strings in the `testWithGroups(..)` predicate.
-   */
-  private State getAStateThatReachesAccept(RootTerm reg, int i, string str, boolean ignorePrefix) {
-    // base case, reaches an accepting state from the last state in `getAState(..)`
-    isCandidate(reg, str, ignorePrefix, true) and
-    i = str.length() - 1 and
-    result = getAState(reg, i, str, ignorePrefix) and
-    epsilonSucc*(result) = Accept(_)
-    or
-    // recursive case. `next` is the next state to be matched after matching `prev`.
-    // this predicate is doing a backwards search, so `prev` is the result we are looking for.
-    exists(State next, State prev, int fromIndex, int toIndex |
-      next = getAStateThatReachesAccept(reg, toIndex, str, ignorePrefix) and
-      next = getAStateAfterMatching(reg, prev, str, toIndex, fromIndex, ignorePrefix) and
-      i = fromIndex and
-      result = prev
-    )
-  }
-
-  /** Gets the capture group number that `term` belongs to. */
-  private int group(RegExpTerm term) {
-    exists(RegExpGroup grp | grp.getNumber() = result | term.getParent*() = grp)
-  }
-
-  /**
-   * Holds if `reg` matches `str`, where `str` is in the `isCandidate` predicate.
-   */
-  predicate matches(RootTerm reg, string str) {
-    exists(State state | state = getAState(reg, str.length() - 1, str, _) |
-      epsilonSucc*(state) = Accept(_)
-    )
-  }
-
-  /**
-   * Holds if matching `str` against `reg` may fill capture group number `g`.
-   * Only holds if `str` is in the `testWithGroups` predicate.
-   */
-  predicate fillsCaptureGroup(RootTerm reg, string str, int g) {
-    exists(State s |
-      s = getAStateThatReachesAccept(reg, _, str, _) and
-      g = group(s.getRepr())
-    )
-  }
-}
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// RegexpMatching should be used directly from the shared pack, and not from this file.
+deprecated import codeql.regex.nfa.RegexpMatching::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll
index 14a69dc0644..eb19b0cc772 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll
@@ -1,11 +1,4 @@
 /**
- * Provides classes for working with regular expressions that can
- * perform backtracking in superlinear time.
- */
-
-import NfaUtils
-
-/*
  * This module implements the analysis described in the paper:
  *   Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
  *     Static Detection of DoS Vulnerabilities in
@@ -42,377 +35,7 @@ import NfaUtils
  * It also doesn't find all transitions in the product automaton, which can cause false negatives.
  */
 
-/**
- * Gets any root (start) state of a regular expression.
- */
-private State getRootState() { result = mkMatch(any(RegExpRoot r)) }
-
-private newtype TStateTuple =
-  MkStateTuple(State q1, State q2, State q3) {
-    // starts at (pivot, pivot, succ)
-    isStartLoops(q1, q3) and q1 = q2
-    or
-    step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3)
-  }
-
-/**
- * A state in the product automaton.
- * The product automaton contains 3-tuples of states.
- *
- * We lazily only construct those states that we are actually
- * going to need.
- * Either a start state `(pivot, pivot, succ)`, or a state
- * where there exists a transition from an already existing state.
- *
- * The exponential variant of this query (`js/redos`) uses an optimization
- * trick where `q1 <= q2`. This trick cannot be used here as the order
- * of the elements matter.
- */
-class StateTuple extends TStateTuple {
-  State q1;
-  State q2;
-  State q3;
-
-  StateTuple() { this = MkStateTuple(q1, q2, q3) }
-
-  /**
-   * Gest a string representation of this tuple.
-   */
-  string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
-
-  /**
-   * Holds if this tuple is `(r1, r2, r3)`.
-   */
-  pragma[noinline]
-  predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 }
-}
-
-/**
- * A module for determining feasible tuples for the product automaton.
- *
- * The implementation is split into many predicates for performance reasons.
- */
-private module FeasibleTuple {
-  /**
-   * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton.
-   */
-  pragma[inline]
-  predicate isFeasibleTuple(State r1, State r2, State r3) {
-    // The first element is either inside a repetition (or the start state itself)
-    isRepetitionOrStart(r1) and
-    // The last element is inside a repetition
-    stateInsideRepetition(r3) and
-    // The states are reachable in the NFA in the order r1 -> r2 -> r3
-    delta+(r1) = r2 and
-    delta+(r2) = r3 and
-    // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair).
-    canReachABeginning(r1) and
-    // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair).
-    canReachATarget(r3)
-  }
-
-  /**
-   * Holds if `s` is either inside a repetition, or is the start state (which is a repetition).
-   */
-  pragma[noinline]
-  private predicate isRepetitionOrStart(State s) { stateInsideRepetition(s) or s = getRootState() }
-
-  /**
-   * Holds if state `s` might be inside a backtracking repetition.
-   */
-  pragma[noinline]
-  private predicate stateInsideRepetition(State s) {
-    s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "pivot" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachABeginning(State s) {
-    delta+(s) = any(State pivot | isStartLoops(pivot, _))
-  }
-
-  /**
-   * Holds if there exists a path in the NFA from `s` to a "succ" state
-   * (from a `(pivot, succ)` pair that starts the search).
-   */
-  pragma[noinline]
-  private predicate canReachATarget(State s) { delta+(s) = any(State succ | isStartLoops(_, succ)) }
-}
-
-/**
- * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup.
- *
- * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`.
- * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query.
- */
-predicate isStartLoops(State pivot, State succ) {
-  pivot != succ and
-  succ.getRepr() instanceof InfiniteRepetitionQuantifier and
-  delta+(pivot) = succ and
-  (
-    pivot.getRepr() instanceof InfiniteRepetitionQuantifier
-    or
-    pivot = mkMatch(any(RegExpRoot root))
-  )
-}
-
-/**
- * Gets a state for which there exists a transition in the NFA from `s'.
- */
-State delta(State s) { delta(s, _, result) }
-
-/**
- * Holds if there are transitions from the components of `q` to the corresponding
- * components of `r` labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noinline]
-predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) {
-  exists(State r1, State r2, State r3 |
-    step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3)
-  )
-}
-
-/**
- * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3
- * labelled with `s1`, `s2`, and `s3`, respectively.
- */
-pragma[noopt]
-predicate step(
-  StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3
-) {
-  exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) |
-    deltaClosed(q1, s1, r1) and
-    deltaClosed(q2, s2, r2) and
-    deltaClosed(q3, s3, r3) and
-    // use noopt to force the join on `getAThreewayIntersect` to happen last.
-    exists(getAThreewayIntersect(s1, s2, s3))
-  )
-}
-
-/**
- * Gets a char that is matched by all the edges `s1`, `s2`, and `s3`.
- *
- * The result is not complete, and might miss some combination of edges that share some character.
- */
-pragma[noinline]
-string getAThreewayIntersect(InputSymbol s1, InputSymbol s2, InputSymbol s3) {
-  result = minAndMaxIntersect(s1, s2) and result = [intersect(s2, s3), intersect(s1, s3)]
-  or
-  result = minAndMaxIntersect(s1, s3) and result = [intersect(s2, s3), intersect(s1, s2)]
-  or
-  result = minAndMaxIntersect(s2, s3) and result = [intersect(s1, s2), intersect(s1, s3)]
-}
-
-/**
- * Gets the minimum and maximum characters that intersect between `a` and `b`.
- * This predicate is used to limit the size of `getAThreewayIntersect`.
- */
-pragma[noinline]
-string minAndMaxIntersect(InputSymbol a, InputSymbol b) {
-  result = [min(intersect(a, b)), max(intersect(a, b))]
-}
-
-private newtype TTrace =
-  Nil() or
-  Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) {
-    isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _)
-  }
-
-/**
- * A list of tuples of input symbols that describe a path in the product automaton
- * starting from some start state.
- */
-class Trace extends TTrace {
-  /**
-   * Gets a string representation of this Trace that can be used for debug purposes.
-   */
-  string toString() {
-    this = Nil() and result = "Nil()"
-    or
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) |
-      result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")"
-    )
-  }
-}
-
-/**
- * Holds if there exists a transition from `r` to `q` in the product automaton.
- * Notice that the arguments are flipped, and thus the direction is backwards.
- */
-pragma[noinline]
-predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) }
-
-/**
- * Holds if `tuple` is an end state in our search.
- * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`.
- */
-predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) }
-
-/**
- * Gets the minimum length of a path from `r` to some an end state `end`.
- *
- * The implementation searches backwards from the end-tuple.
- * This approach was chosen because it is way more efficient if the first predicate given to `shortestDistances` is small.
- * The `end` argument must always be an end state.
- */
-int distBackFromEnd(StateTuple r, StateTuple end) =
-  shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result)
-
-/**
- * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that:
- * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton,
- * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`,
- * and a path from a start-state to `tuple` follows the transitions in `trace`.
- */
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, StateTuple tuple, Trace trace, int dist
-) {
-  exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v |
-    isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and
-    trace = Step(s1, s2, s3, v)
-  )
-}
-
-private predicate isReachableFromStartTuple(
-  State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3,
-  StateTuple tuple, int dist
-) {
-  // base case.
-  exists(State q1, State q2, State q3 |
-    isStartLoops(pivot, succ) and
-    step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and
-    tuple = MkStateTuple(q1, q2, q3) and
-    trace = Nil() and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ))
-  )
-  or
-  // recursive case
-  exists(StateTuple p |
-    isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and
-    dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and
-    step(p, s1, s2, s3, tuple)
-  )
-}
-
-/**
- * Gets the tuple `(pivot, succ, succ)` from the product automaton.
- */
-StateTuple getAnEndTuple(State pivot, State succ) {
-  isStartLoops(pivot, succ) and
-  result = MkStateTuple(pivot, succ, succ)
-}
-
-/** An implementation of a chain containing chars for use by `Concretizer`. */
-private module CharTreeImpl implements CharTree {
-  class CharNode = Trace;
-
-  CharNode getPrev(CharNode t) { t = Step(_, _, _, result) }
-
-  /** Holds if `n` is used in `isPumpable`. */
-  predicate isARelevantEnd(CharNode n) {
-    exists(State pivot, State succ |
-      isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _)
-    )
-  }
-
-  string getChar(CharNode t) {
-    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) |
-      result = getAThreewayIntersect(s1, s2, s3)
-    )
-  }
-}
-
-/**
- * Holds if matching repetitions of `pump` can:
- * 1) Transition from `pivot` back to `pivot`.
- * 2) Transition from `pivot` to `succ`.
- * 3) Transition from `succ` to `succ`.
- *
- * From theorem 3 in the paper linked in the top of this file we can therefore conclude that
- * the regular expression has polynomial backtracking - if a rejecting suffix exists.
- *
- * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are
- * available in the `hasReDoSResult` predicate.
- */
-predicate isPumpable(State pivot, State succ, string pump) {
-  exists(StateTuple q, Trace t |
-    isReachableFromStartTuple(pivot, succ, q, t, _) and
-    q = getAnEndTuple(pivot, succ) and
-    pump = Concretizer<CharTreeImpl>::concretize(t)
-  )
-}
-
-/**
- * Holds if states starting in `state` can have polynomial backtracking with the string `pump`.
- */
-predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump) }
-
-/**
- * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
- */
-predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
-  exists(State s, State pivot |
-    ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
-    isPumpable(pivot, s, _) and
-    prev = pivot.getRepr()
-  )
-}
-
-/**
- * Gets a message for why `term` can cause polynomial backtracking.
- */
-string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
-  polynomialReDoS(term, pump, prefixMsg, prev) and
-  result =
-    "Strings " + prefixMsg + "with many repetitions of '" + pump +
-      "' can start matching anywhere after the start of the preceeding " + prev
-}
-
-/**
- * A term that may cause a regular expression engine to perform a
- * polynomial number of match attempts, relative to the input length.
- */
-class PolynomialBackTrackingTerm extends InfiniteRepetitionQuantifier {
-  string reason;
-  string pump;
-  string prefixMsg;
-  RegExpTerm prev;
-
-  PolynomialBackTrackingTerm() {
-    reason = getReasonString(this, pump, prefixMsg, prev) and
-    // there might be many reasons for this term to have polynomial backtracking - we pick the shortest one.
-    reason = min(string msg | msg = getReasonString(this, _, _, _) | msg order by msg.length(), msg)
-  }
-
-  /**
-   * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line.
-   */
-  predicate isAtEndLine() {
-    forall(RegExpTerm succ | this.getSuccessor+() = succ and not matchesEpsilon(succ) |
-      succ instanceof RegExpDollar
-    )
-  }
-
-  /**
-   * Gets the string that should be repeated to cause this regular expression to perform polynomially.
-   */
-  string getPumpString() { result = pump }
-
-  /**
-   * Gets a message for which prefix a matching string must start with for this term to cause polynomial backtracking.
-   */
-  string getPrefixMessage() { result = prefixMsg }
-
-  /**
-   * Gets a predecessor to `this`, which also loops on the pump string, and thereby causes polynomial backtracking.
-   */
-  RegExpTerm getPreviousLoop() { result = prev }
-
-  /**
-   * Gets the reason for the number of match attempts.
-   */
-  string getReason() { result = reason }
-}
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
+deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
+import Dep
diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll
index 1c636c6987f..cc11b6b2a87 100644
--- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll
@@ -79,10 +79,15 @@ predicate jumpStep = DataFlowPrivate::jumpStep/2;
 /** Holds if there is direct flow from `param` to a return. */
 pragma[nomagic]
 private predicate flowThrough(DataFlowPublic::ParameterNode param) {
-  exists(DataFlowPrivate::ReturningNode returnNode |
+  exists(DataFlowPrivate::ReturningNode returnNode, DataFlowDispatch::ReturnKind rk |
     DataFlowPrivate::LocalFlow::getParameterDefNode(param.getParameter())
         .(TypeTrackingNode)
-        .flowsTo(returnNode)
+        .flowsTo(returnNode) and
+    rk = returnNode.getKind()
+  |
+    rk instanceof DataFlowDispatch::NormalReturnKind
+    or
+    rk instanceof DataFlowDispatch::BreakReturnKind
   )
 }
 
@@ -184,7 +189,9 @@ private predicate viableParam(
   DataFlowDispatch::ParameterPosition ppos
 ) {
   exists(Cfg::CfgScope callable |
-    DataFlowDispatch::getTarget(call) = callable and
+    DataFlowDispatch::getTarget(call) = callable or
+    DataFlowDispatch::getInitializeTarget(call) = callable
+  |
     p.isSourceParameterOf(callable, ppos)
   )
 }
@@ -226,6 +233,9 @@ predicate returnStep(Node nodeFrom, Node nodeTo) {
   exists(ExprNodes::CallCfgNode call |
     nodeFrom instanceof DataFlowPrivate::ReturnNode and
     nodeFrom.(DataFlowPrivate::NodeImpl).getCfgScope() = DataFlowDispatch::getTarget(call) and
+    // deliberately do not include `getInitializeTarget`, since calls to `new` should not
+    // get the return value from `initialize`. Any fields being set in the initializer
+    // will reach all reads via `callStep` and `localFieldStep`.
     nodeTo.asExpr().getNode() = call.getNode()
   )
   or
@@ -233,7 +243,8 @@ predicate returnStep(Node nodeFrom, Node nodeTo) {
   // we model it as a returning flow step, in order to avoid computing a potential
   // self-cross product of all calls to a function that returns one of its parameters
   // (only to later filter that flow out using `TypeTracker::append`).
-  nodeTo.(DataFlowPrivate::SynthReturnNode).getAnInput() = nodeFrom
+  nodeTo.(DataFlowPrivate::SynthReturnNode).getAnInput() = nodeFrom and
+  not nodeFrom instanceof DataFlowPrivate::InitializeReturnNode
 }
 
 /**
diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml
index 016f75260eb..153afd88563 100644
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
@@ -7,4 +7,6 @@ upgrades: upgrades
 library: true
 dependencies:
   codeql/ssa: ${workspace}
-
+  codeql/regex: ${workspace}
+dataExtensions:
+  - codeql/ruby/frameworks/**/model.yml
diff --git a/ruby/ql/src/AlertSuppression.ql b/ruby/ql/src/AlertSuppression.ql
index 9ee80abe099..a6a75d6d9db 100644
--- a/ruby/ql/src/AlertSuppression.ql
+++ b/ruby/ql/src/AlertSuppression.ql
@@ -52,9 +52,7 @@ private string commentText(Ruby::Comment comment) { result = comment.getValue().
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @ruby_token_comment {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @ruby_token_comment instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -68,7 +66,7 @@ class SuppressionScope extends @ruby_token_comment {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */
diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md
index 1e45bb15389..30c0bdbce56 100644
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 0.4.6
+
+No user-facing changes.
+
+## 0.4.5
+
+No user-facing changes.
+
+## 0.4.4
+
+### New Queries
+
+* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs.
+
+### Minor Analysis Improvements
+
+* The `rb/sql-injection` query now considers consider SQL constructions, such as calls to `Arel.sql`, as sinks.
+
 ## 0.4.3
 
 ### Minor Analysis Improvements
diff --git a/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md b/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md
deleted file mode 100644
index fba6a9304cf..00000000000
--- a/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs.
diff --git a/ruby/ql/src/change-notes/2022-11-14-stack-trace-exposure.md b/ruby/ql/src/change-notes/2022-11-14-stack-trace-exposure.md
new file mode 100644
index 00000000000..c4b1e73766b
--- /dev/null
+++ b/ruby/ql/src/change-notes/2022-11-14-stack-trace-exposure.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `rb/stack-trace-exposure`, to detect exposure of stack-traces to users via HTTP responses.
diff --git a/ruby/ql/src/change-notes/2022-11-22-kernel-open-sinks.md b/ruby/ql/src/change-notes/2022-11-22-kernel-open-sinks.md
new file mode 100644
index 00000000000..d44c59eade9
--- /dev/null
+++ b/ruby/ql/src/change-notes/2022-11-22-kernel-open-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Extended the `rb/kernel-open` query with following sinks: `IO.write`, `IO.binread`, `IO.binwrite`, `IO.foreach`, `IO.readlines`, and `URI.open`.
\ No newline at end of file
diff --git a/ruby/ql/src/change-notes/released/0.4.4.md b/ruby/ql/src/change-notes/released/0.4.4.md
new file mode 100644
index 00000000000..59be09518f7
--- /dev/null
+++ b/ruby/ql/src/change-notes/released/0.4.4.md
@@ -0,0 +1,9 @@
+## 0.4.4
+
+### New Queries
+
+* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs.
+
+### Minor Analysis Improvements
+
+* The `rb/sql-injection` query now considers consider SQL constructions, such as calls to `Arel.sql`, as sinks.
diff --git a/ruby/ql/src/change-notes/released/0.4.5.md b/ruby/ql/src/change-notes/released/0.4.5.md
new file mode 100644
index 00000000000..7ba9b2e8ade
--- /dev/null
+++ b/ruby/ql/src/change-notes/released/0.4.5.md
@@ -0,0 +1,3 @@
+## 0.4.5
+
+No user-facing changes.
diff --git a/ruby/ql/src/change-notes/released/0.4.6.md b/ruby/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/ruby/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml
index 1ec9c4ea5d9..2b842473675 100644
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.6
diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml
index 93c261cc264..85a6b678753 100644
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.4-dev
+version: 0.5.0-dev
 groups: 
   - ruby
   - queries
diff --git a/ruby/ql/src/queries/analysis/Definitions.ql b/ruby/ql/src/queries/analysis/Definitions.ql
index 24e968b124d..3f97223d9e8 100644
--- a/ruby/ql/src/queries/analysis/Definitions.ql
+++ b/ruby/ql/src/queries/analysis/Definitions.ql
@@ -12,6 +12,7 @@
 
 import codeql.ruby.AST
 import codeql.ruby.dataflow.SSA
+import codeql.ruby.dataflow.internal.DataFlowDispatch
 
 from DefLoc loc, Expr src, Expr target, string kind
 where
@@ -38,7 +39,12 @@ newtype DefLoc =
     write = definitionOf(read.getAQualifiedName())
   } or
   /** A method call. */
-  MethodLoc(MethodCall call, Method meth) { meth = call.getATarget() } or
+  MethodLoc(MethodCall call, Method meth) {
+    meth = call.getATarget()
+    or
+    // include implicit `initialize` calls
+    meth = getInitializeTarget(call.getAControlFlowNode())
+  } or
   /** A local variable. */
   LocalVariableLoc(VariableReadAccess read, VariableWriteAccess write) {
     exists(Ssa::WriteDefinition w |
diff --git a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
index 5e9bc406512..dc3ed9aeaf7 100644
--- a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
+++ b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
@@ -3,200 +3,6 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+// HostnameRegexp should be used directly from the shared regex pack, and not from this file.
+deprecated import codeql.ruby.security.regexp.HostnameRegexp as Dep
+import Dep
diff --git a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 42e4445a7ba..00000000000
--- a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1,2 +0,0 @@
-import codeql.ruby.Regexp
-import codeql.ruby.DataFlow
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql b/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
index f300fc9403f..33db6e4489a 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegxp
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegxp::incompleteHostnameRegExp/4;
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
index ca8b15eab29..8718bff5963 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
@@ -3,6 +3,7 @@
  */
 
 private import IncompleteUrlSubstringSanitizationSpecific
+private import codeql.regex.HostnameRegexp::Utils
 
 /**
  * A check on a string for whether it contains a given substring, possibly with restrictions on the location of the substring.
@@ -30,9 +31,7 @@ query predicate problems(
   mayHaveStringValue(substring, target) and
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
-    target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + RegExpPatterns::getACommonTld() +
-            "(:[0-9]+)?/?")
+    target.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + getACommonTld() + "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
     target.regexpMatch("(?i)https?://([a-z0-9-]+\\.)+([a-z]+)(:[0-9]+)?/?")
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
index de439d29c75..c985805e3eb 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -1,6 +1,5 @@
 import codeql.ruby.DataFlow
 import codeql.ruby.StringOps
-import codeql.ruby.Regexp::RegExpPatterns as RegExpPatterns
 
 /** Holds if `node` may evaluate to `value` */
 predicate mayHaveStringValue(DataFlow::Node node, string value) {
diff --git a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
index 45653af568d..afbef214159 100644
--- a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
+++ b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
@@ -11,238 +11,32 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
 import codeql.ruby.DataFlow
 import codeql.ruby.regexp.RegExpTreeView
 import codeql.ruby.Regexp
+private import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegexp
+private import codeql.regex.MissingRegExpAnchor as MissingRegExpAnchor
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
 
-/**
- * Holds if `term` is a final term, that is, no term will match anything after this one.
- */
-predicate isFinalRegExpTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpSequence seq |
-    isFinalRegExpTerm(seq) and
-    term = seq.getLastChild()
-  )
-  or
-  exists(RegExpTerm parent |
-    isFinalRegExpTerm(parent) and
-    term = parent.getAChild() and
-    not parent instanceof RegExpSequence and
-    not parent instanceof RegExpQuantifier
-  )
-}
-
-/** Holds if `term` is one of the transitive left children of a regexp. */
-predicate isLeftArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getChild(0) and
-    isLeftArmTerm(parent)
-  )
-}
-
-/** Holds if `term` is one of the transitive right children of a regexp. */
-predicate isRightArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getLastChild() and
-    isRightArmTerm(parent)
-  )
-}
-
-/**
- * Holds if `term` is an anchor that is not the first or last node
- * in its tree.
- */
-predicate isInteriorAnchor(RegExpAnchor term) {
-  not isLeftArmTerm(term) and
-  not isRightArmTerm(term)
-}
-
-/**
- * Holds if `term` contains an anchor that is not the first or last node
- * in its tree, such as `(foo|bar$|baz)`.
- */
-predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
-
-/**
- * Holds if `term` starts with a word boundary or lookbehind assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsLeadingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getChild(0) |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookbehind
-  )
-}
-
-/**
- * Holds if `term` ends with a word boundary or lookahead assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsTrailingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getLastChild() |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookahead
-  )
-}
-
-/**
- * Holds if `term` is an empty sequence, usually arising from
- * literals with a trailing alternative such as `foo|`.
- */
-predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
-
-/**
- * Holds if `term` contains a letter constant.
- *
- * We use this as a heuristic to filter out uninteresting results.
- */
-predicate containsLetters(RegExpTerm term) {
-  term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
-}
-
-/**
- * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
- * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
- */
-predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
-  isAnchoredGroup(alt.getAChild()) and
-  not alt.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `term` consists only of an anchor and a parenthesized term,
- * such as the left side of `^(foo|bar)|baz`.
- *
- * The precedence of the anchor is likely to be intentional in this case,
- * as the group wouldn't be needed otherwise.
- */
-predicate isAnchoredGroup(RegExpSequence term) {
-  term.getNumChild() = 2 and
-  term.getAChild() instanceof RegExpAnchor and
-  term.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `src` is a pattern for a collection of alternatives where
- * only the first or last alternative is anchored, indicating a
- * precedence mistake explained by `msg`.
- *
- * The canonical example of such a mistake is: `^a|b|c`, which is
- * parsed as `(^a)|(b)|(c)`.
- */
-predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
-  exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
-    root = src.getRegExpTerm() and
-    not containsInteriorAnchor(root) and
-    not isEmpty(root.getAChild()) and
-    not hasExplicitAnchorPrecedence(root) and
-    containsLetters(anchoredTerm) and
-    (
-      anchoredTerm = root.getChild(0) and
-      anchoredTerm.getChild(0) instanceof RegExpCaret and
-      not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
-      containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
-      direction = "beginning"
-      or
-      anchoredTerm = root.getLastChild() and
-      anchoredTerm.getLastChild() instanceof RegExpDollar and
-      not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
-      containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
-      direction = "end"
-    ) and
-    // that is not used for string replacement
-    not exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
+private module Impl implements
+MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl> {
+  predicate isUsedAsReplace(RegExpPatternSource pattern) {
+    exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
       name = mcn.getMethodName() and
       arg = mcn.getArgument(0)
     |
       (
-        src.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
-        src.getAParse() = arg
+        pattern.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
+        pattern.getAParse() = arg
       ) and
       name = ["sub", "sub!", "gsub", "gsub!"]
-    ) and
-    msg =
-      "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
-        "' is anchored at the " + direction +
-        ", but the other parts of this regular expression are not"
-  )
+    )
+  }
+
+  string getEndAnchorText() { result = "\\z" }
 }
 
-/**
- * Holds if `src` contains a hostname pattern that uses the `^/$` line anchors
- * rather than `\A/\z` which match the start/end of the whole string.
- */
-predicate isLineAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  // avoid double reporting
-  not (
-    isSemiAnchoredHostnameRegExp(src, _) or
-    hasMisleadingAnchorPrecedence(src, _)
-  ) and
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    (
-      tld.getChild(0).(RegExpCaret).getChar() = "^" or
-      tld.getLastChild().(RegExpDollar).getChar() = "$"
-    ) and
-    msg =
-      "This hostname pattern uses anchors such as '^' and '$', which match the start and end of a line, not the whole string. Use '\\A' and '\\z' instead."
-  )
-}
-
-/**
- * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
- */
-predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    tld.getChild(0) instanceof RegExpCaret and
-    msg =
-      "This hostname pattern may match any domain name, as it is missing a '\\z' or '/' at the end."
-  )
-}
-
-/**
- * Holds if `src` is an unanchored pattern for a URL, indicating a
- * mistake explained by `msg`.
- */
-predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
-    alwaysMatchesHostname(term) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld) and
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    not term.getAChild*() instanceof RegExpAnchor and
-    // that is not used for string replacement
-    not exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
-      name = mcn.getMethodName() and
-      arg = mcn.getArgument(0)
-    |
-      (
-        src.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
-        src.getAParse() = arg
-      ) and
-      name = ["sub", "sub!", "gsub", "gsub!"]
-    ) and
-    msg =
-      "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
-  )
-}
+import MissingRegExpAnchor::Make<TreeImpl, HostnameRegexp::Impl, Impl>
 
 from DataFlow::Node nd, string msg
 where
diff --git a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
index 4258ddeda5e..62b088355b5 100644
--- a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
+++ b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
@@ -12,17 +12,18 @@
  *       external/cwe/cwe-020
  */
 
-import codeql.ruby.security.OverlyLargeRangeQuery
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>
 
-RegExpCharacterClass potentialMisparsedCharClass() {
+TreeView::RegExpCharacterClass potentialMisparsedCharClass() {
   // some escapes, e.g. [\000-\037] are currently misparsed.
-  result.getAChild().(RegExpNormalChar).getValue() = "\\"
+  result.getAChild().(TreeView::RegExpNormalChar).getValue() = "\\"
   or
   // nested char classes are currently misparsed
-  result.getAChild().(RegExpNormalChar).getValue() = "["
+  result.getAChild().(TreeView::RegExpNormalChar).getValue() = "["
 }
 
-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where
   problem(range, reason) and
   not range.getParent() = potentialMisparsedCharClass()
diff --git a/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp b/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp
index eea2281cc4a..2c220ba7aea 100644
--- a/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp
+++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.inc.qhelp
@@ -6,15 +6,19 @@
 <p>If <code>Kernel.open</code> is given a file name that starts with a <code>|</code>
 character, it will execute the remaining string as a shell command. If a
 malicious user can control the file name, they can execute arbitrary code.
-The same vulnerability applies to <code>IO.read</code>.
+The same vulnerability applies to <code>IO.read</code>, <code>IO.write</code>,
+<code>IO.binread</code>, <code>IO.binwrite</code>, <code>IO.foreach</code>,
+<code>IO.readlines</code> and <code>URI.open</code>.
 </p>
 
 </overview>
 <recommendation>
 
 <p>Use <code>File.open</code> instead of <code>Kernel.open</code>, as the former
-does not have this vulnerability. Similarly, use <code>File.read</code> instead
+does not have this vulnerability. Similarly, use the methods from the <code>File</code>
+class instead of the <code>IO</code> class e.g. <code>File.read</code> instead
 of <code>IO.read</code>.</p>
+<p>Instead of <code>URI.open</code> use <code>URI(..).open</code> or an HTTP Client.</p>
 
 </recommendation>
 <example>
@@ -36,6 +40,7 @@ user-supplied file path.
 <li>
 OWASP:
 <a href="https://www.owasp.org/index.php/Command_Injection">Command Injection</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html#command-injection">Ruby on Rails Cheat Sheet: Command Injection</a>.
 </li>
 
 <li>
diff --git a/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql b/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
index 6e03bcb06c2..b88d42fb609 100644
--- a/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
+++ b/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
@@ -1,6 +1,7 @@
 /**
- * @name Use of `Kernel.open` or `IO.read` with user-controlled input
- * @description Using `Kernel.open` or `IO.read` may allow a malicious
+ * @name Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input
+ * @description Using `Kernel.open`, `IO.read`, `IO.write`, `IO.binread`, `IO.binwrite`,
+ *              `IO.foreach`, `IO.readlines`, or `URI.open` may allow a malicious
  *              user to execute arbitrary system commands.
  * @kind path-problem
  * @problem.severity error
@@ -32,7 +33,8 @@ class Configuration extends TaintTracking::Configuration {
 
   override predicate isSanitizer(DataFlow::Node node) {
     node instanceof StringConstCompareBarrier or
-    node instanceof StringConstArrayInclusionCallBarrier
+    node instanceof StringConstArrayInclusionCallBarrier or
+    node instanceof Sanitizer
   }
 }
 
diff --git a/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
index a7cb2500c54..bdb3527ec47 100644
--- a/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
+++ b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
@@ -1,6 +1,7 @@
 /**
- * @name Use of `Kernel.open` or `IO.read` with a non-constant value
- * @description Using `Kernel.open` or `IO.read` may allow a malicious
+ * @name Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value
+ * @description Using `Kernel.open`, `IO.read`, `IO.write`, `IO.binread`, `IO.binwrite`,
+ *              `IO.foreach`, `IO.readlines`, or `URI.open` may allow a malicious
  *              user to execute arbitrary system commands.
  * @kind problem
  * @problem.severity warning
@@ -15,15 +16,25 @@
  */
 
 import codeql.ruby.security.KernelOpenQuery
-import codeql.ruby.ast.Literal
+import codeql.ruby.AST
+import codeql.ruby.ApiGraphs
 
 from AmbiguousPathCall call
 where
-  // there is not a constant string argument
-  not exists(call.getPathArgument().getConstantValue()) and
-  // if it's a format string, then the first argument is not a constant string
-  not call.getPathArgument().getALocalSource().asExpr().getExpr().(StringLiteral).getComponent(0)
-    instanceof StringTextComponent
+  not hasConstantPrefix(call.getPathArgument().getALocalSource().asExpr().getExpr()) and
+  not call.getPathArgument().getALocalSource() =
+    API::getTopLevelMember("File").getAMethodCall("join")
 select call,
   "Call to " + call.getName() + " with a non-constant value. Consider replacing it with " +
     call.getReplacement() + "."
+
+predicate hasConstantPrefix(Expr e) {
+  // if it's a format string, then the first argument is not a constant string
+  e.(StringlikeLiteral).getComponent(0) instanceof StringTextComponent
+  or
+  // it is not a constant string argument
+  exists(e.getConstantValue())
+  or
+  // not a concatenation that starts with a constant string
+  hasConstantPrefix(e.(AddExpr).getLeftOperand())
+}
diff --git a/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql b/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
index fa7bc13402c..28be96deb7d 100644
--- a/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
@@ -11,28 +11,11 @@
  *       external/cwe/cwe-089
  */
 
-import codeql.ruby.AST
-import codeql.ruby.Concepts
 import codeql.ruby.DataFlow
-import codeql.ruby.dataflow.BarrierGuards
-import codeql.ruby.dataflow.RemoteFlowSources
-import codeql.ruby.TaintTracking
+import codeql.ruby.security.SqlInjectionQuery
 import DataFlow::PathGraph
 
-class SqlInjectionConfiguration extends TaintTracking::Configuration {
-  SqlInjectionConfiguration() { this = "SQLInjectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SqlExecution }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof StringConstCompareBarrier or
-    node instanceof StringConstArrayInclusionCallBarrier
-  }
-}
-
-from SqlInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
+from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This SQL query depends on a $@.", source.getNode(),
   "user-provided value"
diff --git a/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql b/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
index 80829e2f062..65edb41fd2f 100644
--- a/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
+++ b/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
@@ -14,7 +14,8 @@
  *       external/cwe/cwe-186
  */
 
-import codeql.ruby.security.BadTagFilterQuery
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView>
 
 from HtmlMatchingRegExp regexp, string msg
 where msg = min(string m | isBadRegexpFilter(regexp, m) | m order by m.length(), m) // there might be multiple, we arbitrarily pick the shortest one
diff --git a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
index b2090431a17..7a78c9d9f25 100644
--- a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
+++ b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
@@ -16,11 +16,10 @@
 import DataFlow::PathGraph
 import codeql.ruby.DataFlow
 import codeql.ruby.security.regexp.PolynomialReDoSQuery
-import codeql.ruby.security.regexp.SuperlinearBackTracking
 
 from
   PolynomialReDoS::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink,
-  PolynomialReDoS::Sink sinkNode, PolynomialBackTrackingTerm regexp
+  PolynomialReDoS::Sink sinkNode, PolynomialReDoS::PolynomialBackTrackingTerm regexp
 where
   config.hasFlowPath(source, sink) and
   sinkNode = sink.getNode() and
diff --git a/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql b/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
index 2bdbfb7ca38..355caeddca8 100644
--- a/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
+++ b/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
@@ -14,11 +14,10 @@
  *       external/cwe/cwe-400
  */
 
-import codeql.ruby.security.regexp.ExponentialBackTracking
-import codeql.ruby.security.regexp.NfaUtils
-import codeql.ruby.Regexp
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>
 
-from RegExpTerm t, string pump, State s, string prefixMsg
+from TreeView::RegExpTerm t, string pump, State s, string prefixMsg
 where hasReDoSResult(t, pump, s, prefixMsg)
 select t,
   "This part of the regular expression may cause exponential backtracking on strings " + prefixMsg +
diff --git a/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.qhelp b/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.qhelp
new file mode 100644
index 00000000000..793138256ff
--- /dev/null
+++ b/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.qhelp
@@ -0,0 +1,49 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+
+<p>
+Software developers often add stack traces to error messages, as a debugging
+aid. Whenever that error message occurs for an end user, the developer can use
+the stack trace to help identify how to fix the problem. In particular, stack
+traces can tell the developer more about the sequence of events that led to a
+failure, as opposed to merely the final state of the software when the error
+occurred.
+</p>
+
+<p>
+Unfortunately, the same information can be useful to an attacker.  The sequence
+of class or method names in a stack trace can reveal the structure of the
+application as well as any internal components it relies on.  Furthermore, the
+error message at the top of a stack trace can include information such as
+server-side file names and SQL code that the application relies on, allowing an
+attacker to fine-tune a subsequent injection attack.
+</p>
+</overview>
+
+<recommendation>
+<p>
+Send the user a more generic error message that reveals less information.
+Either suppress the stack trace entirely, or log it only on the server.
+</p>
+</recommendation>
+
+<example>
+<p>
+In the following example, an exception is handled in two different ways. In the
+first version, labeled BAD, the exception is exposed to the remote user by
+rendering it as an HTTP response. As such, the user is able to see a detailed
+stack trace, which may contain sensitive information. In the second version, the
+error message is logged only on the server, and a generic error message is
+displayed to the user. That way, the developers can still access and use the
+error log, but remote users will not see the information.  </p>
+
+<sample src="examples/StackTraceExposure.rb" />
+</example>
+
+<references>
+<li>OWASP: <a href="https://owasp.org/www-community/Improper_Error_Handling">Improper Error Handling</a>.</li>
+</references>
+</qhelp>
diff --git a/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql b/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
new file mode 100644
index 00000000000..95ea4a86908
--- /dev/null
+++ b/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
@@ -0,0 +1,23 @@
+/**
+ * @name Information exposure through an exception
+ * @description Leaking information about an exception, such as messages and stack traces, to an
+ *              external user can expose implementation details that are useful to an attacker for
+ *              developing a subsequent exploit.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 5.4
+ * @precision high
+ * @id rb/stack-trace-exposure
+ * @tags security
+ *       external/cwe/cwe-209
+ *       external/cwe/cwe-497
+ */
+
+import codeql.ruby.DataFlow
+import codeql.ruby.security.StackTraceExposureQuery
+import DataFlow::PathGraph
+
+from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
+where config.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "$@ can be exposed to an external user.", source.getNode(),
+  "Error information"
diff --git a/ruby/ql/src/queries/security/cwe-209/examples/StackTraceExposure.rb b/ruby/ql/src/queries/security/cwe-209/examples/StackTraceExposure.rb
new file mode 100644
index 00000000000..86cd38f5c30
--- /dev/null
+++ b/ruby/ql/src/queries/security/cwe-209/examples/StackTraceExposure.rb
@@ -0,0 +1,18 @@
+class UsersController < ApplicationController
+
+  def update_bad(id)
+    do_computation()
+  rescue => e
+    # BAD
+    render body: e.backtrace, content_type: "text/plain"
+  end
+
+  def update_good(id)
+    do_computation()
+  rescue => e
+    # GOOD
+    logger.error e.backtrace
+    render body: "Computation failed", content_type: "text/plain"
+  end
+
+end
\ No newline at end of file
diff --git a/ruby/ql/test/TestUtilities/InlineFlowTest.qll b/ruby/ql/test/TestUtilities/InlineFlowTest.qll
index 462ae240865..dbac70ede0a 100644
--- a/ruby/ql/test/TestUtilities/InlineFlowTest.qll
+++ b/ruby/ql/test/TestUtilities/InlineFlowTest.qll
@@ -3,7 +3,6 @@
  *
  * Example for a test.ql:
  * ```ql
- *  *import codeql.ruby.AST
  * import TestUtilities.InlineFlowTest
  * import PathGraph
  *
diff --git a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
index 9c26785029e..e683bccb8da 100644
--- a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
+++ b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
@@ -526,17 +526,20 @@ case.rb:
 #-----|  -> exit if_in_case (normal)
 
 #    2| call to x1
-#-----|  -> when ...
+#-----|  -> 1
 
 #    2| self
 #-----|  -> call to x1
 
-#    3| when ...
-#-----|  -> 1
+#    3| [match] when ...
+#-----| match -> self
+
+#    3| [no-match] when ...
+#-----| no-match -> 2
 
 #    3| 1
-#-----| match -> self
-#-----| no-match -> when ...
+#-----| match -> [match] when ...
+#-----| no-match -> [no-match] when ...
 
 #    3| then ...
 #-----|  -> case ...
@@ -569,12 +572,15 @@ case.rb:
 #    3| x2
 #-----|  -> "x2"
 
-#    4| when ...
-#-----|  -> 2
+#    4| [match] when ...
+#-----| match -> self
+
+#    4| [no-match] when ...
+#-----| no-match -> case ...
 
 #    4| 2
-#-----| no-match -> case ...
-#-----| match -> self
+#-----| match -> [match] when ...
+#-----| no-match -> [no-match] when ...
 
 #    4| then ...
 #-----|  -> case ...
@@ -811,7 +817,7 @@ case.rb:
 #-----|  -> [ ..., * ]
 
 #   35| [ ..., * ]
-#-----| match -> x
+#-----| false, match, true -> x
 #-----| no-match -> in ... then ...
 
 #   35| x
@@ -821,7 +827,7 @@ case.rb:
 #-----|  -> [ ..., * ]
 
 #   36| [ ..., * ]
-#-----| match -> x
+#-----| false, match, true -> x
 #-----| no-match -> in ... then ...
 
 #   36| x
@@ -836,7 +842,7 @@ case.rb:
 
 #   37| [ ..., * ]
 #-----| raise -> exit case_match_array (abnormal)
-#-----| match -> a
+#-----| false, match, true -> a
 
 #   37| a
 #-----| match -> b
@@ -881,7 +887,7 @@ case.rb:
 
 #   43| [ *,...,* ]
 #-----| raise -> exit case_match_find (abnormal)
-#-----| match -> x
+#-----| false, match, true -> x
 
 #   43| x
 #-----|  -> 1
@@ -931,7 +937,7 @@ case.rb:
 #-----| no-match -> in ... then ...
 
 #   49| { ..., ** }
-#-----| match -> 1
+#-----| false, match, true -> 1
 #-----| no-match -> in ... then ...
 
 #   49| 1
@@ -952,7 +958,7 @@ case.rb:
 #-----| no-match -> in ... then ...
 
 #   50| { ..., ** }
-#-----| match -> 1
+#-----| false, match, true -> 1
 #-----| no-match -> in ... then ...
 
 #   50| 1
@@ -968,7 +974,7 @@ case.rb:
 
 #   51| { ..., ** }
 #-----| raise -> exit case_match_hash (abnormal)
-#-----| match -> case ...
+#-----| false, match, true -> case ...
 
 #   55| case_match_variable
 #-----|  -> case_match_underscore
@@ -1372,7 +1378,7 @@ case.rb:
 
 #   91| { ..., ** }
 #-----| raise -> exit case_match_various (abnormal)
-#-----| match -> case ...
+#-----| false, match, true -> case ...
 
 #   95| case_match_guard_no_else
 #-----|  -> exit case.rb (normal)
@@ -1826,17 +1832,20 @@ cfg.rb:
 #-----|  -> call to puts
 
 #   41| case ...
-#-----|  -> when ...
+#-----|  -> b
 
 #   41| 10
-#-----|  -> when ...
-
-#   42| when ...
 #-----|  -> 1
 
-#   42| 1
+#   42| [match] when ...
 #-----| match -> self
-#-----| no-match -> when ...
+
+#   42| [no-match] when ...
+#-----| no-match -> 2
+
+#   42| 1
+#-----| match -> [match] when ...
+#-----| no-match -> [no-match] when ...
 
 #   42| then ...
 #-----|  -> case ...
@@ -1853,20 +1862,23 @@ cfg.rb:
 #   42| one
 #-----|  -> "one"
 
-#   43| when ...
-#-----|  -> 2
+#   43| [match] when ...
+#-----| match -> self
+
+#   43| [no-match] when ...
+#-----| no-match -> self
 
 #   43| 2
+#-----| match -> [match] when ...
 #-----| no-match -> 3
-#-----| match -> self
 
 #   43| 3
+#-----| match -> [match] when ...
 #-----| no-match -> 4
-#-----| match -> self
 
 #   43| 4
-#-----| match -> self
-#-----| no-match -> self
+#-----| match -> [match] when ...
+#-----| no-match -> [no-match] when ...
 
 #   43| then ...
 #-----|  -> case ...
@@ -1901,15 +1913,18 @@ cfg.rb:
 #   47| case ...
 #-----|  -> chained
 
-#   48| when ...
-#-----|  -> b
+#   48| [false] when ...
+#-----| false -> b
+
+#   48| [true] when ...
+#-----| true -> self
 
 #   48| b
 #-----|  -> 1
 
 #   48| ... == ...
-#-----| true -> self
-#-----| false -> when ...
+#-----| false -> [false] when ...
+#-----| true -> [true] when ...
 
 #   48| 1
 #-----|  -> ... == ...
@@ -1929,15 +1944,18 @@ cfg.rb:
 #   48| one
 #-----|  -> "one"
 
-#   49| when ...
-#-----|  -> b
+#   49| [false] when ...
+#-----| false -> case ...
+
+#   49| [true] when ...
+#-----| true -> self
 
 #   49| b
 #-----|  -> 0
 
 #   49| ... == ...
+#-----| true -> [true] when ...
 #-----| false -> b
-#-----| true -> self
 
 #   49| 0
 #-----|  -> ... == ...
@@ -1946,8 +1964,8 @@ cfg.rb:
 #-----|  -> 1
 
 #   49| ... > ...
-#-----| false -> case ...
-#-----| true -> self
+#-----| false -> [false] when ...
+#-----| true -> [true] when ...
 
 #   49| 1
 #-----|  -> ... > ...
@@ -2559,7 +2577,7 @@ cfg.rb:
 #-----|  -> type
 
 #  101| value
-#-----| no-match -> 42
+#-----| false, no-match, true -> 42
 #-----| match -> key
 
 #  101| 42
@@ -6535,7 +6553,7 @@ raise.rb:
 #-----|  -> m11
 
 #  121| p
-#-----| no-match -> self
+#-----| false, no-match, true -> self
 #-----| match -> self
 
 #  121| call to raise
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
index a50542e8df3..c308ce9d820 100644
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected
@@ -1,4 +1,5 @@
-WARNING: Type BarrierGuard has been deprecated and may be removed in future (barrier-guards.ql:9,3-15)
+WARNING: Type BarrierGuard has been deprecated and may be removed in future (barrier-guards.ql:10,3-15)
+failures
 oldStyleBarrierGuards
 | barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | barrier-guards.rb:3:4:3:6 | foo | true |
 | barrier-guards.rb:9:4:9:24 | call to include? | barrier-guards.rb:10:5:10:7 | foo | barrier-guards.rb:9:21:9:23 | foo | true |
@@ -9,6 +10,15 @@ oldStyleBarrierGuards
 | barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:4:43:6 | foo | true |
 | barrier-guards.rb:70:4:70:21 | call to include? | barrier-guards.rb:71:5:71:7 | foo | barrier-guards.rb:70:18:70:20 | foo | true |
 | barrier-guards.rb:82:4:82:25 | ... != ... | barrier-guards.rb:83:5:83:7 | foo | barrier-guards.rb:82:15:82:17 | foo | true |
+| barrier-guards.rb:207:4:207:15 | ... == ... | barrier-guards.rb:208:5:208:7 | foo | barrier-guards.rb:207:4:207:6 | foo | true |
+| barrier-guards.rb:211:10:211:21 | ... == ... | barrier-guards.rb:212:5:212:7 | foo | barrier-guards.rb:211:10:211:12 | foo | true |
+| barrier-guards.rb:215:16:215:27 | ... == ... | barrier-guards.rb:216:5:216:7 | foo | barrier-guards.rb:215:16:215:18 | foo | true |
+| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:219:21:219:23 | foo | barrier-guards.rb:219:4:219:6 | foo | true |
+| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | barrier-guards.rb:219:4:219:6 | foo | true |
+| barrier-guards.rb:219:21:219:32 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | barrier-guards.rb:219:21:219:23 | foo | true |
+| barrier-guards.rb:232:6:232:17 | ... == ... | barrier-guards.rb:233:5:233:7 | foo | barrier-guards.rb:232:6:232:8 | foo | true |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:237:24:237:26 | foo | barrier-guards.rb:237:6:237:8 | foo | true |
+| barrier-guards.rb:268:1:268:12 | ... == ... | barrier-guards.rb:268:17:268:19 | foo | barrier-guards.rb:268:1:268:3 | foo | true |
 newStyleBarrierGuards
 | barrier-guards.rb:4:5:4:7 | foo |
 | barrier-guards.rb:10:5:10:7 | foo |
@@ -20,6 +30,26 @@ newStyleBarrierGuards
 | barrier-guards.rb:71:5:71:7 | foo |
 | barrier-guards.rb:83:5:83:7 | foo |
 | barrier-guards.rb:91:5:91:7 | foo |
+| barrier-guards.rb:126:5:126:7 | foo |
+| barrier-guards.rb:133:5:133:7 | foo |
+| barrier-guards.rb:135:5:135:7 | foo |
+| barrier-guards.rb:140:5:140:7 | foo |
+| barrier-guards.rb:142:5:142:7 | foo |
+| barrier-guards.rb:149:5:149:7 | foo |
+| barrier-guards.rb:154:5:154:7 | foo |
+| barrier-guards.rb:159:5:159:7 | foo |
+| barrier-guards.rb:164:5:164:7 | foo |
+| barrier-guards.rb:192:5:192:7 | foo |
+| barrier-guards.rb:196:5:196:7 | foo |
+| barrier-guards.rb:208:5:208:7 | foo |
+| barrier-guards.rb:212:5:212:7 | foo |
+| barrier-guards.rb:216:5:216:7 | foo |
+| barrier-guards.rb:219:21:219:23 | foo |
+| barrier-guards.rb:220:5:220:7 | foo |
+| barrier-guards.rb:233:5:233:7 | foo |
+| barrier-guards.rb:237:24:237:26 | foo |
+| barrier-guards.rb:244:5:244:7 | foo |
+| barrier-guards.rb:268:17:268:19 | foo |
 controls
 | barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | true |
 | barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:6:5:6:7 | foo | false |
@@ -67,3 +97,228 @@ controls
 | barrier-guards.rb:118:8:118:8 | call to x | barrier-guards.rb:118:4:118:8 | [true] not ... | false |
 | barrier-guards.rb:118:8:118:8 | call to x | barrier-guards.rb:119:5:119:7 | foo | false |
 | barrier-guards.rb:118:8:118:8 | call to x | barrier-guards.rb:121:5:121:8 | bars | true |
+| barrier-guards.rb:125:1:126:19 | [match] when ... | barrier-guards.rb:126:5:126:7 | foo | match |
+| barrier-guards.rb:125:1:126:19 | [no-match] when ... | barrier-guards.rb:128:5:128:7 | foo | no-match |
+| barrier-guards.rb:125:6:125:10 | "foo" | barrier-guards.rb:125:1:126:19 | [match] when ... | match |
+| barrier-guards.rb:125:6:125:10 | "foo" | barrier-guards.rb:125:1:126:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:125:6:125:10 | "foo" | barrier-guards.rb:126:5:126:7 | foo | match |
+| barrier-guards.rb:125:6:125:10 | "foo" | barrier-guards.rb:128:5:128:7 | foo | no-match |
+| barrier-guards.rb:132:1:133:19 | [match] when ... | barrier-guards.rb:133:5:133:7 | foo | match |
+| barrier-guards.rb:132:1:133:19 | [no-match] when ... | barrier-guards.rb:134:1:135:19 | [match] when ... | no-match |
+| barrier-guards.rb:132:1:133:19 | [no-match] when ... | barrier-guards.rb:134:1:135:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:132:1:133:19 | [no-match] when ... | barrier-guards.rb:134:7:134:9 | bar | no-match |
+| barrier-guards.rb:132:1:133:19 | [no-match] when ... | barrier-guards.rb:135:5:135:7 | foo | no-match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:132:1:133:19 | [match] when ... | match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:132:1:133:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:133:5:133:7 | foo | match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:134:1:135:19 | [match] when ... | no-match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:134:1:135:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:134:7:134:9 | bar | no-match |
+| barrier-guards.rb:132:6:132:10 | "foo" | barrier-guards.rb:135:5:135:7 | foo | no-match |
+| barrier-guards.rb:134:1:135:19 | [match] when ... | barrier-guards.rb:135:5:135:7 | foo | match |
+| barrier-guards.rb:134:6:134:10 | "bar" | barrier-guards.rb:134:1:135:19 | [match] when ... | match |
+| barrier-guards.rb:134:6:134:10 | "bar" | barrier-guards.rb:134:1:135:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:134:6:134:10 | "bar" | barrier-guards.rb:135:5:135:7 | foo | match |
+| barrier-guards.rb:139:1:140:19 | [match] when ... | barrier-guards.rb:140:5:140:7 | foo | match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:141:1:142:19 | [match] when ... | no-match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:141:1:142:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:141:7:141:9 | baz | no-match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:141:14:141:17 | quux | no-match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:142:5:142:7 | foo | no-match |
+| barrier-guards.rb:139:1:140:19 | [no-match] when ... | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:139:1:140:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:139:14:139:16 | bar | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:141:1:142:19 | [match] when ... | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:141:1:142:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:141:7:141:9 | baz | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:141:14:141:17 | quux | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:142:5:142:7 | foo | no-match |
+| barrier-guards.rb:139:6:139:10 | "foo" | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:139:1:140:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:141:1:142:19 | [match] when ... | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:141:1:142:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:141:7:141:9 | baz | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:141:14:141:17 | quux | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:142:5:142:7 | foo | no-match |
+| barrier-guards.rb:139:13:139:17 | "bar" | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:141:1:142:19 | [match] when ... | barrier-guards.rb:142:5:142:7 | foo | match |
+| barrier-guards.rb:141:1:142:19 | [no-match] when ... | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:141:6:141:10 | "baz" | barrier-guards.rb:141:1:142:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:141:6:141:10 | "baz" | barrier-guards.rb:141:14:141:17 | quux | no-match |
+| barrier-guards.rb:141:6:141:10 | "baz" | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:141:13:141:18 | "quux" | barrier-guards.rb:141:1:142:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:141:13:141:18 | "quux" | barrier-guards.rb:144:5:144:7 | foo | no-match |
+| barrier-guards.rb:148:1:149:19 | [match] when ... | barrier-guards.rb:149:5:149:7 | foo | match |
+| barrier-guards.rb:148:6:148:20 | * ... | barrier-guards.rb:148:1:149:19 | [match] when ... | match |
+| barrier-guards.rb:148:6:148:20 | * ... | barrier-guards.rb:148:1:149:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:148:6:148:20 | * ... | barrier-guards.rb:149:5:149:7 | foo | match |
+| barrier-guards.rb:153:1:154:19 | [match] when ... | barrier-guards.rb:154:5:154:7 | foo | match |
+| barrier-guards.rb:153:6:153:17 | * ... | barrier-guards.rb:153:1:154:19 | [match] when ... | match |
+| barrier-guards.rb:153:6:153:17 | * ... | barrier-guards.rb:153:1:154:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:153:6:153:17 | * ... | barrier-guards.rb:154:5:154:7 | foo | match |
+| barrier-guards.rb:158:1:159:19 | [match] when ... | barrier-guards.rb:159:5:159:7 | foo | match |
+| barrier-guards.rb:158:6:158:9 | * ... | barrier-guards.rb:158:1:159:19 | [match] when ... | match |
+| barrier-guards.rb:158:6:158:9 | * ... | barrier-guards.rb:158:1:159:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:158:6:158:9 | * ... | barrier-guards.rb:159:5:159:7 | foo | match |
+| barrier-guards.rb:163:1:164:19 | [match] when ... | barrier-guards.rb:164:5:164:7 | foo | match |
+| barrier-guards.rb:163:6:163:10 | * ... | barrier-guards.rb:163:1:164:19 | [match] when ... | match |
+| barrier-guards.rb:163:6:163:10 | * ... | barrier-guards.rb:163:1:164:19 | [no-match] when ... | no-match |
+| barrier-guards.rb:163:6:163:10 | * ... | barrier-guards.rb:164:5:164:7 | foo | match |
+| barrier-guards.rb:168:1:169:7 | [match] when ... | barrier-guards.rb:169:5:169:7 | foo | match |
+| barrier-guards.rb:168:6:168:16 | * ... | barrier-guards.rb:168:1:169:7 | [match] when ... | match |
+| barrier-guards.rb:168:6:168:16 | * ... | barrier-guards.rb:168:1:169:7 | [no-match] when ... | no-match |
+| barrier-guards.rb:168:6:168:16 | * ... | barrier-guards.rb:169:5:169:7 | foo | match |
+| barrier-guards.rb:173:1:174:7 | [match] when ... | barrier-guards.rb:174:5:174:7 | foo | match |
+| barrier-guards.rb:173:6:173:10 | "foo" | barrier-guards.rb:173:1:174:7 | [no-match] when ... | no-match |
+| barrier-guards.rb:173:6:173:10 | "foo" | barrier-guards.rb:173:13:173:13 | self | no-match |
+| barrier-guards.rb:173:13:173:13 | call to x | barrier-guards.rb:173:1:174:7 | [no-match] when ... | no-match |
+| barrier-guards.rb:180:1:181:7 | [match] when ... | barrier-guards.rb:181:5:181:7 | foo | match |
+| barrier-guards.rb:180:6:180:15 | * ... | barrier-guards.rb:180:1:181:7 | [match] when ... | match |
+| barrier-guards.rb:180:6:180:15 | * ... | barrier-guards.rb:180:1:181:7 | [no-match] when ... | no-match |
+| barrier-guards.rb:180:6:180:15 | * ... | barrier-guards.rb:181:5:181:7 | foo | match |
+| barrier-guards.rb:187:1:188:7 | [match] when ... | barrier-guards.rb:188:5:188:7 | foo | match |
+| barrier-guards.rb:187:6:187:15 | * ... | barrier-guards.rb:187:1:188:7 | [match] when ... | match |
+| barrier-guards.rb:187:6:187:15 | * ... | barrier-guards.rb:187:1:188:7 | [no-match] when ... | no-match |
+| barrier-guards.rb:187:6:187:15 | * ... | barrier-guards.rb:188:5:188:7 | foo | match |
+| barrier-guards.rb:191:4:191:15 | ... == ... | barrier-guards.rb:191:4:191:31 | [false] ... or ... | false |
+| barrier-guards.rb:191:4:191:15 | ... == ... | barrier-guards.rb:191:20:191:22 | foo | false |
+| barrier-guards.rb:191:4:191:31 | [true] ... or ... | barrier-guards.rb:192:5:192:7 | foo | true |
+| barrier-guards.rb:191:20:191:31 | ... == ... | barrier-guards.rb:191:4:191:31 | [false] ... or ... | false |
+| barrier-guards.rb:195:4:195:15 | ... == ... | barrier-guards.rb:195:4:195:31 | [false] ... or ... | false |
+| barrier-guards.rb:195:4:195:15 | ... == ... | barrier-guards.rb:195:4:195:47 | [false] ... or ... | false |
+| barrier-guards.rb:195:4:195:15 | ... == ... | barrier-guards.rb:195:20:195:22 | foo | false |
+| barrier-guards.rb:195:4:195:15 | ... == ... | barrier-guards.rb:195:36:195:38 | foo | false |
+| barrier-guards.rb:195:4:195:31 | [false] ... or ... | barrier-guards.rb:195:4:195:47 | [false] ... or ... | false |
+| barrier-guards.rb:195:4:195:31 | [false] ... or ... | barrier-guards.rb:195:36:195:38 | foo | false |
+| barrier-guards.rb:195:4:195:47 | [true] ... or ... | barrier-guards.rb:196:5:196:7 | foo | true |
+| barrier-guards.rb:195:20:195:31 | ... == ... | barrier-guards.rb:195:4:195:31 | [false] ... or ... | false |
+| barrier-guards.rb:195:20:195:31 | ... == ... | barrier-guards.rb:195:4:195:47 | [false] ... or ... | false |
+| barrier-guards.rb:195:20:195:31 | ... == ... | barrier-guards.rb:195:36:195:38 | foo | false |
+| barrier-guards.rb:195:36:195:47 | ... == ... | barrier-guards.rb:195:4:195:47 | [false] ... or ... | false |
+| barrier-guards.rb:199:4:199:15 | ... == ... | barrier-guards.rb:199:4:199:31 | [false] ... or ... | false |
+| barrier-guards.rb:199:4:199:15 | ... == ... | barrier-guards.rb:199:4:199:43 | [false] ... or ... | false |
+| barrier-guards.rb:199:4:199:15 | ... == ... | barrier-guards.rb:199:20:199:22 | foo | false |
+| barrier-guards.rb:199:4:199:15 | ... == ... | barrier-guards.rb:199:36:199:38 | foo | false |
+| barrier-guards.rb:199:4:199:31 | [false] ... or ... | barrier-guards.rb:199:4:199:43 | [false] ... or ... | false |
+| barrier-guards.rb:199:4:199:31 | [false] ... or ... | barrier-guards.rb:199:36:199:38 | foo | false |
+| barrier-guards.rb:199:4:199:43 | [true] ... or ... | barrier-guards.rb:200:5:200:7 | foo | true |
+| barrier-guards.rb:199:20:199:31 | ... == ... | barrier-guards.rb:199:4:199:31 | [false] ... or ... | false |
+| barrier-guards.rb:199:20:199:31 | ... == ... | barrier-guards.rb:199:4:199:43 | [false] ... or ... | false |
+| barrier-guards.rb:199:20:199:31 | ... == ... | barrier-guards.rb:199:36:199:38 | foo | false |
+| barrier-guards.rb:199:36:199:43 | ... == ... | barrier-guards.rb:199:4:199:43 | [false] ... or ... | false |
+| barrier-guards.rb:203:4:203:15 | ... == ... | barrier-guards.rb:203:4:203:31 | [false] ... or ... | false |
+| barrier-guards.rb:203:4:203:15 | ... == ... | barrier-guards.rb:203:4:203:47 | [false] ... or ... | false |
+| barrier-guards.rb:203:4:203:15 | ... == ... | barrier-guards.rb:203:20:203:22 | self | false |
+| barrier-guards.rb:203:4:203:15 | ... == ... | barrier-guards.rb:203:36:203:38 | foo | false |
+| barrier-guards.rb:203:4:203:31 | [false] ... or ... | barrier-guards.rb:203:4:203:47 | [false] ... or ... | false |
+| barrier-guards.rb:203:4:203:31 | [false] ... or ... | barrier-guards.rb:203:36:203:38 | foo | false |
+| barrier-guards.rb:203:4:203:47 | [true] ... or ... | barrier-guards.rb:204:5:204:7 | foo | true |
+| barrier-guards.rb:203:20:203:31 | ... == ... | barrier-guards.rb:203:4:203:31 | [false] ... or ... | false |
+| barrier-guards.rb:203:20:203:31 | ... == ... | barrier-guards.rb:203:4:203:47 | [false] ... or ... | false |
+| barrier-guards.rb:203:20:203:31 | ... == ... | barrier-guards.rb:203:36:203:38 | foo | false |
+| barrier-guards.rb:203:36:203:47 | ... == ... | barrier-guards.rb:203:4:203:47 | [false] ... or ... | false |
+| barrier-guards.rb:207:4:207:15 | ... == ... | barrier-guards.rb:207:4:207:21 | [true] ... and ... | true |
+| barrier-guards.rb:207:4:207:15 | ... == ... | barrier-guards.rb:207:21:207:21 | self | true |
+| barrier-guards.rb:207:4:207:15 | ... == ... | barrier-guards.rb:208:5:208:7 | foo | true |
+| barrier-guards.rb:207:4:207:21 | [true] ... and ... | barrier-guards.rb:208:5:208:7 | foo | true |
+| barrier-guards.rb:207:21:207:21 | call to x | barrier-guards.rb:207:4:207:21 | [true] ... and ... | true |
+| barrier-guards.rb:207:21:207:21 | call to x | barrier-guards.rb:208:5:208:7 | foo | true |
+| barrier-guards.rb:211:4:211:4 | call to x | barrier-guards.rb:211:4:211:21 | [true] ... and ... | true |
+| barrier-guards.rb:211:4:211:4 | call to x | barrier-guards.rb:211:10:211:12 | foo | true |
+| barrier-guards.rb:211:4:211:4 | call to x | barrier-guards.rb:212:5:212:7 | foo | true |
+| barrier-guards.rb:211:4:211:21 | [true] ... and ... | barrier-guards.rb:212:5:212:7 | foo | true |
+| barrier-guards.rb:211:10:211:21 | ... == ... | barrier-guards.rb:211:4:211:21 | [true] ... and ... | true |
+| barrier-guards.rb:211:10:211:21 | ... == ... | barrier-guards.rb:212:5:212:7 | foo | true |
+| barrier-guards.rb:215:4:215:4 | call to x | barrier-guards.rb:215:4:215:10 | [true] ... and ... | true |
+| barrier-guards.rb:215:4:215:4 | call to x | barrier-guards.rb:215:4:215:27 | [true] ... and ... | true |
+| barrier-guards.rb:215:4:215:4 | call to x | barrier-guards.rb:215:10:215:10 | self | true |
+| barrier-guards.rb:215:4:215:4 | call to x | barrier-guards.rb:215:16:215:18 | foo | true |
+| barrier-guards.rb:215:4:215:4 | call to x | barrier-guards.rb:216:5:216:7 | foo | true |
+| barrier-guards.rb:215:4:215:10 | [true] ... and ... | barrier-guards.rb:215:4:215:27 | [true] ... and ... | true |
+| barrier-guards.rb:215:4:215:10 | [true] ... and ... | barrier-guards.rb:215:16:215:18 | foo | true |
+| barrier-guards.rb:215:4:215:10 | [true] ... and ... | barrier-guards.rb:216:5:216:7 | foo | true |
+| barrier-guards.rb:215:4:215:27 | [true] ... and ... | barrier-guards.rb:216:5:216:7 | foo | true |
+| barrier-guards.rb:215:10:215:10 | call to y | barrier-guards.rb:215:4:215:10 | [true] ... and ... | true |
+| barrier-guards.rb:215:10:215:10 | call to y | barrier-guards.rb:215:4:215:27 | [true] ... and ... | true |
+| barrier-guards.rb:215:10:215:10 | call to y | barrier-guards.rb:215:16:215:18 | foo | true |
+| barrier-guards.rb:215:10:215:10 | call to y | barrier-guards.rb:216:5:216:7 | foo | true |
+| barrier-guards.rb:215:16:215:27 | ... == ... | barrier-guards.rb:215:4:215:27 | [true] ... and ... | true |
+| barrier-guards.rb:215:16:215:27 | ... == ... | barrier-guards.rb:216:5:216:7 | foo | true |
+| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:219:4:219:32 | [true] ... and ... | true |
+| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:219:21:219:23 | foo | true |
+| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | true |
+| barrier-guards.rb:219:4:219:32 | [true] ... and ... | barrier-guards.rb:220:5:220:7 | foo | true |
+| barrier-guards.rb:219:21:219:32 | ... == ... | barrier-guards.rb:219:4:219:32 | [true] ... and ... | true |
+| barrier-guards.rb:219:21:219:32 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | true |
+| barrier-guards.rb:223:4:223:4 | call to x | barrier-guards.rb:223:4:223:10 | [true] ... and ... | true |
+| barrier-guards.rb:223:4:223:4 | call to x | barrier-guards.rb:223:10:223:10 | self | true |
+| barrier-guards.rb:223:4:223:4 | call to x | barrier-guards.rb:224:5:224:7 | foo | true |
+| barrier-guards.rb:223:4:223:10 | [true] ... and ... | barrier-guards.rb:224:5:224:7 | foo | true |
+| barrier-guards.rb:223:10:223:10 | call to y | barrier-guards.rb:223:4:223:10 | [true] ... and ... | true |
+| barrier-guards.rb:223:10:223:10 | call to y | barrier-guards.rb:224:5:224:7 | foo | true |
+| barrier-guards.rb:227:4:227:15 | ... == ... | barrier-guards.rb:227:4:227:21 | [true] ... and ... | true |
+| barrier-guards.rb:227:4:227:15 | ... == ... | barrier-guards.rb:227:21:227:21 | self | true |
+| barrier-guards.rb:227:4:227:15 | ... == ... | barrier-guards.rb:228:5:228:7 | self | true |
+| barrier-guards.rb:227:4:227:21 | [true] ... and ... | barrier-guards.rb:228:5:228:7 | self | true |
+| barrier-guards.rb:227:21:227:21 | call to y | barrier-guards.rb:227:4:227:21 | [true] ... and ... | true |
+| barrier-guards.rb:227:21:227:21 | call to y | barrier-guards.rb:228:5:228:7 | self | true |
+| barrier-guards.rb:232:1:233:19 | [true] when ... | barrier-guards.rb:233:5:233:7 | foo | true |
+| barrier-guards.rb:232:6:232:17 | ... == ... | barrier-guards.rb:232:1:233:19 | [false] when ... | false |
+| barrier-guards.rb:232:6:232:17 | ... == ... | barrier-guards.rb:232:1:233:19 | [true] when ... | true |
+| barrier-guards.rb:232:6:232:17 | ... == ... | barrier-guards.rb:233:5:233:7 | foo | true |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:238:1:238:26 | [false] when ... | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:238:1:238:26 | [true] when ... | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:238:6:238:8 | self | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:238:24:238:26 | foo | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:239:1:239:22 | [false] when ... | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:239:1:239:22 | [true] when ... | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:239:6:239:8 | foo | false |
+| barrier-guards.rb:237:1:237:38 | [false] when ... | barrier-guards.rb:239:20:239:22 | foo | false |
+| barrier-guards.rb:237:1:237:38 | [true] when ... | barrier-guards.rb:237:24:237:26 | foo | true |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:237:1:237:38 | [false] when ... | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:237:1:237:38 | [true] when ... | true |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:237:24:237:26 | foo | true |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:238:1:238:26 | [false] when ... | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:238:1:238:26 | [true] when ... | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:238:6:238:8 | self | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:238:24:238:26 | foo | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:239:1:239:22 | [false] when ... | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:239:1:239:22 | [true] when ... | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:239:6:239:8 | foo | false |
+| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:239:20:239:22 | foo | false |
+| barrier-guards.rb:238:1:238:26 | [false] when ... | barrier-guards.rb:239:1:239:22 | [false] when ... | false |
+| barrier-guards.rb:238:1:238:26 | [false] when ... | barrier-guards.rb:239:1:239:22 | [true] when ... | false |
+| barrier-guards.rb:238:1:238:26 | [false] when ... | barrier-guards.rb:239:6:239:8 | foo | false |
+| barrier-guards.rb:238:1:238:26 | [false] when ... | barrier-guards.rb:239:20:239:22 | foo | false |
+| barrier-guards.rb:238:1:238:26 | [true] when ... | barrier-guards.rb:238:24:238:26 | foo | true |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:238:1:238:26 | [false] when ... | false |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:238:1:238:26 | [true] when ... | true |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:238:24:238:26 | foo | true |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:239:1:239:22 | [false] when ... | false |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:239:1:239:22 | [true] when ... | false |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:239:6:239:8 | foo | false |
+| barrier-guards.rb:238:6:238:17 | ... == ... | barrier-guards.rb:239:20:239:22 | foo | false |
+| barrier-guards.rb:239:1:239:22 | [true] when ... | barrier-guards.rb:239:20:239:22 | foo | true |
+| barrier-guards.rb:239:6:239:13 | ... == ... | barrier-guards.rb:239:1:239:22 | [false] when ... | false |
+| barrier-guards.rb:239:6:239:13 | ... == ... | barrier-guards.rb:239:1:239:22 | [true] when ... | true |
+| barrier-guards.rb:239:6:239:13 | ... == ... | barrier-guards.rb:239:20:239:22 | foo | true |
+| barrier-guards.rb:243:4:243:8 | "foo" | barrier-guards.rb:244:5:244:7 | foo | match |
+| barrier-guards.rb:243:4:243:8 | "foo" | barrier-guards.rb:245:1:246:7 | in ... then ... | no-match |
+| barrier-guards.rb:243:4:243:8 | "foo" | barrier-guards.rb:246:5:246:7 | foo | no-match |
+| barrier-guards.rb:245:4:245:4 | x | barrier-guards.rb:246:5:246:7 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:251:5:251:7 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:254:1:256:3 | if ... | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:255:5:255:7 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:259:1:261:3 | if ... | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:260:5:260:7 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:264:1:266:3 | if ... | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:265:5:265:7 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:268:1:268:19 | ... && ... | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:268:17:268:19 | foo | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:269:1:269:19 | ... && ... | match |
+| barrier-guards.rb:250:4:250:8 | "foo" | barrier-guards.rb:269:8:269:10 | foo | match |
+| barrier-guards.rb:254:4:254:28 | ... == ... | barrier-guards.rb:255:5:255:7 | foo | true |
+| barrier-guards.rb:259:4:259:16 | ... == ... | barrier-guards.rb:260:5:260:7 | foo | true |
+| barrier-guards.rb:264:4:264:16 | ... == ... | barrier-guards.rb:265:5:265:7 | foo | true |
+| barrier-guards.rb:268:1:268:12 | ... == ... | barrier-guards.rb:268:17:268:19 | foo | true |
+| barrier-guards.rb:269:1:269:3 | foo | barrier-guards.rb:269:8:269:10 | foo | true |
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
index 7998164b6da..ff2f0bc76f4 100644
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql
@@ -4,6 +4,7 @@ import codeql.ruby.controlflow.CfgNodes
 import codeql.ruby.controlflow.ControlFlowGraph
 import codeql.ruby.controlflow.BasicBlocks
 import codeql.ruby.DataFlow
+import TestUtilities.InlineExpectationsTest
 
 query predicate oldStyleBarrierGuards(
   BarrierGuard g, DataFlow::Node guardedNode, ExprCfgNode expr, boolean branch
@@ -22,3 +23,19 @@ query predicate controls(CfgNode condition, BasicBlock bb, SuccessorTypes::Condi
     condition = cb.getLastNode()
   )
 }
+
+class BarrierGuardTest extends InlineExpectationsTest {
+  BarrierGuardTest() { this = "BarrierGuardTest" }
+
+  override string getARelevantTag() { result = "guarded" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "guarded" and
+    exists(DataFlow::Node n |
+      newStyleBarrierGuards(n) and
+      location = n.getLocation() and
+      element = n.toString() and
+      value = ""
+    )
+  }
+}
diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
index 5ead7bc04cf..1946be36275 100644
--- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
+++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.rb
@@ -1,13 +1,13 @@
 foo = "foo"
 
 if foo == "foo"
-    foo
+    foo # $ guarded
 else
     foo
 end
 
 if ["foo"].include?(foo)
-    foo
+    foo # $ guarded
 else
     foo
 end
@@ -15,17 +15,17 @@ end
 if foo != "foo"
     foo
 else
-    foo
+    foo # $ guarded
 end
 
 unless foo == "foo"
     foo
 else
-    foo
+    foo # $ guarded
 end
 
 unless foo != "foo"
-    foo
+    foo # $ guarded
 else
     foo
 end
@@ -35,14 +35,14 @@ foo
 FOO = ["foo"]
 
 if FOO.include?(foo)
-    foo
+    foo # $ guarded
 else
     foo
 end
 
 if foo == "foo"
     capture {
-        foo # guarded
+        foo # $ guarded
     }
 end
 
@@ -68,7 +68,7 @@ foos = ["foo"]
 bars = NotAnArray.new
 
 if foos.include?(foo)
-    foo
+    foo # $ guarded
 else
     foo
 end
@@ -80,7 +80,7 @@ else
 end
 
 if foos.index(foo) != nil
-    foo
+    foo # $ guarded
 else
     foo
 end
@@ -88,7 +88,7 @@ end
 if foos.index(foo) == nil
     foo
 else
-    foo
+    foo # $ guarded
 end
 
 bars = ["bar"]
@@ -120,3 +120,150 @@ if not x then
 else
     bars
 end
+
+case foo
+when "foo"
+    foo # $ guarded
+else
+    foo
+end
+
+case foo
+when "foo"
+    foo # $ guarded
+when "bar"
+    foo # $ guarded
+end
+
+case foo
+when "foo", "bar"
+    foo # $ guarded
+when "baz", "quux"
+    foo # $ guarded
+else
+    foo
+end
+
+case foo
+when *["foo", "bar"]
+    foo # $ guarded
+end
+
+case foo
+when *%w[foo bar]
+    foo # $ guarded
+end
+
+case foo
+when *FOO
+    foo # $ guarded
+end
+
+case foo
+when *foos
+    foo # $ guarded
+end
+
+case foo
+when *["foo", x] # not a guard - includes non-constant element `x`
+    foo
+end
+
+case foo
+when "foo", x # not a guard - includes non-constant element `x`
+    foo
+end
+
+foo_and_x = ["foo", x]
+
+case foo
+when *foo_and_x # not a guard - includes non-constant element `x`
+    foo
+end
+
+FOO_AND_X = ["foo", x]
+
+case foo
+when *FOO_AND_X # not a guard - includes non-constant element `x`
+    foo
+end
+
+if foo == "foo" or foo == "bar"
+    foo # $ guarded
+end
+
+if foo == "foo" or foo == "bar" or foo == "baz"
+    foo # $ guarded
+end
+
+if foo == "foo" or foo == "bar" or foo == x
+    foo
+end
+
+if foo == "foo" or bar == "bar" or foo == "baz"
+    foo
+end
+
+if foo == "foo" and x
+    foo # $ guarded
+end
+
+if x and foo == "foo"
+    foo # $ guarded
+end
+
+if x and y and foo == "foo"
+    foo # $ guarded
+end
+
+if foo == "foo" and foo == "bar" # $ guarded (second `foo` is guarded by the first comparison)
+    foo # $ guarded
+end
+
+if x and y
+    foo
+end
+
+if foo == "foo" and y
+    bar
+end
+
+case
+when foo == "foo"
+    foo # $ guarded
+end
+
+case
+when foo == "foo" then foo # $ guarded
+when bar == "bar" then foo
+when foo == x then foo
+end
+
+case foo
+in "foo"
+    foo # $ guarded
+in x
+    foo
+end
+
+case bar
+in "foo"
+    foo
+end
+
+if foo == "#{some_method()}"
+    foo
+end
+
+F = "foo"
+if foo == "#{F}"
+    foo # $ MISSING: guarded
+end
+
+f = "foo"
+if foo == "#{f}"
+    foo # $ MISSING: guarded
+end
+
+foo == "foo" && foo # $ guarded
+foo && foo == "foo"
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
index cf039c11fe0..46491d9b980 100644
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected
@@ -64,46 +64,82 @@ edges
 | call_sensitivity.rb:67:24:67:24 | x :  | call_sensitivity.rb:62:18:62:18 | y :  |
 | call_sensitivity.rb:70:30:70:30 | x :  | call_sensitivity.rb:71:10:71:10 | x |
 | call_sensitivity.rb:70:30:70:30 | x :  | call_sensitivity.rb:71:10:71:10 | x |
-| call_sensitivity.rb:74:30:74:30 | x :  | call_sensitivity.rb:75:23:75:23 | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | call_sensitivity.rb:75:23:75:23 | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | call_sensitivity.rb:75:23:75:23 | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | call_sensitivity.rb:75:23:75:23 | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:78:35:78:35 | x :  | call_sensitivity.rb:79:28:79:28 | x :  |
-| call_sensitivity.rb:78:35:78:35 | x :  | call_sensitivity.rb:79:28:79:28 | x :  |
-| call_sensitivity.rb:79:28:79:28 | x :  | call_sensitivity.rb:74:30:74:30 | x :  |
-| call_sensitivity.rb:79:28:79:28 | x :  | call_sensitivity.rb:74:30:74:30 | x :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | call_sensitivity.rb:83:25:83:25 | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | call_sensitivity.rb:83:25:83:25 | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | call_sensitivity.rb:83:25:83:25 | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | call_sensitivity.rb:83:25:83:25 | y :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
-| call_sensitivity.rb:86:35:86:35 | x :  | call_sensitivity.rb:87:34:87:34 | x :  |
-| call_sensitivity.rb:86:35:86:35 | x :  | call_sensitivity.rb:87:34:87:34 | x :  |
-| call_sensitivity.rb:87:34:87:34 | x :  | call_sensitivity.rb:82:33:82:33 | y :  |
-| call_sensitivity.rb:87:34:87:34 | x :  | call_sensitivity.rb:82:33:82:33 | y :  |
-| call_sensitivity.rb:92:11:92:18 | call to taint :  | call_sensitivity.rb:54:15:54:15 | x :  |
-| call_sensitivity.rb:92:11:92:18 | call to taint :  | call_sensitivity.rb:54:15:54:15 | x :  |
-| call_sensitivity.rb:93:16:93:23 | call to taint :  | call_sensitivity.rb:58:20:58:20 | x :  |
-| call_sensitivity.rb:93:16:93:23 | call to taint :  | call_sensitivity.rb:58:20:58:20 | x :  |
-| call_sensitivity.rb:94:14:94:22 | call to taint :  | call_sensitivity.rb:62:18:62:18 | y :  |
-| call_sensitivity.rb:94:14:94:22 | call to taint :  | call_sensitivity.rb:62:18:62:18 | y :  |
-| call_sensitivity.rb:95:16:95:24 | call to taint :  | call_sensitivity.rb:66:20:66:20 | x :  |
-| call_sensitivity.rb:95:16:95:24 | call to taint :  | call_sensitivity.rb:66:20:66:20 | x :  |
-| call_sensitivity.rb:97:21:97:28 | call to taint :  | call_sensitivity.rb:74:30:74:30 | x :  |
-| call_sensitivity.rb:97:21:97:28 | call to taint :  | call_sensitivity.rb:74:30:74:30 | x :  |
-| call_sensitivity.rb:98:26:98:33 | call to taint :  | call_sensitivity.rb:78:35:78:35 | x :  |
-| call_sensitivity.rb:98:26:98:33 | call to taint :  | call_sensitivity.rb:78:35:78:35 | x :  |
-| call_sensitivity.rb:99:24:99:32 | call to taint :  | call_sensitivity.rb:82:33:82:33 | y :  |
-| call_sensitivity.rb:99:24:99:32 | call to taint :  | call_sensitivity.rb:82:33:82:33 | y :  |
-| call_sensitivity.rb:100:26:100:33 | call to taint :  | call_sensitivity.rb:86:35:86:35 | x :  |
-| call_sensitivity.rb:100:26:100:33 | call to taint :  | call_sensitivity.rb:86:35:86:35 | x :  |
+| call_sensitivity.rb:74:18:74:18 | y :  | call_sensitivity.rb:76:17:76:17 | y :  |
+| call_sensitivity.rb:74:18:74:18 | y :  | call_sensitivity.rb:76:17:76:17 | y :  |
+| call_sensitivity.rb:76:17:76:17 | y :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:76:17:76:17 | y :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | call_sensitivity.rb:81:23:81:23 | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | call_sensitivity.rb:81:23:81:23 | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | call_sensitivity.rb:81:23:81:23 | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | call_sensitivity.rb:81:23:81:23 | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:84:35:84:35 | x :  | call_sensitivity.rb:85:28:85:28 | x :  |
+| call_sensitivity.rb:84:35:84:35 | x :  | call_sensitivity.rb:85:28:85:28 | x :  |
+| call_sensitivity.rb:85:28:85:28 | x :  | call_sensitivity.rb:80:30:80:30 | x :  |
+| call_sensitivity.rb:85:28:85:28 | x :  | call_sensitivity.rb:80:30:80:30 | x :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | call_sensitivity.rb:89:25:89:25 | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | call_sensitivity.rb:89:25:89:25 | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | call_sensitivity.rb:89:25:89:25 | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | call_sensitivity.rb:89:25:89:25 | y :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | call_sensitivity.rb:70:30:70:30 | x :  |
+| call_sensitivity.rb:92:35:92:35 | x :  | call_sensitivity.rb:93:34:93:34 | x :  |
+| call_sensitivity.rb:92:35:92:35 | x :  | call_sensitivity.rb:93:34:93:34 | x :  |
+| call_sensitivity.rb:93:34:93:34 | x :  | call_sensitivity.rb:88:33:88:33 | y :  |
+| call_sensitivity.rb:93:34:93:34 | x :  | call_sensitivity.rb:88:33:88:33 | y :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:97:10:97:10 | x |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:98:13:98:13 | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:98:13:98:13 | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:98:13:98:13 | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | call_sensitivity.rb:98:13:98:13 | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | call_sensitivity.rb:50:15:50:15 | x :  |
+| call_sensitivity.rb:102:11:102:20 | ( ... ) :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:102:11:102:20 | ( ... ) :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:102:12:102:19 | call to taint :  | call_sensitivity.rb:102:11:102:20 | ( ... ) :  |
+| call_sensitivity.rb:102:12:102:19 | call to taint :  | call_sensitivity.rb:102:11:102:20 | ( ... ) :  |
+| call_sensitivity.rb:103:11:103:18 | call to taint :  | call_sensitivity.rb:54:15:54:15 | x :  |
+| call_sensitivity.rb:103:11:103:18 | call to taint :  | call_sensitivity.rb:54:15:54:15 | x :  |
+| call_sensitivity.rb:104:16:104:23 | call to taint :  | call_sensitivity.rb:58:20:58:20 | x :  |
+| call_sensitivity.rb:104:16:104:23 | call to taint :  | call_sensitivity.rb:58:20:58:20 | x :  |
+| call_sensitivity.rb:105:14:105:22 | call to taint :  | call_sensitivity.rb:62:18:62:18 | y :  |
+| call_sensitivity.rb:105:14:105:22 | call to taint :  | call_sensitivity.rb:62:18:62:18 | y :  |
+| call_sensitivity.rb:106:16:106:24 | call to taint :  | call_sensitivity.rb:66:20:66:20 | x :  |
+| call_sensitivity.rb:106:16:106:24 | call to taint :  | call_sensitivity.rb:66:20:66:20 | x :  |
+| call_sensitivity.rb:107:14:107:22 | call to taint :  | call_sensitivity.rb:74:18:74:18 | y :  |
+| call_sensitivity.rb:107:14:107:22 | call to taint :  | call_sensitivity.rb:74:18:74:18 | y :  |
+| call_sensitivity.rb:109:21:109:28 | call to taint :  | call_sensitivity.rb:80:30:80:30 | x :  |
+| call_sensitivity.rb:109:21:109:28 | call to taint :  | call_sensitivity.rb:80:30:80:30 | x :  |
+| call_sensitivity.rb:110:26:110:33 | call to taint :  | call_sensitivity.rb:84:35:84:35 | x :  |
+| call_sensitivity.rb:110:26:110:33 | call to taint :  | call_sensitivity.rb:84:35:84:35 | x :  |
+| call_sensitivity.rb:111:24:111:32 | call to taint :  | call_sensitivity.rb:88:33:88:33 | y :  |
+| call_sensitivity.rb:111:24:111:32 | call to taint :  | call_sensitivity.rb:88:33:88:33 | y :  |
+| call_sensitivity.rb:112:26:112:33 | call to taint :  | call_sensitivity.rb:92:35:92:35 | x :  |
+| call_sensitivity.rb:112:26:112:33 | call to taint :  | call_sensitivity.rb:92:35:92:35 | x :  |
+| call_sensitivity.rb:149:14:149:22 | call to taint :  | call_sensitivity.rb:74:18:74:18 | y :  |
+| call_sensitivity.rb:149:14:149:22 | call to taint :  | call_sensitivity.rb:74:18:74:18 | y :  |
+| call_sensitivity.rb:156:19:156:19 | x :  | call_sensitivity.rb:157:12:157:12 | x :  |
+| call_sensitivity.rb:156:19:156:19 | x :  | call_sensitivity.rb:157:12:157:12 | x :  |
+| call_sensitivity.rb:157:12:157:12 | x :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:157:12:157:12 | x :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:160:11:160:19 | call to taint :  | call_sensitivity.rb:156:19:156:19 | x :  |
+| call_sensitivity.rb:160:11:160:19 | call to taint :  | call_sensitivity.rb:156:19:156:19 | x :  |
+| call_sensitivity.rb:169:11:169:20 | ( ... ) :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:169:11:169:20 | ( ... ) :  | call_sensitivity.rb:96:18:96:18 | x :  |
+| call_sensitivity.rb:169:12:169:19 | call to taint :  | call_sensitivity.rb:169:11:169:20 | ( ... ) :  |
+| call_sensitivity.rb:169:12:169:19 | call to taint :  | call_sensitivity.rb:169:11:169:20 | ( ... ) :  |
 nodes
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | semmle.label | ( ... ) |
@@ -183,46 +219,80 @@ nodes
 | call_sensitivity.rb:70:30:70:30 | x :  | semmle.label | x :  |
 | call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
 | call_sensitivity.rb:71:10:71:10 | x | semmle.label | x |
-| call_sensitivity.rb:74:30:74:30 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:74:30:74:30 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:75:23:75:23 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:78:35:78:35 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:78:35:78:35 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:79:28:79:28 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:79:28:79:28 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:82:33:82:33 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:83:25:83:25 | y :  | semmle.label | y :  |
-| call_sensitivity.rb:86:35:86:35 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:86:35:86:35 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:87:34:87:34 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:87:34:87:34 | x :  | semmle.label | x :  |
-| call_sensitivity.rb:92:11:92:18 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:92:11:92:18 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:93:16:93:23 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:93:16:93:23 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:94:14:94:22 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:94:14:94:22 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:95:16:95:24 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:95:16:95:24 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:97:21:97:28 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:97:21:97:28 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:98:26:98:33 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:98:26:98:33 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:99:24:99:32 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:99:24:99:32 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:100:26:100:33 | call to taint :  | semmle.label | call to taint :  |
-| call_sensitivity.rb:100:26:100:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:74:18:74:18 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:74:18:74:18 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:76:17:76:17 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:76:17:76:17 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:80:30:80:30 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:81:23:81:23 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:84:35:84:35 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:84:35:84:35 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:85:28:85:28 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:85:28:85:28 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:88:33:88:33 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:89:25:89:25 | y :  | semmle.label | y :  |
+| call_sensitivity.rb:92:35:92:35 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:92:35:92:35 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:93:34:93:34 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:93:34:93:34 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:96:18:96:18 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:97:10:97:10 | x | semmle.label | x |
+| call_sensitivity.rb:97:10:97:10 | x | semmle.label | x |
+| call_sensitivity.rb:98:13:98:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:98:13:98:13 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:102:11:102:20 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:102:11:102:20 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:102:12:102:19 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:102:12:102:19 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:103:11:103:18 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:103:11:103:18 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:104:16:104:23 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:104:16:104:23 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:105:14:105:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:105:14:105:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:106:16:106:24 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:106:16:106:24 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:107:14:107:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:107:14:107:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:109:21:109:28 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:109:21:109:28 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:110:26:110:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:110:26:110:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:111:24:111:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:111:24:111:32 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:112:26:112:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:112:26:112:33 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:149:14:149:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:149:14:149:22 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:156:19:156:19 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:156:19:156:19 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:157:12:157:12 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:157:12:157:12 | x :  | semmle.label | x :  |
+| call_sensitivity.rb:160:11:160:19 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:160:11:160:19 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:169:11:169:20 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:169:11:169:20 | ( ... ) :  | semmle.label | ( ... ) :  |
+| call_sensitivity.rb:169:12:169:19 | call to taint :  | semmle.label | call to taint :  |
+| call_sensitivity.rb:169:12:169:19 | call to taint :  | semmle.label | call to taint :  |
 subpaths
 #select
 | call_sensitivity.rb:9:6:9:14 | ( ... ) | call_sensitivity.rb:9:7:9:13 | call to taint :  | call_sensitivity.rb:9:6:9:14 | ( ... ) | $@ | call_sensitivity.rb:9:7:9:13 | call to taint :  | call to taint :  |
@@ -230,56 +300,79 @@ subpaths
 | call_sensitivity.rb:31:27:31:27 | x | call_sensitivity.rb:32:25:32:32 | call to taint :  | call_sensitivity.rb:31:27:31:27 | x | $@ | call_sensitivity.rb:32:25:32:32 | call to taint :  | call to taint :  |
 | call_sensitivity.rb:40:31:40:31 | x | call_sensitivity.rb:41:25:41:32 | call to taint :  | call_sensitivity.rb:40:31:40:31 | x | $@ | call_sensitivity.rb:41:25:41:32 | call to taint :  | call to taint :  |
 | call_sensitivity.rb:43:32:43:32 | x | call_sensitivity.rb:44:26:44:33 | call to taint :  | call_sensitivity.rb:43:32:43:32 | x | $@ | call_sensitivity.rb:44:26:44:33 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:92:11:92:18 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:92:11:92:18 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:93:16:93:23 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:93:16:93:23 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:94:14:94:22 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:94:14:94:22 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:95:16:95:24 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:95:16:95:24 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:97:21:97:28 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:97:21:97:28 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:98:26:98:33 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:98:26:98:33 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:99:24:99:32 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:99:24:99:32 | call to taint :  | call to taint :  |
-| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:100:26:100:33 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:100:26:100:33 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:102:12:102:19 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:102:12:102:19 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:103:11:103:18 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:103:11:103:18 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:104:16:104:23 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:104:16:104:23 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:105:14:105:22 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:105:14:105:22 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:106:16:106:24 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:106:16:106:24 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:107:14:107:22 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:107:14:107:22 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:149:14:149:22 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:149:14:149:22 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:51:10:51:10 | x | call_sensitivity.rb:160:11:160:19 | call to taint :  | call_sensitivity.rb:51:10:51:10 | x | $@ | call_sensitivity.rb:160:11:160:19 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:109:21:109:28 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:109:21:109:28 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:110:26:110:33 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:110:26:110:33 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:111:24:111:32 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:111:24:111:32 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:71:10:71:10 | x | call_sensitivity.rb:112:26:112:33 | call to taint :  | call_sensitivity.rb:71:10:71:10 | x | $@ | call_sensitivity.rb:112:26:112:33 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:97:10:97:10 | x | call_sensitivity.rb:102:12:102:19 | call to taint :  | call_sensitivity.rb:97:10:97:10 | x | $@ | call_sensitivity.rb:102:12:102:19 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:97:10:97:10 | x | call_sensitivity.rb:160:11:160:19 | call to taint :  | call_sensitivity.rb:97:10:97:10 | x | $@ | call_sensitivity.rb:160:11:160:19 | call to taint :  | call to taint :  |
+| call_sensitivity.rb:97:10:97:10 | x | call_sensitivity.rb:169:12:169:19 | call to taint :  | call_sensitivity.rb:97:10:97:10 | x | $@ | call_sensitivity.rb:169:12:169:19 | call to taint :  | call to taint :  |
 mayBenefitFromCallContext
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:50:3:52:5 | method1 |
 | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:54:3:56:5 | method2 |
 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:58:3:60:5 | call_method2 |
 | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:62:3:64:5 | method3 |
 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:66:3:68:5 | call_method3 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
-| call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:78:3:80:5 | call_singleton_method2 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |
-| call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:86:3:88:5 | call_singleton_method3 |
-| call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:111:3:113:5 | call_method2 |
-| call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:115:3:117:5 | call_method3 |
-| call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:119:3:121:5 | call_singleton_method2 |
-| call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:123:3:125:5 | call_singleton_method3 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:80:3:82:5 | singleton_method2 |
+| call_sensitivity.rb:85:5:85:28 | call to singleton_method2 | call_sensitivity.rb:84:3:86:5 | call_singleton_method2 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:88:3:90:5 | singleton_method3 |
+| call_sensitivity.rb:93:5:93:35 | call to singleton_method3 | call_sensitivity.rb:92:3:94:5 | call_singleton_method3 |
+| call_sensitivity.rb:97:5:97:10 | call to sink | call_sensitivity.rb:96:3:99:5 | initialize |
+| call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:96:3:99:5 | initialize |
+| call_sensitivity.rb:124:5:124:18 | call to method2 | call_sensitivity.rb:123:3:125:5 | call_method2 |
+| call_sensitivity.rb:128:5:128:25 | call to method3 | call_sensitivity.rb:127:3:129:5 | call_method3 |
+| call_sensitivity.rb:132:5:132:28 | call to singleton_method2 | call_sensitivity.rb:131:3:133:5 | call_singleton_method2 |
+| call_sensitivity.rb:136:5:136:35 | call to singleton_method3 | call_sensitivity.rb:135:3:137:5 | call_singleton_method3 |
+| call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:156:1:158:3 | create |
 viableImplInCallContext
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
 | call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
+| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:76:7:76:18 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
+| call_sensitivity.rb:51:5:51:10 | call to sink | call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:5:1:7:3 | sink |
 | call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
-| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:92:1:92:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
-| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:129:1:129:19 | call to method2 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:93:1:93:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
+| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:164:3:166:5 | method1 |
+| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:103:1:103:19 | call to method2 | call_sensitivity.rb:50:3:52:5 | method1 |
+| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:124:5:124:18 | call to method2 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:55:5:55:13 | call to method1 | call_sensitivity.rb:145:1:145:19 | call to method2 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:59:5:59:18 | call to method2 | call_sensitivity.rb:104:1:104:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
 | call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
-| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:94:1:94:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
-| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:131:1:131:23 | call to method3 | call_sensitivity.rb:103:3:105:5 | method1 |
-| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:95:1:95:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:97:1:97:29 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:75:5:75:23 | call to singleton_method1 | call_sensitivity.rb:134:1:134:29 | call to singleton_method2 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:79:5:79:28 | call to singleton_method2 | call_sensitivity.rb:98:1:98:34 | call to call_singleton_method2 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:99:1:99:33 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:83:5:83:26 | call to singleton_method1 | call_sensitivity.rb:136:1:136:33 | call to singleton_method3 | call_sensitivity.rb:107:3:109:5 | singleton_method1 |
-| call_sensitivity.rb:87:5:87:35 | call to singleton_method3 | call_sensitivity.rb:100:1:100:34 | call to call_singleton_method3 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |
-| call_sensitivity.rb:112:5:112:18 | call to method2 | call_sensitivity.rb:130:1:130:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
-| call_sensitivity.rb:116:5:116:25 | call to method3 | call_sensitivity.rb:132:1:132:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
-| call_sensitivity.rb:120:5:120:28 | call to singleton_method2 | call_sensitivity.rb:135:1:135:34 | call to call_singleton_method2 | call_sensitivity.rb:74:3:76:5 | singleton_method2 |
-| call_sensitivity.rb:124:5:124:35 | call to singleton_method3 | call_sensitivity.rb:137:1:137:34 | call to call_singleton_method3 | call_sensitivity.rb:82:3:84:5 | singleton_method3 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:164:3:166:5 | method1 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:105:1:105:23 | call to method3 | call_sensitivity.rb:50:3:52:5 | method1 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:128:5:128:25 | call to method3 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:63:5:63:16 | call to method1 | call_sensitivity.rb:147:1:147:23 | call to method3 | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:67:5:67:25 | call to method3 | call_sensitivity.rb:106:1:106:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:85:5:85:28 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:85:5:85:28 | call to singleton_method2 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:109:1:109:29 | call to singleton_method2 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:132:5:132:28 | call to singleton_method2 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:81:5:81:23 | call to singleton_method1 | call_sensitivity.rb:151:1:151:29 | call to singleton_method2 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:85:5:85:28 | call to singleton_method2 | call_sensitivity.rb:110:1:110:34 | call to call_singleton_method2 | call_sensitivity.rb:80:3:82:5 | singleton_method2 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:93:5:93:35 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:93:5:93:35 | call to singleton_method3 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:111:1:111:33 | call to singleton_method3 | call_sensitivity.rb:70:3:72:5 | singleton_method1 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:136:5:136:35 | call to singleton_method3 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:89:5:89:26 | call to singleton_method1 | call_sensitivity.rb:153:1:153:33 | call to singleton_method3 | call_sensitivity.rb:119:3:121:5 | singleton_method1 |
+| call_sensitivity.rb:93:5:93:35 | call to singleton_method3 | call_sensitivity.rb:112:1:112:34 | call to call_singleton_method3 | call_sensitivity.rb:88:3:90:5 | singleton_method3 |
+| call_sensitivity.rb:97:5:97:10 | call to sink | call_sensitivity.rb:102:5:102:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
+| call_sensitivity.rb:97:5:97:10 | call to sink | call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
+| call_sensitivity.rb:97:5:97:10 | call to sink | call_sensitivity.rb:169:5:169:20 | call to new | call_sensitivity.rb:5:1:7:3 | sink |
+| call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:102:5:102:20 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
+| call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:50:3:52:5 | method1 |
+| call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:115:3:117:5 | method1 |
+| call_sensitivity.rb:98:5:98:13 | call to method1 | call_sensitivity.rb:169:5:169:20 | call to new | call_sensitivity.rb:164:3:166:5 | method1 |
+| call_sensitivity.rb:124:5:124:18 | call to method2 | call_sensitivity.rb:146:1:146:24 | call to call_method2 | call_sensitivity.rb:54:3:56:5 | method2 |
+| call_sensitivity.rb:128:5:128:25 | call to method3 | call_sensitivity.rb:148:1:148:25 | call to call_method3 | call_sensitivity.rb:62:3:64:5 | method3 |
+| call_sensitivity.rb:132:5:132:28 | call to singleton_method2 | call_sensitivity.rb:152:1:152:34 | call to call_singleton_method2 | call_sensitivity.rb:80:3:82:5 | singleton_method2 |
+| call_sensitivity.rb:136:5:136:35 | call to singleton_method3 | call_sensitivity.rb:154:1:154:34 | call to call_singleton_method3 | call_sensitivity.rb:88:3:90:5 | singleton_method3 |
+| call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:160:1:160:20 | call to create | call_sensitivity.rb:96:3:99:5 | initialize |
+| call_sensitivity.rb:157:3:157:12 | call to new | call_sensitivity.rb:161:1:161:20 | call to create | call_sensitivity.rb:139:3:141:5 | initialize |
diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
index 304fb7b79b3..f96b61050e6 100644
--- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
+++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call_sensitivity.rb
@@ -48,7 +48,7 @@ apply_lambda(MY_LAMBDA2, taint(9))
 
 class A
   def method1 x
-    sink x # $ hasValueFlow=10 $ hasValueFlow=11 $ hasValueFlow=12 $ hasValueFlow=13
+    sink x # $ hasValueFlow=10 $ hasValueFlow=11 $ hasValueFlow=12 $ hasValueFlow=13 $ hasValueFlow=26 $ hasValueFlow=28 $ hasValueFlow=30 $ SPURIOUS: hasValueFlow=27
   end
 
   def method2 x
@@ -71,6 +71,12 @@ class A
     sink x # $ hasValueFlow=14 $ hasValueFlow=15 # $ hasValueFlow=16 $ hasValueFlow=17
   end
 
+  def method4(x, y)
+    [0, 1, 3].each do
+      x.method1(y)
+    end
+  end
+
   def self.singleton_method2 x
     singleton_method1 x
   end
@@ -86,13 +92,19 @@ class A
   def self.call_singleton_method3 x
     self.singleton_method3(self, x)
   end
+
+  def initialize(x)
+    sink x # $ hasValueFlow=28 $ hasValueFlow=30 $ hasValueFlow=32
+    method1 x
+  end
 end
 
-a = A.new
+a = A.new (taint 30)
 a.method2(taint 10)
 a.call_method2(taint 11)
 a.method3(a, taint(12))
 a.call_method3(taint(13))
+a.method4(a, taint(26))
 
 A.singleton_method2(taint 14)
 A.call_singleton_method2(taint 15)
@@ -123,15 +135,35 @@ class B < A
   def self.call_singleton_method3 x
     self.singleton_method3(self, x)
   end
+
+  def initialize(x)
+    puts "NON SINK: #{x}"
+  end
 end
 
-b = B.new
+b = B.new (taint 31)
 b.method2(taint 18)
 b.call_method2(taint 19)
 b.method3(b, taint(20))
 b.call_method3(taint(21))
+b.method4(b, taint(27))
 
 B.singleton_method2(taint 22)
 B.call_singleton_method2(taint 23)
 B.singleton_method3(B, taint(24))
 B.call_singleton_method3(taint 25)
+
+def create (type, x)
+  type.new x
+end
+
+create(A, taint(28))
+create(B, taint(29))
+
+class C < A
+  def method1 x
+    puts "NON SINK: #{x}"
+  end
+end
+
+c = C.new (taint 32)
diff --git a/ruby/ql/test/library-tests/dataflow/global/Flow.expected b/ruby/ql/test/library-tests/dataflow/global/Flow.expected
index ffba59b0f7e..cae1f06abb7 100644
--- a/ruby/ql/test/library-tests/dataflow/global/Flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/global/Flow.expected
@@ -30,139 +30,177 @@ edges
 | instance_variables.rb:19:12:19:21 | call to taint :  | instance_variables.rb:19:5:19:8 | [post] self [@foo] :  |
 | instance_variables.rb:20:10:20:13 | self [@foo] :  | instance_variables.rb:20:10:20:13 | @foo |
 | instance_variables.rb:20:10:20:13 | self [@foo] :  | instance_variables.rb:20:10:20:13 | @foo |
-| instance_variables.rb:24:1:24:3 | [post] foo [@field] :  | instance_variables.rb:25:6:25:8 | foo [@field] :  |
-| instance_variables.rb:24:1:24:3 | [post] foo [@field] :  | instance_variables.rb:25:6:25:8 | foo [@field] :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:24:1:24:3 | [post] foo [@field] :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:24:1:24:3 | [post] foo [@field] :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:25:6:25:18 | call to get_field |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:25:6:25:18 | call to get_field |
-| instance_variables.rb:28:1:28:3 | [post] bar [@field] :  | instance_variables.rb:29:6:29:8 | bar [@field] :  |
-| instance_variables.rb:28:15:28:22 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:28:15:28:22 | call to taint :  | instance_variables.rb:28:1:28:3 | [post] bar [@field] :  |
-| instance_variables.rb:29:6:29:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  |
-| instance_variables.rb:29:6:29:8 | bar [@field] :  | instance_variables.rb:29:6:29:18 | call to inc_field |
-| instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  | instance_variables.rb:33:6:33:9 | foo1 [@field] :  |
-| instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  | instance_variables.rb:33:6:33:9 | foo1 [@field] :  |
-| instance_variables.rb:32:14:32:22 | call to taint :  | instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  |
-| instance_variables.rb:32:14:32:22 | call to taint :  | instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  |
-| instance_variables.rb:33:6:33:9 | foo1 [@field] :  | instance_variables.rb:33:6:33:15 | call to field |
-| instance_variables.rb:33:6:33:9 | foo1 [@field] :  | instance_variables.rb:33:6:33:15 | call to field |
-| instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  | instance_variables.rb:37:6:37:9 | foo2 [@field] :  |
-| instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  | instance_variables.rb:37:6:37:9 | foo2 [@field] :  |
-| instance_variables.rb:36:14:36:22 | call to taint :  | instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  |
-| instance_variables.rb:36:14:36:22 | call to taint :  | instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:37:6:37:19 | call to get_field |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:37:6:37:19 | call to get_field |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | instance_variables.rb:41:6:41:9 | foo3 [@field] :  |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | instance_variables.rb:41:6:41:9 | foo3 [@field] :  |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | instance_variables.rb:53:6:53:9 | foo3 [@field] :  |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | instance_variables.rb:53:6:53:9 | foo3 [@field] :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  |
-| instance_variables.rb:41:6:41:9 | foo3 [@field] :  | instance_variables.rb:41:6:41:15 | call to field |
-| instance_variables.rb:41:6:41:9 | foo3 [@field] :  | instance_variables.rb:41:6:41:15 | call to field |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | instance_variables.rb:49:6:49:9 | foo5 [@field] :  |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | instance_variables.rb:49:6:49:9 | foo5 [@field] :  |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | instance_variables.rb:54:6:54:9 | foo5 [@field] :  |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | instance_variables.rb:54:6:54:9 | foo5 [@field] :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:49:6:49:19 | call to get_field |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:49:6:49:19 | call to get_field |
-| instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  | instance_variables.rb:55:6:55:9 | foo6 [@field] :  |
-| instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  | instance_variables.rb:55:6:55:9 | foo6 [@field] :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:53:6:53:19 | call to get_field |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:53:6:53:19 | call to get_field |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:54:6:54:19 | call to get_field |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:54:6:54:19 | call to get_field |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:55:6:55:19 | call to get_field |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:55:6:55:19 | call to get_field |
-| instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  | instance_variables.rb:60:6:60:9 | foo7 [@field] :  |
-| instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  | instance_variables.rb:60:6:60:9 | foo7 [@field] :  |
-| instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  | instance_variables.rb:61:6:61:9 | foo8 [@field] :  |
-| instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  | instance_variables.rb:61:6:61:9 | foo8 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:60:6:60:19 | call to get_field |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:60:6:60:19 | call to get_field |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:61:6:61:19 | call to get_field |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:61:6:61:19 | call to get_field |
-| instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  | instance_variables.rb:66:6:66:9 | foo9 [@field] :  |
-| instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  | instance_variables.rb:66:6:66:9 | foo9 [@field] :  |
-| instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  | instance_variables.rb:67:6:67:10 | foo10 [@field] :  |
-| instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  | instance_variables.rb:67:6:67:10 | foo10 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:66:6:66:19 | call to get_field |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:66:6:66:19 | call to get_field |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:67:6:67:20 | call to get_field |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:67:6:67:20 | call to get_field |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:70:5:70:5 | [post] x [@field] :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:70:5:70:5 | [post] x [@field] :  |
-| instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  | instance_variables.rb:75:6:75:10 | foo11 [@field] :  |
-| instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  | instance_variables.rb:75:6:75:10 | foo11 [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:75:6:75:20 | call to get_field |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:75:6:75:20 | call to get_field |
-| instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  | instance_variables.rb:79:6:79:10 | foo12 [@field] :  |
-| instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  | instance_variables.rb:79:6:79:10 | foo12 [@field] :  |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:79:6:79:20 | call to get_field |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:79:6:79:20 | call to get_field |
-| instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  | instance_variables.rb:84:6:84:10 | foo13 [@field] :  |
-| instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  | instance_variables.rb:84:6:84:10 | foo13 [@field] :  |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:84:6:84:20 | call to get_field |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:84:6:84:20 | call to get_field |
+| instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:18:23:22 | field :  |
+| instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:18:23:22 | field :  |
+| instance_variables.rb:23:18:23:22 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  |
+| instance_variables.rb:23:18:23:22 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  |
+| instance_variables.rb:24:9:24:17 | call to taint :  | instance_variables.rb:28:9:28:25 | call to initialize :  |
+| instance_variables.rb:24:9:24:17 | call to taint :  | instance_variables.rb:28:9:28:25 | call to initialize :  |
+| instance_variables.rb:27:25:27:29 | field :  | instance_variables.rb:28:20:28:24 | field :  |
+| instance_variables.rb:27:25:27:29 | field :  | instance_variables.rb:28:20:28:24 | field :  |
+| instance_variables.rb:28:9:28:25 | call to initialize :  | instance_variables.rb:104:6:104:37 | call to call_initialize |
+| instance_variables.rb:28:9:28:25 | call to initialize :  | instance_variables.rb:104:6:104:37 | call to call_initialize |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:22:20:22:24 | field :  |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:22:20:22:24 | field :  |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  |
+| instance_variables.rb:34:9:34:17 | call to taint :  | instance_variables.rb:106:7:106:24 | call to new :  |
+| instance_variables.rb:34:9:34:17 | call to taint :  | instance_variables.rb:106:7:106:24 | call to new :  |
+| instance_variables.rb:39:1:39:3 | [post] foo [@field] :  | instance_variables.rb:40:6:40:8 | foo [@field] :  |
+| instance_variables.rb:39:1:39:3 | [post] foo [@field] :  | instance_variables.rb:40:6:40:8 | foo [@field] :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:39:1:39:3 | [post] foo [@field] :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:39:1:39:3 | [post] foo [@field] :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:40:6:40:18 | call to get_field |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:40:6:40:18 | call to get_field |
+| instance_variables.rb:43:1:43:3 | [post] bar [@field] :  | instance_variables.rb:44:6:44:8 | bar [@field] :  |
+| instance_variables.rb:43:15:43:22 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:43:15:43:22 | call to taint :  | instance_variables.rb:43:1:43:3 | [post] bar [@field] :  |
+| instance_variables.rb:44:6:44:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  |
+| instance_variables.rb:44:6:44:8 | bar [@field] :  | instance_variables.rb:44:6:44:18 | call to inc_field |
+| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  | instance_variables.rb:48:6:48:9 | foo1 [@field] :  |
+| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  | instance_variables.rb:48:6:48:9 | foo1 [@field] :  |
+| instance_variables.rb:47:14:47:22 | call to taint :  | instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  |
+| instance_variables.rb:47:14:47:22 | call to taint :  | instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  |
+| instance_variables.rb:48:6:48:9 | foo1 [@field] :  | instance_variables.rb:48:6:48:15 | call to field |
+| instance_variables.rb:48:6:48:9 | foo1 [@field] :  | instance_variables.rb:48:6:48:15 | call to field |
+| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  | instance_variables.rb:52:6:52:9 | foo2 [@field] :  |
+| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  | instance_variables.rb:52:6:52:9 | foo2 [@field] :  |
+| instance_variables.rb:51:14:51:22 | call to taint :  | instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  |
+| instance_variables.rb:51:14:51:22 | call to taint :  | instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:52:6:52:19 | call to get_field |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:52:6:52:19 | call to get_field |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | instance_variables.rb:56:6:56:9 | foo3 [@field] :  |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | instance_variables.rb:56:6:56:9 | foo3 [@field] :  |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | instance_variables.rb:68:6:68:9 | foo3 [@field] :  |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | instance_variables.rb:68:6:68:9 | foo3 [@field] :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  |
+| instance_variables.rb:56:6:56:9 | foo3 [@field] :  | instance_variables.rb:56:6:56:15 | call to field |
+| instance_variables.rb:56:6:56:9 | foo3 [@field] :  | instance_variables.rb:56:6:56:15 | call to field |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | instance_variables.rb:64:6:64:9 | foo5 [@field] :  |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | instance_variables.rb:64:6:64:9 | foo5 [@field] :  |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | instance_variables.rb:69:6:69:9 | foo5 [@field] :  |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | instance_variables.rb:69:6:69:9 | foo5 [@field] :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:64:6:64:19 | call to get_field |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:64:6:64:19 | call to get_field |
+| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  | instance_variables.rb:70:6:70:9 | foo6 [@field] :  |
+| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  | instance_variables.rb:70:6:70:9 | foo6 [@field] :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:68:6:68:19 | call to get_field |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:68:6:68:19 | call to get_field |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:69:6:69:19 | call to get_field |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:69:6:69:19 | call to get_field |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:70:6:70:19 | call to get_field |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:70:6:70:19 | call to get_field |
+| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  | instance_variables.rb:75:6:75:9 | foo7 [@field] :  |
+| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  | instance_variables.rb:75:6:75:9 | foo7 [@field] :  |
+| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  | instance_variables.rb:76:6:76:9 | foo8 [@field] :  |
+| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  | instance_variables.rb:76:6:76:9 | foo8 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:75:6:75:19 | call to get_field |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:75:6:75:19 | call to get_field |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:76:6:76:19 | call to get_field |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:76:6:76:19 | call to get_field |
+| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  | instance_variables.rb:81:6:81:9 | foo9 [@field] :  |
+| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  | instance_variables.rb:81:6:81:9 | foo9 [@field] :  |
+| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  | instance_variables.rb:82:6:82:10 | foo10 [@field] :  |
+| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  | instance_variables.rb:82:6:82:10 | foo10 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:81:6:81:19 | call to get_field |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:81:6:81:19 | call to get_field |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:82:6:82:20 | call to get_field |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:82:6:82:20 | call to get_field |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:85:5:85:5 | [post] x [@field] :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:85:5:85:5 | [post] x [@field] :  |
+| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  | instance_variables.rb:90:6:90:10 | foo11 [@field] :  |
+| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  | instance_variables.rb:90:6:90:10 | foo11 [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:90:6:90:20 | call to get_field |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:90:6:90:20 | call to get_field |
+| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  | instance_variables.rb:94:6:94:10 | foo12 [@field] :  |
+| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  | instance_variables.rb:94:6:94:10 | foo12 [@field] :  |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:94:6:94:20 | call to get_field |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:94:6:94:20 | call to get_field |
+| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  | instance_variables.rb:99:6:99:10 | foo13 [@field] :  |
+| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  | instance_variables.rb:99:6:99:10 | foo13 [@field] :  |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:99:6:99:20 | call to get_field |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:99:6:99:20 | call to get_field |
+| instance_variables.rb:101:9:101:26 | call to new [@field] :  | instance_variables.rb:102:6:102:10 | foo15 [@field] :  |
+| instance_variables.rb:101:9:101:26 | call to new [@field] :  | instance_variables.rb:102:6:102:10 | foo15 [@field] :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:22:20:22:24 | field :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:22:20:22:24 | field :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:101:9:101:26 | call to new [@field] :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:101:9:101:26 | call to new [@field] :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:102:6:102:20 | call to get_field |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:102:6:102:20 | call to get_field |
+| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  | instance_variables.rb:105:6:105:10 | foo16 [@field] :  |
+| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  | instance_variables.rb:105:6:105:10 | foo16 [@field] :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:27:25:27:29 | field :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:27:25:27:29 | field :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:105:6:105:20 | call to get_field |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:105:6:105:20 | call to get_field |
+| instance_variables.rb:106:7:106:24 | call to new :  | instance_variables.rb:107:6:107:8 | bar |
+| instance_variables.rb:106:7:106:24 | call to new :  | instance_variables.rb:107:6:107:8 | bar |
 nodes
 | captured_variables.rb:1:24:1:24 | x :  | semmle.label | x :  |
 | captured_variables.rb:1:24:1:24 | x :  | semmle.label | x :  |
@@ -206,182 +244,236 @@ nodes
 | instance_variables.rb:20:10:20:13 | @foo | semmle.label | @foo |
 | instance_variables.rb:20:10:20:13 | self [@foo] :  | semmle.label | self [@foo] :  |
 | instance_variables.rb:20:10:20:13 | self [@foo] :  | semmle.label | self [@foo] :  |
-| instance_variables.rb:24:1:24:3 | [post] foo [@field] :  | semmle.label | [post] foo [@field] :  |
-| instance_variables.rb:24:1:24:3 | [post] foo [@field] :  | semmle.label | [post] foo [@field] :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | semmle.label | foo [@field] :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | semmle.label | foo [@field] :  |
-| instance_variables.rb:25:6:25:18 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:25:6:25:18 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:28:1:28:3 | [post] bar [@field] :  | semmle.label | [post] bar [@field] :  |
-| instance_variables.rb:28:15:28:22 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:29:6:29:8 | bar [@field] :  | semmle.label | bar [@field] :  |
-| instance_variables.rb:29:6:29:18 | call to inc_field | semmle.label | call to inc_field |
-| instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  | semmle.label | [post] foo1 [@field] :  |
-| instance_variables.rb:32:1:32:4 | [post] foo1 [@field] :  | semmle.label | [post] foo1 [@field] :  |
-| instance_variables.rb:32:14:32:22 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:32:14:32:22 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:33:6:33:9 | foo1 [@field] :  | semmle.label | foo1 [@field] :  |
-| instance_variables.rb:33:6:33:9 | foo1 [@field] :  | semmle.label | foo1 [@field] :  |
-| instance_variables.rb:33:6:33:15 | call to field | semmle.label | call to field |
-| instance_variables.rb:33:6:33:15 | call to field | semmle.label | call to field |
-| instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  | semmle.label | [post] foo2 [@field] :  |
-| instance_variables.rb:36:1:36:4 | [post] foo2 [@field] :  | semmle.label | [post] foo2 [@field] :  |
-| instance_variables.rb:36:14:36:22 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:36:14:36:22 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | semmle.label | foo2 [@field] :  |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | semmle.label | foo2 [@field] :  |
-| instance_variables.rb:37:6:37:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:37:6:37:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | semmle.label | [post] foo3 [@field] :  |
-| instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  | semmle.label | [post] foo3 [@field] :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:41:6:41:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
-| instance_variables.rb:41:6:41:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
-| instance_variables.rb:41:6:41:15 | call to field | semmle.label | call to field |
-| instance_variables.rb:41:6:41:15 | call to field | semmle.label | call to field |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | semmle.label | [post] foo5 [@field] :  |
-| instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  | semmle.label | [post] foo5 [@field] :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
-| instance_variables.rb:49:6:49:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:49:6:49:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  | semmle.label | [post] foo6 [@field] :  |
-| instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  | semmle.label | [post] foo6 [@field] :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
-| instance_variables.rb:53:6:53:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:53:6:53:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
-| instance_variables.rb:54:6:54:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:54:6:54:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | semmle.label | foo6 [@field] :  |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | semmle.label | foo6 [@field] :  |
-| instance_variables.rb:55:6:55:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:55:6:55:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  | semmle.label | [post] foo7 [@field] :  |
-| instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  | semmle.label | [post] foo7 [@field] :  |
-| instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  | semmle.label | [post] foo8 [@field] :  |
-| instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  | semmle.label | [post] foo8 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | semmle.label | foo7 [@field] :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | semmle.label | foo7 [@field] :  |
-| instance_variables.rb:60:6:60:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:60:6:60:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | semmle.label | foo8 [@field] :  |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | semmle.label | foo8 [@field] :  |
-| instance_variables.rb:61:6:61:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:61:6:61:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  | semmle.label | [post] foo9 [@field] :  |
-| instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  | semmle.label | [post] foo9 [@field] :  |
-| instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  | semmle.label | [post] foo10 [@field] :  |
-| instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  | semmle.label | [post] foo10 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | semmle.label | foo9 [@field] :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | semmle.label | foo9 [@field] :  |
-| instance_variables.rb:66:6:66:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:66:6:66:19 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | semmle.label | foo10 [@field] :  |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | semmle.label | foo10 [@field] :  |
-| instance_variables.rb:67:6:67:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:67:6:67:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | semmle.label | [post] x [@field] :  |
-| instance_variables.rb:70:5:70:5 | [post] x [@field] :  | semmle.label | [post] x [@field] :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | semmle.label | call to taint :  |
-| instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  | semmle.label | [post] foo11 [@field] :  |
-| instance_variables.rb:74:14:74:18 | [post] foo11 [@field] :  | semmle.label | [post] foo11 [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | semmle.label | foo11 [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | semmle.label | foo11 [@field] :  |
-| instance_variables.rb:75:6:75:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:75:6:75:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  | semmle.label | [post] foo12 [@field] :  |
-| instance_variables.rb:78:15:78:19 | [post] foo12 [@field] :  | semmle.label | [post] foo12 [@field] :  |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | semmle.label | foo12 [@field] :  |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | semmle.label | foo12 [@field] :  |
-| instance_variables.rb:79:6:79:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:79:6:79:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  | semmle.label | [post] foo13 [@field] :  |
-| instance_variables.rb:83:22:83:26 | [post] foo13 [@field] :  | semmle.label | [post] foo13 [@field] :  |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | semmle.label | foo13 [@field] :  |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | semmle.label | foo13 [@field] :  |
-| instance_variables.rb:84:6:84:20 | call to get_field | semmle.label | call to get_field |
-| instance_variables.rb:84:6:84:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:22:20:22:24 | field :  | semmle.label | field :  |
+| instance_variables.rb:22:20:22:24 | field :  | semmle.label | field :  |
+| instance_variables.rb:23:9:23:14 | [post] self [@field] :  | semmle.label | [post] self [@field] :  |
+| instance_variables.rb:23:9:23:14 | [post] self [@field] :  | semmle.label | [post] self [@field] :  |
+| instance_variables.rb:23:18:23:22 | field :  | semmle.label | field :  |
+| instance_variables.rb:23:18:23:22 | field :  | semmle.label | field :  |
+| instance_variables.rb:24:9:24:17 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:24:9:24:17 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:27:25:27:29 | field :  | semmle.label | field :  |
+| instance_variables.rb:27:25:27:29 | field :  | semmle.label | field :  |
+| instance_variables.rb:28:9:28:25 | [post] self [@field] :  | semmle.label | [post] self [@field] :  |
+| instance_variables.rb:28:9:28:25 | [post] self [@field] :  | semmle.label | [post] self [@field] :  |
+| instance_variables.rb:28:9:28:25 | call to initialize :  | semmle.label | call to initialize :  |
+| instance_variables.rb:28:9:28:25 | call to initialize :  | semmle.label | call to initialize :  |
+| instance_variables.rb:28:20:28:24 | field :  | semmle.label | field :  |
+| instance_variables.rb:28:20:28:24 | field :  | semmle.label | field :  |
+| instance_variables.rb:34:9:34:17 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:34:9:34:17 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:39:1:39:3 | [post] foo [@field] :  | semmle.label | [post] foo [@field] :  |
+| instance_variables.rb:39:1:39:3 | [post] foo [@field] :  | semmle.label | [post] foo [@field] :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | semmle.label | foo [@field] :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | semmle.label | foo [@field] :  |
+| instance_variables.rb:40:6:40:18 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:40:6:40:18 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:43:1:43:3 | [post] bar [@field] :  | semmle.label | [post] bar [@field] :  |
+| instance_variables.rb:43:15:43:22 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:44:6:44:8 | bar [@field] :  | semmle.label | bar [@field] :  |
+| instance_variables.rb:44:6:44:18 | call to inc_field | semmle.label | call to inc_field |
+| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  | semmle.label | [post] foo1 [@field] :  |
+| instance_variables.rb:47:1:47:4 | [post] foo1 [@field] :  | semmle.label | [post] foo1 [@field] :  |
+| instance_variables.rb:47:14:47:22 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:47:14:47:22 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:48:6:48:9 | foo1 [@field] :  | semmle.label | foo1 [@field] :  |
+| instance_variables.rb:48:6:48:9 | foo1 [@field] :  | semmle.label | foo1 [@field] :  |
+| instance_variables.rb:48:6:48:15 | call to field | semmle.label | call to field |
+| instance_variables.rb:48:6:48:15 | call to field | semmle.label | call to field |
+| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  | semmle.label | [post] foo2 [@field] :  |
+| instance_variables.rb:51:1:51:4 | [post] foo2 [@field] :  | semmle.label | [post] foo2 [@field] :  |
+| instance_variables.rb:51:14:51:22 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:51:14:51:22 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | semmle.label | foo2 [@field] :  |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | semmle.label | foo2 [@field] :  |
+| instance_variables.rb:52:6:52:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:52:6:52:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | semmle.label | [post] foo3 [@field] :  |
+| instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  | semmle.label | [post] foo3 [@field] :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:56:6:56:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
+| instance_variables.rb:56:6:56:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
+| instance_variables.rb:56:6:56:15 | call to field | semmle.label | call to field |
+| instance_variables.rb:56:6:56:15 | call to field | semmle.label | call to field |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | semmle.label | [post] foo5 [@field] :  |
+| instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  | semmle.label | [post] foo5 [@field] :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
+| instance_variables.rb:64:6:64:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:64:6:64:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  | semmle.label | [post] foo6 [@field] :  |
+| instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  | semmle.label | [post] foo6 [@field] :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | semmle.label | foo3 [@field] :  |
+| instance_variables.rb:68:6:68:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:68:6:68:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | semmle.label | foo5 [@field] :  |
+| instance_variables.rb:69:6:69:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:69:6:69:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | semmle.label | foo6 [@field] :  |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | semmle.label | foo6 [@field] :  |
+| instance_variables.rb:70:6:70:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:70:6:70:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  | semmle.label | [post] foo7 [@field] :  |
+| instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  | semmle.label | [post] foo7 [@field] :  |
+| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  | semmle.label | [post] foo8 [@field] :  |
+| instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  | semmle.label | [post] foo8 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | semmle.label | foo7 [@field] :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | semmle.label | foo7 [@field] :  |
+| instance_variables.rb:75:6:75:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:75:6:75:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | semmle.label | foo8 [@field] :  |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | semmle.label | foo8 [@field] :  |
+| instance_variables.rb:76:6:76:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:76:6:76:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  | semmle.label | [post] foo9 [@field] :  |
+| instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  | semmle.label | [post] foo9 [@field] :  |
+| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  | semmle.label | [post] foo10 [@field] :  |
+| instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  | semmle.label | [post] foo10 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | semmle.label | foo9 [@field] :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | semmle.label | foo9 [@field] :  |
+| instance_variables.rb:81:6:81:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:81:6:81:19 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | semmle.label | foo10 [@field] :  |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | semmle.label | foo10 [@field] :  |
+| instance_variables.rb:82:6:82:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:82:6:82:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | semmle.label | [post] x [@field] :  |
+| instance_variables.rb:85:5:85:5 | [post] x [@field] :  | semmle.label | [post] x [@field] :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  | semmle.label | [post] foo11 [@field] :  |
+| instance_variables.rb:89:14:89:18 | [post] foo11 [@field] :  | semmle.label | [post] foo11 [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | semmle.label | foo11 [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | semmle.label | foo11 [@field] :  |
+| instance_variables.rb:90:6:90:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:90:6:90:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  | semmle.label | [post] foo12 [@field] :  |
+| instance_variables.rb:93:15:93:19 | [post] foo12 [@field] :  | semmle.label | [post] foo12 [@field] :  |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | semmle.label | foo12 [@field] :  |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | semmle.label | foo12 [@field] :  |
+| instance_variables.rb:94:6:94:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:94:6:94:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  | semmle.label | [post] foo13 [@field] :  |
+| instance_variables.rb:98:22:98:26 | [post] foo13 [@field] :  | semmle.label | [post] foo13 [@field] :  |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | semmle.label | foo13 [@field] :  |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | semmle.label | foo13 [@field] :  |
+| instance_variables.rb:99:6:99:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:99:6:99:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:101:9:101:26 | call to new [@field] :  | semmle.label | call to new [@field] :  |
+| instance_variables.rb:101:9:101:26 | call to new [@field] :  | semmle.label | call to new [@field] :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | semmle.label | foo15 [@field] :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | semmle.label | foo15 [@field] :  |
+| instance_variables.rb:102:6:102:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:102:6:102:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  | semmle.label | [post] foo16 [@field] :  |
+| instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  | semmle.label | [post] foo16 [@field] :  |
+| instance_variables.rb:104:6:104:37 | call to call_initialize | semmle.label | call to call_initialize |
+| instance_variables.rb:104:6:104:37 | call to call_initialize | semmle.label | call to call_initialize |
+| instance_variables.rb:104:28:104:36 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | semmle.label | call to taint :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | semmle.label | foo16 [@field] :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | semmle.label | foo16 [@field] :  |
+| instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field |
+| instance_variables.rb:106:7:106:24 | call to new :  | semmle.label | call to new :  |
+| instance_variables.rb:106:7:106:24 | call to new :  | semmle.label | call to new :  |
+| instance_variables.rb:107:6:107:8 | bar | semmle.label | bar |
+| instance_variables.rb:107:6:107:8 | bar | semmle.label | bar |
 subpaths
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:24:1:24:3 | [post] foo [@field] :  |
-| instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:24:1:24:3 | [post] foo [@field] :  |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:25:6:25:18 | call to get_field |
-| instance_variables.rb:25:6:25:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:25:6:25:18 | call to get_field |
-| instance_variables.rb:28:15:28:22 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:28:1:28:3 | [post] bar [@field] :  |
-| instance_variables.rb:29:6:29:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:29:6:29:18 | call to inc_field |
-| instance_variables.rb:29:6:29:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:17:9:17:14 | [post] self [@field] :  | instance_variables.rb:29:6:29:18 | call to inc_field |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:37:6:37:19 | call to get_field |
-| instance_variables.rb:37:6:37:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:37:6:37:19 | call to get_field |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  |
-| instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:40:1:40:4 | [post] foo3 [@field] :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  |
-| instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:48:2:48:5 | [post] foo5 [@field] :  |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:49:6:49:19 | call to get_field |
-| instance_variables.rb:49:6:49:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:49:6:49:19 | call to get_field |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  |
-| instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:52:15:52:18 | [post] foo6 [@field] :  |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:53:6:53:19 | call to get_field |
-| instance_variables.rb:53:6:53:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:53:6:53:19 | call to get_field |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:54:6:54:19 | call to get_field |
-| instance_variables.rb:54:6:54:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:54:6:54:19 | call to get_field |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:55:6:55:19 | call to get_field |
-| instance_variables.rb:55:6:55:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:55:6:55:19 | call to get_field |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:59:15:59:18 | [post] foo7 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  |
-| instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:59:25:59:28 | [post] foo8 [@field] :  |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:60:6:60:19 | call to get_field |
-| instance_variables.rb:60:6:60:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:60:6:60:19 | call to get_field |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:61:6:61:19 | call to get_field |
-| instance_variables.rb:61:6:61:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:61:6:61:19 | call to get_field |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:65:22:65:25 | [post] foo9 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  |
-| instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:65:32:65:36 | [post] foo10 [@field] :  |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:66:6:66:19 | call to get_field |
-| instance_variables.rb:66:6:66:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:66:6:66:19 | call to get_field |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:67:6:67:20 | call to get_field |
-| instance_variables.rb:67:6:67:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:67:6:67:20 | call to get_field |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:70:5:70:5 | [post] x [@field] :  |
-| instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:70:5:70:5 | [post] x [@field] :  |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:75:6:75:20 | call to get_field |
-| instance_variables.rb:75:6:75:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:75:6:75:20 | call to get_field |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:79:6:79:20 | call to get_field |
-| instance_variables.rb:79:6:79:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:79:6:79:20 | call to get_field |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:84:6:84:20 | call to get_field |
-| instance_variables.rb:84:6:84:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:84:6:84:20 | call to get_field |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  |
+| instance_variables.rb:28:20:28:24 | field :  | instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:39:1:39:3 | [post] foo [@field] :  |
+| instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:39:1:39:3 | [post] foo [@field] :  |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:40:6:40:18 | call to get_field |
+| instance_variables.rb:40:6:40:8 | foo [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:40:6:40:18 | call to get_field |
+| instance_variables.rb:43:15:43:22 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:43:1:43:3 | [post] bar [@field] :  |
+| instance_variables.rb:44:6:44:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:44:6:44:18 | call to inc_field |
+| instance_variables.rb:44:6:44:8 | bar [@field] :  | instance_variables.rb:16:5:18:7 | self in inc_field [@field] :  | instance_variables.rb:17:9:17:14 | [post] self [@field] :  | instance_variables.rb:44:6:44:18 | call to inc_field |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:52:6:52:19 | call to get_field |
+| instance_variables.rb:52:6:52:9 | foo2 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:52:6:52:19 | call to get_field |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  |
+| instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:55:1:55:4 | [post] foo3 [@field] :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  |
+| instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:63:2:63:5 | [post] foo5 [@field] :  |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:64:6:64:19 | call to get_field |
+| instance_variables.rb:64:6:64:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:64:6:64:19 | call to get_field |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  |
+| instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:67:15:67:18 | [post] foo6 [@field] :  |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:68:6:68:19 | call to get_field |
+| instance_variables.rb:68:6:68:9 | foo3 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:68:6:68:19 | call to get_field |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:69:6:69:19 | call to get_field |
+| instance_variables.rb:69:6:69:9 | foo5 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:69:6:69:19 | call to get_field |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:70:6:70:19 | call to get_field |
+| instance_variables.rb:70:6:70:9 | foo6 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:70:6:70:19 | call to get_field |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:74:15:74:18 | [post] foo7 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  |
+| instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:74:25:74:28 | [post] foo8 [@field] :  |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:75:6:75:19 | call to get_field |
+| instance_variables.rb:75:6:75:9 | foo7 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:75:6:75:19 | call to get_field |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:76:6:76:19 | call to get_field |
+| instance_variables.rb:76:6:76:9 | foo8 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:76:6:76:19 | call to get_field |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:80:22:80:25 | [post] foo9 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  |
+| instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:80:32:80:36 | [post] foo10 [@field] :  |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:81:6:81:19 | call to get_field |
+| instance_variables.rb:81:6:81:9 | foo9 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:81:6:81:19 | call to get_field |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:82:6:82:20 | call to get_field |
+| instance_variables.rb:82:6:82:10 | foo10 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:82:6:82:20 | call to get_field |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:85:5:85:5 | [post] x [@field] :  |
+| instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:10:19:10:19 | x :  | instance_variables.rb:11:9:11:14 | [post] self [@field] :  | instance_variables.rb:85:5:85:5 | [post] x [@field] :  |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:90:6:90:20 | call to get_field |
+| instance_variables.rb:90:6:90:10 | foo11 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:90:6:90:20 | call to get_field |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:94:6:94:20 | call to get_field |
+| instance_variables.rb:94:6:94:10 | foo12 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:94:6:94:20 | call to get_field |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:99:6:99:20 | call to get_field |
+| instance_variables.rb:99:6:99:10 | foo13 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:99:6:99:20 | call to get_field |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  | instance_variables.rb:101:9:101:26 | call to new [@field] :  |
+| instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:22:20:22:24 | field :  | instance_variables.rb:23:9:23:14 | [post] self [@field] :  | instance_variables.rb:101:9:101:26 | call to new [@field] :  |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:102:6:102:20 | call to get_field |
+| instance_variables.rb:102:6:102:10 | foo15 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:102:6:102:20 | call to get_field |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:27:25:27:29 | field :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  |
+| instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:27:25:27:29 | field :  | instance_variables.rb:28:9:28:25 | [post] self [@field] :  | instance_variables.rb:104:6:104:10 | [post] foo16 [@field] :  |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:105:6:105:20 | call to get_field |
+| instance_variables.rb:105:6:105:10 | foo16 [@field] :  | instance_variables.rb:13:5:15:7 | self in get_field [@field] :  | instance_variables.rb:14:9:14:21 | return :  | instance_variables.rb:105:6:105:20 | call to get_field |
 #select
 | captured_variables.rb:2:20:2:20 | x | captured_variables.rb:5:20:5:30 | call to source :  | captured_variables.rb:2:20:2:20 | x | $@ | captured_variables.rb:5:20:5:30 | call to source :  | call to source :  |
 | captured_variables.rb:23:14:23:14 | x | captured_variables.rb:27:29:27:39 | call to source :  | captured_variables.rb:23:14:23:14 | x | $@ | captured_variables.rb:27:29:27:39 | call to source :  | call to source :  |
 | captured_variables.rb:34:14:34:14 | x | captured_variables.rb:38:27:38:37 | call to source :  | captured_variables.rb:34:14:34:14 | x | $@ | captured_variables.rb:38:27:38:37 | call to source :  | call to source :  |
 | instance_variables.rb:20:10:20:13 | @foo | instance_variables.rb:19:12:19:21 | call to taint :  | instance_variables.rb:20:10:20:13 | @foo | $@ | instance_variables.rb:19:12:19:21 | call to taint :  | call to taint :  |
-| instance_variables.rb:25:6:25:18 | call to get_field | instance_variables.rb:24:15:24:23 | call to taint :  | instance_variables.rb:25:6:25:18 | call to get_field | $@ | instance_variables.rb:24:15:24:23 | call to taint :  | call to taint :  |
-| instance_variables.rb:29:6:29:18 | call to inc_field | instance_variables.rb:28:15:28:22 | call to taint :  | instance_variables.rb:29:6:29:18 | call to inc_field | $@ | instance_variables.rb:28:15:28:22 | call to taint :  | call to taint :  |
-| instance_variables.rb:33:6:33:15 | call to field | instance_variables.rb:32:14:32:22 | call to taint :  | instance_variables.rb:33:6:33:15 | call to field | $@ | instance_variables.rb:32:14:32:22 | call to taint :  | call to taint :  |
-| instance_variables.rb:37:6:37:19 | call to get_field | instance_variables.rb:36:14:36:22 | call to taint :  | instance_variables.rb:37:6:37:19 | call to get_field | $@ | instance_variables.rb:36:14:36:22 | call to taint :  | call to taint :  |
-| instance_variables.rb:41:6:41:15 | call to field | instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:41:6:41:15 | call to field | $@ | instance_variables.rb:40:16:40:24 | call to taint :  | call to taint :  |
-| instance_variables.rb:49:6:49:19 | call to get_field | instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:49:6:49:19 | call to get_field | $@ | instance_variables.rb:48:18:48:26 | call to taint :  | call to taint :  |
-| instance_variables.rb:53:6:53:19 | call to get_field | instance_variables.rb:40:16:40:24 | call to taint :  | instance_variables.rb:53:6:53:19 | call to get_field | $@ | instance_variables.rb:40:16:40:24 | call to taint :  | call to taint :  |
-| instance_variables.rb:54:6:54:19 | call to get_field | instance_variables.rb:48:18:48:26 | call to taint :  | instance_variables.rb:54:6:54:19 | call to get_field | $@ | instance_variables.rb:48:18:48:26 | call to taint :  | call to taint :  |
-| instance_variables.rb:55:6:55:19 | call to get_field | instance_variables.rb:52:32:52:40 | call to taint :  | instance_variables.rb:55:6:55:19 | call to get_field | $@ | instance_variables.rb:52:32:52:40 | call to taint :  | call to taint :  |
-| instance_variables.rb:60:6:60:19 | call to get_field | instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:60:6:60:19 | call to get_field | $@ | instance_variables.rb:59:45:59:53 | call to taint :  | call to taint :  |
-| instance_variables.rb:61:6:61:19 | call to get_field | instance_variables.rb:59:45:59:53 | call to taint :  | instance_variables.rb:61:6:61:19 | call to get_field | $@ | instance_variables.rb:59:45:59:53 | call to taint :  | call to taint :  |
-| instance_variables.rb:66:6:66:19 | call to get_field | instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:66:6:66:19 | call to get_field | $@ | instance_variables.rb:65:53:65:61 | call to taint :  | call to taint :  |
-| instance_variables.rb:67:6:67:20 | call to get_field | instance_variables.rb:65:53:65:61 | call to taint :  | instance_variables.rb:67:6:67:20 | call to get_field | $@ | instance_variables.rb:65:53:65:61 | call to taint :  | call to taint :  |
-| instance_variables.rb:75:6:75:20 | call to get_field | instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:75:6:75:20 | call to get_field | $@ | instance_variables.rb:70:17:70:25 | call to taint :  | call to taint :  |
-| instance_variables.rb:79:6:79:20 | call to get_field | instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:79:6:79:20 | call to get_field | $@ | instance_variables.rb:70:17:70:25 | call to taint :  | call to taint :  |
-| instance_variables.rb:84:6:84:20 | call to get_field | instance_variables.rb:70:17:70:25 | call to taint :  | instance_variables.rb:84:6:84:20 | call to get_field | $@ | instance_variables.rb:70:17:70:25 | call to taint :  | call to taint :  |
+| instance_variables.rb:40:6:40:18 | call to get_field | instance_variables.rb:39:15:39:23 | call to taint :  | instance_variables.rb:40:6:40:18 | call to get_field | $@ | instance_variables.rb:39:15:39:23 | call to taint :  | call to taint :  |
+| instance_variables.rb:44:6:44:18 | call to inc_field | instance_variables.rb:43:15:43:22 | call to taint :  | instance_variables.rb:44:6:44:18 | call to inc_field | $@ | instance_variables.rb:43:15:43:22 | call to taint :  | call to taint :  |
+| instance_variables.rb:48:6:48:15 | call to field | instance_variables.rb:47:14:47:22 | call to taint :  | instance_variables.rb:48:6:48:15 | call to field | $@ | instance_variables.rb:47:14:47:22 | call to taint :  | call to taint :  |
+| instance_variables.rb:52:6:52:19 | call to get_field | instance_variables.rb:51:14:51:22 | call to taint :  | instance_variables.rb:52:6:52:19 | call to get_field | $@ | instance_variables.rb:51:14:51:22 | call to taint :  | call to taint :  |
+| instance_variables.rb:56:6:56:15 | call to field | instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:56:6:56:15 | call to field | $@ | instance_variables.rb:55:16:55:24 | call to taint :  | call to taint :  |
+| instance_variables.rb:64:6:64:19 | call to get_field | instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:64:6:64:19 | call to get_field | $@ | instance_variables.rb:63:18:63:26 | call to taint :  | call to taint :  |
+| instance_variables.rb:68:6:68:19 | call to get_field | instance_variables.rb:55:16:55:24 | call to taint :  | instance_variables.rb:68:6:68:19 | call to get_field | $@ | instance_variables.rb:55:16:55:24 | call to taint :  | call to taint :  |
+| instance_variables.rb:69:6:69:19 | call to get_field | instance_variables.rb:63:18:63:26 | call to taint :  | instance_variables.rb:69:6:69:19 | call to get_field | $@ | instance_variables.rb:63:18:63:26 | call to taint :  | call to taint :  |
+| instance_variables.rb:70:6:70:19 | call to get_field | instance_variables.rb:67:32:67:40 | call to taint :  | instance_variables.rb:70:6:70:19 | call to get_field | $@ | instance_variables.rb:67:32:67:40 | call to taint :  | call to taint :  |
+| instance_variables.rb:75:6:75:19 | call to get_field | instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:75:6:75:19 | call to get_field | $@ | instance_variables.rb:74:45:74:53 | call to taint :  | call to taint :  |
+| instance_variables.rb:76:6:76:19 | call to get_field | instance_variables.rb:74:45:74:53 | call to taint :  | instance_variables.rb:76:6:76:19 | call to get_field | $@ | instance_variables.rb:74:45:74:53 | call to taint :  | call to taint :  |
+| instance_variables.rb:81:6:81:19 | call to get_field | instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:81:6:81:19 | call to get_field | $@ | instance_variables.rb:80:53:80:61 | call to taint :  | call to taint :  |
+| instance_variables.rb:82:6:82:20 | call to get_field | instance_variables.rb:80:53:80:61 | call to taint :  | instance_variables.rb:82:6:82:20 | call to get_field | $@ | instance_variables.rb:80:53:80:61 | call to taint :  | call to taint :  |
+| instance_variables.rb:90:6:90:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:90:6:90:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint :  | call to taint :  |
+| instance_variables.rb:94:6:94:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:94:6:94:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint :  | call to taint :  |
+| instance_variables.rb:99:6:99:20 | call to get_field | instance_variables.rb:85:17:85:25 | call to taint :  | instance_variables.rb:99:6:99:20 | call to get_field | $@ | instance_variables.rb:85:17:85:25 | call to taint :  | call to taint :  |
+| instance_variables.rb:102:6:102:20 | call to get_field | instance_variables.rb:101:17:101:25 | call to taint :  | instance_variables.rb:102:6:102:20 | call to get_field | $@ | instance_variables.rb:101:17:101:25 | call to taint :  | call to taint :  |
+| instance_variables.rb:104:6:104:37 | call to call_initialize | instance_variables.rb:24:9:24:17 | call to taint :  | instance_variables.rb:104:6:104:37 | call to call_initialize | $@ | instance_variables.rb:24:9:24:17 | call to taint :  | call to taint :  |
+| instance_variables.rb:105:6:105:20 | call to get_field | instance_variables.rb:104:28:104:36 | call to taint :  | instance_variables.rb:105:6:105:20 | call to get_field | $@ | instance_variables.rb:104:28:104:36 | call to taint :  | call to taint :  |
+| instance_variables.rb:107:6:107:8 | bar | instance_variables.rb:34:9:34:17 | call to taint :  | instance_variables.rb:107:6:107:8 | bar | $@ | instance_variables.rb:34:9:34:17 | call to taint :  | call to taint :  |
diff --git a/ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected b/ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected
index 8a8a3b7c977..a5b27a120d9 100644
--- a/ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected
+++ b/ruby/ql/test/library-tests/dataflow/global/TypeTrackingInlineTest.expected
@@ -1,17 +1,19 @@
 | captured_variables.rb:9:14:9:14 | x | Fixed missing result:hasValueFlow=1.2 |
 | captured_variables.rb:16:14:16:14 | x | Fixed missing result:hasValueFlow=1.3 |
 | instance_variables.rb:20:16:20:33 | # $ hasValueFlow=7 | Missing result:hasValueFlow=7 |
-| instance_variables.rb:25:21:25:39 | # $ hasValueFlow=42 | Missing result:hasValueFlow=42 |
-| instance_variables.rb:37:22:37:40 | # $ hasValueFlow=21 | Missing result:hasValueFlow=21 |
-| instance_variables.rb:41:18:41:36 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
-| instance_variables.rb:49:22:49:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
-| instance_variables.rb:53:22:53:40 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
-| instance_variables.rb:54:22:54:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
-| instance_variables.rb:55:22:55:40 | # $ hasValueFlow=25 | Missing result:hasValueFlow=25 |
-| instance_variables.rb:60:22:60:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
-| instance_variables.rb:61:22:61:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
-| instance_variables.rb:66:22:66:40 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
-| instance_variables.rb:67:23:67:41 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
-| instance_variables.rb:75:23:75:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
-| instance_variables.rb:79:23:79:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
-| instance_variables.rb:84:23:84:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
+| instance_variables.rb:40:21:40:39 | # $ hasValueFlow=42 | Missing result:hasValueFlow=42 |
+| instance_variables.rb:52:22:52:40 | # $ hasValueFlow=21 | Missing result:hasValueFlow=21 |
+| instance_variables.rb:56:18:56:36 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
+| instance_variables.rb:64:22:64:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
+| instance_variables.rb:68:22:68:40 | # $ hasValueFlow=22 | Missing result:hasValueFlow=22 |
+| instance_variables.rb:69:22:69:40 | # $ hasValueFlow=24 | Missing result:hasValueFlow=24 |
+| instance_variables.rb:70:22:70:40 | # $ hasValueFlow=25 | Missing result:hasValueFlow=25 |
+| instance_variables.rb:75:22:75:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
+| instance_variables.rb:76:22:76:40 | # $ hasValueFlow=26 | Missing result:hasValueFlow=26 |
+| instance_variables.rb:81:22:81:40 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
+| instance_variables.rb:82:23:82:41 | # $ hasValueFlow=27 | Missing result:hasValueFlow=27 |
+| instance_variables.rb:90:23:90:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
+| instance_variables.rb:94:23:94:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
+| instance_variables.rb:99:23:99:41 | # $ hasValueFlow=28 | Missing result:hasValueFlow=28 |
+| instance_variables.rb:102:23:102:41 | # $ hasValueFlow=29 | Missing result:hasValueFlow=29 |
+| instance_variables.rb:105:23:105:41 | # $ hasValueFlow=30 | Missing result:hasValueFlow=30 |
diff --git a/ruby/ql/test/library-tests/dataflow/global/instance_variables.rb b/ruby/ql/test/library-tests/dataflow/global/instance_variables.rb
index dd8910e2dca..73a13a7d55e 100644
--- a/ruby/ql/test/library-tests/dataflow/global/instance_variables.rb
+++ b/ruby/ql/test/library-tests/dataflow/global/instance_variables.rb
@@ -19,7 +19,22 @@ class Foo
     @foo = taint("7")
     sink(@foo) # $ hasValueFlow=7
 
+    def initialize(field = nil)
+        @field = field
+        taint(31)
+    end
+
+    def call_initialize(field)
+        initialize(field)
+    end
 end
+
+class Bar < Foo
+    def self.new arg
+        taint(32)
+    end
+end
+
 foo = Foo.new
 foo.set_field(taint(42))
 sink(foo.get_field) # $ hasValueFlow=42
@@ -81,4 +96,13 @@ sink(foo12.get_field) # $ hasValueFlow=28
 foo13 = Foo.new
 foo14 = Foo.new
 set_field_on(foo14 = foo13)
-sink(foo13.get_field) # $ hasValueFlow=28
\ No newline at end of file
+sink(foo13.get_field) # $ hasValueFlow=28
+
+foo15 = Foo.new(taint(29))
+sink(foo15.get_field) # $ hasValueFlow=29
+foo16 = Foo.new
+sink(foo16.call_initialize(taint(30))) # $ hasValueFlow=31
+sink(foo16.get_field) # $ hasValueFlow=30
+bar = Bar.new(taint(33))
+sink(bar) # $ hasValueFlow=32
+sink(bar.get_field)
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected
index c6023a039d3..63381fd0624 100644
--- a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected
+++ b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected
@@ -1,6 +1,2405 @@
+| UseUseExplosion.rb:18:5:22:7 | self (m) | UseUseExplosion.rb:20:13:20:17 | self |
+| UseUseExplosion.rb:18:5:22:7 | self in m | UseUseExplosion.rb:18:5:22:7 | self (m) |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(x) |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2111:20:2111 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2127:20:2127 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2143:20:2143 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2159:20:2159 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2175:20:2175 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2191:20:2191 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2207:20:2207 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2223:20:2223 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2239:20:2239 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2255:20:2255 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2271:20:2271 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2287:20:2287 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2303:20:2303 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2319:20:2319 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2335:20:2335 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2351:20:2351 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2367:20:2367 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2383:20:2383 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2399:20:2399 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2415:20:2415 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2431:20:2431 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2447:20:2447 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2463:20:2463 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2479:20:2479 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2495:20:2495 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2511:20:2511 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2527:20:2527 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2543:20:2543 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2559:20:2559 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2575:20:2575 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2591:20:2591 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2607:20:2607 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2623:20:2623 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2639:20:2639 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2655:20:2655 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2671:20:2671 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2687:20:2687 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2703:20:2703 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2719:20:2719 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2735:20:2735 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2751:20:2751 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2767:20:2767 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2783:20:2783 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2799:20:2799 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2815:20:2815 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2831:20:2831 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2847:20:2847 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2863:20:2863 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2879:20:2879 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2895:20:2895 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2911:20:2911 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2927:20:2927 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2943:20:2943 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2959:20:2959 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2975:20:2975 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2991:20:2991 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3007:20:3007 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3023:20:3023 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3039:20:3039 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3055:20:3055 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3071:20:3071 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3087:20:3087 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3103:20:3103 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3119:20:3119 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3135:20:3135 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3151:20:3151 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3167:20:3167 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3183:20:3183 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3199:20:3199 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3215:20:3215 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3231:20:3231 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3247:20:3247 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3263:20:3263 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3279:20:3279 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3295:20:3295 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3311:20:3311 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3327:20:3327 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3343:20:3343 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3359:20:3359 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3375:20:3375 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3391:20:3391 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3407:20:3407 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3423:20:3423 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3439:20:3439 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3455:20:3455 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3471:20:3471 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3487:20:3487 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3503:20:3503 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3519:20:3519 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3535:20:3535 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3551:20:3551 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3567:20:3567 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3583:20:3583 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3599:20:3599 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3615:20:3615 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3631:20:3631 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3647:20:3647 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3663:20:3663 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3679:20:3679 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3695:20:3695 | x |
+| UseUseExplosion.rb:19:13:19:13 | 0 | UseUseExplosion.rb:19:9:19:13 | ... = ... |
+| UseUseExplosion.rb:19:13:19:13 | 0 | UseUseExplosion.rb:19:9:19:13 | ... = ... |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(self) | UseUseExplosion.rb:21:13:21:17 | self |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2111:21:2111 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2127:21:2127 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2143:21:2143 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2159:21:2159 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2175:21:2175 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2191:21:2191 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2207:21:2207 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2223:21:2223 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2239:21:2239 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2255:21:2255 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2271:21:2271 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2287:21:2287 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2303:21:2303 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2319:21:2319 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2335:21:2335 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2351:21:2351 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2367:21:2367 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2383:21:2383 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2399:21:2399 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2415:21:2415 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2431:21:2431 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2447:21:2447 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2463:21:2463 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2479:21:2479 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2495:21:2495 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2511:21:2511 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2527:21:2527 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2543:21:2543 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2559:21:2559 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2575:21:2575 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2591:21:2591 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2607:21:2607 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2623:21:2623 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2639:21:2639 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2655:21:2655 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2671:21:2671 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2687:21:2687 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2703:21:2703 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2719:21:2719 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2735:21:2735 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2751:21:2751 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2767:21:2767 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2783:21:2783 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2799:21:2799 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2815:21:2815 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2831:21:2831 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2847:21:2847 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2863:21:2863 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2879:21:2879 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2895:21:2895 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2911:21:2911 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2927:21:2927 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2943:21:2943 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2959:21:2959 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2975:21:2975 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2991:21:2991 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3007:21:3007 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3023:21:3023 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3039:21:3039 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3055:21:3055 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3071:21:3071 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3087:21:3087 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3103:21:3103 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3119:21:3119 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3135:21:3135 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3151:21:3151 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3167:21:3167 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3183:21:3183 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3199:21:3199 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3215:21:3215 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3231:21:3231 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3247:21:3247 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3263:21:3263 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3279:21:3279 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3295:21:3295 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3311:21:3311 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3327:21:3327 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3343:21:3343 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3359:21:3359 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3375:21:3375 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3391:21:3391 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3407:21:3407 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3423:21:3423 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3439:21:3439 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3455:21:3455 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3471:21:3471 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3487:21:3487 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3503:21:3503 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3519:21:3519 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3535:21:3535 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3551:21:3551 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3567:21:3567 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3583:21:3583 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3599:21:3599 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3615:21:3615 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3631:21:3631 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3647:21:3647 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3663:21:3663 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3679:21:3679 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3695:21:3695 | x |
+| UseUseExplosion.rb:20:13:20:17 | [post] self | UseUseExplosion.rb:20:35:20:39 | self |
+| UseUseExplosion.rb:20:13:20:17 | [post] self | UseUseExplosion.rb:20:3691:20:3696 | self |
+| UseUseExplosion.rb:20:13:20:17 | self | UseUseExplosion.rb:20:35:20:39 | self |
+| UseUseExplosion.rb:20:13:20:17 | self | UseUseExplosion.rb:20:3691:20:3696 | self |
+| UseUseExplosion.rb:20:13:20:23 | ... > ... | UseUseExplosion.rb:20:12:20:24 | [false] ( ... ) |
+| UseUseExplosion.rb:20:13:20:23 | ... > ... | UseUseExplosion.rb:20:12:20:24 | [true] ( ... ) |
+| UseUseExplosion.rb:20:26:20:3684 | then ... | UseUseExplosion.rb:20:9:20:3700 | if ... |
+| UseUseExplosion.rb:20:31:20:3684 | SSA phi read(self) | UseUseExplosion.rb:20:9:20:3700 | SSA phi read(self) |
+| UseUseExplosion.rb:20:31:20:3684 | SSA phi read(x) | UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) |
+| UseUseExplosion.rb:20:31:20:3684 | if ... | UseUseExplosion.rb:20:26:20:3684 | then ... |
+| UseUseExplosion.rb:20:35:20:39 | [post] self | UseUseExplosion.rb:20:56:20:60 | self |
+| UseUseExplosion.rb:20:35:20:39 | [post] self | UseUseExplosion.rb:20:3675:20:3680 | self |
+| UseUseExplosion.rb:20:35:20:39 | self | UseUseExplosion.rb:20:56:20:60 | self |
+| UseUseExplosion.rb:20:35:20:39 | self | UseUseExplosion.rb:20:3675:20:3680 | self |
+| UseUseExplosion.rb:20:35:20:44 | ... > ... | UseUseExplosion.rb:20:34:20:45 | [false] ( ... ) |
+| UseUseExplosion.rb:20:35:20:44 | ... > ... | UseUseExplosion.rb:20:34:20:45 | [true] ( ... ) |
+| UseUseExplosion.rb:20:47:20:3668 | then ... | UseUseExplosion.rb:20:31:20:3684 | if ... |
+| UseUseExplosion.rb:20:52:20:3668 | SSA phi read(self) | UseUseExplosion.rb:20:31:20:3684 | SSA phi read(self) |
+| UseUseExplosion.rb:20:52:20:3668 | SSA phi read(x) | UseUseExplosion.rb:20:31:20:3684 | SSA phi read(x) |
+| UseUseExplosion.rb:20:52:20:3668 | if ... | UseUseExplosion.rb:20:47:20:3668 | then ... |
+| UseUseExplosion.rb:20:56:20:60 | [post] self | UseUseExplosion.rb:20:77:20:81 | self |
+| UseUseExplosion.rb:20:56:20:60 | [post] self | UseUseExplosion.rb:20:3659:20:3664 | self |
+| UseUseExplosion.rb:20:56:20:60 | self | UseUseExplosion.rb:20:77:20:81 | self |
+| UseUseExplosion.rb:20:56:20:60 | self | UseUseExplosion.rb:20:3659:20:3664 | self |
+| UseUseExplosion.rb:20:56:20:65 | ... > ... | UseUseExplosion.rb:20:55:20:66 | [false] ( ... ) |
+| UseUseExplosion.rb:20:56:20:65 | ... > ... | UseUseExplosion.rb:20:55:20:66 | [true] ( ... ) |
+| UseUseExplosion.rb:20:68:20:3652 | then ... | UseUseExplosion.rb:20:52:20:3668 | if ... |
+| UseUseExplosion.rb:20:73:20:3652 | SSA phi read(self) | UseUseExplosion.rb:20:52:20:3668 | SSA phi read(self) |
+| UseUseExplosion.rb:20:73:20:3652 | SSA phi read(x) | UseUseExplosion.rb:20:52:20:3668 | SSA phi read(x) |
+| UseUseExplosion.rb:20:73:20:3652 | if ... | UseUseExplosion.rb:20:68:20:3652 | then ... |
+| UseUseExplosion.rb:20:77:20:81 | [post] self | UseUseExplosion.rb:20:98:20:102 | self |
+| UseUseExplosion.rb:20:77:20:81 | [post] self | UseUseExplosion.rb:20:3643:20:3648 | self |
+| UseUseExplosion.rb:20:77:20:81 | self | UseUseExplosion.rb:20:98:20:102 | self |
+| UseUseExplosion.rb:20:77:20:81 | self | UseUseExplosion.rb:20:3643:20:3648 | self |
+| UseUseExplosion.rb:20:77:20:86 | ... > ... | UseUseExplosion.rb:20:76:20:87 | [false] ( ... ) |
+| UseUseExplosion.rb:20:77:20:86 | ... > ... | UseUseExplosion.rb:20:76:20:87 | [true] ( ... ) |
+| UseUseExplosion.rb:20:89:20:3636 | then ... | UseUseExplosion.rb:20:73:20:3652 | if ... |
+| UseUseExplosion.rb:20:94:20:3636 | SSA phi read(self) | UseUseExplosion.rb:20:73:20:3652 | SSA phi read(self) |
+| UseUseExplosion.rb:20:94:20:3636 | SSA phi read(x) | UseUseExplosion.rb:20:73:20:3652 | SSA phi read(x) |
+| UseUseExplosion.rb:20:94:20:3636 | if ... | UseUseExplosion.rb:20:89:20:3636 | then ... |
+| UseUseExplosion.rb:20:98:20:102 | [post] self | UseUseExplosion.rb:20:119:20:123 | self |
+| UseUseExplosion.rb:20:98:20:102 | [post] self | UseUseExplosion.rb:20:3627:20:3632 | self |
+| UseUseExplosion.rb:20:98:20:102 | self | UseUseExplosion.rb:20:119:20:123 | self |
+| UseUseExplosion.rb:20:98:20:102 | self | UseUseExplosion.rb:20:3627:20:3632 | self |
+| UseUseExplosion.rb:20:98:20:107 | ... > ... | UseUseExplosion.rb:20:97:20:108 | [false] ( ... ) |
+| UseUseExplosion.rb:20:98:20:107 | ... > ... | UseUseExplosion.rb:20:97:20:108 | [true] ( ... ) |
+| UseUseExplosion.rb:20:110:20:3620 | then ... | UseUseExplosion.rb:20:94:20:3636 | if ... |
+| UseUseExplosion.rb:20:115:20:3620 | SSA phi read(self) | UseUseExplosion.rb:20:94:20:3636 | SSA phi read(self) |
+| UseUseExplosion.rb:20:115:20:3620 | SSA phi read(x) | UseUseExplosion.rb:20:94:20:3636 | SSA phi read(x) |
+| UseUseExplosion.rb:20:115:20:3620 | if ... | UseUseExplosion.rb:20:110:20:3620 | then ... |
+| UseUseExplosion.rb:20:119:20:123 | [post] self | UseUseExplosion.rb:20:140:20:144 | self |
+| UseUseExplosion.rb:20:119:20:123 | [post] self | UseUseExplosion.rb:20:3611:20:3616 | self |
+| UseUseExplosion.rb:20:119:20:123 | self | UseUseExplosion.rb:20:140:20:144 | self |
+| UseUseExplosion.rb:20:119:20:123 | self | UseUseExplosion.rb:20:3611:20:3616 | self |
+| UseUseExplosion.rb:20:119:20:128 | ... > ... | UseUseExplosion.rb:20:118:20:129 | [false] ( ... ) |
+| UseUseExplosion.rb:20:119:20:128 | ... > ... | UseUseExplosion.rb:20:118:20:129 | [true] ( ... ) |
+| UseUseExplosion.rb:20:131:20:3604 | then ... | UseUseExplosion.rb:20:115:20:3620 | if ... |
+| UseUseExplosion.rb:20:136:20:3604 | SSA phi read(self) | UseUseExplosion.rb:20:115:20:3620 | SSA phi read(self) |
+| UseUseExplosion.rb:20:136:20:3604 | SSA phi read(x) | UseUseExplosion.rb:20:115:20:3620 | SSA phi read(x) |
+| UseUseExplosion.rb:20:136:20:3604 | if ... | UseUseExplosion.rb:20:131:20:3604 | then ... |
+| UseUseExplosion.rb:20:140:20:144 | [post] self | UseUseExplosion.rb:20:161:20:165 | self |
+| UseUseExplosion.rb:20:140:20:144 | [post] self | UseUseExplosion.rb:20:3595:20:3600 | self |
+| UseUseExplosion.rb:20:140:20:144 | self | UseUseExplosion.rb:20:161:20:165 | self |
+| UseUseExplosion.rb:20:140:20:144 | self | UseUseExplosion.rb:20:3595:20:3600 | self |
+| UseUseExplosion.rb:20:140:20:149 | ... > ... | UseUseExplosion.rb:20:139:20:150 | [false] ( ... ) |
+| UseUseExplosion.rb:20:140:20:149 | ... > ... | UseUseExplosion.rb:20:139:20:150 | [true] ( ... ) |
+| UseUseExplosion.rb:20:152:20:3588 | then ... | UseUseExplosion.rb:20:136:20:3604 | if ... |
+| UseUseExplosion.rb:20:157:20:3588 | SSA phi read(self) | UseUseExplosion.rb:20:136:20:3604 | SSA phi read(self) |
+| UseUseExplosion.rb:20:157:20:3588 | SSA phi read(x) | UseUseExplosion.rb:20:136:20:3604 | SSA phi read(x) |
+| UseUseExplosion.rb:20:157:20:3588 | if ... | UseUseExplosion.rb:20:152:20:3588 | then ... |
+| UseUseExplosion.rb:20:161:20:165 | [post] self | UseUseExplosion.rb:20:182:20:186 | self |
+| UseUseExplosion.rb:20:161:20:165 | [post] self | UseUseExplosion.rb:20:3579:20:3584 | self |
+| UseUseExplosion.rb:20:161:20:165 | self | UseUseExplosion.rb:20:182:20:186 | self |
+| UseUseExplosion.rb:20:161:20:165 | self | UseUseExplosion.rb:20:3579:20:3584 | self |
+| UseUseExplosion.rb:20:161:20:170 | ... > ... | UseUseExplosion.rb:20:160:20:171 | [false] ( ... ) |
+| UseUseExplosion.rb:20:161:20:170 | ... > ... | UseUseExplosion.rb:20:160:20:171 | [true] ( ... ) |
+| UseUseExplosion.rb:20:173:20:3572 | then ... | UseUseExplosion.rb:20:157:20:3588 | if ... |
+| UseUseExplosion.rb:20:178:20:3572 | SSA phi read(self) | UseUseExplosion.rb:20:157:20:3588 | SSA phi read(self) |
+| UseUseExplosion.rb:20:178:20:3572 | SSA phi read(x) | UseUseExplosion.rb:20:157:20:3588 | SSA phi read(x) |
+| UseUseExplosion.rb:20:178:20:3572 | if ... | UseUseExplosion.rb:20:173:20:3572 | then ... |
+| UseUseExplosion.rb:20:182:20:186 | [post] self | UseUseExplosion.rb:20:203:20:207 | self |
+| UseUseExplosion.rb:20:182:20:186 | [post] self | UseUseExplosion.rb:20:3563:20:3568 | self |
+| UseUseExplosion.rb:20:182:20:186 | self | UseUseExplosion.rb:20:203:20:207 | self |
+| UseUseExplosion.rb:20:182:20:186 | self | UseUseExplosion.rb:20:3563:20:3568 | self |
+| UseUseExplosion.rb:20:182:20:191 | ... > ... | UseUseExplosion.rb:20:181:20:192 | [false] ( ... ) |
+| UseUseExplosion.rb:20:182:20:191 | ... > ... | UseUseExplosion.rb:20:181:20:192 | [true] ( ... ) |
+| UseUseExplosion.rb:20:194:20:3556 | then ... | UseUseExplosion.rb:20:178:20:3572 | if ... |
+| UseUseExplosion.rb:20:199:20:3556 | SSA phi read(self) | UseUseExplosion.rb:20:178:20:3572 | SSA phi read(self) |
+| UseUseExplosion.rb:20:199:20:3556 | SSA phi read(x) | UseUseExplosion.rb:20:178:20:3572 | SSA phi read(x) |
+| UseUseExplosion.rb:20:199:20:3556 | if ... | UseUseExplosion.rb:20:194:20:3556 | then ... |
+| UseUseExplosion.rb:20:203:20:207 | [post] self | UseUseExplosion.rb:20:224:20:228 | self |
+| UseUseExplosion.rb:20:203:20:207 | [post] self | UseUseExplosion.rb:20:3547:20:3552 | self |
+| UseUseExplosion.rb:20:203:20:207 | self | UseUseExplosion.rb:20:224:20:228 | self |
+| UseUseExplosion.rb:20:203:20:207 | self | UseUseExplosion.rb:20:3547:20:3552 | self |
+| UseUseExplosion.rb:20:203:20:212 | ... > ... | UseUseExplosion.rb:20:202:20:213 | [false] ( ... ) |
+| UseUseExplosion.rb:20:203:20:212 | ... > ... | UseUseExplosion.rb:20:202:20:213 | [true] ( ... ) |
+| UseUseExplosion.rb:20:215:20:3540 | then ... | UseUseExplosion.rb:20:199:20:3556 | if ... |
+| UseUseExplosion.rb:20:220:20:3540 | SSA phi read(self) | UseUseExplosion.rb:20:199:20:3556 | SSA phi read(self) |
+| UseUseExplosion.rb:20:220:20:3540 | SSA phi read(x) | UseUseExplosion.rb:20:199:20:3556 | SSA phi read(x) |
+| UseUseExplosion.rb:20:220:20:3540 | if ... | UseUseExplosion.rb:20:215:20:3540 | then ... |
+| UseUseExplosion.rb:20:224:20:228 | [post] self | UseUseExplosion.rb:20:245:20:249 | self |
+| UseUseExplosion.rb:20:224:20:228 | [post] self | UseUseExplosion.rb:20:3531:20:3536 | self |
+| UseUseExplosion.rb:20:224:20:228 | self | UseUseExplosion.rb:20:245:20:249 | self |
+| UseUseExplosion.rb:20:224:20:228 | self | UseUseExplosion.rb:20:3531:20:3536 | self |
+| UseUseExplosion.rb:20:224:20:233 | ... > ... | UseUseExplosion.rb:20:223:20:234 | [false] ( ... ) |
+| UseUseExplosion.rb:20:224:20:233 | ... > ... | UseUseExplosion.rb:20:223:20:234 | [true] ( ... ) |
+| UseUseExplosion.rb:20:236:20:3524 | then ... | UseUseExplosion.rb:20:220:20:3540 | if ... |
+| UseUseExplosion.rb:20:241:20:3524 | SSA phi read(self) | UseUseExplosion.rb:20:220:20:3540 | SSA phi read(self) |
+| UseUseExplosion.rb:20:241:20:3524 | SSA phi read(x) | UseUseExplosion.rb:20:220:20:3540 | SSA phi read(x) |
+| UseUseExplosion.rb:20:241:20:3524 | if ... | UseUseExplosion.rb:20:236:20:3524 | then ... |
+| UseUseExplosion.rb:20:245:20:249 | [post] self | UseUseExplosion.rb:20:266:20:270 | self |
+| UseUseExplosion.rb:20:245:20:249 | [post] self | UseUseExplosion.rb:20:3515:20:3520 | self |
+| UseUseExplosion.rb:20:245:20:249 | self | UseUseExplosion.rb:20:266:20:270 | self |
+| UseUseExplosion.rb:20:245:20:249 | self | UseUseExplosion.rb:20:3515:20:3520 | self |
+| UseUseExplosion.rb:20:245:20:254 | ... > ... | UseUseExplosion.rb:20:244:20:255 | [false] ( ... ) |
+| UseUseExplosion.rb:20:245:20:254 | ... > ... | UseUseExplosion.rb:20:244:20:255 | [true] ( ... ) |
+| UseUseExplosion.rb:20:257:20:3508 | then ... | UseUseExplosion.rb:20:241:20:3524 | if ... |
+| UseUseExplosion.rb:20:262:20:3508 | SSA phi read(self) | UseUseExplosion.rb:20:241:20:3524 | SSA phi read(self) |
+| UseUseExplosion.rb:20:262:20:3508 | SSA phi read(x) | UseUseExplosion.rb:20:241:20:3524 | SSA phi read(x) |
+| UseUseExplosion.rb:20:262:20:3508 | if ... | UseUseExplosion.rb:20:257:20:3508 | then ... |
+| UseUseExplosion.rb:20:266:20:270 | [post] self | UseUseExplosion.rb:20:287:20:291 | self |
+| UseUseExplosion.rb:20:266:20:270 | [post] self | UseUseExplosion.rb:20:3499:20:3504 | self |
+| UseUseExplosion.rb:20:266:20:270 | self | UseUseExplosion.rb:20:287:20:291 | self |
+| UseUseExplosion.rb:20:266:20:270 | self | UseUseExplosion.rb:20:3499:20:3504 | self |
+| UseUseExplosion.rb:20:266:20:275 | ... > ... | UseUseExplosion.rb:20:265:20:276 | [false] ( ... ) |
+| UseUseExplosion.rb:20:266:20:275 | ... > ... | UseUseExplosion.rb:20:265:20:276 | [true] ( ... ) |
+| UseUseExplosion.rb:20:278:20:3492 | then ... | UseUseExplosion.rb:20:262:20:3508 | if ... |
+| UseUseExplosion.rb:20:283:20:3492 | SSA phi read(self) | UseUseExplosion.rb:20:262:20:3508 | SSA phi read(self) |
+| UseUseExplosion.rb:20:283:20:3492 | SSA phi read(x) | UseUseExplosion.rb:20:262:20:3508 | SSA phi read(x) |
+| UseUseExplosion.rb:20:283:20:3492 | if ... | UseUseExplosion.rb:20:278:20:3492 | then ... |
+| UseUseExplosion.rb:20:287:20:291 | [post] self | UseUseExplosion.rb:20:308:20:312 | self |
+| UseUseExplosion.rb:20:287:20:291 | [post] self | UseUseExplosion.rb:20:3483:20:3488 | self |
+| UseUseExplosion.rb:20:287:20:291 | self | UseUseExplosion.rb:20:308:20:312 | self |
+| UseUseExplosion.rb:20:287:20:291 | self | UseUseExplosion.rb:20:3483:20:3488 | self |
+| UseUseExplosion.rb:20:287:20:296 | ... > ... | UseUseExplosion.rb:20:286:20:297 | [false] ( ... ) |
+| UseUseExplosion.rb:20:287:20:296 | ... > ... | UseUseExplosion.rb:20:286:20:297 | [true] ( ... ) |
+| UseUseExplosion.rb:20:299:20:3476 | then ... | UseUseExplosion.rb:20:283:20:3492 | if ... |
+| UseUseExplosion.rb:20:304:20:3476 | SSA phi read(self) | UseUseExplosion.rb:20:283:20:3492 | SSA phi read(self) |
+| UseUseExplosion.rb:20:304:20:3476 | SSA phi read(x) | UseUseExplosion.rb:20:283:20:3492 | SSA phi read(x) |
+| UseUseExplosion.rb:20:304:20:3476 | if ... | UseUseExplosion.rb:20:299:20:3476 | then ... |
+| UseUseExplosion.rb:20:308:20:312 | [post] self | UseUseExplosion.rb:20:329:20:333 | self |
+| UseUseExplosion.rb:20:308:20:312 | [post] self | UseUseExplosion.rb:20:3467:20:3472 | self |
+| UseUseExplosion.rb:20:308:20:312 | self | UseUseExplosion.rb:20:329:20:333 | self |
+| UseUseExplosion.rb:20:308:20:312 | self | UseUseExplosion.rb:20:3467:20:3472 | self |
+| UseUseExplosion.rb:20:308:20:317 | ... > ... | UseUseExplosion.rb:20:307:20:318 | [false] ( ... ) |
+| UseUseExplosion.rb:20:308:20:317 | ... > ... | UseUseExplosion.rb:20:307:20:318 | [true] ( ... ) |
+| UseUseExplosion.rb:20:320:20:3460 | then ... | UseUseExplosion.rb:20:304:20:3476 | if ... |
+| UseUseExplosion.rb:20:325:20:3460 | SSA phi read(self) | UseUseExplosion.rb:20:304:20:3476 | SSA phi read(self) |
+| UseUseExplosion.rb:20:325:20:3460 | SSA phi read(x) | UseUseExplosion.rb:20:304:20:3476 | SSA phi read(x) |
+| UseUseExplosion.rb:20:325:20:3460 | if ... | UseUseExplosion.rb:20:320:20:3460 | then ... |
+| UseUseExplosion.rb:20:329:20:333 | [post] self | UseUseExplosion.rb:20:350:20:354 | self |
+| UseUseExplosion.rb:20:329:20:333 | [post] self | UseUseExplosion.rb:20:3451:20:3456 | self |
+| UseUseExplosion.rb:20:329:20:333 | self | UseUseExplosion.rb:20:350:20:354 | self |
+| UseUseExplosion.rb:20:329:20:333 | self | UseUseExplosion.rb:20:3451:20:3456 | self |
+| UseUseExplosion.rb:20:329:20:338 | ... > ... | UseUseExplosion.rb:20:328:20:339 | [false] ( ... ) |
+| UseUseExplosion.rb:20:329:20:338 | ... > ... | UseUseExplosion.rb:20:328:20:339 | [true] ( ... ) |
+| UseUseExplosion.rb:20:341:20:3444 | then ... | UseUseExplosion.rb:20:325:20:3460 | if ... |
+| UseUseExplosion.rb:20:346:20:3444 | SSA phi read(self) | UseUseExplosion.rb:20:325:20:3460 | SSA phi read(self) |
+| UseUseExplosion.rb:20:346:20:3444 | SSA phi read(x) | UseUseExplosion.rb:20:325:20:3460 | SSA phi read(x) |
+| UseUseExplosion.rb:20:346:20:3444 | if ... | UseUseExplosion.rb:20:341:20:3444 | then ... |
+| UseUseExplosion.rb:20:350:20:354 | [post] self | UseUseExplosion.rb:20:371:20:375 | self |
+| UseUseExplosion.rb:20:350:20:354 | [post] self | UseUseExplosion.rb:20:3435:20:3440 | self |
+| UseUseExplosion.rb:20:350:20:354 | self | UseUseExplosion.rb:20:371:20:375 | self |
+| UseUseExplosion.rb:20:350:20:354 | self | UseUseExplosion.rb:20:3435:20:3440 | self |
+| UseUseExplosion.rb:20:350:20:359 | ... > ... | UseUseExplosion.rb:20:349:20:360 | [false] ( ... ) |
+| UseUseExplosion.rb:20:350:20:359 | ... > ... | UseUseExplosion.rb:20:349:20:360 | [true] ( ... ) |
+| UseUseExplosion.rb:20:362:20:3428 | then ... | UseUseExplosion.rb:20:346:20:3444 | if ... |
+| UseUseExplosion.rb:20:367:20:3428 | SSA phi read(self) | UseUseExplosion.rb:20:346:20:3444 | SSA phi read(self) |
+| UseUseExplosion.rb:20:367:20:3428 | SSA phi read(x) | UseUseExplosion.rb:20:346:20:3444 | SSA phi read(x) |
+| UseUseExplosion.rb:20:367:20:3428 | if ... | UseUseExplosion.rb:20:362:20:3428 | then ... |
+| UseUseExplosion.rb:20:371:20:375 | [post] self | UseUseExplosion.rb:20:392:20:396 | self |
+| UseUseExplosion.rb:20:371:20:375 | [post] self | UseUseExplosion.rb:20:3419:20:3424 | self |
+| UseUseExplosion.rb:20:371:20:375 | self | UseUseExplosion.rb:20:392:20:396 | self |
+| UseUseExplosion.rb:20:371:20:375 | self | UseUseExplosion.rb:20:3419:20:3424 | self |
+| UseUseExplosion.rb:20:371:20:380 | ... > ... | UseUseExplosion.rb:20:370:20:381 | [false] ( ... ) |
+| UseUseExplosion.rb:20:371:20:380 | ... > ... | UseUseExplosion.rb:20:370:20:381 | [true] ( ... ) |
+| UseUseExplosion.rb:20:383:20:3412 | then ... | UseUseExplosion.rb:20:367:20:3428 | if ... |
+| UseUseExplosion.rb:20:388:20:3412 | SSA phi read(self) | UseUseExplosion.rb:20:367:20:3428 | SSA phi read(self) |
+| UseUseExplosion.rb:20:388:20:3412 | SSA phi read(x) | UseUseExplosion.rb:20:367:20:3428 | SSA phi read(x) |
+| UseUseExplosion.rb:20:388:20:3412 | if ... | UseUseExplosion.rb:20:383:20:3412 | then ... |
+| UseUseExplosion.rb:20:392:20:396 | [post] self | UseUseExplosion.rb:20:413:20:417 | self |
+| UseUseExplosion.rb:20:392:20:396 | [post] self | UseUseExplosion.rb:20:3403:20:3408 | self |
+| UseUseExplosion.rb:20:392:20:396 | self | UseUseExplosion.rb:20:413:20:417 | self |
+| UseUseExplosion.rb:20:392:20:396 | self | UseUseExplosion.rb:20:3403:20:3408 | self |
+| UseUseExplosion.rb:20:392:20:401 | ... > ... | UseUseExplosion.rb:20:391:20:402 | [false] ( ... ) |
+| UseUseExplosion.rb:20:392:20:401 | ... > ... | UseUseExplosion.rb:20:391:20:402 | [true] ( ... ) |
+| UseUseExplosion.rb:20:404:20:3396 | then ... | UseUseExplosion.rb:20:388:20:3412 | if ... |
+| UseUseExplosion.rb:20:409:20:3396 | SSA phi read(self) | UseUseExplosion.rb:20:388:20:3412 | SSA phi read(self) |
+| UseUseExplosion.rb:20:409:20:3396 | SSA phi read(x) | UseUseExplosion.rb:20:388:20:3412 | SSA phi read(x) |
+| UseUseExplosion.rb:20:409:20:3396 | if ... | UseUseExplosion.rb:20:404:20:3396 | then ... |
+| UseUseExplosion.rb:20:413:20:417 | [post] self | UseUseExplosion.rb:20:434:20:438 | self |
+| UseUseExplosion.rb:20:413:20:417 | [post] self | UseUseExplosion.rb:20:3387:20:3392 | self |
+| UseUseExplosion.rb:20:413:20:417 | self | UseUseExplosion.rb:20:434:20:438 | self |
+| UseUseExplosion.rb:20:413:20:417 | self | UseUseExplosion.rb:20:3387:20:3392 | self |
+| UseUseExplosion.rb:20:413:20:422 | ... > ... | UseUseExplosion.rb:20:412:20:423 | [false] ( ... ) |
+| UseUseExplosion.rb:20:413:20:422 | ... > ... | UseUseExplosion.rb:20:412:20:423 | [true] ( ... ) |
+| UseUseExplosion.rb:20:425:20:3380 | then ... | UseUseExplosion.rb:20:409:20:3396 | if ... |
+| UseUseExplosion.rb:20:430:20:3380 | SSA phi read(self) | UseUseExplosion.rb:20:409:20:3396 | SSA phi read(self) |
+| UseUseExplosion.rb:20:430:20:3380 | SSA phi read(x) | UseUseExplosion.rb:20:409:20:3396 | SSA phi read(x) |
+| UseUseExplosion.rb:20:430:20:3380 | if ... | UseUseExplosion.rb:20:425:20:3380 | then ... |
+| UseUseExplosion.rb:20:434:20:438 | [post] self | UseUseExplosion.rb:20:455:20:459 | self |
+| UseUseExplosion.rb:20:434:20:438 | [post] self | UseUseExplosion.rb:20:3371:20:3376 | self |
+| UseUseExplosion.rb:20:434:20:438 | self | UseUseExplosion.rb:20:455:20:459 | self |
+| UseUseExplosion.rb:20:434:20:438 | self | UseUseExplosion.rb:20:3371:20:3376 | self |
+| UseUseExplosion.rb:20:434:20:443 | ... > ... | UseUseExplosion.rb:20:433:20:444 | [false] ( ... ) |
+| UseUseExplosion.rb:20:434:20:443 | ... > ... | UseUseExplosion.rb:20:433:20:444 | [true] ( ... ) |
+| UseUseExplosion.rb:20:446:20:3364 | then ... | UseUseExplosion.rb:20:430:20:3380 | if ... |
+| UseUseExplosion.rb:20:451:20:3364 | SSA phi read(self) | UseUseExplosion.rb:20:430:20:3380 | SSA phi read(self) |
+| UseUseExplosion.rb:20:451:20:3364 | SSA phi read(x) | UseUseExplosion.rb:20:430:20:3380 | SSA phi read(x) |
+| UseUseExplosion.rb:20:451:20:3364 | if ... | UseUseExplosion.rb:20:446:20:3364 | then ... |
+| UseUseExplosion.rb:20:455:20:459 | [post] self | UseUseExplosion.rb:20:476:20:480 | self |
+| UseUseExplosion.rb:20:455:20:459 | [post] self | UseUseExplosion.rb:20:3355:20:3360 | self |
+| UseUseExplosion.rb:20:455:20:459 | self | UseUseExplosion.rb:20:476:20:480 | self |
+| UseUseExplosion.rb:20:455:20:459 | self | UseUseExplosion.rb:20:3355:20:3360 | self |
+| UseUseExplosion.rb:20:455:20:464 | ... > ... | UseUseExplosion.rb:20:454:20:465 | [false] ( ... ) |
+| UseUseExplosion.rb:20:455:20:464 | ... > ... | UseUseExplosion.rb:20:454:20:465 | [true] ( ... ) |
+| UseUseExplosion.rb:20:467:20:3348 | then ... | UseUseExplosion.rb:20:451:20:3364 | if ... |
+| UseUseExplosion.rb:20:472:20:3348 | SSA phi read(self) | UseUseExplosion.rb:20:451:20:3364 | SSA phi read(self) |
+| UseUseExplosion.rb:20:472:20:3348 | SSA phi read(x) | UseUseExplosion.rb:20:451:20:3364 | SSA phi read(x) |
+| UseUseExplosion.rb:20:472:20:3348 | if ... | UseUseExplosion.rb:20:467:20:3348 | then ... |
+| UseUseExplosion.rb:20:476:20:480 | [post] self | UseUseExplosion.rb:20:497:20:501 | self |
+| UseUseExplosion.rb:20:476:20:480 | [post] self | UseUseExplosion.rb:20:3339:20:3344 | self |
+| UseUseExplosion.rb:20:476:20:480 | self | UseUseExplosion.rb:20:497:20:501 | self |
+| UseUseExplosion.rb:20:476:20:480 | self | UseUseExplosion.rb:20:3339:20:3344 | self |
+| UseUseExplosion.rb:20:476:20:485 | ... > ... | UseUseExplosion.rb:20:475:20:486 | [false] ( ... ) |
+| UseUseExplosion.rb:20:476:20:485 | ... > ... | UseUseExplosion.rb:20:475:20:486 | [true] ( ... ) |
+| UseUseExplosion.rb:20:488:20:3332 | then ... | UseUseExplosion.rb:20:472:20:3348 | if ... |
+| UseUseExplosion.rb:20:493:20:3332 | SSA phi read(self) | UseUseExplosion.rb:20:472:20:3348 | SSA phi read(self) |
+| UseUseExplosion.rb:20:493:20:3332 | SSA phi read(x) | UseUseExplosion.rb:20:472:20:3348 | SSA phi read(x) |
+| UseUseExplosion.rb:20:493:20:3332 | if ... | UseUseExplosion.rb:20:488:20:3332 | then ... |
+| UseUseExplosion.rb:20:497:20:501 | [post] self | UseUseExplosion.rb:20:518:20:522 | self |
+| UseUseExplosion.rb:20:497:20:501 | [post] self | UseUseExplosion.rb:20:3323:20:3328 | self |
+| UseUseExplosion.rb:20:497:20:501 | self | UseUseExplosion.rb:20:518:20:522 | self |
+| UseUseExplosion.rb:20:497:20:501 | self | UseUseExplosion.rb:20:3323:20:3328 | self |
+| UseUseExplosion.rb:20:497:20:506 | ... > ... | UseUseExplosion.rb:20:496:20:507 | [false] ( ... ) |
+| UseUseExplosion.rb:20:497:20:506 | ... > ... | UseUseExplosion.rb:20:496:20:507 | [true] ( ... ) |
+| UseUseExplosion.rb:20:509:20:3316 | then ... | UseUseExplosion.rb:20:493:20:3332 | if ... |
+| UseUseExplosion.rb:20:514:20:3316 | SSA phi read(self) | UseUseExplosion.rb:20:493:20:3332 | SSA phi read(self) |
+| UseUseExplosion.rb:20:514:20:3316 | SSA phi read(x) | UseUseExplosion.rb:20:493:20:3332 | SSA phi read(x) |
+| UseUseExplosion.rb:20:514:20:3316 | if ... | UseUseExplosion.rb:20:509:20:3316 | then ... |
+| UseUseExplosion.rb:20:518:20:522 | [post] self | UseUseExplosion.rb:20:539:20:543 | self |
+| UseUseExplosion.rb:20:518:20:522 | [post] self | UseUseExplosion.rb:20:3307:20:3312 | self |
+| UseUseExplosion.rb:20:518:20:522 | self | UseUseExplosion.rb:20:539:20:543 | self |
+| UseUseExplosion.rb:20:518:20:522 | self | UseUseExplosion.rb:20:3307:20:3312 | self |
+| UseUseExplosion.rb:20:518:20:527 | ... > ... | UseUseExplosion.rb:20:517:20:528 | [false] ( ... ) |
+| UseUseExplosion.rb:20:518:20:527 | ... > ... | UseUseExplosion.rb:20:517:20:528 | [true] ( ... ) |
+| UseUseExplosion.rb:20:530:20:3300 | then ... | UseUseExplosion.rb:20:514:20:3316 | if ... |
+| UseUseExplosion.rb:20:535:20:3300 | SSA phi read(self) | UseUseExplosion.rb:20:514:20:3316 | SSA phi read(self) |
+| UseUseExplosion.rb:20:535:20:3300 | SSA phi read(x) | UseUseExplosion.rb:20:514:20:3316 | SSA phi read(x) |
+| UseUseExplosion.rb:20:535:20:3300 | if ... | UseUseExplosion.rb:20:530:20:3300 | then ... |
+| UseUseExplosion.rb:20:539:20:543 | [post] self | UseUseExplosion.rb:20:560:20:564 | self |
+| UseUseExplosion.rb:20:539:20:543 | [post] self | UseUseExplosion.rb:20:3291:20:3296 | self |
+| UseUseExplosion.rb:20:539:20:543 | self | UseUseExplosion.rb:20:560:20:564 | self |
+| UseUseExplosion.rb:20:539:20:543 | self | UseUseExplosion.rb:20:3291:20:3296 | self |
+| UseUseExplosion.rb:20:539:20:548 | ... > ... | UseUseExplosion.rb:20:538:20:549 | [false] ( ... ) |
+| UseUseExplosion.rb:20:539:20:548 | ... > ... | UseUseExplosion.rb:20:538:20:549 | [true] ( ... ) |
+| UseUseExplosion.rb:20:551:20:3284 | then ... | UseUseExplosion.rb:20:535:20:3300 | if ... |
+| UseUseExplosion.rb:20:556:20:3284 | SSA phi read(self) | UseUseExplosion.rb:20:535:20:3300 | SSA phi read(self) |
+| UseUseExplosion.rb:20:556:20:3284 | SSA phi read(x) | UseUseExplosion.rb:20:535:20:3300 | SSA phi read(x) |
+| UseUseExplosion.rb:20:556:20:3284 | if ... | UseUseExplosion.rb:20:551:20:3284 | then ... |
+| UseUseExplosion.rb:20:560:20:564 | [post] self | UseUseExplosion.rb:20:581:20:585 | self |
+| UseUseExplosion.rb:20:560:20:564 | [post] self | UseUseExplosion.rb:20:3275:20:3280 | self |
+| UseUseExplosion.rb:20:560:20:564 | self | UseUseExplosion.rb:20:581:20:585 | self |
+| UseUseExplosion.rb:20:560:20:564 | self | UseUseExplosion.rb:20:3275:20:3280 | self |
+| UseUseExplosion.rb:20:560:20:569 | ... > ... | UseUseExplosion.rb:20:559:20:570 | [false] ( ... ) |
+| UseUseExplosion.rb:20:560:20:569 | ... > ... | UseUseExplosion.rb:20:559:20:570 | [true] ( ... ) |
+| UseUseExplosion.rb:20:572:20:3268 | then ... | UseUseExplosion.rb:20:556:20:3284 | if ... |
+| UseUseExplosion.rb:20:577:20:3268 | SSA phi read(self) | UseUseExplosion.rb:20:556:20:3284 | SSA phi read(self) |
+| UseUseExplosion.rb:20:577:20:3268 | SSA phi read(x) | UseUseExplosion.rb:20:556:20:3284 | SSA phi read(x) |
+| UseUseExplosion.rb:20:577:20:3268 | if ... | UseUseExplosion.rb:20:572:20:3268 | then ... |
+| UseUseExplosion.rb:20:581:20:585 | [post] self | UseUseExplosion.rb:20:602:20:606 | self |
+| UseUseExplosion.rb:20:581:20:585 | [post] self | UseUseExplosion.rb:20:3259:20:3264 | self |
+| UseUseExplosion.rb:20:581:20:585 | self | UseUseExplosion.rb:20:602:20:606 | self |
+| UseUseExplosion.rb:20:581:20:585 | self | UseUseExplosion.rb:20:3259:20:3264 | self |
+| UseUseExplosion.rb:20:581:20:590 | ... > ... | UseUseExplosion.rb:20:580:20:591 | [false] ( ... ) |
+| UseUseExplosion.rb:20:581:20:590 | ... > ... | UseUseExplosion.rb:20:580:20:591 | [true] ( ... ) |
+| UseUseExplosion.rb:20:593:20:3252 | then ... | UseUseExplosion.rb:20:577:20:3268 | if ... |
+| UseUseExplosion.rb:20:598:20:3252 | SSA phi read(self) | UseUseExplosion.rb:20:577:20:3268 | SSA phi read(self) |
+| UseUseExplosion.rb:20:598:20:3252 | SSA phi read(x) | UseUseExplosion.rb:20:577:20:3268 | SSA phi read(x) |
+| UseUseExplosion.rb:20:598:20:3252 | if ... | UseUseExplosion.rb:20:593:20:3252 | then ... |
+| UseUseExplosion.rb:20:602:20:606 | [post] self | UseUseExplosion.rb:20:623:20:627 | self |
+| UseUseExplosion.rb:20:602:20:606 | [post] self | UseUseExplosion.rb:20:3243:20:3248 | self |
+| UseUseExplosion.rb:20:602:20:606 | self | UseUseExplosion.rb:20:623:20:627 | self |
+| UseUseExplosion.rb:20:602:20:606 | self | UseUseExplosion.rb:20:3243:20:3248 | self |
+| UseUseExplosion.rb:20:602:20:611 | ... > ... | UseUseExplosion.rb:20:601:20:612 | [false] ( ... ) |
+| UseUseExplosion.rb:20:602:20:611 | ... > ... | UseUseExplosion.rb:20:601:20:612 | [true] ( ... ) |
+| UseUseExplosion.rb:20:614:20:3236 | then ... | UseUseExplosion.rb:20:598:20:3252 | if ... |
+| UseUseExplosion.rb:20:619:20:3236 | SSA phi read(self) | UseUseExplosion.rb:20:598:20:3252 | SSA phi read(self) |
+| UseUseExplosion.rb:20:619:20:3236 | SSA phi read(x) | UseUseExplosion.rb:20:598:20:3252 | SSA phi read(x) |
+| UseUseExplosion.rb:20:619:20:3236 | if ... | UseUseExplosion.rb:20:614:20:3236 | then ... |
+| UseUseExplosion.rb:20:623:20:627 | [post] self | UseUseExplosion.rb:20:644:20:648 | self |
+| UseUseExplosion.rb:20:623:20:627 | [post] self | UseUseExplosion.rb:20:3227:20:3232 | self |
+| UseUseExplosion.rb:20:623:20:627 | self | UseUseExplosion.rb:20:644:20:648 | self |
+| UseUseExplosion.rb:20:623:20:627 | self | UseUseExplosion.rb:20:3227:20:3232 | self |
+| UseUseExplosion.rb:20:623:20:632 | ... > ... | UseUseExplosion.rb:20:622:20:633 | [false] ( ... ) |
+| UseUseExplosion.rb:20:623:20:632 | ... > ... | UseUseExplosion.rb:20:622:20:633 | [true] ( ... ) |
+| UseUseExplosion.rb:20:635:20:3220 | then ... | UseUseExplosion.rb:20:619:20:3236 | if ... |
+| UseUseExplosion.rb:20:640:20:3220 | SSA phi read(self) | UseUseExplosion.rb:20:619:20:3236 | SSA phi read(self) |
+| UseUseExplosion.rb:20:640:20:3220 | SSA phi read(x) | UseUseExplosion.rb:20:619:20:3236 | SSA phi read(x) |
+| UseUseExplosion.rb:20:640:20:3220 | if ... | UseUseExplosion.rb:20:635:20:3220 | then ... |
+| UseUseExplosion.rb:20:644:20:648 | [post] self | UseUseExplosion.rb:20:665:20:669 | self |
+| UseUseExplosion.rb:20:644:20:648 | [post] self | UseUseExplosion.rb:20:3211:20:3216 | self |
+| UseUseExplosion.rb:20:644:20:648 | self | UseUseExplosion.rb:20:665:20:669 | self |
+| UseUseExplosion.rb:20:644:20:648 | self | UseUseExplosion.rb:20:3211:20:3216 | self |
+| UseUseExplosion.rb:20:644:20:653 | ... > ... | UseUseExplosion.rb:20:643:20:654 | [false] ( ... ) |
+| UseUseExplosion.rb:20:644:20:653 | ... > ... | UseUseExplosion.rb:20:643:20:654 | [true] ( ... ) |
+| UseUseExplosion.rb:20:656:20:3204 | then ... | UseUseExplosion.rb:20:640:20:3220 | if ... |
+| UseUseExplosion.rb:20:661:20:3204 | SSA phi read(self) | UseUseExplosion.rb:20:640:20:3220 | SSA phi read(self) |
+| UseUseExplosion.rb:20:661:20:3204 | SSA phi read(x) | UseUseExplosion.rb:20:640:20:3220 | SSA phi read(x) |
+| UseUseExplosion.rb:20:661:20:3204 | if ... | UseUseExplosion.rb:20:656:20:3204 | then ... |
+| UseUseExplosion.rb:20:665:20:669 | [post] self | UseUseExplosion.rb:20:686:20:690 | self |
+| UseUseExplosion.rb:20:665:20:669 | [post] self | UseUseExplosion.rb:20:3195:20:3200 | self |
+| UseUseExplosion.rb:20:665:20:669 | self | UseUseExplosion.rb:20:686:20:690 | self |
+| UseUseExplosion.rb:20:665:20:669 | self | UseUseExplosion.rb:20:3195:20:3200 | self |
+| UseUseExplosion.rb:20:665:20:674 | ... > ... | UseUseExplosion.rb:20:664:20:675 | [false] ( ... ) |
+| UseUseExplosion.rb:20:665:20:674 | ... > ... | UseUseExplosion.rb:20:664:20:675 | [true] ( ... ) |
+| UseUseExplosion.rb:20:677:20:3188 | then ... | UseUseExplosion.rb:20:661:20:3204 | if ... |
+| UseUseExplosion.rb:20:682:20:3188 | SSA phi read(self) | UseUseExplosion.rb:20:661:20:3204 | SSA phi read(self) |
+| UseUseExplosion.rb:20:682:20:3188 | SSA phi read(x) | UseUseExplosion.rb:20:661:20:3204 | SSA phi read(x) |
+| UseUseExplosion.rb:20:682:20:3188 | if ... | UseUseExplosion.rb:20:677:20:3188 | then ... |
+| UseUseExplosion.rb:20:686:20:690 | [post] self | UseUseExplosion.rb:20:707:20:711 | self |
+| UseUseExplosion.rb:20:686:20:690 | [post] self | UseUseExplosion.rb:20:3179:20:3184 | self |
+| UseUseExplosion.rb:20:686:20:690 | self | UseUseExplosion.rb:20:707:20:711 | self |
+| UseUseExplosion.rb:20:686:20:690 | self | UseUseExplosion.rb:20:3179:20:3184 | self |
+| UseUseExplosion.rb:20:686:20:695 | ... > ... | UseUseExplosion.rb:20:685:20:696 | [false] ( ... ) |
+| UseUseExplosion.rb:20:686:20:695 | ... > ... | UseUseExplosion.rb:20:685:20:696 | [true] ( ... ) |
+| UseUseExplosion.rb:20:698:20:3172 | then ... | UseUseExplosion.rb:20:682:20:3188 | if ... |
+| UseUseExplosion.rb:20:703:20:3172 | SSA phi read(self) | UseUseExplosion.rb:20:682:20:3188 | SSA phi read(self) |
+| UseUseExplosion.rb:20:703:20:3172 | SSA phi read(x) | UseUseExplosion.rb:20:682:20:3188 | SSA phi read(x) |
+| UseUseExplosion.rb:20:703:20:3172 | if ... | UseUseExplosion.rb:20:698:20:3172 | then ... |
+| UseUseExplosion.rb:20:707:20:711 | [post] self | UseUseExplosion.rb:20:728:20:732 | self |
+| UseUseExplosion.rb:20:707:20:711 | [post] self | UseUseExplosion.rb:20:3163:20:3168 | self |
+| UseUseExplosion.rb:20:707:20:711 | self | UseUseExplosion.rb:20:728:20:732 | self |
+| UseUseExplosion.rb:20:707:20:711 | self | UseUseExplosion.rb:20:3163:20:3168 | self |
+| UseUseExplosion.rb:20:707:20:716 | ... > ... | UseUseExplosion.rb:20:706:20:717 | [false] ( ... ) |
+| UseUseExplosion.rb:20:707:20:716 | ... > ... | UseUseExplosion.rb:20:706:20:717 | [true] ( ... ) |
+| UseUseExplosion.rb:20:719:20:3156 | then ... | UseUseExplosion.rb:20:703:20:3172 | if ... |
+| UseUseExplosion.rb:20:724:20:3156 | SSA phi read(self) | UseUseExplosion.rb:20:703:20:3172 | SSA phi read(self) |
+| UseUseExplosion.rb:20:724:20:3156 | SSA phi read(x) | UseUseExplosion.rb:20:703:20:3172 | SSA phi read(x) |
+| UseUseExplosion.rb:20:724:20:3156 | if ... | UseUseExplosion.rb:20:719:20:3156 | then ... |
+| UseUseExplosion.rb:20:728:20:732 | [post] self | UseUseExplosion.rb:20:749:20:753 | self |
+| UseUseExplosion.rb:20:728:20:732 | [post] self | UseUseExplosion.rb:20:3147:20:3152 | self |
+| UseUseExplosion.rb:20:728:20:732 | self | UseUseExplosion.rb:20:749:20:753 | self |
+| UseUseExplosion.rb:20:728:20:732 | self | UseUseExplosion.rb:20:3147:20:3152 | self |
+| UseUseExplosion.rb:20:728:20:737 | ... > ... | UseUseExplosion.rb:20:727:20:738 | [false] ( ... ) |
+| UseUseExplosion.rb:20:728:20:737 | ... > ... | UseUseExplosion.rb:20:727:20:738 | [true] ( ... ) |
+| UseUseExplosion.rb:20:740:20:3140 | then ... | UseUseExplosion.rb:20:724:20:3156 | if ... |
+| UseUseExplosion.rb:20:745:20:3140 | SSA phi read(self) | UseUseExplosion.rb:20:724:20:3156 | SSA phi read(self) |
+| UseUseExplosion.rb:20:745:20:3140 | SSA phi read(x) | UseUseExplosion.rb:20:724:20:3156 | SSA phi read(x) |
+| UseUseExplosion.rb:20:745:20:3140 | if ... | UseUseExplosion.rb:20:740:20:3140 | then ... |
+| UseUseExplosion.rb:20:749:20:753 | [post] self | UseUseExplosion.rb:20:770:20:774 | self |
+| UseUseExplosion.rb:20:749:20:753 | [post] self | UseUseExplosion.rb:20:3131:20:3136 | self |
+| UseUseExplosion.rb:20:749:20:753 | self | UseUseExplosion.rb:20:770:20:774 | self |
+| UseUseExplosion.rb:20:749:20:753 | self | UseUseExplosion.rb:20:3131:20:3136 | self |
+| UseUseExplosion.rb:20:749:20:758 | ... > ... | UseUseExplosion.rb:20:748:20:759 | [false] ( ... ) |
+| UseUseExplosion.rb:20:749:20:758 | ... > ... | UseUseExplosion.rb:20:748:20:759 | [true] ( ... ) |
+| UseUseExplosion.rb:20:761:20:3124 | then ... | UseUseExplosion.rb:20:745:20:3140 | if ... |
+| UseUseExplosion.rb:20:766:20:3124 | SSA phi read(self) | UseUseExplosion.rb:20:745:20:3140 | SSA phi read(self) |
+| UseUseExplosion.rb:20:766:20:3124 | SSA phi read(x) | UseUseExplosion.rb:20:745:20:3140 | SSA phi read(x) |
+| UseUseExplosion.rb:20:766:20:3124 | if ... | UseUseExplosion.rb:20:761:20:3124 | then ... |
+| UseUseExplosion.rb:20:770:20:774 | [post] self | UseUseExplosion.rb:20:791:20:795 | self |
+| UseUseExplosion.rb:20:770:20:774 | [post] self | UseUseExplosion.rb:20:3115:20:3120 | self |
+| UseUseExplosion.rb:20:770:20:774 | self | UseUseExplosion.rb:20:791:20:795 | self |
+| UseUseExplosion.rb:20:770:20:774 | self | UseUseExplosion.rb:20:3115:20:3120 | self |
+| UseUseExplosion.rb:20:770:20:779 | ... > ... | UseUseExplosion.rb:20:769:20:780 | [false] ( ... ) |
+| UseUseExplosion.rb:20:770:20:779 | ... > ... | UseUseExplosion.rb:20:769:20:780 | [true] ( ... ) |
+| UseUseExplosion.rb:20:782:20:3108 | then ... | UseUseExplosion.rb:20:766:20:3124 | if ... |
+| UseUseExplosion.rb:20:787:20:3108 | SSA phi read(self) | UseUseExplosion.rb:20:766:20:3124 | SSA phi read(self) |
+| UseUseExplosion.rb:20:787:20:3108 | SSA phi read(x) | UseUseExplosion.rb:20:766:20:3124 | SSA phi read(x) |
+| UseUseExplosion.rb:20:787:20:3108 | if ... | UseUseExplosion.rb:20:782:20:3108 | then ... |
+| UseUseExplosion.rb:20:791:20:795 | [post] self | UseUseExplosion.rb:20:812:20:816 | self |
+| UseUseExplosion.rb:20:791:20:795 | [post] self | UseUseExplosion.rb:20:3099:20:3104 | self |
+| UseUseExplosion.rb:20:791:20:795 | self | UseUseExplosion.rb:20:812:20:816 | self |
+| UseUseExplosion.rb:20:791:20:795 | self | UseUseExplosion.rb:20:3099:20:3104 | self |
+| UseUseExplosion.rb:20:791:20:800 | ... > ... | UseUseExplosion.rb:20:790:20:801 | [false] ( ... ) |
+| UseUseExplosion.rb:20:791:20:800 | ... > ... | UseUseExplosion.rb:20:790:20:801 | [true] ( ... ) |
+| UseUseExplosion.rb:20:803:20:3092 | then ... | UseUseExplosion.rb:20:787:20:3108 | if ... |
+| UseUseExplosion.rb:20:808:20:3092 | SSA phi read(self) | UseUseExplosion.rb:20:787:20:3108 | SSA phi read(self) |
+| UseUseExplosion.rb:20:808:20:3092 | SSA phi read(x) | UseUseExplosion.rb:20:787:20:3108 | SSA phi read(x) |
+| UseUseExplosion.rb:20:808:20:3092 | if ... | UseUseExplosion.rb:20:803:20:3092 | then ... |
+| UseUseExplosion.rb:20:812:20:816 | [post] self | UseUseExplosion.rb:20:833:20:837 | self |
+| UseUseExplosion.rb:20:812:20:816 | [post] self | UseUseExplosion.rb:20:3083:20:3088 | self |
+| UseUseExplosion.rb:20:812:20:816 | self | UseUseExplosion.rb:20:833:20:837 | self |
+| UseUseExplosion.rb:20:812:20:816 | self | UseUseExplosion.rb:20:3083:20:3088 | self |
+| UseUseExplosion.rb:20:812:20:821 | ... > ... | UseUseExplosion.rb:20:811:20:822 | [false] ( ... ) |
+| UseUseExplosion.rb:20:812:20:821 | ... > ... | UseUseExplosion.rb:20:811:20:822 | [true] ( ... ) |
+| UseUseExplosion.rb:20:824:20:3076 | then ... | UseUseExplosion.rb:20:808:20:3092 | if ... |
+| UseUseExplosion.rb:20:829:20:3076 | SSA phi read(self) | UseUseExplosion.rb:20:808:20:3092 | SSA phi read(self) |
+| UseUseExplosion.rb:20:829:20:3076 | SSA phi read(x) | UseUseExplosion.rb:20:808:20:3092 | SSA phi read(x) |
+| UseUseExplosion.rb:20:829:20:3076 | if ... | UseUseExplosion.rb:20:824:20:3076 | then ... |
+| UseUseExplosion.rb:20:833:20:837 | [post] self | UseUseExplosion.rb:20:854:20:858 | self |
+| UseUseExplosion.rb:20:833:20:837 | [post] self | UseUseExplosion.rb:20:3067:20:3072 | self |
+| UseUseExplosion.rb:20:833:20:837 | self | UseUseExplosion.rb:20:854:20:858 | self |
+| UseUseExplosion.rb:20:833:20:837 | self | UseUseExplosion.rb:20:3067:20:3072 | self |
+| UseUseExplosion.rb:20:833:20:842 | ... > ... | UseUseExplosion.rb:20:832:20:843 | [false] ( ... ) |
+| UseUseExplosion.rb:20:833:20:842 | ... > ... | UseUseExplosion.rb:20:832:20:843 | [true] ( ... ) |
+| UseUseExplosion.rb:20:845:20:3060 | then ... | UseUseExplosion.rb:20:829:20:3076 | if ... |
+| UseUseExplosion.rb:20:850:20:3060 | SSA phi read(self) | UseUseExplosion.rb:20:829:20:3076 | SSA phi read(self) |
+| UseUseExplosion.rb:20:850:20:3060 | SSA phi read(x) | UseUseExplosion.rb:20:829:20:3076 | SSA phi read(x) |
+| UseUseExplosion.rb:20:850:20:3060 | if ... | UseUseExplosion.rb:20:845:20:3060 | then ... |
+| UseUseExplosion.rb:20:854:20:858 | [post] self | UseUseExplosion.rb:20:875:20:879 | self |
+| UseUseExplosion.rb:20:854:20:858 | [post] self | UseUseExplosion.rb:20:3051:20:3056 | self |
+| UseUseExplosion.rb:20:854:20:858 | self | UseUseExplosion.rb:20:875:20:879 | self |
+| UseUseExplosion.rb:20:854:20:858 | self | UseUseExplosion.rb:20:3051:20:3056 | self |
+| UseUseExplosion.rb:20:854:20:863 | ... > ... | UseUseExplosion.rb:20:853:20:864 | [false] ( ... ) |
+| UseUseExplosion.rb:20:854:20:863 | ... > ... | UseUseExplosion.rb:20:853:20:864 | [true] ( ... ) |
+| UseUseExplosion.rb:20:866:20:3044 | then ... | UseUseExplosion.rb:20:850:20:3060 | if ... |
+| UseUseExplosion.rb:20:871:20:3044 | SSA phi read(self) | UseUseExplosion.rb:20:850:20:3060 | SSA phi read(self) |
+| UseUseExplosion.rb:20:871:20:3044 | SSA phi read(x) | UseUseExplosion.rb:20:850:20:3060 | SSA phi read(x) |
+| UseUseExplosion.rb:20:871:20:3044 | if ... | UseUseExplosion.rb:20:866:20:3044 | then ... |
+| UseUseExplosion.rb:20:875:20:879 | [post] self | UseUseExplosion.rb:20:896:20:900 | self |
+| UseUseExplosion.rb:20:875:20:879 | [post] self | UseUseExplosion.rb:20:3035:20:3040 | self |
+| UseUseExplosion.rb:20:875:20:879 | self | UseUseExplosion.rb:20:896:20:900 | self |
+| UseUseExplosion.rb:20:875:20:879 | self | UseUseExplosion.rb:20:3035:20:3040 | self |
+| UseUseExplosion.rb:20:875:20:884 | ... > ... | UseUseExplosion.rb:20:874:20:885 | [false] ( ... ) |
+| UseUseExplosion.rb:20:875:20:884 | ... > ... | UseUseExplosion.rb:20:874:20:885 | [true] ( ... ) |
+| UseUseExplosion.rb:20:887:20:3028 | then ... | UseUseExplosion.rb:20:871:20:3044 | if ... |
+| UseUseExplosion.rb:20:892:20:3028 | SSA phi read(self) | UseUseExplosion.rb:20:871:20:3044 | SSA phi read(self) |
+| UseUseExplosion.rb:20:892:20:3028 | SSA phi read(x) | UseUseExplosion.rb:20:871:20:3044 | SSA phi read(x) |
+| UseUseExplosion.rb:20:892:20:3028 | if ... | UseUseExplosion.rb:20:887:20:3028 | then ... |
+| UseUseExplosion.rb:20:896:20:900 | [post] self | UseUseExplosion.rb:20:917:20:921 | self |
+| UseUseExplosion.rb:20:896:20:900 | [post] self | UseUseExplosion.rb:20:3019:20:3024 | self |
+| UseUseExplosion.rb:20:896:20:900 | self | UseUseExplosion.rb:20:917:20:921 | self |
+| UseUseExplosion.rb:20:896:20:900 | self | UseUseExplosion.rb:20:3019:20:3024 | self |
+| UseUseExplosion.rb:20:896:20:905 | ... > ... | UseUseExplosion.rb:20:895:20:906 | [false] ( ... ) |
+| UseUseExplosion.rb:20:896:20:905 | ... > ... | UseUseExplosion.rb:20:895:20:906 | [true] ( ... ) |
+| UseUseExplosion.rb:20:908:20:3012 | then ... | UseUseExplosion.rb:20:892:20:3028 | if ... |
+| UseUseExplosion.rb:20:913:20:3012 | SSA phi read(self) | UseUseExplosion.rb:20:892:20:3028 | SSA phi read(self) |
+| UseUseExplosion.rb:20:913:20:3012 | SSA phi read(x) | UseUseExplosion.rb:20:892:20:3028 | SSA phi read(x) |
+| UseUseExplosion.rb:20:913:20:3012 | if ... | UseUseExplosion.rb:20:908:20:3012 | then ... |
+| UseUseExplosion.rb:20:917:20:921 | [post] self | UseUseExplosion.rb:20:938:20:942 | self |
+| UseUseExplosion.rb:20:917:20:921 | [post] self | UseUseExplosion.rb:20:3003:20:3008 | self |
+| UseUseExplosion.rb:20:917:20:921 | self | UseUseExplosion.rb:20:938:20:942 | self |
+| UseUseExplosion.rb:20:917:20:921 | self | UseUseExplosion.rb:20:3003:20:3008 | self |
+| UseUseExplosion.rb:20:917:20:926 | ... > ... | UseUseExplosion.rb:20:916:20:927 | [false] ( ... ) |
+| UseUseExplosion.rb:20:917:20:926 | ... > ... | UseUseExplosion.rb:20:916:20:927 | [true] ( ... ) |
+| UseUseExplosion.rb:20:929:20:2996 | then ... | UseUseExplosion.rb:20:913:20:3012 | if ... |
+| UseUseExplosion.rb:20:934:20:2996 | SSA phi read(self) | UseUseExplosion.rb:20:913:20:3012 | SSA phi read(self) |
+| UseUseExplosion.rb:20:934:20:2996 | SSA phi read(x) | UseUseExplosion.rb:20:913:20:3012 | SSA phi read(x) |
+| UseUseExplosion.rb:20:934:20:2996 | if ... | UseUseExplosion.rb:20:929:20:2996 | then ... |
+| UseUseExplosion.rb:20:938:20:942 | [post] self | UseUseExplosion.rb:20:959:20:963 | self |
+| UseUseExplosion.rb:20:938:20:942 | [post] self | UseUseExplosion.rb:20:2987:20:2992 | self |
+| UseUseExplosion.rb:20:938:20:942 | self | UseUseExplosion.rb:20:959:20:963 | self |
+| UseUseExplosion.rb:20:938:20:942 | self | UseUseExplosion.rb:20:2987:20:2992 | self |
+| UseUseExplosion.rb:20:938:20:947 | ... > ... | UseUseExplosion.rb:20:937:20:948 | [false] ( ... ) |
+| UseUseExplosion.rb:20:938:20:947 | ... > ... | UseUseExplosion.rb:20:937:20:948 | [true] ( ... ) |
+| UseUseExplosion.rb:20:950:20:2980 | then ... | UseUseExplosion.rb:20:934:20:2996 | if ... |
+| UseUseExplosion.rb:20:955:20:2980 | SSA phi read(self) | UseUseExplosion.rb:20:934:20:2996 | SSA phi read(self) |
+| UseUseExplosion.rb:20:955:20:2980 | SSA phi read(x) | UseUseExplosion.rb:20:934:20:2996 | SSA phi read(x) |
+| UseUseExplosion.rb:20:955:20:2980 | if ... | UseUseExplosion.rb:20:950:20:2980 | then ... |
+| UseUseExplosion.rb:20:959:20:963 | [post] self | UseUseExplosion.rb:20:980:20:984 | self |
+| UseUseExplosion.rb:20:959:20:963 | [post] self | UseUseExplosion.rb:20:2971:20:2976 | self |
+| UseUseExplosion.rb:20:959:20:963 | self | UseUseExplosion.rb:20:980:20:984 | self |
+| UseUseExplosion.rb:20:959:20:963 | self | UseUseExplosion.rb:20:2971:20:2976 | self |
+| UseUseExplosion.rb:20:959:20:968 | ... > ... | UseUseExplosion.rb:20:958:20:969 | [false] ( ... ) |
+| UseUseExplosion.rb:20:959:20:968 | ... > ... | UseUseExplosion.rb:20:958:20:969 | [true] ( ... ) |
+| UseUseExplosion.rb:20:971:20:2964 | then ... | UseUseExplosion.rb:20:955:20:2980 | if ... |
+| UseUseExplosion.rb:20:976:20:2964 | SSA phi read(self) | UseUseExplosion.rb:20:955:20:2980 | SSA phi read(self) |
+| UseUseExplosion.rb:20:976:20:2964 | SSA phi read(x) | UseUseExplosion.rb:20:955:20:2980 | SSA phi read(x) |
+| UseUseExplosion.rb:20:976:20:2964 | if ... | UseUseExplosion.rb:20:971:20:2964 | then ... |
+| UseUseExplosion.rb:20:980:20:984 | [post] self | UseUseExplosion.rb:20:1001:20:1005 | self |
+| UseUseExplosion.rb:20:980:20:984 | [post] self | UseUseExplosion.rb:20:2955:20:2960 | self |
+| UseUseExplosion.rb:20:980:20:984 | self | UseUseExplosion.rb:20:1001:20:1005 | self |
+| UseUseExplosion.rb:20:980:20:984 | self | UseUseExplosion.rb:20:2955:20:2960 | self |
+| UseUseExplosion.rb:20:980:20:989 | ... > ... | UseUseExplosion.rb:20:979:20:990 | [false] ( ... ) |
+| UseUseExplosion.rb:20:980:20:989 | ... > ... | UseUseExplosion.rb:20:979:20:990 | [true] ( ... ) |
+| UseUseExplosion.rb:20:992:20:2948 | then ... | UseUseExplosion.rb:20:976:20:2964 | if ... |
+| UseUseExplosion.rb:20:997:20:2948 | SSA phi read(self) | UseUseExplosion.rb:20:976:20:2964 | SSA phi read(self) |
+| UseUseExplosion.rb:20:997:20:2948 | SSA phi read(x) | UseUseExplosion.rb:20:976:20:2964 | SSA phi read(x) |
+| UseUseExplosion.rb:20:997:20:2948 | if ... | UseUseExplosion.rb:20:992:20:2948 | then ... |
+| UseUseExplosion.rb:20:1001:20:1005 | [post] self | UseUseExplosion.rb:20:1022:20:1026 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | [post] self | UseUseExplosion.rb:20:2939:20:2944 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | self | UseUseExplosion.rb:20:1022:20:1026 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | self | UseUseExplosion.rb:20:2939:20:2944 | self |
+| UseUseExplosion.rb:20:1001:20:1010 | ... > ... | UseUseExplosion.rb:20:1000:20:1011 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1001:20:1010 | ... > ... | UseUseExplosion.rb:20:1000:20:1011 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1013:20:2932 | then ... | UseUseExplosion.rb:20:997:20:2948 | if ... |
+| UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(self) | UseUseExplosion.rb:20:997:20:2948 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(x) | UseUseExplosion.rb:20:997:20:2948 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1018:20:2932 | if ... | UseUseExplosion.rb:20:1013:20:2932 | then ... |
+| UseUseExplosion.rb:20:1022:20:1026 | [post] self | UseUseExplosion.rb:20:1043:20:1047 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | [post] self | UseUseExplosion.rb:20:2923:20:2928 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | self | UseUseExplosion.rb:20:1043:20:1047 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | self | UseUseExplosion.rb:20:2923:20:2928 | self |
+| UseUseExplosion.rb:20:1022:20:1031 | ... > ... | UseUseExplosion.rb:20:1021:20:1032 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1022:20:1031 | ... > ... | UseUseExplosion.rb:20:1021:20:1032 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1034:20:2916 | then ... | UseUseExplosion.rb:20:1018:20:2932 | if ... |
+| UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(self) | UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(x) | UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1039:20:2916 | if ... | UseUseExplosion.rb:20:1034:20:2916 | then ... |
+| UseUseExplosion.rb:20:1043:20:1047 | [post] self | UseUseExplosion.rb:20:1064:20:1068 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | [post] self | UseUseExplosion.rb:20:2907:20:2912 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | self | UseUseExplosion.rb:20:1064:20:1068 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | self | UseUseExplosion.rb:20:2907:20:2912 | self |
+| UseUseExplosion.rb:20:1043:20:1052 | ... > ... | UseUseExplosion.rb:20:1042:20:1053 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1043:20:1052 | ... > ... | UseUseExplosion.rb:20:1042:20:1053 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1055:20:2900 | then ... | UseUseExplosion.rb:20:1039:20:2916 | if ... |
+| UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(self) | UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(x) | UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1060:20:2900 | if ... | UseUseExplosion.rb:20:1055:20:2900 | then ... |
+| UseUseExplosion.rb:20:1064:20:1068 | [post] self | UseUseExplosion.rb:20:1085:20:1089 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | [post] self | UseUseExplosion.rb:20:2891:20:2896 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | self | UseUseExplosion.rb:20:1085:20:1089 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | self | UseUseExplosion.rb:20:2891:20:2896 | self |
+| UseUseExplosion.rb:20:1064:20:1073 | ... > ... | UseUseExplosion.rb:20:1063:20:1074 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1064:20:1073 | ... > ... | UseUseExplosion.rb:20:1063:20:1074 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1076:20:2884 | then ... | UseUseExplosion.rb:20:1060:20:2900 | if ... |
+| UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(self) | UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(x) | UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1081:20:2884 | if ... | UseUseExplosion.rb:20:1076:20:2884 | then ... |
+| UseUseExplosion.rb:20:1085:20:1089 | [post] self | UseUseExplosion.rb:20:1106:20:1110 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | [post] self | UseUseExplosion.rb:20:2875:20:2880 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | self | UseUseExplosion.rb:20:1106:20:1110 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | self | UseUseExplosion.rb:20:2875:20:2880 | self |
+| UseUseExplosion.rb:20:1085:20:1094 | ... > ... | UseUseExplosion.rb:20:1084:20:1095 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1085:20:1094 | ... > ... | UseUseExplosion.rb:20:1084:20:1095 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1097:20:2868 | then ... | UseUseExplosion.rb:20:1081:20:2884 | if ... |
+| UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(self) | UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(x) | UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1102:20:2868 | if ... | UseUseExplosion.rb:20:1097:20:2868 | then ... |
+| UseUseExplosion.rb:20:1106:20:1110 | [post] self | UseUseExplosion.rb:20:1127:20:1131 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | [post] self | UseUseExplosion.rb:20:2859:20:2864 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | self | UseUseExplosion.rb:20:1127:20:1131 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | self | UseUseExplosion.rb:20:2859:20:2864 | self |
+| UseUseExplosion.rb:20:1106:20:1115 | ... > ... | UseUseExplosion.rb:20:1105:20:1116 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1106:20:1115 | ... > ... | UseUseExplosion.rb:20:1105:20:1116 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1118:20:2852 | then ... | UseUseExplosion.rb:20:1102:20:2868 | if ... |
+| UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(self) | UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(x) | UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1123:20:2852 | if ... | UseUseExplosion.rb:20:1118:20:2852 | then ... |
+| UseUseExplosion.rb:20:1127:20:1131 | [post] self | UseUseExplosion.rb:20:1148:20:1152 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | [post] self | UseUseExplosion.rb:20:2843:20:2848 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | self | UseUseExplosion.rb:20:1148:20:1152 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | self | UseUseExplosion.rb:20:2843:20:2848 | self |
+| UseUseExplosion.rb:20:1127:20:1136 | ... > ... | UseUseExplosion.rb:20:1126:20:1137 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1127:20:1136 | ... > ... | UseUseExplosion.rb:20:1126:20:1137 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1139:20:2836 | then ... | UseUseExplosion.rb:20:1123:20:2852 | if ... |
+| UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(self) | UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(x) | UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1144:20:2836 | if ... | UseUseExplosion.rb:20:1139:20:2836 | then ... |
+| UseUseExplosion.rb:20:1148:20:1152 | [post] self | UseUseExplosion.rb:20:1169:20:1173 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | [post] self | UseUseExplosion.rb:20:2827:20:2832 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | self | UseUseExplosion.rb:20:1169:20:1173 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | self | UseUseExplosion.rb:20:2827:20:2832 | self |
+| UseUseExplosion.rb:20:1148:20:1157 | ... > ... | UseUseExplosion.rb:20:1147:20:1158 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1148:20:1157 | ... > ... | UseUseExplosion.rb:20:1147:20:1158 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1160:20:2820 | then ... | UseUseExplosion.rb:20:1144:20:2836 | if ... |
+| UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(self) | UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(x) | UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1165:20:2820 | if ... | UseUseExplosion.rb:20:1160:20:2820 | then ... |
+| UseUseExplosion.rb:20:1169:20:1173 | [post] self | UseUseExplosion.rb:20:1190:20:1194 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | [post] self | UseUseExplosion.rb:20:2811:20:2816 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | self | UseUseExplosion.rb:20:1190:20:1194 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | self | UseUseExplosion.rb:20:2811:20:2816 | self |
+| UseUseExplosion.rb:20:1169:20:1178 | ... > ... | UseUseExplosion.rb:20:1168:20:1179 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1169:20:1178 | ... > ... | UseUseExplosion.rb:20:1168:20:1179 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1181:20:2804 | then ... | UseUseExplosion.rb:20:1165:20:2820 | if ... |
+| UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(self) | UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(x) | UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1186:20:2804 | if ... | UseUseExplosion.rb:20:1181:20:2804 | then ... |
+| UseUseExplosion.rb:20:1190:20:1194 | [post] self | UseUseExplosion.rb:20:1211:20:1215 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | [post] self | UseUseExplosion.rb:20:2795:20:2800 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | self | UseUseExplosion.rb:20:1211:20:1215 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | self | UseUseExplosion.rb:20:2795:20:2800 | self |
+| UseUseExplosion.rb:20:1190:20:1199 | ... > ... | UseUseExplosion.rb:20:1189:20:1200 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1190:20:1199 | ... > ... | UseUseExplosion.rb:20:1189:20:1200 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1202:20:2788 | then ... | UseUseExplosion.rb:20:1186:20:2804 | if ... |
+| UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(self) | UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(x) | UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1207:20:2788 | if ... | UseUseExplosion.rb:20:1202:20:2788 | then ... |
+| UseUseExplosion.rb:20:1211:20:1215 | [post] self | UseUseExplosion.rb:20:1232:20:1236 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | [post] self | UseUseExplosion.rb:20:2779:20:2784 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | self | UseUseExplosion.rb:20:1232:20:1236 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | self | UseUseExplosion.rb:20:2779:20:2784 | self |
+| UseUseExplosion.rb:20:1211:20:1220 | ... > ... | UseUseExplosion.rb:20:1210:20:1221 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1211:20:1220 | ... > ... | UseUseExplosion.rb:20:1210:20:1221 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1223:20:2772 | then ... | UseUseExplosion.rb:20:1207:20:2788 | if ... |
+| UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(self) | UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(x) | UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1228:20:2772 | if ... | UseUseExplosion.rb:20:1223:20:2772 | then ... |
+| UseUseExplosion.rb:20:1232:20:1236 | [post] self | UseUseExplosion.rb:20:1253:20:1257 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | [post] self | UseUseExplosion.rb:20:2763:20:2768 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | self | UseUseExplosion.rb:20:1253:20:1257 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | self | UseUseExplosion.rb:20:2763:20:2768 | self |
+| UseUseExplosion.rb:20:1232:20:1241 | ... > ... | UseUseExplosion.rb:20:1231:20:1242 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1232:20:1241 | ... > ... | UseUseExplosion.rb:20:1231:20:1242 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1244:20:2756 | then ... | UseUseExplosion.rb:20:1228:20:2772 | if ... |
+| UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(self) | UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(x) | UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1249:20:2756 | if ... | UseUseExplosion.rb:20:1244:20:2756 | then ... |
+| UseUseExplosion.rb:20:1253:20:1257 | [post] self | UseUseExplosion.rb:20:1274:20:1278 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | [post] self | UseUseExplosion.rb:20:2747:20:2752 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | self | UseUseExplosion.rb:20:1274:20:1278 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | self | UseUseExplosion.rb:20:2747:20:2752 | self |
+| UseUseExplosion.rb:20:1253:20:1262 | ... > ... | UseUseExplosion.rb:20:1252:20:1263 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1253:20:1262 | ... > ... | UseUseExplosion.rb:20:1252:20:1263 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1265:20:2740 | then ... | UseUseExplosion.rb:20:1249:20:2756 | if ... |
+| UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(self) | UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(x) | UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1270:20:2740 | if ... | UseUseExplosion.rb:20:1265:20:2740 | then ... |
+| UseUseExplosion.rb:20:1274:20:1278 | [post] self | UseUseExplosion.rb:20:1295:20:1299 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | [post] self | UseUseExplosion.rb:20:2731:20:2736 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | self | UseUseExplosion.rb:20:1295:20:1299 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | self | UseUseExplosion.rb:20:2731:20:2736 | self |
+| UseUseExplosion.rb:20:1274:20:1283 | ... > ... | UseUseExplosion.rb:20:1273:20:1284 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1274:20:1283 | ... > ... | UseUseExplosion.rb:20:1273:20:1284 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1286:20:2724 | then ... | UseUseExplosion.rb:20:1270:20:2740 | if ... |
+| UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(self) | UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(x) | UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1291:20:2724 | if ... | UseUseExplosion.rb:20:1286:20:2724 | then ... |
+| UseUseExplosion.rb:20:1295:20:1299 | [post] self | UseUseExplosion.rb:20:1316:20:1320 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | [post] self | UseUseExplosion.rb:20:2715:20:2720 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | self | UseUseExplosion.rb:20:1316:20:1320 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | self | UseUseExplosion.rb:20:2715:20:2720 | self |
+| UseUseExplosion.rb:20:1295:20:1304 | ... > ... | UseUseExplosion.rb:20:1294:20:1305 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1295:20:1304 | ... > ... | UseUseExplosion.rb:20:1294:20:1305 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1307:20:2708 | then ... | UseUseExplosion.rb:20:1291:20:2724 | if ... |
+| UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(self) | UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(x) | UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1312:20:2708 | if ... | UseUseExplosion.rb:20:1307:20:2708 | then ... |
+| UseUseExplosion.rb:20:1316:20:1320 | [post] self | UseUseExplosion.rb:20:1337:20:1341 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | [post] self | UseUseExplosion.rb:20:2699:20:2704 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | self | UseUseExplosion.rb:20:1337:20:1341 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | self | UseUseExplosion.rb:20:2699:20:2704 | self |
+| UseUseExplosion.rb:20:1316:20:1325 | ... > ... | UseUseExplosion.rb:20:1315:20:1326 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1316:20:1325 | ... > ... | UseUseExplosion.rb:20:1315:20:1326 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1328:20:2692 | then ... | UseUseExplosion.rb:20:1312:20:2708 | if ... |
+| UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(self) | UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(x) | UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1333:20:2692 | if ... | UseUseExplosion.rb:20:1328:20:2692 | then ... |
+| UseUseExplosion.rb:20:1337:20:1341 | [post] self | UseUseExplosion.rb:20:1358:20:1362 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | [post] self | UseUseExplosion.rb:20:2683:20:2688 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | self | UseUseExplosion.rb:20:1358:20:1362 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | self | UseUseExplosion.rb:20:2683:20:2688 | self |
+| UseUseExplosion.rb:20:1337:20:1346 | ... > ... | UseUseExplosion.rb:20:1336:20:1347 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1337:20:1346 | ... > ... | UseUseExplosion.rb:20:1336:20:1347 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1349:20:2676 | then ... | UseUseExplosion.rb:20:1333:20:2692 | if ... |
+| UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(self) | UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(x) | UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1354:20:2676 | if ... | UseUseExplosion.rb:20:1349:20:2676 | then ... |
+| UseUseExplosion.rb:20:1358:20:1362 | [post] self | UseUseExplosion.rb:20:1379:20:1383 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | [post] self | UseUseExplosion.rb:20:2667:20:2672 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | self | UseUseExplosion.rb:20:1379:20:1383 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | self | UseUseExplosion.rb:20:2667:20:2672 | self |
+| UseUseExplosion.rb:20:1358:20:1367 | ... > ... | UseUseExplosion.rb:20:1357:20:1368 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1358:20:1367 | ... > ... | UseUseExplosion.rb:20:1357:20:1368 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1370:20:2660 | then ... | UseUseExplosion.rb:20:1354:20:2676 | if ... |
+| UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(self) | UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(x) | UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1375:20:2660 | if ... | UseUseExplosion.rb:20:1370:20:2660 | then ... |
+| UseUseExplosion.rb:20:1379:20:1383 | [post] self | UseUseExplosion.rb:20:1400:20:1404 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | [post] self | UseUseExplosion.rb:20:2651:20:2656 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | self | UseUseExplosion.rb:20:1400:20:1404 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | self | UseUseExplosion.rb:20:2651:20:2656 | self |
+| UseUseExplosion.rb:20:1379:20:1388 | ... > ... | UseUseExplosion.rb:20:1378:20:1389 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1379:20:1388 | ... > ... | UseUseExplosion.rb:20:1378:20:1389 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1391:20:2644 | then ... | UseUseExplosion.rb:20:1375:20:2660 | if ... |
+| UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(self) | UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(x) | UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1396:20:2644 | if ... | UseUseExplosion.rb:20:1391:20:2644 | then ... |
+| UseUseExplosion.rb:20:1400:20:1404 | [post] self | UseUseExplosion.rb:20:1421:20:1425 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | [post] self | UseUseExplosion.rb:20:2635:20:2640 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | self | UseUseExplosion.rb:20:1421:20:1425 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | self | UseUseExplosion.rb:20:2635:20:2640 | self |
+| UseUseExplosion.rb:20:1400:20:1409 | ... > ... | UseUseExplosion.rb:20:1399:20:1410 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1400:20:1409 | ... > ... | UseUseExplosion.rb:20:1399:20:1410 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1412:20:2628 | then ... | UseUseExplosion.rb:20:1396:20:2644 | if ... |
+| UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(self) | UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(x) | UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1417:20:2628 | if ... | UseUseExplosion.rb:20:1412:20:2628 | then ... |
+| UseUseExplosion.rb:20:1421:20:1425 | [post] self | UseUseExplosion.rb:20:1442:20:1446 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | [post] self | UseUseExplosion.rb:20:2619:20:2624 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | self | UseUseExplosion.rb:20:1442:20:1446 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | self | UseUseExplosion.rb:20:2619:20:2624 | self |
+| UseUseExplosion.rb:20:1421:20:1430 | ... > ... | UseUseExplosion.rb:20:1420:20:1431 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1421:20:1430 | ... > ... | UseUseExplosion.rb:20:1420:20:1431 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1433:20:2612 | then ... | UseUseExplosion.rb:20:1417:20:2628 | if ... |
+| UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(self) | UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(x) | UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1438:20:2612 | if ... | UseUseExplosion.rb:20:1433:20:2612 | then ... |
+| UseUseExplosion.rb:20:1442:20:1446 | [post] self | UseUseExplosion.rb:20:1463:20:1467 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | [post] self | UseUseExplosion.rb:20:2603:20:2608 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | self | UseUseExplosion.rb:20:1463:20:1467 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | self | UseUseExplosion.rb:20:2603:20:2608 | self |
+| UseUseExplosion.rb:20:1442:20:1451 | ... > ... | UseUseExplosion.rb:20:1441:20:1452 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1442:20:1451 | ... > ... | UseUseExplosion.rb:20:1441:20:1452 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1454:20:2596 | then ... | UseUseExplosion.rb:20:1438:20:2612 | if ... |
+| UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(self) | UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(x) | UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1459:20:2596 | if ... | UseUseExplosion.rb:20:1454:20:2596 | then ... |
+| UseUseExplosion.rb:20:1463:20:1467 | [post] self | UseUseExplosion.rb:20:1484:20:1488 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | [post] self | UseUseExplosion.rb:20:2587:20:2592 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | self | UseUseExplosion.rb:20:1484:20:1488 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | self | UseUseExplosion.rb:20:2587:20:2592 | self |
+| UseUseExplosion.rb:20:1463:20:1472 | ... > ... | UseUseExplosion.rb:20:1462:20:1473 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1463:20:1472 | ... > ... | UseUseExplosion.rb:20:1462:20:1473 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1475:20:2580 | then ... | UseUseExplosion.rb:20:1459:20:2596 | if ... |
+| UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(self) | UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(x) | UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1480:20:2580 | if ... | UseUseExplosion.rb:20:1475:20:2580 | then ... |
+| UseUseExplosion.rb:20:1484:20:1488 | [post] self | UseUseExplosion.rb:20:1505:20:1509 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | [post] self | UseUseExplosion.rb:20:2571:20:2576 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | self | UseUseExplosion.rb:20:1505:20:1509 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | self | UseUseExplosion.rb:20:2571:20:2576 | self |
+| UseUseExplosion.rb:20:1484:20:1493 | ... > ... | UseUseExplosion.rb:20:1483:20:1494 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1484:20:1493 | ... > ... | UseUseExplosion.rb:20:1483:20:1494 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1496:20:2564 | then ... | UseUseExplosion.rb:20:1480:20:2580 | if ... |
+| UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(self) | UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(x) | UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1501:20:2564 | if ... | UseUseExplosion.rb:20:1496:20:2564 | then ... |
+| UseUseExplosion.rb:20:1505:20:1509 | [post] self | UseUseExplosion.rb:20:1526:20:1530 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | [post] self | UseUseExplosion.rb:20:2555:20:2560 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | self | UseUseExplosion.rb:20:1526:20:1530 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | self | UseUseExplosion.rb:20:2555:20:2560 | self |
+| UseUseExplosion.rb:20:1505:20:1514 | ... > ... | UseUseExplosion.rb:20:1504:20:1515 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1505:20:1514 | ... > ... | UseUseExplosion.rb:20:1504:20:1515 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1517:20:2548 | then ... | UseUseExplosion.rb:20:1501:20:2564 | if ... |
+| UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(self) | UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(x) | UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1522:20:2548 | if ... | UseUseExplosion.rb:20:1517:20:2548 | then ... |
+| UseUseExplosion.rb:20:1526:20:1530 | [post] self | UseUseExplosion.rb:20:1547:20:1551 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | [post] self | UseUseExplosion.rb:20:2539:20:2544 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | self | UseUseExplosion.rb:20:1547:20:1551 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | self | UseUseExplosion.rb:20:2539:20:2544 | self |
+| UseUseExplosion.rb:20:1526:20:1535 | ... > ... | UseUseExplosion.rb:20:1525:20:1536 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1526:20:1535 | ... > ... | UseUseExplosion.rb:20:1525:20:1536 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1538:20:2532 | then ... | UseUseExplosion.rb:20:1522:20:2548 | if ... |
+| UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(self) | UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(x) | UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1543:20:2532 | if ... | UseUseExplosion.rb:20:1538:20:2532 | then ... |
+| UseUseExplosion.rb:20:1547:20:1551 | [post] self | UseUseExplosion.rb:20:1568:20:1572 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | [post] self | UseUseExplosion.rb:20:2523:20:2528 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | self | UseUseExplosion.rb:20:1568:20:1572 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | self | UseUseExplosion.rb:20:2523:20:2528 | self |
+| UseUseExplosion.rb:20:1547:20:1556 | ... > ... | UseUseExplosion.rb:20:1546:20:1557 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1547:20:1556 | ... > ... | UseUseExplosion.rb:20:1546:20:1557 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1559:20:2516 | then ... | UseUseExplosion.rb:20:1543:20:2532 | if ... |
+| UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(self) | UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(x) | UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1564:20:2516 | if ... | UseUseExplosion.rb:20:1559:20:2516 | then ... |
+| UseUseExplosion.rb:20:1568:20:1572 | [post] self | UseUseExplosion.rb:20:1589:20:1593 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | [post] self | UseUseExplosion.rb:20:2507:20:2512 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | self | UseUseExplosion.rb:20:1589:20:1593 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | self | UseUseExplosion.rb:20:2507:20:2512 | self |
+| UseUseExplosion.rb:20:1568:20:1577 | ... > ... | UseUseExplosion.rb:20:1567:20:1578 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1568:20:1577 | ... > ... | UseUseExplosion.rb:20:1567:20:1578 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1580:20:2500 | then ... | UseUseExplosion.rb:20:1564:20:2516 | if ... |
+| UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(self) | UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(x) | UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1585:20:2500 | if ... | UseUseExplosion.rb:20:1580:20:2500 | then ... |
+| UseUseExplosion.rb:20:1589:20:1593 | [post] self | UseUseExplosion.rb:20:1610:20:1614 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | [post] self | UseUseExplosion.rb:20:2491:20:2496 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | self | UseUseExplosion.rb:20:1610:20:1614 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | self | UseUseExplosion.rb:20:2491:20:2496 | self |
+| UseUseExplosion.rb:20:1589:20:1598 | ... > ... | UseUseExplosion.rb:20:1588:20:1599 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1589:20:1598 | ... > ... | UseUseExplosion.rb:20:1588:20:1599 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1601:20:2484 | then ... | UseUseExplosion.rb:20:1585:20:2500 | if ... |
+| UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(self) | UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(x) | UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1606:20:2484 | if ... | UseUseExplosion.rb:20:1601:20:2484 | then ... |
+| UseUseExplosion.rb:20:1610:20:1614 | [post] self | UseUseExplosion.rb:20:1631:20:1635 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | [post] self | UseUseExplosion.rb:20:2475:20:2480 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | self | UseUseExplosion.rb:20:1631:20:1635 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | self | UseUseExplosion.rb:20:2475:20:2480 | self |
+| UseUseExplosion.rb:20:1610:20:1619 | ... > ... | UseUseExplosion.rb:20:1609:20:1620 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1610:20:1619 | ... > ... | UseUseExplosion.rb:20:1609:20:1620 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1622:20:2468 | then ... | UseUseExplosion.rb:20:1606:20:2484 | if ... |
+| UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(self) | UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(x) | UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1627:20:2468 | if ... | UseUseExplosion.rb:20:1622:20:2468 | then ... |
+| UseUseExplosion.rb:20:1631:20:1635 | [post] self | UseUseExplosion.rb:20:1652:20:1656 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | [post] self | UseUseExplosion.rb:20:2459:20:2464 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | self | UseUseExplosion.rb:20:1652:20:1656 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | self | UseUseExplosion.rb:20:2459:20:2464 | self |
+| UseUseExplosion.rb:20:1631:20:1640 | ... > ... | UseUseExplosion.rb:20:1630:20:1641 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1631:20:1640 | ... > ... | UseUseExplosion.rb:20:1630:20:1641 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1643:20:2452 | then ... | UseUseExplosion.rb:20:1627:20:2468 | if ... |
+| UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(self) | UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(x) | UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1648:20:2452 | if ... | UseUseExplosion.rb:20:1643:20:2452 | then ... |
+| UseUseExplosion.rb:20:1652:20:1656 | [post] self | UseUseExplosion.rb:20:1673:20:1677 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | [post] self | UseUseExplosion.rb:20:2443:20:2448 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | self | UseUseExplosion.rb:20:1673:20:1677 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | self | UseUseExplosion.rb:20:2443:20:2448 | self |
+| UseUseExplosion.rb:20:1652:20:1661 | ... > ... | UseUseExplosion.rb:20:1651:20:1662 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1652:20:1661 | ... > ... | UseUseExplosion.rb:20:1651:20:1662 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1664:20:2436 | then ... | UseUseExplosion.rb:20:1648:20:2452 | if ... |
+| UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(self) | UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(x) | UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1669:20:2436 | if ... | UseUseExplosion.rb:20:1664:20:2436 | then ... |
+| UseUseExplosion.rb:20:1673:20:1677 | [post] self | UseUseExplosion.rb:20:1694:20:1698 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | [post] self | UseUseExplosion.rb:20:2427:20:2432 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | self | UseUseExplosion.rb:20:1694:20:1698 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | self | UseUseExplosion.rb:20:2427:20:2432 | self |
+| UseUseExplosion.rb:20:1673:20:1682 | ... > ... | UseUseExplosion.rb:20:1672:20:1683 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1673:20:1682 | ... > ... | UseUseExplosion.rb:20:1672:20:1683 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1685:20:2420 | then ... | UseUseExplosion.rb:20:1669:20:2436 | if ... |
+| UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(self) | UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(x) | UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1690:20:2420 | if ... | UseUseExplosion.rb:20:1685:20:2420 | then ... |
+| UseUseExplosion.rb:20:1694:20:1698 | [post] self | UseUseExplosion.rb:20:1715:20:1719 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | [post] self | UseUseExplosion.rb:20:2411:20:2416 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | self | UseUseExplosion.rb:20:1715:20:1719 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | self | UseUseExplosion.rb:20:2411:20:2416 | self |
+| UseUseExplosion.rb:20:1694:20:1703 | ... > ... | UseUseExplosion.rb:20:1693:20:1704 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1694:20:1703 | ... > ... | UseUseExplosion.rb:20:1693:20:1704 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1706:20:2404 | then ... | UseUseExplosion.rb:20:1690:20:2420 | if ... |
+| UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(self) | UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(x) | UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1711:20:2404 | if ... | UseUseExplosion.rb:20:1706:20:2404 | then ... |
+| UseUseExplosion.rb:20:1715:20:1719 | [post] self | UseUseExplosion.rb:20:1736:20:1740 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | [post] self | UseUseExplosion.rb:20:2395:20:2400 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | self | UseUseExplosion.rb:20:1736:20:1740 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | self | UseUseExplosion.rb:20:2395:20:2400 | self |
+| UseUseExplosion.rb:20:1715:20:1724 | ... > ... | UseUseExplosion.rb:20:1714:20:1725 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1715:20:1724 | ... > ... | UseUseExplosion.rb:20:1714:20:1725 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1727:20:2388 | then ... | UseUseExplosion.rb:20:1711:20:2404 | if ... |
+| UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(self) | UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(x) | UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1732:20:2388 | if ... | UseUseExplosion.rb:20:1727:20:2388 | then ... |
+| UseUseExplosion.rb:20:1736:20:1740 | [post] self | UseUseExplosion.rb:20:1757:20:1761 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | [post] self | UseUseExplosion.rb:20:2379:20:2384 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | self | UseUseExplosion.rb:20:1757:20:1761 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | self | UseUseExplosion.rb:20:2379:20:2384 | self |
+| UseUseExplosion.rb:20:1736:20:1745 | ... > ... | UseUseExplosion.rb:20:1735:20:1746 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1736:20:1745 | ... > ... | UseUseExplosion.rb:20:1735:20:1746 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1748:20:2372 | then ... | UseUseExplosion.rb:20:1732:20:2388 | if ... |
+| UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(self) | UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(x) | UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1753:20:2372 | if ... | UseUseExplosion.rb:20:1748:20:2372 | then ... |
+| UseUseExplosion.rb:20:1757:20:1761 | [post] self | UseUseExplosion.rb:20:1778:20:1782 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | [post] self | UseUseExplosion.rb:20:2363:20:2368 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | self | UseUseExplosion.rb:20:1778:20:1782 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | self | UseUseExplosion.rb:20:2363:20:2368 | self |
+| UseUseExplosion.rb:20:1757:20:1766 | ... > ... | UseUseExplosion.rb:20:1756:20:1767 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1757:20:1766 | ... > ... | UseUseExplosion.rb:20:1756:20:1767 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1769:20:2356 | then ... | UseUseExplosion.rb:20:1753:20:2372 | if ... |
+| UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(self) | UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(x) | UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1774:20:2356 | if ... | UseUseExplosion.rb:20:1769:20:2356 | then ... |
+| UseUseExplosion.rb:20:1778:20:1782 | [post] self | UseUseExplosion.rb:20:1799:20:1803 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | [post] self | UseUseExplosion.rb:20:2347:20:2352 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | self | UseUseExplosion.rb:20:1799:20:1803 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | self | UseUseExplosion.rb:20:2347:20:2352 | self |
+| UseUseExplosion.rb:20:1778:20:1787 | ... > ... | UseUseExplosion.rb:20:1777:20:1788 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1778:20:1787 | ... > ... | UseUseExplosion.rb:20:1777:20:1788 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1790:20:2340 | then ... | UseUseExplosion.rb:20:1774:20:2356 | if ... |
+| UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(self) | UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(x) | UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1795:20:2340 | if ... | UseUseExplosion.rb:20:1790:20:2340 | then ... |
+| UseUseExplosion.rb:20:1799:20:1803 | [post] self | UseUseExplosion.rb:20:1820:20:1824 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | [post] self | UseUseExplosion.rb:20:2331:20:2336 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | self | UseUseExplosion.rb:20:1820:20:1824 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | self | UseUseExplosion.rb:20:2331:20:2336 | self |
+| UseUseExplosion.rb:20:1799:20:1808 | ... > ... | UseUseExplosion.rb:20:1798:20:1809 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1799:20:1808 | ... > ... | UseUseExplosion.rb:20:1798:20:1809 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1811:20:2324 | then ... | UseUseExplosion.rb:20:1795:20:2340 | if ... |
+| UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(self) | UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(x) | UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1816:20:2324 | if ... | UseUseExplosion.rb:20:1811:20:2324 | then ... |
+| UseUseExplosion.rb:20:1820:20:1824 | [post] self | UseUseExplosion.rb:20:1841:20:1845 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | [post] self | UseUseExplosion.rb:20:2315:20:2320 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | self | UseUseExplosion.rb:20:1841:20:1845 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | self | UseUseExplosion.rb:20:2315:20:2320 | self |
+| UseUseExplosion.rb:20:1820:20:1829 | ... > ... | UseUseExplosion.rb:20:1819:20:1830 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1820:20:1829 | ... > ... | UseUseExplosion.rb:20:1819:20:1830 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1832:20:2308 | then ... | UseUseExplosion.rb:20:1816:20:2324 | if ... |
+| UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(self) | UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(x) | UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1837:20:2308 | if ... | UseUseExplosion.rb:20:1832:20:2308 | then ... |
+| UseUseExplosion.rb:20:1841:20:1845 | [post] self | UseUseExplosion.rb:20:1862:20:1866 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | [post] self | UseUseExplosion.rb:20:2299:20:2304 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | self | UseUseExplosion.rb:20:1862:20:1866 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | self | UseUseExplosion.rb:20:2299:20:2304 | self |
+| UseUseExplosion.rb:20:1841:20:1850 | ... > ... | UseUseExplosion.rb:20:1840:20:1851 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1841:20:1850 | ... > ... | UseUseExplosion.rb:20:1840:20:1851 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1853:20:2292 | then ... | UseUseExplosion.rb:20:1837:20:2308 | if ... |
+| UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(self) | UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(x) | UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1858:20:2292 | if ... | UseUseExplosion.rb:20:1853:20:2292 | then ... |
+| UseUseExplosion.rb:20:1862:20:1866 | [post] self | UseUseExplosion.rb:20:1883:20:1887 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | [post] self | UseUseExplosion.rb:20:2283:20:2288 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | self | UseUseExplosion.rb:20:1883:20:1887 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | self | UseUseExplosion.rb:20:2283:20:2288 | self |
+| UseUseExplosion.rb:20:1862:20:1871 | ... > ... | UseUseExplosion.rb:20:1861:20:1872 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1862:20:1871 | ... > ... | UseUseExplosion.rb:20:1861:20:1872 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1874:20:2276 | then ... | UseUseExplosion.rb:20:1858:20:2292 | if ... |
+| UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(self) | UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(x) | UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1879:20:2276 | if ... | UseUseExplosion.rb:20:1874:20:2276 | then ... |
+| UseUseExplosion.rb:20:1883:20:1887 | [post] self | UseUseExplosion.rb:20:1904:20:1908 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | [post] self | UseUseExplosion.rb:20:2267:20:2272 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | self | UseUseExplosion.rb:20:1904:20:1908 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | self | UseUseExplosion.rb:20:2267:20:2272 | self |
+| UseUseExplosion.rb:20:1883:20:1892 | ... > ... | UseUseExplosion.rb:20:1882:20:1893 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1883:20:1892 | ... > ... | UseUseExplosion.rb:20:1882:20:1893 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1895:20:2260 | then ... | UseUseExplosion.rb:20:1879:20:2276 | if ... |
+| UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(self) | UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(x) | UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1900:20:2260 | if ... | UseUseExplosion.rb:20:1895:20:2260 | then ... |
+| UseUseExplosion.rb:20:1904:20:1908 | [post] self | UseUseExplosion.rb:20:1925:20:1929 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | [post] self | UseUseExplosion.rb:20:2251:20:2256 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | self | UseUseExplosion.rb:20:1925:20:1929 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | self | UseUseExplosion.rb:20:2251:20:2256 | self |
+| UseUseExplosion.rb:20:1904:20:1913 | ... > ... | UseUseExplosion.rb:20:1903:20:1914 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1904:20:1913 | ... > ... | UseUseExplosion.rb:20:1903:20:1914 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1916:20:2244 | then ... | UseUseExplosion.rb:20:1900:20:2260 | if ... |
+| UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(self) | UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(x) | UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1921:20:2244 | if ... | UseUseExplosion.rb:20:1916:20:2244 | then ... |
+| UseUseExplosion.rb:20:1925:20:1929 | [post] self | UseUseExplosion.rb:20:1945:20:1949 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | [post] self | UseUseExplosion.rb:20:2235:20:2240 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | self | UseUseExplosion.rb:20:1945:20:1949 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | self | UseUseExplosion.rb:20:2235:20:2240 | self |
+| UseUseExplosion.rb:20:1925:20:1933 | ... > ... | UseUseExplosion.rb:20:1924:20:1934 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1925:20:1933 | ... > ... | UseUseExplosion.rb:20:1924:20:1934 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1936:20:2228 | then ... | UseUseExplosion.rb:20:1921:20:2244 | if ... |
+| UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(self) | UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(x) | UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1941:20:2228 | if ... | UseUseExplosion.rb:20:1936:20:2228 | then ... |
+| UseUseExplosion.rb:20:1945:20:1949 | [post] self | UseUseExplosion.rb:20:1965:20:1969 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | [post] self | UseUseExplosion.rb:20:2219:20:2224 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | self | UseUseExplosion.rb:20:1965:20:1969 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | self | UseUseExplosion.rb:20:2219:20:2224 | self |
+| UseUseExplosion.rb:20:1945:20:1953 | ... > ... | UseUseExplosion.rb:20:1944:20:1954 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1945:20:1953 | ... > ... | UseUseExplosion.rb:20:1944:20:1954 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1956:20:2212 | then ... | UseUseExplosion.rb:20:1941:20:2228 | if ... |
+| UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(self) | UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(x) | UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1961:20:2212 | if ... | UseUseExplosion.rb:20:1956:20:2212 | then ... |
+| UseUseExplosion.rb:20:1965:20:1969 | [post] self | UseUseExplosion.rb:20:1985:20:1989 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | [post] self | UseUseExplosion.rb:20:2203:20:2208 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | self | UseUseExplosion.rb:20:1985:20:1989 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | self | UseUseExplosion.rb:20:2203:20:2208 | self |
+| UseUseExplosion.rb:20:1965:20:1973 | ... > ... | UseUseExplosion.rb:20:1964:20:1974 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1965:20:1973 | ... > ... | UseUseExplosion.rb:20:1964:20:1974 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1976:20:2196 | then ... | UseUseExplosion.rb:20:1961:20:2212 | if ... |
+| UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(self) | UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(x) | UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1981:20:2196 | if ... | UseUseExplosion.rb:20:1976:20:2196 | then ... |
+| UseUseExplosion.rb:20:1985:20:1989 | [post] self | UseUseExplosion.rb:20:2005:20:2009 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | [post] self | UseUseExplosion.rb:20:2187:20:2192 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | self | UseUseExplosion.rb:20:2005:20:2009 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | self | UseUseExplosion.rb:20:2187:20:2192 | self |
+| UseUseExplosion.rb:20:1985:20:1993 | ... > ... | UseUseExplosion.rb:20:1984:20:1994 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1985:20:1993 | ... > ... | UseUseExplosion.rb:20:1984:20:1994 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1996:20:2180 | then ... | UseUseExplosion.rb:20:1981:20:2196 | if ... |
+| UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(self) | UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(x) | UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2001:20:2180 | if ... | UseUseExplosion.rb:20:1996:20:2180 | then ... |
+| UseUseExplosion.rb:20:2005:20:2009 | [post] self | UseUseExplosion.rb:20:2025:20:2029 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | [post] self | UseUseExplosion.rb:20:2171:20:2176 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | self | UseUseExplosion.rb:20:2025:20:2029 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | self | UseUseExplosion.rb:20:2171:20:2176 | self |
+| UseUseExplosion.rb:20:2005:20:2013 | ... > ... | UseUseExplosion.rb:20:2004:20:2014 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2005:20:2013 | ... > ... | UseUseExplosion.rb:20:2004:20:2014 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2016:20:2164 | then ... | UseUseExplosion.rb:20:2001:20:2180 | if ... |
+| UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(self) | UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(x) | UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2021:20:2164 | if ... | UseUseExplosion.rb:20:2016:20:2164 | then ... |
+| UseUseExplosion.rb:20:2025:20:2029 | [post] self | UseUseExplosion.rb:20:2045:20:2049 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | [post] self | UseUseExplosion.rb:20:2155:20:2160 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | self | UseUseExplosion.rb:20:2045:20:2049 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | self | UseUseExplosion.rb:20:2155:20:2160 | self |
+| UseUseExplosion.rb:20:2025:20:2033 | ... > ... | UseUseExplosion.rb:20:2024:20:2034 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2025:20:2033 | ... > ... | UseUseExplosion.rb:20:2024:20:2034 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2036:20:2148 | then ... | UseUseExplosion.rb:20:2021:20:2164 | if ... |
+| UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(self) | UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(x) | UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2041:20:2148 | if ... | UseUseExplosion.rb:20:2036:20:2148 | then ... |
+| UseUseExplosion.rb:20:2045:20:2049 | [post] self | UseUseExplosion.rb:20:2065:20:2069 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | [post] self | UseUseExplosion.rb:20:2139:20:2144 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | self | UseUseExplosion.rb:20:2065:20:2069 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | self | UseUseExplosion.rb:20:2139:20:2144 | self |
+| UseUseExplosion.rb:20:2045:20:2053 | ... > ... | UseUseExplosion.rb:20:2044:20:2054 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2045:20:2053 | ... > ... | UseUseExplosion.rb:20:2044:20:2054 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2056:20:2132 | then ... | UseUseExplosion.rb:20:2041:20:2148 | if ... |
+| UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(self) | UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(x) | UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2061:20:2132 | if ... | UseUseExplosion.rb:20:2056:20:2132 | then ... |
+| UseUseExplosion.rb:20:2065:20:2069 | [post] self | UseUseExplosion.rb:20:2085:20:2089 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | [post] self | UseUseExplosion.rb:20:2123:20:2128 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | self | UseUseExplosion.rb:20:2085:20:2089 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | self | UseUseExplosion.rb:20:2123:20:2128 | self |
+| UseUseExplosion.rb:20:2065:20:2073 | ... > ... | UseUseExplosion.rb:20:2064:20:2074 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2065:20:2073 | ... > ... | UseUseExplosion.rb:20:2064:20:2074 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2076:20:2116 | then ... | UseUseExplosion.rb:20:2061:20:2132 | if ... |
+| UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(self) | UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(x) | UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2081:20:2116 | if ... | UseUseExplosion.rb:20:2076:20:2116 | then ... |
+| UseUseExplosion.rb:20:2085:20:2089 | [post] self | UseUseExplosion.rb:20:2107:20:2112 | self |
+| UseUseExplosion.rb:20:2085:20:2089 | self | UseUseExplosion.rb:20:2107:20:2112 | self |
+| UseUseExplosion.rb:20:2085:20:2093 | ... > ... | UseUseExplosion.rb:20:2084:20:2094 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2085:20:2093 | ... > ... | UseUseExplosion.rb:20:2084:20:2094 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2096:20:2099 | then ... | UseUseExplosion.rb:20:2081:20:2116 | if ... |
+| UseUseExplosion.rb:20:2102:20:2112 | else ... | UseUseExplosion.rb:20:2081:20:2116 | if ... |
+| UseUseExplosion.rb:20:2107:20:2112 | call to use | UseUseExplosion.rb:20:2102:20:2112 | else ... |
+| UseUseExplosion.rb:20:2118:20:2128 | else ... | UseUseExplosion.rb:20:2061:20:2132 | if ... |
+| UseUseExplosion.rb:20:2123:20:2128 | call to use | UseUseExplosion.rb:20:2118:20:2128 | else ... |
+| UseUseExplosion.rb:20:2134:20:2144 | else ... | UseUseExplosion.rb:20:2041:20:2148 | if ... |
+| UseUseExplosion.rb:20:2139:20:2144 | call to use | UseUseExplosion.rb:20:2134:20:2144 | else ... |
+| UseUseExplosion.rb:20:2150:20:2160 | else ... | UseUseExplosion.rb:20:2021:20:2164 | if ... |
+| UseUseExplosion.rb:20:2155:20:2160 | call to use | UseUseExplosion.rb:20:2150:20:2160 | else ... |
+| UseUseExplosion.rb:20:2166:20:2176 | else ... | UseUseExplosion.rb:20:2001:20:2180 | if ... |
+| UseUseExplosion.rb:20:2171:20:2176 | call to use | UseUseExplosion.rb:20:2166:20:2176 | else ... |
+| UseUseExplosion.rb:20:2182:20:2192 | else ... | UseUseExplosion.rb:20:1981:20:2196 | if ... |
+| UseUseExplosion.rb:20:2187:20:2192 | call to use | UseUseExplosion.rb:20:2182:20:2192 | else ... |
+| UseUseExplosion.rb:20:2198:20:2208 | else ... | UseUseExplosion.rb:20:1961:20:2212 | if ... |
+| UseUseExplosion.rb:20:2203:20:2208 | call to use | UseUseExplosion.rb:20:2198:20:2208 | else ... |
+| UseUseExplosion.rb:20:2214:20:2224 | else ... | UseUseExplosion.rb:20:1941:20:2228 | if ... |
+| UseUseExplosion.rb:20:2219:20:2224 | call to use | UseUseExplosion.rb:20:2214:20:2224 | else ... |
+| UseUseExplosion.rb:20:2230:20:2240 | else ... | UseUseExplosion.rb:20:1921:20:2244 | if ... |
+| UseUseExplosion.rb:20:2235:20:2240 | call to use | UseUseExplosion.rb:20:2230:20:2240 | else ... |
+| UseUseExplosion.rb:20:2246:20:2256 | else ... | UseUseExplosion.rb:20:1900:20:2260 | if ... |
+| UseUseExplosion.rb:20:2251:20:2256 | call to use | UseUseExplosion.rb:20:2246:20:2256 | else ... |
+| UseUseExplosion.rb:20:2262:20:2272 | else ... | UseUseExplosion.rb:20:1879:20:2276 | if ... |
+| UseUseExplosion.rb:20:2267:20:2272 | call to use | UseUseExplosion.rb:20:2262:20:2272 | else ... |
+| UseUseExplosion.rb:20:2278:20:2288 | else ... | UseUseExplosion.rb:20:1858:20:2292 | if ... |
+| UseUseExplosion.rb:20:2283:20:2288 | call to use | UseUseExplosion.rb:20:2278:20:2288 | else ... |
+| UseUseExplosion.rb:20:2294:20:2304 | else ... | UseUseExplosion.rb:20:1837:20:2308 | if ... |
+| UseUseExplosion.rb:20:2299:20:2304 | call to use | UseUseExplosion.rb:20:2294:20:2304 | else ... |
+| UseUseExplosion.rb:20:2310:20:2320 | else ... | UseUseExplosion.rb:20:1816:20:2324 | if ... |
+| UseUseExplosion.rb:20:2315:20:2320 | call to use | UseUseExplosion.rb:20:2310:20:2320 | else ... |
+| UseUseExplosion.rb:20:2326:20:2336 | else ... | UseUseExplosion.rb:20:1795:20:2340 | if ... |
+| UseUseExplosion.rb:20:2331:20:2336 | call to use | UseUseExplosion.rb:20:2326:20:2336 | else ... |
+| UseUseExplosion.rb:20:2342:20:2352 | else ... | UseUseExplosion.rb:20:1774:20:2356 | if ... |
+| UseUseExplosion.rb:20:2347:20:2352 | call to use | UseUseExplosion.rb:20:2342:20:2352 | else ... |
+| UseUseExplosion.rb:20:2358:20:2368 | else ... | UseUseExplosion.rb:20:1753:20:2372 | if ... |
+| UseUseExplosion.rb:20:2363:20:2368 | call to use | UseUseExplosion.rb:20:2358:20:2368 | else ... |
+| UseUseExplosion.rb:20:2374:20:2384 | else ... | UseUseExplosion.rb:20:1732:20:2388 | if ... |
+| UseUseExplosion.rb:20:2379:20:2384 | call to use | UseUseExplosion.rb:20:2374:20:2384 | else ... |
+| UseUseExplosion.rb:20:2390:20:2400 | else ... | UseUseExplosion.rb:20:1711:20:2404 | if ... |
+| UseUseExplosion.rb:20:2395:20:2400 | call to use | UseUseExplosion.rb:20:2390:20:2400 | else ... |
+| UseUseExplosion.rb:20:2406:20:2416 | else ... | UseUseExplosion.rb:20:1690:20:2420 | if ... |
+| UseUseExplosion.rb:20:2411:20:2416 | call to use | UseUseExplosion.rb:20:2406:20:2416 | else ... |
+| UseUseExplosion.rb:20:2422:20:2432 | else ... | UseUseExplosion.rb:20:1669:20:2436 | if ... |
+| UseUseExplosion.rb:20:2427:20:2432 | call to use | UseUseExplosion.rb:20:2422:20:2432 | else ... |
+| UseUseExplosion.rb:20:2438:20:2448 | else ... | UseUseExplosion.rb:20:1648:20:2452 | if ... |
+| UseUseExplosion.rb:20:2443:20:2448 | call to use | UseUseExplosion.rb:20:2438:20:2448 | else ... |
+| UseUseExplosion.rb:20:2454:20:2464 | else ... | UseUseExplosion.rb:20:1627:20:2468 | if ... |
+| UseUseExplosion.rb:20:2459:20:2464 | call to use | UseUseExplosion.rb:20:2454:20:2464 | else ... |
+| UseUseExplosion.rb:20:2470:20:2480 | else ... | UseUseExplosion.rb:20:1606:20:2484 | if ... |
+| UseUseExplosion.rb:20:2475:20:2480 | call to use | UseUseExplosion.rb:20:2470:20:2480 | else ... |
+| UseUseExplosion.rb:20:2486:20:2496 | else ... | UseUseExplosion.rb:20:1585:20:2500 | if ... |
+| UseUseExplosion.rb:20:2491:20:2496 | call to use | UseUseExplosion.rb:20:2486:20:2496 | else ... |
+| UseUseExplosion.rb:20:2502:20:2512 | else ... | UseUseExplosion.rb:20:1564:20:2516 | if ... |
+| UseUseExplosion.rb:20:2507:20:2512 | call to use | UseUseExplosion.rb:20:2502:20:2512 | else ... |
+| UseUseExplosion.rb:20:2518:20:2528 | else ... | UseUseExplosion.rb:20:1543:20:2532 | if ... |
+| UseUseExplosion.rb:20:2523:20:2528 | call to use | UseUseExplosion.rb:20:2518:20:2528 | else ... |
+| UseUseExplosion.rb:20:2534:20:2544 | else ... | UseUseExplosion.rb:20:1522:20:2548 | if ... |
+| UseUseExplosion.rb:20:2539:20:2544 | call to use | UseUseExplosion.rb:20:2534:20:2544 | else ... |
+| UseUseExplosion.rb:20:2550:20:2560 | else ... | UseUseExplosion.rb:20:1501:20:2564 | if ... |
+| UseUseExplosion.rb:20:2555:20:2560 | call to use | UseUseExplosion.rb:20:2550:20:2560 | else ... |
+| UseUseExplosion.rb:20:2566:20:2576 | else ... | UseUseExplosion.rb:20:1480:20:2580 | if ... |
+| UseUseExplosion.rb:20:2571:20:2576 | call to use | UseUseExplosion.rb:20:2566:20:2576 | else ... |
+| UseUseExplosion.rb:20:2582:20:2592 | else ... | UseUseExplosion.rb:20:1459:20:2596 | if ... |
+| UseUseExplosion.rb:20:2587:20:2592 | call to use | UseUseExplosion.rb:20:2582:20:2592 | else ... |
+| UseUseExplosion.rb:20:2598:20:2608 | else ... | UseUseExplosion.rb:20:1438:20:2612 | if ... |
+| UseUseExplosion.rb:20:2603:20:2608 | call to use | UseUseExplosion.rb:20:2598:20:2608 | else ... |
+| UseUseExplosion.rb:20:2614:20:2624 | else ... | UseUseExplosion.rb:20:1417:20:2628 | if ... |
+| UseUseExplosion.rb:20:2619:20:2624 | call to use | UseUseExplosion.rb:20:2614:20:2624 | else ... |
+| UseUseExplosion.rb:20:2630:20:2640 | else ... | UseUseExplosion.rb:20:1396:20:2644 | if ... |
+| UseUseExplosion.rb:20:2635:20:2640 | call to use | UseUseExplosion.rb:20:2630:20:2640 | else ... |
+| UseUseExplosion.rb:20:2646:20:2656 | else ... | UseUseExplosion.rb:20:1375:20:2660 | if ... |
+| UseUseExplosion.rb:20:2651:20:2656 | call to use | UseUseExplosion.rb:20:2646:20:2656 | else ... |
+| UseUseExplosion.rb:20:2662:20:2672 | else ... | UseUseExplosion.rb:20:1354:20:2676 | if ... |
+| UseUseExplosion.rb:20:2667:20:2672 | call to use | UseUseExplosion.rb:20:2662:20:2672 | else ... |
+| UseUseExplosion.rb:20:2678:20:2688 | else ... | UseUseExplosion.rb:20:1333:20:2692 | if ... |
+| UseUseExplosion.rb:20:2683:20:2688 | call to use | UseUseExplosion.rb:20:2678:20:2688 | else ... |
+| UseUseExplosion.rb:20:2694:20:2704 | else ... | UseUseExplosion.rb:20:1312:20:2708 | if ... |
+| UseUseExplosion.rb:20:2699:20:2704 | call to use | UseUseExplosion.rb:20:2694:20:2704 | else ... |
+| UseUseExplosion.rb:20:2710:20:2720 | else ... | UseUseExplosion.rb:20:1291:20:2724 | if ... |
+| UseUseExplosion.rb:20:2715:20:2720 | call to use | UseUseExplosion.rb:20:2710:20:2720 | else ... |
+| UseUseExplosion.rb:20:2726:20:2736 | else ... | UseUseExplosion.rb:20:1270:20:2740 | if ... |
+| UseUseExplosion.rb:20:2731:20:2736 | call to use | UseUseExplosion.rb:20:2726:20:2736 | else ... |
+| UseUseExplosion.rb:20:2742:20:2752 | else ... | UseUseExplosion.rb:20:1249:20:2756 | if ... |
+| UseUseExplosion.rb:20:2747:20:2752 | call to use | UseUseExplosion.rb:20:2742:20:2752 | else ... |
+| UseUseExplosion.rb:20:2758:20:2768 | else ... | UseUseExplosion.rb:20:1228:20:2772 | if ... |
+| UseUseExplosion.rb:20:2763:20:2768 | call to use | UseUseExplosion.rb:20:2758:20:2768 | else ... |
+| UseUseExplosion.rb:20:2774:20:2784 | else ... | UseUseExplosion.rb:20:1207:20:2788 | if ... |
+| UseUseExplosion.rb:20:2779:20:2784 | call to use | UseUseExplosion.rb:20:2774:20:2784 | else ... |
+| UseUseExplosion.rb:20:2790:20:2800 | else ... | UseUseExplosion.rb:20:1186:20:2804 | if ... |
+| UseUseExplosion.rb:20:2795:20:2800 | call to use | UseUseExplosion.rb:20:2790:20:2800 | else ... |
+| UseUseExplosion.rb:20:2806:20:2816 | else ... | UseUseExplosion.rb:20:1165:20:2820 | if ... |
+| UseUseExplosion.rb:20:2811:20:2816 | call to use | UseUseExplosion.rb:20:2806:20:2816 | else ... |
+| UseUseExplosion.rb:20:2822:20:2832 | else ... | UseUseExplosion.rb:20:1144:20:2836 | if ... |
+| UseUseExplosion.rb:20:2827:20:2832 | call to use | UseUseExplosion.rb:20:2822:20:2832 | else ... |
+| UseUseExplosion.rb:20:2838:20:2848 | else ... | UseUseExplosion.rb:20:1123:20:2852 | if ... |
+| UseUseExplosion.rb:20:2843:20:2848 | call to use | UseUseExplosion.rb:20:2838:20:2848 | else ... |
+| UseUseExplosion.rb:20:2854:20:2864 | else ... | UseUseExplosion.rb:20:1102:20:2868 | if ... |
+| UseUseExplosion.rb:20:2859:20:2864 | call to use | UseUseExplosion.rb:20:2854:20:2864 | else ... |
+| UseUseExplosion.rb:20:2870:20:2880 | else ... | UseUseExplosion.rb:20:1081:20:2884 | if ... |
+| UseUseExplosion.rb:20:2875:20:2880 | call to use | UseUseExplosion.rb:20:2870:20:2880 | else ... |
+| UseUseExplosion.rb:20:2886:20:2896 | else ... | UseUseExplosion.rb:20:1060:20:2900 | if ... |
+| UseUseExplosion.rb:20:2891:20:2896 | call to use | UseUseExplosion.rb:20:2886:20:2896 | else ... |
+| UseUseExplosion.rb:20:2902:20:2912 | else ... | UseUseExplosion.rb:20:1039:20:2916 | if ... |
+| UseUseExplosion.rb:20:2907:20:2912 | call to use | UseUseExplosion.rb:20:2902:20:2912 | else ... |
+| UseUseExplosion.rb:20:2918:20:2928 | else ... | UseUseExplosion.rb:20:1018:20:2932 | if ... |
+| UseUseExplosion.rb:20:2923:20:2928 | call to use | UseUseExplosion.rb:20:2918:20:2928 | else ... |
+| UseUseExplosion.rb:20:2934:20:2944 | else ... | UseUseExplosion.rb:20:997:20:2948 | if ... |
+| UseUseExplosion.rb:20:2939:20:2944 | call to use | UseUseExplosion.rb:20:2934:20:2944 | else ... |
+| UseUseExplosion.rb:20:2950:20:2960 | else ... | UseUseExplosion.rb:20:976:20:2964 | if ... |
+| UseUseExplosion.rb:20:2955:20:2960 | call to use | UseUseExplosion.rb:20:2950:20:2960 | else ... |
+| UseUseExplosion.rb:20:2966:20:2976 | else ... | UseUseExplosion.rb:20:955:20:2980 | if ... |
+| UseUseExplosion.rb:20:2971:20:2976 | call to use | UseUseExplosion.rb:20:2966:20:2976 | else ... |
+| UseUseExplosion.rb:20:2982:20:2992 | else ... | UseUseExplosion.rb:20:934:20:2996 | if ... |
+| UseUseExplosion.rb:20:2987:20:2992 | call to use | UseUseExplosion.rb:20:2982:20:2992 | else ... |
+| UseUseExplosion.rb:20:2998:20:3008 | else ... | UseUseExplosion.rb:20:913:20:3012 | if ... |
+| UseUseExplosion.rb:20:3003:20:3008 | call to use | UseUseExplosion.rb:20:2998:20:3008 | else ... |
+| UseUseExplosion.rb:20:3014:20:3024 | else ... | UseUseExplosion.rb:20:892:20:3028 | if ... |
+| UseUseExplosion.rb:20:3019:20:3024 | call to use | UseUseExplosion.rb:20:3014:20:3024 | else ... |
+| UseUseExplosion.rb:20:3030:20:3040 | else ... | UseUseExplosion.rb:20:871:20:3044 | if ... |
+| UseUseExplosion.rb:20:3035:20:3040 | call to use | UseUseExplosion.rb:20:3030:20:3040 | else ... |
+| UseUseExplosion.rb:20:3046:20:3056 | else ... | UseUseExplosion.rb:20:850:20:3060 | if ... |
+| UseUseExplosion.rb:20:3051:20:3056 | call to use | UseUseExplosion.rb:20:3046:20:3056 | else ... |
+| UseUseExplosion.rb:20:3062:20:3072 | else ... | UseUseExplosion.rb:20:829:20:3076 | if ... |
+| UseUseExplosion.rb:20:3067:20:3072 | call to use | UseUseExplosion.rb:20:3062:20:3072 | else ... |
+| UseUseExplosion.rb:20:3078:20:3088 | else ... | UseUseExplosion.rb:20:808:20:3092 | if ... |
+| UseUseExplosion.rb:20:3083:20:3088 | call to use | UseUseExplosion.rb:20:3078:20:3088 | else ... |
+| UseUseExplosion.rb:20:3094:20:3104 | else ... | UseUseExplosion.rb:20:787:20:3108 | if ... |
+| UseUseExplosion.rb:20:3099:20:3104 | call to use | UseUseExplosion.rb:20:3094:20:3104 | else ... |
+| UseUseExplosion.rb:20:3110:20:3120 | else ... | UseUseExplosion.rb:20:766:20:3124 | if ... |
+| UseUseExplosion.rb:20:3115:20:3120 | call to use | UseUseExplosion.rb:20:3110:20:3120 | else ... |
+| UseUseExplosion.rb:20:3126:20:3136 | else ... | UseUseExplosion.rb:20:745:20:3140 | if ... |
+| UseUseExplosion.rb:20:3131:20:3136 | call to use | UseUseExplosion.rb:20:3126:20:3136 | else ... |
+| UseUseExplosion.rb:20:3142:20:3152 | else ... | UseUseExplosion.rb:20:724:20:3156 | if ... |
+| UseUseExplosion.rb:20:3147:20:3152 | call to use | UseUseExplosion.rb:20:3142:20:3152 | else ... |
+| UseUseExplosion.rb:20:3158:20:3168 | else ... | UseUseExplosion.rb:20:703:20:3172 | if ... |
+| UseUseExplosion.rb:20:3163:20:3168 | call to use | UseUseExplosion.rb:20:3158:20:3168 | else ... |
+| UseUseExplosion.rb:20:3174:20:3184 | else ... | UseUseExplosion.rb:20:682:20:3188 | if ... |
+| UseUseExplosion.rb:20:3179:20:3184 | call to use | UseUseExplosion.rb:20:3174:20:3184 | else ... |
+| UseUseExplosion.rb:20:3190:20:3200 | else ... | UseUseExplosion.rb:20:661:20:3204 | if ... |
+| UseUseExplosion.rb:20:3195:20:3200 | call to use | UseUseExplosion.rb:20:3190:20:3200 | else ... |
+| UseUseExplosion.rb:20:3206:20:3216 | else ... | UseUseExplosion.rb:20:640:20:3220 | if ... |
+| UseUseExplosion.rb:20:3211:20:3216 | call to use | UseUseExplosion.rb:20:3206:20:3216 | else ... |
+| UseUseExplosion.rb:20:3222:20:3232 | else ... | UseUseExplosion.rb:20:619:20:3236 | if ... |
+| UseUseExplosion.rb:20:3227:20:3232 | call to use | UseUseExplosion.rb:20:3222:20:3232 | else ... |
+| UseUseExplosion.rb:20:3238:20:3248 | else ... | UseUseExplosion.rb:20:598:20:3252 | if ... |
+| UseUseExplosion.rb:20:3243:20:3248 | call to use | UseUseExplosion.rb:20:3238:20:3248 | else ... |
+| UseUseExplosion.rb:20:3254:20:3264 | else ... | UseUseExplosion.rb:20:577:20:3268 | if ... |
+| UseUseExplosion.rb:20:3259:20:3264 | call to use | UseUseExplosion.rb:20:3254:20:3264 | else ... |
+| UseUseExplosion.rb:20:3270:20:3280 | else ... | UseUseExplosion.rb:20:556:20:3284 | if ... |
+| UseUseExplosion.rb:20:3275:20:3280 | call to use | UseUseExplosion.rb:20:3270:20:3280 | else ... |
+| UseUseExplosion.rb:20:3286:20:3296 | else ... | UseUseExplosion.rb:20:535:20:3300 | if ... |
+| UseUseExplosion.rb:20:3291:20:3296 | call to use | UseUseExplosion.rb:20:3286:20:3296 | else ... |
+| UseUseExplosion.rb:20:3302:20:3312 | else ... | UseUseExplosion.rb:20:514:20:3316 | if ... |
+| UseUseExplosion.rb:20:3307:20:3312 | call to use | UseUseExplosion.rb:20:3302:20:3312 | else ... |
+| UseUseExplosion.rb:20:3318:20:3328 | else ... | UseUseExplosion.rb:20:493:20:3332 | if ... |
+| UseUseExplosion.rb:20:3323:20:3328 | call to use | UseUseExplosion.rb:20:3318:20:3328 | else ... |
+| UseUseExplosion.rb:20:3334:20:3344 | else ... | UseUseExplosion.rb:20:472:20:3348 | if ... |
+| UseUseExplosion.rb:20:3339:20:3344 | call to use | UseUseExplosion.rb:20:3334:20:3344 | else ... |
+| UseUseExplosion.rb:20:3350:20:3360 | else ... | UseUseExplosion.rb:20:451:20:3364 | if ... |
+| UseUseExplosion.rb:20:3355:20:3360 | call to use | UseUseExplosion.rb:20:3350:20:3360 | else ... |
+| UseUseExplosion.rb:20:3366:20:3376 | else ... | UseUseExplosion.rb:20:430:20:3380 | if ... |
+| UseUseExplosion.rb:20:3371:20:3376 | call to use | UseUseExplosion.rb:20:3366:20:3376 | else ... |
+| UseUseExplosion.rb:20:3382:20:3392 | else ... | UseUseExplosion.rb:20:409:20:3396 | if ... |
+| UseUseExplosion.rb:20:3387:20:3392 | call to use | UseUseExplosion.rb:20:3382:20:3392 | else ... |
+| UseUseExplosion.rb:20:3398:20:3408 | else ... | UseUseExplosion.rb:20:388:20:3412 | if ... |
+| UseUseExplosion.rb:20:3403:20:3408 | call to use | UseUseExplosion.rb:20:3398:20:3408 | else ... |
+| UseUseExplosion.rb:20:3414:20:3424 | else ... | UseUseExplosion.rb:20:367:20:3428 | if ... |
+| UseUseExplosion.rb:20:3419:20:3424 | call to use | UseUseExplosion.rb:20:3414:20:3424 | else ... |
+| UseUseExplosion.rb:20:3430:20:3440 | else ... | UseUseExplosion.rb:20:346:20:3444 | if ... |
+| UseUseExplosion.rb:20:3435:20:3440 | call to use | UseUseExplosion.rb:20:3430:20:3440 | else ... |
+| UseUseExplosion.rb:20:3446:20:3456 | else ... | UseUseExplosion.rb:20:325:20:3460 | if ... |
+| UseUseExplosion.rb:20:3451:20:3456 | call to use | UseUseExplosion.rb:20:3446:20:3456 | else ... |
+| UseUseExplosion.rb:20:3462:20:3472 | else ... | UseUseExplosion.rb:20:304:20:3476 | if ... |
+| UseUseExplosion.rb:20:3467:20:3472 | call to use | UseUseExplosion.rb:20:3462:20:3472 | else ... |
+| UseUseExplosion.rb:20:3478:20:3488 | else ... | UseUseExplosion.rb:20:283:20:3492 | if ... |
+| UseUseExplosion.rb:20:3483:20:3488 | call to use | UseUseExplosion.rb:20:3478:20:3488 | else ... |
+| UseUseExplosion.rb:20:3494:20:3504 | else ... | UseUseExplosion.rb:20:262:20:3508 | if ... |
+| UseUseExplosion.rb:20:3499:20:3504 | call to use | UseUseExplosion.rb:20:3494:20:3504 | else ... |
+| UseUseExplosion.rb:20:3510:20:3520 | else ... | UseUseExplosion.rb:20:241:20:3524 | if ... |
+| UseUseExplosion.rb:20:3515:20:3520 | call to use | UseUseExplosion.rb:20:3510:20:3520 | else ... |
+| UseUseExplosion.rb:20:3526:20:3536 | else ... | UseUseExplosion.rb:20:220:20:3540 | if ... |
+| UseUseExplosion.rb:20:3531:20:3536 | call to use | UseUseExplosion.rb:20:3526:20:3536 | else ... |
+| UseUseExplosion.rb:20:3542:20:3552 | else ... | UseUseExplosion.rb:20:199:20:3556 | if ... |
+| UseUseExplosion.rb:20:3547:20:3552 | call to use | UseUseExplosion.rb:20:3542:20:3552 | else ... |
+| UseUseExplosion.rb:20:3558:20:3568 | else ... | UseUseExplosion.rb:20:178:20:3572 | if ... |
+| UseUseExplosion.rb:20:3563:20:3568 | call to use | UseUseExplosion.rb:20:3558:20:3568 | else ... |
+| UseUseExplosion.rb:20:3574:20:3584 | else ... | UseUseExplosion.rb:20:157:20:3588 | if ... |
+| UseUseExplosion.rb:20:3579:20:3584 | call to use | UseUseExplosion.rb:20:3574:20:3584 | else ... |
+| UseUseExplosion.rb:20:3590:20:3600 | else ... | UseUseExplosion.rb:20:136:20:3604 | if ... |
+| UseUseExplosion.rb:20:3595:20:3600 | call to use | UseUseExplosion.rb:20:3590:20:3600 | else ... |
+| UseUseExplosion.rb:20:3606:20:3616 | else ... | UseUseExplosion.rb:20:115:20:3620 | if ... |
+| UseUseExplosion.rb:20:3611:20:3616 | call to use | UseUseExplosion.rb:20:3606:20:3616 | else ... |
+| UseUseExplosion.rb:20:3622:20:3632 | else ... | UseUseExplosion.rb:20:94:20:3636 | if ... |
+| UseUseExplosion.rb:20:3627:20:3632 | call to use | UseUseExplosion.rb:20:3622:20:3632 | else ... |
+| UseUseExplosion.rb:20:3638:20:3648 | else ... | UseUseExplosion.rb:20:73:20:3652 | if ... |
+| UseUseExplosion.rb:20:3643:20:3648 | call to use | UseUseExplosion.rb:20:3638:20:3648 | else ... |
+| UseUseExplosion.rb:20:3654:20:3664 | else ... | UseUseExplosion.rb:20:52:20:3668 | if ... |
+| UseUseExplosion.rb:20:3659:20:3664 | call to use | UseUseExplosion.rb:20:3654:20:3664 | else ... |
+| UseUseExplosion.rb:20:3670:20:3680 | else ... | UseUseExplosion.rb:20:31:20:3684 | if ... |
+| UseUseExplosion.rb:20:3675:20:3680 | call to use | UseUseExplosion.rb:20:3670:20:3680 | else ... |
+| UseUseExplosion.rb:20:3686:20:3696 | else ... | UseUseExplosion.rb:20:9:20:3700 | if ... |
+| UseUseExplosion.rb:20:3691:20:3696 | call to use | UseUseExplosion.rb:20:3686:20:3696 | else ... |
+| UseUseExplosion.rb:21:13:21:17 | [post] self | UseUseExplosion.rb:21:35:21:39 | self |
+| UseUseExplosion.rb:21:13:21:17 | [post] self | UseUseExplosion.rb:21:3691:21:3696 | self |
+| UseUseExplosion.rb:21:13:21:17 | self | UseUseExplosion.rb:21:35:21:39 | self |
+| UseUseExplosion.rb:21:13:21:17 | self | UseUseExplosion.rb:21:3691:21:3696 | self |
+| UseUseExplosion.rb:21:13:21:23 | ... > ... | UseUseExplosion.rb:21:12:21:24 | [false] ( ... ) |
+| UseUseExplosion.rb:21:13:21:23 | ... > ... | UseUseExplosion.rb:21:12:21:24 | [true] ( ... ) |
+| UseUseExplosion.rb:21:26:21:3684 | then ... | UseUseExplosion.rb:21:9:21:3700 | if ... |
+| UseUseExplosion.rb:21:31:21:3684 | if ... | UseUseExplosion.rb:21:26:21:3684 | then ... |
+| UseUseExplosion.rb:21:35:21:39 | [post] self | UseUseExplosion.rb:21:56:21:60 | self |
+| UseUseExplosion.rb:21:35:21:39 | [post] self | UseUseExplosion.rb:21:3675:21:3680 | self |
+| UseUseExplosion.rb:21:35:21:39 | self | UseUseExplosion.rb:21:56:21:60 | self |
+| UseUseExplosion.rb:21:35:21:39 | self | UseUseExplosion.rb:21:3675:21:3680 | self |
+| UseUseExplosion.rb:21:35:21:44 | ... > ... | UseUseExplosion.rb:21:34:21:45 | [false] ( ... ) |
+| UseUseExplosion.rb:21:35:21:44 | ... > ... | UseUseExplosion.rb:21:34:21:45 | [true] ( ... ) |
+| UseUseExplosion.rb:21:47:21:3668 | then ... | UseUseExplosion.rb:21:31:21:3684 | if ... |
+| UseUseExplosion.rb:21:52:21:3668 | if ... | UseUseExplosion.rb:21:47:21:3668 | then ... |
+| UseUseExplosion.rb:21:56:21:60 | [post] self | UseUseExplosion.rb:21:77:21:81 | self |
+| UseUseExplosion.rb:21:56:21:60 | [post] self | UseUseExplosion.rb:21:3659:21:3664 | self |
+| UseUseExplosion.rb:21:56:21:60 | self | UseUseExplosion.rb:21:77:21:81 | self |
+| UseUseExplosion.rb:21:56:21:60 | self | UseUseExplosion.rb:21:3659:21:3664 | self |
+| UseUseExplosion.rb:21:56:21:65 | ... > ... | UseUseExplosion.rb:21:55:21:66 | [false] ( ... ) |
+| UseUseExplosion.rb:21:56:21:65 | ... > ... | UseUseExplosion.rb:21:55:21:66 | [true] ( ... ) |
+| UseUseExplosion.rb:21:68:21:3652 | then ... | UseUseExplosion.rb:21:52:21:3668 | if ... |
+| UseUseExplosion.rb:21:73:21:3652 | if ... | UseUseExplosion.rb:21:68:21:3652 | then ... |
+| UseUseExplosion.rb:21:77:21:81 | [post] self | UseUseExplosion.rb:21:98:21:102 | self |
+| UseUseExplosion.rb:21:77:21:81 | [post] self | UseUseExplosion.rb:21:3643:21:3648 | self |
+| UseUseExplosion.rb:21:77:21:81 | self | UseUseExplosion.rb:21:98:21:102 | self |
+| UseUseExplosion.rb:21:77:21:81 | self | UseUseExplosion.rb:21:3643:21:3648 | self |
+| UseUseExplosion.rb:21:77:21:86 | ... > ... | UseUseExplosion.rb:21:76:21:87 | [false] ( ... ) |
+| UseUseExplosion.rb:21:77:21:86 | ... > ... | UseUseExplosion.rb:21:76:21:87 | [true] ( ... ) |
+| UseUseExplosion.rb:21:89:21:3636 | then ... | UseUseExplosion.rb:21:73:21:3652 | if ... |
+| UseUseExplosion.rb:21:94:21:3636 | if ... | UseUseExplosion.rb:21:89:21:3636 | then ... |
+| UseUseExplosion.rb:21:98:21:102 | [post] self | UseUseExplosion.rb:21:119:21:123 | self |
+| UseUseExplosion.rb:21:98:21:102 | [post] self | UseUseExplosion.rb:21:3627:21:3632 | self |
+| UseUseExplosion.rb:21:98:21:102 | self | UseUseExplosion.rb:21:119:21:123 | self |
+| UseUseExplosion.rb:21:98:21:102 | self | UseUseExplosion.rb:21:3627:21:3632 | self |
+| UseUseExplosion.rb:21:98:21:107 | ... > ... | UseUseExplosion.rb:21:97:21:108 | [false] ( ... ) |
+| UseUseExplosion.rb:21:98:21:107 | ... > ... | UseUseExplosion.rb:21:97:21:108 | [true] ( ... ) |
+| UseUseExplosion.rb:21:110:21:3620 | then ... | UseUseExplosion.rb:21:94:21:3636 | if ... |
+| UseUseExplosion.rb:21:115:21:3620 | if ... | UseUseExplosion.rb:21:110:21:3620 | then ... |
+| UseUseExplosion.rb:21:119:21:123 | [post] self | UseUseExplosion.rb:21:140:21:144 | self |
+| UseUseExplosion.rb:21:119:21:123 | [post] self | UseUseExplosion.rb:21:3611:21:3616 | self |
+| UseUseExplosion.rb:21:119:21:123 | self | UseUseExplosion.rb:21:140:21:144 | self |
+| UseUseExplosion.rb:21:119:21:123 | self | UseUseExplosion.rb:21:3611:21:3616 | self |
+| UseUseExplosion.rb:21:119:21:128 | ... > ... | UseUseExplosion.rb:21:118:21:129 | [false] ( ... ) |
+| UseUseExplosion.rb:21:119:21:128 | ... > ... | UseUseExplosion.rb:21:118:21:129 | [true] ( ... ) |
+| UseUseExplosion.rb:21:131:21:3604 | then ... | UseUseExplosion.rb:21:115:21:3620 | if ... |
+| UseUseExplosion.rb:21:136:21:3604 | if ... | UseUseExplosion.rb:21:131:21:3604 | then ... |
+| UseUseExplosion.rb:21:140:21:144 | [post] self | UseUseExplosion.rb:21:161:21:165 | self |
+| UseUseExplosion.rb:21:140:21:144 | [post] self | UseUseExplosion.rb:21:3595:21:3600 | self |
+| UseUseExplosion.rb:21:140:21:144 | self | UseUseExplosion.rb:21:161:21:165 | self |
+| UseUseExplosion.rb:21:140:21:144 | self | UseUseExplosion.rb:21:3595:21:3600 | self |
+| UseUseExplosion.rb:21:140:21:149 | ... > ... | UseUseExplosion.rb:21:139:21:150 | [false] ( ... ) |
+| UseUseExplosion.rb:21:140:21:149 | ... > ... | UseUseExplosion.rb:21:139:21:150 | [true] ( ... ) |
+| UseUseExplosion.rb:21:152:21:3588 | then ... | UseUseExplosion.rb:21:136:21:3604 | if ... |
+| UseUseExplosion.rb:21:157:21:3588 | if ... | UseUseExplosion.rb:21:152:21:3588 | then ... |
+| UseUseExplosion.rb:21:161:21:165 | [post] self | UseUseExplosion.rb:21:182:21:186 | self |
+| UseUseExplosion.rb:21:161:21:165 | [post] self | UseUseExplosion.rb:21:3579:21:3584 | self |
+| UseUseExplosion.rb:21:161:21:165 | self | UseUseExplosion.rb:21:182:21:186 | self |
+| UseUseExplosion.rb:21:161:21:165 | self | UseUseExplosion.rb:21:3579:21:3584 | self |
+| UseUseExplosion.rb:21:161:21:170 | ... > ... | UseUseExplosion.rb:21:160:21:171 | [false] ( ... ) |
+| UseUseExplosion.rb:21:161:21:170 | ... > ... | UseUseExplosion.rb:21:160:21:171 | [true] ( ... ) |
+| UseUseExplosion.rb:21:173:21:3572 | then ... | UseUseExplosion.rb:21:157:21:3588 | if ... |
+| UseUseExplosion.rb:21:178:21:3572 | if ... | UseUseExplosion.rb:21:173:21:3572 | then ... |
+| UseUseExplosion.rb:21:182:21:186 | [post] self | UseUseExplosion.rb:21:203:21:207 | self |
+| UseUseExplosion.rb:21:182:21:186 | [post] self | UseUseExplosion.rb:21:3563:21:3568 | self |
+| UseUseExplosion.rb:21:182:21:186 | self | UseUseExplosion.rb:21:203:21:207 | self |
+| UseUseExplosion.rb:21:182:21:186 | self | UseUseExplosion.rb:21:3563:21:3568 | self |
+| UseUseExplosion.rb:21:182:21:191 | ... > ... | UseUseExplosion.rb:21:181:21:192 | [false] ( ... ) |
+| UseUseExplosion.rb:21:182:21:191 | ... > ... | UseUseExplosion.rb:21:181:21:192 | [true] ( ... ) |
+| UseUseExplosion.rb:21:194:21:3556 | then ... | UseUseExplosion.rb:21:178:21:3572 | if ... |
+| UseUseExplosion.rb:21:199:21:3556 | if ... | UseUseExplosion.rb:21:194:21:3556 | then ... |
+| UseUseExplosion.rb:21:203:21:207 | [post] self | UseUseExplosion.rb:21:224:21:228 | self |
+| UseUseExplosion.rb:21:203:21:207 | [post] self | UseUseExplosion.rb:21:3547:21:3552 | self |
+| UseUseExplosion.rb:21:203:21:207 | self | UseUseExplosion.rb:21:224:21:228 | self |
+| UseUseExplosion.rb:21:203:21:207 | self | UseUseExplosion.rb:21:3547:21:3552 | self |
+| UseUseExplosion.rb:21:203:21:212 | ... > ... | UseUseExplosion.rb:21:202:21:213 | [false] ( ... ) |
+| UseUseExplosion.rb:21:203:21:212 | ... > ... | UseUseExplosion.rb:21:202:21:213 | [true] ( ... ) |
+| UseUseExplosion.rb:21:215:21:3540 | then ... | UseUseExplosion.rb:21:199:21:3556 | if ... |
+| UseUseExplosion.rb:21:220:21:3540 | if ... | UseUseExplosion.rb:21:215:21:3540 | then ... |
+| UseUseExplosion.rb:21:224:21:228 | [post] self | UseUseExplosion.rb:21:245:21:249 | self |
+| UseUseExplosion.rb:21:224:21:228 | [post] self | UseUseExplosion.rb:21:3531:21:3536 | self |
+| UseUseExplosion.rb:21:224:21:228 | self | UseUseExplosion.rb:21:245:21:249 | self |
+| UseUseExplosion.rb:21:224:21:228 | self | UseUseExplosion.rb:21:3531:21:3536 | self |
+| UseUseExplosion.rb:21:224:21:233 | ... > ... | UseUseExplosion.rb:21:223:21:234 | [false] ( ... ) |
+| UseUseExplosion.rb:21:224:21:233 | ... > ... | UseUseExplosion.rb:21:223:21:234 | [true] ( ... ) |
+| UseUseExplosion.rb:21:236:21:3524 | then ... | UseUseExplosion.rb:21:220:21:3540 | if ... |
+| UseUseExplosion.rb:21:241:21:3524 | if ... | UseUseExplosion.rb:21:236:21:3524 | then ... |
+| UseUseExplosion.rb:21:245:21:249 | [post] self | UseUseExplosion.rb:21:266:21:270 | self |
+| UseUseExplosion.rb:21:245:21:249 | [post] self | UseUseExplosion.rb:21:3515:21:3520 | self |
+| UseUseExplosion.rb:21:245:21:249 | self | UseUseExplosion.rb:21:266:21:270 | self |
+| UseUseExplosion.rb:21:245:21:249 | self | UseUseExplosion.rb:21:3515:21:3520 | self |
+| UseUseExplosion.rb:21:245:21:254 | ... > ... | UseUseExplosion.rb:21:244:21:255 | [false] ( ... ) |
+| UseUseExplosion.rb:21:245:21:254 | ... > ... | UseUseExplosion.rb:21:244:21:255 | [true] ( ... ) |
+| UseUseExplosion.rb:21:257:21:3508 | then ... | UseUseExplosion.rb:21:241:21:3524 | if ... |
+| UseUseExplosion.rb:21:262:21:3508 | if ... | UseUseExplosion.rb:21:257:21:3508 | then ... |
+| UseUseExplosion.rb:21:266:21:270 | [post] self | UseUseExplosion.rb:21:287:21:291 | self |
+| UseUseExplosion.rb:21:266:21:270 | [post] self | UseUseExplosion.rb:21:3499:21:3504 | self |
+| UseUseExplosion.rb:21:266:21:270 | self | UseUseExplosion.rb:21:287:21:291 | self |
+| UseUseExplosion.rb:21:266:21:270 | self | UseUseExplosion.rb:21:3499:21:3504 | self |
+| UseUseExplosion.rb:21:266:21:275 | ... > ... | UseUseExplosion.rb:21:265:21:276 | [false] ( ... ) |
+| UseUseExplosion.rb:21:266:21:275 | ... > ... | UseUseExplosion.rb:21:265:21:276 | [true] ( ... ) |
+| UseUseExplosion.rb:21:278:21:3492 | then ... | UseUseExplosion.rb:21:262:21:3508 | if ... |
+| UseUseExplosion.rb:21:283:21:3492 | if ... | UseUseExplosion.rb:21:278:21:3492 | then ... |
+| UseUseExplosion.rb:21:287:21:291 | [post] self | UseUseExplosion.rb:21:308:21:312 | self |
+| UseUseExplosion.rb:21:287:21:291 | [post] self | UseUseExplosion.rb:21:3483:21:3488 | self |
+| UseUseExplosion.rb:21:287:21:291 | self | UseUseExplosion.rb:21:308:21:312 | self |
+| UseUseExplosion.rb:21:287:21:291 | self | UseUseExplosion.rb:21:3483:21:3488 | self |
+| UseUseExplosion.rb:21:287:21:296 | ... > ... | UseUseExplosion.rb:21:286:21:297 | [false] ( ... ) |
+| UseUseExplosion.rb:21:287:21:296 | ... > ... | UseUseExplosion.rb:21:286:21:297 | [true] ( ... ) |
+| UseUseExplosion.rb:21:299:21:3476 | then ... | UseUseExplosion.rb:21:283:21:3492 | if ... |
+| UseUseExplosion.rb:21:304:21:3476 | if ... | UseUseExplosion.rb:21:299:21:3476 | then ... |
+| UseUseExplosion.rb:21:308:21:312 | [post] self | UseUseExplosion.rb:21:329:21:333 | self |
+| UseUseExplosion.rb:21:308:21:312 | [post] self | UseUseExplosion.rb:21:3467:21:3472 | self |
+| UseUseExplosion.rb:21:308:21:312 | self | UseUseExplosion.rb:21:329:21:333 | self |
+| UseUseExplosion.rb:21:308:21:312 | self | UseUseExplosion.rb:21:3467:21:3472 | self |
+| UseUseExplosion.rb:21:308:21:317 | ... > ... | UseUseExplosion.rb:21:307:21:318 | [false] ( ... ) |
+| UseUseExplosion.rb:21:308:21:317 | ... > ... | UseUseExplosion.rb:21:307:21:318 | [true] ( ... ) |
+| UseUseExplosion.rb:21:320:21:3460 | then ... | UseUseExplosion.rb:21:304:21:3476 | if ... |
+| UseUseExplosion.rb:21:325:21:3460 | if ... | UseUseExplosion.rb:21:320:21:3460 | then ... |
+| UseUseExplosion.rb:21:329:21:333 | [post] self | UseUseExplosion.rb:21:350:21:354 | self |
+| UseUseExplosion.rb:21:329:21:333 | [post] self | UseUseExplosion.rb:21:3451:21:3456 | self |
+| UseUseExplosion.rb:21:329:21:333 | self | UseUseExplosion.rb:21:350:21:354 | self |
+| UseUseExplosion.rb:21:329:21:333 | self | UseUseExplosion.rb:21:3451:21:3456 | self |
+| UseUseExplosion.rb:21:329:21:338 | ... > ... | UseUseExplosion.rb:21:328:21:339 | [false] ( ... ) |
+| UseUseExplosion.rb:21:329:21:338 | ... > ... | UseUseExplosion.rb:21:328:21:339 | [true] ( ... ) |
+| UseUseExplosion.rb:21:341:21:3444 | then ... | UseUseExplosion.rb:21:325:21:3460 | if ... |
+| UseUseExplosion.rb:21:346:21:3444 | if ... | UseUseExplosion.rb:21:341:21:3444 | then ... |
+| UseUseExplosion.rb:21:350:21:354 | [post] self | UseUseExplosion.rb:21:371:21:375 | self |
+| UseUseExplosion.rb:21:350:21:354 | [post] self | UseUseExplosion.rb:21:3435:21:3440 | self |
+| UseUseExplosion.rb:21:350:21:354 | self | UseUseExplosion.rb:21:371:21:375 | self |
+| UseUseExplosion.rb:21:350:21:354 | self | UseUseExplosion.rb:21:3435:21:3440 | self |
+| UseUseExplosion.rb:21:350:21:359 | ... > ... | UseUseExplosion.rb:21:349:21:360 | [false] ( ... ) |
+| UseUseExplosion.rb:21:350:21:359 | ... > ... | UseUseExplosion.rb:21:349:21:360 | [true] ( ... ) |
+| UseUseExplosion.rb:21:362:21:3428 | then ... | UseUseExplosion.rb:21:346:21:3444 | if ... |
+| UseUseExplosion.rb:21:367:21:3428 | if ... | UseUseExplosion.rb:21:362:21:3428 | then ... |
+| UseUseExplosion.rb:21:371:21:375 | [post] self | UseUseExplosion.rb:21:392:21:396 | self |
+| UseUseExplosion.rb:21:371:21:375 | [post] self | UseUseExplosion.rb:21:3419:21:3424 | self |
+| UseUseExplosion.rb:21:371:21:375 | self | UseUseExplosion.rb:21:392:21:396 | self |
+| UseUseExplosion.rb:21:371:21:375 | self | UseUseExplosion.rb:21:3419:21:3424 | self |
+| UseUseExplosion.rb:21:371:21:380 | ... > ... | UseUseExplosion.rb:21:370:21:381 | [false] ( ... ) |
+| UseUseExplosion.rb:21:371:21:380 | ... > ... | UseUseExplosion.rb:21:370:21:381 | [true] ( ... ) |
+| UseUseExplosion.rb:21:383:21:3412 | then ... | UseUseExplosion.rb:21:367:21:3428 | if ... |
+| UseUseExplosion.rb:21:388:21:3412 | if ... | UseUseExplosion.rb:21:383:21:3412 | then ... |
+| UseUseExplosion.rb:21:392:21:396 | [post] self | UseUseExplosion.rb:21:413:21:417 | self |
+| UseUseExplosion.rb:21:392:21:396 | [post] self | UseUseExplosion.rb:21:3403:21:3408 | self |
+| UseUseExplosion.rb:21:392:21:396 | self | UseUseExplosion.rb:21:413:21:417 | self |
+| UseUseExplosion.rb:21:392:21:396 | self | UseUseExplosion.rb:21:3403:21:3408 | self |
+| UseUseExplosion.rb:21:392:21:401 | ... > ... | UseUseExplosion.rb:21:391:21:402 | [false] ( ... ) |
+| UseUseExplosion.rb:21:392:21:401 | ... > ... | UseUseExplosion.rb:21:391:21:402 | [true] ( ... ) |
+| UseUseExplosion.rb:21:404:21:3396 | then ... | UseUseExplosion.rb:21:388:21:3412 | if ... |
+| UseUseExplosion.rb:21:409:21:3396 | if ... | UseUseExplosion.rb:21:404:21:3396 | then ... |
+| UseUseExplosion.rb:21:413:21:417 | [post] self | UseUseExplosion.rb:21:434:21:438 | self |
+| UseUseExplosion.rb:21:413:21:417 | [post] self | UseUseExplosion.rb:21:3387:21:3392 | self |
+| UseUseExplosion.rb:21:413:21:417 | self | UseUseExplosion.rb:21:434:21:438 | self |
+| UseUseExplosion.rb:21:413:21:417 | self | UseUseExplosion.rb:21:3387:21:3392 | self |
+| UseUseExplosion.rb:21:413:21:422 | ... > ... | UseUseExplosion.rb:21:412:21:423 | [false] ( ... ) |
+| UseUseExplosion.rb:21:413:21:422 | ... > ... | UseUseExplosion.rb:21:412:21:423 | [true] ( ... ) |
+| UseUseExplosion.rb:21:425:21:3380 | then ... | UseUseExplosion.rb:21:409:21:3396 | if ... |
+| UseUseExplosion.rb:21:430:21:3380 | if ... | UseUseExplosion.rb:21:425:21:3380 | then ... |
+| UseUseExplosion.rb:21:434:21:438 | [post] self | UseUseExplosion.rb:21:455:21:459 | self |
+| UseUseExplosion.rb:21:434:21:438 | [post] self | UseUseExplosion.rb:21:3371:21:3376 | self |
+| UseUseExplosion.rb:21:434:21:438 | self | UseUseExplosion.rb:21:455:21:459 | self |
+| UseUseExplosion.rb:21:434:21:438 | self | UseUseExplosion.rb:21:3371:21:3376 | self |
+| UseUseExplosion.rb:21:434:21:443 | ... > ... | UseUseExplosion.rb:21:433:21:444 | [false] ( ... ) |
+| UseUseExplosion.rb:21:434:21:443 | ... > ... | UseUseExplosion.rb:21:433:21:444 | [true] ( ... ) |
+| UseUseExplosion.rb:21:446:21:3364 | then ... | UseUseExplosion.rb:21:430:21:3380 | if ... |
+| UseUseExplosion.rb:21:451:21:3364 | if ... | UseUseExplosion.rb:21:446:21:3364 | then ... |
+| UseUseExplosion.rb:21:455:21:459 | [post] self | UseUseExplosion.rb:21:476:21:480 | self |
+| UseUseExplosion.rb:21:455:21:459 | [post] self | UseUseExplosion.rb:21:3355:21:3360 | self |
+| UseUseExplosion.rb:21:455:21:459 | self | UseUseExplosion.rb:21:476:21:480 | self |
+| UseUseExplosion.rb:21:455:21:459 | self | UseUseExplosion.rb:21:3355:21:3360 | self |
+| UseUseExplosion.rb:21:455:21:464 | ... > ... | UseUseExplosion.rb:21:454:21:465 | [false] ( ... ) |
+| UseUseExplosion.rb:21:455:21:464 | ... > ... | UseUseExplosion.rb:21:454:21:465 | [true] ( ... ) |
+| UseUseExplosion.rb:21:467:21:3348 | then ... | UseUseExplosion.rb:21:451:21:3364 | if ... |
+| UseUseExplosion.rb:21:472:21:3348 | if ... | UseUseExplosion.rb:21:467:21:3348 | then ... |
+| UseUseExplosion.rb:21:476:21:480 | [post] self | UseUseExplosion.rb:21:497:21:501 | self |
+| UseUseExplosion.rb:21:476:21:480 | [post] self | UseUseExplosion.rb:21:3339:21:3344 | self |
+| UseUseExplosion.rb:21:476:21:480 | self | UseUseExplosion.rb:21:497:21:501 | self |
+| UseUseExplosion.rb:21:476:21:480 | self | UseUseExplosion.rb:21:3339:21:3344 | self |
+| UseUseExplosion.rb:21:476:21:485 | ... > ... | UseUseExplosion.rb:21:475:21:486 | [false] ( ... ) |
+| UseUseExplosion.rb:21:476:21:485 | ... > ... | UseUseExplosion.rb:21:475:21:486 | [true] ( ... ) |
+| UseUseExplosion.rb:21:488:21:3332 | then ... | UseUseExplosion.rb:21:472:21:3348 | if ... |
+| UseUseExplosion.rb:21:493:21:3332 | if ... | UseUseExplosion.rb:21:488:21:3332 | then ... |
+| UseUseExplosion.rb:21:497:21:501 | [post] self | UseUseExplosion.rb:21:518:21:522 | self |
+| UseUseExplosion.rb:21:497:21:501 | [post] self | UseUseExplosion.rb:21:3323:21:3328 | self |
+| UseUseExplosion.rb:21:497:21:501 | self | UseUseExplosion.rb:21:518:21:522 | self |
+| UseUseExplosion.rb:21:497:21:501 | self | UseUseExplosion.rb:21:3323:21:3328 | self |
+| UseUseExplosion.rb:21:497:21:506 | ... > ... | UseUseExplosion.rb:21:496:21:507 | [false] ( ... ) |
+| UseUseExplosion.rb:21:497:21:506 | ... > ... | UseUseExplosion.rb:21:496:21:507 | [true] ( ... ) |
+| UseUseExplosion.rb:21:509:21:3316 | then ... | UseUseExplosion.rb:21:493:21:3332 | if ... |
+| UseUseExplosion.rb:21:514:21:3316 | if ... | UseUseExplosion.rb:21:509:21:3316 | then ... |
+| UseUseExplosion.rb:21:518:21:522 | [post] self | UseUseExplosion.rb:21:539:21:543 | self |
+| UseUseExplosion.rb:21:518:21:522 | [post] self | UseUseExplosion.rb:21:3307:21:3312 | self |
+| UseUseExplosion.rb:21:518:21:522 | self | UseUseExplosion.rb:21:539:21:543 | self |
+| UseUseExplosion.rb:21:518:21:522 | self | UseUseExplosion.rb:21:3307:21:3312 | self |
+| UseUseExplosion.rb:21:518:21:527 | ... > ... | UseUseExplosion.rb:21:517:21:528 | [false] ( ... ) |
+| UseUseExplosion.rb:21:518:21:527 | ... > ... | UseUseExplosion.rb:21:517:21:528 | [true] ( ... ) |
+| UseUseExplosion.rb:21:530:21:3300 | then ... | UseUseExplosion.rb:21:514:21:3316 | if ... |
+| UseUseExplosion.rb:21:535:21:3300 | if ... | UseUseExplosion.rb:21:530:21:3300 | then ... |
+| UseUseExplosion.rb:21:539:21:543 | [post] self | UseUseExplosion.rb:21:560:21:564 | self |
+| UseUseExplosion.rb:21:539:21:543 | [post] self | UseUseExplosion.rb:21:3291:21:3296 | self |
+| UseUseExplosion.rb:21:539:21:543 | self | UseUseExplosion.rb:21:560:21:564 | self |
+| UseUseExplosion.rb:21:539:21:543 | self | UseUseExplosion.rb:21:3291:21:3296 | self |
+| UseUseExplosion.rb:21:539:21:548 | ... > ... | UseUseExplosion.rb:21:538:21:549 | [false] ( ... ) |
+| UseUseExplosion.rb:21:539:21:548 | ... > ... | UseUseExplosion.rb:21:538:21:549 | [true] ( ... ) |
+| UseUseExplosion.rb:21:551:21:3284 | then ... | UseUseExplosion.rb:21:535:21:3300 | if ... |
+| UseUseExplosion.rb:21:556:21:3284 | if ... | UseUseExplosion.rb:21:551:21:3284 | then ... |
+| UseUseExplosion.rb:21:560:21:564 | [post] self | UseUseExplosion.rb:21:581:21:585 | self |
+| UseUseExplosion.rb:21:560:21:564 | [post] self | UseUseExplosion.rb:21:3275:21:3280 | self |
+| UseUseExplosion.rb:21:560:21:564 | self | UseUseExplosion.rb:21:581:21:585 | self |
+| UseUseExplosion.rb:21:560:21:564 | self | UseUseExplosion.rb:21:3275:21:3280 | self |
+| UseUseExplosion.rb:21:560:21:569 | ... > ... | UseUseExplosion.rb:21:559:21:570 | [false] ( ... ) |
+| UseUseExplosion.rb:21:560:21:569 | ... > ... | UseUseExplosion.rb:21:559:21:570 | [true] ( ... ) |
+| UseUseExplosion.rb:21:572:21:3268 | then ... | UseUseExplosion.rb:21:556:21:3284 | if ... |
+| UseUseExplosion.rb:21:577:21:3268 | if ... | UseUseExplosion.rb:21:572:21:3268 | then ... |
+| UseUseExplosion.rb:21:581:21:585 | [post] self | UseUseExplosion.rb:21:602:21:606 | self |
+| UseUseExplosion.rb:21:581:21:585 | [post] self | UseUseExplosion.rb:21:3259:21:3264 | self |
+| UseUseExplosion.rb:21:581:21:585 | self | UseUseExplosion.rb:21:602:21:606 | self |
+| UseUseExplosion.rb:21:581:21:585 | self | UseUseExplosion.rb:21:3259:21:3264 | self |
+| UseUseExplosion.rb:21:581:21:590 | ... > ... | UseUseExplosion.rb:21:580:21:591 | [false] ( ... ) |
+| UseUseExplosion.rb:21:581:21:590 | ... > ... | UseUseExplosion.rb:21:580:21:591 | [true] ( ... ) |
+| UseUseExplosion.rb:21:593:21:3252 | then ... | UseUseExplosion.rb:21:577:21:3268 | if ... |
+| UseUseExplosion.rb:21:598:21:3252 | if ... | UseUseExplosion.rb:21:593:21:3252 | then ... |
+| UseUseExplosion.rb:21:602:21:606 | [post] self | UseUseExplosion.rb:21:623:21:627 | self |
+| UseUseExplosion.rb:21:602:21:606 | [post] self | UseUseExplosion.rb:21:3243:21:3248 | self |
+| UseUseExplosion.rb:21:602:21:606 | self | UseUseExplosion.rb:21:623:21:627 | self |
+| UseUseExplosion.rb:21:602:21:606 | self | UseUseExplosion.rb:21:3243:21:3248 | self |
+| UseUseExplosion.rb:21:602:21:611 | ... > ... | UseUseExplosion.rb:21:601:21:612 | [false] ( ... ) |
+| UseUseExplosion.rb:21:602:21:611 | ... > ... | UseUseExplosion.rb:21:601:21:612 | [true] ( ... ) |
+| UseUseExplosion.rb:21:614:21:3236 | then ... | UseUseExplosion.rb:21:598:21:3252 | if ... |
+| UseUseExplosion.rb:21:619:21:3236 | if ... | UseUseExplosion.rb:21:614:21:3236 | then ... |
+| UseUseExplosion.rb:21:623:21:627 | [post] self | UseUseExplosion.rb:21:644:21:648 | self |
+| UseUseExplosion.rb:21:623:21:627 | [post] self | UseUseExplosion.rb:21:3227:21:3232 | self |
+| UseUseExplosion.rb:21:623:21:627 | self | UseUseExplosion.rb:21:644:21:648 | self |
+| UseUseExplosion.rb:21:623:21:627 | self | UseUseExplosion.rb:21:3227:21:3232 | self |
+| UseUseExplosion.rb:21:623:21:632 | ... > ... | UseUseExplosion.rb:21:622:21:633 | [false] ( ... ) |
+| UseUseExplosion.rb:21:623:21:632 | ... > ... | UseUseExplosion.rb:21:622:21:633 | [true] ( ... ) |
+| UseUseExplosion.rb:21:635:21:3220 | then ... | UseUseExplosion.rb:21:619:21:3236 | if ... |
+| UseUseExplosion.rb:21:640:21:3220 | if ... | UseUseExplosion.rb:21:635:21:3220 | then ... |
+| UseUseExplosion.rb:21:644:21:648 | [post] self | UseUseExplosion.rb:21:665:21:669 | self |
+| UseUseExplosion.rb:21:644:21:648 | [post] self | UseUseExplosion.rb:21:3211:21:3216 | self |
+| UseUseExplosion.rb:21:644:21:648 | self | UseUseExplosion.rb:21:665:21:669 | self |
+| UseUseExplosion.rb:21:644:21:648 | self | UseUseExplosion.rb:21:3211:21:3216 | self |
+| UseUseExplosion.rb:21:644:21:653 | ... > ... | UseUseExplosion.rb:21:643:21:654 | [false] ( ... ) |
+| UseUseExplosion.rb:21:644:21:653 | ... > ... | UseUseExplosion.rb:21:643:21:654 | [true] ( ... ) |
+| UseUseExplosion.rb:21:656:21:3204 | then ... | UseUseExplosion.rb:21:640:21:3220 | if ... |
+| UseUseExplosion.rb:21:661:21:3204 | if ... | UseUseExplosion.rb:21:656:21:3204 | then ... |
+| UseUseExplosion.rb:21:665:21:669 | [post] self | UseUseExplosion.rb:21:686:21:690 | self |
+| UseUseExplosion.rb:21:665:21:669 | [post] self | UseUseExplosion.rb:21:3195:21:3200 | self |
+| UseUseExplosion.rb:21:665:21:669 | self | UseUseExplosion.rb:21:686:21:690 | self |
+| UseUseExplosion.rb:21:665:21:669 | self | UseUseExplosion.rb:21:3195:21:3200 | self |
+| UseUseExplosion.rb:21:665:21:674 | ... > ... | UseUseExplosion.rb:21:664:21:675 | [false] ( ... ) |
+| UseUseExplosion.rb:21:665:21:674 | ... > ... | UseUseExplosion.rb:21:664:21:675 | [true] ( ... ) |
+| UseUseExplosion.rb:21:677:21:3188 | then ... | UseUseExplosion.rb:21:661:21:3204 | if ... |
+| UseUseExplosion.rb:21:682:21:3188 | if ... | UseUseExplosion.rb:21:677:21:3188 | then ... |
+| UseUseExplosion.rb:21:686:21:690 | [post] self | UseUseExplosion.rb:21:707:21:711 | self |
+| UseUseExplosion.rb:21:686:21:690 | [post] self | UseUseExplosion.rb:21:3179:21:3184 | self |
+| UseUseExplosion.rb:21:686:21:690 | self | UseUseExplosion.rb:21:707:21:711 | self |
+| UseUseExplosion.rb:21:686:21:690 | self | UseUseExplosion.rb:21:3179:21:3184 | self |
+| UseUseExplosion.rb:21:686:21:695 | ... > ... | UseUseExplosion.rb:21:685:21:696 | [false] ( ... ) |
+| UseUseExplosion.rb:21:686:21:695 | ... > ... | UseUseExplosion.rb:21:685:21:696 | [true] ( ... ) |
+| UseUseExplosion.rb:21:698:21:3172 | then ... | UseUseExplosion.rb:21:682:21:3188 | if ... |
+| UseUseExplosion.rb:21:703:21:3172 | if ... | UseUseExplosion.rb:21:698:21:3172 | then ... |
+| UseUseExplosion.rb:21:707:21:711 | [post] self | UseUseExplosion.rb:21:728:21:732 | self |
+| UseUseExplosion.rb:21:707:21:711 | [post] self | UseUseExplosion.rb:21:3163:21:3168 | self |
+| UseUseExplosion.rb:21:707:21:711 | self | UseUseExplosion.rb:21:728:21:732 | self |
+| UseUseExplosion.rb:21:707:21:711 | self | UseUseExplosion.rb:21:3163:21:3168 | self |
+| UseUseExplosion.rb:21:707:21:716 | ... > ... | UseUseExplosion.rb:21:706:21:717 | [false] ( ... ) |
+| UseUseExplosion.rb:21:707:21:716 | ... > ... | UseUseExplosion.rb:21:706:21:717 | [true] ( ... ) |
+| UseUseExplosion.rb:21:719:21:3156 | then ... | UseUseExplosion.rb:21:703:21:3172 | if ... |
+| UseUseExplosion.rb:21:724:21:3156 | if ... | UseUseExplosion.rb:21:719:21:3156 | then ... |
+| UseUseExplosion.rb:21:728:21:732 | [post] self | UseUseExplosion.rb:21:749:21:753 | self |
+| UseUseExplosion.rb:21:728:21:732 | [post] self | UseUseExplosion.rb:21:3147:21:3152 | self |
+| UseUseExplosion.rb:21:728:21:732 | self | UseUseExplosion.rb:21:749:21:753 | self |
+| UseUseExplosion.rb:21:728:21:732 | self | UseUseExplosion.rb:21:3147:21:3152 | self |
+| UseUseExplosion.rb:21:728:21:737 | ... > ... | UseUseExplosion.rb:21:727:21:738 | [false] ( ... ) |
+| UseUseExplosion.rb:21:728:21:737 | ... > ... | UseUseExplosion.rb:21:727:21:738 | [true] ( ... ) |
+| UseUseExplosion.rb:21:740:21:3140 | then ... | UseUseExplosion.rb:21:724:21:3156 | if ... |
+| UseUseExplosion.rb:21:745:21:3140 | if ... | UseUseExplosion.rb:21:740:21:3140 | then ... |
+| UseUseExplosion.rb:21:749:21:753 | [post] self | UseUseExplosion.rb:21:770:21:774 | self |
+| UseUseExplosion.rb:21:749:21:753 | [post] self | UseUseExplosion.rb:21:3131:21:3136 | self |
+| UseUseExplosion.rb:21:749:21:753 | self | UseUseExplosion.rb:21:770:21:774 | self |
+| UseUseExplosion.rb:21:749:21:753 | self | UseUseExplosion.rb:21:3131:21:3136 | self |
+| UseUseExplosion.rb:21:749:21:758 | ... > ... | UseUseExplosion.rb:21:748:21:759 | [false] ( ... ) |
+| UseUseExplosion.rb:21:749:21:758 | ... > ... | UseUseExplosion.rb:21:748:21:759 | [true] ( ... ) |
+| UseUseExplosion.rb:21:761:21:3124 | then ... | UseUseExplosion.rb:21:745:21:3140 | if ... |
+| UseUseExplosion.rb:21:766:21:3124 | if ... | UseUseExplosion.rb:21:761:21:3124 | then ... |
+| UseUseExplosion.rb:21:770:21:774 | [post] self | UseUseExplosion.rb:21:791:21:795 | self |
+| UseUseExplosion.rb:21:770:21:774 | [post] self | UseUseExplosion.rb:21:3115:21:3120 | self |
+| UseUseExplosion.rb:21:770:21:774 | self | UseUseExplosion.rb:21:791:21:795 | self |
+| UseUseExplosion.rb:21:770:21:774 | self | UseUseExplosion.rb:21:3115:21:3120 | self |
+| UseUseExplosion.rb:21:770:21:779 | ... > ... | UseUseExplosion.rb:21:769:21:780 | [false] ( ... ) |
+| UseUseExplosion.rb:21:770:21:779 | ... > ... | UseUseExplosion.rb:21:769:21:780 | [true] ( ... ) |
+| UseUseExplosion.rb:21:782:21:3108 | then ... | UseUseExplosion.rb:21:766:21:3124 | if ... |
+| UseUseExplosion.rb:21:787:21:3108 | if ... | UseUseExplosion.rb:21:782:21:3108 | then ... |
+| UseUseExplosion.rb:21:791:21:795 | [post] self | UseUseExplosion.rb:21:812:21:816 | self |
+| UseUseExplosion.rb:21:791:21:795 | [post] self | UseUseExplosion.rb:21:3099:21:3104 | self |
+| UseUseExplosion.rb:21:791:21:795 | self | UseUseExplosion.rb:21:812:21:816 | self |
+| UseUseExplosion.rb:21:791:21:795 | self | UseUseExplosion.rb:21:3099:21:3104 | self |
+| UseUseExplosion.rb:21:791:21:800 | ... > ... | UseUseExplosion.rb:21:790:21:801 | [false] ( ... ) |
+| UseUseExplosion.rb:21:791:21:800 | ... > ... | UseUseExplosion.rb:21:790:21:801 | [true] ( ... ) |
+| UseUseExplosion.rb:21:803:21:3092 | then ... | UseUseExplosion.rb:21:787:21:3108 | if ... |
+| UseUseExplosion.rb:21:808:21:3092 | if ... | UseUseExplosion.rb:21:803:21:3092 | then ... |
+| UseUseExplosion.rb:21:812:21:816 | [post] self | UseUseExplosion.rb:21:833:21:837 | self |
+| UseUseExplosion.rb:21:812:21:816 | [post] self | UseUseExplosion.rb:21:3083:21:3088 | self |
+| UseUseExplosion.rb:21:812:21:816 | self | UseUseExplosion.rb:21:833:21:837 | self |
+| UseUseExplosion.rb:21:812:21:816 | self | UseUseExplosion.rb:21:3083:21:3088 | self |
+| UseUseExplosion.rb:21:812:21:821 | ... > ... | UseUseExplosion.rb:21:811:21:822 | [false] ( ... ) |
+| UseUseExplosion.rb:21:812:21:821 | ... > ... | UseUseExplosion.rb:21:811:21:822 | [true] ( ... ) |
+| UseUseExplosion.rb:21:824:21:3076 | then ... | UseUseExplosion.rb:21:808:21:3092 | if ... |
+| UseUseExplosion.rb:21:829:21:3076 | if ... | UseUseExplosion.rb:21:824:21:3076 | then ... |
+| UseUseExplosion.rb:21:833:21:837 | [post] self | UseUseExplosion.rb:21:854:21:858 | self |
+| UseUseExplosion.rb:21:833:21:837 | [post] self | UseUseExplosion.rb:21:3067:21:3072 | self |
+| UseUseExplosion.rb:21:833:21:837 | self | UseUseExplosion.rb:21:854:21:858 | self |
+| UseUseExplosion.rb:21:833:21:837 | self | UseUseExplosion.rb:21:3067:21:3072 | self |
+| UseUseExplosion.rb:21:833:21:842 | ... > ... | UseUseExplosion.rb:21:832:21:843 | [false] ( ... ) |
+| UseUseExplosion.rb:21:833:21:842 | ... > ... | UseUseExplosion.rb:21:832:21:843 | [true] ( ... ) |
+| UseUseExplosion.rb:21:845:21:3060 | then ... | UseUseExplosion.rb:21:829:21:3076 | if ... |
+| UseUseExplosion.rb:21:850:21:3060 | if ... | UseUseExplosion.rb:21:845:21:3060 | then ... |
+| UseUseExplosion.rb:21:854:21:858 | [post] self | UseUseExplosion.rb:21:875:21:879 | self |
+| UseUseExplosion.rb:21:854:21:858 | [post] self | UseUseExplosion.rb:21:3051:21:3056 | self |
+| UseUseExplosion.rb:21:854:21:858 | self | UseUseExplosion.rb:21:875:21:879 | self |
+| UseUseExplosion.rb:21:854:21:858 | self | UseUseExplosion.rb:21:3051:21:3056 | self |
+| UseUseExplosion.rb:21:854:21:863 | ... > ... | UseUseExplosion.rb:21:853:21:864 | [false] ( ... ) |
+| UseUseExplosion.rb:21:854:21:863 | ... > ... | UseUseExplosion.rb:21:853:21:864 | [true] ( ... ) |
+| UseUseExplosion.rb:21:866:21:3044 | then ... | UseUseExplosion.rb:21:850:21:3060 | if ... |
+| UseUseExplosion.rb:21:871:21:3044 | if ... | UseUseExplosion.rb:21:866:21:3044 | then ... |
+| UseUseExplosion.rb:21:875:21:879 | [post] self | UseUseExplosion.rb:21:896:21:900 | self |
+| UseUseExplosion.rb:21:875:21:879 | [post] self | UseUseExplosion.rb:21:3035:21:3040 | self |
+| UseUseExplosion.rb:21:875:21:879 | self | UseUseExplosion.rb:21:896:21:900 | self |
+| UseUseExplosion.rb:21:875:21:879 | self | UseUseExplosion.rb:21:3035:21:3040 | self |
+| UseUseExplosion.rb:21:875:21:884 | ... > ... | UseUseExplosion.rb:21:874:21:885 | [false] ( ... ) |
+| UseUseExplosion.rb:21:875:21:884 | ... > ... | UseUseExplosion.rb:21:874:21:885 | [true] ( ... ) |
+| UseUseExplosion.rb:21:887:21:3028 | then ... | UseUseExplosion.rb:21:871:21:3044 | if ... |
+| UseUseExplosion.rb:21:892:21:3028 | if ... | UseUseExplosion.rb:21:887:21:3028 | then ... |
+| UseUseExplosion.rb:21:896:21:900 | [post] self | UseUseExplosion.rb:21:917:21:921 | self |
+| UseUseExplosion.rb:21:896:21:900 | [post] self | UseUseExplosion.rb:21:3019:21:3024 | self |
+| UseUseExplosion.rb:21:896:21:900 | self | UseUseExplosion.rb:21:917:21:921 | self |
+| UseUseExplosion.rb:21:896:21:900 | self | UseUseExplosion.rb:21:3019:21:3024 | self |
+| UseUseExplosion.rb:21:896:21:905 | ... > ... | UseUseExplosion.rb:21:895:21:906 | [false] ( ... ) |
+| UseUseExplosion.rb:21:896:21:905 | ... > ... | UseUseExplosion.rb:21:895:21:906 | [true] ( ... ) |
+| UseUseExplosion.rb:21:908:21:3012 | then ... | UseUseExplosion.rb:21:892:21:3028 | if ... |
+| UseUseExplosion.rb:21:913:21:3012 | if ... | UseUseExplosion.rb:21:908:21:3012 | then ... |
+| UseUseExplosion.rb:21:917:21:921 | [post] self | UseUseExplosion.rb:21:938:21:942 | self |
+| UseUseExplosion.rb:21:917:21:921 | [post] self | UseUseExplosion.rb:21:3003:21:3008 | self |
+| UseUseExplosion.rb:21:917:21:921 | self | UseUseExplosion.rb:21:938:21:942 | self |
+| UseUseExplosion.rb:21:917:21:921 | self | UseUseExplosion.rb:21:3003:21:3008 | self |
+| UseUseExplosion.rb:21:917:21:926 | ... > ... | UseUseExplosion.rb:21:916:21:927 | [false] ( ... ) |
+| UseUseExplosion.rb:21:917:21:926 | ... > ... | UseUseExplosion.rb:21:916:21:927 | [true] ( ... ) |
+| UseUseExplosion.rb:21:929:21:2996 | then ... | UseUseExplosion.rb:21:913:21:3012 | if ... |
+| UseUseExplosion.rb:21:934:21:2996 | if ... | UseUseExplosion.rb:21:929:21:2996 | then ... |
+| UseUseExplosion.rb:21:938:21:942 | [post] self | UseUseExplosion.rb:21:959:21:963 | self |
+| UseUseExplosion.rb:21:938:21:942 | [post] self | UseUseExplosion.rb:21:2987:21:2992 | self |
+| UseUseExplosion.rb:21:938:21:942 | self | UseUseExplosion.rb:21:959:21:963 | self |
+| UseUseExplosion.rb:21:938:21:942 | self | UseUseExplosion.rb:21:2987:21:2992 | self |
+| UseUseExplosion.rb:21:938:21:947 | ... > ... | UseUseExplosion.rb:21:937:21:948 | [false] ( ... ) |
+| UseUseExplosion.rb:21:938:21:947 | ... > ... | UseUseExplosion.rb:21:937:21:948 | [true] ( ... ) |
+| UseUseExplosion.rb:21:950:21:2980 | then ... | UseUseExplosion.rb:21:934:21:2996 | if ... |
+| UseUseExplosion.rb:21:955:21:2980 | if ... | UseUseExplosion.rb:21:950:21:2980 | then ... |
+| UseUseExplosion.rb:21:959:21:963 | [post] self | UseUseExplosion.rb:21:980:21:984 | self |
+| UseUseExplosion.rb:21:959:21:963 | [post] self | UseUseExplosion.rb:21:2971:21:2976 | self |
+| UseUseExplosion.rb:21:959:21:963 | self | UseUseExplosion.rb:21:980:21:984 | self |
+| UseUseExplosion.rb:21:959:21:963 | self | UseUseExplosion.rb:21:2971:21:2976 | self |
+| UseUseExplosion.rb:21:959:21:968 | ... > ... | UseUseExplosion.rb:21:958:21:969 | [false] ( ... ) |
+| UseUseExplosion.rb:21:959:21:968 | ... > ... | UseUseExplosion.rb:21:958:21:969 | [true] ( ... ) |
+| UseUseExplosion.rb:21:971:21:2964 | then ... | UseUseExplosion.rb:21:955:21:2980 | if ... |
+| UseUseExplosion.rb:21:976:21:2964 | if ... | UseUseExplosion.rb:21:971:21:2964 | then ... |
+| UseUseExplosion.rb:21:980:21:984 | [post] self | UseUseExplosion.rb:21:1001:21:1005 | self |
+| UseUseExplosion.rb:21:980:21:984 | [post] self | UseUseExplosion.rb:21:2955:21:2960 | self |
+| UseUseExplosion.rb:21:980:21:984 | self | UseUseExplosion.rb:21:1001:21:1005 | self |
+| UseUseExplosion.rb:21:980:21:984 | self | UseUseExplosion.rb:21:2955:21:2960 | self |
+| UseUseExplosion.rb:21:980:21:989 | ... > ... | UseUseExplosion.rb:21:979:21:990 | [false] ( ... ) |
+| UseUseExplosion.rb:21:980:21:989 | ... > ... | UseUseExplosion.rb:21:979:21:990 | [true] ( ... ) |
+| UseUseExplosion.rb:21:992:21:2948 | then ... | UseUseExplosion.rb:21:976:21:2964 | if ... |
+| UseUseExplosion.rb:21:997:21:2948 | if ... | UseUseExplosion.rb:21:992:21:2948 | then ... |
+| UseUseExplosion.rb:21:1001:21:1005 | [post] self | UseUseExplosion.rb:21:1022:21:1026 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | [post] self | UseUseExplosion.rb:21:2939:21:2944 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | self | UseUseExplosion.rb:21:1022:21:1026 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | self | UseUseExplosion.rb:21:2939:21:2944 | self |
+| UseUseExplosion.rb:21:1001:21:1010 | ... > ... | UseUseExplosion.rb:21:1000:21:1011 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1001:21:1010 | ... > ... | UseUseExplosion.rb:21:1000:21:1011 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1013:21:2932 | then ... | UseUseExplosion.rb:21:997:21:2948 | if ... |
+| UseUseExplosion.rb:21:1018:21:2932 | if ... | UseUseExplosion.rb:21:1013:21:2932 | then ... |
+| UseUseExplosion.rb:21:1022:21:1026 | [post] self | UseUseExplosion.rb:21:1043:21:1047 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | [post] self | UseUseExplosion.rb:21:2923:21:2928 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | self | UseUseExplosion.rb:21:1043:21:1047 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | self | UseUseExplosion.rb:21:2923:21:2928 | self |
+| UseUseExplosion.rb:21:1022:21:1031 | ... > ... | UseUseExplosion.rb:21:1021:21:1032 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1022:21:1031 | ... > ... | UseUseExplosion.rb:21:1021:21:1032 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1034:21:2916 | then ... | UseUseExplosion.rb:21:1018:21:2932 | if ... |
+| UseUseExplosion.rb:21:1039:21:2916 | if ... | UseUseExplosion.rb:21:1034:21:2916 | then ... |
+| UseUseExplosion.rb:21:1043:21:1047 | [post] self | UseUseExplosion.rb:21:1064:21:1068 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | [post] self | UseUseExplosion.rb:21:2907:21:2912 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | self | UseUseExplosion.rb:21:1064:21:1068 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | self | UseUseExplosion.rb:21:2907:21:2912 | self |
+| UseUseExplosion.rb:21:1043:21:1052 | ... > ... | UseUseExplosion.rb:21:1042:21:1053 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1043:21:1052 | ... > ... | UseUseExplosion.rb:21:1042:21:1053 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1055:21:2900 | then ... | UseUseExplosion.rb:21:1039:21:2916 | if ... |
+| UseUseExplosion.rb:21:1060:21:2900 | if ... | UseUseExplosion.rb:21:1055:21:2900 | then ... |
+| UseUseExplosion.rb:21:1064:21:1068 | [post] self | UseUseExplosion.rb:21:1085:21:1089 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | [post] self | UseUseExplosion.rb:21:2891:21:2896 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | self | UseUseExplosion.rb:21:1085:21:1089 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | self | UseUseExplosion.rb:21:2891:21:2896 | self |
+| UseUseExplosion.rb:21:1064:21:1073 | ... > ... | UseUseExplosion.rb:21:1063:21:1074 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1064:21:1073 | ... > ... | UseUseExplosion.rb:21:1063:21:1074 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1076:21:2884 | then ... | UseUseExplosion.rb:21:1060:21:2900 | if ... |
+| UseUseExplosion.rb:21:1081:21:2884 | if ... | UseUseExplosion.rb:21:1076:21:2884 | then ... |
+| UseUseExplosion.rb:21:1085:21:1089 | [post] self | UseUseExplosion.rb:21:1106:21:1110 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | [post] self | UseUseExplosion.rb:21:2875:21:2880 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | self | UseUseExplosion.rb:21:1106:21:1110 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | self | UseUseExplosion.rb:21:2875:21:2880 | self |
+| UseUseExplosion.rb:21:1085:21:1094 | ... > ... | UseUseExplosion.rb:21:1084:21:1095 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1085:21:1094 | ... > ... | UseUseExplosion.rb:21:1084:21:1095 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1097:21:2868 | then ... | UseUseExplosion.rb:21:1081:21:2884 | if ... |
+| UseUseExplosion.rb:21:1102:21:2868 | if ... | UseUseExplosion.rb:21:1097:21:2868 | then ... |
+| UseUseExplosion.rb:21:1106:21:1110 | [post] self | UseUseExplosion.rb:21:1127:21:1131 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | [post] self | UseUseExplosion.rb:21:2859:21:2864 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | self | UseUseExplosion.rb:21:1127:21:1131 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | self | UseUseExplosion.rb:21:2859:21:2864 | self |
+| UseUseExplosion.rb:21:1106:21:1115 | ... > ... | UseUseExplosion.rb:21:1105:21:1116 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1106:21:1115 | ... > ... | UseUseExplosion.rb:21:1105:21:1116 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1118:21:2852 | then ... | UseUseExplosion.rb:21:1102:21:2868 | if ... |
+| UseUseExplosion.rb:21:1123:21:2852 | if ... | UseUseExplosion.rb:21:1118:21:2852 | then ... |
+| UseUseExplosion.rb:21:1127:21:1131 | [post] self | UseUseExplosion.rb:21:1148:21:1152 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | [post] self | UseUseExplosion.rb:21:2843:21:2848 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | self | UseUseExplosion.rb:21:1148:21:1152 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | self | UseUseExplosion.rb:21:2843:21:2848 | self |
+| UseUseExplosion.rb:21:1127:21:1136 | ... > ... | UseUseExplosion.rb:21:1126:21:1137 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1127:21:1136 | ... > ... | UseUseExplosion.rb:21:1126:21:1137 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1139:21:2836 | then ... | UseUseExplosion.rb:21:1123:21:2852 | if ... |
+| UseUseExplosion.rb:21:1144:21:2836 | if ... | UseUseExplosion.rb:21:1139:21:2836 | then ... |
+| UseUseExplosion.rb:21:1148:21:1152 | [post] self | UseUseExplosion.rb:21:1169:21:1173 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | [post] self | UseUseExplosion.rb:21:2827:21:2832 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | self | UseUseExplosion.rb:21:1169:21:1173 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | self | UseUseExplosion.rb:21:2827:21:2832 | self |
+| UseUseExplosion.rb:21:1148:21:1157 | ... > ... | UseUseExplosion.rb:21:1147:21:1158 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1148:21:1157 | ... > ... | UseUseExplosion.rb:21:1147:21:1158 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1160:21:2820 | then ... | UseUseExplosion.rb:21:1144:21:2836 | if ... |
+| UseUseExplosion.rb:21:1165:21:2820 | if ... | UseUseExplosion.rb:21:1160:21:2820 | then ... |
+| UseUseExplosion.rb:21:1169:21:1173 | [post] self | UseUseExplosion.rb:21:1190:21:1194 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | [post] self | UseUseExplosion.rb:21:2811:21:2816 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | self | UseUseExplosion.rb:21:1190:21:1194 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | self | UseUseExplosion.rb:21:2811:21:2816 | self |
+| UseUseExplosion.rb:21:1169:21:1178 | ... > ... | UseUseExplosion.rb:21:1168:21:1179 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1169:21:1178 | ... > ... | UseUseExplosion.rb:21:1168:21:1179 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1181:21:2804 | then ... | UseUseExplosion.rb:21:1165:21:2820 | if ... |
+| UseUseExplosion.rb:21:1186:21:2804 | if ... | UseUseExplosion.rb:21:1181:21:2804 | then ... |
+| UseUseExplosion.rb:21:1190:21:1194 | [post] self | UseUseExplosion.rb:21:1211:21:1215 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | [post] self | UseUseExplosion.rb:21:2795:21:2800 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | self | UseUseExplosion.rb:21:1211:21:1215 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | self | UseUseExplosion.rb:21:2795:21:2800 | self |
+| UseUseExplosion.rb:21:1190:21:1199 | ... > ... | UseUseExplosion.rb:21:1189:21:1200 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1190:21:1199 | ... > ... | UseUseExplosion.rb:21:1189:21:1200 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1202:21:2788 | then ... | UseUseExplosion.rb:21:1186:21:2804 | if ... |
+| UseUseExplosion.rb:21:1207:21:2788 | if ... | UseUseExplosion.rb:21:1202:21:2788 | then ... |
+| UseUseExplosion.rb:21:1211:21:1215 | [post] self | UseUseExplosion.rb:21:1232:21:1236 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | [post] self | UseUseExplosion.rb:21:2779:21:2784 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | self | UseUseExplosion.rb:21:1232:21:1236 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | self | UseUseExplosion.rb:21:2779:21:2784 | self |
+| UseUseExplosion.rb:21:1211:21:1220 | ... > ... | UseUseExplosion.rb:21:1210:21:1221 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1211:21:1220 | ... > ... | UseUseExplosion.rb:21:1210:21:1221 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1223:21:2772 | then ... | UseUseExplosion.rb:21:1207:21:2788 | if ... |
+| UseUseExplosion.rb:21:1228:21:2772 | if ... | UseUseExplosion.rb:21:1223:21:2772 | then ... |
+| UseUseExplosion.rb:21:1232:21:1236 | [post] self | UseUseExplosion.rb:21:1253:21:1257 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | [post] self | UseUseExplosion.rb:21:2763:21:2768 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | self | UseUseExplosion.rb:21:1253:21:1257 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | self | UseUseExplosion.rb:21:2763:21:2768 | self |
+| UseUseExplosion.rb:21:1232:21:1241 | ... > ... | UseUseExplosion.rb:21:1231:21:1242 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1232:21:1241 | ... > ... | UseUseExplosion.rb:21:1231:21:1242 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1244:21:2756 | then ... | UseUseExplosion.rb:21:1228:21:2772 | if ... |
+| UseUseExplosion.rb:21:1249:21:2756 | if ... | UseUseExplosion.rb:21:1244:21:2756 | then ... |
+| UseUseExplosion.rb:21:1253:21:1257 | [post] self | UseUseExplosion.rb:21:1274:21:1278 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | [post] self | UseUseExplosion.rb:21:2747:21:2752 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | self | UseUseExplosion.rb:21:1274:21:1278 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | self | UseUseExplosion.rb:21:2747:21:2752 | self |
+| UseUseExplosion.rb:21:1253:21:1262 | ... > ... | UseUseExplosion.rb:21:1252:21:1263 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1253:21:1262 | ... > ... | UseUseExplosion.rb:21:1252:21:1263 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1265:21:2740 | then ... | UseUseExplosion.rb:21:1249:21:2756 | if ... |
+| UseUseExplosion.rb:21:1270:21:2740 | if ... | UseUseExplosion.rb:21:1265:21:2740 | then ... |
+| UseUseExplosion.rb:21:1274:21:1278 | [post] self | UseUseExplosion.rb:21:1295:21:1299 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | [post] self | UseUseExplosion.rb:21:2731:21:2736 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | self | UseUseExplosion.rb:21:1295:21:1299 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | self | UseUseExplosion.rb:21:2731:21:2736 | self |
+| UseUseExplosion.rb:21:1274:21:1283 | ... > ... | UseUseExplosion.rb:21:1273:21:1284 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1274:21:1283 | ... > ... | UseUseExplosion.rb:21:1273:21:1284 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1286:21:2724 | then ... | UseUseExplosion.rb:21:1270:21:2740 | if ... |
+| UseUseExplosion.rb:21:1291:21:2724 | if ... | UseUseExplosion.rb:21:1286:21:2724 | then ... |
+| UseUseExplosion.rb:21:1295:21:1299 | [post] self | UseUseExplosion.rb:21:1316:21:1320 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | [post] self | UseUseExplosion.rb:21:2715:21:2720 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | self | UseUseExplosion.rb:21:1316:21:1320 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | self | UseUseExplosion.rb:21:2715:21:2720 | self |
+| UseUseExplosion.rb:21:1295:21:1304 | ... > ... | UseUseExplosion.rb:21:1294:21:1305 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1295:21:1304 | ... > ... | UseUseExplosion.rb:21:1294:21:1305 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1307:21:2708 | then ... | UseUseExplosion.rb:21:1291:21:2724 | if ... |
+| UseUseExplosion.rb:21:1312:21:2708 | if ... | UseUseExplosion.rb:21:1307:21:2708 | then ... |
+| UseUseExplosion.rb:21:1316:21:1320 | [post] self | UseUseExplosion.rb:21:1337:21:1341 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | [post] self | UseUseExplosion.rb:21:2699:21:2704 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | self | UseUseExplosion.rb:21:1337:21:1341 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | self | UseUseExplosion.rb:21:2699:21:2704 | self |
+| UseUseExplosion.rb:21:1316:21:1325 | ... > ... | UseUseExplosion.rb:21:1315:21:1326 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1316:21:1325 | ... > ... | UseUseExplosion.rb:21:1315:21:1326 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1328:21:2692 | then ... | UseUseExplosion.rb:21:1312:21:2708 | if ... |
+| UseUseExplosion.rb:21:1333:21:2692 | if ... | UseUseExplosion.rb:21:1328:21:2692 | then ... |
+| UseUseExplosion.rb:21:1337:21:1341 | [post] self | UseUseExplosion.rb:21:1358:21:1362 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | [post] self | UseUseExplosion.rb:21:2683:21:2688 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | self | UseUseExplosion.rb:21:1358:21:1362 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | self | UseUseExplosion.rb:21:2683:21:2688 | self |
+| UseUseExplosion.rb:21:1337:21:1346 | ... > ... | UseUseExplosion.rb:21:1336:21:1347 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1337:21:1346 | ... > ... | UseUseExplosion.rb:21:1336:21:1347 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1349:21:2676 | then ... | UseUseExplosion.rb:21:1333:21:2692 | if ... |
+| UseUseExplosion.rb:21:1354:21:2676 | if ... | UseUseExplosion.rb:21:1349:21:2676 | then ... |
+| UseUseExplosion.rb:21:1358:21:1362 | [post] self | UseUseExplosion.rb:21:1379:21:1383 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | [post] self | UseUseExplosion.rb:21:2667:21:2672 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | self | UseUseExplosion.rb:21:1379:21:1383 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | self | UseUseExplosion.rb:21:2667:21:2672 | self |
+| UseUseExplosion.rb:21:1358:21:1367 | ... > ... | UseUseExplosion.rb:21:1357:21:1368 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1358:21:1367 | ... > ... | UseUseExplosion.rb:21:1357:21:1368 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1370:21:2660 | then ... | UseUseExplosion.rb:21:1354:21:2676 | if ... |
+| UseUseExplosion.rb:21:1375:21:2660 | if ... | UseUseExplosion.rb:21:1370:21:2660 | then ... |
+| UseUseExplosion.rb:21:1379:21:1383 | [post] self | UseUseExplosion.rb:21:1400:21:1404 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | [post] self | UseUseExplosion.rb:21:2651:21:2656 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | self | UseUseExplosion.rb:21:1400:21:1404 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | self | UseUseExplosion.rb:21:2651:21:2656 | self |
+| UseUseExplosion.rb:21:1379:21:1388 | ... > ... | UseUseExplosion.rb:21:1378:21:1389 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1379:21:1388 | ... > ... | UseUseExplosion.rb:21:1378:21:1389 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1391:21:2644 | then ... | UseUseExplosion.rb:21:1375:21:2660 | if ... |
+| UseUseExplosion.rb:21:1396:21:2644 | if ... | UseUseExplosion.rb:21:1391:21:2644 | then ... |
+| UseUseExplosion.rb:21:1400:21:1404 | [post] self | UseUseExplosion.rb:21:1421:21:1425 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | [post] self | UseUseExplosion.rb:21:2635:21:2640 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | self | UseUseExplosion.rb:21:1421:21:1425 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | self | UseUseExplosion.rb:21:2635:21:2640 | self |
+| UseUseExplosion.rb:21:1400:21:1409 | ... > ... | UseUseExplosion.rb:21:1399:21:1410 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1400:21:1409 | ... > ... | UseUseExplosion.rb:21:1399:21:1410 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1412:21:2628 | then ... | UseUseExplosion.rb:21:1396:21:2644 | if ... |
+| UseUseExplosion.rb:21:1417:21:2628 | if ... | UseUseExplosion.rb:21:1412:21:2628 | then ... |
+| UseUseExplosion.rb:21:1421:21:1425 | [post] self | UseUseExplosion.rb:21:1442:21:1446 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | [post] self | UseUseExplosion.rb:21:2619:21:2624 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | self | UseUseExplosion.rb:21:1442:21:1446 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | self | UseUseExplosion.rb:21:2619:21:2624 | self |
+| UseUseExplosion.rb:21:1421:21:1430 | ... > ... | UseUseExplosion.rb:21:1420:21:1431 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1421:21:1430 | ... > ... | UseUseExplosion.rb:21:1420:21:1431 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1433:21:2612 | then ... | UseUseExplosion.rb:21:1417:21:2628 | if ... |
+| UseUseExplosion.rb:21:1438:21:2612 | if ... | UseUseExplosion.rb:21:1433:21:2612 | then ... |
+| UseUseExplosion.rb:21:1442:21:1446 | [post] self | UseUseExplosion.rb:21:1463:21:1467 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | [post] self | UseUseExplosion.rb:21:2603:21:2608 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | self | UseUseExplosion.rb:21:1463:21:1467 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | self | UseUseExplosion.rb:21:2603:21:2608 | self |
+| UseUseExplosion.rb:21:1442:21:1451 | ... > ... | UseUseExplosion.rb:21:1441:21:1452 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1442:21:1451 | ... > ... | UseUseExplosion.rb:21:1441:21:1452 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1454:21:2596 | then ... | UseUseExplosion.rb:21:1438:21:2612 | if ... |
+| UseUseExplosion.rb:21:1459:21:2596 | if ... | UseUseExplosion.rb:21:1454:21:2596 | then ... |
+| UseUseExplosion.rb:21:1463:21:1467 | [post] self | UseUseExplosion.rb:21:1484:21:1488 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | [post] self | UseUseExplosion.rb:21:2587:21:2592 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | self | UseUseExplosion.rb:21:1484:21:1488 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | self | UseUseExplosion.rb:21:2587:21:2592 | self |
+| UseUseExplosion.rb:21:1463:21:1472 | ... > ... | UseUseExplosion.rb:21:1462:21:1473 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1463:21:1472 | ... > ... | UseUseExplosion.rb:21:1462:21:1473 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1475:21:2580 | then ... | UseUseExplosion.rb:21:1459:21:2596 | if ... |
+| UseUseExplosion.rb:21:1480:21:2580 | if ... | UseUseExplosion.rb:21:1475:21:2580 | then ... |
+| UseUseExplosion.rb:21:1484:21:1488 | [post] self | UseUseExplosion.rb:21:1505:21:1509 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | [post] self | UseUseExplosion.rb:21:2571:21:2576 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | self | UseUseExplosion.rb:21:1505:21:1509 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | self | UseUseExplosion.rb:21:2571:21:2576 | self |
+| UseUseExplosion.rb:21:1484:21:1493 | ... > ... | UseUseExplosion.rb:21:1483:21:1494 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1484:21:1493 | ... > ... | UseUseExplosion.rb:21:1483:21:1494 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1496:21:2564 | then ... | UseUseExplosion.rb:21:1480:21:2580 | if ... |
+| UseUseExplosion.rb:21:1501:21:2564 | if ... | UseUseExplosion.rb:21:1496:21:2564 | then ... |
+| UseUseExplosion.rb:21:1505:21:1509 | [post] self | UseUseExplosion.rb:21:1526:21:1530 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | [post] self | UseUseExplosion.rb:21:2555:21:2560 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | self | UseUseExplosion.rb:21:1526:21:1530 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | self | UseUseExplosion.rb:21:2555:21:2560 | self |
+| UseUseExplosion.rb:21:1505:21:1514 | ... > ... | UseUseExplosion.rb:21:1504:21:1515 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1505:21:1514 | ... > ... | UseUseExplosion.rb:21:1504:21:1515 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1517:21:2548 | then ... | UseUseExplosion.rb:21:1501:21:2564 | if ... |
+| UseUseExplosion.rb:21:1522:21:2548 | if ... | UseUseExplosion.rb:21:1517:21:2548 | then ... |
+| UseUseExplosion.rb:21:1526:21:1530 | [post] self | UseUseExplosion.rb:21:1547:21:1551 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | [post] self | UseUseExplosion.rb:21:2539:21:2544 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | self | UseUseExplosion.rb:21:1547:21:1551 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | self | UseUseExplosion.rb:21:2539:21:2544 | self |
+| UseUseExplosion.rb:21:1526:21:1535 | ... > ... | UseUseExplosion.rb:21:1525:21:1536 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1526:21:1535 | ... > ... | UseUseExplosion.rb:21:1525:21:1536 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1538:21:2532 | then ... | UseUseExplosion.rb:21:1522:21:2548 | if ... |
+| UseUseExplosion.rb:21:1543:21:2532 | if ... | UseUseExplosion.rb:21:1538:21:2532 | then ... |
+| UseUseExplosion.rb:21:1547:21:1551 | [post] self | UseUseExplosion.rb:21:1568:21:1572 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | [post] self | UseUseExplosion.rb:21:2523:21:2528 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | self | UseUseExplosion.rb:21:1568:21:1572 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | self | UseUseExplosion.rb:21:2523:21:2528 | self |
+| UseUseExplosion.rb:21:1547:21:1556 | ... > ... | UseUseExplosion.rb:21:1546:21:1557 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1547:21:1556 | ... > ... | UseUseExplosion.rb:21:1546:21:1557 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1559:21:2516 | then ... | UseUseExplosion.rb:21:1543:21:2532 | if ... |
+| UseUseExplosion.rb:21:1564:21:2516 | if ... | UseUseExplosion.rb:21:1559:21:2516 | then ... |
+| UseUseExplosion.rb:21:1568:21:1572 | [post] self | UseUseExplosion.rb:21:1589:21:1593 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | [post] self | UseUseExplosion.rb:21:2507:21:2512 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | self | UseUseExplosion.rb:21:1589:21:1593 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | self | UseUseExplosion.rb:21:2507:21:2512 | self |
+| UseUseExplosion.rb:21:1568:21:1577 | ... > ... | UseUseExplosion.rb:21:1567:21:1578 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1568:21:1577 | ... > ... | UseUseExplosion.rb:21:1567:21:1578 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1580:21:2500 | then ... | UseUseExplosion.rb:21:1564:21:2516 | if ... |
+| UseUseExplosion.rb:21:1585:21:2500 | if ... | UseUseExplosion.rb:21:1580:21:2500 | then ... |
+| UseUseExplosion.rb:21:1589:21:1593 | [post] self | UseUseExplosion.rb:21:1610:21:1614 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | [post] self | UseUseExplosion.rb:21:2491:21:2496 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | self | UseUseExplosion.rb:21:1610:21:1614 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | self | UseUseExplosion.rb:21:2491:21:2496 | self |
+| UseUseExplosion.rb:21:1589:21:1598 | ... > ... | UseUseExplosion.rb:21:1588:21:1599 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1589:21:1598 | ... > ... | UseUseExplosion.rb:21:1588:21:1599 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1601:21:2484 | then ... | UseUseExplosion.rb:21:1585:21:2500 | if ... |
+| UseUseExplosion.rb:21:1606:21:2484 | if ... | UseUseExplosion.rb:21:1601:21:2484 | then ... |
+| UseUseExplosion.rb:21:1610:21:1614 | [post] self | UseUseExplosion.rb:21:1631:21:1635 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | [post] self | UseUseExplosion.rb:21:2475:21:2480 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | self | UseUseExplosion.rb:21:1631:21:1635 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | self | UseUseExplosion.rb:21:2475:21:2480 | self |
+| UseUseExplosion.rb:21:1610:21:1619 | ... > ... | UseUseExplosion.rb:21:1609:21:1620 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1610:21:1619 | ... > ... | UseUseExplosion.rb:21:1609:21:1620 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1622:21:2468 | then ... | UseUseExplosion.rb:21:1606:21:2484 | if ... |
+| UseUseExplosion.rb:21:1627:21:2468 | if ... | UseUseExplosion.rb:21:1622:21:2468 | then ... |
+| UseUseExplosion.rb:21:1631:21:1635 | [post] self | UseUseExplosion.rb:21:1652:21:1656 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | [post] self | UseUseExplosion.rb:21:2459:21:2464 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | self | UseUseExplosion.rb:21:1652:21:1656 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | self | UseUseExplosion.rb:21:2459:21:2464 | self |
+| UseUseExplosion.rb:21:1631:21:1640 | ... > ... | UseUseExplosion.rb:21:1630:21:1641 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1631:21:1640 | ... > ... | UseUseExplosion.rb:21:1630:21:1641 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1643:21:2452 | then ... | UseUseExplosion.rb:21:1627:21:2468 | if ... |
+| UseUseExplosion.rb:21:1648:21:2452 | if ... | UseUseExplosion.rb:21:1643:21:2452 | then ... |
+| UseUseExplosion.rb:21:1652:21:1656 | [post] self | UseUseExplosion.rb:21:1673:21:1677 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | [post] self | UseUseExplosion.rb:21:2443:21:2448 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | self | UseUseExplosion.rb:21:1673:21:1677 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | self | UseUseExplosion.rb:21:2443:21:2448 | self |
+| UseUseExplosion.rb:21:1652:21:1661 | ... > ... | UseUseExplosion.rb:21:1651:21:1662 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1652:21:1661 | ... > ... | UseUseExplosion.rb:21:1651:21:1662 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1664:21:2436 | then ... | UseUseExplosion.rb:21:1648:21:2452 | if ... |
+| UseUseExplosion.rb:21:1669:21:2436 | if ... | UseUseExplosion.rb:21:1664:21:2436 | then ... |
+| UseUseExplosion.rb:21:1673:21:1677 | [post] self | UseUseExplosion.rb:21:1694:21:1698 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | [post] self | UseUseExplosion.rb:21:2427:21:2432 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | self | UseUseExplosion.rb:21:1694:21:1698 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | self | UseUseExplosion.rb:21:2427:21:2432 | self |
+| UseUseExplosion.rb:21:1673:21:1682 | ... > ... | UseUseExplosion.rb:21:1672:21:1683 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1673:21:1682 | ... > ... | UseUseExplosion.rb:21:1672:21:1683 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1685:21:2420 | then ... | UseUseExplosion.rb:21:1669:21:2436 | if ... |
+| UseUseExplosion.rb:21:1690:21:2420 | if ... | UseUseExplosion.rb:21:1685:21:2420 | then ... |
+| UseUseExplosion.rb:21:1694:21:1698 | [post] self | UseUseExplosion.rb:21:1715:21:1719 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | [post] self | UseUseExplosion.rb:21:2411:21:2416 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | self | UseUseExplosion.rb:21:1715:21:1719 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | self | UseUseExplosion.rb:21:2411:21:2416 | self |
+| UseUseExplosion.rb:21:1694:21:1703 | ... > ... | UseUseExplosion.rb:21:1693:21:1704 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1694:21:1703 | ... > ... | UseUseExplosion.rb:21:1693:21:1704 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1706:21:2404 | then ... | UseUseExplosion.rb:21:1690:21:2420 | if ... |
+| UseUseExplosion.rb:21:1711:21:2404 | if ... | UseUseExplosion.rb:21:1706:21:2404 | then ... |
+| UseUseExplosion.rb:21:1715:21:1719 | [post] self | UseUseExplosion.rb:21:1736:21:1740 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | [post] self | UseUseExplosion.rb:21:2395:21:2400 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | self | UseUseExplosion.rb:21:1736:21:1740 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | self | UseUseExplosion.rb:21:2395:21:2400 | self |
+| UseUseExplosion.rb:21:1715:21:1724 | ... > ... | UseUseExplosion.rb:21:1714:21:1725 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1715:21:1724 | ... > ... | UseUseExplosion.rb:21:1714:21:1725 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1727:21:2388 | then ... | UseUseExplosion.rb:21:1711:21:2404 | if ... |
+| UseUseExplosion.rb:21:1732:21:2388 | if ... | UseUseExplosion.rb:21:1727:21:2388 | then ... |
+| UseUseExplosion.rb:21:1736:21:1740 | [post] self | UseUseExplosion.rb:21:1757:21:1761 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | [post] self | UseUseExplosion.rb:21:2379:21:2384 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | self | UseUseExplosion.rb:21:1757:21:1761 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | self | UseUseExplosion.rb:21:2379:21:2384 | self |
+| UseUseExplosion.rb:21:1736:21:1745 | ... > ... | UseUseExplosion.rb:21:1735:21:1746 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1736:21:1745 | ... > ... | UseUseExplosion.rb:21:1735:21:1746 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1748:21:2372 | then ... | UseUseExplosion.rb:21:1732:21:2388 | if ... |
+| UseUseExplosion.rb:21:1753:21:2372 | if ... | UseUseExplosion.rb:21:1748:21:2372 | then ... |
+| UseUseExplosion.rb:21:1757:21:1761 | [post] self | UseUseExplosion.rb:21:1778:21:1782 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | [post] self | UseUseExplosion.rb:21:2363:21:2368 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | self | UseUseExplosion.rb:21:1778:21:1782 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | self | UseUseExplosion.rb:21:2363:21:2368 | self |
+| UseUseExplosion.rb:21:1757:21:1766 | ... > ... | UseUseExplosion.rb:21:1756:21:1767 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1757:21:1766 | ... > ... | UseUseExplosion.rb:21:1756:21:1767 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1769:21:2356 | then ... | UseUseExplosion.rb:21:1753:21:2372 | if ... |
+| UseUseExplosion.rb:21:1774:21:2356 | if ... | UseUseExplosion.rb:21:1769:21:2356 | then ... |
+| UseUseExplosion.rb:21:1778:21:1782 | [post] self | UseUseExplosion.rb:21:1799:21:1803 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | [post] self | UseUseExplosion.rb:21:2347:21:2352 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | self | UseUseExplosion.rb:21:1799:21:1803 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | self | UseUseExplosion.rb:21:2347:21:2352 | self |
+| UseUseExplosion.rb:21:1778:21:1787 | ... > ... | UseUseExplosion.rb:21:1777:21:1788 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1778:21:1787 | ... > ... | UseUseExplosion.rb:21:1777:21:1788 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1790:21:2340 | then ... | UseUseExplosion.rb:21:1774:21:2356 | if ... |
+| UseUseExplosion.rb:21:1795:21:2340 | if ... | UseUseExplosion.rb:21:1790:21:2340 | then ... |
+| UseUseExplosion.rb:21:1799:21:1803 | [post] self | UseUseExplosion.rb:21:1820:21:1824 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | [post] self | UseUseExplosion.rb:21:2331:21:2336 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | self | UseUseExplosion.rb:21:1820:21:1824 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | self | UseUseExplosion.rb:21:2331:21:2336 | self |
+| UseUseExplosion.rb:21:1799:21:1808 | ... > ... | UseUseExplosion.rb:21:1798:21:1809 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1799:21:1808 | ... > ... | UseUseExplosion.rb:21:1798:21:1809 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1811:21:2324 | then ... | UseUseExplosion.rb:21:1795:21:2340 | if ... |
+| UseUseExplosion.rb:21:1816:21:2324 | if ... | UseUseExplosion.rb:21:1811:21:2324 | then ... |
+| UseUseExplosion.rb:21:1820:21:1824 | [post] self | UseUseExplosion.rb:21:1841:21:1845 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | [post] self | UseUseExplosion.rb:21:2315:21:2320 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | self | UseUseExplosion.rb:21:1841:21:1845 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | self | UseUseExplosion.rb:21:2315:21:2320 | self |
+| UseUseExplosion.rb:21:1820:21:1829 | ... > ... | UseUseExplosion.rb:21:1819:21:1830 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1820:21:1829 | ... > ... | UseUseExplosion.rb:21:1819:21:1830 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1832:21:2308 | then ... | UseUseExplosion.rb:21:1816:21:2324 | if ... |
+| UseUseExplosion.rb:21:1837:21:2308 | if ... | UseUseExplosion.rb:21:1832:21:2308 | then ... |
+| UseUseExplosion.rb:21:1841:21:1845 | [post] self | UseUseExplosion.rb:21:1862:21:1866 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | [post] self | UseUseExplosion.rb:21:2299:21:2304 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | self | UseUseExplosion.rb:21:1862:21:1866 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | self | UseUseExplosion.rb:21:2299:21:2304 | self |
+| UseUseExplosion.rb:21:1841:21:1850 | ... > ... | UseUseExplosion.rb:21:1840:21:1851 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1841:21:1850 | ... > ... | UseUseExplosion.rb:21:1840:21:1851 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1853:21:2292 | then ... | UseUseExplosion.rb:21:1837:21:2308 | if ... |
+| UseUseExplosion.rb:21:1858:21:2292 | if ... | UseUseExplosion.rb:21:1853:21:2292 | then ... |
+| UseUseExplosion.rb:21:1862:21:1866 | [post] self | UseUseExplosion.rb:21:1883:21:1887 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | [post] self | UseUseExplosion.rb:21:2283:21:2288 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | self | UseUseExplosion.rb:21:1883:21:1887 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | self | UseUseExplosion.rb:21:2283:21:2288 | self |
+| UseUseExplosion.rb:21:1862:21:1871 | ... > ... | UseUseExplosion.rb:21:1861:21:1872 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1862:21:1871 | ... > ... | UseUseExplosion.rb:21:1861:21:1872 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1874:21:2276 | then ... | UseUseExplosion.rb:21:1858:21:2292 | if ... |
+| UseUseExplosion.rb:21:1879:21:2276 | if ... | UseUseExplosion.rb:21:1874:21:2276 | then ... |
+| UseUseExplosion.rb:21:1883:21:1887 | [post] self | UseUseExplosion.rb:21:1904:21:1908 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | [post] self | UseUseExplosion.rb:21:2267:21:2272 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | self | UseUseExplosion.rb:21:1904:21:1908 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | self | UseUseExplosion.rb:21:2267:21:2272 | self |
+| UseUseExplosion.rb:21:1883:21:1892 | ... > ... | UseUseExplosion.rb:21:1882:21:1893 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1883:21:1892 | ... > ... | UseUseExplosion.rb:21:1882:21:1893 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1895:21:2260 | then ... | UseUseExplosion.rb:21:1879:21:2276 | if ... |
+| UseUseExplosion.rb:21:1900:21:2260 | if ... | UseUseExplosion.rb:21:1895:21:2260 | then ... |
+| UseUseExplosion.rb:21:1904:21:1908 | [post] self | UseUseExplosion.rb:21:1925:21:1929 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | [post] self | UseUseExplosion.rb:21:2251:21:2256 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | self | UseUseExplosion.rb:21:1925:21:1929 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | self | UseUseExplosion.rb:21:2251:21:2256 | self |
+| UseUseExplosion.rb:21:1904:21:1913 | ... > ... | UseUseExplosion.rb:21:1903:21:1914 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1904:21:1913 | ... > ... | UseUseExplosion.rb:21:1903:21:1914 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1916:21:2244 | then ... | UseUseExplosion.rb:21:1900:21:2260 | if ... |
+| UseUseExplosion.rb:21:1921:21:2244 | if ... | UseUseExplosion.rb:21:1916:21:2244 | then ... |
+| UseUseExplosion.rb:21:1925:21:1929 | [post] self | UseUseExplosion.rb:21:1945:21:1949 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | [post] self | UseUseExplosion.rb:21:2235:21:2240 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | self | UseUseExplosion.rb:21:1945:21:1949 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | self | UseUseExplosion.rb:21:2235:21:2240 | self |
+| UseUseExplosion.rb:21:1925:21:1933 | ... > ... | UseUseExplosion.rb:21:1924:21:1934 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1925:21:1933 | ... > ... | UseUseExplosion.rb:21:1924:21:1934 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1936:21:2228 | then ... | UseUseExplosion.rb:21:1921:21:2244 | if ... |
+| UseUseExplosion.rb:21:1941:21:2228 | if ... | UseUseExplosion.rb:21:1936:21:2228 | then ... |
+| UseUseExplosion.rb:21:1945:21:1949 | [post] self | UseUseExplosion.rb:21:1965:21:1969 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | [post] self | UseUseExplosion.rb:21:2219:21:2224 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | self | UseUseExplosion.rb:21:1965:21:1969 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | self | UseUseExplosion.rb:21:2219:21:2224 | self |
+| UseUseExplosion.rb:21:1945:21:1953 | ... > ... | UseUseExplosion.rb:21:1944:21:1954 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1945:21:1953 | ... > ... | UseUseExplosion.rb:21:1944:21:1954 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1956:21:2212 | then ... | UseUseExplosion.rb:21:1941:21:2228 | if ... |
+| UseUseExplosion.rb:21:1961:21:2212 | if ... | UseUseExplosion.rb:21:1956:21:2212 | then ... |
+| UseUseExplosion.rb:21:1965:21:1969 | [post] self | UseUseExplosion.rb:21:1985:21:1989 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | [post] self | UseUseExplosion.rb:21:2203:21:2208 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | self | UseUseExplosion.rb:21:1985:21:1989 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | self | UseUseExplosion.rb:21:2203:21:2208 | self |
+| UseUseExplosion.rb:21:1965:21:1973 | ... > ... | UseUseExplosion.rb:21:1964:21:1974 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1965:21:1973 | ... > ... | UseUseExplosion.rb:21:1964:21:1974 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1976:21:2196 | then ... | UseUseExplosion.rb:21:1961:21:2212 | if ... |
+| UseUseExplosion.rb:21:1981:21:2196 | if ... | UseUseExplosion.rb:21:1976:21:2196 | then ... |
+| UseUseExplosion.rb:21:1985:21:1989 | [post] self | UseUseExplosion.rb:21:2005:21:2009 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | [post] self | UseUseExplosion.rb:21:2187:21:2192 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | self | UseUseExplosion.rb:21:2005:21:2009 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | self | UseUseExplosion.rb:21:2187:21:2192 | self |
+| UseUseExplosion.rb:21:1985:21:1993 | ... > ... | UseUseExplosion.rb:21:1984:21:1994 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1985:21:1993 | ... > ... | UseUseExplosion.rb:21:1984:21:1994 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1996:21:2180 | then ... | UseUseExplosion.rb:21:1981:21:2196 | if ... |
+| UseUseExplosion.rb:21:2001:21:2180 | if ... | UseUseExplosion.rb:21:1996:21:2180 | then ... |
+| UseUseExplosion.rb:21:2005:21:2009 | [post] self | UseUseExplosion.rb:21:2025:21:2029 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | [post] self | UseUseExplosion.rb:21:2171:21:2176 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | self | UseUseExplosion.rb:21:2025:21:2029 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | self | UseUseExplosion.rb:21:2171:21:2176 | self |
+| UseUseExplosion.rb:21:2005:21:2013 | ... > ... | UseUseExplosion.rb:21:2004:21:2014 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2005:21:2013 | ... > ... | UseUseExplosion.rb:21:2004:21:2014 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2016:21:2164 | then ... | UseUseExplosion.rb:21:2001:21:2180 | if ... |
+| UseUseExplosion.rb:21:2021:21:2164 | if ... | UseUseExplosion.rb:21:2016:21:2164 | then ... |
+| UseUseExplosion.rb:21:2025:21:2029 | [post] self | UseUseExplosion.rb:21:2045:21:2049 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | [post] self | UseUseExplosion.rb:21:2155:21:2160 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | self | UseUseExplosion.rb:21:2045:21:2049 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | self | UseUseExplosion.rb:21:2155:21:2160 | self |
+| UseUseExplosion.rb:21:2025:21:2033 | ... > ... | UseUseExplosion.rb:21:2024:21:2034 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2025:21:2033 | ... > ... | UseUseExplosion.rb:21:2024:21:2034 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2036:21:2148 | then ... | UseUseExplosion.rb:21:2021:21:2164 | if ... |
+| UseUseExplosion.rb:21:2041:21:2148 | if ... | UseUseExplosion.rb:21:2036:21:2148 | then ... |
+| UseUseExplosion.rb:21:2045:21:2049 | [post] self | UseUseExplosion.rb:21:2065:21:2069 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | [post] self | UseUseExplosion.rb:21:2139:21:2144 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | self | UseUseExplosion.rb:21:2065:21:2069 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | self | UseUseExplosion.rb:21:2139:21:2144 | self |
+| UseUseExplosion.rb:21:2045:21:2053 | ... > ... | UseUseExplosion.rb:21:2044:21:2054 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2045:21:2053 | ... > ... | UseUseExplosion.rb:21:2044:21:2054 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2056:21:2132 | then ... | UseUseExplosion.rb:21:2041:21:2148 | if ... |
+| UseUseExplosion.rb:21:2061:21:2132 | if ... | UseUseExplosion.rb:21:2056:21:2132 | then ... |
+| UseUseExplosion.rb:21:2065:21:2069 | [post] self | UseUseExplosion.rb:21:2085:21:2089 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | [post] self | UseUseExplosion.rb:21:2123:21:2128 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | self | UseUseExplosion.rb:21:2085:21:2089 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | self | UseUseExplosion.rb:21:2123:21:2128 | self |
+| UseUseExplosion.rb:21:2065:21:2073 | ... > ... | UseUseExplosion.rb:21:2064:21:2074 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2065:21:2073 | ... > ... | UseUseExplosion.rb:21:2064:21:2074 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2076:21:2116 | then ... | UseUseExplosion.rb:21:2061:21:2132 | if ... |
+| UseUseExplosion.rb:21:2081:21:2116 | if ... | UseUseExplosion.rb:21:2076:21:2116 | then ... |
+| UseUseExplosion.rb:21:2085:21:2089 | [post] self | UseUseExplosion.rb:21:2107:21:2112 | self |
+| UseUseExplosion.rb:21:2085:21:2089 | self | UseUseExplosion.rb:21:2107:21:2112 | self |
+| UseUseExplosion.rb:21:2085:21:2093 | ... > ... | UseUseExplosion.rb:21:2084:21:2094 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2085:21:2093 | ... > ... | UseUseExplosion.rb:21:2084:21:2094 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2096:21:2099 | then ... | UseUseExplosion.rb:21:2081:21:2116 | if ... |
+| UseUseExplosion.rb:21:2102:21:2112 | else ... | UseUseExplosion.rb:21:2081:21:2116 | if ... |
+| UseUseExplosion.rb:21:2107:21:2112 | call to use | UseUseExplosion.rb:21:2102:21:2112 | else ... |
+| UseUseExplosion.rb:21:2118:21:2128 | else ... | UseUseExplosion.rb:21:2061:21:2132 | if ... |
+| UseUseExplosion.rb:21:2123:21:2128 | call to use | UseUseExplosion.rb:21:2118:21:2128 | else ... |
+| UseUseExplosion.rb:21:2134:21:2144 | else ... | UseUseExplosion.rb:21:2041:21:2148 | if ... |
+| UseUseExplosion.rb:21:2139:21:2144 | call to use | UseUseExplosion.rb:21:2134:21:2144 | else ... |
+| UseUseExplosion.rb:21:2150:21:2160 | else ... | UseUseExplosion.rb:21:2021:21:2164 | if ... |
+| UseUseExplosion.rb:21:2155:21:2160 | call to use | UseUseExplosion.rb:21:2150:21:2160 | else ... |
+| UseUseExplosion.rb:21:2166:21:2176 | else ... | UseUseExplosion.rb:21:2001:21:2180 | if ... |
+| UseUseExplosion.rb:21:2171:21:2176 | call to use | UseUseExplosion.rb:21:2166:21:2176 | else ... |
+| UseUseExplosion.rb:21:2182:21:2192 | else ... | UseUseExplosion.rb:21:1981:21:2196 | if ... |
+| UseUseExplosion.rb:21:2187:21:2192 | call to use | UseUseExplosion.rb:21:2182:21:2192 | else ... |
+| UseUseExplosion.rb:21:2198:21:2208 | else ... | UseUseExplosion.rb:21:1961:21:2212 | if ... |
+| UseUseExplosion.rb:21:2203:21:2208 | call to use | UseUseExplosion.rb:21:2198:21:2208 | else ... |
+| UseUseExplosion.rb:21:2214:21:2224 | else ... | UseUseExplosion.rb:21:1941:21:2228 | if ... |
+| UseUseExplosion.rb:21:2219:21:2224 | call to use | UseUseExplosion.rb:21:2214:21:2224 | else ... |
+| UseUseExplosion.rb:21:2230:21:2240 | else ... | UseUseExplosion.rb:21:1921:21:2244 | if ... |
+| UseUseExplosion.rb:21:2235:21:2240 | call to use | UseUseExplosion.rb:21:2230:21:2240 | else ... |
+| UseUseExplosion.rb:21:2246:21:2256 | else ... | UseUseExplosion.rb:21:1900:21:2260 | if ... |
+| UseUseExplosion.rb:21:2251:21:2256 | call to use | UseUseExplosion.rb:21:2246:21:2256 | else ... |
+| UseUseExplosion.rb:21:2262:21:2272 | else ... | UseUseExplosion.rb:21:1879:21:2276 | if ... |
+| UseUseExplosion.rb:21:2267:21:2272 | call to use | UseUseExplosion.rb:21:2262:21:2272 | else ... |
+| UseUseExplosion.rb:21:2278:21:2288 | else ... | UseUseExplosion.rb:21:1858:21:2292 | if ... |
+| UseUseExplosion.rb:21:2283:21:2288 | call to use | UseUseExplosion.rb:21:2278:21:2288 | else ... |
+| UseUseExplosion.rb:21:2294:21:2304 | else ... | UseUseExplosion.rb:21:1837:21:2308 | if ... |
+| UseUseExplosion.rb:21:2299:21:2304 | call to use | UseUseExplosion.rb:21:2294:21:2304 | else ... |
+| UseUseExplosion.rb:21:2310:21:2320 | else ... | UseUseExplosion.rb:21:1816:21:2324 | if ... |
+| UseUseExplosion.rb:21:2315:21:2320 | call to use | UseUseExplosion.rb:21:2310:21:2320 | else ... |
+| UseUseExplosion.rb:21:2326:21:2336 | else ... | UseUseExplosion.rb:21:1795:21:2340 | if ... |
+| UseUseExplosion.rb:21:2331:21:2336 | call to use | UseUseExplosion.rb:21:2326:21:2336 | else ... |
+| UseUseExplosion.rb:21:2342:21:2352 | else ... | UseUseExplosion.rb:21:1774:21:2356 | if ... |
+| UseUseExplosion.rb:21:2347:21:2352 | call to use | UseUseExplosion.rb:21:2342:21:2352 | else ... |
+| UseUseExplosion.rb:21:2358:21:2368 | else ... | UseUseExplosion.rb:21:1753:21:2372 | if ... |
+| UseUseExplosion.rb:21:2363:21:2368 | call to use | UseUseExplosion.rb:21:2358:21:2368 | else ... |
+| UseUseExplosion.rb:21:2374:21:2384 | else ... | UseUseExplosion.rb:21:1732:21:2388 | if ... |
+| UseUseExplosion.rb:21:2379:21:2384 | call to use | UseUseExplosion.rb:21:2374:21:2384 | else ... |
+| UseUseExplosion.rb:21:2390:21:2400 | else ... | UseUseExplosion.rb:21:1711:21:2404 | if ... |
+| UseUseExplosion.rb:21:2395:21:2400 | call to use | UseUseExplosion.rb:21:2390:21:2400 | else ... |
+| UseUseExplosion.rb:21:2406:21:2416 | else ... | UseUseExplosion.rb:21:1690:21:2420 | if ... |
+| UseUseExplosion.rb:21:2411:21:2416 | call to use | UseUseExplosion.rb:21:2406:21:2416 | else ... |
+| UseUseExplosion.rb:21:2422:21:2432 | else ... | UseUseExplosion.rb:21:1669:21:2436 | if ... |
+| UseUseExplosion.rb:21:2427:21:2432 | call to use | UseUseExplosion.rb:21:2422:21:2432 | else ... |
+| UseUseExplosion.rb:21:2438:21:2448 | else ... | UseUseExplosion.rb:21:1648:21:2452 | if ... |
+| UseUseExplosion.rb:21:2443:21:2448 | call to use | UseUseExplosion.rb:21:2438:21:2448 | else ... |
+| UseUseExplosion.rb:21:2454:21:2464 | else ... | UseUseExplosion.rb:21:1627:21:2468 | if ... |
+| UseUseExplosion.rb:21:2459:21:2464 | call to use | UseUseExplosion.rb:21:2454:21:2464 | else ... |
+| UseUseExplosion.rb:21:2470:21:2480 | else ... | UseUseExplosion.rb:21:1606:21:2484 | if ... |
+| UseUseExplosion.rb:21:2475:21:2480 | call to use | UseUseExplosion.rb:21:2470:21:2480 | else ... |
+| UseUseExplosion.rb:21:2486:21:2496 | else ... | UseUseExplosion.rb:21:1585:21:2500 | if ... |
+| UseUseExplosion.rb:21:2491:21:2496 | call to use | UseUseExplosion.rb:21:2486:21:2496 | else ... |
+| UseUseExplosion.rb:21:2502:21:2512 | else ... | UseUseExplosion.rb:21:1564:21:2516 | if ... |
+| UseUseExplosion.rb:21:2507:21:2512 | call to use | UseUseExplosion.rb:21:2502:21:2512 | else ... |
+| UseUseExplosion.rb:21:2518:21:2528 | else ... | UseUseExplosion.rb:21:1543:21:2532 | if ... |
+| UseUseExplosion.rb:21:2523:21:2528 | call to use | UseUseExplosion.rb:21:2518:21:2528 | else ... |
+| UseUseExplosion.rb:21:2534:21:2544 | else ... | UseUseExplosion.rb:21:1522:21:2548 | if ... |
+| UseUseExplosion.rb:21:2539:21:2544 | call to use | UseUseExplosion.rb:21:2534:21:2544 | else ... |
+| UseUseExplosion.rb:21:2550:21:2560 | else ... | UseUseExplosion.rb:21:1501:21:2564 | if ... |
+| UseUseExplosion.rb:21:2555:21:2560 | call to use | UseUseExplosion.rb:21:2550:21:2560 | else ... |
+| UseUseExplosion.rb:21:2566:21:2576 | else ... | UseUseExplosion.rb:21:1480:21:2580 | if ... |
+| UseUseExplosion.rb:21:2571:21:2576 | call to use | UseUseExplosion.rb:21:2566:21:2576 | else ... |
+| UseUseExplosion.rb:21:2582:21:2592 | else ... | UseUseExplosion.rb:21:1459:21:2596 | if ... |
+| UseUseExplosion.rb:21:2587:21:2592 | call to use | UseUseExplosion.rb:21:2582:21:2592 | else ... |
+| UseUseExplosion.rb:21:2598:21:2608 | else ... | UseUseExplosion.rb:21:1438:21:2612 | if ... |
+| UseUseExplosion.rb:21:2603:21:2608 | call to use | UseUseExplosion.rb:21:2598:21:2608 | else ... |
+| UseUseExplosion.rb:21:2614:21:2624 | else ... | UseUseExplosion.rb:21:1417:21:2628 | if ... |
+| UseUseExplosion.rb:21:2619:21:2624 | call to use | UseUseExplosion.rb:21:2614:21:2624 | else ... |
+| UseUseExplosion.rb:21:2630:21:2640 | else ... | UseUseExplosion.rb:21:1396:21:2644 | if ... |
+| UseUseExplosion.rb:21:2635:21:2640 | call to use | UseUseExplosion.rb:21:2630:21:2640 | else ... |
+| UseUseExplosion.rb:21:2646:21:2656 | else ... | UseUseExplosion.rb:21:1375:21:2660 | if ... |
+| UseUseExplosion.rb:21:2651:21:2656 | call to use | UseUseExplosion.rb:21:2646:21:2656 | else ... |
+| UseUseExplosion.rb:21:2662:21:2672 | else ... | UseUseExplosion.rb:21:1354:21:2676 | if ... |
+| UseUseExplosion.rb:21:2667:21:2672 | call to use | UseUseExplosion.rb:21:2662:21:2672 | else ... |
+| UseUseExplosion.rb:21:2678:21:2688 | else ... | UseUseExplosion.rb:21:1333:21:2692 | if ... |
+| UseUseExplosion.rb:21:2683:21:2688 | call to use | UseUseExplosion.rb:21:2678:21:2688 | else ... |
+| UseUseExplosion.rb:21:2694:21:2704 | else ... | UseUseExplosion.rb:21:1312:21:2708 | if ... |
+| UseUseExplosion.rb:21:2699:21:2704 | call to use | UseUseExplosion.rb:21:2694:21:2704 | else ... |
+| UseUseExplosion.rb:21:2710:21:2720 | else ... | UseUseExplosion.rb:21:1291:21:2724 | if ... |
+| UseUseExplosion.rb:21:2715:21:2720 | call to use | UseUseExplosion.rb:21:2710:21:2720 | else ... |
+| UseUseExplosion.rb:21:2726:21:2736 | else ... | UseUseExplosion.rb:21:1270:21:2740 | if ... |
+| UseUseExplosion.rb:21:2731:21:2736 | call to use | UseUseExplosion.rb:21:2726:21:2736 | else ... |
+| UseUseExplosion.rb:21:2742:21:2752 | else ... | UseUseExplosion.rb:21:1249:21:2756 | if ... |
+| UseUseExplosion.rb:21:2747:21:2752 | call to use | UseUseExplosion.rb:21:2742:21:2752 | else ... |
+| UseUseExplosion.rb:21:2758:21:2768 | else ... | UseUseExplosion.rb:21:1228:21:2772 | if ... |
+| UseUseExplosion.rb:21:2763:21:2768 | call to use | UseUseExplosion.rb:21:2758:21:2768 | else ... |
+| UseUseExplosion.rb:21:2774:21:2784 | else ... | UseUseExplosion.rb:21:1207:21:2788 | if ... |
+| UseUseExplosion.rb:21:2779:21:2784 | call to use | UseUseExplosion.rb:21:2774:21:2784 | else ... |
+| UseUseExplosion.rb:21:2790:21:2800 | else ... | UseUseExplosion.rb:21:1186:21:2804 | if ... |
+| UseUseExplosion.rb:21:2795:21:2800 | call to use | UseUseExplosion.rb:21:2790:21:2800 | else ... |
+| UseUseExplosion.rb:21:2806:21:2816 | else ... | UseUseExplosion.rb:21:1165:21:2820 | if ... |
+| UseUseExplosion.rb:21:2811:21:2816 | call to use | UseUseExplosion.rb:21:2806:21:2816 | else ... |
+| UseUseExplosion.rb:21:2822:21:2832 | else ... | UseUseExplosion.rb:21:1144:21:2836 | if ... |
+| UseUseExplosion.rb:21:2827:21:2832 | call to use | UseUseExplosion.rb:21:2822:21:2832 | else ... |
+| UseUseExplosion.rb:21:2838:21:2848 | else ... | UseUseExplosion.rb:21:1123:21:2852 | if ... |
+| UseUseExplosion.rb:21:2843:21:2848 | call to use | UseUseExplosion.rb:21:2838:21:2848 | else ... |
+| UseUseExplosion.rb:21:2854:21:2864 | else ... | UseUseExplosion.rb:21:1102:21:2868 | if ... |
+| UseUseExplosion.rb:21:2859:21:2864 | call to use | UseUseExplosion.rb:21:2854:21:2864 | else ... |
+| UseUseExplosion.rb:21:2870:21:2880 | else ... | UseUseExplosion.rb:21:1081:21:2884 | if ... |
+| UseUseExplosion.rb:21:2875:21:2880 | call to use | UseUseExplosion.rb:21:2870:21:2880 | else ... |
+| UseUseExplosion.rb:21:2886:21:2896 | else ... | UseUseExplosion.rb:21:1060:21:2900 | if ... |
+| UseUseExplosion.rb:21:2891:21:2896 | call to use | UseUseExplosion.rb:21:2886:21:2896 | else ... |
+| UseUseExplosion.rb:21:2902:21:2912 | else ... | UseUseExplosion.rb:21:1039:21:2916 | if ... |
+| UseUseExplosion.rb:21:2907:21:2912 | call to use | UseUseExplosion.rb:21:2902:21:2912 | else ... |
+| UseUseExplosion.rb:21:2918:21:2928 | else ... | UseUseExplosion.rb:21:1018:21:2932 | if ... |
+| UseUseExplosion.rb:21:2923:21:2928 | call to use | UseUseExplosion.rb:21:2918:21:2928 | else ... |
+| UseUseExplosion.rb:21:2934:21:2944 | else ... | UseUseExplosion.rb:21:997:21:2948 | if ... |
+| UseUseExplosion.rb:21:2939:21:2944 | call to use | UseUseExplosion.rb:21:2934:21:2944 | else ... |
+| UseUseExplosion.rb:21:2950:21:2960 | else ... | UseUseExplosion.rb:21:976:21:2964 | if ... |
+| UseUseExplosion.rb:21:2955:21:2960 | call to use | UseUseExplosion.rb:21:2950:21:2960 | else ... |
+| UseUseExplosion.rb:21:2966:21:2976 | else ... | UseUseExplosion.rb:21:955:21:2980 | if ... |
+| UseUseExplosion.rb:21:2971:21:2976 | call to use | UseUseExplosion.rb:21:2966:21:2976 | else ... |
+| UseUseExplosion.rb:21:2982:21:2992 | else ... | UseUseExplosion.rb:21:934:21:2996 | if ... |
+| UseUseExplosion.rb:21:2987:21:2992 | call to use | UseUseExplosion.rb:21:2982:21:2992 | else ... |
+| UseUseExplosion.rb:21:2998:21:3008 | else ... | UseUseExplosion.rb:21:913:21:3012 | if ... |
+| UseUseExplosion.rb:21:3003:21:3008 | call to use | UseUseExplosion.rb:21:2998:21:3008 | else ... |
+| UseUseExplosion.rb:21:3014:21:3024 | else ... | UseUseExplosion.rb:21:892:21:3028 | if ... |
+| UseUseExplosion.rb:21:3019:21:3024 | call to use | UseUseExplosion.rb:21:3014:21:3024 | else ... |
+| UseUseExplosion.rb:21:3030:21:3040 | else ... | UseUseExplosion.rb:21:871:21:3044 | if ... |
+| UseUseExplosion.rb:21:3035:21:3040 | call to use | UseUseExplosion.rb:21:3030:21:3040 | else ... |
+| UseUseExplosion.rb:21:3046:21:3056 | else ... | UseUseExplosion.rb:21:850:21:3060 | if ... |
+| UseUseExplosion.rb:21:3051:21:3056 | call to use | UseUseExplosion.rb:21:3046:21:3056 | else ... |
+| UseUseExplosion.rb:21:3062:21:3072 | else ... | UseUseExplosion.rb:21:829:21:3076 | if ... |
+| UseUseExplosion.rb:21:3067:21:3072 | call to use | UseUseExplosion.rb:21:3062:21:3072 | else ... |
+| UseUseExplosion.rb:21:3078:21:3088 | else ... | UseUseExplosion.rb:21:808:21:3092 | if ... |
+| UseUseExplosion.rb:21:3083:21:3088 | call to use | UseUseExplosion.rb:21:3078:21:3088 | else ... |
+| UseUseExplosion.rb:21:3094:21:3104 | else ... | UseUseExplosion.rb:21:787:21:3108 | if ... |
+| UseUseExplosion.rb:21:3099:21:3104 | call to use | UseUseExplosion.rb:21:3094:21:3104 | else ... |
+| UseUseExplosion.rb:21:3110:21:3120 | else ... | UseUseExplosion.rb:21:766:21:3124 | if ... |
+| UseUseExplosion.rb:21:3115:21:3120 | call to use | UseUseExplosion.rb:21:3110:21:3120 | else ... |
+| UseUseExplosion.rb:21:3126:21:3136 | else ... | UseUseExplosion.rb:21:745:21:3140 | if ... |
+| UseUseExplosion.rb:21:3131:21:3136 | call to use | UseUseExplosion.rb:21:3126:21:3136 | else ... |
+| UseUseExplosion.rb:21:3142:21:3152 | else ... | UseUseExplosion.rb:21:724:21:3156 | if ... |
+| UseUseExplosion.rb:21:3147:21:3152 | call to use | UseUseExplosion.rb:21:3142:21:3152 | else ... |
+| UseUseExplosion.rb:21:3158:21:3168 | else ... | UseUseExplosion.rb:21:703:21:3172 | if ... |
+| UseUseExplosion.rb:21:3163:21:3168 | call to use | UseUseExplosion.rb:21:3158:21:3168 | else ... |
+| UseUseExplosion.rb:21:3174:21:3184 | else ... | UseUseExplosion.rb:21:682:21:3188 | if ... |
+| UseUseExplosion.rb:21:3179:21:3184 | call to use | UseUseExplosion.rb:21:3174:21:3184 | else ... |
+| UseUseExplosion.rb:21:3190:21:3200 | else ... | UseUseExplosion.rb:21:661:21:3204 | if ... |
+| UseUseExplosion.rb:21:3195:21:3200 | call to use | UseUseExplosion.rb:21:3190:21:3200 | else ... |
+| UseUseExplosion.rb:21:3206:21:3216 | else ... | UseUseExplosion.rb:21:640:21:3220 | if ... |
+| UseUseExplosion.rb:21:3211:21:3216 | call to use | UseUseExplosion.rb:21:3206:21:3216 | else ... |
+| UseUseExplosion.rb:21:3222:21:3232 | else ... | UseUseExplosion.rb:21:619:21:3236 | if ... |
+| UseUseExplosion.rb:21:3227:21:3232 | call to use | UseUseExplosion.rb:21:3222:21:3232 | else ... |
+| UseUseExplosion.rb:21:3238:21:3248 | else ... | UseUseExplosion.rb:21:598:21:3252 | if ... |
+| UseUseExplosion.rb:21:3243:21:3248 | call to use | UseUseExplosion.rb:21:3238:21:3248 | else ... |
+| UseUseExplosion.rb:21:3254:21:3264 | else ... | UseUseExplosion.rb:21:577:21:3268 | if ... |
+| UseUseExplosion.rb:21:3259:21:3264 | call to use | UseUseExplosion.rb:21:3254:21:3264 | else ... |
+| UseUseExplosion.rb:21:3270:21:3280 | else ... | UseUseExplosion.rb:21:556:21:3284 | if ... |
+| UseUseExplosion.rb:21:3275:21:3280 | call to use | UseUseExplosion.rb:21:3270:21:3280 | else ... |
+| UseUseExplosion.rb:21:3286:21:3296 | else ... | UseUseExplosion.rb:21:535:21:3300 | if ... |
+| UseUseExplosion.rb:21:3291:21:3296 | call to use | UseUseExplosion.rb:21:3286:21:3296 | else ... |
+| UseUseExplosion.rb:21:3302:21:3312 | else ... | UseUseExplosion.rb:21:514:21:3316 | if ... |
+| UseUseExplosion.rb:21:3307:21:3312 | call to use | UseUseExplosion.rb:21:3302:21:3312 | else ... |
+| UseUseExplosion.rb:21:3318:21:3328 | else ... | UseUseExplosion.rb:21:493:21:3332 | if ... |
+| UseUseExplosion.rb:21:3323:21:3328 | call to use | UseUseExplosion.rb:21:3318:21:3328 | else ... |
+| UseUseExplosion.rb:21:3334:21:3344 | else ... | UseUseExplosion.rb:21:472:21:3348 | if ... |
+| UseUseExplosion.rb:21:3339:21:3344 | call to use | UseUseExplosion.rb:21:3334:21:3344 | else ... |
+| UseUseExplosion.rb:21:3350:21:3360 | else ... | UseUseExplosion.rb:21:451:21:3364 | if ... |
+| UseUseExplosion.rb:21:3355:21:3360 | call to use | UseUseExplosion.rb:21:3350:21:3360 | else ... |
+| UseUseExplosion.rb:21:3366:21:3376 | else ... | UseUseExplosion.rb:21:430:21:3380 | if ... |
+| UseUseExplosion.rb:21:3371:21:3376 | call to use | UseUseExplosion.rb:21:3366:21:3376 | else ... |
+| UseUseExplosion.rb:21:3382:21:3392 | else ... | UseUseExplosion.rb:21:409:21:3396 | if ... |
+| UseUseExplosion.rb:21:3387:21:3392 | call to use | UseUseExplosion.rb:21:3382:21:3392 | else ... |
+| UseUseExplosion.rb:21:3398:21:3408 | else ... | UseUseExplosion.rb:21:388:21:3412 | if ... |
+| UseUseExplosion.rb:21:3403:21:3408 | call to use | UseUseExplosion.rb:21:3398:21:3408 | else ... |
+| UseUseExplosion.rb:21:3414:21:3424 | else ... | UseUseExplosion.rb:21:367:21:3428 | if ... |
+| UseUseExplosion.rb:21:3419:21:3424 | call to use | UseUseExplosion.rb:21:3414:21:3424 | else ... |
+| UseUseExplosion.rb:21:3430:21:3440 | else ... | UseUseExplosion.rb:21:346:21:3444 | if ... |
+| UseUseExplosion.rb:21:3435:21:3440 | call to use | UseUseExplosion.rb:21:3430:21:3440 | else ... |
+| UseUseExplosion.rb:21:3446:21:3456 | else ... | UseUseExplosion.rb:21:325:21:3460 | if ... |
+| UseUseExplosion.rb:21:3451:21:3456 | call to use | UseUseExplosion.rb:21:3446:21:3456 | else ... |
+| UseUseExplosion.rb:21:3462:21:3472 | else ... | UseUseExplosion.rb:21:304:21:3476 | if ... |
+| UseUseExplosion.rb:21:3467:21:3472 | call to use | UseUseExplosion.rb:21:3462:21:3472 | else ... |
+| UseUseExplosion.rb:21:3478:21:3488 | else ... | UseUseExplosion.rb:21:283:21:3492 | if ... |
+| UseUseExplosion.rb:21:3483:21:3488 | call to use | UseUseExplosion.rb:21:3478:21:3488 | else ... |
+| UseUseExplosion.rb:21:3494:21:3504 | else ... | UseUseExplosion.rb:21:262:21:3508 | if ... |
+| UseUseExplosion.rb:21:3499:21:3504 | call to use | UseUseExplosion.rb:21:3494:21:3504 | else ... |
+| UseUseExplosion.rb:21:3510:21:3520 | else ... | UseUseExplosion.rb:21:241:21:3524 | if ... |
+| UseUseExplosion.rb:21:3515:21:3520 | call to use | UseUseExplosion.rb:21:3510:21:3520 | else ... |
+| UseUseExplosion.rb:21:3526:21:3536 | else ... | UseUseExplosion.rb:21:220:21:3540 | if ... |
+| UseUseExplosion.rb:21:3531:21:3536 | call to use | UseUseExplosion.rb:21:3526:21:3536 | else ... |
+| UseUseExplosion.rb:21:3542:21:3552 | else ... | UseUseExplosion.rb:21:199:21:3556 | if ... |
+| UseUseExplosion.rb:21:3547:21:3552 | call to use | UseUseExplosion.rb:21:3542:21:3552 | else ... |
+| UseUseExplosion.rb:21:3558:21:3568 | else ... | UseUseExplosion.rb:21:178:21:3572 | if ... |
+| UseUseExplosion.rb:21:3563:21:3568 | call to use | UseUseExplosion.rb:21:3558:21:3568 | else ... |
+| UseUseExplosion.rb:21:3574:21:3584 | else ... | UseUseExplosion.rb:21:157:21:3588 | if ... |
+| UseUseExplosion.rb:21:3579:21:3584 | call to use | UseUseExplosion.rb:21:3574:21:3584 | else ... |
+| UseUseExplosion.rb:21:3590:21:3600 | else ... | UseUseExplosion.rb:21:136:21:3604 | if ... |
+| UseUseExplosion.rb:21:3595:21:3600 | call to use | UseUseExplosion.rb:21:3590:21:3600 | else ... |
+| UseUseExplosion.rb:21:3606:21:3616 | else ... | UseUseExplosion.rb:21:115:21:3620 | if ... |
+| UseUseExplosion.rb:21:3611:21:3616 | call to use | UseUseExplosion.rb:21:3606:21:3616 | else ... |
+| UseUseExplosion.rb:21:3622:21:3632 | else ... | UseUseExplosion.rb:21:94:21:3636 | if ... |
+| UseUseExplosion.rb:21:3627:21:3632 | call to use | UseUseExplosion.rb:21:3622:21:3632 | else ... |
+| UseUseExplosion.rb:21:3638:21:3648 | else ... | UseUseExplosion.rb:21:73:21:3652 | if ... |
+| UseUseExplosion.rb:21:3643:21:3648 | call to use | UseUseExplosion.rb:21:3638:21:3648 | else ... |
+| UseUseExplosion.rb:21:3654:21:3664 | else ... | UseUseExplosion.rb:21:52:21:3668 | if ... |
+| UseUseExplosion.rb:21:3659:21:3664 | call to use | UseUseExplosion.rb:21:3654:21:3664 | else ... |
+| UseUseExplosion.rb:21:3670:21:3680 | else ... | UseUseExplosion.rb:21:31:21:3684 | if ... |
+| UseUseExplosion.rb:21:3675:21:3680 | call to use | UseUseExplosion.rb:21:3670:21:3680 | else ... |
+| UseUseExplosion.rb:21:3686:21:3696 | else ... | UseUseExplosion.rb:21:9:21:3700 | if ... |
+| UseUseExplosion.rb:21:3691:21:3696 | call to use | UseUseExplosion.rb:21:3686:21:3696 | else ... |
+| UseUseExplosion.rb:24:5:25:7 | use | UseUseExplosion.rb:1:1:26:3 | C |
 | local_dataflow.rb:1:1:7:3 | self (foo) | local_dataflow.rb:3:8:3:10 | self |
 | local_dataflow.rb:1:1:7:3 | self in foo | local_dataflow.rb:1:1:7:3 | self (foo) |
-| local_dataflow.rb:1:1:124:4 | self (local_dataflow.rb) | local_dataflow.rb:49:1:53:3 | self |
+| local_dataflow.rb:1:1:150:3 | self (local_dataflow.rb) | local_dataflow.rb:49:1:53:3 | self |
 | local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:1:9:1:9 | a |
 | local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:2:7:2:7 | a |
 | local_dataflow.rb:2:3:2:7 | ... = ... | local_dataflow.rb:3:13:3:13 | b |
@@ -74,22 +2473,19 @@
 | local_dataflow.rb:60:1:90:3 | self in test_case | local_dataflow.rb:60:1:90:3 | self (test_case) |
 | local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:60:15:60:15 | x |
 | local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:61:12:61:12 | x |
+| local_dataflow.rb:61:7:68:5 | SSA phi read(x) | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:61:7:68:5 | case ... | local_dataflow.rb:61:3:68:5 | ... = ... |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:63:15:63:15 | x |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:65:6:65:6 | x |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:67:5:67:5 | x |
-| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:62:10:62:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:62:15:62:15 | 3 | local_dataflow.rb:62:10:62:15 | then ... |
 | local_dataflow.rb:63:10:63:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:63:10:63:15 | then ... |
-| local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:64:9:65:6 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:64:9:65:6 | then ... |
-| local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:66:3:67:5 | else ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:66:3:67:5 | else ... |
-| local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:69:7:76:5 | case ... | local_dataflow.rb:69:3:76:5 | ... = ... |
 | local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:71:13:71:13 | x |
 | local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:73:7:73:7 | x |
@@ -103,6 +2499,7 @@
 | local_dataflow.rb:74:3:75:6 | else ... | local_dataflow.rb:69:7:76:5 | case ... |
 | local_dataflow.rb:75:6:75:6 | x | local_dataflow.rb:74:3:75:6 | else ... |
 | local_dataflow.rb:78:3:88:5 | ... = ... | local_dataflow.rb:89:8:89:8 | z |
+| local_dataflow.rb:78:7:88:5 | SSA phi read(self) | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
 | local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
 | local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:79:20:79:26 | self |
@@ -119,16 +2516,12 @@
 | local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:87:20:87:26 | self |
 | local_dataflow.rb:79:13:79:13 | b | local_dataflow.rb:79:25:79:25 | b |
 | local_dataflow.rb:79:15:79:45 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:79:20:79:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:79:20:79:26 | call to sink | local_dataflow.rb:79:15:79:45 | then ... |
-| local_dataflow.rb:79:20:79:26 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:80:8:80:8 | a | local_dataflow.rb:80:13:80:13 | a |
 | local_dataflow.rb:80:13:80:13 | [post] a | local_dataflow.rb:80:29:80:29 | a |
 | local_dataflow.rb:80:13:80:13 | a | local_dataflow.rb:80:29:80:29 | a |
 | local_dataflow.rb:80:19:80:49 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:80:24:80:30 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:80:24:80:30 | call to sink | local_dataflow.rb:80:19:80:49 | then ... |
-| local_dataflow.rb:80:24:80:30 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:81:9:81:9 | c | local_dataflow.rb:82:12:82:12 | c |
 | local_dataflow.rb:81:13:81:13 | d | local_dataflow.rb:83:12:83:12 | d |
 | local_dataflow.rb:81:16:81:16 | e | local_dataflow.rb:84:12:84:12 | e |
@@ -138,22 +2531,14 @@
 | local_dataflow.rb:82:7:82:13 | self | local_dataflow.rb:83:7:83:13 | self |
 | local_dataflow.rb:83:7:83:13 | [post] self | local_dataflow.rb:84:7:84:13 | self |
 | local_dataflow.rb:83:7:83:13 | self | local_dataflow.rb:84:7:84:13 | self |
-| local_dataflow.rb:84:7:84:13 | [post] self | local_dataflow.rb:89:3:89:9 | self |
-| local_dataflow.rb:84:7:84:13 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:85:13:85:13 | f | local_dataflow.rb:85:27:85:27 | f |
 | local_dataflow.rb:85:17:85:47 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:85:22:85:28 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:85:22:85:28 | call to sink | local_dataflow.rb:85:17:85:47 | then ... |
-| local_dataflow.rb:85:22:85:28 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:86:18:86:18 | g | local_dataflow.rb:86:33:86:33 | g |
 | local_dataflow.rb:86:23:86:53 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:86:28:86:34 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:86:28:86:34 | call to sink | local_dataflow.rb:86:23:86:53 | then ... |
-| local_dataflow.rb:86:28:86:34 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:87:10:87:10 | x | local_dataflow.rb:87:25:87:25 | x |
 | local_dataflow.rb:87:15:87:48 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:87:20:87:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
-| local_dataflow.rb:87:20:87:26 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:87:25:87:25 | [post] x | local_dataflow.rb:87:29:87:29 | x |
 | local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:29:87:29 | x |
 | local_dataflow.rb:87:29:87:29 | x | local_dataflow.rb:87:15:87:48 | then ... |
@@ -161,88 +2546,70 @@
 | local_dataflow.rb:92:1:109:3 | self in and_or | local_dataflow.rb:92:1:109:3 | self (and_or) |
 | local_dataflow.rb:93:3:93:28 | ... = ... | local_dataflow.rb:94:8:94:8 | a |
 | local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:93:20:93:28 | self |
-| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
 | local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:20:93:28 | self |
-| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
 | local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
-| local_dataflow.rb:93:20:93:28 | [post] self | local_dataflow.rb:94:3:94:9 | self |
+| local_dataflow.rb:93:7:93:28 | SSA phi read(self) | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
-| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:94:3:94:9 | [post] self | local_dataflow.rb:95:8:95:16 | self |
 | local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:95:8:95:16 | self |
 | local_dataflow.rb:95:3:95:30 | ... = ... | local_dataflow.rb:96:8:96:8 | b |
 | local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
 | local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
 | local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:95:21:95:29 | self |
-| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
 | local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:21:95:29 | self |
-| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:8:95:29 | ... or ... | local_dataflow.rb:95:7:95:30 | ( ... ) |
-| local_dataflow.rb:95:21:95:29 | [post] self | local_dataflow.rb:96:3:96:9 | self |
+| local_dataflow.rb:95:8:95:29 | SSA phi read(self) | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
-| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:96:3:96:9 | [post] self | local_dataflow.rb:98:7:98:15 | self |
 | local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:98:7:98:15 | self |
 | local_dataflow.rb:98:3:98:28 | ... = ... | local_dataflow.rb:99:8:99:8 | a |
 | local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:98:20:98:28 | self |
-| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
 | local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:20:98:28 | self |
-| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
 | local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
-| local_dataflow.rb:98:20:98:28 | [post] self | local_dataflow.rb:99:3:99:9 | self |
+| local_dataflow.rb:98:7:98:28 | SSA phi read(self) | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
-| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:99:3:99:9 | [post] self | local_dataflow.rb:100:8:100:16 | self |
 | local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:100:8:100:16 | self |
 | local_dataflow.rb:100:3:100:31 | ... = ... | local_dataflow.rb:101:8:101:8 | b |
 | local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
 | local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
 | local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:100:22:100:30 | self |
-| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
 | local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:22:100:30 | self |
-| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:8:100:30 | ... and ... | local_dataflow.rb:100:7:100:31 | ( ... ) |
-| local_dataflow.rb:100:22:100:30 | [post] self | local_dataflow.rb:101:3:101:9 | self |
+| local_dataflow.rb:100:8:100:30 | SSA phi read(self) | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
-| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:101:3:101:9 | [post] self | local_dataflow.rb:103:7:103:15 | self |
 | local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:103:7:103:15 | self |
 | local_dataflow.rb:103:3:103:15 | ... = ... | local_dataflow.rb:104:3:104:3 | a |
 | local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:104:9:104:17 | self |
-| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
 | local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
 | local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:104:9:104:17 | self |
-| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
 | local_dataflow.rb:104:3:104:17 | ... = ... | local_dataflow.rb:105:8:105:8 | a |
 | local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
 | local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
-| local_dataflow.rb:104:9:104:17 | [post] self | local_dataflow.rb:105:3:105:9 | self |
+| local_dataflow.rb:104:5:104:7 | SSA phi read(self) | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
-| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:105:3:105:9 | [post] self | local_dataflow.rb:106:7:106:15 | self |
 | local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:106:7:106:15 | self |
 | local_dataflow.rb:106:3:106:15 | ... = ... | local_dataflow.rb:107:3:107:3 | b |
 | local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:107:9:107:17 | self |
-| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
 | local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
 | local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:107:9:107:17 | self |
-| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... |
 | local_dataflow.rb:107:3:107:17 | ... = ... | local_dataflow.rb:108:8:108:8 | b |
 | local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
 | local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
-| local_dataflow.rb:107:9:107:17 | [post] self | local_dataflow.rb:108:3:108:9 | self |
+| local_dataflow.rb:107:5:107:7 | SSA phi read(self) | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... |
-| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:111:1:114:3 | self (object_dup) | local_dataflow.rb:112:3:112:21 | self |
 | local_dataflow.rb:111:1:114:3 | self in object_dup | local_dataflow.rb:111:1:114:3 | self (object_dup) |
 | local_dataflow.rb:112:3:112:21 | [post] self | local_dataflow.rb:112:8:112:16 | self |
@@ -279,3 +2646,89 @@
 | local_dataflow.rb:123:8:123:20 | call to dup | local_dataflow.rb:123:8:123:45 | call to tap |
 | local_dataflow.rb:123:8:123:45 | call to tap | local_dataflow.rb:123:8:123:49 | call to dup |
 | local_dataflow.rb:123:26:123:45 | <captured> self | local_dataflow.rb:123:32:123:43 | self |
+| local_dataflow.rb:126:1:128:3 | self (use) | local_dataflow.rb:127:3:127:8 | self |
+| local_dataflow.rb:126:1:128:3 | self in use | local_dataflow.rb:126:1:128:3 | self (use) |
+| local_dataflow.rb:130:1:150:3 | self (use_use_madness) | local_dataflow.rb:132:6:132:11 | self |
+| local_dataflow.rb:130:1:150:3 | self in use_use_madness | local_dataflow.rb:130:1:150:3 | self (use_use_madness) |
+| local_dataflow.rb:131:3:131:8 | ... = ... | local_dataflow.rb:132:10:132:10 | x |
+| local_dataflow.rb:131:7:131:8 | "" | local_dataflow.rb:131:3:131:8 | ... = ... |
+| local_dataflow.rb:131:7:131:8 | "" | local_dataflow.rb:131:3:131:8 | ... = ... |
+| local_dataflow.rb:132:6:132:11 | [post] self | local_dataflow.rb:133:8:133:13 | self |
+| local_dataflow.rb:132:6:132:11 | self | local_dataflow.rb:133:8:133:13 | self |
+| local_dataflow.rb:132:10:132:10 | x | local_dataflow.rb:133:12:133:12 | x |
+| local_dataflow.rb:132:12:148:10 | then ... | local_dataflow.rb:132:3:149:5 | if ... |
+| local_dataflow.rb:133:5:139:7 | SSA phi read(self) | local_dataflow.rb:141:9:141:14 | self |
+| local_dataflow.rb:133:5:139:7 | SSA phi read(x) | local_dataflow.rb:141:13:141:13 | x |
+| local_dataflow.rb:133:8:133:13 | [post] self | local_dataflow.rb:133:18:133:23 | self |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... |
+| local_dataflow.rb:133:8:133:13 | self | local_dataflow.rb:133:18:133:23 | self |
+| local_dataflow.rb:133:8:133:23 | SSA phi read(self) | local_dataflow.rb:134:7:134:12 | self |
+| local_dataflow.rb:133:8:133:23 | SSA phi read(x) | local_dataflow.rb:134:11:134:11 | x |
+| local_dataflow.rb:133:12:133:12 | x | local_dataflow.rb:133:22:133:22 | x |
+| local_dataflow.rb:133:18:133:23 | [post] self | local_dataflow.rb:136:7:136:12 | self |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... |
+| local_dataflow.rb:133:18:133:23 | self | local_dataflow.rb:136:7:136:12 | self |
+| local_dataflow.rb:133:22:133:22 | x | local_dataflow.rb:136:11:136:11 | x |
+| local_dataflow.rb:133:24:134:12 | then ... | local_dataflow.rb:133:5:139:7 | if ... |
+| local_dataflow.rb:134:7:134:12 | call to use | local_dataflow.rb:133:24:134:12 | then ... |
+| local_dataflow.rb:135:5:138:9 | else ... | local_dataflow.rb:133:5:139:7 | if ... |
+| local_dataflow.rb:136:7:136:12 | [post] self | local_dataflow.rb:137:10:137:15 | self |
+| local_dataflow.rb:136:7:136:12 | self | local_dataflow.rb:137:10:137:15 | self |
+| local_dataflow.rb:136:11:136:11 | x | local_dataflow.rb:137:14:137:14 | x |
+| local_dataflow.rb:137:7:138:9 | SSA phi read(self) | local_dataflow.rb:133:5:139:7 | SSA phi read(self) |
+| local_dataflow.rb:137:7:138:9 | SSA phi read(x) | local_dataflow.rb:133:5:139:7 | SSA phi read(x) |
+| local_dataflow.rb:137:7:138:9 | if ... | local_dataflow.rb:135:5:138:9 | else ... |
+| local_dataflow.rb:137:10:137:15 | [post] self | local_dataflow.rb:137:21:137:26 | self |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [false] ... && ... |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [true] ... && ... |
+| local_dataflow.rb:137:10:137:15 | self | local_dataflow.rb:137:21:137:26 | self |
+| local_dataflow.rb:137:10:137:26 | SSA phi read(self) | local_dataflow.rb:137:7:138:9 | SSA phi read(self) |
+| local_dataflow.rb:137:10:137:26 | SSA phi read(x) | local_dataflow.rb:137:7:138:9 | SSA phi read(x) |
+| local_dataflow.rb:137:14:137:14 | x | local_dataflow.rb:137:25:137:25 | x |
+| local_dataflow.rb:137:20:137:26 | [false] ! ... | local_dataflow.rb:137:10:137:26 | [false] ... && ... |
+| local_dataflow.rb:137:20:137:26 | [true] ! ... | local_dataflow.rb:137:10:137:26 | [true] ... && ... |
+| local_dataflow.rb:141:5:145:7 | SSA phi read(self) | local_dataflow.rb:147:5:147:10 | self |
+| local_dataflow.rb:141:5:145:7 | SSA phi read(x) | local_dataflow.rb:147:9:147:9 | x |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:8:141:14 | [true] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:8:141:37 | SSA phi read(self) | local_dataflow.rb:141:5:145:7 | SSA phi read(self) |
+| local_dataflow.rb:141:8:141:37 | SSA phi read(x) | local_dataflow.rb:141:5:145:7 | SSA phi read(x) |
+| local_dataflow.rb:141:9:141:14 | [post] self | local_dataflow.rb:141:20:141:25 | self |
+| local_dataflow.rb:141:9:141:14 | self | local_dataflow.rb:141:20:141:25 | self |
+| local_dataflow.rb:141:13:141:13 | x | local_dataflow.rb:141:24:141:24 | x |
+| local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... |
+| local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:20:141:25 | [post] self | local_dataflow.rb:141:31:141:36 | self |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [false] ... && ... |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [true] ... && ... |
+| local_dataflow.rb:141:20:141:25 | self | local_dataflow.rb:141:31:141:36 | self |
+| local_dataflow.rb:141:20:141:36 | SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self |
+| local_dataflow.rb:141:20:141:36 | SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x |
+| local_dataflow.rb:141:20:141:36 | [false] ... && ... | local_dataflow.rb:141:19:141:37 | [false] ( ... ) |
+| local_dataflow.rb:141:20:141:36 | [true] ... && ... | local_dataflow.rb:141:19:141:37 | [true] ( ... ) |
+| local_dataflow.rb:141:24:141:24 | x | local_dataflow.rb:141:35:141:35 | x |
+| local_dataflow.rb:141:30:141:36 | [false] ! ... | local_dataflow.rb:141:20:141:36 | [false] ... && ... |
+| local_dataflow.rb:141:30:141:36 | [true] ! ... | local_dataflow.rb:141:20:141:36 | [true] ... && ... |
+| local_dataflow.rb:141:38:142:9 | then ... | local_dataflow.rb:141:5:145:7 | if ... |
+| local_dataflow.rb:142:7:142:9 | nil | local_dataflow.rb:141:38:142:9 | then ... |
+| local_dataflow.rb:143:5:144:16 | SSA phi read(self) | local_dataflow.rb:141:5:145:7 | SSA phi read(self) |
+| local_dataflow.rb:143:5:144:16 | SSA phi read(x) | local_dataflow.rb:141:5:145:7 | SSA phi read(x) |
+| local_dataflow.rb:143:5:144:16 | elsif ... | local_dataflow.rb:141:5:145:7 | if ... |
+| local_dataflow.rb:143:11:143:16 | [post] self | local_dataflow.rb:143:21:143:26 | self |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... |
+| local_dataflow.rb:143:11:143:16 | self | local_dataflow.rb:143:21:143:26 | self |
+| local_dataflow.rb:143:11:143:26 | SSA phi read(self) | local_dataflow.rb:144:11:144:16 | self |
+| local_dataflow.rb:143:11:143:26 | SSA phi read(x) | local_dataflow.rb:144:15:144:15 | x |
+| local_dataflow.rb:143:15:143:15 | x | local_dataflow.rb:143:25:143:25 | x |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... |
+| local_dataflow.rb:143:27:144:16 | then ... | local_dataflow.rb:143:5:144:16 | elsif ... |
+| local_dataflow.rb:144:11:144:16 | call to use | local_dataflow.rb:143:27:144:16 | then ... |
+| local_dataflow.rb:147:5:147:10 | [post] self | local_dataflow.rb:148:5:148:10 | self |
+| local_dataflow.rb:147:5:147:10 | self | local_dataflow.rb:148:5:148:10 | self |
+| local_dataflow.rb:147:9:147:9 | x | local_dataflow.rb:148:9:148:9 | x |
+| local_dataflow.rb:148:5:148:10 | call to use | local_dataflow.rb:132:12:148:10 | then ... |
diff --git a/ruby/ql/test/library-tests/dataflow/local/Nodes.expected b/ruby/ql/test/library-tests/dataflow/local/Nodes.expected
index 353d1f0d2d6..2ac17e470d7 100644
--- a/ruby/ql/test/library-tests/dataflow/local/Nodes.expected
+++ b/ruby/ql/test/library-tests/dataflow/local/Nodes.expected
@@ -1,4 +1,5 @@
 ret
+| UseUseExplosion.rb:21:9:21:3700 | if ... |
 | local_dataflow.rb:6:3:6:14 | ... = ... |
 | local_dataflow.rb:12:3:12:5 | call to p |
 | local_dataflow.rb:16:3:16:10 | break |
@@ -19,7 +20,809 @@ ret
 | local_dataflow.rb:119:3:119:31 | call to sink |
 | local_dataflow.rb:123:3:123:50 | call to sink |
 | local_dataflow.rb:123:32:123:43 | call to puts |
+| local_dataflow.rb:127:3:127:8 | call to rand |
+| local_dataflow.rb:132:3:149:5 | if ... |
 arg
+| UseUseExplosion.rb:20:13:20:17 | @prop | UseUseExplosion.rb:20:13:20:23 | ... > ... | self |
+| UseUseExplosion.rb:20:21:20:23 | 100 | UseUseExplosion.rb:20:13:20:23 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:35:20:39 | @prop | UseUseExplosion.rb:20:35:20:44 | ... > ... | self |
+| UseUseExplosion.rb:20:43:20:44 | 99 | UseUseExplosion.rb:20:35:20:44 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:56:20:60 | @prop | UseUseExplosion.rb:20:56:20:65 | ... > ... | self |
+| UseUseExplosion.rb:20:64:20:65 | 98 | UseUseExplosion.rb:20:56:20:65 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:77:20:81 | @prop | UseUseExplosion.rb:20:77:20:86 | ... > ... | self |
+| UseUseExplosion.rb:20:85:20:86 | 97 | UseUseExplosion.rb:20:77:20:86 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:98:20:102 | @prop | UseUseExplosion.rb:20:98:20:107 | ... > ... | self |
+| UseUseExplosion.rb:20:106:20:107 | 96 | UseUseExplosion.rb:20:98:20:107 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:119:20:123 | @prop | UseUseExplosion.rb:20:119:20:128 | ... > ... | self |
+| UseUseExplosion.rb:20:127:20:128 | 95 | UseUseExplosion.rb:20:119:20:128 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:140:20:144 | @prop | UseUseExplosion.rb:20:140:20:149 | ... > ... | self |
+| UseUseExplosion.rb:20:148:20:149 | 94 | UseUseExplosion.rb:20:140:20:149 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:161:20:165 | @prop | UseUseExplosion.rb:20:161:20:170 | ... > ... | self |
+| UseUseExplosion.rb:20:169:20:170 | 93 | UseUseExplosion.rb:20:161:20:170 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:182:20:186 | @prop | UseUseExplosion.rb:20:182:20:191 | ... > ... | self |
+| UseUseExplosion.rb:20:190:20:191 | 92 | UseUseExplosion.rb:20:182:20:191 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:203:20:207 | @prop | UseUseExplosion.rb:20:203:20:212 | ... > ... | self |
+| UseUseExplosion.rb:20:211:20:212 | 91 | UseUseExplosion.rb:20:203:20:212 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:224:20:228 | @prop | UseUseExplosion.rb:20:224:20:233 | ... > ... | self |
+| UseUseExplosion.rb:20:232:20:233 | 90 | UseUseExplosion.rb:20:224:20:233 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:245:20:249 | @prop | UseUseExplosion.rb:20:245:20:254 | ... > ... | self |
+| UseUseExplosion.rb:20:253:20:254 | 89 | UseUseExplosion.rb:20:245:20:254 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:266:20:270 | @prop | UseUseExplosion.rb:20:266:20:275 | ... > ... | self |
+| UseUseExplosion.rb:20:274:20:275 | 88 | UseUseExplosion.rb:20:266:20:275 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:287:20:291 | @prop | UseUseExplosion.rb:20:287:20:296 | ... > ... | self |
+| UseUseExplosion.rb:20:295:20:296 | 87 | UseUseExplosion.rb:20:287:20:296 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:308:20:312 | @prop | UseUseExplosion.rb:20:308:20:317 | ... > ... | self |
+| UseUseExplosion.rb:20:316:20:317 | 86 | UseUseExplosion.rb:20:308:20:317 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:329:20:333 | @prop | UseUseExplosion.rb:20:329:20:338 | ... > ... | self |
+| UseUseExplosion.rb:20:337:20:338 | 85 | UseUseExplosion.rb:20:329:20:338 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:350:20:354 | @prop | UseUseExplosion.rb:20:350:20:359 | ... > ... | self |
+| UseUseExplosion.rb:20:358:20:359 | 84 | UseUseExplosion.rb:20:350:20:359 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:371:20:375 | @prop | UseUseExplosion.rb:20:371:20:380 | ... > ... | self |
+| UseUseExplosion.rb:20:379:20:380 | 83 | UseUseExplosion.rb:20:371:20:380 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:392:20:396 | @prop | UseUseExplosion.rb:20:392:20:401 | ... > ... | self |
+| UseUseExplosion.rb:20:400:20:401 | 82 | UseUseExplosion.rb:20:392:20:401 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:413:20:417 | @prop | UseUseExplosion.rb:20:413:20:422 | ... > ... | self |
+| UseUseExplosion.rb:20:421:20:422 | 81 | UseUseExplosion.rb:20:413:20:422 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:434:20:438 | @prop | UseUseExplosion.rb:20:434:20:443 | ... > ... | self |
+| UseUseExplosion.rb:20:442:20:443 | 80 | UseUseExplosion.rb:20:434:20:443 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:455:20:459 | @prop | UseUseExplosion.rb:20:455:20:464 | ... > ... | self |
+| UseUseExplosion.rb:20:463:20:464 | 79 | UseUseExplosion.rb:20:455:20:464 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:476:20:480 | @prop | UseUseExplosion.rb:20:476:20:485 | ... > ... | self |
+| UseUseExplosion.rb:20:484:20:485 | 78 | UseUseExplosion.rb:20:476:20:485 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:497:20:501 | @prop | UseUseExplosion.rb:20:497:20:506 | ... > ... | self |
+| UseUseExplosion.rb:20:505:20:506 | 77 | UseUseExplosion.rb:20:497:20:506 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:518:20:522 | @prop | UseUseExplosion.rb:20:518:20:527 | ... > ... | self |
+| UseUseExplosion.rb:20:526:20:527 | 76 | UseUseExplosion.rb:20:518:20:527 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:539:20:543 | @prop | UseUseExplosion.rb:20:539:20:548 | ... > ... | self |
+| UseUseExplosion.rb:20:547:20:548 | 75 | UseUseExplosion.rb:20:539:20:548 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:560:20:564 | @prop | UseUseExplosion.rb:20:560:20:569 | ... > ... | self |
+| UseUseExplosion.rb:20:568:20:569 | 74 | UseUseExplosion.rb:20:560:20:569 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:581:20:585 | @prop | UseUseExplosion.rb:20:581:20:590 | ... > ... | self |
+| UseUseExplosion.rb:20:589:20:590 | 73 | UseUseExplosion.rb:20:581:20:590 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:602:20:606 | @prop | UseUseExplosion.rb:20:602:20:611 | ... > ... | self |
+| UseUseExplosion.rb:20:610:20:611 | 72 | UseUseExplosion.rb:20:602:20:611 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:623:20:627 | @prop | UseUseExplosion.rb:20:623:20:632 | ... > ... | self |
+| UseUseExplosion.rb:20:631:20:632 | 71 | UseUseExplosion.rb:20:623:20:632 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:644:20:648 | @prop | UseUseExplosion.rb:20:644:20:653 | ... > ... | self |
+| UseUseExplosion.rb:20:652:20:653 | 70 | UseUseExplosion.rb:20:644:20:653 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:665:20:669 | @prop | UseUseExplosion.rb:20:665:20:674 | ... > ... | self |
+| UseUseExplosion.rb:20:673:20:674 | 69 | UseUseExplosion.rb:20:665:20:674 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:686:20:690 | @prop | UseUseExplosion.rb:20:686:20:695 | ... > ... | self |
+| UseUseExplosion.rb:20:694:20:695 | 68 | UseUseExplosion.rb:20:686:20:695 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:707:20:711 | @prop | UseUseExplosion.rb:20:707:20:716 | ... > ... | self |
+| UseUseExplosion.rb:20:715:20:716 | 67 | UseUseExplosion.rb:20:707:20:716 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:728:20:732 | @prop | UseUseExplosion.rb:20:728:20:737 | ... > ... | self |
+| UseUseExplosion.rb:20:736:20:737 | 66 | UseUseExplosion.rb:20:728:20:737 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:749:20:753 | @prop | UseUseExplosion.rb:20:749:20:758 | ... > ... | self |
+| UseUseExplosion.rb:20:757:20:758 | 65 | UseUseExplosion.rb:20:749:20:758 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:770:20:774 | @prop | UseUseExplosion.rb:20:770:20:779 | ... > ... | self |
+| UseUseExplosion.rb:20:778:20:779 | 64 | UseUseExplosion.rb:20:770:20:779 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:791:20:795 | @prop | UseUseExplosion.rb:20:791:20:800 | ... > ... | self |
+| UseUseExplosion.rb:20:799:20:800 | 63 | UseUseExplosion.rb:20:791:20:800 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:812:20:816 | @prop | UseUseExplosion.rb:20:812:20:821 | ... > ... | self |
+| UseUseExplosion.rb:20:820:20:821 | 62 | UseUseExplosion.rb:20:812:20:821 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:833:20:837 | @prop | UseUseExplosion.rb:20:833:20:842 | ... > ... | self |
+| UseUseExplosion.rb:20:841:20:842 | 61 | UseUseExplosion.rb:20:833:20:842 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:854:20:858 | @prop | UseUseExplosion.rb:20:854:20:863 | ... > ... | self |
+| UseUseExplosion.rb:20:862:20:863 | 60 | UseUseExplosion.rb:20:854:20:863 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:875:20:879 | @prop | UseUseExplosion.rb:20:875:20:884 | ... > ... | self |
+| UseUseExplosion.rb:20:883:20:884 | 59 | UseUseExplosion.rb:20:875:20:884 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:896:20:900 | @prop | UseUseExplosion.rb:20:896:20:905 | ... > ... | self |
+| UseUseExplosion.rb:20:904:20:905 | 58 | UseUseExplosion.rb:20:896:20:905 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:917:20:921 | @prop | UseUseExplosion.rb:20:917:20:926 | ... > ... | self |
+| UseUseExplosion.rb:20:925:20:926 | 57 | UseUseExplosion.rb:20:917:20:926 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:938:20:942 | @prop | UseUseExplosion.rb:20:938:20:947 | ... > ... | self |
+| UseUseExplosion.rb:20:946:20:947 | 56 | UseUseExplosion.rb:20:938:20:947 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:959:20:963 | @prop | UseUseExplosion.rb:20:959:20:968 | ... > ... | self |
+| UseUseExplosion.rb:20:967:20:968 | 55 | UseUseExplosion.rb:20:959:20:968 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:980:20:984 | @prop | UseUseExplosion.rb:20:980:20:989 | ... > ... | self |
+| UseUseExplosion.rb:20:988:20:989 | 54 | UseUseExplosion.rb:20:980:20:989 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1001:20:1005 | @prop | UseUseExplosion.rb:20:1001:20:1010 | ... > ... | self |
+| UseUseExplosion.rb:20:1009:20:1010 | 53 | UseUseExplosion.rb:20:1001:20:1010 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1022:20:1026 | @prop | UseUseExplosion.rb:20:1022:20:1031 | ... > ... | self |
+| UseUseExplosion.rb:20:1030:20:1031 | 52 | UseUseExplosion.rb:20:1022:20:1031 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1043:20:1047 | @prop | UseUseExplosion.rb:20:1043:20:1052 | ... > ... | self |
+| UseUseExplosion.rb:20:1051:20:1052 | 51 | UseUseExplosion.rb:20:1043:20:1052 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1064:20:1068 | @prop | UseUseExplosion.rb:20:1064:20:1073 | ... > ... | self |
+| UseUseExplosion.rb:20:1072:20:1073 | 50 | UseUseExplosion.rb:20:1064:20:1073 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1085:20:1089 | @prop | UseUseExplosion.rb:20:1085:20:1094 | ... > ... | self |
+| UseUseExplosion.rb:20:1093:20:1094 | 49 | UseUseExplosion.rb:20:1085:20:1094 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1106:20:1110 | @prop | UseUseExplosion.rb:20:1106:20:1115 | ... > ... | self |
+| UseUseExplosion.rb:20:1114:20:1115 | 48 | UseUseExplosion.rb:20:1106:20:1115 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1127:20:1131 | @prop | UseUseExplosion.rb:20:1127:20:1136 | ... > ... | self |
+| UseUseExplosion.rb:20:1135:20:1136 | 47 | UseUseExplosion.rb:20:1127:20:1136 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1148:20:1152 | @prop | UseUseExplosion.rb:20:1148:20:1157 | ... > ... | self |
+| UseUseExplosion.rb:20:1156:20:1157 | 46 | UseUseExplosion.rb:20:1148:20:1157 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1169:20:1173 | @prop | UseUseExplosion.rb:20:1169:20:1178 | ... > ... | self |
+| UseUseExplosion.rb:20:1177:20:1178 | 45 | UseUseExplosion.rb:20:1169:20:1178 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1190:20:1194 | @prop | UseUseExplosion.rb:20:1190:20:1199 | ... > ... | self |
+| UseUseExplosion.rb:20:1198:20:1199 | 44 | UseUseExplosion.rb:20:1190:20:1199 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1211:20:1215 | @prop | UseUseExplosion.rb:20:1211:20:1220 | ... > ... | self |
+| UseUseExplosion.rb:20:1219:20:1220 | 43 | UseUseExplosion.rb:20:1211:20:1220 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1232:20:1236 | @prop | UseUseExplosion.rb:20:1232:20:1241 | ... > ... | self |
+| UseUseExplosion.rb:20:1240:20:1241 | 42 | UseUseExplosion.rb:20:1232:20:1241 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1253:20:1257 | @prop | UseUseExplosion.rb:20:1253:20:1262 | ... > ... | self |
+| UseUseExplosion.rb:20:1261:20:1262 | 41 | UseUseExplosion.rb:20:1253:20:1262 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1274:20:1278 | @prop | UseUseExplosion.rb:20:1274:20:1283 | ... > ... | self |
+| UseUseExplosion.rb:20:1282:20:1283 | 40 | UseUseExplosion.rb:20:1274:20:1283 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1295:20:1299 | @prop | UseUseExplosion.rb:20:1295:20:1304 | ... > ... | self |
+| UseUseExplosion.rb:20:1303:20:1304 | 39 | UseUseExplosion.rb:20:1295:20:1304 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1316:20:1320 | @prop | UseUseExplosion.rb:20:1316:20:1325 | ... > ... | self |
+| UseUseExplosion.rb:20:1324:20:1325 | 38 | UseUseExplosion.rb:20:1316:20:1325 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1337:20:1341 | @prop | UseUseExplosion.rb:20:1337:20:1346 | ... > ... | self |
+| UseUseExplosion.rb:20:1345:20:1346 | 37 | UseUseExplosion.rb:20:1337:20:1346 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1358:20:1362 | @prop | UseUseExplosion.rb:20:1358:20:1367 | ... > ... | self |
+| UseUseExplosion.rb:20:1366:20:1367 | 36 | UseUseExplosion.rb:20:1358:20:1367 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1379:20:1383 | @prop | UseUseExplosion.rb:20:1379:20:1388 | ... > ... | self |
+| UseUseExplosion.rb:20:1387:20:1388 | 35 | UseUseExplosion.rb:20:1379:20:1388 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1400:20:1404 | @prop | UseUseExplosion.rb:20:1400:20:1409 | ... > ... | self |
+| UseUseExplosion.rb:20:1408:20:1409 | 34 | UseUseExplosion.rb:20:1400:20:1409 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1421:20:1425 | @prop | UseUseExplosion.rb:20:1421:20:1430 | ... > ... | self |
+| UseUseExplosion.rb:20:1429:20:1430 | 33 | UseUseExplosion.rb:20:1421:20:1430 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1442:20:1446 | @prop | UseUseExplosion.rb:20:1442:20:1451 | ... > ... | self |
+| UseUseExplosion.rb:20:1450:20:1451 | 32 | UseUseExplosion.rb:20:1442:20:1451 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1463:20:1467 | @prop | UseUseExplosion.rb:20:1463:20:1472 | ... > ... | self |
+| UseUseExplosion.rb:20:1471:20:1472 | 31 | UseUseExplosion.rb:20:1463:20:1472 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1484:20:1488 | @prop | UseUseExplosion.rb:20:1484:20:1493 | ... > ... | self |
+| UseUseExplosion.rb:20:1492:20:1493 | 30 | UseUseExplosion.rb:20:1484:20:1493 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1505:20:1509 | @prop | UseUseExplosion.rb:20:1505:20:1514 | ... > ... | self |
+| UseUseExplosion.rb:20:1513:20:1514 | 29 | UseUseExplosion.rb:20:1505:20:1514 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1526:20:1530 | @prop | UseUseExplosion.rb:20:1526:20:1535 | ... > ... | self |
+| UseUseExplosion.rb:20:1534:20:1535 | 28 | UseUseExplosion.rb:20:1526:20:1535 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1547:20:1551 | @prop | UseUseExplosion.rb:20:1547:20:1556 | ... > ... | self |
+| UseUseExplosion.rb:20:1555:20:1556 | 27 | UseUseExplosion.rb:20:1547:20:1556 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1568:20:1572 | @prop | UseUseExplosion.rb:20:1568:20:1577 | ... > ... | self |
+| UseUseExplosion.rb:20:1576:20:1577 | 26 | UseUseExplosion.rb:20:1568:20:1577 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1589:20:1593 | @prop | UseUseExplosion.rb:20:1589:20:1598 | ... > ... | self |
+| UseUseExplosion.rb:20:1597:20:1598 | 25 | UseUseExplosion.rb:20:1589:20:1598 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1610:20:1614 | @prop | UseUseExplosion.rb:20:1610:20:1619 | ... > ... | self |
+| UseUseExplosion.rb:20:1618:20:1619 | 24 | UseUseExplosion.rb:20:1610:20:1619 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1631:20:1635 | @prop | UseUseExplosion.rb:20:1631:20:1640 | ... > ... | self |
+| UseUseExplosion.rb:20:1639:20:1640 | 23 | UseUseExplosion.rb:20:1631:20:1640 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1652:20:1656 | @prop | UseUseExplosion.rb:20:1652:20:1661 | ... > ... | self |
+| UseUseExplosion.rb:20:1660:20:1661 | 22 | UseUseExplosion.rb:20:1652:20:1661 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1673:20:1677 | @prop | UseUseExplosion.rb:20:1673:20:1682 | ... > ... | self |
+| UseUseExplosion.rb:20:1681:20:1682 | 21 | UseUseExplosion.rb:20:1673:20:1682 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1694:20:1698 | @prop | UseUseExplosion.rb:20:1694:20:1703 | ... > ... | self |
+| UseUseExplosion.rb:20:1702:20:1703 | 20 | UseUseExplosion.rb:20:1694:20:1703 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1715:20:1719 | @prop | UseUseExplosion.rb:20:1715:20:1724 | ... > ... | self |
+| UseUseExplosion.rb:20:1723:20:1724 | 19 | UseUseExplosion.rb:20:1715:20:1724 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1736:20:1740 | @prop | UseUseExplosion.rb:20:1736:20:1745 | ... > ... | self |
+| UseUseExplosion.rb:20:1744:20:1745 | 18 | UseUseExplosion.rb:20:1736:20:1745 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1757:20:1761 | @prop | UseUseExplosion.rb:20:1757:20:1766 | ... > ... | self |
+| UseUseExplosion.rb:20:1765:20:1766 | 17 | UseUseExplosion.rb:20:1757:20:1766 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1778:20:1782 | @prop | UseUseExplosion.rb:20:1778:20:1787 | ... > ... | self |
+| UseUseExplosion.rb:20:1786:20:1787 | 16 | UseUseExplosion.rb:20:1778:20:1787 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1799:20:1803 | @prop | UseUseExplosion.rb:20:1799:20:1808 | ... > ... | self |
+| UseUseExplosion.rb:20:1807:20:1808 | 15 | UseUseExplosion.rb:20:1799:20:1808 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1820:20:1824 | @prop | UseUseExplosion.rb:20:1820:20:1829 | ... > ... | self |
+| UseUseExplosion.rb:20:1828:20:1829 | 14 | UseUseExplosion.rb:20:1820:20:1829 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1841:20:1845 | @prop | UseUseExplosion.rb:20:1841:20:1850 | ... > ... | self |
+| UseUseExplosion.rb:20:1849:20:1850 | 13 | UseUseExplosion.rb:20:1841:20:1850 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1862:20:1866 | @prop | UseUseExplosion.rb:20:1862:20:1871 | ... > ... | self |
+| UseUseExplosion.rb:20:1870:20:1871 | 12 | UseUseExplosion.rb:20:1862:20:1871 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1883:20:1887 | @prop | UseUseExplosion.rb:20:1883:20:1892 | ... > ... | self |
+| UseUseExplosion.rb:20:1891:20:1892 | 11 | UseUseExplosion.rb:20:1883:20:1892 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1904:20:1908 | @prop | UseUseExplosion.rb:20:1904:20:1913 | ... > ... | self |
+| UseUseExplosion.rb:20:1912:20:1913 | 10 | UseUseExplosion.rb:20:1904:20:1913 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1925:20:1929 | @prop | UseUseExplosion.rb:20:1925:20:1933 | ... > ... | self |
+| UseUseExplosion.rb:20:1933:20:1933 | 9 | UseUseExplosion.rb:20:1925:20:1933 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1945:20:1949 | @prop | UseUseExplosion.rb:20:1945:20:1953 | ... > ... | self |
+| UseUseExplosion.rb:20:1953:20:1953 | 8 | UseUseExplosion.rb:20:1945:20:1953 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1965:20:1969 | @prop | UseUseExplosion.rb:20:1965:20:1973 | ... > ... | self |
+| UseUseExplosion.rb:20:1973:20:1973 | 7 | UseUseExplosion.rb:20:1965:20:1973 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:1985:20:1989 | @prop | UseUseExplosion.rb:20:1985:20:1993 | ... > ... | self |
+| UseUseExplosion.rb:20:1993:20:1993 | 6 | UseUseExplosion.rb:20:1985:20:1993 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2005:20:2009 | @prop | UseUseExplosion.rb:20:2005:20:2013 | ... > ... | self |
+| UseUseExplosion.rb:20:2013:20:2013 | 5 | UseUseExplosion.rb:20:2005:20:2013 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2025:20:2029 | @prop | UseUseExplosion.rb:20:2025:20:2033 | ... > ... | self |
+| UseUseExplosion.rb:20:2033:20:2033 | 4 | UseUseExplosion.rb:20:2025:20:2033 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2045:20:2049 | @prop | UseUseExplosion.rb:20:2045:20:2053 | ... > ... | self |
+| UseUseExplosion.rb:20:2053:20:2053 | 3 | UseUseExplosion.rb:20:2045:20:2053 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2065:20:2069 | @prop | UseUseExplosion.rb:20:2065:20:2073 | ... > ... | self |
+| UseUseExplosion.rb:20:2073:20:2073 | 2 | UseUseExplosion.rb:20:2065:20:2073 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2085:20:2089 | @prop | UseUseExplosion.rb:20:2085:20:2093 | ... > ... | self |
+| UseUseExplosion.rb:20:2093:20:2093 | 1 | UseUseExplosion.rb:20:2085:20:2093 | ... > ... | position 0 |
+| UseUseExplosion.rb:20:2107:20:2112 | self | UseUseExplosion.rb:20:2107:20:2112 | call to use | self |
+| UseUseExplosion.rb:20:2111:20:2111 | x | UseUseExplosion.rb:20:2107:20:2112 | call to use | position 0 |
+| UseUseExplosion.rb:20:2123:20:2128 | self | UseUseExplosion.rb:20:2123:20:2128 | call to use | self |
+| UseUseExplosion.rb:20:2127:20:2127 | x | UseUseExplosion.rb:20:2123:20:2128 | call to use | position 0 |
+| UseUseExplosion.rb:20:2139:20:2144 | self | UseUseExplosion.rb:20:2139:20:2144 | call to use | self |
+| UseUseExplosion.rb:20:2143:20:2143 | x | UseUseExplosion.rb:20:2139:20:2144 | call to use | position 0 |
+| UseUseExplosion.rb:20:2155:20:2160 | self | UseUseExplosion.rb:20:2155:20:2160 | call to use | self |
+| UseUseExplosion.rb:20:2159:20:2159 | x | UseUseExplosion.rb:20:2155:20:2160 | call to use | position 0 |
+| UseUseExplosion.rb:20:2171:20:2176 | self | UseUseExplosion.rb:20:2171:20:2176 | call to use | self |
+| UseUseExplosion.rb:20:2175:20:2175 | x | UseUseExplosion.rb:20:2171:20:2176 | call to use | position 0 |
+| UseUseExplosion.rb:20:2187:20:2192 | self | UseUseExplosion.rb:20:2187:20:2192 | call to use | self |
+| UseUseExplosion.rb:20:2191:20:2191 | x | UseUseExplosion.rb:20:2187:20:2192 | call to use | position 0 |
+| UseUseExplosion.rb:20:2203:20:2208 | self | UseUseExplosion.rb:20:2203:20:2208 | call to use | self |
+| UseUseExplosion.rb:20:2207:20:2207 | x | UseUseExplosion.rb:20:2203:20:2208 | call to use | position 0 |
+| UseUseExplosion.rb:20:2219:20:2224 | self | UseUseExplosion.rb:20:2219:20:2224 | call to use | self |
+| UseUseExplosion.rb:20:2223:20:2223 | x | UseUseExplosion.rb:20:2219:20:2224 | call to use | position 0 |
+| UseUseExplosion.rb:20:2235:20:2240 | self | UseUseExplosion.rb:20:2235:20:2240 | call to use | self |
+| UseUseExplosion.rb:20:2239:20:2239 | x | UseUseExplosion.rb:20:2235:20:2240 | call to use | position 0 |
+| UseUseExplosion.rb:20:2251:20:2256 | self | UseUseExplosion.rb:20:2251:20:2256 | call to use | self |
+| UseUseExplosion.rb:20:2255:20:2255 | x | UseUseExplosion.rb:20:2251:20:2256 | call to use | position 0 |
+| UseUseExplosion.rb:20:2267:20:2272 | self | UseUseExplosion.rb:20:2267:20:2272 | call to use | self |
+| UseUseExplosion.rb:20:2271:20:2271 | x | UseUseExplosion.rb:20:2267:20:2272 | call to use | position 0 |
+| UseUseExplosion.rb:20:2283:20:2288 | self | UseUseExplosion.rb:20:2283:20:2288 | call to use | self |
+| UseUseExplosion.rb:20:2287:20:2287 | x | UseUseExplosion.rb:20:2283:20:2288 | call to use | position 0 |
+| UseUseExplosion.rb:20:2299:20:2304 | self | UseUseExplosion.rb:20:2299:20:2304 | call to use | self |
+| UseUseExplosion.rb:20:2303:20:2303 | x | UseUseExplosion.rb:20:2299:20:2304 | call to use | position 0 |
+| UseUseExplosion.rb:20:2315:20:2320 | self | UseUseExplosion.rb:20:2315:20:2320 | call to use | self |
+| UseUseExplosion.rb:20:2319:20:2319 | x | UseUseExplosion.rb:20:2315:20:2320 | call to use | position 0 |
+| UseUseExplosion.rb:20:2331:20:2336 | self | UseUseExplosion.rb:20:2331:20:2336 | call to use | self |
+| UseUseExplosion.rb:20:2335:20:2335 | x | UseUseExplosion.rb:20:2331:20:2336 | call to use | position 0 |
+| UseUseExplosion.rb:20:2347:20:2352 | self | UseUseExplosion.rb:20:2347:20:2352 | call to use | self |
+| UseUseExplosion.rb:20:2351:20:2351 | x | UseUseExplosion.rb:20:2347:20:2352 | call to use | position 0 |
+| UseUseExplosion.rb:20:2363:20:2368 | self | UseUseExplosion.rb:20:2363:20:2368 | call to use | self |
+| UseUseExplosion.rb:20:2367:20:2367 | x | UseUseExplosion.rb:20:2363:20:2368 | call to use | position 0 |
+| UseUseExplosion.rb:20:2379:20:2384 | self | UseUseExplosion.rb:20:2379:20:2384 | call to use | self |
+| UseUseExplosion.rb:20:2383:20:2383 | x | UseUseExplosion.rb:20:2379:20:2384 | call to use | position 0 |
+| UseUseExplosion.rb:20:2395:20:2400 | self | UseUseExplosion.rb:20:2395:20:2400 | call to use | self |
+| UseUseExplosion.rb:20:2399:20:2399 | x | UseUseExplosion.rb:20:2395:20:2400 | call to use | position 0 |
+| UseUseExplosion.rb:20:2411:20:2416 | self | UseUseExplosion.rb:20:2411:20:2416 | call to use | self |
+| UseUseExplosion.rb:20:2415:20:2415 | x | UseUseExplosion.rb:20:2411:20:2416 | call to use | position 0 |
+| UseUseExplosion.rb:20:2427:20:2432 | self | UseUseExplosion.rb:20:2427:20:2432 | call to use | self |
+| UseUseExplosion.rb:20:2431:20:2431 | x | UseUseExplosion.rb:20:2427:20:2432 | call to use | position 0 |
+| UseUseExplosion.rb:20:2443:20:2448 | self | UseUseExplosion.rb:20:2443:20:2448 | call to use | self |
+| UseUseExplosion.rb:20:2447:20:2447 | x | UseUseExplosion.rb:20:2443:20:2448 | call to use | position 0 |
+| UseUseExplosion.rb:20:2459:20:2464 | self | UseUseExplosion.rb:20:2459:20:2464 | call to use | self |
+| UseUseExplosion.rb:20:2463:20:2463 | x | UseUseExplosion.rb:20:2459:20:2464 | call to use | position 0 |
+| UseUseExplosion.rb:20:2475:20:2480 | self | UseUseExplosion.rb:20:2475:20:2480 | call to use | self |
+| UseUseExplosion.rb:20:2479:20:2479 | x | UseUseExplosion.rb:20:2475:20:2480 | call to use | position 0 |
+| UseUseExplosion.rb:20:2491:20:2496 | self | UseUseExplosion.rb:20:2491:20:2496 | call to use | self |
+| UseUseExplosion.rb:20:2495:20:2495 | x | UseUseExplosion.rb:20:2491:20:2496 | call to use | position 0 |
+| UseUseExplosion.rb:20:2507:20:2512 | self | UseUseExplosion.rb:20:2507:20:2512 | call to use | self |
+| UseUseExplosion.rb:20:2511:20:2511 | x | UseUseExplosion.rb:20:2507:20:2512 | call to use | position 0 |
+| UseUseExplosion.rb:20:2523:20:2528 | self | UseUseExplosion.rb:20:2523:20:2528 | call to use | self |
+| UseUseExplosion.rb:20:2527:20:2527 | x | UseUseExplosion.rb:20:2523:20:2528 | call to use | position 0 |
+| UseUseExplosion.rb:20:2539:20:2544 | self | UseUseExplosion.rb:20:2539:20:2544 | call to use | self |
+| UseUseExplosion.rb:20:2543:20:2543 | x | UseUseExplosion.rb:20:2539:20:2544 | call to use | position 0 |
+| UseUseExplosion.rb:20:2555:20:2560 | self | UseUseExplosion.rb:20:2555:20:2560 | call to use | self |
+| UseUseExplosion.rb:20:2559:20:2559 | x | UseUseExplosion.rb:20:2555:20:2560 | call to use | position 0 |
+| UseUseExplosion.rb:20:2571:20:2576 | self | UseUseExplosion.rb:20:2571:20:2576 | call to use | self |
+| UseUseExplosion.rb:20:2575:20:2575 | x | UseUseExplosion.rb:20:2571:20:2576 | call to use | position 0 |
+| UseUseExplosion.rb:20:2587:20:2592 | self | UseUseExplosion.rb:20:2587:20:2592 | call to use | self |
+| UseUseExplosion.rb:20:2591:20:2591 | x | UseUseExplosion.rb:20:2587:20:2592 | call to use | position 0 |
+| UseUseExplosion.rb:20:2603:20:2608 | self | UseUseExplosion.rb:20:2603:20:2608 | call to use | self |
+| UseUseExplosion.rb:20:2607:20:2607 | x | UseUseExplosion.rb:20:2603:20:2608 | call to use | position 0 |
+| UseUseExplosion.rb:20:2619:20:2624 | self | UseUseExplosion.rb:20:2619:20:2624 | call to use | self |
+| UseUseExplosion.rb:20:2623:20:2623 | x | UseUseExplosion.rb:20:2619:20:2624 | call to use | position 0 |
+| UseUseExplosion.rb:20:2635:20:2640 | self | UseUseExplosion.rb:20:2635:20:2640 | call to use | self |
+| UseUseExplosion.rb:20:2639:20:2639 | x | UseUseExplosion.rb:20:2635:20:2640 | call to use | position 0 |
+| UseUseExplosion.rb:20:2651:20:2656 | self | UseUseExplosion.rb:20:2651:20:2656 | call to use | self |
+| UseUseExplosion.rb:20:2655:20:2655 | x | UseUseExplosion.rb:20:2651:20:2656 | call to use | position 0 |
+| UseUseExplosion.rb:20:2667:20:2672 | self | UseUseExplosion.rb:20:2667:20:2672 | call to use | self |
+| UseUseExplosion.rb:20:2671:20:2671 | x | UseUseExplosion.rb:20:2667:20:2672 | call to use | position 0 |
+| UseUseExplosion.rb:20:2683:20:2688 | self | UseUseExplosion.rb:20:2683:20:2688 | call to use | self |
+| UseUseExplosion.rb:20:2687:20:2687 | x | UseUseExplosion.rb:20:2683:20:2688 | call to use | position 0 |
+| UseUseExplosion.rb:20:2699:20:2704 | self | UseUseExplosion.rb:20:2699:20:2704 | call to use | self |
+| UseUseExplosion.rb:20:2703:20:2703 | x | UseUseExplosion.rb:20:2699:20:2704 | call to use | position 0 |
+| UseUseExplosion.rb:20:2715:20:2720 | self | UseUseExplosion.rb:20:2715:20:2720 | call to use | self |
+| UseUseExplosion.rb:20:2719:20:2719 | x | UseUseExplosion.rb:20:2715:20:2720 | call to use | position 0 |
+| UseUseExplosion.rb:20:2731:20:2736 | self | UseUseExplosion.rb:20:2731:20:2736 | call to use | self |
+| UseUseExplosion.rb:20:2735:20:2735 | x | UseUseExplosion.rb:20:2731:20:2736 | call to use | position 0 |
+| UseUseExplosion.rb:20:2747:20:2752 | self | UseUseExplosion.rb:20:2747:20:2752 | call to use | self |
+| UseUseExplosion.rb:20:2751:20:2751 | x | UseUseExplosion.rb:20:2747:20:2752 | call to use | position 0 |
+| UseUseExplosion.rb:20:2763:20:2768 | self | UseUseExplosion.rb:20:2763:20:2768 | call to use | self |
+| UseUseExplosion.rb:20:2767:20:2767 | x | UseUseExplosion.rb:20:2763:20:2768 | call to use | position 0 |
+| UseUseExplosion.rb:20:2779:20:2784 | self | UseUseExplosion.rb:20:2779:20:2784 | call to use | self |
+| UseUseExplosion.rb:20:2783:20:2783 | x | UseUseExplosion.rb:20:2779:20:2784 | call to use | position 0 |
+| UseUseExplosion.rb:20:2795:20:2800 | self | UseUseExplosion.rb:20:2795:20:2800 | call to use | self |
+| UseUseExplosion.rb:20:2799:20:2799 | x | UseUseExplosion.rb:20:2795:20:2800 | call to use | position 0 |
+| UseUseExplosion.rb:20:2811:20:2816 | self | UseUseExplosion.rb:20:2811:20:2816 | call to use | self |
+| UseUseExplosion.rb:20:2815:20:2815 | x | UseUseExplosion.rb:20:2811:20:2816 | call to use | position 0 |
+| UseUseExplosion.rb:20:2827:20:2832 | self | UseUseExplosion.rb:20:2827:20:2832 | call to use | self |
+| UseUseExplosion.rb:20:2831:20:2831 | x | UseUseExplosion.rb:20:2827:20:2832 | call to use | position 0 |
+| UseUseExplosion.rb:20:2843:20:2848 | self | UseUseExplosion.rb:20:2843:20:2848 | call to use | self |
+| UseUseExplosion.rb:20:2847:20:2847 | x | UseUseExplosion.rb:20:2843:20:2848 | call to use | position 0 |
+| UseUseExplosion.rb:20:2859:20:2864 | self | UseUseExplosion.rb:20:2859:20:2864 | call to use | self |
+| UseUseExplosion.rb:20:2863:20:2863 | x | UseUseExplosion.rb:20:2859:20:2864 | call to use | position 0 |
+| UseUseExplosion.rb:20:2875:20:2880 | self | UseUseExplosion.rb:20:2875:20:2880 | call to use | self |
+| UseUseExplosion.rb:20:2879:20:2879 | x | UseUseExplosion.rb:20:2875:20:2880 | call to use | position 0 |
+| UseUseExplosion.rb:20:2891:20:2896 | self | UseUseExplosion.rb:20:2891:20:2896 | call to use | self |
+| UseUseExplosion.rb:20:2895:20:2895 | x | UseUseExplosion.rb:20:2891:20:2896 | call to use | position 0 |
+| UseUseExplosion.rb:20:2907:20:2912 | self | UseUseExplosion.rb:20:2907:20:2912 | call to use | self |
+| UseUseExplosion.rb:20:2911:20:2911 | x | UseUseExplosion.rb:20:2907:20:2912 | call to use | position 0 |
+| UseUseExplosion.rb:20:2923:20:2928 | self | UseUseExplosion.rb:20:2923:20:2928 | call to use | self |
+| UseUseExplosion.rb:20:2927:20:2927 | x | UseUseExplosion.rb:20:2923:20:2928 | call to use | position 0 |
+| UseUseExplosion.rb:20:2939:20:2944 | self | UseUseExplosion.rb:20:2939:20:2944 | call to use | self |
+| UseUseExplosion.rb:20:2943:20:2943 | x | UseUseExplosion.rb:20:2939:20:2944 | call to use | position 0 |
+| UseUseExplosion.rb:20:2955:20:2960 | self | UseUseExplosion.rb:20:2955:20:2960 | call to use | self |
+| UseUseExplosion.rb:20:2959:20:2959 | x | UseUseExplosion.rb:20:2955:20:2960 | call to use | position 0 |
+| UseUseExplosion.rb:20:2971:20:2976 | self | UseUseExplosion.rb:20:2971:20:2976 | call to use | self |
+| UseUseExplosion.rb:20:2975:20:2975 | x | UseUseExplosion.rb:20:2971:20:2976 | call to use | position 0 |
+| UseUseExplosion.rb:20:2987:20:2992 | self | UseUseExplosion.rb:20:2987:20:2992 | call to use | self |
+| UseUseExplosion.rb:20:2991:20:2991 | x | UseUseExplosion.rb:20:2987:20:2992 | call to use | position 0 |
+| UseUseExplosion.rb:20:3003:20:3008 | self | UseUseExplosion.rb:20:3003:20:3008 | call to use | self |
+| UseUseExplosion.rb:20:3007:20:3007 | x | UseUseExplosion.rb:20:3003:20:3008 | call to use | position 0 |
+| UseUseExplosion.rb:20:3019:20:3024 | self | UseUseExplosion.rb:20:3019:20:3024 | call to use | self |
+| UseUseExplosion.rb:20:3023:20:3023 | x | UseUseExplosion.rb:20:3019:20:3024 | call to use | position 0 |
+| UseUseExplosion.rb:20:3035:20:3040 | self | UseUseExplosion.rb:20:3035:20:3040 | call to use | self |
+| UseUseExplosion.rb:20:3039:20:3039 | x | UseUseExplosion.rb:20:3035:20:3040 | call to use | position 0 |
+| UseUseExplosion.rb:20:3051:20:3056 | self | UseUseExplosion.rb:20:3051:20:3056 | call to use | self |
+| UseUseExplosion.rb:20:3055:20:3055 | x | UseUseExplosion.rb:20:3051:20:3056 | call to use | position 0 |
+| UseUseExplosion.rb:20:3067:20:3072 | self | UseUseExplosion.rb:20:3067:20:3072 | call to use | self |
+| UseUseExplosion.rb:20:3071:20:3071 | x | UseUseExplosion.rb:20:3067:20:3072 | call to use | position 0 |
+| UseUseExplosion.rb:20:3083:20:3088 | self | UseUseExplosion.rb:20:3083:20:3088 | call to use | self |
+| UseUseExplosion.rb:20:3087:20:3087 | x | UseUseExplosion.rb:20:3083:20:3088 | call to use | position 0 |
+| UseUseExplosion.rb:20:3099:20:3104 | self | UseUseExplosion.rb:20:3099:20:3104 | call to use | self |
+| UseUseExplosion.rb:20:3103:20:3103 | x | UseUseExplosion.rb:20:3099:20:3104 | call to use | position 0 |
+| UseUseExplosion.rb:20:3115:20:3120 | self | UseUseExplosion.rb:20:3115:20:3120 | call to use | self |
+| UseUseExplosion.rb:20:3119:20:3119 | x | UseUseExplosion.rb:20:3115:20:3120 | call to use | position 0 |
+| UseUseExplosion.rb:20:3131:20:3136 | self | UseUseExplosion.rb:20:3131:20:3136 | call to use | self |
+| UseUseExplosion.rb:20:3135:20:3135 | x | UseUseExplosion.rb:20:3131:20:3136 | call to use | position 0 |
+| UseUseExplosion.rb:20:3147:20:3152 | self | UseUseExplosion.rb:20:3147:20:3152 | call to use | self |
+| UseUseExplosion.rb:20:3151:20:3151 | x | UseUseExplosion.rb:20:3147:20:3152 | call to use | position 0 |
+| UseUseExplosion.rb:20:3163:20:3168 | self | UseUseExplosion.rb:20:3163:20:3168 | call to use | self |
+| UseUseExplosion.rb:20:3167:20:3167 | x | UseUseExplosion.rb:20:3163:20:3168 | call to use | position 0 |
+| UseUseExplosion.rb:20:3179:20:3184 | self | UseUseExplosion.rb:20:3179:20:3184 | call to use | self |
+| UseUseExplosion.rb:20:3183:20:3183 | x | UseUseExplosion.rb:20:3179:20:3184 | call to use | position 0 |
+| UseUseExplosion.rb:20:3195:20:3200 | self | UseUseExplosion.rb:20:3195:20:3200 | call to use | self |
+| UseUseExplosion.rb:20:3199:20:3199 | x | UseUseExplosion.rb:20:3195:20:3200 | call to use | position 0 |
+| UseUseExplosion.rb:20:3211:20:3216 | self | UseUseExplosion.rb:20:3211:20:3216 | call to use | self |
+| UseUseExplosion.rb:20:3215:20:3215 | x | UseUseExplosion.rb:20:3211:20:3216 | call to use | position 0 |
+| UseUseExplosion.rb:20:3227:20:3232 | self | UseUseExplosion.rb:20:3227:20:3232 | call to use | self |
+| UseUseExplosion.rb:20:3231:20:3231 | x | UseUseExplosion.rb:20:3227:20:3232 | call to use | position 0 |
+| UseUseExplosion.rb:20:3243:20:3248 | self | UseUseExplosion.rb:20:3243:20:3248 | call to use | self |
+| UseUseExplosion.rb:20:3247:20:3247 | x | UseUseExplosion.rb:20:3243:20:3248 | call to use | position 0 |
+| UseUseExplosion.rb:20:3259:20:3264 | self | UseUseExplosion.rb:20:3259:20:3264 | call to use | self |
+| UseUseExplosion.rb:20:3263:20:3263 | x | UseUseExplosion.rb:20:3259:20:3264 | call to use | position 0 |
+| UseUseExplosion.rb:20:3275:20:3280 | self | UseUseExplosion.rb:20:3275:20:3280 | call to use | self |
+| UseUseExplosion.rb:20:3279:20:3279 | x | UseUseExplosion.rb:20:3275:20:3280 | call to use | position 0 |
+| UseUseExplosion.rb:20:3291:20:3296 | self | UseUseExplosion.rb:20:3291:20:3296 | call to use | self |
+| UseUseExplosion.rb:20:3295:20:3295 | x | UseUseExplosion.rb:20:3291:20:3296 | call to use | position 0 |
+| UseUseExplosion.rb:20:3307:20:3312 | self | UseUseExplosion.rb:20:3307:20:3312 | call to use | self |
+| UseUseExplosion.rb:20:3311:20:3311 | x | UseUseExplosion.rb:20:3307:20:3312 | call to use | position 0 |
+| UseUseExplosion.rb:20:3323:20:3328 | self | UseUseExplosion.rb:20:3323:20:3328 | call to use | self |
+| UseUseExplosion.rb:20:3327:20:3327 | x | UseUseExplosion.rb:20:3323:20:3328 | call to use | position 0 |
+| UseUseExplosion.rb:20:3339:20:3344 | self | UseUseExplosion.rb:20:3339:20:3344 | call to use | self |
+| UseUseExplosion.rb:20:3343:20:3343 | x | UseUseExplosion.rb:20:3339:20:3344 | call to use | position 0 |
+| UseUseExplosion.rb:20:3355:20:3360 | self | UseUseExplosion.rb:20:3355:20:3360 | call to use | self |
+| UseUseExplosion.rb:20:3359:20:3359 | x | UseUseExplosion.rb:20:3355:20:3360 | call to use | position 0 |
+| UseUseExplosion.rb:20:3371:20:3376 | self | UseUseExplosion.rb:20:3371:20:3376 | call to use | self |
+| UseUseExplosion.rb:20:3375:20:3375 | x | UseUseExplosion.rb:20:3371:20:3376 | call to use | position 0 |
+| UseUseExplosion.rb:20:3387:20:3392 | self | UseUseExplosion.rb:20:3387:20:3392 | call to use | self |
+| UseUseExplosion.rb:20:3391:20:3391 | x | UseUseExplosion.rb:20:3387:20:3392 | call to use | position 0 |
+| UseUseExplosion.rb:20:3403:20:3408 | self | UseUseExplosion.rb:20:3403:20:3408 | call to use | self |
+| UseUseExplosion.rb:20:3407:20:3407 | x | UseUseExplosion.rb:20:3403:20:3408 | call to use | position 0 |
+| UseUseExplosion.rb:20:3419:20:3424 | self | UseUseExplosion.rb:20:3419:20:3424 | call to use | self |
+| UseUseExplosion.rb:20:3423:20:3423 | x | UseUseExplosion.rb:20:3419:20:3424 | call to use | position 0 |
+| UseUseExplosion.rb:20:3435:20:3440 | self | UseUseExplosion.rb:20:3435:20:3440 | call to use | self |
+| UseUseExplosion.rb:20:3439:20:3439 | x | UseUseExplosion.rb:20:3435:20:3440 | call to use | position 0 |
+| UseUseExplosion.rb:20:3451:20:3456 | self | UseUseExplosion.rb:20:3451:20:3456 | call to use | self |
+| UseUseExplosion.rb:20:3455:20:3455 | x | UseUseExplosion.rb:20:3451:20:3456 | call to use | position 0 |
+| UseUseExplosion.rb:20:3467:20:3472 | self | UseUseExplosion.rb:20:3467:20:3472 | call to use | self |
+| UseUseExplosion.rb:20:3471:20:3471 | x | UseUseExplosion.rb:20:3467:20:3472 | call to use | position 0 |
+| UseUseExplosion.rb:20:3483:20:3488 | self | UseUseExplosion.rb:20:3483:20:3488 | call to use | self |
+| UseUseExplosion.rb:20:3487:20:3487 | x | UseUseExplosion.rb:20:3483:20:3488 | call to use | position 0 |
+| UseUseExplosion.rb:20:3499:20:3504 | self | UseUseExplosion.rb:20:3499:20:3504 | call to use | self |
+| UseUseExplosion.rb:20:3503:20:3503 | x | UseUseExplosion.rb:20:3499:20:3504 | call to use | position 0 |
+| UseUseExplosion.rb:20:3515:20:3520 | self | UseUseExplosion.rb:20:3515:20:3520 | call to use | self |
+| UseUseExplosion.rb:20:3519:20:3519 | x | UseUseExplosion.rb:20:3515:20:3520 | call to use | position 0 |
+| UseUseExplosion.rb:20:3531:20:3536 | self | UseUseExplosion.rb:20:3531:20:3536 | call to use | self |
+| UseUseExplosion.rb:20:3535:20:3535 | x | UseUseExplosion.rb:20:3531:20:3536 | call to use | position 0 |
+| UseUseExplosion.rb:20:3547:20:3552 | self | UseUseExplosion.rb:20:3547:20:3552 | call to use | self |
+| UseUseExplosion.rb:20:3551:20:3551 | x | UseUseExplosion.rb:20:3547:20:3552 | call to use | position 0 |
+| UseUseExplosion.rb:20:3563:20:3568 | self | UseUseExplosion.rb:20:3563:20:3568 | call to use | self |
+| UseUseExplosion.rb:20:3567:20:3567 | x | UseUseExplosion.rb:20:3563:20:3568 | call to use | position 0 |
+| UseUseExplosion.rb:20:3579:20:3584 | self | UseUseExplosion.rb:20:3579:20:3584 | call to use | self |
+| UseUseExplosion.rb:20:3583:20:3583 | x | UseUseExplosion.rb:20:3579:20:3584 | call to use | position 0 |
+| UseUseExplosion.rb:20:3595:20:3600 | self | UseUseExplosion.rb:20:3595:20:3600 | call to use | self |
+| UseUseExplosion.rb:20:3599:20:3599 | x | UseUseExplosion.rb:20:3595:20:3600 | call to use | position 0 |
+| UseUseExplosion.rb:20:3611:20:3616 | self | UseUseExplosion.rb:20:3611:20:3616 | call to use | self |
+| UseUseExplosion.rb:20:3615:20:3615 | x | UseUseExplosion.rb:20:3611:20:3616 | call to use | position 0 |
+| UseUseExplosion.rb:20:3627:20:3632 | self | UseUseExplosion.rb:20:3627:20:3632 | call to use | self |
+| UseUseExplosion.rb:20:3631:20:3631 | x | UseUseExplosion.rb:20:3627:20:3632 | call to use | position 0 |
+| UseUseExplosion.rb:20:3643:20:3648 | self | UseUseExplosion.rb:20:3643:20:3648 | call to use | self |
+| UseUseExplosion.rb:20:3647:20:3647 | x | UseUseExplosion.rb:20:3643:20:3648 | call to use | position 0 |
+| UseUseExplosion.rb:20:3659:20:3664 | self | UseUseExplosion.rb:20:3659:20:3664 | call to use | self |
+| UseUseExplosion.rb:20:3663:20:3663 | x | UseUseExplosion.rb:20:3659:20:3664 | call to use | position 0 |
+| UseUseExplosion.rb:20:3675:20:3680 | self | UseUseExplosion.rb:20:3675:20:3680 | call to use | self |
+| UseUseExplosion.rb:20:3679:20:3679 | x | UseUseExplosion.rb:20:3675:20:3680 | call to use | position 0 |
+| UseUseExplosion.rb:20:3691:20:3696 | self | UseUseExplosion.rb:20:3691:20:3696 | call to use | self |
+| UseUseExplosion.rb:20:3695:20:3695 | x | UseUseExplosion.rb:20:3691:20:3696 | call to use | position 0 |
+| UseUseExplosion.rb:21:13:21:17 | @prop | UseUseExplosion.rb:21:13:21:23 | ... > ... | self |
+| UseUseExplosion.rb:21:21:21:23 | 100 | UseUseExplosion.rb:21:13:21:23 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:35:21:39 | @prop | UseUseExplosion.rb:21:35:21:44 | ... > ... | self |
+| UseUseExplosion.rb:21:43:21:44 | 99 | UseUseExplosion.rb:21:35:21:44 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:56:21:60 | @prop | UseUseExplosion.rb:21:56:21:65 | ... > ... | self |
+| UseUseExplosion.rb:21:64:21:65 | 98 | UseUseExplosion.rb:21:56:21:65 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:77:21:81 | @prop | UseUseExplosion.rb:21:77:21:86 | ... > ... | self |
+| UseUseExplosion.rb:21:85:21:86 | 97 | UseUseExplosion.rb:21:77:21:86 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:98:21:102 | @prop | UseUseExplosion.rb:21:98:21:107 | ... > ... | self |
+| UseUseExplosion.rb:21:106:21:107 | 96 | UseUseExplosion.rb:21:98:21:107 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:119:21:123 | @prop | UseUseExplosion.rb:21:119:21:128 | ... > ... | self |
+| UseUseExplosion.rb:21:127:21:128 | 95 | UseUseExplosion.rb:21:119:21:128 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:140:21:144 | @prop | UseUseExplosion.rb:21:140:21:149 | ... > ... | self |
+| UseUseExplosion.rb:21:148:21:149 | 94 | UseUseExplosion.rb:21:140:21:149 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:161:21:165 | @prop | UseUseExplosion.rb:21:161:21:170 | ... > ... | self |
+| UseUseExplosion.rb:21:169:21:170 | 93 | UseUseExplosion.rb:21:161:21:170 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:182:21:186 | @prop | UseUseExplosion.rb:21:182:21:191 | ... > ... | self |
+| UseUseExplosion.rb:21:190:21:191 | 92 | UseUseExplosion.rb:21:182:21:191 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:203:21:207 | @prop | UseUseExplosion.rb:21:203:21:212 | ... > ... | self |
+| UseUseExplosion.rb:21:211:21:212 | 91 | UseUseExplosion.rb:21:203:21:212 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:224:21:228 | @prop | UseUseExplosion.rb:21:224:21:233 | ... > ... | self |
+| UseUseExplosion.rb:21:232:21:233 | 90 | UseUseExplosion.rb:21:224:21:233 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:245:21:249 | @prop | UseUseExplosion.rb:21:245:21:254 | ... > ... | self |
+| UseUseExplosion.rb:21:253:21:254 | 89 | UseUseExplosion.rb:21:245:21:254 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:266:21:270 | @prop | UseUseExplosion.rb:21:266:21:275 | ... > ... | self |
+| UseUseExplosion.rb:21:274:21:275 | 88 | UseUseExplosion.rb:21:266:21:275 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:287:21:291 | @prop | UseUseExplosion.rb:21:287:21:296 | ... > ... | self |
+| UseUseExplosion.rb:21:295:21:296 | 87 | UseUseExplosion.rb:21:287:21:296 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:308:21:312 | @prop | UseUseExplosion.rb:21:308:21:317 | ... > ... | self |
+| UseUseExplosion.rb:21:316:21:317 | 86 | UseUseExplosion.rb:21:308:21:317 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:329:21:333 | @prop | UseUseExplosion.rb:21:329:21:338 | ... > ... | self |
+| UseUseExplosion.rb:21:337:21:338 | 85 | UseUseExplosion.rb:21:329:21:338 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:350:21:354 | @prop | UseUseExplosion.rb:21:350:21:359 | ... > ... | self |
+| UseUseExplosion.rb:21:358:21:359 | 84 | UseUseExplosion.rb:21:350:21:359 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:371:21:375 | @prop | UseUseExplosion.rb:21:371:21:380 | ... > ... | self |
+| UseUseExplosion.rb:21:379:21:380 | 83 | UseUseExplosion.rb:21:371:21:380 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:392:21:396 | @prop | UseUseExplosion.rb:21:392:21:401 | ... > ... | self |
+| UseUseExplosion.rb:21:400:21:401 | 82 | UseUseExplosion.rb:21:392:21:401 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:413:21:417 | @prop | UseUseExplosion.rb:21:413:21:422 | ... > ... | self |
+| UseUseExplosion.rb:21:421:21:422 | 81 | UseUseExplosion.rb:21:413:21:422 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:434:21:438 | @prop | UseUseExplosion.rb:21:434:21:443 | ... > ... | self |
+| UseUseExplosion.rb:21:442:21:443 | 80 | UseUseExplosion.rb:21:434:21:443 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:455:21:459 | @prop | UseUseExplosion.rb:21:455:21:464 | ... > ... | self |
+| UseUseExplosion.rb:21:463:21:464 | 79 | UseUseExplosion.rb:21:455:21:464 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:476:21:480 | @prop | UseUseExplosion.rb:21:476:21:485 | ... > ... | self |
+| UseUseExplosion.rb:21:484:21:485 | 78 | UseUseExplosion.rb:21:476:21:485 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:497:21:501 | @prop | UseUseExplosion.rb:21:497:21:506 | ... > ... | self |
+| UseUseExplosion.rb:21:505:21:506 | 77 | UseUseExplosion.rb:21:497:21:506 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:518:21:522 | @prop | UseUseExplosion.rb:21:518:21:527 | ... > ... | self |
+| UseUseExplosion.rb:21:526:21:527 | 76 | UseUseExplosion.rb:21:518:21:527 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:539:21:543 | @prop | UseUseExplosion.rb:21:539:21:548 | ... > ... | self |
+| UseUseExplosion.rb:21:547:21:548 | 75 | UseUseExplosion.rb:21:539:21:548 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:560:21:564 | @prop | UseUseExplosion.rb:21:560:21:569 | ... > ... | self |
+| UseUseExplosion.rb:21:568:21:569 | 74 | UseUseExplosion.rb:21:560:21:569 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:581:21:585 | @prop | UseUseExplosion.rb:21:581:21:590 | ... > ... | self |
+| UseUseExplosion.rb:21:589:21:590 | 73 | UseUseExplosion.rb:21:581:21:590 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:602:21:606 | @prop | UseUseExplosion.rb:21:602:21:611 | ... > ... | self |
+| UseUseExplosion.rb:21:610:21:611 | 72 | UseUseExplosion.rb:21:602:21:611 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:623:21:627 | @prop | UseUseExplosion.rb:21:623:21:632 | ... > ... | self |
+| UseUseExplosion.rb:21:631:21:632 | 71 | UseUseExplosion.rb:21:623:21:632 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:644:21:648 | @prop | UseUseExplosion.rb:21:644:21:653 | ... > ... | self |
+| UseUseExplosion.rb:21:652:21:653 | 70 | UseUseExplosion.rb:21:644:21:653 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:665:21:669 | @prop | UseUseExplosion.rb:21:665:21:674 | ... > ... | self |
+| UseUseExplosion.rb:21:673:21:674 | 69 | UseUseExplosion.rb:21:665:21:674 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:686:21:690 | @prop | UseUseExplosion.rb:21:686:21:695 | ... > ... | self |
+| UseUseExplosion.rb:21:694:21:695 | 68 | UseUseExplosion.rb:21:686:21:695 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:707:21:711 | @prop | UseUseExplosion.rb:21:707:21:716 | ... > ... | self |
+| UseUseExplosion.rb:21:715:21:716 | 67 | UseUseExplosion.rb:21:707:21:716 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:728:21:732 | @prop | UseUseExplosion.rb:21:728:21:737 | ... > ... | self |
+| UseUseExplosion.rb:21:736:21:737 | 66 | UseUseExplosion.rb:21:728:21:737 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:749:21:753 | @prop | UseUseExplosion.rb:21:749:21:758 | ... > ... | self |
+| UseUseExplosion.rb:21:757:21:758 | 65 | UseUseExplosion.rb:21:749:21:758 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:770:21:774 | @prop | UseUseExplosion.rb:21:770:21:779 | ... > ... | self |
+| UseUseExplosion.rb:21:778:21:779 | 64 | UseUseExplosion.rb:21:770:21:779 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:791:21:795 | @prop | UseUseExplosion.rb:21:791:21:800 | ... > ... | self |
+| UseUseExplosion.rb:21:799:21:800 | 63 | UseUseExplosion.rb:21:791:21:800 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:812:21:816 | @prop | UseUseExplosion.rb:21:812:21:821 | ... > ... | self |
+| UseUseExplosion.rb:21:820:21:821 | 62 | UseUseExplosion.rb:21:812:21:821 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:833:21:837 | @prop | UseUseExplosion.rb:21:833:21:842 | ... > ... | self |
+| UseUseExplosion.rb:21:841:21:842 | 61 | UseUseExplosion.rb:21:833:21:842 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:854:21:858 | @prop | UseUseExplosion.rb:21:854:21:863 | ... > ... | self |
+| UseUseExplosion.rb:21:862:21:863 | 60 | UseUseExplosion.rb:21:854:21:863 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:875:21:879 | @prop | UseUseExplosion.rb:21:875:21:884 | ... > ... | self |
+| UseUseExplosion.rb:21:883:21:884 | 59 | UseUseExplosion.rb:21:875:21:884 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:896:21:900 | @prop | UseUseExplosion.rb:21:896:21:905 | ... > ... | self |
+| UseUseExplosion.rb:21:904:21:905 | 58 | UseUseExplosion.rb:21:896:21:905 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:917:21:921 | @prop | UseUseExplosion.rb:21:917:21:926 | ... > ... | self |
+| UseUseExplosion.rb:21:925:21:926 | 57 | UseUseExplosion.rb:21:917:21:926 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:938:21:942 | @prop | UseUseExplosion.rb:21:938:21:947 | ... > ... | self |
+| UseUseExplosion.rb:21:946:21:947 | 56 | UseUseExplosion.rb:21:938:21:947 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:959:21:963 | @prop | UseUseExplosion.rb:21:959:21:968 | ... > ... | self |
+| UseUseExplosion.rb:21:967:21:968 | 55 | UseUseExplosion.rb:21:959:21:968 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:980:21:984 | @prop | UseUseExplosion.rb:21:980:21:989 | ... > ... | self |
+| UseUseExplosion.rb:21:988:21:989 | 54 | UseUseExplosion.rb:21:980:21:989 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1001:21:1005 | @prop | UseUseExplosion.rb:21:1001:21:1010 | ... > ... | self |
+| UseUseExplosion.rb:21:1009:21:1010 | 53 | UseUseExplosion.rb:21:1001:21:1010 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1022:21:1026 | @prop | UseUseExplosion.rb:21:1022:21:1031 | ... > ... | self |
+| UseUseExplosion.rb:21:1030:21:1031 | 52 | UseUseExplosion.rb:21:1022:21:1031 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1043:21:1047 | @prop | UseUseExplosion.rb:21:1043:21:1052 | ... > ... | self |
+| UseUseExplosion.rb:21:1051:21:1052 | 51 | UseUseExplosion.rb:21:1043:21:1052 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1064:21:1068 | @prop | UseUseExplosion.rb:21:1064:21:1073 | ... > ... | self |
+| UseUseExplosion.rb:21:1072:21:1073 | 50 | UseUseExplosion.rb:21:1064:21:1073 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1085:21:1089 | @prop | UseUseExplosion.rb:21:1085:21:1094 | ... > ... | self |
+| UseUseExplosion.rb:21:1093:21:1094 | 49 | UseUseExplosion.rb:21:1085:21:1094 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1106:21:1110 | @prop | UseUseExplosion.rb:21:1106:21:1115 | ... > ... | self |
+| UseUseExplosion.rb:21:1114:21:1115 | 48 | UseUseExplosion.rb:21:1106:21:1115 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1127:21:1131 | @prop | UseUseExplosion.rb:21:1127:21:1136 | ... > ... | self |
+| UseUseExplosion.rb:21:1135:21:1136 | 47 | UseUseExplosion.rb:21:1127:21:1136 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1148:21:1152 | @prop | UseUseExplosion.rb:21:1148:21:1157 | ... > ... | self |
+| UseUseExplosion.rb:21:1156:21:1157 | 46 | UseUseExplosion.rb:21:1148:21:1157 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1169:21:1173 | @prop | UseUseExplosion.rb:21:1169:21:1178 | ... > ... | self |
+| UseUseExplosion.rb:21:1177:21:1178 | 45 | UseUseExplosion.rb:21:1169:21:1178 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1190:21:1194 | @prop | UseUseExplosion.rb:21:1190:21:1199 | ... > ... | self |
+| UseUseExplosion.rb:21:1198:21:1199 | 44 | UseUseExplosion.rb:21:1190:21:1199 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1211:21:1215 | @prop | UseUseExplosion.rb:21:1211:21:1220 | ... > ... | self |
+| UseUseExplosion.rb:21:1219:21:1220 | 43 | UseUseExplosion.rb:21:1211:21:1220 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1232:21:1236 | @prop | UseUseExplosion.rb:21:1232:21:1241 | ... > ... | self |
+| UseUseExplosion.rb:21:1240:21:1241 | 42 | UseUseExplosion.rb:21:1232:21:1241 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1253:21:1257 | @prop | UseUseExplosion.rb:21:1253:21:1262 | ... > ... | self |
+| UseUseExplosion.rb:21:1261:21:1262 | 41 | UseUseExplosion.rb:21:1253:21:1262 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1274:21:1278 | @prop | UseUseExplosion.rb:21:1274:21:1283 | ... > ... | self |
+| UseUseExplosion.rb:21:1282:21:1283 | 40 | UseUseExplosion.rb:21:1274:21:1283 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1295:21:1299 | @prop | UseUseExplosion.rb:21:1295:21:1304 | ... > ... | self |
+| UseUseExplosion.rb:21:1303:21:1304 | 39 | UseUseExplosion.rb:21:1295:21:1304 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1316:21:1320 | @prop | UseUseExplosion.rb:21:1316:21:1325 | ... > ... | self |
+| UseUseExplosion.rb:21:1324:21:1325 | 38 | UseUseExplosion.rb:21:1316:21:1325 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1337:21:1341 | @prop | UseUseExplosion.rb:21:1337:21:1346 | ... > ... | self |
+| UseUseExplosion.rb:21:1345:21:1346 | 37 | UseUseExplosion.rb:21:1337:21:1346 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1358:21:1362 | @prop | UseUseExplosion.rb:21:1358:21:1367 | ... > ... | self |
+| UseUseExplosion.rb:21:1366:21:1367 | 36 | UseUseExplosion.rb:21:1358:21:1367 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1379:21:1383 | @prop | UseUseExplosion.rb:21:1379:21:1388 | ... > ... | self |
+| UseUseExplosion.rb:21:1387:21:1388 | 35 | UseUseExplosion.rb:21:1379:21:1388 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1400:21:1404 | @prop | UseUseExplosion.rb:21:1400:21:1409 | ... > ... | self |
+| UseUseExplosion.rb:21:1408:21:1409 | 34 | UseUseExplosion.rb:21:1400:21:1409 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1421:21:1425 | @prop | UseUseExplosion.rb:21:1421:21:1430 | ... > ... | self |
+| UseUseExplosion.rb:21:1429:21:1430 | 33 | UseUseExplosion.rb:21:1421:21:1430 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1442:21:1446 | @prop | UseUseExplosion.rb:21:1442:21:1451 | ... > ... | self |
+| UseUseExplosion.rb:21:1450:21:1451 | 32 | UseUseExplosion.rb:21:1442:21:1451 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1463:21:1467 | @prop | UseUseExplosion.rb:21:1463:21:1472 | ... > ... | self |
+| UseUseExplosion.rb:21:1471:21:1472 | 31 | UseUseExplosion.rb:21:1463:21:1472 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1484:21:1488 | @prop | UseUseExplosion.rb:21:1484:21:1493 | ... > ... | self |
+| UseUseExplosion.rb:21:1492:21:1493 | 30 | UseUseExplosion.rb:21:1484:21:1493 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1505:21:1509 | @prop | UseUseExplosion.rb:21:1505:21:1514 | ... > ... | self |
+| UseUseExplosion.rb:21:1513:21:1514 | 29 | UseUseExplosion.rb:21:1505:21:1514 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1526:21:1530 | @prop | UseUseExplosion.rb:21:1526:21:1535 | ... > ... | self |
+| UseUseExplosion.rb:21:1534:21:1535 | 28 | UseUseExplosion.rb:21:1526:21:1535 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1547:21:1551 | @prop | UseUseExplosion.rb:21:1547:21:1556 | ... > ... | self |
+| UseUseExplosion.rb:21:1555:21:1556 | 27 | UseUseExplosion.rb:21:1547:21:1556 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1568:21:1572 | @prop | UseUseExplosion.rb:21:1568:21:1577 | ... > ... | self |
+| UseUseExplosion.rb:21:1576:21:1577 | 26 | UseUseExplosion.rb:21:1568:21:1577 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1589:21:1593 | @prop | UseUseExplosion.rb:21:1589:21:1598 | ... > ... | self |
+| UseUseExplosion.rb:21:1597:21:1598 | 25 | UseUseExplosion.rb:21:1589:21:1598 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1610:21:1614 | @prop | UseUseExplosion.rb:21:1610:21:1619 | ... > ... | self |
+| UseUseExplosion.rb:21:1618:21:1619 | 24 | UseUseExplosion.rb:21:1610:21:1619 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1631:21:1635 | @prop | UseUseExplosion.rb:21:1631:21:1640 | ... > ... | self |
+| UseUseExplosion.rb:21:1639:21:1640 | 23 | UseUseExplosion.rb:21:1631:21:1640 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1652:21:1656 | @prop | UseUseExplosion.rb:21:1652:21:1661 | ... > ... | self |
+| UseUseExplosion.rb:21:1660:21:1661 | 22 | UseUseExplosion.rb:21:1652:21:1661 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1673:21:1677 | @prop | UseUseExplosion.rb:21:1673:21:1682 | ... > ... | self |
+| UseUseExplosion.rb:21:1681:21:1682 | 21 | UseUseExplosion.rb:21:1673:21:1682 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1694:21:1698 | @prop | UseUseExplosion.rb:21:1694:21:1703 | ... > ... | self |
+| UseUseExplosion.rb:21:1702:21:1703 | 20 | UseUseExplosion.rb:21:1694:21:1703 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1715:21:1719 | @prop | UseUseExplosion.rb:21:1715:21:1724 | ... > ... | self |
+| UseUseExplosion.rb:21:1723:21:1724 | 19 | UseUseExplosion.rb:21:1715:21:1724 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1736:21:1740 | @prop | UseUseExplosion.rb:21:1736:21:1745 | ... > ... | self |
+| UseUseExplosion.rb:21:1744:21:1745 | 18 | UseUseExplosion.rb:21:1736:21:1745 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1757:21:1761 | @prop | UseUseExplosion.rb:21:1757:21:1766 | ... > ... | self |
+| UseUseExplosion.rb:21:1765:21:1766 | 17 | UseUseExplosion.rb:21:1757:21:1766 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1778:21:1782 | @prop | UseUseExplosion.rb:21:1778:21:1787 | ... > ... | self |
+| UseUseExplosion.rb:21:1786:21:1787 | 16 | UseUseExplosion.rb:21:1778:21:1787 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1799:21:1803 | @prop | UseUseExplosion.rb:21:1799:21:1808 | ... > ... | self |
+| UseUseExplosion.rb:21:1807:21:1808 | 15 | UseUseExplosion.rb:21:1799:21:1808 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1820:21:1824 | @prop | UseUseExplosion.rb:21:1820:21:1829 | ... > ... | self |
+| UseUseExplosion.rb:21:1828:21:1829 | 14 | UseUseExplosion.rb:21:1820:21:1829 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1841:21:1845 | @prop | UseUseExplosion.rb:21:1841:21:1850 | ... > ... | self |
+| UseUseExplosion.rb:21:1849:21:1850 | 13 | UseUseExplosion.rb:21:1841:21:1850 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1862:21:1866 | @prop | UseUseExplosion.rb:21:1862:21:1871 | ... > ... | self |
+| UseUseExplosion.rb:21:1870:21:1871 | 12 | UseUseExplosion.rb:21:1862:21:1871 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1883:21:1887 | @prop | UseUseExplosion.rb:21:1883:21:1892 | ... > ... | self |
+| UseUseExplosion.rb:21:1891:21:1892 | 11 | UseUseExplosion.rb:21:1883:21:1892 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1904:21:1908 | @prop | UseUseExplosion.rb:21:1904:21:1913 | ... > ... | self |
+| UseUseExplosion.rb:21:1912:21:1913 | 10 | UseUseExplosion.rb:21:1904:21:1913 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1925:21:1929 | @prop | UseUseExplosion.rb:21:1925:21:1933 | ... > ... | self |
+| UseUseExplosion.rb:21:1933:21:1933 | 9 | UseUseExplosion.rb:21:1925:21:1933 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1945:21:1949 | @prop | UseUseExplosion.rb:21:1945:21:1953 | ... > ... | self |
+| UseUseExplosion.rb:21:1953:21:1953 | 8 | UseUseExplosion.rb:21:1945:21:1953 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1965:21:1969 | @prop | UseUseExplosion.rb:21:1965:21:1973 | ... > ... | self |
+| UseUseExplosion.rb:21:1973:21:1973 | 7 | UseUseExplosion.rb:21:1965:21:1973 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:1985:21:1989 | @prop | UseUseExplosion.rb:21:1985:21:1993 | ... > ... | self |
+| UseUseExplosion.rb:21:1993:21:1993 | 6 | UseUseExplosion.rb:21:1985:21:1993 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2005:21:2009 | @prop | UseUseExplosion.rb:21:2005:21:2013 | ... > ... | self |
+| UseUseExplosion.rb:21:2013:21:2013 | 5 | UseUseExplosion.rb:21:2005:21:2013 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2025:21:2029 | @prop | UseUseExplosion.rb:21:2025:21:2033 | ... > ... | self |
+| UseUseExplosion.rb:21:2033:21:2033 | 4 | UseUseExplosion.rb:21:2025:21:2033 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2045:21:2049 | @prop | UseUseExplosion.rb:21:2045:21:2053 | ... > ... | self |
+| UseUseExplosion.rb:21:2053:21:2053 | 3 | UseUseExplosion.rb:21:2045:21:2053 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2065:21:2069 | @prop | UseUseExplosion.rb:21:2065:21:2073 | ... > ... | self |
+| UseUseExplosion.rb:21:2073:21:2073 | 2 | UseUseExplosion.rb:21:2065:21:2073 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2085:21:2089 | @prop | UseUseExplosion.rb:21:2085:21:2093 | ... > ... | self |
+| UseUseExplosion.rb:21:2093:21:2093 | 1 | UseUseExplosion.rb:21:2085:21:2093 | ... > ... | position 0 |
+| UseUseExplosion.rb:21:2107:21:2112 | self | UseUseExplosion.rb:21:2107:21:2112 | call to use | self |
+| UseUseExplosion.rb:21:2111:21:2111 | x | UseUseExplosion.rb:21:2107:21:2112 | call to use | position 0 |
+| UseUseExplosion.rb:21:2123:21:2128 | self | UseUseExplosion.rb:21:2123:21:2128 | call to use | self |
+| UseUseExplosion.rb:21:2127:21:2127 | x | UseUseExplosion.rb:21:2123:21:2128 | call to use | position 0 |
+| UseUseExplosion.rb:21:2139:21:2144 | self | UseUseExplosion.rb:21:2139:21:2144 | call to use | self |
+| UseUseExplosion.rb:21:2143:21:2143 | x | UseUseExplosion.rb:21:2139:21:2144 | call to use | position 0 |
+| UseUseExplosion.rb:21:2155:21:2160 | self | UseUseExplosion.rb:21:2155:21:2160 | call to use | self |
+| UseUseExplosion.rb:21:2159:21:2159 | x | UseUseExplosion.rb:21:2155:21:2160 | call to use | position 0 |
+| UseUseExplosion.rb:21:2171:21:2176 | self | UseUseExplosion.rb:21:2171:21:2176 | call to use | self |
+| UseUseExplosion.rb:21:2175:21:2175 | x | UseUseExplosion.rb:21:2171:21:2176 | call to use | position 0 |
+| UseUseExplosion.rb:21:2187:21:2192 | self | UseUseExplosion.rb:21:2187:21:2192 | call to use | self |
+| UseUseExplosion.rb:21:2191:21:2191 | x | UseUseExplosion.rb:21:2187:21:2192 | call to use | position 0 |
+| UseUseExplosion.rb:21:2203:21:2208 | self | UseUseExplosion.rb:21:2203:21:2208 | call to use | self |
+| UseUseExplosion.rb:21:2207:21:2207 | x | UseUseExplosion.rb:21:2203:21:2208 | call to use | position 0 |
+| UseUseExplosion.rb:21:2219:21:2224 | self | UseUseExplosion.rb:21:2219:21:2224 | call to use | self |
+| UseUseExplosion.rb:21:2223:21:2223 | x | UseUseExplosion.rb:21:2219:21:2224 | call to use | position 0 |
+| UseUseExplosion.rb:21:2235:21:2240 | self | UseUseExplosion.rb:21:2235:21:2240 | call to use | self |
+| UseUseExplosion.rb:21:2239:21:2239 | x | UseUseExplosion.rb:21:2235:21:2240 | call to use | position 0 |
+| UseUseExplosion.rb:21:2251:21:2256 | self | UseUseExplosion.rb:21:2251:21:2256 | call to use | self |
+| UseUseExplosion.rb:21:2255:21:2255 | x | UseUseExplosion.rb:21:2251:21:2256 | call to use | position 0 |
+| UseUseExplosion.rb:21:2267:21:2272 | self | UseUseExplosion.rb:21:2267:21:2272 | call to use | self |
+| UseUseExplosion.rb:21:2271:21:2271 | x | UseUseExplosion.rb:21:2267:21:2272 | call to use | position 0 |
+| UseUseExplosion.rb:21:2283:21:2288 | self | UseUseExplosion.rb:21:2283:21:2288 | call to use | self |
+| UseUseExplosion.rb:21:2287:21:2287 | x | UseUseExplosion.rb:21:2283:21:2288 | call to use | position 0 |
+| UseUseExplosion.rb:21:2299:21:2304 | self | UseUseExplosion.rb:21:2299:21:2304 | call to use | self |
+| UseUseExplosion.rb:21:2303:21:2303 | x | UseUseExplosion.rb:21:2299:21:2304 | call to use | position 0 |
+| UseUseExplosion.rb:21:2315:21:2320 | self | UseUseExplosion.rb:21:2315:21:2320 | call to use | self |
+| UseUseExplosion.rb:21:2319:21:2319 | x | UseUseExplosion.rb:21:2315:21:2320 | call to use | position 0 |
+| UseUseExplosion.rb:21:2331:21:2336 | self | UseUseExplosion.rb:21:2331:21:2336 | call to use | self |
+| UseUseExplosion.rb:21:2335:21:2335 | x | UseUseExplosion.rb:21:2331:21:2336 | call to use | position 0 |
+| UseUseExplosion.rb:21:2347:21:2352 | self | UseUseExplosion.rb:21:2347:21:2352 | call to use | self |
+| UseUseExplosion.rb:21:2351:21:2351 | x | UseUseExplosion.rb:21:2347:21:2352 | call to use | position 0 |
+| UseUseExplosion.rb:21:2363:21:2368 | self | UseUseExplosion.rb:21:2363:21:2368 | call to use | self |
+| UseUseExplosion.rb:21:2367:21:2367 | x | UseUseExplosion.rb:21:2363:21:2368 | call to use | position 0 |
+| UseUseExplosion.rb:21:2379:21:2384 | self | UseUseExplosion.rb:21:2379:21:2384 | call to use | self |
+| UseUseExplosion.rb:21:2383:21:2383 | x | UseUseExplosion.rb:21:2379:21:2384 | call to use | position 0 |
+| UseUseExplosion.rb:21:2395:21:2400 | self | UseUseExplosion.rb:21:2395:21:2400 | call to use | self |
+| UseUseExplosion.rb:21:2399:21:2399 | x | UseUseExplosion.rb:21:2395:21:2400 | call to use | position 0 |
+| UseUseExplosion.rb:21:2411:21:2416 | self | UseUseExplosion.rb:21:2411:21:2416 | call to use | self |
+| UseUseExplosion.rb:21:2415:21:2415 | x | UseUseExplosion.rb:21:2411:21:2416 | call to use | position 0 |
+| UseUseExplosion.rb:21:2427:21:2432 | self | UseUseExplosion.rb:21:2427:21:2432 | call to use | self |
+| UseUseExplosion.rb:21:2431:21:2431 | x | UseUseExplosion.rb:21:2427:21:2432 | call to use | position 0 |
+| UseUseExplosion.rb:21:2443:21:2448 | self | UseUseExplosion.rb:21:2443:21:2448 | call to use | self |
+| UseUseExplosion.rb:21:2447:21:2447 | x | UseUseExplosion.rb:21:2443:21:2448 | call to use | position 0 |
+| UseUseExplosion.rb:21:2459:21:2464 | self | UseUseExplosion.rb:21:2459:21:2464 | call to use | self |
+| UseUseExplosion.rb:21:2463:21:2463 | x | UseUseExplosion.rb:21:2459:21:2464 | call to use | position 0 |
+| UseUseExplosion.rb:21:2475:21:2480 | self | UseUseExplosion.rb:21:2475:21:2480 | call to use | self |
+| UseUseExplosion.rb:21:2479:21:2479 | x | UseUseExplosion.rb:21:2475:21:2480 | call to use | position 0 |
+| UseUseExplosion.rb:21:2491:21:2496 | self | UseUseExplosion.rb:21:2491:21:2496 | call to use | self |
+| UseUseExplosion.rb:21:2495:21:2495 | x | UseUseExplosion.rb:21:2491:21:2496 | call to use | position 0 |
+| UseUseExplosion.rb:21:2507:21:2512 | self | UseUseExplosion.rb:21:2507:21:2512 | call to use | self |
+| UseUseExplosion.rb:21:2511:21:2511 | x | UseUseExplosion.rb:21:2507:21:2512 | call to use | position 0 |
+| UseUseExplosion.rb:21:2523:21:2528 | self | UseUseExplosion.rb:21:2523:21:2528 | call to use | self |
+| UseUseExplosion.rb:21:2527:21:2527 | x | UseUseExplosion.rb:21:2523:21:2528 | call to use | position 0 |
+| UseUseExplosion.rb:21:2539:21:2544 | self | UseUseExplosion.rb:21:2539:21:2544 | call to use | self |
+| UseUseExplosion.rb:21:2543:21:2543 | x | UseUseExplosion.rb:21:2539:21:2544 | call to use | position 0 |
+| UseUseExplosion.rb:21:2555:21:2560 | self | UseUseExplosion.rb:21:2555:21:2560 | call to use | self |
+| UseUseExplosion.rb:21:2559:21:2559 | x | UseUseExplosion.rb:21:2555:21:2560 | call to use | position 0 |
+| UseUseExplosion.rb:21:2571:21:2576 | self | UseUseExplosion.rb:21:2571:21:2576 | call to use | self |
+| UseUseExplosion.rb:21:2575:21:2575 | x | UseUseExplosion.rb:21:2571:21:2576 | call to use | position 0 |
+| UseUseExplosion.rb:21:2587:21:2592 | self | UseUseExplosion.rb:21:2587:21:2592 | call to use | self |
+| UseUseExplosion.rb:21:2591:21:2591 | x | UseUseExplosion.rb:21:2587:21:2592 | call to use | position 0 |
+| UseUseExplosion.rb:21:2603:21:2608 | self | UseUseExplosion.rb:21:2603:21:2608 | call to use | self |
+| UseUseExplosion.rb:21:2607:21:2607 | x | UseUseExplosion.rb:21:2603:21:2608 | call to use | position 0 |
+| UseUseExplosion.rb:21:2619:21:2624 | self | UseUseExplosion.rb:21:2619:21:2624 | call to use | self |
+| UseUseExplosion.rb:21:2623:21:2623 | x | UseUseExplosion.rb:21:2619:21:2624 | call to use | position 0 |
+| UseUseExplosion.rb:21:2635:21:2640 | self | UseUseExplosion.rb:21:2635:21:2640 | call to use | self |
+| UseUseExplosion.rb:21:2639:21:2639 | x | UseUseExplosion.rb:21:2635:21:2640 | call to use | position 0 |
+| UseUseExplosion.rb:21:2651:21:2656 | self | UseUseExplosion.rb:21:2651:21:2656 | call to use | self |
+| UseUseExplosion.rb:21:2655:21:2655 | x | UseUseExplosion.rb:21:2651:21:2656 | call to use | position 0 |
+| UseUseExplosion.rb:21:2667:21:2672 | self | UseUseExplosion.rb:21:2667:21:2672 | call to use | self |
+| UseUseExplosion.rb:21:2671:21:2671 | x | UseUseExplosion.rb:21:2667:21:2672 | call to use | position 0 |
+| UseUseExplosion.rb:21:2683:21:2688 | self | UseUseExplosion.rb:21:2683:21:2688 | call to use | self |
+| UseUseExplosion.rb:21:2687:21:2687 | x | UseUseExplosion.rb:21:2683:21:2688 | call to use | position 0 |
+| UseUseExplosion.rb:21:2699:21:2704 | self | UseUseExplosion.rb:21:2699:21:2704 | call to use | self |
+| UseUseExplosion.rb:21:2703:21:2703 | x | UseUseExplosion.rb:21:2699:21:2704 | call to use | position 0 |
+| UseUseExplosion.rb:21:2715:21:2720 | self | UseUseExplosion.rb:21:2715:21:2720 | call to use | self |
+| UseUseExplosion.rb:21:2719:21:2719 | x | UseUseExplosion.rb:21:2715:21:2720 | call to use | position 0 |
+| UseUseExplosion.rb:21:2731:21:2736 | self | UseUseExplosion.rb:21:2731:21:2736 | call to use | self |
+| UseUseExplosion.rb:21:2735:21:2735 | x | UseUseExplosion.rb:21:2731:21:2736 | call to use | position 0 |
+| UseUseExplosion.rb:21:2747:21:2752 | self | UseUseExplosion.rb:21:2747:21:2752 | call to use | self |
+| UseUseExplosion.rb:21:2751:21:2751 | x | UseUseExplosion.rb:21:2747:21:2752 | call to use | position 0 |
+| UseUseExplosion.rb:21:2763:21:2768 | self | UseUseExplosion.rb:21:2763:21:2768 | call to use | self |
+| UseUseExplosion.rb:21:2767:21:2767 | x | UseUseExplosion.rb:21:2763:21:2768 | call to use | position 0 |
+| UseUseExplosion.rb:21:2779:21:2784 | self | UseUseExplosion.rb:21:2779:21:2784 | call to use | self |
+| UseUseExplosion.rb:21:2783:21:2783 | x | UseUseExplosion.rb:21:2779:21:2784 | call to use | position 0 |
+| UseUseExplosion.rb:21:2795:21:2800 | self | UseUseExplosion.rb:21:2795:21:2800 | call to use | self |
+| UseUseExplosion.rb:21:2799:21:2799 | x | UseUseExplosion.rb:21:2795:21:2800 | call to use | position 0 |
+| UseUseExplosion.rb:21:2811:21:2816 | self | UseUseExplosion.rb:21:2811:21:2816 | call to use | self |
+| UseUseExplosion.rb:21:2815:21:2815 | x | UseUseExplosion.rb:21:2811:21:2816 | call to use | position 0 |
+| UseUseExplosion.rb:21:2827:21:2832 | self | UseUseExplosion.rb:21:2827:21:2832 | call to use | self |
+| UseUseExplosion.rb:21:2831:21:2831 | x | UseUseExplosion.rb:21:2827:21:2832 | call to use | position 0 |
+| UseUseExplosion.rb:21:2843:21:2848 | self | UseUseExplosion.rb:21:2843:21:2848 | call to use | self |
+| UseUseExplosion.rb:21:2847:21:2847 | x | UseUseExplosion.rb:21:2843:21:2848 | call to use | position 0 |
+| UseUseExplosion.rb:21:2859:21:2864 | self | UseUseExplosion.rb:21:2859:21:2864 | call to use | self |
+| UseUseExplosion.rb:21:2863:21:2863 | x | UseUseExplosion.rb:21:2859:21:2864 | call to use | position 0 |
+| UseUseExplosion.rb:21:2875:21:2880 | self | UseUseExplosion.rb:21:2875:21:2880 | call to use | self |
+| UseUseExplosion.rb:21:2879:21:2879 | x | UseUseExplosion.rb:21:2875:21:2880 | call to use | position 0 |
+| UseUseExplosion.rb:21:2891:21:2896 | self | UseUseExplosion.rb:21:2891:21:2896 | call to use | self |
+| UseUseExplosion.rb:21:2895:21:2895 | x | UseUseExplosion.rb:21:2891:21:2896 | call to use | position 0 |
+| UseUseExplosion.rb:21:2907:21:2912 | self | UseUseExplosion.rb:21:2907:21:2912 | call to use | self |
+| UseUseExplosion.rb:21:2911:21:2911 | x | UseUseExplosion.rb:21:2907:21:2912 | call to use | position 0 |
+| UseUseExplosion.rb:21:2923:21:2928 | self | UseUseExplosion.rb:21:2923:21:2928 | call to use | self |
+| UseUseExplosion.rb:21:2927:21:2927 | x | UseUseExplosion.rb:21:2923:21:2928 | call to use | position 0 |
+| UseUseExplosion.rb:21:2939:21:2944 | self | UseUseExplosion.rb:21:2939:21:2944 | call to use | self |
+| UseUseExplosion.rb:21:2943:21:2943 | x | UseUseExplosion.rb:21:2939:21:2944 | call to use | position 0 |
+| UseUseExplosion.rb:21:2955:21:2960 | self | UseUseExplosion.rb:21:2955:21:2960 | call to use | self |
+| UseUseExplosion.rb:21:2959:21:2959 | x | UseUseExplosion.rb:21:2955:21:2960 | call to use | position 0 |
+| UseUseExplosion.rb:21:2971:21:2976 | self | UseUseExplosion.rb:21:2971:21:2976 | call to use | self |
+| UseUseExplosion.rb:21:2975:21:2975 | x | UseUseExplosion.rb:21:2971:21:2976 | call to use | position 0 |
+| UseUseExplosion.rb:21:2987:21:2992 | self | UseUseExplosion.rb:21:2987:21:2992 | call to use | self |
+| UseUseExplosion.rb:21:2991:21:2991 | x | UseUseExplosion.rb:21:2987:21:2992 | call to use | position 0 |
+| UseUseExplosion.rb:21:3003:21:3008 | self | UseUseExplosion.rb:21:3003:21:3008 | call to use | self |
+| UseUseExplosion.rb:21:3007:21:3007 | x | UseUseExplosion.rb:21:3003:21:3008 | call to use | position 0 |
+| UseUseExplosion.rb:21:3019:21:3024 | self | UseUseExplosion.rb:21:3019:21:3024 | call to use | self |
+| UseUseExplosion.rb:21:3023:21:3023 | x | UseUseExplosion.rb:21:3019:21:3024 | call to use | position 0 |
+| UseUseExplosion.rb:21:3035:21:3040 | self | UseUseExplosion.rb:21:3035:21:3040 | call to use | self |
+| UseUseExplosion.rb:21:3039:21:3039 | x | UseUseExplosion.rb:21:3035:21:3040 | call to use | position 0 |
+| UseUseExplosion.rb:21:3051:21:3056 | self | UseUseExplosion.rb:21:3051:21:3056 | call to use | self |
+| UseUseExplosion.rb:21:3055:21:3055 | x | UseUseExplosion.rb:21:3051:21:3056 | call to use | position 0 |
+| UseUseExplosion.rb:21:3067:21:3072 | self | UseUseExplosion.rb:21:3067:21:3072 | call to use | self |
+| UseUseExplosion.rb:21:3071:21:3071 | x | UseUseExplosion.rb:21:3067:21:3072 | call to use | position 0 |
+| UseUseExplosion.rb:21:3083:21:3088 | self | UseUseExplosion.rb:21:3083:21:3088 | call to use | self |
+| UseUseExplosion.rb:21:3087:21:3087 | x | UseUseExplosion.rb:21:3083:21:3088 | call to use | position 0 |
+| UseUseExplosion.rb:21:3099:21:3104 | self | UseUseExplosion.rb:21:3099:21:3104 | call to use | self |
+| UseUseExplosion.rb:21:3103:21:3103 | x | UseUseExplosion.rb:21:3099:21:3104 | call to use | position 0 |
+| UseUseExplosion.rb:21:3115:21:3120 | self | UseUseExplosion.rb:21:3115:21:3120 | call to use | self |
+| UseUseExplosion.rb:21:3119:21:3119 | x | UseUseExplosion.rb:21:3115:21:3120 | call to use | position 0 |
+| UseUseExplosion.rb:21:3131:21:3136 | self | UseUseExplosion.rb:21:3131:21:3136 | call to use | self |
+| UseUseExplosion.rb:21:3135:21:3135 | x | UseUseExplosion.rb:21:3131:21:3136 | call to use | position 0 |
+| UseUseExplosion.rb:21:3147:21:3152 | self | UseUseExplosion.rb:21:3147:21:3152 | call to use | self |
+| UseUseExplosion.rb:21:3151:21:3151 | x | UseUseExplosion.rb:21:3147:21:3152 | call to use | position 0 |
+| UseUseExplosion.rb:21:3163:21:3168 | self | UseUseExplosion.rb:21:3163:21:3168 | call to use | self |
+| UseUseExplosion.rb:21:3167:21:3167 | x | UseUseExplosion.rb:21:3163:21:3168 | call to use | position 0 |
+| UseUseExplosion.rb:21:3179:21:3184 | self | UseUseExplosion.rb:21:3179:21:3184 | call to use | self |
+| UseUseExplosion.rb:21:3183:21:3183 | x | UseUseExplosion.rb:21:3179:21:3184 | call to use | position 0 |
+| UseUseExplosion.rb:21:3195:21:3200 | self | UseUseExplosion.rb:21:3195:21:3200 | call to use | self |
+| UseUseExplosion.rb:21:3199:21:3199 | x | UseUseExplosion.rb:21:3195:21:3200 | call to use | position 0 |
+| UseUseExplosion.rb:21:3211:21:3216 | self | UseUseExplosion.rb:21:3211:21:3216 | call to use | self |
+| UseUseExplosion.rb:21:3215:21:3215 | x | UseUseExplosion.rb:21:3211:21:3216 | call to use | position 0 |
+| UseUseExplosion.rb:21:3227:21:3232 | self | UseUseExplosion.rb:21:3227:21:3232 | call to use | self |
+| UseUseExplosion.rb:21:3231:21:3231 | x | UseUseExplosion.rb:21:3227:21:3232 | call to use | position 0 |
+| UseUseExplosion.rb:21:3243:21:3248 | self | UseUseExplosion.rb:21:3243:21:3248 | call to use | self |
+| UseUseExplosion.rb:21:3247:21:3247 | x | UseUseExplosion.rb:21:3243:21:3248 | call to use | position 0 |
+| UseUseExplosion.rb:21:3259:21:3264 | self | UseUseExplosion.rb:21:3259:21:3264 | call to use | self |
+| UseUseExplosion.rb:21:3263:21:3263 | x | UseUseExplosion.rb:21:3259:21:3264 | call to use | position 0 |
+| UseUseExplosion.rb:21:3275:21:3280 | self | UseUseExplosion.rb:21:3275:21:3280 | call to use | self |
+| UseUseExplosion.rb:21:3279:21:3279 | x | UseUseExplosion.rb:21:3275:21:3280 | call to use | position 0 |
+| UseUseExplosion.rb:21:3291:21:3296 | self | UseUseExplosion.rb:21:3291:21:3296 | call to use | self |
+| UseUseExplosion.rb:21:3295:21:3295 | x | UseUseExplosion.rb:21:3291:21:3296 | call to use | position 0 |
+| UseUseExplosion.rb:21:3307:21:3312 | self | UseUseExplosion.rb:21:3307:21:3312 | call to use | self |
+| UseUseExplosion.rb:21:3311:21:3311 | x | UseUseExplosion.rb:21:3307:21:3312 | call to use | position 0 |
+| UseUseExplosion.rb:21:3323:21:3328 | self | UseUseExplosion.rb:21:3323:21:3328 | call to use | self |
+| UseUseExplosion.rb:21:3327:21:3327 | x | UseUseExplosion.rb:21:3323:21:3328 | call to use | position 0 |
+| UseUseExplosion.rb:21:3339:21:3344 | self | UseUseExplosion.rb:21:3339:21:3344 | call to use | self |
+| UseUseExplosion.rb:21:3343:21:3343 | x | UseUseExplosion.rb:21:3339:21:3344 | call to use | position 0 |
+| UseUseExplosion.rb:21:3355:21:3360 | self | UseUseExplosion.rb:21:3355:21:3360 | call to use | self |
+| UseUseExplosion.rb:21:3359:21:3359 | x | UseUseExplosion.rb:21:3355:21:3360 | call to use | position 0 |
+| UseUseExplosion.rb:21:3371:21:3376 | self | UseUseExplosion.rb:21:3371:21:3376 | call to use | self |
+| UseUseExplosion.rb:21:3375:21:3375 | x | UseUseExplosion.rb:21:3371:21:3376 | call to use | position 0 |
+| UseUseExplosion.rb:21:3387:21:3392 | self | UseUseExplosion.rb:21:3387:21:3392 | call to use | self |
+| UseUseExplosion.rb:21:3391:21:3391 | x | UseUseExplosion.rb:21:3387:21:3392 | call to use | position 0 |
+| UseUseExplosion.rb:21:3403:21:3408 | self | UseUseExplosion.rb:21:3403:21:3408 | call to use | self |
+| UseUseExplosion.rb:21:3407:21:3407 | x | UseUseExplosion.rb:21:3403:21:3408 | call to use | position 0 |
+| UseUseExplosion.rb:21:3419:21:3424 | self | UseUseExplosion.rb:21:3419:21:3424 | call to use | self |
+| UseUseExplosion.rb:21:3423:21:3423 | x | UseUseExplosion.rb:21:3419:21:3424 | call to use | position 0 |
+| UseUseExplosion.rb:21:3435:21:3440 | self | UseUseExplosion.rb:21:3435:21:3440 | call to use | self |
+| UseUseExplosion.rb:21:3439:21:3439 | x | UseUseExplosion.rb:21:3435:21:3440 | call to use | position 0 |
+| UseUseExplosion.rb:21:3451:21:3456 | self | UseUseExplosion.rb:21:3451:21:3456 | call to use | self |
+| UseUseExplosion.rb:21:3455:21:3455 | x | UseUseExplosion.rb:21:3451:21:3456 | call to use | position 0 |
+| UseUseExplosion.rb:21:3467:21:3472 | self | UseUseExplosion.rb:21:3467:21:3472 | call to use | self |
+| UseUseExplosion.rb:21:3471:21:3471 | x | UseUseExplosion.rb:21:3467:21:3472 | call to use | position 0 |
+| UseUseExplosion.rb:21:3483:21:3488 | self | UseUseExplosion.rb:21:3483:21:3488 | call to use | self |
+| UseUseExplosion.rb:21:3487:21:3487 | x | UseUseExplosion.rb:21:3483:21:3488 | call to use | position 0 |
+| UseUseExplosion.rb:21:3499:21:3504 | self | UseUseExplosion.rb:21:3499:21:3504 | call to use | self |
+| UseUseExplosion.rb:21:3503:21:3503 | x | UseUseExplosion.rb:21:3499:21:3504 | call to use | position 0 |
+| UseUseExplosion.rb:21:3515:21:3520 | self | UseUseExplosion.rb:21:3515:21:3520 | call to use | self |
+| UseUseExplosion.rb:21:3519:21:3519 | x | UseUseExplosion.rb:21:3515:21:3520 | call to use | position 0 |
+| UseUseExplosion.rb:21:3531:21:3536 | self | UseUseExplosion.rb:21:3531:21:3536 | call to use | self |
+| UseUseExplosion.rb:21:3535:21:3535 | x | UseUseExplosion.rb:21:3531:21:3536 | call to use | position 0 |
+| UseUseExplosion.rb:21:3547:21:3552 | self | UseUseExplosion.rb:21:3547:21:3552 | call to use | self |
+| UseUseExplosion.rb:21:3551:21:3551 | x | UseUseExplosion.rb:21:3547:21:3552 | call to use | position 0 |
+| UseUseExplosion.rb:21:3563:21:3568 | self | UseUseExplosion.rb:21:3563:21:3568 | call to use | self |
+| UseUseExplosion.rb:21:3567:21:3567 | x | UseUseExplosion.rb:21:3563:21:3568 | call to use | position 0 |
+| UseUseExplosion.rb:21:3579:21:3584 | self | UseUseExplosion.rb:21:3579:21:3584 | call to use | self |
+| UseUseExplosion.rb:21:3583:21:3583 | x | UseUseExplosion.rb:21:3579:21:3584 | call to use | position 0 |
+| UseUseExplosion.rb:21:3595:21:3600 | self | UseUseExplosion.rb:21:3595:21:3600 | call to use | self |
+| UseUseExplosion.rb:21:3599:21:3599 | x | UseUseExplosion.rb:21:3595:21:3600 | call to use | position 0 |
+| UseUseExplosion.rb:21:3611:21:3616 | self | UseUseExplosion.rb:21:3611:21:3616 | call to use | self |
+| UseUseExplosion.rb:21:3615:21:3615 | x | UseUseExplosion.rb:21:3611:21:3616 | call to use | position 0 |
+| UseUseExplosion.rb:21:3627:21:3632 | self | UseUseExplosion.rb:21:3627:21:3632 | call to use | self |
+| UseUseExplosion.rb:21:3631:21:3631 | x | UseUseExplosion.rb:21:3627:21:3632 | call to use | position 0 |
+| UseUseExplosion.rb:21:3643:21:3648 | self | UseUseExplosion.rb:21:3643:21:3648 | call to use | self |
+| UseUseExplosion.rb:21:3647:21:3647 | x | UseUseExplosion.rb:21:3643:21:3648 | call to use | position 0 |
+| UseUseExplosion.rb:21:3659:21:3664 | self | UseUseExplosion.rb:21:3659:21:3664 | call to use | self |
+| UseUseExplosion.rb:21:3663:21:3663 | x | UseUseExplosion.rb:21:3659:21:3664 | call to use | position 0 |
+| UseUseExplosion.rb:21:3675:21:3680 | self | UseUseExplosion.rb:21:3675:21:3680 | call to use | self |
+| UseUseExplosion.rb:21:3679:21:3679 | x | UseUseExplosion.rb:21:3675:21:3680 | call to use | position 0 |
+| UseUseExplosion.rb:21:3691:21:3696 | self | UseUseExplosion.rb:21:3691:21:3696 | call to use | self |
+| UseUseExplosion.rb:21:3695:21:3695 | x | UseUseExplosion.rb:21:3691:21:3696 | call to use | position 0 |
 | local_dataflow.rb:3:8:3:10 | self | local_dataflow.rb:3:8:3:10 | call to p | self |
 | local_dataflow.rb:3:10:3:10 | a | local_dataflow.rb:3:8:3:10 | call to p | position 0 |
 | local_dataflow.rb:6:8:6:8 | a | local_dataflow.rb:6:10:6:11 | ... + ... | self |
@@ -170,3 +973,61 @@ arg
 | local_dataflow.rb:123:26:123:45 | { ... } | local_dataflow.rb:123:8:123:45 | call to tap | block |
 | local_dataflow.rb:123:32:123:43 | self | local_dataflow.rb:123:32:123:43 | call to puts | self |
 | local_dataflow.rb:123:37:123:43 | "hello" | local_dataflow.rb:123:32:123:43 | call to puts | position 0 |
+| local_dataflow.rb:127:3:127:8 | self | local_dataflow.rb:127:3:127:8 | call to rand | self |
+| local_dataflow.rb:132:6:132:11 | self | local_dataflow.rb:132:6:132:11 | call to use | self |
+| local_dataflow.rb:132:10:132:10 | x | local_dataflow.rb:132:6:132:11 | call to use | position 0 |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... | self |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... | self |
+| local_dataflow.rb:133:8:133:13 | self | local_dataflow.rb:133:8:133:13 | call to use | self |
+| local_dataflow.rb:133:12:133:12 | x | local_dataflow.rb:133:8:133:13 | call to use | position 0 |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... | position 0 |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... | position 0 |
+| local_dataflow.rb:133:18:133:23 | self | local_dataflow.rb:133:18:133:23 | call to use | self |
+| local_dataflow.rb:133:22:133:22 | x | local_dataflow.rb:133:18:133:23 | call to use | position 0 |
+| local_dataflow.rb:134:7:134:12 | self | local_dataflow.rb:134:7:134:12 | call to use | self |
+| local_dataflow.rb:134:11:134:11 | x | local_dataflow.rb:134:7:134:12 | call to use | position 0 |
+| local_dataflow.rb:136:7:136:12 | self | local_dataflow.rb:136:7:136:12 | call to use | self |
+| local_dataflow.rb:136:11:136:11 | x | local_dataflow.rb:136:7:136:12 | call to use | position 0 |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [false] ... && ... | self |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [true] ... && ... | self |
+| local_dataflow.rb:137:10:137:15 | self | local_dataflow.rb:137:10:137:15 | call to use | self |
+| local_dataflow.rb:137:14:137:14 | x | local_dataflow.rb:137:10:137:15 | call to use | position 0 |
+| local_dataflow.rb:137:20:137:26 | [false] ! ... | local_dataflow.rb:137:10:137:26 | [false] ... && ... | position 0 |
+| local_dataflow.rb:137:20:137:26 | [true] ! ... | local_dataflow.rb:137:10:137:26 | [true] ... && ... | position 0 |
+| local_dataflow.rb:137:21:137:26 | call to use | local_dataflow.rb:137:20:137:26 | [false] ! ... | self |
+| local_dataflow.rb:137:21:137:26 | call to use | local_dataflow.rb:137:20:137:26 | [true] ! ... | self |
+| local_dataflow.rb:137:21:137:26 | self | local_dataflow.rb:137:21:137:26 | call to use | self |
+| local_dataflow.rb:137:25:137:25 | x | local_dataflow.rb:137:21:137:26 | call to use | position 0 |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | self |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | self |
+| local_dataflow.rb:141:8:141:14 | [true] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | self |
+| local_dataflow.rb:141:9:141:14 | call to use | local_dataflow.rb:141:8:141:14 | [false] ! ... | self |
+| local_dataflow.rb:141:9:141:14 | call to use | local_dataflow.rb:141:8:141:14 | [true] ! ... | self |
+| local_dataflow.rb:141:9:141:14 | self | local_dataflow.rb:141:9:141:14 | call to use | self |
+| local_dataflow.rb:141:13:141:13 | x | local_dataflow.rb:141:9:141:14 | call to use | position 0 |
+| local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | position 0 |
+| local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | position 0 |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [false] ... && ... | self |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [true] ... && ... | self |
+| local_dataflow.rb:141:20:141:25 | self | local_dataflow.rb:141:20:141:25 | call to use | self |
+| local_dataflow.rb:141:24:141:24 | x | local_dataflow.rb:141:20:141:25 | call to use | position 0 |
+| local_dataflow.rb:141:30:141:36 | [false] ! ... | local_dataflow.rb:141:20:141:36 | [false] ... && ... | position 0 |
+| local_dataflow.rb:141:30:141:36 | [true] ! ... | local_dataflow.rb:141:20:141:36 | [true] ... && ... | position 0 |
+| local_dataflow.rb:141:31:141:36 | call to use | local_dataflow.rb:141:30:141:36 | [false] ! ... | self |
+| local_dataflow.rb:141:31:141:36 | call to use | local_dataflow.rb:141:30:141:36 | [true] ! ... | self |
+| local_dataflow.rb:141:31:141:36 | self | local_dataflow.rb:141:31:141:36 | call to use | self |
+| local_dataflow.rb:141:35:141:35 | x | local_dataflow.rb:141:31:141:36 | call to use | position 0 |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... | self |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... | self |
+| local_dataflow.rb:143:11:143:16 | self | local_dataflow.rb:143:11:143:16 | call to use | self |
+| local_dataflow.rb:143:15:143:15 | x | local_dataflow.rb:143:11:143:16 | call to use | position 0 |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... | position 0 |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... | position 0 |
+| local_dataflow.rb:143:21:143:26 | self | local_dataflow.rb:143:21:143:26 | call to use | self |
+| local_dataflow.rb:143:25:143:25 | x | local_dataflow.rb:143:21:143:26 | call to use | position 0 |
+| local_dataflow.rb:144:11:144:16 | self | local_dataflow.rb:144:11:144:16 | call to use | self |
+| local_dataflow.rb:144:15:144:15 | x | local_dataflow.rb:144:11:144:16 | call to use | position 0 |
+| local_dataflow.rb:147:5:147:10 | self | local_dataflow.rb:147:5:147:10 | call to use | self |
+| local_dataflow.rb:147:9:147:9 | x | local_dataflow.rb:147:5:147:10 | call to use | position 0 |
+| local_dataflow.rb:148:5:148:10 | self | local_dataflow.rb:148:5:148:10 | call to use | self |
+| local_dataflow.rb:148:9:148:9 | x | local_dataflow.rb:148:5:148:10 | call to use | position 0 |
diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected
index 85473aea3dd..b6d33bb4476 100644
--- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected
+++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected
@@ -1,9 +1,2805 @@
+| UseUseExplosion.rb:18:5:22:7 | self (m) | UseUseExplosion.rb:20:13:20:17 | self |
+| UseUseExplosion.rb:18:5:22:7 | self in m | UseUseExplosion.rb:18:5:22:7 | self (m) |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(x) |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2111:20:2111 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2127:20:2127 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2143:20:2143 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2159:20:2159 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2175:20:2175 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2191:20:2191 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2207:20:2207 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2223:20:2223 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2239:20:2239 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2255:20:2255 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2271:20:2271 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2287:20:2287 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2303:20:2303 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2319:20:2319 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2335:20:2335 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2351:20:2351 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2367:20:2367 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2383:20:2383 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2399:20:2399 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2415:20:2415 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2431:20:2431 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2447:20:2447 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2463:20:2463 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2479:20:2479 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2495:20:2495 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2511:20:2511 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2527:20:2527 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2543:20:2543 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2559:20:2559 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2575:20:2575 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2591:20:2591 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2607:20:2607 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2623:20:2623 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2639:20:2639 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2655:20:2655 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2671:20:2671 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2687:20:2687 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2703:20:2703 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2719:20:2719 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2735:20:2735 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2751:20:2751 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2767:20:2767 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2783:20:2783 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2799:20:2799 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2815:20:2815 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2831:20:2831 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2847:20:2847 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2863:20:2863 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2879:20:2879 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2895:20:2895 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2911:20:2911 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2927:20:2927 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2943:20:2943 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2959:20:2959 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2975:20:2975 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:2991:20:2991 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3007:20:3007 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3023:20:3023 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3039:20:3039 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3055:20:3055 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3071:20:3071 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3087:20:3087 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3103:20:3103 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3119:20:3119 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3135:20:3135 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3151:20:3151 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3167:20:3167 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3183:20:3183 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3199:20:3199 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3215:20:3215 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3231:20:3231 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3247:20:3247 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3263:20:3263 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3279:20:3279 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3295:20:3295 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3311:20:3311 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3327:20:3327 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3343:20:3343 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3359:20:3359 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3375:20:3375 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3391:20:3391 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3407:20:3407 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3423:20:3423 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3439:20:3439 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3455:20:3455 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3471:20:3471 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3487:20:3487 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3503:20:3503 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3519:20:3519 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3535:20:3535 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3551:20:3551 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3567:20:3567 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3583:20:3583 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3599:20:3599 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3615:20:3615 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3631:20:3631 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3647:20:3647 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3663:20:3663 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3679:20:3679 | x |
+| UseUseExplosion.rb:19:9:19:13 | ... = ... | UseUseExplosion.rb:20:3695:20:3695 | x |
+| UseUseExplosion.rb:19:13:19:13 | 0 | UseUseExplosion.rb:19:9:19:13 | ... = ... |
+| UseUseExplosion.rb:19:13:19:13 | 0 | UseUseExplosion.rb:19:9:19:13 | ... = ... |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(self) | UseUseExplosion.rb:21:13:21:17 | self |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2111:21:2111 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2127:21:2127 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2143:21:2143 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2159:21:2159 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2175:21:2175 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2191:21:2191 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2207:21:2207 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2223:21:2223 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2239:21:2239 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2255:21:2255 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2271:21:2271 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2287:21:2287 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2303:21:2303 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2319:21:2319 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2335:21:2335 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2351:21:2351 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2367:21:2367 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2383:21:2383 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2399:21:2399 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2415:21:2415 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2431:21:2431 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2447:21:2447 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2463:21:2463 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2479:21:2479 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2495:21:2495 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2511:21:2511 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2527:21:2527 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2543:21:2543 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2559:21:2559 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2575:21:2575 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2591:21:2591 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2607:21:2607 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2623:21:2623 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2639:21:2639 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2655:21:2655 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2671:21:2671 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2687:21:2687 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2703:21:2703 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2719:21:2719 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2735:21:2735 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2751:21:2751 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2767:21:2767 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2783:21:2783 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2799:21:2799 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2815:21:2815 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2831:21:2831 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2847:21:2847 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2863:21:2863 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2879:21:2879 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2895:21:2895 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2911:21:2911 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2927:21:2927 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2943:21:2943 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2959:21:2959 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2975:21:2975 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:2991:21:2991 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3007:21:3007 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3023:21:3023 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3039:21:3039 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3055:21:3055 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3071:21:3071 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3087:21:3087 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3103:21:3103 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3119:21:3119 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3135:21:3135 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3151:21:3151 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3167:21:3167 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3183:21:3183 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3199:21:3199 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3215:21:3215 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3231:21:3231 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3247:21:3247 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3263:21:3263 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3279:21:3279 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3295:21:3295 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3311:21:3311 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3327:21:3327 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3343:21:3343 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3359:21:3359 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3375:21:3375 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3391:21:3391 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3407:21:3407 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3423:21:3423 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3439:21:3439 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3455:21:3455 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3471:21:3471 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3487:21:3487 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3503:21:3503 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3519:21:3519 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3535:21:3535 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3551:21:3551 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3567:21:3567 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3583:21:3583 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3599:21:3599 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3615:21:3615 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3631:21:3631 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3647:21:3647 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3663:21:3663 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3679:21:3679 | x |
+| UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) | UseUseExplosion.rb:21:3695:21:3695 | x |
+| UseUseExplosion.rb:20:13:20:17 | @prop | UseUseExplosion.rb:20:13:20:23 | ... > ... |
+| UseUseExplosion.rb:20:13:20:17 | [post] self | UseUseExplosion.rb:20:35:20:39 | self |
+| UseUseExplosion.rb:20:13:20:17 | [post] self | UseUseExplosion.rb:20:3691:20:3696 | self |
+| UseUseExplosion.rb:20:13:20:17 | self | UseUseExplosion.rb:20:35:20:39 | self |
+| UseUseExplosion.rb:20:13:20:17 | self | UseUseExplosion.rb:20:3691:20:3696 | self |
+| UseUseExplosion.rb:20:13:20:23 | ... > ... | UseUseExplosion.rb:20:12:20:24 | [false] ( ... ) |
+| UseUseExplosion.rb:20:13:20:23 | ... > ... | UseUseExplosion.rb:20:12:20:24 | [true] ( ... ) |
+| UseUseExplosion.rb:20:21:20:23 | 100 | UseUseExplosion.rb:20:13:20:23 | ... > ... |
+| UseUseExplosion.rb:20:26:20:3684 | then ... | UseUseExplosion.rb:20:9:20:3700 | if ... |
+| UseUseExplosion.rb:20:31:20:3684 | SSA phi read(self) | UseUseExplosion.rb:20:9:20:3700 | SSA phi read(self) |
+| UseUseExplosion.rb:20:31:20:3684 | SSA phi read(x) | UseUseExplosion.rb:20:9:20:3700 | SSA phi read(x) |
+| UseUseExplosion.rb:20:31:20:3684 | if ... | UseUseExplosion.rb:20:26:20:3684 | then ... |
+| UseUseExplosion.rb:20:35:20:39 | @prop | UseUseExplosion.rb:20:35:20:44 | ... > ... |
+| UseUseExplosion.rb:20:35:20:39 | [post] self | UseUseExplosion.rb:20:56:20:60 | self |
+| UseUseExplosion.rb:20:35:20:39 | [post] self | UseUseExplosion.rb:20:3675:20:3680 | self |
+| UseUseExplosion.rb:20:35:20:39 | self | UseUseExplosion.rb:20:56:20:60 | self |
+| UseUseExplosion.rb:20:35:20:39 | self | UseUseExplosion.rb:20:3675:20:3680 | self |
+| UseUseExplosion.rb:20:35:20:44 | ... > ... | UseUseExplosion.rb:20:34:20:45 | [false] ( ... ) |
+| UseUseExplosion.rb:20:35:20:44 | ... > ... | UseUseExplosion.rb:20:34:20:45 | [true] ( ... ) |
+| UseUseExplosion.rb:20:43:20:44 | 99 | UseUseExplosion.rb:20:35:20:44 | ... > ... |
+| UseUseExplosion.rb:20:47:20:3668 | then ... | UseUseExplosion.rb:20:31:20:3684 | if ... |
+| UseUseExplosion.rb:20:52:20:3668 | SSA phi read(self) | UseUseExplosion.rb:20:31:20:3684 | SSA phi read(self) |
+| UseUseExplosion.rb:20:52:20:3668 | SSA phi read(x) | UseUseExplosion.rb:20:31:20:3684 | SSA phi read(x) |
+| UseUseExplosion.rb:20:52:20:3668 | if ... | UseUseExplosion.rb:20:47:20:3668 | then ... |
+| UseUseExplosion.rb:20:56:20:60 | @prop | UseUseExplosion.rb:20:56:20:65 | ... > ... |
+| UseUseExplosion.rb:20:56:20:60 | [post] self | UseUseExplosion.rb:20:77:20:81 | self |
+| UseUseExplosion.rb:20:56:20:60 | [post] self | UseUseExplosion.rb:20:3659:20:3664 | self |
+| UseUseExplosion.rb:20:56:20:60 | self | UseUseExplosion.rb:20:77:20:81 | self |
+| UseUseExplosion.rb:20:56:20:60 | self | UseUseExplosion.rb:20:3659:20:3664 | self |
+| UseUseExplosion.rb:20:56:20:65 | ... > ... | UseUseExplosion.rb:20:55:20:66 | [false] ( ... ) |
+| UseUseExplosion.rb:20:56:20:65 | ... > ... | UseUseExplosion.rb:20:55:20:66 | [true] ( ... ) |
+| UseUseExplosion.rb:20:64:20:65 | 98 | UseUseExplosion.rb:20:56:20:65 | ... > ... |
+| UseUseExplosion.rb:20:68:20:3652 | then ... | UseUseExplosion.rb:20:52:20:3668 | if ... |
+| UseUseExplosion.rb:20:73:20:3652 | SSA phi read(self) | UseUseExplosion.rb:20:52:20:3668 | SSA phi read(self) |
+| UseUseExplosion.rb:20:73:20:3652 | SSA phi read(x) | UseUseExplosion.rb:20:52:20:3668 | SSA phi read(x) |
+| UseUseExplosion.rb:20:73:20:3652 | if ... | UseUseExplosion.rb:20:68:20:3652 | then ... |
+| UseUseExplosion.rb:20:77:20:81 | @prop | UseUseExplosion.rb:20:77:20:86 | ... > ... |
+| UseUseExplosion.rb:20:77:20:81 | [post] self | UseUseExplosion.rb:20:98:20:102 | self |
+| UseUseExplosion.rb:20:77:20:81 | [post] self | UseUseExplosion.rb:20:3643:20:3648 | self |
+| UseUseExplosion.rb:20:77:20:81 | self | UseUseExplosion.rb:20:98:20:102 | self |
+| UseUseExplosion.rb:20:77:20:81 | self | UseUseExplosion.rb:20:3643:20:3648 | self |
+| UseUseExplosion.rb:20:77:20:86 | ... > ... | UseUseExplosion.rb:20:76:20:87 | [false] ( ... ) |
+| UseUseExplosion.rb:20:77:20:86 | ... > ... | UseUseExplosion.rb:20:76:20:87 | [true] ( ... ) |
+| UseUseExplosion.rb:20:85:20:86 | 97 | UseUseExplosion.rb:20:77:20:86 | ... > ... |
+| UseUseExplosion.rb:20:89:20:3636 | then ... | UseUseExplosion.rb:20:73:20:3652 | if ... |
+| UseUseExplosion.rb:20:94:20:3636 | SSA phi read(self) | UseUseExplosion.rb:20:73:20:3652 | SSA phi read(self) |
+| UseUseExplosion.rb:20:94:20:3636 | SSA phi read(x) | UseUseExplosion.rb:20:73:20:3652 | SSA phi read(x) |
+| UseUseExplosion.rb:20:94:20:3636 | if ... | UseUseExplosion.rb:20:89:20:3636 | then ... |
+| UseUseExplosion.rb:20:98:20:102 | @prop | UseUseExplosion.rb:20:98:20:107 | ... > ... |
+| UseUseExplosion.rb:20:98:20:102 | [post] self | UseUseExplosion.rb:20:119:20:123 | self |
+| UseUseExplosion.rb:20:98:20:102 | [post] self | UseUseExplosion.rb:20:3627:20:3632 | self |
+| UseUseExplosion.rb:20:98:20:102 | self | UseUseExplosion.rb:20:119:20:123 | self |
+| UseUseExplosion.rb:20:98:20:102 | self | UseUseExplosion.rb:20:3627:20:3632 | self |
+| UseUseExplosion.rb:20:98:20:107 | ... > ... | UseUseExplosion.rb:20:97:20:108 | [false] ( ... ) |
+| UseUseExplosion.rb:20:98:20:107 | ... > ... | UseUseExplosion.rb:20:97:20:108 | [true] ( ... ) |
+| UseUseExplosion.rb:20:106:20:107 | 96 | UseUseExplosion.rb:20:98:20:107 | ... > ... |
+| UseUseExplosion.rb:20:110:20:3620 | then ... | UseUseExplosion.rb:20:94:20:3636 | if ... |
+| UseUseExplosion.rb:20:115:20:3620 | SSA phi read(self) | UseUseExplosion.rb:20:94:20:3636 | SSA phi read(self) |
+| UseUseExplosion.rb:20:115:20:3620 | SSA phi read(x) | UseUseExplosion.rb:20:94:20:3636 | SSA phi read(x) |
+| UseUseExplosion.rb:20:115:20:3620 | if ... | UseUseExplosion.rb:20:110:20:3620 | then ... |
+| UseUseExplosion.rb:20:119:20:123 | @prop | UseUseExplosion.rb:20:119:20:128 | ... > ... |
+| UseUseExplosion.rb:20:119:20:123 | [post] self | UseUseExplosion.rb:20:140:20:144 | self |
+| UseUseExplosion.rb:20:119:20:123 | [post] self | UseUseExplosion.rb:20:3611:20:3616 | self |
+| UseUseExplosion.rb:20:119:20:123 | self | UseUseExplosion.rb:20:140:20:144 | self |
+| UseUseExplosion.rb:20:119:20:123 | self | UseUseExplosion.rb:20:3611:20:3616 | self |
+| UseUseExplosion.rb:20:119:20:128 | ... > ... | UseUseExplosion.rb:20:118:20:129 | [false] ( ... ) |
+| UseUseExplosion.rb:20:119:20:128 | ... > ... | UseUseExplosion.rb:20:118:20:129 | [true] ( ... ) |
+| UseUseExplosion.rb:20:127:20:128 | 95 | UseUseExplosion.rb:20:119:20:128 | ... > ... |
+| UseUseExplosion.rb:20:131:20:3604 | then ... | UseUseExplosion.rb:20:115:20:3620 | if ... |
+| UseUseExplosion.rb:20:136:20:3604 | SSA phi read(self) | UseUseExplosion.rb:20:115:20:3620 | SSA phi read(self) |
+| UseUseExplosion.rb:20:136:20:3604 | SSA phi read(x) | UseUseExplosion.rb:20:115:20:3620 | SSA phi read(x) |
+| UseUseExplosion.rb:20:136:20:3604 | if ... | UseUseExplosion.rb:20:131:20:3604 | then ... |
+| UseUseExplosion.rb:20:140:20:144 | @prop | UseUseExplosion.rb:20:140:20:149 | ... > ... |
+| UseUseExplosion.rb:20:140:20:144 | [post] self | UseUseExplosion.rb:20:161:20:165 | self |
+| UseUseExplosion.rb:20:140:20:144 | [post] self | UseUseExplosion.rb:20:3595:20:3600 | self |
+| UseUseExplosion.rb:20:140:20:144 | self | UseUseExplosion.rb:20:161:20:165 | self |
+| UseUseExplosion.rb:20:140:20:144 | self | UseUseExplosion.rb:20:3595:20:3600 | self |
+| UseUseExplosion.rb:20:140:20:149 | ... > ... | UseUseExplosion.rb:20:139:20:150 | [false] ( ... ) |
+| UseUseExplosion.rb:20:140:20:149 | ... > ... | UseUseExplosion.rb:20:139:20:150 | [true] ( ... ) |
+| UseUseExplosion.rb:20:148:20:149 | 94 | UseUseExplosion.rb:20:140:20:149 | ... > ... |
+| UseUseExplosion.rb:20:152:20:3588 | then ... | UseUseExplosion.rb:20:136:20:3604 | if ... |
+| UseUseExplosion.rb:20:157:20:3588 | SSA phi read(self) | UseUseExplosion.rb:20:136:20:3604 | SSA phi read(self) |
+| UseUseExplosion.rb:20:157:20:3588 | SSA phi read(x) | UseUseExplosion.rb:20:136:20:3604 | SSA phi read(x) |
+| UseUseExplosion.rb:20:157:20:3588 | if ... | UseUseExplosion.rb:20:152:20:3588 | then ... |
+| UseUseExplosion.rb:20:161:20:165 | @prop | UseUseExplosion.rb:20:161:20:170 | ... > ... |
+| UseUseExplosion.rb:20:161:20:165 | [post] self | UseUseExplosion.rb:20:182:20:186 | self |
+| UseUseExplosion.rb:20:161:20:165 | [post] self | UseUseExplosion.rb:20:3579:20:3584 | self |
+| UseUseExplosion.rb:20:161:20:165 | self | UseUseExplosion.rb:20:182:20:186 | self |
+| UseUseExplosion.rb:20:161:20:165 | self | UseUseExplosion.rb:20:3579:20:3584 | self |
+| UseUseExplosion.rb:20:161:20:170 | ... > ... | UseUseExplosion.rb:20:160:20:171 | [false] ( ... ) |
+| UseUseExplosion.rb:20:161:20:170 | ... > ... | UseUseExplosion.rb:20:160:20:171 | [true] ( ... ) |
+| UseUseExplosion.rb:20:169:20:170 | 93 | UseUseExplosion.rb:20:161:20:170 | ... > ... |
+| UseUseExplosion.rb:20:173:20:3572 | then ... | UseUseExplosion.rb:20:157:20:3588 | if ... |
+| UseUseExplosion.rb:20:178:20:3572 | SSA phi read(self) | UseUseExplosion.rb:20:157:20:3588 | SSA phi read(self) |
+| UseUseExplosion.rb:20:178:20:3572 | SSA phi read(x) | UseUseExplosion.rb:20:157:20:3588 | SSA phi read(x) |
+| UseUseExplosion.rb:20:178:20:3572 | if ... | UseUseExplosion.rb:20:173:20:3572 | then ... |
+| UseUseExplosion.rb:20:182:20:186 | @prop | UseUseExplosion.rb:20:182:20:191 | ... > ... |
+| UseUseExplosion.rb:20:182:20:186 | [post] self | UseUseExplosion.rb:20:203:20:207 | self |
+| UseUseExplosion.rb:20:182:20:186 | [post] self | UseUseExplosion.rb:20:3563:20:3568 | self |
+| UseUseExplosion.rb:20:182:20:186 | self | UseUseExplosion.rb:20:203:20:207 | self |
+| UseUseExplosion.rb:20:182:20:186 | self | UseUseExplosion.rb:20:3563:20:3568 | self |
+| UseUseExplosion.rb:20:182:20:191 | ... > ... | UseUseExplosion.rb:20:181:20:192 | [false] ( ... ) |
+| UseUseExplosion.rb:20:182:20:191 | ... > ... | UseUseExplosion.rb:20:181:20:192 | [true] ( ... ) |
+| UseUseExplosion.rb:20:190:20:191 | 92 | UseUseExplosion.rb:20:182:20:191 | ... > ... |
+| UseUseExplosion.rb:20:194:20:3556 | then ... | UseUseExplosion.rb:20:178:20:3572 | if ... |
+| UseUseExplosion.rb:20:199:20:3556 | SSA phi read(self) | UseUseExplosion.rb:20:178:20:3572 | SSA phi read(self) |
+| UseUseExplosion.rb:20:199:20:3556 | SSA phi read(x) | UseUseExplosion.rb:20:178:20:3572 | SSA phi read(x) |
+| UseUseExplosion.rb:20:199:20:3556 | if ... | UseUseExplosion.rb:20:194:20:3556 | then ... |
+| UseUseExplosion.rb:20:203:20:207 | @prop | UseUseExplosion.rb:20:203:20:212 | ... > ... |
+| UseUseExplosion.rb:20:203:20:207 | [post] self | UseUseExplosion.rb:20:224:20:228 | self |
+| UseUseExplosion.rb:20:203:20:207 | [post] self | UseUseExplosion.rb:20:3547:20:3552 | self |
+| UseUseExplosion.rb:20:203:20:207 | self | UseUseExplosion.rb:20:224:20:228 | self |
+| UseUseExplosion.rb:20:203:20:207 | self | UseUseExplosion.rb:20:3547:20:3552 | self |
+| UseUseExplosion.rb:20:203:20:212 | ... > ... | UseUseExplosion.rb:20:202:20:213 | [false] ( ... ) |
+| UseUseExplosion.rb:20:203:20:212 | ... > ... | UseUseExplosion.rb:20:202:20:213 | [true] ( ... ) |
+| UseUseExplosion.rb:20:211:20:212 | 91 | UseUseExplosion.rb:20:203:20:212 | ... > ... |
+| UseUseExplosion.rb:20:215:20:3540 | then ... | UseUseExplosion.rb:20:199:20:3556 | if ... |
+| UseUseExplosion.rb:20:220:20:3540 | SSA phi read(self) | UseUseExplosion.rb:20:199:20:3556 | SSA phi read(self) |
+| UseUseExplosion.rb:20:220:20:3540 | SSA phi read(x) | UseUseExplosion.rb:20:199:20:3556 | SSA phi read(x) |
+| UseUseExplosion.rb:20:220:20:3540 | if ... | UseUseExplosion.rb:20:215:20:3540 | then ... |
+| UseUseExplosion.rb:20:224:20:228 | @prop | UseUseExplosion.rb:20:224:20:233 | ... > ... |
+| UseUseExplosion.rb:20:224:20:228 | [post] self | UseUseExplosion.rb:20:245:20:249 | self |
+| UseUseExplosion.rb:20:224:20:228 | [post] self | UseUseExplosion.rb:20:3531:20:3536 | self |
+| UseUseExplosion.rb:20:224:20:228 | self | UseUseExplosion.rb:20:245:20:249 | self |
+| UseUseExplosion.rb:20:224:20:228 | self | UseUseExplosion.rb:20:3531:20:3536 | self |
+| UseUseExplosion.rb:20:224:20:233 | ... > ... | UseUseExplosion.rb:20:223:20:234 | [false] ( ... ) |
+| UseUseExplosion.rb:20:224:20:233 | ... > ... | UseUseExplosion.rb:20:223:20:234 | [true] ( ... ) |
+| UseUseExplosion.rb:20:232:20:233 | 90 | UseUseExplosion.rb:20:224:20:233 | ... > ... |
+| UseUseExplosion.rb:20:236:20:3524 | then ... | UseUseExplosion.rb:20:220:20:3540 | if ... |
+| UseUseExplosion.rb:20:241:20:3524 | SSA phi read(self) | UseUseExplosion.rb:20:220:20:3540 | SSA phi read(self) |
+| UseUseExplosion.rb:20:241:20:3524 | SSA phi read(x) | UseUseExplosion.rb:20:220:20:3540 | SSA phi read(x) |
+| UseUseExplosion.rb:20:241:20:3524 | if ... | UseUseExplosion.rb:20:236:20:3524 | then ... |
+| UseUseExplosion.rb:20:245:20:249 | @prop | UseUseExplosion.rb:20:245:20:254 | ... > ... |
+| UseUseExplosion.rb:20:245:20:249 | [post] self | UseUseExplosion.rb:20:266:20:270 | self |
+| UseUseExplosion.rb:20:245:20:249 | [post] self | UseUseExplosion.rb:20:3515:20:3520 | self |
+| UseUseExplosion.rb:20:245:20:249 | self | UseUseExplosion.rb:20:266:20:270 | self |
+| UseUseExplosion.rb:20:245:20:249 | self | UseUseExplosion.rb:20:3515:20:3520 | self |
+| UseUseExplosion.rb:20:245:20:254 | ... > ... | UseUseExplosion.rb:20:244:20:255 | [false] ( ... ) |
+| UseUseExplosion.rb:20:245:20:254 | ... > ... | UseUseExplosion.rb:20:244:20:255 | [true] ( ... ) |
+| UseUseExplosion.rb:20:253:20:254 | 89 | UseUseExplosion.rb:20:245:20:254 | ... > ... |
+| UseUseExplosion.rb:20:257:20:3508 | then ... | UseUseExplosion.rb:20:241:20:3524 | if ... |
+| UseUseExplosion.rb:20:262:20:3508 | SSA phi read(self) | UseUseExplosion.rb:20:241:20:3524 | SSA phi read(self) |
+| UseUseExplosion.rb:20:262:20:3508 | SSA phi read(x) | UseUseExplosion.rb:20:241:20:3524 | SSA phi read(x) |
+| UseUseExplosion.rb:20:262:20:3508 | if ... | UseUseExplosion.rb:20:257:20:3508 | then ... |
+| UseUseExplosion.rb:20:266:20:270 | @prop | UseUseExplosion.rb:20:266:20:275 | ... > ... |
+| UseUseExplosion.rb:20:266:20:270 | [post] self | UseUseExplosion.rb:20:287:20:291 | self |
+| UseUseExplosion.rb:20:266:20:270 | [post] self | UseUseExplosion.rb:20:3499:20:3504 | self |
+| UseUseExplosion.rb:20:266:20:270 | self | UseUseExplosion.rb:20:287:20:291 | self |
+| UseUseExplosion.rb:20:266:20:270 | self | UseUseExplosion.rb:20:3499:20:3504 | self |
+| UseUseExplosion.rb:20:266:20:275 | ... > ... | UseUseExplosion.rb:20:265:20:276 | [false] ( ... ) |
+| UseUseExplosion.rb:20:266:20:275 | ... > ... | UseUseExplosion.rb:20:265:20:276 | [true] ( ... ) |
+| UseUseExplosion.rb:20:274:20:275 | 88 | UseUseExplosion.rb:20:266:20:275 | ... > ... |
+| UseUseExplosion.rb:20:278:20:3492 | then ... | UseUseExplosion.rb:20:262:20:3508 | if ... |
+| UseUseExplosion.rb:20:283:20:3492 | SSA phi read(self) | UseUseExplosion.rb:20:262:20:3508 | SSA phi read(self) |
+| UseUseExplosion.rb:20:283:20:3492 | SSA phi read(x) | UseUseExplosion.rb:20:262:20:3508 | SSA phi read(x) |
+| UseUseExplosion.rb:20:283:20:3492 | if ... | UseUseExplosion.rb:20:278:20:3492 | then ... |
+| UseUseExplosion.rb:20:287:20:291 | @prop | UseUseExplosion.rb:20:287:20:296 | ... > ... |
+| UseUseExplosion.rb:20:287:20:291 | [post] self | UseUseExplosion.rb:20:308:20:312 | self |
+| UseUseExplosion.rb:20:287:20:291 | [post] self | UseUseExplosion.rb:20:3483:20:3488 | self |
+| UseUseExplosion.rb:20:287:20:291 | self | UseUseExplosion.rb:20:308:20:312 | self |
+| UseUseExplosion.rb:20:287:20:291 | self | UseUseExplosion.rb:20:3483:20:3488 | self |
+| UseUseExplosion.rb:20:287:20:296 | ... > ... | UseUseExplosion.rb:20:286:20:297 | [false] ( ... ) |
+| UseUseExplosion.rb:20:287:20:296 | ... > ... | UseUseExplosion.rb:20:286:20:297 | [true] ( ... ) |
+| UseUseExplosion.rb:20:295:20:296 | 87 | UseUseExplosion.rb:20:287:20:296 | ... > ... |
+| UseUseExplosion.rb:20:299:20:3476 | then ... | UseUseExplosion.rb:20:283:20:3492 | if ... |
+| UseUseExplosion.rb:20:304:20:3476 | SSA phi read(self) | UseUseExplosion.rb:20:283:20:3492 | SSA phi read(self) |
+| UseUseExplosion.rb:20:304:20:3476 | SSA phi read(x) | UseUseExplosion.rb:20:283:20:3492 | SSA phi read(x) |
+| UseUseExplosion.rb:20:304:20:3476 | if ... | UseUseExplosion.rb:20:299:20:3476 | then ... |
+| UseUseExplosion.rb:20:308:20:312 | @prop | UseUseExplosion.rb:20:308:20:317 | ... > ... |
+| UseUseExplosion.rb:20:308:20:312 | [post] self | UseUseExplosion.rb:20:329:20:333 | self |
+| UseUseExplosion.rb:20:308:20:312 | [post] self | UseUseExplosion.rb:20:3467:20:3472 | self |
+| UseUseExplosion.rb:20:308:20:312 | self | UseUseExplosion.rb:20:329:20:333 | self |
+| UseUseExplosion.rb:20:308:20:312 | self | UseUseExplosion.rb:20:3467:20:3472 | self |
+| UseUseExplosion.rb:20:308:20:317 | ... > ... | UseUseExplosion.rb:20:307:20:318 | [false] ( ... ) |
+| UseUseExplosion.rb:20:308:20:317 | ... > ... | UseUseExplosion.rb:20:307:20:318 | [true] ( ... ) |
+| UseUseExplosion.rb:20:316:20:317 | 86 | UseUseExplosion.rb:20:308:20:317 | ... > ... |
+| UseUseExplosion.rb:20:320:20:3460 | then ... | UseUseExplosion.rb:20:304:20:3476 | if ... |
+| UseUseExplosion.rb:20:325:20:3460 | SSA phi read(self) | UseUseExplosion.rb:20:304:20:3476 | SSA phi read(self) |
+| UseUseExplosion.rb:20:325:20:3460 | SSA phi read(x) | UseUseExplosion.rb:20:304:20:3476 | SSA phi read(x) |
+| UseUseExplosion.rb:20:325:20:3460 | if ... | UseUseExplosion.rb:20:320:20:3460 | then ... |
+| UseUseExplosion.rb:20:329:20:333 | @prop | UseUseExplosion.rb:20:329:20:338 | ... > ... |
+| UseUseExplosion.rb:20:329:20:333 | [post] self | UseUseExplosion.rb:20:350:20:354 | self |
+| UseUseExplosion.rb:20:329:20:333 | [post] self | UseUseExplosion.rb:20:3451:20:3456 | self |
+| UseUseExplosion.rb:20:329:20:333 | self | UseUseExplosion.rb:20:350:20:354 | self |
+| UseUseExplosion.rb:20:329:20:333 | self | UseUseExplosion.rb:20:3451:20:3456 | self |
+| UseUseExplosion.rb:20:329:20:338 | ... > ... | UseUseExplosion.rb:20:328:20:339 | [false] ( ... ) |
+| UseUseExplosion.rb:20:329:20:338 | ... > ... | UseUseExplosion.rb:20:328:20:339 | [true] ( ... ) |
+| UseUseExplosion.rb:20:337:20:338 | 85 | UseUseExplosion.rb:20:329:20:338 | ... > ... |
+| UseUseExplosion.rb:20:341:20:3444 | then ... | UseUseExplosion.rb:20:325:20:3460 | if ... |
+| UseUseExplosion.rb:20:346:20:3444 | SSA phi read(self) | UseUseExplosion.rb:20:325:20:3460 | SSA phi read(self) |
+| UseUseExplosion.rb:20:346:20:3444 | SSA phi read(x) | UseUseExplosion.rb:20:325:20:3460 | SSA phi read(x) |
+| UseUseExplosion.rb:20:346:20:3444 | if ... | UseUseExplosion.rb:20:341:20:3444 | then ... |
+| UseUseExplosion.rb:20:350:20:354 | @prop | UseUseExplosion.rb:20:350:20:359 | ... > ... |
+| UseUseExplosion.rb:20:350:20:354 | [post] self | UseUseExplosion.rb:20:371:20:375 | self |
+| UseUseExplosion.rb:20:350:20:354 | [post] self | UseUseExplosion.rb:20:3435:20:3440 | self |
+| UseUseExplosion.rb:20:350:20:354 | self | UseUseExplosion.rb:20:371:20:375 | self |
+| UseUseExplosion.rb:20:350:20:354 | self | UseUseExplosion.rb:20:3435:20:3440 | self |
+| UseUseExplosion.rb:20:350:20:359 | ... > ... | UseUseExplosion.rb:20:349:20:360 | [false] ( ... ) |
+| UseUseExplosion.rb:20:350:20:359 | ... > ... | UseUseExplosion.rb:20:349:20:360 | [true] ( ... ) |
+| UseUseExplosion.rb:20:358:20:359 | 84 | UseUseExplosion.rb:20:350:20:359 | ... > ... |
+| UseUseExplosion.rb:20:362:20:3428 | then ... | UseUseExplosion.rb:20:346:20:3444 | if ... |
+| UseUseExplosion.rb:20:367:20:3428 | SSA phi read(self) | UseUseExplosion.rb:20:346:20:3444 | SSA phi read(self) |
+| UseUseExplosion.rb:20:367:20:3428 | SSA phi read(x) | UseUseExplosion.rb:20:346:20:3444 | SSA phi read(x) |
+| UseUseExplosion.rb:20:367:20:3428 | if ... | UseUseExplosion.rb:20:362:20:3428 | then ... |
+| UseUseExplosion.rb:20:371:20:375 | @prop | UseUseExplosion.rb:20:371:20:380 | ... > ... |
+| UseUseExplosion.rb:20:371:20:375 | [post] self | UseUseExplosion.rb:20:392:20:396 | self |
+| UseUseExplosion.rb:20:371:20:375 | [post] self | UseUseExplosion.rb:20:3419:20:3424 | self |
+| UseUseExplosion.rb:20:371:20:375 | self | UseUseExplosion.rb:20:392:20:396 | self |
+| UseUseExplosion.rb:20:371:20:375 | self | UseUseExplosion.rb:20:3419:20:3424 | self |
+| UseUseExplosion.rb:20:371:20:380 | ... > ... | UseUseExplosion.rb:20:370:20:381 | [false] ( ... ) |
+| UseUseExplosion.rb:20:371:20:380 | ... > ... | UseUseExplosion.rb:20:370:20:381 | [true] ( ... ) |
+| UseUseExplosion.rb:20:379:20:380 | 83 | UseUseExplosion.rb:20:371:20:380 | ... > ... |
+| UseUseExplosion.rb:20:383:20:3412 | then ... | UseUseExplosion.rb:20:367:20:3428 | if ... |
+| UseUseExplosion.rb:20:388:20:3412 | SSA phi read(self) | UseUseExplosion.rb:20:367:20:3428 | SSA phi read(self) |
+| UseUseExplosion.rb:20:388:20:3412 | SSA phi read(x) | UseUseExplosion.rb:20:367:20:3428 | SSA phi read(x) |
+| UseUseExplosion.rb:20:388:20:3412 | if ... | UseUseExplosion.rb:20:383:20:3412 | then ... |
+| UseUseExplosion.rb:20:392:20:396 | @prop | UseUseExplosion.rb:20:392:20:401 | ... > ... |
+| UseUseExplosion.rb:20:392:20:396 | [post] self | UseUseExplosion.rb:20:413:20:417 | self |
+| UseUseExplosion.rb:20:392:20:396 | [post] self | UseUseExplosion.rb:20:3403:20:3408 | self |
+| UseUseExplosion.rb:20:392:20:396 | self | UseUseExplosion.rb:20:413:20:417 | self |
+| UseUseExplosion.rb:20:392:20:396 | self | UseUseExplosion.rb:20:3403:20:3408 | self |
+| UseUseExplosion.rb:20:392:20:401 | ... > ... | UseUseExplosion.rb:20:391:20:402 | [false] ( ... ) |
+| UseUseExplosion.rb:20:392:20:401 | ... > ... | UseUseExplosion.rb:20:391:20:402 | [true] ( ... ) |
+| UseUseExplosion.rb:20:400:20:401 | 82 | UseUseExplosion.rb:20:392:20:401 | ... > ... |
+| UseUseExplosion.rb:20:404:20:3396 | then ... | UseUseExplosion.rb:20:388:20:3412 | if ... |
+| UseUseExplosion.rb:20:409:20:3396 | SSA phi read(self) | UseUseExplosion.rb:20:388:20:3412 | SSA phi read(self) |
+| UseUseExplosion.rb:20:409:20:3396 | SSA phi read(x) | UseUseExplosion.rb:20:388:20:3412 | SSA phi read(x) |
+| UseUseExplosion.rb:20:409:20:3396 | if ... | UseUseExplosion.rb:20:404:20:3396 | then ... |
+| UseUseExplosion.rb:20:413:20:417 | @prop | UseUseExplosion.rb:20:413:20:422 | ... > ... |
+| UseUseExplosion.rb:20:413:20:417 | [post] self | UseUseExplosion.rb:20:434:20:438 | self |
+| UseUseExplosion.rb:20:413:20:417 | [post] self | UseUseExplosion.rb:20:3387:20:3392 | self |
+| UseUseExplosion.rb:20:413:20:417 | self | UseUseExplosion.rb:20:434:20:438 | self |
+| UseUseExplosion.rb:20:413:20:417 | self | UseUseExplosion.rb:20:3387:20:3392 | self |
+| UseUseExplosion.rb:20:413:20:422 | ... > ... | UseUseExplosion.rb:20:412:20:423 | [false] ( ... ) |
+| UseUseExplosion.rb:20:413:20:422 | ... > ... | UseUseExplosion.rb:20:412:20:423 | [true] ( ... ) |
+| UseUseExplosion.rb:20:421:20:422 | 81 | UseUseExplosion.rb:20:413:20:422 | ... > ... |
+| UseUseExplosion.rb:20:425:20:3380 | then ... | UseUseExplosion.rb:20:409:20:3396 | if ... |
+| UseUseExplosion.rb:20:430:20:3380 | SSA phi read(self) | UseUseExplosion.rb:20:409:20:3396 | SSA phi read(self) |
+| UseUseExplosion.rb:20:430:20:3380 | SSA phi read(x) | UseUseExplosion.rb:20:409:20:3396 | SSA phi read(x) |
+| UseUseExplosion.rb:20:430:20:3380 | if ... | UseUseExplosion.rb:20:425:20:3380 | then ... |
+| UseUseExplosion.rb:20:434:20:438 | @prop | UseUseExplosion.rb:20:434:20:443 | ... > ... |
+| UseUseExplosion.rb:20:434:20:438 | [post] self | UseUseExplosion.rb:20:455:20:459 | self |
+| UseUseExplosion.rb:20:434:20:438 | [post] self | UseUseExplosion.rb:20:3371:20:3376 | self |
+| UseUseExplosion.rb:20:434:20:438 | self | UseUseExplosion.rb:20:455:20:459 | self |
+| UseUseExplosion.rb:20:434:20:438 | self | UseUseExplosion.rb:20:3371:20:3376 | self |
+| UseUseExplosion.rb:20:434:20:443 | ... > ... | UseUseExplosion.rb:20:433:20:444 | [false] ( ... ) |
+| UseUseExplosion.rb:20:434:20:443 | ... > ... | UseUseExplosion.rb:20:433:20:444 | [true] ( ... ) |
+| UseUseExplosion.rb:20:442:20:443 | 80 | UseUseExplosion.rb:20:434:20:443 | ... > ... |
+| UseUseExplosion.rb:20:446:20:3364 | then ... | UseUseExplosion.rb:20:430:20:3380 | if ... |
+| UseUseExplosion.rb:20:451:20:3364 | SSA phi read(self) | UseUseExplosion.rb:20:430:20:3380 | SSA phi read(self) |
+| UseUseExplosion.rb:20:451:20:3364 | SSA phi read(x) | UseUseExplosion.rb:20:430:20:3380 | SSA phi read(x) |
+| UseUseExplosion.rb:20:451:20:3364 | if ... | UseUseExplosion.rb:20:446:20:3364 | then ... |
+| UseUseExplosion.rb:20:455:20:459 | @prop | UseUseExplosion.rb:20:455:20:464 | ... > ... |
+| UseUseExplosion.rb:20:455:20:459 | [post] self | UseUseExplosion.rb:20:476:20:480 | self |
+| UseUseExplosion.rb:20:455:20:459 | [post] self | UseUseExplosion.rb:20:3355:20:3360 | self |
+| UseUseExplosion.rb:20:455:20:459 | self | UseUseExplosion.rb:20:476:20:480 | self |
+| UseUseExplosion.rb:20:455:20:459 | self | UseUseExplosion.rb:20:3355:20:3360 | self |
+| UseUseExplosion.rb:20:455:20:464 | ... > ... | UseUseExplosion.rb:20:454:20:465 | [false] ( ... ) |
+| UseUseExplosion.rb:20:455:20:464 | ... > ... | UseUseExplosion.rb:20:454:20:465 | [true] ( ... ) |
+| UseUseExplosion.rb:20:463:20:464 | 79 | UseUseExplosion.rb:20:455:20:464 | ... > ... |
+| UseUseExplosion.rb:20:467:20:3348 | then ... | UseUseExplosion.rb:20:451:20:3364 | if ... |
+| UseUseExplosion.rb:20:472:20:3348 | SSA phi read(self) | UseUseExplosion.rb:20:451:20:3364 | SSA phi read(self) |
+| UseUseExplosion.rb:20:472:20:3348 | SSA phi read(x) | UseUseExplosion.rb:20:451:20:3364 | SSA phi read(x) |
+| UseUseExplosion.rb:20:472:20:3348 | if ... | UseUseExplosion.rb:20:467:20:3348 | then ... |
+| UseUseExplosion.rb:20:476:20:480 | @prop | UseUseExplosion.rb:20:476:20:485 | ... > ... |
+| UseUseExplosion.rb:20:476:20:480 | [post] self | UseUseExplosion.rb:20:497:20:501 | self |
+| UseUseExplosion.rb:20:476:20:480 | [post] self | UseUseExplosion.rb:20:3339:20:3344 | self |
+| UseUseExplosion.rb:20:476:20:480 | self | UseUseExplosion.rb:20:497:20:501 | self |
+| UseUseExplosion.rb:20:476:20:480 | self | UseUseExplosion.rb:20:3339:20:3344 | self |
+| UseUseExplosion.rb:20:476:20:485 | ... > ... | UseUseExplosion.rb:20:475:20:486 | [false] ( ... ) |
+| UseUseExplosion.rb:20:476:20:485 | ... > ... | UseUseExplosion.rb:20:475:20:486 | [true] ( ... ) |
+| UseUseExplosion.rb:20:484:20:485 | 78 | UseUseExplosion.rb:20:476:20:485 | ... > ... |
+| UseUseExplosion.rb:20:488:20:3332 | then ... | UseUseExplosion.rb:20:472:20:3348 | if ... |
+| UseUseExplosion.rb:20:493:20:3332 | SSA phi read(self) | UseUseExplosion.rb:20:472:20:3348 | SSA phi read(self) |
+| UseUseExplosion.rb:20:493:20:3332 | SSA phi read(x) | UseUseExplosion.rb:20:472:20:3348 | SSA phi read(x) |
+| UseUseExplosion.rb:20:493:20:3332 | if ... | UseUseExplosion.rb:20:488:20:3332 | then ... |
+| UseUseExplosion.rb:20:497:20:501 | @prop | UseUseExplosion.rb:20:497:20:506 | ... > ... |
+| UseUseExplosion.rb:20:497:20:501 | [post] self | UseUseExplosion.rb:20:518:20:522 | self |
+| UseUseExplosion.rb:20:497:20:501 | [post] self | UseUseExplosion.rb:20:3323:20:3328 | self |
+| UseUseExplosion.rb:20:497:20:501 | self | UseUseExplosion.rb:20:518:20:522 | self |
+| UseUseExplosion.rb:20:497:20:501 | self | UseUseExplosion.rb:20:3323:20:3328 | self |
+| UseUseExplosion.rb:20:497:20:506 | ... > ... | UseUseExplosion.rb:20:496:20:507 | [false] ( ... ) |
+| UseUseExplosion.rb:20:497:20:506 | ... > ... | UseUseExplosion.rb:20:496:20:507 | [true] ( ... ) |
+| UseUseExplosion.rb:20:505:20:506 | 77 | UseUseExplosion.rb:20:497:20:506 | ... > ... |
+| UseUseExplosion.rb:20:509:20:3316 | then ... | UseUseExplosion.rb:20:493:20:3332 | if ... |
+| UseUseExplosion.rb:20:514:20:3316 | SSA phi read(self) | UseUseExplosion.rb:20:493:20:3332 | SSA phi read(self) |
+| UseUseExplosion.rb:20:514:20:3316 | SSA phi read(x) | UseUseExplosion.rb:20:493:20:3332 | SSA phi read(x) |
+| UseUseExplosion.rb:20:514:20:3316 | if ... | UseUseExplosion.rb:20:509:20:3316 | then ... |
+| UseUseExplosion.rb:20:518:20:522 | @prop | UseUseExplosion.rb:20:518:20:527 | ... > ... |
+| UseUseExplosion.rb:20:518:20:522 | [post] self | UseUseExplosion.rb:20:539:20:543 | self |
+| UseUseExplosion.rb:20:518:20:522 | [post] self | UseUseExplosion.rb:20:3307:20:3312 | self |
+| UseUseExplosion.rb:20:518:20:522 | self | UseUseExplosion.rb:20:539:20:543 | self |
+| UseUseExplosion.rb:20:518:20:522 | self | UseUseExplosion.rb:20:3307:20:3312 | self |
+| UseUseExplosion.rb:20:518:20:527 | ... > ... | UseUseExplosion.rb:20:517:20:528 | [false] ( ... ) |
+| UseUseExplosion.rb:20:518:20:527 | ... > ... | UseUseExplosion.rb:20:517:20:528 | [true] ( ... ) |
+| UseUseExplosion.rb:20:526:20:527 | 76 | UseUseExplosion.rb:20:518:20:527 | ... > ... |
+| UseUseExplosion.rb:20:530:20:3300 | then ... | UseUseExplosion.rb:20:514:20:3316 | if ... |
+| UseUseExplosion.rb:20:535:20:3300 | SSA phi read(self) | UseUseExplosion.rb:20:514:20:3316 | SSA phi read(self) |
+| UseUseExplosion.rb:20:535:20:3300 | SSA phi read(x) | UseUseExplosion.rb:20:514:20:3316 | SSA phi read(x) |
+| UseUseExplosion.rb:20:535:20:3300 | if ... | UseUseExplosion.rb:20:530:20:3300 | then ... |
+| UseUseExplosion.rb:20:539:20:543 | @prop | UseUseExplosion.rb:20:539:20:548 | ... > ... |
+| UseUseExplosion.rb:20:539:20:543 | [post] self | UseUseExplosion.rb:20:560:20:564 | self |
+| UseUseExplosion.rb:20:539:20:543 | [post] self | UseUseExplosion.rb:20:3291:20:3296 | self |
+| UseUseExplosion.rb:20:539:20:543 | self | UseUseExplosion.rb:20:560:20:564 | self |
+| UseUseExplosion.rb:20:539:20:543 | self | UseUseExplosion.rb:20:3291:20:3296 | self |
+| UseUseExplosion.rb:20:539:20:548 | ... > ... | UseUseExplosion.rb:20:538:20:549 | [false] ( ... ) |
+| UseUseExplosion.rb:20:539:20:548 | ... > ... | UseUseExplosion.rb:20:538:20:549 | [true] ( ... ) |
+| UseUseExplosion.rb:20:547:20:548 | 75 | UseUseExplosion.rb:20:539:20:548 | ... > ... |
+| UseUseExplosion.rb:20:551:20:3284 | then ... | UseUseExplosion.rb:20:535:20:3300 | if ... |
+| UseUseExplosion.rb:20:556:20:3284 | SSA phi read(self) | UseUseExplosion.rb:20:535:20:3300 | SSA phi read(self) |
+| UseUseExplosion.rb:20:556:20:3284 | SSA phi read(x) | UseUseExplosion.rb:20:535:20:3300 | SSA phi read(x) |
+| UseUseExplosion.rb:20:556:20:3284 | if ... | UseUseExplosion.rb:20:551:20:3284 | then ... |
+| UseUseExplosion.rb:20:560:20:564 | @prop | UseUseExplosion.rb:20:560:20:569 | ... > ... |
+| UseUseExplosion.rb:20:560:20:564 | [post] self | UseUseExplosion.rb:20:581:20:585 | self |
+| UseUseExplosion.rb:20:560:20:564 | [post] self | UseUseExplosion.rb:20:3275:20:3280 | self |
+| UseUseExplosion.rb:20:560:20:564 | self | UseUseExplosion.rb:20:581:20:585 | self |
+| UseUseExplosion.rb:20:560:20:564 | self | UseUseExplosion.rb:20:3275:20:3280 | self |
+| UseUseExplosion.rb:20:560:20:569 | ... > ... | UseUseExplosion.rb:20:559:20:570 | [false] ( ... ) |
+| UseUseExplosion.rb:20:560:20:569 | ... > ... | UseUseExplosion.rb:20:559:20:570 | [true] ( ... ) |
+| UseUseExplosion.rb:20:568:20:569 | 74 | UseUseExplosion.rb:20:560:20:569 | ... > ... |
+| UseUseExplosion.rb:20:572:20:3268 | then ... | UseUseExplosion.rb:20:556:20:3284 | if ... |
+| UseUseExplosion.rb:20:577:20:3268 | SSA phi read(self) | UseUseExplosion.rb:20:556:20:3284 | SSA phi read(self) |
+| UseUseExplosion.rb:20:577:20:3268 | SSA phi read(x) | UseUseExplosion.rb:20:556:20:3284 | SSA phi read(x) |
+| UseUseExplosion.rb:20:577:20:3268 | if ... | UseUseExplosion.rb:20:572:20:3268 | then ... |
+| UseUseExplosion.rb:20:581:20:585 | @prop | UseUseExplosion.rb:20:581:20:590 | ... > ... |
+| UseUseExplosion.rb:20:581:20:585 | [post] self | UseUseExplosion.rb:20:602:20:606 | self |
+| UseUseExplosion.rb:20:581:20:585 | [post] self | UseUseExplosion.rb:20:3259:20:3264 | self |
+| UseUseExplosion.rb:20:581:20:585 | self | UseUseExplosion.rb:20:602:20:606 | self |
+| UseUseExplosion.rb:20:581:20:585 | self | UseUseExplosion.rb:20:3259:20:3264 | self |
+| UseUseExplosion.rb:20:581:20:590 | ... > ... | UseUseExplosion.rb:20:580:20:591 | [false] ( ... ) |
+| UseUseExplosion.rb:20:581:20:590 | ... > ... | UseUseExplosion.rb:20:580:20:591 | [true] ( ... ) |
+| UseUseExplosion.rb:20:589:20:590 | 73 | UseUseExplosion.rb:20:581:20:590 | ... > ... |
+| UseUseExplosion.rb:20:593:20:3252 | then ... | UseUseExplosion.rb:20:577:20:3268 | if ... |
+| UseUseExplosion.rb:20:598:20:3252 | SSA phi read(self) | UseUseExplosion.rb:20:577:20:3268 | SSA phi read(self) |
+| UseUseExplosion.rb:20:598:20:3252 | SSA phi read(x) | UseUseExplosion.rb:20:577:20:3268 | SSA phi read(x) |
+| UseUseExplosion.rb:20:598:20:3252 | if ... | UseUseExplosion.rb:20:593:20:3252 | then ... |
+| UseUseExplosion.rb:20:602:20:606 | @prop | UseUseExplosion.rb:20:602:20:611 | ... > ... |
+| UseUseExplosion.rb:20:602:20:606 | [post] self | UseUseExplosion.rb:20:623:20:627 | self |
+| UseUseExplosion.rb:20:602:20:606 | [post] self | UseUseExplosion.rb:20:3243:20:3248 | self |
+| UseUseExplosion.rb:20:602:20:606 | self | UseUseExplosion.rb:20:623:20:627 | self |
+| UseUseExplosion.rb:20:602:20:606 | self | UseUseExplosion.rb:20:3243:20:3248 | self |
+| UseUseExplosion.rb:20:602:20:611 | ... > ... | UseUseExplosion.rb:20:601:20:612 | [false] ( ... ) |
+| UseUseExplosion.rb:20:602:20:611 | ... > ... | UseUseExplosion.rb:20:601:20:612 | [true] ( ... ) |
+| UseUseExplosion.rb:20:610:20:611 | 72 | UseUseExplosion.rb:20:602:20:611 | ... > ... |
+| UseUseExplosion.rb:20:614:20:3236 | then ... | UseUseExplosion.rb:20:598:20:3252 | if ... |
+| UseUseExplosion.rb:20:619:20:3236 | SSA phi read(self) | UseUseExplosion.rb:20:598:20:3252 | SSA phi read(self) |
+| UseUseExplosion.rb:20:619:20:3236 | SSA phi read(x) | UseUseExplosion.rb:20:598:20:3252 | SSA phi read(x) |
+| UseUseExplosion.rb:20:619:20:3236 | if ... | UseUseExplosion.rb:20:614:20:3236 | then ... |
+| UseUseExplosion.rb:20:623:20:627 | @prop | UseUseExplosion.rb:20:623:20:632 | ... > ... |
+| UseUseExplosion.rb:20:623:20:627 | [post] self | UseUseExplosion.rb:20:644:20:648 | self |
+| UseUseExplosion.rb:20:623:20:627 | [post] self | UseUseExplosion.rb:20:3227:20:3232 | self |
+| UseUseExplosion.rb:20:623:20:627 | self | UseUseExplosion.rb:20:644:20:648 | self |
+| UseUseExplosion.rb:20:623:20:627 | self | UseUseExplosion.rb:20:3227:20:3232 | self |
+| UseUseExplosion.rb:20:623:20:632 | ... > ... | UseUseExplosion.rb:20:622:20:633 | [false] ( ... ) |
+| UseUseExplosion.rb:20:623:20:632 | ... > ... | UseUseExplosion.rb:20:622:20:633 | [true] ( ... ) |
+| UseUseExplosion.rb:20:631:20:632 | 71 | UseUseExplosion.rb:20:623:20:632 | ... > ... |
+| UseUseExplosion.rb:20:635:20:3220 | then ... | UseUseExplosion.rb:20:619:20:3236 | if ... |
+| UseUseExplosion.rb:20:640:20:3220 | SSA phi read(self) | UseUseExplosion.rb:20:619:20:3236 | SSA phi read(self) |
+| UseUseExplosion.rb:20:640:20:3220 | SSA phi read(x) | UseUseExplosion.rb:20:619:20:3236 | SSA phi read(x) |
+| UseUseExplosion.rb:20:640:20:3220 | if ... | UseUseExplosion.rb:20:635:20:3220 | then ... |
+| UseUseExplosion.rb:20:644:20:648 | @prop | UseUseExplosion.rb:20:644:20:653 | ... > ... |
+| UseUseExplosion.rb:20:644:20:648 | [post] self | UseUseExplosion.rb:20:665:20:669 | self |
+| UseUseExplosion.rb:20:644:20:648 | [post] self | UseUseExplosion.rb:20:3211:20:3216 | self |
+| UseUseExplosion.rb:20:644:20:648 | self | UseUseExplosion.rb:20:665:20:669 | self |
+| UseUseExplosion.rb:20:644:20:648 | self | UseUseExplosion.rb:20:3211:20:3216 | self |
+| UseUseExplosion.rb:20:644:20:653 | ... > ... | UseUseExplosion.rb:20:643:20:654 | [false] ( ... ) |
+| UseUseExplosion.rb:20:644:20:653 | ... > ... | UseUseExplosion.rb:20:643:20:654 | [true] ( ... ) |
+| UseUseExplosion.rb:20:652:20:653 | 70 | UseUseExplosion.rb:20:644:20:653 | ... > ... |
+| UseUseExplosion.rb:20:656:20:3204 | then ... | UseUseExplosion.rb:20:640:20:3220 | if ... |
+| UseUseExplosion.rb:20:661:20:3204 | SSA phi read(self) | UseUseExplosion.rb:20:640:20:3220 | SSA phi read(self) |
+| UseUseExplosion.rb:20:661:20:3204 | SSA phi read(x) | UseUseExplosion.rb:20:640:20:3220 | SSA phi read(x) |
+| UseUseExplosion.rb:20:661:20:3204 | if ... | UseUseExplosion.rb:20:656:20:3204 | then ... |
+| UseUseExplosion.rb:20:665:20:669 | @prop | UseUseExplosion.rb:20:665:20:674 | ... > ... |
+| UseUseExplosion.rb:20:665:20:669 | [post] self | UseUseExplosion.rb:20:686:20:690 | self |
+| UseUseExplosion.rb:20:665:20:669 | [post] self | UseUseExplosion.rb:20:3195:20:3200 | self |
+| UseUseExplosion.rb:20:665:20:669 | self | UseUseExplosion.rb:20:686:20:690 | self |
+| UseUseExplosion.rb:20:665:20:669 | self | UseUseExplosion.rb:20:3195:20:3200 | self |
+| UseUseExplosion.rb:20:665:20:674 | ... > ... | UseUseExplosion.rb:20:664:20:675 | [false] ( ... ) |
+| UseUseExplosion.rb:20:665:20:674 | ... > ... | UseUseExplosion.rb:20:664:20:675 | [true] ( ... ) |
+| UseUseExplosion.rb:20:673:20:674 | 69 | UseUseExplosion.rb:20:665:20:674 | ... > ... |
+| UseUseExplosion.rb:20:677:20:3188 | then ... | UseUseExplosion.rb:20:661:20:3204 | if ... |
+| UseUseExplosion.rb:20:682:20:3188 | SSA phi read(self) | UseUseExplosion.rb:20:661:20:3204 | SSA phi read(self) |
+| UseUseExplosion.rb:20:682:20:3188 | SSA phi read(x) | UseUseExplosion.rb:20:661:20:3204 | SSA phi read(x) |
+| UseUseExplosion.rb:20:682:20:3188 | if ... | UseUseExplosion.rb:20:677:20:3188 | then ... |
+| UseUseExplosion.rb:20:686:20:690 | @prop | UseUseExplosion.rb:20:686:20:695 | ... > ... |
+| UseUseExplosion.rb:20:686:20:690 | [post] self | UseUseExplosion.rb:20:707:20:711 | self |
+| UseUseExplosion.rb:20:686:20:690 | [post] self | UseUseExplosion.rb:20:3179:20:3184 | self |
+| UseUseExplosion.rb:20:686:20:690 | self | UseUseExplosion.rb:20:707:20:711 | self |
+| UseUseExplosion.rb:20:686:20:690 | self | UseUseExplosion.rb:20:3179:20:3184 | self |
+| UseUseExplosion.rb:20:686:20:695 | ... > ... | UseUseExplosion.rb:20:685:20:696 | [false] ( ... ) |
+| UseUseExplosion.rb:20:686:20:695 | ... > ... | UseUseExplosion.rb:20:685:20:696 | [true] ( ... ) |
+| UseUseExplosion.rb:20:694:20:695 | 68 | UseUseExplosion.rb:20:686:20:695 | ... > ... |
+| UseUseExplosion.rb:20:698:20:3172 | then ... | UseUseExplosion.rb:20:682:20:3188 | if ... |
+| UseUseExplosion.rb:20:703:20:3172 | SSA phi read(self) | UseUseExplosion.rb:20:682:20:3188 | SSA phi read(self) |
+| UseUseExplosion.rb:20:703:20:3172 | SSA phi read(x) | UseUseExplosion.rb:20:682:20:3188 | SSA phi read(x) |
+| UseUseExplosion.rb:20:703:20:3172 | if ... | UseUseExplosion.rb:20:698:20:3172 | then ... |
+| UseUseExplosion.rb:20:707:20:711 | @prop | UseUseExplosion.rb:20:707:20:716 | ... > ... |
+| UseUseExplosion.rb:20:707:20:711 | [post] self | UseUseExplosion.rb:20:728:20:732 | self |
+| UseUseExplosion.rb:20:707:20:711 | [post] self | UseUseExplosion.rb:20:3163:20:3168 | self |
+| UseUseExplosion.rb:20:707:20:711 | self | UseUseExplosion.rb:20:728:20:732 | self |
+| UseUseExplosion.rb:20:707:20:711 | self | UseUseExplosion.rb:20:3163:20:3168 | self |
+| UseUseExplosion.rb:20:707:20:716 | ... > ... | UseUseExplosion.rb:20:706:20:717 | [false] ( ... ) |
+| UseUseExplosion.rb:20:707:20:716 | ... > ... | UseUseExplosion.rb:20:706:20:717 | [true] ( ... ) |
+| UseUseExplosion.rb:20:715:20:716 | 67 | UseUseExplosion.rb:20:707:20:716 | ... > ... |
+| UseUseExplosion.rb:20:719:20:3156 | then ... | UseUseExplosion.rb:20:703:20:3172 | if ... |
+| UseUseExplosion.rb:20:724:20:3156 | SSA phi read(self) | UseUseExplosion.rb:20:703:20:3172 | SSA phi read(self) |
+| UseUseExplosion.rb:20:724:20:3156 | SSA phi read(x) | UseUseExplosion.rb:20:703:20:3172 | SSA phi read(x) |
+| UseUseExplosion.rb:20:724:20:3156 | if ... | UseUseExplosion.rb:20:719:20:3156 | then ... |
+| UseUseExplosion.rb:20:728:20:732 | @prop | UseUseExplosion.rb:20:728:20:737 | ... > ... |
+| UseUseExplosion.rb:20:728:20:732 | [post] self | UseUseExplosion.rb:20:749:20:753 | self |
+| UseUseExplosion.rb:20:728:20:732 | [post] self | UseUseExplosion.rb:20:3147:20:3152 | self |
+| UseUseExplosion.rb:20:728:20:732 | self | UseUseExplosion.rb:20:749:20:753 | self |
+| UseUseExplosion.rb:20:728:20:732 | self | UseUseExplosion.rb:20:3147:20:3152 | self |
+| UseUseExplosion.rb:20:728:20:737 | ... > ... | UseUseExplosion.rb:20:727:20:738 | [false] ( ... ) |
+| UseUseExplosion.rb:20:728:20:737 | ... > ... | UseUseExplosion.rb:20:727:20:738 | [true] ( ... ) |
+| UseUseExplosion.rb:20:736:20:737 | 66 | UseUseExplosion.rb:20:728:20:737 | ... > ... |
+| UseUseExplosion.rb:20:740:20:3140 | then ... | UseUseExplosion.rb:20:724:20:3156 | if ... |
+| UseUseExplosion.rb:20:745:20:3140 | SSA phi read(self) | UseUseExplosion.rb:20:724:20:3156 | SSA phi read(self) |
+| UseUseExplosion.rb:20:745:20:3140 | SSA phi read(x) | UseUseExplosion.rb:20:724:20:3156 | SSA phi read(x) |
+| UseUseExplosion.rb:20:745:20:3140 | if ... | UseUseExplosion.rb:20:740:20:3140 | then ... |
+| UseUseExplosion.rb:20:749:20:753 | @prop | UseUseExplosion.rb:20:749:20:758 | ... > ... |
+| UseUseExplosion.rb:20:749:20:753 | [post] self | UseUseExplosion.rb:20:770:20:774 | self |
+| UseUseExplosion.rb:20:749:20:753 | [post] self | UseUseExplosion.rb:20:3131:20:3136 | self |
+| UseUseExplosion.rb:20:749:20:753 | self | UseUseExplosion.rb:20:770:20:774 | self |
+| UseUseExplosion.rb:20:749:20:753 | self | UseUseExplosion.rb:20:3131:20:3136 | self |
+| UseUseExplosion.rb:20:749:20:758 | ... > ... | UseUseExplosion.rb:20:748:20:759 | [false] ( ... ) |
+| UseUseExplosion.rb:20:749:20:758 | ... > ... | UseUseExplosion.rb:20:748:20:759 | [true] ( ... ) |
+| UseUseExplosion.rb:20:757:20:758 | 65 | UseUseExplosion.rb:20:749:20:758 | ... > ... |
+| UseUseExplosion.rb:20:761:20:3124 | then ... | UseUseExplosion.rb:20:745:20:3140 | if ... |
+| UseUseExplosion.rb:20:766:20:3124 | SSA phi read(self) | UseUseExplosion.rb:20:745:20:3140 | SSA phi read(self) |
+| UseUseExplosion.rb:20:766:20:3124 | SSA phi read(x) | UseUseExplosion.rb:20:745:20:3140 | SSA phi read(x) |
+| UseUseExplosion.rb:20:766:20:3124 | if ... | UseUseExplosion.rb:20:761:20:3124 | then ... |
+| UseUseExplosion.rb:20:770:20:774 | @prop | UseUseExplosion.rb:20:770:20:779 | ... > ... |
+| UseUseExplosion.rb:20:770:20:774 | [post] self | UseUseExplosion.rb:20:791:20:795 | self |
+| UseUseExplosion.rb:20:770:20:774 | [post] self | UseUseExplosion.rb:20:3115:20:3120 | self |
+| UseUseExplosion.rb:20:770:20:774 | self | UseUseExplosion.rb:20:791:20:795 | self |
+| UseUseExplosion.rb:20:770:20:774 | self | UseUseExplosion.rb:20:3115:20:3120 | self |
+| UseUseExplosion.rb:20:770:20:779 | ... > ... | UseUseExplosion.rb:20:769:20:780 | [false] ( ... ) |
+| UseUseExplosion.rb:20:770:20:779 | ... > ... | UseUseExplosion.rb:20:769:20:780 | [true] ( ... ) |
+| UseUseExplosion.rb:20:778:20:779 | 64 | UseUseExplosion.rb:20:770:20:779 | ... > ... |
+| UseUseExplosion.rb:20:782:20:3108 | then ... | UseUseExplosion.rb:20:766:20:3124 | if ... |
+| UseUseExplosion.rb:20:787:20:3108 | SSA phi read(self) | UseUseExplosion.rb:20:766:20:3124 | SSA phi read(self) |
+| UseUseExplosion.rb:20:787:20:3108 | SSA phi read(x) | UseUseExplosion.rb:20:766:20:3124 | SSA phi read(x) |
+| UseUseExplosion.rb:20:787:20:3108 | if ... | UseUseExplosion.rb:20:782:20:3108 | then ... |
+| UseUseExplosion.rb:20:791:20:795 | @prop | UseUseExplosion.rb:20:791:20:800 | ... > ... |
+| UseUseExplosion.rb:20:791:20:795 | [post] self | UseUseExplosion.rb:20:812:20:816 | self |
+| UseUseExplosion.rb:20:791:20:795 | [post] self | UseUseExplosion.rb:20:3099:20:3104 | self |
+| UseUseExplosion.rb:20:791:20:795 | self | UseUseExplosion.rb:20:812:20:816 | self |
+| UseUseExplosion.rb:20:791:20:795 | self | UseUseExplosion.rb:20:3099:20:3104 | self |
+| UseUseExplosion.rb:20:791:20:800 | ... > ... | UseUseExplosion.rb:20:790:20:801 | [false] ( ... ) |
+| UseUseExplosion.rb:20:791:20:800 | ... > ... | UseUseExplosion.rb:20:790:20:801 | [true] ( ... ) |
+| UseUseExplosion.rb:20:799:20:800 | 63 | UseUseExplosion.rb:20:791:20:800 | ... > ... |
+| UseUseExplosion.rb:20:803:20:3092 | then ... | UseUseExplosion.rb:20:787:20:3108 | if ... |
+| UseUseExplosion.rb:20:808:20:3092 | SSA phi read(self) | UseUseExplosion.rb:20:787:20:3108 | SSA phi read(self) |
+| UseUseExplosion.rb:20:808:20:3092 | SSA phi read(x) | UseUseExplosion.rb:20:787:20:3108 | SSA phi read(x) |
+| UseUseExplosion.rb:20:808:20:3092 | if ... | UseUseExplosion.rb:20:803:20:3092 | then ... |
+| UseUseExplosion.rb:20:812:20:816 | @prop | UseUseExplosion.rb:20:812:20:821 | ... > ... |
+| UseUseExplosion.rb:20:812:20:816 | [post] self | UseUseExplosion.rb:20:833:20:837 | self |
+| UseUseExplosion.rb:20:812:20:816 | [post] self | UseUseExplosion.rb:20:3083:20:3088 | self |
+| UseUseExplosion.rb:20:812:20:816 | self | UseUseExplosion.rb:20:833:20:837 | self |
+| UseUseExplosion.rb:20:812:20:816 | self | UseUseExplosion.rb:20:3083:20:3088 | self |
+| UseUseExplosion.rb:20:812:20:821 | ... > ... | UseUseExplosion.rb:20:811:20:822 | [false] ( ... ) |
+| UseUseExplosion.rb:20:812:20:821 | ... > ... | UseUseExplosion.rb:20:811:20:822 | [true] ( ... ) |
+| UseUseExplosion.rb:20:820:20:821 | 62 | UseUseExplosion.rb:20:812:20:821 | ... > ... |
+| UseUseExplosion.rb:20:824:20:3076 | then ... | UseUseExplosion.rb:20:808:20:3092 | if ... |
+| UseUseExplosion.rb:20:829:20:3076 | SSA phi read(self) | UseUseExplosion.rb:20:808:20:3092 | SSA phi read(self) |
+| UseUseExplosion.rb:20:829:20:3076 | SSA phi read(x) | UseUseExplosion.rb:20:808:20:3092 | SSA phi read(x) |
+| UseUseExplosion.rb:20:829:20:3076 | if ... | UseUseExplosion.rb:20:824:20:3076 | then ... |
+| UseUseExplosion.rb:20:833:20:837 | @prop | UseUseExplosion.rb:20:833:20:842 | ... > ... |
+| UseUseExplosion.rb:20:833:20:837 | [post] self | UseUseExplosion.rb:20:854:20:858 | self |
+| UseUseExplosion.rb:20:833:20:837 | [post] self | UseUseExplosion.rb:20:3067:20:3072 | self |
+| UseUseExplosion.rb:20:833:20:837 | self | UseUseExplosion.rb:20:854:20:858 | self |
+| UseUseExplosion.rb:20:833:20:837 | self | UseUseExplosion.rb:20:3067:20:3072 | self |
+| UseUseExplosion.rb:20:833:20:842 | ... > ... | UseUseExplosion.rb:20:832:20:843 | [false] ( ... ) |
+| UseUseExplosion.rb:20:833:20:842 | ... > ... | UseUseExplosion.rb:20:832:20:843 | [true] ( ... ) |
+| UseUseExplosion.rb:20:841:20:842 | 61 | UseUseExplosion.rb:20:833:20:842 | ... > ... |
+| UseUseExplosion.rb:20:845:20:3060 | then ... | UseUseExplosion.rb:20:829:20:3076 | if ... |
+| UseUseExplosion.rb:20:850:20:3060 | SSA phi read(self) | UseUseExplosion.rb:20:829:20:3076 | SSA phi read(self) |
+| UseUseExplosion.rb:20:850:20:3060 | SSA phi read(x) | UseUseExplosion.rb:20:829:20:3076 | SSA phi read(x) |
+| UseUseExplosion.rb:20:850:20:3060 | if ... | UseUseExplosion.rb:20:845:20:3060 | then ... |
+| UseUseExplosion.rb:20:854:20:858 | @prop | UseUseExplosion.rb:20:854:20:863 | ... > ... |
+| UseUseExplosion.rb:20:854:20:858 | [post] self | UseUseExplosion.rb:20:875:20:879 | self |
+| UseUseExplosion.rb:20:854:20:858 | [post] self | UseUseExplosion.rb:20:3051:20:3056 | self |
+| UseUseExplosion.rb:20:854:20:858 | self | UseUseExplosion.rb:20:875:20:879 | self |
+| UseUseExplosion.rb:20:854:20:858 | self | UseUseExplosion.rb:20:3051:20:3056 | self |
+| UseUseExplosion.rb:20:854:20:863 | ... > ... | UseUseExplosion.rb:20:853:20:864 | [false] ( ... ) |
+| UseUseExplosion.rb:20:854:20:863 | ... > ... | UseUseExplosion.rb:20:853:20:864 | [true] ( ... ) |
+| UseUseExplosion.rb:20:862:20:863 | 60 | UseUseExplosion.rb:20:854:20:863 | ... > ... |
+| UseUseExplosion.rb:20:866:20:3044 | then ... | UseUseExplosion.rb:20:850:20:3060 | if ... |
+| UseUseExplosion.rb:20:871:20:3044 | SSA phi read(self) | UseUseExplosion.rb:20:850:20:3060 | SSA phi read(self) |
+| UseUseExplosion.rb:20:871:20:3044 | SSA phi read(x) | UseUseExplosion.rb:20:850:20:3060 | SSA phi read(x) |
+| UseUseExplosion.rb:20:871:20:3044 | if ... | UseUseExplosion.rb:20:866:20:3044 | then ... |
+| UseUseExplosion.rb:20:875:20:879 | @prop | UseUseExplosion.rb:20:875:20:884 | ... > ... |
+| UseUseExplosion.rb:20:875:20:879 | [post] self | UseUseExplosion.rb:20:896:20:900 | self |
+| UseUseExplosion.rb:20:875:20:879 | [post] self | UseUseExplosion.rb:20:3035:20:3040 | self |
+| UseUseExplosion.rb:20:875:20:879 | self | UseUseExplosion.rb:20:896:20:900 | self |
+| UseUseExplosion.rb:20:875:20:879 | self | UseUseExplosion.rb:20:3035:20:3040 | self |
+| UseUseExplosion.rb:20:875:20:884 | ... > ... | UseUseExplosion.rb:20:874:20:885 | [false] ( ... ) |
+| UseUseExplosion.rb:20:875:20:884 | ... > ... | UseUseExplosion.rb:20:874:20:885 | [true] ( ... ) |
+| UseUseExplosion.rb:20:883:20:884 | 59 | UseUseExplosion.rb:20:875:20:884 | ... > ... |
+| UseUseExplosion.rb:20:887:20:3028 | then ... | UseUseExplosion.rb:20:871:20:3044 | if ... |
+| UseUseExplosion.rb:20:892:20:3028 | SSA phi read(self) | UseUseExplosion.rb:20:871:20:3044 | SSA phi read(self) |
+| UseUseExplosion.rb:20:892:20:3028 | SSA phi read(x) | UseUseExplosion.rb:20:871:20:3044 | SSA phi read(x) |
+| UseUseExplosion.rb:20:892:20:3028 | if ... | UseUseExplosion.rb:20:887:20:3028 | then ... |
+| UseUseExplosion.rb:20:896:20:900 | @prop | UseUseExplosion.rb:20:896:20:905 | ... > ... |
+| UseUseExplosion.rb:20:896:20:900 | [post] self | UseUseExplosion.rb:20:917:20:921 | self |
+| UseUseExplosion.rb:20:896:20:900 | [post] self | UseUseExplosion.rb:20:3019:20:3024 | self |
+| UseUseExplosion.rb:20:896:20:900 | self | UseUseExplosion.rb:20:917:20:921 | self |
+| UseUseExplosion.rb:20:896:20:900 | self | UseUseExplosion.rb:20:3019:20:3024 | self |
+| UseUseExplosion.rb:20:896:20:905 | ... > ... | UseUseExplosion.rb:20:895:20:906 | [false] ( ... ) |
+| UseUseExplosion.rb:20:896:20:905 | ... > ... | UseUseExplosion.rb:20:895:20:906 | [true] ( ... ) |
+| UseUseExplosion.rb:20:904:20:905 | 58 | UseUseExplosion.rb:20:896:20:905 | ... > ... |
+| UseUseExplosion.rb:20:908:20:3012 | then ... | UseUseExplosion.rb:20:892:20:3028 | if ... |
+| UseUseExplosion.rb:20:913:20:3012 | SSA phi read(self) | UseUseExplosion.rb:20:892:20:3028 | SSA phi read(self) |
+| UseUseExplosion.rb:20:913:20:3012 | SSA phi read(x) | UseUseExplosion.rb:20:892:20:3028 | SSA phi read(x) |
+| UseUseExplosion.rb:20:913:20:3012 | if ... | UseUseExplosion.rb:20:908:20:3012 | then ... |
+| UseUseExplosion.rb:20:917:20:921 | @prop | UseUseExplosion.rb:20:917:20:926 | ... > ... |
+| UseUseExplosion.rb:20:917:20:921 | [post] self | UseUseExplosion.rb:20:938:20:942 | self |
+| UseUseExplosion.rb:20:917:20:921 | [post] self | UseUseExplosion.rb:20:3003:20:3008 | self |
+| UseUseExplosion.rb:20:917:20:921 | self | UseUseExplosion.rb:20:938:20:942 | self |
+| UseUseExplosion.rb:20:917:20:921 | self | UseUseExplosion.rb:20:3003:20:3008 | self |
+| UseUseExplosion.rb:20:917:20:926 | ... > ... | UseUseExplosion.rb:20:916:20:927 | [false] ( ... ) |
+| UseUseExplosion.rb:20:917:20:926 | ... > ... | UseUseExplosion.rb:20:916:20:927 | [true] ( ... ) |
+| UseUseExplosion.rb:20:925:20:926 | 57 | UseUseExplosion.rb:20:917:20:926 | ... > ... |
+| UseUseExplosion.rb:20:929:20:2996 | then ... | UseUseExplosion.rb:20:913:20:3012 | if ... |
+| UseUseExplosion.rb:20:934:20:2996 | SSA phi read(self) | UseUseExplosion.rb:20:913:20:3012 | SSA phi read(self) |
+| UseUseExplosion.rb:20:934:20:2996 | SSA phi read(x) | UseUseExplosion.rb:20:913:20:3012 | SSA phi read(x) |
+| UseUseExplosion.rb:20:934:20:2996 | if ... | UseUseExplosion.rb:20:929:20:2996 | then ... |
+| UseUseExplosion.rb:20:938:20:942 | @prop | UseUseExplosion.rb:20:938:20:947 | ... > ... |
+| UseUseExplosion.rb:20:938:20:942 | [post] self | UseUseExplosion.rb:20:959:20:963 | self |
+| UseUseExplosion.rb:20:938:20:942 | [post] self | UseUseExplosion.rb:20:2987:20:2992 | self |
+| UseUseExplosion.rb:20:938:20:942 | self | UseUseExplosion.rb:20:959:20:963 | self |
+| UseUseExplosion.rb:20:938:20:942 | self | UseUseExplosion.rb:20:2987:20:2992 | self |
+| UseUseExplosion.rb:20:938:20:947 | ... > ... | UseUseExplosion.rb:20:937:20:948 | [false] ( ... ) |
+| UseUseExplosion.rb:20:938:20:947 | ... > ... | UseUseExplosion.rb:20:937:20:948 | [true] ( ... ) |
+| UseUseExplosion.rb:20:946:20:947 | 56 | UseUseExplosion.rb:20:938:20:947 | ... > ... |
+| UseUseExplosion.rb:20:950:20:2980 | then ... | UseUseExplosion.rb:20:934:20:2996 | if ... |
+| UseUseExplosion.rb:20:955:20:2980 | SSA phi read(self) | UseUseExplosion.rb:20:934:20:2996 | SSA phi read(self) |
+| UseUseExplosion.rb:20:955:20:2980 | SSA phi read(x) | UseUseExplosion.rb:20:934:20:2996 | SSA phi read(x) |
+| UseUseExplosion.rb:20:955:20:2980 | if ... | UseUseExplosion.rb:20:950:20:2980 | then ... |
+| UseUseExplosion.rb:20:959:20:963 | @prop | UseUseExplosion.rb:20:959:20:968 | ... > ... |
+| UseUseExplosion.rb:20:959:20:963 | [post] self | UseUseExplosion.rb:20:980:20:984 | self |
+| UseUseExplosion.rb:20:959:20:963 | [post] self | UseUseExplosion.rb:20:2971:20:2976 | self |
+| UseUseExplosion.rb:20:959:20:963 | self | UseUseExplosion.rb:20:980:20:984 | self |
+| UseUseExplosion.rb:20:959:20:963 | self | UseUseExplosion.rb:20:2971:20:2976 | self |
+| UseUseExplosion.rb:20:959:20:968 | ... > ... | UseUseExplosion.rb:20:958:20:969 | [false] ( ... ) |
+| UseUseExplosion.rb:20:959:20:968 | ... > ... | UseUseExplosion.rb:20:958:20:969 | [true] ( ... ) |
+| UseUseExplosion.rb:20:967:20:968 | 55 | UseUseExplosion.rb:20:959:20:968 | ... > ... |
+| UseUseExplosion.rb:20:971:20:2964 | then ... | UseUseExplosion.rb:20:955:20:2980 | if ... |
+| UseUseExplosion.rb:20:976:20:2964 | SSA phi read(self) | UseUseExplosion.rb:20:955:20:2980 | SSA phi read(self) |
+| UseUseExplosion.rb:20:976:20:2964 | SSA phi read(x) | UseUseExplosion.rb:20:955:20:2980 | SSA phi read(x) |
+| UseUseExplosion.rb:20:976:20:2964 | if ... | UseUseExplosion.rb:20:971:20:2964 | then ... |
+| UseUseExplosion.rb:20:980:20:984 | @prop | UseUseExplosion.rb:20:980:20:989 | ... > ... |
+| UseUseExplosion.rb:20:980:20:984 | [post] self | UseUseExplosion.rb:20:1001:20:1005 | self |
+| UseUseExplosion.rb:20:980:20:984 | [post] self | UseUseExplosion.rb:20:2955:20:2960 | self |
+| UseUseExplosion.rb:20:980:20:984 | self | UseUseExplosion.rb:20:1001:20:1005 | self |
+| UseUseExplosion.rb:20:980:20:984 | self | UseUseExplosion.rb:20:2955:20:2960 | self |
+| UseUseExplosion.rb:20:980:20:989 | ... > ... | UseUseExplosion.rb:20:979:20:990 | [false] ( ... ) |
+| UseUseExplosion.rb:20:980:20:989 | ... > ... | UseUseExplosion.rb:20:979:20:990 | [true] ( ... ) |
+| UseUseExplosion.rb:20:988:20:989 | 54 | UseUseExplosion.rb:20:980:20:989 | ... > ... |
+| UseUseExplosion.rb:20:992:20:2948 | then ... | UseUseExplosion.rb:20:976:20:2964 | if ... |
+| UseUseExplosion.rb:20:997:20:2948 | SSA phi read(self) | UseUseExplosion.rb:20:976:20:2964 | SSA phi read(self) |
+| UseUseExplosion.rb:20:997:20:2948 | SSA phi read(x) | UseUseExplosion.rb:20:976:20:2964 | SSA phi read(x) |
+| UseUseExplosion.rb:20:997:20:2948 | if ... | UseUseExplosion.rb:20:992:20:2948 | then ... |
+| UseUseExplosion.rb:20:1001:20:1005 | @prop | UseUseExplosion.rb:20:1001:20:1010 | ... > ... |
+| UseUseExplosion.rb:20:1001:20:1005 | [post] self | UseUseExplosion.rb:20:1022:20:1026 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | [post] self | UseUseExplosion.rb:20:2939:20:2944 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | self | UseUseExplosion.rb:20:1022:20:1026 | self |
+| UseUseExplosion.rb:20:1001:20:1005 | self | UseUseExplosion.rb:20:2939:20:2944 | self |
+| UseUseExplosion.rb:20:1001:20:1010 | ... > ... | UseUseExplosion.rb:20:1000:20:1011 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1001:20:1010 | ... > ... | UseUseExplosion.rb:20:1000:20:1011 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1009:20:1010 | 53 | UseUseExplosion.rb:20:1001:20:1010 | ... > ... |
+| UseUseExplosion.rb:20:1013:20:2932 | then ... | UseUseExplosion.rb:20:997:20:2948 | if ... |
+| UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(self) | UseUseExplosion.rb:20:997:20:2948 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(x) | UseUseExplosion.rb:20:997:20:2948 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1018:20:2932 | if ... | UseUseExplosion.rb:20:1013:20:2932 | then ... |
+| UseUseExplosion.rb:20:1022:20:1026 | @prop | UseUseExplosion.rb:20:1022:20:1031 | ... > ... |
+| UseUseExplosion.rb:20:1022:20:1026 | [post] self | UseUseExplosion.rb:20:1043:20:1047 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | [post] self | UseUseExplosion.rb:20:2923:20:2928 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | self | UseUseExplosion.rb:20:1043:20:1047 | self |
+| UseUseExplosion.rb:20:1022:20:1026 | self | UseUseExplosion.rb:20:2923:20:2928 | self |
+| UseUseExplosion.rb:20:1022:20:1031 | ... > ... | UseUseExplosion.rb:20:1021:20:1032 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1022:20:1031 | ... > ... | UseUseExplosion.rb:20:1021:20:1032 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1030:20:1031 | 52 | UseUseExplosion.rb:20:1022:20:1031 | ... > ... |
+| UseUseExplosion.rb:20:1034:20:2916 | then ... | UseUseExplosion.rb:20:1018:20:2932 | if ... |
+| UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(self) | UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(x) | UseUseExplosion.rb:20:1018:20:2932 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1039:20:2916 | if ... | UseUseExplosion.rb:20:1034:20:2916 | then ... |
+| UseUseExplosion.rb:20:1043:20:1047 | @prop | UseUseExplosion.rb:20:1043:20:1052 | ... > ... |
+| UseUseExplosion.rb:20:1043:20:1047 | [post] self | UseUseExplosion.rb:20:1064:20:1068 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | [post] self | UseUseExplosion.rb:20:2907:20:2912 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | self | UseUseExplosion.rb:20:1064:20:1068 | self |
+| UseUseExplosion.rb:20:1043:20:1047 | self | UseUseExplosion.rb:20:2907:20:2912 | self |
+| UseUseExplosion.rb:20:1043:20:1052 | ... > ... | UseUseExplosion.rb:20:1042:20:1053 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1043:20:1052 | ... > ... | UseUseExplosion.rb:20:1042:20:1053 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1051:20:1052 | 51 | UseUseExplosion.rb:20:1043:20:1052 | ... > ... |
+| UseUseExplosion.rb:20:1055:20:2900 | then ... | UseUseExplosion.rb:20:1039:20:2916 | if ... |
+| UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(self) | UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(x) | UseUseExplosion.rb:20:1039:20:2916 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1060:20:2900 | if ... | UseUseExplosion.rb:20:1055:20:2900 | then ... |
+| UseUseExplosion.rb:20:1064:20:1068 | @prop | UseUseExplosion.rb:20:1064:20:1073 | ... > ... |
+| UseUseExplosion.rb:20:1064:20:1068 | [post] self | UseUseExplosion.rb:20:1085:20:1089 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | [post] self | UseUseExplosion.rb:20:2891:20:2896 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | self | UseUseExplosion.rb:20:1085:20:1089 | self |
+| UseUseExplosion.rb:20:1064:20:1068 | self | UseUseExplosion.rb:20:2891:20:2896 | self |
+| UseUseExplosion.rb:20:1064:20:1073 | ... > ... | UseUseExplosion.rb:20:1063:20:1074 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1064:20:1073 | ... > ... | UseUseExplosion.rb:20:1063:20:1074 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1072:20:1073 | 50 | UseUseExplosion.rb:20:1064:20:1073 | ... > ... |
+| UseUseExplosion.rb:20:1076:20:2884 | then ... | UseUseExplosion.rb:20:1060:20:2900 | if ... |
+| UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(self) | UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(x) | UseUseExplosion.rb:20:1060:20:2900 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1081:20:2884 | if ... | UseUseExplosion.rb:20:1076:20:2884 | then ... |
+| UseUseExplosion.rb:20:1085:20:1089 | @prop | UseUseExplosion.rb:20:1085:20:1094 | ... > ... |
+| UseUseExplosion.rb:20:1085:20:1089 | [post] self | UseUseExplosion.rb:20:1106:20:1110 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | [post] self | UseUseExplosion.rb:20:2875:20:2880 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | self | UseUseExplosion.rb:20:1106:20:1110 | self |
+| UseUseExplosion.rb:20:1085:20:1089 | self | UseUseExplosion.rb:20:2875:20:2880 | self |
+| UseUseExplosion.rb:20:1085:20:1094 | ... > ... | UseUseExplosion.rb:20:1084:20:1095 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1085:20:1094 | ... > ... | UseUseExplosion.rb:20:1084:20:1095 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1093:20:1094 | 49 | UseUseExplosion.rb:20:1085:20:1094 | ... > ... |
+| UseUseExplosion.rb:20:1097:20:2868 | then ... | UseUseExplosion.rb:20:1081:20:2884 | if ... |
+| UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(self) | UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(x) | UseUseExplosion.rb:20:1081:20:2884 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1102:20:2868 | if ... | UseUseExplosion.rb:20:1097:20:2868 | then ... |
+| UseUseExplosion.rb:20:1106:20:1110 | @prop | UseUseExplosion.rb:20:1106:20:1115 | ... > ... |
+| UseUseExplosion.rb:20:1106:20:1110 | [post] self | UseUseExplosion.rb:20:1127:20:1131 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | [post] self | UseUseExplosion.rb:20:2859:20:2864 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | self | UseUseExplosion.rb:20:1127:20:1131 | self |
+| UseUseExplosion.rb:20:1106:20:1110 | self | UseUseExplosion.rb:20:2859:20:2864 | self |
+| UseUseExplosion.rb:20:1106:20:1115 | ... > ... | UseUseExplosion.rb:20:1105:20:1116 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1106:20:1115 | ... > ... | UseUseExplosion.rb:20:1105:20:1116 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1114:20:1115 | 48 | UseUseExplosion.rb:20:1106:20:1115 | ... > ... |
+| UseUseExplosion.rb:20:1118:20:2852 | then ... | UseUseExplosion.rb:20:1102:20:2868 | if ... |
+| UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(self) | UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(x) | UseUseExplosion.rb:20:1102:20:2868 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1123:20:2852 | if ... | UseUseExplosion.rb:20:1118:20:2852 | then ... |
+| UseUseExplosion.rb:20:1127:20:1131 | @prop | UseUseExplosion.rb:20:1127:20:1136 | ... > ... |
+| UseUseExplosion.rb:20:1127:20:1131 | [post] self | UseUseExplosion.rb:20:1148:20:1152 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | [post] self | UseUseExplosion.rb:20:2843:20:2848 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | self | UseUseExplosion.rb:20:1148:20:1152 | self |
+| UseUseExplosion.rb:20:1127:20:1131 | self | UseUseExplosion.rb:20:2843:20:2848 | self |
+| UseUseExplosion.rb:20:1127:20:1136 | ... > ... | UseUseExplosion.rb:20:1126:20:1137 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1127:20:1136 | ... > ... | UseUseExplosion.rb:20:1126:20:1137 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1135:20:1136 | 47 | UseUseExplosion.rb:20:1127:20:1136 | ... > ... |
+| UseUseExplosion.rb:20:1139:20:2836 | then ... | UseUseExplosion.rb:20:1123:20:2852 | if ... |
+| UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(self) | UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(x) | UseUseExplosion.rb:20:1123:20:2852 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1144:20:2836 | if ... | UseUseExplosion.rb:20:1139:20:2836 | then ... |
+| UseUseExplosion.rb:20:1148:20:1152 | @prop | UseUseExplosion.rb:20:1148:20:1157 | ... > ... |
+| UseUseExplosion.rb:20:1148:20:1152 | [post] self | UseUseExplosion.rb:20:1169:20:1173 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | [post] self | UseUseExplosion.rb:20:2827:20:2832 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | self | UseUseExplosion.rb:20:1169:20:1173 | self |
+| UseUseExplosion.rb:20:1148:20:1152 | self | UseUseExplosion.rb:20:2827:20:2832 | self |
+| UseUseExplosion.rb:20:1148:20:1157 | ... > ... | UseUseExplosion.rb:20:1147:20:1158 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1148:20:1157 | ... > ... | UseUseExplosion.rb:20:1147:20:1158 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1156:20:1157 | 46 | UseUseExplosion.rb:20:1148:20:1157 | ... > ... |
+| UseUseExplosion.rb:20:1160:20:2820 | then ... | UseUseExplosion.rb:20:1144:20:2836 | if ... |
+| UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(self) | UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(x) | UseUseExplosion.rb:20:1144:20:2836 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1165:20:2820 | if ... | UseUseExplosion.rb:20:1160:20:2820 | then ... |
+| UseUseExplosion.rb:20:1169:20:1173 | @prop | UseUseExplosion.rb:20:1169:20:1178 | ... > ... |
+| UseUseExplosion.rb:20:1169:20:1173 | [post] self | UseUseExplosion.rb:20:1190:20:1194 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | [post] self | UseUseExplosion.rb:20:2811:20:2816 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | self | UseUseExplosion.rb:20:1190:20:1194 | self |
+| UseUseExplosion.rb:20:1169:20:1173 | self | UseUseExplosion.rb:20:2811:20:2816 | self |
+| UseUseExplosion.rb:20:1169:20:1178 | ... > ... | UseUseExplosion.rb:20:1168:20:1179 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1169:20:1178 | ... > ... | UseUseExplosion.rb:20:1168:20:1179 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1177:20:1178 | 45 | UseUseExplosion.rb:20:1169:20:1178 | ... > ... |
+| UseUseExplosion.rb:20:1181:20:2804 | then ... | UseUseExplosion.rb:20:1165:20:2820 | if ... |
+| UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(self) | UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(x) | UseUseExplosion.rb:20:1165:20:2820 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1186:20:2804 | if ... | UseUseExplosion.rb:20:1181:20:2804 | then ... |
+| UseUseExplosion.rb:20:1190:20:1194 | @prop | UseUseExplosion.rb:20:1190:20:1199 | ... > ... |
+| UseUseExplosion.rb:20:1190:20:1194 | [post] self | UseUseExplosion.rb:20:1211:20:1215 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | [post] self | UseUseExplosion.rb:20:2795:20:2800 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | self | UseUseExplosion.rb:20:1211:20:1215 | self |
+| UseUseExplosion.rb:20:1190:20:1194 | self | UseUseExplosion.rb:20:2795:20:2800 | self |
+| UseUseExplosion.rb:20:1190:20:1199 | ... > ... | UseUseExplosion.rb:20:1189:20:1200 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1190:20:1199 | ... > ... | UseUseExplosion.rb:20:1189:20:1200 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1198:20:1199 | 44 | UseUseExplosion.rb:20:1190:20:1199 | ... > ... |
+| UseUseExplosion.rb:20:1202:20:2788 | then ... | UseUseExplosion.rb:20:1186:20:2804 | if ... |
+| UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(self) | UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(x) | UseUseExplosion.rb:20:1186:20:2804 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1207:20:2788 | if ... | UseUseExplosion.rb:20:1202:20:2788 | then ... |
+| UseUseExplosion.rb:20:1211:20:1215 | @prop | UseUseExplosion.rb:20:1211:20:1220 | ... > ... |
+| UseUseExplosion.rb:20:1211:20:1215 | [post] self | UseUseExplosion.rb:20:1232:20:1236 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | [post] self | UseUseExplosion.rb:20:2779:20:2784 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | self | UseUseExplosion.rb:20:1232:20:1236 | self |
+| UseUseExplosion.rb:20:1211:20:1215 | self | UseUseExplosion.rb:20:2779:20:2784 | self |
+| UseUseExplosion.rb:20:1211:20:1220 | ... > ... | UseUseExplosion.rb:20:1210:20:1221 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1211:20:1220 | ... > ... | UseUseExplosion.rb:20:1210:20:1221 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1219:20:1220 | 43 | UseUseExplosion.rb:20:1211:20:1220 | ... > ... |
+| UseUseExplosion.rb:20:1223:20:2772 | then ... | UseUseExplosion.rb:20:1207:20:2788 | if ... |
+| UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(self) | UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(x) | UseUseExplosion.rb:20:1207:20:2788 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1228:20:2772 | if ... | UseUseExplosion.rb:20:1223:20:2772 | then ... |
+| UseUseExplosion.rb:20:1232:20:1236 | @prop | UseUseExplosion.rb:20:1232:20:1241 | ... > ... |
+| UseUseExplosion.rb:20:1232:20:1236 | [post] self | UseUseExplosion.rb:20:1253:20:1257 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | [post] self | UseUseExplosion.rb:20:2763:20:2768 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | self | UseUseExplosion.rb:20:1253:20:1257 | self |
+| UseUseExplosion.rb:20:1232:20:1236 | self | UseUseExplosion.rb:20:2763:20:2768 | self |
+| UseUseExplosion.rb:20:1232:20:1241 | ... > ... | UseUseExplosion.rb:20:1231:20:1242 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1232:20:1241 | ... > ... | UseUseExplosion.rb:20:1231:20:1242 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1240:20:1241 | 42 | UseUseExplosion.rb:20:1232:20:1241 | ... > ... |
+| UseUseExplosion.rb:20:1244:20:2756 | then ... | UseUseExplosion.rb:20:1228:20:2772 | if ... |
+| UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(self) | UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(x) | UseUseExplosion.rb:20:1228:20:2772 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1249:20:2756 | if ... | UseUseExplosion.rb:20:1244:20:2756 | then ... |
+| UseUseExplosion.rb:20:1253:20:1257 | @prop | UseUseExplosion.rb:20:1253:20:1262 | ... > ... |
+| UseUseExplosion.rb:20:1253:20:1257 | [post] self | UseUseExplosion.rb:20:1274:20:1278 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | [post] self | UseUseExplosion.rb:20:2747:20:2752 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | self | UseUseExplosion.rb:20:1274:20:1278 | self |
+| UseUseExplosion.rb:20:1253:20:1257 | self | UseUseExplosion.rb:20:2747:20:2752 | self |
+| UseUseExplosion.rb:20:1253:20:1262 | ... > ... | UseUseExplosion.rb:20:1252:20:1263 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1253:20:1262 | ... > ... | UseUseExplosion.rb:20:1252:20:1263 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1261:20:1262 | 41 | UseUseExplosion.rb:20:1253:20:1262 | ... > ... |
+| UseUseExplosion.rb:20:1265:20:2740 | then ... | UseUseExplosion.rb:20:1249:20:2756 | if ... |
+| UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(self) | UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(x) | UseUseExplosion.rb:20:1249:20:2756 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1270:20:2740 | if ... | UseUseExplosion.rb:20:1265:20:2740 | then ... |
+| UseUseExplosion.rb:20:1274:20:1278 | @prop | UseUseExplosion.rb:20:1274:20:1283 | ... > ... |
+| UseUseExplosion.rb:20:1274:20:1278 | [post] self | UseUseExplosion.rb:20:1295:20:1299 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | [post] self | UseUseExplosion.rb:20:2731:20:2736 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | self | UseUseExplosion.rb:20:1295:20:1299 | self |
+| UseUseExplosion.rb:20:1274:20:1278 | self | UseUseExplosion.rb:20:2731:20:2736 | self |
+| UseUseExplosion.rb:20:1274:20:1283 | ... > ... | UseUseExplosion.rb:20:1273:20:1284 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1274:20:1283 | ... > ... | UseUseExplosion.rb:20:1273:20:1284 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1282:20:1283 | 40 | UseUseExplosion.rb:20:1274:20:1283 | ... > ... |
+| UseUseExplosion.rb:20:1286:20:2724 | then ... | UseUseExplosion.rb:20:1270:20:2740 | if ... |
+| UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(self) | UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(x) | UseUseExplosion.rb:20:1270:20:2740 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1291:20:2724 | if ... | UseUseExplosion.rb:20:1286:20:2724 | then ... |
+| UseUseExplosion.rb:20:1295:20:1299 | @prop | UseUseExplosion.rb:20:1295:20:1304 | ... > ... |
+| UseUseExplosion.rb:20:1295:20:1299 | [post] self | UseUseExplosion.rb:20:1316:20:1320 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | [post] self | UseUseExplosion.rb:20:2715:20:2720 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | self | UseUseExplosion.rb:20:1316:20:1320 | self |
+| UseUseExplosion.rb:20:1295:20:1299 | self | UseUseExplosion.rb:20:2715:20:2720 | self |
+| UseUseExplosion.rb:20:1295:20:1304 | ... > ... | UseUseExplosion.rb:20:1294:20:1305 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1295:20:1304 | ... > ... | UseUseExplosion.rb:20:1294:20:1305 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1303:20:1304 | 39 | UseUseExplosion.rb:20:1295:20:1304 | ... > ... |
+| UseUseExplosion.rb:20:1307:20:2708 | then ... | UseUseExplosion.rb:20:1291:20:2724 | if ... |
+| UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(self) | UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(x) | UseUseExplosion.rb:20:1291:20:2724 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1312:20:2708 | if ... | UseUseExplosion.rb:20:1307:20:2708 | then ... |
+| UseUseExplosion.rb:20:1316:20:1320 | @prop | UseUseExplosion.rb:20:1316:20:1325 | ... > ... |
+| UseUseExplosion.rb:20:1316:20:1320 | [post] self | UseUseExplosion.rb:20:1337:20:1341 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | [post] self | UseUseExplosion.rb:20:2699:20:2704 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | self | UseUseExplosion.rb:20:1337:20:1341 | self |
+| UseUseExplosion.rb:20:1316:20:1320 | self | UseUseExplosion.rb:20:2699:20:2704 | self |
+| UseUseExplosion.rb:20:1316:20:1325 | ... > ... | UseUseExplosion.rb:20:1315:20:1326 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1316:20:1325 | ... > ... | UseUseExplosion.rb:20:1315:20:1326 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1324:20:1325 | 38 | UseUseExplosion.rb:20:1316:20:1325 | ... > ... |
+| UseUseExplosion.rb:20:1328:20:2692 | then ... | UseUseExplosion.rb:20:1312:20:2708 | if ... |
+| UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(self) | UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(x) | UseUseExplosion.rb:20:1312:20:2708 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1333:20:2692 | if ... | UseUseExplosion.rb:20:1328:20:2692 | then ... |
+| UseUseExplosion.rb:20:1337:20:1341 | @prop | UseUseExplosion.rb:20:1337:20:1346 | ... > ... |
+| UseUseExplosion.rb:20:1337:20:1341 | [post] self | UseUseExplosion.rb:20:1358:20:1362 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | [post] self | UseUseExplosion.rb:20:2683:20:2688 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | self | UseUseExplosion.rb:20:1358:20:1362 | self |
+| UseUseExplosion.rb:20:1337:20:1341 | self | UseUseExplosion.rb:20:2683:20:2688 | self |
+| UseUseExplosion.rb:20:1337:20:1346 | ... > ... | UseUseExplosion.rb:20:1336:20:1347 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1337:20:1346 | ... > ... | UseUseExplosion.rb:20:1336:20:1347 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1345:20:1346 | 37 | UseUseExplosion.rb:20:1337:20:1346 | ... > ... |
+| UseUseExplosion.rb:20:1349:20:2676 | then ... | UseUseExplosion.rb:20:1333:20:2692 | if ... |
+| UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(self) | UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(x) | UseUseExplosion.rb:20:1333:20:2692 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1354:20:2676 | if ... | UseUseExplosion.rb:20:1349:20:2676 | then ... |
+| UseUseExplosion.rb:20:1358:20:1362 | @prop | UseUseExplosion.rb:20:1358:20:1367 | ... > ... |
+| UseUseExplosion.rb:20:1358:20:1362 | [post] self | UseUseExplosion.rb:20:1379:20:1383 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | [post] self | UseUseExplosion.rb:20:2667:20:2672 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | self | UseUseExplosion.rb:20:1379:20:1383 | self |
+| UseUseExplosion.rb:20:1358:20:1362 | self | UseUseExplosion.rb:20:2667:20:2672 | self |
+| UseUseExplosion.rb:20:1358:20:1367 | ... > ... | UseUseExplosion.rb:20:1357:20:1368 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1358:20:1367 | ... > ... | UseUseExplosion.rb:20:1357:20:1368 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1366:20:1367 | 36 | UseUseExplosion.rb:20:1358:20:1367 | ... > ... |
+| UseUseExplosion.rb:20:1370:20:2660 | then ... | UseUseExplosion.rb:20:1354:20:2676 | if ... |
+| UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(self) | UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(x) | UseUseExplosion.rb:20:1354:20:2676 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1375:20:2660 | if ... | UseUseExplosion.rb:20:1370:20:2660 | then ... |
+| UseUseExplosion.rb:20:1379:20:1383 | @prop | UseUseExplosion.rb:20:1379:20:1388 | ... > ... |
+| UseUseExplosion.rb:20:1379:20:1383 | [post] self | UseUseExplosion.rb:20:1400:20:1404 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | [post] self | UseUseExplosion.rb:20:2651:20:2656 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | self | UseUseExplosion.rb:20:1400:20:1404 | self |
+| UseUseExplosion.rb:20:1379:20:1383 | self | UseUseExplosion.rb:20:2651:20:2656 | self |
+| UseUseExplosion.rb:20:1379:20:1388 | ... > ... | UseUseExplosion.rb:20:1378:20:1389 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1379:20:1388 | ... > ... | UseUseExplosion.rb:20:1378:20:1389 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1387:20:1388 | 35 | UseUseExplosion.rb:20:1379:20:1388 | ... > ... |
+| UseUseExplosion.rb:20:1391:20:2644 | then ... | UseUseExplosion.rb:20:1375:20:2660 | if ... |
+| UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(self) | UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(x) | UseUseExplosion.rb:20:1375:20:2660 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1396:20:2644 | if ... | UseUseExplosion.rb:20:1391:20:2644 | then ... |
+| UseUseExplosion.rb:20:1400:20:1404 | @prop | UseUseExplosion.rb:20:1400:20:1409 | ... > ... |
+| UseUseExplosion.rb:20:1400:20:1404 | [post] self | UseUseExplosion.rb:20:1421:20:1425 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | [post] self | UseUseExplosion.rb:20:2635:20:2640 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | self | UseUseExplosion.rb:20:1421:20:1425 | self |
+| UseUseExplosion.rb:20:1400:20:1404 | self | UseUseExplosion.rb:20:2635:20:2640 | self |
+| UseUseExplosion.rb:20:1400:20:1409 | ... > ... | UseUseExplosion.rb:20:1399:20:1410 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1400:20:1409 | ... > ... | UseUseExplosion.rb:20:1399:20:1410 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1408:20:1409 | 34 | UseUseExplosion.rb:20:1400:20:1409 | ... > ... |
+| UseUseExplosion.rb:20:1412:20:2628 | then ... | UseUseExplosion.rb:20:1396:20:2644 | if ... |
+| UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(self) | UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(x) | UseUseExplosion.rb:20:1396:20:2644 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1417:20:2628 | if ... | UseUseExplosion.rb:20:1412:20:2628 | then ... |
+| UseUseExplosion.rb:20:1421:20:1425 | @prop | UseUseExplosion.rb:20:1421:20:1430 | ... > ... |
+| UseUseExplosion.rb:20:1421:20:1425 | [post] self | UseUseExplosion.rb:20:1442:20:1446 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | [post] self | UseUseExplosion.rb:20:2619:20:2624 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | self | UseUseExplosion.rb:20:1442:20:1446 | self |
+| UseUseExplosion.rb:20:1421:20:1425 | self | UseUseExplosion.rb:20:2619:20:2624 | self |
+| UseUseExplosion.rb:20:1421:20:1430 | ... > ... | UseUseExplosion.rb:20:1420:20:1431 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1421:20:1430 | ... > ... | UseUseExplosion.rb:20:1420:20:1431 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1429:20:1430 | 33 | UseUseExplosion.rb:20:1421:20:1430 | ... > ... |
+| UseUseExplosion.rb:20:1433:20:2612 | then ... | UseUseExplosion.rb:20:1417:20:2628 | if ... |
+| UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(self) | UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(x) | UseUseExplosion.rb:20:1417:20:2628 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1438:20:2612 | if ... | UseUseExplosion.rb:20:1433:20:2612 | then ... |
+| UseUseExplosion.rb:20:1442:20:1446 | @prop | UseUseExplosion.rb:20:1442:20:1451 | ... > ... |
+| UseUseExplosion.rb:20:1442:20:1446 | [post] self | UseUseExplosion.rb:20:1463:20:1467 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | [post] self | UseUseExplosion.rb:20:2603:20:2608 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | self | UseUseExplosion.rb:20:1463:20:1467 | self |
+| UseUseExplosion.rb:20:1442:20:1446 | self | UseUseExplosion.rb:20:2603:20:2608 | self |
+| UseUseExplosion.rb:20:1442:20:1451 | ... > ... | UseUseExplosion.rb:20:1441:20:1452 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1442:20:1451 | ... > ... | UseUseExplosion.rb:20:1441:20:1452 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1450:20:1451 | 32 | UseUseExplosion.rb:20:1442:20:1451 | ... > ... |
+| UseUseExplosion.rb:20:1454:20:2596 | then ... | UseUseExplosion.rb:20:1438:20:2612 | if ... |
+| UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(self) | UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(x) | UseUseExplosion.rb:20:1438:20:2612 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1459:20:2596 | if ... | UseUseExplosion.rb:20:1454:20:2596 | then ... |
+| UseUseExplosion.rb:20:1463:20:1467 | @prop | UseUseExplosion.rb:20:1463:20:1472 | ... > ... |
+| UseUseExplosion.rb:20:1463:20:1467 | [post] self | UseUseExplosion.rb:20:1484:20:1488 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | [post] self | UseUseExplosion.rb:20:2587:20:2592 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | self | UseUseExplosion.rb:20:1484:20:1488 | self |
+| UseUseExplosion.rb:20:1463:20:1467 | self | UseUseExplosion.rb:20:2587:20:2592 | self |
+| UseUseExplosion.rb:20:1463:20:1472 | ... > ... | UseUseExplosion.rb:20:1462:20:1473 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1463:20:1472 | ... > ... | UseUseExplosion.rb:20:1462:20:1473 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1471:20:1472 | 31 | UseUseExplosion.rb:20:1463:20:1472 | ... > ... |
+| UseUseExplosion.rb:20:1475:20:2580 | then ... | UseUseExplosion.rb:20:1459:20:2596 | if ... |
+| UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(self) | UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(x) | UseUseExplosion.rb:20:1459:20:2596 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1480:20:2580 | if ... | UseUseExplosion.rb:20:1475:20:2580 | then ... |
+| UseUseExplosion.rb:20:1484:20:1488 | @prop | UseUseExplosion.rb:20:1484:20:1493 | ... > ... |
+| UseUseExplosion.rb:20:1484:20:1488 | [post] self | UseUseExplosion.rb:20:1505:20:1509 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | [post] self | UseUseExplosion.rb:20:2571:20:2576 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | self | UseUseExplosion.rb:20:1505:20:1509 | self |
+| UseUseExplosion.rb:20:1484:20:1488 | self | UseUseExplosion.rb:20:2571:20:2576 | self |
+| UseUseExplosion.rb:20:1484:20:1493 | ... > ... | UseUseExplosion.rb:20:1483:20:1494 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1484:20:1493 | ... > ... | UseUseExplosion.rb:20:1483:20:1494 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1492:20:1493 | 30 | UseUseExplosion.rb:20:1484:20:1493 | ... > ... |
+| UseUseExplosion.rb:20:1496:20:2564 | then ... | UseUseExplosion.rb:20:1480:20:2580 | if ... |
+| UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(self) | UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(x) | UseUseExplosion.rb:20:1480:20:2580 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1501:20:2564 | if ... | UseUseExplosion.rb:20:1496:20:2564 | then ... |
+| UseUseExplosion.rb:20:1505:20:1509 | @prop | UseUseExplosion.rb:20:1505:20:1514 | ... > ... |
+| UseUseExplosion.rb:20:1505:20:1509 | [post] self | UseUseExplosion.rb:20:1526:20:1530 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | [post] self | UseUseExplosion.rb:20:2555:20:2560 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | self | UseUseExplosion.rb:20:1526:20:1530 | self |
+| UseUseExplosion.rb:20:1505:20:1509 | self | UseUseExplosion.rb:20:2555:20:2560 | self |
+| UseUseExplosion.rb:20:1505:20:1514 | ... > ... | UseUseExplosion.rb:20:1504:20:1515 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1505:20:1514 | ... > ... | UseUseExplosion.rb:20:1504:20:1515 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1513:20:1514 | 29 | UseUseExplosion.rb:20:1505:20:1514 | ... > ... |
+| UseUseExplosion.rb:20:1517:20:2548 | then ... | UseUseExplosion.rb:20:1501:20:2564 | if ... |
+| UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(self) | UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(x) | UseUseExplosion.rb:20:1501:20:2564 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1522:20:2548 | if ... | UseUseExplosion.rb:20:1517:20:2548 | then ... |
+| UseUseExplosion.rb:20:1526:20:1530 | @prop | UseUseExplosion.rb:20:1526:20:1535 | ... > ... |
+| UseUseExplosion.rb:20:1526:20:1530 | [post] self | UseUseExplosion.rb:20:1547:20:1551 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | [post] self | UseUseExplosion.rb:20:2539:20:2544 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | self | UseUseExplosion.rb:20:1547:20:1551 | self |
+| UseUseExplosion.rb:20:1526:20:1530 | self | UseUseExplosion.rb:20:2539:20:2544 | self |
+| UseUseExplosion.rb:20:1526:20:1535 | ... > ... | UseUseExplosion.rb:20:1525:20:1536 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1526:20:1535 | ... > ... | UseUseExplosion.rb:20:1525:20:1536 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1534:20:1535 | 28 | UseUseExplosion.rb:20:1526:20:1535 | ... > ... |
+| UseUseExplosion.rb:20:1538:20:2532 | then ... | UseUseExplosion.rb:20:1522:20:2548 | if ... |
+| UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(self) | UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(x) | UseUseExplosion.rb:20:1522:20:2548 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1543:20:2532 | if ... | UseUseExplosion.rb:20:1538:20:2532 | then ... |
+| UseUseExplosion.rb:20:1547:20:1551 | @prop | UseUseExplosion.rb:20:1547:20:1556 | ... > ... |
+| UseUseExplosion.rb:20:1547:20:1551 | [post] self | UseUseExplosion.rb:20:1568:20:1572 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | [post] self | UseUseExplosion.rb:20:2523:20:2528 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | self | UseUseExplosion.rb:20:1568:20:1572 | self |
+| UseUseExplosion.rb:20:1547:20:1551 | self | UseUseExplosion.rb:20:2523:20:2528 | self |
+| UseUseExplosion.rb:20:1547:20:1556 | ... > ... | UseUseExplosion.rb:20:1546:20:1557 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1547:20:1556 | ... > ... | UseUseExplosion.rb:20:1546:20:1557 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1555:20:1556 | 27 | UseUseExplosion.rb:20:1547:20:1556 | ... > ... |
+| UseUseExplosion.rb:20:1559:20:2516 | then ... | UseUseExplosion.rb:20:1543:20:2532 | if ... |
+| UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(self) | UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(x) | UseUseExplosion.rb:20:1543:20:2532 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1564:20:2516 | if ... | UseUseExplosion.rb:20:1559:20:2516 | then ... |
+| UseUseExplosion.rb:20:1568:20:1572 | @prop | UseUseExplosion.rb:20:1568:20:1577 | ... > ... |
+| UseUseExplosion.rb:20:1568:20:1572 | [post] self | UseUseExplosion.rb:20:1589:20:1593 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | [post] self | UseUseExplosion.rb:20:2507:20:2512 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | self | UseUseExplosion.rb:20:1589:20:1593 | self |
+| UseUseExplosion.rb:20:1568:20:1572 | self | UseUseExplosion.rb:20:2507:20:2512 | self |
+| UseUseExplosion.rb:20:1568:20:1577 | ... > ... | UseUseExplosion.rb:20:1567:20:1578 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1568:20:1577 | ... > ... | UseUseExplosion.rb:20:1567:20:1578 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1576:20:1577 | 26 | UseUseExplosion.rb:20:1568:20:1577 | ... > ... |
+| UseUseExplosion.rb:20:1580:20:2500 | then ... | UseUseExplosion.rb:20:1564:20:2516 | if ... |
+| UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(self) | UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(x) | UseUseExplosion.rb:20:1564:20:2516 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1585:20:2500 | if ... | UseUseExplosion.rb:20:1580:20:2500 | then ... |
+| UseUseExplosion.rb:20:1589:20:1593 | @prop | UseUseExplosion.rb:20:1589:20:1598 | ... > ... |
+| UseUseExplosion.rb:20:1589:20:1593 | [post] self | UseUseExplosion.rb:20:1610:20:1614 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | [post] self | UseUseExplosion.rb:20:2491:20:2496 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | self | UseUseExplosion.rb:20:1610:20:1614 | self |
+| UseUseExplosion.rb:20:1589:20:1593 | self | UseUseExplosion.rb:20:2491:20:2496 | self |
+| UseUseExplosion.rb:20:1589:20:1598 | ... > ... | UseUseExplosion.rb:20:1588:20:1599 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1589:20:1598 | ... > ... | UseUseExplosion.rb:20:1588:20:1599 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1597:20:1598 | 25 | UseUseExplosion.rb:20:1589:20:1598 | ... > ... |
+| UseUseExplosion.rb:20:1601:20:2484 | then ... | UseUseExplosion.rb:20:1585:20:2500 | if ... |
+| UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(self) | UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(x) | UseUseExplosion.rb:20:1585:20:2500 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1606:20:2484 | if ... | UseUseExplosion.rb:20:1601:20:2484 | then ... |
+| UseUseExplosion.rb:20:1610:20:1614 | @prop | UseUseExplosion.rb:20:1610:20:1619 | ... > ... |
+| UseUseExplosion.rb:20:1610:20:1614 | [post] self | UseUseExplosion.rb:20:1631:20:1635 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | [post] self | UseUseExplosion.rb:20:2475:20:2480 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | self | UseUseExplosion.rb:20:1631:20:1635 | self |
+| UseUseExplosion.rb:20:1610:20:1614 | self | UseUseExplosion.rb:20:2475:20:2480 | self |
+| UseUseExplosion.rb:20:1610:20:1619 | ... > ... | UseUseExplosion.rb:20:1609:20:1620 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1610:20:1619 | ... > ... | UseUseExplosion.rb:20:1609:20:1620 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1618:20:1619 | 24 | UseUseExplosion.rb:20:1610:20:1619 | ... > ... |
+| UseUseExplosion.rb:20:1622:20:2468 | then ... | UseUseExplosion.rb:20:1606:20:2484 | if ... |
+| UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(self) | UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(x) | UseUseExplosion.rb:20:1606:20:2484 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1627:20:2468 | if ... | UseUseExplosion.rb:20:1622:20:2468 | then ... |
+| UseUseExplosion.rb:20:1631:20:1635 | @prop | UseUseExplosion.rb:20:1631:20:1640 | ... > ... |
+| UseUseExplosion.rb:20:1631:20:1635 | [post] self | UseUseExplosion.rb:20:1652:20:1656 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | [post] self | UseUseExplosion.rb:20:2459:20:2464 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | self | UseUseExplosion.rb:20:1652:20:1656 | self |
+| UseUseExplosion.rb:20:1631:20:1635 | self | UseUseExplosion.rb:20:2459:20:2464 | self |
+| UseUseExplosion.rb:20:1631:20:1640 | ... > ... | UseUseExplosion.rb:20:1630:20:1641 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1631:20:1640 | ... > ... | UseUseExplosion.rb:20:1630:20:1641 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1639:20:1640 | 23 | UseUseExplosion.rb:20:1631:20:1640 | ... > ... |
+| UseUseExplosion.rb:20:1643:20:2452 | then ... | UseUseExplosion.rb:20:1627:20:2468 | if ... |
+| UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(self) | UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(x) | UseUseExplosion.rb:20:1627:20:2468 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1648:20:2452 | if ... | UseUseExplosion.rb:20:1643:20:2452 | then ... |
+| UseUseExplosion.rb:20:1652:20:1656 | @prop | UseUseExplosion.rb:20:1652:20:1661 | ... > ... |
+| UseUseExplosion.rb:20:1652:20:1656 | [post] self | UseUseExplosion.rb:20:1673:20:1677 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | [post] self | UseUseExplosion.rb:20:2443:20:2448 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | self | UseUseExplosion.rb:20:1673:20:1677 | self |
+| UseUseExplosion.rb:20:1652:20:1656 | self | UseUseExplosion.rb:20:2443:20:2448 | self |
+| UseUseExplosion.rb:20:1652:20:1661 | ... > ... | UseUseExplosion.rb:20:1651:20:1662 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1652:20:1661 | ... > ... | UseUseExplosion.rb:20:1651:20:1662 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1660:20:1661 | 22 | UseUseExplosion.rb:20:1652:20:1661 | ... > ... |
+| UseUseExplosion.rb:20:1664:20:2436 | then ... | UseUseExplosion.rb:20:1648:20:2452 | if ... |
+| UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(self) | UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(x) | UseUseExplosion.rb:20:1648:20:2452 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1669:20:2436 | if ... | UseUseExplosion.rb:20:1664:20:2436 | then ... |
+| UseUseExplosion.rb:20:1673:20:1677 | @prop | UseUseExplosion.rb:20:1673:20:1682 | ... > ... |
+| UseUseExplosion.rb:20:1673:20:1677 | [post] self | UseUseExplosion.rb:20:1694:20:1698 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | [post] self | UseUseExplosion.rb:20:2427:20:2432 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | self | UseUseExplosion.rb:20:1694:20:1698 | self |
+| UseUseExplosion.rb:20:1673:20:1677 | self | UseUseExplosion.rb:20:2427:20:2432 | self |
+| UseUseExplosion.rb:20:1673:20:1682 | ... > ... | UseUseExplosion.rb:20:1672:20:1683 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1673:20:1682 | ... > ... | UseUseExplosion.rb:20:1672:20:1683 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1681:20:1682 | 21 | UseUseExplosion.rb:20:1673:20:1682 | ... > ... |
+| UseUseExplosion.rb:20:1685:20:2420 | then ... | UseUseExplosion.rb:20:1669:20:2436 | if ... |
+| UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(self) | UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(x) | UseUseExplosion.rb:20:1669:20:2436 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1690:20:2420 | if ... | UseUseExplosion.rb:20:1685:20:2420 | then ... |
+| UseUseExplosion.rb:20:1694:20:1698 | @prop | UseUseExplosion.rb:20:1694:20:1703 | ... > ... |
+| UseUseExplosion.rb:20:1694:20:1698 | [post] self | UseUseExplosion.rb:20:1715:20:1719 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | [post] self | UseUseExplosion.rb:20:2411:20:2416 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | self | UseUseExplosion.rb:20:1715:20:1719 | self |
+| UseUseExplosion.rb:20:1694:20:1698 | self | UseUseExplosion.rb:20:2411:20:2416 | self |
+| UseUseExplosion.rb:20:1694:20:1703 | ... > ... | UseUseExplosion.rb:20:1693:20:1704 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1694:20:1703 | ... > ... | UseUseExplosion.rb:20:1693:20:1704 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1702:20:1703 | 20 | UseUseExplosion.rb:20:1694:20:1703 | ... > ... |
+| UseUseExplosion.rb:20:1706:20:2404 | then ... | UseUseExplosion.rb:20:1690:20:2420 | if ... |
+| UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(self) | UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(x) | UseUseExplosion.rb:20:1690:20:2420 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1711:20:2404 | if ... | UseUseExplosion.rb:20:1706:20:2404 | then ... |
+| UseUseExplosion.rb:20:1715:20:1719 | @prop | UseUseExplosion.rb:20:1715:20:1724 | ... > ... |
+| UseUseExplosion.rb:20:1715:20:1719 | [post] self | UseUseExplosion.rb:20:1736:20:1740 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | [post] self | UseUseExplosion.rb:20:2395:20:2400 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | self | UseUseExplosion.rb:20:1736:20:1740 | self |
+| UseUseExplosion.rb:20:1715:20:1719 | self | UseUseExplosion.rb:20:2395:20:2400 | self |
+| UseUseExplosion.rb:20:1715:20:1724 | ... > ... | UseUseExplosion.rb:20:1714:20:1725 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1715:20:1724 | ... > ... | UseUseExplosion.rb:20:1714:20:1725 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1723:20:1724 | 19 | UseUseExplosion.rb:20:1715:20:1724 | ... > ... |
+| UseUseExplosion.rb:20:1727:20:2388 | then ... | UseUseExplosion.rb:20:1711:20:2404 | if ... |
+| UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(self) | UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(x) | UseUseExplosion.rb:20:1711:20:2404 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1732:20:2388 | if ... | UseUseExplosion.rb:20:1727:20:2388 | then ... |
+| UseUseExplosion.rb:20:1736:20:1740 | @prop | UseUseExplosion.rb:20:1736:20:1745 | ... > ... |
+| UseUseExplosion.rb:20:1736:20:1740 | [post] self | UseUseExplosion.rb:20:1757:20:1761 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | [post] self | UseUseExplosion.rb:20:2379:20:2384 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | self | UseUseExplosion.rb:20:1757:20:1761 | self |
+| UseUseExplosion.rb:20:1736:20:1740 | self | UseUseExplosion.rb:20:2379:20:2384 | self |
+| UseUseExplosion.rb:20:1736:20:1745 | ... > ... | UseUseExplosion.rb:20:1735:20:1746 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1736:20:1745 | ... > ... | UseUseExplosion.rb:20:1735:20:1746 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1744:20:1745 | 18 | UseUseExplosion.rb:20:1736:20:1745 | ... > ... |
+| UseUseExplosion.rb:20:1748:20:2372 | then ... | UseUseExplosion.rb:20:1732:20:2388 | if ... |
+| UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(self) | UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(x) | UseUseExplosion.rb:20:1732:20:2388 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1753:20:2372 | if ... | UseUseExplosion.rb:20:1748:20:2372 | then ... |
+| UseUseExplosion.rb:20:1757:20:1761 | @prop | UseUseExplosion.rb:20:1757:20:1766 | ... > ... |
+| UseUseExplosion.rb:20:1757:20:1761 | [post] self | UseUseExplosion.rb:20:1778:20:1782 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | [post] self | UseUseExplosion.rb:20:2363:20:2368 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | self | UseUseExplosion.rb:20:1778:20:1782 | self |
+| UseUseExplosion.rb:20:1757:20:1761 | self | UseUseExplosion.rb:20:2363:20:2368 | self |
+| UseUseExplosion.rb:20:1757:20:1766 | ... > ... | UseUseExplosion.rb:20:1756:20:1767 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1757:20:1766 | ... > ... | UseUseExplosion.rb:20:1756:20:1767 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1765:20:1766 | 17 | UseUseExplosion.rb:20:1757:20:1766 | ... > ... |
+| UseUseExplosion.rb:20:1769:20:2356 | then ... | UseUseExplosion.rb:20:1753:20:2372 | if ... |
+| UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(self) | UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(x) | UseUseExplosion.rb:20:1753:20:2372 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1774:20:2356 | if ... | UseUseExplosion.rb:20:1769:20:2356 | then ... |
+| UseUseExplosion.rb:20:1778:20:1782 | @prop | UseUseExplosion.rb:20:1778:20:1787 | ... > ... |
+| UseUseExplosion.rb:20:1778:20:1782 | [post] self | UseUseExplosion.rb:20:1799:20:1803 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | [post] self | UseUseExplosion.rb:20:2347:20:2352 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | self | UseUseExplosion.rb:20:1799:20:1803 | self |
+| UseUseExplosion.rb:20:1778:20:1782 | self | UseUseExplosion.rb:20:2347:20:2352 | self |
+| UseUseExplosion.rb:20:1778:20:1787 | ... > ... | UseUseExplosion.rb:20:1777:20:1788 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1778:20:1787 | ... > ... | UseUseExplosion.rb:20:1777:20:1788 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1786:20:1787 | 16 | UseUseExplosion.rb:20:1778:20:1787 | ... > ... |
+| UseUseExplosion.rb:20:1790:20:2340 | then ... | UseUseExplosion.rb:20:1774:20:2356 | if ... |
+| UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(self) | UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(x) | UseUseExplosion.rb:20:1774:20:2356 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1795:20:2340 | if ... | UseUseExplosion.rb:20:1790:20:2340 | then ... |
+| UseUseExplosion.rb:20:1799:20:1803 | @prop | UseUseExplosion.rb:20:1799:20:1808 | ... > ... |
+| UseUseExplosion.rb:20:1799:20:1803 | [post] self | UseUseExplosion.rb:20:1820:20:1824 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | [post] self | UseUseExplosion.rb:20:2331:20:2336 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | self | UseUseExplosion.rb:20:1820:20:1824 | self |
+| UseUseExplosion.rb:20:1799:20:1803 | self | UseUseExplosion.rb:20:2331:20:2336 | self |
+| UseUseExplosion.rb:20:1799:20:1808 | ... > ... | UseUseExplosion.rb:20:1798:20:1809 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1799:20:1808 | ... > ... | UseUseExplosion.rb:20:1798:20:1809 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1807:20:1808 | 15 | UseUseExplosion.rb:20:1799:20:1808 | ... > ... |
+| UseUseExplosion.rb:20:1811:20:2324 | then ... | UseUseExplosion.rb:20:1795:20:2340 | if ... |
+| UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(self) | UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(x) | UseUseExplosion.rb:20:1795:20:2340 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1816:20:2324 | if ... | UseUseExplosion.rb:20:1811:20:2324 | then ... |
+| UseUseExplosion.rb:20:1820:20:1824 | @prop | UseUseExplosion.rb:20:1820:20:1829 | ... > ... |
+| UseUseExplosion.rb:20:1820:20:1824 | [post] self | UseUseExplosion.rb:20:1841:20:1845 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | [post] self | UseUseExplosion.rb:20:2315:20:2320 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | self | UseUseExplosion.rb:20:1841:20:1845 | self |
+| UseUseExplosion.rb:20:1820:20:1824 | self | UseUseExplosion.rb:20:2315:20:2320 | self |
+| UseUseExplosion.rb:20:1820:20:1829 | ... > ... | UseUseExplosion.rb:20:1819:20:1830 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1820:20:1829 | ... > ... | UseUseExplosion.rb:20:1819:20:1830 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1828:20:1829 | 14 | UseUseExplosion.rb:20:1820:20:1829 | ... > ... |
+| UseUseExplosion.rb:20:1832:20:2308 | then ... | UseUseExplosion.rb:20:1816:20:2324 | if ... |
+| UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(self) | UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(x) | UseUseExplosion.rb:20:1816:20:2324 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1837:20:2308 | if ... | UseUseExplosion.rb:20:1832:20:2308 | then ... |
+| UseUseExplosion.rb:20:1841:20:1845 | @prop | UseUseExplosion.rb:20:1841:20:1850 | ... > ... |
+| UseUseExplosion.rb:20:1841:20:1845 | [post] self | UseUseExplosion.rb:20:1862:20:1866 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | [post] self | UseUseExplosion.rb:20:2299:20:2304 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | self | UseUseExplosion.rb:20:1862:20:1866 | self |
+| UseUseExplosion.rb:20:1841:20:1845 | self | UseUseExplosion.rb:20:2299:20:2304 | self |
+| UseUseExplosion.rb:20:1841:20:1850 | ... > ... | UseUseExplosion.rb:20:1840:20:1851 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1841:20:1850 | ... > ... | UseUseExplosion.rb:20:1840:20:1851 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1849:20:1850 | 13 | UseUseExplosion.rb:20:1841:20:1850 | ... > ... |
+| UseUseExplosion.rb:20:1853:20:2292 | then ... | UseUseExplosion.rb:20:1837:20:2308 | if ... |
+| UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(self) | UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(x) | UseUseExplosion.rb:20:1837:20:2308 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1858:20:2292 | if ... | UseUseExplosion.rb:20:1853:20:2292 | then ... |
+| UseUseExplosion.rb:20:1862:20:1866 | @prop | UseUseExplosion.rb:20:1862:20:1871 | ... > ... |
+| UseUseExplosion.rb:20:1862:20:1866 | [post] self | UseUseExplosion.rb:20:1883:20:1887 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | [post] self | UseUseExplosion.rb:20:2283:20:2288 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | self | UseUseExplosion.rb:20:1883:20:1887 | self |
+| UseUseExplosion.rb:20:1862:20:1866 | self | UseUseExplosion.rb:20:2283:20:2288 | self |
+| UseUseExplosion.rb:20:1862:20:1871 | ... > ... | UseUseExplosion.rb:20:1861:20:1872 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1862:20:1871 | ... > ... | UseUseExplosion.rb:20:1861:20:1872 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1870:20:1871 | 12 | UseUseExplosion.rb:20:1862:20:1871 | ... > ... |
+| UseUseExplosion.rb:20:1874:20:2276 | then ... | UseUseExplosion.rb:20:1858:20:2292 | if ... |
+| UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(self) | UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(x) | UseUseExplosion.rb:20:1858:20:2292 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1879:20:2276 | if ... | UseUseExplosion.rb:20:1874:20:2276 | then ... |
+| UseUseExplosion.rb:20:1883:20:1887 | @prop | UseUseExplosion.rb:20:1883:20:1892 | ... > ... |
+| UseUseExplosion.rb:20:1883:20:1887 | [post] self | UseUseExplosion.rb:20:1904:20:1908 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | [post] self | UseUseExplosion.rb:20:2267:20:2272 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | self | UseUseExplosion.rb:20:1904:20:1908 | self |
+| UseUseExplosion.rb:20:1883:20:1887 | self | UseUseExplosion.rb:20:2267:20:2272 | self |
+| UseUseExplosion.rb:20:1883:20:1892 | ... > ... | UseUseExplosion.rb:20:1882:20:1893 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1883:20:1892 | ... > ... | UseUseExplosion.rb:20:1882:20:1893 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1891:20:1892 | 11 | UseUseExplosion.rb:20:1883:20:1892 | ... > ... |
+| UseUseExplosion.rb:20:1895:20:2260 | then ... | UseUseExplosion.rb:20:1879:20:2276 | if ... |
+| UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(self) | UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(x) | UseUseExplosion.rb:20:1879:20:2276 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1900:20:2260 | if ... | UseUseExplosion.rb:20:1895:20:2260 | then ... |
+| UseUseExplosion.rb:20:1904:20:1908 | @prop | UseUseExplosion.rb:20:1904:20:1913 | ... > ... |
+| UseUseExplosion.rb:20:1904:20:1908 | [post] self | UseUseExplosion.rb:20:1925:20:1929 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | [post] self | UseUseExplosion.rb:20:2251:20:2256 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | self | UseUseExplosion.rb:20:1925:20:1929 | self |
+| UseUseExplosion.rb:20:1904:20:1908 | self | UseUseExplosion.rb:20:2251:20:2256 | self |
+| UseUseExplosion.rb:20:1904:20:1913 | ... > ... | UseUseExplosion.rb:20:1903:20:1914 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1904:20:1913 | ... > ... | UseUseExplosion.rb:20:1903:20:1914 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1912:20:1913 | 10 | UseUseExplosion.rb:20:1904:20:1913 | ... > ... |
+| UseUseExplosion.rb:20:1916:20:2244 | then ... | UseUseExplosion.rb:20:1900:20:2260 | if ... |
+| UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(self) | UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(x) | UseUseExplosion.rb:20:1900:20:2260 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1921:20:2244 | if ... | UseUseExplosion.rb:20:1916:20:2244 | then ... |
+| UseUseExplosion.rb:20:1925:20:1929 | @prop | UseUseExplosion.rb:20:1925:20:1933 | ... > ... |
+| UseUseExplosion.rb:20:1925:20:1929 | [post] self | UseUseExplosion.rb:20:1945:20:1949 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | [post] self | UseUseExplosion.rb:20:2235:20:2240 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | self | UseUseExplosion.rb:20:1945:20:1949 | self |
+| UseUseExplosion.rb:20:1925:20:1929 | self | UseUseExplosion.rb:20:2235:20:2240 | self |
+| UseUseExplosion.rb:20:1925:20:1933 | ... > ... | UseUseExplosion.rb:20:1924:20:1934 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1925:20:1933 | ... > ... | UseUseExplosion.rb:20:1924:20:1934 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1933:20:1933 | 9 | UseUseExplosion.rb:20:1925:20:1933 | ... > ... |
+| UseUseExplosion.rb:20:1936:20:2228 | then ... | UseUseExplosion.rb:20:1921:20:2244 | if ... |
+| UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(self) | UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(x) | UseUseExplosion.rb:20:1921:20:2244 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1941:20:2228 | if ... | UseUseExplosion.rb:20:1936:20:2228 | then ... |
+| UseUseExplosion.rb:20:1945:20:1949 | @prop | UseUseExplosion.rb:20:1945:20:1953 | ... > ... |
+| UseUseExplosion.rb:20:1945:20:1949 | [post] self | UseUseExplosion.rb:20:1965:20:1969 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | [post] self | UseUseExplosion.rb:20:2219:20:2224 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | self | UseUseExplosion.rb:20:1965:20:1969 | self |
+| UseUseExplosion.rb:20:1945:20:1949 | self | UseUseExplosion.rb:20:2219:20:2224 | self |
+| UseUseExplosion.rb:20:1945:20:1953 | ... > ... | UseUseExplosion.rb:20:1944:20:1954 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1945:20:1953 | ... > ... | UseUseExplosion.rb:20:1944:20:1954 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1953:20:1953 | 8 | UseUseExplosion.rb:20:1945:20:1953 | ... > ... |
+| UseUseExplosion.rb:20:1956:20:2212 | then ... | UseUseExplosion.rb:20:1941:20:2228 | if ... |
+| UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(self) | UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(x) | UseUseExplosion.rb:20:1941:20:2228 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1961:20:2212 | if ... | UseUseExplosion.rb:20:1956:20:2212 | then ... |
+| UseUseExplosion.rb:20:1965:20:1969 | @prop | UseUseExplosion.rb:20:1965:20:1973 | ... > ... |
+| UseUseExplosion.rb:20:1965:20:1969 | [post] self | UseUseExplosion.rb:20:1985:20:1989 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | [post] self | UseUseExplosion.rb:20:2203:20:2208 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | self | UseUseExplosion.rb:20:1985:20:1989 | self |
+| UseUseExplosion.rb:20:1965:20:1969 | self | UseUseExplosion.rb:20:2203:20:2208 | self |
+| UseUseExplosion.rb:20:1965:20:1973 | ... > ... | UseUseExplosion.rb:20:1964:20:1974 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1965:20:1973 | ... > ... | UseUseExplosion.rb:20:1964:20:1974 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1973:20:1973 | 7 | UseUseExplosion.rb:20:1965:20:1973 | ... > ... |
+| UseUseExplosion.rb:20:1976:20:2196 | then ... | UseUseExplosion.rb:20:1961:20:2212 | if ... |
+| UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(self) | UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(self) |
+| UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(x) | UseUseExplosion.rb:20:1961:20:2212 | SSA phi read(x) |
+| UseUseExplosion.rb:20:1981:20:2196 | if ... | UseUseExplosion.rb:20:1976:20:2196 | then ... |
+| UseUseExplosion.rb:20:1985:20:1989 | @prop | UseUseExplosion.rb:20:1985:20:1993 | ... > ... |
+| UseUseExplosion.rb:20:1985:20:1989 | [post] self | UseUseExplosion.rb:20:2005:20:2009 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | [post] self | UseUseExplosion.rb:20:2187:20:2192 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | self | UseUseExplosion.rb:20:2005:20:2009 | self |
+| UseUseExplosion.rb:20:1985:20:1989 | self | UseUseExplosion.rb:20:2187:20:2192 | self |
+| UseUseExplosion.rb:20:1985:20:1993 | ... > ... | UseUseExplosion.rb:20:1984:20:1994 | [false] ( ... ) |
+| UseUseExplosion.rb:20:1985:20:1993 | ... > ... | UseUseExplosion.rb:20:1984:20:1994 | [true] ( ... ) |
+| UseUseExplosion.rb:20:1993:20:1993 | 6 | UseUseExplosion.rb:20:1985:20:1993 | ... > ... |
+| UseUseExplosion.rb:20:1996:20:2180 | then ... | UseUseExplosion.rb:20:1981:20:2196 | if ... |
+| UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(self) | UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(x) | UseUseExplosion.rb:20:1981:20:2196 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2001:20:2180 | if ... | UseUseExplosion.rb:20:1996:20:2180 | then ... |
+| UseUseExplosion.rb:20:2005:20:2009 | @prop | UseUseExplosion.rb:20:2005:20:2013 | ... > ... |
+| UseUseExplosion.rb:20:2005:20:2009 | [post] self | UseUseExplosion.rb:20:2025:20:2029 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | [post] self | UseUseExplosion.rb:20:2171:20:2176 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | self | UseUseExplosion.rb:20:2025:20:2029 | self |
+| UseUseExplosion.rb:20:2005:20:2009 | self | UseUseExplosion.rb:20:2171:20:2176 | self |
+| UseUseExplosion.rb:20:2005:20:2013 | ... > ... | UseUseExplosion.rb:20:2004:20:2014 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2005:20:2013 | ... > ... | UseUseExplosion.rb:20:2004:20:2014 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2013:20:2013 | 5 | UseUseExplosion.rb:20:2005:20:2013 | ... > ... |
+| UseUseExplosion.rb:20:2016:20:2164 | then ... | UseUseExplosion.rb:20:2001:20:2180 | if ... |
+| UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(self) | UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(x) | UseUseExplosion.rb:20:2001:20:2180 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2021:20:2164 | if ... | UseUseExplosion.rb:20:2016:20:2164 | then ... |
+| UseUseExplosion.rb:20:2025:20:2029 | @prop | UseUseExplosion.rb:20:2025:20:2033 | ... > ... |
+| UseUseExplosion.rb:20:2025:20:2029 | [post] self | UseUseExplosion.rb:20:2045:20:2049 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | [post] self | UseUseExplosion.rb:20:2155:20:2160 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | self | UseUseExplosion.rb:20:2045:20:2049 | self |
+| UseUseExplosion.rb:20:2025:20:2029 | self | UseUseExplosion.rb:20:2155:20:2160 | self |
+| UseUseExplosion.rb:20:2025:20:2033 | ... > ... | UseUseExplosion.rb:20:2024:20:2034 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2025:20:2033 | ... > ... | UseUseExplosion.rb:20:2024:20:2034 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2033:20:2033 | 4 | UseUseExplosion.rb:20:2025:20:2033 | ... > ... |
+| UseUseExplosion.rb:20:2036:20:2148 | then ... | UseUseExplosion.rb:20:2021:20:2164 | if ... |
+| UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(self) | UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(x) | UseUseExplosion.rb:20:2021:20:2164 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2041:20:2148 | if ... | UseUseExplosion.rb:20:2036:20:2148 | then ... |
+| UseUseExplosion.rb:20:2045:20:2049 | @prop | UseUseExplosion.rb:20:2045:20:2053 | ... > ... |
+| UseUseExplosion.rb:20:2045:20:2049 | [post] self | UseUseExplosion.rb:20:2065:20:2069 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | [post] self | UseUseExplosion.rb:20:2139:20:2144 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | self | UseUseExplosion.rb:20:2065:20:2069 | self |
+| UseUseExplosion.rb:20:2045:20:2049 | self | UseUseExplosion.rb:20:2139:20:2144 | self |
+| UseUseExplosion.rb:20:2045:20:2053 | ... > ... | UseUseExplosion.rb:20:2044:20:2054 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2045:20:2053 | ... > ... | UseUseExplosion.rb:20:2044:20:2054 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2053:20:2053 | 3 | UseUseExplosion.rb:20:2045:20:2053 | ... > ... |
+| UseUseExplosion.rb:20:2056:20:2132 | then ... | UseUseExplosion.rb:20:2041:20:2148 | if ... |
+| UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(self) | UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(x) | UseUseExplosion.rb:20:2041:20:2148 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2061:20:2132 | if ... | UseUseExplosion.rb:20:2056:20:2132 | then ... |
+| UseUseExplosion.rb:20:2065:20:2069 | @prop | UseUseExplosion.rb:20:2065:20:2073 | ... > ... |
+| UseUseExplosion.rb:20:2065:20:2069 | [post] self | UseUseExplosion.rb:20:2085:20:2089 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | [post] self | UseUseExplosion.rb:20:2123:20:2128 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | self | UseUseExplosion.rb:20:2085:20:2089 | self |
+| UseUseExplosion.rb:20:2065:20:2069 | self | UseUseExplosion.rb:20:2123:20:2128 | self |
+| UseUseExplosion.rb:20:2065:20:2073 | ... > ... | UseUseExplosion.rb:20:2064:20:2074 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2065:20:2073 | ... > ... | UseUseExplosion.rb:20:2064:20:2074 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2073:20:2073 | 2 | UseUseExplosion.rb:20:2065:20:2073 | ... > ... |
+| UseUseExplosion.rb:20:2076:20:2116 | then ... | UseUseExplosion.rb:20:2061:20:2132 | if ... |
+| UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(self) | UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(self) |
+| UseUseExplosion.rb:20:2081:20:2116 | SSA phi read(x) | UseUseExplosion.rb:20:2061:20:2132 | SSA phi read(x) |
+| UseUseExplosion.rb:20:2081:20:2116 | if ... | UseUseExplosion.rb:20:2076:20:2116 | then ... |
+| UseUseExplosion.rb:20:2085:20:2089 | @prop | UseUseExplosion.rb:20:2085:20:2093 | ... > ... |
+| UseUseExplosion.rb:20:2085:20:2089 | [post] self | UseUseExplosion.rb:20:2107:20:2112 | self |
+| UseUseExplosion.rb:20:2085:20:2089 | self | UseUseExplosion.rb:20:2107:20:2112 | self |
+| UseUseExplosion.rb:20:2085:20:2093 | ... > ... | UseUseExplosion.rb:20:2084:20:2094 | [false] ( ... ) |
+| UseUseExplosion.rb:20:2085:20:2093 | ... > ... | UseUseExplosion.rb:20:2084:20:2094 | [true] ( ... ) |
+| UseUseExplosion.rb:20:2093:20:2093 | 1 | UseUseExplosion.rb:20:2085:20:2093 | ... > ... |
+| UseUseExplosion.rb:20:2096:20:2099 | then ... | UseUseExplosion.rb:20:2081:20:2116 | if ... |
+| UseUseExplosion.rb:20:2102:20:2112 | else ... | UseUseExplosion.rb:20:2081:20:2116 | if ... |
+| UseUseExplosion.rb:20:2107:20:2112 | call to use | UseUseExplosion.rb:20:2102:20:2112 | else ... |
+| UseUseExplosion.rb:20:2118:20:2128 | else ... | UseUseExplosion.rb:20:2061:20:2132 | if ... |
+| UseUseExplosion.rb:20:2123:20:2128 | call to use | UseUseExplosion.rb:20:2118:20:2128 | else ... |
+| UseUseExplosion.rb:20:2134:20:2144 | else ... | UseUseExplosion.rb:20:2041:20:2148 | if ... |
+| UseUseExplosion.rb:20:2139:20:2144 | call to use | UseUseExplosion.rb:20:2134:20:2144 | else ... |
+| UseUseExplosion.rb:20:2150:20:2160 | else ... | UseUseExplosion.rb:20:2021:20:2164 | if ... |
+| UseUseExplosion.rb:20:2155:20:2160 | call to use | UseUseExplosion.rb:20:2150:20:2160 | else ... |
+| UseUseExplosion.rb:20:2166:20:2176 | else ... | UseUseExplosion.rb:20:2001:20:2180 | if ... |
+| UseUseExplosion.rb:20:2171:20:2176 | call to use | UseUseExplosion.rb:20:2166:20:2176 | else ... |
+| UseUseExplosion.rb:20:2182:20:2192 | else ... | UseUseExplosion.rb:20:1981:20:2196 | if ... |
+| UseUseExplosion.rb:20:2187:20:2192 | call to use | UseUseExplosion.rb:20:2182:20:2192 | else ... |
+| UseUseExplosion.rb:20:2198:20:2208 | else ... | UseUseExplosion.rb:20:1961:20:2212 | if ... |
+| UseUseExplosion.rb:20:2203:20:2208 | call to use | UseUseExplosion.rb:20:2198:20:2208 | else ... |
+| UseUseExplosion.rb:20:2214:20:2224 | else ... | UseUseExplosion.rb:20:1941:20:2228 | if ... |
+| UseUseExplosion.rb:20:2219:20:2224 | call to use | UseUseExplosion.rb:20:2214:20:2224 | else ... |
+| UseUseExplosion.rb:20:2230:20:2240 | else ... | UseUseExplosion.rb:20:1921:20:2244 | if ... |
+| UseUseExplosion.rb:20:2235:20:2240 | call to use | UseUseExplosion.rb:20:2230:20:2240 | else ... |
+| UseUseExplosion.rb:20:2246:20:2256 | else ... | UseUseExplosion.rb:20:1900:20:2260 | if ... |
+| UseUseExplosion.rb:20:2251:20:2256 | call to use | UseUseExplosion.rb:20:2246:20:2256 | else ... |
+| UseUseExplosion.rb:20:2262:20:2272 | else ... | UseUseExplosion.rb:20:1879:20:2276 | if ... |
+| UseUseExplosion.rb:20:2267:20:2272 | call to use | UseUseExplosion.rb:20:2262:20:2272 | else ... |
+| UseUseExplosion.rb:20:2278:20:2288 | else ... | UseUseExplosion.rb:20:1858:20:2292 | if ... |
+| UseUseExplosion.rb:20:2283:20:2288 | call to use | UseUseExplosion.rb:20:2278:20:2288 | else ... |
+| UseUseExplosion.rb:20:2294:20:2304 | else ... | UseUseExplosion.rb:20:1837:20:2308 | if ... |
+| UseUseExplosion.rb:20:2299:20:2304 | call to use | UseUseExplosion.rb:20:2294:20:2304 | else ... |
+| UseUseExplosion.rb:20:2310:20:2320 | else ... | UseUseExplosion.rb:20:1816:20:2324 | if ... |
+| UseUseExplosion.rb:20:2315:20:2320 | call to use | UseUseExplosion.rb:20:2310:20:2320 | else ... |
+| UseUseExplosion.rb:20:2326:20:2336 | else ... | UseUseExplosion.rb:20:1795:20:2340 | if ... |
+| UseUseExplosion.rb:20:2331:20:2336 | call to use | UseUseExplosion.rb:20:2326:20:2336 | else ... |
+| UseUseExplosion.rb:20:2342:20:2352 | else ... | UseUseExplosion.rb:20:1774:20:2356 | if ... |
+| UseUseExplosion.rb:20:2347:20:2352 | call to use | UseUseExplosion.rb:20:2342:20:2352 | else ... |
+| UseUseExplosion.rb:20:2358:20:2368 | else ... | UseUseExplosion.rb:20:1753:20:2372 | if ... |
+| UseUseExplosion.rb:20:2363:20:2368 | call to use | UseUseExplosion.rb:20:2358:20:2368 | else ... |
+| UseUseExplosion.rb:20:2374:20:2384 | else ... | UseUseExplosion.rb:20:1732:20:2388 | if ... |
+| UseUseExplosion.rb:20:2379:20:2384 | call to use | UseUseExplosion.rb:20:2374:20:2384 | else ... |
+| UseUseExplosion.rb:20:2390:20:2400 | else ... | UseUseExplosion.rb:20:1711:20:2404 | if ... |
+| UseUseExplosion.rb:20:2395:20:2400 | call to use | UseUseExplosion.rb:20:2390:20:2400 | else ... |
+| UseUseExplosion.rb:20:2406:20:2416 | else ... | UseUseExplosion.rb:20:1690:20:2420 | if ... |
+| UseUseExplosion.rb:20:2411:20:2416 | call to use | UseUseExplosion.rb:20:2406:20:2416 | else ... |
+| UseUseExplosion.rb:20:2422:20:2432 | else ... | UseUseExplosion.rb:20:1669:20:2436 | if ... |
+| UseUseExplosion.rb:20:2427:20:2432 | call to use | UseUseExplosion.rb:20:2422:20:2432 | else ... |
+| UseUseExplosion.rb:20:2438:20:2448 | else ... | UseUseExplosion.rb:20:1648:20:2452 | if ... |
+| UseUseExplosion.rb:20:2443:20:2448 | call to use | UseUseExplosion.rb:20:2438:20:2448 | else ... |
+| UseUseExplosion.rb:20:2454:20:2464 | else ... | UseUseExplosion.rb:20:1627:20:2468 | if ... |
+| UseUseExplosion.rb:20:2459:20:2464 | call to use | UseUseExplosion.rb:20:2454:20:2464 | else ... |
+| UseUseExplosion.rb:20:2470:20:2480 | else ... | UseUseExplosion.rb:20:1606:20:2484 | if ... |
+| UseUseExplosion.rb:20:2475:20:2480 | call to use | UseUseExplosion.rb:20:2470:20:2480 | else ... |
+| UseUseExplosion.rb:20:2486:20:2496 | else ... | UseUseExplosion.rb:20:1585:20:2500 | if ... |
+| UseUseExplosion.rb:20:2491:20:2496 | call to use | UseUseExplosion.rb:20:2486:20:2496 | else ... |
+| UseUseExplosion.rb:20:2502:20:2512 | else ... | UseUseExplosion.rb:20:1564:20:2516 | if ... |
+| UseUseExplosion.rb:20:2507:20:2512 | call to use | UseUseExplosion.rb:20:2502:20:2512 | else ... |
+| UseUseExplosion.rb:20:2518:20:2528 | else ... | UseUseExplosion.rb:20:1543:20:2532 | if ... |
+| UseUseExplosion.rb:20:2523:20:2528 | call to use | UseUseExplosion.rb:20:2518:20:2528 | else ... |
+| UseUseExplosion.rb:20:2534:20:2544 | else ... | UseUseExplosion.rb:20:1522:20:2548 | if ... |
+| UseUseExplosion.rb:20:2539:20:2544 | call to use | UseUseExplosion.rb:20:2534:20:2544 | else ... |
+| UseUseExplosion.rb:20:2550:20:2560 | else ... | UseUseExplosion.rb:20:1501:20:2564 | if ... |
+| UseUseExplosion.rb:20:2555:20:2560 | call to use | UseUseExplosion.rb:20:2550:20:2560 | else ... |
+| UseUseExplosion.rb:20:2566:20:2576 | else ... | UseUseExplosion.rb:20:1480:20:2580 | if ... |
+| UseUseExplosion.rb:20:2571:20:2576 | call to use | UseUseExplosion.rb:20:2566:20:2576 | else ... |
+| UseUseExplosion.rb:20:2582:20:2592 | else ... | UseUseExplosion.rb:20:1459:20:2596 | if ... |
+| UseUseExplosion.rb:20:2587:20:2592 | call to use | UseUseExplosion.rb:20:2582:20:2592 | else ... |
+| UseUseExplosion.rb:20:2598:20:2608 | else ... | UseUseExplosion.rb:20:1438:20:2612 | if ... |
+| UseUseExplosion.rb:20:2603:20:2608 | call to use | UseUseExplosion.rb:20:2598:20:2608 | else ... |
+| UseUseExplosion.rb:20:2614:20:2624 | else ... | UseUseExplosion.rb:20:1417:20:2628 | if ... |
+| UseUseExplosion.rb:20:2619:20:2624 | call to use | UseUseExplosion.rb:20:2614:20:2624 | else ... |
+| UseUseExplosion.rb:20:2630:20:2640 | else ... | UseUseExplosion.rb:20:1396:20:2644 | if ... |
+| UseUseExplosion.rb:20:2635:20:2640 | call to use | UseUseExplosion.rb:20:2630:20:2640 | else ... |
+| UseUseExplosion.rb:20:2646:20:2656 | else ... | UseUseExplosion.rb:20:1375:20:2660 | if ... |
+| UseUseExplosion.rb:20:2651:20:2656 | call to use | UseUseExplosion.rb:20:2646:20:2656 | else ... |
+| UseUseExplosion.rb:20:2662:20:2672 | else ... | UseUseExplosion.rb:20:1354:20:2676 | if ... |
+| UseUseExplosion.rb:20:2667:20:2672 | call to use | UseUseExplosion.rb:20:2662:20:2672 | else ... |
+| UseUseExplosion.rb:20:2678:20:2688 | else ... | UseUseExplosion.rb:20:1333:20:2692 | if ... |
+| UseUseExplosion.rb:20:2683:20:2688 | call to use | UseUseExplosion.rb:20:2678:20:2688 | else ... |
+| UseUseExplosion.rb:20:2694:20:2704 | else ... | UseUseExplosion.rb:20:1312:20:2708 | if ... |
+| UseUseExplosion.rb:20:2699:20:2704 | call to use | UseUseExplosion.rb:20:2694:20:2704 | else ... |
+| UseUseExplosion.rb:20:2710:20:2720 | else ... | UseUseExplosion.rb:20:1291:20:2724 | if ... |
+| UseUseExplosion.rb:20:2715:20:2720 | call to use | UseUseExplosion.rb:20:2710:20:2720 | else ... |
+| UseUseExplosion.rb:20:2726:20:2736 | else ... | UseUseExplosion.rb:20:1270:20:2740 | if ... |
+| UseUseExplosion.rb:20:2731:20:2736 | call to use | UseUseExplosion.rb:20:2726:20:2736 | else ... |
+| UseUseExplosion.rb:20:2742:20:2752 | else ... | UseUseExplosion.rb:20:1249:20:2756 | if ... |
+| UseUseExplosion.rb:20:2747:20:2752 | call to use | UseUseExplosion.rb:20:2742:20:2752 | else ... |
+| UseUseExplosion.rb:20:2758:20:2768 | else ... | UseUseExplosion.rb:20:1228:20:2772 | if ... |
+| UseUseExplosion.rb:20:2763:20:2768 | call to use | UseUseExplosion.rb:20:2758:20:2768 | else ... |
+| UseUseExplosion.rb:20:2774:20:2784 | else ... | UseUseExplosion.rb:20:1207:20:2788 | if ... |
+| UseUseExplosion.rb:20:2779:20:2784 | call to use | UseUseExplosion.rb:20:2774:20:2784 | else ... |
+| UseUseExplosion.rb:20:2790:20:2800 | else ... | UseUseExplosion.rb:20:1186:20:2804 | if ... |
+| UseUseExplosion.rb:20:2795:20:2800 | call to use | UseUseExplosion.rb:20:2790:20:2800 | else ... |
+| UseUseExplosion.rb:20:2806:20:2816 | else ... | UseUseExplosion.rb:20:1165:20:2820 | if ... |
+| UseUseExplosion.rb:20:2811:20:2816 | call to use | UseUseExplosion.rb:20:2806:20:2816 | else ... |
+| UseUseExplosion.rb:20:2822:20:2832 | else ... | UseUseExplosion.rb:20:1144:20:2836 | if ... |
+| UseUseExplosion.rb:20:2827:20:2832 | call to use | UseUseExplosion.rb:20:2822:20:2832 | else ... |
+| UseUseExplosion.rb:20:2838:20:2848 | else ... | UseUseExplosion.rb:20:1123:20:2852 | if ... |
+| UseUseExplosion.rb:20:2843:20:2848 | call to use | UseUseExplosion.rb:20:2838:20:2848 | else ... |
+| UseUseExplosion.rb:20:2854:20:2864 | else ... | UseUseExplosion.rb:20:1102:20:2868 | if ... |
+| UseUseExplosion.rb:20:2859:20:2864 | call to use | UseUseExplosion.rb:20:2854:20:2864 | else ... |
+| UseUseExplosion.rb:20:2870:20:2880 | else ... | UseUseExplosion.rb:20:1081:20:2884 | if ... |
+| UseUseExplosion.rb:20:2875:20:2880 | call to use | UseUseExplosion.rb:20:2870:20:2880 | else ... |
+| UseUseExplosion.rb:20:2886:20:2896 | else ... | UseUseExplosion.rb:20:1060:20:2900 | if ... |
+| UseUseExplosion.rb:20:2891:20:2896 | call to use | UseUseExplosion.rb:20:2886:20:2896 | else ... |
+| UseUseExplosion.rb:20:2902:20:2912 | else ... | UseUseExplosion.rb:20:1039:20:2916 | if ... |
+| UseUseExplosion.rb:20:2907:20:2912 | call to use | UseUseExplosion.rb:20:2902:20:2912 | else ... |
+| UseUseExplosion.rb:20:2918:20:2928 | else ... | UseUseExplosion.rb:20:1018:20:2932 | if ... |
+| UseUseExplosion.rb:20:2923:20:2928 | call to use | UseUseExplosion.rb:20:2918:20:2928 | else ... |
+| UseUseExplosion.rb:20:2934:20:2944 | else ... | UseUseExplosion.rb:20:997:20:2948 | if ... |
+| UseUseExplosion.rb:20:2939:20:2944 | call to use | UseUseExplosion.rb:20:2934:20:2944 | else ... |
+| UseUseExplosion.rb:20:2950:20:2960 | else ... | UseUseExplosion.rb:20:976:20:2964 | if ... |
+| UseUseExplosion.rb:20:2955:20:2960 | call to use | UseUseExplosion.rb:20:2950:20:2960 | else ... |
+| UseUseExplosion.rb:20:2966:20:2976 | else ... | UseUseExplosion.rb:20:955:20:2980 | if ... |
+| UseUseExplosion.rb:20:2971:20:2976 | call to use | UseUseExplosion.rb:20:2966:20:2976 | else ... |
+| UseUseExplosion.rb:20:2982:20:2992 | else ... | UseUseExplosion.rb:20:934:20:2996 | if ... |
+| UseUseExplosion.rb:20:2987:20:2992 | call to use | UseUseExplosion.rb:20:2982:20:2992 | else ... |
+| UseUseExplosion.rb:20:2998:20:3008 | else ... | UseUseExplosion.rb:20:913:20:3012 | if ... |
+| UseUseExplosion.rb:20:3003:20:3008 | call to use | UseUseExplosion.rb:20:2998:20:3008 | else ... |
+| UseUseExplosion.rb:20:3014:20:3024 | else ... | UseUseExplosion.rb:20:892:20:3028 | if ... |
+| UseUseExplosion.rb:20:3019:20:3024 | call to use | UseUseExplosion.rb:20:3014:20:3024 | else ... |
+| UseUseExplosion.rb:20:3030:20:3040 | else ... | UseUseExplosion.rb:20:871:20:3044 | if ... |
+| UseUseExplosion.rb:20:3035:20:3040 | call to use | UseUseExplosion.rb:20:3030:20:3040 | else ... |
+| UseUseExplosion.rb:20:3046:20:3056 | else ... | UseUseExplosion.rb:20:850:20:3060 | if ... |
+| UseUseExplosion.rb:20:3051:20:3056 | call to use | UseUseExplosion.rb:20:3046:20:3056 | else ... |
+| UseUseExplosion.rb:20:3062:20:3072 | else ... | UseUseExplosion.rb:20:829:20:3076 | if ... |
+| UseUseExplosion.rb:20:3067:20:3072 | call to use | UseUseExplosion.rb:20:3062:20:3072 | else ... |
+| UseUseExplosion.rb:20:3078:20:3088 | else ... | UseUseExplosion.rb:20:808:20:3092 | if ... |
+| UseUseExplosion.rb:20:3083:20:3088 | call to use | UseUseExplosion.rb:20:3078:20:3088 | else ... |
+| UseUseExplosion.rb:20:3094:20:3104 | else ... | UseUseExplosion.rb:20:787:20:3108 | if ... |
+| UseUseExplosion.rb:20:3099:20:3104 | call to use | UseUseExplosion.rb:20:3094:20:3104 | else ... |
+| UseUseExplosion.rb:20:3110:20:3120 | else ... | UseUseExplosion.rb:20:766:20:3124 | if ... |
+| UseUseExplosion.rb:20:3115:20:3120 | call to use | UseUseExplosion.rb:20:3110:20:3120 | else ... |
+| UseUseExplosion.rb:20:3126:20:3136 | else ... | UseUseExplosion.rb:20:745:20:3140 | if ... |
+| UseUseExplosion.rb:20:3131:20:3136 | call to use | UseUseExplosion.rb:20:3126:20:3136 | else ... |
+| UseUseExplosion.rb:20:3142:20:3152 | else ... | UseUseExplosion.rb:20:724:20:3156 | if ... |
+| UseUseExplosion.rb:20:3147:20:3152 | call to use | UseUseExplosion.rb:20:3142:20:3152 | else ... |
+| UseUseExplosion.rb:20:3158:20:3168 | else ... | UseUseExplosion.rb:20:703:20:3172 | if ... |
+| UseUseExplosion.rb:20:3163:20:3168 | call to use | UseUseExplosion.rb:20:3158:20:3168 | else ... |
+| UseUseExplosion.rb:20:3174:20:3184 | else ... | UseUseExplosion.rb:20:682:20:3188 | if ... |
+| UseUseExplosion.rb:20:3179:20:3184 | call to use | UseUseExplosion.rb:20:3174:20:3184 | else ... |
+| UseUseExplosion.rb:20:3190:20:3200 | else ... | UseUseExplosion.rb:20:661:20:3204 | if ... |
+| UseUseExplosion.rb:20:3195:20:3200 | call to use | UseUseExplosion.rb:20:3190:20:3200 | else ... |
+| UseUseExplosion.rb:20:3206:20:3216 | else ... | UseUseExplosion.rb:20:640:20:3220 | if ... |
+| UseUseExplosion.rb:20:3211:20:3216 | call to use | UseUseExplosion.rb:20:3206:20:3216 | else ... |
+| UseUseExplosion.rb:20:3222:20:3232 | else ... | UseUseExplosion.rb:20:619:20:3236 | if ... |
+| UseUseExplosion.rb:20:3227:20:3232 | call to use | UseUseExplosion.rb:20:3222:20:3232 | else ... |
+| UseUseExplosion.rb:20:3238:20:3248 | else ... | UseUseExplosion.rb:20:598:20:3252 | if ... |
+| UseUseExplosion.rb:20:3243:20:3248 | call to use | UseUseExplosion.rb:20:3238:20:3248 | else ... |
+| UseUseExplosion.rb:20:3254:20:3264 | else ... | UseUseExplosion.rb:20:577:20:3268 | if ... |
+| UseUseExplosion.rb:20:3259:20:3264 | call to use | UseUseExplosion.rb:20:3254:20:3264 | else ... |
+| UseUseExplosion.rb:20:3270:20:3280 | else ... | UseUseExplosion.rb:20:556:20:3284 | if ... |
+| UseUseExplosion.rb:20:3275:20:3280 | call to use | UseUseExplosion.rb:20:3270:20:3280 | else ... |
+| UseUseExplosion.rb:20:3286:20:3296 | else ... | UseUseExplosion.rb:20:535:20:3300 | if ... |
+| UseUseExplosion.rb:20:3291:20:3296 | call to use | UseUseExplosion.rb:20:3286:20:3296 | else ... |
+| UseUseExplosion.rb:20:3302:20:3312 | else ... | UseUseExplosion.rb:20:514:20:3316 | if ... |
+| UseUseExplosion.rb:20:3307:20:3312 | call to use | UseUseExplosion.rb:20:3302:20:3312 | else ... |
+| UseUseExplosion.rb:20:3318:20:3328 | else ... | UseUseExplosion.rb:20:493:20:3332 | if ... |
+| UseUseExplosion.rb:20:3323:20:3328 | call to use | UseUseExplosion.rb:20:3318:20:3328 | else ... |
+| UseUseExplosion.rb:20:3334:20:3344 | else ... | UseUseExplosion.rb:20:472:20:3348 | if ... |
+| UseUseExplosion.rb:20:3339:20:3344 | call to use | UseUseExplosion.rb:20:3334:20:3344 | else ... |
+| UseUseExplosion.rb:20:3350:20:3360 | else ... | UseUseExplosion.rb:20:451:20:3364 | if ... |
+| UseUseExplosion.rb:20:3355:20:3360 | call to use | UseUseExplosion.rb:20:3350:20:3360 | else ... |
+| UseUseExplosion.rb:20:3366:20:3376 | else ... | UseUseExplosion.rb:20:430:20:3380 | if ... |
+| UseUseExplosion.rb:20:3371:20:3376 | call to use | UseUseExplosion.rb:20:3366:20:3376 | else ... |
+| UseUseExplosion.rb:20:3382:20:3392 | else ... | UseUseExplosion.rb:20:409:20:3396 | if ... |
+| UseUseExplosion.rb:20:3387:20:3392 | call to use | UseUseExplosion.rb:20:3382:20:3392 | else ... |
+| UseUseExplosion.rb:20:3398:20:3408 | else ... | UseUseExplosion.rb:20:388:20:3412 | if ... |
+| UseUseExplosion.rb:20:3403:20:3408 | call to use | UseUseExplosion.rb:20:3398:20:3408 | else ... |
+| UseUseExplosion.rb:20:3414:20:3424 | else ... | UseUseExplosion.rb:20:367:20:3428 | if ... |
+| UseUseExplosion.rb:20:3419:20:3424 | call to use | UseUseExplosion.rb:20:3414:20:3424 | else ... |
+| UseUseExplosion.rb:20:3430:20:3440 | else ... | UseUseExplosion.rb:20:346:20:3444 | if ... |
+| UseUseExplosion.rb:20:3435:20:3440 | call to use | UseUseExplosion.rb:20:3430:20:3440 | else ... |
+| UseUseExplosion.rb:20:3446:20:3456 | else ... | UseUseExplosion.rb:20:325:20:3460 | if ... |
+| UseUseExplosion.rb:20:3451:20:3456 | call to use | UseUseExplosion.rb:20:3446:20:3456 | else ... |
+| UseUseExplosion.rb:20:3462:20:3472 | else ... | UseUseExplosion.rb:20:304:20:3476 | if ... |
+| UseUseExplosion.rb:20:3467:20:3472 | call to use | UseUseExplosion.rb:20:3462:20:3472 | else ... |
+| UseUseExplosion.rb:20:3478:20:3488 | else ... | UseUseExplosion.rb:20:283:20:3492 | if ... |
+| UseUseExplosion.rb:20:3483:20:3488 | call to use | UseUseExplosion.rb:20:3478:20:3488 | else ... |
+| UseUseExplosion.rb:20:3494:20:3504 | else ... | UseUseExplosion.rb:20:262:20:3508 | if ... |
+| UseUseExplosion.rb:20:3499:20:3504 | call to use | UseUseExplosion.rb:20:3494:20:3504 | else ... |
+| UseUseExplosion.rb:20:3510:20:3520 | else ... | UseUseExplosion.rb:20:241:20:3524 | if ... |
+| UseUseExplosion.rb:20:3515:20:3520 | call to use | UseUseExplosion.rb:20:3510:20:3520 | else ... |
+| UseUseExplosion.rb:20:3526:20:3536 | else ... | UseUseExplosion.rb:20:220:20:3540 | if ... |
+| UseUseExplosion.rb:20:3531:20:3536 | call to use | UseUseExplosion.rb:20:3526:20:3536 | else ... |
+| UseUseExplosion.rb:20:3542:20:3552 | else ... | UseUseExplosion.rb:20:199:20:3556 | if ... |
+| UseUseExplosion.rb:20:3547:20:3552 | call to use | UseUseExplosion.rb:20:3542:20:3552 | else ... |
+| UseUseExplosion.rb:20:3558:20:3568 | else ... | UseUseExplosion.rb:20:178:20:3572 | if ... |
+| UseUseExplosion.rb:20:3563:20:3568 | call to use | UseUseExplosion.rb:20:3558:20:3568 | else ... |
+| UseUseExplosion.rb:20:3574:20:3584 | else ... | UseUseExplosion.rb:20:157:20:3588 | if ... |
+| UseUseExplosion.rb:20:3579:20:3584 | call to use | UseUseExplosion.rb:20:3574:20:3584 | else ... |
+| UseUseExplosion.rb:20:3590:20:3600 | else ... | UseUseExplosion.rb:20:136:20:3604 | if ... |
+| UseUseExplosion.rb:20:3595:20:3600 | call to use | UseUseExplosion.rb:20:3590:20:3600 | else ... |
+| UseUseExplosion.rb:20:3606:20:3616 | else ... | UseUseExplosion.rb:20:115:20:3620 | if ... |
+| UseUseExplosion.rb:20:3611:20:3616 | call to use | UseUseExplosion.rb:20:3606:20:3616 | else ... |
+| UseUseExplosion.rb:20:3622:20:3632 | else ... | UseUseExplosion.rb:20:94:20:3636 | if ... |
+| UseUseExplosion.rb:20:3627:20:3632 | call to use | UseUseExplosion.rb:20:3622:20:3632 | else ... |
+| UseUseExplosion.rb:20:3638:20:3648 | else ... | UseUseExplosion.rb:20:73:20:3652 | if ... |
+| UseUseExplosion.rb:20:3643:20:3648 | call to use | UseUseExplosion.rb:20:3638:20:3648 | else ... |
+| UseUseExplosion.rb:20:3654:20:3664 | else ... | UseUseExplosion.rb:20:52:20:3668 | if ... |
+| UseUseExplosion.rb:20:3659:20:3664 | call to use | UseUseExplosion.rb:20:3654:20:3664 | else ... |
+| UseUseExplosion.rb:20:3670:20:3680 | else ... | UseUseExplosion.rb:20:31:20:3684 | if ... |
+| UseUseExplosion.rb:20:3675:20:3680 | call to use | UseUseExplosion.rb:20:3670:20:3680 | else ... |
+| UseUseExplosion.rb:20:3686:20:3696 | else ... | UseUseExplosion.rb:20:9:20:3700 | if ... |
+| UseUseExplosion.rb:20:3691:20:3696 | call to use | UseUseExplosion.rb:20:3686:20:3696 | else ... |
+| UseUseExplosion.rb:21:13:21:17 | @prop | UseUseExplosion.rb:21:13:21:23 | ... > ... |
+| UseUseExplosion.rb:21:13:21:17 | [post] self | UseUseExplosion.rb:21:35:21:39 | self |
+| UseUseExplosion.rb:21:13:21:17 | [post] self | UseUseExplosion.rb:21:3691:21:3696 | self |
+| UseUseExplosion.rb:21:13:21:17 | self | UseUseExplosion.rb:21:35:21:39 | self |
+| UseUseExplosion.rb:21:13:21:17 | self | UseUseExplosion.rb:21:3691:21:3696 | self |
+| UseUseExplosion.rb:21:13:21:23 | ... > ... | UseUseExplosion.rb:21:12:21:24 | [false] ( ... ) |
+| UseUseExplosion.rb:21:13:21:23 | ... > ... | UseUseExplosion.rb:21:12:21:24 | [true] ( ... ) |
+| UseUseExplosion.rb:21:21:21:23 | 100 | UseUseExplosion.rb:21:13:21:23 | ... > ... |
+| UseUseExplosion.rb:21:26:21:3684 | then ... | UseUseExplosion.rb:21:9:21:3700 | if ... |
+| UseUseExplosion.rb:21:31:21:3684 | if ... | UseUseExplosion.rb:21:26:21:3684 | then ... |
+| UseUseExplosion.rb:21:35:21:39 | @prop | UseUseExplosion.rb:21:35:21:44 | ... > ... |
+| UseUseExplosion.rb:21:35:21:39 | [post] self | UseUseExplosion.rb:21:56:21:60 | self |
+| UseUseExplosion.rb:21:35:21:39 | [post] self | UseUseExplosion.rb:21:3675:21:3680 | self |
+| UseUseExplosion.rb:21:35:21:39 | self | UseUseExplosion.rb:21:56:21:60 | self |
+| UseUseExplosion.rb:21:35:21:39 | self | UseUseExplosion.rb:21:3675:21:3680 | self |
+| UseUseExplosion.rb:21:35:21:44 | ... > ... | UseUseExplosion.rb:21:34:21:45 | [false] ( ... ) |
+| UseUseExplosion.rb:21:35:21:44 | ... > ... | UseUseExplosion.rb:21:34:21:45 | [true] ( ... ) |
+| UseUseExplosion.rb:21:43:21:44 | 99 | UseUseExplosion.rb:21:35:21:44 | ... > ... |
+| UseUseExplosion.rb:21:47:21:3668 | then ... | UseUseExplosion.rb:21:31:21:3684 | if ... |
+| UseUseExplosion.rb:21:52:21:3668 | if ... | UseUseExplosion.rb:21:47:21:3668 | then ... |
+| UseUseExplosion.rb:21:56:21:60 | @prop | UseUseExplosion.rb:21:56:21:65 | ... > ... |
+| UseUseExplosion.rb:21:56:21:60 | [post] self | UseUseExplosion.rb:21:77:21:81 | self |
+| UseUseExplosion.rb:21:56:21:60 | [post] self | UseUseExplosion.rb:21:3659:21:3664 | self |
+| UseUseExplosion.rb:21:56:21:60 | self | UseUseExplosion.rb:21:77:21:81 | self |
+| UseUseExplosion.rb:21:56:21:60 | self | UseUseExplosion.rb:21:3659:21:3664 | self |
+| UseUseExplosion.rb:21:56:21:65 | ... > ... | UseUseExplosion.rb:21:55:21:66 | [false] ( ... ) |
+| UseUseExplosion.rb:21:56:21:65 | ... > ... | UseUseExplosion.rb:21:55:21:66 | [true] ( ... ) |
+| UseUseExplosion.rb:21:64:21:65 | 98 | UseUseExplosion.rb:21:56:21:65 | ... > ... |
+| UseUseExplosion.rb:21:68:21:3652 | then ... | UseUseExplosion.rb:21:52:21:3668 | if ... |
+| UseUseExplosion.rb:21:73:21:3652 | if ... | UseUseExplosion.rb:21:68:21:3652 | then ... |
+| UseUseExplosion.rb:21:77:21:81 | @prop | UseUseExplosion.rb:21:77:21:86 | ... > ... |
+| UseUseExplosion.rb:21:77:21:81 | [post] self | UseUseExplosion.rb:21:98:21:102 | self |
+| UseUseExplosion.rb:21:77:21:81 | [post] self | UseUseExplosion.rb:21:3643:21:3648 | self |
+| UseUseExplosion.rb:21:77:21:81 | self | UseUseExplosion.rb:21:98:21:102 | self |
+| UseUseExplosion.rb:21:77:21:81 | self | UseUseExplosion.rb:21:3643:21:3648 | self |
+| UseUseExplosion.rb:21:77:21:86 | ... > ... | UseUseExplosion.rb:21:76:21:87 | [false] ( ... ) |
+| UseUseExplosion.rb:21:77:21:86 | ... > ... | UseUseExplosion.rb:21:76:21:87 | [true] ( ... ) |
+| UseUseExplosion.rb:21:85:21:86 | 97 | UseUseExplosion.rb:21:77:21:86 | ... > ... |
+| UseUseExplosion.rb:21:89:21:3636 | then ... | UseUseExplosion.rb:21:73:21:3652 | if ... |
+| UseUseExplosion.rb:21:94:21:3636 | if ... | UseUseExplosion.rb:21:89:21:3636 | then ... |
+| UseUseExplosion.rb:21:98:21:102 | @prop | UseUseExplosion.rb:21:98:21:107 | ... > ... |
+| UseUseExplosion.rb:21:98:21:102 | [post] self | UseUseExplosion.rb:21:119:21:123 | self |
+| UseUseExplosion.rb:21:98:21:102 | [post] self | UseUseExplosion.rb:21:3627:21:3632 | self |
+| UseUseExplosion.rb:21:98:21:102 | self | UseUseExplosion.rb:21:119:21:123 | self |
+| UseUseExplosion.rb:21:98:21:102 | self | UseUseExplosion.rb:21:3627:21:3632 | self |
+| UseUseExplosion.rb:21:98:21:107 | ... > ... | UseUseExplosion.rb:21:97:21:108 | [false] ( ... ) |
+| UseUseExplosion.rb:21:98:21:107 | ... > ... | UseUseExplosion.rb:21:97:21:108 | [true] ( ... ) |
+| UseUseExplosion.rb:21:106:21:107 | 96 | UseUseExplosion.rb:21:98:21:107 | ... > ... |
+| UseUseExplosion.rb:21:110:21:3620 | then ... | UseUseExplosion.rb:21:94:21:3636 | if ... |
+| UseUseExplosion.rb:21:115:21:3620 | if ... | UseUseExplosion.rb:21:110:21:3620 | then ... |
+| UseUseExplosion.rb:21:119:21:123 | @prop | UseUseExplosion.rb:21:119:21:128 | ... > ... |
+| UseUseExplosion.rb:21:119:21:123 | [post] self | UseUseExplosion.rb:21:140:21:144 | self |
+| UseUseExplosion.rb:21:119:21:123 | [post] self | UseUseExplosion.rb:21:3611:21:3616 | self |
+| UseUseExplosion.rb:21:119:21:123 | self | UseUseExplosion.rb:21:140:21:144 | self |
+| UseUseExplosion.rb:21:119:21:123 | self | UseUseExplosion.rb:21:3611:21:3616 | self |
+| UseUseExplosion.rb:21:119:21:128 | ... > ... | UseUseExplosion.rb:21:118:21:129 | [false] ( ... ) |
+| UseUseExplosion.rb:21:119:21:128 | ... > ... | UseUseExplosion.rb:21:118:21:129 | [true] ( ... ) |
+| UseUseExplosion.rb:21:127:21:128 | 95 | UseUseExplosion.rb:21:119:21:128 | ... > ... |
+| UseUseExplosion.rb:21:131:21:3604 | then ... | UseUseExplosion.rb:21:115:21:3620 | if ... |
+| UseUseExplosion.rb:21:136:21:3604 | if ... | UseUseExplosion.rb:21:131:21:3604 | then ... |
+| UseUseExplosion.rb:21:140:21:144 | @prop | UseUseExplosion.rb:21:140:21:149 | ... > ... |
+| UseUseExplosion.rb:21:140:21:144 | [post] self | UseUseExplosion.rb:21:161:21:165 | self |
+| UseUseExplosion.rb:21:140:21:144 | [post] self | UseUseExplosion.rb:21:3595:21:3600 | self |
+| UseUseExplosion.rb:21:140:21:144 | self | UseUseExplosion.rb:21:161:21:165 | self |
+| UseUseExplosion.rb:21:140:21:144 | self | UseUseExplosion.rb:21:3595:21:3600 | self |
+| UseUseExplosion.rb:21:140:21:149 | ... > ... | UseUseExplosion.rb:21:139:21:150 | [false] ( ... ) |
+| UseUseExplosion.rb:21:140:21:149 | ... > ... | UseUseExplosion.rb:21:139:21:150 | [true] ( ... ) |
+| UseUseExplosion.rb:21:148:21:149 | 94 | UseUseExplosion.rb:21:140:21:149 | ... > ... |
+| UseUseExplosion.rb:21:152:21:3588 | then ... | UseUseExplosion.rb:21:136:21:3604 | if ... |
+| UseUseExplosion.rb:21:157:21:3588 | if ... | UseUseExplosion.rb:21:152:21:3588 | then ... |
+| UseUseExplosion.rb:21:161:21:165 | @prop | UseUseExplosion.rb:21:161:21:170 | ... > ... |
+| UseUseExplosion.rb:21:161:21:165 | [post] self | UseUseExplosion.rb:21:182:21:186 | self |
+| UseUseExplosion.rb:21:161:21:165 | [post] self | UseUseExplosion.rb:21:3579:21:3584 | self |
+| UseUseExplosion.rb:21:161:21:165 | self | UseUseExplosion.rb:21:182:21:186 | self |
+| UseUseExplosion.rb:21:161:21:165 | self | UseUseExplosion.rb:21:3579:21:3584 | self |
+| UseUseExplosion.rb:21:161:21:170 | ... > ... | UseUseExplosion.rb:21:160:21:171 | [false] ( ... ) |
+| UseUseExplosion.rb:21:161:21:170 | ... > ... | UseUseExplosion.rb:21:160:21:171 | [true] ( ... ) |
+| UseUseExplosion.rb:21:169:21:170 | 93 | UseUseExplosion.rb:21:161:21:170 | ... > ... |
+| UseUseExplosion.rb:21:173:21:3572 | then ... | UseUseExplosion.rb:21:157:21:3588 | if ... |
+| UseUseExplosion.rb:21:178:21:3572 | if ... | UseUseExplosion.rb:21:173:21:3572 | then ... |
+| UseUseExplosion.rb:21:182:21:186 | @prop | UseUseExplosion.rb:21:182:21:191 | ... > ... |
+| UseUseExplosion.rb:21:182:21:186 | [post] self | UseUseExplosion.rb:21:203:21:207 | self |
+| UseUseExplosion.rb:21:182:21:186 | [post] self | UseUseExplosion.rb:21:3563:21:3568 | self |
+| UseUseExplosion.rb:21:182:21:186 | self | UseUseExplosion.rb:21:203:21:207 | self |
+| UseUseExplosion.rb:21:182:21:186 | self | UseUseExplosion.rb:21:3563:21:3568 | self |
+| UseUseExplosion.rb:21:182:21:191 | ... > ... | UseUseExplosion.rb:21:181:21:192 | [false] ( ... ) |
+| UseUseExplosion.rb:21:182:21:191 | ... > ... | UseUseExplosion.rb:21:181:21:192 | [true] ( ... ) |
+| UseUseExplosion.rb:21:190:21:191 | 92 | UseUseExplosion.rb:21:182:21:191 | ... > ... |
+| UseUseExplosion.rb:21:194:21:3556 | then ... | UseUseExplosion.rb:21:178:21:3572 | if ... |
+| UseUseExplosion.rb:21:199:21:3556 | if ... | UseUseExplosion.rb:21:194:21:3556 | then ... |
+| UseUseExplosion.rb:21:203:21:207 | @prop | UseUseExplosion.rb:21:203:21:212 | ... > ... |
+| UseUseExplosion.rb:21:203:21:207 | [post] self | UseUseExplosion.rb:21:224:21:228 | self |
+| UseUseExplosion.rb:21:203:21:207 | [post] self | UseUseExplosion.rb:21:3547:21:3552 | self |
+| UseUseExplosion.rb:21:203:21:207 | self | UseUseExplosion.rb:21:224:21:228 | self |
+| UseUseExplosion.rb:21:203:21:207 | self | UseUseExplosion.rb:21:3547:21:3552 | self |
+| UseUseExplosion.rb:21:203:21:212 | ... > ... | UseUseExplosion.rb:21:202:21:213 | [false] ( ... ) |
+| UseUseExplosion.rb:21:203:21:212 | ... > ... | UseUseExplosion.rb:21:202:21:213 | [true] ( ... ) |
+| UseUseExplosion.rb:21:211:21:212 | 91 | UseUseExplosion.rb:21:203:21:212 | ... > ... |
+| UseUseExplosion.rb:21:215:21:3540 | then ... | UseUseExplosion.rb:21:199:21:3556 | if ... |
+| UseUseExplosion.rb:21:220:21:3540 | if ... | UseUseExplosion.rb:21:215:21:3540 | then ... |
+| UseUseExplosion.rb:21:224:21:228 | @prop | UseUseExplosion.rb:21:224:21:233 | ... > ... |
+| UseUseExplosion.rb:21:224:21:228 | [post] self | UseUseExplosion.rb:21:245:21:249 | self |
+| UseUseExplosion.rb:21:224:21:228 | [post] self | UseUseExplosion.rb:21:3531:21:3536 | self |
+| UseUseExplosion.rb:21:224:21:228 | self | UseUseExplosion.rb:21:245:21:249 | self |
+| UseUseExplosion.rb:21:224:21:228 | self | UseUseExplosion.rb:21:3531:21:3536 | self |
+| UseUseExplosion.rb:21:224:21:233 | ... > ... | UseUseExplosion.rb:21:223:21:234 | [false] ( ... ) |
+| UseUseExplosion.rb:21:224:21:233 | ... > ... | UseUseExplosion.rb:21:223:21:234 | [true] ( ... ) |
+| UseUseExplosion.rb:21:232:21:233 | 90 | UseUseExplosion.rb:21:224:21:233 | ... > ... |
+| UseUseExplosion.rb:21:236:21:3524 | then ... | UseUseExplosion.rb:21:220:21:3540 | if ... |
+| UseUseExplosion.rb:21:241:21:3524 | if ... | UseUseExplosion.rb:21:236:21:3524 | then ... |
+| UseUseExplosion.rb:21:245:21:249 | @prop | UseUseExplosion.rb:21:245:21:254 | ... > ... |
+| UseUseExplosion.rb:21:245:21:249 | [post] self | UseUseExplosion.rb:21:266:21:270 | self |
+| UseUseExplosion.rb:21:245:21:249 | [post] self | UseUseExplosion.rb:21:3515:21:3520 | self |
+| UseUseExplosion.rb:21:245:21:249 | self | UseUseExplosion.rb:21:266:21:270 | self |
+| UseUseExplosion.rb:21:245:21:249 | self | UseUseExplosion.rb:21:3515:21:3520 | self |
+| UseUseExplosion.rb:21:245:21:254 | ... > ... | UseUseExplosion.rb:21:244:21:255 | [false] ( ... ) |
+| UseUseExplosion.rb:21:245:21:254 | ... > ... | UseUseExplosion.rb:21:244:21:255 | [true] ( ... ) |
+| UseUseExplosion.rb:21:253:21:254 | 89 | UseUseExplosion.rb:21:245:21:254 | ... > ... |
+| UseUseExplosion.rb:21:257:21:3508 | then ... | UseUseExplosion.rb:21:241:21:3524 | if ... |
+| UseUseExplosion.rb:21:262:21:3508 | if ... | UseUseExplosion.rb:21:257:21:3508 | then ... |
+| UseUseExplosion.rb:21:266:21:270 | @prop | UseUseExplosion.rb:21:266:21:275 | ... > ... |
+| UseUseExplosion.rb:21:266:21:270 | [post] self | UseUseExplosion.rb:21:287:21:291 | self |
+| UseUseExplosion.rb:21:266:21:270 | [post] self | UseUseExplosion.rb:21:3499:21:3504 | self |
+| UseUseExplosion.rb:21:266:21:270 | self | UseUseExplosion.rb:21:287:21:291 | self |
+| UseUseExplosion.rb:21:266:21:270 | self | UseUseExplosion.rb:21:3499:21:3504 | self |
+| UseUseExplosion.rb:21:266:21:275 | ... > ... | UseUseExplosion.rb:21:265:21:276 | [false] ( ... ) |
+| UseUseExplosion.rb:21:266:21:275 | ... > ... | UseUseExplosion.rb:21:265:21:276 | [true] ( ... ) |
+| UseUseExplosion.rb:21:274:21:275 | 88 | UseUseExplosion.rb:21:266:21:275 | ... > ... |
+| UseUseExplosion.rb:21:278:21:3492 | then ... | UseUseExplosion.rb:21:262:21:3508 | if ... |
+| UseUseExplosion.rb:21:283:21:3492 | if ... | UseUseExplosion.rb:21:278:21:3492 | then ... |
+| UseUseExplosion.rb:21:287:21:291 | @prop | UseUseExplosion.rb:21:287:21:296 | ... > ... |
+| UseUseExplosion.rb:21:287:21:291 | [post] self | UseUseExplosion.rb:21:308:21:312 | self |
+| UseUseExplosion.rb:21:287:21:291 | [post] self | UseUseExplosion.rb:21:3483:21:3488 | self |
+| UseUseExplosion.rb:21:287:21:291 | self | UseUseExplosion.rb:21:308:21:312 | self |
+| UseUseExplosion.rb:21:287:21:291 | self | UseUseExplosion.rb:21:3483:21:3488 | self |
+| UseUseExplosion.rb:21:287:21:296 | ... > ... | UseUseExplosion.rb:21:286:21:297 | [false] ( ... ) |
+| UseUseExplosion.rb:21:287:21:296 | ... > ... | UseUseExplosion.rb:21:286:21:297 | [true] ( ... ) |
+| UseUseExplosion.rb:21:295:21:296 | 87 | UseUseExplosion.rb:21:287:21:296 | ... > ... |
+| UseUseExplosion.rb:21:299:21:3476 | then ... | UseUseExplosion.rb:21:283:21:3492 | if ... |
+| UseUseExplosion.rb:21:304:21:3476 | if ... | UseUseExplosion.rb:21:299:21:3476 | then ... |
+| UseUseExplosion.rb:21:308:21:312 | @prop | UseUseExplosion.rb:21:308:21:317 | ... > ... |
+| UseUseExplosion.rb:21:308:21:312 | [post] self | UseUseExplosion.rb:21:329:21:333 | self |
+| UseUseExplosion.rb:21:308:21:312 | [post] self | UseUseExplosion.rb:21:3467:21:3472 | self |
+| UseUseExplosion.rb:21:308:21:312 | self | UseUseExplosion.rb:21:329:21:333 | self |
+| UseUseExplosion.rb:21:308:21:312 | self | UseUseExplosion.rb:21:3467:21:3472 | self |
+| UseUseExplosion.rb:21:308:21:317 | ... > ... | UseUseExplosion.rb:21:307:21:318 | [false] ( ... ) |
+| UseUseExplosion.rb:21:308:21:317 | ... > ... | UseUseExplosion.rb:21:307:21:318 | [true] ( ... ) |
+| UseUseExplosion.rb:21:316:21:317 | 86 | UseUseExplosion.rb:21:308:21:317 | ... > ... |
+| UseUseExplosion.rb:21:320:21:3460 | then ... | UseUseExplosion.rb:21:304:21:3476 | if ... |
+| UseUseExplosion.rb:21:325:21:3460 | if ... | UseUseExplosion.rb:21:320:21:3460 | then ... |
+| UseUseExplosion.rb:21:329:21:333 | @prop | UseUseExplosion.rb:21:329:21:338 | ... > ... |
+| UseUseExplosion.rb:21:329:21:333 | [post] self | UseUseExplosion.rb:21:350:21:354 | self |
+| UseUseExplosion.rb:21:329:21:333 | [post] self | UseUseExplosion.rb:21:3451:21:3456 | self |
+| UseUseExplosion.rb:21:329:21:333 | self | UseUseExplosion.rb:21:350:21:354 | self |
+| UseUseExplosion.rb:21:329:21:333 | self | UseUseExplosion.rb:21:3451:21:3456 | self |
+| UseUseExplosion.rb:21:329:21:338 | ... > ... | UseUseExplosion.rb:21:328:21:339 | [false] ( ... ) |
+| UseUseExplosion.rb:21:329:21:338 | ... > ... | UseUseExplosion.rb:21:328:21:339 | [true] ( ... ) |
+| UseUseExplosion.rb:21:337:21:338 | 85 | UseUseExplosion.rb:21:329:21:338 | ... > ... |
+| UseUseExplosion.rb:21:341:21:3444 | then ... | UseUseExplosion.rb:21:325:21:3460 | if ... |
+| UseUseExplosion.rb:21:346:21:3444 | if ... | UseUseExplosion.rb:21:341:21:3444 | then ... |
+| UseUseExplosion.rb:21:350:21:354 | @prop | UseUseExplosion.rb:21:350:21:359 | ... > ... |
+| UseUseExplosion.rb:21:350:21:354 | [post] self | UseUseExplosion.rb:21:371:21:375 | self |
+| UseUseExplosion.rb:21:350:21:354 | [post] self | UseUseExplosion.rb:21:3435:21:3440 | self |
+| UseUseExplosion.rb:21:350:21:354 | self | UseUseExplosion.rb:21:371:21:375 | self |
+| UseUseExplosion.rb:21:350:21:354 | self | UseUseExplosion.rb:21:3435:21:3440 | self |
+| UseUseExplosion.rb:21:350:21:359 | ... > ... | UseUseExplosion.rb:21:349:21:360 | [false] ( ... ) |
+| UseUseExplosion.rb:21:350:21:359 | ... > ... | UseUseExplosion.rb:21:349:21:360 | [true] ( ... ) |
+| UseUseExplosion.rb:21:358:21:359 | 84 | UseUseExplosion.rb:21:350:21:359 | ... > ... |
+| UseUseExplosion.rb:21:362:21:3428 | then ... | UseUseExplosion.rb:21:346:21:3444 | if ... |
+| UseUseExplosion.rb:21:367:21:3428 | if ... | UseUseExplosion.rb:21:362:21:3428 | then ... |
+| UseUseExplosion.rb:21:371:21:375 | @prop | UseUseExplosion.rb:21:371:21:380 | ... > ... |
+| UseUseExplosion.rb:21:371:21:375 | [post] self | UseUseExplosion.rb:21:392:21:396 | self |
+| UseUseExplosion.rb:21:371:21:375 | [post] self | UseUseExplosion.rb:21:3419:21:3424 | self |
+| UseUseExplosion.rb:21:371:21:375 | self | UseUseExplosion.rb:21:392:21:396 | self |
+| UseUseExplosion.rb:21:371:21:375 | self | UseUseExplosion.rb:21:3419:21:3424 | self |
+| UseUseExplosion.rb:21:371:21:380 | ... > ... | UseUseExplosion.rb:21:370:21:381 | [false] ( ... ) |
+| UseUseExplosion.rb:21:371:21:380 | ... > ... | UseUseExplosion.rb:21:370:21:381 | [true] ( ... ) |
+| UseUseExplosion.rb:21:379:21:380 | 83 | UseUseExplosion.rb:21:371:21:380 | ... > ... |
+| UseUseExplosion.rb:21:383:21:3412 | then ... | UseUseExplosion.rb:21:367:21:3428 | if ... |
+| UseUseExplosion.rb:21:388:21:3412 | if ... | UseUseExplosion.rb:21:383:21:3412 | then ... |
+| UseUseExplosion.rb:21:392:21:396 | @prop | UseUseExplosion.rb:21:392:21:401 | ... > ... |
+| UseUseExplosion.rb:21:392:21:396 | [post] self | UseUseExplosion.rb:21:413:21:417 | self |
+| UseUseExplosion.rb:21:392:21:396 | [post] self | UseUseExplosion.rb:21:3403:21:3408 | self |
+| UseUseExplosion.rb:21:392:21:396 | self | UseUseExplosion.rb:21:413:21:417 | self |
+| UseUseExplosion.rb:21:392:21:396 | self | UseUseExplosion.rb:21:3403:21:3408 | self |
+| UseUseExplosion.rb:21:392:21:401 | ... > ... | UseUseExplosion.rb:21:391:21:402 | [false] ( ... ) |
+| UseUseExplosion.rb:21:392:21:401 | ... > ... | UseUseExplosion.rb:21:391:21:402 | [true] ( ... ) |
+| UseUseExplosion.rb:21:400:21:401 | 82 | UseUseExplosion.rb:21:392:21:401 | ... > ... |
+| UseUseExplosion.rb:21:404:21:3396 | then ... | UseUseExplosion.rb:21:388:21:3412 | if ... |
+| UseUseExplosion.rb:21:409:21:3396 | if ... | UseUseExplosion.rb:21:404:21:3396 | then ... |
+| UseUseExplosion.rb:21:413:21:417 | @prop | UseUseExplosion.rb:21:413:21:422 | ... > ... |
+| UseUseExplosion.rb:21:413:21:417 | [post] self | UseUseExplosion.rb:21:434:21:438 | self |
+| UseUseExplosion.rb:21:413:21:417 | [post] self | UseUseExplosion.rb:21:3387:21:3392 | self |
+| UseUseExplosion.rb:21:413:21:417 | self | UseUseExplosion.rb:21:434:21:438 | self |
+| UseUseExplosion.rb:21:413:21:417 | self | UseUseExplosion.rb:21:3387:21:3392 | self |
+| UseUseExplosion.rb:21:413:21:422 | ... > ... | UseUseExplosion.rb:21:412:21:423 | [false] ( ... ) |
+| UseUseExplosion.rb:21:413:21:422 | ... > ... | UseUseExplosion.rb:21:412:21:423 | [true] ( ... ) |
+| UseUseExplosion.rb:21:421:21:422 | 81 | UseUseExplosion.rb:21:413:21:422 | ... > ... |
+| UseUseExplosion.rb:21:425:21:3380 | then ... | UseUseExplosion.rb:21:409:21:3396 | if ... |
+| UseUseExplosion.rb:21:430:21:3380 | if ... | UseUseExplosion.rb:21:425:21:3380 | then ... |
+| UseUseExplosion.rb:21:434:21:438 | @prop | UseUseExplosion.rb:21:434:21:443 | ... > ... |
+| UseUseExplosion.rb:21:434:21:438 | [post] self | UseUseExplosion.rb:21:455:21:459 | self |
+| UseUseExplosion.rb:21:434:21:438 | [post] self | UseUseExplosion.rb:21:3371:21:3376 | self |
+| UseUseExplosion.rb:21:434:21:438 | self | UseUseExplosion.rb:21:455:21:459 | self |
+| UseUseExplosion.rb:21:434:21:438 | self | UseUseExplosion.rb:21:3371:21:3376 | self |
+| UseUseExplosion.rb:21:434:21:443 | ... > ... | UseUseExplosion.rb:21:433:21:444 | [false] ( ... ) |
+| UseUseExplosion.rb:21:434:21:443 | ... > ... | UseUseExplosion.rb:21:433:21:444 | [true] ( ... ) |
+| UseUseExplosion.rb:21:442:21:443 | 80 | UseUseExplosion.rb:21:434:21:443 | ... > ... |
+| UseUseExplosion.rb:21:446:21:3364 | then ... | UseUseExplosion.rb:21:430:21:3380 | if ... |
+| UseUseExplosion.rb:21:451:21:3364 | if ... | UseUseExplosion.rb:21:446:21:3364 | then ... |
+| UseUseExplosion.rb:21:455:21:459 | @prop | UseUseExplosion.rb:21:455:21:464 | ... > ... |
+| UseUseExplosion.rb:21:455:21:459 | [post] self | UseUseExplosion.rb:21:476:21:480 | self |
+| UseUseExplosion.rb:21:455:21:459 | [post] self | UseUseExplosion.rb:21:3355:21:3360 | self |
+| UseUseExplosion.rb:21:455:21:459 | self | UseUseExplosion.rb:21:476:21:480 | self |
+| UseUseExplosion.rb:21:455:21:459 | self | UseUseExplosion.rb:21:3355:21:3360 | self |
+| UseUseExplosion.rb:21:455:21:464 | ... > ... | UseUseExplosion.rb:21:454:21:465 | [false] ( ... ) |
+| UseUseExplosion.rb:21:455:21:464 | ... > ... | UseUseExplosion.rb:21:454:21:465 | [true] ( ... ) |
+| UseUseExplosion.rb:21:463:21:464 | 79 | UseUseExplosion.rb:21:455:21:464 | ... > ... |
+| UseUseExplosion.rb:21:467:21:3348 | then ... | UseUseExplosion.rb:21:451:21:3364 | if ... |
+| UseUseExplosion.rb:21:472:21:3348 | if ... | UseUseExplosion.rb:21:467:21:3348 | then ... |
+| UseUseExplosion.rb:21:476:21:480 | @prop | UseUseExplosion.rb:21:476:21:485 | ... > ... |
+| UseUseExplosion.rb:21:476:21:480 | [post] self | UseUseExplosion.rb:21:497:21:501 | self |
+| UseUseExplosion.rb:21:476:21:480 | [post] self | UseUseExplosion.rb:21:3339:21:3344 | self |
+| UseUseExplosion.rb:21:476:21:480 | self | UseUseExplosion.rb:21:497:21:501 | self |
+| UseUseExplosion.rb:21:476:21:480 | self | UseUseExplosion.rb:21:3339:21:3344 | self |
+| UseUseExplosion.rb:21:476:21:485 | ... > ... | UseUseExplosion.rb:21:475:21:486 | [false] ( ... ) |
+| UseUseExplosion.rb:21:476:21:485 | ... > ... | UseUseExplosion.rb:21:475:21:486 | [true] ( ... ) |
+| UseUseExplosion.rb:21:484:21:485 | 78 | UseUseExplosion.rb:21:476:21:485 | ... > ... |
+| UseUseExplosion.rb:21:488:21:3332 | then ... | UseUseExplosion.rb:21:472:21:3348 | if ... |
+| UseUseExplosion.rb:21:493:21:3332 | if ... | UseUseExplosion.rb:21:488:21:3332 | then ... |
+| UseUseExplosion.rb:21:497:21:501 | @prop | UseUseExplosion.rb:21:497:21:506 | ... > ... |
+| UseUseExplosion.rb:21:497:21:501 | [post] self | UseUseExplosion.rb:21:518:21:522 | self |
+| UseUseExplosion.rb:21:497:21:501 | [post] self | UseUseExplosion.rb:21:3323:21:3328 | self |
+| UseUseExplosion.rb:21:497:21:501 | self | UseUseExplosion.rb:21:518:21:522 | self |
+| UseUseExplosion.rb:21:497:21:501 | self | UseUseExplosion.rb:21:3323:21:3328 | self |
+| UseUseExplosion.rb:21:497:21:506 | ... > ... | UseUseExplosion.rb:21:496:21:507 | [false] ( ... ) |
+| UseUseExplosion.rb:21:497:21:506 | ... > ... | UseUseExplosion.rb:21:496:21:507 | [true] ( ... ) |
+| UseUseExplosion.rb:21:505:21:506 | 77 | UseUseExplosion.rb:21:497:21:506 | ... > ... |
+| UseUseExplosion.rb:21:509:21:3316 | then ... | UseUseExplosion.rb:21:493:21:3332 | if ... |
+| UseUseExplosion.rb:21:514:21:3316 | if ... | UseUseExplosion.rb:21:509:21:3316 | then ... |
+| UseUseExplosion.rb:21:518:21:522 | @prop | UseUseExplosion.rb:21:518:21:527 | ... > ... |
+| UseUseExplosion.rb:21:518:21:522 | [post] self | UseUseExplosion.rb:21:539:21:543 | self |
+| UseUseExplosion.rb:21:518:21:522 | [post] self | UseUseExplosion.rb:21:3307:21:3312 | self |
+| UseUseExplosion.rb:21:518:21:522 | self | UseUseExplosion.rb:21:539:21:543 | self |
+| UseUseExplosion.rb:21:518:21:522 | self | UseUseExplosion.rb:21:3307:21:3312 | self |
+| UseUseExplosion.rb:21:518:21:527 | ... > ... | UseUseExplosion.rb:21:517:21:528 | [false] ( ... ) |
+| UseUseExplosion.rb:21:518:21:527 | ... > ... | UseUseExplosion.rb:21:517:21:528 | [true] ( ... ) |
+| UseUseExplosion.rb:21:526:21:527 | 76 | UseUseExplosion.rb:21:518:21:527 | ... > ... |
+| UseUseExplosion.rb:21:530:21:3300 | then ... | UseUseExplosion.rb:21:514:21:3316 | if ... |
+| UseUseExplosion.rb:21:535:21:3300 | if ... | UseUseExplosion.rb:21:530:21:3300 | then ... |
+| UseUseExplosion.rb:21:539:21:543 | @prop | UseUseExplosion.rb:21:539:21:548 | ... > ... |
+| UseUseExplosion.rb:21:539:21:543 | [post] self | UseUseExplosion.rb:21:560:21:564 | self |
+| UseUseExplosion.rb:21:539:21:543 | [post] self | UseUseExplosion.rb:21:3291:21:3296 | self |
+| UseUseExplosion.rb:21:539:21:543 | self | UseUseExplosion.rb:21:560:21:564 | self |
+| UseUseExplosion.rb:21:539:21:543 | self | UseUseExplosion.rb:21:3291:21:3296 | self |
+| UseUseExplosion.rb:21:539:21:548 | ... > ... | UseUseExplosion.rb:21:538:21:549 | [false] ( ... ) |
+| UseUseExplosion.rb:21:539:21:548 | ... > ... | UseUseExplosion.rb:21:538:21:549 | [true] ( ... ) |
+| UseUseExplosion.rb:21:547:21:548 | 75 | UseUseExplosion.rb:21:539:21:548 | ... > ... |
+| UseUseExplosion.rb:21:551:21:3284 | then ... | UseUseExplosion.rb:21:535:21:3300 | if ... |
+| UseUseExplosion.rb:21:556:21:3284 | if ... | UseUseExplosion.rb:21:551:21:3284 | then ... |
+| UseUseExplosion.rb:21:560:21:564 | @prop | UseUseExplosion.rb:21:560:21:569 | ... > ... |
+| UseUseExplosion.rb:21:560:21:564 | [post] self | UseUseExplosion.rb:21:581:21:585 | self |
+| UseUseExplosion.rb:21:560:21:564 | [post] self | UseUseExplosion.rb:21:3275:21:3280 | self |
+| UseUseExplosion.rb:21:560:21:564 | self | UseUseExplosion.rb:21:581:21:585 | self |
+| UseUseExplosion.rb:21:560:21:564 | self | UseUseExplosion.rb:21:3275:21:3280 | self |
+| UseUseExplosion.rb:21:560:21:569 | ... > ... | UseUseExplosion.rb:21:559:21:570 | [false] ( ... ) |
+| UseUseExplosion.rb:21:560:21:569 | ... > ... | UseUseExplosion.rb:21:559:21:570 | [true] ( ... ) |
+| UseUseExplosion.rb:21:568:21:569 | 74 | UseUseExplosion.rb:21:560:21:569 | ... > ... |
+| UseUseExplosion.rb:21:572:21:3268 | then ... | UseUseExplosion.rb:21:556:21:3284 | if ... |
+| UseUseExplosion.rb:21:577:21:3268 | if ... | UseUseExplosion.rb:21:572:21:3268 | then ... |
+| UseUseExplosion.rb:21:581:21:585 | @prop | UseUseExplosion.rb:21:581:21:590 | ... > ... |
+| UseUseExplosion.rb:21:581:21:585 | [post] self | UseUseExplosion.rb:21:602:21:606 | self |
+| UseUseExplosion.rb:21:581:21:585 | [post] self | UseUseExplosion.rb:21:3259:21:3264 | self |
+| UseUseExplosion.rb:21:581:21:585 | self | UseUseExplosion.rb:21:602:21:606 | self |
+| UseUseExplosion.rb:21:581:21:585 | self | UseUseExplosion.rb:21:3259:21:3264 | self |
+| UseUseExplosion.rb:21:581:21:590 | ... > ... | UseUseExplosion.rb:21:580:21:591 | [false] ( ... ) |
+| UseUseExplosion.rb:21:581:21:590 | ... > ... | UseUseExplosion.rb:21:580:21:591 | [true] ( ... ) |
+| UseUseExplosion.rb:21:589:21:590 | 73 | UseUseExplosion.rb:21:581:21:590 | ... > ... |
+| UseUseExplosion.rb:21:593:21:3252 | then ... | UseUseExplosion.rb:21:577:21:3268 | if ... |
+| UseUseExplosion.rb:21:598:21:3252 | if ... | UseUseExplosion.rb:21:593:21:3252 | then ... |
+| UseUseExplosion.rb:21:602:21:606 | @prop | UseUseExplosion.rb:21:602:21:611 | ... > ... |
+| UseUseExplosion.rb:21:602:21:606 | [post] self | UseUseExplosion.rb:21:623:21:627 | self |
+| UseUseExplosion.rb:21:602:21:606 | [post] self | UseUseExplosion.rb:21:3243:21:3248 | self |
+| UseUseExplosion.rb:21:602:21:606 | self | UseUseExplosion.rb:21:623:21:627 | self |
+| UseUseExplosion.rb:21:602:21:606 | self | UseUseExplosion.rb:21:3243:21:3248 | self |
+| UseUseExplosion.rb:21:602:21:611 | ... > ... | UseUseExplosion.rb:21:601:21:612 | [false] ( ... ) |
+| UseUseExplosion.rb:21:602:21:611 | ... > ... | UseUseExplosion.rb:21:601:21:612 | [true] ( ... ) |
+| UseUseExplosion.rb:21:610:21:611 | 72 | UseUseExplosion.rb:21:602:21:611 | ... > ... |
+| UseUseExplosion.rb:21:614:21:3236 | then ... | UseUseExplosion.rb:21:598:21:3252 | if ... |
+| UseUseExplosion.rb:21:619:21:3236 | if ... | UseUseExplosion.rb:21:614:21:3236 | then ... |
+| UseUseExplosion.rb:21:623:21:627 | @prop | UseUseExplosion.rb:21:623:21:632 | ... > ... |
+| UseUseExplosion.rb:21:623:21:627 | [post] self | UseUseExplosion.rb:21:644:21:648 | self |
+| UseUseExplosion.rb:21:623:21:627 | [post] self | UseUseExplosion.rb:21:3227:21:3232 | self |
+| UseUseExplosion.rb:21:623:21:627 | self | UseUseExplosion.rb:21:644:21:648 | self |
+| UseUseExplosion.rb:21:623:21:627 | self | UseUseExplosion.rb:21:3227:21:3232 | self |
+| UseUseExplosion.rb:21:623:21:632 | ... > ... | UseUseExplosion.rb:21:622:21:633 | [false] ( ... ) |
+| UseUseExplosion.rb:21:623:21:632 | ... > ... | UseUseExplosion.rb:21:622:21:633 | [true] ( ... ) |
+| UseUseExplosion.rb:21:631:21:632 | 71 | UseUseExplosion.rb:21:623:21:632 | ... > ... |
+| UseUseExplosion.rb:21:635:21:3220 | then ... | UseUseExplosion.rb:21:619:21:3236 | if ... |
+| UseUseExplosion.rb:21:640:21:3220 | if ... | UseUseExplosion.rb:21:635:21:3220 | then ... |
+| UseUseExplosion.rb:21:644:21:648 | @prop | UseUseExplosion.rb:21:644:21:653 | ... > ... |
+| UseUseExplosion.rb:21:644:21:648 | [post] self | UseUseExplosion.rb:21:665:21:669 | self |
+| UseUseExplosion.rb:21:644:21:648 | [post] self | UseUseExplosion.rb:21:3211:21:3216 | self |
+| UseUseExplosion.rb:21:644:21:648 | self | UseUseExplosion.rb:21:665:21:669 | self |
+| UseUseExplosion.rb:21:644:21:648 | self | UseUseExplosion.rb:21:3211:21:3216 | self |
+| UseUseExplosion.rb:21:644:21:653 | ... > ... | UseUseExplosion.rb:21:643:21:654 | [false] ( ... ) |
+| UseUseExplosion.rb:21:644:21:653 | ... > ... | UseUseExplosion.rb:21:643:21:654 | [true] ( ... ) |
+| UseUseExplosion.rb:21:652:21:653 | 70 | UseUseExplosion.rb:21:644:21:653 | ... > ... |
+| UseUseExplosion.rb:21:656:21:3204 | then ... | UseUseExplosion.rb:21:640:21:3220 | if ... |
+| UseUseExplosion.rb:21:661:21:3204 | if ... | UseUseExplosion.rb:21:656:21:3204 | then ... |
+| UseUseExplosion.rb:21:665:21:669 | @prop | UseUseExplosion.rb:21:665:21:674 | ... > ... |
+| UseUseExplosion.rb:21:665:21:669 | [post] self | UseUseExplosion.rb:21:686:21:690 | self |
+| UseUseExplosion.rb:21:665:21:669 | [post] self | UseUseExplosion.rb:21:3195:21:3200 | self |
+| UseUseExplosion.rb:21:665:21:669 | self | UseUseExplosion.rb:21:686:21:690 | self |
+| UseUseExplosion.rb:21:665:21:669 | self | UseUseExplosion.rb:21:3195:21:3200 | self |
+| UseUseExplosion.rb:21:665:21:674 | ... > ... | UseUseExplosion.rb:21:664:21:675 | [false] ( ... ) |
+| UseUseExplosion.rb:21:665:21:674 | ... > ... | UseUseExplosion.rb:21:664:21:675 | [true] ( ... ) |
+| UseUseExplosion.rb:21:673:21:674 | 69 | UseUseExplosion.rb:21:665:21:674 | ... > ... |
+| UseUseExplosion.rb:21:677:21:3188 | then ... | UseUseExplosion.rb:21:661:21:3204 | if ... |
+| UseUseExplosion.rb:21:682:21:3188 | if ... | UseUseExplosion.rb:21:677:21:3188 | then ... |
+| UseUseExplosion.rb:21:686:21:690 | @prop | UseUseExplosion.rb:21:686:21:695 | ... > ... |
+| UseUseExplosion.rb:21:686:21:690 | [post] self | UseUseExplosion.rb:21:707:21:711 | self |
+| UseUseExplosion.rb:21:686:21:690 | [post] self | UseUseExplosion.rb:21:3179:21:3184 | self |
+| UseUseExplosion.rb:21:686:21:690 | self | UseUseExplosion.rb:21:707:21:711 | self |
+| UseUseExplosion.rb:21:686:21:690 | self | UseUseExplosion.rb:21:3179:21:3184 | self |
+| UseUseExplosion.rb:21:686:21:695 | ... > ... | UseUseExplosion.rb:21:685:21:696 | [false] ( ... ) |
+| UseUseExplosion.rb:21:686:21:695 | ... > ... | UseUseExplosion.rb:21:685:21:696 | [true] ( ... ) |
+| UseUseExplosion.rb:21:694:21:695 | 68 | UseUseExplosion.rb:21:686:21:695 | ... > ... |
+| UseUseExplosion.rb:21:698:21:3172 | then ... | UseUseExplosion.rb:21:682:21:3188 | if ... |
+| UseUseExplosion.rb:21:703:21:3172 | if ... | UseUseExplosion.rb:21:698:21:3172 | then ... |
+| UseUseExplosion.rb:21:707:21:711 | @prop | UseUseExplosion.rb:21:707:21:716 | ... > ... |
+| UseUseExplosion.rb:21:707:21:711 | [post] self | UseUseExplosion.rb:21:728:21:732 | self |
+| UseUseExplosion.rb:21:707:21:711 | [post] self | UseUseExplosion.rb:21:3163:21:3168 | self |
+| UseUseExplosion.rb:21:707:21:711 | self | UseUseExplosion.rb:21:728:21:732 | self |
+| UseUseExplosion.rb:21:707:21:711 | self | UseUseExplosion.rb:21:3163:21:3168 | self |
+| UseUseExplosion.rb:21:707:21:716 | ... > ... | UseUseExplosion.rb:21:706:21:717 | [false] ( ... ) |
+| UseUseExplosion.rb:21:707:21:716 | ... > ... | UseUseExplosion.rb:21:706:21:717 | [true] ( ... ) |
+| UseUseExplosion.rb:21:715:21:716 | 67 | UseUseExplosion.rb:21:707:21:716 | ... > ... |
+| UseUseExplosion.rb:21:719:21:3156 | then ... | UseUseExplosion.rb:21:703:21:3172 | if ... |
+| UseUseExplosion.rb:21:724:21:3156 | if ... | UseUseExplosion.rb:21:719:21:3156 | then ... |
+| UseUseExplosion.rb:21:728:21:732 | @prop | UseUseExplosion.rb:21:728:21:737 | ... > ... |
+| UseUseExplosion.rb:21:728:21:732 | [post] self | UseUseExplosion.rb:21:749:21:753 | self |
+| UseUseExplosion.rb:21:728:21:732 | [post] self | UseUseExplosion.rb:21:3147:21:3152 | self |
+| UseUseExplosion.rb:21:728:21:732 | self | UseUseExplosion.rb:21:749:21:753 | self |
+| UseUseExplosion.rb:21:728:21:732 | self | UseUseExplosion.rb:21:3147:21:3152 | self |
+| UseUseExplosion.rb:21:728:21:737 | ... > ... | UseUseExplosion.rb:21:727:21:738 | [false] ( ... ) |
+| UseUseExplosion.rb:21:728:21:737 | ... > ... | UseUseExplosion.rb:21:727:21:738 | [true] ( ... ) |
+| UseUseExplosion.rb:21:736:21:737 | 66 | UseUseExplosion.rb:21:728:21:737 | ... > ... |
+| UseUseExplosion.rb:21:740:21:3140 | then ... | UseUseExplosion.rb:21:724:21:3156 | if ... |
+| UseUseExplosion.rb:21:745:21:3140 | if ... | UseUseExplosion.rb:21:740:21:3140 | then ... |
+| UseUseExplosion.rb:21:749:21:753 | @prop | UseUseExplosion.rb:21:749:21:758 | ... > ... |
+| UseUseExplosion.rb:21:749:21:753 | [post] self | UseUseExplosion.rb:21:770:21:774 | self |
+| UseUseExplosion.rb:21:749:21:753 | [post] self | UseUseExplosion.rb:21:3131:21:3136 | self |
+| UseUseExplosion.rb:21:749:21:753 | self | UseUseExplosion.rb:21:770:21:774 | self |
+| UseUseExplosion.rb:21:749:21:753 | self | UseUseExplosion.rb:21:3131:21:3136 | self |
+| UseUseExplosion.rb:21:749:21:758 | ... > ... | UseUseExplosion.rb:21:748:21:759 | [false] ( ... ) |
+| UseUseExplosion.rb:21:749:21:758 | ... > ... | UseUseExplosion.rb:21:748:21:759 | [true] ( ... ) |
+| UseUseExplosion.rb:21:757:21:758 | 65 | UseUseExplosion.rb:21:749:21:758 | ... > ... |
+| UseUseExplosion.rb:21:761:21:3124 | then ... | UseUseExplosion.rb:21:745:21:3140 | if ... |
+| UseUseExplosion.rb:21:766:21:3124 | if ... | UseUseExplosion.rb:21:761:21:3124 | then ... |
+| UseUseExplosion.rb:21:770:21:774 | @prop | UseUseExplosion.rb:21:770:21:779 | ... > ... |
+| UseUseExplosion.rb:21:770:21:774 | [post] self | UseUseExplosion.rb:21:791:21:795 | self |
+| UseUseExplosion.rb:21:770:21:774 | [post] self | UseUseExplosion.rb:21:3115:21:3120 | self |
+| UseUseExplosion.rb:21:770:21:774 | self | UseUseExplosion.rb:21:791:21:795 | self |
+| UseUseExplosion.rb:21:770:21:774 | self | UseUseExplosion.rb:21:3115:21:3120 | self |
+| UseUseExplosion.rb:21:770:21:779 | ... > ... | UseUseExplosion.rb:21:769:21:780 | [false] ( ... ) |
+| UseUseExplosion.rb:21:770:21:779 | ... > ... | UseUseExplosion.rb:21:769:21:780 | [true] ( ... ) |
+| UseUseExplosion.rb:21:778:21:779 | 64 | UseUseExplosion.rb:21:770:21:779 | ... > ... |
+| UseUseExplosion.rb:21:782:21:3108 | then ... | UseUseExplosion.rb:21:766:21:3124 | if ... |
+| UseUseExplosion.rb:21:787:21:3108 | if ... | UseUseExplosion.rb:21:782:21:3108 | then ... |
+| UseUseExplosion.rb:21:791:21:795 | @prop | UseUseExplosion.rb:21:791:21:800 | ... > ... |
+| UseUseExplosion.rb:21:791:21:795 | [post] self | UseUseExplosion.rb:21:812:21:816 | self |
+| UseUseExplosion.rb:21:791:21:795 | [post] self | UseUseExplosion.rb:21:3099:21:3104 | self |
+| UseUseExplosion.rb:21:791:21:795 | self | UseUseExplosion.rb:21:812:21:816 | self |
+| UseUseExplosion.rb:21:791:21:795 | self | UseUseExplosion.rb:21:3099:21:3104 | self |
+| UseUseExplosion.rb:21:791:21:800 | ... > ... | UseUseExplosion.rb:21:790:21:801 | [false] ( ... ) |
+| UseUseExplosion.rb:21:791:21:800 | ... > ... | UseUseExplosion.rb:21:790:21:801 | [true] ( ... ) |
+| UseUseExplosion.rb:21:799:21:800 | 63 | UseUseExplosion.rb:21:791:21:800 | ... > ... |
+| UseUseExplosion.rb:21:803:21:3092 | then ... | UseUseExplosion.rb:21:787:21:3108 | if ... |
+| UseUseExplosion.rb:21:808:21:3092 | if ... | UseUseExplosion.rb:21:803:21:3092 | then ... |
+| UseUseExplosion.rb:21:812:21:816 | @prop | UseUseExplosion.rb:21:812:21:821 | ... > ... |
+| UseUseExplosion.rb:21:812:21:816 | [post] self | UseUseExplosion.rb:21:833:21:837 | self |
+| UseUseExplosion.rb:21:812:21:816 | [post] self | UseUseExplosion.rb:21:3083:21:3088 | self |
+| UseUseExplosion.rb:21:812:21:816 | self | UseUseExplosion.rb:21:833:21:837 | self |
+| UseUseExplosion.rb:21:812:21:816 | self | UseUseExplosion.rb:21:3083:21:3088 | self |
+| UseUseExplosion.rb:21:812:21:821 | ... > ... | UseUseExplosion.rb:21:811:21:822 | [false] ( ... ) |
+| UseUseExplosion.rb:21:812:21:821 | ... > ... | UseUseExplosion.rb:21:811:21:822 | [true] ( ... ) |
+| UseUseExplosion.rb:21:820:21:821 | 62 | UseUseExplosion.rb:21:812:21:821 | ... > ... |
+| UseUseExplosion.rb:21:824:21:3076 | then ... | UseUseExplosion.rb:21:808:21:3092 | if ... |
+| UseUseExplosion.rb:21:829:21:3076 | if ... | UseUseExplosion.rb:21:824:21:3076 | then ... |
+| UseUseExplosion.rb:21:833:21:837 | @prop | UseUseExplosion.rb:21:833:21:842 | ... > ... |
+| UseUseExplosion.rb:21:833:21:837 | [post] self | UseUseExplosion.rb:21:854:21:858 | self |
+| UseUseExplosion.rb:21:833:21:837 | [post] self | UseUseExplosion.rb:21:3067:21:3072 | self |
+| UseUseExplosion.rb:21:833:21:837 | self | UseUseExplosion.rb:21:854:21:858 | self |
+| UseUseExplosion.rb:21:833:21:837 | self | UseUseExplosion.rb:21:3067:21:3072 | self |
+| UseUseExplosion.rb:21:833:21:842 | ... > ... | UseUseExplosion.rb:21:832:21:843 | [false] ( ... ) |
+| UseUseExplosion.rb:21:833:21:842 | ... > ... | UseUseExplosion.rb:21:832:21:843 | [true] ( ... ) |
+| UseUseExplosion.rb:21:841:21:842 | 61 | UseUseExplosion.rb:21:833:21:842 | ... > ... |
+| UseUseExplosion.rb:21:845:21:3060 | then ... | UseUseExplosion.rb:21:829:21:3076 | if ... |
+| UseUseExplosion.rb:21:850:21:3060 | if ... | UseUseExplosion.rb:21:845:21:3060 | then ... |
+| UseUseExplosion.rb:21:854:21:858 | @prop | UseUseExplosion.rb:21:854:21:863 | ... > ... |
+| UseUseExplosion.rb:21:854:21:858 | [post] self | UseUseExplosion.rb:21:875:21:879 | self |
+| UseUseExplosion.rb:21:854:21:858 | [post] self | UseUseExplosion.rb:21:3051:21:3056 | self |
+| UseUseExplosion.rb:21:854:21:858 | self | UseUseExplosion.rb:21:875:21:879 | self |
+| UseUseExplosion.rb:21:854:21:858 | self | UseUseExplosion.rb:21:3051:21:3056 | self |
+| UseUseExplosion.rb:21:854:21:863 | ... > ... | UseUseExplosion.rb:21:853:21:864 | [false] ( ... ) |
+| UseUseExplosion.rb:21:854:21:863 | ... > ... | UseUseExplosion.rb:21:853:21:864 | [true] ( ... ) |
+| UseUseExplosion.rb:21:862:21:863 | 60 | UseUseExplosion.rb:21:854:21:863 | ... > ... |
+| UseUseExplosion.rb:21:866:21:3044 | then ... | UseUseExplosion.rb:21:850:21:3060 | if ... |
+| UseUseExplosion.rb:21:871:21:3044 | if ... | UseUseExplosion.rb:21:866:21:3044 | then ... |
+| UseUseExplosion.rb:21:875:21:879 | @prop | UseUseExplosion.rb:21:875:21:884 | ... > ... |
+| UseUseExplosion.rb:21:875:21:879 | [post] self | UseUseExplosion.rb:21:896:21:900 | self |
+| UseUseExplosion.rb:21:875:21:879 | [post] self | UseUseExplosion.rb:21:3035:21:3040 | self |
+| UseUseExplosion.rb:21:875:21:879 | self | UseUseExplosion.rb:21:896:21:900 | self |
+| UseUseExplosion.rb:21:875:21:879 | self | UseUseExplosion.rb:21:3035:21:3040 | self |
+| UseUseExplosion.rb:21:875:21:884 | ... > ... | UseUseExplosion.rb:21:874:21:885 | [false] ( ... ) |
+| UseUseExplosion.rb:21:875:21:884 | ... > ... | UseUseExplosion.rb:21:874:21:885 | [true] ( ... ) |
+| UseUseExplosion.rb:21:883:21:884 | 59 | UseUseExplosion.rb:21:875:21:884 | ... > ... |
+| UseUseExplosion.rb:21:887:21:3028 | then ... | UseUseExplosion.rb:21:871:21:3044 | if ... |
+| UseUseExplosion.rb:21:892:21:3028 | if ... | UseUseExplosion.rb:21:887:21:3028 | then ... |
+| UseUseExplosion.rb:21:896:21:900 | @prop | UseUseExplosion.rb:21:896:21:905 | ... > ... |
+| UseUseExplosion.rb:21:896:21:900 | [post] self | UseUseExplosion.rb:21:917:21:921 | self |
+| UseUseExplosion.rb:21:896:21:900 | [post] self | UseUseExplosion.rb:21:3019:21:3024 | self |
+| UseUseExplosion.rb:21:896:21:900 | self | UseUseExplosion.rb:21:917:21:921 | self |
+| UseUseExplosion.rb:21:896:21:900 | self | UseUseExplosion.rb:21:3019:21:3024 | self |
+| UseUseExplosion.rb:21:896:21:905 | ... > ... | UseUseExplosion.rb:21:895:21:906 | [false] ( ... ) |
+| UseUseExplosion.rb:21:896:21:905 | ... > ... | UseUseExplosion.rb:21:895:21:906 | [true] ( ... ) |
+| UseUseExplosion.rb:21:904:21:905 | 58 | UseUseExplosion.rb:21:896:21:905 | ... > ... |
+| UseUseExplosion.rb:21:908:21:3012 | then ... | UseUseExplosion.rb:21:892:21:3028 | if ... |
+| UseUseExplosion.rb:21:913:21:3012 | if ... | UseUseExplosion.rb:21:908:21:3012 | then ... |
+| UseUseExplosion.rb:21:917:21:921 | @prop | UseUseExplosion.rb:21:917:21:926 | ... > ... |
+| UseUseExplosion.rb:21:917:21:921 | [post] self | UseUseExplosion.rb:21:938:21:942 | self |
+| UseUseExplosion.rb:21:917:21:921 | [post] self | UseUseExplosion.rb:21:3003:21:3008 | self |
+| UseUseExplosion.rb:21:917:21:921 | self | UseUseExplosion.rb:21:938:21:942 | self |
+| UseUseExplosion.rb:21:917:21:921 | self | UseUseExplosion.rb:21:3003:21:3008 | self |
+| UseUseExplosion.rb:21:917:21:926 | ... > ... | UseUseExplosion.rb:21:916:21:927 | [false] ( ... ) |
+| UseUseExplosion.rb:21:917:21:926 | ... > ... | UseUseExplosion.rb:21:916:21:927 | [true] ( ... ) |
+| UseUseExplosion.rb:21:925:21:926 | 57 | UseUseExplosion.rb:21:917:21:926 | ... > ... |
+| UseUseExplosion.rb:21:929:21:2996 | then ... | UseUseExplosion.rb:21:913:21:3012 | if ... |
+| UseUseExplosion.rb:21:934:21:2996 | if ... | UseUseExplosion.rb:21:929:21:2996 | then ... |
+| UseUseExplosion.rb:21:938:21:942 | @prop | UseUseExplosion.rb:21:938:21:947 | ... > ... |
+| UseUseExplosion.rb:21:938:21:942 | [post] self | UseUseExplosion.rb:21:959:21:963 | self |
+| UseUseExplosion.rb:21:938:21:942 | [post] self | UseUseExplosion.rb:21:2987:21:2992 | self |
+| UseUseExplosion.rb:21:938:21:942 | self | UseUseExplosion.rb:21:959:21:963 | self |
+| UseUseExplosion.rb:21:938:21:942 | self | UseUseExplosion.rb:21:2987:21:2992 | self |
+| UseUseExplosion.rb:21:938:21:947 | ... > ... | UseUseExplosion.rb:21:937:21:948 | [false] ( ... ) |
+| UseUseExplosion.rb:21:938:21:947 | ... > ... | UseUseExplosion.rb:21:937:21:948 | [true] ( ... ) |
+| UseUseExplosion.rb:21:946:21:947 | 56 | UseUseExplosion.rb:21:938:21:947 | ... > ... |
+| UseUseExplosion.rb:21:950:21:2980 | then ... | UseUseExplosion.rb:21:934:21:2996 | if ... |
+| UseUseExplosion.rb:21:955:21:2980 | if ... | UseUseExplosion.rb:21:950:21:2980 | then ... |
+| UseUseExplosion.rb:21:959:21:963 | @prop | UseUseExplosion.rb:21:959:21:968 | ... > ... |
+| UseUseExplosion.rb:21:959:21:963 | [post] self | UseUseExplosion.rb:21:980:21:984 | self |
+| UseUseExplosion.rb:21:959:21:963 | [post] self | UseUseExplosion.rb:21:2971:21:2976 | self |
+| UseUseExplosion.rb:21:959:21:963 | self | UseUseExplosion.rb:21:980:21:984 | self |
+| UseUseExplosion.rb:21:959:21:963 | self | UseUseExplosion.rb:21:2971:21:2976 | self |
+| UseUseExplosion.rb:21:959:21:968 | ... > ... | UseUseExplosion.rb:21:958:21:969 | [false] ( ... ) |
+| UseUseExplosion.rb:21:959:21:968 | ... > ... | UseUseExplosion.rb:21:958:21:969 | [true] ( ... ) |
+| UseUseExplosion.rb:21:967:21:968 | 55 | UseUseExplosion.rb:21:959:21:968 | ... > ... |
+| UseUseExplosion.rb:21:971:21:2964 | then ... | UseUseExplosion.rb:21:955:21:2980 | if ... |
+| UseUseExplosion.rb:21:976:21:2964 | if ... | UseUseExplosion.rb:21:971:21:2964 | then ... |
+| UseUseExplosion.rb:21:980:21:984 | @prop | UseUseExplosion.rb:21:980:21:989 | ... > ... |
+| UseUseExplosion.rb:21:980:21:984 | [post] self | UseUseExplosion.rb:21:1001:21:1005 | self |
+| UseUseExplosion.rb:21:980:21:984 | [post] self | UseUseExplosion.rb:21:2955:21:2960 | self |
+| UseUseExplosion.rb:21:980:21:984 | self | UseUseExplosion.rb:21:1001:21:1005 | self |
+| UseUseExplosion.rb:21:980:21:984 | self | UseUseExplosion.rb:21:2955:21:2960 | self |
+| UseUseExplosion.rb:21:980:21:989 | ... > ... | UseUseExplosion.rb:21:979:21:990 | [false] ( ... ) |
+| UseUseExplosion.rb:21:980:21:989 | ... > ... | UseUseExplosion.rb:21:979:21:990 | [true] ( ... ) |
+| UseUseExplosion.rb:21:988:21:989 | 54 | UseUseExplosion.rb:21:980:21:989 | ... > ... |
+| UseUseExplosion.rb:21:992:21:2948 | then ... | UseUseExplosion.rb:21:976:21:2964 | if ... |
+| UseUseExplosion.rb:21:997:21:2948 | if ... | UseUseExplosion.rb:21:992:21:2948 | then ... |
+| UseUseExplosion.rb:21:1001:21:1005 | @prop | UseUseExplosion.rb:21:1001:21:1010 | ... > ... |
+| UseUseExplosion.rb:21:1001:21:1005 | [post] self | UseUseExplosion.rb:21:1022:21:1026 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | [post] self | UseUseExplosion.rb:21:2939:21:2944 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | self | UseUseExplosion.rb:21:1022:21:1026 | self |
+| UseUseExplosion.rb:21:1001:21:1005 | self | UseUseExplosion.rb:21:2939:21:2944 | self |
+| UseUseExplosion.rb:21:1001:21:1010 | ... > ... | UseUseExplosion.rb:21:1000:21:1011 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1001:21:1010 | ... > ... | UseUseExplosion.rb:21:1000:21:1011 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1009:21:1010 | 53 | UseUseExplosion.rb:21:1001:21:1010 | ... > ... |
+| UseUseExplosion.rb:21:1013:21:2932 | then ... | UseUseExplosion.rb:21:997:21:2948 | if ... |
+| UseUseExplosion.rb:21:1018:21:2932 | if ... | UseUseExplosion.rb:21:1013:21:2932 | then ... |
+| UseUseExplosion.rb:21:1022:21:1026 | @prop | UseUseExplosion.rb:21:1022:21:1031 | ... > ... |
+| UseUseExplosion.rb:21:1022:21:1026 | [post] self | UseUseExplosion.rb:21:1043:21:1047 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | [post] self | UseUseExplosion.rb:21:2923:21:2928 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | self | UseUseExplosion.rb:21:1043:21:1047 | self |
+| UseUseExplosion.rb:21:1022:21:1026 | self | UseUseExplosion.rb:21:2923:21:2928 | self |
+| UseUseExplosion.rb:21:1022:21:1031 | ... > ... | UseUseExplosion.rb:21:1021:21:1032 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1022:21:1031 | ... > ... | UseUseExplosion.rb:21:1021:21:1032 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1030:21:1031 | 52 | UseUseExplosion.rb:21:1022:21:1031 | ... > ... |
+| UseUseExplosion.rb:21:1034:21:2916 | then ... | UseUseExplosion.rb:21:1018:21:2932 | if ... |
+| UseUseExplosion.rb:21:1039:21:2916 | if ... | UseUseExplosion.rb:21:1034:21:2916 | then ... |
+| UseUseExplosion.rb:21:1043:21:1047 | @prop | UseUseExplosion.rb:21:1043:21:1052 | ... > ... |
+| UseUseExplosion.rb:21:1043:21:1047 | [post] self | UseUseExplosion.rb:21:1064:21:1068 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | [post] self | UseUseExplosion.rb:21:2907:21:2912 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | self | UseUseExplosion.rb:21:1064:21:1068 | self |
+| UseUseExplosion.rb:21:1043:21:1047 | self | UseUseExplosion.rb:21:2907:21:2912 | self |
+| UseUseExplosion.rb:21:1043:21:1052 | ... > ... | UseUseExplosion.rb:21:1042:21:1053 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1043:21:1052 | ... > ... | UseUseExplosion.rb:21:1042:21:1053 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1051:21:1052 | 51 | UseUseExplosion.rb:21:1043:21:1052 | ... > ... |
+| UseUseExplosion.rb:21:1055:21:2900 | then ... | UseUseExplosion.rb:21:1039:21:2916 | if ... |
+| UseUseExplosion.rb:21:1060:21:2900 | if ... | UseUseExplosion.rb:21:1055:21:2900 | then ... |
+| UseUseExplosion.rb:21:1064:21:1068 | @prop | UseUseExplosion.rb:21:1064:21:1073 | ... > ... |
+| UseUseExplosion.rb:21:1064:21:1068 | [post] self | UseUseExplosion.rb:21:1085:21:1089 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | [post] self | UseUseExplosion.rb:21:2891:21:2896 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | self | UseUseExplosion.rb:21:1085:21:1089 | self |
+| UseUseExplosion.rb:21:1064:21:1068 | self | UseUseExplosion.rb:21:2891:21:2896 | self |
+| UseUseExplosion.rb:21:1064:21:1073 | ... > ... | UseUseExplosion.rb:21:1063:21:1074 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1064:21:1073 | ... > ... | UseUseExplosion.rb:21:1063:21:1074 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1072:21:1073 | 50 | UseUseExplosion.rb:21:1064:21:1073 | ... > ... |
+| UseUseExplosion.rb:21:1076:21:2884 | then ... | UseUseExplosion.rb:21:1060:21:2900 | if ... |
+| UseUseExplosion.rb:21:1081:21:2884 | if ... | UseUseExplosion.rb:21:1076:21:2884 | then ... |
+| UseUseExplosion.rb:21:1085:21:1089 | @prop | UseUseExplosion.rb:21:1085:21:1094 | ... > ... |
+| UseUseExplosion.rb:21:1085:21:1089 | [post] self | UseUseExplosion.rb:21:1106:21:1110 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | [post] self | UseUseExplosion.rb:21:2875:21:2880 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | self | UseUseExplosion.rb:21:1106:21:1110 | self |
+| UseUseExplosion.rb:21:1085:21:1089 | self | UseUseExplosion.rb:21:2875:21:2880 | self |
+| UseUseExplosion.rb:21:1085:21:1094 | ... > ... | UseUseExplosion.rb:21:1084:21:1095 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1085:21:1094 | ... > ... | UseUseExplosion.rb:21:1084:21:1095 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1093:21:1094 | 49 | UseUseExplosion.rb:21:1085:21:1094 | ... > ... |
+| UseUseExplosion.rb:21:1097:21:2868 | then ... | UseUseExplosion.rb:21:1081:21:2884 | if ... |
+| UseUseExplosion.rb:21:1102:21:2868 | if ... | UseUseExplosion.rb:21:1097:21:2868 | then ... |
+| UseUseExplosion.rb:21:1106:21:1110 | @prop | UseUseExplosion.rb:21:1106:21:1115 | ... > ... |
+| UseUseExplosion.rb:21:1106:21:1110 | [post] self | UseUseExplosion.rb:21:1127:21:1131 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | [post] self | UseUseExplosion.rb:21:2859:21:2864 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | self | UseUseExplosion.rb:21:1127:21:1131 | self |
+| UseUseExplosion.rb:21:1106:21:1110 | self | UseUseExplosion.rb:21:2859:21:2864 | self |
+| UseUseExplosion.rb:21:1106:21:1115 | ... > ... | UseUseExplosion.rb:21:1105:21:1116 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1106:21:1115 | ... > ... | UseUseExplosion.rb:21:1105:21:1116 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1114:21:1115 | 48 | UseUseExplosion.rb:21:1106:21:1115 | ... > ... |
+| UseUseExplosion.rb:21:1118:21:2852 | then ... | UseUseExplosion.rb:21:1102:21:2868 | if ... |
+| UseUseExplosion.rb:21:1123:21:2852 | if ... | UseUseExplosion.rb:21:1118:21:2852 | then ... |
+| UseUseExplosion.rb:21:1127:21:1131 | @prop | UseUseExplosion.rb:21:1127:21:1136 | ... > ... |
+| UseUseExplosion.rb:21:1127:21:1131 | [post] self | UseUseExplosion.rb:21:1148:21:1152 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | [post] self | UseUseExplosion.rb:21:2843:21:2848 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | self | UseUseExplosion.rb:21:1148:21:1152 | self |
+| UseUseExplosion.rb:21:1127:21:1131 | self | UseUseExplosion.rb:21:2843:21:2848 | self |
+| UseUseExplosion.rb:21:1127:21:1136 | ... > ... | UseUseExplosion.rb:21:1126:21:1137 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1127:21:1136 | ... > ... | UseUseExplosion.rb:21:1126:21:1137 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1135:21:1136 | 47 | UseUseExplosion.rb:21:1127:21:1136 | ... > ... |
+| UseUseExplosion.rb:21:1139:21:2836 | then ... | UseUseExplosion.rb:21:1123:21:2852 | if ... |
+| UseUseExplosion.rb:21:1144:21:2836 | if ... | UseUseExplosion.rb:21:1139:21:2836 | then ... |
+| UseUseExplosion.rb:21:1148:21:1152 | @prop | UseUseExplosion.rb:21:1148:21:1157 | ... > ... |
+| UseUseExplosion.rb:21:1148:21:1152 | [post] self | UseUseExplosion.rb:21:1169:21:1173 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | [post] self | UseUseExplosion.rb:21:2827:21:2832 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | self | UseUseExplosion.rb:21:1169:21:1173 | self |
+| UseUseExplosion.rb:21:1148:21:1152 | self | UseUseExplosion.rb:21:2827:21:2832 | self |
+| UseUseExplosion.rb:21:1148:21:1157 | ... > ... | UseUseExplosion.rb:21:1147:21:1158 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1148:21:1157 | ... > ... | UseUseExplosion.rb:21:1147:21:1158 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1156:21:1157 | 46 | UseUseExplosion.rb:21:1148:21:1157 | ... > ... |
+| UseUseExplosion.rb:21:1160:21:2820 | then ... | UseUseExplosion.rb:21:1144:21:2836 | if ... |
+| UseUseExplosion.rb:21:1165:21:2820 | if ... | UseUseExplosion.rb:21:1160:21:2820 | then ... |
+| UseUseExplosion.rb:21:1169:21:1173 | @prop | UseUseExplosion.rb:21:1169:21:1178 | ... > ... |
+| UseUseExplosion.rb:21:1169:21:1173 | [post] self | UseUseExplosion.rb:21:1190:21:1194 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | [post] self | UseUseExplosion.rb:21:2811:21:2816 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | self | UseUseExplosion.rb:21:1190:21:1194 | self |
+| UseUseExplosion.rb:21:1169:21:1173 | self | UseUseExplosion.rb:21:2811:21:2816 | self |
+| UseUseExplosion.rb:21:1169:21:1178 | ... > ... | UseUseExplosion.rb:21:1168:21:1179 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1169:21:1178 | ... > ... | UseUseExplosion.rb:21:1168:21:1179 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1177:21:1178 | 45 | UseUseExplosion.rb:21:1169:21:1178 | ... > ... |
+| UseUseExplosion.rb:21:1181:21:2804 | then ... | UseUseExplosion.rb:21:1165:21:2820 | if ... |
+| UseUseExplosion.rb:21:1186:21:2804 | if ... | UseUseExplosion.rb:21:1181:21:2804 | then ... |
+| UseUseExplosion.rb:21:1190:21:1194 | @prop | UseUseExplosion.rb:21:1190:21:1199 | ... > ... |
+| UseUseExplosion.rb:21:1190:21:1194 | [post] self | UseUseExplosion.rb:21:1211:21:1215 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | [post] self | UseUseExplosion.rb:21:2795:21:2800 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | self | UseUseExplosion.rb:21:1211:21:1215 | self |
+| UseUseExplosion.rb:21:1190:21:1194 | self | UseUseExplosion.rb:21:2795:21:2800 | self |
+| UseUseExplosion.rb:21:1190:21:1199 | ... > ... | UseUseExplosion.rb:21:1189:21:1200 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1190:21:1199 | ... > ... | UseUseExplosion.rb:21:1189:21:1200 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1198:21:1199 | 44 | UseUseExplosion.rb:21:1190:21:1199 | ... > ... |
+| UseUseExplosion.rb:21:1202:21:2788 | then ... | UseUseExplosion.rb:21:1186:21:2804 | if ... |
+| UseUseExplosion.rb:21:1207:21:2788 | if ... | UseUseExplosion.rb:21:1202:21:2788 | then ... |
+| UseUseExplosion.rb:21:1211:21:1215 | @prop | UseUseExplosion.rb:21:1211:21:1220 | ... > ... |
+| UseUseExplosion.rb:21:1211:21:1215 | [post] self | UseUseExplosion.rb:21:1232:21:1236 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | [post] self | UseUseExplosion.rb:21:2779:21:2784 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | self | UseUseExplosion.rb:21:1232:21:1236 | self |
+| UseUseExplosion.rb:21:1211:21:1215 | self | UseUseExplosion.rb:21:2779:21:2784 | self |
+| UseUseExplosion.rb:21:1211:21:1220 | ... > ... | UseUseExplosion.rb:21:1210:21:1221 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1211:21:1220 | ... > ... | UseUseExplosion.rb:21:1210:21:1221 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1219:21:1220 | 43 | UseUseExplosion.rb:21:1211:21:1220 | ... > ... |
+| UseUseExplosion.rb:21:1223:21:2772 | then ... | UseUseExplosion.rb:21:1207:21:2788 | if ... |
+| UseUseExplosion.rb:21:1228:21:2772 | if ... | UseUseExplosion.rb:21:1223:21:2772 | then ... |
+| UseUseExplosion.rb:21:1232:21:1236 | @prop | UseUseExplosion.rb:21:1232:21:1241 | ... > ... |
+| UseUseExplosion.rb:21:1232:21:1236 | [post] self | UseUseExplosion.rb:21:1253:21:1257 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | [post] self | UseUseExplosion.rb:21:2763:21:2768 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | self | UseUseExplosion.rb:21:1253:21:1257 | self |
+| UseUseExplosion.rb:21:1232:21:1236 | self | UseUseExplosion.rb:21:2763:21:2768 | self |
+| UseUseExplosion.rb:21:1232:21:1241 | ... > ... | UseUseExplosion.rb:21:1231:21:1242 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1232:21:1241 | ... > ... | UseUseExplosion.rb:21:1231:21:1242 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1240:21:1241 | 42 | UseUseExplosion.rb:21:1232:21:1241 | ... > ... |
+| UseUseExplosion.rb:21:1244:21:2756 | then ... | UseUseExplosion.rb:21:1228:21:2772 | if ... |
+| UseUseExplosion.rb:21:1249:21:2756 | if ... | UseUseExplosion.rb:21:1244:21:2756 | then ... |
+| UseUseExplosion.rb:21:1253:21:1257 | @prop | UseUseExplosion.rb:21:1253:21:1262 | ... > ... |
+| UseUseExplosion.rb:21:1253:21:1257 | [post] self | UseUseExplosion.rb:21:1274:21:1278 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | [post] self | UseUseExplosion.rb:21:2747:21:2752 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | self | UseUseExplosion.rb:21:1274:21:1278 | self |
+| UseUseExplosion.rb:21:1253:21:1257 | self | UseUseExplosion.rb:21:2747:21:2752 | self |
+| UseUseExplosion.rb:21:1253:21:1262 | ... > ... | UseUseExplosion.rb:21:1252:21:1263 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1253:21:1262 | ... > ... | UseUseExplosion.rb:21:1252:21:1263 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1261:21:1262 | 41 | UseUseExplosion.rb:21:1253:21:1262 | ... > ... |
+| UseUseExplosion.rb:21:1265:21:2740 | then ... | UseUseExplosion.rb:21:1249:21:2756 | if ... |
+| UseUseExplosion.rb:21:1270:21:2740 | if ... | UseUseExplosion.rb:21:1265:21:2740 | then ... |
+| UseUseExplosion.rb:21:1274:21:1278 | @prop | UseUseExplosion.rb:21:1274:21:1283 | ... > ... |
+| UseUseExplosion.rb:21:1274:21:1278 | [post] self | UseUseExplosion.rb:21:1295:21:1299 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | [post] self | UseUseExplosion.rb:21:2731:21:2736 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | self | UseUseExplosion.rb:21:1295:21:1299 | self |
+| UseUseExplosion.rb:21:1274:21:1278 | self | UseUseExplosion.rb:21:2731:21:2736 | self |
+| UseUseExplosion.rb:21:1274:21:1283 | ... > ... | UseUseExplosion.rb:21:1273:21:1284 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1274:21:1283 | ... > ... | UseUseExplosion.rb:21:1273:21:1284 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1282:21:1283 | 40 | UseUseExplosion.rb:21:1274:21:1283 | ... > ... |
+| UseUseExplosion.rb:21:1286:21:2724 | then ... | UseUseExplosion.rb:21:1270:21:2740 | if ... |
+| UseUseExplosion.rb:21:1291:21:2724 | if ... | UseUseExplosion.rb:21:1286:21:2724 | then ... |
+| UseUseExplosion.rb:21:1295:21:1299 | @prop | UseUseExplosion.rb:21:1295:21:1304 | ... > ... |
+| UseUseExplosion.rb:21:1295:21:1299 | [post] self | UseUseExplosion.rb:21:1316:21:1320 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | [post] self | UseUseExplosion.rb:21:2715:21:2720 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | self | UseUseExplosion.rb:21:1316:21:1320 | self |
+| UseUseExplosion.rb:21:1295:21:1299 | self | UseUseExplosion.rb:21:2715:21:2720 | self |
+| UseUseExplosion.rb:21:1295:21:1304 | ... > ... | UseUseExplosion.rb:21:1294:21:1305 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1295:21:1304 | ... > ... | UseUseExplosion.rb:21:1294:21:1305 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1303:21:1304 | 39 | UseUseExplosion.rb:21:1295:21:1304 | ... > ... |
+| UseUseExplosion.rb:21:1307:21:2708 | then ... | UseUseExplosion.rb:21:1291:21:2724 | if ... |
+| UseUseExplosion.rb:21:1312:21:2708 | if ... | UseUseExplosion.rb:21:1307:21:2708 | then ... |
+| UseUseExplosion.rb:21:1316:21:1320 | @prop | UseUseExplosion.rb:21:1316:21:1325 | ... > ... |
+| UseUseExplosion.rb:21:1316:21:1320 | [post] self | UseUseExplosion.rb:21:1337:21:1341 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | [post] self | UseUseExplosion.rb:21:2699:21:2704 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | self | UseUseExplosion.rb:21:1337:21:1341 | self |
+| UseUseExplosion.rb:21:1316:21:1320 | self | UseUseExplosion.rb:21:2699:21:2704 | self |
+| UseUseExplosion.rb:21:1316:21:1325 | ... > ... | UseUseExplosion.rb:21:1315:21:1326 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1316:21:1325 | ... > ... | UseUseExplosion.rb:21:1315:21:1326 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1324:21:1325 | 38 | UseUseExplosion.rb:21:1316:21:1325 | ... > ... |
+| UseUseExplosion.rb:21:1328:21:2692 | then ... | UseUseExplosion.rb:21:1312:21:2708 | if ... |
+| UseUseExplosion.rb:21:1333:21:2692 | if ... | UseUseExplosion.rb:21:1328:21:2692 | then ... |
+| UseUseExplosion.rb:21:1337:21:1341 | @prop | UseUseExplosion.rb:21:1337:21:1346 | ... > ... |
+| UseUseExplosion.rb:21:1337:21:1341 | [post] self | UseUseExplosion.rb:21:1358:21:1362 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | [post] self | UseUseExplosion.rb:21:2683:21:2688 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | self | UseUseExplosion.rb:21:1358:21:1362 | self |
+| UseUseExplosion.rb:21:1337:21:1341 | self | UseUseExplosion.rb:21:2683:21:2688 | self |
+| UseUseExplosion.rb:21:1337:21:1346 | ... > ... | UseUseExplosion.rb:21:1336:21:1347 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1337:21:1346 | ... > ... | UseUseExplosion.rb:21:1336:21:1347 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1345:21:1346 | 37 | UseUseExplosion.rb:21:1337:21:1346 | ... > ... |
+| UseUseExplosion.rb:21:1349:21:2676 | then ... | UseUseExplosion.rb:21:1333:21:2692 | if ... |
+| UseUseExplosion.rb:21:1354:21:2676 | if ... | UseUseExplosion.rb:21:1349:21:2676 | then ... |
+| UseUseExplosion.rb:21:1358:21:1362 | @prop | UseUseExplosion.rb:21:1358:21:1367 | ... > ... |
+| UseUseExplosion.rb:21:1358:21:1362 | [post] self | UseUseExplosion.rb:21:1379:21:1383 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | [post] self | UseUseExplosion.rb:21:2667:21:2672 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | self | UseUseExplosion.rb:21:1379:21:1383 | self |
+| UseUseExplosion.rb:21:1358:21:1362 | self | UseUseExplosion.rb:21:2667:21:2672 | self |
+| UseUseExplosion.rb:21:1358:21:1367 | ... > ... | UseUseExplosion.rb:21:1357:21:1368 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1358:21:1367 | ... > ... | UseUseExplosion.rb:21:1357:21:1368 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1366:21:1367 | 36 | UseUseExplosion.rb:21:1358:21:1367 | ... > ... |
+| UseUseExplosion.rb:21:1370:21:2660 | then ... | UseUseExplosion.rb:21:1354:21:2676 | if ... |
+| UseUseExplosion.rb:21:1375:21:2660 | if ... | UseUseExplosion.rb:21:1370:21:2660 | then ... |
+| UseUseExplosion.rb:21:1379:21:1383 | @prop | UseUseExplosion.rb:21:1379:21:1388 | ... > ... |
+| UseUseExplosion.rb:21:1379:21:1383 | [post] self | UseUseExplosion.rb:21:1400:21:1404 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | [post] self | UseUseExplosion.rb:21:2651:21:2656 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | self | UseUseExplosion.rb:21:1400:21:1404 | self |
+| UseUseExplosion.rb:21:1379:21:1383 | self | UseUseExplosion.rb:21:2651:21:2656 | self |
+| UseUseExplosion.rb:21:1379:21:1388 | ... > ... | UseUseExplosion.rb:21:1378:21:1389 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1379:21:1388 | ... > ... | UseUseExplosion.rb:21:1378:21:1389 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1387:21:1388 | 35 | UseUseExplosion.rb:21:1379:21:1388 | ... > ... |
+| UseUseExplosion.rb:21:1391:21:2644 | then ... | UseUseExplosion.rb:21:1375:21:2660 | if ... |
+| UseUseExplosion.rb:21:1396:21:2644 | if ... | UseUseExplosion.rb:21:1391:21:2644 | then ... |
+| UseUseExplosion.rb:21:1400:21:1404 | @prop | UseUseExplosion.rb:21:1400:21:1409 | ... > ... |
+| UseUseExplosion.rb:21:1400:21:1404 | [post] self | UseUseExplosion.rb:21:1421:21:1425 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | [post] self | UseUseExplosion.rb:21:2635:21:2640 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | self | UseUseExplosion.rb:21:1421:21:1425 | self |
+| UseUseExplosion.rb:21:1400:21:1404 | self | UseUseExplosion.rb:21:2635:21:2640 | self |
+| UseUseExplosion.rb:21:1400:21:1409 | ... > ... | UseUseExplosion.rb:21:1399:21:1410 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1400:21:1409 | ... > ... | UseUseExplosion.rb:21:1399:21:1410 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1408:21:1409 | 34 | UseUseExplosion.rb:21:1400:21:1409 | ... > ... |
+| UseUseExplosion.rb:21:1412:21:2628 | then ... | UseUseExplosion.rb:21:1396:21:2644 | if ... |
+| UseUseExplosion.rb:21:1417:21:2628 | if ... | UseUseExplosion.rb:21:1412:21:2628 | then ... |
+| UseUseExplosion.rb:21:1421:21:1425 | @prop | UseUseExplosion.rb:21:1421:21:1430 | ... > ... |
+| UseUseExplosion.rb:21:1421:21:1425 | [post] self | UseUseExplosion.rb:21:1442:21:1446 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | [post] self | UseUseExplosion.rb:21:2619:21:2624 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | self | UseUseExplosion.rb:21:1442:21:1446 | self |
+| UseUseExplosion.rb:21:1421:21:1425 | self | UseUseExplosion.rb:21:2619:21:2624 | self |
+| UseUseExplosion.rb:21:1421:21:1430 | ... > ... | UseUseExplosion.rb:21:1420:21:1431 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1421:21:1430 | ... > ... | UseUseExplosion.rb:21:1420:21:1431 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1429:21:1430 | 33 | UseUseExplosion.rb:21:1421:21:1430 | ... > ... |
+| UseUseExplosion.rb:21:1433:21:2612 | then ... | UseUseExplosion.rb:21:1417:21:2628 | if ... |
+| UseUseExplosion.rb:21:1438:21:2612 | if ... | UseUseExplosion.rb:21:1433:21:2612 | then ... |
+| UseUseExplosion.rb:21:1442:21:1446 | @prop | UseUseExplosion.rb:21:1442:21:1451 | ... > ... |
+| UseUseExplosion.rb:21:1442:21:1446 | [post] self | UseUseExplosion.rb:21:1463:21:1467 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | [post] self | UseUseExplosion.rb:21:2603:21:2608 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | self | UseUseExplosion.rb:21:1463:21:1467 | self |
+| UseUseExplosion.rb:21:1442:21:1446 | self | UseUseExplosion.rb:21:2603:21:2608 | self |
+| UseUseExplosion.rb:21:1442:21:1451 | ... > ... | UseUseExplosion.rb:21:1441:21:1452 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1442:21:1451 | ... > ... | UseUseExplosion.rb:21:1441:21:1452 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1450:21:1451 | 32 | UseUseExplosion.rb:21:1442:21:1451 | ... > ... |
+| UseUseExplosion.rb:21:1454:21:2596 | then ... | UseUseExplosion.rb:21:1438:21:2612 | if ... |
+| UseUseExplosion.rb:21:1459:21:2596 | if ... | UseUseExplosion.rb:21:1454:21:2596 | then ... |
+| UseUseExplosion.rb:21:1463:21:1467 | @prop | UseUseExplosion.rb:21:1463:21:1472 | ... > ... |
+| UseUseExplosion.rb:21:1463:21:1467 | [post] self | UseUseExplosion.rb:21:1484:21:1488 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | [post] self | UseUseExplosion.rb:21:2587:21:2592 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | self | UseUseExplosion.rb:21:1484:21:1488 | self |
+| UseUseExplosion.rb:21:1463:21:1467 | self | UseUseExplosion.rb:21:2587:21:2592 | self |
+| UseUseExplosion.rb:21:1463:21:1472 | ... > ... | UseUseExplosion.rb:21:1462:21:1473 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1463:21:1472 | ... > ... | UseUseExplosion.rb:21:1462:21:1473 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1471:21:1472 | 31 | UseUseExplosion.rb:21:1463:21:1472 | ... > ... |
+| UseUseExplosion.rb:21:1475:21:2580 | then ... | UseUseExplosion.rb:21:1459:21:2596 | if ... |
+| UseUseExplosion.rb:21:1480:21:2580 | if ... | UseUseExplosion.rb:21:1475:21:2580 | then ... |
+| UseUseExplosion.rb:21:1484:21:1488 | @prop | UseUseExplosion.rb:21:1484:21:1493 | ... > ... |
+| UseUseExplosion.rb:21:1484:21:1488 | [post] self | UseUseExplosion.rb:21:1505:21:1509 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | [post] self | UseUseExplosion.rb:21:2571:21:2576 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | self | UseUseExplosion.rb:21:1505:21:1509 | self |
+| UseUseExplosion.rb:21:1484:21:1488 | self | UseUseExplosion.rb:21:2571:21:2576 | self |
+| UseUseExplosion.rb:21:1484:21:1493 | ... > ... | UseUseExplosion.rb:21:1483:21:1494 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1484:21:1493 | ... > ... | UseUseExplosion.rb:21:1483:21:1494 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1492:21:1493 | 30 | UseUseExplosion.rb:21:1484:21:1493 | ... > ... |
+| UseUseExplosion.rb:21:1496:21:2564 | then ... | UseUseExplosion.rb:21:1480:21:2580 | if ... |
+| UseUseExplosion.rb:21:1501:21:2564 | if ... | UseUseExplosion.rb:21:1496:21:2564 | then ... |
+| UseUseExplosion.rb:21:1505:21:1509 | @prop | UseUseExplosion.rb:21:1505:21:1514 | ... > ... |
+| UseUseExplosion.rb:21:1505:21:1509 | [post] self | UseUseExplosion.rb:21:1526:21:1530 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | [post] self | UseUseExplosion.rb:21:2555:21:2560 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | self | UseUseExplosion.rb:21:1526:21:1530 | self |
+| UseUseExplosion.rb:21:1505:21:1509 | self | UseUseExplosion.rb:21:2555:21:2560 | self |
+| UseUseExplosion.rb:21:1505:21:1514 | ... > ... | UseUseExplosion.rb:21:1504:21:1515 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1505:21:1514 | ... > ... | UseUseExplosion.rb:21:1504:21:1515 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1513:21:1514 | 29 | UseUseExplosion.rb:21:1505:21:1514 | ... > ... |
+| UseUseExplosion.rb:21:1517:21:2548 | then ... | UseUseExplosion.rb:21:1501:21:2564 | if ... |
+| UseUseExplosion.rb:21:1522:21:2548 | if ... | UseUseExplosion.rb:21:1517:21:2548 | then ... |
+| UseUseExplosion.rb:21:1526:21:1530 | @prop | UseUseExplosion.rb:21:1526:21:1535 | ... > ... |
+| UseUseExplosion.rb:21:1526:21:1530 | [post] self | UseUseExplosion.rb:21:1547:21:1551 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | [post] self | UseUseExplosion.rb:21:2539:21:2544 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | self | UseUseExplosion.rb:21:1547:21:1551 | self |
+| UseUseExplosion.rb:21:1526:21:1530 | self | UseUseExplosion.rb:21:2539:21:2544 | self |
+| UseUseExplosion.rb:21:1526:21:1535 | ... > ... | UseUseExplosion.rb:21:1525:21:1536 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1526:21:1535 | ... > ... | UseUseExplosion.rb:21:1525:21:1536 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1534:21:1535 | 28 | UseUseExplosion.rb:21:1526:21:1535 | ... > ... |
+| UseUseExplosion.rb:21:1538:21:2532 | then ... | UseUseExplosion.rb:21:1522:21:2548 | if ... |
+| UseUseExplosion.rb:21:1543:21:2532 | if ... | UseUseExplosion.rb:21:1538:21:2532 | then ... |
+| UseUseExplosion.rb:21:1547:21:1551 | @prop | UseUseExplosion.rb:21:1547:21:1556 | ... > ... |
+| UseUseExplosion.rb:21:1547:21:1551 | [post] self | UseUseExplosion.rb:21:1568:21:1572 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | [post] self | UseUseExplosion.rb:21:2523:21:2528 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | self | UseUseExplosion.rb:21:1568:21:1572 | self |
+| UseUseExplosion.rb:21:1547:21:1551 | self | UseUseExplosion.rb:21:2523:21:2528 | self |
+| UseUseExplosion.rb:21:1547:21:1556 | ... > ... | UseUseExplosion.rb:21:1546:21:1557 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1547:21:1556 | ... > ... | UseUseExplosion.rb:21:1546:21:1557 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1555:21:1556 | 27 | UseUseExplosion.rb:21:1547:21:1556 | ... > ... |
+| UseUseExplosion.rb:21:1559:21:2516 | then ... | UseUseExplosion.rb:21:1543:21:2532 | if ... |
+| UseUseExplosion.rb:21:1564:21:2516 | if ... | UseUseExplosion.rb:21:1559:21:2516 | then ... |
+| UseUseExplosion.rb:21:1568:21:1572 | @prop | UseUseExplosion.rb:21:1568:21:1577 | ... > ... |
+| UseUseExplosion.rb:21:1568:21:1572 | [post] self | UseUseExplosion.rb:21:1589:21:1593 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | [post] self | UseUseExplosion.rb:21:2507:21:2512 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | self | UseUseExplosion.rb:21:1589:21:1593 | self |
+| UseUseExplosion.rb:21:1568:21:1572 | self | UseUseExplosion.rb:21:2507:21:2512 | self |
+| UseUseExplosion.rb:21:1568:21:1577 | ... > ... | UseUseExplosion.rb:21:1567:21:1578 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1568:21:1577 | ... > ... | UseUseExplosion.rb:21:1567:21:1578 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1576:21:1577 | 26 | UseUseExplosion.rb:21:1568:21:1577 | ... > ... |
+| UseUseExplosion.rb:21:1580:21:2500 | then ... | UseUseExplosion.rb:21:1564:21:2516 | if ... |
+| UseUseExplosion.rb:21:1585:21:2500 | if ... | UseUseExplosion.rb:21:1580:21:2500 | then ... |
+| UseUseExplosion.rb:21:1589:21:1593 | @prop | UseUseExplosion.rb:21:1589:21:1598 | ... > ... |
+| UseUseExplosion.rb:21:1589:21:1593 | [post] self | UseUseExplosion.rb:21:1610:21:1614 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | [post] self | UseUseExplosion.rb:21:2491:21:2496 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | self | UseUseExplosion.rb:21:1610:21:1614 | self |
+| UseUseExplosion.rb:21:1589:21:1593 | self | UseUseExplosion.rb:21:2491:21:2496 | self |
+| UseUseExplosion.rb:21:1589:21:1598 | ... > ... | UseUseExplosion.rb:21:1588:21:1599 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1589:21:1598 | ... > ... | UseUseExplosion.rb:21:1588:21:1599 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1597:21:1598 | 25 | UseUseExplosion.rb:21:1589:21:1598 | ... > ... |
+| UseUseExplosion.rb:21:1601:21:2484 | then ... | UseUseExplosion.rb:21:1585:21:2500 | if ... |
+| UseUseExplosion.rb:21:1606:21:2484 | if ... | UseUseExplosion.rb:21:1601:21:2484 | then ... |
+| UseUseExplosion.rb:21:1610:21:1614 | @prop | UseUseExplosion.rb:21:1610:21:1619 | ... > ... |
+| UseUseExplosion.rb:21:1610:21:1614 | [post] self | UseUseExplosion.rb:21:1631:21:1635 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | [post] self | UseUseExplosion.rb:21:2475:21:2480 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | self | UseUseExplosion.rb:21:1631:21:1635 | self |
+| UseUseExplosion.rb:21:1610:21:1614 | self | UseUseExplosion.rb:21:2475:21:2480 | self |
+| UseUseExplosion.rb:21:1610:21:1619 | ... > ... | UseUseExplosion.rb:21:1609:21:1620 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1610:21:1619 | ... > ... | UseUseExplosion.rb:21:1609:21:1620 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1618:21:1619 | 24 | UseUseExplosion.rb:21:1610:21:1619 | ... > ... |
+| UseUseExplosion.rb:21:1622:21:2468 | then ... | UseUseExplosion.rb:21:1606:21:2484 | if ... |
+| UseUseExplosion.rb:21:1627:21:2468 | if ... | UseUseExplosion.rb:21:1622:21:2468 | then ... |
+| UseUseExplosion.rb:21:1631:21:1635 | @prop | UseUseExplosion.rb:21:1631:21:1640 | ... > ... |
+| UseUseExplosion.rb:21:1631:21:1635 | [post] self | UseUseExplosion.rb:21:1652:21:1656 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | [post] self | UseUseExplosion.rb:21:2459:21:2464 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | self | UseUseExplosion.rb:21:1652:21:1656 | self |
+| UseUseExplosion.rb:21:1631:21:1635 | self | UseUseExplosion.rb:21:2459:21:2464 | self |
+| UseUseExplosion.rb:21:1631:21:1640 | ... > ... | UseUseExplosion.rb:21:1630:21:1641 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1631:21:1640 | ... > ... | UseUseExplosion.rb:21:1630:21:1641 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1639:21:1640 | 23 | UseUseExplosion.rb:21:1631:21:1640 | ... > ... |
+| UseUseExplosion.rb:21:1643:21:2452 | then ... | UseUseExplosion.rb:21:1627:21:2468 | if ... |
+| UseUseExplosion.rb:21:1648:21:2452 | if ... | UseUseExplosion.rb:21:1643:21:2452 | then ... |
+| UseUseExplosion.rb:21:1652:21:1656 | @prop | UseUseExplosion.rb:21:1652:21:1661 | ... > ... |
+| UseUseExplosion.rb:21:1652:21:1656 | [post] self | UseUseExplosion.rb:21:1673:21:1677 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | [post] self | UseUseExplosion.rb:21:2443:21:2448 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | self | UseUseExplosion.rb:21:1673:21:1677 | self |
+| UseUseExplosion.rb:21:1652:21:1656 | self | UseUseExplosion.rb:21:2443:21:2448 | self |
+| UseUseExplosion.rb:21:1652:21:1661 | ... > ... | UseUseExplosion.rb:21:1651:21:1662 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1652:21:1661 | ... > ... | UseUseExplosion.rb:21:1651:21:1662 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1660:21:1661 | 22 | UseUseExplosion.rb:21:1652:21:1661 | ... > ... |
+| UseUseExplosion.rb:21:1664:21:2436 | then ... | UseUseExplosion.rb:21:1648:21:2452 | if ... |
+| UseUseExplosion.rb:21:1669:21:2436 | if ... | UseUseExplosion.rb:21:1664:21:2436 | then ... |
+| UseUseExplosion.rb:21:1673:21:1677 | @prop | UseUseExplosion.rb:21:1673:21:1682 | ... > ... |
+| UseUseExplosion.rb:21:1673:21:1677 | [post] self | UseUseExplosion.rb:21:1694:21:1698 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | [post] self | UseUseExplosion.rb:21:2427:21:2432 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | self | UseUseExplosion.rb:21:1694:21:1698 | self |
+| UseUseExplosion.rb:21:1673:21:1677 | self | UseUseExplosion.rb:21:2427:21:2432 | self |
+| UseUseExplosion.rb:21:1673:21:1682 | ... > ... | UseUseExplosion.rb:21:1672:21:1683 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1673:21:1682 | ... > ... | UseUseExplosion.rb:21:1672:21:1683 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1681:21:1682 | 21 | UseUseExplosion.rb:21:1673:21:1682 | ... > ... |
+| UseUseExplosion.rb:21:1685:21:2420 | then ... | UseUseExplosion.rb:21:1669:21:2436 | if ... |
+| UseUseExplosion.rb:21:1690:21:2420 | if ... | UseUseExplosion.rb:21:1685:21:2420 | then ... |
+| UseUseExplosion.rb:21:1694:21:1698 | @prop | UseUseExplosion.rb:21:1694:21:1703 | ... > ... |
+| UseUseExplosion.rb:21:1694:21:1698 | [post] self | UseUseExplosion.rb:21:1715:21:1719 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | [post] self | UseUseExplosion.rb:21:2411:21:2416 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | self | UseUseExplosion.rb:21:1715:21:1719 | self |
+| UseUseExplosion.rb:21:1694:21:1698 | self | UseUseExplosion.rb:21:2411:21:2416 | self |
+| UseUseExplosion.rb:21:1694:21:1703 | ... > ... | UseUseExplosion.rb:21:1693:21:1704 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1694:21:1703 | ... > ... | UseUseExplosion.rb:21:1693:21:1704 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1702:21:1703 | 20 | UseUseExplosion.rb:21:1694:21:1703 | ... > ... |
+| UseUseExplosion.rb:21:1706:21:2404 | then ... | UseUseExplosion.rb:21:1690:21:2420 | if ... |
+| UseUseExplosion.rb:21:1711:21:2404 | if ... | UseUseExplosion.rb:21:1706:21:2404 | then ... |
+| UseUseExplosion.rb:21:1715:21:1719 | @prop | UseUseExplosion.rb:21:1715:21:1724 | ... > ... |
+| UseUseExplosion.rb:21:1715:21:1719 | [post] self | UseUseExplosion.rb:21:1736:21:1740 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | [post] self | UseUseExplosion.rb:21:2395:21:2400 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | self | UseUseExplosion.rb:21:1736:21:1740 | self |
+| UseUseExplosion.rb:21:1715:21:1719 | self | UseUseExplosion.rb:21:2395:21:2400 | self |
+| UseUseExplosion.rb:21:1715:21:1724 | ... > ... | UseUseExplosion.rb:21:1714:21:1725 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1715:21:1724 | ... > ... | UseUseExplosion.rb:21:1714:21:1725 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1723:21:1724 | 19 | UseUseExplosion.rb:21:1715:21:1724 | ... > ... |
+| UseUseExplosion.rb:21:1727:21:2388 | then ... | UseUseExplosion.rb:21:1711:21:2404 | if ... |
+| UseUseExplosion.rb:21:1732:21:2388 | if ... | UseUseExplosion.rb:21:1727:21:2388 | then ... |
+| UseUseExplosion.rb:21:1736:21:1740 | @prop | UseUseExplosion.rb:21:1736:21:1745 | ... > ... |
+| UseUseExplosion.rb:21:1736:21:1740 | [post] self | UseUseExplosion.rb:21:1757:21:1761 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | [post] self | UseUseExplosion.rb:21:2379:21:2384 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | self | UseUseExplosion.rb:21:1757:21:1761 | self |
+| UseUseExplosion.rb:21:1736:21:1740 | self | UseUseExplosion.rb:21:2379:21:2384 | self |
+| UseUseExplosion.rb:21:1736:21:1745 | ... > ... | UseUseExplosion.rb:21:1735:21:1746 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1736:21:1745 | ... > ... | UseUseExplosion.rb:21:1735:21:1746 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1744:21:1745 | 18 | UseUseExplosion.rb:21:1736:21:1745 | ... > ... |
+| UseUseExplosion.rb:21:1748:21:2372 | then ... | UseUseExplosion.rb:21:1732:21:2388 | if ... |
+| UseUseExplosion.rb:21:1753:21:2372 | if ... | UseUseExplosion.rb:21:1748:21:2372 | then ... |
+| UseUseExplosion.rb:21:1757:21:1761 | @prop | UseUseExplosion.rb:21:1757:21:1766 | ... > ... |
+| UseUseExplosion.rb:21:1757:21:1761 | [post] self | UseUseExplosion.rb:21:1778:21:1782 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | [post] self | UseUseExplosion.rb:21:2363:21:2368 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | self | UseUseExplosion.rb:21:1778:21:1782 | self |
+| UseUseExplosion.rb:21:1757:21:1761 | self | UseUseExplosion.rb:21:2363:21:2368 | self |
+| UseUseExplosion.rb:21:1757:21:1766 | ... > ... | UseUseExplosion.rb:21:1756:21:1767 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1757:21:1766 | ... > ... | UseUseExplosion.rb:21:1756:21:1767 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1765:21:1766 | 17 | UseUseExplosion.rb:21:1757:21:1766 | ... > ... |
+| UseUseExplosion.rb:21:1769:21:2356 | then ... | UseUseExplosion.rb:21:1753:21:2372 | if ... |
+| UseUseExplosion.rb:21:1774:21:2356 | if ... | UseUseExplosion.rb:21:1769:21:2356 | then ... |
+| UseUseExplosion.rb:21:1778:21:1782 | @prop | UseUseExplosion.rb:21:1778:21:1787 | ... > ... |
+| UseUseExplosion.rb:21:1778:21:1782 | [post] self | UseUseExplosion.rb:21:1799:21:1803 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | [post] self | UseUseExplosion.rb:21:2347:21:2352 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | self | UseUseExplosion.rb:21:1799:21:1803 | self |
+| UseUseExplosion.rb:21:1778:21:1782 | self | UseUseExplosion.rb:21:2347:21:2352 | self |
+| UseUseExplosion.rb:21:1778:21:1787 | ... > ... | UseUseExplosion.rb:21:1777:21:1788 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1778:21:1787 | ... > ... | UseUseExplosion.rb:21:1777:21:1788 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1786:21:1787 | 16 | UseUseExplosion.rb:21:1778:21:1787 | ... > ... |
+| UseUseExplosion.rb:21:1790:21:2340 | then ... | UseUseExplosion.rb:21:1774:21:2356 | if ... |
+| UseUseExplosion.rb:21:1795:21:2340 | if ... | UseUseExplosion.rb:21:1790:21:2340 | then ... |
+| UseUseExplosion.rb:21:1799:21:1803 | @prop | UseUseExplosion.rb:21:1799:21:1808 | ... > ... |
+| UseUseExplosion.rb:21:1799:21:1803 | [post] self | UseUseExplosion.rb:21:1820:21:1824 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | [post] self | UseUseExplosion.rb:21:2331:21:2336 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | self | UseUseExplosion.rb:21:1820:21:1824 | self |
+| UseUseExplosion.rb:21:1799:21:1803 | self | UseUseExplosion.rb:21:2331:21:2336 | self |
+| UseUseExplosion.rb:21:1799:21:1808 | ... > ... | UseUseExplosion.rb:21:1798:21:1809 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1799:21:1808 | ... > ... | UseUseExplosion.rb:21:1798:21:1809 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1807:21:1808 | 15 | UseUseExplosion.rb:21:1799:21:1808 | ... > ... |
+| UseUseExplosion.rb:21:1811:21:2324 | then ... | UseUseExplosion.rb:21:1795:21:2340 | if ... |
+| UseUseExplosion.rb:21:1816:21:2324 | if ... | UseUseExplosion.rb:21:1811:21:2324 | then ... |
+| UseUseExplosion.rb:21:1820:21:1824 | @prop | UseUseExplosion.rb:21:1820:21:1829 | ... > ... |
+| UseUseExplosion.rb:21:1820:21:1824 | [post] self | UseUseExplosion.rb:21:1841:21:1845 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | [post] self | UseUseExplosion.rb:21:2315:21:2320 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | self | UseUseExplosion.rb:21:1841:21:1845 | self |
+| UseUseExplosion.rb:21:1820:21:1824 | self | UseUseExplosion.rb:21:2315:21:2320 | self |
+| UseUseExplosion.rb:21:1820:21:1829 | ... > ... | UseUseExplosion.rb:21:1819:21:1830 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1820:21:1829 | ... > ... | UseUseExplosion.rb:21:1819:21:1830 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1828:21:1829 | 14 | UseUseExplosion.rb:21:1820:21:1829 | ... > ... |
+| UseUseExplosion.rb:21:1832:21:2308 | then ... | UseUseExplosion.rb:21:1816:21:2324 | if ... |
+| UseUseExplosion.rb:21:1837:21:2308 | if ... | UseUseExplosion.rb:21:1832:21:2308 | then ... |
+| UseUseExplosion.rb:21:1841:21:1845 | @prop | UseUseExplosion.rb:21:1841:21:1850 | ... > ... |
+| UseUseExplosion.rb:21:1841:21:1845 | [post] self | UseUseExplosion.rb:21:1862:21:1866 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | [post] self | UseUseExplosion.rb:21:2299:21:2304 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | self | UseUseExplosion.rb:21:1862:21:1866 | self |
+| UseUseExplosion.rb:21:1841:21:1845 | self | UseUseExplosion.rb:21:2299:21:2304 | self |
+| UseUseExplosion.rb:21:1841:21:1850 | ... > ... | UseUseExplosion.rb:21:1840:21:1851 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1841:21:1850 | ... > ... | UseUseExplosion.rb:21:1840:21:1851 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1849:21:1850 | 13 | UseUseExplosion.rb:21:1841:21:1850 | ... > ... |
+| UseUseExplosion.rb:21:1853:21:2292 | then ... | UseUseExplosion.rb:21:1837:21:2308 | if ... |
+| UseUseExplosion.rb:21:1858:21:2292 | if ... | UseUseExplosion.rb:21:1853:21:2292 | then ... |
+| UseUseExplosion.rb:21:1862:21:1866 | @prop | UseUseExplosion.rb:21:1862:21:1871 | ... > ... |
+| UseUseExplosion.rb:21:1862:21:1866 | [post] self | UseUseExplosion.rb:21:1883:21:1887 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | [post] self | UseUseExplosion.rb:21:2283:21:2288 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | self | UseUseExplosion.rb:21:1883:21:1887 | self |
+| UseUseExplosion.rb:21:1862:21:1866 | self | UseUseExplosion.rb:21:2283:21:2288 | self |
+| UseUseExplosion.rb:21:1862:21:1871 | ... > ... | UseUseExplosion.rb:21:1861:21:1872 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1862:21:1871 | ... > ... | UseUseExplosion.rb:21:1861:21:1872 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1870:21:1871 | 12 | UseUseExplosion.rb:21:1862:21:1871 | ... > ... |
+| UseUseExplosion.rb:21:1874:21:2276 | then ... | UseUseExplosion.rb:21:1858:21:2292 | if ... |
+| UseUseExplosion.rb:21:1879:21:2276 | if ... | UseUseExplosion.rb:21:1874:21:2276 | then ... |
+| UseUseExplosion.rb:21:1883:21:1887 | @prop | UseUseExplosion.rb:21:1883:21:1892 | ... > ... |
+| UseUseExplosion.rb:21:1883:21:1887 | [post] self | UseUseExplosion.rb:21:1904:21:1908 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | [post] self | UseUseExplosion.rb:21:2267:21:2272 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | self | UseUseExplosion.rb:21:1904:21:1908 | self |
+| UseUseExplosion.rb:21:1883:21:1887 | self | UseUseExplosion.rb:21:2267:21:2272 | self |
+| UseUseExplosion.rb:21:1883:21:1892 | ... > ... | UseUseExplosion.rb:21:1882:21:1893 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1883:21:1892 | ... > ... | UseUseExplosion.rb:21:1882:21:1893 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1891:21:1892 | 11 | UseUseExplosion.rb:21:1883:21:1892 | ... > ... |
+| UseUseExplosion.rb:21:1895:21:2260 | then ... | UseUseExplosion.rb:21:1879:21:2276 | if ... |
+| UseUseExplosion.rb:21:1900:21:2260 | if ... | UseUseExplosion.rb:21:1895:21:2260 | then ... |
+| UseUseExplosion.rb:21:1904:21:1908 | @prop | UseUseExplosion.rb:21:1904:21:1913 | ... > ... |
+| UseUseExplosion.rb:21:1904:21:1908 | [post] self | UseUseExplosion.rb:21:1925:21:1929 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | [post] self | UseUseExplosion.rb:21:2251:21:2256 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | self | UseUseExplosion.rb:21:1925:21:1929 | self |
+| UseUseExplosion.rb:21:1904:21:1908 | self | UseUseExplosion.rb:21:2251:21:2256 | self |
+| UseUseExplosion.rb:21:1904:21:1913 | ... > ... | UseUseExplosion.rb:21:1903:21:1914 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1904:21:1913 | ... > ... | UseUseExplosion.rb:21:1903:21:1914 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1912:21:1913 | 10 | UseUseExplosion.rb:21:1904:21:1913 | ... > ... |
+| UseUseExplosion.rb:21:1916:21:2244 | then ... | UseUseExplosion.rb:21:1900:21:2260 | if ... |
+| UseUseExplosion.rb:21:1921:21:2244 | if ... | UseUseExplosion.rb:21:1916:21:2244 | then ... |
+| UseUseExplosion.rb:21:1925:21:1929 | @prop | UseUseExplosion.rb:21:1925:21:1933 | ... > ... |
+| UseUseExplosion.rb:21:1925:21:1929 | [post] self | UseUseExplosion.rb:21:1945:21:1949 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | [post] self | UseUseExplosion.rb:21:2235:21:2240 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | self | UseUseExplosion.rb:21:1945:21:1949 | self |
+| UseUseExplosion.rb:21:1925:21:1929 | self | UseUseExplosion.rb:21:2235:21:2240 | self |
+| UseUseExplosion.rb:21:1925:21:1933 | ... > ... | UseUseExplosion.rb:21:1924:21:1934 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1925:21:1933 | ... > ... | UseUseExplosion.rb:21:1924:21:1934 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1933:21:1933 | 9 | UseUseExplosion.rb:21:1925:21:1933 | ... > ... |
+| UseUseExplosion.rb:21:1936:21:2228 | then ... | UseUseExplosion.rb:21:1921:21:2244 | if ... |
+| UseUseExplosion.rb:21:1941:21:2228 | if ... | UseUseExplosion.rb:21:1936:21:2228 | then ... |
+| UseUseExplosion.rb:21:1945:21:1949 | @prop | UseUseExplosion.rb:21:1945:21:1953 | ... > ... |
+| UseUseExplosion.rb:21:1945:21:1949 | [post] self | UseUseExplosion.rb:21:1965:21:1969 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | [post] self | UseUseExplosion.rb:21:2219:21:2224 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | self | UseUseExplosion.rb:21:1965:21:1969 | self |
+| UseUseExplosion.rb:21:1945:21:1949 | self | UseUseExplosion.rb:21:2219:21:2224 | self |
+| UseUseExplosion.rb:21:1945:21:1953 | ... > ... | UseUseExplosion.rb:21:1944:21:1954 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1945:21:1953 | ... > ... | UseUseExplosion.rb:21:1944:21:1954 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1953:21:1953 | 8 | UseUseExplosion.rb:21:1945:21:1953 | ... > ... |
+| UseUseExplosion.rb:21:1956:21:2212 | then ... | UseUseExplosion.rb:21:1941:21:2228 | if ... |
+| UseUseExplosion.rb:21:1961:21:2212 | if ... | UseUseExplosion.rb:21:1956:21:2212 | then ... |
+| UseUseExplosion.rb:21:1965:21:1969 | @prop | UseUseExplosion.rb:21:1965:21:1973 | ... > ... |
+| UseUseExplosion.rb:21:1965:21:1969 | [post] self | UseUseExplosion.rb:21:1985:21:1989 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | [post] self | UseUseExplosion.rb:21:2203:21:2208 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | self | UseUseExplosion.rb:21:1985:21:1989 | self |
+| UseUseExplosion.rb:21:1965:21:1969 | self | UseUseExplosion.rb:21:2203:21:2208 | self |
+| UseUseExplosion.rb:21:1965:21:1973 | ... > ... | UseUseExplosion.rb:21:1964:21:1974 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1965:21:1973 | ... > ... | UseUseExplosion.rb:21:1964:21:1974 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1973:21:1973 | 7 | UseUseExplosion.rb:21:1965:21:1973 | ... > ... |
+| UseUseExplosion.rb:21:1976:21:2196 | then ... | UseUseExplosion.rb:21:1961:21:2212 | if ... |
+| UseUseExplosion.rb:21:1981:21:2196 | if ... | UseUseExplosion.rb:21:1976:21:2196 | then ... |
+| UseUseExplosion.rb:21:1985:21:1989 | @prop | UseUseExplosion.rb:21:1985:21:1993 | ... > ... |
+| UseUseExplosion.rb:21:1985:21:1989 | [post] self | UseUseExplosion.rb:21:2005:21:2009 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | [post] self | UseUseExplosion.rb:21:2187:21:2192 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | self | UseUseExplosion.rb:21:2005:21:2009 | self |
+| UseUseExplosion.rb:21:1985:21:1989 | self | UseUseExplosion.rb:21:2187:21:2192 | self |
+| UseUseExplosion.rb:21:1985:21:1993 | ... > ... | UseUseExplosion.rb:21:1984:21:1994 | [false] ( ... ) |
+| UseUseExplosion.rb:21:1985:21:1993 | ... > ... | UseUseExplosion.rb:21:1984:21:1994 | [true] ( ... ) |
+| UseUseExplosion.rb:21:1993:21:1993 | 6 | UseUseExplosion.rb:21:1985:21:1993 | ... > ... |
+| UseUseExplosion.rb:21:1996:21:2180 | then ... | UseUseExplosion.rb:21:1981:21:2196 | if ... |
+| UseUseExplosion.rb:21:2001:21:2180 | if ... | UseUseExplosion.rb:21:1996:21:2180 | then ... |
+| UseUseExplosion.rb:21:2005:21:2009 | @prop | UseUseExplosion.rb:21:2005:21:2013 | ... > ... |
+| UseUseExplosion.rb:21:2005:21:2009 | [post] self | UseUseExplosion.rb:21:2025:21:2029 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | [post] self | UseUseExplosion.rb:21:2171:21:2176 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | self | UseUseExplosion.rb:21:2025:21:2029 | self |
+| UseUseExplosion.rb:21:2005:21:2009 | self | UseUseExplosion.rb:21:2171:21:2176 | self |
+| UseUseExplosion.rb:21:2005:21:2013 | ... > ... | UseUseExplosion.rb:21:2004:21:2014 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2005:21:2013 | ... > ... | UseUseExplosion.rb:21:2004:21:2014 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2013:21:2013 | 5 | UseUseExplosion.rb:21:2005:21:2013 | ... > ... |
+| UseUseExplosion.rb:21:2016:21:2164 | then ... | UseUseExplosion.rb:21:2001:21:2180 | if ... |
+| UseUseExplosion.rb:21:2021:21:2164 | if ... | UseUseExplosion.rb:21:2016:21:2164 | then ... |
+| UseUseExplosion.rb:21:2025:21:2029 | @prop | UseUseExplosion.rb:21:2025:21:2033 | ... > ... |
+| UseUseExplosion.rb:21:2025:21:2029 | [post] self | UseUseExplosion.rb:21:2045:21:2049 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | [post] self | UseUseExplosion.rb:21:2155:21:2160 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | self | UseUseExplosion.rb:21:2045:21:2049 | self |
+| UseUseExplosion.rb:21:2025:21:2029 | self | UseUseExplosion.rb:21:2155:21:2160 | self |
+| UseUseExplosion.rb:21:2025:21:2033 | ... > ... | UseUseExplosion.rb:21:2024:21:2034 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2025:21:2033 | ... > ... | UseUseExplosion.rb:21:2024:21:2034 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2033:21:2033 | 4 | UseUseExplosion.rb:21:2025:21:2033 | ... > ... |
+| UseUseExplosion.rb:21:2036:21:2148 | then ... | UseUseExplosion.rb:21:2021:21:2164 | if ... |
+| UseUseExplosion.rb:21:2041:21:2148 | if ... | UseUseExplosion.rb:21:2036:21:2148 | then ... |
+| UseUseExplosion.rb:21:2045:21:2049 | @prop | UseUseExplosion.rb:21:2045:21:2053 | ... > ... |
+| UseUseExplosion.rb:21:2045:21:2049 | [post] self | UseUseExplosion.rb:21:2065:21:2069 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | [post] self | UseUseExplosion.rb:21:2139:21:2144 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | self | UseUseExplosion.rb:21:2065:21:2069 | self |
+| UseUseExplosion.rb:21:2045:21:2049 | self | UseUseExplosion.rb:21:2139:21:2144 | self |
+| UseUseExplosion.rb:21:2045:21:2053 | ... > ... | UseUseExplosion.rb:21:2044:21:2054 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2045:21:2053 | ... > ... | UseUseExplosion.rb:21:2044:21:2054 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2053:21:2053 | 3 | UseUseExplosion.rb:21:2045:21:2053 | ... > ... |
+| UseUseExplosion.rb:21:2056:21:2132 | then ... | UseUseExplosion.rb:21:2041:21:2148 | if ... |
+| UseUseExplosion.rb:21:2061:21:2132 | if ... | UseUseExplosion.rb:21:2056:21:2132 | then ... |
+| UseUseExplosion.rb:21:2065:21:2069 | @prop | UseUseExplosion.rb:21:2065:21:2073 | ... > ... |
+| UseUseExplosion.rb:21:2065:21:2069 | [post] self | UseUseExplosion.rb:21:2085:21:2089 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | [post] self | UseUseExplosion.rb:21:2123:21:2128 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | self | UseUseExplosion.rb:21:2085:21:2089 | self |
+| UseUseExplosion.rb:21:2065:21:2069 | self | UseUseExplosion.rb:21:2123:21:2128 | self |
+| UseUseExplosion.rb:21:2065:21:2073 | ... > ... | UseUseExplosion.rb:21:2064:21:2074 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2065:21:2073 | ... > ... | UseUseExplosion.rb:21:2064:21:2074 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2073:21:2073 | 2 | UseUseExplosion.rb:21:2065:21:2073 | ... > ... |
+| UseUseExplosion.rb:21:2076:21:2116 | then ... | UseUseExplosion.rb:21:2061:21:2132 | if ... |
+| UseUseExplosion.rb:21:2081:21:2116 | if ... | UseUseExplosion.rb:21:2076:21:2116 | then ... |
+| UseUseExplosion.rb:21:2085:21:2089 | @prop | UseUseExplosion.rb:21:2085:21:2093 | ... > ... |
+| UseUseExplosion.rb:21:2085:21:2089 | [post] self | UseUseExplosion.rb:21:2107:21:2112 | self |
+| UseUseExplosion.rb:21:2085:21:2089 | self | UseUseExplosion.rb:21:2107:21:2112 | self |
+| UseUseExplosion.rb:21:2085:21:2093 | ... > ... | UseUseExplosion.rb:21:2084:21:2094 | [false] ( ... ) |
+| UseUseExplosion.rb:21:2085:21:2093 | ... > ... | UseUseExplosion.rb:21:2084:21:2094 | [true] ( ... ) |
+| UseUseExplosion.rb:21:2093:21:2093 | 1 | UseUseExplosion.rb:21:2085:21:2093 | ... > ... |
+| UseUseExplosion.rb:21:2096:21:2099 | then ... | UseUseExplosion.rb:21:2081:21:2116 | if ... |
+| UseUseExplosion.rb:21:2102:21:2112 | else ... | UseUseExplosion.rb:21:2081:21:2116 | if ... |
+| UseUseExplosion.rb:21:2107:21:2112 | call to use | UseUseExplosion.rb:21:2102:21:2112 | else ... |
+| UseUseExplosion.rb:21:2118:21:2128 | else ... | UseUseExplosion.rb:21:2061:21:2132 | if ... |
+| UseUseExplosion.rb:21:2123:21:2128 | call to use | UseUseExplosion.rb:21:2118:21:2128 | else ... |
+| UseUseExplosion.rb:21:2134:21:2144 | else ... | UseUseExplosion.rb:21:2041:21:2148 | if ... |
+| UseUseExplosion.rb:21:2139:21:2144 | call to use | UseUseExplosion.rb:21:2134:21:2144 | else ... |
+| UseUseExplosion.rb:21:2150:21:2160 | else ... | UseUseExplosion.rb:21:2021:21:2164 | if ... |
+| UseUseExplosion.rb:21:2155:21:2160 | call to use | UseUseExplosion.rb:21:2150:21:2160 | else ... |
+| UseUseExplosion.rb:21:2166:21:2176 | else ... | UseUseExplosion.rb:21:2001:21:2180 | if ... |
+| UseUseExplosion.rb:21:2171:21:2176 | call to use | UseUseExplosion.rb:21:2166:21:2176 | else ... |
+| UseUseExplosion.rb:21:2182:21:2192 | else ... | UseUseExplosion.rb:21:1981:21:2196 | if ... |
+| UseUseExplosion.rb:21:2187:21:2192 | call to use | UseUseExplosion.rb:21:2182:21:2192 | else ... |
+| UseUseExplosion.rb:21:2198:21:2208 | else ... | UseUseExplosion.rb:21:1961:21:2212 | if ... |
+| UseUseExplosion.rb:21:2203:21:2208 | call to use | UseUseExplosion.rb:21:2198:21:2208 | else ... |
+| UseUseExplosion.rb:21:2214:21:2224 | else ... | UseUseExplosion.rb:21:1941:21:2228 | if ... |
+| UseUseExplosion.rb:21:2219:21:2224 | call to use | UseUseExplosion.rb:21:2214:21:2224 | else ... |
+| UseUseExplosion.rb:21:2230:21:2240 | else ... | UseUseExplosion.rb:21:1921:21:2244 | if ... |
+| UseUseExplosion.rb:21:2235:21:2240 | call to use | UseUseExplosion.rb:21:2230:21:2240 | else ... |
+| UseUseExplosion.rb:21:2246:21:2256 | else ... | UseUseExplosion.rb:21:1900:21:2260 | if ... |
+| UseUseExplosion.rb:21:2251:21:2256 | call to use | UseUseExplosion.rb:21:2246:21:2256 | else ... |
+| UseUseExplosion.rb:21:2262:21:2272 | else ... | UseUseExplosion.rb:21:1879:21:2276 | if ... |
+| UseUseExplosion.rb:21:2267:21:2272 | call to use | UseUseExplosion.rb:21:2262:21:2272 | else ... |
+| UseUseExplosion.rb:21:2278:21:2288 | else ... | UseUseExplosion.rb:21:1858:21:2292 | if ... |
+| UseUseExplosion.rb:21:2283:21:2288 | call to use | UseUseExplosion.rb:21:2278:21:2288 | else ... |
+| UseUseExplosion.rb:21:2294:21:2304 | else ... | UseUseExplosion.rb:21:1837:21:2308 | if ... |
+| UseUseExplosion.rb:21:2299:21:2304 | call to use | UseUseExplosion.rb:21:2294:21:2304 | else ... |
+| UseUseExplosion.rb:21:2310:21:2320 | else ... | UseUseExplosion.rb:21:1816:21:2324 | if ... |
+| UseUseExplosion.rb:21:2315:21:2320 | call to use | UseUseExplosion.rb:21:2310:21:2320 | else ... |
+| UseUseExplosion.rb:21:2326:21:2336 | else ... | UseUseExplosion.rb:21:1795:21:2340 | if ... |
+| UseUseExplosion.rb:21:2331:21:2336 | call to use | UseUseExplosion.rb:21:2326:21:2336 | else ... |
+| UseUseExplosion.rb:21:2342:21:2352 | else ... | UseUseExplosion.rb:21:1774:21:2356 | if ... |
+| UseUseExplosion.rb:21:2347:21:2352 | call to use | UseUseExplosion.rb:21:2342:21:2352 | else ... |
+| UseUseExplosion.rb:21:2358:21:2368 | else ... | UseUseExplosion.rb:21:1753:21:2372 | if ... |
+| UseUseExplosion.rb:21:2363:21:2368 | call to use | UseUseExplosion.rb:21:2358:21:2368 | else ... |
+| UseUseExplosion.rb:21:2374:21:2384 | else ... | UseUseExplosion.rb:21:1732:21:2388 | if ... |
+| UseUseExplosion.rb:21:2379:21:2384 | call to use | UseUseExplosion.rb:21:2374:21:2384 | else ... |
+| UseUseExplosion.rb:21:2390:21:2400 | else ... | UseUseExplosion.rb:21:1711:21:2404 | if ... |
+| UseUseExplosion.rb:21:2395:21:2400 | call to use | UseUseExplosion.rb:21:2390:21:2400 | else ... |
+| UseUseExplosion.rb:21:2406:21:2416 | else ... | UseUseExplosion.rb:21:1690:21:2420 | if ... |
+| UseUseExplosion.rb:21:2411:21:2416 | call to use | UseUseExplosion.rb:21:2406:21:2416 | else ... |
+| UseUseExplosion.rb:21:2422:21:2432 | else ... | UseUseExplosion.rb:21:1669:21:2436 | if ... |
+| UseUseExplosion.rb:21:2427:21:2432 | call to use | UseUseExplosion.rb:21:2422:21:2432 | else ... |
+| UseUseExplosion.rb:21:2438:21:2448 | else ... | UseUseExplosion.rb:21:1648:21:2452 | if ... |
+| UseUseExplosion.rb:21:2443:21:2448 | call to use | UseUseExplosion.rb:21:2438:21:2448 | else ... |
+| UseUseExplosion.rb:21:2454:21:2464 | else ... | UseUseExplosion.rb:21:1627:21:2468 | if ... |
+| UseUseExplosion.rb:21:2459:21:2464 | call to use | UseUseExplosion.rb:21:2454:21:2464 | else ... |
+| UseUseExplosion.rb:21:2470:21:2480 | else ... | UseUseExplosion.rb:21:1606:21:2484 | if ... |
+| UseUseExplosion.rb:21:2475:21:2480 | call to use | UseUseExplosion.rb:21:2470:21:2480 | else ... |
+| UseUseExplosion.rb:21:2486:21:2496 | else ... | UseUseExplosion.rb:21:1585:21:2500 | if ... |
+| UseUseExplosion.rb:21:2491:21:2496 | call to use | UseUseExplosion.rb:21:2486:21:2496 | else ... |
+| UseUseExplosion.rb:21:2502:21:2512 | else ... | UseUseExplosion.rb:21:1564:21:2516 | if ... |
+| UseUseExplosion.rb:21:2507:21:2512 | call to use | UseUseExplosion.rb:21:2502:21:2512 | else ... |
+| UseUseExplosion.rb:21:2518:21:2528 | else ... | UseUseExplosion.rb:21:1543:21:2532 | if ... |
+| UseUseExplosion.rb:21:2523:21:2528 | call to use | UseUseExplosion.rb:21:2518:21:2528 | else ... |
+| UseUseExplosion.rb:21:2534:21:2544 | else ... | UseUseExplosion.rb:21:1522:21:2548 | if ... |
+| UseUseExplosion.rb:21:2539:21:2544 | call to use | UseUseExplosion.rb:21:2534:21:2544 | else ... |
+| UseUseExplosion.rb:21:2550:21:2560 | else ... | UseUseExplosion.rb:21:1501:21:2564 | if ... |
+| UseUseExplosion.rb:21:2555:21:2560 | call to use | UseUseExplosion.rb:21:2550:21:2560 | else ... |
+| UseUseExplosion.rb:21:2566:21:2576 | else ... | UseUseExplosion.rb:21:1480:21:2580 | if ... |
+| UseUseExplosion.rb:21:2571:21:2576 | call to use | UseUseExplosion.rb:21:2566:21:2576 | else ... |
+| UseUseExplosion.rb:21:2582:21:2592 | else ... | UseUseExplosion.rb:21:1459:21:2596 | if ... |
+| UseUseExplosion.rb:21:2587:21:2592 | call to use | UseUseExplosion.rb:21:2582:21:2592 | else ... |
+| UseUseExplosion.rb:21:2598:21:2608 | else ... | UseUseExplosion.rb:21:1438:21:2612 | if ... |
+| UseUseExplosion.rb:21:2603:21:2608 | call to use | UseUseExplosion.rb:21:2598:21:2608 | else ... |
+| UseUseExplosion.rb:21:2614:21:2624 | else ... | UseUseExplosion.rb:21:1417:21:2628 | if ... |
+| UseUseExplosion.rb:21:2619:21:2624 | call to use | UseUseExplosion.rb:21:2614:21:2624 | else ... |
+| UseUseExplosion.rb:21:2630:21:2640 | else ... | UseUseExplosion.rb:21:1396:21:2644 | if ... |
+| UseUseExplosion.rb:21:2635:21:2640 | call to use | UseUseExplosion.rb:21:2630:21:2640 | else ... |
+| UseUseExplosion.rb:21:2646:21:2656 | else ... | UseUseExplosion.rb:21:1375:21:2660 | if ... |
+| UseUseExplosion.rb:21:2651:21:2656 | call to use | UseUseExplosion.rb:21:2646:21:2656 | else ... |
+| UseUseExplosion.rb:21:2662:21:2672 | else ... | UseUseExplosion.rb:21:1354:21:2676 | if ... |
+| UseUseExplosion.rb:21:2667:21:2672 | call to use | UseUseExplosion.rb:21:2662:21:2672 | else ... |
+| UseUseExplosion.rb:21:2678:21:2688 | else ... | UseUseExplosion.rb:21:1333:21:2692 | if ... |
+| UseUseExplosion.rb:21:2683:21:2688 | call to use | UseUseExplosion.rb:21:2678:21:2688 | else ... |
+| UseUseExplosion.rb:21:2694:21:2704 | else ... | UseUseExplosion.rb:21:1312:21:2708 | if ... |
+| UseUseExplosion.rb:21:2699:21:2704 | call to use | UseUseExplosion.rb:21:2694:21:2704 | else ... |
+| UseUseExplosion.rb:21:2710:21:2720 | else ... | UseUseExplosion.rb:21:1291:21:2724 | if ... |
+| UseUseExplosion.rb:21:2715:21:2720 | call to use | UseUseExplosion.rb:21:2710:21:2720 | else ... |
+| UseUseExplosion.rb:21:2726:21:2736 | else ... | UseUseExplosion.rb:21:1270:21:2740 | if ... |
+| UseUseExplosion.rb:21:2731:21:2736 | call to use | UseUseExplosion.rb:21:2726:21:2736 | else ... |
+| UseUseExplosion.rb:21:2742:21:2752 | else ... | UseUseExplosion.rb:21:1249:21:2756 | if ... |
+| UseUseExplosion.rb:21:2747:21:2752 | call to use | UseUseExplosion.rb:21:2742:21:2752 | else ... |
+| UseUseExplosion.rb:21:2758:21:2768 | else ... | UseUseExplosion.rb:21:1228:21:2772 | if ... |
+| UseUseExplosion.rb:21:2763:21:2768 | call to use | UseUseExplosion.rb:21:2758:21:2768 | else ... |
+| UseUseExplosion.rb:21:2774:21:2784 | else ... | UseUseExplosion.rb:21:1207:21:2788 | if ... |
+| UseUseExplosion.rb:21:2779:21:2784 | call to use | UseUseExplosion.rb:21:2774:21:2784 | else ... |
+| UseUseExplosion.rb:21:2790:21:2800 | else ... | UseUseExplosion.rb:21:1186:21:2804 | if ... |
+| UseUseExplosion.rb:21:2795:21:2800 | call to use | UseUseExplosion.rb:21:2790:21:2800 | else ... |
+| UseUseExplosion.rb:21:2806:21:2816 | else ... | UseUseExplosion.rb:21:1165:21:2820 | if ... |
+| UseUseExplosion.rb:21:2811:21:2816 | call to use | UseUseExplosion.rb:21:2806:21:2816 | else ... |
+| UseUseExplosion.rb:21:2822:21:2832 | else ... | UseUseExplosion.rb:21:1144:21:2836 | if ... |
+| UseUseExplosion.rb:21:2827:21:2832 | call to use | UseUseExplosion.rb:21:2822:21:2832 | else ... |
+| UseUseExplosion.rb:21:2838:21:2848 | else ... | UseUseExplosion.rb:21:1123:21:2852 | if ... |
+| UseUseExplosion.rb:21:2843:21:2848 | call to use | UseUseExplosion.rb:21:2838:21:2848 | else ... |
+| UseUseExplosion.rb:21:2854:21:2864 | else ... | UseUseExplosion.rb:21:1102:21:2868 | if ... |
+| UseUseExplosion.rb:21:2859:21:2864 | call to use | UseUseExplosion.rb:21:2854:21:2864 | else ... |
+| UseUseExplosion.rb:21:2870:21:2880 | else ... | UseUseExplosion.rb:21:1081:21:2884 | if ... |
+| UseUseExplosion.rb:21:2875:21:2880 | call to use | UseUseExplosion.rb:21:2870:21:2880 | else ... |
+| UseUseExplosion.rb:21:2886:21:2896 | else ... | UseUseExplosion.rb:21:1060:21:2900 | if ... |
+| UseUseExplosion.rb:21:2891:21:2896 | call to use | UseUseExplosion.rb:21:2886:21:2896 | else ... |
+| UseUseExplosion.rb:21:2902:21:2912 | else ... | UseUseExplosion.rb:21:1039:21:2916 | if ... |
+| UseUseExplosion.rb:21:2907:21:2912 | call to use | UseUseExplosion.rb:21:2902:21:2912 | else ... |
+| UseUseExplosion.rb:21:2918:21:2928 | else ... | UseUseExplosion.rb:21:1018:21:2932 | if ... |
+| UseUseExplosion.rb:21:2923:21:2928 | call to use | UseUseExplosion.rb:21:2918:21:2928 | else ... |
+| UseUseExplosion.rb:21:2934:21:2944 | else ... | UseUseExplosion.rb:21:997:21:2948 | if ... |
+| UseUseExplosion.rb:21:2939:21:2944 | call to use | UseUseExplosion.rb:21:2934:21:2944 | else ... |
+| UseUseExplosion.rb:21:2950:21:2960 | else ... | UseUseExplosion.rb:21:976:21:2964 | if ... |
+| UseUseExplosion.rb:21:2955:21:2960 | call to use | UseUseExplosion.rb:21:2950:21:2960 | else ... |
+| UseUseExplosion.rb:21:2966:21:2976 | else ... | UseUseExplosion.rb:21:955:21:2980 | if ... |
+| UseUseExplosion.rb:21:2971:21:2976 | call to use | UseUseExplosion.rb:21:2966:21:2976 | else ... |
+| UseUseExplosion.rb:21:2982:21:2992 | else ... | UseUseExplosion.rb:21:934:21:2996 | if ... |
+| UseUseExplosion.rb:21:2987:21:2992 | call to use | UseUseExplosion.rb:21:2982:21:2992 | else ... |
+| UseUseExplosion.rb:21:2998:21:3008 | else ... | UseUseExplosion.rb:21:913:21:3012 | if ... |
+| UseUseExplosion.rb:21:3003:21:3008 | call to use | UseUseExplosion.rb:21:2998:21:3008 | else ... |
+| UseUseExplosion.rb:21:3014:21:3024 | else ... | UseUseExplosion.rb:21:892:21:3028 | if ... |
+| UseUseExplosion.rb:21:3019:21:3024 | call to use | UseUseExplosion.rb:21:3014:21:3024 | else ... |
+| UseUseExplosion.rb:21:3030:21:3040 | else ... | UseUseExplosion.rb:21:871:21:3044 | if ... |
+| UseUseExplosion.rb:21:3035:21:3040 | call to use | UseUseExplosion.rb:21:3030:21:3040 | else ... |
+| UseUseExplosion.rb:21:3046:21:3056 | else ... | UseUseExplosion.rb:21:850:21:3060 | if ... |
+| UseUseExplosion.rb:21:3051:21:3056 | call to use | UseUseExplosion.rb:21:3046:21:3056 | else ... |
+| UseUseExplosion.rb:21:3062:21:3072 | else ... | UseUseExplosion.rb:21:829:21:3076 | if ... |
+| UseUseExplosion.rb:21:3067:21:3072 | call to use | UseUseExplosion.rb:21:3062:21:3072 | else ... |
+| UseUseExplosion.rb:21:3078:21:3088 | else ... | UseUseExplosion.rb:21:808:21:3092 | if ... |
+| UseUseExplosion.rb:21:3083:21:3088 | call to use | UseUseExplosion.rb:21:3078:21:3088 | else ... |
+| UseUseExplosion.rb:21:3094:21:3104 | else ... | UseUseExplosion.rb:21:787:21:3108 | if ... |
+| UseUseExplosion.rb:21:3099:21:3104 | call to use | UseUseExplosion.rb:21:3094:21:3104 | else ... |
+| UseUseExplosion.rb:21:3110:21:3120 | else ... | UseUseExplosion.rb:21:766:21:3124 | if ... |
+| UseUseExplosion.rb:21:3115:21:3120 | call to use | UseUseExplosion.rb:21:3110:21:3120 | else ... |
+| UseUseExplosion.rb:21:3126:21:3136 | else ... | UseUseExplosion.rb:21:745:21:3140 | if ... |
+| UseUseExplosion.rb:21:3131:21:3136 | call to use | UseUseExplosion.rb:21:3126:21:3136 | else ... |
+| UseUseExplosion.rb:21:3142:21:3152 | else ... | UseUseExplosion.rb:21:724:21:3156 | if ... |
+| UseUseExplosion.rb:21:3147:21:3152 | call to use | UseUseExplosion.rb:21:3142:21:3152 | else ... |
+| UseUseExplosion.rb:21:3158:21:3168 | else ... | UseUseExplosion.rb:21:703:21:3172 | if ... |
+| UseUseExplosion.rb:21:3163:21:3168 | call to use | UseUseExplosion.rb:21:3158:21:3168 | else ... |
+| UseUseExplosion.rb:21:3174:21:3184 | else ... | UseUseExplosion.rb:21:682:21:3188 | if ... |
+| UseUseExplosion.rb:21:3179:21:3184 | call to use | UseUseExplosion.rb:21:3174:21:3184 | else ... |
+| UseUseExplosion.rb:21:3190:21:3200 | else ... | UseUseExplosion.rb:21:661:21:3204 | if ... |
+| UseUseExplosion.rb:21:3195:21:3200 | call to use | UseUseExplosion.rb:21:3190:21:3200 | else ... |
+| UseUseExplosion.rb:21:3206:21:3216 | else ... | UseUseExplosion.rb:21:640:21:3220 | if ... |
+| UseUseExplosion.rb:21:3211:21:3216 | call to use | UseUseExplosion.rb:21:3206:21:3216 | else ... |
+| UseUseExplosion.rb:21:3222:21:3232 | else ... | UseUseExplosion.rb:21:619:21:3236 | if ... |
+| UseUseExplosion.rb:21:3227:21:3232 | call to use | UseUseExplosion.rb:21:3222:21:3232 | else ... |
+| UseUseExplosion.rb:21:3238:21:3248 | else ... | UseUseExplosion.rb:21:598:21:3252 | if ... |
+| UseUseExplosion.rb:21:3243:21:3248 | call to use | UseUseExplosion.rb:21:3238:21:3248 | else ... |
+| UseUseExplosion.rb:21:3254:21:3264 | else ... | UseUseExplosion.rb:21:577:21:3268 | if ... |
+| UseUseExplosion.rb:21:3259:21:3264 | call to use | UseUseExplosion.rb:21:3254:21:3264 | else ... |
+| UseUseExplosion.rb:21:3270:21:3280 | else ... | UseUseExplosion.rb:21:556:21:3284 | if ... |
+| UseUseExplosion.rb:21:3275:21:3280 | call to use | UseUseExplosion.rb:21:3270:21:3280 | else ... |
+| UseUseExplosion.rb:21:3286:21:3296 | else ... | UseUseExplosion.rb:21:535:21:3300 | if ... |
+| UseUseExplosion.rb:21:3291:21:3296 | call to use | UseUseExplosion.rb:21:3286:21:3296 | else ... |
+| UseUseExplosion.rb:21:3302:21:3312 | else ... | UseUseExplosion.rb:21:514:21:3316 | if ... |
+| UseUseExplosion.rb:21:3307:21:3312 | call to use | UseUseExplosion.rb:21:3302:21:3312 | else ... |
+| UseUseExplosion.rb:21:3318:21:3328 | else ... | UseUseExplosion.rb:21:493:21:3332 | if ... |
+| UseUseExplosion.rb:21:3323:21:3328 | call to use | UseUseExplosion.rb:21:3318:21:3328 | else ... |
+| UseUseExplosion.rb:21:3334:21:3344 | else ... | UseUseExplosion.rb:21:472:21:3348 | if ... |
+| UseUseExplosion.rb:21:3339:21:3344 | call to use | UseUseExplosion.rb:21:3334:21:3344 | else ... |
+| UseUseExplosion.rb:21:3350:21:3360 | else ... | UseUseExplosion.rb:21:451:21:3364 | if ... |
+| UseUseExplosion.rb:21:3355:21:3360 | call to use | UseUseExplosion.rb:21:3350:21:3360 | else ... |
+| UseUseExplosion.rb:21:3366:21:3376 | else ... | UseUseExplosion.rb:21:430:21:3380 | if ... |
+| UseUseExplosion.rb:21:3371:21:3376 | call to use | UseUseExplosion.rb:21:3366:21:3376 | else ... |
+| UseUseExplosion.rb:21:3382:21:3392 | else ... | UseUseExplosion.rb:21:409:21:3396 | if ... |
+| UseUseExplosion.rb:21:3387:21:3392 | call to use | UseUseExplosion.rb:21:3382:21:3392 | else ... |
+| UseUseExplosion.rb:21:3398:21:3408 | else ... | UseUseExplosion.rb:21:388:21:3412 | if ... |
+| UseUseExplosion.rb:21:3403:21:3408 | call to use | UseUseExplosion.rb:21:3398:21:3408 | else ... |
+| UseUseExplosion.rb:21:3414:21:3424 | else ... | UseUseExplosion.rb:21:367:21:3428 | if ... |
+| UseUseExplosion.rb:21:3419:21:3424 | call to use | UseUseExplosion.rb:21:3414:21:3424 | else ... |
+| UseUseExplosion.rb:21:3430:21:3440 | else ... | UseUseExplosion.rb:21:346:21:3444 | if ... |
+| UseUseExplosion.rb:21:3435:21:3440 | call to use | UseUseExplosion.rb:21:3430:21:3440 | else ... |
+| UseUseExplosion.rb:21:3446:21:3456 | else ... | UseUseExplosion.rb:21:325:21:3460 | if ... |
+| UseUseExplosion.rb:21:3451:21:3456 | call to use | UseUseExplosion.rb:21:3446:21:3456 | else ... |
+| UseUseExplosion.rb:21:3462:21:3472 | else ... | UseUseExplosion.rb:21:304:21:3476 | if ... |
+| UseUseExplosion.rb:21:3467:21:3472 | call to use | UseUseExplosion.rb:21:3462:21:3472 | else ... |
+| UseUseExplosion.rb:21:3478:21:3488 | else ... | UseUseExplosion.rb:21:283:21:3492 | if ... |
+| UseUseExplosion.rb:21:3483:21:3488 | call to use | UseUseExplosion.rb:21:3478:21:3488 | else ... |
+| UseUseExplosion.rb:21:3494:21:3504 | else ... | UseUseExplosion.rb:21:262:21:3508 | if ... |
+| UseUseExplosion.rb:21:3499:21:3504 | call to use | UseUseExplosion.rb:21:3494:21:3504 | else ... |
+| UseUseExplosion.rb:21:3510:21:3520 | else ... | UseUseExplosion.rb:21:241:21:3524 | if ... |
+| UseUseExplosion.rb:21:3515:21:3520 | call to use | UseUseExplosion.rb:21:3510:21:3520 | else ... |
+| UseUseExplosion.rb:21:3526:21:3536 | else ... | UseUseExplosion.rb:21:220:21:3540 | if ... |
+| UseUseExplosion.rb:21:3531:21:3536 | call to use | UseUseExplosion.rb:21:3526:21:3536 | else ... |
+| UseUseExplosion.rb:21:3542:21:3552 | else ... | UseUseExplosion.rb:21:199:21:3556 | if ... |
+| UseUseExplosion.rb:21:3547:21:3552 | call to use | UseUseExplosion.rb:21:3542:21:3552 | else ... |
+| UseUseExplosion.rb:21:3558:21:3568 | else ... | UseUseExplosion.rb:21:178:21:3572 | if ... |
+| UseUseExplosion.rb:21:3563:21:3568 | call to use | UseUseExplosion.rb:21:3558:21:3568 | else ... |
+| UseUseExplosion.rb:21:3574:21:3584 | else ... | UseUseExplosion.rb:21:157:21:3588 | if ... |
+| UseUseExplosion.rb:21:3579:21:3584 | call to use | UseUseExplosion.rb:21:3574:21:3584 | else ... |
+| UseUseExplosion.rb:21:3590:21:3600 | else ... | UseUseExplosion.rb:21:136:21:3604 | if ... |
+| UseUseExplosion.rb:21:3595:21:3600 | call to use | UseUseExplosion.rb:21:3590:21:3600 | else ... |
+| UseUseExplosion.rb:21:3606:21:3616 | else ... | UseUseExplosion.rb:21:115:21:3620 | if ... |
+| UseUseExplosion.rb:21:3611:21:3616 | call to use | UseUseExplosion.rb:21:3606:21:3616 | else ... |
+| UseUseExplosion.rb:21:3622:21:3632 | else ... | UseUseExplosion.rb:21:94:21:3636 | if ... |
+| UseUseExplosion.rb:21:3627:21:3632 | call to use | UseUseExplosion.rb:21:3622:21:3632 | else ... |
+| UseUseExplosion.rb:21:3638:21:3648 | else ... | UseUseExplosion.rb:21:73:21:3652 | if ... |
+| UseUseExplosion.rb:21:3643:21:3648 | call to use | UseUseExplosion.rb:21:3638:21:3648 | else ... |
+| UseUseExplosion.rb:21:3654:21:3664 | else ... | UseUseExplosion.rb:21:52:21:3668 | if ... |
+| UseUseExplosion.rb:21:3659:21:3664 | call to use | UseUseExplosion.rb:21:3654:21:3664 | else ... |
+| UseUseExplosion.rb:21:3670:21:3680 | else ... | UseUseExplosion.rb:21:31:21:3684 | if ... |
+| UseUseExplosion.rb:21:3675:21:3680 | call to use | UseUseExplosion.rb:21:3670:21:3680 | else ... |
+| UseUseExplosion.rb:21:3686:21:3696 | else ... | UseUseExplosion.rb:21:9:21:3700 | if ... |
+| UseUseExplosion.rb:21:3691:21:3696 | call to use | UseUseExplosion.rb:21:3686:21:3696 | else ... |
+| UseUseExplosion.rb:24:5:25:7 | use | UseUseExplosion.rb:1:1:26:3 | C |
 | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element.element 1 or unknown in Hash[] |
-| file://:0:0:0:0 | parameter any of ;Pathname;Method[join] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[join] |
 | file://:0:0:0:0 | parameter position 0 of & | file://:0:0:0:0 | [summary] read: argument position 0.any element in & |
 | file://:0:0:0:0 | parameter position 0 of + | file://:0:0:0:0 | [summary] read: argument position 0.any element in + |
-| file://:0:0:0:0 | parameter position 0 of ;;Member[Pathname].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in ;;Member[Pathname].Method[new] |
-| file://:0:0:0:0 | parameter position 0 of ;;Member[Regexp].Method[escape,quote] | file://:0:0:0:0 | [summary] to write: return (return) in ;;Member[Regexp].Method[escape,quote] |
 | file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge |
 | file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: argument self in ActionController::Parameters#merge! |
 | file://:0:0:0:0 | parameter position 0 of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge! |
@@ -11,33 +2807,17 @@
 | file://:0:0:0:0 | parameter position 0 of File.absolute_path | file://:0:0:0:0 | [summary] to write: return (return) in File.absolute_path |
 | file://:0:0:0:0 | parameter position 0 of File.dirname | file://:0:0:0:0 | [summary] to write: return (return) in File.dirname |
 | file://:0:0:0:0 | parameter position 0 of File.expand_path | file://:0:0:0:0 | [summary] to write: return (return) in File.expand_path |
+| file://:0:0:0:0 | parameter position 0 of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join |
 | file://:0:0:0:0 | parameter position 0 of File.path | file://:0:0:0:0 | [summary] to write: return (return) in File.path |
 | file://:0:0:0:0 | parameter position 0 of File.realdirpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realdirpath |
 | file://:0:0:0:0 | parameter position 0 of File.realpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realpath |
 | file://:0:0:0:0 | parameter position 0 of Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] |
 | file://:0:0:0:0 | parameter position 0 of String.try_convert | file://:0:0:0:0 | [summary] to write: return (return) in String.try_convert |
 | file://:0:0:0:0 | parameter position 0 of \| | file://:0:0:0:0 | [summary] read: argument position 0.any element in \| |
-| file://:0:0:0:0 | parameter position 0 of activestorage;;Member[ActiveStorage].Member[Filename].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in activestorage;;Member[ActiveStorage].Member[Filename].Method[new] |
-| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] | file://:0:0:0:0 | [summary] to write: argument self in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] |
-| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[safe_concat] |
-| file://:0:0:0:0 | parameter position 0 of activesupport;;Member[ActionView].Member[SafeBuffer].Method[new] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Method[new] |
-| file://:0:0:0:0 | parameter position 0.. of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join |
+| file://:0:0:0:0 | parameter position 1.. of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join |
 | file://:0:0:0:0 | parameter self of & | file://:0:0:0:0 | [summary] read: argument self.any element in & |
 | file://:0:0:0:0 | parameter self of * | file://:0:0:0:0 | [summary] read: argument self.any element in * |
 | file://:0:0:0:0 | parameter self of - | file://:0:0:0:0 | [summary] read: argument self.any element in - |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[basename] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[basename] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[cleanpath] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[cleanpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[dirname] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[dirname] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[each_filename] | file://:0:0:0:0 | [summary] to write: argument block.parameter position 0 in ;Pathname;Method[each_filename] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[existence] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[existence] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[expand_path] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[expand_path] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[join] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[join] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[parent] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[parent] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[realpath] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[realpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[relative_path_from] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[relative_path_from] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[sub] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub_ext] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[sub_ext] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[to_path] | file://:0:0:0:0 | [summary] to write: return (return) in ;Pathname;Method[to_path] |
 | file://:0:0:0:0 | parameter self of ActionController::Parameters#<various> | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#<various> |
 | file://:0:0:0:0 | parameter self of ActionController::Parameters#merge | file://:0:0:0:0 | [summary] to write: return (return) in ActionController::Parameters#merge |
 | file://:0:0:0:0 | parameter self of ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: argument self in ActionController::Parameters#merge! |
@@ -45,12 +2825,10 @@
 | file://:0:0:0:0 | parameter self of ActiveSupportStringTransform | file://:0:0:0:0 | [summary] to write: return (return) in ActiveSupportStringTransform |
 | file://:0:0:0:0 | parameter self of [] | file://:0:0:0:0 | [summary] to write: return (return) in [] |
 | file://:0:0:0:0 | parameter self of \| | file://:0:0:0:0 | [summary] read: argument self.any element in \| |
-| file://:0:0:0:0 | parameter self of activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized] | file://:0:0:0:0 | [summary] to write: return (return) in activestorage;;Member[ActiveStorage].Member[Filename].Instance.Method[sanitized] |
-| file://:0:0:0:0 | parameter self of activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param] | file://:0:0:0:0 | [summary] to write: return (return) in activesupport;;Member[ActionView].Member[SafeBuffer].Instance.Method[concat,insert,prepend,to_s,to_param] |
 | file://:0:0:0:0 | parameter self of each(0) | file://:0:0:0:0 | [summary] read: argument self.any element in each(0) |
 | local_dataflow.rb:1:1:7:3 | self (foo) | local_dataflow.rb:3:8:3:10 | self |
 | local_dataflow.rb:1:1:7:3 | self in foo | local_dataflow.rb:1:1:7:3 | self (foo) |
-| local_dataflow.rb:1:1:124:4 | self (local_dataflow.rb) | local_dataflow.rb:49:1:53:3 | self |
+| local_dataflow.rb:1:1:150:3 | self (local_dataflow.rb) | local_dataflow.rb:49:1:53:3 | self |
 | local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:1:9:1:9 | a |
 | local_dataflow.rb:1:9:1:9 | a | local_dataflow.rb:2:7:2:7 | a |
 | local_dataflow.rb:2:3:2:7 | ... = ... | local_dataflow.rb:3:13:3:13 | b |
@@ -138,22 +2916,19 @@
 | local_dataflow.rb:60:1:90:3 | self in test_case | local_dataflow.rb:60:1:90:3 | self (test_case) |
 | local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:60:15:60:15 | x |
 | local_dataflow.rb:60:15:60:15 | x | local_dataflow.rb:61:12:61:12 | x |
+| local_dataflow.rb:61:7:68:5 | SSA phi read(x) | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:61:7:68:5 | case ... | local_dataflow.rb:61:3:68:5 | ... = ... |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:63:15:63:15 | x |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:65:6:65:6 | x |
 | local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:67:5:67:5 | x |
-| local_dataflow.rb:61:12:61:12 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:62:10:62:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:62:15:62:15 | 3 | local_dataflow.rb:62:10:62:15 | then ... |
 | local_dataflow.rb:63:10:63:15 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:63:10:63:15 | then ... |
-| local_dataflow.rb:63:15:63:15 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:64:9:65:6 | then ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:64:9:65:6 | then ... |
-| local_dataflow.rb:65:6:65:6 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:66:3:67:5 | else ... | local_dataflow.rb:61:7:68:5 | case ... |
 | local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:66:3:67:5 | else ... |
-| local_dataflow.rb:67:5:67:5 | x | local_dataflow.rb:69:12:69:12 | x |
 | local_dataflow.rb:69:7:76:5 | case ... | local_dataflow.rb:69:3:76:5 | ... = ... |
 | local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:71:13:71:13 | x |
 | local_dataflow.rb:69:12:69:12 | x | local_dataflow.rb:73:7:73:7 | x |
@@ -167,6 +2942,7 @@
 | local_dataflow.rb:74:3:75:6 | else ... | local_dataflow.rb:69:7:76:5 | case ... |
 | local_dataflow.rb:75:6:75:6 | x | local_dataflow.rb:74:3:75:6 | else ... |
 | local_dataflow.rb:78:3:88:5 | ... = ... | local_dataflow.rb:89:8:89:8 | z |
+| local_dataflow.rb:78:7:88:5 | SSA phi read(self) | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
 | local_dataflow.rb:78:7:88:5 | case ... | local_dataflow.rb:78:3:88:5 | ... = ... |
 | local_dataflow.rb:78:12:78:20 | [post] self | local_dataflow.rb:79:20:79:26 | self |
@@ -191,18 +2967,14 @@
 | local_dataflow.rb:78:12:78:20 | self | local_dataflow.rb:87:20:87:26 | self |
 | local_dataflow.rb:79:13:79:13 | b | local_dataflow.rb:79:25:79:25 | b |
 | local_dataflow.rb:79:15:79:45 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:79:20:79:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:79:20:79:26 | call to sink | local_dataflow.rb:79:15:79:45 | then ... |
-| local_dataflow.rb:79:20:79:26 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:80:8:80:8 | a | local_dataflow.rb:80:13:80:13 | a |
 | local_dataflow.rb:80:13:80:13 | [post] a | local_dataflow.rb:80:29:80:29 | a |
 | local_dataflow.rb:80:13:80:13 | a | local_dataflow.rb:80:13:80:17 | ... > ... |
 | local_dataflow.rb:80:13:80:13 | a | local_dataflow.rb:80:29:80:29 | a |
 | local_dataflow.rb:80:17:80:17 | 0 | local_dataflow.rb:80:13:80:17 | ... > ... |
 | local_dataflow.rb:80:19:80:49 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:80:24:80:30 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:80:24:80:30 | call to sink | local_dataflow.rb:80:19:80:49 | then ... |
-| local_dataflow.rb:80:24:80:30 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:81:9:81:9 | c | local_dataflow.rb:82:12:82:12 | c |
 | local_dataflow.rb:81:13:81:13 | d | local_dataflow.rb:83:12:83:12 | d |
 | local_dataflow.rb:81:16:81:16 | e | local_dataflow.rb:84:12:84:12 | e |
@@ -213,22 +2985,14 @@
 | local_dataflow.rb:82:7:82:13 | self | local_dataflow.rb:83:7:83:13 | self |
 | local_dataflow.rb:83:7:83:13 | [post] self | local_dataflow.rb:84:7:84:13 | self |
 | local_dataflow.rb:83:7:83:13 | self | local_dataflow.rb:84:7:84:13 | self |
-| local_dataflow.rb:84:7:84:13 | [post] self | local_dataflow.rb:89:3:89:9 | self |
-| local_dataflow.rb:84:7:84:13 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:85:13:85:13 | f | local_dataflow.rb:85:27:85:27 | f |
 | local_dataflow.rb:85:17:85:47 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:85:22:85:28 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:85:22:85:28 | call to sink | local_dataflow.rb:85:17:85:47 | then ... |
-| local_dataflow.rb:85:22:85:28 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:86:18:86:18 | g | local_dataflow.rb:86:33:86:33 | g |
 | local_dataflow.rb:86:23:86:53 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:86:28:86:34 | [post] self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:86:28:86:34 | call to sink | local_dataflow.rb:86:23:86:53 | then ... |
-| local_dataflow.rb:86:28:86:34 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:87:10:87:10 | x | local_dataflow.rb:87:25:87:25 | x |
 | local_dataflow.rb:87:15:87:48 | then ... | local_dataflow.rb:78:7:88:5 | case ... |
-| local_dataflow.rb:87:20:87:26 | [post] self | local_dataflow.rb:89:3:89:9 | self |
-| local_dataflow.rb:87:20:87:26 | self | local_dataflow.rb:89:3:89:9 | self |
 | local_dataflow.rb:87:25:87:25 | [post] x | local_dataflow.rb:87:29:87:29 | x |
 | local_dataflow.rb:87:25:87:25 | x | local_dataflow.rb:87:29:87:29 | x |
 | local_dataflow.rb:87:29:87:29 | x | local_dataflow.rb:87:15:87:48 | then ... |
@@ -236,88 +3000,70 @@
 | local_dataflow.rb:92:1:109:3 | self in and_or | local_dataflow.rb:92:1:109:3 | self (and_or) |
 | local_dataflow.rb:93:3:93:28 | ... = ... | local_dataflow.rb:94:8:94:8 | a |
 | local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:93:20:93:28 | self |
-| local_dataflow.rb:93:7:93:15 | [post] self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:7:93:15 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
 | local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:93:20:93:28 | self |
-| local_dataflow.rb:93:7:93:15 | self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
 | local_dataflow.rb:93:7:93:28 | ... \|\| ... | local_dataflow.rb:93:3:93:28 | ... = ... |
-| local_dataflow.rb:93:20:93:28 | [post] self | local_dataflow.rb:94:3:94:9 | self |
+| local_dataflow.rb:93:7:93:28 | SSA phi read(self) | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:93:20:93:28 | call to source | local_dataflow.rb:93:7:93:28 | ... \|\| ... |
-| local_dataflow.rb:93:20:93:28 | self | local_dataflow.rb:94:3:94:9 | self |
 | local_dataflow.rb:94:3:94:9 | [post] self | local_dataflow.rb:95:8:95:16 | self |
 | local_dataflow.rb:94:3:94:9 | self | local_dataflow.rb:95:8:95:16 | self |
 | local_dataflow.rb:95:3:95:30 | ... = ... | local_dataflow.rb:96:8:96:8 | b |
 | local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
 | local_dataflow.rb:95:7:95:30 | ( ... ) | local_dataflow.rb:95:3:95:30 | ... = ... |
 | local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:95:21:95:29 | self |
-| local_dataflow.rb:95:8:95:16 | [post] self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:8:95:16 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
 | local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:95:21:95:29 | self |
-| local_dataflow.rb:95:8:95:16 | self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:8:95:29 | ... or ... | local_dataflow.rb:95:7:95:30 | ( ... ) |
-| local_dataflow.rb:95:21:95:29 | [post] self | local_dataflow.rb:96:3:96:9 | self |
+| local_dataflow.rb:95:8:95:29 | SSA phi read(self) | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:95:21:95:29 | call to source | local_dataflow.rb:95:8:95:29 | ... or ... |
-| local_dataflow.rb:95:21:95:29 | self | local_dataflow.rb:96:3:96:9 | self |
 | local_dataflow.rb:96:3:96:9 | [post] self | local_dataflow.rb:98:7:98:15 | self |
 | local_dataflow.rb:96:3:96:9 | self | local_dataflow.rb:98:7:98:15 | self |
 | local_dataflow.rb:98:3:98:28 | ... = ... | local_dataflow.rb:99:8:99:8 | a |
 | local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:98:20:98:28 | self |
-| local_dataflow.rb:98:7:98:15 | [post] self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:7:98:15 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
 | local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:98:20:98:28 | self |
-| local_dataflow.rb:98:7:98:15 | self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
 | local_dataflow.rb:98:7:98:28 | ... && ... | local_dataflow.rb:98:3:98:28 | ... = ... |
-| local_dataflow.rb:98:20:98:28 | [post] self | local_dataflow.rb:99:3:99:9 | self |
+| local_dataflow.rb:98:7:98:28 | SSA phi read(self) | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:98:20:98:28 | call to source | local_dataflow.rb:98:7:98:28 | ... && ... |
-| local_dataflow.rb:98:20:98:28 | self | local_dataflow.rb:99:3:99:9 | self |
 | local_dataflow.rb:99:3:99:9 | [post] self | local_dataflow.rb:100:8:100:16 | self |
 | local_dataflow.rb:99:3:99:9 | self | local_dataflow.rb:100:8:100:16 | self |
 | local_dataflow.rb:100:3:100:31 | ... = ... | local_dataflow.rb:101:8:101:8 | b |
 | local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
 | local_dataflow.rb:100:7:100:31 | ( ... ) | local_dataflow.rb:100:3:100:31 | ... = ... |
 | local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:100:22:100:30 | self |
-| local_dataflow.rb:100:8:100:16 | [post] self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:8:100:16 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
 | local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:100:22:100:30 | self |
-| local_dataflow.rb:100:8:100:16 | self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:8:100:30 | ... and ... | local_dataflow.rb:100:7:100:31 | ( ... ) |
-| local_dataflow.rb:100:22:100:30 | [post] self | local_dataflow.rb:101:3:101:9 | self |
+| local_dataflow.rb:100:8:100:30 | SSA phi read(self) | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:100:22:100:30 | call to source | local_dataflow.rb:100:8:100:30 | ... and ... |
-| local_dataflow.rb:100:22:100:30 | self | local_dataflow.rb:101:3:101:9 | self |
 | local_dataflow.rb:101:3:101:9 | [post] self | local_dataflow.rb:103:7:103:15 | self |
 | local_dataflow.rb:101:3:101:9 | self | local_dataflow.rb:103:7:103:15 | self |
 | local_dataflow.rb:103:3:103:15 | ... = ... | local_dataflow.rb:104:3:104:3 | a |
 | local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:104:9:104:17 | self |
-| local_dataflow.rb:103:7:103:15 | [post] self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
 | local_dataflow.rb:103:7:103:15 | call to source | local_dataflow.rb:103:3:103:15 | ... = ... |
 | local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:104:9:104:17 | self |
-| local_dataflow.rb:103:7:103:15 | self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:104:3:104:3 | a | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
 | local_dataflow.rb:104:3:104:17 | ... = ... | local_dataflow.rb:105:8:105:8 | a |
 | local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
 | local_dataflow.rb:104:5:104:7 | ... \|\| ... | local_dataflow.rb:104:3:104:17 | ... = ... |
-| local_dataflow.rb:104:9:104:17 | [post] self | local_dataflow.rb:105:3:105:9 | self |
+| local_dataflow.rb:104:5:104:7 | SSA phi read(self) | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:104:9:104:17 | call to source | local_dataflow.rb:104:5:104:7 | ... \|\| ... |
-| local_dataflow.rb:104:9:104:17 | self | local_dataflow.rb:105:3:105:9 | self |
 | local_dataflow.rb:105:3:105:9 | [post] self | local_dataflow.rb:106:7:106:15 | self |
 | local_dataflow.rb:105:3:105:9 | self | local_dataflow.rb:106:7:106:15 | self |
 | local_dataflow.rb:106:3:106:15 | ... = ... | local_dataflow.rb:107:3:107:3 | b |
 | local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:107:9:107:17 | self |
-| local_dataflow.rb:106:7:106:15 | [post] self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
 | local_dataflow.rb:106:7:106:15 | call to source | local_dataflow.rb:106:3:106:15 | ... = ... |
 | local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:107:9:107:17 | self |
-| local_dataflow.rb:106:7:106:15 | self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:107:3:107:3 | b | local_dataflow.rb:107:5:107:7 | ... && ... |
 | local_dataflow.rb:107:3:107:17 | ... = ... | local_dataflow.rb:108:8:108:8 | b |
 | local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
 | local_dataflow.rb:107:5:107:7 | ... && ... | local_dataflow.rb:107:3:107:17 | ... = ... |
-| local_dataflow.rb:107:9:107:17 | [post] self | local_dataflow.rb:108:3:108:9 | self |
+| local_dataflow.rb:107:5:107:7 | SSA phi read(self) | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:107:9:107:17 | call to source | local_dataflow.rb:107:5:107:7 | ... && ... |
-| local_dataflow.rb:107:9:107:17 | self | local_dataflow.rb:108:3:108:9 | self |
 | local_dataflow.rb:111:1:114:3 | self (object_dup) | local_dataflow.rb:112:3:112:21 | self |
 | local_dataflow.rb:111:1:114:3 | self in object_dup | local_dataflow.rb:111:1:114:3 | self (object_dup) |
 | local_dataflow.rb:112:3:112:21 | [post] self | local_dataflow.rb:112:8:112:16 | self |
@@ -354,3 +3100,95 @@
 | local_dataflow.rb:123:8:123:20 | call to dup | local_dataflow.rb:123:8:123:45 | call to tap |
 | local_dataflow.rb:123:8:123:45 | call to tap | local_dataflow.rb:123:8:123:49 | call to dup |
 | local_dataflow.rb:123:26:123:45 | <captured> self | local_dataflow.rb:123:32:123:43 | self |
+| local_dataflow.rb:126:1:128:3 | self (use) | local_dataflow.rb:127:3:127:8 | self |
+| local_dataflow.rb:126:1:128:3 | self in use | local_dataflow.rb:126:1:128:3 | self (use) |
+| local_dataflow.rb:130:1:150:3 | self (use_use_madness) | local_dataflow.rb:132:6:132:11 | self |
+| local_dataflow.rb:130:1:150:3 | self in use_use_madness | local_dataflow.rb:130:1:150:3 | self (use_use_madness) |
+| local_dataflow.rb:131:3:131:8 | ... = ... | local_dataflow.rb:132:10:132:10 | x |
+| local_dataflow.rb:131:7:131:8 | "" | local_dataflow.rb:131:3:131:8 | ... = ... |
+| local_dataflow.rb:131:7:131:8 | "" | local_dataflow.rb:131:3:131:8 | ... = ... |
+| local_dataflow.rb:132:6:132:11 | [post] self | local_dataflow.rb:133:8:133:13 | self |
+| local_dataflow.rb:132:6:132:11 | self | local_dataflow.rb:133:8:133:13 | self |
+| local_dataflow.rb:132:10:132:10 | x | local_dataflow.rb:133:12:133:12 | x |
+| local_dataflow.rb:132:12:148:10 | then ... | local_dataflow.rb:132:3:149:5 | if ... |
+| local_dataflow.rb:133:5:139:7 | SSA phi read(self) | local_dataflow.rb:141:9:141:14 | self |
+| local_dataflow.rb:133:5:139:7 | SSA phi read(x) | local_dataflow.rb:141:13:141:13 | x |
+| local_dataflow.rb:133:8:133:13 | [post] self | local_dataflow.rb:133:18:133:23 | self |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... |
+| local_dataflow.rb:133:8:133:13 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... |
+| local_dataflow.rb:133:8:133:13 | self | local_dataflow.rb:133:18:133:23 | self |
+| local_dataflow.rb:133:8:133:23 | SSA phi read(self) | local_dataflow.rb:134:7:134:12 | self |
+| local_dataflow.rb:133:8:133:23 | SSA phi read(x) | local_dataflow.rb:134:11:134:11 | x |
+| local_dataflow.rb:133:12:133:12 | x | local_dataflow.rb:133:22:133:22 | x |
+| local_dataflow.rb:133:18:133:23 | [post] self | local_dataflow.rb:136:7:136:12 | self |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [false] ... \|\| ... |
+| local_dataflow.rb:133:18:133:23 | call to use | local_dataflow.rb:133:8:133:23 | [true] ... \|\| ... |
+| local_dataflow.rb:133:18:133:23 | self | local_dataflow.rb:136:7:136:12 | self |
+| local_dataflow.rb:133:22:133:22 | x | local_dataflow.rb:136:11:136:11 | x |
+| local_dataflow.rb:133:24:134:12 | then ... | local_dataflow.rb:133:5:139:7 | if ... |
+| local_dataflow.rb:134:7:134:12 | call to use | local_dataflow.rb:133:24:134:12 | then ... |
+| local_dataflow.rb:135:5:138:9 | else ... | local_dataflow.rb:133:5:139:7 | if ... |
+| local_dataflow.rb:136:7:136:12 | [post] self | local_dataflow.rb:137:10:137:15 | self |
+| local_dataflow.rb:136:7:136:12 | self | local_dataflow.rb:137:10:137:15 | self |
+| local_dataflow.rb:136:11:136:11 | x | local_dataflow.rb:137:14:137:14 | x |
+| local_dataflow.rb:137:7:138:9 | SSA phi read(self) | local_dataflow.rb:133:5:139:7 | SSA phi read(self) |
+| local_dataflow.rb:137:7:138:9 | SSA phi read(x) | local_dataflow.rb:133:5:139:7 | SSA phi read(x) |
+| local_dataflow.rb:137:7:138:9 | if ... | local_dataflow.rb:135:5:138:9 | else ... |
+| local_dataflow.rb:137:10:137:15 | [post] self | local_dataflow.rb:137:21:137:26 | self |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [false] ... && ... |
+| local_dataflow.rb:137:10:137:15 | call to use | local_dataflow.rb:137:10:137:26 | [true] ... && ... |
+| local_dataflow.rb:137:10:137:15 | self | local_dataflow.rb:137:21:137:26 | self |
+| local_dataflow.rb:137:10:137:26 | SSA phi read(self) | local_dataflow.rb:137:7:138:9 | SSA phi read(self) |
+| local_dataflow.rb:137:10:137:26 | SSA phi read(x) | local_dataflow.rb:137:7:138:9 | SSA phi read(x) |
+| local_dataflow.rb:137:14:137:14 | x | local_dataflow.rb:137:25:137:25 | x |
+| local_dataflow.rb:137:20:137:26 | [false] ! ... | local_dataflow.rb:137:10:137:26 | [false] ... && ... |
+| local_dataflow.rb:137:20:137:26 | [true] ! ... | local_dataflow.rb:137:10:137:26 | [true] ... && ... |
+| local_dataflow.rb:137:21:137:26 | call to use | local_dataflow.rb:137:20:137:26 | [false] ! ... |
+| local_dataflow.rb:137:21:137:26 | call to use | local_dataflow.rb:137:20:137:26 | [true] ! ... |
+| local_dataflow.rb:141:5:145:7 | SSA phi read(self) | local_dataflow.rb:147:5:147:10 | self |
+| local_dataflow.rb:141:5:145:7 | SSA phi read(x) | local_dataflow.rb:147:9:147:9 | x |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... |
+| local_dataflow.rb:141:8:141:14 | [false] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:8:141:14 | [true] ! ... | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:8:141:37 | SSA phi read(self) | local_dataflow.rb:141:5:145:7 | SSA phi read(self) |
+| local_dataflow.rb:141:8:141:37 | SSA phi read(x) | local_dataflow.rb:141:5:145:7 | SSA phi read(x) |
+| local_dataflow.rb:141:9:141:14 | [post] self | local_dataflow.rb:141:20:141:25 | self |
+| local_dataflow.rb:141:9:141:14 | call to use | local_dataflow.rb:141:8:141:14 | [false] ! ... |
+| local_dataflow.rb:141:9:141:14 | call to use | local_dataflow.rb:141:8:141:14 | [true] ! ... |
+| local_dataflow.rb:141:9:141:14 | self | local_dataflow.rb:141:20:141:25 | self |
+| local_dataflow.rb:141:13:141:13 | x | local_dataflow.rb:141:24:141:24 | x |
+| local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... |
+| local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... |
+| local_dataflow.rb:141:20:141:25 | [post] self | local_dataflow.rb:141:31:141:36 | self |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [false] ... && ... |
+| local_dataflow.rb:141:20:141:25 | call to use | local_dataflow.rb:141:20:141:36 | [true] ... && ... |
+| local_dataflow.rb:141:20:141:25 | self | local_dataflow.rb:141:31:141:36 | self |
+| local_dataflow.rb:141:20:141:36 | SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self |
+| local_dataflow.rb:141:20:141:36 | SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x |
+| local_dataflow.rb:141:20:141:36 | [false] ... && ... | local_dataflow.rb:141:19:141:37 | [false] ( ... ) |
+| local_dataflow.rb:141:20:141:36 | [true] ... && ... | local_dataflow.rb:141:19:141:37 | [true] ( ... ) |
+| local_dataflow.rb:141:24:141:24 | x | local_dataflow.rb:141:35:141:35 | x |
+| local_dataflow.rb:141:30:141:36 | [false] ! ... | local_dataflow.rb:141:20:141:36 | [false] ... && ... |
+| local_dataflow.rb:141:30:141:36 | [true] ! ... | local_dataflow.rb:141:20:141:36 | [true] ... && ... |
+| local_dataflow.rb:141:31:141:36 | call to use | local_dataflow.rb:141:30:141:36 | [false] ! ... |
+| local_dataflow.rb:141:31:141:36 | call to use | local_dataflow.rb:141:30:141:36 | [true] ! ... |
+| local_dataflow.rb:141:38:142:9 | then ... | local_dataflow.rb:141:5:145:7 | if ... |
+| local_dataflow.rb:142:7:142:9 | nil | local_dataflow.rb:141:38:142:9 | then ... |
+| local_dataflow.rb:143:5:144:16 | SSA phi read(self) | local_dataflow.rb:141:5:145:7 | SSA phi read(self) |
+| local_dataflow.rb:143:5:144:16 | SSA phi read(x) | local_dataflow.rb:141:5:145:7 | SSA phi read(x) |
+| local_dataflow.rb:143:5:144:16 | elsif ... | local_dataflow.rb:141:5:145:7 | if ... |
+| local_dataflow.rb:143:11:143:16 | [post] self | local_dataflow.rb:143:21:143:26 | self |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... |
+| local_dataflow.rb:143:11:143:16 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... |
+| local_dataflow.rb:143:11:143:16 | self | local_dataflow.rb:143:21:143:26 | self |
+| local_dataflow.rb:143:11:143:26 | SSA phi read(self) | local_dataflow.rb:144:11:144:16 | self |
+| local_dataflow.rb:143:11:143:26 | SSA phi read(x) | local_dataflow.rb:144:15:144:15 | x |
+| local_dataflow.rb:143:15:143:15 | x | local_dataflow.rb:143:25:143:25 | x |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [false] ... \|\| ... |
+| local_dataflow.rb:143:21:143:26 | call to use | local_dataflow.rb:143:11:143:26 | [true] ... \|\| ... |
+| local_dataflow.rb:143:27:144:16 | then ... | local_dataflow.rb:143:5:144:16 | elsif ... |
+| local_dataflow.rb:144:11:144:16 | call to use | local_dataflow.rb:143:27:144:16 | then ... |
+| local_dataflow.rb:147:5:147:10 | [post] self | local_dataflow.rb:148:5:148:10 | self |
+| local_dataflow.rb:147:5:147:10 | self | local_dataflow.rb:148:5:148:10 | self |
+| local_dataflow.rb:147:9:147:9 | x | local_dataflow.rb:148:9:148:9 | x |
+| local_dataflow.rb:148:5:148:10 | call to use | local_dataflow.rb:132:12:148:10 | then ... |
diff --git a/ruby/ql/test/library-tests/dataflow/local/UseUseExplosion.rb b/ruby/ql/test/library-tests/dataflow/local/UseUseExplosion.rb
new file mode 100644
index 00000000000..022ecae6eeb
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/local/UseUseExplosion.rb
@@ -0,0 +1,26 @@
+class C
+    # Should generate 100 + 100 local use-use flow steps for `x`, and not 100 * 100
+    #
+    # Generated by quick-evaling `gen/0` below:
+    #
+    # ```ql
+    # string gen(int depth) {
+    #   depth in [0 .. 100] and
+    #   (
+    #     if depth = 0
+    #     then result = ""
+    #     else result = "if (@prop > " + depth + ") then " + gen(depth - 1) + " else use(x) end"
+    #   )
+    # }
+    #
+    # string gen() { result = "x = 0\n" + gen(100) + "\n" + gen(100) }
+    # ```
+    def m()
+        x = 0
+        if (@prop > 100) then if (@prop > 99) then if (@prop > 98) then if (@prop > 97) then if (@prop > 96) then if (@prop > 95) then if (@prop > 94) then if (@prop > 93) then if (@prop > 92) then if (@prop > 91) then if (@prop > 90) then if (@prop > 89) then if (@prop > 88) then if (@prop > 87) then if (@prop > 86) then if (@prop > 85) then if (@prop > 84) then if (@prop > 83) then if (@prop > 82) then if (@prop > 81) then if (@prop > 80) then if (@prop > 79) then if (@prop > 78) then if (@prop > 77) then if (@prop > 76) then if (@prop > 75) then if (@prop > 74) then if (@prop > 73) then if (@prop > 72) then if (@prop > 71) then if (@prop > 70) then if (@prop > 69) then if (@prop > 68) then if (@prop > 67) then if (@prop > 66) then if (@prop > 65) then if (@prop > 64) then if (@prop > 63) then if (@prop > 62) then if (@prop > 61) then if (@prop > 60) then if (@prop > 59) then if (@prop > 58) then if (@prop > 57) then if (@prop > 56) then if (@prop > 55) then if (@prop > 54) then if (@prop > 53) then if (@prop > 52) then if (@prop > 51) then if (@prop > 50) then if (@prop > 49) then if (@prop > 48) then if (@prop > 47) then if (@prop > 46) then if (@prop > 45) then if (@prop > 44) then if (@prop > 43) then if (@prop > 42) then if (@prop > 41) then if (@prop > 40) then if (@prop > 39) then if (@prop > 38) then if (@prop > 37) then if (@prop > 36) then if (@prop > 35) then if (@prop > 34) then if (@prop > 33) then if (@prop > 32) then if (@prop > 31) then if (@prop > 30) then if (@prop > 29) then if (@prop > 28) then if (@prop > 27) then if (@prop > 26) then if (@prop > 25) then if (@prop > 24) then if (@prop > 23) then if (@prop > 22) then if (@prop > 21) then if (@prop > 20) then if (@prop > 19) then if (@prop > 18) then if (@prop > 17) then if (@prop > 16) then if (@prop > 15) then if (@prop > 14) then if (@prop > 13) then if (@prop > 12) then if (@prop > 11) then if (@prop > 10) then if (@prop > 9) then if (@prop > 8) then if (@prop > 7) then if (@prop > 6) then if (@prop > 5) then if (@prop > 4) then if (@prop > 3) then if (@prop > 2) then if (@prop > 1) then  else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end
+        if (@prop > 100) then if (@prop > 99) then if (@prop > 98) then if (@prop > 97) then if (@prop > 96) then if (@prop > 95) then if (@prop > 94) then if (@prop > 93) then if (@prop > 92) then if (@prop > 91) then if (@prop > 90) then if (@prop > 89) then if (@prop > 88) then if (@prop > 87) then if (@prop > 86) then if (@prop > 85) then if (@prop > 84) then if (@prop > 83) then if (@prop > 82) then if (@prop > 81) then if (@prop > 80) then if (@prop > 79) then if (@prop > 78) then if (@prop > 77) then if (@prop > 76) then if (@prop > 75) then if (@prop > 74) then if (@prop > 73) then if (@prop > 72) then if (@prop > 71) then if (@prop > 70) then if (@prop > 69) then if (@prop > 68) then if (@prop > 67) then if (@prop > 66) then if (@prop > 65) then if (@prop > 64) then if (@prop > 63) then if (@prop > 62) then if (@prop > 61) then if (@prop > 60) then if (@prop > 59) then if (@prop > 58) then if (@prop > 57) then if (@prop > 56) then if (@prop > 55) then if (@prop > 54) then if (@prop > 53) then if (@prop > 52) then if (@prop > 51) then if (@prop > 50) then if (@prop > 49) then if (@prop > 48) then if (@prop > 47) then if (@prop > 46) then if (@prop > 45) then if (@prop > 44) then if (@prop > 43) then if (@prop > 42) then if (@prop > 41) then if (@prop > 40) then if (@prop > 39) then if (@prop > 38) then if (@prop > 37) then if (@prop > 36) then if (@prop > 35) then if (@prop > 34) then if (@prop > 33) then if (@prop > 32) then if (@prop > 31) then if (@prop > 30) then if (@prop > 29) then if (@prop > 28) then if (@prop > 27) then if (@prop > 26) then if (@prop > 25) then if (@prop > 24) then if (@prop > 23) then if (@prop > 22) then if (@prop > 21) then if (@prop > 20) then if (@prop > 19) then if (@prop > 18) then if (@prop > 17) then if (@prop > 16) then if (@prop > 15) then if (@prop > 14) then if (@prop > 13) then if (@prop > 12) then if (@prop > 11) then if (@prop > 10) then if (@prop > 9) then if (@prop > 8) then if (@prop > 7) then if (@prop > 6) then if (@prop > 5) then if (@prop > 4) then if (@prop > 3) then if (@prop > 2) then if (@prop > 1) then  else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end else use(x) end
+    end
+
+    def use(i)
+    end
+end
diff --git a/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb b/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb
index f3c6a097273..d72ed8ac5d4 100644
--- a/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb
+++ b/ruby/ql/test/library-tests/dataflow/local/local_dataflow.rb
@@ -122,3 +122,29 @@ end
 def dup_tap
   sink(source(1).dup.tap { |x| puts "hello" }.dup)  # $ hasValueFlow=1
 end
+
+def use x
+  rand()
+end
+
+def use_use_madness
+  x = ""
+  if use(x)
+    if use(x) || use(x)
+      use(x)
+    else
+      use(x)
+      if use(x) && !use(x)
+      end
+    end
+
+    if !use(x) || (use(x) && !use(x))
+      nil
+    elsif use(x) || use(x)
+          use(x)
+    end
+
+    use(x)
+    use(x)
+  end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected
index 52ad4bc3bea..12db100a968 100644
--- a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected
@@ -40,6 +40,11 @@ edges
 | params_flow.rb:49:13:49:14 | p1 :  | params_flow.rb:50:10:50:11 | p1 |
 | params_flow.rb:54:9:54:17 | call to taint :  | params_flow.rb:49:13:49:14 | p1 :  |
 | params_flow.rb:57:9:57:17 | call to taint :  | params_flow.rb:49:13:49:14 | p1 :  |
+| params_flow.rb:62:8:62:16 | call to taint :  | params_flow.rb:66:13:66:16 | args :  |
+| params_flow.rb:63:16:63:17 | *x [element 0] :  | params_flow.rb:64:10:64:10 | x [element 0] :  |
+| params_flow.rb:64:10:64:10 | x [element 0] :  | params_flow.rb:64:10:64:13 | ...[...] |
+| params_flow.rb:66:12:66:16 | * ... [element 0] :  | params_flow.rb:63:16:63:17 | *x [element 0] :  |
+| params_flow.rb:66:13:66:16 | args :  | params_flow.rb:66:12:66:16 | * ... [element 0] :  |
 nodes
 | params_flow.rb:9:16:9:17 | p1 :  | semmle.label | p1 :  |
 | params_flow.rb:9:20:9:21 | p2 :  | semmle.label | p2 :  |
@@ -89,6 +94,12 @@ nodes
 | params_flow.rb:50:10:50:11 | p1 | semmle.label | p1 |
 | params_flow.rb:54:9:54:17 | call to taint :  | semmle.label | call to taint :  |
 | params_flow.rb:57:9:57:17 | call to taint :  | semmle.label | call to taint :  |
+| params_flow.rb:62:8:62:16 | call to taint :  | semmle.label | call to taint :  |
+| params_flow.rb:63:16:63:17 | *x [element 0] :  | semmle.label | *x [element 0] :  |
+| params_flow.rb:64:10:64:10 | x [element 0] :  | semmle.label | x [element 0] :  |
+| params_flow.rb:64:10:64:13 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:66:12:66:16 | * ... [element 0] :  | semmle.label | * ... [element 0] :  |
+| params_flow.rb:66:13:66:16 | args :  | semmle.label | args :  |
 subpaths
 #select
 | params_flow.rb:10:10:10:11 | p1 | params_flow.rb:14:12:14:19 | call to taint :  | params_flow.rb:10:10:10:11 | p1 | $@ | params_flow.rb:14:12:14:19 | call to taint :  | call to taint :  |
@@ -111,3 +122,4 @@ subpaths
 | params_flow.rb:29:10:29:22 | ( ... ) | params_flow.rb:34:14:34:22 | call to taint :  | params_flow.rb:29:10:29:22 | ( ... ) | $@ | params_flow.rb:34:14:34:22 | call to taint :  | call to taint :  |
 | params_flow.rb:50:10:50:11 | p1 | params_flow.rb:54:9:54:17 | call to taint :  | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:54:9:54:17 | call to taint :  | call to taint :  |
 | params_flow.rb:50:10:50:11 | p1 | params_flow.rb:57:9:57:17 | call to taint :  | params_flow.rb:50:10:50:11 | p1 | $@ | params_flow.rb:57:9:57:17 | call to taint :  | call to taint :  |
+| params_flow.rb:64:10:64:13 | ...[...] | params_flow.rb:62:8:62:16 | call to taint :  | params_flow.rb:64:10:64:13 | ...[...] | $@ | params_flow.rb:62:8:62:16 | call to taint :  | call to taint :  |
diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb
index 1dbbbec0734..41ae58a58da 100644
--- a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb
+++ b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb
@@ -57,4 +57,10 @@ args = [taint(22)]
 posargs(taint(23), *args)
 
 args = [taint(24), taint(25)]
-posargs(*args)
\ No newline at end of file
+posargs(*args)
+
+args = taint(26)
+def splatstuff(*x)
+    sink x[0] # $ hasValueFlow=26
+end
+splatstuff(*args)
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected b/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
index 6cebf219cd6..122a1d8eb1f 100644
--- a/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
@@ -12,6 +12,7 @@ edges
 | string_flow.rb:10:29:10:29 | b :  | string_flow.rb:10:10:10:30 | call to try_convert |
 | string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:15:10:15:17 | ... % ... |
 | string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:15:17:15:17 | a :  |
+| string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:16:10:16:29 | ... % ... |
 | string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:16:28:16:28 | a :  |
 | string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:17:10:17:10 | a :  |
 | string_flow.rb:14:9:14:18 | call to source :  | string_flow.rb:17:10:17:18 | ... % ... |
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
index 055faee45c6..f916520c8ce 100644
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected
@@ -534,8 +534,8 @@ invalidSpecComponent
 | summaries.rb:150:39:150:45 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:150:39:150:45 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 | summaries.rb:150:39:150:45 | tainted | summaries.rb:1:20:1:36 | call to source :  | summaries.rb:150:39:150:45 | tainted | $@ | summaries.rb:1:20:1:36 | call to source :  | call to source :  |
 warning
-| CSV type row should have 5 columns but has 2: test;TooFewColumns |
-| CSV type row should have 5 columns but has 8: test;TooManyColumns;;;Member[Foo].Instance;too;many;columns |
+| CSV type row should have 3 columns but has 1: TooFewColumns |
+| CSV type row should have 3 columns but has 6: TooManyColumns;;Member[Foo].Instance;too;many;columns |
 | Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
 | Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
 | Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |
diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
index 416a8635deb..b59862d0e5a 100644
--- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
+++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
@@ -67,32 +67,32 @@ private class StepsFromModel extends ModelInput::SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
-        ";any;Method[set_value];Argument[0];Argument[self].Field[@value];value",
-        ";any;Method[get_value];Argument[self].Field[@value];ReturnValue;value",
-        ";;Member[Foo].Method[firstArg];Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[secondArg];Argument[1];ReturnValue;taint",
-        ";;Member[Foo].Method[onlyWithoutBlock].WithoutBlock;Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[onlyWithBlock].WithBlock;Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[blockArg].Argument[block].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[namedArg];Argument[foo:];ReturnValue;taint",
-        ";;Member[Foo].Method[anyArg];Argument[any];ReturnValue;taint",
-        ";;Member[Foo].Method[anyNamedArg];Argument[any-named];ReturnValue;taint",
-        ";;Member[Foo].Method[anyPositionFromOne];Argument[1..];ReturnValue;taint",
-        ";;Member[Foo].Method[intoNamedCallback];Argument[0];Argument[foo:].Parameter[0];taint",
-        ";;Member[Foo].Method[intoNamedParameter];Argument[0];Argument[0].Parameter[foo:];taint",
-        ";;Member[Foo].Method[startInNamedCallback].Argument[foo:].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Method[startInNamedParameter].Argument[0].Parameter[foo:].Method[preserveTaint];Argument[0];ReturnValue;taint",
-        ";;Member[Foo].Instance.Method[flowToAnyArg];Argument[0];Argument[any];taint",
-        ";;Member[Foo].Instance.Method[flowToSelf];Argument[0];Argument[self];taint",
-        ";any;Method[matchedByName];Argument[0];ReturnValue;taint",
-        ";any;Method[matchedByNameRcv];Argument[self];ReturnValue;taint",
-        ";any;Method[withElementOne];Argument[self].WithElement[1];ReturnValue;value",
-        ";any;Method[withExactlyElementOne];Argument[self].WithElement[1!];ReturnValue;value",
-        ";any;Method[withoutElementOne];Argument[self].WithoutElement[1];Argument[self];value",
-        ";any;Method[withoutExactlyElementOne];Argument[self].WithoutElement[1!];Argument[self];value",
-        ";any;Method[readElementOne];Argument[self].Element[1];ReturnValue;value",
-        ";any;Method[readExactlyElementOne];Argument[self].Element[1!];ReturnValue;value",
-        ";any;Method[withoutElementOneAndTwo];Argument[self].WithoutElement[1].WithoutElement[2].WithElement[any];Argument[self];value",
+        "any;Method[set_value];Argument[0];Argument[self].Field[@value];value",
+        "any;Method[get_value];Argument[self].Field[@value];ReturnValue;value",
+        "Foo!;Method[firstArg];Argument[0];ReturnValue;taint",
+        "Foo!;Method[secondArg];Argument[1];ReturnValue;taint",
+        "Foo!;Method[onlyWithoutBlock].WithoutBlock;Argument[0];ReturnValue;taint",
+        "Foo!;Method[onlyWithBlock].WithBlock;Argument[0];ReturnValue;taint",
+        "Foo!;Method[blockArg].Argument[block].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        "Foo!;Method[namedArg];Argument[foo:];ReturnValue;taint",
+        "Foo!;Method[anyArg];Argument[any];ReturnValue;taint",
+        "Foo!;Method[anyNamedArg];Argument[any-named];ReturnValue;taint",
+        "Foo!;Method[anyPositionFromOne];Argument[1..];ReturnValue;taint",
+        "Foo!;Method[intoNamedCallback];Argument[0];Argument[foo:].Parameter[0];taint",
+        "Foo!;Method[intoNamedParameter];Argument[0];Argument[0].Parameter[foo:];taint",
+        "Foo!;Method[startInNamedCallback].Argument[foo:].Parameter[0].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        "Foo!;Method[startInNamedParameter].Argument[0].Parameter[foo:].Method[preserveTaint];Argument[0];ReturnValue;taint",
+        "Foo;Method[flowToAnyArg];Argument[0];Argument[any];taint",
+        "Foo;Method[flowToSelf];Argument[0];Argument[self];taint",
+        "any;Method[matchedByName];Argument[0];ReturnValue;taint",
+        "any;Method[matchedByNameRcv];Argument[self];ReturnValue;taint",
+        "any;Method[withElementOne];Argument[self].WithElement[1];ReturnValue;value",
+        "any;Method[withExactlyElementOne];Argument[self].WithElement[1!];ReturnValue;value",
+        "any;Method[withoutElementOne];Argument[self].WithoutElement[1];Argument[self];value",
+        "any;Method[withoutExactlyElementOne];Argument[self].WithoutElement[1!];Argument[self];value",
+        "any;Method[readElementOne];Argument[self].Element[1];ReturnValue;value",
+        "any;Method[readExactlyElementOne];Argument[self].Element[1!];ReturnValue;value",
+        "any;Method[withoutElementOneAndTwo];Argument[self].WithoutElement[1].WithoutElement[2].WithElement[any];Argument[self];value",
       ]
   }
 }
@@ -101,23 +101,21 @@ private class TypeFromModel extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
     row =
       [
-        "test;FooOrBar;;;Member[Foo].Instance", //
-        "test;FooOrBar;;;Member[Bar].Instance", //
-        "test;FooOrBar;test;FooOrBar;Method[next].ReturnValue",
+        "~FooOrBar;Foo;", //
+        "~FooOrBar;Bar;", //
+        "~FooOrBar;~FooOrBar;Method[next].ReturnValue",
       ]
   }
 }
 
 private class TypeFromCodeQL extends ModelInput::TypeModel {
-  override DataFlow::Node getASource(string package, string type) {
-    package = "test" and
-    type = "FooOrBar" and
+  override DataFlow::Node getASource(string type) {
+    type = "~FooOrBar" and
     result.getConstantValue().getString() = "magic_string"
   }
 
-  override API::Node getAnApiNode(string package, string type) {
-    package = "test" and
-    type = "FooOrBar" and
+  override API::Node getAnApiNode(string type) {
+    type = "~FooOrBar" and
     result = API::getTopLevelMember("Alias").getMember(["Foo", "Bar"])
   }
 }
@@ -126,13 +124,13 @@ private class InvalidTypeModel extends ModelInput::TypeModelCsv {
   override predicate row(string row) {
     row =
       [
-        "test;TooManyColumns;;;Member[Foo].Instance;too;many;columns", //
-        "test;TooFewColumns", //
-        "test;X;test;Y;Method[foo].Arg[0]", //
-        "test;X;test;Y;Method[foo].Argument[0-1]", //
-        "test;X;test;Y;Method[foo].Argument[*]", //
-        "test;X;test;Y;Method[foo].Argument", //
-        "test;X;test;Y;Method[foo].Member", //
+        "TooManyColumns;;Member[Foo].Instance;too;many;columns", //
+        "TooFewColumns", //
+        "Foo;Foo;Method[foo].Arg[0]", //
+        "Foo;Foo;Method[foo].Argument[0-1]", //
+        "Foo;Foo;Method[foo].Argument[*]", //
+        "Foo;Foo;Method[foo].Argument", //
+        "Foo;Foo;Method[foo].Member", //
       ]
   }
 }
@@ -141,12 +139,12 @@ private class SinkFromModel extends ModelInput::SinkModelCsv {
   override predicate row(string row) {
     row =
       [
-        "test;FooOrBar;Method[method].Argument[0];test-sink", //
-        ";;Member[Foo].Method[sinkAnyArg].Argument[any];test-sink", //
-        ";;Member[Foo].Method[sinkAnyNamedArg].Argument[any-named];test-sink", //
-        ";;Member[Foo].Method[getSinks].ReturnValue.Element[any].Method[mySink].Argument[0];test-sink", //
-        ";;Member[Foo].Method[arraySink].Argument[0].Element[any];test-sink", //
-        ";;Member[Foo].Method[secondArrayElementIsSink].Argument[0].Element[1];test-sink", //
+        "~FooOrBar;Method[method].Argument[0];test-sink", //
+        "Foo!;Method[sinkAnyArg].Argument[any];test-sink", //
+        "Foo!;Method[sinkAnyNamedArg].Argument[any-named];test-sink", //
+        "Foo!;Method[getSinks].ReturnValue.Element[any].Method[mySink].Argument[0];test-sink", //
+        "Foo!;Method[arraySink].Argument[0].Element[any];test-sink", //
+        "Foo!;Method[secondArrayElementIsSink].Argument[0].Element[1];test-sink", //
       ]
   }
 }
diff --git a/ruby/ql/test/library-tests/frameworks/ActionController.expected b/ruby/ql/test/library-tests/frameworks/ActionController.expected
deleted file mode 100644
index 862fd93c424..00000000000
--- a/ruby/ql/test/library-tests/frameworks/ActionController.expected
+++ /dev/null
@@ -1,410 +0,0 @@
-actionControllerControllerClasses
-| action_controller/input_access.rb:1:1:50:3 | UsersController |
-| action_controller/params_flow.rb:1:1:162:3 | MyController |
-| action_controller/params_flow.rb:170:1:178:3 | Subclass |
-| active_record/ActiveRecord.rb:23:1:39:3 | FooController |
-| active_record/ActiveRecord.rb:41:1:64:3 | BarController |
-| active_record/ActiveRecord.rb:66:1:98:3 | BazController |
-| active_record/ActiveRecord.rb:100:1:108:3 | AnnotatedController |
-| active_storage/active_storage.rb:39:1:45:3 | PostsController2 |
-| app/controllers/comments_controller.rb:1:1:40:3 | CommentsController |
-| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController |
-| app/controllers/photos_controller.rb:1:1:4:3 | PhotosController |
-| app/controllers/posts_controller.rb:1:1:10:3 | PostsController |
-| app/controllers/tags_controller.rb:1:1:2:3 | TagsController |
-| app/controllers/users/notifications_controller.rb:2:3:5:5 | Users::NotificationsController |
-actionControllerActionMethods
-| action_controller/input_access.rb:2:3:49:5 | index |
-| action_controller/params_flow.rb:2:3:4:5 | m1 |
-| action_controller/params_flow.rb:6:3:8:5 | m2 |
-| action_controller/params_flow.rb:10:3:12:5 | m2 |
-| action_controller/params_flow.rb:14:3:16:5 | m3 |
-| action_controller/params_flow.rb:18:3:20:5 | m4 |
-| action_controller/params_flow.rb:22:3:24:5 | m5 |
-| action_controller/params_flow.rb:26:3:28:5 | m6 |
-| action_controller/params_flow.rb:30:3:32:5 | m7 |
-| action_controller/params_flow.rb:34:3:36:5 | m8 |
-| action_controller/params_flow.rb:38:3:40:5 | m9 |
-| action_controller/params_flow.rb:42:3:44:5 | m10 |
-| action_controller/params_flow.rb:46:3:48:5 | m11 |
-| action_controller/params_flow.rb:50:3:52:5 | m12 |
-| action_controller/params_flow.rb:54:3:56:5 | m13 |
-| action_controller/params_flow.rb:58:3:60:5 | m14 |
-| action_controller/params_flow.rb:62:3:64:5 | m15 |
-| action_controller/params_flow.rb:66:3:68:5 | m16 |
-| action_controller/params_flow.rb:70:3:72:5 | m17 |
-| action_controller/params_flow.rb:74:3:76:5 | m18 |
-| action_controller/params_flow.rb:78:3:80:5 | m19 |
-| action_controller/params_flow.rb:82:3:84:5 | m20 |
-| action_controller/params_flow.rb:86:3:88:5 | m21 |
-| action_controller/params_flow.rb:90:3:92:5 | m22 |
-| action_controller/params_flow.rb:94:3:96:5 | m23 |
-| action_controller/params_flow.rb:98:3:100:5 | m24 |
-| action_controller/params_flow.rb:102:3:104:5 | m25 |
-| action_controller/params_flow.rb:106:3:108:5 | m26 |
-| action_controller/params_flow.rb:110:3:113:5 | m27 |
-| action_controller/params_flow.rb:115:3:118:5 | m28 |
-| action_controller/params_flow.rb:120:3:123:5 | m29 |
-| action_controller/params_flow.rb:125:3:132:5 | m30 |
-| action_controller/params_flow.rb:134:3:141:5 | m31 |
-| action_controller/params_flow.rb:143:3:150:5 | m32 |
-| action_controller/params_flow.rb:152:3:159:5 | m33 |
-| action_controller/params_flow.rb:165:3:167:5 | m34 |
-| action_controller/params_flow.rb:171:3:173:5 | m35 |
-| active_record/ActiveRecord.rb:27:3:38:5 | some_request_handler |
-| active_record/ActiveRecord.rb:42:3:47:5 | some_other_request_handler |
-| active_record/ActiveRecord.rb:49:3:63:5 | safe_paths |
-| active_record/ActiveRecord.rb:67:3:69:5 | yet_another_handler |
-| active_record/ActiveRecord.rb:71:3:73:5 | create1 |
-| active_record/ActiveRecord.rb:75:3:77:5 | create2 |
-| active_record/ActiveRecord.rb:79:3:81:5 | create3 |
-| active_record/ActiveRecord.rb:83:3:85:5 | create4 |
-| active_record/ActiveRecord.rb:87:3:89:5 | update1 |
-| active_record/ActiveRecord.rb:91:3:93:5 | update2 |
-| active_record/ActiveRecord.rb:95:3:97:5 | update3 |
-| active_record/ActiveRecord.rb:101:3:103:5 | index |
-| active_record/ActiveRecord.rb:105:3:107:5 | unsafe_action |
-| active_storage/active_storage.rb:40:3:44:5 | create |
-| app/controllers/comments_controller.rb:2:3:36:5 | index |
-| app/controllers/comments_controller.rb:38:3:39:5 | show |
-| app/controllers/foo/bars_controller.rb:5:3:7:5 | index |
-| app/controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
-| app/controllers/foo/bars_controller.rb:20:3:24:5 | show |
-| app/controllers/foo/bars_controller.rb:26:3:28:5 | go_back |
-| app/controllers/foo/bars_controller.rb:30:3:32:5 | go_back_2 |
-| app/controllers/foo/bars_controller.rb:34:3:39:5 | show_2 |
-| app/controllers/photos_controller.rb:2:3:3:5 | show |
-| app/controllers/posts_controller.rb:2:3:3:5 | index |
-| app/controllers/posts_controller.rb:5:3:6:5 | show |
-| app/controllers/posts_controller.rb:8:3:9:5 | upvote |
-| app/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
-paramsCalls
-| action_controller/params_flow.rb:3:10:3:15 | call to params |
-| action_controller/params_flow.rb:7:10:7:15 | call to params |
-| action_controller/params_flow.rb:11:10:11:15 | call to params |
-| action_controller/params_flow.rb:15:10:15:15 | call to params |
-| action_controller/params_flow.rb:19:10:19:15 | call to params |
-| action_controller/params_flow.rb:23:10:23:15 | call to params |
-| action_controller/params_flow.rb:27:10:27:15 | call to params |
-| action_controller/params_flow.rb:31:10:31:15 | call to params |
-| action_controller/params_flow.rb:35:10:35:15 | call to params |
-| action_controller/params_flow.rb:39:10:39:15 | call to params |
-| action_controller/params_flow.rb:43:10:43:15 | call to params |
-| action_controller/params_flow.rb:47:10:47:15 | call to params |
-| action_controller/params_flow.rb:51:10:51:15 | call to params |
-| action_controller/params_flow.rb:55:10:55:15 | call to params |
-| action_controller/params_flow.rb:59:10:59:15 | call to params |
-| action_controller/params_flow.rb:63:10:63:15 | call to params |
-| action_controller/params_flow.rb:67:10:67:15 | call to params |
-| action_controller/params_flow.rb:71:10:71:15 | call to params |
-| action_controller/params_flow.rb:75:10:75:15 | call to params |
-| action_controller/params_flow.rb:79:10:79:15 | call to params |
-| action_controller/params_flow.rb:83:10:83:15 | call to params |
-| action_controller/params_flow.rb:87:10:87:15 | call to params |
-| action_controller/params_flow.rb:91:10:91:15 | call to params |
-| action_controller/params_flow.rb:95:10:95:15 | call to params |
-| action_controller/params_flow.rb:99:10:99:15 | call to params |
-| action_controller/params_flow.rb:103:10:103:15 | call to params |
-| action_controller/params_flow.rb:107:10:107:15 | call to params |
-| action_controller/params_flow.rb:111:10:111:15 | call to params |
-| action_controller/params_flow.rb:112:23:112:28 | call to params |
-| action_controller/params_flow.rb:116:10:116:15 | call to params |
-| action_controller/params_flow.rb:117:31:117:36 | call to params |
-| action_controller/params_flow.rb:121:10:121:15 | call to params |
-| action_controller/params_flow.rb:122:31:122:36 | call to params |
-| action_controller/params_flow.rb:126:10:126:15 | call to params |
-| action_controller/params_flow.rb:127:24:127:29 | call to params |
-| action_controller/params_flow.rb:130:14:130:19 | call to params |
-| action_controller/params_flow.rb:135:10:135:15 | call to params |
-| action_controller/params_flow.rb:136:32:136:37 | call to params |
-| action_controller/params_flow.rb:139:22:139:27 | call to params |
-| action_controller/params_flow.rb:144:10:144:15 | call to params |
-| action_controller/params_flow.rb:145:32:145:37 | call to params |
-| action_controller/params_flow.rb:148:22:148:27 | call to params |
-| action_controller/params_flow.rb:153:10:153:15 | call to params |
-| action_controller/params_flow.rb:154:32:154:37 | call to params |
-| action_controller/params_flow.rb:157:22:157:27 | call to params |
-| action_controller/params_flow.rb:166:10:166:15 | call to params |
-| action_controller/params_flow.rb:172:10:172:15 | call to params |
-| action_controller/params_flow.rb:176:10:176:15 | call to params |
-| action_mailer/mailer.rb:3:10:3:15 | call to params |
-| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
-| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
-| active_record/ActiveRecord.rb:30:31:30:36 | call to params |
-| active_record/ActiveRecord.rb:32:21:32:26 | call to params |
-| active_record/ActiveRecord.rb:34:34:34:39 | call to params |
-| active_record/ActiveRecord.rb:35:23:35:28 | call to params |
-| active_record/ActiveRecord.rb:35:38:35:43 | call to params |
-| active_record/ActiveRecord.rb:43:10:43:15 | call to params |
-| active_record/ActiveRecord.rb:50:11:50:16 | call to params |
-| active_record/ActiveRecord.rb:54:12:54:17 | call to params |
-| active_record/ActiveRecord.rb:59:12:59:17 | call to params |
-| active_record/ActiveRecord.rb:62:15:62:20 | call to params |
-| active_record/ActiveRecord.rb:68:21:68:26 | call to params |
-| active_record/ActiveRecord.rb:72:18:72:23 | call to params |
-| active_record/ActiveRecord.rb:76:24:76:29 | call to params |
-| active_record/ActiveRecord.rb:76:49:76:54 | call to params |
-| active_record/ActiveRecord.rb:80:25:80:30 | call to params |
-| active_record/ActiveRecord.rb:80:50:80:55 | call to params |
-| active_record/ActiveRecord.rb:88:21:88:26 | call to params |
-| active_record/ActiveRecord.rb:92:27:92:32 | call to params |
-| active_record/ActiveRecord.rb:92:52:92:57 | call to params |
-| active_record/ActiveRecord.rb:96:28:96:33 | call to params |
-| active_record/ActiveRecord.rb:96:53:96:58 | call to params |
-| active_record/ActiveRecord.rb:106:59:106:64 | call to params |
-| active_storage/active_storage.rb:41:21:41:26 | call to params |
-| active_storage/active_storage.rb:42:24:42:29 | call to params |
-| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
-| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
-| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
-| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
-| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
-paramsSources
-| action_controller/params_flow.rb:3:10:3:15 | call to params |
-| action_controller/params_flow.rb:7:10:7:15 | call to params |
-| action_controller/params_flow.rb:11:10:11:15 | call to params |
-| action_controller/params_flow.rb:15:10:15:15 | call to params |
-| action_controller/params_flow.rb:19:10:19:15 | call to params |
-| action_controller/params_flow.rb:23:10:23:15 | call to params |
-| action_controller/params_flow.rb:27:10:27:15 | call to params |
-| action_controller/params_flow.rb:31:10:31:15 | call to params |
-| action_controller/params_flow.rb:35:10:35:15 | call to params |
-| action_controller/params_flow.rb:39:10:39:15 | call to params |
-| action_controller/params_flow.rb:43:10:43:15 | call to params |
-| action_controller/params_flow.rb:47:10:47:15 | call to params |
-| action_controller/params_flow.rb:51:10:51:15 | call to params |
-| action_controller/params_flow.rb:55:10:55:15 | call to params |
-| action_controller/params_flow.rb:59:10:59:15 | call to params |
-| action_controller/params_flow.rb:63:10:63:15 | call to params |
-| action_controller/params_flow.rb:67:10:67:15 | call to params |
-| action_controller/params_flow.rb:71:10:71:15 | call to params |
-| action_controller/params_flow.rb:75:10:75:15 | call to params |
-| action_controller/params_flow.rb:79:10:79:15 | call to params |
-| action_controller/params_flow.rb:83:10:83:15 | call to params |
-| action_controller/params_flow.rb:87:10:87:15 | call to params |
-| action_controller/params_flow.rb:91:10:91:15 | call to params |
-| action_controller/params_flow.rb:95:10:95:15 | call to params |
-| action_controller/params_flow.rb:99:10:99:15 | call to params |
-| action_controller/params_flow.rb:103:10:103:15 | call to params |
-| action_controller/params_flow.rb:107:10:107:15 | call to params |
-| action_controller/params_flow.rb:111:10:111:15 | call to params |
-| action_controller/params_flow.rb:112:23:112:28 | call to params |
-| action_controller/params_flow.rb:116:10:116:15 | call to params |
-| action_controller/params_flow.rb:117:31:117:36 | call to params |
-| action_controller/params_flow.rb:121:10:121:15 | call to params |
-| action_controller/params_flow.rb:122:31:122:36 | call to params |
-| action_controller/params_flow.rb:126:10:126:15 | call to params |
-| action_controller/params_flow.rb:127:24:127:29 | call to params |
-| action_controller/params_flow.rb:130:14:130:19 | call to params |
-| action_controller/params_flow.rb:135:10:135:15 | call to params |
-| action_controller/params_flow.rb:136:32:136:37 | call to params |
-| action_controller/params_flow.rb:139:22:139:27 | call to params |
-| action_controller/params_flow.rb:144:10:144:15 | call to params |
-| action_controller/params_flow.rb:145:32:145:37 | call to params |
-| action_controller/params_flow.rb:148:22:148:27 | call to params |
-| action_controller/params_flow.rb:153:10:153:15 | call to params |
-| action_controller/params_flow.rb:154:32:154:37 | call to params |
-| action_controller/params_flow.rb:157:22:157:27 | call to params |
-| action_controller/params_flow.rb:166:10:166:15 | call to params |
-| action_controller/params_flow.rb:172:10:172:15 | call to params |
-| action_controller/params_flow.rb:176:10:176:15 | call to params |
-| action_mailer/mailer.rb:3:10:3:15 | call to params |
-| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
-| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
-| active_record/ActiveRecord.rb:30:31:30:36 | call to params |
-| active_record/ActiveRecord.rb:32:21:32:26 | call to params |
-| active_record/ActiveRecord.rb:34:34:34:39 | call to params |
-| active_record/ActiveRecord.rb:35:23:35:28 | call to params |
-| active_record/ActiveRecord.rb:35:38:35:43 | call to params |
-| active_record/ActiveRecord.rb:43:10:43:15 | call to params |
-| active_record/ActiveRecord.rb:50:11:50:16 | call to params |
-| active_record/ActiveRecord.rb:54:12:54:17 | call to params |
-| active_record/ActiveRecord.rb:59:12:59:17 | call to params |
-| active_record/ActiveRecord.rb:62:15:62:20 | call to params |
-| active_record/ActiveRecord.rb:68:21:68:26 | call to params |
-| active_record/ActiveRecord.rb:72:18:72:23 | call to params |
-| active_record/ActiveRecord.rb:76:24:76:29 | call to params |
-| active_record/ActiveRecord.rb:76:49:76:54 | call to params |
-| active_record/ActiveRecord.rb:80:25:80:30 | call to params |
-| active_record/ActiveRecord.rb:80:50:80:55 | call to params |
-| active_record/ActiveRecord.rb:88:21:88:26 | call to params |
-| active_record/ActiveRecord.rb:92:27:92:32 | call to params |
-| active_record/ActiveRecord.rb:92:52:92:57 | call to params |
-| active_record/ActiveRecord.rb:96:28:96:33 | call to params |
-| active_record/ActiveRecord.rb:96:53:96:58 | call to params |
-| active_record/ActiveRecord.rb:106:59:106:64 | call to params |
-| active_storage/active_storage.rb:41:21:41:26 | call to params |
-| active_storage/active_storage.rb:42:24:42:29 | call to params |
-| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
-| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
-| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
-| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
-| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
-httpInputAccesses
-| action_controller/input_access.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
-| action_controller/input_access.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
-| action_controller/input_access.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
-| action_controller/input_access.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
-| action_controller/input_access.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
-| action_controller/input_access.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
-| action_controller/input_access.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
-| action_controller/input_access.rb:11:5:11:25 | call to authorization | ActionDispatch::Request#authorization |
-| action_controller/input_access.rb:12:5:12:23 | call to script_name | ActionDispatch::Request#script_name |
-| action_controller/input_access.rb:13:5:13:21 | call to path_info | ActionDispatch::Request#path_info |
-| action_controller/input_access.rb:14:5:14:22 | call to user_agent | ActionDispatch::Request#user_agent |
-| action_controller/input_access.rb:15:5:15:19 | call to referer | ActionDispatch::Request#referer |
-| action_controller/input_access.rb:16:5:16:20 | call to referrer | ActionDispatch::Request#referrer |
-| action_controller/input_access.rb:17:5:17:26 | call to host_authority | ActionDispatch::Request#host_authority |
-| action_controller/input_access.rb:18:5:18:24 | call to content_type | ActionDispatch::Request#content_type |
-| action_controller/input_access.rb:19:5:19:16 | call to host | ActionDispatch::Request#host |
-| action_controller/input_access.rb:20:5:20:20 | call to hostname | ActionDispatch::Request#hostname |
-| action_controller/input_access.rb:21:5:21:27 | call to accept_encoding | ActionDispatch::Request#accept_encoding |
-| action_controller/input_access.rb:22:5:22:27 | call to accept_language | ActionDispatch::Request#accept_language |
-| action_controller/input_access.rb:23:5:23:25 | call to if_none_match | ActionDispatch::Request#if_none_match |
-| action_controller/input_access.rb:24:5:24:31 | call to if_none_match_etags | ActionDispatch::Request#if_none_match_etags |
-| action_controller/input_access.rb:25:5:25:29 | call to content_mime_type | ActionDispatch::Request#content_mime_type |
-| action_controller/input_access.rb:27:5:27:21 | call to authority | ActionDispatch::Request#authority |
-| action_controller/input_access.rb:28:5:28:16 | call to host | ActionDispatch::Request#host |
-| action_controller/input_access.rb:29:5:29:26 | call to host_authority | ActionDispatch::Request#host_authority |
-| action_controller/input_access.rb:30:5:30:26 | call to host_with_port | ActionDispatch::Request#host_with_port |
-| action_controller/input_access.rb:31:5:31:20 | call to hostname | ActionDispatch::Request#hostname |
-| action_controller/input_access.rb:32:5:32:25 | call to forwarded_for | ActionDispatch::Request#forwarded_for |
-| action_controller/input_access.rb:33:5:33:26 | call to forwarded_host | ActionDispatch::Request#forwarded_host |
-| action_controller/input_access.rb:34:5:34:16 | call to port | ActionDispatch::Request#port |
-| action_controller/input_access.rb:35:5:35:26 | call to forwarded_port | ActionDispatch::Request#forwarded_port |
-| action_controller/input_access.rb:37:5:37:22 | call to media_type | ActionDispatch::Request#media_type |
-| action_controller/input_access.rb:38:5:38:29 | call to media_type_params | ActionDispatch::Request#media_type_params |
-| action_controller/input_access.rb:39:5:39:27 | call to content_charset | ActionDispatch::Request#content_charset |
-| action_controller/input_access.rb:40:5:40:20 | call to base_url | ActionDispatch::Request#base_url |
-| action_controller/input_access.rb:42:5:42:16 | call to body | ActionDispatch::Request#body |
-| action_controller/input_access.rb:43:5:43:20 | call to raw_post | ActionDispatch::Request#raw_post |
-| action_controller/input_access.rb:45:5:45:30 | ...[...] | ActionDispatch::Request#env[] |
-| action_controller/input_access.rb:47:5:47:39 | ...[...] | ActionDispatch::Request#env[] |
-| action_controller/params_flow.rb:3:10:3:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:7:10:7:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:11:10:11:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:15:10:15:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:19:10:19:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:23:10:23:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:27:10:27:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:31:10:31:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:35:10:35:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:39:10:39:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:43:10:43:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:47:10:47:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:51:10:51:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:55:10:55:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:59:10:59:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:63:10:63:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:67:10:67:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:71:10:71:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:75:10:75:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:79:10:79:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:83:10:83:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:87:10:87:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:91:10:91:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:95:10:95:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:99:10:99:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:103:10:103:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:107:10:107:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:111:10:111:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:112:23:112:28 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:116:10:116:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:117:31:117:36 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:121:10:121:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:122:31:122:36 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:126:10:126:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:127:24:127:29 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:130:14:130:19 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:135:10:135:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:136:32:136:37 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:139:22:139:27 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
-| action_controller/params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
-| action_mailer/mailer.rb:3:10:3:15 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:28:30:28:35 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:29:29:29:34 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:30:31:30:36 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:32:21:32:26 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:34:34:34:39 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:35:23:35:28 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:35:38:35:43 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:43:10:43:15 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:50:11:50:16 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:54:12:54:17 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:59:12:59:17 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:62:15:62:20 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:68:21:68:26 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:72:18:72:23 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:76:24:76:29 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:76:49:76:54 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:80:25:80:30 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:80:50:80:55 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:88:21:88:26 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:92:27:92:32 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:92:52:92:57 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:96:28:96:33 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:96:53:96:58 | call to params | ActionController::Metal#params |
-| active_record/ActiveRecord.rb:106:59:106:64 | call to params | ActionController::Metal#params |
-| active_storage/active_storage.rb:41:21:41:26 | call to params | ActionController::Metal#params |
-| active_storage/active_storage.rb:42:24:42:29 | call to params | ActionController::Metal#params |
-| app/controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
-| app/controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
-| app/controllers/comments_controller.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
-| app/controllers/comments_controller.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
-| app/controllers/comments_controller.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
-| app/controllers/comments_controller.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
-| app/controllers/comments_controller.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
-| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | ActionController::Metal#cookies |
-| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params | ActionController::Metal#params |
-| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params | ActionController::Metal#params |
-| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params | ActionController::Metal#params |
-| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params | ActionController::Metal#params |
-| app/graphql/mutations/dummy.rb:5:24:5:25 | id | GraphQL RoutedParameter |
-| app/graphql/mutations/dummy.rb:9:17:9:25 | something | GraphQL RoutedParameter |
-| app/graphql/resolvers/dummy_resolver.rb:6:24:6:25 | id | GraphQL RoutedParameter |
-| app/graphql/resolvers/dummy_resolver.rb:10:17:10:25 | something | GraphQL RoutedParameter |
-| app/graphql/types/query_type.rb:10:18:10:23 | number | GraphQL RoutedParameter |
-| app/graphql/types/query_type.rb:18:23:18:33 | blah_number | GraphQL RoutedParameter |
-| app/graphql/types/query_type.rb:27:20:27:25 | **args | GraphQL RoutedParameter |
-| app/graphql/types/query_type.rb:36:34:36:37 | arg1 | GraphQL RoutedParameter |
-| app/graphql/types/query_type.rb:36:41:36:46 | **rest | GraphQL RoutedParameter |
-| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params | ActionController::Metal#params |
-cookiesCalls
-| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
-cookiesSources
-| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
-redirectToCalls
-| app/controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
-| app/controllers/foo/bars_controller.rb:27:5:27:39 | call to redirect_back_or_to |
-| app/controllers/foo/bars_controller.rb:31:5:31:56 | call to redirect_back |
-actionControllerHelperMethods
-getAssociatedControllerClasses
-| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
-| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
-controllerTemplateFiles
-| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
-| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
-headerWriteAccesses
-| app/controllers/comments_controller.rb:15:5:15:35 | call to []= | content-type | app/controllers/comments_controller.rb:15:39:15:49 | ... = ... |
-| app/controllers/comments_controller.rb:16:5:16:46 | call to set_header | content-length | app/controllers/comments_controller.rb:16:43:16:45 | 100 |
-| app/controllers/comments_controller.rb:17:5:17:39 | call to []= | x-custom-header | app/controllers/comments_controller.rb:17:43:17:46 | ... = ... |
-| app/controllers/comments_controller.rb:18:5:18:39 | call to []= | x-another-custom-header | app/controllers/comments_controller.rb:18:43:18:47 | ... = ... |
-| app/controllers/comments_controller.rb:19:5:19:49 | call to add_header | x-yet-another | app/controllers/comments_controller.rb:19:42:19:49 | "indeed" |
-| app/controllers/comments_controller.rb:25:5:25:21 | call to location= | location | app/controllers/comments_controller.rb:25:25:25:36 | ... = ... |
-| app/controllers/comments_controller.rb:26:5:26:26 | call to cache_control= | cache-control | app/controllers/comments_controller.rb:26:30:26:36 | ... = ... |
-| app/controllers/comments_controller.rb:27:5:27:27 | call to _cache_control= | cache-control | app/controllers/comments_controller.rb:27:31:27:37 | ... = ... |
-| app/controllers/comments_controller.rb:28:5:28:17 | call to etag= | etag | app/controllers/comments_controller.rb:28:21:28:27 | ... = ... |
-| app/controllers/comments_controller.rb:29:5:29:20 | call to charset= | content-type | app/controllers/comments_controller.rb:29:24:29:30 | ... = ... |
-| app/controllers/comments_controller.rb:30:5:30:25 | call to content_type= | content-type | app/controllers/comments_controller.rb:30:29:30:35 | ... = ... |
-| app/controllers/comments_controller.rb:32:5:32:17 | call to date= | date | app/controllers/comments_controller.rb:32:21:32:30 | ... = ... |
-| app/controllers/comments_controller.rb:33:5:33:26 | call to last_modified= | last-modified | app/controllers/comments_controller.rb:33:30:33:43 | ... = ... |
-| app/controllers/comments_controller.rb:34:5:34:22 | call to weak_etag= | etag | app/controllers/comments_controller.rb:34:26:34:32 | ... = ... |
-| app/controllers/comments_controller.rb:35:5:35:24 | call to strong_etag= | etag | app/controllers/comments_controller.rb:35:28:35:34 | ... = ... |
diff --git a/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected b/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected
index b3499beda45..849ed702151 100644
--- a/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected
+++ b/ruby/ql/test/library-tests/frameworks/ActionDispatch.expected
@@ -34,15 +34,26 @@ actionDispatchRoutes
 | app/config/routes.rb:49:5:49:95 | call to delete | delete | users/:user/notifications | users/notifications | destroy |
 | app/config/routes.rb:50:5:50:94 | call to post | post | users/:user/notifications/:notification_id/mark_as_read | users/notifications | mark_as_read |
 actionDispatchControllerMethods
+| app/config/routes.rb:2:3:8:5 | call to resources | action_controller/controllers/posts_controller.rb:2:3:3:5 | index |
+| app/config/routes.rb:2:3:8:5 | call to resources | action_controller/controllers/posts_controller.rb:5:3:6:5 | show |
 | app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:2:3:3:5 | index |
 | app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:5:3:6:5 | show |
+| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:2:3:36:5 | index |
+| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:38:3:44:5 | show |
+| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:50:3:52:5 | destroy |
 | app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:2:3:36:5 | index |
 | app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:38:3:39:5 | show |
+| app/config/routes.rb:7:5:7:37 | call to post | action_controller/controllers/posts_controller.rb:8:3:9:5 | upvote |
 | app/config/routes.rb:7:5:7:37 | call to post | app/controllers/posts_controller.rb:8:3:9:5 | upvote |
+| app/config/routes.rb:27:3:27:48 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
 | app/config/routes.rb:27:3:27:48 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
+| app/config/routes.rb:28:3:28:50 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
 | app/config/routes.rb:28:3:28:50 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
+| app/config/routes.rb:29:3:29:69 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
 | app/config/routes.rb:29:3:29:69 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
+| app/config/routes.rb:30:3:30:50 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
 | app/config/routes.rb:30:3:30:50 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
+| app/config/routes.rb:50:5:50:94 | call to post | action_controller/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
 | app/config/routes.rb:50:5:50:94 | call to post | app/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
 underscore
 | Foo | foo |
diff --git a/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql b/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql
index 5f25c62f32e..5b1275595ea 100644
--- a/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql
+++ b/ruby/ql/test/library-tests/frameworks/ActionDispatch.ql
@@ -29,9 +29,7 @@ query predicate underscore(string input, string output) {
     ]
 }
 
-query predicate mimeTypeInstances(API::Node n) {
-  n = ModelOutput::getATypeNode("actiondispatch", "Mime::Type")
-}
+query predicate mimeTypeInstances(API::Node n) { n = ModelOutput::getATypeNode("Mime::Type") }
 
 query predicate mimeTypeMatchRegExpInterpretations(
   ActionDispatch::MimeTypeMatchRegExpInterpretation s
diff --git a/ruby/ql/test/library-tests/frameworks/ActionView.expected b/ruby/ql/test/library-tests/frameworks/ActionView.expected
index 5a1abf0a37e..1ad020a2394 100644
--- a/ruby/ql/test/library-tests/frameworks/ActionView.expected
+++ b/ruby/ql/test/library-tests/frameworks/ActionView.expected
@@ -9,6 +9,12 @@ rawCalls
 | app/views/foo/bars/show.html.erb:5:5:5:21 | call to raw |
 | app/views/foo/bars/show.html.erb:7:5:7:19 | call to raw |
 renderCalls
+| action_controller/controllers/comments_controller.rb:42:21:42:64 | call to render |
+| action_controller/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
+| action_controller/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
+| action_controller/controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
+| action_controller/controllers/foo/bars_controller.rb:38:5:38:50 | call to render |
+| action_controller/controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
 | app/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
 | app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
 | app/controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
@@ -16,11 +22,22 @@ renderCalls
 | app/controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
 | app/views/foo/bars/show.html.erb:31:5:31:89 | call to render |
 renderToCalls
+| action_controller/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
+| action_controller/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string |
 | app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
 | app/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string |
 linkToCalls
 | app/views/foo/bars/show.html.erb:33:5:33:41 | call to link_to |
 httpResponses
+| action_controller/controllers/comments_controller.rb:11:5:11:17 | call to body= | action_controller/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http |
+| action_controller/controllers/comments_controller.rb:21:5:21:37 | call to send_file | action_controller/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream |
+| action_controller/controllers/comments_controller.rb:47:5:47:20 | call to send_data | action_controller/controllers/comments_controller.rb:47:15:47:20 | @photo | application/octet-stream |
+| action_controller/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | action_controller/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html |
+| action_controller/controllers/foo/bars_controller.rb:23:5:23:76 | call to render | action_controller/controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" | text/html |
+| action_controller/controllers/foo/bars_controller.rb:35:5:35:33 | call to render | action_controller/controllers/foo/bars_controller.rb:35:18:35:33 | call to [] | application/json |
+| action_controller/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string | action_controller/controllers/foo/bars_controller.rb:36:29:36:33 | @user | application/json |
+| action_controller/controllers/foo/bars_controller.rb:38:5:38:50 | call to render | action_controller/controllers/foo/bars_controller.rb:38:12:38:22 | call to backtrace | text/plain |
+| action_controller/controllers/foo/bars_controller.rb:44:5:44:17 | call to render | action_controller/controllers/foo/bars_controller.rb:44:12:44:17 | "show" | text/html |
 | app/controllers/comments_controller.rb:11:5:11:17 | call to body= | app/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http |
 | app/controllers/comments_controller.rb:21:5:21:37 | call to send_file | app/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream |
 | app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | app/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html |
diff --git a/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.expected b/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.expected
index 94e553900b1..815990a36f6 100644
--- a/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.expected
+++ b/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.expected
@@ -1 +1,4 @@
+loggerInstantiations
 | action_cable.rb:1:1:1:54 | call to new |
+remoteFlowSources
+| action_cable.rb:9:10:9:13 | data |
diff --git a/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.ql b/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.ql
index fd2359607f7..3a06be800f5 100644
--- a/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.ql
+++ b/ruby/ql/test/library-tests/frameworks/action_cable/ActionCable.ql
@@ -1,4 +1,7 @@
 import codeql.ruby.frameworks.ActionCable
 import codeql.ruby.frameworks.stdlib.Logger
+import codeql.ruby.dataflow.RemoteFlowSources
 
 query predicate loggerInstantiations(Logger::LoggerInstantiation l) { any() }
+
+query predicate remoteFlowSources(RemoteFlowSource s) { any() }
diff --git a/ruby/ql/test/library-tests/frameworks/action_cable/action_cable.rb b/ruby/ql/test/library-tests/frameworks/action_cable/action_cable.rb
index 3988ec4c875..5dc902d7b74 100644
--- a/ruby/ql/test/library-tests/frameworks/action_cable/action_cable.rb
+++ b/ruby/ql/test/library-tests/frameworks/action_cable/action_cable.rb
@@ -1 +1,11 @@
 ActionCable::Connection::TaggedLoggerProxy.new(logger)
+
+class MyChannel < ActionCable::Channel::Base
+	# An RPC endpoint without the optional data parm, so no remote flow source.
+	def foo
+	end
+
+	# An RPC endpoint including the optional data parm, which is a remote flow source.
+	def bar(data)
+	end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected b/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected
new file mode 100644
index 00000000000..f4a21655355
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected
@@ -0,0 +1,322 @@
+actionControllerControllerClasses
+| controllers/comments_controller.rb:1:1:53:3 | CommentsController |
+| controllers/foo/bars_controller.rb:3:1:46:3 | BarsController |
+| controllers/photos_controller.rb:1:1:4:3 | PhotosController |
+| controllers/posts_controller.rb:1:1:10:3 | PostsController |
+| controllers/tags_controller.rb:1:1:2:3 | TagsController |
+| controllers/users/notifications_controller.rb:2:3:5:5 | Users::NotificationsController |
+| input_access.rb:1:1:50:3 | UsersController |
+| params_flow.rb:1:1:162:3 | MyController |
+| params_flow.rb:170:1:178:3 | Subclass |
+actionControllerActionMethods
+| controllers/comments_controller.rb:2:3:36:5 | index |
+| controllers/comments_controller.rb:38:3:44:5 | show |
+| controllers/comments_controller.rb:46:3:48:5 | photo |
+| controllers/comments_controller.rb:50:3:52:5 | destroy |
+| controllers/foo/bars_controller.rb:5:3:7:5 | index |
+| controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
+| controllers/foo/bars_controller.rb:20:3:24:5 | show |
+| controllers/foo/bars_controller.rb:26:3:28:5 | go_back |
+| controllers/foo/bars_controller.rb:30:3:32:5 | go_back_2 |
+| controllers/foo/bars_controller.rb:34:3:39:5 | show_2 |
+| controllers/photos_controller.rb:2:3:3:5 | show |
+| controllers/posts_controller.rb:2:3:3:5 | index |
+| controllers/posts_controller.rb:5:3:6:5 | show |
+| controllers/posts_controller.rb:8:3:9:5 | upvote |
+| controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
+| input_access.rb:2:3:49:5 | index |
+| logging.rb:2:5:8:7 | index |
+| params_flow.rb:2:3:4:5 | m1 |
+| params_flow.rb:6:3:8:5 | m2 |
+| params_flow.rb:10:3:12:5 | m2 |
+| params_flow.rb:14:3:16:5 | m3 |
+| params_flow.rb:18:3:20:5 | m4 |
+| params_flow.rb:22:3:24:5 | m5 |
+| params_flow.rb:26:3:28:5 | m6 |
+| params_flow.rb:30:3:32:5 | m7 |
+| params_flow.rb:34:3:36:5 | m8 |
+| params_flow.rb:38:3:40:5 | m9 |
+| params_flow.rb:42:3:44:5 | m10 |
+| params_flow.rb:46:3:48:5 | m11 |
+| params_flow.rb:50:3:52:5 | m12 |
+| params_flow.rb:54:3:56:5 | m13 |
+| params_flow.rb:58:3:60:5 | m14 |
+| params_flow.rb:62:3:64:5 | m15 |
+| params_flow.rb:66:3:68:5 | m16 |
+| params_flow.rb:70:3:72:5 | m17 |
+| params_flow.rb:74:3:76:5 | m18 |
+| params_flow.rb:78:3:80:5 | m19 |
+| params_flow.rb:82:3:84:5 | m20 |
+| params_flow.rb:86:3:88:5 | m21 |
+| params_flow.rb:90:3:92:5 | m22 |
+| params_flow.rb:94:3:96:5 | m23 |
+| params_flow.rb:98:3:100:5 | m24 |
+| params_flow.rb:102:3:104:5 | m25 |
+| params_flow.rb:106:3:108:5 | m26 |
+| params_flow.rb:110:3:113:5 | m27 |
+| params_flow.rb:115:3:118:5 | m28 |
+| params_flow.rb:120:3:123:5 | m29 |
+| params_flow.rb:125:3:132:5 | m30 |
+| params_flow.rb:134:3:141:5 | m31 |
+| params_flow.rb:143:3:150:5 | m32 |
+| params_flow.rb:152:3:159:5 | m33 |
+| params_flow.rb:165:3:167:5 | m34 |
+| params_flow.rb:171:3:173:5 | m35 |
+paramsCalls
+| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
+| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
+| controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
+| controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
+| params_flow.rb:3:10:3:15 | call to params |
+| params_flow.rb:7:10:7:15 | call to params |
+| params_flow.rb:11:10:11:15 | call to params |
+| params_flow.rb:15:10:15:15 | call to params |
+| params_flow.rb:19:10:19:15 | call to params |
+| params_flow.rb:23:10:23:15 | call to params |
+| params_flow.rb:27:10:27:15 | call to params |
+| params_flow.rb:31:10:31:15 | call to params |
+| params_flow.rb:35:10:35:15 | call to params |
+| params_flow.rb:39:10:39:15 | call to params |
+| params_flow.rb:43:10:43:15 | call to params |
+| params_flow.rb:47:10:47:15 | call to params |
+| params_flow.rb:51:10:51:15 | call to params |
+| params_flow.rb:55:10:55:15 | call to params |
+| params_flow.rb:59:10:59:15 | call to params |
+| params_flow.rb:63:10:63:15 | call to params |
+| params_flow.rb:67:10:67:15 | call to params |
+| params_flow.rb:71:10:71:15 | call to params |
+| params_flow.rb:75:10:75:15 | call to params |
+| params_flow.rb:79:10:79:15 | call to params |
+| params_flow.rb:83:10:83:15 | call to params |
+| params_flow.rb:87:10:87:15 | call to params |
+| params_flow.rb:91:10:91:15 | call to params |
+| params_flow.rb:95:10:95:15 | call to params |
+| params_flow.rb:99:10:99:15 | call to params |
+| params_flow.rb:103:10:103:15 | call to params |
+| params_flow.rb:107:10:107:15 | call to params |
+| params_flow.rb:111:10:111:15 | call to params |
+| params_flow.rb:112:23:112:28 | call to params |
+| params_flow.rb:116:10:116:15 | call to params |
+| params_flow.rb:117:31:117:36 | call to params |
+| params_flow.rb:121:10:121:15 | call to params |
+| params_flow.rb:122:31:122:36 | call to params |
+| params_flow.rb:126:10:126:15 | call to params |
+| params_flow.rb:127:24:127:29 | call to params |
+| params_flow.rb:130:14:130:19 | call to params |
+| params_flow.rb:135:10:135:15 | call to params |
+| params_flow.rb:136:32:136:37 | call to params |
+| params_flow.rb:139:22:139:27 | call to params |
+| params_flow.rb:144:10:144:15 | call to params |
+| params_flow.rb:145:32:145:37 | call to params |
+| params_flow.rb:148:22:148:27 | call to params |
+| params_flow.rb:153:10:153:15 | call to params |
+| params_flow.rb:154:32:154:37 | call to params |
+| params_flow.rb:157:22:157:27 | call to params |
+| params_flow.rb:166:10:166:15 | call to params |
+| params_flow.rb:172:10:172:15 | call to params |
+| params_flow.rb:176:10:176:15 | call to params |
+paramsSources
+| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
+| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
+| controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
+| controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
+| params_flow.rb:3:10:3:15 | call to params |
+| params_flow.rb:7:10:7:15 | call to params |
+| params_flow.rb:11:10:11:15 | call to params |
+| params_flow.rb:15:10:15:15 | call to params |
+| params_flow.rb:19:10:19:15 | call to params |
+| params_flow.rb:23:10:23:15 | call to params |
+| params_flow.rb:27:10:27:15 | call to params |
+| params_flow.rb:31:10:31:15 | call to params |
+| params_flow.rb:35:10:35:15 | call to params |
+| params_flow.rb:39:10:39:15 | call to params |
+| params_flow.rb:43:10:43:15 | call to params |
+| params_flow.rb:47:10:47:15 | call to params |
+| params_flow.rb:51:10:51:15 | call to params |
+| params_flow.rb:55:10:55:15 | call to params |
+| params_flow.rb:59:10:59:15 | call to params |
+| params_flow.rb:63:10:63:15 | call to params |
+| params_flow.rb:67:10:67:15 | call to params |
+| params_flow.rb:71:10:71:15 | call to params |
+| params_flow.rb:75:10:75:15 | call to params |
+| params_flow.rb:79:10:79:15 | call to params |
+| params_flow.rb:83:10:83:15 | call to params |
+| params_flow.rb:87:10:87:15 | call to params |
+| params_flow.rb:91:10:91:15 | call to params |
+| params_flow.rb:95:10:95:15 | call to params |
+| params_flow.rb:99:10:99:15 | call to params |
+| params_flow.rb:103:10:103:15 | call to params |
+| params_flow.rb:107:10:107:15 | call to params |
+| params_flow.rb:111:10:111:15 | call to params |
+| params_flow.rb:112:23:112:28 | call to params |
+| params_flow.rb:116:10:116:15 | call to params |
+| params_flow.rb:117:31:117:36 | call to params |
+| params_flow.rb:121:10:121:15 | call to params |
+| params_flow.rb:122:31:122:36 | call to params |
+| params_flow.rb:126:10:126:15 | call to params |
+| params_flow.rb:127:24:127:29 | call to params |
+| params_flow.rb:130:14:130:19 | call to params |
+| params_flow.rb:135:10:135:15 | call to params |
+| params_flow.rb:136:32:136:37 | call to params |
+| params_flow.rb:139:22:139:27 | call to params |
+| params_flow.rb:144:10:144:15 | call to params |
+| params_flow.rb:145:32:145:37 | call to params |
+| params_flow.rb:148:22:148:27 | call to params |
+| params_flow.rb:153:10:153:15 | call to params |
+| params_flow.rb:154:32:154:37 | call to params |
+| params_flow.rb:157:22:157:27 | call to params |
+| params_flow.rb:166:10:166:15 | call to params |
+| params_flow.rb:172:10:172:15 | call to params |
+| params_flow.rb:176:10:176:15 | call to params |
+httpInputAccesses
+| controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
+| controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
+| controllers/comments_controller.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
+| controllers/comments_controller.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
+| controllers/comments_controller.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
+| controllers/comments_controller.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
+| controllers/comments_controller.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
+| controllers/comments_controller.rb:51:12:51:30 | call to body_stream | ActionDispatch::Request#body_stream |
+| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | ActionController::Metal#cookies |
+| controllers/foo/bars_controller.rb:13:21:13:26 | call to params | ActionController::Metal#params |
+| controllers/foo/bars_controller.rb:14:10:14:15 | call to params | ActionController::Metal#params |
+| controllers/foo/bars_controller.rb:21:21:21:26 | call to params | ActionController::Metal#params |
+| controllers/foo/bars_controller.rb:22:10:22:15 | call to params | ActionController::Metal#params |
+| input_access.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
+| input_access.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
+| input_access.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
+| input_access.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
+| input_access.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
+| input_access.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
+| input_access.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
+| input_access.rb:11:5:11:25 | call to authorization | ActionDispatch::Request#authorization |
+| input_access.rb:12:5:12:23 | call to script_name | ActionDispatch::Request#script_name |
+| input_access.rb:13:5:13:21 | call to path_info | ActionDispatch::Request#path_info |
+| input_access.rb:14:5:14:22 | call to user_agent | ActionDispatch::Request#user_agent |
+| input_access.rb:15:5:15:19 | call to referer | ActionDispatch::Request#referer |
+| input_access.rb:16:5:16:20 | call to referrer | ActionDispatch::Request#referrer |
+| input_access.rb:17:5:17:26 | call to host_authority | ActionDispatch::Request#host_authority |
+| input_access.rb:18:5:18:24 | call to content_type | ActionDispatch::Request#content_type |
+| input_access.rb:19:5:19:16 | call to host | ActionDispatch::Request#host |
+| input_access.rb:20:5:20:20 | call to hostname | ActionDispatch::Request#hostname |
+| input_access.rb:21:5:21:27 | call to accept_encoding | ActionDispatch::Request#accept_encoding |
+| input_access.rb:22:5:22:27 | call to accept_language | ActionDispatch::Request#accept_language |
+| input_access.rb:23:5:23:25 | call to if_none_match | ActionDispatch::Request#if_none_match |
+| input_access.rb:24:5:24:31 | call to if_none_match_etags | ActionDispatch::Request#if_none_match_etags |
+| input_access.rb:25:5:25:29 | call to content_mime_type | ActionDispatch::Request#content_mime_type |
+| input_access.rb:27:5:27:21 | call to authority | ActionDispatch::Request#authority |
+| input_access.rb:28:5:28:16 | call to host | ActionDispatch::Request#host |
+| input_access.rb:29:5:29:26 | call to host_authority | ActionDispatch::Request#host_authority |
+| input_access.rb:30:5:30:26 | call to host_with_port | ActionDispatch::Request#host_with_port |
+| input_access.rb:31:5:31:20 | call to hostname | ActionDispatch::Request#hostname |
+| input_access.rb:32:5:32:25 | call to forwarded_for | ActionDispatch::Request#forwarded_for |
+| input_access.rb:33:5:33:26 | call to forwarded_host | ActionDispatch::Request#forwarded_host |
+| input_access.rb:34:5:34:16 | call to port | ActionDispatch::Request#port |
+| input_access.rb:35:5:35:26 | call to forwarded_port | ActionDispatch::Request#forwarded_port |
+| input_access.rb:37:5:37:22 | call to media_type | ActionDispatch::Request#media_type |
+| input_access.rb:38:5:38:29 | call to media_type_params | ActionDispatch::Request#media_type_params |
+| input_access.rb:39:5:39:27 | call to content_charset | ActionDispatch::Request#content_charset |
+| input_access.rb:40:5:40:20 | call to base_url | ActionDispatch::Request#base_url |
+| input_access.rb:42:5:42:16 | call to body | ActionDispatch::Request#body |
+| input_access.rb:43:5:43:20 | call to raw_post | ActionDispatch::Request#raw_post |
+| input_access.rb:45:5:45:30 | ...[...] | ActionDispatch::Request#env[] |
+| input_access.rb:47:5:47:39 | ...[...] | ActionDispatch::Request#env[] |
+| logging.rb:5:22:5:35 | call to params | ActionDispatch::Request#params |
+| params_flow.rb:3:10:3:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:7:10:7:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:11:10:11:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:15:10:15:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:19:10:19:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:23:10:23:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:27:10:27:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:31:10:31:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:35:10:35:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:39:10:39:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:43:10:43:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:47:10:47:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:51:10:51:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:55:10:55:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:59:10:59:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:63:10:63:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:67:10:67:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:71:10:71:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:75:10:75:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:79:10:79:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:83:10:83:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:87:10:87:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:91:10:91:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:95:10:95:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:99:10:99:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:103:10:103:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:107:10:107:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:111:10:111:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:112:23:112:28 | call to params | ActionController::Metal#params |
+| params_flow.rb:116:10:116:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:117:31:117:36 | call to params | ActionController::Metal#params |
+| params_flow.rb:121:10:121:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:122:31:122:36 | call to params | ActionController::Metal#params |
+| params_flow.rb:126:10:126:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:127:24:127:29 | call to params | ActionController::Metal#params |
+| params_flow.rb:130:14:130:19 | call to params | ActionController::Metal#params |
+| params_flow.rb:135:10:135:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:136:32:136:37 | call to params | ActionController::Metal#params |
+| params_flow.rb:139:22:139:27 | call to params | ActionController::Metal#params |
+| params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
+| params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
+| params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
+| params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
+| params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
+cookiesCalls
+| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
+cookiesSources
+| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
+redirectToCalls
+| controllers/comments_controller.rb:40:21:40:49 | call to redirect_to |
+| controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
+| controllers/foo/bars_controller.rb:27:5:27:39 | call to redirect_back_or_to |
+| controllers/foo/bars_controller.rb:31:5:31:56 | call to redirect_back |
+renderCalls
+| controllers/comments_controller.rb:42:21:42:64 | call to render |
+| controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
+| controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
+| controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
+| controllers/foo/bars_controller.rb:38:5:38:50 | call to render |
+| controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
+httpResponses
+| controllers/comments_controller.rb:11:5:11:17 | call to body= | controllers/comments_controller.rb:11:21:11:34 | ... = ... |
+| controllers/comments_controller.rb:21:5:21:37 | call to send_file | controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" |
+| controllers/comments_controller.rb:47:5:47:20 | call to send_data | controllers/comments_controller.rb:47:15:47:20 | @photo |
+| controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" |
+| controllers/foo/bars_controller.rb:23:5:23:76 | call to render | controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" |
+| controllers/foo/bars_controller.rb:35:5:35:33 | call to render | controllers/foo/bars_controller.rb:35:18:35:33 | call to [] |
+| controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string | controllers/foo/bars_controller.rb:36:29:36:33 | @user |
+| controllers/foo/bars_controller.rb:38:5:38:50 | call to render | controllers/foo/bars_controller.rb:38:12:38:22 | call to backtrace |
+| controllers/foo/bars_controller.rb:44:5:44:17 | call to render | controllers/foo/bars_controller.rb:44:12:44:17 | "show" |
+actionControllerHelperMethods
+getAssociatedControllerClasses
+controllerTemplateFiles
+headerWriteAccesses
+| controllers/comments_controller.rb:15:5:15:35 | call to []= | content-type | controllers/comments_controller.rb:15:39:15:49 | ... = ... |
+| controllers/comments_controller.rb:16:5:16:46 | call to set_header | content-length | controllers/comments_controller.rb:16:43:16:45 | 100 |
+| controllers/comments_controller.rb:17:5:17:39 | call to []= | x-custom-header | controllers/comments_controller.rb:17:43:17:46 | ... = ... |
+| controllers/comments_controller.rb:18:5:18:39 | call to []= | x-another-custom-header | controllers/comments_controller.rb:18:43:18:47 | ... = ... |
+| controllers/comments_controller.rb:19:5:19:49 | call to add_header | x-yet-another | controllers/comments_controller.rb:19:42:19:49 | "indeed" |
+| controllers/comments_controller.rb:25:5:25:21 | call to location= | location | controllers/comments_controller.rb:25:25:25:36 | ... = ... |
+| controllers/comments_controller.rb:26:5:26:26 | call to cache_control= | cache-control | controllers/comments_controller.rb:26:30:26:36 | ... = ... |
+| controllers/comments_controller.rb:27:5:27:27 | call to _cache_control= | cache-control | controllers/comments_controller.rb:27:31:27:37 | ... = ... |
+| controllers/comments_controller.rb:28:5:28:17 | call to etag= | etag | controllers/comments_controller.rb:28:21:28:27 | ... = ... |
+| controllers/comments_controller.rb:29:5:29:20 | call to charset= | content-type | controllers/comments_controller.rb:29:24:29:30 | ... = ... |
+| controllers/comments_controller.rb:30:5:30:25 | call to content_type= | content-type | controllers/comments_controller.rb:30:29:30:35 | ... = ... |
+| controllers/comments_controller.rb:32:5:32:17 | call to date= | date | controllers/comments_controller.rb:32:21:32:30 | ... = ... |
+| controllers/comments_controller.rb:33:5:33:26 | call to last_modified= | last-modified | controllers/comments_controller.rb:33:30:33:43 | ... = ... |
+| controllers/comments_controller.rb:34:5:34:22 | call to weak_etag= | etag | controllers/comments_controller.rb:34:26:34:32 | ... = ... |
+| controllers/comments_controller.rb:35:5:35:24 | call to strong_etag= | etag | controllers/comments_controller.rb:35:28:35:34 | ... = ... |
+loggingCalls
+| logging.rb:3:9:3:31 | call to info | logging.rb:3:21:3:31 | "some info" |
+| logging.rb:4:9:4:31 | call to warn | logging.rb:4:21:4:31 | "a warning" |
+| logging.rb:5:9:5:35 | call to debug | logging.rb:5:22:5:35 | call to params |
+| logging.rb:7:9:7:26 | call to info | logging.rb:7:16:7:26 | "more info" |
diff --git a/ruby/ql/test/library-tests/frameworks/ActionController.ql b/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.ql
similarity index 84%
rename from ruby/ql/test/library-tests/frameworks/ActionController.ql
rename to ruby/ql/test/library-tests/frameworks/action_controller/ActionController.ql
index 406c95d3194..bf72cbd3271 100644
--- a/ruby/ql/test/library-tests/frameworks/ActionController.ql
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.ql
@@ -23,6 +23,12 @@ query predicate cookiesSources(CookiesSource src) { any() }
 
 query predicate redirectToCalls(RedirectToCall c) { any() }
 
+query predicate renderCalls(Rails::RenderCall c) { any() }
+
+query predicate httpResponses(Http::Server::HttpResponse r, DataFlow::Node body) {
+  body = r.getBody()
+}
+
 query predicate actionControllerHelperMethods(ActionControllerHelperMethod m) { any() }
 
 query predicate getAssociatedControllerClasses(ActionControllerClass cls, ErbFile f) {
@@ -38,3 +44,5 @@ query predicate headerWriteAccesses(
 ) {
   name = a.getName() and value = a.getValue()
 }
+
+query predicate loggingCalls(Logging c, DataFlow::Node input) { input = c.getAnInput() }
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/comments_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/comments_controller.rb
new file mode 100644
index 00000000000..daa96090b09
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/comments_controller.rb
@@ -0,0 +1,53 @@
+class CommentsController < ApplicationController
+  def index
+    request.params
+    request.parameters
+    request.GET
+    request.POST
+    request.query_parameters
+    request.request_parameters
+    request.filtered_parameters
+
+    response.body = "some content"
+
+    response.status = 200
+
+    response.header["Content-Type"] = "text/html"
+    response.set_header("Content-Length", 100)
+    response.headers["X-Custom-Header"] = "hi"
+    response["X-Another-Custom-Header"] = "yes"
+    response.add_header "X-Yet-Another", "indeed"
+
+    response.send_file("my-file.ext")
+
+    response.request
+
+    response.location = "http://..." # relevant for url redirect query
+    response.cache_control = "value"
+    response._cache_control = "value"
+    response.etag = "value"
+    response.charset = "value" # sets the charset part of the content-type header
+    response.content_type = "value" # sets the main part of the content-type header
+
+    response.date = Date.today
+    response.last_modified = Date.yesterday
+    response.weak_etag = "value"
+    response.strong_etag = "value"
+  end
+
+  def show
+    respond_to do |format|
+      format.html { redirect_to(comment_view_url) }
+      format.json
+      format.xml  { render xml: @comment.to_xml(include: @photo) }
+    end
+  end
+
+  def photo
+    send_data @photo
+  end
+
+  def destroy
+    body = request.body_stream
+  end
+end
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/foo/bars_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/foo/bars_controller.rb
new file mode 100644
index 00000000000..9778b8d5bcc
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/foo/bars_controller.rb
@@ -0,0 +1,46 @@
+require 'json'
+
+class BarsController < ApplicationController
+
+  def index
+    render template: "foo/bars/index"
+  end
+
+  def show_debug
+    user_info = JSON.load cookies[:user_info]
+    puts "User: #{user_info['name']}"
+
+    @user_website = params[:website]
+    dt = params[:text]
+    rendered = render_to_string "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
+    puts rendered
+    redirect_to action: "show"
+  end
+
+  def show
+    @user_website = params[:website]
+    dt = params[:text]
+    render "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
+  end
+  
+  def go_back
+    redirect_back_or_to action: "index"
+  end
+
+  def go_back_2
+    redirect_back fallback_location: { action: "index" }
+  end
+
+  def show_2
+    render json: { some: "data" }
+    body = render_to_string @user, content_type: "application/json"
+  rescue => e
+    render e.backtrace, content_type: "text/plain"
+  end
+
+  private
+
+  def unreachable_action
+    render "show"
+  end
+end
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/photos_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/photos_controller.rb
new file mode 100644
index 00000000000..0de193b9029
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/photos_controller.rb
@@ -0,0 +1,4 @@
+class PhotosController < ApplicationController
+  def show
+  end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/posts_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/posts_controller.rb
new file mode 100644
index 00000000000..9760219cdf2
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/posts_controller.rb
@@ -0,0 +1,10 @@
+class PostsController < ApplicationController
+  def index
+  end
+
+  def show
+  end
+  
+  def upvote
+  end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/tags_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/tags_controller.rb
new file mode 100644
index 00000000000..ba10ea8ea2e
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/tags_controller.rb
@@ -0,0 +1,2 @@
+class TagsController < ActionController::Metal
+end
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/controllers/users/notifications_controller.rb b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/users/notifications_controller.rb
new file mode 100644
index 00000000000..c5ff9cd3f5f
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/controllers/users/notifications_controller.rb
@@ -0,0 +1,6 @@
+module Users
+  class NotificationsController < ApplicationController
+    def mark_as_read
+    end
+  end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/logging.rb b/ruby/ql/test/library-tests/frameworks/action_controller/logging.rb
new file mode 100644
index 00000000000..7d3636e408c
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/logging.rb
@@ -0,0 +1,9 @@
+class UsersController < ActionController::Base
+    def index
+        logger.info "some info"
+        logger.warn "a warning"
+        logger.debug request.params
+        l = logger
+        l.info "more info"
+    end
+end
diff --git a/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected
new file mode 100644
index 00000000000..b7324362d14
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected
@@ -0,0 +1,12 @@
+messageInstances
+| action_mailbox.rb:3:5:3:8 | call to mail |
+| action_mailbox.rb:4:5:4:8 | call to mail |
+| action_mailbox.rb:6:5:6:10 | call to mail |
+| action_mailbox.rb:10:5:10:8 | call to mail |
+| action_mailbox.rb:16:9:16:12 | call to mail |
+remoteFlowSources
+| action_mailbox.rb:3:5:3:13 | call to body |
+| action_mailbox.rb:4:5:4:11 | call to to |
+| action_mailbox.rb:6:5:6:13 | call to to |
+| action_mailbox.rb:10:5:10:18 | call to text_part |
+| action_mailbox.rb:16:9:16:23 | call to raw_source |
diff --git a/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql
new file mode 100644
index 00000000000..cd083bf6a06
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql
@@ -0,0 +1,7 @@
+private import codeql.ruby.frameworks.ActionMailbox
+private import codeql.ruby.DataFlow
+private import codeql.ruby.dataflow.RemoteFlowSources
+
+query predicate messageInstances(ActionMailbox::Mail c) { any() }
+
+query predicate remoteFlowSources(RemoteFlowSource r) { any() }
diff --git a/ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb b/ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb
new file mode 100644
index 00000000000..04b007c4be7
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb
@@ -0,0 +1,24 @@
+class A < ActionMailbox::Base
+  def process
+    mail.body
+    mail.to
+    m = inbound_email
+    m.mail.to
+  end
+
+  def other_method
+    mail.text_part
+  end
+end
+
+class B < A
+    def process
+        mail.raw_source
+    end
+end
+
+class C # not a mailbox class
+    def process
+        mail.subject
+    end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
index 0df4f1235f8..b84d576ad19 100644
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
@@ -1,4 +1,5 @@
 failures
+| hash_extensions.rb:126:10:126:19 | call to sole | Unexpected result: hasValueFlow=b |
 edges
 | active_support.rb:10:9:10:18 | call to source :  | active_support.rb:11:10:11:10 | x :  |
 | active_support.rb:11:10:11:10 | x :  | active_support.rb:11:10:11:19 | call to at |
@@ -186,6 +187,22 @@ edges
 | active_support.rb:290:7:290:16 | call to source :  | active_support.rb:291:8:291:8 | x :  |
 | active_support.rb:291:8:291:8 | x :  | active_support.rb:291:8:291:17 | call to deep_dup |
 | active_support.rb:291:8:291:8 | x :  | active_support.rb:291:8:291:17 | call to deep_dup |
+| active_support.rb:303:7:303:16 | call to source :  | active_support.rb:304:19:304:19 | a :  |
+| active_support.rb:304:7:304:19 | call to json_escape :  | active_support.rb:305:8:305:8 | b |
+| active_support.rb:304:19:304:19 | a :  | active_support.rb:304:7:304:19 | call to json_escape :  |
+| active_support.rb:309:9:309:18 | call to source :  | active_support.rb:310:37:310:37 | x :  |
+| active_support.rb:310:37:310:37 | x :  | active_support.rb:310:10:310:38 | call to encode |
+| active_support.rb:314:9:314:18 | call to source :  | active_support.rb:315:37:315:37 | x :  |
+| active_support.rb:315:37:315:37 | x :  | active_support.rb:315:10:315:38 | call to decode |
+| active_support.rb:319:9:319:18 | call to source :  | active_support.rb:320:35:320:35 | x :  |
+| active_support.rb:320:35:320:35 | x :  | active_support.rb:320:10:320:36 | call to dump |
+| active_support.rb:324:9:324:18 | call to source :  | active_support.rb:325:35:325:35 | x :  |
+| active_support.rb:325:35:325:35 | x :  | active_support.rb:325:10:325:36 | call to load |
+| active_support.rb:329:9:329:18 | call to source :  | active_support.rb:330:10:330:10 | x :  |
+| active_support.rb:329:9:329:18 | call to source :  | active_support.rb:331:10:331:10 | x :  |
+| active_support.rb:330:10:330:10 | x :  | active_support.rb:332:10:332:10 | y [element 0] :  |
+| active_support.rb:331:10:331:10 | x :  | active_support.rb:331:10:331:18 | call to to_json |
+| active_support.rb:332:10:332:10 | y [element 0] :  | active_support.rb:332:10:332:18 | call to to_json |
 | hash_extensions.rb:2:14:2:24 | call to source :  | hash_extensions.rb:3:9:3:9 | h [element :a] :  |
 | hash_extensions.rb:2:14:2:24 | call to source :  | hash_extensions.rb:3:9:3:9 | h [element :a] :  |
 | hash_extensions.rb:3:9:3:9 | h [element :a] :  | hash_extensions.rb:3:9:3:24 | call to stringify_keys [element] :  |
@@ -258,6 +275,166 @@ edges
 | hash_extensions.rb:58:10:58:10 | x [element :a] :  | hash_extensions.rb:58:10:58:14 | ...[...] |
 | hash_extensions.rb:59:10:59:10 | x [element :b] :  | hash_extensions.rb:59:10:59:14 | ...[...] |
 | hash_extensions.rb:59:10:59:10 | x [element :b] :  | hash_extensions.rb:59:10:59:14 | ...[...] |
+| hash_extensions.rb:67:15:67:25 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 0] :  |
+| hash_extensions.rb:67:15:67:25 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 0] :  |
+| hash_extensions.rb:67:28:67:38 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 1] :  |
+| hash_extensions.rb:67:28:67:38 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 1] :  |
+| hash_extensions.rb:67:41:67:51 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 2] :  |
+| hash_extensions.rb:67:41:67:51 | call to source :  | hash_extensions.rb:68:9:68:14 | values [element 2] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | hash_extensions.rb:68:9:71:7 | call to index_by [element] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | hash_extensions.rb:68:29:68:33 | value :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | hash_extensions.rb:73:10:73:10 | h [element] :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | hash_extensions.rb:73:10:73:10 | h [element] :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | hash_extensions.rb:74:10:74:10 | h [element] :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | hash_extensions.rb:74:10:74:10 | h [element] :  |
+| hash_extensions.rb:68:29:68:33 | value :  | hash_extensions.rb:69:14:69:18 | value |
+| hash_extensions.rb:68:29:68:33 | value :  | hash_extensions.rb:69:14:69:18 | value |
+| hash_extensions.rb:73:10:73:10 | h [element] :  | hash_extensions.rb:73:10:73:16 | ...[...] |
+| hash_extensions.rb:73:10:73:10 | h [element] :  | hash_extensions.rb:73:10:73:16 | ...[...] |
+| hash_extensions.rb:74:10:74:10 | h [element] :  | hash_extensions.rb:74:10:74:16 | ...[...] |
+| hash_extensions.rb:74:10:74:10 | h [element] :  | hash_extensions.rb:74:10:74:16 | ...[...] |
+| hash_extensions.rb:80:15:80:25 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 0] :  |
+| hash_extensions.rb:80:15:80:25 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 0] :  |
+| hash_extensions.rb:80:28:80:38 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 1] :  |
+| hash_extensions.rb:80:28:80:38 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 1] :  |
+| hash_extensions.rb:80:41:80:51 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 2] :  |
+| hash_extensions.rb:80:41:80:51 | call to source :  | hash_extensions.rb:81:9:81:14 | values [element 2] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 0] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:81:14 | values [element 0] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:81:14 | values [element 1] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:81:14 | values [element 1] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:81:14 | values [element 2] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:81:14 | values [element 2] :  | hash_extensions.rb:81:31:81:33 | key :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | hash_extensions.rb:86:10:86:10 | h [element] :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | hash_extensions.rb:86:10:86:10 | h [element] :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | hash_extensions.rb:87:10:87:10 | h [element] :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | hash_extensions.rb:87:10:87:10 | h [element] :  |
+| hash_extensions.rb:81:31:81:33 | key :  | hash_extensions.rb:82:14:82:16 | key |
+| hash_extensions.rb:81:31:81:33 | key :  | hash_extensions.rb:82:14:82:16 | key |
+| hash_extensions.rb:83:9:83:19 | call to source :  | hash_extensions.rb:81:9:84:7 | call to index_with [element] :  |
+| hash_extensions.rb:83:9:83:19 | call to source :  | hash_extensions.rb:81:9:84:7 | call to index_with [element] :  |
+| hash_extensions.rb:86:10:86:10 | h [element] :  | hash_extensions.rb:86:10:86:16 | ...[...] |
+| hash_extensions.rb:86:10:86:10 | h [element] :  | hash_extensions.rb:86:10:86:16 | ...[...] |
+| hash_extensions.rb:87:10:87:10 | h [element] :  | hash_extensions.rb:87:10:87:16 | ...[...] |
+| hash_extensions.rb:87:10:87:10 | h [element] :  | hash_extensions.rb:87:10:87:16 | ...[...] |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | hash_extensions.rb:91:10:91:10 | j [element] :  |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | hash_extensions.rb:91:10:91:10 | j [element] :  |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | hash_extensions.rb:92:10:92:10 | j [element] :  |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | hash_extensions.rb:92:10:92:10 | j [element] :  |
+| hash_extensions.rb:89:27:89:37 | call to source :  | hash_extensions.rb:89:9:89:38 | call to index_with [element] :  |
+| hash_extensions.rb:89:27:89:37 | call to source :  | hash_extensions.rb:89:9:89:38 | call to index_with [element] :  |
+| hash_extensions.rb:91:10:91:10 | j [element] :  | hash_extensions.rb:91:10:91:16 | ...[...] |
+| hash_extensions.rb:91:10:91:10 | j [element] :  | hash_extensions.rb:91:10:91:16 | ...[...] |
+| hash_extensions.rb:92:10:92:10 | j [element] :  | hash_extensions.rb:92:10:92:16 | ...[...] |
+| hash_extensions.rb:92:10:92:10 | j [element] :  | hash_extensions.rb:92:10:92:16 | ...[...] |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  | hash_extensions.rb:99:10:99:25 | call to pick |
+| hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  | hash_extensions.rb:99:10:99:25 | call to pick |
+| hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  | hash_extensions.rb:100:10:100:27 | call to pick |
+| hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  | hash_extensions.rb:100:10:100:27 | call to pick |
+| hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  | hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  |
+| hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  | hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  |
+| hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  | hash_extensions.rb:101:10:101:35 | ...[...] |
+| hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  | hash_extensions.rb:101:10:101:35 | ...[...] |
+| hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  | hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  |
+| hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  | hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  |
+| hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  | hash_extensions.rb:102:10:102:35 | ...[...] |
+| hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  | hash_extensions.rb:102:10:102:35 | ...[...] |
+| hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  | hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  |
+| hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  | hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  |
+| hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  | hash_extensions.rb:103:10:103:35 | ...[...] |
+| hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  | hash_extensions.rb:103:10:103:35 | ...[...] |
+| hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  | hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  |
+| hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  | hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  |
+| hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  | hash_extensions.rb:104:10:104:35 | ...[...] |
+| hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  | hash_extensions.rb:104:10:104:35 | ...[...] |
+| hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  | hash_extensions.rb:111:10:111:28 | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  | hash_extensions.rb:111:10:111:28 | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  | hash_extensions.rb:111:10:111:28 | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  | hash_extensions.rb:111:10:111:28 | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:28 | call to pluck [element] :  | hash_extensions.rb:111:10:111:31 | ...[...] |
+| hash_extensions.rb:111:10:111:28 | call to pluck [element] :  | hash_extensions.rb:111:10:111:31 | ...[...] |
+| hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  | hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  | hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  | hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  | hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  | hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  |
+| hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  | hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  |
+| hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  | hash_extensions.rb:112:10:112:39 | ...[...] |
+| hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  | hash_extensions.rb:112:10:112:39 | ...[...] |
+| hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  | hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  | hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  | hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  | hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  | hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  |
+| hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  | hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  |
+| hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  | hash_extensions.rb:113:10:113:39 | ...[...] |
+| hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  | hash_extensions.rb:113:10:113:39 | ...[...] |
+| hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  | hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  | hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  | hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  | hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  | hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  |
+| hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  | hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  |
+| hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  | hash_extensions.rb:114:10:114:39 | ...[...] |
+| hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  | hash_extensions.rb:114:10:114:39 | ...[...] |
+| hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  | hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  | hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  | hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  | hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  | hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  |
+| hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  | hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  |
+| hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  | hash_extensions.rb:115:10:115:39 | ...[...] |
+| hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  | hash_extensions.rb:115:10:115:39 | ...[...] |
+| hash_extensions.rb:122:15:122:25 | call to source :  | hash_extensions.rb:125:10:125:15 | single [element 0] :  |
+| hash_extensions.rb:122:15:122:25 | call to source :  | hash_extensions.rb:125:10:125:15 | single [element 0] :  |
+| hash_extensions.rb:123:14:123:24 | call to source :  | hash_extensions.rb:126:10:126:14 | multi [element 0] :  |
+| hash_extensions.rb:123:14:123:24 | call to source :  | hash_extensions.rb:126:10:126:14 | multi [element 0] :  |
+| hash_extensions.rb:125:10:125:15 | single [element 0] :  | hash_extensions.rb:125:10:125:20 | call to sole |
+| hash_extensions.rb:125:10:125:15 | single [element 0] :  | hash_extensions.rb:125:10:125:20 | call to sole |
+| hash_extensions.rb:126:10:126:14 | multi [element 0] :  | hash_extensions.rb:126:10:126:19 | call to sole |
+| hash_extensions.rb:126:10:126:14 | multi [element 0] :  | hash_extensions.rb:126:10:126:19 | call to sole |
 nodes
 | active_support.rb:10:9:10:18 | call to source :  | semmle.label | call to source :  |
 | active_support.rb:11:10:11:10 | x :  | semmle.label | x :  |
@@ -504,6 +681,28 @@ nodes
 | active_support.rb:291:8:291:8 | x :  | semmle.label | x :  |
 | active_support.rb:291:8:291:17 | call to deep_dup | semmle.label | call to deep_dup |
 | active_support.rb:291:8:291:17 | call to deep_dup | semmle.label | call to deep_dup |
+| active_support.rb:303:7:303:16 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:304:7:304:19 | call to json_escape :  | semmle.label | call to json_escape :  |
+| active_support.rb:304:19:304:19 | a :  | semmle.label | a :  |
+| active_support.rb:305:8:305:8 | b | semmle.label | b |
+| active_support.rb:309:9:309:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:310:10:310:38 | call to encode | semmle.label | call to encode |
+| active_support.rb:310:37:310:37 | x :  | semmle.label | x :  |
+| active_support.rb:314:9:314:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:315:10:315:38 | call to decode | semmle.label | call to decode |
+| active_support.rb:315:37:315:37 | x :  | semmle.label | x :  |
+| active_support.rb:319:9:319:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:320:10:320:36 | call to dump | semmle.label | call to dump |
+| active_support.rb:320:35:320:35 | x :  | semmle.label | x :  |
+| active_support.rb:324:9:324:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:325:10:325:36 | call to load | semmle.label | call to load |
+| active_support.rb:325:35:325:35 | x :  | semmle.label | x :  |
+| active_support.rb:329:9:329:18 | call to source :  | semmle.label | call to source :  |
+| active_support.rb:330:10:330:10 | x :  | semmle.label | x :  |
+| active_support.rb:331:10:331:10 | x :  | semmle.label | x :  |
+| active_support.rb:331:10:331:18 | call to to_json | semmle.label | call to to_json |
+| active_support.rb:332:10:332:10 | y [element 0] :  | semmle.label | y [element 0] :  |
+| active_support.rb:332:10:332:18 | call to to_json | semmle.label | call to to_json |
 | hash_extensions.rb:2:14:2:24 | call to source :  | semmle.label | call to source :  |
 | hash_extensions.rb:2:14:2:24 | call to source :  | semmle.label | call to source :  |
 | hash_extensions.rb:3:9:3:9 | h [element :a] :  | semmle.label | h [element :a] :  |
@@ -594,6 +793,176 @@ nodes
 | hash_extensions.rb:59:10:59:10 | x [element :b] :  | semmle.label | x [element :b] :  |
 | hash_extensions.rb:59:10:59:14 | ...[...] | semmle.label | ...[...] |
 | hash_extensions.rb:59:10:59:14 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:67:15:67:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:67:15:67:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:67:28:67:38 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:67:28:67:38 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:67:41:67:51 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:67:41:67:51 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | semmle.label | values [element 0] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 0] :  | semmle.label | values [element 0] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | semmle.label | values [element 1] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 1] :  | semmle.label | values [element 1] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | semmle.label | values [element 2] :  |
+| hash_extensions.rb:68:9:68:14 | values [element 2] :  | semmle.label | values [element 2] :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | semmle.label | call to index_by [element] :  |
+| hash_extensions.rb:68:9:71:7 | call to index_by [element] :  | semmle.label | call to index_by [element] :  |
+| hash_extensions.rb:68:29:68:33 | value :  | semmle.label | value :  |
+| hash_extensions.rb:68:29:68:33 | value :  | semmle.label | value :  |
+| hash_extensions.rb:69:14:69:18 | value | semmle.label | value |
+| hash_extensions.rb:69:14:69:18 | value | semmle.label | value |
+| hash_extensions.rb:73:10:73:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:73:10:73:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:73:10:73:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:73:10:73:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:74:10:74:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:74:10:74:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:74:10:74:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:74:10:74:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:80:15:80:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:80:15:80:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:80:28:80:38 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:80:28:80:38 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:80:41:80:51 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:80:41:80:51 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:81:9:81:14 | values [element 0] :  | semmle.label | values [element 0] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 0] :  | semmle.label | values [element 0] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 1] :  | semmle.label | values [element 1] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 1] :  | semmle.label | values [element 1] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 2] :  | semmle.label | values [element 2] :  |
+| hash_extensions.rb:81:9:81:14 | values [element 2] :  | semmle.label | values [element 2] :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | semmle.label | call to index_with [element] :  |
+| hash_extensions.rb:81:9:84:7 | call to index_with [element] :  | semmle.label | call to index_with [element] :  |
+| hash_extensions.rb:81:31:81:33 | key :  | semmle.label | key :  |
+| hash_extensions.rb:81:31:81:33 | key :  | semmle.label | key :  |
+| hash_extensions.rb:82:14:82:16 | key | semmle.label | key |
+| hash_extensions.rb:82:14:82:16 | key | semmle.label | key |
+| hash_extensions.rb:83:9:83:19 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:83:9:83:19 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:86:10:86:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:86:10:86:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:86:10:86:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:86:10:86:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:87:10:87:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:87:10:87:10 | h [element] :  | semmle.label | h [element] :  |
+| hash_extensions.rb:87:10:87:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:87:10:87:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | semmle.label | call to index_with [element] :  |
+| hash_extensions.rb:89:9:89:38 | call to index_with [element] :  | semmle.label | call to index_with [element] :  |
+| hash_extensions.rb:89:27:89:37 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:89:27:89:37 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:91:10:91:10 | j [element] :  | semmle.label | j [element] :  |
+| hash_extensions.rb:91:10:91:10 | j [element] :  | semmle.label | j [element] :  |
+| hash_extensions.rb:91:10:91:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:91:10:91:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:92:10:92:10 | j [element] :  | semmle.label | j [element] :  |
+| hash_extensions.rb:92:10:92:10 | j [element] :  | semmle.label | j [element] :  |
+| hash_extensions.rb:92:10:92:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:92:10:92:16 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:98:21:98:31 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:98:21:98:31 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:98:40:98:54 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:99:10:99:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:99:10:99:25 | call to pick | semmle.label | call to pick |
+| hash_extensions.rb:99:10:99:25 | call to pick | semmle.label | call to pick |
+| hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:100:10:100:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:100:10:100:27 | call to pick | semmle.label | call to pick |
+| hash_extensions.rb:100:10:100:27 | call to pick | semmle.label | call to pick |
+| hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:101:10:101:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  | semmle.label | call to pick [element 0] :  |
+| hash_extensions.rb:101:10:101:32 | call to pick [element 0] :  | semmle.label | call to pick [element 0] :  |
+| hash_extensions.rb:101:10:101:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:101:10:101:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:102:10:102:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  | semmle.label | call to pick [element 1] :  |
+| hash_extensions.rb:102:10:102:32 | call to pick [element 1] :  | semmle.label | call to pick [element 1] :  |
+| hash_extensions.rb:102:10:102:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:102:10:102:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:103:10:103:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  | semmle.label | call to pick [element 0] :  |
+| hash_extensions.rb:103:10:103:32 | call to pick [element 0] :  | semmle.label | call to pick [element 0] :  |
+| hash_extensions.rb:103:10:103:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:103:10:103:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:104:10:104:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  | semmle.label | call to pick [element 1] :  |
+| hash_extensions.rb:104:10:104:32 | call to pick [element 1] :  | semmle.label | call to pick [element 1] :  |
+| hash_extensions.rb:104:10:104:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:104:10:104:35 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:110:21:110:31 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:21:110:31 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:40:110:54 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:65:110:75 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:110:84:110:99 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:111:10:111:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:111:10:111:28 | call to pluck [element] :  | semmle.label | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:28 | call to pluck [element] :  | semmle.label | call to pluck [element] :  |
+| hash_extensions.rb:111:10:111:31 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:111:10:111:31 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  | semmle.label | values [element 1, element :id] :  |
+| hash_extensions.rb:112:10:112:15 | values [element 1, element :id] :  | semmle.label | values [element 1, element :id] :  |
+| hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  | semmle.label | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:33 | call to pluck [element, element 0] :  | semmle.label | call to pluck [element, element 0] :  |
+| hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  | semmle.label | ...[...] [element 0] :  |
+| hash_extensions.rb:112:10:112:36 | ...[...] [element 0] :  | semmle.label | ...[...] [element 0] :  |
+| hash_extensions.rb:112:10:112:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:112:10:112:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:113:10:113:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  | semmle.label | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:33 | call to pluck [element, element 1] :  | semmle.label | call to pluck [element, element 1] :  |
+| hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  | semmle.label | ...[...] [element 1] :  |
+| hash_extensions.rb:113:10:113:36 | ...[...] [element 1] :  | semmle.label | ...[...] [element 1] :  |
+| hash_extensions.rb:113:10:113:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:113:10:113:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 0, element :name] :  | semmle.label | values [element 0, element :name] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:114:10:114:15 | values [element 1, element :name] :  | semmle.label | values [element 1, element :name] :  |
+| hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  | semmle.label | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:33 | call to pluck [element, element 0] :  | semmle.label | call to pluck [element, element 0] :  |
+| hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  | semmle.label | ...[...] [element 0] :  |
+| hash_extensions.rb:114:10:114:36 | ...[...] [element 0] :  | semmle.label | ...[...] [element 0] :  |
+| hash_extensions.rb:114:10:114:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:114:10:114:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 0, element :id] :  | semmle.label | values [element 0, element :id] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  | semmle.label | values [element 1, element :id] :  |
+| hash_extensions.rb:115:10:115:15 | values [element 1, element :id] :  | semmle.label | values [element 1, element :id] :  |
+| hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  | semmle.label | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:33 | call to pluck [element, element 1] :  | semmle.label | call to pluck [element, element 1] :  |
+| hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  | semmle.label | ...[...] [element 1] :  |
+| hash_extensions.rb:115:10:115:36 | ...[...] [element 1] :  | semmle.label | ...[...] [element 1] :  |
+| hash_extensions.rb:115:10:115:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:115:10:115:39 | ...[...] | semmle.label | ...[...] |
+| hash_extensions.rb:122:15:122:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:122:15:122:25 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:123:14:123:24 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:123:14:123:24 | call to source :  | semmle.label | call to source :  |
+| hash_extensions.rb:125:10:125:15 | single [element 0] :  | semmle.label | single [element 0] :  |
+| hash_extensions.rb:125:10:125:15 | single [element 0] :  | semmle.label | single [element 0] :  |
+| hash_extensions.rb:125:10:125:20 | call to sole | semmle.label | call to sole |
+| hash_extensions.rb:125:10:125:20 | call to sole | semmle.label | call to sole |
+| hash_extensions.rb:126:10:126:14 | multi [element 0] :  | semmle.label | multi [element 0] :  |
+| hash_extensions.rb:126:10:126:14 | multi [element 0] :  | semmle.label | multi [element 0] :  |
+| hash_extensions.rb:126:10:126:19 | call to sole | semmle.label | call to sole |
+| hash_extensions.rb:126:10:126:19 | call to sole | semmle.label | call to sole |
 subpaths
 #select
 | active_support.rb:182:10:182:13 | ...[...] | active_support.rb:180:10:180:17 | call to source :  | active_support.rb:182:10:182:13 | ...[...] | $@ | active_support.rb:180:10:180:17 | call to source :  | call to source :  |
@@ -622,3 +991,37 @@ subpaths
 | hash_extensions.rb:56:10:56:14 | ...[...] | hash_extensions.rb:50:52:50:61 | call to taint :  | hash_extensions.rb:56:10:56:14 | ...[...] | $@ | hash_extensions.rb:50:52:50:61 | call to taint :  | call to taint :  |
 | hash_extensions.rb:58:10:58:14 | ...[...] | hash_extensions.rb:50:14:50:23 | call to taint :  | hash_extensions.rb:58:10:58:14 | ...[...] | $@ | hash_extensions.rb:50:14:50:23 | call to taint :  | call to taint :  |
 | hash_extensions.rb:59:10:59:14 | ...[...] | hash_extensions.rb:50:29:50:38 | call to taint :  | hash_extensions.rb:59:10:59:14 | ...[...] | $@ | hash_extensions.rb:50:29:50:38 | call to taint :  | call to taint :  |
+| hash_extensions.rb:69:14:69:18 | value | hash_extensions.rb:67:15:67:25 | call to source :  | hash_extensions.rb:69:14:69:18 | value | $@ | hash_extensions.rb:67:15:67:25 | call to source :  | call to source :  |
+| hash_extensions.rb:69:14:69:18 | value | hash_extensions.rb:67:28:67:38 | call to source :  | hash_extensions.rb:69:14:69:18 | value | $@ | hash_extensions.rb:67:28:67:38 | call to source :  | call to source :  |
+| hash_extensions.rb:69:14:69:18 | value | hash_extensions.rb:67:41:67:51 | call to source :  | hash_extensions.rb:69:14:69:18 | value | $@ | hash_extensions.rb:67:41:67:51 | call to source :  | call to source :  |
+| hash_extensions.rb:73:10:73:16 | ...[...] | hash_extensions.rb:67:15:67:25 | call to source :  | hash_extensions.rb:73:10:73:16 | ...[...] | $@ | hash_extensions.rb:67:15:67:25 | call to source :  | call to source :  |
+| hash_extensions.rb:73:10:73:16 | ...[...] | hash_extensions.rb:67:28:67:38 | call to source :  | hash_extensions.rb:73:10:73:16 | ...[...] | $@ | hash_extensions.rb:67:28:67:38 | call to source :  | call to source :  |
+| hash_extensions.rb:73:10:73:16 | ...[...] | hash_extensions.rb:67:41:67:51 | call to source :  | hash_extensions.rb:73:10:73:16 | ...[...] | $@ | hash_extensions.rb:67:41:67:51 | call to source :  | call to source :  |
+| hash_extensions.rb:74:10:74:16 | ...[...] | hash_extensions.rb:67:15:67:25 | call to source :  | hash_extensions.rb:74:10:74:16 | ...[...] | $@ | hash_extensions.rb:67:15:67:25 | call to source :  | call to source :  |
+| hash_extensions.rb:74:10:74:16 | ...[...] | hash_extensions.rb:67:28:67:38 | call to source :  | hash_extensions.rb:74:10:74:16 | ...[...] | $@ | hash_extensions.rb:67:28:67:38 | call to source :  | call to source :  |
+| hash_extensions.rb:74:10:74:16 | ...[...] | hash_extensions.rb:67:41:67:51 | call to source :  | hash_extensions.rb:74:10:74:16 | ...[...] | $@ | hash_extensions.rb:67:41:67:51 | call to source :  | call to source :  |
+| hash_extensions.rb:82:14:82:16 | key | hash_extensions.rb:80:15:80:25 | call to source :  | hash_extensions.rb:82:14:82:16 | key | $@ | hash_extensions.rb:80:15:80:25 | call to source :  | call to source :  |
+| hash_extensions.rb:82:14:82:16 | key | hash_extensions.rb:80:28:80:38 | call to source :  | hash_extensions.rb:82:14:82:16 | key | $@ | hash_extensions.rb:80:28:80:38 | call to source :  | call to source :  |
+| hash_extensions.rb:82:14:82:16 | key | hash_extensions.rb:80:41:80:51 | call to source :  | hash_extensions.rb:82:14:82:16 | key | $@ | hash_extensions.rb:80:41:80:51 | call to source :  | call to source :  |
+| hash_extensions.rb:86:10:86:16 | ...[...] | hash_extensions.rb:83:9:83:19 | call to source :  | hash_extensions.rb:86:10:86:16 | ...[...] | $@ | hash_extensions.rb:83:9:83:19 | call to source :  | call to source :  |
+| hash_extensions.rb:87:10:87:16 | ...[...] | hash_extensions.rb:83:9:83:19 | call to source :  | hash_extensions.rb:87:10:87:16 | ...[...] | $@ | hash_extensions.rb:83:9:83:19 | call to source :  | call to source :  |
+| hash_extensions.rb:91:10:91:16 | ...[...] | hash_extensions.rb:89:27:89:37 | call to source :  | hash_extensions.rb:91:10:91:16 | ...[...] | $@ | hash_extensions.rb:89:27:89:37 | call to source :  | call to source :  |
+| hash_extensions.rb:92:10:92:16 | ...[...] | hash_extensions.rb:89:27:89:37 | call to source :  | hash_extensions.rb:92:10:92:16 | ...[...] | $@ | hash_extensions.rb:89:27:89:37 | call to source :  | call to source :  |
+| hash_extensions.rb:99:10:99:25 | call to pick | hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:99:10:99:25 | call to pick | $@ | hash_extensions.rb:98:21:98:31 | call to source :  | call to source :  |
+| hash_extensions.rb:100:10:100:27 | call to pick | hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:100:10:100:27 | call to pick | $@ | hash_extensions.rb:98:40:98:54 | call to source :  | call to source :  |
+| hash_extensions.rb:101:10:101:35 | ...[...] | hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:101:10:101:35 | ...[...] | $@ | hash_extensions.rb:98:21:98:31 | call to source :  | call to source :  |
+| hash_extensions.rb:102:10:102:35 | ...[...] | hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:102:10:102:35 | ...[...] | $@ | hash_extensions.rb:98:40:98:54 | call to source :  | call to source :  |
+| hash_extensions.rb:103:10:103:35 | ...[...] | hash_extensions.rb:98:40:98:54 | call to source :  | hash_extensions.rb:103:10:103:35 | ...[...] | $@ | hash_extensions.rb:98:40:98:54 | call to source :  | call to source :  |
+| hash_extensions.rb:104:10:104:35 | ...[...] | hash_extensions.rb:98:21:98:31 | call to source :  | hash_extensions.rb:104:10:104:35 | ...[...] | $@ | hash_extensions.rb:98:21:98:31 | call to source :  | call to source :  |
+| hash_extensions.rb:111:10:111:31 | ...[...] | hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:111:10:111:31 | ...[...] | $@ | hash_extensions.rb:110:40:110:54 | call to source :  | call to source :  |
+| hash_extensions.rb:111:10:111:31 | ...[...] | hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:111:10:111:31 | ...[...] | $@ | hash_extensions.rb:110:84:110:99 | call to source :  | call to source :  |
+| hash_extensions.rb:112:10:112:39 | ...[...] | hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:112:10:112:39 | ...[...] | $@ | hash_extensions.rb:110:21:110:31 | call to source :  | call to source :  |
+| hash_extensions.rb:112:10:112:39 | ...[...] | hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:112:10:112:39 | ...[...] | $@ | hash_extensions.rb:110:65:110:75 | call to source :  | call to source :  |
+| hash_extensions.rb:113:10:113:39 | ...[...] | hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:113:10:113:39 | ...[...] | $@ | hash_extensions.rb:110:40:110:54 | call to source :  | call to source :  |
+| hash_extensions.rb:113:10:113:39 | ...[...] | hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:113:10:113:39 | ...[...] | $@ | hash_extensions.rb:110:84:110:99 | call to source :  | call to source :  |
+| hash_extensions.rb:114:10:114:39 | ...[...] | hash_extensions.rb:110:40:110:54 | call to source :  | hash_extensions.rb:114:10:114:39 | ...[...] | $@ | hash_extensions.rb:110:40:110:54 | call to source :  | call to source :  |
+| hash_extensions.rb:114:10:114:39 | ...[...] | hash_extensions.rb:110:84:110:99 | call to source :  | hash_extensions.rb:114:10:114:39 | ...[...] | $@ | hash_extensions.rb:110:84:110:99 | call to source :  | call to source :  |
+| hash_extensions.rb:115:10:115:39 | ...[...] | hash_extensions.rb:110:21:110:31 | call to source :  | hash_extensions.rb:115:10:115:39 | ...[...] | $@ | hash_extensions.rb:110:21:110:31 | call to source :  | call to source :  |
+| hash_extensions.rb:115:10:115:39 | ...[...] | hash_extensions.rb:110:65:110:75 | call to source :  | hash_extensions.rb:115:10:115:39 | ...[...] | $@ | hash_extensions.rb:110:65:110:75 | call to source :  | call to source :  |
+| hash_extensions.rb:125:10:125:20 | call to sole | hash_extensions.rb:122:15:122:25 | call to source :  | hash_extensions.rb:125:10:125:20 | call to sole | $@ | hash_extensions.rb:122:15:122:25 | call to source :  | call to source :  |
+| hash_extensions.rb:126:10:126:19 | call to sole | hash_extensions.rb:123:14:123:24 | call to source :  | hash_extensions.rb:126:10:126:19 | call to sole | $@ | hash_extensions.rb:123:14:123:24 | call to source :  | call to source :  |
diff --git a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
index fe0256080d1..661f2ecd0cf 100644
--- a/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
+++ b/ruby/ql/test/library-tests/frameworks/active_support/active_support.rb
@@ -298,3 +298,36 @@ def m_try(method)
     x.try!(:upcase).try!(:downcase)
     x.try!(method)
 end
+
+def m_json_escape
+  a = source "a"
+  b = json_escape a
+  sink b # $hasTaintFlow=a
+end
+
+def m_json_encode
+    x = source "a"
+    sink ActiveSupport::JSON.encode(x) # $hasTaintFlow=a
+end
+
+def m_json_decode
+    x = source "a"
+    sink ActiveSupport::JSON.decode(x) # $hasTaintFlow=a
+end
+
+def m_json_dump
+    x = source "a"
+    sink ActiveSupport::JSON.dump(x) # $hasTaintFlow=a
+end
+
+def m_json_load
+    x = source "a"
+    sink ActiveSupport::JSON.load(x) # $hasTaintFlow=a
+end
+
+def m_to_json
+    x = source "a"
+    y = [x]
+    sink x.to_json # $hasTaintFlow=a
+    sink y.to_json # $hasTaintFlow=a
+end
diff --git a/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb b/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
index 6e477f17aa8..63d4e7a588d 100644
--- a/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
+++ b/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
@@ -62,3 +62,68 @@ def m_extract!(x)
 end
 
 m_extract!(:c)
+
+def m_index_by
+    values = [source("a"), source("b"), source("c")]
+    h = values.index_by do |value|
+        sink value # $ hasValueFlow=a $ hasValueFlow=b $ hasValueFlow=c
+        make_key(value)
+    end
+
+    sink h[:foo] # $ hasValueFlow=a $ hasValueFlow=b $ hasValueFlow=c
+    sink h[:bar] # $ hasValueFlow=a $ hasValueFlow=b $ hasValueFlow=c
+end
+
+m_index_by()
+
+def m_index_with
+    values = [source("a"), source("b"), source("c")]
+    h = values.index_with do |key|
+        sink key # $ hasValueFlow=a $ hasValueFlow=b $ hasValueFlow=c
+        source("x")
+    end
+
+    sink h[:foo] # $ hasValueFlow=x
+    sink h[:bar] # $ hasValueFlow=x
+
+    j = values.index_with(source("y"))
+
+    sink j[:foo] # $ hasValueFlow=y
+    sink j[:bar] # $ hasValueFlow=y
+end
+
+m_index_with()
+
+def m_pick
+    values = [{ id: source("1"), name: source("David") }, { id: source("2"), name: source("Rafael") }]
+    sink(values.pick(:id)) # $ hasValueFlow=1
+    sink(values.pick(:name)) # $ hasValueFlow=David
+    sink(values.pick(:id, :name)[0]) # $ hasValueFlow=1
+    sink(values.pick(:id, :name)[1]) # $ hasValueFlow=David
+    sink(values.pick(:name, :id)[0]) # $ hasValueFlow=David
+    sink(values.pick(:name, :id)[1]) # $ hasValueFlow=1
+end
+
+m_pick()
+
+def m_pluck(i)
+    values = [{ id: source("1"), name: source("David") }, { id: source("2"), name: source("Rafael") }]
+    sink(values.pluck(:name)[i]) # $ hasValueFlow=David $ hasValueFlow=Rafael
+    sink(values.pluck(:id, :name)[i][0]) # $ hasValueFlow=1 $ hasValueFlow=2
+    sink(values.pluck(:id, :name)[i][1]) # $ hasValueFlow=David $ hasValueFlow=Rafael
+    sink(values.pluck(:name, :id)[i][0]) # $ hasValueFlow=David $ hasValueFlow=Rafael
+    sink(values.pluck(:name, :id)[i][1]) # $ hasValueFlow=1 $ hasValueFlow=2
+end
+
+m_pluck(0)
+
+def m_sole
+    empty = []
+    single = [source("a")]
+    multi = [source("b"), source("c")]
+    sink(empty.sole)
+    sink(single.sole) # $ hasValueFlow=a
+    sink(multi.sole) # TODO: model that 'sole' does not return if the receiver has multiple elements
+end
+
+m_sole()
diff --git a/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.expected b/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.expected
new file mode 100644
index 00000000000..b25b2b387ca
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.expected
@@ -0,0 +1,2 @@
+| arel.rb:3:8:3:18 | call to sql | arel.rb:3:17:3:17 | x |
+| arel.rb:8:8:8:18 | call to sql | arel.rb:8:17:8:17 | x |
diff --git a/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.ql b/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.ql
new file mode 100644
index 00000000000..2b2920918e5
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/arel/SqlConstruction.ql
@@ -0,0 +1,4 @@
+import codeql.ruby.Concepts
+import codeql.ruby.DataFlow
+
+query predicate sqlConstructions(SqlConstruction c, DataFlow::Node sql) { sql = c.getSql() }
diff --git a/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.expected b/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.expected
new file mode 100644
index 00000000000..1a149338027
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.expected
@@ -0,0 +1,38 @@
+locateCalls
+| globalid.rb:6:3:6:30 | call to locate |
+| globalid.rb:11:3:11:30 | call to locate |
+| globalid.rb:70:3:70:30 | call to locate |
+locateSignedCalls
+| globalid.rb:16:3:16:38 | call to locate_signed |
+| globalid.rb:21:3:21:38 | call to locate_signed |
+| globalid.rb:89:3:89:38 | call to locate_signed |
+toGlobalIdCalls
+| globalid.rb:5:9:5:33 | call to to_global_id |
+| globalid.rb:10:9:10:27 | call to to_gid |
+| globalid.rb:56:9:56:16 | call to to_gid |
+| globalid.rb:62:9:62:22 | call to to_global_id |
+toGidParamCalls
+| globalid.rb:35:10:35:34 | call to to_gid_param |
+| globalid.rb:68:10:68:23 | call to to_gid_param |
+toSignedGlobalIdCalls
+| globalid.rb:15:10:15:41 | call to to_signed_global_id |
+| globalid.rb:20:10:20:29 | call to to_sgid |
+| globalid.rb:75:10:75:18 | call to to_sgid |
+| globalid.rb:81:10:81:30 | call to to_signed_global_id |
+toSgidParamCalls
+| globalid.rb:41:11:41:36 | call to to_sgid_param |
+| globalid.rb:87:11:87:25 | call to to_sgid_param |
+globalIdParseCalls
+| globalid.rb:36:9:36:27 | call to parse |
+| globalid.rb:69:9:69:27 | call to parse |
+globalIdFindCalls
+| globalid.rb:37:3:37:19 | call to find |
+| globalid.rb:57:3:57:19 | call to find |
+| globalid.rb:63:3:63:19 | call to find |
+signedGlobalIdParseCalls
+| globalid.rb:42:10:42:35 | call to parse |
+| globalid.rb:88:10:88:35 | call to parse |
+signedGlobalIdFindCalls
+| globalid.rb:43:3:43:26 | call to find |
+| globalid.rb:76:3:76:26 | call to find |
+| globalid.rb:82:3:82:26 | call to find |
diff --git a/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.ql b/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.ql
new file mode 100644
index 00000000000..d48465b0e52
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/globalid/GlobalId.ql
@@ -0,0 +1,21 @@
+import codeql.ruby.frameworks.GlobalId
+
+query predicate locateCalls(GlobalId::Locator::LocateCall c) { any() }
+
+query predicate locateSignedCalls(GlobalId::Locator::LocateSignedCall c) { any() }
+
+query predicate toGlobalIdCalls(GlobalId::Identification::ToGlobalIdCall c) { any() }
+
+query predicate toGidParamCalls(GlobalId::Identification::ToGidParamCall c) { any() }
+
+query predicate toSignedGlobalIdCalls(GlobalId::Identification::ToSignedGlobalIdCall c) { any() }
+
+query predicate toSgidParamCalls(GlobalId::Identification::ToSgidParamCall c) { any() }
+
+query predicate globalIdParseCalls(GlobalId::ParseCall c) { any() }
+
+query predicate globalIdFindCalls(GlobalId::FindCall c) { any() }
+
+query predicate signedGlobalIdParseCalls(SignedGlobalId::ParseCall c) { any() }
+
+query predicate signedGlobalIdFindCalls(SignedGlobalId::FindCall c) { any() }
diff --git a/ruby/ql/test/library-tests/frameworks/globalid/globalid.rb b/ruby/ql/test/library-tests/frameworks/globalid/globalid.rb
new file mode 100644
index 00000000000..f06cbd761f2
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/globalid/globalid.rb
@@ -0,0 +1,90 @@
+class User < ActiveRecord::Base
+end
+
+def m1
+  gid = User.find(1).to_global_id
+  GlobalID::Locator.locate gid
+end
+
+def m2
+  gid = User.find(1).to_gid
+  GlobalID::Locator.locate gid
+end
+
+def m3
+  sgid = User.find(1).to_signed_global_id
+  GlobalID::Locator.locate_signed sgid
+end
+
+def m4
+  sgid = User.find(1).to_sgid
+  GlobalID::Locator.locate_signed sgid
+end
+
+def m5
+  gids = User.all.map(&:to_gid)
+  GlobalID::Locator.locate_many gids
+end
+
+def m6
+  sgids = User.all.map(&:to_sgid)
+  GlobalID::Locator.locate_many_signed sgids
+end
+
+def m7
+  gidp = User.find(1).to_gid_param
+  gid = GlobalID.parse gidp
+  GlobalID.find gid
+end
+
+def m8
+  sgidp = User.find(1).to_sgid_param
+  sgid = SignedGlobalID.parse sgidp
+  SignedGlobalID.find sgid
+end
+
+class Person
+  include GlobalID::Identification
+
+  def self.find(id)
+    # implementation goes here
+  end
+end
+
+def m9
+  p = Person.find(1)
+  gid = p.to_gid
+  GlobalID.find gid
+end
+
+def m10
+  p = Person.find(1)
+  gid = p.to_global_id
+  GlobalID.find gid
+end
+
+def m11
+  p = Person.find(1)
+  gidp = p.to_gid_param
+  gid = GlobalID.parse gidp
+  GlobalID::Locator.locate gid
+end
+
+def m12
+  p = Person.find(1)
+  sgid = p.to_sgid
+  SignedGlobalID.find sgid
+end
+
+def m10
+  p = Person.find(1)
+  sgid = p.to_signed_global_id
+  SignedGlobalID.find sgid
+end
+
+def m11
+  p = Person.find(1)
+  sgidp = p.to_sgid_param
+  sgid = SignedGlobalID.parse sgidp
+  GlobalID::Locator.locate_signed sgid
+end
diff --git a/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected
new file mode 100644
index 00000000000..d7173f8b110
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected
@@ -0,0 +1,34 @@
+failures
+edges
+| json.rb:1:17:1:26 | call to source :  | json.rb:1:6:1:27 | call to parse |
+| json.rb:2:18:2:27 | call to source :  | json.rb:2:6:2:28 | call to parse! |
+| json.rb:3:16:3:25 | call to source :  | json.rb:3:6:3:26 | call to load |
+| json.rb:4:19:4:28 | call to source :  | json.rb:4:6:4:29 | call to restore |
+| json.rb:6:20:6:29 | call to source :  | json.rb:6:6:6:30 | call to generate |
+| json.rb:7:25:7:34 | call to source :  | json.rb:7:6:7:35 | call to fast_generate |
+| json.rb:8:27:8:36 | call to source :  | json.rb:8:6:8:37 | call to pretty_generate |
+| json.rb:9:16:9:25 | call to source :  | json.rb:9:6:9:26 | call to dump |
+| json.rb:10:19:10:28 | call to source :  | json.rb:10:6:10:29 | call to unparse |
+| json.rb:11:24:11:33 | call to source :  | json.rb:11:6:11:34 | call to fast_unparse |
+nodes
+| json.rb:1:6:1:27 | call to parse | semmle.label | call to parse |
+| json.rb:1:17:1:26 | call to source :  | semmle.label | call to source :  |
+| json.rb:2:6:2:28 | call to parse! | semmle.label | call to parse! |
+| json.rb:2:18:2:27 | call to source :  | semmle.label | call to source :  |
+| json.rb:3:6:3:26 | call to load | semmle.label | call to load |
+| json.rb:3:16:3:25 | call to source :  | semmle.label | call to source :  |
+| json.rb:4:6:4:29 | call to restore | semmle.label | call to restore |
+| json.rb:4:19:4:28 | call to source :  | semmle.label | call to source :  |
+| json.rb:6:6:6:30 | call to generate | semmle.label | call to generate |
+| json.rb:6:20:6:29 | call to source :  | semmle.label | call to source :  |
+| json.rb:7:6:7:35 | call to fast_generate | semmle.label | call to fast_generate |
+| json.rb:7:25:7:34 | call to source :  | semmle.label | call to source :  |
+| json.rb:8:6:8:37 | call to pretty_generate | semmle.label | call to pretty_generate |
+| json.rb:8:27:8:36 | call to source :  | semmle.label | call to source :  |
+| json.rb:9:6:9:26 | call to dump | semmle.label | call to dump |
+| json.rb:9:16:9:25 | call to source :  | semmle.label | call to source :  |
+| json.rb:10:6:10:29 | call to unparse | semmle.label | call to unparse |
+| json.rb:10:19:10:28 | call to source :  | semmle.label | call to source :  |
+| json.rb:11:6:11:34 | call to fast_unparse | semmle.label | call to fast_unparse |
+| json.rb:11:24:11:33 | call to source :  | semmle.label | call to source :  |
+subpaths
diff --git a/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.ql b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.ql
new file mode 100644
index 00000000000..11a25d33e71
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.ql
@@ -0,0 +1,7 @@
+/**
+ * @kind path-problem
+ */
+
+import TestUtilities.InlineFlowTest
+import codeql.ruby.Frameworks
+import PathGraph
diff --git a/ruby/ql/test/library-tests/frameworks/json/json.rb b/ruby/ql/test/library-tests/frameworks/json/json.rb
new file mode 100644
index 00000000000..a48fe9bf5e0
--- /dev/null
+++ b/ruby/ql/test/library-tests/frameworks/json/json.rb
@@ -0,0 +1,11 @@
+sink JSON.parse(source "a") # $hasTaintFlow=a
+sink JSON.parse!(source "a") # $hasTaintFlow=a
+sink JSON.load(source "a") # $hasTaintFlow=a
+sink JSON.restore(source "a") # $hasTaintFlow=a
+
+sink JSON.generate(source "a") # $hasTaintFlow=a
+sink JSON.fast_generate(source "a") # $hasTaintFlow=a
+sink JSON.pretty_generate(source "a") # $hasTaintFlow=a
+sink JSON.dump(source "a") # $hasTaintFlow=a
+sink JSON.unparse(source "a") # $hasTaintFlow=a
+sink JSON.fast_unparse(source "a") # $hasTaintFlow=a
diff --git a/ruby/ql/test/library-tests/frameworks/pathname/Pathname.expected b/ruby/ql/test/library-tests/frameworks/pathname/Pathname.expected
index e56238cf023..c760575bf2e 100644
--- a/ruby/ql/test/library-tests/frameworks/pathname/Pathname.expected
+++ b/ruby/ql/test/library-tests/frameworks/pathname/Pathname.expected
@@ -59,12 +59,12 @@ pathnameInstances
 | Pathname.rb:42:1:42:3 | p01 |
 | file://:0:0:0:0 | parameter position 0 of + |
 | file://:0:0:0:0 | parameter self of + |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[cleanpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[expand_path] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[realpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[relative_path_from] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub_ext] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[to_path] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[cleanpath] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[expand_path] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[realpath] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[relative_path_from] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[sub_ext] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[to_path] |
 | file://:0:0:0:0 | parameter self of sub |
 | file://:0:0:0:0 | parameter self of to_s |
 fileSystemAccesses
@@ -135,12 +135,12 @@ fileNameSources
 | Pathname.rb:42:1:42:3 | p01 |
 | file://:0:0:0:0 | parameter position 0 of + |
 | file://:0:0:0:0 | parameter self of + |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[cleanpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[expand_path] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[realpath] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[relative_path_from] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[sub_ext] |
-| file://:0:0:0:0 | parameter self of ;Pathname;Method[to_path] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[cleanpath] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[expand_path] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[realpath] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[relative_path_from] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[sub_ext] |
+| file://:0:0:0:0 | parameter self of Pathname;Method[to_path] |
 | file://:0:0:0:0 | parameter self of sub |
 | file://:0:0:0:0 | parameter self of to_s |
 fileSystemReadAccesses
diff --git a/ruby/ql/test/library-tests/modules/ancestors.expected b/ruby/ql/test/library-tests/modules/ancestors.expected
index 11abca965b6..9e2c70f6f1c 100644
--- a/ruby/ql/test/library-tests/modules/ancestors.expected
+++ b/ruby/ql/test/library-tests/modules/ancestors.expected
@@ -136,6 +136,18 @@ calls.rb:
 #  605| SingletonC
 #-----| super -> SingletonA
 
+#  618| Included
+
+#  626| IncludesIncluded
+#-----| super -> Object
+#-----| include -> Included
+
+#  633| CustomNew1
+#-----| super -> Object
+
+#  641| CustomNew2
+#-----| super -> Object
+
 hello.rb:
 #    1| EnglishWords
 
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
index afb8b6da172..19eea285289 100644
--- a/ruby/ql/test/library-tests/modules/callgraph.expected
+++ b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -233,6 +233,18 @@ getTarget
 | calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
 | calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
 | calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
+| calls.rb:620:9:620:16 | call to bar | calls.rb:622:5:623:7 | bar |
+| calls.rb:620:9:620:16 | call to bar | calls.rb:628:5:630:7 | bar |
+| calls.rb:627:5:627:20 | call to include | calls.rb:108:5:110:7 | include |
+| calls.rb:629:9:629:13 | call to super | calls.rb:622:5:623:7 | bar |
+| calls.rb:635:9:635:14 | call to new | calls.rb:117:5:117:16 | new |
+| calls.rb:639:1:639:14 | call to new | calls.rb:117:5:117:16 | new |
+| calls.rb:639:1:639:14 | call to new | calls.rb:634:5:636:7 | new |
+| calls.rb:639:1:639:23 | call to instance | calls.rb:326:5:328:7 | instance |
+| calls.rb:647:9:647:34 | call to puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:651:1:651:14 | call to new | calls.rb:117:5:117:16 | new |
+| calls.rb:651:1:651:14 | call to new | calls.rb:642:5:644:7 | new |
+| calls.rb:651:1:651:23 | call to instance | calls.rb:646:5:648:7 | instance |
 | hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include |
 | hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello |
 | hello.rb:20:16:20:20 | call to super | hello.rb:13:5:15:7 | message |
@@ -357,6 +369,7 @@ unresolvedCall
 | calls.rb:562:1:562:13 | call to [] |
 | calls.rb:562:1:562:39 | call to each |
 | calls.rb:570:5:570:14 | call to singleton2 |
+| calls.rb:643:9:643:21 | call to allocate |
 | hello.rb:20:16:20:26 | ... + ... |
 | hello.rb:20:16:20:34 | ... + ... |
 | hello.rb:20:16:20:40 | ... + ... |
@@ -476,6 +489,12 @@ publicMethod
 | calls.rb:600:5:602:7 | call_singleton1 |
 | calls.rb:606:5:607:7 | singleton1 |
 | calls.rb:609:5:611:7 | call_singleton1 |
+| calls.rb:619:5:621:7 | foo |
+| calls.rb:622:5:623:7 | bar |
+| calls.rb:628:5:630:7 | bar |
+| calls.rb:634:5:636:7 | new |
+| calls.rb:642:5:644:7 | new |
+| calls.rb:646:5:648:7 | instance |
 | hello.rb:2:5:4:7 | hello |
 | hello.rb:5:5:7:7 | world |
 | hello.rb:13:5:15:7 | message |
diff --git a/ruby/ql/test/library-tests/modules/calls.rb b/ruby/ql/test/library-tests/modules/calls.rb
index 031c85d67d8..27d90f84e93 100644
--- a/ruby/ql/test/library-tests/modules/calls.rb
+++ b/ruby/ql/test/library-tests/modules/calls.rb
@@ -614,3 +614,38 @@ end
 SingletonA.call_call_singleton1
 SingletonB.call_call_singleton1
 SingletonC.call_call_singleton1
+
+module Included
+    def foo
+        self.bar
+    end
+    def bar
+    end
+end
+
+class IncludesIncluded
+    include Included
+    def bar
+        super
+    end
+end
+
+class CustomNew1
+    def self.new
+        C1.new
+    end     
+end
+
+CustomNew1.new.instance
+
+class CustomNew2
+    def self.new
+        self.allocate
+    end
+
+    def instance
+        puts "CustomNew2#instance"
+    end
+end
+
+CustomNew2.new.instance
diff --git a/ruby/ql/test/library-tests/modules/methods.expected b/ruby/ql/test/library-tests/modules/methods.expected
index 5319fc55377..eb3d1de05a7 100644
--- a/ruby/ql/test/library-tests/modules/methods.expected
+++ b/ruby/ql/test/library-tests/modules/methods.expected
@@ -45,6 +45,10 @@ getMethod
 | calls.rb:531:1:544:3 | ProtectedMethods | bar | calls.rb:534:15:536:7 | bar |
 | calls.rb:531:1:544:3 | ProtectedMethods | baz | calls.rb:538:5:543:7 | baz |
 | calls.rb:550:1:555:3 | ProtectedMethodsSub | baz | calls.rb:551:5:554:7 | baz |
+| calls.rb:618:1:624:3 | Included | bar | calls.rb:622:5:623:7 | bar |
+| calls.rb:618:1:624:3 | Included | foo | calls.rb:619:5:621:7 | foo |
+| calls.rb:626:1:631:3 | IncludesIncluded | bar | calls.rb:628:5:630:7 | bar |
+| calls.rb:641:1:649:3 | CustomNew2 | instance | calls.rb:646:5:648:7 | instance |
 | hello.rb:1:1:8:3 | EnglishWords | hello | hello.rb:2:5:4:7 | hello |
 | hello.rb:1:1:8:3 | EnglishWords | world | hello.rb:5:5:7:7 | world |
 | hello.rb:11:1:16:3 | Greeting | message | hello.rb:13:5:15:7 | message |
@@ -478,6 +482,51 @@ lookupMethod
 | calls.rb:605:1:612:3 | SingletonC | private_on_main | calls.rb:185:1:186:3 | private_on_main |
 | calls.rb:605:1:612:3 | SingletonC | puts | calls.rb:102:5:102:30 | puts |
 | calls.rb:605:1:612:3 | SingletonC | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:618:1:624:3 | Included | bar | calls.rb:622:5:623:7 | bar |
+| calls.rb:618:1:624:3 | Included | foo | calls.rb:619:5:621:7 | foo |
+| calls.rb:626:1:631:3 | IncludesIncluded | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:626:1:631:3 | IncludesIncluded | bar | calls.rb:628:5:630:7 | bar |
+| calls.rb:626:1:631:3 | IncludesIncluded | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:626:1:631:3 | IncludesIncluded | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:626:1:631:3 | IncludesIncluded | create | calls.rb:278:1:286:3 | create |
+| calls.rb:626:1:631:3 | IncludesIncluded | foo | calls.rb:619:5:621:7 | foo |
+| calls.rb:626:1:631:3 | IncludesIncluded | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:626:1:631:3 | IncludesIncluded | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:626:1:631:3 | IncludesIncluded | new | calls.rb:117:5:117:16 | new |
+| calls.rb:626:1:631:3 | IncludesIncluded | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:626:1:631:3 | IncludesIncluded | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:626:1:631:3 | IncludesIncluded | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:626:1:631:3 | IncludesIncluded | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:626:1:631:3 | IncludesIncluded | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:633:1:637:3 | CustomNew1 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:633:1:637:3 | CustomNew1 | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:633:1:637:3 | CustomNew1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:633:1:637:3 | CustomNew1 | create | calls.rb:278:1:286:3 | create |
+| calls.rb:633:1:637:3 | CustomNew1 | foo | calls.rb:1:1:3:3 | foo |
+| calls.rb:633:1:637:3 | CustomNew1 | foo | calls.rb:85:1:89:3 | foo |
+| calls.rb:633:1:637:3 | CustomNew1 | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:633:1:637:3 | CustomNew1 | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:633:1:637:3 | CustomNew1 | new | calls.rb:117:5:117:16 | new |
+| calls.rb:633:1:637:3 | CustomNew1 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:633:1:637:3 | CustomNew1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:633:1:637:3 | CustomNew1 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:633:1:637:3 | CustomNew1 | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:633:1:637:3 | CustomNew1 | to_s | calls.rb:172:5:173:7 | to_s |
+| calls.rb:641:1:649:3 | CustomNew2 | add_singleton | calls.rb:367:1:371:3 | add_singleton |
+| calls.rb:641:1:649:3 | CustomNew2 | call_block | calls.rb:81:1:83:3 | call_block |
+| calls.rb:641:1:649:3 | CustomNew2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m |
+| calls.rb:641:1:649:3 | CustomNew2 | create | calls.rb:278:1:286:3 | create |
+| calls.rb:641:1:649:3 | CustomNew2 | foo | calls.rb:1:1:3:3 | foo |
+| calls.rb:641:1:649:3 | CustomNew2 | foo | calls.rb:85:1:89:3 | foo |
+| calls.rb:641:1:649:3 | CustomNew2 | funny | calls.rb:140:1:142:3 | funny |
+| calls.rb:641:1:649:3 | CustomNew2 | indirect | calls.rb:158:1:160:3 | indirect |
+| calls.rb:641:1:649:3 | CustomNew2 | instance | calls.rb:646:5:648:7 | instance |
+| calls.rb:641:1:649:3 | CustomNew2 | new | calls.rb:117:5:117:16 | new |
+| calls.rb:641:1:649:3 | CustomNew2 | optional_arg | calls.rb:76:1:79:3 | optional_arg |
+| calls.rb:641:1:649:3 | CustomNew2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch |
+| calls.rb:641:1:649:3 | CustomNew2 | private_on_main | calls.rb:185:1:186:3 | private_on_main |
+| calls.rb:641:1:649:3 | CustomNew2 | puts | calls.rb:102:5:102:30 | puts |
+| calls.rb:641:1:649:3 | CustomNew2 | to_s | calls.rb:172:5:173:7 | to_s |
 | file://:0:0:0:0 | Class | include | calls.rb:108:5:110:7 | include |
 | file://:0:0:0:0 | Class | module_eval | calls.rb:107:5:107:24 | module_eval |
 | file://:0:0:0:0 | Class | new | calls.rb:117:5:117:16 | new |
@@ -965,6 +1014,17 @@ enclosingMethod
 | calls.rb:601:9:601:18 | self | calls.rb:600:5:602:7 | call_singleton1 |
 | calls.rb:610:9:610:18 | call to singleton1 | calls.rb:609:5:611:7 | call_singleton1 |
 | calls.rb:610:9:610:18 | self | calls.rb:609:5:611:7 | call_singleton1 |
+| calls.rb:620:9:620:12 | self | calls.rb:619:5:621:7 | foo |
+| calls.rb:620:9:620:16 | call to bar | calls.rb:619:5:621:7 | foo |
+| calls.rb:629:9:629:13 | call to super | calls.rb:628:5:630:7 | bar |
+| calls.rb:635:9:635:10 | C1 | calls.rb:634:5:636:7 | new |
+| calls.rb:635:9:635:14 | call to new | calls.rb:634:5:636:7 | new |
+| calls.rb:643:9:643:12 | self | calls.rb:642:5:644:7 | new |
+| calls.rb:643:9:643:21 | call to allocate | calls.rb:642:5:644:7 | new |
+| calls.rb:647:9:647:34 | call to puts | calls.rb:646:5:648:7 | instance |
+| calls.rb:647:9:647:34 | self | calls.rb:646:5:648:7 | instance |
+| calls.rb:647:14:647:34 | "CustomNew2#instance" | calls.rb:646:5:648:7 | instance |
+| calls.rb:647:15:647:33 | CustomNew2#instance | calls.rb:646:5:648:7 | instance |
 | hello.rb:3:9:3:22 | return | hello.rb:2:5:4:7 | hello |
 | hello.rb:3:16:3:22 | "hello" | hello.rb:2:5:4:7 | hello |
 | hello.rb:3:17:3:21 | hello | hello.rb:2:5:4:7 | hello |
diff --git a/ruby/ql/test/library-tests/modules/modules.expected b/ruby/ql/test/library-tests/modules/modules.expected
index 01b81e01efe..6c25a173009 100644
--- a/ruby/ql/test/library-tests/modules/modules.expected
+++ b/ruby/ql/test/library-tests/modules/modules.expected
@@ -32,6 +32,10 @@ getModule
 | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:605:1:612:3 | SingletonC |
+| calls.rb:618:1:624:3 | Included |
+| calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:641:1:649:3 | CustomNew2 |
 | file://:0:0:0:0 | BasicObject |
 | file://:0:0:0:0 | Class |
 | file://:0:0:0:0 | Complex |
@@ -101,7 +105,7 @@ getADeclaration
 | calls.rb:96:1:98:3 | String | calls.rb:96:1:98:3 | String |
 | calls.rb:100:1:103:3 | Kernel | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:105:1:113:3 | Module | calls.rb:105:1:113:3 | Module |
-| calls.rb:115:1:118:3 | Object | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:115:1:118:3 | Object | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:115:1:118:3 | Object | calls.rb:115:1:118:3 | Object |
 | calls.rb:115:1:118:3 | Object | hello.rb:1:1:22:3 | hello.rb |
 | calls.rb:115:1:118:3 | Object | instance_fields.rb:1:1:29:4 | instance_fields.rb |
@@ -139,6 +143,10 @@ getADeclaration
 | calls.rb:583:1:594:3 | SingletonA | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:596:1:603:3 | SingletonB | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:605:1:612:3 | SingletonC | calls.rb:605:1:612:3 | SingletonC |
+| calls.rb:618:1:624:3 | Included | calls.rb:618:1:624:3 | Included |
+| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:641:1:649:3 | CustomNew2 |
 | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:8:3 | EnglishWords |
 | hello.rb:11:1:16:3 | Greeting | hello.rb:11:1:16:3 | Greeting |
 | hello.rb:18:1:22:3 | HelloWorld | hello.rb:18:1:22:3 | HelloWorld |
@@ -218,6 +226,9 @@ getSuperClass
 | calls.rb:583:1:594:3 | SingletonA | calls.rb:115:1:118:3 | Object |
 | calls.rb:596:1:603:3 | SingletonB | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:605:1:612:3 | SingletonC | calls.rb:583:1:594:3 | SingletonA |
+| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:115:1:118:3 | Object |
+| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:115:1:118:3 | Object |
+| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:115:1:118:3 | Object |
 | file://:0:0:0:0 | Class | calls.rb:105:1:113:3 | Module |
 | file://:0:0:0:0 | Complex | file://:0:0:0:0 | Numeric |
 | file://:0:0:0:0 | FalseClass | calls.rb:115:1:118:3 | Object |
@@ -256,6 +267,7 @@ getAnIncludedModule
 | calls.rb:43:1:58:3 | C | calls.rb:21:1:34:3 | M |
 | calls.rb:115:1:118:3 | Object | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:525:1:529:3 | ProtectedMethodInModule |
+| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:618:1:624:3 | Included |
 | hello.rb:11:1:16:3 | Greeting | hello.rb:1:1:8:3 | EnglishWords |
 | modules.rb:88:1:93:3 | IncludeTest | modules.rb:63:1:81:3 | Test |
 | modules.rb:95:1:99:3 | IncludeTest2 | modules.rb:63:1:81:3 | Test |
@@ -358,6 +370,10 @@ resolveConstantReadAccess
 | calls.rb:614:1:614:10 | SingletonA | SingletonA |
 | calls.rb:615:1:615:10 | SingletonB | SingletonB |
 | calls.rb:616:1:616:10 | SingletonC | SingletonC |
+| calls.rb:627:13:627:20 | Included | Included |
+| calls.rb:635:9:635:10 | C1 | C1 |
+| calls.rb:639:1:639:10 | CustomNew1 | CustomNew1 |
+| calls.rb:651:1:651:10 | CustomNew2 | CustomNew2 |
 | hello.rb:12:13:12:24 | EnglishWords | EnglishWords |
 | hello.rb:18:20:18:27 | Greeting | Greeting |
 | instance_fields.rb:4:22:4:31 | A_target | A_target |
@@ -438,6 +454,10 @@ resolveConstantWriteAccess
 | calls.rb:583:1:594:3 | SingletonA | SingletonA |
 | calls.rb:596:1:603:3 | SingletonB | SingletonB |
 | calls.rb:605:1:612:3 | SingletonC | SingletonC |
+| calls.rb:618:1:624:3 | Included | Included |
+| calls.rb:626:1:631:3 | IncludesIncluded | IncludesIncluded |
+| calls.rb:633:1:637:3 | CustomNew1 | CustomNew1 |
+| calls.rb:641:1:649:3 | CustomNew2 | CustomNew2 |
 | hello.rb:1:1:8:3 | EnglishWords | EnglishWords |
 | hello.rb:11:1:16:3 | Greeting | Greeting |
 | hello.rb:18:1:22:3 | HelloWorld | HelloWorld |
@@ -504,32 +524,32 @@ resolveConstantWriteAccess
 | unresolved_subclass.rb:7:1:8:3 | Subclass2 | UnresolvedNamespace::Subclass2 |
 | unresolved_subclass.rb:11:1:12:3 | A | UnresolvedNamespace::A |
 enclosingModule
-| calls.rb:1:1:3:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:2:5:2:14 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:2:11:2:13 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:5:1:5:3 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:7:1:9:3 | bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:7:5:7:8 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:8:5:8:15 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:11:1:11:4 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:13:1:15:3 | bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:13:5:13:8 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:14:5:14:15 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:17:1:17:4 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:19:1:19:4 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:21:1:34:3 | M | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:1:1:3:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:2:5:2:14 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:2:11:2:13 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:5:1:5:3 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:7:1:9:3 | bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:7:5:7:8 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:8:5:8:15 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:11:1:11:4 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:13:1:15:3 | bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:13:5:13:8 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:14:5:14:15 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:17:1:17:4 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:19:1:19:4 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:21:1:34:3 | M | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:22:5:24:7 | instance_m | calls.rb:21:1:34:3 | M |
 | calls.rb:23:9:23:19 | call to singleton_m | calls.rb:21:1:34:3 | M |
 | calls.rb:23:9:23:19 | self | calls.rb:21:1:34:3 | M |
@@ -545,14 +565,14 @@ enclosingModule
 | calls.rb:32:5:32:15 | self | calls.rb:21:1:34:3 | M |
 | calls.rb:33:5:33:8 | self | calls.rb:21:1:34:3 | M |
 | calls.rb:33:5:33:20 | call to singleton_m | calls.rb:21:1:34:3 | M |
-| calls.rb:36:1:36:1 | M | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:37:1:37:1 | M | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:40:5:40:14 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:43:1:58:3 | C | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:36:1:36:1 | M | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:37:1:37:1 | M | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:40:5:40:14 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:43:1:58:3 | C | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:44:5:44:13 | call to include | calls.rb:43:1:58:3 | C |
 | calls.rb:44:5:44:13 | self | calls.rb:43:1:58:3 | C |
 | calls.rb:44:13:44:13 | M | calls.rb:43:1:58:3 | C |
@@ -573,66 +593,66 @@ enclosingModule
 | calls.rb:55:9:55:19 | self | calls.rb:43:1:58:3 | C |
 | calls.rb:56:9:56:12 | self | calls.rb:43:1:58:3 | C |
 | calls.rb:56:9:56:24 | call to singleton_m | calls.rb:43:1:58:3 | C |
-| calls.rb:60:1:60:1 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:60:5:60:5 | C | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:61:1:61:1 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:62:1:62:1 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:63:1:63:1 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:65:1:69:3 | D | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:65:11:65:11 | C | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:60:1:60:1 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:60:5:60:5 | C | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:61:1:61:1 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:62:1:62:1 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:63:1:63:1 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:65:1:69:3 | D | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:65:11:65:11 | C | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:66:5:68:7 | baz | calls.rb:65:1:69:3 | D |
 | calls.rb:67:9:67:13 | call to super | calls.rb:65:1:69:3 | D |
-| calls.rb:71:1:71:1 | d | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:71:5:71:5 | D | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:72:1:72:1 | d | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:73:1:73:1 | d | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:74:1:74:1 | d | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:18:76:18 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:18:76:18 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:25:76:25 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:25:76:25 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:77:5:77:5 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:78:5:78:5 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:85:1:89:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:86:5:86:7 | var | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:87:5:87:7 | var | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:5:88:29 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:19:88:19 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:19:88:19 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:22:88:24 | var | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:88:26:88:26 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:71:1:71:1 | d | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:71:5:71:5 | D | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:72:1:72:1 | d | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:73:1:73:1 | d | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:74:1:74:1 | d | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:18:76:18 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:18:76:18 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:25:76:25 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:25:76:25 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:77:5:77:5 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:78:5:78:5 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:85:1:89:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:86:5:86:7 | var | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:87:5:87:7 | var | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:5:88:29 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:19:88:19 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:19:88:19 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:22:88:24 | var | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:88:26:88:26 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:92:5:92:23 | bit_length | calls.rb:91:1:94:3 | Integer |
 | calls.rb:93:5:93:16 | abs | calls.rb:91:1:94:3 | Integer |
-| calls.rb:96:1:98:3 | String | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:96:1:98:3 | String | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:97:5:97:23 | capitalize | calls.rb:96:1:98:3 | String |
-| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:101:5:101:25 | alias ... | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:101:11:101:19 | :old_puts | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:101:11:101:19 | old_puts | calls.rb:100:1:103:3 | Kernel |
@@ -644,7 +664,7 @@ enclosingModule
 | calls.rb:102:17:102:26 | call to old_puts | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:102:17:102:26 | self | calls.rb:100:1:103:3 | Kernel |
 | calls.rb:102:26:102:26 | x | calls.rb:100:1:103:3 | Kernel |
-| calls.rb:105:1:113:3 | Module | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:105:1:113:3 | Module | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:106:5:106:31 | alias ... | calls.rb:105:1:113:3 | Module |
 | calls.rb:106:11:106:22 | :old_include | calls.rb:105:1:113:3 | Module |
 | calls.rb:106:11:106:22 | old_include | calls.rb:105:1:113:3 | Module |
@@ -659,13 +679,13 @@ enclosingModule
 | calls.rb:109:21:109:21 | x | calls.rb:105:1:113:3 | Module |
 | calls.rb:111:5:111:20 | prepend | calls.rb:105:1:113:3 | Module |
 | calls.rb:112:5:112:20 | private | calls.rb:105:1:113:3 | Module |
-| calls.rb:115:1:118:3 | Object | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:115:16:115:21 | Module | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:115:1:118:3 | Object | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:115:16:115:21 | Module | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:116:5:116:18 | call to include | calls.rb:115:1:118:3 | Object |
 | calls.rb:116:5:116:18 | self | calls.rb:115:1:118:3 | Object |
 | calls.rb:116:13:116:18 | Kernel | calls.rb:115:1:118:3 | Object |
 | calls.rb:117:5:117:16 | new | calls.rb:115:1:118:3 | Object |
-| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:121:5:121:25 | alias ... | calls.rb:120:1:123:3 | Hash |
 | calls.rb:121:11:121:21 | :old_lookup | calls.rb:120:1:123:3 | Hash |
 | calls.rb:121:11:121:21 | old_lookup | calls.rb:120:1:123:3 | Hash |
@@ -677,7 +697,7 @@ enclosingModule
 | calls.rb:122:15:122:27 | call to old_lookup | calls.rb:120:1:123:3 | Hash |
 | calls.rb:122:15:122:27 | self | calls.rb:120:1:123:3 | Hash |
 | calls.rb:122:26:122:26 | x | calls.rb:120:1:123:3 | Hash |
-| calls.rb:125:1:138:3 | Array | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:125:1:138:3 | Array | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:126:3:126:23 | alias ... | calls.rb:125:1:138:3 | Array |
 | calls.rb:126:9:126:19 | :old_lookup | calls.rb:125:1:138:3 | Array |
 | calls.rb:126:9:126:19 | old_lookup | calls.rb:125:1:138:3 | Array |
@@ -713,130 +733,130 @@ enclosingModule
 | calls.rb:135:9:135:14 | ... = ... | calls.rb:125:1:138:3 | Array |
 | calls.rb:135:11:135:12 | ... + ... | calls.rb:125:1:138:3 | Array |
 | calls.rb:135:14:135:14 | 1 | calls.rb:125:1:138:3 | Array |
-| calls.rb:140:1:142:3 | funny | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:141:12:141:19 | prefix:  | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:1:144:30 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:10:144:10 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:10:144:10 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:13:144:29 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:18:144:18 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:146:2:146:2 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:1:150:13 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:3:150:3 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:7:150:7 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:11:150:11 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:26:150:26 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:26:150:26 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:29:150:29 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:29:150:29 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:32:150:61 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:40:150:40 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:42:150:45 |  ->  | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:48:150:48 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:1:152:7 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:20:152:20 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:20:152:20 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:23:152:23 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:1:154:7 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:20:154:20 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:20:154:20 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:23:154:39 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:28:154:28 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:1:156:8 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:21:156:21 | _ | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:21:156:21 | _ | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:24:156:24 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:24:156:24 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:27:156:36 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:32:156:32 | v | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:158:14:158:15 | &b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:158:15:158:15 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:159:5:159:17 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:159:16:159:17 | &... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:159:17:159:17 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:1:162:28 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:13:162:13 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:13:162:13 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:16:162:16 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:165:1:169:3 | S | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:140:1:142:3 | funny | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:141:12:141:19 | prefix:  | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:1:144:30 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:10:144:10 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:10:144:10 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:13:144:29 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:18:144:18 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:146:2:146:2 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:1:150:13 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:3:150:3 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:7:150:7 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:11:150:11 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:26:150:26 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:26:150:26 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:29:150:29 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:29:150:29 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:32:150:61 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:40:150:40 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:42:150:45 |  ->  | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:48:150:48 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:1:152:7 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:20:152:20 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:20:152:20 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:23:152:23 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:1:154:7 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:20:154:20 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:20:154:20 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:23:154:39 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:28:154:28 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:1:156:8 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:21:156:21 | _ | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:21:156:21 | _ | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:24:156:24 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:24:156:24 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:27:156:36 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:32:156:32 | v | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:158:14:158:15 | &b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:158:15:158:15 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:159:5:159:17 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:159:16:159:17 | &... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:159:17:159:17 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:1:162:28 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:13:162:13 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:13:162:13 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:16:162:16 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:165:1:169:3 | S | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:166:5:168:7 | s_method | calls.rb:165:1:169:3 | S |
 | calls.rb:167:9:167:12 | self | calls.rb:165:1:169:3 | S |
 | calls.rb:167:9:167:17 | call to to_s | calls.rb:165:1:169:3 | S |
-| calls.rb:171:1:174:3 | A | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:171:11:171:11 | S | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:171:1:174:3 | A | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:171:11:171:11 | S | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:172:5:173:7 | to_s | calls.rb:171:1:174:3 | A |
-| calls.rb:176:1:179:3 | B | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:176:11:176:11 | S | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:176:1:179:3 | B | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:176:11:176:11 | S | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:177:5:178:7 | to_s | calls.rb:176:1:179:3 | B |
-| calls.rb:181:1:181:1 | S | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:182:1:182:1 | A | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:183:1:183:1 | B | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:188:1:188:15 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:181:1:181:1 | S | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:182:1:182:1 | A | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:183:1:183:1 | B | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:188:1:188:15 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:191:5:194:7 | singleton_a | calls.rb:190:1:226:3 | Singletons |
 | calls.rb:191:9:191:12 | self | calls.rb:190:1:226:3 | Singletons |
 | calls.rb:192:9:192:26 | call to puts | calls.rb:190:1:226:3 | Singletons |
@@ -886,126 +906,126 @@ enclosingModule
 | calls.rb:223:5:225:7 | call_singleton_g | calls.rb:190:1:226:3 | Singletons |
 | calls.rb:224:9:224:12 | self | calls.rb:190:1:226:3 | Singletons |
 | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:190:1:226:3 | Singletons |
-| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:237:5:237:24 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:244:5:244:24 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:237:5:237:24 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:244:5:244:24 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:251:5:253:7 | singleton_g | calls.rb:250:1:254:3 | class << ... |
 | calls.rb:252:9:252:28 | call to puts | calls.rb:250:1:254:3 | class << ... |
 | calls.rb:252:9:252:28 | self | calls.rb:250:1:254:3 | class << ... |
 | calls.rb:252:14:252:28 | "singleton_g_3" | calls.rb:250:1:254:3 | class << ... |
 | calls.rb:252:15:252:27 | singleton_g_3 | calls.rb:250:1:254:3 | class << ... |
-| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:263:1:263:4 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:265:1:265:16 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:268:5:268:22 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:278:1:286:3 | create | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:278:12:278:15 | type | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:278:12:278:15 | type | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:279:5:279:8 | type | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:281:9:281:12 | type | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:282:9:282:26 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:285:5:285:8 | type | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:288:1:288:17 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:291:1:291:1 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:293:10:293:10 | x | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:263:1:263:4 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:265:1:265:16 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:268:5:268:22 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:278:1:286:3 | create | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:278:12:278:15 | type | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:278:12:278:15 | type | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:279:5:279:8 | type | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:281:9:281:12 | type | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:282:9:282:26 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:285:5:285:8 | type | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:288:1:288:17 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:291:1:291:1 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:293:10:293:10 | x | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:294:5:296:7 | singleton_i | calls.rb:293:1:297:3 | class << ... |
 | calls.rb:295:9:295:26 | call to puts | calls.rb:293:1:297:3 | class << ... |
 | calls.rb:295:9:295:26 | self | calls.rb:293:1:297:3 | class << ... |
 | calls.rb:295:14:295:26 | "singleton_i" | calls.rb:293:1:297:3 | class << ... |
 | calls.rb:295:15:295:25 | singleton_i | calls.rb:293:1:297:3 | class << ... |
-| calls.rb:299:1:299:1 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:299:1:299:1 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:303:5:305:7 | singleton_j | calls.rb:302:1:306:3 | class << ... |
 | calls.rb:304:9:304:26 | call to puts | calls.rb:302:1:306:3 | class << ... |
 | calls.rb:304:9:304:26 | self | calls.rb:302:1:306:3 | class << ... |
 | calls.rb:304:14:304:26 | "singleton_j" | calls.rb:302:1:306:3 | class << ... |
 | calls.rb:304:15:304:25 | singleton_j | calls.rb:302:1:306:3 | class << ... |
-| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:311:5:314:7 | instance | calls.rb:310:1:321:3 | SelfNew |
 | calls.rb:312:9:312:31 | call to puts | calls.rb:310:1:321:3 | SelfNew |
 | calls.rb:312:9:312:31 | self | calls.rb:310:1:321:3 | SelfNew |
@@ -1022,110 +1042,110 @@ enclosingModule
 | calls.rb:320:5:320:7 | call to new | calls.rb:310:1:321:3 | SelfNew |
 | calls.rb:320:5:320:7 | self | calls.rb:310:1:321:3 | SelfNew |
 | calls.rb:320:5:320:16 | call to instance | calls.rb:310:1:321:3 | SelfNew |
-| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:325:1:329:3 | C1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:325:1:329:3 | C1 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:326:5:328:7 | instance | calls.rb:325:1:329:3 | C1 |
 | calls.rb:327:9:327:26 | call to puts | calls.rb:325:1:329:3 | C1 |
 | calls.rb:327:9:327:26 | self | calls.rb:325:1:329:3 | C1 |
 | calls.rb:327:14:327:26 | "C1#instance" | calls.rb:325:1:329:3 | C1 |
 | calls.rb:327:15:327:25 | C1#instance | calls.rb:325:1:329:3 | C1 |
-| calls.rb:331:1:335:3 | C2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:331:12:331:13 | C1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:331:1:335:3 | C2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:331:12:331:13 | C1 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:332:5:334:7 | instance | calls.rb:331:1:335:3 | C2 |
 | calls.rb:333:9:333:26 | call to puts | calls.rb:331:1:335:3 | C2 |
 | calls.rb:333:9:333:26 | self | calls.rb:331:1:335:3 | C2 |
 | calls.rb:333:14:333:26 | "C2#instance" | calls.rb:331:1:335:3 | C2 |
 | calls.rb:333:15:333:25 | C2#instance | calls.rb:331:1:335:3 | C2 |
-| calls.rb:337:1:341:3 | C3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:337:12:337:13 | C2 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:337:1:341:3 | C3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:337:12:337:13 | C2 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:338:5:340:7 | instance | calls.rb:337:1:341:3 | C3 |
 | calls.rb:339:9:339:26 | call to puts | calls.rb:337:1:341:3 | C3 |
 | calls.rb:339:9:339:26 | self | calls.rb:337:1:341:3 | C3 |
 | calls.rb:339:14:339:26 | "C3#instance" | calls.rb:337:1:341:3 | C3 |
 | calls.rb:339:15:339:25 | C3#instance | calls.rb:337:1:341:3 | C3 |
-| calls.rb:343:1:359:3 | pattern_dispatch | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:343:22:343:22 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:343:22:343:22 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:344:5:352:7 | case ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:344:10:344:10 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:345:5:346:18 | when ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:345:10:345:11 | C3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:345:12:346:18 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:346:9:346:9 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:346:9:346:18 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:347:5:348:18 | when ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:347:10:347:11 | C2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:347:12:348:18 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:348:9:348:9 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:348:9:348:18 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:349:10:349:11 | C1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:350:9:350:9 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:351:5:351:8 | else ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:354:5:358:7 | case ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:354:10:354:10 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:355:9:355:29 | in ... then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:355:12:355:13 | C3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:355:15:355:29 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:355:20:355:20 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:355:20:355:29 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:9:356:36 | in ... then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:12:356:13 | C2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:12:356:19 | ... => ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:18:356:19 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:21:356:36 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:26:356:27 | c2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:356:26:356:36 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:9:357:36 | in ... then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:12:357:13 | C1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:12:357:19 | ... => ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:18:357:19 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:21:357:36 | then ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:26:357:27 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:357:26:357:36 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:361:1:361:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:361:1:361:11 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:361:6:361:7 | C1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:361:6:361:11 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:362:1:362:2 | c1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:362:1:362:11 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:363:1:363:25 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:363:18:363:25 | ( ... ) | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:363:19:363:20 | C1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:363:19:363:24 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:364:1:364:25 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:364:18:364:25 | ( ... ) | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:364:19:364:20 | C2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:364:19:364:24 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:365:1:365:25 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:365:18:365:25 | ( ... ) | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:365:19:365:20 | C3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:365:19:365:24 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:367:1:371:3 | add_singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:367:19:367:19 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:367:19:367:19 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:368:5:370:7 | instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:368:9:368:9 | x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:369:9:369:28 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:369:9:369:28 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:369:15:369:27 | instance_on x | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:373:1:373:2 | c3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:373:1:373:11 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:373:6:373:7 | C1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:373:6:373:11 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:374:1:374:16 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:374:15:374:16 | c3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:375:1:375:2 | c3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:375:1:375:11 | call to instance | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:377:1:405:3 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:343:1:359:3 | pattern_dispatch | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:343:22:343:22 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:343:22:343:22 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:344:5:352:7 | case ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:344:10:344:10 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:345:5:346:18 | when ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:345:10:345:11 | C3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:345:12:346:18 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:346:9:346:9 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:346:9:346:18 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:347:5:348:18 | when ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:347:10:347:11 | C2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:347:12:348:18 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:348:9:348:9 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:348:9:348:18 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:349:10:349:11 | C1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:350:9:350:9 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:351:5:351:8 | else ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:354:5:358:7 | case ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:354:10:354:10 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:355:9:355:29 | in ... then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:355:12:355:13 | C3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:355:15:355:29 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:355:20:355:20 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:355:20:355:29 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:9:356:36 | in ... then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:12:356:13 | C2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:12:356:19 | ... => ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:18:356:19 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:21:356:36 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:26:356:27 | c2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:356:26:356:36 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:9:357:36 | in ... then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:12:357:13 | C1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:12:357:19 | ... => ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:18:357:19 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:21:357:36 | then ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:26:357:27 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:357:26:357:36 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:361:1:361:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:361:1:361:11 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:361:6:361:7 | C1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:361:6:361:11 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:362:1:362:2 | c1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:362:1:362:11 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:363:1:363:25 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:363:18:363:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:363:19:363:20 | C1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:363:19:363:24 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:364:1:364:25 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:364:18:364:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:364:19:364:20 | C2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:364:19:364:24 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:365:1:365:25 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:365:18:365:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:365:19:365:20 | C3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:365:19:365:24 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:367:1:371:3 | add_singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:367:19:367:19 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:367:19:367:19 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:368:5:370:7 | instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:368:9:368:9 | x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:369:9:369:28 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:369:9:369:28 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:369:15:369:27 | instance_on x | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:373:1:373:2 | c3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:373:1:373:11 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:373:6:373:7 | C1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:373:6:373:11 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:374:1:374:16 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:374:15:374:16 | c3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:375:1:375:2 | c3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:375:1:375:11 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:377:1:405:3 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:378:5:390:7 | class << ... | calls.rb:377:1:405:3 | SingletonOverride1 |
 | calls.rb:378:14:378:17 | self | calls.rb:377:1:405:3 | SingletonOverride1 |
 | calls.rb:379:9:381:11 | singleton1 | calls.rb:378:5:390:7 | class << ... |
@@ -1157,16 +1177,16 @@ enclosingModule
 | calls.rb:403:9:403:43 | self | calls.rb:377:1:405:3 | SingletonOverride1 |
 | calls.rb:403:14:403:43 | "SingletonOverride1#instance1" | calls.rb:377:1:405:3 | SingletonOverride1 |
 | calls.rb:403:15:403:42 | SingletonOverride1#instance1 | calls.rb:377:1:405:3 | SingletonOverride1 |
-| calls.rb:407:1:407:18 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:407:1:407:29 | call to singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:408:1:408:18 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:408:1:408:29 | call to singleton2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:409:1:409:18 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:409:1:409:34 | call to call_singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:410:1:410:18 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:410:1:410:34 | call to call_singleton2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:412:1:426:3 | SingletonOverride2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:412:28:412:45 | SingletonOverride1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:407:1:407:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:407:1:407:29 | call to singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:408:1:408:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:408:1:408:29 | call to singleton2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:409:1:409:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:409:1:409:34 | call to call_singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:410:1:410:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:410:1:410:34 | call to call_singleton2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:412:1:426:3 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:412:28:412:45 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:413:5:417:7 | class << ... | calls.rb:412:1:426:3 | SingletonOverride2 |
 | calls.rb:413:14:413:17 | self | calls.rb:412:1:426:3 | SingletonOverride2 |
 | calls.rb:414:9:416:11 | singleton1 | calls.rb:413:5:417:7 | class << ... |
@@ -1185,15 +1205,15 @@ enclosingModule
 | calls.rb:424:9:424:43 | self | calls.rb:412:1:426:3 | SingletonOverride2 |
 | calls.rb:424:14:424:43 | "SingletonOverride2#instance1" | calls.rb:412:1:426:3 | SingletonOverride2 |
 | calls.rb:424:15:424:42 | SingletonOverride2#instance1 | calls.rb:412:1:426:3 | SingletonOverride2 |
-| calls.rb:428:1:428:18 | SingletonOverride2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:428:1:428:29 | call to singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:429:1:429:18 | SingletonOverride2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:429:1:429:29 | call to singleton2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:430:1:430:18 | SingletonOverride2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:430:1:430:34 | call to call_singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:431:1:431:18 | SingletonOverride2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:431:1:431:34 | call to call_singleton2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:433:1:461:3 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:428:1:428:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:428:1:428:29 | call to singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:429:1:429:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:429:1:429:29 | call to singleton2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:430:1:430:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:430:1:430:34 | call to call_singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:431:1:431:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:431:1:431:34 | call to call_singleton2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:433:1:461:3 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:434:5:438:7 | if ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
 | calls.rb:434:8:434:13 | call to rand | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
 | calls.rb:434:8:434:13 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
@@ -1238,91 +1258,91 @@ enclosingModule
 | calls.rb:457:17:457:40 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
 | calls.rb:457:22:457:40 | "AnonymousClass#m5" | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
 | calls.rb:457:23:457:39 | AnonymousClass#m5 | calls.rb:433:1:461:3 | ConditionalInstanceMethods |
-| calls.rb:463:1:463:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:463:1:463:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:463:1:463:33 | call to m1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:464:1:464:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:464:1:464:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:464:1:464:33 | call to m3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:465:1:465:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:465:1:465:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:465:1:465:33 | call to m2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:466:1:466:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:466:1:466:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:466:1:466:33 | call to m3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:467:1:467:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:467:1:467:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:467:1:467:33 | call to m4 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:468:1:468:26 | ConditionalInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:468:1:468:30 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:468:1:468:33 | call to m5 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:470:1:470:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:470:1:488:3 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:470:27:470:31 | Class | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:470:27:488:3 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:470:37:488:3 | do ... end | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:5:471:11 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:5:471:11 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:5:471:11 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:5:475:7 | call to each | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:6:471:6 | 0 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:8:471:8 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:10:471:10 | 2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:471:18:475:7 | do ... end | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:472:9:474:11 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:473:13:473:22 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:473:13:473:22 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:473:18:473:22 | "foo" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:473:19:473:21 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:477:5:477:9 | Class | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:477:5:481:7 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:477:5:481:11 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:477:5:481:15 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:477:15:481:7 | do ... end | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:478:9:480:11 | bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:479:13:479:22 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:479:13:479:22 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:479:18:479:22 | "bar" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:479:19:479:21 | bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:5:483:11 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:5:483:11 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:5:483:11 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:5:487:7 | call to each | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:6:483:6 | 0 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:8:483:8 | 1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:10:483:10 | 2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:18:487:7 | do ... end | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:22:483:22 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:483:22:483:22 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:9:486:11 | call to define_method | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:9:486:11 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:23:484:32 | "baz_#{...}" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:24:484:27 | baz_ | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:28:484:31 | #{...} | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:30:484:30 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:484:35:486:11 | do ... end | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:13:485:27 | call to puts | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:13:485:27 | self | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:18:485:27 | "baz_#{...}" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:19:485:22 | baz_ | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:23:485:26 | #{...} | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:485:25:485:25 | i | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:490:1:490:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:490:1:490:27 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:490:1:490:31 | call to foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:491:1:491:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:491:1:491:27 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:491:1:491:31 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:492:1:492:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:492:1:492:27 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:492:1:492:33 | call to baz_0 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:493:1:493:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:493:1:493:27 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:493:1:493:33 | call to baz_1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:494:1:494:23 | EsotericInstanceMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:494:1:494:27 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:494:1:494:33 | call to baz_2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:496:1:502:3 | ExtendSingletonMethod | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:463:1:463:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:463:1:463:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:463:1:463:33 | call to m1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:464:1:464:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:464:1:464:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:464:1:464:33 | call to m3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:465:1:465:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:465:1:465:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:465:1:465:33 | call to m2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:466:1:466:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:466:1:466:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:466:1:466:33 | call to m3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:467:1:467:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:467:1:467:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:467:1:467:33 | call to m4 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:468:1:468:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:468:1:468:30 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:468:1:468:33 | call to m5 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:470:1:470:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:470:1:488:3 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:470:27:470:31 | Class | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:470:27:488:3 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:470:37:488:3 | do ... end | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:5:471:11 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:5:471:11 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:5:471:11 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:5:475:7 | call to each | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:6:471:6 | 0 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:8:471:8 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:10:471:10 | 2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:471:18:475:7 | do ... end | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:472:9:474:11 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:473:13:473:22 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:473:13:473:22 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:473:18:473:22 | "foo" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:473:19:473:21 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:477:5:477:9 | Class | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:477:5:481:7 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:477:5:481:11 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:477:5:481:15 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:477:15:481:7 | do ... end | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:478:9:480:11 | bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:479:13:479:22 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:479:13:479:22 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:479:18:479:22 | "bar" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:479:19:479:21 | bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:5:483:11 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:5:483:11 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:5:483:11 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:5:487:7 | call to each | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:6:483:6 | 0 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:8:483:8 | 1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:10:483:10 | 2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:18:487:7 | do ... end | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:22:483:22 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:483:22:483:22 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:9:486:11 | call to define_method | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:9:486:11 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:23:484:32 | "baz_#{...}" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:24:484:27 | baz_ | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:28:484:31 | #{...} | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:30:484:30 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:484:35:486:11 | do ... end | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:13:485:27 | call to puts | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:13:485:27 | self | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:18:485:27 | "baz_#{...}" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:19:485:22 | baz_ | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:23:485:26 | #{...} | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:485:25:485:25 | i | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:490:1:490:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:490:1:490:27 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:490:1:490:31 | call to foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:491:1:491:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:491:1:491:27 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:491:1:491:31 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:492:1:492:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:492:1:492:27 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:492:1:492:33 | call to baz_0 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:493:1:493:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:493:1:493:27 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:493:1:493:33 | call to baz_1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:494:1:494:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:494:1:494:27 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:494:1:494:33 | call to baz_2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:496:1:502:3 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:497:5:499:7 | singleton | calls.rb:496:1:502:3 | ExtendSingletonMethod |
 | calls.rb:498:9:498:46 | call to puts | calls.rb:496:1:502:3 | ExtendSingletonMethod |
 | calls.rb:498:9:498:46 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod |
@@ -1331,32 +1351,32 @@ enclosingModule
 | calls.rb:501:5:501:15 | call to extend | calls.rb:496:1:502:3 | ExtendSingletonMethod |
 | calls.rb:501:5:501:15 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod |
 | calls.rb:501:12:501:15 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod |
-| calls.rb:504:1:504:21 | ExtendSingletonMethod | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:504:1:504:31 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:504:1:504:21 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:504:1:504:31 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:507:5:507:32 | call to extend | calls.rb:506:1:508:3 | ExtendSingletonMethod2 |
 | calls.rb:507:5:507:32 | self | calls.rb:506:1:508:3 | ExtendSingletonMethod2 |
 | calls.rb:507:12:507:32 | ExtendSingletonMethod | calls.rb:506:1:508:3 | ExtendSingletonMethod2 |
-| calls.rb:510:1:510:22 | ExtendSingletonMethod2 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:510:1:510:32 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:515:1:515:22 | ExtendSingletonMethod3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:515:1:515:51 | call to extend | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:515:31:515:51 | ExtendSingletonMethod | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:517:1:517:22 | ExtendSingletonMethod3 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:517:1:517:32 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:519:1:519:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:519:1:519:13 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:519:7:519:13 | "hello" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:519:8:519:12 | hello | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:520:1:520:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:520:1:520:13 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:521:1:521:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:521:1:521:32 | call to extend | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:521:12:521:32 | ExtendSingletonMethod | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:523:1:523:3 | foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:523:1:523:13 | call to singleton | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:525:1:529:3 | ProtectedMethodInModule | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:510:1:510:22 | ExtendSingletonMethod2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:510:1:510:32 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:515:1:515:22 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:515:1:515:51 | call to extend | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:515:31:515:51 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:517:1:517:22 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:517:1:517:32 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:519:1:519:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:519:1:519:13 | ... = ... | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:519:7:519:13 | "hello" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:519:8:519:12 | hello | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:520:1:520:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:520:1:520:13 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:521:1:521:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:521:1:521:32 | call to extend | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:521:12:521:32 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:523:1:523:3 | foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:523:1:523:13 | call to singleton | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:525:1:529:3 | ProtectedMethodInModule | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:526:5:528:7 | call to protected | calls.rb:525:1:529:3 | ProtectedMethodInModule |
 | calls.rb:526:5:528:7 | self | calls.rb:525:1:529:3 | ProtectedMethodInModule |
 | calls.rb:526:15:528:7 | foo | calls.rb:525:1:529:3 | ProtectedMethodInModule |
@@ -1364,7 +1384,7 @@ enclosingModule
 | calls.rb:527:9:527:42 | self | calls.rb:525:1:529:3 | ProtectedMethodInModule |
 | calls.rb:527:14:527:42 | "ProtectedMethodInModule#foo" | calls.rb:525:1:529:3 | ProtectedMethodInModule |
 | calls.rb:527:15:527:41 | ProtectedMethodInModule#foo | calls.rb:525:1:529:3 | ProtectedMethodInModule |
-| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:532:5:532:35 | call to include | calls.rb:531:1:544:3 | ProtectedMethods |
 | calls.rb:532:5:532:35 | self | calls.rb:531:1:544:3 | ProtectedMethods |
 | calls.rb:532:13:532:35 | ProtectedMethodInModule | calls.rb:531:1:544:3 | ProtectedMethods |
@@ -1386,63 +1406,63 @@ enclosingModule
 | calls.rb:542:9:542:24 | ProtectedMethods | calls.rb:531:1:544:3 | ProtectedMethods |
 | calls.rb:542:9:542:28 | call to new | calls.rb:531:1:544:3 | ProtectedMethods |
 | calls.rb:542:9:542:32 | call to bar | calls.rb:531:1:544:3 | ProtectedMethods |
-| calls.rb:546:1:546:16 | ProtectedMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:546:1:546:20 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:546:1:546:24 | call to foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:547:1:547:16 | ProtectedMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:547:1:547:20 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:547:1:547:24 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:548:1:548:16 | ProtectedMethods | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:548:1:548:20 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:548:1:548:24 | call to baz | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:550:1:555:3 | ProtectedMethodsSub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:550:29:550:44 | ProtectedMethods | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:546:1:546:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:546:1:546:20 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:546:1:546:24 | call to foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:547:1:547:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:547:1:547:20 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:547:1:547:24 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:548:1:548:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:548:1:548:20 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:548:1:548:24 | call to baz | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:550:1:555:3 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:550:29:550:44 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:551:5:554:7 | baz | calls.rb:550:1:555:3 | ProtectedMethodsSub |
 | calls.rb:552:9:552:11 | call to foo | calls.rb:550:1:555:3 | ProtectedMethodsSub |
 | calls.rb:552:9:552:11 | self | calls.rb:550:1:555:3 | ProtectedMethodsSub |
 | calls.rb:553:9:553:27 | ProtectedMethodsSub | calls.rb:550:1:555:3 | ProtectedMethodsSub |
 | calls.rb:553:9:553:31 | call to new | calls.rb:550:1:555:3 | ProtectedMethodsSub |
 | calls.rb:553:9:553:35 | call to foo | calls.rb:550:1:555:3 | ProtectedMethodsSub |
-| calls.rb:557:1:557:19 | ProtectedMethodsSub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:557:1:557:23 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:557:1:557:27 | call to foo | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:558:1:558:19 | ProtectedMethodsSub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:558:1:558:23 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:558:1:558:27 | call to bar | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:559:1:559:19 | ProtectedMethodsSub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:559:1:559:23 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:559:1:559:27 | call to baz | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:1:561:7 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:1:561:7 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:1:561:7 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:1:561:26 | call to each | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:2:561:2 | C | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:2:561:6 | call to new | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:14:561:26 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:17:561:17 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:17:561:17 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:20:561:20 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:561:20:561:24 | call to baz | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:1:562:13 | Array | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:1:562:13 | [...] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:1:562:13 | call to [] | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:1:562:39 | call to each | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:2:562:4 | "a" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:3:562:3 | a | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:6:562:8 | "b" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:7:562:7 | b | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:10:562:12 | "c" | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:11:562:11 | c | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:20:562:39 | { ... } | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:23:562:23 | s | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:23:562:23 | s | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:26:562:26 | s | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:562:26:562:37 | call to capitalize | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:564:1:567:3 | SingletonUpCall_Base | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:557:1:557:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:557:1:557:23 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:557:1:557:27 | call to foo | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:558:1:558:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:558:1:558:23 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:558:1:558:27 | call to bar | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:559:1:559:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:559:1:559:23 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:559:1:559:27 | call to baz | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:1:561:7 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:1:561:7 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:1:561:7 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:1:561:26 | call to each | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:2:561:2 | C | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:2:561:6 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:14:561:26 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:17:561:17 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:17:561:17 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:20:561:20 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:561:20:561:24 | call to baz | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:1:562:13 | Array | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:1:562:13 | [...] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:1:562:13 | call to [] | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:1:562:39 | call to each | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:2:562:4 | "a" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:3:562:3 | a | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:6:562:8 | "b" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:7:562:7 | b | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:10:562:12 | "c" | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:11:562:11 | c | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:20:562:39 | { ... } | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:23:562:23 | s | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:23:562:23 | s | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:26:562:26 | s | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:562:26:562:37 | call to capitalize | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:564:1:567:3 | SingletonUpCall_Base | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:565:5:566:7 | singleton | calls.rb:564:1:567:3 | SingletonUpCall_Base |
 | calls.rb:565:9:565:12 | self | calls.rb:564:1:567:3 | SingletonUpCall_Base |
-| calls.rb:568:1:575:3 | SingletonUpCall_Sub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:568:29:568:48 | SingletonUpCall_Base | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:568:1:575:3 | SingletonUpCall_Sub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:568:29:568:48 | SingletonUpCall_Base | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:569:5:569:13 | call to singleton | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
 | calls.rb:569:5:569:13 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
 | calls.rb:570:5:570:14 | call to singleton2 | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
@@ -1453,13 +1473,13 @@ enclosingModule
 | calls.rb:572:9:572:17 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
 | calls.rb:573:9:573:18 | call to singleton2 | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
 | calls.rb:573:9:573:18 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub |
-| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:576:32:576:50 | SingletonUpCall_Sub | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:576:32:576:50 | SingletonUpCall_Sub | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:577:5:578:7 | singleton2 | calls.rb:576:1:581:3 | SingletonUpCall_SubSub |
 | calls.rb:577:9:577:12 | self | calls.rb:576:1:581:3 | SingletonUpCall_SubSub |
 | calls.rb:580:5:580:14 | call to mid_method | calls.rb:576:1:581:3 | SingletonUpCall_SubSub |
 | calls.rb:580:5:580:14 | self | calls.rb:576:1:581:3 | SingletonUpCall_SubSub |
-| calls.rb:583:1:594:3 | SingletonA | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:583:1:594:3 | SingletonA | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:584:5:585:7 | singleton1 | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:584:9:584:12 | self | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:587:5:589:7 | call_singleton1 | calls.rb:583:1:594:3 | SingletonA |
@@ -1470,28 +1490,60 @@ enclosingModule
 | calls.rb:591:9:591:12 | self | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:583:1:594:3 | SingletonA |
 | calls.rb:592:9:592:23 | self | calls.rb:583:1:594:3 | SingletonA |
-| calls.rb:596:1:603:3 | SingletonB | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:596:20:596:29 | SingletonA | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:596:1:603:3 | SingletonB | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:596:20:596:29 | SingletonA | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:597:5:598:7 | singleton1 | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:597:9:597:12 | self | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:600:5:602:7 | call_singleton1 | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:600:9:600:12 | self | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:601:9:601:18 | call to singleton1 | calls.rb:596:1:603:3 | SingletonB |
 | calls.rb:601:9:601:18 | self | calls.rb:596:1:603:3 | SingletonB |
-| calls.rb:605:1:612:3 | SingletonC | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:605:20:605:29 | SingletonA | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:605:1:612:3 | SingletonC | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:605:20:605:29 | SingletonA | calls.rb:1:1:651:24 | calls.rb |
 | calls.rb:606:5:607:7 | singleton1 | calls.rb:605:1:612:3 | SingletonC |
 | calls.rb:606:9:606:12 | self | calls.rb:605:1:612:3 | SingletonC |
 | calls.rb:609:5:611:7 | call_singleton1 | calls.rb:605:1:612:3 | SingletonC |
 | calls.rb:609:9:609:12 | self | calls.rb:605:1:612:3 | SingletonC |
 | calls.rb:610:9:610:18 | call to singleton1 | calls.rb:605:1:612:3 | SingletonC |
 | calls.rb:610:9:610:18 | self | calls.rb:605:1:612:3 | SingletonC |
-| calls.rb:614:1:614:10 | SingletonA | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:615:1:615:10 | SingletonB | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:616:1:616:10 | SingletonC | calls.rb:1:1:616:32 | calls.rb |
-| calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:1:1:616:32 | calls.rb |
+| calls.rb:614:1:614:10 | SingletonA | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:615:1:615:10 | SingletonB | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:616:1:616:10 | SingletonC | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:618:1:624:3 | Included | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:619:5:621:7 | foo | calls.rb:618:1:624:3 | Included |
+| calls.rb:620:9:620:12 | self | calls.rb:618:1:624:3 | Included |
+| calls.rb:620:9:620:16 | call to bar | calls.rb:618:1:624:3 | Included |
+| calls.rb:622:5:623:7 | bar | calls.rb:618:1:624:3 | Included |
+| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:627:5:627:20 | call to include | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:627:5:627:20 | self | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:627:13:627:20 | Included | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:628:5:630:7 | bar | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:629:9:629:13 | call to super | calls.rb:626:1:631:3 | IncludesIncluded |
+| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:634:5:636:7 | new | calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:634:9:634:12 | self | calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:635:9:635:10 | C1 | calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:635:9:635:14 | call to new | calls.rb:633:1:637:3 | CustomNew1 |
+| calls.rb:639:1:639:10 | CustomNew1 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:639:1:639:14 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:639:1:639:23 | call to instance | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:642:5:644:7 | new | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:642:9:642:12 | self | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:643:9:643:12 | self | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:643:9:643:21 | call to allocate | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:646:5:648:7 | instance | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:647:9:647:34 | call to puts | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:647:9:647:34 | self | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:647:14:647:34 | "CustomNew2#instance" | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:647:15:647:33 | CustomNew2#instance | calls.rb:641:1:649:3 | CustomNew2 |
+| calls.rb:651:1:651:10 | CustomNew2 | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:651:1:651:14 | call to new | calls.rb:1:1:651:24 | calls.rb |
+| calls.rb:651:1:651:23 | call to instance | calls.rb:1:1:651:24 | calls.rb |
 | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:22:3 | hello.rb |
 | hello.rb:2:5:4:7 | hello | hello.rb:1:1:8:3 | EnglishWords |
 | hello.rb:3:9:3:22 | return | hello.rb:1:1:8:3 | EnglishWords |
diff --git a/ruby/ql/test/library-tests/modules/superclasses.expected b/ruby/ql/test/library-tests/modules/superclasses.expected
index 24907e7d81b..14121b1da31 100644
--- a/ruby/ql/test/library-tests/modules/superclasses.expected
+++ b/ruby/ql/test/library-tests/modules/superclasses.expected
@@ -131,6 +131,17 @@ calls.rb:
 #  605| SingletonC
 #-----|  -> SingletonA
 
+#  618| Included
+
+#  626| IncludesIncluded
+#-----|  -> Object
+
+#  633| CustomNew1
+#-----|  -> Object
+
+#  641| CustomNew2
+#-----|  -> Object
+
 hello.rb:
 #    1| EnglishWords
 
diff --git a/ruby/ql/test/library-tests/variables/parameter.expected b/ruby/ql/test/library-tests/variables/parameter.expected
index 292ae665964..6e6c8426f86 100644
--- a/ruby/ql/test/library-tests/variables/parameter.expected
+++ b/ruby/ql/test/library-tests/variables/parameter.expected
@@ -38,6 +38,10 @@ parameterVariable
 | ssa.rb:53:8:53:10 | foo | ssa.rb:53:8:53:10 | foo |
 | ssa.rb:64:8:64:8 | a | ssa.rb:64:8:64:8 | a |
 | ssa.rb:66:15:66:15 | a | ssa.rb:66:15:66:15 | a |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 |
 parameterNoVariable
 | parameters.rb:45:22:45:22 | _ |
 parameterVariableNoAccess
diff --git a/ruby/ql/test/library-tests/variables/ssa.expected b/ruby/ql/test/library-tests/variables/ssa.expected
index e1df08d4285..20133a71857 100644
--- a/ruby/ql/test/library-tests/variables/ssa.expected
+++ b/ruby/ql/test/library-tests/variables/ssa.expected
@@ -164,6 +164,12 @@ definition
 | ssa.rb:83:7:87:5 | <captured> self | ssa.rb:81:1:88:3 | self |
 | ssa.rb:84:10:86:8 | <captured> captured | ssa.rb:82:3:82:10 | captured |
 | ssa.rb:84:10:86:8 | <captured> self | ssa.rb:81:1:88:3 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x |
 read
 | class_variables.rb:1:1:29:4 | self (class_variables.rb) | class_variables.rb:1:1:29:4 | self | class_variables.rb:3:1:3:5 | self |
 | class_variables.rb:5:1:7:3 | self (print) | class_variables.rb:5:1:7:3 | self | class_variables.rb:6:2:6:6 | self |
@@ -347,6 +353,18 @@ read
 | ssa.rb:83:7:87:5 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:84:6:86:8 | self |
 | ssa.rb:84:10:86:8 | <captured> captured | ssa.rb:82:3:82:10 | captured | ssa.rb:85:15:85:22 | captured |
 | ssa.rb:84:10:86:8 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:85:10:85:22 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:93:5:93:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:95:5:95:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 | ssa.rb:92:7:92:8 | b1 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 | ssa.rb:94:10:94:11 | b2 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 | ssa.rb:98:7:98:8 | b3 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 | ssa.rb:100:10:100:11 | b4 |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:93:10:93:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:95:10:95:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:101:10:101:10 | x |
 firstRead
 | class_variables.rb:1:1:29:4 | self (class_variables.rb) | class_variables.rb:1:1:29:4 | self | class_variables.rb:3:1:3:5 | self |
 | class_variables.rb:5:1:7:3 | self (print) | class_variables.rb:5:1:7:3 | self | class_variables.rb:6:2:6:6 | self |
@@ -485,6 +503,18 @@ firstRead
 | ssa.rb:83:7:87:5 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:84:6:86:8 | self |
 | ssa.rb:84:10:86:8 | <captured> captured | ssa.rb:82:3:82:10 | captured | ssa.rb:85:15:85:22 | captured |
 | ssa.rb:84:10:86:8 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:85:10:85:22 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:93:5:93:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:95:5:95:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 | ssa.rb:92:7:92:8 | b1 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 | ssa.rb:94:10:94:11 | b2 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 | ssa.rb:98:7:98:8 | b3 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 | ssa.rb:100:10:100:11 | b4 |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:93:10:93:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:95:10:95:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:101:10:101:10 | x |
 lastRead
 | class_variables.rb:1:1:29:4 | self (class_variables.rb) | class_variables.rb:1:1:29:4 | self | class_variables.rb:3:1:3:5 | self |
 | class_variables.rb:5:1:7:3 | self (print) | class_variables.rb:5:1:7:3 | self | class_variables.rb:6:2:6:6 | self |
@@ -624,6 +654,18 @@ lastRead
 | ssa.rb:83:7:87:5 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:84:6:86:8 | self |
 | ssa.rb:84:10:86:8 | <captured> captured | ssa.rb:82:3:82:10 | captured | ssa.rb:85:15:85:22 | captured |
 | ssa.rb:84:10:86:8 | <captured> self | ssa.rb:81:1:88:3 | self | ssa.rb:85:10:85:22 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:93:5:93:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:95:5:95:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 | ssa.rb:92:7:92:8 | b1 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 | ssa.rb:94:10:94:11 | b2 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 | ssa.rb:98:7:98:8 | b3 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 | ssa.rb:100:10:100:11 | b4 |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:93:10:93:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:95:10:95:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:101:10:101:10 | x |
 adjacentReads
 | class_variables.rb:26:1:29:3 | self (N) | class_variables.rb:26:1:29:3 | self | class_variables.rb:27:3:27:11 | self | class_variables.rb:28:3:28:7 | self |
 | instance_variables.rb:1:1:44:4 | self (instance_variables.rb) | instance_variables.rb:1:1:44:4 | self | instance_variables.rb:1:1:1:4 | self | instance_variables.rb:11:1:11:9 | self |
@@ -674,6 +716,14 @@ adjacentReads
 | ssa.rb:38:1:42:3 | self (m4) | ssa.rb:38:1:42:3 | self | ssa.rb:39:8:39:9 | self | ssa.rb:41:3:41:13 | self |
 | ssa.rb:66:11:70:5 | <captured> captured | ssa.rb:65:3:65:10 | captured | ssa.rb:68:10:68:17 | captured | ssa.rb:69:5:69:12 | captured |
 | ssa.rb:66:11:70:5 | <captured> self | ssa.rb:64:1:72:3 | self | ssa.rb:67:5:67:10 | self | ssa.rb:68:5:68:17 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:93:5:93:10 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:93:5:93:10 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:95:5:95:10 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:90:1:103:3 | self (m12) | ssa.rb:90:1:103:3 | self | ssa.rb:95:5:95:10 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:93:10:93:10 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:93:10:93:10 | x | ssa.rb:101:10:101:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:95:10:95:10 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:91:3:91:7 | ... = ... | ssa.rb:91:3:91:3 | x | ssa.rb:95:10:95:10 | x | ssa.rb:101:10:101:10 | x |
 phi
 | parameters.rb:37:3:37:18 | phi | parameters.rb:35:16:35:16 | b | parameters.rb:35:1:38:3 | <uninitialized> |
 | parameters.rb:37:3:37:18 | phi | parameters.rb:35:16:35:16 | b | parameters.rb:35:16:35:20 | ... = ... |
@@ -689,3 +739,30 @@ phi
 | ssa.rb:45:3:45:12 | phi | ssa.rb:45:3:45:3 | x | ssa.rb:45:3:45:7 | ... = ... |
 | ssa.rb:50:3:50:8 | phi | ssa.rb:49:14:49:14 | y | ssa.rb:49:1:51:3 | <uninitialized> |
 | ssa.rb:50:3:50:8 | phi | ssa.rb:49:14:49:14 | y | ssa.rb:49:14:49:19 | ... = ... |
+phiReadNode
+| parameters.rb:26:3:26:11 | SSA phi read(name) | parameters.rb:25:15:25:18 | name |
+| ssa.rb:5:3:13:5 | SSA phi read(self) | ssa.rb:1:1:16:3 | self |
+| ssa.rb:19:9:19:9 | SSA phi read(self) | ssa.rb:18:1:23:3 | self |
+| ssa.rb:92:3:96:5 | SSA phi read(self) | ssa.rb:90:1:103:3 | self |
+| ssa.rb:92:3:96:5 | SSA phi read(x) | ssa.rb:91:3:91:3 | x |
+| ssa.rb:94:3:95:10 | SSA phi read(self) | ssa.rb:90:1:103:3 | self |
+| ssa.rb:94:3:95:10 | SSA phi read(x) | ssa.rb:91:3:91:3 | x |
+phiReadNodeRead
+| parameters.rb:26:3:26:11 | SSA phi read(name) | parameters.rb:25:15:25:18 | name | parameters.rb:26:8:26:11 | name |
+| ssa.rb:5:3:13:5 | SSA phi read(self) | ssa.rb:1:1:16:3 | self | ssa.rb:15:3:15:8 | self |
+| ssa.rb:19:9:19:9 | SSA phi read(self) | ssa.rb:18:1:23:3 | self | ssa.rb:20:5:20:10 | self |
+| ssa.rb:92:3:96:5 | SSA phi read(self) | ssa.rb:90:1:103:3 | self | ssa.rb:99:5:99:10 | self |
+| ssa.rb:92:3:96:5 | SSA phi read(self) | ssa.rb:90:1:103:3 | self | ssa.rb:101:5:101:10 | self |
+| ssa.rb:92:3:96:5 | SSA phi read(x) | ssa.rb:91:3:91:3 | x | ssa.rb:99:10:99:10 | x |
+| ssa.rb:92:3:96:5 | SSA phi read(x) | ssa.rb:91:3:91:3 | x | ssa.rb:101:10:101:10 | x |
+phiReadInput
+| parameters.rb:26:3:26:11 | SSA phi read(name) | parameters.rb:25:15:25:18 | name |
+| ssa.rb:5:3:13:5 | SSA phi read(self) | ssa.rb:1:1:16:3 | self (m) |
+| ssa.rb:19:9:19:9 | SSA phi read(self) | ssa.rb:18:1:23:3 | self (m1) |
+| ssa.rb:19:9:19:9 | SSA phi read(self) | ssa.rb:19:9:19:9 | SSA phi read(self) |
+| ssa.rb:92:3:96:5 | SSA phi read(self) | ssa.rb:90:1:103:3 | self (m12) |
+| ssa.rb:92:3:96:5 | SSA phi read(self) | ssa.rb:94:3:95:10 | SSA phi read(self) |
+| ssa.rb:92:3:96:5 | SSA phi read(x) | ssa.rb:91:3:91:7 | ... = ... |
+| ssa.rb:92:3:96:5 | SSA phi read(x) | ssa.rb:94:3:95:10 | SSA phi read(x) |
+| ssa.rb:94:3:95:10 | SSA phi read(self) | ssa.rb:90:1:103:3 | self (m12) |
+| ssa.rb:94:3:95:10 | SSA phi read(x) | ssa.rb:91:3:91:7 | ... = ... |
diff --git a/ruby/ql/test/library-tests/variables/ssa.ql b/ruby/ql/test/library-tests/variables/ssa.ql
index 26f3d5f8c0d..b7a8378e8ff 100644
--- a/ruby/ql/test/library-tests/variables/ssa.ql
+++ b/ruby/ql/test/library-tests/variables/ssa.ql
@@ -1,6 +1,8 @@
 import codeql.ruby.AST
 import codeql.ruby.CFG
 import codeql.ruby.dataflow.SSA
+import codeql.ruby.dataflow.internal.SsaImpl
+import ExposedForTestingOnly
 
 query predicate definition(Ssa::Definition def, Variable v) { def.getSourceVariable() = v }
 
@@ -24,3 +26,17 @@ query predicate adjacentReads(Ssa::Definition def, Variable v, CfgNode read1, Cf
 query predicate phi(Ssa::PhiNode phi, Variable v, Ssa::Definition input) {
   phi.getSourceVariable() = v and input = phi.getAnInput()
 }
+
+query predicate phiReadNode(PhiReadNode phi, Variable v) { phi.getSourceVariable() = v }
+
+query predicate phiReadNodeRead(PhiReadNode phi, Variable v, CfgNode read) {
+  phi.getSourceVariable() = v and
+  exists(BasicBlock bb, int i |
+    ssaDefReachesReadExt(v, phi, bb, i) and
+    read = bb.getNode(i)
+  )
+}
+
+query predicate phiReadInput(PhiReadNode phi, DefinitionExt inp) {
+  phiHasInputFromBlockExt(phi, inp, _)
+}
diff --git a/ruby/ql/test/library-tests/variables/ssa.rb b/ruby/ql/test/library-tests/variables/ssa.rb
index bb13dd6c4c9..c8a28e39f07 100644
--- a/ruby/ql/test/library-tests/variables/ssa.rb
+++ b/ruby/ql/test/library-tests/variables/ssa.rb
@@ -85,4 +85,19 @@ def m11
          puts captured
      end
   end
+end
+
+def m12(b1, b2, b3, b4)
+  x = 0
+  if (b1) then
+    puts x
+  elsif (b2) then
+    puts x
+  end
+  # phi read for x
+  if (b3) then
+    puts x
+  elsif (b4) then
+    puts x
+  end
 end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/variables/varaccess.expected b/ruby/ql/test/library-tests/variables/varaccess.expected
index 59a5ee362f6..4443373e8c2 100644
--- a/ruby/ql/test/library-tests/variables/varaccess.expected
+++ b/ruby/ql/test/library-tests/variables/varaccess.expected
@@ -279,6 +279,23 @@ variableAccess
 | ssa.rb:84:6:86:8 | self | ssa.rb:81:1:88:3 | self | ssa.rb:81:1:88:3 | m11 |
 | ssa.rb:85:10:85:22 | self | ssa.rb:81:1:88:3 | self | ssa.rb:81:1:88:3 | m11 |
 | ssa.rb:85:15:85:22 | captured | ssa.rb:82:3:82:10 | captured | ssa.rb:81:1:88:3 | m11 |
+| ssa.rb:90:9:90:10 | b1 | ssa.rb:90:9:90:10 | b1 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:90:13:90:14 | b2 | ssa.rb:90:13:90:14 | b2 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:90:17:90:18 | b3 | ssa.rb:90:17:90:18 | b3 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:90:21:90:22 | b4 | ssa.rb:90:21:90:22 | b4 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:91:3:91:3 | x | ssa.rb:91:3:91:3 | x | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:92:7:92:8 | b1 | ssa.rb:90:9:90:10 | b1 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:93:5:93:10 | self | ssa.rb:90:1:103:3 | self | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:93:10:93:10 | x | ssa.rb:91:3:91:3 | x | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:94:10:94:11 | b2 | ssa.rb:90:13:90:14 | b2 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:95:5:95:10 | self | ssa.rb:90:1:103:3 | self | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:95:10:95:10 | x | ssa.rb:91:3:91:3 | x | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:98:7:98:8 | b3 | ssa.rb:90:17:90:18 | b3 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:99:5:99:10 | self | ssa.rb:90:1:103:3 | self | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:99:10:99:10 | x | ssa.rb:91:3:91:3 | x | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:100:10:100:11 | b4 | ssa.rb:90:21:90:22 | b4 | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:101:5:101:10 | self | ssa.rb:90:1:103:3 | self | ssa.rb:90:1:103:3 | m12 |
+| ssa.rb:101:10:101:10 | x | ssa.rb:91:3:91:3 | x | ssa.rb:90:1:103:3 | m12 |
 explicitWrite
 | class_variables.rb:1:1:1:3 | @@x | class_variables.rb:1:1:1:8 | ... = ... |
 | class_variables.rb:19:3:19:5 | @@x | class_variables.rb:19:3:19:10 | ... = ... |
@@ -349,6 +366,7 @@ explicitWrite
 | ssa.rb:69:5:69:12 | captured | ssa.rb:69:5:69:17 | ... = ... |
 | ssa.rb:75:3:75:10 | captured | ssa.rb:75:3:75:14 | ... = ... |
 | ssa.rb:82:3:82:10 | captured | ssa.rb:82:3:82:14 | ... = ... |
+| ssa.rb:91:3:91:3 | x | ssa.rb:91:3:91:7 | ... = ... |
 implicitWrite
 | nested_scopes.rb:15:23:15:23 | a |
 | nested_scopes.rb:16:26:16:26 | x |
@@ -390,6 +408,10 @@ implicitWrite
 | ssa.rb:53:8:53:10 | foo |
 | ssa.rb:64:8:64:8 | a |
 | ssa.rb:66:15:66:15 | a |
+| ssa.rb:90:9:90:10 | b1 |
+| ssa.rb:90:13:90:14 | b2 |
+| ssa.rb:90:17:90:18 | b3 |
+| ssa.rb:90:21:90:22 | b4 |
 readAccess
 | class_variables.rb:3:1:3:5 | self |
 | class_variables.rb:3:3:3:5 | @@x |
@@ -582,3 +604,15 @@ readAccess
 | ssa.rb:84:6:86:8 | self |
 | ssa.rb:85:10:85:22 | self |
 | ssa.rb:85:15:85:22 | captured |
+| ssa.rb:92:7:92:8 | b1 |
+| ssa.rb:93:5:93:10 | self |
+| ssa.rb:93:10:93:10 | x |
+| ssa.rb:94:10:94:11 | b2 |
+| ssa.rb:95:5:95:10 | self |
+| ssa.rb:95:10:95:10 | x |
+| ssa.rb:98:7:98:8 | b3 |
+| ssa.rb:99:5:99:10 | self |
+| ssa.rb:99:10:99:10 | x |
+| ssa.rb:100:10:100:11 | b4 |
+| ssa.rb:101:5:101:10 | self |
+| ssa.rb:101:10:101:10 | x |
diff --git a/ruby/ql/test/library-tests/variables/variable.expected b/ruby/ql/test/library-tests/variables/variable.expected
index 541ed394653..ccab8a3cdf4 100644
--- a/ruby/ql/test/library-tests/variables/variable.expected
+++ b/ruby/ql/test/library-tests/variables/variable.expected
@@ -120,7 +120,7 @@
 | scopes.rb:43:2:43:4 | foo |
 | scopes.rb:46:5:46:8 | var2 |
 | ssa.rb:1:1:16:3 | self |
-| ssa.rb:1:1:88:3 | self |
+| ssa.rb:1:1:103:3 | self |
 | ssa.rb:1:7:1:7 | b |
 | ssa.rb:2:3:2:3 | i |
 | ssa.rb:18:1:23:3 | self |
@@ -152,3 +152,9 @@
 | ssa.rb:75:3:75:10 | captured |
 | ssa.rb:81:1:88:3 | self |
 | ssa.rb:82:3:82:10 | captured |
+| ssa.rb:90:1:103:3 | self |
+| ssa.rb:90:9:90:10 | b1 |
+| ssa.rb:90:13:90:14 | b2 |
+| ssa.rb:90:17:90:18 | b3 |
+| ssa.rb:90:21:90:22 | b4 |
+| ssa.rb:91:3:91:3 | x |
diff --git a/ruby/ql/test/library-tests/variables/varscopes.expected b/ruby/ql/test/library-tests/variables/varscopes.expected
index 1859ab01550..6b64ca6f97d 100644
--- a/ruby/ql/test/library-tests/variables/varscopes.expected
+++ b/ruby/ql/test/library-tests/variables/varscopes.expected
@@ -57,7 +57,7 @@
 | scopes.rb:37:1:39:3 | foo |
 | scopes.rb:41:1:49:3 | M |
 | ssa.rb:1:1:16:3 | m |
-| ssa.rb:1:1:88:3 | ssa.rb |
+| ssa.rb:1:1:103:3 | ssa.rb |
 | ssa.rb:18:1:23:3 | m1 |
 | ssa.rb:25:1:30:3 | m2 |
 | ssa.rb:26:3:28:5 | { ... } |
@@ -75,3 +75,4 @@
 | ssa.rb:81:1:88:3 | m11 |
 | ssa.rb:83:7:87:5 | do ... end |
 | ssa.rb:84:10:86:8 | do ... end |
+| ssa.rb:90:1:103:3 | m12 |
diff --git a/ruby/ql/test/query-tests/analysis/Definitions.expected b/ruby/ql/test/query-tests/analysis/Definitions.expected
index 47f0b049d08..bd04d6207af 100644
--- a/ruby/ql/test/query-tests/analysis/Definitions.expected
+++ b/ruby/ql/test/query-tests/analysis/Definitions.expected
@@ -12,3 +12,4 @@
 | Definitions.rb:41:7:41:9 | @@b | Definitions.rb:27:5:27:7 | @@b | class variable |
 | Definitions.rb:46:1:46:1 | C | Definitions.rb:19:1:44:3 | C | constant |
 | Definitions.rb:46:1:46:4 | D | Definitions.rb:26:3:43:5 | D | constant |
+| Definitions.rb:46:1:46:8 | call to new | Definitions.rb:29:5:33:7 | initialize | method |
diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
index 1d00f293dfd..dda603763e2 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
+++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
@@ -10,13 +10,15 @@ edges
 | CommandInjection.rb:6:15:6:26 | ...[...] :  | CommandInjection.rb:34:39:34:51 | "grep #{...}" |
 | CommandInjection.rb:46:15:46:20 | call to params :  | CommandInjection.rb:46:15:46:26 | ...[...] :  |
 | CommandInjection.rb:46:15:46:26 | ...[...] :  | CommandInjection.rb:50:24:50:36 | "echo #{...}" |
-| CommandInjection.rb:64:18:64:23 | number :  | CommandInjection.rb:65:14:65:29 | "echo #{...}" |
-| CommandInjection.rb:72:23:72:33 | blah_number :  | CommandInjection.rb:73:14:73:34 | "echo #{...}" |
-| CommandInjection.rb:81:20:81:25 | **args :  | CommandInjection.rb:82:22:82:25 | args :  |
-| CommandInjection.rb:82:22:82:25 | args :  | CommandInjection.rb:82:22:82:37 | ...[...] :  |
-| CommandInjection.rb:82:22:82:37 | ...[...] :  | CommandInjection.rb:82:14:82:39 | "echo #{...}" |
-| CommandInjection.rb:94:16:94:21 | call to params :  | CommandInjection.rb:94:16:94:28 | ...[...] :  |
-| CommandInjection.rb:94:16:94:28 | ...[...] :  | CommandInjection.rb:95:16:95:28 | "cat #{...}" |
+| CommandInjection.rb:54:13:54:18 | call to params :  | CommandInjection.rb:54:13:54:24 | ...[...] :  |
+| CommandInjection.rb:54:13:54:24 | ...[...] :  | CommandInjection.rb:59:14:59:16 | cmd |
+| CommandInjection.rb:73:18:73:23 | number :  | CommandInjection.rb:74:14:74:29 | "echo #{...}" |
+| CommandInjection.rb:81:23:81:33 | blah_number :  | CommandInjection.rb:82:14:82:34 | "echo #{...}" |
+| CommandInjection.rb:90:20:90:25 | **args :  | CommandInjection.rb:91:22:91:25 | args :  |
+| CommandInjection.rb:91:22:91:25 | args :  | CommandInjection.rb:91:22:91:37 | ...[...] :  |
+| CommandInjection.rb:91:22:91:37 | ...[...] :  | CommandInjection.rb:91:14:91:39 | "echo #{...}" |
+| CommandInjection.rb:103:16:103:21 | call to params :  | CommandInjection.rb:103:16:103:28 | ...[...] :  |
+| CommandInjection.rb:103:16:103:28 | ...[...] :  | CommandInjection.rb:104:16:104:28 | "cat #{...}" |
 nodes
 | CommandInjection.rb:6:15:6:20 | call to params :  | semmle.label | call to params :  |
 | CommandInjection.rb:6:15:6:26 | ...[...] :  | semmle.label | ...[...] :  |
@@ -31,17 +33,20 @@ nodes
 | CommandInjection.rb:46:15:46:20 | call to params :  | semmle.label | call to params :  |
 | CommandInjection.rb:46:15:46:26 | ...[...] :  | semmle.label | ...[...] :  |
 | CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" |
-| CommandInjection.rb:64:18:64:23 | number :  | semmle.label | number :  |
-| CommandInjection.rb:65:14:65:29 | "echo #{...}" | semmle.label | "echo #{...}" |
-| CommandInjection.rb:72:23:72:33 | blah_number :  | semmle.label | blah_number :  |
-| CommandInjection.rb:73:14:73:34 | "echo #{...}" | semmle.label | "echo #{...}" |
-| CommandInjection.rb:81:20:81:25 | **args :  | semmle.label | **args :  |
-| CommandInjection.rb:82:14:82:39 | "echo #{...}" | semmle.label | "echo #{...}" |
-| CommandInjection.rb:82:22:82:25 | args :  | semmle.label | args :  |
-| CommandInjection.rb:82:22:82:37 | ...[...] :  | semmle.label | ...[...] :  |
-| CommandInjection.rb:94:16:94:21 | call to params :  | semmle.label | call to params :  |
-| CommandInjection.rb:94:16:94:28 | ...[...] :  | semmle.label | ...[...] :  |
-| CommandInjection.rb:95:16:95:28 | "cat #{...}" | semmle.label | "cat #{...}" |
+| CommandInjection.rb:54:13:54:18 | call to params :  | semmle.label | call to params :  |
+| CommandInjection.rb:54:13:54:24 | ...[...] :  | semmle.label | ...[...] :  |
+| CommandInjection.rb:59:14:59:16 | cmd | semmle.label | cmd |
+| CommandInjection.rb:73:18:73:23 | number :  | semmle.label | number :  |
+| CommandInjection.rb:74:14:74:29 | "echo #{...}" | semmle.label | "echo #{...}" |
+| CommandInjection.rb:81:23:81:33 | blah_number :  | semmle.label | blah_number :  |
+| CommandInjection.rb:82:14:82:34 | "echo #{...}" | semmle.label | "echo #{...}" |
+| CommandInjection.rb:90:20:90:25 | **args :  | semmle.label | **args :  |
+| CommandInjection.rb:91:14:91:39 | "echo #{...}" | semmle.label | "echo #{...}" |
+| CommandInjection.rb:91:22:91:25 | args :  | semmle.label | args :  |
+| CommandInjection.rb:91:22:91:37 | ...[...] :  | semmle.label | ...[...] :  |
+| CommandInjection.rb:103:16:103:21 | call to params :  | semmle.label | call to params :  |
+| CommandInjection.rb:103:16:103:28 | ...[...] :  | semmle.label | ...[...] :  |
+| CommandInjection.rb:104:16:104:28 | "cat #{...}" | semmle.label | "cat #{...}" |
 subpaths
 #select
 | CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params :  | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
@@ -53,7 +58,8 @@ subpaths
 | CommandInjection.rb:33:24:33:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params :  | CommandInjection.rb:33:24:33:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
 | CommandInjection.rb:34:39:34:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params :  | CommandInjection.rb:34:39:34:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
 | CommandInjection.rb:50:24:50:36 | "echo #{...}" | CommandInjection.rb:46:15:46:20 | call to params :  | CommandInjection.rb:50:24:50:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:46:15:46:20 | call to params | user-provided value |
-| CommandInjection.rb:65:14:65:29 | "echo #{...}" | CommandInjection.rb:64:18:64:23 | number :  | CommandInjection.rb:65:14:65:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:64:18:64:23 | number | user-provided value |
-| CommandInjection.rb:73:14:73:34 | "echo #{...}" | CommandInjection.rb:72:23:72:33 | blah_number :  | CommandInjection.rb:73:14:73:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:72:23:72:33 | blah_number | user-provided value |
-| CommandInjection.rb:82:14:82:39 | "echo #{...}" | CommandInjection.rb:81:20:81:25 | **args :  | CommandInjection.rb:82:14:82:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:20:81:25 | **args | user-provided value |
-| CommandInjection.rb:95:16:95:28 | "cat #{...}" | CommandInjection.rb:94:16:94:21 | call to params :  | CommandInjection.rb:95:16:95:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:94:16:94:21 | call to params | user-provided value |
+| CommandInjection.rb:59:14:59:16 | cmd | CommandInjection.rb:54:13:54:18 | call to params :  | CommandInjection.rb:59:14:59:16 | cmd | This command depends on a $@. | CommandInjection.rb:54:13:54:18 | call to params | user-provided value |
+| CommandInjection.rb:74:14:74:29 | "echo #{...}" | CommandInjection.rb:73:18:73:23 | number :  | CommandInjection.rb:74:14:74:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:73:18:73:23 | number | user-provided value |
+| CommandInjection.rb:82:14:82:34 | "echo #{...}" | CommandInjection.rb:81:23:81:33 | blah_number :  | CommandInjection.rb:82:14:82:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:23:81:33 | blah_number | user-provided value |
+| CommandInjection.rb:91:14:91:39 | "echo #{...}" | CommandInjection.rb:90:20:90:25 | **args :  | CommandInjection.rb:91:14:91:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:90:20:90:25 | **args | user-provided value |
+| CommandInjection.rb:104:16:104:28 | "cat #{...}" | CommandInjection.rb:103:16:103:21 | call to params :  | CommandInjection.rb:104:16:104:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:103:16:103:21 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb
index 75219e2131c..4be9c95924a 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb
+++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb
@@ -49,6 +49,15 @@ EOF
         end
         Open3.capture2("echo #{cmd}")
     end
+
+    def update
+      cmd = params[:key]
+      case cmd
+      when "foo"
+        system(cmd)
+      end
+      system(cmd)
+    end
 end
 
 module Types
diff --git a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected
index 140dbca5371..1a7088fcbe8 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected
+++ b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.expected
@@ -2,12 +2,38 @@ edges
 | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:3:12:3:24 | ...[...] :  |
 | KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:4:10:4:13 | file |
 | KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:5:13:5:16 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:6:14:6:17 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:7:16:7:19 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:8:17:8:20 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:9:16:9:19 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:10:18:10:21 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:11:14:11:17 | file |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:13:23:13:26 | file :  |
+| KernelOpen.rb:3:12:3:24 | ...[...] :  | KernelOpen.rb:26:10:26:13 | file |
+| KernelOpen.rb:13:23:13:26 | file :  | KernelOpen.rb:13:13:13:31 | call to join |
 nodes
 | KernelOpen.rb:3:12:3:17 | call to params :  | semmle.label | call to params :  |
 | KernelOpen.rb:3:12:3:24 | ...[...] :  | semmle.label | ...[...] :  |
 | KernelOpen.rb:4:10:4:13 | file | semmle.label | file |
 | KernelOpen.rb:5:13:5:16 | file | semmle.label | file |
+| KernelOpen.rb:6:14:6:17 | file | semmle.label | file |
+| KernelOpen.rb:7:16:7:19 | file | semmle.label | file |
+| KernelOpen.rb:8:17:8:20 | file | semmle.label | file |
+| KernelOpen.rb:9:16:9:19 | file | semmle.label | file |
+| KernelOpen.rb:10:18:10:21 | file | semmle.label | file |
+| KernelOpen.rb:11:14:11:17 | file | semmle.label | file |
+| KernelOpen.rb:13:13:13:31 | call to join | semmle.label | call to join |
+| KernelOpen.rb:13:23:13:26 | file :  | semmle.label | file :  |
+| KernelOpen.rb:26:10:26:13 | file | semmle.label | file |
 subpaths
 #select
 | KernelOpen.rb:4:10:4:13 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:4:10:4:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
 | KernelOpen.rb:5:13:5:16 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:5:13:5:16 | file | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:6:14:6:17 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:6:14:6:17 | file | This call to IO.write depends on a $@. Consider replacing it with File.write. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:7:16:7:19 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:7:16:7:19 | file | This call to IO.binread depends on a $@. Consider replacing it with File.binread. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:8:17:8:20 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:8:17:8:20 | file | This call to IO.binwrite depends on a $@. Consider replacing it with File.binwrite. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:9:16:9:19 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:9:16:9:19 | file | This call to IO.foreach depends on a $@. Consider replacing it with File.foreach. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:10:18:10:21 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:10:18:10:21 | file | This call to IO.readlines depends on a $@. Consider replacing it with File.readlines. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:11:14:11:17 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:11:14:11:17 | file | This call to URI.open depends on a $@. Consider replacing it with URI(<uri>).open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:13:13:13:31 | call to join | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:13:13:13:31 | call to join | This call to IO.read depends on a $@. Consider replacing it with File.read. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
+| KernelOpen.rb:26:10:26:13 | file | KernelOpen.rb:3:12:3:17 | call to params :  | KernelOpen.rb:26:10:26:13 | file | This call to Kernel.open depends on a $@. Consider replacing it with File.open. | KernelOpen.rb:3:12:3:17 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.rb b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.rb
index 2c6e303f398..412e2c50ead 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.rb
+++ b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen/KernelOpen.rb
@@ -3,6 +3,15 @@ class UsersController < ActionController::Base
     file = params[:file]
     open(file) # BAD
     IO.read(file) # BAD
+    IO.write(file) # BAD
+    IO.binread(file) # BAD
+    IO.binwrite(file) # BAD
+    IO.foreach(file) # BAD
+    IO.readlines(file) # BAD
+    URI.open(file) # BAD
+
+    IO.read(File.join(file, "")) # BAD - file as first argument to File.join 
+    IO.read(File.join("", file)) # GOOD - file path is sanitised by guard
 
     File.open(file).read # GOOD
 
@@ -13,5 +22,7 @@ class UsersController < ActionController::Base
     if %w(some/const/1.txt some/const/2.txt).include? file
       IO.read(file) # GOOD - file path is sanitised by guard
     end
+
+    open(file) # BAD - sanity check to verify that file was not mistakenly marked as sanitized
   end
 end
diff --git a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected
index 920592aae3e..dc299353e42 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected
+++ b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.expected
@@ -1,4 +1,11 @@
 | NonConstantKernelOpen.rb:4:5:4:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
 | NonConstantKernelOpen.rb:5:5:5:17 | call to read | Call to IO.read with a non-constant value. Consider replacing it with File.read. |
-| NonConstantKernelOpen.rb:9:5:9:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
-| NonConstantKernelOpen.rb:19:5:19:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
+| NonConstantKernelOpen.rb:6:5:6:18 | call to write | Call to IO.write with a non-constant value. Consider replacing it with File.write. |
+| NonConstantKernelOpen.rb:7:5:7:20 | call to binread | Call to IO.binread with a non-constant value. Consider replacing it with File.binread. |
+| NonConstantKernelOpen.rb:8:5:8:21 | call to binwrite | Call to IO.binwrite with a non-constant value. Consider replacing it with File.binwrite. |
+| NonConstantKernelOpen.rb:9:5:9:20 | call to foreach | Call to IO.foreach with a non-constant value. Consider replacing it with File.foreach. |
+| NonConstantKernelOpen.rb:10:5:10:22 | call to readlines | Call to IO.readlines with a non-constant value. Consider replacing it with File.readlines. |
+| NonConstantKernelOpen.rb:11:5:11:18 | call to open | Call to URI.open with a non-constant value. Consider replacing it with URI(<uri>).open. |
+| NonConstantKernelOpen.rb:15:5:15:21 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
+| NonConstantKernelOpen.rb:25:5:25:33 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
+| NonConstantKernelOpen.rb:33:5:33:14 | call to open | Call to Kernel.open with a non-constant value. Consider replacing it with File.open. |
diff --git a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb
index b22ba051722..9cd6ccf689f 100644
--- a/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb
+++ b/ruby/ql/test/query-tests/security/cwe-078/NonConstantKernelOpen/NonConstantKernelOpen.rb
@@ -3,6 +3,12 @@ class UsersController < ActionController::Base
     file = params[:file]
     open(file) # BAD
     IO.read(file) # BAD
+    IO.write(file) # BAD
+    IO.binread(file) # BAD
+    IO.binwrite(file) # BAD
+    IO.foreach(file) # BAD
+    IO.readlines(file) # BAD
+    URI.open(file) # BAD
 
     File.open(file).read # GOOD
 
@@ -19,5 +25,11 @@ class UsersController < ActionController::Base
     Kernel.open("#{this_is} bad") # BAD
 
     open("| #{this_is_an_explicit_command} foo bar") # GOOD
+
+    IO.foreach("|" + EnvUtil.rubybin + " -e 'puts :foo; puts :bar; puts :baz'") {|x| a << x } # GOOD
+
+    IO.write(File.join("foo", "bar.txt"), "bar") # GOOD
+
+    open(file) # BAD - sanity check to verify that file was not mistakenly marked as sanitized
   end
 end
diff --git a/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected b/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected
index a637a8e4d0d..98156ed74c5 100644
--- a/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected
+++ b/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected
@@ -11,6 +11,7 @@ edges
 | app/views/foo/stores/show.html.erb:41:64:41:87 | ... + ... :  | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text |
 | app/views/foo/stores/show.html.erb:41:64:41:87 | ... + ... :  | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] |
 | app/views/foo/stores/show.html.erb:41:76:41:87 | call to display_text :  | app/views/foo/stores/show.html.erb:41:64:41:87 | ... + ... :  |
+| app/views/foo/stores/show.html.erb:87:17:87:28 | call to handle :  | app/views/foo/stores/show.html.erb:87:3:87:29 | call to sprintf |
 nodes
 | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read :  | semmle.label | call to read :  |
 | app/controllers/foo/stores_controller.rb:9:22:9:23 | dt :  | semmle.label | dt :  |
@@ -31,6 +32,8 @@ nodes
 | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | semmle.label | call to raw_name |
 | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | semmle.label | call to display_name |
 | app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | semmle.label | @other_user_raw_name |
+| app/views/foo/stores/show.html.erb:87:3:87:29 | call to sprintf | semmle.label | call to sprintf |
+| app/views/foo/stores/show.html.erb:87:17:87:28 | call to handle :  | semmle.label | call to handle :  |
 subpaths
 #select
 | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read :  | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | stored value |
@@ -46,3 +49,4 @@ subpaths
 | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:70:3:70:20 | call to raw_name | stored value |
 | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:80:5:80:22 | call to display_name | stored value |
 | app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name :  | app/views/foo/stores/show.html.erb:83:5:83:24 | @other_user_raw_name | Stored cross-site scripting vulnerability due to $@. | app/controllers/foo/stores_controller.rb:12:28:12:48 | call to raw_name | stored value |
+| app/views/foo/stores/show.html.erb:87:3:87:29 | call to sprintf | app/views/foo/stores/show.html.erb:87:17:87:28 | call to handle :  | app/views/foo/stores/show.html.erb:87:3:87:29 | call to sprintf | Stored cross-site scripting vulnerability due to $@. | app/views/foo/stores/show.html.erb:87:17:87:28 | call to handle | stored value |
diff --git a/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb b/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb
index cc1d9565039..bfbfafdc2a1 100644
--- a/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb
+++ b/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb
@@ -82,5 +82,10 @@
 <%# BAD: Indirect to a database value without escaping %>
 <%= @other_user_raw_name.html_safe %>
 
+<%# BAD: Kernel.sprintf is a taint-step %>
+<%=
+  sprintf("%s", @user.handle).html_safe
+%>
+
 <%# GOOD: The `foo.bar.baz` is not recognized as a source %>
 <%= @other_user_raw_name.foo.bar.baz.html_safe %>
\ No newline at end of file
diff --git a/ruby/ql/test/query-tests/security/cwe-089/ArelInjection.rb b/ruby/ql/test/query-tests/security/cwe-089/ArelInjection.rb
new file mode 100644
index 00000000000..a1efb3adabb
--- /dev/null
+++ b/ruby/ql/test/query-tests/security/cwe-089/ArelInjection.rb
@@ -0,0 +1,8 @@
+
+class PotatoController < ActionController::Base
+  def unsafe_action
+    name = params[:user_name]
+    # BAD: SQL statement constructed from user input
+    sql = Arel.sql("SELECT * FROM users WHERE name = #{name}")
+  end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
index d78b2675f25..d664bad4293 100644
--- a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
+++ b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected
@@ -33,6 +33,8 @@ edges
 | ActiveRecordInjection.rb:137:21:137:44 | ...[...] :  | ActiveRecordInjection.rb:20:22:20:30 | condition :  |
 | ActiveRecordInjection.rb:151:59:151:64 | call to params :  | ActiveRecordInjection.rb:151:59:151:74 | ...[...] :  |
 | ActiveRecordInjection.rb:151:59:151:74 | ...[...] :  | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." |
+| ArelInjection.rb:4:12:4:17 | call to params :  | ArelInjection.rb:4:12:4:29 | ...[...] :  |
+| ArelInjection.rb:4:12:4:29 | ...[...] :  | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." |
 nodes
 | ActiveRecordInjection.rb:8:25:8:28 | name :  | semmle.label | name :  |
 | ActiveRecordInjection.rb:8:31:8:34 | pass :  | semmle.label | pass :  |
@@ -85,6 +87,9 @@ nodes
 | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | semmle.label | "this is an unsafe annotation:..." |
 | ActiveRecordInjection.rb:151:59:151:64 | call to params :  | semmle.label | call to params :  |
 | ActiveRecordInjection.rb:151:59:151:74 | ...[...] :  | semmle.label | ...[...] :  |
+| ArelInjection.rb:4:12:4:17 | call to params :  | semmle.label | call to params :  |
+| ArelInjection.rb:4:12:4:29 | ...[...] :  | semmle.label | ...[...] :  |
+| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." |
 subpaths
 #select
 | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params :  | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | user-provided value |
@@ -105,3 +110,4 @@ subpaths
 | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | ActiveRecordInjection.rb:92:21:92:26 | call to params :  | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | This SQL query depends on a $@. | ActiveRecordInjection.rb:92:21:92:26 | call to params | user-provided value |
 | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | ActiveRecordInjection.rb:98:10:98:15 | call to params :  | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | This SQL query depends on a $@. | ActiveRecordInjection.rb:98:10:98:15 | call to params | user-provided value |
 | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | ActiveRecordInjection.rb:151:59:151:64 | call to params :  | ActiveRecordInjection.rb:151:27:151:76 | "this is an unsafe annotation:..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:151:59:151:64 | call to params | user-provided value |
+| ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params :  | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected b/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected
index 2bfcbf85dcb..b0da6305e8a 100644
--- a/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected
+++ b/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected
@@ -11,6 +11,7 @@ edges
 | app/controllers/users_controller.rb:33:5:33:31 | ... = ... :  | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
 | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:33:19:33:31 | ...[...] :  |
 | app/controllers/users_controller.rb:33:19:33:31 | ...[...] :  | app/controllers/users_controller.rb:33:5:33:31 | ... = ... :  |
+| app/controllers/users_controller.rb:49:19:49:24 | call to params :  | app/controllers/users_controller.rb:49:19:49:30 | ...[...] |
 nodes
 | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | semmle.label | call to params :  |
 | app/controllers/users_controller.rb:15:19:15:30 | ...[...] :  | semmle.label | ...[...] :  |
@@ -26,6 +27,8 @@ nodes
 | app/controllers/users_controller.rb:33:19:33:31 | ...[...] :  | semmle.label | ...[...] :  |
 | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | semmle.label | unsanitized |
 | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | semmle.label | ... + ... |
+| app/controllers/users_controller.rb:49:19:49:24 | call to params :  | semmle.label | call to params :  |
+| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | semmle.label | ...[...] |
 subpaths
 #select
 | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
@@ -34,3 +37,4 @@ subpaths
 | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
 | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
 | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
+| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | app/controllers/users_controller.rb:49:19:49:24 | call to params :  | app/controllers/users_controller.rb:49:19:49:30 | ...[...] | Log entry depends on a $@. | app/controllers/users_controller.rb:49:19:49:24 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-117/app/controllers/users_controller.rb b/ruby/ql/test/query-tests/security/cwe-117/app/controllers/users_controller.rb
index 8c87659a221..67e0e1cb1a7 100644
--- a/ruby/ql/test/query-tests/security/cwe-117/app/controllers/users_controller.rb
+++ b/ruby/ql/test/query-tests/security/cwe-117/app/controllers/users_controller.rb
@@ -39,7 +39,14 @@ class UsersController < ApplicationController
     init_logger
 
     sanitized = html_escape params[:baz]
-    @logger.debug unsanitized             # GOOD: sanitized user input
-    @logger.debug "input: " + unsanitized # GOOD: sanitized user input
+    @logger.debug sanitized             # GOOD: sanitized user input
+    @logger.debug "input: " + sanitized # GOOD: sanitized user input
+  end
+
+  def inspect_sanitization
+    init_logger
+
+    @logger.debug params[:foo]         # BAD: unsanitized user input
+    @logger.debug params[:foo].inspect # GOOD: sanitized user input
   end
 end
diff --git a/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected b/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected
index 11212e3d806..ee274031bf0 100644
--- a/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected
+++ b/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected
@@ -1,5 +1,5 @@
 | tst.rb:4:14:4:28 | (?:__\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '__'. |
-| tst.rb:4:38:4:54 | (?:\\*\\*\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '**'. |
+| tst.rb:4:38:4:54 | (?:\\*\\*\|[\\s\\S])+? | This part of the regular expression may cause exponential backtracking on strings starting with '*' and containing many repetitions of '**'. |
 | tst.rb:19:20:19:39 | (?:[^"\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
 | tst.rb:19:43:19:62 | (?:[^'\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
 | tst.rb:19:67:19:86 | (?:[^)\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\\\\\'. |
@@ -49,7 +49,6 @@
 | tst.rb:194:77:194:78 | ,? | This part of the regular expression may cause exponential backtracking on strings starting with '{[A(A)A: ' and containing many repetitions of ',A: '. |
 | tst.rb:197:11:197:12 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:197:14:197:15 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
-| tst.rb:200:12:200:18 | (a+a?)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:200:13:200:14 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:203:11:203:12 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:209:11:209:12 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
@@ -67,16 +66,16 @@
 | tst.rb:260:10:260:73 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'thisisagoddamnlongstringforstresstestingthequery'. |
 | tst.rb:260:64:260:66 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'this' and containing many repetitions of '0querythis'. |
 | tst.rb:272:17:272:18 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
-| tst.rb:275:34:275:36 | \\s* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '""\\t0='. |
+| tst.rb:275:34:275:36 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '<0\\t0=' and containing many repetitions of '""\\t0='. |
 | tst.rb:281:12:281:13 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:284:12:284:13 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:290:12:290:13 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:293:21:293:22 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
-| tst.rb:299:86:299:87 | e+ | This part of the regular expression may cause exponential backtracking on strings starting with ';00000000000000' and containing many repetitions of 'e'. |
+| tst.rb:299:86:299:87 | e+ | This part of the regular expression may cause exponential backtracking on strings starting with '00000000000000' and containing many repetitions of 'e'. |
 | tst.rb:302:14:302:15 | c+ | This part of the regular expression may cause exponential backtracking on strings starting with 'ab' and containing many repetitions of 'c'. |
 | tst.rb:305:14:305:16 | \\s+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\t'. |
 | tst.rb:308:12:308:21 | ([^\\/]\|X)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'X'. |
-| tst.rb:311:16:311:20 | [^Y]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'Xx'. |
+| tst.rb:311:16:311:20 | [^Y]+ | This part of the regular expression may cause exponential backtracking on strings starting with 'x' and containing many repetitions of 'Xx'. |
 | tst.rb:314:11:314:12 | a* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:317:14:317:19 | [\\w-]* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '-'. |
 | tst.rb:320:11:320:15 | (ab)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ab'. |
@@ -93,9 +92,9 @@
 | tst.rb:361:11:361:29 | ((?:a{0\|-)\|\\w\\{\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0'. |
 | tst.rb:362:11:362:31 | ((?:a{0,\|-)\|\\w\\{\\d,)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,'. |
 | tst.rb:363:11:363:34 | ((?:a{0,2\|-)\|\\w\\{\\d,\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,2'. |
-| tst.rb:369:12:369:22 | (\\u0061\|a)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
+| tst.rb:369:12:369:22 | (\\u0061\|a)* | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of 'a'. |
 | tst.rb:375:11:375:27 | ([[:digit:]]\|\\d)+ | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of '0'. |
 | tst.rb:378:12:378:18 | (a\|\\w)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.rb:379:12:379:18 | (a\|\\w)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
-| tst.rb:390:70:390:110 | (?:[a-zA-Z0-9_]\|%[a-fA-F0-9][a-fA-F0-9])+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
-| tst.rb:390:98:390:108 | [a-fA-F0-9] | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0%0'. |
+| tst.rb:390:70:390:110 | (?:[a-zA-Z0-9_]\|%[a-fA-F0-9][a-fA-F0-9])+ | This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'. |
+| tst.rb:390:98:390:108 | [a-fA-F0-9] | This part of the regular expression may cause exponential backtracking on strings starting with '0%0' and containing many repetitions of '0%0'. |
diff --git a/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected b/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected
index 4404c74a8d5..09ac79c910c 100644
--- a/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected
+++ b/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected
@@ -12,6 +12,10 @@ edges
 | tainted_format_string.rb:33:32:33:46 | ...[...] :  | tainted_format_string.rb:33:12:33:46 | ... + ... |
 | tainted_format_string.rb:36:30:36:35 | call to params :  | tainted_format_string.rb:36:30:36:44 | ...[...] :  |
 | tainted_format_string.rb:36:30:36:44 | ...[...] :  | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" |
+| tainted_format_string.rb:39:22:39:27 | call to params :  | tainted_format_string.rb:39:22:39:36 | ...[...] :  |
+| tainted_format_string.rb:39:22:39:36 | ...[...] :  | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" |
+| tainted_format_string.rb:42:22:42:27 | call to params :  | tainted_format_string.rb:42:22:42:36 | ...[...] :  |
+| tainted_format_string.rb:42:22:42:36 | ...[...] :  | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" |
 nodes
 | tainted_format_string.rb:4:12:4:17 | call to params :  | semmle.label | call to params :  |
 | tainted_format_string.rb:4:12:4:26 | ...[...] | semmle.label | ...[...] |
@@ -37,6 +41,12 @@ nodes
 | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | semmle.label | "A log message: #{...}" |
 | tainted_format_string.rb:36:30:36:35 | call to params :  | semmle.label | call to params :  |
 | tainted_format_string.rb:36:30:36:44 | ...[...] :  | semmle.label | ...[...] :  |
+| tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | semmle.label | "A log message #{...} %{foo}" |
+| tainted_format_string.rb:39:22:39:27 | call to params :  | semmle.label | call to params :  |
+| tainted_format_string.rb:39:22:39:36 | ...[...] :  | semmle.label | ...[...] :  |
+| tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | semmle.label | "A log message #{...} %08x" |
+| tainted_format_string.rb:42:22:42:27 | call to params :  | semmle.label | call to params :  |
+| tainted_format_string.rb:42:22:42:36 | ...[...] :  | semmle.label | ...[...] :  |
 subpaths
 #select
 | tainted_format_string.rb:4:12:4:26 | ...[...] | tainted_format_string.rb:4:12:4:17 | call to params :  | tainted_format_string.rb:4:12:4:26 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:4:12:4:17 | call to params | user-provided value |
@@ -50,3 +60,5 @@ subpaths
 | tainted_format_string.rb:28:19:28:33 | ...[...] | tainted_format_string.rb:28:19:28:24 | call to params :  | tainted_format_string.rb:28:19:28:33 | ...[...] | Format string depends on a $@. | tainted_format_string.rb:28:19:28:24 | call to params | user-provided value |
 | tainted_format_string.rb:33:12:33:46 | ... + ... | tainted_format_string.rb:33:32:33:37 | call to params :  | tainted_format_string.rb:33:12:33:46 | ... + ... | Format string depends on a $@. | tainted_format_string.rb:33:32:33:37 | call to params | user-provided value |
 | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | tainted_format_string.rb:36:30:36:35 | call to params :  | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | Format string depends on a $@. | tainted_format_string.rb:36:30:36:35 | call to params | user-provided value |
+| tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | tainted_format_string.rb:39:22:39:27 | call to params :  | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | Format string depends on a $@. | tainted_format_string.rb:39:22:39:27 | call to params | user-provided value |
+| tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | tainted_format_string.rb:42:22:42:27 | call to params :  | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | Format string depends on a $@. | tainted_format_string.rb:42:22:42:27 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-134/tainted_format_string.rb b/ruby/ql/test/query-tests/security/cwe-134/tainted_format_string.rb
index 364f0ea1afb..aa66a9aa470 100644
--- a/ruby/ql/test/query-tests/security/cwe-134/tainted_format_string.rb
+++ b/ruby/ql/test/query-tests/security/cwe-134/tainted_format_string.rb
@@ -34,5 +34,11 @@ class UsersController < ActionController::Base
 
     # Taint via string interpolation
     printf("A log message: #{params[:format]}", arg) # BAD
+
+    # Using String#
+    "A log message #{params[:format]} %{foo}" % {foo: "foo"} # BAD
+
+    # String# with an array
+    "A log message #{params[:format]} %08x" % ["foo"] # BAD
   end
 end
\ No newline at end of file
diff --git a/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected
new file mode 100644
index 00000000000..0dba484c65a
--- /dev/null
+++ b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.expected
@@ -0,0 +1,12 @@
+edges
+| StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:18:12:19 | bt |
+nodes
+| StackTraceExposure.rb:6:18:6:28 | call to backtrace | semmle.label | call to backtrace |
+| StackTraceExposure.rb:11:10:11:17 | call to caller :  | semmle.label | call to caller :  |
+| StackTraceExposure.rb:12:18:12:19 | bt | semmle.label | bt |
+| StackTraceExposure.rb:18:18:18:28 | call to backtrace | semmle.label | call to backtrace |
+subpaths
+#select
+| StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | StackTraceExposure.rb:6:18:6:28 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:6:18:6:28 | call to backtrace | Error information |
+| StackTraceExposure.rb:12:18:12:19 | bt | StackTraceExposure.rb:11:10:11:17 | call to caller :  | StackTraceExposure.rb:12:18:12:19 | bt | $@ can be exposed to an external user. | StackTraceExposure.rb:11:10:11:17 | call to caller | Error information |
+| StackTraceExposure.rb:18:18:18:28 | call to backtrace | StackTraceExposure.rb:18:18:18:28 | call to backtrace | StackTraceExposure.rb:18:18:18:28 | call to backtrace | $@ can be exposed to an external user. | StackTraceExposure.rb:18:18:18:28 | call to backtrace | Error information |
diff --git a/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.qlref b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.qlref
new file mode 100644
index 00000000000..c110f2b1765
--- /dev/null
+++ b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.qlref
@@ -0,0 +1 @@
+queries/security/cwe-209/StackTraceExposure.ql
\ No newline at end of file
diff --git a/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.rb b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.rb
new file mode 100644
index 00000000000..dcdf5c1f22c
--- /dev/null
+++ b/ruby/ql/test/query-tests/security/cwe-209/StackTraceExposure.rb
@@ -0,0 +1,21 @@
+class FooController < ApplicationController
+
+  def show
+    something_that_might_fail()
+  rescue => e
+    render body: e.backtrace, content_type: "text/plain"
+  end
+
+
+  def show2
+    bt = caller()
+    render body: bt, content_type: "text/plain"
+  end
+
+  def show3
+    not_a_method()
+  rescue NoMethodError => e
+    render body: e.backtrace, content_type: "text/plain"
+  end
+
+end
diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md
new file mode 100644
index 00000000000..4babb26821b
--- /dev/null
+++ b/shared/regex/CHANGELOG.md
@@ -0,0 +1,13 @@
+## 0.0.3
+
+No user-facing changes.
+
+## 0.0.2
+
+No user-facing changes.
+
+## 0.0.1
+
+### Minor Analysis Improvements
+
+* Initial release. Extracted common regex related code, including the ReDoS analysis, into a library pack to share code between languages.
diff --git a/shared/regex/change-notes/released/0.0.1.md b/shared/regex/change-notes/released/0.0.1.md
new file mode 100644
index 00000000000..68156d29a72
--- /dev/null
+++ b/shared/regex/change-notes/released/0.0.1.md
@@ -0,0 +1,5 @@
+## 0.0.1
+
+### Minor Analysis Improvements
+
+* Initial release. Extracted common regex related code, including the ReDoS analysis, into a library pack to share code between languages.
diff --git a/shared/regex/change-notes/released/0.0.2.md b/shared/regex/change-notes/released/0.0.2.md
new file mode 100644
index 00000000000..5ab250998ed
--- /dev/null
+++ b/shared/regex/change-notes/released/0.0.2.md
@@ -0,0 +1,3 @@
+## 0.0.2
+
+No user-facing changes.
diff --git a/shared/regex/change-notes/released/0.0.3.md b/shared/regex/change-notes/released/0.0.3.md
new file mode 100644
index 00000000000..af7864fc7d5
--- /dev/null
+++ b/shared/regex/change-notes/released/0.0.3.md
@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.
diff --git a/shared/regex/codeql-pack.lock.yml b/shared/regex/codeql-pack.lock.yml
new file mode 100644
index 00000000000..a046f6d9786
--- /dev/null
+++ b/shared/regex/codeql-pack.lock.yml
@@ -0,0 +1,4 @@
+---
+dependencies: {}
+compiled: false
+lockVersion: 1.0.0
\ No newline at end of file
diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml
new file mode 100644
index 00000000000..a24b693d1e7
--- /dev/null
+++ b/shared/regex/codeql-pack.release.yml
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.3
diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll
new file mode 100644
index 00000000000..fc77b9b56e2
--- /dev/null
+++ b/shared/regex/codeql/regex/HostnameRegexp.qll
@@ -0,0 +1,276 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import RegexTreeView
+
+/**
+ * A signature specifying the required parts to perform an
+ * analysis on regular expressions matching hostnames.
+ */
+signature module HostnameRegexpSig<RegexTreeViewSig TreeImpl> {
+  /** A node in the data-flow graph. */
+  class DataFlowNode {
+    /** Gets a string representation of this node. */
+    string toString();
+  }
+
+  /** A node in the data-flow graph that represents a regular expression pattern. */
+  class RegExpPatternSource extends DataFlowNode {
+    /**
+     * Gets the root term of the regular expression parsed from this pattern.
+     */
+    TreeImpl::RegExpTerm getRegExpTerm();
+
+    /**
+     * Gets a node where the pattern of this node is parsed as a part of
+     * a regular expression.
+     */
+    DataFlowNode getAParse();
+  }
+}
+
+/**
+ * Utility predicates and classes that doesn't depend on any signature.
+ */
+module Utils {
+  /**
+   * Gets a pattern that matches common top-level domain names in lower case.
+   */
+  string getACommonTld() {
+    // according to ranking by http://google.com/search?q=site:.<<TLD>>
+    result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
+  }
+}
+
+/**
+ * Classes and predicates implementing an analysis on regular expressions
+ * that match URLs and hostname patterns.
+ */
+module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
+  private import TreeImpl
+  import Utils
+
+  /**
+   * Holds if the given constant is unlikely to occur in the origin part of a URL.
+   */
+  predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
+    // Look for any of these cases:
+    // - A character that can't occur in the origin
+    // - Two dashes in a row
+    // - A colon that is not part of port or scheme separator
+    // - A slash that is not part of scheme separator
+    term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
+  }
+
+  /** Holds if `term` is a dot constant of form `\.` or `[.]`. */
+  predicate isDotConstant(RegExpTerm term) {
+    term.(RegExpCharEscape).getValue() = "."
+    or
+    exists(RegExpCharacterClass cls |
+      term = cls and
+      not cls.isInverted() and
+      cls.getNumChild() = 1 and
+      cls.getAChild().(RegExpConstant).getValue() = "."
+    )
+  }
+
+  /** Holds if `term` is a wildcard `.` or an actual `.` character. */
+  predicate isDotLike(RegExpTerm term) {
+    term instanceof RegExpDot
+    or
+    isDotConstant(term)
+  }
+
+  /** Holds if `term` will only ever be matched against the beginning of the input. */
+  predicate matchesBeginningOfString(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent | matchesBeginningOfString(parent) |
+      term = parent.(RegExpSequence).getChild(0)
+      or
+      parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
+      term = parent.(RegExpSequence).getChild(1)
+      or
+      term = parent.(RegExpAlt).getAChild()
+      or
+      term = parent.(RegExpGroup).getAChild()
+    )
+  }
+
+  /**
+   * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
+   * excluding cases where this is at the very beginning of the regexp.
+   *
+   * `i` is bound to the index of the last child in the top-level domain part.
+   */
+  predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
+    seq.getChild(i)
+        .(RegExpConstant)
+        .getValue()
+        .regexpMatch("(?i)" + getACommonTld() + "(:\\d+)?([/?#].*)?") and
+    isDotLike(seq.getChild(i - 1)) and
+    not (i = 1 and matchesBeginningOfString(seq))
+  }
+
+  /**
+   * Holds if the given regular expression term contains top-level domain preceded by a dot,
+   * such as `.com`.
+   */
+  predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
+
+  /**
+   * Holds if `term` will always match a hostname, that is, all disjunctions contain
+   * a hostname pattern that isn't inside a quantifier.
+   */
+  predicate alwaysMatchesHostname(RegExpTerm term) {
+    hasTopLevelDomainEnding(term, _)
+    or
+    // `localhost` is considered a hostname pattern, but has no TLD
+    term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
+    or
+    not term instanceof RegExpAlt and
+    not term instanceof RegExpQuantifier and
+    alwaysMatchesHostname(term.getAChild())
+    or
+    alwaysMatchesHostnameAlt(term)
+  }
+
+  /** Holds if every child of `alt` contains a hostname pattern. */
+  predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
+    alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
+  }
+
+  /**
+   * Holds if the first `i` children of `alt` contains a hostname pattern.
+   *
+   * This is used instead of `forall` to avoid materializing the set of alternatives
+   * that don't contains hostnames, which is much larger.
+   */
+  predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
+    alwaysMatchesHostname(alt.getChild(0)) and i = 0
+    or
+    alwaysMatchesHostnameAlt(alt, i - 1) and
+    alwaysMatchesHostname(alt.getChild(i))
+  }
+
+  /**
+   * Holds if `term` occurs inside a quantifier or alternative (and thus
+   * can not be expected to correspond to a unique match), or as part of
+   * a lookaround assertion (which are rarely used for capture groups).
+   */
+  predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
+    exists(RegExpParent parent | parent = term.getParent() |
+      parent instanceof RegExpAlt
+      or
+      parent instanceof RegExpQuantifier
+      or
+      parent instanceof RegExpSubPattern
+      or
+      isInsideChoiceOrSubPattern(parent)
+    )
+  }
+
+  /**
+   * Holds if `group` is likely to be used as a capture group.
+   */
+  predicate isLikelyCaptureGroup(RegExpGroup group) {
+    group.isCapture() and
+    not isInsideChoiceOrSubPattern(group)
+  }
+
+  /**
+   * Holds if `seq` contains two consecutive dots `..` or escaped dots.
+   *
+   * At least one of these dots is not intended to be a subdomain separator,
+   * so we avoid flagging the pattern in this case.
+   */
+  predicate hasConsecutiveDots(RegExpSequence seq) {
+    exists(int i |
+      isDotLike(seq.getChild(i)) and
+      isDotLike(seq.getChild(i + 1))
+    )
+  }
+
+  private predicate isIncompleteHostNameRegExpPattern(
+    RegExpTerm regexp, RegExpSequence seq, string msg
+  ) {
+    seq = regexp.getAChild*() and
+    exists(RegExpDot unescapedDot, int i, string hostname |
+      hasTopLevelDomainEnding(seq, i) and
+      not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
+      not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
+      unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
+      unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
+      not hasConsecutiveDots(unescapedDot.getParent()) and
+      hostname =
+        seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
+          seq.getChild(i).getRawValue()
+    |
+      if unescapedDot.getParent() instanceof RegExpQuantifier
+      then
+        // `.*\.example.com` can match `evil.com/?x=.example.com`
+        //
+        // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
+        // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
+        // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
+        // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
+        seq.getChild(0) instanceof RegExpCaret and
+        not seq.getAChild() instanceof RegExpDollar and
+        seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
+        msg =
+          "has an unrestricted wildcard '" +
+            unescapedDot.getParent().(RegExpQuantifier).getRawValue() + "' which may cause '" +
+            hostname + "' to be matched anywhere in the URL, outside the hostname."
+      else
+        msg =
+          "has an unescaped '.' before '" + hostname +
+            "', so it might match more hosts than expected."
+    )
+  }
+
+  /** Holds if `term` is one of the transitive left children of a regexp. */
+  predicate isLeftArmTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent |
+      term = parent.getChild(0) and
+      isLeftArmTerm(parent)
+    )
+  }
+
+  /** Holds if `term` is one of the transitive right children of a regexp. */
+  predicate isRightArmTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent |
+      term = parent.getLastChild() and
+      isRightArmTerm(parent)
+    )
+  }
+
+  /**
+   * Holds if `regexp` is a regular expression that is likely to match a hostname,
+   * but the pattern is incomplete and may match more hosts than intended.
+   */
+  predicate incompleteHostnameRegExp(
+    RegExpSequence hostSequence, string message, Specific::DataFlowNode aux, string label
+  ) {
+    exists(Specific::RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
+      regexp = re.getRegExpTerm() and
+      isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
+      (
+        if re.getAParse() != re
+        then (
+          kind = "string, which is used as a regular expression $@," and
+          aux = re.getAParse()
+        ) else (
+          kind = "regular expression" and aux = re
+        )
+      )
+    |
+      message = "This " + kind + " " + msg and label = "here"
+    )
+  }
+}
diff --git a/shared/regex/codeql/regex/MissingRegExpAnchor.qll b/shared/regex/codeql/regex/MissingRegExpAnchor.qll
new file mode 100644
index 00000000000..cbb54c5b5ca
--- /dev/null
+++ b/shared/regex/codeql/regex/MissingRegExpAnchor.qll
@@ -0,0 +1,225 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * without anchors.
+ */
+
+private import RegexTreeView
+import HostnameRegexp as HostnameShared
+
+/**
+ * A signature specifying the required parts to perform an
+ * analysis on regular expressions without anchors.
+ *
+ * This analysis requires the hostname analysis to be available.
+ */
+signature module MissingRegExpAnchorSig<
+RegexTreeViewSig TreeImpl, HostnameShared::HostnameRegexpSig<TreeImpl> Specific> {
+  predicate isUsedAsReplace(Specific::RegExpPatternSource pattern);
+
+  /** Gets a string representation of an end anchor from a regular expression. */
+  string getEndAnchorText();
+}
+
+/**
+ * Classes and predicates implementing an analysis on regular expressions
+ * without anchors.
+ */
+module Make<
+RegexTreeViewSig TreeImpl, HostnameShared::HostnameRegexpSig<TreeImpl> HostnameImpl,
+MissingRegExpAnchorSig<TreeImpl, HostnameImpl> Impl> {
+  private import TreeImpl
+  private import HostnameShared::Make<TreeImpl, HostnameImpl> as HostnameRegexp
+  private import HostnameImpl
+  private import Impl
+
+  /**
+   * Holds if `term` is a final term, that is, no term will match anything after this one.
+   */
+  predicate isFinalRegExpTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpSequence seq |
+      isFinalRegExpTerm(seq) and
+      term = seq.getLastChild()
+    )
+    or
+    exists(RegExpTerm parent |
+      isFinalRegExpTerm(parent) and
+      term = parent.getAChild() and
+      not parent instanceof RegExpSequence and
+      not parent instanceof RegExpQuantifier
+    )
+  }
+
+  /**
+   * Holds if `term` is an anchor that is not the first or last node
+   * in its tree.
+   */
+  predicate isInteriorAnchor(RegExpAnchor term) {
+    not HostnameRegexp::isLeftArmTerm(term) and
+    not HostnameRegexp::isRightArmTerm(term)
+  }
+
+  /**
+   * Holds if `term` contains an anchor that is not the first or last node
+   * in its tree, such as `(foo|bar$|baz)`.
+   */
+  predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
+
+  /**
+   * Holds if `term` starts with a word boundary or lookbehind assertion,
+   * indicating that it's not intended to be anchored on that side.
+   */
+  predicate containsLeadingPseudoAnchor(RegExpSequence term) {
+    exists(RegExpTerm child | child = term.getChild(0) |
+      child instanceof RegExpWordBoundary or
+      child instanceof RegExpNonWordBoundary or
+      child instanceof RegExpLookbehind
+    )
+  }
+
+  /**
+   * Holds if `term` ends with a word boundary or lookahead assertion,
+   * indicating that it's not intended to be anchored on that side.
+   */
+  predicate containsTrailingPseudoAnchor(RegExpSequence term) {
+    exists(RegExpTerm child | child = term.getLastChild() |
+      child instanceof RegExpWordBoundary or
+      child instanceof RegExpNonWordBoundary or
+      child instanceof RegExpLookahead
+    )
+  }
+
+  /**
+   * Holds if `term` is an empty sequence, usually arising from
+   * literals with a trailing alternative such as `foo|`.
+   */
+  predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
+
+  /**
+   * Holds if `term` contains a letter constant.
+   *
+   * We use this as a heuristic to filter out uninteresting results.
+   */
+  predicate containsLetters(RegExpTerm term) {
+    term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
+  }
+
+  /**
+   * Holds if `term` consists only of an anchor and a parenthesized term,
+   * such as the left side of `^(foo|bar)|baz`.
+   *
+   * The precedence of the anchor is likely to be intentional in this case,
+   * as the group wouldn't be needed otherwise.
+   */
+  predicate isAnchoredGroup(RegExpSequence term) {
+    term.getNumChild() = 2 and
+    term.getAChild() instanceof RegExpAnchor and
+    term.getAChild() instanceof RegExpGroup
+  }
+
+  /**
+   * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
+   * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
+   */
+  predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
+    isAnchoredGroup(alt.getAChild()) and
+    not alt.getAChild() instanceof RegExpGroup
+  }
+
+  /**
+   * Holds if `src` is a pattern for a collection of alternatives where
+   * only the first or last alternative is anchored, indicating a
+   * precedence mistake explained by `msg`.
+   *
+   * The canonical example of such a mistake is: `^a|b|c`, which is
+   * parsed as `(^a)|(b)|(c)`.
+   */
+  predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
+    exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
+      root = src.getRegExpTerm() and
+      not containsInteriorAnchor(root) and
+      not isEmpty(root.getAChild()) and
+      not hasExplicitAnchorPrecedence(root) and
+      containsLetters(anchoredTerm) and
+      (
+        anchoredTerm = root.getChild(0) and
+        anchoredTerm.getChild(0) instanceof RegExpCaret and
+        not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
+        containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
+        direction = "beginning"
+        or
+        anchoredTerm = root.getLastChild() and
+        anchoredTerm.getLastChild() instanceof RegExpDollar and
+        not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
+        containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
+        direction = "end"
+      ) and
+      // is not used for replace
+      not isUsedAsReplace(src) and
+      msg =
+        "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
+          "' is anchored at the " + direction +
+          ", but the other parts of this regular expression are not"
+    )
+  }
+
+  /**
+   * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
+   */
+  predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
+    exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld, i) and
+      isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
+      tld.getChild(0) instanceof RegExpCaret and
+      msg =
+        "This hostname pattern may match any domain name, as it is missing a '" + getEndAnchorText()
+          + "' or '/' at the end."
+    )
+  }
+
+  /**
+   * Holds if `src` is an unanchored pattern for a URL, indicating a
+   * mistake explained by `msg`.
+   */
+  predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
+      HostnameRegexp::alwaysMatchesHostname(term) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld) and
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      not term.getAChild*() instanceof RegExpAnchor and
+      // that is not used for string replacement
+      not isUsedAsReplace(src) and
+      msg =
+        "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
+    )
+  }
+
+  /**
+   * Holds if `src` contains a hostname pattern that uses the `^/$` line anchors
+   * rather than `\A/\z` which match the start/end of the whole string.
+   */
+  predicate isLineAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    // avoid double reporting
+    not (
+      isSemiAnchoredHostnameRegExp(src, _) or
+      hasMisleadingAnchorPrecedence(src, _)
+    ) and
+    exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld, i) and
+      isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
+      (
+        tld.getChild(0).(RegExpCaret).getChar() = "^" or
+        tld.getLastChild().(RegExpDollar).getChar() = "$"
+      ) and
+      msg =
+        "This hostname pattern uses anchors such as '^' and '$', which match the start and end of a line, not the whole string. Use '\\A' and '\\z' instead."
+    )
+  }
+}
diff --git a/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll
new file mode 100644
index 00000000000..8d3a0b9c0ff
--- /dev/null
+++ b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll
@@ -0,0 +1,300 @@
+/**
+ * Classes and predicates for working with suspicious character ranges.
+ */
+
+private import RegexTreeView
+
+/**
+ * Classes and predicates implementing an analysis detecting suspicious character ranges.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+
+  /**
+   * Gets a rank for `range` that is unique for ranges in the same file.
+   * Prioritizes ranges that match more characters.
+   */
+  int rankRange(RegExpCharacterRange range) {
+    range =
+      rank[result](RegExpCharacterRange r, int startline, int startcolumn, int low, int high |
+        r.hasLocationInfo(_, startline, startcolumn, _, _) and
+        isRange(r, low, high)
+      |
+        r order by (high - low) desc, startline, startcolumn
+      )
+  }
+
+  /** Holds if `range` spans from the unicode code points `low` to `high` (both inclusive). */
+  predicate isRange(RegExpCharacterRange range, int low, int high) {
+    exists(string lowc, string highc |
+      range.isRange(lowc, highc) and
+      low.toUnicode() = lowc and
+      high.toUnicode() = highc
+    )
+  }
+
+  /** Holds if `char` is an alpha-numeric character. */
+  predicate isAlphanumeric(string char) {
+    // written like this to avoid having a bindingset for the predicate
+    char = [[48 .. 57], [65 .. 90], [97 .. 122]].toUnicode() // 0-9, A-Z, a-z
+  }
+
+  /**
+   * Holds if the given ranges are from the same character class
+   * and there exists at least one character matched by both ranges.
+   */
+  predicate overlap(RegExpCharacterRange a, RegExpCharacterRange b) {
+    exists(RegExpCharacterClass clz |
+      a = clz.getAChild() and
+      b = clz.getAChild() and
+      a != b
+    |
+      exists(int alow, int ahigh, int blow, int bhigh |
+        isRange(a, alow, ahigh) and
+        isRange(b, blow, bhigh) and
+        alow <= bhigh and
+        blow <= ahigh
+      )
+    )
+  }
+
+  /**
+   * Holds if `range` overlaps with the char class `escape` from the same character class.
+   */
+  predicate overlapsWithCharEscape(RegExpCharacterRange range, RegExpCharacterClassEscape escape) {
+    exists(RegExpCharacterClass clz, string low, string high |
+      range = clz.getAChild() and
+      escape = clz.getAChild() and
+      range.isRange(low, high)
+    |
+      escape.getValue() = "w" and
+      getInRange(low, high).regexpMatch("\\w")
+      or
+      escape.getValue() = "d" and
+      getInRange(low, high).regexpMatch("\\d")
+      or
+      escape.getValue() = "s" and
+      getInRange(low, high).regexpMatch("\\s")
+    )
+  }
+
+  /** Gets the unicode code point for a `char`. */
+  bindingset[char]
+  int toCodePoint(string char) { result.toUnicode() = char }
+
+  /** A character range that appears to be overly wide. */
+  class OverlyWideRange instanceof RegExpCharacterRange {
+    OverlyWideRange() {
+      exists(int low, int high, int numChars |
+        isRange(this, low, high) and
+        numChars = (1 + high - low) and
+        this.getRootTerm().isUsedAsRegExp() and
+        numChars >= 10
+      |
+        // across the Z-a range (which includes backticks)
+        toCodePoint("Z") >= low and
+        toCodePoint("a") <= high
+        or
+        // across the 9-A range (which includes e.g. ; and ?)
+        toCodePoint("9") >= low and
+        toCodePoint("A") <= high
+        or
+        // a non-alphanumeric char as part of the range boundaries
+        exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
+        // while still being ascii
+        low < 128 and
+        high < 128
+      ) and
+      // allowlist for known ranges
+      not this = allowedWideRanges()
+    }
+
+    /** Gets a string representation of a character class that matches the same chars as this range. */
+    string printEquivalent() { result = RangePrinter::printEquivalentCharClass(this) }
+
+    /** Gets a string representation of this range. */
+    string toString() { result = super.toString() }
+
+    /** Holds if `lo` is the lower bound of this character range and `hi` the upper bound. */
+    predicate isRange(string lo, string hi) { super.isRange(lo, hi) }
+  }
+
+  /** Gets a range that should not be reported as an overly wide range. */
+  RegExpCharacterRange allowedWideRanges() {
+    // ~ is the last printable ASCII character, it's used right in various wide ranges.
+    result.isRange(_, "~")
+    or
+    // the same with " " and "!". " " is the first printable character, and "!" is the first non-white-space printable character.
+    result.isRange([" ", "!"], _)
+    or
+    // the `[@-_]` range is intentional
+    result.isRange("@", "_")
+    or
+    // starting from the zero byte is a good indication that it's purposely matching a large range.
+    result.isRange(0.toUnicode(), _)
+  }
+
+  /** Gets a char between (and including) `low` and `high`. */
+  bindingset[low, high]
+  private string getInRange(string low, string high) {
+    result = [toCodePoint(low) .. toCodePoint(high)].toUnicode()
+  }
+
+  /** A module computing an equivalent character class for an overly wide range. */
+  module RangePrinter {
+    bindingset[char]
+    bindingset[result]
+    private string next(string char) {
+      exists(int prev, int next |
+        prev.toUnicode() = char and
+        next.toUnicode() = result and
+        next = prev + 1
+      )
+    }
+
+    /** Gets the points where the parts of the pretty printed range should be cut off. */
+    private string cutoffs() { result = ["A", "Z", "a", "z", "0", "9"] }
+
+    /** Gets the char to use in the low end of a range for a given `cut` */
+    private string lowCut(string cut) {
+      cut = ["A", "a", "0"] and
+      result = cut
+      or
+      cut = ["Z", "z", "9"] and
+      result = next(cut)
+    }
+
+    /** Gets the char to use in the high end of a range for a given `cut` */
+    private string highCut(string cut) {
+      cut = ["Z", "z", "9"] and
+      result = cut
+      or
+      cut = ["A", "a", "0"] and
+      next(result) = cut
+    }
+
+    /** Gets the cutoff char used for a given `part` of a range when pretty-printing it. */
+    private string cutoff(OverlyWideRange range, int part) {
+      exists(int low, int high | isRange(range, low, high) |
+        result =
+          rank[part + 1](string cut |
+            cut = cutoffs() and low < toCodePoint(cut) and toCodePoint(cut) < high
+          |
+            cut order by toCodePoint(cut)
+          )
+      )
+    }
+
+    /** Gets the number of parts we should print for a given `range`. */
+    private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
+
+    /** Holds if the given part of a range should span from `low` to `high`. */
+    private predicate part(OverlyWideRange range, int part, string low, string high) {
+      // first part.
+      part = 0 and
+      (
+        range.isRange(low, high) and
+        parts(range) = 1
+        or
+        parts(range) >= 2 and
+        range.isRange(low, _) and
+        high = highCut(cutoff(range, part))
+      )
+      or
+      // middle
+      part >= 1 and
+      part < parts(range) - 1 and
+      low = lowCut(cutoff(range, part - 1)) and
+      high = highCut(cutoff(range, part))
+      or
+      // last.
+      part = parts(range) - 1 and
+      low = lowCut(cutoff(range, part - 1)) and
+      range.isRange(_, high)
+    }
+
+    /** Gets an escaped `char` for use in a character class. */
+    bindingset[char]
+    private string escape(string char) {
+      exists(string reg | reg = "(\\[|\\]|\\\\|-|/)" |
+        if char.regexpMatch(reg) then result = "\\" + char else result = char
+      )
+    }
+
+    /** Gets a part of the equivalent range. */
+    private string printEquivalentCharClass(OverlyWideRange range, int part) {
+      exists(string low, string high | part(range, part, low, high) |
+        if
+          isAlphanumeric(low) and
+          isAlphanumeric(high)
+        then result = low + "-" + high
+        else
+          result =
+            strictconcat(string char | char = getInRange(low, high) | escape(char) order by char)
+      )
+    }
+
+    /** Gets the entire pretty printed equivalent range. */
+    string printEquivalentCharClass(OverlyWideRange range) {
+      result =
+        strictconcat(string r, int part |
+          r = "[" and part = -1 and exists(range)
+          or
+          r = printEquivalentCharClass(range, part)
+          or
+          r = "]" and part = parts(range)
+        |
+          r order by part
+        )
+    }
+  }
+
+  /** Gets a char range that is overly large because of `reason`. */
+  RegExpCharacterRange getABadRange(string reason, int priority) {
+    result instanceof OverlyWideRange and
+    priority = 0 and
+    exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() |
+      if equiv.length() <= 50
+      then reason = "is equivalent to " + equiv
+      else reason = "is equivalent to " + equiv.substring(0, 50) + "..."
+    )
+    or
+    priority = 1 and
+    exists(RegExpCharacterRange other |
+      reason = "overlaps with " + other + " in the same character class" and
+      rankRange(result) < rankRange(other) and
+      overlap(result, other)
+    )
+    or
+    priority = 2 and
+    exists(RegExpCharacterClassEscape escape |
+      reason = "overlaps with " + escape + " in the same character class" and
+      overlapsWithCharEscape(result, escape)
+    )
+    or
+    reason = "is empty" and
+    priority = 3 and
+    exists(int low, int high |
+      isRange(result, low, high) and
+      low > high
+    )
+  }
+
+  /** Holds if `range` matches suspiciously many characters. */
+  predicate problem(RegExpCharacterRange range, string reason) {
+    reason =
+      strictconcat(string m, int priority |
+        range = getABadRange(m, priority)
+      |
+        m, ", and " order by priority desc
+      ) and
+    // specifying a range using an escape is usually OK.
+    not range.getAChild() instanceof RegExpEscape and
+    // Unicode escapes in strings are interpreted before it turns into a regexp,
+    // so e.g. [\u0001-\uFFFF] will just turn up as a range between two constants.
+    // We therefore exclude these ranges.
+    range.getRootTerm().getParent() instanceof RegExpLiteral and
+    // is used as regexp (mostly for JS where regular expressions are parsed eagerly)
+    range.getRootTerm().isUsedAsRegExp()
+  }
+}
diff --git a/shared/regex/codeql/regex/RegexTreeView.qll b/shared/regex/codeql/regex/RegexTreeView.qll
new file mode 100644
index 00000000000..03d8fcfcbcd
--- /dev/null
+++ b/shared/regex/codeql/regex/RegexTreeView.qll
@@ -0,0 +1,490 @@
+/**
+ * This file contains a `RegexTreeViewSig` module describing the syntax tree of regular expressions.
+ */
+
+/**
+ * A signature describing the syntax tree of regular expressions.
+ */
+signature module RegexTreeViewSig {
+  /**
+   * An element used in some way as or in a regular expression.
+   * This class exists to have a common supertype that all languages can agree on.
+   */
+  class Top;
+
+  /**
+   * An element containing a regular expression term, that is, either
+   * a string literal (parsed as a regular expression; the root of the parse tree)
+   * or another regular expression term (a descendant of the root).
+   */
+  class RegExpParent extends Top;
+
+  /**
+   * A regular expression literal.
+   *
+   * Note that this class does not cover regular expressions constructed by calling the built-in
+   * `RegExp` function.
+   *
+   * Example:
+   *
+   * ```
+   * /(?i)ab*c(d|e)$/
+   * ```
+   */
+  class RegExpLiteral extends RegExpParent;
+
+  /**
+   * A regular expression term, that is, a syntactic part of a regular expression.
+   * These are the tree nodes that form the parse tree of a regular expression literal.
+   */
+  class RegExpTerm extends Top {
+    /** Gets a child term of this term. */
+    RegExpTerm getAChild();
+
+    /**
+     * Holds if this is the root term of a regular expression.
+     */
+    predicate isRootTerm();
+
+    /**
+     * Gets the parent term of this regular expression term, or the
+     * regular expression literal if this is the root term.
+     */
+    RegExpParent getParent();
+
+    /**
+     * Holds if this term is part of a regular expression literal, or a string literal
+     * that is interpreted as a regular expression.
+     */
+    predicate isUsedAsRegExp();
+
+    /** Gets the outermost term of this regular expression. */
+    RegExpTerm getRootTerm();
+
+    /** Gets the raw source text of this term. */
+    string getRawValue();
+
+    /** Gets the `i`th child term of this term. */
+    RegExpTerm getChild(int i);
+
+    /** Gets the number of child terms of this term. */
+    int getNumChild();
+
+    /** Gets the regular expression term that is matched (textually) after this one, if any. */
+    RegExpTerm getSuccessor();
+
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild();
+
+    string toString();
+
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    );
+  }
+
+  /**
+   * A quantified regular expression term.
+   *
+   * Example:
+   *
+   * ```
+   * ((ECMA|Java)[sS]cript)*
+   * ```
+   */
+  class RegExpQuantifier extends RegExpTerm;
+
+  /**
+   * A star-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w*
+   * ```
+   */
+  class RegExpStar extends RegExpQuantifier;
+
+  /**
+   * An optional term.
+   *
+   * Example:
+   *
+   * ```
+   * ;?
+   * ```
+   */
+  class RegExpOpt extends RegExpQuantifier;
+
+  /**
+   * A plus-quantified term.
+   *
+   * Example:
+   *
+   * ```
+   * \w+
+   * ```
+   */
+  class RegExpPlus extends RegExpQuantifier;
+
+  /**
+   * A range-quantified term
+   *
+   * Examples:
+   *
+   * ```
+   * \w{2,4}
+   * \w{2,}
+   * \w{2}
+   * ```
+   */
+  class RegExpRange extends RegExpQuantifier {
+    /** Gets the lower bound of the range. */
+    int getLowerBound();
+
+    /**
+     * Gets the upper bound of the range, if any.
+     *
+     * If there is no upper bound, any number of repetitions is allowed.
+     * For a term of the form `r{lo}`, both the lower and the upper bound
+     * are `lo`.
+     */
+    int getUpperBound();
+  }
+
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpTerm;
+
+  /**
+   * An escaped regular expression term, that is, a regular expression
+   * term starting with a backslash.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * \w
+   * ```
+   */
+  class RegExpEscape extends RegExpTerm;
+
+  /**
+   * A character class escape in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \w
+   * \S
+   * ```
+   */
+  class RegExpCharacterClassEscape extends RegExpEscape {
+    /** Gets the name of the character class; for example, `w` for `\w`. */
+    string getValue();
+  }
+
+  /**
+   * An alternative term, that is, a term of the form `a|b`.
+   *
+   * Example:
+   *
+   * ```
+   * ECMA|Java
+   * ```
+   */
+  class RegExpAlt extends RegExpTerm;
+
+  /**
+   * A grouped regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * (ECMA|Java)
+   * (?:ECMA|Java)
+   * (?<quote>['"])
+   * ```
+   */
+  class RegExpGroup extends RegExpTerm {
+    /**
+     * Gets the index of this capture group within the enclosing regular
+     * expression literal.
+     *
+     * For example, in the regular expression `/((a?).)(?:b)/`, the
+     * group `((a?).)` has index 1, the group `(a?)` nested inside it
+     * has index 2, and the group `(?:b)` has no index, since it is
+     * not a capture group.
+     */
+    int getNumber();
+
+    /** Holds if this is a capture group. */
+    predicate isCapture();
+  }
+
+  /**
+   * A back reference, that is, a term of the form `\i` or `\k<name>`
+   * in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * \1
+   * \k<quote>
+   * ```
+   */
+  class RegExpBackRef extends RegExpTerm {
+    /** Gets the capture group this back reference refers to. */
+    RegExpGroup getGroup();
+  }
+
+  /**
+   * A sequence term.
+   *
+   * Example:
+   *
+   * ```
+   * (ECMA|Java)Script
+   * ```
+   *
+   * This is a sequence with the elements `(ECMA|Java)` and `Script`.
+   */
+  class RegExpSequence extends RegExpTerm;
+
+  /**
+   * A zero-width lookahead or lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  class RegExpSubPattern extends RegExpTerm {
+    /** Gets the lookahead term. */
+    RegExpTerm getOperand();
+  }
+
+  /**
+   * A zero-width lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * (?!\n)
+   * ```
+   */
+  class RegExpLookahead extends RegExpSubPattern;
+
+  /**
+   * A positive-lookahead assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?=\w)
+   * ```
+   */
+  class RegExpPositiveLookahead extends RegExpLookahead;
+
+  /**
+   * A zero-width lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * (?<!\\)
+   * ```
+   */
+  class RegExpLookbehind extends RegExpSubPattern;
+
+  /**
+   * A positive-lookbehind assertion.
+   *
+   * Examples:
+   *
+   * ```
+   * (?<=\.)
+   * ```
+   */
+  class RegExpPositiveLookbehind extends RegExpLookbehind;
+
+  /**
+   * A constant regular expression term, that is, a regular expression
+   * term matching a single string.
+   *
+   * Example:
+   *
+   * ```
+   * abc
+   * ```
+   */
+  class RegExpConstant extends RegExpTerm {
+    /** Gets the string matched by this constant term. */
+    string getValue();
+
+    /**
+     * Holds if this constant represents a valid Unicode character (as opposed
+     * to a surrogate code point that does not correspond to a character by itself.)
+     */
+    predicate isCharacter();
+  }
+
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
+  class RegExpCharEscape extends RegExpEscape {
+    /** Gets the string matched by this term. */
+    string getValue();
+  }
+
+  /**
+   * A character class in a regular expression.
+   *
+   * Examples:
+   *
+   * ```
+   * [a-z_]
+   * [^<>&]
+   * ```
+   */
+  class RegExpCharacterClass extends RegExpTerm {
+    /**
+     * Holds if this character class matches any character.
+     */
+    predicate isUniversalClass();
+
+    /** Holds if this is an inverted character class, that is, a term of the form `[^...]`. */
+    predicate isInverted();
+  }
+
+  /**
+   * A character range in a character class in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * a-z
+   * ```
+   */
+  class RegExpCharacterRange extends RegExpTerm {
+    /** Holds if `lo` is the lower bound of this character range and `hi` the upper bound. */
+    predicate isRange(string lo, string hi);
+  }
+
+  /**
+   * A dot regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * .
+   * ```
+   */
+  class RegExpDot extends RegExpTerm;
+
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * \A
+   * ```
+   */
+  class RegExpAnchor extends RegExpTerm {
+    /** Gets the char for this term. */
+    string getChar();
+  }
+
+  /**
+   * A dollar assertion `$` matching the end of a line.
+   *
+   * Example:
+   *
+   * ```
+   * $
+   * ```
+   */
+  class RegExpDollar extends RegExpAnchor;
+
+  /**
+   * A caret assertion `^` matching the beginning of a line.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpCaret extends RegExpAnchor;
+
+  /**
+   * A word boundary assertion.
+   *
+   * Example:
+   *
+   * ```
+   * \b
+   * ```
+   */
+  class RegExpWordBoundary extends RegExpTerm;
+
+  /**
+   * A regular expression term that permits unlimited repetitions.
+   */
+  class InfiniteRepetitionQuantifier extends RegExpQuantifier;
+
+  /**
+   * Holds if the regular expression should not be considered.
+   *
+   * For javascript we make the pragmatic performance optimization to ignore minified files.
+   */
+  predicate isExcluded(RegExpParent parent);
+
+  /**
+   * Holds if `term` is a possessive quantifier.
+   * As javascript's regexes do not support possessive quantifiers, this never holds, but is used by the shared library.
+   */
+  predicate isPossessive(RegExpQuantifier term);
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against.
+   * Not yet implemented for JavaScript.
+   */
+  predicate matchesAnyPrefix(RegExpTerm term);
+
+  /**
+   * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against.
+   * Not yet implemented for JavaScript.
+   */
+  predicate matchesAnySuffix(RegExpTerm term);
+
+  /**
+   * Holds if `term` is an escape class representing e.g. `\d`.
+   * `clazz` is which character class it represents, e.g. "d" for `\d`.
+   */
+  predicate isEscapeClass(RegExpTerm term, string clazz);
+
+  /**
+   * Holds if `root` has the `i` flag for case-insensitive matching.
+   */
+  predicate isIgnoreCase(RegExpTerm root);
+
+  /**
+   * Holds if `root` has the `s` flag for multi-line matching.
+   */
+  predicate isDotAll(RegExpTerm root);
+}
diff --git a/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll b/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll
new file mode 100644
index 00000000000..c9c254fe990
--- /dev/null
+++ b/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll
@@ -0,0 +1,177 @@
+/**
+ * Provides predicates for reasoning about bad tag filter vulnerabilities.
+ */
+
+private import NfaUtils as NfaUtils
+private import RegexpMatching as RM
+private import codeql.regex.RegexTreeView
+
+/**
+ * Module implementing classes and predicates reasoing about bad tag filter vulnerabilities.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+  import RM::Make<TreeImpl>
+
+  /**
+   * Holds if the regexp `root` should be tested against `str`.
+   * Implements the `isRegexpMatchingCandidateSig` signature from `RegexpMatching`.
+   * `ignorePrefix` toggles whether the regular expression should be treated as accepting any prefix if it's unanchored.
+   * `testWithGroups` toggles whether it's tested which groups are filled by a given input string.
+   */
+  private predicate isBadTagFilterCandidate(
+    RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
+  ) {
+    // the regexp must mention "<" and ">" explicitly.
+    forall(string angleBracket | angleBracket = ["<", ">"] |
+      any(RegExpConstant term | term.getValue().matches("%" + angleBracket + "%")).getRootTerm() =
+        root
+    ) and
+    ignorePrefix = true and
+    (
+      str = ["<!-- foo -->", "<!-- foo --!>", "<!- foo ->", "<foo>", "<script>"] and
+      testWithGroups = true
+      or
+      str =
+        [
+          "<!-- foo -->", "<!- foo ->", "<!-- foo --!>", "<!-- foo\n -->", "<script>foo</script>",
+          "<script \n>foo</script>", "<script >foo\n</script>", "<foo ></foo>", "<foo>",
+          "<foo src=\"foo\"></foo>", "<script>", "<script src=\"foo\"></script>",
+          "<script src='foo'></script>", "<SCRIPT>foo</SCRIPT>", "<script\tsrc=\"foo\"/>",
+          "<script\tsrc='foo'></script>", "<sCrIpT>foo</ScRiPt>",
+          "<script src=\"foo\">foo</script >", "<script src=\"foo\">foo</script foo=\"bar\">",
+          "<script src=\"foo\">foo</script\t\n bar>"
+        ] and
+      testWithGroups = false
+    )
+  }
+
+  /**
+   * A regexp that matches some string from the `isBadTagFilterCandidate` predicate.
+   */
+  class HtmlMatchingRegExp instanceof RootTerm {
+    HtmlMatchingRegExp() { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, _) }
+
+    /** Holds if this regexp matched `str`, where `str` is one of the string from `isBadTagFilterCandidate`. */
+    predicate matches(string str) { RegexpMatching<isBadTagFilterCandidate/4>::matches(this, str) }
+
+    /** Holds if this regexp fills capture group `g' when matching `str', where `str` is one of the string from `isBadTagFilterCandidate`. */
+    predicate fillsCaptureGroup(string str, int g) {
+      RegexpMatching<isBadTagFilterCandidate/4>::fillsCaptureGroup(this, str, g)
+    }
+
+    /** Gets a string representation of this term. */
+    string toString() { result = super.toString() }
+
+    /** Holds if this term has the specified location. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+
+  /**
+   * Holds if `regexp` matches some HTML tags, but misses some HTML tags that it should match.
+   *
+   * When adding a new case to this predicate, make sure the test string used in `matches(..)` calls are present in `HTMLMatchingRegExp::test` / `HTMLMatchingRegExp::testWithGroups`.
+   */
+  predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
+    // CVE-2021-33829 - matching both "<!-- foo -->" and "<!-- foo --!>", but in different capture groups
+    regexp.matches("<!-- foo -->") and
+    regexp.matches("<!-- foo --!>") and
+    exists(int a, int b | a != b |
+      regexp.fillsCaptureGroup("<!-- foo -->", a) and
+      // <!-- foo --> might be ambiguously parsed (matching both capture groups), and that is ok here.
+      regexp.fillsCaptureGroup("<!-- foo --!>", b) and
+      not regexp.fillsCaptureGroup("<!-- foo --!>", a) and
+      msg =
+        "Comments ending with --> are matched differently from comments ending with --!>. The first is matched with capture group "
+          + a + " and comments ending with --!> are matched with capture group " +
+          strictconcat(int i | regexp.fillsCaptureGroup("<!-- foo --!>", i) | i.toString(), ", ") +
+          "."
+    )
+    or
+    // CVE-2020-17480 - matching "<!-- foo -->" and other tags, but not "<!-- foo --!>".
+    exists(int group, int other |
+      group != other and
+      regexp.fillsCaptureGroup("<!-- foo -->", group) and
+      regexp.fillsCaptureGroup("<foo>", other) and
+      not regexp.matches("<!-- foo --!>") and
+      not regexp.fillsCaptureGroup("<!-- foo -->", any(int i | i != group)) and
+      not regexp.fillsCaptureGroup("<!- foo ->", group) and
+      not regexp.fillsCaptureGroup("<foo>", group) and
+      not regexp.fillsCaptureGroup("<script>", group) and
+      msg =
+        "This regular expression only parses --> (capture group " + group +
+          ") and not --!> as an HTML comment end tag."
+    )
+    or
+    regexp.matches("<!-- foo -->") and
+    not regexp.matches("<!-- foo\n -->") and
+    not regexp.matches("<!- foo ->") and
+    not regexp.matches("<foo>") and
+    not regexp.matches("<script>") and
+    msg = "This regular expression does not match comments containing newlines."
+    or
+    regexp.matches("<script>foo</script>") and
+    regexp.matches("<script src=\"foo\"></script>") and
+    not regexp.matches("<foo ></foo>") and
+    (
+      not regexp.matches("<script \n>foo</script>") and
+      msg = "This regular expression matches <script></script>, but not <script \\n></script>"
+      or
+      not regexp.matches("<script >foo\n</script>") and
+      msg = "This regular expression matches <script>...</script>, but not <script >...\\n</script>"
+    )
+    or
+    regexp.matches("<script>foo</script>") and
+    regexp.matches("<script src=\"foo\"></script>") and
+    not regexp.matches("<script src='foo'></script>") and
+    not regexp.matches("<foo>") and
+    msg =
+      "This regular expression does not match script tags where the attribute uses single-quotes."
+    or
+    regexp.matches("<script>foo</script>") and
+    regexp.matches("<script src='foo'></script>") and
+    not regexp.matches("<script src=\"foo\"></script>") and
+    not regexp.matches("<foo>") and
+    msg =
+      "This regular expression does not match script tags where the attribute uses double-quotes."
+    or
+    regexp.matches("<script>foo</script>") and
+    regexp.matches("<script src='foo'></script>") and
+    not regexp.matches("<script\tsrc='foo'></script>") and
+    not regexp.matches("<foo>") and
+    not regexp.matches("<foo src=\"foo\"></foo>") and
+    msg =
+      "This regular expression does not match script tags where tabs are used between attributes."
+    or
+    regexp.matches("<script>foo</script>") and
+    not isIgnoreCase(regexp) and
+    not regexp.matches("<foo>") and
+    not regexp.matches("<foo ></foo>") and
+    (
+      not regexp.matches("<SCRIPT>foo</SCRIPT>") and
+      msg = "This regular expression does not match upper case <SCRIPT> tags."
+      or
+      not regexp.matches("<sCrIpT>foo</ScRiPt>") and
+      regexp.matches("<SCRIPT>foo</SCRIPT>") and
+      msg = "This regular expression does not match mixed case <sCrIpT> tags."
+    )
+    or
+    regexp.matches("<script src=\"foo\"></script>") and
+    not regexp.matches("<foo>") and
+    not regexp.matches("<foo ></foo>") and
+    (
+      not regexp.matches("<script src=\"foo\">foo</script >") and
+      msg = "This regular expression does not match script end tags like </script >."
+      or
+      not regexp.matches("<script src=\"foo\">foo</script foo=\"bar\">") and
+      msg = "This regular expression does not match script end tags like </script foo=\"bar\">."
+      or
+      not regexp.matches("<script src=\"foo\">foo</script\t\n bar>") and
+      msg = "This regular expression does not match script end tags like </script\\t\\n bar>."
+    )
+  }
+}
diff --git a/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll b/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll
new file mode 100644
index 00000000000..a2a35298b37
--- /dev/null
+++ b/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll
@@ -0,0 +1,355 @@
+/**
+ * This library implements the analysis described in the following two papers:
+ *
+ *   James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for
+ *     Regular Expression Denial-of-Service Attacks. NSS 2013.
+ *     (http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf)
+ *   Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression
+ *     Exponential Runtime via Substructural Logics. 2014.
+ *     (https://www.cs.bham.ac.uk/~hxt/research/redos_full.pdf)
+ *
+ * The basic idea is to search for overlapping cycles in the NFA, that is,
+ * states `q` such that there are two distinct paths from `q` to itself
+ * that consume the same word `w`.
+ *
+ * For any such state `q`, an attack string can be constructed as follows:
+ * concatenate a prefix `v` that takes the NFA to `q` with `n` copies of
+ * the word `w` that leads back to `q` along two different paths, followed
+ * by a suffix `x` that is _not_ accepted in state `q`. A backtracking
+ * implementation will need to explore at least 2^n different ways of going
+ * from `q` back to itself while trying to match the `n` copies of `w`
+ * before finally giving up.
+ *
+ * Now in order to identify overlapping cycles, all we have to do is find
+ * pumpable forks, that is, states `q` that can transition to two different
+ * states `r1` and `r2` on the same input symbol `c`, such that there are
+ * paths from both `r1` and `r2` to `q` that consume the same word. The latter
+ * condition is equivalent to saying that `(q, q)` is reachable from `(r1, r2)`
+ * in the product NFA.
+ *
+ * This is what the library does. It makes a simple attempt to construct a
+ * prefix `v` leading into `q`, but only to improve the alert message.
+ * And the library tries to prove the existence of a suffix that ensures
+ * rejection. This check might fail, which can cause false positives.
+ *
+ * Finally, sometimes it depends on the translation whether the NFA generated
+ * for a regular expression has a pumpable fork or not. We implement one
+ * particular translation, which may result in false positives or negatives
+ * relative to some particular JavaScript engine.
+ *
+ * More precisely, the library constructs an NFA from a regular expression `r`
+ * as follows:
+ *
+ *   * Every sub-term `t` gives rise to an NFA state `Match(t,i)`, representing
+ *     the state of the automaton before attempting to match the `i`th character in `t`.
+ *   * There is one accepting state `Accept(r)`.
+ *   * There is a special `AcceptAnySuffix(r)` state, which accepts any suffix string
+ *     by using an epsilon transition to `Accept(r)` and an any transition to itself.
+ *   * Transitions between states may be labelled with epsilon, or an abstract
+ *     input symbol.
+ *   * Each abstract input symbol represents a set of concrete input characters:
+ *     either a single character, a set of characters represented by a
+ *     character class, or the set of all characters.
+ *   * The product automaton is constructed lazily, starting with pair states
+ *     `(q, q)` where `q` is a fork, and proceeding along an over-approximate
+ *     step relation.
+ *   * The over-approximate step relation allows transitions along pairs of
+ *     abstract input symbols where the symbols have overlap in the characters they accept.
+ *   * Once a trace of pairs of abstract input symbols that leads from a fork
+ *     back to itself has been identified, we attempt to construct a concrete
+ *     string corresponding to it, which may fail.
+ *   * Lastly we ensure that any state reached by repeating `n` copies of `w` has
+ *     a suffix `x` (possible empty) that is most likely __not__ accepted.
+ */
+
+private import NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+
+/**
+ * A parameterized module implementing the analysis described in the above papers.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+  import NfaUtils::Make<TreeImpl>
+
+  /**
+   * Holds if state `s` might be inside a backtracking repetition.
+   */
+  pragma[noinline]
+  private predicate stateInsideBacktracking(State s) {
+    s.getRepr().getParent*() instanceof MaybeBacktrackingRepetition
+  }
+
+  /**
+   * A infinitely repeating quantifier that might backtrack.
+   */
+  private class MaybeBacktrackingRepetition instanceof InfiniteRepetitionQuantifier {
+    MaybeBacktrackingRepetition() {
+      exists(RegExpTerm child |
+        child instanceof RegExpAlt or
+        child instanceof RegExpQuantifier
+      |
+        child.getParent+() = this
+      )
+    }
+
+    string toString() { result = this.(InfiniteRepetitionQuantifier).toString() }
+  }
+
+  /**
+   * A state in the product automaton.
+   */
+  private newtype TStatePair =
+    /**
+     * We lazily only construct those states that we are actually
+     * going to need: `(q, q)` for every fork state `q`, and any
+     * pair of states that can be reached from a pair that we have
+     * already constructed. To cut down on the number of states,
+     * we only represent states `(q1, q2)` where `q1` is lexicographically
+     * no bigger than `q2`.
+     *
+     * States are only constructed if both states in the pair are
+     * inside a repetition that might backtrack.
+     */
+    MkStatePair(State q1, State q2) {
+      isFork(q1, _, _, _, _) and q2 = q1
+      or
+      (step(_, _, _, q1, q2) or step(_, _, _, q2, q1)) and
+      rankState(q1) <= rankState(q2)
+    }
+
+  /**
+   * Gets a unique number for a `state`.
+   * Is used to create an ordering of states, where states with the same `toString()` will be ordered differently.
+   */
+  private int rankState(State state) {
+    state =
+      rank[result](State s |
+        stateInsideBacktracking(s)
+      |
+        s order by getTermLocationString(s.getRepr())
+      )
+  }
+
+  /**
+   * A state in the product automaton.
+   */
+  private class StatePair extends TStatePair {
+    State q1;
+    State q2;
+
+    StatePair() { this = MkStatePair(q1, q2) }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = "(" + q1 + ", " + q2 + ")" }
+
+    /** Gets the first component of the state pair. */
+    State getLeft() { result = q1 }
+
+    /** Gets the second component of the state pair. */
+    State getRight() { result = q2 }
+  }
+
+  /**
+   * Holds for `(fork, fork)` state pairs when `isFork(fork, _, _, _, _)` holds.
+   *
+   * Used in `statePairDistToFork`
+   */
+  private predicate isStatePairFork(StatePair p) {
+    exists(State fork | p = MkStatePair(fork, fork) and isFork(fork, _, _, _, _))
+  }
+
+  /**
+   * Holds if there are transitions from the components of `q` to the corresponding
+   * components of `r`.
+   *
+   * Used in `statePairDistToFork`
+   */
+  private predicate reverseStep(StatePair r, StatePair q) { step(q, _, _, r) }
+
+  /**
+   * Gets the minimum length of a path from `q` to `r` in the
+   * product automaton.
+   */
+  private int statePairDistToFork(StatePair q, StatePair r) =
+    shortestDistances(isStatePairFork/1, reverseStep/2)(r, q, result)
+
+  /**
+   * Holds if there are transitions from `q` to `r1` and from `q` to `r2`
+   * labelled with `s1` and `s2`, respectively, where `s1` and `s2` do not
+   * trivially have an empty intersection.
+   *
+   * This predicate only holds for states associated with regular expressions
+   * that have at least one repetition quantifier in them (otherwise the
+   * expression cannot be vulnerable to ReDoS attacks anyway).
+   */
+  pragma[noopt]
+  private predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
+    stateInsideBacktracking(q) and
+    exists(State q1, State q2 |
+      q1 = epsilonSucc*(q) and
+      delta(q1, s1, r1) and
+      q2 = epsilonSucc*(q) and
+      delta(q2, s2, r2) and
+      // Use pragma[noopt] to prevent intersect(s1,s2) from being the starting point of the join.
+      // From (s1,s2) it would find a huge number of intermediate state pairs (q1,q2) originating from different literals,
+      // and discover at the end that no `q` can reach both `q1` and `q2` by epsilon transitions.
+      exists(intersect(s1, s2))
+    |
+      s1 != s2
+      or
+      r1 != r2
+      or
+      r1 = r2 and q1 != q2
+      or
+      // If q can reach itself by epsilon transitions, then there are two distinct paths to the q1/q2 state:
+      // one that uses the loop and one that doesn't. The engine will separately attempt to match with each path,
+      // despite ending in the same state. The "fork" thus arises from the choice of whether to use the loop or not.
+      // To avoid every state in the loop becoming a fork state,
+      // we arbitrarily pick the InfiniteRepetitionQuantifier state as the canonical fork state for the loop
+      // (every epsilon-loop must contain such a state).
+      //
+      // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
+      // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
+      // The below code is therefore a heuristic, that only flags regular expressions such as `/(a*)*b/`,
+      // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
+      r1 = r2 and
+      q1 = q2 and
+      epsilonSucc+(q) = q and
+      exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and
+      // One of the mid states is an infinite quantifier itself
+      exists(State mid, RegExpTerm term |
+        mid = epsilonSucc+(q) and
+        term = mid.getRepr() and
+        term instanceof InfiniteRepetitionQuantifier and
+        q = epsilonSucc+(mid) and
+        not mid = q
+      )
+    ) and
+    stateInsideBacktracking(r1) and
+    stateInsideBacktracking(r2)
+  }
+
+  /**
+   * Gets the state pair `(q1, q2)` or `(q2, q1)`; note that only
+   * one or the other is defined.
+   */
+  private StatePair mkStatePair(State q1, State q2) {
+    result = MkStatePair(q1, q2) or result = MkStatePair(q2, q1)
+  }
+
+  /**
+   * Holds if there are transitions from the components of `q` to the corresponding
+   * components of `r` labelled with `s1` and `s2`, respectively.
+   */
+  private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, StatePair r) {
+    exists(State r1, State r2 | step(q, s1, s2, r1, r2) and r = mkStatePair(r1, r2))
+  }
+
+  /**
+   * Holds if there are transitions from the components of `q` to `r1` and `r2`
+   * labelled with `s1` and `s2`, respectively.
+   *
+   * We only consider transitions where the resulting states `(r1, r2)` are both
+   * inside a repetition that might backtrack.
+   */
+  pragma[noopt]
+  private predicate step(StatePair q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
+    exists(State q1, State q2 | q.getLeft() = q1 and q.getRight() = q2 |
+      deltaClosed(q1, s1, r1) and
+      deltaClosed(q2, s2, r2) and
+      // use noopt to force the join on `intersect` to happen last.
+      exists(intersect(s1, s2))
+    ) and
+    stateInsideBacktracking(r1) and
+    stateInsideBacktracking(r2)
+  }
+
+  private newtype TTrace =
+    Nil() or
+    Step(InputSymbol s1, InputSymbol s2, TTrace t) { isReachableFromFork(_, _, s1, s2, t, _) }
+
+  /**
+   * A list of pairs of input symbols that describe a path in the product automaton
+   * starting from some fork state.
+   */
+  private class Trace extends TTrace {
+    /** Gets a textual representation of this element. */
+    string toString() {
+      this = Nil() and result = "Nil()"
+      or
+      exists(InputSymbol s1, InputSymbol s2, Trace t | this = Step(s1, s2, t) |
+        result = "Step(" + s1 + ", " + s2 + ", " + t + ")"
+      )
+    }
+  }
+
+  /**
+   * Holds if `r` is reachable from `(fork, fork)` under input `w`, and there is
+   * a path from `r` back to `(fork, fork)` with `rem` steps.
+   */
+  private predicate isReachableFromFork(State fork, StatePair r, Trace w, int rem) {
+    exists(InputSymbol s1, InputSymbol s2, Trace v |
+      isReachableFromFork(fork, r, s1, s2, v, rem) and
+      w = Step(s1, s2, v)
+    )
+  }
+
+  private predicate isReachableFromFork(
+    State fork, StatePair r, InputSymbol s1, InputSymbol s2, Trace v, int rem
+  ) {
+    // base case
+    exists(State q1, State q2 |
+      isFork(fork, s1, s2, q1, q2) and
+      r = MkStatePair(q1, q2) and
+      v = Nil() and
+      rem = statePairDistToFork(r, MkStatePair(fork, fork))
+    )
+    or
+    // recursive case
+    exists(StatePair p |
+      isReachableFromFork(fork, p, v, rem + 1) and
+      step(p, s1, s2, r) and
+      rem = statePairDistToFork(r, MkStatePair(fork, fork))
+    )
+  }
+
+  /**
+   * Gets a state in the product automaton from which `(fork, fork)` is
+   * reachable in zero or more epsilon transitions.
+   */
+  private StatePair getAForkPair(State fork) {
+    isFork(fork, _, _, _, _) and
+    result = MkStatePair(epsilonPred*(fork), epsilonPred*(fork))
+  }
+
+  /** An implementation of a chain containing chars for use by `Concretizer`. */
+  private module CharTreeImpl implements CharTree {
+    class CharNode = Trace;
+
+    CharNode getPrev(CharNode t) { t = Step(_, _, result) }
+
+    /** Holds if `n` is a trace that is used by `concretize` in `isPumpable`. */
+    predicate isARelevantEnd(CharNode n) {
+      exists(State f | isReachableFromFork(f, getAForkPair(f), n, _))
+    }
+
+    string getChar(CharNode t) {
+      exists(InputSymbol s1, InputSymbol s2 | t = Step(s1, s2, _) | result = intersect(s1, s2))
+    }
+  }
+
+  /**
+   * Holds if `fork` is a pumpable fork with word `w`.
+   */
+  private predicate isPumpable(State fork, string w) {
+    exists(StatePair q, Trace t |
+      isReachableFromFork(fork, q, t, _) and
+      q = getAForkPair(fork) and
+      w = Concretizer<CharTreeImpl>::concretize(t)
+    )
+  }
+
+  /** Holds if `state` has exponential ReDoS */
+  predicate hasReDoSResult = ReDoSPruning<isPumpable/2>::hasReDoSResult/4;
+}
diff --git a/shared/regex/codeql/regex/nfa/NfaUtils.qll b/shared/regex/codeql/regex/nfa/NfaUtils.qll
new file mode 100644
index 00000000000..cb5091c40aa
--- /dev/null
+++ b/shared/regex/codeql/regex/nfa/NfaUtils.qll
@@ -0,0 +1,1382 @@
+/**
+ * A shared library for creating and reasoning about NFA's.
+ */
+
+private import codeql.regex.RegexTreeView
+
+/**
+ * Classes and predicates that create an NFA and various algorithms for working with it.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+
+  /**
+   * Gets the char after `c` (from a simplified ASCII table).
+   */
+  private string nextChar(string c) {
+    exists(int code | code = ascii(c) | code + 1 = ascii(result))
+  }
+
+  /**
+   * Gets an approximation for the ASCII code for `char`.
+   * Only the easily printable chars are included (so no newline, tab, null, etc).
+   */
+  private int ascii(string char) {
+    char =
+      rank[result](string c |
+        c =
+          "! \"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
+              .charAt(_)
+      )
+  }
+
+  /**
+   * Holds if `t` matches at least an epsilon symbol.
+   *
+   * That is, this term does not restrict the language of the enclosing regular expression.
+   *
+   * This is implemented as an under-approximation, and this predicate does not hold for sub-patterns in particular.
+   */
+  predicate matchesEpsilon(RegExpTerm t) {
+    t instanceof RegExpStar
+    or
+    t instanceof RegExpOpt
+    or
+    t.(RegExpRange).getLowerBound() = 0
+    or
+    exists(RegExpTerm child |
+      child = t.getAChild() and
+      matchesEpsilon(child)
+    |
+      t instanceof RegExpAlt or
+      t instanceof RegExpGroup or
+      t instanceof RegExpPlus or
+      t instanceof RegExpRange
+    )
+    or
+    matchesEpsilon(t.(RegExpBackRef).getGroup())
+    or
+    forex(RegExpTerm child | child = t.(RegExpSequence).getAChild() | matchesEpsilon(child))
+  }
+
+  /**
+   * A lookahead/lookbehind that matches the empty string.
+   */
+  class EmptyPositiveSubPattern instanceof RegExpSubPattern {
+    EmptyPositiveSubPattern() {
+      (
+        this instanceof RegExpPositiveLookahead
+        or
+        this instanceof RegExpPositiveLookbehind
+      ) and
+      matchesEpsilon(this.getOperand())
+    }
+
+    /** Gets a string representation of this sub-pattern. */
+    string toString() { result = super.toString() }
+  }
+
+  /** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
+  deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
+
+  /**
+   * A branch in a disjunction that is the root node in a literal, or a literal
+   * whose root node is not a disjunction.
+   */
+  class RegExpRoot instanceof RegExpTerm {
+    RegExpRoot() {
+      exists(RegExpParent parent |
+        exists(RegExpAlt alt |
+          alt.isRootTerm() and
+          this = alt.getAChild() and
+          parent = alt.getParent()
+        )
+        or
+        this.isRootTerm() and
+        not this instanceof RegExpAlt and
+        parent = this.getParent()
+      )
+    }
+
+    /**
+     * Holds if this root term is relevant to the ReDoS analysis.
+     */
+    predicate isRelevant() {
+      // is actually used as a RegExp
+      super.isUsedAsRegExp() and
+      // not excluded for library specific reasons
+      not isExcluded(super.getRootTerm().getParent())
+    }
+
+    /** Gets a string representation of this root term. */
+    string toString() { result = this.(RegExpTerm).toString() }
+
+    /** Gets the outermost term of this regular expression. */
+    RegExpTerm getRootTerm() { result = super.getRootTerm() }
+  }
+
+  /**
+   * A constant in a regular expression that represents valid Unicode character(s).
+   */
+  private class RegexpCharacterConstant instanceof RegExpConstant {
+    RegexpCharacterConstant() { this.isCharacter() }
+
+    string toString() { result = this.(RegExpConstant).toString() }
+
+    RegExpTerm getRootTerm() { result = this.(RegExpConstant).getRootTerm() }
+
+    string getValue() { result = this.(RegExpConstant).getValue() }
+  }
+
+  /**
+   * A regexp term that is relevant for this ReDoS analysis.
+   */
+  class RelevantRegExpTerm instanceof RegExpTerm {
+    RelevantRegExpTerm() { getRoot(this).isRelevant() }
+
+    /** Gets a string representation of this term. */
+    string toString() { result = super.toString() }
+
+    /** Gets the raw source text of this term. */
+    string getRawValue() { result = super.getRawValue() }
+
+    /** Gets the outermost term of this regular expression. */
+    RegExpTerm getRootTerm() { result = super.getRootTerm() }
+  }
+
+  /**
+   * Gets a string for the full location of `t`.
+   */
+  string getTermLocationString(RegExpTerm t) {
+    exists(string file, int startLine, int startColumn, int endLine, int endColumn |
+      t.hasLocationInfo(file, startLine, startColumn, endLine, endColumn) and
+      result = file + ":" + startLine + ":" + startColumn + "-" + endLine + ":" + endColumn
+    )
+  }
+
+  /**
+   * Holds if `term` is the chosen canonical representative for all terms with string representation `str`.
+   * The string representation includes which flags are used with the regular expression.
+   *
+   * Using canonical representatives gives a huge performance boost when working with tuples containing multiple `InputSymbol`s.
+   * The number of `InputSymbol`s is decreased by 3 orders of magnitude or more in some larger benchmarks.
+   */
+  private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
+    term =
+      min(RelevantRegExpTerm t |
+        str = getCanonicalizationString(t)
+      |
+        t order by getTermLocationString(t), t.toString()
+      )
+  }
+
+  /**
+   * Gets a string representation of `term` that is used for canonicalization.
+   */
+  private string getCanonicalizationString(RelevantRegExpTerm term) {
+    exists(string ignoreCase |
+      (if isIgnoreCase(term.getRootTerm()) then ignoreCase = "i" else ignoreCase = "") and
+      result = term.getRawValue() + "|" + ignoreCase
+    )
+  }
+
+  /**
+   * An abstract input symbol, representing a set of concrete characters.
+   */
+  private newtype TInputSymbol =
+    /** An input symbol corresponding to character `c`. */
+    Char(string c) {
+      c =
+        any(RegexpCharacterConstant cc |
+          cc instanceof RelevantRegExpTerm and
+          not isIgnoreCase(cc.getRootTerm())
+        ).getValue().charAt(_)
+      or
+      // normalize everything to lower case if the regexp is case insensitive
+      c =
+        any(RegexpCharacterConstant cc, string char |
+          cc instanceof RelevantRegExpTerm and
+          isIgnoreCase(cc.getRootTerm()) and
+          char = cc.getValue().charAt(_)
+        |
+          char.toLowerCase()
+        )
+    } or
+    /**
+     * An input symbol representing all characters matched by
+     * a (non-universal) character class that has string representation `charClassString`.
+     */
+    CharClass(string charClassString) {
+      exists(RelevantRegExpTerm recc | isCanonicalTerm(recc, charClassString) |
+        recc instanceof RegExpCharacterClass and
+        not recc.(RegExpCharacterClass).isUniversalClass()
+        or
+        isEscapeClass(recc, _)
+      )
+    } or
+    /** An input symbol representing all characters matched by `.`. */
+    Dot() or
+    /** An input symbol representing all characters. */
+    Any() or
+    /** An epsilon transition in the automaton. */
+    Epsilon()
+
+  /**
+   * Gets the the CharClass corresponding to the canonical representative `term`.
+   */
+  private CharClass getCharClassForCanonicalTerm(RegExpTerm term) {
+    exists(string str | isCanonicalTerm(term, str) | result = CharClass(str))
+  }
+
+  /**
+   * Gets a char class that represents `term`, even when `term` is not the canonical representative.
+   */
+  CharacterClass getCanonicalCharClass(RegExpTerm term) {
+    exists(string str | str = getCanonicalizationString(term) and result = CharClass(str))
+  }
+
+  /**
+   * Holds if `a` and `b` are input symbols from the same regexp.
+   */
+  private predicate sharesRoot(InputSymbol a, InputSymbol b) {
+    exists(RegExpRoot root |
+      belongsTo(a, root) and
+      belongsTo(b, root)
+    )
+  }
+
+  /**
+   * Holds if the `a` is an input symbol from a regexp that has root `root`.
+   */
+  private predicate belongsTo(InputSymbol a, RegExpRoot root) {
+    exists(State s | getRoot(s.getRepr()) = root |
+      delta(s, a, _)
+      or
+      delta(_, a, s)
+    )
+  }
+
+  /**
+   * An abstract input symbol, representing a set of concrete characters.
+   */
+  class InputSymbol extends TInputSymbol {
+    InputSymbol() { not this instanceof Epsilon }
+
+    /**
+     * Gets a string representation of this input symbol.
+     */
+    string toString() {
+      this = Char(result)
+      or
+      this = CharClass(result)
+      or
+      this = Dot() and result = "."
+      or
+      this = Any() and result = "[^]"
+    }
+  }
+
+  /**
+   * An abstract input symbol that represents a character class.
+   */
+  abstract class CharacterClass extends InputSymbol {
+    /**
+     * Gets a character that is relevant for intersection-tests involving this
+     * character class.
+     *
+     * Specifically, this is any of the characters mentioned explicitly in the
+     * character class, offset by one if it is inverted. For character class escapes,
+     * the result is as if the class had been written out as a series of intervals.
+     *
+     * This set is large enough to ensure that for any two intersecting character
+     * classes, one contains a relevant character from the other.
+     */
+    abstract string getARelevantChar();
+
+    /**
+     * Holds if this character class matches `char`.
+     */
+    bindingset[char]
+    abstract predicate matches(string char);
+
+    /**
+     * Gets a character matched by this character class.
+     */
+    string choose() { result = this.getARelevantChar() and this.matches(result) }
+  }
+
+  /**
+   * Provides implementations for `CharacterClass`.
+   */
+  private module CharacterClasses {
+    /**
+     * Holds if the character class `cc` has a child (constant or range) that matches `char`.
+     */
+    pragma[noinline]
+    predicate hasChildThatMatches(RegExpCharacterClass cc, string char) {
+      if isIgnoreCase(cc.getRootTerm())
+      then
+        // normalize everything to lower case if the regexp is case insensitive
+        exists(string c | hasChildThatMatchesIgnoringCasingFlags(cc, c) | char = c.toLowerCase())
+      else hasChildThatMatchesIgnoringCasingFlags(cc, char)
+    }
+
+    /**
+     * Holds if the character class `cc` has a child (constant or range) that matches `char`.
+     * Ignores whether the character class is inside a regular expression that has the ignore case flag.
+     */
+    pragma[noinline]
+    predicate hasChildThatMatchesIgnoringCasingFlags(RegExpCharacterClass cc, string char) {
+      exists(getCharClassForCanonicalTerm(cc)) and
+      exists(RegExpTerm child | child = cc.getAChild() |
+        char = child.(RegexpCharacterConstant).getValue()
+        or
+        rangeMatchesOnLetterOrDigits(child, char)
+        or
+        not rangeMatchesOnLetterOrDigits(child, _) and
+        char = getARelevantChar() and
+        exists(string lo, string hi | child.(RegExpCharacterRange).isRange(lo, hi) |
+          lo <= char and
+          char <= hi
+        )
+        or
+        exists(string charClass | isEscapeClass(child, charClass) |
+          charClass.toLowerCase() = charClass and
+          classEscapeMatches(charClass, char)
+          or
+          char = getARelevantChar() and
+          charClass.toUpperCase() = charClass and
+          not classEscapeMatches(charClass, char)
+        )
+      )
+    }
+
+    /**
+     * Holds if `range` is a range on lower-case, upper-case, or digits, and matches `char`.
+     * This predicate is used to restrict the searchspace for ranges by only joining `getAnyPossiblyMatchedChar`
+     * on a few ranges.
+     */
+    private predicate rangeMatchesOnLetterOrDigits(RegExpCharacterRange range, string char) {
+      exists(string lo, string hi |
+        range.isRange(lo, hi) and lo = lowercaseLetter() and hi = lowercaseLetter()
+      |
+        lo <= char and
+        char <= hi and
+        char = lowercaseLetter()
+      )
+      or
+      exists(string lo, string hi |
+        range.isRange(lo, hi) and lo = upperCaseLetter() and hi = upperCaseLetter()
+      |
+        lo <= char and
+        char <= hi and
+        char = upperCaseLetter()
+      )
+      or
+      exists(string lo, string hi | range.isRange(lo, hi) and lo = digit() and hi = digit() |
+        lo <= char and
+        char <= hi and
+        char = digit()
+      )
+    }
+
+    private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }
+
+    private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }
+
+    private string digit() { result = [0 .. 9].toString() }
+
+    /**
+     * Gets a char that could be matched by a regular expression.
+     * Includes all printable ascii chars, all constants mentioned in a regexp, and all chars matches by the regexp `/\s|\d|\w/`.
+     */
+    string getARelevantChar() {
+      exists(ascii(result))
+      or
+      exists(RegexpCharacterConstant c | result = c.getValue().charAt(_))
+      or
+      classEscapeMatches(_, result)
+    }
+
+    /**
+     * Gets a char that is mentioned in the character class `c`.
+     */
+    private string getAMentionedChar(RegExpCharacterClass c) {
+      exists(RegExpTerm child | child = c.getAChild() |
+        result = child.(RegexpCharacterConstant).getValue()
+        or
+        child.(RegExpCharacterRange).isRange(result, _)
+        or
+        child.(RegExpCharacterRange).isRange(_, result)
+        or
+        exists(string charClass | isEscapeClass(child, charClass) |
+          result = min(string s | classEscapeMatches(charClass.toLowerCase(), s))
+          or
+          result = max(string s | classEscapeMatches(charClass.toLowerCase(), s))
+        )
+      )
+    }
+
+    bindingset[char, cc]
+    private string caseNormalize(string char, RegExpTerm cc) {
+      if isIgnoreCase(cc.getRootTerm()) then result = char.toLowerCase() else result = char
+    }
+
+    /**
+     * An implementation of `CharacterClass` for positive (non inverted) character classes.
+     */
+    private class PositiveCharacterClass extends CharacterClass {
+      RegExpCharacterClass cc;
+
+      PositiveCharacterClass() { this = getCharClassForCanonicalTerm(cc) and not cc.isInverted() }
+
+      override string getARelevantChar() { result = caseNormalize(getAMentionedChar(cc), cc) }
+
+      override predicate matches(string char) { hasChildThatMatches(cc, char) }
+    }
+
+    /**
+     * An implementation of `CharacterClass` for inverted character classes.
+     */
+    private class InvertedCharacterClass extends CharacterClass {
+      RegExpCharacterClass cc;
+
+      InvertedCharacterClass() { this = getCharClassForCanonicalTerm(cc) and cc.isInverted() }
+
+      override string getARelevantChar() {
+        result = nextChar(caseNormalize(getAMentionedChar(cc), cc)) or
+        nextChar(result) = caseNormalize(getAMentionedChar(cc), cc)
+      }
+
+      bindingset[char]
+      override predicate matches(string char) { not hasChildThatMatches(cc, char) }
+    }
+
+    /**
+     * Holds if the character class escape `clazz` (\d, \s, or \w) matches `char`.
+     */
+    pragma[noinline]
+    private predicate classEscapeMatches(string clazz, string char) {
+      clazz = "d" and
+      char = "0123456789".charAt(_)
+      or
+      clazz = "s" and
+      char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f
+      or
+      clazz = "w" and
+      char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)
+    }
+
+    /**
+     * An implementation of `CharacterClass` for \d, \s, and \w.
+     */
+    private class PositiveCharacterClassEscape extends CharacterClass {
+      string charClass;
+      RegExpTerm cc;
+
+      PositiveCharacterClassEscape() {
+        isEscapeClass(cc, charClass) and
+        this = getCharClassForCanonicalTerm(cc) and
+        charClass = ["d", "s", "w"]
+      }
+
+      override string getARelevantChar() {
+        charClass = "d" and
+        result = ["0", "9"]
+        or
+        charClass = "s" and
+        result = " "
+        or
+        charClass = "w" and
+        if isIgnoreCase(cc.getRootTerm())
+        then result = ["a", "z", "_", "0", "9"]
+        else result = ["a", "Z", "_", "0", "9"]
+      }
+
+      override predicate matches(string char) { classEscapeMatches(charClass, char) }
+
+      override string choose() {
+        charClass = "d" and
+        result = "9"
+        or
+        charClass = "s" and
+        result = " "
+        or
+        charClass = "w" and
+        result = "a"
+      }
+    }
+
+    /**
+     * An implementation of `CharacterClass` for \D, \S, and \W.
+     */
+    private class NegativeCharacterClassEscape extends CharacterClass {
+      string charClass;
+
+      NegativeCharacterClassEscape() {
+        exists(RegExpTerm cc |
+          isEscapeClass(cc, charClass) and
+          this = getCharClassForCanonicalTerm(cc) and
+          charClass = ["D", "S", "W"]
+        )
+      }
+
+      override string getARelevantChar() {
+        charClass = "D" and
+        result = ["a", "Z", "!"]
+        or
+        charClass = "S" and
+        result = ["a", "9", "!"]
+        or
+        charClass = "W" and
+        result = [" ", "!"]
+      }
+
+      bindingset[char]
+      override predicate matches(string char) {
+        not classEscapeMatches(charClass.toLowerCase(), char)
+      }
+    }
+
+    /** Gets a representative for all char classes that match the same chars as `c`. */
+    CharacterClass normalize(CharacterClass c) {
+      exists(string normalization |
+        normalization = getNormalizationString(c) and
+        result =
+          min(CharacterClass cc, string raw |
+            getNormalizationString(cc) = normalization and cc = CharClass(raw)
+          |
+            cc order by raw
+          )
+      )
+    }
+
+    /** Gets a string representing all the chars matched by `c` */
+    private string getNormalizationString(CharacterClass c) {
+      (c instanceof PositiveCharacterClass or c instanceof PositiveCharacterClassEscape) and
+      result = concat(string char | c.matches(char) and char = CharacterClasses::getARelevantChar())
+      or
+      (c instanceof InvertedCharacterClass or c instanceof NegativeCharacterClassEscape) and
+      // the string produced by the concat can not contain repeated chars
+      // so by starting the below with "nn" we can guarantee that
+      // it will not overlap with the above case.
+      // and a negative char class can never match the same chars as a positive one, so we don't miss any results from this.
+      result =
+        "nn:" +
+          concat(string char | not c.matches(char) and char = CharacterClasses::getARelevantChar())
+    }
+  }
+
+  private class EdgeLabel extends TInputSymbol {
+    string toString() {
+      this = Epsilon() and result = ""
+      or
+      exists(InputSymbol s | this = s and result = s.toString())
+    }
+  }
+
+  /**
+   * A RegExp term that acts like a plus.
+   * Either it's a RegExpPlus, or it is a range {1,X} where X is >= 30.
+   * 30 has been chosen as a threshold because for exponential blowup 2^30 is enough to get a decent DOS attack.
+   */
+  private class EffectivelyPlus instanceof RegExpTerm {
+    EffectivelyPlus() {
+      this instanceof RegExpPlus
+      or
+      exists(RegExpRange range |
+        range.getLowerBound() = 1 and
+        (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
+      |
+        this = range
+      )
+    }
+
+    string toString() { result = this.(RegExpTerm).toString() }
+
+    RegExpTerm getAChild() { result = this.(RegExpTerm).getChild(_) }
+
+    RegExpTerm getChild(int i) { result = this.(RegExpTerm).getChild(i) }
+  }
+
+  /**
+   * A RegExp term that acts like a star.
+   * Either it's a RegExpStar, or it is a range {0,X} where X is >= 30.
+   */
+  private class EffectivelyStar instanceof RegExpTerm {
+    EffectivelyStar() {
+      this instanceof RegExpStar
+      or
+      exists(RegExpRange range |
+        range.getLowerBound() = 0 and
+        (range.getUpperBound() >= 30 or not exists(range.getUpperBound()))
+      |
+        this = range
+      )
+    }
+
+    string toString() { result = this.(RegExpTerm).toString() }
+
+    RegExpTerm getAChild() { result = this.(RegExpTerm).getAChild() }
+
+    RegExpTerm getChild(int i) { result = this.(RegExpTerm).getChild(i) }
+  }
+
+  /**
+   * A RegExp term that acts like a question mark.
+   * Either it's a RegExpQuestion, or it is a range {0,1}.
+   */
+  private class EffectivelyQuestion instanceof RegExpTerm {
+    EffectivelyQuestion() {
+      this instanceof RegExpOpt
+      or
+      exists(RegExpRange range | range.getLowerBound() = 0 and range.getUpperBound() = 1 |
+        this = range
+      )
+    }
+
+    string toString() { result = this.(RegExpTerm).toString() }
+
+    RegExpTerm getAChild() { result = this.(RegExpTerm).getAChild() }
+
+    RegExpTerm getChild(int i) { result = this.(RegExpTerm).getChild(i) }
+  }
+
+  /**
+   * Gets the state before matching `t`.
+   */
+  pragma[inline]
+  private State before(RegExpTerm t) { result = Match(t, 0) }
+
+  /**
+   * Gets a state the NFA may be in after matching `t`.
+   */
+  State after(RegExpTerm t) {
+    exists(RegExpAlt alt | t = alt.getAChild() | result = after(alt))
+    or
+    exists(RegExpSequence seq, int i | t = seq.getChild(i) |
+      result = before(seq.getChild(i + 1))
+      or
+      i + 1 = seq.getNumChild() and result = after(seq)
+    )
+    or
+    exists(RegExpGroup grp | t = grp.getAChild() | result = after(grp))
+    or
+    exists(EffectivelyStar star | t = star.getAChild() |
+      not isPossessive(star) and
+      result = before(star)
+    )
+    or
+    exists(EffectivelyPlus plus | t = plus.getAChild() |
+      not isPossessive(plus) and
+      result = before(plus)
+      or
+      result = after(plus)
+    )
+    or
+    exists(EffectivelyQuestion opt | t = opt.getAChild() | result = after(opt))
+    or
+    exists(RegExpRoot root | t = root |
+      if matchesAnySuffix(root) then result = AcceptAnySuffix(root) else result = Accept(root)
+    )
+  }
+
+  /**
+   * Holds if the NFA has a transition from `q1` to `q2` labelled with `lbl`.
+   */
+  predicate delta(State q1, EdgeLabel lbl, State q2) {
+    exists(RegexpCharacterConstant s, int i |
+      q1 = Match(s, i) and
+      (
+        not isIgnoreCase(s.getRootTerm()) and
+        lbl = Char(s.getValue().charAt(i))
+        or
+        // normalize everything to lower case if the regexp is case insensitive
+        isIgnoreCase(s.getRootTerm()) and
+        exists(string c | c = s.getValue().charAt(i) | lbl = Char(c.toLowerCase()))
+      ) and
+      (
+        q2 = Match(s, i + 1)
+        or
+        s.getValue().length() = i + 1 and
+        q2 = after(s)
+      )
+    )
+    or
+    exists(RegExpDot dot | q1 = before(dot) and q2 = after(dot) |
+      if isDotAll(dot.getRootTerm()) then lbl = Any() else lbl = Dot()
+    )
+    or
+    exists(RegExpCharacterClass cc |
+      cc.isUniversalClass() and q1 = before(cc) and lbl = Any() and q2 = after(cc)
+      or
+      q1 = before(cc) and
+      lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
+      q2 = after(cc)
+    )
+    or
+    exists(RegExpTerm cc | isEscapeClass(cc, _) |
+      q1 = before(cc) and
+      lbl = CharacterClasses::normalize(CharClass(getCanonicalizationString(cc))) and
+      q2 = after(cc)
+    )
+    or
+    exists(RegExpAlt alt | lbl = Epsilon() | q1 = before(alt) and q2 = before(alt.getAChild()))
+    or
+    exists(RegExpSequence seq | lbl = Epsilon() | q1 = before(seq) and q2 = before(seq.getChild(0)))
+    or
+    exists(RegExpGroup grp | lbl = Epsilon() | q1 = before(grp) and q2 = before(grp.getChild(0)))
+    or
+    exists(EffectivelyStar star | lbl = Epsilon() |
+      q1 = before(star) and q2 = before(star.getChild(0))
+      or
+      q1 = before(star) and q2 = after(star)
+    )
+    or
+    exists(EffectivelyPlus plus | lbl = Epsilon() |
+      q1 = before(plus) and q2 = before(plus.getChild(0))
+    )
+    or
+    exists(EffectivelyQuestion opt | lbl = Epsilon() |
+      q1 = before(opt) and q2 = before(opt.getChild(0))
+      or
+      q1 = before(opt) and q2 = after(opt)
+    )
+    or
+    exists(RegExpRoot root | q1 = AcceptAnySuffix(root) |
+      lbl = Any() and q2 = q1
+      or
+      lbl = Epsilon() and q2 = Accept(root)
+    )
+    or
+    exists(RegExpRoot root | q1 = Match(root, 0) |
+      matchesAnyPrefix(root) and lbl = Any() and q2 = q1
+    )
+    or
+    exists(RegExpDollar dollar | q1 = before(dollar) |
+      lbl = Epsilon() and q2 = Accept(getRoot(dollar))
+    )
+    or
+    exists(EmptyPositiveSubPattern empty | q1 = before(empty) |
+      lbl = Epsilon() and q2 = after(empty)
+    )
+  }
+
+  /**
+   * Gets a state that `q` has an epsilon transition to.
+   */
+  State epsilonSucc(State q) { delta(q, Epsilon(), result) }
+
+  /**
+   * Gets a state that has an epsilon transition to `q`.
+   */
+  State epsilonPred(State q) { q = epsilonSucc(result) }
+
+  /**
+   * Holds if there is a state `q` that can be reached from `q1`
+   * along epsilon edges, such that there is a transition from
+   * `q` to `q2` that consumes symbol `s`.
+   */
+  predicate deltaClosed(State q1, InputSymbol s, State q2) { delta(epsilonSucc*(q1), s, q2) }
+
+  /**
+   * Gets the root containing the given term, that is, the root of the literal,
+   * or a branch of the root disjunction.
+   */
+  RegExpRoot getRoot(RegExpTerm term) {
+    result = term or
+    result = getRoot(term.getParent())
+  }
+
+  /**
+   * A state in the NFA.
+   */
+  newtype TState =
+    /**
+     * A state representing that the NFA is about to match a term.
+     * `i` is used to index into multi-char literals.
+     */
+    Match(RelevantRegExpTerm t, int i) {
+      i = 0
+      or
+      exists(t.(RegexpCharacterConstant).getValue().charAt(i))
+    } or
+    /**
+     * An accept state, where exactly the given input string is accepted.
+     */
+    Accept(RegExpRoot l) { l.isRelevant() } or
+    /**
+     * An accept state, where the given input string, or any string that has this
+     * string as a prefix, is accepted.
+     */
+    AcceptAnySuffix(RegExpRoot l) { l.isRelevant() }
+
+  /**
+   * Gets a state that is about to match the regular expression `t`.
+   */
+  State mkMatch(RegExpTerm t) { result = Match(t, 0) }
+
+  /**
+   * A state in the NFA corresponding to a regular expression.
+   *
+   * Each regular expression literal `l` has one accepting state
+   * `Accept(l)`, one state that accepts all suffixes `AcceptAnySuffix(l)`,
+   * and a state `Match(t, i)` for every subterm `t`,
+   * which represents the state of the NFA before starting to
+   * match `t`, or the `i`th character in `t` if `t` is a constant.
+   */
+  class State extends TState {
+    RegExpTerm repr;
+
+    State() {
+      this = Match(repr, _) or
+      this = Accept(repr) or
+      this = AcceptAnySuffix(repr)
+    }
+
+    /**
+     * Gets a string representation for this state in a regular expression.
+     */
+    string toString() {
+      exists(int i | this = Match(repr, i) | result = "Match(" + repr + "," + i + ")")
+      or
+      this instanceof Accept and
+      result = "Accept(" + repr + ")"
+      or
+      this instanceof AcceptAnySuffix and
+      result = "AcceptAny(" + repr + ")"
+    }
+
+    /**
+     * Gets the term represented by this state.
+     */
+    RegExpTerm getRepr() { result = repr }
+  }
+
+  /**
+   * Gets the minimum char that is matched by both the character classes `c` and `d`.
+   */
+  private string getMinOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
+    result = min(getAOverlapBetweenCharacterClasses(c, d))
+  }
+
+  /**
+   * Gets a char that is matched by both the character classes `c` and `d`.
+   * And `c` and `d` is not the same character class.
+   */
+  private string getAOverlapBetweenCharacterClasses(CharacterClass c, CharacterClass d) {
+    sharesRoot(c, d) and
+    result = [c.getARelevantChar(), d.getARelevantChar()] and
+    c.matches(result) and
+    d.matches(result) and
+    not c = d
+  }
+
+  /**
+   * Gets a character that is represented by both `c` and `d`.
+   */
+  string intersect(InputSymbol c, InputSymbol d) {
+    (sharesRoot(c, d) or [c, d] = Any()) and
+    (
+      c = Char(result) and
+      d = getAnInputSymbolMatching(result)
+      or
+      result = getMinOverlapBetweenCharacterClasses(c, d)
+      or
+      result = c.(CharacterClass).choose() and
+      (
+        d = c
+        or
+        d = Dot() and
+        not (result = "\n" or result = "\r")
+        or
+        d = Any()
+      )
+      or
+      (c = Dot() or c = Any()) and
+      (d = Dot() or d = Any()) and
+      result = "a"
+    )
+    or
+    result = intersect(d, c)
+  }
+
+  /**
+   * Gets a symbol that matches `char`.
+   */
+  bindingset[char]
+  InputSymbol getAnInputSymbolMatching(string char) {
+    result = Char(char)
+    or
+    result.(CharacterClass).matches(char)
+    or
+    result = Dot() and
+    not (char = "\n" or char = "\r")
+    or
+    result = Any()
+  }
+
+  /**
+   * Holds if `state` is a start state.
+   */
+  predicate isStartState(State state) {
+    state = mkMatch(any(RegExpRoot r))
+    or
+    exists(RegExpCaret car | state = after(car))
+  }
+
+  /**
+   * Holds if `state` is a candidate for ReDoS with string `pump`.
+   */
+  signature predicate isCandidateSig(State state, string pump);
+
+  /**
+   * Holds if `state` is a candidate for ReDoS.
+   */
+  signature predicate isCandidateSig(State state);
+
+  /**
+   * Predicates for constructing a prefix string that leads to a given state.
+   */
+  module PrefixConstruction<isCandidateSig/1 isCandidate> {
+    /**
+     * Holds if `state` is the textually last start state for the regular expression.
+     */
+    private predicate lastStartState(RelevantState state) {
+      exists(RegExpRoot root |
+        state =
+          max(RelevantState s |
+            isStartState(s) and
+            getRoot(s.getRepr()) = root
+          |
+            s order by getTermLocationString(s.getRepr()), s.getRepr().toString()
+          )
+      )
+    }
+
+    /**
+     * Holds if there exists any transition (Epsilon() or other) from `a` to `b`.
+     */
+    private predicate existsTransition(State a, State b) { delta(a, _, b) }
+
+    /**
+     * Gets the minimum number of transitions it takes to reach `state` from the `start` state.
+     */
+    int prefixLength(State start, State state) =
+      shortestDistances(lastStartState/1, existsTransition/2)(start, state, result)
+
+    /**
+     * Gets the minimum number of transitions it takes to reach `state` from the start state.
+     */
+    private int lengthFromStart(State state) { result = prefixLength(_, state) }
+
+    /**
+     * Gets a string for which the regular expression will reach `state`.
+     *
+     * Has at most one result for any given `state`.
+     * This predicate will not always have a result even if there is a ReDoS issue in
+     * the regular expression.
+     */
+    string prefix(State state) {
+      lastStartState(state) and
+      result = ""
+      or
+      // the search stops past the last redos candidate state.
+      lengthFromStart(state) <= max(lengthFromStart(any(State s | isCandidate(s)))) and
+      exists(State prev |
+        // select a unique predecessor (by an arbitrary measure)
+        prev =
+          min(State s |
+            lengthFromStart(s) = lengthFromStart(state) - 1 and
+            delta(s, _, state)
+          |
+            s order by getTermLocationString(s.getRepr()), s.getRepr().toString()
+          )
+      |
+        // greedy search for the shortest prefix
+        result = prefix(prev) and delta(prev, Epsilon(), state)
+        or
+        not delta(prev, Epsilon(), state) and
+        result = prefix(prev) + getCanonicalEdgeChar(prev, state)
+      )
+    }
+
+    /**
+     * Gets a canonical char for which there exists a transition from `prev` to `next` in the NFA.
+     */
+    private string getCanonicalEdgeChar(State prev, State next) {
+      result =
+        min(string c | delta(prev, any(InputSymbol symbol | c = intersect(Any(), symbol)), next))
+    }
+
+    /** A state within a regular expression that contains a candidate state. */
+    class RelevantState instanceof State {
+      RelevantState() {
+        exists(State s | isCandidate(s) | getRoot(s.getRepr()) = getRoot(this.getRepr()))
+      }
+
+      /** Gets a string representation for this state in a regular expression. */
+      string toString() { result = State.super.toString() }
+
+      /** Gets the term represented by this state. */
+      RegExpTerm getRepr() { result = State.super.getRepr() }
+    }
+  }
+
+  /**
+   * A module for pruning candidate ReDoS states.
+   * The candidates are specified by the `isCandidate` signature predicate.
+   * The candidates are checked for rejecting suffixes and deduplicated,
+   * and the resulting ReDoS states are read by the `hasReDoSResult` predicate.
+   */
+  module ReDoSPruning<isCandidateSig/2 isCandidate> {
+    /**
+     * Holds if repeating `pump` starting at `state` is a candidate for causing backtracking.
+     * No check whether a rejected suffix exists has been made.
+     */
+    private predicate isReDoSCandidate(State state, string pump) {
+      isCandidate(state, pump) and
+      not state = acceptsAnySuffix() and // pruning early - these can never get stuck in a rejecting state.
+      (
+        not isCandidate(epsilonSucc+(state), _)
+        or
+        epsilonSucc+(state) = state and
+        state =
+          max(State s |
+            s = epsilonSucc+(state) and
+            isCandidate(s, _) and
+            s.getRepr() instanceof InfiniteRepetitionQuantifier
+          |
+            s order by getTermLocationString(s.getRepr()), s.getRepr().toString()
+          )
+      )
+    }
+
+    /** Gets a state that can reach the `accept-any` state using only epsilon steps. */
+    private State acceptsAnySuffix() { epsilonSucc*(result) = AcceptAnySuffix(_) }
+
+    private predicate isCandidateState(State s) { isReDoSCandidate(s, _) }
+
+    import PrefixConstruction<isCandidateState/1> as Prefix
+
+    class RelevantState = Prefix::RelevantState;
+
+    /**
+     * Predicates for testing the presence of a rejecting suffix.
+     *
+     * These predicates are used to ensure that the all states reached from the fork
+     * by repeating `w` have a rejecting suffix.
+     *
+     * For example, a regexp like `/^(a+)+/` will accept any string as long the prefix is
+     * some number of `"a"`s, and it is therefore not possible to construct a rejecting suffix.
+     *
+     * A regexp like `/(a+)+$/` or `/(a+)+b/` trivially has a rejecting suffix,
+     * as the suffix "X" will cause both the regular expressions to be rejected.
+     *
+     * The string `w` is repeated any number of times because it needs to be
+     * infinitely repeatable for the attack to work.
+     * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
+     * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
+     */
+    private module SuffixConstruction {
+      /**
+       * Holds if all states reachable from `fork` by repeating `w`
+       * are likely rejectable by appending some suffix.
+       */
+      predicate reachesOnlyRejectableSuffixes(State fork, string w) {
+        isReDoSCandidate(fork, w) and
+        forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
+        not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
+      }
+
+      /**
+       * Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
+       * This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
+       */
+      pragma[noinline]
+      private predicate isLikelyRejectable(RelevantState s) {
+        // exists a reject edge with some char.
+        hasRejectEdge(s)
+        or
+        hasEdgeToLikelyRejectable(s)
+        or
+        // stopping here is rejection
+        isRejectState(s)
+      }
+
+      /**
+       * Holds if `s` is not an accept state, and there is no epsilon transition to an accept state.
+       */
+      predicate isRejectState(RelevantState s) { not epsilonSucc*(s) = Accept(_) }
+
+      /**
+       * Holds if there is likely a non-empty suffix leading to rejection starting in `s`.
+       */
+      pragma[noopt]
+      predicate hasEdgeToLikelyRejectable(RelevantState s) {
+        // all edges (at least one) with some char leads to another state that is rejectable.
+        // the `next` states might not share a common suffix, which can cause FPs.
+        exists(string char | char = hasEdgeToLikelyRejectableHelper(s) |
+          // noopt to force `hasEdgeToLikelyRejectableHelper` to be first in the join-order.
+          exists(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next)) and
+          forall(State next | deltaClosedChar(s, char, next) | isLikelyRejectable(next))
+        )
+      }
+
+      /**
+       * Gets a char for there exists a transition away from `s`,
+       * and `s` has not been found to be rejectable by `hasRejectEdge` or `isRejectState`.
+       */
+      pragma[noinline]
+      private string hasEdgeToLikelyRejectableHelper(RelevantState s) {
+        not hasRejectEdge(s) and
+        not isRejectState(s) and
+        deltaClosedChar(s, result, _)
+      }
+
+      /**
+       * Holds if there is a state `next` that can be reached from `prev`
+       * along epsilon edges, such that there is a transition from
+       * `prev` to `next` that the character symbol `char`.
+       */
+      predicate deltaClosedChar(RelevantState prev, string char, RelevantState next) {
+        deltaClosed(prev, getAnInputSymbolMatchingRelevant(char), next)
+      }
+
+      pragma[noinline]
+      InputSymbol getAnInputSymbolMatchingRelevant(string char) {
+        char = relevant(_) and
+        result = getAnInputSymbolMatching(char)
+      }
+
+      pragma[noinline]
+      RegExpRoot relevantRoot() {
+        exists(RegExpTerm term, State s |
+          s.getRepr() = term and isCandidateState(s) and result = term.getRootTerm()
+        )
+      }
+
+      /**
+       * Gets a char used for finding possible suffixes inside `root`.
+       */
+      pragma[noinline]
+      private string relevant(RegExpRoot root) {
+        root = relevantRoot() and
+        (
+          exists(ascii(result)) and exists(root)
+          or
+          exists(InputSymbol s | belongsTo(s, root) | result = intersect(s, _))
+          or
+          // The characters from `hasSimpleRejectEdge`. Only `\n` is really needed (as `\n` is not in the `ascii` relation).
+          // The three chars must be kept in sync with `hasSimpleRejectEdge`.
+          result = ["|", "\n", "Z"] and exists(root)
+        )
+      }
+
+      /**
+       * Holds if there exists a `char` such that there is no edge from `s` labeled `char` in our NFA.
+       * The NFA does not model reject states, so the above is the same as saying there is a reject edge.
+       */
+      private predicate hasRejectEdge(State s) {
+        hasSimpleRejectEdge(s)
+        or
+        not hasSimpleRejectEdge(s) and
+        exists(string char | char = relevant(getRoot(s.getRepr())) |
+          not deltaClosedChar(s, char, _)
+        )
+      }
+
+      /**
+       * Holds if there is no edge from `s` labeled with "|", "\n", or "Z" in our NFA.
+       * This predicate is used as a cheap pre-processing to speed up `hasRejectEdge`.
+       */
+      private predicate hasSimpleRejectEdge(State s) {
+        // The three chars were chosen arbitrarily. The three chars must be kept in sync with `relevant`.
+        exists(string char | char = ["|", "\n", "Z"] | not deltaClosedChar(s, char, _))
+      }
+
+      /**
+       * Gets a state that can be reached from pumpable `fork` consuming all
+       * chars in `w` any number of times followed by the first `i+1` characters of `w`.
+       */
+      pragma[noopt]
+      private State process(State fork, string w, int i) {
+        exists(State prev | prev = getProcessPrevious(fork, i, w) |
+          not prev = acceptsAnySuffix() and // we stop `process(..)` early if we can. If the successor accepts any suffix, then we know it can never be rejected.
+          exists(string char, InputSymbol sym |
+            char = w.charAt(i) and
+            deltaClosed(prev, sym, result) and
+            // noopt to prevent joining `prev` with all possible `chars` that could transition away from `prev`.
+            // Instead only join with the set of `chars` where a relevant `InputSymbol` has already been found.
+            sym = getAProcessInputSymbol(char)
+          )
+        )
+      }
+
+      /**
+       * Gets a state that can be reached from pumpable `fork` consuming all
+       * chars in `w` any number of times followed by the first `i` characters of `w`.
+       */
+      private State getProcessPrevious(State fork, int i, string w) {
+        isReDoSCandidate(fork, w) and
+        (
+          i = 0 and result = fork
+          or
+          result = process(fork, w, i - 1)
+          or
+          // repeat until fixpoint
+          i = 0 and
+          result = process(fork, w, w.length() - 1)
+        )
+      }
+
+      /**
+       * Gets an InputSymbol that matches `char`.
+       * The predicate is specialized to only have a result for the `char`s that are relevant for the `process` predicate.
+       */
+      private InputSymbol getAProcessInputSymbol(string char) {
+        char = getAProcessChar() and
+        result = getAnInputSymbolMatching(char)
+      }
+
+      /**
+       * Gets a `char` that occurs in a `pump` string.
+       */
+      private string getAProcessChar() { result = any(string s | isReDoSCandidate(_, s)).charAt(_) }
+    }
+
+    /**
+     * Holds if `term` may cause superlinear backtracking on strings containing many repetitions of `pump`.
+     * Gets the shortest string that causes superlinear backtracking.
+     */
+    private predicate isReDoSAttackable(RegExpTerm term, string pump, State s) {
+      exists(int i, string c | s = Match(term, i) |
+        c =
+          min(string w |
+            isCandidate(s, w) and
+            SuffixConstruction::reachesOnlyRejectableSuffixes(s, w)
+          |
+            w order by w.length(), w
+          ) and
+        pump = escape(rotate(c, i))
+      )
+    }
+
+    /**
+     * Holds if the state `s` (represented by the term `t`) can have backtracking with repetitions of `pump`.
+     *
+     * `prefixMsg` contains a friendly message for a prefix that reaches `s` (or `prefixMsg` is the empty string if the prefix is empty or if no prefix could be found).
+     */
+    predicate hasReDoSResult(RegExpTerm t, string pump, State s, string prefixMsg) {
+      isReDoSAttackable(t, pump, s) and
+      (
+        prefixMsg = "starting with '" + escape(Prefix::prefix(s)) + "' and " and
+        not Prefix::prefix(s) = ""
+        or
+        Prefix::prefix(s) = "" and prefixMsg = ""
+        or
+        not exists(Prefix::prefix(s)) and prefixMsg = ""
+      )
+    }
+
+    /**
+     * Gets the result of backslash-escaping newlines, carriage-returns and
+     * backslashes in `s`.
+     */
+    bindingset[s]
+    private string escape(string s) {
+      result =
+        s.replaceAll("\\", "\\\\")
+            .replaceAll("\n", "\\n")
+            .replaceAll("\r", "\\r")
+            .replaceAll("\t", "\\t")
+    }
+
+    /**
+     * Gets `str` with the last `i` characters moved to the front.
+     *
+     * We use this to adjust the pump string to match with the beginning of
+     * a RegExpTerm, so it doesn't start in the middle of a constant.
+     */
+    bindingset[str, i]
+    private string rotate(string str, int i) {
+      result = str.suffix(str.length() - i) + str.prefix(str.length() - i)
+    }
+  }
+
+  /**
+   * A module that describes a tree where each node has one or more associated characters, also known as a trie.
+   * The root node has no associated character.
+   * This module is a signature used in `Concretizer`.
+   */
+  signature module CharTree {
+    /** A node in the tree. */
+    class CharNode;
+
+    /** Gets the previous node in the tree from `t`. */
+    CharNode getPrev(CharNode t);
+
+    /**
+     * Holds if `n` is at the end of a tree. I.e. a node that should have a result in the `Concretizer` module.
+     * Such a node can still have children.
+     */
+    predicate isARelevantEnd(CharNode n);
+
+    /** Gets a char associated with `t`. */
+    string getChar(CharNode t);
+  }
+
+  /**
+   * Implements an algorithm for computing all possible strings
+   * from following a tree of nodes (as described in `CharTree`).
+   *
+   * The string is build using one big concat, where all the chars are computed first.
+   * See `concretize`.
+   */
+  module Concretizer<CharTree Impl> {
+    private class Node = Impl::CharNode;
+
+    private predicate getPrev = Impl::getPrev/1;
+
+    private predicate isARelevantEnd = Impl::isARelevantEnd/1;
+
+    private predicate getChar = Impl::getChar/1;
+
+    /** Holds if `n` is on a path from the root to a leaf, and is therefore relevant for the results in `concretize`. */
+    private predicate isRelevant(Node n) {
+      isARelevantEnd(n)
+      or
+      exists(Node succ | isRelevant(succ) | n = getPrev(succ))
+    }
+
+    /** Holds if `n` is a root with no predecessors. */
+    private predicate isRoot(Node n) { not exists(getPrev(n)) }
+
+    /** Gets the distance from a root to `n`. */
+    private int nodeDepth(Node n) {
+      result = 0 and isRoot(n)
+      or
+      isRelevant(n) and
+      exists(Node prev | result = nodeDepth(prev) + 1 | prev = getPrev(n))
+    }
+
+    /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
+    private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }
+
+    /** Gets the `i`th character on the path from the root to `n`. */
+    pragma[noinline]
+    private string getPrefixChar(Node n, int i) {
+      exists(Node ancestor |
+        result = getChar(ancestor) and
+        ancestor = getAnAncestor(n) and
+        i = nodeDepth(ancestor)
+      )
+    }
+
+    /** Gets a string corresponding to `node`. */
+    language[monotonicAggregates]
+    string concretize(Node n) {
+      result = strictconcat(int i | exists(getPrefixChar(n, i)) | getPrefixChar(n, i) order by i)
+    }
+  }
+}
diff --git a/shared/regex/codeql/regex/nfa/RegexpMatching.qll b/shared/regex/codeql/regex/nfa/RegexpMatching.qll
new file mode 100644
index 00000000000..e4d5f4667eb
--- /dev/null
+++ b/shared/regex/codeql/regex/nfa/RegexpMatching.qll
@@ -0,0 +1,176 @@
+/**
+ * Provides predicates for reasoning about which strings are matched by a regular expression,
+ * and for testing which capture groups are filled when a particular regexp matches a string.
+ */
+
+private import NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+
+/**
+ * A parameterized module implementing the analysis described in the above papers.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+  import NfaUtils::Make<TreeImpl>
+
+  /** A root term */
+  class RootTerm instanceof RegExpTerm {
+    RootTerm() { this.isRootTerm() }
+
+    /** Gets a string representation of this term. */
+    string toString() { result = super.toString() }
+
+    /** Holds if this term has the specified location. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+
+  /**
+   * Holds if it should be tested whether `root` matches `str`.
+   *
+   * If `ignorePrefix` is true, then a regexp without a start anchor will be treated as if it had a start anchor.
+   * E.g. a regular expression `/foo$/` will match any string that ends with "foo",
+   * but if `ignorePrefix` is true, it will only match "foo".
+   *
+   * If `testWithGroups` is true, then the `RegexpMatching::fillsCaptureGroup` predicate can be used to determine which capture
+   * groups are filled by a string.
+   */
+  signature predicate isRegexpMatchingCandidateSig(
+    RootTerm root, string str, boolean ignorePrefix, boolean testWithGroups
+  );
+
+  /**
+   * A module for determining if a regexp matches a given string,
+   * and reasoning about which capture groups are filled by a given string.
+   *
+   * The module parameter `isCandidate` determines which strings should be tested,
+   * and the results can be read from the `matches` and `fillsCaptureGroup` predicates.
+   */
+  module RegexpMatching<isRegexpMatchingCandidateSig/4 isCandidate> {
+    /**
+     * Gets a state the regular expression `reg` can be in after matching the `i`th char in `str`.
+     * The regular expression is modeled as a non-determistic finite automaton,
+     * the regular expression can therefore be in multiple states after matching a character.
+     *
+     * It's a forward search to all possible states, and there is thus no guarantee that the state is on a path to an accepting state.
+     */
+    private State getAState(RootTerm reg, int i, string str, boolean ignorePrefix) {
+      // start state, the -1 position before any chars have been matched
+      i = -1 and
+      isCandidate(reg, str, ignorePrefix, _) and
+      result.getRepr().getRootTerm() = reg and
+      isStartState(result)
+      or
+      // recursive case
+      result = getAStateAfterMatching(reg, _, str, i, _, ignorePrefix)
+    }
+
+    /**
+     * Gets the next state after the `prev` state from `reg`.
+     * `prev` is the state after matching `fromIndex` chars in `str`,
+     * and the result is the state after matching `toIndex` chars in `str`.
+     *
+     * This predicate is used as a step relation in the forwards search (`getAState`),
+     * and also as a step relation in the later backwards search (`getAStateThatReachesAccept`).
+     */
+    private State getAStateAfterMatching(
+      RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
+    ) {
+      // the basic recursive case - outlined into a noopt helper to make performance work out.
+      result = getAStateAfterMatchingAux(reg, prev, str, toIndex, fromIndex, ignorePrefix)
+      or
+      // we can skip past word boundaries if the next char is a non-word char.
+      fromIndex = toIndex and
+      prev.getRepr() instanceof RegExpWordBoundary and
+      prev = getAState(reg, toIndex, str, ignorePrefix) and
+      after(prev.getRepr()) = result and
+      str.charAt(toIndex + 1).regexpMatch("\\W") // \W matches any non-word char.
+    }
+
+    pragma[noopt]
+    private State getAStateAfterMatchingAux(
+      RootTerm reg, State prev, string str, int toIndex, int fromIndex, boolean ignorePrefix
+    ) {
+      prev = getAState(reg, fromIndex, str, ignorePrefix) and
+      fromIndex = toIndex - 1 and
+      exists(string char | char = str.charAt(toIndex) | specializedDeltaClosed(prev, char, result)) and
+      not discardedPrefixStep(prev, result, ignorePrefix)
+    }
+
+    /** Holds if a step from `prev` to `next` should be discarded when the `ignorePrefix` flag is set. */
+    private predicate discardedPrefixStep(State prev, State next, boolean ignorePrefix) {
+      prev = mkMatch(any(RegExpRoot r)) and
+      ignorePrefix = true and
+      next = prev
+    }
+
+    // The `deltaClosed` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
+    private predicate specializedDeltaClosed(State prev, string char, State next) {
+      deltaClosed(prev, specializedGetAnInputSymbolMatching(char), next)
+    }
+
+    // The `getAnInputSymbolMatching` relation specialized to the chars that exists in strings tested by a `MatchedRegExp`.
+    pragma[noinline]
+    private InputSymbol specializedGetAnInputSymbolMatching(string char) {
+      exists(string s, RootTerm r | isCandidate(r, s, _, _) | char = s.charAt(_)) and
+      result = getAnInputSymbolMatching(char)
+    }
+
+    /**
+     * Gets the `i`th state on a path to the accepting state when `reg` matches `str`.
+     * Starts with an accepting state as found by `getAState` and searches backwards
+     * to the start state through the reachable states (as found by `getAState`).
+     *
+     * This predicate satisfies the invariant that the result state can be reached with `i` steps from a start state,
+     * and an accepting state can be found after (`str.length() - 1 - i`) steps from the result.
+     * The result state is therefore always on a valid path where `reg` accepts `str`.
+     *
+     * This predicate is only used to find which capture groups a regular expression has filled,
+     * and thus the search is only performed for the strings in the `testWithGroups(..)` predicate.
+     */
+    private State getAStateThatReachesAccept(RootTerm reg, int i, string str, boolean ignorePrefix) {
+      // base case, reaches an accepting state from the last state in `getAState(..)`
+      isCandidate(reg, str, ignorePrefix, true) and
+      i = str.length() - 1 and
+      result = getAState(reg, i, str, ignorePrefix) and
+      epsilonSucc*(result) = Accept(_)
+      or
+      // recursive case. `next` is the next state to be matched after matching `prev`.
+      // this predicate is doing a backwards search, so `prev` is the result we are looking for.
+      exists(State next, State prev, int fromIndex, int toIndex |
+        next = getAStateThatReachesAccept(reg, toIndex, str, ignorePrefix) and
+        next = getAStateAfterMatching(reg, prev, str, toIndex, fromIndex, ignorePrefix) and
+        i = fromIndex and
+        result = prev
+      )
+    }
+
+    /** Gets the capture group number that `term` belongs to. */
+    private int group(RegExpTerm term) {
+      exists(RegExpGroup grp | grp.getNumber() = result | term.getParent*() = grp)
+    }
+
+    /**
+     * Holds if `reg` matches `str`, where `str` is in the `isCandidate` predicate.
+     */
+    predicate matches(RootTerm reg, string str) {
+      exists(State state | state = getAState(reg, str.length() - 1, str, _) |
+        epsilonSucc*(state) = Accept(_)
+      )
+    }
+
+    /**
+     * Holds if matching `str` against `reg` may fill capture group number `g`.
+     * Only holds if `str` is in the `testWithGroups` predicate.
+     */
+    predicate fillsCaptureGroup(RootTerm reg, string str, int g) {
+      exists(State s |
+        s = getAStateThatReachesAccept(reg, _, str, _) and
+        g = group(s.getRepr())
+      )
+    }
+  }
+}
diff --git a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll
new file mode 100644
index 00000000000..efe5beb3b4a
--- /dev/null
+++ b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll
@@ -0,0 +1,440 @@
+/**
+ * This module implements the analysis described in the paper:
+ *   Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
+ *     Static Detection of DoS Vulnerabilities in
+ *     Programs that use Regular Expressions
+ *     (Extended Version).
+ *   (https://arxiv.org/pdf/1701.04045.pdf)
+ *
+ * Theorem 3 from the paper describes the basic idea.
+ *
+ * The following explains the idea using variables and predicate names that are used in the implementation:
+ * We consider a pair of repetitions, which we will call `pivot` and `succ`.
+ *
+ * We create a product automaton of 3-tuples of states (see `StateTuple`).
+ * There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton
+ * iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three
+ * transitions all match a shared character `char`. (see `getAThreewayIntersect`)
+ *
+ * We start a search in the product automaton at `(pivot, pivot, succ)`,
+ * and search for a series of transitions (a `Trace`), such that we end
+ * at `(pivot, succ, succ)` (see `isReachableFromStartTuple`).
+ *
+ * For example, consider the regular expression `/^\d*5\w*$/`.
+ * The search will start at the tuple `(\d*, \d*, \w*)` and search
+ * for a path to `(\d*, \w*, \w*)`.
+ * This path exists, and consists of a single transition in the product automaton,
+ * where the three corresponding NFA edges all match the character `"5"`.
+ *
+ * The start-state in the NFA has an any-transition to itself, this allows us to
+ * flag regular expressions such as `/a*$/` - which does not have a start anchor -
+ * and can thus start matching anywhere.
+ *
+ * The implementation is not perfect.
+ * It has the same suffix detection issue as the `js/redos` query, which can cause false positives.
+ * It also doesn't find all transitions in the product automaton, which can cause false negatives.
+ */
+
+private import NfaUtils as NfaUtils
+private import codeql.regex.RegexTreeView
+
+/**
+ * A parameterized module implementing the analysis described in the above papers.
+ */
+module Make<RegexTreeViewSig TreeImpl> {
+  private import TreeImpl
+  import NfaUtils::Make<TreeImpl>
+
+  /**
+   * Gets any root (start) state of a regular expression.
+   */
+  private State getRootState() { result = mkMatch(any(RegExpRoot r)) }
+
+  private newtype TStateTuple =
+    MkStateTuple(State q1, State q2, State q3) {
+      // starts at (pivot, pivot, succ)
+      isStartLoops(q1, q3) and q1 = q2
+      or
+      step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3)
+    }
+
+  /**
+   * A state in the product automaton.
+   * The product automaton contains 3-tuples of states.
+   *
+   * We lazily only construct those states that we are actually
+   * going to need.
+   * Either a start state `(pivot, pivot, succ)`, or a state
+   * where there exists a transition from an already existing state.
+   *
+   * The exponential variant of this query (`js/redos`) uses an optimization
+   * trick where `q1 <= q2`. This trick cannot be used here as the order
+   * of the elements matter.
+   */
+  class StateTuple extends TStateTuple {
+    State q1;
+    State q2;
+    State q3;
+
+    StateTuple() { this = MkStateTuple(q1, q2, q3) }
+
+    /**
+     * Gest a string representation of this tuple.
+     */
+    string toString() { result = "(" + q1 + ", " + q2 + ", " + q3 + ")" }
+
+    /**
+     * Holds if this tuple is `(r1, r2, r3)`.
+     */
+    pragma[noinline]
+    predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 }
+  }
+
+  /**
+   * A module for determining feasible tuples for the product automaton.
+   *
+   * The implementation is split into many predicates for performance reasons.
+   */
+  private module FeasibleTuple {
+    /**
+     * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton.
+     */
+    pragma[inline]
+    predicate isFeasibleTuple(State r1, State r2, State r3) {
+      // The first element is either inside a repetition (or the start state itself)
+      isRepetitionOrStart(r1) and
+      // The last element is inside a repetition
+      stateInsideRepetition(r3) and
+      // The states are reachable in the NFA in the order r1 -> r2 -> r3
+      delta+(r1) = r2 and
+      delta+(r2) = r3 and
+      // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair).
+      canReachABeginning(r1) and
+      // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair).
+      canReachATarget(r3)
+    }
+
+    /**
+     * Holds if `s` is either inside a repetition, or is the start state (which is a repetition).
+     */
+    pragma[noinline]
+    private predicate isRepetitionOrStart(State s) {
+      stateInsideRepetition(s) or s = getRootState()
+    }
+
+    /**
+     * Holds if state `s` might be inside a backtracking repetition.
+     */
+    pragma[noinline]
+    private predicate stateInsideRepetition(State s) {
+      s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier
+    }
+
+    /**
+     * Holds if there exists a path in the NFA from `s` to a "pivot" state
+     * (from a `(pivot, succ)` pair that starts the search).
+     */
+    pragma[noinline]
+    private predicate canReachABeginning(State s) {
+      delta+(s) = any(State pivot | isStartLoops(pivot, _))
+    }
+
+    /**
+     * Holds if there exists a path in the NFA from `s` to a "succ" state
+     * (from a `(pivot, succ)` pair that starts the search).
+     */
+    pragma[noinline]
+    private predicate canReachATarget(State s) {
+      delta+(s) = any(State succ | isStartLoops(_, succ))
+    }
+  }
+
+  /**
+   * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup.
+   *
+   * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`.
+   * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query.
+   */
+  predicate isStartLoops(State pivot, State succ) {
+    pivot != succ and
+    succ.getRepr() instanceof InfiniteRepetitionQuantifier and
+    delta+(pivot) = succ and
+    (
+      pivot.getRepr() instanceof InfiniteRepetitionQuantifier
+      or
+      pivot = mkMatch(any(RegExpRoot root))
+    )
+  }
+
+  /**
+   * Gets a state for which there exists a transition in the NFA from `s'.
+   */
+  State delta(State s) { delta(s, _, result) }
+
+  /**
+   * Holds if there are transitions from the components of `q` to the corresponding
+   * components of `r` labelled with `s1`, `s2`, and `s3`, respectively.
+   */
+  pragma[noinline]
+  predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) {
+    exists(State r1, State r2, State r3 |
+      step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3)
+    )
+  }
+
+  /**
+   * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3
+   * labelled with `s1`, `s2`, and `s3`, respectively.
+   */
+  pragma[noopt]
+  predicate step(
+    StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3
+  ) {
+    exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) |
+      deltaClosed(q1, s1, r1) and
+      deltaClosed(q2, s2, r2) and
+      deltaClosed(q3, s3, r3) and
+      // use noopt to force the join on `getAThreewayIntersect` to happen last.
+      exists(getAThreewayIntersect(s1, s2, s3))
+    )
+  }
+
+  /**
+   * Gets a char that is matched by all the edges `s1`, `s2`, and `s3`.
+   *
+   * The result is not complete, and might miss some combination of edges that share some character.
+   */
+  pragma[noinline]
+  string getAThreewayIntersect(InputSymbol s1, InputSymbol s2, InputSymbol s3) {
+    result = minAndMaxIntersect(s1, s2) and result = [intersect(s2, s3), intersect(s1, s3)]
+    or
+    result = minAndMaxIntersect(s1, s3) and result = [intersect(s2, s3), intersect(s1, s2)]
+    or
+    result = minAndMaxIntersect(s2, s3) and result = [intersect(s1, s2), intersect(s1, s3)]
+  }
+
+  /**
+   * Gets the minimum and maximum characters that intersect between `a` and `b`.
+   * This predicate is used to limit the size of `getAThreewayIntersect`.
+   */
+  pragma[noinline]
+  string minAndMaxIntersect(InputSymbol a, InputSymbol b) {
+    result = [min(intersect(a, b)), max(intersect(a, b))]
+  }
+
+  private newtype TTrace =
+    Nil() or
+    Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) {
+      isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _)
+    }
+
+  /**
+   * A list of tuples of input symbols that describe a path in the product automaton
+   * starting from some start state.
+   */
+  class Trace extends TTrace {
+    /**
+     * Gets a string representation of this Trace that can be used for debug purposes.
+     */
+    string toString() {
+      this = Nil() and result = "Nil()"
+      or
+      exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) |
+        result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")"
+      )
+    }
+  }
+
+  /**
+   * Holds if there exists a transition from `r` to `q` in the product automaton.
+   * Notice that the arguments are flipped, and thus the direction is backwards.
+   */
+  pragma[noinline]
+  predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) }
+
+  /**
+   * Holds if `tuple` is an end state in our search.
+   * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`.
+   */
+  predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) }
+
+  /**
+   * Gets the minimum length of a path from `r` to some an end state `end`.
+   *
+   * The implementation searches backwards from the end-tuple.
+   * This approach was chosen because it is way more efficient if the first predicate given to `shortestDistances` is small.
+   * The `end` argument must always be an end state.
+   */
+  int distBackFromEnd(StateTuple r, StateTuple end) =
+    shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result)
+
+  /**
+   * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that:
+   * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton,
+   * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`,
+   * and a path from a start-state to `tuple` follows the transitions in `trace`.
+   */
+  private predicate isReachableFromStartTuple(
+    State pivot, State succ, StateTuple tuple, Trace trace, int dist
+  ) {
+    exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v |
+      isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and
+      trace = Step(s1, s2, s3, v)
+    )
+  }
+
+  private predicate isReachableFromStartTuple(
+    State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3,
+    StateTuple tuple, int dist
+  ) {
+    // base case.
+    exists(State q1, State q2, State q3 |
+      isStartLoops(pivot, succ) and
+      step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and
+      tuple = MkStateTuple(q1, q2, q3) and
+      trace = Nil() and
+      dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ))
+    )
+    or
+    // recursive case
+    exists(StateTuple p |
+      isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and
+      dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and
+      step(p, s1, s2, s3, tuple)
+    )
+  }
+
+  /**
+   * Gets the tuple `(pivot, succ, succ)` from the product automaton.
+   */
+  StateTuple getAnEndTuple(State pivot, State succ) {
+    isStartLoops(pivot, succ) and
+    result = MkStateTuple(pivot, succ, succ)
+  }
+
+  /** An implementation of a chain containing chars for use by `Concretizer`. */
+  private module CharTreeImpl implements CharTree {
+    class CharNode = Trace;
+
+    CharNode getPrev(CharNode t) { t = Step(_, _, _, result) }
+
+    /** Holds if `n` is used in `isPumpable`. */
+    predicate isARelevantEnd(CharNode n) {
+      exists(State pivot, State succ |
+        isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _)
+      )
+    }
+
+    string getChar(CharNode t) {
+      exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) |
+        result = getAThreewayIntersect(s1, s2, s3)
+      )
+    }
+  }
+
+  /**
+   * Holds if matching repetitions of `pump` can:
+   * 1) Transition from `pivot` back to `pivot`.
+   * 2) Transition from `pivot` to `succ`.
+   * 3) Transition from `succ` to `succ`.
+   *
+   * From theorem 3 in the paper linked in the top of this file we can therefore conclude that
+   * the regular expression has polynomial backtracking - if a rejecting suffix exists.
+   *
+   * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are
+   * available in the `hasReDoSResult` predicate.
+   */
+  predicate isPumpable(State pivot, State succ, string pump) {
+    exists(StateTuple q, Trace t |
+      isReachableFromStartTuple(pivot, succ, q, t, _) and
+      q = getAnEndTuple(pivot, succ) and
+      pump = Concretizer<CharTreeImpl>::concretize(t)
+    )
+  }
+
+  /**
+   * Holds if states starting in `state` can have polynomial backtracking with the string `pump`.
+   */
+  predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump) }
+
+  /**
+   * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
+   */
+  predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
+    exists(State s, State pivot |
+      ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
+      isPumpable(pivot, s, _) and
+      prev = pivot.getRepr()
+    )
+  }
+
+  /**
+   * Gets a message for why `term` can cause polynomial backtracking.
+   */
+  string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
+    polynomialReDoS(term, pump, prefixMsg, prev) and
+    result =
+      "Strings " + prefixMsg + "with many repetitions of '" + pump +
+        "' can start matching anywhere after the start of the preceeding " + prev
+  }
+
+  /**
+   * A term that may cause a regular expression engine to perform a
+   * polynomial number of match attempts, relative to the input length.
+   */
+  class PolynomialBackTrackingTerm instanceof InfiniteRepetitionQuantifier {
+    string reason;
+    string pump;
+    string prefixMsg;
+    RegExpTerm prev;
+
+    PolynomialBackTrackingTerm() {
+      reason = getReasonString(this, pump, prefixMsg, prev) and
+      // there might be many reasons for this term to have polynomial backtracking - we pick the shortest one.
+      reason =
+        min(string msg | msg = getReasonString(this, _, _, _) | msg order by msg.length(), msg)
+    }
+
+    /**
+     * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line.
+     */
+    predicate isAtEndLine() {
+      forall(RegExpTerm succ | super.getSuccessor+() = succ and not matchesEpsilon(succ) |
+        succ instanceof RegExpDollar
+      )
+    }
+
+    /**
+     * Gets the string that should be repeated to cause this regular expression to perform polynomially.
+     */
+    string getPumpString() { result = pump }
+
+    /**
+     * Gets a message for which prefix a matching string must start with for this term to cause polynomial backtracking.
+     */
+    string getPrefixMessage() { result = prefixMsg }
+
+    /**
+     * Gets a predecessor to `this`, which also loops on the pump string, and thereby causes polynomial backtracking.
+     */
+    RegExpTerm getPreviousLoop() { result = prev }
+
+    /**
+     * Gets the reason for the number of match attempts.
+     */
+    string getReason() { result = reason }
+
+    /** Gets a string representation of this term. */
+    string toString() { result = super.toString() }
+
+    /** Gets the outermost term of this regular expression. */
+    RegExpTerm getRootTerm() { result = super.getRootTerm() }
+
+    /** Holds if this term has the specific location. */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+}
diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml
new file mode 100644
index 00000000000..6ce99fb48b6
--- /dev/null
+++ b/shared/regex/qlpack.yml
@@ -0,0 +1,5 @@
+name: codeql/regex
+version: 0.0.4-dev
+groups: shared
+library: true
+dependencies:
diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md
index d26b43c4358..3c81fd2e095 100644
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.0.7
+
+No user-facing changes.
+
+## 0.0.6
+
+No user-facing changes.
+
+## 0.0.5
+
+No user-facing changes.
+
 ## 0.0.4
 
 No user-facing changes.
diff --git a/shared/ssa/change-notes/released/0.0.5.md b/shared/ssa/change-notes/released/0.0.5.md
new file mode 100644
index 00000000000..766ec2723b5
--- /dev/null
+++ b/shared/ssa/change-notes/released/0.0.5.md
@@ -0,0 +1,3 @@
+## 0.0.5
+
+No user-facing changes.
diff --git a/shared/ssa/change-notes/released/0.0.6.md b/shared/ssa/change-notes/released/0.0.6.md
new file mode 100644
index 00000000000..ccbce856079
--- /dev/null
+++ b/shared/ssa/change-notes/released/0.0.6.md
@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.
diff --git a/shared/ssa/change-notes/released/0.0.7.md b/shared/ssa/change-notes/released/0.0.7.md
new file mode 100644
index 00000000000..84da6f18c42
--- /dev/null
+++ b/shared/ssa/change-notes/released/0.0.7.md
@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml
index ec411a674bc..a2a5484910b 100644
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.4
+lastReleaseVersion: 0.0.7
diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll
index 886e4128e26..f7f7683d386 100644
--- a/shared/ssa/codeql/ssa/Ssa.qll
+++ b/shared/ssa/codeql/ssa/Ssa.qll
@@ -9,7 +9,10 @@ signature module InputSig {
    * A basic block, that is, a maximal straight-line sequence of control flow nodes
    * without branches or joins.
    */
-  class BasicBlock;
+  class BasicBlock {
+    /** Gets a textual representation of this basic block. */
+    string toString();
+  }
 
   /**
    * Gets the basic block that immediately dominates basic block `bb`, if any.
@@ -43,7 +46,10 @@ signature module InputSig {
   class ExitBasicBlock extends BasicBlock;
 
   /** A variable that can be SSA converted. */
-  class SourceVariable;
+  class SourceVariable {
+    /** Gets a textual representation of this variable. */
+    string toString();
+  }
 
   /**
    * Holds if the `i`th node of basic block `bb` is a (potential) write to source
@@ -258,8 +264,22 @@ module Make<InputSig Input> {
     )
   }
 
+  /**
+   * Holds if `bb` is in the dominance frontier of a block containing a
+   * read of `v`.
+   */
+  pragma[nomagic]
+  private predicate inReadDominanceFrontier(BasicBlock bb, SourceVariable v) {
+    exists(BasicBlock readbb | inDominanceFrontier(readbb, bb) |
+      lastRefIsRead(readbb, v)
+      or
+      exists(TPhiReadNode(v, readbb)) and
+      not ref(readbb, _, v, _)
+    )
+  }
+
   cached
-  newtype TDefinition =
+  private newtype TDefinitionExt =
     TWriteDef(SourceVariable v, BasicBlock bb, int i) {
       variableWrite(bb, i, v, _) and
       liveAfterWrite(bb, i, v)
@@ -267,8 +287,16 @@ module Make<InputSig Input> {
     TPhiNode(SourceVariable v, BasicBlock bb) {
       inDefDominanceFrontier(bb, v) and
       liveAtEntry(bb, v)
+    } or
+    TPhiReadNode(SourceVariable v, BasicBlock bb) {
+      inReadDominanceFrontier(bb, v) and
+      liveAtEntry(bb, v) and
+      // no need to create a phi-read if there is already a normal phi
+      not any(PhiNode def).definesAt(v, bb, _)
     }
 
+  private class TDefinition = TWriteDef or TPhiNode;
+
   private module SsaDefReaches {
     newtype TSsaRefKind =
       SsaActualRead() or
@@ -277,6 +305,10 @@ module Make<InputSig Input> {
 
     class SsaRead = SsaActualRead or SsaPhiRead;
 
+    class SsaDefExt = SsaDef or SsaPhiRead;
+
+    SsaDefExt ssaDefExt() { any() }
+
     /**
      * A classification of SSA variable references into reads and definitions.
      */
@@ -301,98 +333,27 @@ module Make<InputSig Input> {
       }
     }
 
-    /**
-     * Holds if `bb` is in the dominance frontier of a block containing a
-     * read of `v`.
-     */
-    pragma[nomagic]
-    private predicate inReadDominanceFrontier(BasicBlock bb, SourceVariable v) {
-      exists(BasicBlock readbb | inDominanceFrontier(readbb, bb) |
-        lastRefIsRead(readbb, v)
-        or
-        phiRead(readbb, v)
-      )
-    }
-
-    /**
-     * Holds if a phi-read node should be inserted for variable `v` at the beginning
-     * of basic block `bb`.
-     *
-     * Phi-read nodes are like normal phi nodes, but they are inserted based on reads
-     * instead of writes, and only if the dominance-frontier block does not already
-     * contain a reference (read or write) to `v`. Unlike normal phi nodes, this is
-     * an internal implementation detail that is not exposed.
-     *
-     * The motivation for adding phi-reads is to improve performance of the use-use
-     * calculation in cases where there is a large number of reads that can reach the
-     * same join-point, and from there reach a large number of basic blocks. Example:
-     *
-     * ```cs
-     * if (a)
-     *   use(x);
-     * else if (b)
-     *   use(x);
-     * else if (c)
-     *   use(x);
-     * else if (d)
-     *   use(x);
-     * // many more ifs ...
-     *
-     * // phi-read for `x` inserted here
-     *
-     * // program not mentioning `x`, with large basic block graph
-     *
-     * use(x);
-     * ```
-     *
-     * Without phi-reads, the analysis has to replicate reachability for each of
-     * the guarded uses of `x`. However, with phi-reads, the analysis will limit
-     * each conditional use of `x` to reach the basic block containing the phi-read
-     * node for `x`, and only that basic block will have to compute reachability
-     * through the remainder of the large program.
-     *
-     * Like normal reads, each phi-read node `phi-read` can be reached from exactly
-     * one SSA definition (without passing through another definition): Assume, for
-     * the sake of contradiction, that there are two reaching definitions `def1` and
-     * `def2`. Now, if both `def1` and `def2` dominate `phi-read`, then the nearest
-     * dominating definition will prevent the other from reaching `phi-read`. So, at
-     * least one of `def1` and `def2` cannot dominate `phi-read`; assume it is `def1`.
-     * Then `def1` must go through one of its dominance-frontier blocks in order to
-     * reach `phi-read`. However, such a block will always start with a (normal) phi
-     * node, which contradicts reachability.
-     *
-     * Also, like normal reads, the unique SSA definition `def` that reaches `phi-read`,
-     * will dominate `phi-read`. Assuming it doesn't means that the path from `def`
-     * to `phi-read` goes through a dominance-frontier block, and hence a phi node,
-     * which contradicts reachability.
-     */
-    pragma[nomagic]
-    predicate phiRead(BasicBlock bb, SourceVariable v) {
-      inReadDominanceFrontier(bb, v) and
-      liveAtEntry(bb, v) and
-      // only if there are no other references to `v` inside `bb`
-      not ref(bb, _, v, _) and
-      not exists(Definition def | def.definesAt(v, bb, _))
-    }
-
     /**
      * Holds if the `i`th node of basic block `bb` is a reference to `v`,
-     * either a read (when `k` is `SsaRead()`) or an SSA definition (when `k`
-     * is `SsaDef()`).
+     * either a read (when `k` is `SsaActualRead()`), an SSA definition (when `k`
+     * is `SsaDef()`), or a phi-read (when `k` is `SsaPhiRead()`).
      *
-     * Unlike `Liveness::ref`, this includes `phi` nodes.
+     * Unlike `Liveness::ref`, this includes `phi` (read) nodes.
      */
     pragma[nomagic]
     predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) {
       variableRead(bb, i, v, _) and
       k = SsaActualRead()
       or
-      phiRead(bb, v) and
-      i = -1 and
-      k = SsaPhiRead()
-      or
-      any(Definition def).definesAt(v, bb, i) and
-      k = SsaDef()
+      any(DefinitionExt def).definesAt(v, bb, i, k)
+    }
+
+    /**
+     * Holds if the `i`th node of basic block `bb` is a reference to `v`, and
+     * this reference is not a phi-read.
+     */
+    predicate ssaRefNonPhiRead(BasicBlock bb, int i, SourceVariable v) {
+      ssaRef(bb, i, v, [SsaActualRead().(TSsaRefKind), SsaDef()])
     }
 
     private newtype OrderedSsaRefIndex =
@@ -439,37 +400,36 @@ module Make<InputSig Input> {
      * Holds if the SSA definition `def` reaches rank index `rnk` in its own
      * basic block `bb`.
      */
-    predicate ssaDefReachesRank(BasicBlock bb, Definition def, int rnk, SourceVariable v) {
+    predicate ssaDefReachesRank(BasicBlock bb, DefinitionExt def, int rnk, SourceVariable v) {
       exists(int i |
-        rnk = ssaRefRank(bb, i, v, SsaDef()) and
-        def.definesAt(v, bb, i)
+        rnk = ssaRefRank(bb, i, v, ssaDefExt()) and
+        def.definesAt(v, bb, i, _)
       )
       or
       ssaDefReachesRank(bb, def, rnk - 1, v) and
-      rnk = ssaRefRank(bb, _, v, any(SsaRead k))
+      rnk = ssaRefRank(bb, _, v, SsaActualRead())
     }
 
     /**
      * Holds if the SSA definition of `v` at `def` reaches index `i` in the same
      * basic block `bb`, without crossing another SSA definition of `v`.
      */
-    predicate ssaDefReachesReadWithinBlock(SourceVariable v, Definition def, BasicBlock bb, int i) {
+    predicate ssaDefReachesReadWithinBlock(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) {
       exists(int rnk |
         ssaDefReachesRank(bb, def, rnk, v) and
-        rnk = ssaRefRank(bb, i, v, any(SsaRead k))
+        rnk = ssaRefRank(bb, i, v, SsaActualRead())
       )
     }
 
     /**
      * Same as `ssaRefRank()`, but restricted to a particular SSA definition `def`.
      */
-    int ssaDefRank(Definition def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k) {
-      v = def.getSourceVariable() and
+    int ssaDefRank(DefinitionExt def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k) {
       result = ssaRefRank(bb, i, v, k) and
       (
-        ssaDefReachesRead(_, def, bb, i)
+        ssaDefReachesReadExt(v, def, bb, i)
         or
-        def.definesAt(_, bb, i)
+        def.definesAt(v, bb, i, k)
       )
     }
 
@@ -478,18 +438,38 @@ module Make<InputSig Input> {
      * last reference to `v` inside `bb`.
      */
     pragma[noinline]
-    predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) {
+    predicate lastSsaRefExt(DefinitionExt def, SourceVariable v, BasicBlock bb, int i) {
       ssaDefRank(def, v, bb, i, _) = maxSsaRefRank(bb, v)
     }
 
-    predicate defOccursInBlock(Definition def, BasicBlock bb, SourceVariable v, SsaRefKind k) {
+    /** Gets a phi-read node into which `inp` is an input, if any. */
+    pragma[nomagic]
+    private DefinitionExt getAPhiReadOutput(DefinitionExt inp) {
+      phiHasInputFromBlockExt(result.(PhiReadNode), inp, _)
+    }
+
+    pragma[nomagic]
+    DefinitionExt getAnUltimateOutput(Definition def) { result = getAPhiReadOutput*(def) }
+
+    /**
+     * Same as `lastSsaRefExt`, but ignores phi-reads.
+     */
+    pragma[noinline]
+    predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) {
+      lastSsaRefExt(getAnUltimateOutput(def), v, bb, i) and
+      ssaRefNonPhiRead(bb, i, v)
+    }
+
+    predicate defOccursInBlock(DefinitionExt def, BasicBlock bb, SourceVariable v, SsaRefKind k) {
       exists(ssaDefRank(def, v, bb, _, k))
     }
 
     pragma[noinline]
-    private predicate ssaDefReachesThroughBlock(Definition def, BasicBlock bb) {
-      ssaDefReachesEndOfBlock(bb, def, _) and
-      not defOccursInBlock(_, bb, def.getSourceVariable(), _)
+    private predicate ssaDefReachesThroughBlock(DefinitionExt def, BasicBlock bb) {
+      exists(SourceVariable v |
+        ssaDefReachesEndOfBlockExt(bb, def, v) and
+        not defOccursInBlock(_, bb, v, _)
+      )
     }
 
     /**
@@ -497,85 +477,114 @@ module Make<InputSig Input> {
      * `bb2` is a transitive successor of `bb1`, `def` is live at the end of _some_
      * predecessor of `bb2`, and the underlying variable for `def` is neither read
      * nor written in any block on the path between `bb1` and `bb2`.
-     *
-     * Phi reads are considered as normal reads for this predicate.
      */
     pragma[nomagic]
-    private predicate varBlockReachesInclPhiRead(Definition def, BasicBlock bb1, BasicBlock bb2) {
-      defOccursInBlock(def, bb1, _, _) and
+    predicate varBlockReachesExt(DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) {
+      defOccursInBlock(def, bb1, v, _) and
       bb2 = getABasicBlockSuccessor(bb1)
       or
       exists(BasicBlock mid |
-        varBlockReachesInclPhiRead(def, bb1, mid) and
+        varBlockReachesExt(def, v, bb1, mid) and
         ssaDefReachesThroughBlock(def, mid) and
         bb2 = getABasicBlockSuccessor(mid)
       )
     }
 
     pragma[nomagic]
-    private predicate phiReadStep(Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) {
-      varBlockReachesInclPhiRead(def, bb1, bb2) and
-      defOccursInBlock(def, bb2, v, SsaPhiRead())
+    private predicate phiReadStep(DefinitionExt def, PhiReadNode phi, BasicBlock bb1, BasicBlock bb2) {
+      exists(SourceVariable v |
+        varBlockReachesExt(pragma[only_bind_into](def), v, bb1, pragma[only_bind_into](bb2)) and
+        phi.definesAt(v, bb2, _, _) and
+        not ref(bb2, _, v, _)
+      )
     }
 
     pragma[nomagic]
-    private predicate varBlockReachesExclPhiRead(Definition def, BasicBlock bb1, BasicBlock bb2) {
-      varBlockReachesInclPhiRead(pragma[only_bind_into](def), bb1, pragma[only_bind_into](bb2)) and
-      ssaRef(bb2, _, def.getSourceVariable(), [SsaActualRead().(TSsaRefKind), SsaDef()])
+    private predicate varBlockReachesExclPhiRead(
+      DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2
+    ) {
+      varBlockReachesExt(def, v, bb1, bb2) and
+      ssaRefNonPhiRead(bb2, _, v)
       or
-      exists(BasicBlock mid |
-        varBlockReachesExclPhiRead(def, mid, bb2) and
-        phiReadStep(def, _, bb1, mid)
+      exists(PhiReadNode phi, BasicBlock mid |
+        varBlockReachesExclPhiRead(phi, v, mid, bb2) and
+        phiReadStep(def, phi, bb1, mid)
       )
     }
 
     /**
-     * Holds if `def` is accessed in basic block `bb1` (either a read or a write),
-     * the underlying variable `v` of `def` is accessed in basic block `bb2`
-     * (either a read or a write), `bb2` is a transitive successor of `bb1`, and
-     * `v` is neither read nor written in any block on the path between `bb1`
-     * and `bb2`.
+     * Same as `varBlockReachesExt`, but ignores phi-reads, and furthermore
+     * `bb2` is restricted to blocks in which the underlying variable `v` of
+     * `def` is referenced (either a read or a write).
      */
     pragma[nomagic]
-    predicate varBlockReaches(Definition def, BasicBlock bb1, BasicBlock bb2) {
-      varBlockReachesExclPhiRead(def, bb1, bb2) and
-      not defOccursInBlock(def, bb1, _, SsaPhiRead())
+    predicate varBlockReachesRef(Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) {
+      varBlockReachesExclPhiRead(getAnUltimateOutput(def), v, bb1, bb2) and
+      ssaRefNonPhiRead(bb1, _, v)
+    }
+
+    pragma[nomagic]
+    predicate defAdjacentReadExt(DefinitionExt def, BasicBlock bb1, BasicBlock bb2, int i2) {
+      exists(SourceVariable v |
+        varBlockReachesExt(def, v, bb1, bb2) and
+        ssaRefRank(bb2, i2, v, SsaActualRead()) = 1
+      )
     }
 
     pragma[nomagic]
     predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) {
-      varBlockReaches(def, bb1, bb2) and
-      ssaRefRank(bb2, i2, def.getSourceVariable(), SsaActualRead()) = 1
+      exists(SourceVariable v | varBlockReachesRef(def, v, bb1, bb2) |
+        ssaRefRank(bb2, i2, v, SsaActualRead()) = 1
+        or
+        ssaRefRank(bb2, _, v, SsaPhiRead()) = 1 and
+        ssaRefRank(bb2, i2, v, SsaActualRead()) = 2
+      )
     }
 
     /**
      * Holds if `def` is accessed in basic block `bb` (either a read or a write),
-     * `bb1` can reach a transitive successor `bb2` where `def` is no longer live,
+     * `bb` can reach a transitive successor `bb2` where `def` is no longer live,
      * and `v` is neither read nor written in any block on the path between `bb`
      * and `bb2`.
      */
     pragma[nomagic]
-    predicate varBlockReachesExit(Definition def, BasicBlock bb) {
-      exists(BasicBlock bb2 | varBlockReachesInclPhiRead(def, bb, bb2) |
+    predicate varBlockReachesExitExt(DefinitionExt def, BasicBlock bb) {
+      exists(BasicBlock bb2 | varBlockReachesExt(def, _, bb, bb2) |
         not defOccursInBlock(def, bb2, _, _) and
-        not ssaDefReachesEndOfBlock(bb2, def, _)
-      )
-      or
-      exists(BasicBlock mid |
-        varBlockReachesExit(def, mid) and
-        phiReadStep(def, _, bb, mid)
+        not ssaDefReachesEndOfBlockExt(bb2, def, _)
       )
     }
-  }
 
-  predicate phiReadExposedForTesting = phiRead/2;
+    pragma[nomagic]
+    private predicate varBlockReachesExitExclPhiRead(DefinitionExt def, BasicBlock bb) {
+      exists(BasicBlock bb2, SourceVariable v |
+        varBlockReachesExt(def, v, bb, bb2) and
+        not defOccursInBlock(def, bb2, _, _) and
+        not ssaDefReachesEndOfBlockExt(bb2, def, _) and
+        not any(PhiReadNode phi).definesAt(v, bb2, _, _)
+      )
+      or
+      exists(PhiReadNode phi, BasicBlock bb2 |
+        varBlockReachesExitExclPhiRead(phi, bb2) and
+        phiReadStep(def, phi, bb, bb2)
+      )
+    }
+
+    /**
+     * Same as `varBlockReachesExitExt`, but ignores phi-reads.
+     */
+    pragma[nomagic]
+    predicate varBlockReachesExit(Definition def, BasicBlock bb) {
+      varBlockReachesExitExclPhiRead(getAnUltimateOutput(def), bb)
+    }
+  }
 
   private import SsaDefReaches
 
   pragma[nomagic]
-  private predicate liveThrough(BasicBlock bb, SourceVariable v) {
+  private predicate liveThroughExt(BasicBlock bb, SourceVariable v) {
     liveAtExit(bb, v) and
-    not ssaRef(bb, _, v, SsaDef())
+    not ssaRef(bb, _, v, ssaDefExt())
   }
 
   /**
@@ -586,7 +595,7 @@ module Make<InputSig Input> {
    * SSA definition of `v`.
    */
   pragma[nomagic]
-  predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SourceVariable v) {
+  predicate ssaDefReachesEndOfBlockExt(BasicBlock bb, DefinitionExt def, SourceVariable v) {
     exists(int last |
       last = maxSsaRefRank(pragma[only_bind_into](bb), pragma[only_bind_into](v)) and
       ssaDefReachesRank(bb, def, last, v) and
@@ -599,8 +608,31 @@ module Make<InputSig Input> {
     // the node. If two definitions dominate a node then one must dominate the
     // other, so therefore the definition of _closest_ is given by the dominator
     // tree. Thus, reaching definitions can be calculated in terms of dominance.
-    ssaDefReachesEndOfBlock(getImmediateBasicBlockDominator(bb), def, pragma[only_bind_into](v)) and
-    liveThrough(bb, pragma[only_bind_into](v))
+    ssaDefReachesEndOfBlockExt(getImmediateBasicBlockDominator(bb), def, pragma[only_bind_into](v)) and
+    liveThroughExt(bb, pragma[only_bind_into](v))
+  }
+
+  pragma[nomagic]
+  private predicate phiReadReachesEndOfBlock(BasicBlock pred, BasicBlock bb, SourceVariable v) {
+    exists(PhiReadNode phi |
+      ssaDefReachesEndOfBlockExt(bb, phi, v) and
+      pred = getImmediateBasicBlockDominator(phi.getBasicBlock())
+    )
+  }
+
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Same as `ssaDefReachesEndOfBlockExt`, but ignores phi-reads.
+   */
+  pragma[nomagic]
+  predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SourceVariable v) {
+    ssaDefReachesEndOfBlockExt(bb, def, v)
+    or
+    exists(BasicBlock mid |
+      ssaDefReachesEndOfBlock(mid, def, v) and
+      phiReadReachesEndOfBlock(mid, bb, v)
+    )
   }
 
   /**
@@ -617,20 +649,50 @@ module Make<InputSig Input> {
     )
   }
 
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Holds if `inp` is an input to the phi (read) node `phi` along the edge originating in `bb`.
+   */
+  pragma[nomagic]
+  predicate phiHasInputFromBlockExt(DefinitionExt phi, DefinitionExt inp, BasicBlock bb) {
+    exists(SourceVariable v, BasicBlock bbDef |
+      phi.definesAt(v, bbDef, _, _) and
+      getABasicBlockPredecessor(bbDef) = bb and
+      ssaDefReachesEndOfBlockExt(bb, inp, v)
+    |
+      phi instanceof PhiNode or
+      phi instanceof PhiReadNode
+    )
+  }
+
   /**
    * NB: If this predicate is exposed, it should be cached.
    *
    * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in
-   * basic block `bb`, without crossing another SSA definition of `v`. The read
-   * is of kind `rk`.
+   * basic block `bb`, without crossing another SSA definition of `v`.
+   */
+  pragma[nomagic]
+  predicate ssaDefReachesReadExt(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) {
+    ssaDefReachesReadWithinBlock(v, def, bb, i)
+    or
+    ssaRef(bb, i, v, SsaActualRead()) and
+    ssaDefReachesEndOfBlockExt(getABasicBlockPredecessor(bb), def, v) and
+    not ssaDefReachesReadWithinBlock(v, _, bb, i)
+  }
+
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Same as `ssaDefReachesReadExt`, but ignores phi-reads.
    */
   pragma[nomagic]
   predicate ssaDefReachesRead(SourceVariable v, Definition def, BasicBlock bb, int i) {
     ssaDefReachesReadWithinBlock(v, def, bb, i)
     or
-    ssaRef(bb, i, v, any(SsaRead k)) and
+    ssaRef(bb, i, v, SsaActualRead()) and
     ssaDefReachesEndOfBlock(getABasicBlockPredecessor(bb), def, v) and
-    not ssaDefReachesReadWithinBlock(v, _, bb, i)
+    not exists(Definition other | ssaDefReachesReadWithinBlock(v, other, bb, i))
   }
 
   /**
@@ -641,14 +703,32 @@ module Make<InputSig Input> {
    * path between them without any read of `def`.
    */
   pragma[nomagic]
-  predicate adjacentDefRead(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) {
+  predicate adjacentDefReadExt(
+    DefinitionExt def, SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2
+  ) {
     exists(int rnk |
-      rnk = ssaDefRank(def, _, bb1, i1, _) and
-      rnk + 1 = ssaDefRank(def, _, bb1, i2, SsaActualRead()) and
-      variableRead(bb1, i2, _, _) and
+      rnk = ssaDefRank(def, v, bb1, i1, _) and
+      rnk + 1 = ssaDefRank(def, v, bb1, i2, SsaActualRead()) and
+      variableRead(bb1, i2, v, _) and
       bb2 = bb1
     )
     or
+    lastSsaRefExt(def, v, bb1, i1) and
+    defAdjacentReadExt(def, bb1, bb2, i2)
+  }
+
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Same as `adjacentDefReadExt`, but ignores phi-reads.
+   */
+  pragma[nomagic]
+  predicate adjacentDefRead(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) {
+    exists(SourceVariable v |
+      adjacentDefReadExt(getAnUltimateOutput(def), v, bb1, i1, bb2, i2) and
+      ssaRefNonPhiRead(bb1, i1, v)
+    )
+    or
     lastSsaRef(def, _, bb1, i1) and
     defAdjacentRead(def, bb1, bb2, i2)
   }
@@ -698,19 +778,41 @@ module Make<InputSig Input> {
    * without passing through another read or write.
    */
   pragma[nomagic]
+  predicate lastRefRedefExt(
+    DefinitionExt def, SourceVariable v, BasicBlock bb, int i, DefinitionExt next
+  ) {
+    // Next reference to `v` inside `bb` is a write
+    exists(int rnk, int j |
+      rnk = ssaDefRank(def, v, bb, i, _) and
+      next.definesAt(v, bb, j, _) and
+      rnk + 1 = ssaRefRank(bb, j, v, ssaDefExt())
+    )
+    or
+    // Can reach a write using one or more steps
+    lastSsaRefExt(def, v, bb, i) and
+    exists(BasicBlock bb2 |
+      varBlockReachesExt(def, v, bb, bb2) and
+      1 = ssaDefRank(next, v, bb2, _, ssaDefExt())
+    )
+  }
+
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Same as `lastRefRedefExt`, but ignores phi-reads.
+   */
+  pragma[nomagic]
   predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) {
     exists(SourceVariable v |
-      // Next reference to `v` inside `bb` is a write
-      exists(int rnk, int j |
-        rnk = ssaDefRank(def, v, bb, i, _) and
-        next.definesAt(v, bb, j) and
-        rnk + 1 = ssaRefRank(bb, j, v, SsaDef())
-      )
-      or
-      // Can reach a write using one or more steps
+      lastRefRedefExt(getAnUltimateOutput(def), v, bb, i, next) and
+      ssaRefNonPhiRead(bb, i, v)
+    )
+    or
+    // Can reach a write using one or more steps
+    exists(SourceVariable v |
       lastSsaRef(def, v, bb, i) and
       exists(BasicBlock bb2 |
-        varBlockReaches(def, bb, bb2) and
+        varBlockReachesRef(def, v, bb, bb2) and
         1 = ssaDefRank(next, v, bb2, _, SsaDef())
       )
     )
@@ -764,6 +866,25 @@ module Make<InputSig Input> {
    * another read.
    */
   pragma[nomagic]
+  predicate lastRefExt(DefinitionExt def, BasicBlock bb, int i) {
+    // Can reach another definition
+    lastRefRedefExt(def, _, bb, i, _)
+    or
+    exists(SourceVariable v | lastSsaRefExt(def, v, bb, i) |
+      // Can reach exit directly
+      bb instanceof ExitBasicBlock
+      or
+      // Can reach a block using one or more steps, where `def` is no longer live
+      varBlockReachesExitExt(def, bb)
+    )
+  }
+
+  /**
+   * NB: If this predicate is exposed, it should be cached.
+   *
+   * Same as `lastRefExt`, but ignores phi-reads.
+   */
+  pragma[nomagic]
   predicate lastRef(Definition def, BasicBlock bb, int i) {
     // Can reach another definition
     lastRefRedef(def, bb, i, _)
@@ -813,7 +934,7 @@ module Make<InputSig Input> {
     final BasicBlock getBasicBlock() { this.definesAt(_, result, _) }
 
     /** Gets a textual representation of this SSA definition. */
-    string toString() { none() }
+    string toString() { result = "SSA def(" + this.getSourceVariable() + ")" }
   }
 
   /** An SSA definition that corresponds to a write. */
@@ -823,13 +944,11 @@ module Make<InputSig Input> {
     private int i;
 
     WriteDefinition() { this = TWriteDef(v, bb, i) }
-
-    override string toString() { result = "WriteDef" }
   }
 
   /** A phi node. */
   class PhiNode extends Definition, TPhiNode {
-    override string toString() { result = "Phi" }
+    override string toString() { result = "SSA phi(" + this.getSourceVariable() + ")" }
   }
 
   /**
@@ -845,9 +964,121 @@ module Make<InputSig Input> {
     }
   }
 
+  /**
+   * An extended static single assignment (SSA) definition.
+   *
+   * This is either a normal SSA definition (`Definition`) or a
+   * phi-read node (`PhiReadNode`).
+   */
+  class DefinitionExt extends TDefinitionExt {
+    /** Gets the source variable underlying this SSA definition. */
+    SourceVariable getSourceVariable() { this.definesAt(result, _, _, _) }
+
+    /**
+     * Holds if this SSA definition defines `v` at index `i` in basic block `bb`.
+     * Phi nodes are considered to be at index `-1`, while normal variable writes
+     * are at the index of the control flow node they wrap.
+     */
+    final predicate definesAt(SourceVariable v, BasicBlock bb, int i, SsaRefKind kind) {
+      this.(Definition).definesAt(v, bb, i) and
+      kind = SsaDef()
+      or
+      this = TPhiReadNode(v, bb) and i = -1 and kind = SsaPhiRead()
+    }
+
+    /** Gets the basic block to which this SSA definition belongs. */
+    final BasicBlock getBasicBlock() { this.definesAt(_, result, _, _) }
+
+    /** Gets a textual representation of this SSA definition. */
+    string toString() { result = this.(Definition).toString() }
+  }
+
+  /**
+   * A phi-read node.
+   *
+   * Phi-read nodes are like normal phi nodes, but they are inserted based on reads
+   * instead of writes, and only if the dominance-frontier block does not already
+   * contain a normal phi node.
+   *
+   * The motivation for adding phi-reads is to improve performance of the use-use
+   * calculation in cases where there is a large number of reads that can reach the
+   * same join-point, and from there reach a large number of basic blocks. Example:
+   *
+   * ```cs
+   * if (a)
+   *   use(x);
+   * else if (b)
+   *   use(x);
+   * else if (c)
+   *   use(x);
+   * else if (d)
+   *   use(x);
+   * // many more ifs ...
+   *
+   * // phi-read for `x` inserted here
+   *
+   * // program not mentioning `x`, with large basic block graph
+   *
+   * use(x);
+   * ```
+   *
+   * Without phi-reads, the analysis has to replicate reachability for each of
+   * the guarded uses of `x`. However, with phi-reads, the analysis will limit
+   * each conditional use of `x` to reach the basic block containing the phi-read
+   * node for `x`, and only that basic block will have to compute reachability
+   * through the remainder of the large program.
+   *
+   * Another motivation for phi-reads is when a large number of reads can reach
+   * another large number of reads:
+   *
+   * ```cs
+   * if (a)
+   *   use(x);
+   * else if (b)
+   *   use(x);
+   * else if (c)
+   *   use(x);
+   * else if (d)
+   *   use(x);
+   * // many more ifs ...
+   *
+   * // phi-read for `x` inserted here
+   *
+   * if (a)
+   *   use(x);
+   * else if (b)
+   *   use(x);
+   * else if (c)
+   *   use(x);
+   * else if (d)
+   *   use(x);
+   * // many more ifs ...
+   * ```
+   *
+   * Without phi-reads, one needs to add `n*m` data-flow edges (assuming `n` reads
+   * before the phi-read and `m` reads after the phi-read), whereas if we include
+   * phi-reads in the data-flow graph, we only need to add `n+m` edges.
+   *
+   * Like normal reads, each phi-read node `phi-read` can be reached from exactly
+   * one SSA definition (without passing through another definition): Assume, for
+   * the sake of contradiction, that there are two reaching definitions `def1` and
+   * `def2`. Now, if both `def1` and `def2` dominate `phi-read`, then the nearest
+   * dominating definition will prevent the other from reaching `phi-read`. So, at
+   * least one of `def1` and `def2` cannot dominate `phi-read`; assume it is `def1`.
+   * Then `def1` must go through one of its dominance-frontier blocks in order to
+   * reach `phi-read`. However, such a block will always start with a (normal) phi
+   * node, which contradicts reachability.
+   *
+   * Also, like normal reads, the unique SSA definition `def` that reaches `phi-read`,
+   * will dominate `phi-read`. Assuming it doesn't means that the path from `def`
+   * to `phi-read` goes through a dominance-frontier block, and hence a phi node,
+   * which contradicts reachability.
+   */
+  class PhiReadNode extends DefinitionExt, TPhiReadNode {
+    override string toString() { result = "SSA phi read(" + this.getSourceVariable() + ")" }
+  }
+
   /** Provides a set of consistency queries. */
-  // TODO: Make these `query` predicates once class signatures are supported
-  // (`SourceVariable` and `BasicBlock` must have `toString`)
   module Consistency {
     /** A definition that is relevant for the consistency queries. */
     abstract class RelevantDefinition extends Definition {
@@ -857,28 +1088,58 @@ module Make<InputSig Input> {
       );
     }
 
+    /** A definition that is relevant for the consistency queries. */
+    abstract class RelevantDefinitionExt extends DefinitionExt {
+      /** Override this predicate to ensure locations in consistency results. */
+      abstract predicate hasLocationInfo(
+        string filepath, int startline, int startcolumn, int endline, int endcolumn
+      );
+    }
+
     /** Holds if a read can be reached from multiple definitions. */
-    predicate nonUniqueDef(RelevantDefinition def, SourceVariable v, BasicBlock bb, int i) {
+    query predicate nonUniqueDef(RelevantDefinition def, SourceVariable v, BasicBlock bb, int i) {
       ssaDefReachesRead(v, def, bb, i) and
       not exists(unique(Definition def0 | ssaDefReachesRead(v, def0, bb, i)))
     }
 
+    /** Holds if a read can be reached from multiple definitions. */
+    query predicate nonUniqueDefExt(
+      RelevantDefinitionExt def, SourceVariable v, BasicBlock bb, int i
+    ) {
+      ssaDefReachesReadExt(v, def, bb, i) and
+      not exists(unique(DefinitionExt def0 | ssaDefReachesReadExt(v, def0, bb, i)))
+    }
+
     /** Holds if a read cannot be reached from a definition. */
-    predicate readWithoutDef(SourceVariable v, BasicBlock bb, int i) {
+    query predicate readWithoutDef(SourceVariable v, BasicBlock bb, int i) {
       variableRead(bb, i, v, _) and
       not ssaDefReachesRead(v, _, bb, i)
     }
 
+    /** Holds if a read cannot be reached from a definition. */
+    query predicate readWithoutDefExt(SourceVariable v, BasicBlock bb, int i) {
+      variableRead(bb, i, v, _) and
+      not ssaDefReachesReadExt(v, _, bb, i)
+    }
+
     /** Holds if a definition cannot reach a read. */
-    predicate deadDef(RelevantDefinition def, SourceVariable v) {
+    query predicate deadDef(RelevantDefinition def, SourceVariable v) {
       v = def.getSourceVariable() and
       not ssaDefReachesRead(_, def, _, _) and
       not phiHasInputFromBlock(_, def, _) and
       not uncertainWriteDefinitionInput(_, def)
     }
 
+    /** Holds if a definition cannot reach a read. */
+    query predicate deadDefExt(RelevantDefinitionExt def, SourceVariable v) {
+      v = def.getSourceVariable() and
+      not ssaDefReachesReadExt(_, def, _, _) and
+      not phiHasInputFromBlockExt(_, def, _) and
+      not uncertainWriteDefinitionInput(_, def)
+    }
+
     /** Holds if a read is not dominated by a definition. */
-    predicate notDominatedByDef(RelevantDefinition def, SourceVariable v, BasicBlock bb, int i) {
+    query predicate notDominatedByDef(RelevantDefinition def, SourceVariable v, BasicBlock bb, int i) {
       exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef) |
         ssaDefReachesReadWithinBlock(v, def, bb, i) and
         (bb != bbDef or i < iDef)
@@ -888,5 +1149,19 @@ module Make<InputSig Input> {
         not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _)
       )
     }
+
+    /** Holds if a read is not dominated by a definition. */
+    query predicate notDominatedByDefExt(
+      RelevantDefinitionExt def, SourceVariable v, BasicBlock bb, int i
+    ) {
+      exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef, _) |
+        ssaDefReachesReadWithinBlock(v, def, bb, i) and
+        (bb != bbDef or i < iDef)
+        or
+        ssaDefReachesReadExt(v, def, bb, i) and
+        not ssaDefReachesReadWithinBlock(v, def, bb, i) and
+        not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _, _)
+      )
+    }
   }
 }
diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml
index 80e454bf99f..6abc7e0643b 100644
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/ssa
-version: 0.0.5-dev
+version: 0.0.8-dev
 groups: shared
 library: true
diff --git a/shared/typetracking/change-notes/2022-12-01-initial-version.md b/shared/typetracking/change-notes/2022-12-01-initial-version.md
new file mode 100644
index 00000000000..3c6b40318a4
--- /dev/null
+++ b/shared/typetracking/change-notes/2022-12-01-initial-version.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Initial release. Includes a parameterized module implementing type-trackers.
diff --git a/shared/typetracking/codeql/typetracking/TypeTracking.qll b/shared/typetracking/codeql/typetracking/TypeTracking.qll
new file mode 100644
index 00000000000..d289a11a29a
--- /dev/null
+++ b/shared/typetracking/codeql/typetracking/TypeTracking.qll
@@ -0,0 +1,860 @@
+/**
+ * Provides classes and predicates for simple data-flow reachability suitable
+ * for tracking types.
+ */
+
+private import codeql.util.Boolean
+private import codeql.util.Option
+
+/**
+ * The step relations for type tracking.
+ */
+signature module TypeTrackingInput {
+  /** A node that is used by the type-trackers. */
+  class Node {
+    /** Gets a textual representation of this node. */
+    string toString();
+  }
+
+  /**
+   * A node that is the source of local flow. This defines the end-points of the
+   * big-step relation used by type-trackers once the transitive closure of
+   * `simpleLocalFlowStep` is prepended to the other steps.
+   */
+  class LocalSourceNode extends Node;
+
+  /** A type of content to be used with the store and read steps. */
+  class Content {
+    /** Gets a textual representation of this content. */
+    string toString();
+  }
+
+  /**
+   * A label to use for `withContentStep` and `withoutContentStep` steps,
+   * restricting which `Content`s may pass through.
+   */
+  class ContentFilter {
+    /** Gets the content that matches this filter. */
+    Content getAMatchingContent();
+  }
+
+  /**
+   * Holds if a value stored with `storeContents` can be read back with
+   * `loadContents`.
+   */
+  predicate compatibleContents(Content storeContents, Content loadContents);
+
+  /**
+   * Holds if there is a simple local flow step from `nodeFrom` to `nodeTo`.
+   * A transitive closure of such steps is prepended to the non-simple
+   * type-tracking steps.
+   */
+  predicate simpleLocalSmallStep(Node nodeFrom, Node nodeTo);
+
+  /**
+   * Holds if there is a level step from `nodeFrom` to `nodeTo` that does not
+   * depend on the call graph.
+   */
+  predicate levelStepNoCall(Node nodeFrom, LocalSourceNode nodeTo);
+
+  /**
+   * Holds if there is a level step from `nodeFrom` to `nodeTo` that may depend
+   * on the call graph.
+   */
+  predicate levelStepCall(Node nodeFrom, LocalSourceNode nodeTo);
+
+  /**
+   * Holds if `nodeFrom` steps to `nodeTo` by being passed as a parameter in a
+   * call.
+   */
+  predicate callStep(Node nodeFrom, LocalSourceNode nodeTo);
+
+  /**
+   * Holds if `nodeFrom` steps to `nodeTo` by being returned from a call.
+   */
+  predicate returnStep(Node nodeFrom, LocalSourceNode nodeTo);
+
+  /**
+   * Holds if `nodeFrom` is being written to the content `c` of the object in
+   * `nodeTo`.
+   */
+  predicate storeStep(Node nodeFrom, Node nodeTo, Content c);
+
+  /**
+   * Holds if `nodeTo` is the result of accessing the content `c` of `nodeFrom`.
+   */
+  predicate loadStep(Node nodeFrom, LocalSourceNode nodeTo, Content c);
+
+  /**
+   * Holds if the content `c1` of `nodeFrom` is stored in the content `c2` of
+   * `nodeTo`.
+   */
+  predicate loadStoreStep(Node nodeFrom, Node nodeTo, Content c1, Content c2);
+
+  /**
+   * Holds if type-tracking should step from `nodeFrom` to `nodeTo` if inside a
+   * content matched by `filter`.
+   */
+  predicate withContentStep(Node nodeFrom, LocalSourceNode nodeTo, ContentFilter filter);
+
+  /**
+   * Holds if type-tracking should step from `nodeFrom` to `nodeTo` but block
+   * flow of contents matched by `filter`.
+   */
+  predicate withoutContentStep(Node nodeFrom, LocalSourceNode nodeTo, ContentFilter filter);
+
+  /**
+   * Holds if data can flow from `nodeFrom` to `nodeTo` in a way that discards
+   * call contexts.
+   */
+  predicate jumpStep(Node nodeFrom, LocalSourceNode nodeTo);
+
+  /**
+   * Holds if the target of store steps should be backtracked via
+   * `simpleLocalSmallStep` to a `LocalSourceNode`. If this flag is not set,
+   * then the targets of store steps are assumed to be `LocalSourceNode`s
+   * themselves.
+   */
+  predicate hasFeatureBacktrackStoreTarget();
+}
+
+/**
+ * Given a set of step relations, this module provides classes and predicates
+ * for simple data-flow reachability suitable for tracking types.
+ */
+module TypeTracking<TypeTrackingInput I> {
+  private import I
+
+  /** Provides consistency checks for the type-tracker step relations. */
+  module ConsistencyChecks {
+    private predicate stepEntry(Node n, string kind) {
+      simpleLocalSmallStep(n, _) and kind = "simpleLocalSmallStep"
+      or
+      exists(StepSummary ss | smallStep(n, _, ss) and kind = ss.toString())
+      or
+      hasFeatureBacktrackStoreTarget() and
+      kind = "storeTarget" and
+      (storeStep(_, n, _) or loadStoreStep(_, n, _, _))
+    }
+
+    /**
+     * Holds if there is any node in a step relation that is unreachable from a
+     * `LocalSourceNode`.
+     */
+    query predicate unreachableNode(string msg) {
+      exists(int k, string kind |
+        k = strictcount(Node n | stepEntry(n, kind) and not flowsTo(_, n)) and
+        msg = "There are " + k + " unreachable nodes in steps of kind " + kind + "."
+      )
+    }
+
+    /**
+     * Holds if there is a store target that isn't a `LocalSourceNode` and
+     * backtracking store target feature isn't enabled.
+     */
+    query predicate nonSourceStoreTarget(string msg) {
+      not hasFeatureBacktrackStoreTarget() and
+      exists(int k |
+        k =
+          strictcount(Node n |
+            not n instanceof LocalSourceNode and
+            (storeStep(_, n, _) or loadStoreStep(_, n, _, _))
+          ) and
+        msg =
+          "There are " + k +
+            " store targets that are not local source nodes and backtracking store targets is not enabled."
+      )
+    }
+  }
+
+  private module ContentOption = Option<Content>;
+
+  private class ContentOption = ContentOption::Option;
+
+  private newtype TStepSummary =
+    LevelStep() or
+    CallStep() or
+    ReturnStep() or
+    StoreStep(Content content) { storeStep(_, _, content) } or
+    LoadStep(Content content) { loadStep(_, _, content) } or
+    LoadStoreStep(Content load, Content store) { loadStoreStep(_, _, load, store) } or
+    WithContent(ContentFilter filter) { withContentStep(_, _, filter) } or
+    WithoutContent(ContentFilter filter) { withoutContentStep(_, _, filter) } or
+    JumpStep()
+
+  /**
+   * A description of a step on an inter-procedural data flow path.
+   */
+  private class StepSummary extends TStepSummary {
+    /** Gets a textual representation of this step summary. */
+    string toString() {
+      this instanceof LevelStep and result = "level"
+      or
+      this instanceof CallStep and result = "call"
+      or
+      this instanceof ReturnStep and result = "return"
+      or
+      exists(Content content | this = StoreStep(content) | result = "store " + content)
+      or
+      exists(Content content | this = LoadStep(content) | result = "load " + content)
+      or
+      exists(Content load, Content store |
+        this = LoadStoreStep(load, store) and
+        result = "load-store " + load + " -> " + store
+      )
+      or
+      this instanceof JumpStep and result = "jump"
+    }
+  }
+
+  private newtype TTypeTracker =
+    MkTypeTracker(Boolean hasCall, ContentOption content) {
+      content.isNone()
+      or
+      // Restrict `content` to those that might eventually match a load.
+      // We can't rely on `basicStoreStep` since `startInContent` might be used with
+      // a content that has no corresponding store.
+      exists(Content loadContents |
+        (
+          loadStep(_, _, loadContents)
+          or
+          loadStoreStep(_, _, loadContents, _)
+        ) and
+        compatibleContents(content.asSome(), loadContents)
+      )
+    }
+
+  private newtype TTypeBackTracker =
+    MkTypeBackTracker(Boolean hasReturn, ContentOption content) {
+      content.isNone()
+      or
+      // As in MkTypeTracker, restrict `content` to those that might eventually match a store.
+      exists(Content storeContent |
+        (
+          storeStep(_, _, storeContent)
+          or
+          loadStoreStep(_, _, _, storeContent)
+        ) and
+        compatibleContents(storeContent, content.asSome())
+      )
+    }
+
+  pragma[nomagic]
+  private TypeTracker noContentTypeTracker(boolean hasCall) {
+    result = MkTypeTracker(hasCall, any(ContentOption::None c))
+  }
+
+  pragma[nomagic]
+  private TypeTracker contentTypeTracker(boolean hasCall, Content c) {
+    result = MkTypeTracker(hasCall, ContentOption::some(c))
+  }
+
+  /** Gets the summary resulting from appending `step` to type-tracking summary `tt`. */
+  pragma[nomagic]
+  private TypeTracker append(TypeTracker tt, StepSummary step) {
+    exists(Boolean hasCall, ContentOption currentContents |
+      tt = MkTypeTracker(hasCall, currentContents)
+    |
+      step = LevelStep() and result = tt
+      or
+      step = CallStep() and result = MkTypeTracker(true, currentContents)
+      or
+      step = ReturnStep() and hasCall = false and result = tt
+      or
+      step = JumpStep() and
+      result = MkTypeTracker(false, currentContents)
+      or
+      exists(ContentFilter filter | result = tt |
+        step = WithContent(filter) and
+        currentContents.asSome() = filter.getAMatchingContent()
+        or
+        step = WithoutContent(filter) and
+        not currentContents.asSome() = filter.getAMatchingContent()
+      )
+    )
+    or
+    exists(Content storeContents, boolean hasCall |
+      exists(Content loadContents |
+        step = LoadStep(pragma[only_bind_into](loadContents)) and
+        tt = contentTypeTracker(hasCall, storeContents) and
+        compatibleContents(storeContents, loadContents) and
+        result = noContentTypeTracker(hasCall)
+      )
+      or
+      step = StoreStep(pragma[only_bind_into](storeContents)) and
+      tt = noContentTypeTracker(hasCall) and
+      result = contentTypeTracker(hasCall, storeContents)
+    )
+    or
+    exists(Content currentContent, Content store, Content load, boolean hasCall |
+      step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and
+      compatibleContents(pragma[only_bind_into](currentContent), load) and
+      tt = contentTypeTracker(pragma[only_bind_into](hasCall), currentContent) and
+      result = contentTypeTracker(pragma[only_bind_out](hasCall), store)
+    )
+  }
+
+  pragma[nomagic]
+  private TypeBackTracker noContentTypeBackTracker(boolean hasReturn) {
+    result = MkTypeBackTracker(hasReturn, any(ContentOption::None c))
+  }
+
+  pragma[nomagic]
+  private TypeBackTracker contentTypeBackTracker(boolean hasReturn, Content c) {
+    result = MkTypeBackTracker(hasReturn, ContentOption::some(c))
+  }
+
+  /** Gets the summary resulting from prepending `step` to this type-tracking summary. */
+  pragma[nomagic]
+  private TypeBackTracker prepend(TypeBackTracker tbt, StepSummary step) {
+    exists(Boolean hasReturn, ContentOption content | tbt = MkTypeBackTracker(hasReturn, content) |
+      step = LevelStep() and result = tbt
+      or
+      step = CallStep() and hasReturn = false and result = tbt
+      or
+      step = ReturnStep() and result = MkTypeBackTracker(true, content)
+      or
+      step = JumpStep() and
+      result = MkTypeBackTracker(false, content)
+      or
+      exists(ContentFilter filter | result = tbt |
+        step = WithContent(filter) and
+        content.asSome() = filter.getAMatchingContent()
+        or
+        step = WithoutContent(filter) and
+        not content.asSome() = filter.getAMatchingContent()
+      )
+    )
+    or
+    exists(Content loadContents, boolean hasReturn |
+      exists(Content storeContents |
+        step = StoreStep(pragma[only_bind_into](storeContents)) and
+        tbt = contentTypeBackTracker(hasReturn, loadContents) and
+        compatibleContents(storeContents, loadContents) and
+        result = noContentTypeBackTracker(hasReturn)
+      )
+      or
+      step = LoadStep(pragma[only_bind_into](loadContents)) and
+      tbt = noContentTypeBackTracker(hasReturn) and
+      result = contentTypeBackTracker(hasReturn, loadContents)
+    )
+    or
+    exists(Content currentContent, Content store, Content load, boolean hasCall |
+      step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and
+      compatibleContents(store, pragma[only_bind_into](currentContent)) and
+      tbt = contentTypeBackTracker(pragma[only_bind_into](hasCall), currentContent) and
+      result = contentTypeBackTracker(pragma[only_bind_out](hasCall), load)
+    )
+  }
+
+  pragma[inline]
+  private predicate isLocalSourceNode(LocalSourceNode n) { any() }
+
+  /**
+   * Holds if there is flow from `localSource` to `dst` using zero or more
+   * `simpleLocalSmallStep`s.
+   */
+  pragma[nomagic]
+  predicate flowsTo(LocalSourceNode localSource, Node dst) {
+    // explicit type check in base case to avoid repeated type tests in recursive case
+    isLocalSourceNode(localSource) and
+    dst = localSource
+    or
+    exists(Node mid |
+      flowsTo(localSource, mid) and
+      simpleLocalSmallStep(mid, dst)
+    )
+  }
+
+  pragma[nomagic]
+  private predicate storeStepIntoSource(Node nodeFrom, LocalSourceNode nodeTo, Content c) {
+    if hasFeatureBacktrackStoreTarget()
+    then
+      exists(Node obj |
+        flowsTo(nodeTo, obj) and
+        storeStep(nodeFrom, obj, c)
+      )
+    else storeStep(nodeFrom, nodeTo, c)
+  }
+
+  pragma[nomagic]
+  private predicate loadStoreStepIntoSource(
+    Node nodeFrom, LocalSourceNode nodeTo, Content c1, Content c2
+  ) {
+    if hasFeatureBacktrackStoreTarget()
+    then
+      exists(Node obj |
+        flowsTo(nodeTo, obj) and
+        loadStoreStep(nodeFrom, obj, c1, c2)
+      )
+    else loadStoreStep(nodeFrom, nodeTo, c1, c2)
+  }
+
+  pragma[nomagic]
+  private predicate smallStepNoCall(Node nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    levelStepNoCall(nodeFrom, nodeTo) and summary = LevelStep()
+    or
+    exists(Content content |
+      storeStepIntoSource(nodeFrom, nodeTo, content) and
+      summary = StoreStep(content)
+    )
+    or
+    exists(Content content |
+      loadStep(nodeFrom, nodeTo, content) and
+      summary = LoadStep(content)
+    )
+    or
+    exists(Content content1, Content content2 |
+      loadStoreStepIntoSource(nodeFrom, nodeTo, content1, content2) and
+      summary = LoadStoreStep(content1, content2)
+    )
+    or
+    exists(ContentFilter filter |
+      withContentStep(nodeFrom, nodeTo, filter) and
+      summary = WithContent(filter)
+    )
+    or
+    exists(ContentFilter filter |
+      withoutContentStep(nodeFrom, nodeTo, filter) and
+      summary = WithoutContent(filter)
+    )
+    or
+    jumpStep(nodeFrom, nodeTo) and summary = JumpStep()
+  }
+
+  pragma[nomagic]
+  private predicate smallStepCall(Node nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    levelStepCall(nodeFrom, nodeTo) and summary = LevelStep()
+    or
+    callStep(nodeFrom, nodeTo) and summary = CallStep()
+    or
+    returnStep(nodeFrom, nodeTo) and summary = ReturnStep()
+  }
+
+  pragma[nomagic]
+  private predicate stepNoCall(LocalSourceNode nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    exists(Node mid | flowsTo(nodeFrom, mid) and smallStepNoCall(mid, nodeTo, summary))
+  }
+
+  pragma[nomagic]
+  private predicate stepCall(LocalSourceNode nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    exists(Node mid | flowsTo(nodeFrom, mid) and smallStepCall(mid, nodeTo, summary))
+  }
+
+  pragma[inline]
+  private predicate smallStepSplit(Node nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    smallStepCall(nodeFrom, nodeTo, summary) or smallStepNoCall(nodeFrom, nodeTo, summary)
+  }
+
+  pragma[inline]
+  private predicate stepSplit(LocalSourceNode nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    stepNoCall(nodeFrom, nodeTo, summary) or stepCall(nodeFrom, nodeTo, summary)
+  }
+
+  pragma[nomagic]
+  private predicate smallStep(Node nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    smallStepSplit(nodeFrom, nodeTo, summary)
+  }
+
+  pragma[nomagic]
+  private predicate step(LocalSourceNode nodeFrom, LocalSourceNode nodeTo, StepSummary summary) {
+    stepSplit(nodeFrom, nodeTo, summary)
+  }
+
+  /**
+   * A summary of the steps needed to track a value to a given dataflow node.
+   *
+   * This can be used to track objects that implement a certain API in order to
+   * recognize calls to that API. Note that type-tracking does not by itself provide a
+   * source/sink relation, that is, it may determine that a node has a given type,
+   * but it won't determine where that type came from.
+   *
+   * It is recommended that all uses of this type are written in the following form,
+   * for tracking some type `myType`:
+   * ```ql
+   * Node myType(TypeTracker tt) {
+   *   tt.start() and
+   *   result = < source of myType >
+   *   or
+   *   exists(TypeTracker tt2 |
+   *     tt = tt2.step(myType(tt2), result)
+   *   )
+   * }
+   *
+   * Node myType() { myType(TypeTracker::end()).flowsTo(result) }
+   * ```
+   *
+   * If you want to track individual intra-procedural steps, use `tt2.smallstep`
+   * instead of `tt2.step`.
+   */
+  class TypeTracker extends TTypeTracker {
+    private Boolean hasCall;
+    private ContentOption content;
+
+    TypeTracker() { this = MkTypeTracker(hasCall, content) }
+
+    /** Gets the summary resulting from appending `step` to this type-tracking summary. */
+    private TypeTracker append(StepSummary step) { result = append(this, step) }
+
+    /** Gets a textual representation of this summary. */
+    string toString() {
+      exists(string withCall, string withContent |
+        (if hasCall = true then withCall = "with" else withCall = "without") and
+        (
+          withContent = " with content " + content.asSome()
+          or
+          content instanceof ContentOption::None and
+          withContent = ""
+        ) and
+        result = "type tracker " + withCall + " call steps" + withContent
+      )
+    }
+
+    /**
+     * Holds if this is the starting point of type tracking.
+     */
+    predicate start() { hasCall = false and content.isNone() }
+
+    /**
+     * Holds if this is the starting point of type tracking, and the value starts in the content named `contentName`.
+     * The type tracking only ends after the content has been loaded.
+     */
+    predicate startInContent(Content contentName) {
+      hasCall = false and content = ContentOption::some(contentName)
+    }
+
+    /**
+     * Holds if this is the starting point of type tracking
+     * when tracking a parameter into a call, but not out of it.
+     */
+    predicate call() { hasCall = true and content.isNone() }
+
+    /**
+     * Holds if this is the end point of type tracking.
+     */
+    predicate end() { content.isNone() }
+
+    /**
+     * INTERNAL. DO NOT USE.
+     *
+     * Gets the content associated with this type tracker.
+     */
+    ContentOption getContent() { result = content }
+
+    /**
+     * Gets a type tracker that starts where this one has left off to allow continued
+     * tracking.
+     *
+     * This predicate is only defined if the type is not associated to a piece of content.
+     */
+    TypeTracker continue() { content.isNone() and result = this }
+
+    /**
+     * Gets the summary that corresponds to having taken a forwards
+     * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`.
+     */
+    bindingset[nodeFrom, this]
+    TypeTracker step(LocalSourceNode nodeFrom, LocalSourceNode nodeTo) {
+      exists(StepSummary summary |
+        step(pragma[only_bind_out](nodeFrom), _, pragma[only_bind_into](summary)) and
+        result = pragma[only_bind_into](pragma[only_bind_out](this)).append(summary) and
+        step(pragma[only_bind_into](pragma[only_bind_out](nodeFrom)), nodeTo, summary)
+      )
+    }
+
+    /**
+     * Gets the summary that corresponds to having taken a forwards
+     * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`.
+     *
+     * Unlike `TypeTracker::step`, this predicate exposes all edges
+     * in the flow graph, and not just the edges between `Node`s.
+     * It may therefore be less performant.
+     *
+     * Type tracking predicates using small steps typically take the following form:
+     * ```ql
+     * Node myType(TypeTracker tt) {
+     *   tt.start() and
+     *   result = < source of myType >
+     *   or
+     *   exists(TypeTracker tt2 |
+     *     tt = tt2.smallstep(myType(tt2), result)
+     *   )
+     * }
+     *
+     * Node myType() {
+     *   result = myType(TypeTracker::end())
+     * }
+     * ```
+     */
+    bindingset[nodeFrom, this]
+    TypeTracker smallstep(Node nodeFrom, Node nodeTo) {
+      exists(StepSummary summary |
+        smallStep(pragma[only_bind_out](nodeFrom), _, pragma[only_bind_into](summary)) and
+        result = pragma[only_bind_into](pragma[only_bind_out](this)).append(summary) and
+        smallStep(pragma[only_bind_into](pragma[only_bind_out](nodeFrom)), nodeTo, summary)
+      )
+      or
+      simpleLocalSmallStep(nodeFrom, nodeTo) and
+      result = this
+    }
+  }
+
+  /** Provides predicates for implementing custom `TypeTracker`s. */
+  module TypeTracker {
+    /**
+     * Gets a valid end point of type tracking.
+     */
+    TypeTracker end() { result.end() }
+  }
+
+  /**
+   * A summary of the steps needed to back-track a use of a value to a given dataflow node.
+   *
+   * This can for example be used to track callbacks that are passed to a certain API,
+   * so we can model specific parameters of that callback as having a certain type.
+   *
+   * Note that type back-tracking does not provide a source/sink relation, that is,
+   * it may determine that a node will be used in an API call somewhere, but it won't
+   * determine exactly where that use was, or the path that led to the use.
+   *
+   * It is recommended that all uses of this type are written in the following form,
+   * for back-tracking some callback type `myCallback`:
+   *
+   * ```ql
+   * Node myCallback(TypeBackTracker t) {
+   *   t.start() and
+   *   result = (< some API call >).getArgument(< n >).getALocalSource()
+   *   or
+   *   exists(TypeBackTracker t2 |
+   *     t = t2.step(result, myCallback(t2))
+   *   )
+   * }
+   *
+   * Node myCallback() { result = myCallback(TypeBackTracker::end()) }
+   * ```
+   *
+   * If you want to track individual intra-procedural steps, use `t2.smallstep`
+   * instead of `t2.step`.
+   */
+  class TypeBackTracker extends TTypeBackTracker {
+    private Boolean hasReturn;
+    private ContentOption content;
+
+    TypeBackTracker() { this = MkTypeBackTracker(hasReturn, content) }
+
+    /** Gets the summary resulting from prepending `step` to this type-tracking summary. */
+    private TypeBackTracker prepend(StepSummary step) { result = prepend(this, step) }
+
+    /** Gets a textual representation of this summary. */
+    string toString() {
+      exists(string withReturn, string withContent |
+        (if hasReturn = true then withReturn = "with" else withReturn = "without") and
+        (
+          withContent = " with content " + content.asSome()
+          or
+          content instanceof ContentOption::None and
+          withContent = ""
+        ) and
+        result = "type back-tracker " + withReturn + " return steps" + withContent
+      )
+    }
+
+    /**
+     * Holds if this is the starting point of type tracking.
+     */
+    predicate start() { hasReturn = false and content.isNone() }
+
+    /**
+     * Holds if this is the end point of type tracking.
+     */
+    predicate end() { content.isNone() }
+
+    /**
+     * Gets a type tracker that starts where this one has left off to allow continued
+     * tracking.
+     *
+     * This predicate is only defined if the type has not been tracked into a piece of content.
+     */
+    TypeBackTracker continue() { content.isNone() and result = this }
+
+    /**
+     * Gets the summary that corresponds to having taken a backwards
+     * heap and/or inter-procedural step from `nodeTo` to `nodeFrom`.
+     */
+    bindingset[nodeTo, this]
+    TypeBackTracker step(LocalSourceNode nodeFrom, LocalSourceNode nodeTo) {
+      exists(StepSummary summary |
+        step(_, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and
+        result = pragma[only_bind_into](pragma[only_bind_out](this)).prepend(summary) and
+        step(nodeFrom, pragma[only_bind_into](pragma[only_bind_out](nodeTo)), summary)
+      )
+    }
+
+    /**
+     * Gets the summary that corresponds to having taken a backwards
+     * local, heap and/or inter-procedural step from `nodeTo` to `nodeFrom`.
+     *
+     * Unlike `TypeBackTracker::step`, this predicate exposes all edges
+     * in the flowgraph, and not just the edges between
+     * `TypeTrackingNode`s. It may therefore be less performant.
+     *
+     * Type tracking predicates using small steps typically take the following form:
+     * ```ql
+     * Node myType(TypeBackTracker t) {
+     *   t.start() and
+     *   result = < some API call >.getArgument(< n >)
+     *   or
+     *   exists (TypeBackTracker t2 |
+     *     t = t2.smallstep(result, myType(t2))
+     *   )
+     * }
+     *
+     * Node myType() {
+     *   result = myType(DataFlow::TypeBackTracker::end())
+     * }
+     * ```
+     */
+    bindingset[nodeTo, this]
+    TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) {
+      exists(StepSummary summary |
+        smallStep(_, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and
+        result = pragma[only_bind_into](pragma[only_bind_out](this)).prepend(summary) and
+        smallStep(nodeFrom, pragma[only_bind_into](pragma[only_bind_out](nodeTo)), summary)
+      )
+      or
+      simpleLocalSmallStep(nodeFrom, nodeTo) and
+      result = this
+    }
+
+    /**
+     * Gets a forwards summary that is compatible with this backwards summary.
+     * That is, if this summary describes the steps needed to back-track a value
+     * from `sink` to `mid`, and the result is a valid summary of the steps needed
+     * to track a value from `source` to `mid`, then the value from `source` may
+     * also flow to `sink`.
+     */
+    TypeTracker getACompatibleTypeTracker() {
+      exists(boolean hasCall | result = MkTypeTracker(hasCall, content) |
+        hasCall = false or hasReturn = false
+      )
+    }
+  }
+
+  /** Provides predicates for implementing custom `TypeBackTracker`s. */
+  module TypeBackTracker {
+    /**
+     * Gets a valid end point of type back-tracking.
+     */
+    TypeBackTracker end() { result.end() }
+  }
+
+  signature predicate endpoint(Node node);
+
+  /**
+   * Given a source definition, constructs the default forward type tracking from
+   * those sources.
+   */
+  module TypeTrack<endpoint/1 source> {
+    pragma[assume_small_delta]
+    private Node flow(TypeTracker tt) {
+      tt.start() and source(result)
+      or
+      exists(TypeTracker ttMid | tt = ttMid.step(flow(ttMid), result))
+    }
+
+    /**
+     * Holds if the given source flows to `n`.
+     */
+    predicate flowsTo(Node n) { flowsTo(flow(TypeTracker::end()), n) }
+
+    /**
+     * Given a sink definition, constructs the relation of edges that can be used
+     * in a source-sink path and calculates the set of source-sink pairs.
+     */
+    module Graph<endpoint/1 sink> {
+      private newtype TPathNode =
+        TPathNodeMid(Node node, TypeTracker tt) { node = flow(tt) } or
+        TPathNodeSink(Node node) { sink(node) and flowsTo(node) }
+
+      /**
+       * A node on a path that is reachable from a source. This is a pair of a
+       * `Node` and a `TypeTracker` except at sinks for which there is no `TypeTracker`.
+       */
+      class PathNodeFwd extends TPathNode {
+        /** Gets the node of this `PathNode`. */
+        Node getNode() { this = TPathNodeMid(result, _) or this = TPathNodeSink(result) }
+
+        /** Gets the typetracker of this `PathNode`, if any. */
+        TypeTracker getTypeTracker() { this = TPathNodeMid(_, result) }
+
+        private string ppContent() {
+          exists(ContentOption c | this.getTypeTracker() = MkTypeTracker(_, c) |
+            result = " with content " + c.asSome()
+            or
+            c instanceof ContentOption::None and
+            result = ""
+          )
+          or
+          result = "" and this instanceof TPathNodeSink
+        }
+
+        /** Gets a textual representation of this node. */
+        string toString() { result = this.getNode().toString() + this.ppContent() }
+
+        /** Holds if this is a source. */
+        predicate isSource() { source(this.getNode()) and this.getTypeTracker().start() }
+
+        /** Holds if this is a sink. */
+        predicate isSink() { this instanceof TPathNodeSink }
+      }
+
+      private predicate edgeCand(Node n1, TypeTracker tt1, Node n2, TypeTracker tt2) {
+        n1 = flow(tt1) and
+        tt2 = tt1.step(n1, n2)
+      }
+
+      private predicate edgeCand(PathNodeFwd n1, PathNodeFwd n2) {
+        exists(PathNodeFwd tgt |
+          edgeCand(n1.getNode(), n1.getTypeTracker(), tgt.getNode(), tgt.getTypeTracker())
+        |
+          n2 = tgt
+          or
+          n2 = TPathNodeSink(tgt.getNode()) and tgt.getTypeTracker().end()
+        )
+        or
+        n1.getTypeTracker().end() and
+        flowsTo(n1.getNode(), n2.getNode()) and
+        n2 instanceof TPathNodeSink
+      }
+
+      private predicate reachRev(PathNodeFwd n) {
+        n.isSink()
+        or
+        exists(PathNodeFwd mid |
+          edgeCand(n, mid) and
+          reachRev(mid)
+        )
+      }
+
+      /**
+       * A node on a path that is reachable from a source and can reach a sink.
+       * This is a pair of a `Node` and a `TypeTracker`.
+       */
+      class PathNode extends PathNodeFwd {
+        PathNode() { reachRev(this) }
+      }
+
+      /** Holds if `(p1, p2)` is an edge in a path between a source and a sink. */
+      query predicate edges(PathNode n1, PathNode n2) { edgeCand(n1, n2) }
+
+      private predicate stepPlus(PathNode n1, PathNode n2) = fastTC(edges/2)(n1, n2)
+
+      /** Holds if there is a path between `source` and `sink`. */
+      predicate hasFlow(PathNode source, PathNode sink) {
+        source.isSource() and
+        sink.isSink() and
+        (source = sink or stepPlus(source, sink))
+      }
+    }
+  }
+}
diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml
new file mode 100644
index 00000000000..f2e33268e39
--- /dev/null
+++ b/shared/typetracking/qlpack.yml
@@ -0,0 +1,6 @@
+name: codeql/typetracking
+version: 0.0.1-dev
+groups: shared
+library: true
+dependencies:
+  codeql/util: ${workspace}
diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md
index 6741585b960..f8ea7de20ff 100644
--- a/shared/typos/CHANGELOG.md
+++ b/shared/typos/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.0.7
+
+No user-facing changes.
+
+## 0.0.6
+
+No user-facing changes.
+
+## 0.0.5
+
+No user-facing changes.
+
 ## 0.0.4
 
 No user-facing changes.
diff --git a/shared/typos/change-notes/released/0.0.5.md b/shared/typos/change-notes/released/0.0.5.md
new file mode 100644
index 00000000000..766ec2723b5
--- /dev/null
+++ b/shared/typos/change-notes/released/0.0.5.md
@@ -0,0 +1,3 @@
+## 0.0.5
+
+No user-facing changes.
diff --git a/shared/typos/change-notes/released/0.0.6.md b/shared/typos/change-notes/released/0.0.6.md
new file mode 100644
index 00000000000..ccbce856079
--- /dev/null
+++ b/shared/typos/change-notes/released/0.0.6.md
@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.
diff --git a/shared/typos/change-notes/released/0.0.7.md b/shared/typos/change-notes/released/0.0.7.md
new file mode 100644
index 00000000000..84da6f18c42
--- /dev/null
+++ b/shared/typos/change-notes/released/0.0.7.md
@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml
index ec411a674bc..a2a5484910b 100644
--- a/shared/typos/codeql-pack.release.yml
+++ b/shared/typos/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.4
+lastReleaseVersion: 0.0.7
diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml
index 1bada6ef1ff..ac9084e7c06 100644
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/typos
-version: 0.0.5-dev
+version: 0.0.8-dev
 groups: shared
 library: true
diff --git a/shared/util/change-notes/2022-11-30-initial-version.md b/shared/util/change-notes/2022-11-30-initial-version.md
new file mode 100644
index 00000000000..81893f23dfc
--- /dev/null
+++ b/shared/util/change-notes/2022-11-30-initial-version.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Initial release. Includes common utility classes and modules: Unit, Boolean, and Option.
diff --git a/shared/util/codeql/util/Boolean.qll b/shared/util/codeql/util/Boolean.qll
new file mode 100644
index 00000000000..84a91f763e4
--- /dev/null
+++ b/shared/util/codeql/util/Boolean.qll
@@ -0,0 +1,10 @@
+/** Provides the `Boolean` class. */
+
+/**
+ * A utility class that is equivalent to `boolean`.
+ *
+ * As opposed to `boolean`, this type does not require explicit binding.
+ */
+class Boolean extends boolean {
+  Boolean() { this = [true, false] }
+}
diff --git a/shared/util/codeql/util/Option.qll b/shared/util/codeql/util/Option.qll
new file mode 100644
index 00000000000..9382dc9555c
--- /dev/null
+++ b/shared/util/codeql/util/Option.qll
@@ -0,0 +1,44 @@
+/** Provides a module for constructing optional versions of types. */
+
+/** A type with `toString`. */
+signature class TypeWithToString {
+  string toString();
+}
+
+/**
+ * Constructs an `Option` type that is a disjoint union of the given type and an
+ * additional singleton element.
+ */
+module Option<TypeWithToString T> {
+  private newtype TOption =
+    TNone() or
+    TSome(T c)
+
+  /**
+   * An option type. This is either a singleton `None` or a `Some` wrapping the
+   * given type.
+   */
+  class Option extends TOption {
+    /** Gets a textual representation of this element. */
+    string toString() {
+      this = TNone() and result = "(none)"
+      or
+      exists(T c | this = TSome(c) and result = c.toString())
+    }
+
+    /** Gets the wrapped element, if any. */
+    T asSome() { this = TSome(result) }
+
+    /** Holds if this option is the singleton `None`. */
+    predicate isNone() { this = TNone() }
+  }
+
+  /** The singleton `None` element. */
+  class None extends Option, TNone { }
+
+  /** A wrapper for the given type. */
+  class Some extends Option, TSome { }
+
+  /** Gets the given element wrapped as an `Option`. */
+  Some some(T c) { result = TSome(c) }
+}
diff --git a/shared/util/codeql/util/Unit.qll b/shared/util/codeql/util/Unit.qll
new file mode 100644
index 00000000000..e9611ed3df4
--- /dev/null
+++ b/shared/util/codeql/util/Unit.qll
@@ -0,0 +1,10 @@
+/** Provides the `Unit` class. */
+
+/** The unit type. */
+private newtype TUnit = TMkUnit()
+
+/** The trivial type with a single element. */
+class Unit extends TUnit {
+  /** Gets a textual representation of this element. */
+  string toString() { result = "unit" }
+}
diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml
new file mode 100644
index 00000000000..faee72042d6
--- /dev/null
+++ b/shared/util/qlpack.yml
@@ -0,0 +1,5 @@
+name: codeql/util
+version: 0.0.1-dev
+groups: shared
+library: true
+dependencies:
diff --git a/swift/BUILD.bazel b/swift/BUILD.bazel
index 446d021a6aa..bafbe01f712 100644
--- a/swift/BUILD.bazel
+++ b/swift/BUILD.bazel
@@ -33,14 +33,15 @@ pkg_filegroup(
     srcs = [
         ":dbscheme_files",
         ":manifest",
+        "//swift/downgrades",
         "//swift/tools",
     ],
     visibility = ["//visibility:public"],
 )
 
-pkg_runfiles(
+pkg_filegroup(
     name = "extractor",
-    srcs = ["//swift/extractor"],
+    srcs = ["//swift/extractor:pkg"],
     prefix = "tools/" + codeql_platform,
 )
 
diff --git a/swift/CMakeLists.txt b/swift/CMakeLists.txt
index ad431e49a17..fbc55187567 100644
--- a/swift/CMakeLists.txt
+++ b/swift/CMakeLists.txt
@@ -9,6 +9,10 @@ set(CMAKE_CXX_EXTENSIONS OFF)
 set(CMAKE_C_COMPILER clang)
 set(CMAKE_CXX_COMPILER clang++)
 
+if(APPLE)
+    set(CMAKE_OSX_ARCHITECTURES x86_64) # temporary until we can build a Universal Binary
+endif()
+
 project(codeql)
 
 include(../misc/bazel/cmake/setup.cmake)
diff --git a/swift/actions/build-and-test/action.yml b/swift/actions/build-and-test/action.yml
new file mode 100644
index 00000000000..386bd4d5a19
--- /dev/null
+++ b/swift/actions/build-and-test/action.yml
@@ -0,0 +1,78 @@
+name: Build Swift CodeQL pack
+description: Builds the Swift CodeQL pack
+runs:
+  using: composite
+  steps:
+    - uses: bazelbuild/setup-bazelisk@v2
+    - uses: actions/setup-python@v4
+      with:
+        python-version-file: 'swift/.python-version'
+    # FIXME: this is copy-pasted from .github/actions/cache-query-compilation, but we cannot factor it out to a common
+    # composite action because of https://github.com/actions/runner/issues/2009 (cache fails to save in the post action
+    # phase because its inputs were lost in the meantime)
+    # calculate the merge-base with main, in a way that works both on PRs and pushes to main.
+    - name: Calculate merge-base
+      shell: bash
+      if: ${{ github.event_name == 'pull_request' }}
+      env:
+        BASE_BRANCH: ${{ github.base_ref }}
+      run: |
+        MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
+        echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
+    - name: Restore read-only cache (PR)
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      with:
+        path: 'bazel-cache'
+        read-only: true
+        key: bazel-pr-${{ github.sha }}
+        restore-keys: |
+          bazel-${{ github.base_ref }}-${{ env.merge_base }}
+          bazel-${{ github.base_ref }}-
+          bazel-main-
+    - name: Fill cache (push)
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      with:
+        path: 'bazel-cache'
+        key: bazel-${{ github.ref_name }}-${{ github.sha }} # just fill on main
+        restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation.
+          bazel-${{ github.ref_name }}-
+          bazel-main-
+    - name: Configure bazel
+      shell: bash
+      run: |
+        mkdir -p bazel-cache/{repository,disk}
+        echo build --repository_cache=bazel-cache/repository --disk_cache=bazel-cache/disk > local.bazelrc
+        echo test --test_output=errors >> local.bazelrc
+    - name: Print unextracted entities
+      shell: bash
+      run: |
+        bazel run //swift/extractor/print_unextracted
+    - uses: ./swift/actions/share-extractor-pack
+    - name: Build Swift extractor
+      shell: bash
+      run: |
+        bazel run //swift:create-extractor-pack
+    - name: Run xcode-autobuilder tests
+      if : ${{ github.event_name == 'pull_request' && runner.os == 'macOS' }}
+      shell: bash
+      run: |
+        bazel test //swift/xcode-autobuilder/tests
+    - name: Run codegen tests
+      if : ${{ github.event_name == 'pull_request' }}
+      shell: bash
+      run: |
+        bazel test //swift/codegen/test
+    - name: Run qltest tests
+      if : ${{ github.event_name == 'pull_request' }}
+      shell: bash
+      run: |
+        bazel test //swift/tools/test/qltest
+    - name: Evict bazel cache
+      if: ${{ github.event_name != 'pull_request' }}
+      shell: bash
+      run: |
+        du -sh bazel-cache/*
+        find bazel-cache -atime +0 -type f -delete
+        du -sh bazel-cache/*
diff --git a/swift/actions/create-extractor-pack/action.yml b/swift/actions/create-extractor-pack/action.yml
deleted file mode 100644
index d020a41a071..00000000000
--- a/swift/actions/create-extractor-pack/action.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-name: Build Swift CodeQL pack
-description: Builds the Swift CodeQL pack
-runs:
-  using: composite
-  steps:
-    - uses: ./swift/actions/setup-env
-    - uses: ./swift/actions/share-extractor-pack
-    - name: Build Swift extractor
-      shell: bash
-      run: |
-        bazel run //swift:create-extractor-pack
diff --git a/swift/actions/database-upgrade-scripts/action.yml b/swift/actions/database-upgrade-scripts/action.yml
new file mode 100644
index 00000000000..26f95d44b8a
--- /dev/null
+++ b/swift/actions/database-upgrade-scripts/action.yml
@@ -0,0 +1,23 @@
+name: Check Swift database upgrade/downgrade scripts
+runs:
+  using: composite
+  steps:
+    - name: Check upgrade scripts
+      shell: bash
+      working-directory: swift
+      run: |
+        echo > empty.trap
+        codeql dataset import -S ql/lib/upgrades/initial/swift.dbscheme testdb empty.trap
+        codeql dataset upgrade testdb --additional-packs ql/lib
+        diff -q testdb/swift.dbscheme ql/lib/swift.dbscheme
+    - name: Check downgrade scripts
+      shell: bash
+      working-directory: swift
+      run: |
+        echo > empty.trap
+        rm -rf testdb
+        codeql dataset import -S ql/lib/swift.dbscheme testdb empty.trap
+        codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
+         --dbscheme=ql/lib/swift.dbscheme --target-dbscheme=downgrades/initial/swift.dbscheme |
+         xargs -r codeql execute upgrades testdb
+        diff -q testdb/swift.dbscheme downgrades/initial/swift.dbscheme
diff --git a/swift/actions/print-unextracted/action.yml b/swift/actions/print-unextracted/action.yml
deleted file mode 100644
index 5c59fc61b45..00000000000
--- a/swift/actions/print-unextracted/action.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: Print unextracted entities
-description: Prints all AST and Type entities that we do not extract yet. Must be run after `setup-env`
-runs:
-  using: composite
-  steps:
-    - name: Print unextracted entities
-      shell: bash
-      run: |
-        bazel run //swift/extractor/print_unextracted
diff --git a/swift/actions/run-integration-tests/action.yml b/swift/actions/run-integration-tests/action.yml
index 9325fb8b11d..163f572acde 100644
--- a/swift/actions/run-integration-tests/action.yml
+++ b/swift/actions/run-integration-tests/action.yml
@@ -13,11 +13,25 @@ runs:
     - uses: actions/setup-python@v4
       with:
         python-version-file: 'swift/.python-version'
-    - uses: swift-actions/setup-swift@v1
+    - uses: swift-actions/setup-swift@194625b58a582570f61cc707c3b558086c26b723
       with:
         swift-version: "${{steps.get_swift_version.outputs.version}}"
     - uses: ./.github/actions/fetch-codeql
+    - id: query-cache
+      uses: ./.github/actions/cache-query-compilation
+      with:
+        key: swift-integration
     - name: Run integration tests
       shell: bash
       run: |
-        python swift/integration-tests/runner.py
+        python swift/integration-tests/runner.py --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+      env:
+        SEMMLE_DEBUG_TRACER: 10000
+    - name: Upload test logs
+      if: ${{ always() }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: swift-integration-tests-logs-${{ runner.os }}
+        path: |
+          swift/integration-tests/**/db/log
+        retention-days: 1
diff --git a/swift/actions/run-ql-tests/action.yml b/swift/actions/run-ql-tests/action.yml
index 86af7ba12c3..436f913e630 100644
--- a/swift/actions/run-ql-tests/action.yml
+++ b/swift/actions/run-ql-tests/action.yml
@@ -10,18 +10,23 @@ runs:
   steps:
     - uses: ./swift/actions/share-extractor-pack
     - uses: ./.github/actions/fetch-codeql
+    - id: query-cache
+      uses: ./.github/actions/cache-query-compilation
+      with:
+        key: swift-qltest
     - name: Run QL tests
       shell: bash
       run: |
         codeql test run \
           --threads=0 \
-          --ram 5000 \
+          --ram 50000 \
           --search-path "${{ github.workspace }}/swift/extractor-pack" \
           --check-databases \
           --check-unused-labels \
           --check-repeated-labels \
           --check-redefined-labels \
           --check-use-before-definition \
+          --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
           ${{ inputs.flags }} \
           swift/ql/test
       env:
diff --git a/swift/actions/run-quick-tests/action.yml b/swift/actions/run-quick-tests/action.yml
deleted file mode 100644
index aca263cb996..00000000000
--- a/swift/actions/run-quick-tests/action.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Run Swift quick tests
-description: Runs Swift tests defined in Bazel. Must be run after `setup-env`
-runs:
-  using: composite
-  steps:
-    - name: Run xcode-autobuilder tests
-      if: runner.os == 'macOS'
-      shell: bash
-      run: |
-        bazel test //swift/xcode-autobuilder/tests
-    - name: Run codegen tests
-      shell: bash
-      run: |
-        bazel test //swift/codegen/test
-    - name: Run qltest tests
-      shell: bash
-      run: |
-        bazel test //swift/tools/test/qltest
diff --git a/swift/actions/setup-env/action.yml b/swift/actions/setup-env/action.yml
deleted file mode 100644
index 8e3bf3478f0..00000000000
--- a/swift/actions/setup-env/action.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Setup Swift Package Environment
-description: Sets up the environment in which to build the Swift package and run its tests
-runs:
-  using: composite
-  steps:
-    - uses: bazelbuild/setup-bazelisk@v2
-    - uses: actions/setup-python@v4
-      with:
-        python-version-file: 'swift/.python-version'
-    - name: Mount bazel cache
-      uses: actions/cache@v3
-      with:
-        path: "~/.cache/bazel-repository-cache"
-        key: bazel-cache-${{ runner.os }}-${{ runner.arch }}
-    - name: Mount bazel disk cache
-      uses: actions/cache@v3
-      with:
-        path: "~/.cache/bazel-disk-cache"
-        key: bazel-disk-cache-${{ runner.os }}-${{ runner.arch }}
-    - name: Set up bazel disk cache
-      shell: bash
-      run: |
-        echo build --repository_cache=~/.cache/bazel-repository-cache --disk_cache=~/.cache/bazel-disk-cache > ~/.bazelrc
diff --git a/swift/codegen/codegen.py b/swift/codegen/codegen.py
index aa09ab805c8..58160e9b998 100755
--- a/swift/codegen/codegen.py
+++ b/swift/codegen/codegen.py
@@ -40,11 +40,15 @@ def _parse_args() -> argparse.Namespace:
     p.add_argument("--codeql-binary", default="codeql", help="command to use for QL formatting (default %(default)s)")
     p.add_argument("--cpp-output", type=_abspath,
                    help="output directory for generated C++ files, required if trap or cpp is provided to --generate")
+    p.add_argument("--generated-registry", type=_abspath, default=paths.swift_dir / "ql/.generated.list",
+                   help="registry file containing information about checked-in generated code")
+    p.add_argument("--force", "-f", action="store_true",
+                   help="generate all files without skipping unchanged files and overwriting modified ones")
     return p.parse_args()
 
 
-def _abspath(x: str) -> pathlib.Path:
-    return pathlib.Path(x).resolve()
+def _abspath(x: str) -> typing.Optional[pathlib.Path]:
+    return pathlib.Path(x).resolve() if x else None
 
 
 def run():
@@ -56,9 +60,8 @@ def run():
     else:
         log_level = logging.INFO
     logging.basicConfig(format="{levelname} {message}", style='{', level=log_level)
-    exe_path = paths.exe_file.relative_to(opts.swift_dir)
     for target in opts.generate:
-        generate(target, opts, render.Renderer(exe_path))
+        generate(target, opts, render.Renderer(opts.swift_dir))
 
 
 if __name__ == "__main__":
diff --git a/swift/codegen/generators/cppgen.py b/swift/codegen/generators/cppgen.py
index 45f0d98949b..16f997efacb 100644
--- a/swift/codegen/generators/cppgen.py
+++ b/swift/codegen/generators/cppgen.py
@@ -83,7 +83,8 @@ class Processor:
     def get_classes(self):
         ret = {'': []}
         for k, cls in self._classmap.items():
-            ret.setdefault(cls.group, []).append(self._get_class(cls.name))
+            if not cls.ipa:
+                ret.setdefault(cls.group, []).append(self._get_class(cls.name))
         return ret
 
 
diff --git a/swift/codegen/generators/dbschemegen.py b/swift/codegen/generators/dbschemegen.py
index b750a9d6e12..58cb40a3335 100755
--- a/swift/codegen/generators/dbschemegen.py
+++ b/swift/codegen/generators/dbschemegen.py
@@ -38,10 +38,12 @@ def dbtype(typename: str, add_or_none_except: typing.Optional[str] = None) -> st
     return typename
 
 
-def cls_to_dbscheme(cls: schema.Class, add_or_none_except: typing.Optional[str] = None):
+def cls_to_dbscheme(cls: schema.Class, lookup: typing.Dict[str, schema.Class], add_or_none_except: typing.Optional[str] = None):
     """ Yield all dbscheme entities needed to model class `cls` """
+    if cls.ipa:
+        return
     if cls.derived:
-        yield Union(dbtype(cls.name), (dbtype(c) for c in cls.derived))
+        yield Union(dbtype(cls.name), (dbtype(c) for c in cls.derived if not lookup[c].ipa))
     dir = pathlib.Path(cls.group) if cls.group else None
     # output a table specific to a class only if it is a leaf class or it has 1-to-1 properties
     # Leaf classes need a table to bind the `@` ids
@@ -96,7 +98,7 @@ def cls_to_dbscheme(cls: schema.Class, add_or_none_except: typing.Optional[str]
 
 def get_declarations(data: schema.Schema):
     add_or_none_except = data.root_class.name if data.null else None
-    declarations = [d for cls in data.classes.values() for d in cls_to_dbscheme(cls, add_or_none_except)]
+    declarations = [d for cls in data.classes.values() for d in cls_to_dbscheme(cls, data.classes, add_or_none_except)]
     if data.null:
         property_classes = {
             prop.type for cls in data.classes.values() for prop in cls.properties
diff --git a/swift/codegen/generators/qlgen.py b/swift/codegen/generators/qlgen.py
index 2172a9517e6..de38984caa7 100755
--- a/swift/codegen/generators/qlgen.py
+++ b/swift/codegen/generators/qlgen.py
@@ -43,10 +43,6 @@ class FormatError(Error):
     pass
 
 
-class ModifiedStubMarkedAsGeneratedError(Error):
-    pass
-
-
 class RootElementHasChildren(Error):
     pass
 
@@ -63,6 +59,7 @@ abbreviations = {
     "repr": "representation",
     "param": "parameter",
     "int": "integer",
+    "var": "variable",
 }
 
 abbreviations.update({f"{k}s": f"{v}s" for k, v in abbreviations.items()})
@@ -215,32 +212,11 @@ def get_classes_used_by(cls: ql.Class) -> typing.List[str]:
     return sorted(set(t for t in get_types_used_by(cls) if t[0].isupper() and t != cls.name))
 
 
-_generated_stub_re = re.compile(r"\n*private import .*\n+class \w+ extends Generated::\w+ \{[ \n]?\}", re.MULTILINE)
-
-
-def _is_generated_stub(file: pathlib.Path) -> bool:
-    with open(file) as contents:
-        for line in contents:
-            if not line.startswith("// generated"):
-                return False
-            break
-        else:
-            # no lines
-            return False
-        # we still do not detect modified synth constructors
-        if not file.name.endswith("Constructor.qll"):
-            # one line already read, if we can read 5 other we are past the normal stub generation
-            line_threshold = 5
-            first_lines = list(itertools.islice(contents, line_threshold))
-            if len(first_lines) == line_threshold or not _generated_stub_re.match("".join(first_lines)):
-                raise ModifiedStubMarkedAsGeneratedError(
-                    f"{file.name} stub was modified but is still marked as generated")
-        return True
-
-
 def format(codeql, files):
-    format_cmd = [codeql, "query", "format", "--in-place", "--"]
-    format_cmd.extend(str(f) for f in files if f.suffix in (".qll", ".ql"))
+    ql_files = [str(f) for f in files if f.suffix in (".qll", ".ql")]
+    if not ql_files:
+        return
+    format_cmd = [codeql, "query", "format", "--in-place", "--"] + ql_files
     res = subprocess.run(format_cmd, stderr=subprocess.PIPE, text=True)
     if res.returncode:
         for line in res.stderr.splitlines():
@@ -272,7 +248,12 @@ def _get_all_properties_to_be_tested(cls: schema.Class, lookup: typing.Dict[str,
         if not ("qltest_skip" in c.pragmas or "qltest_skip" in p.pragmas):
             # TODO here operations are duplicated, but should be better if we split ql and qltest generation
             p = get_ql_property(c, p)
-            yield ql.PropertyForTest(p.getter, p.type, p.is_single, p.is_predicate, p.is_repeated)
+            yield ql.PropertyForTest(p.getter, is_total=p.is_single or p.is_predicate,
+                                     type=p.type if not p.is_predicate else None, is_repeated=p.is_repeated)
+            if p.is_repeated and not p.is_optional:
+                yield ql.PropertyForTest(f"getNumberOf{p.plural}", type="int")
+            elif p.is_optional and not p.is_repeated:
+                yield ql.PropertyForTest(f"has{p.singular}")
 
 
 def _partition_iter(x, pred):
@@ -306,11 +287,14 @@ def generate(opts, renderer):
     stub_out = opts.ql_stub_output
     test_out = opts.ql_test_output
     missing_test_source_filename = "MISSING_SOURCE.txt"
+    include_file = stub_out.with_suffix(".qll")
 
-    existing = {q for q in out.rglob("*.qll")}
-    existing |= {q for q in stub_out.rglob("*.qll") if _is_generated_stub(q)}
-    existing |= {q for q in test_out.rglob("*.ql")}
-    existing |= {q for q in test_out.rglob(missing_test_source_filename)}
+    generated = {q for q in out.rglob("*.qll")}
+    generated.add(include_file)
+    generated.update(q for q in test_out.rglob("*.ql"))
+    generated.update(q for q in test_out.rglob(missing_test_source_filename))
+
+    stubs = {q for q in stub_out.rglob("*.qll")}
 
     data = schema.load_file(input)
 
@@ -323,77 +307,76 @@ def generate(opts, renderer):
 
     imports = {}
 
-    db_classes = [cls for cls in classes.values() if not cls.ipa]
-    renderer.render(ql.DbClasses(db_classes), out / "Raw.qll")
+    with renderer.manage(generated=generated, stubs=stubs, registry=opts.generated_registry,
+                         force=opts.force) as renderer:
 
-    classes_by_dir_and_name = sorted(classes.values(), key=lambda cls: (cls.dir, cls.name))
-    for c in classes_by_dir_and_name:
-        imports[c.name] = get_import(stub_out / c.path, opts.swift_dir)
+        db_classes = [cls for cls in classes.values() if not cls.ipa]
+        renderer.render(ql.DbClasses(db_classes), out / "Raw.qll")
 
-    for c in classes.values():
-        qll = out / c.path.with_suffix(".qll")
-        c.imports = [imports[t] for t in get_classes_used_by(c)]
-        renderer.render(c, qll)
-        stub_file = stub_out / c.path.with_suffix(".qll")
-        if not stub_file.is_file() or _is_generated_stub(stub_file):
-            stub = ql.Stub(
-                name=c.name, base_import=get_import(qll, opts.swift_dir))
-            renderer.render(stub, stub_file)
+        classes_by_dir_and_name = sorted(classes.values(), key=lambda cls: (cls.dir, cls.name))
+        for c in classes_by_dir_and_name:
+            imports[c.name] = get_import(stub_out / c.path, opts.swift_dir)
 
-    # for example path/to/elements -> path/to/elements.qll
-    include_file = stub_out.with_suffix(".qll")
-    renderer.render(ql.ImportList(list(imports.values())), include_file)
+        for c in classes.values():
+            qll = out / c.path.with_suffix(".qll")
+            c.imports = [imports[t] for t in get_classes_used_by(c)]
+            renderer.render(c, qll)
+            stub_file = stub_out / c.path.with_suffix(".qll")
+            if not renderer.is_customized_stub(stub_file):
+                stub = ql.Stub(name=c.name, base_import=get_import(qll, opts.swift_dir))
+                renderer.render(stub, stub_file)
 
-    renderer.render(ql.GetParentImplementation(list(classes.values())), out / 'ParentChild.qll')
+        # for example path/to/elements -> path/to/elements.qll
+        renderer.render(ql.ImportList(list(imports.values())), include_file)
 
-    for c in data.classes.values():
-        if _should_skip_qltest(c, data.classes):
-            continue
-        test_dir = test_out / c.group / c.name
-        test_dir.mkdir(parents=True, exist_ok=True)
-        if not any(test_dir.glob("*.swift")):
-            log.warning(f"no test source in {test_dir.relative_to(test_out)}")
-            renderer.render(ql.MissingTestInstructions(),
-                            test_dir / missing_test_source_filename)
-            continue
-        total_props, partial_props = _partition(_get_all_properties_to_be_tested(c, data.classes),
-                                                lambda p: p.is_single or p.is_predicate)
-        renderer.render(ql.ClassTester(class_name=c.name,
-                                       properties=total_props,
-                                       # in case of collapsed hierarchies we want to see the actual QL class in results
-                                       show_ql_class="qltest_collapse_hierarchy" in c.pragmas),
-                        test_dir / f"{c.name}.ql")
-        for p in partial_props:
-            renderer.render(ql.PropertyTester(class_name=c.name,
-                                              property=p), test_dir / f"{c.name}_{p.getter}.ql")
+        renderer.render(ql.GetParentImplementation(list(classes.values())), out / 'ParentChild.qll')
 
-    final_ipa_types = []
-    non_final_ipa_types = []
-    constructor_imports = []
-    ipa_constructor_imports = []
-    stubs = {}
-    for cls in sorted(data.classes.values(), key=lambda cls: (cls.group, cls.name)):
-        ipa_type = get_ql_ipa_class(cls)
-        if ipa_type.is_final:
-            final_ipa_types.append(ipa_type)
-            if ipa_type.has_params:
-                stub_file = stub_out / cls.group / f"{cls.name}Constructor.qll"
-                if not stub_file.is_file() or _is_generated_stub(stub_file):
-                    # stub rendering must be postponed as we might not have yet all subtracted ipa types in `ipa_type`
-                    stubs[stub_file] = ql.Synth.ConstructorStub(ipa_type)
-                constructor_import = get_import(stub_file, opts.swift_dir)
-                constructor_imports.append(constructor_import)
-                if ipa_type.is_ipa:
-                    ipa_constructor_imports.append(constructor_import)
-        else:
-            non_final_ipa_types.append(ipa_type)
+        for c in data.classes.values():
+            if _should_skip_qltest(c, data.classes):
+                continue
+            test_dir = test_out / c.group / c.name
+            test_dir.mkdir(parents=True, exist_ok=True)
+            if not any(test_dir.glob("*.swift")):
+                log.warning(f"no test source in {test_dir.relative_to(test_out)}")
+                renderer.render(ql.MissingTestInstructions(),
+                                test_dir / missing_test_source_filename)
+                continue
+            total_props, partial_props = _partition(_get_all_properties_to_be_tested(c, data.classes),
+                                                    lambda p: p.is_total)
+            renderer.render(ql.ClassTester(class_name=c.name,
+                                           properties=total_props,
+                                           # in case of collapsed hierarchies we want to see the actual QL class in results
+                                           show_ql_class="qltest_collapse_hierarchy" in c.pragmas),
+                            test_dir / f"{c.name}.ql")
+            for p in partial_props:
+                renderer.render(ql.PropertyTester(class_name=c.name,
+                                                  property=p), test_dir / f"{c.name}_{p.getter}.ql")
 
-    for stub_file, data in stubs.items():
-        renderer.render(data, stub_file)
-    renderer.render(ql.Synth.Types(root.name, final_ipa_types, non_final_ipa_types), out / "Synth.qll")
-    renderer.render(ql.ImportList(constructor_imports), out / "SynthConstructors.qll")
-    renderer.render(ql.ImportList(ipa_constructor_imports), out / "PureSynthConstructors.qll")
+        final_ipa_types = []
+        non_final_ipa_types = []
+        constructor_imports = []
+        ipa_constructor_imports = []
+        stubs = {}
+        for cls in sorted(data.classes.values(), key=lambda cls: (cls.group, cls.name)):
+            ipa_type = get_ql_ipa_class(cls)
+            if ipa_type.is_final:
+                final_ipa_types.append(ipa_type)
+                if ipa_type.has_params:
+                    stub_file = stub_out / cls.group / f"{cls.name}Constructor.qll"
+                    if not renderer.is_customized_stub(stub_file):
+                        # stub rendering must be postponed as we might not have yet all subtracted ipa types in `ipa_type`
+                        stubs[stub_file] = ql.Synth.ConstructorStub(ipa_type)
+                    constructor_import = get_import(stub_file, opts.swift_dir)
+                    constructor_imports.append(constructor_import)
+                    if ipa_type.is_ipa:
+                        ipa_constructor_imports.append(constructor_import)
+            else:
+                non_final_ipa_types.append(ipa_type)
 
-    renderer.cleanup(existing)
-    if opts.ql_format:
-        format(opts.codeql_binary, renderer.written)
+        for stub_file, data in stubs.items():
+            renderer.render(data, stub_file)
+        renderer.render(ql.Synth.Types(root.name, final_ipa_types, non_final_ipa_types), out / "Synth.qll")
+        renderer.render(ql.ImportList(constructor_imports), out / "SynthConstructors.qll")
+        renderer.render(ql.ImportList(ipa_constructor_imports), out / "PureSynthConstructors.qll")
+        if opts.ql_format:
+            format(opts.codeql_binary, renderer.written)
diff --git a/swift/codegen/lib/ql.py b/swift/codegen/lib/ql.py
index 63c460b901c..db293c8706f 100644
--- a/swift/codegen/lib/ql.py
+++ b/swift/codegen/lib/ql.py
@@ -165,9 +165,8 @@ class GetParentImplementation:
 @dataclass
 class PropertyForTest:
     getter: str
+    is_total: bool = True
     type: Optional[str] = None
-    is_single: bool = False
-    is_predicate: bool = False
     is_repeated: bool = False
 
 
diff --git a/swift/codegen/lib/render.py b/swift/codegen/lib/render.py
index d077161bce0..65014a42fa2 100644
--- a/swift/codegen/lib/render.py
+++ b/swift/codegen/lib/render.py
@@ -7,6 +7,9 @@ https://mustache.github.io/
 
 import logging
 import pathlib
+import typing
+import hashlib
+from dataclasses import dataclass
 
 import pystache
 
@@ -15,15 +18,22 @@ from . import paths
 log = logging.getLogger(__name__)
 
 
+class Error(Exception):
+    pass
+
+
 class Renderer:
     """ Template renderer using mustache templates in the `templates` directory """
 
-    def __init__(self, generator):
+    def __init__(self, swift_dir: pathlib.Path):
         self._r = pystache.Renderer(search_dirs=str(paths.templates_dir), escape=lambda u: u)
-        self.written = set()
-        self._generator = generator
+        self._swift_dir = swift_dir
+        self._generator = self._get_path(paths.exe_file)
 
-    def render(self, data, output: pathlib.Path):
+    def _get_path(self, file: pathlib.Path):
+        return file.relative_to(self._swift_dir)
+
+    def render(self, data: object, output: pathlib.Path):
         """ Render `data` to `output`.
 
         `data` must have a `template` attribute denoting which template to use from the template directory.
@@ -41,13 +51,145 @@ class Renderer:
                 output_filename = output_filename.with_suffix(f".{ext}")
                 template += f"_{ext}"
             contents = self._r.render_name(template, data, generator=self._generator)
-            with open(output_filename, "w") as out:
-                out.write(contents)
-            log.debug(f"{mnemonic}: generated {output.name}")
-            self.written.add(output_filename)
+            self._do_write(mnemonic, contents, output_filename)
 
-    def cleanup(self, existing):
-        """ Remove files in `existing` for which no `render` has been called """
-        for f in existing - self.written:
-            f.unlink(missing_ok=True)
-            log.info(f"removed {f.name}")
+    def _do_write(self, mnemonic: str, contents: str, output: pathlib.Path):
+        with open(output, "w") as out:
+            out.write(contents)
+        log.debug(f"{mnemonic}: generated {output.name}")
+
+    def manage(self, generated: typing.Iterable[pathlib.Path], stubs: typing.Iterable[pathlib.Path],
+               registry: pathlib.Path, force: bool = False) -> "RenderManager":
+        return RenderManager(self._swift_dir, generated, stubs, registry, force)
+
+
+class RenderManager(Renderer):
+    """ A context manager allowing to manage checked in generated files and their cleanup, able
+    to skip unneeded writes.
+
+    This is done by using and updating a checked in list of generated files that assigns two
+    hashes to each file:
+    * one is the hash of the mustache rendered contents, that can be used to quickly check whether a
+      write is needed
+    * the other is the hash of the actual file after code generation has finished. This will be
+      different from the above because of post-processing like QL formatting. This hash is used
+      to detect invalid modification of generated files"""
+    written: typing.Set[pathlib.Path]
+
+    @dataclass
+    class Hashes:
+        """
+        pre contains the hash of a file as rendered, post is the hash after
+        postprocessing (for example QL formatting)
+        """
+        pre: str
+        post: typing.Optional[str] = None
+
+    def __init__(self, swift_dir: pathlib.Path, generated: typing.Iterable[pathlib.Path],
+                 stubs: typing.Iterable[pathlib.Path],
+                 registry: pathlib.Path, force: bool = False):
+        super().__init__(swift_dir)
+        self._registry_path = registry
+        self._force = force
+        self._hashes = {}
+        self.written = set()
+        self._existing = set()
+        self._skipped = set()
+
+        self._load_registry()
+        self._process_generated(generated)
+        self._process_stubs(stubs)
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        if exc_val is None:
+            for f in self._existing - self._skipped - self.written:
+                self._hashes.pop(self._get_path(f), None)
+                f.unlink(missing_ok=True)
+                log.info(f"removed {f.name}")
+            for f in self.written:
+                self._hashes[self._get_path(f)].post = self._hash_file(f)
+        else:
+            # if an error was encountered, drop already written files from the registry
+            # so that they get the chance to be regenerated again during the next run
+            for f in self.written:
+                self._hashes.pop(self._get_path(f), None)
+        self._dump_registry()
+
+    def _do_write(self, mnemonic: str, contents: str, output: pathlib.Path):
+        hash = self._hash_string(contents)
+        rel_output = self._get_path(output)
+        if rel_output in self._hashes and self._hashes[rel_output].pre == hash:
+            self._skipped.add(output)
+            log.debug(f"{mnemonic}: skipped {output.name}")
+        else:
+            self.written.add(output)
+            super()._do_write(mnemonic, contents, output)
+            self._hashes[rel_output] = self.Hashes(pre=hash)
+
+    def _process_generated(self, generated: typing.Iterable[pathlib.Path]):
+        for f in generated:
+            self._existing.add(f)
+            rel_path = self._get_path(f)
+            if self._force:
+                pass
+            elif rel_path not in self._hashes:
+                log.warning(f"{rel_path} marked as generated but absent from the registry")
+            elif self._hashes[rel_path].post != self._hash_file(f):
+                raise Error(f"{rel_path} is generated but was modified, please revert the file "
+                            "or pass --force to overwrite")
+
+    def _process_stubs(self, stubs: typing.Iterable[pathlib.Path]):
+        for f in stubs:
+            rel_path = self._get_path(f)
+            if self.is_customized_stub(f):
+                self._hashes.pop(rel_path, None)
+                continue
+            self._existing.add(f)
+            if self._force:
+                pass
+            elif rel_path not in self._hashes:
+                log.warning(f"{rel_path} marked as stub but absent from the registry")
+            elif self._hashes[rel_path].post != self._hash_file(f):
+                raise Error(f"{rel_path} is a stub marked as generated, but it was modified, "
+                            "please remove the `// generated` header, revert the file or pass --force to overwrite it")
+
+    @staticmethod
+    def is_customized_stub(file: pathlib.Path) -> bool:
+        if not file.is_file():
+            return False
+        with open(file) as contents:
+            for line in contents:
+                return not line.startswith("// generated")
+        # no lines
+        return True
+
+    @staticmethod
+    def _hash_file(filename: pathlib.Path) -> str:
+        with open(filename) as inp:
+            return RenderManager._hash_string(inp.read())
+
+    @staticmethod
+    def _hash_string(data: str) -> str:
+        h = hashlib.sha256()
+        h.update(data.encode())
+        return h.hexdigest()
+
+    def _load_registry(self):
+        if self._force:
+            return
+        try:
+            with open(self._registry_path) as reg:
+                for line in reg:
+                    filename, prehash, posthash = line.split()
+                    self._hashes[pathlib.Path(filename)] = self.Hashes(prehash, posthash)
+        except FileNotFoundError:
+            pass
+
+    def _dump_registry(self):
+        self._registry_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(self._registry_path, 'w') as out:
+            for f, hashes in sorted(self._hashes.items()):
+                print(f, hashes.pre, hashes.post, file=out)
diff --git a/swift/codegen/lib/schema/schema.py b/swift/codegen/lib/schema/schema.py
index 72b56ad19af..a2a1de0c05a 100644
--- a/swift/codegen/lib/schema/schema.py
+++ b/swift/codegen/lib/schema/schema.py
@@ -9,6 +9,7 @@ from enum import Enum, auto
 import functools
 import importlib.util
 from toposort import toposort_flatten
+import inflection
 
 
 class Error(Exception):
@@ -86,7 +87,8 @@ class Class:
     properties: List[Property] = field(default_factory=list)
     group: str = ""
     pragmas: List[str] = field(default_factory=list)
-    ipa: Optional[IpaInfo] = None
+    ipa: Optional[Union[IpaInfo, bool]] = None
+    """^^^ filled with `True` for non-final classes with only synthesized final descendants """
     doc: List[str] = field(default_factory=list)
     default_doc_name: Optional[str] = None
 
@@ -209,8 +211,12 @@ class _PropertyNamer(PropertyModifier):
 def _get_class(cls: type) -> Class:
     if not isinstance(cls, type):
         raise Error(f"Only class definitions allowed in schema, found {cls}")
-    if cls.__name__[0].islower():
-        raise Error(f"Class name must be capitalized, found {cls.__name__}")
+    # we must check that going to dbscheme names and back is preserved
+    # In particular this will not happen if uppercase acronyms are included in the name
+    to_underscore_and_back = inflection.camelize(inflection.underscore(cls.__name__), uppercase_first_letter=True)
+    if cls.__name__ != to_underscore_and_back:
+        raise Error(f"Class name must be upper camel-case, without capitalized acronyms, found {cls.__name__} "
+                    f"instead of {to_underscore_and_back}")
     if len({b._group for b in cls.__bases__ if hasattr(b, "_group")}) > 1:
         raise Error(f"Bases with mixed groups for {cls.__name__}")
     if any(getattr(b, "_null", False) for b in cls.__bases__):
@@ -247,6 +253,36 @@ def _toposort_classes_by_group(classes: typing.Dict[str, Class]) -> typing.Dict[
     return ret
 
 
+def _fill_ipa_information(classes: typing.Dict[str, Class]):
+    """ Take a dictionary where the `ipa` field is filled for all explicitly synthesized classes
+    and update it so that all non-final classes that have only synthesized final descendants
+    get `True` as` value for the `ipa` field
+    """
+    if not classes:
+        return
+
+    is_ipa: typing.Dict[str, bool] = {}
+
+    def fill_is_ipa(name: str):
+        if name not in is_ipa:
+            cls = classes[name]
+            for d in cls.derived:
+                fill_is_ipa(d)
+            if cls.ipa is not None:
+                is_ipa[name] = True
+            elif not cls.derived:
+                is_ipa[name] = False
+            else:
+                is_ipa[name] = all(is_ipa[d] for d in cls.derived)
+
+    root = next(iter(classes))
+    fill_is_ipa(root)
+
+    for name, cls in classes.items():
+        if cls.ipa is None and is_ipa[name]:
+            cls.ipa = True
+
+
 def load(m: types.ModuleType) -> Schema:
     includes = set()
     classes = {}
@@ -274,6 +310,8 @@ def load(m: types.ModuleType) -> Schema:
             null = name
             cls.is_null_class = True
 
+    _fill_ipa_information(classes)
+
     return Schema(includes=includes, classes=_toposort_classes_by_group(classes), null=null)
 
 
diff --git a/swift/codegen/templates/ql_class.mustache b/swift/codegen/templates/ql_class.mustache
index fa503d36b7d..2d7a6f247c0 100644
--- a/swift/codegen/templates/ql_class.mustache
+++ b/swift/codegen/templates/ql_class.mustache
@@ -126,7 +126,7 @@ module Generated {
      * Gets the number of {{doc_plural}}.
      */
     final int getNumberOf{{plural}}() {
-      result = count({{indefinite_getter}}())
+      result = count(int i | exists({{getter}}(i)))
     }
     {{/is_optional}}
     {{/is_repeated}}
diff --git a/swift/codegen/templates/ql_test_class.mustache b/swift/codegen/templates/ql_test_class.mustache
index 03d8b140525..adaf80de867 100644
--- a/swift/codegen/templates/ql_test_class.mustache
+++ b/swift/codegen/templates/ql_test_class.mustache
@@ -3,14 +3,14 @@
 import codeql.swift.elements
 import TestUtils
 
-from {{class_name}} x{{#properties}}, {{#is_single}}{{type}}{{/is_single}}{{#is_predicate}}string{{/is_predicate}} {{getter}}{{/properties}}
+from {{class_name}} x{{#properties}}, {{#type}}{{.}}{{/type}}{{^type}}string{{/type}} {{getter}}{{/properties}}
 where toBeTested(x) and not x.isUnknown()
 {{#properties}}
-{{#is_single}}
+{{#type}}
 and {{getter}} = x.{{getter}}()
-{{/is_single}}
-{{#is_predicate}}
+{{/type}}
+{{^type}}
 and if x.{{getter}}() then {{getter}} = "yes" else {{getter}} = "no"
-{{/is_predicate}}
+{{/type}}
 {{/properties}}
 select x{{#show_ql_class}}, x.getPrimaryQlClasses(){{/show_ql_class}}{{#properties}}, "{{getter}}:", {{getter}}{{/properties}}
diff --git a/swift/codegen/test/test_cppgen.py b/swift/codegen/test/test_cppgen.py
index df4925cb70e..3c62143e86a 100644
--- a/swift/codegen/test/test_cppgen.py
+++ b/swift/codegen/test/test_cppgen.py
@@ -180,5 +180,27 @@ def test_cpp_skip_pragma(generate):
     ]
 
 
+def test_ipa_classes_ignored(generate):
+    assert generate([
+        schema.Class(
+            name="W",
+            ipa=schema.IpaInfo(),
+        ),
+        schema.Class(
+            name="X",
+            ipa=schema.IpaInfo(from_class="A"),
+        ),
+        schema.Class(
+            name="Y",
+            ipa=schema.IpaInfo(on_arguments={"a": "A", "b": "int"}),
+        ),
+        schema.Class(
+            name="Z",
+        ),
+    ]) == [
+        cpp.Class(name="Z", final=True, trap_name="Zs"),
+    ]
+
+
 if __name__ == '__main__':
     sys.exit(pytest.main([__file__] + sys.argv[1:]))
diff --git a/swift/codegen/test/test_dbschemegen.py b/swift/codegen/test/test_dbschemegen.py
index 0fb71fbc35b..4e560e8208e 100644
--- a/swift/codegen/test/test_dbschemegen.py
+++ b/swift/codegen/test/test_dbschemegen.py
@@ -255,8 +255,9 @@ def test_final_class_with_more_fields(generate, dir_param):
 
 def test_empty_class_with_derived(generate):
     assert generate([
-        schema.Class(
-            name="Base", derived={"Left", "Right"}),
+        schema.Class(name="Base", derived={"Left", "Right"}),
+        schema.Class(name="Left", bases=["Base"]),
+        schema.Class(name="Right", bases=["Base"]),
     ]) == dbscheme.Scheme(
         src=schema_file,
         includes=[],
@@ -265,6 +266,14 @@ def test_empty_class_with_derived(generate):
                 lhs="@base",
                 rhs=["@left", "@right"],
             ),
+            dbscheme.Table(
+                name="lefts",
+                columns=[dbscheme.Column("id", "@left", binding=True)],
+            ),
+            dbscheme.Table(
+                name="rights",
+                columns=[dbscheme.Column("id", "@right", binding=True)],
+            ),
         ],
     )
 
@@ -278,6 +287,8 @@ def test_class_with_derived_and_single_property(generate, dir_param):
             properties=[
                 schema.SingleProperty("single", "Prop"),
             ]),
+        schema.Class(name="Left", bases=["Base"]),
+        schema.Class(name="Right", bases=["Base"]),
     ]) == dbscheme.Scheme(
         src=schema_file,
         includes=[],
@@ -294,7 +305,15 @@ def test_class_with_derived_and_single_property(generate, dir_param):
                     dbscheme.Column('single', '@prop'),
                 ],
                 dir=dir_param.expected,
-            )
+            ),
+            dbscheme.Table(
+                name="lefts",
+                columns=[dbscheme.Column("id", "@left", binding=True)],
+            ),
+            dbscheme.Table(
+                name="rights",
+                columns=[dbscheme.Column("id", "@right", binding=True)],
+            ),
         ],
     )
 
@@ -308,6 +327,8 @@ def test_class_with_derived_and_optional_property(generate, dir_param):
             properties=[
                 schema.OptionalProperty("opt", "Prop"),
             ]),
+        schema.Class(name="Left", bases=["Base"]),
+        schema.Class(name="Right", bases=["Base"]),
     ]) == dbscheme.Scheme(
         src=schema_file,
         includes=[],
@@ -324,7 +345,15 @@ def test_class_with_derived_and_optional_property(generate, dir_param):
                     dbscheme.Column('opt', '@prop'),
                 ],
                 dir=dir_param.expected,
-            )
+            ),
+            dbscheme.Table(
+                name="lefts",
+                columns=[dbscheme.Column("id", "@left", binding=True)],
+            ),
+            dbscheme.Table(
+                name="rights",
+                columns=[dbscheme.Column("id", "@right", binding=True)],
+            ),
         ],
     )
 
@@ -338,6 +367,8 @@ def test_class_with_derived_and_repeated_property(generate, dir_param):
             properties=[
                 schema.RepeatedProperty("rep", "Prop"),
             ]),
+        schema.Class(name="Left", bases=["Base"]),
+        schema.Class(name="Right", bases=["Base"]),
     ]) == dbscheme.Scheme(
         src=schema_file,
         includes=[],
@@ -355,7 +386,15 @@ def test_class_with_derived_and_repeated_property(generate, dir_param):
                     dbscheme.Column('rep', '@prop'),
                 ],
                 dir=dir_param.expected,
-            )
+            ),
+            dbscheme.Table(
+                name="lefts",
+                columns=[dbscheme.Column("id", "@left", binding=True)],
+            ),
+            dbscheme.Table(
+                name="rights",
+                columns=[dbscheme.Column("id", "@right", binding=True)],
+            ),
         ],
     )
 
@@ -469,5 +508,37 @@ def test_null_class(generate):
     )
 
 
+def test_ipa_classes_ignored(generate):
+    assert generate([
+        schema.Class(name="A", ipa=schema.IpaInfo()),
+        schema.Class(name="B", ipa=schema.IpaInfo(from_class="A")),
+        schema.Class(name="C", ipa=schema.IpaInfo(on_arguments={"x": "A"})),
+    ]) == dbscheme.Scheme(
+        src=schema_file,
+        includes=[],
+        declarations=[],
+    )
+
+
+def test_ipa_derived_classes_ignored(generate):
+    assert generate([
+        schema.Class(name="A", derived={"B", "C"}),
+        schema.Class(name="B", bases=["A"], ipa=schema.IpaInfo()),
+        schema.Class(name="C", bases=["A"]),
+    ]) == dbscheme.Scheme(
+        src=schema_file,
+        includes=[],
+        declarations=[
+            dbscheme.Union("@a", ["@c"]),
+            dbscheme.Table(
+                name="cs",
+                columns=[
+                    dbscheme.Column("id", "@c", binding=True),
+                ],
+            )
+        ],
+    )
+
+
 if __name__ == '__main__':
     sys.exit(pytest.main([__file__] + sys.argv[1:]))
diff --git a/swift/codegen/test/test_qlgen.py b/swift/codegen/test/test_qlgen.py
index 0e27f2b7516..67a6cf36468 100644
--- a/swift/codegen/test/test_qlgen.py
+++ b/swift/codegen/test/test_qlgen.py
@@ -26,6 +26,9 @@ def ql_output_path(): return paths.swift_dir / "ql/lib/other/path"
 def ql_test_output_path(): return paths.swift_dir / "ql/test/path"
 
 
+def generated_registry_path(): return paths.swift_dir / "registry.list"
+
+
 def import_file(): return stub_path().with_suffix(".qll")
 
 
@@ -42,18 +45,20 @@ def qlgen_opts(opts):
     opts.ql_stub_output = stub_path()
     opts.ql_output = ql_output_path()
     opts.ql_test_output = ql_test_output_path()
+    opts.generated_registry = generated_registry_path()
     opts.ql_format = True
     opts.swift_dir = paths.swift_dir
+    opts.force = False
     return opts
 
 
 @pytest.fixture
-def generate(input, qlgen_opts, renderer):
-    renderer.written = []
+def generate(input, qlgen_opts, renderer, render_manager):
+    render_manager.written = []
 
     def func(classes):
         input.classes = {cls.name: cls for cls in classes}
-        return run_generation(qlgen.generate, qlgen_opts, renderer)
+        return run_managed_generation(qlgen.generate, qlgen_opts, renderer, render_manager)
 
     return func
 
@@ -80,6 +85,7 @@ def generate_children_implementations(generate):
 
 def _filter_generated_classes(ret, output_test_files=False):
     files = {x for x in ret}
+    print(files)
     files.remove(import_file())
     files.remove(children_file())
     stub_files = set()
@@ -88,6 +94,7 @@ def _filter_generated_classes(ret, output_test_files=False):
     for f in files:
         try:
             stub_files.add(f.relative_to(stub_path()))
+            print(f)
         except ValueError:
             try:
                 base_files.add(f.relative_to(ql_output_path()))
@@ -215,7 +222,8 @@ def test_children(generate_classes):
                          ql.Class(name="MyObject", final=True,
                                   properties=[
                                       ql.Property(singular="A", type="int", tablename="my_objects",
-                                                  tableparams=["this", "result", "_"], doc="a of this my object"),
+                                                  tableparams=["this", "result", "_"],
+                                                  doc="a of this my object"),
                                       ql.Property(singular="Child1", type="int", tablename="my_objects",
                                                   tableparams=["this", "_", "result"], prev_child="",
                                                   doc="child 1 of this my object"),
@@ -226,9 +234,11 @@ def test_children(generate_classes):
                                       ql.Property(singular="Child", plural="Children", type="int",
                                                   tablename="my_object_children",
                                                   tableparams=["this", "index", "result"], prev_child="Child1",
-                                                  doc="child of this my object", doc_plural="children of this my object"),
+                                                  doc="child of this my object",
+                                                  doc_plural="children of this my object"),
                                       ql.Property(singular="C", type="int", tablename="my_object_cs",
-                                                  tableparams=["this", "result"], is_optional=True, doc="c of this my object"),
+                                                  tableparams=["this", "result"], is_optional=True,
+                                                  doc="c of this my object"),
                                       ql.Property(singular="Child3", type="int", tablename="my_object_child_3s",
                                                   tableparams=["this", "result"], is_optional=True,
                                                   prev_child="Child", doc="child 3 of this my object"),
@@ -239,7 +249,8 @@ def test_children(generate_classes):
                                       ql.Property(singular="Child4", plural="Child4s", type="int",
                                                   tablename="my_object_child_4s",
                                                   tableparams=["this", "index", "result"], is_optional=True,
-                                                  prev_child="Child3", doc="child 4 of this my object", doc_plural="child 4s of this my object"),
+                                                  prev_child="Child3", doc="child 4 of this my object",
+                                                  doc_plural="child 4s of this my object"),
                                   ])),
     }
 
@@ -256,11 +267,14 @@ def test_single_properties(generate_classes):
                          ql.Class(name="MyObject", final=True,
                                   properties=[
                                       ql.Property(singular="One", type="x", tablename="my_objects",
-                                                  tableparams=["this", "result", "_", "_"], doc="one of this my object"),
+                                                  tableparams=["this", "result", "_", "_"],
+                                                  doc="one of this my object"),
                                       ql.Property(singular="Two", type="y", tablename="my_objects",
-                                                  tableparams=["this", "_", "result", "_"], doc="two of this my object"),
+                                                  tableparams=["this", "_", "result", "_"],
+                                                  doc="two of this my object"),
                                       ql.Property(singular="Three", type="z", tablename="my_objects",
-                                                  tableparams=["this", "_", "_", "result"], doc="three of this my object"),
+                                                  tableparams=["this", "_", "_", "result"],
+                                                  doc="three of this my object"),
                                   ])),
     }
 
@@ -315,7 +329,8 @@ def test_repeated_optional_property(generate_classes, is_child, prev_child):
                          ql.Class(name="MyObject", final=True, properties=[
                              ql.Property(singular="Foo", plural="Foos", type="bar", tablename="my_object_foos",
                                          tableparams=["this", "index", "result"], is_optional=True,
-                                         prev_child=prev_child, doc="foo of this my object", doc_plural="foos of this my object"),
+                                         prev_child=prev_child, doc="foo of this my object",
+                                         doc_plural="foos of this my object"),
                          ])),
     }
 
@@ -396,10 +411,10 @@ def test_class_dir_imports(generate_import_list):
     ])
 
 
-def test_format(opts, generate, renderer, run_mock):
+def test_format(opts, generate, render_manager, run_mock):
     opts.codeql_binary = "my_fake_codeql"
     run_mock.return_value.stderr = "some\nlines\n"
-    renderer.written = [
+    render_manager.written = [
         pathlib.Path("x", "foo.ql"),
         pathlib.Path("bar.qll"),
         pathlib.Path("y", "baz.txt"),
@@ -411,11 +426,11 @@ def test_format(opts, generate, renderer, run_mock):
     ]
 
 
-def test_format_error(opts, generate, renderer, run_mock):
+def test_format_error(opts, generate, render_manager, run_mock):
     opts.codeql_binary = "my_fake_codeql"
     run_mock.return_value.stderr = "some\nlines\n"
     run_mock.return_value.returncode = 1
-    renderer.written = [
+    render_manager.written = [
         pathlib.Path("x", "foo.ql"),
         pathlib.Path("bar.qll"),
         pathlib.Path("y", "baz.txt"),
@@ -424,12 +439,9 @@ def test_format_error(opts, generate, renderer, run_mock):
         generate([schema.Class('A')])
 
 
-def test_empty_cleanup(generate, renderer):
-    generate([schema.Class('A')])
-    assert renderer.mock_calls[-1] == mock.call.cleanup(set())
-
-
-def test_non_empty_cleanup(opts, generate, renderer):
+@pytest.mark.parametrize("force", [False, True])
+def test_manage_parameters(opts, generate, renderer, force):
+    opts.force = force
     ql_a = opts.ql_output / "A.qll"
     ql_b = opts.ql_output / "B.qll"
     stub_a = opts.ql_stub_output / "A.qll"
@@ -439,30 +451,22 @@ def test_non_empty_cleanup(opts, generate, renderer):
     test_c = opts.ql_test_output / "B.txt"
     write(ql_a)
     write(ql_b)
-    write(stub_a, "// generated\nprivate import bla\n\nclass foo extends Generated::bar {\n}\n")
-    write(stub_b, "bar\n")
+    write(stub_a)
+    write(stub_b)
     write(test_a)
     write(test_b)
     write(test_c)
     generate([schema.Class('A')])
-    assert renderer.mock_calls[-1] == mock.call.cleanup(
-        {ql_a, ql_b, stub_a, test_a, test_b})
+    assert renderer.mock_calls == [
+        mock.call.manage(generated={ql_a, ql_b, test_a, test_b, import_file()}, stubs={stub_a, stub_b},
+                         registry=opts.generated_registry, force=force)
+    ]
 
 
-def test_modified_stub_still_generated(qlgen_opts, renderer):
+def test_modified_stub_skipped(qlgen_opts, generate, render_manager):
     stub = qlgen_opts.ql_stub_output / "A.qll"
-    write(stub, "// generated\nprivate import bla\n\nclass foo extends Generated::bar, baz {\n}\n")
-    with pytest.raises(qlgen.ModifiedStubMarkedAsGeneratedError):
-        run_generation(qlgen.generate, qlgen_opts, renderer)
-
-
-def test_extended_stub_still_generated(qlgen_opts, renderer):
-    stub = qlgen_opts.ql_stub_output / "A.qll"
-    write(stub,
-          "// generated\nprivate import bla\n\nclass foo extends Generated::bar {\n}\n\n"
-          "class other {\n  other() { none() }\n}")
-    with pytest.raises(qlgen.ModifiedStubMarkedAsGeneratedError):
-        run_generation(qlgen.generate, qlgen_opts, renderer)
+    render_manager.is_customized_stub.side_effect = lambda f: f == stub
+    assert stub not in generate([schema.Class('A')])
 
 
 def test_test_missing_source(generate_tests):
@@ -502,10 +506,8 @@ def test_test_total_properties(opts, generate_tests):
         ]),
     ]) == {
         "B/B.ql": ql.ClassTester(class_name="B", properties=[
-            ql.PropertyForTest(
-                getter="getX", is_single=True, type="string"),
-            ql.PropertyForTest(
-                getter="y", is_predicate=True, type="predicate"),
+            ql.PropertyForTest(getter="getX", type="string"),
+            ql.PropertyForTest(getter="y"),
         ])
     }
 
@@ -513,19 +515,29 @@ def test_test_total_properties(opts, generate_tests):
 def test_test_partial_properties(opts, generate_tests):
     write(opts.ql_test_output / "B" / "test.swift")
     assert generate_tests([
-        schema.Class("A", derived={"B"}, properties=[
+        schema.Class("A", derived={"B", "C"}, properties=[
             schema.OptionalProperty("x", "string"),
         ]),
         schema.Class("B", bases=["A"], properties=[
-            schema.RepeatedProperty("y", "int"),
+            schema.RepeatedProperty("y", "bool"),
+            schema.RepeatedOptionalProperty("z", "int"),
         ]),
     ]) == {
-        "B/B.ql": ql.ClassTester(class_name="B"),
+        "B/B.ql": ql.ClassTester(class_name="B", properties=[
+            ql.PropertyForTest(getter="hasX"),
+            ql.PropertyForTest(getter="getNumberOfYs", type="int"),
+        ]),
         "B/B_getX.ql": ql.PropertyTester(class_name="B",
-                                         property=ql.PropertyForTest(getter="getX", type="string")),
+                                         property=ql.PropertyForTest(getter="getX", is_total=False,
+                                                                            type="string")),
         "B/B_getY.ql": ql.PropertyTester(class_name="B",
-                                         property=ql.PropertyForTest(getter="getY", is_repeated=True,
-                                                                            type="int")),
+                                         property=ql.PropertyForTest(getter="getY", is_total=False,
+                                                                     is_repeated=True,
+                                                                     type="bool")),
+        "B/B_getZ.ql": ql.PropertyTester(class_name="B",
+                                         property=ql.PropertyForTest(getter="getZ", is_total=False,
+                                                                     is_repeated=True,
+                                                                     type="int")),
     }
 
 
@@ -534,19 +546,20 @@ def test_test_properties_deduplicated(opts, generate_tests):
     assert generate_tests([
         schema.Class("Base", derived={"A", "B"}, properties=[
             schema.SingleProperty("x", "string"),
-            schema.RepeatedProperty("y", "int"),
+            schema.RepeatedProperty("y", "bool"),
         ]),
         schema.Class("A", bases=["Base"], derived={"Final"}),
         schema.Class("B", bases=["Base"], derived={"Final"}),
         schema.Class("Final", bases=["A", "B"]),
     ]) == {
         "Final/Final.ql": ql.ClassTester(class_name="Final", properties=[
-            ql.PropertyForTest(
-                getter="getX", is_single=True, type="string"),
+            ql.PropertyForTest(getter="getX", type="string"),
+            ql.PropertyForTest(getter="getNumberOfYs", type="int"),
         ]),
         "Final/Final_getY.ql": ql.PropertyTester(class_name="Final",
-                                                 property=ql.PropertyForTest(getter="getY", is_repeated=True,
-                                                                                    type="int")),
+                                                 property=ql.PropertyForTest(getter="getY", is_total=False,
+                                                                                    is_repeated=True,
+                                                                                    type="bool")),
     }
 
 
@@ -696,7 +709,8 @@ def test_property_doc_abbreviations(generate_classes, abbr, expected):
         "Object.qll": (ql.Stub(name="Object", base_import=gen_import_prefix + "Object"),
                        ql.Class(name="Object", final=True,
                                 properties=[
-                                    ql.Property(singular=f"Foo{abbr.capitalize()}Bar", type="baz", tablename="objects",
+                                    ql.Property(singular=f"Foo{abbr.capitalize()}Bar", type="baz",
+                                                tablename="objects",
                                                 tableparams=["this", "result"], doc=expected_doc),
                                 ])),
     }
@@ -712,7 +726,8 @@ def test_property_doc_abbreviations_ignored_if_within_word(generate_classes, abb
         "Object.qll": (ql.Stub(name="Object", base_import=gen_import_prefix + "Object"),
                        ql.Class(name="Object", final=True,
                                 properties=[
-                                    ql.Property(singular=f"Foo{abbr.capitalize()}acadabraBar", type="baz", tablename="objects",
+                                    ql.Property(singular=f"Foo{abbr.capitalize()}acadabraBar", type="baz",
+                                                tablename="objects",
                                                 tableparams=["this", "result"], doc=expected_doc),
                                 ])),
     }
@@ -730,11 +745,13 @@ def test_repeated_property_doc_override_with_format(generate_classes):
                                       ql.Property(singular="X", plural="Xes", type="int",
                                                   tablename="my_object_xes",
                                                   tableparams=["this", "index", "result"],
-                                                  doc="special child of this", doc_plural="special children of this"),
+                                                  doc="special child of this",
+                                                  doc_plural="special children of this"),
                                       ql.Property(singular="Y", plural="Ys", type="int",
                                                   tablename="my_object_ies", is_optional=True,
                                                   tableparams=["this", "index", "result"],
-                                                  doc="special child of this", doc_plural="special children of this"),
+                                                  doc="special child of this",
+                                                  doc_plural="special children of this"),
                                   ])),
     }
 
diff --git a/swift/codegen/test/test_render.py b/swift/codegen/test/test_render.py
index 7055930dd6b..950ca385e2f 100644
--- a/swift/codegen/test/test_render.py
+++ b/swift/codegen/test/test_render.py
@@ -1,14 +1,10 @@
 import sys
-from unittest import mock
-import pathlib
 
 import pytest
 
-from swift.codegen.lib import paths
-from swift.codegen.lib import render
+from swift.codegen.test.utils import *
 
-
-generator = "test/foogen"
+import hashlib
 
 
 @pytest.fixture
@@ -20,13 +16,24 @@ def pystache_renderer_cls():
 @pytest.fixture
 def pystache_renderer(pystache_renderer_cls):
     ret = mock.Mock()
-    pystache_renderer_cls.side_effect = (ret,)
+    pystache_renderer_cls.return_value = ret
     return ret
 
 
 @pytest.fixture
 def sut(pystache_renderer):
-    return render.Renderer(generator)
+    return render.Renderer(paths.swift_dir)
+
+
+def assert_file(file, text):
+    with open(file) as inp:
+        assert inp.read() == text
+
+
+def hash(text):
+    h = hashlib.sha256()
+    h.update(text.encode())
+    return h.hexdigest()
 
 
 def test_constructor(pystache_renderer_cls, sut):
@@ -35,24 +42,211 @@ def test_constructor(pystache_renderer_cls, sut):
     assert pystache_init.kwargs['search_dirs'] == str(paths.templates_dir)
     an_object = object()
     assert pystache_init.kwargs['escape'](an_object) is an_object
-    assert sut.written == set()
 
 
 def test_render(pystache_renderer, sut):
     data = mock.Mock(spec=("template",))
-    output = mock.Mock()
-    with mock.patch("builtins.open", mock.mock_open()) as output_stream:
-        sut.render(data, output)
+    text = "some text"
+    pystache_renderer.render_name.side_effect = (text,)
+    output = paths.swift_dir / "some/output.txt"
+    sut.render(data, output)
+
+    assert_file(output, text)
     assert pystache_renderer.mock_calls == [
-        mock.call.render_name(data.template, data, generator=generator),
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
     ]
-    assert output_stream.mock_calls == [
-        mock.call(output, 'w'),
-        mock.call().__enter__(),
-        mock.call().write(pystache_renderer.render_name.return_value),
-        mock.call().__exit__(None, None, None),
+
+
+def test_managed_render(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    text = "some text"
+    pystache_renderer.render_name.side_effect = (text,)
+    output = paths.swift_dir / "some/output.txt"
+    registry = paths.swift_dir / "a/registry.list"
+    write(registry)
+
+    with sut.manage(generated=(), stubs=(), registry=registry) as renderer:
+        renderer.render(data, output)
+        assert renderer.written == {output}
+        assert_file(output, text)
+
+    assert_file(registry, f"some/output.txt {hash(text)} {hash(text)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
     ]
-    assert sut.written == {output}
+
+
+def test_managed_render_with_no_registry(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    text = "some text"
+    pystache_renderer.render_name.side_effect = (text,)
+    output = paths.swift_dir / "some/output.txt"
+    registry = paths.swift_dir / "a/registry.list"
+
+    with sut.manage(generated=(), stubs=(), registry=registry) as renderer:
+        renderer.render(data, output)
+        assert renderer.written == {output}
+        assert_file(output, text)
+
+    assert_file(registry, f"some/output.txt {hash(text)} {hash(text)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
+
+
+def test_managed_render_with_post_processing(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    text = "some text"
+    postprocessed_text = "some other text"
+    pystache_renderer.render_name.side_effect = (text,)
+    output = paths.swift_dir / "some/output.txt"
+    registry = paths.swift_dir / "a/registry.list"
+    write(registry)
+
+    with sut.manage(generated=(), stubs=(), registry=registry) as renderer:
+        renderer.render(data, output)
+        assert renderer.written == {output}
+        assert_file(output, text)
+        write(output, postprocessed_text)
+
+    assert_file(registry, f"some/output.txt {hash(text)} {hash(postprocessed_text)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
+
+
+def test_managed_render_with_erasing(pystache_renderer, sut):
+    output = paths.swift_dir / "some/output.txt"
+    stub = paths.swift_dir / "some/stub.txt"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output)
+    write(stub, "// generated bla bla")
+    write(registry)
+
+    with sut.manage(generated=(output,), stubs=(stub,), registry=registry) as renderer:
+        pass
+
+    assert not output.is_file()
+    assert not stub.is_file()
+    assert_file(registry, "")
+    assert pystache_renderer.mock_calls == []
+
+
+def test_managed_render_with_skipping_of_generated_file(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    output = paths.swift_dir / "some/output.txt"
+    some_output = "some output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output, some_output)
+    write(registry, f"some/output.txt {hash(some_output)} {hash(some_output)}\n")
+
+    pystache_renderer.render_name.side_effect = (some_output,)
+
+    with sut.manage(generated=(output,), stubs=(), registry=registry) as renderer:
+        renderer.render(data, output)
+        assert renderer.written == set()
+        assert_file(output, some_output)
+
+    assert_file(registry, f"some/output.txt {hash(some_output)} {hash(some_output)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
+
+
+def test_managed_render_with_skipping_of_stub_file(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    stub = paths.swift_dir / "some/stub.txt"
+    some_output = "// generated some output"
+    some_processed_output = "// generated some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(stub, some_processed_output)
+    write(registry, f"some/stub.txt {hash(some_output)} {hash(some_processed_output)}\n")
+
+    pystache_renderer.render_name.side_effect = (some_output,)
+
+    with sut.manage(generated=(), stubs=(stub,), registry=registry) as renderer:
+        renderer.render(data, stub)
+        assert renderer.written == set()
+        assert_file(stub, some_processed_output)
+
+    assert_file(registry, f"some/stub.txt {hash(some_output)} {hash(some_processed_output)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
+
+
+def test_managed_render_with_modified_generated_file(pystache_renderer, sut):
+    output = paths.swift_dir / "some/output.txt"
+    some_processed_output = "// some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output, "// something else")
+    write(registry, f"some/output.txt whatever {hash(some_processed_output)}\n")
+
+    with pytest.raises(render.Error):
+        sut.manage(generated=(output,), stubs=(), registry=registry)
+
+
+def test_managed_render_with_modified_stub_file_still_marked_as_generated(pystache_renderer, sut):
+    stub = paths.swift_dir / "some/stub.txt"
+    some_processed_output = "// generated some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(stub, "// generated something else")
+    write(registry, f"some/stub.txt whatever {hash(some_processed_output)}\n")
+
+    with pytest.raises(render.Error):
+        sut.manage(generated=(), stubs=(stub,), registry=registry)
+
+
+def test_managed_render_with_modified_stub_file_not_marked_as_generated(pystache_renderer, sut):
+    stub = paths.swift_dir / "some/stub.txt"
+    some_processed_output = "// generated some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(stub, "// no more generated")
+    write(registry, f"some/stub.txt whatever {hash(some_processed_output)}\n")
+
+    with sut.manage(generated=(), stubs=(stub,), registry=registry) as renderer:
+        pass
+
+    assert_file(registry, "")
+
+
+class MyError(Exception):
+    pass
+
+
+def test_managed_render_exception_drops_written_from_registry(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    text = "some text"
+    pystache_renderer.render_name.side_effect = (text,)
+    output = paths.swift_dir / "some/output.txt"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output, text)
+    write(registry, "a a a\n"
+                    f"some/output.txt whatever {hash(text)}\n"
+                    "b b b")
+
+    with pytest.raises(MyError):
+        with sut.manage(generated=(), stubs=(), registry=registry) as renderer:
+            renderer.render(data, output)
+            raise MyError
+
+    assert_file(registry, "a a a\nb b b\n")
+
+
+def test_managed_render_exception_does_not_erase(pystache_renderer, sut):
+    output = paths.swift_dir / "some/output.txt"
+    stub = paths.swift_dir / "some/stub.txt"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output)
+    write(stub, "// generated bla bla")
+    write(registry)
+
+    with pytest.raises(MyError):
+        with sut.manage(generated=(output,), stubs=(stub,), registry=registry) as renderer:
+            raise MyError
+
+    assert output.is_file()
+    assert stub.is_file()
 
 
 def test_render_with_extensions(pystache_renderer, sut):
@@ -61,47 +255,81 @@ def test_render_with_extensions(pystache_renderer, sut):
     data.extensions = ["foo", "bar", "baz"]
     output = pathlib.Path("my", "test", "file")
     expected_outputs = [pathlib.Path("my", "test", p) for p in ("file.foo", "file.bar", "file.baz")]
-    rendered = [object() for _ in expected_outputs]
+    rendered = [f"text{i}" for i in range(len(expected_outputs))]
     pystache_renderer.render_name.side_effect = rendered
-    with mock.patch("builtins.open", mock.mock_open()) as output_stream:
-        sut.render(data, output)
+    sut.render(data, output)
     expected_templates = ["test_template_foo", "test_template_bar", "test_template_baz"]
     assert pystache_renderer.mock_calls == [
-        mock.call.render_name(t, data, generator=generator) for t in expected_templates
+        mock.call.render_name(t, data, generator=paths.exe_file.relative_to(paths.swift_dir))
+        for t in expected_templates
     ]
-    expected_calls = []
-    for contents, out in zip(rendered, expected_outputs):
-        expected_calls.extend((
-            mock.call(out, 'w'),
-            mock.call().__enter__(),
-            mock.call().write(contents),
-            mock.call().__exit__(None, None, None),
-        ))
-    assert sut.written == set(expected_outputs)
+    for expected_output, expected_contents in zip(expected_outputs, rendered):
+        assert_file(expected_output, expected_contents)
 
 
-def test_written(sut):
-    data = [mock.Mock(spec=("template",)) for _ in range(4)]
-    output = [mock.Mock() for _ in data]
-    with mock.patch("builtins.open", mock.mock_open()) as output_stream:
-        for d, o in zip(data, output):
-            sut.render(d, o)
-    assert sut.written == set(output)
+def test_managed_render_with_force_not_skipping_generated_file(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    output = paths.swift_dir / "some/output.txt"
+    some_output = "some output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output, some_output)
+    write(registry, f"some/output.txt {hash(some_output)} {hash(some_output)}\n")
+
+    pystache_renderer.render_name.side_effect = (some_output,)
+
+    with sut.manage(generated=(output,), stubs=(), registry=registry, force=True) as renderer:
+        renderer.render(data, output)
+        assert renderer.written == {output}
+        assert_file(output, some_output)
+
+    assert_file(registry, f"some/output.txt {hash(some_output)} {hash(some_output)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
 
 
-def test_cleanup(sut):
-    data = [mock.Mock(spec=("template",)) for _ in range(4)]
-    output = [mock.Mock() for _ in data]
-    with mock.patch("builtins.open", mock.mock_open()) as output_stream:
-        for d, o in zip(data, output):
-            sut.render(d, o)
-    expected_erased = [mock.Mock() for _ in range(3)]
-    existing = set(expected_erased + output[2:])
-    sut.cleanup(existing)
-    for f in expected_erased:
-        assert f.mock_calls == [mock.call.unlink(missing_ok=True)]
-    for f in output:
-        assert f.unlink.mock_calls == []
+def test_managed_render_with_force_not_skipping_stub_file(pystache_renderer, sut):
+    data = mock.Mock(spec=("template",))
+    stub = paths.swift_dir / "some/stub.txt"
+    some_output = "// generated some output"
+    some_processed_output = "// generated some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(stub, some_processed_output)
+    write(registry, f"some/stub.txt {hash(some_output)} {hash(some_processed_output)}\n")
+
+    pystache_renderer.render_name.side_effect = (some_output,)
+
+    with sut.manage(generated=(), stubs=(stub,), registry=registry, force=True) as renderer:
+        renderer.render(data, stub)
+        assert renderer.written == {stub}
+        assert_file(stub, some_output)
+
+    assert_file(registry, f"some/stub.txt {hash(some_output)} {hash(some_output)}\n")
+    assert pystache_renderer.mock_calls == [
+        mock.call.render_name(data.template, data, generator=paths.exe_file.relative_to(paths.swift_dir)),
+    ]
+
+
+def test_managed_render_with_force_ignores_modified_generated_file(sut):
+    output = paths.swift_dir / "some/output.txt"
+    some_processed_output = "// some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(output, "// something else")
+    write(registry, f"some/output.txt whatever {hash(some_processed_output)}\n")
+
+    with sut.manage(generated=(output,), stubs=(), registry=registry, force=True):
+        pass
+
+
+def test_managed_render_with_force_ignores_modified_stub_file_still_marked_as_generated(sut):
+    stub = paths.swift_dir / "some/stub.txt"
+    some_processed_output = "// generated some processed output"
+    registry = paths.swift_dir / "a/registry.list"
+    write(stub, "// generated something else")
+    write(registry, f"some/stub.txt whatever {hash(some_processed_output)}\n")
+
+    with sut.manage(generated=(), stubs=(stub,), registry=registry, force=True):
+        pass
 
 
 if __name__ == '__main__':
diff --git a/swift/codegen/test/test_schema.py b/swift/codegen/test/test_schema.py
index 769fd402e64..0171087fafb 100644
--- a/swift/codegen/test/test_schema.py
+++ b/swift/codegen/test/test_schema.py
@@ -340,7 +340,7 @@ def test_ipa_from_class():
             pass
 
     assert data.classes == {
-        'A': schema.Class('A', derived={'B'}),
+        'A': schema.Class('A', derived={'B'}, ipa=True),
         'B': schema.Class('B', bases=['A'], ipa=schema.IpaInfo(from_class="A")),
     }
 
@@ -381,7 +381,7 @@ def test_ipa_class_on():
             pass
 
     assert data.classes == {
-        'A': schema.Class('A', derived={'B'}),
+        'A': schema.Class('A', derived={'B'}, ipa=True),
         'B': schema.Class('B', bases=['A'], ipa=schema.IpaInfo(on_arguments={'a': 'A', 'i': 'int'})),
     }
 
@@ -414,6 +414,39 @@ def test_ipa_class_on_dangling():
                 pass
 
 
+def test_ipa_class_hierarchy():
+    @schema.load
+    class data:
+        class Root:
+            pass
+
+        class Base(Root):
+            pass
+
+        class Intermediate(Base):
+            pass
+
+        @defs.synth.on_arguments(a=Base, i=defs.int)
+        class A(Intermediate):
+            pass
+
+        @defs.synth.from_class(Base)
+        class B(Base):
+            pass
+
+        class C(Root):
+            pass
+
+    assert data.classes == {
+        'Root': schema.Class('Root', derived={'Base', 'C'}),
+        'Base': schema.Class('Base', bases=['Root'], derived={'Intermediate', 'B'}, ipa=True),
+        'Intermediate': schema.Class('Intermediate', bases=['Base'], derived={'A'}, ipa=True),
+        'A': schema.Class('A', bases=['Intermediate'], ipa=schema.IpaInfo(on_arguments={'a': 'Base', 'i': 'int'})),
+        'B': schema.Class('B', bases=['Base'], ipa=schema.IpaInfo(from_class='Base')),
+        'C': schema.Class('C', bases=['Root']),
+    }
+
+
 def test_class_docstring():
     @schema.load
     class data:
@@ -636,5 +669,16 @@ def test_null_class_cannot_be_defined_multiple_times():
                 pass
 
 
+def test_uppercase_acronyms_are_rejected():
+    with pytest.raises(schema.Error):
+        @schema.load
+        class data:
+            class Root:
+                pass
+
+            class ROTFLNode(Root):
+                pass
+
+
 if __name__ == '__main__':
     sys.exit(pytest.main([__file__] + sys.argv[1:]))
diff --git a/swift/codegen/test/utils.py b/swift/codegen/test/utils.py
index af033aaa75a..3911206bfa5 100644
--- a/swift/codegen/test/utils.py
+++ b/swift/codegen/test/utils.py
@@ -6,7 +6,7 @@ import pytest
 from swift.codegen.lib import render, schema, paths
 
 schema_dir = pathlib.Path("a", "dir")
-schema_file = schema_dir / "schema.yml"
+schema_file = schema_dir / "schema.py"
 dbscheme_file = pathlib.Path("another", "dir", "test.dbscheme")
 
 
@@ -18,7 +18,16 @@ def write(out, contents=""):
 
 @pytest.fixture
 def renderer():
-    return mock.Mock(spec=render.Renderer(""))
+    return mock.Mock(spec=render.Renderer)
+
+
+@pytest.fixture
+def render_manager(renderer):
+    ret = mock.Mock(spec=render.RenderManager)
+    ret.__enter__ = mock.Mock(return_value=ret)
+    ret.__exit__ = mock.Mock(return_value=None)
+    ret.is_customized_stub.return_value = False
+    return ret
 
 
 @pytest.fixture
@@ -30,7 +39,8 @@ def opts():
 
 @pytest.fixture(autouse=True)
 def override_paths(tmp_path):
-    with mock.patch("swift.codegen.lib.paths.swift_dir", tmp_path):
+    with mock.patch("swift.codegen.lib.paths.swift_dir", tmp_path), \
+            mock.patch("swift.codegen.lib.paths.exe_file", tmp_path / "exe"):
         yield
 
 
@@ -63,3 +73,12 @@ def run_generation(generate, opts, renderer):
     renderer.render.side_effect = lambda data, out: output.__setitem__(out, data)
     generate(opts, renderer)
     return output
+
+
+def run_managed_generation(generate, opts, renderer, render_manager):
+    output = {}
+
+    renderer.manage.side_effect = (render_manager,)
+    render_manager.render.side_effect = lambda data, out: output.__setitem__(out, data)
+    generate(opts, renderer)
+    return output
diff --git a/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme
new file mode 100644
index 00000000000..1a6e9325bd6
--- /dev/null
+++ b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme
@@ -0,0 +1,2513 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme
new file mode 100644
index 00000000000..abbb8c9e840
--- /dev/null
+++ b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme
@@ -0,0 +1,2478 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties
new file mode 100644
index 00000000000..c1ba8a9be36
--- /dev/null
+++ b/swift/downgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties
@@ -0,0 +1,9 @@
+description: Revert adding missing Accessor and AccessSemantics cases
+compatibility: full
+accessor_decl_is_read.rel: delete
+accessor_decl_is_modify.rel: delete
+accessor_decl_is_unsafe_address.rel: delete
+accessor_decl_is_unsafe_mutable_address.rel: delete
+decl_ref_expr_has_distributed_thunk_semantics.rel: delete
+member_ref_expr_has_distributed_thunk_semantics.rel: delete
+subscript_expr_has_distributed_thunk_semantics.rel: delete
diff --git a/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/implicit_conversion_exprs.ql b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/implicit_conversion_exprs.ql
new file mode 100644
index 00000000000..67418103c99
--- /dev/null
+++ b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/implicit_conversion_exprs.ql
@@ -0,0 +1,8 @@
+// Removes AbiSafeConversionExprs from ImplicitConversionExprs
+class Element extends @element {
+  string toString() { none() }
+}
+
+from Element e, Element child
+where implicit_conversion_exprs(e, child) and not abi_safe_conversion_exprs(e)
+select e, child
diff --git a/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/old.dbscheme b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/old.dbscheme
new file mode 100644
index 00000000000..62fc609c1ab
--- /dev/null
+++ b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/old.dbscheme
@@ -0,0 +1,2518 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @abi_safe_conversion_expr
+| @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+abi_safe_conversion_exprs(  //dir=expr
+  unique int id: @abi_safe_conversion_expr
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/swift.dbscheme b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/swift.dbscheme
new file mode 100644
index 00000000000..1a6e9325bd6
--- /dev/null
+++ b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/swift.dbscheme
@@ -0,0 +1,2513 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/unspecified_elements.ql b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/unspecified_elements.ql
new file mode 100644
index 00000000000..0be4d91ad6f
--- /dev/null
+++ b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/unspecified_elements.ql
@@ -0,0 +1,13 @@
+// Moves AbiSafeConversionExprs into UnspecifiedElements
+class Element extends @element {
+  string toString() { none() }
+}
+
+from Element e, string property, string error
+where
+  abi_safe_conversion_exprs(e) and
+  property = "" and
+  error = "Removed ABISafeConversionExpr during the database downgrade"
+  or
+  unspecified_elements(e, property, error)
+select e, property, error
diff --git a/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/upgrade.properties b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/upgrade.properties
new file mode 100644
index 00000000000..70c85c2ad6c
--- /dev/null
+++ b/swift/downgrades/62fc609c1ab6ae748ff51362ffa5c368ba834ddf/upgrade.properties
@@ -0,0 +1,5 @@
+description: Remove new implicit conversion
+compatibility: partial
+unspecified_elements.rel: run unspecified_elements.ql
+implicit_conversion_exprs.rel: run implicit_conversion_exprs.ql
+abi_safe_conversion_exprs.rel: delete
diff --git a/swift/downgrades/BUILD.bazel b/swift/downgrades/BUILD.bazel
new file mode 100644
index 00000000000..d76e543a6e7
--- /dev/null
+++ b/swift/downgrades/BUILD.bazel
@@ -0,0 +1,12 @@
+load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
+
+pkg_files(
+    name = "downgrades",
+    srcs = glob(
+        ["**"],
+        exclude = ["BUILD.bazel"],
+    ),
+    prefix = "downgrades",
+    strip_prefix = strip_prefix.from_pkg(),
+    visibility = ["//swift:__pkg__"],
+)
diff --git a/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme
new file mode 100644
index 00000000000..abbb8c9e840
--- /dev/null
+++ b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme
@@ -0,0 +1,2478 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme
new file mode 100644
index 00000000000..ceca289a0ff
--- /dev/null
+++ b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme
@@ -0,0 +1,2493 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+| @unknown_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+| @unknown_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unknown_files(
+  unique int id: @unknown_file
+);
+
+unknown_locations(
+  unique int id: @unknown_location
+);
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @method_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+method_ref_exprs(  //dir=expr
+  unique int id: @method_ref_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties
new file mode 100644
index 00000000000..7b33ab56770
--- /dev/null
+++ b/swift/downgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties
@@ -0,0 +1,2 @@
+description: Remove unfilled tables that were generated for actually synthesized QL types
+compatibility: full
diff --git a/swift/downgrades/initial/swift.dbscheme b/swift/downgrades/initial/swift.dbscheme
new file mode 100644
index 00000000000..ceca289a0ff
--- /dev/null
+++ b/swift/downgrades/initial/swift.dbscheme
@@ -0,0 +1,2493 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+| @unknown_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+| @unknown_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unknown_files(
+  unique int id: @unknown_file
+);
+
+unknown_locations(
+  unique int id: @unknown_location
+);
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @method_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+method_ref_exprs(  //dir=expr
+  unique int id: @method_ref_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/downgrades/qlpack.yml b/swift/downgrades/qlpack.yml
new file mode 100644
index 00000000000..3fc919124df
--- /dev/null
+++ b/swift/downgrades/qlpack.yml
@@ -0,0 +1,4 @@
+name: codeql/swift-downgrades
+groups: swift
+downgrades: .
+library: true
diff --git a/swift/extractor/BUILD.bazel b/swift/extractor/BUILD.bazel
index 2e6d93adf8c..7363d8051fd 100644
--- a/swift/extractor/BUILD.bazel
+++ b/swift/extractor/BUILD.bazel
@@ -1,13 +1,13 @@
 load("//swift:rules.bzl", "swift_cc_binary")
 load("//misc/bazel/cmake:cmake.bzl", "generate_cmake")
+load("//misc/bazel:pkg_runfiles.bzl", "pkg_runfiles")
 
 swift_cc_binary(
-    name = "extractor",
+    name = "extractor.real",
     srcs = glob([
         "*.h",
         "*.cpp",
     ]),
-    visibility = ["//swift:__pkg__"],
     deps = [
         "//swift/extractor/infra",
         "//swift/extractor/invocation",
@@ -19,6 +19,19 @@ swift_cc_binary(
 
 generate_cmake(
     name = "cmake",
-    targets = [":extractor"],
+    targets = [":extractor.real"],
     visibility = ["//visibility:public"],
 )
+
+sh_binary(
+    name = "extractor",
+    srcs = ["extractor.sh"],
+    data = [":extractor.real"],
+)
+
+pkg_runfiles(
+    name = "pkg",
+    srcs = [":extractor"],
+    excludes = ["extractor.sh"],  # script gets copied as "extractor", no need for the original .sh file
+    visibility = ["//swift:__pkg__"],
+)
diff --git a/swift/extractor/SwiftExtractor.cpp b/swift/extractor/SwiftExtractor.cpp
index 981ab7c1370..2cee41cb0e3 100644
--- a/swift/extractor/SwiftExtractor.cpp
+++ b/swift/extractor/SwiftExtractor.cpp
@@ -12,15 +12,12 @@
 #include "swift/extractor/translators/SwiftVisitor.h"
 #include "swift/extractor/TargetTrapFile.h"
 #include "swift/extractor/SwiftBuiltinSymbols.h"
+#include "swift/extractor/infra/file/Path.h"
 
 using namespace codeql;
 using namespace std::string_literals;
 namespace fs = std::filesystem;
 
-static fs::path toPath(llvm::StringRef s) {
-  return {static_cast<std::string_view>(s)};
-}
-
 static void ensureDirectory(const char* label, const fs::path& dir) {
   std::error_code ec;
   fs::create_directories(dir, ec);
@@ -31,28 +28,23 @@ static void ensureDirectory(const char* label, const fs::path& dir) {
 }
 
 static void archiveFile(const SwiftExtractorConfiguration& config, swift::SourceFile& file) {
-  ensureDirectory("TRAP", config.trapDir);
-  ensureDirectory("source archive", config.sourceArchiveDir);
+  auto source = codeql::resolvePath(file.getFilename());
+  auto destination = config.sourceArchiveDir / source.relative_path();
 
-  fs::path srcFilePath = fs::absolute(toPath(file.getFilename()));
-  auto dstFilePath = config.sourceArchiveDir;
-  dstFilePath += srcFilePath;
-
-  ensureDirectory("source archive destination", dstFilePath.parent_path());
+  ensureDirectory("source archive destination", destination.parent_path());
 
   std::error_code ec;
-  fs::copy(srcFilePath, dstFilePath, fs::copy_options::overwrite_existing, ec);
+  fs::copy(source, destination, fs::copy_options::overwrite_existing, ec);
 
   if (ec) {
-    std::cerr << "Cannot archive source file " << srcFilePath << " -> " << dstFilePath << ": "
+    std::cerr << "Cannot archive source file " << source << " -> " << destination << ": "
               << ec.message() << "\n";
-    std::abort();
   }
 }
 
 static fs::path getFilename(swift::ModuleDecl& module, swift::SourceFile* primaryFile) {
   if (primaryFile) {
-    return primaryFile->getFilename().str();
+    return resolvePath(primaryFile->getFilename());
   }
   // PCM clang module
   if (module.isNonSwiftModule()) {
@@ -61,7 +53,7 @@ static fs::path getFilename(swift::ModuleDecl& module, swift::SourceFile* primar
     // Moreover, pcm files may come from caches located in different directories, but are
     // unambiguously identified by the base file name, so we can discard the absolute directory
     fs::path filename = "/pcms";
-    filename /= toPath(module.getModuleFilename()).filename();
+    filename /= fs::path{std::string_view{module.getModuleFilename()}}.filename();
     filename += "-";
     filename += module.getName().str();
     return filename;
@@ -70,13 +62,13 @@ static fs::path getFilename(swift::ModuleDecl& module, swift::SourceFile* primar
     // The Builtin module has an empty filename, let's fix that
     return "/__Builtin__";
   }
-  auto filename = toPath(module.getModuleFilename());
+  std::string_view filename = module.getModuleFilename();
   // there is a special case of a module without an actual filename reporting `<imports>`: in this
   // case we want to avoid the `<>` characters, in case a dirty DB is imported on Windows
   if (filename == "<imports>") {
     return "/__imports__";
   }
-  return filename;
+  return resolvePath(filename);
 }
 
 /* The builtin module is special, as it does not publish any top-level declaration
diff --git a/swift/extractor/extractor.sh b/swift/extractor/extractor.sh
new file mode 100755
index 00000000000..7040a89a45e
--- /dev/null
+++ b/swift/extractor/extractor.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ "$(uname)" == Darwin ]]; then
+  export DYLD_FALLBACK_LIBRARY_PATH=$(dirname "$0")
+else
+  export LD_LIBRARY_PATH=$(dirname "$0")
+fi
+
+exec -a "$0" "$0.real" "$@"
diff --git a/swift/extractor/infra/CheckTypeMapping.cpp b/swift/extractor/infra/CheckTypeMapping.cpp
new file mode 100644
index 00000000000..6ed763ecdcb
--- /dev/null
+++ b/swift/extractor/infra/CheckTypeMapping.cpp
@@ -0,0 +1,42 @@
+// this is a sanity check that the hierarchy in swift is mapped by the mapping in
+// SwiftTypesToTagsMap.def to the hierarchy in schema.py
+// We rely on that so that the LabelStore will preserve correct typing.
+// For a class Derived: Base we could store the label for a Derived* pointer, and then fetch the
+// label for the same pointer as Base*. If the mapping did not preserve inheritance, we would end up
+// using a trap key of the DB type associated with Derived in a position expecting the incompatible
+// DB type associated with Base.
+
+#include "swift/extractor/infra/SwiftTagTraits.h"
+
+using namespace codeql;
+
+#define CHECK(KIND, TYPE, PARENT)                                                              \
+  static_assert(std::is_same_v<TrapTagOf<swift::TYPE##KIND>, void> ||                          \
+                    std::is_base_of_v<TrapTagOf<swift::PARENT>, TrapTagOf<swift::TYPE##KIND>>, \
+                "Tag of " #PARENT " must be a base of the tag of " #TYPE #KIND);
+#define CHECK_CONCRETE(KIND, TYPE, PARENT)                                                       \
+  CHECK(KIND, TYPE, PARENT)                                                                      \
+  static_assert(                                                                                 \
+      std::is_same_v<TrapTagOf<swift::TYPE##KIND>, void> ||                                      \
+          std::is_base_of_v<TrapTagOf<swift::TYPE##KIND>, ConcreteTrapTagOf<swift::TYPE##KIND>>, \
+      "Tag of " #TYPE #KIND " must be a base of its concrete tag");
+
+#define STMT(CLASS, PARENT) CHECK_CONCRETE(Stmt, CLASS, PARENT)
+#define ABSTRACT_STMT(CLASS, PARENT) CHECK(Stmt, CLASS, PARENT)
+#include <swift/AST/StmtNodes.def>
+
+#define EXPR(CLASS, PARENT) CHECK_CONCRETE(Expr, CLASS, PARENT)
+#define ABSTRACT_EXPR(CLASS, PARENT) CHECK(Expr, CLASS, PARENT)
+#include <swift/AST/ExprNodes.def>
+
+#define DECL(CLASS, PARENT) CHECK_CONCRETE(Decl, CLASS, PARENT)
+#define ABSTRACT_DECL(CLASS, PARENT) CHECK(Decl, CLASS, PARENT)
+#include <swift/AST/DeclNodes.def>
+
+#define PATTERN(CLASS, PARENT) CHECK_CONCRETE(Pattern, CLASS, PARENT)
+#define ABSTRACT_PATTERN(CLASS, PARENT) CHECK(Pattern, CLASS, PARENT)
+#include <swift/AST/PatternNodes.def>
+
+#define TYPE(CLASS, PARENT) CHECK_CONCRETE(Type, CLASS, PARENT)
+#define ABSTRACT_TYPE(CLASS, PARENT) CHECK(Type, CLASS, PARENT)
+#include <swift/AST/TypeNodes.def>
diff --git a/swift/extractor/infra/SwiftDispatcher.h b/swift/extractor/infra/SwiftDispatcher.h
index 991511e300c..304d5b183f4 100644
--- a/swift/extractor/infra/SwiftDispatcher.h
+++ b/swift/extractor/infra/SwiftDispatcher.h
@@ -179,16 +179,16 @@ class SwiftDispatcher {
   // it actually gets emitted to handle recursive cases such as recursive calls, or recursive type
   // declarations
   template <typename E, typename... Args, std::enable_if_t<IsStorable<E>>* = nullptr>
-  TrapLabelOf<E> assignNewLabel(const E& e, Args&&... args) {
+  TrapLabel<ConcreteTrapTagOf<E>> assignNewLabel(const E& e, Args&&... args) {
     assert(waitingForNewLabel == Store::Handle{e} && "assignNewLabel called on wrong entity");
-    auto label = trap.createLabel<TrapTagOf<E>>(std::forward<Args>(args)...);
+    auto label = trap.createLabel<ConcreteTrapTagOf<E>>(std::forward<Args>(args)...);
     store.insert(e, label);
     waitingForNewLabel = std::monostate{};
     return label;
   }
 
   template <typename E, typename... Args, std::enable_if_t<IsStorable<E*>>* = nullptr>
-  TrapLabelOf<E> assignNewLabel(const E& e, Args&&... args) {
+  TrapLabel<ConcreteTrapTagOf<E>> assignNewLabel(const E& e, Args&&... args) {
     return assignNewLabel(&e, std::forward<Args>(args)...);
   }
 
diff --git a/swift/extractor/infra/SwiftLocationExtractor.cpp b/swift/extractor/infra/SwiftLocationExtractor.cpp
index a1b138f1f95..7c98294804a 100644
--- a/swift/extractor/infra/SwiftLocationExtractor.cpp
+++ b/swift/extractor/infra/SwiftLocationExtractor.cpp
@@ -5,22 +5,10 @@
 #include "swift/extractor/trap/generated/TrapEntries.h"
 #include "swift/extractor/trap/generated/TrapClasses.h"
 #include "swift/extractor/infra/SwiftLocationExtractor.h"
+#include "swift/extractor/infra/file/Path.h"
 
 using namespace codeql;
 
-static std::filesystem::path getFilePath(std::string_view path) {
-  // TODO: this needs more testing
-  // TODO: check canonicalization of names on a case insensitive filesystems
-  // TODO: make symlink resolution conditional on CODEQL_PRESERVE_SYMLINKS=true
-  std::error_code ec;
-  auto ret = std::filesystem::canonical(path, ec);
-  if (ec) {
-    std::cerr << "Cannot get real path: " << std::quoted(path) << ": " << ec.message() << "\n";
-    return {};
-  }
-  return ret;
-}
-
 void SwiftLocationExtractor::attachLocation(const swift::SourceManager& sourceManager,
                                             swift::SourceLoc start,
                                             swift::SourceLoc end,
@@ -29,7 +17,7 @@ void SwiftLocationExtractor::attachLocation(const swift::SourceManager& sourceMa
     // invalid locations seem to come from entities synthesized by the compiler
     return;
   }
-  auto file = getFilePath(sourceManager.getDisplayNameForLoc(start));
+  auto file = resolvePath(sourceManager.getDisplayNameForLoc(start));
   DbLocation entry{{}};
   entry.file = fetchFileLabel(file);
   std::tie(entry.start_line, entry.start_column) = sourceManager.getLineAndColumnInBuffer(start);
@@ -42,7 +30,7 @@ void SwiftLocationExtractor::attachLocation(const swift::SourceManager& sourceMa
 }
 
 void SwiftLocationExtractor::emitFile(llvm::StringRef path) {
-  fetchFileLabel(getFilePath(path));
+  fetchFileLabel(resolvePath(path));
 }
 
 TrapLabel<FileTag> SwiftLocationExtractor::fetchFileLabel(const std::filesystem::path& file) {
diff --git a/swift/extractor/infra/SwiftTagTraits.h b/swift/extractor/infra/SwiftTagTraits.h
index 72be292f9c7..672395496a9 100644
--- a/swift/extractor/infra/SwiftTagTraits.h
+++ b/swift/extractor/infra/SwiftTagTraits.h
@@ -1,97 +1,320 @@
 #pragma once
 
 // This file implements the mapping needed by the API defined in the TrapTagTraits.h, so that
-// TrapTagOf/TrapLabelOf provide the tags/labels for specific swift entity types.
+// TrapTagOf/TrapLabelOf/TrapClassOf provide the tags/labels for specific swift entity types.
 #include <filesystem>
-#include <swift/AST/ASTVisitor.h>
 #include "swift/extractor/trap/TrapTagTraits.h"
 #include "swift/extractor/trap/generated/TrapTags.h"
+#include <swift/AST/ASTNode.h>
+#include <swift/AST/Decl.h>
+#include <swift/AST/Expr.h>
+#include <swift/AST/Stmt.h>
+#include <swift/AST/Pattern.h>
+#include <swift/AST/TypeRepr.h>
+#include <swift/AST/Type.h>
 
 namespace codeql {
 
-// OverloadSetRefExpr is collapsed with its only derived class OverloadedDeclRefExpr
-using OverloadSetRefExprTag = OverloadedDeclRefExprTag;
-
-// We don't really expect to see the following in extraction. Mapping these tags to void effectively
-// ignores all elements of that class (with a message).
-
-// only generated for code editing
-using CodeCompletionExprTag = void;
-using EditorPlaceholderExprTag = void;
-// not present after the Sema phase
-using ArrowExprTag = void;
-// experimental variadic generics, implemented only in the frontend for now, thus not compilable
-using PackExprTag = void;
-using PackTypeTag = void;
-using ReifyPackExprTag = void;
-using PackExpansionTypeTag = void;
-// Placeholder types appear in ambiguous types but are anyway transformed to UnresolvedType
-using PlaceholderTypeTag = void;
-// SIL types that cannot really appear in the frontend run
-using SILBlockStorageTypeTag = void;
-using SILBoxTypeTag = void;
-using SILFunctionTypeTag = void;
-using SILTokenTypeTag = void;
-
-#define MAP_TYPE_TO_TAG(TYPE, TAG)    \
+#define MAP(TYPE, TAG)                \
   template <>                         \
   struct detail::ToTagFunctor<TYPE> { \
     using type = TAG;                 \
-  }
-#define MAP_TAG(TYPE) MAP_TYPE_TO_TAG(swift::TYPE, TYPE##Tag)
-#define MAP_SUBTAG(TYPE, PARENT)                                                              \
-  MAP_TAG(TYPE);                                                                              \
-  static_assert(std::is_same_v<TYPE##Tag, void> || std::is_base_of_v<PARENT##Tag, TYPE##Tag>, \
-                #PARENT "Tag must be a base of " #TYPE "Tag");
+  };
+#define MAP_CONCRETE(TYPE, TAG)                \
+  template <>                                  \
+  struct detail::ToTagConcreteOverride<TYPE> { \
+    using type = TAG;                          \
+  };
 
-#define OVERRIDE_TAG(TYPE, TAG)               \
-  template <>                                 \
-  struct detail::ToTagOverride<swift::TYPE> { \
-    using type = TAG;                         \
-  };                                          \
-  static_assert(std::is_base_of_v<TYPE##Tag, TAG>, "override is not a subtag");
+// clang-format off
+// use indentation to recreate all involved type hierarchies
+MAP(std::filesystem::path, DbFileTag)
+MAP(swift::StmtCondition, StmtConditionTag)
+MAP(swift::StmtConditionElement, ConditionElementTag)
+MAP(swift::CaseLabelItem, CaseLabelItemTag)
 
-MAP_TAG(Stmt);
-MAP_TAG(StmtCondition);
-MAP_TYPE_TO_TAG(swift::StmtConditionElement, ConditionElementTag);
-MAP_TAG(CaseLabelItem);
-#define ABSTRACT_STMT(CLASS, PARENT) MAP_SUBTAG(CLASS##Stmt, PARENT)
-#define STMT(CLASS, PARENT) ABSTRACT_STMT(CLASS, PARENT)
-#include <swift/AST/StmtNodes.def>
+MAP(swift::Stmt, StmtTag)
+  MAP(swift::BraceStmt, BraceStmtTag)
+  MAP(swift::ReturnStmt, ReturnStmtTag)
+  MAP(swift::YieldStmt, YieldStmtTag)
+  MAP(swift::DeferStmt, DeferStmtTag)
+  MAP(swift::LabeledStmt, LabeledStmtTag)
+    MAP(swift::LabeledConditionalStmt, LabeledConditionalStmtTag)
+      MAP(swift::IfStmt, IfStmtTag)
+      MAP(swift::GuardStmt, GuardStmtTag)
+      MAP(swift::WhileStmt, WhileStmtTag)
+    MAP(swift::DoStmt, DoStmtTag)
+    MAP(swift::DoCatchStmt, DoCatchStmtTag)
+    MAP(swift::RepeatWhileStmt, RepeatWhileStmtTag)
+    MAP(swift::ForEachStmt, ForEachStmtTag)
+    MAP(swift::SwitchStmt, SwitchStmtTag)
+  MAP(swift::CaseStmt, CaseStmtTag)
+  MAP(swift::BreakStmt, BreakStmtTag)
+  MAP(swift::ContinueStmt, ContinueStmtTag)
+  MAP(swift::FallthroughStmt, FallthroughStmtTag)
+  MAP(swift::FailStmt, FailStmtTag)
+  MAP(swift::ThrowStmt, ThrowStmtTag)
+  MAP(swift::PoundAssertStmt, PoundAssertStmtTag)
 
-MAP_TAG(Expr);
-MAP_TAG(Argument);
-#define ABSTRACT_EXPR(CLASS, PARENT) MAP_SUBTAG(CLASS##Expr, PARENT)
-#define EXPR(CLASS, PARENT) ABSTRACT_EXPR(CLASS, PARENT)
-#include <swift/AST/ExprNodes.def>
+MAP(swift::Argument, ArgumentTag)
+MAP(swift::Expr, ExprTag)
+  MAP(swift::ErrorExpr, ErrorExprTag)
+  MAP(swift::LiteralExpr, LiteralExprTag)
+    MAP(swift::NilLiteralExpr, NilLiteralExprTag)
+    MAP(swift::BuiltinLiteralExpr, BuiltinLiteralExprTag)
+      MAP(swift::BooleanLiteralExpr, BooleanLiteralExprTag)
+      MAP(swift::NumberLiteralExpr, NumberLiteralExprTag)
+        MAP(swift::IntegerLiteralExpr, IntegerLiteralExprTag)
+        MAP(swift::FloatLiteralExpr, FloatLiteralExprTag)
+      MAP(swift::StringLiteralExpr, StringLiteralExprTag)
+      MAP(swift::MagicIdentifierLiteralExpr, MagicIdentifierLiteralExprTag)
+    MAP(swift::InterpolatedStringLiteralExpr, InterpolatedStringLiteralExprTag)
+    MAP(swift::RegexLiteralExpr, RegexLiteralExprTag)
+    MAP(swift::ObjectLiteralExpr, ObjectLiteralExprTag)
+  MAP(swift::DiscardAssignmentExpr, DiscardAssignmentExprTag)
+  MAP(swift::DeclRefExpr, DeclRefExprTag)
+  MAP(swift::SuperRefExpr, SuperRefExprTag)
+  MAP(swift::TypeExpr, TypeExprTag)
+  MAP(swift::OtherConstructorDeclRefExpr, OtherConstructorDeclRefExprTag)
+  MAP(swift::DotSyntaxBaseIgnoredExpr, DotSyntaxBaseIgnoredExprTag)
+  MAP(swift::OverloadSetRefExpr, OverloadedDeclRefExprTag)  // collapsed with its only derived class OverloadedDeclRefExpr
+    MAP(swift::OverloadedDeclRefExpr, OverloadedDeclRefExprTag)
+  MAP(swift::UnresolvedDeclRefExpr, UnresolvedDeclRefExprTag)
+  MAP(swift::LookupExpr, LookupExprTag)
+    MAP(swift::MemberRefExpr, MemberRefExprTag)
+    MAP(swift::SubscriptExpr, SubscriptExprTag)
+    MAP(swift::DynamicLookupExpr, DynamicLookupExprTag)
+      MAP(swift::DynamicMemberRefExpr, DynamicMemberRefExprTag)
+      MAP(swift::DynamicSubscriptExpr, DynamicSubscriptExprTag)
+  MAP(swift::UnresolvedSpecializeExpr, UnresolvedSpecializeExprTag)
+  MAP(swift::UnresolvedMemberExpr, UnresolvedMemberExprTag)
+  MAP(swift::UnresolvedDotExpr, UnresolvedDotExprTag)
+  MAP(swift::SequenceExpr, SequenceExprTag)
+  MAP(swift::IdentityExpr, IdentityExprTag)
+    MAP(swift::ParenExpr, ParenExprTag)
+    MAP(swift::DotSelfExpr, DotSelfExprTag)
+    MAP(swift::AwaitExpr, AwaitExprTag)
+    MAP(swift::UnresolvedMemberChainResultExpr, UnresolvedMemberChainResultExprTag)
+  MAP(swift::AnyTryExpr, AnyTryExprTag)
+    MAP(swift::TryExpr, TryExprTag)
+    MAP(swift::ForceTryExpr, ForceTryExprTag)
+    MAP(swift::OptionalTryExpr, OptionalTryExprTag)
+  MAP(swift::TupleExpr, TupleExprTag)
+  MAP(swift::CollectionExpr, CollectionExprTag)
+    MAP(swift::ArrayExpr, ArrayExprTag)
+    MAP(swift::DictionaryExpr, DictionaryExprTag)
+  MAP(swift::KeyPathApplicationExpr, KeyPathApplicationExprTag)
+  MAP(swift::TupleElementExpr, TupleElementExprTag)
+  MAP(swift::CaptureListExpr, CaptureListExprTag)
+  MAP(swift::AbstractClosureExpr, AbstractClosureExprTag)
+    MAP(swift::ClosureExpr, ClosureExprTag)
+    MAP(swift::AutoClosureExpr, AutoClosureExprTag)
+  MAP(swift::InOutExpr, InOutExprTag)
+  MAP(swift::VarargExpansionExpr, VarargExpansionExprTag)
+  MAP(swift::DynamicTypeExpr, DynamicTypeExprTag)
+  MAP(swift::RebindSelfInConstructorExpr, RebindSelfInConstructorExprTag)
+  MAP(swift::OpaqueValueExpr, OpaqueValueExprTag)
+  MAP(swift::PropertyWrapperValuePlaceholderExpr, PropertyWrapperValuePlaceholderExprTag)
+  MAP(swift::AppliedPropertyWrapperExpr, AppliedPropertyWrapperExprTag)
+  MAP(swift::DefaultArgumentExpr, DefaultArgumentExprTag)
+  MAP(swift::BindOptionalExpr, BindOptionalExprTag)
+  MAP(swift::OptionalEvaluationExpr, OptionalEvaluationExprTag)
+  MAP(swift::ForceValueExpr, ForceValueExprTag)
+  MAP(swift::OpenExistentialExpr, OpenExistentialExprTag)
+  MAP(swift::MakeTemporarilyEscapableExpr, MakeTemporarilyEscapableExprTag)
+  MAP(swift::ApplyExpr, ApplyExprTag)
+    MAP(swift::CallExpr, CallExprTag)
+    MAP(swift::PrefixUnaryExpr, PrefixUnaryExprTag)
+    MAP(swift::PostfixUnaryExpr, PostfixUnaryExprTag)
+    MAP(swift::BinaryExpr, BinaryExprTag)
+    MAP(swift::SelfApplyExpr, SelfApplyExprTag)
+      MAP(swift::DotSyntaxCallExpr, DotSyntaxCallExprTag)
+      MAP(swift::ConstructorRefCallExpr, ConstructorRefCallExprTag)
+  MAP(swift::ImplicitConversionExpr, ImplicitConversionExprTag)
+    MAP(swift::LoadExpr, LoadExprTag)
+    MAP(swift::DestructureTupleExpr, DestructureTupleExprTag)
+    MAP(swift::UnresolvedTypeConversionExpr, UnresolvedTypeConversionExprTag)
+    MAP(swift::FunctionConversionExpr, FunctionConversionExprTag)
+    MAP(swift::CovariantFunctionConversionExpr, CovariantFunctionConversionExprTag)
+    MAP(swift::CovariantReturnConversionExpr, CovariantReturnConversionExprTag)
+    MAP(swift::MetatypeConversionExpr, MetatypeConversionExprTag)
+    MAP(swift::CollectionUpcastConversionExpr, CollectionUpcastConversionExprTag)
+    MAP(swift::ErasureExpr, ErasureExprTag)
+    MAP(swift::AnyHashableErasureExpr, AnyHashableErasureExprTag)
+    MAP(swift::BridgeToObjCExpr, BridgeToObjCExprTag)
+    MAP(swift::BridgeFromObjCExpr, BridgeFromObjCExprTag)
+    MAP(swift::ConditionalBridgeFromObjCExpr, ConditionalBridgeFromObjCExprTag)
+    MAP(swift::DerivedToBaseExpr, DerivedToBaseExprTag)
+    MAP(swift::ArchetypeToSuperExpr, ArchetypeToSuperExprTag)
+    MAP(swift::InjectIntoOptionalExpr, InjectIntoOptionalExprTag)
+    MAP(swift::ClassMetatypeToObjectExpr, ClassMetatypeToObjectExprTag)
+    MAP(swift::ExistentialMetatypeToObjectExpr, ExistentialMetatypeToObjectExprTag)
+    MAP(swift::ProtocolMetatypeToObjectExpr, ProtocolMetatypeToObjectExprTag)
+    MAP(swift::InOutToPointerExpr, InOutToPointerExprTag)
+    MAP(swift::ArrayToPointerExpr, ArrayToPointerExprTag)
+    MAP(swift::StringToPointerExpr, StringToPointerExprTag)
+    MAP(swift::PointerToPointerExpr, PointerToPointerExprTag)
+    MAP(swift::ForeignObjectConversionExpr, ForeignObjectConversionExprTag)
+    MAP(swift::UnevaluatedInstanceExpr, UnevaluatedInstanceExprTag)
+    MAP(swift::UnderlyingToOpaqueExpr, UnderlyingToOpaqueExprTag)
+    MAP(swift::DifferentiableFunctionExpr, DifferentiableFunctionExprTag)
+    MAP(swift::LinearFunctionExpr, LinearFunctionExprTag)
+    MAP(swift::DifferentiableFunctionExtractOriginalExpr, DifferentiableFunctionExtractOriginalExprTag)
+    MAP(swift::LinearFunctionExtractOriginalExpr, LinearFunctionExtractOriginalExprTag)
+    MAP(swift::LinearToDifferentiableFunctionExpr, LinearToDifferentiableFunctionExprTag)
+    MAP(swift::ReifyPackExpr, void)  // experimental variadic generics
+    MAP(swift::ABISafeConversionExpr, AbiSafeConversionExprTag)  // different acronym convention
+  MAP(swift::ExplicitCastExpr, ExplicitCastExprTag)
+    MAP(swift::CheckedCastExpr, CheckedCastExprTag)
+      MAP(swift::ForcedCheckedCastExpr, ForcedCheckedCastExprTag)
+      MAP(swift::ConditionalCheckedCastExpr, ConditionalCheckedCastExprTag)
+      MAP(swift::IsExpr, IsExprTag)
+    MAP(swift::CoerceExpr, CoerceExprTag)
+  MAP(swift::ArrowExpr, void)  // not present after the Sema phase
+  MAP(swift::IfExpr, IfExprTag)
+  MAP(swift::EnumIsCaseExpr, EnumIsCaseExprTag)
+  MAP(swift::AssignExpr, AssignExprTag)
+  MAP(swift::CodeCompletionExpr, void) // only generated for code editing
+  MAP(swift::UnresolvedPatternExpr, UnresolvedPatternExprTag)
+  MAP(swift::LazyInitializerExpr, LazyInitializerExprTag)
+  MAP(swift::EditorPlaceholderExpr, void)  // only generated for code editing
+  MAP(swift::ObjCSelectorExpr, ObjCSelectorExprTag)
+  MAP(swift::KeyPathExpr, KeyPathExprTag)
+  MAP(swift::KeyPathDotExpr, KeyPathDotExprTag)
+  MAP(swift::OneWayExpr, OneWayExprTag)
+  MAP(swift::TapExpr, TapExprTag)
+  MAP(swift::PackExpr, void)  // experimental variadic generics
 
-MAP_TAG(Decl);
-#define ABSTRACT_DECL(CLASS, PARENT) MAP_SUBTAG(CLASS##Decl, PARENT)
-#define DECL(CLASS, PARENT) ABSTRACT_DECL(CLASS, PARENT)
-#include <swift/AST/DeclNodes.def>
+MAP(swift::Decl, DeclTag)
+  MAP(swift::ValueDecl, ValueDeclTag)
+    MAP(swift::TypeDecl, TypeDeclTag)
+      MAP(swift::GenericTypeDecl, GenericTypeDeclTag)
+        MAP(swift::NominalTypeDecl, NominalTypeDeclTag)
+          MAP(swift::EnumDecl, EnumDeclTag)
+          MAP(swift::StructDecl, StructDeclTag)
+          MAP(swift::ClassDecl, ClassDeclTag)
+          MAP(swift::ProtocolDecl, ProtocolDeclTag)
+        MAP(swift::OpaqueTypeDecl, OpaqueTypeDeclTag)
+        MAP(swift::TypeAliasDecl, TypeAliasDeclTag)
+      MAP(swift::AbstractTypeParamDecl, AbstractTypeParamDeclTag)
+        MAP(swift::GenericTypeParamDecl, GenericTypeParamDeclTag)
+        MAP(swift::AssociatedTypeDecl, AssociatedTypeDeclTag)
+      MAP(swift::ModuleDecl, ModuleDeclTag)
+    MAP(swift::AbstractStorageDecl, AbstractStorageDeclTag)
+      MAP(swift::VarDecl, VarDeclTag)
+        MAP_CONCRETE(swift::VarDecl, ConcreteVarDeclTag)
+        MAP(swift::ParamDecl, ParamDeclTag)
+      MAP(swift::SubscriptDecl, SubscriptDeclTag)
+    MAP(swift::AbstractFunctionDecl, AbstractFunctionDeclTag)
+      MAP(swift::ConstructorDecl, ConstructorDeclTag)
+      MAP(swift::DestructorDecl, DestructorDeclTag)
+      MAP(swift::FuncDecl, FuncDeclTag)
+        MAP_CONCRETE(swift::FuncDecl, ConcreteFuncDeclTag)
+        MAP(swift::AccessorDecl, AccessorDeclTag)
+    MAP(swift::EnumElementDecl, EnumElementDeclTag)
+  MAP(swift::ExtensionDecl, ExtensionDeclTag)
+  MAP(swift::TopLevelCodeDecl, TopLevelCodeDeclTag)
+  MAP(swift::ImportDecl, ImportDeclTag)
+  MAP(swift::IfConfigDecl, IfConfigDeclTag)
+  MAP(swift::PoundDiagnosticDecl, PoundDiagnosticDeclTag)
+  MAP(swift::PrecedenceGroupDecl, PrecedenceGroupDeclTag)
+  MAP(swift::MissingMemberDecl, MissingMemberDeclTag)
+  MAP(swift::PatternBindingDecl, PatternBindingDeclTag)
+  MAP(swift::EnumCaseDecl, EnumCaseDeclTag)
+  MAP(swift::OperatorDecl, OperatorDeclTag)
+    MAP(swift::InfixOperatorDecl, InfixOperatorDeclTag)
+    MAP(swift::PrefixOperatorDecl, PrefixOperatorDeclTag)
+    MAP(swift::PostfixOperatorDecl, PostfixOperatorDeclTag)
 
-MAP_TAG(Pattern);
-#define ABSTRACT_PATTERN(CLASS, PARENT) MAP_SUBTAG(CLASS##Pattern, PARENT)
-#define PATTERN(CLASS, PARENT) ABSTRACT_PATTERN(CLASS, PARENT)
-#include <swift/AST/PatternNodes.def>
+MAP(swift::Pattern, PatternTag)
+  MAP(swift::ParenPattern, ParenPatternTag)
+  MAP(swift::TuplePattern, TuplePatternTag)
+  MAP(swift::NamedPattern, NamedPatternTag)
+  MAP(swift::AnyPattern, AnyPatternTag)
+  MAP(swift::TypedPattern, TypedPatternTag)
+  MAP(swift::BindingPattern, BindingPatternTag)
+  MAP(swift::IsPattern, IsPatternTag)
+  MAP(swift::EnumElementPattern, EnumElementPatternTag)
+  MAP(swift::OptionalSomePattern, OptionalSomePatternTag)
+  MAP(swift::BoolPattern, BoolPatternTag)
+  MAP(swift::ExprPattern, ExprPatternTag)
 
-MAP_TAG(TypeRepr);
-
-MAP_TYPE_TO_TAG(swift::TypeBase, TypeTag);
-#define ABSTRACT_TYPE(CLASS, PARENT) MAP_SUBTAG(CLASS##Type, PARENT)
-#define TYPE(CLASS, PARENT) ABSTRACT_TYPE(CLASS, PARENT)
-#include <swift/AST/TypeNodes.def>
-
-OVERRIDE_TAG(FuncDecl, ConcreteFuncDeclTag);
-OVERRIDE_TAG(VarDecl, ConcreteVarDeclTag);
-
-MAP_TYPE_TO_TAG(std::filesystem::path, DbFileTag);
-
-#undef MAP_TAG
-#undef MAP_SUBTAG
-#undef MAP_TYPE_TO_TAG
-#undef OVERRIDE_TAG
-
-// All the other macros defined here are undefined by the .def files
+MAP(swift::TypeRepr, TypeReprTag)
 
+MAP(swift::Type, TypeTag)
+MAP(swift::TypeBase, TypeTag)
+  MAP(swift::ErrorType, ErrorTypeTag)
+  MAP(swift::UnresolvedType, UnresolvedTypeTag)
+  MAP(swift::PlaceholderType, void)  // appears in ambiguous types but are then transformed to UnresolvedType
+  MAP(swift::BuiltinType, BuiltinTypeTag)
+    MAP(swift::AnyBuiltinIntegerType, AnyBuiltinIntegerTypeTag)
+      MAP(swift::BuiltinIntegerType, BuiltinIntegerTypeTag)
+      MAP(swift::BuiltinIntegerLiteralType, BuiltinIntegerLiteralTypeTag)
+    MAP(swift::BuiltinExecutorType, BuiltinExecutorTypeTag)
+    MAP(swift::BuiltinFloatType, BuiltinFloatTypeTag)
+    MAP(swift::BuiltinJobType, BuiltinJobTypeTag)
+    MAP(swift::BuiltinRawPointerType, BuiltinRawPointerTypeTag)
+    MAP(swift::BuiltinRawUnsafeContinuationType, BuiltinRawUnsafeContinuationTypeTag)
+    MAP(swift::BuiltinNativeObjectType, BuiltinNativeObjectTypeTag)
+    MAP(swift::BuiltinBridgeObjectType, BuiltinBridgeObjectTypeTag)
+    MAP(swift::BuiltinUnsafeValueBufferType, BuiltinUnsafeValueBufferTypeTag)
+    MAP(swift::BuiltinDefaultActorStorageType, BuiltinDefaultActorStorageTypeTag)
+    MAP(swift::BuiltinVectorType, BuiltinVectorTypeTag)
+  MAP(swift::TupleType, TupleTypeTag)
+  MAP(swift::ReferenceStorageType, ReferenceStorageTypeTag)
+  MAP(swift::WeakStorageType, WeakStorageTypeTag)
+  MAP(swift::UnownedStorageType, UnownedStorageTypeTag)
+  MAP(swift::UnmanagedStorageType, UnmanagedStorageTypeTag)
+  MAP(swift::AnyGenericType, AnyGenericTypeTag)
+    MAP(swift::NominalOrBoundGenericNominalType, NominalOrBoundGenericNominalTypeTag)
+      MAP(swift::NominalType, NominalTypeTag)
+        MAP(swift::EnumType, EnumTypeTag)
+        MAP(swift::StructType, StructTypeTag)
+        MAP(swift::ClassType, ClassTypeTag)
+        MAP(swift::ProtocolType, ProtocolTypeTag)
+      MAP(swift::BoundGenericType, BoundGenericTypeTag)
+        MAP(swift::BoundGenericClassType, BoundGenericClassTypeTag)
+        MAP(swift::BoundGenericEnumType, BoundGenericEnumTypeTag)
+        MAP(swift::BoundGenericStructType, BoundGenericStructTypeTag)
+    MAP(swift::UnboundGenericType, UnboundGenericTypeTag)
+  MAP(swift::AnyMetatypeType, AnyMetatypeTypeTag)
+    MAP(swift::MetatypeType, MetatypeTypeTag)
+    MAP(swift::ExistentialMetatypeType, ExistentialMetatypeTypeTag)
+  MAP(swift::ModuleType, ModuleTypeTag)
+  MAP(swift::DynamicSelfType, DynamicSelfTypeTag)
+  MAP(swift::SubstitutableType, SubstitutableTypeTag)
+    MAP(swift::ArchetypeType, ArchetypeTypeTag)
+      MAP(swift::PrimaryArchetypeType, PrimaryArchetypeTypeTag)
+      MAP(swift::OpaqueTypeArchetypeType, OpaqueTypeArchetypeTypeTag)
+      MAP(swift::OpenedArchetypeType, OpenedArchetypeTypeTag)
+      MAP(swift::SequenceArchetypeType, void)  // experimental variadic generics
+    MAP(swift::GenericTypeParamType, GenericTypeParamTypeTag)
+  MAP(swift::DependentMemberType, DependentMemberTypeTag)
+  MAP(swift::AnyFunctionType, AnyFunctionTypeTag)
+    MAP(swift::FunctionType, FunctionTypeTag)
+    MAP(swift::GenericFunctionType, GenericFunctionTypeTag)
+  MAP(swift::SILFunctionType, void)  // SIL types cannot really appear in the frontend run)
+  MAP(swift::SILBlockStorageType, void)  // SIL types cannot really appear in the frontend run)
+  MAP(swift::SILBoxType, void)  // SIL types cannot really appear in the frontend run)
+  MAP(swift::SILTokenType, void)  // SIL types cannot really appear in the frontend run)
+  MAP(swift::ProtocolCompositionType, ProtocolCompositionTypeTag)
+  MAP(swift::ParameterizedProtocolType, ParameterizedProtocolTypeTag)
+  MAP(swift::ExistentialType, ExistentialTypeTag)
+  MAP(swift::LValueType, LValueTypeTag)
+  MAP(swift::InOutType, InOutTypeTag)
+  MAP(swift::PackType, void)  // experimental variadic generics
+  MAP(swift::PackExpansionType, void)  // experimental variadic generics
+  MAP(swift::TypeVariableType, void)  // created during type checking and only used for constraint checking
+  MAP(swift::SugarType, SugarTypeTag)
+    MAP(swift::ParenType, ParenTypeTag)
+    MAP(swift::TypeAliasType, TypeAliasTypeTag)
+    MAP(swift::SyntaxSugarType, SyntaxSugarTypeTag)
+      MAP(swift::UnarySyntaxSugarType, UnarySyntaxSugarTypeTag)
+        MAP(swift::ArraySliceType, ArraySliceTypeTag)
+        MAP(swift::OptionalType, OptionalTypeTag)
+        MAP(swift::VariadicSequenceType, VariadicSequenceTypeTag)
+      MAP(swift::DictionaryType, DictionaryTypeTag)
+// clang-format on
+#undef MAP
+#undef MAP_CONCRETE
 }  // namespace codeql
diff --git a/swift/extractor/infra/file/Path.cpp b/swift/extractor/infra/file/Path.cpp
new file mode 100644
index 00000000000..f114bfdd41b
--- /dev/null
+++ b/swift/extractor/infra/file/Path.cpp
@@ -0,0 +1,36 @@
+#include "swift/extractor/infra/file/Path.h"
+#include <iostream>
+#include <unistd.h>
+
+namespace codeql {
+
+static bool shouldCanonicalize() {
+  auto preserve = getenv("CODEQL_PRESERVE_SYMLINKS");
+  if (preserve && std::string(preserve) == "true") {
+    return false;
+  }
+  preserve = getenv("SEMMLE_PRESERVE_SYMLINKS");
+  if (preserve && std::string(preserve) == "true") {
+    return false;
+  }
+  return true;
+}
+
+std::filesystem::path resolvePath(std::string_view path) {
+  std::error_code ec;
+  std::filesystem::path ret = {};
+  static const auto canonicalize = shouldCanonicalize();
+  if (canonicalize) {
+    ret = std::filesystem::canonical(path, ec);
+  } else {
+    ret = std::filesystem::absolute(path, ec);
+  }
+  if (ec) {
+    std::cerr << "Cannot get " << (canonicalize ? "canonical" : "absolute")
+              << " path: " << std::quoted(path) << ": " << ec.message() << "\n";
+    return path;
+  }
+  return ret;
+}
+
+}  // namespace codeql
diff --git a/swift/extractor/infra/file/Path.h b/swift/extractor/infra/file/Path.h
new file mode 100644
index 00000000000..c1a31786454
--- /dev/null
+++ b/swift/extractor/infra/file/Path.h
@@ -0,0 +1,7 @@
+#pragma once
+
+#include <filesystem>
+
+namespace codeql {
+std::filesystem::path resolvePath(std::string_view path);
+}
diff --git a/swift/extractor/main.cpp b/swift/extractor/main.cpp
index ff975f5c25d..b56fc190315 100644
--- a/swift/extractor/main.cpp
+++ b/swift/extractor/main.cpp
@@ -16,6 +16,7 @@
 #include "swift/extractor/remapping/SwiftOpenInterception.h"
 #include "swift/extractor/invocation/SwiftDiagnosticsConsumer.h"
 #include "swift/extractor/trap/TrapDomain.h"
+#include <swift/Basic/InitializeSwiftModules.h>
 
 using namespace std::string_literals;
 
@@ -129,6 +130,7 @@ int main(int argc, char** argv) {
   // Required by Swift/LLVM
   PROGRAM_START(argc, argv);
   INITIALIZE_LLVM();
+  initializeSwiftModules();
 
   codeql::SwiftExtractorConfiguration configuration{};
   configuration.trapDir = getenv_or("CODEQL_EXTRACTOR_SWIFT_TRAP_DIR", ".");
diff --git a/swift/extractor/print_unextracted/main.cpp b/swift/extractor/print_unextracted/main.cpp
index 9496abd752e..09832ce992e 100644
--- a/swift/extractor/print_unextracted/main.cpp
+++ b/swift/extractor/print_unextracted/main.cpp
@@ -1,4 +1,6 @@
 #include <iostream>
+#include <vector>
+#include <map>
 
 #include "swift/extractor/translators/DeclTranslator.h"
 #include "swift/extractor/translators/ExprTranslator.h"
@@ -8,37 +10,35 @@
 
 using namespace codeql;
 
-#define CHECK_CLASS(KIND, CLASS, PARENT)                             \
-  if (!detail::HasTranslate##CLASS##KIND<KIND##Translator>::value && \
-      !detail::HasTranslate##PARENT<KIND##Translator>::value) {      \
-    std::cout << "  " #CLASS #KIND "\n";                             \
-  }
-
 int main() {
-  std::cout << "Unextracted Decls:\n";
+  std::map<const char*, std::vector<const char*>> unextracted;
+
+#define CHECK_CLASS(KIND, CLASS, PARENT)                                                \
+  if (KIND##Translator::getPolicyFor##CLASS##KIND() == TranslatorPolicy::emitUnknown) { \
+    unextracted[#KIND].push_back(#CLASS #KIND);                                         \
+  }
 
 #define DECL(CLASS, PARENT) CHECK_CLASS(Decl, CLASS, PARENT)
 #include "swift/AST/DeclNodes.def"
 
-  std::cout << "\nUnextracted Stmts:\n";
-
 #define STMT(CLASS, PARENT) CHECK_CLASS(Stmt, CLASS, PARENT)
 #include "swift/AST/StmtNodes.def"
 
-  std::cout << "\nUnextracted Exprs:\n";
-
 #define EXPR(CLASS, PARENT) CHECK_CLASS(Expr, CLASS, PARENT)
 #include "swift/AST/ExprNodes.def"
 
-  std::cout << "\nUnextracted Patterns:\n";
-
 #define PATTERN(CLASS, PARENT) CHECK_CLASS(Pattern, CLASS, PARENT)
 #include "swift/AST/PatternNodes.def"
 
-  std::cout << "\nUnextracted Types:\n";
-
 #define TYPE(CLASS, PARENT) CHECK_CLASS(Type, CLASS, PARENT)
 #include "swift/AST/TypeNodes.def"
 
+  for (const auto& [kind, classes] : unextracted) {
+    std::cout << "Unextracted " << kind << " subclasses:\n";
+    for (auto cls : classes) {
+      std::cout << "  " << cls << '\n';
+    }
+    std::cout << '\n';
+  }
   return 0;
 }
diff --git a/swift/extractor/remapping/SwiftOpenInterception.macOS.cpp b/swift/extractor/remapping/SwiftOpenInterception.macOS.cpp
index 035492fd385..d378a571e58 100644
--- a/swift/extractor/remapping/SwiftOpenInterception.macOS.cpp
+++ b/swift/extractor/remapping/SwiftOpenInterception.macOS.cpp
@@ -27,7 +27,7 @@ static std::string originalHashFile(const fs::path& filename) {
 }
 
 static int codeql_open(const char* path, int oflag, ...) {
-  va_list ap = {0};
+  va_list ap;
   mode_t mode = 0;
   if ((oflag & O_CREAT) != 0) {
     // mode only applies to O_CREAT
@@ -61,7 +61,7 @@ void finalizeRemapping(
     }
     auto hash = originalHashFile(original);
     auto hashed = scratchDir / hash;
-    if (!hash.empty() && fs::exists(hashed)) {
+    if (!hash.empty() && fs::exists(patched)) {
       std::error_code ec;
       fs::create_symlink(/* target */ patched, /* symlink */ hashed, ec);
       if (ec) {
diff --git a/swift/extractor/translators/DeclTranslator.cpp b/swift/extractor/translators/DeclTranslator.cpp
index 9e9b6009703..09927cad47b 100644
--- a/swift/extractor/translators/DeclTranslator.cpp
+++ b/swift/extractor/translators/DeclTranslator.cpp
@@ -3,6 +3,7 @@
 #include <swift/AST/GenericParamList.h>
 #include <swift/AST/ParameterList.h>
 #include "swift/extractor/infra/SwiftDiagnosticKind.h"
+#include "swift/AST/PropertyWrappers.h"
 
 namespace codeql {
 namespace {
@@ -85,6 +86,11 @@ std::optional<codeql::ParamDecl> DeclTranslator::translateParamDecl(const swift:
   }
   fillVarDecl(decl, *entry);
   entry->is_inout = decl.isInOut();
+  if (auto wrapped = decl.getPropertyWrapperWrappedValueVar()) {
+    entry->property_wrapper_local_wrapped_var = dispatcher.fetchLabel(wrapped);
+    entry->property_wrapper_local_wrapped_var_binding =
+        dispatcher.fetchLabel(wrapped->getParentPatternBinding());
+  }
   return entry;
 }
 
@@ -225,6 +231,18 @@ std::optional<codeql::AccessorDecl> DeclTranslator::translateAccessorDecl(
     case swift::AccessorKind::DidSet:
       entry->is_did_set = true;
       break;
+    case swift::AccessorKind::Read:
+      entry->is_read = true;
+      break;
+    case swift::AccessorKind::Modify:
+      entry->is_modify = true;
+      break;
+    case swift::AccessorKind::Address:
+      entry->is_unsafe_address = true;
+      break;
+    case swift::AccessorKind::MutableAddress:
+      entry->is_unsafe_mutable_address = true;
+      break;
   }
   fillAbstractFunctionDecl(decl, *entry);
   return entry;
@@ -355,6 +373,16 @@ void DeclTranslator::fillVarDecl(const swift::VarDecl& decl, codeql::VarDecl& en
         dispatcher.fetchOptionalLabel(decl.getPropertyWrapperBackingPropertyType());
   }
   fillAbstractStorageDecl(decl, entry);
+  if (auto backing = decl.getPropertyWrapperBackingProperty()) {
+    entry.property_wrapper_backing_var = dispatcher.fetchLabel(backing);
+    entry.property_wrapper_backing_var_binding =
+        dispatcher.fetchLabel(backing->getParentPatternBinding());
+  }
+  if (auto projection = decl.getPropertyWrapperProjectionVar()) {
+    entry.property_wrapper_projection_var = dispatcher.fetchLabel(projection);
+    entry.property_wrapper_projection_var_binding =
+        dispatcher.fetchLabel(projection->getParentPatternBinding());
+  }
 }
 
 void DeclTranslator::fillNominalTypeDecl(const swift::NominalTypeDecl& decl,
diff --git a/swift/extractor/translators/DeclTranslator.h b/swift/extractor/translators/DeclTranslator.h
index f72a29437d5..12fe39465b3 100644
--- a/swift/extractor/translators/DeclTranslator.h
+++ b/swift/extractor/translators/DeclTranslator.h
@@ -65,9 +65,9 @@ class DeclTranslator : public AstTranslatorBase<DeclTranslator> {
                                codeql::AbstractStorageDecl& entry);
 
   template <typename D>
-  std::optional<TrapClassOf<D>> createNamedEntry(const D& decl) {
-    auto id = dispatcher.assignNewLabel(decl, mangledName(decl));
+  auto createNamedEntry(const D& decl) {
     std::optional<TrapClassOf<D>> entry;
+    auto id = dispatcher.assignNewLabel(decl, mangledName(decl));
     if (dispatcher.shouldEmitDeclBody(decl)) {
       entry.emplace(id);
       fillDecl(decl, *entry);
@@ -76,7 +76,7 @@ class DeclTranslator : public AstTranslatorBase<DeclTranslator> {
   }
 
   template <typename D>
-  TrapClassOf<D> createEntry(const D& decl) {
+  auto createEntry(const D& decl) {
     TrapClassOf<D> entry{dispatcher.template assignNewLabel(decl)};
     fillDecl(decl, entry);
     return entry;
diff --git a/swift/extractor/translators/ExprTranslator.cpp b/swift/extractor/translators/ExprTranslator.cpp
index f51839d623e..fa521269e86 100644
--- a/swift/extractor/translators/ExprTranslator.cpp
+++ b/swift/extractor/translators/ExprTranslator.cpp
@@ -16,6 +16,9 @@ void ExprTranslator::fillAccessorSemantics(const T& ast, TrapClassOf<T>& entry)
     case swift::AccessSemantics::Ordinary:
       entry.has_ordinary_semantics = true;
       break;
+    case swift::AccessSemantics::DistributedThunk:
+      entry.has_distributed_thunk_semantics = true;
+      break;
   }
 }
 
diff --git a/swift/extractor/translators/TranslatorBase.h b/swift/extractor/translators/TranslatorBase.h
index 0f08442a865..5303ffd68a5 100644
--- a/swift/extractor/translators/TranslatorBase.h
+++ b/swift/extractor/translators/TranslatorBase.h
@@ -58,6 +58,13 @@ DEFINE_TRANSLATE_CHECKER(TypeRepr, , )
 #include "swift/AST/TypeReprNodes.def"
 }  // namespace detail
 
+enum class TranslatorPolicy {
+  ignore,
+  translate,
+  translateParent,
+  emitUnknown,
+};
+
 // we want to override the default swift visitor behaviour of chaining calls to immediate
 // superclasses by default and instead provide our own TBD default (using the exact type).
 // Moreover, if the implementation class has translate##CLASS##KIND (that uses generated C++
@@ -66,15 +73,30 @@ DEFINE_TRANSLATE_CHECKER(TypeRepr, , )
 // A special case is for explicitly ignored classes marked with void, which we should never
 // encounter.
 #define DEFINE_VISIT(KIND, CLASS, PARENT)                                            \
+ public:                                                                             \
+  static constexpr TranslatorPolicy getPolicyFor##CLASS##KIND() {                    \
+    if constexpr (std::is_same_v<TrapTagOf<swift::CLASS##KIND>, void>) {             \
+      return TranslatorPolicy::ignore;                                               \
+    } else if constexpr (detail::HasTranslate##CLASS##KIND<CrtpSubclass>::value) {   \
+      return TranslatorPolicy::translate;                                            \
+    } else if constexpr (detail::HasTranslate##PARENT<CrtpSubclass>::value) {        \
+      return TranslatorPolicy::translateParent;                                      \
+    } else {                                                                         \
+      return TranslatorPolicy::emitUnknown;                                          \
+    }                                                                                \
+  }                                                                                  \
+                                                                                     \
+ private:                                                                            \
   void visit##CLASS##KIND(swift::CLASS##KIND* e) {                                   \
-    if constexpr (std::is_same_v<CLASS##KIND##Tag, void>) {                          \
+    constexpr auto policy = getPolicyFor##CLASS##KIND();                             \
+    if constexpr (policy == TranslatorPolicy::ignore) {                              \
       std::cerr << "Unexpected " #CLASS #KIND "\n";                                  \
       return;                                                                        \
-    } else if constexpr (detail::HasTranslate##CLASS##KIND<CrtpSubclass>::value) {   \
+    } else if constexpr (policy == TranslatorPolicy::translate) {                    \
       dispatcher.emit(static_cast<CrtpSubclass*>(this)->translate##CLASS##KIND(*e)); \
-    } else if constexpr (detail::HasTranslate##PARENT<CrtpSubclass>::value) {        \
+    } else if constexpr (policy == TranslatorPolicy::translateParent) {              \
       dispatcher.emit(static_cast<CrtpSubclass*>(this)->translate##PARENT(*e));      \
-    } else {                                                                         \
+    } else if constexpr (policy == TranslatorPolicy::emitUnknown) {                  \
       dispatcher.emitUnknown(e);                                                     \
     }                                                                                \
   }
diff --git a/swift/extractor/translators/TypeTranslator.cpp b/swift/extractor/translators/TypeTranslator.cpp
index cb8e97415b3..f86aa7f72de 100644
--- a/swift/extractor/translators/TypeTranslator.cpp
+++ b/swift/extractor/translators/TypeTranslator.cpp
@@ -258,4 +258,20 @@ codeql::OpaqueTypeArchetypeType TypeTranslator::translateOpaqueTypeArchetypeType
   entry.declaration = dispatcher.fetchLabel(type.getDecl());
   return entry;
 }
+
+codeql::ErrorType TypeTranslator::translateErrorType(const swift::ErrorType& type) {
+  return createTypeEntry(type);
+}
+
+codeql::UnresolvedType TypeTranslator::translateUnresolvedType(const swift::UnresolvedType& type) {
+  return createTypeEntry(type);
+}
+
+codeql::ParameterizedProtocolType TypeTranslator::translateParameterizedProtocolType(
+    const swift::ParameterizedProtocolType& type) {
+  auto entry = createTypeEntry(type);
+  entry.base = dispatcher.fetchLabel(type.getBaseType());
+  entry.args = dispatcher.fetchRepeatedLabels(type.getArgs());
+  return entry;
+}
 }  // namespace codeql
diff --git a/swift/extractor/translators/TypeTranslator.h b/swift/extractor/translators/TypeTranslator.h
index 95ad6a8b6b9..40b9db04d49 100644
--- a/swift/extractor/translators/TypeTranslator.h
+++ b/swift/extractor/translators/TypeTranslator.h
@@ -71,6 +71,10 @@ class TypeTranslator : public TypeTranslatorBase<TypeTranslator> {
   codeql::ModuleType translateModuleType(const swift::ModuleType& type);
   codeql::OpaqueTypeArchetypeType translateOpaqueTypeArchetypeType(
       const swift::OpaqueTypeArchetypeType& type);
+  codeql::ErrorType translateErrorType(const swift::ErrorType& type);
+  codeql::UnresolvedType translateUnresolvedType(const swift::UnresolvedType& type);
+  codeql::ParameterizedProtocolType translateParameterizedProtocolType(
+      const swift::ParameterizedProtocolType& type);
 
  private:
   void fillType(const swift::TypeBase& type, codeql::Type& entry);
diff --git a/swift/extractor/trap/TrapTagTraits.h b/swift/extractor/trap/TrapTagTraits.h
index f0f8c41cc8d..b9c0830cd45 100644
--- a/swift/extractor/trap/TrapTagTraits.h
+++ b/swift/extractor/trap/TrapTagTraits.h
@@ -4,6 +4,7 @@
 // label tags
 
 #include <type_traits>
+#include "swift/extractor/trap/TrapLabel.h"
 
 namespace codeql {
 
@@ -14,7 +15,7 @@ struct ToTagFunctor;
 
 // can be instantiated to override the default mapping for special cases
 template <typename T>
-struct ToTagOverride : ToTagFunctor<T> {};
+struct ToTagConcreteOverride : ToTagFunctor<T> {};
 
 // must be instantiated to map trap labels to the corresponding generated binding trap entry
 template <typename Label>
@@ -27,15 +28,19 @@ struct ToTrapClassFunctor;
 
 template <typename T>
 using TrapTagOf =
-    typename detail::ToTagOverride<std::remove_const_t<std::remove_pointer_t<T>>>::type;
+    typename detail::ToTagFunctor<std::remove_const_t<std::remove_pointer_t<T>>>::type;
+
+template <typename T>
+using ConcreteTrapTagOf =
+    typename detail::ToTagConcreteOverride<std::remove_const_t<std::remove_pointer_t<T>>>::type;
 
 template <typename T>
 using TrapLabelOf = TrapLabel<TrapTagOf<T>>;
 
 template <typename T>
-using BindingTrapOf = typename detail::ToBindingTrapFunctor<TrapLabelOf<T>>::type;
+using BindingTrapOf = typename detail::ToBindingTrapFunctor<TrapLabel<ConcreteTrapTagOf<T>>>::type;
 
 template <typename T>
-using TrapClassOf = typename detail::ToTrapClassFunctor<TrapTagOf<T>>::type;
+using TrapClassOf = typename detail::ToTrapClassFunctor<ConcreteTrapTagOf<T>>::type;
 
 }  // namespace codeql
diff --git a/swift/integration-tests/.gitignore b/swift/integration-tests/.gitignore
index 9ea4244ad91..56a73ade7d3 100644
--- a/swift/integration-tests/.gitignore
+++ b/swift/integration-tests/.gitignore
@@ -1,9 +1,9 @@
 .DS_Store
 .build
 Packages
-*.xcodeproj
 xcuserdata/
 DerivedData/
 .swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
 *.actual
 db
+*.swiftmodule
diff --git a/swift/integration-tests/osx-only/canonical-case/Files.expected b/swift/integration-tests/osx-only/canonical-case/Files.expected
new file mode 100644
index 00000000000..250d73ebb0a
--- /dev/null
+++ b/swift/integration-tests/osx-only/canonical-case/Files.expected
@@ -0,0 +1,2 @@
+| MiXeDcAsE.swifT:0:0:0:0 | MiXeDcAsE.swifT |
+| file://:0:0:0:0 |  |
diff --git a/swift/integration-tests/osx-only/canonical-case/Files.ql b/swift/integration-tests/osx-only/canonical-case/Files.ql
new file mode 100644
index 00000000000..9782ea4ce0b
--- /dev/null
+++ b/swift/integration-tests/osx-only/canonical-case/Files.ql
@@ -0,0 +1,4 @@
+import swift
+
+from File f
+select f
diff --git a/swift/integration-tests/osx-only/canonical-case/MiXeDcAsE.swifT b/swift/integration-tests/osx-only/canonical-case/MiXeDcAsE.swifT
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/osx-only/canonical-case/build.sh b/swift/integration-tests/osx-only/canonical-case/build.sh
new file mode 100755
index 00000000000..4bc325edb8c
--- /dev/null
+++ b/swift/integration-tests/osx-only/canonical-case/build.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+SDK="-sdk $(xcrun -show-sdk-path)"
+FRONTEND="$(xcrun -find swift-frontend)"
+
+# This test case will only work on a case-insensitive FS (which is the default)
+$FRONTEND -frontend -c MIXEDCASE.swift $SDK
diff --git a/swift/integration-tests/osx-only/canonical-case/test.py b/swift/integration-tests/osx-only/canonical-case/test.py
new file mode 100644
index 00000000000..4aec427a4b4
--- /dev/null
+++ b/swift/integration-tests/osx-only/canonical-case/test.py
@@ -0,0 +1,5 @@
+from create_database_utils import *
+
+run_codeql_database_create([
+    './build.sh',
+], lang='swift')
diff --git a/swift/integration-tests/osx-only/hello-xcode/Files.expected b/swift/integration-tests/osx-only/hello-xcode/Files.expected
new file mode 100644
index 00000000000..217aa9e933b
--- /dev/null
+++ b/swift/integration-tests/osx-only/hello-xcode/Files.expected
@@ -0,0 +1,2 @@
+| codeql-swift-autobuild-test/AppDelegate.swift:0:0:0:0 | codeql-swift-autobuild-test/AppDelegate.swift |
+| file://:0:0:0:0 |  |
diff --git a/swift/integration-tests/osx-only/hello-xcode/Files.ql b/swift/integration-tests/osx-only/hello-xcode/Files.ql
new file mode 100644
index 00000000000..9782ea4ce0b
--- /dev/null
+++ b/swift/integration-tests/osx-only/hello-xcode/Files.ql
@@ -0,0 +1,4 @@
+import swift
+
+from File f
+select f
diff --git a/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test.xcodeproj/project.pbxproj
new file mode 100644
index 00000000000..efc35405363
--- /dev/null
+++ b/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test.xcodeproj/project.pbxproj
@@ -0,0 +1,310 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 56;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		46D4896F291B98000029E1E2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 46D4896E291B98000029E1E2 /* AppDelegate.swift */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXFileReference section */
+		46D4896B291B98000029E1E2 /* codeql-swift-autobuild-test.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "codeql-swift-autobuild-test.app"; sourceTree = BUILT_PRODUCTS_DIR; };
+		46D4896E291B98000029E1E2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		46D48968291B98000029E1E2 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		46D48962291B98000029E1E2 = {
+			isa = PBXGroup;
+			children = (
+				46D4896D291B98000029E1E2 /* codeql-swift-autobuild-test */,
+				46D4896C291B98000029E1E2 /* Products */,
+			);
+			sourceTree = "<group>";
+		};
+		46D4896C291B98000029E1E2 /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				46D4896B291B98000029E1E2 /* codeql-swift-autobuild-test.app */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		46D4896D291B98000029E1E2 /* codeql-swift-autobuild-test */ = {
+			isa = PBXGroup;
+			children = (
+				46D4896E291B98000029E1E2 /* AppDelegate.swift */,
+			);
+			path = "codeql-swift-autobuild-test";
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXNativeTarget section */
+		46D4896A291B98000029E1E2 /* codeql-swift-autobuild-test */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 46D4897A291B98020029E1E2 /* Build configuration list for PBXNativeTarget "codeql-swift-autobuild-test" */;
+			buildPhases = (
+				46D48967291B98000029E1E2 /* Sources */,
+				46D48968291B98000029E1E2 /* Frameworks */,
+				46D48969291B98000029E1E2 /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = "codeql-swift-autobuild-test";
+			productName = "codeql-swift-autobuild-test";
+			productReference = 46D4896B291B98000029E1E2 /* codeql-swift-autobuild-test.app */;
+			productType = "com.apple.product-type.application";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		46D48963291B98000029E1E2 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = 1;
+				LastSwiftUpdateCheck = 1400;
+				LastUpgradeCheck = 1400;
+				TargetAttributes = {
+					46D4896A291B98000029E1E2 = {
+						CreatedOnToolsVersion = 14.0;
+					};
+				};
+			};
+			buildConfigurationList = 46D48966291B98000029E1E2 /* Build configuration list for PBXProject "codeql-swift-autobuild-test" */;
+			compatibilityVersion = "Xcode 14.0";
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+			);
+			mainGroup = 46D48962291B98000029E1E2;
+			productRefGroup = 46D4896C291B98000029E1E2 /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				46D4896A291B98000029E1E2 /* codeql-swift-autobuild-test */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		46D48969291B98000029E1E2 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		46D48967291B98000029E1E2 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				46D4896F291B98000029E1E2 /* AppDelegate.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin XCBuildConfiguration section */
+		46D48978291B98020029E1E2 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 11.0;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				SDKROOT = macosx;
+				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+			};
+			name = Debug;
+		};
+		46D48979291B98020029E1E2 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 11.0;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				SDKROOT = macosx;
+				SWIFT_COMPILATION_MODE = wholemodule;
+				SWIFT_OPTIMIZATION_LEVEL = "-O";
+			};
+			name = Release;
+		};
+		46D4897B291B98020029E1E2 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
+				CODE_SIGN_STYLE = Automatic;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "";
+				INFOPLIST_KEY_NSMainStoryboardFile = Main;
+				INFOPLIST_KEY_NSPrincipalClass = NSApplication;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/../Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = "com.github.codeql-swift-autobuild-test";
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_VERSION = 5.0;
+			};
+			name = Debug;
+		};
+		46D4897C291B98020029E1E2 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
+				CODE_SIGN_STYLE = Automatic;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "";
+				INFOPLIST_KEY_NSMainStoryboardFile = Main;
+				INFOPLIST_KEY_NSPrincipalClass = NSApplication;
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/../Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = "com.github.codeql-swift-autobuild-test";
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_VERSION = 5.0;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		46D48966291B98000029E1E2 /* Build configuration list for PBXProject "codeql-swift-autobuild-test" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				46D48978291B98020029E1E2 /* Debug */,
+				46D48979291B98020029E1E2 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		46D4897A291B98020029E1E2 /* Build configuration list for PBXNativeTarget "codeql-swift-autobuild-test" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				46D4897B291B98020029E1E2 /* Debug */,
+				46D4897C291B98020029E1E2 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 46D48963291B98000029E1E2 /* Project object */;
+}
diff --git a/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test/AppDelegate.swift b/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test/AppDelegate.swift
new file mode 100644
index 00000000000..b098bd9fcf5
--- /dev/null
+++ b/swift/integration-tests/osx-only/hello-xcode/codeql-swift-autobuild-test/AppDelegate.swift
@@ -0,0 +1,4 @@
+import Cocoa
+
+@main
+class AppDelegate: NSObject, NSApplicationDelegate {}
diff --git a/swift/integration-tests/osx-only/hello-xcode/test.py b/swift/integration-tests/osx-only/hello-xcode/test.py
new file mode 100644
index 00000000000..6c5630bfb6a
--- /dev/null
+++ b/swift/integration-tests/osx-only/hello-xcode/test.py
@@ -0,0 +1,9 @@
+from create_database_utils import *
+
+run_codeql_database_create([
+    'xcodebuild clean',
+    'xcodebuild build '
+    '-project codeql-swift-autobuild-test.xcodeproj '
+    '-target codeql-swift-autobuild-test '
+    'CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO',
+], lang='swift', keep_trap=True)
diff --git a/swift/integration-tests/posix-only/cross-references/test.py b/swift/integration-tests/posix-only/cross-references/test.py
index 19271030c19..6f2b8b26143 100644
--- a/swift/integration-tests/posix-only/cross-references/test.py
+++ b/swift/integration-tests/posix-only/cross-references/test.py
@@ -1,6 +1,6 @@
 from create_database_utils import *
 
 run_codeql_database_create([
- 'swift package clean',
- 'swift build'
+    'swift package clean',
+    'swift build'
 ], lang='swift')
diff --git a/swift/integration-tests/posix-only/frontend-invocations/F1.swift b/swift/integration-tests/posix-only/frontend-invocations/F1.swift
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/frontend-invocations/F2.swift b/swift/integration-tests/posix-only/frontend-invocations/F2.swift
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/frontend-invocations/Files.expected b/swift/integration-tests/posix-only/frontend-invocations/Files.expected
index 319c1010ab4..3bc0826c1f2 100644
--- a/swift/integration-tests/posix-only/frontend-invocations/Files.expected
+++ b/swift/integration-tests/posix-only/frontend-invocations/Files.expected
@@ -3,4 +3,7 @@
 | C.swift:0:0:0:0 | C.swift |
 | D.swift:0:0:0:0 | D.swift |
 | E.swift:0:0:0:0 | E.swift |
+| F1.swift:0:0:0:0 | F1.swift |
+| F2.swift:0:0:0:0 | F2.swift |
+| G.swift:0:0:0:0 | G.swift |
 | file://:0:0:0:0 |  |
diff --git a/swift/integration-tests/posix-only/frontend-invocations/G.swift b/swift/integration-tests/posix-only/frontend-invocations/G.swift
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/frontend-invocations/Makefile b/swift/integration-tests/posix-only/frontend-invocations/Makefile
deleted file mode 100644
index d3ddece6b9f..00000000000
--- a/swift/integration-tests/posix-only/frontend-invocations/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-OS=$(shell uname)
-ifeq ($(OS),Darwin)
-SDK=-sdk $(shell xcrun -show-sdk-path)
-FRONTEND=$(shell xcrun -find swift-frontend)
-else
-SDK=""
-FRONTEND=swiftc
-endif
-
-all:
-	$(FRONTEND) -frontend -c A.swift $(SDK)
-	$(FRONTEND) -frontend -c B.swift -o B.o $(SDK)
-	$(FRONTEND) -frontend -c -primary-file C.swift $(SDK)
-	$(FRONTEND) -frontend -c -primary-file D.swift -o D.o $(SDK)
-	$(FRONTEND) -frontend -c -primary-file E.swift Esup.swift -o E.o $(SDK)
diff --git a/swift/integration-tests/posix-only/frontend-invocations/build.sh b/swift/integration-tests/posix-only/frontend-invocations/build.sh
new file mode 100755
index 00000000000..31cf6e39969
--- /dev/null
+++ b/swift/integration-tests/posix-only/frontend-invocations/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [[ "$(uname)" == Darwin ]]; then
+  SDK="-sdk $(xcrun -show-sdk-path)"
+  FRONTEND="$(xcrun -find swift-frontend)"
+else
+  SDK=""
+  FRONTEND="swift-frontend"
+fi
+
+$FRONTEND -frontend -c A.swift $SDK
+$FRONTEND -frontend -c B.swift -o B.o $SDK
+$FRONTEND -frontend -c -primary-file C.swift $SDK
+$FRONTEND -frontend -c -primary-file D.swift -o D.o $SDK
+$FRONTEND -frontend -c -primary-file E.swift Esup.swift -o E.o $SDK
+$FRONTEND -frontend -emit-module -primary-file F1.swift F2.swift -module-name F -o F1.swiftmodule $SDK
+$FRONTEND -frontend -emit-module F1.swift -primary-file F2.swift -module-name F -o F2.swiftmodule $SDK
+$FRONTEND -merge-modules F1.swiftmodule F2.swiftmodule -o F.swiftmodule $SDK
+( cd dir; $FRONTEND -frontend -c ../G.swift $SDK )
diff --git a/swift/integration-tests/posix-only/frontend-invocations/dir/.empty b/swift/integration-tests/posix-only/frontend-invocations/dir/.empty
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/frontend-invocations/test.py b/swift/integration-tests/posix-only/frontend-invocations/test.py
index 2c956137cb5..4aec427a4b4 100644
--- a/swift/integration-tests/posix-only/frontend-invocations/test.py
+++ b/swift/integration-tests/posix-only/frontend-invocations/test.py
@@ -1,5 +1,5 @@
 from create_database_utils import *
 
 run_codeql_database_create([
- 'make',
+    './build.sh',
 ], lang='swift')
diff --git a/swift/integration-tests/posix-only/hello-world/test.py b/swift/integration-tests/posix-only/hello-world/test.py
index 19271030c19..6f2b8b26143 100644
--- a/swift/integration-tests/posix-only/hello-world/test.py
+++ b/swift/integration-tests/posix-only/hello-world/test.py
@@ -1,6 +1,6 @@
 from create_database_utils import *
 
 run_codeql_database_create([
- 'swift package clean',
- 'swift build'
+    'swift package clean',
+    'swift build'
 ], lang='swift')
diff --git a/swift/integration-tests/posix-only/partial-modules/test.py b/swift/integration-tests/posix-only/partial-modules/test.py
index ae89d5da5d7..17320f33628 100644
--- a/swift/integration-tests/posix-only/partial-modules/test.py
+++ b/swift/integration-tests/posix-only/partial-modules/test.py
@@ -1,7 +1,7 @@
 from create_database_utils import *
 
 run_codeql_database_create([
- 'env',
- 'swift package clean',
- 'swift build'
+    'env',
+    'swift package clean',
+    'swift build'
 ], lang='swift', keep_trap=True)
diff --git a/swift/integration-tests/posix-only/symlinks/.gitignore b/swift/integration-tests/posix-only/symlinks/.gitignore
new file mode 100644
index 00000000000..4c9788d145d
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/.gitignore
@@ -0,0 +1 @@
+*/Sources/A.swift
diff --git a/swift/integration-tests/posix-only/symlinks/Files.expected b/swift/integration-tests/posix-only/symlinks/Files.expected
new file mode 100644
index 00000000000..1260184529b
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/Files.expected
@@ -0,0 +1,5 @@
+| file://:0:0:0:0 |  |
+| main.swift:0:0:0:0 | main.swift |
+| preserve/Package.swift:0:0:0:0 | preserve/Package.swift |
+| preserve/Sources/A.swift:0:0:0:0 | preserve/Sources/A.swift |
+| resolve/Package.swift:0:0:0:0 | resolve/Package.swift |
diff --git a/swift/integration-tests/posix-only/symlinks/Files.ql b/swift/integration-tests/posix-only/symlinks/Files.ql
new file mode 100644
index 00000000000..9782ea4ce0b
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/Files.ql
@@ -0,0 +1,4 @@
+import swift
+
+from File f
+select f
diff --git a/swift/integration-tests/posix-only/symlinks/main.swift b/swift/integration-tests/posix-only/symlinks/main.swift
new file mode 100644
index 00000000000..b9bf0e5c2a4
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/main.swift
@@ -0,0 +1,6 @@
+public struct preserve {
+    public private(set) var text = "Hello, World!"
+
+    public init() {
+    }
+}
diff --git a/swift/integration-tests/posix-only/symlinks/preserve/Package.swift b/swift/integration-tests/posix-only/symlinks/preserve/Package.swift
new file mode 100644
index 00000000000..e6f1f09de17
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/preserve/Package.swift
@@ -0,0 +1,18 @@
+// swift-tools-version: 5.7
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "preserve",
+    products: [
+        .library(
+            name: "preserve",
+            targets: ["preserve"]),
+    ],
+    targets: [
+        .target(
+            name: "preserve",
+            path: "Sources"),
+    ]
+)
diff --git a/swift/integration-tests/posix-only/symlinks/preserve/Sources/.gitkeep b/swift/integration-tests/posix-only/symlinks/preserve/Sources/.gitkeep
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/symlinks/resolve/Package.swift b/swift/integration-tests/posix-only/symlinks/resolve/Package.swift
new file mode 100644
index 00000000000..a22a94a5c23
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/resolve/Package.swift
@@ -0,0 +1,18 @@
+// swift-tools-version: 5.7
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "resolve",
+    products: [
+        .library(
+            name: "resolve",
+            targets: ["resolve"]),
+    ],
+    targets: [
+        .target(
+            name: "resolve",
+            path: "Sources"),
+    ]
+)
diff --git a/swift/integration-tests/posix-only/symlinks/resolve/Sources/.gitkeep b/swift/integration-tests/posix-only/symlinks/resolve/Sources/.gitkeep
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/integration-tests/posix-only/symlinks/test.py b/swift/integration-tests/posix-only/symlinks/test.py
new file mode 100644
index 00000000000..de96ae22957
--- /dev/null
+++ b/swift/integration-tests/posix-only/symlinks/test.py
@@ -0,0 +1,20 @@
+from create_database_utils import *
+import os
+
+symlinks = ['preserve/Sources/A.swift', 'resolve/Sources/A.swift']
+
+for s in symlinks:
+    try:
+        os.symlink(os.getcwd() + '/main.swift', s)
+    except:
+        pass
+
+run_codeql_database_create([
+    'swift package clean --package-path resolve',
+    'swift build --package-path resolve',
+    'swift package clean --package-path preserve',
+    'env CODEQL_PRESERVE_SYMLINKS=true swift build --package-path preserve'
+], lang='swift', keep_trap=True)
+
+for s in symlinks:
+    os.unlink(s)
diff --git a/swift/integration-tests/qlpack.yml b/swift/integration-tests/qlpack.yml
index f5b65c68822..c0030d14bdf 100644
--- a/swift/integration-tests/qlpack.yml
+++ b/swift/integration-tests/qlpack.yml
@@ -1,5 +1,6 @@
 name: integration-tests-swift
 version: 0.0.0
-extractor: swift
 dependencies:
-  codeql/swift-all: '*'
+  codeql/swift-all: ${workspace}
+tests: .
+extractor: swift
diff --git a/swift/integration-tests/runner.py b/swift/integration-tests/runner.py
index b5c608c2a97..ec6f9215709 100755
--- a/swift/integration-tests/runner.py
+++ b/swift/integration-tests/runner.py
@@ -21,10 +21,11 @@ this_dir = pathlib.Path(__file__).parent.resolve()
 def options():
     p = argparse.ArgumentParser()
     p.add_argument("--test-dir", "-d", type=pathlib.Path, action="append")
-    #FIXME: the following should be the default
+    # FIXME: the following should be the default
     p.add_argument("--check-databases", action="store_true")
     p.add_argument("--learn", action="store_true")
     p.add_argument("--threads", "-j", type=int, default=0)
+    p.add_argument("--compilation-cache")
     return p.parse_args()
 
 
@@ -65,6 +66,8 @@ def main(opts):
             cmd.append("--no-check-databases")
         if opts.learn:
             cmd.append("--learn")
+        if opts.compilation_cache:
+            cmd.append(f'--compilation-cache="{opts.compilation_cache}"')
         cmd.extend(str(t.parent) for t in succesful_db_creation)
         ql_test_success = subprocess.run(cmd).returncode == 0
 
diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list
new file mode 100644
index 00000000000..37c1e18c576
--- /dev/null
+++ b/swift/ql/.generated.list
@@ -0,0 +1,889 @@
+ql/lib/codeql/swift/elements/CommentConstructor.qll c5a4c55fb26e57a9b4efcff329b428f7de22406b35198d99290b6e646794777a 326365475f2fda857ffa00e1c7841089660eca02d739400b6d62ed6f39ea4d03
+ql/lib/codeql/swift/elements/DbFile.qll 9e0f3c54075f75af82a9c917777755f47cb04a5777b064f5cba4a951414ac004 a3b08dd6ccd18d1a5f6f29b829da473c28a921e8d626b264b4b73515a49164f9
+ql/lib/codeql/swift/elements/DbFileConstructor.qll 2913b16780f4369b405a088bb70f3b0f941b2978e8827ed30745f2ab7ba0cd8e c21b21b100d0b245bb1d498b4c3696db73dd710a5be211c6b825ebf733681da7
+ql/lib/codeql/swift/elements/DbLocation.qll e3e7bf56c7857329e250a44e9df1ccb31f6c2ada47d5199d549b4b92b44bc2f8 aa46535db08966b8045ceb2820b9fd580637272ae4e487192ee57b6215c16e49
+ql/lib/codeql/swift/elements/DbLocationConstructor.qll 88366e22ba40eaaee097f413130117925dda488f1bcbd3989e301e86dd394df3 c61b32994d403a8c4f85c26251e24ffb8c6ea34dbbe935872d868ccbfb6c1ff6
+ql/lib/codeql/swift/elements/DiagnosticsConstructor.qll 6a3e312f3ed57465747c672cbb6d615eca89f42586519221d2973ac3e2ab052c a010ef546f9ed2a75b812ee47db00110056b3076b1f939efa2addb000c327427
+ql/lib/codeql/swift/elements/ErrorElement.qll 6b6be3731a2fd178e5093ddebb7cd519ecc5fbbd549bd4dbd5f69687791c3630 ab0028bab8a9ed14c6b4bfe0f8a10e4768ea1e21f86b495258021ab9b8e65aeb
+ql/lib/codeql/swift/elements/UnspecifiedElementConstructor.qll 0d179f8189f6268916f88c78a2665f8d4e78dc71e71b6229354677e915ac505d e8f5c313b7d8b0e93cee84151a5f080013d2ca502f3facbbde4cdb0889bc7f8e
+ql/lib/codeql/swift/elements/decl/AbstractStorageDecl.qll 6196ecc35d358e6fe1c34b0478c0479acd0f0de67a64daac4d814af90a87d514 74a74330a953d16ce1cc19b2dbabdf8c8ff0fc3d250d101b8108a6597844e179
+ql/lib/codeql/swift/elements/decl/AbstractTypeParamDecl.qll 83950437007703c0f35ef154f46577d8754fb191c93772ff718b29107ce8852e 737ad9c857c079605e84dc7ebaecbafa86fe129283756b98e6e574ac9e24c22c
+ql/lib/codeql/swift/elements/decl/AccessorDeclConstructor.qll 08376434fd14a2b07280e931d3e22d3eafd2063d745f7c78cad0f9fd7e6156ba 6f74d15a88433953998a07eb2131841679a88cb13efb0569ed9b5502c4a2e362
+ql/lib/codeql/swift/elements/decl/AssociatedTypeDecl.qll ae6107c8d9ee9affa7e8430a4d8cd58879578eafcfba668275af4d20f8ea9c53 e81dc740623b4e2c75f83104acaa3d2b6cc6d001dd36a8520c381e0de10e15c4
+ql/lib/codeql/swift/elements/decl/AssociatedTypeDeclConstructor.qll ec9007ea072ff22c367f40da69db2f0a8463bb411bbfd33e2d6c8b489a496027 631f688a8410ddcfbaa575fa2f8ffcdbc1b51ee37639b337c804ca1d5af56e0c
+ql/lib/codeql/swift/elements/decl/ClassDecl.qll 225405ad04e5e959319fbc1ea086ec4eab0b66f5671ebc58290cce45e4103c51 ac681bdc1770a823ea529456f32b1da7b389621254ccd9102e6a49136c53854b
+ql/lib/codeql/swift/elements/decl/ClassDeclConstructor.qll 0092ab4b76cd858489d76be94a43442c0e5f395b1d5684309674957e107979b7 9bc496e483feb88552ca0d48e32039aa4566f4612fc27073fea48ad954985d46
+ql/lib/codeql/swift/elements/decl/ConcreteFuncDecl.qll 7dd23b6145977ec6ca60dd39cf9db09673e0340cdb8de2080279c83599ccd831 3a07a73dc11ef06ddaeb3d401748ef14a1ee66447c86d2e8c8f187dda92b34a2
+ql/lib/codeql/swift/elements/decl/ConcreteFuncDeclConstructor.qll 4eb2e9dc8b4c93e457bb594085d8f50862dc07a712ce7a0f2dee7f108467ce3e 1f994d6ae1ca2e4fd5da075b70ea22322181bdaf43034face1e82ef353fe34bf
+ql/lib/codeql/swift/elements/decl/ConcreteVarDecl.qll be33f40e8870a10aec413f35d8f62a502d7d5dd8a52665730740e880566206d7 d821efa43c6d83aedfb959500de42c5ecabbf856f8556f739bc6cec30a88dfab
+ql/lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll 4b6a9f458db5437f9351b14464b3809a78194029554ea818b3e18272c17afba3 a60d695b0d0ffa917ad01908bec2beaa663e644eddb00fb370fbc906623775d4
+ql/lib/codeql/swift/elements/decl/ConstructorDeclConstructor.qll ba5cc6f440cba3d47b364a37febd64f85941cdc0237db52a2b8844d1dc75d483 9fc039ca7a0f33f03b3f573186f02efecbac0c2e0dc5abba5d47876ca26390fe
+ql/lib/codeql/swift/elements/decl/Decl.qll 7a7ea5727a238684e783adf04ce8f721bf4451e1324ffc966ad671d60a43d64b 662e53ffc8226ae351032d0389784e6b70d517794e83a4c698ac84996361608f
+ql/lib/codeql/swift/elements/decl/DestructorDeclConstructor.qll c33b113a3ccb0b1bfd9aad8b909940776da5fdb8a24e1b998c5ebde3903be981 155ad928fbebf9688eec30a2cf61d9a2d4cd15d1161dc3f6202e6331bdb3a56a
+ql/lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll 8c907544170671f713a8665d294eeefdbe78a607c2f16e2c630ea9c33f484baf eec83efc930683628185dbdad8f73311aad510074d168a53d85ea09d13f1f7e1
+ql/lib/codeql/swift/elements/decl/EnumDecl.qll 04271e164379af3a33eb060d230b768878e06acc37c3d132cad089a2c663c6c4 779940ebdbd510eb651972c57eb84b04af39c44ef59a8c307a44549ab730febb
+ql/lib/codeql/swift/elements/decl/EnumDeclConstructor.qll 642bbfb71e917d84695622f3b2c7b36bf5be4e185358609810267ab1fc4e221b f6e06d79e7ff65fbabf72c553508b67406fb59c577215d28cc47971d34b6af05
+ql/lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll 736074246a795c14a30a8ec7bb8da595a729983187887294e485487309919dc6 4614fb380fad7af1b5fb8afce920f3e7350378254ece60d19722046046672fbb
+ql/lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll 4f811e3332720327d2b9019edbb2fa70fb24322e72881afc040e7927452409d6 554f9832311dfc30762507e0bd4b25c5b6fdb9d0c4e8252cc5a1ef1033fafacb
+ql/lib/codeql/swift/elements/decl/FuncDecl.qll 47ff5eaccc79944bb01ad819a4a9e373475d7511d477e76226538fc4efc9c88d ba8e48682e93af0804e66f5bf0207049e291a0c1430a872252dc67af17ea700a
+ql/lib/codeql/swift/elements/decl/GenericContext.qll b8f21d625cfdccc201201e0d84aab7b5c1e7ccaec21ee788ac425916be8f8ac9 4747af5faf0a93d7508e0ec58021a842ca5ec41831b5d71cbc7fce2a2389a820
+ql/lib/codeql/swift/elements/decl/GenericTypeDecl.qll 774e087cc7208a4fe5df753a848191f4b986265b2b74856a52049aeb018c937a 42e1e3e055f3e5fa70c8624910d635ab10fe4015d378be9e1e6e1adb39f0dc40
+ql/lib/codeql/swift/elements/decl/GenericTypeParamDecl.qll bbcf2844cb26435e3af6d58c2b37ffeee3295a5f3330fbee34881fada7bde85b 569a380917adf4e26b286343c654954d472eabf3fe91e0d1b5f26549d9c6d24e
+ql/lib/codeql/swift/elements/decl/GenericTypeParamDeclConstructor.qll 63db91dc8d42746bfdd9a6bcf1f8df5b723b4ee752bd80cc61d512f2813ef959 096972e3f7f5775e60af189345bece7c0e8baec9e218709a49ed9511a3089424
+ql/lib/codeql/swift/elements/decl/IfConfigDeclConstructor.qll ebd945f0a081421bd720235d0aefde800a8ad8a1db4cbd37b44447c417ff7114 1448bfdd290ad41e038a1a1ffd5ea60a75b5ec06f3a8d4d138bd56b8b960332e
+ql/lib/codeql/swift/elements/decl/ImportDeclConstructor.qll f2f09df91784d7a6d348d67eaf3429780ac820d2d3a08f66e1922ea1d4c8c60d 4496865a26be2857a335cbc00b112beb78a319ff891d0c5d2ad41a4d299f0457
+ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll ca3af3b403b9d456029cb4f4b94b610a93d2d70ea71a3d6c4532088ebc83bd0b 5dec87f0c43948f38e942b204583043eb4f7386caa80cec8bf2857a2fd933ed4
+ql/lib/codeql/swift/elements/decl/InfixOperatorDeclConstructor.qll ca6c5c477e35e2d6c45f8e7a08577c43e151d3e16085f1eae5c0a69081714b04 73543543dff1f9847f3299091979fdf3d105a84e2bcdb890ce5d72ea18bba6c8
+ql/lib/codeql/swift/elements/decl/MissingMemberDeclConstructor.qll 82738836fa49447262e184d781df955429c5e3697d39bf3689397d828f04ce65 8ef82ed7c4f641dc8b4d71cd83944582da539c34fb3d946c2377883abada8578
+ql/lib/codeql/swift/elements/decl/ModuleDecl.qll 0d39d88c926d5633f467ab7a1db0101e8d61250ee5e4847de862232f997de783 410311bf3ae1efac53d8fd6515c2fe69d9ab79902c1048780e87d478cd200e26
+ql/lib/codeql/swift/elements/decl/ModuleDeclConstructor.qll 9b18b6d3517fd0c524ac051fd5dea288e8f923ada00fe4cc809cbebce036f890 0efc90492417089b0982a9a6d60310faba7a1fce5c1749396e3a29b3aac75dc5
+ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll 7c4a5fda798c9b44e481905f28e6c105ab3f8ab5567c2c336b24d27102fd7d66 e84e0dd1a3175ad29123def00e71efbd6f4526a12601fc027b0892930602046b
+ql/lib/codeql/swift/elements/decl/OpaqueTypeDeclConstructor.qll f707aab3627801e94c63aedcded21eab14d3617c35da5cf317692eeb39c84710 20888ae6e386ae31e3cb9ff78155cb408e781ef1e7b6d687c2705843bcac0340
+ql/lib/codeql/swift/elements/decl/ParamDeclConstructor.qll cfa0ba73a9727b8222efbf65845d6df0d01800646feaf7b407b8ffe21a6691d8 916ff2d3e96546eac6828e1b151d4b045ce5f7bcd5d7dbb074f82ecf126b0e09
+ql/lib/codeql/swift/elements/decl/PatternBindingDeclConstructor.qll bcefa54011001b2559f90eb6ddcd286d8c47f2707103226abe3f2701ec1f45ef d58ca16ab91943a2fd97e4c7b71881b097e927156f56f3bd9dfaababccfda8f7
+ql/lib/codeql/swift/elements/decl/PostfixOperatorDecl.qll af46544addbb5bf5241e71c1846b40f33f73d64ae0932f0d057058a32ad63bee 3befb6218e934681e874c7655677eb4618edc817111ed18ef4ebcf16e06f4027
+ql/lib/codeql/swift/elements/decl/PostfixOperatorDeclConstructor.qll 27356cfe1d1c45a1999a200a3f1268bf09cfb019fbb7f9fb48cd32aa38b67880 6638c1acc9b0b642c106b1a14f98dfad7a9ebcc78a1b8212037d32a147e40086
+ql/lib/codeql/swift/elements/decl/PoundDiagnosticDeclConstructor.qll 1b85ec959c92d1e8b218ae99d0dcd0acaa1b96e741cf7d0cf1137f2dca25d765 b8f164d00d4c5db4356933de5c3b6833b54ae8d3e9fcb908e324fcdc91a5f6ec
+ql/lib/codeql/swift/elements/decl/PrecedenceGroupDeclConstructor.qll 4f7548c613ee98f561a104f46ae61335d51be1b4598ae420397ae63d3ae619ca 87c11e093fb0bc5ed498f7fd36bfb844099f0e93e55de731c3e8c5fdeded35f1
+ql/lib/codeql/swift/elements/decl/PrefixOperatorDecl.qll d314c804e5ab476920a6e970b1c33cb09bf1ad076bc1f889b5068053d9de8ab5 19558ab5d027f580463ea096eb7882066d0ff95123493b8e23be79613bfdd28d
+ql/lib/codeql/swift/elements/decl/PrefixOperatorDeclConstructor.qll eee048d4c2314234df17966deefeee08e769a831fa500e6e494f64fca9e9dda1 01d9b09f809645c91f92b981a46c9ed6e332f5734d768ab369b7a328a9a391d4
+ql/lib/codeql/swift/elements/decl/ProtocolDecl.qll 17e89e410275aa2fbc1687a5380e23354a1b64e1b9581d52875210921b0eed8f 0bb0dca7980934cfb98dab5b83fd253153740ac8054cdf85bdce8b5ed6db9398
+ql/lib/codeql/swift/elements/decl/ProtocolDeclConstructor.qll 2bbc92ddcec810cefb6cfa85320f873f1c542b1c62a197a8fbafa12e0e949c00 b2060fb804a16619e235afcd76856cdc377c4e47cfb43c5a6f9d32ff5b852e74
+ql/lib/codeql/swift/elements/decl/StructDecl.qll 1cb599afb1c574a64c2033a2c20bddbf2142b593f0775abc3d5b1cfafccca6b6 ebc04601ac1cd736151783073ef4ad1a42311731aab36b38dc02760ecb22bd4a
+ql/lib/codeql/swift/elements/decl/StructDeclConstructor.qll 653fef1ce7a5924f9db110dfab4ebc191b6688fa14ebeb6cf2a09fe338f00646 c7ed15002c41b7dd11a5dd768e0f6f1fe241c680d155364404c64d6251adee5c
+ql/lib/codeql/swift/elements/decl/SubscriptDeclConstructor.qll 3a88617b41f96827cb6edd596d6d95ebcf5baf99ba113bdd298276666c6aeadf 166e04fc72507cb27e2c16ad2d5217074f8678d286cb6d0980e5b84125648abe
+ql/lib/codeql/swift/elements/decl/TopLevelCodeDeclConstructor.qll 6920a4e7aec45ae2a561cef95b9082b861f81c16c259698541f317481645e194 4bd65820b93a5ec7332dd1bbf59326fc19b77e94c122ad65d41393c84e6ac581
+ql/lib/codeql/swift/elements/decl/TypeAliasDecl.qll ecb457a9a81c6b13a1068f471c0b87e59227838f54c5d4effe7d4c2f6e7f5800 630dc9cbf20603855c599a9f86037ba0d889ad3d2c2b6f9ac17508d398bff9e3
+ql/lib/codeql/swift/elements/decl/TypeAliasDeclConstructor.qll ba70bb69b3a14283def254cc1859c29963838f624b3f1062a200a8df38f1edd5 96ac51d1b3156d4139e583f7f803e9eb95fe25cc61c12986e1b2972a781f9c8b
+ql/lib/codeql/swift/elements/decl/ValueDecl.qll b344768498e0d1794d92bc5b7c0417e75079aa8a82e27d7b3449f1e52f78d1e9 e3056cf6a883da2737cb220a89499a9e3977eb1c56b9e1d2f41a56b71a0c29f9
+ql/lib/codeql/swift/elements/expr/AbiSafeConversionExpr.qll 599bdb52d99a1e2800563209cecc01a5b5eb80cb4aff36b2d037b67c34ebb948 a87738539276438cef63145461adf25309d1938cfac367f53f53d33db9b12844
+ql/lib/codeql/swift/elements/expr/AbiSafeConversionExprConstructor.qll 7d70e7c47a9919efcb1ebcbf70e69cab1be30dd006297b75f6d72b25ae75502a e7a741c42401963f0c1da414b3ae779adeba091e9b8f56c9abf2a686e3a04d52
+ql/lib/codeql/swift/elements/expr/AbstractClosureExpr.qll 125f8bd8f21c95c439616744539577afcfa9fd63c65683132a2c971abcec3523 400790fe643585ad39f40c433eff8934bbe542d140b81341bca3b6dfc5b22861
+ql/lib/codeql/swift/elements/expr/AnyHashableErasureExpr.qll 20dd848a35a47af94d0fb8cf1a33a2bd6582c751440708c365cf338e522f6de5 bf80cab3e9ff5366a6223153409f4852acdb9e4a5d464fb73b2a8cffc664ca29
+ql/lib/codeql/swift/elements/expr/AnyHashableErasureExprConstructor.qll 12816f18d079477176519a20b0f1262fc84da98f60bce3d3dd6476098c6542e7 4cc5c8492a97f4639e7d857f2fca9065293dfa953d6af451206ce911cda9f323
+ql/lib/codeql/swift/elements/expr/AnyTryExpr.qll 51aa09941b366d147a685452b3b89be4f0cc35f8cf9ff5ebcd53622ddd7df727 988b5df28972e877486704a43698ada91e68fe875efc331f0d7139c78b36f7dd
+ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExpr.qll b1a6c026b0167c7299d1f2de30935a8f805382edd8d91c1f7f18e9278ccd564c 9508f93ca59561455e1eb194eaddd9f071960a752f985844c65b3b498f057461
+ql/lib/codeql/swift/elements/expr/AppliedPropertyWrapperExprConstructor.qll d9baf27c0d64e08466952b584ef08e4f40f7dfb861582aef2e7ebb16bb3da13b 2f19e7dbc02f9450c5521728ff1c5f178b14f50de4ff345fcd9bc834070a21d6
+ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExpr.qll ea81d53ed038e29d0454b2411feb069e3396e6f7a0aa93bcfd05793772fe1d52 64e21e6f3307cd39d817ea66be2935e717168187bbeaedd4247bb77cec9d95ea
+ql/lib/codeql/swift/elements/expr/ArchetypeToSuperExprConstructor.qll df9f0db27fd2420e9d9cc4e1c6796b5513f6781940b5f571e8b8b9850a6e163f b4b15aa01de7ce91f74bd47a2e654c3ea360b90687c92ef9e19257289696f97e
+ql/lib/codeql/swift/elements/expr/ArrayExprConstructor.qll 57d37bb5a745f504c1bf06e51ffa0c757e224c158034c34e2bbb805b4efdc9f4 808753dccddfc0a02ef871af8f3d6487289ca48e7b4e4ea6356e0a87e3692583
+ql/lib/codeql/swift/elements/expr/ArrayToPointerExpr.qll 202b724bcf20f8083028d9d683d748ffceab3d0becf02c29c57228fe8aca30a5 035b15b1ecb700c4e6961b9a99e3c33476cedaa1a96310601b558e7ede9de39f
+ql/lib/codeql/swift/elements/expr/ArrayToPointerExprConstructor.qll ad4346298ff16512f06f9841bf8171b163f59fde949e24e257db7379eb524c4f b2d038e1e13340b0616044fc28005904562035bc8c9871bd6c9b117f15adffe6
+ql/lib/codeql/swift/elements/expr/AssignExprConstructor.qll 14cb0d217bc9ca982d29cdbf39c79399b39faa7e031469bc47884f413507e743 646658cb2f664ba0675f48cb51591c64cf2107a0c756038bfc66243b4c092b45
+ql/lib/codeql/swift/elements/expr/AutoClosureExprConstructor.qll 928391f52b914e42625fafadbdfa703e6fb246a09a7d8e39bf7700bc2fc8c22c 2d698cceed54a230890f5f2ad9f019ebe82fdd15831b8a5b6aaabf1ea855063f
+ql/lib/codeql/swift/elements/expr/AwaitExprConstructor.qll 5c73999bf54f43c845e3a8ec9dcd9898f35c9b5160aadb1837a266d3413a76e4 74830d06f6fbd443393dbba61a48480f7632ce2c38fcb15febfeaf88ec8fd868
+ql/lib/codeql/swift/elements/expr/BinaryExprConstructor.qll 99baa77331e4e5b2d0fe0ca31e839c901ba677e4337bed3aa4d580c3258fb610 7f42ac4bfc73c18743f73a3e961b529f1d302e70a634ab91fcf3676b959ddb22
+ql/lib/codeql/swift/elements/expr/BindOptionalExprConstructor.qll 1dd7074d6513977eb50f857de87aea35686ddda8f1ee442569fcfac16fc02fd6 1c23977e1f5ad4fd1a9d43a01765dda2fe72496a0361701f92212f7eef3f13c2
+ql/lib/codeql/swift/elements/expr/BooleanLiteralExprConstructor.qll 561ac38c94fdc3eb7baab09d0f2f2d7f64424dbfe879c395470ee6d5cd6a9354 2b76d00a58cd7d051d422f050d187c36e97614de6d99f52068aff3c20a45c7af
+ql/lib/codeql/swift/elements/expr/BridgeFromObjCExpr.qll 129251956d27cd32ce806c4b11cd2ea1774723d53c4dc1d8112cab7401a2db0b 91385232931b55817e53e4caebf7a2dd9c0a520ec055012de82e7b1da923f0ec
+ql/lib/codeql/swift/elements/expr/BridgeFromObjCExprConstructor.qll f91e80dad19b7177c6ea1b127c7622d145cb250575acba9bf34d99b933849b94 c3133e6ad25d86bcec697999c16d0c18db1abf894068f5b8d14c90ffae35ca09
+ql/lib/codeql/swift/elements/expr/BridgeToObjCExpr.qll 436b10412525fb6fca966416f2fb563efd569ee2826b003c9cee594a4887658f 8fc781a59f6009fa64fbbf28f302b2e83b0f7fcbe0cf13d5236637248dcb6579
+ql/lib/codeql/swift/elements/expr/BridgeToObjCExprConstructor.qll 7e51fef328ad149170f83664efd57de2b7058511934f3cf1a9d6cb4033562bed 34ab05bbdddc5477ba681cc89f03283057867116c83b3e57766c3b24f38ca7bf
+ql/lib/codeql/swift/elements/expr/BuiltinLiteralExpr.qll 5455879c4f3aef960881da579007544e8f20a973d2fba0c58aa21705800a0c9d 9d9de530709c80cfe710a9e3d62a1b7cede61ba22da46365b1ba7766dbc48b44
+ql/lib/codeql/swift/elements/expr/CallExpr.qll 625c0e0866c1e6384591c5022952391d256b2366d1b83174c2d299ccca086d23 8040ab28b4e1630ff343ab77d10b2449e792908b55e683316f442d853eee6c0a
+ql/lib/codeql/swift/elements/expr/CallExprConstructor.qll 478caaaee61b5d83126da6de16ff21d11dc452428f15a879e1401d595b7bed75 7014f17d347b781e4c8211568954c2858ab2dcf37ef5dfd5ed36678415000009
+ql/lib/codeql/swift/elements/expr/CaptureListExprConstructor.qll 03af12d1b10bdc2cc4ac2b0322c4cd7f68a77699f37315ddca97f1e99a770c93 0fc709cdca8935a3142f7718d660c932af65952db8603bd909087aa68eab9236
+ql/lib/codeql/swift/elements/expr/CheckedCastExpr.qll 766f2fc44952f34ac0609aa346a5fedf7eb9c1d7bf1393890a05cb5bda45725e e7c90a92829472335199fd7a8e4ba7b781fbbf7d18cf12d6c421ddb22c719a4b
+ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExpr.qll 36fd3daf20130882e26e0f301b02380219e67ed3fe8a1caaac3854789eb6bcad 4b5aca9fa4524dc25dc6d12eb32eeda179a7e7ec20f4504493cf7eb828a8e7be
+ql/lib/codeql/swift/elements/expr/ClassMetatypeToObjectExprConstructor.qll 369cecb4859164413d997ee4afba444853b77fb857fa2d82589603d88d01e1dc 3b4ebd1fb2e426cba21edd91b36e14dc3963a1ede8c482cdf04ef5003a290b28
+ql/lib/codeql/swift/elements/expr/ClosureExprConstructor.qll cf2fa2dab328f6b98aeffcdc833de4d74f69d23779ac897f5ada9c2dca9ef093 13f85b735ebb56c361458baba45eb854e70b7987d5e1863e564084c1a6165cc5
+ql/lib/codeql/swift/elements/expr/CoerceExpr.qll efc1e3852212089d81b5c3d06ae74b0a36abf2dd8843689d50dcc22d3bed12ba eb13ef05c7436d039c1f8a4164b039bdbf12323310c249d7702291058f244d38
+ql/lib/codeql/swift/elements/expr/CoerceExprConstructor.qll aa80ea0e6c904fab461c463137ce1e755089c3990f789fae6a0b29dea7013f6d 455f5184a3d2e2a6b9720a191f1f568699f598984779d923c2b28e8a3718fa9d
+ql/lib/codeql/swift/elements/expr/CollectionExpr.qll 80fedf0757cd8024ebcadd0b82507cfd5cec57b4d7c53ff0f97357384f9d89c4 87977b7661bcd8212b07b36f45ff94f5e98513c6dddb4cca697d1d6b853dff72
+ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExpr.qll 37aa0e9e829a480a5db855a2d2617ace57ac8d89fe01ec11251aa9183ccbd0a1 ab8370b77f27ed658f58571638f96187746cbafdfdf86583caf807bf3910f8c2
+ql/lib/codeql/swift/elements/expr/CollectionUpcastConversionExprConstructor.qll 4896b2ac56def7a428945c97cd5d5e44ca6378be96707baf1cb3a47c81ef9ca3 c8f1efdfcc67b5d631447ab2b87a0a70722bd52ef3282ad74d8de929c361f626
+ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExpr.qll f9b1da899020c8dd9c0633376410f5b8b8d00f4df43d5da164e5e5696c813499 4013b1dcebbc873f337ee433042ad1e5d178b0afe2d62434fe235a234e9b8aa6
+ql/lib/codeql/swift/elements/expr/ConditionalBridgeFromObjCExprConstructor.qll 7350d9e279995181f08dcc931723d21a36aac17b3ea5b633c82bac5c7aeb733a dc6767f621bddcc22be8594b46b7d3170e5d7bfcee6f1e0279c26492fd88c81d
+ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExpr.qll 527f8f1dd071e2647f6f86a6b204a082c7e9929f9a37f35b8dcd40e99e1064b2 a66a1e07b210a1e8d999380db04a8b3210b66049a876bd92c8f56eae66c5a062
+ql/lib/codeql/swift/elements/expr/ConditionalCheckedCastExprConstructor.qll 13a1032bfa1199245746d4aac2c54d3ba336d3580c2713a66a91ad47eb8648ca 2a7c66669551aaa3528d77a8525985b850acbc983fea6f076561709a076dadb7
+ql/lib/codeql/swift/elements/expr/ConstructorRefCallExpr.qll e8830d2c73a10d394495b8aa5bc68290f9524b0f09dba932d7cd7b533f149a1b fc4b855b27f7afefab8132bd2adc3567cceec6b2fd762bf1dc7463ce76421326
+ql/lib/codeql/swift/elements/expr/ConstructorRefCallExprConstructor.qll 7f22cf621c69a4cd11f40332d8f0bce9381f87830d600f5fa5aae6df9a0bcace 7005c9c220532188b338b99c87f6fd8c9975f7af0fee16812a2faf69a9660ac0
+ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExpr.qll 687065e8625a249d51e8e92136afacfd3c48f85f689d5aff077a5a9dac56272e 4510d77d211f4b6db9dd4c941706d7eb7579fe7311714758c9d1d24513bfbdc4
+ql/lib/codeql/swift/elements/expr/CovariantFunctionConversionExprConstructor.qll eac12524819e9fe29074f90ea89fea866023b5ed4a5494345f2b9d8eec531620 71a6eb320630f42403e1e67bb37c39a1bae1c9f6cc38c0f1688a31f3f206d83f
+ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExpr.qll e6a7a3ce538c068bd7ab0974b4615acbf00038d3b01dc594372152114559fa44 720fb172ebcb800c70810539c7a80dbdf61acb970277f2b6a54b9159ab4e016e
+ql/lib/codeql/swift/elements/expr/CovariantReturnConversionExprConstructor.qll b32a9b3c067d09bd6350efe57215e3b3b9ae598631756878da4a1e474876fc3f bcc963ee556fdd5e1563c305d1bfc6a89e8953243f5dfa1b92144d280ccb3b1a
+ql/lib/codeql/swift/elements/expr/DefaultArgumentExprConstructor.qll 013827d95e2a9d65830b748093fd8a02da6b6cae78729875f624bf71cc28a4fe 900879fd1c26cfbcea0cd0c3b8f95425644458a8a1dd6628a8bd4bc61bc45809
+ql/lib/codeql/swift/elements/expr/DerivedToBaseExpr.qll 782d47d73634aea8ee4ea991acde27180b77535d8e5112d40df77262d9e9a19e e12acd24f48b7b59009615af6a43e061ffc595f1edc55bfe01c1524f30d7be7c
+ql/lib/codeql/swift/elements/expr/DerivedToBaseExprConstructor.qll ca74471f6ac2500145de98bb75880450c9185f697f5ce25905271358182a29b3 797b9eaa9d3d56a963d584ba560a67ec94e1a1b10916f0d03f4ad4777e4984f9
+ql/lib/codeql/swift/elements/expr/DestructureTupleExpr.qll 618298ec50ac464268472bba7925695ba3d37bd3ae07b310a69724b396265554 8bc4a6238bec6dbdc2f91e2777cb00d86c63642bf3d2d9758a192d170cf6fcde
+ql/lib/codeql/swift/elements/expr/DestructureTupleExprConstructor.qll 7d844c6c4a0f9008e2fdf9a194621f09595e328a5f5c6f2f993b1a3cd2a74a03 e75d47955ae9a91c75fcb8e0bb12b6ed792c361645ee29bbcc37fa2ac27c4517
+ql/lib/codeql/swift/elements/expr/DictionaryExprConstructor.qll 6bd61507158b62fd8d2f3a68c61cceff5926915bf71730c898cf6be402d1e426 37cfce5600dd047a65f1321709350eabae5846429a1940c6f8b27f601420a687
+ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExpr.qll 32d59a601c7ee95715e09478561018788e8f10eca34c5637c94d7700a868636c 520f79dd2fd9b500c32fb31d578fffaec67d232690638746792417a0b80b98e6
+ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExprConstructor.qll 4ee532a020a6e75ba2971cee5724fcccc7e6b60530ec26385cbbda0b2626f9be 6c35cd2b0142b2c74e7d8a46cf3aebfcf92e5809e5c0c480a666d8a7dacdcfa2
+ql/lib/codeql/swift/elements/expr/DifferentiableFunctionExtractOriginalExprConstructor.qll ce008cb7ce392277dd0678203f845f94a9933b9530c265a58a66c16542423495 4b4522c39929d062662b5e321371e76df5f2c9c8e5eebdf5c62e88b8eb84960b
+ql/lib/codeql/swift/elements/expr/DiscardAssignmentExprConstructor.qll cd814e77f82fac48949382335655f22b0d1d99ece04612f026aebc2bc60f0dc9 d1faa9e2d863175feb00cd2b503ac839e09744cbbfbe4c18b670416f9d50483c
+ql/lib/codeql/swift/elements/expr/DotSelfExprConstructor.qll 4b6956818dac5b460dfbe9878c2c5b6761fcf1c65556b38555f68de9cc6f2562 2ae26f5e7bde2f972cc5a63e4a3dca1698e3a7c75b06419bb7bb080cb8ce78d9
+ql/lib/codeql/swift/elements/expr/DotSyntaxBaseIgnoredExprConstructor.qll 8ca889cc506cac0eeb35c246a3f317c9da8fe4dbfaf736a2056108b00b1c8521 9a20b12ad44f1dbf58d205a58cdfc1d63d2540353d8c8df48d87393d3b50d8b6
+ql/lib/codeql/swift/elements/expr/DotSyntaxCallExpr.qll f5048cff6fcdd298c8822ece1cd2042a61b40521dfc230f0f0e1798527010e58 5220861621d01b15ea0182bbb8358d700f842b94ec07745f77c5285d0e84a509
+ql/lib/codeql/swift/elements/expr/DotSyntaxCallExprConstructor.qll d32660cba3474b84e060eb33bbf57d77722ce7bf2a320aec15ccd980e0a0d0bb 0a6f46f887750221f01e7f5d834b7c811009e4351c1afc0b4ef61ac6c0af421b
+ql/lib/codeql/swift/elements/expr/DynamicLookupExpr.qll cd5670379df14b7a765037378221e541dd93567c97729d6be24bbbbb9aacc054 89f564a793d1f09a8aeb2dd61c475df3e55a49f4f0b6094ceb9f0ebe6d42fa76
+ql/lib/codeql/swift/elements/expr/DynamicMemberRefExprConstructor.qll 6bd769bdbb83999bfd94bf4d5a1b8a32cc045460183f5f2fcf7055257f6c3787 e2b72550a71f2f39bde171ada6e04c6bdbd797caa74813ea3c8070b93cefa25e
+ql/lib/codeql/swift/elements/expr/DynamicSubscriptExprConstructor.qll d40d88069371807c72445453f26e0777ac857e200c9c3e8a88cd55628ccb9230 6ff580bbc1b7f99c95145168f7099ab19b5d150e7d7e83747595ff2eb2c289c4
+ql/lib/codeql/swift/elements/expr/DynamicTypeExprConstructor.qll 37066c57e8a9b7044b8b4ecf42a7bf079e3400dd02bf28a1d51abd5406391ba0 62cc0405ecfe4c8d5477957d8789a6b03a4e9eecabbb0f94e1bde5ce2adabb8c
+ql/lib/codeql/swift/elements/expr/EnumIsCaseExprConstructor.qll a02f992035c7ef7692c381377b1e594f0021025df6bcab23f149efeacd61c8e6 687df32678e1b3bcc4241270962593f7838e461970621f6e5b829321718ed257
+ql/lib/codeql/swift/elements/expr/ErasureExpr.qll 3549ee36cbca32207ec7a339de87e81126b0ca0e087e74a6f525c817b4dd15be 91a60971ff01d158f6358a6cb2e028234b66b3a75c851a3f5289af0aa8c16613
+ql/lib/codeql/swift/elements/expr/ErasureExprConstructor.qll 29e0ab9f363b6009f59a24b2b293d12b12c3cdea0f771952d1a57c693f4db4a3 c4bc12f016b792dff79e38b296ef58dba3370357d088fd63931a8af09c8444a9
+ql/lib/codeql/swift/elements/expr/ErrorExpr.qll 89468d8ed9c1cc69575cb9c890b8e424ec0c8495894f691a657774e9146a896d bc3e4a566bc37590929e90a72e383f9fbc446e4f955e07e83c1c59a86cee8215
+ql/lib/codeql/swift/elements/expr/ErrorExprConstructor.qll dd2bec0e35121e0a65d47600100834963a7695c268e3832aad513e70b1b92a75 e85dcf686403511c5f72b25ae9cf62f77703575137c39610e61562efc988bbac
+ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExpr.qll cd5d01e8410ed65165bb4a1a570a63864b0a75c742ac9224cef8c2683d72f62d c0b5811c8665f3324b04d40f5952a62e631ec4b3f00db8e9cc13cb5d60028178
+ql/lib/codeql/swift/elements/expr/ExistentialMetatypeToObjectExprConstructor.qll 1a735425a59f8a2bd208a845e3b4fc961632c82db3b69d0b71a1bc2875090f3b 769b6a80a451c64cbf9ce09729b34493a59330d4ef54ab0d51d8ff81305b680f
+ql/lib/codeql/swift/elements/expr/FloatLiteralExprConstructor.qll 4dfb34d32e4022b55caadcfbe147e94ebe771395c59f137228213a51a744ba10 1eb78fcda9e0b70d1993e02408fb6032035991bf937c4267149ab9c7c6a99d3a
+ql/lib/codeql/swift/elements/expr/ForceTryExprConstructor.qll 48cbc408bb34a50558d25aa092188e1ad0f68d83e98836e05072037f3d8b49af 62ce7b92410bf712ecd49d3eb7dd9b195b9157415713aaf59712542339f37e4c
+ql/lib/codeql/swift/elements/expr/ForceValueExprConstructor.qll 3b201ee2d70ab13ad7e3c52aad6f210385466ec4a60d03867808b4d3d97511a8 d5d9f0e7e7b4cae52f97e4681960fa36a0c59b47164868a4a099754f133e25af
+ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExpr.qll 27612d688194618da2403d9c913cb7fe0f423e099f0abdb9b54f4eb58b2767be a3bae0709caac887bec37c502f191ea51608006e719bb17550c3215f65b16f7f
+ql/lib/codeql/swift/elements/expr/ForcedCheckedCastExprConstructor.qll 3fdd87183e72c4b0ee927c5865c8cbadf4f133bd09441bf77324941c4057cbc8 a6e7dc34de8d1767512c2595121524bd8369bd21879857e13590cec87a4b0eeb
+ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExpr.qll fbffcd3bde46cd3e443ce583bf7bfb2d73b86e3d061465c7ddb4468be7447b72 7ea9aa492b2d37ad05d92421a92bb9b1786175b2f3b02867c1d39f1c67934f3d
+ql/lib/codeql/swift/elements/expr/ForeignObjectConversionExprConstructor.qll d90fdb1b4125299e45be4dead6831835e8d3cd7137c82143e687e1d0b0a0a3bc a2f38e36823a18d275e199c35a246a6bc5ec4a37bf8547a09a59fe5dd39a0b4e
+ql/lib/codeql/swift/elements/expr/FunctionConversionExpr.qll e6dcf7fb3966d2ee5e4434221ec615b066da0e17ddc442692ca7936fcebec70b 87c1f5a44d9cc7dd10d05f17f5d4c718ecc5b673c7b7f4c1662b5d97e0177803
+ql/lib/codeql/swift/elements/expr/FunctionConversionExprConstructor.qll ff88509ae6754c622d5d020c0e92e0ea1efe2f7c54e59482366640b2100d187b fd640286e765dc00c4a6c87d766750cad0acd2544566ec9a21bc49c44cf09dba
+ql/lib/codeql/swift/elements/expr/IfExprConstructor.qll 19450ccaa41321db4114c2751e9083fbd6ceb9f6a68905e6dca5993f90dd567a 42605d9af0376e3e23b982716266f776d998d3073d228e2bf3b90705c7cb6c58
+ql/lib/codeql/swift/elements/expr/InOutExprConstructor.qll c8c230f9a396acadca6df83aed6751ec1710a51575f85546c2664e5244b6c395 2e354aca8430185889e091ddaecd7d7df54da10706fe7fe11b4fa0ee04d892e0
+ql/lib/codeql/swift/elements/expr/InOutToPointerExpr.qll 60e70359ea6a433cac1b4d7afe27d739979176d2f881a8108e61fe7c1dea1a9a e9c7db3671cce65c775760c52d1e58e91903ad7be656457f096bfe2abab63d29
+ql/lib/codeql/swift/elements/expr/InOutToPointerExprConstructor.qll 06b1377d3d7399ef308ba3c7787192446452a4c2e80e4bb9e235267b765ae05d 969680fddeb48d9e97c05061ae9cbc56263e4c5ad7f4fad5ff34fdaa6c0010b4
+ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExpr.qll d44e2ccede83bc55fb5fcd135d176a53be55783904be700e4b7bc6ca54f23499 6ec93a725c92a9abf62c39451eaf6435942b61b56bd06db0d494da0b5f407441
+ql/lib/codeql/swift/elements/expr/InjectIntoOptionalExprConstructor.qll e25cee8b12b0640bfcc652973bbe677c93b4cb252feba46f9ffe3d822f9d97e0 4211336657fce1789dcdc97d9fe75e6bc5ab3e79ec9999733488e0be0ae52ca2
+ql/lib/codeql/swift/elements/expr/IntegerLiteralExprConstructor.qll 779c97ef157265fa4e02dacc6ece40834d78e061a273d30773ac2a444cf099d0 d57c9e8bbb04d8c852906a099dc319473ae126b55145735b0c2dc2b671e1bcbd
+ql/lib/codeql/swift/elements/expr/InterpolatedStringLiteralExprConstructor.qll 2d288a4cbaa3d7e412543fe851bb8764c56f8ccd88dc9d3a22734e7aa8da3c1a dfa6bea9f18f17d548d8af0bb4cd15e9a327a8100349d2ecfce51908062b45c8
+ql/lib/codeql/swift/elements/expr/IsExprConstructor.qll 0dc758a178c448c453fb390257f1a7a98d105efd8d8b2b592b290ef733d0fc80 e93e77865988bf522b9f48e105f913a7e33f98764e3edf910f9203ec44a785b1
+ql/lib/codeql/swift/elements/expr/KeyPathApplicationExprConstructor.qll c58c6812821d81dfb724fd37f17b2d80512c0584cf79e58ebb3a9657199e8f91 a4b9d8369f0224f9878bf20fcad4047756e26592fb7848988bdb96e463236440
+ql/lib/codeql/swift/elements/expr/KeyPathDotExprConstructor.qll d112a3a1c1b421fc6901933685179232ac37134270482a5b18d96ba6f78a1fd1 abce0b957bdf2c4b7316f4041491d31735b6c893a38fbf8d96e700a377617b51
+ql/lib/codeql/swift/elements/expr/KeyPathExprConstructor.qll 96f7bc80a1364b95f5a02526b3da4f937abe6d8672e2a324d57c1b036389e102 2f65b63e8eac280b338db29875f620751c8eb14fbdcf6864d852f332c9951dd7
+ql/lib/codeql/swift/elements/expr/LazyInitializerExprConstructor.qll deba52e51f31504564adc33da079b70f1f2da1e3e6f9538cba8bf97be0c27c64 4499c688d86c08cb33a754ad86f6adbe47754aa0fc58a4d77dd7cbfa1ca1fa50
+ql/lib/codeql/swift/elements/expr/LinearFunctionExpr.qll bcdc3b7c9f854f622e087a16a892af677439fee023d29341be534d297596bd3e b3253571f09a743a235c0d27384e72cf66b26ba8aa5e34061956c63be4940f15
+ql/lib/codeql/swift/elements/expr/LinearFunctionExprConstructor.qll 18998356c31c95a9a706a62dd2db24b3751015878c354dc36aa4655e386f53c3 7e02b4801e624c50d880c2826ef7149ad609aa896d194d64f715c16cfbd11a7d
+ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExpr.qll fb5d879aa0dd3191dfc587926618b59f977914780c607c6c62c293ecc654b6fe bd9f3c1a5114cec5c360a1bb94fe2ffaa8559dfdd69d78bd1a1c039b9d0cab10
+ql/lib/codeql/swift/elements/expr/LinearFunctionExtractOriginalExprConstructor.qll 4cdacae7a04da12cd19a51ff6b8fa5d0a5fb40b915073a261c1b71a1a0586c90 b4f338fa97ff256a53932901cf209473af8c78c8da0ec7caa66335bfb2aabe1f
+ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExpr.qll c841a3a0d5deb1d0f8c26122270c10793f8d49d8a484ac0fb838ad0733619fb6 a002c9d1cfc933b45eecf317654c90727a2986fb6d3403fc541be431d7c6b901
+ql/lib/codeql/swift/elements/expr/LinearToDifferentiableFunctionExprConstructor.qll 8a66e39915b4945bef0b1d5b31f4cbbf8149e1392ae42a29d661cfea9c0e3476 954242936f413271a64da2b8862168712ee7b3e0a31653344268f1d615e20fdf
+ql/lib/codeql/swift/elements/expr/LiteralExpr.qll 8e39746df049b3598013901e5b5f9e5d328c22fb7893c273f1a8ab96ec8305fa a599db9010b51379172c400cbd28ab3ea0e893a2dd049e2af3ed1a5eb9329f73
+ql/lib/codeql/swift/elements/expr/LoadExpr.qll 74643292340ccd9ac1c6449faa65bb02ba86749ec6a4f64e7ff04572822a1acd 44b0d1213be692586ac2a2af025ed2c4c2c2f707d2d3e6abab11ee7a28083510
+ql/lib/codeql/swift/elements/expr/LoadExprConstructor.qll 47e2766b4019cec454177db59429f66ff4cc5e6c2ba811b9afd6b651fb390c8d a37517b63ad9e83b18a6e03cad5a4b31bc58d471a078603e7346c2f52dbb5ef9
+ql/lib/codeql/swift/elements/expr/LookupExpr.qll 46ed9daef8b3fe31ad93bb7450b11d35dfae639a7803c24c999603f49517e1ef cf76a591d96ccd9f64f404332b1be1e0587a124e3de0f9ea978d819549f51582
+ql/lib/codeql/swift/elements/expr/MagicIdentifierLiteralExprConstructor.qll 9ac0c8296b8a0920782210520b1d55b780f037cd080bbd1332daddddc23dac97 d87f853e1a761f3986236c44937cbe21d233e821a9ad4739d98ec8255829eb32
+ql/lib/codeql/swift/elements/expr/MakeTemporarilyEscapableExprConstructor.qll b291d55ccbdef0d783ba05c68f496c0a015a211c9e5067dc6e4e65b50292a358 1c2ee4068da4b6fc5f3671af5319a784c0d3e1aa715392f8416918738f3d3633
+ql/lib/codeql/swift/elements/expr/MemberRefExprConstructor.qll 484391d318c767336ae0b1625e28adcc656cbfa6075a38732d92848aaf8fb25e 2907badc97b8aa8df10912fd116758ce4762940753d6fa66d61a557e9d76cde6
+ql/lib/codeql/swift/elements/expr/MetatypeConversionExpr.qll 50ee8a089204600476f1a629bdfc8efe7718a62806abcd81901df9c8b257797c f4debff6b8aab8ddf041f3d2a9a3d9e1432e77178b3d6128ebd9861c4fa73ac1
+ql/lib/codeql/swift/elements/expr/MetatypeConversionExprConstructor.qll 925f2a5c20517f60d6464f52fe1f2940ea1c46b418571d9050f387be51b36705 60063f936b7180aea9eba42a029202a362473c0bb620e880001f0b76d326b54a
+ql/lib/codeql/swift/elements/expr/NilLiteralExprConstructor.qll 483911d82316ea9c4fd29a46aa9e587e91ce51e78e6f55959aa6edafd5ae4c88 12ec784670587f43e793dd50e2bc47555897203dfa9bf3d8fc591ddeb39d3bb5
+ql/lib/codeql/swift/elements/expr/NumberLiteralExpr.qll 14e4dd1acbd947ccb86c1700ac0f0dd0830aee733da356b857d0efe612498fe3 abbe1abbabb1d0511429e2c25b7cbcfba524b9f8391f4d8a5aca079b2c1085e6
+ql/lib/codeql/swift/elements/expr/ObjCSelectorExprConstructor.qll f61b72989d2729e279b0e70343cf020e72de8daa530ef8f1e996816431720a50 37c5f7695da3a7db0f7281e06cc34328a5ae158a5c7a15e0ac64100e06beb7f9
+ql/lib/codeql/swift/elements/expr/ObjectLiteralExprConstructor.qll a18863eb82d0615e631a3fd04343646a2d45f21c14e666d4425a139d333ec035 b41bed928509bd792ec619a08560f1b5c80fb75cec485648601d55b9d7c53d1c
+ql/lib/codeql/swift/elements/expr/OneWayExprConstructor.qll 1f6b634d0c211d4b2fb13b5ac3f9cf6af93c535f9b0d9b764feb36dbc11a252e a2f0660ac48420cfd73111b1100f7f4f6523140c5860e1e5489c105707106275
+ql/lib/codeql/swift/elements/expr/OpaqueValueExpr.qll 15e24ab58aa38242dcc01cce60fb006da3e1a1fd98d7d3a715af3c96d28f1efc 3bf654dc10e2057a92f5f6b727237ec0b0ec7f564a6cc6ef2027c20e8e23a1e9
+ql/lib/codeql/swift/elements/expr/OpaqueValueExprConstructor.qll 35e8475fd6a83e3ef7678529465852de9fb60d129bb5db13a26380c1376ada8b c9c999cb816b948be266aaa83bc22fb9af11b104137b4da1d99f453759784a62
+ql/lib/codeql/swift/elements/expr/OpenExistentialExpr.qll d6187b0ccca6e84c502a4528dcaa0ada8ade1c96ba0a85c5fcd2d052ad291558 cfd96b626180ef3c63c2dbc17b13cd6f585515427f5c3beac48896cf98234a67
+ql/lib/codeql/swift/elements/expr/OpenExistentialExprConstructor.qll c56e5e6f7ae59a089316cd66a9b03d2584024625c2c662e7f74526c0b15dbd60 ea3cc78dd1b1f8fb744258e1c2bf6a3ec09eb9c1181e1a502c6a9bc2cf449337
+ql/lib/codeql/swift/elements/expr/OptionalEvaluationExpr.qll 2f46c15d17a50b14e91552be8ac5b72dbdc9f39b8fac9fa068e519ae5c8aa99b 559902efedbf4c5ef24697267c7b48162129b4ab463b41d89bdfb8b94742fa9f
+ql/lib/codeql/swift/elements/expr/OptionalEvaluationExprConstructor.qll 4ba0af8f8b4b7920bc1106d069455eb754b7404d9a4bfc361d2ea22e8763f4fe 6d07e7838339290d1a2aec88addd511f01224d7e1d485b08ef4793e01f4b4421
+ql/lib/codeql/swift/elements/expr/OptionalTryExprConstructor.qll 60d2f88e2c6fc843353cc52ce1e1c9f7b80978750d0e780361f817b1b2fea895 4eabd9f03dc5c1f956e50e2a7af0535292484acc69692d7c7f771e213609fd04
+ql/lib/codeql/swift/elements/expr/OtherConstructorDeclRefExprConstructor.qll cf726ed7ed830e17aaedf1acddf1edc4efc7d72ab9f9580bc89cc8eefbd54d8a 4ef3010dc5500bd503db8aa531d5455a9c80bc30172fb005abc6459b6f66ea00
+ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll adb49e25cdd87d2e6259399a7ce3a1fbe6eb345f9b8f4e34eb23cb39eb3555da 47b1c6df5397de490f62e96edc0656b1f97c0be73c6b99ecd78b62d46106ce61
+ql/lib/codeql/swift/elements/expr/OverloadedDeclRefExprConstructor.qll 2cf79b483f942fbf8aaf9956429b92bf9536e212bb7f7940c2bc1d30e8e8dfd5 f4c16a90e3ab944dded491887779f960e3077f0a8823f17f50f82cf5b9803737
+ql/lib/codeql/swift/elements/expr/ParenExprConstructor.qll 6baaa592db57870f5ecd9be632bd3f653c44d72581efd41e8a837916e1590f9e 6f28988d04b2cb69ddcb63fba9ae3166b527803a61c250f97e48ff39a28379f6
+ql/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll 921645a373443d050dbc29b9f6bc4a734163c75aeffce453a4f8334b34077d30 54089de77845f6b0e623c537bc25a010ecf1b5c7630b1b4060d2b378abc07f4e
+ql/lib/codeql/swift/elements/expr/PointerToPointerExprConstructor.qll 95cc8003b9a3b2101afb8f110ec4cbd29e380fc048ee080f5047bcf0e14a06c7 114d487a1bb2cd33b27a9c3a47ad1d7254766e169512642f8b09b9c32cf3dc86
+ql/lib/codeql/swift/elements/expr/PostfixUnaryExprConstructor.qll c26326e2703b9a8b077ea9f132ae86a76b4010a108b8dcde29864f4206096231 70e45fbe365b63226d0132158cdd453e2e00d740a31c1fb0f7bfb3b2dedfd928
+ql/lib/codeql/swift/elements/expr/PrefixUnaryExprConstructor.qll 6d4c915baf460691cc22681154b1129852c26f1bd9fe3e27b4e162f819d934f5 7971698433bc03dbff2fec34426a96a969fab1a5a575aaf91f10044819e16f6d
+ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExpr.qll 35a61a7f68e71165690127b445fff39780028cb6be5e7b5eadaafa8aeb6b2321 f9e32f65e6d453d3fa857a4d3ca19700be1f8ea2f3d13534656bc21a2fc5f0b0
+ql/lib/codeql/swift/elements/expr/PropertyWrapperValuePlaceholderExprConstructor.qll 874da84b8ac2fbf6f44e5343e09629225f9196f0f1f3584e6bc314e5d01d8593 e01fc8f9a1d1cddab7c249437c13f63e8dc93e7892409791728f82f1111ac924
+ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExpr.qll db0a35204b99aa6665d95461db0c5592739172d3def43d38461612622d39fea7 1f342dead634daf2cd77dd32a1e59546e8c2c073e997108e17eb2c3c832b3070
+ql/lib/codeql/swift/elements/expr/ProtocolMetatypeToObjectExprConstructor.qll aaaf5fd2496e24b341345933a5c730bbfd4de31c5737e22269c3f6927f8ae733 bece45f59dc21e9deffc1632aae52c17cf41924f953afc31a1aa94149ecc1512
+ql/lib/codeql/swift/elements/expr/RebindSelfInConstructorExprConstructor.qll 434e00b6e5d3ccf356dabb4a7d6574966676c32d4c257ad3606d5b9e2b715524 637a16d0f5f504bad4a04bb85d6491a94738781d3282bc27363cceafb3023408
+ql/lib/codeql/swift/elements/expr/RegexLiteralExprConstructor.qll 7bf1bdba26d38e8397a9a489d05042ea2057f06e35f2a664876dc0225e45892d dcc697170a9fc03b708f4a13391395e3986d60eb482639e3f5a3ba0984b72349
+ql/lib/codeql/swift/elements/expr/SelfApplyExpr.qll 75a7f14daedd69803bbb2650e503c7db5589044347c3b783f8cd13130c7c508e f0349628f9ead822783e09e56e0721f939bfb7f59c8661e6155b5a7d113c26f3
+ql/lib/codeql/swift/elements/expr/SequenceExpr.qll b1269230db9782dacba9a61e60fb2b962b05d47048b205a5bcf89157fe475b82 3b2d06ac54746033a90319463243f2d0f17265c7f1573cbfedbdca3fb7063fd2
+ql/lib/codeql/swift/elements/expr/SequenceExprConstructor.qll 5a15ede013bb017a85092aff35dd2f4f1fb025e0e4e9002ac6e65b8e27c27a0b 05d6c0e2fa80bbd088b67c039520fe74ef4aa7c946f75c86207af125e7e2e6b4
+ql/lib/codeql/swift/elements/expr/StringLiteralExprConstructor.qll 49de92f9566459609f4a05b7bf9b776e3a420a7316151e1d3d4ec4c5471dcffb 4a7474d3782b74a098afe48599faee2c35c88c1c7a47d4b94f79d39921cd4a1f
+ql/lib/codeql/swift/elements/expr/StringToPointerExpr.qll 8fcb58665cac6f01df36fbd4f3cd78f515ee57bc1a2bdf5f414174615442cf49 6f6710f7ac709102b0f3240dcd779baf5da00d2e7a547d19291600bc405c5a54
+ql/lib/codeql/swift/elements/expr/StringToPointerExprConstructor.qll 138dd290fff168d00af79f78d9d39a1940c2a1654afd0ec02e36be86cebef970 66f7385721789915b6d5311665b89feff9469707fab630a6dcbf742980857fd9
+ql/lib/codeql/swift/elements/expr/SubscriptExprConstructor.qll dd2a249c6fb3a2ce2641929206df147167682c6294c9e5815dab7dddbac0d3bd ad382cbd793461f4b4b1979b93144b5e545ba91773f06957c8e1b4808113cd80
+ql/lib/codeql/swift/elements/expr/SuperRefExprConstructor.qll 7d503393bddf5c32fb4af9b47e6d748d523fc4f3deb58b36a43d3c8c176c7233 86d2312a61ccb3661d899b90ac1f37a1079b5599782d52adaf48f773b7e7dd72
+ql/lib/codeql/swift/elements/expr/TapExprConstructor.qll aa35459a9f1d6a6201ce1629bc64d5902f3e163fcef42e62b1828fa8fde724f8 88d92995026d2c2cbd25fab9e467d91572174d3459584729723a5fe3c41f75b9
+ql/lib/codeql/swift/elements/expr/TryExprConstructor.qll 786f2e720922c6d485a3e02fe39ef53271399be4a86fdea7226a7edb1e01b111 e9f527562c45e75276cbe2b899c52677268dffd08c3f6c260cd1a9abbc04bd25
+ql/lib/codeql/swift/elements/expr/TupleElementExprConstructor.qll d5677df4f573dd79af7636bf632f854e5fd1cbe05a42a5d141892be83550e655 5248a81d39ed60c663987463f1ce35f0d48b300cd8e9c1bcd2fdbf5a32db48dc
+ql/lib/codeql/swift/elements/expr/TupleExprConstructor.qll 0eec270bb267006b7cdb0579efe4c420e0b01d901254a4034c3d16f98dc18fc0 4dab110e17ff808e01e46fc33436ffd22ebf5644abcb92158b5b09a93c0b1c19
+ql/lib/codeql/swift/elements/expr/TypeExprConstructor.qll d4cbe4ddbd7a43a67f9a9ca55081ae11c4a85aa1cc598bc31edd3ff975255c62 1ca407571c456237f3f4f212bbcfa821d96aac44c9e569c6e5a4929c144c4569
+ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExpr.qll f8238439d553627d5b82f21fd906f602e2d1fc884d593209be00deb2fb85b8c7 f947161c8956113ff052743fea50645176959f2b04041cb30f4111c2569400be
+ql/lib/codeql/swift/elements/expr/UnderlyingToOpaqueExprConstructor.qll 6b580c0c36a8c5497b3ec7c2b704c230de4529cfdeb44399184503048dc547d7 b896b2635319b2b2498eac7d22c98f1190ff7ba23a1e2e285c97a773860d9884
+ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExpr.qll 7d390adafff48b7365e4abe80e98a9367030ad62992b0ee8b17e16d140c0e673 a094972b3b30a8a5ead53e12ede960f637190f9fa7dd061f76b4a4ab1ff5282e
+ql/lib/codeql/swift/elements/expr/UnevaluatedInstanceExprConstructor.qll 9453bb0ae5e6b9f92c3c9ded75a6bbaff7a68f8770b160b3dd1e4c133b421a80 51ac38be089bbc98950e8175f8a2b0ab2a6b8e6dbb736c754b46bf3c21b7551e
+ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExprConstructor.qll 6f7498cf4edc48fa4c0184bb4068be63a88a0a5ab349bd54228f23d23df292cb b9e16dc1bd56535494a65f8faa780fca70a7eae1e04da132d99638ca2ee5e62c
+ql/lib/codeql/swift/elements/expr/UnresolvedDotExprConstructor.qll 11d54c61f34291a77e4de8d1d763de06da5933ab784f0ae6b4bf6798ab6e2297 78b01e12cd7f49dc71456419922cf972b322bd76554090bedeb4263a8701f1af
+ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExpr.qll 0eaae416c14e9e6cb7319344509012a321587f96fcbd4f9c45002908450ff3d9 97362882ce004dce33e97a76f2857527925696f21ac5f1f1b285d57fea7e1d57
+ql/lib/codeql/swift/elements/expr/UnresolvedMemberChainResultExprConstructor.qll 3e76d7a004acd986c8d58ff399d6fb0510577b9a67e01a85294f89319038e895 e02f88167623ad78bc44f4682b87312bd3c44ddb1f0f85970e19fdbf4df3a4a8
+ql/lib/codeql/swift/elements/expr/UnresolvedMemberExpr.qll 4afc9da4eeb97f89adf31d3e04610d7df3437b66fe1c601507421fad7d3d3996 6591d38ddf3aa0e4db0fa7fdb28b8f70d8278ff96e8117c560ecb1bdf770bb2a
+ql/lib/codeql/swift/elements/expr/UnresolvedMemberExprConstructor.qll db3c55863184bd02e003bf159cab3d7f713a29749d35485473f727f3ccf801a8 ea74f8904d67ac3552d85c12a2b8a19d3e2edf216efccb4263a546501fd4eba2
+ql/lib/codeql/swift/elements/expr/UnresolvedPatternExpr.qll cb316e3bd39f7d558466f91428c5c8da7b3b07ea12e138c72fda33f3b4e3398a f3624cdd8025f1bb525cd0e9a85dc098ca8fa7876f1754849bade0d4e3840589
+ql/lib/codeql/swift/elements/expr/UnresolvedPatternExprConstructor.qll 7b7f834d2793c7e3d60fbd69cb989a170b0e62c2777d817d33a83110ca337e94 f4f8ee260274e547514f3a46ced487abe074409b209adb84f41dc9ebb3d67691
+ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExpr.qll 8b6975b0759e4a694d2b715f48b22af0b58b390c85ca1299e5a3aa5a687a61db c6fa963f07ed372dca97ea217a836f603c276ed309576b6a13e7cc75d13038c4
+ql/lib/codeql/swift/elements/expr/UnresolvedSpecializeExprConstructor.qll 1cbb484b72efa96b510103bea12247adfe31ec17f9d62b982868d4a5ca3e19b9 af57548a00010dc5e8a51342e85e0c7fc15a30068d7d68b082236cfc53b8c60b
+ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExpr.qll d7e889aa4c45ea8a7f171b0de7229cae8872f2f37dc2d5cdb458ffba66ef27b9 0270bc88ba7c53e443e35d04309fcff756f0afac0b3cd601779358b54f81e4a1
+ql/lib/codeql/swift/elements/expr/UnresolvedTypeConversionExprConstructor.qll 191cc2641ea735a72cedd50a1b4fcc66e0e42e3bdc5d1368003790d1621478f4 07384657c12f97d9cac284154a2bcff9c7bc4a745e705cbd7c1e2f0bc857ad48
+ql/lib/codeql/swift/elements/expr/VarargExpansionExprConstructor.qll b3d9bb66747c3495a47f8d7ea27162a216124e94ceb4a0c403faf7c1ca0c1ea1 84cfb1600f461ddfe088b0028ca26b1e2708bd5b59e634eed2d8766817fa6906
+ql/lib/codeql/swift/elements/pattern/AnyPatternConstructor.qll 9ce05c2c4c015a072f7ab5b0d1a15fa7c2666f252ae361164c59e90150338b2a 4a0d79d90e5392187cf631397b94a0e23bc6d661d381e880b129e4964e6468f2
+ql/lib/codeql/swift/elements/pattern/BindingPatternConstructor.qll efbf0b1979430d4a285f683a1a8869366e14948499e015beca8f4d6b80fe9c9b 5e9e5339cda4e6864078883421ee5bc5c5300efc48dc8a0fcf0c9fbdd508a10e
+ql/lib/codeql/swift/elements/pattern/BoolPatternConstructor.qll 6f06125093da5b555990c1636bedc95e5664551bc3bc429a3428dba2ebe2e0dd 4d775af563074088dcd6b91adf133a0a03201e21b32669ea3c0f47043e4800c6
+ql/lib/codeql/swift/elements/pattern/EnumElementPatternConstructor.qll 3d4fd658bbece603aba093d524c60db5e3da912aa6f730bd99de1bb23c829fe3 b63c250501f5d778a9fbece1661c8f48b65f0a5c6791f89ce38a073591496d41
+ql/lib/codeql/swift/elements/pattern/ExprPatternConstructor.qll 477db1715b13660d1fecab766d65ef719be2d700e1f43767c6853f77506534d9 8fe20342b9da54f4aae05b7f925afa39cbbb4b0d26f1c4f294fcd5f83a5b536b
+ql/lib/codeql/swift/elements/pattern/IsPatternConstructor.qll 209ad40227f49dfe1b82e6c9c318d0a8adc808c99fb46034512bcff96324ee91 2776b04bca8fbaadd5d2cc4017f3760f2294d5793ecf70135920036cff3d6275
+ql/lib/codeql/swift/elements/pattern/NamedPatternConstructor.qll 437ccf0a28c204a83861babc91e0e422846630f001554a3d7764b323c8632a26 91c52727ccf6b035cc1f0c2ca1eb91482ef28fa874bca382fb34f9226c31c84e
+ql/lib/codeql/swift/elements/pattern/OptionalSomePatternConstructor.qll bc33a81415edfa4294ad9dfb57f5aa929ea4d7f21a013f145949352009a93975 9fb2afa86dc9cedd28af9f27543ea8babf431a4ba48e9941bcd484b9aa0aeab5
+ql/lib/codeql/swift/elements/pattern/ParenPatternConstructor.qll 7229439aac7010dbb82f2aaa48aedf47b189e21cc70cb926072e00faa8358369 341cfacd838185178e95a2a7bb29f198e46954098f6d13890351a82943969809
+ql/lib/codeql/swift/elements/pattern/Pattern.qll e2f802e788d00a9da18dd6b5d3536666972d9a6a87969b93f95174a922afbbac cbecbc4b2d9bea7b571b9d184a0bb8cf472f66106e96d4f70e0e98d627f269a5
+ql/lib/codeql/swift/elements/pattern/TuplePatternConstructor.qll 208fe1f6af1eb569ea4cd5f76e8fbe4dfab9a6264f6c12b762f074a237934bdc 174c55ad1bf3058059ed6c3c3502d6099cda95fbfce925cfd261705accbddbcd
+ql/lib/codeql/swift/elements/pattern/TypedPatternConstructor.qll 1befdd0455e94d4daa0332b644b74eae43f98bab6aab7491a37176a431c36c34 e574ecf38aac7d9381133bfb894da8cb96aec1c933093f4f7cc951dba8152570
+ql/lib/codeql/swift/elements/stmt/BraceStmtConstructor.qll eb2b4817d84da4063eaa0b95fe22131cc980c761dcf41f1336566e95bc28aae4 c8e5f7fecd01a7724d8f58c2cd8c845264be91252281f37e3eb20f4a6f421c72
+ql/lib/codeql/swift/elements/stmt/BreakStmtConstructor.qll 700a23b837fa95fc5bce58d4dd7d08f86cb7e75d8de828fee6eb9c7b9d1df085 4282838548f870a1488efb851edb96ec9d143bf6f714efe72d033ee51f67a2c5
+ql/lib/codeql/swift/elements/stmt/CaseLabelItemConstructor.qll ff8649d218f874dddb712fbeb71d1060bd74d857420abbd60afa5f233e865d65 438526ef34e6ff3f70c4861e7824fdb4cf3651d7fbeea013c13455b05b2b5b97
+ql/lib/codeql/swift/elements/stmt/CaseStmtConstructor.qll f80665bfea9bf5f33a0195d9fb273fe425383c6612a85b02166279466d814f03 5b45dbf87b2c660c7f0cc9c10c4bc9fefd8d3d7f8a0a7c95dabe257169ea14db
+ql/lib/codeql/swift/elements/stmt/ConditionElementConstructor.qll 05e98b9c9ecaf343aff209c6b509ae03a774d522b5b4a1e90a071ac724a3100f 620e57a7082160e810cb4bcf129736c7510a75d437c3c1e5a2becc5ca4d013ce
+ql/lib/codeql/swift/elements/stmt/ContinueStmtConstructor.qll 64932cdf9e5a6908547a195568e0b3d3da615699cf44d8e03c3a2b146f8addf4 32d5aad9b594b4d0349d79c0b200936864eafc998ab82b2e5a1c6165d3b88cbd
+ql/lib/codeql/swift/elements/stmt/DeferStmtConstructor.qll 1d541efcd414a5c0db07afebd34556181b5339cb2d2df3dc9a97c8b518b21581 598096568e26177d0fc602b4a00092372771f9ba840296e30e8c3b280f7c630d
+ql/lib/codeql/swift/elements/stmt/DoCatchStmtConstructor.qll c23512debcea7db48ca0b66560a752301de8ec148de31bda0ba7614d6f6f2c51 f1165f2854a7e0699da0c11f65dbf199baf93fc0855f5a6c06c73adf0ded6bab
+ql/lib/codeql/swift/elements/stmt/DoStmtConstructor.qll 6555b197019d88e59e4676251fe65e5a72db52b284644c942091851cc96acac4 9d0c764391405c8cacfdf423ba20c6aa06823e30e8eee15fba255938ad3c6bd9
+ql/lib/codeql/swift/elements/stmt/FailStmtConstructor.qll a44f0fc51bcf51215256e2ead3f32ff41cd61cc6af2a73f952e046ab5cca60ed 1634392524d9c70421f9b0fbe03121858b43cfd740e25f271a1fce2022d2cc2b
+ql/lib/codeql/swift/elements/stmt/FallthroughStmtConstructor.qll 657f6a565884949e0d99429a75b3b46d6da2b6fe2ecacfdc2be71d95ad03decb 282b99f61fc51d6acb82256d4f816497add99bf84a0022f5757ca9911fb62a20
+ql/lib/codeql/swift/elements/stmt/ForEachStmtConstructor.qll e21b78d279a072736b9e5ce14a1c5c68c6d4536f64093bf21f8c4e2103586105 02a28c4ef39f8e7efffb2e6d8dcfeccb6f0a0fc2889cbcda5dd971711ac0ff07
+ql/lib/codeql/swift/elements/stmt/GuardStmtConstructor.qll 77ddea5f97777902854eec271811cd13f86d944bcc4df80a40ed19ad0ee9411e 1602e1209b64530ee0399536bff3c13dcecbccbc92cc1f46bc5bbb5edb4e7350
+ql/lib/codeql/swift/elements/stmt/IfStmtConstructor.qll c65681a3e20e383173877720e1a8a5db141215158fffad87db0a5b9e4e76e394 104d1a33a5afb61543f7f76e60a51420599625e857151c02ac874c50c6985ee9
+ql/lib/codeql/swift/elements/stmt/LabeledConditionalStmt.qll 77c2dc7bfa551dd96109ee64ca9bbd5774a36762dd00cfad89a21eaf237e1f18 2b082cc547b431391f143d317c74fe7a3533f21cd422a6bd3c9ef617cacecc0f
+ql/lib/codeql/swift/elements/stmt/PoundAssertStmtConstructor.qll 70a0d22f81d7d7ce4b67cc22442beee681a64ac9d0b74108dfa2e8b109d7670e 08fee916772704f02c560b06b926cb4a56154d01d87166763b3179c5d4c85542
+ql/lib/codeql/swift/elements/stmt/RepeatWhileStmtConstructor.qll e19d34dbf98501b60978db21c69abe2b77896b4b6379c6ff02b15c9f5c37270e a72db7c5cb0eb5be7b07cbddb17247d4d69d2bb8cbc957dc648c25fa6c0636ce
+ql/lib/codeql/swift/elements/stmt/ReturnStmtConstructor.qll ade838b3c154898f24a8e1d4ef547d460eac1cd6df81148ffb0f904d38855138 c00befd9ac0962172369319d7a791c44268413f760f2ac5e377fdee09c163101
+ql/lib/codeql/swift/elements/stmt/Stmt.qll 18aaec168417ad00fcb7fa120f9b4251b6a260ab7e31799687ac57b31c4a4819 014e29f6cc639359708f4416b1719823218efa0e92dc33630ecfc051144c7ac0
+ql/lib/codeql/swift/elements/stmt/StmtConditionConstructor.qll 599663e986ff31d0174500788d42a66180efb299769fc0f72a5c751621ddb9e2 8da4524319980f8039289165d01b53d588180cc1139b16ea7a6714b857086795
+ql/lib/codeql/swift/elements/stmt/SwitchStmtConstructor.qll e55c4bda4e8c1b02e8bb00b546eca91b8797c9efb315d17aa9d7044bef0568b9 a8315347d620671ec752e7ff150faa6e6cbb2353773bc16f1d0162aa53f2c8ed
+ql/lib/codeql/swift/elements/stmt/ThrowStmtConstructor.qll 5a0905f1385b41e184c41d474a5d5fa031ed43e11c0f05b0411de097302cf81c 658daa8e97de69ed0c6bb79bc1e945c39bac9ff8d7530bd4aca5a5d3e3606a3a
+ql/lib/codeql/swift/elements/stmt/WhileStmtConstructor.qll 9b5711a82db7c4f2c01f124a1c787baa26fd038433979fd01e778b3326c2c357 4e89d6b2dfefd88b67ec7335376ea0cdccab047319a7ec23113728f937ff1c26
+ql/lib/codeql/swift/elements/stmt/YieldStmtConstructor.qll c0aa7145a96c7ba46b904e39989f6ebf81b53239f84e5b96023ea84aef4b0195 50908d5ee60b7bc811ca1350eff5294e8426dbbab862e0866ef2df6e90c4859c
+ql/lib/codeql/swift/elements/type/AnyBuiltinIntegerType.qll f89e8ede8fc455a74ad643521d3910dc27b29359f7e15b0333d823831b7cd20c bbd9611e593c95c7ddff9d648b06b236f1973759f5cd3783d359ddb7d2c7d29e
+ql/lib/codeql/swift/elements/type/AnyFunctionType.qll 9a2f25f7f72aa80a2dcd936886dfda32f2b48ae44b79da58dbad5201ef4d7375 c7154b0018d161a6dcf461f351f37b2b4f6813968d2c2d0b1e357ea8c6f50710
+ql/lib/codeql/swift/elements/type/AnyGenericType.qll 9020d36bc6899c7f305cd99403d007c6d63fadfa080b4ec57372e7a76ca60975 4474fb21ac3f092f6c1e551cd9cf397abaa721ac2e30019b1d1a3974224d907d
+ql/lib/codeql/swift/elements/type/AnyMetatypeType.qll d71d790b77c2d83f3637a1fbf2bae77ac5e95d8dc81a7fd662c22db586eea71c c73a76b03eee2faee33bb7e80ab057dbc6c302d9c8d5bfa452a7e919f86d942a
+ql/lib/codeql/swift/elements/type/ArchetypeType.qll 5dba765115cc421e84c56e196d2a2d70310f3d8048aa78bd3b2042785aa5e880 28190086005e4e14b0556162d18aafe4d59eef0cb69e1a02bc440b27db012197
+ql/lib/codeql/swift/elements/type/ArraySliceType.qll 57184bc51fb02bc966d1ae143750a2a82e704dc52d20e314965420a83ebd9164 21d15a7dab938ce81de00b646b897e7348476da01096168430a4a19261b74f6d
+ql/lib/codeql/swift/elements/type/ArraySliceTypeConstructor.qll a1f1eb78e59c6ddf2c95a43908b11c25e2113c870a5b0b58e00b1ef5e89974c0 f0b4681e070343a13ee91b25aa20c0c6a474b701d1f7ea587ad72543a32dab72
+ql/lib/codeql/swift/elements/type/BoundGenericClassType.qll 7d02a471484de918f1395638f6e8017a3301f8953016c9ed62300308c6e2b6ac 284da181c967e57023009eb9e91ed4d26ae93925fea07e71d3af0d1b0c50f90a
+ql/lib/codeql/swift/elements/type/BoundGenericClassTypeConstructor.qll 1174753a0421f88abdca9f124768946d790f488554e9af3136bb0c08c5a6027f c6565c9f112f1297e12f025865d6b26c6622d25a8718de92222dd4fb64ede53e
+ql/lib/codeql/swift/elements/type/BoundGenericEnumType.qll 685670068892a04cd20b718118c46c768488807a57cc75102b3d6be5b07e3c94 c394d8e963e2edec82b27368dc7832c033dbf56a8acd8990ff6cf825c29cc7d9
+ql/lib/codeql/swift/elements/type/BoundGenericEnumTypeConstructor.qll 4faf2e4f76d446940d2801b457e8b24f5087494b145bae1e1e0a05ba2e8d4eee eda2bdd1b9f2176d8a6c78de68ae86148e35f5d75d96d78a84995ae99816f80e
+ql/lib/codeql/swift/elements/type/BoundGenericStructType.qll 8e87dbeb3bad4c3b37a5260aadfac5b6c15c067a84be376ba8b5c3cf0794bd21 a3f7a3549ff7ab0bdbfda7da4c84b125c5b96073744ae62d719e9d3278e127cf
+ql/lib/codeql/swift/elements/type/BoundGenericStructTypeConstructor.qll 9bc4dd0ffc865f0d2668e160fb0ce526bb4aa7e400ad20a10707aad839330d31 a0f28828125726f1e5d18ed7a2145ad133c3a2200523928b69abbdc1204e3349
+ql/lib/codeql/swift/elements/type/BoundGenericType.qll 1854ab70126e449cb64e9ac00b2eb465d1fac342e172a4eff6e7417a5d663d0e 86a3a2c73a837a4c58d104af5d473fe3171bd12b03d7a2862cc0ec6d2e85667f
+ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectType.qll 86971ec94ed0b5db7b33484d310c01e3b7d835e7845e7ec6f5f7a3e3df3bfe3d d5f2623c2742b9c123bd6789215f32dcb8035475c98b792e53c6ef583e245f65
+ql/lib/codeql/swift/elements/type/BuiltinBridgeObjectTypeConstructor.qll e309fbf1bb61cc755fd0844697f8d587c63477fe11947f4af7d39b07fc731e8f 41acdb0acf0f2eb6b1b38fb57cbbf4dfcec46afc089798b829c1ffc0539cd0fc
+ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageType.qll 3f2a38da5222ebddcd9c0ef7ddccf84e26616a56e19978a2caa725ee6743e594 96777d099fe5e06a17e5770ce73fa4f50eefbe27703218871dc7dec4c2e8e11f
+ql/lib/codeql/swift/elements/type/BuiltinDefaultActorStorageTypeConstructor.qll 645d8dd261fffb8b7f8d326bcdd0b153085c7cf45fe1cc50c8cb06dbe43a9d8d 0424cf62f6f0efb86a78ba55b2ef799caf04e63fdf15f3f8458108a93ee174b1
+ql/lib/codeql/swift/elements/type/BuiltinExecutorType.qll 226a09b42840529bd31c4e9795d570466462a8e5e1833edbcb36fc96458a33b3 bb2f7e62295b20fa07cc905ef0329293c932ab8ad115f8d37aa021e421b425c0
+ql/lib/codeql/swift/elements/type/BuiltinExecutorTypeConstructor.qll 72545245dbf61a3ab298ece1de108950c063b146a585126753684218ad40ea10 b926c1688325022c98611b5e7c9747faf0faf8f9d301d976aa208a5aace46e0d
+ql/lib/codeql/swift/elements/type/BuiltinFloatType.qll 7b307414ec4175d87ef715abe950830214785eca4728bfe32542f89f061cc3a6 3dfa2ed2e1f469e1f03dcc88b29cb2318a285051aa2941dcc29c7c925dad0d29
+ql/lib/codeql/swift/elements/type/BuiltinFloatTypeConstructor.qll 4254aa8c61c82fbea44d3ca1a94876546024600a56ac88d0e622c6126dfe6b9f 953f0fcb52668e1a435f6cabf01f9c96c5fc1645bf90b8257907218a4ce51e02
+ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralType.qll 5ca7d5b579924cd37d67703ce032fd626f6f2e53aecbd8246284471a7c766237 462bfc80eb0cfe478562fc5dcade8e6a1ecdd958b26481e4df19ecf632e72a7f
+ql/lib/codeql/swift/elements/type/BuiltinIntegerLiteralTypeConstructor.qll 21c0ba7a316accd4197d57dafbeb7ce356ccef0a376e9188ec78b3e9a7d046bd 165f4a30ffb1fa34ee94c69975cbea57d940aea2e46558af7eff3a1941a269c2
+ql/lib/codeql/swift/elements/type/BuiltinIntegerType.qll ba9c4722bc8adcd3b81a516f228a2d1d6c6900a0a74c1586e6fda11fdc57cde9 2807cb11ca75f8d8cc3bc87159786528f7f28e6c594ee79bf0984d0dd960d524
+ql/lib/codeql/swift/elements/type/BuiltinIntegerTypeConstructor.qll 8e738b8996c0b1612900dd40d6dd9ea395e7463a501feb04cc3c27e7fe73ee02 c517e29002513b5ae6d05d52bc3f7e8a85f33f6e9be0f56cdd53eb25de0c9cb9
+ql/lib/codeql/swift/elements/type/BuiltinJobType.qll 77ae06df788a1d6bdf060525f842408fb5ff773397862d30dfd46f80fe889c64 7c381ec2a6be2991518cfeef57be62238f50c27845cad8b72434c404ecc5c298
+ql/lib/codeql/swift/elements/type/BuiltinJobTypeConstructor.qll a63724058d426fc38c092235adec6348aa9ea302aca408d4e9721d924ec28539 abf1263e6fad8f3de7692340399f013010f39c01f5fe93b92a491b7301be998c
+ql/lib/codeql/swift/elements/type/BuiltinNativeObjectType.qll 5fddd40563fdff908bd357c5b34086b927f9e615554a8c0942a3bc24ee5936fc 3225e0b8e70f488b84d02b84ef02bf1a3ac879d8f442de2b6d2c3ae53445e8e8
+ql/lib/codeql/swift/elements/type/BuiltinNativeObjectTypeConstructor.qll 9ec77aa1da74d7fe83a7c22e60a6b370d04c6859e59eed11b8dbc06a1ac8e68b bd9dcd8c5317d13a07695c51ff15f7d9cbf59ad7549301d42950caf5c6cc878f
+ql/lib/codeql/swift/elements/type/BuiltinRawPointerType.qll 06ebac74cfcdc7195de3159d528288afb32786a071e42c2ede932666d89ea4d3 d2f6b327e6c5d4ff9382041bcebad2b9312eb86116c42b24b88c558b10a7561a
+ql/lib/codeql/swift/elements/type/BuiltinRawPointerTypeConstructor.qll 7f77e1c768cb46b0eb8b08bb36e721417b95f1411bd200636ffdfc4e80c3c5c3 ce0916e95044ad74f5d7e762f3cc22065cc37e804f094e6067908bd635da6d97
+ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationType.qll c91a28c12be5694004e02680d5d32bc3b67208ef6a7e0f9ab04cd4a7bb3a83ed 81682a768dcbcd72b2f13b5257e1f05b642e762de92bb3f0e275f863bad261c7
+ql/lib/codeql/swift/elements/type/BuiltinRawUnsafeContinuationTypeConstructor.qll f5a6c5ea5dd91c892f242b2a05837b2a4dd440365a33749994df8df30f393701 2eab1e5815c5f4854f310a2706482f1e7b401502291d0328d37184e50c0136b9
+ql/lib/codeql/swift/elements/type/BuiltinType.qll 6031ef4546c562d127d7c7120d12b9183021f2d9ff171ebf41ffa8491ce1a628 8e02dc1d67222a969ba563365897d93be105a64ec405fd0db367370624796db2
+ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferType.qll 2feff34c6e0c3cb22ff287b4b0fd7bac97ce796289175524a63c0a16258ef966 27a98fe13786b8d59d587ac042e440dec6699c76eb65288bbff6d374c28bfc53
+ql/lib/codeql/swift/elements/type/BuiltinUnsafeValueBufferTypeConstructor.qll 08a3a0f1ab53739a0db79a185a0e05538c1b7c7318b25bea93e0044ad98a3c6b fb8bb4ca4b20c6581d4419ac48581bf6e75b20e1612a953e31a7207c7dd0a0d8
+ql/lib/codeql/swift/elements/type/BuiltinVectorType.qll cfe1887a0f626704881622fb63287bc408fcf72022c8ba7f3bd14974068f36a5 df375c900db766f3f66dc022cb6302f2000bda90b5f2f023be992519948151f1
+ql/lib/codeql/swift/elements/type/BuiltinVectorTypeConstructor.qll 81d10e15693a33c51df659d4d8e8fa5dedea310415f580c6861e0043d36e83d3 3f60d067b860f3331edb5c0e67b2e9e469b78a9bcdb39a2f3a8724c6a6638f5e
+ql/lib/codeql/swift/elements/type/ClassType.qll a69b0552206ca564124dfc9befd6288c0b84dcbadfd758baa85a33e0d8b820e8 a50d11cff50d948fcbbe3d27332f7e5842291844eaee9750d72063b7d2c0d7c2
+ql/lib/codeql/swift/elements/type/ClassTypeConstructor.qll 0c462e43cc8139d666fe1d77b394f29f4141064c9295ec3581fe20f920cbbbe7 43cce957ebb274ff34f14ca8bdcf93ab9c81a27a204fa56e37d7d17c4a469600
+ql/lib/codeql/swift/elements/type/DependentMemberType.qll 5d57942f02b68fce9970176a15365cd5a4e7c8092f886781388098d53cdc8615 46b2e84f7731e2cc32b98c25b1c8794f0919fbd3c653ba9b2e82822ab351e164
+ql/lib/codeql/swift/elements/type/DependentMemberTypeConstructor.qll 8580f6bbd73045908f33920cbd5a4406522dc57b5719e6034656eec0812d3754 fdeba4bfc25eecff972235d4d19305747eaa58963024735fd839b06b434ae9f2
+ql/lib/codeql/swift/elements/type/DictionaryType.qll b5b815ec4518781ccc600caaea81371e95fbee8a97803e5dce8e0bfc8789bae6 6b6901e8331ae2bd814a3011f057b12431f37b1ad57d3ecdaf7c2b599809060f
+ql/lib/codeql/swift/elements/type/DictionaryTypeConstructor.qll 663bd10225565fab7ecd272b29356a89750e9fc57668b83bdb40bfb95b7b1fcb 5bfe2900eceee331765b15889357d3b45fc5b9ccaf034f13c76f51ad073c247f
+ql/lib/codeql/swift/elements/type/DynamicSelfType.qll 7ba19e4fa1a8bbbc41fb08c16abbd1949feebe8ddadad7d3dfcb525f2abf5746 f9544f83ee11ae2317c7f67372a98eca904ea25667eeef4d0d21c5ef66fe6b28
+ql/lib/codeql/swift/elements/type/DynamicSelfTypeConstructor.qll f81ea2287fade045d164e6f14bf3f8a43d2bb7124e0ad6b7adf26e581acd58ff 73889ef1ac9a114a76a95708929185240fb1762c1fff8db9a77d3949d827599a
+ql/lib/codeql/swift/elements/type/EnumType.qll d5428bcca8398cfbf706689b32390460d8c93cc2c733ceb10432ed496d11579d 7eb0dad9ffc7fad2a22e68710deac11d5e4dfa18698001f121c50850a758078f
+ql/lib/codeql/swift/elements/type/EnumTypeConstructor.qll aa9dbd67637aae078e3975328b383824a6ad0f0446d17b9c24939a95a0caf8df 1d697f400a5401c7962c09da430b8ce23be063aa1d83985d81bcdc947fd00b81
+ql/lib/codeql/swift/elements/type/ErrorType.qll ac897e297783736a984eb6168be9b300b7a2a536ae3988b6ec29426a38bc11f0 c02282abefeb4c93938cc398d4c06ccd2be2c64e45612f20eafc73783fa84486
+ql/lib/codeql/swift/elements/type/ErrorTypeConstructor.qll b62dcd329e8bba82bd70aa439ed4d0ddb070da6fcd3ce5ce235e9c660ce5b5a8 43e3c4b7174bc17ca98c40554c2dbae281f1b66617d8ae59e8f970308fd24573
+ql/lib/codeql/swift/elements/type/ExistentialMetatypeType.qll 2b37fa25e3a06b42b3ecb211c1d4ca72f85a99474714811ef5e89d5c2e5e4592 e22e904092b9c5784aa2890968a27265df277c60f88d968e2546f39ab6454536
+ql/lib/codeql/swift/elements/type/ExistentialMetatypeTypeConstructor.qll a6b088425c0b0993b3ba3649a49c72c15c7bb3b369f610a7971d5cef858ed9b8 56e8663f9c50f5437b6f8269e41675e8832cfae7aa3b204fa03b86d4f35ce9ff
+ql/lib/codeql/swift/elements/type/ExistentialType.qll 8cc0eb534ea2152dcd83e986103616c4f7aa31f0c0e23c73c1addcb39e3758b2 0d5ef028a6bd998fa2de2f4456bf7519202a2f0e66f2bc98bcb43c8af686cade
+ql/lib/codeql/swift/elements/type/ExistentialTypeConstructor.qll bc9bd26dc789fe389c5f9781a0d5465189c4b685ef29cd9ca3488c64b5423e45 d9977de27830d154e2afa34c3c69a7a02b750eda00a21a70554ca31c086cfe2e
+ql/lib/codeql/swift/elements/type/FunctionType.qll e2d289fcb9e2fabfaef2a1265b29fa1595e3e188eec7d8d5847ad7d2862d4a6e 1bfc06f2ca2abf5861602fc45ab4531f69bf40646ac39a12f3b6dba8e43b0b21
+ql/lib/codeql/swift/elements/type/FunctionTypeConstructor.qll 1fa2829f1ee961a1ce1cfd8259a6cc88bedcbee0aad7aece207839b4066e73f4 8537e7e2f61998e5cf1920fb872089e68b81d67d5e9939611117e7e5a6d62eb5
+ql/lib/codeql/swift/elements/type/GenericFunctionType.qll 06446c074997ba2b99aa0f4f5d1928e01117e431326578e2ead6294abd90daf0 6d52f6ee2f3b6e9976d473d0d33ab1b9b3274f1e6b352f2d1e33215a27d68ad4
+ql/lib/codeql/swift/elements/type/GenericFunctionTypeConstructor.qll cd3099dfa77dc5186c98e6323a0e02f6496e5b2ab131aab7b3dac403365607d0 cf6c83cef81a52c336e10f83f3eff265df34d97fbe5accdebaccfa24baefe07b
+ql/lib/codeql/swift/elements/type/GenericTypeParamType.qll 6881305d3599d5a511561e4eae0664a5681d8cbb2aa6718dfffcde943474cef0 e1288015ff8a0261edc1876320ea475180d0e6e75f4b5565b1ccd1498949740f
+ql/lib/codeql/swift/elements/type/GenericTypeParamTypeConstructor.qll 4265701fad1ad336be3e08e820946dcd1f119b4fa29132ae913318c784236172 d4bf5127edc0dfa4fb8758081a557b768c6e4854c9489184c7955f66b68d3148
+ql/lib/codeql/swift/elements/type/InOutType.qll d2f6be1da40e93a6d6745b467824b1e974bb64ec56378dc328cc3e864c54e433 942f46afd617151783c79c69d96234aa4ca5741084b12b3d8349338cebb99cc2
+ql/lib/codeql/swift/elements/type/InOutTypeConstructor.qll c4889f1009018a55d0ac18c5f2a006572ac6de1f57633adc904e8a2046c09e83 8a2496df02e9f5fcb07331165cee64f97dd40dc4b4f8f32eacaf395c7c014a99
+ql/lib/codeql/swift/elements/type/LValueTypeConstructor.qll e426dac8fce60f9bbd6aa12b8e33230c405c9c773046226c948bc9791e03c911 4d495938b0eb604033cea8ff105854c0c9917dbad59bb47a8751fc12d7554bdd
+ql/lib/codeql/swift/elements/type/MetatypeType.qll 5d2995b2269ec118daf81268cca62beaa4189e65cae32ef7ec83b9129858cef8 34c021dc051d5d80410cd7aa25b45ccd2d7b267b2bbcb92f4249f528f524c5d8
+ql/lib/codeql/swift/elements/type/MetatypeTypeConstructor.qll 5dfa528a0c849afa46ad08c4c92e47c3bc3418abb7674e94a0d36bc0e45d5686 6b95579b99e4cdd53cc95d9288ecbdb07ef268e5344e467336d89adddb7cc853
+ql/lib/codeql/swift/elements/type/ModuleType.qll 5f7540f8520ee7e3c7c15c1f7da269e4acd4b02b57912902e3d334fc53a9ac76 2b6cec36c543c6319178415b9ccb29e4f840b1f6e8b760a83d0f9399722995da
+ql/lib/codeql/swift/elements/type/ModuleTypeConstructor.qll da4d1836c7e453d67221f59d007b5aff113ee31b4c9ad9445c2a7726851acf9b c902ed1ffbde644498c987708b8a4ea06ab891ffd4656ab7eb5008420bd89273
+ql/lib/codeql/swift/elements/type/NominalOrBoundGenericNominalType.qll 76248640645cf2f6ad096a73189447b3b42565e91d8f85ee1a0e3922a231c1a5 bf7e4ff426288481e9b6b5c48be7ff10a69ace0f2d2a848462c21ad9ec3167b7
+ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeType.qll fe987d7f715f118695b43ceebd4ab6c7fc9eab1530fbb54f3b79b8edfb5666a2 73bf49c826d791678af964d51836c0e1693e994465af9531aa4d1a542455c93f
+ql/lib/codeql/swift/elements/type/OpaqueTypeArchetypeTypeConstructor.qll 20c8aa032f25f2e9759d69849e943e7049a22f8b452c055591be982f8c1aee2b 17341a9c4ec4bbad59c82d217501c771df2a58cb6adb8f1d50cf4ec31e65f803
+ql/lib/codeql/swift/elements/type/OpenedArchetypeType.qll a69b4dc52f6e25014a0db401ca90a7f827c1c906cc91ab9dd18be6b3296acefe 49fd53e2f449da6b2f40bf16f3e8c394bf0f46e5d1e019b54b5a29a3ad964e2b
+ql/lib/codeql/swift/elements/type/OpenedArchetypeTypeConstructor.qll cc114bee717de27c63efed38ddb9d8101e6ba96e91c358541625dc24eb0c6dd5 92c1f22b4c9e0486a2fd6eca7d43c7353ac265026de482235d2045f32473aeb7
+ql/lib/codeql/swift/elements/type/OptionalType.qll 27e81ae79cbfa22c8cda3839ebaac95d11abf68615caedc2bd8c0c3362cbc7c6 37be60f19fd806fa4e1c66d6bee4091e1fb605861d1f79aa428a1e7b6b991280
+ql/lib/codeql/swift/elements/type/OptionalTypeConstructor.qll 61219c8fa7226e782b36e1f5a2719272e532146004da9358e1b369e669760b7e 74621440a712a77f85678bc408e0f1dc3da4d0971e18ef70c4de112800fc48ac
+ql/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll 342a6a5bc7709d9de4819041e1b9b85caf8d716e4b817020d4eff12d8790006c 78b09022b0f9448d347c9faf7b8373ebae40c889428e342e0cefbd228ceff053
+ql/lib/codeql/swift/elements/type/ParameterizedProtocolTypeConstructor.qll 549649fd93b455bb6220677733a26539565240bc8b49163e934e9a42ebebd115 3886762d26172facf53a0baab2fe7b310a2f356cf9c30d325217ba2c51c136f4
+ql/lib/codeql/swift/elements/type/ParenType.qll 8a1aaf7c3e4c354a3848b3285d0261d1dc14324d65dfa64986cc9240f3869eed cde8c9488dfefbbdb177c6d37f7aa3f9c2f327e0d92383b294fbd2172bba2dff
+ql/lib/codeql/swift/elements/type/ParenTypeConstructor.qll a8dc27a9de0d1492ba3bab4bf87aa45e557eccf142cee12ffde224cd670d41df a08ce80fcd6255bc2492e2447c26210631ca09a30c4cc3874eb747ae1153bf66
+ql/lib/codeql/swift/elements/type/PrimaryArchetypeType.qll f9807812ae3827e0f195935b44528537ff91e769df131ac4755b0547c113834d c950a30ba14eaad1b72d944b5a65ba04dd064726cf65061b472fefdfa8828dbb
+ql/lib/codeql/swift/elements/type/PrimaryArchetypeTypeConstructor.qll a0d24202332449b15a1e804959896f045c123e2153291a7a2805473b8efbb347 1be1fbfbff1bb63f18402e4e082878b81d57708cfc20d1499f5fd91e8332b90b
+ql/lib/codeql/swift/elements/type/ProtocolCompositionType.qll 97bdcfde6955bef578f121f803ce5cea42ebca80568ae6eb8d3451f079b8fd3d 3048be59e02ee821e8bf2d470b8901f61b18075696d598babda1964b2b00cbde
+ql/lib/codeql/swift/elements/type/ProtocolCompositionTypeConstructor.qll b5f4d7e73ea9281874521acf0d91a1deb2f3744854531ee2026913e695d5090d be55225d2fd21e40d9cacb0ad52f5721fed47c36a559d859fba9c9f0cb3b73c3
+ql/lib/codeql/swift/elements/type/ProtocolType.qll 7f6806952e1fe87648516cdc310370ccd886a53f4a2014e9d62cd6ce14dbd7c3 527b2acdc24eca89847fa80deb84b9584d9c92fab333724f5994dfb5e475269d
+ql/lib/codeql/swift/elements/type/ProtocolTypeConstructor.qll c0252a9975f1a21e46969d03e608d2bd11f4d1f249406f263c34232d31c9574d 145e536a0836ed5047408f0f4cf79ab8855938e99927e458d3a893cd796fda74
+ql/lib/codeql/swift/elements/type/ReferenceStorageType.qll 12966c9aeaec22d3991ba970a314d8618971f7f6a579f249c88c47333fc518a2 5635deaf09199afe8fff909f34f989c864c65447c43edf8d8e2afdf0e89a7351
+ql/lib/codeql/swift/elements/type/StructType.qll 1b92a9a6107abd816d00193b910ab236de700299793b90fa50bfbea6e0055f45 07d5b0a29e946a7e5bf6dc131b6373745f75dbdbca6fe6a3843d4b0ba7ab0309
+ql/lib/codeql/swift/elements/type/StructTypeConstructor.qll a784445a9bb98bb59b866aff23bbe4763e02a2dc4a268b84a72e6cd60da5b17d 8718e384a94fd23910f5d04e18f2a6f14b2148047244e485214b55ae7d28e877
+ql/lib/codeql/swift/elements/type/SubstitutableType.qll 2dc4774a5b6c941376e37785b34891e9311075715af840273322fd422e93e671 cdc27e531f61fb50aaa9a20f5bf05c081759ac27df35e16afcdd2d1ecdac5da0
+ql/lib/codeql/swift/elements/type/SugarType.qll d13faf1eb71d9fa1d6fd378455cbbcfea49029e94303e33f1d08bb03d115d654 cbcbd68098b76d99c09e7ee43c9e7d04e1b2e860df943a520bf793e835c4db81
+ql/lib/codeql/swift/elements/type/SyntaxSugarType.qll 0843801d8abcb3090a6dc8c41cce5d60bba47761aa68f3c89ce21cf659696af5 a7a002cf597c3e3d0fda67111116c61a80f1e66ab8db8ddb3e189c6f15cadda6
+ql/lib/codeql/swift/elements/type/TupleType.qll ef49280a8d01acf3ecba2d3c12b512d3d3480048c412d922a1997cb1ac76fc6b 0b34c17ce9db336d0be9a869da988f31f10f754d6ffab6fa88791e508044edd2
+ql/lib/codeql/swift/elements/type/TupleTypeConstructor.qll 060633b22ee9884cb98103b380963fac62a02799461d342372cfb9cc6303d693 c9a89f695c85e7e22947287bcc32909b1f701168fd89c3598a45c97909e879f4
+ql/lib/codeql/swift/elements/type/TypeAliasType.qll 615273f833d588940a32e16adacdfa56b6ac480e1aca6ebd11adfaa878b6d19e 760c79b9b581cc645f1002ca892656d406d3d339267fd58e765738257dbb45ce
+ql/lib/codeql/swift/elements/type/TypeAliasTypeConstructor.qll f63ada921beb95d5f3484ab072aa4412e93adfc8e7c0b1637273f99356f5cb13 f90d2789f7c922bc8254a0d131e36b40db1e00f9b32518633520d5c3341cd70a
+ql/lib/codeql/swift/elements/type/TypeReprConstructor.qll 2bb9c5ece40c6caed9c3a614affc0efd47ad2309c09392800ad346bf369969bf 30429adc135eb8fc476bc9bc185cff0a4119ddc0e618368c44f4a43246b5287f
+ql/lib/codeql/swift/elements/type/UnarySyntaxSugarType.qll 072fbc064fb059a49befab907dd6049b4bf1a28e4ba3fcddf3e73d7913bc3906 0b113b1a7834779fabfa046a64c6d256cde0f510edb84da253e89d36f41f8241
+ql/lib/codeql/swift/elements/type/UnboundGenericType.qll 21878a4bf3ad77085812ad55c85e3ed0257cad10e6d7c72e513aae81616ef405 cca58789f97e51acb9d873d826eb77eda793fc514db6656ee44d33180578680c
+ql/lib/codeql/swift/elements/type/UnboundGenericTypeConstructor.qll 63462b24e0acceea0546ec04c808fb6cf33659c44ea26df1f407205e70b0243d d591e96f9831cce1ca6f776e2c324c8e0e1c4e37077f25f3457c885e29afbf3e
+ql/lib/codeql/swift/elements/type/UnmanagedStorageType.qll 3e8276cc1bae19f448027d2a0629c95c0b58b3e096b898ef006cb5eaea613908 d32206af9bf319b4b0b826d91705dbd920073d6aaa002a21ec60175996ab9d1a
+ql/lib/codeql/swift/elements/type/UnmanagedStorageTypeConstructor.qll c5927ab988beb973785a840840647e47cc0fb6d51712bed796cb23de67b9d7d6 b9f0f451c58f70f54c47ad98d9421a187cf8bd52972e898c66988a9f49e4eda0
+ql/lib/codeql/swift/elements/type/UnownedStorageType.qll 18923326a76bcfa31697551fb001a06b2a38ea074fa312c47953dd9a7ac16604 3b5d90688070be5dc0b84ab29aed2439b734e65d57c7556c6d763f5714a466ba
+ql/lib/codeql/swift/elements/type/UnownedStorageTypeConstructor.qll 211c9f3a9d41d1c9e768aa8ece5c48cca37f7811c5daab8bf80fdc2bd663dd86 c4fb8b39d319e1c27175f96ceec9712f473e0df1597e801d5b475b4c5c9c6389
+ql/lib/codeql/swift/elements/type/UnresolvedType.qll d573017fef5394a11d43cdcbaad91060e0b1e4c9ba6f2a9e358f818176ca8f45 680dd2fc64eeec5f81d2c2a05221c56a1ef7004bdcb1a8517640caa5fba0890d
+ql/lib/codeql/swift/elements/type/UnresolvedTypeConstructor.qll 76c34ca055a017a0fa7cfff93843392d0698657fbf864ac798e1ae98325b3556 d0770637ec9674f9e2a47ad5c59423b91d12bb22a9d35dcfa8afa65da9e6ed93
+ql/lib/codeql/swift/elements/type/VariadicSequenceType.qll 5bca77dd661d3b2653d31005c2341b408c86661e89ae0cab9539999ecac60eea 3ac870a1d6df1642fae26ccda6274a288524a5cf242fab6fac8705d70e3fca88
+ql/lib/codeql/swift/elements/type/VariadicSequenceTypeConstructor.qll 0d1d2328a3b5e503a883e7e6d7efd0ca5e7f2633abead9e4c94a9f98ed3cb223 69bff81c1b9413949eacb9298d2efb718ea808e68364569a1090c9878c4af856
+ql/lib/codeql/swift/elements/type/WeakStorageType.qll 87a28616eea3600fb0156fffcd65eeddc1ea74ce9c0ba5886c6365b9359e00ce 9c968414d7cc8d672f3754bced5d4f83f43a6d7872d0d263d79ff60483e1f996
+ql/lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll d88b031ef44d6de14b3ddcff2eb47b53dbd11550c37250ff2edb42e5d21ec3e9 26d855c33492cf7a118e439f7baeed0e5425cfaf058b1dcc007eca7ed765c897
+ql/lib/codeql/swift/elements.qll 954945d6d4939b28e024b85f77c58ab5b4fab2c931aa5650e22d8ded97a7eda9 954945d6d4939b28e024b85f77c58ab5b4fab2c931aa5650e22d8ded97a7eda9
+ql/lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2
+ql/lib/codeql/swift/generated/Callable.qll f67df00043a3d7100d1438a5bc9cda18390db89d05047c47650b85ac4eaf3cb5 aab5400c5e31d9175a60c62483609aa7b11bb1dbdb652cba59025d077996c322
+ql/lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1
+ql/lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc
+ql/lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873
+ql/lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a78d86ee0f50aabb299b458462afe 566d554d579cadde26dc4d1d6b1750ca800511201b737b629f15b6f873af3733
+ql/lib/codeql/swift/generated/Element.qll 9caf84a1da2509f5b01a22d6597126c573ae63ec3e8c6af6fd6fcc7ead0b4e82 70deb2238509d5ed660369bf763c796065d92efd732469088cdf67f68bacd796
+ql/lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f
+ql/lib/codeql/swift/generated/File.qll 61454459f5f1ae378bd4970ad1da4f39f3e696bac8a5eebdd162f131995c5316 3e6805f8858cd55dd0e0d0e5aeab923d6a55292dbf98b0029db1ae0208efe684
+ql/lib/codeql/swift/generated/Locatable.qll bdc98b9fb7788f44a4bf7e487ee5bd329473409950a8e9f116d61995615ad849 0b36b4fe45e2aa195e4bb70c50ea95f32f141b8e01e5f23466c6427dd9ab88fb
+ql/lib/codeql/swift/generated/Location.qll 851766e474cdfdfa67da42e0031fc42dd60196ff5edd39d82f08d3e32deb84c1 b29b2c37672f5acff15f1d3c5727d902f193e51122327b31bd27ec5f877bca3b
+ql/lib/codeql/swift/generated/ParentChild.qll 0667eb3c260b97beefd4934c80f7ffd2350488807effb3fd79bf187d179cd9bb dc0d237357baa46fae3e453d0446646c6a444155f08a9811aa29167c8cd34c73
+ql/lib/codeql/swift/generated/PureSynthConstructors.qll 1cd47d61fec37e019ce2e476603eb2273775bea81062d6bf3d6bbc49796f7b77 1cd47d61fec37e019ce2e476603eb2273775bea81062d6bf3d6bbc49796f7b77
+ql/lib/codeql/swift/generated/Raw.qll 6b8e3e3d86254d5689b17a08c41d23cda0d913b5d3b22b18b55aa00363ace6df 3736f05fc2c2eb6a9d9dd0d244061abe72161714cd435233106804472213e2b1
+ql/lib/codeql/swift/generated/Synth.qll cc7285c43e6c9f47ab67047916d232ad2078443b342ba1bb036c147127c40167 522a3ba4fc7f9fbb0b7d12fc5177fa0a0d2f8239bd6b4c36fc7d7a918fcdcccf
+ql/lib/codeql/swift/generated/SynthConstructors.qll 0ff9cfcd64e7701003091f366ec903ec1bf82ec8385ee683b6e7b4e189033b11 0ff9cfcd64e7701003091f366ec903ec1bf82ec8385ee683b6e7b4e189033b11
+ql/lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6
+ql/lib/codeql/swift/generated/UnknownLocation.qll e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882
+ql/lib/codeql/swift/generated/UnspecifiedElement.qll dbc6ca4018012977b26ca184a88044c55b0661e3998cd14d46295b62a8d69625 184c9a0ce18c2ac881943b0fb400613d1401ed1d5564f90716b6c310ba5afe71
+ql/lib/codeql/swift/generated/decl/AbstractFunctionDecl.qll 8255b24dddda83e8a7dee9d69a4cf9883b5a7ae43676d7242b5aab5169f68982 407c7d63681fb03ad6cb4ea3c2b04be7ccb5ddbe655a8aec4219eb3799bc36e8
+ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll 882e95e6887741c0cdac4dcafb9efb5182f18484c6d29e84bab0a8f65c9e70a2 0c5c6739484ce3913cfbff68307a5c1cf63639e5ba9043f1f305197fc06b8de9
+ql/lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll 1e268b00d0f2dbbd85aa70ac206c5e4a4612f06ba0091e5253483635f486ccf9 5479e13e99f68f1f347283535f8098964f7fd4a34326ff36ad5711b2de1ab0d0
+ql/lib/codeql/swift/generated/decl/AccessorDecl.qll 443cb9888dbdbaee680bf24469ce097a8292806dc53f0b109d492db621fa00aa 0dbe38cbbd3f3cd880c1569d9d42165e7cf0358da0cc7cb63e89890310ad40a0
+ql/lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144
+ql/lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4
+ql/lib/codeql/swift/generated/decl/ConcreteFuncDecl.qll c7192e79ce67f77df36575cceb942f11b182c26c93899469654316de2d543cf9 c7192e79ce67f77df36575cceb942f11b182c26c93899469654316de2d543cf9
+ql/lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d
+ql/lib/codeql/swift/generated/decl/ConstructorDecl.qll 20e3a37809eacfc43828fa61248ad19b0ff610faad3a12b82b3cf5ed2bcce13c 20e3a37809eacfc43828fa61248ad19b0ff610faad3a12b82b3cf5ed2bcce13c
+ql/lib/codeql/swift/generated/decl/Decl.qll b850ab1b909c1b555f3847ce9dca0e2f075db87e7b40f460b8774220bf87a1e6 a3496437246cb10eafaa9d6d45f57f830b6a1c88f15bbcffa3c5dae476004140
+ql/lib/codeql/swift/generated/decl/DestructorDecl.qll 8767e3ddabdf05ea5ee99867e9b77e67f7926c305b2fba1ca3abf94e31d836b9 8767e3ddabdf05ea5ee99867e9b77e67f7926c305b2fba1ca3abf94e31d836b9
+ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll f71c9d96db8260462c34e5d2bd86dda9b977aeeda087c235b873128b63633b9c e12ff7c0173e3cf9e2b64de66d8a7f2246bc0b2cb721d25b813d7a922212b35a
+ql/lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534
+ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll 5ef4f6839f4f19f29fabd04b653e89484fa68a7e7ec94101a5201aa13d89e9eb 78006fa52b79248302db04348bc40f2f77edf101b6e429613f3089f70750fc11
+ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll c6c057adadf3682d5d9e58154eaf2a28f769f7df3c2e48f9d2f5bae017917e5f 8aa2d7f20f7452ec25d2a8e1e00a7d3f4465c9c3c21326bfb3fe416c6fe83057
+ql/lib/codeql/swift/generated/decl/FuncDecl.qll 11ebe386dd06937c84fdb283a73be806763d939c163d3c0fd0c4c3eb1caeda41 6a5b6854818cb3d2bc76f0abdee4933ca839c182abd07fb4d271400f5267f6e2
+ql/lib/codeql/swift/generated/decl/GenericContext.qll 4c7bd7fd372c0c981b706de3a57988b92c65c8a0d83ea419066452244e6880de 332f8a65a6ae1cad4aa913f2d0a763d07393d68d81b61fb8ff9912b987c181bb
+ql/lib/codeql/swift/generated/decl/GenericTypeDecl.qll 71f5c9c6078567dda0a3ac17e2d2d590454776b2459267e31fed975724f84aec 669c5dbd8fad8daf007598e719ac0b2dbcb4f9fad698bffb6f1d0bcd2cee9102
+ql/lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183
+ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll 58c1a02a3867105c61d29e2d9bc68165ba88a5571aac0f91f918104938178c1e f74ef097848dd5a89a3427e3d008e2299bde11f1c0143837a8182572ac26f6c9
+ql/lib/codeql/swift/generated/decl/ImportDecl.qll 8892cd34d182c6747e266e213f0239fd3402004370a9be6e52b9747d91a7b61b 2c07217ab1b7ebc39dc2cb20d45a2b1b899150cabd3b1a15cd8b1479bab64578
+ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll d98168fdf180f28582bae8ec0242c1220559235230a9c94e9f479708c561ea21 aad805aa74d63116b19f435983d6df6df31cef6a5bbd30d7c2944280b470dee6
+ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll 26a5bd5d4c485ee03bf39bdcef5bc4ba8771e2839f5afcc953fa3beef60f8985 36c6aea5dabe7cc508707a56923fbdb54877fbc1a90c987f7ac7c89a731896ad
+ql/lib/codeql/swift/generated/decl/MissingMemberDecl.qll eaf8989eda461ec886a2e25c1e5e80fc4a409f079c8d28671e6e2127e3167479 d74b31b5dfa54ca5411cd5d41c58f1f76cfccc1e12b4f1fdeed398b4faae5355
+ql/lib/codeql/swift/generated/decl/ModuleDecl.qll 675135d140d273cd83e290cf433bcaebc48065d433e2cf8e570612b686d2fb53 d8cd5418205e05598800bf13e8aa01e6018b5c6727075381afd4c83136c29366
+ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll 1ff6cc5226206b6ce08c7206ef574ac36110403e97bd9a7ab3aef49c3966f2c5 50d25a5356b3b0863ef175afefed1d8159ee1b1a354f374b99de9c04f2146bde
+ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll f2cdbc238b9ea67d5bc2defd8ec0455efafd7fdaeca5b2f72d0bbb16a8006d17 041724a6ec61b60291d2a68d228d5f106c02e1ba6bf3c1d3d0a6dda25777a0e5
+ql/lib/codeql/swift/generated/decl/OperatorDecl.qll 3ffdc7ab780ee94a975f0ce3ae4252b52762ca8dbea6f0eb95f951e404c36a5b 25e39ccd868fa2d1fbce0eb7cbf8e9c2aca67d6fd42f76e247fb0fa74a51b230
+ql/lib/codeql/swift/generated/decl/ParamDecl.qll f182ebac3c54a57a291d695b87ff3dbc1499ea699747b800dc4a8c1a5a4524b1 979e27a6ce2bc932a45b968ee2f556afe1071888f1de8dd8ead60fb11acf300c
+ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll 15a43e1b80fc6ef571e726ab13c7cd3f308d6be1d28bcb175e8b5971d646da7c 1b2e19d6fdd5a89ce9be9489fef5dc6ba4390249195fe41f53848be733c62a39
+ql/lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083
+ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll c5a646d7b82c97b97d8c79855fc68d36ca494d81dfc83582131d0551187a9b77 a2c567589a89bda3de916d9c5111b123136f03239bb40ac71ac5e949f9b527ce
+ql/lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4
+ql/lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d
+ql/lib/codeql/swift/generated/decl/ProtocolDecl.qll 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566
+ql/lib/codeql/swift/generated/decl/StructDecl.qll 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a
+ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll 31cb1f90d4c60060f64c432850821969953f1a46e36ce772456c67dfff375ff5 1d0098518c56aed96039b0b660b2cce5ea0db7ac4c9a550af07d758e282d4f61
+ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll aececf62fda517bd90b1c56bb112bb3ee2eecac3bb2358a889dc8c4de898346e d8c69935ac88f0343a03f17ea155653b97e9b9feff40586cfa8452ac5232700d
+ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll 15cb5bdbe9d722c403874f744bfb3da85f532e33638a64a593acbbdee2f6095e 15cb5bdbe9d722c403874f744bfb3da85f532e33638a64a593acbbdee2f6095e
+ql/lib/codeql/swift/generated/decl/TypeDecl.qll 74bb5f0fe2648d95c84fdce804740f2bba5c7671e15cbea671d8509456bf5c2b 32bc7154c8585c25f27a3587bb4ba039c8d69f09d945725e45d730de44f7a5ae
+ql/lib/codeql/swift/generated/decl/ValueDecl.qll 7b4e4c9334be676f242857c77099306d8a0a4357b253f8bc68f71328cedf1f58 f18938c47f670f2e0c27ffd7e31e55f291f88fb50d8e576fcea116d5f9e5c66d
+ql/lib/codeql/swift/generated/decl/VarDecl.qll 2fca00ba8b535d7cefc2fa863246a0821437ca29b885c4c30362e8a63f284479 5ba623001e071c16267e94d050bfd973addf2436152c7726945b5d87aa521af8
+ql/lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d
+ql/lib/codeql/swift/generated/expr/AbstractClosureExpr.qll f0060c2972d2e1f9818d8deea3ceebbbe0b19d2ce11adc9b670beb672c4564d3 5f2500c5f3728f81599bd4e1fb9c97ac5a44a6dce8c1ab84a850c62aae3741ff
+ql/lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f
+ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll f2929f39407e1717b91fc41f593bd52f1ae14c619d61598bd0668a478a04a91e 62693c2c18678af1ff9ce5393f0dd87c5381e567b340f1a8a9ecf91a92e2e666
+ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll 191612ec26b3f0d5a61301789a34d9e349b4c9754618760d1c0614f71712e828 cc212df0068ec318c997a83dc6e95bdda5135bccc12d1076b0aebf245da78a4b
+ql/lib/codeql/swift/generated/expr/ApplyExpr.qll d62b5e5d9f1ecf39d28f0a423d89b9d986274b72d0685dd34ec0b0b4c442b78f a94ccf54770939e591fe60d1c7e5e93aefd61a6ab5179fe6b6633a8e4181d0f8
+ql/lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7
+ql/lib/codeql/swift/generated/expr/Argument.qll fe3cf5660e46df1447eac88c97da79b2d9e3530210978831f6e915d4930534ba 814e107498892203bac688198792eefa83afc3472f3c321ba2592579d3093310
+ql/lib/codeql/swift/generated/expr/ArrayExpr.qll 48f9dce31e99466ae3944558584737ea1acd9ce8bf5dc7f366a37de464f5570f ea13647597d7dbc62f93ddbeb4df33ee7b0bd1d9629ced1fc41091bbbe74db9c
+ql/lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539
+ql/lib/codeql/swift/generated/expr/AssignExpr.qll b9cbe998daccc6b8646b754e903667de171fefe6845d73a952ae9b4e84f0ae13 14f1972f704f0b31e88cca317157e6e185692f871ba3e4548c9384bcf1387163
+ql/lib/codeql/swift/generated/expr/AutoClosureExpr.qll 26f2ef81e6e66541da75316f894498e74525c0703076cf67398c73a7cbd9736e 26f2ef81e6e66541da75316f894498e74525c0703076cf67398c73a7cbd9736e
+ql/lib/codeql/swift/generated/expr/AwaitExpr.qll e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1 e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1
+ql/lib/codeql/swift/generated/expr/BinaryExpr.qll 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3
+ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll 79b8ade1f9c10f4d5095011a651e04ea33b9280cacac6e964b50581f32278825 38197be5874ac9d1221e2d2868696aceedf4d10247021ca043feb21d0a741839
+ql/lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll 8e13cdeb8bc2da9ef5d0c19e3904ac891dc126f4aa695bfe14a55f6e3b567ccb 4960b899c265547f7e9a935880cb3e12a25de2bc980aa128fbd90042dab63aff
+ql/lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b
+ql/lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d
+ql/lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll 052f8d0e9109a0d4496da1ae2b461417951614c88dbc9d80220908734b3f70c6 536fa290bb75deae0517d53528237eab74664958bf7fdbf8041283415dda2142
+ql/lib/codeql/swift/generated/expr/CallExpr.qll c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36
+ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll dc669082d0c123af7b3aa9f46c2eea3e339b2dd094cb8cab1aa0c8981567580f 3ffc0f61f7ca1333496d81df868cf1dcad004c70901b96144d5af64928027619
+ql/lib/codeql/swift/generated/expr/CheckedCastExpr.qll 146c24e72cda519676321d3bdb89d1953dfe1810d2710f04cfdc4210ace24c40 91093e0ba88ec3621b538d98454573b5eea6d43075a2ab0a08f80f9b9be336d3
+ql/lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf
+ql/lib/codeql/swift/generated/expr/ClosureExpr.qll 4c20a922fc4c1f2a0f77026436282d056d0d188cc038443cca0d033dc57cf5a9 4c20a922fc4c1f2a0f77026436282d056d0d188cc038443cca0d033dc57cf5a9
+ql/lib/codeql/swift/generated/expr/CoerceExpr.qll a2656e30dff4adc693589cab20e0419886959c821e542d7f996ab38613fa8456 a2656e30dff4adc693589cab20e0419886959c821e542d7f996ab38613fa8456
+ql/lib/codeql/swift/generated/expr/CollectionExpr.qll 8782f55c91dc77310d9282303ba623cb852a4b5e7a8f6426e7df07a08efb8819 b2ce17bf217fe3df3da54ac2a9896ab052c1daaf5559a5c73cc866ca255a6b74
+ql/lib/codeql/swift/generated/expr/CollectionUpcastConversionExpr.qll 2d007ed079803843a4413466988d659f78af8e6d06089ed9e22a0a8dedf78dbe 38a49c14fc0f47d5a6c86fa1176bf7ae69d88a13f008c8adac9b3dc509b1917d
+ql/lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll 4a21e63cc547021b70ca1b8080903997574ab5a2508a14f780ce08aa4de050de 5bc488e29f5bb1fae6830285c3206ac133e5bde5c3e5e3a7c882abf827a725c3
+ql/lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b
+ql/lib/codeql/swift/generated/expr/ConstructorRefCallExpr.qll d0662d960b78c3cf7e81cf5b619aa9e2a906d35c094ae32702da96720354fe4f d0662d960b78c3cf7e81cf5b619aa9e2a906d35c094ae32702da96720354fe4f
+ql/lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll b749118590163eafbd538e71e4c903668451f52ae0dabbb13e504e7b1fefa9e1 d3af8e3beb6e395f537348d875978dfae119243dc3495c48a7c83b056aff2f6c
+ql/lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll f1b409f0bf54b149deb1a40fbe337579a0f6eb2498ef176ef5f64bc53e94e2fe a32992597057657c7bbf13c809db67844b834668e8d2804adabcf6187d81c244
+ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll 454d351282678580791ddb567193518822d9b44fa1f94f53a99c279a984c1b1f e75a7fbcc39c3d62b9f5929777240f78e227bef0a3f5ab819b9f860537339889
+ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b38015d25ef840298a284b3f4e20cd444987474545544dc451dd5e12c3783f20 afc581e2127983faae125fd58b24d346bfee34d9a474e6d499e4606b672fe5f0
+ql/lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68
+ql/lib/codeql/swift/generated/expr/DestructureTupleExpr.qll 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8
+ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll b5051ac76b4780b5174b1a515d1e6e647239a46efe94305653e45be9c09840dc 65130effc0878883bfaa1aa6b01a44893889e8cfab4c349a079349ef4ef249bf
+ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll 9143e12dfe0b3b4cc2d1fe27d893498f5bd6725c31bee217ab9fa1ca5efeca7b 8af001026d4b1a08d787af5146affb2df57c0432b1dfcdb557cd4de2cebe51a5
+ql/lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll d90266387d6eecf2bacb2d0f5f05a2132a018f1ccf723664e314dcfd8972772d 878ea62a077e8cda87490bbf770ca0df68d94cbafd2576ff7b725311d73ffef7
+ql/lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd
+ql/lib/codeql/swift/generated/expr/DotSelfExpr.qll af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425 af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425
+ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll 12c9cf8d2fd3c5245e12f43520de8b7558d65407fa935da7014ac12de8d6887e 49f5f12aeb7430fa15430efd1193f56c7e236e87786e57fd49629bd61daa7981
+ql/lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll 3768ef558b4fe8c2f0fb4db9b61f84999577a9a4ce5f97fa773a98bf367202ff 3768ef558b4fe8c2f0fb4db9b61f84999577a9a4ce5f97fa773a98bf367202ff
+ql/lib/codeql/swift/generated/expr/DynamicLookupExpr.qll 0f0d745085364bca3b67f67e3445d530cbd3733d857c76acab2bccedabb5446e f252dd4b1ba1580fc9a32f42ab1b5be49b85120ec10c278083761494d1ee4c5d
+ql/lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe
+ql/lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d
+ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll 8fc5dcb619161af4c54ff219d13312690dbe9b03657c62ec456656e3c0d5d21b e230d2b148bb95ebd4c504f3473539a45ef08092e0e5650dc35b6f25c1b9e7ed
+ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll f49fcf0f610095b49dcabe0189f6f3966407eddb6914c2f0aa629dc5ebe901d2 a9dbc91391643f35cd9285e4ecfeaae5921566dd058250f947153569fd3b36eb
+ql/lib/codeql/swift/generated/expr/ErasureExpr.qll c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a
+ql/lib/codeql/swift/generated/expr/ErrorExpr.qll 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083
+ql/lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll eb0d42aac3f6331011a0e26cf5581c5e0a1b5523d2da94672abdebe70000d65b 0ce8b72c817161bc5c1ffc40cb778643b3694512df0502e5295afdf2987b37df
+ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll d98c1ad02175cfaad739870cf041fcd58143dd4b2675b632b68cda63855a4ceb 2aded243b54c1428ba16c0f131ab5e4480c2004002b1089d9186a435eb3a6ab5
+ql/lib/codeql/swift/generated/expr/Expr.qll 68beba5a460429be58ba2dcad990932b791209405345fae35b975fe64444f07e a0a25a6870f8c9f129289cec7929aa3d6ec67e434919f3fb39dc060656bd1529
+ql/lib/codeql/swift/generated/expr/FloatLiteralExpr.qll ae851773886b3d33ab5535572a4d6f771d4b11d6c93e802f01348edb2d80c454 35f103436fc2d1b2cec67b5fbae07b28c054c9687d57cbd3245c38c55d8bde0b
+ql/lib/codeql/swift/generated/expr/ForceTryExpr.qll 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3
+ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll 97a8860edae2ea0754b31f63fc53be1739cd32f8eb56c812709f38e6554edef7 359b9c4708f0c28465661690e8c3b1ed60247ca24460749993fe34cf4f2f22f9
+ql/lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1 cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1
+ql/lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll 243a4e14037546fcbb0afc1c3ba9e93d386780e83518b0f03383a721c68998d6 468fa46af1209c089c003a84acec449412947a6e8a3c9c31f40b4316df3877d9
+ql/lib/codeql/swift/generated/expr/FunctionConversionExpr.qll 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab
+ql/lib/codeql/swift/generated/expr/IdentityExpr.qll 1b9f8d1db63b90150dae48b81b4b3e55c28f0b712e567109f451dcc7a42b9f21 6e64db232f3069cf03df98a83033cd139e7215d4585de7a55a0e20ee7a79b1c8
+ql/lib/codeql/swift/generated/expr/IfExpr.qll d9ef7f9ee06f718fd7f244ca0d892e4b11ada18b6579029d229906460f9d4d7e e9ef16296b66f2a35af1dad4c3abcf33071766748bcab99a02a0e489a5614c88
+ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll 52dc57e4413ab523d2c2254ce6527d2d9adaaa4e7faba49b02a88df292aa911d 39883081b5feacf1c55ed99499a135c1da53cd175ab6a05a6969625c6247efd7
+ql/lib/codeql/swift/generated/expr/InOutExpr.qll 26d2019105c38695bace614aa9552b901fa5580f463822688ee556b0e0832859 665333c422f6f34f134254cf2a48d3f5f441786517d0916ade5bec717a28d59d
+ql/lib/codeql/swift/generated/expr/InOutToPointerExpr.qll 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719
+ql/lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6
+ql/lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll aa54660c47169a35e396ea44430c3c4ec4353e33df1a00bd82aff7119f5af71b 7ba90cf17dd34080a9923253986b0f2680b44c4a4ba6e0fbad8b39d3b20c44b9
+ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll 35f79ec9d443165229a2aa4744551e9e288d5cd051ace48a24af96dc99e7184a 28e8a3dc8491bcb91827a6316f16540518b2f85a875c4a03501986730a468935
+ql/lib/codeql/swift/generated/expr/IsExpr.qll b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6
+ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 232e204a06b8fad3247040d47a1aa34c6736b764ab1ebca6c5dc74c3d4fc0c9b 6b823c483ee33cd6419f0a61a543cfce0cecfd0c90df72e60d01f5df8b3da3c0
+ql/lib/codeql/swift/generated/expr/KeyPathDotExpr.qll ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878
+ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll e44b9d2a7a6c046d2e61b40192c878e37bd9391c03c8277d92dfba05d9040228 e32c4f6fc35f4e7ada95e82b8dd2cd3eb1912406d3604066f2d183f1311f8c0d
+ql/lib/codeql/swift/generated/expr/LazyInitializerExpr.qll d8e93dcfa7fa8a00005f30b4aaa426f50d5040db11bef0c3b56558419b6cc110 3ca7d7ca9e52a025c38d7605c509d6758a4d5ceb0543192074c901f5935d4453
+ql/lib/codeql/swift/generated/expr/LinearFunctionExpr.qll cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7
+ql/lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll ee7d3e025815b5af392ffc006ec91e3150130f2bd708ab92dbe80f2efa9e6792 e1646e4b50f6c4af5ed179786e4cbba33910dd642ca47959fec938770e6c7a0e
+ql/lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll f7aa178bff083d8e2822fda63de201d9d7f56f7f59f797ec92826001fca98143 e8da45d1f1c61936f8d2d52058ea029af13647bbb40a15e3688ece27918da365
+ql/lib/codeql/swift/generated/expr/LiteralExpr.qll b501f426fa4e638b24d772c2ce4a4e0d40fce25b083a3eee361a66983683ee9d 068208879c86fbd5bed8290ce5962868af6c294a53ad1548cf89cf5a7f8e1781
+ql/lib/codeql/swift/generated/expr/LoadExpr.qll 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a
+ql/lib/codeql/swift/generated/expr/LookupExpr.qll 4b8c4f710e3cbdeb684a07c105f48915782e5de002da87f693ae1e07f3b67031 eceb13729282b77a44317c39f9206d9c1467bc93633b7bac5ada97ea13a773fe
+ql/lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll 16f0050128caf916506b1f7372dc225a12809a60b5b00f108705fcdfce3344a8 c064778526a5854bdf8cdbf4b64ad680b60df9fe71ec7a2d9aa6c36a7c4e5b31
+ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll d23bd9ea3b13869d7a7f7eef3c3d1c3c156d384b72c65867a0b955bc517da775 f2fd167ac40f01c092b2b443af1557c92dac32074506f2195d32f60b0e0547d8
+ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll 0ece9ffbfd4b15722aa3870014a46afdbf1b1382972fb366d741fafb5473e3de fcb57bd65a94ed4214730339c4ed2b167ec22a3dc9017399596f9b26bdeb95cd
+ql/lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42
+ql/lib/codeql/swift/generated/expr/MethodRefExpr.qll 014f976ce55cfc07a18a86c379fcf12c68f3c300c2d5e730731e61bfa50c6419 014f976ce55cfc07a18a86c379fcf12c68f3c300c2d5e730731e61bfa50c6419
+ql/lib/codeql/swift/generated/expr/NilLiteralExpr.qll 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058
+ql/lib/codeql/swift/generated/expr/NumberLiteralExpr.qll 8acc7df8fe83b7d36d66b2feed0b8859bfde873c6a88dd676c9ebed32f39bd04 4bbafc8996b2e95522d8167417668b536b2651817f732554de3083c4857af96a
+ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll 8b4f7a9668d1cae4058ba460673b3e0b79f05f2fe871fd992ca1b7ea85f7c09d 629a3057c0ff3ede3a18ea8ea1aa29b24bc780d0dc60b51f99793a6001432a4e
+ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 541bd1d9efd110a9e3334cd6849ad04f0e8408f1a72456a79d110f2473a8f87c 3c51d651e8d511b177b21c9ecb0189e4e7311c50abe7f57569be6b2fef5bc0d7
+ql/lib/codeql/swift/generated/expr/OneWayExpr.qll bf6dbe9429634a59e831624dde3fe6d32842a543d25a8a5e5026899b7a608a54 dd2d844f3e4b190dfba123cf470a2c2fcfdcc0e02944468742abe816db13f6ba
+ql/lib/codeql/swift/generated/expr/OpaqueValueExpr.qll 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793
+ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 55cfe105f217a4bdb15d1392705030f1d7dec8c082cafa875301f81440ec0b7b 168389014cddb8fd738e2e84ddd22983e5c620c3c843de51976171038d95adc0
+ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 000b00afe1dcdec43f756f699fd3e38212884eab14bf90e3c276d4ca9cb444a6 177bd4bfbb44e9f5aeaaf283b6537f3146900c1376854607827d224a81456f59
+ql/lib/codeql/swift/generated/expr/OptionalTryExpr.qll f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71
+ql/lib/codeql/swift/generated/expr/OtherConstructorDeclRefExpr.qll b40c18df25bdb08f159eb34d685d2e27fbba2c5e518b7d8b236f9913d76029cb 30f743385b8a47c36ec54c2c13b42fc6937568aa3cace5f075b51c02a64ca506
+ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll 3748583ec8eca5251002f09b0e9f0e6dea8d12ab3caad9a5d959a25f93b0642b 93190bcadc2d6d4d5890db633b20b5968367f003a612a17ee489003fbda2c3d6
+ql/lib/codeql/swift/generated/expr/ParenExpr.qll f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7
+ql/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd
+ql/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab
+ql/lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62
+ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll 011897278a75050f1c55bd3f2378b73b447d5882404fd410c9707cd06d226a0e e04b210ab15ffcada94a70d4a1333c348d6d9111697129938c7591364ac88c9f
+ql/lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll b692be6e5b249c095b77f4adcad5760f48bc07f6f53767ee3d236025ee4a2a51 cc69abe3cde83a4cd398ce666509326b21e7ee0b4b766c8dc0e0fea0c7d1ca91
+ql/lib/codeql/swift/generated/expr/RebindSelfInConstructorExpr.qll 7796a88c1635b3bd2492563880c995f1a7a0c68f69bad33b8bd77086eb1ce404 aee11e030ba21115931cbc1e34ac001eaafe4460fb3724a078aa4cbda84e4642
+ql/lib/codeql/swift/generated/expr/RegexLiteralExpr.qll ed7eccdf051b18a6388c47986b68e755edfae5d81d83e58772effb72c0e9d75e ed7eccdf051b18a6388c47986b68e755edfae5d81d83e58772effb72c0e9d75e
+ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll c676c551bcb528512dad6422cce39be8391d03f517df2d5dc4d6ac7ab4f23897 64b3ddb7e2b093acca289d5e81d4662560d8aef20d4dd07fcd41771d54fb3f5c
+ql/lib/codeql/swift/generated/expr/SequenceExpr.qll 45f976cbc3ce6b3278955a76a55cd0769e69f9bd16e84b40888cd8ebda6be917 ebb090897e4cc4371383aa6771163f73fa2c28f91e6b5f4eed42d7ad018267f3
+ql/lib/codeql/swift/generated/expr/StringLiteralExpr.qll f420c5cd51a223b6f98177147967266e0094a5718ba2d57ae2d3acbb64bbb4b6 30d6dab2a93fd95e652a700902c4d106fecfce13880c2ece565de29f2504bedf
+ql/lib/codeql/swift/generated/expr/StringToPointerExpr.qll ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3
+ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll 6d8717acbdbb0d53a6dedd98809e17baa42c88e62fab3b6d4da9d1ce477d15c3 6d568c6adb2b676b1945aa3c0964b26e825c9464156f296f3ec0d5b7ece90521
+ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll 3cc44a550ecab7d11b591082a3ad1ac88207d55cd694942ce44a90c576517482 d1712eed916f83d3e1b21c6af944ef56df2b82d163b9b3cb8dc793d48305fa6c
+ql/lib/codeql/swift/generated/expr/TapExpr.qll 0a2cbaaec596fa5aabb7acc3cab23bbf1bb1173ea4f240634698d5a89686d014 2267243198f67bb879d639f566e9729cfa9e3a3e205ffe6ff3782b7017a8bf7f
+ql/lib/codeql/swift/generated/expr/TryExpr.qll e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee
+ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll 764371c3b6189f21dcdc8d87f9e6f6ba24e3f2ef0b8c35b8ce8c3b7d4feb7370 25f4f2b747b3887edd82d5eb3fa9ba1b45e7921d2745bfee06300db22a35c291
+ql/lib/codeql/swift/generated/expr/TupleExpr.qll f271bdfca86c65d93851f8467a3ebbbb09071c7550767b3db44ad565bb30ef02 1de9f0c1f13649ec622e8ae761db9f68be1cb147b63fd3a69d1b732cdb20703d
+ql/lib/codeql/swift/generated/expr/TypeExpr.qll 132096079d0da05ac0e06616e4165c32c5f7e3bc338e37930bb81f4d26d7caea edd58d31ce921a8f7d09c49de3683d5170dfed636184bafc862bbfd78c474ca6
+ql/lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683
+ql/lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea
+ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll 3469931227ad5ea0c09226e866f2820bfed3636caa2250a1241c2d396e39e7cb b6a7934e17ac4799409724d1438582a372c6e8395cb142aaf101c66b04cc8cf7
+ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll d6bf4bf1a3c4732f2ca3feef34e8482fc6707ac387a2d6f75cb5dde2e742cc38 d58048081b4c2ed582749b03ae8158d9aa0786f1f0bf2988f2339fee2d42e13b
+ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll ce900badb9484eb2202c4df5ab11de7a3765e8e5eefaa9639779500942790ef1 8ac96bb5d41e4808300838c0f6b8cd23b6bb9bb1ca777994d11840dc7a343ba3
+ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll 6604f7eea32c151322c446c58e91ff68f3cfbf0fc040ccee046669bcc59fb42d c7738e6b909cb621ac109235ba13ede67a10b32894fd1a5114b16d48d6e9b606
+ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll 6f4494d73d3f286daef9b0c6edef9e2b39454db3f1f54fcb5a74f3df955e659d 39fbd35d8755353b3aad89fbf49344b2280561f2c271d9cee6011c9ea9c7bf03
+ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll 17387e6e516254bfda7836974771ec1cf9afe6d255f6d28768f6033ac9feced8 e6ec877eb07aa4b83857214675f4d0bc0c89f8c2041daeccaa1285c4a77642f7
+ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll a38b74b695b9a21b2f1202d4d39017c3ac401e468079477b6d4901c118ae26b6 f8ec529a812c61e85247c4c59f240472a238f87b2001f03ad1b161392795cb9f
+ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll de72227f75493de4bbb75b80fd072c994ef0e6c096bcaf81fd7dd0b274df5ea9 5400811b30f9673f387a26cfb1ab9fc7ef0055fafb1b96985211b4dde8b1b8f9
+ql/lib/codeql/swift/generated/pattern/AnyPattern.qll ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775
+ql/lib/codeql/swift/generated/pattern/BindingPattern.qll 0687ec9761718aed5a13b23fe394f478844c25d6e1feec44d877d82deccd7a70 01bcb096073747e10fc3d2de0c3cc0971ab34626e2b4b2f2bfd670680aff3d5e
+ql/lib/codeql/swift/generated/pattern/BoolPattern.qll 118300aa665defa688a7c28f82deb73fa76adce1429d19aa082c71cfcbeb0903 0cd6db87e925e89f8ad6d464762d01d63ddfd34b05a31d5e80eb41aec37480b4
+ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll 397ae58175ff54d35388b86524172009904cb784040ef06b8421f1dcdf064e3e 1485105498b397d7ee5cb1b3dd99e76597018dc357983b3e463bf689ddda865d
+ql/lib/codeql/swift/generated/pattern/ExprPattern.qll 99072c50c5361966cdb312e9b1571c1c313cbcfffe5ea9e77247709f5ff9acf5 6ec3ad407528f0bd773103945e3184681ef2af990efdc8fcf1982799909c54bf
+ql/lib/codeql/swift/generated/pattern/IsPattern.qll 3716a0e7153393f253fe046f479c2bc3bf1a2c5d7afb1bfa577bb830fcb6b52b 730324d250c4a4e9073b1c5b777aa1ab57759caf447696feee90068baa337f20
+ql/lib/codeql/swift/generated/pattern/NamedPattern.qll 5d25e51eb83e86363b95a6531ffb164e5a6070b4a577f3900140edbef0e83c71 9e88b2b2b90a547b402d4782e8d494bc555d4200763c094dd985fe3b7ebc1ec8
+ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 4230ba4adaac68868c7c5bd2bf30d1f8284f1025acb3ae9c47b6a87f09ccdcd9 449568950700d21854ec65f9751506fc4dc4e490a4744fb67ca421fc2956fc6a
+ql/lib/codeql/swift/generated/pattern/ParenPattern.qll 4e5e2968ffdf07a68f5d5a49f4ecc1a2e7ff389c4fd498cc272e7afd7af7bea5 a143af906ab0cef8cbe3ed8ae06cb4dcb520ded3d70dbb800dab2227b9bf8d3c
+ql/lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a
+ql/lib/codeql/swift/generated/pattern/TuplePattern.qll d658653bdbe5e1a730e462c4bad7e2c468413b1f333c0a816a0e165ad8601a45 d0c4b5a4c04ad8a1ebf181313937e4e1d57fb8a98806f1161c289f9f5818961a
+ql/lib/codeql/swift/generated/pattern/TypedPattern.qll e46078cd90a30379011f565fefb71d42b92b34b1d7fd4be915aad2bafbdbeaf3 aedf0e4a931f868cc2a171f791e96732c6e931a979b2f03e37907a9b2b776cad
+ql/lib/codeql/swift/generated/stmt/BraceStmt.qll 121c669fc98bf5ed1f17e98fdfc36ae5f42e31436c14c16b53c13fd64bdaada8 c8eb7eed650586c2b71683096ea42461a9e811e63fe90aaa7da307b6cd63bc03
+ql/lib/codeql/swift/generated/stmt/BreakStmt.qll 31d6b2969a919062c46e7bf0203f91c3489ee3c364e73fc2788f0e06ac109b25 7fca57698a821e81903204f271d0a220adfdd50ff144eafd6868286aa6aefa33
+ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll 0755fabf3ca7a5ee9a553dec0a6d8af3c8abdc99015c229ce1c4b154a3af80d9 b3c9b88610a3dc729a5eb4f9667710d84a5ac0f3acddcda3031e744309265c68
+ql/lib/codeql/swift/generated/stmt/CaseStmt.qll 3cbb4e5e1e04931489adf252d809e0f153bfd32fb32cf05917ded5c418e78695 c80f22ce4915073e787634e015f7461b4b64cf100ad7705f4b1507cef1e88ea7
+ql/lib/codeql/swift/generated/stmt/ConditionElement.qll fd53a99d1af1e16412424c0c48eae7c866db4fd491f2de6d5a5271f227a96275 599db45ed78be3943b76c1ff4ae24cd8a9ff8d1f875d1718ab884e4507843995
+ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll 3213c4ede9c8240bcb1d1c02ee6171821cdfbf89056f1e5c607428dcfaf464f6 00756c533dfd9ee5402e739f360dfe5203ee2043e20fc1982d7782ca7a249f9a
+ql/lib/codeql/swift/generated/stmt/DeferStmt.qll 69a8e04618569b61ce680bae1d20cda299eea6064f50433fa8a5787114a6cf5e 12c4f66fc74803f276bbb65e8a696f9bd47cc2a8edfebb286f5c3b2a5b6efce7
+ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll f8d2e7366524518933bd59eb66f0ac13266c4483ec4e71c6c4e4e890374787a1 31529884d5c49f119491f8add3bc06dd47ca0a094c4db6b3d84693db6a9cc489
+ql/lib/codeql/swift/generated/stmt/DoStmt.qll dfa2879944e9b6879be7b47ba7e2be3cbb066322a891453891c4719bf0eb4a43 581c57de1a60084f8122fc698934894bbb8848825cb759fa62ff4e07002840cb
+ql/lib/codeql/swift/generated/stmt/FailStmt.qll d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165
+ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll 7574c3b0d4e7901509b64c4a1d0355a06c02a09fc1282c0c5e86fa7566359c2e 54e85e2fd57313a20dfc196ded519422e4adee5ae4b17f4cc47d47b89650bf47
+ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll c58b8ba4bbcb7609ea52181bfd095ecd0f162cd48600b9ce909ae646127a286f af93281c6e6ad02b249d25b0ce35086da37395aaf77dc0801a7b7df406938b1d
+ql/lib/codeql/swift/generated/stmt/GuardStmt.qll 18875adfca4a804932fcc035a0f1931fc781b3b4031e1df435c3e6a505d9edba 10f7a0ed8d4975d854f8b558654bfc2ab604b203c2429240e3a4b615e50c7ad8
+ql/lib/codeql/swift/generated/stmt/IfStmt.qll b55a7407988abba2ffc6f37803cff8d62abd5f27048d83a3fc64b8b6ce66590a 91def4db6dd271f5283e9a55a1e186e28e02962df334b5d753cea132731d7a85
+ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 42e8f32da8451cab4abf3a262abdf95aec8359606971700eb8c34d6dc3a3472f fa3c186f2cd57e16c7d09b5bf1dc3076db9e97ade0d78f4b12dd563b57207f00
+ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll ffbfa0dc114399aabc217a9a245a8bcacbfbad6f20e6ff1078c62e29b051f093 33ddfd86495acc7a452fa34e02fe5cce755129aa7ee84f1c2ad67699574b55dc
+ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll a03dc4a5ef847d74a3cbae6529f7534b35c1345caf15c04694eab71decefd9ab f968f8e8766e19c91852856ea3a84f8fa3fc1b4923c47f2ea42d82118b6f2e0d
+ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll adfebcb8a804842866c5f363c39856298de06fd538cca9ffe9c9cd4f59ddc6a7 19d74a05cb01fb586b08d3842a258de82721b1c709d556373e4a75c408e3c891
+ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll 464dc2a4060ffdee4db3d405c344543c4d4e20b969ab536b47f0057b13ff0ce9 8d02dc871965db4947ee895f120ae6fe4c999d8d47e658a970990ea1bf76dd4c
+ql/lib/codeql/swift/generated/stmt/Stmt.qll b2a4f3712e3575321a4bc65d31b9eb8ddcd2d20af9863f3b9240e78e4b32ccff e0fc13b3af867aa53b21f58a5be1b7d1333b3e8543a4d214a346468f783dbf40
+ql/lib/codeql/swift/generated/stmt/StmtCondition.qll 21ff34296584a5a0acf0f466c8aa83690f8f9761efa1208e65bb6ed120af5541 23b12b6db6f7ab7b2a951083a9a06ec702407c2a0c79cc9c479a24213d0753a9
+ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll 1fce725cb70bfc20d373c4798731da0394b726653887d9c1fe27852253b06393 805d8383b3168e218c1d45c93d3f0c40a1d779208dbbbe45423ea1af64a98e1d
+ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll 480553a18c58c2fa594ee3c7bc6b69f8aafb1c209e27379b711681652cbe6dd3 23829747c8b8428d7a2eea6017bb01536df01d7346c136bd6b654ebdd04342de
+ql/lib/codeql/swift/generated/stmt/WhileStmt.qll 1ac3c3638899386a953905f98f432b7ba5c89e23e28ca55def478ce726127f50 4ac6f0f62082a2a5c1a0119addbb6e4cdebe468a7f972c682c114a70a58c1e80
+ql/lib/codeql/swift/generated/stmt/YieldStmt.qll 8b1e8b7b19f94232eb877e1f8956033f6ca51db30d2542642bf3892a20eb1069 87355acc75a95a08e4f2894609c3093321904f62b9033620700ccd4427a9ca70
+ql/lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll a263451163e027c4c4223ec288e090b7e0d399cc46eb962013342bfeac5f6b86 d850ec1ee1902945b172ddd0ecd8884e399e963f939c04bc8bfaadacebdf55a9
+ql/lib/codeql/swift/generated/type/AnyFunctionType.qll 28f01d61d199ae6b28800151a923c2c74983aebec6951e6945973292a7d774b1 473b5e0067c5809c7927acf3670acc1e4b9f5fdfcda070954b6c108c7efd409a
+ql/lib/codeql/swift/generated/type/AnyGenericType.qll af3e8060bec6128f3135960da1703a72c51c461e85737b9a336d72910fd33e7a 470e51991d606170482dba555bf4067a442e8fec25706a481ef38bdedb1531b1
+ql/lib/codeql/swift/generated/type/AnyMetatypeType.qll 6805a6895e748e02502105d844b66fab5111dbb0d727534d305a0396dacc9465 58e0794b8d6dccd9809f5b83bf64b162e69f3f84b5f3161b88aed10f16a8ede8
+ql/lib/codeql/swift/generated/type/ArchetypeType.qll 3c3d88c43a746b54cd09562756768538675ee1bae31c58fca4b8c6af7ccc8656 6dd41b2a89176342a27d3ffa7abc60dc9e53f2a6c132941fb7c79f9aa1b189db
+ql/lib/codeql/swift/generated/type/ArraySliceType.qll 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2
+ql/lib/codeql/swift/generated/type/BoundGenericClassType.qll c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f
+ql/lib/codeql/swift/generated/type/BoundGenericEnumType.qll 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56
+ql/lib/codeql/swift/generated/type/BoundGenericStructType.qll ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6 ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6
+ql/lib/codeql/swift/generated/type/BoundGenericType.qll 6c252df4623344c89072fefa82879b05a195b53dd78ea7b95e9eb862b9c9c64c 91b172eea501ef3d0710bbbeee7b8270c20a6667d2cf169e058804b12ff2166d
+ql/lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264
+ql/lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b
+ql/lib/codeql/swift/generated/type/BuiltinExecutorType.qll 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be
+ql/lib/codeql/swift/generated/type/BuiltinFloatType.qll 7a1c769c34d67f278074f6179596ec8aee0f92fb30a7de64e8165df2f377cd3f 7a1c769c34d67f278074f6179596ec8aee0f92fb30a7de64e8165df2f377cd3f
+ql/lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll 94406446732709afdf28852160017c1ca286ad5b2b7812aa8a1a5c96952a7da1 94406446732709afdf28852160017c1ca286ad5b2b7812aa8a1a5c96952a7da1
+ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll c466054ad1bd06e225937cf67d947a0ae81a078475f9ab6149d4ffb23531c933 8813c8b99df42a489c6b38f7764daac5ab5a55b1c76167da200409b09a4d6244
+ql/lib/codeql/swift/generated/type/BuiltinJobType.qll 4ba48722281db420aeca34fc9bb638500832d273db80337aaff0a0fa709ec873 4ba48722281db420aeca34fc9bb638500832d273db80337aaff0a0fa709ec873
+ql/lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll 7231290a65e31dbee4ec2a89b011ee1e5adb444848f6e8117e56bea0a1e11631 7231290a65e31dbee4ec2a89b011ee1e5adb444848f6e8117e56bea0a1e11631
+ql/lib/codeql/swift/generated/type/BuiltinRawPointerType.qll bc3f6c3388c08e05d6f7d086123dc2189480dae240fcb575aef2e0f24241d207 bc3f6c3388c08e05d6f7d086123dc2189480dae240fcb575aef2e0f24241d207
+ql/lib/codeql/swift/generated/type/BuiltinRawUnsafeContinuationType.qll f9e2ccc7c7505a44cca960c4ff32c33abbef350710bb4099dd8b7e2aaa4ba374 19f7e4b4e02825460374ac0d578544134a7a4d65940e32c1052e0c49b1b54aef
+ql/lib/codeql/swift/generated/type/BuiltinType.qll 0f90f2fd18b67edf20712ff51484afd5343f95c0b1a73e4af90b0bc52aed14d9 35bb8ee31eed786a4544e6b77b3423a549330d7f1fb8c131ba728ca4db41b95f
+ql/lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6
+ql/lib/codeql/swift/generated/type/BuiltinVectorType.qll f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a
+ql/lib/codeql/swift/generated/type/ClassType.qll b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53
+ql/lib/codeql/swift/generated/type/DependentMemberType.qll d9806aa84e0c9a7f0d96155ffeae586ced8ee1343e139f754ebd97d4476f0911 d0b3395e3263be150a6b6df550c02a2567cfa4a827dcb625d0bf1e7bf01956eb
+ql/lib/codeql/swift/generated/type/DictionaryType.qll 8b9aad8e8eca8881c1b1516e354c25bf60f12f63f294e906d236f70de025307c 53b0102e1b8f9f5b2c502faa82982c2105dd0e7194eb9ff76d514bddfa50f1dd
+ql/lib/codeql/swift/generated/type/DynamicSelfType.qll 9a2950762ad4d78bfacbf5b166ea9dc562b662cf3fcbfc50198aaacf1ea55047 8fb21715ed4ba88866b010cbba73fc004d6f8baef9ce63c747e4d680f382ca6e
+ql/lib/codeql/swift/generated/type/EnumType.qll dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35
+ql/lib/codeql/swift/generated/type/ErrorType.qll cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3 cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3
+ql/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05
+ql/lib/codeql/swift/generated/type/ExistentialType.qll 974537bfafdd509743ccd5173770c31d29aaa311acb07bb9808c62b7fa63f67a c6fbbfb8dacf78087828d68bc94db5d18db75f6c6183ab4425dfa13fccb6b220
+ql/lib/codeql/swift/generated/type/FunctionType.qll 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4
+ql/lib/codeql/swift/generated/type/GenericFunctionType.qll 299c06f01579161b1a22104b91947b9e24c399e66fca91415c2125bf02876631 b4a6bd09a4f28edf58681f8e1f71c955089484535e22fa50d9bae71fd52192fb
+ql/lib/codeql/swift/generated/type/GenericTypeParamType.qll f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf
+ql/lib/codeql/swift/generated/type/InOutType.qll c69d0f3c3f3d82c6300e052366709760c12f91a6580865ff8718f29057925235 2a9e1d66bec636a727f5ebc60827d90afcdbee69aabe8ae7501f0e089c6dbd5e
+ql/lib/codeql/swift/generated/type/LValueType.qll 5159f8cf7004e497db76130d2bfd10228f60864f0e6e9e809fc9a2765eafa978 fc238183b7bf54632fa003e9e91a1c49fb9167170fe60c22358dc3a651acbf98
+ql/lib/codeql/swift/generated/type/MetatypeType.qll cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2
+ql/lib/codeql/swift/generated/type/ModuleType.qll 0198db803b999e2c42b65783f62a2556029c59d6c7cc52b788865fd7bb736e70 199f8fd9b4f9d48c44f6f8d11cb1be80eb35e9e5e71a0e92a549905092000e98
+ql/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll 27d87dc4792b7f46fa1b708aadecef742ab2a78b23d4eb28ce392da49766122f 299c3ed5837dcb992a2a28d44ac6709c1d86a828879c62187fe29094e0e66c52
+ql/lib/codeql/swift/generated/type/NominalType.qll f7e85d544eaaa259c727b8b4ba691578861d15612a134d19936a20943270b629 87472017a129921d2af9d380f69c293f4deba788e7660b0fe085a455e76562e8
+ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 74c840ae210fff84636fbfb75d8fce2c2e0bc5bda1489c57f312d2195fdfeda3 0c9986107dcf497798dc69842a277045dcaacfe8eec0ed1f5fc7244dd213ff56
+ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2
+ql/lib/codeql/swift/generated/type/OptionalType.qll d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9
+ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll cdbbb98eea4d8e9bf0437abcca34884f7ff56eedad74316838bdbfb9c3492b4b 2cf32174c8431c69690f5b34f0c4b4156c3496da49f85886ce91bf368e4fc346
+ql/lib/codeql/swift/generated/type/ParenType.qll 4c8db82abce7b0a1e9a77d2cf799a3e897348fc48f098488bad4ca46890b2646 9ae88f83b4d09a8b59b27f6272533c1aebf04517264804e1cecd42d55e236aa3
+ql/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59
+ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll 36a4f7e74eb917a84d4be18084ba5727c3fbc78368f2022da136cd4cf5a76ecc 779e75d2e2bf8050dcd859f2da870fbc937dfcaa834fc75e1d6dba01d1502fbc
+ql/lib/codeql/swift/generated/type/ProtocolType.qll 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf
+ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll f565055bb52939ebb38eae4ec2fb9a70ee3045c1c7c9d604037ecf0557cce481 4d5b884f3947a1c0cb9673dc61b8735c9aeec19c9f0a87aa9b7fbe01f49fc957
+ql/lib/codeql/swift/generated/type/StructType.qll 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04
+ql/lib/codeql/swift/generated/type/SubstitutableType.qll 9e74ec2d281cd3dedbc5791d66a820a56e0387260f7b2d30a5875dc3f5883389 619f0e4d509bdd9e8cfc061e5627762e9cbae8779bec998564556894a475f9d8
+ql/lib/codeql/swift/generated/type/SugarType.qll 4ea82201ae20e769c0c3e6e158bae86493e1b16bbd3ef6495e2a3760baa1fc6b 6c78df86db6f9c70398484819a9b9ecc8ee337b0a4ac2d84e17294951a6fd788
+ql/lib/codeql/swift/generated/type/SyntaxSugarType.qll 253e036452e0ba8ae3bb60d6ed22f4efb8436f4ef19f158f1114a6f9a14df42c 743fe4dede40ca173b19d5757d14e0f606fe36f51119445503e8eea7cf6df3b0
+ql/lib/codeql/swift/generated/type/TupleType.qll e94b6173b195cab14c8b48081e0e5f47787a64fe251fd9af0465e726ffa55ffb cd6c354e872012888014d627be93f415c55ddde0691390fe5e46df96ddebf63f
+ql/lib/codeql/swift/generated/type/Type.qll 2bd40fd723b2feca4728efe1941ae4b7d830b1021b2de304e6d52c16d744f5a1 c9e44bc375a4dede3f5f1d5bcc8a2f667db0f1919f2549c8c2bb1af5eee899cf
+ql/lib/codeql/swift/generated/type/TypeAliasType.qll 081916a36657d4e7df02d6c034715e674cdc980e7067d5317785f7f5bd1b6acb 47b1b7502f8e0792bbe31f03b9df0302cc3d7332b84e104d83304e09f425a06b
+ql/lib/codeql/swift/generated/type/TypeRepr.qll 10febbf304b45c9c15f158ccc7f52aa4f4da0f7ca8856c082ef19823d9a1d114 89dcafe7b9939cf6915215ef2906becf5658a3fd2c7b20968b3fc72c3f5155ec
+ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll ffdaa0851a0db7c69cf6b8f4437fe848a73d8a1f20e1be52917c682bd6200634 ca5a9912c9f99a9aa9c7685242de1692aad21182f8105cbdce3ba3e7f1118b40
+ql/lib/codeql/swift/generated/type/UnboundGenericType.qll 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78
+ql/lib/codeql/swift/generated/type/UnmanagedStorageType.qll 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa
+ql/lib/codeql/swift/generated/type/UnownedStorageType.qll 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e
+ql/lib/codeql/swift/generated/type/UnresolvedType.qll 4bdb583cf2bf654a6a37486d06a14fd631b715f47f7e8aea314d939143c5c6c9 4bdb583cf2bf654a6a37486d06a14fd631b715f47f7e8aea314d939143c5c6c9
+ql/lib/codeql/swift/generated/type/VariadicSequenceType.qll 796537097d8e32eda38be55adde9ec935e25c74ff7450f7ce8cd687c50c0ba89 796537097d8e32eda38be55adde9ec935e25c74ff7450f7ce8cd687c50c0ba89
+ql/lib/codeql/swift/generated/type/WeakStorageType.qll dda4397a49f537ec44117a86dc09705a07d281e31bf4643738b15219053ed380 dda4397a49f537ec44117a86dc09705a07d281e31bf4643738b15219053ed380
+ql/test/extractor-tests/generated/Comment/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/Diagnostics/Diagnostics.ql 6a4a9480cc929381e0337b181e5ac519a7abc6d597ebe24fb6701acf79ced86f 199c5bf8bd38e161d989e0e4db1ea1d3ddcb4d7cf571afd9112ce3ed8d9b8d2a
+ql/test/extractor-tests/generated/File/File.ql ab0968ae31b749da2b66462bd04e4dfb30604dba405a84594b575abfc4fa4c35 bcc0ff648b28c5ecd567e196e700272883756bbcc65296bbb880a979e3162628
+ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.ql fcf430b5a4631a56f88ff8e05c97f312244d450745d65f9c312f9fd14ccc917f a6423ef93f4aae97dac13f700cbb5c79aeda4762e4524685ad03686468d2925c
+ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getBody.ql 1d42eb1a5b832cfaf1949b61a01a6a11448a6d4369a44f2511bb31d1d7fc10a8 b326a6743121353f8a66410d3d9151ca969939abcbbe5c411872ca290da45123
+ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getGenericTypeParam.ql 8648679e9403477c7f97b6df450a0fa623dc9aff0777021ee33f9cc96eef2611 59c384c35804bf205c3c63e8b956e6bc89d3ded7952911c40e7bf156acb56bf8
+ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getParam.ql 7c61c15d75f681c5f5817bdc1e0c1e2594afdc43a5a8889bd385b6cd007d6509 7f6111069c3f289fb3bd21933893757a0adbf8be8f21bf5f8960b6fb26840219
+ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getSelfParam.ql 0d773ccd4c84a5280f03341cccff8363479b668541d269311215db866a1cfd53 743d584a8d5d85aa11e96ca44151f1239c750bf8a429d60269129696411a0294
+ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.ql 74cf30be2fa4f825f0167bde4489b09683858f762bb335db04fe1cc474dafec6 0911e8a9130622da23f3b2747830c7c8e1659f0c062594bd34f82e335b08448e
+ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl_getBaseType.ql 39d26252c242eec5aaef23951bd76755a4d3cdceff7349b15067fefb2ece14b3 214fdbaa77d32ee6f21bcccf112d46c9d26006552081cc1f90cbb00a527a9d7f
+ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.ql b65b8bb8def2a79501d9b1379980003e22bb778b1163c73bb6b24de1bfdaef7f 137979d7fbb647ade6141f27daacbae834a556af691793731e9b664f7dbd13c7
+ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl_getBaseType.ql 5f4fddbb3fb3d003f1485dc4c5a56f7d0d26dfc1d691540085654c4c66e70e69 0b5a5b757ca92e664ef136d26ac682aa5a0e071494d9f09d85f66cd13807e81d
+ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl_getGenericTypeParam.ql ca0b73a4f31eea47def7a1de017de36b5fdaec96ae98edb03ff00611bfcac572 f9badd62887a30113484496532b3ff9b67ff5047eb5a311aa2ec2e4d91321e0e
+ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl_getMember.ql f73881b14bb4eaf83dacf60b9e46d440227f90566e2dfb8908a55567626ccdda f78a7261f7ccfe01ca55f7279bd5a1a302fc65ba36b13e779426d173c7465b84
+ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.ql 27df755f467c5176cf8f26d3b41ebd321834048ce8120a384746c3deeb73cdc3 d4b8363876172e5a152a5126457443dc9fe9ec83c3f0a9bd86eae54473ac8bd9
+ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl_getBody.ql 3c742b9c8d8d8c23d1bef03f559e1b91f0d3848084ba5819f118c323dd1920a2 340d4e4a6312ffaf4c47bbc753828c1e478d84a2d399c66220288c081c8357ca
+ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl_getGenericTypeParam.ql b5e64bf02a5991a1549794af0aaab9ae654c88b5d52a3e04b7ac525b3a64af5e 034a7d0bf7500afa952a28d184d1d073e71c3dcec3bc26fcefaed70aef9de3ce
+ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl_getParam.ql 392bc906a24a432b0dd65a18248cab53874e1ea018b44fdf07d8acb55939c85d cf272febc8355d7171308c0b35f65ae0469106c022093f87ffd25d5951eef4a3
+ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl_getSelfParam.ql c8a593149db6785d9bc7017a3fcee305832ab434955b4c36ac2842e214f0acac b70a7c18085961d2c907631d69811071deb391c45c94ef7165bf7ce700dabaf9
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.ql 5b38d0a84f99a7472a222fe612aa8a04f1ce0f7b804fd95eb75bfb83be5314c0 1a78d482860647c40b85e1119b849268f7d38c41b626d63f6cfa90fa933e9c1a
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAccessorDecl.ql 7f1890b891402c7974087bd1621ce7ce2893008a2ab0218396c82e99ce2e6c9d 4d483e18ad2211759e3a57f973679844d28505b84fe2b10b2303a561d0ac7ca5
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAttachedPropertyWrapperType.ql 0fd114f752aae89ef80bc80e0532aa4849106f6d1af40b1861e4ba191898b69e fdf28e036a1c4dcb0a3aaaa9fb96dcc755ff530ab6f252270c319df9a1d0d7ac
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentInitializer.ql c90aa3ae4249af7d436f976773e9208b41d784b57c6d73e23e1993f01262f592 3b1391d6b0605011bec7cc6f3f964ed476273bd5ed4bb5d6590f862aa4e7a2a3
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentPattern.ql a46347331698857119cd74495a25ea6cff6d20f8003741dc94e9d68b87e7ed1d c60aeb108f56485200eafbc677662869f4393f1d462a3385fa334926adff233c
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.ql 370da9dd7a6bcb02c18246f680ec2af9e12c81504285b43cbf6ffd8963fbd6e4 d9e86f574111e15d42c0eaabe4e65882ad55d3604d9cc281baf28d4817e438a8
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.ql addbf4e32d383fc35b7505a33c5a675feeedd708c4b94ce8fc89c5bc88c36f1f 549c8ec9cf2c1dc6881e848af8be9900d54604a747ded1f04bd5cadf93e5ede3
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.ql 502a76b34c78d3cf8f38969671840dc9e28d478ba7afe671963145ba4dc9460d 6125a91820b6b8d139392c32478383e52e40e572e0f92a32f0e513409d2c4e11
+ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.ql 40274aac8b67cb6a285bf91ccdc725ae1556b13ebcc6854a43e759b029733687 44e569aac32148bcce4cd5e8ebb33d7418580b7f5f03dfbd18635db9965b28d9
+ql/test/extractor-tests/generated/decl/ConstructorDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/DestructorDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/EnumCaseDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.ql cfaa19a5ae44f535f753c8b89d5bacd8f29220a7dc962efa1a3a11a6eb6d6f31 ce21feae120f926a1425c0365de9fda84c3df1057e42f0aadc34d2bcaa7e35d1
+ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl_getBaseType.ql 4ace6176a57dd4c759356ddbefc28b25481c80bdeddfeb396d91b07db55af22a d0d1337ccbba45a648fe68fefc51006e14506d4fb7211fb2bde45f7761c4dbf1
+ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl_getGenericTypeParam.ql 3a0927f87a21d69bfc309f5f7faedb3d0cc2956c071b16c38b2b4acd36f24ea9 aafed56a1744579f05b3817adef6a5fd011d1b5cb7da2db230a43b6f55a04649
+ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl_getMember.ql 621870b7dbeaeefa93cbbfc102e97810b15d39b49db685019c9e3cbf2423ffef e110630f0ba8f588e7f8ebc56a1a31c2ca2f22f2cc763baa76854beb3b3a4ece
+ql/test/extractor-tests/generated/decl/EnumElementDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/ExtensionDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/GenericTypeParamDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.ql 52e572682b381d6a3c4d38d2902c1fca3a371eec3859c49735fcab8eb5ae23c8 0b5fdf388f887c50ff333f662f6321851e923166ab5916bb07d1613452d495e1
+ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl_getActiveElement.ql 914165306a2eb5c8039750e1e03bda156a684946abc8709d786b4144d9c9eb3b 5e87dfd99858ae257506415369bff937a731b6309dac2242b03ea79ead045fc1
+ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.ql 34e45c5675750325ca212c05cdda4158c6bd9cc84d8cbc6672eca530fd8d5ba7 01f3ca092a9f91e0adfa3118162de4679962ba2c57e127642c496aeb91d50b68
+ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl_getDeclaration.ql a76c6360ed7b423229ec64dc4d03f586204fbf5107408b7d07c06ef43b30526e bc8569ecf097f0e6176da4f42379158137f70dcfb9b6d60f4c16f643b68f9d91
+ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl_getImportedModule.ql 0339867ca4f414cceba85df20d12eca64a3eea9847bb02829dc28fa95701e987 8c292768f56cecbdfeb92985212e6b39ecada819891921c3ba1532d88d84c43e
+ql/test/extractor-tests/generated/decl/InfixOperatorDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.ql f2e3f8cf3d1a308460553033de41bf094fd7931ac0f4ae9c6b134940c0247b17 da3ac91991de773f1b914088435f1b7d9821b433b5af9ad8b003f62c15356774
+ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getBaseType.ql 54a4bd2cfa666271ae9092285bb7217b082c88483d614066cfb599fc8ab84305 8b24ab8e93efe3922cb192eb5de5f517763058782e83e8732153421adddd68e1
+ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getExportedModule.ql cfca012f0951c86560d892ea5eae182d5eda661c9484a0df71ef9c905123e8f6 dfebda4fcad0e2f2a2c944782a7355b3caeac569e5a45621c582bc1bb243b2cc
+ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getImportedModule.ql 44018a788205592c59cd10072f8b8d0558100bb15fff4b3e490176e86193e5b1 cc9fe6571713af8a0e844ac5da682c24feb1a2be4535e3feeb4cbbafba91a414
+ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.ql 7d91642f55a68928cf1d88c452f14788aa4299321505cc8104d865de4fc4106f 04765f0a4850bde6a8550d337a4a13d1d3a9df24f14de0fe403182a3ff6b78e2
+ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl_getBaseType.ql d030fd55ea5a5443c03e8ba1a024c03e3c68c96c948c850131f59fbac6409402 46816c1a75a4cf11db95884733382e46d5573b6c1116d5de0bfe5ae91fed4c3d
+ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl_getGenericTypeParam.ql c147420a91c157ee37a900dd7739bdb386fba5eeaadd84e609d2642d3fdbf2e0 cf1c981b6cb7b84944e9430cfe361905dcc396d4356d7f20a0ba993352bd5b02
+ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl_getOpaqueGenericParam.ql 2b4264a68817f53ddd73e4fd80e9f7c3a5fcfa4d0692135e2d3b10c8a8379d98 c2efac460b655e726d898b2b80cbfce24820a922e26935804ddd21ae9c474085
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.ql 70fd778e4d266ecc20180e09dde22107f0503c500d412ab9a5051c23bd8c7103 be5c8daed55d21db35d4a27e9d41038ea066355f7e5f3cb7c54d820545422147
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAccessorDecl.ql bf6bd41b1eedad87a2d86acb4b183ddbd150119a0301ec56c6d7129fe5dee453 247fe28adde08cb86e03f9f21c32ea96b8bdc522b848bb84a592292338cac6b1
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAttachedPropertyWrapperType.ql 3642cfd3ecf47a6b81a1745dc043131df349b898a937445eadfdee9f69aec3fc 97137c6673c45b0743db310b0839426eab71f5bc80ccc7bab99c304b8198159f
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getParentInitializer.ql f0ecd0352a7e34e13040f31440a6170b0661b625c65b35d13021731b6db0f441 9fc89925050c9538ba3ba0b8c45278e30dffba64b53002f675e3f7a9ef014539
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getParentPattern.ql d6cbe58a6fb294762d88cbad55e2a8a188573969c1c691e73a9d6f598001f01e ddc4c06dccebaa4e92dcf765304278ca10339070955ee6616dfec6c814074496
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.ql d8b0a5264ebfd405d7a400cb56feffe66b73cbeb8caac92d96a5ee9acfc7a59d c3fd21ee69682592135fc2c88633dba36f5a5c4b07a3ad756977afdc055b9d6b
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.ql 71ad0741b1db153c02506d324b4211526209884a4206a2fc12565aae9426f5f0 e90e963ba9b709743d2bc973027e7f2985f072e2f0dd2e92db9a9053e136de63
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.ql 97255410c46dcfae6b454eb71b377ae4a14b2c5ce5bd40e4ba57f351476e87ee 277094dbdde3018cc24d660e7dca9ecea732ce22d2a7c009f36644d3e9676f68
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.ql 14f50b706a2dba7123888868d93fa72a4871e6e04949cc87a7df52e27b7197d1 680242c73f78a64a1687cf59b0a80f715c98b994b32ec90044bcedd2c258f786
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.ql 406436f415d5a6895be712471e7ab2d8b945539ac01b845ce191c4186e1cd275 4fdd0bc67207fd5cbe30743df46fdc61eeb5e58d877ef4aef5c7d7f0f684ef05
+ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.ql c79a13e49d3375edac8e51b27a58318afee959a8df639f7b0d7d77de1e2d60bc 8c3b9dae1079e674854d15f4bd43f1f507b7fac6900f0831d92f2140aae268b4
+ql/test/extractor-tests/generated/decl/PatternBindingDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/PostfixOperatorDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/PoundDiagnosticDecl/PoundDiagnosticDecl.ql 5a84b0117ba0bd438a7b6d034a95b4cf487eaec6ed45fa5a24df421a666704e0 2dd647c445849cc0ecfaa55b918d36c4f06a7c6e15f1f01a7a2f9c25e2b3b45b
+ql/test/extractor-tests/generated/decl/PrecedenceGroupDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/PrefixOperatorDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/ProtocolDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/StructDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/SubscriptDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/TopLevelCodeDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/decl/TypeAliasDecl/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.ql 88d7539565c64d29ffd99e8201a0b47954d13c6ca7df6141fab6311fc37588f0 2ebaaaa97b492762273516355004a6cbc88d75250d856ed5e21660294e150ca0
+ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr_getType.ql 1caa0b9c70afc6f63fb1cb05b30499a615a997849d5128006f9c7147b7f1d4a4 64474604bf6d9028bdcbbb8dd2a607c65cb74038e2d6e88e86908f82590ba7a7
+ql/test/extractor-tests/generated/expr/Argument/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ArrayExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/AssignExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/AutoClosureExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/BinaryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/BindOptionalExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/BooleanLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/CallExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/CaptureListExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ClosureExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/CoerceExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ConditionalCheckedCastExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.ql 0214077b52ed4c152c70bbd0347c7340d42e584954fba5242f1380e357ec79a0 f8ce48428247f8616c15d39198bf8b3857f1acca12a800bcc912c34720f5f039
+ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr_getArgument.ql a3a01f99aa8df3aafed50cc7828829e567e01fed7874854e7a620904f1641fc9 962669b36b9adbc3d75bae79a9a754692c20d6e14ee2b47aca8f3f93b27895da
+ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr_getType.ql c3504dda8c41ebc386a9011deb06b0f5312538306b5ca10f7c4ff2e0f2c277dd aa6785ac86fe4954ef679fdfa6cd91f964d9281ab0162240b6e4b9eb67b0eda3
+ql/test/extractor-tests/generated/expr/DeclRefExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/DefaultArgumentExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/DictionaryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/DiscardAssignmentExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/DotSyntaxBaseIgnoredExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.ql b161e81b9eee4c3ab66776542559457c02f30da68e59efb98d6388425e66d2e3 d7571dbca05dd36185c0eb2ad4ad9e821433362c10045875fb433fae5264346a
+ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr_getArgument.ql ab0023396a31a9fad384ac6ab2819fa3b45726d651fee6ee5d84ea4fbdb55992 410afe1ae14ca17bc245c9fa88f84ba1d02e20a7803910746316ddcacc062ace
+ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr_getType.ql ea3d25737d4c02d6ecd405d23471a587945362dee1160f6346484fffa166835d 3edcaae4cd47839dc716640ac9c098a9c65f365a69fb5442d15eb1955c06dcaa
+ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.ql 3c08d6e00606b76499ba1a04547cba9918f3be5b3baa4b3fc287bd288c467c8d 6685c8133d7c34346a85653589b3ae9cf2dbedaaff5e87f4dd9e94719a31b715
+ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr_getMember.ql ab1669430da9e60e3b5187bd4f45e7a9b501348cd0c66e4d8570c6facc3a82a3 a2e5e9781c9af9c52fe9d5735f146dc4a2e077096f2baee8db75f2a2f82b0037
+ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr_getType.ql 216b9caa3388b85959b19db012c6a7af40981ef92e4749b9cc644caee830041c 32691b624baed5c89fbef438214ecb893f9c1d1a575194133b56d79877e3feec
+ql/test/extractor-tests/generated/expr/DynamicTypeExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.ql 9a4505f330e014769509be594299bcaa046d0a2c9a8ce4ac3a1d6d6b050af317 92c8392ded3fb26af7434b8aae34b1649b4c808acafc3adbd8ecb60ada5f6e72
+ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr_getType.ql edc2e175c971465f5667c4586bc4c77e5c245d267f80009a049b8f657238a5f4 5df26b5bdf975ba910a7c3446705c3ac82a67d05565d860fe58464ee82bafdde
+ql/test/extractor-tests/generated/expr/FloatLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ForceTryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ForceValueExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ForcedCheckedCastExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.ql f87db45ad56628ce62200e1034d1cfd2ff1c799be5a24681fe939bf80108937a e8484eaab79f3be6b53ecb258eb9a3cd8cdcba8534c0ee7d275b8b67b3d2f538
+ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.ql 7a8520abbf50642f886a3cdea37530b0577d509f31d76224467ad5d435bb0e39 a6fd63a7964cf778cc4b23ce5112138d7d5a5db96956e9514741ef9789bd1f19
+ql/test/extractor-tests/generated/expr/IfExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql 7ffb80368c4d80adccaa0267cc76b42b76304d5d485286f82e22ae51776812f3 51b38032cb3d392be56fa8bdf53379a174cf3de39d4bf6b730c611ae3ab7cec8
+ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.ql 184ff1dec5d65024c8a0c2b316706ac58c68c62c715c266211e947168750c89a 486fc8d65c0db86bdada2d540f665278caab43454a69ccc8c2e702729397fef0
+ql/test/extractor-tests/generated/expr/InOutExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/IntegerLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/InterpolatedStringLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/IsExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/KeyPathApplicationExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/KeyPathDotExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/KeyPathExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/LazyInitializerExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/MagicIdentifierLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/MakeTemporarilyEscapableExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/MemberRefExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.ql 53b3a01d27336f55ce24eb278b5fb54a00fdacd24fd04e0267541de7fc282009 8d8f42acc84d02166648a6c9857bf988abaff967f130d100b25aae114b99ade0
+ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr_getMember.ql 178794928d040a4a5ebbae0cd835936eac0214756fbb5b4bbbe29d4487e86d0c 6efedf486a073a487a45539f097219bb7ac9c11c0ce8d539e950a9e5035d8a61
+ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr_getType.ql 991f8855bd8297971aec205aa13d072674739133d4adb8cdaa272c6340848bb4 08810d4640f61ab4ede0ddb0d23c498936ae3b6ee3f40ab7f702b96ad5dba101
+ql/test/extractor-tests/generated/expr/NilLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.ql 6c6b146537773b4b4bdb0e530bd581f4d9ffee93e784a8fdfcabe35309bdd09e 47b2a275af169a031faee39e73c67a70ec47969b731f1cc80a8f76e68d934402
+ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr_getArgument.ql ab308c1fa027136070a6ee9ebe5149c69b34bb9ae910f201f37cecd8b6341ff8 deef69f4a1a94386a32ec964e696972a2c6a91c34d7e99c7e4a3811980f5ecc4
+ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr_getType.ql 07d59d9962f3705f8f32302c0d730c179ca980172dd000b724a72e768fbf39db cd146e19249590316bb83efec19dd41234723513025cf9df45313f78f2b364dd
+ql/test/extractor-tests/generated/expr/OneWayExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/OpaqueValueExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/OptionalEvaluationExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/OptionalTryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/OtherConstructorDeclRefExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql 7687a79d05efbbae7ce68780cb946cb500ed79c5e03aa0f3c132d0b98b6efe80 f23082710afb2bc247acab84b669540664461f0ec04a946125f17586640dfba8
+ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getArgument.ql 3b0e6f81599e5565bb78aff753932776c933fefdc8dc49e57db9f5b4164017f6 43031a3d0baa58f69b89a8a5d69f1a40ffeeaddc8a630d241e107de63ea54532
+ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getType.ql fa909883140fe89084c289c18ebc681402c38d0f37159d01f043f62de80521fc 4cd748e201e9374e589eaa0e3cc10310a1378bba15272a327d5cf54dbd526e8f
+ql/test/extractor-tests/generated/expr/PrefixUnaryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.ql 9ac73f157d11e4ee1c47dceaadd2f686893da6557e4e600c62edad90db2eb92d bf353009ee1b6127350d976f2e869b615d54b998e59664bdb25ea8d6ab5b132d
+ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr_getType.ql 0972415a8ac29f460d480990f85c3976ad947e26510da447bbf74ee61d9b3f4e 463b8ce871911b99c495ea84669b4e6f8eafc645df483f6a99413e930bc0275e
+ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr_getWrappedValue.ql 208153f062b04bec13a860b64ea51c1d531597140d81a6d4598294dc9f8649a2 dfaea19e1075c02dfc0366fac8fd2edfae8dde06308730eb462c54be5b571129
+ql/test/extractor-tests/generated/expr/RebindSelfInConstructorExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/RegexLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/StringLiteralExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/SubscriptExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/SuperRefExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/TapExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/TryExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/TupleElementExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/TupleExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/TypeExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/expr/VarargExpansionExpr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/AnyPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/BindingPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/BoolPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/EnumElementPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/ExprPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/IsPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/NamedPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/OptionalSomePattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/ParenPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/TuplePattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/pattern/TypedPattern/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/BraceStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/BreakStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/CaseLabelItem/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/CaseStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/ConditionElement/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/ContinueStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/DeferStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/DoCatchStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/DoStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/FailStmt/FailStmt.ql 75bf8a697d3a610caf25cb0d25748f2d1620c20fdd84c278c3e2f2502bc3f418 6e2377b8d2a63deaadbf8661dc7da70e8523637020e7d5fd601ca6893f10a573
+ql/test/extractor-tests/generated/stmt/FallthroughStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/ForEachStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/GuardStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/IfStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/PoundAssertStmt/PoundAssertStmt.ql dc72e3a7ff4c5dc39530322c343931cdfe63565eb76b29deef64bb311bfe302a 18eb3dab5ae8cfada5d42f1e70be9cb464a61ab5ce91897ce5a44a34387915e7
+ql/test/extractor-tests/generated/stmt/RepeatWhileStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/ReturnStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/StmtCondition/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/SwitchStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/ThrowStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/WhileStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/stmt/YieldStmt/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/ArraySliceType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/BoundGenericClassType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/BoundGenericEnumType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/BoundGenericStructType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.ql f85efff665246a0fb345def44cb60ae2415f82c6ef82b9689a61e08e7f1754ae 4c1c50193bfad688a708b4bc0dd08979e561ff764e0786ec37fbb6a654a404d6
+ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType_getWidth.ql 61e99a3987c5a4b10d5d105184c60dacc1c08d8106cf41b81d491a7f0ac36ef2 b02395a219768e0f41cbf77e4111da3a271e777bfe448eea1ea5d6f0910ff1e8
+ql/test/extractor-tests/generated/type/BuiltinType/BuiltinType.ql 48f3b997bdb2c37dc22fd3dc2d18bc853888503d0d8d8cb075c6cd18657553e2 278d18e1fae3d8693a4d363b67c6ff111c111464f104d72ccad37793bc425200
+ql/test/extractor-tests/generated/type/ClassType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/DependentMemberType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/DictionaryType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/DynamicSelfType/DynamicSelfType.ql d2c942b55f3a9f5af2cde39999b736ce2d50ae4514f36cc1e3f750905b03c49b b7ccdcf083da1598eaf4b5ad22e393253b8d58577580048290651a20f6e6df2f
+ql/test/extractor-tests/generated/type/EnumType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/ExistentialMetatypeType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/ExistentialType/ExistentialType.ql f7894f01a440b5db281dfaa9c083be0898d15b67e1b0047be3f9c959b97bdeb0 725a54f6ed26d53603a3e25cbf78c90b1f16837c1c0c39b56e7d3bdd51a78265
+ql/test/extractor-tests/generated/type/FunctionType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/GenericFunctionType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/GenericTypeParamType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/InOutType/InOutType.ql 35b7c048fbd053f6821ab1d996fabf55dada014873f25c5ed7141b59eb5e0fb6 06ca9b5be9a999cbd7e1ab2f26918a5923d7d351dd9ec74137550f1947013b7d
+ql/test/extractor-tests/generated/type/LValueType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/MetatypeType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/ModuleType/ModuleType.ql 8f798fea381d1b502f262b5ee790758b38008cadcdee848d0ddba1bd9f8ff4f9 4c3d623607be1a5f6503500f3331ee3b3e5200e9e78cca8a4ef3d24c83d0e7ba
+ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.ql e34e98f70a987fe9a5017c897a507f9de4fffff837e3e2cf6c13287bb6165381 e60a5754173210f3af543bea15eadb2a3349e2f71653249cc421b33266adf344
+ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType_getProtocol.ql fb9baf55660e0eedf1a387267d170ae066a8d1531156eab5447feca92f05b751 139529998fc2060a46a70cb645a9aa36240ab225bd9fbdb3decc3eaec3aa2261
+ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType_getSuperclass.ql 3556a07117f10a070638f3049dff85dd41c042ff3d13be275e19b995b3e7af81 5f0f6d66d9852eff45c25451dae087117077aa7b11a7908178769489f3726e11
+ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql d902b873db34a3b7f0bc4da82ecf59b01d283d4ca61be3b090cb47358c8dd6c2 656a938735cfa5bf5ca65a7c0e347fca993e966d568404ac204f60de18faa03f
+ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getProtocol.ql c208618d6bd7d4759581f06fad2b452077a0d865b4fb4288eff591fc7b16cd67 3bd6b8e1d1bc14bd27144a8356e07520d36ea21b6ea4adb61e84a2013e8701fc
+ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getSuperclass.ql bb7fc71b2d84e8c5492bb4c61492dabbce898bfb680979aadd88c4de44ea5af7 acae343087222e8eb7e4dfa0e256097d9592a9668afcb5706bcba5548afc0770
+ql/test/extractor-tests/generated/type/OptionalType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql dad743465b62dca457d64ff04bde24027050edb6d80054738f59e6026fbb00d7 119d085d65930b0b286ccdb8dc3aecb7eb46133e9f4ea18a6733751713b8ae5c
+ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql 8d10c3c858dedba47f227ebc92745916a248cd040ad944b80bf0d7a19af229d3 a29e2e0df269034c4f1fbd8f6de6d5898e895ad8b90628d5c869a45b596b53fc
+ql/test/extractor-tests/generated/type/ParenType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.ql 1d733e0447587d52a3b84ca19480e410c487c02541cd070ac80fcd2dbef5b57d 6ffd1e7ce8ec9b9fea0680805700262e472711b4d9a2b4336e57445e8f1a6d48
+ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType_getProtocol.ql 8af9b686cb9c3d988aea21cdaca42a0b625985111caa71d3eebaba4aea883e9c beecb31ab8fccb05c853926bccec33e298bed519385a25d6158646c94a019af9
+ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType_getSuperclass.ql 3b752a38eac8204ae6d902d03da8caeaad4072f30206420c97056e4bf3639eb4 fc5959969d5b229fa5d90dde7d997aa0d1b91bdb9d77cc6811377044eed4a6cb
+ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.ql 007c64d8ea8f69addc61e8759ce9cf2e32f5e8f73de6e35541a16ea19d4695ab 156ef6560aa5d866e6ed70237cf0335b2df0c75f87d23cc4d1024ee80fe0a543
+ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType_getMember.ql 8c1e8e5932cd775f0d0812a64954be5fd5b3eedd8a26eedb0bd6009cbc156e24 5c43ef8000bb67ed0e070bbd9d5fc167dcb7b6334ae34747d27eb8060af1a7e5
+ql/test/extractor-tests/generated/type/ProtocolType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/StructType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/TupleType/TupleType.ql 3ef454f940299726c035f0472ae4362d4b34fbe18a9af2a7d3581b1c734fad66 b5756e68f4eef3a02e7f1d2a7e16e41dc90d53fc631e0bd0c91ad015d63b77ca
+ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.ql ab5c578f6e257960aa43b84dd5d4a66e17f2312b5f9955af0953aaecbe9e093a 1ff62da991b35e946446ecee706ac0e07a80059f35654c022ffe06bf7ae32cfe
+ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.ql 3f861729c996b37e170adab56200e0671415663ff319bbf87c7c46ec8532d575 96a9735d69f250f3d67716d6a1552909d2aaa9b7758275b1b9002dca19000d22
+ql/test/extractor-tests/generated/type/TypeAliasType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/TypeRepr/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/UnboundGenericType/MISSING_SOURCE.txt 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd 7e714762ffb48c436102027d560fb5addc1f7dc6dd6936b06e0d3cca031d67fd
+ql/test/extractor-tests/generated/type/UnmanagedStorageType/UnmanagedStorageType.ql 3047ed64cbdb03d719d096fd3b2c4c54c92a2b65e46943424e84eeca705ab2d3 a8ee8ca4bf257c7472fa8cd7e661d352e8856b9e5855ebb3681f4d313209141c
+ql/test/extractor-tests/generated/type/UnownedStorageType/UnownedStorageType.ql 11e205283b368b9c9dbc79636c6007df501c952e6f715a9f07e65ec452192b38 ceb1e9c1279df07c77f9b23356b71c3e7672ec4cd5253898e09b27b2b24e4b00
+ql/test/extractor-tests/generated/type/VariadicSequenceType/VariadicSequenceType.ql 8c44ebc1fd1fa0b5caad5eb5b280f227f002dcfaddba45131b2959dad0b458f6 5f497990e2bd57a3ea8e2eb7da598af0c4ba7c7b4cc89b549e45de0ae3712e60
+ql/test/extractor-tests/generated/type/WeakStorageType/WeakStorageType.ql 39f1d90f8884d98235618a0bb955840daa0b1626b5f100a8f8d3b507b3b4fb84 2bd89193e20cc756a774bee940733a0b1c09f103d106d08433274eaed318a256
diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
index e4f9c40d892..47b926f10af 100644
--- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
+++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
@@ -1015,6 +1015,14 @@ module Decls {
 
 module Exprs {
   module AssignExprs {
+    /**
+     * The control-flow of a `DiscardAssignmentExpr`, which represents the
+     * `_` leaf expression that may appear on the left-hand side of an `AssignExpr`.
+     */
+    private class DiscardAssignmentExprTree extends AstLeafTree {
+      override DiscardAssignmentExpr ast;
+    }
+
     /**
      * The control-flow of an assignment operation.
      *
diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll
index dbd90ba0ae1..5039d09ff22 100644
--- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll
+++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll
@@ -907,9 +907,13 @@ module TestOutput {
 
   query predicate edges(RelevantNode pred, RelevantNode succ, string attr, string val) {
     attr = "semmle.label" and
-    exists(SuccessorType t | succ = getASuccessor(pred, t) |
-      if successorTypeIsSimple(t) then val = "" else val = t.toString()
-    )
+    val =
+      strictconcat(SuccessorType t, string s |
+        succ = getASuccessor(pred, t) and
+        if successorTypeIsSimple(t) then s = "" else s = t.toString()
+      |
+        s, ", " order by s
+      )
     or
     attr = "semmle.order" and
     val =
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
index 28e783c8047..c87d2973783 100644
--- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -79,10 +79,17 @@ private import internal.FlowSummaryImplSpecific
  */
 private module Frameworks {
   private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
+  private import codeql.swift.frameworks.StandardLibrary.Data
+  private import codeql.swift.frameworks.StandardLibrary.FilePath
+  private import codeql.swift.frameworks.StandardLibrary.InputStream
+  private import codeql.swift.frameworks.StandardLibrary.NsData
+  private import codeql.swift.frameworks.StandardLibrary.NsUrl
   private import codeql.swift.frameworks.StandardLibrary.String
   private import codeql.swift.frameworks.StandardLibrary.Url
   private import codeql.swift.frameworks.StandardLibrary.UrlSession
   private import codeql.swift.frameworks.StandardLibrary.WebView
+  private import codeql.swift.frameworks.Alamofire.Alamofire
+  private import codeql.swift.security.PathInjection
 }
 
 /**
@@ -387,18 +394,6 @@ predicate matchesSignature(AbstractFunctionDecl func, string signature) {
   paramsString(func) = signature
 }
 
-private NominalType getDeclType(IterableDeclContext decl) {
-  result = decl.(ClassDecl).getType()
-  or
-  result = decl.(StructDecl).getType()
-  or
-  result = getDeclType(decl.(ExtensionDecl).getExtendedTypeDecl())
-  or
-  result = decl.(EnumDecl).getType()
-  or
-  result = decl.(ProtocolDecl).getType()
-}
-
 /**
  * Gets the element in module `namespace` that satisfies the following properties:
  * 1. If the element is a member of a class-like type, then the class-like type has name `type`
@@ -427,32 +422,33 @@ private Element interpretElement0(
     )
     or
     // Member functions
-    exists(NominalType nomType, IterableDeclContext decl, MethodDecl method |
+    exists(NominalTypeDecl nomTypeDecl, IterableDeclContext decl, MethodDecl method |
       method.getName() = name and
       method = decl.getAMember() and
-      nomType.getFullName() = type and
+      nomTypeDecl.getFullName() = type and
       matchesSignature(method, signature) and
       result = method
     |
       subtypes = true and
-      getDeclType(decl) = nomType.getADerivedType*()
+      decl.getNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
       or
       subtypes = false and
-      getDeclType(decl) = nomType
+      decl.getNominalTypeDecl() = nomTypeDecl
     )
     or
+    // Fields
     signature = "" and
-    exists(NominalType nomType, IterableDeclContext decl, FieldDecl field |
+    exists(NominalTypeDecl nomTypeDecl, IterableDeclContext decl, FieldDecl field |
       field.getName() = name and
       field = decl.getAMember() and
-      nomType.getFullName() = type and
+      nomTypeDecl.getFullName() = type and
       result = field
     |
       subtypes = true and
-      getDeclType(decl) = nomType.getADerivedType*()
+      decl.getNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
       or
       subtypes = false and
-      getDeclType(decl) = nomType
+      decl.getNominalTypeDecl() = nomTypeDecl
     )
   )
 }
diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll
index e538f44b957..fef6646511d 100644
--- a/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll
@@ -1,6 +1,20 @@
 import swift
 private import codeql.swift.dataflow.DataFlow
 
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to all
+ * taint configurations.
+ */
+class AdditionalTaintStep extends Unit {
+  /**
+   * Holds if the step from `node1` to `node2` should be considered a taint
+   * step for all configurations.
+   */
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}
+
 /**
  * A `Content` that should be implicitly regarded as tainted whenever an object with such `Content`
  * is itself tainted.
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll
index 2dde1c2819d..1228d00b6ba 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll
@@ -70,7 +70,7 @@ abstract class Configuration extends string {
   /**
    * Holds if `sink` is a relevant data flow sink accepting `state`.
    */
-  predicate isSink(Node source, FlowState state) { none() }
+  predicate isSink(Node sink, FlowState state) { none() }
 
   /**
    * Holds if data flow through `node` is prohibited. This completely removes
@@ -147,6 +147,12 @@ abstract class Configuration extends string {
    */
   FlowFeature getAFeature() { none() }
 
+  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  predicate sourceGrouping(Node source, string sourceGroup) { none() }
+
+  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  predicate sinkGrouping(Node sink, string sinkGroup) { none() }
+
   /**
    * Holds if data may flow from `source` to `sink` for this configuration.
    */
@@ -158,7 +164,7 @@ abstract class Configuration extends string {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) { flowsTo(source, sink, _, _, this) }
+  predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) }
 
   /**
    * Holds if data may flow from some source to `sink` for this configuration.
@@ -313,8 +319,6 @@ private class ParamNodeEx extends NodeEx {
   }
 
   ParameterPosition getPosition() { this.isParameterOf(_, result) }
-
-  predicate allowParameterReturnInSelf() { allowParameterReturnInSelfCached(this.asNode()) }
 }
 
 private class RetNodeEx extends NodeEx {
@@ -602,8 +606,27 @@ private predicate hasSinkCallCtx(Configuration config) {
   )
 }
 
+/**
+ * Holds if flow from `p` to a return node of kind `kind` is allowed.
+ *
+ * We don't expect a parameter to return stored in itself, unless
+ * explicitly allowed
+ */
+bindingset[p, kind]
+private predicate parameterFlowThroughAllowed(ParamNodeEx p, ReturnKindExt kind) {
+  exists(ParameterPosition pos | p.isParameterOf(_, pos) |
+    not kind.(ParamUpdateReturnKind).getPosition() = pos
+    or
+    allowParameterReturnInSelfCached(p.asNode())
+  )
+}
+
 private module Stage1 implements StageSig {
-  class Ap = Unit;
+  class Ap extends int {
+    // workaround for bad functionality-induced joins (happens when using `Unit`)
+    pragma[nomagic]
+    Ap() { this in [0 .. 1] and this < 1 }
+  }
 
   private class Cc = boolean;
 
@@ -944,6 +967,12 @@ private module Stage1 implements StageSig {
   pragma[nomagic]
   predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, config) }
 
+  pragma[nomagic]
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+    revFlow(node, config) and
+    exists(ap)
+  }
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config) {
     revFlow(node, _, pragma[only_bind_into](config)) and
@@ -975,21 +1004,26 @@ private module Stage1 implements StageSig {
    * candidate for the origin of a summary.
    */
   pragma[nomagic]
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-    exists(ReturnKindExt kind |
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+    exists(DataFlowCallable c, ReturnKindExt kind |
       throughFlowNodeCand(p, config) and
       returnFlowCallableNodeCand(c, kind, config) and
       p.getEnclosingCallable() = c and
       exists(ap) and
-      // we don't expect a parameter to return stored in itself, unless explicitly allowed
-      (
-        not kind.(ParamUpdateReturnKind).getPosition() = p.getPosition()
-        or
-        p.allowParameterReturnInSelf()
-      )
+      parameterFlowThroughAllowed(p, kind)
     )
   }
 
+  pragma[nomagic]
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  ) {
+    throughFlowNodeCand(ret, config) and
+    kind = ret.getKind() and
+    exists(argAp) and
+    exists(ap)
+  }
+
   pragma[nomagic]
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
     exists(ArgNodeEx arg, boolean toReturn |
@@ -1046,12 +1080,16 @@ private predicate viableReturnPosOutNodeCand1(
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, Configuration config
 ) {
-  viableReturnPosOutNodeCand1(call, ret.getReturnPosition(), out, config) and
-  Stage1::revFlow(ret, config) and
-  not outBarrier(ret, config) and
-  not inBarrier(out, config)
+  exists(ReturnPosition pos |
+    viableReturnPosOutNodeCand1(call, pos, out, config) and
+    pos = ret.getReturnPosition() and
+    kind = pos.getKind() and
+    Stage1::revFlow(ret, config) and
+    not outBarrier(ret, config) and
+    not inBarrier(out, config)
+  )
 }
 
 pragma[nomagic]
@@ -1081,10 +1119,11 @@ private predicate flowIntoCallNodeCand1(
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int branch(NodeEx n1, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n1, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
+      flowOutOfCallNodeCand1(_, n1, _, n, conf) or flowIntoCallNodeCand1(_, n1, n, conf)
     )
 }
 
@@ -1093,10 +1132,11 @@ private int branch(NodeEx n1, Configuration conf) {
  * edge in the graph of paths between sources and sinks that ignores call
  * contexts.
  */
+pragma[nomagic]
 private int join(NodeEx n2, Configuration conf) {
   result =
     strictcount(NodeEx n |
-      flowOutOfCallNodeCand1(_, n, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
+      flowOutOfCallNodeCand1(_, n, _, n2, conf) or flowIntoCallNodeCand1(_, n, n2, conf)
     )
 }
 
@@ -1109,12 +1149,13 @@ private int join(NodeEx n2, Configuration conf) {
  */
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand1(
-  DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, ret, out, config) and
+  flowOutOfCallNodeCand1(call, ret, kind, out, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(ret, config) and
-    j = join(out, config) and
+    b = branch(ret, pragma[only_bind_into](config)) and
+    j = join(out, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1130,10 +1171,10 @@ pragma[nomagic]
 private predicate flowIntoCallNodeCand1(
   DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
 ) {
-  flowIntoCallNodeCand1(call, arg, p, config) and
+  flowIntoCallNodeCand1(call, arg, p, pragma[only_bind_into](config)) and
   exists(int b, int j |
-    b = branch(arg, config) and
-    j = join(p, config) and
+    b = branch(arg, pragma[only_bind_into](config)) and
+    j = join(p, pragma[only_bind_into](config)) and
     if b.minimum(j) <= config.fieldFlowBranchLimit()
     then allowsFieldFlow = true
     else allowsFieldFlow = false
@@ -1145,12 +1186,18 @@ private signature module StageSig {
 
   predicate revFlow(NodeEx node, Configuration config);
 
+  predicate revFlowAp(NodeEx node, Ap ap, Configuration config);
+
   bindingset[node, state, config]
   predicate revFlow(NodeEx node, FlowState state, Ap ap, Configuration config);
 
   predicate callMayFlowThroughRev(DataFlowCall call, Configuration config);
 
-  predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config);
+  predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config);
+
+  predicate returnMayFlowThrough(
+    RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+  );
 
   predicate storeStepCand(
     NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, DataFlowType contentType,
@@ -1216,7 +1263,8 @@ private module MkStage<StageSig PrevStage> {
     );
 
     predicate flowOutOfCall(
-      DataFlowCall call, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      Configuration config
     );
 
     predicate flowIntoCall(
@@ -1234,21 +1282,43 @@ private module MkStage<StageSig PrevStage> {
     import Param
 
     /* Begin: Stage logic. */
-    bindingset[result, apa]
-    private ApApprox unbindApa(ApApprox apa) {
-      pragma[only_bind_out](apa) = pragma[only_bind_out](result)
+    // use an alias as a workaround for bad functionality-induced joins
+    pragma[nomagic]
+    private predicate revFlowApAlias(NodeEx node, ApApprox apa, Configuration config) {
+      PrevStage::revFlowAp(node, apa, config)
+    }
+
+    pragma[nomagic]
+    private predicate flowIntoCallApa(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa,
+      Configuration config
+    ) {
+      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(p, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(arg, pragma[only_bind_into](apa), pragma[only_bind_into](config))
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallApa(
+      DataFlowCall call, RetNodeEx ret, ReturnKindExt kind, NodeEx out, boolean allowsFieldFlow,
+      ApApprox apa, Configuration config
+    ) {
+      flowOutOfCall(call, ret, kind, out, allowsFieldFlow, config) and
+      PrevStage::revFlowAp(out, pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+      revFlowApAlias(ret, pragma[only_bind_into](apa), pragma[only_bind_into](config))
     }
 
     pragma[nomagic]
     private predicate flowThroughOutOfCall(
       DataFlowCall call, CcCall ccc, RetNodeEx ret, NodeEx out, boolean allowsFieldFlow,
-      Configuration config
+      ApApprox argApa, ApApprox apa, Configuration config
     ) {
-      flowOutOfCall(call, ret, out, allowsFieldFlow, pragma[only_bind_into](config)) and
-      PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(_, ret.getEnclosingCallable(), _,
-        pragma[only_bind_into](config)) and
-      matchesCall(ccc, call)
+      exists(ReturnKindExt kind |
+        flowOutOfCallApa(call, ret, kind, out, allowsFieldFlow, apa, pragma[only_bind_into](config)) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config)) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config)) and
+        matchesCall(ccc, call)
+      )
     }
 
     /**
@@ -1256,99 +1326,134 @@ private module MkStage<StageSig PrevStage> {
      * configuration `config`.
      *
      * The call context `cc` records whether the node is reached through an
-     * argument in a call, and if so, `argAp` records the access path of that
-     * argument.
+     * argument in a call, and if so, `summaryCtx` and `argAp` record the
+     * corresponding parameter position and access path of that argument, respectively.
      */
     pragma[nomagic]
     additional predicate fwdFlow(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
-      fwdFlow0(node, state, cc, argAp, ap, config) and
-      PrevStage::revFlow(node, state, unbindApa(getApprox(ap)), config) and
+      fwdFlow0(node, state, cc, summaryCtx, argAp, ap, apa, config) and
+      PrevStage::revFlow(node, state, apa, config) and
       filter(node, state, ap, config)
     }
 
+    pragma[inline]
+    additional predicate fwdFlow(
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      Configuration config
+    ) {
+      fwdFlow(node, state, cc, summaryCtx, argAp, ap, _, config)
+    }
+
     pragma[nomagic]
     private predicate fwdFlow0(
-      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap,
+      ApApprox apa, Configuration config
     ) {
       sourceNode(node, state, config) and
       (if hasSourceCallCtx(config) then cc = ccSomeCall() else cc = ccNone()) and
       argAp = apNone() and
-      ap = getApNil(node)
+      summaryCtx = TParamNodeNone() and
+      ap = getApNil(node) and
+      apa = getApprox(ap)
       or
-      exists(NodeEx mid, FlowState state0, Ap ap0, LocalCc localCc |
-        fwdFlow(mid, state0, cc, argAp, ap0, config) and
+      exists(NodeEx mid, FlowState state0, Ap ap0, ApApprox apa0, LocalCc localCc |
+        fwdFlow(mid, state0, cc, summaryCtx, argAp, ap0, apa0, config) and
         localCc = getLocalCc(mid, cc)
       |
         localStep(mid, state0, node, state, true, _, config, localCc) and
-        ap = ap0
+        ap = ap0 and
+        apa = apa0
         or
         localStep(mid, state0, node, state, false, ap, config, localCc) and
-        ap0 instanceof ApNil
+        ap0 instanceof ApNil and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid |
-        fwdFlow(mid, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(mid, pragma[only_bind_into](state), _, _, _, ap, apa, pragma[only_bind_into](config)) and
         jumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(mid, state, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStep(mid, node, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(mid, state0, _, _, nil, pragma[only_bind_into](config)) and
+        fwdFlow(mid, state0, _, _, _, nil, pragma[only_bind_into](config)) and
         additionalJumpStateStep(mid, state0, node, state, config) and
         cc = ccNone() and
+        summaryCtx = TParamNodeNone() and
         argAp = apNone() and
-        ap = getApNil(node)
+        ap = getApNil(node) and
+        apa = getApprox(ap)
       )
       or
       // store
       exists(TypedContent tc, Ap ap0 |
-        fwdFlowStore(_, ap0, tc, node, state, cc, argAp, config) and
-        ap = apCons(tc, ap0)
+        fwdFlowStore(_, ap0, tc, node, state, cc, summaryCtx, argAp, config) and
+        ap = apCons(tc, ap0) and
+        apa = getApprox(ap)
       )
       or
       // read
       exists(Ap ap0, Content c |
-        fwdFlowRead(ap0, c, _, node, state, cc, argAp, config) and
-        fwdFlowConsCand(ap0, c, ap, config)
+        fwdFlowRead(ap0, c, _, node, state, cc, summaryCtx, argAp, config) and
+        fwdFlowConsCand(ap0, c, ap, config) and
+        apa = getApprox(ap)
       )
       or
       // flow into a callable
-      exists(ApApprox apa |
-        fwdFlowIn(_, node, state, _, cc, _, ap, config) and
-        apa = getApprox(ap) and
-        if PrevStage::parameterMayFlowThrough(node, _, apa, config)
-        then argAp = apSome(ap)
-        else argAp = apNone()
+      fwdFlowIn(_, node, state, _, cc, _, _, ap, apa, config) and
+      if PrevStage::parameterMayFlowThrough(node, apa, config)
+      then (
+        summaryCtx = TParamNodeSome(node.asNode()) and
+        argAp = apSome(ap)
+      ) else (
+        summaryCtx = TParamNodeNone() and argAp = apNone()
       )
       or
       // flow out of a callable
-      fwdFlowOutNotFromArg(node, state, cc, argAp, ap, config)
+      exists(
+        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
+        DataFlowCallable inner
+      |
+        fwdFlow(ret, state, innercc, summaryCtx, argAp, ap, apa, config) and
+        flowOutOfCallApa(call, ret, _, node, allowsFieldFlow, apa, config) and
+        inner = ret.getEnclosingCallable() and
+        cc = getCallContextReturn(inner, call, innercc) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      )
       or
-      exists(DataFlowCall call, Ap argAp0 |
-        fwdFlowOutFromArg(call, node, state, argAp0, ap, config) and
-        fwdFlowIsEntered(call, cc, argAp, argAp0, config)
+      // flow through a callable
+      exists(
+        DataFlowCall call, CcCall ccc, RetNodeEx ret, boolean allowsFieldFlow, ApApprox innerArgApa
+      |
+        fwdFlowThrough(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, node, allowsFieldFlow, innerArgApa, apa, config) and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate fwdFlowStore(
-      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
-      Configuration config
+      NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
     ) {
-      exists(DataFlowType contentType |
-        fwdFlow(node1, state, cc, argAp, ap1, config) and
-        PrevStage::storeStepCand(node1, unbindApa(getApprox(ap1)), tc, node2, contentType, config) and
+      exists(DataFlowType contentType, ApApprox apa1 |
+        fwdFlow(node1, state, cc, summaryCtx, argAp, ap1, apa1, config) and
+        PrevStage::storeStepCand(node1, apa1, tc, node2, contentType, config) and
         typecheckStore(ap1, contentType)
       )
     }
@@ -1360,60 +1465,85 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     private predicate fwdFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
       exists(TypedContent tc |
-        fwdFlowStore(_, tail, tc, _, _, _, _, config) and
+        fwdFlowStore(_, tail, tc, _, _, _, _, _, config) and
         tc.getContent() = c and
         cons = apCons(tc, tail)
       )
     }
 
+    private class ApNonNil instanceof Ap {
+      pragma[nomagic]
+      ApNonNil() { not this instanceof ApNil }
+
+      string toString() { result = "" }
+    }
+
     pragma[nomagic]
-    private predicate fwdFlowRead(
-      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc, ApOption argAp,
+    private predicate fwdFlowRead0(
+      NodeEx node1, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, ApNonNil ap,
       Configuration config
     ) {
-      fwdFlow(node1, state, cc, argAp, ap, config) and
+      fwdFlow(node1, state, cc, summaryCtx, argAp, ap, config) and
+      PrevStage::readStepCand(node1, _, _, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowRead(
+      Ap ap, Content c, NodeEx node1, NodeEx node2, FlowState state, Cc cc,
+      ParamNodeOption summaryCtx, ApOption argAp, Configuration config
+    ) {
+      fwdFlowRead0(node1, state, cc, summaryCtx, argAp, ap, config) and
       PrevStage::readStepCand(node1, c, node2, config) and
       getHeadContent(ap) = c
     }
 
     pragma[nomagic]
     private predicate fwdFlowIn(
-      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, Cc innercc, ApOption argAp,
-      Ap ap, Configuration config
+      DataFlowCall call, ParamNodeEx p, FlowState state, Cc outercc, CcCall innercc,
+      ParamNodeOption summaryCtx, ApOption argAp, Ap ap, ApApprox apa, Configuration config
     ) {
       exists(ArgNodeEx arg, boolean allowsFieldFlow |
-        fwdFlow(arg, state, outercc, argAp, ap, config) and
-        flowIntoCall(call, arg, p, allowsFieldFlow, config) and
+        fwdFlow(arg, state, outercc, summaryCtx, argAp, ap, apa, config) and
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
         innercc = getCallContextCall(call, p.getEnclosingCallable(), outercc) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate fwdFlowOutNotFromArg(
-      NodeEx out, FlowState state, Cc ccOut, ApOption argAp, Ap ap, Configuration config
+    private predicate fwdFlowRetFromArg(
+      RetNodeEx ret, FlowState state, CcCall ccc, ParamNodeEx summaryCtx, Ap argAp, ApApprox argApa,
+      Ap ap, ApApprox apa, Configuration config
     ) {
-      exists(
-        DataFlowCall call, RetNodeEx ret, boolean allowsFieldFlow, CcNoCall innercc,
-        DataFlowCallable inner
-      |
-        fwdFlow(ret, state, innercc, argAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
-        inner = ret.getEnclosingCallable() and
-        ccOut = getCallContextReturn(inner, call, innercc) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
+      exists(ReturnKindExt kind |
+        fwdFlow(pragma[only_bind_into](ret), state, ccc,
+          TParamNodeSome(pragma[only_bind_into](summaryCtx.asNode())),
+          pragma[only_bind_into](apSome(argAp)), ap, pragma[only_bind_into](apa),
+          pragma[only_bind_into](config)) and
+        kind = ret.getKind() and
+        parameterFlowThroughAllowed(summaryCtx, kind) and
+        argApa = getApprox(argAp) and
+        PrevStage::returnMayFlowThrough(ret, argApa, apa, kind, pragma[only_bind_into](config))
       )
     }
 
-    pragma[nomagic]
-    private predicate fwdFlowOutFromArg(
-      DataFlowCall call, NodeEx out, FlowState state, Ap argAp, Ap ap, Configuration config
+    pragma[inline]
+    private predicate fwdFlowThrough0(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ParamNodeEx innerSummaryCtx,
+      Ap innerArgAp, ApApprox innerArgApa, Configuration config
     ) {
-      exists(RetNodeEx ret, boolean allowsFieldFlow, CcCall ccc |
-        fwdFlow(ret, state, ccc, apSome(argAp), ap, config) and
-        flowThroughOutOfCall(call, ccc, ret, out, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      fwdFlowRetFromArg(ret, state, ccc, innerSummaryCtx, innerArgAp, innerArgApa, ap, apa, config) and
+      fwdFlowIsEntered(call, cc, ccc, summaryCtx, argAp, innerSummaryCtx, innerArgAp, config)
+    }
+
+    pragma[nomagic]
+    private predicate fwdFlowThrough(
+      DataFlowCall call, Cc cc, FlowState state, CcCall ccc, ParamNodeOption summaryCtx,
+      ApOption argAp, Ap ap, ApApprox apa, RetNodeEx ret, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, cc, state, ccc, summaryCtx, argAp, ap, apa, ret, _, _, innerArgApa,
+        config)
     }
 
     /**
@@ -1422,11 +1552,14 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate fwdFlowIsEntered(
-      DataFlowCall call, Cc cc, ApOption argAp, Ap ap, Configuration config
+      DataFlowCall call, Cc cc, CcCall innerCc, ParamNodeOption summaryCtx, ApOption argAp,
+      ParamNodeEx p, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p |
-        fwdFlowIn(call, p, _, cc, _, argAp, ap, config) and
-        PrevStage::parameterMayFlowThrough(p, _, unbindApa(getApprox(ap)), config)
+      exists(ApApprox apa |
+        fwdFlowIn(call, pragma[only_bind_into](p), _, cc, innerCc, summaryCtx, argAp, ap,
+          pragma[only_bind_into](apa), pragma[only_bind_into](config)) and
+        PrevStage::parameterMayFlowThrough(p, apa, config) and
+        PrevStage::callMayFlowThroughRev(call, pragma[only_bind_into](config))
       )
     }
 
@@ -1434,146 +1567,194 @@ private module MkStage<StageSig PrevStage> {
     private predicate storeStepFwd(
       NodeEx node1, Ap ap1, TypedContent tc, NodeEx node2, Ap ap2, Configuration config
     ) {
-      fwdFlowStore(node1, ap1, tc, node2, _, _, _, config) and
+      fwdFlowStore(node1, ap1, tc, node2, _, _, _, _, config) and
       ap2 = apCons(tc, ap1) and
-      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, config)
+      fwdFlowRead(ap2, tc.getContent(), _, _, _, _, _, _, config)
     }
 
     private predicate readStepFwd(
       NodeEx n1, Ap ap1, Content c, NodeEx n2, Ap ap2, Configuration config
     ) {
-      fwdFlowRead(ap1, c, n1, n2, _, _, _, config) and
+      fwdFlowRead(ap1, c, n1, n2, _, _, _, _, config) and
       fwdFlowConsCand(ap1, c, ap2, config)
     }
 
     pragma[nomagic]
-    private predicate callMayFlowThroughFwd(DataFlowCall call, Configuration config) {
-      exists(Ap argAp0, NodeEx out, FlowState state, Cc cc, ApOption argAp, Ap ap |
-        fwdFlow(out, state, pragma[only_bind_into](cc), pragma[only_bind_into](argAp), ap,
-          pragma[only_bind_into](config)) and
-        fwdFlowOutFromArg(call, out, state, argAp0, ap, config) and
-        fwdFlowIsEntered(pragma[only_bind_into](call), pragma[only_bind_into](cc),
-          pragma[only_bind_into](argAp), pragma[only_bind_into](argAp0),
-          pragma[only_bind_into](config))
+    private predicate returnFlowsThrough0(
+      DataFlowCall call, FlowState state, CcCall ccc, Ap ap, ApApprox apa, RetNodeEx ret,
+      ParamNodeEx innerSummaryCtx, Ap innerArgAp, ApApprox innerArgApa, Configuration config
+    ) {
+      fwdFlowThrough0(call, _, state, ccc, _, _, ap, apa, ret, innerSummaryCtx, innerArgAp,
+        innerArgApa, config)
+    }
+
+    pragma[nomagic]
+    private predicate returnFlowsThrough(
+      RetNodeEx ret, ReturnPosition pos, FlowState state, CcCall ccc, ParamNodeEx p, Ap argAp,
+      Ap ap, Configuration config
+    ) {
+      exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow, ApApprox innerArgApa |
+        returnFlowsThrough0(call, state, ccc, ap, apa, ret, p, argAp, innerArgApa, config) and
+        flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, innerArgApa, apa, config) and
+        pos = ret.getReturnPosition() and
+        if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
     private predicate flowThroughIntoCall(
-      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Configuration config
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap argAp, Ap ap,
+      Configuration config
     ) {
-      flowIntoCall(call, arg, p, allowsFieldFlow, config) and
-      fwdFlow(arg, _, _, _, _, pragma[only_bind_into](config)) and
-      PrevStage::parameterMayFlowThrough(p, _, _, pragma[only_bind_into](config)) and
-      callMayFlowThroughFwd(call, pragma[only_bind_into](config))
+      exists(ApApprox argApa |
+        flowIntoCallApa(call, pragma[only_bind_into](arg), pragma[only_bind_into](p),
+          allowsFieldFlow, argApa, pragma[only_bind_into](config)) and
+        fwdFlow(arg, _, _, _, _, pragma[only_bind_into](argAp), argApa,
+          pragma[only_bind_into](config)) and
+        returnFlowsThrough(_, _, _, _, p, pragma[only_bind_into](argAp), ap,
+          pragma[only_bind_into](config)) and
+        if allowsFieldFlow = false then argAp instanceof ApNil else any()
+      )
     }
 
     pragma[nomagic]
-    private predicate returnNodeMayFlowThrough(
-      RetNodeEx ret, FlowState state, Ap ap, Configuration config
+    private predicate flowIntoCallAp(
+      DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(ret, state, any(CcCall ccc), apSome(_), ap, config)
+      exists(ApApprox apa |
+        flowIntoCallApa(call, arg, p, allowsFieldFlow, apa, config) and
+        fwdFlow(arg, _, _, _, _, ap, apa, config)
+      )
+    }
+
+    pragma[nomagic]
+    private predicate flowOutOfCallAp(
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, NodeEx out, boolean allowsFieldFlow,
+      Ap ap, Configuration config
+    ) {
+      exists(ApApprox apa |
+        flowOutOfCallApa(call, ret, _, out, allowsFieldFlow, apa, config) and
+        fwdFlow(ret, _, _, _, _, ap, apa, config) and
+        pos = ret.getReturnPosition()
+      )
     }
 
     /**
      * Holds if `node` with access path `ap` is part of a path from a source to a
      * sink in the configuration `config`.
      *
-     * The Boolean `toReturn` records whether the node must be returned from the
-     * enclosing callable in order to reach a sink, and if so, `returnAp` records
-     * the access path of the returned value.
+     * The parameter `returnCtx` records whether (and how) the node must be returned
+     * from the enclosing callable in order to reach a sink, and if so, `returnAp`
+     * records the access path of the returned value.
      */
     pragma[nomagic]
     additional predicate revFlow(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      revFlow0(node, state, toReturn, returnAp, ap, config) and
-      fwdFlow(node, state, _, _, ap, config)
+      revFlow0(node, state, returnCtx, returnAp, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config)
     }
 
     pragma[nomagic]
     private predicate revFlow0(
-      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap,
+      Configuration config
     ) {
-      fwdFlow(node, state, _, _, ap, config) and
+      fwdFlow(node, state, _, _, _, ap, config) and
       sinkNode(node, state, config) and
-      (if hasSinkCallCtx(config) then toReturn = true else toReturn = false) and
+      (
+        if hasSinkCallCtx(config)
+        then returnCtx = TReturnCtxNoFlowThrough()
+        else returnCtx = TReturnCtxNone()
+      ) and
       returnAp = apNone() and
       ap instanceof ApNil
       or
       exists(NodeEx mid, FlowState state0 |
         localStep(node, state, mid, state0, true, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, ap, config)
+        revFlow(mid, state0, returnCtx, returnAp, ap, config)
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, pragma[only_bind_into](state), _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, pragma[only_bind_into](state), _, _, _, ap, pragma[only_bind_into](config)) and
         localStep(node, pragma[only_bind_into](state), mid, state0, false, _, config, _) and
-        revFlow(mid, state0, toReturn, returnAp, nil, pragma[only_bind_into](config)) and
+        revFlow(mid, state0, returnCtx, returnAp, nil, pragma[only_bind_into](config)) and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid |
         jumpStep(node, mid, config) and
         revFlow(mid, state, _, _, ap, config) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone()
       )
       or
       exists(NodeEx mid, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStep(node, mid, config) and
         revFlow(pragma[only_bind_into](mid), state, _, _, nil, pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       exists(NodeEx mid, FlowState state0, ApNil nil |
-        fwdFlow(node, _, _, _, ap, pragma[only_bind_into](config)) and
+        fwdFlow(node, _, _, _, _, ap, pragma[only_bind_into](config)) and
         additionalJumpStateStep(node, state, mid, state0, config) and
         revFlow(pragma[only_bind_into](mid), pragma[only_bind_into](state0), _, _, nil,
           pragma[only_bind_into](config)) and
-        toReturn = false and
+        returnCtx = TReturnCtxNone() and
         returnAp = apNone() and
         ap instanceof ApNil
       )
       or
       // store
       exists(Ap ap0, Content c |
-        revFlowStore(ap0, c, ap, node, state, _, _, toReturn, returnAp, config) and
+        revFlowStore(ap0, c, ap, node, state, _, _, returnCtx, returnAp, config) and
         revFlowConsCand(ap0, c, ap, config)
       )
       or
       // read
       exists(NodeEx mid, Ap ap0 |
-        revFlow(mid, state, toReturn, returnAp, ap0, config) and
+        revFlow(mid, state, returnCtx, returnAp, ap0, config) and
         readStepFwd(node, ap, _, mid, ap0, config)
       )
       or
       // flow into a callable
-      revFlowInNotToReturn(node, state, returnAp, ap, config) and
-      toReturn = false
+      exists(ParamNodeEx p, boolean allowsFieldFlow |
+        revFlow(p, state, TReturnCtxNone(), returnAp, ap, config) and
+        flowIntoCallAp(_, node, p, allowsFieldFlow, ap, config) and
+        (if allowsFieldFlow = false then ap instanceof ApNil else any()) and
+        returnCtx = TReturnCtxNone()
+      )
       or
-      exists(DataFlowCall call, Ap returnAp0 |
-        revFlowInToReturn(call, node, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      // flow through a callable
+      exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config)
       )
       or
       // flow out of a callable
-      revFlowOut(_, node, state, _, _, ap, config) and
-      toReturn = true and
-      if returnNodeMayFlowThrough(node, state, ap, config)
-      then returnAp = apSome(ap)
-      else returnAp = apNone()
+      exists(ReturnPosition pos |
+        revFlowOut(_, node, pos, state, _, _, ap, config) and
+        if returnFlowsThrough(node, pos, state, _, _, _, ap, config)
+        then (
+          returnCtx = TReturnCtxMaybeFlowThrough(pos) and
+          returnAp = apSome(ap)
+        ) else (
+          returnCtx = TReturnCtxNoFlowThrough() and returnAp = apNone()
+        )
+      )
     }
 
     pragma[nomagic]
     private predicate revFlowStore(
       Ap ap0, Content c, Ap ap, NodeEx node, FlowState state, TypedContent tc, NodeEx mid,
-      boolean toReturn, ApOption returnAp, Configuration config
+      ReturnCtx returnCtx, ApOption returnAp, Configuration config
     ) {
-      revFlow(mid, state, toReturn, returnAp, ap0, config) and
+      revFlow(mid, state, returnCtx, returnAp, ap0, config) and
       storeStepFwd(node, ap, tc, mid, ap0, config) and
       tc.getContent() = c
     }
@@ -1593,36 +1774,33 @@ private module MkStage<StageSig PrevStage> {
 
     pragma[nomagic]
     private predicate revFlowOut(
-      DataFlowCall call, RetNodeEx ret, FlowState state, boolean toReturn, ApOption returnAp, Ap ap,
-      Configuration config
+      DataFlowCall call, RetNodeEx ret, ReturnPosition pos, FlowState state, ReturnCtx returnCtx,
+      ApOption returnAp, Ap ap, Configuration config
     ) {
       exists(NodeEx out, boolean allowsFieldFlow |
-        revFlow(out, state, toReturn, returnAp, ap, config) and
-        flowOutOfCall(call, ret, out, allowsFieldFlow, config) and
+        revFlow(out, state, returnCtx, returnAp, ap, config) and
+        flowOutOfCallAp(call, ret, pos, out, allowsFieldFlow, ap, config) and
         if allowsFieldFlow = false then ap instanceof ApNil else any()
       )
     }
 
     pragma[nomagic]
-    private predicate revFlowInNotToReturn(
-      ArgNodeEx arg, FlowState state, ApOption returnAp, Ap ap, Configuration config
+    private predicate revFlowParamToReturn(
+      ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, false, returnAp, ap, config) and
-        flowIntoCall(_, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp),
+        pragma[only_bind_into](ap), pragma[only_bind_into](config)) and
+      parameterFlowThroughAllowed(p, pos.getKind()) and
+      PrevStage::parameterMayFlowThrough(p, getApprox(ap), config)
     }
 
     pragma[nomagic]
-    private predicate revFlowInToReturn(
-      DataFlowCall call, ArgNodeEx arg, FlowState state, Ap returnAp, Ap ap, Configuration config
+    private predicate revFlowThrough(
+      DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ReturnPosition pos,
+      ApOption returnAp, Ap ap, Ap innerReturnAp, Configuration config
     ) {
-      exists(ParamNodeEx p, boolean allowsFieldFlow |
-        revFlow(p, state, true, apSome(returnAp), ap, config) and
-        flowThroughIntoCall(call, arg, p, allowsFieldFlow, config) and
-        if allowsFieldFlow = false then ap instanceof ApNil else any()
-      )
+      revFlowParamToReturn(p, state, pos, innerReturnAp, ap, config) and
+      revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp, config)
     }
 
     /**
@@ -1632,11 +1810,12 @@ private module MkStage<StageSig PrevStage> {
      */
     pragma[nomagic]
     private predicate revFlowIsReturned(
-      DataFlowCall call, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
+      DataFlowCall call, ReturnCtx returnCtx, ApOption returnAp, ReturnPosition pos, Ap ap,
+      Configuration config
     ) {
       exists(RetNodeEx ret, FlowState state, CcCall ccc |
-        revFlowOut(call, ret, state, toReturn, returnAp, ap, config) and
-        fwdFlow(ret, state, ccc, apSome(_), ap, config) and
+        revFlowOut(call, ret, pos, state, returnCtx, returnAp, ap, config) and
+        returnFlowsThrough(ret, pos, state, ccc, _, _, ap, config) and
         matchesCall(ccc, call)
       )
     }
@@ -1673,6 +1852,11 @@ private module MkStage<StageSig PrevStage> {
     pragma[nomagic]
     predicate revFlow(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
 
+    pragma[nomagic]
+    predicate revFlowAp(NodeEx node, Ap ap, Configuration config) {
+      revFlow(node, _, _, _, ap, config)
+    }
+
     // use an alias as a workaround for bad functionality-induced joins
     pragma[nomagic]
     additional predicate revFlowAlias(NodeEx node, Configuration config) {
@@ -1707,40 +1891,49 @@ private module MkStage<StageSig PrevStage> {
       validAp(ap, config)
     }
 
-    pragma[noinline]
-    private predicate parameterFlow(
-      ParamNodeEx p, Ap ap, Ap ap0, DataFlowCallable c, Configuration config
+    pragma[nomagic]
+    private predicate parameterFlowsThroughRev(
+      ParamNodeEx p, Ap ap, ReturnPosition pos, Ap returnAp, Configuration config
     ) {
-      revFlow(p, _, true, apSome(ap0), ap, config) and
-      c = p.getEnclosingCallable()
+      revFlow(p, _, TReturnCtxMaybeFlowThrough(pos), apSome(returnAp), ap, config) and
+      parameterFlowThroughAllowed(p, pos.getKind())
     }
 
-    predicate parameterMayFlowThrough(ParamNodeEx p, DataFlowCallable c, Ap ap, Configuration config) {
-      exists(RetNodeEx ret, FlowState state, Ap ap0, ReturnKindExt kind, ParameterPosition pos |
-        parameterFlow(p, ap, ap0, c, config) and
-        c = ret.getEnclosingCallable() and
-        revFlow(pragma[only_bind_into](ret), pragma[only_bind_into](state), true, apSome(_),
-          pragma[only_bind_into](ap0), pragma[only_bind_into](config)) and
-        fwdFlow(ret, state, any(CcCall ccc), apSome(ap), ap0, config) and
-        kind = ret.getKind() and
-        p.getPosition() = pos and
-        // we don't expect a parameter to return stored in itself, unless explicitly allowed
-        (
-          not kind.(ParamUpdateReturnKind).getPosition() = pos
-          or
-          p.allowParameterReturnInSelf()
-        )
+    pragma[nomagic]
+    predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) {
+      exists(RetNodeEx ret, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and
+        parameterFlowsThroughRev(p, ap, pos, _, config)
+      )
+    }
+
+    pragma[nomagic]
+    predicate returnMayFlowThrough(
+      RetNodeEx ret, Ap argAp, Ap ap, ReturnKindExt kind, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos |
+        returnFlowsThrough(ret, pos, _, _, p, argAp, ap, config) and
+        parameterFlowsThroughRev(p, argAp, pos, ap, config) and
+        kind = pos.getKind()
+      )
+    }
+
+    pragma[nomagic]
+    private predicate revFlowThroughArg(
+      DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
+      Ap ap, Configuration config
+    ) {
+      exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp |
+        revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and
+        flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config)
       )
     }
 
     pragma[nomagic]
     predicate callMayFlowThroughRev(DataFlowCall call, Configuration config) {
-      exists(
-        Ap returnAp0, ArgNodeEx arg, FlowState state, boolean toReturn, ApOption returnAp, Ap ap
-      |
-        revFlow(arg, state, toReturn, returnAp, ap, config) and
-        revFlowInToReturn(call, arg, state, returnAp0, ap, config) and
-        revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
+      exists(ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap |
+        revFlow(arg, state, returnCtx, returnAp, ap, config) and
+        revFlowThroughArg(call, arg, state, returnCtx, returnAp, ap, config)
       )
     }
 
@@ -1748,13 +1941,13 @@ private module MkStage<StageSig PrevStage> {
       boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
     ) {
       fwd = true and
-      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, config)) and
+      nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, config)) and
       fields = count(TypedContent f0 | fwdConsCand(f0, _, config)) and
       conscand = count(TypedContent f0, Ap ap | fwdConsCand(f0, ap, config)) and
-      states = count(FlowState state | fwdFlow(_, state, _, _, _, config)) and
+      states = count(FlowState state | fwdFlow(_, state, _, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, Cc cc, ApOption argAp, Ap ap |
-          fwdFlow(n, state, cc, argAp, ap, config)
+        count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, ApOption argAp, Ap ap |
+          fwdFlow(n, state, cc, summaryCtx, argAp, ap, config)
         )
       or
       fwd = false and
@@ -1763,8 +1956,8 @@ private module MkStage<StageSig PrevStage> {
       conscand = count(TypedContent f0, Ap ap | consCand(f0, ap, config)) and
       states = count(FlowState state | revFlow(_, state, _, _, _, config)) and
       tuples =
-        count(NodeEx n, FlowState state, boolean b, ApOption retAp, Ap ap |
-          revFlow(n, state, b, retAp, ap, config)
+        count(NodeEx n, FlowState state, ReturnCtx returnCtx, ApOption retAp, Ap ap |
+          revFlow(n, state, returnCtx, retAp, ap, config)
         )
     }
     /* End: Stage logic. */
@@ -1909,7 +2102,7 @@ private module Stage2Param implements MkStage<Stage1>::StageParam {
     exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand1/5;
+  predicate flowOutOfCall = flowOutOfCallNodeCand1/6;
 
   predicate flowIntoCall = flowIntoCallNodeCand1/5;
 
@@ -1945,9 +2138,10 @@ private module Stage2 implements StageSig {
 
 pragma[nomagic]
 private predicate flowOutOfCallNodeCand2(
-  DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+  DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+  Configuration config
 ) {
-  flowOutOfCallNodeCand1(call, node1, node2, allowsFieldFlow, config) and
+  flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow, config) and
   Stage2::revFlow(node2, pragma[only_bind_into](config)) and
   Stage2::revFlowAlias(node1, pragma[only_bind_into](config))
 }
@@ -2015,8 +2209,8 @@ private module LocalFlowBigStep {
     exists(NodeEx next | Stage2::revFlow(next, state, config) |
       jumpStep(node, next, config) or
       additionalJumpStep(node, next, config) or
-      flowIntoCallNodeCand1(_, node, next, config) or
-      flowOutOfCallNodeCand1(_, node, next, config) or
+      flowIntoCallNodeCand2(_, node, next, _, config) or
+      flowOutOfCallNodeCand2(_, node, _, next, _, config) or
       Stage2::storeStepCand(node, _, _, next, _, config) or
       Stage2::readStepCand(node, _, next, config)
     )
@@ -2103,16 +2297,16 @@ private module LocalFlowBigStep {
   pragma[nomagic]
   predicate localFlowBigStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
-    AccessPathFrontNil apf, Configuration config, LocalCallContext callContext
+    DataFlowType t, Configuration config, LocalCallContext callContext
   ) {
-    localFlowStepPlus(node1, state1, node2, preservesValue, apf.getType(), config, callContext) and
+    localFlowStepPlus(node1, state1, node2, preservesValue, t, config, callContext) and
     localFlowExit(node2, state1, config) and
     state1 = state2
     or
     additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, config) and
     state1 != state2 and
     preservesValue = false and
-    apf = TFrontNil(node2.getDataFlowType()) and
+    t = node2.getDataFlowType() and
     callContext.relevantFor(node1.getEnclosingCallable()) and
     not exists(DataFlowCall call | call = callContext.(LocalCallContextSpecificCall).getCall() |
       isUnreachableInCallCached(node1.asNode(), call) or
@@ -2126,11 +2320,87 @@ private import LocalFlowBigStep
 private module Stage3Param implements MkStage<Stage2>::StageParam {
   private module PrevStage = Stage2;
 
+  class Ap = ApproxAccessPathFront;
+
+  class ApNil = ApproxAccessPathFrontNil;
+
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+
+  ApNil getApNil(NodeEx node) {
+    PrevStage::revFlow(node, _) and result = TApproxFrontNil(node.getDataFlowType())
+  }
+
+  bindingset[tc, tail]
+  Ap apCons(TypedContent tc, Ap tail) { result.getAHead() = tc and exists(tail) }
+
+  pragma[noinline]
+  Content getHeadContent(Ap ap) { result = ap.getAHead().getContent() }
+
+  class ApOption = ApproxAccessPathFrontOption;
+
+  ApOption apNone() { result = TApproxAccessPathFrontNone() }
+
+  ApOption apSome(Ap ap) { result = TApproxAccessPathFrontSome(ap) }
+
+  import BooleanCallContext
+
+  predicate localStep(
+    NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
+    ApproxAccessPathFrontNil ap, Configuration config, LocalCc lcc
+  ) {
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    exists(lcc)
+  }
+
+  predicate flowOutOfCall = flowOutOfCallNodeCand2/6;
+
+  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+
+  pragma[nomagic]
+  private predicate expectsContentCand(NodeEx node, Ap ap, Configuration config) {
+    exists(Content c |
+      PrevStage::revFlow(node, pragma[only_bind_into](config)) and
+      PrevStage::readStepCand(_, c, _, pragma[only_bind_into](config)) and
+      expectsContentEx(node, c) and
+      c = ap.getAHead().getContent()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate castingNodeEx(NodeEx node) { node.asNode() instanceof CastingNode }
+
+  bindingset[node, state, ap, config]
+  predicate filter(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    exists(state) and
+    exists(config) and
+    (if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), ap.getType()) else any()) and
+    (
+      notExpectsContent(node)
+      or
+      expectsContentCand(node, ap, config)
+    )
+  }
+
+  bindingset[ap, contentType]
+  predicate typecheckStore(Ap ap, DataFlowType contentType) {
+    // We need to typecheck stores here, since reverse flow through a getter
+    // might have a different type here compared to inside the getter.
+    compatibleTypes(ap.getType(), contentType)
+  }
+}
+
+private module Stage3 implements StageSig {
+  import MkStage<Stage2>::Stage<Stage3Param>
+}
+
+private module Stage4Param implements MkStage<Stage3>::StageParam {
+  private module PrevStage = Stage3;
+
   class Ap = AccessPathFront;
 
   class ApNil = AccessPathFrontNil;
 
-  PrevStage::Ap getApprox(Ap ap) { result = ap.toBoolNonEmpty() }
+  PrevStage::Ap getApprox(Ap ap) { result = ap.toApprox() }
 
   ApNil getApNil(NodeEx node) {
     PrevStage::revFlow(node, _) and result = TFrontNil(node.getDataFlowType())
@@ -2150,16 +2420,42 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
 
   import BooleanCallContext
 
+  pragma[nomagic]
   predicate localStep(
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap, config, _) and exists(lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, _) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config)) and
+    exists(lcc)
   }
 
-  predicate flowOutOfCall = flowOutOfCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowOutOfCall(
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
-  predicate flowIntoCall = flowIntoCallNodeCand2/5;
+  pragma[nomagic]
+  predicate flowIntoCall(
+    DataFlowCall call, ArgNodeEx node1, ParamNodeEx node2, boolean allowsFieldFlow,
+    Configuration config
+  ) {
+    exists(FlowState state |
+      flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
+      PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
+        pragma[only_bind_into](config))
+    )
+  }
 
   pragma[nomagic]
   private predicate clearSet(NodeEx node, ContentSet c, Configuration config) {
@@ -2215,8 +2511,8 @@ private module Stage3Param implements MkStage<Stage2>::StageParam {
   }
 }
 
-private module Stage3 implements StageSig {
-  import MkStage<Stage2>::Stage<Stage3Param>
+private module Stage4 implements StageSig {
+  import MkStage<Stage3>::Stage<Stage4Param>
 }
 
 /**
@@ -2227,8 +2523,9 @@ private predicate flowCandSummaryCtx(
   NodeEx node, FlowState state, AccessPathFront argApf, Configuration config
 ) {
   exists(AccessPathFront apf |
-    Stage3::revFlow(node, state, true, _, apf, config) and
-    Stage3::fwdFlow(node, state, any(Stage3::CcCall ccc), TAccessPathFrontSome(argApf), apf, config)
+    Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf, config) and
+    Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, TAccessPathFrontSome(argApf), apf,
+      config)
   )
 }
 
@@ -2238,10 +2535,10 @@ private predicate flowCandSummaryCtx(
  */
 private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
   exists(int tails, int nodes, int apLimit, int tupleLimit |
-    tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
+    tails = strictcount(AccessPathFront apf | Stage4::consCand(tc, apf, config)) and
     nodes =
       strictcount(NodeEx n, FlowState state |
-        Stage3::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
+        Stage4::revFlow(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
         or
         flowCandSummaryCtx(n, state, any(AccessPathFrontHead apf | apf.getHead() = tc), config)
       ) and
@@ -2255,11 +2552,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
 private newtype TAccessPathApprox =
   TNil(DataFlowType t) or
   TConsNil(TypedContent tc, DataFlowType t) {
-    Stage3::consCand(tc, TFrontNil(t), _) and
+    Stage4::consCand(tc, TFrontNil(t), _) and
     not expensiveLen2unfolding(tc, _)
   } or
   TConsCons(TypedContent tc1, TypedContent tc2, int len) {
-    Stage3::consCand(tc1, TFrontHead(tc2), _) and
+    Stage4::consCand(tc1, TFrontHead(tc2), _) and
     len in [2 .. accessPathLimit()] and
     not expensiveLen2unfolding(tc1, _)
   } or
@@ -2389,7 +2686,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
   override AccessPathApprox pop(TypedContent head) {
     head = tc and
     (
-      exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
+      exists(TypedContent tc2 | Stage4::consCand(tc, TFrontHead(tc2), _) |
         result = TConsCons(tc2, _, len - 1)
         or
         len = 2 and
@@ -2400,7 +2697,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
       or
       exists(DataFlowType t |
         len = 1 and
-        Stage3::consCand(tc, TFrontNil(t), _) and
+        Stage4::consCand(tc, TFrontNil(t), _) and
         result = TNil(t)
       )
     )
@@ -2425,13 +2722,14 @@ private class AccessPathApproxOption extends TAccessPathApproxOption {
   }
 }
 
-private module Stage4Param implements MkStage<Stage3>::StageParam {
-  private module PrevStage = Stage3;
+private module Stage5Param implements MkStage<Stage4>::StageParam {
+  private module PrevStage = Stage4;
 
   class Ap = AccessPathApprox;
 
   class ApNil = AccessPathApproxNil;
 
+  pragma[nomagic]
   PrevStage::Ap getApprox(Ap ap) { result = ap.getFront() }
 
   ApNil getApNil(NodeEx node) {
@@ -2457,15 +2755,18 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
     NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
     ApNil ap, Configuration config, LocalCc lcc
   ) {
-    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getFront(), config, lcc)
+    localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), config, lcc) and
+    PrevStage::revFlow(node1, pragma[only_bind_into](state1), _, pragma[only_bind_into](config)) and
+    PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _, pragma[only_bind_into](config))
   }
 
   pragma[nomagic]
   predicate flowOutOfCall(
-    DataFlowCall call, RetNodeEx node1, NodeEx node2, boolean allowsFieldFlow, Configuration config
+    DataFlowCall call, RetNodeEx node1, ReturnKindExt kind, NodeEx node2, boolean allowsFieldFlow,
+    Configuration config
   ) {
     exists(FlowState state |
-      flowOutOfCallNodeCand2(call, node1, node2, allowsFieldFlow, config) and
+      flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow, config) and
       PrevStage::revFlow(node2, pragma[only_bind_into](state), _, pragma[only_bind_into](config)) and
       PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _,
         pragma[only_bind_into](config))
@@ -2493,7 +2794,7 @@ private module Stage4Param implements MkStage<Stage3>::StageParam {
   predicate typecheckStore(Ap ap, DataFlowType contentType) { any() }
 }
 
-private module Stage4 = MkStage<Stage3>::Stage<Stage4Param>;
+private module Stage5 = MkStage<Stage4>::Stage<Stage5Param>;
 
 bindingset[conf, result]
 private Configuration unbindConf(Configuration conf) {
@@ -2502,13 +2803,13 @@ private Configuration unbindConf(Configuration conf) {
 
 pragma[nomagic]
 private predicate nodeMayUseSummary0(
-  NodeEx n, DataFlowCallable c, FlowState state, AccessPathApprox apa, Configuration config
+  NodeEx n, ParamNodeEx p, FlowState state, AccessPathApprox apa, Configuration config
 ) {
   exists(AccessPathApprox apa0 |
-    Stage4::parameterMayFlowThrough(_, c, _, _) and
-    Stage4::revFlow(n, state, true, _, apa0, config) and
-    Stage4::fwdFlow(n, state, any(CallContextCall ccc), TAccessPathApproxSome(apa), apa0, config) and
-    n.getEnclosingCallable() = c
+    Stage5::parameterMayFlowThrough(p, _, _) and
+    Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0, config) and
+    Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()),
+      TAccessPathApproxSome(apa), apa0, config)
   )
 }
 
@@ -2516,9 +2817,9 @@ pragma[nomagic]
 private predicate nodeMayUseSummary(
   NodeEx n, FlowState state, AccessPathApprox apa, Configuration config
 ) {
-  exists(DataFlowCallable c |
-    Stage4::parameterMayFlowThrough(_, c, apa, config) and
-    nodeMayUseSummary0(n, c, state, apa, config)
+  exists(ParamNodeEx p |
+    Stage5::parameterMayFlowThrough(p, apa, config) and
+    nodeMayUseSummary0(n, p, state, apa, config)
   )
 }
 
@@ -2526,8 +2827,8 @@ private newtype TSummaryCtx =
   TSummaryCtxNone() or
   TSummaryCtxSome(ParamNodeEx p, FlowState state, AccessPath ap) {
     exists(Configuration config |
-      Stage4::parameterMayFlowThrough(p, _, ap.getApprox(), config) and
-      Stage4::revFlow(p, state, _, config)
+      Stage5::parameterMayFlowThrough(p, ap.getApprox(), config) and
+      Stage5::revFlow(p, state, _, config)
     )
   }
 
@@ -2576,7 +2877,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
     len = apa.len() and
     result =
       strictcount(AccessPathFront apf |
-        Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
+        Stage5::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
           config)
       )
   )
@@ -2585,7 +2886,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
 private int countNodesUsingAccessPath(AccessPathApprox apa, Configuration config) {
   result =
     strictcount(NodeEx n, FlowState state |
-      Stage4::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
+      Stage5::revFlow(n, state, apa, config) or nodeMayUseSummary(n, state, apa, config)
     )
 }
 
@@ -2606,7 +2907,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
 private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
   exists(TypedContent head |
     apa.pop(head) = result and
-    Stage4::consCand(head, result, config)
+    Stage5::consCand(head, result, config)
   )
 }
 
@@ -2688,7 +2989,7 @@ private newtype TPathNode =
     NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, AccessPath ap, Configuration config
   ) {
     // A PathNode is introduced by a source ...
-    Stage4::revFlow(node, state, config) and
+    Stage5::revFlow(node, state, config) and
     sourceNode(node, state, config) and
     (
       if hasSourceCallCtx(config)
@@ -2702,7 +3003,7 @@ private newtype TPathNode =
     exists(PathNodeMid mid |
       pathStep(mid, node, state, cc, sc, ap) and
       pragma[only_bind_into](config) = mid.getConfiguration() and
-      Stage4::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
+      Stage5::revFlow(node, state, ap.getApprox(), pragma[only_bind_into](config))
     )
   } or
   TPathNodeSink(NodeEx node, FlowState state, Configuration config) {
@@ -2712,6 +3013,18 @@ private newtype TPathNode =
       state = sink.getState() and
       config = sink.getConfiguration()
     )
+  } or
+  TPathNodeSourceGroup(string sourceGroup, Configuration config) {
+    exists(PathNodeImpl source |
+      sourceGroup = source.getSourceGroup() and
+      config = source.getConfiguration()
+    )
+  } or
+  TPathNodeSinkGroup(string sinkGroup, Configuration config) {
+    exists(PathNodeSink sink |
+      sinkGroup = sink.getSinkGroup() and
+      config = sink.getConfiguration()
+    )
   }
 
 /**
@@ -2832,7 +3145,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
   override TypedContent getHead() { result = head1 }
 
   override AccessPath getTail() {
-    Stage4::consCand(head1, result.getApprox(), _) and
+    Stage5::consCand(head1, result.getApprox(), _) and
     result.getHead() = head2 and
     result.length() = len - 1
   }
@@ -2863,7 +3176,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
   override TypedContent getHead() { result = head }
 
   override AccessPath getTail() {
-    Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
+    Stage5::consCand(head, result.getApprox(), _) and result.length() = len - 1
   }
 
   override AccessPathFrontHead getFront() { result = TFrontHead(head) }
@@ -2920,6 +3233,22 @@ abstract private class PathNodeImpl extends TPathNode {
     )
   }
 
+  string getSourceGroup() {
+    this.isSource() and
+    this.getConfiguration().sourceGrouping(this.getNodeEx().asNode(), result)
+  }
+
+  predicate isFlowSource() {
+    this.isSource() and not exists(this.getSourceGroup())
+    or
+    this instanceof PathNodeSourceGroup
+  }
+
+  predicate isFlowSink() {
+    this = any(PathNodeSink sink | not exists(sink.getSinkGroup())) or
+    this instanceof PathNodeSinkGroup
+  }
+
   private string ppAp() {
     this instanceof PathNodeSink and result = ""
     or
@@ -2959,7 +3288,9 @@ abstract private class PathNodeImpl extends TPathNode {
 
 /** Holds if `n` can reach a sink. */
 private predicate directReach(PathNodeImpl n) {
-  n instanceof PathNodeSink or directReach(n.getANonHiddenSuccessor())
+  n instanceof PathNodeSink or
+  n instanceof PathNodeSinkGroup or
+  directReach(n.getANonHiddenSuccessor())
 }
 
 /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */
@@ -3015,6 +3346,12 @@ class PathNode instanceof PathNodeImpl {
 
   /** Holds if this node is a source. */
   final predicate isSource() { super.isSource() }
+
+  /** Holds if this node is a grouping of source nodes. */
+  final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group, _) }
+
+  /** Holds if this node is a grouping of sink nodes. */
+  final predicate isSinkGroup(string group) { this = TPathNodeSinkGroup(group, _) }
 }
 
 /**
@@ -3136,9 +3473,66 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
 
   override Configuration getConfiguration() { result = config }
 
-  override PathNodeImpl getASuccessorImpl() { none() }
+  override PathNodeImpl getASuccessorImpl() {
+    result = TPathNodeSinkGroup(this.getSinkGroup(), config)
+  }
 
   override predicate isSource() { sourceNode(node, state, config) }
+
+  string getSinkGroup() { config.sinkGrouping(node.asNode(), result) }
+}
+
+private class PathNodeSourceGroup extends PathNodeImpl, TPathNodeSourceGroup {
+  string sourceGroup;
+  Configuration config;
+
+  PathNodeSourceGroup() { this = TPathNodeSourceGroup(sourceGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() {
+    result.getSourceGroup() = sourceGroup and
+    result.getConfiguration() = config
+  }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sourceGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
+}
+
+private class PathNodeSinkGroup extends PathNodeImpl, TPathNodeSinkGroup {
+  string sinkGroup;
+  Configuration config;
+
+  PathNodeSinkGroup() { this = TPathNodeSinkGroup(sinkGroup, config) }
+
+  override NodeEx getNodeEx() { none() }
+
+  override FlowState getState() { none() }
+
+  override Configuration getConfiguration() { result = config }
+
+  override PathNodeImpl getASuccessorImpl() { none() }
+
+  override predicate isSource() { none() }
+
+  override string toString() { result = sinkGroup }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
+  }
 }
 
 private predicate pathNode(
@@ -3174,7 +3568,8 @@ private predicate pathStep(
     AccessPath ap0, NodeEx midnode, FlowState state0, Configuration conf, LocalCallContext localCC
   |
     pathNode(mid, midnode, state0, cc, sc, ap0, conf, localCC) and
-    localFlowBigStep(midnode, state0, node, state, false, ap.getFront(), conf, localCC) and
+    localFlowBigStep(midnode, state0, node, state, false, ap.(AccessPathNil).getType(), conf,
+      localCC) and
     ap0 instanceof AccessPathNil
   )
   or
@@ -3216,7 +3611,7 @@ private predicate pathReadStep(
 ) {
   ap0 = mid.getAp() and
   tc = ap0.getHead() and
-  Stage4::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
+  Stage5::readStepCand(mid.getNodeEx(), tc.getContent(), node, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3226,7 +3621,7 @@ private predicate pathStoreStep(
   PathNodeMid mid, NodeEx node, FlowState state, AccessPath ap0, TypedContent tc, CallContext cc
 ) {
   ap0 = mid.getAp() and
-  Stage4::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
+  Stage5::storeStepCand(mid.getNodeEx(), _, tc, node, _, mid.getConfiguration()) and
   state = mid.getState() and
   cc = mid.getCallContext()
 }
@@ -3263,7 +3658,7 @@ private NodeEx getAnOutNodeFlow(
   ReturnKindExt kind, DataFlowCall call, AccessPathApprox apa, Configuration config
 ) {
   result.asNode() = kind.getAnOutNode(call) and
-  Stage4::revFlow(result, _, apa, config)
+  Stage5::revFlow(result, _, apa, config)
 }
 
 /**
@@ -3299,7 +3694,7 @@ private predicate parameterCand(
   DataFlowCallable callable, ParameterPosition pos, AccessPathApprox apa, Configuration config
 ) {
   exists(ParamNodeEx p |
-    Stage4::revFlow(p, _, apa, config) and
+    Stage5::revFlow(p, _, apa, config) and
     p.isParameterOf(callable, pos)
   )
 }
@@ -3354,17 +3749,11 @@ private predicate paramFlowsThrough(
   ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap,
   AccessPathApprox apa, Configuration config
 ) {
-  exists(PathNodeMid mid, RetNodeEx ret, ParameterPosition pos |
+  exists(PathNodeMid mid, RetNodeEx ret |
     pathNode(mid, ret, state, cc, sc, ap, config, _) and
     kind = ret.getKind() and
     apa = ap.getApprox() and
-    pos = sc.getParameterPos() and
-    // we don't expect a parameter to return stored in itself, unless explicitly allowed
-    (
-      not kind.(ParamUpdateReturnKind).getPosition() = pos
-      or
-      sc.getParamNode().allowParameterReturnInSelf()
-    )
+    parameterFlowThroughAllowed(sc.getParamNode(), kind)
   )
 }
 
@@ -3495,6 +3884,15 @@ private module Subpaths {
  * Will only have results if `configuration` has non-empty sources and
  * sinks.
  */
+private predicate hasFlowPath(
+  PathNodeImpl flowsource, PathNodeImpl flowsink, Configuration configuration
+) {
+  flowsource.isFlowSource() and
+  flowsource.getConfiguration() = configuration and
+  (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and
+  flowsink.isFlowSink()
+}
+
 private predicate flowsTo(
   PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink,
   Configuration configuration
@@ -3575,9 +3973,17 @@ predicate stageStats(
   n = 45 and
   Stage4::stats(false, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Fwd" and n = 50 and finalStats(true, nodes, fields, conscand, states, tuples)
+  stage = "5 Fwd" and
+  n = 50 and
+  Stage5::stats(true, nodes, fields, conscand, states, tuples, config)
   or
-  stage = "5 Rev" and n = 55 and finalStats(false, nodes, fields, conscand, states, tuples)
+  stage = "5 Rev" and
+  n = 55 and
+  Stage5::stats(false, nodes, fields, conscand, states, tuples, config)
+  or
+  stage = "6 Fwd" and n = 60 and finalStats(true, nodes, fields, conscand, states, tuples)
+  or
+  stage = "6 Rev" and n = 65 and finalStats(false, nodes, fields, conscand, states, tuples)
 }
 
 private module FlowExploration {
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll
index ae9c6f3f12e..9aa6a529a5b 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll
@@ -915,18 +915,57 @@ private module Cached {
     TDataFlowCallNone() or
     TDataFlowCallSome(DataFlowCall call)
 
+  cached
+  newtype TParamNodeOption =
+    TParamNodeNone() or
+    TParamNodeSome(ParamNode p)
+
+  cached
+  newtype TReturnCtx =
+    TReturnCtxNone() or
+    TReturnCtxNoFlowThrough() or
+    TReturnCtxMaybeFlowThrough(ReturnPosition pos)
+
+  cached
+  newtype TTypedContentApprox =
+    MkTypedContentApprox(ContentApprox c, DataFlowType t) {
+      exists(Content cont |
+        c = getContentApprox(cont) and
+        store(_, cont, _, _, t)
+      )
+    }
+
   cached
   newtype TTypedContent = MkTypedContent(Content c, DataFlowType t) { store(_, c, _, _, t) }
 
+  cached
+  TypedContent getATypedContent(TypedContentApprox c) {
+    exists(ContentApprox cls, DataFlowType t, Content cont |
+      c = MkTypedContentApprox(cls, pragma[only_bind_into](t)) and
+      result = MkTypedContent(cont, pragma[only_bind_into](t)) and
+      cls = getContentApprox(cont)
+    )
+  }
+
   cached
   newtype TAccessPathFront =
     TFrontNil(DataFlowType t) or
     TFrontHead(TypedContent tc)
 
+  cached
+  newtype TApproxAccessPathFront =
+    TApproxFrontNil(DataFlowType t) or
+    TApproxFrontHead(TypedContentApprox tc)
+
   cached
   newtype TAccessPathFrontOption =
     TAccessPathFrontNone() or
     TAccessPathFrontSome(AccessPathFront apf)
+
+  cached
+  newtype TApproxAccessPathFrontOption =
+    TApproxAccessPathFrontNone() or
+    TApproxAccessPathFrontSome(ApproxAccessPathFront apf)
 }
 
 /**
@@ -1304,6 +1343,113 @@ class DataFlowCallOption extends TDataFlowCallOption {
   }
 }
 
+/** An optional `ParamNode`. */
+class ParamNodeOption extends TParamNodeOption {
+  string toString() {
+    this = TParamNodeNone() and
+    result = "(none)"
+    or
+    exists(ParamNode p |
+      this = TParamNodeSome(p) and
+      result = p.toString()
+    )
+  }
+}
+
+/**
+ * A return context used to calculate flow summaries in reverse flow.
+ *
+ * The possible values are:
+ *
+ * - `TReturnCtxNone()`: no return flow.
+ * - `TReturnCtxNoFlowThrough()`: return flow, but flow through is not possible.
+ * - `TReturnCtxMaybeFlowThrough(ReturnPosition pos)`: return flow, of kind `pos`, and
+ *    flow through may be possible.
+ */
+class ReturnCtx extends TReturnCtx {
+  string toString() {
+    this = TReturnCtxNone() and
+    result = "(none)"
+    or
+    this = TReturnCtxNoFlowThrough() and
+    result = "(no flow through)"
+    or
+    exists(ReturnPosition pos |
+      this = TReturnCtxMaybeFlowThrough(pos) and
+      result = pos.toString()
+    )
+  }
+}
+
+/** An approximated `Content` tagged with the type of a containing object. */
+class TypedContentApprox extends MkTypedContentApprox {
+  private ContentApprox c;
+  private DataFlowType t;
+
+  TypedContentApprox() { this = MkTypedContentApprox(c, t) }
+
+  /** Gets a typed content approximated by this value. */
+  TypedContent getATypedContent() { result = getATypedContent(this) }
+
+  /** Gets the container type. */
+  DataFlowType getContainerType() { result = t }
+
+  /** Gets a textual representation of this approximated content. */
+  string toString() { result = c.toString() }
+}
+
+/**
+ * The front of an approximated access path. This is either a head or a nil.
+ */
+abstract class ApproxAccessPathFront extends TApproxAccessPathFront {
+  abstract string toString();
+
+  abstract DataFlowType getType();
+
+  abstract boolean toBoolNonEmpty();
+
+  pragma[nomagic]
+  TypedContent getAHead() {
+    exists(TypedContentApprox cont |
+      this = TApproxFrontHead(cont) and
+      result = cont.getATypedContent()
+    )
+  }
+}
+
+class ApproxAccessPathFrontNil extends ApproxAccessPathFront, TApproxFrontNil {
+  private DataFlowType t;
+
+  ApproxAccessPathFrontNil() { this = TApproxFrontNil(t) }
+
+  override string toString() { result = ppReprType(t) }
+
+  override DataFlowType getType() { result = t }
+
+  override boolean toBoolNonEmpty() { result = false }
+}
+
+class ApproxAccessPathFrontHead extends ApproxAccessPathFront, TApproxFrontHead {
+  private TypedContentApprox tc;
+
+  ApproxAccessPathFrontHead() { this = TApproxFrontHead(tc) }
+
+  override string toString() { result = tc.toString() }
+
+  override DataFlowType getType() { result = tc.getContainerType() }
+
+  override boolean toBoolNonEmpty() { result = true }
+}
+
+/** An optional approximated access path front. */
+class ApproxAccessPathFrontOption extends TApproxAccessPathFrontOption {
+  string toString() {
+    this = TApproxAccessPathFrontNone() and result = "<none>"
+    or
+    this = TApproxAccessPathFrontSome(any(ApproxAccessPathFront apf | result = apf.toString()))
+  }
+}
+
 /** A `Content` tagged with the type of a containing object. */
 class TypedContent extends MkTypedContent {
   private Content c;
@@ -1336,7 +1482,7 @@ abstract class AccessPathFront extends TAccessPathFront {
 
   abstract DataFlowType getType();
 
-  abstract boolean toBoolNonEmpty();
+  abstract ApproxAccessPathFront toApprox();
 
   TypedContent getHead() { this = TFrontHead(result) }
 }
@@ -1350,7 +1496,7 @@ class AccessPathFrontNil extends AccessPathFront, TFrontNil {
 
   override DataFlowType getType() { result = t }
 
-  override boolean toBoolNonEmpty() { result = false }
+  override ApproxAccessPathFront toApprox() { result = TApproxFrontNil(t) }
 }
 
 class AccessPathFrontHead extends AccessPathFront, TFrontHead {
@@ -1362,7 +1508,7 @@ class AccessPathFrontHead extends AccessPathFront, TFrontHead {
 
   override DataFlowType getType() { result = tc.getContainerType() }
 
-  override boolean toBoolNonEmpty() { result = true }
+  override ApproxAccessPathFront toApprox() { result.getAHead() = tc }
 }
 
 /** An optional access path front. */
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll
index dde16ab5a2a..e85e0cd92ec 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll
@@ -136,6 +136,18 @@ module Consistency {
     msg = "Local flow step does not preserve enclosing callable."
   }
 
+  query predicate readStepIsLocal(Node n1, Node n2, string msg) {
+    readStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Read step does not preserve enclosing callable."
+  }
+
+  query predicate storeStepIsLocal(Node n1, Node n2, string msg) {
+    storeStep(n1, _, n2) and
+    nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and
+    msg = "Store step does not preserve enclosing callable."
+  }
+
   private DataFlowType typeRepr() { result = getNodeType(_) }
 
   query predicate compatibleTypesReflexive(DataFlowType t, string msg) {
@@ -232,4 +244,25 @@ module Consistency {
     not callable = viableCallable(call) and
     not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
   }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
+
+  query predicate uniqueContentApprox(Content c, string msg) {
+    not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and
+    msg = "Non-unique content approximation."
+  }
 }
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
index 21ada01f845..9a8b64af131 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -86,7 +86,7 @@ private module Cached {
       hasExprNode(n,
         [
           any(Argument arg | modifiable(arg)).getExpr(), any(MemberRefExpr ref).getBase(),
-          any(ApplyExpr apply).getQualifier()
+          any(ApplyExpr apply).getQualifier(), any(TupleElementExpr te).getSubExpr()
         ])
     }
 
@@ -148,11 +148,29 @@ private module Cached {
     // flow through `!`
     nodeFrom.asExpr() = nodeTo.asExpr().(ForceValueExpr).getSubExpr()
     or
-    // flow through `?`
+    // flow through `?` and `?.`
     nodeFrom.asExpr() = nodeTo.asExpr().(BindOptionalExpr).getSubExpr()
     or
     nodeFrom.asExpr() = nodeTo.asExpr().(OptionalEvaluationExpr).getSubExpr()
     or
+    // flow through nil-coalescing operator `??`
+    exists(BinaryExpr nco |
+      nco.getOperator().(FreeFunctionDecl).getName() = "??(_:_:)" and
+      nodeTo.asExpr() = nco
+    |
+      // value argument
+      nodeFrom.asExpr() = nco.getAnOperand()
+      or
+      // unpack closure (the second argument is an `AutoClosureExpr` argument)
+      nodeFrom.asExpr() = nco.getAnOperand().(AutoClosureExpr).getExpr()
+    )
+    or
+    // flow through ternary operator `? :`
+    exists(IfExpr ie |
+      nodeTo.asExpr() = ie and
+      nodeFrom.asExpr() = ie.getBranch(_)
+    )
+    or
     // flow through a flow summary (extension of `SummaryModelCsv`)
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, true)
   }
@@ -177,7 +195,9 @@ private module Cached {
   newtype TContentSet = TSingletonContent(Content c)
 
   cached
-  newtype TContent = TFieldContent(FieldDecl f)
+  newtype TContent =
+    TFieldContent(FieldDecl f) or
+    TTupleContent(int index) { exists(any(TupleExpr te).getElement(index)) }
 }
 
 /**
@@ -498,6 +518,7 @@ predicate jumpStep(Node pred, Node succ) {
 }
 
 predicate storeStep(Node node1, ContentSet c, Node node2) {
+  // assignment to a member variable `obj.member = value`
   exists(MemberRefExpr ref, AssignExpr assign |
     ref = assign.getDest() and
     node1.asExpr() = assign.getSource() and
@@ -505,18 +526,41 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
     c.isSingleton(any(Content::FieldContent ct | ct.getField() = ref.getMember()))
   )
   or
+  // creation of a tuple `(v1, v2)`
+  exists(TupleExpr tuple, int pos |
+    node1.asExpr() = tuple.getElement(pos) and
+    node2.asExpr() = tuple and
+    c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = pos))
+  )
+  or
+  // assignment to a tuple member `tuple.index = value`
+  exists(TupleElementExpr tuple, AssignExpr assign |
+    tuple = assign.getDest() and
+    node1.asExpr() = assign.getSource() and
+    node2.(PostUpdateNode).getPreUpdateNode().asExpr() = tuple.getSubExpr() and
+    c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = tuple.getIndex()))
+  )
+  or
   FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, c, node2)
 }
 
 predicate isLValue(Expr e) { any(AssignExpr assign).getDest() = e }
 
 predicate readStep(Node node1, ContentSet c, Node node2) {
+  // read of a member variable `obj.member`
   exists(MemberRefExpr ref |
     not isLValue(ref) and
     node1.asExpr() = ref.getBase() and
     node2.asExpr() = ref and
     c.isSingleton(any(Content::FieldContent ct | ct.getField() = ref.getMember()))
   )
+  or
+  // read of a tuple member `tuple.index`
+  exists(TupleElementExpr tuple |
+    node1.asExpr() = tuple.getSubExpr() and
+    node2.asExpr() = tuple and
+    c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = tuple.getIndex()))
+  )
 }
 
 /**
@@ -642,3 +686,10 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  * by default as a heuristic.
  */
 predicate allowParameterReturnInSelf(ParameterNode p) { none() }
+
+/** An approximated `Content`. */
+class ContentApprox = Unit;
+
+/** Gets an approximated value for content `c`. */
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll
index be569f18314..9257c8ccb05 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll
@@ -159,6 +159,18 @@ module Content {
 
     override string toString() { result = f.toString() }
   }
+
+  /** An element of a tuple at a specific index. */
+  class TupleContent extends Content, TTupleContent {
+    private int index;
+
+    TupleContent() { this = TTupleContent(index) }
+
+    /** Gets the index for this tuple element. */
+    int getIndex() { result = index }
+
+    override string toString() { result = "Tuple element at index " + index.toString() }
+  }
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
index 4d41254e5e9..b61142c33a7 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
@@ -241,19 +241,25 @@ module Public {
     }
 
     /**
-     * Holds if the summary is auto generated.
+     * Holds if the summary is auto generated and not manually generated.
      */
     predicate isAutoGenerated() { none() }
-  }
-
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     * Holds if the summary has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate hasProvenance(boolean generated) { none() }
+  }
+
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
+
+    /**
+     *  Holds if the neutral is auto generated.
+     */
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -520,7 +526,8 @@ module Private {
   predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
     parameterReadState(c, _, pos)
     or
-    isParameterPostUpdate(_, c, pos)
+    // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
+    any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos))
   }
 
   private predicate callbackOutput(
@@ -1011,6 +1018,10 @@ module Private {
       }
 
       override predicate isAutoGenerated() { this.relevantSummaryElementGenerated(_, _, _) }
+
+      override predicate hasProvenance(boolean generated) {
+        summaryElement(this, _, _, _, generated)
+      }
     }
 
     /** Holds if component `c` of specification `spec` cannot be parsed. */
@@ -1160,9 +1171,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1179,13 +1190,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1204,14 +1215,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll
index b49405c5a4d..cdaded55342 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -71,11 +71,11 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
- * Note. Negative flow summaries has not been implemented for swift.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the neutral model is autogenerated.
+ * Note. Neutral models have not been implemented for swift.
  */
-predicate negativeSummaryElement(AbstractFunctionDecl c, boolean generated) { none() }
+predicate neutralElement(AbstractFunctionDecl c, boolean generated) { none() }
 
 /**
  * Holds if an external source specification exists for `e` with output specification
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
index cd38648aef9..6fdcca98c36 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
@@ -64,6 +64,8 @@ private module Cached {
     or
     // flow through a flow summary (extension of `SummaryModelCsv`)
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
+    or
+    any(AdditionalTaintStep a).step(nodeFrom, nodeTo)
   }
 
   /**
@@ -72,7 +74,13 @@ private module Cached {
    */
   cached
   predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    DataFlow::localFlowStep(nodeFrom, nodeTo)
+    or
     defaultAdditionalTaintStep(nodeFrom, nodeTo)
+    or
+    // Simple flow through library code is included in the exposed local
+    // step relation, even though flow is technically inter-procedural
+    FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/elements.qll b/swift/ql/lib/codeql/swift/elements.qll
index 085736fe713..672c5fc73cf 100644
--- a/swift/ql/lib/codeql/swift/elements.qll
+++ b/swift/ql/lib/codeql/swift/elements.qll
@@ -6,12 +6,12 @@ import codeql.swift.elements.DbFile
 import codeql.swift.elements.DbLocation
 import codeql.swift.elements.Diagnostics
 import codeql.swift.elements.Element
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.File
 import codeql.swift.elements.Locatable
 import codeql.swift.elements.Location
 import codeql.swift.elements.UnknownFile
 import codeql.swift.elements.UnknownLocation
-import codeql.swift.elements.UnresolvedElement
 import codeql.swift.elements.UnspecifiedElement
 import codeql.swift.elements.decl.AbstractFunctionDecl
 import codeql.swift.elements.decl.AbstractStorageDecl
@@ -55,6 +55,7 @@ import codeql.swift.elements.decl.TypeAliasDecl
 import codeql.swift.elements.decl.TypeDecl
 import codeql.swift.elements.decl.ValueDecl
 import codeql.swift.elements.decl.VarDecl
+import codeql.swift.elements.expr.AbiSafeConversionExpr
 import codeql.swift.elements.expr.AbstractClosureExpr
 import codeql.swift.elements.expr.AnyHashableErasureExpr
 import codeql.swift.elements.expr.AnyTryExpr
@@ -263,7 +264,6 @@ import codeql.swift.elements.type.PrimaryArchetypeType
 import codeql.swift.elements.type.ProtocolCompositionType
 import codeql.swift.elements.type.ProtocolType
 import codeql.swift.elements.type.ReferenceStorageType
-import codeql.swift.elements.type.SequenceArchetypeType
 import codeql.swift.elements.type.StructType
 import codeql.swift.elements.type.SubstitutableType
 import codeql.swift.elements.type.SugarType
@@ -272,7 +272,6 @@ import codeql.swift.elements.type.TupleType
 import codeql.swift.elements.type.Type
 import codeql.swift.elements.type.TypeAliasType
 import codeql.swift.elements.type.TypeRepr
-import codeql.swift.elements.type.TypeVariableType
 import codeql.swift.elements.type.UnarySyntaxSugarType
 import codeql.swift.elements.type.UnboundGenericType
 import codeql.swift.elements.type.UnmanagedStorageType
diff --git a/swift/ql/lib/codeql/swift/elements/ErrorElement.qll b/swift/ql/lib/codeql/swift/elements/ErrorElement.qll
new file mode 100644
index 00000000000..75d60aef9c9
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/elements/ErrorElement.qll
@@ -0,0 +1,4 @@
+// generated by codegen/codegen.py, remove this comment if you wish to edit this file
+private import codeql.swift.generated.ErrorElement
+
+class ErrorElement extends Generated::ErrorElement { }
diff --git a/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll b/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll
deleted file mode 100644
index 06456d4c28c..00000000000
--- a/swift/ql/lib/codeql/swift/elements/UnresolvedElement.qll
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
-private import codeql.swift.generated.UnresolvedElement
-
-class UnresolvedElement extends Generated::UnresolvedElement { }
diff --git a/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll
index 7680fa7cca9..cbafea24532 100644
--- a/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll
+++ b/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll
@@ -1,5 +1,6 @@
 private import codeql.swift.generated.UnspecifiedElement
 import codeql.swift.elements.Location
+import codeql.swift.elements.Locatable
 
 class UnspecifiedElement extends Generated::UnspecifiedElement {
   override string toString() {
diff --git a/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll
index da91edb6810..4879a1e47fd 100644
--- a/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll
+++ b/swift/ql/lib/codeql/swift/elements/decl/AccessorDecl.qll
@@ -8,6 +8,14 @@ private predicate isKnownAccessorKind(AccessorDecl decl, string kind) {
   decl.isWillSet() and kind = "willSet"
   or
   decl.isDidSet() and kind = "didSet"
+  or
+  decl.isRead() and kind = "_read"
+  or
+  decl.isModify() and kind = "_modify"
+  or
+  decl.isUnsafeAddress() and kind = "unsafeAddress"
+  or
+  decl.isUnsafeMutableAddress() and kind = "unsafeMutableAddress"
 }
 
 class AccessorDecl extends Generated::AccessorDecl {
diff --git a/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll
index 5905cf11cf6..7933c7f93b2 100644
--- a/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll
+++ b/swift/ql/lib/codeql/swift/elements/decl/ConstructorDecl.qll
@@ -1,4 +1,7 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.ConstructorDecl
+private import codeql.swift.elements.decl.MethodDecl
 
-class ConstructorDecl extends Generated::ConstructorDecl { }
+/**
+ * An initializer of a class, struct, enum or protocol.
+ */
+class ConstructorDecl extends Generated::ConstructorDecl, MethodDecl { }
diff --git a/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll
index fd331fb9be5..b9e1739f31a 100644
--- a/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll
+++ b/swift/ql/lib/codeql/swift/elements/decl/DestructorDecl.qll
@@ -1,4 +1,7 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.DestructorDecl
+private import codeql.swift.elements.decl.MethodDecl
 
-class DestructorDecl extends Generated::DestructorDecl { }
+/**
+ * A deinitializer of a class.
+ */
+class DestructorDecl extends Generated::DestructorDecl, MethodDecl { }
diff --git a/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll b/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll
index 6848baecd51..1ee72e668f2 100644
--- a/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll
+++ b/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll
@@ -1,4 +1,18 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.IterableDeclContext
+private import codeql.swift.elements.decl.NominalTypeDecl
+private import codeql.swift.elements.decl.ExtensionDecl
 
-class IterableDeclContext extends Generated::IterableDeclContext { }
+/**
+ * A nominal type (class, struct, enum or protocol) or extension.
+ */
+class IterableDeclContext extends Generated::IterableDeclContext {
+  /**
+   * Gets the `NominalTypeDecl` corresponding to this `IterableDeclContext`
+   * resolving an extension to the extended type declaration.
+   */
+  NominalTypeDecl getNominalTypeDecl() {
+    result = this.(NominalTypeDecl)
+    or
+    result = this.(ExtensionDecl).getExtendedTypeDecl()
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll
index c05cac56367..4b337322818 100644
--- a/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll
+++ b/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll
@@ -1,4 +1,6 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.NominalTypeDecl
 
+/**
+ * A class, struct, enum or protocol.
+ */
 class NominalTypeDecl extends Generated::NominalTypeDecl { }
diff --git a/swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExpr.qll
new file mode 100644
index 00000000000..1a86e009f7a
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExpr.qll
@@ -0,0 +1,4 @@
+// generated by codegen/codegen.py, remove this comment if you wish to edit this file
+private import codeql.swift.generated.expr.AbiSafeConversionExpr
+
+class AbiSafeConversionExpr extends Generated::AbiSafeConversionExpr { }
diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeVariableTypeConstructor.qll b/swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExprConstructor.qll
similarity index 61%
rename from swift/ql/lib/codeql/swift/elements/type/TypeVariableTypeConstructor.qll
rename to swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExprConstructor.qll
index cf01c8fe855..0ffc0618124 100644
--- a/swift/ql/lib/codeql/swift/elements/type/TypeVariableTypeConstructor.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/AbiSafeConversionExprConstructor.qll
@@ -1,4 +1,4 @@
 // generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.Raw
 
-predicate constructTypeVariableType(Raw::TypeVariableType id) { any() }
+predicate constructAbiSafeConversionExpr(Raw::AbiSafeConversionExpr id) { any() }
diff --git a/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll
index 14bc6302c2b..5c82dc32afa 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll
@@ -19,6 +19,14 @@ class ApplyExpr extends Generated::ApplyExpr {
   /** Gets the method qualifier, if this is applying a method */
   Expr getQualifier() { none() }
 
+  /**
+   * Gets the argument of this `ApplyExpr` called `label` (if any).
+   */
+  final Argument getArgumentWithLabel(string label) {
+    result = this.getAnArgument() and
+    result.getLabel() = label
+  }
+
   override string toString() {
     result = "call to " + this.getStaticTarget().toString()
     or
diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll b/swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll
index 160aeaa1c3a..faa2941a637 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll
@@ -97,9 +97,7 @@ class RemExpr extends BinaryExpr {
  * -a
  * ```
  */
-class UnaryArithmeticOperation extends PrefixUnaryExpr {
-  UnaryArithmeticOperation() { this instanceof UnaryMinusExpr }
-}
+class UnaryArithmeticOperation extends PrefixUnaryExpr instanceof UnaryMinusExpr { }
 
 /**
  * A unary minus expression.
diff --git a/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll
deleted file mode 100644
index 220aaa883c2..00000000000
--- a/swift/ql/lib/codeql/swift/elements/expr/ArrowExpr.qll
+++ /dev/null
@@ -1,5 +0,0 @@
-private import codeql.swift.generated.expr.ArrowExpr
-
-class ArrowExpr extends Generated::ArrowExpr {
-  override string toString() { result = "... -> ..." }
-}
diff --git a/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll
index 6098a1e04cc..aab42ca0af7 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/AutoClosureExpr.qll
@@ -1,9 +1,29 @@
 private import codeql.swift.generated.expr.AutoClosureExpr
 private import codeql.swift.elements.stmt.ReturnStmt
+private import codeql.swift.elements.expr.Expr
 
+/**
+ * A Swift autoclosure expression, that is, a closure automatically generated
+ * around an argument when the parameter has the `@autoclosure` attribute. For
+ * example, there is an `AutoClosureExpr` around the value `0` in:
+ * ```
+ * func myFunction(_ expr: @autoclosure () -> Int) {
+ *   ...
+ * }
+ *
+ * myFunction(0)
+ * ```
+ */
 class AutoClosureExpr extends Generated::AutoClosureExpr {
-  /** Gets the implicit return statement generated by this autoclosure expression. */
+  /**
+   * Gets the implicit return statement generated by this autoclosure expression.
+   */
   ReturnStmt getReturn() { result = unique( | | this.getBody().getAnElement()) }
 
+  /**
+   * Gets the expression returned by this autoclosure expression.
+   */
+  Expr getExpr() { result = this.getReturn().getResult() }
+
   override string toString() { result = this.getBody().toString() }
 }
diff --git a/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll
index b75704bc1b1..29b86fa2adf 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/BinaryExpr.qll
@@ -1,11 +1,33 @@
 private import codeql.swift.generated.expr.BinaryExpr
 private import codeql.swift.elements.expr.Expr
+private import codeql.swift.elements.decl.AbstractFunctionDecl
 
+/**
+ * A Swift binary expression, that is, an expression that appears between its
+ * two operands. For example:
+ * ```
+ * x + y
+ * ```
+ */
 class BinaryExpr extends Generated::BinaryExpr {
+  /**
+   * Gets the left operand (left expression) of this binary expression.
+   */
   Expr getLeftOperand() { result = this.getArgument(0).getExpr() }
 
+  /**
+   * Gets the right operand (right expression) of this binary expression.
+   */
   Expr getRightOperand() { result = this.getArgument(1).getExpr() }
 
+  /**
+   * Gets the operator of this binary expression (the function that is called).
+   */
+  AbstractFunctionDecl getOperator() { result = this.getStaticTarget() }
+
+  /**
+   * Gets an operand of this binary expression (left or right).
+   */
   Expr getAnOperand() { result = [this.getLeftOperand(), this.getRightOperand()] }
 
   override string toString() { result = "... " + this.getFunction().toString() + " ..." }
diff --git a/swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll b/swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll
index 107392d24f1..812859a612c 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll
@@ -30,9 +30,7 @@ class NotExpr extends PrefixUnaryExpr {
   NotExpr() { unaryHasName(this, "!(_:)") }
 }
 
-class UnaryLogicalOperation extends PrefixUnaryExpr {
-  UnaryLogicalOperation() { this instanceof NotExpr }
-}
+class UnaryLogicalOperation extends PrefixUnaryExpr instanceof NotExpr { }
 
 class LogicalOperation extends Expr {
   LogicalOperation() {
diff --git a/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll
index 46742454650..77150da54a1 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/PostfixUnaryExpr.qll
@@ -1,4 +1,22 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.expr.PostfixUnaryExpr
+private import codeql.swift.elements.expr.Expr
+private import codeql.swift.elements.decl.AbstractFunctionDecl
 
-class PostfixUnaryExpr extends Generated::PostfixUnaryExpr { }
+/**
+ * A Swift postfix unary expression, that is, a unary expression that appears
+ * after its operand. For example:
+ * ```
+ * x!
+ * ```
+ */
+class PostfixUnaryExpr extends Generated::PostfixUnaryExpr {
+  /**
+   *  Gets the operand (expression) of this postfix unary expression.
+   */
+  Expr getOperand() { result = this.getAnArgument().getExpr() }
+
+  /**
+   * Gets the operator of this postfix unary expression (the function that is called).
+   */
+  AbstractFunctionDecl getOperator() { result = this.getStaticTarget() }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll
index b9a1ecd4ee9..0cd1e25ad6b 100644
--- a/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll
+++ b/swift/ql/lib/codeql/swift/elements/expr/PrefixUnaryExpr.qll
@@ -1,6 +1,22 @@
 private import codeql.swift.generated.expr.PrefixUnaryExpr
 private import codeql.swift.elements.expr.Expr
+private import codeql.swift.elements.decl.AbstractFunctionDecl
 
+/**
+ * A Swift prefix unary expression, that is, a unary expression that appears
+ * before its operand. For example:
+ * ```
+ * -x
+ * ```
+ */
 class PrefixUnaryExpr extends Generated::PrefixUnaryExpr {
+  /**
+   *  Gets the operand (expression) of this prefix unary expression.
+   */
   Expr getOperand() { result = this.getAnArgument().getExpr() }
+
+  /**
+   * Gets the operator of this prefix unary expression (the function that is called).
+   */
+  AbstractFunctionDecl getOperator() { result = this.getStaticTarget() }
 }
diff --git a/swift/ql/lib/codeql/swift/elements/type/LValueType.qll b/swift/ql/lib/codeql/swift/elements/type/LValueType.qll
index 1ce57b2db20..d6b4048bdd7 100644
--- a/swift/ql/lib/codeql/swift/elements/type/LValueType.qll
+++ b/swift/ql/lib/codeql/swift/elements/type/LValueType.qll
@@ -1,4 +1,5 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.type.LValueType
 
-class LValueType extends Generated::LValueType { }
+class LValueType extends Generated::LValueType {
+  override Type getResolveStep() { result = this.getImmediateObjectType() }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll b/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll
deleted file mode 100644
index be02ac063a1..00000000000
--- a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeType.qll
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
-private import codeql.swift.generated.type.SequenceArchetypeType
-
-class SequenceArchetypeType extends Generated::SequenceArchetypeType { }
diff --git a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeTypeConstructor.qll b/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeTypeConstructor.qll
deleted file mode 100644
index 322836a71fc..00000000000
--- a/swift/ql/lib/codeql/swift/elements/type/SequenceArchetypeTypeConstructor.qll
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
-private import codeql.swift.generated.Raw
-
-predicate constructSequenceArchetypeType(Raw::SequenceArchetypeType id) { any() }
diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll b/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll
deleted file mode 100644
index 116d03f7877..00000000000
--- a/swift/ql/lib/codeql/swift/elements/type/TypeVariableType.qll
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
-private import codeql.swift.generated.type.TypeVariableType
-
-class TypeVariableType extends Generated::TypeVariableType { }
diff --git a/swift/ql/lib/codeql/swift/frameworks/AEXML.qll b/swift/ql/lib/codeql/swift/frameworks/AEXML.qll
new file mode 100644
index 00000000000..c779c8f7122
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/AEXML.qll
@@ -0,0 +1,56 @@
+import swift
+
+/** The creation of an `AEXMLParser`. */
+class AexmlParser extends ApplyExpr {
+  AexmlParser() {
+    this.getStaticTarget().(ConstructorDecl).getEnclosingDecl() instanceof AexmlParserDecl
+  }
+}
+
+/** The creation of an `AEXMLDocument`. */
+class AexmlDocument extends ApplyExpr {
+  AexmlDocument() {
+    this.getStaticTarget().(ConstructorDecl).getEnclosingDecl() instanceof AexmlDocumentDecl
+  }
+}
+
+/** A call to `AEXMLDocument.loadXML(_:)`. */
+class AexmlDocumentLoadXml extends MethodApplyExpr {
+  AexmlDocumentLoadXml() {
+    exists(MethodDecl f |
+      this.getStaticTarget() = f and
+      f.hasName("loadXML(_:)") and
+      f.getEnclosingDecl() instanceof AexmlDocumentDecl
+    )
+  }
+}
+
+/** The class `AEXMLParser`. */
+class AexmlParserDecl extends ClassDecl {
+  AexmlParserDecl() { this.getFullName() = "AEXMLParser" }
+}
+
+/** The class `AEXMLDocument`. */
+class AexmlDocumentDecl extends ClassDecl {
+  AexmlDocumentDecl() { this.getFullName() = "AEXMLDocument" }
+}
+
+/** A reference to the field `AEXMLOptions.ParserSettings.shouldResolveExternalEntities`. */
+class AexmlShouldResolveExternalEntities extends MemberRefExpr {
+  AexmlShouldResolveExternalEntities() {
+    exists(FieldDecl f | this.getMember() = f |
+      f.getName() = "shouldResolveExternalEntities" and
+      f.getEnclosingDecl().(NominalTypeDecl).getType() instanceof AexmlOptionsParserSettingsType
+    )
+  }
+}
+
+/** The type `AEXMLOptions`. */
+class AexmlOptionsType extends StructType {
+  AexmlOptionsType() { this.getFullName() = "AEXMLOptions" }
+}
+
+/** The type `AEXMLOptions.ParserSettings`. */
+class AexmlOptionsParserSettingsType extends StructType {
+  AexmlOptionsParserSettingsType() { this.getFullName() = "AEXMLOptions.ParserSettings" }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/Alamofire/Alamofire.qll b/swift/ql/lib/codeql/swift/frameworks/Alamofire/Alamofire.qll
new file mode 100644
index 00000000000..849fc5128e6
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/Alamofire/Alamofire.qll
@@ -0,0 +1,22 @@
+/**
+ * Models for the Alamofire networking library.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSources
+
+private class StringSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        // `DataResponse.data`, `.value`, `.result`
+        ";DataResponse;true;data;;;;remote", ";DataResponse;true;value;;;;remote",
+        ";DataResponse;true;result;;;;remote",
+        // `DownloadResponse.data`, `.value`, `.result`
+        ";DownloadResponse;true;data;;;;remote", ";DownloadResponse;true;value;;;;remote",
+        ";DownloadResponse;true;result;;;;remote",
+      ]
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/Libxml2.qll b/swift/ql/lib/codeql/swift/frameworks/Libxml2.qll
new file mode 100644
index 00000000000..12f8603c69b
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/Libxml2.qll
@@ -0,0 +1,54 @@
+import swift
+
+/**
+ * A call to a `libxml2` function that parses XML.
+ */
+class Libxml2ParseCall extends ApplyExpr {
+  int xmlArg;
+  int optionsArg;
+
+  Libxml2ParseCall() {
+    exists(string fname | this.getStaticTarget().getName() = fname |
+      fname = "xmlCtxtUseOptions(_:_:)" and xmlArg = 0 and optionsArg = 1
+      or
+      fname = "xmlReadFile(_:_:_:)" and xmlArg = 0 and optionsArg = 2
+      or
+      fname = ["xmlReadDoc(_:_:_:_:)", "xmlReadFd(_:_:_:_:)"] and
+      xmlArg = 0 and
+      optionsArg = 3
+      or
+      fname = ["xmlCtxtReadFile(_:_:_:_:)", "xmlParseInNodeContext(_:_:_:_:_:)"] and
+      xmlArg = 1 and
+      optionsArg = 3
+      or
+      fname = ["xmlCtxtReadDoc(_:_:_:_:_:)", "xmlCtxtReadFd(_:_:_:_:_:)"] and
+      xmlArg = 1 and
+      optionsArg = 4
+      or
+      fname = "xmlReadMemory(_:_:_:_:_:)" and xmlArg = 0 and optionsArg = 4
+      or
+      fname = "xmlCtxtReadMemory(_:_:_:_:_:_:)" and xmlArg = 1 and optionsArg = 5
+      or
+      fname = "xmlReadIO(_:_:_:_:_:_:)" and xmlArg = 0 and optionsArg = 5
+      or
+      fname = "xmlCtxtReadIO(_:_:_:_:_:_:_:)" and xmlArg = 1 and optionsArg = 6
+    )
+  }
+
+  /**
+   * Gets the argument that receives the XML raw data.
+   */
+  Expr getXml() { result = this.getArgument(xmlArg).getExpr() }
+
+  /**
+   * Gets the argument that specifies `xmlParserOption`s.
+   */
+  Expr getOptions() { result = this.getArgument(optionsArg).getExpr() }
+}
+
+/**
+ * An `xmlParserOption` for `libxml2` that is considered unsafe.
+ */
+class Libxml2BadOption extends ConcreteVarDecl {
+  Libxml2BadOption() { this.getName() = ["XML_PARSE_NOENT", "XML_PARSE_DTDLOAD"] }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll
new file mode 100644
index 00000000000..420a5ebeb52
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll
@@ -0,0 +1,51 @@
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+private class DataSources extends SourceModelCsv {
+  override predicate row(string row) {
+    row = ";Data;true;init(contentsOf:options:);;;ReturnValue;remote"
+  }
+}
+
+private class DataSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Data;true;init(_:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(buffer:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(bytes:count:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(bytesNoCopy:count:deallocator:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;init(referencing:);;;Argument[0];ReturnValue;taint",
+        ";Data;true;append(_:);;;Argument[0];Argument[-1];taint",
+        ";Data;true;append(_:count:);;;Argument[0];Argument[-1];taint",
+        ";Data;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
+        ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint",
+        ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint",
+        ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint",
+        ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
+        ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
+        ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;reduce(into:_:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;replace(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
+        ";Data;true;replaceSubrange(_:with:);;;Argument[1];Argument[-1];taint",
+        ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint",
+        ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
+        ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint",
+        // TODO: this should be implemented by a model of BidirectionalCollection
+        // ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint",
+        ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint"
+      ]
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll
new file mode 100644
index 00000000000..5c0c9f0dce5
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll
@@ -0,0 +1,17 @@
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+/** The struct `FilePath`. */
+class FilePath extends StructDecl {
+  FilePath() { this.getFullName() = "FilePath" }
+}
+
+/**
+ * A model for `FilePath` members that permit taint flow.
+ */
+private class FilePathSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    // TODO: Properly model this class
+    row = ";FilePath;true;init(stringLiteral:);(String);;Argument[0];ReturnValue;taint"
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/InputStream.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/InputStream.qll
new file mode 100644
index 00000000000..60b61bec294
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/InputStream.qll
@@ -0,0 +1,8 @@
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+private class InputStreamSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = ";InputStream;true;init(data:);;;Argument[0];ReturnValue;taint"
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll
new file mode 100644
index 00000000000..bad20ece437
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll
@@ -0,0 +1,91 @@
+/** Provides classes and models to work with `NSData`-related objects. */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
+
+/** The class `NSData`. */
+class NsData extends ClassDecl {
+  NsData() { this.getFullName() = "NSData" }
+}
+
+/** The class `NSMutableData`. */
+class NsMutableData extends ClassDecl {
+  NsMutableData() { this.getFullName() = "NSMutableData" }
+}
+
+private class NsDataSources extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";NSData;true;init(contentsOf:);;;ReturnValue;remote",
+        ";NSData;true;init(contentsOf:options:);;;ReturnValue;remote"
+      ]
+  }
+}
+
+private class NsDataSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";NSData;true;init(bytes:length:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(bytesNoCopy:length:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(bytesNoCopy:length:deallocator:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(bytesNoCopy:length:freeWhenDone:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(data:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(contentsOfFile:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(contentsOfFile:options:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(contentsOf:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(contentsOfMappedFile:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;init(base64Encoding:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
+        ";NSData;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
+        ";NSData;true;base64Encoding();;;Argument[-1];ReturnValue;taint",
+        ";NSData;true;dataWithContentsOfMappedFile(_:);;;Argument[0];ReturnValue;taint",
+        ";NSData;true;enumerateBytes(_:);;;Argument[-1];Argument[0].Parameter[0];taint",
+        ";NSData;true;getBytes(_:);;;Argument[-1];Argument[0];taint",
+        ";NSData;true;getBytes(_:length:);;;Argument[-1];Argument[0];taint",
+        ";NSData;true;getBytes(_:range:);;;Argument[-1];Argument[0];taint",
+        ";NSData;true;subdata(with:);;;Argument[-1];ReturnValue;taint",
+        ";NSData;true;compressed(using:);;;Argument[-1];ReturnValue;taint",
+        ";NSData;true;decompressed(using:);;;Argument[-1];ReturnValue;taint"
+      ]
+  }
+}
+
+private class NsMutableDataSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";NSMutableData;true;append(_:length:);;;Argument[0];Argument[-1];taint",
+        ";NSMutableData;true;append(_:);;;Argument[0];Argument[-1];taint",
+        ";NSMutableData;true;replaceBytes(in:withBytes:);;;Argument[1];Argument[-1];taint",
+        ";NSMutableData;true;replaceBytes(in:withBytes:length:);;;Argument[1];Argument[-1];taint",
+        ";NSMutableData;true;setData(_:);;;Argument[0];Argument[-1];taint",
+      ]
+  }
+}
+
+/** A content implying that, if a `NSData` object is tainted, some of its fields are also tainted. */
+private class NsDataTaintedFields extends TaintInheritingContent, DataFlow::Content::FieldContent {
+  NsDataTaintedFields() {
+    exists(FieldDecl f | this.getField() = f |
+      f.getEnclosingDecl() instanceof NsData and
+      f.getName() = ["bytes", "description"]
+    )
+  }
+}
+
+/** A content implying that, if a `NSMutableData` object is tainted, some of its fields are also tainted. */
+private class NsMutableDataTaintedFields extends TaintInheritingContent,
+  DataFlow::Content::FieldContent {
+  NsMutableDataTaintedFields() {
+    exists(FieldDecl f | this.getField() = f |
+      f.getEnclosingDecl() instanceof NsMutableData and
+      f.getName() = "mutableBytes"
+    )
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll
new file mode 100644
index 00000000000..e1849d227e7
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll
@@ -0,0 +1,12 @@
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+/**
+ * A model for `NSURL` members that permit taint flow.
+ */
+private class NsUrlSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    // TODO: Properly model this class
+    row = ";NSURL;true;init(string:);(String);;Argument[0];ReturnValue;taint"
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
index 492dc314c17..14456885572 100644
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
@@ -1,5 +1,7 @@
 import swift
+private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
 
 private class StringSource extends SourceModelCsv {
   override predicate row(string row) {
@@ -16,3 +18,15 @@ private class StringSource extends SourceModelCsv {
       ]
   }
 }
+
+/**
+ * A content implying that, if a `String` is tainted, then all its fields are tainted.
+ */
+private class StringFieldsInheritTaint extends TaintInheritingContent,
+  DataFlow::Content::FieldContent {
+  StringFieldsInheritTaint() {
+    this.getField().getEnclosingDecl().(ClassOrStructDecl).getFullName() = "String" or
+    this.getField().getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() =
+      "String"
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll
index 84a965cba31..702933644e5 100644
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll
@@ -125,9 +125,36 @@ private class JsExportedSource extends RemoteFlowSource {
       base.getEnclosingDecl() instanceof JsExportedProto and
       adopter.getEnclosingDecl() instanceof JsExportedType
     |
-      this.asExpr().(MemberRefExpr).getMember() = adopter and adopter.getName() = base.getName()
+      this.asExpr().(MemberRefExpr).getMember() = adopter and
+      pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName())
     )
   }
 
   override string getSourceType() { result = "Member of a type exposed through JSExport" }
 }
+
+/**
+ * A model for `WKUserScript` summaries.
+ */
+private class WKUserScriptSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";WKUserScript;true;init(source:injectionTime:forMainFrameOnly:);;;Argument[0];ReturnValue;taint",
+        ";WKUserScript;true;init(source:injectionTime:forMainFrameOnly:in:);;;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
+
+/**
+ * A content implying that, if a `WKUserScript` is tainted, its `source` field is tainted.
+ */
+private class WKUserScriptInheritsTaint extends TaintInheritingContent,
+  DataFlow::Content::FieldContent {
+  WKUserScriptInheritsTaint() {
+    exists(FieldDecl f | this.getField() = f |
+      f.getEnclosingDecl().(ClassOrStructDecl).getName() = "WKUserScript" and
+      f.getName() = "source"
+    )
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll
index a1564db6f4a..7732626e10b 100644
--- a/swift/ql/lib/codeql/swift/generated/Callable.qll
+++ b/swift/ql/lib/codeql/swift/generated/Callable.qll
@@ -56,7 +56,7 @@ module Generated {
     /**
      * Gets the number of parameters of this callable.
      */
-    final int getNumberOfParams() { result = count(getAParam()) }
+    final int getNumberOfParams() { result = count(int i | exists(getParam(i))) }
 
     /**
      * Gets the body of this callable, if it exists.
diff --git a/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll b/swift/ql/lib/codeql/swift/generated/ErrorElement.qll
similarity index 55%
rename from swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll
rename to swift/ql/lib/codeql/swift/generated/ErrorElement.qll
index 54f2b4005be..726669e4a97 100644
--- a/swift/ql/lib/codeql/swift/generated/UnresolvedElement.qll
+++ b/swift/ql/lib/codeql/swift/generated/ErrorElement.qll
@@ -4,5 +4,8 @@ private import codeql.swift.generated.Raw
 import codeql.swift.elements.Locatable
 
 module Generated {
-  class UnresolvedElement extends Synth::TUnresolvedElement, Locatable { }
+  /**
+   * The superclass of all elements indicating some kind of error.
+   */
+  class ErrorElement extends Synth::TErrorElement, Locatable { }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll
index b56253575e2..a44d0f746dd 100644
--- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll
+++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll
@@ -135,6 +135,21 @@ private module Impl {
     )
   }
 
+  private Element getImmediateChildOfErrorElement(
+    ErrorElement e, int index, string partialPredicateCall
+  ) {
+    exists(int b, int bLocatable, int n |
+      b = 0 and
+      bLocatable = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLocatable(e, i, _)) | i) and
+      n = bLocatable and
+      (
+        none()
+        or
+        result = getImmediateChildOfLocatable(e, index - b, partialPredicateCall)
+      )
+    )
+  }
+
   private Element getImmediateChildOfUnknownFile(
     UnknownFile e, int index, string partialPredicateCall
   ) {
@@ -165,32 +180,18 @@ private module Impl {
     )
   }
 
-  private Element getImmediateChildOfUnresolvedElement(
-    UnresolvedElement e, int index, string partialPredicateCall
-  ) {
-    exists(int b, int bLocatable, int n |
-      b = 0 and
-      bLocatable = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLocatable(e, i, _)) | i) and
-      n = bLocatable and
-      (
-        none()
-        or
-        result = getImmediateChildOfLocatable(e, index - b, partialPredicateCall)
-      )
-    )
-  }
-
   private Element getImmediateChildOfUnspecifiedElement(
     UnspecifiedElement e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bLocatable, int n |
+    exists(int b, int bErrorElement, int n |
       b = 0 and
-      bLocatable = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLocatable(e, i, _)) | i) and
-      n = bLocatable and
+      bErrorElement =
+        b + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
-        result = getImmediateChildOfLocatable(e, index - b, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - b, partialPredicateCall)
       )
     )
   }
@@ -680,15 +681,39 @@ private module Impl {
   }
 
   private Element getImmediateChildOfVarDecl(VarDecl e, int index, string partialPredicateCall) {
-    exists(int b, int bAbstractStorageDecl, int n |
+    exists(
+      int b, int bAbstractStorageDecl, int n, int nPropertyWrapperBackingVarBinding,
+      int nPropertyWrapperBackingVar, int nPropertyWrapperProjectionVarBinding,
+      int nPropertyWrapperProjectionVar
+    |
       b = 0 and
       bAbstractStorageDecl =
         b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAbstractStorageDecl(e, i, _)) | i) and
       n = bAbstractStorageDecl and
+      nPropertyWrapperBackingVarBinding = n + 1 and
+      nPropertyWrapperBackingVar = nPropertyWrapperBackingVarBinding + 1 and
+      nPropertyWrapperProjectionVarBinding = nPropertyWrapperBackingVar + 1 and
+      nPropertyWrapperProjectionVar = nPropertyWrapperProjectionVarBinding + 1 and
       (
         none()
         or
         result = getImmediateChildOfAbstractStorageDecl(e, index - b, partialPredicateCall)
+        or
+        index = n and
+        result = e.getImmediatePropertyWrapperBackingVarBinding() and
+        partialPredicateCall = "PropertyWrapperBackingVarBinding()"
+        or
+        index = nPropertyWrapperBackingVarBinding and
+        result = e.getImmediatePropertyWrapperBackingVar() and
+        partialPredicateCall = "PropertyWrapperBackingVar()"
+        or
+        index = nPropertyWrapperBackingVar and
+        result = e.getImmediatePropertyWrapperProjectionVarBinding() and
+        partialPredicateCall = "PropertyWrapperProjectionVarBinding()"
+        or
+        index = nPropertyWrapperProjectionVarBinding and
+        result = e.getImmediatePropertyWrapperProjectionVar() and
+        partialPredicateCall = "PropertyWrapperProjectionVar()"
       )
     )
   }
@@ -809,14 +834,27 @@ private module Impl {
   }
 
   private Element getImmediateChildOfParamDecl(ParamDecl e, int index, string partialPredicateCall) {
-    exists(int b, int bVarDecl, int n |
+    exists(
+      int b, int bVarDecl, int n, int nPropertyWrapperLocalWrappedVarBinding,
+      int nPropertyWrapperLocalWrappedVar
+    |
       b = 0 and
       bVarDecl = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfVarDecl(e, i, _)) | i) and
       n = bVarDecl and
+      nPropertyWrapperLocalWrappedVarBinding = n + 1 and
+      nPropertyWrapperLocalWrappedVar = nPropertyWrapperLocalWrappedVarBinding + 1 and
       (
         none()
         or
         result = getImmediateChildOfVarDecl(e, index - b, partialPredicateCall)
+        or
+        index = n and
+        result = e.getImmediatePropertyWrapperLocalWrappedVarBinding() and
+        partialPredicateCall = "PropertyWrapperLocalWrappedVarBinding()"
+        or
+        index = nPropertyWrapperLocalWrappedVarBinding and
+        result = e.getImmediatePropertyWrapperLocalWrappedVar() and
+        partialPredicateCall = "PropertyWrapperLocalWrappedVar()"
       )
     )
   }
@@ -1178,14 +1216,18 @@ private module Impl {
   }
 
   private Element getImmediateChildOfErrorExpr(ErrorExpr e, int index, string partialPredicateCall) {
-    exists(int b, int bExpr, int n |
+    exists(int b, int bExpr, int bErrorElement, int n |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      n = bExpr and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
+        or
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
       )
     )
   }
@@ -1555,14 +1597,18 @@ private module Impl {
   private Element getImmediateChildOfOverloadedDeclRefExpr(
     OverloadedDeclRefExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int n |
+    exists(int b, int bExpr, int bErrorElement, int n |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      n = bExpr and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
+        or
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
       )
     )
   }
@@ -1707,18 +1753,18 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedDeclRefExpr(
     UnresolvedDeclRefExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int bUnresolvedElement, int n |
+    exists(int b, int bExpr, int bErrorElement, int n |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      bUnresolvedElement =
-        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
       )
     )
   }
@@ -1726,19 +1772,19 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedDotExpr(
     UnresolvedDotExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int bUnresolvedElement, int n, int nBase |
+    exists(int b, int bExpr, int bErrorElement, int n, int nBase |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      bUnresolvedElement =
-        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       nBase = n + 1 and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
         or
         index = n and result = e.getImmediateBase() and partialPredicateCall = "Base()"
       )
@@ -1748,18 +1794,18 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedMemberExpr(
     UnresolvedMemberExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int bUnresolvedElement, int n |
+    exists(int b, int bExpr, int bErrorElement, int n |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      bUnresolvedElement =
-        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
       )
     )
   }
@@ -1767,19 +1813,19 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedPatternExpr(
     UnresolvedPatternExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int bUnresolvedElement, int n, int nSubPattern |
+    exists(int b, int bExpr, int bErrorElement, int n, int nSubPattern |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      bUnresolvedElement =
-        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       nSubPattern = n + 1 and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
         or
         index = n and result = e.getImmediateSubPattern() and partialPredicateCall = "SubPattern()"
       )
@@ -1789,19 +1835,19 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedSpecializeExpr(
     UnresolvedSpecializeExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bExpr, int bUnresolvedElement, int n, int nSubExpr |
+    exists(int b, int bExpr, int bErrorElement, int n, int nSubExpr |
       b = 0 and
       bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
-      bUnresolvedElement =
-        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bExpr + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       nSubExpr = n + 1 and
       (
         none()
         or
         result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bExpr, partialPredicateCall)
         or
         index = n and result = e.getImmediateSubExpr() and partialPredicateCall = "SubExpr()"
       )
@@ -1826,6 +1872,23 @@ private module Impl {
     )
   }
 
+  private Element getImmediateChildOfAbiSafeConversionExpr(
+    AbiSafeConversionExpr e, int index, string partialPredicateCall
+  ) {
+    exists(int b, int bImplicitConversionExpr, int n |
+      b = 0 and
+      bImplicitConversionExpr =
+        b + 1 +
+          max(int i | i = -1 or exists(getImmediateChildOfImplicitConversionExpr(e, i, _)) | i) and
+      n = bImplicitConversionExpr and
+      (
+        none()
+        or
+        result = getImmediateChildOfImplicitConversionExpr(e, index - b, partialPredicateCall)
+      )
+    )
+  }
+
   private Element getImmediateChildOfAnyHashableErasureExpr(
     AnyHashableErasureExpr e, int index, string partialPredicateCall
   ) {
@@ -2768,21 +2831,20 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedMemberChainResultExpr(
     UnresolvedMemberChainResultExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bIdentityExpr, int bUnresolvedElement, int n |
+    exists(int b, int bIdentityExpr, int bErrorElement, int n |
       b = 0 and
       bIdentityExpr =
         b + 1 + max(int i | i = -1 or exists(getImmediateChildOfIdentityExpr(e, i, _)) | i) and
-      bUnresolvedElement =
+      bErrorElement =
         bIdentityExpr + 1 +
-          max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+          max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfIdentityExpr(e, index - b, partialPredicateCall)
         or
-        result =
-          getImmediateChildOfUnresolvedElement(e, index - bIdentityExpr, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bIdentityExpr, partialPredicateCall)
       )
     )
   }
@@ -2790,23 +2852,22 @@ private module Impl {
   private Element getImmediateChildOfUnresolvedTypeConversionExpr(
     UnresolvedTypeConversionExpr e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bImplicitConversionExpr, int bUnresolvedElement, int n |
+    exists(int b, int bImplicitConversionExpr, int bErrorElement, int n |
       b = 0 and
       bImplicitConversionExpr =
         b + 1 +
           max(int i | i = -1 or exists(getImmediateChildOfImplicitConversionExpr(e, i, _)) | i) and
-      bUnresolvedElement =
+      bErrorElement =
         bImplicitConversionExpr + 1 +
-          max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+          max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfImplicitConversionExpr(e, index - b, partialPredicateCall)
         or
         result =
-          getImmediateChildOfUnresolvedElement(e, index - bImplicitConversionExpr,
-            partialPredicateCall)
+          getImmediateChildOfErrorElement(e, index - bImplicitConversionExpr, partialPredicateCall)
       )
     )
   }
@@ -3801,14 +3862,18 @@ private module Impl {
   }
 
   private Element getImmediateChildOfErrorType(ErrorType e, int index, string partialPredicateCall) {
-    exists(int b, int bType, int n |
+    exists(int b, int bType, int bErrorElement, int n |
       b = 0 and
       bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
-      n = bType and
+      bErrorElement =
+        bType + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfType(e, index - b, partialPredicateCall)
+        or
+        result = getImmediateChildOfErrorElement(e, index - bType, partialPredicateCall)
       )
     )
   }
@@ -3953,36 +4018,21 @@ private module Impl {
     )
   }
 
-  private Element getImmediateChildOfTypeVariableType(
-    TypeVariableType e, int index, string partialPredicateCall
-  ) {
-    exists(int b, int bType, int n |
-      b = 0 and
-      bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
-      n = bType and
-      (
-        none()
-        or
-        result = getImmediateChildOfType(e, index - b, partialPredicateCall)
-      )
-    )
-  }
-
   private Element getImmediateChildOfUnresolvedType(
     UnresolvedType e, int index, string partialPredicateCall
   ) {
-    exists(int b, int bType, int bUnresolvedElement, int n |
+    exists(int b, int bType, int bErrorElement, int n |
       b = 0 and
       bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
-      bUnresolvedElement =
-        bType + 1 + max(int i | i = -1 or exists(getImmediateChildOfUnresolvedElement(e, i, _)) | i) and
-      n = bUnresolvedElement and
+      bErrorElement =
+        bType + 1 + max(int i | i = -1 or exists(getImmediateChildOfErrorElement(e, i, _)) | i) and
+      n = bErrorElement and
       (
         none()
         or
         result = getImmediateChildOfType(e, index - b, partialPredicateCall)
         or
-        result = getImmediateChildOfUnresolvedElement(e, index - bType, partialPredicateCall)
+        result = getImmediateChildOfErrorElement(e, index - bType, partialPredicateCall)
       )
     )
   }
@@ -4522,22 +4572,6 @@ private module Impl {
     )
   }
 
-  private Element getImmediateChildOfSequenceArchetypeType(
-    SequenceArchetypeType e, int index, string partialPredicateCall
-  ) {
-    exists(int b, int bArchetypeType, int n |
-      b = 0 and
-      bArchetypeType =
-        b + 1 + max(int i | i = -1 or exists(getImmediateChildOfArchetypeType(e, i, _)) | i) and
-      n = bArchetypeType and
-      (
-        none()
-        or
-        result = getImmediateChildOfArchetypeType(e, index - b, partialPredicateCall)
-      )
-    )
-  }
-
   private Element getImmediateChildOfUnarySyntaxSugarType(
     UnarySyntaxSugarType e, int index, string partialPredicateCall
   ) {
@@ -4868,6 +4902,8 @@ private module Impl {
     or
     result = getImmediateChildOfVarargExpansionExpr(e, index, partialAccessor)
     or
+    result = getImmediateChildOfAbiSafeConversionExpr(e, index, partialAccessor)
+    or
     result = getImmediateChildOfAnyHashableErasureExpr(e, index, partialAccessor)
     or
     result = getImmediateChildOfArchetypeToSuperExpr(e, index, partialAccessor)
@@ -5088,8 +5124,6 @@ private module Impl {
     or
     result = getImmediateChildOfTupleType(e, index, partialAccessor)
     or
-    result = getImmediateChildOfTypeVariableType(e, index, partialAccessor)
-    or
     result = getImmediateChildOfUnresolvedType(e, index, partialAccessor)
     or
     result = getImmediateChildOfBuiltinBridgeObjectType(e, index, partialAccessor)
@@ -5146,8 +5180,6 @@ private module Impl {
     or
     result = getImmediateChildOfPrimaryArchetypeType(e, index, partialAccessor)
     or
-    result = getImmediateChildOfSequenceArchetypeType(e, index, partialAccessor)
-    or
     result = getImmediateChildOfArraySliceType(e, index, partialAccessor)
     or
     result = getImmediateChildOfBoundGenericClassType(e, index, partialAccessor)
diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll
index 2730e58e09b..66083c2bfd6 100644
--- a/swift/ql/lib/codeql/swift/generated/Raw.qll
+++ b/swift/ql/lib/codeql/swift/generated/Raw.qll
@@ -57,9 +57,9 @@ module Raw {
     int getKind() { diagnostics(this, _, result) }
   }
 
-  class UnresolvedElement extends @unresolved_element, Locatable { }
+  class ErrorElement extends @error_element, Locatable { }
 
-  class UnspecifiedElement extends @unspecified_element, Locatable {
+  class UnspecifiedElement extends @unspecified_element, ErrorElement {
     override string toString() { result = "UnspecifiedElement" }
 
     Element getParent() { unspecified_element_parents(this, result) }
@@ -235,6 +235,20 @@ module Raw {
     Pattern getParentPattern() { var_decl_parent_patterns(this, result) }
 
     Expr getParentInitializer() { var_decl_parent_initializers(this, result) }
+
+    PatternBindingDecl getPropertyWrapperBackingVarBinding() {
+      var_decl_property_wrapper_backing_var_bindings(this, result)
+    }
+
+    VarDecl getPropertyWrapperBackingVar() { var_decl_property_wrapper_backing_vars(this, result) }
+
+    PatternBindingDecl getPropertyWrapperProjectionVarBinding() {
+      var_decl_property_wrapper_projection_var_bindings(this, result)
+    }
+
+    VarDecl getPropertyWrapperProjectionVar() {
+      var_decl_property_wrapper_projection_vars(this, result)
+    }
   }
 
   class AccessorDecl extends @accessor_decl, FuncDecl {
@@ -247,6 +261,14 @@ module Raw {
     predicate isWillSet() { accessor_decl_is_will_set(this) }
 
     predicate isDidSet() { accessor_decl_is_did_set(this) }
+
+    predicate isRead() { accessor_decl_is_read(this) }
+
+    predicate isModify() { accessor_decl_is_modify(this) }
+
+    predicate isUnsafeAddress() { accessor_decl_is_unsafe_address(this) }
+
+    predicate isUnsafeMutableAddress() { accessor_decl_is_unsafe_mutable_address(this) }
   }
 
   class AssociatedTypeDecl extends @associated_type_decl, AbstractTypeParamDecl {
@@ -285,6 +307,14 @@ module Raw {
     override string toString() { result = "ParamDecl" }
 
     predicate isInout() { param_decl_is_inout(this) }
+
+    PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() {
+      param_decl_property_wrapper_local_wrapped_var_bindings(this, result)
+    }
+
+    VarDecl getPropertyWrapperLocalWrappedVar() {
+      param_decl_property_wrapper_local_wrapped_vars(this, result)
+    }
   }
 
   class TypeAliasDecl extends @type_alias_decl, GenericTypeDecl {
@@ -381,6 +411,8 @@ module Raw {
     }
 
     predicate hasOrdinarySemantics() { decl_ref_expr_has_ordinary_semantics(this) }
+
+    predicate hasDistributedThunkSemantics() { decl_ref_expr_has_distributed_thunk_semantics(this) }
   }
 
   class DefaultArgumentExpr extends @default_argument_expr, Expr {
@@ -419,7 +451,7 @@ module Raw {
     EnumElementDecl getElement() { enum_is_case_exprs(this, _, result) }
   }
 
-  class ErrorExpr extends @error_expr, Expr {
+  class ErrorExpr extends @error_expr, Expr, ErrorElement {
     override string toString() { result = "ErrorExpr" }
   }
 
@@ -541,7 +573,7 @@ module Raw {
     ConstructorDecl getConstructorDecl() { other_constructor_decl_ref_exprs(this, result) }
   }
 
-  class OverloadedDeclRefExpr extends @overloaded_decl_ref_expr, Expr {
+  class OverloadedDeclRefExpr extends @overloaded_decl_ref_expr, Expr, ErrorElement {
     override string toString() { result = "OverloadedDeclRefExpr" }
 
     ValueDecl getPossibleDeclaration(int index) {
@@ -607,13 +639,13 @@ module Raw {
     TypeRepr getTypeRepr() { type_expr_type_reprs(this, result) }
   }
 
-  class UnresolvedDeclRefExpr extends @unresolved_decl_ref_expr, Expr, UnresolvedElement {
+  class UnresolvedDeclRefExpr extends @unresolved_decl_ref_expr, Expr, ErrorElement {
     override string toString() { result = "UnresolvedDeclRefExpr" }
 
     string getName() { unresolved_decl_ref_expr_names(this, result) }
   }
 
-  class UnresolvedDotExpr extends @unresolved_dot_expr, Expr, UnresolvedElement {
+  class UnresolvedDotExpr extends @unresolved_dot_expr, Expr, ErrorElement {
     override string toString() { result = "UnresolvedDotExpr" }
 
     Expr getBase() { unresolved_dot_exprs(this, result, _) }
@@ -621,19 +653,19 @@ module Raw {
     string getName() { unresolved_dot_exprs(this, _, result) }
   }
 
-  class UnresolvedMemberExpr extends @unresolved_member_expr, Expr, UnresolvedElement {
+  class UnresolvedMemberExpr extends @unresolved_member_expr, Expr, ErrorElement {
     override string toString() { result = "UnresolvedMemberExpr" }
 
     string getName() { unresolved_member_exprs(this, result) }
   }
 
-  class UnresolvedPatternExpr extends @unresolved_pattern_expr, Expr, UnresolvedElement {
+  class UnresolvedPatternExpr extends @unresolved_pattern_expr, Expr, ErrorElement {
     override string toString() { result = "UnresolvedPatternExpr" }
 
     Pattern getSubPattern() { unresolved_pattern_exprs(this, result) }
   }
 
-  class UnresolvedSpecializeExpr extends @unresolved_specialize_expr, Expr, UnresolvedElement {
+  class UnresolvedSpecializeExpr extends @unresolved_specialize_expr, Expr, ErrorElement {
     override string toString() { result = "UnresolvedSpecializeExpr" }
 
     Expr getSubExpr() { unresolved_specialize_exprs(this, result) }
@@ -645,6 +677,10 @@ module Raw {
     Expr getSubExpr() { vararg_expansion_exprs(this, result) }
   }
 
+  class AbiSafeConversionExpr extends @abi_safe_conversion_expr, ImplicitConversionExpr {
+    override string toString() { result = "AbiSafeConversionExpr" }
+  }
+
   class AnyHashableErasureExpr extends @any_hashable_erasure_expr, ImplicitConversionExpr {
     override string toString() { result = "AnyHashableErasureExpr" }
   }
@@ -829,6 +865,10 @@ module Raw {
     }
 
     predicate hasOrdinarySemantics() { member_ref_expr_has_ordinary_semantics(this) }
+
+    predicate hasDistributedThunkSemantics() {
+      member_ref_expr_has_distributed_thunk_semantics(this)
+    }
   }
 
   class MetatypeConversionExpr extends @metatype_conversion_expr, ImplicitConversionExpr {
@@ -896,6 +936,10 @@ module Raw {
     }
 
     predicate hasOrdinarySemantics() { subscript_expr_has_ordinary_semantics(this) }
+
+    predicate hasDistributedThunkSemantics() {
+      subscript_expr_has_distributed_thunk_semantics(this)
+    }
   }
 
   class TryExpr extends @try_expr, AnyTryExpr {
@@ -911,12 +955,12 @@ module Raw {
   }
 
   class UnresolvedMemberChainResultExpr extends @unresolved_member_chain_result_expr, IdentityExpr,
-    UnresolvedElement {
+    ErrorElement {
     override string toString() { result = "UnresolvedMemberChainResultExpr" }
   }
 
   class UnresolvedTypeConversionExpr extends @unresolved_type_conversion_expr,
-    ImplicitConversionExpr, UnresolvedElement {
+    ImplicitConversionExpr, ErrorElement {
     override string toString() { result = "UnresolvedTypeConversionExpr" }
   }
 
@@ -1272,7 +1316,7 @@ module Raw {
     Type getStaticSelfType() { dynamic_self_types(this, result) }
   }
 
-  class ErrorType extends @error_type, Type {
+  class ErrorType extends @error_type, Type, ErrorElement {
     override string toString() { result = "ErrorType" }
   }
 
@@ -1302,6 +1346,10 @@ module Raw {
 
   class ParameterizedProtocolType extends @parameterized_protocol_type, Type {
     override string toString() { result = "ParameterizedProtocolType" }
+
+    ProtocolType getBase() { parameterized_protocol_types(this, result) }
+
+    Type getArg(int index) { parameterized_protocol_type_args(this, index, result) }
   }
 
   class ProtocolCompositionType extends @protocol_composition_type, Type {
@@ -1326,11 +1374,7 @@ module Raw {
     string getName(int index) { tuple_type_names(this, index, result) }
   }
 
-  class TypeVariableType extends @type_variable_type, Type {
-    override string toString() { result = "TypeVariableType" }
-  }
-
-  class UnresolvedType extends @unresolved_type, Type, UnresolvedElement {
+  class UnresolvedType extends @unresolved_type, Type, ErrorElement {
     override string toString() { result = "UnresolvedType" }
   }
 
@@ -1479,10 +1523,6 @@ module Raw {
     override string toString() { result = "PrimaryArchetypeType" }
   }
 
-  class SequenceArchetypeType extends @sequence_archetype_type, ArchetypeType {
-    override string toString() { result = "SequenceArchetypeType" }
-  }
-
   class UnarySyntaxSugarType extends @unary_syntax_sugar_type, SyntaxSugarType {
     Type getBaseType() { unary_syntax_sugar_types(this, result) }
   }
diff --git a/swift/ql/lib/codeql/swift/generated/Synth.qll b/swift/ql/lib/codeql/swift/generated/Synth.qll
index 997b279c70f..4671a86634c 100644
--- a/swift/ql/lib/codeql/swift/generated/Synth.qll
+++ b/swift/ql/lib/codeql/swift/generated/Synth.qll
@@ -41,6 +41,7 @@ module Synth {
     TSubscriptDecl(Raw::SubscriptDecl id) { constructSubscriptDecl(id) } or
     TTopLevelCodeDecl(Raw::TopLevelCodeDecl id) { constructTopLevelCodeDecl(id) } or
     TTypeAliasDecl(Raw::TypeAliasDecl id) { constructTypeAliasDecl(id) } or
+    TAbiSafeConversionExpr(Raw::AbiSafeConversionExpr id) { constructAbiSafeConversionExpr(id) } or
     TAnyHashableErasureExpr(Raw::AnyHashableErasureExpr id) { constructAnyHashableErasureExpr(id) } or
     TAppliedPropertyWrapperExpr(Raw::AppliedPropertyWrapperExpr id) {
       constructAppliedPropertyWrapperExpr(id)
@@ -290,12 +291,10 @@ module Synth {
       constructProtocolCompositionType(id)
     } or
     TProtocolType(Raw::ProtocolType id) { constructProtocolType(id) } or
-    TSequenceArchetypeType(Raw::SequenceArchetypeType id) { constructSequenceArchetypeType(id) } or
     TStructType(Raw::StructType id) { constructStructType(id) } or
     TTupleType(Raw::TupleType id) { constructTupleType(id) } or
     TTypeAliasType(Raw::TypeAliasType id) { constructTypeAliasType(id) } or
     TTypeRepr(Raw::TypeRepr id) { constructTypeRepr(id) } or
-    TTypeVariableType(Raw::TypeVariableType id) { constructTypeVariableType(id) } or
     TUnboundGenericType(Raw::UnboundGenericType id) { constructUnboundGenericType(id) } or
     TUnmanagedStorageType(Raw::UnmanagedStorageType id) { constructUnmanagedStorageType(id) } or
     TUnownedStorageType(Raw::UnownedStorageType id) { constructUnownedStorageType(id) } or
@@ -309,18 +308,18 @@ module Synth {
 
   class TCallable = TAbstractClosureExpr or TAbstractFunctionDecl;
 
+  class TErrorElement =
+    TErrorExpr or TErrorType or TOverloadedDeclRefExpr or TUnresolvedDeclRefExpr or
+        TUnresolvedDotExpr or TUnresolvedMemberChainResultExpr or TUnresolvedMemberExpr or
+        TUnresolvedPatternExpr or TUnresolvedSpecializeExpr or TUnresolvedType or
+        TUnresolvedTypeConversionExpr or TUnspecifiedElement;
+
   class TFile = TDbFile or TUnknownFile;
 
-  class TLocatable =
-    TArgument or TAstNode or TComment or TDiagnostics or TUnresolvedElement or TUnspecifiedElement;
+  class TLocatable = TArgument or TAstNode or TComment or TDiagnostics or TErrorElement;
 
   class TLocation = TDbLocation or TUnknownLocation;
 
-  class TUnresolvedElement =
-    TUnresolvedDeclRefExpr or TUnresolvedDotExpr or TUnresolvedMemberChainResultExpr or
-        TUnresolvedMemberExpr or TUnresolvedPatternExpr or TUnresolvedSpecializeExpr or
-        TUnresolvedType or TUnresolvedTypeConversionExpr;
-
   class TAbstractFunctionDecl = TConstructorDecl or TDestructorDecl or TFuncDecl;
 
   class TAbstractStorageDecl = TSubscriptDecl or TVarDecl;
@@ -388,12 +387,12 @@ module Synth {
     TAwaitExpr or TDotSelfExpr or TParenExpr or TUnresolvedMemberChainResultExpr;
 
   class TImplicitConversionExpr =
-    TAnyHashableErasureExpr or TArchetypeToSuperExpr or TArrayToPointerExpr or
-        TBridgeFromObjCExpr or TBridgeToObjCExpr or TClassMetatypeToObjectExpr or
-        TCollectionUpcastConversionExpr or TConditionalBridgeFromObjCExpr or
-        TCovariantFunctionConversionExpr or TCovariantReturnConversionExpr or TDerivedToBaseExpr or
-        TDestructureTupleExpr or TDifferentiableFunctionExpr or
-        TDifferentiableFunctionExtractOriginalExpr or TErasureExpr or
+    TAbiSafeConversionExpr or TAnyHashableErasureExpr or TArchetypeToSuperExpr or
+        TArrayToPointerExpr or TBridgeFromObjCExpr or TBridgeToObjCExpr or
+        TClassMetatypeToObjectExpr or TCollectionUpcastConversionExpr or
+        TConditionalBridgeFromObjCExpr or TCovariantFunctionConversionExpr or
+        TCovariantReturnConversionExpr or TDerivedToBaseExpr or TDestructureTupleExpr or
+        TDifferentiableFunctionExpr or TDifferentiableFunctionExtractOriginalExpr or TErasureExpr or
         TExistentialMetatypeToObjectExpr or TForeignObjectConversionExpr or
         TFunctionConversionExpr or TInOutToPointerExpr or TInjectIntoOptionalExpr or
         TLinearFunctionExpr or TLinearFunctionExtractOriginalExpr or
@@ -435,9 +434,7 @@ module Synth {
 
   class TAnyMetatypeType = TExistentialMetatypeType or TMetatypeType;
 
-  class TArchetypeType =
-    TOpaqueTypeArchetypeType or TOpenedArchetypeType or TPrimaryArchetypeType or
-        TSequenceArchetypeType;
+  class TArchetypeType = TOpaqueTypeArchetypeType or TOpenedArchetypeType or TPrimaryArchetypeType;
 
   class TBoundGenericType =
     TBoundGenericClassType or TBoundGenericEnumType or TBoundGenericStructType;
@@ -464,8 +461,7 @@ module Synth {
     TAnyFunctionType or TAnyGenericType or TAnyMetatypeType or TBuiltinType or
         TDependentMemberType or TDynamicSelfType or TErrorType or TExistentialType or TInOutType or
         TLValueType or TModuleType or TParameterizedProtocolType or TProtocolCompositionType or
-        TReferenceStorageType or TSubstitutableType or TSugarType or TTupleType or
-        TTypeVariableType or TUnresolvedType;
+        TReferenceStorageType or TSubstitutableType or TSugarType or TTupleType or TUnresolvedType;
 
   class TUnarySyntaxSugarType = TArraySliceType or TOptionalType or TVariadicSequenceType;
 
@@ -597,6 +593,11 @@ module Synth {
   cached
   TTypeAliasDecl convertTypeAliasDeclFromRaw(Raw::Element e) { result = TTypeAliasDecl(e) }
 
+  cached
+  TAbiSafeConversionExpr convertAbiSafeConversionExprFromRaw(Raw::Element e) {
+    result = TAbiSafeConversionExpr(e)
+  }
+
   cached
   TAnyHashableErasureExpr convertAnyHashableErasureExprFromRaw(Raw::Element e) {
     result = TAnyHashableErasureExpr(e)
@@ -1308,11 +1309,6 @@ module Synth {
   cached
   TProtocolType convertProtocolTypeFromRaw(Raw::Element e) { result = TProtocolType(e) }
 
-  cached
-  TSequenceArchetypeType convertSequenceArchetypeTypeFromRaw(Raw::Element e) {
-    result = TSequenceArchetypeType(e)
-  }
-
   cached
   TStructType convertStructTypeFromRaw(Raw::Element e) { result = TStructType(e) }
 
@@ -1325,9 +1321,6 @@ module Synth {
   cached
   TTypeRepr convertTypeReprFromRaw(Raw::Element e) { result = TTypeRepr(e) }
 
-  cached
-  TTypeVariableType convertTypeVariableTypeFromRaw(Raw::Element e) { result = TTypeVariableType(e) }
-
   cached
   TUnboundGenericType convertUnboundGenericTypeFromRaw(Raw::Element e) {
     result = TUnboundGenericType(e)
@@ -1397,6 +1390,33 @@ module Synth {
     result = convertTypeFromRaw(e)
   }
 
+  cached
+  TErrorElement convertErrorElementFromRaw(Raw::Element e) {
+    result = convertErrorExprFromRaw(e)
+    or
+    result = convertErrorTypeFromRaw(e)
+    or
+    result = convertOverloadedDeclRefExprFromRaw(e)
+    or
+    result = convertUnresolvedDeclRefExprFromRaw(e)
+    or
+    result = convertUnresolvedDotExprFromRaw(e)
+    or
+    result = convertUnresolvedMemberChainResultExprFromRaw(e)
+    or
+    result = convertUnresolvedMemberExprFromRaw(e)
+    or
+    result = convertUnresolvedPatternExprFromRaw(e)
+    or
+    result = convertUnresolvedSpecializeExprFromRaw(e)
+    or
+    result = convertUnresolvedTypeFromRaw(e)
+    or
+    result = convertUnresolvedTypeConversionExprFromRaw(e)
+    or
+    result = convertUnspecifiedElementFromRaw(e)
+  }
+
   cached
   TFile convertFileFromRaw(Raw::Element e) {
     result = convertDbFileFromRaw(e)
@@ -1414,9 +1434,7 @@ module Synth {
     or
     result = convertDiagnosticsFromRaw(e)
     or
-    result = convertUnresolvedElementFromRaw(e)
-    or
-    result = convertUnspecifiedElementFromRaw(e)
+    result = convertErrorElementFromRaw(e)
   }
 
   cached
@@ -1426,25 +1444,6 @@ module Synth {
     result = convertUnknownLocationFromRaw(e)
   }
 
-  cached
-  TUnresolvedElement convertUnresolvedElementFromRaw(Raw::Element e) {
-    result = convertUnresolvedDeclRefExprFromRaw(e)
-    or
-    result = convertUnresolvedDotExprFromRaw(e)
-    or
-    result = convertUnresolvedMemberChainResultExprFromRaw(e)
-    or
-    result = convertUnresolvedMemberExprFromRaw(e)
-    or
-    result = convertUnresolvedPatternExprFromRaw(e)
-    or
-    result = convertUnresolvedSpecializeExprFromRaw(e)
-    or
-    result = convertUnresolvedTypeFromRaw(e)
-    or
-    result = convertUnresolvedTypeConversionExprFromRaw(e)
-  }
-
   cached
   TAbstractFunctionDecl convertAbstractFunctionDeclFromRaw(Raw::Element e) {
     result = convertConstructorDeclFromRaw(e)
@@ -1758,6 +1757,8 @@ module Synth {
 
   cached
   TImplicitConversionExpr convertImplicitConversionExprFromRaw(Raw::Element e) {
+    result = convertAbiSafeConversionExprFromRaw(e)
+    or
     result = convertAnyHashableErasureExprFromRaw(e)
     or
     result = convertArchetypeToSuperExprFromRaw(e)
@@ -1970,8 +1971,6 @@ module Synth {
     result = convertOpenedArchetypeTypeFromRaw(e)
     or
     result = convertPrimaryArchetypeTypeFromRaw(e)
-    or
-    result = convertSequenceArchetypeTypeFromRaw(e)
   }
 
   cached
@@ -2094,8 +2093,6 @@ module Synth {
     or
     result = convertTupleTypeFromRaw(e)
     or
-    result = convertTypeVariableTypeFromRaw(e)
-    or
     result = convertUnresolvedTypeFromRaw(e)
   }
 
@@ -2236,6 +2233,11 @@ module Synth {
   cached
   Raw::Element convertTypeAliasDeclToRaw(TTypeAliasDecl e) { e = TTypeAliasDecl(result) }
 
+  cached
+  Raw::Element convertAbiSafeConversionExprToRaw(TAbiSafeConversionExpr e) {
+    e = TAbiSafeConversionExpr(result)
+  }
+
   cached
   Raw::Element convertAnyHashableErasureExprToRaw(TAnyHashableErasureExpr e) {
     e = TAnyHashableErasureExpr(result)
@@ -2945,11 +2947,6 @@ module Synth {
   cached
   Raw::Element convertProtocolTypeToRaw(TProtocolType e) { e = TProtocolType(result) }
 
-  cached
-  Raw::Element convertSequenceArchetypeTypeToRaw(TSequenceArchetypeType e) {
-    e = TSequenceArchetypeType(result)
-  }
-
   cached
   Raw::Element convertStructTypeToRaw(TStructType e) { e = TStructType(result) }
 
@@ -2962,9 +2959,6 @@ module Synth {
   cached
   Raw::Element convertTypeReprToRaw(TTypeRepr e) { e = TTypeRepr(result) }
 
-  cached
-  Raw::Element convertTypeVariableTypeToRaw(TTypeVariableType e) { e = TTypeVariableType(result) }
-
   cached
   Raw::Element convertUnboundGenericTypeToRaw(TUnboundGenericType e) {
     e = TUnboundGenericType(result)
@@ -3034,6 +3028,33 @@ module Synth {
     result = convertTypeToRaw(e)
   }
 
+  cached
+  Raw::Element convertErrorElementToRaw(TErrorElement e) {
+    result = convertErrorExprToRaw(e)
+    or
+    result = convertErrorTypeToRaw(e)
+    or
+    result = convertOverloadedDeclRefExprToRaw(e)
+    or
+    result = convertUnresolvedDeclRefExprToRaw(e)
+    or
+    result = convertUnresolvedDotExprToRaw(e)
+    or
+    result = convertUnresolvedMemberChainResultExprToRaw(e)
+    or
+    result = convertUnresolvedMemberExprToRaw(e)
+    or
+    result = convertUnresolvedPatternExprToRaw(e)
+    or
+    result = convertUnresolvedSpecializeExprToRaw(e)
+    or
+    result = convertUnresolvedTypeToRaw(e)
+    or
+    result = convertUnresolvedTypeConversionExprToRaw(e)
+    or
+    result = convertUnspecifiedElementToRaw(e)
+  }
+
   cached
   Raw::Element convertFileToRaw(TFile e) {
     result = convertDbFileToRaw(e)
@@ -3051,9 +3072,7 @@ module Synth {
     or
     result = convertDiagnosticsToRaw(e)
     or
-    result = convertUnresolvedElementToRaw(e)
-    or
-    result = convertUnspecifiedElementToRaw(e)
+    result = convertErrorElementToRaw(e)
   }
 
   cached
@@ -3063,25 +3082,6 @@ module Synth {
     result = convertUnknownLocationToRaw(e)
   }
 
-  cached
-  Raw::Element convertUnresolvedElementToRaw(TUnresolvedElement e) {
-    result = convertUnresolvedDeclRefExprToRaw(e)
-    or
-    result = convertUnresolvedDotExprToRaw(e)
-    or
-    result = convertUnresolvedMemberChainResultExprToRaw(e)
-    or
-    result = convertUnresolvedMemberExprToRaw(e)
-    or
-    result = convertUnresolvedPatternExprToRaw(e)
-    or
-    result = convertUnresolvedSpecializeExprToRaw(e)
-    or
-    result = convertUnresolvedTypeToRaw(e)
-    or
-    result = convertUnresolvedTypeConversionExprToRaw(e)
-  }
-
   cached
   Raw::Element convertAbstractFunctionDeclToRaw(TAbstractFunctionDecl e) {
     result = convertConstructorDeclToRaw(e)
@@ -3395,6 +3395,8 @@ module Synth {
 
   cached
   Raw::Element convertImplicitConversionExprToRaw(TImplicitConversionExpr e) {
+    result = convertAbiSafeConversionExprToRaw(e)
+    or
     result = convertAnyHashableErasureExprToRaw(e)
     or
     result = convertArchetypeToSuperExprToRaw(e)
@@ -3607,8 +3609,6 @@ module Synth {
     result = convertOpenedArchetypeTypeToRaw(e)
     or
     result = convertPrimaryArchetypeTypeToRaw(e)
-    or
-    result = convertSequenceArchetypeTypeToRaw(e)
   }
 
   cached
@@ -3731,8 +3731,6 @@ module Synth {
     or
     result = convertTupleTypeToRaw(e)
     or
-    result = convertTypeVariableTypeToRaw(e)
-    or
     result = convertUnresolvedTypeToRaw(e)
   }
 
diff --git a/swift/ql/lib/codeql/swift/generated/SynthConstructors.qll b/swift/ql/lib/codeql/swift/generated/SynthConstructors.qll
index 528c176b4c9..4623b04b784 100644
--- a/swift/ql/lib/codeql/swift/generated/SynthConstructors.qll
+++ b/swift/ql/lib/codeql/swift/generated/SynthConstructors.qll
@@ -33,6 +33,7 @@ import codeql.swift.elements.decl.StructDeclConstructor
 import codeql.swift.elements.decl.SubscriptDeclConstructor
 import codeql.swift.elements.decl.TopLevelCodeDeclConstructor
 import codeql.swift.elements.decl.TypeAliasDeclConstructor
+import codeql.swift.elements.expr.AbiSafeConversionExprConstructor
 import codeql.swift.elements.expr.AnyHashableErasureExprConstructor
 import codeql.swift.elements.expr.AppliedPropertyWrapperExprConstructor
 import codeql.swift.elements.expr.ArchetypeToSuperExprConstructor
@@ -212,12 +213,10 @@ import codeql.swift.elements.type.ParenTypeConstructor
 import codeql.swift.elements.type.PrimaryArchetypeTypeConstructor
 import codeql.swift.elements.type.ProtocolCompositionTypeConstructor
 import codeql.swift.elements.type.ProtocolTypeConstructor
-import codeql.swift.elements.type.SequenceArchetypeTypeConstructor
 import codeql.swift.elements.type.StructTypeConstructor
 import codeql.swift.elements.type.TupleTypeConstructor
 import codeql.swift.elements.type.TypeAliasTypeConstructor
 import codeql.swift.elements.type.TypeReprConstructor
-import codeql.swift.elements.type.TypeVariableTypeConstructor
 import codeql.swift.elements.type.UnboundGenericTypeConstructor
 import codeql.swift.elements.type.UnmanagedStorageTypeConstructor
 import codeql.swift.elements.type.UnownedStorageTypeConstructor
diff --git a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll
index 8f6efd926d8..c37d4d35515 100644
--- a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll
+++ b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll
@@ -2,10 +2,10 @@
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
 import codeql.swift.elements.Element
-import codeql.swift.elements.Locatable
+import codeql.swift.elements.ErrorElement
 
 module Generated {
-  class UnspecifiedElement extends Synth::TUnspecifiedElement, Locatable {
+  class UnspecifiedElement extends Synth::TUnspecifiedElement, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnspecifiedElement" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll
index 05d5b9b2a63..2e5ad34c6b7 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of accessor declarations of this abstract storage declaration.
      */
-    final int getNumberOfAccessorDecls() { result = count(getAnAccessorDecl()) }
+    final int getNumberOfAccessorDecls() { result = count(int i | exists(getAccessorDecl(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll
index 8b0a8f7582a..6616023d814 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/AccessorDecl.qll
@@ -26,5 +26,29 @@ module Generated {
      * Holds if this accessor is a `didSet`, called after the property is set.
      */
     predicate isDidSet() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isDidSet() }
+
+    /**
+     * Holds if this accessor is a `_read` coroutine, yielding a borrowed value of the property.
+     */
+    predicate isRead() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isRead() }
+
+    /**
+     * Holds if this accessor is a `_modify` coroutine, yielding an inout value of the property.
+     */
+    predicate isModify() { Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isModify() }
+
+    /**
+     * Holds if this accessor is an `unsafeAddress` immutable addressor.
+     */
+    predicate isUnsafeAddress() {
+      Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isUnsafeAddress()
+    }
+
+    /**
+     * Holds if this accessor is an `unsafeMutableAddress` mutable addressor.
+     */
+    predicate isUnsafeMutableAddress() {
+      Synth::convertAccessorDeclToRaw(this).(Raw::AccessorDecl).isUnsafeMutableAddress()
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll
index dbd0029cb4d..c7e37aa2d46 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of elements of this enum case declaration.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll
index 43e99500ddc..9de09b1d663 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll
@@ -41,6 +41,6 @@ module Generated {
     /**
      * Gets the number of parameters of this enum element declaration.
      */
-    final int getNumberOfParams() { result = count(getAParam()) }
+    final int getNumberOfParams() { result = count(int i | exists(getParam(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll
index 90c6f5457bb..095870c1657 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll
@@ -34,6 +34,8 @@ module Generated {
     /**
      * Gets the number of generic type parameters of this generic context.
      */
-    final int getNumberOfGenericTypeParams() { result = count(getAGenericTypeParam()) }
+    final int getNumberOfGenericTypeParams() {
+      result = count(int i | exists(getGenericTypeParam(i)))
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll
index 5cbe08b6ee1..ab48661cb37 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll
@@ -36,6 +36,6 @@ module Generated {
     /**
      * Gets the number of active elements of this if config declaration.
      */
-    final int getNumberOfActiveElements() { result = count(getAnActiveElement()) }
+    final int getNumberOfActiveElements() { result = count(int i | exists(getActiveElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll
index 1067e3a2fa4..2c3952de14a 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll
@@ -63,6 +63,6 @@ module Generated {
     /**
      * Gets the number of declarations of this import declaration.
      */
-    final int getNumberOfDeclarations() { result = count(getADeclaration()) }
+    final int getNumberOfDeclarations() { result = count(int i | exists(getDeclaration(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll b/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll
index 35fc93aa9e9..4ae2e88bd74 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/IterableDeclContext.qll
@@ -32,6 +32,6 @@ module Generated {
     /**
      * Gets the number of members of this iterable declaration context.
      */
-    final int getNumberOfMembers() { result = count(getAMember()) }
+    final int getNumberOfMembers() { result = count(int i | exists(getMember(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll
index 0f4ffd9c616..4b10570ef7b 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll
@@ -49,7 +49,7 @@ module Generated {
     /**
      * Gets the number of imported modules of this module declaration.
      */
-    final int getNumberOfImportedModules() { result = count(getAnImportedModule()) }
+    final int getNumberOfImportedModules() { result = count(int i | exists(getImportedModule(i))) }
 
     /**
      * Gets the `index`th exported module of this module declaration (0-based).
@@ -79,6 +79,6 @@ module Generated {
     /**
      * Gets the number of exported modules of this module declaration.
      */
-    final int getNumberOfExportedModules() { result = count(getAnExportedModule()) }
+    final int getNumberOfExportedModules() { result = count(int i | exists(getExportedModule(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll
index e3ad8fe72a2..78cc23c82cb 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll
@@ -66,6 +66,8 @@ module Generated {
     /**
      * Gets the number of opaque generic parameters of this opaque type declaration.
      */
-    final int getNumberOfOpaqueGenericParams() { result = count(getAnOpaqueGenericParam()) }
+    final int getNumberOfOpaqueGenericParams() {
+      result = count(int i | exists(getOpaqueGenericParam(i)))
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll
index 727f169234d..daa8b3e94dc 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll
@@ -1,6 +1,7 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.decl.PatternBindingDecl
 import codeql.swift.elements.decl.VarDecl
 
 module Generated {
@@ -11,5 +12,65 @@ module Generated {
      * Holds if this is an `inout` parameter.
      */
     predicate isInout() { Synth::convertParamDeclToRaw(this).(Raw::ParamDecl).isInout() }
+
+    /**
+     * Gets the property wrapper local wrapped variable binding of this parameter declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    PatternBindingDecl getImmediatePropertyWrapperLocalWrappedVarBinding() {
+      result =
+        Synth::convertPatternBindingDeclFromRaw(Synth::convertParamDeclToRaw(this)
+              .(Raw::ParamDecl)
+              .getPropertyWrapperLocalWrappedVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper local wrapped variable binding of this parameter declaration, if it exists.
+     *
+     * This is the synthesized binding introducing the property wrapper local wrapped projection
+     * variable for this variable, if any.
+     */
+    final PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() {
+      result = getImmediatePropertyWrapperLocalWrappedVarBinding().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperLocalWrappedVarBinding()` exists.
+     */
+    final predicate hasPropertyWrapperLocalWrappedVarBinding() {
+      exists(getPropertyWrapperLocalWrappedVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper local wrapped variable of this parameter declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    VarDecl getImmediatePropertyWrapperLocalWrappedVar() {
+      result =
+        Synth::convertVarDeclFromRaw(Synth::convertParamDeclToRaw(this)
+              .(Raw::ParamDecl)
+              .getPropertyWrapperLocalWrappedVar())
+    }
+
+    /**
+     * Gets the property wrapper local wrapped variable of this parameter declaration, if it exists.
+     *
+     * This is the synthesized local wrapped value, shadowing this parameter declaration in case it
+     * has a property wrapper.
+     */
+    final VarDecl getPropertyWrapperLocalWrappedVar() {
+      result = getImmediatePropertyWrapperLocalWrappedVar().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperLocalWrappedVar()` exists.
+     */
+    final predicate hasPropertyWrapperLocalWrappedVar() {
+      exists(getPropertyWrapperLocalWrappedVar())
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll
index dd454ea0e24..301efcd3df3 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll
@@ -63,6 +63,6 @@ module Generated {
     /**
      * Gets the number of patterns of this pattern binding declaration.
      */
-    final int getNumberOfPatterns() { result = count(getAPattern()) }
+    final int getNumberOfPatterns() { result = count(int i | exists(getPattern(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll
index d752aae3b58..ddf8508db30 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll
@@ -36,7 +36,7 @@ module Generated {
     /**
      * Gets the number of parameters of this subscript declaration.
      */
-    final int getNumberOfParams() { result = count(getAParam()) }
+    final int getNumberOfParams() { result = count(int i | exists(getParam(i))) }
 
     /**
      * Gets the element type of this subscript declaration.
diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll
index 8efc443721a..85d19e61b07 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll
@@ -37,6 +37,6 @@ module Generated {
     /**
      * Gets the number of base types of this type declaration.
      */
-    final int getNumberOfBaseTypes() { result = count(getABaseType()) }
+    final int getNumberOfBaseTypes() { result = count(int i | exists(getBaseType(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll
index f92e0bdb768..9cc585e0623 100644
--- a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll
+++ b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll
@@ -4,17 +4,18 @@ private import codeql.swift.generated.Raw
 import codeql.swift.elements.decl.AbstractStorageDecl
 import codeql.swift.elements.expr.Expr
 import codeql.swift.elements.pattern.Pattern
+import codeql.swift.elements.decl.PatternBindingDecl
 import codeql.swift.elements.type.Type
 
 module Generated {
   class VarDecl extends Synth::TVarDecl, AbstractStorageDecl {
     /**
-     * Gets the name of this var declaration.
+     * Gets the name of this variable declaration.
      */
     string getName() { result = Synth::convertVarDeclToRaw(this).(Raw::VarDecl).getName() }
 
     /**
-     * Gets the type of this var declaration.
+     * Gets the type of this variable declaration.
      *
      * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
      * behavior of both the `Immediate` and non-`Immediate` versions.
@@ -24,12 +25,12 @@ module Generated {
     }
 
     /**
-     * Gets the type of this var declaration.
+     * Gets the type of this variable declaration.
      */
     final Type getType() { result = getImmediateType().resolve() }
 
     /**
-     * Gets the attached property wrapper type of this var declaration, if it exists.
+     * Gets the attached property wrapper type of this variable declaration, if it exists.
      *
      * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
      * behavior of both the `Immediate` and non-`Immediate` versions.
@@ -42,7 +43,7 @@ module Generated {
     }
 
     /**
-     * Gets the attached property wrapper type of this var declaration, if it exists.
+     * Gets the attached property wrapper type of this variable declaration, if it exists.
      */
     final Type getAttachedPropertyWrapperType() {
       result = getImmediateAttachedPropertyWrapperType().resolve()
@@ -54,7 +55,7 @@ module Generated {
     final predicate hasAttachedPropertyWrapperType() { exists(getAttachedPropertyWrapperType()) }
 
     /**
-     * Gets the parent pattern of this var declaration, if it exists.
+     * Gets the parent pattern of this variable declaration, if it exists.
      *
      * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
      * behavior of both the `Immediate` and non-`Immediate` versions.
@@ -67,7 +68,7 @@ module Generated {
     }
 
     /**
-     * Gets the parent pattern of this var declaration, if it exists.
+     * Gets the parent pattern of this variable declaration, if it exists.
      */
     final Pattern getParentPattern() { result = getImmediateParentPattern().resolve() }
 
@@ -77,7 +78,7 @@ module Generated {
     final predicate hasParentPattern() { exists(getParentPattern()) }
 
     /**
-     * Gets the parent initializer of this var declaration, if it exists.
+     * Gets the parent initializer of this variable declaration, if it exists.
      *
      * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
      * behavior of both the `Immediate` and non-`Immediate` versions.
@@ -90,7 +91,7 @@ module Generated {
     }
 
     /**
-     * Gets the parent initializer of this var declaration, if it exists.
+     * Gets the parent initializer of this variable declaration, if it exists.
      */
     final Expr getParentInitializer() { result = getImmediateParentInitializer().resolve() }
 
@@ -98,5 +99,121 @@ module Generated {
      * Holds if `getParentInitializer()` exists.
      */
     final predicate hasParentInitializer() { exists(getParentInitializer()) }
+
+    /**
+     * Gets the property wrapper backing variable binding of this variable declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    PatternBindingDecl getImmediatePropertyWrapperBackingVarBinding() {
+      result =
+        Synth::convertPatternBindingDeclFromRaw(Synth::convertVarDeclToRaw(this)
+              .(Raw::VarDecl)
+              .getPropertyWrapperBackingVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper backing variable binding of this variable declaration, if it exists.
+     *
+     * This is the synthesized binding introducing the property wrapper backing variable for this
+     * variable, if any.
+     */
+    final PatternBindingDecl getPropertyWrapperBackingVarBinding() {
+      result = getImmediatePropertyWrapperBackingVarBinding().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperBackingVarBinding()` exists.
+     */
+    final predicate hasPropertyWrapperBackingVarBinding() {
+      exists(getPropertyWrapperBackingVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper backing variable of this variable declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    VarDecl getImmediatePropertyWrapperBackingVar() {
+      result =
+        Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this)
+              .(Raw::VarDecl)
+              .getPropertyWrapperBackingVar())
+    }
+
+    /**
+     * Gets the property wrapper backing variable of this variable declaration, if it exists.
+     *
+     * This is the synthesized variable holding the property wrapper for this variable, if any.
+     */
+    final VarDecl getPropertyWrapperBackingVar() {
+      result = getImmediatePropertyWrapperBackingVar().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperBackingVar()` exists.
+     */
+    final predicate hasPropertyWrapperBackingVar() { exists(getPropertyWrapperBackingVar()) }
+
+    /**
+     * Gets the property wrapper projection variable binding of this variable declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    PatternBindingDecl getImmediatePropertyWrapperProjectionVarBinding() {
+      result =
+        Synth::convertPatternBindingDeclFromRaw(Synth::convertVarDeclToRaw(this)
+              .(Raw::VarDecl)
+              .getPropertyWrapperProjectionVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper projection variable binding of this variable declaration, if it exists.
+     *
+     * This is the synthesized binding introducing the property wrapper projection variable for this
+     * variable, if any.
+     */
+    final PatternBindingDecl getPropertyWrapperProjectionVarBinding() {
+      result = getImmediatePropertyWrapperProjectionVarBinding().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperProjectionVarBinding()` exists.
+     */
+    final predicate hasPropertyWrapperProjectionVarBinding() {
+      exists(getPropertyWrapperProjectionVarBinding())
+    }
+
+    /**
+     * Gets the property wrapper projection variable of this variable declaration, if it exists.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    VarDecl getImmediatePropertyWrapperProjectionVar() {
+      result =
+        Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this)
+              .(Raw::VarDecl)
+              .getPropertyWrapperProjectionVar())
+    }
+
+    /**
+     * Gets the property wrapper projection variable of this variable declaration, if it exists.
+     *
+     * If this variable has a property wrapper with a projected value, this is the corresponding
+     * synthesized variable holding that projected value, accessible with this variable's name
+     * prefixed with `$`.
+     */
+    final VarDecl getPropertyWrapperProjectionVar() {
+      result = getImmediatePropertyWrapperProjectionVar().resolve()
+    }
+
+    /**
+     * Holds if `getPropertyWrapperProjectionVar()` exists.
+     */
+    final predicate hasPropertyWrapperProjectionVar() { exists(getPropertyWrapperProjectionVar()) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll
new file mode 100644
index 00000000000..3908c403ba5
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll
@@ -0,0 +1,10 @@
+// generated by codegen/codegen.py
+private import codeql.swift.generated.Synth
+private import codeql.swift.generated.Raw
+import codeql.swift.elements.expr.ImplicitConversionExpr
+
+module Generated {
+  class AbiSafeConversionExpr extends Synth::TAbiSafeConversionExpr, ImplicitConversionExpr {
+    override string getAPrimaryQlClass() { result = "AbiSafeConversionExpr" }
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll
index 1beaf334682..b39b3f694bd 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll
@@ -48,6 +48,6 @@ module Generated {
     /**
      * Gets the number of arguments passed to the applied function.
      */
-    final int getNumberOfArguments() { result = count(getAnArgument()) }
+    final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll
index df3ea361d68..8d0218f0824 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of elements of this array expression.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll
index 364c60ea5b0..e971caa1b5b 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll
@@ -37,7 +37,7 @@ module Generated {
     /**
      * Gets the number of binding declarations of this capture list expression.
      */
-    final int getNumberOfBindingDecls() { result = count(getABindingDecl()) }
+    final int getNumberOfBindingDecls() { result = count(int i | exists(getBindingDecl(i))) }
 
     /**
      * Gets the closure body of this capture list expression.
diff --git a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll
index bb83df6d35c..1c95bbb9555 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll
@@ -53,7 +53,9 @@ module Generated {
     /**
      * Gets the number of replacement types of this declaration ref expression.
      */
-    final int getNumberOfReplacementTypes() { result = count(getAReplacementType()) }
+    final int getNumberOfReplacementTypes() {
+      result = count(int i | exists(getReplacementType(i)))
+    }
 
     /**
      * Holds if this declaration ref expression has direct to storage semantics.
@@ -75,5 +77,12 @@ module Generated {
     predicate hasOrdinarySemantics() {
       Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasOrdinarySemantics()
     }
+
+    /**
+     * Holds if this declaration ref expression has distributed thunk semantics.
+     */
+    predicate hasDistributedThunkSemantics() {
+      Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).hasDistributedThunkSemantics()
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll
index 8d9fd0589c4..95821ef674b 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of elements of this dictionary expression.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll
index 0c0ab658ba4..f89f4da3e40 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/ErrorExpr.qll
@@ -1,10 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
 
 module Generated {
-  class ErrorExpr extends Synth::TErrorExpr, Expr {
+  class ErrorExpr extends Synth::TErrorExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "ErrorExpr" }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll
index ed91bd4a98c..4f12da0b1fa 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/MemberRefExpr.qll
@@ -29,5 +29,12 @@ module Generated {
     predicate hasOrdinarySemantics() {
       Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasOrdinarySemantics()
     }
+
+    /**
+     * Holds if this member ref expression has distributed thunk semantics.
+     */
+    predicate hasDistributedThunkSemantics() {
+      Synth::convertMemberRefExprToRaw(this).(Raw::MemberRefExpr).hasDistributedThunkSemantics()
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll
index 0d145bfbb04..602478ed726 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll
@@ -46,6 +46,6 @@ module Generated {
     /**
      * Gets the number of arguments of this object literal expression.
      */
-    final int getNumberOfArguments() { result = count(getAnArgument()) }
+    final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll
index 8c9b17d8abd..02010bf0af2 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll
@@ -1,6 +1,7 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
 import codeql.swift.elements.decl.ValueDecl
 
@@ -9,7 +10,7 @@ module Generated {
    * An ambiguous expression that might refer to multiple declarations. This will be present only
    * for failing compilations.
    */
-  class OverloadedDeclRefExpr extends Synth::TOverloadedDeclRefExpr, Expr {
+  class OverloadedDeclRefExpr extends Synth::TOverloadedDeclRefExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "OverloadedDeclRefExpr" }
 
     /**
@@ -40,6 +41,8 @@ module Generated {
     /**
      * Gets the number of possible declarations of this overloaded declaration ref expression.
      */
-    final int getNumberOfPossibleDeclarations() { result = count(getAPossibleDeclaration()) }
+    final int getNumberOfPossibleDeclarations() {
+      result = count(int i | exists(getPossibleDeclaration(i)))
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll
index 6cbeb816a25..5a4ca1b9650 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll
@@ -33,6 +33,6 @@ module Generated {
     /**
      * Gets the number of elements of this sequence expression.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll
index c75de17d112..c5bdfb0207d 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll
@@ -34,7 +34,7 @@ module Generated {
     /**
      * Gets the number of arguments of this subscript expression.
      */
-    final int getNumberOfArguments() { result = count(getAnArgument()) }
+    final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) }
 
     /**
      * Holds if this subscript expression has direct to storage semantics.
@@ -58,5 +58,12 @@ module Generated {
     predicate hasOrdinarySemantics() {
       Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasOrdinarySemantics()
     }
+
+    /**
+     * Holds if this subscript expression has distributed thunk semantics.
+     */
+    predicate hasDistributedThunkSemantics() {
+      Synth::convertSubscriptExprToRaw(this).(Raw::SubscriptExpr).hasDistributedThunkSemantics()
+    }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll
index 37b928dac22..734c8d311ad 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll
@@ -47,7 +47,7 @@ module Generated {
     final BraceStmt getBody() { result = getImmediateBody().resolve() }
 
     /**
-     * Gets the var of this tap expression.
+     * Gets the variable of this tap expression.
      *
      * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
      * behavior of both the `Immediate` and non-`Immediate` versions.
@@ -58,7 +58,7 @@ module Generated {
     }
 
     /**
-     * Gets the var of this tap expression.
+     * Gets the variable of this tap expression.
      */
     final VarDecl getVar() { result = getImmediateVar().resolve() }
   }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll
index 36a62ee0313..5db9ee900ba 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll
@@ -33,6 +33,6 @@ module Generated {
     /**
      * Gets the number of elements of this tuple expression.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll
index 69503e9e1d2..44714ddc239 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll
@@ -1,11 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedDeclRefExpr extends Synth::TUnresolvedDeclRefExpr, Expr, UnresolvedElement {
+  class UnresolvedDeclRefExpr extends Synth::TUnresolvedDeclRefExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedDeclRefExpr" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll
index c1babf745ef..94da3aa05e3 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll
@@ -1,11 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedDotExpr extends Synth::TUnresolvedDotExpr, Expr, UnresolvedElement {
+  class UnresolvedDotExpr extends Synth::TUnresolvedDotExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedDotExpr" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll
index d35b1436f8a..c7e62054345 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll
@@ -1,12 +1,12 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.IdentityExpr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
   class UnresolvedMemberChainResultExpr extends Synth::TUnresolvedMemberChainResultExpr,
-    IdentityExpr, UnresolvedElement {
+    IdentityExpr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedMemberChainResultExpr" }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll
index ecce559fa41..3dcb91353b7 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll
@@ -1,11 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedMemberExpr extends Synth::TUnresolvedMemberExpr, Expr, UnresolvedElement {
+  class UnresolvedMemberExpr extends Synth::TUnresolvedMemberExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedMemberExpr" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll
index 3edfc8bf084..ae7b16de2d3 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll
@@ -1,12 +1,12 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
 import codeql.swift.elements.pattern.Pattern
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedPatternExpr extends Synth::TUnresolvedPatternExpr, Expr, UnresolvedElement {
+  class UnresolvedPatternExpr extends Synth::TUnresolvedPatternExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedPatternExpr" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll
index 461f41c97fb..60c7379bda8 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll
@@ -1,11 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.Expr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedSpecializeExpr extends Synth::TUnresolvedSpecializeExpr, Expr, UnresolvedElement {
+  class UnresolvedSpecializeExpr extends Synth::TUnresolvedSpecializeExpr, Expr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedSpecializeExpr" }
 
     /**
diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll
index 10d3fc7a0d5..c6db91fb04c 100644
--- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll
+++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll
@@ -1,12 +1,12 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.expr.ImplicitConversionExpr
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
   class UnresolvedTypeConversionExpr extends Synth::TUnresolvedTypeConversionExpr,
-    ImplicitConversionExpr, UnresolvedElement {
+    ImplicitConversionExpr, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedTypeConversionExpr" }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll
index 7a2d3f86583..31c0cf593a5 100644
--- a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll
+++ b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll
@@ -33,6 +33,6 @@ module Generated {
     /**
      * Gets the number of elements of this tuple pattern.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll
index 4aef40c0ea5..5f2245f991d 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of elements of this brace statement.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll
index a320d56194a..a6246070415 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll
@@ -51,7 +51,7 @@ module Generated {
     /**
      * Gets the number of labels of this case statement.
      */
-    final int getNumberOfLabels() { result = count(getALabel()) }
+    final int getNumberOfLabels() { result = count(int i | exists(getLabel(i))) }
 
     /**
      * Gets the `index`th variable of this case statement (0-based).
@@ -79,6 +79,6 @@ module Generated {
     /**
      * Gets the number of variables of this case statement.
      */
-    final int getNumberOfVariables() { result = count(getAVariable()) }
+    final int getNumberOfVariables() { result = count(int i | exists(getVariable(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll
index 341446dd921..642da76726a 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll
@@ -51,6 +51,6 @@ module Generated {
     /**
      * Gets the number of catches of this do catch statement.
      */
-    final int getNumberOfCatches() { result = count(getACatch()) }
+    final int getNumberOfCatches() { result = count(int i | exists(getCatch(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll
index a7376dd0ca1..45b93f32177 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of elements of this statement condition.
      */
-    final int getNumberOfElements() { result = count(getAnElement()) }
+    final int getNumberOfElements() { result = count(int i | exists(getElement(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll
index 6113c36e5f4..e1921751d22 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll
@@ -51,6 +51,6 @@ module Generated {
     /**
      * Gets the number of cases of this switch statement.
      */
-    final int getNumberOfCases() { result = count(getACase()) }
+    final int getNumberOfCases() { result = count(int i | exists(getCase(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll
index 84d73eaa6aa..42d91340d95 100644
--- a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll
+++ b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll
@@ -34,6 +34,6 @@ module Generated {
     /**
      * Gets the number of results of this yield statement.
      */
-    final int getNumberOfResults() { result = count(getAResult()) }
+    final int getNumberOfResults() { result = count(int i | exists(getResult(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll
index 8e89e21f0ae..58a98860700 100644
--- a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll
@@ -49,7 +49,7 @@ module Generated {
     /**
      * Gets the number of parameter types of this function type.
      */
-    final int getNumberOfParamTypes() { result = count(getAParamType()) }
+    final int getNumberOfParamTypes() { result = count(int i | exists(getParamType(i))) }
 
     /**
      * Gets the `index`th parameter label of this function type (0-based), if it exists.
diff --git a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll
index d466a20c132..55c53181e4b 100644
--- a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll
@@ -74,6 +74,6 @@ module Generated {
     /**
      * Gets the number of protocols of this archetype type.
      */
-    final int getNumberOfProtocols() { result = count(getAProtocol()) }
+    final int getNumberOfProtocols() { result = count(int i | exists(getProtocol(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll
index 3438b682f3e..5128c6273a8 100644
--- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll
@@ -32,6 +32,6 @@ module Generated {
     /**
      * Gets the number of argument types of this bound generic type.
      */
-    final int getNumberOfArgTypes() { result = count(getAnArgType()) }
+    final int getNumberOfArgTypes() { result = count(int i | exists(getArgType(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll b/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll
index d347a8dc501..1c2a276b1ae 100644
--- a/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/ErrorType.qll
@@ -1,10 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.type.Type
 
 module Generated {
-  class ErrorType extends Synth::TErrorType, Type {
+  class ErrorType extends Synth::TErrorType, Type, ErrorElement {
     override string getAPrimaryQlClass() { result = "ErrorType" }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll
index c127af996c0..0a42fa105b5 100644
--- a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll
@@ -39,6 +39,6 @@ module Generated {
     /**
      * Gets the number of type parameters of this generic type.
      */
-    final int getNumberOfGenericParams() { result = count(getAGenericParam()) }
+    final int getNumberOfGenericParams() { result = count(int i | exists(getGenericParam(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll
index 0a969fd5256..2f16a859f22 100644
--- a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll
@@ -1,10 +1,62 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.type.ProtocolType
 import codeql.swift.elements.type.Type
 
 module Generated {
+  /**
+   * A sugar type of the form `P<X>` with `P` a protocol.
+   *
+   * If `P` has primary associated type `A`, then `T: P<X>` is a shortcut for `T: P where T.A == X`.
+   */
   class ParameterizedProtocolType extends Synth::TParameterizedProtocolType, Type {
     override string getAPrimaryQlClass() { result = "ParameterizedProtocolType" }
+
+    /**
+     * Gets the base of this parameterized protocol type.
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    ProtocolType getImmediateBase() {
+      result =
+        Synth::convertProtocolTypeFromRaw(Synth::convertParameterizedProtocolTypeToRaw(this)
+              .(Raw::ParameterizedProtocolType)
+              .getBase())
+    }
+
+    /**
+     * Gets the base of this parameterized protocol type.
+     */
+    final ProtocolType getBase() { result = getImmediateBase().resolve() }
+
+    /**
+     * Gets the `index`th argument of this parameterized protocol type (0-based).
+     *
+     * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
+     * behavior of both the `Immediate` and non-`Immediate` versions.
+     */
+    Type getImmediateArg(int index) {
+      result =
+        Synth::convertTypeFromRaw(Synth::convertParameterizedProtocolTypeToRaw(this)
+              .(Raw::ParameterizedProtocolType)
+              .getArg(index))
+    }
+
+    /**
+     * Gets the `index`th argument of this parameterized protocol type (0-based).
+     */
+    final Type getArg(int index) { result = getImmediateArg(index).resolve() }
+
+    /**
+     * Gets any of the arguments of this parameterized protocol type.
+     */
+    final Type getAnArg() { result = getArg(_) }
+
+    /**
+     * Gets the number of arguments of this parameterized protocol type.
+     */
+    final int getNumberOfArgs() { result = count(int i | exists(getArg(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll
index c653cc6c78f..7082b96ff40 100644
--- a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll
@@ -33,6 +33,6 @@ module Generated {
     /**
      * Gets the number of members of this protocol composition type.
      */
-    final int getNumberOfMembers() { result = count(getAMember()) }
+    final int getNumberOfMembers() { result = count(int i | exists(getMember(i))) }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll
deleted file mode 100644
index 6621b6f53fe..00000000000
--- a/swift/ql/lib/codeql/swift/generated/type/SequenceArchetypeType.qll
+++ /dev/null
@@ -1,10 +0,0 @@
-// generated by codegen/codegen.py
-private import codeql.swift.generated.Synth
-private import codeql.swift.generated.Raw
-import codeql.swift.elements.type.ArchetypeType
-
-module Generated {
-  class SequenceArchetypeType extends Synth::TSequenceArchetypeType, ArchetypeType {
-    override string getAPrimaryQlClass() { result = "SequenceArchetypeType" }
-  }
-}
diff --git a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll
index d21c704b4d3..e595a63d242 100644
--- a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll
@@ -31,7 +31,7 @@ module Generated {
     /**
      * Gets the number of types of this tuple type.
      */
-    final int getNumberOfTypes() { result = count(getAType()) }
+    final int getNumberOfTypes() { result = count(int i | exists(getType(i))) }
 
     /**
      * Gets the `index`th name of this tuple type (0-based), if it exists.
diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll
deleted file mode 100644
index 526e156daaf..00000000000
--- a/swift/ql/lib/codeql/swift/generated/type/TypeVariableType.qll
+++ /dev/null
@@ -1,10 +0,0 @@
-// generated by codegen/codegen.py
-private import codeql.swift.generated.Synth
-private import codeql.swift.generated.Raw
-import codeql.swift.elements.type.Type
-
-module Generated {
-  class TypeVariableType extends Synth::TTypeVariableType, Type {
-    override string getAPrimaryQlClass() { result = "TypeVariableType" }
-  }
-}
diff --git a/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll b/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll
index 4cad38bace3..2e6848734bf 100644
--- a/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll
+++ b/swift/ql/lib/codeql/swift/generated/type/UnresolvedType.qll
@@ -1,11 +1,11 @@
 // generated by codegen/codegen.py
 private import codeql.swift.generated.Synth
 private import codeql.swift.generated.Raw
+import codeql.swift.elements.ErrorElement
 import codeql.swift.elements.type.Type
-import codeql.swift.elements.UnresolvedElement
 
 module Generated {
-  class UnresolvedType extends Synth::TUnresolvedType, Type, UnresolvedElement {
+  class UnresolvedType extends Synth::TUnresolvedType, Type, ErrorElement {
     override string getAPrimaryQlClass() { result = "UnresolvedType" }
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/PathInjection.qll b/swift/ql/lib/codeql/swift/security/PathInjection.qll
new file mode 100644
index 00000000000..1e0d106b4e1
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/security/PathInjection.qll
@@ -0,0 +1,110 @@
+/** Provides classes and predicates to reason about path injection vulnerabilities. */
+
+import swift
+private import codeql.swift.controlflow.BasicBlocks
+private import codeql.swift.controlflow.ControlFlowGraph
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.TaintTracking
+private import codeql.swift.generated.ParentChild
+private import codeql.swift.frameworks.StandardLibrary.FilePath
+
+/** A data flow sink for path injection vulnerabilities. */
+abstract class PathInjectionSink extends DataFlow::Node { }
+
+/** A sanitizer for path injection vulnerabilities. */
+abstract class PathInjectionSanitizer extends DataFlow::Node { }
+
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to paths related to
+ * path injection vulnerabilities.
+ */
+class PathInjectionAdditionalTaintStep extends Unit {
+  /**
+   * Holds if the step from `node1` to `node2` should be considered a taint
+   * step for paths related to path injection vulnerabilities.
+   */
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}
+
+private class DefaultPathInjectionSink extends PathInjectionSink {
+  DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
+}
+
+private class DefaultPathInjectionSanitizer extends PathInjectionSanitizer {
+  DefaultPathInjectionSanitizer() {
+    // This is a simplified implementation.
+    // TODO: Implement a complete path sanitizer when Guards are available.
+    exists(CallExpr starts, CallExpr normalize, DataFlow::Node validated |
+      starts.getStaticTarget().getName() = "starts(with:)" and
+      starts.getStaticTarget().getEnclosingDecl() instanceof FilePath and
+      normalize.getStaticTarget().getName() = "lexicallyNormalized()" and
+      normalize.getStaticTarget().getEnclosingDecl() instanceof FilePath
+    |
+      TaintTracking::localTaint(validated, DataFlow::exprNode(normalize.getQualifier())) and
+      DataFlow::localExprFlow(normalize, starts.getQualifier()) and
+      DataFlow::localFlow(validated, this) and
+      exists(ConditionBlock bb, SuccessorTypes::BooleanSuccessor b |
+        bb.getANode().getNode().asAstNode().(IfStmt).getACondition() = getImmediateParent*(starts) and
+        b.getValue() = true
+      |
+        bb.controls(this.getCfgNode().getBasicBlock(), b)
+      )
+    )
+  }
+}
+
+private class PathInjectionSinks extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Data;true;write(to:options:);;;Argument[0];path-injection",
+        ";NSData;true;write(to:atomically:);;;Argument[0];path-injection",
+        ";NSData;true;write(to:options:);;;Argument[0];path-injection",
+        ";NSData;true;write(toFile:atomically:);;;Argument[0];path-injection",
+        ";NSData;true;write(toFile:options:);;;Argument[0];path-injection",
+        ";FileManager;true;contentsOfDirectory(at:includingPropertiesForKeys:options:);;;Argument[0];path-injection",
+        ";FileManager;true;contentsOfDirectory(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;enumerator(at:includingPropertiesForKeys:options:errorHandler:);;;Argument[0];path-injection",
+        ";FileManager;true;enumerator(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;subpathsOfDirectory(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;subpaths(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;createDirectory(at:withIntermediateDirectories:attributes:);;;Argument[0];path-injection",
+        ";FileManager;true;createDirectory(atPath:withIntermediateDirectories:attributes:);;;Argument[0];path-injection",
+        ";FileManager;true;createFile(atPath:contents:attributes:);;;Argument[0];path-injection",
+        ";FileManager;true;removeItem(at:);;;Argument[0];path-injection",
+        ";FileManager;true;removeItem(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;trashItem(at:resultingItemURL:);;;Argument[0];path-injection",
+        ";FileManager;true;replaceItem(at:withItemAt:backupItemName:options:resultingItemURL:);;;Argument[0..1];path-injection",
+        ";FileManager;true;replaceItemAt(_:withItemAt:backupItemName:options:);;;Argument[0..1];path-injection",
+        ";FileManager;true;copyItem(at:to:);;;Argument[0..1];path-injection",
+        ";FileManager;true;copyItem(atPath:toPath:);;;Argument[0..1];path-injection",
+        ";FileManager;true;moveItem(at:to:);;;Argument[0..1];path-injection",
+        ";FileManager;true;moveItem(atPath:toPath:);;;Argument[0..1];path-injection",
+        ";FileManager;true;createSymbolicLink(at:withDestinationURL:);;;Argument[0..1];path-injection",
+        ";FileManager;true;createSymbolicLink(atPath:withDestinationPath:);;;Argument[0..1];path-injection",
+        ";FileManager;true;linkItem(at:to:);;;Argument[0..1];path-injection",
+        ";FileManager;true;linkItem(atPath:toPath:);;;Argument[0..1];path-injection",
+        ";FileManager;true;destinationOfSymbolicLink(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;fileExists(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;fileExists(atPath:isDirectory:);;;Argument[0];path-injection",
+        ";FileManager;true;setAttributes(_:ofItemAtPath:);;;Argument[1];path-injection",
+        ";FileManager;true;contents(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;contentsEqual(atPath:andPath:);;;Argument[0..1];path-injection",
+        ";FileManager;true;changeCurrentDirectoryPath(_:);;;Argument[0];path-injection",
+        ";FileManager;true;unmountVolume(at:options:completionHandler:);;;Argument[0];path-injection",
+        // Deprecated FileManager methods:
+        ";FileManager;true;changeFileAttributes(_:atPath:);;;Argument[1];path-injection",
+        ";FileManager;true;directoryContents(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;createDirectory(atPath:attributes:);;;Argument[0];path-injection",
+        ";FileManager;true;createSymbolicLink(atPath:pathContent:);;;Argument[0..1];path-injection",
+        ";FileManager;true;pathContentOfSymbolicLink(atPath:);;;Argument[0];path-injection",
+        ";FileManager;true;replaceItemAtURL(originalItemURL:withItemAtURL:backupItemName:options:);;;Argument[0..1];path-injection",
+        ";NIOFileHandle;true;init(descriptor:);;;Argument[0];path-injection",
+        ";NIOFileHandle;true;init(path:mode:flags:);;;Argument[0];path-injection",
+        ";NIOFileHandle;true;init(path:);;;Argument[0];path-injection"
+      ]
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
new file mode 100644
index 00000000000..1512fbab052
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
@@ -0,0 +1,30 @@
+/**
+ * Provides a taint-tracking configuration for reasoning about path injection
+ * vulnerabilities.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSources
+private import codeql.swift.dataflow.TaintTracking
+private import codeql.swift.security.PathInjection
+
+/**
+ * A taint-tracking configuration for path injection vulnerabilities.
+ */
+class PathInjectionConfiguration extends TaintTracking::Configuration {
+  PathInjectionConfiguration() { this = "PathInjectionConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof PathInjectionSink }
+
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer instanceof PathInjectionSanitizer
+  }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    any(PathInjectionAdditionalTaintStep s).step(node1, node2)
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/security/XXE.qll b/swift/ql/lib/codeql/swift/security/XXE.qll
new file mode 100644
index 00000000000..623be39060c
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/security/XXE.qll
@@ -0,0 +1,203 @@
+/** Provides classes and predicates to reason about XML external entities (XXE) vulnerabilities. */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.frameworks.AEXML
+private import codeql.swift.frameworks.Libxml2
+
+/** A data flow sink for XML external entities (XXE) vulnerabilities. */
+abstract class XxeSink extends DataFlow::Node { }
+
+/** A sanitizer for XML external entities (XXE) vulnerabilities. */
+abstract class XxeSanitizer extends DataFlow::Node { }
+
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to paths related to
+ * XML external entities (XXE) vulnerabilities.
+ */
+class XxeAdditionalTaintStep extends Unit {
+  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
+}
+
+/** The XML argument of a `XMLParser` vulnerable to XXE. */
+private class XmlParserXxeSink extends XxeSink {
+  XmlParserXxeSink() {
+    this.asExpr() = any(Argument a | a.getApplyExpr() instanceof VulnerableParser).getExpr()
+  }
+}
+
+/** The construction of a `XMLParser` that enables external entities. */
+private class VulnerableParser extends CallExpr {
+  VulnerableParser() {
+    resolvesExternalEntities(this) and this.getFunction() instanceof ConstructorRefCallExpr
+  }
+}
+
+/** Holds if there is an access of `ref` that sets `shouldResolveExternalEntities` to `true`. */
+private predicate resolvesExternalEntities(XmlParserRef ref) {
+  exists(XmlParserRef base |
+    DataFlow::localExprFlow(ref, base) or DataFlow::localExprFlow(base, ref)
+  |
+    exists(AssignExpr assign, ShouldResolveExternalEntities s, BooleanLiteralExpr b |
+      s.getBase() = base and
+      assign.getDest() = s and
+      b.getValue() = true and
+      DataFlow::localExprFlow(b, assign.getSource())
+    )
+  )
+}
+
+/** A reference to the field `XMLParser.shouldResolveExternalEntities`. */
+private class ShouldResolveExternalEntities extends MemberRefExpr {
+  ShouldResolveExternalEntities() {
+    this.getMember().(FieldDecl).getName() = "shouldResolveExternalEntities" and
+    this.getBase() instanceof XmlParserRef
+  }
+}
+
+/** An expression of type `XMLParser`. */
+private class XmlParserRef extends Expr {
+  XmlParserRef() {
+    this.getType() instanceof XmlParserType or
+    this.getType() = any(OptionalType t | t.getBaseType() instanceof XmlParserType)
+  }
+}
+
+/** The type `XMLParser`. */
+private class XmlParserType extends NominalType {
+  XmlParserType() { this.getFullName() = "XMLParser" }
+}
+
+/** The XML argument of a `XMLDocument` vulnerable to XXE. */
+private class XmlDocumentXxeSink extends XxeSink {
+  XmlDocumentXxeSink() { this.asExpr() = any(VulnerableXmlDocument d).getArgument(0).getExpr() }
+}
+
+/** An `XMLDocument` that sets `nodeLoadExternalEntitiesAlways` in its options. */
+private class VulnerableXmlDocument extends ApplyExpr {
+  VulnerableXmlDocument() {
+    this.getStaticTarget().(ConstructorDecl).getEnclosingDecl().(NominalTypeDecl).getFullName() =
+      "XMLDocument" and
+    this.getArgument(1).getExpr().(ArrayExpr).getAnElement().(MemberRefExpr).getMember() instanceof
+      NodeLoadExternalEntitiesAlways
+  }
+}
+
+/** The option `XMLNode.Options.nodeLoadExternalEntitiesAlways`. */
+private class NodeLoadExternalEntitiesAlways extends VarDecl {
+  NodeLoadExternalEntitiesAlways() {
+    this.getName() = "nodeLoadExternalEntitiesAlways" and
+    this.getEnclosingDecl().(StructDecl).getFullName() = "XMLNode.Options"
+  }
+}
+
+/** The XML argument of an `AEXMLDocument` vulnerable to XXE. */
+private class AexmlDocumentSink extends XxeSink {
+  AexmlDocumentSink() {
+    // `AEXMLDocument` initialized with vulnerable options.
+    exists(ApplyExpr call | this.asExpr() = call.getArgument(0).getExpr() |
+      call.(VulnerableAexmlDocument)
+          .getStaticTarget()
+          .hasName(["init(xml:options:)", "init(xml:encoding:options:)"])
+      or
+      // `loadXML` called on a vulnerable AEXMLDocument.
+      DataFlow::localExprFlow(any(VulnerableAexmlDocument v),
+        call.(AexmlDocumentLoadXml).getQualifier())
+    )
+  }
+}
+
+/** The XML argument of an `AEXMLParser` initialized with an `AEXMLDocument` vulnerable to XXE. */
+private class AexmlParserSink extends XxeSink {
+  AexmlParserSink() {
+    exists(AexmlParser parser | this.asExpr() = parser.getArgument(1).getExpr() |
+      DataFlow::localExprFlow(any(VulnerableAexmlDocument v), parser.getArgument(0).getExpr())
+    )
+  }
+}
+
+/** The creation of an `AEXMLDocument` that receives a vulnerable `AEXMLOptions` argument. */
+private class VulnerableAexmlDocument extends AexmlDocument {
+  VulnerableAexmlDocument() {
+    exists(AexmlOptions optionsArgument, VulnerableAexmlOptions vulnOpts |
+      this.getAnArgument().getExpr() = optionsArgument and
+      DataFlow::localExprFlow(vulnOpts, optionsArgument)
+    )
+  }
+}
+
+/**
+ * An `AEXMLOptions` object which contains a `parserSettings` with `shouldResolveExternalEntities`
+ * set to `true`.
+ */
+private class VulnerableAexmlOptions extends AexmlOptions {
+  VulnerableAexmlOptions() {
+    exists(
+      AexmlParserSettings parserSettings, AexmlShouldResolveExternalEntities sree, AssignExpr a
+    |
+      a.getSource() = any(BooleanLiteralExpr b | b.getValue() = true) and
+      a.getDest() = sree and
+      sree.(MemberRefExpr).getBase() = parserSettings and
+      parserSettings.(MemberRefExpr).getBase() = this
+    )
+  }
+}
+
+/** An expression of type `AEXMLOptions.ParserSettings`. */
+private class AexmlParserSettings extends Expr {
+  pragma[inline]
+  AexmlParserSettings() {
+    this.getType() instanceof AexmlOptionsParserSettingsType or
+    this.getType() = any(OptionalType t | t.getBaseType() instanceof AexmlOptionsParserSettingsType) or
+    this.getType() = any(LValueType t | t.getObjectType() instanceof AexmlOptionsParserSettingsType)
+  }
+}
+
+/** An expression of type `AEXMLOptions`. */
+private class AexmlOptions extends Expr {
+  pragma[inline]
+  AexmlOptions() {
+    this.getType() instanceof AexmlOptionsType or
+    this.getType() = any(OptionalType t | t.getBaseType() instanceof AexmlOptionsType) or
+    this.getType() = any(LValueType t | t.getObjectType() instanceof AexmlOptionsType)
+  }
+}
+
+/** The XML argument of a `libxml2` parsing call vulnerable to XXE. */
+private class Libxml2XxeSink extends XxeSink {
+  Libxml2XxeSink() {
+    exists(Libxml2ParseCall c, Libxml2BadOption opt |
+      this.asExpr() = c.getXml() and
+      lib2xmlOptionLocalTaintStep*(DataFlow::exprNode(opt.getAnAccess()),
+        DataFlow::exprNode(c.getOptions()))
+    )
+  }
+}
+
+/**
+ * Holds if taint can flow from `source` to `sink` in one local step,
+ * including bitwise operations, accesses to `.rawValue`, and casts to `Int32`.
+ */
+private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
+  DataFlow::localFlowStep(source, sink)
+  or
+  source.asExpr() = sink.asExpr().(BitwiseOperation).getAnOperand()
+  or
+  exists(MemberRefExpr rawValue | rawValue.getMember().(VarDecl).getName() = "rawValue" |
+    source.asExpr() = rawValue.getBase() and sink.asExpr() = rawValue
+  )
+  or
+  exists(ApplyExpr int32Init |
+    int32Init
+        .getStaticTarget()
+        .(ConstructorDecl)
+        .getEnclosingDecl()
+        .(ExtensionDecl)
+        .getExtendedTypeDecl()
+        .getName() = "SignedInteger"
+  |
+    source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init
+  )
+}
diff --git a/swift/ql/lib/codeql/swift/security/XXEQuery.qll b/swift/ql/lib/codeql/swift/security/XXEQuery.qll
new file mode 100644
index 00000000000..2b5dc5ea3ea
--- /dev/null
+++ b/swift/ql/lib/codeql/swift/security/XXEQuery.qll
@@ -0,0 +1,27 @@
+/**
+ * Provides a taint-tracking configuration for reasoning about XML external entities
+ * (XXE) vulnerabilities.
+ */
+
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.FlowSources
+import codeql.swift.dataflow.TaintTracking
+import codeql.swift.security.XXE
+
+/**
+ * A taint-tracking configuration for XML external entities (XXE) vulnerabilities.
+ */
+class XxeConfiguration extends TaintTracking::Configuration {
+  XxeConfiguration() { this = "XxeConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink }
+
+  override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
+    any(XxeAdditionalTaintStep s).step(n1, n2)
+  }
+}
diff --git a/swift/ql/lib/swift.dbscheme b/swift/ql/lib/swift.dbscheme
index 594381ec16e..62fc609c1ab 100644
--- a/swift/ql/lib/swift.dbscheme
+++ b/swift/ql/lib/swift.dbscheme
@@ -52,7 +52,6 @@ callable_bodies(
 
 @file =
   @db_file
-| @unknown_file
 ;
 
 #keyset[id]
@@ -66,8 +65,7 @@ files(
 | @ast_node
 | @comment
 | @diagnostics
-| @unresolved_element
-| @unspecified_element
+| @error_element
 ;
 
 #keyset[id]
@@ -78,7 +76,6 @@ locatable_locations(
 
 @location =
   @db_location
-| @unknown_location
 ;
 
 #keyset[id]
@@ -121,16 +118,11 @@ diagnostics(
   int kind: int ref
 );
 
-unknown_files(
-  unique int id: @unknown_file
-);
-
-unknown_locations(
-  unique int id: @unknown_location
-);
-
-@unresolved_element =
-  @unresolved_decl_ref_expr
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
 | @unresolved_dot_expr
 | @unresolved_member_chain_result_expr
 | @unresolved_member_expr
@@ -138,6 +130,7 @@ unknown_locations(
 | @unresolved_specialize_expr
 | @unresolved_type
 | @unresolved_type_conversion_expr
+| @unspecified_element
 ;
 
 unspecified_elements(
@@ -483,6 +476,30 @@ var_decl_parent_initializers(  //dir=decl
   int parent_initializer: @expr_or_none ref
 );
 
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
 accessor_decls(  //dir=decl
   unique int id: @accessor_decl
 );
@@ -507,6 +524,26 @@ accessor_decl_is_did_set(  //dir=decl
   int id: @accessor_decl ref
 );
 
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
 associated_type_decls(  //dir=decl
   unique int id: @associated_type_decl
 );
@@ -558,6 +595,18 @@ param_decl_is_inout(  //dir=decl
   int id: @param_decl ref
 );
 
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
 type_alias_decls(  //dir=decl
   unique int id: @type_alias_decl
 );
@@ -742,6 +791,11 @@ decl_ref_expr_has_ordinary_semantics(  //dir=expr
   int id: @decl_ref_expr ref
 );
 
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
 default_argument_exprs(  //dir=expr
   unique int id: @default_argument_expr,
   int param_decl: @param_decl_or_none ref,
@@ -816,7 +870,8 @@ if_exprs(  //dir=expr
 );
 
 @implicit_conversion_expr =
-  @any_hashable_erasure_expr
+  @abi_safe_conversion_expr
+| @any_hashable_erasure_expr
 | @archetype_to_super_expr
 | @array_to_pointer_expr
 | @bridge_from_obj_c_expr
@@ -902,7 +957,6 @@ lazy_initializer_exprs(  //dir=expr
 @lookup_expr =
   @dynamic_lookup_expr
 | @member_ref_expr
-| @method_ref_expr
 | @subscript_expr
 ;
 
@@ -1076,6 +1130,10 @@ vararg_expansion_exprs(  //dir=expr
   int sub_expr: @expr_or_none ref
 );
 
+abi_safe_conversion_exprs(  //dir=expr
+  unique int id: @abi_safe_conversion_expr
+);
+
 any_hashable_erasure_exprs(  //dir=expr
   unique int id: @any_hashable_erasure_expr
 );
@@ -1291,12 +1349,13 @@ member_ref_expr_has_ordinary_semantics(  //dir=expr
   int id: @member_ref_expr ref
 );
 
-metatype_conversion_exprs(  //dir=expr
-  unique int id: @metatype_conversion_expr
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
 );
 
-method_ref_exprs(  //dir=expr
-  unique int id: @method_ref_expr
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
 );
 
 nil_literal_exprs(  //dir=expr
@@ -1384,6 +1443,11 @@ subscript_expr_has_ordinary_semantics(  //dir=expr
   int id: @subscript_expr ref
 );
 
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
 try_exprs(  //dir=expr
   unique int id: @try_expr
 );
@@ -1841,7 +1905,6 @@ while_stmts(  //dir=stmt
 | @substitutable_type
 | @sugar_type
 | @tuple_type
-| @type_variable_type
 | @unresolved_type
 ;
 
@@ -1964,7 +2027,15 @@ module_types(  //dir=type
 );
 
 parameterized_protocol_types(  //dir=type
-  unique int id: @parameterized_protocol_type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
 );
 
 protocol_composition_types(  //dir=type
@@ -2019,10 +2090,6 @@ tuple_type_names(  //dir=type
   string name: string ref
 );
 
-type_variable_types(  //dir=type
-  unique int id: @type_variable_type
-);
-
 unresolved_types(  //dir=type
   unique int id: @unresolved_type
 );
@@ -2036,7 +2103,6 @@ unresolved_types(  //dir=type
   @opaque_type_archetype_type
 | @opened_archetype_type
 | @primary_archetype_type
-| @sequence_archetype_type
 ;
 
 #keyset[id]
@@ -2214,10 +2280,6 @@ primary_archetype_types(  //dir=type
   unique int id: @primary_archetype_type
 );
 
-sequence_archetype_types(  //dir=type
-  unique int id: @sequence_archetype_type
-);
-
 @unary_syntax_sugar_type =
   @array_slice_type
 | @optional_type
@@ -2405,6 +2467,11 @@ variadic_sequence_types(  //dir=type
 | @unspecified_element
 ;
 
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
 @stmt_or_none =
   @stmt
 | @unspecified_element
diff --git a/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme
new file mode 100644
index 00000000000..1a6e9325bd6
--- /dev/null
+++ b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/old.dbscheme
@@ -0,0 +1,2513 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme
new file mode 100644
index 00000000000..62fc609c1ab
--- /dev/null
+++ b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/swift.dbscheme
@@ -0,0 +1,2518 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @abi_safe_conversion_expr
+| @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+abi_safe_conversion_exprs(  //dir=expr
+  unique int id: @abi_safe_conversion_expr
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties
new file mode 100644
index 00000000000..e5bd2c32e33
--- /dev/null
+++ b/swift/ql/lib/upgrades/1a6e9325bd60462e669e524438174deef4476df0/upgrade.properties
@@ -0,0 +1,2 @@
+description: Added new implicit conversion
+compatibility: full
diff --git a/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme
new file mode 100644
index 00000000000..abbb8c9e840
--- /dev/null
+++ b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/old.dbscheme
@@ -0,0 +1,2478 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme
new file mode 100644
index 00000000000..1a6e9325bd6
--- /dev/null
+++ b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/swift.dbscheme
@@ -0,0 +1,2513 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_read(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_modify(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_unsafe_mutable_address(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_distributed_thunk_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties
new file mode 100644
index 00000000000..b1ad62a1a71
--- /dev/null
+++ b/swift/ql/lib/upgrades/abbb8c9e8408841c2bc12e3deb2305f062f5399e/upgrade.properties
@@ -0,0 +1,2 @@
+description: Add missing Accessor and AccessSemantics cases
+compatibility: backwards
diff --git a/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/old.dbscheme b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/old.dbscheme
new file mode 100644
index 00000000000..ceca289a0ff
--- /dev/null
+++ b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/old.dbscheme
@@ -0,0 +1,2493 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+| @unknown_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+| @unknown_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unknown_files(
+  unique int id: @unknown_file
+);
+
+unknown_locations(
+  unique int id: @unknown_location
+);
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @method_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+method_ref_exprs(  //dir=expr
+  unique int id: @method_ref_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/swift.dbscheme b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/swift.dbscheme
new file mode 100644
index 00000000000..abbb8c9e840
--- /dev/null
+++ b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/swift.dbscheme
@@ -0,0 +1,2478 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/upgrade.properties b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/upgrade.properties
new file mode 100644
index 00000000000..bb4b061ea2b
--- /dev/null
+++ b/swift/ql/lib/upgrades/ceca289a0ff56bcc88f72ad78a8fbff1d850922f/upgrade.properties
@@ -0,0 +1,5 @@
+description: Remove unfilled tables that were generated for actually synthesized QL types
+compatibility: full
+unknown_files.rel: delete
+unknown_locations: delete
+method_ref_exprs: delete
diff --git a/swift/ql/lib/upgrades/initial/swift.dbscheme b/swift/ql/lib/upgrades/initial/swift.dbscheme
new file mode 100644
index 00000000000..ceca289a0ff
--- /dev/null
+++ b/swift/ql/lib/upgrades/initial/swift.dbscheme
@@ -0,0 +1,2493 @@
+// generated by codegen/codegen.py
+
+// from prefix.dbscheme
+/**
+ * The source location of the snapshot.
+ */
+sourceLocationPrefix(
+  string prefix: string ref
+);
+
+
+// from schema.py
+
+@element =
+  @callable
+| @file
+| @generic_context
+| @iterable_decl_context
+| @locatable
+| @location
+| @type
+;
+
+#keyset[id]
+element_is_unknown(
+  int id: @element ref
+);
+
+@callable =
+  @abstract_closure_expr
+| @abstract_function_decl
+;
+
+#keyset[id]
+callable_self_params(
+  int id: @callable ref,
+  int self_param: @param_decl_or_none ref
+);
+
+#keyset[id, index]
+callable_params(
+  int id: @callable ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+#keyset[id]
+callable_bodies(
+  int id: @callable ref,
+  int body: @brace_stmt_or_none ref
+);
+
+@file =
+  @db_file
+| @unknown_file
+;
+
+#keyset[id]
+files(
+  int id: @file ref,
+  string name: string ref
+);
+
+@locatable =
+  @argument
+| @ast_node
+| @comment
+| @diagnostics
+| @error_element
+;
+
+#keyset[id]
+locatable_locations(
+  int id: @locatable ref,
+  int location: @location_or_none ref
+);
+
+@location =
+  @db_location
+| @unknown_location
+;
+
+#keyset[id]
+locations(
+  int id: @location ref,
+  int file: @file_or_none ref,
+  int start_line: int ref,
+  int start_column: int ref,
+  int end_line: int ref,
+  int end_column: int ref
+);
+
+@ast_node =
+  @case_label_item
+| @condition_element
+| @decl
+| @expr
+| @pattern
+| @stmt
+| @stmt_condition
+| @type_repr
+;
+
+comments(
+  unique int id: @comment,
+  string text: string ref
+);
+
+db_files(
+  unique int id: @db_file
+);
+
+db_locations(
+  unique int id: @db_location
+);
+
+diagnostics(
+  unique int id: @diagnostics,
+  string text: string ref,
+  int kind: int ref
+);
+
+@error_element =
+  @error_expr
+| @error_type
+| @overloaded_decl_ref_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_chain_result_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @unresolved_type
+| @unresolved_type_conversion_expr
+| @unspecified_element
+;
+
+unknown_files(
+  unique int id: @unknown_file
+);
+
+unknown_locations(
+  unique int id: @unknown_location
+);
+
+unspecified_elements(
+  unique int id: @unspecified_element,
+  string property: string ref,
+  string error: string ref
+);
+
+#keyset[id]
+unspecified_element_parents(
+  int id: @unspecified_element ref,
+  int parent: @element ref
+);
+
+#keyset[id]
+unspecified_element_indices(
+  int id: @unspecified_element ref,
+  int index: int ref
+);
+
+@decl =
+  @enum_case_decl
+| @extension_decl
+| @if_config_decl
+| @import_decl
+| @missing_member_decl
+| @operator_decl
+| @pattern_binding_decl
+| @pound_diagnostic_decl
+| @precedence_group_decl
+| @top_level_code_decl
+| @value_decl
+;
+
+#keyset[id]
+decls(  //dir=decl
+  int id: @decl ref,
+  int module: @module_decl_or_none ref
+);
+
+@generic_context =
+  @abstract_function_decl
+| @extension_decl
+| @generic_type_decl
+| @subscript_decl
+;
+
+#keyset[id, index]
+generic_context_generic_type_params(  //dir=decl
+  int id: @generic_context ref,
+  int index: int ref,
+  int generic_type_param: @generic_type_param_decl_or_none ref
+);
+
+@iterable_decl_context =
+  @extension_decl
+| @nominal_type_decl
+;
+
+#keyset[id, index]
+iterable_decl_context_members(  //dir=decl
+  int id: @iterable_decl_context ref,
+  int index: int ref,
+  int member: @decl_or_none ref
+);
+
+enum_case_decls(  //dir=decl
+  unique int id: @enum_case_decl
+);
+
+#keyset[id, index]
+enum_case_decl_elements(  //dir=decl
+  int id: @enum_case_decl ref,
+  int index: int ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+extension_decls(  //dir=decl
+  unique int id: @extension_decl,
+  int extended_type_decl: @nominal_type_decl_or_none ref
+);
+
+if_config_decls(  //dir=decl
+  unique int id: @if_config_decl
+);
+
+#keyset[id, index]
+if_config_decl_active_elements(  //dir=decl
+  int id: @if_config_decl ref,
+  int index: int ref,
+  int active_element: @ast_node_or_none ref
+);
+
+import_decls(  //dir=decl
+  unique int id: @import_decl
+);
+
+#keyset[id]
+import_decl_is_exported(  //dir=decl
+  int id: @import_decl ref
+);
+
+#keyset[id]
+import_decl_imported_modules(  //dir=decl
+  int id: @import_decl ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+import_decl_declarations(  //dir=decl
+  int id: @import_decl ref,
+  int index: int ref,
+  int declaration: @value_decl_or_none ref
+);
+
+missing_member_decls(  //dir=decl
+  unique int id: @missing_member_decl,
+  string name: string ref
+);
+
+@operator_decl =
+  @infix_operator_decl
+| @postfix_operator_decl
+| @prefix_operator_decl
+;
+
+#keyset[id]
+operator_decls(  //dir=decl
+  int id: @operator_decl ref,
+  string name: string ref
+);
+
+pattern_binding_decls(  //dir=decl
+  unique int id: @pattern_binding_decl
+);
+
+#keyset[id, index]
+pattern_binding_decl_inits(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int init: @expr_or_none ref
+);
+
+#keyset[id, index]
+pattern_binding_decl_patterns(  //dir=decl
+  int id: @pattern_binding_decl ref,
+  int index: int ref,
+  int pattern: @pattern_or_none ref
+);
+
+pound_diagnostic_decls(  //dir=decl
+  unique int id: @pound_diagnostic_decl,
+  int kind: int ref,
+  int message: @string_literal_expr_or_none ref
+);
+
+precedence_group_decls(  //dir=decl
+  unique int id: @precedence_group_decl
+);
+
+top_level_code_decls(  //dir=decl
+  unique int id: @top_level_code_decl,
+  int body: @brace_stmt_or_none ref
+);
+
+@value_decl =
+  @abstract_function_decl
+| @abstract_storage_decl
+| @enum_element_decl
+| @type_decl
+;
+
+#keyset[id]
+value_decls(  //dir=decl
+  int id: @value_decl ref,
+  int interface_type: @type_or_none ref
+);
+
+@abstract_function_decl =
+  @constructor_decl
+| @destructor_decl
+| @func_decl
+;
+
+#keyset[id]
+abstract_function_decls(  //dir=decl
+  int id: @abstract_function_decl ref,
+  string name: string ref
+);
+
+@abstract_storage_decl =
+  @subscript_decl
+| @var_decl
+;
+
+#keyset[id, index]
+abstract_storage_decl_accessor_decls(  //dir=decl
+  int id: @abstract_storage_decl ref,
+  int index: int ref,
+  int accessor_decl: @accessor_decl_or_none ref
+);
+
+enum_element_decls(  //dir=decl
+  unique int id: @enum_element_decl,
+  string name: string ref
+);
+
+#keyset[id, index]
+enum_element_decl_params(  //dir=decl
+  int id: @enum_element_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+infix_operator_decls(  //dir=decl
+  unique int id: @infix_operator_decl
+);
+
+#keyset[id]
+infix_operator_decl_precedence_groups(  //dir=decl
+  int id: @infix_operator_decl ref,
+  int precedence_group: @precedence_group_decl_or_none ref
+);
+
+postfix_operator_decls(  //dir=decl
+  unique int id: @postfix_operator_decl
+);
+
+prefix_operator_decls(  //dir=decl
+  unique int id: @prefix_operator_decl
+);
+
+@type_decl =
+  @abstract_type_param_decl
+| @generic_type_decl
+| @module_decl
+;
+
+#keyset[id]
+type_decls(  //dir=decl
+  int id: @type_decl ref,
+  string name: string ref
+);
+
+#keyset[id, index]
+type_decl_base_types(  //dir=decl
+  int id: @type_decl ref,
+  int index: int ref,
+  int base_type: @type_or_none ref
+);
+
+@abstract_type_param_decl =
+  @associated_type_decl
+| @generic_type_param_decl
+;
+
+constructor_decls(  //dir=decl
+  unique int id: @constructor_decl
+);
+
+destructor_decls(  //dir=decl
+  unique int id: @destructor_decl
+);
+
+@func_decl =
+  @accessor_decl
+| @concrete_func_decl
+;
+
+@generic_type_decl =
+  @nominal_type_decl
+| @opaque_type_decl
+| @type_alias_decl
+;
+
+module_decls(  //dir=decl
+  unique int id: @module_decl
+);
+
+#keyset[id]
+module_decl_is_builtin_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id]
+module_decl_is_system_module(  //dir=decl
+  int id: @module_decl ref
+);
+
+#keyset[id, index]
+module_decl_imported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int imported_module: @module_decl_or_none ref
+);
+
+#keyset[id, index]
+module_decl_exported_modules(  //dir=decl
+  int id: @module_decl ref,
+  int index: int ref,
+  int exported_module: @module_decl_or_none ref
+);
+
+subscript_decls(  //dir=decl
+  unique int id: @subscript_decl,
+  int element_type: @type_or_none ref
+);
+
+#keyset[id, index]
+subscript_decl_params(  //dir=decl
+  int id: @subscript_decl ref,
+  int index: int ref,
+  int param: @param_decl_or_none ref
+);
+
+@var_decl =
+  @concrete_var_decl
+| @param_decl
+;
+
+#keyset[id]
+var_decls(  //dir=decl
+  int id: @var_decl ref,
+  string name: string ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_attached_property_wrapper_types(  //dir=decl
+  int id: @var_decl ref,
+  int attached_property_wrapper_type: @type_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_patterns(  //dir=decl
+  int id: @var_decl ref,
+  int parent_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+var_decl_parent_initializers(  //dir=decl
+  int id: @var_decl ref,
+  int parent_initializer: @expr_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_backing_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_backing_var: @var_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_var_bindings(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+var_decl_property_wrapper_projection_vars(  //dir=decl
+  int id: @var_decl ref,
+  int property_wrapper_projection_var: @var_decl_or_none ref
+);
+
+accessor_decls(  //dir=decl
+  unique int id: @accessor_decl
+);
+
+#keyset[id]
+accessor_decl_is_getter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_setter(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_will_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+#keyset[id]
+accessor_decl_is_did_set(  //dir=decl
+  int id: @accessor_decl ref
+);
+
+associated_type_decls(  //dir=decl
+  unique int id: @associated_type_decl
+);
+
+concrete_func_decls(  //dir=decl
+  unique int id: @concrete_func_decl
+);
+
+concrete_var_decls(  //dir=decl
+  unique int id: @concrete_var_decl,
+  int introducer_int: int ref
+);
+
+generic_type_param_decls(  //dir=decl
+  unique int id: @generic_type_param_decl
+);
+
+@nominal_type_decl =
+  @class_decl
+| @enum_decl
+| @protocol_decl
+| @struct_decl
+;
+
+#keyset[id]
+nominal_type_decls(  //dir=decl
+  int id: @nominal_type_decl ref,
+  int type_: @type_or_none ref
+);
+
+opaque_type_decls(  //dir=decl
+  unique int id: @opaque_type_decl,
+  int naming_declaration: @value_decl_or_none ref
+);
+
+#keyset[id, index]
+opaque_type_decl_opaque_generic_params(  //dir=decl
+  int id: @opaque_type_decl ref,
+  int index: int ref,
+  int opaque_generic_param: @generic_type_param_type_or_none ref
+);
+
+param_decls(  //dir=decl
+  unique int id: @param_decl
+);
+
+#keyset[id]
+param_decl_is_inout(  //dir=decl
+  int id: @param_decl ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_var_bindings(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref
+);
+
+#keyset[id]
+param_decl_property_wrapper_local_wrapped_vars(  //dir=decl
+  int id: @param_decl ref,
+  int property_wrapper_local_wrapped_var: @var_decl_or_none ref
+);
+
+type_alias_decls(  //dir=decl
+  unique int id: @type_alias_decl
+);
+
+class_decls(  //dir=decl
+  unique int id: @class_decl
+);
+
+enum_decls(  //dir=decl
+  unique int id: @enum_decl
+);
+
+protocol_decls(  //dir=decl
+  unique int id: @protocol_decl
+);
+
+struct_decls(  //dir=decl
+  unique int id: @struct_decl
+);
+
+arguments(  //dir=expr
+  unique int id: @argument,
+  string label: string ref,
+  int expr: @expr_or_none ref
+);
+
+@expr =
+  @abstract_closure_expr
+| @any_try_expr
+| @applied_property_wrapper_expr
+| @apply_expr
+| @assign_expr
+| @bind_optional_expr
+| @capture_list_expr
+| @collection_expr
+| @decl_ref_expr
+| @default_argument_expr
+| @discard_assignment_expr
+| @dot_syntax_base_ignored_expr
+| @dynamic_type_expr
+| @enum_is_case_expr
+| @error_expr
+| @explicit_cast_expr
+| @force_value_expr
+| @identity_expr
+| @if_expr
+| @implicit_conversion_expr
+| @in_out_expr
+| @key_path_application_expr
+| @key_path_dot_expr
+| @key_path_expr
+| @lazy_initializer_expr
+| @literal_expr
+| @lookup_expr
+| @make_temporarily_escapable_expr
+| @obj_c_selector_expr
+| @one_way_expr
+| @opaque_value_expr
+| @open_existential_expr
+| @optional_evaluation_expr
+| @other_constructor_decl_ref_expr
+| @overloaded_decl_ref_expr
+| @property_wrapper_value_placeholder_expr
+| @rebind_self_in_constructor_expr
+| @sequence_expr
+| @super_ref_expr
+| @tap_expr
+| @tuple_element_expr
+| @tuple_expr
+| @type_expr
+| @unresolved_decl_ref_expr
+| @unresolved_dot_expr
+| @unresolved_member_expr
+| @unresolved_pattern_expr
+| @unresolved_specialize_expr
+| @vararg_expansion_expr
+;
+
+#keyset[id]
+expr_types(  //dir=expr
+  int id: @expr ref,
+  int type_: @type_or_none ref
+);
+
+@abstract_closure_expr =
+  @auto_closure_expr
+| @closure_expr
+;
+
+@any_try_expr =
+  @force_try_expr
+| @optional_try_expr
+| @try_expr
+;
+
+#keyset[id]
+any_try_exprs(  //dir=expr
+  int id: @any_try_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+applied_property_wrapper_exprs(  //dir=expr
+  unique int id: @applied_property_wrapper_expr,
+  int kind: int ref,
+  int value: @expr_or_none ref,
+  int param: @param_decl_or_none ref
+);
+
+@apply_expr =
+  @binary_expr
+| @call_expr
+| @postfix_unary_expr
+| @prefix_unary_expr
+| @self_apply_expr
+;
+
+#keyset[id]
+apply_exprs(  //dir=expr
+  int id: @apply_expr ref,
+  int function: @expr_or_none ref
+);
+
+#keyset[id, index]
+apply_expr_arguments(  //dir=expr
+  int id: @apply_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+assign_exprs(  //dir=expr
+  unique int id: @assign_expr,
+  int dest: @expr_or_none ref,
+  int source: @expr_or_none ref
+);
+
+bind_optional_exprs(  //dir=expr
+  unique int id: @bind_optional_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+capture_list_exprs(  //dir=expr
+  unique int id: @capture_list_expr,
+  int closure_body: @closure_expr_or_none ref
+);
+
+#keyset[id, index]
+capture_list_expr_binding_decls(  //dir=expr
+  int id: @capture_list_expr ref,
+  int index: int ref,
+  int binding_decl: @pattern_binding_decl_or_none ref
+);
+
+@collection_expr =
+  @array_expr
+| @dictionary_expr
+;
+
+decl_ref_exprs(  //dir=expr
+  unique int id: @decl_ref_expr,
+  int decl: @decl_or_none ref
+);
+
+#keyset[id, index]
+decl_ref_expr_replacement_types(  //dir=expr
+  int id: @decl_ref_expr ref,
+  int index: int ref,
+  int replacement_type: @type_or_none ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+#keyset[id]
+decl_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @decl_ref_expr ref
+);
+
+default_argument_exprs(  //dir=expr
+  unique int id: @default_argument_expr,
+  int param_decl: @param_decl_or_none ref,
+  int param_index: int ref
+);
+
+#keyset[id]
+default_argument_expr_caller_side_defaults(  //dir=expr
+  int id: @default_argument_expr ref,
+  int caller_side_default: @expr_or_none ref
+);
+
+discard_assignment_exprs(  //dir=expr
+  unique int id: @discard_assignment_expr
+);
+
+dot_syntax_base_ignored_exprs(  //dir=expr
+  unique int id: @dot_syntax_base_ignored_expr,
+  int qualifier: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+dynamic_type_exprs(  //dir=expr
+  unique int id: @dynamic_type_expr,
+  int base: @expr_or_none ref
+);
+
+enum_is_case_exprs(  //dir=expr
+  unique int id: @enum_is_case_expr,
+  int sub_expr: @expr_or_none ref,
+  int element: @enum_element_decl_or_none ref
+);
+
+error_exprs(  //dir=expr
+  unique int id: @error_expr
+);
+
+@explicit_cast_expr =
+  @checked_cast_expr
+| @coerce_expr
+;
+
+#keyset[id]
+explicit_cast_exprs(  //dir=expr
+  int id: @explicit_cast_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+force_value_exprs(  //dir=expr
+  unique int id: @force_value_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@identity_expr =
+  @await_expr
+| @dot_self_expr
+| @paren_expr
+| @unresolved_member_chain_result_expr
+;
+
+#keyset[id]
+identity_exprs(  //dir=expr
+  int id: @identity_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+if_exprs(  //dir=expr
+  unique int id: @if_expr,
+  int condition: @expr_or_none ref,
+  int then_expr: @expr_or_none ref,
+  int else_expr: @expr_or_none ref
+);
+
+@implicit_conversion_expr =
+  @any_hashable_erasure_expr
+| @archetype_to_super_expr
+| @array_to_pointer_expr
+| @bridge_from_obj_c_expr
+| @bridge_to_obj_c_expr
+| @class_metatype_to_object_expr
+| @collection_upcast_conversion_expr
+| @conditional_bridge_from_obj_c_expr
+| @covariant_function_conversion_expr
+| @covariant_return_conversion_expr
+| @derived_to_base_expr
+| @destructure_tuple_expr
+| @differentiable_function_expr
+| @differentiable_function_extract_original_expr
+| @erasure_expr
+| @existential_metatype_to_object_expr
+| @foreign_object_conversion_expr
+| @function_conversion_expr
+| @in_out_to_pointer_expr
+| @inject_into_optional_expr
+| @linear_function_expr
+| @linear_function_extract_original_expr
+| @linear_to_differentiable_function_expr
+| @load_expr
+| @metatype_conversion_expr
+| @pointer_to_pointer_expr
+| @protocol_metatype_to_object_expr
+| @string_to_pointer_expr
+| @underlying_to_opaque_expr
+| @unevaluated_instance_expr
+| @unresolved_type_conversion_expr
+;
+
+#keyset[id]
+implicit_conversion_exprs(  //dir=expr
+  int id: @implicit_conversion_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+in_out_exprs(  //dir=expr
+  unique int id: @in_out_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+key_path_application_exprs(  //dir=expr
+  unique int id: @key_path_application_expr,
+  int base: @expr_or_none ref,
+  int key_path: @expr_or_none ref
+);
+
+key_path_dot_exprs(  //dir=expr
+  unique int id: @key_path_dot_expr
+);
+
+key_path_exprs(  //dir=expr
+  unique int id: @key_path_expr
+);
+
+#keyset[id]
+key_path_expr_roots(  //dir=expr
+  int id: @key_path_expr ref,
+  int root: @type_repr_or_none ref
+);
+
+#keyset[id]
+key_path_expr_parsed_paths(  //dir=expr
+  int id: @key_path_expr ref,
+  int parsed_path: @expr_or_none ref
+);
+
+lazy_initializer_exprs(  //dir=expr
+  unique int id: @lazy_initializer_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+@literal_expr =
+  @builtin_literal_expr
+| @interpolated_string_literal_expr
+| @nil_literal_expr
+| @object_literal_expr
+| @regex_literal_expr
+;
+
+@lookup_expr =
+  @dynamic_lookup_expr
+| @member_ref_expr
+| @method_ref_expr
+| @subscript_expr
+;
+
+#keyset[id]
+lookup_exprs(  //dir=expr
+  int id: @lookup_expr ref,
+  int base: @expr_or_none ref
+);
+
+#keyset[id]
+lookup_expr_members(  //dir=expr
+  int id: @lookup_expr ref,
+  int member: @decl_or_none ref
+);
+
+make_temporarily_escapable_exprs(  //dir=expr
+  unique int id: @make_temporarily_escapable_expr,
+  int escaping_closure: @opaque_value_expr_or_none ref,
+  int nonescaping_closure: @expr_or_none ref,
+  int sub_expr: @expr_or_none ref
+);
+
+obj_c_selector_exprs(  //dir=expr
+  unique int id: @obj_c_selector_expr,
+  int sub_expr: @expr_or_none ref,
+  int method: @abstract_function_decl_or_none ref
+);
+
+one_way_exprs(  //dir=expr
+  unique int id: @one_way_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+opaque_value_exprs(  //dir=expr
+  unique int id: @opaque_value_expr
+);
+
+open_existential_exprs(  //dir=expr
+  unique int id: @open_existential_expr,
+  int sub_expr: @expr_or_none ref,
+  int existential: @expr_or_none ref,
+  int opaque_expr: @opaque_value_expr_or_none ref
+);
+
+optional_evaluation_exprs(  //dir=expr
+  unique int id: @optional_evaluation_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+other_constructor_decl_ref_exprs(  //dir=expr
+  unique int id: @other_constructor_decl_ref_expr,
+  int constructor_decl: @constructor_decl_or_none ref
+);
+
+overloaded_decl_ref_exprs(  //dir=expr
+  unique int id: @overloaded_decl_ref_expr
+);
+
+#keyset[id, index]
+overloaded_decl_ref_expr_possible_declarations(  //dir=expr
+  int id: @overloaded_decl_ref_expr ref,
+  int index: int ref,
+  int possible_declaration: @value_decl_or_none ref
+);
+
+property_wrapper_value_placeholder_exprs(  //dir=expr
+  unique int id: @property_wrapper_value_placeholder_expr,
+  int placeholder: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+property_wrapper_value_placeholder_expr_wrapped_values(  //dir=expr
+  int id: @property_wrapper_value_placeholder_expr ref,
+  int wrapped_value: @expr_or_none ref
+);
+
+rebind_self_in_constructor_exprs(  //dir=expr
+  unique int id: @rebind_self_in_constructor_expr,
+  int sub_expr: @expr_or_none ref,
+  int self: @var_decl_or_none ref
+);
+
+sequence_exprs(  //dir=expr
+  unique int id: @sequence_expr
+);
+
+#keyset[id, index]
+sequence_expr_elements(  //dir=expr
+  int id: @sequence_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+super_ref_exprs(  //dir=expr
+  unique int id: @super_ref_expr,
+  int self: @var_decl_or_none ref
+);
+
+tap_exprs(  //dir=expr
+  unique int id: @tap_expr,
+  int body: @brace_stmt_or_none ref,
+  int var: @var_decl_or_none ref
+);
+
+#keyset[id]
+tap_expr_sub_exprs(  //dir=expr
+  int id: @tap_expr ref,
+  int sub_expr: @expr_or_none ref
+);
+
+tuple_element_exprs(  //dir=expr
+  unique int id: @tuple_element_expr,
+  int sub_expr: @expr_or_none ref,
+  int index: int ref
+);
+
+tuple_exprs(  //dir=expr
+  unique int id: @tuple_expr
+);
+
+#keyset[id, index]
+tuple_expr_elements(  //dir=expr
+  int id: @tuple_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+type_exprs(  //dir=expr
+  unique int id: @type_expr
+);
+
+#keyset[id]
+type_expr_type_reprs(  //dir=expr
+  int id: @type_expr ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+unresolved_decl_ref_exprs(  //dir=expr
+  unique int id: @unresolved_decl_ref_expr
+);
+
+#keyset[id]
+unresolved_decl_ref_expr_names(  //dir=expr
+  int id: @unresolved_decl_ref_expr ref,
+  string name: string ref
+);
+
+unresolved_dot_exprs(  //dir=expr
+  unique int id: @unresolved_dot_expr,
+  int base: @expr_or_none ref,
+  string name: string ref
+);
+
+unresolved_member_exprs(  //dir=expr
+  unique int id: @unresolved_member_expr,
+  string name: string ref
+);
+
+unresolved_pattern_exprs(  //dir=expr
+  unique int id: @unresolved_pattern_expr,
+  int sub_pattern: @pattern_or_none ref
+);
+
+unresolved_specialize_exprs(  //dir=expr
+  unique int id: @unresolved_specialize_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+vararg_expansion_exprs(  //dir=expr
+  unique int id: @vararg_expansion_expr,
+  int sub_expr: @expr_or_none ref
+);
+
+any_hashable_erasure_exprs(  //dir=expr
+  unique int id: @any_hashable_erasure_expr
+);
+
+archetype_to_super_exprs(  //dir=expr
+  unique int id: @archetype_to_super_expr
+);
+
+array_exprs(  //dir=expr
+  unique int id: @array_expr
+);
+
+#keyset[id, index]
+array_expr_elements(  //dir=expr
+  int id: @array_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+array_to_pointer_exprs(  //dir=expr
+  unique int id: @array_to_pointer_expr
+);
+
+auto_closure_exprs(  //dir=expr
+  unique int id: @auto_closure_expr
+);
+
+await_exprs(  //dir=expr
+  unique int id: @await_expr
+);
+
+binary_exprs(  //dir=expr
+  unique int id: @binary_expr
+);
+
+bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_from_obj_c_expr
+);
+
+bridge_to_obj_c_exprs(  //dir=expr
+  unique int id: @bridge_to_obj_c_expr
+);
+
+@builtin_literal_expr =
+  @boolean_literal_expr
+| @magic_identifier_literal_expr
+| @number_literal_expr
+| @string_literal_expr
+;
+
+call_exprs(  //dir=expr
+  unique int id: @call_expr
+);
+
+@checked_cast_expr =
+  @conditional_checked_cast_expr
+| @forced_checked_cast_expr
+| @is_expr
+;
+
+class_metatype_to_object_exprs(  //dir=expr
+  unique int id: @class_metatype_to_object_expr
+);
+
+closure_exprs(  //dir=expr
+  unique int id: @closure_expr
+);
+
+coerce_exprs(  //dir=expr
+  unique int id: @coerce_expr
+);
+
+collection_upcast_conversion_exprs(  //dir=expr
+  unique int id: @collection_upcast_conversion_expr
+);
+
+conditional_bridge_from_obj_c_exprs(  //dir=expr
+  unique int id: @conditional_bridge_from_obj_c_expr
+);
+
+covariant_function_conversion_exprs(  //dir=expr
+  unique int id: @covariant_function_conversion_expr
+);
+
+covariant_return_conversion_exprs(  //dir=expr
+  unique int id: @covariant_return_conversion_expr
+);
+
+derived_to_base_exprs(  //dir=expr
+  unique int id: @derived_to_base_expr
+);
+
+destructure_tuple_exprs(  //dir=expr
+  unique int id: @destructure_tuple_expr
+);
+
+dictionary_exprs(  //dir=expr
+  unique int id: @dictionary_expr
+);
+
+#keyset[id, index]
+dictionary_expr_elements(  //dir=expr
+  int id: @dictionary_expr ref,
+  int index: int ref,
+  int element: @expr_or_none ref
+);
+
+differentiable_function_exprs(  //dir=expr
+  unique int id: @differentiable_function_expr
+);
+
+differentiable_function_extract_original_exprs(  //dir=expr
+  unique int id: @differentiable_function_extract_original_expr
+);
+
+dot_self_exprs(  //dir=expr
+  unique int id: @dot_self_expr
+);
+
+@dynamic_lookup_expr =
+  @dynamic_member_ref_expr
+| @dynamic_subscript_expr
+;
+
+erasure_exprs(  //dir=expr
+  unique int id: @erasure_expr
+);
+
+existential_metatype_to_object_exprs(  //dir=expr
+  unique int id: @existential_metatype_to_object_expr
+);
+
+force_try_exprs(  //dir=expr
+  unique int id: @force_try_expr
+);
+
+foreign_object_conversion_exprs(  //dir=expr
+  unique int id: @foreign_object_conversion_expr
+);
+
+function_conversion_exprs(  //dir=expr
+  unique int id: @function_conversion_expr
+);
+
+in_out_to_pointer_exprs(  //dir=expr
+  unique int id: @in_out_to_pointer_expr
+);
+
+inject_into_optional_exprs(  //dir=expr
+  unique int id: @inject_into_optional_expr
+);
+
+interpolated_string_literal_exprs(  //dir=expr
+  unique int id: @interpolated_string_literal_expr
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_expr: @opaque_value_expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_interpolation_count_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int interpolation_count_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_literal_capacity_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int literal_capacity_expr: @expr_or_none ref
+);
+
+#keyset[id]
+interpolated_string_literal_expr_appending_exprs(  //dir=expr
+  int id: @interpolated_string_literal_expr ref,
+  int appending_expr: @tap_expr_or_none ref
+);
+
+linear_function_exprs(  //dir=expr
+  unique int id: @linear_function_expr
+);
+
+linear_function_extract_original_exprs(  //dir=expr
+  unique int id: @linear_function_extract_original_expr
+);
+
+linear_to_differentiable_function_exprs(  //dir=expr
+  unique int id: @linear_to_differentiable_function_expr
+);
+
+load_exprs(  //dir=expr
+  unique int id: @load_expr
+);
+
+member_ref_exprs(  //dir=expr
+  unique int id: @member_ref_expr
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+#keyset[id]
+member_ref_expr_has_ordinary_semantics(  //dir=expr
+  int id: @member_ref_expr ref
+);
+
+metatype_conversion_exprs(  //dir=expr
+  unique int id: @metatype_conversion_expr
+);
+
+method_ref_exprs(  //dir=expr
+  unique int id: @method_ref_expr
+);
+
+nil_literal_exprs(  //dir=expr
+  unique int id: @nil_literal_expr
+);
+
+object_literal_exprs(  //dir=expr
+  unique int id: @object_literal_expr,
+  int kind: int ref
+);
+
+#keyset[id, index]
+object_literal_expr_arguments(  //dir=expr
+  int id: @object_literal_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+optional_try_exprs(  //dir=expr
+  unique int id: @optional_try_expr
+);
+
+paren_exprs(  //dir=expr
+  unique int id: @paren_expr
+);
+
+pointer_to_pointer_exprs(  //dir=expr
+  unique int id: @pointer_to_pointer_expr
+);
+
+postfix_unary_exprs(  //dir=expr
+  unique int id: @postfix_unary_expr
+);
+
+prefix_unary_exprs(  //dir=expr
+  unique int id: @prefix_unary_expr
+);
+
+protocol_metatype_to_object_exprs(  //dir=expr
+  unique int id: @protocol_metatype_to_object_expr
+);
+
+regex_literal_exprs(  //dir=expr
+  unique int id: @regex_literal_expr
+);
+
+@self_apply_expr =
+  @constructor_ref_call_expr
+| @dot_syntax_call_expr
+;
+
+#keyset[id]
+self_apply_exprs(  //dir=expr
+  int id: @self_apply_expr ref,
+  int base: @expr_or_none ref
+);
+
+string_to_pointer_exprs(  //dir=expr
+  unique int id: @string_to_pointer_expr
+);
+
+subscript_exprs(  //dir=expr
+  unique int id: @subscript_expr
+);
+
+#keyset[id, index]
+subscript_expr_arguments(  //dir=expr
+  int id: @subscript_expr ref,
+  int index: int ref,
+  int argument: @argument_or_none ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_storage_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_direct_to_implementation_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+#keyset[id]
+subscript_expr_has_ordinary_semantics(  //dir=expr
+  int id: @subscript_expr ref
+);
+
+try_exprs(  //dir=expr
+  unique int id: @try_expr
+);
+
+underlying_to_opaque_exprs(  //dir=expr
+  unique int id: @underlying_to_opaque_expr
+);
+
+unevaluated_instance_exprs(  //dir=expr
+  unique int id: @unevaluated_instance_expr
+);
+
+unresolved_member_chain_result_exprs(  //dir=expr
+  unique int id: @unresolved_member_chain_result_expr
+);
+
+unresolved_type_conversion_exprs(  //dir=expr
+  unique int id: @unresolved_type_conversion_expr
+);
+
+boolean_literal_exprs(  //dir=expr
+  unique int id: @boolean_literal_expr,
+  boolean value: boolean ref
+);
+
+conditional_checked_cast_exprs(  //dir=expr
+  unique int id: @conditional_checked_cast_expr
+);
+
+constructor_ref_call_exprs(  //dir=expr
+  unique int id: @constructor_ref_call_expr
+);
+
+dot_syntax_call_exprs(  //dir=expr
+  unique int id: @dot_syntax_call_expr
+);
+
+dynamic_member_ref_exprs(  //dir=expr
+  unique int id: @dynamic_member_ref_expr
+);
+
+dynamic_subscript_exprs(  //dir=expr
+  unique int id: @dynamic_subscript_expr
+);
+
+forced_checked_cast_exprs(  //dir=expr
+  unique int id: @forced_checked_cast_expr
+);
+
+is_exprs(  //dir=expr
+  unique int id: @is_expr
+);
+
+magic_identifier_literal_exprs(  //dir=expr
+  unique int id: @magic_identifier_literal_expr,
+  string kind: string ref
+);
+
+@number_literal_expr =
+  @float_literal_expr
+| @integer_literal_expr
+;
+
+string_literal_exprs(  //dir=expr
+  unique int id: @string_literal_expr,
+  string value: string ref
+);
+
+float_literal_exprs(  //dir=expr
+  unique int id: @float_literal_expr,
+  string string_value: string ref
+);
+
+integer_literal_exprs(  //dir=expr
+  unique int id: @integer_literal_expr,
+  string string_value: string ref
+);
+
+@pattern =
+  @any_pattern
+| @binding_pattern
+| @bool_pattern
+| @enum_element_pattern
+| @expr_pattern
+| @is_pattern
+| @named_pattern
+| @optional_some_pattern
+| @paren_pattern
+| @tuple_pattern
+| @typed_pattern
+;
+
+any_patterns(  //dir=pattern
+  unique int id: @any_pattern
+);
+
+binding_patterns(  //dir=pattern
+  unique int id: @binding_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+bool_patterns(  //dir=pattern
+  unique int id: @bool_pattern,
+  boolean value: boolean ref
+);
+
+enum_element_patterns(  //dir=pattern
+  unique int id: @enum_element_pattern,
+  int element: @enum_element_decl_or_none ref
+);
+
+#keyset[id]
+enum_element_pattern_sub_patterns(  //dir=pattern
+  int id: @enum_element_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+expr_patterns(  //dir=pattern
+  unique int id: @expr_pattern,
+  int sub_expr: @expr_or_none ref
+);
+
+is_patterns(  //dir=pattern
+  unique int id: @is_pattern
+);
+
+#keyset[id]
+is_pattern_cast_type_reprs(  //dir=pattern
+  int id: @is_pattern ref,
+  int cast_type_repr: @type_repr_or_none ref
+);
+
+#keyset[id]
+is_pattern_sub_patterns(  //dir=pattern
+  int id: @is_pattern ref,
+  int sub_pattern: @pattern_or_none ref
+);
+
+named_patterns(  //dir=pattern
+  unique int id: @named_pattern,
+  string name: string ref
+);
+
+optional_some_patterns(  //dir=pattern
+  unique int id: @optional_some_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+paren_patterns(  //dir=pattern
+  unique int id: @paren_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+tuple_patterns(  //dir=pattern
+  unique int id: @tuple_pattern
+);
+
+#keyset[id, index]
+tuple_pattern_elements(  //dir=pattern
+  int id: @tuple_pattern ref,
+  int index: int ref,
+  int element: @pattern_or_none ref
+);
+
+typed_patterns(  //dir=pattern
+  unique int id: @typed_pattern,
+  int sub_pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+typed_pattern_type_reprs(  //dir=pattern
+  int id: @typed_pattern ref,
+  int type_repr: @type_repr_or_none ref
+);
+
+case_label_items(  //dir=stmt
+  unique int id: @case_label_item,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+case_label_item_guards(  //dir=stmt
+  int id: @case_label_item ref,
+  int guard: @expr_or_none ref
+);
+
+condition_elements(  //dir=stmt
+  unique int id: @condition_element
+);
+
+#keyset[id]
+condition_element_booleans(  //dir=stmt
+  int id: @condition_element ref,
+  int boolean_: @expr_or_none ref
+);
+
+#keyset[id]
+condition_element_patterns(  //dir=stmt
+  int id: @condition_element ref,
+  int pattern: @pattern_or_none ref
+);
+
+#keyset[id]
+condition_element_initializers(  //dir=stmt
+  int id: @condition_element ref,
+  int initializer: @expr_or_none ref
+);
+
+@stmt =
+  @brace_stmt
+| @break_stmt
+| @case_stmt
+| @continue_stmt
+| @defer_stmt
+| @fail_stmt
+| @fallthrough_stmt
+| @labeled_stmt
+| @pound_assert_stmt
+| @return_stmt
+| @throw_stmt
+| @yield_stmt
+;
+
+stmt_conditions(  //dir=stmt
+  unique int id: @stmt_condition
+);
+
+#keyset[id, index]
+stmt_condition_elements(  //dir=stmt
+  int id: @stmt_condition ref,
+  int index: int ref,
+  int element: @condition_element_or_none ref
+);
+
+brace_stmts(  //dir=stmt
+  unique int id: @brace_stmt
+);
+
+#keyset[id, index]
+brace_stmt_elements(  //dir=stmt
+  int id: @brace_stmt ref,
+  int index: int ref,
+  int element: @ast_node_or_none ref
+);
+
+break_stmts(  //dir=stmt
+  unique int id: @break_stmt
+);
+
+#keyset[id]
+break_stmt_target_names(  //dir=stmt
+  int id: @break_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+break_stmt_targets(  //dir=stmt
+  int id: @break_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+case_stmts(  //dir=stmt
+  unique int id: @case_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_labels(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int label: @case_label_item_or_none ref
+);
+
+#keyset[id, index]
+case_stmt_variables(  //dir=stmt
+  int id: @case_stmt ref,
+  int index: int ref,
+  int variable: @var_decl_or_none ref
+);
+
+continue_stmts(  //dir=stmt
+  unique int id: @continue_stmt
+);
+
+#keyset[id]
+continue_stmt_target_names(  //dir=stmt
+  int id: @continue_stmt ref,
+  string target_name: string ref
+);
+
+#keyset[id]
+continue_stmt_targets(  //dir=stmt
+  int id: @continue_stmt ref,
+  int target: @stmt_or_none ref
+);
+
+defer_stmts(  //dir=stmt
+  unique int id: @defer_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+fail_stmts(  //dir=stmt
+  unique int id: @fail_stmt
+);
+
+fallthrough_stmts(  //dir=stmt
+  unique int id: @fallthrough_stmt,
+  int fallthrough_source: @case_stmt_or_none ref,
+  int fallthrough_dest: @case_stmt_or_none ref
+);
+
+@labeled_stmt =
+  @do_catch_stmt
+| @do_stmt
+| @for_each_stmt
+| @labeled_conditional_stmt
+| @repeat_while_stmt
+| @switch_stmt
+;
+
+#keyset[id]
+labeled_stmt_labels(  //dir=stmt
+  int id: @labeled_stmt ref,
+  string label: string ref
+);
+
+pound_assert_stmts(  //dir=stmt
+  unique int id: @pound_assert_stmt,
+  int condition: @expr_or_none ref,
+  string message: string ref
+);
+
+return_stmts(  //dir=stmt
+  unique int id: @return_stmt
+);
+
+#keyset[id]
+return_stmt_results(  //dir=stmt
+  int id: @return_stmt ref,
+  int result: @expr_or_none ref
+);
+
+throw_stmts(  //dir=stmt
+  unique int id: @throw_stmt,
+  int sub_expr: @expr_or_none ref
+);
+
+yield_stmts(  //dir=stmt
+  unique int id: @yield_stmt
+);
+
+#keyset[id, index]
+yield_stmt_results(  //dir=stmt
+  int id: @yield_stmt ref,
+  int index: int ref,
+  int result: @expr_or_none ref
+);
+
+do_catch_stmts(  //dir=stmt
+  unique int id: @do_catch_stmt,
+  int body: @stmt_or_none ref
+);
+
+#keyset[id, index]
+do_catch_stmt_catches(  //dir=stmt
+  int id: @do_catch_stmt ref,
+  int index: int ref,
+  int catch: @case_stmt_or_none ref
+);
+
+do_stmts(  //dir=stmt
+  unique int id: @do_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+for_each_stmts(  //dir=stmt
+  unique int id: @for_each_stmt,
+  int pattern: @pattern_or_none ref,
+  int sequence: @expr_or_none ref,
+  int body: @brace_stmt_or_none ref
+);
+
+#keyset[id]
+for_each_stmt_wheres(  //dir=stmt
+  int id: @for_each_stmt ref,
+  int where: @expr_or_none ref
+);
+
+@labeled_conditional_stmt =
+  @guard_stmt
+| @if_stmt
+| @while_stmt
+;
+
+#keyset[id]
+labeled_conditional_stmts(  //dir=stmt
+  int id: @labeled_conditional_stmt ref,
+  int condition: @stmt_condition_or_none ref
+);
+
+repeat_while_stmts(  //dir=stmt
+  unique int id: @repeat_while_stmt,
+  int condition: @expr_or_none ref,
+  int body: @stmt_or_none ref
+);
+
+switch_stmts(  //dir=stmt
+  unique int id: @switch_stmt,
+  int expr: @expr_or_none ref
+);
+
+#keyset[id, index]
+switch_stmt_cases(  //dir=stmt
+  int id: @switch_stmt ref,
+  int index: int ref,
+  int case_: @case_stmt_or_none ref
+);
+
+guard_stmts(  //dir=stmt
+  unique int id: @guard_stmt,
+  int body: @brace_stmt_or_none ref
+);
+
+if_stmts(  //dir=stmt
+  unique int id: @if_stmt,
+  int then: @stmt_or_none ref
+);
+
+#keyset[id]
+if_stmt_elses(  //dir=stmt
+  int id: @if_stmt ref,
+  int else: @stmt_or_none ref
+);
+
+while_stmts(  //dir=stmt
+  unique int id: @while_stmt,
+  int body: @stmt_or_none ref
+);
+
+@type =
+  @any_function_type
+| @any_generic_type
+| @any_metatype_type
+| @builtin_type
+| @dependent_member_type
+| @dynamic_self_type
+| @error_type
+| @existential_type
+| @in_out_type
+| @l_value_type
+| @module_type
+| @parameterized_protocol_type
+| @protocol_composition_type
+| @reference_storage_type
+| @substitutable_type
+| @sugar_type
+| @tuple_type
+| @unresolved_type
+;
+
+#keyset[id]
+types(  //dir=type
+  int id: @type ref,
+  string name: string ref,
+  int canonical_type: @type_or_none ref
+);
+
+type_reprs(  //dir=type
+  unique int id: @type_repr,
+  int type_: @type_or_none ref
+);
+
+@any_function_type =
+  @function_type
+| @generic_function_type
+;
+
+#keyset[id]
+any_function_types(  //dir=type
+  int id: @any_function_type ref,
+  int result: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_types(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  int param_type: @type_or_none ref
+);
+
+#keyset[id, index]
+any_function_type_param_labels(  //dir=type
+  int id: @any_function_type ref,
+  int index: int ref,
+  string param_label: string ref
+);
+
+#keyset[id]
+any_function_type_is_throwing(  //dir=type
+  int id: @any_function_type ref
+);
+
+#keyset[id]
+any_function_type_is_async(  //dir=type
+  int id: @any_function_type ref
+);
+
+@any_generic_type =
+  @nominal_or_bound_generic_nominal_type
+| @unbound_generic_type
+;
+
+#keyset[id]
+any_generic_types(  //dir=type
+  int id: @any_generic_type ref,
+  int declaration: @decl_or_none ref
+);
+
+#keyset[id]
+any_generic_type_parents(  //dir=type
+  int id: @any_generic_type ref,
+  int parent: @type_or_none ref
+);
+
+@any_metatype_type =
+  @existential_metatype_type
+| @metatype_type
+;
+
+@builtin_type =
+  @any_builtin_integer_type
+| @builtin_bridge_object_type
+| @builtin_default_actor_storage_type
+| @builtin_executor_type
+| @builtin_float_type
+| @builtin_job_type
+| @builtin_native_object_type
+| @builtin_raw_pointer_type
+| @builtin_raw_unsafe_continuation_type
+| @builtin_unsafe_value_buffer_type
+| @builtin_vector_type
+;
+
+dependent_member_types(  //dir=type
+  unique int id: @dependent_member_type,
+  int base_type: @type_or_none ref,
+  int associated_type_decl: @associated_type_decl_or_none ref
+);
+
+dynamic_self_types(  //dir=type
+  unique int id: @dynamic_self_type,
+  int static_self_type: @type_or_none ref
+);
+
+error_types(  //dir=type
+  unique int id: @error_type
+);
+
+existential_types(  //dir=type
+  unique int id: @existential_type,
+  int constraint: @type_or_none ref
+);
+
+in_out_types(  //dir=type
+  unique int id: @in_out_type,
+  int object_type: @type_or_none ref
+);
+
+l_value_types(  //dir=type
+  unique int id: @l_value_type,
+  int object_type: @type_or_none ref
+);
+
+module_types(  //dir=type
+  unique int id: @module_type,
+  int module: @module_decl_or_none ref
+);
+
+parameterized_protocol_types(  //dir=type
+  unique int id: @parameterized_protocol_type,
+  int base: @protocol_type_or_none ref
+);
+
+#keyset[id, index]
+parameterized_protocol_type_args(  //dir=type
+  int id: @parameterized_protocol_type ref,
+  int index: int ref,
+  int arg: @type_or_none ref
+);
+
+protocol_composition_types(  //dir=type
+  unique int id: @protocol_composition_type
+);
+
+#keyset[id, index]
+protocol_composition_type_members(  //dir=type
+  int id: @protocol_composition_type ref,
+  int index: int ref,
+  int member: @type_or_none ref
+);
+
+@reference_storage_type =
+  @unmanaged_storage_type
+| @unowned_storage_type
+| @weak_storage_type
+;
+
+#keyset[id]
+reference_storage_types(  //dir=type
+  int id: @reference_storage_type ref,
+  int referent_type: @type_or_none ref
+);
+
+@substitutable_type =
+  @archetype_type
+| @generic_type_param_type
+;
+
+@sugar_type =
+  @paren_type
+| @syntax_sugar_type
+| @type_alias_type
+;
+
+tuple_types(  //dir=type
+  unique int id: @tuple_type
+);
+
+#keyset[id, index]
+tuple_type_types(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  int type_: @type_or_none ref
+);
+
+#keyset[id, index]
+tuple_type_names(  //dir=type
+  int id: @tuple_type ref,
+  int index: int ref,
+  string name: string ref
+);
+
+unresolved_types(  //dir=type
+  unique int id: @unresolved_type
+);
+
+@any_builtin_integer_type =
+  @builtin_integer_literal_type
+| @builtin_integer_type
+;
+
+@archetype_type =
+  @opaque_type_archetype_type
+| @opened_archetype_type
+| @primary_archetype_type
+;
+
+#keyset[id]
+archetype_types(  //dir=type
+  int id: @archetype_type ref,
+  int interface_type: @type_or_none ref
+);
+
+#keyset[id]
+archetype_type_superclasses(  //dir=type
+  int id: @archetype_type ref,
+  int superclass: @type_or_none ref
+);
+
+#keyset[id, index]
+archetype_type_protocols(  //dir=type
+  int id: @archetype_type ref,
+  int index: int ref,
+  int protocol: @protocol_decl_or_none ref
+);
+
+builtin_bridge_object_types(  //dir=type
+  unique int id: @builtin_bridge_object_type
+);
+
+builtin_default_actor_storage_types(  //dir=type
+  unique int id: @builtin_default_actor_storage_type
+);
+
+builtin_executor_types(  //dir=type
+  unique int id: @builtin_executor_type
+);
+
+builtin_float_types(  //dir=type
+  unique int id: @builtin_float_type
+);
+
+builtin_job_types(  //dir=type
+  unique int id: @builtin_job_type
+);
+
+builtin_native_object_types(  //dir=type
+  unique int id: @builtin_native_object_type
+);
+
+builtin_raw_pointer_types(  //dir=type
+  unique int id: @builtin_raw_pointer_type
+);
+
+builtin_raw_unsafe_continuation_types(  //dir=type
+  unique int id: @builtin_raw_unsafe_continuation_type
+);
+
+builtin_unsafe_value_buffer_types(  //dir=type
+  unique int id: @builtin_unsafe_value_buffer_type
+);
+
+builtin_vector_types(  //dir=type
+  unique int id: @builtin_vector_type
+);
+
+existential_metatype_types(  //dir=type
+  unique int id: @existential_metatype_type
+);
+
+function_types(  //dir=type
+  unique int id: @function_type
+);
+
+generic_function_types(  //dir=type
+  unique int id: @generic_function_type
+);
+
+#keyset[id, index]
+generic_function_type_generic_params(  //dir=type
+  int id: @generic_function_type ref,
+  int index: int ref,
+  int generic_param: @generic_type_param_type_or_none ref
+);
+
+generic_type_param_types(  //dir=type
+  unique int id: @generic_type_param_type
+);
+
+metatype_types(  //dir=type
+  unique int id: @metatype_type
+);
+
+@nominal_or_bound_generic_nominal_type =
+  @bound_generic_type
+| @nominal_type
+;
+
+paren_types(  //dir=type
+  unique int id: @paren_type,
+  int type_: @type_or_none ref
+);
+
+@syntax_sugar_type =
+  @dictionary_type
+| @unary_syntax_sugar_type
+;
+
+type_alias_types(  //dir=type
+  unique int id: @type_alias_type,
+  int decl: @type_alias_decl_or_none ref
+);
+
+unbound_generic_types(  //dir=type
+  unique int id: @unbound_generic_type
+);
+
+unmanaged_storage_types(  //dir=type
+  unique int id: @unmanaged_storage_type
+);
+
+unowned_storage_types(  //dir=type
+  unique int id: @unowned_storage_type
+);
+
+weak_storage_types(  //dir=type
+  unique int id: @weak_storage_type
+);
+
+@bound_generic_type =
+  @bound_generic_class_type
+| @bound_generic_enum_type
+| @bound_generic_struct_type
+;
+
+#keyset[id, index]
+bound_generic_type_arg_types(  //dir=type
+  int id: @bound_generic_type ref,
+  int index: int ref,
+  int arg_type: @type_or_none ref
+);
+
+builtin_integer_literal_types(  //dir=type
+  unique int id: @builtin_integer_literal_type
+);
+
+builtin_integer_types(  //dir=type
+  unique int id: @builtin_integer_type
+);
+
+#keyset[id]
+builtin_integer_type_widths(  //dir=type
+  int id: @builtin_integer_type ref,
+  int width: int ref
+);
+
+dictionary_types(  //dir=type
+  unique int id: @dictionary_type,
+  int key_type: @type_or_none ref,
+  int value_type: @type_or_none ref
+);
+
+@nominal_type =
+  @class_type
+| @enum_type
+| @protocol_type
+| @struct_type
+;
+
+opaque_type_archetype_types(  //dir=type
+  unique int id: @opaque_type_archetype_type,
+  int declaration: @opaque_type_decl_or_none ref
+);
+
+opened_archetype_types(  //dir=type
+  unique int id: @opened_archetype_type
+);
+
+primary_archetype_types(  //dir=type
+  unique int id: @primary_archetype_type
+);
+
+@unary_syntax_sugar_type =
+  @array_slice_type
+| @optional_type
+| @variadic_sequence_type
+;
+
+#keyset[id]
+unary_syntax_sugar_types(  //dir=type
+  int id: @unary_syntax_sugar_type ref,
+  int base_type: @type_or_none ref
+);
+
+array_slice_types(  //dir=type
+  unique int id: @array_slice_type
+);
+
+bound_generic_class_types(  //dir=type
+  unique int id: @bound_generic_class_type
+);
+
+bound_generic_enum_types(  //dir=type
+  unique int id: @bound_generic_enum_type
+);
+
+bound_generic_struct_types(  //dir=type
+  unique int id: @bound_generic_struct_type
+);
+
+class_types(  //dir=type
+  unique int id: @class_type
+);
+
+enum_types(  //dir=type
+  unique int id: @enum_type
+);
+
+optional_types(  //dir=type
+  unique int id: @optional_type
+);
+
+protocol_types(  //dir=type
+  unique int id: @protocol_type
+);
+
+struct_types(  //dir=type
+  unique int id: @struct_type
+);
+
+variadic_sequence_types(  //dir=type
+  unique int id: @variadic_sequence_type
+);
+
+@abstract_function_decl_or_none =
+  @abstract_function_decl
+| @unspecified_element
+;
+
+@accessor_decl_or_none =
+  @accessor_decl
+| @unspecified_element
+;
+
+@argument_or_none =
+  @argument
+| @unspecified_element
+;
+
+@associated_type_decl_or_none =
+  @associated_type_decl
+| @unspecified_element
+;
+
+@ast_node_or_none =
+  @ast_node
+| @unspecified_element
+;
+
+@brace_stmt_or_none =
+  @brace_stmt
+| @unspecified_element
+;
+
+@case_label_item_or_none =
+  @case_label_item
+| @unspecified_element
+;
+
+@case_stmt_or_none =
+  @case_stmt
+| @unspecified_element
+;
+
+@closure_expr_or_none =
+  @closure_expr
+| @unspecified_element
+;
+
+@condition_element_or_none =
+  @condition_element
+| @unspecified_element
+;
+
+@constructor_decl_or_none =
+  @constructor_decl
+| @unspecified_element
+;
+
+@decl_or_none =
+  @decl
+| @unspecified_element
+;
+
+@enum_element_decl_or_none =
+  @enum_element_decl
+| @unspecified_element
+;
+
+@expr_or_none =
+  @expr
+| @unspecified_element
+;
+
+@file_or_none =
+  @file
+| @unspecified_element
+;
+
+@generic_type_param_decl_or_none =
+  @generic_type_param_decl
+| @unspecified_element
+;
+
+@generic_type_param_type_or_none =
+  @generic_type_param_type
+| @unspecified_element
+;
+
+@location_or_none =
+  @location
+| @unspecified_element
+;
+
+@module_decl_or_none =
+  @module_decl
+| @unspecified_element
+;
+
+@nominal_type_decl_or_none =
+  @nominal_type_decl
+| @unspecified_element
+;
+
+@opaque_type_decl_or_none =
+  @opaque_type_decl
+| @unspecified_element
+;
+
+@opaque_value_expr_or_none =
+  @opaque_value_expr
+| @unspecified_element
+;
+
+@param_decl_or_none =
+  @param_decl
+| @unspecified_element
+;
+
+@pattern_or_none =
+  @pattern
+| @unspecified_element
+;
+
+@pattern_binding_decl_or_none =
+  @pattern_binding_decl
+| @unspecified_element
+;
+
+@precedence_group_decl_or_none =
+  @precedence_group_decl
+| @unspecified_element
+;
+
+@protocol_decl_or_none =
+  @protocol_decl
+| @unspecified_element
+;
+
+@protocol_type_or_none =
+  @protocol_type
+| @unspecified_element
+;
+
+@stmt_or_none =
+  @stmt
+| @unspecified_element
+;
+
+@stmt_condition_or_none =
+  @stmt_condition
+| @unspecified_element
+;
+
+@string_literal_expr_or_none =
+  @string_literal_expr
+| @unspecified_element
+;
+
+@tap_expr_or_none =
+  @tap_expr
+| @unspecified_element
+;
+
+@type_or_none =
+  @type
+| @unspecified_element
+;
+
+@type_alias_decl_or_none =
+  @type_alias_decl
+| @unspecified_element
+;
+
+@type_repr_or_none =
+  @type_repr
+| @unspecified_element
+;
+
+@value_decl_or_none =
+  @unspecified_element
+| @value_decl
+;
+
+@var_decl_or_none =
+  @unspecified_element
+| @var_decl
+;
diff --git a/swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp b/swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp
new file mode 100644
index 00000000000..a4ec83290a1
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp
@@ -0,0 +1,58 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Accessing paths controlled by users can expose resources to attackers.</p>
+
+<p>Paths that are naively constructed from data controlled by a user may contain unexpected special characters,
+such as <code>..</code>. Such a path could point to any directory on the file system.</p>
+</overview>
+
+<recommendation>
+
+<p>Validate user input before using it to construct a file path. Ideally, follow these rules:</p>
+
+<ul>
+<li>Do not allow more than a single <code>.</code> character.</li>
+<li>Do not allow directory separators such as <code>/</code> or <code>\</code> (depending on the file system).</li>
+<li>Do not rely on simply replacing problematic sequences such as <code>../</code>. For example, after applying this filter to
+<code>.../...//</code> the resulting string would still be <code>../</code>.</li>
+<li>Use a whitelist of known good patterns.</li>
+</ul>
+
+</recommendation>
+
+<example>
+<p>
+The following code shows two bad examples. 
+</p>
+
+<sample src="PathInjectionBad.swift" />
+
+<p>
+In the first, a file name is read from an HTTP request and then used to access a file. In this case, a malicious response could include a file name that is an absolute path, such as
+<code>"/Applications/(current_application)/Documents/sensitive.data"</code>.
+</p>
+
+<p>
+In the second bad example, it appears that the user is restricted to opening a file within the
+<code>"/Library/Caches"</code> home directory. In this case, a malicious response could contain a file name containing
+special characters. For example, the string <code>"../../Documents/sensitive.data"</code> will result in the code
+reading the file located at <code>"/Applications/(current_application)/Library/Caches/../../Documents/sensitive.data"</code>, 
+which contains users' sensitive data. This file may then be made accessible to an attacker, giving them access to all this data.
+</p>
+
+<p>
+In the following (good) example, the path used to access the file system is normalized <em>before</em> being checked against a
+known prefix. This ensures that regardless of the user input, the resulting path is safe.
+</p>
+
+<sample src="PathInjectionGood.swift" />
+</example>
+
+<references>
+<li>OWASP: <a href="https://owasp.org/www-community/attacks/Path_Traversal">Path Traversal</a>.</li>
+</references>
+</qhelp>
diff --git a/swift/ql/src/queries/Security/CWE-022/PathInjection.ql b/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
new file mode 100644
index 00000000000..41f26ba5211
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
@@ -0,0 +1,25 @@
+/**
+ * @name Uncontrolled data used in path expression
+ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 7.5
+ * @precision high
+ * @id swift/path-injection
+ * @tags security
+ *       external/cwe/cwe-022
+ *       external/cwe/cwe-023
+ *       external/cwe/cwe-036
+ *       external/cwe/cwe-073
+ *       external/cwe/cwe-099
+ */
+
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.security.PathInjectionQuery
+import DataFlow::PathGraph
+
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where any(PathInjectionConfiguration c).hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
+  "user-provided value"
diff --git a/swift/ql/src/queries/Security/CWE-022/PathInjectionBad.swift b/swift/ql/src/queries/Security/CWE-022/PathInjectionBad.swift
new file mode 100644
index 00000000000..9ce9d0f42e8
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-022/PathInjectionBad.swift
@@ -0,0 +1,10 @@
+let fm = FileManager.default
+let path = try String(contentsOf: URL(string: "http://example.com/")!)
+
+// BAD
+return fm.contents(atPath: path)
+
+// BAD
+if (path.hasPrefix(NSHomeDirectory() + "/Library/Caches")) {
+    return fm.contents(atPath: path)
+}
diff --git a/swift/ql/src/queries/Security/CWE-022/PathInjectionGood.swift b/swift/ql/src/queries/Security/CWE-022/PathInjectionGood.swift
new file mode 100644
index 00000000000..8e0799fc486
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-022/PathInjectionGood.swift
@@ -0,0 +1,8 @@
+let fm = FileManager.default
+let path = try String(contentsOf: URL(string: "http://example.com/")!)
+
+// GOOD
+let filePath = FilePath(stringLiteral: path)
+if (filePath.lexicallyNormalized().starts(with: FilePath(stringLiteral: NSHomeDirectory() + "/Library/Caches"))) {
+    return fm.contents(atPath: path)
+}
diff --git a/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql b/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
index 3fab9759c6f..fcd6618658d 100644
--- a/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
+++ b/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
@@ -69,7 +69,7 @@ class SQLiteSwiftSqlSink extends SqlSink {
 class SqlInjectionConfig extends TaintTracking::Configuration {
   SqlInjectionConfig() { this = "SqlInjectionConfig" }
 
-  override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
+  override predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
 
   override predicate isSink(DataFlow::Node node) { node instanceof SqlSink }
 }
diff --git a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp
new file mode 100644
index 00000000000..a685e1d51d6
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp
@@ -0,0 +1,32 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>Evaluating JavaScript that contains a substring from a remote origin may lead to remote code execution. Code written by an attacker can execute unauthorized actions, including exfiltration of local data through a third party web service.</p>
+
+</overview>
+<recommendation>
+
+<p>When loading JavaScript into a web view, evaluate only known, locally-defined source code. If part of the input comes from a remote source, do not inject it into the JavaScript code to be evaluated. Instead, send it to the web view as data using an API such as <code>WKWebView.callAsyncJavaScript</code> with the <code>arguments</code> dictionary to pass remote data objects.</p>
+
+</recommendation>
+<example>
+
+<p>In the following (bad) example, a call to <code>WKWebView.evaluateJavaScript</code> evaluates JavaScript source code that is tainted with remote data, potentially introducing a code injection vulnerability.</p>
+
+<sample src="UnsafeJsEvalBad.swift" />
+
+<p>In the following (good) example, we sanitize the remote data by passing it using the <code>arguments</code> dictionary of <code>WKWebView.callAsyncJavaScript</code>. This ensures that untrusted data cannot be evaluated as JavaScript source code.</p>
+
+<sample src="UnsafeJsEvalGood.swift" />
+
+</example>
+<references>
+
+<li>
+  Apple Developer Documentation: <a href="https://developer.apple.com/documentation/webkit/wkwebview/3824703-callasyncjavascript">WKWebView.callAsyncJavaScript(_:arguments:in:contentWorld:)</a>
+</li>
+
+</references>
+</qhelp>
diff --git a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
new file mode 100644
index 00000000000..9219b4f5f55
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
@@ -0,0 +1,146 @@
+/**
+ * @name JavaScript Injection
+ * @description Evaluating JavaScript code containing a substring from a remote source may lead to remote code execution.
+ * @kind path-problem
+ * @problem.severity warning
+ * @security-severity 9.3
+ * @precision high
+ * @id swift/unsafe-js-eval
+ * @tags security
+ *       external/cwe/cwe-094
+ *       external/cwe/cwe-095
+ *       external/cwe/cwe-749
+ */
+
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.TaintTracking
+import codeql.swift.dataflow.FlowSources
+import DataFlow::PathGraph
+
+/**
+ * A source of untrusted, user-controlled data.
+ */
+class Source = FlowSource;
+
+/**
+ * A sink that evaluates a string of JavaScript code.
+ */
+abstract class Sink extends DataFlow::Node { }
+
+class WKWebView extends Sink {
+  WKWebView() {
+    any(CallExpr ce |
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("WKWebView",
+            [
+              "evaluateJavaScript(_:)", "evaluateJavaScript(_:completionHandler:)",
+              "evaluateJavaScript(_:in:in:completionHandler:)",
+              "evaluateJavaScript(_:in:contentWorld:)",
+              "callAsyncJavaScript(_:arguments:in:in:completionHandler:)",
+              "callAsyncJavaScript(_:arguments:in:contentWorld:)"
+            ])
+    ).getArgument(0).getExpr() = this.asExpr()
+  }
+}
+
+class WKUserContentController extends Sink {
+  WKUserContentController() {
+    any(CallExpr ce |
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("WKUserContentController", "addUserScript(_:)")
+    ).getArgument(0).getExpr() = this.asExpr()
+  }
+}
+
+class UIWebView extends Sink {
+  UIWebView() {
+    any(CallExpr ce |
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName(["UIWebView", "WebView"], "stringByEvaluatingJavaScript(from:)")
+    ).getArgument(0).getExpr() = this.asExpr()
+  }
+}
+
+class JSContext extends Sink {
+  JSContext() {
+    any(CallExpr ce |
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("JSContext", ["evaluateScript(_:)", "evaluateScript(_:withSourceURL:)"])
+    ).getArgument(0).getExpr() = this.asExpr()
+  }
+}
+
+class JSEvaluateScript extends Sink {
+  JSEvaluateScript() {
+    any(CallExpr ce |
+      ce.getStaticTarget().(FreeFunctionDecl).hasName("JSEvaluateScript(_:_:_:_:_:_:)")
+    ).getArgument(1).getExpr() = this.asExpr()
+  }
+}
+
+/**
+ * A taint configuration from taint sources to sinks for this query.
+ */
+class UnsafeJsEvalConfig extends TaintTracking::Configuration {
+  UnsafeJsEvalConfig() { this = "UnsafeJsEvalConfig" }
+
+  override predicate isSource(DataFlow::Node node) { node instanceof Source }
+
+  override predicate isSink(DataFlow::Node node) { node instanceof Sink }
+
+  // TODO: convert to new taint flow models
+  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    exists(Argument arg |
+      arg =
+        any(CallExpr ce |
+          ce.getStaticTarget().(MethodDecl).hasQualifiedName("String", "init(decoding:as:)")
+        ).getArgument(0)
+      or
+      arg =
+        any(CallExpr ce |
+          ce.getStaticTarget()
+              .(FreeFunctionDecl)
+              .hasName([
+                  "JSStringCreateWithUTF8CString(_:)", "JSStringCreateWithCharacters(_:_:)",
+                  "JSStringRetain(_:)"
+                ])
+        ).getArgument(0)
+    |
+      nodeFrom.asExpr() = arg.getExpr() and
+      nodeTo.asExpr() = arg.getApplyExpr()
+    )
+    or
+    exists(CallExpr ce, Expr self, AbstractClosureExpr closure |
+      ce.getStaticTarget()
+          .getName()
+          .matches(["withContiguousStorageIfAvailable(%)", "withUnsafeBufferPointer(%)"]) and
+      self = ce.getQualifier() and
+      ce.getArgument(0).getExpr() = closure
+    |
+      nodeFrom.asExpr() = self and
+      nodeTo.(DataFlow::ParameterNode).getParameter() = closure.getParam(0)
+    )
+    or
+    exists(MemberRefExpr e, Expr self, VarDecl member |
+      self.getType().getName().matches(["Unsafe%Buffer%", "Unsafe%Pointer%"]) and
+      member.getName() = "baseAddress"
+    |
+      e.getBase() = self and
+      e.getMember() = member and
+      nodeFrom.asExpr() = self and
+      nodeTo.asExpr() = e
+    )
+  }
+}
+
+from
+  UnsafeJsEvalConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode, Sink sink
+where
+  config.hasFlowPath(sourceNode, sinkNode) and
+  sink = sinkNode.getNode()
+select sink, sourceNode, sinkNode, "Evaluation of uncontrolled JavaScript from a remote source."
diff --git a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalBad.swift b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalBad.swift
new file mode 100644
index 00000000000..111f8100ee2
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalBad.swift
@@ -0,0 +1,6 @@
+let webview: WKWebView
+let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.json")!)
+
+...
+
+_ = try await webview.evaluateJavaScript("console.log(" + remoteData + ")") // BAD
diff --git a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalGood.swift b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalGood.swift
new file mode 100644
index 00000000000..ea8f6c0d5ee
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalGood.swift
@@ -0,0 +1,10 @@
+let webview: WKWebView
+let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.json")!)
+
+...
+
+_ = try await webview.callAsyncJavaScript(
+    "console.log(data)",
+    arguments: ["data": remoteData], // GOOD
+    contentWorld: .page
+)
diff --git a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
index ccf6584c391..ec595c53b6c 100644
--- a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
+++ b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
@@ -32,17 +32,14 @@ class StaticInitializationVectorSource extends Expr {
 class EncryptionInitializationSink extends Expr {
   EncryptionInitializationSink() {
     // `iv` arg in `init` is a sink
-    exists(CallExpr call, string fName, int arg |
+    exists(CallExpr call, string fName |
       call.getStaticTarget()
-          .(MethodDecl)
+          .(ConstructorDecl)
           .hasQualifiedName([
               "AES", "ChaCha20", "Blowfish", "Rabbit", "CBC", "CFB", "GCM", "OCB", "OFB", "PCBC",
               "CCM", "CTR"
             ], fName) and
-      fName.matches("%init(%iv:%") and
-      arg = [0, 1] and
-      call.getStaticTarget().(MethodDecl).getParam(pragma[only_bind_into](arg)).getName() = "iv" and
-      call.getArgument(pragma[only_bind_into](arg)).getExpr() = this
+      call.getArgumentWithLabel("iv").getExpr() = this
     )
   }
 }
diff --git a/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql b/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
index 09d5319e11a..8f60c90b2c4 100644
--- a/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
+++ b/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
@@ -162,7 +162,7 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
         call.getStaticTarget() = funcDecl and
         flowstate = "String"
       ) and
-      // match up `funcName`, `paramName`, `arg`, `node`.
+      // match up `funcName`, `arg`, `node`.
       funcDecl.getName() = funcName and
       call.getArgument(arg).getExpr() = node.asExpr()
     )
diff --git a/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql b/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
index 75af598dc19..5ba853575e4 100644
--- a/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
+++ b/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
@@ -32,13 +32,11 @@ class ConstantPasswordSource extends Expr {
 class ConstantPasswordSink extends Expr {
   ConstantPasswordSink() {
     // `password` arg in `init` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call, int arg |
+    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
       c.getFullName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
       c.getAMember() = f and
-      f.getName().matches("%init(%password:%") and
       call.getStaticTarget() = f and
-      f.getParam(pragma[only_bind_into](arg)).getName() = "password" and
-      call.getArgument(pragma[only_bind_into](arg)).getExpr() = this
+      call.getArgumentWithLabel("password").getExpr() = this
     )
   }
 }
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
index 92977f5cfd5..04108a33d29 100644
--- a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
+++ b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
@@ -54,6 +54,24 @@ class Url extends Transmitted {
   }
 }
 
+/**
+ * An `Expr` that transmitted through the Alamofire library.
+ */
+class AlamofireTransmitted extends Transmitted {
+  AlamofireTransmitted() {
+    // sinks are the first argument containing the URL, and the `parameters`
+    // and `headers` arguments to appropriate methods of `Session`.
+    exists(CallExpr call, string fName |
+      call.getStaticTarget().(MethodDecl).hasQualifiedName("Session", fName) and
+      fName.regexpMatch("(request|streamRequest|download)\\(.*") and
+      (
+        call.getArgument(0).getExpr() = this or
+        call.getArgumentWithLabel(["headers", "parameters"]).getExpr() = this
+      )
+    )
+  }
+}
+
 /**
  * A taint configuration from sensitive information to expressions that are
  * transmitted over a network.
diff --git a/swift/ql/src/queries/Security/CWE-611/XXE.qhelp b/swift/ql/src/queries/Security/CWE-611/XXE.qhelp
new file mode 100644
index 00000000000..a4efe604c39
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-611/XXE.qhelp
@@ -0,0 +1,57 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>
+Parsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack
+uses external entity references to access arbitrary files on a system, carry out denial-of-service attacks, or server-side
+request forgery. Even when the result of parsing is not returned to the user, out-of-band
+data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be
+carried out in this situation.
+</p>
+</overview>
+
+<recommendation>
+<p>
+The easiest way to prevent XXE attacks is to disable external entity handling when
+parsing untrusted data.  How this is done depends on the library being used. Note that some
+libraries, such as recent versions of <code>XMLParser</code>, disable entity expansion by default,
+so unless you have explicitly enabled entity expansion, no further action needs to be taken.
+</p>
+</recommendation>
+
+<example>
+<p>
+The following example uses the <code>XMLParser</code> class to parse a string <code>data</code>.
+If that string is from an untrusted source, this code may be vulnerable to an XXE attack, since
+the parser is also setting its <code>shouldResolveExternalEntities</code> option to <code>true</code>:
+</p>
+<sample src="XXEBad.swift" />
+
+<p>
+To guard against XXE attacks, the <code>shouldResolveExternalEntities</code> option should be
+left unset or explicitly set to <code>false</code>.
+</p>
+<sample src="XXEGood.swift" />
+
+</example>
+
+<references>
+<li>
+OWASP:
+<a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing">XML External Entity (XXE) Processing</a>.
+</li>
+<li>
+OWASP:
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html">XML External Entity Prevention Cheat Sheet</a>.
+</li>
+<li>
+Timothy D. Morgan and Omar Al Ibrahim
+<a href="https://research.nccgroup.com/2014/05/19/xml-schema-dtd-and-entity-attacks-a-compendium-of-known-techniques/">XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques</a>.
+</li>
+<li>
+Timur Yunusov, Alexey Osipov:
+<a href="https://www.slideshare.net/qqlan/bh-ready-v4">XML Out-Of-Band Data Retrieval</a>.
+</li>
+</references>
+</qhelp>
diff --git a/swift/ql/src/queries/Security/CWE-611/XXE.ql b/swift/ql/src/queries/Security/CWE-611/XXE.ql
new file mode 100644
index 00000000000..04c27949c11
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-611/XXE.ql
@@ -0,0 +1,25 @@
+/**
+ * @name Resolving XML external entity in user-controlled data
+ * @description Parsing user-controlled XML documents and allowing expansion of external entity
+ *              references may lead to disclosure of confidential data or denial of service.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 9.1
+ * @precision high
+ * @id swift/xxe
+ * @tags security
+ *       external/cwe/cwe-611
+ *       external/cwe/cwe-776
+ *       external/cwe/cwe-827
+ */
+
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.security.XXEQuery
+import DataFlow::PathGraph
+
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where any(XxeConfiguration c).hasFlowPath(source, sink)
+select sink.getNode(), source, sink,
+  "XML parsing depends on a $@ without guarding against external entity expansion.",
+  source.getNode(), "user-provided value"
diff --git a/swift/ql/src/queries/Security/CWE-611/XXEBad.swift b/swift/ql/src/queries/Security/CWE-611/XXEBad.swift
new file mode 100644
index 00000000000..19ff4a7383d
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-611/XXEBad.swift
@@ -0,0 +1,2 @@
+let parser = XMLParser(data: remoteData) // BAD (parser explicitly enables external entities)
+parser.shouldResolveExternalEntities = true
diff --git a/swift/ql/src/queries/Security/CWE-611/XXEGood.swift b/swift/ql/src/queries/Security/CWE-611/XXEGood.swift
new file mode 100644
index 00000000000..5552186c759
--- /dev/null
+++ b/swift/ql/src/queries/Security/CWE-611/XXEGood.swift
@@ -0,0 +1,2 @@
+let parser = XMLParser(data: remoteData) // GOOD (parser explicitly disables external entities)
+parser.shouldResolveExternalEntities = false
diff --git a/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql b/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
index 9cd6dbd5ace..f0085e94f65 100644
--- a/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
+++ b/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
@@ -32,13 +32,11 @@ class ConstantSaltSource extends Expr {
 class ConstantSaltSink extends Expr {
   ConstantSaltSink() {
     // `salt` arg in `init` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call, int arg |
+    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
       c.getFullName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
       c.getAMember() = f and
-      f.getName().matches("%init(%salt:%") and
       call.getStaticTarget() = f and
-      f.getParam(pragma[only_bind_into](arg)).getName() = "salt" and
-      call.getArgument(pragma[only_bind_into](arg)).getExpr() = this
+      call.getArgumentWithLabel("salt").getExpr() = this
     )
   }
 }
diff --git a/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql b/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
index 046c86d2f5c..d8cb049ea50 100644
--- a/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
+++ b/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
@@ -33,13 +33,11 @@ class IntLiteralSource extends IterationsSource instanceof IntegerLiteralExpr {
 class InsufficientHashIterationsSink extends Expr {
   InsufficientHashIterationsSink() {
     // `iterations` arg in `init` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call, int arg |
+    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
       c.getFullName() = ["PBKDF1", "PBKDF2"] and
       c.getAMember() = f and
-      f.getName().matches("init(%iterations:%") and
       call.getStaticTarget() = f and
-      f.getParam(pragma[only_bind_into](arg)).getName() = "iterations" and
-      call.getArgument(pragma[only_bind_into](arg)).getExpr() = this
+      call.getArgumentWithLabel("iterations").getExpr() = this
     )
   }
 }
diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql
index 0408bead921..d8a5d6d7f6d 100644
--- a/swift/ql/src/queries/Summary/SummaryStats.ql
+++ b/swift/ql/src/queries/Summary/SummaryStats.ql
@@ -9,19 +9,42 @@
 import swift
 import codeql.swift.dataflow.FlowSources
 import codeql.swift.security.SensitiveExprs
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.TaintTracking
 
-predicate statistic(string what, int value) {
-  what = "Files" and value = count(File f)
-  or
-  what = "Expressions" and value = count(Expr e | not e.getFile() instanceof UnknownFile)
-  or
-  what = "Local flow sources" and value = count(LocalFlowSource s)
-  or
-  what = "Remote flow sources" and value = count(RemoteFlowSource s)
-  or
-  what = "Sensitive expressions" and value = count(SensitiveExpr e)
+/**
+ * A taint configuration for tainted data reaching any node.
+ */
+class TaintReachConfig extends TaintTracking::Configuration {
+  TaintReachConfig() { this = "TaintReachConfig" }
+
+  override predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
+
+  override predicate isSink(DataFlow::Node node) { any() }
 }
 
-from string what, int value
+float taintReach() {
+  exists(TaintReachConfig config, int tainted, int total |
+    tainted = count(DataFlow::Node n | config.hasFlowTo(n)) and
+    total = count(DataFlow::Node n) and
+    result = (tainted * 1000000.0) / total
+  )
+}
+
+predicate statistic(string what, string value) {
+  what = "Files" and value = count(File f).toString()
+  or
+  what = "Expressions" and value = count(Expr e | not e.getFile() instanceof UnknownFile).toString()
+  or
+  what = "Local flow sources" and value = count(LocalFlowSource s).toString()
+  or
+  what = "Remote flow sources" and value = count(RemoteFlowSource s).toString()
+  or
+  what = "Sensitive expressions" and value = count(SensitiveExpr e).toString()
+  or
+  what = "Taint reach (per million nodes)" and value = taintReach().toString()
+}
+
+from string what, string value
 where statistic(what, value)
 select what, value
diff --git a/swift/ql/src/queries/ide-contextual-queries/printAst.ql b/swift/ql/src/queries/ide-contextual-queries/printAst.ql
index 26a9df55c1d..03c106c0051 100644
--- a/swift/ql/src/queries/ide-contextual-queries/printAst.ql
+++ b/swift/ql/src/queries/ide-contextual-queries/printAst.ql
@@ -10,6 +10,7 @@
 import swift
 import codeql.swift.printast.PrintAst
 import IDEContextual
+import codeql.swift.generated.ParentChild
 
 /**
  * Gets the source file to generate an AST from.
@@ -23,6 +24,10 @@ class PrintAstConfigurationOverride extends PrintAstConfiguration {
    */
   override predicate shouldPrint(Locatable e) {
     super.shouldPrint(e) and
-    e.getFile() = getFileBySourceArchiveName(selectedSourceFile())
+    (
+      e.getFile() = getFileBySourceArchiveName(selectedSourceFile())
+      or
+      exists(Locatable parent | this.shouldPrint(parent) and parent = getImmediateParent(e))
+    )
   }
 }
diff --git a/swift/ql/test/TestUtils.qll b/swift/ql/test/TestUtils.qll
index 92fcc4de137..7cc472fad32 100644
--- a/swift/ql/test/TestUtils.qll
+++ b/swift/ql/test/TestUtils.qll
@@ -1,10 +1,11 @@
 private import codeql.swift.elements
+private import codeql.swift.generated.ParentChild
 
 cached
 predicate toBeTested(Element e) {
   e instanceof File
   or
-  e instanceof AppliedPropertyWrapperExpr
+  e instanceof ParameterizedProtocolType
   or
   exists(ModuleDecl m |
     m = e and
@@ -32,6 +33,8 @@ predicate toBeTested(Element e) {
       e.(UnspecifiedElement).getParent() = tested
       or
       e.(OpaqueTypeDecl).getNamingDeclaration() = tested
+      or
+      tested = getImmediateParent(e)
     )
   )
 }
diff --git a/swift/ql/test/extractor-tests/declarations/all.expected b/swift/ql/test/extractor-tests/declarations/all.expected
index 332c4b08737..7f4f3af4bdf 100644
--- a/swift/ql/test/extractor-tests/declarations/all.expected
+++ b/swift/ql/test/extractor-tests/declarations/all.expected
@@ -5,7 +5,7 @@
 | declarations.swift:1:8:1:8 | self |
 | declarations.swift:1:8:1:8 | x |
 | declarations.swift:2:3:2:11 | var ... = ... |
-| declarations.swift:2:7:2:7 | (unnamed function decl) |
+| declarations.swift:2:7:2:7 | _modify |
 | declarations.swift:2:7:2:7 | get |
 | declarations.swift:2:7:2:7 | self |
 | declarations.swift:2:7:2:7 | self |
@@ -14,7 +14,7 @@
 | declarations.swift:2:7:2:7 | value |
 | declarations.swift:2:7:2:7 | x |
 | declarations.swift:3:3:6:3 | var ... = ... |
-| declarations.swift:3:7:3:7 | (unnamed function decl) |
+| declarations.swift:3:7:3:7 | _modify |
 | declarations.swift:3:7:3:7 | next |
 | declarations.swift:3:7:3:7 | self |
 | declarations.swift:4:5:4:5 | self |
@@ -28,7 +28,7 @@
 | declarations.swift:9:7:9:7 | self |
 | declarations.swift:9:7:9:7 | self |
 | declarations.swift:9:13:9:30 | var ... = ... |
-| declarations.swift:9:17:9:17 | (unnamed function decl) |
+| declarations.swift:9:17:9:17 | _modify |
 | declarations.swift:9:17:9:17 | get |
 | declarations.swift:9:17:9:17 | self |
 | declarations.swift:9:17:9:17 | self |
@@ -58,7 +58,7 @@
 | declarations.swift:19:29:19:29 | _ |
 | declarations.swift:22:1:26:1 | MyProtocol |
 | declarations.swift:23:5:23:39 | var ... = ... |
-| declarations.swift:23:9:23:9 | (unnamed function decl) |
+| declarations.swift:23:9:23:9 | _modify |
 | declarations.swift:23:9:23:9 | mustBeSettable |
 | declarations.swift:23:9:23:9 | self |
 | declarations.swift:23:31:23:31 | get |
@@ -86,7 +86,7 @@
 | declarations.swift:38:1:38:33 | { ... } |
 | declarations.swift:40:1:53:1 | Baz |
 | declarations.swift:41:3:41:14 | var ... = ... |
-| declarations.swift:41:7:41:7 | (unnamed function decl) |
+| declarations.swift:41:7:41:7 | _modify |
 | declarations.swift:41:7:41:7 | field |
 | declarations.swift:41:7:41:7 | get |
 | declarations.swift:41:7:41:7 | self |
@@ -127,7 +127,7 @@
 | declarations.swift:81:8:81:8 | normalField |
 | declarations.swift:81:8:81:8 | self |
 | declarations.swift:82:3:87:3 | var ... = ... |
-| declarations.swift:82:7:82:7 | (unnamed function decl) |
+| declarations.swift:82:7:82:7 | _modify |
 | declarations.swift:82:7:82:7 | self |
 | declarations.swift:82:7:82:7 | settableField |
 | declarations.swift:83:5:83:5 | newValue |
@@ -144,7 +144,7 @@
 | declarations.swift:97:5:97:5 | self |
 | declarations.swift:97:5:99:5 | get |
 | declarations.swift:102:3:102:21 | var ... = ... |
-| declarations.swift:102:7:102:7 | (unnamed function decl) |
+| declarations.swift:102:7:102:7 | _modify |
 | declarations.swift:102:7:102:7 | get |
 | declarations.swift:102:7:102:7 | normalField |
 | declarations.swift:102:7:102:7 | self |
@@ -152,7 +152,7 @@
 | declarations.swift:102:7:102:7 | self |
 | declarations.swift:102:7:102:7 | set |
 | declarations.swift:102:7:102:7 | value |
-| declarations.swift:104:3:104:3 | (unnamed function decl) |
+| declarations.swift:104:3:104:3 | _modify |
 | declarations.swift:104:3:104:3 | self |
 | declarations.swift:104:3:109:3 | subscript ... |
 | declarations.swift:104:13:104:13 | x |
@@ -171,7 +171,7 @@
 | declarations.swift:111:37:111:37 | self |
 | declarations.swift:111:37:113:3 | get |
 | declarations.swift:115:3:117:3 | var ... = ... |
-| declarations.swift:115:7:115:7 | (unnamed function decl) |
+| declarations.swift:115:7:115:7 | _modify |
 | declarations.swift:115:7:115:7 | get |
 | declarations.swift:115:7:115:7 | hasWillSet1 |
 | declarations.swift:115:7:115:7 | self |
@@ -183,7 +183,7 @@
 | declarations.swift:116:5:116:25 | willSet |
 | declarations.swift:116:13:116:13 | newValue |
 | declarations.swift:119:3:121:3 | var ... = ... |
-| declarations.swift:119:7:119:7 | (unnamed function decl) |
+| declarations.swift:119:7:119:7 | _modify |
 | declarations.swift:119:7:119:7 | get |
 | declarations.swift:119:7:119:7 | hasWillSet2 |
 | declarations.swift:119:7:119:7 | self |
@@ -195,7 +195,7 @@
 | declarations.swift:120:5:120:5 | self |
 | declarations.swift:120:5:120:15 | willSet |
 | declarations.swift:123:3:125:3 | var ... = ... |
-| declarations.swift:123:7:123:7 | (unnamed function decl) |
+| declarations.swift:123:7:123:7 | _modify |
 | declarations.swift:123:7:123:7 | get |
 | declarations.swift:123:7:123:7 | hasDidSet1 |
 | declarations.swift:123:7:123:7 | self |
@@ -207,7 +207,7 @@
 | declarations.swift:124:5:124:24 | didSet |
 | declarations.swift:124:12:124:12 | oldValue |
 | declarations.swift:127:3:129:3 | var ... = ... |
-| declarations.swift:127:7:127:7 | (unnamed function decl) |
+| declarations.swift:127:7:127:7 | _modify |
 | declarations.swift:127:7:127:7 | get |
 | declarations.swift:127:7:127:7 | hasDidSet2 |
 | declarations.swift:127:7:127:7 | self |
@@ -218,7 +218,7 @@
 | declarations.swift:128:5:128:5 | self |
 | declarations.swift:128:5:128:14 | didSet |
 | declarations.swift:131:3:135:3 | var ... = ... |
-| declarations.swift:131:7:131:7 | (unnamed function decl) |
+| declarations.swift:131:7:131:7 | _modify |
 | declarations.swift:131:7:131:7 | get |
 | declarations.swift:131:7:131:7 | hasBoth |
 | declarations.swift:131:7:131:7 | self |
diff --git a/swift/ql/test/extractor-tests/errors/Errors.expected b/swift/ql/test/extractor-tests/errors/Errors.expected
new file mode 100644
index 00000000000..4ecfbef31da
--- /dev/null
+++ b/swift/ql/test/extractor-tests/errors/Errors.expected
@@ -0,0 +1,14 @@
+| file://:0:0:0:0 | ... .combine(_:) | UnresolvedDotExpr |
+| file://:0:0:0:0 | <<error type>> | ErrorType |
+| overloaded.swift:6:5:6:5 | OverloadedDeclRefExpr | OverloadedDeclRefExpr |
+| unresolved.swift:5:1:5:14 | UnresolvedSpecializeExpr | UnresolvedSpecializeExpr |
+| unspecified.swift:3:1:3:23 | missing extended_type_decl from ExtensionDecl | UnspecifiedElement |
+| unspecified.swift:9:9:9:9 | missing fallthrough_dest from FallthroughStmt | UnspecifiedElement |
+| unspecified.swift:9:9:9:9 | missing fallthrough_source from FallthroughStmt | UnspecifiedElement |
+| unspecified.swift:12:18:12:21 | missing element from EnumElementPattern | UnspecifiedElement |
+| unspecified.swift:14:18:14:26 | missing element from EnumElementPattern | UnspecifiedElement |
+| unspecified.swift:19:18:19:19 | missing element from EnumElementPattern | UnspecifiedElement |
+| unspecified.swift:22:13:22:13 | missing fallthrough_dest from FallthroughStmt | UnspecifiedElement |
+| unspecified.swift:22:13:22:13 | missing fallthrough_source from FallthroughStmt | UnspecifiedElement |
+| unspecified.swift:25:16:25:16 | ErrorExpr | ErrorExpr |
+| unspecified.swift:26:18:26:19 | missing element from EnumElementPattern | UnspecifiedElement |
diff --git a/swift/ql/test/extractor-tests/errors/Errors.ql b/swift/ql/test/extractor-tests/errors/Errors.ql
new file mode 100644
index 00000000000..3738f9a83dd
--- /dev/null
+++ b/swift/ql/test/extractor-tests/errors/Errors.ql
@@ -0,0 +1,5 @@
+import swift
+
+from Locatable e
+where e instanceof ErrorElement
+select e, e.getPrimaryQlClasses()
diff --git a/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.expected b/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.expected
new file mode 100644
index 00000000000..6f603d045ce
--- /dev/null
+++ b/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.expected
@@ -0,0 +1,9 @@
+| unspecified.swift:3:1:3:23 | extension | unspecified.swift:3:1:3:23 | missing extended_type_decl from ExtensionDecl |
+| unspecified.swift:9:9:9:9 | fallthrough | unspecified.swift:9:9:9:9 | missing fallthrough_dest from FallthroughStmt |
+| unspecified.swift:9:9:9:9 | fallthrough | unspecified.swift:9:9:9:9 | missing fallthrough_source from FallthroughStmt |
+| unspecified.swift:12:18:12:21 | (no string representation) | unspecified.swift:12:18:12:21 | missing element from EnumElementPattern |
+| unspecified.swift:14:18:14:26 | (no string representation) | unspecified.swift:14:18:14:26 | missing element from EnumElementPattern |
+| unspecified.swift:19:18:19:19 | (no string representation) | unspecified.swift:19:18:19:19 | missing element from EnumElementPattern |
+| unspecified.swift:22:13:22:13 | fallthrough | unspecified.swift:22:13:22:13 | missing fallthrough_dest from FallthroughStmt |
+| unspecified.swift:22:13:22:13 | fallthrough | unspecified.swift:22:13:22:13 | missing fallthrough_source from FallthroughStmt |
+| unspecified.swift:26:18:26:19 | (no string representation) | unspecified.swift:26:18:26:19 | missing element from EnumElementPattern |
diff --git a/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.ql b/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.ql
new file mode 100644
index 00000000000..4f848750b7a
--- /dev/null
+++ b/swift/ql/test/extractor-tests/errors/UnspecifiedElementParents.ql
@@ -0,0 +1,5 @@
+import swift
+
+from UnspecifiedElement e, Locatable parent
+where parent = e.getParent()
+select parent, e
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/overloaded.swift b/swift/ql/test/extractor-tests/errors/overloaded.swift
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/overloaded.swift
rename to swift/ql/test/extractor-tests/errors/overloaded.swift
diff --git a/swift/ql/test/extractor-tests/generated/UnresolvedElement/unresolved.swift b/swift/ql/test/extractor-tests/errors/unresolved.swift
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/UnresolvedElement/unresolved.swift
rename to swift/ql/test/extractor-tests/errors/unresolved.swift
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/wrong.swift b/swift/ql/test/extractor-tests/errors/unspecified.swift
similarity index 100%
rename from swift/ql/test/extractor-tests/generated/UnspecifiedElement/wrong.swift
rename to swift/ql/test/extractor-tests/errors/unspecified.swift
diff --git a/swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.expected b/swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.expected
deleted file mode 100644
index c777fe0ebb5..00000000000
--- a/swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.expected
+++ /dev/null
@@ -1 +0,0 @@
-| unresolved.swift:5:1:5:14 | UnresolvedSpecializeExpr | UnresolvedSpecializeExpr |
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.expected b/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.expected
deleted file mode 100644
index 25fac0d1236..00000000000
--- a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.expected
+++ /dev/null
@@ -1,9 +0,0 @@
-| wrong.swift:3:1:3:23 | missing extended_type_decl from ExtensionDecl | getProperty: | extended_type_decl | getError: | element was unspecified by the extractor |
-| wrong.swift:9:9:9:9 | missing fallthrough_dest from FallthroughStmt | getProperty: | fallthrough_dest | getError: | element was unspecified by the extractor |
-| wrong.swift:9:9:9:9 | missing fallthrough_source from FallthroughStmt | getProperty: | fallthrough_source | getError: | element was unspecified by the extractor |
-| wrong.swift:12:18:12:21 | missing element from EnumElementPattern | getProperty: | element | getError: | element was unspecified by the extractor |
-| wrong.swift:14:18:14:26 | missing element from EnumElementPattern | getProperty: | element | getError: | element was unspecified by the extractor |
-| wrong.swift:19:18:19:19 | missing element from EnumElementPattern | getProperty: | element | getError: | element was unspecified by the extractor |
-| wrong.swift:22:13:22:13 | missing fallthrough_dest from FallthroughStmt | getProperty: | fallthrough_dest | getError: | element was unspecified by the extractor |
-| wrong.swift:22:13:22:13 | missing fallthrough_source from FallthroughStmt | getProperty: | fallthrough_source | getError: | element was unspecified by the extractor |
-| wrong.swift:26:18:26:19 | missing element from EnumElementPattern | getProperty: | element | getError: | element was unspecified by the extractor |
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.ql b/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.ql
deleted file mode 100644
index dc762fbbeb0..00000000000
--- a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.ql
+++ /dev/null
@@ -1,11 +0,0 @@
-// generated by codegen/codegen.py
-import codeql.swift.elements
-import TestUtils
-
-from UnspecifiedElement x, string getProperty, string getError
-where
-  toBeTested(x) and
-  not x.isUnknown() and
-  getProperty = x.getProperty() and
-  getError = x.getError()
-select x, "getProperty:", getProperty, "getError:", getError
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.expected b/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.expected
deleted file mode 100644
index 870a99df44f..00000000000
--- a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.expected
+++ /dev/null
@@ -1,9 +0,0 @@
-| wrong.swift:3:1:3:23 | missing extended_type_decl from ExtensionDecl | extension |
-| wrong.swift:9:9:9:9 | missing fallthrough_dest from FallthroughStmt | fallthrough |
-| wrong.swift:9:9:9:9 | missing fallthrough_source from FallthroughStmt | fallthrough |
-| wrong.swift:12:18:12:21 | missing element from EnumElementPattern | (no string representation) |
-| wrong.swift:14:18:14:26 | missing element from EnumElementPattern | (no string representation) |
-| wrong.swift:19:18:19:19 | missing element from EnumElementPattern | (no string representation) |
-| wrong.swift:22:13:22:13 | missing fallthrough_dest from FallthroughStmt | fallthrough |
-| wrong.swift:22:13:22:13 | missing fallthrough_source from FallthroughStmt | fallthrough |
-| wrong.swift:26:18:26:19 | missing element from EnumElementPattern | (no string representation) |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.expected b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.expected
index 024e88a36b3..e6d7e2ccee4 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.expected
@@ -1,27 +1,36 @@
-| accessors.swift:2:9:2:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:2:9:2:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:2:9:2:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:3:9:3:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:4:9:4:28 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:5:9:5:42 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:7:9:7:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:7:9:7:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:7:9:7:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:8:9:8:29 | willSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no |
-| accessors.swift:11:9:11:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:11:9:11:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:11:9:11:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:12:9:12:19 | willSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no |
-| accessors.swift:15:9:15:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:15:9:15:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:15:9:15:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:16:9:16:28 | didSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes |
-| accessors.swift:19:9:19:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:19:9:19:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:19:9:19:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:20:9:20:18 | didSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes |
-| accessors.swift:23:9:23:9 | (unnamed function decl) | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:23:9:23:9 | get | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no |
-| accessors.swift:23:9:23:9 | set | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no |
-| accessors.swift:24:9:24:19 | willSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no |
-| accessors.swift:26:9:26:18 | didSet | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes |
+| accessors.swift:2:9:2:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:2:9:2:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:2:9:2:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:3:9:3:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:4:9:4:28 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:5:9:5:42 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:7:9:7:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:7:9:7:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:7:9:7:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:8:9:8:29 | willSet | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:11:9:11:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:11:9:11:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:11:9:11:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:12:9:12:19 | willSet | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:15:9:15:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:15:9:15:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:15:9:15:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:16:9:16:28 | didSet | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:19:9:19:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:19:9:19:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:19:9:19:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:20:9:20:18 | didSet | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:23:9:23:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:23:9:23:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:23:9:23:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:24:9:24:19 | willSet | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | yes | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:26:9:26:18 | didSet | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | yes | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:29:9:29:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:29:9:29:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:30:9:32:9 | _read | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | yes | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:33:9:35:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:38:9:38:9 | _modify | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | yes | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:38:9:38:9 | get | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> Int | getName: | (unnamed function decl) | isGetter: | yes | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:38:9:38:9 | set | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> (Int) -> () | getName: | (unnamed function decl) | isGetter: | no | isSetter: | yes | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | no |
+| accessors.swift:39:9:41:9 | unsafeAddress | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (Foo) -> () -> UnsafePointer<Int> | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | yes | isUnsafeMutableAddress: | no |
+| accessors.swift:42:9:44:9 | unsafeMutableAddress | hasSelfParam: | yes | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | accessors | getInterfaceType: | (inout Foo) -> () -> UnsafeMutablePointer<Int> | getName: | (unnamed function decl) | isGetter: | no | isSetter: | no | isWillSet: | no | isDidSet: | no | isRead: | no | isModify: | no | isUnsafeAddress: | no | isUnsafeMutableAddress: | yes |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.ql b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.ql
index 4488c81f510..048c1802317 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl.ql
@@ -3,17 +3,32 @@ import codeql.swift.elements
 import TestUtils
 
 from
-  AccessorDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, string isGetter,
-  string isSetter, string isWillSet, string isDidSet
+  AccessorDecl x, string hasSelfParam, int getNumberOfParams, string hasBody,
+  int getNumberOfGenericTypeParams, ModuleDecl getModule, Type getInterfaceType, string getName,
+  string isGetter, string isSetter, string isWillSet, string isDidSet, string isRead,
+  string isModify, string isUnsafeAddress, string isUnsafeMutableAddress
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasSelfParam() then hasSelfParam = "yes" else hasSelfParam = "no") and
+  getNumberOfParams = x.getNumberOfParams() and
+  (if x.hasBody() then hasBody = "yes" else hasBody = "no") and
+  getNumberOfGenericTypeParams = x.getNumberOfGenericTypeParams() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName() and
   (if x.isGetter() then isGetter = "yes" else isGetter = "no") and
   (if x.isSetter() then isSetter = "yes" else isSetter = "no") and
   (if x.isWillSet() then isWillSet = "yes" else isWillSet = "no") and
-  if x.isDidSet() then isDidSet = "yes" else isDidSet = "no"
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "isGetter:", isGetter, "isSetter:", isSetter, "isWillSet:", isWillSet, "isDidSet:", isDidSet
+  (if x.isDidSet() then isDidSet = "yes" else isDidSet = "no") and
+  (if x.isRead() then isRead = "yes" else isRead = "no") and
+  (if x.isModify() then isModify = "yes" else isModify = "no") and
+  (if x.isUnsafeAddress() then isUnsafeAddress = "yes" else isUnsafeAddress = "no") and
+  if x.isUnsafeMutableAddress()
+  then isUnsafeMutableAddress = "yes"
+  else isUnsafeMutableAddress = "no"
+select x, "hasSelfParam:", hasSelfParam, "getNumberOfParams:", getNumberOfParams, "hasBody:",
+  hasBody, "getNumberOfGenericTypeParams:", getNumberOfGenericTypeParams, "getModule:", getModule,
+  "getInterfaceType:", getInterfaceType, "getName:", getName, "isGetter:", isGetter, "isSetter:",
+  isSetter, "isWillSet:", isWillSet, "isDidSet:", isDidSet, "isRead:", isRead, "isModify:",
+  isModify, "isUnsafeAddress:", isUnsafeAddress, "isUnsafeMutableAddress:", isUnsafeMutableAddress
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getBody.expected b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getBody.expected
index 918643d76dd..7eccbae719f 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getBody.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getBody.expected
@@ -1,27 +1,36 @@
-| accessors.swift:2:9:2:9 | (unnamed function decl) | accessors.swift:2:9:2:9 | { ... } |
+| accessors.swift:2:9:2:9 | _modify | accessors.swift:2:9:2:9 | { ... } |
 | accessors.swift:2:9:2:9 | get | accessors.swift:2:9:2:9 | { ... } |
 | accessors.swift:2:9:2:9 | set | accessors.swift:2:9:2:9 | { ... } |
-| accessors.swift:3:9:3:9 | (unnamed function decl) | accessors.swift:3:9:3:9 | { ... } |
+| accessors.swift:3:9:3:9 | _modify | accessors.swift:3:9:3:9 | { ... } |
 | accessors.swift:4:9:4:28 | get | accessors.swift:4:13:4:28 | { ... } |
 | accessors.swift:5:9:5:42 | set | accessors.swift:5:23:5:42 | { ... } |
-| accessors.swift:7:9:7:9 | (unnamed function decl) | accessors.swift:7:9:7:9 | { ... } |
+| accessors.swift:7:9:7:9 | _modify | accessors.swift:7:9:7:9 | { ... } |
 | accessors.swift:7:9:7:9 | get | accessors.swift:7:9:7:9 | { ... } |
 | accessors.swift:7:9:7:9 | set | accessors.swift:7:9:7:9 | { ... } |
 | accessors.swift:8:9:8:29 | willSet | accessors.swift:8:27:8:29 | { ... } |
-| accessors.swift:11:9:11:9 | (unnamed function decl) | accessors.swift:11:9:11:9 | { ... } |
+| accessors.swift:11:9:11:9 | _modify | accessors.swift:11:9:11:9 | { ... } |
 | accessors.swift:11:9:11:9 | get | accessors.swift:11:9:11:9 | { ... } |
 | accessors.swift:11:9:11:9 | set | accessors.swift:11:9:11:9 | { ... } |
 | accessors.swift:12:9:12:19 | willSet | accessors.swift:12:17:12:19 | { ... } |
-| accessors.swift:15:9:15:9 | (unnamed function decl) | accessors.swift:15:9:15:9 | { ... } |
+| accessors.swift:15:9:15:9 | _modify | accessors.swift:15:9:15:9 | { ... } |
 | accessors.swift:15:9:15:9 | get | accessors.swift:15:9:15:9 | { ... } |
 | accessors.swift:15:9:15:9 | set | accessors.swift:15:9:15:9 | { ... } |
 | accessors.swift:16:9:16:28 | didSet | accessors.swift:16:26:16:28 | { ... } |
-| accessors.swift:19:9:19:9 | (unnamed function decl) | accessors.swift:19:9:19:9 | { ... } |
+| accessors.swift:19:9:19:9 | _modify | accessors.swift:19:9:19:9 | { ... } |
 | accessors.swift:19:9:19:9 | get | accessors.swift:19:9:19:9 | { ... } |
 | accessors.swift:19:9:19:9 | set | accessors.swift:19:9:19:9 | { ... } |
 | accessors.swift:20:9:20:18 | didSet | accessors.swift:20:16:20:18 | { ... } |
-| accessors.swift:23:9:23:9 | (unnamed function decl) | accessors.swift:23:9:23:9 | { ... } |
+| accessors.swift:23:9:23:9 | _modify | accessors.swift:23:9:23:9 | { ... } |
 | accessors.swift:23:9:23:9 | get | accessors.swift:23:9:23:9 | { ... } |
 | accessors.swift:23:9:23:9 | set | accessors.swift:23:9:23:9 | { ... } |
 | accessors.swift:24:9:24:19 | willSet | accessors.swift:24:17:24:19 | { ... } |
 | accessors.swift:26:9:26:18 | didSet | accessors.swift:26:16:26:18 | { ... } |
+| accessors.swift:29:9:29:9 | get | accessors.swift:29:9:29:9 | { ... } |
+| accessors.swift:29:9:29:9 | set | accessors.swift:29:9:29:9 | { ... } |
+| accessors.swift:30:9:32:9 | _read | accessors.swift:30:15:32:9 | { ... } |
+| accessors.swift:33:9:35:9 | _modify | accessors.swift:33:17:35:9 | { ... } |
+| accessors.swift:38:9:38:9 | _modify | accessors.swift:38:9:38:9 | { ... } |
+| accessors.swift:38:9:38:9 | get | accessors.swift:38:9:38:9 | { ... } |
+| accessors.swift:38:9:38:9 | set | accessors.swift:38:9:38:9 | { ... } |
+| accessors.swift:39:9:41:9 | unsafeAddress | accessors.swift:39:23:41:9 | { ... } |
+| accessors.swift:42:9:44:9 | unsafeMutableAddress | accessors.swift:42:30:44:9 | { ... } |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getParam.expected b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getParam.expected
index 8b0da467bb2..e0544b5d4f5 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getParam.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getParam.expected
@@ -9,3 +9,5 @@
 | accessors.swift:19:9:19:9 | set | 0 | accessors.swift:19:9:19:9 | value |
 | accessors.swift:23:9:23:9 | set | 0 | accessors.swift:23:9:23:9 | value |
 | accessors.swift:24:9:24:19 | willSet | 0 | accessors.swift:24:9:24:9 | newValue |
+| accessors.swift:29:9:29:9 | set | 0 | accessors.swift:29:9:29:9 | value |
+| accessors.swift:38:9:38:9 | set | 0 | accessors.swift:38:9:38:9 | value |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getSelfParam.expected b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getSelfParam.expected
index 22d0fc5df1f..62143cca406 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getSelfParam.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/AccessorDecl_getSelfParam.expected
@@ -1,27 +1,36 @@
-| accessors.swift:2:9:2:9 | (unnamed function decl) | accessors.swift:2:9:2:9 | self |
+| accessors.swift:2:9:2:9 | _modify | accessors.swift:2:9:2:9 | self |
 | accessors.swift:2:9:2:9 | get | accessors.swift:2:9:2:9 | self |
 | accessors.swift:2:9:2:9 | set | accessors.swift:2:9:2:9 | self |
-| accessors.swift:3:9:3:9 | (unnamed function decl) | accessors.swift:3:9:3:9 | self |
+| accessors.swift:3:9:3:9 | _modify | accessors.swift:3:9:3:9 | self |
 | accessors.swift:4:9:4:28 | get | accessors.swift:4:9:4:9 | self |
 | accessors.swift:5:9:5:42 | set | accessors.swift:5:9:5:9 | self |
-| accessors.swift:7:9:7:9 | (unnamed function decl) | accessors.swift:7:9:7:9 | self |
+| accessors.swift:7:9:7:9 | _modify | accessors.swift:7:9:7:9 | self |
 | accessors.swift:7:9:7:9 | get | accessors.swift:7:9:7:9 | self |
 | accessors.swift:7:9:7:9 | set | accessors.swift:7:9:7:9 | self |
 | accessors.swift:8:9:8:29 | willSet | accessors.swift:8:9:8:9 | self |
-| accessors.swift:11:9:11:9 | (unnamed function decl) | accessors.swift:11:9:11:9 | self |
+| accessors.swift:11:9:11:9 | _modify | accessors.swift:11:9:11:9 | self |
 | accessors.swift:11:9:11:9 | get | accessors.swift:11:9:11:9 | self |
 | accessors.swift:11:9:11:9 | set | accessors.swift:11:9:11:9 | self |
 | accessors.swift:12:9:12:19 | willSet | accessors.swift:12:9:12:9 | self |
-| accessors.swift:15:9:15:9 | (unnamed function decl) | accessors.swift:15:9:15:9 | self |
+| accessors.swift:15:9:15:9 | _modify | accessors.swift:15:9:15:9 | self |
 | accessors.swift:15:9:15:9 | get | accessors.swift:15:9:15:9 | self |
 | accessors.swift:15:9:15:9 | set | accessors.swift:15:9:15:9 | self |
 | accessors.swift:16:9:16:28 | didSet | accessors.swift:16:9:16:9 | self |
-| accessors.swift:19:9:19:9 | (unnamed function decl) | accessors.swift:19:9:19:9 | self |
+| accessors.swift:19:9:19:9 | _modify | accessors.swift:19:9:19:9 | self |
 | accessors.swift:19:9:19:9 | get | accessors.swift:19:9:19:9 | self |
 | accessors.swift:19:9:19:9 | set | accessors.swift:19:9:19:9 | self |
 | accessors.swift:20:9:20:18 | didSet | accessors.swift:20:9:20:9 | self |
-| accessors.swift:23:9:23:9 | (unnamed function decl) | accessors.swift:23:9:23:9 | self |
+| accessors.swift:23:9:23:9 | _modify | accessors.swift:23:9:23:9 | self |
 | accessors.swift:23:9:23:9 | get | accessors.swift:23:9:23:9 | self |
 | accessors.swift:23:9:23:9 | set | accessors.swift:23:9:23:9 | self |
 | accessors.swift:24:9:24:19 | willSet | accessors.swift:24:9:24:9 | self |
 | accessors.swift:26:9:26:18 | didSet | accessors.swift:26:9:26:9 | self |
+| accessors.swift:29:9:29:9 | get | accessors.swift:29:9:29:9 | self |
+| accessors.swift:29:9:29:9 | set | accessors.swift:29:9:29:9 | self |
+| accessors.swift:30:9:32:9 | _read | accessors.swift:30:9:30:9 | self |
+| accessors.swift:33:9:35:9 | _modify | accessors.swift:33:9:33:9 | self |
+| accessors.swift:38:9:38:9 | _modify | accessors.swift:38:9:38:9 | self |
+| accessors.swift:38:9:38:9 | get | accessors.swift:38:9:38:9 | self |
+| accessors.swift:38:9:38:9 | set | accessors.swift:38:9:38:9 | self |
+| accessors.swift:39:9:41:9 | unsafeAddress | accessors.swift:39:9:39:9 | self |
+| accessors.swift:42:9:44:9 | unsafeMutableAddress | accessors.swift:42:9:42:9 | self |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/accessors.swift b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/accessors.swift
index 0dc6f4cc0c0..2f645a1592e 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/accessors.swift
+++ b/swift/ql/test/extractor-tests/generated/decl/AccessorDecl/accessors.swift
@@ -25,4 +25,22 @@ struct Foo {
 
         didSet { }
     }
+
+    var borrowedProp: Int {
+        _read {
+            yield x
+        }
+        _modify {
+            yield &x
+        }
+    }
+
+    var unsafeProp: Int {
+        unsafeAddress {
+            return UnsafePointer<Int>(bitPattern: 0)!
+        }
+        unsafeMutableAddress {
+            return UnsafeMutablePointer<Int>(bitPattern: 0)!
+        }
+    }
 }
diff --git a/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.expected b/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.expected
index c94866db877..7eb9613a29b 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.expected
@@ -1,2 +1,2 @@
-| associated_type.swift:2:5:2:20 | Bar | getModule: | file://:0:0:0:0 | associated_type | getInterfaceType: | Self.Bar.Type | getName: | Bar |
-| associated_type.swift:3:5:3:25 | Baz | getModule: | file://:0:0:0:0 | associated_type | getInterfaceType: | Self.Baz.Type | getName: | Baz |
+| associated_type.swift:2:5:2:20 | Bar | getModule: | file://:0:0:0:0 | associated_type | getInterfaceType: | Self.Bar.Type | getName: | Bar | getNumberOfBaseTypes: | 0 |
+| associated_type.swift:3:5:3:25 | Baz | getModule: | file://:0:0:0:0 | associated_type | getInterfaceType: | Self.Baz.Type | getName: | Baz | getNumberOfBaseTypes: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.ql b/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.ql
index 1cad0891f79..707761ef48c 100644
--- a/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/AssociatedTypeDecl/AssociatedTypeDecl.ql
@@ -2,11 +2,15 @@
 import codeql.swift.elements
 import TestUtils
 
-from AssociatedTypeDecl x, ModuleDecl getModule, Type getInterfaceType, string getName
+from
+  AssociatedTypeDecl x, ModuleDecl getModule, Type getInterfaceType, string getName,
+  int getNumberOfBaseTypes
 where
   toBeTested(x) and
   not x.isUnknown() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
-  getName = x.getName()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName
+  getName = x.getName() and
+  getNumberOfBaseTypes = x.getNumberOfBaseTypes()
+select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
+  "getNumberOfBaseTypes:", getNumberOfBaseTypes
diff --git a/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.expected
index bec427ff494..dd277ec706b 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.expected
@@ -1,3 +1,3 @@
-| class.swift:1:1:7:1 | Foo | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Foo.Type | getName: | Foo | getType: | Foo |
-| class.swift:11:1:14:1 | Generic | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Generic<X, Y>.Type | getName: | Generic | getType: | Generic |
-| class.swift:16:1:17:1 | Baz | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Baz.Type | getName: | Baz | getType: | Baz |
+| class.swift:1:1:7:1 | Foo | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Foo.Type | getName: | Foo | getNumberOfBaseTypes: | 0 | getNumberOfMembers: | 4 | getType: | Foo |
+| class.swift:11:1:14:1 | Generic | getNumberOfGenericTypeParams: | 2 | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Generic<X, Y>.Type | getName: | Generic | getNumberOfBaseTypes: | 0 | getNumberOfMembers: | 6 | getType: | Generic |
+| class.swift:16:1:17:1 | Baz | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | class | getInterfaceType: | Baz.Type | getName: | Baz | getNumberOfBaseTypes: | 2 | getNumberOfMembers: | 2 | getType: | Baz |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.ql
index 39aa84b0206..b1f26df88ed 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ClassDecl/ClassDecl.ql
@@ -2,13 +2,19 @@
 import codeql.swift.elements
 import TestUtils
 
-from ClassDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, Type getType
+from
+  ClassDecl x, int getNumberOfGenericTypeParams, ModuleDecl getModule, Type getInterfaceType,
+  string getName, int getNumberOfBaseTypes, int getNumberOfMembers, Type getType
 where
   toBeTested(x) and
   not x.isUnknown() and
+  getNumberOfGenericTypeParams = x.getNumberOfGenericTypeParams() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName() and
+  getNumberOfBaseTypes = x.getNumberOfBaseTypes() and
+  getNumberOfMembers = x.getNumberOfMembers() and
   getType = x.getType()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "getType:", getType
+select x, "getNumberOfGenericTypeParams:", getNumberOfGenericTypeParams, "getModule:", getModule,
+  "getInterfaceType:", getInterfaceType, "getName:", getName, "getNumberOfBaseTypes:",
+  getNumberOfBaseTypes, "getNumberOfMembers:", getNumberOfMembers, "getType:", getType
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.expected
index 118e3b9eec8..d1972c299a2 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.expected
@@ -1,5 +1,5 @@
-| functions.swift:1:1:3:1 | foo() | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | () -> Int | getName: | foo() |
-| functions.swift:5:1:7:1 | bar(_:d:) | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | (Int, Double) -> Int | getName: | bar(_:d:) |
-| functions.swift:10:5:10:28 | noBody(x:) | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | <Self where Self : Beep> (Self) -> (Int) -> Int | getName: | noBody(x:) |
-| functions.swift:13:1:15:1 | variadic(_:) | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | (Int...) -> () | getName: | variadic(_:) |
-| functions.swift:17:1:19:1 | generic(x:y:) | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | <X, Y> (x: X, y: Y) -> () | getName: | generic(x:y:) |
+| functions.swift:1:1:3:1 | foo() | hasSelfParam: | no | getNumberOfParams: | 0 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | () -> Int | getName: | foo() |
+| functions.swift:5:1:7:1 | bar(_:d:) | hasSelfParam: | no | getNumberOfParams: | 2 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | (Int, Double) -> Int | getName: | bar(_:d:) |
+| functions.swift:10:5:10:28 | noBody(x:) | hasSelfParam: | yes | getNumberOfParams: | 1 | hasBody: | no | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | <Self where Self : Beep> (Self) -> (Int) -> Int | getName: | noBody(x:) |
+| functions.swift:13:1:15:1 | variadic(_:) | hasSelfParam: | no | getNumberOfParams: | 1 | hasBody: | yes | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | (Int...) -> () | getName: | variadic(_:) |
+| functions.swift:17:1:19:1 | generic(x:y:) | hasSelfParam: | no | getNumberOfParams: | 2 | hasBody: | yes | getNumberOfGenericTypeParams: | 2 | getModule: | file://:0:0:0:0 | functions | getInterfaceType: | <X, Y> (x: X, y: Y) -> () | getName: | generic(x:y:) |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.ql
index e58783d3ce4..272cdeee348 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteFuncDecl/ConcreteFuncDecl.ql
@@ -2,11 +2,19 @@
 import codeql.swift.elements
 import TestUtils
 
-from ConcreteFuncDecl x, ModuleDecl getModule, Type getInterfaceType, string getName
+from
+  ConcreteFuncDecl x, string hasSelfParam, int getNumberOfParams, string hasBody,
+  int getNumberOfGenericTypeParams, ModuleDecl getModule, Type getInterfaceType, string getName
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasSelfParam() then hasSelfParam = "yes" else hasSelfParam = "no") and
+  getNumberOfParams = x.getNumberOfParams() and
+  (if x.hasBody() then hasBody = "yes" else hasBody = "no") and
+  getNumberOfGenericTypeParams = x.getNumberOfGenericTypeParams() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName
+select x, "hasSelfParam:", hasSelfParam, "getNumberOfParams:", getNumberOfParams, "hasBody:",
+  hasBody, "getNumberOfGenericTypeParams:", getNumberOfGenericTypeParams, "getModule:", getModule,
+  "getInterfaceType:", getInterfaceType, "getName:", getName
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.expected
index 7cf37701b0c..b011437b59f 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.expected
@@ -1,7 +1,22 @@
-| var_decls.swift:4:7:4:7 | i | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getName: | i | getType: | Int | getIntroducerInt: | 1 |
-| var_decls.swift:7:5:7:5 | numbers | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | [Int] | getName: | numbers | getType: | [Int] | getIntroducerInt: | 1 |
-| var_decls.swift:10:12:10:12 | numbers | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | [Int] | getName: | numbers | getType: | [Int] | getIntroducerInt: | 0 |
-| var_decls.swift:15:7:15:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | T | getName: | wrappedValue | getType: | T | getIntroducerInt: | 1 |
-| var_decls.swift:20:7:20:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getName: | wrappedValue | getType: | Int | getIntroducerInt: | 1 |
-| var_decls.swift:24:15:24:15 | _wrapped | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | X<Y> | getName: | _wrapped | getType: | X<Y> | getIntroducerInt: | 1 |
-| var_decls.swift:24:15:24:15 | wrapped | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getName: | wrapped | getType: | Int | getIntroducerInt: | 1 |
+| var_decls.swift:4:7:4:7 | i | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | i | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:7:5:7:5 | numbers | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | [Int] | getNumberOfAccessorDecls: | 0 | getName: | numbers | getType: | [Int] | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:10:12:10:12 | numbers | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | [Int] | getNumberOfAccessorDecls: | 1 | getName: | numbers | getType: | [Int] | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 0 |
+| var_decls.swift:15:7:15:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | T | getNumberOfAccessorDecls: | 3 | getName: | wrappedValue | getType: | T | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:20:7:20:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 3 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:24:15:24:15 | _wrapped | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | X<Y> | getNumberOfAccessorDecls: | 3 | getName: | _wrapped | getType: | X<Y> | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:24:15:24:15 | wrapped | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 3 | getName: | wrapped | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:28:7:28:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 3 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:34:7:34:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 3 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:35:7:35:7 | projectedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 3 | getName: | projectedValue | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:39:7:39:7 | wrappedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 3 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:40:7:40:7 | projectedValue | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 3 | getName: | projectedValue | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:54:10:54:10 | _w1 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | X<Int> | getNumberOfAccessorDecls: | 0 | getName: | _w1 | getType: | X<Int> | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:54:10:54:10 | w1 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 2 | getName: | w1 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:55:24:55:24 | _w2 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | WrapperWithInit | getNumberOfAccessorDecls: | 0 | getName: | _w2 | getType: | WrapperWithInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:55:24:55:24 | w2 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 2 | getName: | w2 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:56:29:56:29 | $w3 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 2 | getName: | $w3 | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:56:29:56:29 | _w3 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | _w3 | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:56:29:56:29 | w3 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 2 | getName: | w3 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | yes | hasPropertyWrapperProjectionVar: | yes | getIntroducerInt: | 1 |
+| var_decls.swift:57:36:57:36 | $w4 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 2 | getName: | $w4 | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:57:36:57:36 | _w4 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | _w4 | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | getIntroducerInt: | 1 |
+| var_decls.swift:57:36:57:36 | w4 | getModule: | file://:0:0:0:0 | var_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 2 | getName: | w4 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | yes | hasParentInitializer: | yes | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | yes | hasPropertyWrapperProjectionVar: | yes | getIntroducerInt: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.ql
index fc5b7c3289e..a757c9bda13 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl.ql
@@ -3,15 +3,53 @@ import codeql.swift.elements
 import TestUtils
 
 from
-  ConcreteVarDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, Type getType,
-  int getIntroducerInt
+  ConcreteVarDecl x, ModuleDecl getModule, Type getInterfaceType, int getNumberOfAccessorDecls,
+  string getName, Type getType, string hasAttachedPropertyWrapperType, string hasParentPattern,
+  string hasParentInitializer, string hasPropertyWrapperBackingVarBinding,
+  string hasPropertyWrapperBackingVar, string hasPropertyWrapperProjectionVarBinding,
+  string hasPropertyWrapperProjectionVar, int getIntroducerInt
 where
   toBeTested(x) and
   not x.isUnknown() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
+  getNumberOfAccessorDecls = x.getNumberOfAccessorDecls() and
   getName = x.getName() and
   getType = x.getType() and
+  (
+    if x.hasAttachedPropertyWrapperType()
+    then hasAttachedPropertyWrapperType = "yes"
+    else hasAttachedPropertyWrapperType = "no"
+  ) and
+  (if x.hasParentPattern() then hasParentPattern = "yes" else hasParentPattern = "no") and
+  (if x.hasParentInitializer() then hasParentInitializer = "yes" else hasParentInitializer = "no") and
+  (
+    if x.hasPropertyWrapperBackingVarBinding()
+    then hasPropertyWrapperBackingVarBinding = "yes"
+    else hasPropertyWrapperBackingVarBinding = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperBackingVar()
+    then hasPropertyWrapperBackingVar = "yes"
+    else hasPropertyWrapperBackingVar = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperProjectionVarBinding()
+    then hasPropertyWrapperProjectionVarBinding = "yes"
+    else hasPropertyWrapperProjectionVarBinding = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperProjectionVar()
+    then hasPropertyWrapperProjectionVar = "yes"
+    else hasPropertyWrapperProjectionVar = "no"
+  ) and
   getIntroducerInt = x.getIntroducerInt()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "getType:", getType, "getIntroducerInt:", getIntroducerInt
+select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType,
+  "getNumberOfAccessorDecls:", getNumberOfAccessorDecls, "getName:", getName, "getType:", getType,
+  "hasAttachedPropertyWrapperType:", hasAttachedPropertyWrapperType, "hasParentPattern:",
+  hasParentPattern, "hasParentInitializer:", hasParentInitializer,
+  "hasPropertyWrapperBackingVarBinding:", hasPropertyWrapperBackingVarBinding,
+  "hasPropertyWrapperBackingVar:", hasPropertyWrapperBackingVar,
+  "hasPropertyWrapperProjectionVarBinding:", hasPropertyWrapperProjectionVarBinding,
+  "hasPropertyWrapperProjectionVar:", hasPropertyWrapperProjectionVar, "getIntroducerInt:",
+  getIntroducerInt
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAccessorDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAccessorDecl.expected
index cfbce6fe5ef..956ca097bd1 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAccessorDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAccessorDecl.expected
@@ -1,13 +1,40 @@
 | var_decls.swift:10:12:10:12 | numbers | 0 | var_decls.swift:10:12:10:12 | get |
 | var_decls.swift:15:7:15:7 | wrappedValue | 0 | var_decls.swift:15:7:15:7 | get |
 | var_decls.swift:15:7:15:7 | wrappedValue | 1 | var_decls.swift:15:7:15:7 | set |
-| var_decls.swift:15:7:15:7 | wrappedValue | 2 | var_decls.swift:15:7:15:7 | (unnamed function decl) |
+| var_decls.swift:15:7:15:7 | wrappedValue | 2 | var_decls.swift:15:7:15:7 | _modify |
 | var_decls.swift:20:7:20:7 | wrappedValue | 0 | var_decls.swift:20:7:20:7 | get |
 | var_decls.swift:20:7:20:7 | wrappedValue | 1 | var_decls.swift:20:7:20:7 | set |
-| var_decls.swift:20:7:20:7 | wrappedValue | 2 | var_decls.swift:20:7:20:7 | (unnamed function decl) |
+| var_decls.swift:20:7:20:7 | wrappedValue | 2 | var_decls.swift:20:7:20:7 | _modify |
 | var_decls.swift:24:15:24:15 | _wrapped | 0 | var_decls.swift:24:15:24:15 | get |
 | var_decls.swift:24:15:24:15 | _wrapped | 1 | var_decls.swift:24:15:24:15 | set |
-| var_decls.swift:24:15:24:15 | _wrapped | 2 | var_decls.swift:24:15:24:15 | (unnamed function decl) |
+| var_decls.swift:24:15:24:15 | _wrapped | 2 | var_decls.swift:24:15:24:15 | _modify |
 | var_decls.swift:24:15:24:15 | wrapped | 0 | var_decls.swift:24:15:24:15 | get |
 | var_decls.swift:24:15:24:15 | wrapped | 1 | var_decls.swift:24:15:24:15 | set |
-| var_decls.swift:24:15:24:15 | wrapped | 2 | var_decls.swift:24:15:24:15 | (unnamed function decl) |
+| var_decls.swift:24:15:24:15 | wrapped | 2 | var_decls.swift:24:15:24:15 | _modify |
+| var_decls.swift:28:7:28:7 | wrappedValue | 0 | var_decls.swift:28:7:28:7 | get |
+| var_decls.swift:28:7:28:7 | wrappedValue | 1 | var_decls.swift:28:7:28:7 | set |
+| var_decls.swift:28:7:28:7 | wrappedValue | 2 | var_decls.swift:28:7:28:7 | _modify |
+| var_decls.swift:34:7:34:7 | wrappedValue | 0 | var_decls.swift:34:7:34:7 | get |
+| var_decls.swift:34:7:34:7 | wrappedValue | 1 | var_decls.swift:34:7:34:7 | set |
+| var_decls.swift:34:7:34:7 | wrappedValue | 2 | var_decls.swift:34:7:34:7 | _modify |
+| var_decls.swift:35:7:35:7 | projectedValue | 0 | var_decls.swift:35:7:35:7 | get |
+| var_decls.swift:35:7:35:7 | projectedValue | 1 | var_decls.swift:35:7:35:7 | set |
+| var_decls.swift:35:7:35:7 | projectedValue | 2 | var_decls.swift:35:7:35:7 | _modify |
+| var_decls.swift:39:7:39:7 | wrappedValue | 0 | var_decls.swift:39:7:39:7 | get |
+| var_decls.swift:39:7:39:7 | wrappedValue | 1 | var_decls.swift:39:7:39:7 | set |
+| var_decls.swift:39:7:39:7 | wrappedValue | 2 | var_decls.swift:39:7:39:7 | _modify |
+| var_decls.swift:40:7:40:7 | projectedValue | 0 | var_decls.swift:40:7:40:7 | get |
+| var_decls.swift:40:7:40:7 | projectedValue | 1 | var_decls.swift:40:7:40:7 | set |
+| var_decls.swift:40:7:40:7 | projectedValue | 2 | var_decls.swift:40:7:40:7 | _modify |
+| var_decls.swift:54:10:54:10 | w1 | 0 | var_decls.swift:54:10:54:10 | get |
+| var_decls.swift:54:10:54:10 | w1 | 1 | var_decls.swift:54:10:54:10 | set |
+| var_decls.swift:55:24:55:24 | w2 | 0 | var_decls.swift:55:24:55:24 | get |
+| var_decls.swift:55:24:55:24 | w2 | 1 | var_decls.swift:55:24:55:24 | set |
+| var_decls.swift:56:29:56:29 | $w3 | 0 | var_decls.swift:56:29:56:29 | get |
+| var_decls.swift:56:29:56:29 | $w3 | 1 | var_decls.swift:56:29:56:29 | set |
+| var_decls.swift:56:29:56:29 | w3 | 0 | var_decls.swift:56:29:56:29 | get |
+| var_decls.swift:56:29:56:29 | w3 | 1 | var_decls.swift:56:29:56:29 | set |
+| var_decls.swift:57:36:57:36 | $w4 | 0 | var_decls.swift:57:36:57:36 | get |
+| var_decls.swift:57:36:57:36 | $w4 | 1 | var_decls.swift:57:36:57:36 | set |
+| var_decls.swift:57:36:57:36 | w4 | 0 | var_decls.swift:57:36:57:36 | get |
+| var_decls.swift:57:36:57:36 | w4 | 1 | var_decls.swift:57:36:57:36 | set |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAttachedPropertyWrapperType.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAttachedPropertyWrapperType.expected
index 67bff5661b0..0212cc38f14 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAttachedPropertyWrapperType.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getAttachedPropertyWrapperType.expected
@@ -1 +1,5 @@
 | var_decls.swift:24:15:24:15 | wrapped | X<Y> |
+| var_decls.swift:54:10:54:10 | w1 | X<Int> |
+| var_decls.swift:55:24:55:24 | w2 | WrapperWithInit |
+| var_decls.swift:56:29:56:29 | w3 | WrapperWithProjected |
+| var_decls.swift:57:36:57:36 | w4 | WrapperWithProjectedAndInit |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentInitializer.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentInitializer.expected
index 786b16fcab1..3f07cd825e9 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentInitializer.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentInitializer.expected
@@ -1,3 +1,13 @@
 | var_decls.swift:4:7:4:7 | i | var_decls.swift:4:11:4:11 | 0 |
 | var_decls.swift:7:5:7:5 | numbers | var_decls.swift:7:15:7:18 | [...] |
 | var_decls.swift:10:12:10:12 | numbers | var_decls.swift:10:22:10:35 | [...] |
+| var_decls.swift:34:7:34:7 | wrappedValue | var_decls.swift:34:28:34:28 | 42 |
+| var_decls.swift:35:7:35:7 | projectedValue | var_decls.swift:35:31:35:31 | false |
+| var_decls.swift:54:10:54:10 | _w1 | var_decls.swift:54:4:54:15 | call to init(wrappedValue:) |
+| var_decls.swift:54:10:54:10 | w1 | var_decls.swift:54:4:54:15 | call to init(wrappedValue:) |
+| var_decls.swift:55:24:55:24 | _w2 | var_decls.swift:55:4:55:29 | call to init(wrappedValue:) |
+| var_decls.swift:55:24:55:24 | w2 | var_decls.swift:55:4:55:29 | call to init(wrappedValue:) |
+| var_decls.swift:56:29:56:29 | _w3 | var_decls.swift:56:4:56:34 | call to init(wrappedValue:projectedValue:) |
+| var_decls.swift:56:29:56:29 | w3 | var_decls.swift:56:4:56:34 | call to init(wrappedValue:projectedValue:) |
+| var_decls.swift:57:36:57:36 | _w4 | var_decls.swift:57:4:57:41 | call to init(wrappedValue:) |
+| var_decls.swift:57:36:57:36 | w4 | var_decls.swift:57:4:57:41 | call to init(wrappedValue:) |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentPattern.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentPattern.expected
index 8e15539394a..67df53f0cce 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentPattern.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getParentPattern.expected
@@ -5,3 +5,18 @@
 | var_decls.swift:20:7:20:7 | wrappedValue | var_decls.swift:20:7:20:21 | ... as ... |
 | var_decls.swift:24:15:24:15 | _wrapped | var_decls.swift:24:15:24:15 | ... as ... |
 | var_decls.swift:24:15:24:15 | wrapped | var_decls.swift:24:15:24:25 | ... as ... |
+| var_decls.swift:28:7:28:7 | wrappedValue | var_decls.swift:28:7:28:22 | ... as ... |
+| var_decls.swift:34:7:34:7 | wrappedValue | var_decls.swift:34:7:34:22 | ... as ... |
+| var_decls.swift:35:7:35:7 | projectedValue | var_decls.swift:35:7:35:24 | ... as ... |
+| var_decls.swift:39:7:39:7 | wrappedValue | var_decls.swift:39:7:39:22 | ... as ... |
+| var_decls.swift:40:7:40:7 | projectedValue | var_decls.swift:40:7:40:24 | ... as ... |
+| var_decls.swift:54:10:54:10 | _w1 | var_decls.swift:54:10:54:10 | ... as ... |
+| var_decls.swift:54:10:54:10 | w1 | var_decls.swift:54:10:54:10 | w1 |
+| var_decls.swift:55:24:55:24 | _w2 | var_decls.swift:55:24:55:24 | ... as ... |
+| var_decls.swift:55:24:55:24 | w2 | var_decls.swift:55:24:55:24 | w2 |
+| var_decls.swift:56:29:56:29 | $w3 | var_decls.swift:56:29:56:29 | ... as ... |
+| var_decls.swift:56:29:56:29 | _w3 | var_decls.swift:56:29:56:29 | ... as ... |
+| var_decls.swift:56:29:56:29 | w3 | var_decls.swift:56:29:56:29 | w3 |
+| var_decls.swift:57:36:57:36 | $w4 | var_decls.swift:57:36:57:36 | ... as ... |
+| var_decls.swift:57:36:57:36 | _w4 | var_decls.swift:57:36:57:36 | ... as ... |
+| var_decls.swift:57:36:57:36 | w4 | var_decls.swift:57:36:57:36 | w4 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.expected
new file mode 100644
index 00000000000..b32567e0cbb
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.expected
@@ -0,0 +1,5 @@
+| var_decls.swift:24:15:24:15 | wrapped | var_decls.swift:24:15:24:15 | _wrapped |
+| var_decls.swift:54:10:54:10 | w1 | var_decls.swift:54:10:54:10 | _w1 |
+| var_decls.swift:55:24:55:24 | w2 | var_decls.swift:55:24:55:24 | _w2 |
+| var_decls.swift:56:29:56:29 | w3 | var_decls.swift:56:29:56:29 | _w3 |
+| var_decls.swift:57:36:57:36 | w4 | var_decls.swift:57:36:57:36 | _w4 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.ql
new file mode 100644
index 00000000000..a70361143c6
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVar.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ConcreteVarDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperBackingVar()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.expected
new file mode 100644
index 00000000000..d6069ccf602
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.expected
@@ -0,0 +1,5 @@
+| var_decls.swift:24:15:24:15 | wrapped | file://:0:0:0:0 | var ... = ... |
+| var_decls.swift:54:10:54:10 | w1 | file://:0:0:0:0 | var ... = ... |
+| var_decls.swift:55:24:55:24 | w2 | file://:0:0:0:0 | var ... = ... |
+| var_decls.swift:56:29:56:29 | w3 | file://:0:0:0:0 | var ... = ... |
+| var_decls.swift:57:36:57:36 | w4 | file://:0:0:0:0 | var ... = ... |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.ql
new file mode 100644
index 00000000000..dea82691f5d
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperBackingVarBinding.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ConcreteVarDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperBackingVarBinding()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.expected
new file mode 100644
index 00000000000..720938bab9b
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.expected
@@ -0,0 +1,2 @@
+| var_decls.swift:56:29:56:29 | w3 | var_decls.swift:56:29:56:29 | $w3 |
+| var_decls.swift:57:36:57:36 | w4 | var_decls.swift:57:36:57:36 | $w4 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.ql
new file mode 100644
index 00000000000..3855735ab02
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVar.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ConcreteVarDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperProjectionVar()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.expected
new file mode 100644
index 00000000000..cb47a922746
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.expected
@@ -0,0 +1,2 @@
+| var_decls.swift:56:29:56:29 | w3 | file://:0:0:0:0 | var ... = ... |
+| var_decls.swift:57:36:57:36 | w4 | file://:0:0:0:0 | var ... = ... |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.ql b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.ql
new file mode 100644
index 00000000000..836726bc36a
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/ConcreteVarDecl_getPropertyWrapperProjectionVarBinding.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ConcreteVarDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperProjectionVarBinding()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/var_decls.swift b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/var_decls.swift
index 37c145a5a42..0bb5dc93edd 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/var_decls.swift
+++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/var_decls.swift
@@ -23,3 +23,36 @@ struct Y {
 struct Wrapped {
     @X @Y var wrapped : Int
 }
+
+@propertyWrapper struct WrapperWithInit {
+  var wrappedValue : Int
+
+  init(wrappedValue: Int) { self.wrappedValue = wrappedValue }
+}
+
+@propertyWrapper struct WrapperWithProjected {
+  var wrappedValue : Int = 42
+  var projectedValue : Bool = false
+}
+
+@propertyWrapper struct WrapperWithProjectedAndInit {
+  var wrappedValue : Int
+  var projectedValue : Bool
+
+  init(wrappedValue: Int) {
+    self.wrappedValue = wrappedValue
+    self.projectedValue = false
+  }
+
+  init(projectedValue: Bool) {
+    self.wrappedValue = 0
+    self.projectedValue = projectedValue
+  }
+}
+
+func f3() {
+  @X var w1 = 1
+  @WrapperWithInit var w2 = 2
+  @WrapperWithProjected var w3 = 3
+  @WrapperWithProjectedAndInit var w4 = 4
+}
diff --git a/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.expected b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.expected
index f7d69b7d1cd..2c813018f22 100644
--- a/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.expected
@@ -1,4 +1,4 @@
-| enums.swift:1:1:4:1 | EnumValues | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumValues.Type | getName: | EnumValues | getType: | EnumValues |
-| enums.swift:7:1:10:1 | EnumValuesWithBase | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumValuesWithBase.Type | getName: | EnumValuesWithBase | getType: | EnumValuesWithBase |
-| enums.swift:12:1:16:1 | EnumWithParams | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumWithParams.Type | getName: | EnumWithParams | getType: | EnumWithParams |
-| enums.swift:18:1:21:1 | GenericEnum | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | GenericEnum<T>.Type | getName: | GenericEnum | getType: | GenericEnum |
+| enums.swift:1:1:4:1 | EnumValues | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumValues.Type | getName: | EnumValues | getNumberOfBaseTypes: | 0 | getNumberOfMembers: | 11 | getType: | EnumValues |
+| enums.swift:7:1:10:1 | EnumValuesWithBase | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumValuesWithBase.Type | getName: | EnumValuesWithBase | getNumberOfBaseTypes: | 1 | getNumberOfMembers: | 11 | getType: | EnumValuesWithBase |
+| enums.swift:12:1:16:1 | EnumWithParams | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | EnumWithParams.Type | getName: | EnumWithParams | getNumberOfBaseTypes: | 0 | getNumberOfMembers: | 6 | getType: | EnumWithParams |
+| enums.swift:18:1:21:1 | GenericEnum | getNumberOfGenericTypeParams: | 1 | getModule: | file://:0:0:0:0 | enums | getInterfaceType: | GenericEnum<T>.Type | getName: | GenericEnum | getNumberOfBaseTypes: | 0 | getNumberOfMembers: | 4 | getType: | GenericEnum |
diff --git a/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.ql b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.ql
index 59e49fb9bbc..5d69df7665a 100644
--- a/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/EnumDecl.ql
@@ -2,13 +2,19 @@
 import codeql.swift.elements
 import TestUtils
 
-from EnumDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, Type getType
+from
+  EnumDecl x, int getNumberOfGenericTypeParams, ModuleDecl getModule, Type getInterfaceType,
+  string getName, int getNumberOfBaseTypes, int getNumberOfMembers, Type getType
 where
   toBeTested(x) and
   not x.isUnknown() and
+  getNumberOfGenericTypeParams = x.getNumberOfGenericTypeParams() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName() and
+  getNumberOfBaseTypes = x.getNumberOfBaseTypes() and
+  getNumberOfMembers = x.getNumberOfMembers() and
   getType = x.getType()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "getType:", getType
+select x, "getNumberOfGenericTypeParams:", getNumberOfGenericTypeParams, "getModule:", getModule,
+  "getInterfaceType:", getInterfaceType, "getName:", getName, "getNumberOfBaseTypes:",
+  getNumberOfBaseTypes, "getNumberOfMembers:", getNumberOfMembers, "getType:", getType
diff --git a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.expected b/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.expected
index e3e6da93082..5fb473d56ec 100644
--- a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.expected
@@ -1 +1 @@
-| if_config.swift:1:1:10:1 | #if ... | getModule: | file://:0:0:0:0 | if_config |
+| if_config.swift:1:1:10:1 | #if ... | getModule: | file://:0:0:0:0 | if_config | getNumberOfActiveElements: | 3 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.ql b/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.ql
index b4502028b41..35ba16755ae 100644
--- a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl.ql
@@ -2,9 +2,10 @@
 import codeql.swift.elements
 import TestUtils
 
-from IfConfigDecl x, ModuleDecl getModule
+from IfConfigDecl x, ModuleDecl getModule, int getNumberOfActiveElements
 where
   toBeTested(x) and
   not x.isUnknown() and
-  getModule = x.getModule()
-select x, "getModule:", getModule
+  getModule = x.getModule() and
+  getNumberOfActiveElements = x.getNumberOfActiveElements()
+select x, "getModule:", getModule, "getNumberOfActiveElements:", getNumberOfActiveElements
diff --git a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl_getClause.expected b/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl_getClause.expected
deleted file mode 100644
index d90ba458397..00000000000
--- a/swift/ql/test/extractor-tests/generated/decl/IfConfigDecl/IfConfigDecl_getClause.expected
+++ /dev/null
@@ -1,3 +0,0 @@
-| if_config.swift:1:1:10:1 | #if ... | 0 | if_config.swift:1:1:1:1 | IfConfigClause |
-| if_config.swift:1:1:10:1 | #if ... | 1 | if_config.swift:4:1:4:1 | IfConfigClause |
-| if_config.swift:1:1:10:1 | #if ... | 2 | if_config.swift:7:1:7:1 | IfConfigClause |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.expected
index 17bd119059b..27a12648593 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.expected
@@ -1,5 +1,5 @@
-| import.swift:1:1:1:8 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no |
-| import.swift:2:1:2:24 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no |
-| import.swift:3:12:3:32 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | yes |
-| import.swift:4:1:4:19 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no |
-| import.swift:5:1:5:23 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no |
+| import.swift:1:1:1:8 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no | hasImportedModule: | yes | getNumberOfDeclarations: | 0 |
+| import.swift:2:1:2:24 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no | hasImportedModule: | yes | getNumberOfDeclarations: | 1 |
+| import.swift:3:12:3:32 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | yes | hasImportedModule: | yes | getNumberOfDeclarations: | 1 |
+| import.swift:4:1:4:19 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no | hasImportedModule: | yes | getNumberOfDeclarations: | 2 |
+| import.swift:5:1:5:23 | import ... | getModule: | file://:0:0:0:0 | import | isExported: | no | hasImportedModule: | yes | getNumberOfDeclarations: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.ql
index d4651de1b39..7802bde60f1 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ImportDecl/ImportDecl.ql
@@ -2,10 +2,15 @@
 import codeql.swift.elements
 import TestUtils
 
-from ImportDecl x, ModuleDecl getModule, string isExported
+from
+  ImportDecl x, ModuleDecl getModule, string isExported, string hasImportedModule,
+  int getNumberOfDeclarations
 where
   toBeTested(x) and
   not x.isUnknown() and
   getModule = x.getModule() and
-  if x.isExported() then isExported = "yes" else isExported = "no"
-select x, "getModule:", getModule, "isExported:", isExported
+  (if x.isExported() then isExported = "yes" else isExported = "no") and
+  (if x.hasImportedModule() then hasImportedModule = "yes" else hasImportedModule = "no") and
+  getNumberOfDeclarations = x.getNumberOfDeclarations()
+select x, "getModule:", getModule, "isExported:", isExported, "hasImportedModule:",
+  hasImportedModule, "getNumberOfDeclarations:", getNumberOfDeclarations
diff --git a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.expected
index 068e959b885..e73a1739f4c 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.expected
@@ -1,3 +1,3 @@
-| file://:0:0:0:0 | Foo | getModule: | file://:0:0:0:0 | Foo | getInterfaceType: | module<Foo> | getName: | Foo | isBuiltinModule: | no | isSystemModule: | no |
-| file://:0:0:0:0 | __ObjC | getModule: | file://:0:0:0:0 | __ObjC | getInterfaceType: | module<__ObjC> | getName: | __ObjC | isBuiltinModule: | no | isSystemModule: | no |
-| file://:0:0:0:0 | default_module_name | getModule: | file://:0:0:0:0 | default_module_name | getInterfaceType: | module<default_module_name> | getName: | default_module_name | isBuiltinModule: | no | isSystemModule: | no |
+| file://:0:0:0:0 | Foo | getModule: | file://:0:0:0:0 | Foo | getInterfaceType: | module<Foo> | getName: | Foo | getNumberOfBaseTypes: | 0 | isBuiltinModule: | no | isSystemModule: | no | getNumberOfImportedModules: | 4 | getNumberOfExportedModules: | 1 |
+| file://:0:0:0:0 | __ObjC | getModule: | file://:0:0:0:0 | __ObjC | getInterfaceType: | module<__ObjC> | getName: | __ObjC | getNumberOfBaseTypes: | 0 | isBuiltinModule: | no | isSystemModule: | no | getNumberOfImportedModules: | 1 | getNumberOfExportedModules: | 0 |
+| file://:0:0:0:0 | default_module_name | getModule: | file://:0:0:0:0 | default_module_name | getInterfaceType: | module<default_module_name> | getName: | default_module_name | getNumberOfBaseTypes: | 0 | isBuiltinModule: | no | isSystemModule: | no | getNumberOfImportedModules: | 4 | getNumberOfExportedModules: | 0 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.ql
index 59aa8ec01e5..ccb46feb9ec 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl.ql
@@ -3,15 +3,21 @@ import codeql.swift.elements
 import TestUtils
 
 from
-  ModuleDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, string isBuiltinModule,
-  string isSystemModule
+  ModuleDecl x, ModuleDecl getModule, Type getInterfaceType, string getName,
+  int getNumberOfBaseTypes, string isBuiltinModule, string isSystemModule,
+  int getNumberOfImportedModules, int getNumberOfExportedModules
 where
   toBeTested(x) and
   not x.isUnknown() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName() and
+  getNumberOfBaseTypes = x.getNumberOfBaseTypes() and
   (if x.isBuiltinModule() then isBuiltinModule = "yes" else isBuiltinModule = "no") and
-  if x.isSystemModule() then isSystemModule = "yes" else isSystemModule = "no"
+  (if x.isSystemModule() then isSystemModule = "yes" else isSystemModule = "no") and
+  getNumberOfImportedModules = x.getNumberOfImportedModules() and
+  getNumberOfExportedModules = x.getNumberOfExportedModules()
 select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "isBuiltinModule:", isBuiltinModule, "isSystemModule:", isSystemModule
+  "getNumberOfBaseTypes:", getNumberOfBaseTypes, "isBuiltinModule:", isBuiltinModule,
+  "isSystemModule:", isSystemModule, "getNumberOfImportedModules:", getNumberOfImportedModules,
+  "getNumberOfExportedModules:", getNumberOfExportedModules
diff --git a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getDefaultImportedModule.expected b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getDefaultImportedModule.expected
deleted file mode 100644
index 7e29a9ce479..00000000000
--- a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getDefaultImportedModule.expected
+++ /dev/null
@@ -1,7 +0,0 @@
-| file://:0:0:0:0 | Foo | 0 | file://:0:0:0:0 | Swift |
-| file://:0:0:0:0 | Foo | 1 | file://:0:0:0:0 | _Concurrency |
-| file://:0:0:0:0 | Foo | 2 | file://:0:0:0:0 | SwiftOnoneSupport |
-| file://:0:0:0:0 | __ObjC | 0 | file://:0:0:0:0 | Swift |
-| file://:0:0:0:0 | default_module_name | 0 | file://:0:0:0:0 | Swift |
-| file://:0:0:0:0 | default_module_name | 1 | file://:0:0:0:0 | _Concurrency |
-| file://:0:0:0:0 | default_module_name | 2 | file://:0:0:0:0 | SwiftOnoneSupport |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getImportedModule.expected b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getImportedModule.expected
index 7e29a9ce479..ca1793b95ef 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getImportedModule.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ModuleDecl/ModuleDecl_getImportedModule.expected
@@ -1,7 +1,9 @@
 | file://:0:0:0:0 | Foo | 0 | file://:0:0:0:0 | Swift |
-| file://:0:0:0:0 | Foo | 1 | file://:0:0:0:0 | _Concurrency |
-| file://:0:0:0:0 | Foo | 2 | file://:0:0:0:0 | SwiftOnoneSupport |
+| file://:0:0:0:0 | Foo | 1 | file://:0:0:0:0 | _StringProcessing |
+| file://:0:0:0:0 | Foo | 2 | file://:0:0:0:0 | _Concurrency |
+| file://:0:0:0:0 | Foo | 3 | file://:0:0:0:0 | SwiftOnoneSupport |
 | file://:0:0:0:0 | __ObjC | 0 | file://:0:0:0:0 | Swift |
 | file://:0:0:0:0 | default_module_name | 0 | file://:0:0:0:0 | Swift |
-| file://:0:0:0:0 | default_module_name | 1 | file://:0:0:0:0 | _Concurrency |
-| file://:0:0:0:0 | default_module_name | 2 | file://:0:0:0:0 | SwiftOnoneSupport |
+| file://:0:0:0:0 | default_module_name | 1 | file://:0:0:0:0 | _StringProcessing |
+| file://:0:0:0:0 | default_module_name | 2 | file://:0:0:0:0 | _Concurrency |
+| file://:0:0:0:0 | default_module_name | 3 | file://:0:0:0:0 | SwiftOnoneSupport |
diff --git a/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.expected b/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.expected
index 2c9015cd7ef..752629add37 100644
--- a/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.expected
@@ -1,4 +1,4 @@
-| file://:0:0:0:0 | _ | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some Base).Type | getName: | _ | getNamingDeclaration: | opaque_types.swift:9:1:9:51 | baz(_:) |
-| file://:0:0:0:0 | _ | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some P).Type | getName: | _ | getNamingDeclaration: | opaque_types.swift:5:1:5:45 | bar(_:) |
-| file://:0:0:0:0 | _ | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some P).Type | getName: | _ | getNamingDeclaration: | opaque_types.swift:13:1:13:59 | bazz() |
-| file://:0:0:0:0 | _ | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some SignedInteger).Type | getName: | _ | getNamingDeclaration: | opaque_types.swift:1:1:1:45 | foo() |
+| file://:0:0:0:0 | _ | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some Base).Type | getName: | _ | getNumberOfBaseTypes: | 0 | getNamingDeclaration: | opaque_types.swift:9:1:9:51 | baz(_:) | getNumberOfOpaqueGenericParams: | 1 |
+| file://:0:0:0:0 | _ | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some P).Type | getName: | _ | getNumberOfBaseTypes: | 0 | getNamingDeclaration: | opaque_types.swift:5:1:5:45 | bar(_:) | getNumberOfOpaqueGenericParams: | 1 |
+| file://:0:0:0:0 | _ | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some P).Type | getName: | _ | getNumberOfBaseTypes: | 0 | getNamingDeclaration: | opaque_types.swift:13:1:13:59 | bazz() | getNumberOfOpaqueGenericParams: | 1 |
+| file://:0:0:0:0 | _ | getNumberOfGenericTypeParams: | 0 | getModule: | file://:0:0:0:0 | opaque_types | getInterfaceType: | (some SignedInteger).Type | getName: | _ | getNumberOfBaseTypes: | 0 | getNamingDeclaration: | opaque_types.swift:1:1:1:45 | foo() | getNumberOfOpaqueGenericParams: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.ql b/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.ql
index a393ce61aeb..53bd74b470f 100644
--- a/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/OpaqueTypeDecl/OpaqueTypeDecl.ql
@@ -3,14 +3,20 @@ import codeql.swift.elements
 import TestUtils
 
 from
-  OpaqueTypeDecl x, ModuleDecl getModule, Type getInterfaceType, string getName,
-  ValueDecl getNamingDeclaration
+  OpaqueTypeDecl x, int getNumberOfGenericTypeParams, ModuleDecl getModule, Type getInterfaceType,
+  string getName, int getNumberOfBaseTypes, ValueDecl getNamingDeclaration,
+  int getNumberOfOpaqueGenericParams
 where
   toBeTested(x) and
   not x.isUnknown() and
+  getNumberOfGenericTypeParams = x.getNumberOfGenericTypeParams() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
   getName = x.getName() and
-  getNamingDeclaration = x.getNamingDeclaration()
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "getNamingDeclaration:", getNamingDeclaration
+  getNumberOfBaseTypes = x.getNumberOfBaseTypes() and
+  getNamingDeclaration = x.getNamingDeclaration() and
+  getNumberOfOpaqueGenericParams = x.getNumberOfOpaqueGenericParams()
+select x, "getNumberOfGenericTypeParams:", getNumberOfGenericTypeParams, "getModule:", getModule,
+  "getInterfaceType:", getInterfaceType, "getName:", getName, "getNumberOfBaseTypes:",
+  getNumberOfBaseTypes, "getNamingDeclaration:", getNamingDeclaration,
+  "getNumberOfOpaqueGenericParams:", getNumberOfOpaqueGenericParams
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.expected
index ec27bd5592c..9aa8d8c3916 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.expected
@@ -1,18 +1,63 @@
-| param_decls.swift:1:10:1:13 | _ | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | _ | getType: | Int | isInout: | no |
-| param_decls.swift:1:18:1:29 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Double | getName: | y | getType: | Double | isInout: | yes |
-| param_decls.swift:2:10:2:13 | _ | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | _ | getType: | Int | isInout: | no |
-| param_decls.swift:2:18:2:29 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Double | getName: | y | getType: | Double | isInout: | yes |
-| param_decls.swift:4:8:4:8 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getName: | self | getType: | S | isInout: | yes |
-| param_decls.swift:5:5:5:5 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getName: | self | getType: | S | isInout: | yes |
-| param_decls.swift:5:15:5:15 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | x | getType: | Int | isInout: | no |
-| param_decls.swift:5:15:5:15 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | x | getType: | Int | isInout: | no |
-| param_decls.swift:5:15:5:18 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | x | getType: | Int | isInout: | no |
-| param_decls.swift:5:23:5:23 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | y | getType: | Int | isInout: | no |
-| param_decls.swift:5:23:5:23 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | y | getType: | Int | isInout: | no |
-| param_decls.swift:5:23:5:26 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | y | getType: | Int | isInout: | no |
-| param_decls.swift:6:9:6:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getName: | self | getType: | S | isInout: | no |
-| param_decls.swift:7:9:7:9 | newValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int? | getName: | newValue | getType: | Int? | isInout: | no |
-| param_decls.swift:7:9:7:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getName: | self | getType: | S | isInout: | yes |
-| param_decls.swift:12:13:12:22 | s | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | String | getName: | s | getType: | String | isInout: | yes |
-| param_decls.swift:13:13:13:22 | s | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | String | getName: | s | getType: | String | isInout: | yes |
-| param_decls.swift:14:26:14:26 | $0 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getName: | $0 | getType: | Int | isInout: | no |
+| file://:0:0:0:0 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | x | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| file://:0:0:0:0 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:1:10:1:13 | _ | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | _ | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:1:18:1:29 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Double | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Double | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:2:10:2:13 | _ | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | _ | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:2:18:2:29 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Double | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Double | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:4:8:4:8 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | S | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:5:5:5 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | S | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:15:5:15 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | x | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:15:5:15 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | x | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:15:5:18 | x | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | x | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:23:5:23 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:23:5:23 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:5:23:5:26 | y | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | y | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:6:9:6:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | S | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:7:9:7:9 | newValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int? | getNumberOfAccessorDecls: | 0 | getName: | newValue | getType: | Int? | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:7:9:7:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | S | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | S | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:12:13:12:22 | s | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | String | getNumberOfAccessorDecls: | 0 | getName: | s | getType: | String | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:13:13:13:22 | s | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | String | getNumberOfAccessorDecls: | 0 | getName: | s | getType: | String | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:14:26:14:26 | $0 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | $0 | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:17:25:17:25 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Wrapper | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | Wrapper | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:17:25:17:25 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Wrapper | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | Wrapper | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:17:25:17:25 | wrappedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:18:9:18:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Wrapper | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | Wrapper | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:18:9:18:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Wrapper | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | Wrapper | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:18:9:18:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Wrapper | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | Wrapper | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:18:9:18:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:22:9:22:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:22:9:22:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:22:9:22:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:22:9:22:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:24:5:24:5 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:24:10:24:24 | wrappedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:27:25:27:25 | projectedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | projectedValue | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:27:25:27:25 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:27:25:27:25 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:27:25:27:25 | wrappedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:28:9:28:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:28:9:28:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:28:9:28:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:28:9:28:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:29:9:29:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:29:9:29:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:29:9:29:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjected | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjected | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:29:9:29:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:33:9:33:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:33:9:33:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:33:9:33:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:33:9:33:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:34:9:34:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:34:9:34:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:34:9:34:9 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:34:9:34:9 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:36:5:36:5 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:36:10:36:24 | wrappedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | wrappedValue | getType: | Int | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:41:5:41:5 | self | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | WrapperWithProjectedAndInit | getNumberOfAccessorDecls: | 0 | getName: | self | getType: | WrapperWithProjectedAndInit | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | yes | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:41:10:41:26 | projectedValue | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | projectedValue | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:48:18:48:22 | p1 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | p1 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | yes |
+| param_decls.swift:49:26:49:30 | p2 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | p2 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | yes | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | yes |
+| param_decls.swift:50:31:50:31 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:50:31:50:35 | p3 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | p3 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | yes | hasPropertyWrapperProjectionVar: | yes | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | yes |
+| param_decls.swift:51:38:51:38 | value | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Bool | getNumberOfAccessorDecls: | 0 | getName: | value | getType: | Bool | hasAttachedPropertyWrapperType: | no | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | no | hasPropertyWrapperProjectionVarBinding: | no | hasPropertyWrapperProjectionVar: | no | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | no |
+| param_decls.swift:51:38:51:42 | p4 | getModule: | file://:0:0:0:0 | param_decls | getInterfaceType: | Int | getNumberOfAccessorDecls: | 0 | getName: | p4 | getType: | Int | hasAttachedPropertyWrapperType: | yes | hasParentPattern: | no | hasParentInitializer: | no | hasPropertyWrapperBackingVarBinding: | no | hasPropertyWrapperBackingVar: | yes | hasPropertyWrapperProjectionVarBinding: | yes | hasPropertyWrapperProjectionVar: | yes | isInout: | no | hasPropertyWrapperLocalWrappedVarBinding: | no | hasPropertyWrapperLocalWrappedVar: | yes |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.ql
index ff2d11741c5..7d3fb4e5b40 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl.ql
@@ -3,15 +3,63 @@ import codeql.swift.elements
 import TestUtils
 
 from
-  ParamDecl x, ModuleDecl getModule, Type getInterfaceType, string getName, Type getType,
-  string isInout
+  ParamDecl x, ModuleDecl getModule, Type getInterfaceType, int getNumberOfAccessorDecls,
+  string getName, Type getType, string hasAttachedPropertyWrapperType, string hasParentPattern,
+  string hasParentInitializer, string hasPropertyWrapperBackingVarBinding,
+  string hasPropertyWrapperBackingVar, string hasPropertyWrapperProjectionVarBinding,
+  string hasPropertyWrapperProjectionVar, string isInout,
+  string hasPropertyWrapperLocalWrappedVarBinding, string hasPropertyWrapperLocalWrappedVar
 where
   toBeTested(x) and
   not x.isUnknown() and
   getModule = x.getModule() and
   getInterfaceType = x.getInterfaceType() and
+  getNumberOfAccessorDecls = x.getNumberOfAccessorDecls() and
   getName = x.getName() and
   getType = x.getType() and
-  if x.isInout() then isInout = "yes" else isInout = "no"
-select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType, "getName:", getName,
-  "getType:", getType, "isInout:", isInout
+  (
+    if x.hasAttachedPropertyWrapperType()
+    then hasAttachedPropertyWrapperType = "yes"
+    else hasAttachedPropertyWrapperType = "no"
+  ) and
+  (if x.hasParentPattern() then hasParentPattern = "yes" else hasParentPattern = "no") and
+  (if x.hasParentInitializer() then hasParentInitializer = "yes" else hasParentInitializer = "no") and
+  (
+    if x.hasPropertyWrapperBackingVarBinding()
+    then hasPropertyWrapperBackingVarBinding = "yes"
+    else hasPropertyWrapperBackingVarBinding = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperBackingVar()
+    then hasPropertyWrapperBackingVar = "yes"
+    else hasPropertyWrapperBackingVar = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperProjectionVarBinding()
+    then hasPropertyWrapperProjectionVarBinding = "yes"
+    else hasPropertyWrapperProjectionVarBinding = "no"
+  ) and
+  (
+    if x.hasPropertyWrapperProjectionVar()
+    then hasPropertyWrapperProjectionVar = "yes"
+    else hasPropertyWrapperProjectionVar = "no"
+  ) and
+  (if x.isInout() then isInout = "yes" else isInout = "no") and
+  (
+    if x.hasPropertyWrapperLocalWrappedVarBinding()
+    then hasPropertyWrapperLocalWrappedVarBinding = "yes"
+    else hasPropertyWrapperLocalWrappedVarBinding = "no"
+  ) and
+  if x.hasPropertyWrapperLocalWrappedVar()
+  then hasPropertyWrapperLocalWrappedVar = "yes"
+  else hasPropertyWrapperLocalWrappedVar = "no"
+select x, "getModule:", getModule, "getInterfaceType:", getInterfaceType,
+  "getNumberOfAccessorDecls:", getNumberOfAccessorDecls, "getName:", getName, "getType:", getType,
+  "hasAttachedPropertyWrapperType:", hasAttachedPropertyWrapperType, "hasParentPattern:",
+  hasParentPattern, "hasParentInitializer:", hasParentInitializer,
+  "hasPropertyWrapperBackingVarBinding:", hasPropertyWrapperBackingVarBinding,
+  "hasPropertyWrapperBackingVar:", hasPropertyWrapperBackingVar,
+  "hasPropertyWrapperProjectionVarBinding:", hasPropertyWrapperProjectionVarBinding,
+  "hasPropertyWrapperProjectionVar:", hasPropertyWrapperProjectionVar, "isInout:", isInout,
+  "hasPropertyWrapperLocalWrappedVarBinding:", hasPropertyWrapperLocalWrappedVarBinding,
+  "hasPropertyWrapperLocalWrappedVar:", hasPropertyWrapperLocalWrappedVar
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAttachedPropertyWrapperType.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAttachedPropertyWrapperType.expected
index e69de29bb2d..0e5bd101964 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAttachedPropertyWrapperType.expected
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getAttachedPropertyWrapperType.expected
@@ -0,0 +1,4 @@
+| param_decls.swift:48:18:48:22 | p1 | Wrapper |
+| param_decls.swift:49:26:49:30 | p2 | WrapperWithInit |
+| param_decls.swift:50:31:50:35 | p3 | WrapperWithProjected |
+| param_decls.swift:51:38:51:42 | p4 | WrapperWithProjectedAndInit |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.expected
new file mode 100644
index 00000000000..6595e3ae3ba
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.expected
@@ -0,0 +1,4 @@
+| param_decls.swift:48:18:48:22 | p1 | param_decls.swift:48:18:48:18 | _p1 |
+| param_decls.swift:49:26:49:30 | p2 | param_decls.swift:49:26:49:26 | _p2 |
+| param_decls.swift:50:31:50:35 | p3 | file://:0:0:0:0 | _p3 |
+| param_decls.swift:51:38:51:42 | p4 | file://:0:0:0:0 | _p4 |
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getIndex.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.ql
similarity index 67%
rename from swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getIndex.ql
rename to swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.ql
index d8d2a7fab69..91be55e732a 100644
--- a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getIndex.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVar.ql
@@ -2,6 +2,6 @@
 import codeql.swift.elements
 import TestUtils
 
-from UnspecifiedElement x
+from ParamDecl x
 where toBeTested(x) and not x.isUnknown()
-select x, x.getIndex()
+select x, x.getPropertyWrapperBackingVar()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.expected
new file mode 100644
index 00000000000..b3dc664e1db
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.expected
@@ -0,0 +1,2 @@
+| param_decls.swift:48:18:48:22 | p1 | file://:0:0:0:0 | var ... = ... |
+| param_decls.swift:49:26:49:30 | p2 | file://:0:0:0:0 | var ... = ... |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.ql
new file mode 100644
index 00000000000..4a331c68504
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperBackingVarBinding.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ParamDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperBackingVarBinding()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.expected
new file mode 100644
index 00000000000..b58494d1f8d
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.expected
@@ -0,0 +1,4 @@
+| param_decls.swift:48:18:48:22 | p1 | param_decls.swift:48:18:48:18 | p1 |
+| param_decls.swift:49:26:49:30 | p2 | param_decls.swift:49:26:49:26 | p2 |
+| param_decls.swift:50:31:50:35 | p3 | param_decls.swift:50:31:50:31 | p3 |
+| param_decls.swift:51:38:51:42 | p4 | param_decls.swift:51:38:51:38 | p4 |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.ql
new file mode 100644
index 00000000000..2c824acc88e
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVar.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ParamDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperLocalWrappedVar()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.ql
new file mode 100644
index 00000000000..018c0cbf18a
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperLocalWrappedVarBinding.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ParamDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperLocalWrappedVarBinding()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.expected
new file mode 100644
index 00000000000..99679a1c64b
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.expected
@@ -0,0 +1,2 @@
+| param_decls.swift:50:31:50:35 | p3 | param_decls.swift:50:31:50:31 | $p3 |
+| param_decls.swift:51:38:51:42 | p4 | param_decls.swift:51:38:51:38 | $p4 |
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.ql
similarity index 66%
rename from swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.ql
rename to swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.ql
index 628d289832b..03c2584c693 100644
--- a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVar.ql
@@ -2,6 +2,6 @@
 import codeql.swift.elements
 import TestUtils
 
-from OverloadedDeclRefExpr x
+from ParamDecl x
 where toBeTested(x) and not x.isUnknown()
-select x
+select x, x.getPropertyWrapperProjectionVar()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.expected
new file mode 100644
index 00000000000..0ebae7b813a
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.expected
@@ -0,0 +1,2 @@
+| param_decls.swift:50:31:50:35 | p3 | file://:0:0:0:0 | var ... = ... |
+| param_decls.swift:51:38:51:42 | p4 | file://:0:0:0:0 | var ... = ... |
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.ql b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.ql
new file mode 100644
index 00000000000..090122697ab
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/ParamDecl_getPropertyWrapperProjectionVarBinding.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ParamDecl x
+where toBeTested(x) and not x.isUnknown()
+select x, x.getPropertyWrapperProjectionVarBinding()
diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/param_decls.swift b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/param_decls.swift
index 72b47ed2c60..aa001dfeca7 100644
--- a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/param_decls.swift
+++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/param_decls.swift
@@ -13,3 +13,40 @@ func closures() {
   let y = {(s: inout String) -> String in ""}
   let z : (Int) -> Int = { $0 + 1 }
 }
+
+@propertyWrapper struct Wrapper {
+    var wrappedValue : Int = 42
+}
+
+@propertyWrapper struct WrapperWithInit {
+    var wrappedValue : Int
+
+    init(wrappedValue: Int) { self.wrappedValue = wrappedValue }
+}
+
+@propertyWrapper struct WrapperWithProjected {
+    var wrappedValue : Int = 42
+    var projectedValue : Bool = false
+}
+
+@propertyWrapper struct WrapperWithProjectedAndInit {
+    var wrappedValue : Int
+    var projectedValue : Bool
+
+    init(wrappedValue: Int) {
+        self.wrappedValue = wrappedValue
+        self.projectedValue = false
+    }
+
+    init(projectedValue: Bool) {
+        self.wrappedValue = 0
+        self.projectedValue = projectedValue
+    }
+}
+
+func f2(
+        @Wrapper p1: Int,
+        @WrapperWithInit p2: Int,
+        @WrapperWithProjected p3: Int,
+        @WrapperWithProjectedAndInit p4: Int
+) {}
diff --git a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.expected b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.expected
index 5defaa92b15..d8f0d8f98c3 100644
--- a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.expected
@@ -1,3 +1,3 @@
-| applied_property_wrapper.swift:14:8:14:8 | AppliedPropertyWrapperExpr | getKind: | 1 | getValue: | applied_property_wrapper.swift:14:8:14:8 | 42 | getParam: | applied_property_wrapper.swift:12:19:12:22 | x |
-| applied_property_wrapper.swift:15:9:15:9 | AppliedPropertyWrapperExpr | getKind: | 2 | getValue: | applied_property_wrapper.swift:15:9:15:9 | true | getParam: | applied_property_wrapper.swift:12:19:12:22 | x |
-| file://:0:0:0:0 | AppliedPropertyWrapperExpr | getKind: | 1 | getValue: | file://:0:0:0:0 | y | getParam: | applied_property_wrapper.swift:17:26:17:29 | y |
+| applied_property_wrapper.swift:14:8:14:8 | AppliedPropertyWrapperExpr | hasType: | yes | getKind: | 1 | getValue: | applied_property_wrapper.swift:14:8:14:8 | 42 | getParam: | applied_property_wrapper.swift:12:19:12:22 | x |
+| applied_property_wrapper.swift:15:9:15:9 | AppliedPropertyWrapperExpr | hasType: | yes | getKind: | 2 | getValue: | applied_property_wrapper.swift:15:9:15:9 | true | getParam: | applied_property_wrapper.swift:12:19:12:22 | x |
+| file://:0:0:0:0 | AppliedPropertyWrapperExpr | hasType: | yes | getKind: | 1 | getValue: | file://:0:0:0:0 | y | getParam: | applied_property_wrapper.swift:17:26:17:29 | y |
diff --git a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.ql b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.ql
index ffeb6db9923..6c73b2336ab 100644
--- a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/AppliedPropertyWrapperExpr.ql
@@ -2,11 +2,12 @@
 import codeql.swift.elements
 import TestUtils
 
-from AppliedPropertyWrapperExpr x, int getKind, Expr getValue, ParamDecl getParam
+from AppliedPropertyWrapperExpr x, string hasType, int getKind, Expr getValue, ParamDecl getParam
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getKind = x.getKind() and
   getValue = x.getValue() and
   getParam = x.getParam()
-select x, "getKind:", getKind, "getValue:", getValue, "getParam:", getParam
+select x, "hasType:", hasType, "getKind:", getKind, "getValue:", getValue, "getParam:", getParam
diff --git a/swift/ql/test/extractor-tests/generated/expr/BridgeToObjCExpr/objc.h b/swift/ql/test/extractor-tests/generated/expr/BridgeToObjCExpr/objc.h
deleted file mode 100644
index 588ee87cfcd..00000000000
--- a/swift/ql/test/extractor-tests/generated/expr/BridgeToObjCExpr/objc.h
+++ /dev/null
@@ -1,2 +0,0 @@
-@interface MyClass : NSObject
-@property int foo @end
diff --git a/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.expected b/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.expected
index 262953a26f5..20ea789bc5c 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.expected
@@ -1,3 +1,3 @@
-| constructor_ref_calls.swift:7:9:7:9 | call to init() | getFunction: | constructor_ref_calls.swift:7:9:7:9 | init() | getBase: | constructor_ref_calls.swift:7:9:7:9 | X.Type |
-| constructor_ref_calls.swift:8:10:8:10 | call to init(_:) | getFunction: | constructor_ref_calls.swift:8:10:8:10 | init(_:) | getBase: | constructor_ref_calls.swift:8:10:8:10 | Y.Type |
-| constructor_ref_calls.swift:9:10:9:10 | call to init() | getFunction: | constructor_ref_calls.swift:9:10:9:10 | init() | getBase: | constructor_ref_calls.swift:9:10:9:10 | Y.Type |
+| constructor_ref_calls.swift:7:9:7:9 | call to init() | hasType: | yes | getFunction: | constructor_ref_calls.swift:7:9:7:9 | init() | getNumberOfArguments: | 1 | getBase: | constructor_ref_calls.swift:7:9:7:9 | X.Type |
+| constructor_ref_calls.swift:8:10:8:10 | call to init(_:) | hasType: | yes | getFunction: | constructor_ref_calls.swift:8:10:8:10 | init(_:) | getNumberOfArguments: | 1 | getBase: | constructor_ref_calls.swift:8:10:8:10 | Y.Type |
+| constructor_ref_calls.swift:9:10:9:10 | call to init() | hasType: | yes | getFunction: | constructor_ref_calls.swift:9:10:9:10 | init() | getNumberOfArguments: | 1 | getBase: | constructor_ref_calls.swift:9:10:9:10 | Y.Type |
diff --git a/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.ql b/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.ql
index 0b88c75f62f..90162a53909 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/ConstructorRefCallExpr/ConstructorRefCallExpr.ql
@@ -2,10 +2,14 @@
 import codeql.swift.elements
 import TestUtils
 
-from ConstructorRefCallExpr x, Expr getFunction, Expr getBase
+from
+  ConstructorRefCallExpr x, string hasType, Expr getFunction, int getNumberOfArguments, Expr getBase
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getFunction = x.getFunction() and
+  getNumberOfArguments = x.getNumberOfArguments() and
   getBase = x.getBase()
-select x, "getFunction:", getFunction, "getBase:", getBase
+select x, "hasType:", hasType, "getFunction:", getFunction, "getNumberOfArguments:",
+  getNumberOfArguments, "getBase:", getBase
diff --git a/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.expected b/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.expected
index 757b781a0da..a404a20b16d 100644
--- a/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.expected
@@ -1,3 +1,3 @@
-| dot_syntax_call.swift:7:13:7:13 | call to ... | getFunction: | dot_syntax_call.swift:7:13:7:13 | { ... } | getBase: | dot_syntax_call.swift:7:13:7:13 | self |
-| dot_syntax_call.swift:15:9:15:11 | call to ... | getFunction: | dot_syntax_call.swift:15:11:15:11 | { ... } | getBase: | dot_syntax_call.swift:15:9:15:9 | X.Type |
-| dot_syntax_call.swift:16:9:16:13 | call to ... | getFunction: | dot_syntax_call.swift:16:13:16:13 | { ... } | getBase: | dot_syntax_call.swift:16:9:16:11 | call to init() |
+| dot_syntax_call.swift:7:13:7:13 | call to ... | hasType: | yes | getFunction: | dot_syntax_call.swift:7:13:7:13 | { ... } | getNumberOfArguments: | 1 | getBase: | dot_syntax_call.swift:7:13:7:13 | self |
+| dot_syntax_call.swift:15:9:15:11 | call to ... | hasType: | yes | getFunction: | dot_syntax_call.swift:15:11:15:11 | { ... } | getNumberOfArguments: | 1 | getBase: | dot_syntax_call.swift:15:9:15:9 | X.Type |
+| dot_syntax_call.swift:16:9:16:13 | call to ... | hasType: | yes | getFunction: | dot_syntax_call.swift:16:13:16:13 | { ... } | getNumberOfArguments: | 1 | getBase: | dot_syntax_call.swift:16:9:16:11 | call to init() |
diff --git a/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.ql b/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.ql
index 775b6f0f34f..f7ab2739e2d 100644
--- a/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/DotSyntaxCallExpr/DotSyntaxCallExpr.ql
@@ -2,10 +2,13 @@
 import codeql.swift.elements
 import TestUtils
 
-from DotSyntaxCallExpr x, Expr getFunction, Expr getBase
+from DotSyntaxCallExpr x, string hasType, Expr getFunction, int getNumberOfArguments, Expr getBase
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getFunction = x.getFunction() and
+  getNumberOfArguments = x.getNumberOfArguments() and
   getBase = x.getBase()
-select x, "getFunction:", getFunction, "getBase:", getBase
+select x, "hasType:", hasType, "getFunction:", getFunction, "getNumberOfArguments:",
+  getNumberOfArguments, "getBase:", getBase
diff --git a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.expected b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.expected
index 06d128d943d..e188be2275f 100644
--- a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.expected
@@ -1,2 +1,2 @@
-| dynamic_lookup.swift:15:1:15:3 | .foo(_:) | DynamicMemberRefExpr | getBase: | dynamic_lookup.swift:15:1:15:1 | OpaqueValueExpr |
-| dynamic_lookup.swift:16:5:16:9 | subscript ...[...] | DynamicSubscriptExpr | getBase: | dynamic_lookup.swift:16:5:16:5 | OpaqueValueExpr |
+| dynamic_lookup.swift:15:1:15:3 | .foo(_:) | DynamicMemberRefExpr | hasType: | yes | getBase: | dynamic_lookup.swift:15:1:15:1 | OpaqueValueExpr | hasMember: | yes |
+| dynamic_lookup.swift:16:5:16:9 | subscript ...[...] | DynamicSubscriptExpr | hasType: | yes | getBase: | dynamic_lookup.swift:16:5:16:5 | OpaqueValueExpr | hasMember: | yes |
diff --git a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.ql b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.ql
index efb14e96487..dbec1291ff0 100644
--- a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/DynamicLookupExpr.ql
@@ -2,9 +2,11 @@
 import codeql.swift.elements
 import TestUtils
 
-from DynamicLookupExpr x, Expr getBase
+from DynamicLookupExpr x, string hasType, Expr getBase, string hasMember
 where
   toBeTested(x) and
   not x.isUnknown() and
-  getBase = x.getBase()
-select x, x.getPrimaryQlClasses(), "getBase:", getBase
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
+  getBase = x.getBase() and
+  if x.hasMember() then hasMember = "yes" else hasMember = "no"
+select x, x.getPrimaryQlClasses(), "hasType:", hasType, "getBase:", getBase, "hasMember:", hasMember
diff --git a/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.expected b/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.expected
index e18f2328244..fab1dc0e1ae 100644
--- a/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.expected
@@ -1,10 +1,10 @@
-| enum_is_case.swift:4:1:4:17 | ... is some | getSubExpr: | enum_is_case.swift:4:1:4:17 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:5:1:5:32 | ... is some | getSubExpr: | enum_is_case.swift:5:1:5:32 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:6:1:6:1 | ... is some | getSubExpr: | enum_is_case.swift:6:1:6:1 | 42 | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:7:1:7:1 | ... is some | getSubExpr: | enum_is_case.swift:7:1:7:1 | 42 | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:9:1:9:19 | ... is some | getSubExpr: | enum_is_case.swift:9:1:9:19 | [...] | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:19:1:19:18 | ... is some | getSubExpr: | enum_is_case.swift:19:1:19:18 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:21:1:21:5 | ... is some | getSubExpr: | enum_is_case.swift:21:1:21:5 | [...] | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:22:1:22:10 | ... is some | getSubExpr: | enum_is_case.swift:22:1:22:10 | [...] | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:23:1:23:10 | ... is some | getSubExpr: | enum_is_case.swift:23:1:23:10 | [...] | getElement: | file://:0:0:0:0 | some |
-| enum_is_case.swift:24:1:24:8 | ... is some | getSubExpr: | enum_is_case.swift:24:1:24:8 | call to init() | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:4:1:4:17 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:4:1:4:17 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:5:1:5:32 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:5:1:5:32 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:6:1:6:1 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:6:1:6:1 | 42 | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:7:1:7:1 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:7:1:7:1 | 42 | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:9:1:9:19 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:9:1:9:19 | [...] | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:19:1:19:18 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:19:1:19:18 | OptionalEvaluationExpr | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:21:1:21:5 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:21:1:21:5 | [...] | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:22:1:22:10 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:22:1:22:10 | [...] | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:23:1:23:10 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:23:1:23:10 | [...] | getElement: | file://:0:0:0:0 | some |
+| enum_is_case.swift:24:1:24:8 | ... is some | hasType: | yes | getSubExpr: | enum_is_case.swift:24:1:24:8 | call to init() | getElement: | file://:0:0:0:0 | some |
diff --git a/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.ql b/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.ql
index 9c3340d4ff5..7dfff901eef 100644
--- a/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/EnumIsCaseExpr/EnumIsCaseExpr.ql
@@ -2,10 +2,11 @@
 import codeql.swift.elements
 import TestUtils
 
-from EnumIsCaseExpr x, Expr getSubExpr, EnumElementDecl getElement
+from EnumIsCaseExpr x, string hasType, Expr getSubExpr, EnumElementDecl getElement
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getSubExpr = x.getSubExpr() and
   getElement = x.getElement()
-select x, "getSubExpr:", getSubExpr, "getElement:", getElement
+select x, "hasType:", hasType, "getSubExpr:", getSubExpr, "getElement:", getElement
diff --git a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected
index 0b250d710ea..dc62de6f590 100644
--- a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected
@@ -1,8 +1,8 @@
-| identity_expressions.swift:4:9:4:14 | .self | DotSelfExpr | getSubExpr: | identity_expressions.swift:4:9:4:9 | self |
-| identity_expressions.swift:4:9:4:21 | .self | DotSelfExpr | getSubExpr: | identity_expressions.swift:4:9:4:19 | .x |
-| identity_expressions.swift:4:28:4:31 | (...) | ParenExpr | getSubExpr: | identity_expressions.swift:4:29:4:29 | 42 |
-| identity_expressions.swift:8:5:8:9 | (...) | ParenExpr | getSubExpr: | identity_expressions.swift:8:6:8:8 | call to init() |
-| identity_expressions.swift:11:28:11:43 | (...) | ParenExpr | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() |
-| identity_expressions.swift:11:29:11:42 | await ... | AwaitExpr | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() |
-| identity_expressions.swift:14:5:14:21 | await ... | AwaitExpr | getSubExpr: | identity_expressions.swift:14:11:14:21 | call to process() |
-| identity_expressions.swift:14:11:14:19 | (...) | ParenExpr | getSubExpr: | identity_expressions.swift:14:12:14:12 | process() |
+| identity_expressions.swift:4:9:4:14 | .self | DotSelfExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:4:9:4:9 | self |
+| identity_expressions.swift:4:9:4:21 | .self | DotSelfExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:4:9:4:19 | .x |
+| identity_expressions.swift:4:28:4:31 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:4:29:4:29 | 42 |
+| identity_expressions.swift:8:5:8:9 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:8:6:8:8 | call to init() |
+| identity_expressions.swift:11:28:11:43 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() |
+| identity_expressions.swift:11:29:11:42 | await ... | AwaitExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() |
+| identity_expressions.swift:14:5:14:21 | await ... | AwaitExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:14:11:14:21 | call to process() |
+| identity_expressions.swift:14:11:14:19 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:14:12:14:12 | process() |
diff --git a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.ql b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.ql
index 919dd1e50d8..c4888e45367 100644
--- a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.ql
@@ -2,9 +2,10 @@
 import codeql.swift.elements
 import TestUtils
 
-from IdentityExpr x, Expr getSubExpr
+from IdentityExpr x, string hasType, Expr getSubExpr
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getSubExpr = x.getSubExpr()
-select x, x.getPrimaryQlClasses(), "getSubExpr:", getSubExpr
+select x, x.getPrimaryQlClasses(), "hasType:", hasType, "getSubExpr:", getSubExpr
diff --git a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected
index 025db5e1932..029023374ce 100644
--- a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected
@@ -1,5 +1,5 @@
 | identity_expressions.swift:4:9:4:14 | .self | A |
-| identity_expressions.swift:4:9:4:21 | .self | @lvalue Int |
+| identity_expressions.swift:4:9:4:21 | .self | Int |
 | identity_expressions.swift:4:28:4:31 | (...) | (Int) |
 | identity_expressions.swift:8:5:8:9 | (...) | (A) |
 | identity_expressions.swift:11:28:11:43 | (...) | (A) |
diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected
index 2fb20ad740c..14fa9eb88b1 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected
@@ -1,3 +1,5 @@
-| implicit_conversions.swift:2:3:2:3 | (UnsafePointer<CChar>) ... | StringToPointerExpr | getSubExpr: | implicit_conversions.swift:2:3:2:3 | Hello |
-| implicit_conversions.swift:4:16:4:16 | (Int?) ... | InjectIntoOptionalExpr | getSubExpr: | implicit_conversions.swift:4:16:4:16 | 42 |
-| implicit_conversions.swift:5:25:5:25 | (Equatable) ... | ErasureExpr | getSubExpr: | implicit_conversions.swift:5:25:5:25 | 42 |
+| implicit_conversions.swift:2:3:2:3 | (UnsafePointer<CChar>) ... | StringToPointerExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:2:3:2:3 | Hello |
+| implicit_conversions.swift:4:16:4:16 | (Int?) ... | InjectIntoOptionalExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:4:16:4:16 | 42 |
+| implicit_conversions.swift:5:25:5:25 | (Equatable) ... | ErasureExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:5:25:5:25 | 42 |
+| implicit_conversions.swift:12:3:12:5 | ((() -> Void)?) ... | AbiSafeConversionExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:12:3:12:5 | .b |
+| implicit_conversions.swift:12:9:12:10 | ((() -> Void)?) ... | InjectIntoOptionalExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:12:9:12:10 | { ... } |
diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql
index 61fbedd343a..5cd395b6278 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.ql
@@ -2,9 +2,10 @@
 import codeql.swift.elements
 import TestUtils
 
-from ImplicitConversionExpr x, Expr getSubExpr
+from ImplicitConversionExpr x, string hasType, Expr getSubExpr
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
   getSubExpr = x.getSubExpr()
-select x, x.getPrimaryQlClasses(), "getSubExpr:", getSubExpr
+select x, x.getPrimaryQlClasses(), "hasType:", hasType, "getSubExpr:", getSubExpr
diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected
index 470228364ae..a7f1b65dcbe 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected
@@ -1,3 +1,5 @@
 | implicit_conversions.swift:2:3:2:3 | (UnsafePointer<CChar>) ... | UnsafePointer<CChar> |
 | implicit_conversions.swift:4:16:4:16 | (Int?) ... | Int? |
 | implicit_conversions.swift:5:25:5:25 | (Equatable) ... | Equatable |
+| implicit_conversions.swift:12:3:12:5 | ((() -> Void)?) ... | (() -> Void)? |
+| implicit_conversions.swift:12:9:12:10 | ((() -> Void)?) ... | (() -> Void)? |
diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift
index 62a5197d420..6bd2b4b3fb1 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift
+++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/implicit_conversions.swift
@@ -3,3 +3,12 @@ f("Hello")  // StringToPointerExpr
 
 let a : Int? = 42  // InjectIntoOptionalExpr
 let b : any Equatable = 42  // ErasureExpr
+
+@preconcurrency class A {
+  @preconcurrency var b: (@Sendable () -> Void)?
+}
+
+func g(_ a: A) {
+  a.b = {}
+}
+
diff --git a/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.expected b/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.expected
index e13de1855fa..98c3ca081da 100644
--- a/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.expected
@@ -1,6 +1,6 @@
-| method_refs.swift:7:13:7:13 | .baz(_:) | getBase: | file://:0:0:0:0 | self |
-| method_refs.swift:11:1:11:3 | .foo(_:_:) | getBase: | method_refs.swift:11:1:11:1 | X.Type |
-| method_refs.swift:12:1:12:3 | .bar() | getBase: | method_refs.swift:12:1:12:1 | X.Type |
-| method_refs.swift:13:1:13:5 | .baz(_:) | getBase: | method_refs.swift:13:1:13:3 | call to init() |
-| method_refs.swift:15:11:15:11 | .bar() | getBase: | file://:0:0:0:0 | self |
-| method_refs.swift:16:13:16:13 | .baz(_:) | getBase: | file://:0:0:0:0 | self |
+| method_refs.swift:7:13:7:13 | .baz(_:) | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes |
+| method_refs.swift:11:1:11:3 | .foo(_:_:) | hasType: | yes | getBase: | method_refs.swift:11:1:11:1 | X.Type | hasMember: | yes |
+| method_refs.swift:12:1:12:3 | .bar() | hasType: | yes | getBase: | method_refs.swift:12:1:12:1 | X.Type | hasMember: | yes |
+| method_refs.swift:13:1:13:5 | .baz(_:) | hasType: | yes | getBase: | method_refs.swift:13:1:13:3 | call to init() | hasMember: | yes |
+| method_refs.swift:15:11:15:11 | .bar() | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes |
+| method_refs.swift:16:13:16:13 | .baz(_:) | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes |
diff --git a/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.ql b/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.ql
index b8f9243c3b7..dcbba30fb5f 100644
--- a/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/MethodRefExpr/MethodRefExpr.ql
@@ -2,9 +2,11 @@
 import codeql.swift.elements
 import TestUtils
 
-from MethodRefExpr x, Expr getBase
+from MethodRefExpr x, string hasType, Expr getBase, string hasMember
 where
   toBeTested(x) and
   not x.isUnknown() and
-  getBase = x.getBase()
-select x, "getBase:", getBase
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
+  getBase = x.getBase() and
+  if x.hasMember() then hasMember = "yes" else hasMember = "no"
+select x, "hasType:", hasType, "getBase:", getBase, "hasMember:", hasMember
diff --git a/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.expected b/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.expected
index 5865346ac85..d303c7a2f76 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.expected
@@ -1,3 +1,3 @@
-| object_literals.swift:5:5:5:42 | #fileLiteral(...) | getKind: | 0 |
-| object_literals.swift:6:5:6:61 | #colorLiteral(...) | getKind: | 2 |
-| object_literals.swift:7:5:7:44 | #imageLiteral(...) | getKind: | 1 |
+| object_literals.swift:5:5:5:42 | #fileLiteral(...) | hasType: | no | getKind: | 0 | getNumberOfArguments: | 1 |
+| object_literals.swift:6:5:6:61 | #colorLiteral(...) | hasType: | no | getKind: | 2 | getNumberOfArguments: | 4 |
+| object_literals.swift:7:5:7:44 | #imageLiteral(...) | hasType: | no | getKind: | 1 | getNumberOfArguments: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.ql b/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.ql
index 461b4588263..161c455ae29 100644
--- a/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr.ql
@@ -2,9 +2,11 @@
 import codeql.swift.elements
 import TestUtils
 
-from ObjectLiteralExpr x, int getKind
+from ObjectLiteralExpr x, string hasType, int getKind, int getNumberOfArguments
 where
   toBeTested(x) and
   not x.isUnknown() and
-  getKind = x.getKind()
-select x, "getKind:", getKind
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
+  getKind = x.getKind() and
+  getNumberOfArguments = x.getNumberOfArguments()
+select x, "hasType:", hasType, "getKind:", getKind, "getNumberOfArguments:", getNumberOfArguments
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.expected b/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.expected
deleted file mode 100644
index 055ecc345f7..00000000000
--- a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr.expected
+++ /dev/null
@@ -1 +0,0 @@
-| overloaded.swift:6:5:6:5 | OverloadedDeclRefExpr |
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.expected b/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.expected
deleted file mode 100644
index a78a3a4bfeb..00000000000
--- a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.expected
+++ /dev/null
@@ -1,2 +0,0 @@
-| overloaded.swift:6:5:6:5 | OverloadedDeclRefExpr | 0 | overloaded.swift:3:1:3:13 | foo() |
-| overloaded.swift:6:5:6:5 | OverloadedDeclRefExpr | 1 | overloaded.swift:4:1:4:19 | foo(_:) |
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.ql b/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.ql
deleted file mode 100644
index 88e95b436e6..00000000000
--- a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getPossibleDeclaration.ql
+++ /dev/null
@@ -1,7 +0,0 @@
-// generated by codegen/codegen.py
-import codeql.swift.elements
-import TestUtils
-
-from OverloadedDeclRefExpr x, int index
-where toBeTested(x) and not x.isUnknown()
-select x, index, x.getPossibleDeclaration(index)
diff --git a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getType.ql b/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getType.ql
deleted file mode 100644
index ce159bba3b3..00000000000
--- a/swift/ql/test/extractor-tests/generated/expr/OverloadedDeclRefExpr/OverloadedDeclRefExpr_getType.ql
+++ /dev/null
@@ -1,7 +0,0 @@
-// generated by codegen/codegen.py
-import codeql.swift.elements
-import TestUtils
-
-from OverloadedDeclRefExpr x
-where toBeTested(x) and not x.isUnknown()
-select x, x.getType()
diff --git a/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.expected b/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.expected
index 56a26d5eb72..4207559e85e 100644
--- a/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.expected
@@ -1,2 +1,2 @@
-| postfix.swift:1:5:1:6 | call to ...(_:) | getFunction: | postfix.swift:1:6:1:6 | ....(_:) |
-| postfix.swift:7:1:7:2 | call to **(_:) | getFunction: | postfix.swift:7:2:7:2 | **(_:) |
+| postfix.swift:1:5:1:6 | call to ...(_:) | hasType: | yes | getFunction: | postfix.swift:1:6:1:6 | ....(_:) | getNumberOfArguments: | 1 |
+| postfix.swift:7:1:7:2 | call to **(_:) | hasType: | yes | getFunction: | postfix.swift:7:2:7:2 | **(_:) | getNumberOfArguments: | 1 |
diff --git a/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql b/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql
index 9f9e0fc6042..6e7cf71b9a2 100644
--- a/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql
@@ -2,9 +2,12 @@
 import codeql.swift.elements
 import TestUtils
 
-from PostfixUnaryExpr x, Expr getFunction
+from PostfixUnaryExpr x, string hasType, Expr getFunction, int getNumberOfArguments
 where
   toBeTested(x) and
   not x.isUnknown() and
-  getFunction = x.getFunction()
-select x, "getFunction:", getFunction
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
+  getFunction = x.getFunction() and
+  getNumberOfArguments = x.getNumberOfArguments()
+select x, "hasType:", hasType, "getFunction:", getFunction, "getNumberOfArguments:",
+  getNumberOfArguments
diff --git a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.expected b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.expected
index 04f75e99e12..9fda9feadaf 100644
--- a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.expected
+++ b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.expected
@@ -1 +1 @@
-| property_wrapper_value_placeholder.swift:12:26:12:26 | PropertyWrapperValuePlaceholderExpr | getPlaceholder: | property_wrapper_value_placeholder.swift:12:26:12:26 | OpaqueValueExpr |
+| property_wrapper_value_placeholder.swift:12:26:12:26 | PropertyWrapperValuePlaceholderExpr | hasType: | yes | hasWrappedValue: | yes | getPlaceholder: | property_wrapper_value_placeholder.swift:12:26:12:26 | OpaqueValueExpr |
diff --git a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.ql b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.ql
index a9a61510ecc..2ca1ad98642 100644
--- a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.ql
+++ b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/PropertyWrapperValuePlaceholderExpr.ql
@@ -2,9 +2,14 @@
 import codeql.swift.elements
 import TestUtils
 
-from PropertyWrapperValuePlaceholderExpr x, OpaqueValueExpr getPlaceholder
+from
+  PropertyWrapperValuePlaceholderExpr x, string hasType, string hasWrappedValue,
+  OpaqueValueExpr getPlaceholder
 where
   toBeTested(x) and
   not x.isUnknown() and
+  (if x.hasType() then hasType = "yes" else hasType = "no") and
+  (if x.hasWrappedValue() then hasWrappedValue = "yes" else hasWrappedValue = "no") and
   getPlaceholder = x.getPlaceholder()
-select x, "getPlaceholder:", getPlaceholder
+select x, "hasType:", hasType, "hasWrappedValue:", hasWrappedValue, "getPlaceholder:",
+  getPlaceholder
diff --git a/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.expected b/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.expected
index 410b13be428..507407ef6ae 100644
--- a/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.expected
+++ b/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.expected
@@ -1,5 +1,5 @@
-| Builtin.Int8 | getName: | Builtin.Int8 | getCanonicalType: | Builtin.Int8 |
-| Builtin.Int16 | getName: | Builtin.Int16 | getCanonicalType: | Builtin.Int16 |
-| Builtin.Int32 | getName: | Builtin.Int32 | getCanonicalType: | Builtin.Int32 |
-| Builtin.Int64 | getName: | Builtin.Int64 | getCanonicalType: | Builtin.Int64 |
-| Builtin.Word | getName: | Builtin.Word | getCanonicalType: | Builtin.Word |
+| Builtin.Int8 | getName: | Builtin.Int8 | getCanonicalType: | Builtin.Int8 | hasWidth: | yes |
+| Builtin.Int16 | getName: | Builtin.Int16 | getCanonicalType: | Builtin.Int16 | hasWidth: | yes |
+| Builtin.Int32 | getName: | Builtin.Int32 | getCanonicalType: | Builtin.Int32 | hasWidth: | yes |
+| Builtin.Int64 | getName: | Builtin.Int64 | getCanonicalType: | Builtin.Int64 | hasWidth: | yes |
+| Builtin.Word | getName: | Builtin.Word | getCanonicalType: | Builtin.Word | hasWidth: | no |
diff --git a/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.ql b/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.ql
index 05131e5b9fd..fbb68b0f238 100644
--- a/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.ql
+++ b/swift/ql/test/extractor-tests/generated/type/BuiltinIntegerType/BuiltinIntegerType.ql
@@ -2,10 +2,11 @@
 import codeql.swift.elements
 import TestUtils
 
-from BuiltinIntegerType x, string getName, Type getCanonicalType
+from BuiltinIntegerType x, string getName, Type getCanonicalType, string hasWidth
 where
   toBeTested(x) and
   not x.isUnknown() and
   getName = x.getName() and
-  getCanonicalType = x.getCanonicalType()
-select x, "getName:", getName, "getCanonicalType:", getCanonicalType
+  getCanonicalType = x.getCanonicalType() and
+  if x.hasWidth() then hasWidth = "yes" else hasWidth = "no"
+select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "hasWidth:", hasWidth
diff --git a/swift/ql/test/extractor-tests/generated/type/ErrorType/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/type/ErrorType/MISSING_SOURCE.txt
deleted file mode 100644
index 0d319d9a669..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/ErrorType/MISSING_SOURCE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py
-
-After a swift source file is added in this directory and codegen/codegen.py is run again, test queries
-will appear and this file will be deleted
diff --git a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType.expected b/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType.expected
deleted file mode 100644
index 0575e43769c..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType.expected
+++ /dev/null
@@ -1,4 +0,0 @@
-| Impl1.Associated | getName: | Impl1.Associated | getCanonicalType: | Impl1.Associated | getInterfaceType: | Impl1.Associated | getParent: | Impl1 | getAssociatedTypeDeclaration: | nested_archetypes.swift:2:5:2:20 | Associated |
-| Impl2.AssociatedWithProtocols | getName: | Impl2.AssociatedWithProtocols | getCanonicalType: | Impl2.AssociatedWithProtocols | getInterfaceType: | Impl2.AssociatedWithProtocols | getParent: | Impl2 | getAssociatedTypeDeclaration: | nested_archetypes.swift:6:5:6:57 | AssociatedWithProtocols |
-| Impl3.AssociatedWithSuperclass | getName: | Impl3.AssociatedWithSuperclass | getCanonicalType: | Impl3.AssociatedWithSuperclass | getInterfaceType: | Impl3.AssociatedWithSuperclass | getParent: | Impl3 | getAssociatedTypeDeclaration: | nested_archetypes.swift:12:5:12:47 | AssociatedWithSuperclass |
-| Impl4.AssociatedWithSuperclassAndProtocols | getName: | Impl4.AssociatedWithSuperclassAndProtocols | getCanonicalType: | Impl4.AssociatedWithSuperclassAndProtocols | getInterfaceType: | Impl4.AssociatedWithSuperclassAndProtocols | getParent: | Impl4 | getAssociatedTypeDeclaration: | nested_archetypes.swift:16:5:16:73 | AssociatedWithSuperclassAndProtocols |
diff --git a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getProtocol.expected b/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getProtocol.expected
deleted file mode 100644
index 54fc57b3876..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getProtocol.expected
+++ /dev/null
@@ -1,4 +0,0 @@
-| Impl2.AssociatedWithProtocols | 0 | file://:0:0:0:0 | Equatable |
-| Impl2.AssociatedWithProtocols | 1 | nested_archetypes.swift:1:1:3:1 | P1 |
-| Impl4.AssociatedWithSuperclassAndProtocols | 0 | file://:0:0:0:0 | Equatable |
-| Impl4.AssociatedWithSuperclassAndProtocols | 1 | nested_archetypes.swift:1:1:3:1 | P1 |
diff --git a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getSuperclass.expected b/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getSuperclass.expected
deleted file mode 100644
index 9e4e38b0920..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/NestedArchetypeType_getSuperclass.expected
+++ /dev/null
@@ -1,2 +0,0 @@
-| Impl3.AssociatedWithSuperclass | S |
-| Impl4.AssociatedWithSuperclassAndProtocols | S |
diff --git a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/nested_archetypes.swift b/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/nested_archetypes.swift
deleted file mode 100644
index f84af17e0ef..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/NestedArchetypeType/nested_archetypes.swift
+++ /dev/null
@@ -1,24 +0,0 @@
-protocol P1 {
-    associatedtype Associated
-}
-
-protocol P2 {
-    associatedtype AssociatedWithProtocols : Equatable, P1
-}
-
-class S {}
-
-protocol P3 {
-    associatedtype AssociatedWithSuperclass : S
-}
-
-protocol P4 {
-    associatedtype AssociatedWithSuperclassAndProtocols : S, Equatable, P1
-}
-
-class A<Impl1: P1, Impl2: P2, Impl3: P3, Impl4: P4> {
-    func foo(_: Impl1.Associated,
-             _: Impl2.AssociatedWithProtocols,
-             _: Impl3.AssociatedWithSuperclass,
-             _: Impl4.AssociatedWithSuperclassAndProtocols) {}
-}
diff --git a/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.expected b/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.expected
index 3b6f1f62ae2..37921db705d 100644
--- a/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.expected
+++ b/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.expected
@@ -1,4 +1,4 @@
-| some Base | getName: | some Base | getCanonicalType: | some Base | getInterfaceType: | \u03c4_1_0 | getDeclaration: | file://:0:0:0:0 | _ |
-| some P | getName: | some P | getCanonicalType: | some P | getInterfaceType: | \u03c4_1_0 | getDeclaration: | file://:0:0:0:0 | _ |
-| some P | getName: | some P | getCanonicalType: | some P | getInterfaceType: | \u03c4_1_0 | getDeclaration: | file://:0:0:0:0 | _ |
-| some SignedInteger | getName: | some SignedInteger | getCanonicalType: | some SignedInteger | getInterfaceType: | \u03c4_0_0 | getDeclaration: | file://:0:0:0:0 | _ |
+| some Base | getName: | some Base | getCanonicalType: | some Base | getInterfaceType: | \u03c4_1_0 | hasSuperclass: | yes | getNumberOfProtocols: | 0 | getDeclaration: | file://:0:0:0:0 | _ |
+| some P | getName: | some P | getCanonicalType: | some P | getInterfaceType: | \u03c4_1_0 | hasSuperclass: | no | getNumberOfProtocols: | 1 | getDeclaration: | file://:0:0:0:0 | _ |
+| some P | getName: | some P | getCanonicalType: | some P | getInterfaceType: | \u03c4_1_0 | hasSuperclass: | no | getNumberOfProtocols: | 1 | getDeclaration: | file://:0:0:0:0 | _ |
+| some SignedInteger | getName: | some SignedInteger | getCanonicalType: | some SignedInteger | getInterfaceType: | \u03c4_0_0 | hasSuperclass: | no | getNumberOfProtocols: | 11 | getDeclaration: | file://:0:0:0:0 | _ |
diff --git a/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.ql b/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.ql
index 5979099c9da..0b7c4aaed84 100644
--- a/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.ql
+++ b/swift/ql/test/extractor-tests/generated/type/OpaqueTypeArchetypeType/OpaqueTypeArchetypeType.ql
@@ -4,13 +4,16 @@ import TestUtils
 
 from
   OpaqueTypeArchetypeType x, string getName, Type getCanonicalType, Type getInterfaceType,
-  OpaqueTypeDecl getDeclaration
+  string hasSuperclass, int getNumberOfProtocols, OpaqueTypeDecl getDeclaration
 where
   toBeTested(x) and
   not x.isUnknown() and
   getName = x.getName() and
   getCanonicalType = x.getCanonicalType() and
   getInterfaceType = x.getInterfaceType() and
+  (if x.hasSuperclass() then hasSuperclass = "yes" else hasSuperclass = "no") and
+  getNumberOfProtocols = x.getNumberOfProtocols() and
   getDeclaration = x.getDeclaration()
 select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getInterfaceType:",
-  getInterfaceType, "getDeclaration:", getDeclaration
+  getInterfaceType, "hasSuperclass:", hasSuperclass, "getNumberOfProtocols:", getNumberOfProtocols,
+  "getDeclaration:", getDeclaration
diff --git a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.expected b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.expected
index f6c15bca419..05697f352ba 100644
--- a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.expected
+++ b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.expected
@@ -1 +1 @@
-| C & P1 & P2 | getName: | C & P1 & P2 | getCanonicalType: | C & P1 & P2 | getInterfaceType: | \u03c4_0_0 |
+| C & P1 & P2 | getName: | C & P1 & P2 | getCanonicalType: | C & P1 & P2 | getInterfaceType: | \u03c4_0_0 | hasSuperclass: | yes | getNumberOfProtocols: | 2 |
diff --git a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql
index b558c08f666..a5d633e900e 100644
--- a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql
+++ b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql
@@ -2,12 +2,16 @@
 import codeql.swift.elements
 import TestUtils
 
-from OpenedArchetypeType x, string getName, Type getCanonicalType, Type getInterfaceType
+from
+  OpenedArchetypeType x, string getName, Type getCanonicalType, Type getInterfaceType,
+  string hasSuperclass, int getNumberOfProtocols
 where
   toBeTested(x) and
   not x.isUnknown() and
   getName = x.getName() and
   getCanonicalType = x.getCanonicalType() and
-  getInterfaceType = x.getInterfaceType()
+  getInterfaceType = x.getInterfaceType() and
+  (if x.hasSuperclass() then hasSuperclass = "yes" else hasSuperclass = "no") and
+  getNumberOfProtocols = x.getNumberOfProtocols()
 select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getInterfaceType:",
-  getInterfaceType
+  getInterfaceType, "hasSuperclass:", hasSuperclass, "getNumberOfProtocols:", getNumberOfProtocols
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/MISSING_SOURCE.txt
deleted file mode 100644
index 0d319d9a669..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/MISSING_SOURCE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py
-
-After a swift source file is added in this directory and codegen/codegen.py is run again, test queries
-will appear and this file will be deleted
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.expected b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.expected
new file mode 100644
index 00000000000..85c426e9c28
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.expected
@@ -0,0 +1 @@
+| P<Int, String> | getName: | P<Int, String> | getCanonicalType: | P<Int, String> | getBase: | P | getNumberOfArgs: | 2 |
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql
new file mode 100644
index 00000000000..94640251813
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql
@@ -0,0 +1,16 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from
+  ParameterizedProtocolType x, string getName, Type getCanonicalType, ProtocolType getBase,
+  int getNumberOfArgs
+where
+  toBeTested(x) and
+  not x.isUnknown() and
+  getName = x.getName() and
+  getCanonicalType = x.getCanonicalType() and
+  getBase = x.getBase() and
+  getNumberOfArgs = x.getNumberOfArgs()
+select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getBase:", getBase,
+  "getNumberOfArgs:", getNumberOfArgs
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.expected b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.expected
new file mode 100644
index 00000000000..95799228658
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.expected
@@ -0,0 +1,2 @@
+| P<Int, String> | 0 | Int |
+| P<Int, String> | 1 | String |
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql
new file mode 100644
index 00000000000..54ef721f65b
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql
@@ -0,0 +1,7 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from ParameterizedProtocolType x, int index
+where toBeTested(x) and not x.isUnknown()
+select x, index, x.getArg(index)
diff --git a/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/parametrized_protocol_type.swift b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/parametrized_protocol_type.swift
new file mode 100644
index 00000000000..29a4727f4bc
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/ParameterizedProtocolType/parametrized_protocol_type.swift
@@ -0,0 +1,6 @@
+protocol P<One, Two> {
+    associatedtype One;
+    associatedtype Two;
+}
+
+func foo<T: P<Int, String>>(_: T) {}
diff --git a/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.expected b/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.expected
index c29242f0b27..ba9b94ff4b4 100644
--- a/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.expected
+++ b/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.expected
@@ -1,4 +1,4 @@
-| Param | getName: | Param | getCanonicalType: | Param | getInterfaceType: | Param |
-| ParamWithProtocols | getName: | ParamWithProtocols | getCanonicalType: | ParamWithProtocols | getInterfaceType: | ParamWithProtocols |
-| ParamWithSuperclass | getName: | ParamWithSuperclass | getCanonicalType: | ParamWithSuperclass | getInterfaceType: | ParamWithSuperclass |
-| ParamWithSuperclassAndProtocols | getName: | ParamWithSuperclassAndProtocols | getCanonicalType: | ParamWithSuperclassAndProtocols | getInterfaceType: | ParamWithSuperclassAndProtocols |
+| Param | getName: | Param | getCanonicalType: | Param | getInterfaceType: | Param | hasSuperclass: | no | getNumberOfProtocols: | 0 |
+| ParamWithProtocols | getName: | ParamWithProtocols | getCanonicalType: | ParamWithProtocols | getInterfaceType: | ParamWithProtocols | hasSuperclass: | no | getNumberOfProtocols: | 2 |
+| ParamWithSuperclass | getName: | ParamWithSuperclass | getCanonicalType: | ParamWithSuperclass | getInterfaceType: | ParamWithSuperclass | hasSuperclass: | yes | getNumberOfProtocols: | 0 |
+| ParamWithSuperclassAndProtocols | getName: | ParamWithSuperclassAndProtocols | getCanonicalType: | ParamWithSuperclassAndProtocols | getInterfaceType: | ParamWithSuperclassAndProtocols | hasSuperclass: | yes | getNumberOfProtocols: | 2 |
diff --git a/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.ql b/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.ql
index 32cb2204418..84dc9d132c0 100644
--- a/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.ql
+++ b/swift/ql/test/extractor-tests/generated/type/PrimaryArchetypeType/PrimaryArchetypeType.ql
@@ -2,12 +2,16 @@
 import codeql.swift.elements
 import TestUtils
 
-from PrimaryArchetypeType x, string getName, Type getCanonicalType, Type getInterfaceType
+from
+  PrimaryArchetypeType x, string getName, Type getCanonicalType, Type getInterfaceType,
+  string hasSuperclass, int getNumberOfProtocols
 where
   toBeTested(x) and
   not x.isUnknown() and
   getName = x.getName() and
   getCanonicalType = x.getCanonicalType() and
-  getInterfaceType = x.getInterfaceType()
+  getInterfaceType = x.getInterfaceType() and
+  (if x.hasSuperclass() then hasSuperclass = "yes" else hasSuperclass = "no") and
+  getNumberOfProtocols = x.getNumberOfProtocols()
 select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getInterfaceType:",
-  getInterfaceType
+  getInterfaceType, "hasSuperclass:", hasSuperclass, "getNumberOfProtocols:", getNumberOfProtocols
diff --git a/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.expected b/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.expected
index 7be629a81ca..5cda96eb6fe 100644
--- a/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.expected
+++ b/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.expected
@@ -1,4 +1,4 @@
-| P1 & (P2 & P3) | getName: | P1 & (P2 & P3) | getCanonicalType: | P1 & P2 & P3 |
-| P1 & P2 & P3 | getName: | P1 & P2 & P3 | getCanonicalType: | P1 & P2 & P3 |
-| P1 & P23 | getName: | P1 & P23 | getCanonicalType: | P1 & P2 & P3 |
-| P2 & P4 | getName: | P2 & P4 | getCanonicalType: | P2 & P4 |
+| P1 & (P2 & P3) | getName: | P1 & (P2 & P3) | getCanonicalType: | P1 & P2 & P3 | getNumberOfMembers: | 2 |
+| P1 & P2 & P3 | getName: | P1 & P2 & P3 | getCanonicalType: | P1 & P2 & P3 | getNumberOfMembers: | 3 |
+| P1 & P23 | getName: | P1 & P23 | getCanonicalType: | P1 & P2 & P3 | getNumberOfMembers: | 2 |
+| P2 & P4 | getName: | P2 & P4 | getCanonicalType: | P2 & P4 | getNumberOfMembers: | 2 |
diff --git a/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.ql b/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.ql
index 8d3b769eff5..5530b437811 100644
--- a/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.ql
+++ b/swift/ql/test/extractor-tests/generated/type/ProtocolCompositionType/ProtocolCompositionType.ql
@@ -2,10 +2,12 @@
 import codeql.swift.elements
 import TestUtils
 
-from ProtocolCompositionType x, string getName, Type getCanonicalType
+from ProtocolCompositionType x, string getName, Type getCanonicalType, int getNumberOfMembers
 where
   toBeTested(x) and
   not x.isUnknown() and
   getName = x.getName() and
-  getCanonicalType = x.getCanonicalType()
-select x, "getName:", getName, "getCanonicalType:", getCanonicalType
+  getCanonicalType = x.getCanonicalType() and
+  getNumberOfMembers = x.getNumberOfMembers()
+select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getNumberOfMembers:",
+  getNumberOfMembers
diff --git a/swift/ql/test/extractor-tests/generated/type/SequenceArchetypeType/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/type/SequenceArchetypeType/MISSING_SOURCE.txt
deleted file mode 100644
index 0d319d9a669..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/SequenceArchetypeType/MISSING_SOURCE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py
-
-After a swift source file is added in this directory and codegen/codegen.py is run again, test queries
-will appear and this file will be deleted
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/type/TupleType/MISSING_SOURCE.txt
deleted file mode 100644
index 0d319d9a669..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/TupleType/MISSING_SOURCE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py
-
-After a swift source file is added in this directory and codegen/codegen.py is run again, test queries
-will appear and this file will be deleted
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.expected b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.expected
new file mode 100644
index 00000000000..462de128d02
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.expected
@@ -0,0 +1,4 @@
+| (Int, Int, Int, Int, Int) | getName: | (Int, Int, Int, Int, Int) | getCanonicalType: | (Int, Int, Int, Int, Int) | getNumberOfTypes: | 5 |
+| (Int, String, Double) | getName: | (Int, String, Double) | getCanonicalType: | (Int, String, Double) | getNumberOfTypes: | 3 |
+| (Int, s: String, Double) | getName: | (Int, s: String, Double) | getCanonicalType: | (Int, s: String, Double) | getNumberOfTypes: | 3 |
+| (x: Int, y: Int) | getName: | (x: Int, y: Int) | getCanonicalType: | (x: Int, y: Int) | getNumberOfTypes: | 2 |
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.ql b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.ql
new file mode 100644
index 00000000000..bdb09c80061
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType.ql
@@ -0,0 +1,13 @@
+// generated by codegen/codegen.py
+import codeql.swift.elements
+import TestUtils
+
+from TupleType x, string getName, Type getCanonicalType, int getNumberOfTypes
+where
+  toBeTested(x) and
+  not x.isUnknown() and
+  getName = x.getName() and
+  getCanonicalType = x.getCanonicalType() and
+  getNumberOfTypes = x.getNumberOfTypes()
+select x, "getName:", getName, "getCanonicalType:", getCanonicalType, "getNumberOfTypes:",
+  getNumberOfTypes
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.expected b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.expected
new file mode 100644
index 00000000000..327e8795d7f
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.expected
@@ -0,0 +1,3 @@
+| (Int, s: String, Double) | 1 | s |
+| (x: Int, y: Int) | 0 | x |
+| (x: Int, y: Int) | 1 | y |
diff --git a/swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.ql b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.ql
similarity index 66%
rename from swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.ql
rename to swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.ql
index 40c564990f9..4e24405d210 100644
--- a/swift/ql/test/extractor-tests/generated/UnresolvedElement/UnresolvedElement.ql
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getName.ql
@@ -2,6 +2,6 @@
 import codeql.swift.elements
 import TestUtils
 
-from UnresolvedElement x
+from TupleType x, int index
 where toBeTested(x) and not x.isUnknown()
-select x, x.getPrimaryQlClasses()
+select x, index, x.getName(index)
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.expected b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.expected
new file mode 100644
index 00000000000..70bea6c2aa4
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.expected
@@ -0,0 +1,13 @@
+| (Int, Int, Int, Int, Int) | 0 | Int |
+| (Int, Int, Int, Int, Int) | 1 | Int |
+| (Int, Int, Int, Int, Int) | 2 | Int |
+| (Int, Int, Int, Int, Int) | 3 | Int |
+| (Int, Int, Int, Int, Int) | 4 | Int |
+| (Int, String, Double) | 0 | Int |
+| (Int, String, Double) | 1 | String |
+| (Int, String, Double) | 2 | Double |
+| (Int, s: String, Double) | 0 | Int |
+| (Int, s: String, Double) | 1 | String |
+| (Int, s: String, Double) | 2 | Double |
+| (x: Int, y: Int) | 0 | Int |
+| (x: Int, y: Int) | 1 | Int |
diff --git a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.ql b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.ql
similarity index 66%
rename from swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.ql
rename to swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.ql
index 7cfdb4bb609..3b01875dfb8 100644
--- a/swift/ql/test/extractor-tests/generated/UnspecifiedElement/UnspecifiedElement_getParent.ql
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/TupleType_getType.ql
@@ -2,6 +2,6 @@
 import codeql.swift.elements
 import TestUtils
 
-from UnspecifiedElement x
+from TupleType x, int index
 where toBeTested(x) and not x.isUnknown()
-select x, x.getParent()
+select x, index, x.getType(index)
diff --git a/swift/ql/test/extractor-tests/generated/type/TupleType/tuples.swift b/swift/ql/test/extractor-tests/generated/type/TupleType/tuples.swift
new file mode 100644
index 00000000000..8a8055da455
--- /dev/null
+++ b/swift/ql/test/extractor-tests/generated/type/TupleType/tuples.swift
@@ -0,0 +1,6 @@
+func foo(
+  _: (Int, String, Double),
+  _: (Int, Int, Int, Int, Int),
+  _: (x: Int, y: Int),
+  _: (Int, s: String, _: Double)
+) {}
diff --git a/swift/ql/test/extractor-tests/generated/type/TypeVariableType/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/type/TypeVariableType/MISSING_SOURCE.txt
deleted file mode 100644
index 0d319d9a669..00000000000
--- a/swift/ql/test/extractor-tests/generated/type/TypeVariableType/MISSING_SOURCE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-// generated by codegen/codegen.py
-
-After a swift source file is added in this directory and codegen/codegen.py is run again, test queries
-will appear and this file will be deleted
diff --git a/swift/ql/test/library-tests/ast/Missing.ql b/swift/ql/test/library-tests/ast/Missing.ql
new file mode 100644
index 00000000000..1d29f367422
--- /dev/null
+++ b/swift/ql/test/library-tests/ast/Missing.ql
@@ -0,0 +1,4 @@
+import swift
+
+from UnspecifiedElement e
+select e
diff --git a/swift/ql/test/library-tests/ast/Missing.qlref b/swift/ql/test/library-tests/ast/Missing.qlref
deleted file mode 100644
index e9db12f988f..00000000000
--- a/swift/ql/test/library-tests/ast/Missing.qlref
+++ /dev/null
@@ -1 +0,0 @@
-extractor-tests/generated/UnspecifiedElement/UnspecifiedElement.ql
diff --git a/swift/ql/test/library-tests/ast/PrintAst.expected b/swift/ql/test/library-tests/ast/PrintAst.expected
index 8dbfecabeee..570065b9db1 100644
--- a/swift/ql/test/library-tests/ast/PrintAst.expected
+++ b/swift/ql/test/library-tests/ast/PrintAst.expected
@@ -1,9 +1,3 @@
-#-----| [ModuleDecl] __ObjC
-#-----| [ModuleDecl] cfg
-#-----| [ModuleDecl] declarations
-#-----| [ModuleDecl] expressions
-#-----| [ModuleDecl] patterns
-#-----| [ModuleDecl] statements
 cfg.swift:
 #    1| [TopLevelCodeDecl] { ... }
 #    1|   getBody(): [BraceStmt] { ... }
@@ -206,9 +200,13 @@ cfg.swift:
 #   40|               getExpr(): [VarargExpansionExpr] [...]
 #   40|                 getSubExpr(): [ArrayExpr] [...]
 #   40|                   getElement(0): [InterpolatedStringLiteralExpr] "..."
+#-----|                     getInterpolationCountExpr(): [IntegerLiteralExpr] 1
+#-----|                     getLiteralCapacityExpr(): [IntegerLiteralExpr] 14
 #   40|                     getAppendingExpr(): [TapExpr] TapExpr
 #   40|                       getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr
 #   40|                       getBody(): [BraceStmt] { ... }
+#-----|                         getElement(0): [ConcreteVarDecl] $interpolation
+#-----|                             Type = DefaultStringInterpolation
 #   40|                         getElement(1): [CallExpr] call to appendLiteral(_:)
 #   40|                           getFunction(): [MethodRefExpr] .appendLiteral(_:)
 #   40|                             getBase(): [InOutExpr] &...
@@ -461,6 +459,9 @@ cfg.swift:
 #   99|       getSelfParam(): [ParamDecl] self
 #   99|           Type = C
 #   99|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .myInt
+#-----|             getBase(): [DeclRefExpr] self
 #  100|   getMember(2): [ConstructorDecl] init(n:)
 #  100|       InterfaceType = (C.Type) -> (Int) -> C
 #  100|     getSelfParam(): [ParamDecl] self
@@ -1358,9 +1359,13 @@ cfg.swift:
 #  262|   getBody(): [BraceStmt] { ... }
 #  263|     getElement(0): [ReturnStmt] return ...
 #  263|       getResult(): [InterpolatedStringLiteralExpr] "..."
+#-----|         getInterpolationCountExpr(): [IntegerLiteralExpr] 4
+#-----|         getLiteralCapacityExpr(): [IntegerLiteralExpr] 37
 #  263|         getAppendingExpr(): [TapExpr] TapExpr
 #  263|           getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr
 #  263|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [ConcreteVarDecl] $interpolation
+#-----|                 Type = DefaultStringInterpolation
 #  263|             getElement(1): [CallExpr] call to appendLiteral(_:)
 #  263|               getFunction(): [MethodRefExpr] .appendLiteral(_:)
 #  263|                 getBase(): [InOutExpr] &...
@@ -2229,6 +2234,9 @@ cfg.swift:
 #  353|       getSelfParam(): [ParamDecl] self
 #  353|           Type = OptionalC
 #  353|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .c
+#-----|             getBase(): [DeclRefExpr] self
 #  354|   getMember(2): [ConstructorDecl] init(arg:)
 #  354|       InterfaceType = (OptionalC.Type) -> (C?) -> OptionalC
 #  354|     getSelfParam(): [ParamDecl] self
@@ -2351,23 +2359,27 @@ cfg.swift:
 #  377|       InterfaceType = (Derived.Type) -> (Int) -> Derived
 #  377|     getSelfParam(): [ParamDecl] self
 #  377|         Type = Derived
+#-----|     getParam(0): [ParamDecl] n
+#-----|         Type = Int
+#-----|     getBody(): [BraceStmt] { ... }
+#  377|       getElement(0): [CallExpr] call to _unimplementedInitializer(className:initName:file:line:column:)
+#  377|         getFunction(): [DeclRefExpr] _unimplementedInitializer(className:initName:file:line:column:)
+#  377|         getArgument(0): [Argument] : cfg.Derived
+#  377|           getExpr(): [StringLiteralExpr] cfg.Derived
+#  377|         getArgument(1): [Argument] : #...
+#  377|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#  377|         getArgument(2): [Argument] : #...
+#  377|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#  377|         getArgument(3): [Argument] : #...
+#  377|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#  377|         getArgument(4): [Argument] : #...
+#  377|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#-----|       getElement(1): [ReturnStmt] return
 #  377|   getMember(2): [DestructorDecl] deinit()
 #  377|       InterfaceType = (Derived) -> () -> ()
 #  377|     getSelfParam(): [ParamDecl] self
 #  377|         Type = Derived
 #  377|     getBody(): [BraceStmt] { ... }
-#  377| [CallExpr] call to _unimplementedInitializer(className:initName:file:line:column:)
-#  377|   getFunction(): [DeclRefExpr] _unimplementedInitializer(className:initName:file:line:column:)
-#  377|   getArgument(0): [Argument] : cfg.Derived
-#  377|     getExpr(): [StringLiteralExpr] cfg.Derived
-#  377|   getArgument(1): [Argument] : #...
-#  377|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#  377|   getArgument(2): [Argument] : #...
-#  377|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#  377|   getArgument(3): [Argument] : #...
-#  377|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#  377|   getArgument(4): [Argument] : #...
-#  377|     getExpr(): [MagicIdentifierLiteralExpr] #...
 #  383| [ConcreteFuncDecl] doWithoutCatch(x:)
 #  383|     InterfaceType = (Int) throws -> Int
 #  383|   getParam(0): [ParamDecl] x
@@ -2421,6 +2433,9 @@ cfg.swift:
 #  394|       getSelfParam(): [ParamDecl] self
 #  394|           Type = Structors
 #  394|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .field
+#-----|             getBase(): [DeclRefExpr] self
 #  394|     getAccessorDecl(1): [AccessorDecl] set
 #  394|         InterfaceType = (Structors) -> (Int) -> ()
 #  394|       getSelfParam(): [ParamDecl] self
@@ -2428,12 +2443,19 @@ cfg.swift:
 #  394|       getParam(0): [ParamDecl] value
 #  394|           Type = Int
 #  394|       getBody(): [BraceStmt] { ... }
-#  394|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .field
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  394|     getAccessorDecl(2): [AccessorDecl] _modify
 #  394|         InterfaceType = (Structors) -> () -> ()
 #  394|       getSelfParam(): [ParamDecl] self
 #  394|           Type = Structors
 #  394|       getBody(): [BraceStmt] { ... }
 #  394|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .field
+#-----|               getBase(): [DeclRefExpr] self
 #  395|   getMember(2): [ConstructorDecl] init()
 #  395|       InterfaceType = (Structors.Type) -> () -> Structors
 #  395|     getSelfParam(): [ParamDecl] self
@@ -2483,6 +2505,9 @@ cfg.swift:
 #  410|           getSelfParam(): [ParamDecl] self
 #  410|               Type = MyLocalClass
 #  410|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [ReturnStmt] return ...
+#-----|               getResult(): [MemberRefExpr] .x
+#-----|                 getBase(): [DeclRefExpr] self
 #  410|         getAccessorDecl(1): [AccessorDecl] set
 #  410|             InterfaceType = (MyLocalClass) -> (Int) -> ()
 #  410|           getSelfParam(): [ParamDecl] self
@@ -2490,12 +2515,19 @@ cfg.swift:
 #  410|           getParam(0): [ParamDecl] value
 #  410|               Type = Int
 #  410|           getBody(): [BraceStmt] { ... }
-#  410|         getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [MemberRefExpr] .x
+#-----|                 getBase(): [DeclRefExpr] self
+#-----|               getSource(): [DeclRefExpr] value
+#  410|         getAccessorDecl(2): [AccessorDecl] _modify
 #  410|             InterfaceType = (MyLocalClass) -> () -> ()
 #  410|           getSelfParam(): [ParamDecl] self
 #  410|               Type = MyLocalClass
 #  410|           getBody(): [BraceStmt] { ... }
 #  410|             getElement(0): [YieldStmt] yield ...
+#-----|               getResult(0): [InOutExpr] &...
+#-----|                 getSubExpr(): [MemberRefExpr] .x
+#-----|                   getBase(): [DeclRefExpr] self
 #  411|       getMember(2): [ConstructorDecl] init()
 #  411|           InterfaceType = (MyLocalClass.Type) -> () -> MyLocalClass
 #  411|         getSelfParam(): [ParamDecl] self
@@ -2523,6 +2555,9 @@ cfg.swift:
 #  417|           getSelfParam(): [ParamDecl] self
 #  417|               Type = MyLocalStruct
 #  417|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [ReturnStmt] return ...
+#-----|               getResult(): [MemberRefExpr] .x
+#-----|                 getBase(): [DeclRefExpr] self
 #  417|         getAccessorDecl(1): [AccessorDecl] set
 #  417|             InterfaceType = (inout MyLocalStruct) -> (Int) -> ()
 #  417|           getSelfParam(): [ParamDecl] self
@@ -2530,12 +2565,19 @@ cfg.swift:
 #  417|           getParam(0): [ParamDecl] value
 #  417|               Type = Int
 #  417|           getBody(): [BraceStmt] { ... }
-#  417|         getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [MemberRefExpr] .x
+#-----|                 getBase(): [DeclRefExpr] self
+#-----|               getSource(): [DeclRefExpr] value
+#  417|         getAccessorDecl(2): [AccessorDecl] _modify
 #  417|             InterfaceType = (inout MyLocalStruct) -> () -> ()
 #  417|           getSelfParam(): [ParamDecl] self
 #  417|               Type = MyLocalStruct
 #  417|           getBody(): [BraceStmt] { ... }
 #  417|             getElement(0): [YieldStmt] yield ...
+#-----|               getResult(0): [InOutExpr] &...
+#-----|                 getSubExpr(): [MemberRefExpr] .x
+#-----|                   getBase(): [DeclRefExpr] self
 #  418|       getMember(2): [ConstructorDecl] init()
 #  418|           InterfaceType = (MyLocalStruct.Type) -> () -> MyLocalStruct
 #  418|         getSelfParam(): [ParamDecl] self
@@ -2551,6 +2593,107 @@ cfg.swift:
 #  424|       getMember(1): [EnumElementDecl] A
 #  425|       getMember(2): [EnumCaseDecl] case ...
 #  425|       getMember(3): [EnumElementDecl] B
+#-----|       getMember(4): [ConcreteFuncDecl] __derived_enum_equals(_:_:)
+#-----|           InterfaceType = (MyLocalEnum.Type) -> (MyLocalEnum, MyLocalEnum) -> Bool
+#-----|         getSelfParam(): [ParamDecl] self
+#-----|             Type = MyLocalEnum.Type
+#-----|         getParam(0): [ParamDecl] a
+#-----|             Type = MyLocalEnum
+#-----|         getParam(1): [ParamDecl] b
+#-----|             Type = MyLocalEnum
+#-----|         getBody(): [BraceStmt] { ... }
+#-----|           getElement(0): [PatternBindingDecl] var ... = ...
+#-----|             getPattern(0): [TypedPattern] ... as ...
+#-----|               getSubPattern(): [NamedPattern] index_a
+#-----|           getElement(1): [SwitchStmt] switch a { ... }
+#-----|             getExpr(): [DeclRefExpr] a
+#-----|             getCase(0): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] index_a
+#-----|                   getSource(): [IntegerLiteralExpr] 0
+#-----|               getLabel(0): [CaseLabelItem] .A
+#-----|                 getPattern(): [EnumElementPattern] .A
+#-----|             getCase(1): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] index_a
+#-----|                   getSource(): [IntegerLiteralExpr] 1
+#-----|               getLabel(0): [CaseLabelItem] .B
+#-----|                 getPattern(): [EnumElementPattern] .B
+#-----|           getElement(2): [PatternBindingDecl] var ... = ...
+#-----|             getPattern(0): [TypedPattern] ... as ...
+#-----|               getSubPattern(): [NamedPattern] index_b
+#-----|           getElement(3): [SwitchStmt] switch b { ... }
+#-----|             getExpr(): [DeclRefExpr] b
+#-----|             getCase(0): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] index_b
+#-----|                   getSource(): [IntegerLiteralExpr] 0
+#-----|               getLabel(0): [CaseLabelItem] .A
+#-----|                 getPattern(): [EnumElementPattern] .A
+#-----|             getCase(1): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] index_b
+#-----|                   getSource(): [IntegerLiteralExpr] 1
+#-----|               getLabel(0): [CaseLabelItem] .B
+#-----|                 getPattern(): [EnumElementPattern] .B
+#-----|           getElement(4): [ReturnStmt] return ...
+#-----|             getResult(): [BinaryExpr] ... .==(_:_:) ...
+#-----|               getFunction(): [MethodRefExpr] .==(_:_:)
+#-----|                 getBase(): [TypeExpr] Int.Type
+#-----|               getArgument(0): [Argument] : index_a
+#-----|                 getExpr(): [DeclRefExpr] index_a
+#-----|               getArgument(1): [Argument] : index_b
+#-----|                 getExpr(): [DeclRefExpr] index_b
+#-----|       getMember(5): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] hashValue
+#-----|       getMember(6): [ConcreteFuncDecl] hash(into:)
+#-----|           InterfaceType = (MyLocalEnum) -> (inout Hasher) -> ()
+#-----|         getSelfParam(): [ParamDecl] self
+#-----|             Type = MyLocalEnum
+#-----|         getParam(0): [ParamDecl] hasher
+#-----|             Type = Hasher
+#-----|         getBody(): [BraceStmt] { ... }
+#-----|           getElement(0): [PatternBindingDecl] var ... = ...
+#-----|             getPattern(0): [TypedPattern] ... as ...
+#-----|               getSubPattern(): [NamedPattern] discriminator
+#-----|           getElement(1): [SwitchStmt] switch self { ... }
+#-----|             getExpr(): [DeclRefExpr] self
+#-----|             getCase(0): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] discriminator
+#-----|                   getSource(): [IntegerLiteralExpr] 0
+#-----|               getLabel(0): [CaseLabelItem] .A
+#-----|                 getPattern(): [EnumElementPattern] .A
+#-----|             getCase(1): [CaseStmt] case ...
+#-----|               getBody(): [BraceStmt] { ... }
+#-----|                 getElement(0): [AssignExpr]  ... = ...
+#-----|                   getDest(): [DeclRefExpr] discriminator
+#-----|                   getSource(): [IntegerLiteralExpr] 1
+#-----|               getLabel(0): [CaseLabelItem] .B
+#-----|                 getPattern(): [EnumElementPattern] .B
+#-----|           getElement(2): [CallExpr] call to ...
+#-----|             getFunction(): [UnresolvedDotExpr] ... .combine(_:)
+#-----|               getBase(): [DeclRefExpr] hasher
+#-----|             getArgument(0): [Argument] : discriminator
+#-----|               getExpr(): [DeclRefExpr] discriminator
+#-----|       getMember(7): [ConcreteVarDecl] hashValue
+#-----|           Type = Int
+#-----|         getAccessorDecl(0): [AccessorDecl] get
+#-----|             InterfaceType = (MyLocalEnum) -> () -> Int
+#-----|           getSelfParam(): [ParamDecl] self
+#-----|               Type = MyLocalEnum
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [ReturnStmt] return ...
+#-----|               getResult(): [CallExpr] call to _hashValue(for:)
+#-----|                 getFunction(): [DeclRefExpr] _hashValue(for:)
+#-----|                 getArgument(0): [Argument] for: self
+#-----|                   getExpr(): [DeclRefExpr] self
 #  428|     getElement(3): [PatternBindingDecl] var ... = ...
 #  428|       getPattern(0): [TypedPattern] ... as ...
 #  428|         getSubPattern(): [NamedPattern] myLocalVar
@@ -2591,6 +2734,9 @@ cfg.swift:
 #  446|       getSelfParam(): [ParamDecl] self
 #  446|           Type = B
 #  446|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #  446|     getAccessorDecl(1): [AccessorDecl] set
 #  446|         InterfaceType = (inout B) -> (Int) -> ()
 #  446|       getSelfParam(): [ParamDecl] self
@@ -2598,12 +2744,19 @@ cfg.swift:
 #  446|       getParam(0): [ParamDecl] value
 #  446|           Type = Int
 #  446|       getBody(): [BraceStmt] { ... }
-#  446|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  446|     getAccessorDecl(2): [AccessorDecl] _modify
 #  446|         InterfaceType = (inout B) -> () -> ()
 #  446|       getSelfParam(): [ParamDecl] self
 #  446|           Type = B
 #  446|       getBody(): [BraceStmt] { ... }
 #  446|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .x
+#-----|               getBase(): [DeclRefExpr] self
 #  445|   getMember(2): [ConstructorDecl] init(x:)
 #  445|       InterfaceType = (B.Type) -> (Int) -> B
 #  445|     getSelfParam(): [ParamDecl] self
@@ -2622,6 +2775,9 @@ cfg.swift:
 #  450|       getSelfParam(): [ParamDecl] self
 #  450|           Type = A
 #  450|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .b
+#-----|             getBase(): [DeclRefExpr] self
 #  450|     getAccessorDecl(1): [AccessorDecl] set
 #  450|         InterfaceType = (inout A) -> (B) -> ()
 #  450|       getSelfParam(): [ParamDecl] self
@@ -2629,12 +2785,19 @@ cfg.swift:
 #  450|       getParam(0): [ParamDecl] value
 #  450|           Type = B
 #  450|       getBody(): [BraceStmt] { ... }
-#  450|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .b
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  450|     getAccessorDecl(2): [AccessorDecl] _modify
 #  450|         InterfaceType = (inout A) -> () -> ()
 #  450|       getSelfParam(): [ParamDecl] self
 #  450|           Type = A
 #  450|       getBody(): [BraceStmt] { ... }
 #  450|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .b
+#-----|               getBase(): [DeclRefExpr] self
 #  451|   getMember(2): [PatternBindingDecl] var ... = ...
 #  451|     getPattern(0): [TypedPattern] ... as ...
 #  451|       getSubPattern(): [NamedPattern] bs
@@ -2646,6 +2809,9 @@ cfg.swift:
 #  451|       getSelfParam(): [ParamDecl] self
 #  451|           Type = A
 #  451|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .bs
+#-----|             getBase(): [DeclRefExpr] self
 #  451|     getAccessorDecl(1): [AccessorDecl] set
 #  451|         InterfaceType = (inout A) -> ([B]) -> ()
 #  451|       getSelfParam(): [ParamDecl] self
@@ -2653,13 +2819,21 @@ cfg.swift:
 #  451|       getParam(0): [ParamDecl] value
 #  451|           Type = [B]
 #  451|       getBody(): [BraceStmt] { ... }
-#  451|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .bs
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  451|     getAccessorDecl(2): [AccessorDecl] _modify
 #  451|         InterfaceType = (inout A) -> () -> ()
 #  451|       getSelfParam(): [ParamDecl] self
 #  451|           Type = A
 #  451|       getBody(): [BraceStmt] { ... }
 #  451|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .bs
+#-----|               getBase(): [DeclRefExpr] self
 #  452|   getMember(4): [PatternBindingDecl] var ... = ...
+#-----|     getInit(0): [NilLiteralExpr] nil
 #  452|     getPattern(0): [TypedPattern] ... as ...
 #  452|       getSubPattern(): [NamedPattern] mayB
 #  452|       getTypeRepr(): [TypeRepr] B?
@@ -2670,6 +2844,9 @@ cfg.swift:
 #  452|       getSelfParam(): [ParamDecl] self
 #  452|           Type = A
 #  452|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .mayB
+#-----|             getBase(): [DeclRefExpr] self
 #  452|     getAccessorDecl(1): [AccessorDecl] set
 #  452|         InterfaceType = (inout A) -> (B?) -> ()
 #  452|       getSelfParam(): [ParamDecl] self
@@ -2677,12 +2854,19 @@ cfg.swift:
 #  452|       getParam(0): [ParamDecl] value
 #  452|           Type = B?
 #  452|       getBody(): [BraceStmt] { ... }
-#  452|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .mayB
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  452|     getAccessorDecl(2): [AccessorDecl] _modify
 #  452|         InterfaceType = (inout A) -> () -> ()
 #  452|       getSelfParam(): [ParamDecl] self
 #  452|           Type = A
 #  452|       getBody(): [BraceStmt] { ... }
 #  452|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .mayB
+#-----|               getBase(): [DeclRefExpr] self
 #  449|   getMember(6): [ConstructorDecl] init(b:bs:mayB:)
 #  449|       InterfaceType = (A.Type) -> (B, [B], B?) -> A
 #  449|     getSelfParam(): [ParamDecl] self
@@ -2779,6 +2963,9 @@ declarations.swift:
 #    2|       getSelfParam(): [ParamDecl] self
 #    2|           Type = Foo
 #    2|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #    2|     getAccessorDecl(1): [AccessorDecl] set
 #    2|         InterfaceType = (inout Foo) -> (Int) -> ()
 #    2|       getSelfParam(): [ParamDecl] self
@@ -2786,12 +2973,19 @@ declarations.swift:
 #    2|       getParam(0): [ParamDecl] value
 #    2|           Type = Int
 #    2|       getBody(): [BraceStmt] { ... }
-#    2|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#    2|     getAccessorDecl(2): [AccessorDecl] _modify
 #    2|         InterfaceType = (inout Foo) -> () -> ()
 #    2|       getSelfParam(): [ParamDecl] self
 #    2|           Type = Foo
 #    2|       getBody(): [BraceStmt] { ... }
 #    2|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .x
+#-----|               getBase(): [DeclRefExpr] self
 #    3|   getMember(2): [PatternBindingDecl] var ... = ...
 #    3|     getPattern(0): [TypedPattern] ... as ...
 #    3|       getSubPattern(): [NamedPattern] next
@@ -2831,12 +3025,15 @@ declarations.swift:
 #    5|               getExpr(): [DeclRefExpr] newValue
 #    5|             getArgument(1): [Argument] : 1
 #    5|               getExpr(): [IntegerLiteralExpr] 1
-#    3|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#    3|     getAccessorDecl(2): [AccessorDecl] _modify
 #    3|         InterfaceType = (inout Foo) -> () -> ()
 #    3|       getSelfParam(): [ParamDecl] self
 #    3|           Type = Foo
 #    3|       getBody(): [BraceStmt] { ... }
 #    3|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .next
+#-----|               getBase(): [DeclRefExpr] self
 #    1|   getMember(4): [ConstructorDecl] init()
 #    1|       InterfaceType = (Foo.Type) -> () -> Foo
 #    1|     getSelfParam(): [ParamDecl] self
@@ -2862,6 +3059,9 @@ declarations.swift:
 #    9|       getSelfParam(): [ParamDecl] self
 #    9|           Type = Bar
 #    9|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #    9|     getAccessorDecl(1): [AccessorDecl] set
 #    9|         InterfaceType = (Bar) -> (Double) -> ()
 #    9|       getSelfParam(): [ParamDecl] self
@@ -2869,12 +3069,19 @@ declarations.swift:
 #    9|       getParam(0): [ParamDecl] value
 #    9|           Type = Double
 #    9|       getBody(): [BraceStmt] { ... }
-#    9|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#    9|     getAccessorDecl(2): [AccessorDecl] _modify
 #    9|         InterfaceType = (Bar) -> () -> ()
 #    9|       getSelfParam(): [ParamDecl] self
 #    9|           Type = Bar
 #    9|       getBody(): [BraceStmt] { ... }
 #    9|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .x
+#-----|               getBase(): [DeclRefExpr] self
 #    9|   getMember(2): [DestructorDecl] deinit()
 #    9|       InterfaceType = (Bar) -> () -> ()
 #    9|     getSelfParam(): [ParamDecl] self
@@ -2894,6 +3101,170 @@ declarations.swift:
 #   13|   getMember(4): [EnumElementDecl] value3
 #   13|   getMember(5): [EnumElementDecl] value4
 #   13|   getMember(6): [EnumElementDecl] value5
+#-----|   getMember(7): [ConcreteFuncDecl] __derived_enum_equals(_:_:)
+#-----|       InterfaceType = (EnumValues.Type) -> (EnumValues, EnumValues) -> Bool
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = EnumValues.Type
+#-----|     getParam(0): [ParamDecl] a
+#-----|         Type = EnumValues
+#-----|     getParam(1): [ParamDecl] b
+#-----|         Type = EnumValues
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_a
+#-----|       getElement(1): [SwitchStmt] switch a { ... }
+#-----|         getExpr(): [DeclRefExpr] a
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .value1
+#-----|             getPattern(): [EnumElementPattern] .value1
+#-----|         getCase(1): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 1
+#-----|           getLabel(0): [CaseLabelItem] .value2
+#-----|             getPattern(): [EnumElementPattern] .value2
+#-----|         getCase(2): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 2
+#-----|           getLabel(0): [CaseLabelItem] .value3
+#-----|             getPattern(): [EnumElementPattern] .value3
+#-----|         getCase(3): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 3
+#-----|           getLabel(0): [CaseLabelItem] .value4
+#-----|             getPattern(): [EnumElementPattern] .value4
+#-----|         getCase(4): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 4
+#-----|           getLabel(0): [CaseLabelItem] .value5
+#-----|             getPattern(): [EnumElementPattern] .value5
+#-----|       getElement(2): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_b
+#-----|       getElement(3): [SwitchStmt] switch b { ... }
+#-----|         getExpr(): [DeclRefExpr] b
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .value1
+#-----|             getPattern(): [EnumElementPattern] .value1
+#-----|         getCase(1): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 1
+#-----|           getLabel(0): [CaseLabelItem] .value2
+#-----|             getPattern(): [EnumElementPattern] .value2
+#-----|         getCase(2): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 2
+#-----|           getLabel(0): [CaseLabelItem] .value3
+#-----|             getPattern(): [EnumElementPattern] .value3
+#-----|         getCase(3): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 3
+#-----|           getLabel(0): [CaseLabelItem] .value4
+#-----|             getPattern(): [EnumElementPattern] .value4
+#-----|         getCase(4): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 4
+#-----|           getLabel(0): [CaseLabelItem] .value5
+#-----|             getPattern(): [EnumElementPattern] .value5
+#-----|       getElement(4): [ReturnStmt] return ...
+#-----|         getResult(): [BinaryExpr] ... .==(_:_:) ...
+#-----|           getFunction(): [MethodRefExpr] .==(_:_:)
+#-----|             getBase(): [TypeExpr] Int.Type
+#-----|           getArgument(0): [Argument] : index_a
+#-----|             getExpr(): [DeclRefExpr] index_a
+#-----|           getArgument(1): [Argument] : index_b
+#-----|             getExpr(): [DeclRefExpr] index_b
+#-----|   getMember(8): [PatternBindingDecl] var ... = ...
+#-----|     getPattern(0): [TypedPattern] ... as ...
+#-----|       getSubPattern(): [NamedPattern] hashValue
+#-----|   getMember(9): [ConcreteFuncDecl] hash(into:)
+#-----|       InterfaceType = (EnumValues) -> (inout Hasher) -> ()
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = EnumValues
+#-----|     getParam(0): [ParamDecl] hasher
+#-----|         Type = Hasher
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] discriminator
+#-----|       getElement(1): [SwitchStmt] switch self { ... }
+#-----|         getExpr(): [DeclRefExpr] self
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .value1
+#-----|             getPattern(): [EnumElementPattern] .value1
+#-----|         getCase(1): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 1
+#-----|           getLabel(0): [CaseLabelItem] .value2
+#-----|             getPattern(): [EnumElementPattern] .value2
+#-----|         getCase(2): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 2
+#-----|           getLabel(0): [CaseLabelItem] .value3
+#-----|             getPattern(): [EnumElementPattern] .value3
+#-----|         getCase(3): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 3
+#-----|           getLabel(0): [CaseLabelItem] .value4
+#-----|             getPattern(): [EnumElementPattern] .value4
+#-----|         getCase(4): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 4
+#-----|           getLabel(0): [CaseLabelItem] .value5
+#-----|             getPattern(): [EnumElementPattern] .value5
+#-----|       getElement(2): [CallExpr] call to ...
+#-----|         getFunction(): [UnresolvedDotExpr] ... .combine(_:)
+#-----|           getBase(): [DeclRefExpr] hasher
+#-----|         getArgument(0): [Argument] : discriminator
+#-----|           getExpr(): [DeclRefExpr] discriminator
+#-----|   getMember(10): [ConcreteVarDecl] hashValue
+#-----|       Type = Int
+#-----|     getAccessorDecl(0): [AccessorDecl] get
+#-----|         InterfaceType = (EnumValues) -> () -> Int
+#-----|       getSelfParam(): [ParamDecl] self
+#-----|           Type = EnumValues
+#-----|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [CallExpr] call to _hashValue(for:)
+#-----|             getFunction(): [DeclRefExpr] _hashValue(for:)
+#-----|             getArgument(0): [Argument] for: self
+#-----|               getExpr(): [DeclRefExpr] self
 #   16| [EnumDecl] EnumWithParams
 #   17|   getMember(0): [EnumCaseDecl] case ...
 #   17|   getMember(1): [EnumElementDecl] nodata1
@@ -2912,6 +3283,7 @@ declarations.swift:
 #   19|     getParam(2): [ParamDecl] _
 #   19|         Type = Double
 #   22| [ProtocolDecl] MyProtocol
+#-----|   getGenericTypeParam(0): [GenericTypeParamDecl] Self
 #   23|   getMember(0): [PatternBindingDecl] var ... = ...
 #   23|     getPattern(0): [TypedPattern] ... as ...
 #   23|       getSubPattern(): [NamedPattern] mustBeSettable
@@ -2928,7 +3300,7 @@ declarations.swift:
 #   23|           Type = Self
 #   23|       getParam(0): [ParamDecl] newValue
 #   23|           Type = Int
-#   23|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#   23|     getAccessorDecl(2): [AccessorDecl] _modify
 #   23|         InterfaceType = <Self where Self : MyProtocol> (inout Self) -> () -> ()
 #   23|       getSelfParam(): [ParamDecl] self
 #   23|           Type = Self
@@ -3001,6 +3373,9 @@ declarations.swift:
 #   41|       getSelfParam(): [ParamDecl] self
 #   41|           Type = Baz
 #   41|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .field
+#-----|             getBase(): [DeclRefExpr] self
 #   41|     getAccessorDecl(1): [AccessorDecl] set
 #   41|         InterfaceType = (Baz) -> (Int) -> ()
 #   41|       getSelfParam(): [ParamDecl] self
@@ -3008,12 +3383,19 @@ declarations.swift:
 #   41|       getParam(0): [ParamDecl] value
 #   41|           Type = Int
 #   41|       getBody(): [BraceStmt] { ... }
-#   41|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .field
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#   41|     getAccessorDecl(2): [AccessorDecl] _modify
 #   41|         InterfaceType = (Baz) -> () -> ()
 #   41|       getSelfParam(): [ParamDecl] self
 #   41|           Type = Baz
 #   41|       getBody(): [BraceStmt] { ... }
 #   41|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .field
+#-----|               getBase(): [DeclRefExpr] self
 #   42|   getMember(2): [ConstructorDecl] init()
 #   42|       InterfaceType = (Baz.Type) -> () -> Baz
 #   42|     getSelfParam(): [ParamDecl] self
@@ -3078,18 +3460,22 @@ declarations.swift:
 #   77|       getAccessorDecl(0): [AccessorDecl] get
 #   77|           InterfaceType = () -> Int
 #   77|         getBody(): [BraceStmt] { ... }
+#-----|           getElement(0): [ReturnStmt] return ...
+#-----|             getResult(): [MemberRefExpr] .wrappedValue
+#-----|               getBase(): [DeclRefExpr] _x
+#-----|       getPropertyWrapperBackingVarBinding(): [PatternBindingDecl] var ... = ...
+#   77|         getInit(0): [CallExpr] call to init()
+#   77|           getFunction(): [ConstructorRefCallExpr] call to init()
+#   77|             getFunction(): [DeclRefExpr] init()
+#   77|             getArgument(0): [Argument] : ZeroWrapper.Type
+#   77|               getExpr(): [TypeExpr] ZeroWrapper.Type
+#   77|                 getTypeRepr(): [TypeRepr] ZeroWrapper
+#   77|         getPattern(0): [TypedPattern] ... as ...
+#   77|           getSubPattern(): [NamedPattern] _x
+#   77|       getPropertyWrapperBackingVar(): [ConcreteVarDecl] _x
+#   77|           Type = ZeroWrapper
 #   78|     getElement(2): [ReturnStmt] return ...
 #   78|       getResult(): [DeclRefExpr] x
-#   77| [CallExpr] call to init()
-#   77|   getFunction(): [ConstructorRefCallExpr] call to init()
-#   77|     getFunction(): [DeclRefExpr] init()
-#   77|     getArgument(0): [Argument] : ZeroWrapper.Type
-#   77|       getExpr(): [TypeExpr] ZeroWrapper.Type
-#   77|         getTypeRepr(): [TypeRepr] ZeroWrapper
-#   77| [TypedPattern] ... as ...
-#   77|   getSubPattern(): [NamedPattern] _x
-#   77| [ConcreteVarDecl] _x
-#   77|     Type = ZeroWrapper
 #   81| [StructDecl] HasPropertyAndObserver
 #   82|   getMember(0): [PatternBindingDecl] var ... = ...
 #   82|     getPattern(0): [TypedPattern] ... as ...
@@ -3111,12 +3497,15 @@ declarations.swift:
 #   84|       getBody(): [BraceStmt] { ... }
 #   85|         getElement(0): [ReturnStmt] return ...
 #   85|           getResult(): [IntegerLiteralExpr] 0
-#   82|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#   82|     getAccessorDecl(2): [AccessorDecl] _modify
 #   82|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #   82|       getSelfParam(): [ParamDecl] self
 #   82|           Type = HasPropertyAndObserver
 #   82|       getBody(): [BraceStmt] { ... }
 #   82|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .settableField
+#-----|               getBase(): [DeclRefExpr] self
 #   91|   getMember(2): [PatternBindingDecl] var ... = ...
 #   91|     getPattern(0): [TypedPattern] ... as ...
 #   91|       getSubPattern(): [NamedPattern] readOnlyField1
@@ -3154,6 +3543,9 @@ declarations.swift:
 #  102|       getSelfParam(): [ParamDecl] self
 #  102|           Type = HasPropertyAndObserver
 #  102|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .normalField
+#-----|             getBase(): [DeclRefExpr] self
 #  102|     getAccessorDecl(1): [AccessorDecl] set
 #  102|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  102|       getSelfParam(): [ParamDecl] self
@@ -3161,12 +3553,19 @@ declarations.swift:
 #  102|       getParam(0): [ParamDecl] value
 #  102|           Type = Int
 #  102|       getBody(): [BraceStmt] { ... }
-#  102|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .normalField
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  102|     getAccessorDecl(2): [AccessorDecl] _modify
 #  102|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  102|       getSelfParam(): [ParamDecl] self
 #  102|           Type = HasPropertyAndObserver
 #  102|       getBody(): [BraceStmt] { ... }
 #  102|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .normalField
+#-----|               getBase(): [DeclRefExpr] self
 #  104|   getMember(8): [SubscriptDecl] subscript ...
 #  105|     getAccessorDecl(0): [AccessorDecl] get
 #  105|         InterfaceType = (HasPropertyAndObserver) -> (Int) -> Int
@@ -3186,12 +3585,19 @@ declarations.swift:
 #  104|       getParam(1): [ParamDecl] x
 #  104|           Type = Int
 #  108|       getBody(): [BraceStmt] { ... }
-#  104|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#  104|     getAccessorDecl(2): [AccessorDecl] _modify
 #  104|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  104|       getSelfParam(): [ParamDecl] self
 #  104|           Type = HasPropertyAndObserver
+#-----|       getParam(0): [ParamDecl] x
+#-----|           Type = Int
 #  104|       getBody(): [BraceStmt] { ... }
 #  104|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [SubscriptExpr] ...[...]
+#-----|               getBase(): [DeclRefExpr] self
+#-----|               getArgument(0): [Argument] : x
+#-----|                 getExpr(): [DeclRefExpr] x
 #  104|     getParam(0): [ParamDecl] x
 #  104|         Type = Int
 #  111|   getMember(9): [SubscriptDecl] subscript ...
@@ -3228,6 +3634,9 @@ declarations.swift:
 #  115|       getSelfParam(): [ParamDecl] self
 #  115|           Type = HasPropertyAndObserver
 #  115|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .hasWillSet1
+#-----|             getBase(): [DeclRefExpr] self
 #  115|     getAccessorDecl(2): [AccessorDecl] set
 #  115|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  115|       getSelfParam(): [ParamDecl] self
@@ -3235,12 +3644,25 @@ declarations.swift:
 #  115|       getParam(0): [ParamDecl] value
 #  115|           Type = Int
 #  115|       getBody(): [BraceStmt] { ... }
-#  115|     getAccessorDecl(3): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [CallExpr] call to willSet
+#-----|           getFunction(): [MethodRefExpr] .willSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#-----|           getArgument(0): [Argument] : value
+#-----|             getExpr(): [DeclRefExpr] value
+#-----|         getElement(1): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasWillSet1
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  115|     getAccessorDecl(3): [AccessorDecl] _modify
 #  115|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  115|       getSelfParam(): [ParamDecl] self
 #  115|           Type = HasPropertyAndObserver
 #  115|       getBody(): [BraceStmt] { ... }
 #  115|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .hasWillSet1
+#-----|               getBase(): [DeclRefExpr] self
 #  119|   getMember(12): [PatternBindingDecl] var ... = ...
 #  119|     getPattern(0): [TypedPattern] ... as ...
 #  119|       getSubPattern(): [NamedPattern] hasWillSet2
@@ -3259,6 +3681,9 @@ declarations.swift:
 #  119|       getSelfParam(): [ParamDecl] self
 #  119|           Type = HasPropertyAndObserver
 #  119|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .hasWillSet2
+#-----|             getBase(): [DeclRefExpr] self
 #  119|     getAccessorDecl(2): [AccessorDecl] set
 #  119|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  119|       getSelfParam(): [ParamDecl] self
@@ -3266,12 +3691,25 @@ declarations.swift:
 #  119|       getParam(0): [ParamDecl] value
 #  119|           Type = Int
 #  119|       getBody(): [BraceStmt] { ... }
-#  119|     getAccessorDecl(3): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [CallExpr] call to willSet
+#-----|           getFunction(): [MethodRefExpr] .willSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#-----|           getArgument(0): [Argument] : value
+#-----|             getExpr(): [DeclRefExpr] value
+#-----|         getElement(1): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasWillSet2
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  119|     getAccessorDecl(3): [AccessorDecl] _modify
 #  119|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  119|       getSelfParam(): [ParamDecl] self
 #  119|           Type = HasPropertyAndObserver
 #  119|       getBody(): [BraceStmt] { ... }
 #  119|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .hasWillSet2
+#-----|               getBase(): [DeclRefExpr] self
 #  123|   getMember(14): [PatternBindingDecl] var ... = ...
 #  123|     getPattern(0): [TypedPattern] ... as ...
 #  123|       getSubPattern(): [NamedPattern] hasDidSet1
@@ -3290,6 +3728,9 @@ declarations.swift:
 #  123|       getSelfParam(): [ParamDecl] self
 #  123|           Type = HasPropertyAndObserver
 #  123|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .hasDidSet1
+#-----|             getBase(): [DeclRefExpr] self
 #  123|     getAccessorDecl(2): [AccessorDecl] set
 #  123|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  123|       getSelfParam(): [ParamDecl] self
@@ -3297,12 +3738,32 @@ declarations.swift:
 #  123|       getParam(0): [ParamDecl] value
 #  123|           Type = Int
 #  123|       getBody(): [BraceStmt] { ... }
-#  123|     getAccessorDecl(3): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [PatternBindingDecl] var ... = ...
+#-----|           getInit(0): [MemberRefExpr] .hasDidSet1
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getInit(0).getFullyConverted(): [LoadExpr] (Int) ...
+#-----|           getPattern(0): [NamedPattern] tmp
+#-----|         getElement(1): [ConcreteVarDecl] tmp
+#-----|             Type = Int
+#-----|         getElement(2): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasDidSet1
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#-----|         getElement(3): [CallExpr] call to didSet
+#-----|           getFunction(): [MethodRefExpr] .didSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#-----|           getArgument(0): [Argument] : tmp
+#-----|             getExpr(): [DeclRefExpr] tmp
+#  123|     getAccessorDecl(3): [AccessorDecl] _modify
 #  123|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  123|       getSelfParam(): [ParamDecl] self
 #  123|           Type = HasPropertyAndObserver
 #  123|       getBody(): [BraceStmt] { ... }
 #  123|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .hasDidSet1
+#-----|               getBase(): [DeclRefExpr] self
 #  127|   getMember(16): [PatternBindingDecl] var ... = ...
 #  127|     getPattern(0): [TypedPattern] ... as ...
 #  127|       getSubPattern(): [NamedPattern] hasDidSet2
@@ -3319,6 +3780,9 @@ declarations.swift:
 #  127|       getSelfParam(): [ParamDecl] self
 #  127|           Type = HasPropertyAndObserver
 #  127|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .hasDidSet2
+#-----|             getBase(): [DeclRefExpr] self
 #  127|     getAccessorDecl(2): [AccessorDecl] set
 #  127|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  127|       getSelfParam(): [ParamDecl] self
@@ -3326,12 +3790,27 @@ declarations.swift:
 #  127|       getParam(0): [ParamDecl] value
 #  127|           Type = Int
 #  127|       getBody(): [BraceStmt] { ... }
-#  127|     getAccessorDecl(3): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasDidSet2
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#-----|         getElement(1): [CallExpr] call to didSet
+#-----|           getFunction(): [MethodRefExpr] .didSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#  127|     getAccessorDecl(3): [AccessorDecl] _modify
 #  127|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  127|       getSelfParam(): [ParamDecl] self
 #  127|           Type = HasPropertyAndObserver
 #  127|       getBody(): [BraceStmt] { ... }
 #  127|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .hasDidSet2
+#-----|               getBase(): [DeclRefExpr] self
+#-----|         getElement(1): [CallExpr] call to didSet
+#-----|           getFunction(): [MethodRefExpr] .didSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
 #  131|   getMember(18): [PatternBindingDecl] var ... = ...
 #  131|     getPattern(0): [TypedPattern] ... as ...
 #  131|       getSubPattern(): [NamedPattern] hasBoth
@@ -3355,6 +3834,9 @@ declarations.swift:
 #  131|       getSelfParam(): [ParamDecl] self
 #  131|           Type = HasPropertyAndObserver
 #  131|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .hasBoth
+#-----|             getBase(): [DeclRefExpr] self
 #  131|     getAccessorDecl(3): [AccessorDecl] set
 #  131|         InterfaceType = (inout HasPropertyAndObserver) -> (Int) -> ()
 #  131|       getSelfParam(): [ParamDecl] self
@@ -3362,12 +3844,29 @@ declarations.swift:
 #  131|       getParam(0): [ParamDecl] value
 #  131|           Type = Int
 #  131|       getBody(): [BraceStmt] { ... }
-#  131|     getAccessorDecl(4): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [CallExpr] call to willSet
+#-----|           getFunction(): [MethodRefExpr] .willSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#-----|           getArgument(0): [Argument] : value
+#-----|             getExpr(): [DeclRefExpr] value
+#-----|         getElement(1): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasBoth
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#-----|         getElement(2): [CallExpr] call to didSet
+#-----|           getFunction(): [MethodRefExpr] .didSet
+#-----|             getBase(): [InOutExpr] &...
+#-----|               getSubExpr(): [DeclRefExpr] self
+#  131|     getAccessorDecl(4): [AccessorDecl] _modify
 #  131|         InterfaceType = (inout HasPropertyAndObserver) -> () -> ()
 #  131|       getSelfParam(): [ParamDecl] self
 #  131|           Type = HasPropertyAndObserver
 #  131|       getBody(): [BraceStmt] { ... }
 #  131|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .hasBoth
+#-----|               getBase(): [DeclRefExpr] self
 #   81|   getMember(20): [ConstructorDecl] init(normalField:hasWillSet1:hasWillSet2:hasDidSet1:hasDidSet2:hasBoth:)
 #   81|       InterfaceType = (HasPropertyAndObserver.Type) -> (Int, Int, Int, Int, Int, Int) -> HasPropertyAndObserver
 #   81|     getSelfParam(): [ParamDecl] self
@@ -3446,6 +3945,14 @@ declarations.swift:
 #  152|       InterfaceType = (Derived.Type) -> () -> Derived
 #  152|     getSelfParam(): [ParamDecl] self
 #  152|         Type = Derived
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [RebindSelfInConstructorExpr] self = ...
+#-----|         getSubExpr(): [CallExpr] call to ...
+#-----|           getFunction(): [DotSyntaxCallExpr] call to ...
+#-----|             getFunction(): [OtherConstructorDeclRefExpr] init()
+#-----|             getArgument(0): [Argument] : super
+#-----|               getExpr(): [SuperRefExpr] super
+#-----|       getElement(1): [ReturnStmt] return
 #  152|   getMember(1): [DestructorDecl] deinit()
 #  152|       InterfaceType = (Derived) -> () -> ()
 #  152|     getSelfParam(): [ParamDecl] self
@@ -3528,9 +4035,13 @@ expressions.swift:
 #    7|   getBody(): [BraceStmt] { ... }
 #    7|     getElement(0): [PatternBindingDecl] var ... = ...
 #    7|       getInit(0): [InterpolatedStringLiteralExpr] "..."
+#-----|         getInterpolationCountExpr(): [IntegerLiteralExpr] 1
+#-----|         getLiteralCapacityExpr(): [IntegerLiteralExpr] 6
 #    7|         getAppendingExpr(): [TapExpr] TapExpr
 #    7|           getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr
 #    7|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [ConcreteVarDecl] $interpolation
+#-----|                 Type = DefaultStringInterpolation
 #    7|             getElement(1): [CallExpr] call to appendLiteral(_:)
 #    7|               getFunction(): [MethodRefExpr] .appendLiteral(_:)
 #    7|                 getBase(): [InOutExpr] &...
@@ -3564,6 +4075,86 @@ expressions.swift:
 #   10| [EnumDecl] AnError
 #   11|   getMember(0): [EnumCaseDecl] case ...
 #   11|   getMember(1): [EnumElementDecl] failed
+#-----|   getMember(2): [ConcreteFuncDecl] __derived_enum_equals(_:_:)
+#-----|       InterfaceType = (AnError.Type) -> (AnError, AnError) -> Bool
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = AnError.Type
+#-----|     getParam(0): [ParamDecl] a
+#-----|         Type = AnError
+#-----|     getParam(1): [ParamDecl] b
+#-----|         Type = AnError
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_a
+#-----|       getElement(1): [SwitchStmt] switch a { ... }
+#-----|         getExpr(): [DeclRefExpr] a
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(2): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_b
+#-----|       getElement(3): [SwitchStmt] switch b { ... }
+#-----|         getExpr(): [DeclRefExpr] b
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(4): [ReturnStmt] return ...
+#-----|         getResult(): [BinaryExpr] ... .==(_:_:) ...
+#-----|           getFunction(): [MethodRefExpr] .==(_:_:)
+#-----|             getBase(): [TypeExpr] Int.Type
+#-----|           getArgument(0): [Argument] : index_a
+#-----|             getExpr(): [DeclRefExpr] index_a
+#-----|           getArgument(1): [Argument] : index_b
+#-----|             getExpr(): [DeclRefExpr] index_b
+#-----|   getMember(3): [PatternBindingDecl] var ... = ...
+#-----|     getPattern(0): [TypedPattern] ... as ...
+#-----|       getSubPattern(): [NamedPattern] hashValue
+#-----|   getMember(4): [ConcreteFuncDecl] hash(into:)
+#-----|       InterfaceType = (AnError) -> (inout Hasher) -> ()
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = AnError
+#-----|     getParam(0): [ParamDecl] hasher
+#-----|         Type = Hasher
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] discriminator
+#-----|       getElement(1): [SwitchStmt] switch self { ... }
+#-----|         getExpr(): [DeclRefExpr] self
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(2): [CallExpr] call to ...
+#-----|         getFunction(): [UnresolvedDotExpr] ... .combine(_:)
+#-----|           getBase(): [DeclRefExpr] hasher
+#-----|         getArgument(0): [Argument] : discriminator
+#-----|           getExpr(): [DeclRefExpr] discriminator
+#-----|   getMember(5): [ConcreteVarDecl] hashValue
+#-----|       Type = Int
+#-----|     getAccessorDecl(0): [AccessorDecl] get
+#-----|         InterfaceType = (AnError) -> () -> Int
+#-----|       getSelfParam(): [ParamDecl] self
+#-----|           Type = AnError
+#-----|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [CallExpr] call to _hashValue(for:)
+#-----|             getFunction(): [DeclRefExpr] _hashValue(for:)
+#-----|             getArgument(0): [Argument] for: self
+#-----|               getExpr(): [DeclRefExpr] self
 #   14| [ConcreteFuncDecl] failure(_:)
 #   14|     InterfaceType = (Int) throws -> ()
 #   14|   getParam(0): [ParamDecl] x
@@ -3783,6 +4374,9 @@ expressions.swift:
 #   51|       getSelfParam(): [ParamDecl] self
 #   51|           Type = S
 #   51|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #   50|   getMember(2): [ConstructorDecl] init(x:)
 #   50|       InterfaceType = (S.Type) -> (Int) -> S
 #   50|     getSelfParam(): [ParamDecl] self
@@ -3872,6 +4466,9 @@ expressions.swift:
 #   71|       getSelfParam(): [ParamDecl] self
 #   71|           Type = Base
 #   71|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .xx
+#-----|             getBase(): [DeclRefExpr] self
 #   72|   getMember(2): [ConstructorDecl] init(x:)
 #   72|       InterfaceType = (Base.Type) -> (Int) -> Base
 #   72|     getSelfParam(): [ParamDecl] self
@@ -3908,23 +4505,27 @@ expressions.swift:
 #   77|       InterfaceType = (Derived.Type) -> (Int) -> Derived
 #   77|     getSelfParam(): [ParamDecl] self
 #   77|         Type = Derived
+#-----|     getParam(0): [ParamDecl] x
+#-----|         Type = Int
+#-----|     getBody(): [BraceStmt] { ... }
+#   77|       getElement(0): [CallExpr] call to _unimplementedInitializer(className:initName:file:line:column:)
+#   77|         getFunction(): [DeclRefExpr] _unimplementedInitializer(className:initName:file:line:column:)
+#   77|         getArgument(0): [Argument] : expressions.Derived
+#   77|           getExpr(): [StringLiteralExpr] expressions.Derived
+#   77|         getArgument(1): [Argument] : #...
+#   77|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#   77|         getArgument(2): [Argument] : #...
+#   77|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#   77|         getArgument(3): [Argument] : #...
+#   77|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#   77|         getArgument(4): [Argument] : #...
+#   77|           getExpr(): [MagicIdentifierLiteralExpr] #...
+#-----|       getElement(1): [ReturnStmt] return
 #   77|   getMember(2): [DestructorDecl] deinit()
 #   77|       InterfaceType = (Derived) -> () -> ()
 #   77|     getSelfParam(): [ParamDecl] self
 #   77|         Type = Derived
 #   77|     getBody(): [BraceStmt] { ... }
-#   77| [CallExpr] call to _unimplementedInitializer(className:initName:file:line:column:)
-#   77|   getFunction(): [DeclRefExpr] _unimplementedInitializer(className:initName:file:line:column:)
-#   77|   getArgument(0): [Argument] : expressions.Derived
-#   77|     getExpr(): [StringLiteralExpr] expressions.Derived
-#   77|   getArgument(1): [Argument] : #...
-#   77|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#   77|   getArgument(2): [Argument] : #...
-#   77|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#   77|   getArgument(3): [Argument] : #...
-#   77|     getExpr(): [MagicIdentifierLiteralExpr] #...
-#   77|   getArgument(4): [Argument] : #...
-#   77|     getExpr(): [MagicIdentifierLiteralExpr] #...
 #   83| [TopLevelCodeDecl] { ... }
 #   83|   getBody(): [BraceStmt] { ... }
 #   83|     getElement(0): [PatternBindingDecl] var ... = ...
@@ -3947,6 +4548,7 @@ expressions.swift:
 #   86| [TopLevelCodeDecl] { ... }
 #   86|   getBody(): [BraceStmt] { ... }
 #   86|     getElement(0): [PatternBindingDecl] var ... = ...
+#-----|       getInit(0): [NilLiteralExpr] nil
 #   86|       getPattern(0): [TypedPattern] ... as ...
 #   86|         getSubPattern(): [NamedPattern] opt
 #   86|         getTypeRepr(): [TypeRepr] Int?
@@ -4024,12 +4626,15 @@ expressions.swift:
 #   98|       getBody(): [BraceStmt] { ... }
 #   99|         getElement(0): [ReturnStmt] return ...
 #   99|           getResult(): [IntegerLiteralExpr] 0
-#   96|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#   96|     getAccessorDecl(2): [AccessorDecl] _modify
 #   96|         InterfaceType = (inout HasProperty) -> () -> ()
 #   96|       getSelfParam(): [ParamDecl] self
 #   96|           Type = HasProperty
 #   96|       getBody(): [BraceStmt] { ... }
 #   96|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .settableField
+#-----|               getBase(): [DeclRefExpr] self
 #  105|   getMember(2): [PatternBindingDecl] var ... = ...
 #  105|     getPattern(0): [TypedPattern] ... as ...
 #  105|       getSubPattern(): [NamedPattern] readOnlyField1
@@ -4067,6 +4672,9 @@ expressions.swift:
 #  116|       getSelfParam(): [ParamDecl] self
 #  116|           Type = HasProperty
 #  116|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .normalField
+#-----|             getBase(): [DeclRefExpr] self
 #  116|     getAccessorDecl(1): [AccessorDecl] set
 #  116|         InterfaceType = (inout HasProperty) -> (Int) -> ()
 #  116|       getSelfParam(): [ParamDecl] self
@@ -4074,12 +4682,19 @@ expressions.swift:
 #  116|       getParam(0): [ParamDecl] value
 #  116|           Type = Int
 #  116|       getBody(): [BraceStmt] { ... }
-#  116|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .normalField
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  116|     getAccessorDecl(2): [AccessorDecl] _modify
 #  116|         InterfaceType = (inout HasProperty) -> () -> ()
 #  116|       getSelfParam(): [ParamDecl] self
 #  116|           Type = HasProperty
 #  116|       getBody(): [BraceStmt] { ... }
 #  116|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .normalField
+#-----|               getBase(): [DeclRefExpr] self
 #  118|   getMember(8): [SubscriptDecl] subscript ...
 #  119|     getAccessorDecl(0): [AccessorDecl] get
 #  119|         InterfaceType = (HasProperty) -> (Int) -> Int
@@ -4099,12 +4714,19 @@ expressions.swift:
 #  118|       getParam(1): [ParamDecl] x
 #  118|           Type = Int
 #  122|       getBody(): [BraceStmt] { ... }
-#  118|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#  118|     getAccessorDecl(2): [AccessorDecl] _modify
 #  118|         InterfaceType = (inout HasProperty) -> (Int) -> ()
 #  118|       getSelfParam(): [ParamDecl] self
 #  118|           Type = HasProperty
+#-----|       getParam(0): [ParamDecl] x
+#-----|           Type = Int
 #  118|       getBody(): [BraceStmt] { ... }
 #  118|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [SubscriptExpr] ...[...]
+#-----|               getBase(): [DeclRefExpr] self
+#-----|               getArgument(0): [Argument] : x
+#-----|                 getExpr(): [DeclRefExpr] x
 #  118|     getParam(0): [ParamDecl] x
 #  118|         Type = Int
 #  125|   getMember(9): [SubscriptDecl] subscript ...
@@ -4203,6 +4825,9 @@ expressions.swift:
 #  142|       getSelfParam(): [ParamDecl] self
 #  142|           Type = B
 #  142|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #  142|     getAccessorDecl(1): [AccessorDecl] set
 #  142|         InterfaceType = (inout B) -> (Int) -> ()
 #  142|       getSelfParam(): [ParamDecl] self
@@ -4210,12 +4835,19 @@ expressions.swift:
 #  142|       getParam(0): [ParamDecl] value
 #  142|           Type = Int
 #  142|       getBody(): [BraceStmt] { ... }
-#  142|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  142|     getAccessorDecl(2): [AccessorDecl] _modify
 #  142|         InterfaceType = (inout B) -> () -> ()
 #  142|       getSelfParam(): [ParamDecl] self
 #  142|           Type = B
 #  142|       getBody(): [BraceStmt] { ... }
 #  142|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .x
+#-----|               getBase(): [DeclRefExpr] self
 #  141|   getMember(2): [ConstructorDecl] init(x:)
 #  141|       InterfaceType = (B.Type) -> (Int) -> B
 #  141|     getSelfParam(): [ParamDecl] self
@@ -4234,6 +4866,9 @@ expressions.swift:
 #  146|       getSelfParam(): [ParamDecl] self
 #  146|           Type = A
 #  146|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .b
+#-----|             getBase(): [DeclRefExpr] self
 #  146|     getAccessorDecl(1): [AccessorDecl] set
 #  146|         InterfaceType = (inout A) -> (B) -> ()
 #  146|       getSelfParam(): [ParamDecl] self
@@ -4241,12 +4876,19 @@ expressions.swift:
 #  146|       getParam(0): [ParamDecl] value
 #  146|           Type = B
 #  146|       getBody(): [BraceStmt] { ... }
-#  146|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .b
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  146|     getAccessorDecl(2): [AccessorDecl] _modify
 #  146|         InterfaceType = (inout A) -> () -> ()
 #  146|       getSelfParam(): [ParamDecl] self
 #  146|           Type = A
 #  146|       getBody(): [BraceStmt] { ... }
 #  146|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .b
+#-----|               getBase(): [DeclRefExpr] self
 #  147|   getMember(2): [PatternBindingDecl] var ... = ...
 #  147|     getPattern(0): [TypedPattern] ... as ...
 #  147|       getSubPattern(): [NamedPattern] bs
@@ -4258,6 +4900,9 @@ expressions.swift:
 #  147|       getSelfParam(): [ParamDecl] self
 #  147|           Type = A
 #  147|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .bs
+#-----|             getBase(): [DeclRefExpr] self
 #  147|     getAccessorDecl(1): [AccessorDecl] set
 #  147|         InterfaceType = (inout A) -> ([B]) -> ()
 #  147|       getSelfParam(): [ParamDecl] self
@@ -4265,13 +4910,21 @@ expressions.swift:
 #  147|       getParam(0): [ParamDecl] value
 #  147|           Type = [B]
 #  147|       getBody(): [BraceStmt] { ... }
-#  147|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .bs
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  147|     getAccessorDecl(2): [AccessorDecl] _modify
 #  147|         InterfaceType = (inout A) -> () -> ()
 #  147|       getSelfParam(): [ParamDecl] self
 #  147|           Type = A
 #  147|       getBody(): [BraceStmt] { ... }
 #  147|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .bs
+#-----|               getBase(): [DeclRefExpr] self
 #  148|   getMember(4): [PatternBindingDecl] var ... = ...
+#-----|     getInit(0): [NilLiteralExpr] nil
 #  148|     getPattern(0): [TypedPattern] ... as ...
 #  148|       getSubPattern(): [NamedPattern] mayB
 #  148|       getTypeRepr(): [TypeRepr] B?
@@ -4282,6 +4935,9 @@ expressions.swift:
 #  148|       getSelfParam(): [ParamDecl] self
 #  148|           Type = A
 #  148|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .mayB
+#-----|             getBase(): [DeclRefExpr] self
 #  148|     getAccessorDecl(1): [AccessorDecl] set
 #  148|         InterfaceType = (inout A) -> (B?) -> ()
 #  148|       getSelfParam(): [ParamDecl] self
@@ -4289,12 +4945,19 @@ expressions.swift:
 #  148|       getParam(0): [ParamDecl] value
 #  148|           Type = B?
 #  148|       getBody(): [BraceStmt] { ... }
-#  148|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .mayB
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#  148|     getAccessorDecl(2): [AccessorDecl] _modify
 #  148|         InterfaceType = (inout A) -> () -> ()
 #  148|       getSelfParam(): [ParamDecl] self
 #  148|           Type = A
 #  148|       getBody(): [BraceStmt] { ... }
 #  148|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .mayB
+#-----|               getBase(): [DeclRefExpr] self
 #  145|   getMember(6): [ConstructorDecl] init(b:bs:mayB:)
 #  145|       InterfaceType = (A.Type) -> (B, [B], B?) -> A
 #  145|     getSelfParam(): [ParamDecl] self
@@ -4742,6 +5405,86 @@ statements.swift:
 #   34| [EnumDecl] AnError
 #   35|   getMember(0): [EnumCaseDecl] case ...
 #   35|   getMember(1): [EnumElementDecl] failed
+#-----|   getMember(2): [ConcreteFuncDecl] __derived_enum_equals(_:_:)
+#-----|       InterfaceType = (AnError.Type) -> (AnError, AnError) -> Bool
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = AnError.Type
+#-----|     getParam(0): [ParamDecl] a
+#-----|         Type = AnError
+#-----|     getParam(1): [ParamDecl] b
+#-----|         Type = AnError
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_a
+#-----|       getElement(1): [SwitchStmt] switch a { ... }
+#-----|         getExpr(): [DeclRefExpr] a
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_a
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(2): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] index_b
+#-----|       getElement(3): [SwitchStmt] switch b { ... }
+#-----|         getExpr(): [DeclRefExpr] b
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] index_b
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(4): [ReturnStmt] return ...
+#-----|         getResult(): [BinaryExpr] ... .==(_:_:) ...
+#-----|           getFunction(): [MethodRefExpr] .==(_:_:)
+#-----|             getBase(): [TypeExpr] Int.Type
+#-----|           getArgument(0): [Argument] : index_a
+#-----|             getExpr(): [DeclRefExpr] index_a
+#-----|           getArgument(1): [Argument] : index_b
+#-----|             getExpr(): [DeclRefExpr] index_b
+#-----|   getMember(3): [PatternBindingDecl] var ... = ...
+#-----|     getPattern(0): [TypedPattern] ... as ...
+#-----|       getSubPattern(): [NamedPattern] hashValue
+#-----|   getMember(4): [ConcreteFuncDecl] hash(into:)
+#-----|       InterfaceType = (AnError) -> (inout Hasher) -> ()
+#-----|     getSelfParam(): [ParamDecl] self
+#-----|         Type = AnError
+#-----|     getParam(0): [ParamDecl] hasher
+#-----|         Type = Hasher
+#-----|     getBody(): [BraceStmt] { ... }
+#-----|       getElement(0): [PatternBindingDecl] var ... = ...
+#-----|         getPattern(0): [TypedPattern] ... as ...
+#-----|           getSubPattern(): [NamedPattern] discriminator
+#-----|       getElement(1): [SwitchStmt] switch self { ... }
+#-----|         getExpr(): [DeclRefExpr] self
+#-----|         getCase(0): [CaseStmt] case ...
+#-----|           getBody(): [BraceStmt] { ... }
+#-----|             getElement(0): [AssignExpr]  ... = ...
+#-----|               getDest(): [DeclRefExpr] discriminator
+#-----|               getSource(): [IntegerLiteralExpr] 0
+#-----|           getLabel(0): [CaseLabelItem] .failed
+#-----|             getPattern(): [EnumElementPattern] .failed
+#-----|       getElement(2): [CallExpr] call to ...
+#-----|         getFunction(): [UnresolvedDotExpr] ... .combine(_:)
+#-----|           getBase(): [DeclRefExpr] hasher
+#-----|         getArgument(0): [Argument] : discriminator
+#-----|           getExpr(): [DeclRefExpr] discriminator
+#-----|   getMember(5): [ConcreteVarDecl] hashValue
+#-----|       Type = Int
+#-----|     getAccessorDecl(0): [AccessorDecl] get
+#-----|         InterfaceType = (AnError) -> () -> Int
+#-----|       getSelfParam(): [ParamDecl] self
+#-----|           Type = AnError
+#-----|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [CallExpr] call to _hashValue(for:)
+#-----|             getFunction(): [DeclRefExpr] _hashValue(for:)
+#-----|             getArgument(0): [Argument] for: self
+#-----|               getExpr(): [DeclRefExpr] self
 #   38| [ConcreteFuncDecl] failure(_:)
 #   38|     InterfaceType = (Int) throws -> ()
 #   38|   getParam(0): [ParamDecl] x
@@ -4932,6 +5675,9 @@ statements.swift:
 #   75|       getSelfParam(): [ParamDecl] self
 #   75|           Type = HasModifyAccessorDecl
 #   75|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [ReturnStmt] return ...
+#-----|           getResult(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
 #   75|     getAccessorDecl(1): [AccessorDecl] set
 #   75|         InterfaceType = (inout HasModifyAccessorDecl) -> (Int) -> ()
 #   75|       getSelfParam(): [ParamDecl] self
@@ -4939,19 +5685,26 @@ statements.swift:
 #   75|       getParam(0): [ParamDecl] value
 #   75|           Type = Int
 #   75|       getBody(): [BraceStmt] { ... }
-#   75|     getAccessorDecl(2): [AccessorDecl] (unnamed function decl)
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .x
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
+#   75|     getAccessorDecl(2): [AccessorDecl] _modify
 #   75|         InterfaceType = (inout HasModifyAccessorDecl) -> () -> ()
 #   75|       getSelfParam(): [ParamDecl] self
 #   75|           Type = HasModifyAccessorDecl
 #   75|       getBody(): [BraceStmt] { ... }
 #   75|         getElement(0): [YieldStmt] yield ...
+#-----|           getResult(0): [InOutExpr] &...
+#-----|             getSubExpr(): [MemberRefExpr] .x
+#-----|               getBase(): [DeclRefExpr] self
 #   76|   getMember(2): [PatternBindingDecl] var ... = ...
 #   76|     getPattern(0): [TypedPattern] ... as ...
 #   76|       getSubPattern(): [NamedPattern] hasModify
 #   76|       getTypeRepr(): [TypeRepr] Int
 #   76|   getMember(3): [ConcreteVarDecl] hasModify
 #   76|       Type = Int
-#   77|     getAccessorDecl(0): [AccessorDecl] (unnamed function decl)
+#   77|     getAccessorDecl(0): [AccessorDecl] _modify
 #   77|         InterfaceType = (inout HasModifyAccessorDecl) -> () -> ()
 #   77|       getSelfParam(): [ParamDecl] self
 #   77|           Type = HasModifyAccessorDecl
@@ -4974,6 +5727,10 @@ statements.swift:
 #   76|       getParam(0): [ParamDecl] value
 #   76|           Type = Int
 #   76|       getBody(): [BraceStmt] { ... }
+#-----|         getElement(0): [AssignExpr]  ... = ...
+#-----|           getDest(): [MemberRefExpr] .hasModify
+#-----|             getBase(): [DeclRefExpr] self
+#-----|           getSource(): [DeclRefExpr] value
 #   74|   getMember(4): [ConstructorDecl] init(x:)
 #   74|       InterfaceType = (HasModifyAccessorDecl.Type) -> (Int) -> HasModifyAccessorDecl
 #   74|     getSelfParam(): [ParamDecl] self
diff --git a/swift/ql/test/library-tests/ast/PrintAst.ql b/swift/ql/test/library-tests/ast/PrintAst.ql
index 245e9ebdb12..05b5fec5a17 100644
--- a/swift/ql/test/library-tests/ast/PrintAst.ql
+++ b/swift/ql/test/library-tests/ast/PrintAst.ql
@@ -10,5 +10,7 @@ import TestUtils
  * The hook to customize the entities printed by this query.
  */
 class PrintAstConfigurationOverride extends PrintAstConfiguration {
-  override predicate shouldPrint(Locatable e) { super.shouldPrint(e) and toBeTested(e) }
+  override predicate shouldPrint(Locatable e) {
+    super.shouldPrint(e) and toBeTested(e) and not e instanceof ModuleDecl
+  }
 }
diff --git a/swift/ql/test/library-tests/controlflow/graph/Cfg.expected b/swift/ql/test/library-tests/controlflow/graph/Cfg.expected
index c32c235ca1b..9eebf08a5c6 100644
--- a/swift/ql/test/library-tests/controlflow/graph/Cfg.expected
+++ b/swift/ql/test/library-tests/controlflow/graph/Cfg.expected
@@ -250,14 +250,14 @@ cfg.swift:
 #-----| match -> 0
 
 #   33| .error1
-#-----| no-match -> ... is ...
+#-----| match, no-match -> ... is ...
 
 #   33| ... is ...
-#-----| no-match -> call to isZero(x:)
+#-----| match, no-match -> call to isZero(x:)
 #-----| no-match -> case ...
 
 #   33| .error2
-#-----| no-match -> ... is ...
+#-----| match, no-match -> ... is ...
 
 #   33| ... is ... where ...
 #-----|  -> .error2
@@ -1577,7 +1577,7 @@ cfg.swift:
 #-----|  -> =~ ... where ...
 
 #  144| =~ ...
-#-----| no-match -> ... .&&(_:_:) ...
+#-----| match, no-match -> ... .&&(_:_:) ...
 #-----| no-match -> case ...
 
 #  144| x
@@ -5148,11 +5148,11 @@ cfg.swift:
 #  390| 0
 #-----|  -> return ...
 
-#  394| (unnamed function decl)
+#  394| _modify
 #-----|  -> self
 
-#  394| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  394| enter _modify
+#-----|  -> _modify
 
 #  394| enter get
 #-----|  -> get
@@ -5160,10 +5160,10 @@ cfg.swift:
 #  394| enter set
 #-----|  -> set
 
-#  394| exit (unnamed function decl)
+#  394| exit _modify
 
-#  394| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  394| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  394| exit get
 
@@ -5191,7 +5191,7 @@ cfg.swift:
 #  394| value
 
 #  394| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
 #  395| self
 #-----|  -> self
@@ -5320,11 +5320,11 @@ cfg.swift:
 #  409| { ... }
 #-----|  -> exit deinit() (normal)
 
-#  410| (unnamed function decl)
+#  410| _modify
 #-----|  -> self
 
-#  410| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  410| enter _modify
+#-----|  -> _modify
 
 #  410| enter get
 #-----|  -> get
@@ -5332,10 +5332,10 @@ cfg.swift:
 #  410| enter set
 #-----|  -> set
 
-#  410| exit (unnamed function decl)
+#  410| exit _modify
 
-#  410| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  410| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  410| exit get
 
@@ -5363,7 +5363,7 @@ cfg.swift:
 #  410| value
 
 #  410| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
 #  411| self
 #-----|  -> self
@@ -5397,11 +5397,11 @@ cfg.swift:
 #  416| MyLocalStruct
 #-----|  -> MyLocalEnum
 
-#  417| (unnamed function decl)
+#  417| _modify
 #-----|  -> self
 
-#  417| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  417| enter _modify
+#-----|  -> _modify
 
 #  417| enter get
 #-----|  -> get
@@ -5409,10 +5409,10 @@ cfg.swift:
 #  417| enter set
 #-----|  -> set
 
-#  417| exit (unnamed function decl)
+#  417| exit _modify
 
-#  417| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  417| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  417| exit get
 
@@ -5440,7 +5440,7 @@ cfg.swift:
 #  417| value
 
 #  417| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
 #  418| self
 #-----|  -> self
@@ -5492,11 +5492,11 @@ cfg.swift:
 #  442| 0
 #-----|  -> return ...
 
-#  446| (unnamed function decl)
+#  446| _modify
 #-----|  -> self
 
-#  446| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  446| enter _modify
+#-----|  -> _modify
 
 #  446| enter get
 #-----|  -> get
@@ -5504,10 +5504,10 @@ cfg.swift:
 #  446| enter set
 #-----|  -> set
 
-#  446| exit (unnamed function decl)
+#  446| exit _modify
 
-#  446| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  446| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  446| exit get
 
@@ -5535,13 +5535,13 @@ cfg.swift:
 #  446| value
 
 #  446| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
-#  450| (unnamed function decl)
+#  450| _modify
 #-----|  -> self
 
-#  450| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  450| enter _modify
+#-----|  -> _modify
 
 #  450| enter get
 #-----|  -> get
@@ -5549,10 +5549,10 @@ cfg.swift:
 #  450| enter set
 #-----|  -> set
 
-#  450| exit (unnamed function decl)
+#  450| exit _modify
 
-#  450| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  450| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  450| exit get
 
@@ -5580,13 +5580,13 @@ cfg.swift:
 #  450| value
 
 #  450| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
-#  451| (unnamed function decl)
+#  451| _modify
 #-----|  -> self
 
-#  451| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  451| enter _modify
+#-----|  -> _modify
 
 #  451| enter get
 #-----|  -> get
@@ -5594,10 +5594,10 @@ cfg.swift:
 #  451| enter set
 #-----|  -> set
 
-#  451| exit (unnamed function decl)
+#  451| exit _modify
 
-#  451| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  451| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  451| exit get
 
@@ -5625,13 +5625,13 @@ cfg.swift:
 #  451| value
 
 #  451| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
-#  452| (unnamed function decl)
+#  452| _modify
 #-----|  -> self
 
-#  452| enter (unnamed function decl)
-#-----|  -> (unnamed function decl)
+#  452| enter _modify
+#-----|  -> _modify
 
 #  452| enter get
 #-----|  -> get
@@ -5639,10 +5639,10 @@ cfg.swift:
 #  452| enter set
 #-----|  -> set
 
-#  452| exit (unnamed function decl)
+#  452| exit _modify
 
-#  452| exit (unnamed function decl) (normal)
-#-----|  -> exit (unnamed function decl)
+#  452| exit _modify (normal)
+#-----|  -> exit _modify
 
 #  452| exit get
 
@@ -5670,7 +5670,7 @@ cfg.swift:
 #  452| value
 
 #  452| yield ...
-#-----|  -> exit (unnamed function decl) (normal)
+#-----|  -> exit _modify (normal)
 
 #  455| enter test(a:)
 #-----|  -> test(a:)
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
index 3cf1784e010..1277d30cdc2 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -100,13 +100,36 @@ edges
 | test.swift:225:14:225:21 | call to source() :  | test.swift:235:13:235:15 | .source_value |
 | test.swift:225:14:225:21 | call to source() :  | test.swift:238:13:238:15 | .source_value |
 | test.swift:259:12:259:19 | call to source() :  | test.swift:263:13:263:28 | call to optionalSource() :  |
-| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:264:15:264:16 | ...! |
-| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:266:15:266:16 | ...? :  |
-| test.swift:265:15:265:22 | call to source() :  | file://:0:0:0:0 | [summary param] this in signum() :  |
-| test.swift:265:15:265:22 | call to source() :  | test.swift:265:15:265:31 | call to signum() |
-| test.swift:266:15:266:16 | ...? :  | file://:0:0:0:0 | [summary param] this in signum() :  |
-| test.swift:266:15:266:16 | ...? :  | test.swift:266:15:266:25 | call to signum() :  |
-| test.swift:266:15:266:25 | call to signum() :  | test.swift:266:15:266:25 | OptionalEvaluationExpr |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:265:15:265:15 | x |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:267:15:267:16 | ...! |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:271:15:271:16 | ...? :  |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:274:15:274:20 | ... ??(_:_:) ... |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:275:15:275:27 | ... ??(_:_:) ... |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:279:15:279:31 | ... ? ... : ... |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:270:15:270:22 | call to source() :  | file://:0:0:0:0 | [summary param] this in signum() :  |
+| test.swift:270:15:270:22 | call to source() :  | test.swift:270:15:270:31 | call to signum() |
+| test.swift:271:15:271:16 | ...? :  | file://:0:0:0:0 | [summary param] this in signum() :  |
+| test.swift:271:15:271:16 | ...? :  | test.swift:271:15:271:25 | call to signum() :  |
+| test.swift:271:15:271:25 | call to signum() :  | test.swift:271:15:271:25 | OptionalEvaluationExpr |
+| test.swift:280:31:280:38 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() :  | test.swift:282:15:282:38 | ... ? ... : ... |
+| test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  | test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  |
+| test.swift:302:18:302:25 | call to source() :  | test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  |
+| test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  | test.swift:306:15:306:18 | .1 |
+| test.swift:314:5:314:5 | [post] t1 [Tuple element at index 0] :  | test.swift:317:15:317:15 | t1 [Tuple element at index 0] :  |
+| test.swift:314:12:314:19 | call to source() :  | test.swift:314:5:314:5 | [post] t1 [Tuple element at index 0] :  |
+| test.swift:317:15:317:15 | t1 [Tuple element at index 0] :  | test.swift:317:15:317:18 | .0 |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 0] :  | test.swift:327:15:327:15 | t1 [Tuple element at index 0] :  |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 0] :  | test.swift:331:15:331:15 | t2 [Tuple element at index 0] :  |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 1] :  | test.swift:328:15:328:15 | t1 [Tuple element at index 1] :  |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 1] :  | test.swift:332:15:332:15 | t2 [Tuple element at index 1] :  |
+| test.swift:322:18:322:25 | call to source() :  | test.swift:322:14:322:45 | (...) [Tuple element at index 0] :  |
+| test.swift:322:31:322:38 | call to source() :  | test.swift:322:14:322:45 | (...) [Tuple element at index 1] :  |
+| test.swift:327:15:327:15 | t1 [Tuple element at index 0] :  | test.swift:327:15:327:18 | .0 |
+| test.swift:328:15:328:15 | t1 [Tuple element at index 1] :  | test.swift:328:15:328:18 | .1 |
+| test.swift:331:15:331:15 | t2 [Tuple element at index 0] :  | test.swift:331:15:331:18 | .0 |
+| test.swift:332:15:332:15 | t2 [Tuple element at index 1] :  | test.swift:332:15:332:18 | .1 |
 nodes
 | file://:0:0:0:0 | .a [x] :  | semmle.label | .a [x] :  |
 | file://:0:0:0:0 | .x :  | semmle.label | .x :  |
@@ -221,12 +244,40 @@ nodes
 | test.swift:238:13:238:15 | .source_value | semmle.label | .source_value |
 | test.swift:259:12:259:19 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:263:13:263:28 | call to optionalSource() :  | semmle.label | call to optionalSource() :  |
-| test.swift:264:15:264:16 | ...! | semmle.label | ...! |
-| test.swift:265:15:265:22 | call to source() :  | semmle.label | call to source() :  |
-| test.swift:265:15:265:31 | call to signum() | semmle.label | call to signum() |
-| test.swift:266:15:266:16 | ...? :  | semmle.label | ...? :  |
-| test.swift:266:15:266:25 | OptionalEvaluationExpr | semmle.label | OptionalEvaluationExpr |
-| test.swift:266:15:266:25 | call to signum() :  | semmle.label | call to signum() :  |
+| test.swift:265:15:265:15 | x | semmle.label | x |
+| test.swift:267:15:267:16 | ...! | semmle.label | ...! |
+| test.swift:270:15:270:22 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:270:15:270:31 | call to signum() | semmle.label | call to signum() |
+| test.swift:271:15:271:16 | ...? :  | semmle.label | ...? :  |
+| test.swift:271:15:271:25 | OptionalEvaluationExpr | semmle.label | OptionalEvaluationExpr |
+| test.swift:271:15:271:25 | call to signum() :  | semmle.label | call to signum() :  |
+| test.swift:274:15:274:20 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
+| test.swift:275:15:275:27 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
+| test.swift:279:15:279:31 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:280:15:280:38 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:280:31:280:38 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:282:15:282:38 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  | semmle.label | (...) [Tuple element at index 1] :  |
+| test.swift:302:18:302:25 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  | semmle.label | t1 [Tuple element at index 1] :  |
+| test.swift:306:15:306:18 | .1 | semmle.label | .1 |
+| test.swift:314:5:314:5 | [post] t1 [Tuple element at index 0] :  | semmle.label | [post] t1 [Tuple element at index 0] :  |
+| test.swift:314:12:314:19 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:317:15:317:15 | t1 [Tuple element at index 0] :  | semmle.label | t1 [Tuple element at index 0] :  |
+| test.swift:317:15:317:18 | .0 | semmle.label | .0 |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 0] :  | semmle.label | (...) [Tuple element at index 0] :  |
+| test.swift:322:14:322:45 | (...) [Tuple element at index 1] :  | semmle.label | (...) [Tuple element at index 1] :  |
+| test.swift:322:18:322:25 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:322:31:322:38 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:327:15:327:15 | t1 [Tuple element at index 0] :  | semmle.label | t1 [Tuple element at index 0] :  |
+| test.swift:327:15:327:18 | .0 | semmle.label | .0 |
+| test.swift:328:15:328:15 | t1 [Tuple element at index 1] :  | semmle.label | t1 [Tuple element at index 1] :  |
+| test.swift:328:15:328:18 | .1 | semmle.label | .1 |
+| test.swift:331:15:331:15 | t2 [Tuple element at index 0] :  | semmle.label | t2 [Tuple element at index 0] :  |
+| test.swift:331:15:331:18 | .0 | semmle.label | .0 |
+| test.swift:332:15:332:15 | t2 [Tuple element at index 1] :  | semmle.label | t2 [Tuple element at index 1] :  |
+| test.swift:332:15:332:18 | .1 | semmle.label | .1 |
 subpaths
 | test.swift:75:21:75:22 | &... :  | test.swift:65:16:65:28 | arg1 :  | test.swift:65:1:70:1 | arg2[return] :  | test.swift:75:31:75:32 | [post] &... :  |
 | test.swift:114:19:114:19 | arg :  | test.swift:109:9:109:14 | arg :  | test.swift:110:12:110:12 | arg :  | test.swift:114:12:114:22 | call to ... :  |
@@ -253,8 +304,8 @@ subpaths
 | test.swift:218:11:218:18 | call to source() :  | test.swift:169:12:169:22 | value :  | test.swift:170:5:170:5 | [post] self [x] :  | test.swift:218:3:218:5 | [post] getter for .a [x] :  |
 | test.swift:219:13:219:13 | b [a, x] :  | test.swift:185:7:185:7 | self [a, x] :  | file://:0:0:0:0 | .a [x] :  | test.swift:219:13:219:15 | .a [x] :  |
 | test.swift:219:13:219:15 | .a [x] :  | test.swift:163:7:163:7 | self [x] :  | file://:0:0:0:0 | .x :  | test.swift:219:13:219:17 | .x |
-| test.swift:265:15:265:22 | call to source() :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:265:15:265:31 | call to signum() |
-| test.swift:266:15:266:16 | ...? :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:266:15:266:25 | call to signum() :  |
+| test.swift:270:15:270:22 | call to source() :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:270:15:270:31 | call to signum() |
+| test.swift:271:15:271:16 | ...? :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:271:15:271:25 | call to signum() :  |
 #select
 | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:7:15:7:15 | t1 | result |
 | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:9:15:9:15 | t1 | result |
@@ -284,6 +335,19 @@ subpaths
 | test.swift:219:13:219:17 | .x | test.swift:218:11:218:18 | call to source() :  | test.swift:219:13:219:17 | .x | result |
 | test.swift:235:13:235:15 | .source_value | test.swift:225:14:225:21 | call to source() :  | test.swift:235:13:235:15 | .source_value | result |
 | test.swift:238:13:238:15 | .source_value | test.swift:225:14:225:21 | call to source() :  | test.swift:238:13:238:15 | .source_value | result |
-| test.swift:264:15:264:16 | ...! | test.swift:259:12:259:19 | call to source() :  | test.swift:264:15:264:16 | ...! | result |
-| test.swift:265:15:265:31 | call to signum() | test.swift:265:15:265:22 | call to source() :  | test.swift:265:15:265:31 | call to signum() | result |
-| test.swift:266:15:266:25 | OptionalEvaluationExpr | test.swift:259:12:259:19 | call to source() :  | test.swift:266:15:266:25 | OptionalEvaluationExpr | result |
+| test.swift:265:15:265:15 | x | test.swift:259:12:259:19 | call to source() :  | test.swift:265:15:265:15 | x | result |
+| test.swift:267:15:267:16 | ...! | test.swift:259:12:259:19 | call to source() :  | test.swift:267:15:267:16 | ...! | result |
+| test.swift:270:15:270:31 | call to signum() | test.swift:270:15:270:22 | call to source() :  | test.swift:270:15:270:31 | call to signum() | result |
+| test.swift:271:15:271:25 | OptionalEvaluationExpr | test.swift:259:12:259:19 | call to source() :  | test.swift:271:15:271:25 | OptionalEvaluationExpr | result |
+| test.swift:274:15:274:20 | ... ??(_:_:) ... | test.swift:259:12:259:19 | call to source() :  | test.swift:274:15:274:20 | ... ??(_:_:) ... | result |
+| test.swift:275:15:275:27 | ... ??(_:_:) ... | test.swift:259:12:259:19 | call to source() :  | test.swift:275:15:275:27 | ... ??(_:_:) ... | result |
+| test.swift:279:15:279:31 | ... ? ... : ... | test.swift:259:12:259:19 | call to source() :  | test.swift:279:15:279:31 | ... ? ... : ... | result |
+| test.swift:280:15:280:38 | ... ? ... : ... | test.swift:259:12:259:19 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... | result |
+| test.swift:280:15:280:38 | ... ? ... : ... | test.swift:280:31:280:38 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... | result |
+| test.swift:282:15:282:38 | ... ? ... : ... | test.swift:282:31:282:38 | call to source() :  | test.swift:282:15:282:38 | ... ? ... : ... | result |
+| test.swift:306:15:306:18 | .1 | test.swift:302:18:302:25 | call to source() :  | test.swift:306:15:306:18 | .1 | result |
+| test.swift:317:15:317:18 | .0 | test.swift:314:12:314:19 | call to source() :  | test.swift:317:15:317:18 | .0 | result |
+| test.swift:327:15:327:18 | .0 | test.swift:322:18:322:25 | call to source() :  | test.swift:327:15:327:18 | .0 | result |
+| test.swift:328:15:328:18 | .1 | test.swift:322:31:322:38 | call to source() :  | test.swift:328:15:328:18 | .1 | result |
+| test.swift:331:15:331:18 | .0 | test.swift:322:18:322:25 | call to source() :  | test.swift:331:15:331:18 | .0 | result |
+| test.swift:332:15:332:18 | .1 | test.swift:322:31:322:38 | call to source() :  | test.swift:332:15:332:18 | .1 | result |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
index b0e95ee6946..b16a93e97b3 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -1,194 +1,290 @@
-| test.swift:6:9:6:13 | WriteDef | test.swift:7:15:7:15 | t1 |
-| test.swift:6:19:6:26 | call to source() | test.swift:6:9:6:13 | WriteDef |
+| test.swift:6:9:6:13 | SSA def(t1) | test.swift:7:15:7:15 | t1 |
+| test.swift:6:19:6:26 | call to source() | test.swift:6:9:6:13 | SSA def(t1) |
+| test.swift:7:15:7:15 | [post] t1 | test.swift:8:10:8:10 | t1 |
 | test.swift:7:15:7:15 | t1 | test.swift:8:10:8:10 | t1 |
-| test.swift:8:5:8:10 | WriteDef | test.swift:10:15:10:15 | t2 |
-| test.swift:8:10:8:10 | t1 | test.swift:8:5:8:10 | WriteDef |
+| test.swift:8:5:8:10 | SSA def(t2) | test.swift:10:15:10:15 | t2 |
+| test.swift:8:10:8:10 | t1 | test.swift:8:5:8:10 | SSA def(t2) |
 | test.swift:8:10:8:10 | t1 | test.swift:9:15:9:15 | t1 |
+| test.swift:9:15:9:15 | [post] t1 | test.swift:11:8:11:8 | t1 |
 | test.swift:9:15:9:15 | t1 | test.swift:11:8:11:8 | t1 |
-| test.swift:12:9:12:14 | WriteDef | test.swift:13:19:13:19 | t2 |
-| test.swift:12:14:12:14 | 0 | test.swift:12:9:12:14 | WriteDef |
-| test.swift:15:5:15:5 | Phi | test.swift:15:15:15:15 | t2 |
-| test.swift:17:5:17:10 | WriteDef | test.swift:21:15:21:15 | t1 |
-| test.swift:17:10:17:10 | 0 | test.swift:17:5:17:10 | WriteDef |
-| test.swift:29:18:29:21 | WriteDef | test.swift:30:15:30:15 | x |
-| test.swift:29:18:29:21 | x | test.swift:29:18:29:21 | WriteDef |
-| test.swift:29:26:29:29 | WriteDef | test.swift:31:15:31:15 | y |
-| test.swift:29:26:29:29 | y | test.swift:29:26:29:29 | WriteDef |
-| test.swift:42:16:42:19 | WriteDef | test.swift:45:8:45:8 | b |
-| test.swift:42:16:42:19 | b | test.swift:42:16:42:19 | WriteDef |
-| test.swift:43:9:43:13 | WriteDef | test.swift:46:13:46:13 | t1 |
-| test.swift:43:19:43:26 | call to source() | test.swift:43:9:43:13 | WriteDef |
-| test.swift:46:9:46:13 | WriteDef | test.swift:50:5:50:5 | Phi |
-| test.swift:46:13:46:13 | t1 | test.swift:46:9:46:13 | WriteDef |
-| test.swift:48:9:48:13 | WriteDef | test.swift:50:5:50:5 | Phi |
-| test.swift:48:13:48:13 | 1 | test.swift:48:9:48:13 | WriteDef |
-| test.swift:50:5:50:5 | Phi | test.swift:50:15:50:15 | t |
-| test.swift:54:5:54:18 | WriteDef | test.swift:53:1:56:1 | arg[return] |
-| test.swift:54:11:54:18 | call to source() | test.swift:54:5:54:18 | WriteDef |
-| test.swift:59:9:59:12 | WriteDef | test.swift:60:15:60:15 | x |
-| test.swift:59:18:59:18 | 0 | test.swift:59:9:59:12 | WriteDef |
+| test.swift:12:9:12:14 | SSA def(t2) | test.swift:13:19:13:19 | t2 |
+| test.swift:12:14:12:14 | 0 | test.swift:12:9:12:14 | SSA def(t2) |
+| test.swift:15:5:15:5 | SSA phi(t2) | test.swift:15:15:15:15 | t2 |
+| test.swift:17:5:17:10 | SSA def(t1) | test.swift:21:15:21:15 | t1 |
+| test.swift:17:10:17:10 | 0 | test.swift:17:5:17:10 | SSA def(t1) |
+| test.swift:29:18:29:21 | SSA def(x) | test.swift:30:15:30:15 | x |
+| test.swift:29:18:29:21 | x | test.swift:29:18:29:21 | SSA def(x) |
+| test.swift:29:26:29:29 | SSA def(y) | test.swift:31:15:31:15 | y |
+| test.swift:29:26:29:29 | y | test.swift:29:26:29:29 | SSA def(y) |
+| test.swift:42:16:42:19 | SSA def(b) | test.swift:45:8:45:8 | b |
+| test.swift:42:16:42:19 | b | test.swift:42:16:42:19 | SSA def(b) |
+| test.swift:43:9:43:13 | SSA def(t1) | test.swift:46:13:46:13 | t1 |
+| test.swift:43:19:43:26 | call to source() | test.swift:43:9:43:13 | SSA def(t1) |
+| test.swift:46:9:46:13 | SSA def(t) | test.swift:50:5:50:5 | SSA phi(t) |
+| test.swift:46:13:46:13 | t1 | test.swift:46:9:46:13 | SSA def(t) |
+| test.swift:48:9:48:13 | SSA def(t) | test.swift:50:5:50:5 | SSA phi(t) |
+| test.swift:48:13:48:13 | 1 | test.swift:48:9:48:13 | SSA def(t) |
+| test.swift:50:5:50:5 | SSA phi(t) | test.swift:50:15:50:15 | t |
+| test.swift:54:5:54:18 | SSA def(arg) | test.swift:53:1:56:1 | arg[return] |
+| test.swift:54:11:54:18 | call to source() | test.swift:54:5:54:18 | SSA def(arg) |
+| test.swift:59:9:59:12 | SSA def(x) | test.swift:60:15:60:15 | x |
+| test.swift:59:18:59:18 | 0 | test.swift:59:9:59:12 | SSA def(x) |
+| test.swift:60:15:60:15 | [post] x | test.swift:61:23:61:23 | x |
 | test.swift:60:15:60:15 | x | test.swift:61:23:61:23 | x |
 | test.swift:61:22:61:23 | &... | test.swift:62:15:62:15 | x |
 | test.swift:61:22:61:23 | [post] &... | test.swift:62:15:62:15 | x |
 | test.swift:61:23:61:23 | x | test.swift:61:22:61:23 | &... |
-| test.swift:65:16:65:28 | WriteDef | test.swift:66:21:66:21 | arg1 |
-| test.swift:65:16:65:28 | arg1 | test.swift:65:16:65:28 | WriteDef |
-| test.swift:65:33:65:45 | WriteDef | test.swift:67:12:67:12 | arg2 |
-| test.swift:65:33:65:45 | arg2 | test.swift:65:33:65:45 | WriteDef |
-| test.swift:66:9:66:15 | WriteDef | test.swift:68:12:68:12 | temp |
-| test.swift:66:21:66:21 | arg1 | test.swift:66:9:66:15 | WriteDef |
-| test.swift:67:5:67:12 | WriteDef | test.swift:65:1:70:1 | arg1[return] |
-| test.swift:67:12:67:12 | arg2 | test.swift:67:5:67:12 | WriteDef |
-| test.swift:68:5:68:12 | WriteDef | test.swift:65:1:70:1 | arg2[return] |
-| test.swift:68:12:68:12 | temp | test.swift:68:5:68:12 | WriteDef |
-| test.swift:73:9:73:12 | WriteDef | test.swift:75:22:75:22 | x |
-| test.swift:73:18:73:25 | call to source() | test.swift:73:9:73:12 | WriteDef |
-| test.swift:74:9:74:12 | WriteDef | test.swift:75:32:75:32 | y |
-| test.swift:74:18:74:18 | 0 | test.swift:74:9:74:12 | WriteDef |
+| test.swift:65:16:65:28 | SSA def(arg1) | test.swift:66:21:66:21 | arg1 |
+| test.swift:65:16:65:28 | arg1 | test.swift:65:16:65:28 | SSA def(arg1) |
+| test.swift:65:33:65:45 | SSA def(arg2) | test.swift:67:12:67:12 | arg2 |
+| test.swift:65:33:65:45 | arg2 | test.swift:65:33:65:45 | SSA def(arg2) |
+| test.swift:66:9:66:15 | SSA def(temp) | test.swift:68:12:68:12 | temp |
+| test.swift:66:21:66:21 | arg1 | test.swift:66:9:66:15 | SSA def(temp) |
+| test.swift:67:5:67:12 | SSA def(arg1) | test.swift:65:1:70:1 | arg1[return] |
+| test.swift:67:12:67:12 | arg2 | test.swift:67:5:67:12 | SSA def(arg1) |
+| test.swift:68:5:68:12 | SSA def(arg2) | test.swift:65:1:70:1 | arg2[return] |
+| test.swift:68:12:68:12 | temp | test.swift:68:5:68:12 | SSA def(arg2) |
+| test.swift:73:9:73:12 | SSA def(x) | test.swift:75:22:75:22 | x |
+| test.swift:73:18:73:25 | call to source() | test.swift:73:9:73:12 | SSA def(x) |
+| test.swift:74:9:74:12 | SSA def(y) | test.swift:75:32:75:32 | y |
+| test.swift:74:18:74:18 | 0 | test.swift:74:9:74:12 | SSA def(y) |
 | test.swift:75:21:75:22 | &... | test.swift:76:15:76:15 | x |
 | test.swift:75:21:75:22 | [post] &... | test.swift:76:15:76:15 | x |
 | test.swift:75:22:75:22 | x | test.swift:75:21:75:22 | &... |
 | test.swift:75:31:75:32 | &... | test.swift:77:15:77:15 | y |
 | test.swift:75:31:75:32 | [post] &... | test.swift:77:15:77:15 | y |
 | test.swift:75:32:75:32 | y | test.swift:75:31:75:32 | &... |
-| test.swift:81:5:81:18 | WriteDef | test.swift:80:1:82:1 | arg[return] |
-| test.swift:81:11:81:18 | call to source() | test.swift:81:5:81:18 | WriteDef |
-| test.swift:84:1:91:1 | Phi | test.swift:84:1:91:1 | arg[return] |
-| test.swift:84:48:84:54 | WriteDef | test.swift:85:8:85:8 | bool |
-| test.swift:84:48:84:54 | bool | test.swift:84:48:84:54 | WriteDef |
-| test.swift:86:9:86:22 | WriteDef | test.swift:84:1:91:1 | Phi |
-| test.swift:86:15:86:22 | call to source() | test.swift:86:9:86:22 | WriteDef |
-| test.swift:89:9:89:22 | WriteDef | test.swift:84:1:91:1 | Phi |
-| test.swift:89:15:89:22 | call to source() | test.swift:89:9:89:22 | WriteDef |
-| test.swift:93:17:93:23 | WriteDef | test.swift:104:50:104:50 | bool |
-| test.swift:93:17:93:23 | bool | test.swift:93:17:93:23 | WriteDef |
-| test.swift:95:13:95:16 | WriteDef | test.swift:96:19:96:19 | x |
-| test.swift:95:22:95:22 | 0 | test.swift:95:13:95:16 | WriteDef |
+| test.swift:81:5:81:18 | SSA def(arg) | test.swift:80:1:82:1 | arg[return] |
+| test.swift:81:11:81:18 | call to source() | test.swift:81:5:81:18 | SSA def(arg) |
+| test.swift:84:1:91:1 | SSA phi(arg) | test.swift:84:1:91:1 | arg[return] |
+| test.swift:84:48:84:54 | SSA def(bool) | test.swift:85:8:85:8 | bool |
+| test.swift:84:48:84:54 | bool | test.swift:84:48:84:54 | SSA def(bool) |
+| test.swift:86:9:86:22 | SSA def(arg) | test.swift:84:1:91:1 | SSA phi(arg) |
+| test.swift:86:15:86:22 | call to source() | test.swift:86:9:86:22 | SSA def(arg) |
+| test.swift:89:9:89:22 | SSA def(arg) | test.swift:84:1:91:1 | SSA phi(arg) |
+| test.swift:89:15:89:22 | call to source() | test.swift:89:9:89:22 | SSA def(arg) |
+| test.swift:93:17:93:23 | SSA def(bool) | test.swift:104:50:104:50 | bool |
+| test.swift:93:17:93:23 | bool | test.swift:93:17:93:23 | SSA def(bool) |
+| test.swift:95:13:95:16 | SSA def(x) | test.swift:96:19:96:19 | x |
+| test.swift:95:22:95:22 | 0 | test.swift:95:13:95:16 | SSA def(x) |
+| test.swift:96:19:96:19 | [post] x | test.swift:97:40:97:40 | x |
 | test.swift:96:19:96:19 | x | test.swift:97:40:97:40 | x |
 | test.swift:97:39:97:40 | &... | test.swift:98:19:98:19 | x |
 | test.swift:97:39:97:40 | [post] &... | test.swift:98:19:98:19 | x |
 | test.swift:97:40:97:40 | x | test.swift:97:39:97:40 | &... |
-| test.swift:102:13:102:16 | WriteDef | test.swift:103:19:103:19 | x |
-| test.swift:102:22:102:22 | 0 | test.swift:102:13:102:16 | WriteDef |
+| test.swift:102:13:102:16 | SSA def(x) | test.swift:103:19:103:19 | x |
+| test.swift:102:22:102:22 | 0 | test.swift:102:13:102:16 | SSA def(x) |
+| test.swift:103:19:103:19 | [post] x | test.swift:104:41:104:41 | x |
 | test.swift:103:19:103:19 | x | test.swift:104:41:104:41 | x |
 | test.swift:104:40:104:41 | &... | test.swift:105:19:105:19 | x |
 | test.swift:104:40:104:41 | [post] &... | test.swift:105:19:105:19 | x |
 | test.swift:104:41:104:41 | x | test.swift:104:40:104:41 | &... |
-| test.swift:109:9:109:14 | WriteDef | test.swift:110:12:110:12 | arg |
-| test.swift:109:9:109:14 | arg | test.swift:109:9:109:14 | WriteDef |
-| test.swift:113:14:113:19 | WriteDef | test.swift:114:19:114:19 | arg |
-| test.swift:113:14:113:19 | arg | test.swift:113:14:113:19 | WriteDef |
-| test.swift:113:24:113:41 | WriteDef | test.swift:114:12:114:12 | lambda |
-| test.swift:113:24:113:41 | lambda | test.swift:113:24:113:41 | WriteDef |
-| test.swift:118:9:118:12 | WriteDef | test.swift:119:31:119:31 | x |
-| test.swift:118:18:118:25 | call to source() | test.swift:118:9:118:12 | WriteDef |
-| test.swift:119:9:119:12 | WriteDef | test.swift:120:15:120:15 | y |
-| test.swift:119:18:119:44 | call to forward(arg:lambda:) | test.swift:119:9:119:12 | WriteDef |
-| test.swift:122:9:122:12 | WriteDef | test.swift:126:15:126:15 | z |
-| test.swift:122:18:125:6 | call to forward(arg:lambda:) | test.swift:122:9:122:12 | WriteDef |
-| test.swift:123:10:123:13 | WriteDef | test.swift:124:16:124:16 | i |
-| test.swift:123:10:123:13 | i | test.swift:123:10:123:13 | WriteDef |
-| test.swift:128:9:128:16 | WriteDef | test.swift:132:15:132:15 | clean |
-| test.swift:128:22:131:6 | call to forward(arg:lambda:) | test.swift:128:9:128:16 | WriteDef |
-| test.swift:141:9:141:9 | WriteDef | test.swift:145:15:145:15 | lambda2 |
-| test.swift:141:19:144:5 | { ... } | test.swift:141:9:141:9 | WriteDef |
-| test.swift:142:10:142:13 | WriteDef | test.swift:143:16:143:16 | i |
-| test.swift:142:10:142:13 | i | test.swift:142:10:142:13 | WriteDef |
-| test.swift:147:9:147:9 | WriteDef | test.swift:151:15:151:15 | lambdaSource |
-| test.swift:147:24:150:5 | { ... } | test.swift:147:9:147:9 | WriteDef |
+| test.swift:109:9:109:14 | SSA def(arg) | test.swift:110:12:110:12 | arg |
+| test.swift:109:9:109:14 | arg | test.swift:109:9:109:14 | SSA def(arg) |
+| test.swift:113:14:113:19 | SSA def(arg) | test.swift:114:19:114:19 | arg |
+| test.swift:113:14:113:19 | arg | test.swift:113:14:113:19 | SSA def(arg) |
+| test.swift:113:24:113:41 | SSA def(lambda) | test.swift:114:12:114:12 | lambda |
+| test.swift:113:24:113:41 | lambda | test.swift:113:24:113:41 | SSA def(lambda) |
+| test.swift:118:9:118:12 | SSA def(x) | test.swift:119:31:119:31 | x |
+| test.swift:118:18:118:25 | call to source() | test.swift:118:9:118:12 | SSA def(x) |
+| test.swift:119:9:119:12 | SSA def(y) | test.swift:120:15:120:15 | y |
+| test.swift:119:18:119:44 | call to forward(arg:lambda:) | test.swift:119:9:119:12 | SSA def(y) |
+| test.swift:122:9:122:12 | SSA def(z) | test.swift:126:15:126:15 | z |
+| test.swift:122:18:125:6 | call to forward(arg:lambda:) | test.swift:122:9:122:12 | SSA def(z) |
+| test.swift:123:10:123:13 | SSA def(i) | test.swift:124:16:124:16 | i |
+| test.swift:123:10:123:13 | i | test.swift:123:10:123:13 | SSA def(i) |
+| test.swift:128:9:128:16 | SSA def(clean) | test.swift:132:15:132:15 | clean |
+| test.swift:128:22:131:6 | call to forward(arg:lambda:) | test.swift:128:9:128:16 | SSA def(clean) |
+| test.swift:141:9:141:9 | SSA def(lambda2) | test.swift:145:15:145:15 | lambda2 |
+| test.swift:141:19:144:5 | { ... } | test.swift:141:9:141:9 | SSA def(lambda2) |
+| test.swift:142:10:142:13 | SSA def(i) | test.swift:143:16:143:16 | i |
+| test.swift:142:10:142:13 | i | test.swift:142:10:142:13 | SSA def(i) |
+| test.swift:147:9:147:9 | SSA def(lambdaSource) | test.swift:151:15:151:15 | lambdaSource |
+| test.swift:147:24:150:5 | { ... } | test.swift:147:9:147:9 | SSA def(lambdaSource) |
 | test.swift:151:15:151:15 | lambdaSource | test.swift:159:16:159:16 | lambdaSource |
-| test.swift:153:9:153:9 | WriteDef | test.swift:157:5:157:5 | lambdaSink |
-| test.swift:153:22:156:5 | { ... } | test.swift:153:9:153:9 | WriteDef |
-| test.swift:154:10:154:13 | WriteDef | test.swift:155:19:155:19 | i |
-| test.swift:154:10:154:13 | i | test.swift:154:10:154:13 | WriteDef |
+| test.swift:153:9:153:9 | SSA def(lambdaSink) | test.swift:157:5:157:5 | lambdaSink |
+| test.swift:153:22:156:5 | { ... } | test.swift:153:9:153:9 | SSA def(lambdaSink) |
+| test.swift:154:10:154:13 | SSA def(i) | test.swift:155:19:155:19 | i |
+| test.swift:154:10:154:13 | i | test.swift:154:10:154:13 | SSA def(i) |
 | test.swift:157:5:157:5 | lambdaSink | test.swift:159:5:159:5 | lambdaSink |
-| test.swift:162:7:162:7 | WriteDef | test.swift:162:7:162:7 | self[return] |
-| test.swift:162:7:162:7 | self | test.swift:162:7:162:7 | WriteDef |
-| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | WriteDef |
-| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | WriteDef |
-| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | WriteDef |
-| test.swift:163:7:163:7 | value | test.swift:163:7:163:7 | WriteDef |
-| test.swift:165:3:165:3 | WriteDef | test.swift:166:5:166:5 | self |
-| test.swift:165:3:165:3 | self | test.swift:165:3:165:3 | WriteDef |
+| test.swift:162:7:162:7 | SSA def(self) | test.swift:162:7:162:7 | self[return] |
+| test.swift:162:7:162:7 | self | test.swift:162:7:162:7 | SSA def(self) |
+| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | SSA def(self) |
+| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | SSA def(self) |
+| test.swift:163:7:163:7 | self | test.swift:163:7:163:7 | SSA def(self) |
+| test.swift:163:7:163:7 | value | test.swift:163:7:163:7 | SSA def(value) |
+| test.swift:165:3:165:3 | SSA def(self) | test.swift:166:5:166:5 | self |
+| test.swift:165:3:165:3 | self | test.swift:165:3:165:3 | SSA def(self) |
 | test.swift:166:5:166:5 | [post] self | test.swift:165:3:167:3 | self[return] |
 | test.swift:166:5:166:5 | self | test.swift:165:3:167:3 | self[return] |
-| test.swift:169:8:169:8 | WriteDef | test.swift:170:5:170:5 | self |
-| test.swift:169:8:169:8 | self | test.swift:169:8:169:8 | WriteDef |
-| test.swift:169:12:169:22 | WriteDef | test.swift:170:9:170:9 | value |
-| test.swift:169:12:169:22 | value | test.swift:169:12:169:22 | WriteDef |
+| test.swift:169:8:169:8 | SSA def(self) | test.swift:170:5:170:5 | self |
+| test.swift:169:8:169:8 | self | test.swift:169:8:169:8 | SSA def(self) |
+| test.swift:169:12:169:22 | SSA def(value) | test.swift:170:9:170:9 | value |
+| test.swift:169:12:169:22 | value | test.swift:169:12:169:22 | SSA def(value) |
 | test.swift:170:5:170:5 | [post] self | test.swift:169:3:171:3 | self[return] |
 | test.swift:170:5:170:5 | self | test.swift:169:3:171:3 | self[return] |
-| test.swift:173:8:173:8 | WriteDef | test.swift:174:12:174:12 | self |
-| test.swift:173:8:173:8 | self | test.swift:173:8:173:8 | WriteDef |
+| test.swift:173:8:173:8 | SSA def(self) | test.swift:174:12:174:12 | self |
+| test.swift:173:8:173:8 | self | test.swift:173:8:173:8 | SSA def(self) |
 | test.swift:174:12:174:12 | [post] self | test.swift:173:3:175:3 | self[return] |
 | test.swift:174:12:174:12 | self | test.swift:173:3:175:3 | self[return] |
-| test.swift:179:7:179:7 | WriteDef | test.swift:180:3:180:3 | a |
-| test.swift:179:11:179:13 | call to init() | test.swift:179:7:179:7 | WriteDef |
+| test.swift:179:7:179:7 | SSA def(a) | test.swift:180:3:180:3 | a |
+| test.swift:179:11:179:13 | call to init() | test.swift:179:7:179:7 | SSA def(a) |
 | test.swift:180:3:180:3 | [post] a | test.swift:181:13:181:13 | a |
 | test.swift:180:3:180:3 | a | test.swift:181:13:181:13 | a |
-| test.swift:184:7:184:7 | WriteDef | test.swift:184:7:184:7 | self[return] |
-| test.swift:184:7:184:7 | self | test.swift:184:7:184:7 | WriteDef |
-| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | WriteDef |
-| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | WriteDef |
-| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | WriteDef |
-| test.swift:185:7:185:7 | value | test.swift:185:7:185:7 | WriteDef |
-| test.swift:187:3:187:3 | WriteDef | test.swift:188:5:188:5 | self |
-| test.swift:187:3:187:3 | self | test.swift:187:3:187:3 | WriteDef |
+| test.swift:184:7:184:7 | SSA def(self) | test.swift:184:7:184:7 | self[return] |
+| test.swift:184:7:184:7 | self | test.swift:184:7:184:7 | SSA def(self) |
+| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | SSA def(self) |
+| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | SSA def(self) |
+| test.swift:185:7:185:7 | self | test.swift:185:7:185:7 | SSA def(self) |
+| test.swift:185:7:185:7 | value | test.swift:185:7:185:7 | SSA def(value) |
+| test.swift:187:3:187:3 | SSA def(self) | test.swift:188:5:188:5 | self |
+| test.swift:187:3:187:3 | self | test.swift:187:3:187:3 | SSA def(self) |
 | test.swift:188:5:188:5 | [post] self | test.swift:187:3:189:3 | self[return] |
 | test.swift:188:5:188:5 | self | test.swift:187:3:189:3 | self[return] |
-| test.swift:193:7:193:7 | WriteDef | test.swift:194:3:194:3 | b |
-| test.swift:193:11:193:13 | call to init() | test.swift:193:7:193:7 | WriteDef |
+| test.swift:193:7:193:7 | SSA def(b) | test.swift:194:3:194:3 | b |
+| test.swift:193:11:193:13 | call to init() | test.swift:193:7:193:7 | SSA def(b) |
 | test.swift:194:3:194:3 | [post] b | test.swift:195:13:195:13 | b |
 | test.swift:194:3:194:3 | b | test.swift:195:13:195:13 | b |
-| test.swift:199:7:199:7 | WriteDef | test.swift:200:3:200:3 | a |
-| test.swift:199:11:199:13 | call to init() | test.swift:199:7:199:7 | WriteDef |
+| test.swift:199:7:199:7 | SSA def(a) | test.swift:200:3:200:3 | a |
+| test.swift:199:11:199:13 | call to init() | test.swift:199:7:199:7 | SSA def(a) |
 | test.swift:200:3:200:3 | [post] a | test.swift:201:13:201:13 | a |
 | test.swift:200:3:200:3 | a | test.swift:201:13:201:13 | a |
-| test.swift:205:7:205:7 | WriteDef | test.swift:206:3:206:3 | a |
-| test.swift:205:11:205:13 | call to init() | test.swift:205:7:205:7 | WriteDef |
+| test.swift:205:7:205:7 | SSA def(a) | test.swift:206:3:206:3 | a |
+| test.swift:205:11:205:13 | call to init() | test.swift:205:7:205:7 | SSA def(a) |
 | test.swift:206:3:206:3 | [post] a | test.swift:207:13:207:13 | a |
 | test.swift:206:3:206:3 | a | test.swift:207:13:207:13 | a |
-| test.swift:211:7:211:7 | WriteDef | test.swift:212:3:212:3 | a |
-| test.swift:211:11:211:13 | call to init() | test.swift:211:7:211:7 | WriteDef |
+| test.swift:211:7:211:7 | SSA def(a) | test.swift:212:3:212:3 | a |
+| test.swift:211:11:211:13 | call to init() | test.swift:211:7:211:7 | SSA def(a) |
 | test.swift:212:3:212:3 | [post] a | test.swift:213:13:213:13 | a |
 | test.swift:212:3:212:3 | a | test.swift:213:13:213:13 | a |
-| test.swift:217:7:217:7 | WriteDef | test.swift:218:3:218:3 | b |
-| test.swift:217:11:217:13 | call to init() | test.swift:217:7:217:7 | WriteDef |
+| test.swift:217:7:217:7 | SSA def(b) | test.swift:218:3:218:3 | b |
+| test.swift:217:11:217:13 | call to init() | test.swift:217:7:217:7 | SSA def(b) |
 | test.swift:218:3:218:3 | [post] b | test.swift:219:13:219:13 | b |
 | test.swift:218:3:218:3 | b | test.swift:219:13:219:13 | b |
-| test.swift:222:7:222:7 | WriteDef | test.swift:222:7:222:7 | self[return] |
-| test.swift:222:7:222:7 | WriteDef | test.swift:222:7:222:7 | self[return] |
-| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | WriteDef |
-| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | WriteDef |
-| test.swift:223:7:223:7 | self | test.swift:223:7:223:7 | WriteDef |
-| test.swift:224:5:224:5 | WriteDef | test.swift:224:5:226:5 | self[return] |
-| test.swift:224:5:224:5 | self | test.swift:224:5:224:5 | WriteDef |
-| test.swift:227:5:227:5 | WriteDef | test.swift:227:5:229:5 | self[return] |
-| test.swift:227:5:227:5 | self | test.swift:227:5:227:5 | WriteDef |
-| test.swift:234:7:234:7 | WriteDef | test.swift:235:13:235:13 | a |
-| test.swift:234:11:234:31 | call to init() | test.swift:234:7:234:7 | WriteDef |
+| test.swift:222:7:222:7 | SSA def(self) | test.swift:222:7:222:7 | self[return] |
+| test.swift:222:7:222:7 | SSA def(self) | test.swift:222:7:222:7 | self[return] |
+| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | SSA def(self) |
+| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | SSA def(self) |
+| test.swift:223:7:223:7 | self | test.swift:223:7:223:7 | SSA def(self) |
+| test.swift:224:5:224:5 | SSA def(self) | test.swift:224:5:226:5 | self[return] |
+| test.swift:224:5:224:5 | self | test.swift:224:5:224:5 | SSA def(self) |
+| test.swift:227:5:227:5 | SSA def(self) | test.swift:227:5:229:5 | self[return] |
+| test.swift:227:5:227:5 | self | test.swift:227:5:227:5 | SSA def(self) |
+| test.swift:234:7:234:7 | SSA def(a) | test.swift:235:13:235:13 | a |
+| test.swift:234:11:234:31 | call to init() | test.swift:234:7:234:7 | SSA def(a) |
 | test.swift:235:13:235:13 | [post] a | test.swift:237:3:237:3 | a |
 | test.swift:235:13:235:13 | a | test.swift:237:3:237:3 | a |
 | test.swift:237:3:237:3 | [post] a | test.swift:238:13:238:13 | a |
 | test.swift:237:3:237:3 | a | test.swift:238:13:238:13 | a |
-| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | WriteDef |
-| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | WriteDef |
-| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | WriteDef |
-| test.swift:242:9:242:9 | value | test.swift:242:9:242:9 | WriteDef |
-| test.swift:243:9:243:9 | WriteDef | test.swift:243:18:243:18 | self |
-| test.swift:243:9:243:9 | self | test.swift:243:9:243:9 | WriteDef |
+| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | SSA def(self) |
+| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | SSA def(self) |
+| test.swift:242:9:242:9 | self | test.swift:242:9:242:9 | SSA def(self) |
+| test.swift:242:9:242:9 | value | test.swift:242:9:242:9 | SSA def(value) |
+| test.swift:243:9:243:9 | SSA def(self) | test.swift:243:18:243:18 | self |
+| test.swift:243:9:243:9 | self | test.swift:243:9:243:9 | SSA def(self) |
 | test.swift:243:18:243:18 | [post] self | test.swift:243:9:243:42 | self[return] |
 | test.swift:243:18:243:18 | self | test.swift:243:9:243:42 | self[return] |
-| test.swift:246:5:246:5 | WriteDef | test.swift:247:9:247:9 | self |
-| test.swift:246:5:246:5 | self | test.swift:246:5:246:5 | WriteDef |
+| test.swift:246:5:246:5 | SSA def(self) | test.swift:247:9:247:9 | self |
+| test.swift:246:5:246:5 | self | test.swift:246:5:246:5 | SSA def(self) |
 | test.swift:247:9:247:9 | [post] self | test.swift:246:5:248:5 | self[return] |
 | test.swift:247:9:247:9 | self | test.swift:246:5:248:5 | self[return] |
-| test.swift:252:23:252:23 | value | test.swift:252:23:252:23 | WriteDef |
-| test.swift:263:9:263:9 | WriteDef | test.swift:264:15:264:15 | x |
-| test.swift:263:13:263:28 | call to optionalSource() | test.swift:263:9:263:9 | WriteDef |
-| test.swift:264:15:264:15 | x | test.swift:264:15:264:16 | ...! |
-| test.swift:264:15:264:15 | x | test.swift:266:15:266:15 | x |
-| test.swift:266:15:266:15 | x | test.swift:266:15:266:16 | ...? |
-| test.swift:266:15:266:15 | x | test.swift:267:15:267:15 | x |
-| test.swift:266:15:266:25 | call to signum() | test.swift:266:15:266:25 | OptionalEvaluationExpr |
-| test.swift:267:15:267:15 | x | test.swift:268:16:268:16 | x |
+| test.swift:252:23:252:23 | value | test.swift:252:23:252:23 | SSA def(value) |
+| test.swift:262:21:262:27 | SSA def(y) | test.swift:266:15:266:15 | y |
+| test.swift:262:21:262:27 | y | test.swift:262:21:262:27 | SSA def(y) |
+| test.swift:263:9:263:9 | SSA def(x) | test.swift:265:15:265:15 | x |
+| test.swift:263:13:263:28 | call to optionalSource() | test.swift:263:9:263:9 | SSA def(x) |
+| test.swift:265:15:265:15 | x | test.swift:267:15:267:15 | x |
+| test.swift:266:15:266:15 | y | test.swift:268:15:268:15 | y |
+| test.swift:267:15:267:15 | x | test.swift:267:15:267:16 | ...! |
+| test.swift:267:15:267:15 | x | test.swift:271:15:271:15 | x |
+| test.swift:268:15:268:15 | y | test.swift:268:15:268:16 | ...! |
+| test.swift:268:15:268:15 | y | test.swift:272:15:272:15 | y |
+| test.swift:271:15:271:15 | x | test.swift:271:15:271:16 | ...? |
+| test.swift:271:15:271:15 | x | test.swift:274:15:274:15 | x |
+| test.swift:271:15:271:25 | call to signum() | test.swift:271:15:271:25 | OptionalEvaluationExpr |
+| test.swift:272:15:272:15 | y | test.swift:272:15:272:16 | ...? |
+| test.swift:272:15:272:15 | y | test.swift:276:15:276:15 | y |
+| test.swift:272:15:272:25 | call to signum() | test.swift:272:15:272:25 | OptionalEvaluationExpr |
+| test.swift:274:15:274:15 | x | test.swift:274:15:274:20 | ... ??(_:_:) ... |
+| test.swift:274:15:274:15 | x | test.swift:275:15:275:15 | x |
+| test.swift:274:20:274:20 | { ... } | test.swift:274:15:274:20 | ... ??(_:_:) ... |
+| test.swift:275:15:275:15 | x | test.swift:275:15:275:27 | ... ??(_:_:) ... |
+| test.swift:275:15:275:15 | x | test.swift:279:15:279:15 | x |
+| test.swift:275:20:275:27 | { ... } | test.swift:275:15:275:27 | ... ??(_:_:) ... |
+| test.swift:276:15:276:15 | y | test.swift:276:15:276:20 | ... ??(_:_:) ... |
+| test.swift:276:15:276:15 | y | test.swift:277:15:277:15 | y |
+| test.swift:276:20:276:20 | { ... } | test.swift:276:15:276:20 | ... ??(_:_:) ... |
+| test.swift:277:15:277:15 | y | test.swift:277:15:277:27 | ... ??(_:_:) ... |
+| test.swift:277:15:277:15 | y | test.swift:281:15:281:15 | y |
+| test.swift:277:20:277:27 | { ... } | test.swift:277:15:277:27 | ... ??(_:_:) ... |
+| test.swift:279:15:279:15 | x | test.swift:279:26:279:26 | x |
+| test.swift:279:15:279:15 | x | test.swift:280:15:280:15 | x |
+| test.swift:279:26:279:26 | x | test.swift:279:26:279:27 | ...! |
+| test.swift:279:26:279:26 | x | test.swift:280:15:280:15 | x |
+| test.swift:279:26:279:27 | ...! | test.swift:279:15:279:31 | ... ? ... : ... |
+| test.swift:279:31:279:31 | 0 | test.swift:279:15:279:31 | ... ? ... : ... |
+| test.swift:280:15:280:15 | x | test.swift:280:26:280:26 | x |
+| test.swift:280:15:280:15 | x | test.swift:284:16:284:16 | x |
+| test.swift:280:26:280:26 | x | test.swift:280:26:280:27 | ...! |
+| test.swift:280:26:280:26 | x | test.swift:284:16:284:16 | x |
+| test.swift:280:26:280:27 | ...! | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:280:31:280:38 | call to source() | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:281:15:281:15 | y | test.swift:281:26:281:26 | y |
+| test.swift:281:15:281:15 | y | test.swift:282:15:282:15 | y |
+| test.swift:281:26:281:26 | y | test.swift:281:26:281:27 | ...! |
+| test.swift:281:26:281:26 | y | test.swift:282:15:282:15 | y |
+| test.swift:281:26:281:27 | ...! | test.swift:281:15:281:31 | ... ? ... : ... |
+| test.swift:281:31:281:31 | 0 | test.swift:281:15:281:31 | ... ? ... : ... |
+| test.swift:282:15:282:15 | y | test.swift:282:26:282:26 | y |
+| test.swift:282:15:282:15 | y | test.swift:287:16:287:16 | y |
+| test.swift:282:26:282:26 | y | test.swift:282:26:282:27 | ...! |
+| test.swift:282:26:282:26 | y | test.swift:287:16:287:16 | y |
+| test.swift:282:26:282:27 | ...! | test.swift:282:15:282:38 | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() | test.swift:282:15:282:38 | ... ? ... : ... |
+| test.swift:284:16:284:16 | x | test.swift:290:16:290:16 | x |
+| test.swift:287:16:287:16 | y | test.swift:293:16:293:16 | y |
+| test.swift:290:16:290:16 | x | test.swift:290:16:290:17 | ...? |
+| test.swift:290:16:290:26 | call to signum() | test.swift:290:16:290:26 | OptionalEvaluationExpr |
+| test.swift:293:16:293:16 | y | test.swift:293:16:293:17 | ...? |
+| test.swift:293:16:293:26 | call to signum() | test.swift:293:16:293:26 | OptionalEvaluationExpr |
+| test.swift:302:9:302:9 | SSA def(t1) | test.swift:304:15:304:15 | t1 |
+| test.swift:302:14:302:26 | (...) | test.swift:302:9:302:9 | SSA def(t1) |
+| test.swift:304:15:304:15 | t1 | test.swift:305:15:305:15 | t1 |
+| test.swift:305:15:305:15 | [post] t1 | test.swift:306:15:306:15 | t1 |
+| test.swift:305:15:305:15 | t1 | test.swift:306:15:306:15 | t1 |
+| test.swift:306:15:306:15 | [post] t1 | test.swift:308:5:308:5 | t1 |
+| test.swift:306:15:306:15 | t1 | test.swift:308:5:308:5 | t1 |
+| test.swift:308:5:308:5 | [post] t1 | test.swift:310:15:310:15 | t1 |
+| test.swift:308:5:308:5 | t1 | test.swift:310:15:310:15 | t1 |
+| test.swift:310:15:310:15 | t1 | test.swift:311:15:311:15 | t1 |
+| test.swift:311:15:311:15 | [post] t1 | test.swift:312:15:312:15 | t1 |
+| test.swift:311:15:311:15 | t1 | test.swift:312:15:312:15 | t1 |
+| test.swift:312:15:312:15 | [post] t1 | test.swift:314:5:314:5 | t1 |
+| test.swift:312:15:312:15 | t1 | test.swift:314:5:314:5 | t1 |
+| test.swift:314:5:314:5 | [post] t1 | test.swift:316:15:316:15 | t1 |
+| test.swift:314:5:314:5 | t1 | test.swift:316:15:316:15 | t1 |
+| test.swift:316:15:316:15 | t1 | test.swift:317:15:317:15 | t1 |
+| test.swift:317:15:317:15 | [post] t1 | test.swift:318:15:318:15 | t1 |
+| test.swift:317:15:317:15 | t1 | test.swift:318:15:318:15 | t1 |
+| test.swift:322:9:322:9 | SSA def(t1) | test.swift:323:14:323:14 | t1 |
+| test.swift:322:14:322:45 | (...) | test.swift:322:9:322:9 | SSA def(t1) |
+| test.swift:323:9:323:9 | SSA def(t2) | test.swift:330:15:330:15 | t2 |
+| test.swift:323:14:323:14 | t1 | test.swift:323:9:323:9 | SSA def(t2) |
+| test.swift:323:14:323:14 | t1 | test.swift:324:21:324:21 | t1 |
+| test.swift:324:9:324:17 | SSA def(a) | test.swift:334:15:334:15 | a |
+| test.swift:324:9:324:17 | SSA def(b) | test.swift:335:15:335:15 | b |
+| test.swift:324:9:324:17 | SSA def(c) | test.swift:336:15:336:15 | c |
+| test.swift:324:21:324:21 | t1 | test.swift:324:9:324:17 | SSA def(a) |
+| test.swift:324:21:324:21 | t1 | test.swift:324:9:324:17 | SSA def(b) |
+| test.swift:324:21:324:21 | t1 | test.swift:324:9:324:17 | SSA def(c) |
+| test.swift:324:21:324:21 | t1 | test.swift:326:15:326:15 | t1 |
+| test.swift:326:15:326:15 | t1 | test.swift:327:15:327:15 | t1 |
+| test.swift:327:15:327:15 | [post] t1 | test.swift:328:15:328:15 | t1 |
+| test.swift:327:15:327:15 | t1 | test.swift:328:15:328:15 | t1 |
+| test.swift:328:15:328:15 | [post] t1 | test.swift:329:15:329:15 | t1 |
+| test.swift:328:15:328:15 | t1 | test.swift:329:15:329:15 | t1 |
+| test.swift:330:15:330:15 | t2 | test.swift:331:15:331:15 | t2 |
+| test.swift:331:15:331:15 | [post] t2 | test.swift:332:15:332:15 | t2 |
+| test.swift:331:15:331:15 | t2 | test.swift:332:15:332:15 | t2 |
+| test.swift:332:15:332:15 | [post] t2 | test.swift:333:15:333:15 | t2 |
+| test.swift:332:15:332:15 | t2 | test.swift:333:15:333:15 | t2 |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
index 95a95145140..093e8c2db95 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/test.swift
+++ b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -124,7 +124,7 @@ func forwarder() {
         return i
     })
     sink(arg: z) // $ flow=122
-    
+
     var clean: Int = forward(arg: source(), lambda: {
         (i: Int) -> Int in
         return 0
@@ -259,13 +259,79 @@ func optionalSource() -> Int? {
     return source()
 }
 
-func test_optionals() {
+func test_optionals(y: Int?) {
     let x = optionalSource()
+
+    sink(opt: x) // $ flow=259
+    sink(opt: y)
     sink(arg: x!) // $ flow=259
-    sink(arg: source().signum()) // $ flow=265
+    sink(arg: y!)
+
+    sink(arg: source().signum()) // $ flow=270
     sink(opt: x?.signum()) // $ flow=259
-    sink(arg: x ?? 0) // $ MISSING: flow=259
-    if let y = x {
-        sink(arg: y) // $ MISSING: flow=259
+    sink(opt: y?.signum())
+
+    sink(arg: x ?? 0) // $ flow=259
+    sink(arg: x ?? source()) // $ flow=259 MISSING: flow=276
+    sink(arg: y ?? 0)
+    sink(arg: y ?? source()) // $ MISSING: flow=278
+
+    sink(arg: x != nil ? x! : 0) // $ flow=259
+    sink(arg: x != nil ? x! : source()) // $ flow=259 flow=280
+    sink(arg: y != nil ? y! : 0)
+    sink(arg: y != nil ? y! : source()) // $ flow=282
+
+    if let z = x {
+        sink(arg: z) // $ MISSING: flow=259
+    }
+    if let z = y {
+        sink(arg: z)
+    }
+    if let z = x?.signum() { // $ MISSING: flow=259
+        sink(arg: z)
+    }
+    if let z = y?.signum() {
+        sink(arg: z)
     }
 }
+
+func sink(arg: (Int, Int)) {}
+func sink(arg: (Int, Int, Int)) {}
+
+func testTuples() {
+    var t1 = (1, source())
+
+    sink(arg: t1)
+    sink(arg: t1.0)
+    sink(arg: t1.1) // $ flow=302
+
+    t1.1 = 2
+
+    sink(arg: t1)
+    sink(arg: t1.0)
+    sink(arg: t1.1)
+
+    t1.0 = source()
+
+    sink(arg: t1)
+    sink(arg: t1.0) // $ flow=314
+    sink(arg: t1.1)
+}
+
+func testTuples2() {
+    let t1 = (x: source(), y: source(), z: 0)
+    let t2 = t1
+    let (a, b, c) = t1
+
+    sink(arg: t1)
+    sink(arg: t1.x) // $ flow=322
+    sink(arg: t1.y) // $ flow=322
+    sink(arg: t1.z)
+    sink(arg: t2)
+    sink(arg: t2.x) // $ flow=322
+    sink(arg: t2.y) // $ flow=322
+    sink(arg: t2.z)
+    sink(arg: a) // $ MISSING: flow=322
+    sink(arg: b) // $ MISSING: flow=322
+    sink(arg: c)
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
index d3deab14155..7bbbe10244d 100644
--- a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
+++ b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
@@ -1,8 +1,76 @@
+| alamofire.swift:91:27:91:27 | .result | external |
+| alamofire.swift:99:27:99:27 | .result | external |
+| alamofire.swift:344:23:344:32 | .data | external |
+| alamofire.swift:351:22:351:31 | .value | external |
+| alamofire.swift:358:23:358:32 | .value | external |
+| alamofire.swift:365:22:365:31 | .value | external |
+| alamofire.swift:372:23:372:32 | .value | external |
+| alamofire.swift:379:28:379:37 | .value | external |
+| alamofire.swift:389:28:389:28 | call to init(contentsOfFile:) | external |
+| alamofire.swift:389:28:389:55 | call to init(contentsOfFile:) | external |
+| alamofire.swift:396:22:396:31 | .value | external |
+| alamofire.swift:403:22:403:31 | .value | external |
+| alamofire.swift:404:28:404:28 | call to init(contentsOf:) | external |
+| alamofire.swift:404:28:404:50 | call to init(contentsOf:) | external |
+| alamofire.swift:411:23:411:32 | .value | external |
+| alamofire.swift:418:22:418:31 | .value | external |
+| alamofire.swift:425:23:425:32 | .value | external |
+| alamofire.swift:431:28:431:37 | .value | external |
+| alamofire.swift:448:20:448:20 | call to init(contentsOfFile:) | external |
+| alamofire.swift:448:20:448:49 | call to init(contentsOfFile:) | external |
+| alamofire.swift:455:23:455:32 | .data | external |
+| alamofire.swift:461:23:461:32 | .data | external |
 | customurlschemes.swift:30:44:30:54 | url | external |
 | customurlschemes.swift:34:52:34:68 | url | external |
 | customurlschemes.swift:38:52:38:62 | url | external |
 | customurlschemes.swift:43:9:43:28 | ...[...] | Remote URL in UIApplicationDelegate.application.launchOptions |
 | customurlschemes.swift:48:9:48:28 | ...[...] | Remote URL in UIApplicationDelegate.application.launchOptions |
+| data.swift:18:20:18:20 | call to init(contentsOf:options:) | external |
+| data.swift:18:20:18:54 | call to init(contentsOf:options:) | external |
+| file://:0:0:0:0 | .data | external |
+| file://:0:0:0:0 | .result | external |
+| file://:0:0:0:0 | .result | external |
+| file://:0:0:0:0 | .source1 | external |
+| file://:0:0:0:0 | .source1 | external |
+| file://:0:0:0:0 | .source4 | external |
+| file://:0:0:0:0 | .source9 | external |
+| generics.swift:10:9:10:16 | .source1 | external |
+| generics.swift:11:9:11:16 | .source2 | external |
+| generics.swift:12:9:12:24 | call to source3() | external |
+| generics.swift:48:9:48:17 | .source1 | external |
+| generics.swift:49:9:49:17 | .source2 | external |
+| generics.swift:50:9:50:25 | call to source3() | external |
+| generics.swift:51:9:51:18 | .source1 | external |
+| generics.swift:52:9:52:18 | .source2 | external |
+| generics.swift:53:9:53:26 | call to source3() | external |
+| generics.swift:54:9:54:17 | .source1 | external |
+| generics.swift:55:9:55:17 | .source2 | external |
+| generics.swift:56:9:56:25 | call to source3() | external |
+| generics.swift:57:9:57:17 | .source4 | external |
+| generics.swift:58:9:58:17 | .source5 | external |
+| generics.swift:59:9:59:25 | call to source6() | external |
+| generics.swift:60:9:60:17 | .source7 | external |
+| generics.swift:61:9:61:25 | call to source8() | external |
+| generics.swift:62:9:62:18 | .source1 | external |
+| generics.swift:63:9:63:18 | .source2 | external |
+| generics.swift:64:9:64:26 | call to source3() | external |
+| generics.swift:65:9:65:18 | .source9 | external |
+| generics.swift:66:9:66:18 | .source10 | external |
+| generics.swift:67:9:67:27 | call to source11() | external |
+| generics.swift:68:9:68:18 | .source12 | external |
+| generics.swift:69:9:69:27 | call to source13() | external |
+| generics.swift:88:9:88:15 | .source1 | external |
+| generics.swift:89:9:89:15 | .source2 | external |
+| generics.swift:90:9:90:14 | .source1 | external |
+| generics.swift:91:9:91:14 | .source2 | external |
+| generics.swift:92:9:92:15 | .source1 | external |
+| generics.swift:93:9:93:15 | .source2 | external |
+| generics.swift:112:9:112:15 | .source1 | external |
+| generics.swift:113:9:113:15 | .source2 | external |
+| nsdata.swift:18:17:18:17 | call to init(contentsOf:) | external |
+| nsdata.swift:18:17:18:40 | call to init(contentsOf:) | external |
+| nsdata.swift:19:17:19:17 | call to init(contentsOf:options:) | external |
+| nsdata.swift:19:17:19:53 | call to init(contentsOf:options:) | external |
 | string.swift:56:21:56:21 | call to init(contentsOf:) | external |
 | string.swift:56:21:56:44 | call to init(contentsOf:) | external |
 | string.swift:57:21:57:21 | call to init(contentsOf:encoding:) | external |
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql
index 8b6b9bd8906..7c819cd56ed 100644
--- a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql
+++ b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql
@@ -1,5 +1,33 @@
 import swift
 import codeql.swift.dataflow.FlowSources
+import codeql.swift.dataflow.ExternalFlow
+
+/**
+ * A models-as-data class expressing custom flow sources for this test. These
+ * cases ensure that MaD source definitions are able to successfully match a
+ * range of class fields and member functions.
+ */
+class CustomTestSourcesCsv extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";MySimpleClass;true;source1;;;;remote", ";MySimpleClass;true;source2;;;;remote",
+        ";MySimpleClass;true;source3();;;ReturnValue;remote",
+        // ---
+        ";MyGeneric;true;source1;;;;remote", ";MyGeneric;true;source2;;;;remote",
+        ";MyGeneric;true;source3();;;ReturnValue;remote", ";MyDerived;true;source4;;;;remote",
+        ";MyDerived;true;source5;;;;remote", ";MyDerived;true;source6();;;ReturnValue;remote",
+        ";MyDerived;true;source7;;;;remote", ";MyDerived;true;source8();;;ReturnValue;remote",
+        ";MyDerived2;true;source9;;;;remote", ";MyDerived2;true;source10;;;;remote",
+        ";MyDerived2;true;source11();;;ReturnValue;remote", ";MyDerived2;true;source12;;;;remote",
+        ";MyDerived2;true;source13();;;ReturnValue;remote",
+        // ---
+        ";MyProtocol;true;source1;;;;remote", ";MyProtocol;true;source2;;;;remote",
+        // ---
+        ";MyProtocol2;true;source1;;;;remote", ";MyProtocol2;true;source2;;;;remote",
+      ]
+  }
+}
 
 from RemoteFlowSource source
 select source, concat(source.getSourceType(), ", ")
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/alamofire.swift b/swift/ql/test/library-tests/dataflow/flowsources/alamofire.swift
new file mode 100644
index 00000000000..5fdfad51534
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/flowsources/alamofire.swift
@@ -0,0 +1,553 @@
+
+// --- Foundation stubs ---
+
+struct URL {
+    init(fileURLWithPath: String) {}
+
+    var path: String { get { return "" } }
+}
+
+class NSObject {
+}
+
+class URLResponse : NSObject {
+}
+
+class HTTPURLResponse : URLResponse {
+}
+
+struct Data {
+}
+
+extension String {
+    init(contentsOf url: URL) throws {
+        self.init("")
+    }
+    init(contentsOfFile path: String) throws {
+        self.init("")
+    }
+}
+
+enum Result<Success, Failure> where Failure: Error {
+    case success(Success)
+    case failure(Failure)
+}
+
+extension Result {
+    var success: Success? {
+        guard case let .success(value) = self else { return nil }
+        return value
+    }
+}
+
+// --- Alamofire stubs ---
+
+protocol URLConvertible {
+}
+
+extension String: URLConvertible {
+}
+
+class Request {
+}
+
+class DataRequest: Request {
+}
+
+class DownloadRequest: Request {
+    struct Options: OptionSet {
+        let rawValue: Int
+    }
+
+    typealias Destination =
+        (_ temporaryURL: URL, _ response: HTTPURLResponse) ->
+        (destinationURL: URL, options: Options)
+}
+
+final class DataStreamRequest: Request {
+    typealias Handler<Success, Failure: Error> = (Stream<Success, Failure>) throws -> Void
+
+    struct Stream<Success, Failure: Error> {
+        let event: Event<Success, Failure>
+    }
+
+    enum Event<Success, Failure: Error> {
+        case stream(Result<Success, Failure>)
+        case complete(Completion)
+    }
+
+    struct Completion {
+    }
+}
+
+enum AFError: Error {
+}
+
+struct DataResponse<Success, Failure: Error> {
+    let data: Data?
+
+    let result: Result<Success, Failure>
+
+    var value: Success? { result.success } // SOURCE
+}
+
+struct DownloadResponse<Success, Failure: Error> {
+    let fileURL: URL?
+
+    let result: Result<Success, Failure>
+
+    var value: Success? { result.success } // SOURCE
+}
+
+typealias AFDataResponse<Success> = DataResponse<Success, AFError>
+typealias AFDownloadResponse<Success> = DownloadResponse<Success, AFError>
+
+protocol DataResponseSerializerProtocol {
+    associatedtype SerializedObject
+
+    func serialize() -> SerializedObject // simplified
+}
+
+protocol DownloadResponseSerializerProtocol {
+    associatedtype SerializedObject
+
+    func serializeDownload() -> SerializedObject // simplified
+}
+
+protocol ResponseSerializer: DataResponseSerializerProtocol & DownloadResponseSerializerProtocol {
+}
+
+protocol DataStreamSerializer {
+    associatedtype SerializedObject
+
+    func serialize(_ data: Data) throws -> SerializedObject
+}
+
+extension DataRequest {
+    @discardableResult
+    func response(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDataResponse<Data?>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func response<Serializer: DataResponseSerializerProtocol>(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        responseSerializer: Serializer,
+        completionHandler: @escaping (AFDataResponse<Serializer.SerializedObject>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func response<Serializer: ResponseSerializer>(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        responseSerializer: Serializer,
+        completionHandler: @escaping (AFDataResponse<Serializer.SerializedObject>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseData(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDataResponse<Data>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseString(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDataResponse<String>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseJSON(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDataResponse<Any>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseDecodable<T: Decodable>(
+        of type: T.Type = T.self,
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDataResponse<T>) -> Void) -> Self {
+            return self
+    }
+}
+
+extension DownloadRequest {
+    @discardableResult
+    func response(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<URL?>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func response<Serializer: DownloadResponseSerializerProtocol>(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        responseSerializer: Serializer,
+        completionHandler: @escaping (AFDownloadResponse<Serializer.SerializedObject>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func response<Serializer: ResponseSerializer>(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        responseSerializer: Serializer,
+        completionHandler: @escaping (AFDownloadResponse<Serializer.SerializedObject>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseURL(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<URL>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseData(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<Data>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseString(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<String>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseJSON(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<Any>) -> Void) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseDecodable<T: Decodable>(
+        of type: T.Type = T.self,
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        completionHandler: @escaping (AFDownloadResponse<T>) -> Void) -> Self {
+            return self
+    }
+}
+
+extension DataStreamRequest
+{
+    @discardableResult
+    func responseStream(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        stream: @escaping Handler<Data, Never>) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseStream<Serializer: DataStreamSerializer>(
+        using serializer: Serializer,
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        stream: @escaping Handler<Serializer.SerializedObject, AFError>) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseStreamString(
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        stream: @escaping Handler<String, Never>) -> Self {
+            return self
+    }
+
+    @discardableResult
+    func responseStreamDecodable<T: Decodable>(
+        of type: T.Type = T.self,
+        a1 : Int = 0, // these parameters do not matter for our purposes
+        a2 : Int = 0,
+        stream: @escaping Handler<T, AFError>) -> Self {
+            return self
+    }
+}
+
+class Session {
+	static let `default` = Session()
+
+	func request(
+		_ convertible: URLConvertible,
+        a2 : Int = 0, // these parameters vary and do not matter for our purposes
+        a3 : Int = 0) -> DataRequest {
+			return DataRequest()
+	}
+
+	func download(
+		_ convertible: URLConvertible,
+        a2 : Int = 0, // these parameters vary and do not matter for our purposes
+        a3 : Int = 0,
+        to destination: DownloadRequest.Destination? = nil) -> DownloadRequest {
+			return DownloadRequest()
+	}
+
+	func streamRequest(
+		_ convertible: URLConvertible,
+        a2 : Int = 0, // these parameters vary and do not matter for our purposes
+        a3 : Int = 0) -> DataStreamRequest {
+			return DataStreamRequest()
+	}
+}
+
+let AF = Session.default
+
+// --- tests ---
+
+struct MySerializer: ResponseSerializer {
+    func serialize() -> String { return "" }
+    func serializeDownload() -> String { return "" }
+}
+
+struct MyStreamSerializer: DataStreamSerializer {
+    func serialize(_ data: Data) throws -> String { return "" }
+}
+
+struct MyDecodable: Decodable {
+}
+
+func doSomethingWith(_ param: Any) {
+    // ...
+}
+
+func testAlamofire() {
+    // requests
+
+    AF.request("http://example.com/").response {
+        response in
+        if let data = response.data { // SOURCE
+            // ...
+        }
+    }
+
+    AF.request("http://example.com/").response(responseSerializer: MySerializer()) {
+        response in
+        if let obj = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.request("http://example.com/").responseData {
+        response in
+        if let data = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.request("http://example.com/").responseString {
+        response in
+        if let str = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.request("http://example.com/").responseJSON {
+        response in
+        if let json = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.request("http://example.com/").responseDecodable(of: MyDecodable.self) {
+        response in
+        if let decodable = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    // downloads (to a file)
+
+    AF.download("http://example.com/").response {
+        response in
+        if let path = response.fileURL?.path {
+            let str = try? String(contentsOfFile: path) // SOURCE
+            // ...
+        }
+    }
+
+    AF.download("http://example.com/").response(responseSerializer: MySerializer()) {
+        response in
+        if let obj = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.download("http://example.com/").responseURL {
+        response in
+        if let url = response.value { // just the URL [FALSE POSITIVE]
+            let str = try? String(contentsOf: url) // SOURCE
+            // ...
+        }
+    }
+
+    AF.download("http://example.com/").responseData {
+        response in
+        if let data = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.download("http://example.com/").responseString {
+        response in
+        if let str = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    AF.download("http://example.com/").responseJSON {
+        response in
+        if let json = response.value { // SOURCE
+        }
+    }
+
+    AF.download("http://example.com/").responseDecodable(of: MyDecodable.self) {
+        response in
+        if let decodable = response.value { // SOURCE
+            // ...
+        }
+    }
+
+    // download (to a *given* file)
+
+    let myPath = "my/path"
+    let myDestination: DownloadRequest.Destination = {
+        _, _ in
+        return (URL(fileURLWithPath: myPath), [])
+    }
+    AF.download("http://example.com/", to: myDestination).response {
+        response in
+        // ...
+    }
+    // ...
+    let str = try? String(contentsOfFile: myPath) // SOURCE
+
+    // chaining
+    //  - in practice there are a wide range of calls that can be chained through.
+
+    AF.request("http://example.com/").response {
+        response in
+        if let data = response.data { // SOURCE
+            // ...
+        }
+    }
+    .response {
+        response in
+        if let data = response.data { // SOURCE
+            // ...
+        }
+    }
+
+    // streaming requests
+
+    AF.streamRequest("http://example.com/").responseStream {
+        stream in
+        switch stream.event {
+        case let .stream(result):
+            switch result {
+            case let .success(data): // SOURCE [NOT DETECTED]
+                doSomethingWith(data)
+                // ...
+            }
+        case let .complete(completion):
+            doSomethingWith(completion)
+            // ...
+        }
+    }
+
+    AF.streamRequest("http://example.com/").responseStream(using: MyStreamSerializer()) {
+        stream in
+        switch stream.event {
+        case let .stream(result):
+            switch result {
+            case let .success(value): // SOURCE [NOT DETECTED]
+                doSomethingWith(value)
+                // ...
+            }
+        case let .complete(completion):
+            doSomethingWith(completion)
+            // ...
+        }
+    }
+
+    AF.streamRequest("http://example.com/").responseStreamString {
+        stream in
+        switch stream.event {
+        case let .stream(result):
+            switch result {
+            case let .success(value): // SOURCE [NOT DETECTED]
+                doSomethingWith(value)
+                // ...
+            }
+        case let .complete(completion):
+            doSomethingWith(completion)
+            // ...
+        }
+    }
+
+    AF.streamRequest("http://example.com/").responseStreamDecodable(of: MyDecodable.self) {
+        stream in
+        switch stream.event {
+        case let .stream(result):
+            switch result {
+            case let .success(value): // SOURCE [NOT DETECTED]
+                doSomethingWith(value)
+                // ...
+            }
+        case let .complete(completion):
+            doSomethingWith(completion)
+            // ...
+        }
+    }
+
+    // streaming requests (alternative formulations)
+
+    AF.streamRequest("http://example.com/").responseStream {
+        stream in
+        if case let .stream(myResult) = stream.event {
+            if case let .success(myData) = myResult { // SOURCE [NOT DETECTED]
+                doSomethingWith(myData)
+            }
+        }
+    }
+
+    AF.streamRequest("http://example.com/").responseStream {
+        stream in
+        if case let .stream(myResult) = stream.event {
+           doSomethingWith(myResult.success!) // SOURCE [NOT DETECTED]
+        }
+    }
+
+    // access to a non-network `Result` (not a source)
+
+    let myResult = Result<String, Error>.success("data")
+
+    if case let .success(myString) = myResult {
+        doSomethingWith(myString)
+    }
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/data.swift b/swift/ql/test/library-tests/dataflow/flowsources/data.swift
new file mode 100644
index 00000000000..eef374b62a9
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/flowsources/data.swift
@@ -0,0 +1,19 @@
+// --- stubs ---
+
+struct URL
+{
+	init?(string: String) {}
+}
+
+
+struct Data {
+    struct ReadingOptions : OptionSet { let rawValue: Int }
+	init(contentsOf: URL, options: ReadingOptions) {}
+}
+
+// --- tests ---
+
+func testData() {
+    let url = URL(string: "http://example.com/")
+    let data = try Data(contentsOf: url!, options: []) // SOURCE
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/generics.swift b/swift/ql/test/library-tests/dataflow/flowsources/generics.swift
new file mode 100644
index 00000000000..41561d9c4c4
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/flowsources/generics.swift
@@ -0,0 +1,118 @@
+
+class MySimpleClass
+{
+    let source1: Int = 0
+    var source2: Int { get { return 0 } }
+    func source3() -> Int { return 0 }
+}
+
+func useMySimpleClass(simple: MySimpleClass) {
+    _ = simple.source1 // SOURCE
+    _ = simple.source2 // SOURCE
+    _ = simple.source3() // SOURCE
+}
+
+// ---
+
+class MyGeneric<T> {
+    let source1: Int = 0
+    var source2: T? { get { return nil } }
+    func source3() -> Int { return 0 }
+}
+
+class MyDerived<T> : MyGeneric<T> {
+    let source4: Int = 0
+    var source5: T? { get { return nil } }
+    func source6() -> Int { return 0 }
+}
+
+extension MyDerived
+{
+    var source7: Int { get { return 0 } }
+    func source8() -> Int { return 0 }
+}
+
+class MyDerived2 : MyGeneric<Int> {
+    let source9: Int = 0
+    var source10: Int { get { return 0 } }
+    func source11() -> Int { return 0 }
+}
+
+extension MyDerived2
+{
+    var source12: Int { get { return 0 } }
+    func source13() -> Int { return 0 }
+}
+
+func useDerived(generic: MyGeneric<Int>, generic2: MyGeneric<Any>, derived: MyDerived<Int>, derived2: MyDerived2) {
+    _ = generic.source1 // SOURCE
+    _ = generic.source2 // SOURCE
+    _ = generic.source3() // SOURCE
+    _ = generic2.source1 // SOURCE
+    _ = generic2.source2 // SOURCE
+    _ = generic2.source3() // SOURCE
+    _ = derived.source1 // SOURCE
+    _ = derived.source2 // SOURCE
+    _ = derived.source3() // SOURCE
+    _ = derived.source4 // SOURCE
+    _ = derived.source5 // SOURCE
+    _ = derived.source6() // SOURCE
+    _ = derived.source7 // SOURCE
+    _ = derived.source8() // SOURCE
+    _ = derived2.source1 // SOURCE
+    _ = derived2.source2 // SOURCE
+    _ = derived2.source3() // SOURCE
+    _ = derived2.source9 // SOURCE
+    _ = derived2.source10 // SOURCE
+    _ = derived2.source11() // SOURCE
+    _ = derived2.source12 // SOURCE
+    _ = derived2.source13() // SOURCE
+}
+
+// ---
+
+protocol MyProtocol {
+    var source1: Int { get }
+    var source2: Int { get }
+}
+
+class MyImpl<T> : MyProtocol {
+    var source1: Int { get { return 0 } }
+}
+
+extension MyImpl {
+    var source2: Int { get { return 0 } }
+}
+
+func useProtocol(proto: MyProtocol, impl: MyImpl<Int>, impl2: MyImpl<Any>) {
+    _ = proto.source1 // SOURCE
+    _ = proto.source2 // SOURCE
+    _ = impl.source1 // SOURCE
+    _ = impl.source2 // SOURCE
+    _ = impl2.source1 // SOURCE
+    _ = impl2.source2 // SOURCE
+}
+
+// ---
+
+protocol MyProtocol2 {
+    var source1: Int { get }
+    var source2: Int { get }
+}
+
+class MyImpl2<T> {
+    var source1: Int { get { return 0 } }
+}
+
+extension MyImpl2 : MyProtocol2 {
+    var source2: Int { get { return 0 } }
+}
+
+func useProtocol2(proto: MyProtocol2, impl: MyImpl2<Int>, impl2: MyImpl2<Any>) {
+    _ = proto.source1 // SOURCE
+    _ = proto.source2 // SOURCE
+    _ = impl.source1 // SOURCE [NOT DETECTED]
+    _ = impl.source2 // SOURCE [NOT DETECTED]
+    _ = impl2.source1 // SOURCE [NOT DETECTED]
+    _ = impl2.source2 // SOURCE [NOT DETECTED]
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/nsdata.swift b/swift/ql/test/library-tests/dataflow/flowsources/nsdata.swift
new file mode 100644
index 00000000000..d1258f10364
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/flowsources/nsdata.swift
@@ -0,0 +1,20 @@
+// --- stubs ---
+
+struct URL
+{
+	init?(string: String) {}
+}
+
+class NSData {
+    struct ReadingOptions : OptionSet { let rawValue: Int }
+    init?(contentsOf: URL) {}
+    init?(contentsOf: URL, options: NSData.ReadingOptions) {}
+}
+
+// --- tests ---
+
+func testNSData() {
+    let url = URL(string: "http://example.com/")
+    let _ = try NSData(contentsOf: url!) // SOURCE
+    let _ = try NSData(contentsOf: url!, options: []) // SOURCE
+}
diff --git a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
index c5b7944178a..d991a70115c 100644
--- a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
+++ b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
@@ -1,120 +1,897 @@
+| data.swift:2:8:2:8 | SSA def(self) | data.swift:2:8:2:8 | self[return] |
+| data.swift:2:8:2:8 | self | data.swift:2:8:2:8 | SSA def(self) |
+| data.swift:4:7:4:7 | SSA def(self) | data.swift:4:7:4:7 | self[return] |
+| data.swift:4:7:4:7 | SSA def(self) | data.swift:4:7:4:7 | self[return] |
+| data.swift:4:7:4:7 | self | data.swift:4:7:4:7 | SSA def(self) |
+| data.swift:4:7:4:7 | self | data.swift:4:7:4:7 | SSA def(self) |
+| data.swift:12:49:12:49 | self | data.swift:12:49:12:49 | SSA def(self) |
+| data.swift:13:49:13:49 | self | data.swift:13:49:13:49 | SSA def(self) |
+| data.swift:14:42:14:42 | self | data.swift:14:42:14:42 | SSA def(self) |
+| data.swift:18:31:18:31 | SSA def(self) | data.swift:18:31:18:46 | self[return] |
+| data.swift:18:31:18:31 | self | data.swift:18:31:18:31 | SSA def(self) |
+| data.swift:19:29:19:29 | SSA def(self) | data.swift:19:29:19:44 | self[return] |
+| data.swift:19:29:19:29 | self | data.swift:19:29:19:29 | SSA def(self) |
+| data.swift:20:7:20:7 | SSA def(self) | data.swift:20:2:20:57 | self[return] |
+| data.swift:20:7:20:7 | self | data.swift:20:7:20:7 | SSA def(self) |
+| data.swift:21:7:21:7 | SSA def(self) | data.swift:21:2:21:58 | self[return] |
+| data.swift:21:7:21:7 | self | data.swift:21:7:21:7 | SSA def(self) |
+| data.swift:22:52:22:52 | SSA def(self) | data.swift:22:52:22:67 | self[return] |
+| data.swift:22:52:22:52 | self | data.swift:22:52:22:52 | SSA def(self) |
+| data.swift:24:5:24:5 | SSA def(self) | data.swift:24:5:24:29 | self[return] |
+| data.swift:24:5:24:5 | self | data.swift:24:5:24:5 | SSA def(self) |
+| data.swift:25:2:25:2 | SSA def(self) | data.swift:25:2:25:66 | self[return] |
+| data.swift:25:2:25:2 | self | data.swift:25:2:25:2 | SSA def(self) |
+| data.swift:26:2:26:2 | SSA def(self) | data.swift:26:2:26:61 | self[return] |
+| data.swift:26:2:26:2 | self | data.swift:26:2:26:2 | SSA def(self) |
+| data.swift:27:2:27:2 | SSA def(self) | data.swift:27:2:27:62 | self[return] |
+| data.swift:27:2:27:2 | self | data.swift:27:2:27:2 | SSA def(self) |
+| data.swift:28:2:28:2 | SSA def(self) | data.swift:28:2:28:45 | self[return] |
+| data.swift:28:2:28:2 | self | data.swift:28:2:28:2 | SSA def(self) |
+| data.swift:29:2:29:2 | SSA def(self) | data.swift:29:2:29:82 | self[return] |
+| data.swift:29:2:29:2 | self | data.swift:29:2:29:2 | SSA def(self) |
+| data.swift:30:2:30:2 | SSA def(self) | data.swift:30:2:30:50 | self[return] |
+| data.swift:30:2:30:2 | self | data.swift:30:2:30:2 | SSA def(self) |
+| data.swift:31:2:31:2 | SSA def(self) | data.swift:31:2:31:29 | self[return] |
+| data.swift:31:2:31:2 | self | data.swift:31:2:31:2 | SSA def(self) |
+| data.swift:32:7:32:7 | SSA def(self) | data.swift:32:2:32:24 | self[return] |
+| data.swift:32:7:32:7 | self | data.swift:32:7:32:7 | SSA def(self) |
+| data.swift:33:7:33:7 | SSA def(self) | data.swift:33:2:33:25 | self[return] |
+| data.swift:33:7:33:7 | self | data.swift:33:7:33:7 | SSA def(self) |
+| data.swift:34:7:34:7 | SSA def(self) | data.swift:34:2:34:63 | self[return] |
+| data.swift:34:7:34:7 | self | data.swift:34:7:34:7 | SSA def(self) |
+| data.swift:35:7:35:7 | SSA def(self) | data.swift:35:2:35:52 | self[return] |
+| data.swift:35:7:35:7 | self | data.swift:35:7:35:7 | SSA def(self) |
+| data.swift:36:7:36:7 | SSA def(self) | data.swift:36:2:36:36 | self[return] |
+| data.swift:36:7:36:7 | self | data.swift:36:7:36:7 | SSA def(self) |
+| data.swift:37:7:37:7 | SSA def(self) | data.swift:37:2:37:33 | self[return] |
+| data.swift:37:7:37:7 | self | data.swift:37:7:37:7 | SSA def(self) |
+| data.swift:38:7:38:7 | SSA def(self) | data.swift:38:2:38:88 | self[return] |
+| data.swift:38:7:38:7 | self | data.swift:38:7:38:7 | SSA def(self) |
+| data.swift:38:79:38:79 | Data.Type | data.swift:38:79:38:79 | call to init(_:) |
+| data.swift:38:84:38:84 |  | data.swift:38:79:38:86 | call to init(_:) |
+| data.swift:39:7:39:7 | SSA def(self) | data.swift:39:2:39:86 | self[return] |
+| data.swift:39:7:39:7 | self | data.swift:39:7:39:7 | SSA def(self) |
+| data.swift:40:7:40:7 | SSA def(self) | data.swift:40:2:40:99 | self[return] |
+| data.swift:40:7:40:7 | self | data.swift:40:7:40:7 | SSA def(self) |
+| data.swift:41:7:41:7 | SSA def(self) | data.swift:41:2:41:53 | self[return] |
+| data.swift:41:7:41:7 | self | data.swift:41:7:41:7 | SSA def(self) |
+| data.swift:42:7:42:7 | SSA def(self) | data.swift:42:2:42:63 | self[return] |
+| data.swift:42:7:42:7 | self | data.swift:42:7:42:7 | SSA def(self) |
+| data.swift:43:7:43:7 | SSA def(self) | data.swift:43:2:43:76 | self[return] |
+| data.swift:43:7:43:7 | self | data.swift:43:7:43:7 | SSA def(self) |
+| data.swift:44:7:44:7 | SSA def(self) | data.swift:44:2:44:137 | self[return] |
+| data.swift:44:7:44:7 | self | data.swift:44:7:44:7 | SSA def(self) |
+| data.swift:45:7:45:7 | SSA def(self) | data.swift:45:2:45:97 | self[return] |
+| data.swift:45:7:45:7 | self | data.swift:45:7:45:7 | SSA def(self) |
+| data.swift:46:7:46:7 | SSA def(self) | data.swift:46:2:46:34 | self[return] |
+| data.swift:46:7:46:7 | self | data.swift:46:7:46:7 | SSA def(self) |
+| data.swift:47:7:47:7 | SSA def(self) | data.swift:47:2:47:83 | self[return] |
+| data.swift:47:7:47:7 | self | data.swift:47:7:47:7 | SSA def(self) |
+| data.swift:48:7:48:7 | SSA def(self) | data.swift:48:2:48:50 | self[return] |
+| data.swift:48:7:48:7 | self | data.swift:48:7:48:7 | SSA def(self) |
+| data.swift:49:7:49:7 | SSA def(self) | data.swift:49:2:49:115 | self[return] |
+| data.swift:49:7:49:7 | self | data.swift:49:7:49:7 | SSA def(self) |
+| data.swift:49:22:49:42 | SSA def(initialResult) | data.swift:49:101:49:101 | initialResult |
+| data.swift:49:22:49:42 | initialResult | data.swift:49:22:49:42 | SSA def(initialResult) |
+| data.swift:50:7:50:7 | SSA def(self) | data.swift:50:2:50:180 | self[return] |
+| data.swift:50:7:50:7 | self | data.swift:50:7:50:7 | SSA def(self) |
+| data.swift:51:7:51:7 | SSA def(self) | data.swift:51:2:51:58 | self[return] |
+| data.swift:51:7:51:7 | self | data.swift:51:7:51:7 | SSA def(self) |
+| data.swift:52:7:52:7 | SSA def(self) | data.swift:52:2:52:151 | self[return] |
+| data.swift:52:7:52:7 | self | data.swift:52:7:52:7 | SSA def(self) |
+| data.swift:53:7:53:7 | SSA def(self) | data.swift:53:2:53:97 | self[return] |
+| data.swift:53:7:53:7 | self | data.swift:53:7:53:7 | SSA def(self) |
+| data.swift:54:7:54:7 | SSA def(self) | data.swift:54:2:54:82 | self[return] |
+| data.swift:54:7:54:7 | self | data.swift:54:7:54:7 | SSA def(self) |
+| data.swift:55:7:55:7 | SSA def(self) | data.swift:55:2:55:123 | self[return] |
+| data.swift:55:7:55:7 | self | data.swift:55:7:55:7 | SSA def(self) |
+| data.swift:56:7:56:7 | SSA def(self) | data.swift:56:2:56:214 | self[return] |
+| data.swift:56:7:56:7 | self | data.swift:56:7:56:7 | SSA def(self) |
+| data.swift:56:205:56:205 | Data.Type | data.swift:56:205:56:205 | call to init(_:) |
+| data.swift:56:210:56:210 |  | data.swift:56:205:56:212 | call to init(_:) |
+| data.swift:57:7:57:7 | SSA def(self) | data.swift:57:2:57:236 | self[return] |
+| data.swift:57:7:57:7 | self | data.swift:57:7:57:7 | SSA def(self) |
+| data.swift:57:227:57:227 | Data.Type | data.swift:57:227:57:227 | call to init(_:) |
+| data.swift:57:232:57:232 |  | data.swift:57:227:57:234 | call to init(_:) |
+| data.swift:58:7:58:7 | SSA def(self) | data.swift:58:2:58:39 | self[return] |
+| data.swift:58:7:58:7 | self | data.swift:58:7:58:7 | SSA def(self) |
+| data.swift:59:7:59:7 | SSA def(self) | data.swift:59:2:59:81 | self[return] |
+| data.swift:59:7:59:7 | self | data.swift:59:7:59:7 | SSA def(self) |
+| data.swift:60:7:60:7 | SSA def(self) | data.swift:60:2:60:132 | self[return] |
+| data.swift:60:7:60:7 | self | data.swift:60:7:60:7 | SSA def(self) |
+| data.swift:61:7:61:7 | SSA def(self) | data.swift:61:2:61:41 | self[return] |
+| data.swift:61:7:61:7 | self | data.swift:61:7:61:7 | SSA def(self) |
+| data.swift:62:7:62:7 | SSA def(self) | data.swift:62:2:62:58 | self[return] |
+| data.swift:62:7:62:7 | self | data.swift:62:7:62:7 | SSA def(self) |
+| data.swift:62:19:62:32 | SSA def(using) | data.swift:62:2:62:58 | using[return] |
+| data.swift:62:19:62:32 | using | data.swift:62:19:62:32 | SSA def(using) |
+| data.swift:63:7:63:7 | SSA def(self) | data.swift:63:2:63:123 | self[return] |
+| data.swift:63:7:63:7 | self | data.swift:63:7:63:7 | SSA def(self) |
+| data.swift:63:114:63:114 | Data.Type | data.swift:63:114:63:114 | call to init(_:) |
+| data.swift:63:119:63:119 |  | data.swift:63:114:63:121 | call to init(_:) |
+| data.swift:64:7:64:7 | SSA def(self) | data.swift:64:2:64:72 | self[return] |
+| data.swift:64:7:64:7 | self | data.swift:64:7:64:7 | SSA def(self) |
+| data.swift:64:63:64:63 | Data.Type | data.swift:64:63:64:63 | call to init(_:) |
+| data.swift:64:68:64:68 |  | data.swift:64:63:64:70 | call to init(_:) |
+| data.swift:69:7:69:7 | SSA def(self) | data.swift:69:7:69:7 | self[return] |
+| data.swift:69:7:69:7 | SSA def(self) | data.swift:69:7:69:7 | self[return] |
+| data.swift:69:7:69:7 | self | data.swift:69:7:69:7 | SSA def(self) |
+| data.swift:69:7:69:7 | self | data.swift:69:7:69:7 | SSA def(self) |
+| data.swift:80:6:80:6 | SSA def(dataClean) | data.swift:84:12:84:12 | dataClean |
+| data.swift:80:18:80:18 | Data.Type | data.swift:80:18:80:18 | call to init(_:) |
+| data.swift:80:18:80:36 | call to init(_:) | data.swift:80:6:80:6 | SSA def(dataClean) |
+| data.swift:80:23:80:23 | 123456 | data.swift:80:23:80:32 | .utf8 |
+| data.swift:80:23:80:32 | .utf8 | data.swift:80:18:80:36 | call to init(_:) |
+| data.swift:81:6:81:6 | SSA def(dataTainted) | data.swift:82:26:82:26 | dataTainted |
+| data.swift:81:20:81:20 | Data.Type | data.swift:81:20:81:20 | call to init(_:) |
+| data.swift:81:20:81:51 | call to init(_:) | data.swift:81:6:81:6 | SSA def(dataTainted) |
+| data.swift:81:25:81:47 | .utf8 | data.swift:81:20:81:51 | call to init(_:) |
+| data.swift:81:26:81:33 | call to source() | data.swift:81:25:81:47 | .utf8 |
+| data.swift:82:6:82:6 | SSA def(dataTainted2) | data.swift:86:12:86:12 | dataTainted2 |
+| data.swift:82:21:82:21 | Data.Type | data.swift:82:21:82:21 | call to init(_:) |
+| data.swift:82:21:82:37 | call to init(_:) | data.swift:82:6:82:6 | SSA def(dataTainted2) |
+| data.swift:82:26:82:26 | [post] dataTainted | data.swift:85:12:85:12 | dataTainted |
+| data.swift:82:26:82:26 | dataTainted | data.swift:82:21:82:37 | call to init(_:) |
+| data.swift:82:26:82:26 | dataTainted | data.swift:85:12:85:12 | dataTainted |
+| data.swift:89:6:89:6 | SSA def(dataTainted3) | data.swift:90:12:90:12 | dataTainted3 |
+| data.swift:89:21:89:21 | Data.Type | data.swift:89:21:89:21 | call to init(base64Encoded:options:) |
+| data.swift:89:21:89:71 | call to init(base64Encoded:options:) | data.swift:89:6:89:6 | SSA def(dataTainted3) |
+| data.swift:89:41:89:48 | call to source() | data.swift:89:21:89:71 | call to init(base64Encoded:options:) |
+| data.swift:93:6:93:6 | SSA def(dataTainted4) | data.swift:94:12:94:12 | dataTainted4 |
+| data.swift:93:21:93:21 | Data.Type | data.swift:93:21:93:21 | call to init(buffer:) |
+| data.swift:93:21:93:73 | call to init(buffer:) | data.swift:93:6:93:6 | SSA def(dataTainted4) |
+| data.swift:93:34:93:41 | call to source() | data.swift:93:21:93:73 | call to init(buffer:) |
+| data.swift:95:6:95:6 | SSA def(dataTainted5) | data.swift:96:12:96:12 | dataTainted5 |
+| data.swift:95:21:95:21 | Data.Type | data.swift:95:21:95:21 | call to init(buffer:) |
+| data.swift:95:21:95:74 | call to init(buffer:) | data.swift:95:6:95:6 | SSA def(dataTainted5) |
+| data.swift:95:34:95:41 | call to source() | data.swift:95:21:95:74 | call to init(buffer:) |
+| data.swift:99:6:99:6 | SSA def(dataTainted6) | data.swift:100:12:100:12 | dataTainted6 |
+| data.swift:99:21:99:21 | Data.Type | data.swift:99:21:99:21 | call to init(bytes:count:) |
+| data.swift:99:21:99:72 | call to init(bytes:count:) | data.swift:99:6:99:6 | SSA def(dataTainted6) |
+| data.swift:99:33:99:40 | call to source() | data.swift:99:21:99:72 | call to init(bytes:count:) |
+| data.swift:103:6:103:6 | SSA def(dataTainted7) | data.swift:104:12:104:12 | dataTainted7 |
+| data.swift:103:21:103:21 | Data.Type | data.swift:103:21:103:21 | call to init(bytesNoCopy:count:deallocator:) |
+| data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) | data.swift:103:6:103:6 | SSA def(dataTainted7) |
+| data.swift:103:39:103:46 | call to source() | data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) |
+| data.swift:107:6:107:6 | SSA def(urlTainted8) | data.swift:108:38:108:38 | urlTainted8 |
+| data.swift:107:20:107:27 | call to source() | data.swift:107:6:107:6 | SSA def(urlTainted8) |
+| data.swift:108:6:108:6 | SSA def(dataTainted8) | data.swift:109:12:109:12 | dataTainted8 |
+| data.swift:108:21:108:21 | Data.Type | data.swift:108:21:108:21 | call to init(contentsOf:options:) |
+| data.swift:108:21:108:62 | call to init(contentsOf:options:) | data.swift:108:6:108:6 | SSA def(dataTainted8) |
+| data.swift:108:38:108:38 | urlTainted8 | data.swift:108:21:108:62 | call to init(contentsOf:options:) |
+| data.swift:112:6:112:6 | SSA def(dataTainted9) | data.swift:113:12:113:12 | dataTainted9 |
+| data.swift:112:21:112:21 | Data.Type | data.swift:112:21:112:21 | call to init(referencing:) |
+| data.swift:112:21:112:58 | call to init(referencing:) | data.swift:112:6:112:6 | SSA def(dataTainted9) |
+| data.swift:112:39:112:46 | call to source() | data.swift:112:21:112:58 | call to init(referencing:) |
+| data.swift:116:6:116:6 | SSA def(dataTainted10) | data.swift:117:2:117:2 | dataTainted10 |
+| data.swift:116:22:116:22 | Data.Type | data.swift:116:22:116:22 | call to init(_:) |
+| data.swift:116:22:116:29 | call to init(_:) | data.swift:116:6:116:6 | SSA def(dataTainted10) |
+| data.swift:116:27:116:27 |  | data.swift:116:22:116:29 | call to init(_:) |
+| data.swift:117:2:117:2 | [post] dataTainted10 | data.swift:118:12:118:12 | dataTainted10 |
+| data.swift:117:2:117:2 | dataTainted10 | data.swift:118:12:118:12 | dataTainted10 |
+| data.swift:117:23:117:30 | call to source() | data.swift:117:2:117:2 | [post] dataTainted10 |
+| data.swift:120:6:120:6 | SSA def(dataTainted11) | data.swift:121:2:121:2 | dataTainted11 |
+| data.swift:120:22:120:22 | Data.Type | data.swift:120:22:120:22 | call to init(_:) |
+| data.swift:120:22:120:29 | call to init(_:) | data.swift:120:6:120:6 | SSA def(dataTainted11) |
+| data.swift:120:27:120:27 |  | data.swift:120:22:120:29 | call to init(_:) |
+| data.swift:121:2:121:2 | [post] dataTainted11 | data.swift:122:12:122:12 | dataTainted11 |
+| data.swift:121:2:121:2 | dataTainted11 | data.swift:122:12:122:12 | dataTainted11 |
+| data.swift:121:23:121:30 | call to source() | data.swift:121:2:121:2 | [post] dataTainted11 |
+| data.swift:124:6:124:6 | SSA def(dataTainted12) | data.swift:125:2:125:2 | dataTainted12 |
+| data.swift:124:22:124:22 | Data.Type | data.swift:124:22:124:22 | call to init(_:) |
+| data.swift:124:22:124:29 | call to init(_:) | data.swift:124:6:124:6 | SSA def(dataTainted12) |
+| data.swift:124:27:124:27 |  | data.swift:124:22:124:29 | call to init(_:) |
+| data.swift:125:2:125:2 | [post] dataTainted12 | data.swift:126:12:126:12 | dataTainted12 |
+| data.swift:125:2:125:2 | dataTainted12 | data.swift:126:12:126:12 | dataTainted12 |
+| data.swift:125:23:125:30 | call to source() | data.swift:125:2:125:2 | [post] dataTainted12 |
+| data.swift:129:6:129:6 | SSA def(dataTainted13) | data.swift:130:2:130:2 | dataTainted13 |
+| data.swift:129:22:129:22 | Data.Type | data.swift:129:22:129:22 | call to init(_:) |
+| data.swift:129:22:129:29 | call to init(_:) | data.swift:129:6:129:6 | SSA def(dataTainted13) |
+| data.swift:129:27:129:27 |  | data.swift:129:22:129:29 | call to init(_:) |
+| data.swift:130:2:130:2 | [post] dataTainted13 | data.swift:131:12:131:12 | dataTainted13 |
+| data.swift:130:2:130:2 | dataTainted13 | data.swift:131:12:131:12 | dataTainted13 |
+| data.swift:130:23:130:30 | call to source() | data.swift:130:2:130:2 | [post] dataTainted13 |
+| data.swift:134:6:134:6 | SSA def(dataTainted14) | data.swift:135:2:135:2 | dataTainted14 |
+| data.swift:134:22:134:22 | Data.Type | data.swift:134:22:134:22 | call to init(_:) |
+| data.swift:134:22:134:29 | call to init(_:) | data.swift:134:6:134:6 | SSA def(dataTainted14) |
+| data.swift:134:27:134:27 |  | data.swift:134:22:134:29 | call to init(_:) |
+| data.swift:135:2:135:2 | [post] dataTainted14 | data.swift:136:12:136:12 | dataTainted14 |
+| data.swift:135:2:135:2 | dataTainted14 | data.swift:136:12:136:12 | dataTainted14 |
+| data.swift:135:35:135:42 | call to source() | data.swift:135:2:135:2 | [post] dataTainted14 |
+| data.swift:139:6:139:6 | SSA def(dataTainted15) | data.swift:140:12:140:12 | dataTainted15 |
+| data.swift:139:22:139:29 | call to source() | data.swift:139:6:139:6 | SSA def(dataTainted15) |
+| data.swift:140:12:140:12 | dataTainted15 | data.swift:140:12:140:55 | call to base64EncodedData(options:) |
+| data.swift:143:6:143:6 | SSA def(dataTainted16) | data.swift:144:12:144:12 | dataTainted16 |
+| data.swift:143:22:143:29 | call to source() | data.swift:143:6:143:6 | SSA def(dataTainted16) |
+| data.swift:144:12:144:12 | dataTainted16 | data.swift:144:12:144:57 | call to base64EncodedString(options:) |
+| data.swift:147:6:147:6 | SSA def(dataTainted17) | data.swift:148:29:148:29 | dataTainted17 |
+| data.swift:147:22:147:29 | call to source() | data.swift:147:6:147:6 | SSA def(dataTainted17) |
+| data.swift:148:6:148:25 | SSA def(compactMapped) | data.swift:149:12:149:12 | compactMapped |
+| data.swift:148:29:148:29 | dataTainted17 | data.swift:148:29:148:72 | call to compactMap(_:) |
+| data.swift:148:29:148:72 | call to compactMap(_:) | data.swift:148:6:148:25 | SSA def(compactMapped) |
+| data.swift:148:56:148:56 | SSA def(str) | data.swift:148:67:148:67 | str |
+| data.swift:148:56:148:56 | str | data.swift:148:56:148:56 | SSA def(str) |
+| data.swift:152:6:152:6 | SSA def(dataTainted18) | data.swift:154:2:154:2 | dataTainted18 |
+| data.swift:152:22:152:29 | call to source() | data.swift:152:6:152:6 | SSA def(dataTainted18) |
+| data.swift:153:6:153:6 | SSA def(pointerTainted18) | data.swift:154:30:154:30 | pointerTainted18 |
+| data.swift:153:25:153:90 | call to allocate(byteCount:alignment:) | data.swift:153:6:153:6 | SSA def(pointerTainted18) |
+| data.swift:154:2:154:2 | dataTainted18 | data.swift:154:30:154:30 | [post] pointerTainted18 |
+| data.swift:154:30:154:30 | [post] pointerTainted18 | data.swift:155:12:155:12 | pointerTainted18 |
+| data.swift:154:30:154:30 | pointerTainted18 | data.swift:155:12:155:12 | pointerTainted18 |
+| data.swift:158:6:158:6 | SSA def(dataTainted19) | data.swift:160:2:160:2 | dataTainted19 |
+| data.swift:158:22:158:29 | call to source() | data.swift:158:6:158:6 | SSA def(dataTainted19) |
+| data.swift:159:6:159:6 | SSA def(pointerTainted19) | data.swift:160:30:160:30 | pointerTainted19 |
+| data.swift:159:25:159:73 | call to allocate(capacity:) | data.swift:159:6:159:6 | SSA def(pointerTainted19) |
+| data.swift:160:30:160:30 | pointerTainted19 | data.swift:161:12:161:12 | pointerTainted19 |
+| data.swift:164:6:164:6 | SSA def(dataTainted20) | data.swift:166:2:166:2 | dataTainted20 |
+| data.swift:164:22:164:29 | call to source() | data.swift:164:6:164:6 | SSA def(dataTainted20) |
+| data.swift:165:6:165:6 | SSA def(pointerTainted20) | data.swift:166:30:166:30 | pointerTainted20 |
+| data.swift:165:25:165:73 | call to allocate(capacity:) | data.swift:165:6:165:6 | SSA def(pointerTainted20) |
+| data.swift:166:30:166:30 | pointerTainted20 | data.swift:167:12:167:12 | pointerTainted20 |
+| data.swift:170:6:170:6 | SSA def(dataTainted21) | data.swift:171:19:171:19 | dataTainted21 |
+| data.swift:170:22:170:29 | call to source() | data.swift:170:6:170:6 | SSA def(dataTainted21) |
+| data.swift:171:6:171:6 | SSA def(flatMapped) | data.swift:172:12:172:12 | flatMapped |
+| data.swift:171:19:171:19 | dataTainted21 | data.swift:171:19:171:74 | call to flatMap(_:) |
+| data.swift:171:19:171:74 | call to flatMap(_:) | data.swift:171:6:171:6 | SSA def(flatMapped) |
+| data.swift:171:41:171:41 | $0 | data.swift:171:41:171:41 | SSA def($0) |
+| data.swift:171:41:171:41 | SSA def($0) | data.swift:171:60:171:60 | $0 |
+| data.swift:174:6:174:6 | SSA def(dataTainted22) | data.swift:175:20:175:20 | dataTainted22 |
+| data.swift:174:22:174:29 | call to source() | data.swift:174:6:174:6 | SSA def(dataTainted22) |
+| data.swift:175:6:175:6 | SSA def(flatMapped2) | data.swift:176:12:176:12 | flatMapped2 |
+| data.swift:175:20:175:20 | dataTainted22 | data.swift:175:20:175:60 | call to flatMap(_:) |
+| data.swift:175:20:175:60 | call to flatMap(_:) | data.swift:175:6:175:6 | SSA def(flatMapped2) |
+| data.swift:175:44:175:44 | SSA def(str) | data.swift:175:55:175:55 | str |
+| data.swift:175:44:175:44 | str | data.swift:175:44:175:44 | SSA def(str) |
+| data.swift:179:6:179:6 | SSA def(dataTainted23) | data.swift:180:2:180:2 | dataTainted23 |
+| data.swift:179:22:179:22 | Data.Type | data.swift:179:22:179:22 | call to init(_:) |
+| data.swift:179:22:179:29 | call to init(_:) | data.swift:179:6:179:6 | SSA def(dataTainted23) |
+| data.swift:179:27:179:27 |  | data.swift:179:22:179:29 | call to init(_:) |
+| data.swift:180:2:180:2 | [post] dataTainted23 | data.swift:181:12:181:12 | dataTainted23 |
+| data.swift:180:2:180:2 | dataTainted23 | data.swift:181:12:181:12 | dataTainted23 |
+| data.swift:180:23:180:30 | call to source() | data.swift:180:2:180:2 | [post] dataTainted23 |
+| data.swift:184:6:184:6 | SSA def(dataTainted24) | data.swift:185:2:185:2 | dataTainted24 |
+| data.swift:184:22:184:22 | Data.Type | data.swift:184:22:184:22 | call to init(_:) |
+| data.swift:184:22:184:29 | call to init(_:) | data.swift:184:6:184:6 | SSA def(dataTainted24) |
+| data.swift:184:27:184:27 |  | data.swift:184:22:184:29 | call to init(_:) |
+| data.swift:185:2:185:2 | [post] dataTainted24 | data.swift:186:12:186:12 | dataTainted24 |
+| data.swift:185:2:185:2 | dataTainted24 | data.swift:186:12:186:12 | dataTainted24 |
+| data.swift:185:35:185:42 | call to source() | data.swift:185:2:185:2 | [post] dataTainted24 |
+| data.swift:189:6:189:6 | SSA def(dataTainted25) | data.swift:190:15:190:15 | dataTainted25 |
+| data.swift:189:22:189:29 | call to source() | data.swift:189:6:189:6 | SSA def(dataTainted25) |
+| data.swift:190:6:190:6 | SSA def(mapped) | data.swift:191:12:191:12 | mapped |
+| data.swift:190:15:190:15 | dataTainted25 | data.swift:190:15:190:38 | call to map(_:) |
+| data.swift:190:15:190:38 | call to map(_:) | data.swift:190:6:190:6 | SSA def(mapped) |
+| data.swift:190:33:190:33 | $0 | data.swift:190:33:190:33 | SSA def($0) |
+| data.swift:190:33:190:33 | SSA def($0) | data.swift:190:35:190:35 | $0 |
+| data.swift:194:6:194:6 | SSA def(dataTainted26) | data.swift:195:16:195:16 | dataTainted26 |
+| data.swift:194:22:194:29 | call to source() | data.swift:194:6:194:6 | SSA def(dataTainted26) |
+| data.swift:195:6:195:6 | SSA def(reduced) | data.swift:196:12:196:12 | reduced |
+| data.swift:195:16:195:16 | dataTainted26 | data.swift:195:16:195:80 | call to reduce(into:_:) |
+| data.swift:195:16:195:80 | call to reduce(into:_:) | data.swift:195:6:195:6 | SSA def(reduced) |
+| data.swift:195:50:195:50 | SSA def(c) | data.swift:195:58:195:58 | c |
+| data.swift:195:50:195:50 | c | data.swift:195:50:195:50 | SSA def(c) |
+| data.swift:195:53:195:53 | SSA def(i) | data.swift:195:60:195:60 | i |
+| data.swift:195:53:195:53 | i | data.swift:195:53:195:53 | SSA def(i) |
+| data.swift:195:58:195:58 | &... | data.swift:195:58:195:73 | ...[...] |
+| data.swift:195:58:195:58 | c | data.swift:195:58:195:58 | &... |
+| data.swift:195:58:195:73 | ...[...] | data.swift:195:58:195:73 | &... |
+| data.swift:199:6:199:6 | SSA def(dataTainted27) | data.swift:200:2:200:2 | dataTainted27 |
+| data.swift:199:22:199:22 | Data.Type | data.swift:199:22:199:22 | call to init(_:) |
+| data.swift:199:22:199:29 | call to init(_:) | data.swift:199:6:199:6 | SSA def(dataTainted27) |
+| data.swift:199:27:199:27 |  | data.swift:199:22:199:29 | call to init(_:) |
+| data.swift:200:2:200:2 | [post] dataTainted27 | data.swift:201:12:201:12 | dataTainted27 |
+| data.swift:200:2:200:2 | dataTainted27 | data.swift:201:12:201:12 | dataTainted27 |
+| data.swift:200:35:200:42 | call to source() | data.swift:200:2:200:2 | [post] dataTainted27 |
+| data.swift:204:6:204:6 | SSA def(dataTainted28) | data.swift:205:2:205:2 | dataTainted28 |
+| data.swift:204:22:204:22 | Data.Type | data.swift:204:22:204:22 | call to init(_:) |
+| data.swift:204:22:204:29 | call to init(_:) | data.swift:204:6:204:6 | SSA def(dataTainted28) |
+| data.swift:204:27:204:27 |  | data.swift:204:22:204:29 | call to init(_:) |
+| data.swift:205:2:205:2 | [post] dataTainted28 | data.swift:206:12:206:12 | dataTainted28 |
+| data.swift:205:2:205:2 | dataTainted28 | data.swift:206:12:206:12 | dataTainted28 |
+| data.swift:205:45:205:52 | call to source() | data.swift:205:2:205:2 | [post] dataTainted28 |
+| data.swift:208:6:208:6 | SSA def(dataTainted29) | data.swift:209:2:209:2 | dataTainted29 |
+| data.swift:208:22:208:22 | Data.Type | data.swift:208:22:208:22 | call to init(_:) |
+| data.swift:208:22:208:29 | call to init(_:) | data.swift:208:6:208:6 | SSA def(dataTainted29) |
+| data.swift:208:27:208:27 |  | data.swift:208:22:208:29 | call to init(_:) |
+| data.swift:209:2:209:2 | [post] dataTainted29 | data.swift:210:12:210:12 | dataTainted29 |
+| data.swift:209:2:209:2 | dataTainted29 | data.swift:210:12:210:12 | dataTainted29 |
+| data.swift:209:45:209:52 | call to source() | data.swift:209:2:209:2 | [post] dataTainted29 |
+| data.swift:212:6:212:6 | SSA def(dataTainted30) | data.swift:213:2:213:2 | dataTainted30 |
+| data.swift:212:22:212:22 | Data.Type | data.swift:212:22:212:22 | call to init(_:) |
+| data.swift:212:22:212:29 | call to init(_:) | data.swift:212:6:212:6 | SSA def(dataTainted30) |
+| data.swift:212:27:212:27 |  | data.swift:212:22:212:29 | call to init(_:) |
+| data.swift:213:2:213:2 | [post] dataTainted30 | data.swift:214:12:214:12 | dataTainted30 |
+| data.swift:213:2:213:2 | dataTainted30 | data.swift:214:12:214:12 | dataTainted30 |
+| data.swift:213:45:213:52 | call to source() | data.swift:213:2:213:2 | [post] dataTainted30 |
+| data.swift:217:6:217:6 | SSA def(dataTainted31) | data.swift:218:2:218:2 | dataTainted31 |
+| data.swift:217:22:217:22 | Data.Type | data.swift:217:22:217:22 | call to init(_:) |
+| data.swift:217:22:217:29 | call to init(_:) | data.swift:217:6:217:6 | SSA def(dataTainted31) |
+| data.swift:217:27:217:27 |  | data.swift:217:22:217:29 | call to init(_:) |
+| data.swift:218:2:218:2 | [post] dataTainted31 | data.swift:219:12:219:12 | dataTainted31 |
+| data.swift:218:2:218:2 | dataTainted31 | data.swift:219:12:219:12 | dataTainted31 |
+| data.swift:218:45:218:52 | call to source() | data.swift:218:2:218:2 | [post] dataTainted31 |
+| data.swift:222:6:222:6 | SSA def(dataTainted32) | data.swift:223:10:223:10 | dataTainted32 |
+| data.swift:222:22:222:22 | Data.Type | data.swift:222:22:222:22 | call to init(_:) |
+| data.swift:222:22:222:29 | call to init(_:) | data.swift:222:6:222:6 | SSA def(dataTainted32) |
+| data.swift:222:27:222:27 |  | data.swift:222:22:222:29 | call to init(_:) |
+| data.swift:223:10:223:10 | [post] dataTainted32 | data.swift:224:12:224:12 | dataTainted32 |
+| data.swift:223:10:223:10 | dataTainted32 | data.swift:224:12:224:12 | dataTainted32 |
+| data.swift:223:45:223:52 | call to source() | data.swift:223:10:223:10 | [post] dataTainted32 |
+| data.swift:227:6:227:6 | SSA def(dataTainted33) | data.swift:228:10:228:10 | dataTainted33 |
+| data.swift:227:22:227:22 | Data.Type | data.swift:227:22:227:22 | call to init(_:) |
+| data.swift:227:22:227:29 | call to init(_:) | data.swift:227:6:227:6 | SSA def(dataTainted33) |
+| data.swift:227:27:227:27 |  | data.swift:227:22:227:29 | call to init(_:) |
+| data.swift:228:10:228:10 | [post] dataTainted33 | data.swift:229:12:229:12 | dataTainted33 |
+| data.swift:228:10:228:10 | dataTainted33 | data.swift:229:12:229:12 | dataTainted33 |
+| data.swift:228:45:228:52 | call to source() | data.swift:228:10:228:10 | [post] dataTainted33 |
+| data.swift:232:6:232:6 | SSA def(dataTainted34) | data.swift:233:12:233:12 | dataTainted34 |
+| data.swift:232:22:232:29 | call to source() | data.swift:232:6:232:6 | SSA def(dataTainted34) |
+| data.swift:236:6:236:6 | SSA def(dataTainted35) | data.swift:237:12:237:12 | dataTainted35 |
+| data.swift:236:22:236:29 | call to source() | data.swift:236:6:236:6 | SSA def(dataTainted35) |
+| data.swift:237:12:237:12 | dataTainted35 | data.swift:237:12:237:33 | call to sorted() |
+| data.swift:240:6:240:6 | SSA def(dataTainted36) | data.swift:241:12:241:12 | dataTainted36 |
+| data.swift:240:22:240:29 | call to source() | data.swift:240:6:240:6 | SSA def(dataTainted36) |
+| data.swift:241:12:241:12 | dataTainted36 | data.swift:241:12:241:54 | call to sorted(by:) |
+| data.swift:244:6:244:6 | SSA def(dataTainted37) | data.swift:245:12:245:12 | dataTainted37 |
+| data.swift:244:22:244:29 | call to source() | data.swift:244:6:244:6 | SSA def(dataTainted37) |
+| data.swift:245:12:245:12 | dataTainted37 | data.swift:245:12:245:46 | call to sorted(using:) |
+| data.swift:245:40:245:44 | call to cmp() | data.swift:245:40:245:45 | ...! |
+| data.swift:248:6:248:6 | SSA def(dataTainted38) | data.swift:249:12:249:12 | dataTainted38 |
+| data.swift:248:22:248:29 | call to source() | data.swift:248:6:248:6 | SSA def(dataTainted38) |
+| data.swift:249:12:249:12 | dataTainted38 | data.swift:249:12:249:35 | call to shuffled() |
+| data.swift:252:6:252:6 | SSA def(dataTainted39) | data.swift:254:12:254:12 | dataTainted39 |
+| data.swift:252:22:252:29 | call to source() | data.swift:252:6:252:6 | SSA def(dataTainted39) |
+| data.swift:253:6:253:6 | SSA def(rng) | data.swift:254:43:254:43 | rng |
+| data.swift:253:12:253:16 | call to rng() | data.swift:253:12:253:17 | ...! |
+| data.swift:253:12:253:17 | ...! | data.swift:253:6:253:6 | SSA def(rng) |
+| data.swift:254:12:254:12 | dataTainted39 | data.swift:254:12:254:46 | call to shuffled(using:) |
+| data.swift:254:43:254:43 | rng | data.swift:254:42:254:43 | &... |
+| data.swift:257:6:257:6 | SSA def(dataTainted40) | data.swift:258:12:258:12 | dataTainted40 |
+| data.swift:257:22:257:29 | call to source() | data.swift:257:6:257:6 | SSA def(dataTainted40) |
+| data.swift:258:12:258:12 | dataTainted40 | data.swift:258:12:258:44 | call to trimmingPrefix(_:) |
+| data.swift:261:6:261:6 | SSA def(dataTainted41) | data.swift:262:12:262:12 | dataTainted41 |
+| data.swift:261:22:261:29 | call to source() | data.swift:261:6:261:6 | SSA def(dataTainted41) |
+| data.swift:262:12:262:12 | dataTainted41 | data.swift:262:12:262:54 | call to trimmingPrefix(while:) |
+| nsdata.swift:5:2:5:2 | SSA def(self) | nsdata.swift:5:2:5:25 | self[return] |
+| nsdata.swift:5:2:5:2 | self | nsdata.swift:5:2:5:2 | SSA def(self) |
+| nsdata.swift:10:5:10:5 | SSA def(self) | nsdata.swift:10:5:10:29 | self[return] |
+| nsdata.swift:10:5:10:5 | self | nsdata.swift:10:5:10:5 | SSA def(self) |
+| nsdata.swift:13:8:13:8 | SSA def(self) | nsdata.swift:13:8:13:8 | self[return] |
+| nsdata.swift:13:8:13:8 | self | nsdata.swift:13:8:13:8 | SSA def(self) |
+| nsdata.swift:15:8:15:8 | SSA def(self) | nsdata.swift:15:8:15:8 | self[return] |
+| nsdata.swift:15:8:15:8 | self | nsdata.swift:15:8:15:8 | SSA def(self) |
+| nsdata.swift:17:7:17:7 | SSA def(self) | nsdata.swift:17:7:17:7 | self[return] |
+| nsdata.swift:17:7:17:7 | self | nsdata.swift:17:7:17:7 | SSA def(self) |
+| nsdata.swift:18:45:18:45 | self | nsdata.swift:18:45:18:45 | SSA def(self) |
+| nsdata.swift:19:52:19:52 | self | nsdata.swift:19:52:19:52 | SSA def(self) |
+| nsdata.swift:20:52:20:52 | self | nsdata.swift:20:52:20:52 | SSA def(self) |
+| nsdata.swift:22:9:22:9 | self | nsdata.swift:22:9:22:9 | SSA def(self) |
+| nsdata.swift:22:9:22:9 | self | nsdata.swift:22:9:22:9 | SSA def(self) |
+| nsdata.swift:22:9:22:9 | self | nsdata.swift:22:9:22:9 | SSA def(self) |
+| nsdata.swift:22:9:22:9 | value | nsdata.swift:22:9:22:9 | SSA def(value) |
+| nsdata.swift:23:9:23:9 | self | nsdata.swift:23:9:23:9 | SSA def(self) |
+| nsdata.swift:23:9:23:9 | self | nsdata.swift:23:9:23:9 | SSA def(self) |
+| nsdata.swift:23:9:23:9 | self | nsdata.swift:23:9:23:9 | SSA def(self) |
+| nsdata.swift:23:9:23:9 | value | nsdata.swift:23:9:23:9 | SSA def(value) |
+| nsdata.swift:24:5:24:5 | SSA def(self) | nsdata.swift:24:5:24:50 | self[return] |
+| nsdata.swift:24:5:24:5 | self | nsdata.swift:24:5:24:5 | SSA def(self) |
+| nsdata.swift:25:5:25:5 | SSA def(self) | nsdata.swift:25:5:25:68 | self[return] |
+| nsdata.swift:25:5:25:5 | self | nsdata.swift:25:5:25:5 | SSA def(self) |
+| nsdata.swift:26:5:26:5 | SSA def(self) | nsdata.swift:26:5:26:130 | self[return] |
+| nsdata.swift:26:5:26:5 | self | nsdata.swift:26:5:26:5 | SSA def(self) |
+| nsdata.swift:27:5:27:5 | SSA def(self) | nsdata.swift:27:5:27:90 | self[return] |
+| nsdata.swift:27:5:27:5 | self | nsdata.swift:27:5:27:5 | SSA def(self) |
+| nsdata.swift:28:5:28:5 | SSA def(self) | nsdata.swift:28:5:28:23 | self[return] |
+| nsdata.swift:28:5:28:5 | self | nsdata.swift:28:5:28:5 | SSA def(self) |
+| nsdata.swift:29:5:29:5 | SSA def(self) | nsdata.swift:29:5:29:36 | self[return] |
+| nsdata.swift:29:5:29:5 | self | nsdata.swift:29:5:29:5 | SSA def(self) |
+| nsdata.swift:30:5:30:5 | SSA def(self) | nsdata.swift:30:5:30:93 | self[return] |
+| nsdata.swift:30:5:30:5 | self | nsdata.swift:30:5:30:5 | SSA def(self) |
+| nsdata.swift:31:5:31:5 | SSA def(self) | nsdata.swift:31:5:31:29 | self[return] |
+| nsdata.swift:31:5:31:5 | self | nsdata.swift:31:5:31:5 | SSA def(self) |
+| nsdata.swift:32:5:32:5 | SSA def(self) | nsdata.swift:32:5:32:61 | self[return] |
+| nsdata.swift:32:5:32:5 | self | nsdata.swift:32:5:32:5 | SSA def(self) |
+| nsdata.swift:33:5:33:5 | SSA def(self) | nsdata.swift:33:5:33:47 | self[return] |
+| nsdata.swift:33:5:33:5 | self | nsdata.swift:33:5:33:5 | SSA def(self) |
+| nsdata.swift:34:5:34:5 | SSA def(self) | nsdata.swift:34:5:34:88 | self[return] |
+| nsdata.swift:34:5:34:5 | self | nsdata.swift:34:5:34:5 | SSA def(self) |
+| nsdata.swift:35:5:35:5 | SSA def(self) | nsdata.swift:35:5:35:92 | self[return] |
+| nsdata.swift:35:5:35:5 | self | nsdata.swift:35:5:35:5 | SSA def(self) |
+| nsdata.swift:36:5:36:5 | SSA def(self) | nsdata.swift:36:5:36:49 | self[return] |
+| nsdata.swift:36:5:36:5 | self | nsdata.swift:36:5:36:5 | SSA def(self) |
+| nsdata.swift:37:10:37:10 | SSA def(self) | nsdata.swift:37:5:37:98 | self[return] |
+| nsdata.swift:37:10:37:10 | self | nsdata.swift:37:10:37:10 | SSA def(self) |
+| nsdata.swift:37:89:37:89 | Data.Type | nsdata.swift:37:89:37:89 | call to init(_:) |
+| nsdata.swift:37:94:37:94 |  | nsdata.swift:37:89:37:96 | call to init(_:) |
+| nsdata.swift:38:10:38:10 | SSA def(self) | nsdata.swift:38:5:38:96 | self[return] |
+| nsdata.swift:38:10:38:10 | self | nsdata.swift:38:10:38:10 | SSA def(self) |
+| nsdata.swift:39:10:39:10 | SSA def(self) | nsdata.swift:39:5:39:49 | self[return] |
+| nsdata.swift:39:10:39:10 | self | nsdata.swift:39:10:39:10 | SSA def(self) |
+| nsdata.swift:40:16:40:16 | SSA def(self) | nsdata.swift:40:5:40:82 | self[return] |
+| nsdata.swift:40:16:40:16 | self | nsdata.swift:40:16:40:16 | SSA def(self) |
+| nsdata.swift:41:10:41:10 | SSA def(self) | nsdata.swift:41:5:41:104 | self[return] |
+| nsdata.swift:41:10:41:10 | self | nsdata.swift:41:10:41:10 | SSA def(self) |
+| nsdata.swift:42:10:42:10 | SSA def(self) | nsdata.swift:42:5:42:55 | self[return] |
+| nsdata.swift:42:10:42:10 | self | nsdata.swift:42:10:42:10 | SSA def(self) |
+| nsdata.swift:43:10:43:10 | SSA def(self) | nsdata.swift:43:5:43:68 | self[return] |
+| nsdata.swift:43:10:43:10 | self | nsdata.swift:43:10:43:10 | SSA def(self) |
+| nsdata.swift:44:10:44:10 | SSA def(self) | nsdata.swift:44:5:44:71 | self[return] |
+| nsdata.swift:44:10:44:10 | self | nsdata.swift:44:10:44:10 | SSA def(self) |
+| nsdata.swift:45:10:45:10 | SSA def(self) | nsdata.swift:45:5:45:65 | self[return] |
+| nsdata.swift:45:10:45:10 | self | nsdata.swift:45:10:45:10 | SSA def(self) |
+| nsdata.swift:45:56:45:56 | Data.Type | nsdata.swift:45:56:45:56 | call to init(_:) |
+| nsdata.swift:45:61:45:61 |  | nsdata.swift:45:56:45:63 | call to init(_:) |
+| nsdata.swift:46:10:46:10 | SSA def(self) | nsdata.swift:46:84:46:84 | self |
+| nsdata.swift:46:10:46:10 | self | nsdata.swift:46:10:46:10 | SSA def(self) |
+| nsdata.swift:46:84:46:84 | self | nsdata.swift:46:5:46:89 | self[return] |
+| nsdata.swift:47:10:47:10 | SSA def(self) | nsdata.swift:47:86:47:86 | self |
+| nsdata.swift:47:10:47:10 | self | nsdata.swift:47:10:47:10 | SSA def(self) |
+| nsdata.swift:47:86:47:86 | self | nsdata.swift:47:5:47:91 | self[return] |
+| nsdata.swift:57:9:57:9 | SSA def(nsDataTainted1) | nsdata.swift:58:15:58:15 | nsDataTainted1 |
+| nsdata.swift:57:26:57:26 | NSData.Type | nsdata.swift:57:26:57:26 | call to init(bytes:length:) |
+| nsdata.swift:57:26:57:80 | call to init(bytes:length:) | nsdata.swift:57:9:57:9 | SSA def(nsDataTainted1) |
+| nsdata.swift:57:40:57:47 | call to source() | nsdata.swift:57:26:57:80 | call to init(bytes:length:) |
+| nsdata.swift:60:9:60:9 | SSA def(nsDataTainted2) | nsdata.swift:61:15:61:15 | nsDataTainted2 |
+| nsdata.swift:60:26:60:26 | NSData.Type | nsdata.swift:60:26:60:26 | call to init(bytesNoCopy:length:) |
+| nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) | nsdata.swift:60:9:60:9 | SSA def(nsDataTainted2) |
+| nsdata.swift:60:46:60:53 | call to source() | nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) |
+| nsdata.swift:63:9:63:9 | SSA def(nsDataTainted3) | nsdata.swift:64:15:64:15 | nsDataTainted3 |
+| nsdata.swift:63:26:63:26 | NSData.Type | nsdata.swift:63:26:63:26 | call to init(bytesNoCopy:length:deallocator:) |
+| nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) | nsdata.swift:63:9:63:9 | SSA def(nsDataTainted3) |
+| nsdata.swift:63:46:63:53 | call to source() | nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) |
+| nsdata.swift:66:9:66:9 | SSA def(nsDataTainted4) | nsdata.swift:67:15:67:15 | nsDataTainted4 |
+| nsdata.swift:66:26:66:26 | NSData.Type | nsdata.swift:66:26:66:26 | call to init(bytesNoCopy:length:freeWhenDone:) |
+| nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) | nsdata.swift:66:9:66:9 | SSA def(nsDataTainted4) |
+| nsdata.swift:66:46:66:53 | call to source() | nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) |
+| nsdata.swift:69:9:69:9 | SSA def(nsDataTainted5) | nsdata.swift:70:15:70:15 | nsDataTainted5 |
+| nsdata.swift:69:26:69:26 | NSData.Type | nsdata.swift:69:26:69:26 | call to init(data:) |
+| nsdata.swift:69:26:69:56 | call to init(data:) | nsdata.swift:69:9:69:9 | SSA def(nsDataTainted5) |
+| nsdata.swift:69:39:69:46 | call to source() | nsdata.swift:69:26:69:56 | call to init(data:) |
+| nsdata.swift:72:9:72:9 | SSA def(nsDataTainted6) | nsdata.swift:73:15:73:15 | nsDataTainted6 |
+| nsdata.swift:72:26:72:26 | NSData.Type | nsdata.swift:72:26:72:26 | call to init(contentsOfFile:) |
+| nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) | nsdata.swift:72:9:72:9 | SSA def(nsDataTainted6) |
+| nsdata.swift:72:49:72:56 | call to source() | nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) |
+| nsdata.swift:73:15:73:15 | nsDataTainted6 | nsdata.swift:73:15:73:29 | ...! |
+| nsdata.swift:75:9:75:9 | SSA def(nsDataTainted7) | nsdata.swift:76:15:76:15 | nsDataTainted7 |
+| nsdata.swift:75:26:75:26 | NSData.Type | nsdata.swift:75:26:75:26 | call to init(contentsOfFile:options:) |
+| nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) | nsdata.swift:75:9:75:9 | SSA def(nsDataTainted7) |
+| nsdata.swift:75:49:75:56 | call to source() | nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) |
+| nsdata.swift:78:9:78:9 | SSA def(nsDataTainted8) | nsdata.swift:79:15:79:15 | nsDataTainted8 |
+| nsdata.swift:78:26:78:26 | NSData.Type | nsdata.swift:78:26:78:26 | call to init(contentsOf:) |
+| nsdata.swift:78:26:78:61 | call to init(contentsOf:) | nsdata.swift:78:9:78:9 | SSA def(nsDataTainted8) |
+| nsdata.swift:78:45:78:52 | call to source() | nsdata.swift:78:26:78:61 | call to init(contentsOf:) |
+| nsdata.swift:79:15:79:15 | nsDataTainted8 | nsdata.swift:79:15:79:29 | ...! |
+| nsdata.swift:81:9:81:9 | SSA def(nsDataTainted9) | nsdata.swift:82:15:82:15 | nsDataTainted9 |
+| nsdata.swift:81:26:81:26 | NSData.Type | nsdata.swift:81:26:81:26 | call to init(contentsOf:options:) |
+| nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) | nsdata.swift:81:9:81:9 | SSA def(nsDataTainted9) |
+| nsdata.swift:81:45:81:52 | call to source() | nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) |
+| nsdata.swift:82:15:82:15 | nsDataTainted9 | nsdata.swift:82:15:82:29 | ...! |
+| nsdata.swift:84:9:84:9 | SSA def(nsDataTainted10) | nsdata.swift:85:15:85:15 | nsDataTainted10 |
+| nsdata.swift:84:27:84:27 | NSData.Type | nsdata.swift:84:27:84:27 | call to init(contentsOfMappedFile:) |
+| nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) | nsdata.swift:84:9:84:9 | SSA def(nsDataTainted10) |
+| nsdata.swift:84:56:84:63 | call to source() | nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) |
+| nsdata.swift:85:15:85:15 | nsDataTainted10 | nsdata.swift:85:15:85:30 | ...! |
+| nsdata.swift:87:9:87:9 | SSA def(nsDataTainted11) | nsdata.swift:88:15:88:15 | nsDataTainted11 |
+| nsdata.swift:87:27:87:27 | NSData.Type | nsdata.swift:87:27:87:27 | call to init(base64Encoded:options:) |
+| nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) | nsdata.swift:87:9:87:9 | SSA def(nsDataTainted11) |
+| nsdata.swift:87:49:87:56 | call to source() | nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) |
+| nsdata.swift:88:15:88:15 | nsDataTainted11 | nsdata.swift:88:15:88:30 | ...! |
+| nsdata.swift:89:9:89:9 | SSA def(nsDataTainted12) | nsdata.swift:90:15:90:15 | nsDataTainted12 |
+| nsdata.swift:89:27:89:27 | NSData.Type | nsdata.swift:89:27:89:27 | call to init(base64Encoded:options:) |
+| nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) | nsdata.swift:89:9:89:9 | SSA def(nsDataTainted12) |
+| nsdata.swift:89:49:89:56 | call to source() | nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) |
+| nsdata.swift:90:15:90:15 | nsDataTainted12 | nsdata.swift:90:15:90:30 | ...! |
+| nsdata.swift:92:9:92:9 | SSA def(nsDataTainted13) | nsdata.swift:93:15:93:15 | nsDataTainted13 |
+| nsdata.swift:92:27:92:27 | NSData.Type | nsdata.swift:92:27:92:27 | call to init(base64Encoding:) |
+| nsdata.swift:92:27:92:69 | call to init(base64Encoding:) | nsdata.swift:92:9:92:9 | SSA def(nsDataTainted13) |
+| nsdata.swift:92:50:92:57 | call to source() | nsdata.swift:92:27:92:69 | call to init(base64Encoding:) |
+| nsdata.swift:93:15:93:15 | nsDataTainted13 | nsdata.swift:93:15:93:30 | ...! |
+| nsdata.swift:95:9:95:9 | SSA def(nsDataTainted14) | nsdata.swift:96:15:96:15 | nsDataTainted14 |
+| nsdata.swift:95:27:95:34 | call to source() | nsdata.swift:95:9:95:9 | SSA def(nsDataTainted14) |
+| nsdata.swift:96:15:96:15 | [post] nsDataTainted14 | nsdata.swift:97:15:97:15 | nsDataTainted14 |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 | nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 | nsdata.swift:97:15:97:15 | nsDataTainted14 |
+| nsdata.swift:97:15:97:15 | nsDataTainted14 | nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) |
+| nsdata.swift:99:9:99:9 | SSA def(nsDataTainted15) | nsdata.swift:100:15:100:15 | nsDataTainted15 |
+| nsdata.swift:99:27:99:34 | call to source() | nsdata.swift:99:9:99:9 | SSA def(nsDataTainted15) |
+| nsdata.swift:100:15:100:15 | [post] nsDataTainted15 | nsdata.swift:101:15:101:15 | nsDataTainted15 |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 | nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 | nsdata.swift:101:15:101:15 | nsDataTainted15 |
+| nsdata.swift:101:15:101:15 | nsDataTainted15 | nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) |
+| nsdata.swift:103:9:103:9 | SSA def(nsDataTainted16) | nsdata.swift:104:15:104:15 | nsDataTainted16 |
+| nsdata.swift:103:27:103:34 | call to source() | nsdata.swift:103:9:103:9 | SSA def(nsDataTainted16) |
+| nsdata.swift:104:15:104:15 | nsDataTainted16 | nsdata.swift:104:15:104:46 | call to base64Encoding() |
+| nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) | nsdata.swift:106:15:106:71 | ...! |
+| nsdata.swift:106:51:106:58 | call to source() | nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) |
+| nsdata.swift:108:9:108:9 | SSA def(nsDataTainted17) | nsdata.swift:109:5:109:5 | nsDataTainted17 |
+| nsdata.swift:108:27:108:34 | call to source() | nsdata.swift:108:9:108:9 | SSA def(nsDataTainted17) |
+| nsdata.swift:110:9:110:9 | SSA def(bytes) | nsdata.swift:110:45:110:45 | bytes |
+| nsdata.swift:110:9:110:9 | bytes | nsdata.swift:110:9:110:9 | SSA def(bytes) |
+| nsdata.swift:113:9:113:9 | SSA def(nsDataTainted18) | nsdata.swift:115:5:115:5 | nsDataTainted18 |
+| nsdata.swift:113:27:113:34 | call to source() | nsdata.swift:113:9:113:9 | SSA def(nsDataTainted18) |
+| nsdata.swift:114:9:114:9 | SSA def(bufferTainted18) | nsdata.swift:115:30:115:30 | bufferTainted18 |
+| nsdata.swift:114:27:114:64 | call to init(bitPattern:) | nsdata.swift:114:27:114:65 | ...! |
+| nsdata.swift:114:27:114:65 | ...! | nsdata.swift:114:9:114:9 | SSA def(bufferTainted18) |
+| nsdata.swift:115:5:115:5 | nsDataTainted18 | nsdata.swift:115:30:115:30 | [post] bufferTainted18 |
+| nsdata.swift:115:30:115:30 | [post] bufferTainted18 | nsdata.swift:116:15:116:15 | bufferTainted18 |
+| nsdata.swift:115:30:115:30 | bufferTainted18 | nsdata.swift:116:15:116:15 | bufferTainted18 |
+| nsdata.swift:118:9:118:9 | SSA def(nsDataTainted19) | nsdata.swift:120:5:120:5 | nsDataTainted19 |
+| nsdata.swift:118:27:118:34 | call to source() | nsdata.swift:118:9:118:9 | SSA def(nsDataTainted19) |
+| nsdata.swift:119:9:119:9 | SSA def(bufferTainted19) | nsdata.swift:120:30:120:30 | bufferTainted19 |
+| nsdata.swift:119:27:119:64 | call to init(bitPattern:) | nsdata.swift:119:27:119:65 | ...! |
+| nsdata.swift:119:27:119:65 | ...! | nsdata.swift:119:9:119:9 | SSA def(bufferTainted19) |
+| nsdata.swift:120:5:120:5 | nsDataTainted19 | nsdata.swift:120:30:120:30 | [post] bufferTainted19 |
+| nsdata.swift:120:30:120:30 | [post] bufferTainted19 | nsdata.swift:121:15:121:15 | bufferTainted19 |
+| nsdata.swift:120:30:120:30 | bufferTainted19 | nsdata.swift:121:15:121:15 | bufferTainted19 |
+| nsdata.swift:123:9:123:9 | SSA def(nsDataTainted20) | nsdata.swift:125:5:125:5 | nsDataTainted20 |
+| nsdata.swift:123:27:123:34 | call to source() | nsdata.swift:123:9:123:9 | SSA def(nsDataTainted20) |
+| nsdata.swift:124:9:124:9 | SSA def(bufferTainted20) | nsdata.swift:125:30:125:30 | bufferTainted20 |
+| nsdata.swift:124:27:124:64 | call to init(bitPattern:) | nsdata.swift:124:27:124:65 | ...! |
+| nsdata.swift:124:27:124:65 | ...! | nsdata.swift:124:9:124:9 | SSA def(bufferTainted20) |
+| nsdata.swift:125:5:125:5 | nsDataTainted20 | nsdata.swift:125:30:125:30 | [post] bufferTainted20 |
+| nsdata.swift:125:30:125:30 | [post] bufferTainted20 | nsdata.swift:126:15:126:15 | bufferTainted20 |
+| nsdata.swift:125:30:125:30 | bufferTainted20 | nsdata.swift:126:15:126:15 | bufferTainted20 |
+| nsdata.swift:128:9:128:9 | SSA def(nsDataTainted21) | nsdata.swift:129:15:129:15 | nsDataTainted21 |
+| nsdata.swift:128:27:128:34 | call to source() | nsdata.swift:128:9:128:9 | SSA def(nsDataTainted21) |
+| nsdata.swift:129:15:129:15 | nsDataTainted21 | nsdata.swift:129:15:129:54 | call to subdata(with:) |
+| nsdata.swift:131:9:131:9 | SSA def(nsDataTainted22) | nsdata.swift:132:15:132:15 | nsDataTainted22 |
+| nsdata.swift:131:27:131:34 | call to source() | nsdata.swift:131:9:131:9 | SSA def(nsDataTainted22) |
+| nsdata.swift:132:15:132:15 | nsDataTainted22 | nsdata.swift:132:15:132:81 | call to compressed(using:) |
+| nsdata.swift:134:9:134:9 | SSA def(nsDataTainted23) | nsdata.swift:135:15:135:15 | nsDataTainted23 |
+| nsdata.swift:134:27:134:34 | call to source() | nsdata.swift:134:9:134:9 | SSA def(nsDataTainted23) |
+| nsdata.swift:135:15:135:15 | nsDataTainted23 | nsdata.swift:135:15:135:83 | call to decompressed(using:) |
+| nsdata.swift:138:9:138:9 | SSA def(nsDataTainted24) | nsdata.swift:139:15:139:15 | nsDataTainted24 |
+| nsdata.swift:138:27:138:34 | call to source() | nsdata.swift:138:9:138:9 | SSA def(nsDataTainted24) |
+| nsdata.swift:139:15:139:15 | [post] nsDataTainted24 | nsdata.swift:140:15:140:15 | nsDataTainted24 |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 | nsdata.swift:139:15:139:31 | .bytes |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 | nsdata.swift:140:15:140:15 | nsDataTainted24 |
+| nsdata.swift:140:15:140:15 | nsDataTainted24 | nsdata.swift:140:15:140:31 | .description |
+| nsmutabledata.swift:5:5:5:5 | SSA def(self) | nsmutabledata.swift:5:5:5:29 | self[return] |
+| nsmutabledata.swift:5:5:5:5 | self | nsmutabledata.swift:5:5:5:5 | SSA def(self) |
+| nsmutabledata.swift:8:8:8:8 | SSA def(self) | nsmutabledata.swift:8:8:8:8 | self[return] |
+| nsmutabledata.swift:8:8:8:8 | self | nsmutabledata.swift:8:8:8:8 | SSA def(self) |
+| nsmutabledata.swift:10:7:10:7 | SSA def(self) | nsmutabledata.swift:10:7:10:7 | self[return] |
+| nsmutabledata.swift:10:7:10:7 | SSA def(self) | nsmutabledata.swift:10:7:10:7 | self[return] |
+| nsmutabledata.swift:10:7:10:7 | self | nsmutabledata.swift:10:7:10:7 | SSA def(self) |
+| nsmutabledata.swift:10:7:10:7 | self | nsmutabledata.swift:10:7:10:7 | SSA def(self) |
+| nsmutabledata.swift:12:7:12:7 | SSA def(self) | nsmutabledata.swift:12:7:12:7 | self[return] |
+| nsmutabledata.swift:12:7:12:7 | self | nsmutabledata.swift:12:7:12:7 | SSA def(self) |
+| nsmutabledata.swift:12:30:12:30 | SSA def(self) | nsmutabledata.swift:12:30:12:30 | self[return] |
+| nsmutabledata.swift:12:30:12:30 | self | nsmutabledata.swift:12:30:12:30 | SSA def(self) |
+| nsmutabledata.swift:13:9:13:9 | self | nsmutabledata.swift:13:9:13:9 | SSA def(self) |
+| nsmutabledata.swift:13:9:13:9 | self | nsmutabledata.swift:13:9:13:9 | SSA def(self) |
+| nsmutabledata.swift:13:9:13:9 | self | nsmutabledata.swift:13:9:13:9 | SSA def(self) |
+| nsmutabledata.swift:13:9:13:9 | value | nsmutabledata.swift:13:9:13:9 | SSA def(value) |
+| nsmutabledata.swift:14:10:14:10 | SSA def(self) | nsmutabledata.swift:14:5:14:58 | self[return] |
+| nsmutabledata.swift:14:10:14:10 | self | nsmutabledata.swift:14:10:14:10 | SSA def(self) |
+| nsmutabledata.swift:15:10:15:10 | SSA def(self) | nsmutabledata.swift:15:5:15:33 | self[return] |
+| nsmutabledata.swift:15:10:15:10 | self | nsmutabledata.swift:15:10:15:10 | SSA def(self) |
+| nsmutabledata.swift:16:10:16:10 | SSA def(self) | nsmutabledata.swift:16:5:16:78 | self[return] |
+| nsmutabledata.swift:16:10:16:10 | self | nsmutabledata.swift:16:10:16:10 | SSA def(self) |
+| nsmutabledata.swift:17:10:17:10 | SSA def(self) | nsmutabledata.swift:17:5:17:121 | self[return] |
+| nsmutabledata.swift:17:10:17:10 | self | nsmutabledata.swift:17:10:17:10 | SSA def(self) |
+| nsmutabledata.swift:18:10:18:10 | SSA def(self) | nsmutabledata.swift:18:5:18:33 | self[return] |
+| nsmutabledata.swift:18:10:18:10 | self | nsmutabledata.swift:18:10:18:10 | SSA def(self) |
+| nsmutabledata.swift:27:9:27:9 | SSA def(nsMutableDataTainted1) | nsmutabledata.swift:28:5:28:5 | nsMutableDataTainted1 |
+| nsmutabledata.swift:27:33:27:47 | call to init() | nsmutabledata.swift:27:9:27:9 | SSA def(nsMutableDataTainted1) |
+| nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 | nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 |
+| nsmutabledata.swift:28:5:28:5 | nsMutableDataTainted1 | nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 |
+| nsmutabledata.swift:28:34:28:41 | call to source() | nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 |
+| nsmutabledata.swift:31:9:31:9 | SSA def(nsMutableDataTainted2) | nsmutabledata.swift:32:5:32:5 | nsMutableDataTainted2 |
+| nsmutabledata.swift:31:33:31:47 | call to init() | nsmutabledata.swift:31:9:31:9 | SSA def(nsMutableDataTainted2) |
+| nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 | nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 |
+| nsmutabledata.swift:32:5:32:5 | nsMutableDataTainted2 | nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 |
+| nsmutabledata.swift:32:34:32:41 | call to source() | nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 |
+| nsmutabledata.swift:35:9:35:9 | SSA def(nsMutableDataTainted3) | nsmutabledata.swift:36:5:36:5 | nsMutableDataTainted3 |
+| nsmutabledata.swift:35:33:35:47 | call to init() | nsmutabledata.swift:35:9:35:9 | SSA def(nsMutableDataTainted3) |
+| nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 | nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 |
+| nsmutabledata.swift:36:5:36:5 | nsMutableDataTainted3 | nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 |
+| nsmutabledata.swift:36:66:36:73 | call to source() | nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 |
+| nsmutabledata.swift:39:9:39:9 | SSA def(nsMutableDataTainted4) | nsmutabledata.swift:40:5:40:5 | nsMutableDataTainted4 |
+| nsmutabledata.swift:39:33:39:47 | call to init() | nsmutabledata.swift:39:9:39:9 | SSA def(nsMutableDataTainted4) |
+| nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 |
+| nsmutabledata.swift:40:5:40:5 | nsMutableDataTainted4 | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 |
+| nsmutabledata.swift:40:66:40:73 | call to source() | nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 |
+| nsmutabledata.swift:43:9:43:9 | SSA def(nsMutableDataTainted5) | nsmutabledata.swift:44:5:44:5 | nsMutableDataTainted5 |
+| nsmutabledata.swift:43:33:43:47 | call to init() | nsmutabledata.swift:43:9:43:9 | SSA def(nsMutableDataTainted5) |
+| nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 |
+| nsmutabledata.swift:44:5:44:5 | nsMutableDataTainted5 | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 |
+| nsmutabledata.swift:44:35:44:42 | call to source() | nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 |
+| nsmutabledata.swift:48:9:48:9 | SSA def(nsMutableDataTainted6) | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 |
+| nsmutabledata.swift:48:33:48:40 | call to source() | nsmutabledata.swift:48:9:48:9 | SSA def(nsMutableDataTainted6) |
+| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
+| string.swift:5:7:5:7 | SSA def(x) | string.swift:7:16:7:16 | x |
+| string.swift:5:11:5:18 | call to source() | string.swift:5:7:5:7 | SSA def(x) |
 | string.swift:7:13:7:13 |  | string.swift:7:13:7:13 | [post]  |
 | string.swift:7:13:7:13 |  | string.swift:7:14:7:14 | [post] &... |
+| string.swift:7:13:7:13 | SSA def($interpolation) | string.swift:7:14:7:14 | SSA phi($interpolation) |
 | string.swift:7:13:7:13 | TapExpr | string.swift:7:13:7:13 | "..." |
+| string.swift:7:14:7:14 | $interpolation | string.swift:7:14:7:14 | &... |
 | string.swift:7:14:7:14 | &... | string.swift:7:13:7:13 | [post]  |
 | string.swift:7:14:7:14 | &... | string.swift:7:14:7:14 | [post] &... |
+| string.swift:7:14:7:14 | &... | string.swift:7:15:7:15 | $interpolation |
+| string.swift:7:14:7:14 | SSA phi($interpolation) | string.swift:7:14:7:14 | $interpolation |
+| string.swift:7:14:7:14 | [post] &... | string.swift:7:15:7:15 | $interpolation |
+| string.swift:7:15:7:15 | $interpolation | string.swift:7:15:7:15 | &... |
 | string.swift:7:15:7:15 | &... | string.swift:7:15:7:15 | [post] &... |
+| string.swift:7:15:7:15 | &... | string.swift:7:16:7:16 | [post] x |
+| string.swift:7:15:7:15 | &... | string.swift:7:18:7:18 | $interpolation |
+| string.swift:7:15:7:15 | [post] &... | string.swift:7:18:7:18 | $interpolation |
+| string.swift:7:16:7:16 | [post] x | string.swift:9:16:9:16 | x |
 | string.swift:7:16:7:16 | x | string.swift:7:15:7:15 | [post] &... |
+| string.swift:7:16:7:16 | x | string.swift:7:16:7:16 | [post] x |
+| string.swift:7:16:7:16 | x | string.swift:9:16:9:16 | x |
 | string.swift:7:18:7:18 |  | string.swift:7:18:7:18 | [post]  |
 | string.swift:7:18:7:18 |  | string.swift:7:18:7:18 | [post] &... |
+| string.swift:7:18:7:18 | $interpolation | string.swift:7:18:7:18 | &... |
+| string.swift:7:18:7:18 | &... | string.swift:7:13:7:13 | TapExpr |
 | string.swift:7:18:7:18 | &... | string.swift:7:18:7:18 | [post]  |
 | string.swift:7:18:7:18 | &... | string.swift:7:18:7:18 | [post] &... |
+| string.swift:7:18:7:18 | [post] &... | string.swift:7:13:7:13 | TapExpr |
 | string.swift:9:13:9:13 |  | string.swift:9:13:9:13 | [post]  |
 | string.swift:9:13:9:13 |  | string.swift:9:14:9:14 | [post] &... |
+| string.swift:9:13:9:13 | SSA def($interpolation) | string.swift:9:14:9:14 | SSA phi($interpolation) |
 | string.swift:9:13:9:13 | TapExpr | string.swift:9:13:9:13 | "..." |
+| string.swift:9:14:9:14 | $interpolation | string.swift:9:14:9:14 | &... |
 | string.swift:9:14:9:14 | &... | string.swift:9:13:9:13 | [post]  |
 | string.swift:9:14:9:14 | &... | string.swift:9:14:9:14 | [post] &... |
+| string.swift:9:14:9:14 | &... | string.swift:9:15:9:15 | $interpolation |
+| string.swift:9:14:9:14 | SSA phi($interpolation) | string.swift:9:14:9:14 | $interpolation |
+| string.swift:9:14:9:14 | [post] &... | string.swift:9:15:9:15 | $interpolation |
+| string.swift:9:15:9:15 | $interpolation | string.swift:9:15:9:15 | &... |
 | string.swift:9:15:9:15 | &... | string.swift:9:15:9:15 | [post] &... |
+| string.swift:9:15:9:15 | &... | string.swift:9:16:9:16 | [post] x |
+| string.swift:9:15:9:15 | &... | string.swift:9:18:9:18 | $interpolation |
+| string.swift:9:15:9:15 | [post] &... | string.swift:9:18:9:18 | $interpolation |
+| string.swift:9:16:9:16 | [post] x | string.swift:9:21:9:21 | x |
 | string.swift:9:16:9:16 | x | string.swift:9:15:9:15 | [post] &... |
+| string.swift:9:16:9:16 | x | string.swift:9:16:9:16 | [post] x |
+| string.swift:9:16:9:16 | x | string.swift:9:21:9:21 | x |
 | string.swift:9:18:9:18 |   | string.swift:9:18:9:18 | [post]   |
 | string.swift:9:18:9:18 |   | string.swift:9:18:9:18 | [post] &... |
+| string.swift:9:18:9:18 | $interpolation | string.swift:9:18:9:18 | &... |
 | string.swift:9:18:9:18 | &... | string.swift:9:18:9:18 | [post]   |
 | string.swift:9:18:9:18 | &... | string.swift:9:18:9:18 | [post] &... |
+| string.swift:9:18:9:18 | &... | string.swift:9:20:9:20 | $interpolation |
+| string.swift:9:18:9:18 | [post] &... | string.swift:9:20:9:20 | $interpolation |
+| string.swift:9:20:9:20 | $interpolation | string.swift:9:20:9:20 | &... |
 | string.swift:9:20:9:20 | &... | string.swift:9:20:9:20 | [post] &... |
+| string.swift:9:20:9:20 | &... | string.swift:9:21:9:21 | [post] x |
+| string.swift:9:20:9:20 | &... | string.swift:9:23:9:23 | $interpolation |
+| string.swift:9:20:9:20 | [post] &... | string.swift:9:23:9:23 | $interpolation |
+| string.swift:9:21:9:21 | [post] x | string.swift:11:16:11:16 | x |
 | string.swift:9:21:9:21 | x | string.swift:9:20:9:20 | [post] &... |
+| string.swift:9:21:9:21 | x | string.swift:9:21:9:21 | [post] x |
+| string.swift:9:21:9:21 | x | string.swift:11:16:11:16 | x |
 | string.swift:9:23:9:23 |  | string.swift:9:23:9:23 | [post]  |
 | string.swift:9:23:9:23 |  | string.swift:9:23:9:23 | [post] &... |
+| string.swift:9:23:9:23 | $interpolation | string.swift:9:23:9:23 | &... |
+| string.swift:9:23:9:23 | &... | string.swift:9:13:9:13 | TapExpr |
 | string.swift:9:23:9:23 | &... | string.swift:9:23:9:23 | [post]  |
 | string.swift:9:23:9:23 | &... | string.swift:9:23:9:23 | [post] &... |
+| string.swift:9:23:9:23 | [post] &... | string.swift:9:13:9:13 | TapExpr |
 | string.swift:11:13:11:13 |  | string.swift:11:13:11:13 | [post]  |
 | string.swift:11:13:11:13 |  | string.swift:11:14:11:14 | [post] &... |
+| string.swift:11:13:11:13 | SSA def($interpolation) | string.swift:11:14:11:14 | SSA phi($interpolation) |
 | string.swift:11:13:11:13 | TapExpr | string.swift:11:13:11:13 | "..." |
+| string.swift:11:14:11:14 | $interpolation | string.swift:11:14:11:14 | &... |
 | string.swift:11:14:11:14 | &... | string.swift:11:13:11:13 | [post]  |
 | string.swift:11:14:11:14 | &... | string.swift:11:14:11:14 | [post] &... |
+| string.swift:11:14:11:14 | &... | string.swift:11:15:11:15 | $interpolation |
+| string.swift:11:14:11:14 | SSA phi($interpolation) | string.swift:11:14:11:14 | $interpolation |
+| string.swift:11:14:11:14 | [post] &... | string.swift:11:15:11:15 | $interpolation |
+| string.swift:11:15:11:15 | $interpolation | string.swift:11:15:11:15 | &... |
 | string.swift:11:15:11:15 | &... | string.swift:11:15:11:15 | [post] &... |
+| string.swift:11:15:11:15 | &... | string.swift:11:16:11:16 | [post] x |
+| string.swift:11:15:11:15 | &... | string.swift:11:18:11:18 | $interpolation |
+| string.swift:11:15:11:15 | [post] &... | string.swift:11:18:11:18 | $interpolation |
+| string.swift:11:16:11:16 | [post] x | string.swift:11:26:11:26 | x |
 | string.swift:11:16:11:16 | x | string.swift:11:15:11:15 | [post] &... |
+| string.swift:11:16:11:16 | x | string.swift:11:16:11:16 | [post] x |
+| string.swift:11:16:11:16 | x | string.swift:11:26:11:26 | x |
 | string.swift:11:18:11:18 |   | string.swift:11:18:11:18 | [post]   |
 | string.swift:11:18:11:18 |   | string.swift:11:18:11:18 | [post] &... |
+| string.swift:11:18:11:18 | $interpolation | string.swift:11:18:11:18 | &... |
 | string.swift:11:18:11:18 | &... | string.swift:11:18:11:18 | [post]   |
 | string.swift:11:18:11:18 | &... | string.swift:11:18:11:18 | [post] &... |
+| string.swift:11:18:11:18 | &... | string.swift:11:20:11:20 | $interpolation |
+| string.swift:11:18:11:18 | [post] &... | string.swift:11:20:11:20 | $interpolation |
+| string.swift:11:20:11:20 | $interpolation | string.swift:11:20:11:20 | &... |
 | string.swift:11:20:11:20 | &... | string.swift:11:20:11:20 | [post] &... |
 | string.swift:11:20:11:20 | &... | string.swift:11:21:11:21 | [post] 0 |
+| string.swift:11:20:11:20 | &... | string.swift:11:23:11:23 | $interpolation |
+| string.swift:11:20:11:20 | [post] &... | string.swift:11:23:11:23 | $interpolation |
 | string.swift:11:21:11:21 | 0 | string.swift:11:20:11:20 | [post] &... |
 | string.swift:11:21:11:21 | 0 | string.swift:11:21:11:21 | [post] 0 |
 | string.swift:11:23:11:23 |   | string.swift:11:23:11:23 | [post]   |
 | string.swift:11:23:11:23 |   | string.swift:11:23:11:23 | [post] &... |
+| string.swift:11:23:11:23 | $interpolation | string.swift:11:23:11:23 | &... |
 | string.swift:11:23:11:23 | &... | string.swift:11:23:11:23 | [post]   |
 | string.swift:11:23:11:23 | &... | string.swift:11:23:11:23 | [post] &... |
+| string.swift:11:23:11:23 | &... | string.swift:11:25:11:25 | $interpolation |
+| string.swift:11:23:11:23 | [post] &... | string.swift:11:25:11:25 | $interpolation |
+| string.swift:11:25:11:25 | $interpolation | string.swift:11:25:11:25 | &... |
 | string.swift:11:25:11:25 | &... | string.swift:11:25:11:25 | [post] &... |
+| string.swift:11:25:11:25 | &... | string.swift:11:26:11:26 | [post] x |
+| string.swift:11:25:11:25 | &... | string.swift:11:28:11:28 | $interpolation |
+| string.swift:11:25:11:25 | [post] &... | string.swift:11:28:11:28 | $interpolation |
+| string.swift:11:26:11:26 | [post] x | string.swift:16:16:16:16 | x |
 | string.swift:11:26:11:26 | x | string.swift:11:25:11:25 | [post] &... |
+| string.swift:11:26:11:26 | x | string.swift:11:26:11:26 | [post] x |
+| string.swift:11:26:11:26 | x | string.swift:16:16:16:16 | x |
 | string.swift:11:28:11:28 |  | string.swift:11:28:11:28 | [post]  |
 | string.swift:11:28:11:28 |  | string.swift:11:28:11:28 | [post] &... |
+| string.swift:11:28:11:28 | $interpolation | string.swift:11:28:11:28 | &... |
+| string.swift:11:28:11:28 | &... | string.swift:11:13:11:13 | TapExpr |
 | string.swift:11:28:11:28 | &... | string.swift:11:28:11:28 | [post]  |
 | string.swift:11:28:11:28 | &... | string.swift:11:28:11:28 | [post] &... |
+| string.swift:11:28:11:28 | [post] &... | string.swift:11:13:11:13 | TapExpr |
+| string.swift:13:7:13:7 | SSA def(y) | string.swift:14:16:14:16 | y |
+| string.swift:13:11:13:11 | 42 | string.swift:13:7:13:7 | SSA def(y) |
 | string.swift:14:13:14:13 |  | string.swift:14:13:14:13 | [post]  |
 | string.swift:14:13:14:13 |  | string.swift:14:14:14:14 | [post] &... |
+| string.swift:14:13:14:13 | SSA def($interpolation) | string.swift:14:14:14:14 | SSA phi($interpolation) |
 | string.swift:14:13:14:13 | TapExpr | string.swift:14:13:14:13 | "..." |
+| string.swift:14:14:14:14 | $interpolation | string.swift:14:14:14:14 | &... |
 | string.swift:14:14:14:14 | &... | string.swift:14:13:14:13 | [post]  |
 | string.swift:14:14:14:14 | &... | string.swift:14:14:14:14 | [post] &... |
+| string.swift:14:14:14:14 | &... | string.swift:14:15:14:15 | $interpolation |
+| string.swift:14:14:14:14 | SSA phi($interpolation) | string.swift:14:14:14:14 | $interpolation |
+| string.swift:14:14:14:14 | [post] &... | string.swift:14:15:14:15 | $interpolation |
+| string.swift:14:15:14:15 | $interpolation | string.swift:14:15:14:15 | &... |
 | string.swift:14:15:14:15 | &... | string.swift:14:15:14:15 | [post] &... |
+| string.swift:14:15:14:15 | &... | string.swift:14:16:14:16 | [post] y |
+| string.swift:14:15:14:15 | &... | string.swift:14:18:14:18 | $interpolation |
+| string.swift:14:15:14:15 | [post] &... | string.swift:14:18:14:18 | $interpolation |
+| string.swift:14:16:14:16 | [post] y | string.swift:16:27:16:27 | y |
 | string.swift:14:16:14:16 | y | string.swift:14:15:14:15 | [post] &... |
+| string.swift:14:16:14:16 | y | string.swift:14:16:14:16 | [post] y |
+| string.swift:14:16:14:16 | y | string.swift:16:27:16:27 | y |
 | string.swift:14:18:14:18 |  | string.swift:14:18:14:18 | [post]  |
 | string.swift:14:18:14:18 |  | string.swift:14:18:14:18 | [post] &... |
+| string.swift:14:18:14:18 | $interpolation | string.swift:14:18:14:18 | &... |
+| string.swift:14:18:14:18 | &... | string.swift:14:13:14:13 | TapExpr |
 | string.swift:14:18:14:18 | &... | string.swift:14:18:14:18 | [post]  |
 | string.swift:14:18:14:18 | &... | string.swift:14:18:14:18 | [post] &... |
+| string.swift:14:18:14:18 | [post] &... | string.swift:14:13:14:13 | TapExpr |
 | string.swift:16:13:16:13 |  | string.swift:16:13:16:13 | [post]  |
 | string.swift:16:13:16:13 |  | string.swift:16:14:16:14 | [post] &... |
+| string.swift:16:13:16:13 | SSA def($interpolation) | string.swift:16:14:16:14 | SSA phi($interpolation) |
 | string.swift:16:13:16:13 | TapExpr | string.swift:16:13:16:13 | "..." |
+| string.swift:16:14:16:14 | $interpolation | string.swift:16:14:16:14 | &... |
 | string.swift:16:14:16:14 | &... | string.swift:16:13:16:13 | [post]  |
 | string.swift:16:14:16:14 | &... | string.swift:16:14:16:14 | [post] &... |
+| string.swift:16:14:16:14 | &... | string.swift:16:15:16:15 | $interpolation |
+| string.swift:16:14:16:14 | SSA phi($interpolation) | string.swift:16:14:16:14 | $interpolation |
+| string.swift:16:14:16:14 | [post] &... | string.swift:16:15:16:15 | $interpolation |
+| string.swift:16:15:16:15 | $interpolation | string.swift:16:15:16:15 | &... |
 | string.swift:16:15:16:15 | &... | string.swift:16:15:16:15 | [post] &... |
+| string.swift:16:15:16:15 | &... | string.swift:16:16:16:16 | [post] x |
+| string.swift:16:15:16:15 | &... | string.swift:16:18:16:18 | $interpolation |
+| string.swift:16:15:16:15 | [post] &... | string.swift:16:18:16:18 | $interpolation |
+| string.swift:16:16:16:16 | [post] x | string.swift:18:27:18:27 | x |
 | string.swift:16:16:16:16 | x | string.swift:16:15:16:15 | [post] &... |
+| string.swift:16:16:16:16 | x | string.swift:16:16:16:16 | [post] x |
+| string.swift:16:16:16:16 | x | string.swift:18:27:18:27 | x |
 | string.swift:16:18:16:18 |  hello  | string.swift:16:18:16:18 | [post]  hello  |
 | string.swift:16:18:16:18 |  hello  | string.swift:16:18:16:18 | [post] &... |
+| string.swift:16:18:16:18 | $interpolation | string.swift:16:18:16:18 | &... |
 | string.swift:16:18:16:18 | &... | string.swift:16:18:16:18 | [post]  hello  |
 | string.swift:16:18:16:18 | &... | string.swift:16:18:16:18 | [post] &... |
+| string.swift:16:18:16:18 | &... | string.swift:16:26:16:26 | $interpolation |
+| string.swift:16:18:16:18 | [post] &... | string.swift:16:26:16:26 | $interpolation |
+| string.swift:16:26:16:26 | $interpolation | string.swift:16:26:16:26 | &... |
 | string.swift:16:26:16:26 | &... | string.swift:16:26:16:26 | [post] &... |
+| string.swift:16:26:16:26 | &... | string.swift:16:27:16:27 | [post] y |
+| string.swift:16:26:16:26 | &... | string.swift:16:29:16:29 | $interpolation |
+| string.swift:16:26:16:26 | [post] &... | string.swift:16:29:16:29 | $interpolation |
+| string.swift:16:27:16:27 | [post] y | string.swift:18:16:18:16 | y |
 | string.swift:16:27:16:27 | y | string.swift:16:26:16:26 | [post] &... |
+| string.swift:16:27:16:27 | y | string.swift:16:27:16:27 | [post] y |
+| string.swift:16:27:16:27 | y | string.swift:18:16:18:16 | y |
 | string.swift:16:29:16:29 |  | string.swift:16:29:16:29 | [post]  |
 | string.swift:16:29:16:29 |  | string.swift:16:29:16:29 | [post] &... |
+| string.swift:16:29:16:29 | $interpolation | string.swift:16:29:16:29 | &... |
+| string.swift:16:29:16:29 | &... | string.swift:16:13:16:13 | TapExpr |
 | string.swift:16:29:16:29 | &... | string.swift:16:29:16:29 | [post]  |
 | string.swift:16:29:16:29 | &... | string.swift:16:29:16:29 | [post] &... |
+| string.swift:16:29:16:29 | [post] &... | string.swift:16:13:16:13 | TapExpr |
 | string.swift:18:13:18:13 |  | string.swift:18:13:18:13 | [post]  |
 | string.swift:18:13:18:13 |  | string.swift:18:14:18:14 | [post] &... |
+| string.swift:18:13:18:13 | SSA def($interpolation) | string.swift:18:14:18:14 | SSA phi($interpolation) |
 | string.swift:18:13:18:13 | TapExpr | string.swift:18:13:18:13 | "..." |
+| string.swift:18:14:18:14 | $interpolation | string.swift:18:14:18:14 | &... |
 | string.swift:18:14:18:14 | &... | string.swift:18:13:18:13 | [post]  |
 | string.swift:18:14:18:14 | &... | string.swift:18:14:18:14 | [post] &... |
+| string.swift:18:14:18:14 | &... | string.swift:18:15:18:15 | $interpolation |
+| string.swift:18:14:18:14 | SSA phi($interpolation) | string.swift:18:14:18:14 | $interpolation |
+| string.swift:18:14:18:14 | [post] &... | string.swift:18:15:18:15 | $interpolation |
+| string.swift:18:15:18:15 | $interpolation | string.swift:18:15:18:15 | &... |
 | string.swift:18:15:18:15 | &... | string.swift:18:15:18:15 | [post] &... |
+| string.swift:18:15:18:15 | &... | string.swift:18:16:18:16 | [post] y |
+| string.swift:18:15:18:15 | &... | string.swift:18:18:18:18 | $interpolation |
+| string.swift:18:15:18:15 | [post] &... | string.swift:18:18:18:18 | $interpolation |
 | string.swift:18:16:18:16 | y | string.swift:18:15:18:15 | [post] &... |
+| string.swift:18:16:18:16 | y | string.swift:18:16:18:16 | [post] y |
 | string.swift:18:18:18:18 |  world  | string.swift:18:18:18:18 | [post]  world  |
 | string.swift:18:18:18:18 |  world  | string.swift:18:18:18:18 | [post] &... |
+| string.swift:18:18:18:18 | $interpolation | string.swift:18:18:18:18 | &... |
 | string.swift:18:18:18:18 | &... | string.swift:18:18:18:18 | [post]  world  |
 | string.swift:18:18:18:18 | &... | string.swift:18:18:18:18 | [post] &... |
+| string.swift:18:18:18:18 | &... | string.swift:18:26:18:26 | $interpolation |
+| string.swift:18:18:18:18 | [post] &... | string.swift:18:26:18:26 | $interpolation |
+| string.swift:18:26:18:26 | $interpolation | string.swift:18:26:18:26 | &... |
 | string.swift:18:26:18:26 | &... | string.swift:18:26:18:26 | [post] &... |
+| string.swift:18:26:18:26 | &... | string.swift:18:27:18:27 | [post] x |
+| string.swift:18:26:18:26 | &... | string.swift:18:29:18:29 | $interpolation |
+| string.swift:18:26:18:26 | [post] &... | string.swift:18:29:18:29 | $interpolation |
 | string.swift:18:27:18:27 | x | string.swift:18:26:18:26 | [post] &... |
+| string.swift:18:27:18:27 | x | string.swift:18:27:18:27 | [post] x |
 | string.swift:18:29:18:29 |  | string.swift:18:29:18:29 | [post]  |
 | string.swift:18:29:18:29 |  | string.swift:18:29:18:29 | [post] &... |
+| string.swift:18:29:18:29 | $interpolation | string.swift:18:29:18:29 | &... |
+| string.swift:18:29:18:29 | &... | string.swift:18:13:18:13 | TapExpr |
 | string.swift:18:29:18:29 | &... | string.swift:18:29:18:29 | [post]  |
 | string.swift:18:29:18:29 | &... | string.swift:18:29:18:29 | [post] &... |
+| string.swift:18:29:18:29 | [post] &... | string.swift:18:13:18:13 | TapExpr |
+| string.swift:20:3:20:7 | SSA def(x) | string.swift:21:16:21:16 | x |
+| string.swift:20:7:20:7 | 0 | string.swift:20:3:20:7 | SSA def(x) |
 | string.swift:21:13:21:13 |  | string.swift:21:13:21:13 | [post]  |
 | string.swift:21:13:21:13 |  | string.swift:21:14:21:14 | [post] &... |
+| string.swift:21:13:21:13 | SSA def($interpolation) | string.swift:21:14:21:14 | SSA phi($interpolation) |
 | string.swift:21:13:21:13 | TapExpr | string.swift:21:13:21:13 | "..." |
+| string.swift:21:14:21:14 | $interpolation | string.swift:21:14:21:14 | &... |
 | string.swift:21:14:21:14 | &... | string.swift:21:13:21:13 | [post]  |
 | string.swift:21:14:21:14 | &... | string.swift:21:14:21:14 | [post] &... |
+| string.swift:21:14:21:14 | &... | string.swift:21:15:21:15 | $interpolation |
+| string.swift:21:14:21:14 | SSA phi($interpolation) | string.swift:21:14:21:14 | $interpolation |
+| string.swift:21:14:21:14 | [post] &... | string.swift:21:15:21:15 | $interpolation |
+| string.swift:21:15:21:15 | $interpolation | string.swift:21:15:21:15 | &... |
 | string.swift:21:15:21:15 | &... | string.swift:21:15:21:15 | [post] &... |
+| string.swift:21:15:21:15 | &... | string.swift:21:16:21:16 | [post] x |
+| string.swift:21:15:21:15 | &... | string.swift:21:18:21:18 | $interpolation |
+| string.swift:21:15:21:15 | [post] &... | string.swift:21:18:21:18 | $interpolation |
 | string.swift:21:16:21:16 | x | string.swift:21:15:21:15 | [post] &... |
+| string.swift:21:16:21:16 | x | string.swift:21:16:21:16 | [post] x |
 | string.swift:21:18:21:18 |  | string.swift:21:18:21:18 | [post]  |
 | string.swift:21:18:21:18 |  | string.swift:21:18:21:18 | [post] &... |
+| string.swift:21:18:21:18 | $interpolation | string.swift:21:18:21:18 | &... |
+| string.swift:21:18:21:18 | &... | string.swift:21:13:21:13 | TapExpr |
 | string.swift:21:18:21:18 | &... | string.swift:21:18:21:18 | [post]  |
 | string.swift:21:18:21:18 | &... | string.swift:21:18:21:18 | [post] &... |
+| string.swift:21:18:21:18 | [post] &... | string.swift:21:13:21:13 | TapExpr |
+| string.swift:27:7:27:7 | SSA def(clean) | string.swift:30:13:30:13 | clean |
+| string.swift:27:15:27:15 | abcdef | string.swift:27:7:27:7 | SSA def(clean) |
+| string.swift:28:7:28:7 | SSA def(tainted) | string.swift:31:13:31:13 | tainted |
+| string.swift:28:17:28:25 | call to source2() | string.swift:28:7:28:7 | SSA def(tainted) |
+| string.swift:30:13:30:13 | [post] clean | string.swift:33:13:33:13 | clean |
+| string.swift:30:13:30:13 | clean | string.swift:33:13:33:13 | clean |
+| string.swift:31:13:31:13 | [post] tainted | string.swift:34:21:34:21 | tainted |
+| string.swift:31:13:31:13 | tainted | string.swift:34:21:34:21 | tainted |
+| string.swift:33:13:33:13 | [post] clean | string.swift:33:21:33:21 | clean |
 | string.swift:33:13:33:13 | clean | string.swift:33:13:33:21 | ... .+(_:_:) ... |
+| string.swift:33:13:33:13 | clean | string.swift:33:21:33:21 | clean |
+| string.swift:33:21:33:21 | [post] clean | string.swift:34:13:34:13 | clean |
 | string.swift:33:21:33:21 | clean | string.swift:33:13:33:21 | ... .+(_:_:) ... |
+| string.swift:33:21:33:21 | clean | string.swift:34:13:34:13 | clean |
+| string.swift:34:13:34:13 | [post] clean | string.swift:35:23:35:23 | clean |
 | string.swift:34:13:34:13 | clean | string.swift:34:13:34:21 | ... .+(_:_:) ... |
+| string.swift:34:13:34:13 | clean | string.swift:35:23:35:23 | clean |
+| string.swift:34:21:34:21 | [post] tainted | string.swift:35:13:35:13 | tainted |
 | string.swift:34:21:34:21 | tainted | string.swift:34:13:34:21 | ... .+(_:_:) ... |
+| string.swift:34:21:34:21 | tainted | string.swift:35:13:35:13 | tainted |
+| string.swift:35:13:35:13 | [post] tainted | string.swift:36:13:36:13 | tainted |
 | string.swift:35:13:35:13 | tainted | string.swift:35:13:35:23 | ... .+(_:_:) ... |
+| string.swift:35:13:35:13 | tainted | string.swift:36:13:36:13 | tainted |
+| string.swift:35:23:35:23 | [post] clean | string.swift:38:19:38:19 | clean |
 | string.swift:35:23:35:23 | clean | string.swift:35:13:35:23 | ... .+(_:_:) ... |
+| string.swift:35:23:35:23 | clean | string.swift:38:19:38:19 | clean |
+| string.swift:36:13:36:13 | [post] tainted | string.swift:36:23:36:23 | tainted |
 | string.swift:36:13:36:13 | tainted | string.swift:36:13:36:23 | ... .+(_:_:) ... |
+| string.swift:36:13:36:13 | tainted | string.swift:36:23:36:23 | tainted |
+| string.swift:36:23:36:23 | [post] tainted | string.swift:39:19:39:19 | tainted |
 | string.swift:36:23:36:23 | tainted | string.swift:36:13:36:23 | ... .+(_:_:) ... |
+| string.swift:36:23:36:23 | tainted | string.swift:39:19:39:19 | tainted |
 | string.swift:38:13:38:13 | > | string.swift:38:13:38:19 | ... .+(_:_:) ... |
 | string.swift:38:13:38:19 | ... .+(_:_:) ... | string.swift:38:13:38:27 | ... .+(_:_:) ... |
 | string.swift:38:19:38:19 | clean | string.swift:38:13:38:19 | ... .+(_:_:) ... |
@@ -123,42 +900,746 @@
 | string.swift:39:13:39:19 | ... .+(_:_:) ... | string.swift:39:13:39:29 | ... .+(_:_:) ... |
 | string.swift:39:19:39:19 | tainted | string.swift:39:13:39:19 | ... .+(_:_:) ... |
 | string.swift:39:29:39:29 | < | string.swift:39:13:39:29 | ... .+(_:_:) ... |
+| string.swift:41:7:41:7 | SSA def(str) | string.swift:43:13:43:13 | str |
+| string.swift:41:13:41:13 | abc | string.swift:41:7:41:7 | SSA def(str) |
+| string.swift:43:13:43:13 | [post] str | string.swift:45:3:45:3 | str |
+| string.swift:43:13:43:13 | str | string.swift:45:3:45:3 | str |
+| string.swift:45:3:45:3 | &... | string.swift:46:13:46:13 | str |
+| string.swift:45:3:45:3 | [post] &... | string.swift:46:13:46:13 | str |
+| string.swift:45:3:45:3 | str | string.swift:45:3:45:3 | &... |
+| string.swift:46:13:46:13 | [post] str | string.swift:48:3:48:3 | str |
+| string.swift:46:13:46:13 | str | string.swift:48:3:48:3 | str |
+| string.swift:48:3:48:3 | &... | string.swift:49:13:49:13 | str |
+| string.swift:48:3:48:3 | [post] &... | string.swift:49:13:49:13 | str |
+| string.swift:48:3:48:3 | str | string.swift:48:3:48:3 | &... |
+| string.swift:51:7:51:7 | SSA def(str2) | string.swift:53:13:53:13 | str2 |
+| string.swift:51:14:51:14 | abc | string.swift:51:7:51:7 | SSA def(str2) |
+| string.swift:53:13:53:13 | [post] str2 | string.swift:55:3:55:3 | str2 |
+| string.swift:53:13:53:13 | str2 | string.swift:55:3:55:3 | str2 |
+| string.swift:55:3:55:3 | &... | string.swift:56:13:56:13 | str2 |
+| string.swift:55:3:55:3 | [post] &... | string.swift:56:13:56:13 | str2 |
+| string.swift:55:3:55:3 | str2 | string.swift:55:3:55:3 | &... |
+| string.swift:56:13:56:13 | [post] str2 | string.swift:58:3:58:3 | str2 |
+| string.swift:56:13:56:13 | str2 | string.swift:58:3:58:3 | str2 |
+| string.swift:58:3:58:3 | &... | string.swift:59:13:59:13 | str2 |
+| string.swift:58:3:58:3 | [post] &... | string.swift:59:13:59:13 | str2 |
+| string.swift:58:3:58:3 | str2 | string.swift:58:3:58:3 | &... |
+| string.swift:59:13:59:13 | [post] str2 | string.swift:69:13:69:13 | str2 |
+| string.swift:59:13:59:13 | str2 | string.swift:69:13:69:13 | str2 |
+| string.swift:61:7:61:7 | SSA def(str3) | string.swift:63:13:63:13 | str3 |
+| string.swift:61:14:61:14 | abc | string.swift:61:7:61:7 | SSA def(str3) |
+| string.swift:63:13:63:13 | [post] str3 | string.swift:65:3:65:3 | str3 |
+| string.swift:63:13:63:13 | str3 | string.swift:65:3:65:3 | str3 |
+| string.swift:65:3:65:3 | &... | string.swift:66:13:66:13 | str3 |
+| string.swift:65:3:65:3 | [post] &... | string.swift:66:13:66:13 | str3 |
+| string.swift:65:3:65:3 | str3 | string.swift:65:3:65:3 | &... |
+| string.swift:66:13:66:13 | [post] str3 | string.swift:68:3:68:3 | str3 |
+| string.swift:66:13:66:13 | str3 | string.swift:68:3:68:3 | str3 |
+| string.swift:68:3:68:3 | str3 | string.swift:68:3:68:3 | &... |
+| string.swift:73:7:73:7 | SSA def(clean) | string.swift:77:20:77:20 | clean |
+| string.swift:73:15:73:15 |  | string.swift:73:7:73:7 | SSA def(clean) |
+| string.swift:74:7:74:7 | SSA def(tainted) | string.swift:78:20:78:20 | tainted |
+| string.swift:74:17:74:25 | call to source2() | string.swift:74:7:74:7 | SSA def(tainted) |
+| string.swift:75:7:75:7 | SSA def(taintedInt) | string.swift:79:20:79:20 | taintedInt |
+| string.swift:75:20:75:27 | call to source() | string.swift:75:7:75:7 | SSA def(taintedInt) |
+| string.swift:77:20:77:20 | [post] clean | string.swift:81:31:81:31 | clean |
+| string.swift:77:20:77:20 | clean | string.swift:81:31:81:31 | clean |
+| string.swift:78:20:78:20 | [post] tainted | string.swift:82:31:82:31 | tainted |
+| string.swift:78:20:78:20 | tainted | string.swift:82:31:82:31 | tainted |
+| string.swift:81:31:81:31 | [post] clean | string.swift:84:13:84:13 | clean |
+| string.swift:81:31:81:31 | clean | string.swift:84:13:84:13 | clean |
+| string.swift:82:31:82:31 | [post] tainted | string.swift:85:13:85:13 | tainted |
+| string.swift:82:31:82:31 | tainted | string.swift:85:13:85:13 | tainted |
+| string.swift:84:13:84:13 | [post] clean | string.swift:87:13:87:13 | clean |
+| string.swift:84:13:84:13 | clean | string.swift:84:13:84:19 | .description |
+| string.swift:84:13:84:13 | clean | string.swift:87:13:87:13 | clean |
+| string.swift:85:13:85:13 | [post] tainted | string.swift:88:13:88:13 | tainted |
+| string.swift:85:13:85:13 | tainted | string.swift:85:13:85:21 | .description |
+| string.swift:85:13:85:13 | tainted | string.swift:88:13:88:13 | tainted |
+| string.swift:87:13:87:13 | clean | string.swift:87:13:87:19 | .debugDescription |
+| string.swift:88:13:88:13 | tainted | string.swift:88:13:88:21 | .debugDescription |
+| string.swift:91:7:91:7 | SSA def(self) | string.swift:91:7:91:7 | self[return] |
+| string.swift:91:7:91:7 | self | string.swift:91:7:91:7 | SSA def(self) |
+| string.swift:93:5:93:5 | SSA def(self) | string.swift:93:5:93:29 | self[return] |
+| string.swift:93:5:93:5 | self | string.swift:93:5:93:5 | SSA def(self) |
+| string.swift:97:9:97:9 | SSA def(self) | string.swift:97:9:97:9 | self[return] |
+| string.swift:97:9:97:9 | self | string.swift:97:9:97:9 | SSA def(self) |
+| string.swift:98:14:98:14 | self | string.swift:98:14:98:14 | SSA def(self) |
+| string.swift:101:2:101:2 | SSA def(self) | string.swift:101:42:101:42 | self |
+| string.swift:101:2:101:2 | self | string.swift:101:2:101:2 | SSA def(self) |
+| string.swift:101:42:101:42 | &... | string.swift:101:2:101:54 | self[return] |
+| string.swift:101:42:101:42 | [post] &... | string.swift:101:2:101:54 | self[return] |
+| string.swift:101:42:101:42 | self | string.swift:101:42:101:42 | &... |
+| string.swift:105:33:105:33 | Data.Type | string.swift:105:33:105:33 | call to init(_:) |
+| string.swift:105:38:105:38 |  | string.swift:105:33:105:40 | call to init(_:) |
+| string.swift:108:7:108:7 | SSA def(stringClean) | string.swift:111:12:111:12 | stringClean |
+| string.swift:108:21:108:74 | call to init(data:encoding:) | string.swift:108:7:108:7 | SSA def(stringClean) |
+| string.swift:108:34:108:34 | Data.Type | string.swift:108:34:108:34 | call to init(_:) |
+| string.swift:108:39:108:39 |  | string.swift:108:34:108:41 | call to init(_:) |
+| string.swift:109:7:109:7 | SSA def(stringTainted) | string.swift:112:12:112:12 | stringTainted |
+| string.swift:109:23:109:77 | call to init(data:encoding:) | string.swift:109:7:109:7 | SSA def(stringTainted) |
+| string.swift:111:12:111:12 | stringClean | string.swift:111:12:111:23 | ...! |
+| string.swift:112:12:112:12 | stringTainted | string.swift:112:12:112:25 | ...! |
+| string.swift:120:7:120:7 | SSA def(clean) | string.swift:125:13:125:13 | clean |
+| string.swift:120:15:120:15 |  | string.swift:120:7:120:7 | SSA def(clean) |
+| string.swift:121:7:121:7 | SSA def(tainted) | string.swift:126:13:126:13 | tainted |
+| string.swift:121:17:121:25 | call to source2() | string.swift:121:17:121:27 | .utf8 |
+| string.swift:121:17:121:27 | .utf8 | string.swift:121:7:121:7 | SSA def(tainted) |
+| string.swift:122:7:122:7 | SSA def(taintedCString) | string.swift:127:13:127:13 | taintedCString |
+| string.swift:122:24:122:32 | call to source2() | string.swift:122:24:122:34 | .utf8CString |
+| string.swift:122:24:122:34 | .utf8CString | string.swift:122:7:122:7 | SSA def(taintedCString) |
+| string.swift:123:7:123:7 | SSA def(taintedUnicodeScalars) | string.swift:128:13:128:13 | taintedUnicodeScalars |
+| string.swift:123:31:123:39 | call to source2() | string.swift:123:31:123:41 | .unicodeScalars |
+| string.swift:123:31:123:41 | .unicodeScalars | string.swift:123:7:123:7 | SSA def(taintedUnicodeScalars) |
+| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
+| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
+| subscript.swift:1:7:1:7 | self | subscript.swift:1:7:1:7 | SSA def(self) |
+| subscript.swift:1:7:1:7 | self | subscript.swift:1:7:1:7 | SSA def(self) |
+| subscript.swift:2:5:2:5 | self | subscript.swift:2:5:2:5 | SSA def(self) |
+| subscript.swift:3:9:3:9 | SSA def(self) | subscript.swift:3:9:3:25 | self[return] |
+| subscript.swift:3:9:3:9 | self | subscript.swift:3:9:3:9 | SSA def(self) |
+| subscript.swift:4:9:4:9 | SSA def(self) | subscript.swift:4:9:4:24 | self[return] |
+| subscript.swift:4:9:4:9 | self | subscript.swift:4:9:4:9 | SSA def(self) |
 | subscript.swift:13:15:13:22 | call to source() | subscript.swift:13:15:13:25 | ...[...] |
 | subscript.swift:14:15:14:23 | call to source2() | subscript.swift:14:15:14:26 | ...[...] |
+| try.swift:8:17:8:23 | call to clean() | try.swift:8:13:8:23 | try ... |
+| try.swift:9:17:9:24 | call to source() | try.swift:9:13:9:24 | try ... |
+| try.swift:14:17:14:23 | call to clean() | try.swift:14:12:14:23 | try! ... |
+| try.swift:15:17:15:24 | call to source() | try.swift:15:12:15:24 | try! ... |
+| try.swift:17:13:17:24 | try? ... | try.swift:17:12:17:26 | ...! |
+| try.swift:17:18:17:24 | call to clean() | try.swift:17:13:17:24 | try? ... |
+| try.swift:18:13:18:25 | try? ... | try.swift:18:12:18:27 | ...! |
+| try.swift:18:18:18:25 | call to source() | try.swift:18:13:18:25 | try? ... |
+| url.swift:2:7:2:7 | SSA def(self) | url.swift:2:7:2:7 | self[return] |
+| url.swift:2:7:2:7 | SSA def(self) | url.swift:2:7:2:7 | self[return] |
+| url.swift:2:7:2:7 | self | url.swift:2:7:2:7 | SSA def(self) |
+| url.swift:2:7:2:7 | self | url.swift:2:7:2:7 | SSA def(self) |
+| url.swift:8:2:8:2 | SSA def(self) | url.swift:8:2:8:25 | self[return] |
+| url.swift:8:2:8:2 | self | url.swift:8:2:8:2 | SSA def(self) |
+| url.swift:9:2:9:2 | SSA def(self) | url.swift:9:2:9:43 | self[return] |
+| url.swift:9:2:9:2 | self | url.swift:9:2:9:2 | SSA def(self) |
+| url.swift:10:25:10:25 | SSA def(self) | url.swift:10:25:10:53 | self[return] |
+| url.swift:10:25:10:25 | self | url.swift:10:25:10:25 | SSA def(self) |
+| url.swift:10:37:10:37 | URL.Type | url.swift:10:37:10:37 | call to init(string:) |
+| url.swift:10:37:10:51 | call to init(string:) | url.swift:10:37:10:52 | ...! |
+| url.swift:10:49:10:49 |  | url.swift:10:37:10:51 | call to init(string:) |
+| url.swift:11:21:11:21 | SSA def(self) | url.swift:11:21:11:49 | self[return] |
+| url.swift:11:21:11:21 | self | url.swift:11:21:11:21 | SSA def(self) |
+| url.swift:11:33:11:33 | URL.Type | url.swift:11:33:11:33 | call to init(string:) |
+| url.swift:11:33:11:47 | call to init(string:) | url.swift:11:33:11:48 | ...! |
+| url.swift:11:45:11:45 |  | url.swift:11:33:11:47 | call to init(string:) |
+| url.swift:12:26:12:26 | SSA def(self) | url.swift:12:26:12:41 | self[return] |
+| url.swift:12:26:12:26 | self | url.swift:12:26:12:26 | SSA def(self) |
+| url.swift:13:22:13:22 | SSA def(self) | url.swift:13:22:13:37 | self[return] |
+| url.swift:13:22:13:22 | self | url.swift:13:22:13:22 | SSA def(self) |
+| url.swift:14:34:14:34 | SSA def(self) | url.swift:14:34:14:48 | self[return] |
+| url.swift:14:34:14:34 | self | url.swift:14:34:14:34 | SSA def(self) |
+| url.swift:15:21:15:21 | SSA def(self) | url.swift:15:21:15:35 | self[return] |
+| url.swift:15:21:15:21 | self | url.swift:15:21:15:21 | SSA def(self) |
+| url.swift:16:33:16:33 | SSA def(self) | url.swift:16:33:16:49 | self[return] |
+| url.swift:16:33:16:33 | self | url.swift:16:33:16:33 | SSA def(self) |
+| url.swift:17:30:17:30 | SSA def(self) | url.swift:17:30:17:44 | self[return] |
+| url.swift:17:30:17:30 | self | url.swift:17:30:17:30 | SSA def(self) |
+| url.swift:18:19:18:19 | SSA def(self) | url.swift:18:19:18:34 | self[return] |
+| url.swift:18:19:18:19 | self | url.swift:18:19:18:19 | SSA def(self) |
+| url.swift:19:23:19:23 | SSA def(self) | url.swift:19:23:19:38 | self[return] |
+| url.swift:19:23:19:23 | self | url.swift:19:23:19:23 | SSA def(self) |
+| url.swift:20:29:20:29 | SSA def(self) | url.swift:20:29:20:43 | self[return] |
+| url.swift:20:29:20:29 | self | url.swift:20:29:20:29 | SSA def(self) |
+| url.swift:21:31:21:31 | SSA def(self) | url.swift:21:31:21:45 | self[return] |
+| url.swift:21:31:21:31 | self | url.swift:21:31:21:31 | SSA def(self) |
+| url.swift:22:24:22:24 | SSA def(self) | url.swift:22:24:22:39 | self[return] |
+| url.swift:22:24:22:24 | self | url.swift:22:24:22:24 | SSA def(self) |
+| url.swift:23:26:23:26 | SSA def(self) | url.swift:23:26:23:54 | self[return] |
+| url.swift:23:26:23:26 | self | url.swift:23:26:23:26 | SSA def(self) |
+| url.swift:23:38:23:38 | URL.Type | url.swift:23:38:23:38 | call to init(string:) |
+| url.swift:23:38:23:52 | call to init(string:) | url.swift:23:38:23:53 | ...! |
+| url.swift:23:50:23:50 |  | url.swift:23:38:23:52 | call to init(string:) |
+| url.swift:24:33:24:33 | SSA def(self) | url.swift:24:33:24:61 | self[return] |
+| url.swift:24:33:24:33 | self | url.swift:24:33:24:33 | SSA def(self) |
+| url.swift:24:45:24:45 | URL.Type | url.swift:24:45:24:45 | call to init(string:) |
+| url.swift:24:45:24:59 | call to init(string:) | url.swift:24:45:24:60 | ...! |
+| url.swift:24:57:24:57 |  | url.swift:24:45:24:59 | call to init(string:) |
+| url.swift:25:22:25:22 | SSA def(self) | url.swift:25:22:25:37 | self[return] |
+| url.swift:25:22:25:22 | self | url.swift:25:22:25:22 | SSA def(self) |
+| url.swift:26:26:26:26 | SSA def(self) | url.swift:26:26:26:41 | self[return] |
+| url.swift:26:26:26:26 | self | url.swift:26:26:26:26 | SSA def(self) |
+| url.swift:29:7:29:7 | SSA def(self) | url.swift:29:7:29:7 | self[return] |
+| url.swift:29:7:29:7 | self | url.swift:29:7:29:7 | SSA def(self) |
+| url.swift:31:5:31:5 | SSA def(self) | url.swift:31:5:31:29 | self[return] |
+| url.swift:31:5:31:5 | self | url.swift:31:5:31:5 | SSA def(self) |
+| url.swift:34:7:34:7 | SSA def(self) | url.swift:34:7:34:7 | self[return] |
+| url.swift:34:7:34:7 | self | url.swift:34:7:34:7 | SSA def(self) |
+| url.swift:34:30:34:30 | SSA def(self) | url.swift:34:30:34:30 | self[return] |
+| url.swift:34:30:34:30 | self | url.swift:34:30:34:30 | SSA def(self) |
+| url.swift:36:7:36:7 | SSA def(self) | url.swift:36:7:36:7 | self[return] |
+| url.swift:36:7:36:7 | self | url.swift:36:7:36:7 | SSA def(self) |
+| url.swift:36:33:36:33 | SSA def(self) | url.swift:36:33:36:33 | self[return] |
+| url.swift:36:33:36:33 | self | url.swift:36:33:36:33 | SSA def(self) |
+| url.swift:38:7:38:7 | SSA def(self) | url.swift:38:7:38:7 | self[return] |
+| url.swift:38:7:38:7 | self | url.swift:38:7:38:7 | SSA def(self) |
+| url.swift:38:43:38:43 | SSA def(self) | url.swift:38:43:38:43 | self[return] |
+| url.swift:38:43:38:43 | self | url.swift:38:43:38:43 | SSA def(self) |
+| url.swift:40:7:40:7 | SSA def(self) | url.swift:40:7:40:7 | self[return] |
+| url.swift:40:7:40:7 | SSA def(self) | url.swift:40:7:40:7 | self[return] |
+| url.swift:40:7:40:7 | self | url.swift:40:7:40:7 | SSA def(self) |
+| url.swift:40:7:40:7 | self | url.swift:40:7:40:7 | SSA def(self) |
+| url.swift:41:33:41:33 | SSA def(self) | url.swift:41:33:41:59 | self[return] |
+| url.swift:41:33:41:33 | self | url.swift:41:33:41:33 | SSA def(self) |
+| url.swift:43:7:43:7 | SSA def(self) | url.swift:43:2:46:55 | self[return] |
+| url.swift:43:7:43:7 | self | url.swift:43:7:43:7 | SSA def(self) |
+| url.swift:56:6:56:6 | SSA def(clean) | url.swift:58:29:58:29 | clean |
+| url.swift:56:14:56:14 | http://example.com/ | url.swift:56:6:56:6 | SSA def(clean) |
+| url.swift:57:6:57:6 | SSA def(tainted) | url.swift:59:31:59:31 | tainted |
+| url.swift:57:16:57:23 | call to source() | url.swift:57:6:57:6 | SSA def(tainted) |
+| url.swift:58:6:58:6 | SSA def(urlClean) | url.swift:61:12:61:12 | urlClean |
+| url.swift:58:17:58:17 | URL.Type | url.swift:58:17:58:17 | call to init(string:) |
+| url.swift:58:17:58:34 | call to init(string:) | url.swift:58:17:58:35 | ...! |
+| url.swift:58:17:58:35 | ...! | url.swift:58:6:58:6 | SSA def(urlClean) |
+| url.swift:58:29:58:29 | [post] clean | url.swift:82:24:82:24 | clean |
+| url.swift:58:29:58:29 | clean | url.swift:58:17:58:34 | call to init(string:) |
+| url.swift:58:29:58:29 | clean | url.swift:82:24:82:24 | clean |
+| url.swift:59:6:59:6 | SSA def(urlTainted) | url.swift:62:12:62:12 | urlTainted |
+| url.swift:59:19:59:19 | URL.Type | url.swift:59:19:59:19 | call to init(string:) |
+| url.swift:59:19:59:38 | call to init(string:) | url.swift:59:19:59:39 | ...! |
+| url.swift:59:19:59:39 | ...! | url.swift:59:6:59:6 | SSA def(urlTainted) |
+| url.swift:59:31:59:31 | [post] tainted | url.swift:83:24:83:24 | tainted |
+| url.swift:59:31:59:31 | tainted | url.swift:59:19:59:38 | call to init(string:) |
+| url.swift:59:31:59:31 | tainted | url.swift:83:24:83:24 | tainted |
+| url.swift:61:12:61:12 | [post] urlClean | url.swift:84:43:84:43 | urlClean |
+| url.swift:61:12:61:12 | urlClean | url.swift:84:43:84:43 | urlClean |
+| url.swift:62:12:62:12 | [post] urlTainted | url.swift:64:12:64:12 | urlTainted |
+| url.swift:62:12:62:12 | urlTainted | url.swift:64:12:64:12 | urlTainted |
+| url.swift:64:12:64:12 | [post] urlTainted | url.swift:65:12:65:12 | urlTainted |
 | url.swift:64:12:64:12 | urlTainted | url.swift:64:12:64:23 | .absoluteURL |
+| url.swift:64:12:64:12 | urlTainted | url.swift:65:12:65:12 | urlTainted |
+| url.swift:65:12:65:12 | [post] urlTainted | url.swift:66:15:66:15 | urlTainted |
 | url.swift:65:12:65:12 | urlTainted | url.swift:65:12:65:23 | .baseURL |
+| url.swift:65:12:65:12 | urlTainted | url.swift:66:15:66:15 | urlTainted |
+| url.swift:66:15:66:15 | [post] urlTainted | url.swift:67:15:67:15 | urlTainted |
 | url.swift:66:15:66:15 | urlTainted | url.swift:66:15:66:26 | .fragment |
+| url.swift:66:15:66:15 | urlTainted | url.swift:67:15:67:15 | urlTainted |
+| url.swift:66:15:66:26 | .fragment | url.swift:66:15:66:34 | ...! |
+| url.swift:67:15:67:15 | [post] urlTainted | url.swift:68:15:68:15 | urlTainted |
 | url.swift:67:15:67:15 | urlTainted | url.swift:67:15:67:26 | .host |
+| url.swift:67:15:67:15 | urlTainted | url.swift:68:15:68:15 | urlTainted |
+| url.swift:67:15:67:26 | .host | url.swift:67:15:67:30 | ...! |
+| url.swift:68:15:68:15 | [post] urlTainted | url.swift:69:15:69:15 | urlTainted |
 | url.swift:68:15:68:15 | urlTainted | url.swift:68:15:68:26 | .lastPathComponent |
+| url.swift:68:15:68:15 | urlTainted | url.swift:69:15:69:15 | urlTainted |
+| url.swift:69:15:69:15 | [post] urlTainted | url.swift:70:15:70:15 | urlTainted |
 | url.swift:69:15:69:15 | urlTainted | url.swift:69:15:69:26 | .path |
+| url.swift:69:15:69:15 | urlTainted | url.swift:70:15:70:15 | urlTainted |
+| url.swift:70:15:70:15 | [post] urlTainted | url.swift:71:15:71:15 | urlTainted |
 | url.swift:70:15:70:15 | urlTainted | url.swift:70:15:70:26 | .pathComponents |
+| url.swift:70:15:70:15 | urlTainted | url.swift:71:15:71:15 | urlTainted |
 | url.swift:70:15:70:26 | .pathComponents | url.swift:70:15:70:42 | ...[...] |
+| url.swift:71:15:71:15 | [post] urlTainted | url.swift:72:12:72:12 | urlTainted |
 | url.swift:71:15:71:15 | urlTainted | url.swift:71:15:71:26 | .pathExtension |
+| url.swift:71:15:71:15 | urlTainted | url.swift:72:12:72:12 | urlTainted |
+| url.swift:72:12:72:12 | [post] urlTainted | url.swift:73:15:73:15 | urlTainted |
 | url.swift:72:12:72:12 | urlTainted | url.swift:72:12:72:23 | .port |
+| url.swift:72:12:72:12 | urlTainted | url.swift:73:15:73:15 | urlTainted |
+| url.swift:72:12:72:23 | .port | url.swift:72:12:72:27 | ...! |
+| url.swift:73:15:73:15 | [post] urlTainted | url.swift:74:15:74:15 | urlTainted |
 | url.swift:73:15:73:15 | urlTainted | url.swift:73:15:73:26 | .query |
+| url.swift:73:15:73:15 | urlTainted | url.swift:74:15:74:15 | urlTainted |
+| url.swift:73:15:73:26 | .query | url.swift:73:15:73:31 | ...! |
+| url.swift:74:15:74:15 | [post] urlTainted | url.swift:75:15:75:15 | urlTainted |
 | url.swift:74:15:74:15 | urlTainted | url.swift:74:15:74:26 | .relativePath |
+| url.swift:74:15:74:15 | urlTainted | url.swift:75:15:75:15 | urlTainted |
+| url.swift:75:15:75:15 | [post] urlTainted | url.swift:76:15:76:15 | urlTainted |
 | url.swift:75:15:75:15 | urlTainted | url.swift:75:15:75:26 | .relativeString |
+| url.swift:75:15:75:15 | urlTainted | url.swift:76:15:76:15 | urlTainted |
+| url.swift:76:15:76:15 | [post] urlTainted | url.swift:77:12:77:12 | urlTainted |
 | url.swift:76:15:76:15 | urlTainted | url.swift:76:15:76:26 | .scheme |
+| url.swift:76:15:76:15 | urlTainted | url.swift:77:12:77:12 | urlTainted |
+| url.swift:76:15:76:26 | .scheme | url.swift:76:15:76:32 | ...! |
+| url.swift:77:12:77:12 | [post] urlTainted | url.swift:78:12:78:12 | urlTainted |
 | url.swift:77:12:77:12 | urlTainted | url.swift:77:12:77:23 | .standardized |
+| url.swift:77:12:77:12 | urlTainted | url.swift:78:12:78:12 | urlTainted |
+| url.swift:78:12:78:12 | [post] urlTainted | url.swift:79:15:79:15 | urlTainted |
 | url.swift:78:12:78:12 | urlTainted | url.swift:78:12:78:23 | .standardizedFileURL |
+| url.swift:78:12:78:12 | urlTainted | url.swift:79:15:79:15 | urlTainted |
+| url.swift:79:15:79:15 | [post] urlTainted | url.swift:80:15:80:15 | urlTainted |
 | url.swift:79:15:79:15 | urlTainted | url.swift:79:15:79:26 | .user |
+| url.swift:79:15:79:15 | urlTainted | url.swift:80:15:80:15 | urlTainted |
+| url.swift:79:15:79:26 | .user | url.swift:79:15:79:30 | ...! |
+| url.swift:80:15:80:15 | [post] urlTainted | url.swift:86:43:86:43 | urlTainted |
 | url.swift:80:15:80:15 | urlTainted | url.swift:80:15:80:26 | .password |
+| url.swift:80:15:80:15 | urlTainted | url.swift:86:43:86:43 | urlTainted |
+| url.swift:80:15:80:26 | .password | url.swift:80:15:80:34 | ...! |
+| url.swift:82:12:82:12 | URL.Type | url.swift:82:12:82:12 | call to init(string:relativeTo:) |
+| url.swift:82:12:82:46 | call to init(string:relativeTo:) | url.swift:82:12:82:47 | ...! |
+| url.swift:82:24:82:24 | [post] clean | url.swift:84:24:84:24 | clean |
+| url.swift:82:24:82:24 | clean | url.swift:82:12:82:46 | call to init(string:relativeTo:) |
+| url.swift:82:24:82:24 | clean | url.swift:84:24:84:24 | clean |
+| url.swift:82:43:82:43 | nil | url.swift:82:12:82:46 | call to init(string:relativeTo:) |
+| url.swift:83:12:83:12 | URL.Type | url.swift:83:12:83:12 | call to init(string:relativeTo:) |
+| url.swift:83:12:83:48 | call to init(string:relativeTo:) | url.swift:83:12:83:49 | ...! |
+| url.swift:83:24:83:24 | [post] tainted | url.swift:108:25:108:25 | tainted |
+| url.swift:83:24:83:24 | tainted | url.swift:83:12:83:48 | call to init(string:relativeTo:) |
+| url.swift:83:24:83:24 | tainted | url.swift:108:25:108:25 | tainted |
+| url.swift:83:45:83:45 | nil | url.swift:83:12:83:48 | call to init(string:relativeTo:) |
+| url.swift:84:12:84:12 | URL.Type | url.swift:84:12:84:12 | call to init(string:relativeTo:) |
+| url.swift:84:12:84:51 | call to init(string:relativeTo:) | url.swift:84:12:84:52 | ...! |
+| url.swift:84:24:84:24 | [post] clean | url.swift:86:24:86:24 | clean |
+| url.swift:84:24:84:24 | clean | url.swift:84:12:84:51 | call to init(string:relativeTo:) |
+| url.swift:84:24:84:24 | clean | url.swift:86:24:86:24 | clean |
+| url.swift:84:43:84:43 | urlClean | url.swift:84:12:84:51 | call to init(string:relativeTo:) |
+| url.swift:86:12:86:12 | URL.Type | url.swift:86:12:86:12 | call to init(string:relativeTo:) |
+| url.swift:86:12:86:53 | call to init(string:relativeTo:) | url.swift:86:12:86:54 | ...! |
 | url.swift:86:12:86:54 | ...! | url.swift:86:12:86:56 | .absoluteURL |
+| url.swift:86:24:86:24 | [post] clean | url.swift:87:24:87:24 | clean |
+| url.swift:86:24:86:24 | clean | url.swift:86:12:86:53 | call to init(string:relativeTo:) |
+| url.swift:86:24:86:24 | clean | url.swift:87:24:87:24 | clean |
+| url.swift:86:43:86:43 | [post] urlTainted | url.swift:87:43:87:43 | urlTainted |
+| url.swift:86:43:86:43 | urlTainted | url.swift:86:12:86:53 | call to init(string:relativeTo:) |
+| url.swift:86:43:86:43 | urlTainted | url.swift:87:43:87:43 | urlTainted |
+| url.swift:87:12:87:12 | URL.Type | url.swift:87:12:87:12 | call to init(string:relativeTo:) |
+| url.swift:87:12:87:53 | call to init(string:relativeTo:) | url.swift:87:12:87:54 | ...! |
 | url.swift:87:12:87:54 | ...! | url.swift:87:12:87:56 | .baseURL |
+| url.swift:87:24:87:24 | [post] clean | url.swift:88:27:88:27 | clean |
+| url.swift:87:24:87:24 | clean | url.swift:87:12:87:53 | call to init(string:relativeTo:) |
+| url.swift:87:24:87:24 | clean | url.swift:88:27:88:27 | clean |
+| url.swift:87:43:87:43 | [post] urlTainted | url.swift:88:46:88:46 | urlTainted |
+| url.swift:87:43:87:43 | urlTainted | url.swift:87:12:87:53 | call to init(string:relativeTo:) |
+| url.swift:87:43:87:43 | urlTainted | url.swift:88:46:88:46 | urlTainted |
+| url.swift:88:15:88:15 | URL.Type | url.swift:88:15:88:15 | call to init(string:relativeTo:) |
+| url.swift:88:15:88:56 | call to init(string:relativeTo:) | url.swift:88:15:88:57 | ...! |
 | url.swift:88:15:88:57 | ...! | url.swift:88:15:88:59 | .fragment |
+| url.swift:88:15:88:59 | .fragment | url.swift:88:15:88:67 | ...! |
+| url.swift:88:27:88:27 | [post] clean | url.swift:89:27:89:27 | clean |
+| url.swift:88:27:88:27 | clean | url.swift:88:15:88:56 | call to init(string:relativeTo:) |
+| url.swift:88:27:88:27 | clean | url.swift:89:27:89:27 | clean |
+| url.swift:88:46:88:46 | [post] urlTainted | url.swift:89:46:89:46 | urlTainted |
+| url.swift:88:46:88:46 | urlTainted | url.swift:88:15:88:56 | call to init(string:relativeTo:) |
+| url.swift:88:46:88:46 | urlTainted | url.swift:89:46:89:46 | urlTainted |
+| url.swift:89:15:89:15 | URL.Type | url.swift:89:15:89:15 | call to init(string:relativeTo:) |
+| url.swift:89:15:89:56 | call to init(string:relativeTo:) | url.swift:89:15:89:57 | ...! |
 | url.swift:89:15:89:57 | ...! | url.swift:89:15:89:59 | .host |
+| url.swift:89:15:89:59 | .host | url.swift:89:15:89:63 | ...! |
+| url.swift:89:27:89:27 | [post] clean | url.swift:90:27:90:27 | clean |
+| url.swift:89:27:89:27 | clean | url.swift:89:15:89:56 | call to init(string:relativeTo:) |
+| url.swift:89:27:89:27 | clean | url.swift:90:27:90:27 | clean |
+| url.swift:89:46:89:46 | [post] urlTainted | url.swift:90:46:90:46 | urlTainted |
+| url.swift:89:46:89:46 | urlTainted | url.swift:89:15:89:56 | call to init(string:relativeTo:) |
+| url.swift:89:46:89:46 | urlTainted | url.swift:90:46:90:46 | urlTainted |
+| url.swift:90:15:90:15 | URL.Type | url.swift:90:15:90:15 | call to init(string:relativeTo:) |
+| url.swift:90:15:90:56 | call to init(string:relativeTo:) | url.swift:90:15:90:57 | ...! |
 | url.swift:90:15:90:57 | ...! | url.swift:90:15:90:59 | .lastPathComponent |
+| url.swift:90:27:90:27 | [post] clean | url.swift:91:27:91:27 | clean |
+| url.swift:90:27:90:27 | clean | url.swift:90:15:90:56 | call to init(string:relativeTo:) |
+| url.swift:90:27:90:27 | clean | url.swift:91:27:91:27 | clean |
+| url.swift:90:46:90:46 | [post] urlTainted | url.swift:91:46:91:46 | urlTainted |
+| url.swift:90:46:90:46 | urlTainted | url.swift:90:15:90:56 | call to init(string:relativeTo:) |
+| url.swift:90:46:90:46 | urlTainted | url.swift:91:46:91:46 | urlTainted |
+| url.swift:91:15:91:15 | URL.Type | url.swift:91:15:91:15 | call to init(string:relativeTo:) |
+| url.swift:91:15:91:56 | call to init(string:relativeTo:) | url.swift:91:15:91:57 | ...! |
 | url.swift:91:15:91:57 | ...! | url.swift:91:15:91:59 | .path |
+| url.swift:91:27:91:27 | [post] clean | url.swift:92:27:92:27 | clean |
+| url.swift:91:27:91:27 | clean | url.swift:91:15:91:56 | call to init(string:relativeTo:) |
+| url.swift:91:27:91:27 | clean | url.swift:92:27:92:27 | clean |
+| url.swift:91:46:91:46 | [post] urlTainted | url.swift:92:46:92:46 | urlTainted |
+| url.swift:91:46:91:46 | urlTainted | url.swift:91:15:91:56 | call to init(string:relativeTo:) |
+| url.swift:91:46:91:46 | urlTainted | url.swift:92:46:92:46 | urlTainted |
+| url.swift:92:15:92:15 | URL.Type | url.swift:92:15:92:15 | call to init(string:relativeTo:) |
+| url.swift:92:15:92:56 | call to init(string:relativeTo:) | url.swift:92:15:92:57 | ...! |
 | url.swift:92:15:92:57 | ...! | url.swift:92:15:92:59 | .pathComponents |
 | url.swift:92:15:92:59 | .pathComponents | url.swift:92:15:92:75 | ...[...] |
+| url.swift:92:27:92:27 | [post] clean | url.swift:93:27:93:27 | clean |
+| url.swift:92:27:92:27 | clean | url.swift:92:15:92:56 | call to init(string:relativeTo:) |
+| url.swift:92:27:92:27 | clean | url.swift:93:27:93:27 | clean |
+| url.swift:92:46:92:46 | [post] urlTainted | url.swift:93:46:93:46 | urlTainted |
+| url.swift:92:46:92:46 | urlTainted | url.swift:92:15:92:56 | call to init(string:relativeTo:) |
+| url.swift:92:46:92:46 | urlTainted | url.swift:93:46:93:46 | urlTainted |
+| url.swift:93:15:93:15 | URL.Type | url.swift:93:15:93:15 | call to init(string:relativeTo:) |
+| url.swift:93:15:93:56 | call to init(string:relativeTo:) | url.swift:93:15:93:57 | ...! |
 | url.swift:93:15:93:57 | ...! | url.swift:93:15:93:59 | .pathExtension |
+| url.swift:93:27:93:27 | [post] clean | url.swift:94:24:94:24 | clean |
+| url.swift:93:27:93:27 | clean | url.swift:93:15:93:56 | call to init(string:relativeTo:) |
+| url.swift:93:27:93:27 | clean | url.swift:94:24:94:24 | clean |
+| url.swift:93:46:93:46 | [post] urlTainted | url.swift:94:43:94:43 | urlTainted |
+| url.swift:93:46:93:46 | urlTainted | url.swift:93:15:93:56 | call to init(string:relativeTo:) |
+| url.swift:93:46:93:46 | urlTainted | url.swift:94:43:94:43 | urlTainted |
+| url.swift:94:12:94:12 | URL.Type | url.swift:94:12:94:12 | call to init(string:relativeTo:) |
+| url.swift:94:12:94:53 | call to init(string:relativeTo:) | url.swift:94:12:94:54 | ...! |
 | url.swift:94:12:94:54 | ...! | url.swift:94:12:94:56 | .port |
+| url.swift:94:12:94:56 | .port | url.swift:94:12:94:60 | ...! |
+| url.swift:94:24:94:24 | [post] clean | url.swift:95:27:95:27 | clean |
+| url.swift:94:24:94:24 | clean | url.swift:94:12:94:53 | call to init(string:relativeTo:) |
+| url.swift:94:24:94:24 | clean | url.swift:95:27:95:27 | clean |
+| url.swift:94:43:94:43 | [post] urlTainted | url.swift:95:46:95:46 | urlTainted |
+| url.swift:94:43:94:43 | urlTainted | url.swift:94:12:94:53 | call to init(string:relativeTo:) |
+| url.swift:94:43:94:43 | urlTainted | url.swift:95:46:95:46 | urlTainted |
+| url.swift:95:15:95:15 | URL.Type | url.swift:95:15:95:15 | call to init(string:relativeTo:) |
+| url.swift:95:15:95:56 | call to init(string:relativeTo:) | url.swift:95:15:95:57 | ...! |
 | url.swift:95:15:95:57 | ...! | url.swift:95:15:95:59 | .query |
+| url.swift:95:15:95:59 | .query | url.swift:95:15:95:64 | ...! |
+| url.swift:95:27:95:27 | [post] clean | url.swift:96:27:96:27 | clean |
+| url.swift:95:27:95:27 | clean | url.swift:95:15:95:56 | call to init(string:relativeTo:) |
+| url.swift:95:27:95:27 | clean | url.swift:96:27:96:27 | clean |
+| url.swift:95:46:95:46 | [post] urlTainted | url.swift:96:46:96:46 | urlTainted |
+| url.swift:95:46:95:46 | urlTainted | url.swift:95:15:95:56 | call to init(string:relativeTo:) |
+| url.swift:95:46:95:46 | urlTainted | url.swift:96:46:96:46 | urlTainted |
+| url.swift:96:15:96:15 | URL.Type | url.swift:96:15:96:15 | call to init(string:relativeTo:) |
+| url.swift:96:15:96:56 | call to init(string:relativeTo:) | url.swift:96:15:96:57 | ...! |
 | url.swift:96:15:96:57 | ...! | url.swift:96:15:96:59 | .relativePath |
+| url.swift:96:27:96:27 | [post] clean | url.swift:97:27:97:27 | clean |
+| url.swift:96:27:96:27 | clean | url.swift:96:15:96:56 | call to init(string:relativeTo:) |
+| url.swift:96:27:96:27 | clean | url.swift:97:27:97:27 | clean |
+| url.swift:96:46:96:46 | [post] urlTainted | url.swift:97:46:97:46 | urlTainted |
+| url.swift:96:46:96:46 | urlTainted | url.swift:96:15:96:56 | call to init(string:relativeTo:) |
+| url.swift:96:46:96:46 | urlTainted | url.swift:97:46:97:46 | urlTainted |
+| url.swift:97:15:97:15 | URL.Type | url.swift:97:15:97:15 | call to init(string:relativeTo:) |
+| url.swift:97:15:97:56 | call to init(string:relativeTo:) | url.swift:97:15:97:57 | ...! |
 | url.swift:97:15:97:57 | ...! | url.swift:97:15:97:59 | .relativeString |
+| url.swift:97:27:97:27 | [post] clean | url.swift:98:27:98:27 | clean |
+| url.swift:97:27:97:27 | clean | url.swift:97:15:97:56 | call to init(string:relativeTo:) |
+| url.swift:97:27:97:27 | clean | url.swift:98:27:98:27 | clean |
+| url.swift:97:46:97:46 | [post] urlTainted | url.swift:98:46:98:46 | urlTainted |
+| url.swift:97:46:97:46 | urlTainted | url.swift:97:15:97:56 | call to init(string:relativeTo:) |
+| url.swift:97:46:97:46 | urlTainted | url.swift:98:46:98:46 | urlTainted |
+| url.swift:98:15:98:15 | URL.Type | url.swift:98:15:98:15 | call to init(string:relativeTo:) |
+| url.swift:98:15:98:56 | call to init(string:relativeTo:) | url.swift:98:15:98:57 | ...! |
 | url.swift:98:15:98:57 | ...! | url.swift:98:15:98:59 | .scheme |
+| url.swift:98:15:98:59 | .scheme | url.swift:98:15:98:65 | ...! |
+| url.swift:98:27:98:27 | [post] clean | url.swift:99:24:99:24 | clean |
+| url.swift:98:27:98:27 | clean | url.swift:98:15:98:56 | call to init(string:relativeTo:) |
+| url.swift:98:27:98:27 | clean | url.swift:99:24:99:24 | clean |
+| url.swift:98:46:98:46 | [post] urlTainted | url.swift:99:43:99:43 | urlTainted |
+| url.swift:98:46:98:46 | urlTainted | url.swift:98:15:98:56 | call to init(string:relativeTo:) |
+| url.swift:98:46:98:46 | urlTainted | url.swift:99:43:99:43 | urlTainted |
+| url.swift:99:12:99:12 | URL.Type | url.swift:99:12:99:12 | call to init(string:relativeTo:) |
+| url.swift:99:12:99:53 | call to init(string:relativeTo:) | url.swift:99:12:99:54 | ...! |
 | url.swift:99:12:99:54 | ...! | url.swift:99:12:99:56 | .standardized |
+| url.swift:99:24:99:24 | [post] clean | url.swift:100:24:100:24 | clean |
+| url.swift:99:24:99:24 | clean | url.swift:99:12:99:53 | call to init(string:relativeTo:) |
+| url.swift:99:24:99:24 | clean | url.swift:100:24:100:24 | clean |
+| url.swift:99:43:99:43 | [post] urlTainted | url.swift:100:43:100:43 | urlTainted |
+| url.swift:99:43:99:43 | urlTainted | url.swift:99:12:99:53 | call to init(string:relativeTo:) |
+| url.swift:99:43:99:43 | urlTainted | url.swift:100:43:100:43 | urlTainted |
+| url.swift:100:12:100:12 | URL.Type | url.swift:100:12:100:12 | call to init(string:relativeTo:) |
+| url.swift:100:12:100:53 | call to init(string:relativeTo:) | url.swift:100:12:100:54 | ...! |
 | url.swift:100:12:100:54 | ...! | url.swift:100:12:100:56 | .standardizedFileURL |
+| url.swift:100:24:100:24 | [post] clean | url.swift:101:27:101:27 | clean |
+| url.swift:100:24:100:24 | clean | url.swift:100:12:100:53 | call to init(string:relativeTo:) |
+| url.swift:100:24:100:24 | clean | url.swift:101:27:101:27 | clean |
+| url.swift:100:43:100:43 | [post] urlTainted | url.swift:101:46:101:46 | urlTainted |
+| url.swift:100:43:100:43 | urlTainted | url.swift:100:12:100:53 | call to init(string:relativeTo:) |
+| url.swift:100:43:100:43 | urlTainted | url.swift:101:46:101:46 | urlTainted |
+| url.swift:101:15:101:15 | URL.Type | url.swift:101:15:101:15 | call to init(string:relativeTo:) |
+| url.swift:101:15:101:56 | call to init(string:relativeTo:) | url.swift:101:15:101:57 | ...! |
 | url.swift:101:15:101:57 | ...! | url.swift:101:15:101:59 | .user |
+| url.swift:101:15:101:59 | .user | url.swift:101:15:101:63 | ...! |
+| url.swift:101:27:101:27 | [post] clean | url.swift:102:27:102:27 | clean |
+| url.swift:101:27:101:27 | clean | url.swift:101:15:101:56 | call to init(string:relativeTo:) |
+| url.swift:101:27:101:27 | clean | url.swift:102:27:102:27 | clean |
+| url.swift:101:46:101:46 | [post] urlTainted | url.swift:102:46:102:46 | urlTainted |
+| url.swift:101:46:101:46 | urlTainted | url.swift:101:15:101:56 | call to init(string:relativeTo:) |
+| url.swift:101:46:101:46 | urlTainted | url.swift:102:46:102:46 | urlTainted |
+| url.swift:102:15:102:15 | URL.Type | url.swift:102:15:102:15 | call to init(string:relativeTo:) |
+| url.swift:102:15:102:56 | call to init(string:relativeTo:) | url.swift:102:15:102:57 | ...! |
 | url.swift:102:15:102:57 | ...! | url.swift:102:15:102:59 | .password |
-| webview.swift:52:11:52:18 | call to source() | webview.swift:52:10:52:41 | .body |
+| url.swift:102:15:102:59 | .password | url.swift:102:15:102:67 | ...! |
+| url.swift:102:27:102:27 | [post] clean | url.swift:104:25:104:25 | clean |
+| url.swift:102:27:102:27 | clean | url.swift:102:15:102:56 | call to init(string:relativeTo:) |
+| url.swift:102:27:102:27 | clean | url.swift:104:25:104:25 | clean |
+| url.swift:102:46:102:46 | [post] urlTainted | url.swift:120:46:120:46 | urlTainted |
+| url.swift:102:46:102:46 | urlTainted | url.swift:102:15:102:56 | call to init(string:relativeTo:) |
+| url.swift:102:46:102:46 | urlTainted | url.swift:120:46:120:46 | urlTainted |
+| url.swift:104:13:104:13 | URL.Type | url.swift:104:13:104:13 | call to init(string:) |
+| url.swift:104:25:104:25 | [post] clean | url.swift:113:26:113:26 | clean |
+| url.swift:104:25:104:25 | clean | url.swift:104:13:104:30 | call to init(string:) |
+| url.swift:104:25:104:25 | clean | url.swift:113:26:113:26 | clean |
+| url.swift:108:13:108:13 | URL.Type | url.swift:108:13:108:13 | call to init(string:) |
+| url.swift:108:25:108:25 | [post] tainted | url.swift:117:28:117:28 | tainted |
+| url.swift:108:25:108:25 | tainted | url.swift:108:13:108:32 | call to init(string:) |
+| url.swift:108:25:108:25 | tainted | url.swift:117:28:117:28 | tainted |
+| url.swift:113:2:113:31 | SSA def(urlClean2) | url.swift:114:12:114:12 | urlClean2 |
+| url.swift:113:14:113:14 | URL.Type | url.swift:113:14:113:14 | call to init(string:) |
+| url.swift:113:14:113:31 | call to init(string:) | url.swift:113:2:113:31 | SSA def(urlClean2) |
+| url.swift:113:26:113:26 | clean | url.swift:113:14:113:31 | call to init(string:) |
+| url.swift:114:12:114:12 | urlClean2 | url.swift:114:12:114:12 | ...! |
+| url.swift:117:2:117:35 | SSA def(urlTainted2) | url.swift:118:12:118:12 | urlTainted2 |
+| url.swift:117:16:117:16 | URL.Type | url.swift:117:16:117:16 | call to init(string:) |
+| url.swift:117:16:117:35 | call to init(string:) | url.swift:117:2:117:35 | SSA def(urlTainted2) |
+| url.swift:117:28:117:28 | tainted | url.swift:117:16:117:35 | call to init(string:) |
+| url.swift:118:12:118:12 | urlTainted2 | url.swift:118:12:118:12 | ...! |
+| url.swift:120:61:120:61 | SSA def(data) | url.swift:121:15:121:15 | data |
+| url.swift:120:61:120:61 | data | url.swift:120:61:120:61 | SSA def(data) |
+| url.swift:121:15:121:15 | data | url.swift:121:15:121:19 | ...! |
+| webview.swift:4:7:4:7 | SSA def(self) | webview.swift:4:7:4:7 | self[return] |
+| webview.swift:4:7:4:7 | SSA def(self) | webview.swift:4:7:4:7 | self[return] |
+| webview.swift:4:7:4:7 | self | webview.swift:4:7:4:7 | SSA def(self) |
+| webview.swift:4:7:4:7 | self | webview.swift:4:7:4:7 | SSA def(self) |
+| webview.swift:6:7:6:7 | SSA def(self) | webview.swift:6:7:6:7 | self[return] |
+| webview.swift:6:7:6:7 | self | webview.swift:6:7:6:7 | SSA def(self) |
+| webview.swift:6:34:6:34 | SSA def(self) | webview.swift:6:34:6:34 | self[return] |
+| webview.swift:6:34:6:34 | self | webview.swift:6:34:6:34 | SSA def(self) |
+| webview.swift:7:26:7:26 | SSA def(self) | webview.swift:7:26:7:42 | self[return] |
+| webview.swift:7:26:7:26 | self | webview.swift:7:26:7:26 | SSA def(self) |
+| webview.swift:10:7:10:7 | SSA def(self) | webview.swift:10:7:10:7 | self[return] |
+| webview.swift:10:7:10:7 | self | webview.swift:10:7:10:7 | SSA def(self) |
+| webview.swift:11:5:11:5 | SSA def(self) | webview.swift:11:5:11:23 | self[return] |
+| webview.swift:11:5:11:5 | self | webview.swift:11:5:11:5 | SSA def(self) |
+| webview.swift:14:7:14:7 | SSA def(self) | webview.swift:14:7:14:7 | self[return] |
+| webview.swift:14:7:14:7 | SSA def(self) | webview.swift:14:7:14:7 | self[return] |
+| webview.swift:14:7:14:7 | self | webview.swift:14:7:14:7 | SSA def(self) |
+| webview.swift:14:7:14:7 | self | webview.swift:14:7:14:7 | SSA def(self) |
+| webview.swift:16:7:16:7 | SSA def(self) | webview.swift:16:7:16:7 | self[return] |
+| webview.swift:16:7:16:7 | SSA def(self) | webview.swift:16:7:16:7 | self[return] |
+| webview.swift:16:7:16:7 | self | webview.swift:16:7:16:7 | SSA def(self) |
+| webview.swift:16:7:16:7 | self | webview.swift:16:7:16:7 | SSA def(self) |
+| webview.swift:18:7:18:7 | SSA def(self) | webview.swift:18:7:18:7 | self[return] |
+| webview.swift:18:7:18:7 | SSA def(self) | webview.swift:18:7:18:7 | self[return] |
+| webview.swift:18:7:18:7 | self | webview.swift:18:7:18:7 | SSA def(self) |
+| webview.swift:18:7:18:7 | self | webview.swift:18:7:18:7 | SSA def(self) |
+| webview.swift:20:7:20:7 | SSA def(self) | webview.swift:20:7:20:7 | self[return] |
+| webview.swift:20:7:20:7 | SSA def(self) | webview.swift:20:7:20:7 | self[return] |
+| webview.swift:20:7:20:7 | self | webview.swift:20:7:20:7 | SSA def(self) |
+| webview.swift:20:7:20:7 | self | webview.swift:20:7:20:7 | SSA def(self) |
+| webview.swift:22:7:22:7 | SSA def(self) | webview.swift:22:7:22:7 | self[return] |
+| webview.swift:22:7:22:7 | SSA def(self) | webview.swift:22:7:22:7 | self[return] |
+| webview.swift:22:7:22:7 | self | webview.swift:22:7:22:7 | SSA def(self) |
+| webview.swift:22:7:22:7 | self | webview.swift:22:7:22:7 | SSA def(self) |
+| webview.swift:24:7:24:7 | SSA def(self) | webview.swift:24:7:24:7 | self[return] |
+| webview.swift:24:7:24:7 | SSA def(self) | webview.swift:24:7:24:7 | self[return] |
+| webview.swift:24:7:24:7 | self | webview.swift:24:7:24:7 | SSA def(self) |
+| webview.swift:24:7:24:7 | self | webview.swift:24:7:24:7 | SSA def(self) |
+| webview.swift:26:7:26:7 | SSA def(self) | webview.swift:26:7:26:7 | self[return] |
+| webview.swift:26:7:26:7 | self | webview.swift:26:7:26:7 | SSA def(self) |
+| webview.swift:27:5:27:5 | SSA def(self) | webview.swift:27:5:27:39 | self[return] |
+| webview.swift:27:5:27:5 | self | webview.swift:27:5:27:5 | SSA def(self) |
+| webview.swift:28:5:28:5 | SSA def(self) | webview.swift:28:5:28:38 | self[return] |
+| webview.swift:28:5:28:5 | self | webview.swift:28:5:28:5 | SSA def(self) |
+| webview.swift:29:5:29:5 | SSA def(self) | webview.swift:29:5:29:42 | self[return] |
+| webview.swift:29:5:29:5 | self | webview.swift:29:5:29:5 | SSA def(self) |
+| webview.swift:30:5:30:5 | SSA def(self) | webview.swift:30:5:30:40 | self[return] |
+| webview.swift:30:5:30:5 | self | webview.swift:30:5:30:5 | SSA def(self) |
+| webview.swift:31:5:31:5 | SSA def(self) | webview.swift:31:5:31:42 | self[return] |
+| webview.swift:31:5:31:5 | self | webview.swift:31:5:31:5 | SSA def(self) |
+| webview.swift:32:5:32:5 | SSA def(self) | webview.swift:32:5:32:42 | self[return] |
+| webview.swift:32:5:32:5 | self | webview.swift:32:5:32:5 | SSA def(self) |
+| webview.swift:33:5:33:5 | SSA def(self) | webview.swift:33:5:33:42 | self[return] |
+| webview.swift:33:5:33:5 | self | webview.swift:33:5:33:5 | SSA def(self) |
+| webview.swift:34:5:34:5 | SSA def(self) | webview.swift:34:5:34:40 | self[return] |
+| webview.swift:34:5:34:5 | self | webview.swift:34:5:34:5 | SSA def(self) |
+| webview.swift:35:5:35:5 | SSA def(self) | webview.swift:35:5:35:40 | self[return] |
+| webview.swift:35:5:35:5 | self | webview.swift:35:5:35:5 | SSA def(self) |
+| webview.swift:36:10:36:10 | SSA def(self) | webview.swift:36:5:36:41 | self[return] |
+| webview.swift:36:10:36:10 | self | webview.swift:36:10:36:10 | SSA def(self) |
+| webview.swift:37:10:37:10 | SSA def(self) | webview.swift:37:5:37:55 | self[return] |
+| webview.swift:37:10:37:10 | self | webview.swift:37:10:37:10 | SSA def(self) |
+| webview.swift:38:10:38:10 | SSA def(self) | webview.swift:38:5:38:42 | self[return] |
+| webview.swift:38:10:38:10 | self | webview.swift:38:10:38:10 | SSA def(self) |
+| webview.swift:39:10:39:10 | SSA def(self) | webview.swift:39:5:39:44 | self[return] |
+| webview.swift:39:10:39:10 | self | webview.swift:39:10:39:10 | SSA def(self) |
+| webview.swift:40:10:40:10 | SSA def(self) | webview.swift:40:5:40:40 | self[return] |
+| webview.swift:40:10:40:10 | self | webview.swift:40:10:40:10 | SSA def(self) |
+| webview.swift:41:10:41:10 | SSA def(self) | webview.swift:41:5:41:42 | self[return] |
+| webview.swift:41:10:41:10 | self | webview.swift:41:10:41:10 | SSA def(self) |
+| webview.swift:42:10:42:10 | SSA def(self) | webview.swift:42:5:42:62 | self[return] |
+| webview.swift:42:10:42:10 | self | webview.swift:42:10:42:10 | SSA def(self) |
+| webview.swift:43:10:43:10 | SSA def(self) | webview.swift:43:5:43:44 | self[return] |
+| webview.swift:43:10:43:10 | self | webview.swift:43:10:43:10 | SSA def(self) |
+| webview.swift:44:10:44:10 | SSA def(self) | webview.swift:44:5:44:44 | self[return] |
+| webview.swift:44:10:44:10 | self | webview.swift:44:10:44:10 | SSA def(self) |
+| webview.swift:45:10:45:10 | SSA def(self) | webview.swift:45:5:45:44 | self[return] |
+| webview.swift:45:10:45:10 | self | webview.swift:45:10:45:10 | SSA def(self) |
+| webview.swift:46:10:46:10 | SSA def(self) | webview.swift:46:5:46:65 | self[return] |
+| webview.swift:46:10:46:10 | self | webview.swift:46:10:46:10 | SSA def(self) |
+| webview.swift:47:10:47:10 | SSA def(self) | webview.swift:47:5:47:50 | self[return] |
+| webview.swift:47:10:47:10 | self | webview.swift:47:10:47:10 | SSA def(self) |
+| webview.swift:48:10:48:10 | SSA def(self) | webview.swift:48:5:48:50 | self[return] |
+| webview.swift:48:10:48:10 | self | webview.swift:48:10:48:10 | SSA def(self) |
+| webview.swift:49:10:49:10 | SSA def(self) | webview.swift:49:5:49:47 | self[return] |
+| webview.swift:49:10:49:10 | self | webview.swift:49:10:49:10 | SSA def(self) |
+| webview.swift:50:10:50:10 | SSA def(self) | webview.swift:50:5:50:47 | self[return] |
+| webview.swift:50:10:50:10 | self | webview.swift:50:10:50:10 | SSA def(self) |
+| webview.swift:51:10:51:10 | SSA def(self) | webview.swift:51:5:51:84 | self[return] |
+| webview.swift:51:10:51:10 | self | webview.swift:51:10:51:10 | SSA def(self) |
+| webview.swift:51:47:51:47 | JSValue.Type | webview.swift:51:47:51:47 | call to init(object:in:) |
+| webview.swift:51:63:51:63 |  | webview.swift:51:47:51:82 | call to init(object:in:) |
+| webview.swift:52:10:52:10 | SSA def(self) | webview.swift:52:5:52:53 | self[return] |
+| webview.swift:52:10:52:10 | self | webview.swift:52:10:52:10 | SSA def(self) |
+| webview.swift:53:10:53:10 | SSA def(self) | webview.swift:53:5:53:89 | self[return] |
+| webview.swift:53:10:53:10 | self | webview.swift:53:10:53:10 | SSA def(self) |
+| webview.swift:53:52:53:52 | JSValue.Type | webview.swift:53:52:53:52 | call to init(object:in:) |
+| webview.swift:53:68:53:68 |  | webview.swift:53:52:53:87 | call to init(object:in:) |
+| webview.swift:54:10:54:10 | SSA def(self) | webview.swift:54:5:54:38 | self[return] |
+| webview.swift:54:10:54:10 | self | webview.swift:54:10:54:10 | SSA def(self) |
+| webview.swift:55:10:55:10 | SSA def(self) | webview.swift:55:5:55:48 | self[return] |
+| webview.swift:55:10:55:10 | self | webview.swift:55:10:55:10 | SSA def(self) |
+| webview.swift:62:7:62:7 | SSA def(self) | webview.swift:62:7:62:7 | self[return] |
+| webview.swift:62:7:62:7 | self | webview.swift:62:7:62:7 | SSA def(self) |
+| webview.swift:62:33:62:33 | SSA def(self) | webview.swift:62:33:62:33 | self[return] |
+| webview.swift:62:33:62:33 | self | webview.swift:62:33:62:33 | SSA def(self) |
+| webview.swift:64:7:64:7 | SSA def(self) | webview.swift:64:7:64:7 | self[return] |
+| webview.swift:64:7:64:7 | self | webview.swift:64:7:64:7 | SSA def(self) |
+| webview.swift:64:31:64:31 | SSA def(self) | webview.swift:64:31:64:31 | self[return] |
+| webview.swift:64:31:64:31 | self | webview.swift:64:31:64:31 | SSA def(self) |
+| webview.swift:65:5:65:5 | SSA def(self) | webview.swift:65:5:65:93 | self[return] |
+| webview.swift:65:5:65:5 | self | webview.swift:65:5:65:5 | SSA def(self) |
+| webview.swift:66:5:66:5 | SSA def(self) | webview.swift:66:5:66:126 | self[return] |
+| webview.swift:66:5:66:5 | self | webview.swift:66:5:66:5 | SSA def(self) |
+| webview.swift:68:26:68:26 | SSA def(self) | webview.swift:68:26:68:42 | self[return] |
+| webview.swift:68:26:68:26 | self | webview.swift:68:26:68:26 | SSA def(self) |
+| webview.swift:77:11:77:18 | call to source() | webview.swift:77:10:77:41 | .body |
+| webview.swift:81:9:81:9 | SSA def(s) | webview.swift:83:18:83:18 | s |
+| webview.swift:81:13:81:20 | call to source() | webview.swift:81:9:81:9 | SSA def(s) |
+| webview.swift:83:9:83:9 | SSA def(source) | webview.swift:84:10:84:10 | source |
+| webview.swift:83:18:83:18 | s | webview.swift:83:9:83:9 | SSA def(source) |
+| webview.swift:83:18:83:18 | s | webview.swift:103:26:103:26 | s |
+| webview.swift:84:10:84:10 | [post] source | webview.swift:85:10:85:10 | source |
+| webview.swift:84:10:84:10 | source | webview.swift:84:10:84:26 | call to toObject() |
+| webview.swift:84:10:84:10 | source | webview.swift:85:10:85:10 | source |
+| webview.swift:85:10:85:10 | [post] source | webview.swift:86:10:86:10 | source |
+| webview.swift:85:10:85:10 | source | webview.swift:85:10:85:41 | call to toObjectOf(_:) |
+| webview.swift:85:10:85:10 | source | webview.swift:86:10:86:10 | source |
+| webview.swift:86:10:86:10 | [post] source | webview.swift:87:10:87:10 | source |
+| webview.swift:86:10:86:10 | source | webview.swift:86:10:86:24 | call to toBool() |
+| webview.swift:86:10:86:10 | source | webview.swift:87:10:87:10 | source |
+| webview.swift:87:10:87:10 | [post] source | webview.swift:88:10:88:10 | source |
+| webview.swift:87:10:87:10 | source | webview.swift:87:10:87:26 | call to toDouble() |
+| webview.swift:87:10:87:10 | source | webview.swift:88:10:88:10 | source |
+| webview.swift:88:10:88:10 | [post] source | webview.swift:89:10:89:10 | source |
+| webview.swift:88:10:88:10 | source | webview.swift:88:10:88:25 | call to toInt32() |
+| webview.swift:88:10:88:10 | source | webview.swift:89:10:89:10 | source |
+| webview.swift:89:10:89:10 | [post] source | webview.swift:90:10:90:10 | source |
+| webview.swift:89:10:89:10 | source | webview.swift:89:10:89:26 | call to toUInt32() |
+| webview.swift:89:10:89:10 | source | webview.swift:90:10:90:10 | source |
+| webview.swift:90:10:90:10 | [post] source | webview.swift:91:10:91:10 | source |
+| webview.swift:90:10:90:10 | source | webview.swift:90:10:90:26 | call to toNumber() |
+| webview.swift:90:10:90:10 | source | webview.swift:91:10:91:10 | source |
+| webview.swift:91:10:91:10 | [post] source | webview.swift:92:10:92:10 | source |
+| webview.swift:91:10:91:10 | source | webview.swift:91:10:91:26 | call to toString() |
+| webview.swift:91:10:91:10 | source | webview.swift:92:10:92:10 | source |
+| webview.swift:92:10:92:10 | [post] source | webview.swift:93:10:93:10 | source |
+| webview.swift:92:10:92:10 | source | webview.swift:92:10:92:24 | call to toDate() |
+| webview.swift:92:10:92:10 | source | webview.swift:93:10:93:10 | source |
+| webview.swift:93:10:93:10 | [post] source | webview.swift:94:10:94:10 | source |
+| webview.swift:93:10:93:10 | source | webview.swift:93:10:93:25 | call to toArray() |
+| webview.swift:93:10:93:10 | source | webview.swift:94:10:94:10 | source |
+| webview.swift:94:10:94:10 | [post] source | webview.swift:95:10:95:10 | source |
+| webview.swift:94:10:94:10 | source | webview.swift:94:10:94:30 | call to toDictionary() |
+| webview.swift:94:10:94:10 | source | webview.swift:95:10:95:10 | source |
+| webview.swift:95:10:95:10 | [post] source | webview.swift:96:10:96:10 | source |
+| webview.swift:95:10:95:10 | source | webview.swift:95:10:95:25 | call to toPoint() |
+| webview.swift:95:10:95:10 | source | webview.swift:96:10:96:10 | source |
+| webview.swift:96:10:96:10 | [post] source | webview.swift:97:10:97:10 | source |
+| webview.swift:96:10:96:10 | source | webview.swift:96:10:96:25 | call to toRange() |
+| webview.swift:96:10:96:10 | source | webview.swift:97:10:97:10 | source |
+| webview.swift:97:10:97:10 | [post] source | webview.swift:98:10:98:10 | source |
+| webview.swift:97:10:97:10 | source | webview.swift:97:10:97:24 | call to toRect() |
+| webview.swift:97:10:97:10 | source | webview.swift:98:10:98:10 | source |
+| webview.swift:98:10:98:10 | [post] source | webview.swift:99:10:99:10 | source |
+| webview.swift:98:10:98:10 | source | webview.swift:98:10:98:24 | call to toSize() |
+| webview.swift:98:10:98:10 | source | webview.swift:99:10:99:10 | source |
+| webview.swift:99:10:99:10 | [post] source | webview.swift:100:10:100:10 | source |
+| webview.swift:99:10:99:10 | source | webview.swift:99:10:99:26 | call to atIndex(_:) |
+| webview.swift:99:10:99:10 | source | webview.swift:100:10:100:10 | source |
+| webview.swift:100:10:100:10 | source | webview.swift:100:10:100:31 | call to forProperty(_:) |
+| webview.swift:102:9:102:9 | SSA def(context) | webview.swift:103:40:103:40 | context |
+| webview.swift:102:19:102:29 | call to init() | webview.swift:102:9:102:9 | SSA def(context) |
+| webview.swift:103:10:103:10 | JSValue.Type | webview.swift:103:10:103:10 | call to init(object:in:) |
+| webview.swift:103:26:103:26 | s | webview.swift:103:10:103:47 | call to init(object:in:) |
+| webview.swift:103:26:103:26 | s | webview.swift:104:24:104:24 | s |
+| webview.swift:103:40:103:40 | [post] context | webview.swift:104:40:104:40 | context |
+| webview.swift:103:40:103:40 | context | webview.swift:104:40:104:40 | context |
+| webview.swift:104:10:104:10 | JSValue.Type | webview.swift:104:10:104:10 | call to init(bool:in:) |
+| webview.swift:104:24:104:24 | s | webview.swift:104:10:104:47 | call to init(bool:in:) |
+| webview.swift:104:24:104:24 | s | webview.swift:105:26:105:26 | s |
+| webview.swift:104:40:104:40 | [post] context | webview.swift:105:44:105:44 | context |
+| webview.swift:104:40:104:40 | context | webview.swift:105:44:105:44 | context |
+| webview.swift:105:10:105:10 | JSValue.Type | webview.swift:105:10:105:10 | call to init(double:in:) |
+| webview.swift:105:26:105:26 | s | webview.swift:105:10:105:51 | call to init(double:in:) |
+| webview.swift:105:26:105:26 | s | webview.swift:106:25:106:25 | s |
+| webview.swift:105:44:105:44 | [post] context | webview.swift:106:42:106:42 | context |
+| webview.swift:105:44:105:44 | context | webview.swift:106:42:106:42 | context |
+| webview.swift:106:10:106:10 | JSValue.Type | webview.swift:106:10:106:10 | call to init(int32:in:) |
+| webview.swift:106:25:106:25 | s | webview.swift:106:10:106:49 | call to init(int32:in:) |
+| webview.swift:106:25:106:25 | s | webview.swift:107:26:107:26 | s |
+| webview.swift:106:42:106:42 | [post] context | webview.swift:107:44:107:44 | context |
+| webview.swift:106:42:106:42 | context | webview.swift:107:44:107:44 | context |
+| webview.swift:107:10:107:10 | JSValue.Type | webview.swift:107:10:107:10 | call to init(uInt32:in:) |
+| webview.swift:107:26:107:26 | s | webview.swift:107:10:107:51 | call to init(uInt32:in:) |
+| webview.swift:107:26:107:26 | s | webview.swift:108:25:108:25 | s |
+| webview.swift:107:44:107:44 | [post] context | webview.swift:108:44:108:44 | context |
+| webview.swift:107:44:107:44 | context | webview.swift:108:44:108:44 | context |
+| webview.swift:108:10:108:10 | JSValue.Type | webview.swift:108:10:108:10 | call to init(point:in:) |
+| webview.swift:108:25:108:25 | s | webview.swift:108:10:108:51 | call to init(point:in:) |
+| webview.swift:108:25:108:25 | s | webview.swift:109:25:109:25 | s |
+| webview.swift:108:44:108:44 | [post] context | webview.swift:109:44:109:44 | context |
+| webview.swift:108:44:108:44 | context | webview.swift:109:44:109:44 | context |
+| webview.swift:109:10:109:10 | JSValue.Type | webview.swift:109:10:109:10 | call to init(range:in:) |
+| webview.swift:109:25:109:25 | s | webview.swift:109:10:109:51 | call to init(range:in:) |
+| webview.swift:109:25:109:25 | s | webview.swift:110:24:110:24 | s |
+| webview.swift:109:44:109:44 | [post] context | webview.swift:110:42:110:42 | context |
+| webview.swift:109:44:109:44 | context | webview.swift:110:42:110:42 | context |
+| webview.swift:110:10:110:10 | JSValue.Type | webview.swift:110:10:110:10 | call to init(rect:in:) |
+| webview.swift:110:24:110:24 | s | webview.swift:110:10:110:49 | call to init(rect:in:) |
+| webview.swift:110:24:110:24 | s | webview.swift:111:24:111:24 | s |
+| webview.swift:110:42:110:42 | [post] context | webview.swift:111:42:111:42 | context |
+| webview.swift:110:42:110:42 | context | webview.swift:111:42:111:42 | context |
+| webview.swift:111:10:111:10 | JSValue.Type | webview.swift:111:10:111:10 | call to init(size:in:) |
+| webview.swift:111:24:111:24 | s | webview.swift:111:10:111:49 | call to init(size:in:) |
+| webview.swift:111:24:111:24 | s | webview.swift:114:39:114:39 | s |
+| webview.swift:111:42:111:42 | [post] context | webview.swift:113:38:113:38 | context |
+| webview.swift:111:42:111:42 | context | webview.swift:113:38:113:38 | context |
+| webview.swift:113:9:113:9 | SSA def(v1) | webview.swift:114:5:114:5 | v1 |
+| webview.swift:113:14:113:14 | JSValue.Type | webview.swift:113:14:113:14 | call to init(object:in:) |
+| webview.swift:113:14:113:45 | call to init(object:in:) | webview.swift:113:9:113:9 | SSA def(v1) |
+| webview.swift:113:30:113:30 |  | webview.swift:113:14:113:45 | call to init(object:in:) |
+| webview.swift:113:38:113:38 | [post] context | webview.swift:117:38:117:38 | context |
+| webview.swift:113:38:113:38 | context | webview.swift:117:38:117:38 | context |
+| webview.swift:114:5:114:5 | [post] v1 | webview.swift:115:10:115:10 | v1 |
+| webview.swift:114:5:114:5 | v1 | webview.swift:115:10:115:10 | v1 |
+| webview.swift:114:39:114:39 | s | webview.swift:114:5:114:5 | [post] v1 |
+| webview.swift:114:39:114:39 | s | webview.swift:118:17:118:17 | s |
+| webview.swift:117:9:117:9 | SSA def(v2) | webview.swift:118:5:118:5 | v2 |
+| webview.swift:117:14:117:14 | JSValue.Type | webview.swift:117:14:117:14 | call to init(object:in:) |
+| webview.swift:117:14:117:45 | call to init(object:in:) | webview.swift:117:9:117:9 | SSA def(v2) |
+| webview.swift:117:30:117:30 |  | webview.swift:117:14:117:45 | call to init(object:in:) |
+| webview.swift:117:38:117:38 | [post] context | webview.swift:121:38:121:38 | context |
+| webview.swift:117:38:117:38 | context | webview.swift:121:38:121:38 | context |
+| webview.swift:118:5:118:5 | [post] v2 | webview.swift:119:10:119:10 | v2 |
+| webview.swift:118:5:118:5 | v2 | webview.swift:119:10:119:10 | v2 |
+| webview.swift:118:17:118:17 | s | webview.swift:118:5:118:5 | [post] v2 |
+| webview.swift:118:17:118:17 | s | webview.swift:122:17:122:17 | s |
+| webview.swift:121:9:121:9 | SSA def(v3) | webview.swift:122:5:122:5 | v3 |
+| webview.swift:121:14:121:14 | JSValue.Type | webview.swift:121:14:121:14 | call to init(object:in:) |
+| webview.swift:121:14:121:45 | call to init(object:in:) | webview.swift:121:9:121:9 | SSA def(v3) |
+| webview.swift:121:30:121:30 |  | webview.swift:121:14:121:45 | call to init(object:in:) |
+| webview.swift:122:5:122:5 | [post] v3 | webview.swift:123:10:123:10 | v3 |
+| webview.swift:122:5:122:5 | v3 | webview.swift:123:10:123:10 | v3 |
+| webview.swift:122:17:122:17 | s | webview.swift:122:5:122:5 | [post] v3 |
+| webview.swift:127:9:127:9 | SSA def(atStart) | webview.swift:128:56:128:56 | atStart |
+| webview.swift:127:19:127:45 | .atDocumentStart | webview.swift:127:9:127:9 | SSA def(atStart) |
+| webview.swift:128:9:128:9 | SSA def(a) | webview.swift:129:10:129:10 | a |
+| webview.swift:128:13:128:13 | WKUserScript.Type | webview.swift:128:13:128:13 | call to init(source:injectionTime:forMainFrameOnly:) |
+| webview.swift:128:13:128:88 | call to init(source:injectionTime:forMainFrameOnly:) | webview.swift:128:9:128:9 | SSA def(a) |
+| webview.swift:128:34:128:34 | abc | webview.swift:128:13:128:88 | call to init(source:injectionTime:forMainFrameOnly:) |
+| webview.swift:128:56:128:56 | [post] atStart | webview.swift:132:70:132:70 | atStart |
+| webview.swift:128:56:128:56 | atStart | webview.swift:132:70:132:70 | atStart |
+| webview.swift:129:10:129:10 | [post] a | webview.swift:130:10:130:10 | a |
+| webview.swift:129:10:129:10 | a | webview.swift:130:10:130:10 | a |
+| webview.swift:130:10:130:10 | a | webview.swift:130:10:130:12 | .source |
+| webview.swift:132:9:132:9 | SSA def(b) | webview.swift:133:10:133:10 | b |
+| webview.swift:132:13:132:13 | WKUserScript.Type | webview.swift:132:13:132:13 | call to init(source:injectionTime:forMainFrameOnly:) |
+| webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) | webview.swift:132:9:132:9 | SSA def(b) |
+| webview.swift:132:34:132:41 | call to source() | webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) |
+| webview.swift:132:70:132:70 | [post] atStart | webview.swift:137:70:137:70 | atStart |
+| webview.swift:132:70:132:70 | atStart | webview.swift:137:70:137:70 | atStart |
+| webview.swift:133:10:133:10 | [post] b | webview.swift:134:10:134:10 | b |
+| webview.swift:133:10:133:10 | b | webview.swift:134:10:134:10 | b |
+| webview.swift:134:10:134:10 | b | webview.swift:134:10:134:12 | .source |
+| webview.swift:136:9:136:9 | SSA def(world) | webview.swift:137:108:137:108 | world |
+| webview.swift:136:17:136:32 | call to init() | webview.swift:136:9:136:9 | SSA def(world) |
+| webview.swift:137:9:137:9 | SSA def(c) | webview.swift:138:10:138:10 | c |
+| webview.swift:137:13:137:13 | WKUserScript.Type | webview.swift:137:13:137:13 | call to init(source:injectionTime:forMainFrameOnly:in:) |
+| webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) | webview.swift:137:9:137:9 | SSA def(c) |
+| webview.swift:137:34:137:41 | call to source() | webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) |
+| webview.swift:138:10:138:10 | [post] c | webview.swift:139:10:139:10 | c |
+| webview.swift:138:10:138:10 | c | webview.swift:139:10:139:10 | c |
+| webview.swift:139:10:139:10 | c | webview.swift:139:10:139:12 | .source |
diff --git a/swift/ql/test/library-tests/dataflow/taint/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/Taint.expected
index b562c44bdc5..8d054f430bb 100644
--- a/swift/ql/test/library-tests/dataflow/taint/Taint.expected
+++ b/swift/ql/test/library-tests/dataflow/taint/Taint.expected
@@ -1,5 +1,305 @@
 edges
+| data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  |
+| data.swift:25:2:25:66 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| data.swift:26:2:26:61 | [summary param] 0 in init(buffer:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  |
+| data.swift:27:2:27:62 | [summary param] 0 in init(buffer:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  |
+| data.swift:28:2:28:45 | [summary param] 0 in init(bytes:count:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:count:) :  |
+| data.swift:29:2:29:82 | [summary param] 0 in init(bytesNoCopy:count:deallocator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:30:2:30:50 | [summary param] 0 in init(contentsOf:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  |
+| data.swift:31:2:31:29 | [summary param] 0 in init(referencing:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(referencing:) :  |
+| data.swift:32:2:32:24 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  |
+| data.swift:33:2:33:25 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  |
+| data.swift:34:2:34:63 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  |
+| data.swift:35:2:35:52 | [summary param] 0 in append(_:count:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:count:) :  |
+| data.swift:36:2:36:36 | [summary param] 0 in append(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  |
+| data.swift:38:2:38:88 | [summary param] this in base64EncodedData(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  |
+| data.swift:39:2:39:86 | [summary param] this in base64EncodedString(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  |
+| data.swift:40:2:40:99 | [summary param] this in compactMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in compactMap(_:) :  |
+| data.swift:41:2:41:53 | [summary param] this in copyBytes(to:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) :  |
+| data.swift:44:2:44:137 | [summary param] this in flatMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  |
+| data.swift:45:2:45:97 | [summary param] this in flatMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  |
+| data.swift:46:2:46:34 | [summary param] 0 in insert(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(_:at:) :  |
+| data.swift:47:2:47:83 | [summary param] 0 in insert(contentsOf:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  |
+| data.swift:48:2:48:50 | [summary param] this in map(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in map(_:) :  |
+| data.swift:49:2:49:115 | [summary param] this in reduce(into:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in reduce(into:_:) :  |
+| data.swift:50:2:50:180 | [summary param] 1 in replace(_:with:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replace(_:with:maxReplacements:) :  |
+| data.swift:51:2:51:58 | [summary param] 1 in replaceSubrange(_:with:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  |
+| data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  |
+| data.swift:54:2:54:82 | [summary param] 1 in replaceSubrange(_:with:count:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:count:) :  |
+| data.swift:56:2:56:214 | [summary param] 1 in replacing(_:with:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:maxReplacements:) :  |
+| data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:subrange:maxReplacements:) :  |
+| data.swift:58:2:58:39 | [summary param] this in sorted() :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  |
+| data.swift:59:2:59:81 | [summary param] this in sorted(by:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  |
+| data.swift:60:2:60:132 | [summary param] this in sorted(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  |
+| data.swift:61:2:61:41 | [summary param] this in shuffled() :  | file://:0:0:0:0 | [summary] to write: return (return) in shuffled() :  |
+| data.swift:62:2:62:58 | [summary param] this in shuffled(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in shuffled(using:) :  |
+| data.swift:63:2:63:123 | [summary param] this in trimmingPrefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(_:) :  |
+| data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(while:) :  |
+| data.swift:81:20:81:51 | call to init(_:) :  | data.swift:82:26:82:26 | dataTainted :  |
+| data.swift:81:20:81:51 | call to init(_:) :  | data.swift:85:12:85:12 | dataTainted |
+| data.swift:81:25:81:47 | .utf8 :  | data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  |
+| data.swift:81:25:81:47 | .utf8 :  | data.swift:81:20:81:51 | call to init(_:) :  |
+| data.swift:81:26:81:33 | call to source() :  | data.swift:81:25:81:47 | .utf8 :  |
+| data.swift:82:21:82:37 | call to init(_:) :  | data.swift:86:12:86:12 | dataTainted2 |
+| data.swift:82:26:82:26 | dataTainted :  | data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  |
+| data.swift:82:26:82:26 | dataTainted :  | data.swift:82:21:82:37 | call to init(_:) :  |
+| data.swift:89:21:89:71 | call to init(base64Encoded:options:) :  | data.swift:90:12:90:12 | dataTainted3 |
+| data.swift:89:41:89:48 | call to source() :  | data.swift:25:2:25:66 | [summary param] 0 in init(base64Encoded:options:) :  |
+| data.swift:89:41:89:48 | call to source() :  | data.swift:89:21:89:71 | call to init(base64Encoded:options:) :  |
+| data.swift:93:21:93:73 | call to init(buffer:) :  | data.swift:94:12:94:12 | dataTainted4 |
+| data.swift:93:34:93:41 | call to source() :  | data.swift:26:2:26:61 | [summary param] 0 in init(buffer:) :  |
+| data.swift:93:34:93:41 | call to source() :  | data.swift:93:21:93:73 | call to init(buffer:) :  |
+| data.swift:95:21:95:74 | call to init(buffer:) :  | data.swift:96:12:96:12 | dataTainted5 |
+| data.swift:95:34:95:41 | call to source() :  | data.swift:27:2:27:62 | [summary param] 0 in init(buffer:) :  |
+| data.swift:95:34:95:41 | call to source() :  | data.swift:95:21:95:74 | call to init(buffer:) :  |
+| data.swift:99:21:99:72 | call to init(bytes:count:) :  | data.swift:100:12:100:12 | dataTainted6 |
+| data.swift:99:33:99:40 | call to source() :  | data.swift:28:2:28:45 | [summary param] 0 in init(bytes:count:) :  |
+| data.swift:99:33:99:40 | call to source() :  | data.swift:99:21:99:72 | call to init(bytes:count:) :  |
+| data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) :  | data.swift:104:12:104:12 | dataTainted7 |
+| data.swift:103:39:103:46 | call to source() :  | data.swift:29:2:29:82 | [summary param] 0 in init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:103:39:103:46 | call to source() :  | data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:107:20:107:27 | call to source() :  | data.swift:108:38:108:38 | urlTainted8 :  |
+| data.swift:108:21:108:62 | call to init(contentsOf:options:) :  | data.swift:109:12:109:12 | dataTainted8 |
+| data.swift:108:38:108:38 | urlTainted8 :  | data.swift:30:2:30:50 | [summary param] 0 in init(contentsOf:options:) :  |
+| data.swift:108:38:108:38 | urlTainted8 :  | data.swift:108:21:108:62 | call to init(contentsOf:options:) :  |
+| data.swift:112:21:112:58 | call to init(referencing:) :  | data.swift:113:12:113:12 | dataTainted9 |
+| data.swift:112:39:112:46 | call to source() :  | data.swift:31:2:31:29 | [summary param] 0 in init(referencing:) :  |
+| data.swift:112:39:112:46 | call to source() :  | data.swift:112:21:112:58 | call to init(referencing:) :  |
+| data.swift:117:2:117:2 | [post] dataTainted10 :  | data.swift:118:12:118:12 | dataTainted10 |
+| data.swift:117:23:117:30 | call to source() :  | data.swift:32:2:32:24 | [summary param] 0 in append(_:) :  |
+| data.swift:117:23:117:30 | call to source() :  | data.swift:117:2:117:2 | [post] dataTainted10 :  |
+| data.swift:121:2:121:2 | [post] dataTainted11 :  | data.swift:122:12:122:12 | dataTainted11 |
+| data.swift:121:23:121:30 | call to source() :  | data.swift:33:2:33:25 | [summary param] 0 in append(_:) :  |
+| data.swift:121:23:121:30 | call to source() :  | data.swift:121:2:121:2 | [post] dataTainted11 :  |
+| data.swift:125:2:125:2 | [post] dataTainted12 :  | data.swift:126:12:126:12 | dataTainted12 |
+| data.swift:125:23:125:30 | call to source() :  | data.swift:34:2:34:63 | [summary param] 0 in append(_:) :  |
+| data.swift:125:23:125:30 | call to source() :  | data.swift:125:2:125:2 | [post] dataTainted12 :  |
+| data.swift:130:2:130:2 | [post] dataTainted13 :  | data.swift:131:12:131:12 | dataTainted13 |
+| data.swift:130:23:130:30 | call to source() :  | data.swift:35:2:35:52 | [summary param] 0 in append(_:count:) :  |
+| data.swift:130:23:130:30 | call to source() :  | data.swift:130:2:130:2 | [post] dataTainted13 :  |
+| data.swift:135:2:135:2 | [post] dataTainted14 :  | data.swift:136:12:136:12 | dataTainted14 |
+| data.swift:135:35:135:42 | call to source() :  | data.swift:36:2:36:36 | [summary param] 0 in append(contentsOf:) :  |
+| data.swift:135:35:135:42 | call to source() :  | data.swift:135:2:135:2 | [post] dataTainted14 :  |
+| data.swift:139:22:139:29 | call to source() :  | data.swift:140:12:140:12 | dataTainted15 :  |
+| data.swift:140:12:140:12 | dataTainted15 :  | data.swift:38:2:38:88 | [summary param] this in base64EncodedData(options:) :  |
+| data.swift:140:12:140:12 | dataTainted15 :  | data.swift:140:12:140:55 | call to base64EncodedData(options:) |
+| data.swift:143:22:143:29 | call to source() :  | data.swift:144:12:144:12 | dataTainted16 :  |
+| data.swift:144:12:144:12 | dataTainted16 :  | data.swift:39:2:39:86 | [summary param] this in base64EncodedString(options:) :  |
+| data.swift:144:12:144:12 | dataTainted16 :  | data.swift:144:12:144:57 | call to base64EncodedString(options:) |
+| data.swift:147:22:147:29 | call to source() :  | data.swift:148:29:148:29 | dataTainted17 :  |
+| data.swift:148:29:148:29 | dataTainted17 :  | data.swift:40:2:40:99 | [summary param] this in compactMap(_:) :  |
+| data.swift:148:29:148:29 | dataTainted17 :  | data.swift:148:29:148:72 | call to compactMap(_:) :  |
+| data.swift:148:29:148:72 | call to compactMap(_:) :  | data.swift:149:12:149:12 | compactMapped |
+| data.swift:152:22:152:29 | call to source() :  | data.swift:154:2:154:2 | dataTainted18 :  |
+| data.swift:154:2:154:2 | dataTainted18 :  | data.swift:41:2:41:53 | [summary param] this in copyBytes(to:) :  |
+| data.swift:154:2:154:2 | dataTainted18 :  | data.swift:154:30:154:30 | [post] pointerTainted18 :  |
+| data.swift:154:30:154:30 | [post] pointerTainted18 :  | data.swift:155:12:155:12 | pointerTainted18 |
+| data.swift:170:22:170:29 | call to source() :  | data.swift:171:19:171:19 | dataTainted21 :  |
+| data.swift:171:19:171:19 | dataTainted21 :  | data.swift:44:2:44:137 | [summary param] this in flatMap(_:) :  |
+| data.swift:171:19:171:19 | dataTainted21 :  | data.swift:171:19:171:74 | call to flatMap(_:) :  |
+| data.swift:171:19:171:74 | call to flatMap(_:) :  | data.swift:172:12:172:12 | flatMapped |
+| data.swift:174:22:174:29 | call to source() :  | data.swift:175:20:175:20 | dataTainted22 :  |
+| data.swift:175:20:175:20 | dataTainted22 :  | data.swift:45:2:45:97 | [summary param] this in flatMap(_:) :  |
+| data.swift:175:20:175:20 | dataTainted22 :  | data.swift:175:20:175:60 | call to flatMap(_:) :  |
+| data.swift:175:20:175:60 | call to flatMap(_:) :  | data.swift:176:12:176:12 | flatMapped2 |
+| data.swift:180:2:180:2 | [post] dataTainted23 :  | data.swift:181:12:181:12 | dataTainted23 |
+| data.swift:180:23:180:30 | call to source() :  | data.swift:46:2:46:34 | [summary param] 0 in insert(_:at:) :  |
+| data.swift:180:23:180:30 | call to source() :  | data.swift:180:2:180:2 | [post] dataTainted23 :  |
+| data.swift:185:2:185:2 | [post] dataTainted24 :  | data.swift:186:12:186:12 | dataTainted24 |
+| data.swift:185:35:185:42 | call to source() :  | data.swift:47:2:47:83 | [summary param] 0 in insert(contentsOf:at:) :  |
+| data.swift:185:35:185:42 | call to source() :  | data.swift:185:2:185:2 | [post] dataTainted24 :  |
+| data.swift:189:22:189:29 | call to source() :  | data.swift:190:15:190:15 | dataTainted25 :  |
+| data.swift:190:15:190:15 | dataTainted25 :  | data.swift:48:2:48:50 | [summary param] this in map(_:) :  |
+| data.swift:190:15:190:15 | dataTainted25 :  | data.swift:190:15:190:38 | call to map(_:) :  |
+| data.swift:190:15:190:38 | call to map(_:) :  | data.swift:191:12:191:12 | mapped |
+| data.swift:194:22:194:29 | call to source() :  | data.swift:195:16:195:16 | dataTainted26 :  |
+| data.swift:195:16:195:16 | dataTainted26 :  | data.swift:49:2:49:115 | [summary param] this in reduce(into:_:) :  |
+| data.swift:195:16:195:16 | dataTainted26 :  | data.swift:195:16:195:80 | call to reduce(into:_:) :  |
+| data.swift:195:16:195:80 | call to reduce(into:_:) :  | data.swift:196:12:196:12 | reduced |
+| data.swift:200:2:200:2 | [post] dataTainted27 :  | data.swift:201:12:201:12 | dataTainted27 |
+| data.swift:200:35:200:42 | call to source() :  | data.swift:50:2:50:180 | [summary param] 1 in replace(_:with:maxReplacements:) :  |
+| data.swift:200:35:200:42 | call to source() :  | data.swift:200:2:200:2 | [post] dataTainted27 :  |
+| data.swift:205:2:205:2 | [post] dataTainted28 :  | data.swift:206:12:206:12 | dataTainted28 |
+| data.swift:205:45:205:52 | call to source() :  | data.swift:51:2:51:58 | [summary param] 1 in replaceSubrange(_:with:) :  |
+| data.swift:205:45:205:52 | call to source() :  | data.swift:205:2:205:2 | [post] dataTainted28 :  |
+| data.swift:209:2:209:2 | [post] dataTainted29 :  | data.swift:210:12:210:12 | dataTainted29 |
+| data.swift:209:45:209:52 | call to source() :  | data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  |
+| data.swift:209:45:209:52 | call to source() :  | data.swift:209:2:209:2 | [post] dataTainted29 :  |
+| data.swift:213:2:213:2 | [post] dataTainted30 :  | data.swift:214:12:214:12 | dataTainted30 |
+| data.swift:213:45:213:52 | call to source() :  | data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  |
+| data.swift:213:45:213:52 | call to source() :  | data.swift:213:2:213:2 | [post] dataTainted30 :  |
+| data.swift:218:2:218:2 | [post] dataTainted31 :  | data.swift:219:12:219:12 | dataTainted31 |
+| data.swift:218:45:218:52 | call to source() :  | data.swift:54:2:54:82 | [summary param] 1 in replaceSubrange(_:with:count:) :  |
+| data.swift:218:45:218:52 | call to source() :  | data.swift:218:2:218:2 | [post] dataTainted31 :  |
+| data.swift:223:10:223:10 | [post] dataTainted32 :  | data.swift:224:12:224:12 | dataTainted32 |
+| data.swift:223:45:223:52 | call to source() :  | data.swift:56:2:56:214 | [summary param] 1 in replacing(_:with:maxReplacements:) :  |
+| data.swift:223:45:223:52 | call to source() :  | data.swift:223:10:223:10 | [post] dataTainted32 :  |
+| data.swift:228:10:228:10 | [post] dataTainted33 :  | data.swift:229:12:229:12 | dataTainted33 |
+| data.swift:228:45:228:52 | call to source() :  | data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  |
+| data.swift:228:45:228:52 | call to source() :  | data.swift:228:10:228:10 | [post] dataTainted33 :  |
+| data.swift:236:22:236:29 | call to source() :  | data.swift:237:12:237:12 | dataTainted35 :  |
+| data.swift:237:12:237:12 | dataTainted35 :  | data.swift:58:2:58:39 | [summary param] this in sorted() :  |
+| data.swift:237:12:237:12 | dataTainted35 :  | data.swift:237:12:237:33 | call to sorted() |
+| data.swift:240:22:240:29 | call to source() :  | data.swift:241:12:241:12 | dataTainted36 :  |
+| data.swift:241:12:241:12 | dataTainted36 :  | data.swift:59:2:59:81 | [summary param] this in sorted(by:) :  |
+| data.swift:241:12:241:12 | dataTainted36 :  | data.swift:241:12:241:54 | call to sorted(by:) |
+| data.swift:244:22:244:29 | call to source() :  | data.swift:245:12:245:12 | dataTainted37 :  |
+| data.swift:245:12:245:12 | dataTainted37 :  | data.swift:60:2:60:132 | [summary param] this in sorted(using:) :  |
+| data.swift:245:12:245:12 | dataTainted37 :  | data.swift:245:12:245:46 | call to sorted(using:) |
+| data.swift:248:22:248:29 | call to source() :  | data.swift:249:12:249:12 | dataTainted38 :  |
+| data.swift:249:12:249:12 | dataTainted38 :  | data.swift:61:2:61:41 | [summary param] this in shuffled() :  |
+| data.swift:249:12:249:12 | dataTainted38 :  | data.swift:249:12:249:35 | call to shuffled() |
+| data.swift:252:22:252:29 | call to source() :  | data.swift:254:12:254:12 | dataTainted39 :  |
+| data.swift:254:12:254:12 | dataTainted39 :  | data.swift:62:2:62:58 | [summary param] this in shuffled(using:) :  |
+| data.swift:254:12:254:12 | dataTainted39 :  | data.swift:254:12:254:46 | call to shuffled(using:) |
+| data.swift:257:22:257:29 | call to source() :  | data.swift:258:12:258:12 | dataTainted40 :  |
+| data.swift:258:12:258:12 | dataTainted40 :  | data.swift:63:2:63:123 | [summary param] this in trimmingPrefix(_:) :  |
+| data.swift:258:12:258:12 | dataTainted40 :  | data.swift:258:12:258:44 | call to trimmingPrefix(_:) |
+| data.swift:261:22:261:29 | call to source() :  | data.swift:262:12:262:12 | dataTainted41 :  |
+| data.swift:262:12:262:12 | dataTainted41 :  | data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) :  |
+| data.swift:262:12:262:12 | dataTainted41 :  | data.swift:262:12:262:54 | call to trimmingPrefix(while:) |
+| file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  | nsdata.swift:110:9:110:9 | bytes :  |
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | url.swift:120:61:120:61 | data :  |
+| nsdata.swift:22:9:22:9 | self :  | file://:0:0:0:0 | .bytes :  |
+| nsdata.swift:23:9:23:9 | self :  | file://:0:0:0:0 | .description :  |
+| nsdata.swift:24:5:24:50 | [summary param] 0 in init(bytes:length:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:length:) :  |
+| nsdata.swift:25:5:25:68 | [summary param] 0 in init(bytesNoCopy:length:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:) :  |
+| nsdata.swift:26:5:26:130 | [summary param] 0 in init(bytesNoCopy:length:deallocator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:27:5:27:90 | [summary param] 0 in init(bytesNoCopy:length:freeWhenDone:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:28:5:28:23 | [summary param] 0 in init(data:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(data:) :  |
+| nsdata.swift:29:5:29:36 | [summary param] 0 in init(contentsOfFile:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:) :  |
+| nsdata.swift:30:5:30:93 | [summary param] 0 in init(contentsOfFile:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:options:) :  |
+| nsdata.swift:31:5:31:29 | [summary param] 0 in init(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:) :  |
+| nsdata.swift:32:5:32:61 | [summary param] 0 in init(contentsOf:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  |
+| nsdata.swift:33:5:33:47 | [summary param] 0 in init(contentsOfMappedFile:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfMappedFile:) :  |
+| nsdata.swift:34:5:34:88 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| nsdata.swift:35:5:35:92 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| nsdata.swift:36:5:36:49 | [summary param] 0 in init(base64Encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoding:) :  |
+| nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  |
+| nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  |
+| nsdata.swift:39:5:39:49 | [summary param] this in base64Encoding() :  | file://:0:0:0:0 | [summary] to write: return (return) in base64Encoding() :  |
+| nsdata.swift:40:5:40:82 | [summary param] 0 in dataWithContentsOfMappedFile(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:41:5:41:104 | [summary param] this in enumerateBytes(_:) :  | file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  |
+| nsdata.swift:42:5:42:55 | [summary param] this in getBytes(_:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) :  |
+| nsdata.swift:43:5:43:68 | [summary param] this in getBytes(_:length:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:length:) :  |
+| nsdata.swift:44:5:44:71 | [summary param] this in getBytes(_:range:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:range:) :  |
+| nsdata.swift:45:5:45:65 | [summary param] this in subdata(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in subdata(with:) :  |
+| nsdata.swift:46:5:46:89 | [summary param] this in compressed(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in compressed(using:) :  |
+| nsdata.swift:47:5:47:91 | [summary param] this in decompressed(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in decompressed(using:) :  |
+| nsdata.swift:57:26:57:80 | call to init(bytes:length:) :  | nsdata.swift:58:15:58:15 | nsDataTainted1 |
+| nsdata.swift:57:40:57:47 | call to source() :  | nsdata.swift:24:5:24:50 | [summary param] 0 in init(bytes:length:) :  |
+| nsdata.swift:57:40:57:47 | call to source() :  | nsdata.swift:57:26:57:80 | call to init(bytes:length:) :  |
+| nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) :  | nsdata.swift:61:15:61:15 | nsDataTainted2 |
+| nsdata.swift:60:46:60:53 | call to source() :  | nsdata.swift:25:5:25:68 | [summary param] 0 in init(bytesNoCopy:length:) :  |
+| nsdata.swift:60:46:60:53 | call to source() :  | nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) :  |
+| nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) :  | nsdata.swift:64:15:64:15 | nsDataTainted3 |
+| nsdata.swift:63:46:63:53 | call to source() :  | nsdata.swift:26:5:26:130 | [summary param] 0 in init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:63:46:63:53 | call to source() :  | nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) :  | nsdata.swift:67:15:67:15 | nsDataTainted4 |
+| nsdata.swift:66:46:66:53 | call to source() :  | nsdata.swift:27:5:27:90 | [summary param] 0 in init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:66:46:66:53 | call to source() :  | nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:69:26:69:56 | call to init(data:) :  | nsdata.swift:70:15:70:15 | nsDataTainted5 |
+| nsdata.swift:69:39:69:46 | call to source() :  | nsdata.swift:28:5:28:23 | [summary param] 0 in init(data:) :  |
+| nsdata.swift:69:39:69:46 | call to source() :  | nsdata.swift:69:26:69:56 | call to init(data:) :  |
+| nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) :  | nsdata.swift:73:15:73:29 | ...! |
+| nsdata.swift:72:49:72:56 | call to source() :  | nsdata.swift:29:5:29:36 | [summary param] 0 in init(contentsOfFile:) :  |
+| nsdata.swift:72:49:72:56 | call to source() :  | nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) :  |
+| nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) :  | nsdata.swift:76:15:76:15 | nsDataTainted7 |
+| nsdata.swift:75:49:75:56 | call to source() :  | nsdata.swift:30:5:30:93 | [summary param] 0 in init(contentsOfFile:options:) :  |
+| nsdata.swift:75:49:75:56 | call to source() :  | nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) :  |
+| nsdata.swift:78:26:78:61 | call to init(contentsOf:) :  | nsdata.swift:79:15:79:29 | ...! |
+| nsdata.swift:78:45:78:52 | call to source() :  | nsdata.swift:31:5:31:29 | [summary param] 0 in init(contentsOf:) :  |
+| nsdata.swift:78:45:78:52 | call to source() :  | nsdata.swift:78:26:78:61 | call to init(contentsOf:) :  |
+| nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) :  | nsdata.swift:82:15:82:29 | ...! |
+| nsdata.swift:81:45:81:52 | call to source() :  | nsdata.swift:32:5:32:61 | [summary param] 0 in init(contentsOf:options:) :  |
+| nsdata.swift:81:45:81:52 | call to source() :  | nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) :  |
+| nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) :  | nsdata.swift:85:15:85:30 | ...! |
+| nsdata.swift:84:56:84:63 | call to source() :  | nsdata.swift:33:5:33:47 | [summary param] 0 in init(contentsOfMappedFile:) :  |
+| nsdata.swift:84:56:84:63 | call to source() :  | nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) :  |
+| nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) :  | nsdata.swift:88:15:88:30 | ...! |
+| nsdata.swift:87:49:87:56 | call to source() :  | nsdata.swift:34:5:34:88 | [summary param] 0 in init(base64Encoded:options:) :  |
+| nsdata.swift:87:49:87:56 | call to source() :  | nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) :  |
+| nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) :  | nsdata.swift:90:15:90:30 | ...! |
+| nsdata.swift:89:49:89:56 | call to source() :  | nsdata.swift:35:5:35:92 | [summary param] 0 in init(base64Encoded:options:) :  |
+| nsdata.swift:89:49:89:56 | call to source() :  | nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) :  |
+| nsdata.swift:92:27:92:69 | call to init(base64Encoding:) :  | nsdata.swift:93:15:93:30 | ...! |
+| nsdata.swift:92:50:92:57 | call to source() :  | nsdata.swift:36:5:36:49 | [summary param] 0 in init(base64Encoding:) :  |
+| nsdata.swift:92:50:92:57 | call to source() :  | nsdata.swift:92:27:92:69 | call to init(base64Encoding:) :  |
+| nsdata.swift:95:27:95:34 | call to source() :  | nsdata.swift:96:15:96:15 | nsDataTainted14 :  |
+| nsdata.swift:95:27:95:34 | call to source() :  | nsdata.swift:97:15:97:15 | nsDataTainted14 :  |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 :  | nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 :  | nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) |
+| nsdata.swift:97:15:97:15 | nsDataTainted14 :  | nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  |
+| nsdata.swift:97:15:97:15 | nsDataTainted14 :  | nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) |
+| nsdata.swift:99:27:99:34 | call to source() :  | nsdata.swift:100:15:100:15 | nsDataTainted15 :  |
+| nsdata.swift:99:27:99:34 | call to source() :  | nsdata.swift:101:15:101:15 | nsDataTainted15 :  |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 :  | nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 :  | nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) |
+| nsdata.swift:101:15:101:15 | nsDataTainted15 :  | nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  |
+| nsdata.swift:101:15:101:15 | nsDataTainted15 :  | nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) |
+| nsdata.swift:103:27:103:34 | call to source() :  | nsdata.swift:104:15:104:15 | nsDataTainted16 :  |
+| nsdata.swift:104:15:104:15 | nsDataTainted16 :  | nsdata.swift:39:5:39:49 | [summary param] this in base64Encoding() :  |
+| nsdata.swift:104:15:104:15 | nsDataTainted16 :  | nsdata.swift:104:15:104:46 | call to base64Encoding() |
+| nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) :  | nsdata.swift:106:15:106:71 | ...! |
+| nsdata.swift:106:51:106:58 | call to source() :  | nsdata.swift:40:5:40:82 | [summary param] 0 in dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:106:51:106:58 | call to source() :  | nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:108:27:108:34 | call to source() :  | nsdata.swift:109:5:109:5 | nsDataTainted17 :  |
+| nsdata.swift:109:5:109:5 | nsDataTainted17 :  | nsdata.swift:41:5:41:104 | [summary param] this in enumerateBytes(_:) :  |
+| nsdata.swift:110:9:110:9 | bytes :  | nsdata.swift:110:45:110:45 | bytes |
+| nsdata.swift:113:27:113:34 | call to source() :  | nsdata.swift:115:5:115:5 | nsDataTainted18 :  |
+| nsdata.swift:115:5:115:5 | nsDataTainted18 :  | nsdata.swift:42:5:42:55 | [summary param] this in getBytes(_:) :  |
+| nsdata.swift:115:5:115:5 | nsDataTainted18 :  | nsdata.swift:115:30:115:30 | [post] bufferTainted18 :  |
+| nsdata.swift:115:30:115:30 | [post] bufferTainted18 :  | nsdata.swift:116:15:116:15 | bufferTainted18 |
+| nsdata.swift:118:27:118:34 | call to source() :  | nsdata.swift:120:5:120:5 | nsDataTainted19 :  |
+| nsdata.swift:120:5:120:5 | nsDataTainted19 :  | nsdata.swift:43:5:43:68 | [summary param] this in getBytes(_:length:) :  |
+| nsdata.swift:120:5:120:5 | nsDataTainted19 :  | nsdata.swift:120:30:120:30 | [post] bufferTainted19 :  |
+| nsdata.swift:120:30:120:30 | [post] bufferTainted19 :  | nsdata.swift:121:15:121:15 | bufferTainted19 |
+| nsdata.swift:123:27:123:34 | call to source() :  | nsdata.swift:125:5:125:5 | nsDataTainted20 :  |
+| nsdata.swift:125:5:125:5 | nsDataTainted20 :  | nsdata.swift:44:5:44:71 | [summary param] this in getBytes(_:range:) :  |
+| nsdata.swift:125:5:125:5 | nsDataTainted20 :  | nsdata.swift:125:30:125:30 | [post] bufferTainted20 :  |
+| nsdata.swift:125:30:125:30 | [post] bufferTainted20 :  | nsdata.swift:126:15:126:15 | bufferTainted20 |
+| nsdata.swift:128:27:128:34 | call to source() :  | nsdata.swift:129:15:129:15 | nsDataTainted21 :  |
+| nsdata.swift:129:15:129:15 | nsDataTainted21 :  | nsdata.swift:45:5:45:65 | [summary param] this in subdata(with:) :  |
+| nsdata.swift:129:15:129:15 | nsDataTainted21 :  | nsdata.swift:129:15:129:54 | call to subdata(with:) |
+| nsdata.swift:131:27:131:34 | call to source() :  | nsdata.swift:132:15:132:15 | nsDataTainted22 :  |
+| nsdata.swift:132:15:132:15 | nsDataTainted22 :  | nsdata.swift:46:5:46:89 | [summary param] this in compressed(using:) :  |
+| nsdata.swift:132:15:132:15 | nsDataTainted22 :  | nsdata.swift:132:15:132:81 | call to compressed(using:) |
+| nsdata.swift:134:27:134:34 | call to source() :  | nsdata.swift:135:15:135:15 | nsDataTainted23 :  |
+| nsdata.swift:135:15:135:15 | nsDataTainted23 :  | nsdata.swift:47:5:47:91 | [summary param] this in decompressed(using:) :  |
+| nsdata.swift:135:15:135:15 | nsDataTainted23 :  | nsdata.swift:135:15:135:83 | call to decompressed(using:) |
+| nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:139:15:139:15 | nsDataTainted24 :  |
+| nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:139:15:139:31 | .bytes |
+| nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:140:15:140:15 | nsDataTainted24 :  |
+| nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:140:15:140:31 | .description |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 :  | nsdata.swift:22:9:22:9 | self :  |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 :  | nsdata.swift:139:15:139:31 | .bytes |
+| nsdata.swift:140:15:140:15 | nsDataTainted24 :  | nsdata.swift:23:9:23:9 | self :  |
+| nsdata.swift:140:15:140:15 | nsDataTainted24 :  | nsdata.swift:140:15:140:31 | .description |
+| nsmutabledata.swift:13:9:13:9 | self :  | file://:0:0:0:0 | .mutableBytes :  |
+| nsmutabledata.swift:14:5:14:58 | [summary param] 0 in append(_:length:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:length:) :  |
+| nsmutabledata.swift:15:5:15:33 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  |
+| nsmutabledata.swift:16:5:16:78 | [summary param] 1 in replaceBytes(in:withBytes:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:) :  |
+| nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  |
+| nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in setData(_:) :  |
+| nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 :  | nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 |
+| nsmutabledata.swift:28:34:28:41 | call to source() :  | nsmutabledata.swift:14:5:14:58 | [summary param] 0 in append(_:length:) :  |
+| nsmutabledata.swift:28:34:28:41 | call to source() :  | nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 :  |
+| nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 :  | nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 |
+| nsmutabledata.swift:32:34:32:41 | call to source() :  | nsmutabledata.swift:15:5:15:33 | [summary param] 0 in append(_:) :  |
+| nsmutabledata.swift:32:34:32:41 | call to source() :  | nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 :  |
+| nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 :  | nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 |
+| nsmutabledata.swift:36:66:36:73 | call to source() :  | nsmutabledata.swift:16:5:16:78 | [summary param] 1 in replaceBytes(in:withBytes:) :  |
+| nsmutabledata.swift:36:66:36:73 | call to source() :  | nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 :  |
+| nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 :  | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 |
+| nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) :  |
+| nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 :  |
+| nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 :  | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 |
+| nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) :  |
+| nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 :  |
+| nsmutabledata.swift:48:33:48:40 | call to source() :  | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  |
+| nsmutabledata.swift:48:33:48:40 | call to source() :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
+| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:13:9:13:9 | self :  |
+| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
 | string.swift:5:11:5:18 | call to source() :  | string.swift:7:13:7:13 | "..." |
 | string.swift:5:11:5:18 | call to source() :  | string.swift:9:13:9:13 | "..." |
 | string.swift:5:11:5:18 | call to source() :  | string.swift:11:13:11:13 | "..." |
@@ -10,6 +310,11 @@ edges
 | string.swift:28:17:28:25 | call to source2() :  | string.swift:35:13:35:23 | ... .+(_:_:) ... |
 | string.swift:28:17:28:25 | call to source2() :  | string.swift:36:13:36:23 | ... .+(_:_:) ... |
 | string.swift:28:17:28:25 | call to source2() :  | string.swift:39:13:39:29 | ... .+(_:_:) ... |
+| string.swift:74:17:74:25 | call to source2() :  | string.swift:85:13:85:21 | .description |
+| string.swift:74:17:74:25 | call to source2() :  | string.swift:88:13:88:21 | .debugDescription |
+| string.swift:121:17:121:25 | call to source2() :  | string.swift:126:13:126:13 | tainted |
+| string.swift:122:24:122:32 | call to source2() :  | string.swift:127:13:127:13 | taintedCString |
+| string.swift:123:31:123:39 | call to source2() :  | string.swift:128:13:128:13 | taintedUnicodeScalars |
 | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] |
 | subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] |
 | try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... |
@@ -119,145 +424,381 @@ edges
 | url.swift:117:28:117:28 | tainted :  | url.swift:117:16:117:35 | call to init(string:) :  |
 | url.swift:120:46:120:46 | urlTainted :  | url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) :  |
 | url.swift:120:61:120:61 | data :  | url.swift:121:15:121:19 | ...! |
-| webview.swift:16:5:16:39 | [summary param] 0 in init(object:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(object:in:) :  |
-| webview.swift:17:5:17:38 | [summary param] 0 in init(bool:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  |
-| webview.swift:18:5:18:42 | [summary param] 0 in init(double:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(double:in:) :  |
-| webview.swift:19:5:19:40 | [summary param] 0 in init(int32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(int32:in:) :  |
-| webview.swift:20:5:20:42 | [summary param] 0 in init(uInt32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(uInt32:in:) :  |
-| webview.swift:21:5:21:42 | [summary param] 0 in init(point:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(point:in:) :  |
-| webview.swift:22:5:22:42 | [summary param] 0 in init(range:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  |
-| webview.swift:23:5:23:40 | [summary param] 0 in init(rect:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  |
-| webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  |
-| webview.swift:25:5:25:41 | [summary param] this in toObject() :  | file://:0:0:0:0 | [summary] to write: return (return) in toObject() :  |
-| webview.swift:26:5:26:55 | [summary param] this in toObjectOf(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in toObjectOf(_:) :  |
-| webview.swift:27:5:27:42 | [summary param] this in toBool() :  | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  |
-| webview.swift:28:5:28:44 | [summary param] this in toDouble() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDouble() :  |
-| webview.swift:29:5:29:40 | [summary param] this in toInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toInt32() :  |
-| webview.swift:30:5:30:42 | [summary param] this in toUInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  |
-| webview.swift:31:5:31:62 | [summary param] this in toNumber() :  | file://:0:0:0:0 | [summary] to write: return (return) in toNumber() :  |
-| webview.swift:32:5:32:44 | [summary param] this in toString() :  | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  |
-| webview.swift:33:5:33:44 | [summary param] this in toDate() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  |
-| webview.swift:34:5:34:44 | [summary param] this in toArray() :  | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  |
-| webview.swift:35:5:35:65 | [summary param] this in toDictionary() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDictionary() :  |
-| webview.swift:36:5:36:50 | [summary param] this in toPoint() :  | file://:0:0:0:0 | [summary] to write: return (return) in toPoint() :  |
-| webview.swift:37:5:37:50 | [summary param] this in toRange() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRange() :  |
-| webview.swift:38:5:38:47 | [summary param] this in toRect() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRect() :  |
-| webview.swift:39:5:39:47 | [summary param] this in toSize() :  | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  |
-| webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  |
-| webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
-| webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  |
-| webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  |
-| webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  |
-| webview.swift:52:11:52:18 | call to source() :  | webview.swift:52:10:52:41 | .body |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:59:10:59:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:60:10:60:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:61:10:61:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:62:10:62:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:63:10:63:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:64:10:64:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:65:10:65:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:66:10:66:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:67:10:67:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:68:10:68:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:69:10:69:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:70:10:70:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:71:10:71:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:72:10:72:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:73:10:73:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:74:10:74:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:75:10:75:10 | source :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:78:26:78:26 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:79:24:79:24 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:80:26:80:26 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:81:25:81:25 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:82:26:82:26 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:83:25:83:25 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:84:25:84:25 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:85:24:85:24 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:86:24:86:24 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:89:39:89:39 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:93:17:93:17 | s :  |
-| webview.swift:56:13:56:20 | call to source() :  | webview.swift:97:17:97:17 | s :  |
-| webview.swift:59:10:59:10 | source :  | webview.swift:25:5:25:41 | [summary param] this in toObject() :  |
-| webview.swift:59:10:59:10 | source :  | webview.swift:59:10:59:26 | call to toObject() |
-| webview.swift:60:10:60:10 | source :  | webview.swift:26:5:26:55 | [summary param] this in toObjectOf(_:) :  |
-| webview.swift:60:10:60:10 | source :  | webview.swift:60:10:60:41 | call to toObjectOf(_:) |
-| webview.swift:61:10:61:10 | source :  | webview.swift:27:5:27:42 | [summary param] this in toBool() :  |
-| webview.swift:61:10:61:10 | source :  | webview.swift:61:10:61:24 | call to toBool() |
-| webview.swift:62:10:62:10 | source :  | webview.swift:28:5:28:44 | [summary param] this in toDouble() :  |
-| webview.swift:62:10:62:10 | source :  | webview.swift:62:10:62:26 | call to toDouble() |
-| webview.swift:63:10:63:10 | source :  | webview.swift:29:5:29:40 | [summary param] this in toInt32() :  |
-| webview.swift:63:10:63:10 | source :  | webview.swift:63:10:63:25 | call to toInt32() |
-| webview.swift:64:10:64:10 | source :  | webview.swift:30:5:30:42 | [summary param] this in toUInt32() :  |
-| webview.swift:64:10:64:10 | source :  | webview.swift:64:10:64:26 | call to toUInt32() |
-| webview.swift:65:10:65:10 | source :  | webview.swift:31:5:31:62 | [summary param] this in toNumber() :  |
-| webview.swift:65:10:65:10 | source :  | webview.swift:65:10:65:26 | call to toNumber() |
-| webview.swift:66:10:66:10 | source :  | webview.swift:32:5:32:44 | [summary param] this in toString() :  |
-| webview.swift:66:10:66:10 | source :  | webview.swift:66:10:66:26 | call to toString() |
-| webview.swift:67:10:67:10 | source :  | webview.swift:33:5:33:44 | [summary param] this in toDate() :  |
-| webview.swift:67:10:67:10 | source :  | webview.swift:67:10:67:24 | call to toDate() |
-| webview.swift:68:10:68:10 | source :  | webview.swift:34:5:34:44 | [summary param] this in toArray() :  |
-| webview.swift:68:10:68:10 | source :  | webview.swift:68:10:68:25 | call to toArray() |
-| webview.swift:69:10:69:10 | source :  | webview.swift:35:5:35:65 | [summary param] this in toDictionary() :  |
-| webview.swift:69:10:69:10 | source :  | webview.swift:69:10:69:30 | call to toDictionary() |
-| webview.swift:70:10:70:10 | source :  | webview.swift:36:5:36:50 | [summary param] this in toPoint() :  |
-| webview.swift:70:10:70:10 | source :  | webview.swift:70:10:70:25 | call to toPoint() |
-| webview.swift:71:10:71:10 | source :  | webview.swift:37:5:37:50 | [summary param] this in toRange() :  |
-| webview.swift:71:10:71:10 | source :  | webview.swift:71:10:71:25 | call to toRange() |
-| webview.swift:72:10:72:10 | source :  | webview.swift:38:5:38:47 | [summary param] this in toRect() :  |
-| webview.swift:72:10:72:10 | source :  | webview.swift:72:10:72:24 | call to toRect() |
-| webview.swift:73:10:73:10 | source :  | webview.swift:39:5:39:47 | [summary param] this in toSize() :  |
-| webview.swift:73:10:73:10 | source :  | webview.swift:73:10:73:24 | call to toSize() |
-| webview.swift:74:10:74:10 | source :  | webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  |
-| webview.swift:74:10:74:10 | source :  | webview.swift:74:10:74:26 | call to atIndex(_:) |
-| webview.swift:75:10:75:10 | source :  | webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  |
-| webview.swift:75:10:75:10 | source :  | webview.swift:75:10:75:31 | call to forProperty(_:) |
-| webview.swift:78:26:78:26 | s :  | webview.swift:16:5:16:39 | [summary param] 0 in init(object:in:) :  |
-| webview.swift:78:26:78:26 | s :  | webview.swift:78:10:78:47 | call to init(object:in:) |
-| webview.swift:79:24:79:24 | s :  | webview.swift:17:5:17:38 | [summary param] 0 in init(bool:in:) :  |
-| webview.swift:79:24:79:24 | s :  | webview.swift:79:10:79:47 | call to init(bool:in:) |
-| webview.swift:80:26:80:26 | s :  | webview.swift:18:5:18:42 | [summary param] 0 in init(double:in:) :  |
-| webview.swift:80:26:80:26 | s :  | webview.swift:80:10:80:51 | call to init(double:in:) |
-| webview.swift:81:25:81:25 | s :  | webview.swift:19:5:19:40 | [summary param] 0 in init(int32:in:) :  |
-| webview.swift:81:25:81:25 | s :  | webview.swift:81:10:81:49 | call to init(int32:in:) |
-| webview.swift:82:26:82:26 | s :  | webview.swift:20:5:20:42 | [summary param] 0 in init(uInt32:in:) :  |
-| webview.swift:82:26:82:26 | s :  | webview.swift:82:10:82:51 | call to init(uInt32:in:) |
-| webview.swift:83:25:83:25 | s :  | webview.swift:21:5:21:42 | [summary param] 0 in init(point:in:) :  |
-| webview.swift:83:25:83:25 | s :  | webview.swift:83:10:83:51 | call to init(point:in:) |
-| webview.swift:84:25:84:25 | s :  | webview.swift:22:5:22:42 | [summary param] 0 in init(range:in:) :  |
-| webview.swift:84:25:84:25 | s :  | webview.swift:84:10:84:51 | call to init(range:in:) |
-| webview.swift:85:24:85:24 | s :  | webview.swift:23:5:23:40 | [summary param] 0 in init(rect:in:) :  |
-| webview.swift:85:24:85:24 | s :  | webview.swift:85:10:85:49 | call to init(rect:in:) |
-| webview.swift:86:24:86:24 | s :  | webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  |
-| webview.swift:86:24:86:24 | s :  | webview.swift:86:10:86:49 | call to init(size:in:) |
-| webview.swift:89:5:89:5 | [post] v1 :  | webview.swift:90:10:90:10 | v1 |
-| webview.swift:89:39:89:39 | s :  | webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  |
-| webview.swift:89:39:89:39 | s :  | webview.swift:89:5:89:5 | [post] v1 :  |
-| webview.swift:93:5:93:5 | [post] v2 :  | webview.swift:94:10:94:10 | v2 |
-| webview.swift:93:17:93:17 | s :  | webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  |
-| webview.swift:93:17:93:17 | s :  | webview.swift:93:5:93:5 | [post] v2 :  |
-| webview.swift:97:5:97:5 | [post] v3 :  | webview.swift:98:10:98:10 | v3 |
-| webview.swift:97:17:97:17 | s :  | webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  |
-| webview.swift:97:17:97:17 | s :  | webview.swift:97:5:97:5 | [post] v3 :  |
+| webview.swift:27:5:27:39 | [summary param] 0 in init(object:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(object:in:) :  |
+| webview.swift:28:5:28:38 | [summary param] 0 in init(bool:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  |
+| webview.swift:29:5:29:42 | [summary param] 0 in init(double:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(double:in:) :  |
+| webview.swift:30:5:30:40 | [summary param] 0 in init(int32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(int32:in:) :  |
+| webview.swift:31:5:31:42 | [summary param] 0 in init(uInt32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(uInt32:in:) :  |
+| webview.swift:32:5:32:42 | [summary param] 0 in init(point:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(point:in:) :  |
+| webview.swift:33:5:33:42 | [summary param] 0 in init(range:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  |
+| webview.swift:34:5:34:40 | [summary param] 0 in init(rect:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  |
+| webview.swift:35:5:35:40 | [summary param] 0 in init(size:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  |
+| webview.swift:36:5:36:41 | [summary param] this in toObject() :  | file://:0:0:0:0 | [summary] to write: return (return) in toObject() :  |
+| webview.swift:37:5:37:55 | [summary param] this in toObjectOf(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in toObjectOf(_:) :  |
+| webview.swift:38:5:38:42 | [summary param] this in toBool() :  | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  |
+| webview.swift:39:5:39:44 | [summary param] this in toDouble() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDouble() :  |
+| webview.swift:40:5:40:40 | [summary param] this in toInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toInt32() :  |
+| webview.swift:41:5:41:42 | [summary param] this in toUInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  |
+| webview.swift:42:5:42:62 | [summary param] this in toNumber() :  | file://:0:0:0:0 | [summary] to write: return (return) in toNumber() :  |
+| webview.swift:43:5:43:44 | [summary param] this in toString() :  | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  |
+| webview.swift:44:5:44:44 | [summary param] this in toDate() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  |
+| webview.swift:45:5:45:44 | [summary param] this in toArray() :  | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  |
+| webview.swift:46:5:46:65 | [summary param] this in toDictionary() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDictionary() :  |
+| webview.swift:47:5:47:50 | [summary param] this in toPoint() :  | file://:0:0:0:0 | [summary] to write: return (return) in toPoint() :  |
+| webview.swift:48:5:48:50 | [summary param] this in toRange() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRange() :  |
+| webview.swift:49:5:49:47 | [summary param] this in toRect() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRect() :  |
+| webview.swift:50:5:50:47 | [summary param] this in toSize() :  | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  |
+| webview.swift:51:5:51:84 | [summary param] this in atIndex(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  |
+| webview.swift:52:5:52:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
+| webview.swift:53:5:53:89 | [summary param] this in forProperty(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  |
+| webview.swift:54:5:54:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  |
+| webview.swift:55:5:55:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  |
+| webview.swift:65:5:65:93 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:66:5:66:126 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| webview.swift:77:11:77:18 | call to source() :  | webview.swift:77:10:77:41 | .body |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:84:10:84:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:85:10:85:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:86:10:86:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:87:10:87:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:88:10:88:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:89:10:89:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:90:10:90:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:91:10:91:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:92:10:92:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:93:10:93:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:94:10:94:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:95:10:95:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:96:10:96:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:97:10:97:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:98:10:98:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:99:10:99:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:100:10:100:10 | source :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:103:26:103:26 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:104:24:104:24 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:105:26:105:26 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:106:25:106:25 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:107:26:107:26 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:108:25:108:25 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:109:25:109:25 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:110:24:110:24 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:111:24:111:24 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:114:39:114:39 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:118:17:118:17 | s :  |
+| webview.swift:81:13:81:20 | call to source() :  | webview.swift:122:17:122:17 | s :  |
+| webview.swift:84:10:84:10 | source :  | webview.swift:36:5:36:41 | [summary param] this in toObject() :  |
+| webview.swift:84:10:84:10 | source :  | webview.swift:84:10:84:26 | call to toObject() |
+| webview.swift:85:10:85:10 | source :  | webview.swift:37:5:37:55 | [summary param] this in toObjectOf(_:) :  |
+| webview.swift:85:10:85:10 | source :  | webview.swift:85:10:85:41 | call to toObjectOf(_:) |
+| webview.swift:86:10:86:10 | source :  | webview.swift:38:5:38:42 | [summary param] this in toBool() :  |
+| webview.swift:86:10:86:10 | source :  | webview.swift:86:10:86:24 | call to toBool() |
+| webview.swift:87:10:87:10 | source :  | webview.swift:39:5:39:44 | [summary param] this in toDouble() :  |
+| webview.swift:87:10:87:10 | source :  | webview.swift:87:10:87:26 | call to toDouble() |
+| webview.swift:88:10:88:10 | source :  | webview.swift:40:5:40:40 | [summary param] this in toInt32() :  |
+| webview.swift:88:10:88:10 | source :  | webview.swift:88:10:88:25 | call to toInt32() |
+| webview.swift:89:10:89:10 | source :  | webview.swift:41:5:41:42 | [summary param] this in toUInt32() :  |
+| webview.swift:89:10:89:10 | source :  | webview.swift:89:10:89:26 | call to toUInt32() |
+| webview.swift:90:10:90:10 | source :  | webview.swift:42:5:42:62 | [summary param] this in toNumber() :  |
+| webview.swift:90:10:90:10 | source :  | webview.swift:90:10:90:26 | call to toNumber() |
+| webview.swift:91:10:91:10 | source :  | webview.swift:43:5:43:44 | [summary param] this in toString() :  |
+| webview.swift:91:10:91:10 | source :  | webview.swift:91:10:91:26 | call to toString() |
+| webview.swift:92:10:92:10 | source :  | webview.swift:44:5:44:44 | [summary param] this in toDate() :  |
+| webview.swift:92:10:92:10 | source :  | webview.swift:92:10:92:24 | call to toDate() |
+| webview.swift:93:10:93:10 | source :  | webview.swift:45:5:45:44 | [summary param] this in toArray() :  |
+| webview.swift:93:10:93:10 | source :  | webview.swift:93:10:93:25 | call to toArray() |
+| webview.swift:94:10:94:10 | source :  | webview.swift:46:5:46:65 | [summary param] this in toDictionary() :  |
+| webview.swift:94:10:94:10 | source :  | webview.swift:94:10:94:30 | call to toDictionary() |
+| webview.swift:95:10:95:10 | source :  | webview.swift:47:5:47:50 | [summary param] this in toPoint() :  |
+| webview.swift:95:10:95:10 | source :  | webview.swift:95:10:95:25 | call to toPoint() |
+| webview.swift:96:10:96:10 | source :  | webview.swift:48:5:48:50 | [summary param] this in toRange() :  |
+| webview.swift:96:10:96:10 | source :  | webview.swift:96:10:96:25 | call to toRange() |
+| webview.swift:97:10:97:10 | source :  | webview.swift:49:5:49:47 | [summary param] this in toRect() :  |
+| webview.swift:97:10:97:10 | source :  | webview.swift:97:10:97:24 | call to toRect() |
+| webview.swift:98:10:98:10 | source :  | webview.swift:50:5:50:47 | [summary param] this in toSize() :  |
+| webview.swift:98:10:98:10 | source :  | webview.swift:98:10:98:24 | call to toSize() |
+| webview.swift:99:10:99:10 | source :  | webview.swift:51:5:51:84 | [summary param] this in atIndex(_:) :  |
+| webview.swift:99:10:99:10 | source :  | webview.swift:99:10:99:26 | call to atIndex(_:) |
+| webview.swift:100:10:100:10 | source :  | webview.swift:53:5:53:89 | [summary param] this in forProperty(_:) :  |
+| webview.swift:100:10:100:10 | source :  | webview.swift:100:10:100:31 | call to forProperty(_:) |
+| webview.swift:103:26:103:26 | s :  | webview.swift:27:5:27:39 | [summary param] 0 in init(object:in:) :  |
+| webview.swift:103:26:103:26 | s :  | webview.swift:103:10:103:47 | call to init(object:in:) |
+| webview.swift:104:24:104:24 | s :  | webview.swift:28:5:28:38 | [summary param] 0 in init(bool:in:) :  |
+| webview.swift:104:24:104:24 | s :  | webview.swift:104:10:104:47 | call to init(bool:in:) |
+| webview.swift:105:26:105:26 | s :  | webview.swift:29:5:29:42 | [summary param] 0 in init(double:in:) :  |
+| webview.swift:105:26:105:26 | s :  | webview.swift:105:10:105:51 | call to init(double:in:) |
+| webview.swift:106:25:106:25 | s :  | webview.swift:30:5:30:40 | [summary param] 0 in init(int32:in:) :  |
+| webview.swift:106:25:106:25 | s :  | webview.swift:106:10:106:49 | call to init(int32:in:) |
+| webview.swift:107:26:107:26 | s :  | webview.swift:31:5:31:42 | [summary param] 0 in init(uInt32:in:) :  |
+| webview.swift:107:26:107:26 | s :  | webview.swift:107:10:107:51 | call to init(uInt32:in:) |
+| webview.swift:108:25:108:25 | s :  | webview.swift:32:5:32:42 | [summary param] 0 in init(point:in:) :  |
+| webview.swift:108:25:108:25 | s :  | webview.swift:108:10:108:51 | call to init(point:in:) |
+| webview.swift:109:25:109:25 | s :  | webview.swift:33:5:33:42 | [summary param] 0 in init(range:in:) :  |
+| webview.swift:109:25:109:25 | s :  | webview.swift:109:10:109:51 | call to init(range:in:) |
+| webview.swift:110:24:110:24 | s :  | webview.swift:34:5:34:40 | [summary param] 0 in init(rect:in:) :  |
+| webview.swift:110:24:110:24 | s :  | webview.swift:110:10:110:49 | call to init(rect:in:) |
+| webview.swift:111:24:111:24 | s :  | webview.swift:35:5:35:40 | [summary param] 0 in init(size:in:) :  |
+| webview.swift:111:24:111:24 | s :  | webview.swift:111:10:111:49 | call to init(size:in:) |
+| webview.swift:114:5:114:5 | [post] v1 :  | webview.swift:115:10:115:10 | v1 |
+| webview.swift:114:39:114:39 | s :  | webview.swift:52:5:52:53 | [summary param] 1 in defineProperty(_:descriptor:) :  |
+| webview.swift:114:39:114:39 | s :  | webview.swift:114:5:114:5 | [post] v1 :  |
+| webview.swift:118:5:118:5 | [post] v2 :  | webview.swift:119:10:119:10 | v2 |
+| webview.swift:118:17:118:17 | s :  | webview.swift:54:5:54:38 | [summary param] 0 in setValue(_:at:) :  |
+| webview.swift:118:17:118:17 | s :  | webview.swift:118:5:118:5 | [post] v2 :  |
+| webview.swift:122:5:122:5 | [post] v3 :  | webview.swift:123:10:123:10 | v3 |
+| webview.swift:122:17:122:17 | s :  | webview.swift:55:5:55:48 | [summary param] 0 in setValue(_:forProperty:) :  |
+| webview.swift:122:17:122:17 | s :  | webview.swift:122:5:122:5 | [post] v3 :  |
+| webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) :  | webview.swift:133:10:133:10 | b |
+| webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) :  | webview.swift:134:10:134:12 | .source |
+| webview.swift:132:34:132:41 | call to source() :  | webview.swift:65:5:65:93 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:132:34:132:41 | call to source() :  | webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) :  | webview.swift:138:10:138:10 | c |
+| webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) :  | webview.swift:139:10:139:12 | .source |
+| webview.swift:137:34:137:41 | call to source() :  | webview.swift:66:5:66:126 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| webview.swift:137:34:137:41 | call to source() :  | webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) :  |
 nodes
+| data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  | semmle.label | [summary param] 0 in init(_:) :  |
+| data.swift:25:2:25:66 | [summary param] 0 in init(base64Encoded:options:) :  | semmle.label | [summary param] 0 in init(base64Encoded:options:) :  |
+| data.swift:26:2:26:61 | [summary param] 0 in init(buffer:) :  | semmle.label | [summary param] 0 in init(buffer:) :  |
+| data.swift:27:2:27:62 | [summary param] 0 in init(buffer:) :  | semmle.label | [summary param] 0 in init(buffer:) :  |
+| data.swift:28:2:28:45 | [summary param] 0 in init(bytes:count:) :  | semmle.label | [summary param] 0 in init(bytes:count:) :  |
+| data.swift:29:2:29:82 | [summary param] 0 in init(bytesNoCopy:count:deallocator:) :  | semmle.label | [summary param] 0 in init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:30:2:30:50 | [summary param] 0 in init(contentsOf:options:) :  | semmle.label | [summary param] 0 in init(contentsOf:options:) :  |
+| data.swift:31:2:31:29 | [summary param] 0 in init(referencing:) :  | semmle.label | [summary param] 0 in init(referencing:) :  |
+| data.swift:32:2:32:24 | [summary param] 0 in append(_:) :  | semmle.label | [summary param] 0 in append(_:) :  |
+| data.swift:33:2:33:25 | [summary param] 0 in append(_:) :  | semmle.label | [summary param] 0 in append(_:) :  |
+| data.swift:34:2:34:63 | [summary param] 0 in append(_:) :  | semmle.label | [summary param] 0 in append(_:) :  |
+| data.swift:35:2:35:52 | [summary param] 0 in append(_:count:) :  | semmle.label | [summary param] 0 in append(_:count:) :  |
+| data.swift:36:2:36:36 | [summary param] 0 in append(contentsOf:) :  | semmle.label | [summary param] 0 in append(contentsOf:) :  |
+| data.swift:38:2:38:88 | [summary param] this in base64EncodedData(options:) :  | semmle.label | [summary param] this in base64EncodedData(options:) :  |
+| data.swift:39:2:39:86 | [summary param] this in base64EncodedString(options:) :  | semmle.label | [summary param] this in base64EncodedString(options:) :  |
+| data.swift:40:2:40:99 | [summary param] this in compactMap(_:) :  | semmle.label | [summary param] this in compactMap(_:) :  |
+| data.swift:41:2:41:53 | [summary param] this in copyBytes(to:) :  | semmle.label | [summary param] this in copyBytes(to:) :  |
+| data.swift:44:2:44:137 | [summary param] this in flatMap(_:) :  | semmle.label | [summary param] this in flatMap(_:) :  |
+| data.swift:45:2:45:97 | [summary param] this in flatMap(_:) :  | semmle.label | [summary param] this in flatMap(_:) :  |
+| data.swift:46:2:46:34 | [summary param] 0 in insert(_:at:) :  | semmle.label | [summary param] 0 in insert(_:at:) :  |
+| data.swift:47:2:47:83 | [summary param] 0 in insert(contentsOf:at:) :  | semmle.label | [summary param] 0 in insert(contentsOf:at:) :  |
+| data.swift:48:2:48:50 | [summary param] this in map(_:) :  | semmle.label | [summary param] this in map(_:) :  |
+| data.swift:49:2:49:115 | [summary param] this in reduce(into:_:) :  | semmle.label | [summary param] this in reduce(into:_:) :  |
+| data.swift:50:2:50:180 | [summary param] 1 in replace(_:with:maxReplacements:) :  | semmle.label | [summary param] 1 in replace(_:with:maxReplacements:) :  |
+| data.swift:51:2:51:58 | [summary param] 1 in replaceSubrange(_:with:) :  | semmle.label | [summary param] 1 in replaceSubrange(_:with:) :  |
+| data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  | semmle.label | [summary param] 1 in replaceSubrange(_:with:) :  |
+| data.swift:54:2:54:82 | [summary param] 1 in replaceSubrange(_:with:count:) :  | semmle.label | [summary param] 1 in replaceSubrange(_:with:count:) :  |
+| data.swift:56:2:56:214 | [summary param] 1 in replacing(_:with:maxReplacements:) :  | semmle.label | [summary param] 1 in replacing(_:with:maxReplacements:) :  |
+| data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  | semmle.label | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  |
+| data.swift:58:2:58:39 | [summary param] this in sorted() :  | semmle.label | [summary param] this in sorted() :  |
+| data.swift:59:2:59:81 | [summary param] this in sorted(by:) :  | semmle.label | [summary param] this in sorted(by:) :  |
+| data.swift:60:2:60:132 | [summary param] this in sorted(using:) :  | semmle.label | [summary param] this in sorted(using:) :  |
+| data.swift:61:2:61:41 | [summary param] this in shuffled() :  | semmle.label | [summary param] this in shuffled() :  |
+| data.swift:62:2:62:58 | [summary param] this in shuffled(using:) :  | semmle.label | [summary param] this in shuffled(using:) :  |
+| data.swift:63:2:63:123 | [summary param] this in trimmingPrefix(_:) :  | semmle.label | [summary param] this in trimmingPrefix(_:) :  |
+| data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) :  | semmle.label | [summary param] this in trimmingPrefix(while:) :  |
+| data.swift:81:20:81:51 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| data.swift:81:25:81:47 | .utf8 :  | semmle.label | .utf8 :  |
+| data.swift:81:26:81:33 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:82:21:82:37 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| data.swift:82:26:82:26 | dataTainted :  | semmle.label | dataTainted :  |
+| data.swift:85:12:85:12 | dataTainted | semmle.label | dataTainted |
+| data.swift:86:12:86:12 | dataTainted2 | semmle.label | dataTainted2 |
+| data.swift:89:21:89:71 | call to init(base64Encoded:options:) :  | semmle.label | call to init(base64Encoded:options:) :  |
+| data.swift:89:41:89:48 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:90:12:90:12 | dataTainted3 | semmle.label | dataTainted3 |
+| data.swift:93:21:93:73 | call to init(buffer:) :  | semmle.label | call to init(buffer:) :  |
+| data.swift:93:34:93:41 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:94:12:94:12 | dataTainted4 | semmle.label | dataTainted4 |
+| data.swift:95:21:95:74 | call to init(buffer:) :  | semmle.label | call to init(buffer:) :  |
+| data.swift:95:34:95:41 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:96:12:96:12 | dataTainted5 | semmle.label | dataTainted5 |
+| data.swift:99:21:99:72 | call to init(bytes:count:) :  | semmle.label | call to init(bytes:count:) :  |
+| data.swift:99:33:99:40 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:100:12:100:12 | dataTainted6 | semmle.label | dataTainted6 |
+| data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) :  | semmle.label | call to init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:103:39:103:46 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:104:12:104:12 | dataTainted7 | semmle.label | dataTainted7 |
+| data.swift:107:20:107:27 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:108:21:108:62 | call to init(contentsOf:options:) :  | semmle.label | call to init(contentsOf:options:) :  |
+| data.swift:108:38:108:38 | urlTainted8 :  | semmle.label | urlTainted8 :  |
+| data.swift:109:12:109:12 | dataTainted8 | semmle.label | dataTainted8 |
+| data.swift:112:21:112:58 | call to init(referencing:) :  | semmle.label | call to init(referencing:) :  |
+| data.swift:112:39:112:46 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:113:12:113:12 | dataTainted9 | semmle.label | dataTainted9 |
+| data.swift:117:2:117:2 | [post] dataTainted10 :  | semmle.label | [post] dataTainted10 :  |
+| data.swift:117:23:117:30 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:118:12:118:12 | dataTainted10 | semmle.label | dataTainted10 |
+| data.swift:121:2:121:2 | [post] dataTainted11 :  | semmle.label | [post] dataTainted11 :  |
+| data.swift:121:23:121:30 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:122:12:122:12 | dataTainted11 | semmle.label | dataTainted11 |
+| data.swift:125:2:125:2 | [post] dataTainted12 :  | semmle.label | [post] dataTainted12 :  |
+| data.swift:125:23:125:30 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:126:12:126:12 | dataTainted12 | semmle.label | dataTainted12 |
+| data.swift:130:2:130:2 | [post] dataTainted13 :  | semmle.label | [post] dataTainted13 :  |
+| data.swift:130:23:130:30 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:131:12:131:12 | dataTainted13 | semmle.label | dataTainted13 |
+| data.swift:135:2:135:2 | [post] dataTainted14 :  | semmle.label | [post] dataTainted14 :  |
+| data.swift:135:35:135:42 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:136:12:136:12 | dataTainted14 | semmle.label | dataTainted14 |
+| data.swift:139:22:139:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:140:12:140:12 | dataTainted15 :  | semmle.label | dataTainted15 :  |
+| data.swift:140:12:140:55 | call to base64EncodedData(options:) | semmle.label | call to base64EncodedData(options:) |
+| data.swift:143:22:143:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:144:12:144:12 | dataTainted16 :  | semmle.label | dataTainted16 :  |
+| data.swift:144:12:144:57 | call to base64EncodedString(options:) | semmle.label | call to base64EncodedString(options:) |
+| data.swift:147:22:147:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:148:29:148:29 | dataTainted17 :  | semmle.label | dataTainted17 :  |
+| data.swift:148:29:148:72 | call to compactMap(_:) :  | semmle.label | call to compactMap(_:) :  |
+| data.swift:149:12:149:12 | compactMapped | semmle.label | compactMapped |
+| data.swift:152:22:152:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:154:2:154:2 | dataTainted18 :  | semmle.label | dataTainted18 :  |
+| data.swift:154:30:154:30 | [post] pointerTainted18 :  | semmle.label | [post] pointerTainted18 :  |
+| data.swift:155:12:155:12 | pointerTainted18 | semmle.label | pointerTainted18 |
+| data.swift:170:22:170:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:171:19:171:19 | dataTainted21 :  | semmle.label | dataTainted21 :  |
+| data.swift:171:19:171:74 | call to flatMap(_:) :  | semmle.label | call to flatMap(_:) :  |
+| data.swift:172:12:172:12 | flatMapped | semmle.label | flatMapped |
+| data.swift:174:22:174:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:175:20:175:20 | dataTainted22 :  | semmle.label | dataTainted22 :  |
+| data.swift:175:20:175:60 | call to flatMap(_:) :  | semmle.label | call to flatMap(_:) :  |
+| data.swift:176:12:176:12 | flatMapped2 | semmle.label | flatMapped2 |
+| data.swift:180:2:180:2 | [post] dataTainted23 :  | semmle.label | [post] dataTainted23 :  |
+| data.swift:180:23:180:30 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:181:12:181:12 | dataTainted23 | semmle.label | dataTainted23 |
+| data.swift:185:2:185:2 | [post] dataTainted24 :  | semmle.label | [post] dataTainted24 :  |
+| data.swift:185:35:185:42 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:186:12:186:12 | dataTainted24 | semmle.label | dataTainted24 |
+| data.swift:189:22:189:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:190:15:190:15 | dataTainted25 :  | semmle.label | dataTainted25 :  |
+| data.swift:190:15:190:38 | call to map(_:) :  | semmle.label | call to map(_:) :  |
+| data.swift:191:12:191:12 | mapped | semmle.label | mapped |
+| data.swift:194:22:194:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:195:16:195:16 | dataTainted26 :  | semmle.label | dataTainted26 :  |
+| data.swift:195:16:195:80 | call to reduce(into:_:) :  | semmle.label | call to reduce(into:_:) :  |
+| data.swift:196:12:196:12 | reduced | semmle.label | reduced |
+| data.swift:200:2:200:2 | [post] dataTainted27 :  | semmle.label | [post] dataTainted27 :  |
+| data.swift:200:35:200:42 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:201:12:201:12 | dataTainted27 | semmle.label | dataTainted27 |
+| data.swift:205:2:205:2 | [post] dataTainted28 :  | semmle.label | [post] dataTainted28 :  |
+| data.swift:205:45:205:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:206:12:206:12 | dataTainted28 | semmle.label | dataTainted28 |
+| data.swift:209:2:209:2 | [post] dataTainted29 :  | semmle.label | [post] dataTainted29 :  |
+| data.swift:209:45:209:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:210:12:210:12 | dataTainted29 | semmle.label | dataTainted29 |
+| data.swift:213:2:213:2 | [post] dataTainted30 :  | semmle.label | [post] dataTainted30 :  |
+| data.swift:213:45:213:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:214:12:214:12 | dataTainted30 | semmle.label | dataTainted30 |
+| data.swift:218:2:218:2 | [post] dataTainted31 :  | semmle.label | [post] dataTainted31 :  |
+| data.swift:218:45:218:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:219:12:219:12 | dataTainted31 | semmle.label | dataTainted31 |
+| data.swift:223:10:223:10 | [post] dataTainted32 :  | semmle.label | [post] dataTainted32 :  |
+| data.swift:223:45:223:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:224:12:224:12 | dataTainted32 | semmle.label | dataTainted32 |
+| data.swift:228:10:228:10 | [post] dataTainted33 :  | semmle.label | [post] dataTainted33 :  |
+| data.swift:228:45:228:52 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:229:12:229:12 | dataTainted33 | semmle.label | dataTainted33 |
+| data.swift:236:22:236:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:237:12:237:12 | dataTainted35 :  | semmle.label | dataTainted35 :  |
+| data.swift:237:12:237:33 | call to sorted() | semmle.label | call to sorted() |
+| data.swift:240:22:240:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:241:12:241:12 | dataTainted36 :  | semmle.label | dataTainted36 :  |
+| data.swift:241:12:241:54 | call to sorted(by:) | semmle.label | call to sorted(by:) |
+| data.swift:244:22:244:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:245:12:245:12 | dataTainted37 :  | semmle.label | dataTainted37 :  |
+| data.swift:245:12:245:46 | call to sorted(using:) | semmle.label | call to sorted(using:) |
+| data.swift:248:22:248:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:249:12:249:12 | dataTainted38 :  | semmle.label | dataTainted38 :  |
+| data.swift:249:12:249:35 | call to shuffled() | semmle.label | call to shuffled() |
+| data.swift:252:22:252:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:254:12:254:12 | dataTainted39 :  | semmle.label | dataTainted39 :  |
+| data.swift:254:12:254:46 | call to shuffled(using:) | semmle.label | call to shuffled(using:) |
+| data.swift:257:22:257:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:258:12:258:12 | dataTainted40 :  | semmle.label | dataTainted40 :  |
+| data.swift:258:12:258:44 | call to trimmingPrefix(_:) | semmle.label | call to trimmingPrefix(_:) |
+| data.swift:261:22:261:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:262:12:262:12 | dataTainted41 :  | semmle.label | dataTainted41 :  |
+| data.swift:262:12:262:54 | call to trimmingPrefix(while:) | semmle.label | call to trimmingPrefix(while:) |
+| file://:0:0:0:0 | .bytes :  | semmle.label | .bytes :  |
+| file://:0:0:0:0 | .description :  | semmle.label | .description :  |
+| file://:0:0:0:0 | .mutableBytes :  | semmle.label | .mutableBytes :  |
+| file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) :  | semmle.label | [summary] to write: argument 0 in copyBytes(to:) :  |
+| file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:length:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:length:) :  |
+| file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:range:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:range:) :  |
+| file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  | semmle.label | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | semmle.label | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:count:) :  | semmle.label | [summary] to write: argument this in append(_:count:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:length:) :  | semmle.label | [summary] to write: argument this in append(_:length:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  | semmle.label | [summary] to write: argument this in append(contentsOf:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | semmle.label | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in insert(_:at:) :  | semmle.label | [summary] to write: argument this in insert(_:at:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  | semmle.label | [summary] to write: argument this in insert(contentsOf:at:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replace(_:with:maxReplacements:) :  | semmle.label | [summary] to write: argument this in replace(_:with:maxReplacements:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:) :  | semmle.label | [summary] to write: argument this in replaceBytes(in:withBytes:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  | semmle.label | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  | semmle.label | [summary] to write: argument this in replaceSubrange(_:with:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  | semmle.label | [summary] to write: argument this in replaceSubrange(_:with:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:count:) :  | semmle.label | [summary] to write: argument this in replaceSubrange(_:with:count:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:maxReplacements:) :  | semmle.label | [summary] to write: argument this in replacing(_:with:maxReplacements:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:subrange:maxReplacements:) :  | semmle.label | [summary] to write: argument this in replacing(_:with:subrange:maxReplacements:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in setData(_:) :  | semmle.label | [summary] to write: argument this in setData(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | semmle.label | [summary] to write: argument this in setValue(_:at:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | semmle.label | [summary] to write: argument this in setValue(_:forProperty:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  | semmle.label | [summary] to write: return (return) in atIndex(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedData(options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedData(options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedString(options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedString(options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in base64Encoding() :  | semmle.label | [summary] to write: return (return) in base64Encoding() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in compactMap(_:) :  | semmle.label | [summary] to write: return (return) in compactMap(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in compressed(using:) :  | semmle.label | [summary] to write: return (return) in compressed(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  | semmle.label | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in decompressed(using:) :  | semmle.label | [summary] to write: return (return) in decompressed(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  | semmle.label | [summary] to write: return (return) in forProperty(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | semmle.label | [summary] to write: return (return) in init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | semmle.label | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | semmle.label | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | semmle.label | [summary] to write: return (return) in init(base64Encoded:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoding:) :  | semmle.label | [summary] to write: return (return) in init(base64Encoding:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  | semmle.label | [summary] to write: return (return) in init(bool:in:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  | semmle.label | [summary] to write: return (return) in init(buffer:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  | semmle.label | [summary] to write: return (return) in init(buffer:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:count:) :  | semmle.label | [summary] to write: return (return) in init(bytes:count:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:length:) :  | semmle.label | [summary] to write: return (return) in init(bytes:length:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:count:deallocator:) :  | semmle.label | [summary] to write: return (return) in init(bytesNoCopy:count:deallocator:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:) :  | semmle.label | [summary] to write: return (return) in init(bytesNoCopy:length:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:deallocator:) :  | semmle.label | [summary] to write: return (return) in init(bytesNoCopy:length:deallocator:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:freeWhenDone:) :  | semmle.label | [summary] to write: return (return) in init(bytesNoCopy:length:freeWhenDone:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:) :  | semmle.label | [summary] to write: return (return) in init(contentsOf:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  | semmle.label | [summary] to write: return (return) in init(contentsOf:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  | semmle.label | [summary] to write: return (return) in init(contentsOf:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:) :  | semmle.label | [summary] to write: return (return) in init(contentsOfFile:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:options:) :  | semmle.label | [summary] to write: return (return) in init(contentsOfFile:options:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfMappedFile:) :  | semmle.label | [summary] to write: return (return) in init(contentsOfMappedFile:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(data:) :  | semmle.label | [summary] to write: return (return) in init(data:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(double:in:) :  | semmle.label | [summary] to write: return (return) in init(double:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(int32:in:) :  | semmle.label | [summary] to write: return (return) in init(int32:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(object:in:) :  | semmle.label | [summary] to write: return (return) in init(object:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(point:in:) :  | semmle.label | [summary] to write: return (return) in init(point:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  | semmle.label | [summary] to write: return (return) in init(range:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  | semmle.label | [summary] to write: return (return) in init(rect:in:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(referencing:) :  | semmle.label | [summary] to write: return (return) in init(referencing:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  | semmle.label | [summary] to write: return (return) in init(size:in:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | semmle.label | [summary] to write: return (return) in init(string:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(uInt32:in:) :  | semmle.label | [summary] to write: return (return) in init(uInt32:in:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in map(_:) :  | semmle.label | [summary] to write: return (return) in map(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in reduce(into:_:) :  | semmle.label | [summary] to write: return (return) in reduce(into:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in shuffled() :  | semmle.label | [summary] to write: return (return) in shuffled() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in shuffled(using:) :  | semmle.label | [summary] to write: return (return) in shuffled(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  | semmle.label | [summary] to write: return (return) in sorted() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  | semmle.label | [summary] to write: return (return) in sorted(by:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  | semmle.label | [summary] to write: return (return) in sorted(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in subdata(with:) :  | semmle.label | [summary] to write: return (return) in subdata(with:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  | semmle.label | [summary] to write: return (return) in toArray() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  | semmle.label | [summary] to write: return (return) in toBool() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  | semmle.label | [summary] to write: return (return) in toDate() :  |
@@ -273,6 +814,143 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  | semmle.label | [summary] to write: return (return) in toSize() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  | semmle.label | [summary] to write: return (return) in toString() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  | semmle.label | [summary] to write: return (return) in toUInt32() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(_:) :  | semmle.label | [summary] to write: return (return) in trimmingPrefix(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(while:) :  | semmle.label | [summary] to write: return (return) in trimmingPrefix(while:) :  |
+| nsdata.swift:22:9:22:9 | self :  | semmle.label | self :  |
+| nsdata.swift:23:9:23:9 | self :  | semmle.label | self :  |
+| nsdata.swift:24:5:24:50 | [summary param] 0 in init(bytes:length:) :  | semmle.label | [summary param] 0 in init(bytes:length:) :  |
+| nsdata.swift:25:5:25:68 | [summary param] 0 in init(bytesNoCopy:length:) :  | semmle.label | [summary param] 0 in init(bytesNoCopy:length:) :  |
+| nsdata.swift:26:5:26:130 | [summary param] 0 in init(bytesNoCopy:length:deallocator:) :  | semmle.label | [summary param] 0 in init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:27:5:27:90 | [summary param] 0 in init(bytesNoCopy:length:freeWhenDone:) :  | semmle.label | [summary param] 0 in init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:28:5:28:23 | [summary param] 0 in init(data:) :  | semmle.label | [summary param] 0 in init(data:) :  |
+| nsdata.swift:29:5:29:36 | [summary param] 0 in init(contentsOfFile:) :  | semmle.label | [summary param] 0 in init(contentsOfFile:) :  |
+| nsdata.swift:30:5:30:93 | [summary param] 0 in init(contentsOfFile:options:) :  | semmle.label | [summary param] 0 in init(contentsOfFile:options:) :  |
+| nsdata.swift:31:5:31:29 | [summary param] 0 in init(contentsOf:) :  | semmle.label | [summary param] 0 in init(contentsOf:) :  |
+| nsdata.swift:32:5:32:61 | [summary param] 0 in init(contentsOf:options:) :  | semmle.label | [summary param] 0 in init(contentsOf:options:) :  |
+| nsdata.swift:33:5:33:47 | [summary param] 0 in init(contentsOfMappedFile:) :  | semmle.label | [summary param] 0 in init(contentsOfMappedFile:) :  |
+| nsdata.swift:34:5:34:88 | [summary param] 0 in init(base64Encoded:options:) :  | semmle.label | [summary param] 0 in init(base64Encoded:options:) :  |
+| nsdata.swift:35:5:35:92 | [summary param] 0 in init(base64Encoded:options:) :  | semmle.label | [summary param] 0 in init(base64Encoded:options:) :  |
+| nsdata.swift:36:5:36:49 | [summary param] 0 in init(base64Encoding:) :  | semmle.label | [summary param] 0 in init(base64Encoding:) :  |
+| nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  | semmle.label | [summary param] this in base64EncodedData(options:) :  |
+| nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  | semmle.label | [summary param] this in base64EncodedString(options:) :  |
+| nsdata.swift:39:5:39:49 | [summary param] this in base64Encoding() :  | semmle.label | [summary param] this in base64Encoding() :  |
+| nsdata.swift:40:5:40:82 | [summary param] 0 in dataWithContentsOfMappedFile(_:) :  | semmle.label | [summary param] 0 in dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:41:5:41:104 | [summary param] this in enumerateBytes(_:) :  | semmle.label | [summary param] this in enumerateBytes(_:) :  |
+| nsdata.swift:42:5:42:55 | [summary param] this in getBytes(_:) :  | semmle.label | [summary param] this in getBytes(_:) :  |
+| nsdata.swift:43:5:43:68 | [summary param] this in getBytes(_:length:) :  | semmle.label | [summary param] this in getBytes(_:length:) :  |
+| nsdata.swift:44:5:44:71 | [summary param] this in getBytes(_:range:) :  | semmle.label | [summary param] this in getBytes(_:range:) :  |
+| nsdata.swift:45:5:45:65 | [summary param] this in subdata(with:) :  | semmle.label | [summary param] this in subdata(with:) :  |
+| nsdata.swift:46:5:46:89 | [summary param] this in compressed(using:) :  | semmle.label | [summary param] this in compressed(using:) :  |
+| nsdata.swift:47:5:47:91 | [summary param] this in decompressed(using:) :  | semmle.label | [summary param] this in decompressed(using:) :  |
+| nsdata.swift:57:26:57:80 | call to init(bytes:length:) :  | semmle.label | call to init(bytes:length:) :  |
+| nsdata.swift:57:40:57:47 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:58:15:58:15 | nsDataTainted1 | semmle.label | nsDataTainted1 |
+| nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) :  | semmle.label | call to init(bytesNoCopy:length:) :  |
+| nsdata.swift:60:46:60:53 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:61:15:61:15 | nsDataTainted2 | semmle.label | nsDataTainted2 |
+| nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) :  | semmle.label | call to init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:63:46:63:53 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:64:15:64:15 | nsDataTainted3 | semmle.label | nsDataTainted3 |
+| nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) :  | semmle.label | call to init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:66:46:66:53 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:67:15:67:15 | nsDataTainted4 | semmle.label | nsDataTainted4 |
+| nsdata.swift:69:26:69:56 | call to init(data:) :  | semmle.label | call to init(data:) :  |
+| nsdata.swift:69:39:69:46 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:70:15:70:15 | nsDataTainted5 | semmle.label | nsDataTainted5 |
+| nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) :  | semmle.label | call to init(contentsOfFile:) :  |
+| nsdata.swift:72:49:72:56 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:73:15:73:29 | ...! | semmle.label | ...! |
+| nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) :  | semmle.label | call to init(contentsOfFile:options:) :  |
+| nsdata.swift:75:49:75:56 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:76:15:76:15 | nsDataTainted7 | semmle.label | nsDataTainted7 |
+| nsdata.swift:78:26:78:61 | call to init(contentsOf:) :  | semmle.label | call to init(contentsOf:) :  |
+| nsdata.swift:78:45:78:52 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:79:15:79:29 | ...! | semmle.label | ...! |
+| nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) :  | semmle.label | call to init(contentsOf:options:) :  |
+| nsdata.swift:81:45:81:52 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:82:15:82:29 | ...! | semmle.label | ...! |
+| nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) :  | semmle.label | call to init(contentsOfMappedFile:) :  |
+| nsdata.swift:84:56:84:63 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:85:15:85:30 | ...! | semmle.label | ...! |
+| nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) :  | semmle.label | call to init(base64Encoded:options:) :  |
+| nsdata.swift:87:49:87:56 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:88:15:88:30 | ...! | semmle.label | ...! |
+| nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) :  | semmle.label | call to init(base64Encoded:options:) :  |
+| nsdata.swift:89:49:89:56 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:90:15:90:30 | ...! | semmle.label | ...! |
+| nsdata.swift:92:27:92:69 | call to init(base64Encoding:) :  | semmle.label | call to init(base64Encoding:) :  |
+| nsdata.swift:92:50:92:57 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:93:15:93:30 | ...! | semmle.label | ...! |
+| nsdata.swift:95:27:95:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 :  | semmle.label | nsDataTainted14 :  |
+| nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) | semmle.label | call to base64EncodedData(options:) |
+| nsdata.swift:97:15:97:15 | nsDataTainted14 :  | semmle.label | nsDataTainted14 :  |
+| nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) | semmle.label | call to base64EncodedData(options:) |
+| nsdata.swift:99:27:99:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 :  | semmle.label | nsDataTainted15 :  |
+| nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) | semmle.label | call to base64EncodedString(options:) |
+| nsdata.swift:101:15:101:15 | nsDataTainted15 :  | semmle.label | nsDataTainted15 :  |
+| nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) | semmle.label | call to base64EncodedString(options:) |
+| nsdata.swift:103:27:103:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:104:15:104:15 | nsDataTainted16 :  | semmle.label | nsDataTainted16 :  |
+| nsdata.swift:104:15:104:46 | call to base64Encoding() | semmle.label | call to base64Encoding() |
+| nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) :  | semmle.label | call to dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:106:15:106:71 | ...! | semmle.label | ...! |
+| nsdata.swift:106:51:106:58 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:108:27:108:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:109:5:109:5 | nsDataTainted17 :  | semmle.label | nsDataTainted17 :  |
+| nsdata.swift:110:9:110:9 | bytes :  | semmle.label | bytes :  |
+| nsdata.swift:110:45:110:45 | bytes | semmle.label | bytes |
+| nsdata.swift:113:27:113:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:115:5:115:5 | nsDataTainted18 :  | semmle.label | nsDataTainted18 :  |
+| nsdata.swift:115:30:115:30 | [post] bufferTainted18 :  | semmle.label | [post] bufferTainted18 :  |
+| nsdata.swift:116:15:116:15 | bufferTainted18 | semmle.label | bufferTainted18 |
+| nsdata.swift:118:27:118:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:120:5:120:5 | nsDataTainted19 :  | semmle.label | nsDataTainted19 :  |
+| nsdata.swift:120:30:120:30 | [post] bufferTainted19 :  | semmle.label | [post] bufferTainted19 :  |
+| nsdata.swift:121:15:121:15 | bufferTainted19 | semmle.label | bufferTainted19 |
+| nsdata.swift:123:27:123:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:125:5:125:5 | nsDataTainted20 :  | semmle.label | nsDataTainted20 :  |
+| nsdata.swift:125:30:125:30 | [post] bufferTainted20 :  | semmle.label | [post] bufferTainted20 :  |
+| nsdata.swift:126:15:126:15 | bufferTainted20 | semmle.label | bufferTainted20 |
+| nsdata.swift:128:27:128:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:129:15:129:15 | nsDataTainted21 :  | semmle.label | nsDataTainted21 :  |
+| nsdata.swift:129:15:129:54 | call to subdata(with:) | semmle.label | call to subdata(with:) |
+| nsdata.swift:131:27:131:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:132:15:132:15 | nsDataTainted22 :  | semmle.label | nsDataTainted22 :  |
+| nsdata.swift:132:15:132:81 | call to compressed(using:) | semmle.label | call to compressed(using:) |
+| nsdata.swift:134:27:134:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:135:15:135:15 | nsDataTainted23 :  | semmle.label | nsDataTainted23 :  |
+| nsdata.swift:135:15:135:83 | call to decompressed(using:) | semmle.label | call to decompressed(using:) |
+| nsdata.swift:138:27:138:34 | call to source() :  | semmle.label | call to source() :  |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 :  | semmle.label | nsDataTainted24 :  |
+| nsdata.swift:139:15:139:31 | .bytes | semmle.label | .bytes |
+| nsdata.swift:140:15:140:15 | nsDataTainted24 :  | semmle.label | nsDataTainted24 :  |
+| nsdata.swift:140:15:140:31 | .description | semmle.label | .description |
+| nsmutabledata.swift:13:9:13:9 | self :  | semmle.label | self :  |
+| nsmutabledata.swift:14:5:14:58 | [summary param] 0 in append(_:length:) :  | semmle.label | [summary param] 0 in append(_:length:) :  |
+| nsmutabledata.swift:15:5:15:33 | [summary param] 0 in append(_:) :  | semmle.label | [summary param] 0 in append(_:) :  |
+| nsmutabledata.swift:16:5:16:78 | [summary param] 1 in replaceBytes(in:withBytes:) :  | semmle.label | [summary param] 1 in replaceBytes(in:withBytes:) :  |
+| nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) :  | semmle.label | [summary param] 1 in replaceBytes(in:withBytes:length:) :  |
+| nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) :  | semmle.label | [summary param] 0 in setData(_:) :  |
+| nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 :  | semmle.label | [post] nsMutableDataTainted1 :  |
+| nsmutabledata.swift:28:34:28:41 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 | semmle.label | nsMutableDataTainted1 |
+| nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 :  | semmle.label | [post] nsMutableDataTainted2 :  |
+| nsmutabledata.swift:32:34:32:41 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 | semmle.label | nsMutableDataTainted2 |
+| nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 :  | semmle.label | [post] nsMutableDataTainted3 :  |
+| nsmutabledata.swift:36:66:36:73 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 | semmle.label | nsMutableDataTainted3 |
+| nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 :  | semmle.label | [post] nsMutableDataTainted4 :  |
+| nsmutabledata.swift:40:66:40:73 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 | semmle.label | nsMutableDataTainted4 |
+| nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 :  | semmle.label | [post] nsMutableDataTainted5 :  |
+| nsmutabledata.swift:44:35:44:42 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 | semmle.label | nsMutableDataTainted5 |
+| nsmutabledata.swift:48:33:48:40 | call to source() :  | semmle.label | call to source() :  |
+| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | semmle.label | nsMutableDataTainted6 :  |
+| nsmutabledata.swift:49:15:49:37 | .mutableBytes | semmle.label | .mutableBytes |
 | string.swift:5:11:5:18 | call to source() :  | semmle.label | call to source() :  |
 | string.swift:7:13:7:13 | "..." | semmle.label | "..." |
 | string.swift:9:13:9:13 | "..." | semmle.label | "..." |
@@ -285,6 +963,15 @@ nodes
 | string.swift:35:13:35:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
 | string.swift:36:13:36:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
 | string.swift:39:13:39:29 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| string.swift:74:17:74:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:85:13:85:21 | .description | semmle.label | .description |
+| string.swift:88:13:88:21 | .debugDescription | semmle.label | .debugDescription |
+| string.swift:121:17:121:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:122:24:122:32 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:123:31:123:39 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:126:13:126:13 | tainted | semmle.label | tainted |
+| string.swift:127:13:127:13 | taintedCString | semmle.label | taintedCString |
+| string.swift:128:13:128:13 | taintedUnicodeScalars | semmle.label | taintedUnicodeScalars |
 | subscript.swift:13:15:13:22 | call to source() :  | semmle.label | call to source() :  |
 | subscript.swift:13:15:13:25 | ...[...] | semmle.label | ...[...] |
 | subscript.swift:14:15:14:23 | call to source2() :  | semmle.label | call to source2() :  |
@@ -380,100 +1067,181 @@ nodes
 | url.swift:120:46:120:46 | urlTainted :  | semmle.label | urlTainted :  |
 | url.swift:120:61:120:61 | data :  | semmle.label | data :  |
 | url.swift:121:15:121:19 | ...! | semmle.label | ...! |
-| webview.swift:16:5:16:39 | [summary param] 0 in init(object:in:) :  | semmle.label | [summary param] 0 in init(object:in:) :  |
-| webview.swift:17:5:17:38 | [summary param] 0 in init(bool:in:) :  | semmle.label | [summary param] 0 in init(bool:in:) :  |
-| webview.swift:18:5:18:42 | [summary param] 0 in init(double:in:) :  | semmle.label | [summary param] 0 in init(double:in:) :  |
-| webview.swift:19:5:19:40 | [summary param] 0 in init(int32:in:) :  | semmle.label | [summary param] 0 in init(int32:in:) :  |
-| webview.swift:20:5:20:42 | [summary param] 0 in init(uInt32:in:) :  | semmle.label | [summary param] 0 in init(uInt32:in:) :  |
-| webview.swift:21:5:21:42 | [summary param] 0 in init(point:in:) :  | semmle.label | [summary param] 0 in init(point:in:) :  |
-| webview.swift:22:5:22:42 | [summary param] 0 in init(range:in:) :  | semmle.label | [summary param] 0 in init(range:in:) :  |
-| webview.swift:23:5:23:40 | [summary param] 0 in init(rect:in:) :  | semmle.label | [summary param] 0 in init(rect:in:) :  |
-| webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  | semmle.label | [summary param] 0 in init(size:in:) :  |
-| webview.swift:25:5:25:41 | [summary param] this in toObject() :  | semmle.label | [summary param] this in toObject() :  |
-| webview.swift:26:5:26:55 | [summary param] this in toObjectOf(_:) :  | semmle.label | [summary param] this in toObjectOf(_:) :  |
-| webview.swift:27:5:27:42 | [summary param] this in toBool() :  | semmle.label | [summary param] this in toBool() :  |
-| webview.swift:28:5:28:44 | [summary param] this in toDouble() :  | semmle.label | [summary param] this in toDouble() :  |
-| webview.swift:29:5:29:40 | [summary param] this in toInt32() :  | semmle.label | [summary param] this in toInt32() :  |
-| webview.swift:30:5:30:42 | [summary param] this in toUInt32() :  | semmle.label | [summary param] this in toUInt32() :  |
-| webview.swift:31:5:31:62 | [summary param] this in toNumber() :  | semmle.label | [summary param] this in toNumber() :  |
-| webview.swift:32:5:32:44 | [summary param] this in toString() :  | semmle.label | [summary param] this in toString() :  |
-| webview.swift:33:5:33:44 | [summary param] this in toDate() :  | semmle.label | [summary param] this in toDate() :  |
-| webview.swift:34:5:34:44 | [summary param] this in toArray() :  | semmle.label | [summary param] this in toArray() :  |
-| webview.swift:35:5:35:65 | [summary param] this in toDictionary() :  | semmle.label | [summary param] this in toDictionary() :  |
-| webview.swift:36:5:36:50 | [summary param] this in toPoint() :  | semmle.label | [summary param] this in toPoint() :  |
-| webview.swift:37:5:37:50 | [summary param] this in toRange() :  | semmle.label | [summary param] this in toRange() :  |
-| webview.swift:38:5:38:47 | [summary param] this in toRect() :  | semmle.label | [summary param] this in toRect() :  |
-| webview.swift:39:5:39:47 | [summary param] this in toSize() :  | semmle.label | [summary param] this in toSize() :  |
-| webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  | semmle.label | [summary param] this in atIndex(_:) :  |
-| webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | semmle.label | [summary param] 1 in defineProperty(_:descriptor:) :  |
-| webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  | semmle.label | [summary param] this in forProperty(_:) :  |
-| webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | semmle.label | [summary param] 0 in setValue(_:at:) :  |
-| webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | semmle.label | [summary param] 0 in setValue(_:forProperty:) :  |
-| webview.swift:52:10:52:41 | .body | semmle.label | .body |
-| webview.swift:52:11:52:18 | call to source() :  | semmle.label | call to source() :  |
-| webview.swift:56:13:56:20 | call to source() :  | semmle.label | call to source() :  |
-| webview.swift:59:10:59:10 | source :  | semmle.label | source :  |
-| webview.swift:59:10:59:26 | call to toObject() | semmle.label | call to toObject() |
-| webview.swift:60:10:60:10 | source :  | semmle.label | source :  |
-| webview.swift:60:10:60:41 | call to toObjectOf(_:) | semmle.label | call to toObjectOf(_:) |
-| webview.swift:61:10:61:10 | source :  | semmle.label | source :  |
-| webview.swift:61:10:61:24 | call to toBool() | semmle.label | call to toBool() |
-| webview.swift:62:10:62:10 | source :  | semmle.label | source :  |
-| webview.swift:62:10:62:26 | call to toDouble() | semmle.label | call to toDouble() |
-| webview.swift:63:10:63:10 | source :  | semmle.label | source :  |
-| webview.swift:63:10:63:25 | call to toInt32() | semmle.label | call to toInt32() |
-| webview.swift:64:10:64:10 | source :  | semmle.label | source :  |
-| webview.swift:64:10:64:26 | call to toUInt32() | semmle.label | call to toUInt32() |
-| webview.swift:65:10:65:10 | source :  | semmle.label | source :  |
-| webview.swift:65:10:65:26 | call to toNumber() | semmle.label | call to toNumber() |
-| webview.swift:66:10:66:10 | source :  | semmle.label | source :  |
-| webview.swift:66:10:66:26 | call to toString() | semmle.label | call to toString() |
-| webview.swift:67:10:67:10 | source :  | semmle.label | source :  |
-| webview.swift:67:10:67:24 | call to toDate() | semmle.label | call to toDate() |
-| webview.swift:68:10:68:10 | source :  | semmle.label | source :  |
-| webview.swift:68:10:68:25 | call to toArray() | semmle.label | call to toArray() |
-| webview.swift:69:10:69:10 | source :  | semmle.label | source :  |
-| webview.swift:69:10:69:30 | call to toDictionary() | semmle.label | call to toDictionary() |
-| webview.swift:70:10:70:10 | source :  | semmle.label | source :  |
-| webview.swift:70:10:70:25 | call to toPoint() | semmle.label | call to toPoint() |
-| webview.swift:71:10:71:10 | source :  | semmle.label | source :  |
-| webview.swift:71:10:71:25 | call to toRange() | semmle.label | call to toRange() |
-| webview.swift:72:10:72:10 | source :  | semmle.label | source :  |
-| webview.swift:72:10:72:24 | call to toRect() | semmle.label | call to toRect() |
-| webview.swift:73:10:73:10 | source :  | semmle.label | source :  |
-| webview.swift:73:10:73:24 | call to toSize() | semmle.label | call to toSize() |
-| webview.swift:74:10:74:10 | source :  | semmle.label | source :  |
-| webview.swift:74:10:74:26 | call to atIndex(_:) | semmle.label | call to atIndex(_:) |
-| webview.swift:75:10:75:10 | source :  | semmle.label | source :  |
-| webview.swift:75:10:75:31 | call to forProperty(_:) | semmle.label | call to forProperty(_:) |
-| webview.swift:78:10:78:47 | call to init(object:in:) | semmle.label | call to init(object:in:) |
-| webview.swift:78:26:78:26 | s :  | semmle.label | s :  |
-| webview.swift:79:10:79:47 | call to init(bool:in:) | semmle.label | call to init(bool:in:) |
-| webview.swift:79:24:79:24 | s :  | semmle.label | s :  |
-| webview.swift:80:10:80:51 | call to init(double:in:) | semmle.label | call to init(double:in:) |
-| webview.swift:80:26:80:26 | s :  | semmle.label | s :  |
-| webview.swift:81:10:81:49 | call to init(int32:in:) | semmle.label | call to init(int32:in:) |
-| webview.swift:81:25:81:25 | s :  | semmle.label | s :  |
-| webview.swift:82:10:82:51 | call to init(uInt32:in:) | semmle.label | call to init(uInt32:in:) |
-| webview.swift:82:26:82:26 | s :  | semmle.label | s :  |
-| webview.swift:83:10:83:51 | call to init(point:in:) | semmle.label | call to init(point:in:) |
-| webview.swift:83:25:83:25 | s :  | semmle.label | s :  |
-| webview.swift:84:10:84:51 | call to init(range:in:) | semmle.label | call to init(range:in:) |
-| webview.swift:84:25:84:25 | s :  | semmle.label | s :  |
-| webview.swift:85:10:85:49 | call to init(rect:in:) | semmle.label | call to init(rect:in:) |
-| webview.swift:85:24:85:24 | s :  | semmle.label | s :  |
-| webview.swift:86:10:86:49 | call to init(size:in:) | semmle.label | call to init(size:in:) |
-| webview.swift:86:24:86:24 | s :  | semmle.label | s :  |
-| webview.swift:89:5:89:5 | [post] v1 :  | semmle.label | [post] v1 :  |
-| webview.swift:89:39:89:39 | s :  | semmle.label | s :  |
-| webview.swift:90:10:90:10 | v1 | semmle.label | v1 |
-| webview.swift:93:5:93:5 | [post] v2 :  | semmle.label | [post] v2 :  |
-| webview.swift:93:17:93:17 | s :  | semmle.label | s :  |
-| webview.swift:94:10:94:10 | v2 | semmle.label | v2 |
-| webview.swift:97:5:97:5 | [post] v3 :  | semmle.label | [post] v3 :  |
-| webview.swift:97:17:97:17 | s :  | semmle.label | s :  |
-| webview.swift:98:10:98:10 | v3 | semmle.label | v3 |
+| webview.swift:27:5:27:39 | [summary param] 0 in init(object:in:) :  | semmle.label | [summary param] 0 in init(object:in:) :  |
+| webview.swift:28:5:28:38 | [summary param] 0 in init(bool:in:) :  | semmle.label | [summary param] 0 in init(bool:in:) :  |
+| webview.swift:29:5:29:42 | [summary param] 0 in init(double:in:) :  | semmle.label | [summary param] 0 in init(double:in:) :  |
+| webview.swift:30:5:30:40 | [summary param] 0 in init(int32:in:) :  | semmle.label | [summary param] 0 in init(int32:in:) :  |
+| webview.swift:31:5:31:42 | [summary param] 0 in init(uInt32:in:) :  | semmle.label | [summary param] 0 in init(uInt32:in:) :  |
+| webview.swift:32:5:32:42 | [summary param] 0 in init(point:in:) :  | semmle.label | [summary param] 0 in init(point:in:) :  |
+| webview.swift:33:5:33:42 | [summary param] 0 in init(range:in:) :  | semmle.label | [summary param] 0 in init(range:in:) :  |
+| webview.swift:34:5:34:40 | [summary param] 0 in init(rect:in:) :  | semmle.label | [summary param] 0 in init(rect:in:) :  |
+| webview.swift:35:5:35:40 | [summary param] 0 in init(size:in:) :  | semmle.label | [summary param] 0 in init(size:in:) :  |
+| webview.swift:36:5:36:41 | [summary param] this in toObject() :  | semmle.label | [summary param] this in toObject() :  |
+| webview.swift:37:5:37:55 | [summary param] this in toObjectOf(_:) :  | semmle.label | [summary param] this in toObjectOf(_:) :  |
+| webview.swift:38:5:38:42 | [summary param] this in toBool() :  | semmle.label | [summary param] this in toBool() :  |
+| webview.swift:39:5:39:44 | [summary param] this in toDouble() :  | semmle.label | [summary param] this in toDouble() :  |
+| webview.swift:40:5:40:40 | [summary param] this in toInt32() :  | semmle.label | [summary param] this in toInt32() :  |
+| webview.swift:41:5:41:42 | [summary param] this in toUInt32() :  | semmle.label | [summary param] this in toUInt32() :  |
+| webview.swift:42:5:42:62 | [summary param] this in toNumber() :  | semmle.label | [summary param] this in toNumber() :  |
+| webview.swift:43:5:43:44 | [summary param] this in toString() :  | semmle.label | [summary param] this in toString() :  |
+| webview.swift:44:5:44:44 | [summary param] this in toDate() :  | semmle.label | [summary param] this in toDate() :  |
+| webview.swift:45:5:45:44 | [summary param] this in toArray() :  | semmle.label | [summary param] this in toArray() :  |
+| webview.swift:46:5:46:65 | [summary param] this in toDictionary() :  | semmle.label | [summary param] this in toDictionary() :  |
+| webview.swift:47:5:47:50 | [summary param] this in toPoint() :  | semmle.label | [summary param] this in toPoint() :  |
+| webview.swift:48:5:48:50 | [summary param] this in toRange() :  | semmle.label | [summary param] this in toRange() :  |
+| webview.swift:49:5:49:47 | [summary param] this in toRect() :  | semmle.label | [summary param] this in toRect() :  |
+| webview.swift:50:5:50:47 | [summary param] this in toSize() :  | semmle.label | [summary param] this in toSize() :  |
+| webview.swift:51:5:51:84 | [summary param] this in atIndex(_:) :  | semmle.label | [summary param] this in atIndex(_:) :  |
+| webview.swift:52:5:52:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | semmle.label | [summary param] 1 in defineProperty(_:descriptor:) :  |
+| webview.swift:53:5:53:89 | [summary param] this in forProperty(_:) :  | semmle.label | [summary param] this in forProperty(_:) :  |
+| webview.swift:54:5:54:38 | [summary param] 0 in setValue(_:at:) :  | semmle.label | [summary param] 0 in setValue(_:at:) :  |
+| webview.swift:55:5:55:48 | [summary param] 0 in setValue(_:forProperty:) :  | semmle.label | [summary param] 0 in setValue(_:forProperty:) :  |
+| webview.swift:65:5:65:93 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:66:5:66:126 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| webview.swift:77:10:77:41 | .body | semmle.label | .body |
+| webview.swift:77:11:77:18 | call to source() :  | semmle.label | call to source() :  |
+| webview.swift:81:13:81:20 | call to source() :  | semmle.label | call to source() :  |
+| webview.swift:84:10:84:10 | source :  | semmle.label | source :  |
+| webview.swift:84:10:84:26 | call to toObject() | semmle.label | call to toObject() |
+| webview.swift:85:10:85:10 | source :  | semmle.label | source :  |
+| webview.swift:85:10:85:41 | call to toObjectOf(_:) | semmle.label | call to toObjectOf(_:) |
+| webview.swift:86:10:86:10 | source :  | semmle.label | source :  |
+| webview.swift:86:10:86:24 | call to toBool() | semmle.label | call to toBool() |
+| webview.swift:87:10:87:10 | source :  | semmle.label | source :  |
+| webview.swift:87:10:87:26 | call to toDouble() | semmle.label | call to toDouble() |
+| webview.swift:88:10:88:10 | source :  | semmle.label | source :  |
+| webview.swift:88:10:88:25 | call to toInt32() | semmle.label | call to toInt32() |
+| webview.swift:89:10:89:10 | source :  | semmle.label | source :  |
+| webview.swift:89:10:89:26 | call to toUInt32() | semmle.label | call to toUInt32() |
+| webview.swift:90:10:90:10 | source :  | semmle.label | source :  |
+| webview.swift:90:10:90:26 | call to toNumber() | semmle.label | call to toNumber() |
+| webview.swift:91:10:91:10 | source :  | semmle.label | source :  |
+| webview.swift:91:10:91:26 | call to toString() | semmle.label | call to toString() |
+| webview.swift:92:10:92:10 | source :  | semmle.label | source :  |
+| webview.swift:92:10:92:24 | call to toDate() | semmle.label | call to toDate() |
+| webview.swift:93:10:93:10 | source :  | semmle.label | source :  |
+| webview.swift:93:10:93:25 | call to toArray() | semmle.label | call to toArray() |
+| webview.swift:94:10:94:10 | source :  | semmle.label | source :  |
+| webview.swift:94:10:94:30 | call to toDictionary() | semmle.label | call to toDictionary() |
+| webview.swift:95:10:95:10 | source :  | semmle.label | source :  |
+| webview.swift:95:10:95:25 | call to toPoint() | semmle.label | call to toPoint() |
+| webview.swift:96:10:96:10 | source :  | semmle.label | source :  |
+| webview.swift:96:10:96:25 | call to toRange() | semmle.label | call to toRange() |
+| webview.swift:97:10:97:10 | source :  | semmle.label | source :  |
+| webview.swift:97:10:97:24 | call to toRect() | semmle.label | call to toRect() |
+| webview.swift:98:10:98:10 | source :  | semmle.label | source :  |
+| webview.swift:98:10:98:24 | call to toSize() | semmle.label | call to toSize() |
+| webview.swift:99:10:99:10 | source :  | semmle.label | source :  |
+| webview.swift:99:10:99:26 | call to atIndex(_:) | semmle.label | call to atIndex(_:) |
+| webview.swift:100:10:100:10 | source :  | semmle.label | source :  |
+| webview.swift:100:10:100:31 | call to forProperty(_:) | semmle.label | call to forProperty(_:) |
+| webview.swift:103:10:103:47 | call to init(object:in:) | semmle.label | call to init(object:in:) |
+| webview.swift:103:26:103:26 | s :  | semmle.label | s :  |
+| webview.swift:104:10:104:47 | call to init(bool:in:) | semmle.label | call to init(bool:in:) |
+| webview.swift:104:24:104:24 | s :  | semmle.label | s :  |
+| webview.swift:105:10:105:51 | call to init(double:in:) | semmle.label | call to init(double:in:) |
+| webview.swift:105:26:105:26 | s :  | semmle.label | s :  |
+| webview.swift:106:10:106:49 | call to init(int32:in:) | semmle.label | call to init(int32:in:) |
+| webview.swift:106:25:106:25 | s :  | semmle.label | s :  |
+| webview.swift:107:10:107:51 | call to init(uInt32:in:) | semmle.label | call to init(uInt32:in:) |
+| webview.swift:107:26:107:26 | s :  | semmle.label | s :  |
+| webview.swift:108:10:108:51 | call to init(point:in:) | semmle.label | call to init(point:in:) |
+| webview.swift:108:25:108:25 | s :  | semmle.label | s :  |
+| webview.swift:109:10:109:51 | call to init(range:in:) | semmle.label | call to init(range:in:) |
+| webview.swift:109:25:109:25 | s :  | semmle.label | s :  |
+| webview.swift:110:10:110:49 | call to init(rect:in:) | semmle.label | call to init(rect:in:) |
+| webview.swift:110:24:110:24 | s :  | semmle.label | s :  |
+| webview.swift:111:10:111:49 | call to init(size:in:) | semmle.label | call to init(size:in:) |
+| webview.swift:111:24:111:24 | s :  | semmle.label | s :  |
+| webview.swift:114:5:114:5 | [post] v1 :  | semmle.label | [post] v1 :  |
+| webview.swift:114:39:114:39 | s :  | semmle.label | s :  |
+| webview.swift:115:10:115:10 | v1 | semmle.label | v1 |
+| webview.swift:118:5:118:5 | [post] v2 :  | semmle.label | [post] v2 :  |
+| webview.swift:118:17:118:17 | s :  | semmle.label | s :  |
+| webview.swift:119:10:119:10 | v2 | semmle.label | v2 |
+| webview.swift:122:5:122:5 | [post] v3 :  | semmle.label | [post] v3 :  |
+| webview.swift:122:17:122:17 | s :  | semmle.label | s :  |
+| webview.swift:123:10:123:10 | v3 | semmle.label | v3 |
+| webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | call to init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:132:34:132:41 | call to source() :  | semmle.label | call to source() :  |
+| webview.swift:133:10:133:10 | b | semmle.label | b |
+| webview.swift:134:10:134:12 | .source | semmle.label | .source |
+| webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | call to init(source:injectionTime:forMainFrameOnly:in:) :  |
+| webview.swift:137:34:137:41 | call to source() :  | semmle.label | call to source() :  |
+| webview.swift:138:10:138:10 | c | semmle.label | c |
+| webview.swift:139:10:139:12 | .source | semmle.label | .source |
 subpaths
+| data.swift:81:25:81:47 | .utf8 :  | data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | data.swift:81:20:81:51 | call to init(_:) :  |
+| data.swift:82:26:82:26 | dataTainted :  | data.swift:24:5:24:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | data.swift:82:21:82:37 | call to init(_:) :  |
+| data.swift:89:41:89:48 | call to source() :  | data.swift:25:2:25:66 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | data.swift:89:21:89:71 | call to init(base64Encoded:options:) :  |
+| data.swift:93:34:93:41 | call to source() :  | data.swift:26:2:26:61 | [summary param] 0 in init(buffer:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  | data.swift:93:21:93:73 | call to init(buffer:) :  |
+| data.swift:95:34:95:41 | call to source() :  | data.swift:27:2:27:62 | [summary param] 0 in init(buffer:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(buffer:) :  | data.swift:95:21:95:74 | call to init(buffer:) :  |
+| data.swift:99:33:99:40 | call to source() :  | data.swift:28:2:28:45 | [summary param] 0 in init(bytes:count:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:count:) :  | data.swift:99:21:99:72 | call to init(bytes:count:) :  |
+| data.swift:103:39:103:46 | call to source() :  | data.swift:29:2:29:82 | [summary param] 0 in init(bytesNoCopy:count:deallocator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:count:deallocator:) :  | data.swift:103:21:103:114 | call to init(bytesNoCopy:count:deallocator:) :  |
+| data.swift:108:38:108:38 | urlTainted8 :  | data.swift:30:2:30:50 | [summary param] 0 in init(contentsOf:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  | data.swift:108:21:108:62 | call to init(contentsOf:options:) :  |
+| data.swift:112:39:112:46 | call to source() :  | data.swift:31:2:31:29 | [summary param] 0 in init(referencing:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(referencing:) :  | data.swift:112:21:112:58 | call to init(referencing:) :  |
+| data.swift:117:23:117:30 | call to source() :  | data.swift:32:2:32:24 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | data.swift:117:2:117:2 | [post] dataTainted10 :  |
+| data.swift:121:23:121:30 | call to source() :  | data.swift:33:2:33:25 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | data.swift:121:2:121:2 | [post] dataTainted11 :  |
+| data.swift:125:23:125:30 | call to source() :  | data.swift:34:2:34:63 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | data.swift:125:2:125:2 | [post] dataTainted12 :  |
+| data.swift:130:23:130:30 | call to source() :  | data.swift:35:2:35:52 | [summary param] 0 in append(_:count:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:count:) :  | data.swift:130:2:130:2 | [post] dataTainted13 :  |
+| data.swift:135:35:135:42 | call to source() :  | data.swift:36:2:36:36 | [summary param] 0 in append(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  | data.swift:135:2:135:2 | [post] dataTainted14 :  |
+| data.swift:140:12:140:12 | dataTainted15 :  | data.swift:38:2:38:88 | [summary param] this in base64EncodedData(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | data.swift:140:12:140:55 | call to base64EncodedData(options:) |
+| data.swift:144:12:144:12 | dataTainted16 :  | data.swift:39:2:39:86 | [summary param] this in base64EncodedString(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | data.swift:144:12:144:57 | call to base64EncodedString(options:) |
+| data.swift:148:29:148:29 | dataTainted17 :  | data.swift:40:2:40:99 | [summary param] this in compactMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in compactMap(_:) :  | data.swift:148:29:148:72 | call to compactMap(_:) :  |
+| data.swift:154:2:154:2 | dataTainted18 :  | data.swift:41:2:41:53 | [summary param] this in copyBytes(to:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) :  | data.swift:154:30:154:30 | [post] pointerTainted18 :  |
+| data.swift:171:19:171:19 | dataTainted21 :  | data.swift:44:2:44:137 | [summary param] this in flatMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | data.swift:171:19:171:74 | call to flatMap(_:) :  |
+| data.swift:175:20:175:20 | dataTainted22 :  | data.swift:45:2:45:97 | [summary param] this in flatMap(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | data.swift:175:20:175:60 | call to flatMap(_:) :  |
+| data.swift:180:23:180:30 | call to source() :  | data.swift:46:2:46:34 | [summary param] 0 in insert(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(_:at:) :  | data.swift:180:2:180:2 | [post] dataTainted23 :  |
+| data.swift:185:35:185:42 | call to source() :  | data.swift:47:2:47:83 | [summary param] 0 in insert(contentsOf:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  | data.swift:185:2:185:2 | [post] dataTainted24 :  |
+| data.swift:190:15:190:15 | dataTainted25 :  | data.swift:48:2:48:50 | [summary param] this in map(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in map(_:) :  | data.swift:190:15:190:38 | call to map(_:) :  |
+| data.swift:195:16:195:16 | dataTainted26 :  | data.swift:49:2:49:115 | [summary param] this in reduce(into:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in reduce(into:_:) :  | data.swift:195:16:195:80 | call to reduce(into:_:) :  |
+| data.swift:200:35:200:42 | call to source() :  | data.swift:50:2:50:180 | [summary param] 1 in replace(_:with:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replace(_:with:maxReplacements:) :  | data.swift:200:2:200:2 | [post] dataTainted27 :  |
+| data.swift:205:45:205:52 | call to source() :  | data.swift:51:2:51:58 | [summary param] 1 in replaceSubrange(_:with:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  | data.swift:205:2:205:2 | [post] dataTainted28 :  |
+| data.swift:209:45:209:52 | call to source() :  | data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  | data.swift:209:2:209:2 | [post] dataTainted29 :  |
+| data.swift:213:45:213:52 | call to source() :  | data.swift:52:2:52:151 | [summary param] 1 in replaceSubrange(_:with:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:) :  | data.swift:213:2:213:2 | [post] dataTainted30 :  |
+| data.swift:218:45:218:52 | call to source() :  | data.swift:54:2:54:82 | [summary param] 1 in replaceSubrange(_:with:count:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:count:) :  | data.swift:218:2:218:2 | [post] dataTainted31 :  |
+| data.swift:223:45:223:52 | call to source() :  | data.swift:56:2:56:214 | [summary param] 1 in replacing(_:with:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:maxReplacements:) :  | data.swift:223:10:223:10 | [post] dataTainted32 :  |
+| data.swift:228:45:228:52 | call to source() :  | data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:subrange:maxReplacements:) :  | data.swift:228:10:228:10 | [post] dataTainted33 :  |
+| data.swift:237:12:237:12 | dataTainted35 :  | data.swift:58:2:58:39 | [summary param] this in sorted() :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  | data.swift:237:12:237:33 | call to sorted() |
+| data.swift:241:12:241:12 | dataTainted36 :  | data.swift:59:2:59:81 | [summary param] this in sorted(by:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  | data.swift:241:12:241:54 | call to sorted(by:) |
+| data.swift:245:12:245:12 | dataTainted37 :  | data.swift:60:2:60:132 | [summary param] this in sorted(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  | data.swift:245:12:245:46 | call to sorted(using:) |
+| data.swift:249:12:249:12 | dataTainted38 :  | data.swift:61:2:61:41 | [summary param] this in shuffled() :  | file://:0:0:0:0 | [summary] to write: return (return) in shuffled() :  | data.swift:249:12:249:35 | call to shuffled() |
+| data.swift:254:12:254:12 | dataTainted39 :  | data.swift:62:2:62:58 | [summary param] this in shuffled(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in shuffled(using:) :  | data.swift:254:12:254:46 | call to shuffled(using:) |
+| data.swift:258:12:258:12 | dataTainted40 :  | data.swift:63:2:63:123 | [summary param] this in trimmingPrefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(_:) :  | data.swift:258:12:258:44 | call to trimmingPrefix(_:) |
+| data.swift:262:12:262:12 | dataTainted41 :  | data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(while:) :  | data.swift:262:12:262:54 | call to trimmingPrefix(while:) |
+| nsdata.swift:57:40:57:47 | call to source() :  | nsdata.swift:24:5:24:50 | [summary param] 0 in init(bytes:length:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytes:length:) :  | nsdata.swift:57:26:57:80 | call to init(bytes:length:) :  |
+| nsdata.swift:60:46:60:53 | call to source() :  | nsdata.swift:25:5:25:68 | [summary param] 0 in init(bytesNoCopy:length:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:) :  | nsdata.swift:60:26:60:93 | call to init(bytesNoCopy:length:) :  |
+| nsdata.swift:63:46:63:53 | call to source() :  | nsdata.swift:26:5:26:130 | [summary param] 0 in init(bytesNoCopy:length:deallocator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:deallocator:) :  | nsdata.swift:63:26:63:111 | call to init(bytesNoCopy:length:deallocator:) :  |
+| nsdata.swift:66:46:66:53 | call to source() :  | nsdata.swift:27:5:27:90 | [summary param] 0 in init(bytesNoCopy:length:freeWhenDone:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bytesNoCopy:length:freeWhenDone:) :  | nsdata.swift:66:26:66:113 | call to init(bytesNoCopy:length:freeWhenDone:) :  |
+| nsdata.swift:69:39:69:46 | call to source() :  | nsdata.swift:28:5:28:23 | [summary param] 0 in init(data:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(data:) :  | nsdata.swift:69:26:69:56 | call to init(data:) :  |
+| nsdata.swift:72:49:72:56 | call to source() :  | nsdata.swift:29:5:29:36 | [summary param] 0 in init(contentsOfFile:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:) :  | nsdata.swift:72:26:72:68 | call to init(contentsOfFile:) :  |
+| nsdata.swift:75:49:75:56 | call to source() :  | nsdata.swift:30:5:30:93 | [summary param] 0 in init(contentsOfFile:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfFile:options:) :  | nsdata.swift:75:26:75:81 | call to init(contentsOfFile:options:) :  |
+| nsdata.swift:78:45:78:52 | call to source() :  | nsdata.swift:31:5:31:29 | [summary param] 0 in init(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:) :  | nsdata.swift:78:26:78:61 | call to init(contentsOf:) :  |
+| nsdata.swift:81:45:81:52 | call to source() :  | nsdata.swift:32:5:32:61 | [summary param] 0 in init(contentsOf:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOf:options:) :  | nsdata.swift:81:26:81:74 | call to init(contentsOf:options:) :  |
+| nsdata.swift:84:56:84:63 | call to source() :  | nsdata.swift:33:5:33:47 | [summary param] 0 in init(contentsOfMappedFile:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(contentsOfMappedFile:) :  | nsdata.swift:84:27:84:75 | call to init(contentsOfMappedFile:) :  |
+| nsdata.swift:87:49:87:56 | call to source() :  | nsdata.swift:34:5:34:88 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | nsdata.swift:87:27:87:79 | call to init(base64Encoded:options:) :  |
+| nsdata.swift:89:49:89:56 | call to source() :  | nsdata.swift:35:5:35:92 | [summary param] 0 in init(base64Encoded:options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoded:options:) :  | nsdata.swift:89:27:89:81 | call to init(base64Encoded:options:) :  |
+| nsdata.swift:92:50:92:57 | call to source() :  | nsdata.swift:36:5:36:49 | [summary param] 0 in init(base64Encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(base64Encoding:) :  | nsdata.swift:92:27:92:69 | call to init(base64Encoding:) :  |
+| nsdata.swift:96:15:96:15 | nsDataTainted14 :  | nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) |
+| nsdata.swift:97:15:97:15 | nsDataTainted14 :  | nsdata.swift:37:5:37:98 | [summary param] this in base64EncodedData(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) |
+| nsdata.swift:100:15:100:15 | nsDataTainted15 :  | nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) |
+| nsdata.swift:101:15:101:15 | nsDataTainted15 :  | nsdata.swift:38:5:38:96 | [summary param] this in base64EncodedString(options:) :  | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) |
+| nsdata.swift:104:15:104:15 | nsDataTainted16 :  | nsdata.swift:39:5:39:49 | [summary param] this in base64Encoding() :  | file://:0:0:0:0 | [summary] to write: return (return) in base64Encoding() :  | nsdata.swift:104:15:104:46 | call to base64Encoding() |
+| nsdata.swift:106:51:106:58 | call to source() :  | nsdata.swift:40:5:40:82 | [summary param] 0 in dataWithContentsOfMappedFile(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  | nsdata.swift:106:15:106:70 | call to dataWithContentsOfMappedFile(_:) :  |
+| nsdata.swift:115:5:115:5 | nsDataTainted18 :  | nsdata.swift:42:5:42:55 | [summary param] this in getBytes(_:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) :  | nsdata.swift:115:30:115:30 | [post] bufferTainted18 :  |
+| nsdata.swift:120:5:120:5 | nsDataTainted19 :  | nsdata.swift:43:5:43:68 | [summary param] this in getBytes(_:length:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:length:) :  | nsdata.swift:120:30:120:30 | [post] bufferTainted19 :  |
+| nsdata.swift:125:5:125:5 | nsDataTainted20 :  | nsdata.swift:44:5:44:71 | [summary param] this in getBytes(_:range:) :  | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:range:) :  | nsdata.swift:125:30:125:30 | [post] bufferTainted20 :  |
+| nsdata.swift:129:15:129:15 | nsDataTainted21 :  | nsdata.swift:45:5:45:65 | [summary param] this in subdata(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in subdata(with:) :  | nsdata.swift:129:15:129:54 | call to subdata(with:) |
+| nsdata.swift:132:15:132:15 | nsDataTainted22 :  | nsdata.swift:46:5:46:89 | [summary param] this in compressed(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in compressed(using:) :  | nsdata.swift:132:15:132:81 | call to compressed(using:) |
+| nsdata.swift:135:15:135:15 | nsDataTainted23 :  | nsdata.swift:47:5:47:91 | [summary param] this in decompressed(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in decompressed(using:) :  | nsdata.swift:135:15:135:83 | call to decompressed(using:) |
+| nsdata.swift:139:15:139:15 | nsDataTainted24 :  | nsdata.swift:22:9:22:9 | self :  | file://:0:0:0:0 | .bytes :  | nsdata.swift:139:15:139:31 | .bytes |
+| nsdata.swift:140:15:140:15 | nsDataTainted24 :  | nsdata.swift:23:9:23:9 | self :  | file://:0:0:0:0 | .description :  | nsdata.swift:140:15:140:31 | .description |
+| nsmutabledata.swift:28:34:28:41 | call to source() :  | nsmutabledata.swift:14:5:14:58 | [summary param] 0 in append(_:length:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:length:) :  | nsmutabledata.swift:28:5:28:5 | [post] nsMutableDataTainted1 :  |
+| nsmutabledata.swift:32:34:32:41 | call to source() :  | nsmutabledata.swift:15:5:15:33 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | nsmutabledata.swift:32:5:32:5 | [post] nsMutableDataTainted2 :  |
+| nsmutabledata.swift:36:66:36:73 | call to source() :  | nsmutabledata.swift:16:5:16:78 | [summary param] 1 in replaceBytes(in:withBytes:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:) :  | nsmutabledata.swift:36:5:36:5 | [post] nsMutableDataTainted3 :  |
+| nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  | nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 :  |
+| nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in setData(_:) :  | nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 :  |
+| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:13:9:13:9 | self :  | file://:0:0:0:0 | .mutableBytes :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
 | url.swift:59:31:59:31 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:59:19:59:38 | call to init(string:) :  |
 | url.swift:83:24:83:24 | tainted :  | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:83:12:83:48 | call to init(string:relativeTo:) :  |
 | url.swift:86:43:86:43 | urlTainted :  | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:86:12:86:53 | call to init(string:relativeTo:) :  |
@@ -494,36 +1262,110 @@ subpaths
 | url.swift:101:46:101:46 | urlTainted :  | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:101:15:101:56 | call to init(string:relativeTo:) :  |
 | url.swift:102:46:102:46 | urlTainted :  | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:102:15:102:56 | call to init(string:relativeTo:) :  |
 | url.swift:117:28:117:28 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:117:16:117:35 | call to init(string:) :  |
-| webview.swift:59:10:59:10 | source :  | webview.swift:25:5:25:41 | [summary param] this in toObject() :  | file://:0:0:0:0 | [summary] to write: return (return) in toObject() :  | webview.swift:59:10:59:26 | call to toObject() |
-| webview.swift:60:10:60:10 | source :  | webview.swift:26:5:26:55 | [summary param] this in toObjectOf(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in toObjectOf(_:) :  | webview.swift:60:10:60:41 | call to toObjectOf(_:) |
-| webview.swift:61:10:61:10 | source :  | webview.swift:27:5:27:42 | [summary param] this in toBool() :  | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  | webview.swift:61:10:61:24 | call to toBool() |
-| webview.swift:62:10:62:10 | source :  | webview.swift:28:5:28:44 | [summary param] this in toDouble() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDouble() :  | webview.swift:62:10:62:26 | call to toDouble() |
-| webview.swift:63:10:63:10 | source :  | webview.swift:29:5:29:40 | [summary param] this in toInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toInt32() :  | webview.swift:63:10:63:25 | call to toInt32() |
-| webview.swift:64:10:64:10 | source :  | webview.swift:30:5:30:42 | [summary param] this in toUInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  | webview.swift:64:10:64:26 | call to toUInt32() |
-| webview.swift:65:10:65:10 | source :  | webview.swift:31:5:31:62 | [summary param] this in toNumber() :  | file://:0:0:0:0 | [summary] to write: return (return) in toNumber() :  | webview.swift:65:10:65:26 | call to toNumber() |
-| webview.swift:66:10:66:10 | source :  | webview.swift:32:5:32:44 | [summary param] this in toString() :  | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  | webview.swift:66:10:66:26 | call to toString() |
-| webview.swift:67:10:67:10 | source :  | webview.swift:33:5:33:44 | [summary param] this in toDate() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  | webview.swift:67:10:67:24 | call to toDate() |
-| webview.swift:68:10:68:10 | source :  | webview.swift:34:5:34:44 | [summary param] this in toArray() :  | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  | webview.swift:68:10:68:25 | call to toArray() |
-| webview.swift:69:10:69:10 | source :  | webview.swift:35:5:35:65 | [summary param] this in toDictionary() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDictionary() :  | webview.swift:69:10:69:30 | call to toDictionary() |
-| webview.swift:70:10:70:10 | source :  | webview.swift:36:5:36:50 | [summary param] this in toPoint() :  | file://:0:0:0:0 | [summary] to write: return (return) in toPoint() :  | webview.swift:70:10:70:25 | call to toPoint() |
-| webview.swift:71:10:71:10 | source :  | webview.swift:37:5:37:50 | [summary param] this in toRange() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRange() :  | webview.swift:71:10:71:25 | call to toRange() |
-| webview.swift:72:10:72:10 | source :  | webview.swift:38:5:38:47 | [summary param] this in toRect() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRect() :  | webview.swift:72:10:72:24 | call to toRect() |
-| webview.swift:73:10:73:10 | source :  | webview.swift:39:5:39:47 | [summary param] this in toSize() :  | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  | webview.swift:73:10:73:24 | call to toSize() |
-| webview.swift:74:10:74:10 | source :  | webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  | webview.swift:74:10:74:26 | call to atIndex(_:) |
-| webview.swift:75:10:75:10 | source :  | webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  | webview.swift:75:10:75:31 | call to forProperty(_:) |
-| webview.swift:78:26:78:26 | s :  | webview.swift:16:5:16:39 | [summary param] 0 in init(object:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(object:in:) :  | webview.swift:78:10:78:47 | call to init(object:in:) |
-| webview.swift:79:24:79:24 | s :  | webview.swift:17:5:17:38 | [summary param] 0 in init(bool:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  | webview.swift:79:10:79:47 | call to init(bool:in:) |
-| webview.swift:80:26:80:26 | s :  | webview.swift:18:5:18:42 | [summary param] 0 in init(double:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(double:in:) :  | webview.swift:80:10:80:51 | call to init(double:in:) |
-| webview.swift:81:25:81:25 | s :  | webview.swift:19:5:19:40 | [summary param] 0 in init(int32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(int32:in:) :  | webview.swift:81:10:81:49 | call to init(int32:in:) |
-| webview.swift:82:26:82:26 | s :  | webview.swift:20:5:20:42 | [summary param] 0 in init(uInt32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(uInt32:in:) :  | webview.swift:82:10:82:51 | call to init(uInt32:in:) |
-| webview.swift:83:25:83:25 | s :  | webview.swift:21:5:21:42 | [summary param] 0 in init(point:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(point:in:) :  | webview.swift:83:10:83:51 | call to init(point:in:) |
-| webview.swift:84:25:84:25 | s :  | webview.swift:22:5:22:42 | [summary param] 0 in init(range:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  | webview.swift:84:10:84:51 | call to init(range:in:) |
-| webview.swift:85:24:85:24 | s :  | webview.swift:23:5:23:40 | [summary param] 0 in init(rect:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  | webview.swift:85:10:85:49 | call to init(rect:in:) |
-| webview.swift:86:24:86:24 | s :  | webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  | webview.swift:86:10:86:49 | call to init(size:in:) |
-| webview.swift:89:39:89:39 | s :  | webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | webview.swift:89:5:89:5 | [post] v1 :  |
-| webview.swift:93:17:93:17 | s :  | webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | webview.swift:93:5:93:5 | [post] v2 :  |
-| webview.swift:97:17:97:17 | s :  | webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | webview.swift:97:5:97:5 | [post] v3 :  |
+| webview.swift:84:10:84:10 | source :  | webview.swift:36:5:36:41 | [summary param] this in toObject() :  | file://:0:0:0:0 | [summary] to write: return (return) in toObject() :  | webview.swift:84:10:84:26 | call to toObject() |
+| webview.swift:85:10:85:10 | source :  | webview.swift:37:5:37:55 | [summary param] this in toObjectOf(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in toObjectOf(_:) :  | webview.swift:85:10:85:41 | call to toObjectOf(_:) |
+| webview.swift:86:10:86:10 | source :  | webview.swift:38:5:38:42 | [summary param] this in toBool() :  | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  | webview.swift:86:10:86:24 | call to toBool() |
+| webview.swift:87:10:87:10 | source :  | webview.swift:39:5:39:44 | [summary param] this in toDouble() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDouble() :  | webview.swift:87:10:87:26 | call to toDouble() |
+| webview.swift:88:10:88:10 | source :  | webview.swift:40:5:40:40 | [summary param] this in toInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toInt32() :  | webview.swift:88:10:88:25 | call to toInt32() |
+| webview.swift:89:10:89:10 | source :  | webview.swift:41:5:41:42 | [summary param] this in toUInt32() :  | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  | webview.swift:89:10:89:26 | call to toUInt32() |
+| webview.swift:90:10:90:10 | source :  | webview.swift:42:5:42:62 | [summary param] this in toNumber() :  | file://:0:0:0:0 | [summary] to write: return (return) in toNumber() :  | webview.swift:90:10:90:26 | call to toNumber() |
+| webview.swift:91:10:91:10 | source :  | webview.swift:43:5:43:44 | [summary param] this in toString() :  | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  | webview.swift:91:10:91:26 | call to toString() |
+| webview.swift:92:10:92:10 | source :  | webview.swift:44:5:44:44 | [summary param] this in toDate() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  | webview.swift:92:10:92:24 | call to toDate() |
+| webview.swift:93:10:93:10 | source :  | webview.swift:45:5:45:44 | [summary param] this in toArray() :  | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  | webview.swift:93:10:93:25 | call to toArray() |
+| webview.swift:94:10:94:10 | source :  | webview.swift:46:5:46:65 | [summary param] this in toDictionary() :  | file://:0:0:0:0 | [summary] to write: return (return) in toDictionary() :  | webview.swift:94:10:94:30 | call to toDictionary() |
+| webview.swift:95:10:95:10 | source :  | webview.swift:47:5:47:50 | [summary param] this in toPoint() :  | file://:0:0:0:0 | [summary] to write: return (return) in toPoint() :  | webview.swift:95:10:95:25 | call to toPoint() |
+| webview.swift:96:10:96:10 | source :  | webview.swift:48:5:48:50 | [summary param] this in toRange() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRange() :  | webview.swift:96:10:96:25 | call to toRange() |
+| webview.swift:97:10:97:10 | source :  | webview.swift:49:5:49:47 | [summary param] this in toRect() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRect() :  | webview.swift:97:10:97:24 | call to toRect() |
+| webview.swift:98:10:98:10 | source :  | webview.swift:50:5:50:47 | [summary param] this in toSize() :  | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  | webview.swift:98:10:98:24 | call to toSize() |
+| webview.swift:99:10:99:10 | source :  | webview.swift:51:5:51:84 | [summary param] this in atIndex(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  | webview.swift:99:10:99:26 | call to atIndex(_:) |
+| webview.swift:100:10:100:10 | source :  | webview.swift:53:5:53:89 | [summary param] this in forProperty(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  | webview.swift:100:10:100:31 | call to forProperty(_:) |
+| webview.swift:103:26:103:26 | s :  | webview.swift:27:5:27:39 | [summary param] 0 in init(object:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(object:in:) :  | webview.swift:103:10:103:47 | call to init(object:in:) |
+| webview.swift:104:24:104:24 | s :  | webview.swift:28:5:28:38 | [summary param] 0 in init(bool:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  | webview.swift:104:10:104:47 | call to init(bool:in:) |
+| webview.swift:105:26:105:26 | s :  | webview.swift:29:5:29:42 | [summary param] 0 in init(double:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(double:in:) :  | webview.swift:105:10:105:51 | call to init(double:in:) |
+| webview.swift:106:25:106:25 | s :  | webview.swift:30:5:30:40 | [summary param] 0 in init(int32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(int32:in:) :  | webview.swift:106:10:106:49 | call to init(int32:in:) |
+| webview.swift:107:26:107:26 | s :  | webview.swift:31:5:31:42 | [summary param] 0 in init(uInt32:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(uInt32:in:) :  | webview.swift:107:10:107:51 | call to init(uInt32:in:) |
+| webview.swift:108:25:108:25 | s :  | webview.swift:32:5:32:42 | [summary param] 0 in init(point:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(point:in:) :  | webview.swift:108:10:108:51 | call to init(point:in:) |
+| webview.swift:109:25:109:25 | s :  | webview.swift:33:5:33:42 | [summary param] 0 in init(range:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  | webview.swift:109:10:109:51 | call to init(range:in:) |
+| webview.swift:110:24:110:24 | s :  | webview.swift:34:5:34:40 | [summary param] 0 in init(rect:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  | webview.swift:110:10:110:49 | call to init(rect:in:) |
+| webview.swift:111:24:111:24 | s :  | webview.swift:35:5:35:40 | [summary param] 0 in init(size:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  | webview.swift:111:10:111:49 | call to init(size:in:) |
+| webview.swift:114:39:114:39 | s :  | webview.swift:52:5:52:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | webview.swift:114:5:114:5 | [post] v1 :  |
+| webview.swift:118:17:118:17 | s :  | webview.swift:54:5:54:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | webview.swift:118:5:118:5 | [post] v2 :  |
+| webview.swift:122:17:122:17 | s :  | webview.swift:55:5:55:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | webview.swift:122:5:122:5 | [post] v3 :  |
+| webview.swift:132:34:132:41 | call to source() :  | webview.swift:65:5:65:93 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  | webview.swift:132:13:132:102 | call to init(source:injectionTime:forMainFrameOnly:) :  |
+| webview.swift:137:34:137:41 | call to source() :  | webview.swift:66:5:66:126 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  | webview.swift:137:13:137:113 | call to init(source:injectionTime:forMainFrameOnly:in:) :  |
 #select
+| data.swift:85:12:85:12 | dataTainted | data.swift:81:26:81:33 | call to source() :  | data.swift:85:12:85:12 | dataTainted | result |
+| data.swift:86:12:86:12 | dataTainted2 | data.swift:81:26:81:33 | call to source() :  | data.swift:86:12:86:12 | dataTainted2 | result |
+| data.swift:90:12:90:12 | dataTainted3 | data.swift:89:41:89:48 | call to source() :  | data.swift:90:12:90:12 | dataTainted3 | result |
+| data.swift:94:12:94:12 | dataTainted4 | data.swift:93:34:93:41 | call to source() :  | data.swift:94:12:94:12 | dataTainted4 | result |
+| data.swift:96:12:96:12 | dataTainted5 | data.swift:95:34:95:41 | call to source() :  | data.swift:96:12:96:12 | dataTainted5 | result |
+| data.swift:100:12:100:12 | dataTainted6 | data.swift:99:33:99:40 | call to source() :  | data.swift:100:12:100:12 | dataTainted6 | result |
+| data.swift:104:12:104:12 | dataTainted7 | data.swift:103:39:103:46 | call to source() :  | data.swift:104:12:104:12 | dataTainted7 | result |
+| data.swift:109:12:109:12 | dataTainted8 | data.swift:107:20:107:27 | call to source() :  | data.swift:109:12:109:12 | dataTainted8 | result |
+| data.swift:113:12:113:12 | dataTainted9 | data.swift:112:39:112:46 | call to source() :  | data.swift:113:12:113:12 | dataTainted9 | result |
+| data.swift:118:12:118:12 | dataTainted10 | data.swift:117:23:117:30 | call to source() :  | data.swift:118:12:118:12 | dataTainted10 | result |
+| data.swift:122:12:122:12 | dataTainted11 | data.swift:121:23:121:30 | call to source() :  | data.swift:122:12:122:12 | dataTainted11 | result |
+| data.swift:126:12:126:12 | dataTainted12 | data.swift:125:23:125:30 | call to source() :  | data.swift:126:12:126:12 | dataTainted12 | result |
+| data.swift:131:12:131:12 | dataTainted13 | data.swift:130:23:130:30 | call to source() :  | data.swift:131:12:131:12 | dataTainted13 | result |
+| data.swift:136:12:136:12 | dataTainted14 | data.swift:135:35:135:42 | call to source() :  | data.swift:136:12:136:12 | dataTainted14 | result |
+| data.swift:140:12:140:55 | call to base64EncodedData(options:) | data.swift:139:22:139:29 | call to source() :  | data.swift:140:12:140:55 | call to base64EncodedData(options:) | result |
+| data.swift:144:12:144:57 | call to base64EncodedString(options:) | data.swift:143:22:143:29 | call to source() :  | data.swift:144:12:144:57 | call to base64EncodedString(options:) | result |
+| data.swift:149:12:149:12 | compactMapped | data.swift:147:22:147:29 | call to source() :  | data.swift:149:12:149:12 | compactMapped | result |
+| data.swift:155:12:155:12 | pointerTainted18 | data.swift:152:22:152:29 | call to source() :  | data.swift:155:12:155:12 | pointerTainted18 | result |
+| data.swift:172:12:172:12 | flatMapped | data.swift:170:22:170:29 | call to source() :  | data.swift:172:12:172:12 | flatMapped | result |
+| data.swift:176:12:176:12 | flatMapped2 | data.swift:174:22:174:29 | call to source() :  | data.swift:176:12:176:12 | flatMapped2 | result |
+| data.swift:181:12:181:12 | dataTainted23 | data.swift:180:23:180:30 | call to source() :  | data.swift:181:12:181:12 | dataTainted23 | result |
+| data.swift:186:12:186:12 | dataTainted24 | data.swift:185:35:185:42 | call to source() :  | data.swift:186:12:186:12 | dataTainted24 | result |
+| data.swift:191:12:191:12 | mapped | data.swift:189:22:189:29 | call to source() :  | data.swift:191:12:191:12 | mapped | result |
+| data.swift:196:12:196:12 | reduced | data.swift:194:22:194:29 | call to source() :  | data.swift:196:12:196:12 | reduced | result |
+| data.swift:201:12:201:12 | dataTainted27 | data.swift:200:35:200:42 | call to source() :  | data.swift:201:12:201:12 | dataTainted27 | result |
+| data.swift:206:12:206:12 | dataTainted28 | data.swift:205:45:205:52 | call to source() :  | data.swift:206:12:206:12 | dataTainted28 | result |
+| data.swift:210:12:210:12 | dataTainted29 | data.swift:209:45:209:52 | call to source() :  | data.swift:210:12:210:12 | dataTainted29 | result |
+| data.swift:214:12:214:12 | dataTainted30 | data.swift:213:45:213:52 | call to source() :  | data.swift:214:12:214:12 | dataTainted30 | result |
+| data.swift:219:12:219:12 | dataTainted31 | data.swift:218:45:218:52 | call to source() :  | data.swift:219:12:219:12 | dataTainted31 | result |
+| data.swift:224:12:224:12 | dataTainted32 | data.swift:223:45:223:52 | call to source() :  | data.swift:224:12:224:12 | dataTainted32 | result |
+| data.swift:229:12:229:12 | dataTainted33 | data.swift:228:45:228:52 | call to source() :  | data.swift:229:12:229:12 | dataTainted33 | result |
+| data.swift:237:12:237:33 | call to sorted() | data.swift:236:22:236:29 | call to source() :  | data.swift:237:12:237:33 | call to sorted() | result |
+| data.swift:241:12:241:54 | call to sorted(by:) | data.swift:240:22:240:29 | call to source() :  | data.swift:241:12:241:54 | call to sorted(by:) | result |
+| data.swift:245:12:245:46 | call to sorted(using:) | data.swift:244:22:244:29 | call to source() :  | data.swift:245:12:245:46 | call to sorted(using:) | result |
+| data.swift:249:12:249:35 | call to shuffled() | data.swift:248:22:248:29 | call to source() :  | data.swift:249:12:249:35 | call to shuffled() | result |
+| data.swift:254:12:254:46 | call to shuffled(using:) | data.swift:252:22:252:29 | call to source() :  | data.swift:254:12:254:46 | call to shuffled(using:) | result |
+| data.swift:258:12:258:44 | call to trimmingPrefix(_:) | data.swift:257:22:257:29 | call to source() :  | data.swift:258:12:258:44 | call to trimmingPrefix(_:) | result |
+| data.swift:262:12:262:54 | call to trimmingPrefix(while:) | data.swift:261:22:261:29 | call to source() :  | data.swift:262:12:262:54 | call to trimmingPrefix(while:) | result |
+| nsdata.swift:58:15:58:15 | nsDataTainted1 | nsdata.swift:57:40:57:47 | call to source() :  | nsdata.swift:58:15:58:15 | nsDataTainted1 | result |
+| nsdata.swift:61:15:61:15 | nsDataTainted2 | nsdata.swift:60:46:60:53 | call to source() :  | nsdata.swift:61:15:61:15 | nsDataTainted2 | result |
+| nsdata.swift:64:15:64:15 | nsDataTainted3 | nsdata.swift:63:46:63:53 | call to source() :  | nsdata.swift:64:15:64:15 | nsDataTainted3 | result |
+| nsdata.swift:67:15:67:15 | nsDataTainted4 | nsdata.swift:66:46:66:53 | call to source() :  | nsdata.swift:67:15:67:15 | nsDataTainted4 | result |
+| nsdata.swift:70:15:70:15 | nsDataTainted5 | nsdata.swift:69:39:69:46 | call to source() :  | nsdata.swift:70:15:70:15 | nsDataTainted5 | result |
+| nsdata.swift:73:15:73:29 | ...! | nsdata.swift:72:49:72:56 | call to source() :  | nsdata.swift:73:15:73:29 | ...! | result |
+| nsdata.swift:76:15:76:15 | nsDataTainted7 | nsdata.swift:75:49:75:56 | call to source() :  | nsdata.swift:76:15:76:15 | nsDataTainted7 | result |
+| nsdata.swift:79:15:79:29 | ...! | nsdata.swift:78:45:78:52 | call to source() :  | nsdata.swift:79:15:79:29 | ...! | result |
+| nsdata.swift:82:15:82:29 | ...! | nsdata.swift:81:45:81:52 | call to source() :  | nsdata.swift:82:15:82:29 | ...! | result |
+| nsdata.swift:85:15:85:30 | ...! | nsdata.swift:84:56:84:63 | call to source() :  | nsdata.swift:85:15:85:30 | ...! | result |
+| nsdata.swift:88:15:88:30 | ...! | nsdata.swift:87:49:87:56 | call to source() :  | nsdata.swift:88:15:88:30 | ...! | result |
+| nsdata.swift:90:15:90:30 | ...! | nsdata.swift:89:49:89:56 | call to source() :  | nsdata.swift:90:15:90:30 | ...! | result |
+| nsdata.swift:93:15:93:30 | ...! | nsdata.swift:92:50:92:57 | call to source() :  | nsdata.swift:93:15:93:30 | ...! | result |
+| nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) | nsdata.swift:95:27:95:34 | call to source() :  | nsdata.swift:96:15:96:49 | call to base64EncodedData(options:) | result |
+| nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) | nsdata.swift:95:27:95:34 | call to source() :  | nsdata.swift:97:15:97:60 | call to base64EncodedData(options:) | result |
+| nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) | nsdata.swift:99:27:99:34 | call to source() :  | nsdata.swift:100:15:100:51 | call to base64EncodedString(options:) | result |
+| nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) | nsdata.swift:99:27:99:34 | call to source() :  | nsdata.swift:101:15:101:62 | call to base64EncodedString(options:) | result |
+| nsdata.swift:104:15:104:46 | call to base64Encoding() | nsdata.swift:103:27:103:34 | call to source() :  | nsdata.swift:104:15:104:46 | call to base64Encoding() | result |
+| nsdata.swift:106:15:106:71 | ...! | nsdata.swift:106:51:106:58 | call to source() :  | nsdata.swift:106:15:106:71 | ...! | result |
+| nsdata.swift:110:45:110:45 | bytes | nsdata.swift:108:27:108:34 | call to source() :  | nsdata.swift:110:45:110:45 | bytes | result |
+| nsdata.swift:116:15:116:15 | bufferTainted18 | nsdata.swift:113:27:113:34 | call to source() :  | nsdata.swift:116:15:116:15 | bufferTainted18 | result |
+| nsdata.swift:121:15:121:15 | bufferTainted19 | nsdata.swift:118:27:118:34 | call to source() :  | nsdata.swift:121:15:121:15 | bufferTainted19 | result |
+| nsdata.swift:126:15:126:15 | bufferTainted20 | nsdata.swift:123:27:123:34 | call to source() :  | nsdata.swift:126:15:126:15 | bufferTainted20 | result |
+| nsdata.swift:129:15:129:54 | call to subdata(with:) | nsdata.swift:128:27:128:34 | call to source() :  | nsdata.swift:129:15:129:54 | call to subdata(with:) | result |
+| nsdata.swift:132:15:132:81 | call to compressed(using:) | nsdata.swift:131:27:131:34 | call to source() :  | nsdata.swift:132:15:132:81 | call to compressed(using:) | result |
+| nsdata.swift:135:15:135:83 | call to decompressed(using:) | nsdata.swift:134:27:134:34 | call to source() :  | nsdata.swift:135:15:135:83 | call to decompressed(using:) | result |
+| nsdata.swift:139:15:139:31 | .bytes | nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:139:15:139:31 | .bytes | result |
+| nsdata.swift:140:15:140:31 | .description | nsdata.swift:138:27:138:34 | call to source() :  | nsdata.swift:140:15:140:31 | .description | result |
+| nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 | nsmutabledata.swift:28:34:28:41 | call to source() :  | nsmutabledata.swift:29:15:29:15 | nsMutableDataTainted1 | result |
+| nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 | nsmutabledata.swift:32:34:32:41 | call to source() :  | nsmutabledata.swift:33:15:33:15 | nsMutableDataTainted2 | result |
+| nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 | nsmutabledata.swift:36:66:36:73 | call to source() :  | nsmutabledata.swift:37:15:37:15 | nsMutableDataTainted3 | result |
+| nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 | nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 | result |
+| nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 | nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 | result |
+| nsmutabledata.swift:49:15:49:37 | .mutableBytes | nsmutabledata.swift:48:33:48:40 | call to source() :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes | result |
 | string.swift:7:13:7:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:7:13:7:13 | "..." | result |
 | string.swift:9:13:9:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:9:13:9:13 | "..." | result |
 | string.swift:11:13:11:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:11:13:11:13 | "..." | result |
@@ -534,6 +1376,11 @@ subpaths
 | string.swift:35:13:35:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:35:13:35:23 | ... .+(_:_:) ... | result |
 | string.swift:36:13:36:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:36:13:36:23 | ... .+(_:_:) ... | result |
 | string.swift:39:13:39:29 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:39:13:39:29 | ... .+(_:_:) ... | result |
+| string.swift:85:13:85:21 | .description | string.swift:74:17:74:25 | call to source2() :  | string.swift:85:13:85:21 | .description | result |
+| string.swift:88:13:88:21 | .debugDescription | string.swift:74:17:74:25 | call to source2() :  | string.swift:88:13:88:21 | .debugDescription | result |
+| string.swift:126:13:126:13 | tainted | string.swift:121:17:121:25 | call to source2() :  | string.swift:126:13:126:13 | tainted | result |
+| string.swift:127:13:127:13 | taintedCString | string.swift:122:24:122:32 | call to source2() :  | string.swift:127:13:127:13 | taintedCString | result |
+| string.swift:128:13:128:13 | taintedUnicodeScalars | string.swift:123:31:123:39 | call to source2() :  | string.swift:128:13:128:13 | taintedUnicodeScalars | result |
 | subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] | result |
 | subscript.swift:14:15:14:26 | ...[...] | subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] | result |
 | try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... | result |
@@ -577,33 +1424,37 @@ subpaths
 | url.swift:102:15:102:67 | ...! | url.swift:57:16:57:23 | call to source() :  | url.swift:102:15:102:67 | ...! | result |
 | url.swift:118:12:118:12 | ...! | url.swift:57:16:57:23 | call to source() :  | url.swift:118:12:118:12 | ...! | result |
 | url.swift:121:15:121:19 | ...! | url.swift:57:16:57:23 | call to source() :  | url.swift:121:15:121:19 | ...! | result |
-| webview.swift:52:10:52:41 | .body | webview.swift:52:11:52:18 | call to source() :  | webview.swift:52:10:52:41 | .body | result |
-| webview.swift:59:10:59:26 | call to toObject() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:59:10:59:26 | call to toObject() | result |
-| webview.swift:60:10:60:41 | call to toObjectOf(_:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:60:10:60:41 | call to toObjectOf(_:) | result |
-| webview.swift:61:10:61:24 | call to toBool() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:61:10:61:24 | call to toBool() | result |
-| webview.swift:62:10:62:26 | call to toDouble() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:62:10:62:26 | call to toDouble() | result |
-| webview.swift:63:10:63:25 | call to toInt32() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:63:10:63:25 | call to toInt32() | result |
-| webview.swift:64:10:64:26 | call to toUInt32() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:64:10:64:26 | call to toUInt32() | result |
-| webview.swift:65:10:65:26 | call to toNumber() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:65:10:65:26 | call to toNumber() | result |
-| webview.swift:66:10:66:26 | call to toString() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:66:10:66:26 | call to toString() | result |
-| webview.swift:67:10:67:24 | call to toDate() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:67:10:67:24 | call to toDate() | result |
-| webview.swift:68:10:68:25 | call to toArray() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:68:10:68:25 | call to toArray() | result |
-| webview.swift:69:10:69:30 | call to toDictionary() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:69:10:69:30 | call to toDictionary() | result |
-| webview.swift:70:10:70:25 | call to toPoint() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:70:10:70:25 | call to toPoint() | result |
-| webview.swift:71:10:71:25 | call to toRange() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:71:10:71:25 | call to toRange() | result |
-| webview.swift:72:10:72:24 | call to toRect() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:72:10:72:24 | call to toRect() | result |
-| webview.swift:73:10:73:24 | call to toSize() | webview.swift:56:13:56:20 | call to source() :  | webview.swift:73:10:73:24 | call to toSize() | result |
-| webview.swift:74:10:74:26 | call to atIndex(_:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:74:10:74:26 | call to atIndex(_:) | result |
-| webview.swift:75:10:75:31 | call to forProperty(_:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:75:10:75:31 | call to forProperty(_:) | result |
-| webview.swift:78:10:78:47 | call to init(object:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:78:10:78:47 | call to init(object:in:) | result |
-| webview.swift:79:10:79:47 | call to init(bool:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:79:10:79:47 | call to init(bool:in:) | result |
-| webview.swift:80:10:80:51 | call to init(double:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:80:10:80:51 | call to init(double:in:) | result |
-| webview.swift:81:10:81:49 | call to init(int32:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:81:10:81:49 | call to init(int32:in:) | result |
-| webview.swift:82:10:82:51 | call to init(uInt32:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:82:10:82:51 | call to init(uInt32:in:) | result |
-| webview.swift:83:10:83:51 | call to init(point:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:83:10:83:51 | call to init(point:in:) | result |
-| webview.swift:84:10:84:51 | call to init(range:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:84:10:84:51 | call to init(range:in:) | result |
-| webview.swift:85:10:85:49 | call to init(rect:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:85:10:85:49 | call to init(rect:in:) | result |
-| webview.swift:86:10:86:49 | call to init(size:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:86:10:86:49 | call to init(size:in:) | result |
-| webview.swift:90:10:90:10 | v1 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:90:10:90:10 | v1 | result |
-| webview.swift:94:10:94:10 | v2 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:94:10:94:10 | v2 | result |
-| webview.swift:98:10:98:10 | v3 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:98:10:98:10 | v3 | result |
+| webview.swift:77:10:77:41 | .body | webview.swift:77:11:77:18 | call to source() :  | webview.swift:77:10:77:41 | .body | result |
+| webview.swift:84:10:84:26 | call to toObject() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:84:10:84:26 | call to toObject() | result |
+| webview.swift:85:10:85:41 | call to toObjectOf(_:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:85:10:85:41 | call to toObjectOf(_:) | result |
+| webview.swift:86:10:86:24 | call to toBool() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:86:10:86:24 | call to toBool() | result |
+| webview.swift:87:10:87:26 | call to toDouble() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:87:10:87:26 | call to toDouble() | result |
+| webview.swift:88:10:88:25 | call to toInt32() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:88:10:88:25 | call to toInt32() | result |
+| webview.swift:89:10:89:26 | call to toUInt32() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:89:10:89:26 | call to toUInt32() | result |
+| webview.swift:90:10:90:26 | call to toNumber() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:90:10:90:26 | call to toNumber() | result |
+| webview.swift:91:10:91:26 | call to toString() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:91:10:91:26 | call to toString() | result |
+| webview.swift:92:10:92:24 | call to toDate() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:92:10:92:24 | call to toDate() | result |
+| webview.swift:93:10:93:25 | call to toArray() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:93:10:93:25 | call to toArray() | result |
+| webview.swift:94:10:94:30 | call to toDictionary() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:94:10:94:30 | call to toDictionary() | result |
+| webview.swift:95:10:95:25 | call to toPoint() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:95:10:95:25 | call to toPoint() | result |
+| webview.swift:96:10:96:25 | call to toRange() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:96:10:96:25 | call to toRange() | result |
+| webview.swift:97:10:97:24 | call to toRect() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:97:10:97:24 | call to toRect() | result |
+| webview.swift:98:10:98:24 | call to toSize() | webview.swift:81:13:81:20 | call to source() :  | webview.swift:98:10:98:24 | call to toSize() | result |
+| webview.swift:99:10:99:26 | call to atIndex(_:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:99:10:99:26 | call to atIndex(_:) | result |
+| webview.swift:100:10:100:31 | call to forProperty(_:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:100:10:100:31 | call to forProperty(_:) | result |
+| webview.swift:103:10:103:47 | call to init(object:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:103:10:103:47 | call to init(object:in:) | result |
+| webview.swift:104:10:104:47 | call to init(bool:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:104:10:104:47 | call to init(bool:in:) | result |
+| webview.swift:105:10:105:51 | call to init(double:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:105:10:105:51 | call to init(double:in:) | result |
+| webview.swift:106:10:106:49 | call to init(int32:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:106:10:106:49 | call to init(int32:in:) | result |
+| webview.swift:107:10:107:51 | call to init(uInt32:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:107:10:107:51 | call to init(uInt32:in:) | result |
+| webview.swift:108:10:108:51 | call to init(point:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:108:10:108:51 | call to init(point:in:) | result |
+| webview.swift:109:10:109:51 | call to init(range:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:109:10:109:51 | call to init(range:in:) | result |
+| webview.swift:110:10:110:49 | call to init(rect:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:110:10:110:49 | call to init(rect:in:) | result |
+| webview.swift:111:10:111:49 | call to init(size:in:) | webview.swift:81:13:81:20 | call to source() :  | webview.swift:111:10:111:49 | call to init(size:in:) | result |
+| webview.swift:115:10:115:10 | v1 | webview.swift:81:13:81:20 | call to source() :  | webview.swift:115:10:115:10 | v1 | result |
+| webview.swift:119:10:119:10 | v2 | webview.swift:81:13:81:20 | call to source() :  | webview.swift:119:10:119:10 | v2 | result |
+| webview.swift:123:10:123:10 | v3 | webview.swift:81:13:81:20 | call to source() :  | webview.swift:123:10:123:10 | v3 | result |
+| webview.swift:133:10:133:10 | b | webview.swift:132:34:132:41 | call to source() :  | webview.swift:133:10:133:10 | b | result |
+| webview.swift:134:10:134:12 | .source | webview.swift:132:34:132:41 | call to source() :  | webview.swift:134:10:134:12 | .source | result |
+| webview.swift:138:10:138:10 | c | webview.swift:137:34:137:41 | call to source() :  | webview.swift:138:10:138:10 | c | result |
+| webview.swift:139:10:139:12 | .source | webview.swift:137:34:137:41 | call to source() :  | webview.swift:139:10:139:12 | .source | result |
diff --git a/swift/ql/test/library-tests/dataflow/taint/data.swift b/swift/ql/test/library-tests/dataflow/taint/data.swift
index d7ebe600f8a..d4a5178a9bd 100644
--- a/swift/ql/test/library-tests/dataflow/taint/data.swift
+++ b/swift/ql/test/library-tests/dataflow/taint/data.swift
@@ -1,33 +1,263 @@
+// --- stubs ---
+struct URL {}
 
-class Data
+class NSData {}
+
+protocol SortComparator {
+	associatedtype Compared
+}
+
+struct Data : BidirectionalCollection
 {
+	struct Base64EncodingOptions : OptionSet { let rawValue: Int }
+	struct Base64DecodingOptions : OptionSet { let rawValue: Int }
+	struct ReadingOptions : OptionSet { let rawValue: Int }
+	enum Deallocator { case none }
+	typealias Index = Int
+	typealias Element = UInt8
+	var startIndex: Self.Index { get { return 0 } }
+	var endIndex: Self.Index { get { return 0 } }
+	func index(after: Self.Index) -> Self.Index { return 0 }
+	func index(before: Self.Index) -> Self.Index { return 0 }
+	subscript(position: Self.Index) -> Self.Element { get { return 0 } }
+
     init<S>(_ elements: S) {}
+	init(base64Encoded: Data, options: Data.Base64DecodingOptions) {}
+	init<SourceType>(buffer: UnsafeBufferPointer<SourceType>) {}
+	init<SourceType>(buffer: UnsafeMutablePointer<SourceType>) {}
+	init(bytes: UnsafeRawPointer, count: Int) {}
+	init(bytesNoCopy: UnsafeRawPointer, count: Int, deallocator: Data.Deallocator) {}
+	init(contentsOf: URL, options: ReadingOptions) {}
+	init(referencing: NSData) {}
+	func append(_: Data) {}
+	func append(_: UInt8) {}
+	func append<SourceType>(_: UnsafeBufferPointer<SourceType>) {}
+	func append(_: UnsafePointer<UInt8>, count: Int) {}
+	func append(contentsOf: [UInt8]) {}
+	func append<S>(contentsOf: S) {}
+	func base64EncodedData(options: Data.Base64EncodingOptions) -> Data { return Data("") }
+	func base64EncodedString(options: Data.Base64EncodingOptions) -> String { return "" }
+	func compactMap<ElementOfResult>(_: (UInt8) -> ElementOfResult) -> [ElementOfResult] { return [] }
+	func copyBytes(to: UnsafeMutableRawBufferPointer) {}
+	func copyBytes(to: UnsafeMutablePointer<UInt8>, count: Int) {}
+	func copyBytes(to: UnsafeMutablePointer<UInt8>, from: Range<Data.Index>) {}
+	func flatMap<SegmentOfResult>(_: (UInt8) -> SegmentOfResult) -> [SegmentOfResult.Element] where SegmentOfResult : Sequence { return [] }
+	func flatMap<ElementOfResult>(_: (UInt8) -> ElementOfResult?) -> [ElementOfResult] { return [] }
+	func insert(_: UInt8, at: Int) {}
+	func insert<C>(contentsOf: C, at: Int) where C : Collection, UInt8 == C.Element {}
+	func map<T>(_: (UInt8) -> T) -> [T] { return [] }
+	func reduce<Result>(into initialResult: Result, _: (inout Result, UInt8) -> ()) -> Result { return initialResult }
+	func replace<C, Replacement>(_: C, with: Replacement, maxReplacements: Int) where C : Collection, Replacement : Collection, UInt8 == C.Element, C.Element == Replacement.Element {}
+	func replaceSubrange(_: Range<Data.Index>, with: Data) {}
+	func replaceSubrange<ByteCollection>(_: Range<Data.Index>, with: ByteCollection) where ByteCollection : Collection, ByteCollection.Element == UInt8 {}
+	func replaceSubrange<SourceType>(_: Range<Data.Index>, with: UnsafeBufferPointer<SourceType>) {}
+	func replaceSubrange(_: Range<Data.Index>, with: UnsafeRawPointer, count: Int) {}
+	func replaceSubrange<C, R>(_: R, with: C) where C : Collection, R : RangeExpression, UInt8 == C.Element, Int == R.Bound {}
+	func replacing<C, Replacement>(_: C, with: Replacement, maxReplacements: Int = .max) -> Data where C : Collection, Replacement : Collection, UInt8 == C.Element, C.Element == Replacement.Element { return Data("") }
+	func replacing<C, Replacement>(_: C, with: Replacement, subrange: Range<Int>, maxReplacements: Int = .max) -> Data where C : Collection, Replacement : Collection, UInt8 == C.Element, C.Element == Replacement.Element { return Data("") }
+	func sorted() -> [UInt8] { return [] }
+	func sorted(by: (UInt8, UInt8) throws -> Bool) rethrows -> [UInt8] { return [] }
+	func sorted<Comparator>(using: Comparator) -> [UInt8] where Comparator : SortComparator, UInt8 == Comparator.Compared { return [] }
+	func shuffled() -> [UInt8] { return [] }
+	func shuffled<T>(using: inout T) -> [UInt8] { return [] }
+	func trimmingPrefix<Prefix>(_ prefix: Prefix) -> Data where Prefix : Sequence, UInt8 == Prefix.Element { return Data("") }
+	func trimmingPrefix(while: (UInt8) -> Bool) -> Data { return Data("") }
 }
 
-extension String {
-	struct Encoding {
-		static let utf8 = Encoding()
-	}
+// --- tests ---
 
-	init?(data: Data, encoding: Encoding) { self.init() }
+class UInt8SortCompartor : SortComparator {
+	typealias Compared = UInt8
 }
 
-func source() -> String { return "" }
-func sink(arg: Data) {}
-func sink2(arg: String) {}
+func source() -> Any { return "" }
+func sink(arg: Any) {}
+func rng() -> RandomNumberGenerator? { return nil }
+func cmp() -> UInt8SortCompartor? { return nil }
 
 func taintThroughData() {
+	// ";Data;true;init(_:);;;Argument[0];ReturnValue;taint",
 	let dataClean = Data("123456".utf8)
-	let dataTainted = Data(source().utf8)
+	let dataTainted = Data((source() as! String).utf8)
 	let dataTainted2 = Data(dataTainted)
 
 	sink(arg: dataClean)
-	sink(arg: dataTainted) // $ MISSING: tainted=13
-	sink(arg: dataTainted2) // $ MISSING: tainted=13
+	sink(arg: dataTainted) // $ tainted=81
+	sink(arg: dataTainted2) // $ tainted=81
 
-	let stringClean = String(data: dataClean, encoding: String.Encoding.utf8)
-	let stringTainted = String(data: dataTainted, encoding: String.Encoding.utf8)
+	// ";Data;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint",
+	let dataTainted3 = Data(base64Encoded: source() as! Data, options: [])
+	sink(arg: dataTainted3) // $ tainted=89
 
-	sink2(arg: stringClean!) // $ MISSING: tainted=13
-	sink2(arg: stringTainted!) // $ MISSING: tainted=13
+	// ";Data;true;init(buffer:);;;Argument[0];ReturnValue;taint",
+	let dataTainted4 = Data(buffer: source() as! UnsafeBufferPointer<UInt8>)
+	sink(arg: dataTainted4)  // $ tainted=93
+	let dataTainted5 = Data(buffer: source() as! UnsafeMutablePointer<UInt8>)
+	sink(arg: dataTainted5)  // $ tainted=95
+
+	// ";Data;true;init(bytes:count:);;;Argument[0];ReturnValue;taint",
+	let dataTainted6 = Data(bytes: source() as! UnsafeRawPointer, count: 0)
+	sink(arg: dataTainted6)  // $ tainted=99
+
+	// ";Data;true;init(bytesNoCopy:count:deallocator:);;;Argument[0];ReturnValue;taint",
+	let dataTainted7 = Data(bytesNoCopy: source() as! UnsafeRawPointer, count: 0, deallocator: Data.Deallocator.none)
+	sink(arg: dataTainted7)  // $ tainted=103
+
+	// ";Data;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
+	let urlTainted8 = source() as! URL
+	let dataTainted8 = Data(contentsOf: urlTainted8, options: [])
+	sink(arg: dataTainted8)  // $ tainted=107
+
+	// ";Data;true;init(referencing:);;;Argument[0];ReturnValue;taint",
+	let dataTainted9 = Data(referencing: source() as! NSData)
+	sink(arg: dataTainted9)  // $ tainted=112
+
+	// ";Data;true;append(_:);;;Argument[0];Argument[-1];taint",
+	let dataTainted10 = Data("")
+	dataTainted10.append(source() as! Data)
+	sink(arg: dataTainted10) // $ tainted=117
+
+	let dataTainted11 = Data("")
+	dataTainted11.append(source() as! UInt8)
+	sink(arg: dataTainted11) // $ tainted=121
+
+	let dataTainted12 = Data("")
+	dataTainted12.append(source() as! UnsafeBufferPointer<UInt8>)
+	sink(arg: dataTainted12) // $ tainted=125
+
+	// ";Data;true;append(_:count:);;;Argument[0];Argument[-1];taint",
+	let dataTainted13 = Data("")
+	dataTainted13.append(source() as! UnsafePointer<UInt8>, count: 0)
+	sink(arg: dataTainted13) // $ tainted=130
+
+	// ";Data;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
+	let dataTainted14 = Data("")
+	dataTainted14.append(contentsOf: source() as! [UInt8])
+	sink(arg: dataTainted14) // $ tainted=135
+
+	// ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted15 = source() as! Data
+	sink(arg: dataTainted15.base64EncodedData(options: [])) // $ tainted=139
+
+	// ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted16 = source() as! Data
+	sink(arg: dataTainted16.base64EncodedString(options: [])) // $ tainted=143
+
+	// ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted17 = source() as! Data
+	let compactMapped: [Int] = dataTainted17.compactMap { str in Int(str) }
+	sink(arg: compactMapped) // $ tainted=147
+
+	// ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint",
+	let dataTainted18 = source() as! Data
+	let pointerTainted18 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0)
+	dataTainted18.copyBytes(to: pointerTainted18)
+	sink(arg: pointerTainted18) // $ tainted=152
+
+	// ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint",
+	let dataTainted19 = source() as! Data
+	let pointerTainted19 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0)
+	dataTainted19.copyBytes(to: pointerTainted19, count: 0)
+	sink(arg: pointerTainted19) // $ MISSING: tainted=158
+
+	// ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint",
+	let dataTainted20 = source() as! Data
+	let pointerTainted20 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0)
+	dataTainted20.copyBytes(to: pointerTainted20, from: 0..<1)
+	sink(arg: pointerTainted20) // $ MISSING: tainted=164
+
+	// ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted21 = source() as! Data
+	let flatMapped = dataTainted21.flatMap { Array(repeating: $0, count: 0) }
+	sink(arg: flatMapped) // $ tainted=170
+
+	let dataTainted22 = source() as! Data
+	let flatMapped2 = dataTainted22.flatMap { str in Int(str) }
+	sink(arg: flatMapped2) // $ tainted=174
+
+	// ";Data;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
+	let dataTainted23 = Data("")
+	dataTainted23.insert(source() as! UInt8, at: 0)
+	sink(arg: dataTainted23) // $ tainted=180
+
+	// ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
+	let dataTainted24 = Data("")
+	dataTainted24.insert(contentsOf: source() as! [UInt8], at: 0)
+	sink(arg: dataTainted24) // $ tainted=185
+
+	// ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted25 = source() as! Data
+	let mapped = dataTainted25.map { $0 }
+	sink(arg: mapped) // $ tainted=189
+
+	// ";Data;true;reduce(into:_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted26 = source() as! Data
+	let reduced = dataTainted26.reduce(into: [:]) { c, i in c[i, default: 0] += 1 }
+	sink(arg: reduced) // $ tainted=194
+
+	// ";Data;true;replace(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
+	let dataTainted27 = Data("")
+	dataTainted27.replace([0], with: source() as! [UInt8], maxReplacements: .max)
+	sink(arg: dataTainted27) // $ tainted=200
+
+	// ";Data;true;replaceSubrange(_:with:);;;Argument[1];Argument[-1];taint",
+	let dataTainted28 = Data("")
+	dataTainted28.replaceSubrange(1..<3, with: source() as! Data)
+	sink(arg: dataTainted28) // $ tainted=205
+
+	let dataTainted29 = Data("")
+	dataTainted29.replaceSubrange(1..<3, with: source() as! [UInt8])
+	sink(arg: dataTainted29) // $ tainted=209
+
+	let dataTainted30 = Data("")
+	dataTainted30.replaceSubrange(1..<3, with: source() as! UnsafeBufferPointer<UInt8>)
+	sink(arg: dataTainted30) // $ tainted=213
+
+	// ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint",
+	let dataTainted31 = Data("")
+	dataTainted31.replaceSubrange(1..<3, with: source() as! UnsafeRawPointer, count: 0)
+	sink(arg: dataTainted31) // $ tainted=218
+
+	// ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
+	let dataTainted32 = Data("")
+	let _ = dataTainted32.replacing([0], with: source() as! [UInt8], maxReplacements: 0)
+	sink(arg: dataTainted32) // $ tainted=223
+
+	// ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint",
+	let dataTainted33 = Data("")
+	let _ = dataTainted33.replacing([0], with: source() as! [UInt8], subrange: 1..<3, maxReplacements: 0)
+	sink(arg: dataTainted33) // $ tainted=228
+
+	// ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
+	let dataTainted34 = source() as! Data
+	sink(arg: dataTainted34.reversed()) // $ MISSING: tainted=232 // Needs models for BidirectionalCollection
+
+	// ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
+	let dataTainted35 = source() as! Data
+	sink(arg: dataTainted35.sorted()) // $ tainted=236
+
+	// ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted36 = source() as! Data
+	sink(arg: dataTainted36.sorted{ _,_ in return false }) // $ tainted=240
+
+	// ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted37 = source() as! Data
+	sink(arg: dataTainted37.sorted(using: cmp()!)) // $ tainted=244
+
+	// ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint",
+	let dataTainted38 = source() as! Data
+	sink(arg: dataTainted38.shuffled()) // $ tainted=248
+
+	// ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted39 = source() as! Data
+	var rng = rng()!
+	sink(arg: dataTainted39.shuffled(using: &rng)) // $ tainted=252
+
+	// ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted40 = source() as! Data
+	sink(arg: dataTainted40.trimmingPrefix([0])) // $ tainted=257
+
+	// ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint"
+	let dataTainted41 = source() as! Data
+	sink(arg: dataTainted41.trimmingPrefix { _ in false }) // $ tainted=261
 }
diff --git a/swift/ql/test/library-tests/dataflow/taint/nsdata.swift b/swift/ql/test/library-tests/dataflow/taint/nsdata.swift
new file mode 100644
index 00000000000..f49dce6679a
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/taint/nsdata.swift
@@ -0,0 +1,141 @@
+// --- stubs ---
+
+struct URL
+{
+	init?(string: String) {}
+}
+
+struct Data
+{
+    init<S>(_ elements: S) {}
+}
+
+struct NSRange {}
+
+struct ObjCBool {}
+
+class NSData {
+    struct ReadingOptions : OptionSet { let rawValue: Int }
+    struct Base64EncodingOptions : OptionSet { let rawValue: Int }
+    struct Base64DecodingOptions : OptionSet { let rawValue: Int }
+    enum CompressionAlgorithm : Int { case none }
+    var bytes: UnsafeRawPointer = UnsafeRawPointer(bitPattern: 0)!
+    var description: String = ""
+    init(bytes: UnsafeRawPointer?, length: Int) {}
+    init(bytesNoCopy bytes: UnsafeMutableRawPointer, length: Int) {}
+    init(bytesNoCopy bytes: UnsafeMutableRawPointer, length: Int, deallocator: ((UnsafeMutableRawPointer, Int) -> Void)? = nil) {}
+    init(bytesNoCopy bytes: UnsafeMutableRawPointer, length: Int, freeWhenDone b: Bool) {}
+    init(data: Data) {}
+    init?(contentsOfFile: String) {}
+    init(contentsOfFile path: String, options readOptionsMask: NSData.ReadingOptions = []) {} 
+    init?(contentsOf: URL) {}
+    init?(contentsOf: URL, options: NSData.ReadingOptions) {}
+    init?(contentsOfMappedFile path: String) {}
+    init?(base64Encoded base64Data: Data, options: NSData.Base64DecodingOptions = []) {}
+    init?(base64Encoded base64String: String, options: NSData.Base64DecodingOptions = []) {}
+    init?(base64Encoding base64String: String) {}
+    func base64EncodedData(options: NSData.Base64EncodingOptions = []) -> Data { return Data("") }
+    func base64EncodedString(options: NSData.Base64EncodingOptions = []) -> String { return "" }
+    func base64Encoding() -> String { return "" }
+    class func dataWithContentsOfMappedFile(_ path: String) -> Any? { return nil }
+    func enumerateBytes(_ block: (UnsafeRawPointer, NSRange, UnsafeMutablePointer<ObjCBool>) -> Void) {}
+    func getBytes(_ buffer: UnsafeMutableRawPointer) {}
+    func getBytes(_ buffer: UnsafeMutableRawPointer, length: Int) {}
+    func getBytes(_ buffer: UnsafeMutableRawPointer, range: NSRange) {}
+    func subdata(with range: NSRange) -> Data { return Data("") }
+    func compressed(using algorithm: NSData.CompressionAlgorithm) -> Self { return self }
+    func decompressed(using algorithm: NSData.CompressionAlgorithm) -> Self { return self }
+}
+
+// --- tests ---
+
+func source() -> Any { return "" }
+func sink(arg: Any) {}
+
+func test() {
+    // ";NSData;true;init(bytes:length:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted1 = NSData(bytes: source() as? UnsafeRawPointer, length: 0)
+    sink(arg: nsDataTainted1) // $ tainted=57
+    // ";NSData;true;init(bytesNoCopy:length:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted2 = NSData(bytesNoCopy: source() as! UnsafeMutableRawPointer, length: 0)
+    sink(arg: nsDataTainted2) // $ tainted=60
+    // ";NSData;true;init(bytesNoCopy:length:deallocator:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted3 = NSData(bytesNoCopy: source() as! UnsafeMutableRawPointer, length: 0, deallocator: nil)
+    sink(arg: nsDataTainted3) // $ tainted=63
+    // ";NSData;true;init(bytesNoCopy:length:freeWhenDone:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted4 = NSData(bytesNoCopy: source() as! UnsafeMutableRawPointer, length: 0, freeWhenDone: true)
+    sink(arg: nsDataTainted4) // $ tainted=66
+    // ";NSData;true;init(data:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted5 = NSData(data: source() as! Data)
+    sink(arg: nsDataTainted5) // $ tainted=69
+    // ";NSData;true;init(contentsOfFile:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted6 = NSData(contentsOfFile: source() as! String)
+    sink(arg: nsDataTainted6!) // $ tainted=72
+    // ";NSData;true;init(contentsOfFile:options:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted7 = NSData(contentsOfFile: source() as! String, options: [])
+    sink(arg: nsDataTainted7) // $ tainted=75
+    // ";NSData;true;init(contentsOf:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted8 = NSData(contentsOf: source() as! URL)
+    sink(arg: nsDataTainted8!) // $ tainted=78
+    // ";NSData;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted9 = NSData(contentsOf: source() as! URL, options: [])
+    sink(arg: nsDataTainted9!) // $ tainted=81
+    // ";NSData;true;init(contentsOfMappedFile:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted10 = NSData(contentsOfMappedFile: source() as! String)
+    sink(arg: nsDataTainted10!) // $ tainted=84
+    // ";NSData;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted11 = NSData(base64Encoded: source() as! Data, options: [])
+    sink(arg: nsDataTainted11!) // $ tainted=87
+    let nsDataTainted12 = NSData(base64Encoded: source() as! String, options: [])
+    sink(arg: nsDataTainted12!) // $ tainted=89
+    // ";NSData;true;init(base64Encoding:);;;Argument[0];ReturnValue;taint",
+    let nsDataTainted13 = NSData(base64Encoding: source() as! String)
+    sink(arg: nsDataTainted13!) // $ tainted=92
+    // ";NSData;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
+    let nsDataTainted14 = source() as! NSData
+    sink(arg: nsDataTainted14.base64EncodedData()) // $ tainted=95
+    sink(arg: nsDataTainted14.base64EncodedData(options: [])) // $ tainted=95
+    // ";NSData;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
+    let nsDataTainted15 = source() as! NSData
+    sink(arg: nsDataTainted15.base64EncodedString()) // $ tainted=99
+    sink(arg: nsDataTainted15.base64EncodedString(options: [])) // $ tainted=99
+    // ";NSData;true;base64Encoding();;;Argument[-1];ReturnValue;taint",
+    let nsDataTainted16 = source() as! NSData
+    sink(arg: nsDataTainted16.base64Encoding()) // $ tainted=103
+    // ";NSData;true;dataWithContentsOfMappedFile(_:);;;Argument[0];ReturnValue;taint",
+    sink(arg: NSData.dataWithContentsOfMappedFile(source() as! String)!) // $ tainted=106
+    // ";NSData;true;enumerateBytes(_:);;;Argument[-1];Argument[0].Parameter[0];taint"
+    let nsDataTainted17 = source() as! NSData
+    nsDataTainted17.enumerateBytes {
+        bytes, byteRange, stop in sink(arg: bytes) // $ tainted=108
+    }
+    // ";NSData;true;getBytes(_:);;;Argument[-1];Argument[0];taint",
+    let nsDataTainted18 = source() as! NSData
+    let bufferTainted18 = UnsafeMutableRawPointer(bitPattern: 0)!
+    nsDataTainted18.getBytes(bufferTainted18)
+    sink(arg: bufferTainted18) // $ tainted=113
+    // ";NSData;true;getBytes(_:length:);;;Argument[-1];Argument[0];taint",
+    let nsDataTainted19 = source() as! NSData
+    let bufferTainted19 = UnsafeMutableRawPointer(bitPattern: 0)!
+    nsDataTainted19.getBytes(bufferTainted19, length: 0)
+    sink(arg: bufferTainted19) // $ tainted=118
+    // ";NSData;true;getBytes(_:range:);;;Argument[-1];Argument[0];taint",
+    let nsDataTainted20 = source() as! NSData
+    let bufferTainted20 = UnsafeMutableRawPointer(bitPattern: 0)!
+    nsDataTainted20.getBytes(bufferTainted20, range: NSRange())
+    sink(arg: bufferTainted20) // $ tainted=123
+    // ";NSData;true;subdata(with:);;;Argument[-1];ReturnValue;taint",
+    let nsDataTainted21 = source() as! NSData
+    sink(arg: nsDataTainted21.subdata(with: NSRange())) // $ tainted=128
+    // ";NSData;true;compressed(using:);;;Argument[-1];ReturnValue;taint",
+    let nsDataTainted22 = source() as! NSData
+    sink(arg: nsDataTainted22.compressed(using: NSData.CompressionAlgorithm.none)) // $ tainted=131
+    // ";NSData;true;decompressed(using:);;;Argument[-1];ReturnValue;taint"
+    let nsDataTainted23 = source() as! NSData
+    sink(arg: nsDataTainted23.decompressed(using: NSData.CompressionAlgorithm.none)) // $ tainted=134
+
+    // Fields
+    let nsDataTainted24 = source() as! NSData
+    sink(arg: nsDataTainted24.bytes) // $ tainted=138
+    sink(arg: nsDataTainted24.description) // $ tainted=138
+}
diff --git a/swift/ql/test/library-tests/dataflow/taint/nsmutabledata.swift b/swift/ql/test/library-tests/dataflow/taint/nsmutabledata.swift
new file mode 100644
index 00000000000..20f2739f9f9
--- /dev/null
+++ b/swift/ql/test/library-tests/dataflow/taint/nsmutabledata.swift
@@ -0,0 +1,50 @@
+// --- stubs ---
+
+struct Data
+{
+    init<S>(_ elements: S) {}
+}
+
+struct NSRange {}
+
+class NSData {}
+
+class NSMutableData : NSData {
+    var mutableBytes: UnsafeMutableRawPointer = UnsafeMutableRawPointer(bitPattern: 0)!
+    func append(_ bytes: UnsafeRawPointer, length: Int) {}
+    func append(_ other: Data) {}
+    func replaceBytes(in range: NSRange, withBytes bytes: UnsafeRawPointer) {}
+    func replaceBytes(in range: NSRange, withBytes replacementBytes: UnsafeRawPointer?, length replacementLength: Int) {}
+    func setData(_ data: Data) {}
+}
+
+// --- tests ---
+func source() -> Any { return "" }
+func sink(arg: Any) {}
+
+func test() {
+    // ";NSMutableData;true;append(_:length:);;;Argument[0];Argument[-1];taint",
+    let nsMutableDataTainted1 = NSMutableData()
+    nsMutableDataTainted1.append(source() as! UnsafeRawPointer, length: 0)
+    sink(arg: nsMutableDataTainted1) // $ tainted=28
+    // ";MutableNSData;true;append(_:);;;Argument[0];Argument[-1];taint",
+    let nsMutableDataTainted2 = NSMutableData()
+    nsMutableDataTainted2.append(source() as! Data)
+    sink(arg: nsMutableDataTainted2) // $ tainted=32
+    // ";NSMutableData;true;replaceBytes(in:withBytes:);;;Argument[1];Argument[-1];taint",
+    let nsMutableDataTainted3 = NSMutableData()
+    nsMutableDataTainted3.replaceBytes(in: NSRange(), withBytes: source() as! UnsafeRawPointer)
+    sink(arg: nsMutableDataTainted3) // $ tainted=36
+    // ";NSMutableData;true;replaceBytes(in:withBytes:length:);;;Argument[1];Argument[-1];taint",
+    let nsMutableDataTainted4 = NSMutableData()
+    nsMutableDataTainted4.replaceBytes(in: NSRange(), withBytes: source() as? UnsafeRawPointer, length: 0)
+    sink(arg: nsMutableDataTainted4) // $ tainted=40
+    // ";NSMutableData;true;setData(_:);;;Argument[1];Argument[-1];taint",
+    let nsMutableDataTainted5 = NSMutableData()
+    nsMutableDataTainted5.setData(source() as! Data)
+    sink(arg: nsMutableDataTainted5) // $ tainted=44
+
+    // Fields
+    let nsMutableDataTainted6 = source() as! NSMutableData
+    sink(arg: nsMutableDataTainted6.mutableBytes) // $ tainted=48
+}
diff --git a/swift/ql/test/library-tests/dataflow/taint/string.swift b/swift/ql/test/library-tests/dataflow/taint/string.swift
index 6f5e5876a65..1186ffd8a6c 100644
--- a/swift/ql/test/library-tests/dataflow/taint/string.swift
+++ b/swift/ql/test/library-tests/dataflow/taint/string.swift
@@ -82,8 +82,48 @@ func taintThroughStringOperations() {
   sink(arg: String(repeating: tainted, count: 2)) // $ MISSING: tainted=74
 
   sink(arg: clean.description)
-  sink(arg: tainted.description) // $ MISSING: tainted=74
+  sink(arg: tainted.description) // $ tainted=74
 
   sink(arg: clean.debugDescription)
-  sink(arg: tainted.debugDescription) // $ MISSING: tainted=74
+  sink(arg: tainted.debugDescription) // $ tainted=74
+}
+
+class Data
+{
+    init<S>(_ elements: S) {}
+}
+
+extension String {
+	struct Encoding {
+		static let utf8 = Encoding()
+	}
+
+	init?(data: Data, encoding: Encoding) { self.init() }
+}
+
+
+func source3() -> Data { return Data("") }
+
+func taintThroughData() {
+  let stringClean = String(data: Data(""), encoding: String.Encoding.utf8)
+  let stringTainted = String(data: source3(), encoding: String.Encoding.utf8)
+
+	sink(arg: stringClean!)
+	sink(arg: stringTainted!) // $ MISSING: tainted=100
+}
+
+func sink(arg: String.UTF8View) {}
+func sink(arg: ContiguousArray<CChar>) {}
+func sink(arg: String.UnicodeScalarView) {}
+
+func taintThroughStringFields() {
+  let clean = ""
+  let tainted = source2().utf8
+  let taintedCString = source2().utf8CString
+  let taintedUnicodeScalars = source2().unicodeScalars
+
+  sink(arg: clean)
+  sink(arg: tainted) // $ tainted=121
+  sink(arg: taintedCString) // $ tainted=122
+  sink(arg: taintedUnicodeScalars) // $ tainted=123
 }
diff --git a/swift/ql/test/library-tests/dataflow/taint/webview.swift b/swift/ql/test/library-tests/dataflow/taint/webview.swift
index f0a7f77d12f..a656d600de7 100644
--- a/swift/ql/test/library-tests/dataflow/taint/webview.swift
+++ b/swift/ql/test/library-tests/dataflow/taint/webview.swift
@@ -1,17 +1,28 @@
 
 // --- stubs ---
-class WKScriptMessage {
+
+class NSObject {}
+
+class WKScriptMessage : NSObject {
     open var body: Any { get { return "" } }
 }
+
 class NSNumber {
     init(value: Int) {}
 }
+
 class Date {}
+
 class CGPoint {}
+
 class NSRange {}
+
 class CGRect {}
+
 class CGSize{}
+
 class JSContext {}
+
 class JSValue {
     init(object: Any, in: JSContext) {}
     init(bool: Bool, in: JSContext) {}
@@ -44,56 +55,86 @@ class JSValue {
     func setValue(_: Any!, forProperty: Any!) {}
 }
 
+enum WKUserScriptInjectionTime : Int {
+    case atDocumentStart = 0
+}
+
+class WKContentWorld : NSObject {}
+
+class WKUserScript : NSObject {
+    init(source: String, injectionTime: WKUserScriptInjectionTime, forMainFrameOnly: Bool) {}
+    init(source: String, injectionTime: WKUserScriptInjectionTime, forMainFrameOnly: Bool, in contentWorld: WKContentWorld) {}
+
+    var source: String { get { return "" } }
+}
+
 // --- tests ---
+
 func source() -> Any { return "" }
 func sink(_: Any) {}
 
 func testInheritBodyTaint() {
-    sink((source() as! WKScriptMessage).body) // $ tainted=52
+    sink((source() as! WKScriptMessage).body) // $ tainted=77
 }
 
 func testJsValue() {
     let s = source()
-    
+
     let source = s as! JSValue
-    sink(source.toObject() as Any) // $ tainted=56
-    sink(source.toObjectOf(NSNumber.self) as Any) // $ tainted=56
-    sink(source.toBool()) // $ tainted=56
-    sink(source.toDouble()) // $ tainted=56
-    sink(source.toInt32()) // $ tainted=56
-    sink(source.toUInt32()) // $ tainted=56
-    sink(source.toNumber() as Any) // $ tainted=56
-    sink(source.toString() as Any) // $ tainted=56
-    sink(source.toDate() as Any) // $ tainted=56
-    sink(source.toArray() as Any) // $ tainted=56
-    sink(source.toDictionary() as Any) // $ tainted=56
-    sink(source.toPoint()) // $ tainted=56
-    sink(source.toRange()) // $ tainted=56
-    sink(source.toRect()) // $ tainted=56
-    sink(source.toSize()) // $ tainted=56
-    sink(source.atIndex(0) as Any) // $ tainted=56
-    sink(source.forProperty("") as Any) // $ tainted=56
+    sink(source.toObject() as Any) // $ tainted=81
+    sink(source.toObjectOf(NSNumber.self) as Any) // $ tainted=81
+    sink(source.toBool()) // $ tainted=81
+    sink(source.toDouble()) // $ tainted=81
+    sink(source.toInt32()) // $ tainted=81
+    sink(source.toUInt32()) // $ tainted=81
+    sink(source.toNumber() as Any) // $ tainted=81
+    sink(source.toString() as Any) // $ tainted=81
+    sink(source.toDate() as Any) // $ tainted=81
+    sink(source.toArray() as Any) // $ tainted=81
+    sink(source.toDictionary() as Any) // $ tainted=81
+    sink(source.toPoint()) // $ tainted=81
+    sink(source.toRange()) // $ tainted=81
+    sink(source.toRect()) // $ tainted=81
+    sink(source.toSize()) // $ tainted=81
+    sink(source.atIndex(0) as Any) // $ tainted=81
+    sink(source.forProperty("") as Any) // $ tainted=81
 
     let context = JSContext()
-    sink(JSValue(object: s as Any, in: context)) // $ tainted=56
-    sink(JSValue(bool: s as! Bool, in: context)) // $ tainted=56
-    sink(JSValue(double: s as! Double, in: context)) // $ tainted=56
-    sink(JSValue(int32: s as! Int32, in: context)) // $ tainted=56
-    sink(JSValue(uInt32: s as! UInt32, in: context)) // $ tainted=56
-    sink(JSValue(point: s as! CGPoint, in: context)) // $ tainted=56
-    sink(JSValue(range: s as! NSRange, in: context)) // $ tainted=56
-    sink(JSValue(rect: s as! CGRect, in: context)) // $ tainted=56
-    sink(JSValue(size: s as! CGSize, in: context)) // $ tainted=56
-    
+    sink(JSValue(object: s as Any, in: context)) // $ tainted=81
+    sink(JSValue(bool: s as! Bool, in: context)) // $ tainted=81
+    sink(JSValue(double: s as! Double, in: context)) // $ tainted=81
+    sink(JSValue(int32: s as! Int32, in: context)) // $ tainted=81
+    sink(JSValue(uInt32: s as! UInt32, in: context)) // $ tainted=81
+    sink(JSValue(point: s as! CGPoint, in: context)) // $ tainted=81
+    sink(JSValue(range: s as! NSRange, in: context)) // $ tainted=81
+    sink(JSValue(rect: s as! CGRect, in: context)) // $ tainted=81
+    sink(JSValue(size: s as! CGSize, in: context)) // $ tainted=81
+
     let v1 = JSValue(object: "", in: context)
     v1.defineProperty("", descriptor: s as Any)
-    sink(v1) // $ tainted=56
+    sink(v1) // $ tainted=81
 
     let v2 = JSValue(object: "", in: context)
     v2.setValue(s as Any, at: 0)
-    sink(v2) // $ tainted=56
+    sink(v2) // $ tainted=81
 
     let v3 = JSValue(object: "", in: context)
     v3.setValue(s as Any, forProperty: "")
-    sink(v3) // $ tainted=56
+    sink(v3) // $ tainted=81
+}
+
+func testWKUserScript() {
+    let atStart = WKUserScriptInjectionTime.atDocumentStart
+    let a = WKUserScript(source: "abc", injectionTime: atStart, forMainFrameOnly: false)
+    sink(a)
+    sink(a.source)
+
+    let b = WKUserScript(source: source() as! String, injectionTime: atStart, forMainFrameOnly: false)
+    sink(b) // $ tainted=132
+    sink(b.source) // $ tainted=132
+
+    let world = WKContentWorld()
+    let c = WKUserScript(source: source() as! String, injectionTime: atStart, forMainFrameOnly: false, in: world)
+    sink(c) // $ tainted=137
+    sink(c.source) // $ tainted=137
 }
diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql
new file mode 100644
index 00000000000..3f8faf7ac9f
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql
@@ -0,0 +1,24 @@
+import swift
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.FlowSources
+import codeql.swift.security.PathInjectionQuery
+import TestUtilities.InlineExpectationsTest
+
+class PathInjectionTest extends InlineExpectationsTest {
+  PathInjectionTest() { this = "PathInjectionTest" }
+
+  override string getARelevantTag() { result = "hasPathInjection" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(
+      PathInjectionConfiguration config, DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr
+    |
+      config.hasFlow(source, sink) and
+      sinkExpr = sink.asExpr() and
+      location = sinkExpr.getLocation() and
+      element = sinkExpr.toString() and
+      tag = "hasPathInjection" and
+      value = source.asExpr().getLocation().getStartLine().toString()
+    )
+  }
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
new file mode 100644
index 00000000000..8e97433811a
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
@@ -0,0 +1,174 @@
+// --- stubs ---
+
+struct URL {
+	init?(string: String) {}
+}
+
+class NSURL {
+    init?(string: String) {}
+}
+
+extension String {
+	init(contentsOf: URL) {
+        let data = ""
+        self.init(data)
+    }
+}
+
+class Data {
+    struct WritingOptions : OptionSet { let rawValue: Int }
+    init<S>(_ elements: S) {}
+    func write(to: URL, options: Data.WritingOptions = []) {}
+}
+
+class NSData {
+    struct WritingOptions : OptionSet { let rawValue: Int }
+    func write(to: URL, atomically: Bool) -> Bool { return false }
+    func write(to: URL, options: NSData.WritingOptions) {}
+    func write(toFile: String, atomically: Bool) -> Bool { return false }
+    func write(toFile: String, options: NSData.WritingOptions) {}
+}
+
+struct URLResourceKey {}
+
+struct FileAttributeKey : Hashable {}
+
+struct ObjCBool {}
+
+struct AutoreleasingUnsafeMutablePointer<Pointee> {}
+
+struct FilePath {
+    init(stringLiteral: String) {}
+    func lexicallyNormalized() -> FilePath { return FilePath(stringLiteral: "") }
+    func starts(with: FilePath) -> Bool { return false }
+}
+
+class FileManager {
+    class DirectoryEnumerator {}
+    struct DirectoryEnumerationOptions : OptionSet { let rawValue: Int }
+    struct ItemReplacementOptions : OptionSet { let rawValue: Int }
+    struct UnmountOptions : OptionSet { let rawValue: Int }
+    struct SearchPathDomainMask {}
+    enum SearchPathDirectory : UInt { case none }
+    enum URLRelationship : Int { case none }
+
+    func contentsOfDirectory(at: URL, includingPropertiesForKeys: [URLResourceKey]?, options: FileManager.DirectoryEnumerationOptions) -> [URL] { return []}
+    func contentsOfDirectory(atPath: String) -> [String] { return [] }
+    func enumerator(at: URL, includingPropertiesForKeys: [URLResourceKey]?, options: FileManager.DirectoryEnumerationOptions, errorHandler: ((URL, Error) -> Bool)?) -> FileManager.DirectoryEnumerator? { return nil }
+    func enumerator(atPath: String) -> FileManager.DirectoryEnumerator? { return nil }
+    func subpathsOfDirectory(atPath: String) -> [String] { return [] }
+    func subpaths(atPath: String) -> [String]? { return nil }
+    func createDirectory(at: URL, withIntermediateDirectories: Bool, attributes: [FileAttributeKey : Any]?) {}
+    func createDirectory(atPath: String, withIntermediateDirectories: Bool, attributes: [FileAttributeKey : Any]?) {}
+    func createFile(atPath: String, contents: Data?, attributes: [FileAttributeKey : Any]?) -> Bool { return false }
+    func removeItem(at: URL) {}
+    func removeItem(atPath: String) {}
+    func trashItem(at: URL, resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>?) {}
+    func replaceItemAt(_: URL, withItemAt: URL, backupItemName: String?, options: FileManager.ItemReplacementOptions) -> URL? { return nil}
+    func replaceItem(at: URL, withItemAt: URL, backupItemName: String?, options: FileManager.ItemReplacementOptions, resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>?) {}
+    func copyItem(at: URL, to: URL) {}
+    func copyItem(atPath: String, toPath: String) {}
+    func moveItem(at: URL, to: URL) {}
+    func moveItem(atPath: String, toPath: String) {}
+    func createSymbolicLink(at: URL, withDestinationURL: URL) {}
+    func createSymbolicLink(atPath: String, withDestinationPath: String) {}
+    func linkItem(at: URL, to: URL) {}
+    func linkItem(atPath: String, toPath: String) {}
+    func destinationOfSymbolicLink(atPath: String) -> String { return "" }
+    func fileExists(atPath: String) -> Bool { return false }
+    func fileExists(atPath: String, isDirectory: UnsafeMutablePointer<ObjCBool>?) -> Bool { return false }
+    func setAttributes(_: [FileAttributeKey : Any], ofItemAtPath: String) {}
+    func contents(atPath: String) -> Data? { return nil }
+    func contentsEqual(atPath: String, andPath: String) -> Bool { return false }
+    func changeCurrentDirectoryPath(_: String) -> Bool { return false }
+    func unmountVolume(at: URL, options: FileManager.UnmountOptions, completionHandler: (Error?) -> Void) {}
+    // Deprecated methods
+    func changeFileAttributes(_: [AnyHashable : Any], atPath: String) -> Bool { return false }
+    func directoryContents(atPath: String) -> [Any]? { return nil }
+    func createDirectory(atPath: String, attributes: [AnyHashable : Any]) -> Bool { return false }
+    func createSymbolicLink(atPath: String, pathContent: String) -> Bool { return false }
+    func pathContentOfSymbolicLink(atPath: String) -> String? { return nil }
+    func replaceItemAtURL(originalItemURL: NSURL, withItemAtURL: NSURL, backupItemName: String?, options: FileManager.ItemReplacementOptions) -> NSURL? { return nil }
+}
+
+// --- tests ---
+
+func test() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+    let remoteNsUrl = NSURL(string: remoteString)!
+    let safeUrl =  URL(string: "")!
+    let safeNsUrl = NSURL(string: "")!
+
+    Data("").write(to: remoteUrl, options: []) // $ hasPathInjection=97
+
+    let nsData = NSData()
+    let _ = nsData.write(to: remoteUrl, atomically: false) // $ hasPathInjection=97
+    nsData.write(to: remoteUrl, options: []) // $ hasPathInjection=97
+    let _ = nsData.write(toFile: remoteString, atomically: false) // $ hasPathInjection=97
+    nsData.write(toFile: remoteString, options: []) // $ hasPathInjection=97
+
+    let fm = FileManager()
+    let _ = fm.contentsOfDirectory(at: remoteUrl, includingPropertiesForKeys: [], options: []) // $ hasPathInjection=97
+    let _ = fm.contentsOfDirectory(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.enumerator(at: remoteUrl, includingPropertiesForKeys: [], options: [], errorHandler: nil) // $ hasPathInjection=97
+    let _ = fm.enumerator(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.subpathsOfDirectory(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.subpaths(atPath: remoteString) // $ hasPathInjection=97
+    fm.createDirectory(at: remoteUrl, withIntermediateDirectories: false, attributes: [:]) // $ hasPathInjection=97
+    let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=97
+    let _ = fm.createFile(atPath: remoteString, contents: nil, attributes: [:]) // $ hasPathInjection=97
+    fm.removeItem(at: remoteUrl) // $ hasPathInjection=97
+    fm.removeItem(atPath: remoteString) // $ hasPathInjection=97
+    fm.trashItem(at: remoteUrl, resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=97
+    let _ = fm.replaceItemAt(remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: []) // $ hasPathInjection=97
+    let _ = fm.replaceItemAt(safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: []) // $ hasPathInjection=97
+    fm.replaceItem(at: remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=97
+    fm.replaceItem(at: safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=97
+    fm.copyItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=97
+    fm.copyItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=97
+    fm.copyItem(atPath: remoteString, toPath: "") // $ hasPathInjection=97
+    fm.copyItem(atPath: "", toPath: remoteString) // $ hasPathInjection=97
+    fm.moveItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=97
+    fm.moveItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=97
+    fm.moveItem(atPath: remoteString, toPath: "") // $ hasPathInjection=97
+    fm.moveItem(atPath: "", toPath: remoteString) // $ hasPathInjection=97
+    fm.createSymbolicLink(at: remoteUrl, withDestinationURL: safeUrl) // $ hasPathInjection=97
+    fm.createSymbolicLink(at: safeUrl, withDestinationURL: remoteUrl) // $ hasPathInjection=97
+    fm.createSymbolicLink(atPath: remoteString, withDestinationPath: "") // $ hasPathInjection=97
+    fm.createSymbolicLink(atPath: "", withDestinationPath: remoteString) // $ hasPathInjection=97
+    fm.linkItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=97
+    fm.linkItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=97
+    fm.linkItem(atPath: remoteString, toPath: "") // $ hasPathInjection=97
+    fm.linkItem(atPath: "", toPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.destinationOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.fileExists(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.fileExists(atPath: remoteString, isDirectory: UnsafeMutablePointer<ObjCBool>.init(bitPattern: 0)) // $ hasPathInjection=97
+    fm.setAttributes([:], ofItemAtPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.contentsEqual(atPath: remoteString, andPath: "") // $ hasPathInjection=97
+    let _ = fm.contentsEqual(atPath: "", andPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.changeCurrentDirectoryPath(remoteString) // $ hasPathInjection=97
+    let _ = fm.unmountVolume(at: remoteUrl, options: [], completionHandler: { _ in }) // $ hasPathInjection=97
+    // Deprecated methods
+    let _ = fm.changeFileAttributes([:], atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.directoryContents(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=97
+    let _ = fm.createSymbolicLink(atPath: remoteString, pathContent: "") // $ hasPathInjection=97
+    let _ = fm.createSymbolicLink(atPath: "", pathContent: remoteString) // $ hasPathInjection=97
+    let _ = fm.pathContentOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=97
+    let _ = fm.replaceItemAtURL(originalItemURL: remoteNsUrl, withItemAtURL: safeNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=97
+    let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=97
+}
+
+func testSanitizers() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+
+    let fm = FileManager()
+
+    let filePath = FilePath(stringLiteral: remoteString)
+    if (filePath.lexicallyNormalized().starts(with: FilePath(stringLiteral: "/safe"))) {
+        fm.contents(atPath: remoteString) // Safe
+    }
+    fm.contents(atPath: remoteString) // $ hasPathInjection=165
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected b/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
index 66ef1d4cb4e..8f7d3cd0a9f 100644
--- a/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
+++ b/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
@@ -1,6 +1,7 @@
 edges
 | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  |
 | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  |
 | UnsafeWebViewFetch.swift:94:10:94:37 | try ... :  | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() :  |
 | UnsafeWebViewFetch.swift:94:10:94:37 | try ... :  | UnsafeWebViewFetch.swift:120:25:120:39 | call to getRemoteData() |
 | UnsafeWebViewFetch.swift:94:10:94:37 | try ... :  | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  |
@@ -18,6 +19,7 @@ edges
 | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:137:25:137:25 | remoteString |
 | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString |
 | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString |
+| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 :  |
 | UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL :  |
 | UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:138:47:138:56 | ...! |
 | UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:139:48:139:57 | ...! |
@@ -29,6 +31,10 @@ edges
 | UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) :  | UnsafeWebViewFetch.swift:141:48:141:58 | ...! |
 | UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL :  | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  |
 | UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL :  | UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) :  | UnsafeWebViewFetch.swift:152:15:152:15 | remoteData |
+| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) :  | UnsafeWebViewFetch.swift:154:15:154:15 | remoteData |
+| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 :  | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  |
+| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 :  | UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) :  |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:174:25:174:25 | "..." |
@@ -37,6 +43,7 @@ edges
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:184:25:184:25 | remoteString |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString |
+| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 :  |
 | UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL :  |
 | UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:185:47:185:56 | ...! |
 | UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) :  | UnsafeWebViewFetch.swift:186:48:186:57 | ...! |
@@ -48,11 +55,16 @@ edges
 | UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) :  | UnsafeWebViewFetch.swift:188:48:188:58 | ...! |
 | UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL :  | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  |
 | UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL :  | UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) :  | UnsafeWebViewFetch.swift:199:15:199:15 | remoteData |
+| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) :  | UnsafeWebViewFetch.swift:201:15:201:15 | remoteData |
+| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 :  | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  |
+| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 :  | UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) :  |
 | UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData |
 | UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() :  | UnsafeWebViewFetch.swift:211:25:211:25 | htmlData |
 nodes
 | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) :  | semmle.label | [summary param] 0 in init(string:) :  |
 | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  | semmle.label | [summary param] 1 in init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  | semmle.label | [summary param] 0 in init(_:) :  |
 | UnsafeWebViewFetch.swift:94:10:94:37 | try ... :  | semmle.label | try ... :  |
 | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | semmle.label | call to init(contentsOf:) :  |
 | UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | semmle.label | try! ... |
@@ -78,7 +90,11 @@ nodes
 | UnsafeWebViewFetch.swift:140:47:140:57 | ...! | semmle.label | ...! |
 | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | semmle.label | remoteString |
 | UnsafeWebViewFetch.swift:141:48:141:58 | ...! | semmle.label | ...! |
+| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 :  | semmle.label | .utf8 :  |
+| UnsafeWebViewFetch.swift:152:15:152:15 | remoteData | semmle.label | remoteData |
 | UnsafeWebViewFetch.swift:153:85:153:94 | ...! | semmle.label | ...! |
+| UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | semmle.label | remoteData |
 | UnsafeWebViewFetch.swift:154:86:154:95 | ...! | semmle.label | ...! |
 | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() :  | semmle.label | call to getRemoteData() :  |
 | UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | semmle.label | call to getRemoteData() |
@@ -97,18 +113,25 @@ nodes
 | UnsafeWebViewFetch.swift:187:47:187:57 | ...! | semmle.label | ...! |
 | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | semmle.label | remoteString |
 | UnsafeWebViewFetch.swift:188:48:188:58 | ...! | semmle.label | ...! |
+| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 :  | semmle.label | .utf8 :  |
+| UnsafeWebViewFetch.swift:199:15:199:15 | remoteData | semmle.label | remoteData |
 | UnsafeWebViewFetch.swift:200:90:200:99 | ...! | semmle.label | ...! |
+| UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | semmle.label | remoteData |
 | UnsafeWebViewFetch.swift:201:91:201:100 | ...! | semmle.label | ...! |
 | UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() :  | semmle.label | call to getRemoteData() :  |
 | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | semmle.label | htmlData |
 | UnsafeWebViewFetch.swift:211:25:211:25 | htmlData | semmle.label | htmlData |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | semmle.label | [summary] to write: return (return) in init(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | semmle.label | [summary] to write: return (return) in init(string:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
 subpaths
 | UnsafeWebViewFetch.swift:131:30:131:30 | remoteString :  | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) :  |
 | UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL :  | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 :  | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) :  |
 | UnsafeWebViewFetch.swift:178:30:178:30 | remoteString :  | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) :  |
 | UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL :  | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) :  |
+| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 :  | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) :  |
 #select
 | UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | UnsafeWebViewFetch.swift:103:30:103:84 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:106:25:106:25 | data | UnsafeWebViewFetch.swift:105:18:105:72 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:106:25:106:25 | data | Tainted data is used in a WebView fetch without restricting the base URL. |
@@ -119,10 +142,12 @@ subpaths
 | UnsafeWebViewFetch.swift:127:25:127:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:127:25:127:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
 | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
+| UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | Tainted data is used in a WebView fetch with a tainted base URL. |
 | UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:174:25:174:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:174:25:174:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
 | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
 | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
+| UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | Tainted data is used in a WebView fetch with a tainted base URL. |
 | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) :  | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | Tainted data is used in a WebView fetch without restricting the base URL. |
diff --git a/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.swift b/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.swift
index 2555e23758d..1b687ade014 100644
--- a/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.swift
+++ b/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.swift
@@ -151,7 +151,7 @@ func testUIWebView() {
 	webview.load(localData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: the data is local
 	webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: a safe baseURL is specified
 	webview.load(localData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // GOOD: the HTML data is local
-	webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // BAD [NOT DETECTED]
+	webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // BAD
 }
 
 func testWKWebView() {
@@ -198,7 +198,7 @@ func testWKWebView() {
 	webview.load(localData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: the data is local
 	webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: a safe baseURL is specified
 	webview.load(localData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // GOOD: the HTML data is local
-	webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // BAD [NOT DETECTED]
+	webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // BAD
 }
 
 func testQHelpExamples() {
diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected
new file mode 100644
index 00000000000..0030af81b05
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected
@@ -0,0 +1,122 @@
+edges
+| UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  |
+| UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| UnsafeJsEval.swift:124:21:124:42 | string :  | UnsafeJsEval.swift:124:70:124:70 | string :  |
+| UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  |
+| UnsafeJsEval.swift:165:10:165:37 | try ... :  | UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() :  |
+| UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:165:10:165:37 | try ... :  |
+| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() :  | UnsafeJsEval.swift:205:7:205:7 | remoteString :  |
+| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() :  | UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  |
+| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() :  | UnsafeJsEval.swift:211:24:211:37 | .utf8 :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:265:13:265:13 | string :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:268:13:268:13 | string :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:276:13:276:13 | string :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:279:13:279:13 | string :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
+| UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:204:7:204:66 | try! ... :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:265:13:265:13 | string :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:268:13:268:13 | string :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:276:13:276:13 | string :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:279:13:279:13 | string :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:265:13:265:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:268:13:268:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:276:13:276:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:279:13:279:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
+| UnsafeJsEval.swift:211:19:211:41 | call to init(_:) :  | UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  |
+| UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in init(_:) :  |
+| UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:211:19:211:41 | call to init(_:) :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:265:13:265:13 | string :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:268:13:268:13 | string :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:276:13:276:13 | string :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:279:13:279:13 | string :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
+| UnsafeJsEval.swift:265:13:265:13 | string :  | UnsafeJsEval.swift:266:43:266:43 | string :  |
+| UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  |
+| UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) |
+| UnsafeJsEval.swift:268:13:268:13 | string :  | UnsafeJsEval.swift:269:43:269:43 | string :  |
+| UnsafeJsEval.swift:269:43:269:43 | string :  | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| UnsafeJsEval.swift:269:43:269:43 | string :  | UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) |
+| UnsafeJsEval.swift:276:13:276:13 | string :  | UnsafeJsEval.swift:277:26:277:26 | string |
+| UnsafeJsEval.swift:279:13:279:13 | string :  | UnsafeJsEval.swift:280:26:280:26 | string |
+| UnsafeJsEval.swift:285:13:285:13 | string :  | UnsafeJsEval.swift:286:3:286:10 | .utf16 :  |
+| UnsafeJsEval.swift:286:3:286:10 | .utf16 :  | UnsafeJsEval.swift:286:51:286:51 | stringBytes :  |
+| UnsafeJsEval.swift:286:51:286:51 | stringBytes :  | UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  |
+| UnsafeJsEval.swift:286:51:286:51 | stringBytes :  | UnsafeJsEval.swift:291:17:291:17 | jsstr |
+| UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) :  | UnsafeJsEval.swift:291:17:291:17 | jsstr |
+| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | UnsafeJsEval.swift:124:21:124:42 | string :  |
+| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) :  |
+| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | UnsafeJsEval.swift:291:17:291:17 | jsstr |
+| UnsafeJsEval.swift:299:13:299:13 | string :  | UnsafeJsEval.swift:300:3:300:10 | .utf8CString :  |
+| UnsafeJsEval.swift:300:3:300:10 | .utf8CString :  | UnsafeJsEval.swift:300:48:300:48 | stringBytes :  |
+| UnsafeJsEval.swift:300:48:300:48 | stringBytes :  | UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  |
+| UnsafeJsEval.swift:300:48:300:48 | stringBytes :  | UnsafeJsEval.swift:305:17:305:17 | jsstr |
+| UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) :  | UnsafeJsEval.swift:305:17:305:17 | jsstr |
+| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:124:21:124:42 | string :  |
+| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) :  |
+| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:305:17:305:17 | jsstr |
+nodes
+| UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  |
+| UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  |
+| UnsafeJsEval.swift:124:21:124:42 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:124:70:124:70 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in init(_:) :  | semmle.label | [summary param] 0 in init(_:) :  |
+| UnsafeJsEval.swift:165:10:165:37 | try ... :  | semmle.label | try ... :  |
+| UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | semmle.label | call to init(contentsOf:) :  |
+| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() :  | semmle.label | call to getRemoteData() :  |
+| UnsafeJsEval.swift:204:7:204:66 | try! ... :  | semmle.label | try! ... :  |
+| UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | semmle.label | call to init(contentsOf:) :  |
+| UnsafeJsEval.swift:205:7:205:7 | remoteString :  | semmle.label | remoteString :  |
+| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | semmle.label | ... .+(_:_:) ... :  |
+| UnsafeJsEval.swift:211:19:211:41 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | semmle.label | .utf8 :  |
+| UnsafeJsEval.swift:214:7:214:49 | call to init(decoding:as:) :  | semmle.label | call to init(decoding:as:) :  |
+| UnsafeJsEval.swift:265:13:265:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) | semmle.label | call to init(source:injectionTime:forMainFrameOnly:) |
+| UnsafeJsEval.swift:266:43:266:43 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:268:13:268:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) | semmle.label | call to init(source:injectionTime:forMainFrameOnly:in:) |
+| UnsafeJsEval.swift:269:43:269:43 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:276:13:276:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:277:26:277:26 | string | semmle.label | string |
+| UnsafeJsEval.swift:279:13:279:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:280:26:280:26 | string | semmle.label | string |
+| UnsafeJsEval.swift:285:13:285:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:286:3:286:10 | .utf16 :  | semmle.label | .utf16 :  |
+| UnsafeJsEval.swift:286:51:286:51 | stringBytes :  | semmle.label | stringBytes :  |
+| UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) :  | semmle.label | call to JSStringRetain(_:) :  |
+| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | semmle.label | call to JSStringCreateWithCharacters(_:_:) :  |
+| UnsafeJsEval.swift:291:17:291:17 | jsstr | semmle.label | jsstr |
+| UnsafeJsEval.swift:299:13:299:13 | string :  | semmle.label | string :  |
+| UnsafeJsEval.swift:300:3:300:10 | .utf8CString :  | semmle.label | .utf8CString :  |
+| UnsafeJsEval.swift:300:48:300:48 | stringBytes :  | semmle.label | stringBytes :  |
+| UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) :  | semmle.label | call to JSStringRetain(_:) :  |
+| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | semmle.label | call to JSStringCreateWithUTF8CString(_:) :  |
+| UnsafeJsEval.swift:305:17:305:17 | jsstr | semmle.label | jsstr |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | semmle.label | [summary] to write: return (return) in init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  |
+subpaths
+| UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | UnsafeJsEval.swift:211:19:211:41 | call to init(_:) :  |
+| UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:) :  | UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) |
+| UnsafeJsEval.swift:269:43:269:43 | string :  | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in init(source:injectionTime:forMainFrameOnly:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(source:injectionTime:forMainFrameOnly:in:) :  | UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) |
+| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | UnsafeJsEval.swift:124:21:124:42 | string :  | UnsafeJsEval.swift:124:70:124:70 | string :  | UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) :  |
+| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:124:21:124:42 | string :  | UnsafeJsEval.swift:124:70:124:70 | string :  | UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) :  |
+#select
+| UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:266:22:266:107 | call to init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:269:22:269:124 | call to init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:165:14:165:37 | call to init(contentsOf:) :  | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
+| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to init(contentsOf:) :  | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.qlref b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.qlref
new file mode 100644
index 00000000000..b8c11cee30d
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.qlref
@@ -0,0 +1 @@
+queries/Security/CWE-094/UnsafeJsEval.ql
diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift
new file mode 100644
index 00000000000..69ccaba2f81
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift
@@ -0,0 +1,336 @@
+
+// --- stubs ---
+
+class NSObject {}
+
+@MainActor class UIResponder : NSObject {}
+@MainActor class UIView : UIResponder {}
+
+@MainActor class NSResponder : NSObject {}
+class NSView : NSResponder {}
+
+class WKFrameInfo : NSObject {}
+class WKContentWorld : NSObject {
+	class var defaultClient: WKContentWorld { WKContentWorld() }
+	class var page: WKContentWorld { WKContentWorld() }
+}
+
+class WKWebView : UIView {
+
+	func evaluateJavaScript(
+		_ javaScriptString: String
+	) async throws -> Any { "" }
+
+	func evaluateJavaScript(
+		_ javaScriptString: String,
+		completionHandler: ((Any?, Error?) -> Void)? = nil
+	) {
+		completionHandler?(nil, nil)
+	}
+
+	@MainActor func evaluateJavaScript(
+		_ javaScript: String,
+		in frame: WKFrameInfo? = nil,
+		in contentWorld: WKContentWorld,
+		completionHandler: ((Result<Any, Error>) -> Void)? = nil
+	) {
+		completionHandler?(.success(""))
+	}
+
+	@MainActor func evaluateJavaScript(
+		_ javaScript: String,
+		in frame: WKFrameInfo? = nil,
+		contentWorld: WKContentWorld
+	) async throws -> Any? { nil }
+
+	@MainActor func callAsyncJavaScript(
+		_ functionBody: String,
+		arguments: [String : Any] = [:],
+		in frame: WKFrameInfo? = nil,
+		in contentWorld: WKContentWorld,
+		completionHandler: ((Result<Any, Error>) -> Void)? = nil
+	) {
+		completionHandler?(.success(""))
+	}
+
+	@MainActor func callAsyncJavaScript(
+		_ functionBody: String,
+		arguments: [String : Any] = [:],
+		in frame: WKFrameInfo? = nil,
+		contentWorld: WKContentWorld
+	) async throws -> Any? { nil }
+}
+
+enum WKUserScriptInjectionTime : Int, @unchecked Sendable {
+	case atDocumentStart, atDocumentEnd
+}
+
+class WKUserScript : NSObject {
+	init(
+		source: String,
+		injectionTime: WKUserScriptInjectionTime,
+		forMainFrameOnly: Bool
+	) {}
+
+	init(
+		source: String,
+		injectionTime: WKUserScriptInjectionTime,
+		forMainFrameOnly: Bool,
+		in contentWorld: WKContentWorld
+	) {}
+}
+
+class WKUserContentController : NSObject {
+	func addUserScript(_ userScript: WKUserScript) {}
+}
+
+class UIWebView : UIView {
+	// deprecated
+	func stringByEvaluatingJavaScript(from script: String) -> String? { nil }
+}
+
+class WebView : NSView {
+	// deprecated
+	func stringByEvaluatingJavaScript(from script: String!) -> String! { "" }
+}
+
+class JSValue : NSObject {}
+
+class JSContext {
+	func evaluateScript(_ script: String!) -> JSValue! { return JSValue() }
+	func evaluateScript(
+		_ script: String!,
+		withSourceURL sourceURL: URL!
+	) -> JSValue! { return JSValue() }
+}
+
+typealias JSContextRef = OpaquePointer
+typealias JSStringRef = OpaquePointer
+typealias JSObjectRef = OpaquePointer
+typealias JSValueRef = OpaquePointer
+typealias JSChar = UInt16
+
+func JSStringCreateWithCharacters(
+    _ chars: UnsafePointer<JSChar>!,
+    _ numChars: Int
+) -> JSStringRef! {
+	return chars.withMemoryRebound(to: CChar.self, capacity: numChars) {
+		cchars in OpaquePointer(cchars)
+	}
+}
+func JSStringCreateWithUTF8CString(_ string: UnsafePointer<CChar>!) -> JSStringRef! {
+	return OpaquePointer(string)
+}
+func JSStringRetain(_ string: JSStringRef!) -> JSStringRef! { return string }
+func JSStringRelease(_ string: JSStringRef!) { }
+
+func JSEvaluateScript(
+    _ ctx: JSContextRef!,
+    _ script: JSStringRef!,
+    _ thisObject: JSObjectRef!,
+    _ sourceURL: JSStringRef!,
+    _ startingLineNumber: Int32,
+    _ exception: UnsafeMutablePointer<JSValueRef?>!
+) -> JSValueRef! { return OpaquePointer(bitPattern: 0) }
+
+@frozen
+public struct Data: Collection {
+	public typealias Index = Int
+	public typealias Element = UInt8
+	public subscript(x: Index) -> Element { 0 }
+	public var startIndex: Index { 0 }
+	public var endIndex: Index { 0 }
+	public func index(after i: Index) -> Index { i + 1 }
+    init<S>(_ elements: S) {}
+}
+
+struct URL {
+	init?(string: String) {}
+	init?(string: String, relativeTo: URL?) {}
+}
+
+extension String {
+	init(contentsOf: URL) throws {
+        let data = ""
+        // ...
+        self.init(data)
+    }
+}
+
+// --- tests ---
+
+func getRemoteData() -> String {
+	let url = URL(string: "http://example.com/")
+	do {
+		return try String(contentsOf: url!)
+	} catch {
+		return ""
+	}
+}
+
+func testAsync(_ sink: @escaping (String) async throws -> ()) {
+	Task {
+		let localString = "console.log('localString')"
+		let localStringFragment = "'localStringFragment'"
+		let remoteString = getRemoteData()
+
+		try! await sink(localString) // GOOD: the HTML data is local
+		try! await sink(try String(contentsOf: URL(string: "http://example.com/")!)) // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]: HTML contains remote input, may access local secrets
+		try! await sink(remoteString) // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
+
+		try! await sink("console.log(" + localStringFragment + ")") // GOOD: the HTML data is local
+		try! await sink("console.log(" + remoteString + ")") // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
+
+		let localData = Data(localString.utf8)
+		let remoteData = Data(remoteString.utf8)
+
+		try! await sink(String(decoding: localData, as: UTF8.self)) // GOOD: the data is local
+		try! await sink(String(decoding: remoteData, as: UTF8.self)) // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]: the data is remote
+
+		try! await sink("console.log(" + String(Int(localStringFragment) ?? 0) + ")") // GOOD: Primitive conversion
+		try! await sink("console.log(" + String(Int(remoteString) ?? 0) + ")") // GOOD: Primitive conversion
+
+		try! await sink("console.log(" + (localStringFragment.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion
+		try! await sink("console.log(" + (remoteString.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion
+	}
+}
+
+func testSync(_ sink: @escaping (String) -> ()) {
+	let localString = "console.log('localString')"
+	let localStringFragment = "'localStringFragment'"
+	let remoteString = getRemoteData()
+
+	sink(localString) // GOOD: the HTML data is local
+	sink(try! String(contentsOf: URL(string: "http://example.com/")!)) // BAD: HTML contains remote input, may access local secrets
+	sink(remoteString) // BAD
+
+	sink("console.log(" + localStringFragment + ")") // GOOD: the HTML data is local
+	sink("console.log(" + remoteString + ")") // BAD
+
+	let localData = Data(localString.utf8)
+	let remoteData = Data(remoteString.utf8)
+
+	sink(String(decoding: localData, as: UTF8.self)) // GOOD: the data is local
+	sink(String(decoding: remoteData, as: UTF8.self)) // BAD: the data is remote
+
+	sink("console.log(" + String(Int(localStringFragment) ?? 0) + ")") // GOOD: Primitive conversion
+	sink("console.log(" + String(Int(remoteString) ?? 0) + ")") // GOOD: Primitive conversion
+
+	sink("console.log(" + (localStringFragment.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion
+	sink("console.log(" + (remoteString.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion
+}
+
+func testUIWebView() {
+	let webview = UIWebView()
+
+	testAsync { string in
+		_ = await webview.stringByEvaluatingJavaScript(from: string)
+	}
+}
+
+func testWebView() {
+	let webview = WebView()
+
+	testAsync { string in
+		_ = await webview.stringByEvaluatingJavaScript(from: string)
+	}
+}
+
+func testWKWebView() {
+	let webview = WKWebView()
+
+	testAsync { string in
+		_ = try await webview.evaluateJavaScript(string)
+	}
+	testAsync { string in
+		await webview.evaluateJavaScript(string) { _, _ in }
+	}
+	testAsync { string in
+		await webview.evaluateJavaScript(string, in: nil, in: WKContentWorld.defaultClient) { _ in }
+	}
+	testAsync { string in
+		_ = try await webview.evaluateJavaScript(string, contentWorld: .defaultClient)
+	}
+	testAsync { string in
+		await webview.callAsyncJavaScript(string, in: nil, in: .defaultClient) { _ in () }
+	}
+	testAsync { string in
+		_ = try await webview.callAsyncJavaScript(string, contentWorld: WKContentWorld.defaultClient)
+	}
+}
+
+func testWKUserContentController() {
+	let ctrl = WKUserContentController()
+
+	testSync { string in
+		ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentStart, forMainFrameOnly: false))
+	}
+	testSync { string in
+		ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentEnd, forMainFrameOnly: true, in: .defaultClient))
+	}
+}
+
+func testJSContext() {
+	let ctx = JSContext()
+
+	testSync { string in
+		_ = ctx.evaluateScript(string)
+	}
+	testSync { string in
+		_ = ctx.evaluateScript(string, withSourceURL: URL(string: "https://example.com"))
+	}
+}
+
+func testJSEvaluateScript() {
+	testSync { string in
+		string.utf16.withContiguousStorageIfAvailable { stringBytes in
+			let jsstr = JSStringRetain(JSStringCreateWithCharacters(stringBytes.baseAddress, string.count))
+			defer { JSStringRelease(jsstr) }
+			_ = JSEvaluateScript(
+				/*ctx:*/ OpaquePointer(bitPattern: 0),
+				/*script:*/ jsstr,
+				/*thisObject:*/ OpaquePointer(bitPattern: 0),
+				/*sourceURL:*/ OpaquePointer(bitPattern: 0),
+				/*startingLineNumber:*/ 0,
+				/*exception:*/ UnsafeMutablePointer(bitPattern: 0)
+			)
+		}
+	}
+	testSync { string in
+		string.utf8CString.withUnsafeBufferPointer { stringBytes in
+			let jsstr = JSStringRetain(JSStringCreateWithUTF8CString(stringBytes.baseAddress))
+			defer { JSStringRelease(jsstr) }
+			_ = JSEvaluateScript(
+				/*ctx:*/ OpaquePointer(bitPattern: 0),
+				/*script:*/ jsstr,
+				/*thisObject:*/ OpaquePointer(bitPattern: 0),
+				/*sourceURL:*/ OpaquePointer(bitPattern: 0),
+				/*startingLineNumber:*/ 0,
+				/*exception:*/ UnsafeMutablePointer(bitPattern: 0)
+			)
+		}
+	}
+}
+
+func testQHelpExamples() {
+	Task {
+		let webview = WKWebView()
+		let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.json")!)
+
+		_ = try await webview.evaluateJavaScript("console.log(" + remoteData + ")") // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
+
+		_ = try await webview.callAsyncJavaScript(
+			"console.log(data)",
+			arguments: ["data": remoteData], // GOOD
+			contentWorld: .page
+		)
+	}
+}
+
+testUIWebView()
+testWebView()
+testWKWebView()
+testWKUserContentController()
+testJSContext()
+testJSEvaluateScript()
+testQHelpExamples()
diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected
index de02d0db461..3245aa68d4e 100644
--- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected
+++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected
@@ -1,4 +1,11 @@
 edges
+| testAlamofire.swift:150:45:150:45 | password :  | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... |
+| testAlamofire.swift:152:51:152:51 | password :  | testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... |
+| testAlamofire.swift:154:38:154:38 | email :  | testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... |
+| testSend.swift:5:5:5:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  |
+| testSend.swift:33:14:33:32 | call to init(_:) :  | testSend.swift:37:19:37:19 | data2 |
+| testSend.swift:33:19:33:19 | passwordPlain :  | testSend.swift:5:5:5:29 | [summary param] 0 in init(_:) :  |
+| testSend.swift:33:19:33:19 | passwordPlain :  | testSend.swift:33:14:33:32 | call to init(_:) :  |
 | testSend.swift:41:10:41:18 | data :  | testSend.swift:41:45:41:45 | data :  |
 | testSend.swift:45:13:45:13 | password :  | testSend.swift:52:27:52:27 | str1 |
 | testSend.swift:46:13:46:13 | password :  | testSend.swift:53:27:53:27 | str2 |
@@ -8,7 +15,18 @@ edges
 | testURL.swift:13:54:13:54 | passwd :  | testURL.swift:13:22:13:54 | ... .+(_:_:) ... |
 | testURL.swift:16:55:16:55 | credit_card_no :  | testURL.swift:16:22:16:55 | ... .+(_:_:) ... |
 nodes
+| file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | semmle.label | [summary] to write: return (return) in init(_:) :  |
+| testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| testAlamofire.swift:150:45:150:45 | password :  | semmle.label | password :  |
+| testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| testAlamofire.swift:152:51:152:51 | password :  | semmle.label | password :  |
+| testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| testAlamofire.swift:154:38:154:38 | email :  | semmle.label | email :  |
+| testSend.swift:5:5:5:29 | [summary param] 0 in init(_:) :  | semmle.label | [summary param] 0 in init(_:) :  |
 | testSend.swift:29:19:29:19 | passwordPlain | semmle.label | passwordPlain |
+| testSend.swift:33:14:33:32 | call to init(_:) :  | semmle.label | call to init(_:) :  |
+| testSend.swift:33:19:33:19 | passwordPlain :  | semmle.label | passwordPlain :  |
+| testSend.swift:37:19:37:19 | data2 | semmle.label | data2 |
 | testSend.swift:41:10:41:18 | data :  | semmle.label | data :  |
 | testSend.swift:41:45:41:45 | data :  | semmle.label | data :  |
 | testSend.swift:45:13:45:13 | password :  | semmle.label | password :  |
@@ -24,9 +42,14 @@ nodes
 | testURL.swift:16:55:16:55 | credit_card_no :  | semmle.label | credit_card_no :  |
 | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd |
 subpaths
+| testSend.swift:33:19:33:19 | passwordPlain :  | testSend.swift:5:5:5:29 | [summary param] 0 in init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) :  | testSend.swift:33:14:33:32 | call to init(_:) :  |
 | testSend.swift:47:17:47:17 | password :  | testSend.swift:41:10:41:18 | data :  | testSend.swift:41:45:41:45 | data :  | testSend.swift:47:13:47:25 | call to pad(_:) :  |
 #select
+| testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | testAlamofire.swift:150:45:150:45 | password :  | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:150:45:150:45 | password :  | password |
+| testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | testAlamofire.swift:152:51:152:51 | password :  | testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:152:51:152:51 | password :  | password |
+| testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | testAlamofire.swift:154:38:154:38 | email :  | testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:154:38:154:38 | email :  | email |
 | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | This operation transmits 'passwordPlain', which may contain unencrypted sensitive data from $@. | testSend.swift:29:19:29:19 | passwordPlain | passwordPlain |
+| testSend.swift:37:19:37:19 | data2 | testSend.swift:33:19:33:19 | passwordPlain :  | testSend.swift:37:19:37:19 | data2 | This operation transmits 'data2', which may contain unencrypted sensitive data from $@. | testSend.swift:33:19:33:19 | passwordPlain :  | passwordPlain |
 | testSend.swift:52:27:52:27 | str1 | testSend.swift:45:13:45:13 | password :  | testSend.swift:52:27:52:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:45:13:45:13 | password :  | password |
 | testSend.swift:53:27:53:27 | str2 | testSend.swift:46:13:46:13 | password :  | testSend.swift:53:27:53:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:46:13:46:13 | password :  | password |
 | testSend.swift:54:27:54:27 | str3 | testSend.swift:47:17:47:17 | password :  | testSend.swift:54:27:54:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:47:17:47:17 | password :  | password |
diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
index 9e359b62e27..3c61ec86e95 100644
--- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
+++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
@@ -1,3 +1,13 @@
+| testAlamofire.swift:150:45:150:45 | password | label:password, type:credential |
+| testAlamofire.swift:152:51:152:51 | password | label:password, type:credential |
+| testAlamofire.swift:154:38:154:38 | email | label:email, type:private information |
+| testAlamofire.swift:159:26:159:26 | email | label:email, type:private information |
+| testAlamofire.swift:171:35:171:35 | email | label:email, type:private information |
+| testAlamofire.swift:177:35:177:35 | email | label:email, type:private information |
+| testAlamofire.swift:187:65:187:65 | password | label:password, type:credential |
+| testAlamofire.swift:195:64:195:64 | password | label:password, type:credential |
+| testAlamofire.swift:205:62:205:62 | password | label:password, type:credential |
+| testAlamofire.swift:213:65:213:65 | password | label:password, type:credential |
 | testCoreData.swift:48:15:48:15 | password | label:password, type:credential |
 | testCoreData.swift:51:24:51:24 | password | label:password, type:credential |
 | testCoreData.swift:58:15:58:15 | password | label:password, type:credential |
diff --git a/swift/ql/test/query-tests/Security/CWE-311/testAlamofire.swift b/swift/ql/test/query-tests/Security/CWE-311/testAlamofire.swift
new file mode 100644
index 00000000000..3a50c2cf249
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-311/testAlamofire.swift
@@ -0,0 +1,218 @@
+
+// --- Foundation stubs ---
+
+class NSObject {
+}
+
+struct URL {
+}
+
+struct URLRequest {
+}
+
+class URLResponse: NSObject {
+}
+
+class HTTPURLResponse : URLResponse {
+}
+
+// --- Alamofire stubs ---
+
+protocol URLConvertible {
+}
+
+extension String: URLConvertible {
+}
+
+struct HTTPMethod {
+	static let get = HTTPMethod(rawValue: "GET")
+	static let post = HTTPMethod(rawValue: "POST")
+
+	init(rawValue: String) {}
+}
+
+struct HTTPHeaders {
+	init(_ dictionary: [String: String]) {}
+
+	mutating func add(name: String, value: String) {}
+	mutating func update(name: String, value: String) {}
+}
+
+extension HTTPHeaders: ExpressibleByDictionaryLiteral {
+	public init(dictionaryLiteral elements: (String, String)...) {}
+}
+
+typealias Parameters = [String: Any]
+
+protocol ParameterEncoding {
+}
+
+struct URLEncoding: ParameterEncoding {
+	static var `default`: URLEncoding { URLEncoding() }
+}
+
+protocol ParameterEncoder {
+}
+
+class URLEncodedFormParameterEncoder: ParameterEncoder {
+	static var `default`: URLEncodedFormParameterEncoder { URLEncodedFormParameterEncoder() }
+}
+
+protocol RequestInterceptor {
+}
+
+class Request {
+}
+
+class DataRequest: Request {
+}
+
+final class DataStreamRequest: Request {
+}
+
+class DownloadRequest: Request {
+	struct Options: OptionSet {
+		let rawValue: Int
+
+		init(rawValue: Int) {
+			self.rawValue = rawValue
+		}
+	}
+
+	typealias Destination =
+		(_ temporaryURL: URL, _ response: HTTPURLResponse) ->
+		(destinationURL: URL, options: Options)
+}
+
+class Session {
+	static let `default` = Session()
+
+	typealias RequestModifier = (inout URLRequest) throws -> Void
+
+	func request(
+		_ convertible: URLConvertible,
+		method: HTTPMethod = .get,
+		parameters: Parameters? = nil,
+		encoding: ParameterEncoding = URLEncoding.default,
+		headers: HTTPHeaders? = nil,
+		interceptor: RequestInterceptor? = nil,
+		requestModifier: RequestModifier? = nil) -> DataRequest {
+			return DataRequest()
+	}
+
+	func request<Parameters: Encodable>(
+		_ convertible: URLConvertible,
+		method: HTTPMethod = .get,
+		parameters: Parameters? = nil,
+		encoder: ParameterEncoder = URLEncodedFormParameterEncoder.default,
+		headers: HTTPHeaders? = nil,
+		interceptor: RequestInterceptor? = nil,
+		requestModifier: RequestModifier? = nil) -> DataRequest {
+			return DataRequest()
+	}
+
+	func streamRequest(
+		_ convertible: URLConvertible,
+		method: HTTPMethod = .get,
+		headers: HTTPHeaders? = nil,
+		automaticallyCancelOnStreamError: Bool = false,
+		interceptor: RequestInterceptor? = nil,
+		requestModifier: RequestModifier? = nil) -> DataStreamRequest {
+			return DataStreamRequest()
+	}
+
+	func download(
+		_ convertible: URLConvertible,
+		method: HTTPMethod = .get,
+		parameters: Parameters? = nil,
+		encoding: ParameterEncoding = URLEncoding.default,
+		headers: HTTPHeaders? = nil,
+		interceptor: RequestInterceptor? = nil,
+		requestModifier: RequestModifier? = nil,
+		to destination: DownloadRequest.Destination? = nil) -> DownloadRequest {
+			return DownloadRequest()
+	}
+
+	// (there are many more variants of `request`, `streamRequest` and `download`)
+}
+
+let AF = Session.default
+
+// --- tests ---
+
+struct MyEncodable: Encodable {
+	let value: String
+}
+
+func test1(username: String, password: String, email: String, harmless: String) {
+	// sensitive data in URL
+
+	AF.request("http://example.com/login?p=" + password) // BAD
+	AF.request("http://example.com/login?h=" + harmless) // GOOD (not sensitive)
+	AF.streamRequest("http://example.com/login?p=" + password) // BAD
+	AF.streamRequest("http://example.com/login?h=" + harmless) // GOOD (not sensitive)
+	AF.download("http://example.com/" + email + ".html") // BAD
+	AF.download("http://example.com/" + harmless + ".html") // GOOD (not sensitive)
+
+	// sensitive data in parameters
+
+	let params1 = ["value": email]
+	let params2 = ["value": harmless]
+
+	AF.request("http://example.com/", parameters: params1) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", parameters: params2) // GOOD (not sensitive)
+	AF.request("http://example.com/", parameters: params1, encoding: URLEncoding.default) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", parameters: params2, encoding: URLEncoding.default) // GOOD (not sensitive)
+	AF.request("http://example.com/", parameters: params1, encoder: URLEncodedFormParameterEncoder.default) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", parameters: params2, encoder: URLEncodedFormParameterEncoder.default) // GOOD (not sensitive)
+	AF.download("http://example.com/", parameters: params1) // BAD [NOT DETECTED]
+	AF.download("http://example.com/", parameters: params2) // GOOD (not sensitive)
+
+	let params3 = ["values": ["...", email, "..."]]
+	let params4 = ["values": ["...", harmless, "..."]]
+
+	AF.request("http://example.com/", method:.post, parameters: params3) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", method:.post, parameters: params4) // GOOD (not sensitive)
+
+	let params5 = MyEncodable(value: email)
+	let params6 = MyEncodable(value: harmless)
+
+	AF.request("http://example.com/", parameters: params5) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", parameters: params6) // GOOD (not sensitive)
+
+	// request headers
+	//  - in real usage a password here would normally be base64 encoded for transmission
+	//  - the risk is greatly reduced (but not eliminated) if HTTPS is used
+
+	let headers1: HTTPHeaders = ["Authorization": username + ":" + password]
+	let headers2: HTTPHeaders = ["Value": harmless]
+
+	AF.request("http://example.com/", headers: headers1) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", headers: headers2) // GOOD (not sensitive)
+	AF.streamRequest("http://example.com/", headers: headers1) // BAD [NOT DETECTED]
+	AF.streamRequest("http://example.com/", headers: headers2) // GOOD (not sensitive)
+
+	let headers3 = HTTPHeaders(["Authorization": username + ":" + password])
+	let headers4 = HTTPHeaders(["Value": harmless])
+
+	AF.request("http://example.com/", headers: headers3) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", headers: headers4) // GOOD (not sensitive)
+	AF.download("http://example.com/", headers: headers1) // BAD [NOT DETECTED]
+	AF.download("http://example.com/", headers: headers2) // GOOD (not sensitive)
+
+	var headers5 = HTTPHeaders([:])
+	var headers6 = HTTPHeaders([:])
+	headers5.add(name: "Authorization", value: username + ":" + password)
+	headers6.add(name: "Data", value: harmless)
+
+	AF.request("http://example.com/", headers: headers5) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", headers: headers6) // GOOD (not sensitive)
+
+	var headers7 = HTTPHeaders([:])
+	var headers8 = HTTPHeaders([:])
+	headers7.update(name: "Authorization", value: username + ":" + password)
+	headers8.update(name: "Data", value: harmless)
+
+	AF.request("http://example.com/", headers: headers7) // BAD [NOT DETECTED]
+	AF.request("http://example.com/", headers: headers8) // GOOD (not sensitive)
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift
index 506b3a921e3..aaf2e3487f2 100644
--- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift
+++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift
@@ -34,7 +34,7 @@ func test1(passwordPlain : String, passwordHash : String) {
 	let data3 = Data(passwordHash)
 
 	nw.send(content: data1, completion: .idempotent) // GOOD (not sensitive)
-	nw.send(content: data2, completion: .idempotent) // BAD [NOT DETECTED]
+	nw.send(content: data2, completion: .idempotent) // BAD
 	nw.send(content: data3, completion: .idempotent) // GOOD (not sensitive)
 }
 
diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql b/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql
new file mode 100644
index 00000000000..757e45a102b
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql
@@ -0,0 +1,27 @@
+import swift
+import codeql.swift.dataflow.FlowSources
+import codeql.swift.security.XXEQuery
+import TestUtilities.InlineExpectationsTest
+
+class TestRemoteSource extends RemoteFlowSource {
+  TestRemoteSource() { this.asExpr().(ApplyExpr).getStaticTarget().getName().matches("source%") }
+
+  override string getSourceType() { result = "Test source" }
+}
+
+class XxeTest extends InlineExpectationsTest {
+  XxeTest() { this = "XxeTest" }
+
+  override string getARelevantTag() { result = "hasXXE" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(XxeConfiguration config, DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr |
+      config.hasFlow(source, sink) and
+      sinkExpr = sink.asExpr() and
+      location = sinkExpr.getLocation() and
+      element = sinkExpr.toString() and
+      tag = "hasXXE" and
+      value = source.asExpr().getLocation().getStartLine().toString()
+    )
+  }
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift
new file mode 100644
index 00000000000..9f337030158
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift
@@ -0,0 +1,148 @@
+// --- stubs ---
+
+class Data {
+    init<S>(_ elements: S) {}
+}
+
+struct URL {
+	init?(string: String) {}
+}
+
+extension String {
+    struct Encoding: Hashable {
+        let rawValue: UInt
+        static let utf8 = String.Encoding(rawValue: 1)
+    }
+
+	init(contentsOf: URL) {
+        let data = ""
+        self.init(data)
+    }
+}
+
+class AEXMLElement {}
+
+struct AEXMLOptions {
+    var parserSettings = ParserSettings()
+
+    struct ParserSettings {
+        public var shouldResolveExternalEntities = false
+    }
+}
+
+class AEXMLDocument {
+    init(root: AEXMLElement? = nil, options: AEXMLOptions) {}
+    init(xml: Data, options: AEXMLOptions = AEXMLOptions()) {}
+    init(xml: String, encoding: String.Encoding, options: AEXMLOptions) {}
+    func loadXML(_: Data) {}
+}
+
+class AEXMLParser {
+    init(document: AEXMLDocument, data: Data) {}
+}
+
+// --- tests ---
+
+func testString() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = true
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // $ hasXXE=50
+}
+
+func testStringSafeImplicit() {
+    var options = AEXMLOptions()
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // NO XXE
+}
+
+func testStringSafeExplicit() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = false
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // NO XXE
+}
+
+func testData() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = true
+    let _ = AEXMLDocument(xml: remoteData, options: options) // $ hasXXE=70
+}
+
+func testDataSafeImplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    var options = AEXMLOptions()
+    let _ = AEXMLDocument(xml: remoteData, options: options) // NO XXE
+}
+
+func testDataSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = false
+    let _ = AEXMLDocument(xml: remoteData, options: options) // NO XXE
+}
+
+func testDataLoadXml() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = true
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    doc.loadXML(remoteData) // $ hasXXE=97
+}
+
+func testDataLoadXmlSafeImplicit() {
+    var options = AEXMLOptions()
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    doc.loadXML(remoteData) // NO XXE
+}
+
+func testDataLoadXmlSafeExplicit() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = false
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    doc.loadXML(remoteData) // NO XXE
+}
+
+func testParser() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = true
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = AEXMLParser(document: doc, data: remoteData) // $ hasXXE=126
+}
+
+func testParserSafeImplicit() {
+    var options = AEXMLOptions()
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = AEXMLParser(document: doc, data: remoteData) // NO XXE
+}
+
+func testParserSafeExplicit() {
+    var options = AEXMLOptions()
+    options.parserSettings.shouldResolveExternalEntities = false
+    let doc = AEXMLDocument(root: nil, options: options)
+
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = AEXMLParser(document: doc, data: remoteData) // NO XXE
+}
\ No newline at end of file
diff --git a/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift
new file mode 100644
index 00000000000..b0e580c42a0
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift
@@ -0,0 +1,96 @@
+// --- stubs ---
+
+class Data {
+    init<S>(_ elements: S) {}
+    func copyBytes(to: UnsafeMutablePointer<UInt8>, count: Int) {}
+}
+
+struct URL {
+	init?(string: String) {}
+}
+
+extension String {
+	init(contentsOf: URL) {
+        let data = ""
+        self.init(data)
+    }
+}
+
+struct xmlParserOption : Hashable {
+    let rawValue: UInt32 = 0
+}
+
+var XML_PARSE_NOENT: xmlParserOption { get { return xmlParserOption() } } 
+var XML_PARSE_DTDLOAD: xmlParserOption { get { return xmlParserOption() } } 
+
+typealias xmlChar = UInt8
+typealias xmlDocPtr = UnsafeMutablePointer<xmlDoc>
+typealias xmlNodePtr = UnsafeMutablePointer<xmlNode>
+typealias xmlParserCtxtPtr = UnsafeMutablePointer<xmlParserCtxt>
+struct xmlDoc {}
+struct xmlNode {}
+struct xmlParserCtxt {}
+struct xmlParserErrors {}
+struct xmlInputReadCallback {}
+struct xmlInputCloseCallback {}
+
+func xmlCtxtUseOptions(_ ctxt: xmlParserCtxtPtr!, _ options: Int32) -> Int32 { return 0 }
+func xmlReadDoc(_ cur: UnsafePointer<xmlChar>!, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlReadFile(_ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlReadMemory(_ buffer: UnsafePointer<CChar>!, _ size: Int32, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlReadFd(_ fd: Int32, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlReadIO(_ ioread: xmlInputReadCallback!, _ ioclose: xmlInputCloseCallback!, _ ioctx: UnsafeMutableRawPointer!, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlCtxtReadDoc(_ ctxt: xmlParserCtxtPtr!, _ cur: UnsafePointer<xmlChar>!, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlCtxtReadFile(_ ctxt: xmlParserCtxtPtr!, _ filename: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlParseInNodeContext(_ node: xmlNodePtr!, _ data: UnsafePointer<CChar>!, _ datalen: Int32, _ options: Int32, _ lst: UnsafeMutablePointer<xmlNodePtr?>!) -> xmlParserErrors { return xmlParserErrors() }
+func xmlCtxtReadMemory(_ ctxt: xmlParserCtxtPtr!, _ buffer: UnsafePointer<CChar>!, _ size: Int32, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlCtxtReadFd(_ ctxt: xmlParserCtxtPtr!, _ fd: Int32, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+func xmlCtxtReadIO(_ ctxt: xmlParserCtxtPtr!, _ ioread: xmlInputReadCallback!, _ ioclose: xmlInputCloseCallback!, _ ioctx: UnsafeMutableRawPointer!, _ URL: UnsafePointer<CChar>!, _ encoding: UnsafePointer<CChar>!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) }
+
+// --- tests ---
+
+func sourcePtr() -> UnsafeMutablePointer<UInt8> { return UnsafeMutablePointer<UInt8>.allocate(capacity: 0) }
+func sourceCharPtr() -> UnsafeMutablePointer<CChar> { return UnsafeMutablePointer<CChar>.allocate(capacity: 0) }
+
+func test() {
+    let remotePtr = sourcePtr()
+    let remoteCharPtr = sourceCharPtr()
+    let _ = xmlReadFile(remoteCharPtr, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57
+    let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
+    let _ = xmlReadDoc(remotePtr, nil, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=56
+    let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=56
+    let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57
+    let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
+    let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, 0, nil) // NO XXE: external entities not enabled
+    let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_DTDLOAD.rawValue), nil) // $ hasXXE=57
+    let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_NOENT.rawValue), nil) // $ hasXXE=57
+    let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=56
+    let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=56
+    let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57
+    let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
+    let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, 0) // NO XXE: external entities not enabled
+    let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57
+    let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
+    // TODO: We would need to model taint around `xmlParserCtxtPtr`, file descriptors, and `xmlInputReadCallback`
+    // to be able to alert on these methods. Not doing it for now because of the effort required vs the expected gain.
+    let _ = xmlCtxtUseOptions(nil, 0)
+    let _ = xmlCtxtUseOptions(nil, Int32(XML_PARSE_NOENT.rawValue))
+    let _ = xmlCtxtUseOptions(nil, Int32(XML_PARSE_DTDLOAD.rawValue))
+    let _ = xmlReadFd(0, nil, nil, 0)
+    let _ = xmlReadFd(0, nil, nil, Int32(XML_PARSE_NOENT.rawValue))
+    let _ = xmlReadFd(0, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue))
+    let _ = xmlCtxtReadFd(nil, 0, nil, nil, 0)
+    let _ = xmlCtxtReadFd(nil, 0, nil, nil, Int32(XML_PARSE_NOENT.rawValue))
+    let _ = xmlCtxtReadFd(nil, 0, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue))
+    let _ = xmlReadIO(nil, nil, nil, nil, nil, 0)
+    let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue))
+    let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue))
+    let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, 0)
+    let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue))
+    let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue))
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift
new file mode 100644
index 00000000000..07180301e72
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift
@@ -0,0 +1,86 @@
+// --- stubs ---
+
+class Data {
+    init<S>(_ elements: S) {}
+}
+
+struct URL {
+	init?(string: String) {}
+}
+
+extension String {
+	init(contentsOf: URL) {
+        let data = ""
+        self.init(data)
+    }
+}
+
+class XMLNode {
+    struct Options : OptionSet {
+        let rawValue: Int
+        static let nodeLoadExternalEntitiesAlways = XMLNode.Options(rawValue: 1 << 0)
+        static let nodeLoadExternalEntitiesNever = XMLNode.Options(rawValue: 1 << 1)
+    }
+}
+
+class XMLElement {}
+
+class XMLDocument {
+    init(contentsOf: URL, options: XMLNode.Options = []) {}
+    init(data: Data, options: XMLNode.Options = []) {}
+    init(rootElement: XMLElement?) {}
+    init(xmlString: String, options: XMLNode.Options = []) {}
+}
+
+// --- tests ---
+
+func testUrl() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+     let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=38
+}
+
+func testUrlSafeImplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+    let _ = XMLDocument(contentsOf: remoteUrl, options: []) // NO XXE: document doesn't enable external entities
+}
+
+func testUrlSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+    let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesNever]) // NO XXE: document disables external entities
+}
+
+func testData() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=56
+}
+
+func testDataSafeImplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = XMLDocument(data: remoteData, options: []) // NO XXE: document doesn't enable external entities
+}
+
+func testDataSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesNever]) // NO XXE: document disables external entities
+}
+
+func testString() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=74
+}
+
+func testStringSafeImplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = XMLDocument(xmlString: remoteString, options: []) // NO XXE: document doesn't enable external entities
+}
+
+func testStringSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesNever]) // NO XXE: document disables external entities
+}
diff --git a/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift
new file mode 100644
index 00000000000..75538f014f9
--- /dev/null
+++ b/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift
@@ -0,0 +1,92 @@
+// --- stubs ---
+
+class Data {
+    init<S>(_ elements: S) {}
+}
+
+struct URL {
+	init?(string: String) {}
+}
+
+class InputStream {
+    init(data: Data) {}
+}
+
+extension String {
+	init(contentsOf: URL) {
+        let data = ""
+        self.init(data)
+    }
+}
+
+class XMLParser {
+    var shouldResolveExternalEntities: Bool { get { return false } set {} }
+    init?(contentsOf: URL) {}
+    init(data: Data) {}
+    init(stream: InputStream) {}
+}
+
+// --- tests ---
+
+func testData() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let parser = XMLParser(data: remoteData) // $ hasXXE=32
+    parser.shouldResolveExternalEntities = true
+}
+
+func testInputStream() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let remoteStream = InputStream(data: remoteData)
+    let parser = XMLParser(stream: remoteStream) // $ hasXXE=39
+    parser.shouldResolveExternalEntities = true
+}
+
+func testUrl() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+    let parser = XMLParser(contentsOf: remoteUrl) // $ hasXXE=47
+    parser?.shouldResolveExternalEntities = true
+}
+
+func testDataSafe() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let _ = XMLParser(data: remoteData) // NO XXE: parser doesn't enable external entities
+}
+
+func testDataSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let parser = XMLParser(data: remoteData) // NO XXE: parser disables external entities
+    parser.shouldResolveExternalEntities = false
+}
+
+func testInputStreamSafe() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let remoteStream = InputStream(data: remoteData)
+    let _ = XMLParser(stream: remoteStream) // NO XXE: parser doesn't enable external entities
+}
+
+func testInputStreamSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteData = Data(remoteString)
+    let remoteStream = InputStream(data: remoteData)
+    let parser = XMLParser(stream: remoteStream) // NO XXE: parser disables external entities
+    parser.shouldResolveExternalEntities = false
+}
+
+func testUrlSafe() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+     let remoteUrl = URL(string: remoteString)!
+     let _ = XMLParser(contentsOf: remoteUrl) // NO XXE: parser doesn't enable external entities
+}
+
+func testUrlSafeExplicit() {
+    let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
+    let remoteUrl = URL(string: remoteString)!
+    let parser = XMLParser(contentsOf: remoteUrl) // NO XXE: parser disables external entities
+    parser?.shouldResolveExternalEntities = false
+}
\ No newline at end of file
diff --git a/swift/rules.bzl b/swift/rules.bzl
index 29a1a704f02..ba9e4b0e8bf 100644
--- a/swift/rules.bzl
+++ b/swift/rules.bzl
@@ -5,11 +5,7 @@ def _wrap_cc(rule, kwargs):
     _add_args(kwargs, "copts", [
         # Required by LLVM/Swift
         "-fno-rtti",
-    ] + select({
-        # temporary, before we do universal merging and have an arm prebuilt package, we make arm build x86
-        "@platforms//os:macos": ["-arch=x86_64"],
-        "//conditions:default": [],
-    }))
+    ])
     _add_args(kwargs, "features", [
         # temporary, before we do universal merging
         "-universal_binaries",
diff --git a/swift/schema.py b/swift/schema.py
index 97c8cd143e9..7654f9e2ec8 100644
--- a/swift/schema.py
+++ b/swift/schema.py
@@ -33,11 +33,13 @@ class Locatable(Element):
     location: optional[Location] | cpp.skip | doc("location associated with this element in the code")
 
 @qltest.collapse_hierarchy
-class UnresolvedElement(Locatable):
+@qltest.skip
+class ErrorElement(Locatable):
+    """The superclass of all elements indicating some kind of error."""
     pass
 
 @use_for_null
-class UnspecifiedElement(Locatable):
+class UnspecifiedElement(ErrorElement):
     parent: optional[Element]
     property: string
     index: optional[int]
@@ -146,9 +148,33 @@ class VarDecl(AbstractStorageDecl):
     attached_property_wrapper_type: optional[Type]
     parent_pattern: optional[Pattern]
     parent_initializer: optional[Expr]
+    property_wrapper_backing_var_binding: optional[PatternBindingDecl] | child | desc("""
+        This is the synthesized binding introducing the property wrapper backing variable for this
+        variable, if any.
+    """)
+    property_wrapper_backing_var: optional["VarDecl"] | child | desc("""
+        This is the synthesized variable holding the property wrapper for this variable, if any.
+    """)
+    property_wrapper_projection_var_binding: optional[PatternBindingDecl] | child | desc("""
+        This is the synthesized binding introducing the property wrapper projection variable for this
+        variable, if any.
+    """)
+    property_wrapper_projection_var: optional["VarDecl"] | child | desc("""
+        If this variable has a property wrapper with a projected value, this is the corresponding
+        synthesized variable holding that projected value, accessible with this variable's name
+        prefixed with `$`.
+    """)
 
 class ParamDecl(VarDecl):
     is_inout: predicate | doc("this is an `inout` parameter")
+    property_wrapper_local_wrapped_var_binding: optional[PatternBindingDecl] | child | desc("""
+        This is the synthesized binding introducing the property wrapper local wrapped projection
+        variable for this variable, if any.
+    """)
+    property_wrapper_local_wrapped_var: optional["VarDecl"] | child | desc("""
+        This is the synthesized local wrapped value, shadowing this parameter declaration in case it
+        has a property wrapper.
+    """)
 
 class Callable(Element):
     self_param: optional[ParamDecl] | child
@@ -206,6 +232,10 @@ class AccessorDecl(FuncDecl):
     is_setter: predicate | doc('this accessor is a setter')
     is_will_set: predicate | doc('this accessor is a `willSet`, called before the property is set')
     is_did_set: predicate | doc('this accessor is a `didSet`, called after the property is set')
+    is_read: predicate | doc('this accessor is a `_read` coroutine, yielding a borrowed value of the property')
+    is_modify: predicate | doc('this accessor is a `_modify` coroutine, yielding an inout value of the property')
+    is_unsafe_address: predicate | doc('this accessor is an `unsafeAddress` immutable addressor')
+    is_unsafe_mutable_address: predicate | doc('this accessor is an `unsafeMutableAddress` mutable addressor')
 
 class AssociatedTypeDecl(AbstractTypeParamDecl):
     pass
@@ -296,6 +326,7 @@ class DeclRefExpr(Expr):
     has_direct_to_storage_semantics: predicate
     has_direct_to_implementation_semantics: predicate
     has_ordinary_semantics: predicate
+    has_distributed_thunk_semantics: predicate
 
 class DefaultArgumentExpr(Expr):
     param_decl: ParamDecl
@@ -317,7 +348,7 @@ class EnumIsCaseExpr(Expr):
     element: EnumElementDecl
 
 @qltest.skip
-class ErrorExpr(Expr):
+class ErrorExpr(Expr, ErrorElement):
     pass
 
 class ExplicitCastExpr(Expr):
@@ -423,21 +454,16 @@ class TupleExpr(Expr):
 
 class TypeExpr(Expr):
     type_repr: optional["TypeRepr"] | child
-
-class UnresolvedDeclRefExpr(Expr, UnresolvedElement):
+class UnresolvedDeclRefExpr(Expr, ErrorElement):
     name: optional[string]
-
-class UnresolvedDotExpr(Expr, UnresolvedElement):
+class UnresolvedDotExpr(Expr, ErrorElement):
     base: Expr | child
     name: string
-
-class UnresolvedMemberExpr(Expr, UnresolvedElement):
+class UnresolvedMemberExpr(Expr, ErrorElement):
     name: string
-
-class UnresolvedPatternExpr(Expr, UnresolvedElement):
+class UnresolvedPatternExpr(Expr, ErrorElement):
     sub_pattern: Pattern | child
-
-class UnresolvedSpecializeExpr(Expr, UnresolvedElement):
+class UnresolvedSpecializeExpr(Expr, ErrorElement):
     sub_expr: Expr | child
 
 class VarargExpansionExpr(Expr):
@@ -568,6 +594,7 @@ class MemberRefExpr(LookupExpr):
     has_direct_to_storage_semantics: predicate
     has_direct_to_implementation_semantics: predicate
     has_ordinary_semantics: predicate
+    has_distributed_thunk_semantics: predicate
 
 class MetatypeConversionExpr(ImplicitConversionExpr):
     pass
@@ -585,7 +612,7 @@ class ObjectLiteralExpr(LiteralExpr):
 class OptionalTryExpr(AnyTryExpr):
     pass
 
-class OverloadedDeclRefExpr(Expr):
+class OverloadedDeclRefExpr(Expr, ErrorElement):
     """
     An ambiguous expression that might refer to multiple declarations. This will be present only
     for failing compilations.
@@ -621,6 +648,7 @@ class SubscriptExpr(LookupExpr):
     has_direct_to_storage_semantics: predicate
     has_direct_to_implementation_semantics: predicate
     has_ordinary_semantics: predicate
+    has_distributed_thunk_semantics: predicate
 
 class TryExpr(AnyTryExpr):
     pass
@@ -630,13 +658,10 @@ class UnderlyingToOpaqueExpr(ImplicitConversionExpr):
 
 class UnevaluatedInstanceExpr(ImplicitConversionExpr):
     pass
-
-class UnresolvedMemberChainResultExpr(IdentityExpr, UnresolvedElement):
+class UnresolvedMemberChainResultExpr(IdentityExpr, ErrorElement):
     pass
-
-class UnresolvedTypeConversionExpr(ImplicitConversionExpr, UnresolvedElement):
+class UnresolvedTypeConversionExpr(ImplicitConversionExpr, ErrorElement):
     pass
-
 class BooleanLiteralExpr(BuiltinLiteralExpr):
     value: boolean
 
@@ -836,8 +861,7 @@ class DependentMemberType(Type):
 
 class DynamicSelfType(Type):
     static_self_type: Type
-
-class ErrorType(Type):
+class ErrorType(Type, ErrorElement):
     pass
 
 class ExistentialType(Type):
@@ -867,13 +891,8 @@ class SugarType(Type):
 class TupleType(Type):
     types: list[Type]
     names: list[optional[string]]
-
-class TypeVariableType(Type):
+class UnresolvedType(Type, ErrorElement):
     pass
-
-class UnresolvedType(Type, UnresolvedElement):
-    pass
-
 class AnyBuiltinIntegerType(BuiltinType):
     pass
 
@@ -980,10 +999,6 @@ class OpenedArchetypeType(ArchetypeType):
 
 class PrimaryArchetypeType(ArchetypeType):
     pass
-
-class SequenceArchetypeType(ArchetypeType):
-    pass
-
 class UnarySyntaxSugarType(SyntaxSugarType):
     base_type: Type
 
@@ -1018,4 +1033,13 @@ class VariadicSequenceType(UnarySyntaxSugarType):
     pass
 
 class ParameterizedProtocolType(Type):
+    """
+    A sugar type of the form `P<X>` with `P` a protocol.
+
+    If `P` has primary associated type `A`, then `T: P<X>` is a shortcut for `T: P where T.A == X`.
+    """
+    base: ProtocolType
+    args: list[Type]
+
+class AbiSafeConversionExpr(ImplicitConversionExpr):
     pass
diff --git a/swift/third_party/swift-llvm-support/BUILD.swift-prebuilt.bazel b/swift/third_party/swift-llvm-support/BUILD.swift-prebuilt.bazel
index 0d1571e35d1..58796aaaacb 100644
--- a/swift/third_party/swift-llvm-support/BUILD.swift-prebuilt.bazel
+++ b/swift/third_party/swift-llvm-support/BUILD.swift-prebuilt.bazel
@@ -7,9 +7,15 @@ cc_library(
     ] + select({
         "@platforms//os:linux": [
             "libCodeQLSwiftFrontendTool.so",
+            "libswiftCore.so",
         ],
         "@platforms//os:macos": [
             "libCodeQLSwiftFrontendTool.dylib",
+            "libswiftCore.dylib",
+            "libswiftCompatibility50.a",
+            "libswiftCompatibility51.a",
+            "libswiftCompatibilityConcurrency.a",
+            "libswiftCompatibilityDynamicReplacements.a",
         ],
     }),
     hdrs = glob(["include/**/*", "stdlib/**/*" ]),
@@ -23,6 +29,9 @@ cc_library(
             "-lpthread",
             "-ldl",
         ],
+        "@platforms//os:macos": [
+            "-L/usr/lib/swift",
+        ],
         "//conditions:default": [],
     }),
     includes = [ "include" ],
diff --git a/swift/third_party/swift-llvm-support/patches/remove_getFallthrougDest_assert.patch b/swift/third_party/swift-llvm-support/patches/remove_getFallthrougDest_assert.patch
deleted file mode 100644
index c16942a807c..00000000000
--- a/swift/third_party/swift-llvm-support/patches/remove_getFallthrougDest_assert.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -ru a/include/swift/AST/Stmt.h b/include/swift/AST/Stmt.h
---- a/include/swift/AST/Stmt.h	2022-09-21 12:56:54.000000000 +0200
-+++ b/include/swift/AST/Stmt.h	2022-11-04 14:39:18.407971007 +0100
-@@ -920,7 +920,6 @@
-   /// Get the CaseStmt block to which the fallthrough transfers control.
-   /// Set during Sema.
-   CaseStmt *getFallthroughDest() const {
--    assert(FallthroughDest && "fallthrough dest is not set until Sema");
-     return FallthroughDest;
-   }
-   void setFallthroughDest(CaseStmt *C) {
diff --git a/swift/tools/qltest.sh b/swift/tools/qltest.sh
index 84b26c47153..0f86fc68cdf 100755
--- a/swift/tools/qltest.sh
+++ b/swift/tools/qltest.sh
@@ -4,8 +4,6 @@ mkdir -p "$CODEQL_EXTRACTOR_SWIFT_TRAP_DIR"
 
 QLTEST_LOG="$CODEQL_EXTRACTOR_SWIFT_LOG_DIR"/qltest.log
 
-export LD_LIBRARY_PATH="$CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM"
-
 EXTRACTOR="$CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor"
 SDK="$CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk"